diff options
Diffstat (limited to 'Source/charon')
| -rw-r--r-- | Source/charon/config/Makefile.config | 4 | ||||
| -rw-r--r-- | Source/charon/config/configuration_manager.c | 83 | ||||
| -rw-r--r-- | Source/charon/config/sa_config.c | 190 | ||||
| -rw-r--r-- | Source/charon/config/sa_config.h | 69 | ||||
| -rw-r--r-- | Source/charon/encoding/payloads/proposal_substructure.c | 75 | ||||
| -rw-r--r-- | Source/charon/encoding/payloads/proposal_substructure.h | 39 | ||||
| -rw-r--r-- | Source/charon/encoding/payloads/sa_payload.c | 29 | ||||
| -rw-r--r-- | Source/charon/encoding/payloads/sa_payload.h | 24 | ||||
| -rw-r--r-- | Source/charon/encoding/payloads/transform_substructure.c | 23 | ||||
| -rw-r--r-- | Source/charon/encoding/payloads/transform_substructure.h | 44 | ||||
| -rw-r--r-- | Source/charon/testcases/kernel_interface_test.c | 1 | ||||
| -rw-r--r-- | Source/charon/testcases/testcases.c | 4 | ||||
| -rw-r--r-- | Source/charon/threads/kernel_interface.h | 24 |
13 files changed, 221 insertions, 388 deletions
diff --git a/Source/charon/config/Makefile.config b/Source/charon/config/Makefile.config index 8076e4339..7ca46d14f 100644 --- a/Source/charon/config/Makefile.config +++ b/Source/charon/config/Makefile.config @@ -30,3 +30,7 @@ $(BUILD_DIR)sa_config.o : $(CONFIG_DIR)sa_config.c $(CONFIG_DIR)sa_config.h OBJS+= $(BUILD_DIR)traffic_selector.o $(BUILD_DIR)traffic_selector.o : $(CONFIG_DIR)traffic_selector.c $(CONFIG_DIR)traffic_selector.h $(CC) $(CFLAGS) -c -o $@ $< + +OBJS+= $(BUILD_DIR)child_proposal.o +$(BUILD_DIR)child_proposal.o : $(CONFIG_DIR)child_proposal.c $(CONFIG_DIR)child_proposal.h + $(CC) $(CFLAGS) -c -o $@ $< diff --git a/Source/charon/config/configuration_manager.c b/Source/charon/config/configuration_manager.c index 4e9cdc5b4..f4873fa3c 100644 --- a/Source/charon/config/configuration_manager.c +++ b/Source/charon/config/configuration_manager.c @@ -274,16 +274,17 @@ u_int8_t private_key_2[]; */ static void load_default_config (private_configuration_manager_t *this) { - init_config_t *init_config1, *init_config2, *init_config3, *init_config4; + init_config_t *init_config1, *init_config2, *init_config3, *init_config4, *init_config5; ike_proposal_t proposals[4]; - child_proposal_t child_proposals[1]; - sa_config_t *sa_config1, *sa_config2, *sa_config3, *sa_config4; + child_proposal_t *child_proposal; + sa_config_t *sa_config1, *sa_config2, *sa_config3, *sa_config4, *sa_config5; traffic_selector_t *ts; - init_config1 = init_config_create("0.0.0.0","152.96.193.131",IKEV2_UDP_PORT,IKEV2_UDP_PORT); - init_config2 = init_config_create("0.0.0.0","152.96.193.130",IKEV2_UDP_PORT,IKEV2_UDP_PORT); + init_config1 = init_config_create("0.0.0.0","192.168.1.1",IKEV2_UDP_PORT,IKEV2_UDP_PORT); + init_config2 = init_config_create("0.0.0.0","192.168.1.2",IKEV2_UDP_PORT,IKEV2_UDP_PORT); init_config3 = init_config_create("0.0.0.0","127.0.0.1",IKEV2_UDP_PORT,IKEV2_UDP_PORT); init_config4 = init_config_create("0.0.0.0","127.0.0.1",IKEV2_UDP_PORT,IKEV2_UDP_PORT); + init_config5 = init_config_create("0.0.0.0","192.168.1.2",IKEV2_UDP_PORT,IKEV2_UDP_PORT); ts = traffic_selector_create_from_string(1, TS_IPV4_ADDR_RANGE, "0.0.0.0", 0, "255.255.255.255", 65535); @@ -316,25 +317,27 @@ static void load_default_config (private_configuration_manager_t *this) init_config3->add_proposal(init_config3,1,proposals[0]); init_config4->add_proposal(init_config4,1,proposals[3]); init_config4->add_proposal(init_config4,1,proposals[2]); + init_config5->add_proposal(init_config5,1,proposals[3]); + init_config5->add_proposal(init_config5,1,proposals[2]); - sa_config1 = sa_config_create(ID_IPV4_ADDR, "152.96.193.130", - ID_IPV4_ADDR, "152.96.193.131", + sa_config1 = sa_config_create(ID_IPV4_ADDR, "192.168.1.2", + ID_IPV4_ADDR, "192.168.1.1", SHARED_KEY_MESSAGE_INTEGRITY_CODE, 30000); sa_config1->add_traffic_selector_initiator(sa_config1,ts); sa_config1->add_traffic_selector_responder(sa_config1,ts); - sa_config2 = sa_config_create(ID_IPV4_ADDR, "152.96.193.131", - ID_IPV4_ADDR, "152.96.193.130", + sa_config2 = sa_config_create(ID_IPV4_ADDR, "192.168.1.1", + ID_IPV4_ADDR, "192.168.1.2", SHARED_KEY_MESSAGE_INTEGRITY_CODE, 30000); sa_config2->add_traffic_selector_initiator(sa_config2,ts); sa_config2->add_traffic_selector_responder(sa_config2,ts); - sa_config3 = sa_config_create(ID_IPV4_ADDR, "127.0.0.1", - ID_IPV4_ADDR, "127.0.0.1", + sa_config3 = sa_config_create(ID_IPV4_ADDR, "192.168.1.1", + ID_IPV4_ADDR, "192.168.1.2", SHARED_KEY_MESSAGE_INTEGRITY_CODE, 