- fixed some BAD bugs
authorMartin Willi <martin@strongswan.org>
Mon, 12 Dec 2005 12:52:59 +0000 (12:52 -0000)
committerMartin Willi <martin@strongswan.org>
Mon, 12 Dec 2005 12:52:59 +0000 (12:52 -0000)
- clean localhost-testcases for bad_dh, shared and rsa

Source/charon/config/configuration_manager.c
Source/charon/daemon.c
Source/charon/encoding/payloads/notify_payload.c
Source/charon/encoding/payloads/sa_payload.c
Source/charon/queues/jobs/delete_established_ike_sa_job.c
Source/charon/queues/jobs/delete_half_open_ike_sa_job.c
Source/charon/sa/states/ike_auth_requested.c
Source/charon/sa/states/ike_sa_init_requested.c
Source/charon/sa/states/ike_sa_init_responded.c
Source/charon/sa/states/responder_init.c
Source/charon/testcases/testcases.c

index 6239a44..f2c726d 100644 (file)
@@ -274,15 +274,16 @@ u_int8_t private_key_2[];
  */
 static void load_default_config (private_configuration_manager_t *this)
 {
-       init_config_t *init_config1, *init_config2, *init_config3;
-       ike_proposal_t proposals[2];
+       init_config_t *init_config1, *init_config2, *init_config3, *init_config4;
+       ike_proposal_t proposals[4];
        child_proposal_t child_proposals[1];
-       sa_config_t *sa_config1, *sa_config2, *sa_config3;
+       sa_config_t *sa_config1, *sa_config2, *sa_config3, *sa_config4;
        traffic_selector_t *ts;
        
        init_config1 = init_config_create("0.0.0.0","152.96.193.131",IKEV2_UDP_PORT,IKEV2_UDP_PORT);
        init_config2 = init_config_create("0.0.0.0","152.96.193.130",IKEV2_UDP_PORT,IKEV2_UDP_PORT);
        init_config3 = init_config_create("0.0.0.0","127.0.0.1",IKEV2_UDP_PORT,IKEV2_UDP_PORT);
+       init_config4 = init_config_create("0.0.0.0","127.0.0.1",IKEV2_UDP_PORT,IKEV2_UDP_PORT);
        ts = traffic_selector_create_from_string(1, TS_IPV4_ADDR_RANGE, "0.0.0.0", 0, "255.255.255.255", 65535);
        
 
@@ -299,7 +300,13 @@ static void load_default_config (private_configuration_manager_t *this)
        proposals[1].integrity_algorithm_key_length = 20;
        proposals[1].pseudo_random_function = PRF_HMAC_SHA1;
        proposals[1].pseudo_random_function_key_length = 20;
-       proposals[1].diffie_hellman_group = MODP_1024_BIT;
+       proposals[1].diffie_hellman_group = MODP_2048_BIT;
+       
+       
+       proposals[2] = proposals[1];
+       proposals[2].diffie_hellman_group = MODP_4096_BIT;
+       proposals[3] = proposals[1];
+       proposals[3].diffie_hellman_group = MODP_2048_BIT;
 
        init_config1->add_proposal(init_config1,1,proposals[1]);
        init_config1->add_proposal(init_config1,1,proposals[0]);
@@ -307,7 +314,8 @@ static void load_default_config (private_configuration_manager_t *this)
        init_config2->add_proposal(init_config2,1,proposals[0]);
        init_config3->add_proposal(init_config3,1,proposals[1]);
        init_config3->add_proposal(init_config3,1,proposals[0]);
-
+       init_config4->add_proposal(init_config4,1,proposals[3]);
+       init_config4->add_proposal(init_config4,1,proposals[2]);
        
        sa_config1 = sa_config_create(ID_IPV4_ADDR, "152.96.193.130", 
                                                                  ID_IPV4_ADDR, "152.96.193.131",
@@ -324,14 +332,22 @@ static void load_default_config (private_configuration_manager_t *this)
 
        sa_config2->add_traffic_selector_initiator(sa_config2,ts);
        sa_config2->add_traffic_selector_responder(sa_config2,ts);
-
+                                                                 
        sa_config3 = sa_config_create(ID_IPV4_ADDR, "127.0.0.1", 
                                                                  ID_IPV4_ADDR, "127.0.0.1",
-                                                                 RSA_DIGITAL_SIGNATURE,
+                                                                 SHARED_KEY_MESSAGE_INTEGRITY_CODE,
                                                                  30000);
 
        sa_config3->add_traffic_selector_initiator(sa_config3,ts);
        sa_config3->add_traffic_selector_responder(sa_config3,ts);
+                                                                 
+       sa_config4 = sa_config_create(ID_IPV4_ADDR, "127.0.0.1", 
+                                                                 ID_IPV4_ADDR, "127.0.0.1",
+                                                                 RSA_DIGITAL_SIGNATURE,
+                                                                 30000);
+
+       sa_config4->add_traffic_selector_initiator(sa_config4,ts);
+       sa_config4->add_traffic_selector_responder(sa_config4,ts);
        
        ts->destroy(ts);
        
