diff --git a/Source/charon/config/configuration_manager.c b/Source/charon/config/configuration_manager.c index 6239a4450..f2c726da5 100644 --- a/Source/charon/config/configuration_manager.c +++ b/Source/charon/config/configuration_manager.c @@ -274,15 +274,16 @@ u_int8_t private_key_2[]; */ static void load_default_config (private_configuration_manager_t *this) { - init_config_t *init_config1, *init_config2, *init_config3; - ike_proposal_t proposals[2]; + init_config_t *init_config1, *init_config2, *init_config3, *init_config4; + ike_proposal_t proposals[4]; child_proposal_t child_proposals[1]; - sa_config_t *sa_config1, *sa_config2, *sa_config3; + sa_config_t *sa_config1, *sa_config2, *sa_config3, *sa_config4; traffic_selector_t *ts; init_config1 = init_config_create("0.0.0.0","152.96.193.131",IKEV2_UDP_PORT,IKEV2_UDP_PORT); init_config2 = init_config_create("0.0.0.0","152.96.193.130",IKEV2_UDP_PORT,IKEV2_UDP_PORT); init_config3 = init_config_create("0.0.0.0","127.0.0.1",IKEV2_UDP_PORT,IKEV2_UDP_PORT); + init_config4 = init_config_create("0.0.0.0","127.0.0.1",IKEV2_UDP_PORT,IKEV2_UDP_PORT); ts = traffic_selector_create_from_string(1, TS_IPV4_ADDR_RANGE, "0.0.0.0", 0, "255.255.255.255", 65535); @@ -299,7 +300,13 @@ static void load_default_config (private_configuration_manager_t *this) proposals[1].integrity_algorithm_key_length = 20; proposals[1].pseudo_random_function = PRF_HMAC_SHA1; proposals[1].pseudo_random_function_key_length = 20; - proposals[1].diffie_hellman_group = MODP_1024_BIT; + proposals[1].diffie_hellman_group = MODP_2048_BIT; + + + proposals[2] = proposals[1]; + proposals[2].diffie_hellman_group = MODP_4096_BIT; + proposals[3] = proposals[1]; + proposals[3].diffie_hellman_group = MODP_2048_BIT; init_config1->add_proposal(init_config1,1,proposals[1]); init_config1->add_proposal(init_config1,1,proposals[0]); @@ -307,7 +314,8 @@ static void load_default_config (private_configuration_manager_t *this) init_config2->add_proposal(init_config2,1,proposals[0]); init_config3->add_proposal(init_config3,1,proposals[1]); init_config3->add_proposal(init_config3,1,proposals[0]); - + init_config4->add_proposal(init_config4,1,proposals[3]); + init_config4->add_proposal(init_config4,1,proposals[2]); sa_config1 = sa_config_create(ID_IPV4_ADDR, "152.96.193.130", ID_IPV4_ADDR, "152.96.193.131", @@ -324,14 +332,22 @@ static void load_default_config (private_configuration_manager_t *this) sa_config2->add_traffic_selector_initiator(sa_config2,ts); sa_config2->add_traffic_selector_responder(sa_config2,ts); - + sa_config3 = sa_config_create(ID_IPV4_ADDR, "127.0.0.1", ID_IPV4_ADDR, "127.0.0.1", - RSA_DIGITAL_SIGNATURE, + SHARED_KEY_MESSAGE_INTEGRITY_CODE, 30000); sa_config3->add_traffic_selector_initiator(sa_config3,ts); sa_config3->add_traffic_selector_responder(sa_config3,ts); + + sa_config4 = sa_config_create(ID_IPV4_ADDR, "127.0.0.1", + ID_IPV4_ADDR, "127.0.0.1", + RSA_DIGITAL_SIGNATURE, + 30000); + + sa_config4->add_traffic_selector_initiator(sa_config4,ts); + sa_config4->add_traffic_selector_responder(sa_config4,ts); ts->destroy(ts); @@ -360,10 +376,13 @@ static void load_default_config (private_configuration_manager_t *this) this->add_new_configuration(this,"pinflb31",init_config1,sa_config1); this->add_new_configuration(this,"pinflb30",init_config2,sa_config2); - this->add_new_configuration(this,"localhost",init_config3,sa_config3); + this->add_new_configuration(this,"localhost-shared",init_config3,sa_config3); + this->add_new_configuration(this,"localhost-rsa",init_config3,sa_config4); + this->add_new_configuration(this,"localhost-bad_dh_group",init_config4, sa_config3); + this->add_new_preshared_secret(this,ID_IPV4_ADDR, "152.96.193.130","verschluesselt"); - this->add_new_preshared_secret(this,ID_IPV4_ADDR, "152.96.193.131","scheisen"); + this->add_new_preshared_secret(this,ID_IPV4_ADDR, "152.96.193.131","verschluesselt"); this->add_new_preshared_secret(this,ID_IPV4_ADDR, "127.0.0.1","verschluesselt"); this->add_new_rsa_public_key(this,ID_IPV4_ADDR, "127.0.0.1", public_key_1, 