(no commit message)
[strongswan.git] / Source / charon / configuration_manager.c
1 /**
2 * @file configuration.c
3 *
4 * @brief Configuration class used to store IKE_SA-configurations.
5 *
6 * Object of this type represents a configuration for an IKE_SA and its child_sa's.
7 *
8 */
9
10 /*
11 * Copyright (C) 2005 Jan Hutter, Martin Willi
12 * Hochschule fuer Technik Rapperswil
13 *
14 * This program is free software; you can redistribute it and/or modify it
15 * under the terms of the GNU General Public License as published by the
16 * Free Software Foundation; either version 2 of the License, or (at your
17 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
18 *
19 * This program is distributed in the hope that it will be useful, but
20 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
21 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
22 * for more details.
23 */
24
25 #include <stdlib.h>
26
27 #include "configuration_manager.h"
28
29 #include "types.h"
30 #include "utils/allocator.h"
31 #include "payloads/nonce_payload.h"
32 #include "payloads/proposal_substructure.h"
33 #include "payloads/ke_payload.h"
34 #include "payloads/transform_attribute.h"
35
36 /**
37 * Private data of an configuration_t object
38 */
39 typedef struct private_configuration_manager_s private_configuration_manager_t;
40
41 struct private_configuration_manager_s {
42
43 /**
44 * Public part
45 */
46 configuration_manager_t public;
47
48 };
49
50 static status_t get_remote_host(private_configuration_manager_t *this, char *name, host_t **host)
51 {
52 /* some hard coded users for testing */
53 host_t *remote;
54 if (strcmp(name, "pinflb30") == 0) {
55 remote = host_create(AF_INET, "152.96.193.130", 500);
56 if (remote == NULL) {
57 return OUT_OF_RES;
58 }
59 *host = remote;
60 return SUCCESS;
61 }
62 else if (strcmp(name, "pinflb31") == 0) {
63 remote = host_create(AF_INET, "152.96.193.131", 500);
64 if (remote == NULL) {
65 return OUT_OF_RES;
66 }
67 *host = remote;
68 return SUCCESS;
69 }
70 return NOT_FOUND;
71 }
72
73 static status_t get_local_host(private_configuration_manager_t *this, char *name, host_t **host)
74 {
75 /* use default route for now */
76 host_t *local;
77 local = host_create(AF_INET, "0.0.0.0", 0);
78 if (local == NULL)
79 {
80 return OUT_OF_RES;
81 }
82 *host = local;
83 return SUCCESS;
84 }
85
86 static status_t get_proposals_for_host(private_configuration_manager_t *this, host_t *host, linked_list_iterator_t *iterator)
87 {
88 /* use a default proposal:
89 * - ENCR_AES_CBC 128Bit
90 * - PRF_HMAC_SHA1 128Bit
91 * - AUTH_HMAC_SHA1_96 96Bit
92 * - MODP_1024_BIT
93 */
94 proposal_substructure_t *proposal;
95 transform_substructure_t *transform;
96 transform_attribute_t *attribute;
97 status_t status;
98
99 proposal = proposal_substructure_create();
100 if (proposal == NULL)
101 {
102 return OUT_OF_RES;
103 }
104
105 /*
106 * Encryption Algorithm
107 */
108 transform = transform_substructure_create();
109 if (transform == NULL)
110 {
111 proposal->destroy(proposal);
112 return OUT_OF_RES;
113 }
114 status = proposal->add_transform_substructure(proposal, transform);
115 if (status != SUCCESS)
116 {
117 proposal->destroy(proposal);
118 return OUT_OF_RES;
119 }
120 transform->set_is_last_transform(transform, FALSE);
121 transform->set_transform_type(transform, ENCRYPTION_ALGORITHM);
122 transform->set_transform_id(transform, ENCR_AES_CBC);
123
124 attribute = transform_attribute_create();
125 if (attribute == NULL)
126 {
127 proposal->destroy(proposal);
128 return OUT_OF_RES;
129 }
130 status = transform->add_transform_attribute(transform, attribute);
131 if (status != SUCCESS)
132 {
133 proposal->destroy(proposal);
134 return OUT_OF_RES;
135 }
136 attribute->set_attribute_type(attribute, KEY_LENGTH);
137 attribute->set_value(attribute, 16);
138
139 /*
140 * Pseudo-random Function
141 */
142 transform = transform_substructure_create();
143 if (transform == NULL)
144 {
145 proposal->destroy(proposal);
146 return OUT_OF_RES;
147 }
148 status = proposal->add_transform_substructure(proposal, transform);
149 if (status != SUCCESS)
