aboutsummaryrefslogtreecommitdiffstats
path: root/Source/charon/config/sa_config.c
diff options
context:
space:
mode:
Diffstat (limited to 'Source/charon/config/sa_config.c')
-rw-r--r--Source/charon/config/sa_config.c190
1 files changed, 31 insertions, 159 deletions
diff --git a/Source/charon/config/sa_config.c b/Source/charon/config/sa_config.c
index 1009c84e0..1a21d0fd4 100644
--- a/Source/charon/config/sa_config.c
+++ b/Source/charon/config/sa_config.c
@@ -75,11 +75,6 @@ struct private_sa_config_t {
linked_list_t *ts_responder;
/**
- * compare two proposals for equality
- */
- bool (*proposal_equals) (private_sa_config_t *this, child_proposal_t *first, child_proposal_t *second);
-
- /**
* get_traffic_selectors for both
*/
size_t (*get_traffic_selectors) (private_sa_config_t *,linked_list_t*,traffic_selector_t**[]);
@@ -211,167 +206,49 @@ static size_t select_traffic_selectors(private_sa_config_t *this, linked_list_t
}
/**
- * Implementation of sa_config_t.get_proposals
+ * Implementation of sa_config_t.get_proposal_iterator
*/
-static size_t get_proposals(private_sa_config_t *this, u_int8_t ah_spi[4], u_int8_t esp_spi[4], child_proposal_t **proposals)
+static iterator_t *create_proposal_iterator(private_sa_config_t *this)
{
- iterator_t *iterator;
- child_proposal_t *current_proposal;
- int counter = 0;
- *proposals = allocator_alloc(sizeof(child_proposal_t) * this->proposals->get_count(this->proposals));
-
- /* copy all proposals from the list in an array */
- iterator = this->proposals->create_iterator(this->proposals, TRUE);
- while (iterator->has_next(iterator))
- {
- child_proposal_t *new_proposal = (*proposals) + counter;
- iterator->current(iterator, (void**)&current_proposal);
- *new_proposal = *current_proposal;
- memcpy(new_proposal->ah.spi, ah_spi, 4);
- memcpy(new_proposal->ah.spi, esp_spi, 4);
- counter++;
- }
- iterator->destroy(iterator);
- return counter;
+ return this->proposals->create_iterator(this->proposals, TRUE);
}
/**
* Implementation of sa_config_t.select_proposal
*/
-static child_proposal_t *select_proposal(private_sa_config_t *this, u_int8_t ah_spi[4], u_int8_t esp_spi[4], child_proposal_t *supplied, size_t count)
+static child_proposal_t *select_proposal(private_sa_config_t *this, linked_list_t *proposals)
{
- iterator_t *iterator;
- child_proposal_t *current_proposal, *selected_proposal;
- int i;
-/* logger_t *logger = logger_create("SA Config",FULL,FALSE,stdout); */
+ iterator_t *stored_iter, *supplied_iter;
+ child_proposal_t *stored, *supplied, *selected;
+ stored_iter = this->proposals->create_iterator(this->proposals, TRUE);
+ supplied_iter = proposals->create_iterator(proposals, TRUE);
- /* iterate over all stored proposals */
- iterator = this->proposals->create_iterator(this->proposals, TRUE);
- while (iterator->has_next(iterator))
+ /* compare all stored proposals with all supplied. Stored ones are preferred. */
+ while (stored_iter->has_next(stored_iter))
{
- iterator->current(iterator, (void**)&current_proposal);
- /*
- logger->log(logger,FULL,"ESP integrity algorithm: %s, keylength: %d", mapping_find(integrity_algorithm_m,current_proposal->esp.integrity_algorithm),current_proposal->esp.integrity_algorithm_key_size);
- logger->log(logger,FULL,"ESP diffie_hellman_group: %s", mapping_find(diffie_hellman_group_m,current_proposal->esp.diffie_hellman_group));
- logger->log(logger,FULL,"ESP extended_sequence_numbers: %s", mapping_find(extended_sequence_numbers_m,current_proposal->esp.extended_sequence_numbers));
- logger->log(logger,FULL,"ESP encryption_algorithm: %s keylength: %d", mapping_find(encryption_algorithm_m,current_proposal->esp.encryption_algorithm),current_proposal->esp.encryption_algorithm_key_size);
