- works with new proposal code

- still some(!) memleaks

16 files changed, 205 insertions, 53 deletions

diff --git a/Source/charon/config/child_proposal.c b/Source/charon/config/child_proposal.c
index 391c321f6..5a68f4f9b 100644
--- a/Source/charon/config/child_proposal.c
+++ b/Source/charon/config/child_proposal.c
@@ -216,6 +216,45 @@ static void add_algorithm(private_child_proposal_t *this, protocol_id_t proto, t
 }
 
 /**
+ * Implements child_proposal_t.get_algorithm.
+ */
+static bool get_algorithm(private_child_proposal_t *this, protocol_id_t proto, transform_type_t type, algorithm_t** algo)
+{
+	linked_list_t * list;
+	protocol_proposal_t *proto_proposal = get_protocol_proposal(this, proto, FALSE);
+	
+	if (proto_proposal == NULL)
+	{
+		return FALSE;
+	}
+	switch (type)
+	{
+		case ENCRYPTION_ALGORITHM:
+			list = proto_proposal->encryption_algos;
+			break;
+		case INTEGRITY_ALGORITHM:
+			list = proto_proposal->integrity_algos;
+			break;
+		case PSEUDO_RANDOM_FUNCTION:
+			list = proto_proposal->prf_algos;
+			break;
+		case DIFFIE_HELLMAN_GROUP:
+			list = proto_proposal->dh_groups;
+			break;
+		case EXTENDED_SEQUENCE_NUMBERS:
+			list = proto_proposal->esns;
+			break;
+		default:
+			return FALSE;
+	}
+	if (list->get_first(list, (void**)algo) != SUCCESS)
+	{
+		return FALSE;
+	}
+	return TRUE;
+}
+
+/**
  * Implements child_proposal_t.create_algorithm_iterator.
  */
 static iterator_t *create_algorithm_iterator(private_child_proposal_t *this, protocol_id_t proto, transform_type_t type)
@@ -224,7 +263,7 @@ static iterator_t *create_algorithm_iterator(private_child_proposal_t *this, pro
 	if (proto_proposal == NULL)
 	{
 		return NULL;
-	}	
+	}
 	
 	switch (type)
 	{
@@ -242,13 +281,12 @@ static iterator_t *create_algorithm_iterator(private_child_proposal_t *this, pro
 			break;
 	}
 	return NULL;
-	
 }
 
 /**
  * Find a matching alg/keysize in two linked lists
  */
-static bool select_algo(linked_list_t *first, linked_list_t *second, u_int16_t *alg, size_t *key_size)
+static bool select_algo(linked_list_t *first, linked_list_t *second, bool *add, u_int16_t *alg, size_t *key_size)
 {
 	iterator_t *first_iter, *second_iter;
 	algorithm_t *first_alg, *second_alg;
@@ -256,7 +294,7 @@ static bool select_algo(linked_list_t *first, linked_list_t *second, u_int16_t *
 	/* if in both are zero algorithms specified, we HAVE a match */
 	if (first->get_count(first) == 0 && second->get_count(second) == 0)
 	{
-		*alg = 0;
+		*add = FALSE;
 		return TRUE;
 	}
 	
@@ -276,6 +314,7 @@ static bool select_algo(linked_list_t *first, linked_list_t *second, u_int16_t *
 				/* ok, we have an algorithm */
 				*alg = first_alg->algorithm;
 				*key_size = first_alg->key_size;
+				*add = TRUE;
 				first_iter->destroy(first_iter);
 				second_iter->destroy(second_iter);
 				return TRUE;
@@ -299,6 +338,7 @@ static child_proposal_t *select_proposal(private_child_proposal_t *this, private
 	iterator_t *iterator;
 	protocol_proposal_t *this_prop, *other_prop;
 	protocol_id_t proto;
+	bool add;
 	
