- configuration_manager replaced by configuration_t interface
authorMartin Willi <martin@strongswan.org>
Tue, 7 Mar 2006 09:42:15 +0000 (09:42 -0000)
committerMartin Willi <martin@strongswan.org>
Tue, 7 Mar 2006 09:42:15 +0000 (09:42 -0000)
- current configuration_manager is now static_configuration (testing)
- first draft of starter_configuration, which should once interact with ipsec starter (via whack?)
- some cleanups
- socket_t uses RAW socket, which allows parallel service of pluto/charon

45 files changed:
Source/charon/config/Makefile.config
Source/charon/config/configuration.h [new file with mode: 0755]
Source/charon/config/configuration_manager.c [deleted file]
Source/charon/config/configuration_manager.h [deleted file]
Source/charon/config/proposal.h
Source/charon/config/sa_config.h
Source/charon/config/starter_configuration.c [new file with mode: 0755]
Source/charon/config/starter_configuration.h [new file with mode: 0644]
Source/charon/config/static_configuration.c [new file with mode: 0755]
Source/charon/config/static_configuration.h [new file with mode: 0644]
Source/charon/daemon.c
Source/charon/daemon.h
Source/charon/encoding/payloads/auth_payload.h
Source/charon/encoding/payloads/cert_payload.h
Source/charon/encoding/payloads/certreq_payload.h
Source/charon/encoding/payloads/configuration_attribute.h
Source/charon/encoding/payloads/delete_payload.h
Source/charon/encoding/payloads/eap_payload.h
Source/charon/encoding/payloads/id_payload.h
Source/charon/encoding/payloads/nonce_payload.h
Source/charon/encoding/payloads/notify_payload.h
Source/charon/encoding/payloads/traffic_selector_substructure.h
Source/charon/encoding/payloads/transform_attribute.h
Source/charon/encoding/payloads/ts_payload.h
Source/charon/encoding/payloads/vendor_id_payload.h
Source/charon/network/socket.c
Source/charon/network/socket.h
Source/charon/sa/authenticator.c
Source/charon/sa/authenticator.h
Source/charon/sa/ike_sa.c
Source/charon/sa/ike_sa.h
Source/charon/sa/states/ike_sa_init_requested.c
Source/charon/sa/states/ike_sa_init_responded.c
Source/charon/sa/states/initiator_init.c
Source/charon/sa/states/responder_init.c
Source/charon/testcases/testcases.c
Source/charon/threads/kernel_interface.c
Source/charon/threads/thread_pool.c
Source/charon/transforms/crypters/crypter.h
Source/charon/transforms/diffie_hellman.h
Source/charon/transforms/prf_plus.h
Source/charon/transforms/prfs/prf.h
Source/charon/transforms/signers/signer.h
Source/charon/utils/logger_manager.c
Source/charon/utils/logger_manager.h

index 7189d40..f4786be 100644 (file)
@@ -15,9 +15,6 @@
 CONFIG_DIR= $(MAIN_DIR)config/
 
 
-OBJS+= $(BUILD_DIR)configuration_manager.o
-$(BUILD_DIR)configuration_manager.o :          $(CONFIG_DIR)configuration_manager.c $(CONFIG_DIR)configuration_manager.h
-                                                                                       $(CC) $(CFLAGS) -c -o $@ $<
                                                
