implemented and tested functionality to create sa_payload from

ike_proposal_t's and also generate ike_proposal_t's from sa_payload

12 files changed, 518 insertions, 12 deletions

diff --git a/Source/charon/config/init_config.h b/Source/charon/config/init_config.h
index 876ead887..7ff46cc54 100644
--- a/Source/charon/config/init_config.h
+++ b/Source/charon/config/init_config.h
@@ -25,8 +25,11 @@
 
 #include <types.h>
 #include <network/host.h>
-#include <encoding/payloads/sa_payload.h>
 #include <utils/iterator.h>
+#include <transforms/crypters/crypter.h>
+#include <transforms/prfs/prf.h>
+#include <transforms/signers/signer.h>
+#include <transforms/diffie_hellman.h>
 
 typedef struct ike_proposal_t ike_proposal_t;
 
@@ -65,11 +68,12 @@ struct ike_proposal_t {
 	u_int16_t pseudo_random_function_key_length;
 	
 	/**
-	 * Diffie hellman group
+	 * Diffie hellman group.
 	 */
 	diffie_hellman_group_t diffie_hellman_group;
 };
 
+
 typedef struct init_config_t init_config_t;
 
 /**
diff --git a/Source/charon/encoding/payloads/proposal_substructure.c b/Source/charon/encoding/payloads/proposal_substructure.c
index 354eedb9e..05b375ef9 100644
--- a/Source/charon/encoding/payloads/proposal_substructure.c
+++ b/Source/charon/encoding/payloads/proposal_substructure.c
@@ -144,7 +144,7 @@ static status_t verify(private_proposal_substructure_t *this)
 	status_t status = SUCCESS;
 	iterator_t *iterator;
 	
-	if ((this->next_payload != NO_PAYLOAD) && (this->next_payload != PROPOSAL_SUBSTRUCTURE))
+	if ((this->next_payload != NO_PAYLOAD) && (this->next_payload != 2))
 	{
 		/* must be 0 or 2 */
 		return FAILED;
@@ -251,6 +251,15 @@ static void add_transform_substructure (private_proposal_substructure_t *this,tr
 }
 
 /**
+ * Implementation of proposal_substructure_t.proposal_substructure_t.
+ */
+static void set_is_last_proposal (private_proposal_substructure_t *this, bool is_last)
+{
+	this->next_payload = (is_last) ? 0: PROPOSAL_TYPE_VALUE;
+}
+
+
+/**
  * Implementation of proposal_substructure_t.set_proposal_number.
  */
 static void set_proposal_number(private_proposal_substructure_t *this,u_int8_t proposal_number)
@@ -374,6 +383,22 @@ static void compute_length (private_proposal_substructure_t *this)
 }
 
 /**
+ * Implementation of proposal_substructure_t.get_transform_count.
+ */
+static size_t get_transform_count (private_proposal_substructure_t *this)
+{
+	return this->transforms->get_count(this->transforms);
+}
+
+/**
+ * Implementation of proposal_substructure_t.get_spi_size.
+ */
+static size_t get_spi_size (private_proposal_substructure_t *this)
+{
+	return 	this->spi.len;
+}
+
+/**
  * Implementation of proposal_substructure_t.clone.
  */
 static private_proposal_substructure_t* clone(private_proposal_substructure_t *this)
@@ -464,8 +489,12 @@ proposal_substructure_t *proposal_substructure_create()
 	this->public.set_protocol_id = (void (*) (proposal_substructure_t *,u_int8_t))set_protocol_id;
 	this->public.get_protocol_id = (u_int8_t (*) (proposal_substructure_t *)) get_protocol_id;
 	this->public.get_info_for_transform_type = 	(status_t (*) (proposal_substructure_t *,transform_type_t,u_int16_t *, u_int16_t *))get_info_for_transform_type;
+	this->public.set_is_last_proposal = (void (*) (proposal_substructure_t *,bool)) set_is_last_proposal;
+	
 	this->public.set_spi = (void (*) (proposal_substructure_t *,chunk_t))set_spi;
 	this->public.get_spi = (chunk_t (*) (proposal_substructure_t *)) get_spi;
+	this->public.get_transform_count = (size_t (*) (proposal_substructure_t *)) get_transform_count;
+	this->public.get_spi_size = (size_t (*) (proposal_substructure_t *)) get_spi_size;	
 	this->public.clone = (proposal_substructure_t * (*) (proposal_substructure_t *)) clone;
 	this->public.destroy = (void (*) (proposal_substructure_t *)) destroy;
 	
diff --git a/Source/charon/encoding/payloads/proposal_substructure.h b/Source/charon/encoding/payloads/proposal_substructure.h
index f131cf74c..a2015fbfe 100644
--- a/Source/charon/encoding/payloads/proposal_substructure.h
+++ b/Source/charon/encoding/payloads/proposal_substructure.h
@@ -29,6 +29,13 @@
 #include <utils/linked_list.h>
 