 	/* empty proposal? no match */
 	if (this->protocol_proposals->get_count(this->protocol_proposals) == 0 ||
@@ -332,9 +372,9 @@ static child_proposal_t *select_proposal(private_child_proposal_t *this, private
 		}
 		
 		/* select encryption algorithm */
-		if (select_algo(this_prop->encryption_algos, other_prop->encryption_algos, &algo, &key_size))
+		if (select_algo(this_prop->encryption_algos, other_prop->encryption_algos, &add, &algo, &key_size))
 		{
-			if (algo)
+			if (add)
 			{
 				selected->add_algorithm(selected, proto, ENCRYPTION_ALGORITHM, algo, key_size);
 			}
@@ -346,9 +386,9 @@ static child_proposal_t *select_proposal(private_child_proposal_t *this, private
 			return NULL;
 		}
 		/* select integrity algorithm */
-		if (select_algo(this_prop->integrity_algos, other_prop->integrity_algos, &algo, &key_size))
+		if (select_algo(this_prop->integrity_algos, other_prop->integrity_algos, &add, &algo, &key_size))
 		{
-			if (algo)
+			if (add)
 			{
 				selected->add_algorithm(selected, proto, INTEGRITY_ALGORITHM, algo, key_size);
 			}
@@ -360,9 +400,9 @@ static child_proposal_t *select_proposal(private_child_proposal_t *this, private
 			return NULL;
 		}
 		/* select prf algorithm */
-		if (select_algo(this_prop->prf_algos, other_prop->prf_algos, &algo, &key_size))
+		if (select_algo(this_prop->prf_algos, other_prop->prf_algos, &add, &algo, &key_size))
 		{
-			if (algo)
+			if (add)
 			{
 				selected->add_algorithm(selected, proto, PSEUDO_RANDOM_FUNCTION, algo, key_size);
 			}
@@ -374,9 +414,9 @@ static child_proposal_t *select_proposal(private_child_proposal_t *this, private
 			return NULL;
 		}
 		/* select a DH-group */
-		if (select_algo(this_prop->dh_groups, other_prop->dh_groups, &algo, &key_size))
+		if (select_algo(this_prop->dh_groups, other_prop->dh_groups, &add, &algo, &key_size))
 		{
-			if (algo)
+			if (add)
 			{
 				selected->add_algorithm(selected, proto, DIFFIE_HELLMAN_GROUP, algo, 0);
 			}
@@ -388,9 +428,9 @@ static child_proposal_t *select_proposal(private_child_proposal_t *this, private
 			return NULL;
 		}
 		/* select if we use ESNs */
-		if (select_algo(this_prop->esns, other_prop->esns, &algo, &key_size))
+		if (select_algo(this_prop->esns, other_prop->esns, &add, &algo, &key_size))
 		{
-			if (algo)
+			if (add)
 			{
 				selected->add_algorithm(selected, proto, EXTENDED_SEQUENCE_NUMBERS, algo, 0);
 			}
@@ -526,6 +566,7 @@ child_proposal_t *child_proposal_create(u_int8_t number)
 	
