diff options
| author | Jan Hutter <jhutter@hsr.ch> | 2005-12-12 08:44:35 +0000 |
|---|---|---|
| committer | Jan Hutter <jhutter@hsr.ch> | 2005-12-12 08:44:35 +0000 |
| commit | 7fa8decb78f5062a124fd0d37ba51360100f9bfa (patch) | |
| tree | bfdf7f87e13aa75a944c888543453708e3065325 /Source | |
| parent | 6329a2575072d34eb546a62520a34129166def9c (diff) | |
| download | strongswan-7fa8decb78f5062a124fd0d37ba51360100f9bfa.tar.bz2 strongswan-7fa8decb78f5062a124fd0d37ba51360100f9bfa.tar.xz | |
- added todo's
Diffstat (limited to 'Source')
| -rw-r--r-- | Source/charon/config/init_config.h | 3 | ||||
| -rw-r--r-- | Source/charon/config/sa_config.c | 30 | ||||
| -rw-r--r-- | Source/charon/config/sa_config.h | 3 | ||||
| -rw-r--r-- | Source/charon/daemon.c | 2 | ||||
| -rw-r--r-- | Source/charon/encoding/payloads/sa_payload.c | 10 | ||||
| -rw-r--r-- | Source/charon/encoding/payloads/sa_payload.h | 2 | ||||
| -rw-r--r-- | Source/charon/sa/states/ike_sa_init_responded.c | 8 | ||||
| -rw-r--r-- | Source/charon/testcases/testcases.c | 4 |
8 files changed, 49 insertions, 13 deletions
diff --git a/Source/charon/config/init_config.h b/Source/charon/config/init_config.h index 02a5f7f53..14ffeeee8 100644 --- a/Source/charon/config/init_config.h +++ b/Source/charon/config/init_config.h @@ -37,6 +37,9 @@ typedef struct ike_proposal_t ike_proposal_t; /** * @brief Represents a Proposal used in IKE_SA_INIT phase. * + * @todo Currently the amount of tranforms with same type in a IKE proposal is limited to 1. + * Support of more transforms with same type has to be added. + * * @ingroup config */ struct ike_proposal_t { diff --git a/Source/charon/config/sa_config.c b/Source/charon/config/sa_config.c index 9f409ec6d..1009c84e0 100644 --- a/Source/charon/config/sa_config.c +++ b/Source/charon/config/sa_config.c @@ -25,6 +25,7 @@ #include <utils/linked_list.h> #include <utils/allocator.h> #include <utils/identification.h> +#include <utils/logger.h> typedef struct private_sa_config_t private_sa_config_t; @@ -242,27 +243,56 @@ static child_proposal_t *select_proposal(private_sa_config_t *this, u_int8_t ah_ iterator_t *iterator; child_proposal_t *current_proposal, *selected_proposal; int i; +/* logger_t *logger = logger_create("SA Config",FULL,FALSE,stdout); */ + /* iterate over all stored proposals */ iterator = this->proposals->create_iterator(this->proposals, TRUE); while (iterator->has_next(iterator)) { iterator->current(iterator, (void**)¤t_proposal); + /* + logger->log(logger,FULL,"ESP integrity algorithm: %s, keylength: %d", mapping_find(integrity_algorithm_m,current_proposal->esp.integrity_algorithm),current_proposal->esp.integrity_algorithm_key_size); + logger->log(logger,FULL,"ESP diffie_hellman_group: %s", mapping_find(diffie_hellman_group_m,current_proposal->esp.diffie_hellman_group)); + logger->log(logger,FULL,"ESP extended_sequence_numbers: %s", mapping_find(extended_sequence_numbers_m,current_proposal->esp.extended_sequence_numbers)); + logger->log(logger,FULL,"ESP encryption_algorithm: %s keylength: %d", mapping_find(encryption_algorithm_m,current_proposal->esp.encryption_algorithm),current_proposal->esp.encryption_algorithm_key_size); +*/ + + /* copy and break if a proposal matches */ for (i = 0; i < count; i++) { +/* if (supplied[i].esp.is_set) + { + logger->log(logger,FULL,"ESP