 /**
+ * IKEv1 Value for a proposal payload.
+ * 
+ * @ingroup payloads
+ */
+#define PROPOSAL_TYPE_VALUE 2
+
+/**
  * Length of the proposal substructure header
  * (without spi).
  * 
@@ -107,6 +114,22 @@ struct proposal_substructure_t {
 	u_int8_t (*get_proposal_number) (proposal_substructure_t *this);
 
 	/**
+	 * @brief get the number of transforms in current proposal.
+	 * 
+	 * @param this 		calling proposal_substructure_t object
+	 * @return 			transform count in current proposal
+	 */
+	size_t (*get_transform_count) (proposal_substructure_t *this);
+
+	/**
+	 * @brief get size of the set spi in bytes.
+	 * 
+	 * @param this 		calling proposal_substructure_t object
+	 * @return 			size of the spi in bytes
+	 */
+	size_t (*get_spi_size) (proposal_substructure_t *this);
+
+	/**
 	 * @brief Sets the protocol id of current proposal.
 	 *
 	 * @param this 		calling proposal_substructure_t object
@@ -136,6 +159,16 @@ struct proposal_substructure_t {
 	 */
 	status_t (*get_info_for_transform_type) (proposal_substructure_t *this,transform_type_t type, u_int16_t *transform_id, u_int16_t *key_length);
 
+	/**
+	 * @brief Sets the next_payload field of this substructure
+	 * 
+	 * If this is the last proposal, next payload field is set to 0,
+	 * otherwise to 2
+	 *
+	 * @param this 		calling proposal_substructure_t object
+	 * @param is_last	When TRUE, next payload field is set to 0, otherwise to 2
+	 */
+	void (*set_is_last_proposal) (proposal_substructure_t *this, bool is_last);
 
 	/**
 	 * @brief Returns the currently set SPI of this proposal.
diff --git a/Source/charon/encoding/payloads/sa_payload.c b/Source/charon/encoding/payloads/sa_payload.c
index 4054c6fb3..d2aecf875 100644
--- a/Source/charon/encoding/payloads/sa_payload.c
+++ b/Source/charon/encoding/payloads/sa_payload.c
@@ -243,11 +243,157 @@ static iterator_t *create_proposal_substructure_iterator (private_sa_payload_t *
  */
 static void add_proposal_substructure (private_sa_payload_t *this,proposal_substructure_t *proposal)
 {
+	status_t status;
+	if (this->proposals->get_count(this->proposals) > 0)
+	{
+		proposal_substructure_t *last_proposal;
+		status = this->proposals->get_last(this->proposals,(void **) &last_proposal);
+		/* last transform is now not anymore last one */
+		last_proposal->set_is_last_proposal(last_proposal,FALSE);
+	}
+	proposal->set_is_last_proposal(proposal,TRUE);
+	
 	this->proposals->insert_last(this->proposals,(void *) proposal);
 	this->compute_length(this);
 }
 
