243c89633c9a0cd3dbde304556ade541dce4cbc2
[strongswan.git] / src / charon / config / connections / connection.c
1 /**
2 * @file connection.c
3 *
4 * @brief Implementation of connection_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2005 Jan Hutter, Martin Willi
10 * Hochschule fuer Technik Rapperswil
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * for more details.
21 */
22
23 #include <string.h>
24
25 #include "connection.h"
26
27 #include <utils/linked_list.h>
28 #include <utils/logger.h>
29
30 /**
31 * String mappings for auth_method_t.
32 */
33 mapping_t auth_method_m[] = {
34 {RSA_DIGITAL_SIGNATURE, "RSA"},
35 {SHARED_KEY_MESSAGE_INTEGRITY_CODE, "SHARED_KEY"},
36 {DSS_DIGITAL_SIGNATURE, "DSS"},
37 {MAPPING_END, NULL}
38 };
39
40 /**
41 * String mappings for cert_policy_t.
42 */
43 mapping_t cert_policy_m[] = {
44 {CERT_ALWAYS_SEND, "CERT_ALWAYS_SEND"},
45 {CERT_SEND_IF_ASKED, "CERT_SEND_IF_ASKED"},
46 {CERT_NEVER_SEND, "CERT_NEVER_SEND"},
47 {MAPPING_END, NULL}
48 };
49
50 typedef struct private_connection_t private_connection_t;
51
52 /**
53 * Private data of an connection_t object
54 */
55 struct private_connection_t {
56
57 /**
58 * Public part
59 */
60 connection_t public;
61
62 /**
63 * Name of the connection
64 */
65 char *name;
66
67 /**
68 * Does charon handle this connection? Or can he ignore it?
69 */
70 bool ikev2;
71
72 /**
73 * should we send a certificate request?
74 */
75 cert_policy_t cert_req_policy;
76
77 /**
78 * should we send a certificates?
79 */
80 cert_policy_t cert_policy;
81
82 /**
83 * ID of us
84 */
85 identification_t *my_id;
86
87 /**
88 * Host information of my host.
89 */
90 host_t *my_host;
91
92 /**
93 * Host information of other host.
94 */
95 host_t *other_host;
96
97 /**
98 * Method to use for own authentication data
99 */
100 auth_method_t auth_method;
101
102 /**
103 * Supported proposals
104 */
105 linked_list_t *proposals;
106 };
107
108 /**
109 * Implementation of connection_t.get_name.
110 */
111 static char *get_name (private_connection_t *this)
112 {
113 return this->name;
114 }
115
116 /**
117 * Implementation of connection_t.is_ikev2.
118 */
119 static bool is_ikev2 (private_connection_t *this)
120 {
121 return this->ikev2;
122 }
123
124 /**
125 * Implementation of connection_t.get_cert_req_policy.
126 */
127 static cert_policy_t get_cert_req_policy (private_connection_t *this)
128 {
129 return this->cert_req_policy;
130 }
131
132 /**
133 * Implementation of connection_t.get_cert_policy.
134 */
135 static cert_policy_t get_cert_policy (private_connection_t *this)
136 {
137 return this->cert_policy;
138 }
139
140 /**
141 * Implementation of connection_t.get_my_host.
142 */
143 static host_t *get_my_host (private_connection_t *this)
144 {
145 return this->my_host;
146 }
147
148 /**
149 * Implementation of connection_t.get_other_host.
150 */
151 static host_t *get_other_host (private_connection_t *this)
152 {
153 return this->other_host;
154 }
155
156 /**
157 * Implementation of connection_t.update_my_host.
158 */
159 static void update_my_host(private_connection_t *this, host_t *my_host)
160 {
161 this->my_host->destroy(this->my_host);
162 this->my_host = my_host;
163 }
164
165 /**
166 * Implementation of connection_t.update_other_host.
167 */
168 static void update_other_host(private_connection_t *this, host_t *other_host)
169 {
170 this->other_host->destroy(this->other_host);
171 this->other_host = other_host;
172 }
173
174 /**
175 * Implementation of connection_t.get_proposals.
176 */
177 static linked_list_t* get_proposals(private_connection_t *this)
178 {
179 return this->proposals;
180 }
181
182 /**
183 * Implementation of connection_t.select_proposal.
184 */
185 static proposal_t *select_proposal(private_connection_t *this, linked_list_t *proposals)
186 {
187 iterator_t *stored_iter, *supplied_iter;
188 proposal_t *stored, *supplied, *selected;
189
190 stored_iter = this->proposals->create_iterator(this->proposals, TRUE);
191 supplied_iter = proposals->create_iterator(proposals, TRUE);
192
193 /* compare all stored proposals with all supplied. Stored ones are preferred. */
194 while (stored_iter->has_next(stored_iter))
195 {
196 supplied_iter->reset(supplied_iter);
197 stored_iter->current(stored_iter, (void**)&stored);
198
199 while (supplied_iter->has_next(supplied_iter))
200 {
201 supplied_iter->current(supplied_iter, (void**)&supplied);
202 selected = stored->select(stored, supplied);
203 if (selected)
204 {
205 /* they match, return */
206 stored_iter->destroy(stored_iter);
207 supplied_iter->destroy(supplied_iter);
208 return selected;
209 }
210 }
211 }
212 /* no proposal match :-(, will result in a NO_PROPOSAL_CHOSEN... */
213 stored_iter->destroy(stored_iter);
214 supplied_iter->destroy(supplied_iter);
215
216 return NULL;
217 }
218
219 /**
220 * Implementation of connection_t.add_proposal.
221 */
222 static void add_proposal(private_connection_t *this, proposal_t *proposal)
223 {
224 this->proposals->insert_last(this->proposals, proposal);
225 }
226
227 /**
228 * Implementation of connection_t.auth_method_t.