 OBJS+= $(BUILD_DIR)init_config.o
 $(BUILD_DIR)init_config.o :                                    $(CONFIG_DIR)init_config.c $(CONFIG_DIR)init_config.h
@@ -34,3 +31,11 @@ $(BUILD_DIR)traffic_selector.o :                     $(CONFIG_DIR)traffic_selector.c $(CONFIG_DIR)
 OBJS+= $(BUILD_DIR)proposal.o
 $(BUILD_DIR)proposal.o :                                       $(CONFIG_DIR)proposal.c $(CONFIG_DIR)proposal.h
                                                                                        $(CC) $(CFLAGS) -c -o $@ $<
+
+OBJS+= $(BUILD_DIR)static_configuration.o
+$(BUILD_DIR)static_configuration.o :           $(CONFIG_DIR)static_configuration.c $(CONFIG_DIR)static_configuration.h
+                                                                                       $(CC) $(CFLAGS) -c -o $@ $<
+
+OBJS+= $(BUILD_DIR)starter_configuration.o
+$(BUILD_DIR)starter_configuration.o :          $(CONFIG_DIR)starter_configuration.c $(CONFIG_DIR)starter_configuration.h
+                                                                                       $(CC) $(CFLAGS) -c -o $@ $<
\ No newline at end of file
diff --git a/Source/charon/config/configuration.h b/Source/charon/config/configuration.h
new file mode 100755 (executable)
index 0000000..8aa85bb
--- /dev/null
@@ -0,0 +1,208 @@
+/**
+ * @file configuration.h
+ * 
+ * @brief Interface configuration_t.
+ *  
+ */
+
+/*
+ * Copyright (C) 2005 Jan Hutter, Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#ifndef CONFIGURATION_H_
+#define CONFIGURATION_H_
+
+#include <types.h>
+#include <config/init_config.h>
+#include <config/sa_config.h>
+#include <transforms/rsa/rsa_private_key.h>
+#include <transforms/rsa/rsa_public_key.h>
+
+
+typedef struct configuration_t configuration_t;
+
+/**
+ * @brief The interface for a configuration backend.
+ * 
+ * Multiple backends for the configuration are conceivable:
+ * - ipsec starter from pluto
+ * - own file backend
+ * - multiple database backends
+ * - LDAP backend?
+ * 
+ * @b Constructors:
+ *     - configuration_create()
+ * 
+ * @ingroup config
+ */
+struct configuration_t { 
+
+       /**
+        * @brief Returns the configuration information needed for IKE_SA_INIT exchange 
+        * for a specific configuration name.
+        * 
+        * The returned init_config_t object MUST NOT be destroyed cause it's managed by 
+        * this configuration_t object.
+        * 
+        * @param this                          calling object
+        * @param name                          name of the configuration
+        * @param[out] init_config      the init_config_t object is stored at this location
+        * 
+        * @return              
+        *                                                      - NOT_FOUND
+        *                                                      - SUCCESS
+        */
+       status_t (*get_init_config_for_name) (configuration_t *this, char *name, init_config_t **init_config);
+
+       /**
+        * @brief Returns the configuration information needed for IKE_SA_INIT exchange 
+        * for specific host informations.
+        * 
+        * The returned init_config_t object MUST NOT be destroyed cause it's managed by 
+        * this configuration_t object.
+        * 
+        * @param this                          calling object
+        * @param my_host                       my host informations
+        * @param other_host            other host informations
+        * @param[out] init_config      the init_config_t object is stored at this location
+        * 
+        * @return              
+        *                                                      - NOT_FOUND
+        *                                                      - SUCCESS
+        */     
+       status_t (*get_init_config_for_host) (configuration_t *this, host_t *my_host, host_t *other_host,init_config_t **init_config);
+       
+       /**
+        * @brief Returns the configuration information needed after IKE_SA_INIT exchange 
+        * for a specific configuration name.
+        * 
+        * The returned sa_config_t object MUST NOT be destroyed cause it's managed by 
+        * this configuration_t object.
+        * 
+        * @param this                          calling object
+        * @param name                          name of the configuration
+        * @param[out] sa_config        the sa_config_t object is stored at this location
+        * 
+        * @return              
+        *                              - NOT_FOUND
+        *                              - SUCCESS
+        */
+       status_t (*get_sa_config_for_name) (configuration_t *this, char *name, sa_config_t **sa_config);
+       
+       /**
+        * @brief Returns the configuration information needed after IKE_SA_INIT exchange 
+        * for specific init_config_t and ID data.
+        * 
+        * The returned sa_config_t object MUST NOT be destroyed cause it's managed by 
+        * this configuration_t object.
+        * 
+        * @param this                          calling object
+        * @param init_config           init_config_t object
+        * @param other_id                      identification of other one
+        * @param my_id                         my identification (can be NULL)
+        * @param[out] sa_config        the sa_config_t object is stored at this location
+        * 
+        * @return              
+        *                                                      - NOT_FOUND
+        *                                                      - SUCCESS
+        */     
+       status_t (*get_sa_config_for_init_config_and_id) (configuration_t *this, init_config_t *init_config, identification_t *other_id, identification_t *my_id,sa_config_t **sa_config);
+
+       /**
+        * @brief Returns the retransmit timeout.
+        * 
+        * The timeout values are managed by the configuration.
+        * 
+        * @param this                          calling object
+        * @param retransmit_count      number of times a message was retransmitted so far
+        * @param[out] timeout          the new retransmit timeout in milliseconds
+        * 
+        * @return              
+        *                                                      - FAILED, if the message should not be retransmitted
+        *                                                      - SUCCESS
+        */
+       status_t (*get_retransmit_timeout) (configuration_t *this, u_int32_t retransmit_count, u_int32_t *timeout);
+       
+       /**
+        * @brief Returns the timeout for an half open IKE_SA in ms.
+        * 
+        * Half open means that the IKE_SA is still in one of the following states:
+        *  - INITIATOR_INIT
+        *  - RESPONDER_INIT
+        *  - IKE_SA_INIT_REQUESTED
+        *  - IKE_SA_INIT_RESPONDED
+        *  - IKE_AUTH_REQUESTED
+        * 
+        * @param this                          calling object
+        * @return                                      timeout in milliseconds (ms)
+        */     
+       u_int32_t (*get_half_open_ike_sa_timeout) (configuration_t *this);
+       
+       /**
+        * @brief Returns the preshared secret of a specific ID.
+        * 
+        * The returned preshared secret MUST NOT be destroyed cause it's managed by 
+        * this configuration_t object.
+        * 
+        * @param this                                  calling object
+        * @param identification                identification_t object identifiying the ID.
+        * @param[out] preshared_secret the preshared secret will be written there.
+        * 
+        * @return              
+        *                                                              - NOT_FOUND     if no preshared secrets for specific ID could be found
+        *                                                              - SUCCESS
+        */     
+       status_t (*get_shared_secret) (configuration_t *this, identification_t *identification, chunk_t *preshared_secret);
+       
+       /**
+        * @brief Returns the RSA public key of a specific ID.
+        * 
+        * The returned rsa_public_key_t object MUST NOT be destroyed cause it's managed by 
+        * this configuration_t object.
+        * 
+        * @param this                                  calling object
+        * @param identification                identification_t object identifiying the ID.
+        * @param[out] public_key               the public key will be written there
+        * 
+        * @return              
+        *                                                              - NOT_FOUND     if no key is configured for specific id
+        *                                                              - SUCCESS
+        */     
+       status_t (*get_rsa_public_key) (configuration_t *this, identification_t *identification, rsa_public_key_t **public_key);
+       
+       /**
+        * @brief Returns the RSA private key of a specific ID.
+        * 
+        * The returned rsa_private_key_t object MUST NOT be destroyed cause it's managed by 
+        * this configuration_t object.
+        * 
+        * @param this                                  calling object
+        * @param identification                identification_t object identifiying the ID.
+        * @param[out] private_key              the private key will be written there
+        * 
+        * @return              
+        *                                                              - NOT_FOUND     if no key is configured for specific id
+        *                                                              - SUCCESS
+        */     
+       status_t (*get_rsa_private_key) (configuration_t *this, identification_t *identification, rsa_private_key_t **private_key);
+
+       /**
+        * @brief Destroys a configuration_t object.
+        * 
+        * @param this                                  calling object
+        */
+       void (*destroy) (configuration_t *this);
+};
+
+#endif /*CONFIGURATION_H_*/
diff --git a/Source/charon/config/configuration_manager.c b/Source/charon/config/configuration_manager.c
deleted file mode 100644 (file)
index d7191b8..0000000
+++ /dev/null
@@ -1,1039 +0,0 @@
-/**
- * @file configuration_manager.c
- * 
- * @brief Implementation of configuration_manager_t.
- * 
- */
-
-/*
- * Copyright (C) 2005 Jan Hutter, Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include <stdlib.h>
-
-#include "configuration_manager.h"
-
-#include <types.h>
-#include <daemon.h>
-#include <utils/allocator.h>
-
-
-typedef struct preshared_secret_entry_t preshared_secret_entry_t;
-
-/**
- * A preshared secret entry combines an identifier and a 
- * preshared secret.
- */
-struct preshared_secret_entry_t {
-
-       /**
-        * Identification.
-        */
-       identification_t *identification;
-       
-       /**
-        * Preshared secret as chunk_t. The NULL termination is not included.
-        */     
-       chunk_t preshared_secret;
-};
-
-
-typedef struct rsa_private_key_entry_t rsa_private_key_entry_t;
-
-/**
- * Entry for a rsa private key.
- */
-struct rsa_private_key_entry_t {
-
-       /**
-        * Identification.
-        */
-       identification_t *identification;
-       
-       /**
-        * Private key.
-        */     
-       rsa_private_key_t* private_key;
-};
-
-typedef struct rsa_public_key_entry_t rsa_public_key_entry_t;
-
-/**
- * Entry for a rsa private key.
- */
-struct rsa_public_key_entry_t {
-
-       /**
-        * Identification.
-        */
-       identification_t *identification;
-       
-       /**
-        * Private key.
-        */     
-       rsa_public_key_t* public_key;
-};
-
-typedef struct configuration_entry_t configuration_entry_t;
-
-/* A configuration entry combines a configuration name with a init and sa 
- * configuration represented as init_config_t and sa_config_t objects.
- * 
- * @b Constructors:
- *  - configuration_entry_create()
- */
-struct configuration_entry_t {
-       
-       /**
-        * Configuration name.
-        * 
-        */
-       char *name;
-       
-       /**
-        * Configuration for IKE_SA_INIT exchange.
-        */
-       init_config_t *init_config;
-
-       /**
-        * Configuration for all phases after IKE_SA_INIT exchange.
-        */
-       sa_config_t *sa_config;
-       
-       /**
-        * Destroys a configuration_entry_t
-        * 
-        * @param this                          calling object
-        */
-       void (*destroy) (configuration_entry_t *this);
-};
-
-/**
- * Implementation of configuration_entry_t.destroy.
- */
-static void configuration_entry_destroy (configuration_entry_t *this)
-{
-       allocator_free(this->name);
-       allocator_free(this);
-}
-
-/**
- * @brief Creates a configuration_entry_t object.
- * 
- * @param name                         name of the configuration entry (gets copied)
- * @param init_config  object of type init_config_t
- * @param sa_config            object of type sa_config_t
- */
-configuration_entry_t * configuration_entry_create(char * name, init_config_t * init_config, sa_config_t * sa_config)
-{
-       configuration_entry_t *entry = allocator_alloc_thing(configuration_entry_t);
-
-       /* functions */
-       entry->destroy = configuration_entry_destroy;
-
-       /* private data */
-       entry->init_config = init_config;
-       entry->sa_config = sa_config;
-       entry->name = allocator_alloc(strlen(name) + 1);
-       strcpy(entry->name,name);
-       return entry;
-}
-
-typedef struct private_configuration_manager_t private_configuration_manager_t;
-
-/**
- * Private data of an configuration_manager_t object.
- */
-struct private_configuration_manager_t {
-
-       /**
-        * Public part of configuration_manager_t object.
-        */
-       configuration_manager_t public;
-
-       /**
-        * Holding all configurations.
-        */
-       linked_list_t *configurations;
-
-       /**
-        * Holding all managed init_configs.
-        */
-       linked_list_t *init_configs;
-
-       /**
-        * Holding all managed init_configs.
-        */
-       linked_list_t *sa_configs;
-       
-       /**
-        * Holding all managed preshared secrets.
-        */
-       linked_list_t *preshared_secrets;
-       
-       /**
-        * Holding all managed private secrets.
-        */
-       linked_list_t *rsa_private_keys;
-       
-       /**
-        * Holding all managed public secrets.
-        */
-       linked_list_t *rsa_public_keys;
-
-       /**
-        * Assigned logger_t object.
-        */
-       logger_t *logger;
-       
-       /**
-        * Max number of requests to be retransmitted.
-        * 0 for infinite.
-        */     
-       u_int32_t max_retransmit_count;
-       
-       /**
-        * First retransmit timeout in ms.
-        */
-       u_int32_t first_retransmit_timeout;
-       
-       /**
-        * Timeout in ms after that time a IKE_SA gets deleted.
-        */
-       u_int32_t half_open_ike_sa_timeout;
-
-       /**
-        * Adds a new IKE_SA configuration.
-        * 
-        * @param this                          calling object
-        * @param name                          name for the configuration
-        * @param init_config           init_config_t object
-        * @param sa_config                     sa_config_t object
-        */
-       void (*add_new_configuration) (private_configuration_manager_t *this, char *name, init_config_t *init_config, sa_config_t *sa_config);
-       
-       /**
-        * Adds a new preshared secret.
-        * 
-        * @param this                          calling object
-        * @param type                          type of identification
-        * @param id_string                     identification as string
-        * @param preshared_secret      preshared secret as string
-        */
-       void (*add_new_preshared_secret) (private_configuration_manager_t *this,id_type_t type, char *id_string, char *preshared_secret);
-       
-       /**
-        * Adds a new rsa private key.
-        * 
-        * @param this                          calling object
-        * @param type                          type of identification
-        * @param id_string                     identification as string
-        * @param key_pos                       location of key
-        * @param key_len                       length of key
-        */
-       void (*add_new_rsa_private_key) (private_configuration_manager_t *this,id_type_t type, char *id_string, u_int8_t *key_pos, size_t key_len);
-       
-       /**
-        * Adds a new rsa public key.
-        * 
-        * @param this                          calling object
-        * @param type                          type of identification
-        * @param id_string                     identification as string
-        * @param key_pos                       location of key
-        * @param key_len                       length of key
-        */
-       void (*add_new_rsa_public_key) (private_configuration_manager_t *this,id_type_t type, char *id_string, u_int8_t *key_pos, size_t key_len);
-       
-       /**
-        * Load default configuration.
-        * 
-        * @param this                          calling object
-        */
-       void (*load_default_config) (private_configuration_manager_t *this);
-};
-
-
-u_int8_t public_key_1[];
-u_int8_t private_key_1[];
-u_int8_t public_key_2[];
-u_int8_t private_key_2[];
-
-/**
- * Implementation of private_configuration_manager_t.load_default_config.
- */
-static void load_default_config (private_configuration_manager_t *this)
-{
-       init_config_t *init_config_a, *init_config_b;
-       proposal_t *proposal;
-       sa_config_t *sa_config_a, *sa_config_b;
-       traffic_selector_t *ts;
-       
-       init_config_a = init_config_create("192.168.0.1","192.168.0.2",IKEV2_UDP_PORT,IKEV2_UDP_PORT);
-       init_config_b = init_config_create("192.168.0.2","192.168.0.1",IKEV2_UDP_PORT,IKEV2_UDP_PORT);
-       
-       /* IKE proposals for alice */
-       proposal = proposal_create(1);
-       proposal->add_algorithm(proposal, IKE, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
-       proposal->add_algorithm(proposal, IKE, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0);
-       proposal->add_algorithm(proposal, IKE, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
-       proposal->add_algorithm(proposal, IKE, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 0);
-       proposal->add_algorithm(proposal, IKE, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
-       proposal->add_algorithm(proposal, IKE, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0);
-       init_config_a->add_proposal(init_config_a, proposal);
-       
-       /* IKE proposals for bob */
-       proposal = proposal_create(1);
-       proposal->add_algorithm(proposal, IKE, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
-       proposal->add_algorithm(proposal, IKE, ENCRYPTION_ALGORITHM, ENCR_3DES, 0);
-       proposal->add_algorithm(proposal, IKE, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
-       proposal->add_algorithm(proposal, IKE, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 0);
-       proposal->add_algorithm(proposal, IKE, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0);
-       init_config_b->add_proposal(init_config_b, proposal);
-       
-       sa_config_a = sa_config_create(ID_IPV4_ADDR, "192.168.0.1", 
-                                                                ID_IPV4_ADDR, "192.168.0.2",
-                                                                RSA_DIGITAL_SIGNATURE,
-                                                                30000);
-                                                                 
-       sa_config_b = sa_config_create(ID_IPV4_ADDR, "192.168.0.2", 
-                                                                ID_IPV4_ADDR, "192.168.0.1",
-                                                                RSA_DIGITAL_SIGNATURE,
-                                                                30000);
-       
-       /* traffic selectors alice */
-       ts = traffic_selector_create_from_string(0, TS_IPV4_ADDR_RANGE, "10.1.0.0", 0, "10.1.255.255", 65535);
-       sa_config_a->add_my_traffic_selector(sa_config_a,ts);
-       ts = traffic_selector_create_from_string(0, TS_IPV4_ADDR_RANGE, "10.2.0.0", 0, "10.2.255.255", 65535);
-       sa_config_a->add_other_traffic_selector(sa_config_a,ts);
-       
-       /* traffic selectors bob */
-       ts = traffic_selector_create_from_string(0, TS_IPV4_ADDR_RANGE, "10.2.0.0", 0, "10.2.255.255", 65535);
-       sa_config_b->add_my_traffic_selector(sa_config_b,ts);
-       ts = traffic_selector_create_from_string(0, TS_IPV4_ADDR_RANGE, "10.1.0.0", 0, "10.1.255.255", 65535);
-       sa_config_b->add_other_traffic_selector(sa_config_b,ts);
-       
-       /* child proposal for alice */
-       proposal = proposal_create(1);
-       
-//     proposal->add_algorithm(proposal, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
-//     proposal->add_algorithm(proposal, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0);
-//     proposal->add_algorithm(proposal, AH, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
-//     proposal->add_algorithm(proposal, AH, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0);
-//     proposal->add_algorithm(proposal, AH, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
-
-       proposal->add_algorithm(proposal, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
-       proposal->add_algorithm(proposal, ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
-       proposal->add_algorithm(proposal, ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0);
-//     proposal->add_algorithm(proposal, ESP, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0);
-//     proposal->add_algorithm(proposal, ESP, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
-//     proposal->add_algorithm(proposal, ESP, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
-       
-       sa_config_a->add_proposal(sa_config_a, proposal);
-       
-       /* child proposal for bob */
-       proposal = proposal_create(1);
-       
-//     proposal->add_algorithm(proposal, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
-//     proposal->add_algorithm(proposal, AH, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0);
-//     proposal->add_algorithm(proposal, AH, INTEGRITY_ALGORITHM, AUTH_DES_MAC, 0);
-//     proposal->add_algorithm(proposal, AH, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
-//     proposal->add_algorithm(proposal, AH, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
-
-       proposal->add_algorithm(proposal, ESP, ENCRYPTION_ALGORITHM, ENCR_3DES, 0);
-       proposal->add_algorithm(proposal, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
-       proposal->add_algorithm(proposal, ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
-//     proposal->add_algorithm(proposal, ESP, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
-//     proposal->add_algorithm(proposal, ESP, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
-       
-       sa_config_b->add_proposal(sa_config_b, proposal);
-       
-       
-       
-
-       this->add_new_configuration(this,"sun",init_config_a,sa_config_a);
-       this->add_new_configuration(this,"moon",init_config_b,sa_config_b);
-       
-
-       //this->add_new_preshared_secret(this,ID_IPV4_ADDR, "192.168.1.2","verschluesselt");
-       
-       this->add_new_rsa_public_key(this,ID_IPV4_ADDR, "192.168.0.1", public_key_1, 256);
-       this->add_new_rsa_public_key(this,ID_IPV4_ADDR, "192.168.0.2", public_key_2, 256);
-       this->add_new_rsa_private_key(this,ID_IPV4_ADDR, "192.168.0.1", private_key_1, 1024);
-       this->add_new_rsa_private_key(this,ID_IPV4_ADDR, "192.168.0.2", private_key_2, 1024);
-}
-
-/**
- * Implementation of configuration_manager_t.get_init_config_for_host.
- */
-static status_t get_init_config_for_host (private_configuration_manager_t *this, host_t *my_host, host_t *other_host,init_config_t **init_config)
-{
-       iterator_t *iterator;
-       status_t status = NOT_FOUND;
-       
-       iterator = this->configurations->create_iterator(this->configurations,TRUE);
-       
-       this->logger->log(this->logger, CONTROL|LEVEL1, "getting config for hosts %s - %s", 
-                                               my_host->get_address(my_host), other_host->get_address(other_host));
-       
-       while (iterator->has_next(iterator))
-       {
-               configuration_entry_t *entry;
-               host_t *config_my_host;
-               host_t *config_other_host;
-               
-               iterator->current(iterator,(void **) &entry);
-
-               config_my_host = entry->init_config->get_my_host(entry->init_config);
-               config_other_host = entry->init_config->get_other_host(entry->init_config);
-
-               /* first check if ip is equal */
-               if(config_other_host->ip_is_equal(config_other_host,other_host))
-               {
-                       this->logger->log(this->logger, CONTROL|LEVEL2, "config entry with remote host %s", 
-                                               config_other_host->get_address(config_other_host));
-                       /* could be right one, check my_host for default route*/
-                       if (config_my_host->is_default_route(config_my_host))
-                       {
-                               *init_config = entry->init_config;
-                               status = SUCCESS;
-                               break;
-                       }
-                       /* check now if host informations are the same */
-                       else if (config_my_host->ip_is_equal(config_my_host,my_host))
-                       {
-                               *init_config = entry->init_config;
-                               status = SUCCESS;
-                               break;
-                       }
-                       
-               }
-               /* Then check for wildcard hosts!
-                * TODO
-                * actually its only checked if other host with default route can be found! */
-               else if (config_other_host->is_default_route(config_other_host))
-               {
-                       /* could be right one, check my_host for default route*/
-                       if (config_my_host->is_default_route(config_my_host))
-                       {
-                               *init_config = entry->init_config;
-                               status = SUCCESS;
-                               break;
-                       }
-                       /* check now if host informations are the same */
-                       else if (config_my_host->ip_is_equal(config_my_host,my_host))
-                       {
-                               *init_config = entry->init_config;
-                               status = SUCCESS;
-                               break;
-                       }
-               }
-       }
-       
-       iterator->destroy(iterator);
-       
-       return status;
-}
-
-/**
- * Implementation of configuration_manager_t.get_init_config_for_name.
- */
-static status_t get_init_config_for_name (private_configuration_manager_t *this, char *name, init_config_t **init_config)
-{
-       iterator_t *iterator;
-       status_t status = NOT_FOUND;
-       
-       iterator = this->configurations->create_iterator(this->configurations,TRUE);
-       
-       while (iterator->has_next(iterator))
-       {
-               configuration_entry_t *entry;
-               iterator->current(iterator,(void **) &entry);
-
-               if (strcmp(entry->name,name) == 0)
-               {
-
-                       /* found configuration */
-                       *init_config = entry->init_config;
-                       status = SUCCESS;
-                       break;
-               }
-       }
-       
-       iterator->destroy(iterator);
-       
-       return status;
-}
-       
-/**
- * Implementation of configuration_manager_t.get_sa_config_for_name.
- */
-static status_t get_sa_config_for_name (private_configuration_manager_t *this, char *name, sa_config_t **sa_config)
-{
-       iterator_t *iterator;
-       status_t status = NOT_FOUND;
-       
-       iterator = this->configurations->create_iterator(this->configurations,TRUE);
-       
-       while (iterator->has_next(iterator))
-       {
-               configuration_entry_t *entry;
-               iterator->current(iterator,(void **) &entry);
-
-               if (strcmp(entry->name,name) == 0)
-               {
-                       /* found configuration */
-                       *sa_config = entry->sa_config;
-                       status = SUCCESS;
-                       break;
-               }
-       }
-       
-       iterator->destroy(iterator);
-       
-       return status;
-}
-
-/**
- * Implementation of configuration_manager_t.get_sa_config_for_init_config_and_id.
- */
-static status_t get_sa_config_for_init_config_and_id (private_configuration_manager_t *this, init_config_t *init_config, identification_t *other_id, identification_t *my_id,sa_config_t **sa_config)
-{      
-       iterator_t *iterator;
-       status_t status = NOT_FOUND;
-       
-       iterator = this->configurations->create_iterator(this->configurations,TRUE);
-       
-       while (iterator->has_next(iterator))
-       {
-               configuration_entry_t *entry;
-               iterator->current(iterator,(void **) &entry);
-
-               if (entry->init_config == init_config)
-               {
-                       identification_t *config_my_id = entry->sa_config->get_my_id(entry->sa_config);
-                       identification_t *config_other_id = entry->sa_config->get_other_id(entry->sa_config);
-
-                       /* host informations seem to be the same */
-                       if (config_other_id->equals(config_other_id,other_id))
-                       {
-                               /* other ids seems to match */
-                               
-                               if (my_id == NULL)
-                               {
-                                       /* first matching one is selected */
-                                       
-                                       /* TODO priorize found entries */
-                                       *sa_config = entry->sa_config;
-                                       status = SUCCESS;
-                                       break;
-                               }
-
-                               if (config_my_id->equals(config_my_id,my_id))
-                               {
-                                       *sa_config = entry->sa_config;
-                                       status = SUCCESS;
-                                       break;
-                               }
-
-                       }
-               }
-       }
-       
-       iterator->destroy(iterator);
-       
-       return status;
-}
-
-/**
- * Implementation of private_configuration_manager_t.add_new_configuration.
- */
-static void add_new_configuration (private_configuration_manager_t *this, char *name, init_config_t *init_config, sa_config_t *sa_config)
-{
-       iterator_t *iterator;
-       bool found;
-       
