- added todo's
This commit is contained in:
parent
6329a25750
commit
7fa8decb78
|
@ -37,6 +37,9 @@ typedef struct ike_proposal_t ike_proposal_t;
|
|||
/**
|
||||
* @brief Represents a Proposal used in IKE_SA_INIT phase.
|
||||
*
|
||||
* @todo Currently the amount of tranforms with same type in a IKE proposal is limited to 1.
|
||||
* Support of more transforms with same type has to be added.
|
||||
*
|
||||
* @ingroup config
|
||||
*/
|
||||
struct ike_proposal_t {
|
||||
|
|
|
@ -25,6 +25,7 @@
|
|||
#include <utils/linked_list.h>
|
||||
#include <utils/allocator.h>
|
||||
#include <utils/identification.h>
|
||||
#include <utils/logger.h>
|
||||
|
||||
typedef struct private_sa_config_t private_sa_config_t;
|
||||
|
||||
|
@ -242,27 +243,56 @@ static child_proposal_t *select_proposal(private_sa_config_t *this, u_int8_t ah_
|
|||
iterator_t *iterator;
|
||||
child_proposal_t *current_proposal, *selected_proposal;
|
||||
int i;
|
||||
/* logger_t *logger = logger_create("SA Config",FULL,FALSE,stdout); */
|
||||
|
||||
|
||||
/* iterate over all stored proposals */
|
||||
iterator = this->proposals->create_iterator(this->proposals, TRUE);
|
||||
while (iterator->has_next(iterator))
|
||||
{
|
||||
iterator->current(iterator, (void**)¤t_proposal);
|
||||
/*
|
||||
logger->log(logger,FULL,"ESP integrity algorithm: %s, keylength: %d", mapping_find(integrity_algorithm_m,current_proposal->esp.integrity_algorithm),current_proposal->esp.integrity_algorithm_key_size);
|
||||
logger->log(logger,FULL,"ESP diffie_hellman_group: %s", mapping_find(diffie_hellman_group_m,current_proposal->esp.diffie_hellman_group));
|
||||
logger->log(logger,FULL,"ESP extended_sequence_numbers: %s", mapping_find(extended_sequence_numbers_m,current_proposal->esp.extended_sequence_numbers));
|
||||
logger->log(logger,FULL,"ESP encryption_algorithm: %s keylength: %d", mapping_find(encryption_algorithm_m,current_proposal->esp.encryption_algorithm),current_proposal->esp.encryption_algorithm_key_size);
|
||||
*/
|
||||
|
||||
|
||||
/* copy and break if a proposal matches */
|
||||
for (i = 0; i < count; i++)
|
||||
{
|
||||
/* if (supplied[i].esp.is_set)
|
||||
{
|
||||
logger->log(logger,FULL,"ESP integrity algorithm: %s, keylength: %d", mapping_find(integrity_algorithm_m,supplied[i].esp.integrity_algorithm),supplied[i].esp.integrity_algorithm_key_size);
|
||||
logger->log(logger,FULL,"ESP diffie_hellman_group: %s", mapping_find(diffie_hellman_group_m,supplied[i].esp.diffie_hellman_group));
|
||||
logger->log(logger,FULL,"ESP extended_sequence_numbers: %s", mapping_find(extended_sequence_numbers_m,supplied[i].esp.extended_sequence_numbers));
|
||||
logger->log(logger,FULL,"ESP encryption_algorithm: %s keylength: %d", mapping_find(encryption_algorithm_m,supplied[i].esp.encryption_algorithm),supplied[i].esp.encryption_algorithm_key_size);
|
||||
}
|
||||
|
||||
if (supplied[i].ah.is_set)
|
||||
{
|
||||
logger->log(logger,FULL,"AH integrity algorithm: %s, keylength: %d", mapping_find(integrity_algorithm_m,supplied[i].ah.integrity_algorithm),supplied[i].ah.integrity_algorithm_key_size);
|
||||
logger->log(logger,FULL,"AH diffie_hellman_group: %s", mapping_find(diffie_hellman_group_m,supplied[i].ah.diffie_hellman_group));
|
||||
logger->log(logger,FULL,"AH extended_sequence_numbers: %s", mapping_find(extended_sequence_numbers_m,supplied[i].ah.extended_sequence_numbers));
|
||||
}*/
|
||||
|
||||
|
||||
if (this->proposal_equals(this, &(supplied[i]), current_proposal))
|
||||
{
|
||||
selected_proposal = allocator_alloc(sizeof(child_proposal_t));
|
||||
*selected_proposal = *current_proposal;
|
||||
memcpy(selected_proposal->ah.spi, ah_spi, 4);
|
||||
memcpy(selected_proposal->ah.spi, esp_spi, 4);
|
||||
/* logger->destroy(logger);*/
|
||||
iterator->destroy(iterator);
|
||||
return selected_proposal;
|
||||
}
|
||||
}
|
||||
}
|
||||
iterator->destroy(iterator);
|
||||
|
||||
/* logger->destroy(logger); */
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
|
|
@ -42,6 +42,9 @@ typedef struct child_proposal_t child_proposal_t;
|
|||
* A proposal for a child sa contains data for
|
||||
* AH, ESP, or both.
