- fixed some BAD bugs

- clean localhost-testcases for bad_dh, shared and rsa

11 files changed, 77 insertions, 49 deletions

diff --git a/Source/charon/config/configuration_manager.c b/Source/charon/config/configuration_manager.c
index 6239a4450..f2c726da5 100644
--- a/Source/charon/config/configuration_manager.c
+++ b/Source/charon/config/configuration_manager.c
@@ -274,15 +274,16 @@ u_int8_t private_key_2[];
  */
 static void load_default_config (private_configuration_manager_t *this)
 {
-	init_config_t *init_config1, *init_config2, *init_config3;
-	ike_proposal_t proposals[2];
+	init_config_t *init_config1, *init_config2, *init_config3, *init_config4;
+	ike_proposal_t proposals[4];
 	child_proposal_t child_proposals[1];
-	sa_config_t *sa_config1, *sa_config2, *sa_config3;
+	sa_config_t *sa_config1, *sa_config2, *sa_config3, *sa_config4;
 	traffic_selector_t *ts;
 	
 	init_config1 = init_config_create("0.0.0.0","152.96.193.131",IKEV2_UDP_PORT,IKEV2_UDP_PORT);
 	init_config2 = init_config_create("0.0.0.0","152.96.193.130",IKEV2_UDP_PORT,IKEV2_UDP_PORT);
 	init_config3 = init_config_create("0.0.0.0","127.0.0.1",IKEV2_UDP_PORT,IKEV2_UDP_PORT);
+	init_config4 = init_config_create("0.0.0.0","127.0.0.1",IKEV2_UDP_PORT,IKEV2_UDP_PORT);
 	ts = traffic_selector_create_from_string(1, TS_IPV4_ADDR_RANGE, "0.0.0.0", 0, "255.255.255.255", 65535);
 	
 
@@ -299,7 +300,13 @@ static void load_default_config (private_configuration_manager_t *this)
 	proposals[1].integrity_algorithm_key_length = 20;
 	proposals[1].pseudo_random_function = PRF_HMAC_SHA1;
 	proposals[1].pseudo_random_function_key_length = 20;
-	proposals[1].diffie_hellman_group = MODP_1024_BIT;
+	proposals[1].diffie_hellman_group = MODP_2048_BIT;
+	
+	
+	proposals[2] = proposals[1];
+	proposals[2].diffie_hellman_group = MODP_4096_BIT;
+	proposals[3] = proposals[1];
+	proposals[3].diffie_hellman_group = MODP_2048_BIT;
 
 	init_config1->add_proposal(init_config1,1,proposals[1]);
 	init_config1->add_proposal(init_config1,1,proposals[0]);
@@ -307,7 +314,8 @@ static void load_default_config (private_configuration_manager_t *this)
 	init_config2->add_proposal(init_config2,1,proposals[0]);
 	init_config3->add_proposal(init_config3,1,proposals[1]);
 	init_config3->add_proposal(init_config3,1,proposals[0]);
-
+	init_config4->add_proposal(init_config4,1,proposals[3]);
+	init_config4->add_proposal(init_config4,1,proposals[2]);
 	
 	sa_config1 = sa_config_create(ID_IPV4_ADDR, "152.96.193.130", 
 								  ID_IPV4_ADDR, "152.96.193.131",
@@ -324,14 +332,22 @@ static void load_default_config (private_configuration_manager_t *this)
 
 	sa_config2->add_traffic_selector_initiator(sa_config2,ts);
 	sa_config2->add_traffic_selector_responder(sa_config2,ts);
-
+								  
 	sa_config3 = sa_config_create(ID_IPV4_ADDR, "127.0.0.1", 
 								  ID_IPV4_ADDR, "127.0.0.1",
-								  RSA_DIGITAL_SIGNATURE,
+								  SHARED_KEY_MESSAGE_INTEGRITY_CODE,
 								  30000);
 
 	sa_config3->add_traffic_selector_initiator(sa_config3,ts);
 	sa_config3->add_traffic_selector_responder(sa_config3,ts);
+								  
+	sa_config4 = sa_config_create(ID_IPV4_ADDR, "127.0.0.1", 
+								  ID_IPV4_ADDR, "127.0.0.1",
+								  RSA_DIGITAL_SIGNATURE,
+								  30000);
+
+	sa_config4->add_traffic_selector_initiator(sa_config4,ts);
+	sa_config4->add_traffic_selector_responder(sa_config4,ts);
 	
 	ts->destroy(ts);
 	
