- added todo's
authorJan Hutter <jhutter@hsr.ch>
Mon, 12 Dec 2005 08:44:35 +0000 (08:44 -0000)
committerJan Hutter <jhutter@hsr.ch>
Mon, 12 Dec 2005 08:44:35 +0000 (08:44 -0000)
Source/charon/config/init_config.h
Source/charon/config/sa_config.c
Source/charon/config/sa_config.h
Source/charon/daemon.c
Source/charon/encoding/payloads/sa_payload.c
Source/charon/encoding/payloads/sa_payload.h
Source/charon/sa/states/ike_sa_init_responded.c
Source/charon/testcases/testcases.c

index 02a5f7f..14ffeee 100644 (file)
@@ -37,6 +37,9 @@ typedef struct ike_proposal_t ike_proposal_t;
 /**
  * @brief Represents a Proposal used in IKE_SA_INIT phase.
  * 
+ * @todo Currently the amount of tranforms with same type in a IKE proposal is limited to 1.
+ *              Support of more transforms with same type has to be added.
+ * 
  * @ingroup config
  */
 struct ike_proposal_t {
index 9f409ec..1009c84 100644 (file)
@@ -25,6 +25,7 @@
 #include <utils/linked_list.h>
 #include <utils/allocator.h>
 #include <utils/identification.h>
+#include <utils/logger.h>
 
 typedef struct private_sa_config_t private_sa_config_t;
 
@@ -242,27 +243,56 @@ static child_proposal_t *select_proposal(private_sa_config_t *this, u_int8_t ah_
        iterator_t *iterator;
        child_proposal_t *current_proposal, *selected_proposal;
        int i;
+/*     logger_t *logger = logger_create("SA Config",FULL,FALSE,stdout); */
+       
        
        /* iterate over all stored proposals */
        iterator = this->proposals->create_iterator(this->proposals, TRUE);
        while (iterator->has_next(iterator))
        {
                iterator->current(iterator, (void**)&current_proposal);
+       /*      
+               logger->log(logger,FULL,"ESP integrity algorithm: %s, keylength: %d", mapping_find(integrity_algorithm_m,current_proposal->esp.integrity_algorithm),current_proposal->esp.integrity_algorithm_key_size);
+               logger->log(logger,FULL,"ESP diffie_hellman_group: %s", mapping_find(diffie_hellman_group_m,current_proposal->esp.diffie_hellman_group));
+               logger->log(logger,FULL,"ESP extended_sequence_numbers: %s", mapping_find(extended_sequence_numbers_m,current_proposal->esp.extended_sequence_numbers));
+               logger->log(logger,FULL,"ESP encryption_algorithm: %s keylength: %d", mapping_find(encryption_algorithm_m,current_proposal->esp.encryption_algorithm),current_proposal->esp.encryption_algorithm_key_size);
+*/
+               
+               
                /* copy and break if a proposal matches */
                for (i = 0; i < count; i++)
                {
+/*                     if (supplied[i].esp.is_set)
+                       {
+                               logger->log(logger,FULL,"ESP integrity algorithm: %s, keylength: %d", mapping_find(integrity_algorithm_m,supplied[i].esp.integrity_algorithm),supplied[i].esp.integrity_algorithm_key_size);
+                               logger->log(logger,FULL,"ESP diffie_hellman_group: %s", mapping_find(diffie_hellman_group_m,supplied[i].esp.diffie_hellman_group));
+                               logger->log(logger,FULL,"ESP extended_sequence_numbers: %s", mapping_find(extended_sequence_numbers_m,supplied[i].esp.extended_sequence_numbers));
+                               logger->log(logger,FULL,"ESP encryption_algorithm: %s keylength: %d", mapping_find(encryption_algorithm_m,supplied[i].esp.encryption_algorithm),supplied[i].esp.encryption_algorithm_key_size);
+                       }
+
+                       if (supplied[i].ah.is_set)
+                       {
+                               logger->log(logger,FULL,"AH integrity algorithm: %s, keylength: %d", mapping_find(integrity_algorithm_m,supplied[i].ah.integrity_algorithm),supplied[i].ah.integrity_algorithm_key_size);
+                               logger->log(logger,FULL,"AH diffie_hellman_group: %s", mapping_find(diffie_hellman_group_m,supplied[i].ah.diffie_hellman_group));
+                               logger->log(logger,FULL,"AH extended_sequence_numbers: %s", mapping_find(extended_sequence_numbers_m,supplied[i].ah.extended_sequence_numbers));
+                       }*/
+               
+                       
                        if (this->proposal_equals(this, &(supplied[i]), current_proposal))
                        {
                                selected_proposal = allocator_alloc(sizeof(child_proposal_t));
                                *selected_proposal = *current_proposal;
                                memcpy(selected_proposal->ah.spi, ah_spi, 4);
                                memcpy(selected_proposal->ah.spi, esp_spi, 4);
+/*                             logger->destroy(logger);*/
                                iterator->destroy(iterator);
                                return selected_proposal;
                        }
                }
        }
        iterator->destroy(iterator);
+       
+/*     logger->destroy(logger); */
        return NULL;
 }
 
