diff --git a/Source/charon/config/Makefile.config b/Source/charon/config/Makefile.config index b8b966282..58ff4e69e 100644 --- a/Source/charon/config/Makefile.config +++ b/Source/charon/config/Makefile.config @@ -16,12 +16,12 @@ CONFIG_DIR= $(MAIN_DIR)config/ -OBJS+= $(BUILD_DIR)init_config.o -$(BUILD_DIR)init_config.o : $(CONFIG_DIR)init_config.c $(CONFIG_DIR)init_config.h +OBJS+= $(BUILD_DIR)connection.o +$(BUILD_DIR)connection.o : $(CONFIG_DIR)connection.c $(CONFIG_DIR)connection.h $(CC) $(CFLAGS) -c -o $@ $< -OBJS+= $(BUILD_DIR)sa_config.o -$(BUILD_DIR)sa_config.o : $(CONFIG_DIR)sa_config.c $(CONFIG_DIR)sa_config.h +OBJS+= $(BUILD_DIR)policy.o +$(BUILD_DIR)policy.o : $(CONFIG_DIR)policy.c $(CONFIG_DIR)policy.h $(CC) $(CFLAGS) -c -o $@ $< OBJS+= $(BUILD_DIR)traffic_selector.o @@ -32,10 +32,6 @@ OBJS+= $(BUILD_DIR)proposal.o $(BUILD_DIR)proposal.o : $(CONFIG_DIR)proposal.c $(CONFIG_DIR)proposal.h $(CC) $(CFLAGS) -c -o $@ $< -OBJS+= $(BUILD_DIR)static_configuration.o -$(BUILD_DIR)static_configuration.o : $(CONFIG_DIR)static_configuration.c $(CONFIG_DIR)static_configuration.h - $(CC) $(CFLAGS) -c -o $@ $< - -OBJS+= $(BUILD_DIR)stroke_configuration.o -$(BUILD_DIR)stroke_configuration.o : $(CONFIG_DIR)stroke_configuration.c $(CONFIG_DIR)stroke_configuration.h +OBJS+= $(BUILD_DIR)configuration.o +$(BUILD_DIR)configuration.o : $(CONFIG_DIR)configuration.c $(CONFIG_DIR)configuration.h $(CC) $(CFLAGS) -c -o $@ $< \ No newline at end of file diff --git a/Source/charon/config/configuration.c b/Source/charon/config/configuration.c new file mode 100755 index 000000000..692fdd0f9 --- /dev/null +++ b/Source/charon/config/configuration.c @@ -0,0 +1,113 @@ +/** + * @file configuration.c + * + * @brief Implementation of configuration_t. + * + */ + +/* + * Copyright (C) 2006 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include + +#include "configuration.h" + +#include +#include + +/** + * First retransmit timeout in milliseconds. + * Timeout value is increasing in each retransmit round. + */ +#define RETRANSMIT_TIMEOUT 3000 + +/** + * Timeout in milliseconds after that a half open IKE_SA gets deleted. + */ +#define HALF_OPEN_IKE_SA_TIMEOUT 30000 + +/** + * Max retransmit count. + * 0 for infinite. The max time a half open IKE_SA is alive is set by + * RETRANSMIT_TIMEOUT. + */ +#define MAX_RETRANSMIT_COUNT 0 + + +typedef struct private_configuration_t private_configuration_t; + +/** + * Private data of an configuration_t object. + */ +struct private_configuration_t { + + /** + * Public part of configuration_t object. + */ + configuration_t public; + +}; + +/** + * Implementation of configuration_t.get_retransmit_timeout. + */ +static status_t get_retransmit_timeout (private_configuration_t *this, u_int32_t retransmit_count, u_int32_t *timeout) +{ + int new_timeout = RETRANSMIT_TIMEOUT, i; + if (retransmit_count > MAX_RETRANSMIT_COUNT && MAX_RETRANSMIT_COUNT != 0) + { + return FAILED; + } + + for (i = 0; i < retransmit_count; i++) + { + new_timeout *= 2; + } + + *timeout = new_timeout; + + return SUCCESS; +} + +/** + * Implementation of configuration_t.get_half_open_ike_sa_timeout. + */ +static u_int32_t get_half_open_ike_sa_timeout (private_configuration_t *this) +{ + return HALF_OPEN_IKE_SA_TIMEOUT; +} + +/** + * Implementation of configuration_t.destroy. + */ +static void destroy(private_configuration_t *this) +{ + allocator_free(this); +} + +/* + * Described in header-file + */ +configuration_t *configuration_create() +{ + private_configuration_t *this = allocator_alloc_thing(private_configuration_t); + + /* public functions */ + this->public.destroy = (void(*)(configuration_t*))destroy; + this->public.get_retransmit_timeout = (status_t (*) (configuration_t *, u_int32_t retransmit_count, u_int32_t *timeout))get_retransmit_timeout; + this->public.get_half_open_ike_sa_timeout = (u_int32_t (*) (configuration_t *)) get_half_open_ike_sa_timeout; + + return (&this->public); +} diff --git a/Source/charon/config/configuration.h b/Source/charon/config/configuration.h index 8aa85bb78..6b741f9fb 100755 --- a/Source/charon/config/configuration.h +++ b/Source/charon/config/configuration.h @@ -6,7 +6,7 @@ */ /* - * Copyright (C) 2005 Jan Hutter, Martin Willi + * Copyright (C) 2006 Martin Willi * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -24,22 +24,12 @@ #define CONFIGURATION_H_ #include -#include -#include -#include -#include typedef struct configuration_t configuration_t; /** - * @brief The interface for a configuration backend. - * - * Multiple backends for the configuration are conceivable: - * - ipsec starter from pluto - * - own file backend - * - multiple database backends - * - LDAP backend? + * @brief The interface for various daemon related configs. * * @b Constructors: * - configuration_create() @@ -48,81 +38,11 @@ typedef struct configuration_t configuration_t; */ struct configuration_t { - /** - * @brief Returns the configuration information needed for IKE_SA_INIT exchange - * for a specific configuration name. - * - * The returned init_config_t object MUST NOT be destroyed cause it's managed by - * this configuration_t object. - * - * @param this calling object - * @param name name of the configuration - * @param[out] init_config the init_config_t object is stored at this location - * - * @return - * - NOT_FOUND - * - SUCCESS - */ - status_t (*get_init_config_for_name) (configuration_t *this, char *name, init_config_t **init_config); - - /** - * @brief Returns the configuration information needed for IKE_SA_INIT exchange - * for specific host informations. - * - * The returned init_config_t object MUST NOT be destroyed cause it's managed by - * this configuration_t object. - * - * @param this calling object - * @param my_host my host informations - * @param other_host other host informations - * @param[out] init_config the init_config_t object is stored at this location - * - * @return - * - NOT_FOUND - * - SUCCESS - */ - status_t (*get_init_config_for_host) (configuration_t *this, host_t *my_host, host_t *other_host,init_config_t **init_config); - - /** - * @brief Returns the configuration information needed after IKE_SA_INIT exchange - * for a specific configuration name. - * - * The returned sa_config_t object MUST NOT be destroyed cause it's managed by - * this configuration_t object. - * - * @param this calling object - * @param name name of the configuration - * @param[out] sa_config the sa_config_t object is stored at this location - * - * @return - * - NOT_FOUND - * - SUCCESS - */ - status_t (*get_sa_config_for_name) (configuration_t *this, char *name, sa_config_t **sa_config); - - /** - * @brief Returns the configuration information needed after IKE_SA_INIT exchange - * for specific init_config_t and ID data. - * - * The returned sa_config_t object MUST NOT be destroyed cause it's managed by - * this configuration_t object. - * - * @param this calling object - * @param init_config init_config_t object - * @param other_id identification of other one - * @param my_id my identification (can be NULL) - * @param[out] sa_config the sa_config_t object is stored at this location - * - * @return - * - NOT_FOUND - * - SUCCESS - */ - status_t (*get_sa_config_for_init_config_and_id) (configuration_t *this, init_config_t *init_config, identification_t *other_id, identification_t *my_id,sa_config_t **sa_config); - /** * @brief Returns the retransmit timeout. * - * The timeout values are managed by the configuration. + * The timeout values are managed by the configuration, so + * another backoff algorithm may be implemented here. * * @param this calling object * @param retransmit_count number of times a message was retransmitted so far @@ -148,54 +68,6 @@ struct configuration_t { * @return timeout in milliseconds (ms) */ u_int32_t (*get_half_open_ike_sa_timeout) (configuration_t *this); - - /** - * @brief Returns the preshared secret of a specific ID. - * - * The returned preshared secret MUST NOT be destroyed cause it's managed by - * this configuration_t object. - * - * @param this calling object - * @param identification identification_t object identifiying the ID. - * @param[out] preshared_secret the preshared secret will be written there. - * - * @return - * - NOT_FOUND if no preshared secrets for specific ID could be found - * - SUCCESS - */ - status_t (*get_shared_secret) (configuration_t *this, identification_t *identification, chunk_t *preshared_secret); - - /** - * @brief Returns the RSA public key of a specific ID. - * - * The returned rsa_public_key_t object MUST NOT be destroyed cause it's managed by - * this configuration_t object. - * - * @param this calling object - * @param identification identification_t object identifiying the ID. - * @param[out] public_key the public key will be written there - * - * @return - * - NOT_FOUND if no key is configured for specific id - * - SUCCESS - */ - status_t (*get_rsa_public_key) (configuration_t *this, identification_t *identification, rsa_public_key_t **public_key); - - /** - * @brief Returns the RSA private key of a specific ID. - * - * The returned rsa_private_key_t object MUST NOT be destroyed cause it's managed by - * this configuration_t object. - * - * @param this calling object - * @param identification identification_t object identifiying the ID. - * @param[out] private_key the private key will be written there - * - * @return - * - NOT_FOUND if no key is configured for specific id - * - SUCCESS - */ - status_t (*get_rsa_private_key) (configuration_t *this, identification_t *identification, rsa_private_key_t **private_key); /** * @brief Destroys a configuration_t object. @@ -205,4 +77,13 @@ struct configuration_t { void (*destroy) (configuration_t *this); }; +/** + * @brief Creates a configuration backend. + * + * @return static_configuration_t object + * + * @ingroup config + */ +configuration_t *configuration_create(); + #endif /*CONFIGURATION_H_*/ diff --git a/Source/charon/config/init_config.c b/Source/charon/config/connection.c similarity index 50% rename from Source/charon/config/init_config.c rename to Source/charon/config/connection.c index e639c2fce..789cebb49 100644 --- a/Source/charon/config/init_config.c +++ b/Source/charon/config/connection.c @@ -1,7 +1,7 @@ /** - * @file init_config.c + * @file connection.c * - * @brief Implementation of init_config_t. + * @brief Implementation of connection_t. * */ @@ -20,23 +20,44 @@ * for more details. */ -#include "init_config.h" +#include "connection.h" #include #include #include -typedef struct private_init_config_t private_init_config_t; +/** + * String mappings for auth_method_t. + */ +mapping_t auth_method_m[] = { + {RSA_DIGITAL_SIGNATURE, "RSA"}, + {SHARED_KEY_MESSAGE_INTEGRITY_CODE, "SHARED_KEY"}, + {DSS_DIGITAL_SIGNATURE, "DSS"}, + {MAPPING_END, NULL} +}; + + +typedef struct private_connection_t private_connection_t; /** - * Private data of an init_config_t object + * Private data of an connection_t object */ -struct private_init_config_t { +struct private_connection_t { /** * Public part */ - init_config_t public; + connection_t public; + + /** + * ID of us + */ + identification_t *my_id; + + /** + * ID of remote peer + */ + identification_t *other_id; /** * Host information of my host. @@ -48,6 +69,11 @@ struct private_init_config_t { */ host_t *other_host; + /** + * Method to use for own authentication data + */ + auth_method_t auth_method; + /** * Supported proposals */ @@ -55,49 +81,58 @@ struct private_init_config_t { }; /** - * Implementation of init_config_t.get_my_host. + * Implementation of connection_t.get_my_id. */ -static host_t * get_my_host (private_init_config_t *this) +static identification_t *get_my_id (private_connection_t *this) +{ + return this->my_id; +} + +/** + * Implementation of connection_t.get_other_id. + */ +static identification_t *get_other_id(private_connection_t *this) +{ + return this->other_id; +} + +/** + * Implementation of connection_t.get_my_host. + */ +static host_t * get_my_host (private_connection_t *this) { return this->my_host; } /** - * Implementation of init_config_t.get_other_host. + * Implementation of connection_t.update_my_host. */ -static host_t * get_other_host (private_init_config_t *this) +static void update_my_host(private_connection_t *this, host_t *my_host) +{ + this->my_host->destroy(this->my_host); + this->my_host = my_host; +} + +/** + * Implementation of connection_t.get_other_host. + */ +static host_t * get_other_host (private_connection_t *this) { return this->other_host; } /** - * Implementation of init_config_t.get_my_host_clone. + * Implementation of connection_t.get_proposals. */ -static host_t * get_my_host_clone (private_init_config_t *this) -{ - return this->my_host->clone(this->my_host); -} - -/** - * Implementation of init_config_t.get_other_host_clone. - */ -static host_t * get_other_host_clone (private_init_config_t *this) -{ - return this->other_host->clone(this->other_host); -} - -/** - * Implementation of init_config_t.get_proposals. - */ -static linked_list_t* get_proposals (private_init_config_t *this) +static linked_list_t* get_proposals (private_connection_t *this) { return this->proposals; } /** - * Implementation of init_config_t.select_proposal. + * Implementation of connection_t.select_proposal. */ -static proposal_t *select_proposal(private_init_config_t *this, linked_list_t *proposals) +static proposal_t *select_proposal(private_connection_t *this, linked_list_t *proposals) { iterator_t *stored_iter, *supplied_iter; proposal_t *stored, *supplied, *selected; @@ -133,17 +168,25 @@ static proposal_t *select_proposal(private_init_config_t *this, linked_list_t *p } /** - * Implementation of init_config_t.add_proposal. + * Implementation of connection_t.add_proposal. */ -static void add_proposal (private_init_config_t *this, proposal_t *proposal) +static void add_proposal (private_connection_t *this, proposal_t *proposal) { this->proposals->insert_last(this->proposals, proposal); } /** - * Implementation of init_config_t.get_dh_group. + * Implementation of connection_t.auth_method_t. */ -static diffie_hellman_group_t get_dh_group(private_init_config_t *this) +static auth_method_t get_auth_method(private_connection_t *this) +{ + return this->auth_method; +} + +/** + * Implementation of connection_t.get_dh_group. + */ +static diffie_hellman_group_t get_dh_group(private_connection_t *this) { iterator_t *iterator; proposal_t *proposal; @@ -165,9 +208,9 @@ static diffie_hellman_group_t get_dh_group(private_init_config_t *this) } /** - * Implementation of init_config_t.check_dh_group. + * Implementation of connection_t.check_dh_group. */ -static bool check_dh_group(private_init_config_t *this, diffie_hellman_group_t dh_group) +static bool check_dh_group(private_connection_t *this, diffie_hellman_group_t dh_group) { iterator_t *prop_iter, *alg_iter; proposal_t *proposal; @@ -195,9 +238,9 @@ static bool check_dh_group(private_init_config_t *this, diffie_hellman_group_t d } /** - * Implementation of init_config_t.destroy. + * Implementation of connection_t.destroy. */ -static void destroy (private_init_config_t *this) +static void destroy (private_connection_t *this) { proposal_t *proposal; @@ -209,31 +252,38 @@ static void destroy (private_init_config_t *this) this->my_host->destroy(this->my_host); this->other_host->destroy(this->other_host); + this->my_id->destroy(this->my_id); + this->other_id->destroy(this->other_id); allocator_free(this); } /** * Described in header. */ -init_config_t * init_config_create(host_t *me, host_t *other) +connection_t * connection_create(host_t *my_host, host_t *other_host, identification_t *my_id, identification_t *other_id, auth_method_t auth_method) { - private_init_config_t *this = allocator_alloc_thing(private_init_config_t); + private_connection_t *this = allocator_alloc_thing(private_connection_t); /* public functions */ - this->public.get_my_host = (host_t*(*)(init_config_t*))get_my_host; - this->public.get_other_host = (host_t*(*)(init_config_t*))get_other_host; - this->public.get_my_host_clone = (host_t*(*)(init_config_t*))get_my_host_clone; - this->public.get_other_host_clone = (host_t*(*)(init_config_t*))get_other_host_clone; - this->public.get_proposals = (linked_list_t*(*)(init_config_t*))get_proposals; - this->public.select_proposal = (proposal_t*(*)(init_config_t*,linked_list_t*))select_proposal; - this->public.add_proposal = (void(*)(init_config_t*, proposal_t*)) add_proposal; - this->public.get_dh_group = (diffie_hellman_group_t(*)(init_config_t*)) get_dh_group; - this->public.check_dh_group = (bool(*)(init_config_t*,diffie_hellman_group_t)) check_dh_group; - this->public.destroy = (void(*)(init_config_t*))destroy; + this->public.get_my_id = (identification_t*(*)(connection_t*))get_my_id; + this->public.get_other_id = (identification_t*(*)(connection_t*))get_other_id; + this->public.get_my_host = (host_t*(*)(connection_t*))get_my_host; + this->public.update_my_host = (void(*)(connection_t*,host_t*))update_my_host; + this->public.get_other_host = (host_t*(*)(connection_t*))get_other_host; + this->public.get_proposals = (linked_list_t*(*)(connection_t*))get_proposals; + this->public.select_proposal = (proposal_t*(*)(connection_t*,linked_list_t*))select_proposal; + this->public.add_proposal = (void(*)(connection_t*, proposal_t*)) add_proposal; + this->public.get_auth_method = (auth_method_t(*)(connection_t*)) get_auth_method; + this->public.get_dh_group = (diffie_hellman_group_t(*)(connection_t*)) get_dh_group; + this->public.check_dh_group = (bool(*)(connection_t*,diffie_hellman_group_t)) check_dh_group; + this->public.destroy = (void(*)(connection_t*))destroy; /* private variables */ - this->my_host = me; - this->other_host = other; + this->my_host = my_host; + this->other_host = other_host; + this->my_id = my_id; + this->other_id = other_id; + this->auth_method = auth_method; this->proposals = linked_list_create(); diff --git a/Source/charon/config/connection.h b/Source/charon/config/connection.h new file mode 100644 index 000000000..b112ace70 --- /dev/null +++ b/Source/charon/config/connection.h @@ -0,0 +1,224 @@ +/** + * @file connection.h + * + * @brief Interface of connection_t. + * + */ + +/* + * Copyright (C) 2005 Jan Hutter, Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#ifndef CONNECTION_H_ +#define CONNECTION_H_ + +#include +#include +#include +#include +#include +#include + + +typedef enum auth_method_t auth_method_t; + +/** + * AUTH Method to use. + * + * @ingroup config + */ +enum auth_method_t { + /** + * Computed as specified in section 2.15 of RFC using + * an RSA private key over a PKCS#1 padded hash. + */ + RSA_DIGITAL_SIGNATURE = 1, + + /** + * Computed as specified in section 2.15 of RFC using the + * shared key associated with the identity in the ID payload + * and the negotiated prf function + */ + SHARED_KEY_MESSAGE_INTEGRITY_CODE = 2, + + /** + * Computed as specified in section 2.15 of RFC using a + * DSS private key over a SHA-1 hash. + */ + DSS_DIGITAL_SIGNATURE = 3, +}; + +/** + * string mappings for auth method. + * + * @ingroup config + */ +extern mapping_t auth_method_m[]; + + +typedef struct connection_t connection_t; + +/** + * @brief A connection_t defines the rules to set up an IKE_SA. + * + * + * @b Constructors: + * - connection_create() + * + * @ingroup config + */ +struct connection_t { + + /** + * @brief Get my ID for this connection. + * + * Object is NOT getting cloned. + * + * @param this calling object + * @return host information as identification_t object + */ + identification_t *(*get_my_id) (connection_t *this); + + /** + * @brief Get others ID for this connection. + * + * Object is NOT getting cloned. + * + * @param this calling object + * @return host information as identification_t object + */ + identification_t *(*get_other_id) (connection_t *this); + + /** + * @brief Get my address as host_t object. + * + * Object is NOT getting cloned. + * + * @param this calling object + * @return host information as host_t object + */ + host_t *(*get_my_host) (connection_t *this); + + /** + * @brief Get others address as host_t object. + * + * Object is NOT getting cloned. + * + * @param this calling object + * @return host information as host_t object + */ + host_t *(*get_other_host) (connection_t *this); + + /** + * @brief Update address of my host. + * + * It may be necessary to uptdate this address, as it + * is set to the default route (0.0.0.0) in some cases. + * Old host is destroyed, new one NOT cloned. + * + * @param this calling object + * @param my_host new host to set as my_host + */ + void (*update_my_host) (connection_t *this, host_t *my_host); + + /** + * @brief Returns a list of all supported proposals. + * + * Returned list is still owned by connection and MUST NOT + * modified or destroyed. + * + * @param this calling object + * @return list containing all the proposals + */ + linked_list_t *(*get_proposals) (connection_t *this); + + /** + * @brief Adds a proposal to the list.. + * + * The first added proposal has the highest priority, the last + * added the lowest. + * + * @param this calling object + * @param proposal proposal to add + */ + void (*add_proposal) (connection_t *this, proposal_t *proposal); + + /** + * @brief Select a proposed from suggested proposals. + * + * Returned proposal must be destroyed after usage. + * + * @param this calling object + * @param proposals list of proposals to select from + * @return selected proposal, or NULL if none matches. + */ + proposal_t *(*select_proposal) (connection_t *this, linked_list_t *proposals); + + /** + * @brief Get the authentication method to use + * + * @param this calling object + * @return authentication method + */ + auth_method_t (*get_auth_method) (connection_t *this); + + /** + * @brief Get the DH group to use for connection initialization. + * + * @param this calling object + * @return dh group to use for initialization + */ + diffie_hellman_group_t (*get_dh_group) (connection_t *this); + + /** + * @brief Check if a suggested dh group is acceptable. + * + * If we guess a wrong DH group for IKE_SA_INIT, the other + * peer will send us a offer. But is this acceptable for us? + * + * @param this calling object + * @return TRUE if group acceptable + */ + bool (*check_dh_group) (connection_t *this, diffie_hellman_group_t dh_group); + + /** + * @brief Destroys a connection_t object. + * + * @param this calling object + */ + void (*destroy) (connection_t *this); +}; + +/** + * @brief Creates a connection_t object. + * + * Supplied hosts/IDs become owned by connection, so + * do not modify or destroy them after a call to + * connection_create(). + * + * @param my_host host_t representing local address + * @param other_host host_t representing remote address + * @param my_id identification_t for me + * @param other_id identification_t for other + * @param auth_method Authentication method to use for our(!) auth data + * @return connection_t object. + * + * @ingroup config + */ +connection_t * connection_create(host_t *my_host, host_t *other_host, + identification_t *my_id, + identification_t *other_id, + auth_method_t auth_method); + +#endif /* CONNECTION_H_ */ diff --git a/Source/charon/config/connection_store.h b/Source/charon/config/connection_store.h new file mode 100755 index 000000000..aac10574b --- /dev/null +++ b/Source/charon/config/connection_store.h @@ -0,0 +1,80 @@ +/** + * @file connection_store.h + * + * @brief Interface connection_store_t. + * + */ + +/* + * Copyright (C) 2006 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#ifndef CONNECTION_STORE_H_ +#define CONNECTION_STORE_H_ + +#include +#include + + +typedef struct connection_store_t connection_store_t; + +/** + * @brief The interface for a store of connection_t's. + * + * @b Constructors: + * - connection_store_create() + * + * @ingroup config + */ +struct connection_store_t { + + /** + * @brief Returns a connection definition identified by two IDs. + * + * The returned connection gets created/cloned and therefore must + * be destroyed after usage. + * + * @param this calling object + * @param my_id own ID of connection + * @param other_id others ID of connection + * @return + * - connection_t, if found + * - NULL otherwise + */ + connection_t *(*get_connection_by_ids) (connection_store_t *this, identification_t *my_id, identification_t *other_id); + + /** + * @brief Returns a connection definition identified by two hosts. + * + * The returned connection gets created/cloned and therefore must + * be destroyed after usage. + * + * @param this calling object + * @param my_id own address of connection + * @param other_id others address of connection + * @return + * - connection_t, if found + * - NULL otherwise + */ + connection_t *(*get_connection_by_hosts) (connection_store_t *this, host_t *my_host, host_t *other_host); + + /** + * @brief Destroys a connection_store_t object. + * + * @param this calling object + */ + void (*destroy) (connection_store_t *this); +}; + +#endif /*CONNECTION_STORE_H_*/ diff --git a/Source/charon/config/credential_store.h b/Source/charon/config/credential_store.h new file mode 100755 index 000000000..89e9704b3 --- /dev/null +++ b/Source/charon/config/credential_store.h @@ -0,0 +1,99 @@ +/** + * @file credential_store.h + * + * @brief Interface credential_store_t. + * + */ + +/* + * Copyright (C) 2005 Jan Hutter, Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#ifndef CREDENTIAL_STORE_H_ +#define CREDENTIAL_STORE_H_ + +#include +#include +#include + + +typedef struct credential_store_t credential_store_t; + +/** + * @brief The interface for a credential_store backend. + * + * @b Constructors: + * - credential_store_create() + * + * @ingroup config + */ +struct credential_store_t { + + /** + * @brief Returns the preshared secret of a specific ID. + * + * The returned preshared secret MUST NOT be destroyed cause it's managed by + * this credential_store_t object. + * + * @param this calling object + * @param identification identification_t object identifiying the secret. + * @param[out] preshared_secret the preshared secret will be written there. + * + * @return + * - NOT_FOUND if no preshared secrets for specific ID could be found + * - SUCCESS + */ + status_t (*get_shared_secret) (credential_store_t *this, identification_t *identification, chunk_t *preshared_secret); + + /** + * @brief Returns the RSA public key of a specific ID. + * + * The returned rsa_public_key_t object MUST NOT be destroyed cause it's managed by + * this credential_store_t object. + * + * @param this calling object + * @param identification identification_t object identifiying the key. + * @param[out] public_key the public key will be written there + * + * @return + * - NOT_FOUND if no key is configured for specific id + * - SUCCESS + */ + status_t (*get_rsa_public_key) (credential_store_t *this, identification_t *identification, rsa_public_key_t **public_key); + + /** + * @brief Returns the RSA private key of a specific ID. + * + * The returned rsa_private_key_t object MUST NOT be destroyed cause it's managed by + * this credential_store_t object. + * + * @param this calling object + * @param identification identification_t object identifiying the key + * @param[out] private_key the private key will be written there + * + * @return + * - NOT_FOUND if no key is configured for specific id + * - SUCCESS + */ + status_t (*get_rsa_private_key) (credential_store_t *this, identification_t *identification, rsa_private_key_t **private_key); + + /** + * @brief Destroys a credential_store_t object. + * + * @param this calling object + */ + void (*destroy) (credential_store_t *this); +}; + +#endif /*CREDENTIAL_STORE_H_*/ diff --git a/Source/charon/config/init_config.h b/Source/charon/config/init_config.h deleted file mode 100644 index e9f1aa5af..000000000 --- a/Source/charon/config/init_config.h +++ /dev/null @@ -1,165 +0,0 @@ -/** - * @file init_config.h - * - * @brief Interface of init_config_t. - * - */ - -/* - * Copyright (C) 2005 Jan Hutter, Martin Willi - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#ifndef _INIT_CONFIG_H_ -#define _INIT_CONFIG_H_ - -#include -#include -#include -#include -#include -#include -#include -#include - - - -typedef struct init_config_t init_config_t; - -/** - * @brief Represents a configuration class holding all needed informations for IKE_SA_INIT phase. - * - * @b Constructors: - * - init_config_create() - * - * @ingroup config - */ -struct init_config_t { - - /** - * @brief Get my host information as host_t object. - * - * Object is NOT getting cloned. - * - * @param this calling object - * @return host information as host_t object - */ - host_t *(*get_my_host) (init_config_t *this); - - /** - * @brief Get other host information as host_t object. - * - * Object is NOT getting cloned. - * - * @param this calling object - * @return host information as host_t object - */ - host_t *(*get_other_host) (init_config_t *this); - - /** - * @brief Get my host information as host_t object. - * - * Object is getting cloned and has to get destroyed by caller. - * - * @param this calling object - * @return host information as host_t object - */ - host_t *(*get_my_host_clone) (init_config_t *this); - - /** - * @brief Get other host information as host_t object. - * - * @warning Object is getting cloned and has to get destroyed by caller. - * - * @param this calling object - * @return host information as host_t object - */ - host_t *(*get_other_host_clone) (init_config_t *this); - - /** - * @brief Returns a list of all supported proposals. - * - * Returned list is still owned by init_config and MUST NOT - * modified or destroyed. - * - * @param this calling object - * @return list containing all the proposals - */ - linked_list_t *(*get_proposals) (init_config_t *this); - - /** - * @brief Adds a proposal to the list.. - * - * The first added proposal has the highest priority, the last - * added the lowest. - * - * @param this calling object - * @param priority priority of adding proposal - * @param proposal proposal to add - */ - void (*add_proposal) (init_config_t *this, proposal_t *proposal); - - /** - * @brief Select a proposed from