@@ -360,10 +376,13 @@ static void load_default_config (private_configuration_manager_t *this)
 
 	this->add_new_configuration(this,"pinflb31",init_config1,sa_config1);
 	this->add_new_configuration(this,"pinflb30",init_config2,sa_config2);
-	this->add_new_configuration(this,"localhost",init_config3,sa_config3);
+	this->add_new_configuration(this,"localhost-shared",init_config3,sa_config3);
+	this->add_new_configuration(this,"localhost-rsa",init_config3,sa_config4);
+	this->add_new_configuration(this,"localhost-bad_dh_group",init_config4, sa_config3);
+	
 
 	this->add_new_preshared_secret(this,ID_IPV4_ADDR, "152.96.193.130","verschluesselt");
-	this->add_new_preshared_secret(this,ID_IPV4_ADDR, "152.96.193.131","scheisen");
+	this->add_new_preshared_secret(this,ID_IPV4_ADDR, "152.96.193.131","verschluesselt");
 	this->add_new_preshared_secret(this,ID_IPV4_ADDR, "127.0.0.1","verschluesselt");
 	
 	this->add_new_rsa_public_key(this,ID_IPV4_ADDR, "127.0.0.1", public_key_1, 256);
@@ -598,7 +617,7 @@ static void add_new_configuration (private_configuration_manager_t *this, char *
 		this->sa_configs->insert_first(this->sa_configs,sa_config);
 	}
 
-	this->configurations->insert_first(this->configurations,configuration_entry_create(name,init_config,sa_config));
+	this->configurations->insert_last(this->configurations,configuration_entry_create(name,init_config,sa_config));
 }
 
 /**
diff --git a/Source/charon/daemon.c b/Source/charon/daemon.c
index 6623d57ea..4f109f7e3 100644
--- a/Source/charon/daemon.c
+++ b/Source/charon/daemon.c
@@ -157,14 +157,19 @@ static void kill_daemon(private_daemon_t *this, char *reason)
  * Implementation of private_daemon_t.build_test_jobs.
  */
 static void build_test_jobs(private_daemon_t *this)
-{
-	int i;
-	for(i = 0; i<1; i++)
-	{
-		initiate_ike_sa_job_t *initiate_job;
-		initiate_job = initiate_ike_sa_job_create("pinflb30");
-		this->public.event_queue->add_relative(this->public.event_queue, (job_t*)initiate_job, i * 5000);
-	}
+{	
+	char *config_name;
+	initiate_ike_sa_job_t *initiate_job;
+	
+	config_name = "localhost-rsa";
+	/* config_name = "localhost-shared"; */
+	/* config_name = "localhost-bad_dh_group"; */
+	
+		
+	initiate_job = initiate_ike_sa_job_create(config_name);
+	
+	this->public.event_queue->add_relative(this->public.event_queue, (job_t*)initiate_job, 2000);
+
 }
 
 /**
diff --git a/Source/charon/encoding/payloads/notify_payload.c b/Source/charon/encoding/payloads/notify_payload.c
index 36a9930dc..dccc9d169 100644
--- a/Source/charon/encoding/payloads/notify_payload.c
+++ b/Source/charon/encoding/payloads/notify_payload.c
@@ -395,6 +395,7 @@ notify_payload_t *notify_payload_create()
 	this->notify_message_type = 0;
 	this->spi.ptr = NULL;
 	this->spi.len = 0;
+	this->spi_size = 0;
 	this->notification_data.ptr = NULL;
 	this->notification_data.len = 0;
 
diff --git a/Source/charon/encoding/payloads/sa_payload.c b/Source/charon/encoding/payloads/sa_payload.c
index 0cae8948f..1ef67a2c9 100644
--- a/Source/charon/encoding/payloads/sa_payload.c
+++ b/Source/charon/encoding/payloads/sa_payload.c
@@ -761,6 +761,7 @@ sa_payload_t *sa_payload_create_from_ike_proposals(ike_proposal_t *proposals, si
 		proposal_substructure = proposal_substructure_create();
 		proposal_substructure->set_protocol_id(proposal_substructure,IKE);
 		proposal_substructure->set_proposal_number(proposal_substructure,(i + 1));
+		
 