-*/
-
-
- /* copy and break if a proposal matches */
- for (i = 0; i < count; i++)
- {
-/* if (supplied[i].esp.is_set)
- {
- logger->log(logger,FULL,"ESP integrity algorithm: %s, keylength: %d", mapping_find(integrity_algorithm_m,supplied[i].esp.integrity_algorithm),supplied[i].esp.integrity_algorithm_key_size);
- logger->log(logger,FULL,"ESP diffie_hellman_group: %s", mapping_find(diffie_hellman_group_m,supplied[i].esp.diffie_hellman_group));
- logger->log(logger,FULL,"ESP extended_sequence_numbers: %s", mapping_find(extended_sequence_numbers_m,supplied[i].esp.extended_sequence_numbers));
- logger->log(logger,FULL,"ESP encryption_algorithm: %s keylength: %d", mapping_find(encryption_algorithm_m,supplied[i].esp.encryption_algorithm),supplied[i].esp.encryption_algorithm_key_size);
- }
+ supplied_iter->reset(supplied_iter);
+ stored_iter->current(stored_iter, (void**)&stored);
- if (supplied[i].ah.is_set)
- {
- logger->log(logger,FULL,"AH integrity algorithm: %s, keylength: %d", mapping_find(integrity_algorithm_m,supplied[i].ah.integrity_algorithm),supplied[i].ah.integrity_algorithm_key_size);
- logger->log(logger,FULL,"AH diffie_hellman_group: %s", mapping_find(diffie_hellman_group_m,supplied[i].ah.diffie_hellman_group));
- logger->log(logger,FULL,"AH extended_sequence_numbers: %s", mapping_find(extended_sequence_numbers_m,supplied[i].ah.extended_sequence_numbers));
- }*/
-
-
- if (this->proposal_equals(this, &(supplied[i]), current_proposal))
+ while (supplied_iter->has_next(supplied_iter))
+ {
+ supplied_iter->current(supplied_iter, (void**)&supplied);
+ selected = stored->select(stored, supplied);
+ if (selected)
{
- selected_proposal = allocator_alloc(sizeof(child_proposal_t));
- *selected_proposal = *current_proposal;
- memcpy(selected_proposal->ah.spi, ah_spi, 4);
- memcpy(selected_proposal->ah.spi, esp_spi, 4);
-/* logger->destroy(logger);*/
- iterator->destroy(iterator);
- return selected_proposal;
+ /* they match, return */
+ stored_iter->destroy(stored_iter);
+ supplied_iter->destroy(supplied_iter);
+ return selected;
}
}
}
- iterator->destroy(iterator);
-
-/* logger->destroy(logger); */
- return NULL;
-}
-
-
-/**
- * Implementation of private_sa_config_t.proposal_equals
- */
-static bool proposal_equals(private_sa_config_t *this, child_proposal_t *first, child_proposal_t *second)
-{
- /*
- * Proto ? Mandatory ? Optional
- * -----------------------------------
- * ESP ? ENCR ? INTEG, D-H, ESN
- * AH ? INTEG ? D-H, ESN
- */
- /* equality defaults to false, so return is FALSE if ah and esp not set */
- bool equal = FALSE;
+ /* no proposal match :-(, will result in a NO_PROPOSAL_CHOSEN... */
+ stored_iter->destroy(stored_iter);
+ supplied_iter->destroy(supplied_iter);
- /* check ah, if set */
- if (first->ah.is_set && second->ah.is_set)
- {
- /* integrity alg is mandatory, with key size */
- if ((first->ah.integrity_algorithm == second->ah.integrity_algorithm) &&
- (first->ah.integrity_algorithm_key_size == second->ah.integrity_algorithm_key_size))
- {
- /* dh group is optional, but must be NOT_SET when not set */
- if (first->ah.diffie_hellman_group != second->ah.diffie_hellman_group)
- {
- return FALSE;
- }
- /* sequence numbers is optional, but must be NOT_SET when not set */
- if (first->ah.extended_sequence_numbers != second->ah.extended_sequence_numbers)
- {
- return FALSE;
- }
- /* all checked, ah seems ok */
- equal = TRUE;
- }
- else
- {
- return FALSE;
- }
- }
- /* check esp, if set */
- if (first->esp.is_set && second->esp.is_set)
- {
- /* encryption alg is mandatory, with key size */
- if ((first->esp.encryption_algorithm == second->esp.encryption_algorithm) &&