-       iterator = this->init_configs->create_iterator(this->init_configs,TRUE);
-       found = FALSE;
-       while (iterator->has_next(iterator))
-       {
-               init_config_t *found_init_config;
-               iterator->current(iterator,(void **) &found_init_config);
-               if (init_config == found_init_config)
-               {
-                       found = TRUE;
-                       break;
-               }
-       }
-       iterator->destroy(iterator);
-       if (!found)
-       {
-               this->init_configs->insert_first(this->init_configs,init_config);
-       }
-       
-       iterator = this->sa_configs->create_iterator(this->sa_configs,TRUE);
-       found = FALSE;
-       while (iterator->has_next(iterator))
-       {
-               sa_config_t *found_sa_config;
-               iterator->current(iterator,(void **) &found_sa_config);
-               if (sa_config == found_sa_config)
-               {
-                       found = TRUE;
-                       break;
-               }
-       }
-       iterator->destroy(iterator);
-       if (!found)
-       {
-               this->sa_configs->insert_first(this->sa_configs,sa_config);
-       }
-
-       this->configurations->insert_last(this->configurations,configuration_entry_create(name,init_config,sa_config));
-}
-
-/**
- * Implementation of private_configuration_manager_t.add_new_preshared_secret.
- */
-static void add_new_preshared_secret (private_configuration_manager_t *this,id_type_t type, char *id_string, char *preshared_secret)
-{
-       preshared_secret_entry_t *entry = allocator_alloc_thing(preshared_secret_entry_t);
-       
-       entry->identification = identification_create_from_string(type,id_string);
-       entry->preshared_secret.len = strlen(preshared_secret) + 1;
-       entry->preshared_secret.ptr = allocator_alloc(entry->preshared_secret.len);
-       memcpy(entry->preshared_secret.ptr,preshared_secret,entry->preshared_secret.len);
-       
-       this->preshared_secrets->insert_last(this->preshared_secrets,entry);
-}
-
-/**
- * Implementation of private_configuration_manager_t.add_new_preshared_secret.
- */
-static void add_new_rsa_public_key (private_configuration_manager_t *this, id_type_t type, char *id_string, u_int8_t* key_pos, size_t key_len)
-{
-       chunk_t key;
-       key.ptr = key_pos;
-       key.len = key_len;
-       
-       rsa_public_key_entry_t *entry = allocator_alloc_thing(rsa_public_key_entry_t);
-       
-       entry->identification = identification_create_from_string(type,id_string);
-       entry->public_key = rsa_public_key_create();
-       entry->public_key->set_key(entry->public_key, key);
-       
-       this->rsa_public_keys->insert_last(this->rsa_public_keys, entry);
-}
-
-/**
- * Implementation of private_configuration_manager_t.add_new_preshared_secret.
- */
-static void add_new_rsa_private_key (private_configuration_manager_t *this, id_type_t type, char *id_string, u_int8_t* key_pos, size_t key_len)
-{
-       chunk_t key;
-       key.ptr = key_pos;
-       key.len = key_len;
-       
-       rsa_private_key_entry_t *entry = allocator_alloc_thing(rsa_private_key_entry_t);
-       
-       entry->identification = identification_create_from_string(type,id_string);
-       entry->private_key = rsa_private_key_create();
-       entry->private_key->set_key(entry->private_key, key);
-       
-       this->rsa_private_keys->insert_last(this->rsa_private_keys, entry);
-}
-
-/**
- * Implementation of configuration_manager_t.get_shared_secret.
- */
-static status_t get_shared_secret(private_configuration_manager_t *this, identification_t *identification, chunk_t *preshared_secret)
-{
-       iterator_t *iterator;
-       
-       iterator = this->preshared_secrets->create_iterator(this->preshared_secrets,TRUE);
-       while (iterator->has_next(iterator))
-       {
-               preshared_secret_entry_t *entry;
-               iterator->current(iterator,(void **) &entry);
-               if (entry->identification->equals(entry->identification,identification))
-               {
-                       *preshared_secret = entry->preshared_secret;
-                       iterator->destroy(iterator);
-                       return SUCCESS;
-               }
-       }
-       iterator->destroy(iterator);
-       return NOT_FOUND;
-}
-
-/**
- * Implementation of configuration_manager_t.get_shared_secret.
- */
-static status_t get_rsa_public_key(private_configuration_manager_t *this, identification_t *identification, rsa_public_key_t **public_key)
-{
-       iterator_t *iterator;
-       
-       iterator = this->rsa_public_keys->create_iterator(this->rsa_public_keys,TRUE);
-       while (iterator->has_next(iterator))
-       {
-               rsa_public_key_entry_t *entry;
-               iterator->current(iterator,(void **) &entry);
-               if (entry->identification->equals(entry->identification,identification))
-               {
-                       *public_key = entry->public_key;
-                       iterator->destroy(iterator);
-                       return SUCCESS;
-               }
-       }
-       iterator->destroy(iterator);
-       return NOT_FOUND;
-}
-
-/**
- * Implementation of configuration_manager_t.get_shared_secret.
- */
-static status_t get_rsa_private_key(private_configuration_manager_t *this, identification_t *identification, rsa_private_key_t **private_key)
-{
-       iterator_t *iterator;
-       
-       iterator = this->rsa_private_keys->create_iterator(this->rsa_private_keys,TRUE);
-       while (iterator->has_next(iterator))
-       {
-               rsa_private_key_entry_t *entry;
-               iterator->current(iterator,(void **) &entry);
-               if (entry->identification->equals(entry->identification,identification))
-               {
-                       *private_key = entry->private_key;
-                       iterator->destroy(iterator);
-                       return SUCCESS;
-               }
-       }
-       iterator->destroy(iterator);
-       return NOT_FOUND;
-}
-
-/**
- * Implementation of configuration_manager_t.get_retransmit_timeout.
- */
-static status_t get_retransmit_timeout (private_configuration_manager_t *this, u_int32_t retransmit_count, u_int32_t *timeout)
-{
-       int new_timeout = this->first_retransmit_timeout, i;
-       if ((retransmit_count > this->max_retransmit_count) && (this->max_retransmit_count != 0))
-       {
-               return FAILED;
-       }
-       
-
-       for (i = 0; i < retransmit_count; i++)
-       {
-               new_timeout *= 2;
-       }
-       
-       *timeout = new_timeout;
-       
-       return SUCCESS;
-}
-
-/**
- * Implementation of configuration_manager_t.get_half_open_ike_sa_timeout.
- */
-static u_int32_t get_half_open_ike_sa_timeout (private_configuration_manager_t *this)
-{
-       return this->half_open_ike_sa_timeout;
-}
-
-/**
- * Implementation of configuration_manager_t.destroy.
- */
-static void destroy(private_configuration_manager_t *this)
-{
-       this->logger->log(this->logger,CONTROL | LEVEL1, "Going to destroy configuration manager ");
-
-       this->logger->log(this->logger,CONTROL | LEVEL2, "Destroy configuration entries");
-       while (this->configurations->get_count(this->configurations) > 0)
-       {
-               configuration_entry_t *entry;
-               this->configurations->remove_first(this->configurations,(void **) &entry);
-               entry->destroy(entry);
-       }
-       this->configurations->destroy(this->configurations);
-
-       this->logger->log(this->logger,CONTROL | LEVEL2, "Destroy sa_config_t objects");        
-       while (this->sa_configs->get_count(this->sa_configs) > 0)
-       {
-               sa_config_t *sa_config;
-               this->sa_configs->remove_first(this->sa_configs,(void **) &sa_config);
-               sa_config->destroy(sa_config);
-       }
-
-       this->sa_configs->destroy(this->sa_configs);
-       
-       this->logger->log(this->logger,CONTROL | LEVEL2, "Destroy init_config_t objects");
-       while (this->init_configs->get_count(this->init_configs) > 0)
-       {
-               init_config_t *init_config;
-               this->init_configs->remove_first(this->init_configs,(void **) &init_config);
-               init_config->destroy(init_config);
-       }
-       this->init_configs->destroy(this->init_configs);
-       
-       while (this->preshared_secrets->get_count(this->preshared_secrets) > 0)
-       {
-               preshared_secret_entry_t *entry;
-               this->preshared_secrets->remove_first(this->preshared_secrets,(void **) &entry);
-               entry->identification->destroy(entry->identification);
-               allocator_free_chunk(&(entry->preshared_secret));
-               allocator_free(entry);
-       }
-       this->preshared_secrets->destroy(this->preshared_secrets);
-
-       this->logger->log(this->logger,CONTROL | LEVEL2, "Destroy rsa private keys");   
-       while (this->rsa_private_keys->get_count(this->rsa_private_keys) > 0)
-       {
-               rsa_private_key_entry_t *entry;
-               this->rsa_private_keys->remove_first(this->rsa_private_keys,(void **) &entry);
-               entry->identification->destroy(entry->identification);
-               entry->private_key->destroy(entry->private_key);
-               allocator_free(entry);
-       }
-       this->rsa_private_keys->destroy(this->rsa_private_keys);
-
-       this->logger->log(this->logger,CONTROL | LEVEL2, "Destroy rsa public keys");
-       while (this->rsa_public_keys->get_count(this->rsa_public_keys) > 0)
-       {
-               rsa_public_key_entry_t *entry;
-               this->rsa_public_keys->remove_first(this->rsa_public_keys,(void **) &entry);
-               entry->identification->destroy(entry->identification);
-               entry->public_key->destroy(entry->public_key);
-               allocator_free(entry);
-       }
-       this->rsa_public_keys->destroy(this->rsa_public_keys);
-               
-       this->logger->log(this->logger,CONTROL | LEVEL2, "Destroy assigned logger");
-       charon->logger_manager->destroy_logger(charon->logger_manager,this->logger);
-       allocator_free(this);
-}
-
-/*
- * Described in header-file
- */
-configuration_manager_t *configuration_manager_create(u_int32_t first_retransmit_timeout,u_int32_t max_retransmit_count, u_int32_t half_open_ike_sa_timeout)
-{
-       private_configuration_manager_t *this = allocator_alloc_thing(private_configuration_manager_t);
-
-       /* public functions */
-       this->public.destroy = (void(*)(configuration_manager_t*))destroy;
-       this->public.get_init_config_for_name = (status_t (*) (configuration_manager_t *, char *, init_config_t **)) get_init_config_for_name;
-       this->public.get_init_config_for_host = (status_t (*) (configuration_manager_t *, host_t *, host_t *,init_config_t **)) get_init_config_for_host;
-       this->public.get_sa_config_for_name =(status_t (*) (configuration_manager_t *, char *, sa_config_t **)) get_sa_config_for_name;
-       this->public.get_sa_config_for_init_config_and_id =(status_t (*) (configuration_manager_t *, init_config_t *, identification_t *, identification_t *,sa_config_t **)) get_sa_config_for_init_config_and_id;
-       this->public.get_retransmit_timeout = (status_t (*) (configuration_manager_t *, u_int32_t retransmit_count, u_int32_t *timeout))get_retransmit_timeout;
-       this->public.get_half_open_ike_sa_timeout = (u_int32_t (*) (configuration_manager_t *)) get_half_open_ike_sa_timeout;
-       this->public.get_shared_secret = (status_t (*) (configuration_manager_t *, identification_t *, chunk_t *))get_shared_secret;
-       this->public.get_rsa_private_key = (status_t (*) (configuration_manager_t *, identification_t *, rsa_private_key_t**))get_rsa_private_key;
-       this->public.get_rsa_public_key = (status_t (*) (configuration_manager_t *, identification_t *, rsa_public_key_t**))get_rsa_public_key;
-       
-       /* private functions */
-       this->load_default_config = load_default_config;
-       this->add_new_configuration = add_new_configuration;
-       this->add_new_preshared_secret = add_new_preshared_secret;
-       this->add_new_rsa_public_key = add_new_rsa_public_key;
-       this->add_new_rsa_private_key = add_new_rsa_private_key;
-       
-       /* private variables */
-       this->logger = charon->logger_manager->create_logger(charon->logger_manager,CONFIGURATION_MANAGER,NULL);
-       this->configurations = linked_list_create();
-       this->sa_configs = linked_list_create();
-       this->init_configs = linked_list_create();
-       this->preshared_secrets = linked_list_create();
-       this->rsa_private_keys = linked_list_create();
-       this->rsa_public_keys = linked_list_create();
-       this->max_retransmit_count = max_retransmit_count;
-       this->first_retransmit_timeout = first_retransmit_timeout;
-       this->half_open_ike_sa_timeout = half_open_ike_sa_timeout;
-       
-       this->load_default_config(this);
-
-       return (&this->public);
-}
-
-
-u_int8_t public_key_1[] = {
-       0xD4,0x8D,0x40,0x8E,0xBD,0xFC,0x6D,0xE9,0xDB,0x1C,0xD2,0x21,0x19,0x37,0x6B,0xE2,
-       0xDC,0xCE,0x74,0xA2,0x63,0xF6,0xD8,0x8D,0xAF,0x1C,0xC0,0xFF,0x07,0x3F,0xFB,0x52,
-       0x59,0x45,0x01,0x10,0x35,0xA9,0xB8,0x16,0x69,0x31,0x19,0x4F,0xDD,0x66,0xAD,0xAC,
-       0x80,0x11,0x33,0x38,0x5A,0x11,0xF9,0x33,0x3F,0xD2,0x41,0x4A,0x21,0x9B,0x54,0x44,
-       0x00,0xB6,0x07,0x33,0x4A,0x5B,0x4E,0x09,0x7C,0x9D,0xB8,0xDE,0x6B,0xA2,0xB2,0x78,
-       0x23,0x3D,0xF0,0xB7,0x37,0x2B,0x7A,0x71,0x50,0x6E,0xEA,0x93,0x3E,0xB5,0x2C,0xBD,
-       0xD6,0x08,0x43,0x12,0x0A,0xE8,0x8D,0xE6,0x6C,0x24,0xCC,0x3F,0xF7,0x18,0x7E,0x87,
-       0x59,0x0C,0xA9,0x5D,0x85,0xF8,0x6E,0x83,0xD8,0x18,0x77,0x07,0xB6,0x44,0x3C,0x8D,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x01
-};
-
-u_int8_t private_key_1[] = {
-       0xD4,0x8D,0x40,0x8E,0xBD,0xFC,0x6D,0xE9,0xDB,0x1C,0xD2,0x21,0x19,0x37,0x6B,0xE2,
-       0xDC,0xCE,0x74,0xA2,0x63,0xF6,0xD8,0x8D,0xAF,0x1C,0xC0,0xFF,0x07,0x3F,0xFB,0x52,
-       0x59,0x45,0x01,0x10,0x35,0xA9,0xB8,0x16,0x69,0x31,0x19,0x4F,0xDD,0x66,0xAD,0xAC,
-       0x80,0x11,0x33,0x38,0x5A,0x11,0xF9,0x33,0x3F,0xD2,0x41,0x4A,0x21,0x9B,0x54,0x44,
-       0x00,0xB6,0x07,0x33,0x4A,0x5B,0x4E,0x09,0x7C,0x9D,0xB8,0xDE,0x6B,0xA2,0xB2,0x78,
-       0x23,0x3D,0xF0,0xB7,0x37,0x2B,0x7A,0x71,0x50,0x6E,0xEA,0x93,0x3E,0xB5,0x2C,0xBD,
-       0xD6,0x08,0x43,0x12,0x0A,0xE8,0x8D,0xE6,0x6C,0x24,0xCC,0x3F,0xF7,0x18,0x7E,0x87,
-       0x59,0x0C,0xA9,0x5D,0x85,0xF8,0x6E,0x83,0xD8,0x18,0x77,0x07,0xB6,0x44,0x3C,0x8D,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x01,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0xEE,0xF2,0x37,0xF2,0x98,0xEB,0x33,0xC6,0x84,0xE8,0xB9,0xD1,0x18,0xB5,0x29,0x00,
-       0xAC,0x6B,0x78,0xBC,0x9E,0xB6,0x01,0x21,0x29,0xEE,0x4A,0x99,0xFB,0x3D,0x07,0x23,
-       0x77,0x84,0x93,0x4B,0x53,0x49,0xB0,0xA4,0x6F,0xB0,0xF5,0x50,0xDB,0x35,0xDD,0xDF,
-       0x41,0x6F,0x7B,0xA9,0x88,0x3D,0x0B,0x1C,0x2E,0x2B,0x44,0x35,0x24,0x72,0x66,0xC1,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0xE3,0xB8,0xC8,0x30,0x67,0xD0,0x5D,0xF1,0x32,0x64,0xDC,0x4B,0xB3,0x7E,0xE3,0x1A,
-       0xC5,0xBC,0xAC,0xC9,0x95,0x5C,0x96,0x0D,0x5A,0x52,0x90,0xE0,0x08,0x3F,0xA6,0x71,
-       0xC7,0x18,0xC5,0x64,0xA2,0xE4,0xB8,0x43,0x5A,0x8A,0x7A,0x9B,0xDF,0xDA,0x81,0x85,
-       0x6C,0x0F,0xA4,0xC9,0xAC,0x25,0x19,0x54,0xFE,0x75,0xAA,0x1D,0x22,0xB8,0xF4,0xCD,
-       0x1A,0x91,0xC2,0xA3,0x65,0x3F,0xD7,0xFC,0x7E,0xE1,0x92,0x29,0xC5,0x85,0x6E,0x44,
-       0xC8,0x4D,0xBD,0x7A,0x2C,0x2D,0x47,0xE2,0x24,0x24,0xDF,0xC2,0x31,0x65,0x8F,0xD4,
-       0xBA,0x28,0x7C,0x4A,0xCA,0xAE,0x79,0xBE,0xC1,0x6C,0xFC,0x09,0x45,0xF7,0x87,0x17,
-       0xB4,0x55,0x92,0x15,0xC5,0xFA,0x8F,0xB0,0x56,0x96,0xC1,0x87,0x12,0xFE,0xDF,0xF0,
-       0x3A,0xE1,0xB1,0x83,0x19,0x74,0xF0,0x7D,0x37,0x41,0x3E,0x6A,0xFE,0x33,0x3E,0x74,
-       0x01,0x45,0xE4,0x65,0xAE,0xC9,0xAE,0x64,0xE3,0xF1,0x90,0xFD,0x1A,0x30,0x44,0x82,
-       0xEE,0x34,0x94,0xF2,0x68,0x3D,0x61,0x90,0xFB,0xEB,0xD8,0x18,0xE6,0x7C,0xEC,0x69,
-       0x70,0xD0,0xEB,0x2F,0xC1,0x3D,0x9C,0x6A,0x4B,0x89,0x50,0x6B,0x3F,0xA5,0x38,0x41,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x65,0xEE,0x34,0x09,0xAC,0x4C,0x21,0x71,0x1D,0x3F,0x7E,0x0D,0x01,0xC2,0x3E,0x34,
-       0x88,0x58,0xEC,0x4F,0x62,0x50,0xF7,0xD8,0x62,0xDF,0xC1,0x39,0x40,0xA0,0xBF,0x0B,
-       0xD5,0x2F,0x5B,0xFA,0x35,0x14,0x69,0x63,0x2C,0x36,0x4B,0xDF,0xEB,0x33,0x66,0x6B,
-       0x97,0xA9,0x6C,0x12,0x5D,0x08,0xD5,0x55,0x77,0x28,0x83,0xD7,0x3B,0xAE,0x05,0xC1,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x9F,0x96,0x17,0x75,0x14,0xCB,0xC9,0x8A,0x06,0xAE,0xF8,0x53,0x74,0xEF,0x2F,0x68,
-       0xCB,0xBA,0x75,0xBC,0xAF,0x97,0xBA,0xF0,0x90,0xA3,0xDC,0x33,0xA4,0x94,0x36,0xA8,
-       0xF5,0xC6,0x3E,0x4F,0x50,0x78,0xC9,0x49,0x2A,0x62,0x71,0x9A,0x5B,0x3E,0x5E,0x16,
-       0x8A,0xAC,0x4B,0xE7,0xA9,0x64,0x36,0x64,0x82,0x0F,0x23,0xB0,0x57,0x6D,0x16,0xE1,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x25,0xF1,0x40,0x05,0x58,0x19,0x37,0x61,0x34,0x98,0xBB,0x29,0x1B,0x44,0x08,0x1A,
-       0xD3,0x66,0x62,0x4C,0x9C,0x47,0xD2,0x91,0x60,0x46,0x6F,0x8E,0xA6,0xE7,0x80,0x7B,
-       0x17,0x77,0x9A,0xB5,0x18,0x8A,0x15,0x8F,0x77,0xA1,0x55,0x3E,0x96,0x66,0x86,0x57,
-       0x75,0x73,0xF5,0x57,0x50,0x28,0xEA,0x83,0x14,0xB1,0x55,0xA3,0x82,0xCD,0x36,0xF8
-};
-u_int8_t public_key_2[] = {
-       0x88,0x3E,0xE2,0x2E,0x5D,0x01,0x13,0xDF,0x1D,0x8B,0xF4,0x39,0xCA,0xE6,0x3C,0xE1,
-       0x46,0x8E,0xD4,0xF1,0x06,0x56,0x12,0x8D,0xCD,0x51,0xBD,0x32,0xF5,0x18,0x15,0x4D,
-       0x0F,0x98,0xDF,0xFF,0xA5,0xA3,0xAB,0x39,0x43,0xC4,0xF6,0xAC,0x98,0x5C,0x84,0x63,
-       0x8C,0x46,0x33,0xA2,0x23,0x8C,0xF0,0x4D,0xFE,0xE7,0xF3,0x38,0xC4,0x19,0x39,0xC4,
-       0x90,0xF4,0xC8,0x0D,0xB0,0xFE,0x65,0x11,0x0B,0x41,0x73,0xBB,0x05,0xA6,0x4B,0xC5,
-       0x27,0xA4,0x48,0x21,0xC5,0xAE,0x91,0x9C,0xD8,0x62,0x27,0xBE,0xDF,0xDA,0xC6,0x4E,
-       0xC1,0x6E,0x5B,0x61,0x51,0xAA,0xC9,0x53,0xCD,0x02,0x5B,0xC5,0xEE,0xE9,0xC7,0x7B,
-       0xB1,0x7E,0xD2,0xC2,0xFE,0x5F,0xD7,0x0F,0x75,0x2B,0xB9,0x49,0x5F,0x35,0xF1,0x83,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x01
-};
-u_int8_t private_key_2[] = {
-       0x88,0x3E,0xE2,0x2E,0x5D,0x01,0x13,0xDF,0x1D,0x8B,0xF4,0x39,0xCA,0xE6,0x3C,0xE1,
-       0x46,0x8E,0xD4,0xF1,0x06,0x56,0x12,0x8D,0xCD,0x51,0xBD,0x32,0xF5,0x18,0x15,0x4D,
-       0x0F,0x98,0xDF,0xFF,0xA5,0xA3,0xAB,0x39,0x43,0xC4,0xF6,0xAC,0x98,0x5C,0x84,0x63,
-       0x8C,0x46,0x33,0xA2,0x23,0x8C,0xF0,0x4D,0xFE,0xE7,0xF3,0x38,0xC4,0x19,0x39,0xC4,
-       0x90,0xF4,0xC8,0x0D,0xB0,0xFE,0x65,0x11,0x0B,0x41,0x73,0xBB,0x05,0xA6,0x4B,0xC5,
-       0x27,0xA4,0x48,0x21,0xC5,0xAE,0x91,0x9C,0xD8,0x62,0x27,0xBE,0xDF,0xDA,0xC6,0x4E,
-       0xC1,0x6E,0x5B,0x61,0x51,0xAA,0xC9,0x53,0xCD,0x02,0x5B,0xC5,0xEE,0xE9,0xC7,0x7B,
-       0xB1,0x7E,0xD2,0xC2,0xFE,0x5F,0xD7,0x0F,0x75,0x2B,0xB9,0x49,0x5F,0x35,0xF1,0x83,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x01,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0xE8,0x37,0xB6,0x08,0xD8,0x9C,0x72,0xC5,0x34,0xDB,0x3A,0xA2,0xF9,0x24,0xE1,0x44,
-       0x23,0x3B,0x72,0x70,0x5D,0xCC,0xC3,0xBA,0x3D,0xCE,0x82,0xAC,0x6A,0x71,0x72,0x90,
-       0xC7,0x94,0xB3,0x8B,0x85,0xE0,0xEF,0x39,0xF0,0xE4,0x08,0x31,0xEA,0xE6,0x3B,0x7D,
-       0xB0,0x36,0xFA,0x71,0x6E,0xA3,0xF9,0x4C,0x39,0x05,0x8C,0xB7,0x8C,0x99,0x94,0x85,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x96,0x32,0xF9,0xD9,0xA8,0xC0,0x84,0xFD,0xE5,0x6B,0xA6,0xC2,0x85,0x85,0x68,0x17,
-       0x7E,0x98,0xD0,0x6A,0xDC,0xD8,0x4C,0x46,0xCB,0x6D,0x4C,0x25,0xE5,0xF9,0x58,0xB2,
-       0x17,0xE4,0x20,0x8A,0x87,0x0D,0xD7,0x4C,0x79,0xA3,0xB3,0x69,0x98,0x7F,0x5D,0x08,
-       0x33,0x5B,0xAD,0xA3,0x34,0xE8,0x55,0x5E,0x09,0x60,0x70,0xA8,0x11,0xFD,0x70,0x67,
-       0x00,0xE1,0xA7,0x44,0xF5,0x85,0x14,0x43,0xD5,0x45,0x1A,0x87,0x65,0x30,0xA8,0x24,
-       0x2C,0xF8,0xAF,0x97,0xFF,0x9A,0x7E,0xF4,0x3B,0xE7,0xD3,0x79,0x88,0xEC,0x66,0xF6,
-       0xE0,0xAA,0xF4,0x88,0x0A,0xE2,0x4C,0x31,0x4A,0xA6,0xF3,0x91,0x9A,0x4A,0xBE,0xF0,
-       0x85,0xEF,0xCE,0x55,0xB6,0x35,0x2B,0x38,0xD5,0xF5,0x5A,0x35,0x7B,0xCF,0x4D,0xF8,
-       0x5D,0x1E,0x57,0x99,0xAF,0xED,0x33,0x6F,0xD5,0xA7,0x49,0x5B,0x14,0x4C,0x7D,0x17,
-       0x81,0xAE,0x1E,0xDA,0x9D,0xFB,0xA9,0xC3,0x00,0x4C,0x17,0x37,0x30,0x96,0x60,0xE1,
-       0x6A,0xCC,0xD3,0xDB,0x40,0xCE,0x96,0x96,0x0D,0x95,0x0D,0x84,0x38,0xBD,0xDA,0x2F,
-       0xEC,0xED,0x22,0x39,0x8E,0x8C,0xDF,0xCD,0x07,0xCF,0x0F,0xB0,0x2B,0x76,0xDB,0xC1,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0xA5,0x37,0x9E,0x08,0x45,0x35,0x6A,0x62,0xEC,0xEC,0x5D,0x97,0xBE,0x73,0x82,0xE2,
-       0x9B,0xBE,0x9B,0xF9,0x5E,0x83,0x65,0x6E,0x88,0xB2,0xF9,0x3D,0xFA,0xAD,0xA4,0xB9,
-       0x65,0x86,0x63,0x08,0x0D,0xC4,0xAF,0xF0,0x25,0x77,0xD8,0x6C,0xCB,0x97,0xEB,0x13,
-       0xCD,0xE0,0x0F,0xE7,0xCC,0xB4,0x55,0x96,0xE9,0xAB,0x0D,0x27,0x3A,0x9D,0xBA,0x91,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x44,0xA3,0x44,0xF4,0x47,0x9E,0xBA,0xE7,0xBF,0xF8,0xC2,0xFB,0x2F,0xC3,0x38,0x3F,
-       0x4C,0x56,0x0F,0x20,0x56,0x8D,0xED,0xC5,0x88,0x5F,0x09,0x26,0x64,0x82,0xDF,0x1A,
-       0x7B,0xBA,0x7F,0x78,0x6E,0xA1,0x4F,0x9B,0x1E,0x17,0x45,0xFC,0xE2,0x78,0x89,0x8E,
-       0x1E,0xD2,0x2D,0x76,0x60,0xCE,0x2F,0x7C,0xCA,0xB2,0x2C,0xA9,0x51,0x97,0x4C,0xCF,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-       0x01,0x40,0x4B,0x7D,0xAB,0x8A,0xB9,0x5E,0xEE,0xA1,0x81,0xED,0x27,0x89,0xF6,0x4C,
-       0x59,0x8C,0x23,0x14,0x3B,0x1B,0xBA,0xC3,0xB2,0x00,0x9A,0x9E,0xDF,0x54,0x82,0xA7,
-       0x3E,0xC9,0x23,0x85,0x4D,0xD3,0x80,0xA7,0x89,0x11,0xBA,0x76,0xF5,0xC1,0x55,0x37,
-       0x0A,0x0D,0x8C,0x07,0x0A,0xC8,0xC5,0x11,0x74,0x9C,0xB6,0x80,0x3B,0x0A,0x9A,0xA2
-};
diff --git a/Source/charon/config/configuration_manager.h b/Source/charon/config/configuration_manager.h
deleted file mode 100644 (file)
index f471899..0000000
+++ /dev/null
@@ -1,216 +0,0 @@
-/**
- * @file configuration_manager.h
- * 
- * @brief Interface of configuration_manager_t.
- *  
- */
-
-/*
- * Copyright (C) 2005 Jan Hutter, Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#ifndef CONFIGURATION_MANAGER_H_
-#define CONFIGURATION_MANAGER_H_
-
-#include <types.h>
-#include <config/init_config.h>
-#include <config/sa_config.h>
-#include <transforms/rsa/rsa_private_key.h>
-#include <transforms/rsa/rsa_public_key.h>
-
-
-typedef struct configuration_manager_t configuration_manager_t;
-
-/**
- * @brief Manages all configuration aspects of the daemon.
- * 
- * @b Constructors:
- *     - configuration_manager_create()
- * 
- * @todo Build a (file) backend for the configuration manager.
- * 
- * @ingroup config
- */
-struct configuration_manager_t { 
-
-       /**
-        * @brief Returns the configuration information needed for IKE_SA_INIT exchange 
-        * for a specific configuration name.
-        * 
-        * The returned init_config_t object MUST NOT be destroyed cause it's managed by 
-        * this configuration_manager_t object.
-        * 
-        * @param this                          calling object
-        * @param name                          name of the configuration
-        * @param[out] init_config      the init_config_t object is stored at this location
-        * 
-        * @return              
-        *                                                      - NOT_FOUND
-        *                                                      - SUCCESS
-        */
-       status_t (*get_init_config_for_name) (configuration_manager_t *this, char *name, init_config_t **init_config);
-
-       /**
-        * @brief Returns the configuration information needed for IKE_SA_INIT exchange 
-        * for specific host informations.
-        * 
-        * The returned init_config_t object MUST NOT be destroyed cause it's managed by 
-        * this configuration_manager_t object.
-        * 
-        * @param this                          calling object
-        * @param my_host                       my host informations
-        * @param other_host            other host informations
-        * @param[out] init_config      the init_config_t object is stored at this location
-        * 
-        * @return              
-        *                                                      - NOT_FOUND
-        *                                                      - SUCCESS
-        */     
-       status_t (*get_init_config_for_host) (configuration_manager_t *this, host_t *my_host, host_t *other_host,init_config_t **init_config);
-       
-       /**
-        * @brief Returns the configuration information needed after IKE_SA_INIT exchange 
-        * for a specific configuration name.
-        * 
-        * The returned sa_config_t object MUST NOT be destroyed cause it's managed by 
-        * this configuration_manager_t object.
-        * 
-        * @param this                          calling object
-        * @param name                          name of the configuration
-        * @param[out] sa_config        the sa_config_t object is stored at this location
-        * 
-        * @return              
-        *                              - NOT_FOUND
-        *                              - SUCCESS
-        */
-       status_t (*get_sa_config_for_name) (configuration_manager_t *this, char *name, sa_config_t **sa_config);
-       
-       /**
-        * @brief Returns the configuration information needed after IKE_SA_INIT exchange 
-        * for specific init_config_t and ID data.
-        * 
-        * The returned sa_config_t object MUST NOT be destroyed cause it's managed by 
-        * this configuration_manager_t object.
-        * 
-        * @param this                          calling object
-        * @param init_config           init_config_t object
-        * @param other_id                      identification of other one
-        * @param my_id                         my identification (can be NULL)
-        * @param[out] sa_config        the sa_config_t object is stored at this location
-        * 
-        * @return              
-        *                                                      - NOT_FOUND
-        *                                                      - SUCCESS
-        */     
-       status_t (*get_sa_config_for_init_config_and_id) (configuration_manager_t *this, init_config_t *init_config, identification_t *other_id, identification_t *my_id,sa_config_t **sa_config);
-
-       /**
-        * @brief Returns the retransmit timeout.
-        * 
-        * The timeout values are managed by the configuration manager.
-        * 
-        * @param this                          calling object
-        * @param retransmit_count      number of times a message was retransmitted so far
-        * @param[out] timeout          the new retransmit timeout in milliseconds
-        * 
-        * @return              
-        *                                                      - FAILED, if the message should not be retransmitted
-        *                                                      - SUCCESS
-        */
-       status_t (*get_retransmit_timeout) (configuration_manager_t *this, u_int32_t retransmit_count, u_int32_t *timeout);
-       
-       /**
-        * @brief Returns the timeout for an half open IKE_SA in ms.
-        * 
-        * Half open means that the IKE_SA is still in one of the following states:
-        *  - INITIATOR_INIT
-        *  - RESPONDER_INIT
-        *  - IKE_SA_INIT_REQUESTED
-        *  - IKE_SA_INIT_RESPONDED
-        *  - IKE_AUTH_REQUESTED
-        * 
-        * @param this                          calling object
-        * @return                                      timeout in milliseconds (ms)
-        */     
-       u_int32_t (*get_half_open_ike_sa_timeout) (configuration_manager_t *this);
-       
-       /**
-        * @brief Returns the preshared secret of a specific ID.
-        * 
-        * The returned preshared secret MUST NOT be destroyed cause it's managed by 
-        * this configuration_manager_t object.
-        * 
-        * @param this                                  calling object
-        * @param identification                identification_t object identifiying the ID.
-        * @param[out] preshared_secret the preshared secret will be written there.
-        * 
-        * @return              
-        *                                                              - NOT_FOUND     if no preshared secrets for specific ID could be found
-        *                                                              - SUCCESS
-        */     
-       status_t (*get_shared_secret) (configuration_manager_t *this, identification_t *identification, chunk_t *preshared_secret);
-       
-       /**
-        * @brief Returns the RSA public key of a specific ID.
-        * 
-        * The returned rsa_public_key_t object MUST NOT be destroyed cause it's managed by 
-        * this configuration_manager_t object.
-        * 
-        * @param this                                  calling object
-        * @param identification                identification_t object identifiying the ID.
-        * @param[out] public_key               the public key will be written there
-        * 
-        * @return              
-        *                                                              - NOT_FOUND     if no key is configured for specific id
-        *                                                              - SUCCESS
-        */     
-       status_t (*get_rsa_public_key) (configuration_manager_t *this, identification_t *identification, rsa_public_key_t **public_key);
-       
-       /**
-        * @brief Returns the RSA private key of a specific ID.
-        * 
-        * The returned rsa_private_key_t object MUST NOT be destroyed cause it's managed by 
-        * this configuration_manager_t object.
-        * 
-        * @param this                                  calling object
-        * @param identification                identification_t object identifiying the ID.
-        * @param[out] private_key              the private key will be written there
-        * 
-        * @return              
-        *                                                              - NOT_FOUND     if no key is configured for specific id
-        *                                                              - SUCCESS
-        */     
-       status_t (*get_rsa_private_key) (configuration_manager_t *this, identification_t *identification, rsa_private_key_t **private_key);
-
-       /**
-        * @brief Destroys a configuration_manager_t object.
-        * 
-        * @param this                                  calling object
-        */
-       void (*destroy) (configuration_manager_t *this);
-};
-
-/**
- * @brief Creates the mighty configuration manager.
- * 
- * @param first_retransmit_timeout     first retransmit timeout in milliseconds
- * @param max_retransmit_count         max number of tries to retransmitted a requests (0 for infinite)
- * @param half_open_ike_sa_timeout  timeout after that a half open IKE_SA gets deleted
- * @return                                                     configuration_manager_t object
- * 
- * @ingroup config
- */
-configuration_manager_t *configuration_manager_create(u_int32_t first_retransmit_timeout,u_int32_t max_retransmit_count, u_int32_t half_open_ike_sa_timeout);
-
-#endif /*CONFIGURATION_MANAGER_H_*/
index 047d653..e25d435 100644 (file)
@@ -58,7 +58,7 @@ extern mapping_t protocol_id_m[];
 typedef enum transform_type_t transform_type_t;
 