256); @@ -598,7 +617,7 @@ static void add_new_configuration (private_configuration_manager_t *this, char * this->sa_configs->insert_first(this->sa_configs,sa_config); } - this->configurations->insert_first(this->configurations,configuration_entry_create(name,init_config,sa_config)); + this->configurations->insert_last(this->configurations,configuration_entry_create(name,init_config,sa_config)); } /** diff --git a/Source/charon/daemon.c b/Source/charon/daemon.c index 6623d57ea..4f109f7e3 100644 --- a/Source/charon/daemon.c +++ b/Source/charon/daemon.c @@ -157,14 +157,19 @@ static void kill_daemon(private_daemon_t *this, char *reason) * Implementation of private_daemon_t.build_test_jobs. */ static void build_test_jobs(private_daemon_t *this) -{ - int i; - for(i = 0; i<1; i++) - { - initiate_ike_sa_job_t *initiate_job; - initiate_job = initiate_ike_sa_job_create("pinflb30"); - this->public.event_queue->add_relative(this->public.event_queue, (job_t*)initiate_job, i * 5000); - } +{ + char *config_name; + initiate_ike_sa_job_t *initiate_job; + + config_name = "localhost-rsa"; + /* config_name = "localhost-shared"; */ + /* config_name = "localhost-bad_dh_group"; */ + + + initiate_job = initiate_ike_sa_job_create(config_name); + + this->public.event_queue->add_relative(this->public.event_queue, (job_t*)initiate_job, 2000); + } /** diff --git a/Source/charon/encoding/payloads/notify_payload.c b/Source/charon/encoding/payloads/notify_payload.c index 36a9930dc..dccc9d169 100644 --- a/Source/charon/encoding/payloads/notify_payload.c +++ b/Source/charon/encoding/payloads/notify_payload.c @@ -395,6 +395,7 @@ notify_payload_t *notify_payload_create() this->notify_message_type = 0; this->spi.ptr = NULL; this->spi.len = 0; + this->spi_size = 0; this->notification_data.ptr = NULL; this->notification_data.len = 0; diff --git a/Source/charon/encoding/payloads/sa_payload.c b/Source/charon/encoding/payloads/sa_payload.c index 0cae8948f..1ef67a2c9 100644 --- a/Source/charon/encoding/payloads/sa_payload.c +++ b/Source/charon/encoding/payloads/sa_payload.c @@ -761,6 +761,7 @@ sa_payload_t *sa_payload_create_from_ike_proposals(ike_proposal_t *proposals, si proposal_substructure = proposal_substructure_create(); proposal_substructure->set_protocol_id(proposal_substructure,IKE); proposal_substructure->set_proposal_number(proposal_substructure,(i + 1)); + /* create transform substructures to hold each specific transform for an ike proposal */ encryption_algorithm = transform_substructure_create_type(ENCRYPTION_ALGORITHM,proposals[i].encryption_algorithm,proposals[i].encryption_algorithm_key_length); diff --git a/Source/charon/queues/jobs/delete_established_ike_sa_job.c b/Source/charon/queues/jobs/delete_established_ike_sa_job.c index 809980550..595bdd11b 100644 --- a/Source/charon/queues/jobs/delete_established_ike_sa_job.c +++ b/Source/charon/queues/jobs/delete_established_ike_sa_job.c @@ -61,9 +61,8 @@ static ike_sa_id_t *get_ike_sa_id(private_delete_established_ike_sa_job_t *this) /** * Implementation of job_t.destroy. */ -static void destroy(job_t *job) +static void destroy(private_delete_established_ike_sa_job_t *this) { - private_delete_established_ike_sa_job_t *this = (private_delete_established_ike_sa_job_t *) job; this->ike_sa_id->destroy(this->ike_sa_id); allocator_free(this); } @@ -79,7 +78,7 @@ delete_established_ike_sa_job_t *delete_established_ike_sa_job_create(ike_sa_id_ this->public.job_interface.get_type = (job_type_t (*) (job_t *)) get_type; /* same as destroy */ this->public.job_interface.destroy_all = (void (*) (job_t *)) destroy; - this->public.job_interface.destroy = destroy; + this->public.job_interface.destroy = (void (*)(job_t*)) destroy; /* public functions */ this->public.get_ike_sa_id = (ike_sa_id_t * (*)(delete_established_ike_sa_job_t *)) get_ike_sa_id; diff --git a/Source/charon/queues/jobs/delete_half_open_ike_sa_job.c