5055a931c4c1690c5e04c73cadd5df69b1746975
[strongswan.git] / src / libcharon / config / ike_cfg.c
1 /*
2 * Copyright (C) 2005-2007 Martin Willi
3 * Copyright (C) 2005 Jan Hutter
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include "ike_cfg.h"
18
19 #include <string.h>
20
21 #include <daemon.h>
22
23
24 typedef struct private_ike_cfg_t private_ike_cfg_t;
25
26 /**
27 * Private data of an ike_cfg_t object
28 */
29 struct private_ike_cfg_t {
30
31 /**
32 * Public part
33 */
34 ike_cfg_t public;
35
36 /**
37 * Number of references hold by others to this ike_cfg
38 */
39 refcount_t refcount;
40
41 /**
42 * Address of local host
43 */
44 char *me;
45
46 /**
47 * Address of remote host
48 */
49 char *other;
50
51 /**
52 * Allow override of local address
53 */
54 bool my_allow_any;
55
56 /**
57 * Allow override of remote address
58 */
59 bool other_allow_any;
60
61 /**
62 * our source port
63 */
64 u_int16_t my_port;
65
66 /**
67 * destination port
68 */
69 u_int16_t other_port;
70
71 /**
72 * should we send a certificate request?
73 */
74 bool certreq;
75
76 /**
77 * enforce UDP encapsulation
78 */
79 bool force_encap;
80
81 /**
82 * List of proposals to use
83 */
84 linked_list_t *proposals;
85 };
86
87 METHOD(ike_cfg_t, send_certreq, bool,
88 private_ike_cfg_t *this)
89 {
90 return this->certreq;
91 }
92
93 METHOD(ike_cfg_t, force_encap_, bool,
94 private_ike_cfg_t *this)
95 {
96 return this->force_encap;
97 }
98
99 METHOD(ike_cfg_t, get_my_addr, char*,
100 private_ike_cfg_t *this, bool *allow_any)
101 {
102 if (allow_any)
103 {
104 *allow_any = this->my_allow_any;
105 }
106 return this->me;
107 }
108
109 METHOD(ike_cfg_t, get_other_addr, char*,
110 private_ike_cfg_t *this, bool *allow_any)
111 {
112 if (allow_any)
113 {
114 *allow_any = this->other_allow_any;
115 }
116 return this->other;
117 }
118
119 METHOD(ike_cfg_t, get_my_port, u_int16_t,
120 private_ike_cfg_t *this)
121 {
122 return this->my_port;
123 }
124
125 METHOD(ike_cfg_t, get_other_port, u_int16_t,
126 private_ike_cfg_t *this)
127 {
128 return this->other_port;
129 }
130
131 METHOD(ike_cfg_t, add_proposal, void,
132 private_ike_cfg_t *this, proposal_t *proposal)
133 {
134 this->proposals->insert_last(this->proposals, proposal);
135 }
136
137 METHOD(ike_cfg_t, get_proposals, linked_list_t*,
138 private_ike_cfg_t *this)
139 {
140 enumerator_t *enumerator;
141 proposal_t *current;
142 linked_list_t *proposals;
143
144 proposals = linked_list_create();
145 enumerator = this->proposals->create_enumerator(this->proposals);
146 while (enumerator->enumerate(enumerator, &current))
147 {
148 current = current->clone(current);
149 proposals->insert_last(proposals, current);
150 }
151 enumerator->destroy(enumerator);
152
153 return proposals;
154 }
155
156 METHOD(ike_cfg_t, select_proposal, proposal_t*,
157 private_ike_cfg_t *this, linked_list_t *proposals, bool private)
158 {
159 enumerator_t *stored_enum, *supplied_enum;
160 proposal_t *stored, *supplied, *selected;
161
162 stored_enum = this->proposals->create_enumerator(this->proposals);
163 supplied_enum = proposals->create_enumerator(proposals);
164
165
166 /* compare all stored proposals with all supplied. Stored ones are preferred.*/
167 while (stored_enum->enumerate(stored_enum, (void**)&stored))
168 {
169 proposals->reset_enumerator(proposals, supplied_enum);
170
171 while (supplied_enum->enumerate(supplied_enum, (void**)&supplied))
172 {
173 selected = stored->select(stored, supplied, private);
174 if (selected)
175 {
176 /* they match, return */
177 stored_enum->destroy(stored_enum);
178 supplied_enum->destroy(supplied_enum);
