diff options
| -rw-r--r-- | Source/charon/config/Makefile.config | 6 | ||||
| -rw-r--r-- | Source/charon/config/sa_config.c | 293 | ||||
| -rw-r--r-- | Source/charon/config/sa_config.h | 216 | ||||
| -rw-r--r-- | Source/charon/network/host.c | 25 | ||||
| -rw-r--r-- | Source/charon/network/host.h | 9 | ||||
| -rw-r--r-- | Source/charon/sa/states/ike_sa_init_requested.c | 2 | ||||
| -rw-r--r-- | Source/charon/sa/states/ike_sa_init_responded.c | 174 | ||||
| -rw-r--r-- | Source/charon/utils/Makefile.utils | 4 | ||||
| -rw-r--r-- | Source/charon/utils/allocator.c | 39 | ||||
| -rw-r--r-- | Source/charon/utils/allocator.h | 37 | ||||
| -rw-r--r-- | Source/charon/utils/identification.c | 189 | ||||
| -rw-r--r-- | Source/charon/utils/identification.h | 114 |
12 files changed, 1040 insertions, 68 deletions
diff --git a/Source/charon/config/Makefile.config b/Source/charon/config/Makefile.config index 1333a24eb..b575e1f9e 100644 --- a/Source/charon/config/Makefile.config +++ b/Source/charon/config/Makefile.config @@ -18,7 +18,11 @@ CONFIG_DIR= $(MAIN_DIR)config/ OBJS+= $(BUILD_DIR)configuration_manager.o $(BUILD_DIR)configuration_manager.o : $(CONFIG_DIR)configuration_manager.c $(CONFIG_DIR)configuration_manager.h $(CC) $(CFLAGS) -c -o $@ $< - + OBJS+= $(BUILD_DIR)init_config.o $(BUILD_DIR)init_config.o : $(CONFIG_DIR)init_config.c $(CONFIG_DIR)init_config.h $(CC) $(CFLAGS) -c -o $@ $< + +OBJS+= $(BUILD_DIR)sa_config.o +$(BUILD_DIR)sa_config.o : $(CONFIG_DIR)sa_config.c $(CONFIG_DIR)sa_config.h + $(CC) $(CFLAGS) -c -o $@ $< diff --git a/Source/charon/config/sa_config.c b/Source/charon/config/sa_config.c index e69de29bb..deee85bde 100644 --- a/Source/charon/config/sa_config.c +++ b/Source/charon/config/sa_config.c @@ -0,0 +1,293 @@ +/** + * @file sa_config.c + * + * @brief Implementation of sa_config_t. + * + */ + +/* + * Copyright (C) 2005 Jan Hutter, Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "sa_config.h" + +#include <utils/linked_list.h> +#include <utils/allocator.h> + +typedef struct private_sa_config_t private_sa_config_t; + +/** + * Private data of an sa_config_t object + */ +struct private_sa_config_t { + + /** + * Public part + */ + sa_config_t public; + + /** + * id to use to identify us + */ + identification_t *my_id; + + /** + * allowed id for other + */ + identification_t *other_id; + + /** + * authentification method to use + */ + auth_method_t auth_method; + + /** + * list for all proposals + */ + linked_list_t *proposals; + + /** + * list for traffic selectors + */ + linked_list_t *ts; + + /** + * compare two traffic_selectors for equality + */ + bool (*traffic_selector_equals) (private_sa_config_t *this, traffic_selector_t *first, traffic_selector_t *second); + + /** + * compare two proposals for equality + */ + bool (*proposal_equals) (private_sa_config_t *this, child_proposal_t *first, child_proposal_t *second); +}; + + +static identification_t *get_my_id(private_sa_config_t *this) +{ + return this->my_id; +} + +static identification_t *get_other_id(private_sa_config_t *this) +{ + return this->other_id; +} + +static auth_method_t get_auth_method(private_sa_config_t *this) +{ + return this->auth_method; +} + +static size_t get_traffic_selectors(private_sa_config_t *this, traffic_selector_t **traffic_selectors) +{ + iterator_t *iterator; + traffic_selector_t *current_ts; + int counter = 0; + *traffic_selectors = allocator_alloc(sizeof(traffic_selector_t) * this->ts->get_count(this->ts)); + + /* copy all ts from the list in an array */ + iterator = this->ts->create_iterator(this->ts, TRUE); + while (iterator->has_next(iterator)) + { + iterator->current(iterator, (void**)¤t_ts); + memcpy((*traffic_selectors) + counter, current_ts, sizeof(traffic_selector_t)); + counter++; + } + iterator->destroy(iterator); + return counter; +} + +static size_t select_traffic_selectors(private_sa_config_t *this, traffic_selector_t *supplied, size_t count, traffic_selector_t **selected) +{ + iterator_t *iterator; + traffic_selector_t *current_ts; + int i, counter = 0; + *selected = allocator_alloc(sizeof(traffic_selector_t) * this->ts->get_count(this->ts)); + + /* iterate over all stored proposals */ + iterator = this->ts->create_iterator(this->ts, TRUE); + while (iterator->has_next(iterator)) + { + iterator->current(iterator, (void**)¤t_ts); + for (i = 0; i < count; i++) + { + /* copy if a supplied one is equal to ours */ + if (this->traffic_selector_equals(this, &(supplied[i]), current_ts)) + { + memcpy((*selected) + counter, current_ts, sizeof(traffic_selector_t)); + counter++; + } + } + } + iterator->destroy(iterator); + + /* free unused space */ + *selected = allocator_realloc(*selected, sizeof(traffic_selector_t) * counter); + return counter; +} + +static size_t get_proposals(private_sa_config_t *this, child_proposal_t **proposals) +{ + iterator_t *iterator; + child_proposal_t *current_proposal; + int counter = 0; + *proposals = allocator_alloc(sizeof(child_proposal_t) * this->proposals->get_count(this->proposals)); + + /* copy all proposals from the list in an array */ + iterator = this->proposals->create_iterator(this->proposals, TRUE); + while (iterator->has_next(iterator)) + { + iterator->current(iterator, (void**)¤t_proposal); + memcpy((*proposals) + counter, current_proposal, sizeof(child_proposal_t)); + counter++; + } + iterator->destroy(iterator); + return counter; +} + +static child_proposal_t *select_proposal(private_sa_config_t *this, child_proposal_t *supplied, size_t count) +{ + iterator_t *iterator; + child_proposal_t *current_proposal, *selected_proposal = NULL; + int i; + + /* iterate over all stored proposals */ + iterator = this->proposals->create_iterator(this->proposals, TRUE); + while (iterator->has_next(iterator)) + { + iterator->current(iterator, (void**)¤t_proposal); + /* copy and break if a proposal matches */ + for (i = 0; i < count; i++) + { + if (this->proposal_equals(this, &(supplied[i]), current_proposal)) + { + selected_proposal = allocator_alloc(sizeof(child_proposal_t)); + memcpy(selected_proposal, current_proposal, sizeof(child_proposal_t)); + break; + } + } + } + iterator->destroy(iterator); + + return selected_proposal; +} + +static bool traffic_selector_equals(private_sa_config_t *this, traffic_selector_t *first, traffic_selector_t *second) +{ + if (first->protocol == second->protocol) + { + if (first->begin->equals(first->begin, second->begin) && + first->end->equals(first->end, second->end)) + { + return TRUE; + + } + } + return FALSE; +} + +static bool proposal_equals(private_sa_config_t *this, child_proposal_t *first, child_proposal_t *second) +{ + if (first->ah.is_set && second->ah.is_set) + { + if ((first->ah.integrity_algorithm != second->ah.integrity_algorithm) || + (first->ah.key_size != second->ah.key_size)) + { + return FALSE; + } + } + else + { + return FALSE; + } + if (first->esp.is_set && second->esp.is_set) + { + if ((first->esp.encryption_algorithm != second->esp.encryption_algorithm) || + (first->esp.key_size != second->esp.key_size)) + { + return FALSE; + } + } + else + { + return FALSE; + } + return TRUE; +} + +static void add_traffic_selector(private_sa_config_t *this, traffic_selector_t *traffic_selector) +{ + this->ts->insert_last(this->ts, (void*)traffic_selector); +} + +static void add_proposal(private_sa_config_t *this, child_proposal_t *proposal) +{ + this->proposals->insert_last(this->ts, (void*)proposal); +} + +/** + * Implements sa_config_t.destroy. + */ +static status_t destroy(private_sa_config_t *this) +{ + child_proposal_t *proposal; + traffic_selector_t *traffic_selector; + + /* delete proposals */ + while(this->proposals->get_count(this->proposals) > 0) + { + this->proposals->remove_last(this->proposals, (void**)&proposal); + allocator_free(proposal); + } + this->proposals->destroy(this->proposals); + + /* delete traffic selectors */ + while(this->ts->get_count(this->ts) > 0) + { + this->ts->remove_last(this->ts, (void**)&traffic_selector); + allocator_free(traffic_selector); + } + this->ts->destroy(this->ts); + + allocator_free(this); + return SUCCESS; +} + +/* + * Described in header-file + */ +sa_config_t *sa_config_create() +{ + private_sa_config_t *this = allocator_alloc_thing(private_sa_config_t); + + /* public functions */ + this->public.get_my_id = (identification_t(*)(sa_config_t*))get_my_id; + this->public.get_other_id = (identification_t(*)(sa_config_t*))get_other_id; + this->public.get_auth_method = (auth_method_t(*)(sa_config_t*))get_auth_method; + this->public.get_traffic_selectors = (size_t(*)(sa_config_t*,traffic_selector_t**))get_traffic_selectors; + this->public.select_traffic_selectors = (size_t(*)(sa_config_t*,traffic_selector_t*,size_t,traffic_selector_t**))select_traffic_selectors; + this->public.get_proposals = (size_t(*)(sa_config_t*,child_proposal_t**))get_proposals; + this->public.select_proposal = (child_proposal_t*(*)(sa_config_t*,child_proposal_t*,size_t))select_proposal; + this->public.add_traffic_selector = (void(*)(sa_config_t*,traffic_selector_t*))add_traffic_selector; + this->public.add_proposal = (void(*)(sa_config_t*,child_proposal_t*))add_proposal; + this->public.destroy = (void(*)(sa_config_t*))destroy; + + /* private variables */ + this->proposal_equals = proposal_equals; + this->traffic_selector_equals = traffic_selector_equals; + this->proposals = linked_list_create(); + this->ts = linked_list_create(); + + return (&this->public); +} diff --git a/Source/charon/config/sa_config.h b/Source/charon/config/sa_config.h index 94d05e1ce..9d6cbea22 100644 --- a/Source/charon/config/sa_config.h +++ b/Source/charon/config/sa_config.h @@ -1,4 +1,220 @@ +/** + * @file sa_config.h + * + * @brief Interface of sa_config_t. + * + */ + +/* + * Copyright (C) 2005 Jan Hutter, Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + #ifndef _SA_CONFIG_H_ #define _SA_CONFIG_H_ +#include <types.h> +#include <utils/identification.h> +#include <encoding/payloads/auth_payload.h> +#include <network/host.h> +#include <transforms/crypters/crypter.h> +#include <transforms/signers/signer.h> + + +typedef struct child_proposal_t child_proposal_t; + +/** + * @brief Storage structure for a proposal for a child sa. + * + * A proposal for a child sa contains data for + * AH, ESP, or both. + * + * @ingroup config + */ +struct child_proposal_t { + + /** + * Data for AH, if set + */ + struct { + bool is_set; + integrity_algorithm_t integrity_algorithm; + size_t key_size; + } ah; + + /** + * data for ESP, if set + */ + struct { + bool is_set; + encryption_algorithm_t encryption_algorithm; + size_t key_size; + } esp; +}; + + +typedef struct traffic_selector_t traffic_selector_t; + +/** + * @brief Storage structure for a traffic selection. + * + * Specifies a protocol and a valid IP and port range. + * + * @ingroup config + */ +struct traffic_selector_t { + /** + * Protocol for which this ts applies (TCP/UDP/ICMP) + */ + u_int8_t protocol; + /** + * Start address and port for allowed range + */ + host_t *begin; + /** + * End address and port for allowed range + */ + host_t *end; +}; + + +typedef struct sa_config_t sa_config_t; + +/** + * @brief Stores configuration of an initialized connection. + * + * During the IKE_AUTH phase, we have enought data to specify a + * configuration. + * + * @warning This config is not thread save. + * + * @ingroup config + */ +struct sa_config_t { + + /** + * @brief Get own id to use for identification. + * + * @param this calling object + * @return own id + */ + identification_t (*get_my_id) (sa_config_t *this); + + /** + * @brief Get id of communication partner.. + * + * @param this calling object + * @return other id + */ + identification_t (*get_other_id) (sa_config_t *this); + + /** + * @brief Get authentication method to use for IKE_AUTH. + * + * @param this calling object + * @return authentication methood + */ + auth_method_t (*get_auth_method) (sa_config_t *this); + + /** + * @brief Get configured traffic selectors. + * + * @warning Resulting array must be freed! + * + * @param this calling object + * @param[out]traffic_selectors pointer where traffic selectors will be allocated + * @return number of returned traffic selectors + */ + size_t (*get_traffic_selectors) (sa_config_t *this, traffic_selector_t **traffic_selectors); + + /** + * @brief Select traffic selectors from a supplied list. + * + * @warning Resulting array must be freed! + * + * @param this calling object + * @param supplied pointer to an array of ts to select from. + * @param count number of ts stored at supplied + * @param[out]traffic_selectors pointer where selected traffic selectors will be allocated + * @return number of selected traffic selectors + */ + size_t (*select_traffic_selectors) (sa_config_t *this, traffic_selector_t *supplied, size_t count, traffic_selector_t **selected); + + /** + * @brief Get the list of proposals for this config. + * + * @warning Resulting array must be freed! + * + * @param this calling object + * @param[out]traffic_selectors pointer where proposals will be allocated + * @return