b/Source/charon/queues/jobs/delete_half_open_ike_sa_job.c index d37cb98c4..47354d6be 100644 --- a/Source/charon/queues/jobs/delete_half_open_ike_sa_job.c +++ b/Source/charon/queues/jobs/delete_half_open_ike_sa_job.c @@ -61,9 +61,8 @@ static ike_sa_id_t *get_ike_sa_id(private_delete_half_open_ike_sa_job_t *this) /** * Implements job_t.destroy. */ -static void destroy(job_t *job) +static void destroy(private_delete_half_open_ike_sa_job_t *this) { - private_delete_half_open_ike_sa_job_t *this = (private_delete_half_open_ike_sa_job_t *) job; this->ike_sa_id->destroy(this->ike_sa_id); allocator_free(this); } @@ -79,7 +78,7 @@ delete_half_open_ike_sa_job_t *delete_half_open_ike_sa_job_create(ike_sa_id_t *i this->public.job_interface.get_type = (job_type_t (*) (job_t *)) get_type; /* same as destroy */ this->public.job_interface.destroy_all = (void (*) (job_t *)) destroy; - this->public.job_interface.destroy = destroy; + this->public.job_interface.destroy = (void (*)(job_t *)) destroy;; /* public functions */ this->public.get_ike_sa_id = (ike_sa_id_t * (*)(delete_half_open_ike_sa_job_t *)) get_ike_sa_id; diff --git a/Source/charon/sa/states/ike_auth_requested.c b/Source/charon/sa/states/ike_auth_requested.c index ddcff4c6a..f2385fe4c 100644 --- a/Source/charon/sa/states/ike_auth_requested.c +++ b/Source/charon/sa/states/ike_auth_requested.c @@ -278,14 +278,16 @@ static status_t process_message(private_ike_auth_requested_t *this, message_t *i this->ike_sa->set_last_replied_message_id(this->ike_sa,ike_auth_reply->get_message_id(ike_auth_reply)); /* create new state */ - this->ike_sa->set_new_state(this->ike_sa, (state_t*)ike_sa_established_create(this->ike_sa)); - this->ike_sa->create_delete_established_ike_sa_job(this->ike_sa,this->sa_config->get_ike_sa_lifetime(this->sa_config)); - this->public.state_interface.destroy(&(this->public.state_interface)); - + my_host = this->ike_sa->get_my_host(this->ike_sa); other_host = this->ike_sa->get_other_host(this->ike_sa); - this->logger->log(this->logger, AUDIT, "IKE_SA established between %s - %s", - my_host->get_address(my_host), other_host->get_address(other_host)); + this->logger->log(this->logger, AUDIT, "IKE_SA established between %s - %s, authenticated peer with %s", + my_host->get_address(my_host), other_host->get_address(other_host), + mapping_find(auth_method_m, auth_payload->get_auth_method(auth_payload))); + + this->ike_sa->create_delete_established_ike_sa_job(this->ike_sa,this->sa_config->get_ike_sa_lifetime(this->sa_config)); + this->ike_sa->set_new_state(this->ike_sa, (state_t*)ike_sa_established_create(this->ike_sa)); + this->public.state_interface.destroy(&(this->public.state_interface)); return SUCCESS; } @@ -336,7 +338,7 @@ static status_t process_sa_payload(private_ike_auth_requested_t *this, sa_payloa if (status != SUCCESS) { /* there are no proposals. This is possible if the requester doesn't want to setup a child sa */ - this->logger->log(this->logger, CONTROL, "Responders SA_PAYLOAD contained no proposals, no CHILD_SA is built"); + this->logger->log(this->logger, AUDIT, "IKE_AUH reply did not contain any proposals. Don't create CHILD_SA"); return SUCCESS; } if (proposal_count > 1) diff --git a/Source/charon/sa/states/ike_sa_init_requested.c b/Source/charon/sa/states/ike_sa_init_requested.c index c24ff5bb6..81b75e780 100644 --- a/Source/charon/sa/states/ike_sa_init_requested.c +++ b/Source/charon/sa/states/ike_sa_init_requested.c @@ -651,7 +651,12 @@ static status_t process_notify_payload(private_ike_sa_init_requested_t *this, no new_dh_group_priority = this->dh_group_priority + 1; this->public.state_interface.destroy(&(this->public.state_interface)); - return (initiator_init_state->retry_initiate_connection (initiator_init_state,new_dh_group_priority)); + if (initiator_init_state->retry_initiate_connection (initiator_init_state,new_dh_group_priority) != SUCCESS) + { + return DELETE_ME; + } + return FAILED; + } default: { diff --git