 /**
- * Type of a transform, as in IKEv2 draft 3.3.2.
+ * Type of a transform, as in IKEv2 RFC 3.3.2.
  * 
  * @ingroup payloads
  */
@@ -82,7 +82,7 @@ extern mapping_t transform_type_m[];
 typedef enum extended_sequence_numbers_t extended_sequence_numbers_t;
 
 /** 
- * Extended sequence numbers, as in IKEv2 draft 3.3.2.
+ * Extended sequence numbers, as in IKEv2 RFC 3.3.2.
  * 
  * @ingroup payloads
  */
index 6ecf71d..783e2f5 100644 (file)
@@ -99,7 +99,6 @@ struct sa_config_t {
         */
        linked_list_t *(*get_my_traffic_selectors) (sa_config_t *this);
        
-               
        /**
         * @brief Get configured traffic selectors for others site.
         * 
diff --git a/Source/charon/config/starter_configuration.c b/Source/charon/config/starter_configuration.c
new file mode 100755 (executable)
index 0000000..938a2b7
--- /dev/null
@@ -0,0 +1,882 @@
+/**
+ * @file starter_configuration.c
+ * 
+ * @brief Implementation of starter_configuration_t.
+ * 
+ */
+
+/*
+ * Copyright (C) 2005 Jan Hutter, Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include <stdlib.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <sys/fcntl.h>
+#include <unistd.h>
+#include <errno.h>
+#include <pthread.h>
+
+#include "starter_configuration.h"
+
+#include <types.h>
+#include <daemon.h>
+#include <utils/allocator.h>
+
+
+/**
+ * First retransmit timeout in milliseconds.
+ * 
+ * Timeout value is increasing in each retransmit round.
+ */
+#define RETRANSMIT_TIMEOUT 3000
+
+/**
+ * Timeout in milliseconds after that a half open IKE_SA gets deleted.
+ */
+#define HALF_OPEN_IKE_SA_TIMEOUT 30000
+
+/**
+ * Max retransmit count.
+ * 0 for infinite. The max time a half open IKE_SA is alive is set by 
+ * RETRANSMIT_TIMEOUT.
+ */
+#define MAX_RETRANSMIT_COUNT 0
+
+
+struct sockaddr_un socket_addr = { AF_UNIX, "/var/run/pluto.ctl"};
+
+
+typedef struct preshared_secret_entry_t preshared_secret_entry_t;
+
+/**
+ * A preshared secret entry combines an identifier and a 
+ * preshared secret.
+ */
+struct preshared_secret_entry_t {
+
+       /**
+        * Identification.
+        */
+       identification_t *identification;
+       
+       /**
+        * Preshared secret as chunk_t. The NULL termination is not included.
+        */     
+       chunk_t preshared_secret;
+};
+
+
+typedef struct rsa_private_key_entry_t rsa_private_key_entry_t;
+
+/**
+ * Entry for a rsa private key.
+ */
+struct rsa_private_key_entry_t {
+
+       /**
+        * Identification.
+        */
+       identification_t *identification;
+       
+       /**
+        * Private key.
+        */     
+       rsa_private_key_t* private_key;
+};
+
+typedef struct rsa_public_key_entry_t rsa_public_key_entry_t;
+
+/**
+ * Entry for a rsa private key.
+ */
+struct rsa_public_key_entry_t {
+
+       /**
+        * Identification.
+        */
+       identification_t *identification;
+       
+       /**
+        * Private key.
+        */     
+       rsa_public_key_t* public_key;
+};
+
+typedef struct configuration_entry_t configuration_entry_t;
+
+/**
+ * A configuration entry combines a configuration name with a init and sa 
+ * configuration represented as init_config_t and sa_config_t objects.
+ * 
+ * @b Constructors:
+ *  - configuration_entry_create()
+ */
+struct configuration_entry_t {
+       
+       /**
+        * Configuration name.
+        * 
+        */
+       char *name;
+       
+       /**
+        * Configuration for IKE_SA_INIT exchange.
+        */
+       init_config_t *init_config;
+
+       /**
+        * Configuration for all phases after IKE_SA_INIT exchange.
+        */
+       sa_config_t *sa_config;
+       
+       /**
+        * Destroys a configuration_entry_t
+        * 
+        * @param this                          calling object
+        */
+       void (*destroy) (configuration_entry_t *this);
+};
+
+/**
+ * Implementation of configuration_entry_t.destroy.
+ */
+static void configuration_entry_destroy (configuration_entry_t *this)
+{
+       allocator_free(this->name);
+       allocator_free(this);
+}
+
+/**
+ * @brief Creates a configuration_entry_t object.
+ * 
+ * @param name                         name of the configuration entry (gets copied)
+ * @param init_config  object of type init_config_t
+ * @param sa_config            object of type sa_config_t
+ */
+static configuration_entry_t * configuration_entry_create(char * name, init_config_t * init_config, sa_config_t * sa_config)
+{
+       configuration_entry_t *entry = allocator_alloc_thing(configuration_entry_t);
+
+       /* functions */
+       entry->destroy = configuration_entry_destroy;
+
+       /* private data */
+       entry->init_config = init_config;
+       entry->sa_config = sa_config;
+       entry->name = allocator_alloc(strlen(name) + 1);
+       strcpy(entry->name,name);
+       return entry;
+}
+
+typedef struct private_starter_configuration_t private_starter_configuration_t;
+
+/**
+ * Private data of an starter_configuration_t object.
+ */
+struct private_starter_configuration_t {
+
+       /**
+        * Public part of starter_configuration_t object.
+        */
+       starter_configuration_t public;
+
+       /**
+        * Holding all configurations.
+        */
+       linked_list_t *configurations;
+
+       /**
+        * Holding all managed init_configs.
+        */
+       linked_list_t *init_configs;
+
+       /**
+        * Holding all managed init_configs.
+        */
+       linked_list_t *sa_configs;
+       
+       /**
+        * Holding all managed preshared secrets.
+        */
+       linked_list_t *preshared_secrets;
+       
+       /**
+        * Holding all managed private secrets.
+        */
+       linked_list_t *rsa_private_keys;
+       
+       /**
+        * Holding all managed public secrets.
+        */
+       linked_list_t *rsa_public_keys;
+
+       /**
+        * Assigned logger_t object.
+        */
+       logger_t *logger;
+       
+       /**
+        * Max number of requests to be retransmitted.
+        * 0 for infinite.
+        */     
+       u_int32_t max_retransmit_count;
+       
+       /**
+        * First retransmit timeout in ms.
+        */
+       u_int32_t first_retransmit_timeout;
+       
+       /**
+        * Timeout in ms after that time a IKE_SA gets deleted.
+        */
+       u_int32_t half_open_ike_sa_timeout;
+       
+       int socket;
+       
+       pthread_t assigned_thread;
+
+       /**
+        * Adds a new IKE_SA configuration.
+        * 
+        * @param this                          calling object
+        * @param name                          name for the configuration
+        * @param init_config           init_config_t object
+        * @param sa_config                     sa_config_t object
+        */
+       void (*add_new_configuration) (private_starter_configuration_t *this, char *name, init_config_t *init_config, sa_config_t *sa_config);
+       
+       /**
+        * Adds a new preshared secret.
+        * 
+        * @param this                          calling object
+        * @param type                          type of identification
+        * @param id_string                     identification as string
+        * @param preshared_secret      preshared secret as string
+        */
+       void (*add_new_preshared_secret) (private_starter_configuration_t *this,id_type_t type, char *id_string, char *preshared_secret);
+       
+       /**
+        * Adds a new rsa private key.
+        * 
+        * @param this                          calling object
+        * @param type                          type of identification
+        * @param id_string                     identification as string
+        * @param key_pos                       location of key
+        * @param key_len                       length of key
+        */
+       void (*add_new_rsa_private_key) (private_starter_configuration_t *this,id_type_t type, char *id_string, u_int8_t *key_pos, size_t key_len);
+       
+       /**
+        * Adds a new rsa public key.
+        * 
+        * @param this                          calling object
+        * @param type                          type of identification
+        * @param id_string                     identification as string
+        * @param key_pos                       location of key
+        * @param key_len                       length of key
+        */
+       void (*add_new_rsa_public_key) (private_starter_configuration_t *this,id_type_t type, char *id_string, u_int8_t *key_pos, size_t key_len);
+       
+       void (*whack_receive) (private_starter_configuration_t *this);
+};
+
+/**
+ * Implementation of private_starter_configuration_t.listen.
+ */
+static void whack_receive(private_starter_configuration_t *this)
+{
+       u_int8_t buffer[5000];
+       struct sockaddr_un whackaddr;
+       int whackaddrlen = sizeof(whackaddr);
+       ssize_t n;
+       int whackfd;
+       
+       while (1)
+       {
+               whackfd = accept(this->socket, (struct sockaddr *)&whackaddr, &whackaddrlen);
+       
+               if (whackfd < 0)
+               {
+                       this->logger->log(this->logger, ERROR, "accept() failed in whack_handle()");
+                       continue;
+               }
+               if (fcntl(whackfd, F_SETFD, FD_CLOEXEC) < 0)
+               {
+                       this->logger->log(this->logger, ERROR, "failed to set CLOEXEC in whack_handle()");
+                       close(whackfd);
+                       continue;
+               }
+       
+               n = read(whackfd, &buffer, sizeof(buffer));
+       
+               if (n == -1)
+               {
+                       this->logger->log(this->logger, ERROR, "read() failed in whack_handle()");
+                       close(whackfd);
+                       continue;
+               }
+               this->logger->log_bytes(this->logger, CONTROL, "Whackinput", buffer, n);
+       }
+}
+
+
+/**
+ * Implementation of starter_configuration_t.get_init_config_for_host.
+ */
+static status_t get_init_config_for_host (private_starter_configuration_t *this, host_t *my_host, host_t *other_host,init_config_t **init_config)
+{
+       iterator_t *iterator;
+       status_t status = NOT_FOUND;
+       
+       iterator = this->configurations->create_iterator(this->configurations,TRUE);
+       
+       this->logger->log(this->logger, CONTROL|LEVEL1, "getting config for hosts %s - %s", 
+                                               my_host->get_address(my_host), other_host->get_address(other_host));
+       
+       while (iterator->has_next(iterator))
+       {
+               configuration_entry_t *entry;
+               host_t *config_my_host;
+               host_t *config_other_host;
+               
+               iterator->current(iterator,(void **) &entry);
+
+               config_my_host = entry->init_config->get_my_host(entry->init_config);
+               config_other_host = entry->init_config->get_other_host(entry->init_config);
+
+               /* first check if ip is equal */
+               if(config_other_host->ip_is_equal(config_other_host,other_host))
+               {
+                       this->logger->log(this->logger, CONTROL|LEVEL2, "config entry with remote host %s", 
+                                               config_other_host->get_address(config_other_host));
+                       /* could be right one, check my_host for default route*/
+                       if (config_my_host->is_default_route(config_my_host))
+                       {
+                               *init_config = entry->init_config;
+                               status = SUCCESS;
+                               break;
+                       }
+                       /* check now if host informations are the same */
+                       else if (config_my_host->ip_is_equal(config_my_host,my_host))
+                       {
+                               *init_config = entry->init_config;
+                               status = SUCCESS;
+                               break;
+                       }
+                       
+               }
+               /* Then check for wildcard hosts!
+                * TODO
+                * actually its only checked if other host with default route can be found! */
+               else if (config_other_host->is_default_route(config_other_host))
+               {
+                       /* could be right one, check my_host for default route*/
+                       if (config_my_host->is_default_route(config_my_host))
+                       {
+                               *init_config = entry->init_config;
+                               status = SUCCESS;
+                               break;
+                       }
+                       /* check now if host informations are the same */
+                       else if (config_my_host->ip_is_equal(config_my_host,my_host))
+                       {
+                               *init_config = entry->init_config;
+                               status = SUCCESS;
+                               break;
+                       }
+               }
+       }
+       
+       iterator->destroy(iterator);
+       
+       return status;
+}
+
+/**
+ * Implementation of starter_configuration_t.get_init_config_for_name.
+ */
+static status_t get_init_config_for_name (private_starter_configuration_t *this, char *name, init_config_t **init_config)
+{
+       iterator_t *iterator;
+       status_t status = NOT_FOUND;
+       
+       iterator = this->configurations->create_iterator(this->configurations,TRUE);
+       
+       while (iterator->has_next(iterator))
+       {
+               configuration_entry_t *entry;
+               iterator->current(iterator,(void **) &entry);
+
+               if (strcmp(entry->name,name) == 0)
+               {
+
+                       /* found configuration */
+                       *init_config = entry->init_config;
+                       status = SUCCESS;
+                       break;
+               }
+       }
+       
+       iterator->destroy(iterator);
+       
+       return status;
+}
+       
+/**
+ * Implementation of starter_configuration_t.get_sa_config_for_name.
+ */
+static status_t get_sa_config_for_name (private_starter_configuration_t *this, char *name, sa_config_t **sa_config)
+{
+       iterator_t *iterator;
+       status_t status = NOT_FOUND;
+       
+       iterator = this->configurations->create_iterator(this->configurations,TRUE);
+       
+       while (iterator->has_next(iterator))
+       {
+               configuration_entry_t *entry;
+               iterator->current(iterator,(void **) &entry);
+
+               if (strcmp(entry->name,name) == 0)
+               {
+                       /* found configuration */
+                       *sa_config = entry->sa_config;
+                       status = SUCCESS;
+                       break;
+               }
+       }
+       
+       iterator->destroy(iterator);
+       
+       return status;
+}
+
+/**
+ * Implementation of starter_configuration_t.get_sa_config_for_init_config_and_id.
+ */
+static status_t get_sa_config_for_init_config_and_id (private_starter_configuration_t *this, init_config_t *init_config, identification_t *other_id, identification_t *my_id,sa_config_t **sa_config)
+{      
+       iterator_t *iterator;
+       status_t status = NOT_FOUND;
+       
+       iterator = this->configurations->create_iterator(this->configurations,TRUE);
+       
+       while (iterator->has_next(iterator))
+       {
+               configuration_entry_t *entry;
+               iterator->current(iterator,(void **) &entry);
+
+               if (entry->init_config == init_config)
+               {
+                       identification_t *config_my_id = entry->sa_config->get_my_id(entry->sa_config);
+                       identification_t *config_other_id = entry->sa_config->get_other_id(entry->sa_config);
+
+                       /* host informations seem to be the same */
+                       if (config_other_id->equals(config_other_id,other_id))
+                       {
+                               /* other ids seems to match */
+                               
+                               if (my_id == NULL)
+                               {
+                                       /* first matching one is selected */
+                                       
+                                       /* TODO priorize found entries */
+                                       *sa_config = entry->sa_config;
+                                       status = SUCCESS;
+                                       break;
+                               }
+
+                               if (config_my_id->equals(config_my_id,my_id))
+                               {
+                                       *sa_config = entry->sa_config;
+                                       status = SUCCESS;
+                                       break;
+                               }
+
+                       }
+               }
+       }
+       
+       iterator->destroy(iterator);
+       
+       return status;
+}
+
+/**
+ * Implementation of private_starter_configuration_t.add_new_configuration.
+ */
+static void add_new_configuration (private_starter_configuration_t *this, char *name, init_config_t *init_config, sa_config_t *sa_config)
+{
+       iterator_t *iterator;
+       bool found;
+       
+       iterator = this->init_configs->create_iterator(this->init_configs,TRUE);
+       found = FALSE;
+       while (iterator->has_next(iterator))
+       {
+               init_config_t *found_init_config;
+               iterator->current(iterator,(void **) &found_init_config);
+               if (init_config == found_init_config)
+               {
+                       found = TRUE;
+                       break;
+               }
+       }
+       iterator->destroy(iterator);
+       if (!found)
+       {
+               this->init_configs->insert_first(this->init_configs,init_config);
+       }
+       
+       iterator = this->sa_configs->create_iterator(this->sa_configs,TRUE);
+       found = FALSE;
+       while (iterator->has_next(iterator))
+       {
+               sa_config_t *found_sa_config;
+               iterator->current(iterator,(void **) &found_sa_config);
+               if (sa_config == found_sa_config)
+               {
+                       found = TRUE;
+                       break;
+               }
+       }
+       iterator->destroy(iterator);
+       if (!found)
+       {
+               this->sa_configs->insert_first(this->sa_configs,sa_config);
+       }
+
+       this->configurations->insert_last(this->configurations,configuration_entry_create(name,init_config,sa_config));
+}
+
+/**
+ * Implementation of private_starter_configuration_t.add_new_preshared_secret.
+ */
+static void add_new_preshared_secret (private_starter_configuration_t *this,id_type_t type, char *id_string, char *preshared_secret)
+{
+       preshared_secret_entry_t *entry = allocator_alloc_thing(preshared_secret_entry_t);
+       
+       entry->identification = identification_create_from_string(type,id_string);
+       entry->preshared_secret.len = strlen(preshared_secret) + 1;
+       entry->preshared_secret.ptr = allocator_alloc(entry->preshared_secret.len);
+       memcpy(entry->preshared_secret.ptr,preshared_secret,entry->preshared_secret.len);
+       
+       this->preshared_secrets->insert_last(this->preshared_secrets,entry);
+}
+
+/**
+ * Implementation of private_starter_configuration_t.add_new_preshared_secret.
+ */
+static void add_new_rsa_public_key (private_starter_configuration_t *this, id_type_t type, char *id_string, u_int8_t* key_pos, size_t key_len)
+{
+       chunk_t key;
+       key.ptr = key_pos;
+       key.len = key_len;
+       
+       rsa_public_key_entry_t *entry = allocator_alloc_thing(rsa_public_key_entry_t);
+       
+       entry->identification = identification_create_from_string(type,id_string);
+       entry->public_key = rsa_public_key_create();
+       entry->public_key->set_key(entry->public_key, key);
+       
+       this->rsa_public_keys->insert_last(this->rsa_public_keys, entry);
+}
+
+/**
+ * Implementation of private_starter_configuration_t.add_new_preshared_secret.
+ */
+static void add_new_rsa_private_key (private_starter_configuration_t *this, id_type_t type, char *id_string, u_int8_t* key_pos, size_t key_len)
+{
+       chunk_t key;
+       key.ptr = key_pos;
+       key.len = key_len;
+       
+       rsa_private_key_entry_t *entry = allocator_alloc_thing(rsa_private_key_entry_t);
+       
+       entry->identification = identification_create_from_string(type,id_string);
+       entry->private_key = rsa_private_key_create();
+       entry->private_key->set_key(entry->private_key, key);
+       
+       this->rsa_private_keys->insert_last(this->rsa_private_keys, entry);
+}
+
+/**
+ * Implementation of starter_configuration_t.get_shared_secret.
+ */
+static status_t get_shared_secret(private_starter_configuration_t *this, identification_t *identification, chunk_t *preshared_secret)
+{
+       iterator_t *iterator;
+       
+       iterator = this->preshared_secrets->create_iterator(this->preshared_secrets,TRUE);
+       while (iterator->has_next(iterator))
+       {
+               preshared_secret_entry_t *entry;
+               iterator->current(iterator,(void **) &entry);
+               if (entry->identification->equals(entry->identification,identification))
+               {
+                       *preshared_secret = entry->preshared_secret;
+                       iterator->destroy(iterator);
+                       return SUCCESS;
+               }
+       }
+       iterator->destroy(iterator);
+       return NOT_FOUND;
+}
+
+/**
+ * Implementation of starter_configuration_t.get_shared_secret.
+ */
+static status_t get_rsa_public_key(private_starter_configuration_t *this, identification_t *identification, rsa_public_key_t **public_key)
+{
+       iterator_t *iterator;
+       
+       iterator = this->rsa_public_keys->create_iterator(this->rsa_public_keys,TRUE);
+       while (iterator->has_next(iterator))
+       {
+               rsa_public_key_entry_t *entry;
+               iterator->current(iterator,(void **) &entry);
+               if (entry->identification->equals(entry->identification,identification))
+               {
+                       *public_key = entry->public_key;
+                       iterator->destroy(iterator);
+                       return SUCCESS;
+               }
+       }
+       iterator->destroy(iterator);
+       return NOT_FOUND;
+}
+
+/**
+ * Implementation of starter_configuration_t.get_shared_secret.
+ */
+static status_t get_rsa_private_key(private_starter_configuration_t *this, identification_t *identification, rsa_private_key_t **private_key)
+{
+       iterator_t *iterator;
+       
+       iterator = this->rsa_private_keys->create_iterator(this->rsa_private_keys,TRUE);
+       while (iterator->has_next(iterator))
+       {
+               rsa_private_key_entry_t *entry;
+               iterator->current(iterator,(void **) &entry);
+               if (entry->identification->equals(entry->identification,identification))
+               {
+                       *private_key = entry->private_key;
+                       iterator->destroy(iterator);
+                       return SUCCESS;
+               }
+       }
+       iterator->destroy(iterator);
+       return NOT_FOUND;
+}
+
+/**
+ * Implementation of starter_configuration_t.get_retransmit_timeout.
+ */
+static status_t get_retransmit_timeout (private_starter_configuration_t *this, u_int32_t retransmit_count, u_int32_t *timeout)
+{
+       int new_timeout = this->first_retransmit_timeout, i;
+       if ((retransmit_count > this->max_retransmit_count) && (this->max_retransmit_count != 0))
+       {
+               return FAILED;
+       }
+       
+
+       for (i = 0; i < retransmit_count; i++)
+       {
+               new_timeout *= 2;
+       }
+       
+       *timeout = new_timeout;
+       
+       return SUCCESS;
+}
+
+/**
+ * Implementation of starter_configuration_t.get_half_open_ike_sa_timeout.
+ */
+static u_int32_t get_half_open_ike_sa_timeout (private_starter_configuration_t *this)
+{
+       return this->half_open_ike_sa_timeout;
+}
+
+/**
+ * Implementation of starter_configuration_t.destroy.
+ */
+static void destroy(private_starter_configuration_t *this)
+{
+       this->logger->log(this->logger,CONTROL | LEVEL1, "Going to destroy configuration backend ");
+
+       this->logger->log(this->logger,CONTROL | LEVEL2, "Destroy configuration entries");
+       while (this->configurations->get_count(this->configurations) > 0)
+       {
+               configuration_entry_t *entry;
+               this->configurations->remove_first(this->configurations,(void **) &entry);
+               entry->destroy(entry);
+       }
+       this->configurations->destroy(this->configurations);
+
+       this->logger->log(this->logger,CONTROL | LEVEL2, "Destroy sa_config_t objects");        
+       while (this->sa_configs->get_count(this->sa_configs) > 0)
+       {
+               sa_config_t *sa_config;
+               this->sa_configs->remove_first(this->sa_configs,(void **) &sa_config);
+               sa_config->destroy(sa_config);
+       }
+
+       this->sa_configs->destroy(this->sa_configs);
+       
+       this->logger->log(this->logger,CONTROL | LEVEL2, "Destroy init_config_t objects");
+       while (this->init_configs->get_count(this->init_configs) > 0)
+       {
+               init_config_t *init_config;
+               this->init_configs->remove_first(this->init_configs,(void **) &init_config);
+               init_config->destroy(init_config);
+       }
+       this->init_configs->destroy(this->init_configs);
+       
+       while (this->preshared_secrets->get_count(this->preshared_secrets) > 0)
+       {
+               preshared_secret_entry_t *entry;
+               this->preshared_secrets->remove_first(this->preshared_secrets,(void **) &entry);
+               entry->identification->destroy(entry->identification);
+               allocator_free_chunk(&(entry->preshared_secret));
+               allocator_free(entry);
+       }
+       this->preshared_secrets->destroy(this->preshared_secrets);