30000); @@ -349,46 +352,48 @@ static void load_default_config (private_configuration_manager_t *this) sa_config4->add_traffic_selector_initiator(sa_config4,ts); sa_config4->add_traffic_selector_responder(sa_config4,ts); + sa_config5 = sa_config_create(ID_IPV4_ADDR, "192.168.1.1", + ID_IPV4_ADDR, "192.168.1.2", + RSA_DIGITAL_SIGNATURE, + 30000); + + sa_config5->add_traffic_selector_initiator(sa_config5,ts); + sa_config5->add_traffic_selector_responder(sa_config5,ts); + ts->destroy(ts); /* ah and esp prop */ - child_proposals[0].ah.is_set = FALSE; - child_proposals[0].ah.integrity_algorithm = AUTH_HMAC_SHA1_96; - child_proposals[0].ah.integrity_algorithm_key_size = 20; - child_proposals[0].ah.diffie_hellman_group = MODP_1024_BIT; - child_proposals[0].ah.extended_sequence_numbers = NO_EXT_SEQ_NUMBERS; - - child_proposals[0].esp.is_set = TRUE; - child_proposals[0].esp.diffie_hellman_group = MODP_UNDEFINED; - child_proposals[0].esp.encryption_algorithm = ENCR_AES_CBC; - child_proposals[0].esp.encryption_algorithm_key_size = 16; - child_proposals[0].esp.integrity_algorithm = AUTH_HMAC_SHA1_96; - child_proposals[0].esp.integrity_algorithm_key_size = 20; - child_proposals[0].esp.extended_sequence_numbers = NO_EXT_SEQ_NUMBERS; - child_proposals[0].esp.spi[0] = 2; - child_proposals[0].esp.spi[1] = 2; - child_proposals[0].esp.spi[2] = 2; - child_proposals[0].esp.spi[3] = 2; - - sa_config1->add_proposal(sa_config1, &child_proposals[0]); - sa_config2->add_proposal(sa_config2, &child_proposals[0]); - sa_config3->add_proposal(sa_config3, &child_proposals[0]); - - this->add_new_configuration(this,"pinflb31",init_config1,sa_config1); - this->add_new_configuration(this,"pinflb30",init_config2,sa_config2); + child_proposal->add_algorithm(child_proposal, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20); + child_proposal->add_algorithm(child_proposal, AH, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0); + child_proposal->add_algorithm(child_proposal, AH, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0); + + child_proposal->add_algorithm(child_proposal, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16); + child_proposal->add_algorithm(child_proposal, ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20); + child_proposal->add_algorithm(child_proposal, ESP, DIFFIE_HELLMAN_GROUP, MODP_UNDEFINED, 0); + child_proposal->add_algorithm(child_proposal, ESP, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0); + + sa_config1->add_proposal(sa_config1, child_proposal); + sa_config2->add_proposal(sa_config2, child_proposal); + sa_config3->add_proposal(sa_config3, child_proposal); + sa_config5->add_proposal(sa_config5, child_proposal); + + this->add_new_configuration(this,"jan",init_config1,sa_config1); + this->add_new_configuration(this,"martin",init_config2,sa_config2); this->add_new_configuration(this,"localhost-shared",init_config3,sa_config3); this->add_new_configuration(this,"localhost-rsa",init_config3,sa_config4); this->add_new_configuration(this,"localhost-bad_dh_group",init_config4, sa_config3); + this->add_new_configuration(this,"martin-bad_dh_group",init_config5, sa_config3); + this->add_new_configuration(this,"martin-rsa",init_config2, sa_config5); - this->add_new_preshared_secret(this,ID_IPV4_ADDR, "152.96.193.130","verschluesselt"); - this->add_new_preshared_secret(this,ID_IPV4_ADDR, "152.96.193.131","verschluesselt"); + this->add_new_preshared_secret(this,ID_IPV4_ADDR, "192.168.1.2","verschluesselt"); + this->add_new_preshared_secret(this,ID_IPV4_ADDR, "192.168.1.1","verschluesselt"); this->add_new_preshared_secret(this,ID_IPV4_ADDR, "127.0.0.1","verschluesselt"); this->add_new_rsa_public_key(this,ID_IPV4_ADDR, "127.0.0.1", public_key_1, 256); - this->add_new_rsa_public_key(this,ID_IPV4_ADDR, "152.96.193.131", public_key_2, 256); + this->add_new_rsa_public_key(this,ID_IPV4_ADDR, "192.168.1.1", public_key_2, 256); this->add_new_rsa_private_key(this,ID_IPV4_ADDR, "127.0.0.1", private_key_1, 1024); - this->add_new_rsa_private_key(this,ID_IPV4_ADDR, "152.96.193.131", private_key_2, 1024); + this->add_new_rsa_private_key(this,ID_IPV4_ADDR, "192.168.1.1", private_key_2, 1024); } /** diff --git a/Source/charon/config/sa_config.c b/Source/charon/config/sa_config.c index 1009c84e0..1a21d0fd4 100644 --- a/Source/charon/config/sa_config.c +++ b/Source/charon/config/sa_config.c @@ -75,11 +75,6 @@ struct private_sa_config_t { linked_list_t *ts_responder; /** - * compare two proposals for