From ce461bbd13c5ea6a94ba0b34cbb4d1be8159b67e Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Tue, 14 Feb 2006 14:52:00 +0000 Subject: - refactored ike proposal - uses now proposal_t, wich is also used by child proposals - ike key derivation refactored - crypter_t api has get_key_size now - some other improvements here and there --- Source/charon/config/Makefile.config | 4 +- Source/charon/config/child_proposal.c | 583 --------------------------- Source/charon/config/child_proposal.h | 253 ------------ Source/charon/config/configuration_manager.c | 85 ++-- Source/charon/config/init_config.c | 167 ++++---- Source/charon/config/init_config.h | 120 ++---- Source/charon/config/proposal.c | 583 +++++++++++++++++++++++++++ Source/charon/config/proposal.h | 253 ++++++++++++ Source/charon/config/sa_config.c | 12 +- Source/charon/config/sa_config.h | 6 +- 10 files changed, 1017 insertions(+), 1049 deletions(-) delete mode 100644 Source/charon/config/child_proposal.c delete mode 100644 Source/charon/config/child_proposal.h create mode 100644 Source/charon/config/proposal.c create mode 100644 Source/charon/config/proposal.h (limited to 'Source/charon/config') diff --git a/Source/charon/config/Makefile.config b/Source/charon/config/Makefile.config index 7ca46d14f..7189d404b 100644 --- a/Source/charon/config/Makefile.config +++ b/Source/charon/config/Makefile.config @@ -31,6 +31,6 @@ OBJS+= $(BUILD_DIR)traffic_selector.o $(BUILD_DIR)traffic_selector.o : $(CONFIG_DIR)traffic_selector.c $(CONFIG_DIR)traffic_selector.h $(CC) $(CFLAGS) -c -o $@ $< -OBJS+= $(BUILD_DIR)child_proposal.o -$(BUILD_DIR)child_proposal.o : $(CONFIG_DIR)child_proposal.c $(CONFIG_DIR)child_proposal.h +OBJS+= $(BUILD_DIR)proposal.o +$(BUILD_DIR)proposal.o : $(CONFIG_DIR)proposal.c $(CONFIG_DIR)proposal.h $(CC) $(CFLAGS) -c -o $@ $< diff --git a/Source/charon/config/child_proposal.c b/Source/charon/config/child_proposal.c deleted file mode 100644 index 729102ebf..000000000 --- a/Source/charon/config/child_proposal.c +++ /dev/null @@ -1,583 +0,0 @@ -/** - * @file child_proposal.c - * - * @brief Implementation of child_proposal_t. - * - */ - -/* - * Copyright (C) 2006 Martin Willi - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "child_proposal.h" - -#include -#include -#include -#include - - -/** - * String mappings for protocol_id_t. - */ -mapping_t protocol_id_m[] = { - {UNDEFINED_PROTOCOL_ID, "UNDEFINED_PROTOCOL_ID"}, - {IKE, "IKE"}, - {AH, "AH"}, - {ESP, "ESP"}, - {MAPPING_END, NULL} -}; - -/** - * String mappings for transform_type_t. - */ -mapping_t transform_type_m[] = { - {UNDEFINED_TRANSFORM_TYPE, "UNDEFINED_TRANSFORM_TYPE"}, - {ENCRYPTION_ALGORITHM, "ENCRYPTION_ALGORITHM"}, - {PSEUDO_RANDOM_FUNCTION, "PSEUDO_RANDOM_FUNCTION"}, - {INTEGRITY_ALGORITHM, "INTEGRITY_ALGORITHM"}, - {DIFFIE_HELLMAN_GROUP, "DIFFIE_HELLMAN_GROUP"}, - {EXTENDED_SEQUENCE_NUMBERS, "EXTENDED_SEQUENCE_NUMBERS"}, - {MAPPING_END, NULL} -}; - -/** - * String mappings for extended_sequence_numbers_t. - */ -mapping_t extended_sequence_numbers_m[] = { - {NO_EXT_SEQ_NUMBERS, "NO_EXT_SEQ_NUMBERS"}, - {EXT_SEQ_NUMBERS, "EXT_SEQ_NUMBERS"}, - {MAPPING_END, NULL} -}; - - -typedef struct protocol_proposal_t protocol_proposal_t; - -/** - * substructure which holds all data algos for a specific protocol - */ -struct protocol_proposal_t { - /** - * protocol (ESP or AH) - */ - protocol_id_t protocol; - - /** - * priority ordered list of encryption algorithms - */ - linked_list_t *encryption_algos; - - /** - * priority ordered list of integrity algorithms - */ - linked_list_t *integrity_algos; - - /** - * priority ordered list of pseudo random functions - */ - linked_list_t *prf_algos; - - /** - * priority ordered list of dh groups - */ - linked_list_t *dh_groups; - - /** - * priority ordered list of extended sequence number flags - */ - linked_list_t *esns; - - /** - * senders SPI - */ - chunk_t spi; -}; - - -typedef struct private_child_proposal_t private_child_proposal_t; - -/** - * Private data of an child_proposal_t object - */ -struct private_child_proposal_t { - - /** - * Public part - */ - child_proposal_t public; - - /** - * number of this proposal, as used in the payload - */ - u_int8_t number; - - /** - * list of protocol_proposal_t's - */ - linked_list_t *protocol_proposals; -}; - -/** - * Look up a protocol_proposal, or create one if necessary... - */ -static protocol_proposal_t *get_protocol_proposal(private_child_proposal_t *this, protocol_id_t proto, bool create) -{ - protocol_proposal_t *proto_proposal = NULL, *current_proto_proposal;; - iterator_t *iterator; - - /* find our protocol in the proposals */ - iterator = this->protocol_proposals->create_iterator(this->protocol_proposals, TRUE); - while (iterator->has_next(iterator)) - { - iterator->current(iterator, (void**)¤t_proto_proposal); - if (current_proto_proposal->protocol == proto) - { - proto_proposal = current_proto_proposal; - break; - } - } - iterator->destroy(iterator); - - if (!proto_proposal && create) - { - /* nope, create a new one */ - proto_proposal = allocator_alloc_thing(protocol_proposal_t); - proto_proposal->protocol = proto; - proto_proposal->encryption_algos = linked_list_create(); - proto_proposal->integrity_algos = linked_list_create(); - proto_proposal->prf_algos = linked_list_create(); - proto_proposal->dh_groups = linked_list_create(); - proto_proposal->esns = linked_list_create(); - if (proto == IKE) - { - proto_proposal->spi.len = 8; - } - else - { - proto_proposal->spi.len = 4; - } - proto_proposal->spi.ptr = allocator_alloc(proto_proposal->spi.len); - /* add to the list */ - this->protocol_proposals->insert_last(this->protocol_proposals, (void*)proto_proposal); - } - return proto_proposal; -} - -/** - * Add algorithm/keysize to a algorithm list - */ -static void add_algo(linked_list_t *list, u_int8_t algo, size_t key_size) -{ - algorithm_t *algo_key = allocator_alloc_thing(algorithm_t); - - algo_key->algorithm = algo; - algo_key->key_size = key_size; - list->insert_last(list, (void*)algo_key); -} - -/** - * Implements child_proposal_t.add_algorithm - */ -static void add_algorithm(private_child_proposal_t *this, protocol_id_t proto, transform_type_t type, u_int16_t algo, size_t key_size) -{ - protocol_proposal_t *proto_proposal = get_protocol_proposal(this, proto, TRUE); - - switch (type) - { - case ENCRYPTION_ALGORITHM: - add_algo(proto_proposal->encryption_algos, algo, key_size); - break; - case INTEGRITY_ALGORITHM: - add_algo(proto_proposal->integrity_algos, algo, key_size); - break; - case PSEUDO_RANDOM_FUNCTION: - add_algo(proto_proposal->prf_algos, algo, key_size); - break; - case DIFFIE_HELLMAN_GROUP: - add_algo(proto_proposal->dh_groups, algo, 0); - break; - case EXTENDED_SEQUENCE_NUMBERS: - add_algo(proto_proposal->esns, algo, 0); - break; - default: - break; - } -} - -/** - * Implements child_proposal_t.get_algorithm. - */ -static bool get_algorithm(private_child_proposal_t *this, protocol_id_t proto, transform_type_t type, algorithm_t** algo) -{ - linked_list_t * list; - protocol_proposal_t *proto_proposal = get_protocol_proposal(this, proto, FALSE); - - if (proto_proposal == NULL) - { - return FALSE; - } - switch (type) - { - case ENCRYPTION_ALGORITHM: - list = proto_proposal->encryption_algos; - break; - case INTEGRITY_ALGORITHM: - list = proto_proposal->integrity_algos; - break; - case PSEUDO_RANDOM_FUNCTION: - list = proto_proposal->prf_algos; - break; - case DIFFIE_HELLMAN_GROUP: - list = proto_proposal->dh_groups; - break; - case EXTENDED_SEQUENCE_NUMBERS: - list = proto_proposal->esns; - break; - default: - return FALSE; - } - if (list->get_first(list, (void**)algo) != SUCCESS) - { - return FALSE; - } - return TRUE; -} - -/** - * Implements child_proposal_t.create_algorithm_iterator. - */ -static iterator_t *create_algorithm_iterator(private_child_proposal_t *this, protocol_id_t proto, transform_type_t type) -{ - protocol_proposal_t *proto_proposal = get_protocol_proposal(this, proto, FALSE); - if (proto_proposal == NULL) - { - return NULL; - } - - switch (type) - { - case ENCRYPTION_ALGORITHM: - return proto_proposal->encryption_algos->create_iterator(proto_proposal->encryption_algos, TRUE); - case INTEGRITY_ALGORITHM: - return proto_proposal->integrity_algos->create_iterator(proto_proposal->integrity_algos, TRUE); - case PSEUDO_RANDOM_FUNCTION: - return proto_proposal->prf_algos->create_iterator(proto_proposal->prf_algos, TRUE); - case