@@ -360,10 +376,13 @@ static void load_default_config (private_configuration_manager_t *this)
 
        this->add_new_configuration(this,"pinflb31",init_config1,sa_config1);
        this->add_new_configuration(this,"pinflb30",init_config2,sa_config2);
-       this->add_new_configuration(this,"localhost",init_config3,sa_config3);
+       this->add_new_configuration(this,"localhost-shared",init_config3,sa_config3);
+       this->add_new_configuration(this,"localhost-rsa",init_config3,sa_config4);
+       this->add_new_configuration(this,"localhost-bad_dh_group",init_config4, sa_config3);
+       
 
        this->add_new_preshared_secret(this,ID_IPV4_ADDR, "152.96.193.130","verschluesselt");
-       this->add_new_preshared_secret(this,ID_IPV4_ADDR, "152.96.193.131","scheisen");
+       this->add_new_preshared_secret(this,ID_IPV4_ADDR, "152.96.193.131","verschluesselt");
        this->add_new_preshared_secret(this,ID_IPV4_ADDR, "127.0.0.1","verschluesselt");
        
        this->add_new_rsa_public_key(this,ID_IPV4_ADDR, "127.0.0.1", public_key_1, 256);
@@ -598,7 +617,7 @@ static void add_new_configuration (private_configuration_manager_t *this, char *
                this->sa_configs->insert_first(this->sa_configs,sa_config);
        }
 
-       this->configurations->insert_first(this->configurations,configuration_entry_create(name,init_config,sa_config));
+       this->configurations->insert_last(this->configurations,configuration_entry_create(name,init_config,sa_config));
 }
 
 /**
index 6623d57..4f109f7 100644 (file)
@@ -157,14 +157,19 @@ static void kill_daemon(private_daemon_t *this, char *reason)
  * Implementation of private_daemon_t.build_test_jobs.
  */
 static void build_test_jobs(private_daemon_t *this)
-{
-       int i;
-       for(i = 0; i<1; i++)
-       {
-               initiate_ike_sa_job_t *initiate_job;
-               initiate_job = initiate_ike_sa_job_create("pinflb30");
-               this->public.event_queue->add_relative(this->public.event_queue, (job_t*)initiate_job, i * 5000);
-       }
+{      
+       char *config_name;
+       initiate_ike_sa_job_t *initiate_job;
+       
+       config_name = "localhost-rsa";
+       /* config_name = "localhost-shared"; */
+       /* config_name = "localhost-bad_dh_group"; */
+       
+               
+       initiate_job = initiate_ike_sa_job_create(config_name);
+       
+       this->public.event_queue->add_relative(this->public.event_queue, (job_t*)initiate_job, 2000);
+
 }
 
 /**
index 36a9930..dccc9d1 100644 (file)
@@ -395,6 +395,7 @@ notify_payload_t *notify_payload_create()
        this->notify_message_type = 0;
        this->spi.ptr = NULL;
        this->spi.len = 0;
+       this->spi_size = 0;
        this->notification_data.ptr = NULL;
        this->notification_data.len = 0;
 
index 0cae894..1ef67a2 100644 (file)
@@ -761,6 +761,7 @@ sa_payload_t *sa_payload_create_from_ike_proposals(ike_proposal_t *proposals, si
                proposal_substructure = proposal_substructure_create();
                proposal_substructure->set_protocol_id(proposal_substructure,IKE);
                proposal_substructure->set_proposal_number(proposal_substructure,(i + 1));
+               
 
