402 lines
9.5 KiB
C
402 lines
9.5 KiB
C
/**
|
|
* @file connection.c
|
|
*
|
|
* @brief Implementation of connection_t.
|
|
*
|
|
*/
|
|
|
|
/*
|
|
* Copyright (C) 2005-2006 Martin Willi
|
|
* Copyright (C) 2005 Jan Hutter
|
|
* Hochschule fuer Technik Rapperswil
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify it
|
|
* under the terms of the GNU General Public License as published by the
|
|
* Free Software Foundation; either version 2 of the License, or (at your
|
|
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
|
*
|
|
* This program is distributed in the hope that it will be useful, but
|
|
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
|
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
* for more details.
|
|
*/
|
|
|
|
#include <string.h>
|
|
|
|
#include <config/connections/connection.h>
|
|
|
|
#include <utils/linked_list.h>
|
|
#include <utils/logger.h>
|
|
|
|
/**
|
|
* String mappings for auth_method_t.
|
|
*/
|
|
mapping_t auth_method_m[] = {
|
|
{RSA_DIGITAL_SIGNATURE, "RSA"},
|
|
{SHARED_KEY_MESSAGE_INTEGRITY_CODE, "SHARED_KEY"},
|
|
{DSS_DIGITAL_SIGNATURE, "DSS"},
|
|
{MAPPING_END, NULL}
|
|
};
|
|
|
|
/**
|
|
* String mappings for cert_policy_t.
|
|
*/
|
|
mapping_t cert_policy_m[] = {
|
|
{CERT_ALWAYS_SEND, "CERT_ALWAYS_SEND"},
|
|
{CERT_SEND_IF_ASKED, "CERT_SEND_IF_ASKED"},
|
|
{CERT_NEVER_SEND, "CERT_NEVER_SEND"},
|
|
{MAPPING_END, NULL}
|
|
};
|
|
|
|
typedef struct private_connection_t private_connection_t;
|
|
|
|
/**
|
|
* Private data of an connection_t object
|
|
*/
|
|
struct private_connection_t {
|
|
|
|
/**
|
|
* Public part
|
|
*/
|
|
connection_t public;
|
|
|
|
/**
|
|
* Number of references hold by others to this connection
|
|
*/
|
|
u_int refcount;
|
|
|
|
/**
|
|
* Name of the connection
|
|
*/
|
|
char *name;
|
|
|
|
/**
|
|
* Does charon handle this connection? Or can he ignore it?
|
|
*/
|
|
bool ikev2;
|
|
|
|
/**
|
|
* should we send a certificate request?
|
|
*/
|
|
cert_policy_t certreq_policy;
|
|
|
|
/**
|
|
* should we send a certificates?
|
|
*/
|
|
cert_policy_t cert_policy;
|
|
|
|
/**
|
|
* ID of us
|
|
*/
|
|
identification_t *my_id;
|
|
|
|
/**
|
|
* Host information of my host.
|
|
*/
|
|
host_t *my_host;
|
|
|
|
/**
|
|
* Host information of other host.
|
|
*/
|
|
host_t *other_host;
|
|
|
|
/**
|
|
* Method to use for own authentication data
|
|
*/
|
|
auth_method_t auth_method;
|
|
|
|
/**
|
|
* Supported proposals
|
|
*/
|
|
linked_list_t *proposals;
|
|
|
|
/**
|
|
* Time before an SA gets invalid
|
|
*/
|
|
u_int32_t soft_lifetime;
|
|
|
|
/**
|
|
* Time before an SA gets rekeyed
|
|
*/
|
|
u_int32_t hard_lifetime;
|
|
|
|
/**
|
|
* Time, which specifies the range of a random value
|
|
* substracted from soft_lifetime.
|
|
*/
|
|
u_int32_t jitter;
|
|
};
|
|
|
|
/**
|
|
* Implementation of connection_t.get_name.
|
|
*/
|
|
static char *get_name (private_connection_t *this)
|
|
{
|
|
return this->name;
|
|
}
|
|
|
|
/**
|
|
* Implementation of connection_t.is_ikev2.
|
|
*/
|
|
static bool is_ikev2 (private_connection_t *this)
|
|
{
|
|
return this->ikev2;
|
|
}
|
|
|
|
/**
|
|
* Implementation of connection_t.get_certreq_policy.
|
|
*/
|
|
static cert_policy_t get_certreq_policy (private_connection_t *this)
|
|
{
|
|
return this->certreq_policy;
|
|
}
|
|
|
|
/**
|
|
* Implementation of connection_t.get_cert_policy.
|
|
*/
|
|
static cert_policy_t get_cert_policy (private_connection_t *this)
|
|
{
|
|
return this->cert_policy;
|
|
}
|
|
|
|
/**
|
|
* Implementation of connection_t.get_my_host.
