From 035930fc4ac48e38603b8c71a1c66b4a5edccbbb Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 12 Jun 2008 11:42:19 +0000 Subject: [PATCH] added %P printf handler for poposal_t added some proposal selection debugging code --- src/charon/config/child_cfg.c | 8 ++ src/charon/config/ike_cfg.c | 8 ++ src/charon/config/proposal.c | 210 +++++++++++++++++++++++----------- src/charon/config/proposal.h | 10 ++ src/charon/daemon.c | 3 + 5 files changed, 174 insertions(+), 65 deletions(-) diff --git a/src/charon/config/child_cfg.c b/src/charon/config/child_cfg.c index 33dd73c44..add831c34 100644 --- a/src/charon/config/child_cfg.c +++ b/src/charon/config/child_cfg.c @@ -193,6 +193,9 @@ static proposal_t* select_proposal(private_child_cfg_t*this, selected = stored->select(stored, supplied); if (selected) { + DBG2(DBG_CFG, "received proposals: %#P", proposals); + DBG2(DBG_CFG, "configured proposals: %#P", this->proposals); + DBG2(DBG_CFG, "selected proposal: %P", selected); break; } } @@ -206,6 +209,11 @@ static proposal_t* select_proposal(private_child_cfg_t*this, } stored_enum->destroy(stored_enum); supplied_enum->destroy(supplied_enum); + if (selected == NULL) + { + DBG1(DBG_CFG, "received proposals: %#P", proposals); + DBG1(DBG_CFG, "configured proposals: %#P", this->proposals); + } return selected; } diff --git a/src/charon/config/ike_cfg.c b/src/charon/config/ike_cfg.c index 36f84147d..7a845754d 100644 --- a/src/charon/config/ike_cfg.c +++ b/src/charon/config/ike_cfg.c @@ -20,6 +20,8 @@ #include +#include + typedef struct private_ike_cfg_t private_ike_cfg_t; @@ -136,6 +138,7 @@ static proposal_t *select_proposal(private_ike_cfg_t *this, stored_iter = this->proposals->create_iterator(this->proposals, TRUE); supplied_iter = proposals->create_iterator(proposals, TRUE); + /* compare all stored proposals with all supplied. Stored ones are preferred.*/ while (stored_iter->iterate(stored_iter, (void**)&stored)) { @@ -149,6 +152,9 @@ static proposal_t *select_proposal(private_ike_cfg_t *this, /* they match, return */ stored_iter->destroy(stored_iter); supplied_iter->destroy(supplied_iter); + DBG2(DBG_CFG, "received proposals: %#P", proposals); + DBG2(DBG_CFG, "configured proposals: %#P", this->proposals); + DBG2(DBG_CFG, "selected proposal: %P", selected); return selected; } } @@ -156,6 +162,8 @@ static proposal_t *select_proposal(private_ike_cfg_t *this, /* no proposal match :-(, will result in a NO_PROPOSAL_CHOSEN... */ stored_iter->destroy(stored_iter); supplied_iter->destroy(supplied_iter); + DBG1(DBG_CFG, "received proposals: %#P", proposals); + DBG1(DBG_CFG, "configured proposals: %#P", this->proposals); return NULL; } diff --git a/src/charon/config/proposal.c b/src/charon/config/proposal.c index d203f06a1..043bbba3c 100644 --- a/src/charon/config/proposal.c +++ b/src/charon/config/proposal.c @@ -47,8 +47,8 @@ ENUM_NEXT(transform_type_names, ENCRYPTION_ALGORITHM, EXTENDED_SEQUENCE_NUMBERS, ENUM_END(transform_type_names, EXTENDED_SEQUENCE_NUMBERS); ENUM(extended_sequence_numbers_names, NO_EXT_SEQ_NUMBERS, EXT_SEQ_NUMBERS, - "NO_EXT_SEQ_NUMBERS", - "EXT_SEQ_NUMBERS", + "NO_EXT_SEQ", + "EXT_SEQ", ); typedef struct private_proposal_t private_proposal_t; @@ -348,79 +348,57 @@ static proposal_t *select_proposal(private_proposal_t *this, private_proposal_t selected = proposal_create(this->protocol); /* select encryption algorithm */ - if (select_algo(this->encryption_algos, other->encryption_algos, &add, &algo, &key_size)) + if (select_algo(this->encryption_algos, other->encryption_algos, + &add, &algo, &key_size)) { if (add) { - selected->add_algorithm(selected, ENCRYPTION_ALGORITHM, algo, key_size); + selected->add_algorithm(selected, ENCRYPTION_ALGORITHM, + algo, key_size); } } else { - enumerator_t *e; - algorithm_t *alg; - selected->destroy(selected); - DBG2(DBG_CFG, " no acceptable ENCRYPTION_ALGORITHM found"); - DBG2(DBG_CFG, " list of received ENCRYPTION_ALGORITHM proposals:"); - e = other->encryption_algos->create_enumerator(other->encryption_algos); - while (e->enumerate(e, &alg)) - { - DBG2(DBG_CFG, " %N-%d", encryption_algorithm_names, - alg->algorithm, alg->key_size); - } - e->destroy(e); + DBG2(DBG_CFG, " no acceptable %N found", + transform_type_names, ENCRYPTION_ALGORITHM); return NULL; } /* select integrity algorithm */ if (!is_authenticated_encryption(algo)) { - if (select_algo(this->integrity_algos, other->integrity_algos, &add, &algo, &key_size)) + if (select_algo(this->integrity_algos, other->integrity_algos, + &add, &algo, &key_size)) { if (add) { - selected->add_algorithm(selected, INTEGRITY_ALGORITHM, algo, key_size); + selected->add_algorithm(selected, INTEGRITY_ALGORITHM, + algo, key_size); } } else { - enumerator_t *e; - algorithm_t *alg; - selected->destroy(selected); - DBG2(DBG_CFG, " no acceptable INTEGRITY_ALGORITHM found"); - DBG2(DBG_CFG, " list of received INTEGRITY_ALGORITHM proposals:"); - e = other->integrity_algos->create_enumerator(other->integrity_algos); - while (e->enumerate(e, &alg)) - { - DBG2(DBG_CFG, " %N", integrity_algorithm_names, alg->algorithm); - } - e->destroy(e); + DBG2(DBG_CFG, " no acceptable %N found", + transform_type_names, INTEGRITY_ALGORITHM); return NULL; } } /* select prf algorithm */ - if (select_algo(this->prf_algos, other->prf_algos, &add, &algo, &key_size)) + if (select_algo(this->prf_algos, other->prf_algos, + &add, &algo, &key_size)) { if (add) { - selected->add_algorithm(selected, PSEUDO_RANDOM_FUNCTION, algo, key_size); + selected->add_algorithm(selected, PSEUDO_RANDOM_FUNCTION, + algo, key_size); } } else { - enumerator_t *e; - algorithm_t *alg; - selected->destroy(selected); - DBG2(DBG_CFG, " no acceptable PSEUDO_RANDOM_FUNCTION found"); - DBG2(DBG_CFG, " list of received PSEUDO_RANDOM_FUNCTION proposals:"); - e = other->prf_algos->create_enumerator(other->prf_algos); - while (e->enumerate(e, &alg)) - { - DBG2(DBG_CFG, " %N", pseudo_random_function_names, alg->algorithm); - } - e->destroy(e); + DBG2(DBG_CFG, " no acceptable %N found", + transform_type_names, PSEUDO_RANDOM_FUNCTION); return NULL; } /* select a DH-group */ @@ -433,18 +411,9 @@ static proposal_t *select_proposal(private_proposal_t *this, private_proposal_t } else { - enumerator_t *e; - algorithm_t *alg; - selected->destroy(selected); - DBG2(DBG_CFG, " no acceptable DIFFIE_HELLMAN_GROUP found"); - DBG2(DBG_CFG, " list of received DIFFIE_HELLMAN_GROUP proposals:"); - e = other->dh_groups->create_enumerator(other->dh_groups); - while (e->enumerate(e, &alg)) - { - DBG2(DBG_CFG, " %N", diffie_hellman_group_names, alg->algorithm); - } - e->destroy(e); + DBG2(DBG_CFG, " no acceptable %N found", + transform_type_names, DIFFIE_HELLMAN_GROUP); return NULL; } /* select if we use ESNs */ @@ -458,7 +427,8 @@ static proposal_t *select_proposal(private_proposal_t *this, private_proposal_t else { selected->destroy(selected); - DBG2(DBG_CFG, " no acceptable EXTENDED_SEQUENCE_NUMBERS found"); + DBG2(DBG_CFG, " no acceptable %N found", + transform_type_names, EXTENDED_SEQUENCE_NUMBERS); return NULL; } DBG2(DBG_CFG, " proposal matches"); @@ -605,7 +575,8 @@ static void