ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

- fixed some BAD bugs 

- clean localhost-testcases for bad_dh, shared and rsa
This commit is contained in:
Martin Willi 2005-12-12 12:52:59 +00:00
parent 7fa8decb78
commit 6db4e80b56
11 changed files with 78 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
Source/charon/config/configuration_manager.c
View File

@ -274,15 +274,16 @@ u_int8_t private_key_2[];
*/
static void load_default_config (private_configuration_manager_t *this)
{
init_config_t *init_config1, *init_config2, *init_config3;
ike_proposal_t proposals[2];
init_config_t *init_config1, *init_config2, *init_config3, *init_config4;
ike_proposal_t proposals[4];
child_proposal_t child_proposals[1];
sa_config_t *sa_config1, *sa_config2, *sa_config3;
sa_config_t *sa_config1, *sa_config2, *sa_config3, *sa_config4;
traffic_selector_t *ts;
init_config1 = init_config_create("0.0.0.0","152.96.193.131",IKEV2_UDP_PORT,IKEV2_UDP_PORT);
init_config2 = init_config_create("0.0.0.0","152.96.193.130",IKEV2_UDP_PORT,IKEV2_UDP_PORT);
init_config3 = init_config_create("0.0.0.0","127.0.0.1",IKEV2_UDP_PORT,IKEV2_UDP_PORT);
init_config4 = init_config_create("0.0.0.0","127.0.0.1",IKEV2_UDP_PORT,IKEV2_UDP_PORT);
ts = traffic_selector_create_from_string(1, TS_IPV4_ADDR_RANGE, "0.0.0.0", 0, "255.255.255.255", 65535);
@ -299,7 +300,13 @@ static void load_default_config (private_configuration_manager_t *this)
proposals[1].integrity_algorithm_key_length = 20;
proposals[1].pseudo_random_function = PRF_HMAC_SHA1;
proposals[1].pseudo_random_function_key_length = 20;
proposals[1].diffie_hellman_group = MODP_1024_BIT;
proposals[1].diffie_hellman_group = MODP_2048_BIT;
proposals[2] = proposals[1];
proposals[2].diffie_hellman_group = MODP_4096_BIT;
proposals[3] = proposals[1];
proposals[3].diffie_hellman_group = MODP_2048_BIT;
init_config1->add_proposal(init_config1,1,proposals[1]);
init_config1->add_proposal(init_config1,1,proposals[0]);
@ -307,7 +314,8 @@ static void load_default_config (private_configuration_manager_t *this)
init_config2->add_proposal(init_config2,1,proposals[0]);
init_config3->add_proposal(init_config3,1,proposals[1]);
init_config3->add_proposal(init_config3,1,proposals[0]);
init_config4->add_proposal(init_config4,1,proposals[3]);
init_config4->add_proposal(init_config4,1,proposals[2]);
sa_config1 = sa_config_create(ID_IPV4_ADDR, "152.96.193.130",
ID_IPV4_ADDR, "152.96.193.131",
@ -324,14 +332,22 @@ static void load_default_config (private_configuration_manager_t *this)
sa_config2->add_traffic_selector_initiator(sa_config2,ts);
sa_config2->add_traffic_selector_responder(sa_config2,ts);
sa_config3 = sa_config_create(ID_IPV4_ADDR, "127.0.0.1",
ID_IPV4_ADDR, "127.0.0.1",
RSA_DIGITAL_SIGNATURE,
SHARED_KEY_MESSAGE_INTEGRITY_CODE,
30000);
sa_config3->add_traffic_selector_initiator(sa_config3,ts);
sa_config3->add_traffic_selector_responder(sa_config3,ts);
sa_config4 = sa_config_create(ID_IPV4_ADDR, "127.0.0.1",
ID_IPV4_ADDR, "127.0.0.1",
RSA_DIGITAL_SIGNATURE,
30000);
sa_config4->add_traffic_selector_initiator(sa_config4,ts);
sa_config4->add_traffic_selector_responder(sa_config4,ts);
ts->destroy(ts);
@ -360,10 +376,13 @@ static void load_default_config (private_configuration_manager_t *this)
this->add_new_configuration(this,"pinflb31",init_config1,sa_config1);
this->add_new_configuration(this,"pinflb30",init_config2,sa_config2);
this->add_new_configuration(this,"localhost",init_config3,sa_config3);
this->add_new_configuration(this,"localhost-shared",init_config3,sa_config3);
this->add_new_configuration(this,"localhost-rsa",init_config3,sa_config4);
this->add_new_configuration(this,"localhost-bad_dh_group",init_config4, sa_config3);
this->add_new_preshared_secret(this,ID_IPV4_ADDR, "152.96.193.130","verschluesselt");
this->add_new_preshared_secret(this,ID_IPV4_ADDR, "152.96.193.131","scheisen");
this->add_new_preshared_secret(this,ID_IPV4_ADDR, "152.96.193.131","verschluesselt");
this->add_new_preshared_secret(this,ID_IPV4_ADDR, "127.0.0.1","verschluesselt");
this->add_new_rsa_public_key(this,ID_IPV4_ADDR, "127.0.0.1", public_key_1, 256);
@ -598,7 +617,7 @@ static void add_new_configuration (private_configuration_manager_t *this, char *
this->sa_configs->insert_first(this->sa_configs,sa_config);
}
this->configurations->insert_first(this->configurations,configuration_entry_create(name,init_config,sa_config));
this->configurations->insert_last(this->configurations,configuration_entry_create(name,init_config,sa_config));
}
/**