DIFFIE_HELLMAN_GROUP: - return proto_proposal->dh_groups->create_iterator(proto_proposal->dh_groups, TRUE); - case EXTENDED_SEQUENCE_NUMBERS: - return proto_proposal->esns->create_iterator(proto_proposal->esns, TRUE); - default: - break; - } - return NULL; -} - -/** - * Find a matching alg/keysize in two linked lists - */ -static bool select_algo(linked_list_t *first, linked_list_t *second, bool *add, u_int16_t *alg, size_t *key_size) -{ - iterator_t *first_iter, *second_iter; - algorithm_t *first_alg, *second_alg; - - /* if in both are zero algorithms specified, we HAVE a match */ - if (first->get_count(first) == 0 && second->get_count(second) == 0) - { - *add = FALSE; - return TRUE; - } - - first_iter = first->create_iterator(first, TRUE); - second_iter = second->create_iterator(second, TRUE); - /* compare algs, order of algs in "first" is preferred */ - while (first_iter->has_next(first_iter)) - { - first_iter->current(first_iter, (void**)&first_alg); - second_iter->reset(second_iter); - while (second_iter->has_next(second_iter)) - { - second_iter->current(second_iter, (void**)&second_alg); - if (first_alg->algorithm == second_alg->algorithm && - first_alg->key_size == second_alg->key_size) - { - /* ok, we have an algorithm */ - *alg = first_alg->algorithm; - *key_size = first_alg->key_size; - *add = TRUE; - first_iter->destroy(first_iter); - second_iter->destroy(second_iter); - return TRUE; - } - } - } - /* no match in all comparisons */ - first_iter->destroy(first_iter); - second_iter->destroy(second_iter); - return FALSE; -} - -/** - * Implements child_proposal_t.select. - */ -static child_proposal_t *select_proposal(private_child_proposal_t *this, private_child_proposal_t *other) -{ - child_proposal_t *selected; - u_int16_t algo; - size_t key_size; - iterator_t *iterator; - protocol_proposal_t *this_prop, *other_prop; - protocol_id_t proto; - bool add; - - /* empty proposal? no match */ - if (this->protocol_proposals->get_count(this->protocol_proposals) == 0 || - other->protocol_proposals->get_count(other->protocol_proposals) == 0) - { - return NULL; - } - /* they MUST have the same amount of protocols */ - if (this->protocol_proposals->get_count(this->protocol_proposals) != - other->protocol_proposals->get_count(other->protocol_proposals)) - { - return NULL; - } - - selected = child_proposal_create(this->number); - - /* iterate over supplied proposals */ - iterator = other->protocol_proposals->create_iterator(other->protocol_proposals, TRUE); - while (iterator->has_next(iterator)) - { - iterator->current(iterator, (void**)&other_prop); - /* get the proposal with the same protocol */ - proto = other_prop->protocol; - this_prop = get_protocol_proposal(this, proto, FALSE); - - if (this_prop == NULL) - { - iterator->destroy(iterator); - selected->destroy(selected); - return NULL; - } - - /* select encryption algorithm */ - if (select_algo(this_prop->encryption_algos, other_prop->encryption_algos, &add, &algo, &key_size)) - { - if (add) - { - selected->add_algorithm(selected, proto, ENCRYPTION_ALGORITHM, algo, key_size); - } - } - else - { - iterator->destroy(iterator); - selected->destroy(selected); - return NULL; - } - /* select integrity algorithm */ - if (select_algo(this_prop->integrity_algos, other_prop->integrity_algos, &add, &algo, &key_size)) - { - if (add) - { - selected->add_algorithm(selected, proto, INTEGRITY_ALGORITHM, algo, key_size); - } - } - else - { - iterator->destroy(iterator); - selected->destroy(selected); - return NULL; - } - /* select prf algorithm */ - if (select_algo(this_prop->prf_algos, other_prop->prf_algos, &add, &algo, &key_size)) - { - if (add) - { - selected->add_algorithm(selected, proto, PSEUDO_RANDOM_FUNCTION, algo, key_size); - } - } - else - { - iterator->destroy(iterator); - selected->destroy(selected); - return NULL; - } - /* select a DH-group */ - if (select_algo(this_prop->dh_groups, other_prop->dh_groups, &add, &algo, &key_size)) - { - if (add) - { - selected->add_algorithm(selected, proto, DIFFIE_HELLMAN_GROUP, algo, 0); - } - } - else - { - iterator->destroy(iterator); - selected->destroy(selected); - return NULL; - } - /* select if we use ESNs */ - if (select_algo(this_prop->esns, other_prop->esns, &add, &algo, &key_size)) - { - if (add) - { - selected->add_algorithm(selected, proto, EXTENDED_SEQUENCE_NUMBERS, algo, 0); - } - } - else - { - iterator->destroy(iterator); - selected->destroy(selected); - return NULL; - } - } - iterator->destroy(iterator); - /* everything matched, return new proposal */ - return selected; -} - -/** - * Implements child_proposal_t.get_number. - */ -static u_int8_t get_number(private_child_proposal_t *this) -{ - return this->number; -} - -/** - * Implements child_proposal_t.get_protocols. - */ -static void get_protocols(private_child_proposal_t *this, protocol_id_t ids[2]) -{ - iterator_t *iterator = this->protocol_proposals->create_iterator(this->protocol_proposals, TRUE); - u_int i = 0; - - ids[0] = UNDEFINED_PROTOCOL_ID; - ids[1] = UNDEFINED_PROTOCOL_ID; - while (iterator->has_next(iterator)) - { - protocol_proposal_t *proto_prop; - iterator->current(iterator, (void**)&proto_prop); - ids[i++] = proto_prop->protocol; - if (i>1) - { - /* should not happen, but who knows */ - break; - } - } - iterator->destroy(iterator); -} - -/** - * Implements child_proposal_t.set_spi. - */ -static void set_spi(private_child_proposal_t *this, protocol_id_t proto, u_int64_t spi) -{ - protocol_proposal_t *proto_proposal = get_protocol_proposal(this, proto, FALSE); - if (proto_proposal) - { - if (proto == IKE) - { - *((u_int32_t*)proto_proposal->spi.ptr) = (u_int32_t)spi; - } - else - { - *((u_int64_t*)proto_proposal->spi.ptr) = spi; - } - - } -} - -/** - * Implements child_proposal_t.get_spi. - */ -static u_int64_t get_spi(private_child_proposal_t *this, protocol_id_t proto) -{ - protocol_proposal_t *proto_proposal = get_protocol_proposal(this, proto, FALSE); - if (proto_proposal) - { - if (proto == IKE) - { - return (u_int64_t)*((u_int32_t*)proto_proposal->spi.ptr); - } - else - { - return *((u_int64_t*)proto_proposal->spi.ptr); - } - } - return 0; -} - -/** - * Frees all list items and destroys the list - */ -static void free_algo_list(linked_list_t *list) -{ - algorithm_t *algo; - - while(list->get_count(list) > 0) - { - list->remove_last(list, (void**)&algo); - allocator_free(algo); - } - list->destroy(list); -} - -/** - * Implements child_proposal_t.destroy. - */ -static void destroy(private_child_proposal_t *this) -{ - while(this->protocol_proposals->get_count(this->protocol_proposals) > 0) - { - protocol_proposal_t *proto_prop; - this->protocol_proposals->remove_last(this->protocol_proposals, (void**)&proto_prop); - - free_algo_list(proto_prop->encryption_algos); - free_algo_list(proto_prop->integrity_algos); - free_algo_list(proto_prop->prf_algos); - free_algo_list(proto_prop->dh_groups); - free_algo_list(proto_prop->esns); - - allocator_free(proto_prop->spi.ptr); - allocator_free(proto_prop); - } - this->protocol_proposals->destroy(this->protocol_proposals); - - allocator_free(this); -} - -/* - * Describtion in header-file - */ -child_proposal_t *child_proposal_create(u_int8_t number) -{ - private_child_proposal_t *this = allocator_alloc_thing(private_child_proposal_t); - - this->public.add_algorithm = (void (*)(child_proposal_t*,protocol_id_t,transform_type_t,u_int16_t,size_t))add_algorithm; - this->public.create_algorithm_iterator = (iterator_t* (*)(child_proposal_t*,protocol_id_t,transform_type_t))create_algorithm_iterator; - this->public.get_algorithm = (bool (*)(child_proposal_t*,protocol_id_t,transform_type_t,algorithm_t**))get_algorithm; - this->public.select = (child_proposal_t* (*)(child_proposal_t*,child_proposal_t*))select_proposal; - this->public.get_number = (u_int8_t (*)(child_proposal_t*))get_number; - this->public.get_protocols = (void(*)(child_proposal_t *this, protocol_id_t ids[2]))get_protocols; - this->public.set_spi = (void(*)(child_proposal_t*,protocol_id_t,u_int64_t spi))set_spi; - this->public.get_spi = (u_int64_t(*)(child_proposal_t*,protocol_id_t))get_spi; - this->public.destroy = (void(*)(child_proposal_t*))destroy; - - /* init private members*/ - this->number = number; - this->protocol_proposals = linked_list_create(); - - return (&this->public); -} diff --git a/Source/charon/config/child_proposal.h b/Source/charon/config/child_proposal.h deleted file mode 100644 index 69bd7f395..000000000 --- a/Source/charon/config/child_proposal.h +++ /dev/null @@ -1,253 +0,0 @@ -/** - * @file child_proposal.h - * - * @brief Interface of child_proposal_t. - * - */ - -/* - * Copyright (C) 2006 Martin Willi - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#ifndef _CHILD_PROPOSAL_H_ -#define _CHILD_PROPOSAL_H_ - -#include -#include -#include -#include -#include -#include -#include -#include - - -typedef enum protocol_id_t protocol_id_t; - -/** - * Protocol ID of a proposal. - * - * @ingroup config - */ -enum protocol_id_t { - UNDEFINED_PROTOCOL_ID = 201, - IKE = 1, - AH = 2, - ESP = 3, -}; - -/** - * String mappings for protocol_id_t. - * - * @ingroup config - */ -extern mapping_t protocol_id_m[]; - - -typedef enum transform_type_t transform_type_t; - -/** - * Type of a transform, as in IKEv2 draft 3.3.2. - * - * @ingroup payloads - */ -enum transform_type_t { - UNDEFINED_TRANSFORM_TYPE = 241, - ENCRYPTION_ALGORITHM = 1, - PSEUDO_RANDOM_FUNCTION = 2, - INTEGRITY_ALGORITHM = 3, - DIFFIE_HELLMAN_GROUP = 4, - EXTENDED_SEQUENCE_NUMBERS = 5 -}; - -/** - * String mappings for transform_type_t. - * - * @ingroup payloads - */ -extern mapping_t transform_type_m[]; - - -typedef enum extended_sequence_numbers_t extended_sequence_numbers_t; - -/** - * Extended sequence numbers, as in IKEv2 draft 3.3.2. - * - * @ingroup payloads - */ -enum extended_sequence_numbers_t { - NO_EXT_SEQ_NUMBERS = 0, - EXT_SEQ_NUMBERS = 1 -}; - -/** - * String mappings for extended_sequence_numbers_t. - * - * @ingroup payloads - */ -extern mapping_t extended_sequence_numbers_m[]; - - -typedef struct algorithm_t algorithm_t; - -/** - * Struct used to store different kinds of algorithms. The internal - * lists of algorithms contain such structures. - */ -struct algorithm_t { - /** - * Value from an encryption_algorithm_t/integrity_algorithm_t/... - */ - u_int16_t algorithm; - - /** - * the associated key size, or zero if not needed - */ - u_int16_t key_size; -}; - -typedef struct child_proposal_t child_proposal_t; - -/** - * @brief Stores a proposal for a child SA. - * - * A child_proposal may contain more than one algorithm - * of the same kind. ONE of them can be selected. - * - * @warning This class is NOT thread-save! - * - * @b Constructors: - * - child_proposal_create() - * - * @ingroup config - */ -struct child_proposal_t { - - /** - * @brief Add an algorithm to the proposal. - * - * The algorithms are stored by priority, first added - * is the most preferred. - * Key size is only needed for encryption algorithms - * with variable key size (such as AES), or integrity - * algorithms. - * The alg parameter accepts encryption_algorithm_t, - * integrity_algorithm_t, dh_group_number_t and - * extended_sequence_numbers_t. - * - * @warning Do not add while other threads are reading. - * - * @param this calling object - * @param proto desired protocol - * @param type kind of algorithm - * @param alg identifier for algorithm - * @param key_size key size to use - */ - void (*add_algorithm) (child_proposal_t *this, protocol_id_t proto, transform_type_t type, u_int16_t alg, size_t key_size); - - /** - * @brief Get an iterator over algorithms for a specifc protocol/algo type. - * - * @param this calling object - * @param proto desired protocol - * @param type kind of algorithm - * @return iterator over algorithms - */ - iterator_t *(*create_algorithm_iterator) (child_proposal_t *this, protocol_id_t proto, transform_type_t type); - - /** - * @brief Get the algorithm for a type to use. - * - * If there are multiple algorithms, only the first is returned. - * Result is still owned by child_proposal, do not modify! - * - * @param this calling object - * @param proto desired protocol - * @param type kind of algorithm - * @param[out] algo pointer which receives algorithm and key size - * @return TRUE if algorithm of this kind available - */ - bool (*get_algorithm) (child_proposal_t *this, protocol_id_t proto, transform_type_t type, algorithm_t** algo); - - /** - * @brief Compare two proposal, and select a matching subset. - * - * If the proposals are for the same protocols (AH/ESP), they are - * compared. If they have at least one algorithm of each type - * in common, a resulting proposal of this kind is created. - * - * @param this calling object - * @param other proposal to compair agains - * @return - * - selected proposal, if possible - * - NULL, if proposals don't match - */ - child_proposal_t *(*select) (child_proposal_t *this, child_proposal_t *other); - - /** - * @brief Get the number set on construction. - * - * @param this calling object - * @return number - */ - u_int8_t (*get_number) (child_proposal_t *this); - - /** - * @brief Get the protocol ids in the proposals. - * - * With AH and ESP, there could be two protocols in one - * proposal. - * - * @param this calling object - * @param ids array of protocol ids, - */ - void (*get_protocols) (child_proposal_t *this, protocol_id_t ids[2]); - - /** - * @brief Get the spi for a specific protocol. - * - * @param this calling object - * @param proto AH/ESP - * @return spi for proto - */ - u_int64_t (*get_spi) (child_proposal_t *this, protocol_id_t proto); - - /** - * @brief Set the spi for a specific protocol. - * - * @param this calling object - * @param proto AH/ESP - * @param spi spi to set for proto - */ - void (*set_spi) (child_proposal_t *this, protocol_id_t proto, u_int64_t spi); - - /** - * @brief Destroys the proposal object. - * - * @param this calling object - */ - void (*destroy) (child_proposal_t *this); -}; - -/** - * @brief Create a child proposal for AH and/or ESP. - * - * @param number number of the proposal, as in the payload - * @return child_proposal_t object - * - * @ingroup config - */ -child_proposal_t *child_proposal_create(u_int8_t number); - -#endif //_CHILD_PROPOSAL_H_ diff --git a/Source/charon/config/configuration_manager.c b/Source/charon/config/configuration_manager.c index ed5c33d26..adbd0ddee 100644 --- a/Source/charon/config/configuration_manager.c +++ b/Source/charon/config/configuration_manager.c @@ -275,27 +275,32 @@ u_int8_t private_key_2[]; static void load_default_config (private_configuration_manager_t *this) { init_config_t *init_config_a, *init_config_b; - ike_proposal_t proposals; - child_proposal_t *child_proposal; + proposal_t *proposal; sa_config_t *sa_config_a, *sa_config_b; traffic_selector_t *ts; init_config_a = init_config_create("0.0.0.0","192.168.0.3",IKEV2_UDP_PORT,IKEV2_UDP_PORT); init_config_b = init_config_create("0.0.0.0","192.168.0.2",IKEV2_UDP_PORT,IKEV2_UDP_PORT); - ts = traffic_selector_create_from_string(1, TS_IPV4_ADDR_RANGE, "0.0.0.0", 0, "255.255.255.255", 65535); - - proposals.encryption_algorithm = ENCR_AES_CBC; - proposals.encryption_algorithm_key_length = 16; - proposals.integrity_algorithm = AUTH_HMAC_MD5_96; - proposals.integrity_algorithm_key_length = 16; - proposals.pseudo_random_function = PRF_HMAC_MD5; - proposals.pseudo_random_function_key_length = 16; - proposals.diffie_hellman_group = MODP_1024_BIT; - - init_config_a->add_proposal(init_config_a,1,proposals); - init_config_b->add_proposal(init_config_b,1,proposals); - + /* IKE proposals for alice */ + proposal = proposal_create(1); + proposal->add_algorithm(proposal, IKE, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16); + POS; + proposal->add_algorithm(proposal, IKE, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 16); + POS; + proposal->add_algorithm(proposal, IKE, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 16); + proposal->add_algorithm(proposal, IKE, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0); + proposal->add_algorithm(proposal, IKE, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0); + init_config_a->add_proposal(init_config_a, proposal); + + /* IKE proposals for bob */ + proposal = proposal_create(1); + proposal->add_algorithm(proposal, IKE, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16); + proposal->add_algorithm(proposal, IKE, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 16); + proposal->add_algorithm(proposal, IKE, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 16); + proposal->add_algorithm(proposal, IKE, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0); + init_config_b->add_proposal(init_config_b, proposal); + sa_config_a = sa_config_create(ID_IPV4_ADDR, "192.168.0.2", ID_IPV4_ADDR, "192.168.0.3", RSA_DIGITAL_SIGNATURE, @@ -305,46 +310,46 @@ static void load_default_config (private_configuration_manager_t *this) ID_IPV4_ADDR, "192.168.0.2", RSA_DIGITAL_SIGNATURE, 30000); - + + /* traffic selectors */ + ts = traffic_selector_create_from_string(1, TS_IPV4_ADDR_RANGE, "0.0.0.0", 0, "255.255.255.255", 65535); sa_config_a->add_traffic_selector_initiator(sa_config_a,ts); sa_config_a->add_traffic_selector_responder(sa_config_a,ts); - sa_config_b->add_traffic_selector_initiator(sa_config_b,ts); sa_config_b->add_traffic_selector_responder(sa_config_b,ts); - ts->destroy(ts); /* child proposal for alice */ - child_proposal = child_proposal_create(1); + proposal = proposal_create(1); - child_proposal->add_algorithm(child_proposal, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20); - child_proposal->add_algorithm(child_proposal, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20); - child_proposal->add_algorithm(child_proposal, AH, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0); - child_proposal->add_algorithm(child_proposal, AH, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0); - child_proposal->add_algorithm(child_proposal, AH, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0); + proposal->add_algorithm(proposal, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20); + proposal->add_algorithm(proposal, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20); + proposal->add_algorithm(proposal, AH, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0); + proposal->add_algorithm(proposal, AH, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0); + proposal->add_algorithm(proposal, AH, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0); - child_proposal->add_algorithm(child_proposal, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16); - child_proposal->add_algorithm(child_proposal, ESP, ENCRYPTION_ALGORITHM, ENCR_3DES, 32); - child_proposal->add_algorithm(child_proposal, ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20); - child_proposal->add_algorithm(child_proposal, ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20); - child_proposal->add_algorithm(child_proposal, ESP, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0); - child_proposal->add_algorithm(child_proposal, ESP, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0); + proposal->add_algorithm(proposal, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16); + proposal->add_algorithm(proposal, ESP, ENCRYPTION_ALGORITHM, ENCR_3DES, 32); + proposal->add_algorithm(proposal, ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20); + proposal->add_algorithm(proposal, ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20); + proposal->add_algorithm(proposal, ESP, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0); + proposal->add_algorithm(proposal, ESP, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0); - sa_config_a->add_proposal(sa_config_a, child_proposal); + sa_config_a->add_proposal(sa_config_a, proposal); /* child proposal for bob */ - child_proposal = child_proposal_create(1); + proposal = proposal_create(1); - child_proposal->add_algorithm(child_proposal, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20); - child_proposal->add_algorithm(child_proposal, AH, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0); - child_proposal->add_algorithm(child_proposal, AH, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0); + proposal->add_algorithm(proposal, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20); + proposal->add_algorithm(proposal, AH, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0); + proposal->add_algorithm(proposal, AH, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0); - child_proposal->add_algorithm(child_proposal, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16); - child_proposal->add_algorithm(child_proposal, ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20); - child_proposal->add_algorithm(child_proposal, ESP, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0); - child_proposal->add_algorithm(child_proposal, ESP, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0); + proposal->add_algorithm(proposal, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16); + proposal->add_algorithm(proposal, ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20); + proposal->add_algorithm(proposal, ESP, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0); + proposal->add_algorithm(proposal, ESP, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0); - sa_config_b->add_proposal(sa_config_b, child_proposal); + sa_config_b->add_proposal(sa_config_b, proposal); diff --git a/Source/charon/config/init_config.c b/Source/charon/config/init_config.c index 27f669b9d..92871dd3b 100644 --- a/Source/charon/config/init_config.c +++ b/Source/charon/config/init_config.c @@ -87,108 +87,111 @@ static host_t * get_other_host_clone (private_init_config_t *this) } /** - * Implementation of init_config_t.get_dh_group_number. + * Implementation of init_config_t.get_proposals. */ -static diffie_hellman_group_t get_dh_group_number (private_init_config_t *this,size_t priority) +static linked_list_t* get_proposals (private_init_config_t *this) { - ike_proposal_t *ike_proposal; - - if ((this->proposals->get_count(this->proposals) == 0) || (this->proposals->get_count(this->proposals) < priority)) - { - return MODP_UNDEFINED; - } - - this->proposals->get_at_position(this->proposals,(priority -1),(void **) &ike_proposal); - - return (ike_proposal->diffie_hellman_group); + return this->proposals; } - + /** - * Implementation of init_config_t.get_proposals. + * Implementation of init_config_t.select_proposal. */ -static size_t get_proposals (private_init_config_t *this,ike_proposal_t **proposals) +static proposal_t *select_proposal(private_init_config_t *this, linked_list_t *proposals) { - iterator_t *iterator; - ike_proposal_t *current_proposal; - int i = 0; - ike_proposal_t *proposal_array; + iterator_t *stored_iter, *supplied_iter; + proposal_t *stored, *supplied, *selected; - proposal_array = allocator_alloc(this->proposals->get_count(this->proposals) * sizeof(ike_proposal_t)); - - iterator = this->proposals->create_iterator(this->proposals,TRUE); + stored_iter = this->proposals->create_iterator(this->proposals, TRUE); + supplied_iter = proposals->create_iterator(proposals, TRUE); - while (iterator->has_next(iterator)) + /* compare all stored proposals with all supplied. Stored ones are preferred. */ + while (stored_iter->has_next(stored_iter)) { - iterator->current(iterator,(void **) ¤t_proposal); - proposal_array[i] = (*current_proposal); - i++; + supplied_iter->reset(supplied_iter); + stored_iter->current(stored_iter, (void**)&stored); + + while (supplied_iter->has_next(supplied_iter)) + { + supplied_iter->current(supplied_iter, (void**)&supplied); + selected = stored->select(stored, supplied); + if (selected) + { + /* they match, return */ + stored_iter->destroy(stored_iter); + supplied_iter->destroy(supplied_iter); + return selected; + } + } } - iterator->destroy(iterator); - *proposals = proposal_array; - return this->proposals->get_count(this->proposals); -} + /* no proposal match :-(, will result in a NO_PROPOSAL_CHOSEN... */ + stored_iter->destroy(stored_iter); + supplied_iter->destroy(supplied_iter); + return NULL; +} + /** - * Implementation of init_config_t.select_proposal. + * Implementation of init_config_t.add_proposal. */ -static status_t select_proposal (private_init_config_t *this, ike_proposal_t *proposals, size_t proposal_count, ike_proposal_t *selected_proposal) +static void add_proposal (private_init_config_t *this, proposal_t *proposal) { - iterator_t * my_iterator; - int i; - ike_proposal_t *my_current_proposal; - - my_iterator = this->proposals->create_iterator(this->proposals,TRUE); + this->proposals->insert_last(this->proposals, proposal); +} +/** + * Implementation of init_config_t.get_dh_group. + */ +static diffie_hellman_group_t get_dh_group(private_init_config_t *this) +{ + iterator_t *iterator; + proposal_t *proposal; + algorithm_t *algo; - for (i = 0; i < proposal_count; i++) + iterator = this->proposals->create_iterator(this->proposals, TRUE); + while (iterator->has_next(iterator)) { - my_iterator->reset(my_iterator); - while (my_iterator->has_next(my_iterator)) + iterator->current(iterator, (void**)&proposal); + proposal->get_algorithm(proposal, IKE, DIFFIE_HELLMAN_GROUP, &algo); + if (algo) { - my_iterator->current(my_iterator,(void **) &my_current_proposal); - - /* memcmp doesn't