check_proposal(private_proposal_t *this) { /* if all encryption algorithms in the proposal are authenticated encryption * algorithms we MUST NOT propose any integrity algorithms */ - while (this->integrity_algos->remove_last(this->integrity_algos, (void**)&alg) == SUCCESS) + while (this->integrity_algos->remove_last(this->integrity_algos, + (void**)&alg) == SUCCESS) { free(alg); } @@ -646,15 +617,18 @@ static status_t add_string_algo(private_proposal_t *this, chunk_t alg) { case 8: /* octets */ case 64: /* bits */ - add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, key_size); + add_algorithm(this, ENCRYPTION_ALGORITHM, + ENCR_AES_CCM_ICV8, key_size); break; case 12: /* octets */ case 96: /* bits */ - add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, key_size); + add_algorithm(this, ENCRYPTION_ALGORITHM, + ENCR_AES_CCM_ICV12, key_size); break; case 16: /* octets */ case 128: /* bits */ - add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, key_size); + add_algorithm(this, ENCRYPTION_ALGORITHM, + ENCR_AES_CCM_ICV16, key_size); break; default: /* invalid ICV size */ @@ -675,15 +649,18 @@ static status_t add_string_algo(private_proposal_t *this, chunk_t alg) { case 8: /* octets */ case 64: /* bits */ - add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, key_size); + add_algorithm(this, ENCRYPTION_ALGORITHM, + ENCR_AES_GCM_ICV8, key_size); break; case 12: /* octets */ case 96: /* bits */ - add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, key_size); + add_algorithm(this, ENCRYPTION_ALGORITHM, + ENCR_AES_GCM_ICV12, key_size); break; case 16: /* octets */ case 128: /* bits */ - add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, key_size); + add_algorithm(this, ENCRYPTION_ALGORITHM, + ENCR_AES_GCM_ICV16, key_size); break; default: /* invalid ICV size */ @@ -813,6 +790,109 @@ static status_t add_string_algo(private_proposal_t *this, chunk_t alg) return SUCCESS; } +/** + * print all algorithms of a kind to stream + */ +static int print_alg(private_proposal_t *this, FILE *stream, u_int kind, + void *names, bool *first) +{ + enumerator_t *enumerator; + size_t written = 0; + u_int16_t alg, size; + + enumerator = create_enumerator(this, kind); + while (enumerator->enumerate(enumerator, &alg, &size)) + { + if (*first) + { + written += fprintf(stream, "%N", names, alg); + *first = FALSE; + } + else + { + written += fprintf(stream, "/%N", names, alg); + } + if (size) + { + written += fprintf(stream, "-%d", size); + } + } + enumerator->destroy(enumerator); + return written; +} + +/** + * output handler in printf() + */ +static int print(FILE *stream, const struct printf_info *info, + const void *const *args) +{ + private_proposal_t *this = *((private_proposal_t**)(args[0])); + linked_list_t *list = *((linked_list_t**)(args[0])); + enumerator_t *enumerator; + size_t written = 0; + bool first = TRUE; + + if (this == NULL) + { + return fprintf(stream, "(null)"); + } + + if (info->alt) + { + enumerator = list->create_enumerator(list); + while (enumerator->enumerate(enumerator, &this)) + { /* call recursivly */ + if (first) + { + written += fprintf(stream, "%P", this); + first = FALSE; + } + else + { + written += fprintf(stream, ", %P", this); + } + } + enumerator->destroy(enumerator); + return written; + } + + written = fprintf(stream, "%N:", protocol_id_names, this->protocol); + written += print_alg(this, stream, ENCRYPTION_ALGORITHM, + encryption_algorithm_names, &first); + written += print_alg(this, stream, INTEGRITY_ALGORITHM, + integrity_algorithm_names, &first); + written += print_alg(this, stream, PSEUDO_RANDOM_FUNCTION, + pseudo_random_function_names, &first); + written += print_alg(this, stream, DIFFIE_HELLMAN_GROUP, + diffie_hellman_group_names, &first); + written += print_alg(this, stream, EXTENDED_SEQUENCE_NUMBERS, + extended_sequence_numbers_names, &first); + return written; +} + +/** + * arginfo handler for printf() proposal + */ +static int arginfo(const struct printf_info *info, size_t n, int *argtypes) +{ + if (n > 0) + { + argtypes[0] = PA_POINTER; + } + return 1; +} + +/** + * return printf hook functions for a proposal + */ +printf_hook_functions_t proposal_get_printf_hooks() +{ + printf_hook_functions_t hooks = {print, arginfo}; + + return hooks; +} + /** * Implements proposal_t.destroy. */ @@ -873,18 +953,18 @@ proposal_t *proposal_create_default(protocol_id_t protocol) add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256); add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_3DES, 0); add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0); - add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0); + add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0); add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0); add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0); - add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0); - add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0); + add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0); + add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0); add_algorithm(this, PSEUDO_RANDOM_FUNCTION, PRF_AES128_XCBC, 0); add_algorithm(this, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_256, 0); add_algorithm(this, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA1, 0); add_algorithm(this, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 0); add_algorithm(this, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_384, 0); add_algorithm(this, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_512, 0); - add_algorithm(this, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0); + add_algorithm(this, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0); add_algorithm(this, DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0); add_algorithm(this, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0); add_algorithm(this, DIFFIE_HELLMAN_GROUP, MODP_4096_BIT, 0); diff --git a/src/charon/config/proposal.h b/src/charon/config/proposal.h index 8a05a0cfd..08e8b8c1b 100644 --- a/src/charon/config/proposal.h +++ b/src/charon/config/proposal.h @@ -232,4 +232,14 @@ proposal_t *proposal_create_default(protocol_id_t protocol); */ proposal_t *proposal_create_from_string(protocol_id_t protocol, const char *algs); +/** + * Get printf hooks for a proposal. + * + * Arguments are: + * proposal_t *proposal + * With the #-specifier, arguments are: + * linked_list_t *list containing proposal_t* + */ +printf_hook_functions_t proposal_get_printf_hooks(); + #endif /* PROPOSAL_H_ @} */ diff --git a/src/charon/daemon.c b/src/charon/daemon.c index ad46c2ec1..1ab88104a 100644 --- a/src/charon/daemon.c +++ b/src/charon/daemon.c @@ -43,6 +43,7 @@ #include #include +#include /* on some distros, a capset definition is missing */ #ifdef NO_CAPSET_DEFINED @@ -559,6 +560,8 @@ int main(int argc, char *argv[]) library_init(STRONGSWAN_CONF); lib->printf_hook->add_handler(lib->printf_hook, 'R', traffic_selector_get_printf_hooks()); + lib->printf_hook->add_handler(lib->printf_hook, 'P', + proposal_get_printf_hooks()); private_charon = daemon_create(); charon = (daemon_t*)private_charon;