 		/* create transform substructures to hold each specific transform for an ike proposal */
 		encryption_algorithm = transform_substructure_create_type(ENCRYPTION_ALGORITHM,proposals[i].encryption_algorithm,proposals[i].encryption_algorithm_key_length);
diff --git a/Source/charon/queues/jobs/delete_established_ike_sa_job.c b/Source/charon/queues/jobs/delete_established_ike_sa_job.c
index 809980550..595bdd11b 100644
--- a/Source/charon/queues/jobs/delete_established_ike_sa_job.c
+++ b/Source/charon/queues/jobs/delete_established_ike_sa_job.c
@@ -61,9 +61,8 @@ static ike_sa_id_t *get_ike_sa_id(private_delete_established_ike_sa_job_t *this)
 /**
  * Implementation of job_t.destroy.
  */
-static void destroy(job_t *job)
+static void destroy(private_delete_established_ike_sa_job_t *this)
 {
-	private_delete_established_ike_sa_job_t *this = (private_delete_established_ike_sa_job_t *) job;
 	this->ike_sa_id->destroy(this->ike_sa_id);
 	allocator_free(this);
 }
@@ -79,7 +78,7 @@ delete_established_ike_sa_job_t *delete_established_ike_sa_job_create(ike_sa_id_
 	this->public.job_interface.get_type = (job_type_t (*) (job_t *)) get_type;
 	/* same as destroy */
 	this->public.job_interface.destroy_all = (void (*) (job_t *)) destroy;
-	this->public.job_interface.destroy = destroy;
+	this->public.job_interface.destroy = (void (*)(job_t*)) destroy;
 	
 	/* public functions */
 	this->public.get_ike_sa_id = (ike_sa_id_t * (*)(delete_established_ike_sa_job_t *)) get_ike_sa_id;
diff --git a/Source/charon/queues/jobs/delete_half_open_ike_sa_job.c b/Source/charon/queues/jobs/delete_half_open_ike_sa_job.c
index d37cb98c4..47354d6be 100644
--- a/Source/charon/queues/jobs/delete_half_open_ike_sa_job.c
+++ b/Source/charon/queues/jobs/delete_half_open_ike_sa_job.c
@@ -61,9 +61,8 @@ static ike_sa_id_t *get_ike_sa_id(private_delete_half_open_ike_sa_job_t *this)
 /**
  * Implements job_t.destroy.
  */
-static void destroy(job_t *job)
+static void destroy(private_delete_half_open_ike_sa_job_t *this)
 {
-	private_delete_half_open_ike_sa_job_t *this = (private_delete_half_open_ike_sa_job_t *) job;
 	this->ike_sa_id->destroy(this->ike_sa_id);
 	allocator_free(this);
 }
@@ -79,7 +78,7 @@ delete_half_open_ike_sa_job_t *delete_half_open_ike_sa_job_create(ike_sa_id_t *i
 	this->public.job_interface.get_type = (job_type_t (*) (job_t *)) get_type;
 	/* same as destroy */
 	this->public.job_interface.destroy_all = (void (*) (job_t *)) destroy;
-	this->public.job_interface.destroy = destroy;
+	this->public.job_interface.destroy = (void (*)(job_t *)) destroy;;
 	
