diff options
| -rw-r--r-- | Source/charon/configuration_manager.c | 14 | ||||
| -rw-r--r-- | Source/charon/configuration_manager.h | 7 | ||||
| -rw-r--r-- | Source/charon/daemon.c | 4 | ||||
| -rw-r--r-- | Source/charon/ike_sa.c | 196 | ||||
| -rw-r--r-- | Source/charon/message.c | 7 | ||||
| -rw-r--r-- | Source/charon/message.h | 2 |
6 files changed, 179 insertions, 51 deletions
diff --git a/Source/charon/configuration_manager.c b/Source/charon/configuration_manager.c index 81b1303f2..723d1946a 100644 --- a/Source/charon/configuration_manager.c +++ b/Source/charon/configuration_manager.c @@ -31,7 +31,6 @@ #include "payloads/nonce_payload.h" #include "payloads/proposal_substructure.h" #include "payloads/ke_payload.h" -#include "payloads/transform_substructure.h" #include "payloads/transform_attribute.h" /** @@ -238,6 +237,17 @@ static status_t select_proposals_for_host(private_configuration_manager_t *this, return FAILED; } +static status_t is_dh_group_allowed_for_host(private_configuration_manager_t *this, host_t *host, diffie_hellman_group_t group, bool *allowed) +{ + if (group == MODP_768_BIT || + group == MODP_1024_BIT) + { + *allowed = TRUE; + } + *allowed = FALSE; + return SUCCESS; +} + /** * Implements function destroy of configuration_t. @@ -266,7 +276,7 @@ configuration_manager_t *configuration_manager_create() this->public.get_local_host = (status_t(*)(configuration_manager_t*,char*,host_t**))get_local_host; this->public.get_proposals_for_host = (status_t(*)(configuration_manager_t*,host_t*,linked_list_iterator_t*))get_proposals_for_host; this->public.select_proposals_for_host = (status_t(*)(configuration_manager_t*,host_t*,linked_list_iterator_t*,linked_list_iterator_t*))select_proposals_for_host; - + this->public.is_dh_group_allowed_for_host = (status_t(*)(configuration_manager_t*,host_t*,diffie_hellman_group_t,bool*)) is_dh_group_allowed_for_host; return (&this->public); } diff --git a/Source/charon/configuration_manager.h b/Source/charon/configuration_manager.h index bbbad63ad..7f917ff88 100644 --- a/Source/charon/configuration_manager.h +++ b/Source/charon/configuration_manager.h @@ -26,6 +26,7 @@ #include "types.h" #include "utils/linked_list.h" #include "utils/host.h" +#include "payloads/transform_substructure.h" /** * @brief Manages all configuration aspects of the daemon. @@ -41,8 +42,10 @@ struct configuration_manager_s { status_t (*get_proposals_for_host) (configuration_manager_t *this, host_t *host, linked_list_iterator_t *list); - status_t (*select_proposals_for_host) (configuration_manager_t *this, host_t *host, linked_list_iterator_t *in, linked_list_iterator_t *out); - + status_t (*select_proposals_for_host) (configuration_manager_t *this, host_t *host, linked_list_iterator_t *in, linked_list_iterator_t *out); + + status_t (*is_dh_group_allowed_for_host) (configuration_manager_t *this, host_t *host, diffie_hellman_group_t group, bool *allowed); + status_t (*destroy) (configuration_manager_t *this); }; diff --git a/Source/charon/daemon.c b/Source/charon/daemon.c index 559b478cf..c30459ed8 100644 --- a/Source/charon/daemon.c +++ b/Source/charon/daemon.c @@ -141,11 +141,11 @@ int main() } int i; - for(i = 0; i<10; i++) + for(i = 0; i<1; i++) { initiate_ike_sa_job_t *initiate_job; - initiate_job = initiate_ike_sa_job_create("pinflb31"); + initiate_job = initiate_ike_sa_job_create("pinflb30"); global_event_queue->add_relative(global_event_queue, (job_t*)initiate_job, i * 1000); } diff --git a/Source/charon/ike_sa.c b/Source/charon/ike_sa.c index 5e5ca2249..9a133814b 100644 --- a/Source/charon/ike_sa.c +++ b/Source/charon/ike_sa.c @@ -25,10 +25,12 @@ #include "types.h" #include "globals.h" +#include "definitions.h" #include "utils/allocator.h" #include "utils/linked_list.h" #include "utils/logger_manager.h" #include "utils/randomizer.h" +#include "transforms/diffie_hellman.h" #include "payloads/sa_payload.h" #include "payloads/nonce_payload.h" #include "payloads/ke_payload.h" @@ -72,6 +74,18 @@ enum ike_sa_state_e { IKE_SA_INITIALIZED = 5 }; +/** + * string mappings for ike_sa_state + */ +mapping_t ike_sa_state_m[] = { + {NO_STATE, "NO_STATE"}, + {IKE_SA_INIT_REQUESTED, "IKE_SA_INIT_REQUESTED"}, + {IKE_SA_INIT_RESPONDED, "IKE_SA_INIT_RESPONDED"}, + {IKE_AUTH_REQUESTED, "IKE_AUTH_REQUESTED"}, + {IKE_SA_INITIALIZED, "IKE_SA_INITIALIZED"}, + {MAPPING_END, NULL} +}; + /** * Private data of an message_t object @@ -88,6 +102,9 @@ struct private_ike_sa_s { status_t (*build_sa_payload) (private_ike_sa_t *this, sa_payload_t **payload); status_t (*build_nonce_payload) (private_ike_sa_t *this, nonce_payload_t **payload); status_t (*build_ke_payload) (private_ike_sa_t *this, ke_payload_t **payload); + + status_t (*transto_ike_sa_init_responded) (private_ike_sa_t *this, message_t *message); + status_t (*transto_ike_auth_requested) (private_ike_sa_t *this, message_t *message); /* Private values */ /** @@ -103,7 +120,7 @@ struct private_ike_sa_s { /** * Current state of the IKE_SA */ - ike_sa_state_t current_state; + ike_sa_state_t state; /** * is this IKE_SA the original initiator of this IKE_SA @@ -125,6 +142,8 @@ struct private_ike_sa_s { host_t *host; } other; + diffie_hellman_t *diffie_hellman; + /** * a logger for this IKE_SA */ @@ -135,54 +154,136 @@ struct private_ike_sa_s { * @brief implements function process_message of private_ike_sa_t */ static status_t process_message (private_ike_sa_t *this, message_t *message) +{ + this->logger->log(this->logger, CONTROL|MORE, "Process message of exchange type %s", + mapping_find(exchange_type_m,message->get_exchange_type(message))); + + switch (message->get_exchange_type(message)) + { + case IKE_SA_INIT: + { + if (message->get_request(message)) { + if (this->state == NO_STATE) + { + /* state transission NO_STATE => IKE_SA_INIT_RESPONDED */ + return this->transto_ike_sa_init_responded(this, message); + } + } + else + { + if (this->state == IKE_SA_INIT_REQUESTED) + { + /* state transission IKE_SA_INIT_REQUESTED => IKE_AUTH_REQUESTED*/ + return this->transto_ike_auth_requested(this, message); + } + } + break; + } + case IKE_AUTH: + { + /* break; */ + } + case CREATE_CHILD_SA: + { + /* break; */ + } + case INFORMATIONAL: + { + /* break; */ + } + default: + { + this->logger->log(this->logger, ERROR, "processing %s-message not supported.", + mapping_find(exchange_type_m,message->get_exchange_type(message))); + return NOT_SUPPORTED; + } + } + this->logger->log(this->logger, ERROR, "received %s-message in state %s, rejected.", + mapping_find(exchange_type_m, message->get_exchange_type(message)), + mapping_find(ike_sa_state_m, this->state)); + return INVALID_STATE; +} + + +static status_t transto_ike_sa_init_responded(private_ike_sa_t *this, message_t *message) { status_t status; - /* @TODO Add Message Processing here */ + linked_list_iterator_t *payloads; - this->logger->log(this->logger, CONTROL|MORE, "Process message of exchange type %s",mapping_find(exchange_type_m,message->get_exchange_type(message))); - - /* parse body */ status = message->parse_body(message); - switch (status) + if (status != SUCCESS) { - case SUCCESS: - { - break; - } - default: - { - this->logger->log(this->logger, ERROR, "Error of type %s while parsing message body",mapping_find(status_m,status)); - switch (this->current_state) - { - case NO_STATE: - { - job_t *delete_job; - /* create delete job for this ike_sa */ - delete_job = (job_t *) delete_ike_sa_job_create(this->ike_sa_id); - if (delete_job == NULL) - { - this->logger->log(this->logger, ERROR, "Job to delete IKE SA could not be created"); - } - - status = global_job_queue->add(global_job_queue,delete_job); - if (status != SUCCESS) - { - this->logger->log(this->logger, ERROR, "%s Job to delete IKE SA could not be added to job queue",mapping_find(status_m,status)); - delete_job->destroy_all(delete_job); - } - - } - default: - { - break; - } - } - - return FAILED; - } + return status; + } + + status = message->get_payload_iterator(message, &payloads); + if (status != SUCCESS) + { + return status; } - - return status; + while (payloads->has_next(payloads)) + { + payload_t *payload; + payloads->current(payloads, (void**)payload); + switch (payload->get_type(payload)) + { + case SECURITY_ASSOCIATION: + { + sa_payload_t *sa_payload; + linked_list_iterator_t *proposals; + + sa_payload = (sa_payload_t*)payload; + status = sa_payload->create_proposal_substructure_iterator(sa_payload, &proposals, TRUE); + if (status != SUCCESS) + { + payloads->destroy(payloads); + return status; + } + //global_configuration_manager->select_prop + + break; + } + case KEY_EXCHANGE: + { + break; + } + case NONCE: + { + break; + } + default: + { + + } + + } + + } + + + + + + /* + job_t *delete_job; + delete_job = (job_t *) delete_ike_sa_job_create(this->ike_sa_id); + if (delete_job == NULL) + { + this->logger->log(this->logger, ERROR, "Job to delete IKE SA could not be created"); + } + + status = global_job_queue->add(global_job_queue,delete_job); + if (status != SUCCESS) + { + this->logger->log(this->logger, ERROR, "%s Job to delete IKE SA could not be added to job queue",mapping_find(status_m,status)); + delete_job->destroy_all(delete_job); + }*/ + return SUCCESS; +} + +static status_t transto_ike_auth_requested(private_ike_sa_t *this, message_t *message) +{ + return SUCCESS; } /** @@ -271,7 +372,7 @@ static status_t initialize_connection(private_ike_sa_t *this, char *name) message->destroy(message); - this->current_state = IKE_SA_INIT_REQUESTED; + this->state = IKE_SA_INIT_REQUESTED; return SUCCESS; } @@ -425,6 +526,10 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id) this->build_sa_payload = build_sa_payload; this->build_ke_payload = build_ke_payload; this->build_nonce_payload = build_nonce_payload; + + + this->transto_ike_sa_init_responded = transto_ike_sa_init_responded; + this->transto_ike_auth_requested = transto_ike_auth_requested; @@ -468,10 +573,11 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id) this->me.host = NULL; this->other.host = NULL; + this->diffie_hellman = NULL; /* at creation time, IKE_SA isn't in a specific state */ - this->current_state = NO_STATE; + this->state = NO_STATE; return (&this->public); } diff --git a/Source/charon/message.c b/Source/charon/message.c index 5d7e0eaa9..f290b837c 100644 --- a/Source/charon/message.c +++ b/Source/charon/message.c @@ -430,6 +430,12 @@ static status_t get_destination(private_message_t *this, host_t **host) } +static status_t get_payload_iterator(private_message_t *this, linked_list_iterator_t **iterator) +{ + return this->payloads->create_iterator(this->payloads, iterator, TRUE); +} + + /** * Implements message_t's generate function. * See #message_s.generate. @@ -776,6 +782,7 @@ message_t *message_create_from_packet(packet_t *packet) this->public.get_source = (status_t (*) (message_t*,host_t**)) get_source; this->public.set_destination = (status_t (*) (message_t*,host_t*)) set_destination; this->public.get_destination = (status_t (*) (message_t*,host_t**)) get_destination; + this->public.get_payload_iterator = (status_t (*) (message_t *, linked_list_iterator_t **)) get_payload_iterator; this->public.parse_header = (status_t (*) (message_t *)) parse_header; this->public.parse_body = (status_t (*) (message_t *)) parse_body; this->public.destroy = (status_t(*)(message_t*))destroy; diff --git a/Source/charon/message.h b/Source/charon/message.h index 009b435fc..6b022fd2c 100644 --- a/Source/charon/message.h +++ b/Source/charon/message.h @@ -27,6 +27,7 @@ #include "packet.h" #include "ike_sa_id.h" #include "payloads/ike_header.h" +#include "utils/linked_list.h" @@ -223,6 +224,7 @@ struct message_s { status_t (*set_source) (message_t *this, host_t *host); status_t (*get_destination) (message_t *this, host_t **host); status_t (*set_destination) (message_t *this, host_t *host); + status_t (*get_payload_iterator) (message_t *this, linked_list_iterator_t **iterator); /** * @brief Destroys a message and all including objects |