- partly documented
authorJan Hutter <jhutter@hsr.ch>
Tue, 22 Nov 2005 11:55:17 +0000 (11:55 -0000)
committerJan Hutter <jhutter@hsr.ch>
Tue, 22 Nov 2005 11:55:17 +0000 (11:55 -0000)
Source/charon/configuration_manager.c
Source/charon/configuration_manager.h

index df6f9af..75d613f 100644 (file)
@@ -27,6 +27,7 @@
 #include "configuration_manager.h"
 
 #include "types.h"
+#include "globals.h"
 #include "utils/allocator.h"
 #include "payloads/nonce_payload.h"
 #include "payloads/proposal_substructure.h"
@@ -45,29 +46,45 @@ struct private_configuration_manager_s {
         */
        configuration_manager_t public;
 
+       /**
+        * Assigned logger object 
+        */
+       logger_t *logger;
 };
 
+/**
+ * Implements function configuration_manager_t.get_remote_host .
+ */
 static status_t get_remote_host(private_configuration_manager_t *this, char *name, host_t **host)
 {
-       /* some hard coded users for testing */
+       /*
+        * For testing purposes, hard coded host informations are returned.
+        * 
+        * Further improvements could store them in a linked list or hash table
+        */
+
        host_t *remote;
-       if (strcmp(name, "pinflb30") == 0) {
+       status_t status = SUCCESS;
+       
+       if (strcmp(name, "pinflb30") == 0)
+       {
                remote = host_create(AF_INET, "152.96.193.131", 500);
-               if (remote == NULL) {
-                       return OUT_OF_RES;      
-               }
-               *host = remote;
-               return SUCCESS;
        }
-       else if (strcmp(name, "pinflb31") == 0) {
+       else if (strcmp(name, "pinflb31") == 0)
+       {
                remote = host_create(AF_INET, "152.96.193.131", 500);
-               if (remote == NULL) {
-                       return OUT_OF_RES;      
-               }
-               *host = remote;
-               return SUCCESS;
        }
-       return NOT_FOUND;
+       else
+       {
+               status = NOT_FOUND;
+       }
+       if ((status != NOT_FOUND) && (remote == NULL))
+       {
+               return OUT_OF_RES;      
+       }
+
+       *host = remote;
+       return status;
 }
        
 static status_t get_local_host(private_configuration_manager_t *this, char *name, host_t **host)
@@ -91,7 +108,7 @@ static status_t get_dh_group_number(private_configuration_manager_t *this,char *
        
 static status_t get_proposals_for_host(private_configuration_manager_t *this, host_t *host, linked_list_iterator_t *iterator)
 {
-       /* use a default proposal:
+       /* use a default IKE proposal:
         * - ENCR_AES_CBC 128Bit
         * - PRF_HMAC_SHA1 128Bit
         * - AUTH_HMAC_SHA1_96 96Bit
@@ -160,7 +177,7 @@ static status_t get_proposals_for_host(private_configuration_manager_t *this, ho
                return OUT_OF_RES;
        }
        transform->set_transform_type(transform, PSEUDO_RANDOM_FUNCTION);
-       transform->set_transform_id(transform, PRF_HMAC_MD5);
+       transform->set_transform_id(transform, PRF_HMAC_SHA1);
        
        attribute = transform_attribute_create();
        if (attribute == NULL)
@@ -175,7 +192,7 @@ static status_t get_proposals_for_host(private_configuration_manager_t *this, ho
                return OUT_OF_RES;
        }
        attribute->set_attribute_type(attribute, KEY_LENGTH);
-       attribute->set_value(attribute, 16);
+       attribute->set_value(attribute, 20);
 
        
        /* 
@@ -237,158 +254,148 @@ static status_t get_proposals_for_host(private_configuration_manager_t *this, ho
        
 static status_t select_proposals_for_host(private_configuration_manager_t *this, host_t *host, linked_list_iterator_t *in, linked_list_iterator_t *out)
 {
-       /* use a default proposal:
-        * - ENCR_AES_CBC 128Bit
-        * - PRF_HMAC_SHA1 128Bit
-        * - AUTH_HMAC_SHA1_96 96Bit
-        * - MODP_1024_BIT
-        */
-       proposal_substructure_t *proposal;
-       transform_substructure_t *transform;
-       transform_attribute_t *attribute;
        status_t status;
+       proposal_substructure_t *first_suggested_proposal;
+       proposal_substructure_t *selected_proposal;
        
