e87b47e69c8a57b83a14c070d89fc7e5ca593cb4
[strongswan.git] / src / libcharon / config / ike_cfg.c
1 /*
2 * Copyright (C) 2005-2007 Martin Willi
3 * Copyright (C) 2005 Jan Hutter
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include "ike_cfg.h"
18
19 #include <string.h>
20
21 #include <daemon.h>
22
23
24 ENUM(ike_version_names, IKE_ANY, IKEV2,
25 "IKEv1/2",
26 "IKEv1",
27 "IKEv2",
28 );
29
30 typedef struct private_ike_cfg_t private_ike_cfg_t;
31
32 /**
33 * Private data of an ike_cfg_t object
34 */
35 struct private_ike_cfg_t {
36
37 /**
38 * Public part
39 */
40 ike_cfg_t public;
41
42 /**
43 * Number of references hold by others to this ike_cfg
44 */
45 refcount_t refcount;
46
47 /**
48 * IKE version to use
49 */
50 ike_version_t version;
51
52 /**
53 * Address of local host
54 */
55 char *me;
56
57 /**
58 * Address of remote host
59 */
60 char *other;
61
62 /**
63 * Allow override of local address
64 */
65 bool my_allow_any;
66
67 /**
68 * Allow override of remote address
69 */
70 bool other_allow_any;
71
72 /**
73 * our source port
74 */
75 u_int16_t my_port;
76
77 /**
78 * destination port
79 */
80 u_int16_t other_port;
81
82 /**
83 * should we send a certificate request?
84 */
85 bool certreq;
86
87 /**
88 * enforce UDP encapsulation
89 */
90 bool force_encap;
91
92 /**
93 * use IKEv1 fragmentation
94 */
95 bool fragmentation;
96
97 /**
98 * List of proposals to use
99 */
100 linked_list_t *proposals;
101 };
102
103 METHOD(ike_cfg_t, get_version, ike_version_t,
104 private_ike_cfg_t *this)
105 {
106 return this->version;
107 }
108
109 METHOD(ike_cfg_t, send_certreq, bool,
110 private_ike_cfg_t *this)
111 {
112 return this->certreq;
113 }
114
115 METHOD(ike_cfg_t, force_encap_, bool,
116 private_ike_cfg_t *this)
117 {
118 return this->force_encap;
119 }
120
121 METHOD(ike_cfg_t, fragmentation, bool,
122 private_ike_cfg_t *this)
123 {
124 return this->fragmentation;
125 }
126
127 METHOD(ike_cfg_t, get_my_addr, char*,
128 private_ike_cfg_t *this, bool *allow_any)
129 {
130 if (allow_any)
131 {
132 *allow_any = this->my_allow_any;
133 }
134 return this->me;
135 }
136
137 METHOD(ike_cfg_t, get_other_addr, char*,
138 private_ike_cfg_t *this, bool *allow_any)
139 {
140 if (allow_any)
141 {
142 *allow_any = this->other_allow_any;
143 }
144 return this->other;
145 }
146
147 METHOD(ike_cfg_t, get_my_port, u_int16_t,
148 private_ike_cfg_t *this)
149 {
150 return this->my_port;
151 }
152
153 METHOD(ike_cfg_t, get_other_port, u_int16_t,
154 private_ike_cfg_t *this)
155 {
156 return this->other_port;
157 }
158
159 METHOD(ike_cfg_t, add_proposal, void,
160 private_ike_cfg_t *this, proposal_t *proposal)
161 {
162 this->proposals->insert_last(this->proposals, proposal);
163 }
164
165 METHOD(ike_cfg_t, get_proposals, linked_list_t*,
166 private_ike_cfg_t *this)
167 {
168 enumerator_t *enumerator;
169 proposal_t *current;
170 linked_list_t *proposals;
171
172 proposals = linked_list_create();
173 enumerator = this->proposals->create_enumerator(this->proposals);
174 while (enumerator->enumerate(enumerator, &current))
175 {
176 current = current->clone(current);
177 proposals->insert_last(proposals, current);
178 }
179 enumerator->destroy(enumerator);
180
181 DBG2(DBG_CFG, "configured proposals: %#P", proposals);
182
183 return proposals;
184 }
185
186 METHOD(ike_cfg_t, select_proposal, proposal_t*,
187 private_ike_cfg_t *this, linked_list_t *proposals, bool private)
188 {
189 enumerator_t *stored_enum, *supplied_enum;
190 proposal_t *stored, *supplied, *selected;
191
192 stored_enum = this->proposals->create_enumerator(this->proposals);
193 supplied_enum = proposals->create_enumerator(proposals);
194
195
196 /* compare all stored proposals with all supplied. Stored ones are preferred.*/
197 while (stored_enum->enumerate(stored_enum, (void**)&stored))
198 {
199 proposals->reset_enumerator(proposals, supplied_enum);
200
201 while (supplied_enum->enumerate(supplied_enum, (void**)&supplied))
202 {
203 selected = stored->select(stored, supplied, private);