- (first->esp.encryption_algorithm_key_size == second->esp.encryption_algorithm_key_size))
- {
- /* int alg is optional, check key only when not NOT_SET */
- if (first->esp.integrity_algorithm != second->esp.integrity_algorithm)
- {
- return FALSE;
- }
- if ((first->esp.integrity_algorithm != AUTH_UNDEFINED) &&
- (first->esp.integrity_algorithm_key_size != second->esp.integrity_algorithm_key_size))
- {
- return FALSE;
- }
- /* dh group is optional, but must be NOT_SET when not set */
- if (first->esp.diffie_hellman_group != second->esp.diffie_hellman_group)
- {
- return FALSE;
- }
- if (first->esp.extended_sequence_numbers != second->esp.extended_sequence_numbers)
- {
- return FALSE;
- }
- /* all checked, esp seems ok */
- equal = TRUE;
- }
- else
- {
- return FALSE;
- }
- }
- return equal;
+ return NULL;
}
/**
@@ -397,10 +274,7 @@ static void add_traffic_selector_responder(private_sa_config_t *this, traffic_se
*/
static void add_proposal(private_sa_config_t *this, child_proposal_t *proposal)
{
- /* clone proposal, and add*/
- child_proposal_t *new_proposal = allocator_alloc_thing(child_proposal_t);
- *new_proposal = *proposal;
- this->proposals->insert_last(this->proposals, (void*)new_proposal);
+ this->proposals->insert_last(this->proposals, (void*)proposal);
}
/**
@@ -416,7 +290,7 @@ static status_t destroy(private_sa_config_t *this)
while(this->proposals->get_count(this->proposals) > 0)
{
this->proposals->remove_last(this->proposals, (void**)&proposal);
- allocator_free(proposal);
+ proposal->destroy(proposal);
}
this->proposals->destroy(this->proposals);
@@ -460,31 +334,29 @@ sa_config_t *sa_config_create(id_type_t my_id_type, char *my_id, id_type_t other
this->public.select_traffic_selectors_initiator = (size_t(*)(sa_config_t*,traffic_selector_t*[],size_t,traffic_selector_t**[]))select_traffic_selectors_initiator;
this->public.get_traffic_selectors_responder = (size_t(*)(sa_config_t*,traffic_selector_t**[]))get_traffic_selectors_responder;
this->public.select_traffic_selectors_responder = (size_t(*)(sa_config_t*,traffic_selector_t*[],size_t,traffic_selector_t**[]))select_traffic_selectors_responder;
- this->public.get_proposals = (size_t(*)(sa_config_t*,u_int8_t[4],u_int8_t[4],child_proposal_t**))get_proposals;
- this->public.select_proposal = (child_proposal_t*(*)(sa_config_t*,u_int8_t[4],u_int8_t[4],child_proposal_t*,size_t))select_proposal;
+ this->public.create_proposal_iterator = (iterator_t*(*)(sa_config_t*))create_proposal_iterator;
+ this->public.select_proposal = (child_proposal_t*(*)(sa_config_t*,linked_list_t*))select_proposal;
this->public.add_traffic_selector_initiator = (void(*)(sa_config_t*,traffic_selector_t*))add_traffic_selector_initiator;
this->public.add_traffic_selector_responder = (void(*)(sa_config_t*,traffic_selector_t*))add_traffic_selector_responder;
this->public.add_proposal = (void(*)(sa_config_t*,child_proposal_t*))add_proposal;
this->public.destroy = (void(*)(sa_config_t*))destroy;
-
/* apply init values */
this->my_id = identification_create_from_string(my_id_type, my_id);
if (this->my_id == NULL)
{
allocator_free(this);
- return NULL;
+ return NULL;
}
this->other_id = identification_create_from_string(other_id_type, other_id);
if (this->my_id == NULL)
{
this->other_id->destroy(this->other_id);
allocator_free(this);
- return NULL;
+ return NULL;
}
/* init private members*/
- this->proposal_equals = proposal_equals;
this->select_traffic_selectors = select_traffic_selectors;
this->get_traffic_selectors = get_traffic_selectors;
this->proposals = linked_list_create();
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-19 17:57:15 +0000