 /**
+ * Implementation of sa_payload_t.get_ike_proposals.
+ */
+static status_t get_ike_proposals (private_sa_payload_t *this,ike_proposal_t ** proposals, size_t *proposal_count)
+{
+	int found_ike_proposals = 0;
+	int current_proposal_number = 0;
+	iterator_t *iterator;
+	ike_proposal_t *tmp_proposals;
+	
+		
+	iterator = this->proposals->create_iterator(this->proposals,TRUE);
+	
+	/* first find out the number of ike proposals and check their number of transforms and 
+	 * if the SPI is empty!*/
+	while (iterator->has_next(iterator))
+	{
+		proposal_substructure_t *current_proposal;
+		iterator->current(iterator,(void **)&(current_proposal));
+		if (current_proposal->get_protocol_id(current_proposal) == IKE)
+		{
+			/* a ike proposal consists of 4 transforms and an empty spi*/
+			if ((current_proposal->get_transform_count(current_proposal) != 4) ||
+			    (current_proposal->get_spi_size(current_proposal) != 0))
+		    {
+		    	iterator->destroy(iterator);
+		    	return FAILED;
+		    }
+			
+			found_ike_proposals++;
+		}
+	}
+	iterator->reset(iterator);
+	
+	if (found_ike_proposals == 0)
+	{
+		iterator->destroy(iterator);
+		return NOT_FOUND;
+	}
+	
+	/* allocate memory to hold each proposal as ike_proposal_t */
+	
+	tmp_proposals = allocator_alloc(found_ike_proposals * sizeof(ike_proposal_t));
+	
+	/* create from each proposal_substructure a ike_proposal_t data area*/
+	while (iterator->has_next(iterator))
+	{
+		proposal_substructure_t *current_proposal;
+		iterator->current(iterator,(void **)&(current_proposal));
+		if (current_proposal->get_protocol_id(current_proposal) == IKE)
+		{
+			bool encryption_algorithm_found = FALSE;
+			bool integrity_algorithm_found = FALSE;
+			bool pseudo_random_function_found = FALSE;
+			bool diffie_hellman_group_found = FALSE;
+			status_t status;
+			iterator_t *transforms;
+			
+			transforms = current_proposal->create_transform_substructure_iterator(current_proposal,TRUE);
+			while (transforms->has_next(transforms))
+			{
+				transform_substructure_t *current_transform;
+				transforms->current(transforms,(void **)&(current_transform));
+				
+				switch (current_transform->get_transform_type(current_transform))
+				{
+					case ENCRYPTION_ALGORITHM:
+					{
+						tmp_proposals[current_proposal_number].encryption_algorithm = current_transform->get_transform_id(current_transform);
+						status = current_transform->get_key_length(current_transform,&(tmp_proposals[current_proposal_number].encryption_algorithm_key_length));
+						if (status == SUCCESS)
+						{
+							encryption_algorithm_found = TRUE;
+						}
+						break;
+					}
+					case INTEGRITY_ALGORITHM:
+					{
+						tmp_proposals[current_proposal_number].integrity_algorithm = current_transform->get_transform_id(current_transform);
+						status = current_transform->get_key_length(current_transform,&(tmp_proposals[current_proposal_number].integrity_algorithm_key_length));
+						if (status == SUCCESS)
+						{
+							integrity_algorithm_found = TRUE;
+						}
+						break;
+					}
+					case PSEUDO_RANDOM_FUNCTION:
+					{
+						tmp_proposals[current_proposal_number].pseudo_random_function = current_transform->get_transform_id(current_transform);
+						status = current_transform->get_key_length(current_transform,&(tmp_proposals[current_proposal_number].pseudo_random_function_key_length));
+						if (status == SUCCESS)
+						{
+							pseudo_random_function_found = TRUE;
+						}
+						break;
+					}
+					case DIFFIE_HELLMAN_GROUP:
+					{
+						tmp_proposals[current_proposal_number].diffie_hellman_group = current_transform->get_transform_id(current_transform);
+						diffie_hellman_group_found = TRUE;
+						break;
+					}
+					default:
+					{
+						/* not a transform of an ike proposal. Break here */
+						break;
+					}
+				}
+				
+			}
+
+			transforms->destroy(transforms);
+			
+			if ((!encryption_algorithm_found) ||
+				(!integrity_algorithm_found) ||
+				(!pseudo_random_function_found) ||
+				(!diffie_hellman_group_found))
+			{
+				/* one of needed transforms could not be found */
+				iterator->reset(iterator);
+				allocator_free(tmp_proposals);
+				return FAILED;
+			}
+			
+			current_proposal_number++;
+		}
+	}
+
+	iterator->destroy(iterator);	
+	
+	*proposals = tmp_proposals;
+	*proposal_count = found_ike_proposals;
+
+	return SUCCESS;
+}
+
+/**
  * Implementation of private_sa_payload_t.compute_length.
  */
 static void compute_length (private_sa_payload_t *this)
@@ -285,6 +431,7 @@ sa_payload_t *sa_payload_create()
 	/* public functions */
 	this->public.create_proposal_substructure_iterator = (iterator_t* (*) (sa_payload_t *,bool)) create_proposal_substructure_iterator;
 	this->public.add_proposal_substructure = (void (*) (sa_payload_t *,proposal_substructure_t *)) add_proposal_substructure;
+	this->public.get_ike_proposals = (status_t (*) (sa_payload_t *, ike_proposal_t **, size_t *)) get_ike_proposals;
 	this->public.destroy = (void (*) (sa_payload_t *)) destroy;
 	
 	/* private functions */
@@ -299,4 +446,43 @@ sa_payload_t *sa_payload_create()
 	return (&(this->public));
 }
 