21
Source/charon/daemon.c
View File

@ -157,14 +157,19 @@ static void kill_daemon(private_daemon_t *this, char *reason)
* Implementation of private_daemon_t.build_test_jobs.
*/
static void build_test_jobs(private_daemon_t *this)
{
int i;
for(i = 0; i<1; i++)
{
initiate_ike_sa_job_t *initiate_job;
initiate_job = initiate_ike_sa_job_create("pinflb30");
this->public.event_queue->add_relative(this->public.event_queue, (job_t*)initiate_job, i * 5000);
}
{
char *config_name;
initiate_ike_sa_job_t *initiate_job;
config_name = "localhost-rsa";
/* config_name = "localhost-shared"; */
/* config_name = "localhost-bad_dh_group"; */
initiate_job = initiate_ike_sa_job_create(config_name);
this->public.event_queue->add_relative(this->public.event_queue, (job_t*)initiate_job, 2000);
}
/**

1
Source/charon/encoding/payloads/notify_payload.c
View File

@ -395,6 +395,7 @@ notify_payload_t *notify_payload_create()
this->notify_message_type = 0;
this->spi.ptr = NULL;
this->spi.len = 0;
this->spi_size = 0;
this->notification_data.ptr = NULL;
this->notification_data.len = 0;

1
Source/charon/encoding/payloads/sa_payload.c
View File

@ -761,6 +761,7 @@ sa_payload_t *sa_payload_create_from_ike_proposals(ike_proposal_t *proposals, si
proposal_substructure = proposal_substructure_create();
proposal_substructure->set_protocol_id(proposal_substructure,IKE);
proposal_substructure->set_proposal_number(proposal_substructure,(i + 1));
/* create transform substructures to hold each specific transform for an ike proposal */
encryption_algorithm = transform_substructure_create_type(ENCRYPTION_ALGORITHM,proposals[i].encryption_algorithm,proposals[i].encryption_algorithm_key_length);

5
Source/charon/queues/jobs/delete_established_ike_sa_job.c
View File

@ -61,9 +61,8 @@ static ike_sa_id_t *get_ike_sa_id(private_delete_established_ike_sa_job_t *this)
/**
* Implementation of job_t.destroy.
*/
static void destroy(job_t *job)
static void destroy(private_delete_established_ike_sa_job_t *this)
{
private_delete_established_ike_sa_job_t *this = (private_delete_established_ike_sa_job_t *) job;
this->ike_sa_id->destroy(this->ike_sa_id);
allocator_free(this);
}
@ -79,7 +78,7 @@ delete_established_ike_sa_job_t *delete_established_ike_sa_job_create(ike_sa_id_
this->public.job_interface.get_type = (job_type_t (*) (job_t *)) get_type;
/* same as destroy */
this->public.job_interface.destroy_all = (void (*) (job_t *)) destroy;
this->public.job_interface.destroy = destroy;
this->public.job_interface.destroy = (void (*)(job_t*)) destroy;
/* public functions */
this->public.get_ike_sa_id = (ike_sa_id_t * (*)(delete_established_ike_sa_job_t *)) get_ike_sa_id;

