2 * @file configuration.c
4 * @brief Configuration class used to store IKE_SA-configurations.
6 * Object of this type represents the configuration for all IKE_SA's and their child_sa's.
11 * Copyright (C) 2005 Jan Hutter, Martin Willi
12 * Hochschule fuer Technik Rapperswil
14 * This program is free software; you can redistribute it and/or modify it
15 * under the terms of the GNU General Public License as published by the
16 * Free Software Foundation; either version 2 of the License, or (at your
17 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
19 * This program is distributed in the hope that it will be useful, but
20 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
21 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
27 #include "configuration_manager.h"
31 #include <utils/allocator.h>
32 #include <encoding/payloads/nonce_payload.h>
33 #include <encoding/payloads/proposal_substructure.h>
34 #include <encoding/payloads/ke_payload.h>
35 #include <encoding/payloads/transform_attribute.h>
38 * Private data of an configuration_t object
40 typedef struct private_configuration_manager_s private_configuration_manager_t
;
42 struct private_configuration_manager_s
{
47 configuration_manager_t
public;
50 * Assigned logger object
56 * Implements function configuration_manager_t.get_remote_host.
58 static status_t
get_remote_host(private_configuration_manager_t
*this, char *name
, host_t
**host
)
61 * For testing purposes, hard coded host informations for two configurations are returned.
63 * Further improvements could store them in a linked list or hash table.
67 status_t status
= SUCCESS
;
69 if (strcmp(name
, "pinflb30") == 0)
71 remote
= host_create(AF_INET
, "152.96.193.130", 500);
73 else if (strcmp(name
, "pinflb31") == 0)
75 remote
= host_create(AF_INET
, "152.96.193.131", 500);
81 if ((status
!= NOT_FOUND
) && (remote
== NULL
))
91 * Implements function configuration_manager_t.get_local_host.
93 static status_t
get_local_host(private_configuration_manager_t
*this, char *name
, host_t
**host
)
96 * For testing purposes, only the default route is returned for each configuration.
98 * Further improvements could store different local host informations in a linked list or hash table.
101 local
= host_create(AF_INET
, "0.0.0.0", 0);
111 * Implements function configuration_manager_t.get_dh_group_number.
113 static status_t
get_dh_group_number(private_configuration_manager_t
*this,char *name
, u_int16_t
*dh_group_number
, u_int16_t priority
)
115 /* Currently only two dh_group_numbers are supported for each configuration*/
119 *dh_group_number
= MODP_1024_BIT
;
123 *dh_group_number
= MODP_768_BIT
;
129 * Implements function configuration_manager_t.get_proposals_for_host.
131 static status_t
get_proposals_for_host(private_configuration_manager_t
*this, host_t
*host
, linked_list_iterator_t
*iterator
)
134 * Currently the following hard coded proposal is created and returned for all hosts:
135 * - ENCR_AES_CBC 128Bit
136 * - PRF_HMAC_MD5 128Bit
137 * - AUTH_HMAC_MD5_96 128Bit
140 proposal_substructure_t
*proposal
;
141 transform_substructure_t
*transform
;
142 transform_attribute_t
*attribute
;
145 proposal
= proposal_substructure_create();
146 if (proposal
== NULL
)
151 proposal
->set_proposal_number(proposal
, 1);
152 proposal
->set_protocol_id(proposal
, 1);
155 * Encryption Algorithm
157 transform
= transform_substructure_create();
158 if (transform
== NULL
)
160 proposal
->destroy(proposal
);
163 status
= proposal
->add_transform_substructure(proposal
, transform
);
164 if (status
!= SUCCESS
)
166 proposal
->destroy(proposal
);
169 transform
->set_transform_type(transform
, ENCRYPTION_ALGORITHM
);
170 transform
->set_transform_id(transform
, ENCR_AES_CBC
);
172 attribute
= transform_attribute_create();
173 if (attribute
== NULL
)
175 proposal
->destroy(proposal
);
178 status
= transform
->add_transform_attribute(transform
, attribute
);
179 if (status
