2 * @file configuration.c
4 * @brief Configuration class used to store IKE_SA-configurations.
6 * Object of this type represents the configuration for all IKE_SA's and their child_sa's.
11 * Copyright (C) 2005 Jan Hutter, Martin Willi
12 * Hochschule fuer Technik Rapperswil
14 * This program is free software; you can redistribute it and/or modify it
15 * under the terms of the GNU General Public License as published by the
16 * Free Software Foundation; either version 2 of the License, or (at your
17 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
19 * This program is distributed in the hope that it will be useful, but
20 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
21 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
27 #include "configuration_manager.h"
31 #include <utils/allocator.h>
32 #include <encoding/payloads/nonce_payload.h>
33 #include <encoding/payloads/proposal_substructure.h>
34 #include <encoding/payloads/ke_payload.h>
35 #include <encoding/payloads/transform_attribute.h>
37 typedef struct private_configuration_manager_t private_configuration_manager_t
;
40 * Private data of an configuration_t object
42 struct private_configuration_manager_t
{
47 configuration_manager_t
public;
50 * Assigned logger object
56 * Implements function configuration_manager_t.get_remote_host.
58 static status_t
get_remote_host(private_configuration_manager_t
*this, char *name
, host_t
**host
)
61 * For testing purposes, hard coded host informations for two configurations are returned.
63 * Further improvements could store them in a linked list or hash table.
67 status_t status
= SUCCESS
;
69 if (strcmp(name
, "pinflb30") == 0)
71 remote
= host_create(AF_INET
, "152.96.193.130", 500);
73 else if (strcmp(name
, "pinflb31") == 0)
75 remote
= host_create(AF_INET
, "152.96.193.131", 500);
77 else if (strcmp(name
, "localhost") == 0)
79 remote
= host_create(AF_INET
, "127.0.0.1", 4500);
91 * Implements function configuration_manager_t.get_local_host.
93 static status_t
get_local_host(private_configuration_manager_t
*this, char *name
, host_t
**host
)
96 * For testing purposes, only the default route is returned for each configuration.
98 * Further improvements could store different local host informations in a linked list or hash table.
100 *host
= host_create(AF_INET
, "0.0.0.0", 0);
105 * Implements function configuration_manager_t.get_dh_group_number.
107 static status_t
get_dh_group_number(private_configuration_manager_t
*this,char *name
, u_int16_t
*dh_group_number
, u_int16_t priority
)
109 /* Currently only two dh_group_numbers are supported for each configuration*/
113 *dh_group_number
= MODP_1024_BIT
;
117 *dh_group_number
= MODP_768_BIT
;
123 * Implements function configuration_manager_t.get_proposals_for_host.
125 static status_t
get_proposals_for_host(private_configuration_manager_t
*this, host_t
*host
, iterator_t
*iterator
)
128 * Currently the following hard coded proposal is created and returned for all hosts:
129 * - ENCR_AES_CBC 128Bit
130 * - PRF_HMAC_MD5 128Bit
131 * - AUTH_HMAC_MD5_96 128Bit
134 proposal_substructure_t
*proposal
;
135 transform_substructure_t
*transform
;
136 transform_attribute_t
*attribute
;
138 proposal
= proposal_substructure_create();
140 proposal
->set_proposal_number(proposal
, 1);
141 proposal
->set_protocol_id(proposal
, 1);
144 * Encryption Algorithm
146 transform
= transform_substructure_create();
148 proposal
->add_transform_substructure(proposal
, transform
);
150 transform
->set_transform_type(transform
, ENCRYPTION_ALGORITHM
);
151 transform
->set_transform_id(transform
, ENCR_AES_CBC
);
153 attribute
= transform_attribute_create();
155 transform
->add_transform_attribute(transform
, attribute
);
157 attribute
->set_attribute_type(attribute
, KEY_LENGTH
);
158 attribute
->set_value(attribute
, 16);
161 * Pseudo-random Function
163 transform
= transform_substructure_create();
165 proposal
->add_transform_substructure(proposal
, transform
);
167 transform
->set_transform_type(transform
, PSEUDO_RANDOM_FUNCTION
);
168 transform
->set_transform_id(transform
, PRF_HMAC_MD5
);
170 attribute
= transform_attribute_create();
172 transform
->add_transform_attribute(transform
, attribute
);
174 attribute
->set_attribute_type(attribute
, KEY_LENGTH
);
175 attribute
->set_value(attribute
, 16);
179 * Integrity Algorithm
181 transform
= transform_substructure_create();
183 proposal
->add_transform_substructure(proposal
, transform
);
185 transform
->set_transform_type(transform
, INTEGRITY_ALGORITHM
);
186 transform
->set_transform_id(transform
, AUTH_HMAC_MD5_96
);
188 attribute
= transform_attribute_create();
190 transform
->add_transform_attribute(transform
, attribute
);
192 attribute
->set_attribute_type(attribute
, KEY_LENGTH
);
193 attribute
->set_value(attribute
, 16);
197 * Diffie-Hellman Group
199 transform
= transform_substructure_create();
201 proposal
->add_transform_substructure(proposal
, transform
);
203 transform
->set_transform_type(transform
, DIFFIE_HELLMAN_GROUP
);
204 transform
->set_transform_id(transform
, MODP_1024_BIT
);
206 iterator
->insert_after(iterator
, (void*)proposal
);
212 * Implements function configuration_manager_t.select_proposals_for_host.
