src/libcharon/config/ike_cfg.c

   1 /*
   2  * Copyright (C) 2005-2007 Martin Willi
   3  * Copyright (C) 2005 Jan Hutter
   4  * Hochschule fuer Technik Rapperswil
   5  *
   6  * This program is free software; you can redistribute it and/or modify it
   7  * under the terms of the GNU General Public License as published by the
   8  * Free Software Foundation; either version 2 of the License, or (at your
   9  * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
  10  *
  11  * This program is distributed in the hope that it will be useful, but
  12  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  13  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * for more details.
  15  */
  16
  17 #include "ike_cfg.h"
  18
  19 #include <string.h>
  20
  21 #include <daemon.h>
  22
  23
  24 ENUM(ike_version_names, IKE_ANY, IKEV2,
  25         "IKEv1/2",
  26         "IKEv1",
  27         "IKEv2",
  28 );
  29
  30 typedef struct private_ike_cfg_t private_ike_cfg_t;
  31
  32 /**
  33  * Private data of an ike_cfg_t object
  34  */
  35 struct private_ike_cfg_t {
  36
  37         /**
  38          * Public part
  39          */
  40         ike_cfg_t public;
  41
  42         /**
  43          * Number of references hold by others to this ike_cfg
  44          */
  45         refcount_t refcount;
  46
  47         /**
  48          * IKE version to use
  49          */
  50         ike_version_t version;
  51
  52         /**
  53          * Address of local host
  54          */
  55         char *me;
  56
  57         /**
  58          * Address of remote host
  59          */
  60         char *other;
  61
  62         /**
  63          * Allow override of local address
  64          */
  65         bool my_allow_any;
  66
  67         /**
  68          * Allow override of remote address
  69          */
  70         bool other_allow_any;
  71
  72         /**
  73          * our source port
  74          */
  75         u_int16_t my_port;
  76
  77         /**
  78          * destination port
  79          */
  80         u_int16_t other_port;
  81
  82         /**
  83          * should we send a certificate request?
  84          */
  85         bool certreq;
  86
  87         /**
  88          * enforce UDP encapsulation
  89          */
  90         bool force_encap;
  91
  92         /**
  93          * use IKEv1 fragmentation
  94          */
  95         fragmentation_t fragmentation;
  96
  97         /**
  98          * List of proposals to use
  99          */
 100         linked_list_t *proposals;
 101 };
 102
 103 METHOD(ike_cfg_t, get_version, ike_version_t,
 104         private_ike_cfg_t *this)
 105 {
 106         return this->version;
 107 }
 108
 109 METHOD(ike_cfg_t, send_certreq, bool,
 110         private_ike_cfg_t *this)
 111 {
 112         return this->certreq;
 113 }
 114
 115 METHOD(ike_cfg_t, force_encap_, bool,
 116         private_ike_cfg_t *this)
 117 {
 118         return this->force_encap;
 119 }
 120
 121 METHOD(ike_cfg_t, fragmentation, fragmentation_t,
 122         private_ike_cfg_t *this)
 123 {
 124         return this->fragmentation;
 125 }
 126
 127 METHOD(ike_cfg_t, get_my_addr, char*,
 128         private_ike_cfg_t *this, bool *allow_any)
 129 {
 130         if (allow_any)
 131         {
 132                 *allow_any = this->my_allow_any;
 133         }
 134         return this->me;
 135 }
 136
 137 METHOD(ike_cfg_t, get_other_addr, char*,
 138         private_ike_cfg_t *this, bool *allow_any)
 139 {
 140         if (allow_any)
 141         {
 142                 *allow_any = this->other_allow_any;
 143         }
 144         return this->other;
 145 }
 146
 147 METHOD(ike_cfg_t, get_my_port, u_int16_t,
 148         private_ike_cfg_t *this)
 149 {
 150         return this->my_port;
 151 }
 152
 153 METHOD(ike_cfg_t, get_other_port, u_int16_t,
 154         private_ike_cfg_t *this)
 155 {
 156         return this->other_port;
 157 }
 158
 159 METHOD(ike_cfg_t, add_proposal, void,
 160         private_ike_cfg_t *this, proposal_t *proposal)
 161 {
 162         this->proposals->insert_last(this->proposals, proposal);
 163 }
 164
 165 METHOD(ike_cfg_t, get_proposals, linked_list_t*,
 166         private_ike_cfg_t *this)
 167 {
 168         enumerator_t *enumerator;
 169         proposal_t *current;
 170         linked_list_t *proposals;
 171
 172         proposals = linked_list_create();
 173         enumerator = this->proposals->create_enumerator(this->proposals);
 174         while (enumerator->enumerate(enumerator, &current))
 175         {
 176                 current = current->clone(current);
 177                 proposals->insert_last(proposals, current);
 178         }
 179         enumerator->destroy(enumerator);
 180
 181         DBG2(DBG_CFG, "configured proposals: %#P", proposals);
 182
 183         return proposals;
 184 }
 185
 186 METHOD(ike_cfg_t, select_proposal, proposal_t*,
 187         private_ike_cfg_t *this, linked_list_t *proposals, bool private)
 188 {
 189         enumerator_t *stored_enum, *supplied_enum;
 190         proposal_t *stored, *supplied, *selected;
 191
 192         stored_enum = this->proposals->create_enumerator(this->proposals);
 193         supplied_enum = proposals->create_enumerator(proposals);
 194
 195
 196         /* compare all stored proposals with all supplied. Stored ones are preferred.*/
 197         while (stored_enum->enumerate(stored_enum, (void**)&stored))
 198         {
 199                 proposals->reset_enumerator(proposals, supplied_enum);
 200
 201                 while (supplied_enum->enumerate(supplied_enum, (void**)&supplied))
 202                 {
 203                         selected = stored->select(stored, supplied, private);
 204                         if (selected)
 205                         {
 206                                 /* they match, return */
 207                                 stored_enum->destroy(stored_enum);