 	this->public.add_algorithm = (void (*)(child_proposal_t*,protocol_id_t,transform_type_t,u_int16_t,size_t))add_algorithm;
 	this->public.create_algorithm_iterator = (iterator_t* (*)(child_proposal_t*,protocol_id_t,transform_type_t))create_algorithm_iterator;
+	this->public.get_algorithm = (bool (*)(child_proposal_t*,protocol_id_t,transform_type_t,algorithm_t**))get_algorithm;
 	this->public.select = (child_proposal_t* (*)(child_proposal_t*,child_proposal_t*))select_proposal;
 	this->public.get_number = (u_int8_t (*)(child_proposal_t*))get_number;
 	this->public.get_protocols = (void(*)(child_proposal_t *this, protocol_id_t ids[2]))get_protocols;
diff --git a/Source/charon/config/child_proposal.h b/Source/charon/config/child_proposal.h
index d9e483e3b..69bd7f395 100644
--- a/Source/charon/config/child_proposal.h
+++ b/Source/charon/config/child_proposal.h
@@ -165,6 +165,20 @@ struct child_proposal_t {
 	 * @return						iterator over algorithms
 	 */
 	iterator_t *(*create_algorithm_iterator) (child_proposal_t *this, protocol_id_t proto, transform_type_t type);
+	
+	/**
+	 * @brief Get the algorithm for a type to use.
+	 * 
+	 * If there are multiple algorithms, only the first is returned.
+	 * Result is still owned by child_proposal, do not modify!
+	 * 
+	 * @param this					calling object
+	 * @param proto					desired protocol
+	 * @param type					kind of algorithm
+	 * @param[out] algo				pointer which receives algorithm and key size
+	 * @return						TRUE if algorithm of this kind available
+	 */
+	bool (*get_algorithm) (child_proposal_t *this, protocol_id_t proto, transform_type_t type, algorithm_t** algo);
 
 	/**
 	 * @brief Compare two proposal, and select a matching subset.
diff --git a/Source/charon/config/configuration_manager.c b/Source/charon/config/configuration_manager.c
index fa27ba341..6c00469e9 100644
--- a/Source/charon/config/configuration_manager.c
+++ b/Source/charon/config/configuration_manager.c
@@ -307,11 +307,13 @@ static void load_default_config (private_configuration_manager_t *this)
 	/* ah and esp prop */
 	child_proposal = child_proposal_create(1);
 	
-	//child_proposal->add_algorithm(child_proposal, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
-	//child_proposal->add_algorithm(child_proposal, AH, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
-	//child_proposal->add_algorithm(child_proposal, AH, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
+	child_proposal->add_algorithm(child_proposal, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
+	child_proposal->add_algorithm(child_proposal, AH, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
+	child_proposal->add_algorithm(child_proposal, AH, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
 
 	child_proposal->add_algorithm(child_proposal, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
+	child_proposal->add_algorithm(child_proposal, ESP, ENCRYPTION_ALGORITHM, ENCR_3DES, 32);
+	child_proposal->add_algorithm(child_proposal, ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20);
 	child_proposal->add_algorithm(child_proposal, ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
 	child_proposal->add_algorithm(child_proposal, ESP, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
 	child_proposal->add_algorithm(child_proposal, ESP, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
diff --git a/Source/charon/daemon.h b/Source/charon/daemon.h
index 0b474eab6..8d466dc76 100644
--- a/Source/charon/daemon.h
+++ b/Source/charon/daemon.h
@@ -79,7 +79,7 @@
  * This is the maximum allowed level for ever context, the definiton
  * of the context may be less verbose.
  */
-#define DEFAULT_LOGLEVEL CONTROL | ERROR | AUDIT | FULL
+#define DEFAULT_LOGLEVEL CONTROL | ERROR | AUDIT
 
 
 typedef struct daemon_t daemon_t;
diff --git a/Source/charon/encoding/generator.c b/Source/charon/encoding/generator.c
index f1d7462b0..a036b8ed4 100644
--- a/Source/charon/encoding/generator.c
+++ b/Source/charon/encoding/generator.c
@@ -633,7 +633,7 @@ static void write_to_chunk (private_generator_t *this,chunk_t *data)
 	memcpy(data->ptr,this->buffer,data_length);
 	data->len = data_length;
 	
-	this->logger->log_chunk(this->logger, RAW, "generated data of this parser", data);
+	this->logger->log_chunk(this->logger, RAW|LEVEL3, "generated data of this generator", data);
 }
 
