cleaned code
authorJan Hutter <jhutter@hsr.ch>
Fri, 2 Dec 2005 07:43:05 +0000 (07:43 -0000)
committerJan Hutter <jhutter@hsr.ch>
Fri, 2 Dec 2005 07:43:05 +0000 (07:43 -0000)
Source/charon/config/configuration_manager.c
Source/charon/config/sa_config.c
Source/charon/daemon.c
Source/charon/daemon.h
Source/charon/sa/states/ike_sa_init_requested.c
Source/charon/threads/thread_pool.c
Source/charon/types.c
Source/charon/types.h

index 697b949..03e34bf 100644 (file)
@@ -182,16 +182,16 @@ static void load_default_config (private_configuration_manager_t *this)
        init_config3->add_proposal(init_config3,1,proposals[0]);
        init_config3->add_proposal(init_config3,1,proposals[1]);
        
-       sa_config1 = sa_config_create(ID_IPV4_ADDR, "152.96.193.130", 
-                                                                 ID_IPV4_ADDR, "152.96.193.131",
-                                                                 RSA_DIGITAL_SIGNATURE);
+       sa_config1 = sa_config_create(ID_IPV4_ADDR, "152.96.193.131", 
+                                                                 ID_IPV4_ADDR, "152.96.193.130",
+                                                                 SHARED_KEY_MESSAGE_INTEGRITY_CODE);
                                                                  
        sa_config1->add_traffic_selector_initiator(sa_config1,ts);
        sa_config1->add_traffic_selector_responder(sa_config1,ts);
 
        sa_config2 = sa_config_create(ID_IPV4_ADDR, "152.96.193.130", 
                                                                  ID_IPV4_ADDR, "152.96.193.131",
-                                                                 RSA_DIGITAL_SIGNATURE);
+                                                                 SHARED_KEY_MESSAGE_INTEGRITY_CODE);
 
        sa_config2->add_traffic_selector_initiator(sa_config2,ts);
        sa_config2->add_traffic_selector_responder(sa_config2,ts);
index 3f253b5..2d91f7b 100644 (file)
@@ -404,6 +404,7 @@ sa_config_t *sa_config_create(id_type_t my_id_type, char *my_id, id_type_t other
        this->proposals = linked_list_create();
        this->ts_initiator = linked_list_create();
        this->ts_responder = linked_list_create();
+       this->auth_method = auth_method;
 
        return (&this->public);
 }
index 7fe3d5b..175cfa3 100644 (file)
@@ -159,7 +159,7 @@ static void build_test_jobs(private_daemon_t *this)
        for(i = 0; i<1; i++)
        {
                initiate_ike_sa_job_t *initiate_job;
-               initiate_job = initiate_ike_sa_job_create("localhost");
+               initiate_job = initiate_ike_sa_job_create("pinflb30");
                this->public.job_queue->add(this->public.job_queue, (job_t*)initiate_job);
        }
 }
index 8da5eb5..651ed03 100644 (file)
@@ -54,7 +54,7 @@
  * Port on which the daemon will 
  * listen for incoming traffic
  */
-#define IKEV2_UDP_PORT 4500
+#define IKEV2_UDP_PORT 500
 
 /**
  * Default loglevel to use. This is the
index 946e468..2dfcd8f 100644 (file)
@@ -155,6 +155,7 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t
 {
        ike_auth_requested_t *next_state;
        exchange_type_t exchange_type;
+       init_config_t *init_config;     
        u_int64_t responder_spi;
        ike_sa_id_t *ike_sa_id;
        iterator_t *payloads;
@@ -190,10 +191,13 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t
                return status;  
        }
        
+       /* get configuration */
+       init_config = this->ike_sa->get_init_config(this->ike_sa);
+       
 
        if (responder_spi == 0)
        {
-               this->logger->log(this->logger, ERROR | MORE, "Responder SPI still zero.");
+               this->logger->log(this->logger, ERROR | MORE, "Responder SPI still zero");
                return FAILED;
        }
        /* because I am original initiator i have to update the responder SPI to the new one */ 
@@ -207,7 +211,7 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t
         */
        payloads = ike_sa_init_reply->get_payload_iterator(ike_sa_init_reply);
        while (payloads->has_next(payloads))
-       {
+       { 
                payload_t *payload;
                payloads->current(payloads, (void**)&payload);
                