|
||||
*
|
||||
* @todo Currently the amount of tranforms with same type in a proposal is limited to 1.
|
||||
* Support of more transforms with same type has to be added.
|
||||
*
|
||||
* @ingroup config
|
||||
*/
|
||||
struct child_proposal_t {
|
||||
|
|
|
@ -162,7 +162,7 @@ static void build_test_jobs(private_daemon_t *this)
|
|||
for(i = 0; i<1; i++)
|
||||
{
|
||||
initiate_ike_sa_job_t *initiate_job;
|
||||
initiate_job = initiate_ike_sa_job_create("localhost");
|
||||
initiate_job = initiate_ike_sa_job_create("pinflb30");
|
||||
this->public.event_queue->add_relative(this->public.event_queue, (job_t*)initiate_job, i * 5000);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -278,9 +278,8 @@ static status_t get_ike_proposals (private_sa_payload_t *this,ike_proposal_t **
|
|||
iterator->current(iterator,(void **)&(current_proposal));
|
||||
if (current_proposal->get_protocol_id(current_proposal) == IKE)
|
||||
{
|
||||
/* a ike proposal consists of 4 transforms and an empty spi*/
|
||||
if ((current_proposal->get_transform_count(current_proposal) != 4) ||
|
||||
(current_proposal->get_spi_size(current_proposal) != 0))
|
||||
/* a ike proposal consists of an empty spi*/
|
||||
if (current_proposal->get_spi_size(current_proposal) != 0)
|
||||
{
|
||||
iterator->destroy(iterator);
|
||||
return FAILED;
|
||||
|
@ -445,10 +444,13 @@ static status_t get_child_proposals (private_sa_payload_t *this,child_proposal_t
|
|||
current_suite_number = 1;
|
||||
tmp_proposals[current_suite_number - 1].ah.extended_sequence_numbers = NO_EXT_SEQ_NUMBERS;
|
||||
tmp_proposals[current_suite_number - 1].ah.diffie_hellman_group = MODP_UNDEFINED;
|
||||
|
||||
tmp_proposals[current_suite_number - 1].ah.integrity_algorithm = AUTH_UNDEFINED;
|
||||
tmp_proposals[current_suite_number - 1].ah.is_set = FALSE;
|
||||
|
||||
tmp_proposals[current_suite_number - 1].esp.integrity_algorithm = AUTH_UNDEFINED;
|
||||
tmp_proposals[current_suite_number - 1].esp.diffie_hellman_group = MODP_UNDEFINED;
|
||||
tmp_proposals[current_suite_number - 1].esp.extended_sequence_numbers = NO_EXT_SEQ_NUMBERS;
|
||||
tmp_proposals[current_suite_number - 1].esp.is_set = FALSE;
|
||||
|
||||
/* create from each proposal_substructure a child_proposal_t data area*/
|
||||
while (iterator->has_next(iterator))
|
||||
|
|
|
@ -56,6 +56,8 @@ typedef struct sa_payload_t sa_payload_t;
|
|||
* - sa_payload_create_from_ike_proposals()
|
||||
* - sa_payload_create_from_child_proposal()
|
||||
*
|
||||
* @todo Add support of algorithms without specified keylength in get_child_proposals and get_ike_proposals.
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
struct sa_payload_t {
|
||||
|
|
|
@ -447,7 +447,8 @@ static status_t build_auth_payload(private_ike_sa_init_responded_t *this, auth_p
|
|||
if (status != SUCCESS)
|
||||
{
|
||||
this->logger->log(this->logger, AUDIT, "IKE_AUTH request verification failed. Deleting IKE_SA");
|
||||
this->ike_sa->send_notify(this->ike_sa, IKE_AUTH, AUTHENTICATION_FAILED, CHUNK_INITIALIZER);
|
||||
this->ike_sa->send_notify(this->ike_sa, IKE_AUTH, AUTHENTICATION_FAILED, CHUNK_INITIALIZER);
|
||||
authenticator->destroy(authenticator);
|
||||
return DELETE_ME;
|
||||
}
|
||||
|
||||
|
@ -522,11 +523,6 @@ static status_t process_notify_payload(private_ike_sa_init_responded_t *this, no
|
|||
mapping_find(notify_message_type_m, notify_message_type),
|
||||
mapping_find(protocol_id_m, notify_payload->get_protocol_id(notify_payload)));
|
||||
|
||||
if (notify_payload->get_protocol_id(notify_payload) != IKE)
|
||||
{
|
||||
this->logger->log(this->logger, AUDIT, "IKE_AUTH request contained a notify for an invalid protocol.");
|
||||
return DELETE_ME;
|
||||
}
|
||||
switch (notify_message_type)
|
||||
{
|
||||
case SET_WINDOW_SIZE:
|
||||
|
|
|
@ -246,8 +246,8 @@ int main()
|
|||
tester_t *tester = tester_create(test_output, FALSE);
|
||||
|
||||
|
||||
tester->perform_tests(tester,all_tests);
|
||||
// tester->perform_test(tester,&rsa_test);
|
||||
// tester->perform_tests(tester,all_tests);
|
||||
tester->perform_test(tester,&linked_list_insert_and_remove_test);
|
||||
|
||||
|
||||
tester->destroy(tester);
|
||||
|
|
Loading…
Reference in New Issue