diff --git a/src/libcharon/plugins/sql/mysql.sql b/src/libcharon/plugins/sql/mysql.sql index 36bac22c5..3262015a1 100644 --- a/src/libcharon/plugins/sql/mysql.sql +++ b/src/libcharon/plugins/sql/mysql.sql @@ -38,6 +38,21 @@ CREATE TABLE `child_config_traffic_selector` ( ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; +DROP TABLE IF EXISTS `algorithms`; +CREATE TABLE `algorithms` ( + `id` int(10) unsigned NOT NULL auto_increment, + `algorithm` varchar(128) NOT NULL +); + + +DROP TABLE IF EXISTS `child_config_algorithm`; +CREATE TABLE `child_config_algorithm` ( + `child_cfg` int(10) unsigned NOT NULL, + `prio` smallint(5) unsigned NOT NULL, + `alg` int(10) unsigned NOT NULL +); + + DROP TABLE IF EXISTS `ike_configs`; CREATE TABLE `ike_configs` ( `id` int(10) unsigned NOT NULL auto_increment, @@ -49,6 +64,14 @@ CREATE TABLE `ike_configs` ( ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; +DROP TABLE IF EXISTS `ike_config_algorithm`; +CREATE TABLE `ike_config_algorithm` ( + `ike_cfg` int(10) unsigned NOT NULL, + `prio` smallint(5) unsigned NOT NULL, + `alg` int(10) unsigned NOT NULL +); + + DROP TABLE IF EXISTS `peer_configs`; CREATE TABLE `peer_configs` ( `id` int(10) unsigned NOT NULL auto_increment, diff --git a/src/libcharon/plugins/sql/sql_config.c b/src/libcharon/plugins/sql/sql_config.c index d33bddc7f..bc562c2bf 100644 --- a/src/libcharon/plugins/sql/sql_config.c +++ b/src/libcharon/plugins/sql/sql_config.c @@ -38,13 +38,13 @@ struct private_sql_config_t { }; /** - * forward declaration + * Forward declaration */ static peer_cfg_t *build_peer_cfg(private_sql_config_t *this, enumerator_t *e, identification_t *me, identification_t *other); /** - * build a traffic selector from a SQL query + * Build a traffic selector from an SQL query */ static traffic_selector_t *build_traffic_selector(private_sql_config_t *this, enumerator_t *e, bool *local) @@ -119,7 +119,39 @@ static void add_traffic_selectors(private_sql_config_t *this, } /** - * build a Child configuration from a SQL query + * Add ESP proposals to a child config + */ +static void add_esp_proposals(private_sql_config_t *this, + child_cfg_t *child, int id) +{ + enumerator_t *e; + proposal_t *proposal; + char *alg; + bool use_default = TRUE; + + e = this->db->query(this->db, + "SELECT algorithm " + "FROM algorithms JOIN child_config_algorithm ON id = alg " + "WHERE child_cfg = ? ORDER BY prio", + DB_INT, id, DB_TEXT); + if (e) + { + while (e->enumerate(e, &alg)) + { + proposal = proposal_create_from_string(PROTO_ESP, alg); + child->add_proposal(child, proposal); + use_default = FALSE; + } + e->destroy(e); + } + if (use_default) + { + child->add_proposal(child, proposal_create_default(PROTO_ESP)); + } +} + +/** + * Build a child config from an SQL query */ static child_cfg_t *build_child_cfg(private_sql_config_t *this, enumerator_t *e) { @@ -136,8 +168,7 @@ static child_cfg_t *build_child_cfg(private_sql_config_t *this, enumerator_t *e) }; child_cfg = child_cfg_create(name, &lft, updown, hostaccess, mode, start, dpd, close, ipcomp, 0, 0, NULL, NULL); - /* TODO: read proposal from db */ - child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); + add_esp_proposals(this, child_cfg, id); add_traffic_selectors(this, child_cfg, id); return child_cfg; } @@ -171,29 +202,60 @@ static void add_child_cfgs(private_sql_config_t *this, peer_cfg_t *peer, int id) } /** - * build a ike configuration from a SQL query + * Add IKE proposals to an