214 static status_t
select_proposals_for_host(private_configuration_manager_t
*this, host_t
*host
, iterator_t
*in
, iterator_t
*out
)
216 /* Currently the first suggested proposal is selected, cloned and then returned*/
217 proposal_substructure_t
*first_suggested_proposal
;
218 proposal_substructure_t
*selected_proposal
;
220 this->logger
->log(this->logger
,CONTROL
| MORE
, "Going to select first suggested proposal");
221 if (!in
->has_next(in
))
223 this->logger
->log(this->logger
,ERROR
| MORE
, "No proposal suggested");
224 /* no suggested proposal! */
228 in
->current(in
,(void **) &first_suggested_proposal
);
230 first_suggested_proposal
->clone(first_suggested_proposal
,&selected_proposal
);
232 out
->insert_after(out
,selected_proposal
);
237 * Implements function configuration_manager_t.check_selected_proposals_for_host.
239 static status_t
check_selected_proposals_for_host (private_configuration_manager_t
*this, host_t
*host
, iterator_t
*proposals
,bool *valid
)
242 * Currently the given proposals are not checked if they are valid for specific host!
244 * The first proposal is taken
247 this->logger
->log(this->logger
,CONTROL
|MORE
, "Going to check selected proposals");
252 * Implements function configuration_manager_t.is_dh_group_allowed_for_host.
254 static status_t
is_dh_group_allowed_for_host(private_configuration_manager_t
*this, host_t
*host
, diffie_hellman_group_t group
, bool *allowed
)
257 * Only the two DH groups 768 and 1024 are supported for each configuration
260 if (group
== MODP_768_BIT
|| group
== MODP_1024_BIT
)
266 this->logger
->log(this->logger
,CONTROL
| MORE
, "DH group %s is %s",mapping_find(diffie_hellman_group_m
, group
),(allowed
)?
"allowed" : "not allowed");
272 * Implements function destroy of configuration_t.
273 * See #configuration_s.destroy for description.
275 static status_t
destroy(private_configuration_manager_t
*this)
277 this->logger
->log(this->logger
,CONTROL
| MORE
, "Going to destroy configuration manager ");
279 this->logger
->log(this->logger
,CONTROL
| MOST
, "Destroy assigned logger");
280 global_logger_manager
->destroy_logger(global_logger_manager
,this->logger
);
281 allocator_free(this);
286 * Described in header-file
288 configuration_manager_t
*configuration_manager_create()
290 private_configuration_manager_t
*this = allocator_alloc_thing(private_configuration_manager_t
);
292 /* public functions */
293 this->public.destroy
= (status_t(*)(configuration_manager_t
*))destroy
;
294 this->public.get_remote_host
= (status_t(*)(configuration_manager_t
*,char*,host_t
**))get_remote_host
;
295 this->public.get_local_host
= (status_t(*)(configuration_manager_t
*,char*,host_t
**))get_local_host
;
296 this->public.get_dh_group_number
= (status_t(*)(configuration_manager_t
*,char*,u_int16_t
*, u_int16_t
))get_dh_group_number
;
297 this->public.get_proposals_for_host
= (status_t(*)(configuration_manager_t
*,host_t
*,iterator_t
*))get_proposals_for_host
;
298 this->public.select_proposals_for_host
= (status_t(*)(configuration_manager_t
*,host_t
*,iterator_t
*,iterator_t
*))select_proposals_for_host
;
299 this->public.check_selected_proposals_for_host
= (status_t (*) (configuration_manager_t
*, host_t
*, iterator_t
*,bool *)) check_selected_proposals_for_host
;
300 this->public.is_dh_group_allowed_for_host
= (status_t(*)(configuration_manager_t
*,host_t
*,diffie_hellman_group_t
,bool*)) is_dh_group_allowed_for_host
;
302 /* private variables */
303 this->logger
= global_logger_manager
->create_logger(global_logger_manager
,CONFIGURATION_MANAGER
,NULL
);
305 return (&this->public);