- added todo's

Source/charon/config/init_config.h

@@ -37,6 +37,9 @@ typedef struct ike_proposal_t ike_proposal_t;
 /**
  * @brief Represents a Proposal used in IKE_SA_INIT phase.
  * 
+ * @todo Currently the amount of tranforms with same type in a IKE proposal is limited to 1.
+ * 		 Support of more transforms with same type has to be added.
+ * 
  * @ingroup config
  */
 struct ike_proposal_t {

Source/charon/config/sa_config.c

@@ -25,6 +25,7 @@
 #include <utils/linked_list.h>
 #include <utils/allocator.h>
 #include <utils/identification.h>
+#include <utils/logger.h>
 
 typedef struct private_sa_config_t private_sa_config_t;
 
@@ -242,27 +243,56 @@ static child_proposal_t *select_proposal(private_sa_config_t *this, u_int8_t ah_
 	iterator_t *iterator;
 	child_proposal_t *current_proposal, *selected_proposal;
 	int i;
+/*	logger_t *logger = logger_create("SA Config",FULL,FALSE,stdout); */
+	
 	
 	/* iterate over all stored proposals */
 	iterator = this->proposals->create_iterator(this->proposals, TRUE);
 	while (iterator->has_next(iterator))
 	{
 		iterator->current(iterator, (void**)&current_proposal);
+	/*	
+		logger->log(logger,FULL,"ESP integrity algorithm: %s, keylength: %d", mapping_find(integrity_algorithm_m,current_proposal->esp.integrity_algorithm),current_proposal->esp.integrity_algorithm_key_size);
+		logger->log(logger,FULL,"ESP diffie_hellman_group: %s", mapping_find(diffie_hellman_group_m,current_proposal->esp.diffie_hellman_group));
+		logger->log(logger,FULL,"ESP extended_sequence_numbers: %s", mapping_find(extended_sequence_numbers_m,current_proposal->esp.extended_sequence_numbers));
+		logger->log(logger,FULL,"ESP encryption_algorithm: %s keylength: %d", mapping_find(encryption_algorithm_m,current_proposal->esp.encryption_algorithm),current_proposal->esp.encryption_algorithm_key_size);
+*/
+		
+		
 		/* copy and break if a proposal matches */
 		for (i = 0; i < count; i++)
 		{
+/*			if (supplied[i].esp.is_set)
+			{
+				logger->log(logger,FULL,"ESP integrity algorithm: %s, keylength: %d", mapping_find(integrity_algorithm_m,supplied[i].esp.integrity_algorithm),supplied[i].esp.integrity_algorithm_key_size);
+				logger->log(logger,FULL,"ESP diffie_hellman_group: %s", mapping_find(diffie_hellman_group_m,supplied[i].esp.diffie_hellman_group));
+				logger->log(logger,FULL,"ESP extended_sequence_numbers: %s", mapping_find(extended_sequence_numbers_m,supplied[i].esp.extended_sequence_numbers));
+				logger->log(logger,FULL,"ESP encryption_algorithm: %s keylength: %d", mapping_find(encryption_algorithm_m,supplied[i].esp.encryption_algorithm),supplied[i].esp.encryption_algorithm_key_size);
+			}
+
+			if (supplied[i].ah.is_set)
+			{
+				logger->log(logger,FULL,"AH integrity algorithm: %s, keylength: %d", mapping_find(integrity_algorithm_m,supplied[i].ah.integrity_algorithm),supplied[i].ah.integrity_algorithm_key_size);
+				logger->log(logger,FULL,"AH diffie_hellman_group: %s", mapping_find(diffie_hellman_group_m,supplied[i].ah.diffie_hellman_group));
+				logger->log(logger,FULL,"AH extended_sequence_numbers: %s", mapping_find(extended_sequence_numbers_m,supplied[i].ah.extended_sequence_numbers));
+			}*/
+		
+			
 			if (this->proposal_equals(this, &(supplied[i]), current_proposal))
 			{
 				selected_proposal = allocator_alloc(sizeof(child_proposal_t));
 				*selected_proposal = *current_proposal;
 				memcpy(selected_proposal->ah.spi, ah_spi, 4);
 				memcpy(selected_proposal->ah.spi, esp_spi, 4);
+/*				logger->destroy(logger);*/
 				iterator->destroy(iterator);
 				return selected_proposal;
 			}
 		}
 	}
 	iterator->destroy(iterator);
+	
+/*	logger->destroy(logger); */
 	return NULL;
 }
 

Source/charon/config/sa_config.h

@@ -42,6 +42,9 @@ typedef struct child_proposal_t child_proposal_t;
  * A proposal for a child sa contains data for 
  * AH, ESP, or both.
  * 
+ * @todo Currently the amount of tranforms with same type in a proposal is limited to 1.
+ * 		 Support of more transforms with same type has to be added.
+ * 
  * @ingroup config
  */
 struct child_proposal_t {