suggested proposals. - * - * Returned proposal must be destroyed after usage. - * - * @param this calling object - * @param proposals list of proposals to select from - * @return selected proposal, or NULL if none matches. - */ - proposal_t *(*select_proposal) (init_config_t *this, linked_list_t *proposals); - - /** - * @brief Get the DH group to use for connection initialization. - * - * @param this calling object - * @return dh group to use for initialization - */ - diffie_hellman_group_t (*get_dh_group) (init_config_t *this); - - /** - * @brief Check if a suggested dh group is acceptable. - * - * If we guess a wrong DH group for IKE_SA_INIT, the other - * peer will send us a offer. But is this acceptable for us? - * - * @param this calling object - * @return dh group to use for initialization - */ - bool (*check_dh_group) (init_config_t *this, diffie_hellman_group_t dh_group); - - /** - * @brief Destroys a init_config_t object. - * - * @param this calling object - */ - void (*destroy) (init_config_t *this); -}; - -/** - * @brief Creates a init_config_t object from two host_t's. - * - * Supplied hosts become owned by init_config, so - * do not modify or destroy them after a call to - * init_config_create_from_hosts(). - * - * @param me host_t object representing local address - * @param other host_t object representing remote address - * @return init_config_t object. - * - * @ingroup config - */ -init_config_t * init_config_create(host_t *me, host_t *other); - -#endif /* _INIT_CONFIG_H_ */ diff --git a/Source/charon/config/sa_config.c b/Source/charon/config/policy.c similarity index 52% rename from Source/charon/config/sa_config.c rename to Source/charon/config/policy.c index 672ac955c..0d9e8487d 100644 --- a/Source/charon/config/sa_config.c +++ b/Source/charon/config/policy.c @@ -1,7 +1,7 @@ /** - * @file sa_config.c + * @file policy.c * - * @brief Implementation of sa_config_t. + * @brief Implementation of policy_t. * */ @@ -20,24 +20,24 @@ * for more details. */ -#include "sa_config.h" +#include "policy.h" #include #include #include #include -typedef struct private_sa_config_t private_sa_config_t; +typedef struct private_policy_t private_policy_t; /** - * Private data of an sa_config_t object + * Private data of an policy_t object */ -struct private_sa_config_t { +struct private_policy_t { /** * Public part */ - sa_config_t public; + policy_t public; /** * id to use to identify us @@ -49,16 +49,6 @@ struct private_sa_config_t { */ identification_t *other_id; - /** - * authentification method to use - */ - auth_method_t auth_method; - - /** - * Lifetime of IKE_SA in milliseconds. - */ - u_int32_t ike_sa_lifetime; - /** * list for all proposals */ @@ -77,76 +67,60 @@ struct private_sa_config_t { /** * select_traffic_selectors for both */ - linked_list_t *(*select_traffic_selectors) (private_sa_config_t *,linked_list_t*,linked_list_t*); + linked_list_t *(*select_traffic_selectors) (private_policy_t *,linked_list_t*,linked_list_t*); }; /** - * Implementation of sa_config_t.get_my_id + * Implementation of policy_t.get_my_id */ -static identification_t *get_my_id(private_sa_config_t *this) +static identification_t *get_my_id(private_policy_t *this) { return this->my_id; } /** - * Implementation of sa_config_t.get_other_id + * Implementation of policy_t.get_other_id */ -static identification_t *get_other_id(private_sa_config_t *this) +static identification_t *get_other_id(private_policy_t *this) { return this->other_id; } /** - * Implementation of sa_config_t.get_auth_method. + * Implementation of policy_t.get_my_traffic_selectors */ -static auth_method_t get_auth_method(private_sa_config_t *this) -{ - return this->auth_method; -} - -/** - * Implementation of sa_config_t.get_ike_sa_lifetime. - */ -static u_int32_t get_ike_sa_lifetime (private_sa_config_t *this) -{ - return this->ike_sa_lifetime; -} - -/** - * Implementation of sa_config_t.get_my_traffic_selectors - */ -static linked_list_t *get_my_traffic_selectors(private_sa_config_t *this) +static linked_list_t *get_my_traffic_selectors(private_policy_t *this) { return this->my_ts; } /** - * Implementation of sa_config_t.get_other_traffic_selectors + * Implementation of policy_t.get_other_traffic_selectors */ -static linked_list_t *get_other_traffic_selectors(private_sa_config_t *this, traffic_selector_t **traffic_selectors[]) +static linked_list_t *get_other_traffic_selectors(private_policy_t *this, traffic_selector_t **traffic_selectors[]) { return this->other_ts; } /** - * Implementation of private_sa_config_t.select_my_traffic_selectors + * Implementation of private_policy_t.select_my_traffic_selectors */ -static linked_list_t *select_my_traffic_selectors(private_sa_config_t *this, linked_list_t *supplied) +static linked_list_t *select_my_traffic_selectors(private_policy_t *this, linked_list_t *supplied) { return this->select_traffic_selectors(this, this->my_ts, supplied); } /** - * Implementation of private_sa_config_t.select_other_traffic_selectors + * Implementation of private_policy_t.select_other_traffic_selectors */ -static linked_list_t *select_other_traffic_selectors(private_sa_config_t *this, linked_list_t *supplied) +static linked_list_t *select_other_traffic_selectors(private_policy_t *this, linked_list_t *supplied) { return this->select_traffic_selectors(this, this->other_ts, supplied); } /** - * Implementation of private_sa_config_t.select_traffic_selectors + * Implementation of private_policy_t.select_traffic_selectors */ -static linked_list_t *select_traffic_selectors(private_sa_config_t *this, linked_list_t *stored, linked_list_t *supplied) +static linked_list_t *select_traffic_selectors(private_policy_t *this, linked_list_t *stored, linked_list_t *supplied) { iterator_t *supplied_iter, *stored_iter; traffic_selector_t *supplied_ts, *stored_ts, *selected_ts; @@ -182,17 +156,17 @@ static linked_list_t *select_traffic_selectors(private_sa_config_t *this, linked } /** - * Implementation of sa_config_t.get_proposal_iterator + * Implementation of policy_t.get_proposal_iterator */ -static linked_list_t *get_proposals(private_sa_config_t *this) +static linked_list_t *get_proposals(private_policy_t *this) { return this->proposals; } /** - * Implementation of sa_config_t.select_proposal + * Implementation of policy_t.select_proposal */ -static proposal_t *select_proposal(private_sa_config_t *this, linked_list_t *proposals) +static proposal_t *select_proposal(private_policy_t *this, linked_list_t *proposals) { iterator_t *stored_iter, *supplied_iter; proposal_t *stored, *supplied, *selected; @@ -228,33 +202,33 @@ static proposal_t *select_proposal(private_sa_config_t *this, linked_list_t *pro } /** - * Implementation of sa_config_t.add_my_traffic_selector + * Implementation of policy_t.add_my_traffic_selector */ -static void add_my_traffic_selector(private_sa_config_t *this, traffic_selector_t *traffic_selector) +static void add_my_traffic_selector(private_policy_t *this, traffic_selector_t *traffic_selector) { this->my_ts->insert_last(this->my_ts, (void*)traffic_selector); } /** - * Implementation of sa_config_t.add_other_traffic_selector + * Implementation of policy_t.add_other_traffic_selector */ -static void add_other_traffic_selector(private_sa_config_t *this, traffic_selector_t *traffic_selector) +static void add_other_traffic_selector(private_policy_t *this, traffic_selector_t *traffic_selector) { this->other_ts->insert_last(this->other_ts, (void*)traffic_selector); } /** - * Implementation of sa_config_t.add_proposal + * Implementation of policy_t.add_proposal */ -static void add_proposal(private_sa_config_t *this, proposal_t *proposal) +static void add_proposal(private_policy_t *this, proposal_t *proposal) { this->proposals->insert_last(this->proposals, (void*)proposal); } /** - * Implements sa_config_t.destroy. + * Implements policy_t.destroy. */ -static status_t destroy(private_sa_config_t *this) +static status_t destroy(private_policy_t *this) { proposal_t *proposal; traffic_selector_t *traffic_selector; @@ -292,48 +266,33 @@ static status_t destroy(private_sa_config_t *this) /* * Described in header-file */ -sa_config_t *sa_config_create(id_type_t my_id_type, char *my_id, id_type_t other_id_type, char *other_id, auth_method_t auth_method, u_int32_t ike_sa_lifetime) +policy_t *policy_create(identification_t *my_id, identification_t *other_id) { - private_sa_config_t *this = allocator_alloc_thing(private_sa_config_t); + private_policy_t *this = allocator_alloc_thing(private_policy_t); /* public functions */ - this->public.get_my_id = (identification_t*(*)(sa_config_t*))get_my_id; - this->public.get_other_id = (identification_t*(*)(sa_config_t*))get_other_id; - this->public.get_auth_method = (auth_method_t(*)(sa_config_t*))get_auth_method; - this->public.get_ike_sa_lifetime = (u_int32_t(*)(sa_config_t*))get_ike_sa_lifetime; - this->public.get_my_traffic_selectors = (linked_list_t*(*)(sa_config_t*))get_my_traffic_selectors; - this->public.select_my_traffic_selectors = (linked_list_t*(*)(sa_config_t*,linked_list_t*))select_my_traffic_selectors; - this->public.get_other_traffic_selectors = (linked_list_t*(*)(sa_config_t*))get_other_traffic_selectors; - this->public.select_other_traffic_selectors = (linked_list_t*(*)(sa_config_t*,linked_list_t*))select_other_traffic_selectors; - this->public.get_proposals = (linked_list_t*(*)(sa_config_t*))get_proposals; - this->public.select_proposal = (proposal_t*(*)(sa_config_t*,linked_list_t*))select_proposal; - this->public.add_my_traffic_selector = (void(*)(sa_config_t*,traffic_selector_t*))add_my_traffic_selector; - this->public.add_other_traffic_selector = (void(*)(sa_config_t*,traffic_selector_t*))add_other_traffic_selector; - this->public.add_proposal = (void(*)(sa_config_t*,proposal_t*))add_proposal; - this->public.destroy = (void(*)(sa_config_t*))destroy; + this->public.get_my_id = (identification_t*(*)(policy_t*))get_my_id; + this->public.get_other_id = (identification_t*(*)(policy_t*))get_other_id; + this->public.get_my_traffic_selectors = (linked_list_t*(*)(policy_t*))get_my_traffic_selectors; + this->public.select_my_traffic_selectors = (linked_list_t*(*)(policy_t*,linked_list_t*))select_my_traffic_selectors; + this->public.get_other_traffic_selectors = (linked_list_t*(*)(policy_t*))get_other_traffic_selectors; + this->public.select_other_traffic_selectors = (linked_list_t*(*)(policy_t*,linked_list_t*))select_other_traffic_selectors; + this->public.get_proposals = (linked_list_t*(*)(policy_t*))get_proposals; + this->public.select_proposal = (proposal_t*(*)(policy_t*,linked_list_t*))select_proposal; + this->public.add_my_traffic_selector = (void(*)(policy_t*,traffic_selector_t*))add_my_traffic_selector; + this->public.add_other_traffic_selector = (void(*)(policy_t*,traffic_selector_t*))add_other_traffic_selector; + this->public.add_proposal = (void(*)(policy_t*,proposal_t*))add_proposal; + this->public.destroy = (void(*)(policy_t*))destroy; /* apply init values */ - this->my_id = identification_create_from_string(my_id_type, my_id); - if (this->my_id == NULL) - { - allocator_free(this); - return NULL; - } - this->other_id = identification_create_from_string(other_id_type, other_id); - if (this->my_id == NULL) - { - this->other_id->destroy(this->other_id); - allocator_free(this); - return NULL; - } + this->my_id = my_id; + this->other_id = other_id; /* init private members*/ this->select_traffic_selectors = select_traffic_selectors; this->proposals = linked_list_create(); this->my_ts = linked_list_create(); this->other_ts = linked_list_create(); - this->auth_method = auth_method; - this->ike_sa_lifetime = ike_sa_lifetime; return (&this->public); } diff --git a/Source/charon/config/sa_config.h b/Source/charon/config/policy.h similarity index 59% rename from Source/charon/config/sa_config.h rename to Source/charon/config/policy.h index 783e2f568..ddae051b9 100644 --- a/Source/charon/config/sa_config.h +++ b/Source/charon/config/policy.h @@ -1,7 +1,7 @@ /** - * @file sa_config.h + * @file policy.h * - * @brief Interface of sa_config_t. + * @brief Interface of policy_t. * */ @@ -20,38 +20,30 @@ * for more details. */ -#ifndef _SA_CONFIG_H_ -#define _SA_CONFIG_H_ +#ifndef POLICY_H_ +#define POLICY_H_ #include #include -#include -#include -#include -#include -#include -#include #include #include +#include - -typedef struct sa_config_t sa_config_t; +typedef struct policy_t policy_t; /** - * @brief Stores configuration of an initialized connection. + * @brief A policy_t defines the policies to apply to CHILD_SAs. * - * During the IKE_AUTH phase, we have enough data to specify a - * configuration. - * - * @warning This config is not thread save. + * The given two IDs identify a policy. These rules define how + * child SAs may be set up and which traffic may be IPsec'ed. * * @b Constructors: - * - sa_config_create() + * - policy_create() * * @ingroup config */ -struct sa_config_t { +struct policy_t { /** * @brief Get own id to use for identification. @@ -61,7 +53,7 @@ struct sa_config_t { * @param this calling object * @return own id */ - identification_t *(*get_my_id) (sa_config_t *this); + identification_t *(*get_my_id) (policy_t *this); /** * @brief Get id of communication partner. @@ -71,22 +63,7 @@ struct sa_config_t { * @param this calling object * @return other id */ - identification_t *(*get_other_id) (sa_config_t *this); - - /** - * @brief Get authentication method to use for IKE_AUTH. - * - * @param this calling object - * @return authentication methood - */ - auth_method_t (*get_auth_method) (sa_config_t *this); - - /** - * @brief Get lifetime of IKE_SA in milliseconds. - * - * @return IKE_SA lifetime in milliseconds. - */ - u_int32_t (*get_ike_sa_lifetime) (sa_config_t *this); + identification_t *(*get_other_id) (policy_t *this); /** * @brief Get configured traffic selectors for our site. @@ -97,7 +74,7 @@ struct sa_config_t { * @param this calling object * @return list with traffic selectors */ - linked_list_t *(*get_my_traffic_selectors) (sa_config_t *this); + linked_list_t *(*get_my_traffic_selectors) (policy_t *this); /** * @brief Get configured traffic selectors for others site. @@ -108,7 +85,7 @@ struct sa_config_t { * @param this calling object * @return list with traffic selectors */ - linked_list_t *(*get_other_traffic_selectors) (sa_config_t *this); + linked_list_t *(*get_other_traffic_selectors) (policy_t *this); /** * @brief Select traffic selectors from a supplied list for local site. @@ -119,7 +96,7 @@ struct sa_config_t { * @param supplied linked list with traffic selectors * @return list containing the selected traffic selectors */ - linked_list_t *(*select_my_traffic_selectors) (sa_config_t *this, linked_list_t *supplied); + linked_list_t *(*select_my_traffic_selectors) (policy_t *this, linked_list_t *supplied); /** * @brief Select traffic selectors from a supplied list for remote site. @@ -130,21 +107,21 @@ struct sa_config_t { * @param supplied linked list with traffic selectors * @return list containing the selected traffic selectors */ - linked_list_t *(*select_other_traffic_selectors) (sa_config_t *this, linked_list_t *supplied); + linked_list_t *(*select_other_traffic_selectors) (policy_t *this, linked_list_t *supplied); /** * @brief Get the list of internally stored proposals. * - * Rembember: sa_config_t does store proposals for AH/ESP, - * IKE proposals are in the init_config_t + * Rembember: policy_t does store proposals for AH/ESP, + * IKE proposals are in the connection_t * - * @warning List and Items are still owned by sa_config and MUST NOT + * @warning List and Items are still owned by policy and MUST NOT * be manipulated or freed! * * @param this calling object * @return lists with proposals */ - linked_list_t *(*get_proposals) (sa_config_t *this); + linked_list_t *(*get_proposals) (policy_t *this); /** * @brief Select a proposal from a supplied list. @@ -153,31 +130,31 @@ struct sa_config_t { * @param proposals list from from wich proposals are selected * @return selected proposal, or NULL if nothing matches */ - proposal_t *(*select_proposal) (sa_config_t *this, linked_list_t *proposals); + proposal_t *(*select_proposal) (policy_t *this, linked_list_t *proposals); /** * @brief Add a traffic selector to the list for local site. * - * After add, proposal is owned by sa_config. + * After add, proposal is owned by policy. * * @warning Do not add while other threads are reading. * * @param this calling object * @param traffic_selector traffic_selector to add */ - void (*add_my_traffic_selector) (sa_config_t *this, traffic_selector_t *traffic_selector); + void (*add_my_traffic_selector) (policy_t *this, traffic_selector_t *traffic_selector); /** * @brief Add a traffic selector to the list for remote site. * - * After add, proposal is owned by sa_config. + * After add, proposal is owned by policy. * * @warning Do not add while other threads are reading. * * @param this calling object * @param traffic_selector traffic_selector to add */ - void (*add_other_traffic_selector) (sa_config_t *this, traffic_selector_t *traffic_selector); + void (*add_other_traffic_selector) (policy_t *this, traffic_selector_t *traffic_selector); /** * @brief Add a proposal to the list. @@ -190,30 +167,25 @@ struct sa_config_t { * @param this calling object * @param proposal proposal to add */ - void (*add_proposal) (sa_config_t *this, proposal_t *proposal); + void (*add_proposal) (policy_t *this, proposal_t *proposal); /** * @brief Destroys the config object * * @param this calling object */ - void (*destroy) (sa_config_t *this); + void (*destroy) (policy_t *this); }; /** * @brief Create a configuration object for IKE_AUTH and later. * - * @param my_id_type type of my identification - * @param my_id my identification as string - * @param other_id_type type of other identification - * @param other_id other identification as string - * @param auth_method Method of authentication - * @param ike_sa_lifetime lifetime of this IKE_SA in milliseconds. IKE_SA will be deleted - * after this lifetime! - * @return sa_config_t object + * @param my_id identification_t for ourselves + * @param other_id identification_t for the remote guy + * @return policy_t object * * @ingroup config */ -sa_config_t *sa_config_create(id_type_t my_id_type, char *my_id, id_type_t other_id_type, char *other_id, auth_method_t auth_method, u_int32_t ike_sa_lifetime); +policy_t *policy_create(identification_t *my_id, identification_t *other_id); -#endif //_SA_CONFIG_H_ +#endif /* POLICY_H_ */ diff --git a/Source/charon/config/policy_store.h b/Source/charon/config/policy_store.h new file mode 100755 index 000000000..1c4402393 --- /dev/null +++ b/Source/charon/config/policy_store.h @@ -0,0 +1,62 @@ +/** + * @file policy_store.h + * + * @brief Interface policy_store_t. + * + */ + +/* + * Copyright (C) 2006 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#ifndef POLICY_STORE_H_ +#define POLICY_STORE_H_ + +#include +#include + + +typedef struct policy_store_t policy_store_t; + +/** + * @brief The interface for a store of polcy_t's. + * + * @b Constructors: + * - policy_store_create() + * + * @ingroup config + */ +struct policy_store_t { + + /** + * @brief Returns a policy identified by two IDs. + * + * @param this calling object + * @param my_id own ID of the policy + * @param other_id others ID of the policy + * @return + * - matching policy_t, if found + * - NULL otherwise + */ + policy_t *(*get_policy) (policy_store_t *this, identification_t *my_id, identification_t *other_id); + + /** + * @brief Destroys a policy_store_t object. + * + * @param this calling object + */ + void (*destroy) (policy_store_t *this); +}; + +#endif /*POLICY_STORE_H_*/ diff --git a/Source/charon/config/proposal.h b/Source/charon/config/proposal.h index e25d43512..48ed4ea79 100644 --- a/Source/charon/config/proposal.h +++ b/Source/charon/config/proposal.h @@ -20,8 +20,8 @@ * for more details. */ -#ifndef _PROPOSAL_H_ -#define _PROPOSAL_H_ +#ifndef PROPOSAL_H_ +#define PROPOSAL_H_ #include #include @@ -258,4 +258,4 @@ struct proposal_t { */ proposal_t *proposal_create(u_int8_t number); -#endif //_PROPOSAL_H_ +#endif /* PROPOSAL_H_ */ diff --git a/Source/charon/config/static_configuration.c b/Source/charon/config/static_configuration.c deleted file mode 100755 index e0c76dabd..000000000 --- a/Source/charon/config/static_configuration.c +++ /dev/null @@ -1,1059 +0,0 @@ -/** - * @file static_configuration.c - * - * @brief Implementation of static_configuration_t. - * - */ - -/* - * Copyright (C) 2005 Jan Hutter, Martin Willi - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include - -#include "static_configuration.h" - -#include -#include -#include - -/** - * First retransmit timeout in milliseconds. - * - * Timeout value is increasing in each retransmit round. - */ -#define RETRANSMIT_TIMEOUT 3000 - -/** - * Timeout in milliseconds after that a half open IKE_SA gets deleted. - */ -#define HALF_OPEN_IKE_SA_TIMEOUT 30000 - -/** - * Max retransmit count. - * 0 for infinite. The max time a half open IKE_SA is alive is set by - * RETRANSMIT_TIMEOUT. - */ -#define MAX_RETRANSMIT_COUNT 0 - - -typedef struct preshared_secret_entry_t preshared_secret_entry_t; - -/** - * A preshared secret entry combines an identifier and a - * preshared secret. - */ -struct preshared_secret_entry_t { - - /** - * Identification. - */ - identification_t *identification; - - /** - * Preshared secret as chunk_t. The NULL termination is not included. - */ - chunk_t preshared_secret; -}; - - -typedef struct rsa_private_key_entry_t rsa_private_key_entry_t; - -/** - * Entry for a rsa private key. - */ -struct rsa_private_key_entry_t { - - /** - * Identification. - */ - identification_t *identification; - - /** - * Private key. - */ - rsa_private_key_t* private_key; -}; - -typedef struct rsa_public_key_entry_t rsa_public_key_entry_t; - -/** - * Entry for a rsa private key. - */ -struct rsa_public_key_entry_t { - - /** - * Identification. - */ - identification_t *identification; - - /** - * Private key. - */ - rsa_public_key_t* public_key; -}; - -typedef struct configuration_entry_t configuration_entry_t; - -/* A configuration entry combines a configuration name with a init and sa - * configuration represented as init_config_t and sa_config_t objects. - * - * @b Constructors: - * - configuration_entry_create() - */ -struct configuration_entry_t { - - /** - * Configuration name. - * - */ - char *name; - - /** - * Configuration for IKE_SA_INIT exchange. - */ - init_config_t *init_config; - - /** - * Configuration for all phases after IKE_SA_INIT exchange. - */ - sa_config_t *sa_config; - - /** - * Destroys a configuration_entry_t - * - * @param this calling object - */ - void (*destroy) (configuration_entry_t *this); -}; - -/** - * Implementation of configuration_entry_t.destroy. - */ -static void configuration_entry_destroy (configuration_entry_t *this) -{ - allocator_free(this->name); - allocator_free(this); -} - -/** - * @brief Creates a configuration_entry_t object. - * - * @param name name of the configuration entry (gets copied) - * @param init_config object of type init_config_t - * @param sa_config object of type sa_config_t - */ -configuration_entry_t * configuration_entry_create(char * name, init_config_t * init_config, sa_config_t * sa_config) -{ - configuration_entry_t *entry = allocator_alloc_thing(configuration_entry_t); - - /* functions */ - entry->destroy = configuration_entry_destroy; - - /* private data */ - entry->init_config = init_config; - entry->sa_config = sa_config; - entry->name = allocator_alloc(strlen(name) + 1); - strcpy(entry->name,name); - return entry; -} - -typedef struct private_static_configuration_t private_static_configuration_t; - -/** - * Private data of an static_configuration_t object. - */ -struct private_static_configuration_t { - - /** - * Public part of static_configuration_t object. - */ - static_configuration_t public; - - /** - * Holding all configurations. - */ - linked_list_t *configurations; - - /** - * Holding all managed init_configs. - */ - linked_list_t *init_configs; - - /** - * Holding all managed init_configs. - */ - linked_list_t *sa_configs; - - /** - * Holding all managed preshared secrets. - */ - linked_list_t *preshared_secrets; - - /** - * Holding all managed private secrets. - */ - linked_list_t *rsa_private_keys; - - /** - * Holding all managed public secrets. - */ - linked_list_t *rsa_public_keys; - - /** - * Assigned logger_t object. - */ - logger_t *logger; - - /** - * Max number of requests to be retransmitted. - * 0 for infinite. - */ - u_int32_t max_retransmit_count; - - /** - * First retransmit timeout in ms. - */ - u_int32_t first_retransmit_timeout; - - /** - * Timeout in ms after that time a IKE_SA gets deleted. - */ - u_int32_t half_open_ike_sa_timeout; - - /** - * Adds a new IKE_SA configuration. - * - * @param this calling object - * @param name name for the configuration - * @param init_config init_config_t object - * @param sa_config sa_config_t object - */ - void (*add_new_configuration) (private_static_configuration_t *this, char *name, init_config_t *init_config, sa_config_t *sa_config); - - /** - * Adds a new preshared secret. - * - * @param this calling object - * @param type type of identification - * @param id_string identification as string - * @param preshared_secret preshared secret as string - */ - void (*add_new_preshared_secret) (private_static_configuration_t *this,id_type_t type, char *id_string, char *preshared_secret); - - /** - * Adds a new rsa private key. - * - * @param this calling object - * @param type type of identification - * @param id_string identification as string - * @param key_pos location of key - * @param key_len length of key - */ - void (*add_new_rsa_private_key) (private_static_configuration_t *this,id_type_t type, char *id_string, u_int8_t *key_pos, size_t key_len); - - /** - * Adds a new rsa public key. - * - * @param this calling object - * @param type type of identification - * @param id_string identification as string - * @param key_pos location of key - * @param key_len length of key - */ - void (*add_new_rsa_public_key) (private_static_configuration_t *this,id_type_t type, char *id_string, u_int8_t *key_pos, size_t key_len); - - /** - * Load default configuration. - * - * @param this calling object - */ - void (*load_default_config) (private_static_configuration_t *this); -}; - - -u_int8_t public_key_1[]; -u_int8_t private_key_1[]; -u_int8_t public_key_2[]; -u_int8_t private_key_2[]; - -/** - * Implementation of private_static_configuration_t.load_default_config. - */ -static void load_default_config (private_static_configuration_t *this) -{ - init_config_t *init_config_a, *init_config_b; - proposal_t *proposal; - sa_config_t *sa_config_a, *sa_config_b; - traffic_selector_t *ts; - host_t *alice, *bob, *any; - - bob = host_create(AF_INET, "192.168.0.2", IKEV2_UDP_PORT); - any = host_create(AF_INET, "0.0.0.0", IKEV2_UDP_PORT); - init_config_a = init_config_create(any, bob); - - alice = host_create(AF_INET, "192.168.0.1", IKEV2_UDP_PORT); - any = host_create(AF_INET, "0.0.0.0", IKEV2_UDP_PORT); - init_config_b = init_config_create(any, alice); - - /* IKE proposals for alice */ - proposal = proposal_create(1); - proposal->add_algorithm(proposal, IKE, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16); - proposal->add_algorithm(proposal, IKE, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0); - proposal->add_algorithm(proposal, IKE, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0); - proposal->add_algorithm(proposal, IKE, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 0); - proposal->add_algorithm(proposal, IKE, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0); - proposal->add_algorithm(proposal, IKE, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0); - init_config_a->add_proposal(init_config_a, proposal); - - /* IKE proposals for bob */ - proposal = proposal_create(1); - proposal->add_algorithm(proposal, IKE, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16); - proposal->add_algorithm(proposal, IKE, ENCRYPTION_ALGORITHM, ENCR_3DES, 0); - proposal->add_algorithm(proposal, IKE, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0); - proposal->add_algorithm(proposal, IKE, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 0); - proposal->add_algorithm(proposal, IKE, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0); - init_config_b->add_proposal(init_config_b, proposal); - - sa_config_a = sa_config_create(ID_IPV4_ADDR, "192.168.0.1", - ID_IPV4_ADDR, "192.168.0.2", - RSA_DIGITAL_SIGNATURE, - 30000); - - sa_config_b = sa_config_create(ID_IPV4_ADDR, "192.168.0.2", - ID_IPV4_ADDR, "192.168.0.1", - RSA_DIGITAL_SIGNATURE, - 30000); - - /* traffic selectors alice */ - ts = traffic_selector_create_from_string(0, TS_IPV4_ADDR_RANGE, "10.1.0.0", 0, "10.1.255.255", 65535); - sa_config_a->add_my_traffic_selector(sa_config_a,ts); - ts = traffic_selector_create_from_string(0, TS_IPV4_ADDR_RANGE, "10.2.0.0", 0, "10.2.255.255", 65535); - sa_config_a->add_other_traffic_selector(sa_config_a,ts); - - /* traffic selectors bob */ - ts = traffic_selector_create_from_string(0, TS_IPV4_ADDR_RANGE, "10.2.0.0", 0, "10.2.255.255", 65535); - sa_config_b->add_my_traffic_selector(sa_config_b,ts); - ts = traffic_selector_create_from_string(0, TS_IPV4_ADDR_RANGE, "10.1.0.0", 0, "10.1.255.255", 65535); - sa_config_b->add_other_traffic_selector(sa_config_b,ts); - - /* child proposal for alice */ - proposal = proposal_create(1); - -// proposal->add_algorithm(proposal, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0); -// proposal->add_algorithm(proposal, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0); -// proposal->add_algorithm(proposal, AH, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0); -// proposal->add_algorithm(proposal, AH, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0); -// proposal->add_algorithm(proposal, AH, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0); - - proposal->add_algorithm(proposal, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16); - proposal->add_algorithm(proposal, ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0); - proposal->add_algorithm(proposal, ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0); -// proposal->add_algorithm(proposal, ESP, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0); -// proposal->add_algorithm(proposal, ESP, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0); -// proposal->add_algorithm(proposal, ESP, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0); - - sa_config_a->add_proposal(sa_config_a, proposal); - - /* child proposal for bob */ - proposal = proposal_create(1); - -// proposal->add_algorithm(proposal, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0); -// proposal->add_algorithm(proposal, AH, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0); -// proposal->add_algorithm(proposal, AH, INTEGRITY_ALGORITHM, AUTH_DES_MAC, 0); -// proposal->add_algorithm(proposal, AH, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0); -// proposal->add_algorithm(proposal, AH, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0); - - proposal->add_algorithm(proposal, ESP, ENCRYPTION_ALGORITHM, ENCR_3DES, 0); - proposal->add_algorithm(proposal, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16); - proposal->add_algorithm(proposal, ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0); -// proposal->add_algorithm(proposal, ESP, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0); -// proposal->add_algorithm(proposal, ESP, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0); - - sa_config_b->add_proposal(sa_config_b, proposal); - - this->add_new_configuration(this,"sun",init_config_a,sa_config_a); - this->add_new_configuration(this,"moon",init_config_b,sa_config_b); - - //this->add_new_preshared_secret(this,ID_IPV4_ADDR, "192.168.1.2","verschluesselt"); - this->add_new_rsa_public_key(this,ID_IPV4_ADDR, "192.168.0.1", public_key_1, 256); - this->add_new_rsa_public_key(this,ID_IPV4_ADDR, "192.168.0.2", public_key_2, 256); - this->add_new_rsa_private_key(this,ID_IPV4_ADDR, "192.168.0.1", private_key_1, 1024); - this->add_new_rsa_private_key(this,ID_IPV4_ADDR, "192.168.0.2", private_key_2, 1024); -} - -/** - * Implementation of static_configuration_t.get_init_config_for_host. - */ -static status_t get_init_config_for_host (private_static_configuration_t *this, host_t *my_host, host_t *other_host,init_config_t **init_config) -{ - iterator_t *iterator; - status_t status = NOT_FOUND; - - iterator = this->configurations->create_iterator(this->configurations,TRUE); - - this->logger->log(this->logger, CONTROL|LEVEL1, "getting config for hosts %s - %s", - my_host->get_address(my_host), other_host->get_address(other_host)); - - while (iterator->has_next(iterator)) - { - configuration_entry_t *entry; - host_t *config_my_host; - host_t *config_other_host; - - iterator->current(iterator,(void **) &entry); - - config_my_host = entry->init_config->get_my_host(entry->init_config); - config_other_host = entry->init_config->get_other_host(entry->init_config); - - /* first check if ip is equal */ - if(config_other_host->ip_is_equal(config_other_host,other_host)) - { - this->logger->log(this->logger, CONTROL|LEVEL2, "config entry with remote host %s", - config_other_host->get_address(config_other_host)); - /* could be right one, check my_host for default route*/ - if (config_my_host->is_default_route(config_my_host)) - { - *init_config = entry->init_config; - status = SUCCESS; - break; - } - /* check now if host informations are the same */ - else if (config_my_host->ip_is_equal(config_my_host,my_host)) - { - *init_config = entry->init_config; - status = SUCCESS; - break; - } - - } - /* Then check for wildcard hosts! - * TODO - * actually its only checked if other host with default route can be found! */ - else if (config_other_host->is_default_route(config_other_host)) - { - /* could be right one, check my_host for default route*/ - if (config_my_host->is_default_route(config_my_host)) - { - *init_config = entry->init_config; - status = SUCCESS; - break; - } - /* check now if host informations are the same */ - else if (config_my_host->ip_is_equal(config_my_host,my_host)) - { - *init_config = entry->init_config; - status = SUCCESS; - break; - } - } - } - - iterator->destroy(iterator); - - return status; -} - -/** - * Implementation of static_configuration_t.get_init_config_for_name. - */ -static status_t get_init_config_for_name (private_static_configuration_t *this, char *name, init_config_t **init_config) -{ - iterator_t *iterator; - status_t status = NOT_FOUND; - - iterator = this->configurations->create_iterator(this->configurations,TRUE); - - while (iterator->has_next(iterator)) - { - configuration_entry_t *entry; - iterator->current(iterator,(void **) &entry); - - if (strcmp(entry->name,name) == 0) - { - - /* found configuration */ - *init_config = entry->init_config; - status = SUCCESS; - break; - } - } - - iterator->destroy(iterator); - - return status; -} - -/** - * Implementation of static_configuration_t.get_sa_config_for_name. - */ -static status_t get_sa_config_for_name (private_static_configuration_t *this, char *name, sa_config_t **sa_config) -{ - iterator_t *iterator; - status_t status = NOT_FOUND; - - iterator = this->configurations->create_iterator(this->configurations,TRUE); - - while (iterator->has_next(iterator)) - { - configuration_entry_t *entry; - iterator->current(iterator,(void **) &entry); - - if (strcmp(entry->name,name) == 0) - { - /* found configuration */ - *sa_config = entry->sa_config; - status = SUCCESS; - break; - } - } - - iterator->destroy(iterator); - - return status; -} - -/** - * Implementation of static_configuration_t.get_sa_config_for_init_config_and_id. - */ -static status_t get_sa_config_for_init_config_and_id (private_static_configuration_t *this, init_config_t *init_config, identification_t *other_id, identification_t *my_id,sa_config_t **sa_config) -{ - iterator_t *iterator; - status_t status = NOT_FOUND; - - iterator = this->configurations->create_iterator(this->configurations,TRUE); - - while (iterator->has_next(iterator)) - { - configuration_entry_t *entry; - iterator->current(iterator,(void **) &entry); - - if (entry->init_config == init_config) - { - identification_t *config_my_id = entry->sa_config->get_my_id(entry->sa_config); - identification_t *config_other_id = entry->sa_config->get_other_id(entry->sa_config); - - /* host informations seem to be the same */ - if (config_other_id->equals(config_other_id,other_id)) - { - /* other ids seems to match */ - - if (my_id == NULL) - { - /* first matching one is selected */ - - /* TODO priorize found entries */ - *sa_config = entry->sa_config; - status = SUCCESS; - break; - } - - if (config_my_id->equals(config_my_id,my_id)) - { - *sa_config = entry->sa_config; - status = SUCCESS; - break; - } - - } - } - } - - iterator->destroy(iterator); - - return status; -} - -/** - * Implementation of private_static_configuration_t.add_new_configuration. - */ -static void add_new_configuration (private_static_configuration_t *this, char *name, init_config_t *init_config, sa_config_t *sa_config) -{ - iterator_t *iterator; - bool found; - - iterator = this->init_configs->create_iterator(this->init_configs,TRUE); - found = FALSE; - while (iterator->has_next(iterator)) - { - init_config_t *found_init_config; - iterator->current(iterator,(void **) &found_init_config); - if (init_config == found_init_config) - { - found = TRUE; - break; - } - } - iterator->destroy(iterator); - if (!found) - { - this->init_configs->insert_first(this->init_configs,init_config); - } - - iterator = this->sa_configs->create_iterator(this->sa_configs,TRUE); - found = FALSE; - while (iterator->has_next(iterator)) - { - sa_config_t *found_sa_config; - iterator->current(iterator,(void **) &found_sa_config); - if (sa_config == found_sa_config) - { - found = TRUE; - break; - } - } - iterator->destroy(iterator); - if (!found) - { - this->sa_configs->insert_first(this->sa_configs,sa_config); - } - - this->configurations->insert_last(this->configurations,configuration_entry_create(name,init_config,sa_config)); -} - -/** - * Implementation of private_static_configuration_t.add_new_preshared_secret. - */ -static void add_new_preshared_secret (private_static_configuration_t *this,id_type_t type, char *id_string, char *preshared_secret) -{ - preshared_secret_entry_t *entry = allocator_alloc_thing(preshared_secret_entry_t); - - entry->identification = identification_create_from_string(type,id_string); - entry->preshared_secret.len = strlen(preshared_secret) + 1; - entry->preshared_secret.ptr = allocator_alloc(entry->preshared_secret.len); - memcpy(entry->preshared_secret.ptr,preshared_secret,entry->preshared_secret.len); - - this->preshared_secrets->insert_last(this->preshared_secrets,entry); -} - -/** - * Implementation of private_static_configuration_t.add_new_preshared_secret. - */ -static void add_new_rsa_public_key (private_static_configuration_t *this, id_type_t type, char *id_string, u_int8_t* key_pos, size_t key_len) -{ - chunk_t key; - key.ptr = key_pos; - key.len = key_len; - - rsa_public_key_entry_t *entry = allocator_alloc_thing(rsa_public_key_entry_t); - - entry->identification = identification_create_from_string(type,id_string); - entry->public_key = rsa_public_key_create(); - entry->public_key->set_key(entry->public_key, key); - - this->rsa_public_keys->insert_last(this->rsa_public_keys, entry); -} - -/** - * Implementation of private_static_configuration_t.add_new_preshared_secret. - */ -static void add_new_rsa_private_key (private_static_configuration_t *this, id_type_t type, char *id_string, u_int8_t* key_pos, size_t key_len) -{ - chunk_t key; - key.ptr = key_pos; - key.len = key_len; - - rsa_private_key_entry_t *entry = allocator_alloc_thing(rsa_private_key_entry_t); - - entry->identification = identification_create_from_string(type,id_string); - entry->private_key = rsa_private_key_create(); - entry->private_key->set_key(entry->private_key, key); - - this->rsa_private_keys->insert_last(this->rsa_private_keys, entry); -} - -/** - * Implementation of static_configuration_t.get_shared_secret. - */ -static status_t get_shared_secret(private_static_configuration_t *this, identification_t *identification, chunk_t *preshared_secret) -{ - iterator_t *iterator; - - iterator = this->preshared_secrets->create_iterator(this->preshared_secrets,TRUE); - while (iterator->has_next(iterator)) - { - preshared_secret_entry_t *entry; - iterator->current(iterator,(void **) &entry); - if (entry->identification->equals(entry->identification,identification)) - { - *preshared_secret = entry->preshared_secret; - iterator->destroy(iterator); - return SUCCESS; - } - } - iterator->destroy(iterator); - return NOT_FOUND; -} - -/** - * Implementation of static_configuration_t.get_shared_secret. - */ -static status_t get_rsa_public_key(private_static_configuration_t *this, identification_t *identification, rsa_public_key_t **public_key) -{ - iterator_t *iterator; - - iterator = this->rsa_public_keys->create_iterator(this->rsa_public_keys,TRUE); - while (iterator->has_next(iterator)) - { - rsa_public_key_entry_t *entry; - iterator->current(iterator,(void **) &entry); - if (entry->identification->equals(entry->identification,identification)) - { - *public_key = entry->public_key; - iterator->destroy(iterator); - return SUCCESS; - } - } - iterator->destroy(iterator); - return NOT_FOUND; -} - -/** - * Implementation of static_configuration_t.get_shared_secret. - */ -static status_t get_rsa_private_key(private_static_configuration_t *this, identification_t *identification, rsa_private_key_t **private_key) -{ - iterator_t *iterator; - - iterator = this->rsa_private_keys->create_iterator(this->rsa_private_keys,TRUE); - while (iterator->has_next(iterator)) - { - rsa_private_key_entry_t *entry; - iterator->current(iterator,(void **) &entry); - if (entry->identification->equals(entry->identification,identification)) - { - *private_key = entry->private_key; - iterator->destroy(iterator); - return SUCCESS; - } - } - iterator->destroy(iterator); - return NOT_FOUND; -} - -/** - * Implementation of static_configuration_t.get_retransmit_timeout. - */ -static status_t get_retransmit_timeout (private_static_configuration_t *this, u_int32_t retransmit_count, u_int32_t *timeout) -{ - int new_timeout = this->first_retransmit_timeout, i; - if ((retransmit_count > this->max_retransmit_count) && (this->max_retransmit_count != 0)) - { - return FAILED; - } - - - for (i = 0; i < retransmit_count; i++) - { - new_timeout *= 2; - } - - *timeout = new_timeout; - - return SUCCESS; -} - -/** - * Implementation of static_configuration_t.get_half_open_ike_sa_timeout. - */ -static u_int32_t get_half_open_ike_sa_timeout (private_static_configuration_t *this) -{ - return this->half_open_ike_sa_timeout; -} - -/** - * Implementation of static_configuration_t.destroy. - */ -static void destroy(private_static_configuration_t *this) -{ - this->logger->log(this->logger,CONTROL | LEVEL1, "Going to destroy configuration backend "); - - this->logger->log(this->logger,CONTROL | LEVEL2, "Destroy configuration entries"); - while (this->configurations->get_count(this->configurations) > 0) - { - configuration_entry_t *entry; - this->configurations->remove_first(this->configurations,(void **) &entry); - entry->destroy(entry); - } - this->configurations->destroy(this->configurations); - - this->logger->log(this->logger,CONTROL | LEVEL2, "Destroy sa_config_t objects"); - while (this->sa_configs->get_count(this->sa_configs) > 0) - { - sa_config_t *sa_config; - this->sa_configs->remove_first(this->sa_configs,(void **) &sa_config); - sa_config->destroy(sa_config); - } - - this->sa_configs->destroy(this->sa_configs); - - this->logger->log(this->logger,CONTROL | LEVEL2, "Destroy init_config_t objects"); - while (this->init_configs->get_count(this->init_configs) > 0) - { - init_config_t *init_config; - this->init_configs->remove_first(this->init_configs,(void **) &init_config); - init_config->destroy(init_config); - } - this->init_configs->destroy(this->init_configs); - - while (this->preshared_secrets->get_count(this->preshared_secrets) > 0) - { - preshared_secret_entry_t *entry; - this->preshared_secrets->remove_first(this->preshared_secrets,(void **) &entry); - entry->identification->destroy(entry->identification); - allocator_free_chunk(&(entry->preshared_secret)); - allocator_free(entry); - } - this->preshared_secrets->destroy(this->preshared_secrets); - - this->logger->log(this->logger,CONTROL | LEVEL2, "Destroy rsa private keys"); - while (this->rsa_private_keys->get_count(this->rsa_private_keys) > 0) - { - rsa_private_key_entry_t *entry; - this->rsa_private_keys->remove_first(this->rsa_private_keys,(void **) &entry); - entry->identification->destroy(entry->identification); - entry->private_key->destroy(entry->private_key); - allocator_free(entry); - } - this->rsa_private_keys->destroy(this->rsa_private_keys); - - this->logger->log(this->logger,CONTROL | LEVEL2, "Destroy rsa public keys"); - while (this->rsa_public_keys->get_count(this->rsa_public_keys) > 0) - { - rsa_public_key_entry_t *entry; - this->rsa_public_keys->remove_first(this->rsa_public_keys,(void **) &entry); - entry->identification->destroy(entry->identification); - entry->public_key->destroy(entry->public_key); - allocator_free(entry); - } - this->rsa_public_keys->destroy(this->rsa_public_keys); - - this->logger->log(this->logger,CONTROL | LEVEL2, "Destroy assigned logger"); - charon->logger_manager->destroy_logger(charon->logger_manager,this->logger); - allocator_free(this); -} - -/* - * Described in header-file - */ -static_configuration_t *static_configuration_create() -{ - private_static_configuration_t *this = allocator_alloc_thing(private_static_configuration_t); - - /* public functions */ - this->public.configuration_interface.destroy = (void(*)(configuration_t*))destroy; - this->public.configuration_interface.get_init_config_for_name = (status_t (*) (configuration_t *, char *, init_config_t **)) get_init_config_for_name; - this->public.configuration_interface.get_init_config_for_host = (status_t (*) (configuration_t *, host_t *, host_t *,init_config_t **)) get_init_config_for_host; - this->public.configuration_interface.get_sa_config_for_name =(status_t (*) (configuration_t *, char *, sa_config_t **)) get_sa_config_for_name; - this->public.configuration_interface.get_sa_config_for_init_config_and_id =(status_t (*) (configuration_t *, init_config_t *, identification_t *, identification_t *,sa_config_t **)) get_sa_config_for_init_config_and_id; - this->public.configuration_interface.get_retransmit_timeout = (status_t (*) (configuration_t *, u_int32_t retransmit_count, u_int32_t *timeout))get_retransmit_timeout; - this->public.configuration_interface.get_half_open_ike_sa_timeout = (u_int32_t (*) (configuration_t *)) get_half_open_ike_sa_timeout; - this->public.configuration_interface.get_shared_secret = (status_t (*) (configuration_t *, identification_t *, chunk_t *))get_shared_secret; - this->public.configuration_interface.get_rsa_private_key = (status_t (*) (configuration_t *, identification_t *, rsa_private_key_t**))get_rsa_private_key; - this->public.configuration_interface.get_rsa_public_key = (status_t (*) (configuration_t *, identification_t *, rsa_public_key_t**))get_rsa_public_key; - - /* private functions */ - this->load_default_config = load_default_config; - this->add_new_configuration = add_new_configuration; - this->add_new_preshared_secret = add_new_preshared_secret; - this->add_new_rsa_public_key = add_new_rsa_public_key; - this->add_new_rsa_private_key = add_new_rsa_private_key; - - /* private variables */ - this->logger = charon->logger_manager->create_logger(charon->logger_manager,CONFIG,NULL); - this->configurations = linked_list_create(); - this->sa_configs = linked_list_create(); - this->init_configs = linked_list_create(); - this->preshared_secrets = linked_list_create(); - this->rsa_private_keys = linked_list_create(); - this->rsa_public_keys = linked_list_create(); - this->max_retransmit_count = MAX_RETRANSMIT_COUNT; - this->first_retransmit_timeout = RETRANSMIT_TIMEOUT; - this->half_open_ike_sa_timeout = HALF_OPEN_IKE_SA_TIMEOUT; - - this->load_default_config(this); - - return (&this->public); -} - - -u_int8_t public_key_1[] = { - 0xD4,0x8D,0x40,0x8E,0xBD,0xFC,0x6D,0xE9,0xDB,0x1C,0xD2,0x21,0x19,0x37,0x6B,0xE2, - 0xDC,0xCE,0x74,0xA2,0x63,0xF6,0xD8,0x8D,0xAF,0x1C,0xC0,0xFF,0x07,0x3F,0xFB,0x52, - 0x59,0x45,0x01,0x10,0x35,0xA9,0xB8,0x16,0x69,0x31,0x19,0x4F,0xDD,0x66,0xAD,0xAC, - 0x80,0x11,0x33,0x38,0x5A,0x11,0xF9,0x33,0x3F,0xD2,0x41,0x4A,0x21,0x9B,0x54,0x44, - 0x00,0xB6,0x07,0x33,0x4A,0x5B,0x4E,0x09,0x7C,0x9D,0xB8,0xDE,0x6B,0xA2,0xB2,0x78, - 0x23,0x3D,0xF0,0xB7,0x37,0x2B,0x7A,0x71,0x50,0x6E,0xEA,0x93,0x3E,0xB5,0x2C,0xBD, - 0xD6,0x08,0x43,0x12,0x0A,0xE8,0x8D,0xE6,0x6C,0x24,0xCC,0x3F,0xF7,0x18,0x7E,0x87, - 0x59,0x0C,0xA9,0x5D,0x85,0xF8,0x6E,0x83,0xD8,0x18,0x77,0x07,0xB6,0x44,0x3C,0x8D, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x01 -}; - -u_int8_t private_key_1[] = { - 0xD4,0x8D,0x40,0x8E,0xBD,0xFC,0x6D,0xE9,0xDB,0x1C,0xD2,0x21,0x19,0x37,0x6B,0xE2, - 0xDC,0xCE,0x74,0xA2,0x63,0xF6,0xD8,0x8D,0xAF,0x1C,0xC0,0xFF,0x07,0x3F,0xFB,0x52, - 0x59,0x45,0x01,0x10,0x35,0xA9,0xB8,0x16,0x69,0x31,0x19,0x4F,0xDD,0x66,0xAD,0xAC, - 0x80,0x11,0x33,0x38,0x5A,0x11,0xF9,0x33,0x3F,0xD2,0x41,0x4A,0x21,0x9B,0x54,0x44, - 0x00,0xB6,0x07,0x33,0x4A,0x5B,0x4E,0x09,0x7C,0x9D,0xB8,0xDE,0x6B,0xA2,0xB2,0x78, - 0x23,0x3D,0xF0,0xB7,0x37,0x2B,0x7A,0x71,0x50,0x6E,0xEA,0x93,0x3E,0xB5,0x2C,0xBD, - 0xD6,0x08,0x43,0x12,0x0A,0xE8,0x8D,0xE6,0x6C,0x24,0xCC,0x3F,0xF7,0x18,0x7E,0x87, - 0x59,0x0C,0xA9,0x5D,0x85,0xF8,0x6E,0x83,0xD8,0x18,0x77,0x07,0xB6,0x44,0x3C,0x8D, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x01, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0xEE,0xF2,0x37,0xF2,0x98,0xEB,0x33,0xC6,0x84,0xE8,0xB9,0xD1,0x18,0xB5,0x29,0x00, - 0xAC,0x6B,0x78,0xBC,0x9E,0xB6,0x01,0x21,0x29,0xEE,0x4A,0x99,0xFB,0x3D,0x07,0x23, - 0x77,0x84,0x93,0x4B,0x53,0x49,0xB0,0xA4,0x6F,0xB0,0xF5,0x50,0xDB,0x35,0xDD,0xDF, - 0x41,0x6F,0x7B,0xA9,0x88,0x3D,0x0B,0x1C,0x2E,0x2B,0x44,0x35,0x24,0x72,0x66,0xC1, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0xE3,0xB8,0xC8,0x30,0x67,0xD0,0x5D,0xF1,0x32,0x64,0xDC,0x4B,0xB3,0x7E,0xE3,0x1A, - 0xC5,0xBC,0xAC,0xC9,0x95,0x5C,0x96,0x0D,0x5A,0x52,0x90,0xE0,0x08,0x3F,0xA6,0x71, - 0xC7,0x18,0xC5,0x64,0xA2,0xE4,0xB8,0x43,0x5A,0x8A,0x7A,0x9B,0xDF,0xDA,0x81,0x85, - 0x6C,0x0F,0xA4,0xC9,0xAC,0x25,0x19,0x54,0xFE,0x75,0xAA,0x1D,0x22,0xB8,0xF4,0xCD, - 0x1A,0x91,0xC2,0xA3,0x65,0x3F,0xD7,0xFC,0x7E,0xE1,0x92,0x29,0xC5,0x85,0x6E,0x44, - 0xC8,0x4D,0xBD,0x7A,0x2C,0x2D,0x47,0xE2,0x24,0x24,0xDF,0xC2,0x31,0x65,0x8F,0xD4, - 0xBA,0x28,0x7C,0x4A,0xCA,0xAE,0x79,0xBE,0xC1,0x6C,0xFC,0x09,0x45,0xF7,0x87,0x17, - 0xB4,0x55,0x92,0x15,0xC5,0xFA,0x8F,0xB0,0x56,0x96,0xC1,0x87,0x12,0xFE,0xDF,0xF0, - 0x3A,0xE1,0xB1,0x83,0x19,0x74,0xF0,0x7D,0x37,0x41,0x3E,0x6A,0xFE,0x33,0x3E,0x74, - 0x01,0x45,0xE4,0x65,0xAE,0xC9,0xAE,0x64,0xE3,0xF1,0x90,0xFD,0x1A,0x30,0x44,0x82, - 0xEE,0x34,0x94,0xF2,0x68,0x3D,0x61,0x90,0xFB,0xEB,0xD8,0x18,0xE6,0x7C,0xEC,0x69, - 0x70,0xD0,0xEB,0x2F,0xC1,0x3D,0x9C,0x6A,0x4B,0x89,0x50,0x6B,0x3F,0xA5,0x38,0x41, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x65,0xEE,0x34,0x09,0xAC,0x4C,0x21,0x71,0x1D,0x3F,0x7E,0x0D,0x01,0xC2,0x3E,0x34, - 0x88,0x58,0xEC,0x4F,0x62,0x50,0xF7,0xD8,0x62,0xDF,0xC1,0x39,0x40,0xA0,0xBF,0x0B, - 0xD5,0x2F,0x5B,0xFA,0x35,0x14,0x69,0x63,0x2C,0x36,0x4B,0xDF,0xEB,0x33,0x66,0x6B, - 0x97,0xA9,0x6C,0x12,0x5D,0x08,0xD5,0x55,0x77,0x28,0x83,0xD7,0x3B,0xAE,0x05,0xC1, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x9F,0x96,0x17,0x75,0x14,0xCB,0xC9,0x8A,0x06,0xAE,0xF8,0x53,0x74,0xEF,0x2F,0x68, - 0xCB,0xBA,0x75,0xBC,0xAF,0x97,0xBA,0xF0,0x90,0xA3,0xDC,0x33,0xA4,0x94,0x36,0xA8, - 0xF5,0xC6,0x3E,0x4F,0x50,0x78,0xC9,0x49,0x2A,0x62,0x71,0x9A,0x5B,0x3E,0x5E,0x16, - 0x8A,0xAC,0x4B,0xE7,0xA9,0x64,0x36,0x64,0x82,0x0F,0x23,0xB0,0x57,0x6D,0x16,0xE1, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x25,0xF1,0x40,0x05,0x58,0x19,0x37,0x61,0x34,0x98,0xBB,0x29,0x1B,0x44,0x08,0x1A, - 0xD3,0x66,0x62,0x4C,0x9C,0x47,0xD2,0x91,0x60,0x46,0x6F,0x8E,0xA6,0xE7,0x80,0x7B, - 0x17,0x77,0x9A,0xB5,0x18,0x8A,0x15,0x8F,0x77,0xA1,0x55,0x3E,0x96,0x66,0x86,0x57, - 0x75,0x73,0xF5,0x57,0x50,0x28,0xEA,0x83,0x14,0xB1,0x55,0xA3,0x82,0xCD,0x36,0xF8 -}; -u_int8_t public_key_2[] = { - 0x88,0x3E,0xE2,0x2E,0x5D,0x01,0x13,0xDF,0x1D,0x8B,0xF4,0x39,0xCA,0xE6,0x3C,0xE1, - 0x46,0x8E,0xD4,0xF1,0x06,0x56,0x12,0x8D,0xCD,0x51,0xBD,0x32,0xF5,0x18,0x15,0x4D, - 0x0F,0x98,0xDF,0xFF,0xA5,0xA3,0xAB,0x39,0x43,0xC4,0xF6,0xAC,0x98,0x5C,0x84,0x63, - 0x8C,0x46,0x33,0xA2,0x23,0x8C,0xF0,0x4D,0xFE,0xE7,0xF3,0x38,0xC4,0x19,0x39,0xC4, - 0x90,0xF4,0xC8,0x0D,0xB0,0xFE,0x65,0x11,0x0B,0x41,0x73,0xBB,0x05,0xA6,0x4B,0xC5, - 0x27,0xA4,0x48,0x21,0xC5,0xAE,0x91,0x9C,0xD8,0x62,0x27,0xBE,0xDF,0xDA,0xC6,0x4E, - 0xC1,0x6E,0x5B,0x61,0x51,0xAA,0xC9,0x53,0xCD,0x02,0x5B,0xC5,0xEE,0xE9,0xC7,0x7B, - 0xB1,0x7E,0xD2,0xC2,0xFE,0x5F,0xD7,0x0F,0x75,0x2B,0xB9,0x49,0x5F,0x35,0xF1,0x83, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x01 -}; -u_int8_t private_key_2[] = { - 0x88,0x3E,0xE2,0x2E,0x5D,0x01,0x13,0xDF,0x1D,0x8B,0xF4,0x39,0xCA,0xE6,0x3C,0xE1, - 0x46,0x8E,0xD4,0xF1,0x06,0x56,0x12,0x8D,0xCD,0x51,0xBD,0x32,0xF5,0x18,0x15,0x4D, - 0x0F,0x98,0xDF,0xFF,0xA5,0xA3,0xAB,0x39,0x43,0xC4,0xF6,0xAC,0x98,0x5C,0x84,0x63, - 0x8C,0x46,0x33,0xA2,0x23,0x8C,0xF0,0x4D,0xFE,0xE7,0xF3,0x38,0xC4,0x19,0x39,0xC4, - 0x90,0xF4,0xC8,0x0D,0xB0,0xFE,0x65,0x11,0x0B,0x41,0x73,0xBB,0x05,0xA6,0x4B,0xC5, - 0x27,0xA4,0x48,0x21,0xC5,0xAE,0x91,0x9C,0xD8,0x62,0x27,0xBE,0xDF,0xDA,0xC6,0x4E, - 0xC1,0x6E,0x5B,0x61,0x51,0xAA,0xC9,0x53,0xCD,0x02,0x5B,0xC5,0xEE,0xE9,0xC7,0x7B, - 0xB1,0x7E,0xD2,0xC2,0xFE,0x5F,0xD7,0x0F,0x75,0x2B,0xB9,0x49,0x5F,0x35,0xF1,0x83, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x01, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0xE8,0x37,0xB6,0x08,0xD8,0x9C,0x72,0xC5,0x34,0xDB,0x3A,0xA2,0xF9,0x24,0xE1,0x44, - 0x23,0x3B,0x72,0x70,0x5D,0xCC,0xC3,0xBA,0x3D,0xCE,0x82,0xAC,0x6A,0x71,0x72,0x90, - 0xC7,0x94,0xB3,0x8B,0x85,0xE0,0xEF,0x39,0xF0,0xE4,0x08,0x31,0xEA,0xE6,0x3B,0x7D, - 0xB0,0x36,0xFA,0x71,0x6E,0xA3,0xF9,0x4C,0x39,0x05,0x8C,0xB7,0x8C,0x99,0x94,0x85, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x96,0x32,0xF9,0xD9,0xA8,0xC0,0x84,0xFD,0xE5,0x6B,0xA6,0xC2,0x85,0x85,0x68,0x17, - 0x7E,0x98,0xD0,0x6A,0xDC,0xD8,0x4C,0x46,0xCB,0x6D,0x4C,0x25,0xE5,0xF9,0x58,0xB2, - 0x17,0xE4,0x20,0x8A,0x87,0x0D,0xD7,0x4C,0x79,0xA3,0xB3,0x69,0x98,0x7F,0x5D,0x08, - 0x33,0x5B,0xAD,0xA3,0x34,0xE8,0x55,0x5E,0x09,0x60,0x70,0xA8,0x11,0xFD,0x70,0x67, - 0x00,0xE1,0xA7,0x44,0xF5,0x85,0x14,0x43,0xD5,0x45,0x1A,0x87,0x65,0x30,0xA8,0x24, - 0x2C,0xF8,0xAF,0x97,0xFF,0x9A,0x7E,0xF4,0x3B,0xE7,0xD3,0x79,0x88,0xEC,0x66,0xF6, - 0xE0,0xAA,0xF4,0x88,0x0A,0xE2,0x4C,0x31,0x4A,0xA6,0xF3,0x91,0x9A,0x4A,0xBE,0xF0, - 0x85,0xEF,0xCE,0x55,0xB6,0x35,0x2B,0x38,0xD5,0xF5,0x5A,0x35,0x7B,0xCF,0x4D,0xF8, - 0x5D,0x1E,0x57,0x99,0xAF,0xED,0x33,0x6F,0xD5,0xA7,0x49,0x5B,0x14,0x4C,0x7D,0x17, - 0x81,0xAE,0x1E,0xDA,0x9D,0xFB,0xA9,0xC3,0x00,0x4C,0x17,0x37,0x30,0x96,0x60,0xE1, - 0x6A,0xCC,0xD3,0xDB,0x40,0xCE,0x96,0x96,0x0D,0x95,0x0D,0x84,0x38,0xBD,0xDA,0x2F, - 0xEC,0xED,0x22,0x39,0x8E,0x8C,0xDF,0xCD,0x07,0xCF,0x0F,0xB0,0x2B,0x76,0xDB,0xC1, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0xA5,0x37,0x9E,0x08,0x45,0x35,0x6A,0x62,0xEC,0xEC,0x5D,0x97,0xBE,0x73,0x82,0xE2, - 0x9B,0xBE,0x9B,0xF9,0x5E,0x83,0x65,0x6E,0x88,0xB2,0xF9,0x3D,0xFA,0xAD,0xA4,0xB9, - 0x65,0x86,0x63,0x08,0x0D,0xC4,0xAF,0xF0,0x25,0x77,0xD8,0x6C,0xCB,0x97,0xEB,0x13, - 0xCD,0xE0,0x0F,0xE7,0xCC,0xB4,0x55,0x96,0xE9,0xAB,0x0D,0x27,0x3A,0x9D,0xBA,0x91, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x44,0xA3,0x44,0xF4,0x47,0x9E,0xBA,0xE7,0xBF,0xF8,0xC2,0xFB,0x2F,0xC3,0x38,0x3F, - 0x4C,0x56,0x0F,0x20,0x56,0x8D,0xED,0xC5,0x88,0x5F,0x09,0x26,0x64,0x82,0xDF,0x1A, - 0x7B,0xBA,0x7F,0x78,0x6E,0xA1,0x4F,0x9B,0x1E,0x17,0x45,0xFC,0xE2,0x78,0x89,0x8E, - 0x1E,0xD2,0x2D,0x76,0x60,0xCE,0x2F,0x7C,0xCA,0xB2,0x2C,0xA9,0x51,0x97,0x4C,0xCF, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x01,0x40,0x4B,0x7D,0xAB,0x8A,0xB9,0x5E,0xEE,0xA1,0x81,0xED,0x27,0x89,0xF6,0x4C, - 0x59,0x8C,0x23,0x14,0x3B,0x1B,0xBA,0xC3,0xB2,0x00,0x9A,0x9E,0xDF,0x54,0x82,0xA7, - 0x3E,0xC9,0x23,0x85,0x4D,0xD3,0x80,0xA7,0x89,0x11,0xBA,0x76,0xF5,0xC1,0x55,0x37, - 0x0A,0x0D,0x8C,0x07,0x0A,0xC8,0xC5,0x11,0x74,0x9C,0xB6,0x80,0x3B,0x0A,0x9A,0xA2 -}; diff --git a/Source/charon/config/static_configuration.h b/Source/charon/config/static_configuration.h deleted file mode 100644 index b63fffe0b..000000000 --- a/Source/charon/config/static_configuration.h +++ /dev/null @@ -1,56 +0,0 @@ -/** - * @file static_configuration_t.h - * - * @brief Interface of static_configuration_t. - * - */ - -/* - * Copyright (C) 2005 Jan Hutter, Martin Willi - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#ifndef STATIC_CONFIGURATION_H_ -#define STATIC_CONFIGURATION_H_ - -#include - - -typedef struct static_configuration_t static_configuration_t; - -/** - * @brief A static hardcoded config for testing purposes. - * - * @b Constructors: - * - static_configuration_create() - * - * @ingroup config - */ -struct static_configuration_t { - - /** - * Implements configuration_t interface - */ - configuration_t configuration_interface; -}; - -/** - * @brief Creates an static configuration - * - * @return static_configuration_t object - * - * @ingroup config - */ -static_configuration_t *static_configuration_create(); - -#endif /*STATIC_CONFIGURATION_H_*/ diff --git a/Source/charon/config/stroke_configuration.c b/Source/charon/config/stroke_configuration.c deleted file mode 100755 index 5110be183..000000000 --- a/Source/charon/config/stroke_configuration.c +++ /dev/null @@ -1,992 +0,0 @@ -/** - * @file stroke_configuration.c - * - * @brief Implementation of stroke_configuration_t. - * - */ - -/* - * Copyright (C) 2005 Jan Hutter, Martin Willi - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "stroke_configuration.h" - -#include -#include -#include -#include - -/** - * First retransmit timeout in milliseconds. - * - * Timeout value is increasing in each retransmit round. - */ -#define RETRANSMIT_TIMEOUT 3000 - -/** - * Timeout in milliseconds after that a half open IKE_SA gets deleted. - */ -#define HALF_OPEN_IKE_SA_TIMEOUT 30000 - -/** - * Max retransmit count. - * 0 for infinite. The max time a half open IKE_SA is alive is set by - * RETRANSMIT_TIMEOUT. - */ -#define MAX_RETRANSMIT_COUNT 0 - - -struct sockaddr_un socket_addr = { AF_UNIX, "/var/run/charon.ctl"}; - - -typedef struct preshared_secret_entry_t preshared_secret_entry_t; - -/** - * A preshared secret entry combines an identifier and a - * preshared secret. - */ -struct preshared_secret_entry_t { - - /** - * Identification. - */ - identification_t *identification; - - /** - * Preshared secret as chunk_t. The NULL termination is not included. - */ - chunk_t preshared_secret; -}; - - -typedef struct rsa_private_key_entry_t rsa_private_key_entry_t; - -/** - * Entry for a rsa private key. - */ -struct rsa_private_key_entry_t { - - /** - * Identification. - */ - identification_t *identification; - - /** - * Private key. - */ - rsa_private_key_t* private_key; -}; - -typedef struct rsa_public_key_entry_t rsa_public_key_entry_t; - -/** - * Entry for a rsa private key. - */ -struct rsa_public_key_entry_t { - - /** - * Identification. - */ - identification_t *identification; - - /** - * Private key. - */ - rsa_public_key_t* public_key; -}; - -typedef struct configuration_entry_t configuration_entry_t; - -/** - * A configuration entry combines a configuration name with a init and sa - * configuration represented as init_config_t and sa_config_t objects. - * - * @b Constructors: - * - configuration_entry_create() - */ -struct configuration_entry_t { - - /** - * Configuration name. - * - */ - char *name; - - /** - * Configuration for IKE_SA_INIT exchange. - */ - init_config_t *init_config; - - /** - * Configuration for all phases after IKE_SA_INIT exchange. - */ - sa_config_t *sa_config; - - /** - * Destroys a configuration_entry_t - * - * @param this calling object - */ - void (*destroy) (configuration_entry_t *this); -}; - -/** - * Implementation of configuration_entry_t.destroy. - */ -static void configuration_entry_destroy (configuration_entry_t *this) -{ - allocator_free(this->name); - allocator_free(this); -} - -/** - * @brief Creates a configuration_entry_t object. - * - * @param name name of the configuration entry (gets copied) - * @param init_config object of type init_config_t - * @param sa_config object of type sa_config_t - */ -static configuration_entry_t * configuration_entry_create(char * name, init_config_t * init_config, sa_config_t * sa_config) -{ - configuration_entry_t *entry = allocator_alloc_thing(configuration_entry_t); - - /* functions */ - entry->destroy = configuration_entry_destroy; - - /* private data */ - entry->init_config = init_config; - entry->sa_config = sa_config; - entry->name = allocator_alloc(strlen(name) + 1); - strcpy(entry->name,name); - return entry; -} - -typedef struct private_stroke_configuration_t private_stroke_configuration_t; - -/** - * Private data of an stroke_configuration_t object. - */ -struct private_stroke_configuration_t { - - /** - * Public part of stroke_configuration_t object. - */ - stroke_configuration_t public; - - /** - * Holding all configurations. - */ - linked_list_t *configurations; - - /** - * Holding all managed init_configs. - */ - linked_list_t *init_configs; - - /** - * Holding all managed init_configs. - */ - linked_list_t *sa_configs; - - /** - * Holding all managed preshared secrets. - */ - linked_list_t *preshared_secrets; - - /** - * Holding all managed private secrets. - */ - linked_list_t *rsa_private_keys; - - /** - * Holding all managed public secrets. - */ - linked_list_t *rsa_public_keys; - - /** - * Assigned logger_t object. - */ - logger_t *logger; - - /** - * Max number of requests to be retransmitted. - * 0 for infinite. - */ - u_int32_t max_retransmit_count; - - /** - * First retransmit timeout in ms. - */ - u_int32_t first_retransmit_timeout; - - /** - * Timeout in ms after that time a IKE_SA gets deleted. - */ - u_int32_t half_open_ike_sa_timeout; - - int socket; - - pthread_t assigned_thread; - - /** - * Adds a new IKE_SA configuration. - * - * @param this calling object - * @param name name for the configuration - * @param init_config init_config_t object - * @param sa_config sa_config_t object - */ - void (*add_new_configuration) (private_stroke_configuration_t *this, char *name, init_config_t *init_config, sa_config_t *sa_config); - - /** - * Adds a new preshared secret. - * - * @param this calling object - * @param type type of identification - * @param id_string identification as string - * @param preshared_secret preshared secret as string - */ - void (*add_new_preshared_secret) (private_stroke_configuration_t *this,id_type_t type, char *id_string, char *preshared_secret); - - /** - * Adds a new rsa private key. - * - * @param this calling object - * @param type type of identification - * @param id_string identification as string - * @param key_pos location of key - * @param key_len length of key - */ - void (*add_new_rsa_private_key) (private_stroke_configuration_t *this,id_type_t type, char *id_string, u_int8_t *key_pos, size_t key_len); - - /** - * Adds a new rsa public key. - * - * @param this calling object - * @param type type of identification - * @param id_string identification as string - * @param key_pos location of key - * @param key_len length of key - */ - void (*add_new_rsa_public_key) (private_stroke_configuration_t *this,id_type_t type, char *id_string, u_int8_t *key_pos, size_t key_len); - - void (*whack_receive) (private_stroke_configuration_t *this); -}; - -extern u_int8_t public_key_1[]; -extern u_int8_t private_key_1[]; -extern u_int8_t public_key_2[]; -extern u_int8_t private_key_2[]; - -static void fix_string(stroke_msg_t *msg, char **string) -{ - /* check for sanity of string pointer and string */ - if (string < (char**)msg || - string > (char**)msg + sizeof(stroke_msg_t) || - *string < (char*)msg->buffer - (u_int)msg || - *string > (char*)(u_int)msg->length) - { - *string = "(invalid char* in stroke msg)"; - } - else - { - *string = (char*)msg + (u_int)*string; - } -} - -/** - * Implementation of private_stroke_configuration_t.listen. - */ -static void whack_receive(private_stroke_configuration_t *this) -{ - stroke_msg_t *msg; - u_int16_t msg_length; - struct sockaddr_un whackaddr; - int whackaddrlen = sizeof(whackaddr); - ssize_t n; - int whackfd; - - while (1) - { - whackfd = accept(this->socket, (struct sockaddr *)&whackaddr, &whackaddrlen); - - if (whackfd < 0) - { - this->logger->log(this->logger, ERROR, "accepting stroke connection failed"); - continue; - } - - /* peek the length */ - n = recv(whackfd, &msg_length, sizeof(msg_length), MSG_PEEK); - if (n != sizeof(msg_length)) - { - this->logger->log(this->logger, ERROR, "reading lenght of stroke message failed"); - close(whackfd); - continue; - } - - /* read message */ - msg = allocator_alloc(msg_length); - n = recv(whackfd, msg, msg_length, 0); - if (n != msg_length) - { - this->logger->log(this->logger, ERROR, "reading stroke message failed"); - close(whackfd); - continue; - } - - this->logger->log_bytes(this->logger, RAW|LEVEL1, "Whackinput", (void*)msg, msg_length); - - switch (msg->type) - { - case STR_INITIATE: - { - initiate_ike_sa_job_t *job; - fix_string(msg, &(msg->initiate.name)); - this->logger->log(this->logger, CONTROL|LEVEL1, "received stroke: initiate \"%s\"", msg->initiate.name); - job = initiate_ike_sa_job_create(msg->initiate.name); - charon->job_queue->add(charon->job_queue, (job_t*)job); - break; - } - case STR_INSTALL: - { - fix_string(msg, &(msg->install.name)); - this->logger->log(this->logger, CONTROL|LEVEL1, "received stroke: install \"%s\"", msg->install.name); - break; - } - case STR_ADD_CONN: - { - sa_config_t *sa_config; - init_config_t *init_config; - host_t *me, *other; - proposal_t *proposal; - traffic_selector_t *ts; - - this->logger->log(this->logger, CONTROL|LEVEL1, "my id is: \"%p\"", msg->add_conn.me.id); - this->logger->log(this->logger, CONTROL|LEVEL1, "other id is: \"%p\"", msg->add_conn.other.id); - fix_string(msg, &msg->add_conn.name); - fix_string(msg, &msg->add_conn.me.id); - fix_string(msg, &msg->add_conn.other.id); - this->logger->log(this->logger, CONTROL|LEVEL1, "received stroke: add connection \"%s\"", msg->add_conn.name); - - msg->add_conn.me.address.v4.sin_port = htons(500); - msg->add_conn.other.address.v4.sin_port = htons(500); - me = host_create_from_sockaddr(&msg->add_conn.me.address.saddr); - other = host_create_from_sockaddr(&msg->add_conn.other.address.saddr); - - init_config = init_config_create(me, other); - proposal = proposal_create(1); - proposal->add_algorithm(proposal, IKE, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16); - proposal->add_algorithm(proposal, IKE, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0); - proposal->add_algorithm(proposal, IKE, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA1, 0); - proposal->add_algorithm(proposal, IKE, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0); - init_config->add_proposal(init_config, proposal); - - this->logger->log(this->logger, CONTROL|LEVEL1, "my id is: \"%s\"", msg->add_conn.me.id); - this->logger->log(this->logger, CONTROL|LEVEL1, "other id is: \"%s\"", msg->add_conn.other.id); - - sa_config = sa_config_create(ID_IPV4_ADDR, msg->add_conn.me.id, - ID_IPV4_ADDR, msg->add_conn.other.id, - SHARED_KEY_MESSAGE_INTEGRITY_CODE, 30000); - - this->add_new_preshared_secret(this, ID_IPV4_ADDR, "192.168.0.1","verschluesselt"); - this->add_new_preshared_secret(this, ID_IPV4_ADDR, "192.168.0.2","verschluesselt"); - - proposal = proposal_create(1); - proposal->add_algorithm(proposal, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16); - proposal->add_algorithm(proposal, ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0); - sa_config->add_proposal(sa_config, proposal); - - me = host_create_from_sockaddr(&msg->add_conn.me.subnet.saddr); - ts = traffic_selector_create_from_subnet(me, msg->add_conn.me.subnet_netbits); - sa_config->add_my_traffic_selector(sa_config,ts); - chunk_t chunk = ts->get_to_address(ts); - this->logger->log_chunk(this->logger, CONTROL|LEVEL1, "my toaddr", &chunk); - other = host_create_from_sockaddr(&msg->add_conn.other.subnet.saddr); - ts = traffic_selector_create_from_subnet(other, msg->add_conn.other.subnet_netbits); - sa_config->add_other_traffic_selector(sa_config,ts); - chunk = ts->get_to_address(ts); - this->logger->log_chunk(this->logger, CONTROL|LEVEL1, "other toaddr", &chunk); - - this->add_new_configuration(this, msg->add_conn.name, init_config, sa_config); - this->logger->log(this->logger, CONTROL|LEVEL1, "connection added \"%s\"", msg->add_conn.name); - - break; - } - case STR_DEL_CONN: - default: - this->logger->log(this->logger, ERROR, "received invalid stroke"); - } - - allocator_free(msg); - } -} - - -/** - * Implementation of stroke_configuration_t.get_init_config_for_host. - */ -static status_t get_init_config_for_host (private_stroke_configuration_t *this, host_t *my_host, host_t *other_host,init_config_t **init_config) -{ - iterator_t *iterator; - status_t status = NOT_FOUND; - - iterator = this->configurations->create_iterator(this->configurations,TRUE); - - this->logger->log(this->logger, CONTROL|LEVEL1, "getting config for hosts %s - %s", - my_host->get_address(my_host), other_host->get_address(other_host)); - - while (iterator->has_next(iterator)) - { - configuration_entry_t *entry; - host_t *config_my_host; - host_t *config_other_host; - - iterator->current(iterator,(void **) &entry); - - config_my_host = entry->init_config->get_my_host(entry->init_config); - config_other_host = entry->init_config->get_other_host(entry->init_config); - - /* first check if ip is equal */ - if(config_other_host->ip_is_equal(config_other_host,other_host)) - { - this->logger->log(this->logger, CONTROL|LEVEL2, "config entry with remote host %s", - config_other_host->get_address(config_other_host)); - /* could be right one, check my_host for default route*/ - if (config_my_host->is_default_route(config_my_host)) - { - *init_config = entry->init_config; - status = SUCCESS; - break; - } - /* check now if host informations are the same */ - else if (config_my_host->ip_is_equal(config_my_host,my_host)) - { - *init_config = entry->init_config; - status = SUCCESS; - break; - } - - } - /* Then check for wildcard hosts! - * TODO - * actually its only checked if other host with default route can be found! */ - else if (config_other_host->is_default_route(config_other_host)) - { - /* could be right one, check my_host for default route*/ - if (config_my_host->is_default_route(config_my_host)) - { - *init_config = entry->init_config; - status = SUCCESS; - break; - } - /* check now if host informations are the same */ - else if (config_my_host->ip_is_equal(config_my_host,my_host)) - { - *init_config = entry->init_config; - status = SUCCESS; - break; - } - } - } - - iterator->destroy(iterator); - - return status; -} - -/** - * Implementation of stroke_configuration_t.get_init_config_for_name. - */ -static status_t get_init_config_for_name (private_stroke_configuration_t *this, char *name, init_config_t **init_config) -{ - iterator_t *iterator; - status_t status = NOT_FOUND; - - iterator = this->configurations->create_iterator(this->configurations,TRUE); - - while (iterator->has_next(iterator)) - { - configuration_entry_t *entry; - iterator->current(iterator,(void **) &entry); - - if (strcmp(entry->name,name) == 0) - { - - /* found configuration */ - *init_config = entry->init_config; - status = SUCCESS; - break; - } - } - - iterator->destroy(iterator); - - return status; -} - -/** - * Implementation of stroke_configuration_t.get_sa_config_for_name. - */ -static status_t get_sa_config_for_name (private_stroke_configuration_t *this, char *name, sa_config_t **sa_config) -{ - iterator_t *iterator; - status_t status = NOT_FOUND; - - iterator = this->configurations->create_iterator(this->configurations,TRUE); - - while (iterator->has_next(iterator)) - { - configuration_entry_t *entry; - iterator->current(iterator,(void **) &entry); - - if (strcmp(entry->name,name) == 0) - { - /* found configuration */ - *sa_config = entry->sa_config; - status = SUCCESS; - break; - } - } - - iterator->destroy(iterator); - - return status; -} - -/** - * Implementation of stroke_configuration_t.get_sa_config_for_init_config_and_id. - */ -static status_t get_sa_config_for_init_config_and_id (private_stroke_configuration_t *this, init_config_t *init_config, identification_t *other_id, identification_t *my_id,sa_config_t **sa_config) -{ - iterator_t *iterator; - status_t status = NOT_FOUND; - - iterator = this->configurations->create_iterator(this->configurations,TRUE); - - while (iterator->has_next(iterator)) - { - configuration_entry_t *entry; - iterator->current(iterator,(void **) &entry); - - if (entry->init_config == init_config) - { - identification_t *config_my_id = entry->sa_config->get_my_id(entry->sa_config); - identification_t *config_other_id = entry->sa_config->get_other_id(entry->sa_config); - - /* host informations seem to be the same */ - if (config_other_id->equals(config_other_id,other_id)) - { - /* other ids seems to match */ - - if (my_id == NULL) - { - /* first matching one is selected */ - - /* TODO priorize found entries */ - *sa_config = entry->sa_config; - status = SUCCESS; - break; - } - - if (config_my_id->equals(config_my_id,my_id)) - { - *sa_config = entry->sa_config; - status = SUCCESS; - break; - } - - } - } - } - - iterator->destroy(iterator); - - return status; -} - -/** - * Implementation of private_stroke_configuration_t.add_new_configuration. - */ -static void add_new_configuration (private_stroke_configuration_t *this, char *name, init_config_t *init_config, sa_config_t *sa_config) -{ - iterator_t *iterator; - bool found; - - iterator = this->init_configs->create_iterator(this->init_configs,TRUE); - found = FALSE; - while (iterator->has_next(iterator)) - { - init_config_t *found_init_config; - iterator->current(iterator,(void **) &found_init_config); - if (init_config == found_init_config) - { - found = TRUE; - break; - } - } - iterator->destroy(iterator); - if (!found) - { - this->init_configs->insert_first(this->init_configs,init_config); - } - - iterator = this->sa_configs->create_iterator(this->sa_configs,TRUE); - found = FALSE; - while (iterator->has_next(iterator)) - { - sa_config_t *found_sa_config; - iterator->current(iterator,(void **) &found_sa_config); - if (sa_config == found_sa_config) - { - found = TRUE; - break; - } - } - iterator->destroy(iterator); - if (!found) - { - this->sa_configs->insert_first(this->sa_configs,sa_config); - } - - this->configurations->insert_last(this->configurations,configuration_entry_create(name,init_config,sa_config)); -} - -/** - * Implementation of private_stroke_configuration_t.add_new_preshared_secret. - */ -static void add_new_preshared_secret (private_stroke_configuration_t *this,id_type_t type, char *id_string, char *preshared_secret) -{ - preshared_secret_entry_t *entry = allocator_alloc_thing(preshared_secret_entry_t); - - entry->identification = identification_create_from_string(type,id_string); - entry->preshared_secret.len = strlen(preshared_secret) + 1; - entry->preshared_secret.ptr = allocator_alloc(entry->preshared_secret.len); - memcpy(entry->preshared_secret.ptr,preshared_secret,entry->preshared_secret.len); - - this->preshared_secrets->insert_last(this->preshared_secrets,entry); -} - -/** - * Implementation of private_stroke_configuration_t.add_new_preshared_secret. - */ -static void add_new_rsa_public_key (private_stroke_configuration_t *this, id_type_t type, char *id_string, u_int8_t* key_pos, size_t key_len) -{ - chunk_t key; - key.ptr = key_pos; - key.len = key_len; - - rsa_public_key_entry_t *entry = allocator_alloc_thing(rsa_public_key_entry_t); - - entry->identification = identification_create_from_string(type,id_string); - entry->public_key = rsa_public_key_create(); - entry->public_key->set_key(entry->public_key, key); - - this->rsa_public_keys->insert_last(this->rsa_public_keys, entry); -} - -/** - * Implementation of private_stroke_configuration_t.add_new_preshared_secret. - */ -static void add_new_rsa_private_key (private_stroke_configuration_t *this, id_type_t type, char *id_string, u_int8_t* key_pos, size_t key_len) -{ - chunk_t key; - key.ptr = key_pos; - key.len = key_len; - - rsa_private_key_entry_t *entry = allocator_alloc_thing(rsa_private_key_entry_t); - - entry->identification = identification_create_from_string(type,id_string); - entry->private_key = rsa_private_key_create(); - entry->private_key->set_key(entry->private_key, key); - - this->rsa_private_keys->insert_last(this->rsa_private_keys, entry); -} - -/** - * Implementation of stroke_configuration_t.get_shared_secret. - */ -static status_t get_shared_secret(private_stroke_configuration_t *this, identification_t *identification, chunk_t *preshared_secret) -{ - iterator_t *iterator; - - iterator = this->preshared_secrets->create_iterator(this->preshared_secrets,TRUE); - while (iterator->has_next(iterator)) - { - preshared_secret_entry_t *entry; - iterator->current(iterator,(void **) &entry); - if (entry->identification->equals(entry->identification,identification)) - { - *preshared_secret = entry->preshared_secret; - iterator->destroy(iterator); - return SUCCESS; - } - } - iterator->destroy(iterator); - return NOT_FOUND; -} - -/** - * Implementation of stroke_configuration_t.get_shared_secret. - */ -static status_t get_rsa_public_key(private_stroke_configuration_t *this, identification_t *identification, rsa_public_key_t **public_key) -{ - iterator_t *iterator; - - iterator = this->rsa_public_keys->create_iterator(this->rsa_public_keys,TRUE); - while (iterator->has_next(iterator)) - { - rsa_public_key_entry_t *entry; - iterator->current(iterator,(void **) &entry); - if (entry->identification->equals(entry->identification,identification)) - { - *public_key = entry->public_key; - iterator->destroy(iterator); - return SUCCESS; - } - } - iterator->destroy(iterator); - return NOT_FOUND; -} - -/** - * Implementation of stroke_configuration_t.get_shared_secret. - */ -static status_t get_rsa_private_key(private_stroke_configuration_t *this, identification_t *identification, rsa_private_key_t **private_key) -{ - iterator_t *iterator; - - iterator = this->rsa_private_keys->create_iterator(this->rsa_private_keys,TRUE); - while (iterator->has_next(iterator)) - { - rsa_private_key_entry_t *entry; - iterator->current(iterator,(void **) &entry); - if (entry->identification->equals(entry->identification,identification)) - { - *private_key = entry->private_key; - iterator->destroy(iterator); - return SUCCESS; - } - } - iterator->destroy(iterator); - return NOT_FOUND; -} - -/** - * Implementation of stroke_configuration_t.get_retransmit_timeout. - */ -static status_t get_retransmit_timeout (private_stroke_configuration_t *this, u_int32_t retransmit_count, u_int32_t *timeout) -{ - int new_timeout = this->first_retransmit_timeout, i; - if ((retransmit_count > this->max_retransmit_count) && (this->max_retransmit_count != 0)) - { - return FAILED; - } - - - for (i = 0; i < retransmit_count; i++) - { - new_timeout *= 2; - } - - *timeout = new_timeout; - - return SUCCESS; -} - -/** - * Implementation of stroke_configuration_t.get_half_open_ike_sa_timeout. - */ -static u_int32_t get_half_open_ike_sa_timeout (private_stroke_configuration_t *this) -{ - return this->half_open_ike_sa_timeout; -} - -/** - * Implementation of stroke_configuration_t.destroy. - */ -static void destroy(private_stroke_configuration_t *this) -{ - this->logger->log(this->logger,CONTROL | LEVEL1, "Going to destroy configuration backend "); - - this->logger->log(this->logger,CONTROL | LEVEL2, "Destroy configuration entries"); - while (this->configurations->get_count(this->configurations) > 0) - { - configuration_entry_t *entry; - this->configurations->remove_first(this->configurations,(void **) &entry); - entry->destroy(entry); - } - this->configurations->destroy(this->configurations); - - this->logger->log(this->logger,CONTROL | LEVEL2, "Destroy sa_config_t objects"); - while (this->sa_configs->get_count(this->sa_configs) > 0) - { - sa_config_t *sa_config; - this->sa_configs->remove_first(this->sa_configs,(void **) &sa_config); - sa_config->destroy(sa_config); - } - - this->sa_configs->destroy(this->sa_configs); - - this->logger->log(this->logger,CONTROL | LEVEL2, "Destroy init_config_t objects"); - while (this->init_configs->get_count(this->init_configs) > 0) - { - init_config_t *init_config; - this->init_configs->remove_first(this->init_configs,(void **) &init_config); - init_config->destroy(init_config); - } - this->init_configs->destroy(this->init_configs); - - while (this->preshared_secrets->get_count(this->preshared_secrets) > 0) - { - preshared_secret_entry_t *entry; - this->preshared_secrets->remove_first(this->preshared_secrets,(void **) &entry); - entry->identification->destroy(entry->identification); - allocator_free_chunk(&(entry->preshared_secret)); - allocator_free(entry); - } - this->preshared_secrets->destroy(this->preshared_secrets); - - this->logger->log(this->logger,CONTROL | LEVEL2, "Destroy rsa private keys"); - while (this->rsa_private_keys->get_count(this->rsa_private_keys) > 0) - { - rsa_private_key_entry_t *entry; - this->rsa_private_keys->remove_first(this->rsa_private_keys,(void **) &entry); - entry->identification->destroy(entry->identification); - entry->private_key->destroy(entry->private_key); - allocator_free(entry); - } - this->rsa_private_keys->destroy(this->rsa_private_keys); - - this->logger->log(this->logger,CONTROL | LEVEL2, "Destroy rsa public keys"); - while (this->rsa_public_keys->get_count(this->rsa_public_keys) > 0) - { - rsa_public_key_entry_t *entry; - this->rsa_public_keys->remove_first(this->rsa_public_keys,(void **) &entry); - entry->identification->destroy(entry->identification); - entry->public_key->destroy(entry->public_key); - allocator_free(entry); - } - this->rsa_public_keys->destroy(this->rsa_public_keys); - - this->logger->log(this->logger,CONTROL | LEVEL2, "Destroy assigned logger"); - charon->logger_manager->destroy_logger(charon->logger_manager,this->logger); - close(this->socket); - unlink(socket_addr.sun_path); - allocator_free(this); -} - -/* - * Described in header-file - */ -stroke_configuration_t *stroke_configuration_create() -{ - private_stroke_configuration_t *this = allocator_alloc_thing(private_stroke_configuration_t); - mode_t old; - bool on = TRUE; - - /* public functions */ - this->public.configuration_interface.destroy = (void(*)(configuration_t*))destroy; - this->public.configuration_interface.get_init_config_for_name = (status_t (*) (configuration_t *, char *, init_config_t **)) get_init_config_for_name; - this->public.configuration_interface.get_init_config_for_host = (status_t (*) (configuration_t *, host_t *, host_t *,init_config_t **)) get_init_config_for_host; - this->public.configuration_interface.get_sa_config_for_name =(status_t (*) (configuration_t *, char *, sa_config_t **)) get_sa_config_for_name; - this->public.configuration_interface.get_sa_config_for_init_config_and_id =(status_t (*) (configuration_t *, init_config_t *, identification_t *, identification_t *,sa_config_t **)) get_sa_config_for_init_config_and_id; - this->public.configuration_interface.get_retransmit_timeout = (status_t (*) (configuration_t *, u_int32_t retransmit_count, u_int32_t *timeout))get_retransmit_timeout; - this->public.configuration_interface.get_half_open_ike_sa_timeout = (u_int32_t (*) (configuration_t *)) get_half_open_ike_sa_timeout; - this->public.configuration_interface.get_shared_secret = (status_t (*) (configuration_t *, identification_t *, chunk_t *))get_shared_secret; - this->public.configuration_interface.get_rsa_private_key = (status_t (*) (configuration_t *, identification_t *, rsa_private_key_t**))get_rsa_private_key; - this->public.configuration_interface.get_rsa_public_key = (status_t (*) (configuration_t *, identification_t *, rsa_public_key_t**))get_rsa_public_key; - - /* private functions */ - this->add_new_configuration = add_new_configuration; - this->add_new_preshared_secret = add_new_preshared_secret; - this->add_new_rsa_public_key = add_new_rsa_public_key; - this->add_new_rsa_private_key = add_new_rsa_private_key; - this->whack_receive = whack_receive; - - this->logger = charon->logger_manager->create_logger(charon->logger_manager,CONFIG,NULL); - - /* set up unix socket */ - this->socket = socket(AF_UNIX, SOCK_STREAM, 0); - if (this->socket == -1) - { - this->logger->log(this->logger, ERROR, "could not create whack socket"); - charon->logger_manager->destroy_logger(charon->logger_manager,this->logger); - allocator_free(this); - return NULL; - } - if (fcntl(this->socket, F_SETFD, FD_CLOEXEC) < 0) - { - this->logger->log(this->logger, ERROR, "could not FD_CLOEXEC on whack socket"); - charon->logger_manager->destroy_logger(charon->logger_manager,this->logger); - close(this->socket); - allocator_free(this); - return NULL; - } - if (setsockopt(this->socket, SOL_SOCKET, SO_REUSEADDR, (const void *)&on, sizeof(on)) < 0) - - old = umask(~S_IRWXU); - if (bind(this->socket, (struct sockaddr *)&socket_addr, sizeof(socket_addr)) < 0) - { - this->logger->log(this->logger, ERROR, "could not bind whack socket: %s", strerror(errno)); - charon->logger_manager->destroy_logger(charon->logger_manager,this->logger); - close(this->socket); - allocator_free(this); - return NULL; - } - umask(old); - - if (listen(this->socket, 0) < 0) - { - this->logger->log(this->logger, ERROR, "could not listen on whack socket: %s", strerror(errno)); - charon->logger_manager->destroy_logger(charon->logger_manager,this->logger); - close(this->socket); - unlink(socket_addr.sun_path); - allocator_free(this); - return NULL; - } - - /* start a thread reading from the socket */ - if (pthread_create(&(this->assigned_thread), NULL, (void*(*)(void*))this->whack_receive, this) != 0) - { - this->logger->log(this->logger, ERROR, "Could not spawn whack thread"); - charon->logger_manager->destroy_logger(charon->logger_manager, this->logger); - close(this->socket); - unlink(socket_addr.sun_path); - allocator_free(this); - } - - /* private variables */ - this->configurations = linked_list_create(); - this->sa_configs = linked_list_create(); - this->init_configs = linked_list_create(); - this->preshared_secrets = linked_list_create(); - this->rsa_private_keys = linked_list_create(); - this->rsa_public_keys = linked_list_create(); - this->max_retransmit_count = MAX_RETRANSMIT_COUNT; - this->first_retransmit_timeout = RETRANSMIT_TIMEOUT; - this->half_open_ike_sa_timeout = HALF_OPEN_IKE_SA_TIMEOUT; - - return (&this->public); -} diff --git a/Source/charon/config/stroke_configuration.h b/Source/charon/config/stroke_configuration.h deleted file mode 100644 index 558e43f82..000000000 --- a/Source/charon/config/stroke_configuration.h +++ /dev/null @@ -1,111 +0,0 @@ -/** - * @file stroke_configuration_t.h - * - * @brief Interface of stroke_configuration_t. - * - */ - -/* - * Copyright (C) 2005 Jan Hutter, Martin Willi - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See . - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#ifndef STROKE_CONFIGURATION_H -#define STROKE_CONFIGURATION_H - -#include - -/** - * @brief A message sent over the unix socket. - * - */ -typedef struct stroke_msg_t stroke_msg_t; - -struct stroke_msg_t { - /* length of this message with all strings */ - u_int16_t length; - /* type of the message */ - enum { - /* initiate a connection */ - STR_INITIATE, - /* install SPD entries for a connection */ - STR_INSTALL, - /* add a connection */ - STR_ADD_CONN, - /* delete a connection */ - STR_DEL_CONN, - /* more to come */ - } type; - union { - /* data for STR_INITIATE, STR_INSTALL */ - struct { - char *name; - } initiate, install; - /* data for STR_ADD_CONN */ - struct { - char *name; - struct { - union { - u_int16_t family; - struct sockaddr saddr; - struct sockaddr_in v4; - struct sockaddr_in6 v6; - } address; - char *id; - union { - u_int16_t family; - struct sockaddr saddr; - struct sockaddr_in v4; - struct sockaddr_in6 v6; - } subnet; - u_int8_t subnet_netbits; - } me, other; - } add_conn; - }; - u_int8_t buffer[]; -}; - - -typedef struct stroke_configuration_t stroke_configuration_t; - -/** - * @brief A config backend which uses a unix socket. - * - * Allows config manipulation (as whack in pluto). This config - * is used by the ipsec_starter utility. This configuration - * implementation opens a socket at /var/run/charon.ctl and - * waits for input from ipsec starter. - * - * @b Constructors: - * - stroke_configuration_create() - * - * @ingroup config - */ -struct stroke_configuration_t { - - /** - * Implements configuration_t interface - */ - configuration_t configuration_interface; -}; - -/** - * @brief Creates an configuration with a unix socket interface. - * - * @return stroke_configuration_t object - * - * @ingroup config - */ -stroke_configuration_t *stroke_configuration_create(); - -#endif /*STROKE_CONFIGURATION_H*/ diff --git a/Source/charon/config/traffic_selector.c b/Source/charon/config/traffic_selector.c index 9f96718c0..317b7a38e 100644 --- a/Source/charon/config/traffic_selector.c +++ b/Source/charon/config/traffic_selector.c @@ -218,7 +218,6 @@ static u_int8_t get_netmask(private_traffic_selector_t *this) u_int32_t from, to, bit; from = htonl(this->from_addr_ipv4); to = htonl(this->to_addr_ipv4); - printf("%x - %x\n", from, to); for (bit = 0; bit < 32; bit++) { if ((1< #include @@ -224,4 +224,4 @@ traffic_selector_t *traffic_selector_create_from_bytes(u_int8_t protocol, ts_typ traffic_selector_t *traffic_selector_create_from_subnet(host_t *net, u_int8_t netbits); -#endif //_TRAFFIC_SELECTOR_H_ +#endif /* TRAFFIC_SELECTOR_H_ */ diff --git a/Source/charon/daemon.c b/Source/charon/daemon.c index 8ecdb9892..6455dc205 100644 --- a/Source/charon/daemon.c +++ b/Source/charon/daemon.c @@ -31,9 +31,7 @@ #include #include -#include -#include -#include +#include typedef struct private_daemon_t private_daemon_t; @@ -69,14 +67,6 @@ struct private_daemon_t { */ void (*run) (private_daemon_t *this); - /** - * A routine to add job for testing. - * - * @param this calling object - * @param configuration_name name of configuration to use for initialization - */ - void (*build_test_job) (private_daemon_t *this,char *configuration_name); - /** * Initialize the daemon. * @@ -160,35 +150,21 @@ static void kill_daemon(private_daemon_t *this, char *reason) } } -/** - * Implementation of private_daemon_t.build_test_job. - */ -static void build_test_job(private_daemon_t *this, char *configuration_name) -{ - initiate_ike_sa_job_t *initiate_job; - - /* configuration_name = "localhost-rsa"; */ - /* configuration_name = "localhost-shared"; */ - /* configuration_name = "localhost-bad_dh_group"; */ - - - initiate_job = initiate_ike_sa_job_create(configuration_name); - - this->public.event_queue->add_relative(this->public.event_queue, (job_t*)initiate_job, 2000); - -} - /** * Implementation of private_daemon_t.initialize. */ static void initialize(private_daemon_t *this) { + this->public.configuration = configuration_create(); this->public.socket = socket_create(IKEV2_UDP_PORT); this->public.ike_sa_manager = ike_sa_manager_create(); this->public.job_queue = job_queue_create(); this->public.event_queue = event_queue_create(); this->public.send_queue = send_queue_create(); - this->public.configuration = (configuration_t*)stroke_configuration_create(); + this->public.stroke = stroke_create(); + this->public.connections = &this->public.stroke->connections; + this->public.policies = &this->public.stroke->policies; + this->public.credentials = &this->public.stroke->credentials; this->public.sender = sender_create(); this->public.receiver = receiver_create(); @@ -246,6 +222,22 @@ static void destroy(private_daemon_t *this) { this->public.configuration->destroy(this->public.configuration); } + if (this->public.credentials != NULL) + { + this->public.credentials->destroy(this->public.credentials); + } + if (this->public.connections != NULL) + { + this->public.connections->destroy(this->public.connections); + } + if (this->public.policies != NULL) + { + this->public.policies->destroy(this->public.policies); + } + if (this->public.stroke != NULL) + { + this->public.stroke->destroy(this->public.stroke); + } this->public.logger_manager->destroy(this->public.logger_manager); allocator_free(this); @@ -265,7 +257,6 @@ private_daemon_t *daemon_create() /* assign methods */ this->run = run; this->destroy = destroy; - this->build_test_job = build_test_job; this->initialize = initialize; this->public.kill = (void (*) (daemon_t*,char*))kill_daemon; @@ -280,11 +271,15 @@ private_daemon_t *daemon_create() this->public.event_queue = NULL; this->public.send_queue = NULL; this->public.configuration = NULL; + this->public.credentials = NULL; + this->public.connections = NULL; + this->public.policies = NULL; this->public.sender= NULL; this->public.receiver = NULL; this->public.scheduler = NULL; this->public.kernel_interface = NULL; this->public.thread_pool = NULL; + this->public.stroke = NULL; this->main_thread_id = pthread_self(); @@ -329,10 +324,6 @@ int main(int argc, char *argv[]) /* initialize and run daemon*/ private_charon->initialize(private_charon); - if (argc == 2) - { - private_charon->build_test_job(private_charon,argv[1]); - } private_charon->run(private_charon); /* normal termination, cleanup and exit */ diff --git a/Source/charon/daemon.h b/Source/charon/daemon.h index db7b64c62..4b7003179 100644 --- a/Source/charon/daemon.h +++ b/Source/charon/daemon.h @@ -28,6 +28,7 @@ #include #include #include +#include #include #include #include @@ -35,6 +36,9 @@ #include #include #include +#include +#include +#include /** * Name of the daemon. @@ -62,7 +66,7 @@ /** * Output of log, use NULL for syslog */ -#define LOG_OUTPUT NULL +#define LOG_OUTPUT stdout /** * @brief Default loglevel for every logger context. @@ -114,6 +118,21 @@ struct daemon_t { */ configuration_t *configuration; + /** + * A connection_store_t instance. + */ + connection_store_t *connections; + + /** + * A policy_store_t instance. + */ + policy_store_t *policies; + + /** + * A credential_store_t instance. + */ + credential_store_t *credentials; + /** * The Sender-Thread. */ @@ -139,6 +158,11 @@ struct daemon_t { */ kernel_interface_t *kernel_interface; + /** + * IPC interface, as whack in pluto + */ + stroke_t *stroke; + /** * @brief Shut down the daemon. * diff --git a/Source/charon/encoding/generator.c b/Source/charon/encoding/generator.c index ff72190dd..7b65223bf 100644 --- a/Source/charon/encoding/generator.c +++ b/Source/charon/encoding/generator.c @@ -540,7 +540,7 @@ static void generate_from_chunk (private_generator_t *this,u_int32_t offset) /* position in buffer */ chunk_t *attribute_value = (chunk_t *)(this->data_struct + offset); - this->logger->log_chunk(this->logger, RAW|LEVEL2, " =>", attribute_value); + this->logger->log_chunk(this->logger, RAW|LEVEL2, " =>", *attribute_value); /* use write_bytes_to_buffer function to do the job */ this->write_bytes_to_buffer(this,attribute_value->ptr,attribute_value->len); @@ -633,7 +633,7 @@ static void write_to_chunk (private_generator_t *this,chunk_t *data) memcpy(data->ptr,this->buffer,data_length); data->len = data_length; - this->logger->log_chunk(this->logger, RAW|LEVEL3, "generated data of this generator", data); + this->logger->log_chunk(this->logger, RAW|LEVEL3, "generated data of this generator", *data); } /** diff --git a/Source/charon/encoding/message.c b/Source/charon/encoding/message.c index d11bacfd3..b79020a24 100644 --- a/Source/charon/encoding/message.c +++ b/Source/charon/encoding/message.c @@ -652,7 +652,7 @@ static status_t generate(private_message_t *this, crypter_t *crypter, signer_t* /* clone packet for caller */ *packet = this->packet->clone(this->packet); - this->logger->log(this->logger, CONTROL, "Message of type %s generated successfully", + this->logger->log(this->logger, CONTROL|LEVEL1, "Message of type %s generated successfully", mapping_find(exchange_type_m,this->exchange_type)); return SUCCESS; } diff --git a/Source/charon/encoding/payloads/auth_payload.c b/Source/charon/encoding/payloads/auth_payload.c index 23fad75f9..73e5abd5d 100644 --- a/Source/charon/encoding/payloads/auth_payload.c +++ b/Source/charon/encoding/payloads/auth_payload.c @@ -25,16 +25,6 @@ #include #include -/** - * String mappings for auth_method_t. - */ -mapping_t auth_method_m[] = { - {RSA_DIGITAL_SIGNATURE, "RSA_DIGITAL_SIGNATURE"}, - {SHARED_KEY_MESSAGE_INTEGRITY_CODE, "SHARED_KEY_MESSAGE_INTEGRITY_CODE"}, - {DSS_DIGITAL_SIGNATURE, "DSS_DIGITAL_SIGNATURE"}, - {MAPPING_END, NULL} -}; - typedef struct private_auth_payload_t private_auth_payload_t; diff --git a/Source/charon/encoding/payloads/auth_payload.h b/Source/charon/encoding/payloads/auth_payload.h index 1df867356..699ea2cdd 100644 --- a/Source/charon/encoding/payloads/auth_payload.h +++ b/Source/charon/encoding/payloads/auth_payload.h @@ -21,11 +21,12 @@ */ -#ifndef _AUTH_PAYLOAD_H_ -#define _AUTH_PAYLOAD_H_ +#ifndef AUTH_PAYLOAD_H_ +#define AUTH_PAYLOAD_H_ #include #include +#include /** * Length of a auth payload without the auth data in bytes. @@ -35,40 +36,6 @@ #define AUTH_PAYLOAD_HEADER_LENGTH 8 -typedef enum auth_method_t auth_method_t; - -/** - * AUTH Method of a AUTH payload. - * - * @ingroup payloads - */ -enum auth_method_t { - /** - * Computed as specified in section 2.15 of RFC using - * an RSA private key over a PKCS#1 padded hash. - */ - RSA_DIGITAL_SIGNATURE = 1, - - /* Computed as specified in - * section 2.15 of RFC using the shared key associated with the identity - * in the ID payload and the negotiated prf function - */ - SHARED_KEY_MESSAGE_INTEGRITY_CODE = 2, - - /* Computed as specified in section - * 2.15 of RFC using a DSS private key over a SHA-1 hash. - */ - DSS_DIGITAL_SIGNATURE = 3, -}; - -/** - * string mappings for auth method. - * - * @ingroup payloads - */ -extern mapping_t auth_method_m[]; - - typedef struct auth_payload_t auth_payload_t; /** @@ -152,4 +119,4 @@ struct auth_payload_t { auth_payload_t *auth_payload_create(); -#endif //_AUTH_PAYLOAD_H_ +#endif /* AUTH_PAYLOAD_H_ */ diff --git a/Source/charon/encoding/payloads/cert_payload.h b/Source/charon/encoding/payloads/cert_payload.h index 05b210462..9148cfd31 100644 --- a/Source/charon/encoding/payloads/cert_payload.h +++ b/Source/charon/encoding/payloads/cert_payload.h @@ -20,8 +20,8 @@ * for more details. */ -#ifndef _CERT_PAYLOAD_H_ -#define _CERT_PAYLOAD_H_ +#ifndef CERT_PAYLOAD_H_ +#define CERT_PAYLOAD_H_ #include #include @@ -152,4 +152,4 @@ struct cert_payload_t { cert_payload_t *cert_payload_create(); -#endif //_CERT_PAYLOAD_H_ +#endif /* CERT_PAYLOAD_H_ */ diff --git a/Source/charon/encoding/payloads/certreq_payload.h b/Source/charon/encoding/payloads/certreq_payload.h index c5947ae72..3e88e7ffe 100644 --- a/Source/charon/encoding/payloads/certreq_payload.h +++ b/Source/charon/encoding/payloads/certreq_payload.h @@ -20,8 +20,8 @@ * for more details. */ -#ifndef _CERTREQ_PAYLOAD_H_ -#define _CERTREQ_PAYLOAD_H_ +#ifndef CERTREQ_PAYLOAD_H_ +#define CERTREQ_PAYLOAD_H_ #include #include @@ -122,4 +122,4 @@ struct certreq_payload_t { certreq_payload_t *certreq_payload_create(); -#endif //_CERTREQ_PAYLOAD_H_ +#endif /* CERTREQ_PAYLOAD_H_ */ diff --git a/Source/charon/encoding/payloads/configuration_attribute.h b/Source/charon/encoding/payloads/configuration_attribute.h index 9de6ac9ea..5b6b4f473 100644 --- a/Source/charon/encoding/payloads/configuration_attribute.h +++ b/Source/charon/encoding/payloads/configuration_attribute.h @@ -20,8 +20,8 @@ * for more details. */ -#ifndef _CONFIGURATION_ATTRIBUTE_H_ -#define _CONFIGURATION_ATTRIBUTE_H_ +#ifndef CONFIGURATION_ATTRIBUTE_H_ +#define CONFIGURATION_ATTRIBUTE_H_ #include #include @@ -146,4 +146,4 @@ struct configuration_attribute_t { */ configuration_attribute_t *configuration_attribute_create(); -#endif /*_CONFIGURATION_ATTRIBUTE_H_*/ +#endif /* CONFIGURATION_ATTRIBUTE_H_*/ diff --git a/Source/charon/encoding/payloads/cp_payload.h b/Source/charon/encoding/payloads/cp_payload.h index be5f52408..eb8076446 100644 --- a/Source/charon/encoding/payloads/cp_payload.h +++ b/Source/charon/encoding/payloads/cp_payload.h @@ -27,7 +27,6 @@ #include #include #include -#include /** * CP_PAYLOAD length in bytes without any proposal substructure. diff --git a/Source/charon/encoding/payloads/delete_payload.h b/Source/charon/encoding/payloads/delete_payload.h index d4417b59f..71a6317d4 100644 --- a/Source/charon/encoding/payloads/delete_payload.h +++ b/Source/charon/encoding/payloads/delete_payload.h @@ -20,8 +20,8 @@ * for more details. */ -#ifndef _DELETE_PAYLOAD_H_ -#define _DELETE_PAYLOAD_H_ +#ifndef DELETE_PAYLOAD_H_ +#define DELETE_PAYLOAD_H_ #include #include @@ -153,4 +153,4 @@ struct delete_payload_t { delete_payload_t *delete_payload_create(); -#endif //_DELETE_PAYLOAD_H_ +#endif /* DELETE_PAYLOAD_H_ */ diff --git a/Source/charon/encoding/payloads/eap_payload.h b/Source/charon/encoding/payloads/eap_payload.h index 4c324c6da..5e5a0c6d8 100644 --- a/Source/charon/encoding/payloads/eap_payload.h +++ b/Source/charon/encoding/payloads/eap_payload.h @@ -20,8 +20,8 @@ * for more details. */ -#ifndef _EAP_PAYLOAD_H_ -#define _EAP_PAYLOAD_H_ +#ifndef EAP_PAYLOAD_H_ +#define EAP_PAYLOAD_H_ #include #include @@ -102,4 +102,4 @@ struct eap_payload_t { eap_payload_t *eap_payload_create(); -#endif //_EAP_PAYLOAD_H_ +#endif /* EAP_PAYLOAD_H_ */ diff --git a/Source/charon/encoding/payloads/encryption_payload.c b/Source/charon/encoding/payloads/encryption_payload.c index 8cbf5566c..e642bb318 100644 --- a/Source/charon/encoding/payloads/encryption_payload.c +++ b/Source/charon/encoding/payloads/encryption_payload.c @@ -289,7 +289,7 @@ static status_t encrypt(private_encryption_payload_t *this) this->generate(this); this->logger->log(this->logger, CONTROL|LEVEL2, "encrypting payloads"); - this->logger->log_chunk(this->logger, RAW|LEVEL2, "data to encrypt", &this->decrypted); + this->logger->log_chunk(this->logger, RAW|LEVEL2, "data to encrypt", this->decrypted); /* build padding */ block_size = this->crypter->get_block_size(this->crypter); @@ -309,7 +309,7 @@ static status_t encrypt(private_encryption_payload_t *this) randomizer->allocate_pseudo_random_bytes(randomizer, iv.len, &iv); randomizer->destroy(randomizer); - this->logger->log_chunk(this->logger, RAW|LEVEL2, "data before encryption with padding", &to_crypt); + this->logger->log_chunk(this->logger, RAW|LEVEL2, "data before encryption with padding", to_crypt); /* encrypt to_crypt chunk */ allocator_free(this->encrypted.ptr); @@ -322,7 +322,7 @@ static status_t encrypt(private_encryption_payload_t *this) allocator_free(iv.ptr); return status; } - this->logger->log_chunk(this->logger, RAW|LEVEL2, "data after encryption", &result); + this->logger->log_chunk(this->logger, RAW|LEVEL2, "data after encryption", result); /* build encrypted result with iv and signature */ @@ -336,7 +336,7 @@ static status_t encrypt(private_encryption_payload_t *this) allocator_free(result.ptr); allocator_free(iv.ptr); - this->logger->log_chunk(this->logger, RAW|LEVEL2, "data after encryption with IV and (invalid) signature", &this->encrypted); + this->logger->log_chunk(this->logger, RAW|LEVEL2, "data after encryption with IV and (invalid) signature", this->encrypted); return SUCCESS; } @@ -352,7 +352,7 @@ static status_t decrypt(private_encryption_payload_t *this) this->logger->log(this->logger, CONTROL|LEVEL2, "decrypting encryption payload"); - this->logger->log_chunk(this->logger, RAW|LEVEL2, "data before decryption with IV and (invalid) signature", &this->encrypted); + this->logger->log_chunk(this->logger, RAW|LEVEL2, "data before decryption with IV and (invalid) signature", this->encrypted); if (this->signer == NULL || this->crypter == NULL) @@ -382,7 +382,7 @@ static status_t decrypt(private_encryption_payload_t *this) /* free previus data, if any */ allocator_free(this->decrypted.ptr); - this->logger->log_chunk(this->logger, RAW|LEVEL2, "data before decryption", &concatenated); + this->logger->log_chunk(this->logger, RAW|LEVEL2, "data before decryption", concatenated); status = this->crypter->decrypt(this->crypter, concatenated, iv, &(this->decrypted)); if (status != SUCCESS) @@ -390,7 +390,7 @@ static status_t decrypt(private_encryption_payload_t *this) this->logger->log(this->logger, ERROR|LEVEL1, "could not decrypt, decryption failed"); return FAILED; } - this->logger->log_chunk(this->logger, RAW|LEVEL2, "data after decryption with padding", &this->decrypted); + this->logger->log_chunk(this->logger, RAW|LEVEL2, "data after decryption with padding", this->decrypted); /* get padding length, sits just bevore signature */ @@ -409,7 +409,7 @@ static status_t decrypt(private_encryption_payload_t *this) /* free padding */ this->decrypted.ptr = allocator_realloc(this->decrypted.ptr, this->decrypted.len); - this->logger->log_chunk(this->logger, RAW|LEVEL2, "data after decryption without padding", &this->decrypted); + this->logger->log_chunk(this->logger, RAW|LEVEL2, "data after decryption without padding", this->decrypted); this->logger->log(this->logger, CONTROL|LEVEL2, "decryption successful, trying to parse content"); return (this->parse(this)); } diff --git a/Source/charon/encoding/payloads/id_payload.h b/Source/charon/encoding/payloads/id_payload.h index f453ee994..c35b44d59 100644 --- a/Source/charon/encoding/payloads/id_payload.h +++ b/Source/charon/encoding/payloads/id_payload.h @@ -21,8 +21,8 @@ */ -#ifndef _ID_PAYLOAD_H_ -#define _ID_PAYLOAD_H_ +#ifndef ID_PAYLOAD_H_ +#define ID_PAYLOAD_H_ #include #include @@ -169,4 +169,4 @@ id_payload_t *id_payload_create_from_identification(bool is_initiator,identifica -#endif //_ID_PAYLOAD_H_ +#endif /* ID_PAYLOAD_H_ */ diff --git a/Source/charon/encoding/payloads/sa_payload.h b/Source/charon/encoding/payloads/sa_payload.h index 1f11d516c..d7120ec4b 100644 --- a/Source/charon/encoding/payloads/sa_payload.h +++ b/Source/charon/encoding/payloads/sa_payload.h @@ -27,8 +27,6 @@ #include #include #include -#include -#include /** * Critical flag must not be set. diff --git a/Source/charon/encoding/payloads/traffic_selector_substructure.h b/Source/charon/encoding/payloads/traffic_selector_substructure.h index 841877c15..1129ac845 100644 --- a/Source/charon/encoding/payloads/traffic_selector_substructure.h +++ b/Source/charon/encoding/payloads/traffic_selector_substructure.h @@ -168,4 +168,4 @@ traffic_selector_substructure_t *traffic_selector_substructure_create(); traffic_selector_substructure_t *traffic_selector_substructure_create_from_traffic_selector(traffic_selector_t *traffic_selector); -#endif //TRAFFIC_SELECTOR_SUBSTRUCTURE_H_ +#endif /* /TRAFFIC_SELECTOR_SUBSTRUCTURE_H_ */ diff --git a/Source/charon/encoding/payloads/ts_payload.h b/Source/charon/encoding/payloads/ts_payload.h index 7e8c2f0a3..775ff6134 100644 --- a/Source/charon/encoding/payloads/ts_payload.h +++ b/Source/charon/encoding/payloads/ts_payload.h @@ -149,4 +149,4 @@ ts_payload_t *ts_payload_create(bool is_initiator); ts_payload_t *ts_payload_create_from_traffic_selectors(bool is_initiator, linked_list_t *traffic_selectors); -#endif //TS_PAYLOAD_H_ +#endif /* TS_PAYLOAD_H_ */ diff --git a/Source/charon/encoding/payloads/unknown_payload.h b/Source/charon/encoding/payloads/unknown_payload.h index d2faf8ac5..9c4926ea7 100644 --- a/Source/charon/encoding/payloads/unknown_payload.h +++ b/Source/charon/encoding/payloads/unknown_payload.h @@ -20,8 +20,8 @@ * for more details. */ -#ifndef _UNKNOWN_PAYLOAD_H_ -#define _UNKNOWN_PAYLOAD_H_ +#ifndef UNKNOWN_PAYLOAD_H_ +#define UNKNOWN_PAYLOAD_H_ #include #include @@ -92,4 +92,4 @@ struct unknown_payload_t { unknown_payload_t *unknown_payload_create(); -#endif //_UNKNOWN_PAYLOAD_H_ +#endif /* UNKNOWN_PAYLOAD_H_ */ diff --git a/Source/charon/encoding/payloads/vendor_id_payload.h b/Source/charon/encoding/payloads/vendor_id_payload.h index 4733ba243..c9ead4337 100644 --- a/Source/charon/encoding/payloads/vendor_id_payload.h +++ b/Source/charon/encoding/payloads/vendor_id_payload.h @@ -20,8 +20,8 @@ * for more details. */ -#ifndef _VENDOR_ID_PAYLOAD_H_ -#define _VENDOR_ID_PAYLOAD_H_ +#ifndef VENDOR_ID_PAYLOAD_H_ +#define VENDOR_ID_PAYLOAD_H_ #include #include @@ -100,4 +100,4 @@ struct vendor_id_payload_t { vendor_id_payload_t *vendor_id_payload_create(); -#endif //_VENDOR_ID_PAYLOAD_H_ +#endif /* VENDOR_ID_PAYLOAD_H_ */ diff --git a/Source/charon/network/socket.c b/Source/charon/network/socket.c index f8d45ddd1..0b6610972 100644 --- a/Source/charon/network/socket.c +++ b/Source/charon/network/socket.c @@ -230,20 +230,20 @@ status_t sender(private_socket_t *this, packet_t *packet) { ssize_t bytes_sent; chunk_t data; - host_t *source, *dest; + host_t *src, *dst; - source = packet->get_source(packet); - dest = packet->get_destination(packet); + src = packet->get_source(packet); + dst = packet->get_destination(packet); data = packet->get_data(packet); - this->logger->log(this->logger, CONTROL, "sending packet to %s:%d", - dest->get_address(dest), - dest->get_port(dest)); + this->logger->log(this->logger, CONTROL, "sending packet: from %s:%d to %s:%d", + src->get_address(src), src->get_port(src), + dst->get_address(dst), dst->get_port(dst)); /* send data */ /* TODO: should we send via the interface we received the packet? */ bytes_sent = sendto(this->master_fd, data.ptr, data.len, 0, - dest->get_sockaddr(dest), *(dest->get_sockaddr_len(dest))); + dst->get_sockaddr(dst), *(dst->get_sockaddr_len(dst))); if (bytes_sent != data.len) { @@ -285,7 +285,7 @@ static status_t build_interface_list(private_socket_t *this, u_int16_t port) addr.sin_port = htons(port); if (bind(this->master_fd,(struct sockaddr*)&addr, sizeof(addr)) < 0) { - this->logger->log(this->logger, ERROR, "unable to bind master socket!"); + this->logger->log(this->logger, ERROR, "unable to bind master socket: %s!", strerror(errno)); return FAILED; } diff --git a/Source/charon/queues/jobs/initiate_ike_sa_job.c b/Source/charon/queues/jobs/initiate_ike_sa_job.c index 75abc77eb..8837cd8f4 100644 --- a/Source/charon/queues/jobs/initiate_ike_sa_job.c +++ b/Source/charon/queues/jobs/initiate_ike_sa_job.c @@ -40,9 +40,9 @@ struct private_initiate_ike_sa_job_t { initiate_ike_sa_job_t public; /** - * Name of the assigned configuration + * associated connection object to initiate */ - char *configuration_name; + connection_t *connection; }; @@ -57,41 +57,46 @@ static job_type_t get_type(private_initiate_ike_sa_job_t *this) /** * Implements initiate_ike_sa_job_t.get_configuration_name. */ -static char *get_configuration_name(private_initiate_ike_sa_job_t *this) +static connection_t *get_connection(private_initiate_ike_sa_job_t *this) { - return this->configuration_name; + return this->connection; } /** * Implements job_t.destroy. */ -static void destroy(job_t *job) +static void destroy_all(private_initiate_ike_sa_job_t *this) +{ + this->connection->destroy(this->connection); + allocator_free(this); +} + +/** + * Implements job_t.destroy. + */ +static void destroy(private_initiate_ike_sa_job_t *this) { - private_initiate_ike_sa_job_t *this = (private_initiate_ike_sa_job_t *) job; - allocator_free(this->configuration_name); allocator_free(this); } /* * Described in header */ -initiate_ike_sa_job_t *initiate_ike_sa_job_create(char *configuration_name) +initiate_ike_sa_job_t *initiate_ike_sa_job_create(connection_t *connection) { private_initiate_ike_sa_job_t *this = allocator_alloc_thing(private_initiate_ike_sa_job_t); /* interface functions */ this->public.job_interface.get_type = (job_type_t (*) (job_t *)) get_type; - /* same as destroy */ - this->public.job_interface.destroy_all = (void (*) (job_t *)) destroy; - this->public.job_interface.destroy = destroy; + this->public.job_interface.destroy_all = (void (*) (job_t *)) destroy_all; + this->public.job_interface.destroy = (void (*) (job_t *)) destroy; /* public functions */ - this->public.get_configuration_name = (char * (*)(initiate_ike_sa_job_t *)) get_configuration_name; + this->public.get_connection = (connection_t* (*)(initiate_ike_sa_job_t *)) get_connection; this->public.destroy = (void (*)(initiate_ike_sa_job_t *)) destroy; /* private variables */ - this->configuration_name = allocator_alloc(strlen(configuration_name) + 1); - strcpy(this->configuration_name,configuration_name); + this->connection = connection; return &(this->public); } diff --git a/Source/charon/queues/jobs/initiate_ike_sa_job.h b/Source/charon/queues/jobs/initiate_ike_sa_job.h index ec6e4c1b0..d15ddf2a9 100644 --- a/Source/charon/queues/jobs/initiate_ike_sa_job.h +++ b/Source/charon/queues/jobs/initiate_ike_sa_job.h @@ -24,6 +24,8 @@ #include #include +#include + typedef struct initiate_ike_sa_job_t initiate_ike_sa_job_t; @@ -31,7 +33,7 @@ typedef struct initiate_ike_sa_job_t initiate_ike_sa_job_t; * @brief Class representing an INITIATE_IKE_SA Job. * * This job is created if an IKE_SA should be iniated. This - * happens form a user request, or via the kernel interface. + * happens via a user request, or via the kernel interface. * * @b Constructors: * - initiate_ike_sa_job_create() @@ -45,14 +47,12 @@ struct initiate_ike_sa_job_t { job_t job_interface; /** - * @brief Returns the currently set configuration name for this job. - * - * @warning Returned name is not copied. + * @brief Returns the connection_t to initialize * * @param this calling initiate_ike_sa_job_t object - * @return name of the configuration + * @return connection_t */ - char *(*get_configuration_name) (initiate_ike_sa_job_t *this); + connection_t *(*get_connection) (initiate_ike_sa_job_t *this); /** * @brief Destroys an initiate_ike_sa_job_t object. @@ -65,11 +65,11 @@ struct initiate_ike_sa_job_t { /** * @brief Creates a job of type INITIATE_IKE_SA. * - * @param configuration_name name of the configuration to initiate IKE_SA with - * @return initiate_ike_sa_job_t object + * @param connection connection_t to initializes + * @return initiate_ike_sa_job_t object * * @ingroup jobs */ -initiate_ike_sa_job_t *initiate_ike_sa_job_create(char *configuration_name); +initiate_ike_sa_job_t *initiate_ike_sa_job_create(connection_t *connection); #endif /*INITIATE_IKE_SA_JOB_H_*/ diff --git a/Source/charon/queues/jobs/retransmit_request_job.h b/Source/charon/queues/jobs/retransmit_request_job.h index 5c97ec65e..2349d3f5e 100644 --- a/Source/charon/queues/jobs/retransmit_request_job.h +++ b/Source/charon/queues/jobs/retransmit_request_job.h @@ -20,8 +20,8 @@ * for more details. */ -#ifndef _RESEND_MESSAGE_JOB_H_ -#define _RESEND_MESSAGE_JOB_H_ +#ifndef RESEND_MESSAGE_JOB_H_ +#define RESEND_MESSAGE_JOB_H_ #include #include @@ -102,4 +102,4 @@ struct retransmit_request_job_t { */ retransmit_request_job_t *retransmit_request_job_create(u_int32_t message_id,ike_sa_id_t *ike_sa_id); -#endif //_RESEND_MESSAGE_JOB_H_ +#endif /* RESEND_MESSAGE_JOB_H_ */ diff --git a/Source/charon/sa/authenticator.c b/Source/charon/sa/authenticator.c index f6f09c268..d735b633e 100644 --- a/Source/charon/sa/authenticator.c +++ b/Source/charon/sa/authenticator.c @@ -28,12 +28,7 @@ /** * Key pad for the AUTH method SHARED_KEY_MESSAGE_INTEGRITY_CODE. */ -#define IKE_V2_KEY_PAD "Key Pad for IKEv2" - -/** - * Length of key pad in bytes. - */ -#define IKE_V2_KEY_PAD_LEN strlen(IKE_V2_KEY_PAD) +#define IKEV2_KEY_PAD "Key Pad for IKEv2" typedef struct private_authenticator_t private_authenticator_t; @@ -49,7 +44,7 @@ struct private_authenticator_t { authenticator_t public; /** - * Assigned IKE_SA. Needed to get objects of type prf_t, sa_config_t and logger_t. + * Assigned IKE_SA. Needed to get objects of type prf_t and logger_t. */ protected_ike_sa_t *ike_sa; @@ -99,12 +94,12 @@ struct private_authenticator_t { * AUTH method SHARED_KEY_MESSAGE_INTEGRITY_CODE. * Memory gets allocated and has to get destroyed by caller. */ - chunk_t (*allocate_auth_data_with_preshared_secret) (private_authenticator_t *this, - chunk_t last_message, - chunk_t nonce, - id_payload_t *id_payload, - bool initiator, - chunk_t preshared_secret); + chunk_t (*build_preshared_secret_signature) (private_authenticator_t *this, + chunk_t last_message, + chunk_t nonce, + id_payload_t *id_payload, + bool initiator, + chunk_t preshared_secret); }; /** @@ -157,37 +152,34 @@ static chunk_t allocate_octets(private_authenticator_t *this, current_pos += other_nonce.len; prf->get_bytes(prf, id_with_header_chunk, current_pos); - this->logger->log_chunk(this->logger,RAW | LEVEL2, "Octets (Mesage + Nonce + prf(Sk_px,Idx)",&octets); + this->logger->log_chunk(this->logger,RAW | LEVEL2, "Octets (Mesage + Nonce + prf(Sk_px,Idx)",octets); return octets; } /** - * Implementation of private_authenticator_t.allocate_auth_data_with_preshared_secret. + * Implementation of private_authenticator_t.build_preshared_secret_signature. */ -static chunk_t allocate_auth_data_with_preshared_secret (private_authenticator_t *this, +static chunk_t build_preshared_secret_signature(private_authenticator_t *this, chunk_t last_message, chunk_t nonce, id_payload_t *id_payload, bool initiator, chunk_t preshared_secret) { - chunk_t key_pad = {ptr: IKE_V2_KEY_PAD, len:IKE_V2_KEY_PAD_LEN}; + chunk_t key_pad = {ptr: IKEV2_KEY_PAD, len:strlen(IKEV2_KEY_PAD)}; u_int8_t key_buffer[this->prf->get_block_size(this->prf)]; chunk_t key = {ptr: key_buffer, len: sizeof(key_buffer)}; chunk_t auth_data; chunk_t octets = this->allocate_octets(this,last_message,nonce,id_payload,initiator); - /* - * AUTH = prf(prf(Shared Secret,"Key Pad for IKEv2"), ) - */ - - this->prf->set_key(this->prf,preshared_secret); - this->prf->get_bytes(this->prf,key_pad,key_buffer); - this->prf->set_key(this->prf,key); - this->prf->allocate_bytes(this->prf,octets,&auth_data); + /* AUTH = prf(prf(Shared Secret,"Key Pad for IKEv2"), ) */ + this->prf->set_key(this->prf, preshared_secret); + this->prf->get_bytes(this->prf, key_pad, key_buffer); + this->prf->set_key(this->prf, key); + this->prf->allocate_bytes(this->prf, octets, &auth_data); allocator_free_chunk(&octets); - this->logger->log_chunk(this->logger,RAW | LEVEL2, "Authenticated data",&auth_data); + this->logger->log_chunk(this->logger,RAW | LEVEL2, "Authenticated data",auth_data); return auth_data; } @@ -211,28 +203,28 @@ static status_t verify_auth_data (private_authenticator_t *this, chunk_t preshared_secret; status_t status; - status = charon->configuration->get_shared_secret(charon->configuration, - other_id, - &preshared_secret); + status = charon->credentials->get_shared_secret(charon->credentials, + other_id, + &preshared_secret); other_id->destroy(other_id); if (status != SUCCESS) { return status; } - chunk_t my_auth_data = this->allocate_auth_data_with_preshared_secret(this, - last_received_packet, - my_nonce, - other_id_payload, - initiator, - preshared_secret); + chunk_t my_auth_data = this->build_preshared_secret_signature(this, + last_received_packet, + my_nonce, + other_id_payload, + initiator, + preshared_secret); if (auth_data.len != my_auth_data.len) { allocator_free_chunk(&my_auth_data); return FAILED; } - if (memcmp(auth_data.ptr,my_auth_data.ptr,my_auth_data.len) == 0) + if (memcmp(auth_data.ptr,my_auth_data.ptr, my_auth_data.len) == 0) { status = SUCCESS; } @@ -252,16 +244,16 @@ static status_t verify_auth_data (private_authenticator_t *this, auth_data = auth_payload->get_data(auth_payload); - status = charon->configuration->get_rsa_public_key(charon->configuration, - other_id, - &public_key); + status = charon->credentials->get_rsa_public_key(charon->credentials, + other_id, + &public_key); other_id->destroy(other_id); if (status != SUCCESS) { return status; } - octets = this->allocate_octets(this,last_received_packet,my_nonce,other_id_payload,initiator); + octets = this->allocate_octets(this,last_received_packet, my_nonce,other_id_payload, initiator); status = public_key->verify_emsa_pkcs1_signature(public_key, octets, auth_data); @@ -285,19 +277,20 @@ static status_t compute_auth_data (private_authenticator_t *this, id_payload_t *my_id_payload, bool initiator) { - sa_config_t *sa_config = this->ike_sa->get_sa_config(this->ike_sa); + connection_t *connection = this->ike_sa->get_connection(this->ike_sa); - switch(sa_config->get_auth_method(sa_config)) + switch(connection->get_auth_method(connection)) { case SHARED_KEY_MESSAGE_INTEGRITY_CODE: { - identification_t *my_id =my_id_payload->get_identification(my_id_payload); + identification_t *my_id = my_id_payload->get_identification(my_id_payload); chunk_t preshared_secret; - status_t status; + status_t status; + chunk_t auth_data; - status = charon->configuration->get_shared_secret(charon->configuration, - my_id, - &preshared_secret); + status = charon->credentials->get_shared_secret(charon->credentials, + my_id, + &preshared_secret); my_id->destroy(my_id); if (status != SUCCESS) @@ -305,16 +298,11 @@ static status_t compute_auth_data (private_authenticator_t *this, return status; } - chunk_t auth_data = this->allocate_auth_data_with_preshared_secret(this, - last_sent_packet, - other_nonce, - my_id_payload, - initiator, - preshared_secret); - + auth_data = this->build_preshared_secret_signature(this, last_sent_packet, other_nonce, + my_id_payload, initiator, preshared_secret); *auth_payload = auth_payload_create(); - (*auth_payload)->set_auth_method((*auth_payload),SHARED_KEY_MESSAGE_INTEGRITY_CODE); - (*auth_payload)->set_data((*auth_payload),auth_data); + (*auth_payload)->set_auth_method(*auth_payload, SHARED_KEY_MESSAGE_INTEGRITY_CODE); + (*auth_payload)->set_data(*auth_payload, auth_data); allocator_free_chunk(&auth_data); return SUCCESS; @@ -326,9 +314,7 @@ static status_t compute_auth_data (private_authenticator_t *this, status_t status; chunk_t octets, auth_data; - status = charon->configuration->get_rsa_private_key(charon->configuration, - my_id, - &private_key); + status = charon->credentials->get_rsa_private_key(charon->credentials, my_id, &private_key); my_id->destroy(my_id); if (status != SUCCESS) { @@ -345,8 +331,8 @@ static status_t compute_auth_data (private_authenticator_t *this, } *auth_payload = auth_payload_create(); - (*auth_payload)->set_auth_method((*auth_payload), RSA_DIGITAL_SIGNATURE); - (*auth_payload)->set_data((*auth_payload),auth_data); + (*auth_payload)->set_auth_method(*auth_payload, RSA_DIGITAL_SIGNATURE); + (*auth_payload)->set_data(*auth_payload, auth_data); allocator_free_chunk(&auth_data); return SUCCESS; @@ -380,7 +366,7 @@ authenticator_t *authenticator_create(protected_ike_sa_t *ike_sa) /* private functions */ this->allocate_octets = allocate_octets; - this->allocate_auth_data_with_preshared_secret = allocate_auth_data_with_preshared_secret; + this->build_preshared_secret_signature = build_preshared_secret_signature; /* private data */ this->ike_sa = ike_sa; diff --git a/Source/charon/sa/authenticator.h b/Source/charon/sa/authenticator.h index c50ac4f32..b6bc317ac 100644 --- a/Source/charon/sa/authenticator.h +++ b/Source/charon/sa/authenticator.h @@ -20,8 +20,8 @@ * for more details. */ -#ifndef _AUTHENTICATOR_H_ -#define _AUTHENTICATOR_H_ +#ifndef AUTHENTICATOR_H_ +#define AUTHENTICATOR_H_ #include #include @@ -122,7 +122,7 @@ struct authenticator_t { * * @warning: The following functions of the assigned protected_ike_sa_t object * must return a valid value: - * - protected_ike_sa_t.get_sa_config + * - protected_ike_sa_t.get_policy * - protected_ike_sa_t.get_prf * - protected_ike_sa_t.get_logger * This preconditions are not given in IKE_SA states INITIATOR_INIT or RESPONDER_INIT! @@ -135,4 +135,4 @@ struct authenticator_t { */ authenticator_t *authenticator_create(protected_ike_sa_t *ike_sa); -#endif //_AUTHENTICATOR_H_ +#endif /* AUTHENTICATOR_H_ */ diff --git a/Source/charon/sa/child_sa.c b/Source/charon/sa/child_sa.c index 455a5d318..64257b34b 100644 --- a/Source/charon/sa/child_sa.c +++ b/Source/charon/sa/child_sa.c @@ -27,14 +27,14 @@ #include -typedef struct policy_t policy_t; +typedef struct sa_policy_t sa_policy_t; /** * Struct used to store information for a policy. This * is needed since we must provide all this information * for deleting a policy... */ -struct policy_t { +struct sa_policy_t { /** * Network on local side @@ -264,7 +264,7 @@ static status_t install(private_child_sa_t *this, proposal_t *proposal, prf_plus key_size = crypter->get_key_size(crypter); crypter->destroy(crypter); prf_plus->allocate_bytes(prf_plus, key_size, &enc_key); - this->logger->log_chunk(this->logger, PRIVATE, "key:", &enc_key); + this->logger->log_chunk(this->logger, PRIVATE, "key:", enc_key); } else { @@ -285,7 +285,7 @@ static status_t install(private_child_sa_t *this, proposal_t *proposal, prf_plus key_size = signer->get_key_size(signer); signer->destroy(signer); prf_plus->allocate_bytes(prf_plus, key_size, &int_key); - this->logger->log_chunk(this->logger, PRIVATE, "key:", &int_key); + this->logger->log_chunk(this->logger, PRIVATE, "key:", int_key); } else { @@ -386,7 +386,7 @@ static status_t add_policies(private_child_sa_t *this, linked_list_t *my_ts_list int family; chunk_t from_addr; u_int16_t from_port, to_port; - policy_t *policy; + sa_policy_t *policy; status_t status; other_iter->current(other_iter, (void**)&other_ts); @@ -396,7 +396,7 @@ static status_t add_policies(private_child_sa_t *this, linked_list_t *my_ts_list { continue; } - policy = allocator_alloc_thing(policy_t); + policy = allocator_alloc_thing(sa_policy_t); policy->upper_proto = my_ts->get_protocol(my_ts); /* calculate net and ports for local side */ @@ -468,7 +468,7 @@ static status_t add_policies(private_child_sa_t *this, linked_list_t *my_ts_list static void destroy(private_child_sa_t *this) { /* delete all policys in the kernel */ - policy_t *policy; + sa_policy_t *policy; while (this->policies->remove_last(this->policies, (void**)&policy) == SUCCESS) { charon->kernel_interface->del_policy(charon->kernel_interface, diff --git a/Source/charon/sa/child_sa.h b/Source/charon/sa/child_sa.h index a43ed0674..34542274c 100644 --- a/Source/charon/sa/child_sa.h +++ b/Source/charon/sa/child_sa.h @@ -21,8 +21,8 @@ */ -#ifndef _CHILD_SA_H_ -#define _CHILD_SA_H_ +#ifndef CHILD_SA_H_ +#define CHILD_SA_H_ #include #include @@ -130,4 +130,4 @@ struct child_sa_t { */ child_sa_t * child_sa_create(host_t *me, host_t *other); -#endif /*_CHILD_SA_H_*/ +#endif /*CHILD_SA_H_*/ diff --git a/Source/charon/sa/ike_sa.c b/Source/charon/sa/ike_sa.c index 2f226c227..6517c388c 100644 --- a/Source/charon/sa/ike_sa.c +++ b/Source/charon/sa/ike_sa.c @@ -95,7 +95,7 @@ struct private_ike_sa_t { * - IKE_AUTH_REQUESTED * -IKE_SA_ESTABLISHED */ - init_config_t *init_config; + connection_t *connection; /** * SA configuration, needed for all other exchanges after IKE_SA_INIT exchange. @@ -108,7 +108,7 @@ struct private_ike_sa_t { * - IKE_AUTH_REQUESTED * -IKE_SA_ESTABLISHED */ - sa_config_t *sa_config; + policy_t *policy; /** * This SA's source for random data. @@ -127,20 +127,6 @@ struct private_ike_sa_t { */ message_t *last_requested_message; - /** - * Informations of this host. - */ - struct { - host_t *host; - } me; - - /** - * Informations of the other host. - */ - struct { - host_t *host; - } other; - /** * Crypter object for initiator. */ @@ -276,12 +262,16 @@ static status_t process_message (private_ike_sa_t *this, message_t *message) */ static void build_message(private_ike_sa_t *this, exchange_type_t type, bool request, message_t **message) { - message_t *new_message; + message_t *new_message; + host_t *me, *other; + + me = this->connection->get_my_host(this->connection); + other = this->connection->get_other_host(this->connection); this->logger->log(this->logger, CONTROL|LEVEL2, "Build empty message"); new_message = message_create(); - new_message->set_source(new_message, this->me.host->clone(this->me.host)); - new_message->set_destination(new_message, this->other.host->clone(this->other.host)); + new_message->set_source(new_message, me->clone(me)); + new_message->set_destination(new_message, other->clone(other)); new_message->set_exchange_type(new_message, type); new_message->set_request(new_message, request); new_message->set_message_id(new_message, (request) ? this->message_id_out : this->message_id_in); @@ -291,12 +281,11 @@ static void build_message(private_ike_sa_t *this, exchange_type_t type, bool req } /** - * Implementation of protected_ike_sa_t.process_configuration. + * Implementation of protected_ike_sa_t.initiate_connection. */ -static status_t initialize_connection(private_ike_sa_t *this, char *name) +static status_t initiate_connection(private_ike_sa_t *this, connection_t *connection) { initiator_init_t *current_state; - status_t status; /* Work is done in state object of type INITIATOR_INIT. All other states are not * initial states and so don't have a initialize_connection function */ @@ -308,8 +297,7 @@ static status_t initialize_connection(private_ike_sa_t *this, char *name) current_state = (initiator_init_t *) this->current_state; - status = current_state->initiate_connection(current_state,name); - return status; + return current_state->initiate_connection(current_state, connection); } /** @@ -432,75 +420,35 @@ static logger_t *get_logger (private_ike_sa_t *this) } /** - * Implementation of protected_ike_sa_t.get_my_host. + * Implementation of protected_ike_sa_t.get_connection. */ -static host_t *get_my_host (private_ike_sa_t *this) +static connection_t *get_connection (private_ike_sa_t *this) { - return this->me.host; + return this->connection; } /** - * Implementation of protected_ike_sa_t.get_other_host. + * Implementation of protected_ike_sa_t.set_connection. */ -static host_t *get_other_host (private_ike_sa_t *this) +static void set_connection (private_ike_sa_t *this,connection_t * connection) { - return this->other.host; + this->connection = connection; } /** - * Implementation of protected_ike_sa_t.get_init_config. + * Implementation of protected_ike_sa_t.get_policy. */ -static init_config_t *get_init_config (private_ike_sa_t *this) +static policy_t *get_policy (private_ike_sa_t *this) { - return this->init_config; + return this->policy; } /** - * Implementation of protected_ike_sa_t.set_init_config. + * Implementation of protected_ike_sa_t.set_policy. */ -static void set_init_config (private_ike_sa_t *this,init_config_t * init_config) +static void set_policy (private_ike_sa_t *this,policy_t * policy) { - this->init_config = init_config; -} - -/** - * Implementation of protected_ike_sa_t.get_sa_config. - */ -static sa_config_t *get_sa_config (private_ike_sa_t *this) -{ - return this->sa_config; -} - -/** - * Implementation of protected_ike_sa_t.set_sa_config. - */ -static void set_sa_config (private_ike_sa_t *this,sa_config_t * sa_config) -{ - this->sa_config = sa_config; -} - -/** - * Implementation of protected_ike_sa_t.set_my_host. - */ -static void set_my_host (private_ike_sa_t *this, host_t *my_host) -{ - if (this->me.host) - { - this->me.host->destroy(this->me.host); - } - this->me.host = my_host; -} - -/** - * Implementation of protected_ike_sa_t.set_other_host. - */ -static void set_other_host (private_ike_sa_t *this, host_t *other_host) -{ - if (this->other.host) - { - this->other.host->destroy(this->other.host); - } - this->other.host = other_host; + this->policy = policy; } /** @@ -584,10 +532,10 @@ static status_t build_transforms(private_ike_sa_t *this, proposal_t *proposal, d /* SKEYSEED = prf(Ni | Nr, g^ir) */ dh->get_shared_secret(dh, &secret); - this->logger->log_chunk(this->logger, PRIVATE, "Shared Diffie Hellman secret", &secret); + this->logger->log_chunk(this->logger, PRIVATE, "Shared Diffie Hellman secret", secret); this->prf->set_key(this->prf, nonces); this->prf->allocate_bytes(this->prf, secret, &skeyseed); - this->logger->log_chunk(this->logger, PRIVATE | LEVEL1, "SKEYSEED", &skeyseed); + this->logger->log_chunk(this->logger, PRIVATE | LEVEL1, "SKEYSEED", skeyseed); allocator_free_chunk(&secret); /* prf+ (SKEYSEED, Ni | Nr | SPIi | SPIr ) @@ -614,7 +562,7 @@ static status_t build_transforms(private_ike_sa_t *this, proposal_t *proposal, d this->child_prf = prf_create(algo->algorithm); key_size = this->child_prf->get_key_size(this->child_prf); prf_plus->allocate_bytes(prf_plus, key_size, &key); - this->logger->log_chunk(this->logger, PRIVATE, "Sk_d secret", &key); + this->logger->log_chunk(this->logger, PRIVATE, "Sk_d secret", key); this->child_prf->set_key(this->child_prf, key); allocator_free_chunk(&key); @@ -647,12 +595,12 @@ static status_t build_transforms(private_ike_sa_t *this, proposal_t *proposal, d key_size = this->signer_initiator->get_key_size(this->signer_initiator); prf_plus->allocate_bytes(prf_plus, key_size, &key); - this->logger->log_chunk(this->logger, PRIVATE, "Sk_ai secret", &key); + this->logger->log_chunk(this->logger, PRIVATE, "Sk_ai secret", key); this->signer_initiator->set_key(this->signer_initiator, key); allocator_free_chunk(&key); prf_plus->allocate_bytes(prf_plus, key_size, &key); - this->logger->log_chunk(this->logger, PRIVATE, "Sk_ar secret", &key); + this->logger->log_chunk(this->logger, PRIVATE, "Sk_ar secret", key); this->signer_responder->set_key(this->signer_responder, key); allocator_free_chunk(&key); @@ -686,12 +634,12 @@ static status_t build_transforms(private_ike_sa_t *this, proposal_t *proposal, d key_size = this->crypter_initiator->get_key_size(this->crypter_initiator); prf_plus->allocate_bytes(prf_plus, key_size, &key); - this->logger->log_chunk(this->logger, PRIVATE, "Sk_ei secret", &key); + this->logger->log_chunk(this->logger, PRIVATE, "Sk_ei secret", key); this->crypter_initiator->set_key(this->crypter_initiator, key); allocator_free_chunk(&key); prf_plus->allocate_bytes(prf_plus, key_size, &key); - this->logger->log_chunk(this->logger, PRIVATE, "Sk_er secret", &key); + this->logger->log_chunk(this->logger, PRIVATE, "Sk_er secret", key); this->crypter_responder->set_key(this->crypter_responder, key); allocator_free_chunk(&key); @@ -711,12 +659,12 @@ static status_t build_transforms(private_ike_sa_t *this, proposal_t *proposal, d key_size = this->prf_auth_i->get_key_size(this->prf_auth_i); prf_plus->allocate_bytes(prf_plus, key_size, &key); - this->logger->log_chunk(this->logger, PRIVATE, "Sk_pi secret", &key); + this->logger->log_chunk(this->logger, PRIVATE, "Sk_pi secret", key); this->prf_auth_i->set_key(this->prf_auth_i, key); allocator_free_chunk(&key); prf_plus->allocate_bytes(prf_plus, key_size, &key); - this->logger->log_chunk(this->logger, PRIVATE, "Sk_pr secret", &key); + this->logger->log_chunk(this->logger, PRIVATE, "Sk_pr secret", key); this->prf_auth_r->set_key(this->prf_auth_r, key); allocator_free_chunk(&key); @@ -1004,21 +952,6 @@ static void reset_message_buffers (private_ike_sa_t *this) this->last_replied_message_id = -1; } -/** - * Implementation of protected_ike_sa_t.create_delete_established_ike_sa_job. - */ -static void create_delete_established_ike_sa_job (private_ike_sa_t *this,u_int32_t timeout) -{ - job_t *delete_job; - - this->logger->log(this->logger, CONTROL | LEVEL1, - "Going to create job to delete established IKE_SA in %d ms", - timeout); - - delete_job = (job_t *) delete_established_ike_sa_job_create(this->ike_sa_id); - charon->event_queue->add_relative(charon->event_queue,delete_job, timeout); -} - /** * Implementation of protected_ike_sa_t.destroy. */ @@ -1080,14 +1013,6 @@ static void destroy (private_ike_sa_t *this) { this->last_responded_message->destroy(this->last_responded_message); } - if (this->me.host != NULL) - { - this->me.host->destroy(this->me.host); - } - if (this->other.host != NULL) - { - this->other.host->destroy(this->other.host); - } this->randomizer->destroy(this->randomizer); this->current_state->destroy(this->current_state); charon->logger_manager->destroy_logger(charon->logger_manager, this->logger); @@ -1104,7 +1029,7 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id) /* Public functions */ this->protected.public.process_message = (status_t(*)(ike_sa_t*, message_t*)) process_message; - this->protected.public.initialize_connection = (status_t(*)(ike_sa_t*, char*)) initialize_connection; + this->protected.public.initiate_connection = (status_t(*)(ike_sa_t*,connection_t*)) initiate_connection; this->protected.public.get_id = (ike_sa_id_t*(*)(ike_sa_t*)) get_id; this->protected.public.retransmit_request = (status_t (*) (ike_sa_t *, u_int32_t)) retransmit_request; this->protected.public.get_state = (ike_sa_state_t (*) (ike_sa_t *this)) get_state; @@ -1119,14 +1044,10 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id) this->protected.get_prf_auth_r = (prf_t *(*) (protected_ike_sa_t *)) get_prf_auth_r; this->protected.add_child_sa = (void (*) (protected_ike_sa_t*,child_sa_t*)) add_child_sa; this->protected.get_logger = (logger_t *(*) (protected_ike_sa_t *)) get_logger; - this->protected.set_init_config = (void (*) (protected_ike_sa_t *,init_config_t *)) set_init_config; - this->protected.get_init_config = (init_config_t *(*) (protected_ike_sa_t *)) get_init_config; - this->protected.set_sa_config = (void (*) (protected_ike_sa_t *,sa_config_t *)) set_sa_config; - this->protected.get_sa_config = (sa_config_t *(*) (protected_ike_sa_t *)) get_sa_config; - this->protected.get_my_host = (host_t *(*) (protected_ike_sa_t *)) get_my_host; - this->protected.get_other_host = (host_t *(*) (protected_ike_sa_t *)) get_other_host; - this->protected.set_my_host = (void(*) (protected_ike_sa_t *,host_t *)) set_my_host; - this->protected.set_other_host = (void(*) (protected_ike_sa_t *, host_t *)) set_other_host; + this->protected.set_connection = (void (*) (protected_ike_sa_t *,connection_t *)) set_connection; + this->protected.get_connection = (connection_t *(*) (protected_ike_sa_t *)) get_connection; + this->protected.set_policy = (void (*) (protected_ike_sa_t *,policy_t *)) set_policy; + this->protected.get_policy = (policy_t *(*) (protected_ike_sa_t *)) get_policy; this->protected.get_randomizer = (randomizer_t *(*) (protected_ike_sa_t *)) get_randomizer; this->protected.send_request = (status_t (*) (protected_ike_sa_t *,message_t *)) send_request; this->protected.send_response = (status_t (*) (protected_ike_sa_t *,message_t *)) send_response; @@ -1140,7 +1061,6 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id) this->protected.reset_message_buffers = (void (*) (protected_ike_sa_t *)) reset_message_buffers; this->protected.get_last_responded_message = (message_t * (*) (protected_ike_sa_t *this)) get_last_responded_message; this->protected.get_last_requested_message = (message_t * (*) (protected_ike_sa_t *this)) get_last_requested_message; - this->protected.create_delete_established_ike_sa_job = (void (*) (protected_ike_sa_t *this,u_int32_t)) create_delete_established_ike_sa_job; this->protected.set_last_replied_message_id = (void (*) (protected_ike_sa_t *,u_int32_t)) set_last_replied_message_id; @@ -1154,8 +1074,6 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id) this->child_sas = linked_list_create(); this->randomizer = randomizer_create(); - this->me.host = NULL; - this->other.host = NULL; this->last_requested_message = NULL; this->last_responded_message = NULL; this->message_id_out = 0; @@ -1169,8 +1087,8 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id) this->prf_auth_i = NULL; this->prf_auth_r = NULL; this->child_prf = NULL; - this->init_config = NULL; - this->sa_config = NULL; + this->connection = NULL; + this->policy = NULL; /* at creation time, IKE_SA is in a initiator state */ if (ike_sa_id->is_initiator(ike_sa_id)) diff --git a/Source/charon/sa/ike_sa.h b/Source/charon/sa/ike_sa.h index e1d27e25d..2bf697889 100644 --- a/Source/charon/sa/ike_sa.h +++ b/Source/charon/sa/ike_sa.h @@ -35,6 +35,8 @@ #include #include #include +#include +#include /** * Nonce size in bytes for nonces sending to other peer. @@ -75,16 +77,19 @@ struct ike_sa_t { status_t (*process_message) (ike_sa_t *this,message_t *message); /** - * @brief Initiate a new connection with given configuration name. + * @brief Initiate a new connection with given connection_t object. + * + * The connection_t object is owned by the IKE_SA after the call, so + * do not modify or destroy it. * * @param this calling object - * @param name name of the configuration + * @param connection connection to initiate * @return * - SUCCESS if initialization started * - FAILED if in wrong state * - DELETE_ME if initialization failed and IKE_SA MUST be deleted */ - status_t (*initialize_connection) (ike_sa_t *this, char *name); + status_t (*initiate_connection) (ike_sa_t *this, connection_t *connection); /** * @brief Retransmits a request. @@ -176,72 +181,36 @@ struct protected_ike_sa_t { logger_t *(*get_logger) (protected_ike_sa_t *this); /** - * @brief Get the internal stored init_config_t object. + * @brief Get the internal stored connection_t object. * * @param this calling object - * @return pointer to the internal stored init_config_t object + * @return pointer to the internal stored connection_t object */ - init_config_t *(*get_init_config) (protected_ike_sa_t *this); + connection_t *(*get_connection) (protected_ike_sa_t *this); /** - * @brief Set the internal init_config_t object. + * @brief Set the internal connection object. * * @param this calling object - * @param init_config object of type init_config_t + * @param connection object of type connection_t */ - void (*set_init_config) (protected_ike_sa_t *this,init_config_t *init_config); + void (*set_connection) (protected_ike_sa_t *this, connection_t *connection); /** - * @brief Get the internal stored sa_config_t object. + * @brief Get the internal stored policy object. * * @param this calling object - * @return pointer to the internal stored sa_config_t object + * @return pointer to the internal stored policy_t object */ - sa_config_t *(*get_sa_config) (protected_ike_sa_t *this); + policy_t *(*get_policy) (protected_ike_sa_t *this); /** - * @brief Set the internal sa_config_t object. + * @brief Set the internal policy_t object. * * @param this calling object - * @param sa_config object of type sa_config_t + * @param policy object of type policy_t */ - void (*set_sa_config) (protected_ike_sa_t *this,sa_config_t *sa_config); - - /** - * @brief Get the internal stored host_t object for my host. - * - * @param this calling object - * @return pointer to the internal stored host_t object - */ - host_t *(*get_my_host) (protected_ike_sa_t *this); - - /** - * @brief Get the internal stored host_t object for other host. - * - * @param this calling object - * @return pointer to the internal stored host_t object - */ - host_t *(*get_other_host) (protected_ike_sa_t *this); - - /** - * @brief Set the internal stored host_t object for my host. - * - * Allready existing object gets destroyed. object gets not cloned! - * - * @param this calling object - * @param my_host pointer to the new host_t object - */ - void (*set_my_host) (protected_ike_sa_t *this,host_t * my_host); - - /** - * @brief Set the internal stored host_t object for other host. - * - * Allready existing object gets destroyed. object gets not cloned! - * - * @param this calling object - * @param other_host pointer to the new host_t object - */ - void (*set_other_host) (protected_ike_sa_t *this,host_t *other_host); + void (*set_policy) (protected_ike_sa_t *this,policy_t *policy); /** * @brief Derive all keys and create the transforms for IKE communication. @@ -422,15 +391,6 @@ struct protected_ike_sa_t { * @param this calling object */ void (*reset_message_buffers) (protected_ike_sa_t *this); - - /** - * @brief Creates a job of type DELETE_ESTABLISHED_IKE_SA for the current IKE_SA. - * - * @param this calling object - * @param timeout timeout after the IKE_SA gets deleted - * - */ - void (*create_delete_established_ike_sa_job) (protected_ike_sa_t *this,u_int32_t timeout); }; diff --git a/Source/charon/sa/ike_sa_id.h b/Source/charon/sa/ike_sa_id.h index aff710cc8..0f16f7637 100644 --- a/Source/charon/sa/ike_sa_id.h +++ b/Source/charon/sa/ike_sa_id.h @@ -21,8 +21,8 @@ */ -#ifndef _IKE_SA_ID_H_ -#define _IKE_SA_ID_H_ +#ifndef IKE_SA_ID_H_ +#define IKE_SA_ID_H_ #include @@ -143,4 +143,4 @@ struct ike_sa_id_t { */ ike_sa_id_t * ike_sa_id_create(u_int64_t initiator_spi, u_int64_t responder_spi, bool is_initiaor); -#endif /*_IKE_SA_ID_H_*/ +#endif /*IKE_SA_ID_H_*/ diff --git a/Source/charon/sa/ike_sa_manager.h b/Source/charon/sa/ike_sa_manager.h index 292271bd3..5ba9e87d5 100644 --- a/Source/charon/sa/ike_sa_manager.h +++ b/Source/charon/sa/ike_sa_manager.h @@ -20,8 +20,8 @@ * for more details. */ -#ifndef _IKE_SA_MANAGER_H_ -#define _IKE_SA_MANAGER_H_ +#ifndef IKE_SA_MANAGER_H_ +#define IKE_SA_MANAGER_H_ #include #include @@ -137,4 +137,4 @@ struct ike_sa_manager_t { */ ike_sa_manager_t *ike_sa_manager_create(); -#endif /*_IKE_SA_MANAGER_H_*/ +#endif /*IKE_SA_MANAGER_H_*/ diff --git a/Source/charon/sa/states/ike_auth_requested.c b/Source/charon/sa/states/ike_auth_requested.c index ed5360dfe..c80b7f72a 100644 --- a/Source/charon/sa/states/ike_auth_requested.c +++ b/Source/charon/sa/states/ike_auth_requested.c @@ -55,7 +55,7 @@ struct private_ike_auth_requested_t { /** * SA config, just a copy of the one stored in the ike_sa. */ - sa_config_t *sa_config; + policy_t *policy; /** * Received nonce from responder. @@ -185,6 +185,7 @@ static status_t process_message(private_ike_auth_requested_t *this, message_t *i host_t *my_host, *other_host; chunk_t seed; prf_plus_t *prf_plus; + connection_t *connection; if (ike_auth_reply->get_exchange_type(ike_auth_reply) != IKE_AUTH) { @@ -211,7 +212,7 @@ static status_t process_message(private_ike_auth_requested_t *this, message_t *i return status; } - this->sa_config = this->ike_sa->get_sa_config(this->ike_sa); + this->policy = this->ike_sa->get_policy(this->ike_sa); /* we collect all payloads, which are processed later. Notify's are processed * in place, since we don't know how may are there. @@ -352,8 +353,9 @@ static status_t process_message(private_ike_auth_requested_t *this, message_t *i this->ike_sa->set_last_replied_message_id(this->ike_sa,ike_auth_reply->get_message_id(ike_auth_reply)); /* create new state */ - my_host = this->ike_sa->get_my_host(this->ike_sa); - other_host = this->ike_sa->get_other_host(this->ike_sa); + connection = this->ike_sa->get_connection(this->ike_sa); + my_host = connection->get_my_host(connection); + other_host = connection->get_other_host(connection); this->logger->log(this->logger, AUDIT, "IKE_SA established between %s - %s, authenticated peer with %s", my_host->get_address(my_host), other_host->get_address(other_host), mapping_find(auth_method_m, auth_payload->get_auth_method(auth_payload))); @@ -372,7 +374,7 @@ static status_t process_idr_payload(private_ike_auth_requested_t *this, id_paylo other_id = idr_payload->get_identification(idr_payload); - configured_other_id = this->sa_config->get_other_id(this->sa_config); + configured_other_id = this->policy->get_other_id(this->policy); if (configured_other_id) { this->logger->log(this->logger, CONTROL|LEVEL1, "configured ID: %s, ID of responder: %s", @@ -424,7 +426,7 @@ static status_t process_sa_payload(private_ike_auth_requested_t *this, sa_payloa } /* we have to re-check here if other's selection is valid */ - proposal = this->sa_config->select_proposal(this->sa_config, proposal_list); + proposal = this->policy->select_proposal(this->policy, proposal_list); /* list not needed anymore */ while (proposal_list->remove_last(proposal_list, (void**)&proposal_tmp) == SUCCESS) { @@ -478,12 +480,12 @@ static status_t process_ts_payload(private_ike_auth_requested_t *this, bool ts_i /* select ts depending on payload type */ if (ts_initiator) { - ts_selected = this->sa_config->select_my_traffic_selectors(this->sa_config, ts_received); + ts_selected = this->policy->select_my_traffic_selectors(this->policy, ts_received); this->my_ts = ts_selected; } else { - ts_selected = this->sa_config->select_other_traffic_selectors(this->sa_config, ts_received); + ts_selected = this->policy->select_other_traffic_selectors(this->policy, ts_received); this->other_ts = ts_selected; } /* check if the responder selected valid proposals */ diff --git a/Source/charon/sa/states/ike_sa_init_requested.c b/Source/charon/sa/states/ike_sa_init_requested.c index 06ff238b9..5e641f9b3 100644 --- a/Source/charon/sa/states/ike_sa_init_requested.c +++ b/Source/charon/sa/states/ike_sa_init_requested.c @@ -214,6 +214,7 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t ike_sa_id_t *ike_sa_id; iterator_t *payloads; host_t *me; + connection_t *connection; message_t *request; status_t status; @@ -340,8 +341,9 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t } /* apply the address on wich we really received the packet */ + connection = this->ike_sa->get_connection(this->ike_sa); me = ike_sa_init_reply->get_destination(ike_sa_init_reply); - this->ike_sa->set_my_host(this->ike_sa, me->clone(me)); + connection->update_my_host(connection, me->clone(me)); /* build empty message */ this->ike_sa->build_message(this->ike_sa, IKE_AUTH, TRUE, &request); @@ -418,9 +420,9 @@ status_t process_sa_payload (private_ike_sa_init_requested_t *this, sa_payload_t { proposal_t *proposal; linked_list_t *proposal_list; - init_config_t *init_config; + connection_t *connection; - init_config = this->ike_sa->get_init_config(this->ike_sa); + connection = this->ike_sa->get_connection(this->ike_sa); /* get the list of selected proposals, the peer has to select only one proposal */ proposal_list = sa_payload->get_proposals (sa_payload); @@ -436,7 +438,7 @@ status_t process_sa_payload (private_ike_sa_init_requested_t *this, sa_payload_t } /* we have to re-check if the others selection is valid */ - this->proposal = init_config->select_proposal(init_config, proposal_list); + this->proposal = connection->select_proposal(connection, proposal_list); while (proposal_list->remove_last(proposal_list, (void**)&proposal) == SUCCESS) { proposal->destroy(proposal); @@ -467,13 +469,13 @@ status_t process_ke_payload (private_ike_sa_init_requested_t *this, ke_payload_t */ static status_t build_id_payload (private_ike_sa_init_requested_t *this,id_payload_t **id_payload, message_t *request) { - sa_config_t *sa_config; + policy_t *policy; id_payload_t *new_id_payload; identification_t *identification; - sa_config = this->ike_sa->get_sa_config(this->ike_sa); + policy = this->ike_sa->get_policy(this->ike_sa); /* identification_t object gets NOT cloned here */ - identification = sa_config->get_my_id(sa_config); + identification = policy->get_my_id(policy); new_id_payload = id_payload_create_from_identification(TRUE,identification); this->logger->log(this->logger, CONTROL|LEVEL2, "Add ID payload to message"); @@ -516,14 +518,16 @@ static status_t build_sa_payload (private_ike_sa_init_requested_t *this, message { linked_list_t *proposal_list; sa_payload_t *sa_payload; - sa_config_t *sa_config; + policy_t *policy; + connection_t *connection; /* get proposals form config, add to payload */ - sa_config = this->ike_sa->get_sa_config(this->ike_sa); - proposal_list = sa_config->get_proposals(sa_config); + policy = this->ike_sa->get_policy(this->ike_sa); + proposal_list = policy->get_proposals(policy); /* build child sa */ - this->child_sa = child_sa_create(this->ike_sa->get_my_host(this->ike_sa), - this->ike_sa->get_other_host(this->ike_sa)); + connection = this->ike_sa->get_connection(this->ike_sa); + this->child_sa = child_sa_create(connection->get_my_host(connection), + connection->get_other_host(connection)); if (this->child_sa->alloc(this->child_sa, proposal_list) != SUCCESS) { this->logger->log(this->logger, AUDIT, "Could not install CHILD_SA! Deleting IKE_SA"); @@ -550,10 +554,10 @@ static status_t build_tsi_payload (private_ike_sa_init_requested_t *this, messag { linked_list_t *ts_list; ts_payload_t *ts_payload; - sa_config_t *sa_config; + policy_t *policy; - sa_config = this->ike_sa->get_sa_config(this->ike_sa); - ts_list = sa_config->get_my_traffic_selectors(sa_config); + policy = this->ike_sa->get_policy(this->ike_sa); + ts_list = policy->get_my_traffic_selectors(policy); ts_payload = ts_payload_create_from_traffic_selectors(TRUE, ts_list); this->logger->log(this->logger, CONTROL|LEVEL2, "Add TSi payload to message"); @@ -569,10 +573,10 @@ static status_t build_tsr_payload (private_ike_sa_init_requested_t *this, messag { linked_list_t *ts_list; ts_payload_t *ts_payload; - sa_config_t *sa_config; + policy_t *policy; - sa_config = this->ike_sa->get_sa_config(this->ike_sa); - ts_list = sa_config->get_other_traffic_selectors(sa_config); + policy = this->ike_sa->get_policy(this->ike_sa); + ts_list = policy->get_other_traffic_selectors(policy); ts_payload = ts_payload_create_from_traffic_selectors(FALSE, ts_list); this->logger->log(this->logger, CONTROL|LEVEL2, "Add TSr payload to message"); @@ -614,7 +618,7 @@ static status_t process_notify_payload(private_ike_sa_init_requested_t *this, no initiator_init_t *initiator_init_state; chunk_t notify_data; diffie_hellman_group_t dh_group; - init_config_t *init_config; + connection_t *connection; notify_data = notify_payload->get_notification_data(notify_payload); dh_group = ntohs(*((u_int16_t*)notify_data.ptr)); @@ -622,8 +626,8 @@ static status_t process_notify_payload(private_ike_sa_init_requested_t *this, no this->logger->log(this->logger, ERROR|LEVEL1, "Peer wouldn't accept DH group, it requested %s!", mapping_find(diffie_hellman_group_m, dh_group)); /* check if we can accept this dh group */ - init_config = this->ike_sa->get_init_config(this->ike_sa); - if (!init_config->check_dh_group(init_config, dh_group)) + connection = this->ike_sa->get_connection(this->ike_sa); + if (!connection->check_dh_group(connection, dh_group)) { this->logger->log(this->logger, AUDIT, "Peer does only accept DH group %s, which we do not accept! Aborting", diff --git a/Source/charon/sa/states/ike_sa_init_responded.c b/Source/charon/sa/states/ike_sa_init_responded.c index 54e70041a..8c93e3275 100644 --- a/Source/charon/sa/states/ike_sa_init_responded.c +++ b/Source/charon/sa/states/ike_sa_init_responded.c @@ -76,7 +76,7 @@ struct private_ike_sa_init_responded_t { /** * SA config to use. */ - sa_config_t *sa_config; + policy_t *policy; /** * CHILD_SA, if set up @@ -182,7 +182,7 @@ static status_t process_message(private_ike_sa_init_responded_t *this, message_t signer_t *signer; status_t status; host_t *my_host, *other_host; - + connection_t *connection; if (request->get_exchange_type(request) != IKE_AUTH) { @@ -361,8 +361,9 @@ static status_t process_message(private_ike_sa_init_responded_t *this, message_t } /* create new state */ - my_host = this->ike_sa->get_my_host(this->ike_sa); - other_host = this->ike_sa->get_other_host(this->ike_sa); + connection = this->ike_sa->get_connection(this->ike_sa); + my_host = connection->get_my_host(connection); + other_host = connection->get_other_host(connection); this->logger->log(this->logger, AUDIT, "IKE_SA established between %s - %s, authenticated peer with %s", my_host->get_address(my_host), other_host->get_address(other_host), mapping_find(auth_method_m, auth_request->get_auth_method(auth_request))); @@ -379,8 +380,7 @@ static status_t process_message(private_ike_sa_init_responded_t *this, message_t static status_t build_idr_payload(private_ike_sa_init_responded_t *this, id_payload_t *request_idi, id_payload_t *request_idr, message_t *response,id_payload_t **response_idr) { identification_t *other_id, *my_id = NULL; - init_config_t *init_config; - status_t status; + connection_t *connection; id_payload_t *idr_response; other_id = request_idi->get_identification(request_idi); @@ -390,19 +390,19 @@ static status_t build_idr_payload(private_ike_sa_init_responded_t *this, id_payl } /* build new sa config */ - init_config = this->ike_sa->get_init_config(this->ike_sa); - status = charon->configuration->get_sa_config_for_init_config_and_id(charon->configuration,init_config, other_id,my_id, &(this->sa_config)); - if (status != SUCCESS) + connection = this->ike_sa->get_connection(this->ike_sa); + this->policy = charon->policies->get_policy(charon->policies, my_id, other_id); + if (this->policy == NULL) { if (my_id) { - this->logger->log(this->logger, AUDIT, "IKE_AUTH request uses IDs %s to %s, which we have no config for", + this->logger->log(this->logger, AUDIT, "IKE_AUTH request uses IDs %s to %s, which we have no policy for", other_id->get_string(other_id),my_id->get_string(my_id)); my_id->destroy(my_id); } else { - this->logger->log(this->logger, AUDIT, "IKE_AUTH request uses ID %s, which we have no config for", + this->logger->log(this->logger, AUDIT, "IKE_AUTH request uses ID %s, which we have no policy for", other_id->get_string(other_id)); } other_id->destroy(other_id); @@ -416,10 +416,10 @@ static status_t build_idr_payload(private_ike_sa_init_responded_t *this, id_payl other_id->destroy(other_id); /* get my id, if not requested */ - my_id = this->sa_config->get_my_id(this->sa_config); + my_id = this->policy->get_my_id(this->policy); - /* set sa_config in ike_sa for other states */ - this->ike_sa->set_sa_config(this->ike_sa, this->sa_config); + /* set policy in ike_sa for other states */ + this->ike_sa->set_policy(this->ike_sa, this->policy); /* build response */ idr_response = id_payload_create_from_identification(FALSE, my_id); @@ -440,6 +440,7 @@ static status_t build_sa_payload(private_ike_sa_init_responded_t *this, sa_paylo chunk_t seed; prf_plus_t *prf_plus; status_t status; + connection_t *connection; /* get proposals from request */ proposal_list = request->get_proposals(request); @@ -455,7 +456,7 @@ static status_t build_sa_payload(private_ike_sa_init_responded_t *this, sa_paylo /* now select a proposal */ this->logger->log(this->logger, CONTROL|LEVEL1, "Selecting proposals:"); - proposal = this->sa_config->select_proposal(this->sa_config, proposal_list); + proposal = this->policy->select_proposal(this->policy, proposal_list); /* list is not needed anymore */ while (proposal_list->remove_last(proposal_list, (void**)&proposal_tmp) == SUCCESS) { @@ -476,9 +477,10 @@ static status_t build_sa_payload(private_ike_sa_init_responded_t *this, sa_paylo memcpy(seed.ptr + this->received_nonce.len, this->sent_nonce.ptr, this->sent_nonce.len); prf_plus = prf_plus_create(this->ike_sa->get_child_prf(this->ike_sa), seed); allocator_free_chunk(&seed); - - this->child_sa = child_sa_create(this->ike_sa->get_my_host(this->ike_sa), - this->ike_sa->get_other_host(this->ike_sa)); + + connection = this->ike_sa->get_connection(this->ike_sa); + this->child_sa = child_sa_create(connection->get_my_host(connection), + connection->get_other_host(connection)); status = this->child_sa->add(this->child_sa, proposal, prf_plus); prf_plus->destroy(prf_plus); @@ -543,12 +545,12 @@ static status_t build_ts_payload(private_ike_sa_init_responded_t *this, bool ts_ /* select ts depending on payload type */ if (ts_initiator) { - ts_selected = this->sa_config->select_other_traffic_selectors(this->sa_config, ts_received); + ts_selected = this->policy->select_other_traffic_selectors(this->policy, ts_received); this->other_ts = ts_selected; } else { - ts_selected = this->sa_config->select_my_traffic_selectors(this->sa_config, ts_received); + ts_selected = this->policy->select_my_traffic_selectors(this->policy, ts_received); this->my_ts = ts_selected; } diff --git a/Source/charon/sa/states/initiator_init.c b/Source/charon/sa/states/initiator_init.c index 2e5843e5c..e23cd7a44 100644 --- a/Source/charon/sa/states/initiator_init.c +++ b/Source/charon/sa/states/initiator_init.c @@ -108,40 +108,39 @@ struct private_initiator_init_t { /** * Implementation of initiator_init_t.initiate_connection. */ -static status_t initiate_connection (private_initiator_init_t *this, char *name) +static status_t initiate_connection (private_initiator_init_t *this, connection_t *connection) { - init_config_t *init_config; - sa_config_t *sa_config; - status_t status; + policy_t *policy; diffie_hellman_group_t dh_group; + host_t *my_host, *other_host; + identification_t *my_id, *other_id; - this->logger->log(this->logger, CONTROL, "Initializing connection %s",name); + my_host = connection->get_my_host(connection); + other_host = connection->get_other_host(connection); + my_id = connection->get_my_id(connection); + other_id = connection->get_other_id(connection); - /* get configs */ - status = charon->configuration->get_init_config_for_name(charon->configuration,name,&init_config); - if (status != SUCCESS) - { - this->logger->log(this->logger, ERROR | LEVEL1, "Could not retrieve INIT configuration informations for %s",name); - return DELETE_ME; - } - this->ike_sa->set_init_config(this->ike_sa,init_config); - status = charon->configuration->get_sa_config_for_name(charon->configuration,name,&sa_config); - if (status != SUCCESS) + this->logger->log(this->logger, CONTROL, "Initiating connection between %s (%s) - %s (%s)", + my_id->get_string(my_id), my_host->get_address(my_host), + other_id->get_string(other_id), other_host->get_address(other_host)); + + this->ike_sa->set_connection(this->ike_sa, connection); + + /* get policy */ + policy = charon->policies->get_policy(charon->policies, my_id, other_id); + if (policy == NULL) { - this->logger->log(this->logger, ERROR | LEVEL1, "Could not retrieve SA configuration informations for %s",name); + this->logger->log(this->logger, ERROR | LEVEL1, "Could not get a policy for '%s - %s', aborting", + my_id->get_string(my_id), other_id->get_string(other_id)); return DELETE_ME; } - this->ike_sa->set_sa_config(this->ike_sa,sa_config); - - /* host informations are read from configuration */ - this->ike_sa->set_other_host(this->ike_sa,init_config->get_other_host_clone(init_config)); - this->ike_sa->set_my_host(this->ike_sa,init_config->get_my_host_clone(init_config)); + this->ike_sa->set_policy(this->ike_sa,policy); /* we must guess now a DH group. For that we choose our most preferred group */ - dh_group = init_config->get_dh_group(init_config); + dh_group = connection->get_dh_group(connection); /* next step is done in retry_initiate_connection */ - return this->public.retry_initiate_connection(&(this->public), dh_group); + return this->public.retry_initiate_connection(&this->public, dh_group); } /** @@ -151,7 +150,7 @@ status_t retry_initiate_connection (private_initiator_init_t *this, diffie_hellm { ike_sa_init_requested_t *next_state; chunk_t ike_sa_init_request_data; - init_config_t *init_config; + connection_t *connection; ike_sa_id_t *ike_sa_id; message_t *message; status_t status; @@ -162,7 +161,7 @@ status_t retry_initiate_connection (private_initiator_init_t *this, diffie_hellm return DELETE_ME; } - init_config = this->ike_sa->get_init_config(this->ike_sa); + connection = this->ike_sa->get_connection(this->ike_sa); this->diffie_hellman = diffie_hellman_create(dh_group); ike_sa_id = this->ike_sa->public.get_id(&(this->ike_sa->public)); ike_sa_id->set_responder_spi(ike_sa_id,0); @@ -211,13 +210,13 @@ static void build_sa_payload(private_initiator_init_t *this, message_t *request) { sa_payload_t* sa_payload; linked_list_t *proposal_list; - init_config_t *init_config; + connection_t *connection; this->logger->log(this->logger, CONTROL|LEVEL1, "Building SA payload"); - init_config = this->ike_sa->get_init_config(this->ike_sa); + connection = this->ike_sa->get_connection(this->ike_sa); - proposal_list = init_config->get_proposals(init_config); + proposal_list = connection->get_proposals(connection); sa_payload = sa_payload_create_from_proposal_list(proposal_list); @@ -332,7 +331,7 @@ initiator_init_t *initiator_init_create(protected_ike_sa_t *ike_sa) this->public.state_interface.destroy = (void (*) (state_t *)) destroy; /* public functions */ - this->public.initiate_connection = (status_t (*)(initiator_init_t *, char *)) initiate_connection; + this->public.initiate_connection = (status_t (*)(initiator_init_t *, connection_t*)) initiate_connection; this->public.retry_initiate_connection = (status_t (*)(initiator_init_t *, int )) retry_initiate_connection; /* private functions */ diff --git a/Source/charon/sa/states/initiator_init.h b/Source/charon/sa/states/initiator_init.h index 9ce499f92..6b4940a73 100644 --- a/Source/charon/sa/states/initiator_init.h +++ b/Source/charon/sa/states/initiator_init.h @@ -46,15 +46,15 @@ struct initiator_init_t { state_t state_interface; /** - * Initiate a new connection with given configuration name. + * Initiate a new connection with given connection_t object. * * @param this calling object - * @param name name of the configuration + * @param connection connection to initiate * @return * - SUCCESS - * - DELETE_ME if something failed (see log for error) + * - DELETE_ME if something failed */ - status_t (*initiate_connection) (initiator_init_t *this, char *name); + status_t (*initiate_connection) (initiator_init_t *this, connection_t *connection); /** * Retry to initiate a new connection with a specific dh_group_priority. diff --git a/Source/charon/sa/states/responder_init.c b/Source/charon/sa/states/responder_init.c index f67e2833c..6db0a662c 100644 --- a/Source/charon/sa/states/responder_init.c +++ b/Source/charon/sa/states/responder_init.c @@ -157,7 +157,7 @@ static status_t process_message(private_responder_init_t *this, message_t *messa ke_payload_t *ke_request = NULL; nonce_payload_t *nonce_request = NULL; host_t *source, *destination; - init_config_t *init_config; + connection_t *connection; iterator_t *payloads; message_t *response; status_t status; @@ -177,18 +177,15 @@ static status_t process_message(private_responder_init_t *this, message_t *messa source = message->get_source(message); destination = message->get_destination(message); - status = charon->configuration->get_init_config_for_host(charon->configuration,destination,source,&init_config); - if (status != SUCCESS) + connection = charon->connections->get_connection_by_hosts(charon->connections, destination, source); + if (connection == NULL) { - /* no configuration matches given host */ - this->logger->log(this->logger, AUDIT, "IKE_SA_INIT request does not match any available configuration. Deleting IKE_SA"); + /* no configuration matches given hosts */ + this->logger->log(this->logger, AUDIT, "IKE_SA_INIT request does not match any available connection. Deleting IKE_SA"); /* TODO: inform requestor */ return DELETE_ME; } - this->ike_sa->set_init_config(this->ike_sa,init_config); - - this->ike_sa->set_my_host(this->ike_sa, destination->clone(destination)); - this->ike_sa->set_other_host(this->ike_sa, source->clone(source)); + this->ike_sa->set_connection(this->ike_sa,connection); /* parse incoming message */ status = message->parse_body(message, NULL, NULL); @@ -322,11 +319,11 @@ static status_t build_sa_payload(private_responder_init_t *this,sa_payload_t *sa { proposal_t *proposal; linked_list_t *proposal_list; - init_config_t *init_config; + connection_t *connection; sa_payload_t* sa_payload; algorithm_t *algo; - init_config = this->ike_sa->get_init_config(this->ike_sa); + connection = this->ike_sa->get_connection(this->ike_sa); this->logger->log(this->logger, CONTROL | LEVEL2, "Process received SA payload"); @@ -334,7 +331,7 @@ static status_t build_sa_payload(private_responder_init_t *this,sa_payload_t *sa proposal_list = sa_request->get_proposals (sa_request); /* select proposal */ - this->proposal = init_config->select_proposal(init_config, proposal_list); + this->proposal = connection->select_proposal(connection, proposal_list); while(proposal_list->remove_last(proposal_list, (void**)&proposal) == SUCCESS) { proposal->destroy(proposal); diff --git a/Source/charon/sa/states/responder_init.h b/Source/charon/sa/states/responder_init.h index 5c7829b5e..c8ba73ea3 100644 --- a/Source/charon/sa/states/responder_init.h +++ b/Source/charon/sa/states/responder_init.h @@ -51,7 +51,7 @@ struct responder_init_t { * The following functions of the assigned protected_ike_sa_t object are being called with * valid values after successfully processing a received message and before changing * to next state IKE_SA_INIT_RESPONDED: - * - protected_ike_sa_t.set_init_config() + * - protected_ike_sa_t.set_connection() * - protected_ike_sa_t.set_my_host() * - protected_ike_sa_t.set_other_host() * - protected_ike_sa_t.compute_secrets() diff --git a/Source/charon/testcases/Makefile.testcases b/Source/charon/testcases/Makefile.testcases index e21b5c258..366bf744f 100644 --- a/Source/charon/testcases/Makefile.testcases +++ b/Source/charon/testcases/Makefile.testcases @@ -108,12 +108,12 @@ TEST_OBJS+= $(BUILD_DIR)encryption_payload_test.o $(BUILD_DIR)encryption_payload_test.o : $(TESTCASES_DIR)encryption_payload_test.c $(TESTCASES_DIR)encryption_payload_test.h $(CC) $(CFLAGS) -c -o $@ $< -TEST_OBJS+= $(BUILD_DIR)init_config_test.o -$(BUILD_DIR)init_config_test.o : $(TESTCASES_DIR)init_config_test.c $(TESTCASES_DIR)init_config_test.h +TEST_OBJS+= $(BUILD_DIR)connection_test.o +$(BUILD_DIR)connection_test.o : $(TESTCASES_DIR)connection_test.c $(TESTCASES_DIR)connection_test.h $(CC) $(CFLAGS) -c -o $@ $< -TEST_OBJS+= $(BUILD_DIR)sa_config_test.o -$(BUILD_DIR)sa_config_test.o : $(TESTCASES_DIR)sa_config_test.c $(TESTCASES_DIR)sa_config_test.h +TEST_OBJS+= $(BUILD_DIR)policy_test.o +$(BUILD_DIR)policy_test.o : $(TESTCASES_DIR)policy_test.c $(TESTCASES_DIR)policy_test.h $(CC) $(CFLAGS) -c -o $@ $< TEST_OBJS+= $(BUILD_DIR)proposal_test.o diff --git a/Source/charon/testcases/aes_cbc_crypter_test.c b/Source/charon/testcases/aes_cbc_crypter_test.c index e92be7fc9..3208e847b 100644 --- a/Source/charon/testcases/aes_cbc_crypter_test.c +++ b/Source/charon/testcases/aes_cbc_crypter_test.c @@ -64,16 +64,16 @@ void test_aes_cbc_crypter(protected_tester_t *tester) tester->assert_true(tester, (memcmp(encrypted1.ptr, expected_encrypted1.ptr, 16) == 0), "Encrypted value"); - logger->log_chunk(logger,RAW,"exptected encrypted :", &expected_encrypted1); - logger->log_chunk(logger,RAW,"encrypted :", &encrypted1); + logger->log_chunk(logger,RAW,"exptected encrypted :", expected_encrypted1); + logger->log_chunk(logger,RAW,"encrypted :", encrypted1); tester->assert_true(tester, (crypter->decrypt(crypter,encrypted1,iv1_chunk,&decrypted1) == SUCCESS), "decrypt call test"); allocator_free_chunk(&encrypted1); tester->assert_true(tester, (memcmp(decrypted1.ptr, plaintext1, 16) == 0), "decrypted value"); - logger->log_chunk(logger,RAW,"expected decrypted :", &data1); - logger->log_chunk(logger,RAW,"decrypted :", &decrypted1); + logger->log_chunk(logger,RAW,"expected decrypted :", data1); + logger->log_chunk(logger,RAW,"decrypted :", decrypted1); allocator_free_chunk(&decrypted1); @@ -119,16 +119,16 @@ void test_aes_cbc_crypter(protected_tester_t *tester) tester->assert_true(tester, (memcmp(encrypted2.ptr, expected_encrypted2.ptr, 32) == 0), "Encrypted value"); - logger->log_chunk(logger,RAW,"exptected encrypted :", &expected_encrypted2); - logger->log_chunk(logger,RAW,"encrypted :", &encrypted2); + logger->log_chunk(logger,RAW,"exptected encrypted :", expected_encrypted2); + logger->log_chunk(logger,RAW,"encrypted :", encrypted2); tester->assert_true(tester, (crypter->decrypt(crypter,encrypted2,iv2_chunk,&decrypted2) == SUCCESS), "decrypt call test"); allocator_free_chunk(&encrypted2); tester->assert_true(tester, (memcmp(decrypted2.ptr, plaintext2, 32) == 0), "decrypted value"); - logger->log_chunk(logger,RAW,"expected decrypted :", &data2); - logger->log_chunk(logger,RAW,"decrypted :", &decrypted2); + logger->log_chunk(logger,RAW,"expected decrypted :", data2); + logger->log_chunk(logger,RAW,"decrypted :", decrypted2); allocator_free_chunk(&decrypted2); @@ -184,16 +184,16 @@ void test_aes_cbc_crypter(protected_tester_t *tester) tester->assert_true(tester, (memcmp(encrypted3.ptr, expected_encrypted3.ptr, 64) == 0), "Encrypted value"); - logger->log_chunk(logger,RAW,"exptected encrypted :", &expected_encrypted3); - logger->log_chunk(logger,RAW,"encrypted :", &encrypted3); + logger->log_chunk(logger,RAW,"exptected encrypted :", expected_encrypted3); + logger->log_chunk(logger,RAW,"encrypted :", encrypted3); tester->assert_true(tester, (crypter->decrypt(crypter,encrypted3,iv3_chunk,&decrypted3) == SUCCESS), "decrypt call test"); allocator_free_chunk(&encrypted3); tester->assert_true(tester, (memcmp(decrypted3.ptr, plaintext3, 64) == 0), "decrypted value"); - logger->log_chunk(logger,RAW,"expected decrypted :", &data3); - logger->log_chunk(logger,RAW,"decrypted :", &decrypted3); + logger->log_chunk(logger,RAW,"expected decrypted :", data3); + logger->log_chunk(logger,RAW,"decrypted :", decrypted3); allocator_free_chunk(&decrypted3); diff --git a/Source/charon/testcases/aes_cbc_crypter_test.h b/Source/charon/testcases/aes_cbc_crypter_test.h index adedd7f97..611863636 100644 --- a/Source/charon/testcases/aes_cbc_crypter_test.h +++ b/Source/charon/testcases/aes_cbc_crypter_test.h @@ -20,8 +20,8 @@ * for more details. */ -#ifndef _AES_CBC_CRYPTER_TEST_H_ -#define _AES_CBC_CRYPTER_TEST_H_ +#ifndef AES_CBC_CRYPTER_TEST_H_ +#define AES_CBC_CRYPTER_TEST_H_ #include #include @@ -35,4 +35,4 @@ */ void test_aes_cbc_crypter(protected_tester_t *tester); -#endif //_AES_CBC_CRYPTER_TEST_H_ +#endif /* AES_CBC_CRYPTER_TEST_H_ */ diff --git a/Source/charon/testcases/child_sa_test.h b/Source/charon/testcases/child_sa_test.h index 00e4db163..ef92499fe 100644 --- a/Source/charon/testcases/child_sa_test.h +++ b/Source/charon/testcases/child_sa_test.h @@ -35,7 +35,7 @@ */ void test_child_sa(protected_tester_t *tester); -#endif //CHILD_SA_TEST_H_ +#endif /* CHILD_SA_TEST_H_ */ diff --git a/Source/charon/testcases/init_config_test.c b/Source/charon/testcases/connection_test.c similarity index 74% rename from Source/charon/testcases/init_config_test.c rename to Source/charon/testcases/connection_test.c index bd2721b3d..204534b24 100644 --- a/Source/charon/testcases/init_config_test.c +++ b/Source/charon/testcases/connection_test.c @@ -1,7 +1,7 @@ /** - * @file init_config_test.c + * @file connection_test.c * - * @brief Tests for the init_config_t class. + * @brief Tests for the connection_t class. * */ @@ -20,23 +20,25 @@ * for more details. */ -#include "init_config_test.h" +#include "connection_test.h" -#include +#include #include +#include /** * Described in header. */ -void test_init_config(protected_tester_t *tester) +void test_connection(protected_tester_t *tester) { host_t *alice = host_create(AF_INET, "192.168.0.1", 500); host_t *bob = host_create(AF_INET, "192.168.0.2", 500); - init_config_t *init_config = init_config_create(alice, bob); - proposal_t *prop1, *prop2, *prop3, *prop4;//, *selected_one; + identification_t *alice_id = identification_create_from_string(AF_INET, "192.168.0.1"); + identification_t *bob_id = identification_create_from_string(AF_INET, "192.168.0.2"); + connection_t *connection = connection_create(alice, bob, alice_id, bob_id, RSA_DIGITAL_SIGNATURE); + proposal_t *prop1, *prop2, *prop3, *prop4; linked_list_t *list; - //status_t status; prop1 = proposal_create(1); prop1->add_algorithm(prop1, IKE, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 20); @@ -62,12 +64,12 @@ void test_init_config(protected_tester_t *tester) prop4->add_algorithm(prop4, IKE, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_TIGER, 20); prop4->add_algorithm(prop4, IKE, DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0); - init_config->add_proposal(init_config, prop1); - init_config->add_proposal(init_config, prop2); - init_config->add_proposal(init_config, prop3); - init_config->add_proposal(init_config, prop4); + connection->add_proposal(connection, prop1); + connection->add_proposal(connection, prop2); + connection->add_proposal(connection, prop3); + connection->add_proposal(connection, prop4); - list = init_config->get_proposals(init_config); + list = connection->get_proposals(connection); tester->assert_true(tester,(list->get_count(list) == 4), "proposal count check "); @@ -77,5 +79,5 @@ void test_init_config(protected_tester_t *tester) list->destroy(list); - init_config->destroy(init_config); + connection->destroy(connection); } diff --git a/Source/charon/testcases/init_config_test.h b/Source/charon/testcases/connection_test.h similarity index 73% rename from Source/charon/testcases/init_config_test.h rename to Source/charon/testcases/connection_test.h index 2d171de46..4d2a1d89e 100644 --- a/Source/charon/testcases/init_config_test.h +++ b/Source/charon/testcases/connection_test.h @@ -1,7 +1,7 @@ /** - * @file init_config_test.h + * @file connection_test.h * - * @brief Tests for the init_config_t class. + * @brief Tests for the connection_t class. * */ @@ -21,18 +21,18 @@ */ -#ifndef _INIT_CONFIG_TEST_H_ -#define _INIT_CONFIG_TEST_H_ +#ifndef INIT_CONFIG_TEST_H_ +#define INIT_CONFIG_TEST_H_ #include /** - * @brief Test function used to test the init_config_t functionality. + * @brief Test function used to test the connection_t functionality. * * @param tester associated protected_tester_t object * * @ingroup testcases */ -void test_init_config(protected_tester_t *tester); +void test_connection(protected_tester_t *tester); -#endif //_INIT_CONFIG_TEST_H_ +#endif /* INIT_CONFIG_TEST_H_ */ diff --git a/Source/charon/testcases/diffie_hellman_test.c b/Source/charon/testcases/diffie_hellman_test.c index d07f2fc3b..e1e54af41 100644 --- a/Source/charon/testcases/diffie_hellman_test.c +++ b/Source/charon/testcases/diffie_hellman_test.c @@ -49,10 +49,10 @@ void test_diffie_hellman(protected_tester_t *tester) tester->assert_true(tester,(other_diffie_hellman != NULL), "create call check"); my_diffie_hellman->get_my_public_value(my_diffie_hellman,&my_public_value); - logger->log_chunk(logger,RAW,"My public value",&my_public_value); + logger->log_chunk(logger,RAW,"My public value",my_public_value); other_diffie_hellman->get_my_public_value(other_diffie_hellman,&other_public_value); - logger->log_chunk(logger,RAW,"Other public value",&other_public_value); + logger->log_chunk(logger,RAW,"Other public value",other_public_value); my_diffie_hellman->set_other_public_value(my_diffie_hellman,other_public_value); other_diffie_hellman->set_other_public_value(other_diffie_hellman,my_public_value); @@ -61,10 +61,10 @@ void test_diffie_hellman(protected_tester_t *tester) allocator_free(other_public_value.ptr); tester->assert_true(tester,( my_diffie_hellman->get_shared_secret(my_diffie_hellman,&my_secret) == SUCCESS), "get_shared_secret call check"); - logger->log_chunk(logger,RAW,"My shared secret",&my_secret); + logger->log_chunk(logger,RAW,"My shared secret",my_secret); tester->assert_true(tester,( other_diffie_hellman->get_shared_secret(other_diffie_hellman,&other_secret) == SUCCESS), "get_shared_secret call check"); - logger->log_chunk(logger,RAW,"Other shared secret",&other_secret); + logger->log_chunk(logger,RAW,"Other shared secret",other_secret); tester->assert_true(tester,( memcmp(my_secret.ptr,other_secret.ptr,other_secret.len) == 0), "shared secret same value check"); diff --git a/Source/charon/testcases/encryption_payload_test.c b/Source/charon/testcases/encryption_payload_test.c index 970472d2e..8f6a0c5c7 100644 --- a/Source/charon/testcases/encryption_payload_test.c +++ b/Source/charon/testcases/encryption_payload_test.c @@ -65,7 +65,7 @@ void test_encryption_payload(protected_tester_t *tester) nonce.ptr = "test text und so..."; nonce.len = strlen(nonce.ptr) +1; - logger->log_chunk(logger, RAW, "nonce", &nonce); + logger->log_chunk(logger, RAW, "nonce", nonce); encryption_payload = encryption_payload_create(); nonce_payload = nonce_payload_create(); @@ -92,10 +92,10 @@ void test_encryption_payload(protected_tester_t *tester) generator->generate_payload(generator, (payload_t*)encryption_payload); generator->write_to_chunk(generator, &data); - logger->log_chunk(logger, RAW, "generated data", &data); + logger->log_chunk(logger, RAW, "generated data", data); encryption_payload->build_signature(encryption_payload, data); - logger->log_chunk(logger, RAW, "generated data", &data); + logger->log_chunk(logger, RAW, "generated data", data); encryption_payload->destroy(encryption_payload); @@ -126,7 +126,7 @@ void test_encryption_payload(protected_tester_t *tester) tester->assert_true(tester, (got_nonce.len == nonce.len), "decrypted nonce"); tester->assert_false(tester, memcmp(nonce.ptr, got_nonce.ptr, nonce.len), "decrypted