integrity algorithm: %s, keylength: %d", mapping_find(integrity_algorithm_m,supplied[i].esp.integrity_algorithm),supplied[i].esp.integrity_algorithm_key_size); + logger->log(logger,FULL,"ESP diffie_hellman_group: %s", mapping_find(diffie_hellman_group_m,supplied[i].esp.diffie_hellman_group)); + logger->log(logger,FULL,"ESP extended_sequence_numbers: %s", mapping_find(extended_sequence_numbers_m,supplied[i].esp.extended_sequence_numbers)); + logger->log(logger,FULL,"ESP encryption_algorithm: %s keylength: %d", mapping_find(encryption_algorithm_m,supplied[i].esp.encryption_algorithm),supplied[i].esp.encryption_algorithm_key_size); + } + + if (supplied[i].ah.is_set) + { + logger->log(logger,FULL,"AH integrity algorithm: %s, keylength: %d", mapping_find(integrity_algorithm_m,supplied[i].ah.integrity_algorithm),supplied[i].ah.integrity_algorithm_key_size); + logger->log(logger,FULL,"AH diffie_hellman_group: %s", mapping_find(diffie_hellman_group_m,supplied[i].ah.diffie_hellman_group)); + logger->log(logger,FULL,"AH extended_sequence_numbers: %s", mapping_find(extended_sequence_numbers_m,supplied[i].ah.extended_sequence_numbers)); + }*/ + + if (this->proposal_equals(this, &(supplied[i]), current_proposal)) { selected_proposal = allocator_alloc(sizeof(child_proposal_t)); *selected_proposal = *current_proposal; memcpy(selected_proposal->ah.spi, ah_spi, 4); memcpy(selected_proposal->ah.spi, esp_spi, 4); +/* logger->destroy(logger);*/ iterator->destroy(iterator); return selected_proposal; } } } iterator->destroy(iterator); + +/* logger->destroy(logger); */ return NULL; } diff --git a/Source/charon/config/sa_config.h b/Source/charon/config/sa_config.h index af9159076..a2cc3f897 100644 --- a/Source/charon/config/sa_config.h +++ b/Source/charon/config/sa_config.h @@ -42,6 +42,9 @@ typedef struct child_proposal_t child_proposal_t; * A proposal for a child sa contains data for * AH, ESP, or both. * + * @todo Currently the amount of tranforms with same type in a proposal is limited to 1. + * Support of more transforms with same type has to be added. + * * @ingroup config */ struct child_proposal_t { diff --git a/Source/charon/daemon.c b/Source/charon/daemon.c index 2d23b58fe..6623d57ea 100644 --- a/Source/charon/daemon.c +++ b/Source/charon/daemon.c @@ -162,7 +162,7 @@ static void build_test_jobs(private_daemon_t *this) for(i = 0; i<1; i++) { initiate_ike_sa_job_t *initiate_job; - initiate_job = initiate_ike_sa_job_create("localhost"); + initiate_job = initiate_ike_sa_job_create("pinflb30"); this->public.event_queue->add_relative(this->public.event_queue, (job_t*)initiate_job, i * 5000); } } diff --git a/Source/charon/encoding/payloads/sa_payload.c b/Source/charon/encoding/payloads/sa_payload.c index d2bfc9c17..0cae8948f 100644 --- a/Source/charon/encoding/payloads/sa_payload.c +++ b/Source/charon/encoding/payloads/sa_payload.c @@ -278,9 +278,8 @@ static status_t get_ike_proposals (private_sa_payload_t *this,ike_proposal_t ** iterator->current(iterator,(void **)&(current_proposal)); if (current_proposal->get_protocol_id(current_proposal) == IKE) { - /* a ike proposal consists of 4 transforms and an empty spi*/ - if ((current_proposal->get_transform_count(current_proposal) != 4) || - (current_proposal->get_spi_size(current_proposal) != 0)) + /* a