 /**
@@ -1017,7 +1017,7 @@ static void generate_payload (private_generator_t *this,payload_t *payload)
 				return;
 		}
 	}
-	this->logger->log_bytes(this->logger, RAW|LEVEL1, "generated data for this payload",
+	this->logger->log_bytes(this->logger, RAW|LEVEL3, "generated data for this payload",
 							payload_start, this->out_position-payload_start);
 }
 
diff --git a/Source/charon/encoding/parser.c b/Source/charon/encoding/parser.c
index 49d432103..f161391bd 100644
--- a/Source/charon/encoding/parser.c
+++ b/Source/charon/encoding/parser.c
@@ -595,7 +595,7 @@ static status_t parse_payload(private_parser_t *this, payload_type_t payload_typ
 						mapping_find(payload_type_m, payload_type),
 						this->input_roof-this->byte_pos);
 	
-	this->logger->log_bytes(this->logger, RAW, "parsing payload from", this->byte_pos, 
+	this->logger->log_bytes(this->logger, RAW|LEVEL3, "parsing payload from", this->byte_pos, 
 								this->input_roof-this->byte_pos);
 	
 	if (pld->get_type(pld) == UNKNOWN_PAYLOAD)
diff --git a/Source/charon/encoding/payloads/proposal_substructure.c b/Source/charon/encoding/payloads/proposal_substructure.c
index 1f52281cc..a2ba15b9e 100644
--- a/Source/charon/encoding/payloads/proposal_substructure.c
+++ b/Source/charon/encoding/payloads/proposal_substructure.c
@@ -569,7 +569,6 @@ proposal_substructure_t *proposal_substructure_create_from_child_proposal(child_
 	this->proposal_number = proposal->get_number(proposal);
 	this->protocol_id = proto;
 	
-	
 	/* encryption algorithm is only availble in ESP */
 	iterator = proposal->create_algorithm_iterator(proposal, proto, ENCRYPTION_ALGORITHM);
 	while (iterator->has_next(iterator))
diff --git a/Source/charon/encoding/payloads/sa_payload.c b/Source/charon/encoding/payloads/sa_payload.c
index b0b94df20..54b34568b 100644
--- a/Source/charon/encoding/payloads/sa_payload.c
+++ b/Source/charon/encoding/payloads/sa_payload.c
@@ -545,7 +545,7 @@ sa_payload_t *sa_payload_create_from_ike_proposals(ike_proposal_t *proposals, si
 /*
  * Described in header.
  */
-sa_payload_t *sa_payload_create_from_child_proposals(linked_list_t *proposals)
+sa_payload_t *sa_payload_create_from_child_proposal_list(linked_list_t *proposals)
 {
 	iterator_t *iterator;
 	child_proposal_t *proposal;
@@ -561,3 +561,15 @@ sa_payload_t *sa_payload_create_from_child_proposals(linked_list_t *proposals)
 	
 	return sa_payload;
 }
+
+/*
+ * Described in header.
+ */
+sa_payload_t *sa_payload_create_from_child_proposal(child_proposal_t *proposal)
+{
+	sa_payload_t *sa_payload = sa_payload_create();
+	
+	add_child_proposal((private_sa_payload_t*)sa_payload, proposal);
+	
+	return sa_payload;
+}
diff --git a/Source/charon/encoding/payloads/sa_payload.h b/Source/charon/encoding/payloads/sa_payload.h
index b9ba209cb..0c54ae689 100644
--- a/Source/charon/encoding/payloads/sa_payload.h
+++ b/Source/charon/encoding/payloads/sa_payload.h
@@ -151,6 +151,8 @@ sa_payload_t *sa_payload_create();
  */
 sa_payload_t *sa_payload_create_from_ike_proposals(ike_proposal_t *proposals, size_t proposal_count);
 
-sa_payload_t *sa_payload_create_from_child_proposals(linked_list_t *proposals);
+sa_payload_t *sa_payload_create_from_child_proposal_list(linked_list_t *proposals);
+
+sa_payload_t *sa_payload_create_from_child_proposal(child_proposal_t *proposal);
 