equality - */ - bool (*proposal_equals) (private_sa_config_t *this, child_proposal_t *first, child_proposal_t *second); - - /** * get_traffic_selectors for both */ size_t (*get_traffic_selectors) (private_sa_config_t *,linked_list_t*,traffic_selector_t**[]); @@ -211,167 +206,49 @@ static size_t select_traffic_selectors(private_sa_config_t *this, linked_list_t } /** - * Implementation of sa_config_t.get_proposals + * Implementation of sa_config_t.get_proposal_iterator */ -static size_t get_proposals(private_sa_config_t *this, u_int8_t ah_spi[4], u_int8_t esp_spi[4], child_proposal_t **proposals) +static iterator_t *create_proposal_iterator(private_sa_config_t *this) { - iterator_t *iterator; - child_proposal_t *current_proposal; - int counter = 0; - *proposals = allocator_alloc(sizeof(child_proposal_t) * this->proposals->get_count(this->proposals)); - - /* copy all proposals from the list in an array */ - iterator = this->proposals->create_iterator(this->proposals, TRUE); - while (iterator->has_next(iterator)) - { - child_proposal_t *new_proposal = (*proposals) + counter; - iterator->current(iterator, (void**)¤t_proposal); - *new_proposal = *current_proposal; - memcpy(new_proposal->ah.spi, ah_spi, 4); - memcpy(new_proposal->ah.spi, esp_spi, 4); - counter++; - } - iterator->destroy(iterator); - return counter; + return this->proposals->create_iterator(this->proposals, TRUE); } /** * Implementation of sa_config_t.select_proposal */ -static child_proposal_t *select_proposal(private_sa_config_t *this, u_int8_t ah_spi[4], u_int8_t esp_spi[4], child_proposal_t *supplied, size_t count) +static child_proposal_t *select_proposal(private_sa_config_t *this, linked_list_t *proposals) { - iterator_t *iterator; - child_proposal_t *current_proposal, *selected_proposal; - int i; -/* logger_t *logger = logger_create("SA Config",FULL,FALSE,stdout); */ + iterator_t *stored_iter, *supplied_iter; + child_proposal_t *stored, *supplied, *selected; + stored_iter = this->proposals->create_iterator(this->proposals, TRUE); + supplied_iter = proposals->create_iterator(proposals, TRUE); - /* iterate over all stored proposals */ - iterator = this->proposals->create_iterator(this->proposals, TRUE); - while (iterator->has_next(iterator)) + /* compare all stored proposals with all supplied. Stored ones are preferred. */ + while (stored_iter->has_next(stored_iter)) { - iterator->current(iterator, (void**)¤t_proposal); - /* - logger->log(logger,FULL,"ESP integrity algorithm: %s, keylength: %d", mapping_find(integrity_algorithm_m,current_proposal->esp.integrity_algorithm),current_proposal->esp.integrity_algorithm_key_size); - logger->log(logger,FULL,"ESP diffie_hellman_group: %s", mapping_find(diffie_hellman_group_m,current_proposal->esp.diffie_hellman_group)); - logger->log(logger,FULL,"ESP extended_sequence_numbers: %s", mapping_find(extended_sequence_numbers_m,current_proposal->esp.extended_sequence_numbers)); - logger->log(logger,FULL,"ESP encryption_algorithm: %s keylength: %d", mapping_find(encryption_algorithm_m,current_proposal->esp.encryption_algorithm),current_proposal->esp.encryption_algorithm_key_size); -*/ - - - /* copy and break if a proposal matches */ - for (i = 0; i < count; i++) - { -/* if (supplied[i].esp.is_set) - { - logger->log(logger,FULL,"ESP integrity algorithm: %s, keylength: %d", mapping_find(integrity_algorithm_m,supplied[i].esp.integrity_algorithm),supplied[i].esp.integrity_algorithm_key_size); - logger->log(logger,FULL,"ESP diffie_hellman_group: %s", mapping_find(diffie_hellman_group_m,supplied[i].esp.diffie_hellman_group)); - logger->log(logger,FULL,"ESP extended_sequence_numbers: %s", mapping_find(extended_sequence_numbers_m,supplied[i].esp.extended_sequence_numbers)); - logger->log(logger,FULL,"ESP encryption_algorithm: %s keylength: %d", mapping_find(encryption_algorithm_m,supplied[i].esp.encryption_algorithm),supplied[i].esp.encryption_algorithm_key_size); - } + supplied_iter->reset(supplied_iter); + stored_iter->current(stored_iter, (void**)&stored); - if (supplied[i].ah.is_set) - { - logger->log(logger,FULL,"AH integrity algorithm: %s, keylength: %d", mapping_find(integrity_algorithm_m,supplied[i].ah.integrity_algorithm),supplied[i].ah.integrity_algorithm_key_size); - logger->log(logger,FULL,"AH diffie_hellman_group: %s", mapping_find(diffie_hellman_group_m,supplied[i].ah.diffie_hellman_group)); - logger->log(logger,FULL,"AH extended_sequence_numbers: %s", mapping_find(extended_sequence_numbers_m,supplied[i].ah.extended_sequence_numbers)); - }*/ - - - if (this->proposal_equals(this, &(supplied[i]), current_proposal)) + while (supplied_iter->has_next(supplied_iter)) + { + supplied_iter->current(supplied_iter, (void**)&supplied); + selected = stored->select(stored, supplied); + if (selected) { - selected_proposal = allocator_alloc(sizeof(child_proposal_t)); - *selected_proposal = *current_proposal; - memcpy(selected_proposal->ah.spi, ah_spi, 4); - memcpy(selected_proposal->ah.spi, esp_spi, 4); -/* logger->destroy(logger);*/ - iterator->destroy(iterator); - return selected_proposal; + /* they match, return */ + stored_iter->destroy(stored_iter); + supplied_iter->destroy(supplied_iter); + return selected; } } } - iterator->destroy(iterator); - -/* logger->destroy(logger); */ - return NULL; -} - - -/** - * Implementation of private_sa_config_t.proposal_equals - */ -static bool proposal_equals(private_sa_config_t *this, child_proposal_t *first, child_proposal_t *second) -{ - /* - * Proto ? Mandatory ? Optional - * ----------------------------------- - * ESP ? ENCR ? INTEG, D-H, ESN - * AH ? INTEG ? D-H, ESN - */ - /* equality defaults to false, so return is FALSE if ah and esp not set */ - bool equal = FALSE; + /* no proposal match :-(, will result in a NO_PROPOSAL_CHOSEN... */ + stored_iter->destroy(stored_iter); + supplied_iter->destroy(supplied_iter); - /* check ah, if set */ - if (first->ah.is_set && second->ah.is_set) - { - /* integrity alg is mandatory, with key size */ - if ((first->ah.integrity_algorithm == second->ah.integrity_algorithm) && - (first->ah.integrity_algorithm_key_size == second->ah.integrity_algorithm_key_size)) - { - /* dh group is optional, but must be NOT_SET when not set */ - if (first->ah.diffie_hellman_group != second->ah.diffie_hellman_group) - { - return FALSE; - } - /* sequence numbers is optional, but must be NOT_SET when not set */ - if (first->ah.extended_sequence_numbers != second->ah.extended_sequence_numbers) - { - return FALSE; - } - /* all checked, ah seems ok */ - equal = TRUE; - } - else - { - return FALSE; - } - } - /* check esp, if set */ - if (first->esp.is_set && second->esp.is_set) - { - /* encryption alg is mandatory, with key size */ - if ((first->esp.encryption_algorithm == second->esp.encryption_algorithm) && - (first->esp.encryption_algorithm_key_size == second->esp.encryption_algorithm_key_size)) - { - /* int alg is optional, check key only when not NOT_SET */ - if (first->esp.integrity_algorithm != second->esp.integrity_algorithm) - { - return FALSE; - } - if ((first->esp.integrity_algorithm != AUTH_UNDEFINED) && - (first->esp.integrity_algorithm_key_size != second->esp.integrity_algorithm_key_size)) - { - return FALSE; - } - /* dh group is optional, but must be NOT_SET when not set */ - if (first->esp.diffie_hellman_group != second->esp.diffie_hellman_group) - { - return FALSE; - } - if (first->esp.extended_sequence_numbers != second->esp.extended_sequence_numbers) - { - return FALSE; - } - /* all checked, esp seems ok */ - equal = TRUE; - } - else - { - return FALSE; - } - } - return equal; + return NULL; } /** @@ -397,10 +274,7 @@ static void add_traffic_selector_responder(private_sa_config_t *this, traffic_se */ static void add_proposal(private_sa_config_t *this, child_proposal_t *proposal) { - /* clone proposal, and add*/ - child_proposal_t *new_proposal = allocator_alloc_thing(child_proposal_t); - *new_proposal = *proposal; - this->proposals->insert_last(this->proposals, (void*)new_proposal); + this->proposals->insert_last(this->proposals, (void*)proposal); } /** @@ -416,7 +290,7 @@ static status_t destroy(private_sa_config_t *this) while(this->proposals->get_count(this->proposals) > 0) { this->proposals->remove_last(this->proposals, (void**)&proposal); - allocator_free(proposal); + proposal->destroy(proposal); } this->proposals->destroy(this->proposals); @@ -460,31 +334,29 @@ sa_config_t *sa_config_create(id_type_t my_id_type, char *my_id, id_type_t other this->public.select_traffic_selectors_initiator = (size_t(*)(sa_config_t*,traffic_selector_t*[],size_t,traffic_selector_t**[]))select_traffic_selectors_initiator; this->public.get_traffic_selectors_responder = (size_t(*)(sa_config_t*,traffic_selector_t**[]))get_traffic_selectors_responder; this->public.select_traffic_selectors_responder = (size_t(*)(sa_config_t*,traffic_selector_t*[],size_t,traffic_selector_t**[]))select_traffic_selectors_responder; - this->public.get_proposals = (size_t(*)(sa_config_t*,u_int8_t[4],u_int8_t[4],child_proposal_t**))get_proposals; - this->public.select_proposal = (child_proposal_t*(*)(sa_config_t*,u_int8_t[4],u_int8_t[4],child_proposal_t*,size_t))select_proposal; + this->public.create_proposal_iterator = (iterator_t*(*)(sa_config_t*))create_proposal_iterator; + this->public.select_proposal = (child_proposal_t*(*)(sa_config_t*,linked_list_t*))select_proposal; this->public.add_traffic_selector_initiator = (void(*)(sa_config_t*,traffic_selector_t*))add_traffic_selector_initiator; this->public.add_traffic_selector_responder = (void(*)(sa_config_t*,traffic_selector_t*))add_traffic_selector_responder; this->public.add_proposal = (void(*)(sa_config_t*,child_proposal_t*))add_proposal; this->public.destroy = (void(*)(sa_config_t*))destroy; - /* apply init values */ this->my_id = identification_create_from_string(my_id_type, my_id); if (this->my_id == NULL) { allocator_free(this); - return NULL; + return NULL; } this->other_id = identification_create_from_string(other_id_type, other_id); if (this->my_id == NULL) { this->other_id->destroy(this->other_id); allocator_free(this); - return NULL; + return NULL; } /* init private members*/ - this->proposal_equals = proposal_equals; this->select_traffic_selectors = select_traffic_selectors; this->get_traffic_selectors = get_traffic_selectors; this->proposals = linked_list_create(); diff --git a/Source/charon/config/sa_config.h b/Source/charon/config/sa_config.h index ad9e33019..0bfde778b 100644 --- a/Source/charon/config/sa_config.h +++ b/Source/charon/config/sa_config.h @@ -32,50 +32,9 @@ #include <transforms/signers/signer.h> #include <transforms/diffie_hellman.h> #include <config/traffic_selector.h> +#include <config/child_proposal.h> -typedef struct child_proposal_t child_proposal_t; - -/** - * @brief Storage structure for a proposal for a child sa. - * - * A proposal for a child sa contains data for - * AH, ESP, or both. - * - * @todo Currently the amount of tranforms with same type in a proposal is limited to 1. - * Support of more transforms with same type has to be added. - * - * @ingroup config - */ -struct child_proposal_t { - - /** - * Data for AH, if set. - */ - struct { - bool is_set; - integrity_algorithm_t integrity_algorithm; - size_t integrity_algorithm_key_size; - diffie_hellman_group_t diffie_hellman_group; - extended_sequence_numbers_t extended_sequence_numbers; - u_int8_t spi[4]; - } ah; - - /** - * Data for ESP, if set. - */ - struct { - bool is_set; - encryption_algorithm_t encryption_algorithm; - size_t encryption_algorithm_key_size; - integrity_algorithm_t integrity_algorithm; - size_t integrity_algorithm_key_size; - diffie_hellman_group_t diffie_hellman_group; - extended_sequence_numbers_t extended_sequence_numbers; - u_int8_t spi[4]; - } esp; -}; - typedef struct sa_config_t sa_config_t; @@ -195,30 +154,27 @@ struct sa_config_t { size_t (*select_traffic_selectors_responder) (sa_config_t *this, traffic_selector_t *supplied[], size_t count, traffic_selector_t **selected[]); /** - * @brief Get the list of proposals for this config. + * @brief Get an iterator for the internally stored proposals. * - * @warning Resulting array must be freed! + * @warning Items are still owned by sa_config and MUST NOT + * be manipulated or freed! * - * @param this calling object - * @param[out] traffic_selectors pointer where proposals will be allocated - * @return number of allocated proposals + * @param this calling object + * @return iterator for the proposals */ - size_t (*get_proposals) (sa_config_t *this, u_int8_t ah_spi[4], u_int8_t esp_spi[4], child_proposal_t *proposals[]); + iterator_t *(*create_proposal_iterator) (sa_config_t *this); /** - * @brief Select a proposal from a supplied list - * - * @warning Resulting array must be freed! + * @brief Select a proposal from a supplied list. * * @param this calling object - * @param supplied pointer to an array of proposals to select from. - * @param count number of proposals stored at supplied - * @return the selected proposal + * @param proposals list from from wich proposals are selected + * @return selected proposal, or NULL if nothing matches */ - child_proposal_t* (*select_proposal) (sa_config_t *this, u_int8_t ah_spi[4], u_int8_t esp_spi[4], child_proposal_t *supplied, size_t count); + child_proposal_t *(*select_proposal) (sa_config_t *this, linked_list_t *proposals); /** - * @brief Add a traffic selector to the list for initiator. + * @brief Add a traffic selector to the list for