projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
- baschtel
[strongswan.git] / Source / charon / configuration_manager.c
1 /**
2 * @file configuration.c
3 *
4 * @brief Configuration class used to store IKE_SA-configurations.
5 *
6 * Object of this type represents a configuration for an IKE_SA and its child_sa's.
7 *
8 */
9
10 /*
11 * Copyright (C) 2005 Jan Hutter, Martin Willi
12 * Hochschule fuer Technik Rapperswil
13 *
14 * This program is free software; you can redistribute it and/or modify it
15 * under the terms of the GNU General Public License as published by the
16 * Free Software Foundation; either version 2 of the License, or (at your
17 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
18 *
19 * This program is distributed in the hope that it will be useful, but
20 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
21 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
22 * for more details.
23 */
24
25 #include <stdlib.h>
26
27 #include "configuration_manager.h"
28
29 #include "types.h"
30 #include "utils/allocator.h"
31 #include "payloads/nonce_payload.h"
32 #include "payloads/proposal_substructure.h"
33 #include "payloads/ke_payload.h"
34 #include "payloads/transform_attribute.h"
35
36 /**
37 * Private data of an configuration_t object
38 */
39 typedef struct private_configuration_manager_s private_configuration_manager_t;
40
41 struct private_configuration_manager_s {
42
43 /**
44 * Public part
45 */
46 configuration_manager_t public;
47
48 };
49
50 static status_t get_remote_host(private_configuration_manager_t *this, char *name, host_t **host)
51 {
52 /* some hard coded users for testing */
53 host_t *remote;
54 if (strcmp(name, "pinflb30") == 0) {
55 remote = host_create(AF_INET, "152.96.193.130", 500);
56 if (remote == NULL) {
57 return OUT_OF_RES;
58 }
59 *host = remote;
60 return SUCCESS;
61 }
62 else if (strcmp(name, "pinflb31") == 0) {
63 remote = host_create(AF_INET, "152.96.193.131", 500);
64 if (remote == NULL) {
65 return OUT_OF_RES;
66 }
67 *host = remote;
68 return SUCCESS;
69 }
70 return NOT_FOUND;
71 }
72
73 static status_t get_local_host(private_configuration_manager_t *this, char *name, host_t **host)
74 {
75 /* use default route for now */
76 host_t *local;
77 local = host_create(AF_INET, "0.0.0.0", 0);
78 if (local == NULL)
79 {
80 return OUT_OF_RES;
81 }
82 *host = local;
83 return SUCCESS;
84 }
85
86 static status_t get_dh_group_number(private_configuration_manager_t *this,char *name, u_int16_t *dh_group_number, u_int16_t priority)
87 {
88 *dh_group_number = MODP_1024_BIT;
89 return SUCCESS;
90 }
91
92 static status_t get_proposals_for_host(private_configuration_manager_t *this, host_t *host, linked_list_iterator_t *iterator)
93 {
94 /* use a default proposal:
95 * - ENCR_AES_CBC 128Bit
96 * - PRF_HMAC_SHA1 128Bit
97 * - AUTH_HMAC_SHA1_96 96Bit
98 * - MODP_1024_BIT
99 */
100 proposal_substructure_t *proposal;
101 transform_substructure_t *transform;
102 transform_attribute_t *attribute;
103 status_t status;
104
105 proposal = proposal_substructure_create();
106 if (proposal == NULL)
107 {
108 return OUT_OF_RES;
109 }
110
111 proposal->set_proposal_number(proposal, 1);
112 proposal->set_protocol_id(proposal, 1);
113
114 /*
115 * Encryption Algorithm
116 */
117 transform = transform_substructure_create();
118 if (transform == NULL)
119 {
120 proposal->destroy(proposal);
121 return OUT_OF_RES;
122 }
123 status = proposal->add_transform_substructure(proposal, transform);
124 if (status != SUCCESS)
125 {
126 proposal->destroy(proposal);
127 return OUT_OF_RES;
128 }
129 transform->set_transform_type(transform, ENCRYPTION_ALGORITHM);
130 transform->set_transform_id(transform, ENCR_AES_CBC);
131
132 attribute = transform_attribute_create();
133 if (attribute == NULL)
134 {
135 proposal->destroy(proposal);
136 return OUT_OF_RES;
137 }
138 status = transform->add_transform_attribute(transform, attribute);
139 if (status != SUCCESS)
140 {
141 proposal->destroy(proposal);
142 return OUT_OF_RES;
143 }
144 attribute->set_attribute_type(attribute, KEY_LENGTH);