number of allocated proposals + */ + size_t (*get_proposals) (sa_config_t *this, child_proposal_t **proposals); + + /** + * @brief Select a proposal from a supplied list + * + * @warning Resulting array must be freed! + * + * @param this calling object + * @param supplied pointer to an array of proposals to select from. + * @param count number of proposals stored at supplied + * @return the selected proposal + */ + child_proposal_t* (*select_proposal) (sa_config_t *this, child_proposal_t *supplied, size_t count); + + /** + * @brief Add a traffic selector to the list. + * + * Added proposal will be destroyed with config destruction. + * + * @warning Do not add while other threads are reading. + * + * @param this calling object + * @param traffic_selector traffic_selector to add + */ + void (*add_traffic_selector) (sa_config_t *this, traffic_selector_t *traffic_selector); + + /** + * @brief Add a proposal to the list. + * + * The proposals are stored by priority, first added + * is the most prefered. + * Added proposal will be destroyed with config destruction. + * + * @warning Do not add while other threads are reading. + * + * @param this calling object + * @param proposal proposal to add + */ + void (*add_proposal) (sa_config_t *this, child_proposal_t *proposal); + + /** + * @brief Destroys the config object + * + * + * @param this calling object + */ + void (*destroy) (sa_config_t *this); +}; + +/** + * @brief Create a configuration object for IKE_AUTH and later. + * + * @return created sa_config_t + * + * @ingroup config + */ +sa_config_t *sa_config_create(); + #endif //_SA_CONFIG_H_ diff --git a/Source/charon/network/host.c b/Source/charon/network/host.c index 43861238f..f78e7b810 100644 --- a/Source/charon/network/host.c +++ b/Source/charon/network/host.c @@ -153,6 +153,30 @@ static private_host_t *clone(private_host_t *this) } +/** + * Impelements host_t.equals + */ +static bool equals(private_host_t *this, private_host_t *other) +{ + switch (this->family) + { + /* IPv4 */ + case AF_INET: + { + struct sockaddr_in *sin1 = (struct sockaddr_in*)&(this->address); + struct sockaddr_in *sin2 = (struct sockaddr_in*)&(other->address); + if ((sin1->sin_family == sin2->sin_family) && + (sin1->sin_port == sin2->sin_port) && + (sin1->sin_addr.s_addr == sin2->sin_addr.s_addr)) + { + return TRUE; + } + } + } + return FALSE; +} + + /* * Described in header. */ @@ -200,6 +224,7 @@ host_t *host_create_from_chunk(int family, chunk_t address, u_int16_t port) this->public.get_address = (char* (*) (host_t *))get_address; this->public.get_address_as_chunk = (chunk_t (*) (host_t *)) get_address_as_chunk; this->public.get_port = (u_int16_t (*) (host_t *))get_port; + this->public.equals = (bool (*) (host_t *,host_t *))equals; this->public.destroy = (void (*) (host_t*))destroy; this->family = family; diff --git a/Source/charon/network/host.h b/Source/charon/network/host.h index fa06b1474..379eab02e 100644 --- a/Source/charon/network/host.h +++ b/Source/charon/network/host.h @@ -105,6 +105,15 @@ struct host_t { * @return port number */ u_int16_t (*get_port) (host_t *this); + + /** + * @brief Compare two hosts. + * + * @param this object to compare + * @param other the other to compare + * @return TRUE if port and address are equal + */ + bool (*equals) (host_t *this, host_t *other); /** * @brief Destroy this host object diff --git a/Source/charon/sa/states/ike_sa_init_requested.c b/Source/charon/sa/states/ike_sa_init_requested.c index dc68fb943..5f6679f63 100644 --- a/Source/charon/sa/states/ike_sa_init_requested.c +++ b/Source/charon/sa/states/ike_sa_init_requested.c @@ -352,7 +352,7 @@ static void build_id_payload (private_ike_sa_init_requested_t *this, payload_t * /* TODO configuration manager request */ id_payload->set_id_type(id_payload,ID_RFC822_ADDR); email.ptr = "moerdi@hsr.ch"; - email.len = strlen(email.ptr); + email.len = strlen(email.ptr)+1; this->logger->log_chunk(this->logger, CONTROL, "Moerdi",&email); id_payload->set_data(id_payload,email); diff --git a/Source/charon/sa/states/ike_sa_init_responded.c b/Source/charon/sa/states/ike_sa_init_responded.c index 34bc1dbda..cd44fafca 100644 --- a/Source/charon/sa/states/ike_sa_init_responded.c +++ b/Source/charon/sa/states/ike_sa_init_responded.c @@ -22,7 +22,12 @@ #include "ike_sa_init_responded.h" +#include <daemon.h> #include <utils/allocator.h> +#include <encoding/payloads/ts_payload.h> +#include <encoding/payloads/sa_payload.h> +#include <encoding/payloads/id_payload.h> +#include <encoding/payloads/auth_payload.h> #include <transforms/signers/signer.h> #include <transforms/crypters/crypter.h> @@ -78,9 +83,12 @@ static status_t process_message(private_ike_sa_init_responded_t *this, message_t status_t status; signer_t *signer; crypter_t *crypter; - iterator_t *payloads; + iterator_t *payloads, *iterator; exchange_type_t exchange_type; - + id_payload_t *idi_payload, *idr_payload; + auth_payload_t *auth_payload; + sa_payload_t *sa_payload; + ts_payload_t *tsi_payload, *tsr_payload; exchange_type = message->get_exchange_type(message); if (exchange_type != IKE_AUTH) @@ -96,7 +104,6 @@ static status_t process_message(private_ike_sa_init_responded_t *this, message_t return FAILED; } - /* get signer for verification and crypter for decryption */ signer = this->ike_sa->get_signer_initiator(this->ike_sa); crypter = this->ike_sa->get_crypter_initiator(this->ike_sa); @@ -109,77 +116,59 @@ static status_t process_message(private_ike_sa_init_responded_t *this, message_t return status; } - /* iterate over incoming payloads. We can be sure, the message contains only accepted payloads! */ + /* iterate over incoming payloads. Message is verified, we can be sure there are the required payloads */ payloads = message->get_payload_iterator(message); - while (payloads->has_next(payloads)) { payload_t *payload; - - /* get current payload */ payloads->current(payloads, (void**)&payload); - this->logger->log(this->logger, CONTROL|MORE, "Processing payload of type %s", mapping_find(payload_type_m, payload->get_type(payload))); switch (payload->get_type(payload)) { -// case SECURITY_ASSOCIATION: -// { -// sa_payload_t *sa_payload = (sa_payload_t*)payload; -// iterator_t *suggested_proposals, *accepted_proposals; -// proposal_substructure_t *accepted_proposal; -// -// accepted_proposals = this->proposals->create_iterator(this->proposals, FALSE); -// -// /* get the list of suggested proposals */ -// suggested_proposals = sa_payload->create_proposal_substructure_iterator(sa_payload, TRUE); -// -// /* now let the configuration-manager select a subset of the proposals */ -// status = charon->configuration_manager->select_proposals_for_host(charon->configuration_manager, -// this->ike_sa->get_other_host(this->ike_sa), suggested_proposals, accepted_proposals); -// if (status != SUCCESS) -// { -// this->logger->log(this->logger, CONTROL | MORE, "No proposal of suggested proposals selected"); -// suggested_proposals->destroy(suggested_proposals); -// accepted_proposals->destroy(accepted_proposals); -// payloads->destroy(payloads); -// return status; -// } -// -// /* iterators are not needed anymore */ -// suggested_proposals->destroy(suggested_proposals); -// -// /* let the ike_sa create their own transforms from proposal informations */ -// accepted_proposals->reset(accepted_proposals); -// /* TODO check for true*/ -// accepted_proposals->has_next(accepted_proposals); -// status = accepted_proposals->current(accepted_proposals,(void **)&accepted_proposal); -// if (status != SUCCESS) -// { -// this->logger->log(this->logger, ERROR | MORE, "Accepted proposals not supported?!"); -// accepted_proposals->destroy(accepted_proposals); -// payloads->destroy(payloads); -// return status; -// } -// -// status = this->ike_sa->create_transforms_from_proposal(this->ike_sa,accepted_proposal); -// accepted_proposals->destroy(accepted_proposals); -// if (status != SUCCESS) -// { -// this->logger->log(this->logger, ERROR | MORE, "Transform objects could not be created from selected proposal"); -// payloads->destroy(payloads); -// return status; -// } -// -// this->logger->log(this->logger, CONTROL | MORE, "SA Payload processed"); -// /* ok, we have what we need for sa_payload (proposals are stored in this->proposals)*/ -// break; -// } - + case ID_INITIATOR: + { + idi_payload = (id_payload_t*)payload; + break; + } + case AUTHENTICATION: + { + auth_payload = (auth_payload_t*)payload; + break; + } + case ID_RESPONDER: + { + /* TODO handle idr payloads */ + break; + } + case SECURITY_ASSOCIATION: + { + sa_payload = (sa_payload_t*)payload; + break; + } + case CERTIFICATE: + { + /* TODO handle cert payloads */ + break; + } + case