index af91590..a2cc3f8 100644 (file)
@@ -42,6 +42,9 @@ typedef struct child_proposal_t child_proposal_t;
  * A proposal for a child sa contains data for 
  * AH, ESP, or both.
  * 
+ * @todo Currently the amount of tranforms with same type in a proposal is limited to 1.
+ *              Support of more transforms with same type has to be added.
+ * 
  * @ingroup config
  */
 struct child_proposal_t {
index 2d23b58..6623d57 100644 (file)
@@ -162,7 +162,7 @@ static void build_test_jobs(private_daemon_t *this)
        for(i = 0; i<1; i++)
        {
                initiate_ike_sa_job_t *initiate_job;
-               initiate_job = initiate_ike_sa_job_create("localhost");
+               initiate_job = initiate_ike_sa_job_create("pinflb30");
                this->public.event_queue->add_relative(this->public.event_queue, (job_t*)initiate_job, i * 5000);
        }
 }
index d2bfc9c..0cae894 100644 (file)
@@ -278,9 +278,8 @@ static status_t get_ike_proposals (private_sa_payload_t *this,ike_proposal_t **
                iterator->current(iterator,(void **)&(current_proposal));
                if (current_proposal->get_protocol_id(current_proposal) == IKE)
                {
-                       /* a ike proposal consists of 4 transforms and an empty spi*/
-                       if ((current_proposal->get_transform_count(current_proposal) != 4) ||
-                           (current_proposal->get_spi_size(current_proposal) != 0))
+                       /* a ike proposal consists of an empty spi*/
+                       if (current_proposal->get_spi_size(current_proposal) != 0)
                    {
                        iterator->destroy(iterator);
                        return FAILED;
@@ -445,10 +444,13 @@ static status_t get_child_proposals (private_sa_payload_t *this,child_proposal_t
        current_suite_number = 1;
        tmp_proposals[current_suite_number - 1].ah.extended_sequence_numbers = NO_EXT_SEQ_NUMBERS;
        tmp_proposals[current_suite_number - 1].ah.diffie_hellman_group = MODP_UNDEFINED;
-
+       tmp_proposals[current_suite_number - 1].ah.integrity_algorithm = AUTH_UNDEFINED;
+       tmp_proposals[current_suite_number - 1].ah.is_set = FALSE;
+       
        tmp_proposals[current_suite_number - 1].esp.integrity_algorithm = AUTH_UNDEFINED;
        tmp_proposals[current_suite_number - 1].esp.diffie_hellman_group = MODP_UNDEFINED;
        tmp_proposals[current_suite_number - 1].esp.extended_sequence_numbers = NO_EXT_SEQ_NUMBERS;
+       tmp_proposals[current_suite_number - 1].esp.is_set = FALSE;
        
        /* create from each proposal_substructure a child_proposal_t data area*/
        while (iterator->has_next(iterator))
index 1dbb5a8..8c4f5d5 100644 (file)
@@ -56,6 +56,8 @@ typedef struct sa_payload_t sa_payload_t;
  * - sa_payload_create_from_ike_proposals()
  * - sa_payload_create_from_child_proposal()
  * 
+ * @todo Add support of algorithms without specified keylength in get_child_proposals and get_ike_proposals.
+ * 
  * @ingroup payloads
  */
 struct sa_payload_t {
index 9e4efaf..e938de3 100644 (file)
@@ -447,7 +447,8 @@ static status_t build_auth_payload(private_ike_sa_init_responded_t *this, auth_p
        if (status != SUCCESS)
        {
                this->logger->log(this->logger, AUDIT, "IKE_AUTH request verification failed. Deleting IKE_SA");
-               this->ike_sa->send_notify(this->ike_sa, IKE_AUTH, AUTHENTICATION_FAILED, CHUNK_INITIALIZER);            
+               this->ike_sa->send_notify(this->ike_sa, IKE_AUTH, AUTHENTICATION_FAILED, CHUNK_INITIALIZER);
+               authenticator->destroy(authenticator);
                return DELETE_ME;
        }
                
@@ -522,11 +523,6 @@ static status_t process_notify_payload(private_ike_sa_init_responded_t *this, no
                                          mapping_find(notify_message_type_m, notify_message_type),
                                          mapping_find(protocol_id_m, notify_payload->get_protocol_id(notify_payload)));
                                          
-       if (notify_payload->get_protocol_id(notify_payload) != IKE)
-       {
-               this->logger->log(this->logger, AUDIT, "IKE_AUTH request contained a notify for an invalid protocol.");
-               return DELETE_ME;       
-       }
        switch (notify_message_type)
        {
                case SET_WINDOW_SIZE:
index 2db6b23..a06a133 100644 (file)
@@ -246,8 +246,8 @@ int main()
        tester_t *tester = tester_create(test_output, FALSE);
        
 
-       tester->perform_tests(tester,all_tests);
-//     tester->perform_test(tester,&rsa_test); 
+//     tester->perform_tests(tester,all_tests);
+       tester->perform_test(tester,&linked_list_insert_and_remove_test); 
        
        
        tester->destroy(tester);