@@ -220,9 +224,9 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t
                                ike_proposal_t *ike_proposals;
                                ike_proposal_t selected_proposal;
                                size_t proposal_count;                  
-                               init_config_t *init_config;     
+
                                
-                               /* get the list of suggested proposals */ 
+                               /* get the list of selected proposals */ 
                                status = sa_payload->get_ike_proposals (sa_payload, &ike_proposals,&proposal_count);
                                if (status != SUCCESS)
                                {
@@ -230,24 +234,22 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t
                                        payloads->destroy(payloads);
                                        return status;  
                                }
-                               
+                               /* the peer has to select only one proposal */
                                if (proposal_count != 1)
                                {
-                                       this->logger->log(this->logger, ERROR | MORE, "More then one proposal selected!");
+                                       this->logger->log(this->logger, ERROR | MORE, "More then 1 proposal (%d) selected!",proposal_count);
                                        allocator_free(ike_proposals);
                                        payloads->destroy(payloads);
                                        return status;                                                  
                                }
                                
                                /* now let the configuration-manager check the selected proposals*/
-                               this->logger->log(this->logger, CONTROL | MOST, "Check suggested proposals");
-                               init_config = this->ike_sa->get_init_config(this->ike_sa);
-
+                               this->logger->log(this->logger, CONTROL | MOST, "Check selected proposal");
                                status = init_config->select_proposal (init_config,ike_proposals,1,&selected_proposal);
                                allocator_free(ike_proposals);
                                if (status != SUCCESS)
                                {
-                                       this->logger->log(this->logger, ERROR | MORE, "Selected proposal not a suggested one!");
+                                       this->logger->log(this->logger, ERROR | MORE, "Selected proposal not a suggested one! Peer is trying to trick me!");
                                        payloads->destroy(payloads);
                                        return status;
                                }
@@ -265,17 +267,16 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t
                        case KEY_EXCHANGE:
                        {
                                ke_payload_t *ke_payload = (ke_payload_t*)payload;
-                               
-                               this->diffie_hellman->set_other_public_value(this->diffie_hellman, ke_payload->get_key_exchange_data(ke_payload));
-                               
+                               this->diffie_hellman->set_other_public_value(this->diffie_hellman, ke_payload->get_key_exchange_data(ke_payload));                              
                                /* shared secret is computed AFTER processing of all payloads... */                             
                                break;
                        }
                        case NONCE:
                        {
-                               nonce_payload_t         *nonce_payload = (nonce_payload_t*)payload;
+                               nonce_payload_t *nonce_payload = (nonce_payload_t*)payload;
                                
                                allocator_free(this->received_nonce.ptr);
+
                                this->received_nonce = CHUNK_INITIALIZER;
                                
                                nonce_payload->get_nonce(nonce_payload, &(this->received_nonce));
@@ -283,7 +284,7 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t
                        }
                        default:
                        {
-                               this->logger->log(this->logger, ERROR, "Payload type not supported!!!!");
+                               this->logger->log(this->logger, ERROR, "Payload type %s not supported in state ike_sa_init_requested!", mapping_find(payload_type_m, payload->get_type(payload)));
                                payloads->destroy(payloads);
                                return FAILED;
                        }
@@ -296,25 +297,28 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t
        allocator_free(this->shared_secret.ptr);
        this->shared_secret = CHUNK_INITIALIZER;
        
-       /* store shared secret  */
+       /* store shared secret  
+        * status of dh objectt does not have to get checked cause other key is set
+        */
        this->logger->log(this->logger, CONTROL | MOST, "Retrieve shared secret and store it");
        status = this->diffie_hellman->get_shared_secret(this->diffie_hellman, &(this->shared_secret));         
        this->logger->log_chunk(this->logger, PRIVATE, "Shared secret", &this->shared_secret);
-       
+
+       this->logger->log(this->logger, CONTROL | MOST, "Going to derive all secrets from shared secret");      
        this->ike_sa->compute_secrets(this->ike_sa,this->shared_secret,this->sent_nonce, this->received_nonce);
 