150 {
151 proposal->destroy(proposal);
152 return OUT_OF_RES;
153 }
154 transform->set_is_last_transform(transform, FALSE);
155 transform->set_transform_type(transform, PSEUDO_RANDOM_FUNCTION);
156 transform->set_transform_id(transform, PRF_HMAC_SHA1);
157
158 attribute = transform_attribute_create();
159 if (attribute == NULL)
160 {
161 proposal->destroy(proposal);
162 return OUT_OF_RES;
163 }
164 status = transform->add_transform_attribute(transform, attribute);
165 if (status != SUCCESS)
166 {
167 proposal->destroy(proposal);
168 return OUT_OF_RES;
169 }
170 attribute->set_attribute_type(attribute, KEY_LENGTH);
171 attribute->set_value(attribute, 16);
172
173
174 /*
175 * Integrity Algorithm
176 */
177 transform = transform_substructure_create();
178 if (transform == NULL)
179 {
180 proposal->destroy(proposal);
181 return OUT_OF_RES;
182 }
183 status = proposal->add_transform_substructure(proposal, transform);
184 if (status != SUCCESS)
185 {
186 proposal->destroy(proposal);
187 return OUT_OF_RES;
188 }
189 transform->set_is_last_transform(transform, FALSE);
190 transform->set_transform_type(transform, INTEGRITIY_ALGORITHM);
191 transform->set_transform_id(transform, AUTH_HMAC_SHA1_96);
192
193 attribute = transform_attribute_create();
194 if (attribute == NULL)
195 {
196 proposal->destroy(proposal);
197 return OUT_OF_RES;
198 }
199 status = transform->add_transform_attribute(transform, attribute);
200 if (status != SUCCESS)
201 {
202 proposal->destroy(proposal);
203 return OUT_OF_RES;
204 }
205 attribute->set_attribute_type(attribute, KEY_LENGTH);
206 attribute->set_value(attribute, 12);
207
208
209 /*
210 * Diffie-Hellman Group
211 */
212 transform = transform_substructure_create();
213 if (transform == NULL)
214 {
215 proposal->destroy(proposal);
216 return OUT_OF_RES;
217 }
218 status = proposal->add_transform_substructure(proposal, transform);
219 if (status != SUCCESS)
220 {
221 proposal->destroy(proposal);
222 return OUT_OF_RES;
223 }
224 transform->set_is_last_transform(transform, FALSE);
225 transform->set_transform_type(transform, DIFFIE_HELLMAN_GROUP);
226 transform->set_transform_id(transform, MODP_1024_BIT);
227
228 iterator->insert_after(iterator, (void*)proposal);
229
230 return SUCCESS;
231 }
232
233 static status_t select_proposals_for_host(private_configuration_manager_t *this, host_t *host, linked_list_iterator_t *in, linked_list_iterator_t *out)
234 {
235
236
237 return FAILED;
238 }
239
240 static status_t is_dh_group_allowed_for_host(private_configuration_manager_t *this, host_t *host, diffie_hellman_group_t group, bool *allowed)
241 {
242 if (group == MODP_768_BIT ||
243 group == MODP_1024_BIT)
244 {
245 *allowed = TRUE;
246 }
247 *allowed = FALSE;
248 return SUCCESS;
249 }
250
251
252 /**
253 * Implements function destroy of configuration_t.
254 * See #configuration_s.destroy for description.
255 */
256 static status_t destroy(private_configuration_manager_t *this)
257 {
258 allocator_free(this);
259 return SUCCESS;
260 }
261
262 /*
263 * Described in header-file
264 */
265 configuration_manager_t *configuration_manager_create()
266 {
267 private_configuration_manager_t *this = allocator_alloc_thing(private_configuration_manager_t);
268 if (this == NULL)
269 {
270 return NULL;
271 }
272
273 /* public functions */
274 this->public.destroy = (status_t(*)(configuration_manager_t*))destroy;
275 this->public.get_remote_host = (status_t(*)(configuration_manager_t*,char*,host_t**))get_remote_host;
276 this->public.get_local_host = (status_t(*)(configuration_manager_t*,char*,host_t**))get_local_host;
277 this->public.get_proposals_for_host = (status_t(*)(configuration_manager_t*,host_t*,linked_list_iterator_t*))get_proposals_for_host;
278 this->public.select_proposals_for_host = (status_t(*)(configuration_manager_t*,host_t*,linked_list_iterator_t*,linked_list_iterator_t*))select_proposals_for_host;
279 this->public.is_dh_group_allowed_for_host = (status_t(*)(configuration_manager_t*,host_t*,diffie_hellman_group_t,bool*)) is_dh_group_allowed_for_host;
280
281 return (&this->public);
282 }