                /* create transform substructures to hold each specific transform for an ike proposal */
                encryption_algorithm = transform_substructure_create_type(ENCRYPTION_ALGORITHM,proposals[i].encryption_algorithm,proposals[i].encryption_algorithm_key_length);
index 8099805..595bdd1 100644 (file)
@@ -61,9 +61,8 @@ static ike_sa_id_t *get_ike_sa_id(private_delete_established_ike_sa_job_t *this)
 /**
  * Implementation of job_t.destroy.
  */
-static void destroy(job_t *job)
+static void destroy(private_delete_established_ike_sa_job_t *this)
 {
-       private_delete_established_ike_sa_job_t *this = (private_delete_established_ike_sa_job_t *) job;
        this->ike_sa_id->destroy(this->ike_sa_id);
        allocator_free(this);
 }
@@ -79,7 +78,7 @@ delete_established_ike_sa_job_t *delete_established_ike_sa_job_create(ike_sa_id_
        this->public.job_interface.get_type = (job_type_t (*) (job_t *)) get_type;
        /* same as destroy */
        this->public.job_interface.destroy_all = (void (*) (job_t *)) destroy;
-       this->public.job_interface.destroy = destroy;
+       this->public.job_interface.destroy = (void (*)(job_t*)) destroy;
        
        /* public functions */
        this->public.get_ike_sa_id = (ike_sa_id_t * (*)(delete_established_ike_sa_job_t *)) get_ike_sa_id;
index d37cb98..47354d6 100644 (file)
@@ -61,9 +61,8 @@ static ike_sa_id_t *get_ike_sa_id(private_delete_half_open_ike_sa_job_t *this)
 /**
  * Implements job_t.destroy.
  */
-static void destroy(job_t *job)
+static void destroy(private_delete_half_open_ike_sa_job_t *this)
 {
-       private_delete_half_open_ike_sa_job_t *this = (private_delete_half_open_ike_sa_job_t *) job;
        this->ike_sa_id->destroy(this->ike_sa_id);
        allocator_free(this);
 }
@@ -79,7 +78,7 @@ delete_half_open_ike_sa_job_t *delete_half_open_ike_sa_job_create(ike_sa_id_t *i
        this->public.job_interface.get_type = (job_type_t (*) (job_t *)) get_type;
        /* same as destroy */
        this->public.job_interface.destroy_all = (void (*) (job_t *)) destroy;
-       this->public.job_interface.destroy = destroy;
+       this->public.job_interface.destroy = (void (*)(job_t *)) destroy;;
        
        /* public functions */
        this->public.get_ike_sa_id = (ike_sa_id_t * (*)(delete_half_open_ike_sa_job_t *)) get_ike_sa_id;
index ddcff4c..f2385fe 100644 (file)
@@ -278,14 +278,16 @@ static status_t process_message(private_ike_auth_requested_t *this, message_t *i
 
        this->ike_sa->set_last_replied_message_id(this->ike_sa,ike_auth_reply->get_message_id(ike_auth_reply));
        /* create new state */
-       this->ike_sa->set_new_state(this->ike_sa, (state_t*)ike_sa_established_create(this->ike_sa));
-       this->ike_sa->create_delete_established_ike_sa_job(this->ike_sa,this->sa_config->get_ike_sa_lifetime(this->sa_config));
-       this->public.state_interface.destroy(&(this->public.state_interface));
-                       
+                               
        my_host = this->ike_sa->get_my_host(this->ike_sa);
        other_host = this->ike_sa->get_other_host(this->ike_sa);
-       this->logger->log(this->logger, AUDIT, "IKE_SA established between %s - %s", 
-                                               my_host->get_address(my_host), other_host->get_address(other_host));
+       this->logger->log(this->logger, AUDIT, "IKE_SA established between %s - %s, authenticated peer with %s", 
+                                               my_host->get_address(my_host), other_host->get_address(other_host),
+                                               mapping_find(auth_method_m, auth_payload->get_auth_method(auth_payload)));
+                                               
+       this->ike_sa->create_delete_established_ike_sa_job(this->ike_sa,this->sa_config->get_ike_sa_lifetime(this->sa_config));
+       this->ike_sa->set_new_state(this->ike_sa, (state_t*)ike_sa_established_create(this->ike_sa));
+       this->public.state_interface.destroy(&(this->public.state_interface));
        return SUCCESS;
 }
 
@@ -336,7 +338,7 @@ static status_t process_sa_payload(private_ike_auth_requested_t *this, sa_payloa
        if (status != SUCCESS)
        {
                /* there are no proposals. This is possible if the requester doesn't want to setup a child sa */
-               this->logger->log(this->logger, CONTROL, "Responders SA_PAYLOAD contained no proposals, no CHILD_SA is built");
+               this->logger->log(this->logger, AUDIT, "IKE_AUH reply did not contain any proposals. Don't create CHILD_SA");
                return SUCCESS;
        }
        if (proposal_count > 1)
index c24ff5b..81b75e7 100644 (file)
@@ -651,7 +651,12 @@ static status_t process_notify_payload(private_ike_sa_init_requested_t *this, no
                        new_dh_group_priority = this->dh_group_priority + 1;
                        
