- dead end implementation
authorMartin Willi <martin@strongswan.org>
Mon, 6 Feb 2006 14:05:35 +0000 (14:05 -0000)
committerMartin Willi <martin@strongswan.org>
Mon, 6 Feb 2006 14:05:35 +0000 (14:05 -0000)
13 files changed:
Source/charon/config/Makefile.config
Source/charon/config/configuration_manager.c
Source/charon/config/sa_config.c
Source/charon/config/sa_config.h
Source/charon/encoding/payloads/proposal_substructure.c
Source/charon/encoding/payloads/proposal_substructure.h
Source/charon/encoding/payloads/sa_payload.c
Source/charon/encoding/payloads/sa_payload.h
Source/charon/encoding/payloads/transform_substructure.c
Source/charon/encoding/payloads/transform_substructure.h
Source/charon/testcases/kernel_interface_test.c
Source/charon/testcases/testcases.c
Source/charon/threads/kernel_interface.h

index 8076e43..7ca46d1 100644 (file)
@@ -30,3 +30,7 @@ $(BUILD_DIR)sa_config.o :                                     $(CONFIG_DIR)sa_config.c $(CONFIG_DIR)sa_config.h
 OBJS+= $(BUILD_DIR)traffic_selector.o
 $(BUILD_DIR)traffic_selector.o :                       $(CONFIG_DIR)traffic_selector.c $(CONFIG_DIR)traffic_selector.h
                                                                                        $(CC) $(CFLAGS) -c -o $@ $<
+
+OBJS+= $(BUILD_DIR)child_proposal.o
+$(BUILD_DIR)child_proposal.o :                         $(CONFIG_DIR)child_proposal.c $(CONFIG_DIR)child_proposal.h
+                                                                                       $(CC) $(CFLAGS) -c -o $@ $<
index 4e9cdc5..f4873fa 100644 (file)
@@ -274,16 +274,17 @@ u_int8_t private_key_2[];
  */
 static void load_default_config (private_configuration_manager_t *this)
 {
-       init_config_t *init_config1, *init_config2, *init_config3, *init_config4;
+       init_config_t *init_config1, *init_config2, *init_config3, *init_config4, *init_config5;
        ike_proposal_t proposals[4];
-       child_proposal_t child_proposals[1];
-       sa_config_t *sa_config1, *sa_config2, *sa_config3, *sa_config4;
+       child_proposal_t *child_proposal;
+       sa_config_t *sa_config1, *sa_config2, *sa_config3, *sa_config4, *sa_config5;
        traffic_selector_t *ts;
        
-       init_config1 = init_config_create("0.0.0.0","152.96.193.131",IKEV2_UDP_PORT,IKEV2_UDP_PORT);
-       init_config2 = init_config_create("0.0.0.0","152.96.193.130",IKEV2_UDP_PORT,IKEV2_UDP_PORT);
+       init_config1 = init_config_create("0.0.0.0","192.168.1.1",IKEV2_UDP_PORT,IKEV2_UDP_PORT);
+       init_config2 = init_config_create("0.0.0.0","192.168.1.2",IKEV2_UDP_PORT,IKEV2_UDP_PORT);
        init_config3 = init_config_create("0.0.0.0","127.0.0.1",IKEV2_UDP_PORT,IKEV2_UDP_PORT);
        init_config4 = init_config_create("0.0.0.0","127.0.0.1",IKEV2_UDP_PORT,IKEV2_UDP_PORT);
+       init_config5 = init_config_create("0.0.0.0","192.168.1.2",IKEV2_UDP_PORT,IKEV2_UDP_PORT);
        ts = traffic_selector_create_from_string(1, TS_IPV4_ADDR_RANGE, "0.0.0.0", 0, "255.255.255.255", 65535);
        
 
@@ -316,25 +317,27 @@ static void load_default_config (private_configuration_manager_t *this)
        init_config3->add_proposal(init_config3,1,proposals[0]);
        init_config4->add_proposal(init_config4,1,proposals[3]);
        init_config4->add_proposal(init_config4,1,proposals[2]);
+       init_config5->add_proposal(init_config5,1,proposals[3]);
+       init_config5->add_proposal(init_config5,1,proposals[2]);
        
-       sa_config1 = sa_config_create(ID_IPV4_ADDR, "152.96.193.130", 
-                                                                 ID_IPV4_ADDR, "152.96.193.131",
+       sa_config1 = sa_config_create(ID_IPV4_ADDR, "192.168.1.2", 
+                                                                 ID_IPV4_ADDR, "192.168.1.1",
                                                                  SHARED_KEY_MESSAGE_INTEGRITY_CODE,
                                                                  30000);
                                                                  
        sa_config1->add_traffic_selector_initiator(sa_config1,ts);
        sa_config1->add_traffic_selector_responder(sa_config1,ts);
 
-       sa_config2 = sa_config_create(ID_IPV4_ADDR, "152.96.193.131", 
-                                                                 ID_IPV4_ADDR, "152.96.193.130",
+       sa_config2 = sa_config_create(ID_IPV4_ADDR, "192.168.1.1", 
+                                                                 ID_IPV4_ADDR, "192.168.1.2",
                                                                  SHARED_KEY_MESSAGE_INTEGRITY_CODE,
                                                                  30000);
 
        sa_config2->add_traffic_selector_initiator(sa_config2,ts);
        sa_config2->add_traffic_selector_responder(sa_config2,ts);
                                                                  
-       sa_config3 = sa_config_create(ID_IPV4_ADDR, "127.0.0.1", 
-                                                                 ID_IPV4_ADDR, "127.0.0.1",
+       sa_config3 = sa_config_create(ID_IPV4_ADDR, "192.168.1.1", 
+                                                                 ID_IPV4_ADDR, "192.168.1.2",
                                                                  SHARED_KEY_MESSAGE_INTEGRITY_CODE,
                                                                  30000);
 
@@ -349,46 +352,48 @@ static void load_default_config (private_configuration_manager_t *this)
        sa_config4->add_traffic_selector_initiator(sa_config4,ts);
        sa_config4->add_traffic_selector_responder(sa_config4,ts);
        
+       sa_config5 = sa_config_create(ID_IPV4_ADDR, "192.168.1.1", 
+                                                                 ID_IPV4_ADDR, "192.168.1.2",
+                                                                 RSA_DIGITAL_SIGNATURE,
+                                                                 30000);
+
+       sa_config5->add_traffic_selector_initiator(sa_config5,ts);
+       sa_config5->add_traffic_selector_responder(sa_config5,ts);
+       
        ts->destroy(ts);
        
        /* ah and esp prop */
-       child_proposals[0].ah.is_set = FALSE;
-       child_proposals[0].ah.integrity_algorithm = AUTH_HMAC_SHA1_96;
-       child_proposals[0].ah.integrity_algorithm_key_size = 20;
-       child_proposals[0].ah.diffie_hellman_group = MODP_1024_BIT;
-       child_proposals[0].ah.extended_sequence_numbers = NO_EXT_SEQ_NUMBERS;
-
-       child_proposals[0].esp.is_set = TRUE;
-       child_proposals[0].esp.diffie_hellman_group = MODP_UNDEFINED;
-       child_proposals[0].esp.encryption_algorithm = ENCR_AES_CBC;
-       child_proposals[0].esp.encryption_algorithm_key_size = 16;
-       child_proposals[0].esp.integrity_algorithm = AUTH_HMAC_SHA1_96;
-       child_proposals[0].esp.integrity_algorithm_key_size = 20;
-       child_proposals[0].esp.extended_sequence_numbers = NO_EXT_SEQ_NUMBERS;
-       child_proposals[0].esp.spi[0] = 2;
-       child_proposals[0].esp.spi[1] = 2;
-       child_proposals[0].esp.spi[2] = 2;
-       child_proposals[0].esp.spi[3] = 2;
-       
-       sa_config1->add_proposal(sa_config1, &child_proposals[0]);
-       sa_config2->add_proposal(sa_config2, &child_proposals[0]);
-       sa_config3->add_proposal(sa_config3, &child_proposals[0]);
-
-       this->add_new_configuration(this,"pinflb31",init_config1,sa_config1);
-       this->add_new_configuration(this,"pinflb30",init_config2,sa_config2);
+       child_proposal->add_algorithm(child_proposal, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
+       child_proposal->add_algorithm(child_proposal, AH, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
+       child_proposal->add_algorithm(child_proposal, AH, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
+
+       child_proposal->add_algorithm(child_proposal, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
+       child_proposal->add_algorithm(child_proposal, ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
+       child_proposal->add_algorithm(child_proposal, ESP, DIFFIE_HELLMAN_GROUP, MODP_UNDEFINED, 0);
+       child_proposal->add_algorithm(child_proposal, ESP, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
+       
+       sa_config1->add_proposal(sa_config1, child_proposal);
+       sa_config2->add_proposal(sa_config2, child_proposal);
+       sa_config3->add_proposal(sa_config3, child_proposal);
+       sa_config5->add_proposal(sa_config5, child_proposal);
+
+       this->add_new_configuration(this,"jan",init_config1,sa_config1);
+       this->add_new_configuration(this,"martin",init_config2,sa_config2);
        this->add_new_configuration(this,"localhost-shared",init_config3,sa_config3);
        this->add_new_configuration(this,"localhost-rsa",init_config3,sa_config4);
        this->add_new_configuration(this,"localhost-bad_dh_group",init_config4, sa_config3);
+       this->add_new_configuration(this,"martin-bad_dh_group",init_config5, sa_config3);
+       this->add_new_configuration(this,"martin-rsa",init_config2, sa_config5);
        
 
-       this->add_new_preshared_secret(this,ID_IPV4_ADDR, "152.96.193.130","verschluesselt");
-       this->add_new_preshared_secret(this,ID_IPV4_ADDR, "152.96.193.131","verschluesselt");
+       this->add_new_preshared_secret(this,ID_IPV4_ADDR, "192.168.1.2","verschluesselt");
+       this->add_new_preshared_secret(this,ID_IPV4_ADDR, "192.168.1.1","verschluesselt");
        this->add_new_preshared_secret(this,ID_IPV4_ADDR, "127.0.0.1","verschluesselt");
        
        this->add_new_rsa_public_key(this,ID_IPV4_ADDR, "127.0.0.1", public_key_1, 256);
-       this->add_new_rsa_public_key(this,ID_IPV4_ADDR, "152.96.193.131", public_key_2, 256);
+       this->add_new_rsa_public_key(this,ID_IPV4_ADDR, "192.168.1.1", public_key_2, 256);
        this->add_new_rsa_private_key(this,ID_IPV4_ADDR, "127.0.0.1", private_key_1, 1024);
-       this->add_new_rsa_private_key(this,ID_IPV4_ADDR, "152.96.193.131", private_key_2, 1024);
+       this->add_new_rsa_private_key(this,ID_IPV4_ADDR, "192.168.1.1", private_key_2, 1024);
 }
 
 /**
index 1009c84..1a21d0f 100644 (file)
@@ -75,11 +75,6 @@ struct private_sa_config_t {
        linked_list_t *ts_responder;
 
        /**
-        * compare two proposals for equality
-        */
-       bool (*proposal_equals) (private_sa_config_t *this, child_proposal_t *first, child_proposal_t *second);
-
-       /**
         * get_traffic_selectors for both
         */
        size_t (*get_traffic_selectors) (private_sa_config_t *,linked_list_t*,traffic_selector_t**[]);
@@ -211,167 +206,49 @@ static size_t select_traffic_selectors(private_sa_config_t *this, linked_list_t
 }
 
 /**
- * Implementation of sa_config_t.get_proposals
+ * Implementation of sa_config_t.get_proposal_iterator
  */
-static size_t get_proposals(private_sa_config_t *this, u_int8_t ah_spi[4], u_int8_t esp_spi[4], child_proposal_t **proposals)
+static iterator_t *create_proposal_iterator(private_sa_config_t *this)
 {
-       iterator_t *iterator;
-       child_proposal_t *current_proposal;
-       int counter = 0;
-       *proposals = allocator_alloc(sizeof(child_proposal_t) * this->proposals->get_count(this->proposals));
-       
-       /* copy all proposals from the list in an array */
-       iterator = this->proposals->create_iterator(this->proposals, TRUE);
-       while (iterator->has_next(iterator))
-       {
-               child_proposal_t *new_proposal = (*proposals) + counter;
-               iterator->current(iterator, (void**)&current_proposal);
-               *new_proposal = *current_proposal;
-               memcpy(new_proposal->ah.spi, ah_spi, 4);
-               memcpy(new_proposal->ah.spi, esp_spi, 4);
-               counter++;
-       }
-       iterator->destroy(iterator);
-       return counter; 
+       return this->proposals->create_iterator(this->proposals, TRUE);
 }
 
 /**
  * Implementation of sa_config_t.select_proposal
  */
-static child_proposal_t *select_proposal(private_sa_config_t *this, u_int8_t ah_spi[4], u_int8_t esp_spi[4], child_proposal_t *supplied, size_t count)
+static child_proposal_t *select_proposal(private_sa_config_t *this, linked_list_t *proposals)
 {
-       iterator_t *iterator;
-       child_proposal_t *current_proposal, *selected_proposal;
-       int i;
-/*     logger_t *logger = logger_create("SA Config",FULL,FALSE,stdout); */
+       iterator_t *stored_iter, *supplied_iter;
+       child_proposal_t *stored, *supplied, *selected;
        
+       stored_iter = this->proposals->create_iterator(this->proposals, TRUE);
+       supplied_iter = proposals->create_iterator(proposals, TRUE);
        
-       /* iterate over all stored proposals */
-       iterator = this->proposals->create_iterator(this->proposals, TRUE);
-       while (iterator->has_next(iterator))
+       /* compare all stored proposals with all supplied. Stored ones are preferred. */
+       while (stored_iter->has_next(stored_iter))
        {
-               iterator->current(iterator, (void**)&current_proposal);
-       /*      
-               logger->log(logger,FULL,"ESP integrity algorithm: %s, keylength: %d", mapping_find(integrity_algorithm_m,current_proposal->esp.integrity_algorithm),current_proposal->esp.integrity_algorithm_key_size);
-               logger->log(logger,FULL,"ESP diffie_hellman_group: %s", mapping_find(diffie_hellman_group_m,current_proposal->esp.diffie_hellman_group));
-               logger->log(logger,FULL,"ESP extended_sequence_numbers: %s", mapping_find(extended_sequence_numbers_m,current_proposal->esp.extended_sequence_numbers));
-               logger->log(logger,FULL,"ESP encryption_algorithm: %s keylength: %d", mapping_find(encryption_algorithm_m,current_proposal->esp.encryption_algorithm),current_proposal->esp.encryption_algorithm_key_size);
-*/
-               
-               
-               /* copy and break if a proposal matches */
-               for (i = 0; i < count; i++)
-               {
-/*                     if (supplied[i].esp.is_set)
-                       {
-                               logger->log(logger,FULL,"ESP integrity algorithm: %s, keylength: %d", mapping_find(integrity_algorithm_m,supplied[i].esp.integrity_algorithm),supplied[i].esp.integrity_algorithm_key_size);
-                               logger->log(logger,FULL,"ESP diffie_hellman_group: %s", mapping_find(diffie_hellman_group_m,supplied[i].esp.diffie_hellman_group));
-                               logger->log(logger,FULL,"ESP extended_sequence_numbers: %s", mapping_find(extended_sequence_numbers_m,supplied[i].esp.extended_sequence_numbers));
-                               logger->log(logger,FULL,"ESP encryption_algorithm: %s keylength: %d", mapping_find(encryption_algorithm_m,supplied[i].esp.encryption_algorithm),supplied[i].esp.encryption_algorithm_key_size);
-                       }
+               supplied_iter->reset(supplied_iter);
+               stored_iter->current(stored_iter, (void**)&stored);
 
-                       if (supplied[i].ah.is_set)
-                       {
-                               logger->log(logger,FULL,"AH integrity algorithm: %s, keylength: %d", mapping_find(integrity_algorithm_m,supplied[i].ah.integrity_algorithm),supplied[i].ah.integrity_algorithm_key_size);
-                               logger->log(logger,FULL,"AH diffie_hellman_group: %s", mapping_find(diffie_hellman_group_m,supplied[i].ah.diffie_hellman_group));
-                               logger->log(logger,FULL,"AH extended_sequence_numbers: %s", mapping_find(extended_sequence_numbers_m,supplied[i].ah.extended_sequence_numbers));
-                       }*/
-               
-                       
-                       if (this->proposal_equals(this, &(supplied[i]), current_proposal))
+               while (supplied_iter->has_next(supplied_iter))
+               {
+                       supplied_iter->current(supplied_iter, (void**)&supplied);
+                       selected = stored->select(stored, supplied);
+                       if (selected)
                        {
-                               selected_proposal = allocator_alloc(sizeof(child_proposal_t));
-                               *selected_proposal = *current_proposal;
-                               memcpy(selected_proposal->ah.spi, ah_spi, 4);
-                               memcpy(selected_proposal->ah.spi, esp_spi, 4);
-/*                             logger->destroy(logger);*/
-                               iterator->destroy(iterator);
-                               return selected_proposal;
+                               /* they match, return */
+                               stored_iter->destroy(stored_iter);
+                               supplied_iter->destroy(supplied_iter);
+                               return selected;
                        }
                }
        }
-       iterator->destroy(iterator);
-       
-/*     logger->destroy(logger); */
-       return NULL;
-}
-
-
-/**
- * Implementation of private_sa_config_t.proposal_equals
- */
-static bool proposal_equals(private_sa_config_t *this, child_proposal_t *first, child_proposal_t *second)
-{
-       /* 
-        *      Proto ? Mandatory ? Optional
-        *  -----------------------------------
-        *  ESP   ? ENCR      ? INTEG, D-H, ESN
-     *  AH    ? INTEG     ? D-H, ESN
-     */
        
-       /* equality defaults to false, so return is FALSE if ah and esp not set */
-       bool equal = FALSE;
+       /* no proposal match :-(, will result in a NO_PROPOSAL_CHOSEN... */
+       stored_iter->destroy(stored_iter);
+       supplied_iter->destroy(supplied_iter);
        
-       /* check ah, if set */
-       if (first->ah.is_set && second->ah.is_set)
-       {
-               /* integrity alg is mandatory, with key size */
-               if ((first->ah.integrity_algorithm == second->ah.integrity_algorithm) &&
-                       (first->ah.integrity_algorithm_key_size == second->ah.integrity_algorithm_key_size))
-               {
-                       /* dh group is optional, but must be NOT_SET when not set */
-                       if      (first->ah.diffie_hellman_group != second->ah.diffie_hellman_group)
-                       {
-                               return FALSE;
-                       }
-                       /* sequence numbers is optional, but must be NOT_SET when not set */
-                       if (first->ah.extended_sequence_numbers != second->ah.extended_sequence_numbers)
-                       {
-                               return FALSE;
-                       }
-                       /* all checked, ah seems ok */
-                       equal = TRUE;   
-               }
-               else
-               {
-                       return FALSE;   
-               }
-       }
-       /* check esp, if set */
-       if (first->esp.is_set && second->esp.is_set)
-       {
-               /* encryption alg is mandatory, with key size */
-               if ((first->esp.encryption_algorithm == second->esp.encryption_algorithm) &&
-                       (first->esp.encryption_algorithm_key_size == second->esp.encryption_algorithm_key_size))
-               {
-                       /* int alg is optional, check key only when not NOT_SET */
-                       if (first->esp.integrity_algorithm != second->esp.integrity_algorithm)
-                       {
-                               return FALSE;   
-                       }
-                       if ((first->esp.integrity_algorithm != AUTH_UNDEFINED) &&
-                               (first->esp.integrity_algorithm_key_size != second->esp.integrity_algorithm_key_size))
-                       {
-                               return FALSE;   
-                       }
-                       /* dh group is optional, but must be NOT_SET when not set */
-                       if (first->esp.diffie_hellman_group != second->esp.diffie_hellman_group)
-                       {
-                               return FALSE;   
-                       }
-                       if (first->esp.extended_sequence_numbers != second->esp.extended_sequence_numbers)
-                       {
-                               return FALSE;   
-                       }
-                       /* all checked, esp seems ok */
-                       equal = TRUE;
-               }
-               else
-               {
-                       return FALSE;   
-               }
-       }
-       return equal;
+       return NULL;
 }
 
 /**
@@ -397,10 +274,7 @@ static void add_traffic_selector_responder(private_sa_config_t *this, traffic_se
  */
 static void add_proposal(private_sa_config_t *this, child_proposal_t *proposal)
 {
-       /* clone proposal, and add*/
-       child_proposal_t *new_proposal = allocator_alloc_thing(child_proposal_t);
-       *new_proposal = *proposal;
-       this->proposals->insert_last(this->proposals, (void*)new_proposal);
+       this->proposals->insert_last(this->proposals, (void*)proposal);
 }
 
 /**
@@ -416,7 +290,7 @@ static status_t destroy(private_sa_config_t *this)
        while(this->proposals->get_count(this->proposals) > 0)
        {
                this->proposals->remove_last(this->proposals, (void**)&proposal);
-               allocator_free(proposal);
+               proposal->destroy(proposal);
        }
        this->proposals->destroy(this->proposals);
        
@@ -460,31 +334,29 @@ sa_config_t *sa_config_create(id_type_t my_id_type, char *my_id, id_type_t other
        this->public.select_traffic_selectors_initiator = (size_t(*)(sa_config_t*,traffic_selector_t*[],size_t,traffic_selector_t**[]))select_traffic_selectors_initiator;
        this->public.get_traffic_selectors_responder = (size_t(*)(sa_config_t*,traffic_selector_t**[]))get_traffic_selectors_responder;
        this->public.select_traffic_selectors_responder = (size_t(*)(sa_config_t*,traffic_selector_t*[],size_t,traffic_selector_t**[]))select_traffic_selectors_responder;
-       this->public.get_proposals = (size_t(*)(sa_config_t*,u_int8_t[4],u_int8_t[4],child_proposal_t**))get_proposals;
-       this->public.select_proposal = (child_proposal_t*(*)(sa_config_t*,u_int8_t[4],u_int8_t[4],child_proposal_t*,size_t))select_proposal;
+       this->public.create_proposal_iterator = (iterator_t*(*)(sa_config_t*))create_proposal_iterator;
+       this->public.select_proposal = (child_proposal_t*(*)(sa_config_t*,linked_list_t*))select_proposal;
        this->public.add_traffic_selector_initiator = (void(*)(sa_config_t*,traffic_selector_t*))add_traffic_selector_initiator;
        this->public.add_traffic_selector_responder = (void(*)(sa_config_t*,traffic_selector_t*))add_traffic_selector_responder;
        this->public.add_proposal = (void(*)(sa_config_t*,child_proposal_t*))add_proposal;
        this->public.destroy = (void(*)(sa_config_t*))destroy;
-
        
        /* apply init values */
        this->my_id = identification_create_from_string(my_id_type, my_id);
        if (this->my_id == NULL)
        {
                allocator_free(this);
-               return NULL;    
+               return NULL;
        }
        this->other_id = identification_create_from_string(other_id_type, other_id);
        if (this->my_id == NULL)
        {
                this->other_id->destroy(this->other_id);
                allocator_free(this);
-               return NULL;    
+               return NULL;
        }
        
        /* init private members*/
-       this->proposal_equals = proposal_equals;
        this->select_traffic_selectors = select_traffic_selectors;
        this->get_traffic_selectors = get_traffic_selectors;
        this->proposals = linked_list_create();
index ad9e330..0bfde77 100644 (file)
 #include <transforms/signers/signer.h>
 #include <transforms/diffie_hellman.h>
 #include <config/traffic_selector.h>
+#include <config/child_proposal.h>
 
 
-typedef struct child_proposal_t child_proposal_t;
-
-/**
- * @brief Storage structure for a proposal for a child sa.
- * 
- * A proposal for a child sa contains data for 
- * AH, ESP, or both.
- * 
- * @todo Currently the amount of tranforms with same type in a proposal is limited to 1.
- *              Support of more transforms with same type has to be added.
- * 
- * @ingroup config
- */
-struct child_proposal_t {
-       
-       /**
-        * Data for AH, if set.
-        */
-       struct {
-               bool is_set;
-               integrity_algorithm_t integrity_algorithm;
-               size_t integrity_algorithm_key_size;
-               diffie_hellman_group_t diffie_hellman_group;
-               extended_sequence_numbers_t extended_sequence_numbers;
-               u_int8_t spi[4];
-       } ah;
-       
-       /**
-        * Data for ESP, if set.
-        */
-       struct {
-               bool is_set;
-               encryption_algorithm_t encryption_algorithm;
-               size_t encryption_algorithm_key_size;
-               integrity_algorithm_t integrity_algorithm;
-               size_t integrity_algorithm_key_size;
-               diffie_hellman_group_t diffie_hellman_group;
-               extended_sequence_numbers_t extended_sequence_numbers;
-               u_int8_t spi[4];
-       } esp;
-};
-
 
 typedef struct sa_config_t sa_config_t;
 
@@ -195,30 +154,27 @@ struct sa_config_t {
        size_t (*select_traffic_selectors_responder) (sa_config_t *this, traffic_selector_t *supplied[], size_t count, traffic_selector_t **selected[]);
        
        /**
-        * @brief Get the list of proposals for this config.
+        * @brief Get an iterator for the internally stored proposals.
         * 
-        * @warning Resulting array must be freed!
+        * @warning Items are still owned by sa_config and MUST NOT
+        *                      be manipulated or freed!
         * 
-        * @param this                                          calling object
-        * @param[out] traffic_selectors        pointer where proposals will be allocated
-        * @return                                                      number of allocated proposals
+        * @param this                                  calling object
+        * @return                                              iterator for the proposals
         */
-       size_t (*get_proposals) (sa_config_t *this, u_int8_t ah_spi[4], u_int8_t esp_spi[4], child_proposal_t *proposals[]);
+       iterator_t *(*create_proposal_iterator) (sa_config_t *this);
        
        /**
-        * @brief Select a proposal from a supplied list
-        * 
-        * @warning Resulting array must be freed!
+        * @brief Select a proposal from a supplied list.
         * 
         * @param this                                  calling object
-        * @param supplied                              pointer to an array of proposals to select from.
-        * @param count                                 number of proposals stored at supplied
-        * @return                                              the selected proposal
+        * @param proposals                             list from from wich proposals are selected
+        * @return                                              selected proposal, or NULL if nothing matches
         */
-       child_proposal_t* (*select_proposal) (sa_config_t *this, u_int8_t ah_spi[4], u_int8_t esp_spi[4], child_proposal_t *supplied, size_t count);
+       child_proposal_t *(*select_proposal) (sa_config_t *this, linked_list_t *proposals);
        
        /**
-        * @brief Add a traffic selector to the list for initiator. 
+        * @brief Add a traffic selector to the list for initiator.
         * 
         * Added proposal will be cloned.
         * 
@@ -246,7 +202,6 @@ struct sa_config_t {
         * 
         * The proposals are stored by priority, first added
         * is the most prefered.
-        * Added proposal will be cloned.
         * 
         * @warning Do not add while other threads are reading.
         * 
index 7ca81e3..00e0932 100644 (file)
  */
 #define PROPOSAL_TYPE_VALUE 2
 
-/** 
- * String mappings for protocol_id_t.
- */
-mapping_t protocol_id_m[] = {
-       {UNDEFINED_PROTOCOL_ID, "UNDEFINED_PROTOCOL_ID"},
-       {IKE, "IKE"},
-       {AH, "AH"},
-       {ESP, "ESP"},
-       {MAPPING_END, NULL}
-};
-
 
 typedef struct private_proposal_substructure_t private_proposal_substructure_t;
 
@@ -413,7 +402,7 @@ static size_t get_transform_count (private_proposal_substructure_t *this)
  */
 static size_t get_spi_size (private_proposal_substructure_t *this)
 {
-       return  this->spi.len;
+       return this->spi.len;
 }
 
 /**
@@ -499,6 +488,7 @@ proposal_substructure_t *proposal_substructure_create()
        this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type;
        this->public.payload_interface.destroy = (void (*) (payload_t *))destroy;
        
+       
        /* public functions */
        this->public.create_transform_substructure_iterator = (iterator_t* (*) (proposal_substructure_t *,bool)) create_transform_substructure_iterator;
        this->public.add_transform_substructure = (void (*) (proposal_substructure_t *,transform_substructure_t *)) add_transform_substructure;
@@ -529,8 +519,65 @@ proposal_substructure_t *proposal_substructure_create()
        this->spi_size = 0;
        this->spi.ptr = NULL;
        this->spi.len = 0;
-
+       
        this->transforms = linked_list_create();
-
+       
        return (&(this->public));
 }
+
+/*
+ * Described in header.
+ */
+proposal_substructure_t *proposal_substructure_create_from_child_proposal(child_proposal_t *proposal, protocol_id_t *proto)
+{
+       private_proposal_substructure_t *this = (private_proposal_substructure_t*)proposal_substructure_create();
+       iterator_t *iterator;
+       algorithm_t *algo;
+       transform_substructure_t *transform;
+       
+       /* encryption algorithm is only availble in ESP */
+       if (proto == ESP)
+       {
+               iterator = proposal->create_algorithm_iterator(proposal, proto, ENCRYPTION_ALGORITHM);
+               while (iterator->has_next(iterator))
+               {
+                       iterator->current(iterator, (void**)&algo);
+                       transform = transform_substructure_create_type(ENCRYPTION_ALGORITHM, algo->algorithm, algo->key_size);
+                       this->public.add_transform_substructure(&(this->public), transform);
+               }
+               iterator->destroy(iterator);
+       }
+       
+       /* integrity algorithms */
+       iterator = proposal->create_algorithm_iterator(proposal, proto, INTEGRITY_ALGORITHM);
+       while (iterator->has_next(iterator))
+       {
+               algorithm_t *algo;
+               iterator->current(iterator, (void**)&algo);
+               transform = transform_substructure_create_type(INTEGRITY_ALGORITHM, algo->algorithm, algo->key_size);
+               this->public.add_transform_substructure(&(this->public), transform);
+       }
+       iterator->destroy(iterator);
+       
+       /* dh groups */
+       iterator = proposal->create_algorithm_iterator(proposal, proto, DIFFIE_HELLMAN_GROUP);
+       while (iterator->has_next(iterator))
+       {
+               algorithm_t *algo;
+               iterator->current(iterator, (void**)&algo);
+               transform = transform_substructure_create_type(DIFFIE_HELLMAN_GROUP, algo->algorithm, 0);
+               this->public.add_transform_substructure(&(this->public), transform);
+       }
+       iterator->destroy(iterator);
+       
+       /* extended sequence numbers */
+       iterator = proposal->create_algorithm_iterator(proposal, proto, EXTENDED_SEQUENCE_NUMBERS);
+       while (iterator->has_next(iterator))
+       {
+               algorithm_t *algo;
+               iterator->current(iterator, (void**)&algo);
+               transform = transform_substructure_create_type(EXTENDED_SEQUENCE_NUMBERS, algo->algorithm, 0);
+               this->public.add_transform_substructure(&(this->public), transform);
+       }
+       iterator->destroy(iterator);
+}
index 5380d1c..afa5851 100644 (file)
@@ -26,6 +26,7 @@
 #include <types.h>
 #include <encoding/payloads/payload.h>
 #include <encoding/payloads/transform_substructure.h>
+#include <config/child_proposal.h>
 #include <utils/linked_list.h>
 
 
 #define PROPOSAL_SUBSTRUCTURE_HEADER_LENGTH 8
 
 
-typedef enum protocol_id_t protocol_id_t;
-
-/**
- * Protocol ID of a proposal.
- * 
- * @ingroup payloads
- */
-enum protocol_id_t {
-       UNDEFINED_PROTOCOL_ID = 201,
-       IKE = 1,
-       AH = 2,
-       ESP = 3,
-};
-
-/** 
- * String mappings for protocol_id_t.
- * 
- * @ingroup payloads
- */
-extern mapping_t protocol_id_m[];
-
 typedef struct proposal_substructure_t proposal_substructure_t;
 
 /**
@@ -218,5 +198,22 @@ struct proposal_substructure_t {
  */
 proposal_substructure_t *proposal_substructure_create();
 
+/**
+ * @brief Creates a proposal substructure from a child_proposal.
+ * 
+ * Since a child proposal may contain data for both AH and ESP, 
+ * the protocol must be specified. If the proposal does not contain
+ * data for proto, NULL is returned. Call twice, once with AH, once 
+ * with ESP, with the same proposal to build the two substructures 
+ * for it.
+ * 
+ * @param proposal             proposal to build a substruct out of it
+ * @param proto                        for which protocol the substructure should be built
+ * @return                             proposal_substructure_t object, or NULL
+ * 
+ * @ingroup payloads
+ */
+proposal_substructure_t *proposal_substructure_create_from_child_proposal(child_proposal_t *proposal, protocol_id_t proto);
+
 
 #endif /*PROPOSAL_SUBSTRUCTURE_H_*/
index 1ef67a2..b433d67 100644 (file)
@@ -258,6 +258,34 @@ static void add_proposal_substructure (private_sa_payload_t *this,proposal_subst
 }
 
 /**
+ * Implementation of sa_payload_t.add_child_proposal.
+ */
+static void add_child_proposal(private_sa_payload_t *this, child_proposal_t *proposal)
+{
+       proposal_substructure_t *substructure;
+       protocol_id_t proto;
+       
+       /* watch out to build the substructures in the right order */
+       proto = proposal->get_first_protocol(proposal);
+       if (proto != AH && proto != ESP)
+       {
+               return;
+       }
+       substructure = proposal_substructure_create_from_child_proposal(proposal, proto);
+       add_proposal_substructure(this, substructure);
+       
+       /* first is done, now do the (possible) other */
+       proto = proposal->get_second_protocol(proposal);
+       if (proto != AH && proto != ESP)
+       {
+               return;
+       }
+       substructure = proposal_substructure_create_from_child_proposal(proposal, proto);
+       add_proposal_substructure(this, substructure);
+}
+
+
+/**
  * Implementation of sa_payload_t.get_ike_proposals.
  */
 static status_t get_ike_proposals (private_sa_payload_t *this,ike_proposal_t ** proposals, size_t *proposal_count)
@@ -267,7 +295,6 @@ static status_t get_ike_proposals (private_sa_payload_t *this,ike_proposal_t **
        iterator_t *iterator;
        ike_proposal_t *tmp_proposals;
        
-               
        iterator = this->proposals->create_iterator(this->proposals,TRUE);
        
        /* first find out the number of ike proposals and check their number of transforms and 
index 8c4f5d5..90f57b7 100644 (file)
@@ -119,7 +119,14 @@ struct sa_payload_t {
         *                                                      - FAILED if a proposal does not contain all needed transforms
         */
        status_t (*get_child_proposals) (sa_payload_t *this, child_proposal_t **proposals, size_t *proposal_count);     
-
+       
+       /**
+        * @brief Add a child proposal (AH/ESP) to the payload.
+        * 
+        * @param proposal                      child proposal to add to the payload
+        */
+       void (*add_child_proposal) (sa_payload_t *this, child_proposal_t *proposal);
+       
        /**
         * @brief Destroys an sa_payload_t object.
         *
@@ -149,20 +156,5 @@ sa_payload_t *sa_payload_create();
  */
 sa_payload_t *sa_payload_create_from_ike_proposals(ike_proposal_t *proposals, size_t proposal_count);
 
-/**
- * @brief Creates a sa_payload_t object from array of child_proposal_t's.
- * 
- * @warning for proposals where AH and ESP is not set, an empty proposal is created.
- * 
- * 
- * @return                                     created sa_payload_t object
- * @param proposals                    pointer to first proposal in array of type child_proposal_t
- * @param proposal_count       number of child_proposal_t's in array
- * @return                                     sa_payload_t object
- * 
- * @ingroup payloads
- */
-sa_payload_t *sa_payload_create_from_child_proposals(child_proposal_t *proposals, size_t proposal_count);
-
 
 #endif /*SA_PAYLOAD_H_*/
index c519c67..ba064c5 100644 (file)
@@ -80,29 +80,6 @@ struct private_transform_substructure_t {
 };
 
 
-/** 
- * String mappings for transform_type_t.
- */
-mapping_t transform_type_m[] = {
-       {UNDEFINED_TRANSFORM_TYPE, "UNDEFINED_TRANSFORM_TYPE"},
-       {ENCRYPTION_ALGORITHM, "ENCRYPTION_ALGORITHM"},
-       {PSEUDO_RANDOM_FUNCTION, "PSEUDO_RANDOM_FUNCTION"},
-       {INTEGRITY_ALGORITHM, "INTEGRITY_ALGORITHM"},
-       {DIFFIE_HELLMAN_GROUP, "DIFFIE_HELLMAN_GROUP"},
-       {EXTENDED_SEQUENCE_NUMBERS, "EXTENDED_SEQUENCE_NUMBERS"},
-       {MAPPING_END, NULL}
-};
-
-
-/** 
- * String mappings for extended_sequence_numbers_t.
- */
-mapping_t extended_sequence_numbers_m[] = {
-       {NO_EXT_SEQ_NUMBERS, "NO_EXT_SEQ_NUMBERS"},
-       {EXT_SEQ_NUMBERS, "EXT_SEQ_NUMBERS"},
-       {MAPPING_END, NULL}
-};
-
 /**
  * Encoding rules to parse or generate a Transform substructure.
  * 
index cd5cffe..79dd101 100644 (file)
@@ -32,6 +32,7 @@
 #include <transforms/signers/signer.h>
 #include <transforms/prfs/prf.h>
 #include <transforms/crypters/crypter.h>
+#include <config/child_proposal.h>
 
 
 /**
 #define TRANSFORM_SUBSTRUCTURE_HEADER_LENGTH 8
 
 
-typedef enum transform_type_t transform_type_t;
-
-/**
- * Type of a transform, as in IKEv2 draft 3.3.2.
- * 
- * @ingroup payloads
- */
-enum transform_type_t {
-       UNDEFINED_TRANSFORM_TYPE = 241,
-       ENCRYPTION_ALGORITHM = 1,
-       PSEUDO_RANDOM_FUNCTION = 2,
-       INTEGRITY_ALGORITHM = 3,
-       DIFFIE_HELLMAN_GROUP = 4,
-       EXTENDED_SEQUENCE_NUMBERS = 5
-};
-
-/** 
- * String mappings for transform_type_t.
- * 
- * @ingroup payloads
- */
-extern mapping_t transform_type_m[];
-
-
-typedef enum extended_sequence_numbers_t extended_sequence_numbers_t;
-
-/** 
- * Extended sequence numbers, as in IKEv2 draft 3.3.2.
- * 
- * @ingroup payloads
- */
-enum extended_sequence_numbers_t {
-       NO_EXT_SEQ_NUMBERS = 0,
-       EXT_SEQ_NUMBERS = 1
-};
-
-/** 
- * String mappings for extended_sequence_numbers_t.
- * 
- * @ingroup payloads
- */
-extern mapping_t extended_sequence_numbers_m[];
-
 typedef struct transform_substructure_t transform_substructure_t;
 
 /**
index 1b04626..8a24fb7 100644 (file)
@@ -66,7 +66,6 @@ void test_kernel_interface(protected_tester_t *tester)
 
 
        status = kernel_interface->get_spi(kernel_interface, me, other, 50, TRUE, &spi);
-       //status |= kernel_interface->get_spi(kernel_interface, me, other, 50, TRUE, &spi);
        tester->assert_true(tester, status == SUCCESS, "spi get");
 
        status = kernel_interface->add_sa(kernel_interface, me, other, spi, 50, TRUE, ENCR_AES_CBC, 16, enc_key,AUTH_HMAC_MD5_96,16,inc_key,TRUE);      
index 5f33d07..603d6db 100644 (file)
@@ -246,8 +246,8 @@ int main()
        tester_t *tester = tester_create(test_output, FALSE);
        
 
-       tester->perform_tests(tester,all_tests);
-       /* tester->perform_test(tester,&linked_list_insert_and_remove_test); */
+       //tester->perform_tests(tester,all_tests);
+       tester->perform_test(tester,&kernel_interface_test);
        
        
        tester->destroy(tester);
index b73a5bb..9513190 100644 (file)
@@ -54,18 +54,18 @@ struct kernel_interface_t {
         * @todo Cleanup method params
         */
        status_t (*add_sa)(kernel_interface_t *this,
-                                               host_t *me, 
-                                               host_t *other, 
-                                               u_int32_t spi, 
-                                               int protocol, 
-                                               bool tunnel_mode,
-                                               encryption_algorithm_t enc_alg,
-                                               size_t enc_size,
-                                               chunk_t enc_key,
-                                               integrity_algorithm_t int_alg,
-                                               size_t int_size,
-                                               chunk_t int_key,
-                                               bool replace);
+                               host_t *me, 
+                               host_t *other,
+                               u_int32_t spi,
+                               int protocol,
+                               bool tunnel_mode,
+                               encryption_algorithm_t enc_alg,
+                               size_t enc_size,
+                               chunk_t enc_key,
+                               integrity_algorithm_t int_alg,
+                               size_t int_size,
+                               chunk_t int_key,
+                               bool replace);
        
        /**
         * @brief Destroys a kernel_interface object.