!= SUCCESS
)
181 proposal
->destroy(proposal
);
184 attribute
->set_attribute_type(attribute
, KEY_LENGTH
);
185 attribute
->set_value(attribute
, 16);
188 * Pseudo-random Function
190 transform
= transform_substructure_create();
191 if (transform
== NULL
)
193 proposal
->destroy(proposal
);
196 status
= proposal
->add_transform_substructure(proposal
, transform
);
197 if (status
!= SUCCESS
)
199 proposal
->destroy(proposal
);
202 transform
->set_transform_type(transform
, PSEUDO_RANDOM_FUNCTION
);
203 transform
->set_transform_id(transform
, PRF_HMAC_MD5
);
205 attribute
= transform_attribute_create();
206 if (attribute
== NULL
)
208 proposal
->destroy(proposal
);
211 status
= transform
->add_transform_attribute(transform
, attribute
);
212 if (status
!= SUCCESS
)
214 proposal
->destroy(proposal
);
217 attribute
->set_attribute_type(attribute
, KEY_LENGTH
);
218 attribute
->set_value(attribute
, 16);
222 * Integrity Algorithm
224 transform
= transform_substructure_create();
225 if (transform
== NULL
)
227 proposal
->destroy(proposal
);
230 status
= proposal
->add_transform_substructure(proposal
, transform
);
231 if (status
!= SUCCESS
)
233 proposal
->destroy(proposal
);
236 transform
->set_transform_type(transform
, INTEGRITIY_ALGORITHM
);
237 transform
->set_transform_id(transform
, AUTH_HMAC_MD5_96
);
239 attribute
= transform_attribute_create();
240 if (attribute
== NULL
)
242 proposal
->destroy(proposal
);
245 status
= transform
->add_transform_attribute(transform
, attribute
);
246 if (status
!= SUCCESS
)
248 proposal
->destroy(proposal
);
251 attribute
->set_attribute_type(attribute
, KEY_LENGTH
);
252 attribute
->set_value(attribute
, 16);
256 * Diffie-Hellman Group
258 transform
= transform_substructure_create();
259 if (transform
== NULL
)
261 proposal
->destroy(proposal
);
264 status
= proposal
->add_transform_substructure(proposal
, transform
);
265 if (status
!= SUCCESS
)
267 proposal
->destroy(proposal
);
270 transform
->set_transform_type(transform
, DIFFIE_HELLMAN_GROUP
);
271 transform
->set_transform_id(transform
, MODP_1024_BIT
);
273 iterator
->insert_after(iterator
, (void*)proposal
);
279 * Implements function configuration_manager_t.select_proposals_for_host.
281 static status_t
select_proposals_for_host(private_configuration_manager_t
*this, host_t
*host
, linked_list_iterator_t
*in
, linked_list_iterator_t
*out
)
283 /* Currently the first suggested proposal is selected, cloned and then returned*/
285 proposal_substructure_t
*first_suggested_proposal
;
286 proposal_substructure_t
*selected_proposal
;
288 this->logger
->log(this->logger
,CONTROL
| MORE
, "Going to select first suggested proposal");
289 if (!in
->has_next(in
))
291 this->logger
->log(this->logger
,ERROR
| MORE
, "No proposal suggested");
292 /* no suggested proposal! */
296 status
= in
->current(in
,(void **) &first_suggested_proposal
);
297 if (status
!= SUCCESS
)
299 this->logger
->log(this->logger
,ERROR
, "Fatal error: could not get first proposal from iterator");
302 status
= first_suggested_proposal
->clone(first_suggested_proposal
,&selected_proposal
);
303 if (status
!= SUCCESS
)
305 this->logger
->log(this->logger
,ERROR
, "Fatal error: could not clone proposal");
306 /* could not clone proposal */
310 status
= out
->insert_after(out
,selected_proposal
);
311 if (status
!= SUCCESS
)
313 this->logger
->log(this->logger
,ERROR
, "Fatal error: could not insert selected proposal in out iterator");
319 * Implements function configuration_manager_t.get_transforms_for_host_and_proposals.
321 static status_t
get_transforms_for_host_and_proposals (private_configuration_manager_t
*this, host_t
*host
, linked_list_iterator_t
*proposals
,encryption_algorithm_t
*encryption_algorithm
,pseudo_random_function_t
*pseudo_random_function
, integrity_algorithm_t
*integrity_algorithm
)
324 * Currently the given proposals are not checked if they are valid for specific host!