initiator. * * Added proposal will be cloned. * @@ -246,7 +202,6 @@ struct sa_config_t { * * The proposals are stored by priority, first added * is the most prefered. - * Added proposal will be cloned. * * @warning Do not add while other threads are reading. * diff --git a/Source/charon/encoding/payloads/proposal_substructure.c b/Source/charon/encoding/payloads/proposal_substructure.c index 7ca81e3ef..00e093234 100644 --- a/Source/charon/encoding/payloads/proposal_substructure.c +++ b/Source/charon/encoding/payloads/proposal_substructure.c @@ -37,17 +37,6 @@ */ #define PROPOSAL_TYPE_VALUE 2 -/** - * String mappings for protocol_id_t. - */ -mapping_t protocol_id_m[] = { - {UNDEFINED_PROTOCOL_ID, "UNDEFINED_PROTOCOL_ID"}, - {IKE, "IKE"}, - {AH, "AH"}, - {ESP, "ESP"}, - {MAPPING_END, NULL} -}; - typedef struct private_proposal_substructure_t private_proposal_substructure_t; @@ -413,7 +402,7 @@ static size_t get_transform_count (private_proposal_substructure_t *this) */ static size_t get_spi_size (private_proposal_substructure_t *this) { - return this->spi.len; + return this->spi.len; } /** @@ -499,6 +488,7 @@ proposal_substructure_t *proposal_substructure_create() this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type; this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; + /* public functions */ this->public.create_transform_substructure_iterator = (iterator_t* (*) (proposal_substructure_t *,bool)) create_transform_substructure_iterator; this->public.add_transform_substructure = (void (*) (proposal_substructure_t *,transform_substructure_t *)) add_transform_substructure; @@ -529,8 +519,65 @@ proposal_substructure_t *proposal_substructure_create() this->spi_size = 0; this->spi.ptr = NULL; this->spi.len = 0; - + this->transforms = linked_list_create(); - + return (&(this->public)); } + +/* + * Described in header. + */ +proposal_substructure_t *proposal_substructure_create_from_child_proposal(child_proposal_t *proposal, protocol_id_t *proto) +{ + private_proposal_substructure_t *this = (private_proposal_substructure_t*)proposal_substructure_create(); + iterator_t *iterator; + algorithm_t *algo; + transform_substructure_t *transform; + + /* encryption algorithm is only availble in ESP */ + if (proto == ESP) + { + iterator = proposal->create_algorithm_iterator(proposal, proto, ENCRYPTION_ALGORITHM); + while (iterator->has_next(iterator)) + { + iterator->current(iterator, (void**)&algo); + transform = transform_substructure_create_type(ENCRYPTION_ALGORITHM, algo->algorithm, algo->key_size); + this->public.add_transform_substructure(&(this->public), transform); + } + iterator->destroy(iterator); + } + + /* integrity algorithms */ + iterator = proposal->create_algorithm_iterator(proposal, proto, INTEGRITY_ALGORITHM); + while (iterator->has_next(iterator)) + { + algorithm_t *algo; + iterator->current(iterator, (void**)&algo); + transform = transform_substructure_create_type(INTEGRITY_ALGORITHM, algo->algorithm, algo->key_size); + this->public.add_transform_substructure(&(this->public), transform); + } + iterator->destroy(iterator); + + /* dh groups */ + iterator = proposal->create_algorithm_iterator(proposal, proto, DIFFIE_HELLMAN_GROUP); + while (iterator->has_next(iterator)) + { + algorithm_t *algo; + iterator->current(iterator, (void**)&algo); + transform = transform_substructure_create_type(DIFFIE_HELLMAN_GROUP, algo->algorithm, 0); + this->public.add_transform_substructure(&(this->public), transform); + } + iterator->destroy(iterator); + + /* extended sequence numbers */ + iterator = proposal->create_algorithm_iterator(proposal, proto, EXTENDED_SEQUENCE_NUMBERS); + while (iterator->has_next(iterator)) + { + algorithm_t *algo; + iterator->current(iterator, (void**)&algo); + transform = transform_substructure_create_type(EXTENDED_SEQUENCE_NUMBERS, algo->algorithm, 0); + this->public.add_transform_substructure(&(this->public), transform); + } + iterator->destroy(iterator); +} diff --git a/Source/charon/encoding/payloads/proposal_substructure.h b/Source/charon/encoding/payloads/proposal_substructure.h index 5380d1c65..afa58516b 100644 --- a/Source/charon/encoding/payloads/proposal_substructure.h +++ b/Source/charon/encoding/payloads/proposal_substructure.h @@ -26,6 +26,7 @@ #include <types.h> #include <encoding/payloads/payload.h> #include <encoding/payloads/transform_substructure.h> +#include <config/child_proposal.h> #include <utils/linked_list.h> @@ -37,27 +38,6 @@ #define PROPOSAL_SUBSTRUCTURE_HEADER_LENGTH 