                        this->public.state_interface.destroy(&(this->public.state_interface));
-                       return (initiator_init_state->retry_initiate_connection (initiator_init_state,new_dh_group_priority));
+                       if (initiator_init_state->retry_initiate_connection (initiator_init_state,new_dh_group_priority) != SUCCESS)
+                       {
+                               return DELETE_ME;
+                       }
+                       return FAILED;
+
                }
                default:
                {
index e938de3..3d8f9e0 100644 (file)
@@ -313,15 +313,15 @@ static status_t process_message(private_ike_sa_init_responded_t *this, message_t
                return DELETE_ME;
        }
        
-       /* create new state */
-       this->ike_sa->set_new_state(this->ike_sa, (state_t*)ike_sa_established_create(this->ike_sa));
+       /* create new state */my_host = this->ike_sa->get_my_host(this->ike_sa);
+       other_host = this->ike_sa->get_other_host(this->ike_sa);
+       this->logger->log(this->logger, AUDIT, "IKE_SA established between %s - %s, authenticated peer with %s", 
+                                               my_host->get_address(my_host), other_host->get_address(other_host),
+                                               mapping_find(auth_method_m, auth_request->get_auth_method(auth_request)));
+                                               
        this->ike_sa->create_delete_established_ike_sa_job(this->ike_sa,this->sa_config->get_ike_sa_lifetime(this->sa_config));
+       this->ike_sa->set_new_state(this->ike_sa, (state_t*)ike_sa_established_create(this->ike_sa));
        this->public.state_interface.destroy(&(this->public.state_interface));
-       
-       my_host = this->ike_sa->get_my_host(this->ike_sa);
-       other_host = this->ike_sa->get_other_host(this->ike_sa);
-       this->logger->log(this->logger, AUDIT, "IKE_SA established between %s - %s", 
-                                               my_host->get_address(my_host), other_host->get_address(other_host));
 
        return SUCCESS;
 }
@@ -404,6 +404,7 @@ static status_t build_sa_payload(private_ike_sa_init_responded_t *this, sa_paylo
                {
                        sa_response = sa_payload_create_from_child_proposals(proposal_chosen, 1);
                        response->add_payload(response, (payload_t*)sa_response);
+                       allocator_free(proposal_chosen);
                }
                else
                {
@@ -411,22 +412,17 @@ static status_t build_sa_payload(private_ike_sa_init_responded_t *this, sa_paylo
                        this->ike_sa->send_notify(this->ike_sa, IKE_AUTH, NO_PROPOSAL_CHOSEN, CHUNK_INITIALIZER);
                        status = DELETE_ME;     
                }
+               allocator_free(proposals);
        }
        else
        {
-               this->logger->log(this->logger, AUDIT, "IKE_AUH request did not contain any proposals. Don't create CHILD_SA.");
-/*             this->ike_sa->send_notify(this->ike_sa, IKE_AUTH, NO_PROPOSAL_CHOSEN, CHUNK_INITIALIZER);
-               status = DELETE_ME; */
+               this->logger->log(this->logger, AUDIT, "IKE_AUH request did not contain any proposals. Don't create CHILD_SA");
                sa_response = sa_payload_create();
                response->add_payload(response, (payload_t*)sa_response);
                
                status = SUCCESS;
        }
        
-       
-       allocator_free(proposal_chosen);
-       allocator_free(proposals);
-       
        return status;
 }
 
index a54b486..5ea4588 100644 (file)
@@ -557,6 +557,7 @@ responder_init_t *responder_init_create(protected_ike_sa_t *ike_sa)
        this->sent_nonce = CHUNK_INITIALIZER;
        this->received_nonce = CHUNK_INITIALIZER;
        this->dh_group_number = MODP_UNDEFINED;
+       this->diffie_hellman = NULL;
 
        return &(this->public);
 }
index a06a133..5f33d07 100644 (file)
@@ -241,13 +241,13 @@ int main()
        daemon_create();
  
        charon->logger_manager->disable_logger_level(charon->logger_manager,TESTER,FULL);
-       //charon->logger_manager->enable_logger_level(charon->logger_manager,TESTER,RAW);
+       /* charon->logger_manager->enable_logger_level(charon->logger_manager,TESTER,RAW); */
        
        tester_t *tester = tester_create(test_output, FALSE);
        
 
-//     tester->perform_tests(tester,all_tests);
-       tester->perform_test(tester,&linked_list_insert_and_remove_test); 
+       tester->perform_tests(tester,all_tests);
+       /* tester->perform_test(tester,&linked_list_insert_and_remove_test); */
        
        
        tester->destroy(tester);