 #endif /*SA_PAYLOAD_H_*/
diff --git a/Source/charon/sa/states/ike_auth_requested.c b/Source/charon/sa/states/ike_auth_requested.c
index ad23fa051..00c691d03 100644
--- a/Source/charon/sa/states/ike_auth_requested.c
+++ b/Source/charon/sa/states/ike_auth_requested.c
@@ -327,8 +327,11 @@ static status_t process_sa_payload(private_ike_auth_requested_t *this, sa_payloa
 {
 	child_proposal_t *proposal;
 	linked_list_t *proposal_list;
+	protocol_id_t proto;
+	
 	/* TODO fix mem allocation */
 	/* TODO child sa stuff */
+	
 	/* get selected proposal */
 	proposal_list = sa_payload->get_child_proposals(sa_payload);
 	/* check count of proposals */
@@ -353,6 +356,25 @@ static status_t process_sa_payload(private_ike_auth_requested_t *this, sa_payloa
 		this->logger->log(this->logger, AUDIT, "IKE_AUTH reply contained a not offered proposal. Deleting IKE_SA");
 		return DELETE_ME;
 	}
+	this->logger->log(this->logger, CONTROL|LEVEL1, "selected proposals:");
+	for (proto = AH; proto <= ESP; proto++)
+	{
+		transform_type_t types[] = {ENCRYPTION_ALGORITHM, INTEGRITY_ALGORITHM, DIFFIE_HELLMAN_GROUP, EXTENDED_SEQUENCE_NUMBERS};
+		mapping_t *mappings[] = {encryption_algorithm_m, integrity_algorithm_m, diffie_hellman_group_m, extended_sequence_numbers_m};
+		algorithm_t *algo;
+		int i;
+		for (i = 0; i<sizeof(types)/sizeof(transform_type_t); i++)
+		{
+			if (proposal->get_algorithm(proposal, proto, types[i], &algo))
+			{
+				this->logger->log(this->logger, CONTROL|LEVEL1, "%s: using %s %s (keysize: %d)",
+								  mapping_find(protocol_id_m, proto),
+								  mapping_find(transform_type_m, types[i]),
+								  mapping_find(mappings[i], algo->algorithm),
+								  algo->key_size);
+			}
+		}
+	}
 	
 	return SUCCESS;
 }
diff --git a/Source/charon/sa/states/ike_sa_init_requested.c b/Source/charon/sa/states/ike_sa_init_requested.c
index 1bbffa1dd..d7fa1f127 100644
--- a/Source/charon/sa/states/ike_sa_init_requested.c
+++ b/Source/charon/sa/states/ike_sa_init_requested.c
@@ -523,11 +523,11 @@ static status_t build_sa_payload (private_ike_sa_init_requested_t *this, message
 {
 	linked_list_t *proposal_list;
 	sa_payload_t *sa_payload;
-	sa_config_t *sa_config;	
-	POS;
+	sa_config_t *sa_config;
+	
 	sa_config = this->ike_sa->get_sa_config(this->ike_sa);
 	proposal_list = sa_config->get_proposals(sa_config);
-	sa_payload = sa_payload_create_from_child_proposals(proposal_list);
+	sa_payload = sa_payload_create_from_child_proposal_list(proposal_list);
 	/* TODO: fix mem allocation */
 	/* TODO child sa stuff */
 
diff --git a/Source/charon/sa/states/ike_sa_init_responded.c b/Source/charon/sa/states/ike_sa_init_responded.c
index fd9835611..c89458e89 100644
--- a/Source/charon/sa/states/ike_sa_init_responded.c
+++ b/Source/charon/sa/states/ike_sa_init_responded.c
@@ -387,10 +387,10 @@ static status_t build_idr_payload(private_ike_sa_init_responded_t *this, id_payl
 static status_t build_sa_payload(private_ike_sa_init_responded_t *this, sa_payload_t *request, message_t *response)
 {
 	child_proposal_t *proposal;
-	linked_list_t *proposal_list, *dummy_list;
+	linked_list_t *proposal_list;
 	sa_payload_t *sa_response;
+	protocol_id_t proto;
 	