+
+       this->logger->log(this->logger,CONTROL | LEVEL2, "Destroy rsa private keys");   
+       while (this->rsa_private_keys->get_count(this->rsa_private_keys) > 0)
+       {
+               rsa_private_key_entry_t *entry;
+               this->rsa_private_keys->remove_first(this->rsa_private_keys,(void **) &entry);
+               entry->identification->destroy(entry->identification);
+               entry->private_key->destroy(entry->private_key);
+               allocator_free(entry);
+       }
+       this->rsa_private_keys->destroy(this->rsa_private_keys);
+
+       this->logger->log(this->logger,CONTROL | LEVEL2, "Destroy rsa public keys");
+       while (this->rsa_public_keys->get_count(this->rsa_public_keys) > 0)
+       {
+               rsa_public_key_entry_t *entry;
+               this->rsa_public_keys->remove_first(this->rsa_public_keys,(void **) &entry);
+               entry->identification->destroy(entry->identification);
+               entry->public_key->destroy(entry->public_key);
+               allocator_free(entry);
+       }
+       this->rsa_public_keys->destroy(this->rsa_public_keys);
+               
+       this->logger->log(this->logger,CONTROL | LEVEL2, "Destroy assigned logger");
+       charon->logger_manager->destroy_logger(charon->logger_manager,this->logger);
+       close(this->socket);
+       unlink(socket_addr.sun_path);
+       allocator_free(this);
+}
+
+/*
+ * Described in header-file
+ */
+starter_configuration_t *starter_configuration_create()
+{
+       private_starter_configuration_t *this = allocator_alloc_thing(private_starter_configuration_t);
+       mode_t old;
+       bool on = TRUE;
+
+       /* public functions */
+       this->public.configuration_interface.destroy = (void(*)(configuration_t*))destroy;
+       this->public.configuration_interface.get_init_config_for_name = (status_t (*) (configuration_t *, char *, init_config_t **)) get_init_config_for_name;
+       this->public.configuration_interface.get_init_config_for_host = (status_t (*) (configuration_t *, host_t *, host_t *,init_config_t **)) get_init_config_for_host;
+       this->public.configuration_interface.get_sa_config_for_name =(status_t (*) (configuration_t *, char *, sa_config_t **)) get_sa_config_for_name;
+       this->public.configuration_interface.get_sa_config_for_init_config_and_id =(status_t (*) (configuration_t *, init_config_t *, identification_t *, identification_t *,sa_config_t **)) get_sa_config_for_init_config_and_id;
+       this->public.configuration_interface.get_retransmit_timeout = (status_t (*) (configuration_t *, u_int32_t retransmit_count, u_int32_t *timeout))get_retransmit_timeout;
+       this->public.configuration_interface.get_half_open_ike_sa_timeout = (u_int32_t (*) (configuration_t *)) get_half_open_ike_sa_timeout;
+       this->public.configuration_interface.get_shared_secret = (status_t (*) (configuration_t *, identification_t *, chunk_t *))get_shared_secret;
+       this->public.configuration_interface.get_rsa_private_key = (status_t (*) (configuration_t *, identification_t *, rsa_private_key_t**))get_rsa_private_key;
+       this->public.configuration_interface.get_rsa_public_key = (status_t (*) (configuration_t *, identification_t *, rsa_public_key_t**))get_rsa_public_key;
+       
+       /* private functions */
+       this->add_new_configuration = add_new_configuration;
+       this->add_new_preshared_secret = add_new_preshared_secret;
+       this->add_new_rsa_public_key = add_new_rsa_public_key;
+       this->add_new_rsa_private_key = add_new_rsa_private_key;
+       this->whack_receive = whack_receive;
+       
+       this->logger = charon->logger_manager->create_logger(charon->logger_manager,CONFIG,NULL);
+       
+       /* set up unix socket */
+       this->socket = socket(AF_UNIX, SOCK_STREAM, 0);
+       if (this->socket == -1)
+       {
+               this->logger->log(this->logger, ERROR, "could not create whack socket");
+               charon->logger_manager->destroy_logger(charon->logger_manager,this->logger);
+               allocator_free(this);
+               return NULL;
+       }
+       if (fcntl(this->socket, F_SETFD, FD_CLOEXEC) < 0)
+       {
+               this->logger->log(this->logger, ERROR, "could not FD_CLOEXEC on whack socket");
+               charon->logger_manager->destroy_logger(charon->logger_manager,this->logger);
+               close(this->socket);
+               allocator_free(this);
+               return NULL;
+       }
+       if (setsockopt(this->socket, SOL_SOCKET, SO_REUSEADDR, (const void *)&on, sizeof(on)) < 0)
+       
+       old = umask(~S_IRWXU);
+       if (bind(this->socket, (struct sockaddr *)&socket_addr, sizeof(socket_addr)) < 0)
+       {
+               this->logger->log(this->logger, ERROR, "could not bind whack socket: %s", strerror(errno));
+               charon->logger_manager->destroy_logger(charon->logger_manager,this->logger);
+               close(this->socket);
+               allocator_free(this);
+               return NULL;
+       }
+       umask(old);
+       
+       if (listen(this->socket, 0) < 0)
+       {
+               this->logger->log(this->logger, ERROR, "could not listen on whack socket: %s", strerror(errno));
+               charon->logger_manager->destroy_logger(charon->logger_manager,this->logger);
+               close(this->socket);
+               unlink(socket_addr.sun_path);
+               allocator_free(this);
+               return NULL;
+       }
+       
+       /* start a thread reading from the socket */
+       if (pthread_create(&(this->assigned_thread), NULL, (void*(*)(void*))this->whack_receive, this) != 0)
+       {
+               this->logger->log(this->logger, ERROR, "Could not spawn whack thread");
+               charon->logger_manager->destroy_logger(charon->logger_manager, this->logger);
+               close(this->socket);
+               unlink(socket_addr.sun_path);
+               allocator_free(this);
+       }
+       
+       /* private variables */
+       this->configurations = linked_list_create();
+       this->sa_configs = linked_list_create();
+       this->init_configs = linked_list_create();
+       this->preshared_secrets = linked_list_create();
+       this->rsa_private_keys = linked_list_create();
+       this->rsa_public_keys = linked_list_create();
+       this->max_retransmit_count = MAX_RETRANSMIT_COUNT;
+       this->first_retransmit_timeout = RETRANSMIT_TIMEOUT;
+       this->half_open_ike_sa_timeout = HALF_OPEN_IKE_SA_TIMEOUT;
+       
+       return (&this->public);
+}
diff --git a/Source/charon/config/starter_configuration.h b/Source/charon/config/starter_configuration.h
new file mode 100644 (file)
index 0000000..408b84e
--- /dev/null
@@ -0,0 +1,60 @@
+/**
+ * @file starter_configuration_t.h
+ *
+ * @brief Interface of starter_configuration_t.
+ *
+ */
+
+/*
+ * Copyright (C) 2005 Jan Hutter, Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#ifndef STARTER_CONFIGURATION_H_
+#define STARTER_CONFIGURATION_H_
+
+#include <config/configuration.h>
+
+
+typedef struct starter_configuration_t starter_configuration_t;
+
+/**
+ * @brief A config backend which uses the ipsec starter
+ * from pluto, wich parses config files.
+ * 
+ * This configuration implementation opens a Whack-Socket
+ * and waits for input from ipsec starter.
+ * 
+ * @b Constructors:
+ * - starter_configuration_create()
+ * 
+ * @ingroup config
+ */
+struct starter_configuration_t { 
+
+       /**
+        * Implements configuration_t interface
+        */
+       configuration_t configuration_interface;
+};
+
+/**
+ * @brief Creates an configuration using ipsec starter as input.
+ * 
+ * @return starter_configuration_t object
+ * 
+ * @ingroup config
+ */
+starter_configuration_t *starter_configuration_create();
+
+#endif /*STARTER_CONFIGURATION_H_*/
diff --git a/Source/charon/config/static_configuration.c b/Source/charon/config/static_configuration.c
new file mode 100755 (executable)
index 0000000..0cec6e1
--- /dev/null
@@ -0,0 +1,1053 @@
+/**
+ * @file static_configuration.c
+ * 
+ * @brief Implementation of static_configuration_t.
+ * 
+ */
+
+/*
+ * Copyright (C) 2005 Jan Hutter, Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include <stdlib.h>
+
+#include "static_configuration.h"
+
+#include <types.h>
+#include <daemon.h>
+#include <utils/allocator.h>
+
+/**
+ * First retransmit timeout in milliseconds.
+ * 
+ * Timeout value is increasing in each retransmit round.
+ */
+#define RETRANSMIT_TIMEOUT 3000
+
+/**
+ * Timeout in milliseconds after that a half open IKE_SA gets deleted.
+ */
+#define HALF_OPEN_IKE_SA_TIMEOUT 30000
+
+/**
+ * Max retransmit count.
+ * 0 for infinite. The max time a half open IKE_SA is alive is set by 
+ * RETRANSMIT_TIMEOUT.
+ */
+#define MAX_RETRANSMIT_COUNT 0
+
+
+typedef struct preshared_secret_entry_t preshared_secret_entry_t;
+
+/**
+ * A preshared secret entry combines an identifier and a 
+ * preshared secret.
+ */
+struct preshared_secret_entry_t {
+
+       /**
+        * Identification.
+        */
+       identification_t *identification;
+       
+       /**
+        * Preshared secret as chunk_t. The NULL termination is not included.
+        */     
+       chunk_t preshared_secret;
+};
+
+
+typedef struct rsa_private_key_entry_t rsa_private_key_entry_t;
+
+/**
+ * Entry for a rsa private key.
+ */
+struct rsa_private_key_entry_t {
+
+       /**
+        * Identification.
+        */
+       identification_t *identification;
+       
+       /**
+        * Private key.
+        */     
+       rsa_private_key_t* private_key;
+};
+
+typedef struct rsa_public_key_entry_t rsa_public_key_entry_t;
+
+/**
+ * Entry for a rsa private key.
+ */
+struct rsa_public_key_entry_t {
+
+       /**
+        * Identification.
+        */
+       identification_t *identification;
+       
+       /**
+        * Private key.
+        */     
+       rsa_public_key_t* public_key;
+};
+
+typedef struct configuration_entry_t configuration_entry_t;
+
+/* A configuration entry combines a configuration name with a init and sa 
+ * configuration represented as init_config_t and sa_config_t objects.
+ * 
+ * @b Constructors:
+ *  - configuration_entry_create()
+ */
+struct configuration_entry_t {
+       
+       /**
+        * Configuration name.
+        * 
+        */
+       char *name;
+       
+       /**
+        * Configuration for IKE_SA_INIT exchange.
+        */
+       init_config_t *init_config;
+
+       /**
+        * Configuration for all phases after IKE_SA_INIT exchange.
+        */
+       sa_config_t *sa_config;
+       
+       /**
+        * Destroys a configuration_entry_t
+        * 
+        * @param this                          calling object
+        */
+       void (*destroy) (configuration_entry_t *this);
+};
+
+/**
+ * Implementation of configuration_entry_t.destroy.
+ */
+static void configuration_entry_destroy (configuration_entry_t *this)
+{
+       allocator_free(this->name);
+       allocator_free(this);
+}
+
+/**
+ * @brief Creates a configuration_entry_t object.
+ * 
+ * @param name                         name of the configuration entry (gets copied)
+ * @param init_config  object of type init_config_t
+ * @param sa_config            object of type sa_config_t
+ */
+configuration_entry_t * configuration_entry_create(char * name, init_config_t * init_config, sa_config_t * sa_config)
+{
+       configuration_entry_t *entry = allocator_alloc_thing(configuration_entry_t);
+
+       /* functions */
+       entry->destroy = configuration_entry_destroy;
+
+       /* private data */
+       entry->init_config = init_config;
+       entry->sa_config = sa_config;
+       entry->name = allocator_alloc(strlen(name) + 1);
+       strcpy(entry->name,name);
+       return entry;
+}
+
+typedef struct private_static_configuration_t private_static_configuration_t;
+
+/**
+ * Private data of an static_configuration_t object.
+ */
+struct private_static_configuration_t {
+
+       /**
+        * Public part of static_configuration_t object.
+        */
+       static_configuration_t public;
+
+       /**
+        * Holding all configurations.
+        */
+       linked_list_t *configurations;
+
+       /**
+        * Holding all managed init_configs.
+        */
+       linked_list_t *init_configs;
+
+       /**
+        * Holding all managed init_configs.
+        */
+       linked_list_t *sa_configs;
+       
+       /**
+        * Holding all managed preshared secrets.
+        */
+       linked_list_t *preshared_secrets;
+       
+       /**
+        * Holding all managed private secrets.
+        */
+       linked_list_t *rsa_private_keys;
+       
+       /**
+        * Holding all managed public secrets.
+        */
+       linked_list_t *rsa_public_keys;
+
+       /**
+        * Assigned logger_t object.
+        */
+       logger_t *logger;
+       
+       /**
+        * Max number of requests to be retransmitted.
+        * 0 for infinite.
+        */     
+       u_int32_t max_retransmit_count;
+       
+       /**
+        * First retransmit timeout in ms.
+        */
+       u_int32_t first_retransmit_timeout;
+       
+       /**
+        * Timeout in ms after that time a IKE_SA gets deleted.
+        */
+       u_int32_t half_open_ike_sa_timeout;
+
+       /**
+        * Adds a new IKE_SA configuration.
+        * 
+        * @param this                          calling object
+        * @param name                          name for the configuration
+        * @param init_config           init_config_t object
+        * @param sa_config                     sa_config_t object
+        */
+       void (*add_new_configuration) (private_static_configuration_t *this, char *name, init_config_t *init_config, sa_config_t *sa_config);
+       
+       /**
+        * Adds a new preshared secret.
+        * 
+        * @param this                          calling object
+        * @param type                          type of identification
+        * @param id_string                     identification as string
+        * @param preshared_secret      preshared secret as string
+        */
+       void (*add_new_preshared_secret) (private_static_configuration_t *this,id_type_t type, char *id_string, char *preshared_secret);
+       
+       /**
+        * Adds a new rsa private key.
+        * 
+        * @param this                          calling object
+        * @param type                          type of identification
+        * @param id_string                     identification as string
+        * @param key_pos                       location of key
+        * @param key_len                       length of key
+        */
+       void (*add_new_rsa_private_key) (private_static_configuration_t *this,id_type_t type, char *id_string, u_int8_t *key_pos, size_t key_len);
+       
+       /**
+        * Adds a new rsa public key.
+        * 
+        * @param this                          calling object
+        * @param type                          type of identification
+        * @param id_string                     identification as string
+        * @param key_pos                       location of key
+        * @param key_len                       length of key
+        */
+       void (*add_new_rsa_public_key) (private_static_configuration_t *this,id_type_t type, char *id_string, u_int8_t *key_pos, size_t key_len);
+       
+       /**
+        * Load default configuration.
+        * 
+        * @param this                          calling object
+        */
+       void (*load_default_config) (private_static_configuration_t *this);
+};
+
+
+u_int8_t public_key_1[];
+u_int8_t private_key_1[];
+u_int8_t public_key_2[];
+u_int8_t private_key_2[];
+
+/**
+ * Implementation of private_static_configuration_t.load_default_config.
+ */
+static void load_default_config (private_static_configuration_t *this)
+{
+       init_config_t *init_config_a, *init_config_b;
+       proposal_t *proposal;
+       sa_config_t *sa_config_a, *sa_config_b;
+       traffic_selector_t *ts;
+       
+       init_config_a = init_config_create("0.0.0.0","192.168.0.2",IKEV2_UDP_PORT,IKEV2_UDP_PORT);
+       init_config_b = init_config_create("0.0.0.0","192.168.0.1",IKEV2_UDP_PORT,IKEV2_UDP_PORT);
+       
+       /* IKE proposals for alice */
+       proposal = proposal_create(1);
+       proposal->add_algorithm(proposal, IKE, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
+       proposal->add_algorithm(proposal, IKE, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0);
+       proposal->add_algorithm(proposal, IKE, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
+       proposal->add_algorithm(proposal, IKE, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 0);
+       proposal->add_algorithm(proposal, IKE, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
+       proposal->add_algorithm(proposal, IKE, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0);
+       init_config_a->add_proposal(init_config_a, proposal);
+       
+       /* IKE proposals for bob */
+       proposal = proposal_create(1);
+       proposal->add_algorithm(proposal, IKE, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
+       proposal->add_algorithm(proposal, IKE, ENCRYPTION_ALGORITHM, ENCR_3DES, 0);
+       proposal->add_algorithm(proposal, IKE, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
+       proposal->add_algorithm(proposal, IKE, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 0);
+       proposal->add_algorithm(proposal, IKE, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0);
+       init_config_b->add_proposal(init_config_b, proposal);
+       
+       sa_config_a = sa_config_create(ID_IPV4_ADDR, "192.168.0.1", 
+                                                                ID_IPV4_ADDR, "192.168.0.2",
+                                                                RSA_DIGITAL_SIGNATURE,
+                                                                30000);
+                                                                 
+       sa_config_b = sa_config_create(ID_IPV4_ADDR, "192.168.0.2", 
+                                                                ID_IPV4_ADDR, "192.168.0.1",
+                                                                RSA_DIGITAL_SIGNATURE,
+                                                                30000);
+       
+       /* traffic selectors alice */
+       ts = traffic_selector_create_from_string(0, TS_IPV4_ADDR_RANGE, "10.1.0.0", 0, "10.1.255.255", 65535);
+       sa_config_a->add_my_traffic_selector(sa_config_a,ts);
+       ts = traffic_selector_create_from_string(0, TS_IPV4_ADDR_RANGE, "10.2.0.0", 0, "10.2.255.255", 65535);
+       sa_config_a->add_other_traffic_selector(sa_config_a,ts);
+       
+       /* traffic selectors bob */
+       ts = traffic_selector_create_from_string(0, TS_IPV4_ADDR_RANGE, "10.2.0.0", 0, "10.2.255.255", 65535);
+       sa_config_b->add_my_traffic_selector(sa_config_b,ts);
+       ts = traffic_selector_create_from_string(0, TS_IPV4_ADDR_RANGE, "10.1.0.0", 0, "10.1.255.255", 65535);
+       sa_config_b->add_other_traffic_selector(sa_config_b,ts);
+       
+       /* child proposal for alice */
+       proposal = proposal_create(1);
+       
+//     proposal->add_algorithm(proposal, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
+//     proposal->add_algorithm(proposal, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0);
+//     proposal->add_algorithm(proposal, AH, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
+//     proposal->add_algorithm(proposal, AH, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0);
+//     proposal->add_algorithm(proposal, AH, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
+
+       proposal->add_algorithm(proposal, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
+       proposal->add_algorithm(proposal, ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
+       proposal->add_algorithm(proposal, ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0);
+//     proposal->add_algorithm(proposal, ESP, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0);
+//     proposal->add_algorithm(proposal, ESP, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
+//     proposal->add_algorithm(proposal, ESP, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
+       
+       sa_config_a->add_proposal(sa_config_a, proposal);
+       
+       /* child proposal for bob */
+       proposal = proposal_create(1);
+       
+//     proposal->add_algorithm(proposal, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
+//     proposal->add_algorithm(proposal, AH, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0);
+//     proposal->add_algorithm(proposal, AH, INTEGRITY_ALGORITHM, AUTH_DES_MAC, 0);
+//     proposal->add_algorithm(proposal, AH, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
+//     proposal->add_algorithm(proposal, AH, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
+
+       proposal->add_algorithm(proposal, ESP, ENCRYPTION_ALGORITHM, ENCR_3DES, 0);
+       proposal->add_algorithm(proposal, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
+       proposal->add_algorithm(proposal, ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
+//     proposal->add_algorithm(proposal, ESP, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
+//     proposal->add_algorithm(proposal, ESP, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
+       
+       sa_config_b->add_proposal(sa_config_b, proposal);
+       
+       this->add_new_configuration(this,"sun",init_config_a,sa_config_a);
+       this->add_new_configuration(this,"moon",init_config_b,sa_config_b);
+       
+       //this->add_new_preshared_secret(this,ID_IPV4_ADDR, "192.168.1.2","verschluesselt");
+       this->add_new_rsa_public_key(this,ID_IPV4_ADDR, "192.168.0.1", public_key_1, 256);
+       this->add_new_rsa_public_key(this,ID_IPV4_ADDR, "192.168.0.2", public_key_2, 256);
+       this->add_new_rsa_private_key(this,ID_IPV4_ADDR, "192.168.0.1", private_key_1, 1024);
+       this->add_new_rsa_private_key(this,ID_IPV4_ADDR, "192.168.0.2", private_key_2, 1024);
+}
+
+/**
+ * Implementation of static_configuration_t.get_init_config_for_host.
+ */
+static status_t get_init_config_for_host (private_static_configuration_t *this, host_t *my_host, host_t *other_host,init_config_t **init_config)
+{
+       iterator_t *iterator;
+       status_t status = NOT_FOUND;
+       
+       iterator = this->configurations->create_iterator(this->configurations,TRUE);
+       
+       this->logger->log(this->logger, CONTROL|LEVEL1, "getting config for hosts %s - %s", 
+                                               my_host->get_address(my_host), other_host->get_address(other_host));
+       
+       while (iterator->has_next(iterator))
+       {
+               configuration_entry_t *entry;
+               host_t *config_my_host;
+               host_t *config_other_host;
+               
+               iterator->current(iterator,(void **) &entry);
+
+               config_my_host = entry->init_config->get_my_host(entry->init_config);
+               config_other_host = entry->init_config->get_other_host(entry->init_config);
+
+               /* first check if ip is equal */
+               if(config_other_host->ip_is_equal(config_other_host,other_host))
+               {
+                       this->logger->log(this->logger, CONTROL|LEVEL2, "config entry with remote host %s", 
+                                               config_other_host->get_address(config_other_host));
+                       /* could be right one, check my_host for default route*/
+                       if (config_my_host->is_default_route(config_my_host))
+                       {
+                               *init_config = entry->init_config;
+                               status = SUCCESS;
+                               break;
+                       }
+                       /* check now if host informations are the same */
+                       else if (config_my_host->ip_is_equal(config_my_host,my_host))
+                       {
+                               *init_config = entry->init_config;
+                               status = SUCCESS;
+                               break;
+                       }
+                       
+               }
+               /* Then check for wildcard hosts!
+                * TODO
+                * actually its only checked if other host with default route can be found! */
+               else if (config_other_host->is_default_route(config_other_host))
+               {
+                       /* could be right one, check my_host for default route*/
+                       if (config_my_host->is_default_route(config_my_host))
+                       {
+                               *init_config = entry->init_config;
+                               status = SUCCESS;
+                               break;
+                       }
+                       /* check now if host informations are the same */
+                       else if (config_my_host->ip_is_equal(config_my_host,my_host))
+                       {
+                               *init_config = entry->init_config;
+                               status = SUCCESS;
+                               break;
+                       }
+               }
+       }
+       
+       iterator->destroy(iterator);
+       
+       return status;
+}
+
+/**
+ * Implementation of static_configuration_t.get_init_config_for_name.
+ */
+static status_t get_init_config_for_name (private_static_configuration_t *this, char *name, init_config_t **init_config)
+{
+       iterator_t *iterator;
+       status_t status = NOT_FOUND;
+       
+       iterator = this->configurations->create_iterator(this->configurations,TRUE);
+       
+       while (iterator->has_next(iterator))
+       {
+               configuration_entry_t *entry;
+               iterator->current(iterator,(void **) &entry);
+
+               if (strcmp(entry->name,name) == 0)
+               {
+
+                       /* found configuration */
+                       *init_config = entry->init_config;
+                       status = SUCCESS;
+                       break;
+               }
+       }
+       
+       iterator->destroy(iterator);
+       
+       return status;
+}
+       
