projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
- changed allocation behavior
[strongswan.git] / Source / charon / config / configuration_manager.c
1 /**
2 * @file configuration.c
3 *
4 * @brief Configuration class used to store IKE_SA-configurations.
5 *
6 * Object of this type represents the configuration for all IKE_SA's and their child_sa's.
7 *
8 */
9
10 /*
11 * Copyright (C) 2005 Jan Hutter, Martin Willi
12 * Hochschule fuer Technik Rapperswil
13 *
14 * This program is free software; you can redistribute it and/or modify it
15 * under the terms of the GNU General Public License as published by the
16 * Free Software Foundation; either version 2 of the License, or (at your
17 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
18 *
19 * This program is distributed in the hope that it will be useful, but
20 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
21 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
22 * for more details.
23 */
24
25 #include <stdlib.h>
26
27 #include "configuration_manager.h"
28
29 #include <types.h>
30 #include <globals.h>
31 #include <utils/allocator.h>
32 #include <encoding/payloads/nonce_payload.h>
33 #include <encoding/payloads/proposal_substructure.h>
34 #include <encoding/payloads/ke_payload.h>
35 #include <encoding/payloads/transform_attribute.h>
36
37 typedef struct private_configuration_manager_t private_configuration_manager_t;
38
39 /**
40 * Private data of an configuration_t object
41 */
42 struct private_configuration_manager_t {
43
44 /**
45 * Public part
46 */
47 configuration_manager_t public;
48
49 /**
50 * Assigned logger object
51 */
52 logger_t *logger;
53 };
54
55 /**
56 * Implements function configuration_manager_t.get_remote_host.
57 */
58 static status_t get_remote_host(private_configuration_manager_t *this, char *name, host_t **host)
59 {
60 /*
61 * For testing purposes, hard coded host informations for two configurations are returned.
62 *
63 * Further improvements could store them in a linked list or hash table.
64 */
65
66 host_t *remote;
67 status_t status = SUCCESS;
68
69 if (strcmp(name, "pinflb30") == 0)
70 {
71 remote = host_create(AF_INET, "152.96.193.130", 500);
72 }
73 else if (strcmp(name, "pinflb31") == 0)
74 {
75 remote = host_create(AF_INET, "152.96.193.131", 500);
76 }
77 else if (strcmp(name, "localhost") == 0)
78 {
79 remote = host_create(AF_INET, "127.0.0.1", 4500);
80 }
81 else
82 {
83 status = NOT_FOUND;
84 }
85
86 *host = remote;
87 return status;
88 }
89
90 /**
91 * Implements function configuration_manager_t.get_local_host.
92 */
93 static status_t get_local_host(private_configuration_manager_t *this, char *name, host_t **host)
94 {
95 /*
96 * For testing purposes, only the default route is returned for each configuration.
97 *
98 * Further improvements could store different local host informations in a linked list or hash table.
99 */
100 *host = host_create(AF_INET, "0.0.0.0", 0);
101 return SUCCESS;
102 }
103
104 /**
105 * Implements function configuration_manager_t.get_dh_group_number.
106 */
107 static status_t get_dh_group_number(private_configuration_manager_t *this,char *name, u_int16_t *dh_group_number, u_int16_t priority)
108 {
109 /* Currently only two dh_group_numbers are supported for each configuration*/
110
111 if (priority == 1)
112 {
113 *dh_group_number = MODP_1024_BIT;
114 }
115 else
116 {
117 *dh_group_number = MODP_768_BIT;
118 }
119 return SUCCESS;
120 }
121
122 /**
123 * Implements function configuration_manager_t.get_proposals_for_host.
124 */
125 static status_t get_proposals_for_host(private_configuration_manager_t *this, host_t *host, iterator_t *iterator)
126 {
127 /*
128 * Currently the following hard coded proposal is created and returned for all hosts:
129 * - ENCR_AES_CBC 128Bit
130 * - PRF_HMAC_MD5 128Bit
131 * - AUTH_HMAC_MD5_96 128Bit
132 * - MODP_1024_BIT
133 */
134 proposal_substructure_t *proposal;
135 transform_substructure_t *transform;
136 transform_attribute_t *attribute;
137
138 proposal = proposal_substructure_create();
139
140 proposal->set_proposal_number(proposal, 1);
141 proposal->set_protocol_id(proposal, 1);
142
143 /*
144 * Encryption Algorithm
145 */
146 transform = transform_substructure_create();
147
148 proposal->add_transform_substructure(proposal, transform);
149
150 transform->set_transform_type(transform, ENCRYPTION_ALGORITHM);
151 transform->set_transform_id(transform, ENCR_AES_CBC);
152
153 attribute = transform_attribute_create();
154
155 transform->add_transform_attribute(transform, attribute);
156
157 attribute->set_attribute_type(attribute, KEY_LENGTH);
158 attribute->set_value(attribute, 16);
159
160 /*
161 * Pseudo-random Function
162 */
163 transform = transform_substructure_create();
164
165 proposal->add_transform_substructure(proposal, transform);
166
167 transform->set_transform_type(transform, PSEUDO_RANDOM_FUNCTION);
168 transform->set_transform_id(transform, PRF_HMAC_MD5);
169
170 attribute = transform_attribute_create();
171
172 transform->add_transform_attribute(transform, attribute);
173
174 attribute->set_attribute_type(attribute, KEY_LENGTH);
175 attribute->set_value(attribute, 16);
176
177
178 /*
179 * Integrity Algorithm
180 */
181 transform = transform_substructure_create();
182
183 proposal->add_transform_substructure(proposal, transform);
184
185 transform->set_transform_type(transform, INTEGRITY_ALGORITHM);
186 transform->set_transform_id(transform, AUTH_HMAC_MD5_96);
187
188 attribute = transform_attribute_create();
189
190 transform->add_transform_attribute(transform, attribute);
191
192 attribute->set_attribute_type(attribute, KEY_LENGTH);
193 attribute->set_value(attribute, 16);
194
195
196 /*
197 * Diffie-Hellman Group
198 */
199 transform = transform_substructure_create();
200
201 proposal->add_transform_substructure(proposal, transform);
202
203 transform->set_transform_type(transform, DIFFIE_HELLMAN_GROUP);
204 transform->set_transform_id(transform, MODP_1024_BIT);
205
206 iterator->insert_after(iterator, (void*)proposal);
207
208 return SUCCESS;
209 }
210
211 /**
212 * Implements function configuration_manager_t.select_proposals_for_host.