ike proposal consists of an empty spi*/ + if (current_proposal->get_spi_size(current_proposal) != 0) { iterator->destroy(iterator); return FAILED; @@ -445,10 +444,13 @@ static status_t get_child_proposals (private_sa_payload_t *this,child_proposal_t current_suite_number = 1; tmp_proposals[current_suite_number - 1].ah.extended_sequence_numbers = NO_EXT_SEQ_NUMBERS; tmp_proposals[current_suite_number - 1].ah.diffie_hellman_group = MODP_UNDEFINED; - + tmp_proposals[current_suite_number - 1].ah.integrity_algorithm = AUTH_UNDEFINED; + tmp_proposals[current_suite_number - 1].ah.is_set = FALSE; + tmp_proposals[current_suite_number - 1].esp.integrity_algorithm = AUTH_UNDEFINED; tmp_proposals[current_suite_number - 1].esp.diffie_hellman_group = MODP_UNDEFINED; tmp_proposals[current_suite_number - 1].esp.extended_sequence_numbers = NO_EXT_SEQ_NUMBERS; + tmp_proposals[current_suite_number - 1].esp.is_set = FALSE; /* create from each proposal_substructure a child_proposal_t data area*/ while (iterator->has_next(iterator)) diff --git a/Source/charon/encoding/payloads/sa_payload.h b/Source/charon/encoding/payloads/sa_payload.h index 1dbb5a83a..8c4f5d530 100644 --- a/Source/charon/encoding/payloads/sa_payload.h +++ b/Source/charon/encoding/payloads/sa_payload.h @@ -56,6 +56,8 @@ typedef struct sa_payload_t sa_payload_t; * - sa_payload_create_from_ike_proposals() * - sa_payload_create_from_child_proposal() * + * @todo Add support of algorithms without specified keylength in get_child_proposals and get_ike_proposals. + * * @ingroup payloads */ struct sa_payload_t { diff --git a/Source/charon/sa/states/ike_sa_init_responded.c b/Source/charon/sa/states/ike_sa_init_responded.c index 9e4efaf21..e938de3cc 100644 --- a/Source/charon/sa/states/ike_sa_init_responded.c +++ b/Source/charon/sa/states/ike_sa_init_responded.c @@ -447,7 +447,8 @@ static status_t build_auth_payload(private_ike_sa_init_responded_t *this, auth_p if (status != SUCCESS) { this->logger->log(this->logger, AUDIT, "IKE_AUTH request verification failed. Deleting IKE_SA"); - this->ike_sa->send_notify(this->ike_sa, IKE_AUTH, AUTHENTICATION_FAILED, CHUNK_INITIALIZER); + this->ike_sa->send_notify(this->ike_sa, IKE_AUTH, AUTHENTICATION_FAILED, CHUNK_INITIALIZER); + authenticator->destroy(authenticator); return DELETE_ME; } @@ -522,11 +523,6 @@ static status_t process_notify_payload(private_ike_sa_init_responded_t *this, no mapping_find(notify_message_type_m, notify_message_type), mapping_find(protocol_id_m, notify_payload->get_protocol_id(notify_payload))); - if (notify_payload->get_protocol_id(notify_payload) != IKE) - { - this->logger->log(this->logger, AUDIT, "IKE_AUTH request contained a notify for an invalid protocol."); - return DELETE_ME; - } switch (notify_message_type) { case SET_WINDOW_SIZE: diff --git a/Source/charon/testcases/testcases.c b/Source/charon/testcases/testcases.c index 2db6b2312..a06a1333b 100644 --- a/Source/charon/testcases/testcases.c +++ b/Source/charon/testcases/testcases.c @@ -246,8 +246,8 @@ int main() tester_t *tester = tester_create(test_output, FALSE); - tester->perform_tests(tester,all_tests); -// tester->perform_test(tester,&rsa_test); +// tester->perform_tests(tester,all_tests); + tester->perform_test(tester,&linked_list_insert_and_remove_test); tester->destroy(tester); |