+/*
+ * Described in header.
+ */
+sa_payload_t *sa_payload_create_from_ike_proposals(ike_proposal_t *proposals, size_t proposal_count)
+{
+	int i;
+	sa_payload_t *sa_payload= sa_payload_create();
+	
+	for (i = 0; i < proposal_count; i++)
+	{
+		proposal_substructure_t *proposal_substructure;
+		transform_substructure_t *encryption_algorithm;
+		transform_substructure_t *integrity_algorithm;
+		transform_substructure_t *pseudo_random_function;
+		transform_substructure_t *diffie_hellman_group;
+		
+		/* create proposal substructure */
+		proposal_substructure = proposal_substructure_create();
+		proposal_substructure->set_protocol_id(proposal_substructure,IKE);
+		proposal_substructure->set_proposal_number(proposal_substructure,(i + 1));
 
+		/* create transform substructures to hold each specific transform for an ike proposal */
+		encryption_algorithm = transform_substructure_create_type(ENCRYPTION_ALGORITHM,proposals[i].encryption_algorithm,proposals[i].encryption_algorithm_key_length);
+		proposal_substructure->add_transform_substructure(proposal_substructure,encryption_algorithm);
+		
+		pseudo_random_function = transform_substructure_create_type(PSEUDO_RANDOM_FUNCTION,proposals[i].pseudo_random_function,proposals[i].pseudo_random_function_key_length);
+		proposal_substructure->add_transform_substructure(proposal_substructure,pseudo_random_function);
+
+		integrity_algorithm = transform_substructure_create_type(INTEGRITY_ALGORITHM,proposals[i].integrity_algorithm,proposals[i].integrity_algorithm_key_length);
+		proposal_substructure->add_transform_substructure(proposal_substructure,integrity_algorithm);
+
+		diffie_hellman_group = transform_substructure_create_type(DIFFIE_HELLMAN_GROUP,proposals[i].diffie_hellman_group,0);
+		proposal_substructure->add_transform_substructure(proposal_substructure,diffie_hellman_group);
+		
+		/* add proposal to sa payload */
+		sa_payload->add_proposal_substructure(sa_payload,proposal_substructure);
+	}
+	
+	return sa_payload;
+}
diff --git a/Source/charon/encoding/payloads/sa_payload.h b/Source/charon/encoding/payloads/sa_payload.h
index dbd0bd1c3..ad450b356 100644
--- a/Source/charon/encoding/payloads/sa_payload.h
+++ b/Source/charon/encoding/payloads/sa_payload.h
@@ -27,6 +27,7 @@
 #include <encoding/payloads/payload.h>
 #include <encoding/payloads/proposal_substructure.h>
 #include <utils/linked_list.h>
+#include <config/init_config.h>
 
 /**
  * Critical flag must not be set.
@@ -82,6 +83,22 @@ struct sa_payload_t {
 	 * @param proposal  proposal_substructure_t object to add
 	 */
 	void (*add_proposal_substructure) (sa_payload_t *this,proposal_substructure_t *proposal);
+	
+	/**
+	 * Creates an array of ike_proposal_t's in this SA payload.
+	 * 
+	 * An IKE proposal consist of transform of type ENCRYPTION_ALGORITHM,
+	 * PSEUDO_RANDOM_FUNCTION, INTEGRITY_ALGORITHM and DIFFIE_HELLMAN_GROUP
+	 * 
+	 * @param proposals			the pointer to the first entry of ike_proposal_t's is set
+	 * @param proposal_count	the number of found proposals is written at this location
+	 * @return
+	 * 							- SUCCESS if an IKE proposal could be found
+	 * 							- NOT_FOUND if no IKE proposal could be found
+	 * 							- FAILED if a proposal does not contain all needed transforms
+	 * 							  for a IKE_PROPOSAL 
+	 */
+	status_t (*get_ike_proposals) (sa_payload_t *this, ike_proposal_t **proposals, size_t *proposal_count);	
 
 	/**
 	 * @brief Destroys an sa_payload_t object.
@@ -100,5 +117,15 @@ struct sa_payload_t {
  */
 sa_payload_t *sa_payload_create();
 
+/**
+ * @brief Creates a sa_payload_t object from array of ike_proposal_t's.
+ * 
+ * @return					created sa_payload_t object
+ * @param proposals			pointer to first proposal in array of type ike_proposal_t
+ * @param proposal_count	number of ike_proposal_t's in array
+ * 
+ * @ingroup payloads
+ */
+sa_payload_t *sa_payload_create_from_ike_proposals(ike_proposal_t *proposals, size_t proposal_count);
 