a/Source/charon/sa/states/ike_sa_init_responded.c b/Source/charon/sa/states/ike_sa_init_responded.c index e938de3cc..3d8f9e045 100644 --- a/Source/charon/sa/states/ike_sa_init_responded.c +++ b/Source/charon/sa/states/ike_sa_init_responded.c @@ -313,15 +313,15 @@ static status_t process_message(private_ike_sa_init_responded_t *this, message_t return DELETE_ME; } - /* create new state */ - this->ike_sa->set_new_state(this->ike_sa, (state_t*)ike_sa_established_create(this->ike_sa)); - this->ike_sa->create_delete_established_ike_sa_job(this->ike_sa,this->sa_config->get_ike_sa_lifetime(this->sa_config)); - this->public.state_interface.destroy(&(this->public.state_interface)); - - my_host = this->ike_sa->get_my_host(this->ike_sa); + /* create new state */my_host = this->ike_sa->get_my_host(this->ike_sa); other_host = this->ike_sa->get_other_host(this->ike_sa); - this->logger->log(this->logger, AUDIT, "IKE_SA established between %s - %s", - my_host->get_address(my_host), other_host->get_address(other_host)); + this->logger->log(this->logger, AUDIT, "IKE_SA established between %s - %s, authenticated peer with %s", + my_host->get_address(my_host), other_host->get_address(other_host), + mapping_find(auth_method_m, auth_request->get_auth_method(auth_request))); + + this->ike_sa->create_delete_established_ike_sa_job(this->ike_sa,this->sa_config->get_ike_sa_lifetime(this->sa_config)); + this->ike_sa->set_new_state(this->ike_sa, (state_t*)ike_sa_established_create(this->ike_sa)); + this->public.state_interface.destroy(&(this->public.state_interface)); return SUCCESS; } @@ -404,6 +404,7 @@ static status_t build_sa_payload(private_ike_sa_init_responded_t *this, sa_paylo { sa_response = sa_payload_create_from_child_proposals(proposal_chosen, 1); response->add_payload(response, (payload_t*)sa_response); + allocator_free(proposal_chosen); } else { @@ -411,22 +412,17 @@ static status_t build_sa_payload(private_ike_sa_init_responded_t *this, sa_paylo this->ike_sa->send_notify(this->ike_sa, IKE_AUTH, NO_PROPOSAL_CHOSEN, CHUNK_INITIALIZER); status = DELETE_ME; } + allocator_free(proposals); } else { - this->logger->log(this->logger, AUDIT, "IKE_AUH request did not contain any proposals. Don't create CHILD_SA."); -/* this->ike_sa->send_notify(this->ike_sa, IKE_AUTH, NO_PROPOSAL_CHOSEN, CHUNK_INITIALIZER); - status = DELETE_ME; */ + this->logger->log(this->logger, AUDIT, "IKE_AUH request did not contain any proposals. Don't create CHILD_SA"); sa_response = sa_payload_create(); response->add_payload(response, (payload_t*)sa_response); status = SUCCESS; } - - allocator_free(proposal_chosen); - allocator_free(proposals); - return status; } diff --git a/Source/charon/sa/states/responder_init.c b/Source/charon/sa/states/responder_init.c index a54b486e5..5ea4588a1 100644 --- a/Source/charon/sa/states/responder_init.c +++ b/Source/charon/sa/states/responder_init.c @@ -557,6 +557,7 @@ responder_init_t *responder_init_create(protected_ike_sa_t *ike_sa) this->sent_nonce = CHUNK_INITIALIZER; this->received_nonce = CHUNK_INITIALIZER; this->dh_group_number = MODP_UNDEFINED; + this->diffie_hellman = NULL; return &(this->public); } diff --git a/Source/charon/testcases/testcases.c b/Source/charon/testcases/testcases.c index a06a1333b..5f33d07d4 100644 --- a/Source/charon/testcases/testcases.c +++ b/Source/charon/testcases/testcases.c @@ -241,13 +241,13 @@ int main() daemon_create(); charon->logger_manager->disable_logger_level(charon->logger_manager,TESTER,FULL); - //charon->logger_manager->enable_logger_level(charon->logger_manager,TESTER,RAW); + /* charon->logger_manager->enable_logger_level(charon->logger_manager,TESTER,RAW); */ tester_t *tester = tester_create(test_output, FALSE); -// tester->perform_tests(tester,all_tests); - tester->perform_test(tester,&linked_list_insert_and_remove_test); + tester->perform_tests(tester,all_tests); + /* tester->perform_test(tester,&linked_list_insert_and_remove_test); */ tester->destroy(tester);