 	/* public functions */
 	this->public.get_ike_sa_id = (ike_sa_id_t * (*)(delete_half_open_ike_sa_job_t *)) get_ike_sa_id;
diff --git a/Source/charon/sa/states/ike_auth_requested.c b/Source/charon/sa/states/ike_auth_requested.c
index ddcff4c6a..f2385fe4c 100644
--- a/Source/charon/sa/states/ike_auth_requested.c
+++ b/Source/charon/sa/states/ike_auth_requested.c
@@ -278,14 +278,16 @@ static status_t process_message(private_ike_auth_requested_t *this, message_t *i
 
 	this->ike_sa->set_last_replied_message_id(this->ike_sa,ike_auth_reply->get_message_id(ike_auth_reply));
 	/* create new state */
-	this->ike_sa->set_new_state(this->ike_sa, (state_t*)ike_sa_established_create(this->ike_sa));
-	this->ike_sa->create_delete_established_ike_sa_job(this->ike_sa,this->sa_config->get_ike_sa_lifetime(this->sa_config));
-	this->public.state_interface.destroy(&(this->public.state_interface));
-			
+				
 	my_host = this->ike_sa->get_my_host(this->ike_sa);
 	other_host = this->ike_sa->get_other_host(this->ike_sa);
-	this->logger->log(this->logger, AUDIT, "IKE_SA established between %s - %s", 
-						my_host->get_address(my_host), other_host->get_address(other_host));
+	this->logger->log(this->logger, AUDIT, "IKE_SA established between %s - %s, authenticated peer with %s", 
+						my_host->get_address(my_host), other_host->get_address(other_host),
+						mapping_find(auth_method_m, auth_payload->get_auth_method(auth_payload)));
+						
+	this->ike_sa->create_delete_established_ike_sa_job(this->ike_sa,this->sa_config->get_ike_sa_lifetime(this->sa_config));
+	this->ike_sa->set_new_state(this->ike_sa, (state_t*)ike_sa_established_create(this->ike_sa));
+	this->public.state_interface.destroy(&(this->public.state_interface));
 	return SUCCESS;
 }
 
@@ -336,7 +338,7 @@ static status_t process_sa_payload(private_ike_auth_requested_t *this, sa_payloa
 	if (status != SUCCESS)
 	{
 		/* there are no proposals. This is possible if the requester doesn't want to setup a child sa */
-		this->logger->log(this->logger, CONTROL, "Responders SA_PAYLOAD contained no proposals, no CHILD_SA is built");
+		this->logger->log(this->logger, AUDIT, "IKE_AUH reply did not contain any proposals. Don't create CHILD_SA");
 		return SUCCESS;
 	}
 	if (proposal_count > 1)
diff --git a/Source/charon/sa/states/ike_sa_init_requested.c b/Source/charon/sa/states/ike_sa_init_requested.c
index c24ff5bb6..81b75e780 100644
--- a/Source/charon/sa/states/ike_sa_init_requested.c
+++ b/Source/charon/sa/states/ike_sa_init_requested.c
@@ -651,7 +651,12 @@ static status_t process_notify_payload(private_ike_sa_init_requested_t *this, no
 			new_dh_group_priority = this->dh_group_priority + 1;
 			
 			this->public.state_interface.destroy(&(this->public.state_interface));
-			return (initiator_init_state->retry_initiate_connection (initiator_init_state,new_dh_group_priority));
+			if (initiator_init_state->retry_initiate_connection (initiator_init_state,new_dh_group_priority) != SUCCESS)
+			{
+				return DELETE_ME;
+			}
+			return FAILED;
+
 		}
 		default:
 		{
diff --git a/Source/charon/sa/states/ike_sa_init_responded.c b/Source/charon/sa/states/ike_sa_init_responded.c
index e938de3cc..3d8f9e045 100644
--- a/Source/charon/sa/states/ike_sa_init_responded.c
+++ b/Source/charon/sa/states/ike_sa_init_responded.c
@@ -313,15 +313,15 @@ static status_t process_message(private_ike_sa_init_responded_t *this, message_t
 		return DELETE_ME;
 	}
 	