-       proposal = proposal_substructure_create();
-       if (proposal == NULL)
+       /* select just first suggested proposal */
+
+       this->logger->log(this->logger,CONTROL | MORE, "Going to select first suggested proposal");
+       if (!in->has_next(in))
        {
-               return OUT_OF_RES;
+               this->logger->log(this->logger,ERROR | MORE, "No proposal suggested");
+               /* no suggested proposal! */
+               return FAILED;
        }
        
-       proposal->set_proposal_number(proposal, 1);
-       proposal->set_protocol_id(proposal, 1);
-       
-       /* 
-        * Encryption Algorithm 
-        */
-       transform = transform_substructure_create();
-       if (transform == NULL)
-       {
-               proposal->destroy(proposal);
-               return OUT_OF_RES;
-       }
-       status = proposal->add_transform_substructure(proposal, transform);
+       status = in->current(in,(void **) &first_suggested_proposal);
        if (status != SUCCESS)
        {
-               proposal->destroy(proposal);
-               return OUT_OF_RES;
+               this->logger->log(this->logger,ERROR, "Fatal error: could not get first proposal from iterator");
+               return status;  
        }
-       transform->set_transform_type(transform, ENCRYPTION_ALGORITHM);
-       transform->set_transform_id(transform, ENCR_AES_CBC);
-       
-       attribute = transform_attribute_create();
-       if (attribute == NULL)
-       {
-               proposal->destroy(proposal);
-               return OUT_OF_RES;
-       }
-       status = transform->add_transform_attribute(transform, attribute);
+       status = first_suggested_proposal->clone(first_suggested_proposal,&selected_proposal);
        if (status != SUCCESS)
        {
-               proposal->destroy(proposal);
-               return OUT_OF_RES;
+               this->logger->log(this->logger,ERROR, "Fatal error: could not clone proposal");
+               /* could not clone proposal */
+               return status;  
        }
-       attribute->set_attribute_type(attribute, KEY_LENGTH);
-       attribute->set_value(attribute, 16);
        
-       /* 
-        * Pseudo-random Function
-        */
-       transform = transform_substructure_create();
-       if (transform == NULL)
-       {
-               proposal->destroy(proposal);
-               return OUT_OF_RES;
-       }
-       status = proposal->add_transform_substructure(proposal, transform);
+       status = out->insert_after(out,selected_proposal);
        if (status != SUCCESS)
        {
-               proposal->destroy(proposal);
-               return OUT_OF_RES;
-       }
-       transform->set_transform_type(transform, PSEUDO_RANDOM_FUNCTION);
-       transform->set_transform_id(transform, PRF_HMAC_MD5);
-       
-       attribute = transform_attribute_create();
-       if (attribute == NULL)
-       {               
-               proposal->destroy(proposal);
-               return OUT_OF_RES;
-       }
-       status = transform->add_transform_attribute(transform, attribute);
-       if (status != SUCCESS)
-       {
-               proposal->destroy(proposal);
-               return OUT_OF_RES;
-       }
-       attribute->set_attribute_type(attribute, KEY_LENGTH);
-       attribute->set_value(attribute, 16);
+               this->logger->log(this->logger,ERROR, "Fatal error: could not insert selected proposal in out iterator");
+       }       
+       return status;
+}
 
-       
-       /* 
-        * Integrity Algorithm 
-        */
-       transform = transform_substructure_create();
-       if (transform == NULL)
+static status_t get_transforms_for_host_and_proposals (private_configuration_manager_t *this, host_t *host, linked_list_iterator_t *proposals,crypter_t **crypter,signer_t **signer, prf_t **prf)
+{
+       crypter_t *selected_crypter = NULL;
+       signer_t *selected_signer = NULL;
+       prf_t *selected_prf = NULL;
+       proposal_substructure_t *proposal;
+       linked_list_iterator_t *transforms;
+       status_t status;
+
+       this->logger->log(this->logger,ERROR, "Going to get transforms for given proposal");
+
+       if (!proposals->has_next(proposals))
        {
-               proposal->destroy(proposal);
-               return OUT_OF_RES;
+               this->logger->log(this->logger,ERROR | MORE, "No proposal available");
+               return FAILED;
        }
-       status = proposal->add_transform_substructure(proposal, transform);
+       
+       status = proposals->current(proposals,(void **) &(proposal));
        if (status != SUCCESS)
        {
-               proposal->destroy(proposal);
-               return OUT_OF_RES;
+               this->logger->log(this->logger,ERROR, "Fatal error: could not get first proposal from iterator");
+               return status;  
        }
-       transform->set_transform_type(transform, INTEGRITIY_ALGORITHM);
-       transform->set_transform_id(transform, AUTH_HMAC_MD5_96);
        