IKE config + */ +static void add_ike_proposals(private_sql_config_t *this, + ike_cfg_t *ike_cfg, int id) +{ + enumerator_t *e; + proposal_t *proposal; + char *alg; + bool use_default = TRUE; + + e = this->db->query(this->db, + "SELECT algorithm " + "FROM algorithms JOIN ike_config_algorithm ON id = alg " + "WHERE ike_cfg = ? ORDER BY prio", + DB_INT, id, DB_TEXT); + if (e) + { + while (e->enumerate(e, &alg)) + { + proposal = proposal_create_from_string(PROTO_IKE, alg); + ike_cfg->add_proposal(ike_cfg, proposal); + use_default = FALSE; + } + e->destroy(e); + } + if (use_default) + { + ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); + } +} + +/** + * Build an IKE config from an SQL query */ static ike_cfg_t *build_ike_cfg(private_sql_config_t *this, enumerator_t *e, host_t *my_host, host_t *other_host) { - int certreq, force_encap; + int id, certreq, force_encap; char *local, *remote; - while (e->enumerate(e, &certreq, &force_encap, &local, &remote)) + while (e->enumerate(e, &id, &certreq, &force_encap, &local, &remote)) { ike_cfg_t *ike_cfg; ike_cfg = ike_cfg_create(certreq, force_encap, local, IKEV2_UDP_PORT, remote, IKEV2_UDP_PORT); - /* TODO: read proposal from db */ - ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); + add_ike_proposals(this, ike_cfg, id); return ike_cfg; } return NULL; } /** - * Query a IKE config by its id + * Query an IKE config by its id */ static ike_cfg_t* get_ike_cfg_by_id(private_sql_config_t *this, int id) { @@ -201,10 +263,10 @@ static ike_cfg_t* get_ike_cfg_by_id(private_sql_config_t *this, int id) ike_cfg_t *ike_cfg = NULL; e = this->db->query(this->db, - "SELECT certreq, force_encap, local, remote " + "SELECT id, certreq, force_encap, local, remote " "FROM ike_configs WHERE id = ?", DB_INT, id, - DB_INT, DB_INT, DB_TEXT, DB_TEXT); + DB_INT, DB_INT, DB_INT, DB_TEXT, DB_TEXT); if (e) { ike_cfg = build_ike_cfg(this, e, NULL, NULL); @@ -247,7 +309,7 @@ static peer_cfg_t *get_peer_cfg_by_id(private_sql_config_t *this, int id) } /** - * build a peer configuration from a SQL query + * Build a peer config from an SQL query */ static peer_cfg_t *build_peer_cfg(private_sql_config_t *this, enumerator_t *e, identification_t *me, identification_t *other) @@ -415,9 +477,9 @@ static enumerator_t* create_ike_cfg_enumerator(private_sql_config_t *this, e->public.destroy = (void*)ike_enumerator_destroy; e->inner = this->db->query(this->db, - "SELECT certreq, force_encap, local, remote " + "SELECT id, certreq, force_encap, local, remote " "FROM ike_configs", - DB_INT, DB_INT, DB_TEXT, DB_TEXT); + DB_INT, DB_INT, DB_INT, DB_TEXT, DB_TEXT); if (!e->inner) { free(e); diff --git a/src/libcharon/plugins/sql/sqlite.sql b/src/libcharon/plugins/sql/sqlite.sql index fb5f474b1..603ecaeb7 100644 --- a/src/libcharon/plugins/sql/sqlite.sql +++ b/src/libcharon/plugins/sql/sqlite.sql @@ -41,6 +41,20 @@ CREATE INDEX child_config_traffic_selector_all ON child_config_traffic_selector child_cfg, traffic_selector ); +DROP TABLE IF EXISTS algorithms; +CREATE TABLE algorithms ( + id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, + algorithm TEXT NOT NULL +); + + +DROP TABLE IF EXISTS child_config_algorithm; +CREATE TABLE child_config_algorithm ( + child_cfg INTEGER NOT NULL, + prio INTEGER NOT NULL, + alg INTEGER NOT NULL +); + DROP TABLE IF EXISTS ike_configs; CREATE TABLE ike_configs ( @@ -52,6 +66,14 @@ CREATE TABLE ike_configs ( ); +DROP TABLE IF EXISTS ike_config_algorithm; +CREATE