5
Source/charon/queues/jobs/delete_half_open_ike_sa_job.c
View File

@ -61,9 +61,8 @@ static ike_sa_id_t *get_ike_sa_id(private_delete_half_open_ike_sa_job_t *this)
/**
* Implements job_t.destroy.
*/
static void destroy(job_t *job)
static void destroy(private_delete_half_open_ike_sa_job_t *this)
{
private_delete_half_open_ike_sa_job_t *this = (private_delete_half_open_ike_sa_job_t *) job;
this->ike_sa_id->destroy(this->ike_sa_id);
allocator_free(this);
}
@ -79,7 +78,7 @@ delete_half_open_ike_sa_job_t *delete_half_open_ike_sa_job_create(ike_sa_id_t *i
this->public.job_interface.get_type = (job_type_t (*) (job_t *)) get_type;
/* same as destroy */
this->public.job_interface.destroy_all = (void (*) (job_t *)) destroy;
this->public.job_interface.destroy = destroy;
this->public.job_interface.destroy = (void (*)(job_t *)) destroy;;
/* public functions */
this->public.get_ike_sa_id = (ike_sa_id_t * (*)(delete_half_open_ike_sa_job_t *)) get_ike_sa_id;

16
Source/charon/sa/states/ike_auth_requested.c
View File

@ -278,14 +278,16 @@ static status_t process_message(private_ike_auth_requested_t *this, message_t *i
this->ike_sa->set_last_replied_message_id(this->ike_sa,ike_auth_reply->get_message_id(ike_auth_reply));
/* create new state */
this->ike_sa->set_new_state(this->ike_sa, (state_t*)ike_sa_established_create(this->ike_sa));
this->ike_sa->create_delete_established_ike_sa_job(this->ike_sa,this->sa_config->get_ike_sa_lifetime(this->sa_config));
this->public.state_interface.destroy(&(this->public.state_interface));
my_host = this->ike_sa->get_my_host(this->ike_sa);
other_host = this->ike_sa->get_other_host(this->ike_sa);
this->logger->log(this->logger, AUDIT, "IKE_SA established between %s - %s",
my_host->get_address(my_host), other_host->get_address(other_host));
this->logger->log(this->logger, AUDIT, "IKE_SA established between %s - %s, authenticated peer with %s",
my_host->get_address(my_host), other_host->get_address(other_host),
mapping_find(auth_method_m, auth_payload->get_auth_method(auth_payload)));
this->ike_sa->create_delete_established_ike_sa_job(this->ike_sa,this->sa_config->get_ike_sa_lifetime(this->sa_config));
this->ike_sa->set_new_state(this->ike_sa, (state_t*)ike_sa_established_create(this->ike_sa));
this->public.state_interface.destroy(&(this->public.state_interface));
return SUCCESS;
}
@ -336,7 +338,7 @@ static status_t process_sa_payload(private_ike_auth_requested_t *this, sa_payloa
if (status != SUCCESS)
{
/* there are no proposals. This is possible if the requester doesn't want to setup a child sa */
this->logger->log(this->logger, CONTROL, "Responders SA_PAYLOAD contained no proposals, no CHILD_SA is built");
this->logger->log(this->logger, AUDIT, "IKE_AUH reply did not contain any proposals. Don't create CHILD_SA");
return SUCCESS;
}
if (proposal_count > 1)

7
Source/charon/sa/states/ike_sa_init_requested.c
View File

@ -651,7 +651,12 @@ static status_t process_notify_payload(private_ike_sa_init_requested_t *this, no
new_dh_group_priority = this->dh_group_priority + 1;
this->public.state_interface.destroy(&(this->public.state_interface));
return (initiator_init_state->retry_initiate_connection (initiator_init_state,new_dh_group_priority));
if (initiator_init_state->retry_initiate_connection (initiator_init_state,new_dh_group_priority) != SUCCESS)
{
return DELETE_ME;
}
return FAILED;
}
default:
{