CERTIFICATE_REQUEST: + { + /* TODO handle certrequest payloads */ + break; + } + case TRAFFIC_SELECTOR_INITIATOR: + { + tsi_payload = (ts_payload_t*)payload; + break; + } + case TRAFFIC_SELECTOR_RESPONDER: + { + tsr_payload = (ts_payload_t*)payload; + break; + } default: { - this->logger->log(this->logger, ERROR | MORE, "Payload type not supported!"); - payloads->destroy(payloads); - return NOT_SUPPORTED; + /* can't happen, since message is verified */ + break; } } } @@ -187,11 +176,64 @@ static status_t process_message(private_ike_sa_init_responded_t *this, message_t payloads->destroy(payloads); + /* + * ID Payload + */ + this->logger->log(this->logger, CONTROL|MOST, "type of IDi is %s", + mapping_find(id_type_m, idi_payload->get_id_type(idi_payload))); + chunk_t data = idi_payload->get_data(idi_payload); + + this->logger->log(this->logger, CONTROL|MOST, "data of IDi is %s", + data.ptr); + +// charon->configuration_manager->get_my_default_id(charon->configuration_manager, id +// +// +// +// +// this->logger->log(this->logger, CONTROL|MOST, "type of AUTH is %s", +// mapping_find(auth_method_m, auth_payload->get_auth_method(auth_payload))); +// +// /* get the list of suggested proposals */ +// suggested_proposals = sa_payload->create_proposal_substructure_iterator(sa_payload, TRUE); +// +// /* now let the configuration-manager select a subset of the proposals */ +// status = charon->configuration_manager->select_proposals_for_host(charon->configuration_manager, +// this->ike_sa->get_other_host(this->ike_sa), suggested_proposals, accepted_proposals); +// + +// iterator = tsi_payload->create_traffic_selector_substructure_iterator(tsi_payload, TRUE); +// while (iterator->has_next(iterator)) +// { +// traffic_selector_substructure_t *ts; +// iterator->current(iterator, (void**)ts); +// this->logger->log(this->logger, CONTROL|MOST, "type of TSi is %s", +// mapping_find(ts_type_m, ts->get_ts_type(ts))); +// +// } +// iterator->destroy(iterator); +// +// iterator = tsr_payload->create_traffic_selector_substructure_iterator(tsr_payload, TRUE); +// while (iterator->has_next(iterator)) +// { +// traffic_selector_substructure_t *ts; +// iterator->current(iterator, (void**)ts); +// this->logger->log(this->logger, CONTROL|MOST, "type of TSr is %s", +// mapping_find(ts_type_m, ts->get_ts_type(ts))); +// +// } +// iterator->destroy(iterator); + + this->logger->log(this->logger, CONTROL | MORE, "Request successfully handled. Going to create reply."); - - this->logger->log(this->logger, CONTROL | MOST, "Going to create nonce."); + return SUCCESS; +} + + +static status_t build_id_payload(private_ike_sa_init_responded_t *this, id_payload_t *id_payload) +{ return SUCCESS; } diff --git a/Source/charon/utils/Makefile.utils b/Source/charon/utils/Makefile.utils index e66a0601f..b9c00675b 100644 --- a/Source/charon/utils/Makefile.utils +++ b/Source/charon/utils/Makefile.utils @@ -42,3 +42,7 @@ $(BUILD_DIR)randomizer.o : $(UTILS_DIR)randomizer.c $(UTILS_DIR)randomizer.h OBJS+= $(BUILD_DIR)tester.o $(BUILD_DIR)tester.o : $(UTILS_DIR)tester.c $(UTILS_DIR)tester.h $(CC) $(CFLAGS) -c -o $@ $< + +OBJS+= $(BUILD_DIR)identification.o +$(BUILD_DIR)identification.o : $(UTILS_DIR)identification.c $(UTILS_DIR)identification.h + $(CC) $(CFLAGS) -c -o $@ $< diff --git a/Source/charon/utils/allocator.c b/Source/charon/utils/allocator.c index 46194e85f..8c314a88a 100644 --- a/Source/charon/utils/allocator.c +++ b/Source/charon/utils/allocator.c @@ -264,6 +264,25 @@ static void * clone_bytes(allocator_t *allocator,void * to_clone, size_t bytes, return new_space; } + +/** + * Implementation of allocator_t.clone_chunk. + */ +static chunk_t clone_chunk(allocator_t *allocator, chunk_t chunk, char * file, int line) +{ + private_allocator_t *this = (private_allocator_t *) allocator; + chunk_t clone = CHUNK_INITIALIZER; + + if (chunk.ptr && chunk.len > 0) + { + clone.ptr = this->allocate_special(this,chunk.len,file,line,TRUE); + clone.len = chunk.len; + memcpy(clone.ptr, chunk.ptr, chunk.len); + } + + return clone; +} + /** * Implementation of allocator_t.allocator_report_memory_leaks. */ @@ -305,6 +324,7 @@ static private_allocator_t allocator = { free_pointer: free_pointer, reallocate: reallocate, clone_bytes : clone_bytes, + clone_chunk : clone_chunk, report_memory_leaks: allocator_report_memory_leaks}, allocations: NULL, allocate_special : allocate_special, @@ -356,6 +376,25 @@ void * allocator_clone_bytes(void * pointer, size_t size) return (data); } + +/** + * Described in header + */ +static chunk_t clone_chunk(chunk_t chunk) +{ + chunk_t clone = CHUNK_INITIALIZER; + + if (chunk.ptr && chunk.len > 0) + { + clone.ptr = malloc(chunk.len); + if (clone.ptr == NULL) {exit(-1)}; + clone.len = chunk.len; + memcpy(clone.ptr, chunk.ptr, chunk.len); + } + + return clone; +} + /* * Described in header */ diff --git a/Source/charon/utils/allocator.h b/Source/charon/utils/allocator.h index f27610a16..a86311789 100644 --- a/Source/charon/utils/allocator.h +++ b/Source/charon/utils/allocator.h @@ -133,6 +133,22 @@ * - NULL if out of ressources */ void * (*clone_bytes) (allocator_t *this,void * to_clone, size_t bytes, char * file, int line); + + /** + * Clones a chunk with LEAK_DETECTION and returns a cloned chunk. + * + * @warning Use this function not directly, only with assigned macro + * #allocator_clone_chunk- + * + * @param this allocator_t object + * @param chunk chunk to clone + * @param file filename from which the memory is allocated + * @param line line number in specific file + * @return + * - pointer to reallocated memory area if successful + * - NULL if out of ressources + */ + chunk_t (*clone_chunk) (allocator_t *this, chunk_t chunk, char * file, int line); /** * Frees memory with LEAK_DETECTION. @@ -201,6 +217,16 @@ */ #define allocator_clone_bytes(old,bytes) (global_allocator->clone_bytes(global_allocator,old,bytes,__FILE__, __LINE__)) + + /** + * Macro to clone a chunk and its contents + * + * See #allocator_t.clone_chunk for description. + * + * @ingroup utils + */ + #define allocator_clone_chunk(chunk) (global_allocator->clone_chunk(global_allocator,chunk,__FILE__, __LINE__)) + /** * Macro to free some memory. * @@ -266,6 +292,17 @@ void * allocator_clone_bytes(void * pointer, size_t size); /** + * Clone a chunk and its contents. + * + * + * @param chunk chunk to clone + * @return cloned chunk + * + * @ingroup utils + */ + chunk_t allocator_clone_bytes(chunk_t chunk); + + /** * Frees memory used by chunk. * * @param chunk pointer of chunk to free diff --git a/Source/charon/utils/identification.c b/Source/charon/utils/identification.c new file mode 100644 index 000000000..270d96232 --- /dev/null +++ b/Source/charon/utils/identification.c @@ -0,0 +1,189 @@ +/** + * @file identification.c + * + * @brief Implementation of identification_t. + * + */ + +/* + * Copyright (C) 2005 Jan Hutter, Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include <sys/socket.h> +#include <netinet/in.h> +#include <arpa/inet.h> + +#include "identification.h" + +#include <utils/allocator.h> + + +typedef struct private_identification_t private_identification_t; + +/** + * Private data of an identification_t object. + */ +struct private_identification_t { + /** + * Public interface. + */ + identification_t public; + + /** + * string representation of this id + */ + char *string; + + /** + * encoded representation of this id + */ + chunk_t encoded; + + /** + * type of this id + */ + id_type_t type; +}; + +/** + * implements identification_t.get_encoding + */ +static chunk_t get_encoding(private_identification_t *this) +{ + return this->encoded; +} + +/** + * implements identification_t.get_type + */ +static id_type_t get_type(private_identification_t *this) +{ + return this->type; +} + +/** + * implements identification_t.get_string + */ +static char *get_string(private_identification_t *this) +{ + return this->string; +} + +/** + * implements identification_t.destroy + */ +static void destroy(private_identification_t *this) +{ + allocator_free(this->string); + allocator_free(this->encoded.ptr); + allocator_free(this); +} + +/** + * Generic constructor used for the other twos + */ +static private_identification_t *identification_create() +{ + + private_identification_t *this = allocator_alloc_thing(private_identification_t); + + /* assign methods */ + this->public.get_encoding = (chunk_t (*) (identification_t*))get_encoding; + this->public.get_type = (id_type_t (*) (identification_t*))get_type; + this->public.get_string = (char* (*) (identification_t*))get_string; + this->public.destroy = (void (*) (identification_t*))destroy; + + this->string = NULL; + this->encoded = CHUNK_INITIALIZER; + + return