 #endif /*SA_PAYLOAD_H_*/
diff --git a/Source/charon/encoding/payloads/transform_attribute.c b/Source/charon/encoding/payloads/transform_attribute.c
index c85895fc6..9f9d82924 100644
--- a/Source/charon/encoding/payloads/transform_attribute.c
+++ b/Source/charon/encoding/payloads/transform_attribute.c
@@ -322,3 +322,13 @@ transform_attribute_t *transform_attribute_create()
 	return (&(this->public));
 }
 
+/*
+ * Described in header.
+ */
+transform_attribute_t *transform_attribute_create_key_length(u_int16_t key_length)
+{
+	transform_attribute_t *attribute = transform_attribute_create();
+	attribute->set_attribute_type(attribute,KEY_LENGTH);
+	attribute->set_value(attribute,key_length);
+	return attribute;
+}
diff --git a/Source/charon/encoding/payloads/transform_attribute.h b/Source/charon/encoding/payloads/transform_attribute.h
index 8a0deb765..5820932e2 100644
--- a/Source/charon/encoding/payloads/transform_attribute.h
+++ b/Source/charon/encoding/payloads/transform_attribute.h
@@ -132,11 +132,23 @@ struct transform_attribute_t {
 };
 
 /**
- * @brief Creates an empty transform_attribute_t object
+ * @brief Creates an empty transform_attribute_t object.
  * 
  * @return			created transform_attribute_t object
+ * 
  * @ingroup payloads
  */
 transform_attribute_t *transform_attribute_create();
 
+/**
+ * @brief Creates an transform_attribute_t of type KEY_LENGTH.
+ * 
+ * @param key_length	key length in bytes
+ * @return				created transform_attribute_t object
+ * 
+ * @ingroup payloads
+ */
+transform_attribute_t *transform_attribute_create_key_length(u_int16_t key_length);
+
+
 #endif /*TRANSFORM_ATTRIBUTE_H_*/
diff --git a/Source/charon/encoding/payloads/transform_substructure.c b/Source/charon/encoding/payloads/transform_substructure.c
index 3c91b257c..99af36c8d 100644
--- a/Source/charon/encoding/payloads/transform_substructure.c
+++ b/Source/charon/encoding/payloads/transform_substructure.c
@@ -448,7 +448,7 @@ static void destroy(private_transform_substructure_t *this)
 }
 
 /*
- * Described in header
+ * Described in header.
  */
 transform_substructure_t *transform_substructure_create()
 {
@@ -488,3 +488,31 @@ transform_substructure_t *transform_substructure_create()
 	
 	return (&(this->public));
 }
+
+/*
+ * Described in header
+ */
+transform_substructure_t *transform_substructure_create_type(transform_type_t transform_type, u_int16_t transform_id, u_int16_t key_length)
+{
+	transform_substructure_t *transform = transform_substructure_create();
+	
+	transform->set_transform_type(transform,transform_type);
+	transform->set_transform_id(transform,transform_id);
+	
+	switch (transform_type)
+	{
+		case ENCRYPTION_ALGORITHM:
+		case PSEUDO_RANDOM_FUNCTION:
+		case INTEGRITY_ALGORITHM:
+		{
+			transform_attribute_t *attribute = transform_attribute_create_key_length(key_length);
+			transform->add_transform_attribute(transform,attribute);
+			break;
+		}
+		default:
+		{
+			/* no keylength attribute is created */
+		}
+	}	
+	return transform;
+}
diff --git a/Source/charon/encoding/payloads/transform_substructure.h b/Source/charon/encoding/payloads/transform_substructure.h
index ac8684cc1..6671dbc7b 100644
--- a/Source/charon/encoding/payloads/transform_substructure.h
+++ b/Source/charon/encoding/payloads/transform_substructure.h
@@ -137,7 +137,7 @@ struct transform_substructure_t {
 	 * @brief Sets the next_payload field of this substructure
 	 * 
 	 * If this is the last transform, next payload field is set to 0,
-	 * otherwise to 3 (payload type of transform in IKEv1)
+	 * otherwise to 3
 	 *
 	 * @param this 		calling transform_substructure_t object
 	 * @param is_last	When TRUE, next payload field is set to 0, otherwise to 3
@@ -213,7 +213,7 @@ struct transform_substructure_t {
 };
 
 /**
- * @brief Creates an empty transform_substructure_t object
+ * @brief Creates an empty transform_substructure_t object.
  * 
  * @return			created transform_substructure_t object
  * 
@@ -221,4 +221,20 @@ struct transform_substructure_t {
  */
 transform_substructure_t *transform_substructure_create();
 