-	POS;
 	/* TODO: fix mem */
 	/* TODO: child sa stuff */
 	
@@ -404,21 +404,37 @@ static status_t build_sa_payload(private_ike_sa_init_responded_t *this, sa_paylo
 		response->add_payload(response, (payload_t*)sa_response);
 		return SUCCESS;
 	}
+
 	/* now select a proposal */
+	this->logger->log(this->logger, CONTROL|LEVEL1, "Selecting proposals:");
 	proposal = this->sa_config->select_proposal(this->sa_config, proposal_list);
 	if (proposal == NULL)
 	{
-		POS;
 		this->logger->log(this->logger, AUDIT, "IKE_AUTH request did not contain any proposals we accept. Deleting IKE_SA");
 		this->ike_sa->send_notify(this->ike_sa, IKE_AUTH, NO_PROPOSAL_CHOSEN, CHUNK_INITIALIZER);
 		return DELETE_ME;	
 	}
+	for (proto = AH; proto <= ESP; proto++)
+	{
+		transform_type_t types[] = {ENCRYPTION_ALGORITHM, INTEGRITY_ALGORITHM, DIFFIE_HELLMAN_GROUP, EXTENDED_SEQUENCE_NUMBERS};
+		mapping_t *mappings[] = {encryption_algorithm_m, integrity_algorithm_m, diffie_hellman_group_m, extended_sequence_numbers_m};
+		algorithm_t *algo;
+		int i;
+		for (i = 0; i<sizeof(types)/sizeof(transform_type_t); i++)
+		{
+			if (proposal->get_algorithm(proposal, proto, types[i], &algo))
+			{
+				this->logger->log(this->logger, CONTROL|LEVEL1, "%s: using %s %s (keysize: %d)",
+									mapping_find(protocol_id_m, proto),
+									mapping_find(transform_type_m, types[i]),
+									mapping_find(mappings[i], algo->algorithm),
+									algo->key_size);
+			}
+		}
+	}
 	
-	/* we need a dummy list to build an sa payload from ONE proposal */
-	dummy_list = linked_list_create();
-	dummy_list->insert_last(dummy_list, (void*)proposal);
-	sa_response = sa_payload_create_from_child_proposals(dummy_list);
-	dummy_list->destroy(dummy_list);
+	/* create payload with selected propsal */
+	sa_response = sa_payload_create_from_child_proposal(proposal);
 	response->add_payload(response, (payload_t*)sa_response);
 	
 	return SUCCESS;
diff --git a/Source/charon/testcases/child_proposal_test.c b/Source/charon/testcases/child_proposal_test.c
index e1ca7de52..f0944df8d 100644
--- a/Source/charon/testcases/child_proposal_test.c
+++ b/Source/charon/testcases/child_proposal_test.c
@@ -35,6 +35,8 @@ void test_child_proposal(protected_tester_t *tester)
 {
 	child_proposal_t *proposal1, *proposal2, *proposal3;
 	iterator_t *iterator;
+	algorithm_t *algo;
+	bool result;
 
 	proposal1 = child_proposal_create(1);
 	proposal1->add_algorithm(proposal1, ESP, ENCRYPTION_ALGORITHM, ENCR_3DES, 0);
@@ -50,29 +52,28 @@ void test_child_proposal(protected_tester_t *tester)
 	proposal2->add_algorithm(proposal2, ESP, ENCRYPTION_ALGORITHM, ENCR_3IDEA, 0);
 	proposal2->add_algorithm(proposal2, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
 	proposal2->add_algorithm(proposal2, ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20);
-	//proposal1->add_algorithm(proposal2, AH, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
+	proposal1->add_algorithm(proposal2, AH, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
 	