nonce"); - logger->log_chunk(logger, RAW, "nonce", &got_nonce); + logger->log_chunk(logger, RAW, "nonce", got_nonce); allocator_free(data.ptr); allocator_free(got_nonce.ptr); diff --git a/Source/charon/testcases/event_queue_test.c b/Source/charon/testcases/event_queue_test.c index 9d8ed56ba..5366dca07 100644 --- a/Source/charon/testcases/event_queue_test.c +++ b/Source/charon/testcases/event_queue_test.c @@ -71,6 +71,7 @@ static void event_queue_insert_thread(event_queue_test_t * testinfos) timeval_t time; job_t * job; int i,j; + connection_t *connection; gettimeofday(¤t_time,NULL); for (i = 0; i < testinfos->insert_times_count;i++) @@ -78,7 +79,7 @@ static void event_queue_insert_thread(event_queue_test_t * testinfos) for (j = 0; j < testinfos->entries_per_time;j++) { - job = (job_t *) initiate_ike_sa_job_create("testvalue"); + job = (job_t *) initiate_ike_sa_job_create(connection); time.tv_usec = 0; time.tv_sec = current_time.tv_sec + i; diff --git a/Source/charon/testcases/generator_test.c b/Source/charon/testcases/generator_test.c index e1a1dc1a6..e23540112 100644 --- a/Source/charon/testcases/generator_test.c +++ b/Source/charon/testcases/generator_test.c @@ -88,7 +88,7 @@ void test_generator_with_header_payload(protected_tester_t *tester) logger->log_bytes(logger,RAW,"expected header",expected_generation,sizeof(expected_generation)); tester->assert_true(tester,(generated_data.len == sizeof(expected_generation)), "compare generated data length"); - logger->log_chunk(logger,RAW,"generated header",&generated_data); + logger->log_chunk(logger,RAW,"generated header",generated_data); tester->assert_true(tester,(memcmp(expected_generation,generated_data.ptr,sizeof(expected_generation)) == 0), "compare generated data 1"); allocator_free_chunk(&generated_data); @@ -122,7 +122,7 @@ void test_generator_with_header_payload(protected_tester_t *tester) logger->log_bytes(logger,RAW,"expected header",expected_generation2,sizeof(expected_generation2)); - logger->log_chunk(logger,RAW,"generated header",&generated_data); + logger->log_chunk(logger,RAW,"generated header",generated_data); tester->assert_true(tester,(memcmp(expected_generation2,generated_data.ptr,sizeof(expected_generation2)) == 0), "compare generated data 2"); allocator_free_chunk(&generated_data); @@ -152,7 +152,7 @@ void test_generator_with_transform_attribute(protected_tester_t *tester) attribute = transform_attribute_create(); generator->generate_payload(generator,(payload_t *)attribute); generator->write_to_chunk(generator,&generated_data); - logger->log_chunk(logger,RAW,"generated attribute",&generated_data); + logger->log_chunk(logger,RAW,"generated attribute",generated_data); u_int8_t expected_generation[] = { 0x80,0x00,0x00,0x00, @@ -176,7 +176,7 @@ void test_generator_with_transform_attribute(protected_tester_t *tester) generator->generate_payload(generator,(payload_t *)attribute); generator->write_to_chunk(generator,&generated_data); - logger->log_chunk(logger,RAW,"generated attribute",&generated_data); + logger->log_chunk(logger,RAW,"generated attribute",generated_data); u_int8_t expected_generation2[] = { 0x80,0x00,0x16,0x88, @@ -205,7 +205,7 @@ void test_generator_with_transform_attribute(protected_tester_t *tester) generator->generate_payload(generator,(payload_t *)attribute); generator->write_to_chunk(generator,&generated_data); - logger->log_chunk(logger,RAW,"generated attribute",&generated_data); + logger->log_chunk(logger,RAW,"generated attribute",generated_data); u_int8_t expected_generation3[] = { 0x01,0xC8,0x00,0x19, @@ -278,7 +278,7 @@ void test_generator_with_transform_substructure(protected_tester_t *tester) generator->generate_payload(generator,(payload_t *)transform); generator->write_to_chunk(generator,&generated_data); - logger->log_chunk(logger,RAW,"generated transform",&generated_data); + logger->log_chunk(logger,RAW,"generated transform",generated_data); u_int8_t expected_generation3[] = { 0x00,0x00,0x00,0x18, @@ -378,7 +378,7 @@ void test_generator_with_proposal_substructure(protected_tester_t *tester) generator->generate_payload(generator,(payload_t *)proposal); generator->write_to_chunk(generator,&generated_data); - logger->log_chunk(logger,RAW,"generated transform",&generated_data); + logger->log_chunk(logger,RAW,"generated transform",generated_data); u_int8_t expected_generation[] = { /* proposal header */ @@ -523,7 +523,7 @@ void test_generator_with_sa_payload(protected_tester_t *tester) generator->generate_payload(generator,(payload_t *)ike_header); generator->generate_payload(generator,(payload_t *)sa_payload); generator->write_to_chunk(generator,&generated_data); - logger->log_chunk(logger,RAW,"generated transform",&generated_data); + logger->log_chunk(logger,RAW,"generated transform",generated_data); u_int8_t expected_generation[] = { /* sa payload header */ @@ -599,7 +599,7 @@ void test_generator_with_sa_payload(protected_tester_t *tester) generator->generate_payload(generator,(payload_t *)sa_payload); generator->write_to_chunk(generator,&generated_data); - logger->log_chunk(logger,RAW,"generated",&generated_data); + logger->log_chunk(logger,RAW,"generated",generated_data); u_int8_t expected_generation2[] = { 0x00,0x00,0x00,0x6C, /* payload header*/ @@ -681,7 +681,7 @@ void test_generator_with_sa_payload(protected_tester_t *tester) generator->generate_payload(generator,(payload_t *)sa_payload); generator->write_to_chunk(generator,&generated_data); - logger->log_chunk(logger,RAW,"generated",&generated_data); + logger->log_chunk(logger,RAW,"generated",generated_data); u_int8_t expected_generation3[] = { 0x00,0x00,0x00,0xA0, /* payload header*/ @@ -790,7 +790,7 @@ void test_generator_with_ke_payload(protected_tester_t *tester) generator->generate_payload(generator,(payload_t *)ke_payload); generator->write_to_chunk(generator,&generated_data); - logger->log_chunk(logger,RAW,"generated payload",&generated_data); + logger->log_chunk(logger,RAW,"generated payload",generated_data); u_int8_t expected_generation[] = { /* payload header */ @@ -849,7 +849,7 @@ void test_generator_with_notify_payload(protected_tester_t *tester) generator->generate_payload(generator,(payload_t *)notify_payload); generator->write_to_chunk(generator,&generated_data); - logger->log_chunk(logger,RAW,"generated payload",&generated_data); + logger->log_chunk(logger,RAW,"generated payload",generated_data); u_int8_t expected_generation[] = { /* payload header */ @@ -903,7 +903,7 @@ void test_generator_with_nonce_payload(protected_tester_t *tester) generator->generate_payload(generator,(payload_t *)nonce_payload); generator->write_to_chunk(generator,&generated_data); - logger->log_chunk(logger,RAW,"generated payload",&generated_data); + logger->log_chunk(logger,RAW,"generated payload",generated_data); u_int8_t expected_generation[] = { @@ -958,7 +958,7 @@ void test_generator_with_id_payload(protected_tester_t *tester) generator->generate_payload(generator,(payload_t *)id_payload); generator->write_to_chunk(generator,&generated_data); - logger->log_chunk(logger,RAW,"generated payload",&generated_data); + logger->log_chunk(logger,RAW,"generated payload",generated_data); u_int8_t expected_generation[] = { @@ -1011,7 +1011,7 @@ void test_generator_with_auth_payload(protected_tester_t *tester) generator->generate_payload(generator,(payload_t *)auth_payload); generator->write_to_chunk(generator,&generated_data); - logger->log_chunk(logger,RAW,"generated payload",&generated_data); + logger->log_chunk(logger,RAW,"generated payload",generated_data); u_int8_t expected_generation[] = { @@ -1087,7 +1087,7 @@ void test_generator_with_ts_payload(protected_tester_t *tester) generator->generate_payload(generator,(payload_t *)ts_payload); generator->write_to_chunk(generator,&generated_data); - logger->log_chunk(logger,RAW,"generated payload",&generated_data); + logger->log_chunk(logger,RAW,"generated payload",generated_data); u_int8_t expected_generation[] = { @@ -1148,7 +1148,7 @@ void test_generator_with_cert_payload(protected_tester_t *tester) generator->generate_payload(generator,(payload_t *)cert_payload); generator->write_to_chunk(generator,&generated_data); - logger->log_chunk(logger,RAW,"generated payload",&generated_data); + logger->log_chunk(logger,RAW,"generated payload",generated_data); u_int8_t expected_generation[] = { /* payload header */ @@ -1200,7 +1200,7 @@ void test_generator_with_certreq_payload(protected_tester_t *tester) generator->generate_payload(generator,(payload_t *)certreq_payload); generator->write_to_chunk(generator,&generated_data); - logger->log_chunk(logger,RAW,"generated payload",&generated_data); + logger->log_chunk(logger,RAW,"generated payload",generated_data); u_int8_t expected_generation[] = { /* payload header */ @@ -1254,7 +1254,7 @@ void test_generator_with_delete_payload(protected_tester_t *tester) generator->generate_payload(generator,(payload_t *)delete_payload); generator->write_to_chunk(generator,&generated_data); - logger->log_chunk(logger,RAW,"generated payload",&generated_data); + logger->log_chunk(logger,RAW,"generated payload",generated_data); u_int8_t expected_generation[] = { /* payload header */ @@ -1304,7 +1304,7 @@ void test_generator_with_vendor_id_payload(protected_tester_t *tester) vendor_id_payload->set_data(vendor_id_payload,data); generator->generate_payload(generator,(payload_t *)vendor_id_payload); generator->write_to_chunk(generator,&generated_data); - logger->log_chunk(logger,RAW,"generated payload",&generated_data); + logger->log_chunk(logger,RAW,"generated payload",generated_data); u_int8_t expected_generation[] = { /* payload header */ @@ -1375,7 +1375,7 @@ void test_generator_with_cp_payload(protected_tester_t *tester) generator->generate_payload(generator,(payload_t *)configuration); generator->write_to_chunk(generator,&generated_data); - logger->log_chunk(logger,RAW,"generated configuration",&generated_data); + logger->log_chunk(logger,RAW,"generated configuration",generated_data); u_int8_t expected_generation3[] = { /* cp payload header */ @@ -1427,7 +1427,7 @@ void test_generator_with_eap_payload(protected_tester_t *tester) eap_payload->set_message(eap_payload,message); generator->generate_payload(generator,(payload_t *)eap_payload); generator->write_to_chunk(generator,&generated_data); - logger->log_chunk(logger,RAW,"generated payload",&generated_data); + logger->log_chunk(logger,RAW,"generated payload",generated_data); u_int8_t expected_generation[] = { /* payload header */ diff --git a/Source/charon/testcases/hmac_signer_test.c b/Source/charon/testcases/hmac_signer_test.c index 59f2f1e9b..e5c4bac43 100644 --- a/Source/charon/testcases/hmac_signer_test.c +++ b/Source/charon/testcases/hmac_signer_test.c @@ -96,8 +96,8 @@ void test_hmac_md5_signer(protected_tester_t *tester) signer->allocate_signature(signer, data[i], &signature[i]); tester->assert_true(tester, signature[i].len == 12, "chunk len"); tester->assert_true(tester, (memcmp(signature[i].ptr, reference[i].ptr, 12) == 0), "hmac value"); - logger->log_chunk(logger,RAW,"expected signature:",&reference[i]); - logger->log_chunk(logger,RAW,"signature:",&signature[i]); + logger->log_chunk(logger,RAW,"expected signature:",reference[i]); + logger->log_chunk(logger,RAW,"signature:",signature[i]); allocator_free(signature[i].ptr); valid = signer->verify_signature(signer, data[i],reference[i]); tester->assert_true(tester, (valid == TRUE), "Signature valid check"); @@ -194,8 +194,8 @@ void test_hmac_sha1_signer(protected_tester_t *tester) signer->allocate_signature(signer, data[i], &signature[i]); tester->assert_true(tester, signature[i].len == 12, "chunk len"); tester->assert_true(tester, (memcmp(signature[i].ptr, reference[i].ptr, 12) == 0), "hmac value"); - logger->log_chunk(logger,RAW,"expected signature:",&reference[i]); - logger->log_chunk(logger,RAW,"signature:",&signature[i]); + logger->log_chunk(logger,RAW,"expected signature:",reference[i]); + logger->log_chunk(logger,RAW,"signature:",signature[i]); allocator_free(signature[i].ptr); valid = signer->verify_signature(signer, data[i],reference[i]); tester->assert_true(tester, (valid == TRUE), "Signature valid check"); diff --git a/Source/charon/testcases/hmac_signer_test.h b/Source/charon/testcases/hmac_signer_test.h index 681fa4d71..4a2459a8e 100644 --- a/Source/charon/testcases/hmac_signer_test.h +++ b/Source/charon/testcases/hmac_signer_test.h @@ -20,8 +20,8 @@ * for more details. */ -#ifndef _HMAC_SIGNER_TEST_H_ -#define _HMAC_SIGNER_TEST_H_ +#ifndef HMAC_SIGNER_TEST_H_ +#define HMAC_SIGNER_TEST_H_ #include @@ -43,4 +43,4 @@ void test_hmac_md5_signer(protected_tester_t *tester); */ void test_hmac_sha1_signer(protected_tester_t *tester); -#endif //_HMAC_SIGNER_TEST_H_ +#endif /* HMAC_SIGNER_TEST_H_ */ diff --git a/Source/charon/testcases/job_queue_test.c b/Source/charon/testcases/job_queue_test.c index 017408da0..e7c93b68c 100644 --- a/Source/charon/testcases/job_queue_test.c +++ b/Source/charon/testcases/job_queue_test.c @@ -62,7 +62,7 @@ static void test_job_queue_sender(job_queue_test_t * testinfo) int i; for (i = 0; i < testinfo->insert_item_count; i++) { - job_t *job = (job_t *) initiate_ike_sa_job_create("test"); + job_t *job = (job_t *) initiate_ike_sa_job_create(NULL); testinfo->job_queue->add(testinfo->job_queue,job); } } diff --git a/Source/charon/testcases/sa_config_test.c b/Source/charon/testcases/policy_test.c similarity index 86% rename from Source/charon/testcases/sa_config_test.c rename to Source/charon/testcases/policy_test.c index bb01618df..d02c419f0 100644 --- a/Source/charon/testcases/sa_config_test.c +++ b/Source/charon/testcases/policy_test.c @@ -1,7 +1,7 @@ /** - * @file sa_config_test.c + * @file policy_test.c * - * @brief Tests for the sa_config_t class. + * @brief Tests for the policy_t class. * */ @@ -20,10 +20,10 @@ * for more details. */ -#include "sa_config_test.h" +#include "policy_test.h" #include -#include +#include #include #include #include @@ -33,25 +33,25 @@ /** * Described in header. */ -void test_sa_config(protected_tester_t *tester) +void test_policy(protected_tester_t *tester) { - sa_config_t *sa_config; + policy_t *policy; // traffic_selector_t *ts; // linked_list_t *ts_stored, *ts_supplied, *ts_selected, *ts_expected; proposal_t *proposal1, *proposal2, *proposal3, *proposal_sel; linked_list_t *proposals_list; iterator_t *iterator; logger_t *logger; + identification_t *alice, *bob; logger = charon->logger_manager->create_logger(charon->logger_manager, TESTER, NULL); logger->disable_level(logger, FULL); - sa_config = sa_config_create(ID_IPV4_ADDR, "152.96.193.130", - ID_IPV4_ADDR, "152.96.193.131", - RSA_DIGITAL_SIGNATURE, - 30000); + alice = identification_create_from_string(ID_IPV4_ADDR, "152.96.193.131"); + bob = identification_create_from_string(ID_IPV4_ADDR, "152.96.193.130"); + policy = policy_create(alice, bob); - tester->assert_true(tester, (sa_config != NULL), "sa_config construction"); + tester->assert_true(tester, (policy != NULL), "policy construction"); /* @@ -73,12 +73,12 @@ void test_sa_config(protected_tester_t *tester) proposal3->add_algorithm(proposal3, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20); - sa_config->add_proposal(sa_config, proposal1); - sa_config->add_proposal(sa_config, proposal2); - sa_config->add_proposal(sa_config, proposal3); + policy->add_proposal(policy, proposal1); + policy->add_proposal(policy, proposal2); + policy->add_proposal(policy, proposal3); - proposals_list = sa_config->get_proposals(sa_config); + proposals_list = policy->get_proposals(policy); tester->assert_true(tester, (proposals_list->get_count(proposals_list) == 3), "proposal count"); @@ -95,7 +95,7 @@ void test_sa_config(protected_tester_t *tester) proposals_list->insert_last(proposals_list, proposal1); proposals_list->insert_last(proposals_list, proposal2); - proposal_sel = sa_config->select_proposal(sa_config, proposals_list); + proposal_sel = policy->select_proposal(policy, proposals_list); tester->assert_false(tester, proposal_sel == NULL, "proposal select"); /* check ESP encryption algo */ iterator = proposal_sel->create_algorithm_iterator(proposal_sel, ESP, ENCRYPTION_ALGORITHM); @@ -164,18 +164,18 @@ void test_sa_config(protected_tester_t *tester) // /* icmp request, should be discarded */ // ts_request[3] = traffic_selector_create_from_string(1, TS_IPV4_ADDR_RANGE, "0.0.0.0", 0, "255.255.255.255", 65535); // -// sa_config->add_my_traffic_selector(sa_config, ts_policy[0]); -// sa_config->add_my_traffic_selector(sa_config, ts_policy[1]); -// sa_config->add_my_traffic_selector(sa_config, ts_policy[2]); +// policy->add_my_traffic_selector(policy, ts_policy[0]); +// policy->add_my_traffic_selector(policy, ts_policy[1]); +// policy->add_my_traffic_selector(policy, ts_policy[2]); // -// count = sa_config->get_my_traffic_selectors(sa_config, &ts_result); +// count = policy->get_my_traffic_selectors(policy, &ts_result); // tester->assert_true(tester, (count == 3), "ts get count"); // ts_result[0]->destroy(ts_result[0]); // ts_result[0]->destroy(ts_result[1]); // ts_result[0]->destroy(ts_result[2]); // allocator_free(ts_result); // -// count = sa_config->select_my_traffic_selectors(sa_config, &ts_request[0], 4, &ts_result); +// count = policy->select_my_traffic_selectors(policy, &ts_request[0], 4, &ts_result); // tester->assert_true(tester, (count == 3), "ts select count"); // // @@ -207,10 +207,10 @@ void test_sa_config(protected_tester_t *tester) // u_int16_t tp_ref = ts_reference[i]->get_to_port(ts_reference[i]); // // -// logger->log_chunk(logger, RAW, "from address result", &fa_res); -// logger->log_chunk(logger, RAW, "from address reference", &fa_ref); -// logger->log_chunk(logger, RAW, "to address result", &ta_res); -// logger->log_chunk(logger, RAW, "to address reference", &ta_ref); +// logger->log_chunk(logger, RAW, "from address result", fa_res); +// logger->log_chunk(logger, RAW, "from address reference", fa_ref); +// logger->log_chunk(logger, RAW, "to address result", ta_res); +// logger->log_chunk(logger, RAW, "to address reference", ta_ref); // tester->assert_true(tester, fa_res.len == fa_ref.len, "from address len"); // tester->assert_false(tester, memcmp(fa_res.ptr, fa_ref.ptr,fa_res.len), "from address value"); // tester->assert_true(tester, ta_res.len == ta_ref.len, "to address len"); @@ -243,5 +243,5 @@ void test_sa_config(protected_tester_t *tester) // ts_reference[2]->destroy(ts_reference[2]); // ts_request[3]->destroy(ts_request[3]); - sa_config->destroy(sa_config); + policy->destroy(policy); } diff --git a/Source/charon/testcases/sa_config_test.h b/Source/charon/testcases/policy_test.h similarity index 74% rename from Source/charon/testcases/sa_config_test.h rename to Source/charon/testcases/policy_test.h index 7c6e2407b..6c8072a9c 100644 --- a/Source/charon/testcases/sa_config_test.h +++ b/Source/charon/testcases/policy_test.h @@ -1,7 +1,7 @@ /** - * @file sa_config_test.h + * @file policy_test.h * - * @brief Tests for the sa_config_t class. + * @brief Tests for the policy_t class. * */ @@ -21,21 +21,21 @@ */ -#ifndef _SA_CONFIG_TEST_H_ -#define _SA_CONFIG_TEST_H_ +#ifndef SA_CONFIG_TEST_H_ +#define SA_CONFIG_TEST_H_ #include /** - * @brief Test function used to test the sa_config_t functionality. + * @brief Test function used to test the policy_t functionality. * * @param tester associated protected_tester_t object * * @ingroup testcases */ -void test_sa_config(protected_tester_t *tester); +void test_policy(protected_tester_t *tester); -#endif //_SA_CONFIG_TEST_H_ +#endif /* SA_CONFIG_TEST_H_ */ diff --git a/Source/charon/testcases/proposal_test.h b/Source/charon/testcases/proposal_test.h index d6d9681ac..059af11cc 100644 --- a/Source/charon/testcases/proposal_test.h +++ b/Source/charon/testcases/proposal_test.h @@ -35,7 +35,7 @@ */ void test_proposal(protected_tester_t *tester); -#endif //CHILD_PROPOSAL_TEST_H_ +#endif /* CHILD_PROPOSAL_TEST_H_ */ diff --git a/Source/charon/testcases/rsa_test.c b/Source/charon/testcases/rsa_test.c index a585806ba..75df88a04 100644 --- a/Source/charon/testcases/rsa_test.c +++ b/Source/charon/testcases/rsa_test.c @@ -71,8 +71,8 @@ void test_rsa(protected_tester_t *tester) public_key->get_key(public_key, &public_key_chunk); private_key->get_key(private_key, &private_key_chunk); - logger->log_chunk(logger, RAW, "Public Key", &public_key_chunk); - logger->log_chunk(logger, RAW, "Private Key", &private_key_chunk); + logger->log_chunk(logger, RAW, "Public Key", public_key_chunk); + logger->log_chunk(logger, RAW, "Private Key", private_key_chunk); allocator_free(public_key_chunk.ptr); diff --git a/Source/charon/testcases/testcases.c b/Source/charon/testcases/testcases.c index 8b3bfa9b9..aa8f372e4 100644 --- a/Source/charon/testcases/testcases.c +++ b/Source/charon/testcases/testcases.c @@ -56,8 +56,8 @@ #include #include #include -#include -#include +#include +#include #include #include #include @@ -122,8 +122,8 @@ test_t aes_cbc_crypter_test = {test_aes_cbc_crypter, "AES CBC"}; test_t hmac_signer_test1 = {test_hmac_md5_signer, "HMAC MD5 signer test"}; test_t hmac_signer_test2 = {test_hmac_sha1_signer, "HMAC SHA1 signer test"}; test_t encryption_payload_test = {test_encryption_payload, "encryption payload test"}; -test_t init_config_test = {test_init_config, "init_config_t test"}; -test_t sa_config_test = {test_sa_config, "sa_config_t test"}; +test_t connection_test = {test_connection, "connection_t test"}; +test_t policy_test = {test_policy, "policy_t test"}; test_t proposal_test = {test_proposal, "proposal_t test"}; test_t rsa_test = {test_rsa, "RSA private/public key test"}; test_t kernel_interface_test = {test_kernel_interface, "Kernel Interface"}; @@ -235,8 +235,8 @@ int main() &hmac_signer_test1, &hmac_signer_test2, &encryption_payload_test, - &init_config_test, - &sa_config_test, + &connection_test, + &policy_test, &proposal_test, &rsa_test, NULL diff --git a/Source/charon/threads/Makefile.threads b/Source/charon/threads/Makefile.threads index d756bd0ae..402ab96c4 100644 --- a/Source/charon/threads/Makefile.threads +++ b/Source/charon/threads/Makefile.threads @@ -33,3 +33,7 @@ $(BUILD_DIR)thread_pool.o : $(THREADS_DIR)thread_pool.c $(THREADS_DIR)thread_po OBJS+= $(BUILD_DIR)kernel_interface.o $(BUILD_DIR)kernel_interface.o :$(THREADS_DIR)kernel_interface.c $(THREADS_DIR)kernel_interface.h $(CC) $(CFLAGS) -c -o $@ $< + +OBJS+= $(BUILD_DIR)stroke.o +$(BUILD_DIR)stroke.o : $(THREADS_DIR)stroke.c $(THREADS_DIR)stroke.h + $(CC) $(CFLAGS) -c -o $@ $< diff --git a/Source/charon/threads/thread_pool.c b/Source/charon/threads/thread_pool.c index 8e14fc37e..f3e2fd8e6 100644 --- a/Source/charon/threads/thread_pool.c +++ b/Source/charon/threads/thread_pool.c @@ -340,13 +340,10 @@ static void process_initiate_ike_sa_job(private_thread_pool_t *this, initiate_ik status_t status; - this->worker_logger->log(this->worker_logger, CONTROL|LEVEL2, "Create and checking out IKE SA"); - + this->worker_logger->log(this->worker_logger, CONTROL|LEVEL2, "Creating and checking out IKE SA"); charon->ike_sa_manager->create_and_checkout(charon->ike_sa_manager, &ike_sa); - this->worker_logger->log(this->worker_logger, CONTROL, "Initiating connection \"%s\"", - job->get_configuration_name(job)); - status = ike_sa->initialize_connection(ike_sa, job->get_configuration_name(job)); + status = ike_sa->initiate_connection(ike_sa, job->get_connection(job)); if (status != SUCCESS) { this->worker_logger->log(this->worker_logger, ERROR, "Initiation returned %s, going to delete IKE_SA.", diff --git a/Source/charon/transforms/crypters/aes_cbc_crypter.h b/Source/charon/transforms/crypters/aes_cbc_crypter.h index 62cd77af7..b2c93348e 100644 --- a/Source/charon/transforms/crypters/aes_cbc_crypter.h +++ b/Source/charon/transforms/crypters/aes_cbc_crypter.h @@ -21,8 +21,8 @@ * for more details. */ -#ifndef _AES_CRYPTER_H_ -#define _AES_CRYPTER_H_ +#ifndef AES_CBC_CRYPTER_H_ +#define AES_CBC_CRYPTER_H_ #include @@ -58,4 +58,4 @@ struct aes_cbc_crypter_t { aes_cbc_crypter_t *aes_cbc_crypter_create(size_t key_size); -#endif //_AES_CRYPTER_H_ +#endif /* AES_CBC_CRYPTER_H_ */ diff --git a/Source/charon/utils/identification.c b/Source/charon/utils/identification.c index 844c98b8d..73f218874 100644 --- a/Source/charon/utils/identification.c +++ b/Source/charon/utils/identification.c @@ -70,6 +70,8 @@ struct private_identification_t { id_type_t type; }; +static private_identification_t *identification_create(); + /** * Implementation of identification_t.get_encoding. */ @@ -113,6 +115,21 @@ static bool equals (private_identification_t *this,private_identification_t *oth return FALSE; } +/** + * Implementation of identification_t.clone. + */ +static identification_t *clone(private_identification_t *this) +{ + private_identification_t *clone = identification_create(); + + clone->type = this->type; + clone->encoded = allocator_clone_chunk(this->encoded); + clone->string = allocator_alloc(strlen(this->string) + 1); + strcpy(clone->string, this->string); + + return &clone->public; +} + /** * Implementation of identification_t.destroy. */ @@ -136,6 +153,7 @@ static private_identification_t *identification_create() this->public.get_encoding = (chunk_t (*) (identification_t*))get_encoding; this->public.get_type = (id_type_t (*) (identification_t*))get_type; this->public.get_string = (char* (*) (identification_t*))get_string; + this->public.clone = (identification_t* (*) (identification_t*))clone; this->public.destroy = (void (*) (identification_t*))destroy; this->string = NULL; @@ -144,6 +162,7 @@ static private_identification_t *identification_create() return this; } + /* * Described in header. */ diff --git a/Source/charon/utils/identification.h b/Source/charon/utils/identification.h index 057989b24..38bac5ee1 100644 --- a/Source/charon/utils/identification.h +++ b/Source/charon/utils/identification.h @@ -21,8 +21,8 @@ */ -#ifndef _IDENTIFICATION_H_ -#define _IDENTIFICATION_H_ +#ifndef IDENTIFICATION_H_ +#define IDENTIFICATION_H_ #include "types.h" @@ -120,7 +120,7 @@ struct identification_t { * * @warning Result points to internal data, do NOT free! * - * @param this the identification_t_object + * @param this the identification_t object * @return a chunk containing the encoded bytes */ chunk_t (*get_encoding) (identification_t *this); @@ -128,7 +128,7 @@ struct identification_t { /** * @brief Get the type of this identification. * - * @param this the identification_t_object + * @param this the identification_t object * @return id_type_t */ id_type_t (*get_type) (identification_t *this); @@ -138,7 +138,7 @@ struct identification_t { * * @warning Result points to internal data, do NOT free! * - * @param this the identification_t_object + * @param this the identification_t object * @return string */ char *(*get_string) (identification_t *this); @@ -146,11 +146,19 @@ struct identification_t { /** * @brief Check if two identification_t objects are equal. * - * @param this the identification_t_object - * @param other other identification_t_object + * @param this the identification_t object + * @param other other identification_t object * @return TRUE if the IDs are equal */ bool (*equals) (identification_t *this,identification_t *other); + + /** + * @brief Clone a identification_t instance. + * + * @param this the identification_t object to clone + * @return clone of this + */ + identification_t *(*clone) (identification_t *this); /** * @brief Destroys a identification_t object. @@ -186,4 +194,4 @@ identification_t * identification_create_from_string(id_type_t type, char *strin identification_t * identification_create_from_encoding(id_type_t type, chunk_t encoded); -#endif //_IDENTIFICATION_H_ +#endif /* IDENTIFICATION_H_ */ diff --git a/Source/charon/utils/logger.c b/Source/charon/utils/logger.c index 6b1a91d8b..29f485baa 100644 --- a/Source/charon/utils/logger.c +++ b/Source/charon/utils/logger.c @@ -266,9 +266,9 @@ static void log_bytes(private_logger_t *this, logger_level_t loglevel, char *lab /** * Implementation of logger_t.log_chunk. */ -static void log_chunk(logger_t *this, logger_level_t loglevel, char *label, chunk_t *chunk) +static void log_chunk(logger_t *this, logger_level_t loglevel, char *label, chunk_t chunk) { - this->log_bytes(this, loglevel, label, chunk->ptr, chunk->len); + this->log_bytes(this, loglevel, label, chunk.ptr, chunk.len); } /** diff --git a/Source/charon/utils/logger.h b/Source/charon/utils/logger.h index 3841955df..52c21e6ef 100644 --- a/Source/charon/utils/logger.h +++ b/Source/charon/utils/logger.h @@ -136,9 +136,9 @@ struct logger_t { * @param this logger_t object * @param loglevel or'ed set of logger_level_t's * @param label a labeling name, logged with the bytes - * @param chunk pointer to a chunk to log + * @param chunk chunk to log */ - void (*log_chunk) (logger_t *this, logger_level_t loglevel, char *label, chunk_t *chunk); + void (*log_chunk) (logger_t *this, logger_level_t loglevel, char *label, chunk_t chunk); /** * @brief Enables a loglevel for the current logger_t object. diff --git a/Source/charon/utils/logger_manager.c b/Source/charon/utils/logger_manager.c index 1136be157..fe8ae9bc5 100644 --- a/Source/charon/utils/logger_manager.c +++ b/Source/charon/utils/logger_manager.c @@ -165,7 +165,7 @@ static logger_t *create_logger(private_logger_manager_t *this, logger_context_t /* defaults */ log_thread_ids = FALSE; - logger_level = this->public.get_logger_level(&(this->public),context); + logger_level = this->public.get_logger_level(&(this->public), context); switch(context) { @@ -176,15 +176,12 @@ static logger_t *create_logger(private_logger_manager_t *this, logger_context_t log_thread_ids = TRUE; break; case IKE_SA: - logger_level |= LEVEL1; log_thread_ids = TRUE; break; case CHILD_SA: - logger_level |= LEVEL1; log_thread_ids = TRUE; break; case CONFIG: - logger_level |= FULL; log_thread_ids = TRUE; break; case MESSAGE: @@ -205,14 +202,12 @@ static logger_t *create_logger(private_logger_manager_t *this, logger_context_t case THREAD_POOL: break; case SCHEDULER: - logger_level = 0; break; case SENDER: break; case RECEIVER: break; case SOCKET: - logger_level |= FULL; break; case DAEMON: break;