204 if (selected)
205 {
206 /* they match, return */
207 stored_enum->destroy(stored_enum);
208 supplied_enum->destroy(supplied_enum);
209 DBG2(DBG_CFG, "received proposals: %#P", proposals);
210 DBG2(DBG_CFG, "configured proposals: %#P", this->proposals);
211 DBG2(DBG_CFG, "selected proposal: %P", selected);
212 return selected;
213 }
214 }
215 }
216 /* no proposal match :-(, will result in a NO_PROPOSAL_CHOSEN... */
217 stored_enum->destroy(stored_enum);
218 supplied_enum->destroy(supplied_enum);
219 DBG1(DBG_CFG, "received proposals: %#P", proposals);
220 DBG1(DBG_CFG, "configured proposals: %#P", this->proposals);
221
222 return NULL;
223 }
224
225 METHOD(ike_cfg_t, get_dh_group, diffie_hellman_group_t,
226 private_ike_cfg_t *this)
227 {
228 enumerator_t *enumerator;
229 proposal_t *proposal;
230 u_int16_t dh_group = MODP_NONE;
231
232 enumerator = this->proposals->create_enumerator(this->proposals);
233 while (enumerator->enumerate(enumerator, &proposal))
234 {
235 if (proposal->get_algorithm(proposal, DIFFIE_HELLMAN_GROUP, &dh_group, NULL))
236 {
237 break;
238 }
239 }
240 enumerator->destroy(enumerator);
241 return dh_group;
242 }
243
244 METHOD(ike_cfg_t, equals, bool,
245 private_ike_cfg_t *this, ike_cfg_t *other_public)
246 {
247 private_ike_cfg_t *other = (private_ike_cfg_t*)other_public;
248 enumerator_t *e1, *e2;
249 proposal_t *p1, *p2;
250 bool eq = TRUE;
251
252 if (this == other)
253 {
254 return TRUE;
255 }
256 if (this->public.equals != other->public.equals)
257 {
258 return FALSE;
259 }
260 if (this->proposals->get_count(this->proposals) !=
261 other->proposals->get_count(other->proposals))
262 {
263 return FALSE;
264 }
265 e1 = this->proposals->create_enumerator(this->proposals);
266 e2 = this->proposals->create_enumerator(this->proposals);
267 while (e1->enumerate(e1, &p1) && e2->enumerate(e2, &p2))
268 {
269 if (!p1->equals(p1, p2))
270 {
271 eq = FALSE;
272 break;
273 }
274 }
275 e1->destroy(e1);
276 e2->destroy(e2);
277
278 return (eq &&
279 this->version == other->version &&
280 this->certreq == other->certreq &&
281 this->force_encap == other->force_encap &&
282 this->fragmentation == other->fragmentation &&
283 streq(this->me, other->me) &&
284 streq(this->other, other->other) &&
285 this->my_port == other->my_port &&
286 this->other_port == other->other_port);
287 }
288
289 METHOD(ike_cfg_t, get_ref, ike_cfg_t*,
290 private_ike_cfg_t *this)
291 {
292 ref_get(&this->refcount);
293 return &this->public;
294 }
295
296 METHOD(ike_cfg_t, destroy, void,
297 private_ike_cfg_t *this)
298 {
299 if (ref_put(&this->refcount))
300 {
301 this->proposals->destroy_offset(this->proposals,
302 offsetof(proposal_t, destroy));
303 free(this->me);
304 free(this->other);
305 free(this);
306 }
307 }
308
309 /**
310 * Described in header.
311 */
312 ike_cfg_t *ike_cfg_create(ike_version_t version, bool certreq, bool force_encap,
313 char *me, bool my_allow_any, u_int16_t my_port,
314 char *other, bool other_allow_any, u_int16_t other_port,
315 bool fragmentation)
316 {
317 private_ike_cfg_t *this;
318
319 INIT(this,
320 .public = {
321 .get_version = _get_version,
322 .send_certreq = _send_certreq,
323 .force_encap = _force_encap_,
324 .fragmentation = _fragmentation,
325 .get_my_addr = _get_my_addr,
326 .get_other_addr = _get_other_addr,
327 .get_my_port = _get_my_port,
328 .get_other_port = _get_other_port,
329 .add_proposal = _add_proposal,
330 .get_proposals = _get_proposals,
331 .select_proposal = _select_proposal,
332 .get_dh_group = _get_dh_group,
333 .equals = _equals,
334 .get_ref = _get_ref,
335 .destroy = _destroy,
336 },
337 .refcount = 1,
338 .version = version,
339 .certreq = certreq,
340 .force_encap = force_encap,
341 .fragmentation = fragmentation,
342 .me = strdup(me),
343 .other = strdup(other),
344 .my_allow_any = my_allow_any,
345 .other_allow_any = other_allow_any,
346 .my_port = my_port,
347 .other_port = other_port,
348 .proposals = linked_list_create(),
349 );
350
351 return &this->public;
352 }