TABLE ike_config_algorithm ( + ike_cfg INTEGER NOT NULL, + prio INTEGER NOT NULL, + alg INTEGER NOT NULL +); + + DROP TABLE IF EXISTS peer_configs; CREATE TABLE peer_configs ( id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, diff --git a/testing/hosts/default/etc/ipsec.d/tables.sql b/testing/hosts/default/etc/ipsec.d/tables.sql index a4ae72270..1ac7f056c 100644 --- a/testing/hosts/default/etc/ipsec.d/tables.sql +++ b/testing/hosts/default/etc/ipsec.d/tables.sql @@ -39,6 +39,19 @@ CREATE INDEX child_config_traffic_selector_all ON child_config_traffic_selector child_cfg, traffic_selector ); +DROP TABLE IF EXISTS algorithms; +CREATE TABLE algorithms ( + id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, + algorithm TEXT NOT NULL +); + +DROP TABLE IF EXISTS child_config_algorithm; +CREATE TABLE child_config_algorithm ( + child_cfg INTEGER NOT NULL, + prio INTEGER NOT NULL, + alg INTEGER NOT NULL +); + DROP TABLE IF EXISTS ike_configs; CREATE TABLE ike_configs ( id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, @@ -48,6 +61,13 @@ CREATE TABLE ike_configs ( remote TEXT NOT NULL ); +DROP TABLE IF EXISTS ike_config_algorithm; +CREATE TABLE ike_config_algorithm ( + ike_cfg INTEGER NOT NULL, + prio INTEGER NOT NULL, + alg INTEGER NOT NULL +); + DROP TABLE IF EXISTS peer_configs; CREATE TABLE peer_configs ( id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, diff --git a/testing/tests/sql/net2net-route-pem/hosts/moon/etc/ipsec.d/data.sql b/testing/tests/sql/net2net-route-pem/hosts/moon/etc/ipsec.d/data.sql index 8d85497e2..0eabb3540 100644 --- a/testing/tests/sql/net2net-route-pem/hosts/moon/etc/ipsec.d/data.sql +++ b/testing/tests/sql/net2net-route-pem/hosts/moon/etc/ipsec.d/data.sql @@ -100,6 +100,14 @@ INSERT INTO private_key_identity ( 1, 6 ); +/* Algorithms */ + +INSERT INTO algorithms ( + algorithm +) VALUES ( + 'aes128-sha256-modp3072' +); + /* Configurations */ INSERT INTO ike_configs ( @@ -108,6 +116,12 @@ INSERT INTO ike_configs ( 'PH_IP_MOON', 'PH_IP_SUN' ); +INSERT INTO ike_config_algorithm ( + ike_cfg, prio, alg +) VALUES ( + 1, 1, 1 +); + INSERT INTO peer_configs ( name, ike_cfg, local_id, remote_id, mobike, dpd_delay ) VALUES ( @@ -150,6 +164,24 @@ INSERT INTO peer_config_child_config ( 1, 3 ); +INSERT INTO child_config_algorithm ( + child_cfg, prio, alg +) VALUES ( + 1, 1, 1 +); + +INSERT INTO child_config_algorithm ( + child_cfg, prio, alg +) VALUES ( + 2, 1, 1 +); + +INSERT INTO child_config_algorithm ( + child_cfg, prio, alg +) VALUES ( + 3, 1, 1 +); + INSERT INTO traffic_selectors ( type, start_addr, end_addr ) VALUES ( diff --git a/testing/tests/sql/net2net-route-pem/hosts/sun/etc/ipsec.d/data.sql b/testing/tests/sql/net2net-route-pem/hosts/sun/etc/ipsec.d/data.sql index aeacf493f..2a7b7423e 100644 --- a/testing/tests/sql/net2net-route-pem/hosts/sun/etc/ipsec.d/data.sql +++ b/testing/tests/sql/net2net-route-pem/hosts/sun/etc/ipsec.d/data.sql @@ -100,6 +100,14 @@ INSERT INTO private_key_identity ( 1, 6 ); +/* Algorithms */ + +INSERT INTO algorithms ( + algorithm +) VALUES ( + 'aes128-sha256-modp3072' +); + /* Configurations */ INSERT INTO ike_configs ( @@ -108,6 +116,12 @@ INSERT INTO ike_configs ( 'PH_IP_SUN', 'PH_IP_MOON' ); +INSERT INTO ike_config_algorithm ( + ike_cfg, prio, alg +) VALUES ( + 1, 1, 1 +); + INSERT INTO peer_configs ( name, ike_cfg, local_id, remote_id, mobike, dpd_delay ) VALUES ( @@ -150,6 +164,24 @@ INSERT INTO peer_config_child_config ( 1, 3 ); +INSERT INTO child_config_algorithm ( + child_cfg, prio, alg +) VALUES ( + 1, 1, 1 +); + +INSERT INTO child_config_algorithm ( + child_cfg, prio, alg +) VALUES ( + 2, 1, 1 +); + +INSERT INTO child_config_algorithm ( + child_cfg, prio, alg +) VALUES ( + 3, 1, 1 +); + INSERT INTO traffic_selectors ( type, start_addr, end_addr ) VALUES ( diff --git a/testing/tests/sql/net2net-start-pem/hosts/moon/etc/ipsec.d/data.sql b/testing/tests/sql/net2net-start-pem/hosts/moon/etc/ipsec.d/data.sql index 542bdeae2..2ffe55c60 100644 --- a/testing/tests/sql/net2net-start-pem/hosts/moon/etc/ipsec.d/data.sql +++ b/testing/tests/sql/net2net-start-pem/hosts/moon/etc/ipsec.d/data.sql @@ -100,6 +100,32 @@ INSERT INTO private_key_identity ( 1, 6 ); +/* Algorithms */ + +INSERT INTO algorithms ( + algorithm +) VALUES ( + 'aes128-sha256-modp2048' +); + +INSERT INTO algorithms ( + algorithm +) VALUES ( + 'aes192-sha384-modp3072' +); + +INSERT INTO algorithms ( + algorithm +) VALUES ( + 'aes128gcm128' +); + +INSERT INTO algorithms ( + algorithm +) VALUES ( + 'aes192gcm128' +); + /* Configurations */ INSERT INTO ike_configs ( @@ -108,6 +134,18 @@ INSERT INTO ike_configs ( 'PH_IP_MOON', 'PH_IP_SUN' ); +INSERT INTO ike_config_algorithm ( + ike_cfg, prio, alg +) VALUES ( + 1, 1, 1 +); + +INSERT INTO ike_config_algorithm ( + ike_cfg, prio, alg +) VALUES ( + 1, 2, 2 +); + INSERT INTO peer_configs ( name, ike_cfg, local_id, remote_id, mobike, dpd_delay ) VALUES ( @@ -150,6 +188,30 @@ INSERT INTO peer_config_child_config ( 1, 3 ); +INSERT INTO child_config_algorithm ( + child_cfg, prio, alg +) VALUES ( + 1, 1, 3 +); + +INSERT INTO child_config_algorithm ( + child_cfg, prio, alg +) VALUES ( + 2, 1, 4 +); + +INSERT INTO child_config_algorithm ( + child_cfg, prio, alg +) VALUES ( + 3, 1, 3 +); + +INSERT INTO child_config_algorithm ( + child_cfg, prio, alg +) VALUES ( + 3, 2, 4 +); + INSERT INTO traffic_selectors ( type, start_addr, end_addr ) VALUES ( diff --git a/testing/tests/sql/net2net-start-pem/hosts/sun/etc/ipsec.d/data.sql b/testing/tests/sql/net2net-start-pem/hosts/sun/etc/ipsec.d/data.sql index 3bcefd3d2..e07f7b7b0 100644 --- a/testing/tests/sql/net2net-start-pem/hosts/sun/etc/ipsec.d/data.sql +++ b/testing/tests/sql/net2net-start-pem/hosts/sun/etc/ipsec.d/data.sql @@ -100,6 +100,32 @@ INSERT INTO private_key_identity ( 1, 6 ); +/* Algorithms */ + +INSERT INTO algorithms ( + algorithm +) VALUES ( + 'aes128-sha256-modp2048' +); + +INSERT INTO algorithms ( + algorithm +) VALUES ( + 'aes192-sha384-modp3072' +); + +INSERT INTO algorithms ( + algorithm +) VALUES ( + 'aes128gcm128' +); + +INSERT INTO algorithms ( + algorithm +) VALUES ( + 'aes192gcm128' +); + /* Configurations */ INSERT INTO ike_configs ( @@ -108,6 +134,18 @@ INSERT INTO ike_configs ( 'PH_IP_SUN', 'PH_IP_MOON' ); +INSERT INTO ike_config_algorithm ( + ike_cfg, prio, alg +) VALUES ( + 1, 1, 1 +); + +INSERT INTO ike_config_algorithm ( + ike_cfg, prio, alg +) VALUES ( + 1, 2, 2 +); + INSERT INTO peer_configs ( name, ike_cfg, local_id, remote_id, mobike, dpd_delay ) VALUES ( @@ -150,6 +188,24 @@ INSERT INTO peer_config_child_config ( 1, 3 ); +INSERT INTO child_config_algorithm ( + child_cfg, prio, alg +) VALUES ( + 1, 1, 3 +); + +INSERT INTO child_config_algorithm ( + child_cfg, prio, alg +) VALUES ( + 2, 1, 4 +); + +INSERT INTO child_config_algorithm ( + child_cfg, prio, alg +) VALUES ( + 3, 1, 4 +); + INSERT INTO traffic_selectors ( type, start_addr, end_addr ) VALUES (