- function to get dh_group_number added
[strongswan.git] / Source / charon / configuration_manager.c
index 61dd7e9..a0510bf 100644 (file)
 
 #include "types.h"
 #include "utils/allocator.h"
+#include "payloads/nonce_payload.h"
+#include "payloads/proposal_substructure.h"
+#include "payloads/ke_payload.h"
+#include "payloads/transform_attribute.h"
 
 /**
  * Private data of an configuration_t object
@@ -48,17 +52,19 @@ static status_t get_remote_host(private_configuration_manager_t *this, char *nam
        /* some hard coded users for testing */
        host_t *remote;
        if (strcmp(name, "pinflb30") == 0) {
-               remote = host_create(AF_INET, "152.96.193.130", 4500);
+               remote = host_create(AF_INET, "152.96.193.130", 500);
                if (remote == NULL) {
                        return OUT_OF_RES;      
                }
+               *host = remote;
                return SUCCESS;
        }
        else if (strcmp(name, "pinflb31") == 0) {
-               remote = host_create(AF_INET, "152.96.193.131", 4500);
+               remote = host_create(AF_INET, "152.96.193.131", 500);
                if (remote == NULL) {
                        return OUT_OF_RES;      
                }
+               *host = remote;
                return SUCCESS;
        }
        return NOT_FOUND;
@@ -68,7 +74,7 @@ static status_t get_local_host(private_configuration_manager_t *this, char *name
 {
        /* use default route for now */
        host_t *local;
-       local = host_create(AF_INET, "0.0.0.0", 4500);
+       local = host_create(AF_INET, "0.0.0.0", 0);
        if (local == NULL)
        {
                return OUT_OF_RES;      
@@ -76,17 +82,178 @@ static status_t get_local_host(private_configuration_manager_t *this, char *name
        *host = local;
        return SUCCESS;
 }
+
+static status_t get_dh_group_number(private_configuration_manager_t *this,char *name, u_int16_t *dh_group_number, u_int16_t priority)
+{
+       *dh_group_number = MODP_1024_BIT;
+       return SUCCESS;
+}
        