-       attribute = transform_attribute_create();
-       if (attribute == NULL)
-       {               
-               proposal->destroy(proposal);
-               return OUT_OF_RES;
-       }
-       status = transform->add_transform_attribute(transform, attribute);
+       status = proposal->create_transform_substructure_iterator(proposal,&transforms,TRUE);
        if (status != SUCCESS)
        {
-               proposal->destroy(proposal);
-               return OUT_OF_RES;
+               this->logger->log(this->logger,ERROR, "Fatal error: could not create iterator of transforms");
+               return status;  
        }
-       attribute->set_attribute_type(attribute, KEY_LENGTH);
-       attribute->set_value(attribute, 16);
-       
-       
-    /* 
-     * Diffie-Hellman Group 
-     */
-       transform = transform_substructure_create();
-       if (transform == NULL)
-       {
-               proposal->destroy(proposal);
-               return OUT_OF_RES;
-       }
-       status = proposal->add_transform_substructure(proposal, transform);
-       if (status != SUCCESS)
+       
+       while (transforms->has_next(transforms))
        {
-               proposal->destroy(proposal);
-               return OUT_OF_RES;
+               transform_substructure_t *current_transform;
+               transform_type_t transform_type;
+               u_int16_t transform_id;
+               
+               status = transforms->current(transforms,(void **) &(current_transform));
+               if (status != SUCCESS)
+               {
+                       this->logger->log(this->logger,ERROR, "Fatal error: could not get current transform substructure object");
+                       transforms->destroy(transforms);        
+                       return status;  
+               }
+               
+               transform_type = current_transform->get_transform_type(current_transform);
+               transform_id = current_transform->get_transform_id(current_transform);
+               
+               this->logger->log(this->logger,CONTROL | MOST, "Going to process transform of type %s",mapping_find(transform_type_m,transform_type));
+               switch (transform_type)
+               {
+                       case ENCRYPTION_ALGORITHM:
+                       {
+                               this->logger->log(this->logger,CONTROL | MORE, "Encryption algorithm: %s",mapping_find(encryption_algorithm_m,transform_id));   
+                               break;
+                       }
+                       case     PSEUDO_RANDOM_FUNCTION:
+                       {
+                               this->logger->log(this->logger,CONTROL | MORE, "Create transform object for PRF of type %s",mapping_find(pseudo_random_function_m,transform_id));
+
+                               selected_prf = prf_create(transform_id);
+                               if (selected_prf == NULL)
+                               {
+                                       this->logger->log(this->logger,ERROR  | MORE, "PRF not supported!");
+                                       transforms->destroy(transforms);        
+                                       return FAILED;
+                               }
+                               break;
+                       }
+                       case INTEGRITIY_ALGORITHM:
+                       {
+                               this->logger->log(this->logger,CONTROL | MORE, "Integrity algorithm: %s",mapping_find(integrity_algorithm_m,transform_id));
+                               break;
+                       }
+                       case DIFFIE_HELLMAN_GROUP:
+                       {
+                               this->logger->log(this->logger,CONTROL | MORE, "DH Group: %s",mapping_find(diffie_hellman_group_m,transform_id));
+                               break;
+                       }
+                       default:
+                       {
+                               this->logger->log(this->logger,ERROR  | MORE, "Transform type not supported!");
+                               transforms->destroy(transforms);        
+                               return FAILED;
+                       }       
+               }
        }
-       transform->set_transform_type(transform, DIFFIE_HELLMAN_GROUP);
-       transform->set_transform_id(transform, MODP_1024_BIT);
        