229 */
230 static auth_method_t get_auth_method(private_connection_t *this)
231 {
232 return this->auth_method;
233 }
234
235 /**
236 * Implementation of connection_t.get_dh_group.
237 */
238 static diffie_hellman_group_t get_dh_group(private_connection_t *this)
239 {
240 iterator_t *iterator;
241 proposal_t *proposal;
242 algorithm_t *algo;
243 diffie_hellman_group_t dh_group = MODP_NONE;
244
245 iterator = this->proposals->create_iterator(this->proposals, TRUE);
246 while (iterator->has_next(iterator))
247 {
248 iterator->current(iterator, (void**)&proposal);
249 if (proposal->get_algorithm(proposal, DIFFIE_HELLMAN_GROUP, &algo))
250 {
251 dh_group = algo->algorithm;
252 break;
253 }
254 }
255 iterator->destroy(iterator);
256 return dh_group;
257 }
258
259 /**
260 * Implementation of connection_t.check_dh_group.
261 */
262 static bool check_dh_group(private_connection_t *this, diffie_hellman_group_t dh_group)
263 {
264 iterator_t *prop_iter, *alg_iter;
265 proposal_t *proposal;
266 algorithm_t *algo;
267
268 prop_iter = this->proposals->create_iterator(this->proposals, TRUE);
269 while (prop_iter->has_next(prop_iter))
270 {
271 prop_iter->current(prop_iter, (void**)&proposal);
272 alg_iter = proposal->create_algorithm_iterator(proposal, DIFFIE_HELLMAN_GROUP);
273 while (alg_iter->has_next(alg_iter))
274 {
275 alg_iter->current(alg_iter, (void**)&algo);
276 if (algo->algorithm == dh_group)
277 {
278 prop_iter->destroy(prop_iter);
279 alg_iter->destroy(alg_iter);
280 return TRUE;
281 }
282 }
283 }
284 prop_iter->destroy(prop_iter);
285 alg_iter->destroy(alg_iter);
286 return FALSE;
287 }
288
289 /**
290 * Implementation of connection_t.clone.
291 */
292 static connection_t *clone(private_connection_t *this)
293 {
294 iterator_t *iterator;
295 proposal_t *proposal;
296 private_connection_t *clone = (private_connection_t*)connection_create(
297 this->name, this->ikev2,
298 this->cert_policy, this->cert_req_policy,
299 this->my_host->clone(this->my_host),
300 this->other_host->clone(this->other_host),
301 this->auth_method);
302
303 /* clone all proposals */
304 iterator = this->proposals->create_iterator(this->proposals, TRUE);
305 while (iterator->has_next(iterator))
306 {
307 iterator->current(iterator, (void**)&proposal);
308 proposal = proposal->clone(proposal);
309 clone->proposals->insert_last(clone->proposals, (void*)proposal);
310 }
311 iterator->destroy(iterator);
312
313 return &clone->public;
314 }
315
316 /**
317 * Implementation of connection_t.destroy.
318 */
319 static void destroy(private_connection_t *this)
320 {
321 proposal_t *proposal;
322
323 while (this->proposals->remove_last(this->proposals, (void**)&proposal) == SUCCESS)
324 {
325 proposal->destroy(proposal);
326 }
327 this->proposals->destroy(this->proposals);
328
329 this->my_host->destroy(this->my_host);
330 this->other_host->destroy(this->other_host);
331 free(this->name);
332 free(this);
333 }
334
335 /**
336 * Described in header.
337 */
338 connection_t * connection_create(char *name, bool ikev2,
339 cert_policy_t cert_policy, cert_policy_t cert_req_policy,
340 host_t *my_host, host_t *other_host,
341 auth_method_t auth_method)
342 {
343 private_connection_t *this = malloc_thing(private_connection_t);
344
345 /* public functions */
346 this->public.get_name = (char*(*)(connection_t*))get_name;
347 this->public.is_ikev2 = (bool(*)(connection_t*))is_ikev2;
348 this->public.get_cert_policy = (cert_policy_t(*)(connection_t*))get_cert_policy;
349 this->public.get_cert_req_policy = (cert_policy_t(*)(connection_t*))get_cert_req_policy;
350 this->public.get_my_host = (host_t*(*)(connection_t*))get_my_host;
351 this->public.update_my_host = (void(*)(connection_t*,host_t*))update_my_host;
352 this->public.update_other_host = (void(*)(connection_t*,host_t*))update_other_host;
353 this->public.get_other_host = (host_t*(*)(connection_t*))get_other_host;
354 this->public.get_proposals = (linked_list_t*(*)(connection_t*))get_proposals;
355 this->public.select_proposal = (proposal_t*(*)(connection_t*,linked_list_t*))select_proposal;
356 this->public.add_proposal = (void(*)(connection_t*, proposal_t*)) add_proposal;
357 this->public.get_auth_method = (auth_method_t(*)(connection_t*)) get_auth_method;
358 this->public.get_dh_group = (diffie_hellman_group_t(*)(connection_t*)) get_dh_group;
359 this->public.check_dh_group = (bool(*)(connection_t*,diffie_hellman_group_t)) check_dh_group;
360 this->public.clone = (connection_t*(*)(connection_t*))clone;
361 this->public.destroy = (void(*)(connection_t*))destroy;
362
363 /* private variables */
364 this->name = strdup(name);
365 this->ikev2 = ikev2;
366 this->cert_policy = cert_policy;
367 this->cert_req_policy = cert_req_policy;
368 this->my_host = my_host;
369 this->other_host = other_host;
370 this->auth_method = auth_method;
371
372 this->proposals = linked_list_create();
373
374 return (&this->public);
375 }