 	/* ah and esp prop */
 	proposal3 = proposal1->select(proposal1, proposal2);
 	tester->assert_false(tester, proposal3 == NULL, "proposal select");
 	if (proposal3)
 	{
-		iterator = proposal3->create_algorithm_iterator(proposal3, ESP, ENCRYPTION_ALGORITHM);
-		tester->assert_false(tester, iterator == NULL, "encryption algo select");
-		while(iterator->has_next(iterator))
-		{
-			algorithm_t *algo;
-			iterator->current(iterator, (void**)&algo);
-			tester->assert_true(tester, algo->algorithm == ENCR_AES_CBC, "encryption algo");
-			tester->assert_true(tester, algo->key_size == 16, "encryption keylen");
-		}
-		iterator->destroy(iterator);
+		result = proposal3->get_algorithm(proposal3, ESP, ENCRYPTION_ALGORITHM, &algo);
+		tester->assert_true(tester, result, "encryption algo select");
+		tester->assert_true(tester, algo->algorithm == ENCR_AES_CBC, "encryption algo");
+		tester->assert_true(tester, algo->key_size == 16, "encryption keylen");
+		
+		
+		result = proposal3->get_algorithm(proposal3, ESP, INTEGRITY_ALGORITHM, &algo);
+		tester->assert_true(tester, result, "integrity algo select");
+		tester->assert_true(tester, algo->algorithm == AUTH_HMAC_MD5_96, "integrity algo");
+		tester->assert_true(tester, algo->key_size == 20, "integrity keylen");
 		
 		iterator = proposal3->create_algorithm_iterator(proposal3, ESP, INTEGRITY_ALGORITHM);
 		tester->assert_false(tester, iterator == NULL, "integrity algo select");
 		while(iterator->has_next(iterator))
 		{
-			algorithm_t *algo;
 			iterator->current(iterator, (void**)&algo);
 			tester->assert_true(tester, algo->algorithm == AUTH_HMAC_MD5_96, "integrity algo");
 			tester->assert_true(tester, algo->key_size == 20, "integrity keylen");
@@ -83,7 +84,6 @@ void test_child_proposal(protected_tester_t *tester)
 		tester->assert_false(tester, iterator == NULL, "dh group algo select");
 		while(iterator->has_next(iterator))
 		{
-			algorithm_t *algo;
 			iterator->current(iterator, (void**)&algo);
 			tester->assert_true(tester, algo->algorithm == MODP_1024_BIT, "dh group algo");
 			tester->assert_true(tester, algo->key_size == 0, "dh gorup keylen");
diff --git a/Source/charon/testcases/generator_test.c b/Source/charon/testcases/generator_test.c
index 8da86e75a..c249e82cc 100644
--- a/Source/charon/testcases/generator_test.c
+++ b/Source/charon/testcases/generator_test.c
@@ -680,7 +680,7 @@ void test_generator_with_sa_payload(protected_tester_t *tester)
 	list->insert_last(list, (void*)child_proposal1);
 	list->insert_last(list, (void*)child_proposal2);
 	
-	sa_payload = sa_payload_create_from_child_proposals(list);
+	sa_payload = sa_payload_create_from_child_proposal_list(list);
 	tester->assert_true(tester,(sa_payload != NULL), "sa_payload create check");
 
 	generator->generate_payload(generator,(payload_t *)sa_payload);
diff --git a/Source/charon/testcases/sa_config_test.c b/Source/charon/testcases/sa_config_test.c
index aada26ca2..8fe624eb2 100644
--- a/Source/charon/testcases/sa_config_test.c
+++ b/Source/charon/testcases/sa_config_test.c
@@ -38,7 +38,8 @@ void test_sa_config(protected_tester_t *tester)
 	sa_config_t *sa_config;	
 	traffic_selector_t *ts_policy[3], *ts_request[4], *ts_reference[3], **ts_result;
 	child_proposal_t *proposal1, *proposal2, *proposal3, *proposal_sel;
-	linked_list_t *list;
+	linked_list_t *proposals_list;
+	iterator_t *iterator;
 	size_t count;
 	logger_t *logger;
 	ts_payload_t *ts_payload;
@@ -78,12 +79,54 @@ void test_sa_config(protected_tester_t *tester)
 	sa_config->add_proposal(sa_config, proposal3);
 