+/**
+ * @brief Creates an empty transform_substructure_t object.
+ * 
+ * The key length is used for the transport types ENCRYPTION_ALGORITHM,
+ * PSEUDO_RANDOM_FUNCTION, INTEGRITY_ALGORITHM. For all 
+ * other transport types the key_length parameter is not used
+ * 
+ * @return					created transform_substructure_t object
+ * @param transform_type	type of transform to create
+ * @param transform_id		transform id specifying the specific algorithm of a transform type
+ * @param key_length		Key length for key lenght attribute
+ * 
+ * @ingroup payloads
+ */
+transform_substructure_t *transform_substructure_create_type(transform_type_t transform_type, u_int16_t transform_id, u_int16_t key_length);
+
 #endif /*TRANSFORM_SUBSTRUCTURE_H_*/
diff --git a/Source/charon/testcases/generator_test.c b/Source/charon/testcases/generator_test.c
index 6f13eecea..1df430a82 100644
--- a/Source/charon/testcases/generator_test.c
+++ b/Source/charon/testcases/generator_test.c
@@ -417,6 +417,8 @@ void test_generator_with_sa_payload(tester_t *tester)
 	transform_attribute_t *attribute1, *attribute2, *attribute3;
 	transform_substructure_t *transform1, *transform2;
 	proposal_substructure_t *proposal1, *proposal2;
+	ike_proposal_t *ike_proposals;
+	size_t ike_proposal_count;
 	sa_payload_t *sa_payload;
 	ike_header_t *ike_header;
 	
@@ -429,6 +431,9 @@ void test_generator_with_sa_payload(tester_t *tester)
 	/* create generator */
 	generator = generator_create();
 	tester->assert_true(tester,(generator != NULL), "generator create check");
+	
+	/* --------------------------- */
+	/* test first with self created proposals */
 
 	/* create attribute 1 */	
 	attribute1 = transform_attribute_create();
@@ -527,7 +532,7 @@ void test_generator_with_sa_payload(tester_t *tester)
 		/* sa payload header */
 		0x00,0x00,0x00,0x44,
 		/* proposal header */
-		0x00,0x00,0x00,0x38,
+		0x02,0x00,0x00,0x38,
 		0x07,0x04,0x08,0x02,
 		/* SPI */
 		0x41,0x42,0x43,0x44,
@@ -560,6 +565,79 @@ void test_generator_with_sa_payload(tester_t *tester)
 	ike_header->destroy(ike_header);
 	sa_payload->destroy(sa_payload);
 	generator->destroy(generator);
+	
+	
+	/* test with automatic created proposals */
+	
+	generator = generator_create();
+	tester->assert_true(tester,(generator != NULL), "generator create check");
+	
+
+	ike_proposal_count = 2;
+	ike_proposals = allocator_alloc(ike_proposal_count * (sizeof(ike_proposal_t)));
+	
+	ike_proposals[0].encryption_algorithm = 1;
+	ike_proposals[0].encryption_algorithm_key_length = 20;
+	ike_proposals[0].pseudo_random_function = 2;
+	ike_proposals[0].pseudo_random_function_key_length = 22;
+	ike_proposals[0].integrity_algorithm = 3;
+	ike_proposals[0].integrity_algorithm_key_length = 24;
+	ike_proposals[0].diffie_hellman_group = 4;
+
+	ike_proposals[1].encryption_algorithm = 5;
+	ike_proposals[1].encryption_algorithm_key_length = 26;
+	ike_proposals[1].pseudo_random_function = 6;
+	ike_proposals[1].pseudo_random_function_key_length = 28;
+	ike_proposals[1].integrity_algorithm = 7;
+	ike_proposals[1].integrity_algorithm_key_length = 30;
+	ike_proposals[1].diffie_hellman_group = 8;
+	
+	sa_payload = sa_payload_create_from_ike_proposals(ike_proposals,ike_proposal_count);
+	tester->assert_true(tester,(sa_payload != NULL), "sa_payload create check");
+
+	generator->generate_payload(generator,(payload_t *)sa_payload);
+	generator->write_to_chunk(generator,&generated_data);
+	logger->log_chunk(logger,RAW,"generated",&generated_data);	
+
+	u_int8_t expected_generation2[] = {	
+		0x00,0x00,0x00,0x6C, /* payload header*/
+			0x02,0x00,0x00,0x34,  /* a proposal */
+			0x01,0x01,0x00,0x04,
+				0x03,0x00,0x00,0x0C, /* transform 1 */
+				0x01,0x00,0x00,0x01,  
+					0x80,0x0E,0x00,0x14, /* keylength attribute with 20 bytes length */
+				0x03,0x00,0x00,0x0C, /* transform 2 */
+				0x02,0x00,0x00,0x02,  
+					0x80,0x0E,0x00,0x16, /* keylength attribute with 20 bytes length */
+				0x03,0x00,0x00,0x0C, /* transform 3 */
+				0x03,0x00,0x00,0x03,  
+					0x80,0x0E,0x00,0x18, /* keylength attribute with 20 bytes length */
+				0x00,0x00,0x00,0x08, /* transform 4 */
+				0x04,0x00,0x00,0x04, 
+			0x00,0x00,0x00,0x34,  /* a proposal */
+			0x02,0x01,0x00,0x04,
+				0x03,0x00,0x00,0x0C, /* transform 1 */
+				0x01,0x00,0x00,0x05,  
+					0x80,0x0E,0x00,0x1A, /* keylength attribute with 16 bytes length */
+				0x03,0x00,0x00,0x0C, /* transform 2 */
+				0x02,0x00,0x00,0x06,  
+					0x80,0x0E,0x00,0x1C, /* keylength attribute with 16 bytes length */
+				0x03,0x00,0x00,0x0C, /* transform 3 */
+				0x03,0x00,0x00,0x07,  
+					0x80,0x0E,0x00,0x1E, /* keylength attribute with 16 bytes length */
+				0x00,0x00,0x00,0x08, /* transform 4 */
+				0x04,0x00,0x00,0x08, 		
+
+	};
+
+	logger->log_bytes(logger,RAW,"expected",expected_generation2,sizeof(expected_generation2));	
+	
+	tester->assert_true(tester,(memcmp(expected_generation2,generated_data.ptr,sizeof(expected_generation2)) == 0), "compare generated data");
+
+	sa_payload->destroy(sa_payload);
+	allocator_free(ike_proposals);
+	allocator_free_chunk(&generated_data);
+	generator->destroy(generator);
 		