work here */ - if ((proposals[i].encryption_algorithm == my_current_proposal->encryption_algorithm) && - (proposals[i].encryption_algorithm_key_length == my_current_proposal->encryption_algorithm_key_length) && - (proposals[i].integrity_algorithm == my_current_proposal->integrity_algorithm) && - (proposals[i].integrity_algorithm_key_length == my_current_proposal->integrity_algorithm_key_length) && - (proposals[i].pseudo_random_function == my_current_proposal->pseudo_random_function) && - (proposals[i].pseudo_random_function_key_length == my_current_proposal->pseudo_random_function_key_length) && - (proposals[i].diffie_hellman_group == my_current_proposal->diffie_hellman_group)) - { - /* found a matching proposal */ - *selected_proposal = *my_current_proposal; - my_iterator->destroy(my_iterator); - return SUCCESS; - } - - } + iterator->destroy(iterator); + return algo->algorithm; + } } - - my_iterator->destroy(my_iterator); - return NOT_FOUND; + iterator->destroy(iterator); + return MODP_UNDEFINED; } /** - * Implementation of init_config_t.destroy. + * Implementation of init_config_t.check_dh_group. */ -static void add_proposal (private_init_config_t *this,size_t priority, ike_proposal_t proposal) +static bool check_dh_group(private_init_config_t *this, diffie_hellman_group_t dh_group) { - ike_proposal_t * new_proposal = allocator_alloc(sizeof(ike_proposal_t)); - status_t status; - - *new_proposal = proposal; - + iterator_t *prop_iter, *alg_iter; + proposal_t *proposal; + algorithm_t *algo; - if (priority > this->proposals->get_count(this->proposals)) + prop_iter = this->proposals->create_iterator(this->proposals, TRUE); + while (prop_iter->has_next(prop_iter)) { - this->proposals->insert_last(this->proposals,new_proposal); - return; + prop_iter->current(prop_iter, (void**)&proposal); + alg_iter = proposal->create_algorithm_iterator(proposal, IKE, DIFFIE_HELLMAN_GROUP); + while (alg_iter->has_next(alg_iter)) + { + alg_iter->current(alg_iter, (void**)&algo); + if (algo->algorithm == dh_group) + { + prop_iter->destroy(prop_iter); + alg_iter->destroy(alg_iter); + return TRUE; + } + } } - - status = this->proposals->insert_at_position(this->proposals,(priority - 1),new_proposal); - + prop_iter->destroy(prop_iter); + alg_iter->destroy(alg_iter); + return FALSE; } /** @@ -196,12 +199,11 @@ static void add_proposal (private_init_config_t *this,size_t priority, ike_propo */ static void destroy (private_init_config_t *this) { - ike_proposal_t *proposal; + proposal_t *proposal; - while (this->proposals->get_count(this->proposals) > 0) + while (this->proposals->remove_last(this->proposals, (void**)&proposal) == SUCCESS) { - this->proposals->remove_first(this->proposals,(void **) &proposal); - allocator_free(proposal); + proposal->destroy(proposal); } this->proposals->destroy(this->proposals); @@ -222,10 +224,11 @@ init_config_t * init_config_create(char * my_ip, char *other_ip, u_int16_t my_po this->public.get_other_host = (host_t*(*)(init_config_t*))get_other_host; this->public.get_my_host_clone = (host_t*(*)(init_config_t*))get_my_host_clone; this->public.get_other_host_clone = (host_t*(*)(init_config_t*))get_other_host_clone; - this->public.get_dh_group_number = (diffie_hellman_group_t (*)(init_config_t*,size_t))get_dh_group_number; - this->public.get_proposals = (size_t(*)(init_config_t*,ike_proposal_t**))get_proposals; - this->public.select_proposal = (status_t(*)(init_config_t*,ike_proposal_t*,size_t,ike_proposal_t*))select_proposal; - this->public.add_proposal = (void(*)(init_config_t*, size_t, ike_proposal_t)) add_proposal; + this->public.get_proposals = (linked_list_t*(*)(init_config_t*))get_proposals; + this->public.select_proposal = (proposal_t*(*)(init_config_t*,linked_list_t*))select_proposal; + this->public.add_proposal = (void(*)(init_config_t*, proposal_t*)) add_proposal; + this->public.get_dh_group = (diffie_hellman_group_t(*)(init_config_t*)) get_dh_group; + this->public.check_dh_group = (bool(*)(init_config_t*,diffie_hellman_group_t)) check_dh_group; this->public.destroy = (void(*)(init_config_t*))destroy; /* private variables */ diff --git a/Source/charon/config/init_config.h b/Source/charon/config/init_config.h index 14ffeeee8..f63df61cf 100644 --- a/Source/charon/config/init_config.h +++ b/Source/charon/config/init_config.h @@ -25,60 +25,14 @@ #include #include -#include +#include +#include #include #include #include #include -typedef struct ike_proposal_t ike_proposal_t; - -/** - * @brief Represents a Proposal used in IKE_SA_INIT phase. - * - * @todo Currently the amount of tranforms with same type in a IKE proposal is limited to 1. - * Support of more transforms with same type has to be added. - * - * @ingroup config - */ -struct ike_proposal_t { - /** - * Encryption algorithm. - */ - encryption_algorithm_t encryption_algorithm; - - /** - * Key length of encryption algorithm in bytes. - */ - u_int16_t encryption_algorithm_key_length; - - /** - * Integrity algorithm. - */ - integrity_algorithm_t integrity_algorithm; - - /** - * Key length of integrity algorithm. - */ - u_int16_t integrity_algorithm_key_length; - - /** - * Pseudo random function (prf). - */ - pseudo_random_function_t pseudo_random_function; - - /** - * Key length of prf. - */ - u_int16_t pseudo_random_function_key_length; - - /** - * Diffie hellman group. - */ - diffie_hellman_group_t diffie_hellman_group; -}; - typedef struct init_config_t init_config_t; @@ -100,7 +54,7 @@ struct init_config_t { * @param this calling object * @return host information as host_t object */ - host_t * (*get_my_host) (init_config_t *this); + host_t *(*get_my_host) (init_config_t *this); /** * @brief Get other host information as host_t object. @@ -110,7 +64,7 @@ struct init_config_t { * @param this calling object * @return host information as host_t object */ - host_t * (*get_other_host) (init_config_t *this); + host_t *(*get_other_host) (init_config_t *this); /** * @brief Get my host information as host_t object. @@ -120,7 +74,7 @@ struct init_config_t { * @param this calling object * @return host information as host_t object */ - host_t * (*get_my_host_clone) (init_config_t *this); + host_t *(*get_my_host_clone) (init_config_t *this); /** * @brief Get other host information as host_t object. @@ -130,54 +84,60 @@ struct init_config_t { * @param this calling object * @return host information as host_t object */ - host_t * (*get_other_host_clone) (init_config_t *this); + host_t *(*get_other_host_clone) (init_config_t *this); /** - * @brief Get the diffie hellman group to use as initiator with given priority. + * @brief Returns a list of all supported proposals. * - * @param this calling object - * @param priority priority of dh group number (starting at 1) - * @return diffie hellman group number for given priority or - * MODP_UNDEFINED for not supported priorities - */ - diffie_hellman_group_t (*get_dh_group_number) (init_config_t *this,size_t priority); - - /** - * @brief Returns a list of all supported ike_proposals of type ike_proposal_t *. - * - * Returned array of ike_proposal_t has to get destroyed by the caller. + * Returned list is still owned by init_config and MUST NOT + * modified or destroyed. * * @param this calling object - * @param proposals first proposal in a array - * @return number of proposals in array + * @return list containing all the proposals */ - size_t (*get_proposals) (init_config_t *this,ike_proposal_t **proposals); + linked_list_t *(*get_proposals) (init_config_t *this); /** - * @brief Adds a proposal with given priority to the current stored proposals. + * @brief Adds a proposal to the list.. * - * If allready a proposal with given priority is stored the other one is - * moved one priority back. If priority is higher then all other stored - * proposals, it is inserted as last one. + * The first added proposal has the highest priority, the last + * added the lowest. * * @param this calling object * @param priority priority of adding proposal * @param proposal proposal to add */ - void (*add_proposal) (init_config_t *this,size_t priority, ike_proposal_t proposal); + void (*add_proposal) (init_config_t *this, proposal_t *proposal); /** * @brief Select a proposed from suggested proposals. * + * Returned proposal must be destroyed after usage. + * + * @param this calling object + * @param proposals list of proposals to select from + * @return selected proposal, or NULL if none matches. + */ + proposal_t *(*select_proposal) (init_config_t *this, linked_list_t *proposals); + + /** + * @brief Get the DH group to use for connection initialization. + * + * @param this calling object + * @return dh group to use for initialization + */ + diffie_hellman_group_t (*get_dh_group) (init_config_t *this); + + /** + * @brief Check if a suggested dh group is acceptable. + * + * If we guess a wrong DH group for IKE_SA_INIT, the other + * peer will send us a offer. But is this acceptable for us? + * * @param this calling object - * @param suggested_proposals first proposal in a array - * @param proposal_count number of suggested proposals in array - * @param selected_proposal the ike_proposal_t pointing to is set - * @return - * - SUCCESS if a proposal was selected - * - NOT_FOUND if none of suggested proposals is supported + * @return dh group to use for initialization */ - status_t (*select_proposal) (init_config_t *this, ike_proposal_t *proposals, size_t proposal_count, ike_proposal_t *selected_proposal); + bool (*check_dh_group) (init_config_t *this, diffie_hellman_group_t dh_group); /** * @brief Destroys a init_config_t object. @@ -194,6 +154,6 @@ struct init_config_t { * * @ingroup config */ -init_config_t * init_config_create(char * my_ip, char *other_ip, u_int16_t my_port, u_int16_t other_port); +init_config_t * init_config_create(char *my_ip, char *other_ip, u_int16_t my_port, u_int16_t other_port); #endif //_INIT_CONFIG_H_ diff --git a/Source/charon/config/proposal.c b/Source/charon/config/proposal.c new file mode 100644 index 000000000..528cf9808 --- /dev/null +++ b/Source/charon/config/proposal.c @@ -0,0 +1,583 @@ +/** + * @file proposal.c + * + * @brief Implementation of proposal_t. + * + */ + +/* + * Copyright (C) 2006 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "proposal.h" + +#include +#include +#include +#include + + +/** + * String mappings for protocol_id_t. + */ +mapping_t protocol_id_m[] = { + {UNDEFINED_PROTOCOL_ID, "UNDEFINED_PROTOCOL_ID"}, + {IKE, "IKE"}, + {AH, "AH"}, + {ESP, "ESP"}, + {MAPPING_END, NULL} +}; + +/** + * String mappings for transform_type_t. + */ +mapping_t transform_type_m[] = { + {UNDEFINED_TRANSFORM_TYPE, "UNDEFINED_TRANSFORM_TYPE"}, + {ENCRYPTION_ALGORITHM, "ENCRYPTION_ALGORITHM"}, + {PSEUDO_RANDOM_FUNCTION, "PSEUDO_RANDOM_FUNCTION"}, + {INTEGRITY_ALGORITHM, "INTEGRITY_ALGORITHM"}, + {DIFFIE_HELLMAN_GROUP, "DIFFIE_HELLMAN_GROUP"}, + {EXTENDED_SEQUENCE_NUMBERS, "EXTENDED_SEQUENCE_NUMBERS"}, + {MAPPING_END, NULL} +}; + +/** + * String mappings for extended_sequence_numbers_t. + */ +mapping_t extended_sequence_numbers_m[] = { + {NO_EXT_SEQ_NUMBERS, "NO_EXT_SEQ_NUMBERS"}, + {EXT_SEQ_NUMBERS, "EXT_SEQ_NUMBERS"}, + {MAPPING_END, NULL} +}; + + +typedef struct protocol_proposal_t protocol_proposal_t; + +/** + * substructure which holds all data algos for a specific protocol + */ +struct protocol_proposal_t { + /** + * protocol (ESP or AH) + */ + protocol_id_t protocol; + + /** + * priority ordered list of encryption algorithms + */ + linked_list_t *encryption_algos; + + /** + * priority ordered list of integrity algorithms + */ + linked_list_t *integrity_algos; + + /** + * priority ordered list of pseudo random functions + */ + linked_list_t *prf_algos; + + /** + * priority ordered list of dh groups + */ + linked_list_t *dh_groups; + + /** + * priority ordered list of extended sequence number flags + */ + linked_list_t *esns; + + /** + * senders SPI + */ + chunk_t spi; +}; + + +typedef struct private_proposal_t private_proposal_t; + +/** + * Private data of an proposal_t object + */ +struct private_proposal_t { + + /** + * Public part + */ + proposal_t public; + + /** + * number of this proposal, as used in the payload + */ + u_int8_t number; + + /** + * list of protocol_proposal_t's + */ + linked_list_t *protocol_proposals; +}; + +/** + * Look up a protocol_proposal, or create one if necessary... + */ +static protocol_proposal_t *get_protocol_proposal(private_proposal_t *this, protocol_id_t proto, bool create) +{ + protocol_proposal_t *proto_proposal = NULL, *current_proto_proposal;; + iterator_t *iterator; + + /* find our protocol in the proposals */ + iterator = this->protocol_proposals->create_iterator(this->protocol_proposals, TRUE); + while (iterator->has_next(iterator)) + { + iterator->current(iterator, (void**)¤t_proto_proposal); + if (current_proto_proposal->protocol == proto) + { + proto_proposal = current_proto_proposal; + break; + } + } + iterator->destroy(iterator); + + if (!proto_proposal && create) + { + /* nope, create a new one */ + proto_proposal = allocator_alloc_thing(protocol_proposal_t); + proto_proposal->protocol = proto; + proto_proposal->encryption_algos = linked_list_create(); + proto_proposal->integrity_algos = linked_list_create(); + proto_proposal->prf_algos = linked_list_create(); + proto_proposal->dh_groups = linked_list_create(); + proto_proposal->esns = linked_list_create(); + if (proto == IKE) + { + proto_proposal->spi.len = 8; + } + else + { + proto_proposal->spi.len = 4; + } + proto_proposal->spi.ptr = allocator_alloc(proto_proposal->spi.len); + /* add to the list */ + this->protocol_proposals->insert_last(this->protocol_proposals, (void*)proto_proposal); + } + return proto_proposal; +} + +/** + * Add algorithm/keysize to a algorithm list + */ +static void add_algo(linked_list_t *list, u_int8_t algo, size_t key_size) +{ + algorithm_t *algo_key = allocator_alloc_thing(algorithm_t); + + algo_key->algorithm = algo; + algo_key->key_size = key_size; + list->insert_last(list, (void*)algo_key); +} + +/** + * Implements proposal_t.add_algorithm + */ +static void add_algorithm(private_proposal_t *this, protocol_id_t proto, transform_type_t type, u_int16_t algo, size_t key_size) +{ + protocol_proposal_t *proto_proposal = get_protocol_proposal(this, proto, TRUE); + + switch (type) + { + case ENCRYPTION_ALGORITHM: + add_algo(proto_proposal->encryption_algos, algo, key_size); + break; + case INTEGRITY_ALGORITHM: + add_algo(proto_proposal->integrity_algos, algo, key_size); + break; + case PSEUDO_RANDOM_FUNCTION: + add_algo(proto_proposal->prf_algos, algo, key_size); + break; + case DIFFIE_HELLMAN_GROUP: + add_algo(proto_proposal->dh_groups, algo, 0); + break; + case EXTENDED_SEQUENCE_NUMBERS: + add_algo(proto_proposal->esns, algo, 0); + break; + default: + break; + } +} + +/** + * Implements proposal_t.get_algorithm. + */ +static bool get_algorithm(private_proposal_t *this, protocol_id_t proto, transform_type_t type, algorithm_t** algo) +{ + linked_list_t * list; + protocol_proposal_t *proto_proposal = get_protocol_proposal(this, proto, FALSE); + + if (proto_proposal == NULL) + { + return FALSE; + } + switch (type) + { + case ENCRYPTION_ALGORITHM: + list = proto_proposal->encryption_algos; + break; + case INTEGRITY_ALGORITHM: + list = proto_proposal->integrity_algos; + break; + case PSEUDO_RANDOM_FUNCTION: + list = proto_proposal->prf_algos; + break; + case DIFFIE_HELLMAN_GROUP: + list = proto_proposal->dh_groups; + break; + case EXTENDED_SEQUENCE_NUMBERS: + list = proto_proposal->esns; + break; + default: + return FALSE; + } + if (list->get_first(list, (void**)algo) != SUCCESS) + { + return FALSE; + } + return TRUE; +} + +/** + * Implements proposal_t.create_algorithm_iterator. + */ +static iterator_t *create_algorithm_iterator(private_proposal_t *this, protocol_id_t proto, transform_type_t type) +{ + protocol_proposal_t *proto_proposal = get_protocol_proposal(this, proto, FALSE); + if (proto_proposal == NULL) + { + return NULL; + } + + switch (type) + { + case ENCRYPTION_ALGORITHM: + return proto_proposal->encryption_algos->create_iterator(proto_proposal->encryption_algos, TRUE); + case INTEGRITY_ALGORITHM: + return proto_proposal->integrity_algos->create_iterator(proto_proposal->integrity_algos, TRUE); + case PSEUDO_RANDOM_FUNCTION: + return proto_proposal->prf_algos->create_iterator(proto_proposal->prf_algos, TRUE); + case DIFFIE_HELLMAN_GROUP: + return proto_proposal->dh_groups->create_iterator(proto_proposal->dh_groups, TRUE); + case EXTENDED_SEQUENCE_NUMBERS: + return proto_proposal->esns->create_iterator(proto_proposal->esns, TRUE); + default: + break; + } + return NULL; +} + +/** + * Find a matching alg/keysize in two linked lists + */ +static bool select_algo(linked_list_t *first, linked_list_t *second, bool *add, u_int16_t *alg, size_t *key_size) +{ + iterator_t *first_iter, *second_iter; + algorithm_t *first_alg, *second_alg; + + /* if in both are zero algorithms specified, we HAVE a match */ + if (first->get_count(first) == 0 && second->get_count(second) == 0) + { + *add = FALSE; + return TRUE; + } + + first_iter = first->create_iterator(first, TRUE); + second_iter = second->create_iterator(second, TRUE); + /* compare algs, order of algs in "first" is preferred */ + while (first_iter->has_next(first_iter)) + { + first_iter->current(first_iter, (void**)&first_alg); + second_iter->reset(second_iter); + while (second_iter->has_next(second_iter)) + { + second_iter->current(second_iter, (void**)&second_alg); + if (first_alg->algorithm == second_alg->algorithm && + first_alg->key_size == second_alg->key_size) + { + /* ok, we have an algorithm */ + *alg = first_alg->algorithm; + *key_size = first_alg->key_size; + *add = TRUE; + first_iter->destroy(first_iter); + second_iter->destroy(second_iter); + return TRUE; + } + } + } + /* no match in all comparisons */ + first_iter->destroy(first_iter); + second_iter->destroy(second_iter); + return FALSE; +} + +/** + * Implements proposal_t.select. + */ +static proposal_t *select_proposal(private_proposal_t *this, private_proposal_t *other) +{ + proposal_t *selected; + u_int16_t algo; + size_t key_size; + iterator_t *iterator; + protocol_proposal_t *this_prop, *other_prop; + protocol_id_t proto; + bool add; + + /* empty proposal? no match */ + if (this->protocol_proposals->get_count(this->protocol_proposals) == 0 || + other->protocol_proposals->get_count(other->protocol_proposals) == 0) + { + return NULL; + } + /* they MUST have the same amount of protocols */ + if (this->protocol_proposals->get_count(this->protocol_proposals) != + other->protocol_proposals->get_count(other->protocol_proposals)) + { + return NULL; + } + + selected = proposal_create(this->number); + + /* iterate over supplied proposals */ + iterator = other->protocol_proposals->create_iterator(other->protocol_proposals, TRUE); + while (iterator->has_next(iterator)) + { + iterator->current(iterator, (void**)&other_prop); + /* get the proposal with the same protocol */ + proto = other_prop->protocol; + this_prop = get_protocol_proposal(this, proto, FALSE); + + if (this_prop == NULL) + { + iterator->destroy(iterator); + selected->destroy(selected); + return NULL; + } + + /* select encryption algorithm */ + if (select_algo(this_prop->encryption_algos, other_prop->encryption_algos, &add, &algo, &key_size)) + { + if (add) + { + selected->add_algorithm(selected, proto, ENCRYPTION_ALGORITHM, algo, key_size); + } + } + else + { + iterator->destroy(iterator); + selected->destroy(selected); + return NULL; + } + /* select integrity algorithm */ + if (select_algo(this_prop->integrity_algos, other_prop->integrity_algos, &add, &algo, &key_size)) + { + if (add) + { + selected->add_algorithm(selected, proto, INTEGRITY_ALGORITHM, algo, key_size); + } + } + else + { + iterator->destroy(iterator); + selected->destroy(selected); + return NULL; + } + /* select prf algorithm */ + if (select_algo(this_prop->prf_algos, other_prop->prf_algos, &add, &algo, &key_size)) + { + if (add) + { + selected->add_algorithm(selected, proto, PSEUDO_RANDOM_FUNCTION, algo, key_size); + } + } + else + { + iterator->destroy(iterator); + selected->destroy(selected); + return NULL; + } + /* select a DH-group */ + if (select_algo(this_prop->dh_groups, other_prop->dh_groups, &add, &algo, &key_size)) + { + if (add) + { + selected->add_algorithm(selected, proto, DIFFIE_HELLMAN_GROUP, algo, 0); + } + } + else + { + iterator->destroy(iterator); + selected->destroy(selected); + return NULL; + } + /* select if we use ESNs */ + if (select_algo(this_prop->esns, other_prop->esns, &add, &algo, &key_size)) + { + if (add) + { + selected->add_algorithm(selected, proto, EXTENDED_SEQUENCE_NUMBERS, algo, 0); + } + } + else + { + iterator->destroy(iterator); + selected->destroy(selected); + return NULL; + } + } + iterator->destroy(iterator); + /* everything matched, return new proposal */ + return selected; +} + +/** + * Implements proposal_t.get_number. + */ +static u_int8_t get_number(private_proposal_t *this) +{ + return this->number; +} + +/** + * Implements proposal_t.get_protocols. + */ +static void get_protocols(private_proposal_t *this, protocol_id_t ids[2]) +{ + iterator_t *iterator = this->protocol_proposals->create_iterator(this->protocol_proposals, TRUE); + u_int i = 0; + + ids[0] = UNDEFINED_PROTOCOL_ID; + ids[1] = UNDEFINED_PROTOCOL_ID; + while (iterator->has_next(iterator)) + { + protocol_proposal_t *proto_prop; + iterator->current(iterator, (void**)&proto_prop); + ids[i++] = proto_prop->protocol; + if (i>1) + { + /* should not happen, but who knows */ + break; + } + } + iterator->destroy(iterator); +} + +/** + * Implements proposal_t.set_spi. + */ +static void set_spi(private_proposal_t *this, protocol_id_t proto, u_int64_t spi) +{ + protocol_proposal_t *proto_proposal = get_protocol_proposal(this, proto, FALSE); + if (proto_proposal) + { + if (proto == IKE) + { + *((u_int32_t*)proto_proposal->spi.ptr) = (u_int32_t)spi; + } + else + { + *((u_int64_t*)proto_proposal->spi.ptr) = spi; + } + + } +} + +/** + * Implements proposal_t.get_spi. + */ +static u_int64_t get_spi(private_proposal_t *this, protocol_id_t proto) +{ + protocol_proposal_t *proto_proposal = get_protocol_proposal(this, proto, FALSE); + if (proto_proposal) + { + if (proto == IKE) + { + return (u_int64_t)*((u_int32_t*)proto_proposal->spi.ptr); + } + else + { + return *((u_int64_t*)proto_proposal->spi.ptr); + } + } + return 0; +} + +/** + * Frees all list items and destroys the list + */ +static void free_algo_list(linked_list_t *list) +{ + algorithm_t *algo; + + while(list->get_count(list) > 0) + { + list->remove_last(list, (void**)&algo); + allocator_free(algo); + } + list->destroy(list); +} + +/** + * Implements proposal_t.destroy. + */ +static void destroy(private_proposal_t *this) +{ + while(this->protocol_proposals->get_count(this->protocol_proposals) > 0) + { + protocol_proposal_t *proto_prop; + this->protocol_proposals->remove_last(this->protocol_proposals, (void**)&proto_prop); + + free_algo_list(proto_prop->encryption_algos); + free_algo_list(proto_prop->integrity_algos); + free_algo_list(proto_prop->prf_algos); + free_algo_list(proto_prop->dh_groups); + free_algo_list(proto_prop->esns); + + allocator_free(proto_prop->spi.ptr); + allocator_free(proto_prop); + } + this->protocol_proposals->destroy(this->protocol_proposals); + + allocator_free(this); +} + +/* + * Describtion in header-file + */ +proposal_t *proposal_create(u_int8_t number) +{ + private_proposal_t *this = allocator_alloc_thing(private_proposal_t); + + this->public.add_algorithm = (void (*)(proposal_t*,protocol_id_t,transform_type_t,u_int16_t,size_t))add_algorithm; + this->public.create_algorithm_iterator = (iterator_t* (*)(proposal_t*,protocol_id_t,transform_type_t))create_algorithm_iterator; + this->public.get_algorithm = (bool (*)(proposal_t*,protocol_id_t,transform_type_t,algorithm_t**))get_algorithm; + this->public.select = (proposal_t* (*)(proposal_t*,proposal_t*))select_proposal; + this->public.get_number = (u_int8_t (*)(proposal_t*))get_number; + this->public.get_protocols = (void(*)(proposal_t *this, protocol_id_t ids[2]))get_protocols; + this->public.set_spi = (void(*)(proposal_t*,protocol_id_t,u_int64_t spi))set_spi; + this->public.get_spi = (u_int64_t(*)(proposal_t*,protocol_id_t))get_spi; + this->public.destroy = (void(*)(proposal_t*))destroy; + + /* init private members*/ + this->number = number; + this->protocol_proposals = linked_list_create(); + + return (&this->public); +} diff --git a/Source/charon/config/proposal.h b/Source/charon/config/proposal.h new file mode 100644 index 000000000..53d417bb1 --- /dev/null +++ b/Source/charon/config/proposal.h @@ -0,0 +1,253 @@ +/** + * @file proposal.h + * + * @brief Interface of proposal_t. + * + */ + +/* + * Copyright (C) 2006 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#ifndef _PROPOSAL_H_ +#define _PROPOSAL_H_ + +#include +#include +#include +#include +#include +#include +#include +#include + + +typedef enum protocol_id_t protocol_id_t; + +/** + * Protocol ID of a proposal. + * + * @ingroup config + */ +enum protocol_id_t { + UNDEFINED_PROTOCOL_ID = 201, + IKE = 1, + AH = 2, + ESP = 3, +}; + +/** + * String mappings for protocol_id_t. + * + * @ingroup config + */ +extern mapping_t protocol_id_m[]; + + +typedef enum transform_type_t