145 attribute->set_value(attribute, 16);
146
147 /*
148 * Pseudo-random Function
149 */
150 transform = transform_substructure_create();
151 if (transform == NULL)
152 {
153 proposal->destroy(proposal);
154 return OUT_OF_RES;
155 }
156 status = proposal->add_transform_substructure(proposal, transform);
157 if (status != SUCCESS)
158 {
159 proposal->destroy(proposal);
160 return OUT_OF_RES;
161 }
162 transform->set_transform_type(transform, PSEUDO_RANDOM_FUNCTION);
163 transform->set_transform_id(transform, PRF_HMAC_MD5);
164
165 attribute = transform_attribute_create();
166 if (attribute == NULL)
167 {
168 proposal->destroy(proposal);
169 return OUT_OF_RES;
170 }
171 status = transform->add_transform_attribute(transform, attribute);
172 if (status != SUCCESS)
173 {
174 proposal->destroy(proposal);
175 return OUT_OF_RES;
176 }
177 attribute->set_attribute_type(attribute, KEY_LENGTH);
178 attribute->set_value(attribute, 16);
179
180
181 /*
182 * Integrity Algorithm
183 */
184 transform = transform_substructure_create();
185 if (transform == NULL)
186 {
187 proposal->destroy(proposal);
188 return OUT_OF_RES;
189 }
190 status = proposal->add_transform_substructure(proposal, transform);
191 if (status != SUCCESS)
192 {
193 proposal->destroy(proposal);
194 return OUT_OF_RES;
195 }
196 transform->set_transform_type(transform, INTEGRITIY_ALGORITHM);
197 transform->set_transform_id(transform, AUTH_HMAC_MD5_96);
198
199 attribute = transform_attribute_create();
200 if (attribute == NULL)
201 {
202 proposal->destroy(proposal);
203 return OUT_OF_RES;
204 }
205 status = transform->add_transform_attribute(transform, attribute);
206 if (status != SUCCESS)
207 {
208 proposal->destroy(proposal);
209 return OUT_OF_RES;
210 }
211 attribute->set_attribute_type(attribute, KEY_LENGTH);
212 attribute->set_value(attribute, 16);
213
214
215 /*
216 * Diffie-Hellman Group
217 */
218 transform = transform_substructure_create();
219 if (transform == NULL)
220 {
221 proposal->destroy(proposal);
222 return OUT_OF_RES;
223 }
224 status = proposal->add_transform_substructure(proposal, transform);
225 if (status != SUCCESS)
226 {
227 proposal->destroy(proposal);
228 return OUT_OF_RES;
229 }
230 transform->set_transform_type(transform, DIFFIE_HELLMAN_GROUP);
231 transform->set_transform_id(transform, MODP_1024_BIT);
232
233 iterator->insert_after(iterator, (void*)proposal);
234
235 return SUCCESS;
236 }
237
238 static status_t select_proposals_for_host(private_configuration_manager_t *this, host_t *host, linked_list_iterator_t *in, linked_list_iterator_t *out)
239 {
240 /* use a default proposal:
241 * - ENCR_AES_CBC 128Bit
242 * - PRF_HMAC_SHA1 128Bit
243 * - AUTH_HMAC_SHA1_96 96Bit
244 * - MODP_1024_BIT
245 */
246 proposal_substructure_t *proposal;
247 transform_substructure_t *transform;
248 transform_attribute_t *attribute;
249 status_t status;
250
251 proposal = proposal_substructure_create();
252 if (proposal == NULL)
253 {
254 return OUT_OF_RES;
255 }
256
257 proposal->set_proposal_number(proposal, 1);
258 proposal->set_protocol_id(proposal, 1);
259
260 /*
261 * Encryption Algorithm
262 */
263 transform = transform_substructure_create();
264 if (transform == NULL)
265 {
266 proposal->destroy(proposal);
267 return OUT_OF_RES;
268 }
269 status = proposal->add_transform_substructure(proposal, transform);
270 if (status != SUCCESS)
271 {
272 proposal->destroy(proposal);
273 return OUT_OF_RES;
274 }
275 transform->set_transform_type(transform, ENCRYPTION_ALGORITHM);
276 transform->set_transform_id(transform, ENCR_AES_CBC);
277
278 attribute = transform_attribute_create();
279 if (attribute == NULL)
280 {
281 proposal->destroy(proposal);
282 return OUT_OF_RES;
283 }
284 status = transform->add_transform_attribute(transform, attribute);
285 if (status != SUCCESS)
286 {
287 proposal->destroy(proposal);
288 return OUT_OF_RES;
289 }
290 attribute->set_attribute_type(attribute, KEY_LENGTH);
291 attribute->set_value(attribute, 16);
292
293 /*
294 * Pseudo-random Function
295 */
296 transform = transform_substructure_create();