this; +} + +/* + * Described in header. + */ +identification_t *identification_create_from_string(id_type_t type, char *string) +{ + private_identification_t *this = identification_create(); + switch (type) + { + case ID_IPV4_ADDR: + { + /* convert string */ + this->encoded.len = 4; + this->encoded.ptr = allocator_alloc(this->encoded.len); + if (inet_aton(string, ((struct in_addr*)(this->encoded.ptr))) == 0) + { + allocator_free(this->encoded.ptr); + allocator_free(this); + return NULL; + } + /* clone string */ + this->string = allocator_alloc(strlen(string)+1); + strcpy(this->string, string); + return &(this->public); + } + case ID_IPV6_ADDR: + case ID_FQDN: + case ID_RFC822_ADDR: + case ID_DER_ASN1_DN: + case ID_DER_ASN1_GN: + case ID_KEY_ID: + default: + { + /* not supported */ + allocator_free(this); + return NULL; + } + } +} + +/* + * Described in header. + */ +identification_t *identification_create_from_encoding(id_type_t type, chunk_t encoded) +{ + private_identification_t *this = identification_create(); + switch (type) + { + case ID_IPV4_ADDR: + { + char *tmp; + /* clone chunk */ + if (encoded.len != 4) + { + allocator_free(this); + return NULL; + } + this->encoded = allocator_clone_chunk(encoded); + tmp = inet_ntoa(*((struct in_addr*)(encoded.ptr))); + /* build string, must be cloned */ + this->string = allocator_alloc(strlen(tmp)+1); + strcpy(this->string, tmp); + return &(this->public); + } + case ID_IPV6_ADDR: + case ID_FQDN: + case ID_RFC822_ADDR: + case ID_DER_ASN1_DN: + case ID_DER_ASN1_GN: + case ID_KEY_ID: + default: + { + /* not supported */ + allocator_free(this); + return NULL; + } + } +} diff --git a/Source/charon/utils/identification.h b/Source/charon/utils/identification.h new file mode 100644 index 000000000..54e4e02da --- /dev/null +++ b/Source/charon/utils/identification.h @@ -0,0 +1,114 @@ +/** + * @file identification.h + * + * @brief Interface of identification_t. + * + */ + +/* + * Copyright (C) 2005 Jan Hutter, Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + + +#ifndef _IDENTIFICATION_H_ +#define _IDENTIFICATION_H_ + + +#include "types.h" + +#include <encoding/payloads/id_payload.h> + +typedef struct identification_t identification_t; + +/** + * @brief Generic identification, such as used in ID payload. + * + * The following types are possible: + * + * - ID_IPV4_ADDR + * - ID_FQDN (not implemented) + * - ID_RFC822_ADDR (not implemented) + * - ID_IPV6_ADDR (not implemented) + * - ID_DER_ASN1_DN (not implemented) + * - ID_DER_ASN1_GN (not implemented) + * - ID_KEY_ID (not implemented) + * + * @ingroup sa + */ +struct identification_t { + + /** + * @brief Get the encoding of this id, to send over + * the network. + * + * @warning Result points to internal data, do NOT free! + * + * @param this the identification_t_object + * @return a chunk containing the encoded bytes + */ + chunk_t (*get_encoding) (identification_t *this); + + /** + * @brief Get the type of this identification. + * + * @param this the identification_t_object + * @return id_type_t + */ + id_type_t (*get_type) (identification_t *this); + + /** + * @brief Get a string representation of this id. + * + * @warning Result points to internal data, do NOT free! + * + * @param this the identification_t_object + * @return string + */ + char *(*get_string) (identification_t *this); + + /** + * @brief Destroys a identification_t object. + * + * @param this identification_t object + */ + void (*destroy) (identification_t *this); +}; + +/** + * @brief Creates an identification_t object from a string. + * + * @param type type of this id, such as ID_IPV4_ADDR or ID_RFC822_ADDR + * @param string input string, which will be converted + * @return - created identification_t object, or + * - NULL if type not supported. + * + * @ingroup sa + */ +identification_t * identification_create_from_string(id_type_t type, char *string); + + +/** + * @brief Creates an identification_t object from an encoded chunk. + * + * @param type type of this id, such as ID_IPV4_ADDR or ID_RFC822_ADDR + * @param encoded encoded bytes, such as from identification_t.get_encoding + * @return - created identification_t object, or + * - NULL if type not supported. + * + * @ingroup sa + */ +identification_t * identification_create_from_encoding(id_type_t type, chunk_t encoded); + + +#endif //_IDENTIFICATION_H_ |