+/**
+ * Implementation of static_configuration_t.get_sa_config_for_name.
+ */
+static status_t get_sa_config_for_name (private_static_configuration_t *this, char *name, sa_config_t **sa_config)
+{
+       iterator_t *iterator;
+       status_t status = NOT_FOUND;
+       
+       iterator = this->configurations->create_iterator(this->configurations,TRUE);
+       
+       while (iterator->has_next(iterator))
+       {
+               configuration_entry_t *entry;
+               iterator->current(iterator,(void **) &entry);
+
+               if (strcmp(entry->name,name) == 0)
+               {
+                       /* found configuration */
+                       *sa_config = entry->sa_config;
+                       status = SUCCESS;
+                       break;
+               }
+       }
+       
+       iterator->destroy(iterator);
+       
+       return status;
+}
+
+/**
+ * Implementation of static_configuration_t.get_sa_config_for_init_config_and_id.
+ */
+static status_t get_sa_config_for_init_config_and_id (private_static_configuration_t *this, init_config_t *init_config, identification_t *other_id, identification_t *my_id,sa_config_t **sa_config)
+{      
+       iterator_t *iterator;
+       status_t status = NOT_FOUND;
+       
+       iterator = this->configurations->create_iterator(this->configurations,TRUE);
+       
+       while (iterator->has_next(iterator))
+       {
+               configuration_entry_t *entry;
+               iterator->current(iterator,(void **) &entry);
+
+               if (entry->init_config == init_config)
+               {
+                       identification_t *config_my_id = entry->sa_config->get_my_id(entry->sa_config);
+                       identification_t *config_other_id = entry->sa_config->get_other_id(entry->sa_config);
+
+                       /* host informations seem to be the same */
+                       if (config_other_id->equals(config_other_id,other_id))
+                       {
+                               /* other ids seems to match */
+                               
+                               if (my_id == NULL)
+                               {
+                                       /* first matching one is selected */
+                                       
+                                       /* TODO priorize found entries */
+                                       *sa_config = entry->sa_config;
+                                       status = SUCCESS;
+                                       break;
+                               }
+
+                               if (config_my_id->equals(config_my_id,my_id))
+                               {
+                                       *sa_config = entry->sa_config;
+                                       status = SUCCESS;
+                                       break;
+                               }
+
+                       }
+               }
+       }
+       
+       iterator->destroy(iterator);
+       
+       return status;
+}
+
+/**
+ * Implementation of private_static_configuration_t.add_new_configuration.
+ */
+static void add_new_configuration (private_static_configuration_t *this, char *name, init_config_t *init_config, sa_config_t *sa_config)
+{
+       iterator_t *iterator;
+       bool found;
+       
+       iterator = this->init_configs->create_iterator(this->init_configs,TRUE);
+       found = FALSE;
+       while (iterator->has_next(iterator))
+       {
+               init_config_t *found_init_config;
+               iterator->current(iterator,(void **) &found_init_config);
+               if (init_config == found_init_config)
+               {
+                       found = TRUE;
+                       break;
+               }
+       }
+       iterator->destroy(iterator);
+       if (!found)
+       {
+               this->init_configs->insert_first(this->init_configs,init_config);
+       }
+       
+       iterator = this->sa_configs->create_iterator(this->sa_configs,TRUE);
+       found = FALSE;
+       while (iterator->has_next(iterator))
+       {
+               sa_config_t *found_sa_config;
+               iterator->current(iterator,(void **) &found_sa_config);
+               if (sa_config == found_sa_config)
+               {
+                       found = TRUE;
+                       break;
+               }
+       }
+       iterator->destroy(iterator);
+       if (!found)
+       {
+               this->sa_configs->insert_first(this->sa_configs,sa_config);
+       }
+
+       this->configurations->insert_last(this->configurations,configuration_entry_create(name,init_config,sa_config));
+}
+
+/**
+ * Implementation of private_static_configuration_t.add_new_preshared_secret.
+ */
+static void add_new_preshared_secret (private_static_configuration_t *this,id_type_t type, char *id_string, char *preshared_secret)
+{
+       preshared_secret_entry_t *entry = allocator_alloc_thing(preshared_secret_entry_t);
+       
+       entry->identification = identification_create_from_string(type,id_string);
+       entry->preshared_secret.len = strlen(preshared_secret) + 1;
+       entry->preshared_secret.ptr = allocator_alloc(entry->preshared_secret.len);
+       memcpy(entry->preshared_secret.ptr,preshared_secret,entry->preshared_secret.len);
+       
+       this->preshared_secrets->insert_last(this->preshared_secrets,entry);
+}
+
+/**
+ * Implementation of private_static_configuration_t.add_new_preshared_secret.
+ */
+static void add_new_rsa_public_key (private_static_configuration_t *this, id_type_t type, char *id_string, u_int8_t* key_pos, size_t key_len)
+{
+       chunk_t key;
+       key.ptr = key_pos;
+       key.len = key_len;
+       
+       rsa_public_key_entry_t *entry = allocator_alloc_thing(rsa_public_key_entry_t);
+       
+       entry->identification = identification_create_from_string(type,id_string);
+       entry->public_key = rsa_public_key_create();
+       entry->public_key->set_key(entry->public_key, key);
+       
+       this->rsa_public_keys->insert_last(this->rsa_public_keys, entry);
+}
+
+/**
+ * Implementation of private_static_configuration_t.add_new_preshared_secret.
+ */
+static void add_new_rsa_private_key (private_static_configuration_t *this, id_type_t type, char *id_string, u_int8_t* key_pos, size_t key_len)
+{
+       chunk_t key;
+       key.ptr = key_pos;
+       key.len = key_len;
+       
+       rsa_private_key_entry_t *entry = allocator_alloc_thing(rsa_private_key_entry_t);
+       
+       entry->identification = identification_create_from_string(type,id_string);
+       entry->private_key = rsa_private_key_create();
+       entry->private_key->set_key(entry->private_key, key);
+       
+       this->rsa_private_keys->insert_last(this->rsa_private_keys, entry);
+}
+
+/**
+ * Implementation of static_configuration_t.get_shared_secret.
+ */
+static status_t get_shared_secret(private_static_configuration_t *this, identification_t *identification, chunk_t *preshared_secret)
+{
+       iterator_t *iterator;
+       
+       iterator = this->preshared_secrets->create_iterator(this->preshared_secrets,TRUE);
+       while (iterator->has_next(iterator))
+       {
+               preshared_secret_entry_t *entry;
+               iterator->current(iterator,(void **) &entry);
+               if (entry->identification->equals(entry->identification,identification))
+               {
+                       *preshared_secret = entry->preshared_secret;
+                       iterator->destroy(iterator);
+                       return SUCCESS;
+               }
+       }
+       iterator->destroy(iterator);
+       return NOT_FOUND;
+}
+
+/**
+ * Implementation of static_configuration_t.get_shared_secret.
+ */
+static status_t get_rsa_public_key(private_static_configuration_t *this, identification_t *identification, rsa_public_key_t **public_key)
+{
+       iterator_t *iterator;
+       
+       iterator = this->rsa_public_keys->create_iterator(this->rsa_public_keys,TRUE);
+       while (iterator->has_next(iterator))
+       {
+               rsa_public_key_entry_t *entry;
+               iterator->current(iterator,(void **) &entry);
+               if (entry->identification->equals(entry->identification,identification))
+               {
+                       *public_key = entry->public_key;
+                       iterator->destroy(iterator);
+                       return SUCCESS;
+               }
+       }
+       iterator->destroy(iterator);
+       return NOT_FOUND;
+}
+
+/**
+ * Implementation of static_configuration_t.get_shared_secret.
+ */
+static status_t get_rsa_private_key(private_static_configuration_t *this, identification_t *identification, rsa_private_key_t **private_key)
+{
+       iterator_t *iterator;
+       
+       iterator = this->rsa_private_keys->create_iterator(this->rsa_private_keys,TRUE);
+       while (iterator->has_next(iterator))
+       {
+               rsa_private_key_entry_t *entry;
+               iterator->current(iterator,(void **) &entry);
+               if (entry->identification->equals(entry->identification,identification))
+               {
+                       *private_key = entry->private_key;
+                       iterator->destroy(iterator);
+                       return SUCCESS;
+               }
+       }
+       iterator->destroy(iterator);
+       return NOT_FOUND;
+}
+
+/**
+ * Implementation of static_configuration_t.get_retransmit_timeout.
+ */
+static status_t get_retransmit_timeout (private_static_configuration_t *this, u_int32_t retransmit_count, u_int32_t *timeout)
+{
+       int new_timeout = this->first_retransmit_timeout, i;
+       if ((retransmit_count > this->max_retransmit_count) && (this->max_retransmit_count != 0))
+       {
+               return FAILED;
+       }
+       
+
+       for (i = 0; i < retransmit_count; i++)
+       {
+               new_timeout *= 2;
+       }
+       
+       *timeout = new_timeout;
+       
+       return SUCCESS;
+}
+
+/**
+ * Implementation of static_configuration_t.get_half_open_ike_sa_timeout.
+ */
+static u_int32_t get_half_open_ike_sa_timeout (private_static_configuration_t *this)
+{
+       return this->half_open_ike_sa_timeout;
+}
+
+/**
+ * Implementation of static_configuration_t.destroy.
+ */
+static void destroy(private_static_configuration_t *this)
+{
+       this->logger->log(this->logger,CONTROL | LEVEL1, "Going to destroy configuration backend ");
+
+       this->logger->log(this->logger,CONTROL | LEVEL2, "Destroy configuration entries");
+       while (this->configurations->get_count(this->configurations) > 0)
+       {
+               configuration_entry_t *entry;
+               this->configurations->remove_first(this->configurations,(void **) &entry);
+               entry->destroy(entry);
+       }
+       this->configurations->destroy(this->configurations);
+
+       this->logger->log(this->logger,CONTROL | LEVEL2, "Destroy sa_config_t objects");        
+       while (this->sa_configs->get_count(this->sa_configs) > 0)
+       {
+               sa_config_t *sa_config;
+               this->sa_configs->remove_first(this->sa_configs,(void **) &sa_config);
+               sa_config->destroy(sa_config);
+       }
+
+       this->sa_configs->destroy(this->sa_configs);
+       
+       this->logger->log(this->logger,CONTROL | LEVEL2, "Destroy init_config_t objects");
+       while (this->init_configs->get_count(this->init_configs) > 0)
+       {
+               init_config_t *init_config;
+               this->init_configs->remove_first(this->init_configs,(void **) &init_config);
+               init_config->destroy(init_config);
+       }
+       this->init_configs->destroy(this->init_configs);
+       
+       while (this->preshared_secrets->get_count(this->preshared_secrets) > 0)
+       {
+               preshared_secret_entry_t *entry;
+               this->preshared_secrets->remove_first(this->preshared_secrets,(void **) &entry);
+               entry->identification->destroy(entry->identification);
+               allocator_free_chunk(&(entry->preshared_secret));
+               allocator_free(entry);
+       }
+       this->preshared_secrets->destroy(this->preshared_secrets);
+
+       this->logger->log(this->logger,CONTROL | LEVEL2, "Destroy rsa private keys");   
+       while (this->rsa_private_keys->get_count(this->rsa_private_keys) > 0)
+       {
+               rsa_private_key_entry_t *entry;
+               this->rsa_private_keys->remove_first(this->rsa_private_keys,(void **) &entry);
+               entry->identification->destroy(entry->identification);
+               entry->private_key->destroy(entry->private_key);
+               allocator_free(entry);
+       }
+       this->rsa_private_keys->destroy(this->rsa_private_keys);
+
+       this->logger->log(this->logger,CONTROL | LEVEL2, "Destroy rsa public keys");
+       while (this->rsa_public_keys->get_count(this->rsa_public_keys) > 0)
+       {
+               rsa_public_key_entry_t *entry;
+               this->rsa_public_keys->remove_first(this->rsa_public_keys,(void **) &entry);
+               entry->identification->destroy(entry->identification);
+               entry->public_key->destroy(entry->public_key);
+               allocator_free(entry);
+       }
+       this->rsa_public_keys->destroy(this->rsa_public_keys);
+               
+       this->logger->log(this->logger,CONTROL | LEVEL2, "Destroy assigned logger");
+       charon->logger_manager->destroy_logger(charon->logger_manager,this->logger);
+       allocator_free(this);
+}
+
+/*
+ * Described in header-file
+ */
+static_configuration_t *static_configuration_create()
+{
+       private_static_configuration_t *this = allocator_alloc_thing(private_static_configuration_t);
+
+       /* public functions */
+       this->public.configuration_interface.destroy = (void(*)(configuration_t*))destroy;
+       this->public.configuration_interface.get_init_config_for_name = (status_t (*) (configuration_t *, char *, init_config_t **)) get_init_config_for_name;
+       this->public.configuration_interface.get_init_config_for_host = (status_t (*) (configuration_t *, host_t *, host_t *,init_config_t **)) get_init_config_for_host;
+       this->public.configuration_interface.get_sa_config_for_name =(status_t (*) (configuration_t *, char *, sa_config_t **)) get_sa_config_for_name;
+       this->public.configuration_interface.get_sa_config_for_init_config_and_id =(status_t (*) (configuration_t *, init_config_t *, identification_t *, identification_t *,sa_config_t **)) get_sa_config_for_init_config_and_id;
+       this->public.configuration_interface.get_retransmit_timeout = (status_t (*) (configuration_t *, u_int32_t retransmit_count, u_int32_t *timeout))get_retransmit_timeout;
+       this->public.configuration_interface.get_half_open_ike_sa_timeout = (u_int32_t (*) (configuration_t *)) get_half_open_ike_sa_timeout;
+       this->public.configuration_interface.get_shared_secret = (status_t (*) (configuration_t *, identification_t *, chunk_t *))get_shared_secret;
+       this->public.configuration_interface.get_rsa_private_key = (status_t (*) (configuration_t *, identification_t *, rsa_private_key_t**))get_rsa_private_key;
+       this->public.configuration_interface.get_rsa_public_key = (status_t (*) (configuration_t *, identification_t *, rsa_public_key_t**))get_rsa_public_key;
+       
+       /* private functions */
+       this->load_default_config = load_default_config;
+       this->add_new_configuration = add_new_configuration;
+       this->add_new_preshared_secret = add_new_preshared_secret;
+       this->add_new_rsa_public_key = add_new_rsa_public_key;
+       this->add_new_rsa_private_key = add_new_rsa_private_key;
+       
+       /* private variables */
+       this->logger = charon->logger_manager->create_logger(charon->logger_manager,CONFIG,NULL);
+       this->configurations = linked_list_create();
+       this->sa_configs = linked_list_create();
+       this->init_configs = linked_list_create();
+       this->preshared_secrets = linked_list_create();
+       this->rsa_private_keys = linked_list_create();
+       this->rsa_public_keys = linked_list_create();
+       this->max_retransmit_count = MAX_RETRANSMIT_COUNT;
+       this->first_retransmit_timeout = RETRANSMIT_TIMEOUT;
+       this->half_open_ike_sa_timeout = HALF_OPEN_IKE_SA_TIMEOUT;
+       
+       this->load_default_config(this);
+
+       return (&this->public);
+}
+
+
+u_int8_t public_key_1[] = {
+       0xD4,0x8D,0x40,0x8E,0xBD,0xFC,0x6D,0xE9,0xDB,0x1C,0xD2,0x21,0x19,0x37,0x6B,0xE2,
+       0xDC,0xCE,0x74,0xA2,0x63,0xF6,0xD8,0x8D,0xAF,0x1C,0xC0,0xFF,0x07,0x3F,0xFB,0x52,
+       0x59,0x45,0x01,0x10,0x35,0xA9,0xB8,0x16,0x69,0x31,0x19,0x4F,0xDD,0x66,0xAD,0xAC,
+       0x80,0x11,0x33,0x38,0x5A,0x11,0xF9,0x33,0x3F,0xD2,0x41,0x4A,0x21,0x9B,0x54,0x44,
+       0x00,0xB6,0x07,0x33,0x4A,0x5B,0x4E,0x09,0x7C,0x9D,0xB8,0xDE,0x6B,0xA2,0xB2,0x78,
+       0x23,0x3D,0xF0,0xB7,0x37,0x2B,0x7A,0x71,0x50,0x6E,0xEA,0x93,0x3E,0xB5,0x2C,0xBD,
+       0xD6,0x08,0x43,0x12,0x0A,0xE8,0x8D,0xE6,0x6C,0x24,0xCC,0x3F,0xF7,0x18,0x7E,0x87,
+       0x59,0x0C,0xA9,0x5D,0x85,0xF8,0x6E,0x83,0xD8,0x18,0x77,0x07,0xB6,0x44,0x3C,0x8D,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x01
+};
+
+u_int8_t private_key_1[] = {
+       0xD4,0x8D,0x40,0x8E,0xBD,0xFC,0x6D,0xE9,0xDB,0x1C,0xD2,0x21,0x19,0x37,0x6B,0xE2,
+       0xDC,0xCE,0x74,0xA2,0x63,0xF6,0xD8,0x8D,0xAF,0x1C,0xC0,0xFF,0x07,0x3F,0xFB,0x52,
+       0x59,0x45,0x01,0x10,0x35,0xA9,0xB8,0x16,0x69,0x31,0x19,0x4F,0xDD,0x66,0xAD,0xAC,
+       0x80,0x11,0x33,0x38,0x5A,0x11,0xF9,0x33,0x3F,0xD2,0x41,0x4A,0x21,0x9B,0x54,0x44,
+       0x00,0xB6,0x07,0x33,0x4A,0x5B,0x4E,0x09,0x7C,0x9D,0xB8,0xDE,0x6B,0xA2,0xB2,0x78,
+       0x23,0x3D,0xF0,0xB7,0x37,0x2B,0x7A,0x71,0x50,0x6E,0xEA,0x93,0x3E,0xB5,0x2C,0xBD,
+       0xD6,0x08,0x43,0x12,0x0A,0xE8,0x8D,0xE6,0x6C,0x24,0xCC,0x3F,0xF7,0x18,0x7E,0x87,
+       0x59,0x0C,0xA9,0x5D,0x85,0xF8,0x6E,0x83,0xD8,0x18,0x77,0x07,0xB6,0x44,0x3C,0x8D,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x01,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0xEE,0xF2,0x37,0xF2,0x98,0xEB,0x33,0xC6,0x84,0xE8,0xB9,0xD1,0x18,0xB5,0x29,0x00,
+       0xAC,0x6B,0x78,0xBC,0x9E,0xB6,0x01,0x21,0x29,0xEE,0x4A,0x99,0xFB,0x3D,0x07,0x23,
+       0x77,0x84,0x93,0x4B,0x53,0x49,0xB0,0xA4,0x6F,0xB0,0xF5,0x50,0xDB,0x35,0xDD,0xDF,
+       0x41,0x6F,0x7B,0xA9,0x88,0x3D,0x0B,0x1C,0x2E,0x2B,0x44,0x35,0x24,0x72,0x66,0xC1,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0xE3,0xB8,0xC8,0x30,0x67,0xD0,0x5D,0xF1,0x32,0x64,0xDC,0x4B,0xB3,0x7E,0xE3,0x1A,
+       0xC5,0xBC,0xAC,0xC9,0x95,0x5C,0x96,0x0D,0x5A,0x52,0x90,0xE0,0x08,0x3F,0xA6,0x71,
+       0xC7,0x18,0xC5,0x64,0xA2,0xE4,0xB8,0x43,0x5A,0x8A,0x7A,0x9B,0xDF,0xDA,0x81,0x85,
+       0x6C,0x0F,0xA4,0xC9,0xAC,0x25,0x19,0x54,0xFE,0x75,0xAA,0x1D,0x22,0xB8,0xF4,0xCD,
+       0x1A,0x91,0xC2,0xA3,0x65,0x3F,0xD7,0xFC,0x7E,0xE1,0x92,0x29,0xC5,0x85,0x6E,0x44,
+       0xC8,0x4D,0xBD,0x7A,0x2C,0x2D,0x47,0xE2,0x24,0x24,0xDF,0xC2,0x31,0x65,0x8F,0xD4,
+       0xBA,0x28,0x7C,0x4A,0xCA,0xAE,0x79,0xBE,0xC1,0x6C,0xFC,0x09,0x45,0xF7,0x87,0x17,
+       0xB4,0x55,0x92,0x15,0xC5,0xFA,0x8F,0xB0,0x56,0x96,0xC1,0x87,0x12,0xFE,0xDF,0xF0,
+       0x3A,0xE1,0xB1,0x83,0x19,0x74,0xF0,0x7D,0x37,0x41,0x3E,0x6A,0xFE,0x33,0x3E,0x74,
+       0x01,0x45,0xE4,0x65,0xAE,0xC9,0xAE,0x64,0xE3,0xF1,0x90,0xFD,0x1A,0x30,0x44,0x82,
+       0xEE,0x34,0x94,0xF2,0x68,0x3D,0x61,0x90,0xFB,0xEB,0xD8,0x18,0xE6,0x7C,0xEC,0x69,
+       0x70,0xD0,0xEB,0x2F,0xC1,0x3D,0x9C,0x6A,0x4B,0x89,0x50,0x6B,0x3F,0xA5,0x38,0x41,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x65,0xEE,0x34,0x09,0xAC,0x4C,0x21,0x71,0x1D,0x3F,0x7E,0x0D,0x01,0xC2,0x3E,0x34,
+       0x88,0x58,0xEC,0x4F,0x62,0x50,0xF7,0xD8,0x62,0xDF,0xC1,0x39,0x40,0xA0,0xBF,0x0B,
+       0xD5,0x2F,0x5B,0xFA,0x35,0x14,0x69,0x63,0x2C,0x36,0x4B,0xDF,0xEB,0x33,0x66,0x6B,
+       0x97,0xA9,0x6C,0x12,0x5D,0x08,0xD5,0x55,0x77,0x28,0x83,0xD7,0x3B,0xAE,0x05,0xC1,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x9F,0x96,0x17,0x75,0x14,0xCB,0xC9,0x8A,0x06,0xAE,0xF8,0x53,0x74,0xEF,0x2F,0x68,
+       0xCB,0xBA,0x75,0xBC,0xAF,0x97,0xBA,0xF0,0x90,0xA3,0xDC,0x33,0xA4,0x94,0x36,0xA8,
+       0xF5,0xC6,0x3E,0x4F,0x50,0x78,0xC9,0x49,0x2A,0x62,0x71,0x9A,0x5B,0x3E,0x5E,0x16,
+       0x8A,0xAC,0x4B,0xE7,0xA9,0x64,0x36,0x64,0x82,0x0F,0x23,0xB0,0x57,0x6D,0x16,0xE1,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x25,0xF1,0x40,0x05,0x58,0x19,0x37,0x61,0x34,0x98,0xBB,0x29,0x1B,0x44,0x08,0x1A,
+       0xD3,0x66,0x62,0x4C,0x9C,0x47,0xD2,0x91,0x60,0x46,0x6F,0x8E,0xA6,0xE7,0x80,0x7B,
+       0x17,0x77,0x9A,0xB5,0x18,0x8A,0x15,0x8F,0x77,0xA1,0x55,0x3E,0x96,0x66,0x86,0x57,
+       0x75,0x73,0xF5,0x57,0x50,0x28,0xEA,0x83,0x14,0xB1,0x55,0xA3,0x82,0xCD,0x36,0xF8
+};
+u_int8_t public_key_2[] = {
+       0x88,0x3E,0xE2,0x2E,0x5D,0x01,0x13,0xDF,0x1D,0x8B,0xF4,0x39,0xCA,0xE6,0x3C,0xE1,
+       0x46,0x8E,0xD4,0xF1,0x06,0x56,0x12,0x8D,0xCD,0x51,0xBD,0x32,0xF5,0x18,0x15,0x4D,
+       0x0F,0x98,0xDF,0xFF,0xA5,0xA3,0xAB,0x39,0x43,0xC4,0xF6,0xAC,0x98,0x5C,0x84,0x63,
+       0x8C,0x46,0x33,0xA2,0x23,0x8C,0xF0,0x4D,0xFE,0xE7,0xF3,0x38,0xC4,0x19,0x39,0xC4,
+       0x90,0xF4,0xC8,0x0D,0xB0,0xFE,0x65,0x11,0x0B,0x41,0x73,0xBB,0x05,0xA6,0x4B,0xC5,
+       0x27,0xA4,0x48,0x21,0xC5,0xAE,0x91,0x9C,0xD8,0x62,0x27,0xBE,0xDF,0xDA,0xC6,0x4E,
+       0xC1,0x6E,0x5B,0x61,0x51,0xAA,0xC9,0x53,0xCD,0x02,0x5B,0xC5,0xEE,0xE9,0xC7,0x7B,
+       0xB1,0x7E,0xD2,0xC2,0xFE,0x5F,0xD7,0x0F,0x75,0x2B,0xB9,0x49,0x5F,0x35,0xF1,0x83,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x01
+};
+u_int8_t private_key_2[] = {
+       0x88,0x3E,0xE2,0x2E,0x5D,0x01,0x13,0xDF,0x1D,0x8B,0xF4,0x39,0xCA,0xE6,0x3C,0xE1,
+       0x46,0x8E,0xD4,0xF1,0x06,0x56,0x12,0x8D,0xCD,0x51,0xBD,0x32,0xF5,0x18,0x15,0x4D,
+       0x0F,0x98,0xDF,0xFF,0xA5,0xA3,0xAB,0x39,0x43,0xC4,0xF6,0xAC,0x98,0x5C,0x84,0x63,
+       0x8C,0x46,0x33,0xA2,0x23,0x8C,0xF0,0x4D,0xFE,0xE7,0xF3,0x38,0xC4,0x19,0x39,0xC4,
+       0x90,0xF4,0xC8,0x0D,0xB0,0xFE,0x65,0x11,0x0B,0x41,0x73,0xBB,0x05,0xA6,0x4B,0xC5,
+       0x27,0xA4,0x48,0x21,0xC5,0xAE,0x91,0x9C,0xD8,0x62,0x27,0xBE,0xDF,0xDA,0xC6,0x4E,
+       0xC1,0x6E,0x5B,0x61,0x51,0xAA,0xC9,0x53,0xCD,0x02,0x5B,0xC5,0xEE,0xE9,0xC7,0x7B,
+       0xB1,0x7E,0xD2,0xC2,0xFE,0x5F,0xD7,0x0F,0x75,0x2B,0xB9,0x49,0x5F,0x35,0xF1,0x83,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x01,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0xE8,0x37,0xB6,0x08,0xD8,0x9C,0x72,0xC5,0x34,0xDB,0x3A,0xA2,0xF9,0x24,0xE1,0x44,
+       0x23,0x3B,0x72,0x70,0x5D,0xCC,0xC3,0xBA,0x3D,0xCE,0x82,0xAC,0x6A,0x71,0x72,0x90,
+       0xC7,0x94,0xB3,0x8B,0x85,0xE0,0xEF,0x39,0xF0,0xE4,0x08,0x31,0xEA,0xE6,0x3B,0x7D,
+       0xB0,0x36,0xFA,0x71,0x6E,0xA3,0xF9,0x4C,0x39,0x05,0x8C,0xB7,0x8C,0x99,0x94,0x85,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x96,0x32,0xF9,0xD9,0xA8,0xC0,0x84,0xFD,0xE5,0x6B,0xA6,0xC2,0x85,0x85,0x68,0x17,
+       0x7E,0x98,0xD0,0x6A,0xDC,0xD8,0x4C,0x46,0xCB,0x6D,0x4C,0x25,0xE5,0xF9,0x58,0xB2,
+       0x17,0xE4,0x20,0x8A,0x87,0x0D,0xD7,0x4C,0x79,0xA3,0xB3,0x69,0x98,0x7F,0x5D,0x08,
+       0x33,0x5B,0xAD,0xA3,0x34,0xE8,0x55,0x5E,0x09,0x60,0x70,0xA8,0x11,0xFD,0x70,0x67,
+       0x00,0xE1,0xA7,0x44,0xF5,0x85,0x14,0x43,0xD5,0x45,0x1A,0x87,0x65,0x30,0xA8,0x24,
+       0x2C,0xF8,0xAF,0x97,0xFF,0x9A,0x7E,0xF4,0x3B,0xE7,0xD3,0x79,0x88,0xEC,0x66,0xF6,
+       0xE0,0xAA,0xF4,0x88,0x0A,0xE2,0x4C,0x31,0x4A,0xA6,0xF3,0x91,0x9A,0x4A,0xBE,0xF0,
+       0x85,0xEF,0xCE,0x55,0xB6,0x35,0x2B,0x38,0xD5,0xF5,0x5A,0x35,0x7B,0xCF,0x4D,0xF8,
+       0x5D,0x1E,0x57,0x99,0xAF,0xED,0x33,0x6F,0xD5,0xA7,0x49,0x5B,0x14,0x4C,0x7D,0x17,
+       0x81,0xAE,0x1E,0xDA,0x9D,0xFB,0xA9,0xC3,0x00,0x4C,0x17,0x37,0x30,0x96,0x60,0xE1,
+       0x6A,0xCC,0xD3,0xDB,0x40,0xCE,0x96,0x96,0x0D,0x95,0x0D,0x84,0x38,0xBD,0xDA,0x2F,
+       0xEC,0xED,0x22,0x39,0x8E,0x8C,0xDF,0xCD,0x07,0xCF,0x0F,0xB0,0x2B,0x76,0xDB,0xC1,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0xA5,0x37,0x9E,0x08,0x45,0x35,0x6A,0x62,0xEC,0xEC,0x5D,0x97,0xBE,0x73,0x82,0xE2,
+       0x9B,0xBE,0x9B,0xF9,0x5E,0x83,0x65,0x6E,0x88,0xB2,0xF9,0x3D,0xFA,0xAD,0xA4,0xB9,
+       0x65,0x86,0x63,0x08,0x0D,0xC4,0xAF,0xF0,0x25,0x77,0xD8,0x6C,0xCB,0x97,0xEB,0x13,
+       0xCD,0xE0,0x0F,0xE7,0xCC,0xB4,0x55,0x96,0xE9,0xAB,0x0D,0x27,0x3A,0x9D,0xBA,0x91,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x44,0xA3,0x44,0xF4,0x47,0x9E,0xBA,0xE7,0xBF,0xF8,0xC2,0xFB,0x2F,0xC3,0x38,0x3F,
+       0x4C,0x56,0x0F,0x20,0x56,0x8D,0xED,0xC5,0x88,0x5F,0x09,0x26,0x64,0x82,0xDF,0x1A,
+       0x7B,0xBA,0x7F,0x78,0x6E,0xA1,0x4F,0x9B,0x1E,0x17,0x45,0xFC,0xE2,0x78,0x89,0x8E,
+       0x1E,0xD2,0x2D,0x76,0x60,0xCE,0x2F,0x7C,0xCA,0xB2,0x2C,0xA9,0x51,0x97,0x4C,0xCF,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x01,0x40,0x4B,0x7D,0xAB,0x8A,0xB9,0x5E,0xEE,0xA1,0x81,0xED,0x27,0x89,0xF6,0x4C,
+       0x59,0x8C,0x23,0x14,0x3B,0x1B,0xBA,0xC3,0xB2,0x00,0x9A,0x9E,0xDF,0x54,0x82,0xA7,
+       0x3E,0xC9,0x23,0x85,0x4D,0xD3,0x80,0xA7,0x89,0x11,0xBA,0x76,0xF5,0xC1,0x55,0x37,
+       0x0A,0x0D,0x8C,0x07,0x0A,0xC8,0xC5,0x11,0x74,0x9C,0xB6,0x80,0x3B,0x0A,0x9A,0xA2
+};
diff --git a/Source/charon/config/static_configuration.h b/Source/charon/config/static_configuration.h
new file mode 100644 (file)
index 0000000..b63fffe
--- /dev/null
@@ -0,0 +1,56 @@
+/**
+ * @file static_configuration_t.h
+ * 
+ * @brief Interface of static_configuration_t.
+ *  
+ */
+
+/*
+ * Copyright (C) 2005 Jan Hutter, Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#ifndef STATIC_CONFIGURATION_H_
+#define STATIC_CONFIGURATION_H_
+
+#include <config/configuration.h>
+
+
+typedef struct static_configuration_t static_configuration_t;
+
+/**
+ * @brief A static hardcoded config for testing purposes.
+ * 
+ * @b Constructors:
+ * - static_configuration_create()
+ * 
+ * @ingroup config
+ */
+struct static_configuration_t { 
+
+       /**
+        * Implements configuration_t interface
+        */
+       configuration_t configuration_interface;
+};
+
+/**
+ * @brief Creates an static configuration
+ * 
+ * @return static_configuration_t object
+ * 
+ * @ingroup config
+ */
+static_configuration_t *static_configuration_create();
+
+#endif /*STATIC_CONFIGURATION_H_*/
index 21ed44e..db75809 100644 (file)
@@ -29,6 +29,8 @@
 #include <types.h>
 #include <utils/allocator.h>
 #include <queues/jobs/initiate_ike_sa_job.h>
+#include <config/static_configuration.h>
+#include <config/starter_configuration.h>
 