297 if (transform == NULL)
298 {
299 proposal->destroy(proposal);
300 return OUT_OF_RES;
301 }
302 status = proposal->add_transform_substructure(proposal, transform);
303 if (status != SUCCESS)
304 {
305 proposal->destroy(proposal);
306 return OUT_OF_RES;
307 }
308 transform->set_transform_type(transform, PSEUDO_RANDOM_FUNCTION);
309 transform->set_transform_id(transform, PRF_HMAC_MD5);
310
311 attribute = transform_attribute_create();
312 if (attribute == NULL)
313 {
314 proposal->destroy(proposal);
315 return OUT_OF_RES;
316 }
317 status = transform->add_transform_attribute(transform, attribute);
318 if (status != SUCCESS)
319 {
320 proposal->destroy(proposal);
321 return OUT_OF_RES;
322 }
323 attribute->set_attribute_type(attribute, KEY_LENGTH);
324 attribute->set_value(attribute, 16);
325
326
327 /*
328 * Integrity Algorithm
329 */
330 transform = transform_substructure_create();
331 if (transform == NULL)
332 {
333 proposal->destroy(proposal);
334 return OUT_OF_RES;
335 }
336 status = proposal->add_transform_substructure(proposal, transform);
337 if (status != SUCCESS)
338 {
339 proposal->destroy(proposal);
340 return OUT_OF_RES;
341 }
342 transform->set_transform_type(transform, INTEGRITIY_ALGORITHM);
343 transform->set_transform_id(transform, AUTH_HMAC_MD5_96);
344
345 attribute = transform_attribute_create();
346 if (attribute == NULL)
347 {
348 proposal->destroy(proposal);
349 return OUT_OF_RES;
350 }
351 status = transform->add_transform_attribute(transform, attribute);
352 if (status != SUCCESS)
353 {
354 proposal->destroy(proposal);
355 return OUT_OF_RES;
356 }
357 attribute->set_attribute_type(attribute, KEY_LENGTH);
358 attribute->set_value(attribute, 16);
359
360
361 /*
362 * Diffie-Hellman Group
363 */
364 transform = transform_substructure_create();
365 if (transform == NULL)
366 {
367 proposal->destroy(proposal);
368 return OUT_OF_RES;
369 }
370 status = proposal->add_transform_substructure(proposal, transform);
371 if (status != SUCCESS)
372 {
373 proposal->destroy(proposal);
374 return OUT_OF_RES;
375 }
376 transform->set_transform_type(transform, DIFFIE_HELLMAN_GROUP);
377 transform->set_transform_id(transform, MODP_1024_BIT);
378
379 out->insert_after(out, (void*)proposal);
380
381 return SUCCESS;
382 }
383
384 static status_t is_dh_group_allowed_for_host(private_configuration_manager_t *this, host_t *host, diffie_hellman_group_t group, bool *allowed)
385 {
386 if (group == MODP_768_BIT ||
387 group == MODP_1024_BIT)
388 {
389 *allowed = TRUE;
390 }
391 *allowed = FALSE;
392 return SUCCESS;
393 }
394
395
396 /**
397 * Implements function destroy of configuration_t.
398 * See #configuration_s.destroy for description.
399 */
400 static status_t destroy(private_configuration_manager_t *this)
401 {
402 allocator_free(this);
403 return SUCCESS;
404 }
405
406 /*
407 * Described in header-file
408 */
409 configuration_manager_t *configuration_manager_create()
410 {
411 private_configuration_manager_t *this = allocator_alloc_thing(private_configuration_manager_t);
412 if (this == NULL)
413 {
414 return NULL;
415 }
416
417 /* public functions */
418 this->public.destroy = (status_t(*)(configuration_manager_t*))destroy;
419 this->public.get_remote_host = (status_t(*)(configuration_manager_t*,char*,host_t**))get_remote_host;
420 this->public.get_local_host = (status_t(*)(configuration_manager_t*,char*,host_t**))get_local_host;
421 this->public.get_dh_group_number = (status_t(*)(configuration_manager_t*,char*,u_int16_t *, u_int16_t))get_dh_group_number;
422 this->public.get_proposals_for_host = (status_t(*)(configuration_manager_t*,host_t*,linked_list_iterator_t*))get_proposals_for_host;
423 this->public.select_proposals_for_host = (status_t(*)(configuration_manager_t*,host_t*,linked_list_iterator_t*,linked_list_iterator_t*))select_proposals_for_host;
424 this->public.is_dh_group_allowed_for_host = (status_t(*)(configuration_manager_t*,host_t*,diffie_hellman_group_t,bool*)) is_dh_group_allowed_for_host;
425
426 return (&this->public);
427 }
strongSwan - IPsec VPN