-static status_t get_proposals_for_host(private_configuration_manager_t *this, host_t *host, linked_list_iterator_t *list)
+static status_t get_proposals_for_host(private_configuration_manager_t *this, host_t *host, linked_list_iterator_t *iterator)
 {
-       return FAILED;
+       /* use a default proposal:
+        * - ENCR_AES_CBC 128Bit
+        * - PRF_HMAC_SHA1 128Bit
+        * - AUTH_HMAC_SHA1_96 96Bit
+        * - MODP_1024_BIT
+        */
+       proposal_substructure_t *proposal;
+       transform_substructure_t *transform;
+       transform_attribute_t *attribute;
+       status_t status;
+       
+       proposal = proposal_substructure_create();
+       if (proposal == NULL)
+       {
+               return OUT_OF_RES;
+       }
+       
+       /* 
+        * Encryption Algorithm 
+        */
+       transform = transform_substructure_create();
+       if (transform == NULL)
+       {
+               proposal->destroy(proposal);
+               return OUT_OF_RES;
+       }
+       status = proposal->add_transform_substructure(proposal, transform);
+       if (status != SUCCESS)
+       {
+               proposal->destroy(proposal);
+               return OUT_OF_RES;
+       }
+       transform->set_is_last_transform(transform, FALSE);
+       transform->set_transform_type(transform, ENCRYPTION_ALGORITHM);
+       transform->set_transform_id(transform, ENCR_AES_CBC);
+       
+       attribute = transform_attribute_create();
+       if (attribute == NULL)
+       {
+               proposal->destroy(proposal);
+               return OUT_OF_RES;
+       }
+       status = transform->add_transform_attribute(transform, attribute);
+       if (status != SUCCESS)
+       {
+               proposal->destroy(proposal);
+               return OUT_OF_RES;
+       }
+       attribute->set_attribute_type(attribute, KEY_LENGTH);
+       attribute->set_value(attribute, 16);
+       
+       /* 
+        * Pseudo-random Function
+        */
+       transform = transform_substructure_create();
+       if (transform == NULL)
+       {
+               proposal->destroy(proposal);
+               return OUT_OF_RES;
+       }
+       status = proposal->add_transform_substructure(proposal, transform);
+       if (status != SUCCESS)
+       {
+               proposal->destroy(proposal);
+               return OUT_OF_RES;
+       }
+       transform->set_is_last_transform(transform, FALSE);
+       transform->set_transform_type(transform, PSEUDO_RANDOM_FUNCTION);
+       transform->set_transform_id(transform, PRF_HMAC_SHA1);
+       
+       attribute = transform_attribute_create();
+       if (attribute == NULL)
+       {               
+               proposal->destroy(proposal);
+               return OUT_OF_RES;
+       }
+       status = transform->add_transform_attribute(transform, attribute);
+       if (status != SUCCESS)
+       {
+               proposal->destroy(proposal);
+               return OUT_OF_RES;
+       }
+       attribute->set_attribute_type(attribute, KEY_LENGTH);
+       attribute->set_value(attribute, 16);
+
+       
+       /* 
+        * Integrity Algorithm 
+        */
+       transform = transform_substructure_create();
+       if (transform == NULL)
+       {
+               proposal->destroy(proposal);
+               return OUT_OF_RES;
+       }
+       status = proposal->add_transform_substructure(proposal, transform);
+       if (status != SUCCESS)
+       {
+               proposal->destroy(proposal);
+               return OUT_OF_RES;
+       }
+       transform->set_is_last_transform(transform, FALSE);
+       transform->set_transform_type(transform, INTEGRITIY_ALGORITHM);
+       transform->set_transform_id(transform, AUTH_HMAC_SHA1_96);
+       
+       attribute = transform_attribute_create();
+       if (attribute == NULL)
+       {               
+               proposal->destroy(proposal);
+               return OUT_OF_RES;
+       }
+       status = transform->add_transform_attribute(transform, attribute);
+       if (status != SUCCESS)
+       {
+               proposal->destroy(proposal);
+               return OUT_OF_RES;
+       }
+       attribute->set_attribute_type(attribute, KEY_LENGTH);
+       attribute->set_value(attribute, 12);
+       
+       
+    /* 
+     * Diffie-Hellman Group 
+     */
+       transform = transform_substructure_create();
+       if (transform == NULL)
+       {
+               proposal->destroy(proposal);
+               return OUT_OF_RES;
+       }
+       status = proposal->add_transform_substructure(proposal, transform);
+       if (status != SUCCESS)
+       {
+               proposal->destroy(proposal);
+               return OUT_OF_RES;
+       }
+       transform->set_is_last_transform(transform, FALSE);
+       transform->set_transform_type(transform, DIFFIE_HELLMAN_GROUP);
+       transform->set_transform_id(transform, MODP_1024_BIT);
+       
+       iterator->insert_after(iterator, (void*)proposal);
+       
+       return SUCCESS;
 }
        
 static status_t select_proposals_for_host(private_configuration_manager_t *this, host_t *host, linked_list_iterator_t *in, linked_list_iterator_t *out)
 {
+       
+       
        return FAILED;
 }
 
+static status_t is_dh_group_allowed_for_host(private_configuration_manager_t *this, host_t *host, diffie_hellman_group_t group, bool *allowed)
+{
+       if (group == MODP_768_BIT ||
+               group == MODP_1024_BIT)
+       {
+               *allowed = TRUE;                
+       }
+       *allowed = FALSE;
+       return SUCCESS;
+}
+
 
 /**
  * Implements function destroy of configuration_t.
@@ -113,9 +280,10 @@ configuration_manager_t *configuration_manager_create()
        this->public.destroy = (status_t(*)(configuration_manager_t*))destroy;
        this->public.get_remote_host = (status_t(*)(configuration_manager_t*,char*,host_t**))get_remote_host;
        this->public.get_local_host = (status_t(*)(configuration_manager_t*,char*,host_t**))get_local_host;
+       this->public.get_dh_group_number = (status_t(*)(configuration_manager_t*,char*,u_int16_t *, u_int16_t))get_dh_group_number;
        this->public.get_proposals_for_host = (status_t(*)(configuration_manager_t*,host_t*,linked_list_iterator_t*))get_proposals_for_host;
        this->public.select_proposals_for_host = (status_t(*)(configuration_manager_t*,host_t*,linked_list_iterator_t*,linked_list_iterator_t*))select_proposals_for_host;
-       
+       this->public.is_dh_group_allowed_for_host = (status_t(*)(configuration_manager_t*,host_t*,diffie_hellman_group_t,bool*)) is_dh_group_allowed_for_host;
 
        return (&this->public);
 }