 
 typedef struct private_daemon_t private_daemon_t;
@@ -182,7 +184,7 @@ static void initialize(private_daemon_t *this)
        this->public.job_queue = job_queue_create();
        this->public.event_queue = event_queue_create();
        this->public.send_queue = send_queue_create();
-       this->public.configuration_manager = configuration_manager_create(RETRANSMIT_TIMEOUT,MAX_RETRANSMIT_COUNT, HALF_OPEN_IKE_SA_TIMEOUT);
+       this->public.configuration = (configuration_t*)static_configuration_create();
        
        this->public.sender = sender_create();
        this->public.receiver = receiver_create();
@@ -236,9 +238,9 @@ static void destroy(private_daemon_t *this)
        {
                this->public.socket->destroy(this->public.socket);
        }
-       if (this->public.configuration_manager != NULL)
+       if (this->public.configuration != NULL)
        {
-               this->public.configuration_manager->destroy(this->public.configuration_manager);
+               this->public.configuration->destroy(this->public.configuration);
        }
        
        this->public.logger_manager->destroy(this->public.logger_manager);
@@ -273,7 +275,7 @@ private_daemon_t *daemon_create()
        this->public.job_queue = NULL;
        this->public.event_queue = NULL;
        this->public.send_queue = NULL;
-       this->public.configuration_manager = NULL;
+       this->public.configuration = NULL;
        this->public.sender= NULL;
        this->public.receiver = NULL;
        this->public.scheduler = NULL;
index 343aecb..3291743 100644 (file)
@@ -34,7 +34,7 @@
 #include <queues/job_queue.h>
 #include <queues/event_queue.h>
 #include <utils/logger_manager.h>
-#include <config/configuration_manager.h>
+#include <config/configuration.h>
 
 /**
  * Name of the daemon.
 #define IKEV2_UDP_PORT 500
 
 /**
- * @brief First retransmit timeout in milliseconds.
- * 
- * Timeout value is increasing in each retransmit round.
- */
-#define RETRANSMIT_TIMEOUT 3000
-
-/**
- * Timeout in milliseconds after that a half open IKE_SA gets deleted.
- */
-#define HALF_OPEN_IKE_SA_TIMEOUT 30000
-
-/**
- * @brief Max retransmit count.
- * 
- * 0 for infinite. The max time a half open IKE_SA is alive is set by 
- * RETRANSMIT_TIMEOUT.
- */
-#define MAX_RETRANSMIT_COUNT 0
-
-/**
  * @brief Default loglevel for every logger context.
  * 
  * This is the maximum allowed level for ever context, the definiton
@@ -120,9 +100,9 @@ struct daemon_t {
        ike_sa_manager_t *ike_sa_manager;
        
        /**
-        * A configuration_manager_t instance.
+        * A configuration_t instance.
         */
-       configuration_manager_t *configuration_manager;
+       configuration_t *configuration;
        
        /**
         * The Sender-Thread.
index 7be3859..1df8673 100644 (file)
@@ -44,19 +44,19 @@ typedef enum auth_method_t auth_method_t;
  */
 enum auth_method_t {
        /**
-        * Computed as specified in section 2.15 of draft using 
+        * Computed as specified in section 2.15 of RFC using 
         * an RSA private key over a PKCS#1 padded hash.
         */
        RSA_DIGITAL_SIGNATURE = 1,
        
        /* Computed as specified in
-     * section 2.15 of draft using the shared key associated with the identity
+     * section 2.15 of RFC using the shared key associated with the identity
      * in the ID payload and the negotiated prf function
      */
        SHARED_KEY_MESSAGE_INTEGRITY_CODE = 2,
        
        /* Computed as specified in section
-     * 2.15 of draft using a DSS private key over a SHA-1 hash.
+       * 2.15 of RFC using a DSS private key over a SHA-1 hash.
      */
     DSS_DIGITAL_SIGNATURE = 3,
 };
@@ -74,7 +74,7 @@ typedef struct auth_payload_t auth_payload_t;
 /**
  * @brief Class representing an IKEv2 AUTH payload.
  * 
- * The AUTH payload format is described in draft section 3.8.
+ * The AUTH payload format is described in RFC section 3.8.
  * 
  * @b Constructors:
  * - auth_payload_create()
index 8553e1a..05b2104 100644 (file)
@@ -37,7 +37,7 @@
 typedef enum cert_encoding_t cert_encoding_t;
 
 /**
- * @brief Certificate encoding, as described in IKEv2 draft section 3.6
+ * @brief Certificate encoding, as described in IKEv2 RFC section 3.6
  * 
  * @ingroup payloads
  */
@@ -69,7 +69,7 @@ typedef struct cert_payload_t cert_payload_t;
 /**
  * @brief Class representing an IKEv2 CERT payload.
  * 
- * The CERT payload format is described in draft section 3.6.
+ * The CERT payload format is described in RFC section 3.6.
  * This is just a dummy implementation to fullfill the standards
  * requirements. A full implementation would offer setters/getters
  * for the different encoding types.
index 055bfc7..c5947ae 100644 (file)
@@ -40,7 +40,7 @@ typedef struct certreq_payload_t certreq_payload_t;
 /**
  * @brief Class representing an IKEv2 CERTREQ payload.
  * 
- * The CERTREQ payload format is described in draft section 3.7.
+ * The CERTREQ payload format is described in RFC section 3.7.
  * This is just a dummy implementation to fullfill the standards
  * requirements. A full implementation would offer setters/getters
  * for the different encoding types.
index ad7d39a..9de6ac9 100644 (file)
@@ -39,7 +39,7 @@
 typedef enum configuration_attribute_type_t configuration_attribute_type_t;
 
 /**
- * Type of the attribute, as in IKEv2 draft 3.15.1.
+ * Type of the attribute, as in IKEv2 RFC 3.15.1.
  * 
  * @ingroup payloads
  */
index 522754c..d4417b5 100644 (file)
@@ -41,7 +41,7 @@ typedef struct delete_payload_t delete_payload_t;
 /**
  * @brief Class representing an IKEv2 DELETE payload.
  * 
- * The DELETE payload format is described in draft section 3.11.
+ * The DELETE payload format is described in RFC section 3.11.
  * 
  * @b Constructors:
  * - delete_payload_create()
index a934a18..4c324c6 100644 (file)
@@ -39,7 +39,7 @@ typedef struct eap_payload_t eap_payload_t;
 /**
  * @brief Class representing an IKEv2 EAP payload.
  * 
- * The EAP payload format is described in draft section 3.16.
+ * The EAP payload format is described in RFC section 3.16.
  * 
  * @b Constructors:
  * - eap_payload_create()
index 137f0ea..f453ee9 100644 (file)
@@ -41,7 +41,7 @@ typedef struct id_payload_t id_payload_t;
 /**
  * Object representing an IKEv2 ID payload.
  * 
- * The ID payload format is described in draft section 3.5.
+ * The ID payload format is described in RFC section 3.5.
  * 
  * @b Constructors:
  * - id_payload_create_from_identification()
index 0ddc141..366dfec 100644 (file)
@@ -38,7 +38,7 @@ typedef struct nonce_payload_t nonce_payload_t;
 /**
  * Object representing an IKEv2 Nonce payload.
  * 
- * The Nonce payload format is described in draft section 3.3.
+ * The Nonce payload format is described in RFC section 3.3.
  * 
  * @b Constructors:
  * - nonce_payload_create()
index 40995c4..148a883 100644 (file)
@@ -49,7 +49,7 @@ typedef enum notify_message_type_t notify_message_type_t;
 /** 
  * @brief Notify message types.
  * 
- * See IKEv2 draft 3.10.1.
+ * See IKEv2 RFC 3.10.1.
  * 
  * @ingroup payloads
  */
index 35ef018..841877c 100644 (file)
@@ -41,7 +41,7 @@ typedef struct traffic_selector_substructure_t traffic_selector_substructure_t;
 /**
  * @brief Class representing an IKEv2 TRAFFIC SELECTOR.
  * 
- * The TRAFFIC SELECTOR format is described in draft section 3.13.1.
+ * The TRAFFIC SELECTOR format is described in RFC section 3.13.1.
  * 
  * @b Constructors:
  * - traffic_selector_substructure_create()
index 732edd0..5476999 100644 (file)
@@ -30,7 +30,7 @@
 typedef enum transform_attribute_type_t transform_attribute_type_t;
 