 	charon->logger_manager->destroy_logger(charon->logger_manager,logger);	
 	
diff --git a/Source/charon/testcases/parser_test.c b/Source/charon/testcases/parser_test.c
index f6f0fb202..b873306d8 100644
--- a/Source/charon/testcases/parser_test.c
+++ b/Source/charon/testcases/parser_test.c
@@ -96,9 +96,13 @@ void test_parser_with_sa_payload(tester_t *tester)
 	parser_t *parser;
 	sa_payload_t *sa_payload;
 	status_t status;
-	chunk_t sa_chunk;
+	chunk_t sa_chunk, sa_chunk2;
 	iterator_t *proposals, *transforms, *attributes;
+    ike_proposal_t *ike_proposals;
+    size_t ike_proposal_count;
 	
+	/* first test generic parsing functionality */
+		
 	u_int8_t sa_bytes[] = {
 		0x00,0x80,0x00,0x24, /* payload header*/
 			0x00,0x00,0x00,0x20,  /* a proposal */
@@ -107,7 +111,7 @@ void test_parser_with_sa_payload(tester_t *tester)
 				0x00,0x00,0x00,0x14, /* transform */
 				0x07,0x00,0x00,0x03,  
 					0x80,0x01,0x00,0x05, /* attribute without length */
-					0x00,0x03,0x00,0x04, /* attribute with lenngth */
+					0x00,0x03,0x00,0x04, /* attribute with length */
 						0x01,0x02,0x03,0x04
 								
 		
@@ -181,6 +185,85 @@ void test_parser_with_sa_payload(tester_t *tester)
 	proposals->destroy(proposals);
 	
 	sa_payload->destroy(sa_payload);
+	
+	
+	
+	/* now test SA functionality after parsing an SA payload*/
+	
+	u_int8_t sa_bytes2[] = {
+		0x00,0x00,0x00,0x6C, /* payload header*/
+			0x02,0x00,0x00,0x34,  /* a proposal */
+			0x01,0x01,0x00,0x04,
+				0x03,0x00,0x00,0x0C, /* transform 1 */
+				0x01,0x00,0x00,0x01,  
+					0x80,0x0E,0x00,0x14, /* keylength attribute with 20 bytes length */
+				0x03,0x00,0x00,0x0C, /* transform 2 */
+				0x02,0x00,0x00,0x01,  
+					0x80,0x0E,0x00,0x14, /* keylength attribute with 20 bytes length */
+				0x03,0x00,0x00,0x0C, /* transform 3 */
+				0x03,0x00,0x00,0x01,  
+					0x80,0x0E,0x00,0x14, /* keylength attribute with 20 bytes length */
+				0x00,0x00,0x00,0x08, /* transform 4 */
+				0x04,0x00,0x00,0x01, 
+			0x00,0x00,0x00,0x34,  /* a proposal */
+			0x01,0x01,0x00,0x04,
+				0x03,0x00,0x00,0x0C, /* transform 1 */
+				0x01,0x00,0x00,0x02,  
+					0x80,0x0E,0x00,0x10, /* keylength attribute with 16 bytes length */
+				0x03,0x00,0x00,0x0C, /* transform 2 */
+				0x02,0x00,0x00,0x02,  
+					0x80,0x0E,0x00,0x10, /* keylength attribute with 16 bytes length */
+				0x03,0x00,0x00,0x0C, /* transform 3 */
+				0x03,0x00,0x00,0x02,  
+					0x80,0x0E,0x00,0x10, /* keylength attribute with 16 bytes length */
+				0x00,0x00,0x00,0x08, /* transform 4 */
+				0x04,0x00,0x00,0x02, 		
+	};
+	
+	sa_chunk2.ptr = sa_bytes2;
+	sa_chunk2.len = sizeof(sa_bytes2);
+		
+	parser = parser_create(sa_chunk2);
+	tester->assert_true(tester,(parser != NULL), "parser create check");
+	status = parser->parse_payload(parser, SECURITY_ASSOCIATION, (payload_t**)&sa_payload);
+	tester->assert_true(tester,(status == SUCCESS),"parse_payload call check");
+	parser->destroy(parser);
+	
+	if (status != SUCCESS)
+	{
+		return;	
+	}
+
+	status = sa_payload->payload_interface.verify(&(sa_payload->payload_interface));
+	tester->assert_true(tester,(status == SUCCESS),"verify call check");
+
+	status = sa_payload->get_ike_proposals (sa_payload, &ike_proposals, &ike_proposal_count);	
+	tester->assert_true(tester,(status == SUCCESS),"get ike proposals call check");	
+	
+	tester->assert_true(tester,(ike_proposal_count == 2),"ike proposal count check");
+	tester->assert_true(tester,(ike_proposals[0].encryption_algorithm == 1),"ike proposal content check");	
+	tester->assert_true(tester,(ike_proposals[0].encryption_algorithm_key_length == 20),"ike proposal content check");	
+	tester->assert_true(tester,(ike_proposals[0].integrity_algorithm == 1),"ike proposal content check");	
+	tester->assert_true(tester,(ike_proposals[0].integrity_algorithm_key_length == 20),"ike proposal content check");	
+	tester->assert_true(tester,(ike_proposals[0].pseudo_random_function == 1),"ike proposal content check");	
+	tester->assert_true(tester,(ike_proposals[0].pseudo_random_function_key_length == 20),"ike proposal content check");		
+	tester->assert_true(tester,(ike_proposals[0].diffie_hellman_group == 1),"ike proposal content check");	
+	
+	tester->assert_true(tester,(ike_proposals[1].encryption_algorithm == 2),"ike proposal content check");	
+	tester->assert_true(tester,(ike_proposals[1].encryption_algorithm_key_length == 16),"ike proposal content check");	
+	tester->assert_true(tester,(ike_proposals[1].integrity_algorithm == 2),"ike proposal content check");	
+	tester->assert_true(tester,(ike_proposals[1].integrity_algorithm_key_length == 16),"ike proposal content check");	
+	tester->assert_true(tester,(ike_proposals[1].pseudo_random_function == 2),"ike proposal content check");	
+	tester->assert_true(tester,(ike_proposals[1].pseudo_random_function_key_length == 16),"ike proposal content check");		
+	tester->assert_true(tester,(ike_proposals[1].diffie_hellman_group == 2),"ike proposal content check");	
+	
+	
+	if (status == SUCCESS)
+	{
+		allocator_free(ike_proposals);
+	}
+	
+	sa_payload->destroy(sa_payload);
 }
 
 /*
diff --git a/Source/charon/testcases/testcases.c b/Source/charon/testcases/testcases.c
index 45aa4772c..4ec6834bb 100644
--- a/Source/charon/testcases/testcases.c
+++ b/Source/charon/testcases/testcases.c
@@ -210,8 +210,8 @@ int main()
 	
 	tester_t *tester = tester_create(test_output, FALSE);
 	
-	//tester->perform_tests(tester,all_tests);
-	tester->perform_test(tester,&init_config_test); 
+	tester->perform_tests(tester,all_tests);
+//	tester->perform_test(tester,&generator_test5); 
 	
 	
 	tester->destroy(tester);