transform_type_t; + +/** + * Type of a transform, as in IKEv2 draft 3.3.2. + * + * @ingroup payloads + */ +enum transform_type_t { + UNDEFINED_TRANSFORM_TYPE = 241, + ENCRYPTION_ALGORITHM = 1, + PSEUDO_RANDOM_FUNCTION = 2, + INTEGRITY_ALGORITHM = 3, + DIFFIE_HELLMAN_GROUP = 4, + EXTENDED_SEQUENCE_NUMBERS = 5 +}; + +/** + * String mappings for transform_type_t. + * + * @ingroup payloads + */ +extern mapping_t transform_type_m[]; + + +typedef enum extended_sequence_numbers_t extended_sequence_numbers_t; + +/** + * Extended sequence numbers, as in IKEv2 draft 3.3.2. + * + * @ingroup payloads + */ +enum extended_sequence_numbers_t { + NO_EXT_SEQ_NUMBERS = 0, + EXT_SEQ_NUMBERS = 1 +}; + +/** + * String mappings for extended_sequence_numbers_t. + * + * @ingroup payloads + */ +extern mapping_t extended_sequence_numbers_m[]; + + +typedef struct algorithm_t algorithm_t; + +/** + * Struct used to store different kinds of algorithms. The internal + * lists of algorithms contain such structures. + */ +struct algorithm_t { + /** + * Value from an encryption_algorithm_t/integrity_algorithm_t/... + */ + u_int16_t algorithm; + + /** + * the associated key size, or zero if not needed + */ + u_int16_t key_size; +}; + +typedef struct proposal_t proposal_t; + +/** + * @brief Stores a proposal for a child SA. + * + * A proposal may contain more than one algorithm + * of the same kind. ONE of them can be selected. + * + * @warning This class is NOT thread-save! + * + * @b Constructors: + * - proposal_create() + * + * @ingroup config + */ +struct proposal_t { + + /** + * @brief Add an algorithm to the proposal. + * + * The algorithms are stored by priority, first added + * is the most preferred. + * Key size is only needed for encryption algorithms + * with variable key size (such as AES), or integrity + * algorithms. + * The alg parameter accepts encryption_algorithm_t, + * integrity_algorithm_t, dh_group_number_t and + * extended_sequence_numbers_t. + * + * @warning Do not add while other threads are reading. + * + * @param this calling object + * @param proto desired protocol + * @param type kind of algorithm + * @param alg identifier for algorithm + * @param key_size key size to use + */ + void (*add_algorithm) (proposal_t *this, protocol_id_t proto, transform_type_t type, u_int16_t alg, size_t key_size); + + /** + * @brief Get an iterator over algorithms for a specifc protocol/algo type. + * + * @param this calling object + * @param proto desired protocol + * @param type kind of algorithm + * @return iterator over algorithms + */ + iterator_t *(*create_algorithm_iterator) (proposal_t *this, protocol_id_t proto, transform_type_t type); + + /** + * @brief Get the algorithm for a type to use. + * + * If there are multiple algorithms, only the first is returned. + * Result is still owned by proposal, do not modify! + * + * @param this calling object + * @param proto desired protocol + * @param type kind of algorithm + * @param[out] algo pointer which receives algorithm and key size + * @return TRUE if algorithm of this kind available + */ + bool (*get_algorithm) (proposal_t *this, protocol_id_t proto, transform_type_t type, algorithm_t** algo); + + /** + * @brief Compare two proposal, and select a matching subset. + * + * If the proposals are for the same protocols (AH/ESP), they are + * compared. If they have at least one algorithm of each type + * in common, a resulting proposal of this kind is created. + * + * @param this calling object + * @param other proposal to compair agains + * @return + * - selected proposal, if possible + * - NULL, if proposals don't match + */ + proposal_t *(*select) (proposal_t *this, proposal_t *other); + + /** + * @brief Get the number set on construction. + * + * @param this calling object + * @return number + */ + u_int8_t (*get_number) (proposal_t *this); + + /** + * @brief Get the protocol ids in the proposals. + * + * With AH and ESP, there could be two protocols in one + * proposal. + * + * @param this calling object + * @param ids array of protocol ids, + */ + void (*get_protocols) (proposal_t *this, protocol_id_t ids[2]); + + /** + * @brief Get the spi for a specific protocol. + * + * @param this calling object + * @param proto AH/ESP + * @return spi for proto + */ + u_int64_t (*get_spi) (proposal_t *this, protocol_id_t proto); + + /** + * @brief Set the spi for a specific protocol. + * + * @param this calling object + * @param proto AH/ESP + * @param spi spi to set for proto + */ + void (*set_spi) (proposal_t *this, protocol_id_t proto, u_int64_t spi); + + /** + * @brief Destroys the proposal object. + * + * @param this calling object + */ + void (*destroy) (proposal_t *this); +}; + +/** + * @brief Create a child proposal for AH and/or ESP. + * + * @param number number of the proposal, as in the payload + * @return proposal_t object + * + * @ingroup config + */ +proposal_t *proposal_create(u_int8_t number); + +#endif //_PROPOSAL_H_ diff --git a/Source/charon/config/sa_config.c b/Source/charon/config/sa_config.c index ca29b0294..6e7f8ee03 100644 --- a/Source/charon/config/sa_config.c +++ b/Source/charon/config/sa_config.c @@ -216,10 +216,10 @@ static linked_list_t *get_proposals(private_sa_config_t *this) /** * Implementation of sa_config_t.select_proposal */ -static child_proposal_t *select_proposal(private_sa_config_t *this, linked_list_t *proposals) +static proposal_t *select_proposal(private_sa_config_t *this, linked_list_t *proposals) { iterator_t *stored_iter, *supplied_iter; - child_proposal_t *stored, *supplied, *selected; + proposal_t *stored, *supplied, *selected; stored_iter = this->proposals->create_iterator(this->proposals, TRUE); supplied_iter = proposals->create_iterator(proposals, TRUE); @@ -272,7 +272,7 @@ static void add_traffic_selector_responder(private_sa_config_t *this, traffic_se /** * Implementation of sa_config_t.add_proposal */ -static void add_proposal(private_sa_config_t *this, child_proposal_t *proposal) +static void add_proposal(private_sa_config_t *this, proposal_t *proposal) { this->proposals->insert_last(this->proposals, (void*)proposal); } @@ -282,7 +282,7 @@ static void add_proposal(private_sa_config_t *this, child_proposal_t *proposal) */ static status_t destroy(private_sa_config_t *this) { - child_proposal_t *proposal; + proposal_t *proposal; traffic_selector_t *traffic_selector; @@ -332,10 +332,10 @@ sa_config_t *sa_config_create(id_type_t my_id_type, char *my_id, id_type_t other this->public.get_traffic_selectors_responder = (size_t(*)(sa_config_t*,traffic_selector_t**[]))get_traffic_selectors_responder; this->public.select_traffic_selectors_responder = (size_t(*)(sa_config_t*,traffic_selector_t*[],size_t,traffic_selector_t**[]))select_traffic_selectors_responder; this->public.get_proposals = (linked_list_t*(*)(sa_config_t*))get_proposals; - this->public.select_proposal = (child_proposal_t*(*)(sa_config_t*,linked_list_t*))select_proposal; + this->public.select_proposal = (proposal_t*(*)(sa_config_t*,linked_list_t*))select_proposal; this->public.add_traffic_selector_initiator = (void(*)(sa_config_t*,traffic_selector_t*))add_traffic_selector_initiator; this->public.add_traffic_selector_responder = (void(*)(sa_config_t*,traffic_selector_t*))add_traffic_selector_responder; - this->public.add_proposal = (void(*)(sa_config_t*,child_proposal_t*))add_proposal; + this->public.add_proposal = (void(*)(sa_config_t*,proposal_t*))add_proposal; this->public.destroy = (void(*)(sa_config_t*))destroy; /* apply init values */ diff --git a/Source/charon/config/sa_config.h b/Source/charon/config/sa_config.h index fd1952864..4fd7305f6 100644 --- a/Source/charon/config/sa_config.h +++ b/Source/charon/config/sa_config.h @@ -32,7 +32,7 @@ #include #include #include -#include +#include @@ -174,7 +174,7 @@ struct sa_config_t { * @param proposals list from from wich proposals are selected * @return selected proposal, or NULL if nothing matches */ - child_proposal_t *(*select_proposal) (sa_config_t *this, linked_list_t *proposals); + proposal_t *(*select_proposal) (sa_config_t *this, linked_list_t *proposals); /** * @brief Add a traffic selector to the list for initiator. @@ -211,7 +211,7 @@ struct sa_config_t { * @param this calling object * @param proposal proposal to add */ - void (*add_proposal) (sa_config_t *this, child_proposal_t *proposal); + void (*add_proposal) (sa_config_t *this, proposal_t *proposal); /** * @brief Destroys the config object -- cgit v1.2.3