213 */
214 static status_t select_proposals_for_host(private_configuration_manager_t *this, host_t *host, iterator_t *in, iterator_t *out)
215 {
216 /* Currently the first suggested proposal is selected, cloned and then returned*/
217 proposal_substructure_t *first_suggested_proposal;
218 proposal_substructure_t *selected_proposal;
219
220 this->logger->log(this->logger,CONTROL | MORE, "Going to select first suggested proposal");
221 if (!in->has_next(in))
222 {
223 this->logger->log(this->logger,ERROR | MORE, "No proposal suggested");
224 /* no suggested proposal! */
225 return FAILED;
226 }
227
228 in->current(in,(void **) &first_suggested_proposal);
229
230 first_suggested_proposal->clone(first_suggested_proposal,&selected_proposal);
231
232 out->insert_after(out,selected_proposal);
233 return SUCCESS;
234 }
235
236 /**
237 * Implements function configuration_manager_t.check_selected_proposals_for_host.
238 */
239 static status_t check_selected_proposals_for_host (private_configuration_manager_t *this, host_t *host, iterator_t *proposals,bool *valid)
240 {
241 /*
242 * Currently the given proposals are not checked if they are valid for specific host!
243 *
244 * The first proposal is taken
245 */
246
247 this->logger->log(this->logger,CONTROL|MORE, "Going to check selected proposals");
248 return SUCCESS;
249 }
250
251 /**
252 * Implements function configuration_manager_t.is_dh_group_allowed_for_host.
253 */
254 static status_t is_dh_group_allowed_for_host(private_configuration_manager_t *this, host_t *host, diffie_hellman_group_t group, bool *allowed)
255 {
256 /*
257 * Only the two DH groups 768 and 1024 are supported for each configuration
258 */
259
260 if (group == MODP_768_BIT || group == MODP_1024_BIT)
261 {
262 *allowed = TRUE;
263 }
264 *allowed = FALSE;
265
266 this->logger->log(this->logger,CONTROL | MORE, "DH group %s is %s",mapping_find(diffie_hellman_group_m, group),(allowed)? "allowed" : "not allowed");
267 return SUCCESS;
268 }
269
270
271 /**
272 * Implements function destroy of configuration_t.
273 * See #configuration_s.destroy for description.
274 */
275 static status_t destroy(private_configuration_manager_t *this)
276 {
277 this->logger->log(this->logger,CONTROL | MORE, "Going to destroy configuration manager ");
278
279 this->logger->log(this->logger,CONTROL | MOST, "Destroy assigned logger");
280 global_logger_manager->destroy_logger(global_logger_manager,this->logger);
281 allocator_free(this);
282 return SUCCESS;
283 }
284
285 /*
286 * Described in header-file
287 */
288 configuration_manager_t *configuration_manager_create()
289 {
290 private_configuration_manager_t *this = allocator_alloc_thing(private_configuration_manager_t);
291
292 /* public functions */
293 this->public.destroy = (status_t(*)(configuration_manager_t*))destroy;
294 this->public.get_remote_host = (status_t(*)(configuration_manager_t*,char*,host_t**))get_remote_host;
295 this->public.get_local_host = (status_t(*)(configuration_manager_t*,char*,host_t**))get_local_host;
296 this->public.get_dh_group_number = (status_t(*)(configuration_manager_t*,char*,u_int16_t *, u_int16_t))get_dh_group_number;
297 this->public.get_proposals_for_host = (status_t(*)(configuration_manager_t*,host_t*,iterator_t*))get_proposals_for_host;
298 this->public.select_proposals_for_host = (status_t(*)(configuration_manager_t*,host_t*,iterator_t*,iterator_t*))select_proposals_for_host;
299 this->public.check_selected_proposals_for_host = (status_t (*) (configuration_manager_t *, host_t *, iterator_t *,bool *)) check_selected_proposals_for_host;
300 this->public.is_dh_group_allowed_for_host = (status_t(*)(configuration_manager_t*,host_t*,diffie_hellman_group_t,bool*)) is_dh_group_allowed_for_host;
301
302 /* private variables */
303 this->logger = global_logger_manager->create_logger(global_logger_manager,CONFIGURATION_MANAGER,NULL);
304
305 return (&this->public);
306 }
strongSwan - IPsec VPN