 	
-	list = sa_config->get_proposals(sa_config);
-	tester->assert_true(tester, (list->get_count(list) == 3), "proposal count");
+	proposals_list = sa_config->get_proposals(sa_config);
+	tester->assert_true(tester, (proposals_list->get_count(proposals_list) == 3), "proposal count");
 	
 	
-	//proposal_sel = sa_config->select_proposal(sa_config, list);
+	proposals_list = linked_list_create();
+	proposal1 = child_proposal_create(1);
+	proposal1->add_algorithm(proposal1, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 32);
+	proposal2 = child_proposal_create(2);
+	proposal2->add_algorithm(proposal2, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
+	proposal2->add_algorithm(proposal2, ESP, ENCRYPTION_ALGORITHM, ENCR_3DES, 16);
+	proposal2->add_algorithm(proposal2, ESP, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 0);
+	proposal2->add_algorithm(proposal2, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
+	proposal2->add_algorithm(proposal2, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20);
+	
+	proposals_list->insert_last(proposals_list, proposal1);
+	proposals_list->insert_last(proposals_list, proposal2);
+	
+	proposal_sel = sa_config->select_proposal(sa_config, proposals_list);
+	tester->assert_false(tester, proposal_sel == NULL, "proposal select");
+	/* check ESP encryption algo */
+	iterator = proposal_sel->create_algorithm_iterator(proposal_sel, ESP, ENCRYPTION_ALGORITHM);
+	tester->assert_false(tester, iterator == NULL, "algorithm select ESP");
+	while (iterator->has_next(iterator))
+	{
+		algorithm_t *algo;
+		iterator->current(iterator, (void**)&algo);
+		tester->assert_true(tester, algo->algorithm == ENCR_3DES, "ESP encryption algo");
+		tester->assert_true(tester, algo->key_size == 16, "ESP encryption keysize");
+	}
+	iterator->destroy(iterator);
+	iterator = proposal_sel->create_algorithm_iterator(proposal_sel, AH, INTEGRITY_ALGORITHM);
+	/* check AH integrity algo */
+	tester->assert_false(tester, iterator == NULL, "algorithm select AH");
+	while (iterator->has_next(iterator))
+	{
+		algorithm_t *algo;
+		iterator->current(iterator, (void**)&algo);
+		tester->assert_true(tester, algo->algorithm == AUTH_HMAC_MD5_96, "ESP encryption algo");
+		tester->assert_true(tester, algo->key_size == 20, "ESP encryption keysize");
+	}
+	iterator->destroy(iterator);
+	
+	proposal_sel->destroy(proposal_sel);
 
+	/* cleanup */
+	proposal1->destroy(proposal1);
+	proposal1->destroy(proposal2);
+	proposals_list->destroy(proposals_list);
 	
 	/* 
 	 * test traffic selection getting and matching 
diff --git a/Source/charon/utils/logger_manager.c b/Source/charon/utils/logger_manager.c
index f7f9db592..13f8e49ee 100644
--- a/Source/charon/utils/logger_manager.c
+++ b/Source/charon/utils/logger_manager.c
@@ -175,6 +175,7 @@ static logger_t *create_logger(private_logger_manager_t *this, logger_context_t
 			log_thread_ids = TRUE;
 			break;
 		case IKE_SA:
+			logger_level |= LEVEL1;
 			log_thread_ids = TRUE;
 			break;
 		case CONFIGURATION_MANAGER: