(no commit message)
authorMartin Willi <martin@strongswan.org>
Fri, 18 Nov 2005 10:31:56 +0000 (10:31 -0000)
committerMartin Willi <martin@strongswan.org>
Fri, 18 Nov 2005 10:31:56 +0000 (10:31 -0000)
Source/charon/configuration_manager.c
Source/charon/configuration_manager.h
Source/charon/daemon.c
Source/charon/ike_sa.c
Source/charon/message.c
Source/charon/message.h

index 81b1303..723d194 100644 (file)
@@ -31,7 +31,6 @@
 #include "payloads/nonce_payload.h"
 #include "payloads/proposal_substructure.h"
 #include "payloads/ke_payload.h"
-#include "payloads/transform_substructure.h"
 #include "payloads/transform_attribute.h"
 
 /**
@@ -238,6 +237,17 @@ static status_t select_proposals_for_host(private_configuration_manager_t *this,
        return FAILED;
 }
 
+static status_t is_dh_group_allowed_for_host(private_configuration_manager_t *this, host_t *host, diffie_hellman_group_t group, bool *allowed)
+{
+       if (group == MODP_768_BIT ||
+               group == MODP_1024_BIT)
+       {
+               *allowed = TRUE;                
+       }
+       *allowed = FALSE;
+       return SUCCESS;
+}
+
 
 /**
  * Implements function destroy of configuration_t.
@@ -266,7 +276,7 @@ configuration_manager_t *configuration_manager_create()
        this->public.get_local_host = (status_t(*)(configuration_manager_t*,char*,host_t**))get_local_host;
        this->public.get_proposals_for_host = (status_t(*)(configuration_manager_t*,host_t*,linked_list_iterator_t*))get_proposals_for_host;
        this->public.select_proposals_for_host = (status_t(*)(configuration_manager_t*,host_t*,linked_list_iterator_t*,linked_list_iterator_t*))select_proposals_for_host;
-       
+       this->public.is_dh_group_allowed_for_host = (status_t(*)(configuration_manager_t*,host_t*,diffie_hellman_group_t,bool*)) is_dh_group_allowed_for_host;
 
        return (&this->public);
 }
index bbbad63..7f917ff 100644 (file)
@@ -26,6 +26,7 @@
 #include "types.h"
 #include "utils/linked_list.h"
 #include "utils/host.h"
+#include "payloads/transform_substructure.h"
 
 /**
  * @brief Manages all configuration aspects of the daemon.
@@ -41,8 +42,10 @@ struct configuration_manager_s {
        
        status_t (*get_proposals_for_host) (configuration_manager_t *this, host_t *host, linked_list_iterator_t *list);
        
-       status_t (*select_proposals_for_host)  (configuration_manager_t *this, host_t *host, linked_list_iterator_t *in, linked_list_iterator_t *out);
-
+       status_t (*select_proposals_for_host) (configuration_manager_t *this, host_t *host, linked_list_iterator_t *in, linked_list_iterator_t *out);
+       
+       status_t (*is_dh_group_allowed_for_host) (configuration_manager_t *this, host_t *host, diffie_hellman_group_t group, bool *allowed);
+       
        status_t (*destroy) (configuration_manager_t *this);
 };
 
index 559b478..c30459e 100644 (file)
@@ -141,11 +141,11 @@ int main()
        }
        
        int i;
-       for(i = 0; i<10; i++)
+       for(i = 0; i<1; i++)
        {
                initiate_ike_sa_job_t *initiate_job;
                
-               initiate_job = initiate_ike_sa_job_create("pinflb31");
+               initiate_job = initiate_ike_sa_job_create("pinflb30");
                global_event_queue->add_relative(global_event_queue, (job_t*)initiate_job, i * 1000);
                
        }
index 5e5ca22..9a13381 100644 (file)
 
 #include "types.h"
 #include "globals.h"
+#include "definitions.h"
 #include "utils/allocator.h"
 #include "utils/linked_list.h"
 #include "utils/logger_manager.h"
 #include "utils/randomizer.h"
+#include "transforms/diffie_hellman.h"
 #include "payloads/sa_payload.h"
 #include "payloads/nonce_payload.h"
 #include "payloads/ke_payload.h"
@@ -72,6 +74,18 @@ enum ike_sa_state_e {
        IKE_SA_INITIALIZED = 5
 };
 
+/**
+ * string mappings for ike_sa_state 
+ */
+mapping_t ike_sa_state_m[] = {
+       {NO_STATE, "NO_STATE"},
+       {IKE_SA_INIT_REQUESTED, "IKE_SA_INIT_REQUESTED"},
+       {IKE_SA_INIT_RESPONDED, "IKE_SA_INIT_RESPONDED"},
+       {IKE_AUTH_REQUESTED, "IKE_AUTH_REQUESTED"},
+       {IKE_SA_INITIALIZED, "IKE_SA_INITIALIZED"},
+       {MAPPING_END, NULL}
+};
+
 
 /**
  * Private data of an message_t object
@@ -88,6 +102,9 @@ struct private_ike_sa_s {
        status_t (*build_sa_payload) (private_ike_sa_t *this, sa_payload_t **payload);
        status_t (*build_nonce_payload) (private_ike_sa_t *this, nonce_payload_t **payload);
        status_t (*build_ke_payload) (private_ike_sa_t *this, ke_payload_t **payload);
+       
+       status_t (*transto_ike_sa_init_responded) (private_ike_sa_t *this, message_t *message);
+       status_t (*transto_ike_auth_requested) (private_ike_sa_t *this, message_t *message);
 
        /* Private values */
        /**
@@ -103,7 +120,7 @@ struct private_ike_sa_s {
        /**
         * Current state of the IKE_SA
         */
-       ike_sa_state_t current_state;
+       ike_sa_state_t state;
        
        /**
         * is this IKE_SA the original initiator of this IKE_SA
@@ -125,6 +142,8 @@ struct private_ike_sa_s {
                host_t *host;
        } other;
        
+       diffie_hellman_t *diffie_hellman;
+       
        /**
         * a logger for this IKE_SA
         */
@@ -135,54 +154,136 @@ struct private_ike_sa_s {
  * @brief implements function process_message of private_ike_sa_t
  */
 static status_t process_message (private_ike_sa_t *this, message_t *message)
+{      
+       this->logger->log(this->logger, CONTROL|MORE, "Process message of exchange type %s",
+                                               mapping_find(exchange_type_m,message->get_exchange_type(message)));
+       
+       switch (message->get_exchange_type(message))
+       {
+               case IKE_SA_INIT:
+               {
+                       if (message->get_request(message)) {
+                               if (this->state ==      NO_STATE)
+                               {
+                                       /* state transission NO_STATE => IKE_SA_INIT_RESPONDED */
+                                       return this->transto_ike_sa_init_responded(this, message);
+                               }
+                       }
+                       else
+                       {
+                               if (this->state == IKE_SA_INIT_REQUESTED)
+                               {
+                                       /* state transission IKE_SA_INIT_REQUESTED => IKE_AUTH_REQUESTED*/
+                                       return this->transto_ike_auth_requested(this, message);
+                               }
+                       }
+                       break;
+               }
+               case IKE_AUTH:
+               {
+                       /* break; */
+               }
+               case CREATE_CHILD_SA:
+               {
+                       /* break; */
+               }
+               case INFORMATIONAL:
+               {
+                       /* break; */
+               }
+               default:
+               {
+                       this->logger->log(this->logger, ERROR, "processing %s-message not supported.",
+                                                               mapping_find(exchange_type_m,message->get_exchange_type(message)));
+                       return NOT_SUPPORTED;
+               }
+       }
+       this->logger->log(this->logger, ERROR, "received %s-message in state %s, rejected.",
+                                                               mapping_find(exchange_type_m, message->get_exchange_type(message)),
+                                                               mapping_find(ike_sa_state_m, this->state));
+       return INVALID_STATE;
+}
+
+
+static status_t transto_ike_sa_init_responded(private_ike_sa_t *this, message_t *message)
 {
        status_t status;
-       /* @TODO Add Message Processing here */
+       linked_list_iterator_t *payloads;
        