326 * The first proposal is taken and the appropriate transform objects are created (only if they are supported)
329 encryption_algorithm_t selected_encryption_algorithm
= ENCR_UNDEFINED
;
330 pseudo_random_function_t selected_pseudo_random_function
= PRF_UNDEFINED
;
331 integrity_algorithm_t selected_integrity_algorithm
= AUTH_UNDEFINED
;
332 proposal_substructure_t
*proposal
;
333 linked_list_iterator_t
*transforms
;
336 this->logger
->log(this->logger
,ERROR
, "Going to get transforms for given proposal");
338 if (!proposals
->has_next(proposals
))
340 this->logger
->log(this->logger
,ERROR
| MORE
, "No proposal available");
344 status
= proposals
->current(proposals
,(void **) &(proposal
));
345 if (status
!= SUCCESS
)
347 this->logger
->log(this->logger
,ERROR
, "Fatal error: could not get first proposal from iterator");
351 status
= proposal
->create_transform_substructure_iterator(proposal
,&transforms
,TRUE
);
352 if (status
!= SUCCESS
)
354 this->logger
->log(this->logger
,ERROR
, "Fatal error: could not create iterator of transforms");
358 while (transforms
->has_next(transforms
))
360 transform_substructure_t
*current_transform
;
361 transform_type_t transform_type
;
362 u_int16_t transform_id
;
364 status
= transforms
->current(transforms
,(void **) &(current_transform
));
365 if (status
!= SUCCESS
)
367 this->logger
->log(this->logger
,ERROR
, "Fatal error: could not get current transform substructure object");
368 transforms
->destroy(transforms
);
372 transform_type
= current_transform
->get_transform_type(current_transform
);
373 transform_id
= current_transform
->get_transform_id(current_transform
);
375 this->logger
->log(this->logger
,CONTROL
| MOST
, "Going to process transform of type %s",mapping_find(transform_type_m
,transform_type
));
376 switch (transform_type
)
378 case ENCRYPTION_ALGORITHM
:
380 this->logger
->log(this->logger
,CONTROL
| MORE
, "Encryption algorithm: %s",mapping_find(encryption_algorithm_m
,transform_id
));
381 selected_encryption_algorithm
= transform_id
;
384 case PSEUDO_RANDOM_FUNCTION
:
386 this->logger
->log(this->logger
,CONTROL
| MORE
, "Create transform object for PRF of type %s",mapping_find(pseudo_random_function_m
,transform_id
));
387 selected_pseudo_random_function
= transform_id
;
390 case INTEGRITIY_ALGORITHM
:
392 this->logger
->log(this->logger
,CONTROL
| MORE
, "Integrity algorithm: %s",mapping_find(integrity_algorithm_m
,transform_id
));
393 selected_integrity_algorithm
= transform_id
;
396 case DIFFIE_HELLMAN_GROUP
:
398 this->logger
->log(this->logger
,CONTROL
| MORE
, "DH Group: %s",mapping_find(diffie_hellman_group_m
,transform_id
));
403 this->logger
->log(this->logger
,ERROR
| MORE
, "Transform type not supported!");
404 transforms
->destroy(transforms
);
410 transforms
->destroy(transforms
);
412 *encryption_algorithm
= selected_encryption_algorithm
;
413 *pseudo_random_function
= selected_pseudo_random_function
;
414 *integrity_algorithm
= selected_integrity_algorithm
;
419 * Implements function configuration_manager_t.is_dh_group_allowed_for_host.
421 static status_t
is_dh_group_allowed_for_host(private_configuration_manager_t
*this, host_t
*host
, diffie_hellman_group_t group
, bool *allowed
)
424 * Only the two DH groups 768 and 1024 are supported for each configuration
427 if (group
== MODP_768_BIT
|| group
== MODP_1024_BIT
)
433 this->logger
->log(this->logger
,CONTROL
| MORE
, "DH group %s is %s",mapping_find(diffie_hellman_group_m
, group
),(allowed
)?
"allowed" : "not allowed");
439 * Implements function destroy of configuration_t.
440 * See #configuration_s.destroy for description.
442 static status_t
destroy(private_configuration_manager_t
*this)
444 this->logger
->log(this->logger
,CONTROL
| MORE
, "Going to destroy configuration manager ");
446 this->logger
->log(this->logger
,CONTROL
| MOST
, "Destroy assigned logger");
447 global_logger_manager
->destroy_logger(global_logger_manager
,this->logger
);
448 allocator_free(this);
453 * Described in header-file
455 configuration_manager_t
*configuration_manager_create()
457 private_configuration_manager_t
*this = allocator_alloc_thing(private_configuration_manager_t
);
464 /* public functions */
465 this->public.destroy
= (status_t(*)(configuration_manager_t
*))destroy
;
466 this->public.get_remote_host
= (status_t(*)(configuration_manager_t
*,char*,host_t
**))get_remote_host
;
467 this->public.get_local_host
= (status_t(*)(configuration_manager_t
*,char*,host_t
**))get_local_host
;
468 this->public.get_dh_group_number
= (status_t(*)(configuration_manager_t
*,char*,u_int16_t
*, u_int16_t
))get_dh_group_number
;
469 this->public.get_proposals_for_host
= (status_t(*)(configuration_manager_t
*,host_t
*,linked_list_iterator_t
*))get_proposals_for_host
;
470 this->public.select_proposals_for_host
= (status_t(*)(configuration_manager_t
*,host_t
*,linked_list_iterator_t
*,linked_list_iterator_t
*))select_proposals_for_host
;
471 this->public.get_transforms_for_host_and_proposals
= (status_t (*) (configuration_manager_t
*, host_t
*, linked_list_iterator_t
*,encryption_algorithm_t
*,pseudo_random_function_t
*, integrity_algorithm_t
*)) get_transforms_for_host_and_proposals
;
472 this->public.is_dh_group_allowed_for_host
= (status_t(*)(configuration_manager_t
*,host_t
*,diffie_hellman_group_t
,bool*)) is_dh_group_allowed_for_host
;
474 /* private variables */
475 this->logger
= global_logger_manager
->create_logger(global_logger_manager
,CONFIGURATION_MANAGER
,NULL
);
477 if (this->logger
== NULL
)
479 allocator_free(this);
483 return (&this->public);