8 -typedef enum protocol_id_t protocol_id_t; - -/** - * Protocol ID of a proposal. - * - * @ingroup payloads - */ -enum protocol_id_t { - UNDEFINED_PROTOCOL_ID = 201, - IKE = 1, - AH = 2, - ESP = 3, -}; - -/** - * String mappings for protocol_id_t. - * - * @ingroup payloads - */ -extern mapping_t protocol_id_m[]; - typedef struct proposal_substructure_t proposal_substructure_t; /** @@ -218,5 +198,22 @@ struct proposal_substructure_t { */ proposal_substructure_t *proposal_substructure_create(); +/** + * @brief Creates a proposal substructure from a child_proposal. + * + * Since a child proposal may contain data for both AH and ESP, + * the protocol must be specified. If the proposal does not contain + * data for proto, NULL is returned. Call twice, once with AH, once + * with ESP, with the same proposal to build the two substructures + * for it. + * + * @param proposal proposal to build a substruct out of it + * @param proto for which protocol the substructure should be built + * @return proposal_substructure_t object, or NULL + * + * @ingroup payloads + */ +proposal_substructure_t *proposal_substructure_create_from_child_proposal(child_proposal_t *proposal, protocol_id_t proto); + #endif /*PROPOSAL_SUBSTRUCTURE_H_*/ diff --git a/Source/charon/encoding/payloads/sa_payload.c b/Source/charon/encoding/payloads/sa_payload.c index 1ef67a2c9..b433d67ac 100644 --- a/Source/charon/encoding/payloads/sa_payload.c +++ b/Source/charon/encoding/payloads/sa_payload.c @@ -258,6 +258,34 @@ static void add_proposal_substructure (private_sa_payload_t *this,proposal_subst } /** + * Implementation of sa_payload_t.add_child_proposal. + */ +static void add_child_proposal(private_sa_payload_t *this, child_proposal_t *proposal) +{ + proposal_substructure_t *substructure; + protocol_id_t proto; + + /* watch out to build the substructures in the right order */ + proto = proposal->get_first_protocol(proposal); + if (proto != AH && proto != ESP) + { + return; + } + substructure = proposal_substructure_create_from_child_proposal(proposal, proto); + add_proposal_substructure(this, substructure); + + /* first is done, now do the (possible) other */ + proto = proposal->get_second_protocol(proposal); + if (proto != AH && proto != ESP) + { + return; + } + substructure = proposal_substructure_create_from_child_proposal(proposal, proto); + add_proposal_substructure(this, substructure); +} + + +/** * Implementation of sa_payload_t.get_ike_proposals. */ static status_t get_ike_proposals (private_sa_payload_t *this,ike_proposal_t ** proposals, size_t *proposal_count) @@ -267,7 +295,6 @@ static status_t get_ike_proposals (private_sa_payload_t *this,ike_proposal_t ** iterator_t *iterator; ike_proposal_t *tmp_proposals; - iterator = this->proposals->create_iterator(this->proposals,TRUE); /* first find out the number of ike proposals and check their number of transforms and diff --git a/Source/charon/encoding/payloads/sa_payload.h b/Source/charon/encoding/payloads/sa_payload.h index 8c4f5d530..90f57b760 100644 --- a/Source/charon/encoding/payloads/sa_payload.h +++ b/Source/charon/encoding/payloads/sa_payload.h @@ -119,7 +119,14 @@ struct sa_payload_t { * - FAILED if a proposal does not contain all needed transforms */ status_t (*get_child_proposals) (sa_payload_t *this, child_proposal_t **proposals, size_t *proposal_count); - + + /** + * @brief Add a child proposal (AH/ESP) to the payload. + * + * @param proposal child proposal to add to the payload + */ + void (*add_child_proposal) (sa_payload_t *this, child_proposal_t *proposal); + /** * @brief Destroys an sa_payload_t object. * @@ -149,20 +156,5 @@ sa_payload_t *sa_payload_create(); */ sa_payload_t *sa_payload_create_from_ike_proposals(ike_proposal_t *proposals, size_t proposal_count); -/** - * @brief Creates a sa_payload_t object from array of child_proposal_t's. - * - * @warning for proposals where AH and ESP is not set, an empty proposal is created. - * - * - * @return created sa_payload_t object - * @param proposals pointer to first proposal in array of type child_proposal_t - * @param proposal_count number of child_proposal_t's in array - * @return sa_payload_t object - * - * @ingroup payloads - */ -sa_payload_t *sa_payload_create_from_child_proposals(child_proposal_t *proposals, size_t proposal_count); - #endif /*SA_PAYLOAD_H_*/ diff --git a/Source/charon/encoding/payloads/transform_substructure.c b/Source/charon/encoding/payloads/transform_substructure.c index c519c6777..ba064c506 100644 --- a/Source/charon/encoding/payloads/transform_substructure.c +++ b/Source/charon/encoding/payloads/transform_substructure.c @@ -80,29 +80,6 @@ struct private_transform_substructure_t { }; -/** - * String mappings for transform_type_t. - */ -mapping_t transform_type_m[] = { - {UNDEFINED_TRANSFORM_TYPE, "UNDEFINED_TRANSFORM_TYPE"}, - {ENCRYPTION_ALGORITHM, "ENCRYPTION_ALGORITHM"}, - {PSEUDO_RANDOM_FUNCTION, "PSEUDO_RANDOM_FUNCTION"}, - {INTEGRITY_ALGORITHM, "INTEGRITY_ALGORITHM"}, - {DIFFIE_HELLMAN_GROUP, "DIFFIE_HELLMAN_GROUP"}, - {EXTENDED_SEQUENCE_NUMBERS, "EXTENDED_SEQUENCE_NUMBERS"}, - {MAPPING_END, NULL} -}; - - -/** - * String mappings for extended_sequence_numbers_t. - */ -mapping_t extended_sequence_numbers_m[] = { - {NO_EXT_SEQ_NUMBERS, "NO_EXT_SEQ_NUMBERS"}, - {EXT_SEQ_NUMBERS, "EXT_SEQ_NUMBERS"}, - {MAPPING_END, NULL} -}; - /** * Encoding rules to parse or generate a Transform substructure. * diff --git a/Source/charon/encoding/payloads/transform_substructure.h b/Source/charon/encoding/payloads/transform_substructure.h index cd5cffe7b..79dd101d0 100644 --- a/Source/charon/encoding/payloads/transform_substructure.h +++ b/Source/charon/encoding/payloads/transform_substructure.h @@ -32,6 +32,7 @@ #include <transforms/signers/signer.h> #include <transforms/prfs/prf.h> #include <transforms/crypters/crypter.h> +#include <config/child_proposal.h> /** @@ -49,49 +50,6 @@ #define TRANSFORM_SUBSTRUCTURE_HEADER_LENGTH 8 -typedef enum transform_type_t transform_type_t; - -/** - * Type of a transform, as in IKEv2 draft 3.3.2. - * - * @ingroup payloads - */ -enum transform_type_t { - UNDEFINED_TRANSFORM_TYPE = 241, - ENCRYPTION_ALGORITHM = 1, - PSEUDO_RANDOM_FUNCTION = 2, - INTEGRITY_ALGORITHM = 3, - DIFFIE_HELLMAN_GROUP = 4, - EXTENDED_SEQUENCE_NUMBERS = 5 -}; - -/** - * String mappings for transform_type_t. - * - * @ingroup payloads - */ -extern mapping_t transform_type_m[]; - - -typedef enum extended_sequence_numbers_t extended_sequence_numbers_t; - -/** - * Extended sequence numbers, as in IKEv2 draft 3.3.2. - * - * @ingroup payloads - */ -enum extended_sequence_numbers_t { - NO_EXT_SEQ_NUMBERS = 0, - EXT_SEQ_NUMBERS = 1 -}; - -/** - * String mappings for extended_sequence_numbers_t. - * - * @ingroup payloads - */ -extern mapping_t extended_sequence_numbers_m[]; - typedef struct transform_substructure_t transform_substructure_t; /** diff --git a/Source/charon/testcases/kernel_interface_test.c b/Source/charon/testcases/kernel_interface_test.c index 1b0462679..8a24fb7b4 100644 --- a/Source/charon/testcases/kernel_interface_test.c +++ b/Source/charon/testcases/kernel_interface_test.c @@ -66,7 +66,6 @@ void test_kernel_interface(protected_tester_t *tester) status = kernel_interface->get_spi(kernel_interface, me, other, 50, TRUE, &spi); - //status |= kernel_interface->get_spi(kernel_interface, me, other, 50, TRUE, &spi); tester->assert_true(tester, status == SUCCESS, "spi get"); status = kernel_interface->add_sa(kernel_interface, me, other, spi, 50, TRUE, ENCR_AES_CBC, 16, enc_key,AUTH_HMAC_MD5_96,16,inc_key,TRUE); diff --git a/Source/charon/testcases/testcases.c b/Source/charon/testcases/testcases.c index 5f33d07d4..603d6db65 100644 --- a/Source/charon/testcases/testcases.c +++ b/Source/charon/testcases/testcases.c @@ -246,8 +246,8 @@ int main() tester_t *tester = tester_create(test_output, FALSE); - tester->perform_tests(tester,all_tests); - /* tester->perform_test(tester,&linked_list_insert_and_remove_test); */ + //tester->perform_tests(tester,all_tests); + tester->perform_test(tester,&kernel_interface_test); tester->destroy(tester); diff --git a/Source/charon/threads/kernel_interface.h b/Source/charon/threads/kernel_interface.h index b73a5bb9a..951319067 100644 --- a/Source/charon/threads/kernel_interface.h +++ b/Source/charon/threads/kernel_interface.h @@ -54,18 +54,18 @@ struct kernel_interface_t { * @todo Cleanup method params */ status_t (*add_sa)(kernel_interface_t *this, - host_t *me, - host_t *other, - u_int32_t spi, - int protocol, - bool tunnel_mode, - encryption_algorithm_t enc_alg, - size_t enc_size, - chunk_t enc_key, - integrity_algorithm_t int_alg, - size_t int_size, - chunk_t int_key, - bool replace); + host_t *me, + host_t *other, + u_int32_t spi, + int protocol, + bool tunnel_mode, + encryption_algorithm_t enc_alg, + size_t enc_size, + chunk_t enc_key, + integrity_algorithm_t int_alg, + size_t int_size, + chunk_t int_key, + bool replace); /** * @brief Destroys a kernel_interface object. |