-       this->logger->log(this->logger, CONTROL|MORE, "Process message of exchange type %s",mapping_find(exchange_type_m,message->get_exchange_type(message)));
-       
-       /* parse body */
        status = message->parse_body(message);
-       switch (status)
+       if (status != SUCCESS)
        {
-               case SUCCESS:
-               {
-                       break;
-               }
-               default:
-               {
-                       this->logger->log(this->logger, ERROR, "Error of type %s while parsing message body",mapping_find(status_m,status));
-                       switch (this->current_state)
-                       {
-                               case NO_STATE:
-                               {
-                                       job_t *delete_job;
-                                       /* create delete job for this ike_sa */
-                                       delete_job = (job_t *) delete_ike_sa_job_create(this->ike_sa_id);
-                                       if (delete_job == NULL)
-                                       {
-                                               this->logger->log(this->logger, ERROR, "Job to delete IKE SA could not be created");
-                                       }
-                                       
-                                       status = global_job_queue->add(global_job_queue,delete_job);
-                                       if (status != SUCCESS)
-                                       {
-                                               this->logger->log(this->logger, ERROR, "%s Job to delete IKE SA could not be added to job queue",mapping_find(status_m,status));
-                                               delete_job->destroy_all(delete_job);
-                                       }
-                                       
-                               }
-                               default:
-                               {
-                                       break;  
-                               }
-                       }
-                       
-                       return FAILED;
-               }
+               return status;  
+       }
+       
+       status = message->get_payload_iterator(message, &payloads);
+       if (status != SUCCESS)
+       {
+               return status;  
        }
-               
-       return status;
+       while (payloads->has_next(payloads))
+       {
+               payload_t *payload;
+               payloads->current(payloads, (void**)payload);
+               switch (payload->get_type(payload))
+               {
+                       case SECURITY_ASSOCIATION:
+                       {
+                               sa_payload_t *sa_payload;
+                               linked_list_iterator_t *proposals;
+                               
+                               sa_payload = (sa_payload_t*)payload;
+                               status = sa_payload->create_proposal_substructure_iterator(sa_payload, &proposals, TRUE);
+                               if (status != SUCCESS)
+                               {
+                                       payloads->destroy(payloads);
+                                       return status;
+                               }
+                               //global_configuration_manager->select_prop
+                               
+                               break;
+                       }
+                       case KEY_EXCHANGE:
+                       {
+                               break;
+                       }
+                       case NONCE:
+                       {
+                               break;
+                       }
+                       default:
+                       {
+                               
+                       }
+                               
+               }
+                       
+       }
+       
+       
+       
+       
+       
+       /*
+       job_t *delete_job;
+       delete_job = (job_t *) delete_ike_sa_job_create(this->ike_sa_id);
+       if (delete_job == NULL)
+       {
+               this->logger->log(this->logger, ERROR, "Job to delete IKE SA could not be created");
+       }
+       
+       status = global_job_queue->add(global_job_queue,delete_job);
+       if (status != SUCCESS)
+       {
+               this->logger->log(this->logger, ERROR, "%s Job to delete IKE SA could not be added to job queue",mapping_find(status_m,status));
+               delete_job->destroy_all(delete_job);
+       }*/
+       return SUCCESS;
+}
+
+static status_t transto_ike_auth_requested(private_ike_sa_t *this, message_t *message)
+{
+       return SUCCESS;
 }
 
 /**
@@ -271,7 +372,7 @@ static status_t initialize_connection(private_ike_sa_t *this, char *name)
 
        message->destroy(message);
 
-       this->current_state = IKE_SA_INIT_REQUESTED;
+       this->state = IKE_SA_INIT_REQUESTED;
 
        return SUCCESS;
 }
@@ -425,6 +526,10 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
        this->build_sa_payload = build_sa_payload;
        this->build_ke_payload = build_ke_payload;
        this->build_nonce_payload = build_nonce_payload;
+       
+       
+       this->transto_ike_sa_init_responded = transto_ike_sa_init_responded;
+       this->transto_ike_auth_requested = transto_ike_auth_requested;
 
 
 
@@ -468,10 +573,11 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
        
        this->me.host = NULL;
        this->other.host = NULL;
+       this->diffie_hellman = NULL;
 
 
        /* at creation time, IKE_SA isn't in a specific state */
-       this->current_state = NO_STATE;
+       this->state = NO_STATE;
 
        return (&this->public);
 }
index 5d7e0ea..f290b83 100644 (file)
@@ -430,6 +430,12 @@ static status_t get_destination(private_message_t *this, host_t **host)
 }
 
 
+static status_t get_payload_iterator(private_message_t *this, linked_list_iterator_t **iterator)
+{
+       return this->payloads->create_iterator(this->payloads, iterator, TRUE);
+}
+
+
 /**
  * Implements message_t's generate function.
  * See #message_s.generate.
@@ -776,6 +782,7 @@ message_t *message_create_from_packet(packet_t *packet)
        this->public.get_source = (status_t (*) (message_t*,host_t**)) get_source;
        this->public.set_destination = (status_t (*) (message_t*,host_t*)) set_destination;
        this->public.get_destination = (status_t (*) (message_t*,host_t**)) get_destination;
+       this->public.get_payload_iterator = (status_t (*) (message_t *, linked_list_iterator_t **)) get_payload_iterator;
        this->public.parse_header =     (status_t (*) (message_t *)) parse_header;
        this->public.parse_body =       (status_t (*) (message_t *)) parse_body;
        this->public.destroy = (status_t(*)(message_t*))destroy;
index 009b435..6b022fd 100644 (file)
@@ -27,6 +27,7 @@
 #include "packet.h"
 #include "ike_sa_id.h"
 #include "payloads/ike_header.h"
+#include "utils/linked_list.h"
 
 
 
@@ -223,6 +224,7 @@ struct message_s {
        status_t (*set_source) (message_t *this, host_t *host);
        status_t (*get_destination) (message_t *this, host_t **host);
        status_t (*set_destination) (message_t *this, host_t *host);
+       status_t (*get_payload_iterator) (message_t *this, linked_list_iterator_t **iterator);
        
        /**
         * @brief Destroys a message and all including objects