Source/charon/daemon.c

@@ -162,7 +162,7 @@ static void build_test_jobs(private_daemon_t *this)
 	for(i = 0; i<1; i++)
 	{
 		initiate_ike_sa_job_t *initiate_job;
-		initiate_job = initiate_ike_sa_job_create("localhost");
+		initiate_job = initiate_ike_sa_job_create("pinflb30");
 		this->public.event_queue->add_relative(this->public.event_queue, (job_t*)initiate_job, i * 5000);
 	}
 }

Source/charon/encoding/payloads/sa_payload.c

@@ -278,9 +278,8 @@ static status_t get_ike_proposals (private_sa_payload_t *this,ike_proposal_t **
 		iterator->current(iterator,(void **)&(current_proposal));
 		if (current_proposal->get_protocol_id(current_proposal) == IKE)
 		{
-			/* a ike proposal consists of 4 transforms and an empty spi*/
-			if ((current_proposal->get_transform_count(current_proposal) != 4) ||
-			    (current_proposal->get_spi_size(current_proposal) != 0))
+			/* a ike proposal consists of an empty spi*/
+			if (current_proposal->get_spi_size(current_proposal) != 0)
 		    {
 		    	iterator->destroy(iterator);
 		    	return FAILED;
@@ -445,10 +444,13 @@ static status_t get_child_proposals (private_sa_payload_t *this,child_proposal_t
 	current_suite_number = 1;
 	tmp_proposals[current_suite_number - 1].ah.extended_sequence_numbers = NO_EXT_SEQ_NUMBERS;
 	tmp_proposals[current_suite_number - 1].ah.diffie_hellman_group = MODP_UNDEFINED;
-
+	tmp_proposals[current_suite_number - 1].ah.integrity_algorithm = AUTH_UNDEFINED;
+	tmp_proposals[current_suite_number - 1].ah.is_set = FALSE;
+	
 	tmp_proposals[current_suite_number - 1].esp.integrity_algorithm = AUTH_UNDEFINED;
 	tmp_proposals[current_suite_number - 1].esp.diffie_hellman_group = MODP_UNDEFINED;
 	tmp_proposals[current_suite_number - 1].esp.extended_sequence_numbers = NO_EXT_SEQ_NUMBERS;
+	tmp_proposals[current_suite_number - 1].esp.is_set = FALSE;
 	
 	/* create from each proposal_substructure a child_proposal_t data area*/
 	while (iterator->has_next(iterator))

Source/charon/encoding/payloads/sa_payload.h

@@ -56,6 +56,8 @@ typedef struct sa_payload_t sa_payload_t;
  * - sa_payload_create_from_ike_proposals()
  * - sa_payload_create_from_child_proposal()
  * 
+ * @todo Add support of algorithms without specified keylength in get_child_proposals and get_ike_proposals.
+ * 
  * @ingroup payloads
  */
 struct sa_payload_t {

Source/charon/sa/states/ike_sa_init_responded.c

@@ -447,7 +447,8 @@ static status_t build_auth_payload(private_ike_sa_init_responded_t *this, auth_p
 	if (status != SUCCESS)
 	{
 		this->logger->log(this->logger, AUDIT, "IKE_AUTH request verification failed. Deleting IKE_SA");
-		this->ike_sa->send_notify(this->ike_sa, IKE_AUTH, AUTHENTICATION_FAILED, CHUNK_INITIALIZER);		
+		this->ike_sa->send_notify(this->ike_sa, IKE_AUTH, AUTHENTICATION_FAILED, CHUNK_INITIALIZER);
+		authenticator->destroy(authenticator);
 		return DELETE_ME;
 	}
 		
@@ -522,11 +523,6 @@ static status_t process_notify_payload(private_ike_sa_init_responded_t *this, no
 					  mapping_find(notify_message_type_m, notify_message_type),
 					  mapping_find(protocol_id_m, notify_payload->get_protocol_id(notify_payload)));
 					  
-	if (notify_payload->get_protocol_id(notify_payload) != IKE)
-	{
-		this->logger->log(this->logger, AUDIT, "IKE_AUTH request contained a notify for an invalid protocol.");
-		return DELETE_ME;	
-	}
 	switch (notify_message_type)
 	{
 		case SET_WINDOW_SIZE:

Source/charon/testcases/testcases.c

@@ -246,8 +246,8 @@ int main()
 	tester_t *tester = tester_create(test_output, FALSE);
 	
 
-	tester->perform_tests(tester,all_tests);
-//	tester->perform_test(tester,&rsa_test); 
+//	tester->perform_tests(tester,all_tests);
+	tester->perform_test(tester,&linked_list_insert_and_remove_test); 
 	
 	
 	tester->destroy(tester);