|
|
*/
|
|
static host_t *get_my_host (private_connection_t *this)
|
|
{
|
|
return this->my_host;
|
|
}
|
|
|
|
/**
|
|
* Implementation of connection_t.get_other_host.
|
|
*/
|
|
static host_t *get_other_host (private_connection_t *this)
|
|
{
|
|
return this->other_host;
|
|
}
|
|
|
|
/**
|
|
* Implementation of connection_t.get_proposals.
|
|
*/
|
|
static linked_list_t* get_proposals(private_connection_t *this)
|
|
{
|
|
iterator_t *iterator;
|
|
proposal_t *current;
|
|
linked_list_t *proposals = linked_list_create();
|
|
|
|
iterator = this->proposals->create_iterator(this->proposals, TRUE);
|
|
while (iterator->iterate(iterator, (void**)¤t))
|
|
{
|
|
current = current->clone(current);
|
|
proposals->insert_last(proposals, (void*)current);
|
|
}
|
|
iterator->destroy(iterator);
|
|
|
|
return proposals;
|
|
}
|
|
|
|
/**
|
|
* Implementation of connection_t.select_proposal.
|
|
*/
|
|
static proposal_t *select_proposal(private_connection_t *this, linked_list_t *proposals)
|
|
{
|
|
iterator_t *stored_iter, *supplied_iter;
|
|
proposal_t *stored, *supplied, *selected;
|
|
|
|
stored_iter = this->proposals->create_iterator(this->proposals, TRUE);
|
|
supplied_iter = proposals->create_iterator(proposals, TRUE);
|
|
|
|
/* compare all stored proposals with all supplied. Stored ones are preferred. */
|
|
while (stored_iter->has_next(stored_iter))
|
|
{
|
|
supplied_iter->reset(supplied_iter);
|
|
stored_iter->current(stored_iter, (void**)&stored);
|
|
|
|
while (supplied_iter->has_next(supplied_iter))
|
|
{
|
|
supplied_iter->current(supplied_iter, (void**)&supplied);
|
|
selected = stored->select(stored, supplied);
|
|
if (selected)
|
|
{
|
|
/* they match, return */
|
|
stored_iter->destroy(stored_iter);
|
|
supplied_iter->destroy(supplied_iter);
|
|
return selected;
|
|
}
|
|
}
|
|
}
|
|
/* no proposal match :-(, will result in a NO_PROPOSAL_CHOSEN... */
|
|
stored_iter->destroy(stored_iter);
|
|
supplied_iter->destroy(supplied_iter);
|
|
|
|
return NULL;
|
|
}
|
|
|
|
/**
|
|
* Implementation of connection_t.add_proposal.
|
|
*/
|
|
static void add_proposal(private_connection_t *this, proposal_t *proposal)
|
|
{
|
|
this->proposals->insert_last(this->proposals, proposal);
|
|
}
|
|
|
|
/**
|
|
* Implementation of connection_t.auth_method_t.
|
|
*/
|
|
static auth_method_t get_auth_method(private_connection_t *this)
|
|
{
|
|
return this->auth_method;
|
|
}
|
|
|
|
/**
|
|
* Implementation of connection_t.get_dh_group.
|
|
*/
|
|
static diffie_hellman_group_t get_dh_group(private_connection_t *this)
|
|
{
|
|
iterator_t *iterator;
|
|
proposal_t *proposal;
|
|
algorithm_t *algo;
|
|
diffie_hellman_group_t dh_group = MODP_NONE;
|
|
|
|
iterator = this->proposals->create_iterator(this->proposals, TRUE);
|
|
while (iterator->has_next(iterator))
|
|
{
|
|
iterator->current(iterator, (void**)&proposal);
|
|
if (proposal->get_algorithm(proposal, DIFFIE_HELLMAN_GROUP, &algo))
|
|
{
|
|
dh_group = algo->algorithm;
|
|
break;
|
|
}
|
|
}
|
|
iterator->destroy(iterator);
|
|
return dh_group;
|
|
}
|
|
|
|
/**
|
|
* Implementation of connection_t.check_dh_group.