26
Source/charon/sa/states/ike_sa_init_responded.c
View File

@ -313,15 +313,15 @@ static status_t process_message(private_ike_sa_init_responded_t *this, message_t
return DELETE_ME;
}
/* create new state */
this->ike_sa->set_new_state(this->ike_sa, (state_t*)ike_sa_established_create(this->ike_sa));
this->ike_sa->create_delete_established_ike_sa_job(this->ike_sa,this->sa_config->get_ike_sa_lifetime(this->sa_config));
this->public.state_interface.destroy(&(this->public.state_interface));
my_host = this->ike_sa->get_my_host(this->ike_sa);
/* create new state */my_host = this->ike_sa->get_my_host(this->ike_sa);
other_host = this->ike_sa->get_other_host(this->ike_sa);
this->logger->log(this->logger, AUDIT, "IKE_SA established between %s - %s",
my_host->get_address(my_host), other_host->get_address(other_host));
this->logger->log(this->logger, AUDIT, "IKE_SA established between %s - %s, authenticated peer with %s",
my_host->get_address(my_host), other_host->get_address(other_host),
mapping_find(auth_method_m, auth_request->get_auth_method(auth_request)));
this->ike_sa->create_delete_established_ike_sa_job(this->ike_sa,this->sa_config->get_ike_sa_lifetime(this->sa_config));
this->ike_sa->set_new_state(this->ike_sa, (state_t*)ike_sa_established_create(this->ike_sa));
this->public.state_interface.destroy(&(this->public.state_interface));
return SUCCESS;
}
@ -404,6 +404,7 @@ static status_t build_sa_payload(private_ike_sa_init_responded_t *this, sa_paylo
{
sa_response = sa_payload_create_from_child_proposals(proposal_chosen, 1);
response->add_payload(response, (payload_t*)sa_response);
allocator_free(proposal_chosen);
}
else
{
@ -411,22 +412,17 @@ static status_t build_sa_payload(private_ike_sa_init_responded_t *this, sa_paylo
this->ike_sa->send_notify(this->ike_sa, IKE_AUTH, NO_PROPOSAL_CHOSEN, CHUNK_INITIALIZER);
status = DELETE_ME;
}
allocator_free(proposals);
}
else
{
this->logger->log(this->logger, AUDIT, "IKE_AUH request did not contain any proposals. Don't create CHILD_SA.");
/* this->ike_sa->send_notify(this->ike_sa, IKE_AUTH, NO_PROPOSAL_CHOSEN, CHUNK_INITIALIZER);
status = DELETE_ME; */
this->logger->log(this->logger, AUDIT, "IKE_AUH request did not contain any proposals. Don't create CHILD_SA");
sa_response = sa_payload_create();
response->add_payload(response, (payload_t*)sa_response);
status = SUCCESS;
}
allocator_free(proposal_chosen);
allocator_free(proposals);
return status;
}

1
Source/charon/sa/states/responder_init.c
View File

@ -557,6 +557,7 @@ responder_init_t *responder_init_create(protected_ike_sa_t *ike_sa)
this->sent_nonce = CHUNK_INITIALIZER;
this->received_nonce = CHUNK_INITIALIZER;
this->dh_group_number = MODP_UNDEFINED;
this->diffie_hellman = NULL;
return &(this->public);
}

6
Source/charon/testcases/testcases.c
View File

@ -241,13 +241,13 @@ int main()
daemon_create();
charon->logger_manager->disable_logger_level(charon->logger_manager,TESTER,FULL);
//charon->logger_manager->enable_logger_level(charon->logger_manager,TESTER,RAW);
/* charon->logger_manager->enable_logger_level(charon->logger_manager,TESTER,RAW); */
tester_t *tester = tester_create(test_output, FALSE);
// tester->perform_tests(tester,all_tests);
tester->perform_test(tester,&linked_list_insert_and_remove_test);
tester->perform_tests(tester,all_tests);
/* tester->perform_test(tester,&linked_list_insert_and_remove_test); */
tester->destroy(tester);