-       out->insert_after(out, (void*)proposal);
+       transforms->destroy(transforms);
+
+       *crypter = selected_crypter;
+       *signer = selected_signer;
+       *prf = selected_prf;
        
        return SUCCESS;
 }
 
 static status_t is_dh_group_allowed_for_host(private_configuration_manager_t *this, host_t *host, diffie_hellman_group_t group, bool *allowed)
 {
-       if (group == MODP_768_BIT ||
-               group == MODP_1024_BIT)
+       if (group == MODP_768_BIT || group == MODP_1024_BIT)
        {
                *allowed = TRUE;                
        }
        *allowed = FALSE;
+       
+       this->logger->log(this->logger,CONTROL | MORE, "DH group %s is %s",mapping_find(diffie_hellman_group_m, group),(allowed)? "allowed" : "not allowed");
        return SUCCESS;
 }
 
@@ -399,6 +406,10 @@ static status_t is_dh_group_allowed_for_host(private_configuration_manager_t *th
  */
 static status_t destroy(private_configuration_manager_t *this)
 {
+       this->logger->log(this->logger,CONTROL | MORE, "Going to destroy configuration manager ");
+       
+       this->logger->log(this->logger,CONTROL | MOST, "Destroy assigned logger");
+       global_logger_manager->destroy_logger(global_logger_manager,this->logger);
        allocator_free(this);
        return SUCCESS;
 }
@@ -409,6 +420,7 @@ static status_t destroy(private_configuration_manager_t *this)
 configuration_manager_t *configuration_manager_create()
 {
        private_configuration_manager_t *this = allocator_alloc_thing(private_configuration_manager_t);
+       
        if (this == NULL)
        {
                return NULL;
@@ -421,7 +433,17 @@ configuration_manager_t *configuration_manager_create()
        this->public.get_dh_group_number = (status_t(*)(configuration_manager_t*,char*,u_int16_t *, u_int16_t))get_dh_group_number;
        this->public.get_proposals_for_host = (status_t(*)(configuration_manager_t*,host_t*,linked_list_iterator_t*))get_proposals_for_host;
        this->public.select_proposals_for_host = (status_t(*)(configuration_manager_t*,host_t*,linked_list_iterator_t*,linked_list_iterator_t*))select_proposals_for_host;
+       this->public.get_transforms_for_host_and_proposals =  (status_t (*) (configuration_manager_t *, host_t *, linked_list_iterator_t *,crypter_t **,signer_t **, prf_t **)) get_transforms_for_host_and_proposals;
        this->public.is_dh_group_allowed_for_host = (status_t(*)(configuration_manager_t*,host_t*,diffie_hellman_group_t,bool*)) is_dh_group_allowed_for_host;
 
+       /* private variables */
+       this->logger = global_logger_manager->create_logger(global_logger_manager,CONFIGURATION_MANAGER,NULL);
+
+       if (this->logger == NULL)
+       {
+               allocator_free(this);
+               return NULL;
+       }
+
        return (&this->public);
 }
index af3f534..07cdef5 100644 (file)
@@ -27,6 +27,9 @@
 #include "utils/linked_list.h"
 #include "utils/host.h"
 #include "payloads/transform_substructure.h"
+#include "transforms/prfs/prf.h"
+#include "transforms/signers/signer.h"
+#include "transforms/crypters/crypter.h"
 
 /**
  * @brief Manages all configuration aspects of the daemon.
@@ -36,6 +39,18 @@ typedef struct configuration_manager_s configuration_manager_t;
 
 struct configuration_manager_s { 
        
+       /**
+        * Gets the remote host informations for a specific configuration name
+        * 
+        * @param this  calling object
+        * @param name  name of the configuration
+        * @param host  remote host informations are stored at this location
+        * 
+        * @return              
+        *                              - NOT_FOUND
+        *                              - SUCCESS
+        *                              - OUT_OF_RES
+        */
        status_t (*get_remote_host) (configuration_manager_t *this, char *name, host_t **host);
        
        status_t (*get_local_host) (configuration_manager_t *this, char *name, host_t **host);
@@ -46,6 +61,8 @@ struct configuration_manager_s {
        
        status_t (*select_proposals_for_host) (configuration_manager_t *this, host_t *host, linked_list_iterator_t *in, linked_list_iterator_t *out);
        
+       status_t (*get_transforms_for_host_and_proposals) (configuration_manager_t *this, host_t *host, linked_list_iterator_t *proposals,crypter_t **crypter,signer_t **signer, prf_t **prf);
+       
        status_t (*is_dh_group_allowed_for_host) (configuration_manager_t *this, host_t *host, diffie_hellman_group_t group, bool *allowed);
        
        status_t (*destroy) (configuration_manager_t *this);