|
|
*/
|
|
static bool check_dh_group(private_connection_t *this, diffie_hellman_group_t dh_group)
|
|
{
|
|
iterator_t *prop_iter, *alg_iter;
|
|
proposal_t *proposal;
|
|
algorithm_t *algo;
|
|
|
|
prop_iter = this->proposals->create_iterator(this->proposals, TRUE);
|
|
while (prop_iter->has_next(prop_iter))
|
|
{
|
|
prop_iter->current(prop_iter, (void**)&proposal);
|
|
alg_iter = proposal->create_algorithm_iterator(proposal, DIFFIE_HELLMAN_GROUP);
|
|
while (alg_iter->has_next(alg_iter))
|
|
{
|
|
alg_iter->current(alg_iter, (void**)&algo);
|
|
if (algo->algorithm == dh_group)
|
|
{
|
|
prop_iter->destroy(prop_iter);
|
|
alg_iter->destroy(alg_iter);
|
|
return TRUE;
|
|
}
|
|
}
|
|
alg_iter->destroy(alg_iter);
|
|
}
|
|
prop_iter->destroy(prop_iter);
|
|
return FALSE;
|
|
}
|
|
/**
|
|
* Implementation of connection_t.get_soft_lifetime
|
|
*/
|
|
static u_int32_t get_soft_lifetime(private_connection_t *this)
|
|
{
|
|
if (this->jitter == 0)
|
|
{
|
|
return this->soft_lifetime ;
|
|
}
|
|
return this->soft_lifetime - (random() % this->jitter);
|
|
}
|
|
|
|
/**
|
|
* Implementation of connection_t.get_hard_lifetime
|
|
*/
|
|
static u_int32_t get_hard_lifetime(private_connection_t *this)
|
|
{
|
|
return this->hard_lifetime;
|
|
}
|
|
|
|
/**
|
|
* Implementation of connection_t.get_ref.
|
|
*/
|
|
static void get_ref(private_connection_t *this)
|
|
{
|
|
this->refcount++;
|
|
}
|
|
|
|
/**
|
|
* Implementation of connection_t.destroy.
|
|
*/
|
|
static void destroy(private_connection_t *this)
|
|
{
|
|
if (--this->refcount == 0)
|
|
{
|
|
proposal_t *proposal;
|
|
|
|
while (this->proposals->remove_last(this->proposals, (void**)&proposal) == SUCCESS)
|
|
{
|
|
proposal->destroy(proposal);
|
|
}
|
|
this->proposals->destroy(this->proposals);
|
|
|
|
this->my_host->destroy(this->my_host);
|
|
this->other_host->destroy(this->other_host);
|
|
free(this->name);
|
|
free(this);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Described in header.
|
|
*/
|
|
connection_t * connection_create(char *name, bool ikev2,
|
|
cert_policy_t cert_policy,
|
|
cert_policy_t certreq_policy,
|
|
host_t *my_host, host_t *other_host,
|
|
auth_method_t auth_method,
|
|
u_int32_t hard_lifetime,
|
|
u_int32_t soft_lifetime, u_int32_t jitter)
|
|
{
|
|
private_connection_t *this = malloc_thing(private_connection_t);
|
|
|
|
/* public functions */
|
|
this->public.get_name = (char*(*)(connection_t*))get_name;
|
|
this->public.is_ikev2 = (bool(*)(connection_t*))is_ikev2;
|
|
this->public.get_cert_policy = (cert_policy_t(*)(connection_t*))get_cert_policy;
|
|
this->public.get_certreq_policy = (cert_policy_t(*)(connection_t*))get_certreq_policy;
|
|
this->public.get_my_host = (host_t*(*)(connection_t*))get_my_host;
|
|
this->public.get_other_host = (host_t*(*)(connection_t*))get_other_host;
|
|
this->public.get_proposals = (linked_list_t*(*)(connection_t*))get_proposals;
|
|
this->public.select_proposal = (proposal_t*(*)(connection_t*,linked_list_t*))select_proposal;
|
|
this->public.add_proposal = (void(*)(connection_t*, proposal_t*)) add_proposal;
|
|
this->public.get_auth_method = (auth_method_t(*)(connection_t*)) get_auth_method;
|
|
this->public.get_dh_group = (diffie_hellman_group_t(*)(connection_t*)) get_dh_group;
|
|
this->public.check_dh_group = (bool(*)(connection_t*,diffie_hellman_group_t)) check_dh_group;
|
|
this->public.get_soft_lifetime = (u_int32_t (*) (connection_t *))get_soft_lifetime;
|
|
this->public.get_hard_lifetime = (u_int32_t (*) (connection_t *))get_hard_lifetime;
|
|
this->public.get_ref = (void(*)(connection_t*))get_ref;
|
|
this->public.destroy = (void(*)(connection_t*))destroy;
|
|
|
|
/* private variables */
|
|
this->refcount = 1;
|
|
this->name = strdup(name);
|
|
this->ikev2 = ikev2;
|
|
this->cert_policy = cert_policy;
|
|
this->certreq_policy = certreq_policy;
|
|
this->my_host = my_host;
|
|
this->other_host = other_host;
|
|
this->auth_method = auth_method;
|
|
this->hard_lifetime = hard_lifetime;
|
|
this->soft_lifetime = soft_lifetime;
|
|
this->jitter = jitter;
|
|
|
|
this->proposals = linked_list_create();
|
|
|
|
return &this->public;
|
|
}
|