179 DBG2(DBG_CFG, "received proposals: %#P", proposals);
180 DBG2(DBG_CFG, "configured proposals: %#P", this->proposals);
181 DBG2(DBG_CFG, "selected proposal: %P", selected);
182 return selected;
183 }
184 }
185 }
186 /* no proposal match :-(, will result in a NO_PROPOSAL_CHOSEN... */
187 stored_enum->destroy(stored_enum);
188 supplied_enum->destroy(supplied_enum);
189 DBG1(DBG_CFG, "received proposals: %#P", proposals);
190 DBG1(DBG_CFG, "configured proposals: %#P", this->proposals);
191
192 return NULL;
193 }
194
195 METHOD(ike_cfg_t, get_dh_group, diffie_hellman_group_t,
196 private_ike_cfg_t *this)
197 {
198 enumerator_t *enumerator;
199 proposal_t *proposal;
200 u_int16_t dh_group = MODP_NONE;
201
202 enumerator = this->proposals->create_enumerator(this->proposals);
203 while (enumerator->enumerate(enumerator, &proposal))
204 {
205 if (proposal->get_algorithm(proposal, DIFFIE_HELLMAN_GROUP, &dh_group, NULL))
206 {
207 break;
208 }
209 }
210 enumerator->destroy(enumerator);
211 return dh_group;
212 }
213
214 METHOD(ike_cfg_t, equals, bool,
215 private_ike_cfg_t *this, ike_cfg_t *other_public)
216 {
217 private_ike_cfg_t *other = (private_ike_cfg_t*)other_public;
218 enumerator_t *e1, *e2;
219 proposal_t *p1, *p2;
220 bool eq = TRUE;
221
222 if (this == other)
223 {
224 return TRUE;
225 }
226 if (this->public.equals != other->public.equals)
227 {
228 return FALSE;
229 }
230 if (this->proposals->get_count(this->proposals) !=
231 other->proposals->get_count(other->proposals))
232 {
233 return FALSE;
234 }
235 e1 = this->proposals->create_enumerator(this->proposals);
236 e2 = this->proposals->create_enumerator(this->proposals);
237 while (e1->enumerate(e1, &p1) && e2->enumerate(e2, &p2))
238 {
239 if (!p1->equals(p1, p2))
240 {
241 eq = FALSE;
242 break;
243 }
244 }
245 e1->destroy(e1);
246 e2->destroy(e2);
247
248 return (eq &&
249 this->certreq == other->certreq &&
250 this->force_encap == other->force_encap &&
251 streq(this->me, other->me) &&
252 streq(this->other, other->other) &&
253 this->my_port == other->my_port &&
254 this->other_port == other->other_port);
255 }
256
257 METHOD(ike_cfg_t, get_ref, ike_cfg_t*,
258 private_ike_cfg_t *this)
259 {
260 ref_get(&this->refcount);
261 return &this->public;
262 }
263
264 METHOD(ike_cfg_t, destroy, void,
265 private_ike_cfg_t *this)
266 {
267 if (ref_put(&this->refcount))
268 {
269 this->proposals->destroy_offset(this->proposals,
270 offsetof(proposal_t, destroy));
271 free(this->me);
272 free(this->other);
273 free(this);
274 }
275 }
276
277 /**
278 * Described in header.
279 */
280 ike_cfg_t *ike_cfg_create(bool certreq, bool force_encap,
281 char *me, bool my_allow_any, u_int16_t my_port,
282 char *other, bool other_allow_any, u_int16_t other_port)
283 {
284 private_ike_cfg_t *this;
285
286 INIT(this,
287 .public = {
288 .send_certreq = _send_certreq,
289 .force_encap = _force_encap_,
290 .get_my_addr = _get_my_addr,
291 .get_other_addr = _get_other_addr,
292 .get_my_port = _get_my_port,
293 .get_other_port = _get_other_port,
294 .add_proposal = _add_proposal,
295 .get_proposals = _get_proposals,
296 .select_proposal = _select_proposal,
297 .get_dh_group = _get_dh_group,
298 .equals = _equals,
299 .get_ref = _get_ref,
300 .destroy = _destroy,
301 },
302 .refcount = 1,
303 .certreq = certreq,
304 .force_encap = force_encap,
305 .me = strdup(me),
306 .other = strdup(other),
307 .my_allow_any = my_allow_any,
308 .other_allow_any = other_allow_any,
309 .my_port = my_port,
310 .other_port = other_port,
311 .proposals = linked_list_create(),
312 );
313
314 return &this->public;
315 }