From 409d010131f14e551e0645e9b88ad7621d08b781 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Mon, 13 Feb 2006 13:42:01 +0000 Subject: [PATCH] - config uses uml hosts alice and bob --- Source/charon/config/configuration_manager.c | 60 +++++++++++++++----- Source/charon/daemon.h | 2 +- Source/charon/sa/states/responder_init.c | 2 +- 3 files changed, 47 insertions(+), 17 deletions(-) diff --git a/Source/charon/config/configuration_manager.c b/Source/charon/config/configuration_manager.c index 6c00469e9..ed5c33d26 100644 --- a/Source/charon/config/configuration_manager.c +++ b/Source/charon/config/configuration_manager.c @@ -274,13 +274,14 @@ u_int8_t private_key_2[]; */ static void load_default_config (private_configuration_manager_t *this) { - init_config_t *init_config; + init_config_t *init_config_a, *init_config_b; ike_proposal_t proposals; child_proposal_t *child_proposal; - sa_config_t *sa_config; + sa_config_t *sa_config_a, *sa_config_b; traffic_selector_t *ts; - init_config = init_config_create("0.0.0.0","127.0.0.1",IKEV2_UDP_PORT,IKEV2_UDP_PORT); + init_config_a = init_config_create("0.0.0.0","192.168.0.3",IKEV2_UDP_PORT,IKEV2_UDP_PORT); + init_config_b = init_config_create("0.0.0.0","192.168.0.2",IKEV2_UDP_PORT,IKEV2_UDP_PORT); ts = traffic_selector_create_from_string(1, TS_IPV4_ADDR_RANGE, "0.0.0.0", 0, "255.255.255.255", 65535); @@ -292,23 +293,34 @@ static void load_default_config (private_configuration_manager_t *this) proposals.pseudo_random_function_key_length = 16; proposals.diffie_hellman_group = MODP_1024_BIT; - init_config->add_proposal(init_config,1,proposals); + init_config_a->add_proposal(init_config_a,1,proposals); + init_config_b->add_proposal(init_config_b,1,proposals); - sa_config = sa_config_create(ID_IPV4_ADDR, "127.0.0.1", - ID_IPV4_ADDR, "127.0.0.1", + sa_config_a = sa_config_create(ID_IPV4_ADDR, "192.168.0.2", + ID_IPV4_ADDR, "192.168.0.3", + RSA_DIGITAL_SIGNATURE, + 30000); + + sa_config_b = sa_config_create(ID_IPV4_ADDR, "192.168.0.3", + ID_IPV4_ADDR, "192.168.0.2", RSA_DIGITAL_SIGNATURE, 30000); - sa_config->add_traffic_selector_initiator(sa_config,ts); - sa_config->add_traffic_selector_responder(sa_config,ts); + sa_config_a->add_traffic_selector_initiator(sa_config_a,ts); + sa_config_a->add_traffic_selector_responder(sa_config_a,ts); + + sa_config_b->add_traffic_selector_initiator(sa_config_b,ts); + sa_config_b->add_traffic_selector_responder(sa_config_b,ts); ts->destroy(ts); - /* ah and esp prop */ + /* child proposal for alice */ child_proposal = child_proposal_create(1); child_proposal->add_algorithm(child_proposal, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20); + child_proposal->add_algorithm(child_proposal, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20); child_proposal->add_algorithm(child_proposal, AH, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0); + child_proposal->add_algorithm(child_proposal, AH, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0); child_proposal->add_algorithm(child_proposal, AH, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0); child_proposal->add_algorithm(child_proposal, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16); @@ -318,17 +330,35 @@ static void load_default_config (private_configuration_manager_t *this) child_proposal->add_algorithm(child_proposal, ESP, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0); child_proposal->add_algorithm(child_proposal, ESP, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0); - sa_config->add_proposal(sa_config, child_proposal); + sa_config_a->add_proposal(sa_config_a, child_proposal); + + /* child proposal for bob */ + child_proposal = child_proposal_create(1); + + child_proposal->add_algorithm(child_proposal, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20); + child_proposal->add_algorithm(child_proposal, AH, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0); + child_proposal->add_algorithm(child_proposal, AH, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0); - this->add_new_configuration(this,"localhost",init_config,sa_config); + child_proposal->add_algorithm(child_proposal, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16); + child_proposal->add_algorithm(child_proposal, ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20); + child_proposal->add_algorithm(child_proposal, ESP, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0); + child_proposal->add_algorithm(child_proposal, ESP, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0); + + sa_config_b->add_proposal(sa_config_b, child_proposal); + + + + + this->add_new_configuration(this,"bob",init_config_a,sa_config_a); + this->add_new_configuration(this,"alice",init_config_b,sa_config_b); //this->add_new_preshared_secret(this,ID_IPV4_ADDR, "192.168.1.2","verschluesselt"); - this->add_new_rsa_public_key(this,ID_IPV4_ADDR, "127.0.0.1", public_key_1, 256); - //this->add_new_rsa_public_key(this,ID_IPV4_ADDR, "192.168.1.1", public_key_2, 256); - this->add_new_rsa_private_key(this,ID_IPV4_ADDR, "127.0.0.1", private_key_1, 1024); - //this->add_new_rsa_private_key(this,ID_IPV4_ADDR, "192.168.1.1", private_key_2, 1024); + this->add_new_rsa_public_key(this,ID_IPV4_ADDR, "192.168.0.2", public_key_1, 256); + this->add_new_rsa_public_key(this,ID_IPV4_ADDR, "192.168.0.3", public_key_2, 256); + this->add_new_rsa_private_key(this,ID_IPV4_ADDR, "192.168.0.2", private_key_1, 1024); + this->add_new_rsa_private_key(this,ID_IPV4_ADDR, "192.168.0.3", private_key_2, 1024); } /** diff --git a/Source/charon/daemon.h b/Source/charon/daemon.h index 4522bc347..4650c5cb0 100644 --- a/Source/charon/daemon.h +++ b/Source/charon/daemon.h @@ -52,7 +52,7 @@ /** * UDP Port on which the daemon will listen for incoming traffic. */ -#define IKEV2_UDP_PORT 4501 +#define IKEV2_UDP_PORT 500 /** * @brief First retransmit timeout in milliseconds. diff --git a/Source/charon/sa/states/responder_init.c b/Source/charon/sa/states/responder_init.c index 5ea4588a1..2ea5b034d 100644 --- a/Source/charon/sa/states/responder_init.c +++ b/Source/charon/sa/states/responder_init.c @@ -178,7 +178,7 @@ static status_t process_message(private_responder_init_t *this, message_t *messa { /* no configuration matches given host */ this->logger->log(this->logger, AUDIT, "IKE_SA_INIT request does not match any available configuration. Deleting IKE_SA"); - this->ike_sa->send_notify(this->ike_sa, IKE_SA_INIT, NO_PROPOSAL_CHOSEN, CHUNK_INITIALIZER); + /* TODO: inform requestor */ return DELETE_ME; } this->ike_sa->set_init_config(this->ike_sa,init_config);