-	/* create new state */
-	this->ike_sa->set_new_state(this->ike_sa, (state_t*)ike_sa_established_create(this->ike_sa));
+	/* create new state */my_host = this->ike_sa->get_my_host(this->ike_sa);
+	other_host = this->ike_sa->get_other_host(this->ike_sa);
+	this->logger->log(this->logger, AUDIT, "IKE_SA established between %s - %s, authenticated peer with %s", 
+						my_host->get_address(my_host), other_host->get_address(other_host),
+						mapping_find(auth_method_m, auth_request->get_auth_method(auth_request)));
+						
 	this->ike_sa->create_delete_established_ike_sa_job(this->ike_sa,this->sa_config->get_ike_sa_lifetime(this->sa_config));
+	this->ike_sa->set_new_state(this->ike_sa, (state_t*)ike_sa_established_create(this->ike_sa));
 	this->public.state_interface.destroy(&(this->public.state_interface));
-	
-	my_host = this->ike_sa->get_my_host(this->ike_sa);
-	other_host = this->ike_sa->get_other_host(this->ike_sa);
-	this->logger->log(this->logger, AUDIT, "IKE_SA established between %s - %s", 
-						my_host->get_address(my_host), other_host->get_address(other_host));
 
 	return SUCCESS;
 }
@@ -404,6 +404,7 @@ static status_t build_sa_payload(private_ike_sa_init_responded_t *this, sa_paylo
 		{
 			sa_response = sa_payload_create_from_child_proposals(proposal_chosen, 1);
 			response->add_payload(response, (payload_t*)sa_response);
+			allocator_free(proposal_chosen);
 		}
 		else
 		{
@@ -411,22 +412,17 @@ static status_t build_sa_payload(private_ike_sa_init_responded_t *this, sa_paylo
 			this->ike_sa->send_notify(this->ike_sa, IKE_AUTH, NO_PROPOSAL_CHOSEN, CHUNK_INITIALIZER);
 			status = DELETE_ME;	
 		}
+		allocator_free(proposals);
 	}
 	else
 	{
-		this->logger->log(this->logger, AUDIT, "IKE_AUH request did not contain any proposals. Don't create CHILD_SA.");
-/*		this->ike_sa->send_notify(this->ike_sa, IKE_AUTH, NO_PROPOSAL_CHOSEN, CHUNK_INITIALIZER);
-		status = DELETE_ME; */
+		this->logger->log(this->logger, AUDIT, "IKE_AUH request did not contain any proposals. Don't create CHILD_SA");
 		sa_response = sa_payload_create();
 		response->add_payload(response, (payload_t*)sa_response);
 		
 		status = SUCCESS;
 	}
 	
-	
-	allocator_free(proposal_chosen);
-	allocator_free(proposals);
-	
 	return status;
 }
 
diff --git a/Source/charon/sa/states/responder_init.c b/Source/charon/sa/states/responder_init.c
index a54b486e5..5ea4588a1 100644
--- a/Source/charon/sa/states/responder_init.c
+++ b/Source/charon/sa/states/responder_init.c
@@ -557,6 +557,7 @@ responder_init_t *responder_init_create(protected_ike_sa_t *ike_sa)
 	this->sent_nonce = CHUNK_INITIALIZER;
 	this->received_nonce = CHUNK_INITIALIZER;
 	this->dh_group_number = MODP_UNDEFINED;
+	this->diffie_hellman = NULL;
 
 	return &(this->public);
 }
diff --git a/Source/charon/testcases/testcases.c b/Source/charon/testcases/testcases.c
index a06a1333b..5f33d07d4 100644
--- a/Source/charon/testcases/testcases.c
+++ b/Source/charon/testcases/testcases.c
@@ -241,13 +241,13 @@ int main()
 	daemon_create();
  
 	charon->logger_manager->disable_logger_level(charon->logger_manager,TESTER,FULL);
-	//charon->logger_manager->enable_logger_level(charon->logger_manager,TESTER,RAW);
+	/* charon->logger_manager->enable_logger_level(charon->logger_manager,TESTER,RAW); */
 	
 	tester_t *tester = tester_create(test_output, FALSE);
 	
 
-//	tester->perform_tests(tester,all_tests);
-	tester->perform_test(tester,&linked_list_insert_and_remove_test); 
+	tester->perform_tests(tester,all_tests);
+	/* tester->perform_test(tester,&linked_list_insert_and_remove_test); */
 	
 	
 	tester->destroy(tester);