 208                                 supplied_enum->destroy(supplied_enum);
 209                                 DBG2(DBG_CFG, "received proposals: %#P", proposals);
 210                                 DBG2(DBG_CFG, "configured proposals: %#P", this->proposals);
 211                                 DBG2(DBG_CFG, "selected proposal: %P", selected);
 212                                 return selected;
 213                         }
 214                 }
 215         }
 216         /* no proposal match :-(, will result in a NO_PROPOSAL_CHOSEN... */
 217         stored_enum->destroy(stored_enum);
 218         supplied_enum->destroy(supplied_enum);
 219         DBG1(DBG_CFG, "received proposals: %#P", proposals);
 220         DBG1(DBG_CFG, "configured proposals: %#P", this->proposals);
 221
 222         return NULL;
 223 }
 224
 225 METHOD(ike_cfg_t, get_dh_group, diffie_hellman_group_t,
 226         private_ike_cfg_t *this)
 227 {
 228         enumerator_t *enumerator;
 229         proposal_t *proposal;
 230         u_int16_t dh_group = MODP_NONE;
 231
 232         enumerator = this->proposals->create_enumerator(this->proposals);
 233         while (enumerator->enumerate(enumerator, &proposal))
 234         {
 235                 if (proposal->get_algorithm(proposal, DIFFIE_HELLMAN_GROUP, &dh_group, NULL))
 236                 {
 237                         break;
 238                 }
 239         }
 240         enumerator->destroy(enumerator);
 241         return dh_group;
 242 }
 243
 244 METHOD(ike_cfg_t, equals, bool,
 245         private_ike_cfg_t *this, ike_cfg_t *other_public)
 246 {
 247         private_ike_cfg_t *other = (private_ike_cfg_t*)other_public;
 248         enumerator_t *e1, *e2;
 249         proposal_t *p1, *p2;
 250         bool eq = TRUE;
 251
 252         if (this == other)
 253         {
 254                 return TRUE;
 255         }
 256         if (this->public.equals != other->public.equals)
 257         {
 258                 return FALSE;
 259         }
 260         if (this->proposals->get_count(this->proposals) !=
 261                 other->proposals->get_count(other->proposals))
 262         {
 263                 return FALSE;
 264         }
 265         e1 = this->proposals->create_enumerator(this->proposals);
 266         e2 = this->proposals->create_enumerator(this->proposals);
 267         while (e1->enumerate(e1, &p1) && e2->enumerate(e2, &p2))
 268         {
 269                 if (!p1->equals(p1, p2))
 270                 {
 271                         eq = FALSE;
 272                         break;
 273                 }
 274         }
 275         e1->destroy(e1);
 276         e2->destroy(e2);
 277
 278         return (eq &&
 279                 this->version == other->version &&
 280                 this->certreq == other->certreq &&
 281                 this->force_encap == other->force_encap &&
 282                 this->fragmentation == other->fragmentation &&
 283                 streq(this->me, other->me) &&
 284                 streq(this->other, other->other) &&
 285                 this->my_port == other->my_port &&
 286                 this->other_port == other->other_port);
 287 }
 288
 289 METHOD(ike_cfg_t, get_ref, ike_cfg_t*,
 290         private_ike_cfg_t *this)
 291 {
 292         ref_get(&this->refcount);
 293         return &this->public;
 294 }
 295
 296 METHOD(ike_cfg_t, destroy, void,
 297         private_ike_cfg_t *this)
 298 {
 299         if (ref_put(&this->refcount))
 300         {
 301                 this->proposals->destroy_offset(this->proposals,
 302                                                                                 offsetof(proposal_t, destroy));
 303                 free(this->me);
 304                 free(this->other);
 305                 free(this);
 306         }
 307 }
 308
 309 /**
 310  * Described in header.
 311  */
 312 ike_cfg_t *ike_cfg_create(ike_version_t version, bool certreq, bool force_encap,
 313                                                   char *me, bool my_allow_any, u_int16_t my_port,
 314                                                   char *other, bool other_allow_any, u_int16_t other_port,
 315                                                   fragmentation_t fragmentation)
 316 {
 317         private_ike_cfg_t *this;
 318
 319         INIT(this,
 320                 .public = {
 321                         .get_version = _get_version,
 322                         .send_certreq = _send_certreq,
 323                         .force_encap = _force_encap_,
 324                         .fragmentation = _fragmentation,
 325                         .get_my_addr = _get_my_addr,
 326                         .get_other_addr = _get_other_addr,
 327                         .get_my_port = _get_my_port,
 328                         .get_other_port = _get_other_port,
 329                         .add_proposal = _add_proposal,
 330                         .get_proposals = _get_proposals,
 331                         .select_proposal = _select_proposal,
 332                         .get_dh_group = _get_dh_group,
 333                         .equals = _equals,
 334                         .get_ref = _get_ref,
 335                         .destroy = _destroy,
 336                 },
 337                 .refcount = 1,
 338                 .version = version,
 339                 .certreq = certreq,
 340                 .force_encap = force_encap,
 341                 .fragmentation = fragmentation,
 342                 .me = strdup(me),
 343                 .other = strdup(other),
 344                 .my_allow_any = my_allow_any,
 345                 .other_allow_any = other_allow_any,
 346                 .my_port = my_port,
 347                 .other_port = other_port,
 348                 .proposals = linked_list_create(),
 349         );
 350
 351         return &this->public;
 352 }