        /* build the complete IKE_AUTH request */
        this->build_ike_auth_request (this,&request);
 
        /* generate packet */   
-       this->logger->log(this->logger, CONTROL|MOST, "generate packet from message");
+       this->logger->log(this->logger, CONTROL|MOST, "Generate packet from message");
 
        status = request->generate(request, this->ike_sa->get_crypter_initiator(this->ike_sa), this->ike_sa->get_signer_initiator(this->ike_sa), &packet);
        if (status != SUCCESS)
        {
-               this->logger->log(this->logger, ERROR, "could not generate packet from message");
+               this->logger->log(this->logger, ERROR, "Could not generate packet from message");
                request->destroy(request);
-               return status;
+               return DELETE_ME;
        }
        
        this->logger->log(this->logger, CONTROL|MOST, "Add packet to global send queue");
@@ -332,7 +336,7 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t
                this->logger->log(this->logger, ERROR, "Could not set last requested message");
                (next_state->state_interface).destroy(&(next_state->state_interface));
                request->destroy(request);
-               return status;
+               return DELETE_ME;
        }
 
        /* state can now be changed */ 
@@ -343,7 +347,6 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t
 
        this->logger->log(this->logger, CONTROL|MOST, "Destroy old sate object");
        this->destroy_after_state_change(this);
-       
        return SUCCESS;
 }
 
index 0157e2a..661d0fd 100644 (file)
@@ -214,11 +214,19 @@ static void process_incoming_packet_job(private_thread_pool_t *this, incoming_pa
                                                         ike_sa_id->get_responder_spi(ike_sa_id),
                                                         ike_sa_id->is_initiator(ike_sa_id) ? "initiator" : "responder");
        ike_sa_id->destroy(ike_sa_id);
-                                                                       
-       status = charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
+               
+       if (status == DELETE_ME)
+       {
+               status = charon->ike_sa_manager->checkin_and_delete(charon->ike_sa_manager, ike_sa);
+       }
+       else
+       {
+               status = charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
+       }
+                                       
        if (status != SUCCESS)
        {
-               this->worker_logger->log(this->worker_logger, ERROR, "checkin of IKE SA failed");
+               this->worker_logger->log(this->worker_logger, ERROR, "checkin of IKE SA failed!");
        }
        message->destroy(message);
 }
@@ -247,7 +255,7 @@ static void process_initiate_ike_sa_job(private_thread_pool_t *this, initiate_ik
        status = ike_sa->initialize_connection(ike_sa, job->get_configuration_name(job));
        if (status != SUCCESS)
        {
-               this->worker_logger->log(this->worker_logger, ERROR, "%s by initialize_conection, job and rejected, IKE_SA deleted.", 
+               this->worker_logger->log(this->worker_logger, ERROR, "%s by initialize_conection, going to delete IKE_SA.", 
                                                                 mapping_find(status_m, status));
                charon->ike_sa_manager->checkin_and_delete(charon->ike_sa_manager, ike_sa);
                return;
index 7072d84..9af8498 100644 (file)
@@ -35,6 +35,7 @@ mapping_t status_m[] = {
        {PARSE_ERROR, "PARSE_ERROR"},
        {VERIFY_ERROR, "VERIFY_ERROR"},
        {INVALID_STATE, "INVALID_STATE"},
+       {DELETE_ME, "DELETE_ME"},
        {MAPPING_END, NULL}
 };
 
index 5e7b6bb..521741f 100644 (file)
@@ -45,7 +45,8 @@ enum status_t {
        NOT_FOUND,
        PARSE_ERROR,
        VERIFY_ERROR,
-       INVALID_STATE
+       INVALID_STATE,
+       DELETE_ME,
 };
 
 extern mapping_t status_m[];