 /**
- * Type of the attribute, as in IKEv2 draft 3.3.5.
+ * Type of the attribute, as in IKEv2 RFC 3.3.5.
  * 
  * @ingroup payloads
  */
index b7e3b80..7e8c2f0 100644 (file)
@@ -43,7 +43,7 @@ typedef struct ts_payload_t ts_payload_t;
 /**
  * @brief Class representing an IKEv2 TS payload.
  * 
- * The TS payload format is described in draft section 3.13.
+ * The TS payload format is described in RFC section 3.13.
  * 
  * @b Constructors:
  * - ts_payload_create()
index 4b047ac..4733ba2 100644 (file)
@@ -39,7 +39,7 @@ typedef struct vendor_id_payload_t vendor_id_payload_t;
 /**
  * @brief Class representing an IKEv2 VENDOR ID payload.
  * 
- * The VENDOR ID payload format is described in draft section 3.12.
+ * The VENDOR ID payload format is described in RFC section 3.12.
  * 
  * @b Constructors:
  * - vendor_id_payload_create()
index d02e214..f8d45dd 100644 (file)
@@ -34,6 +34,8 @@
 #include <fcntl.h>
 #include <net/if.h>
 #include <sys/ioctl.h>
+#include <netinet/in.h>
+#include <linux/filter.h>
 
 #include "socket.h"
 
 #include <utils/logger_manager.h>
 
 
+#define IP_HEADER_LENGTH 20
+#define UDP_HEADER_LENGTH 8
+
+
+/**
+ * This filter code filters out all non-IKEv2 traffic on 
+ * a SOCK_RAW IP_PROTP_UDP socket. Handling of other
+ * IKE versions is done in pluto.
+ */
+struct sock_filter ikev2_filter_code[] = 
+{
+       /* Protocol must be UDP */
+       BPF_STMT(BPF_LD+BPF_B+BPF_ABS, 9),
+       BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, IPPROTO_UDP, 0, 7),
+       /* Destination Port must be 500 */
+       BPF_STMT(BPF_LD+BPF_H+BPF_ABS, 22),
+       BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 500, 0, 5),
+       /* IKE version must be 2.0 */
+       BPF_STMT(BPF_LD+BPF_B+BPF_ABS, 45),
+       BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 0x20, 0, 3),
+       /* packet length is length in IKEv2 header + ip header + udp header */
+       BPF_STMT(BPF_LD+BPF_W+BPF_ABS, 52),
+       BPF_STMT(BPF_ALU+BPF_ADD+BPF_K, IP_HEADER_LENGTH + UDP_HEADER_LENGTH),
+       BPF_STMT(BPF_RET+BPF_A, 0),
+       /* packet doesn't match IKEv2, ignore */
+       BPF_STMT(BPF_RET+BPF_K, 0),
+};
+
+/**
+ * Filter struct to use with setsockopt
+ */
+struct sock_fprog ikev2_filter = {
+       sizeof(ikev2_filter_code) / sizeof(struct sock_filter),
+       ikev2_filter_code
+};
+
+
 typedef struct interface_t interface_t;
 
 /**
@@ -52,7 +91,7 @@ struct interface_t {
        /**
         * Name of the interface
         */
-       char name[IFNAMSIZ+1];
+       char name[IFNAMSIZ];
        
        /**
         * Associated socket
@@ -98,10 +137,6 @@ status_t receiver(private_socket_t *this, packet_t **packet)
        host_t *source, *dest;
        int bytes_read = 0;
        
-       source = host_create(AF_INET, "0.0.0.0", 0);
-       dest = host_create(AF_INET, "0.0.0.0", 0);
-       pkt->set_source(pkt, source);
-       pkt->set_destination(pkt, dest);
        
        while (bytes_read >= 0)
        {
@@ -124,7 +159,7 @@ status_t receiver(private_socket_t *this, packet_t **packet)
                        }
                }
                iterator->destroy(iterator);
-       
+               
                /* add packet destroy handler for cancellation, enable cancellation */
                pthread_cleanup_push((void(*)(void*))pkt->destroy, (void*)pkt);
                pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate);
@@ -136,12 +171,6 @@ status_t receiver(private_socket_t *this, packet_t **packet)
                pthread_setcancelstate(oldstate, NULL);
                pthread_cleanup_pop(0);
                
-               if (bytes_read  < 0)
-               {
-                       this->logger->log(this->logger, ERROR, "error reading from socket: %s", strerror(errno));
-                       continue;
-               }
-       
                /* read on the first nonblocking socket */
                bytes_read = 0;
                iterator = this->interfaces->create_iterator(this->interfaces, TRUE);
@@ -151,28 +180,41 @@ status_t receiver(private_socket_t *this, packet_t **packet)
                        if (FD_ISSET(interface->socket_fd, &readfds))
                        {
                                /* do the read */
-                               bytes_read = recvfrom(interface->socket_fd, buffer, MAX_PACKET, 0,
-                                                                       source->get_sockaddr(source), 
-                                                                       source->get_sockaddr_len(source));
-                               getsockname(interface->socket_fd, dest->get_sockaddr(dest), dest->get_sockaddr_len(dest));
+                               bytes_read = recv(interface->socket_fd, buffer, MAX_PACKET, 0);
                                break;
                        }
                }
                iterator->destroy(iterator);
-               if (bytes_read > 0)
+               
+               if (bytes_read  < 0)
                {
+                       this->logger->log(this->logger, ERROR, "error reading from socket: %s", strerror(errno));
+                       continue;
+               }
+               if (bytes_read > IP_HEADER_LENGTH + UDP_HEADER_LENGTH)
+               {
+                       /* read source/dest from raw IP/UDP header */
+                       chunk_t source_chunk = {buffer + 12, 4};
+                       chunk_t dest_chunk = {buffer + 16, 4};
+                       u_int16_t source_port = ntohs(*(u_int16_t*)(buffer + 20));
+                       u_int16_t dest_port = ntohs(*(u_int16_t*)(buffer + 22));
+                       source = host_create_from_chunk(AF_INET, source_chunk, source_port);
+                       dest = host_create_from_chunk(AF_INET, dest_chunk, dest_port);
+                       pkt->set_source(pkt, source);
+                       pkt->set_destination(pkt, dest);
                        break;
                }
+               this->logger->log(this->logger, ERROR|LEVEL1, "too short packet received");
        }
        
-       this->logger->log(this->logger, CONTROL, "received packet from %s:%d",
-                                               source->get_address(source), 
-                                               source->get_port(source));
+       this->logger->log(this->logger, CONTROL, "received packet: from %s:%d to %s:%d",
+                                         source->get_address(source), source->get_port(source),
+                                         dest->get_address(dest), dest->get_port(dest));
 
        /* fill in packet */
-       data.len = bytes_read;
+       data.len = bytes_read - IP_HEADER_LENGTH - UDP_HEADER_LENGTH;
        data.ptr = allocator_alloc(data.len);
-       memcpy(data.ptr, buffer, data.len);
+       memcpy(data.ptr, buffer + IP_HEADER_LENGTH + UDP_HEADER_LENGTH, data.len);
        pkt->set_data(pkt, data);
 
        /* return packet */
@@ -291,7 +333,7 @@ static status_t build_interface_list(private_socket_t *this, u_int16_t port)
                }
                
                /* set up interface socket */
-               skt = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
+               skt = socket(AF_INET, SOCK_RAW, IPPROTO_UDP);
                if (socket < 0)
                {
                        this->logger->log(this->logger, ERROR, "unable to open interface socket!");
@@ -311,12 +353,21 @@ static status_t build_interface_list(private_socket_t *this, u_int16_t port)
                        close(skt);
                        continue;
                }
+                       
+               if (setsockopt(skt, SOL_SOCKET, SO_ATTACH_FILTER, &ikev2_filter, sizeof(ikev2_filter)) < 0)
+               {
+                       this->logger->log(this->logger, ERROR, "unable to attack IKEv2 filter to interface socket!");
+                       close(skt);
+                       continue;
+               }
                
                /* add socket with interface name to list */
                interface = allocator_alloc_thing(interface_t);
                memcpy(interface->name, buf[i].ifr_name, IFNAMSIZ);
-               interface->name[IFNAMSIZ] = '\0';
+               interface->name[IFNAMSIZ-1] = '\0';
                interface->socket_fd = skt;
+               this->logger->log(this->logger, CONTROL, "listening on %s (%s)",
+                                                 interface->name, inet_ntoa(current->sin_addr));
                this->interfaces->insert_last(this->interfaces, (void*)interface);
        }
        
index 8a00e88..7e43ffa 100644 (file)
@@ -31,7 +31,7 @@
 /**
  * @brief Maximum size of a packet.
  * 
- * 3000 Bytes should be sufficient, see IKEv2 draft.
+ * 3000 Bytes should be sufficient, see IKEv2 RFC.
  * 
  * @ingroup network
  */
 typedef struct socket_t socket_t;
 
 /**
- * @brief Abstraction of one (ipv4), or in future, of multiple sockets.
+ * @brief Abstraction all sockets (currently IPv4 only).
  *
- * Receiver reads from here, sender writes to here.
+ * All available IPv4 sockets are bound and the receive function
+ * reads from them. To allow binding of other daemons (pluto) to
+ * UDP/500, this implementation uses RAW sockets. An installed
+ * "Linux socket filter" filters out all non-IKEv2 traffic and handles
+ * just IKEv2 messages. An other daemon (pluto) must handle all traffic
+ * seperatly, e.g. ignore IKEv2 traffic, since charon handles that. 
  * 
  * @b Constructors:
  * - socket_create()
  * 
  * @todo add IPv6 support
  * 
- * @todo allow listening/sending to multiple sockets, depending on address
+ * @todo We currently use multiple sockets for historic reasons. With the
+ * new RAW socket mechanism, we could use just one socket and filter
+ * addresses in userspace (or via linux socket filter). This would allow 
+ * realtime interface/address management in a easy way...
  * 
  * @ingroup network
  */
@@ -58,9 +66,8 @@ struct socket_t {
        /**
         * @brief Receive a packet.
         * 
-        * reads a packet from one of the sockets.
-        * source will be set, dest not implemented
-        * 
+        * Reads a packet from the socket and sets source/dest
+        * appropriately.
         * 
         * @param sock                  socket_t object to work on
         * @param packet                pinter gets address from allocated packet_t
@@ -73,8 +80,9 @@ struct socket_t {
        /**
         * @brief Send a packet.
         * 
-        * sends a packet via desired socket.
-        * uses source and dest in packet.
+        * Sends a packet to the net using destination from the packet.
+        * Packet is sent using default routing mechanisms, thus the 
+        * source address in packet is ignored.
         * 
         * @param sock                  socket_t object to work on
         * @param packet[out]   packet_t to send
@@ -95,10 +103,10 @@ struct socket_t {
 };
 
 /**
- * @brief socket_t constructor.
+ * @brief Create a socket_t, wich binds multiple sockets.
  * 
  * currently creates one socket, listening on all addresses
- * on port.
+ * on "port".
  *  
  * @param port                         port to bind socket to
  * @return                             socket_t object
index 5aaa2d9..f6f09c2 100644 (file)
@@ -67,7 +67,7 @@ struct private_authenticator_t {
        
        /**
         * @brief Creates the octets which are signed (RSA) or MACed (shared secret) as described in section 
-        * 2.15 of draft.
+        * 2.15 of RFC.
         * 
         * @param this                          calling object
         * @param last_message          the last message to include in created octets 
@@ -211,7 +211,7 @@ static status_t verify_auth_data (private_authenticator_t *this,
                        chunk_t preshared_secret;
                        status_t status;
                                                
-                       status = charon->configuration_manager->get_shared_secret(charon->configuration_manager,
+                       status = charon->configuration->get_shared_secret(charon->configuration,
                                                                                                                                                other_id,
                                                                                                                                                &preshared_secret);
                        other_id->destroy(other_id);
@@ -252,7 +252,7 @@ static status_t verify_auth_data (private_authenticator_t *this,
                        
                        auth_data = auth_payload->get_data(auth_payload);
                        
-                       status = charon->configuration_manager->get_rsa_public_key(charon->configuration_manager,
+                       status = charon->configuration->get_rsa_public_key(charon->configuration,
                                                                                                                                                other_id,
                                                                                                                                                &public_key);
                        other_id->destroy(other_id);
@@ -295,7 +295,7 @@ static status_t compute_auth_data (private_authenticator_t *this,
                        chunk_t preshared_secret;
                        status_t status;                
 
-                       status = charon->configuration_manager->get_shared_secret(charon->configuration_manager,
+                       status = charon->configuration->get_shared_secret(charon->configuration,
                                                                                                                                                my_id,
                                                                                                                                                &preshared_secret);
 
@@ -326,7 +326,7 @@ static status_t compute_auth_data (private_authenticator_t *this,
                        status_t status;
                        chunk_t octets, auth_data;
                        
-                       status = charon->configuration_manager->get_rsa_private_key(charon->configuration_manager,
+                       status = charon->configuration->get_rsa_private_key(charon->configuration,
                                                                                                                                                my_id,
                                                                                                                                                &private_key);
                        my_id->destroy(my_id);
index 2160eae..c50ac4f 100644 (file)
@@ -40,7 +40,7 @@ typedef struct authenticator_t authenticator_t;
  *  - RSA_DIGITAL_SIGNATURE
  * 
  * This class retrieves needed data for specific AUTH methods (RSA keys, shared secrets, etc.)
- * over an internal stored protected_ike_sa_t object or directly from the configuration_manager_t over
+ * over an internal stored protected_ike_sa_t object or directly from the configuration_t over
  * the daemon_t object "charon".
  * 
  * @b Constructors:
index 55c03ef..7e4f7c7 100644 (file)
@@ -484,6 +484,10 @@ static void set_sa_config (private_ike_sa_t *this,sa_config_t * sa_config)
  */
 static void set_my_host (private_ike_sa_t *this, host_t *my_host)
 {
+       if (this->me.host)
+       {
+               this->me.host->destroy(this->me.host);
+       }
        this->me.host = my_host;
 }
 
@@ -492,6 +496,10 @@ static void set_my_host (private_ike_sa_t *this, host_t *my_host)
  */
 static void set_other_host (private_ike_sa_t *this, host_t *other_host)
 {
+       if (this->other.host)
+       {
+               this->other.host->destroy(this->other.host);
+       }
        this->other.host = other_host;
 }
 
@@ -814,7 +822,7 @@ static status_t send_request (private_ike_sa_t *this,message_t * message)
        
        retransmit_job = retransmit_request_job_create(this->message_id_out,this->ike_sa_id);
        
-       status = charon->configuration_manager->get_retransmit_timeout (charon->configuration_manager,
+       status = charon->configuration->get_retransmit_timeout (charon->configuration,
                                                                                                retransmit_job->get_retransmit_count(retransmit_job),&timeout);
        
        if (status != SUCCESS)
index b15a8ea..e1d27e2 100644 (file)
@@ -29,7 +29,7 @@
 #include <sa/ike_sa_id.h>
 #include <sa/child_sa.h>
 #include <sa/states/state.h>
-#include <config/configuration_manager.h>
+#include <config/configuration.h>
 #include <utils/logger.h>
 #include <utils/randomizer.h>
 #include <transforms/prfs/prf.h>
index 7f80c34..06ff238 100644 (file)
@@ -213,6 +213,7 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t
        u_int64_t responder_spi;
        ike_sa_id_t *ike_sa_id;
        iterator_t *payloads;
+       host_t *me;
 
        message_t *request;
        status_t status;
@@ -338,6 +339,10 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t
                return DELETE_ME;
        }
        
+       /* apply the address on wich we really received the packet */
+       me = ike_sa_init_reply->get_destination(ike_sa_init_reply);
+       this->ike_sa->set_my_host(this->ike_sa, me->clone(me)); 
+       
        /*  build empty message */
        this->ike_sa->build_message(this->ike_sa, IKE_AUTH, TRUE, &request);
        
index 379eaeb..54e7004 100644 (file)
@@ -391,7 +391,7 @@ static status_t build_idr_payload(private_ike_sa_init_responded_t *this, id_payl
 
        /* build new sa config */
        init_config = this->ike_sa->get_init_config(this->ike_sa);
-       status = charon->configuration_manager->get_sa_config_for_init_config_and_id(charon->configuration_manager,init_config, other_id,my_id, &(this->sa_config));
+       status = charon->configuration->get_sa_config_for_init_config_and_id(charon->configuration,init_config, other_id,my_id, &(this->sa_config));
        if (status != SUCCESS)
        {       
                if (my_id)
index f27dcb5..46cbbcd 100644 (file)
@@ -118,14 +118,14 @@ static status_t initiate_connection (private_initiator_init_t *this, char *name)
        this->logger->log(this->logger, CONTROL, "Initializing connection %s",name);
        
        /* get configs */
-       status = charon->configuration_manager->get_init_config_for_name(charon->configuration_manager,name,&init_config);
+       status = charon->configuration->get_init_config_for_name(charon->configuration,name,&init_config);
        if (status != SUCCESS)
        {       
                this->logger->log(this->logger, ERROR | LEVEL1, "Could not retrieve INIT configuration informations for %s",name);
                return DELETE_ME;
        }
        this->ike_sa->set_init_config(this->ike_sa,init_config);
-       status = charon->configuration_manager->get_sa_config_for_name(charon->configuration_manager,name,&sa_config);
+       status = charon->configuration->get_sa_config_for_name(charon->configuration,name,&sa_config);
        if (status != SUCCESS)
        {
                this->logger->log(this->logger, ERROR | LEVEL1, "Could not retrieve SA configuration informations for %s",name);
index c85f12e..f67e283 100644 (file)
@@ -177,7 +177,7 @@ static status_t process_message(private_responder_init_t *this, message_t *messa
        source = message->get_source(message);
        destination = message->get_destination(message);
 
-       status = charon->configuration_manager->get_init_config_for_host(charon->configuration_manager,destination,source,&init_config);
+       status = charon->configuration->get_init_config_for_host(charon->configuration,destination,source,&init_config);
        if (status != SUCCESS)
        {
                /* no configuration matches given host */
index b4eadef..8b3bfa9 100644 (file)
@@ -28,7 +28,7 @@
 #include <queues/job_queue.h>
 #include <queues/event_queue.h>
 #include <queues/send_queue.h>
-#include <config/configuration_manager.h>
+#include <config/configuration.h>
 #include <sa/ike_sa_manager.h>
 #include <network/socket.h>
 #include <utils/logger_manager.h>
@@ -141,7 +141,7 @@ static void daemon_kill(daemon_t *this, char* none)
        this->event_queue->destroy(this->event_queue);
        this->send_queue->destroy(this->send_queue);
        this->kernel_interface->destroy(this->kernel_interface);
-       //this->configuration_manager->destroy(this->configuration_manager);
+       //this->configuration->destroy(this->configuration);
        allocator_free(charon);
 }
 
@@ -164,7 +164,7 @@ daemon_t *daemon_create()
        charon->event_queue = event_queue_create();
        charon->send_queue = send_queue_create();
        charon->kernel_interface = kernel_interface_create();
-       //charon->configuration_manager = configuration_manager_create(RETRANSMIT_TIMEOUT,MAX_RETRANSMIT_COUNT,HALF_OPEN_IKE_SA_TIMEOUT);
+       //charon->configuration = configuration_create(RETRANSMIT_TIMEOUT,MAX_RETRANSMIT_COUNT,HALF_OPEN_IKE_SA_TIMEOUT);
        charon->sender = NULL;
        charon->receiver = NULL;
        charon->scheduler = NULL;
index 7b0c163..c42a091 100644 (file)
@@ -273,7 +273,7 @@ static status_t add_sa(     private_kernel_interface_t *this,
        request.sa.id.proto = (protocol == ESP) ? KERNEL_ESP : KERNEL_AH;
        request.sa.family = me->get_family(me);
        request.sa.mode = TRUE; /* tunnel mode */
-       request.sa.replay_window = 0; //sa->replay_window; ???
+       request.sa.replay_window = 32;
        request.sa.reqid = reqid;
        request.sa.lft.soft_byte_limit = XFRM_INF;
        request.sa.lft.soft_packet_limit = XFRM_INF;
index ac926a3..e4c94d9 100644 (file)
@@ -298,7 +298,7 @@ static void process_incoming_packet_job(private_thread_pool_t *this, incoming_pa
        if (status == CREATED)
        {
                this->worker_logger->log(this->worker_logger, CONTROL|LEVEL3, "Create Job to delete half open IKE_SA.");
-               this->create_delete_half_open_ike_sa_job(this,ike_sa_id,charon->configuration_manager->get_half_open_ike_sa_timeout(charon->configuration_manager));
+               this->create_delete_half_open_ike_sa_job(this,ike_sa_id,charon->configuration->get_half_open_ike_sa_timeout(charon->configuration));
        }
 
        status = ike_sa->process_message(ike_sa, message);                              
@@ -349,25 +349,25 @@ static void process_initiate_ike_sa_job(private_thread_pool_t *this, initiate_ik
        
        charon->ike_sa_manager->create_and_checkout(charon->ike_sa_manager, &ike_sa);
        
-       this->worker_logger->log(this->worker_logger, CONTROL, "Initializing connection \"%s\"", 
+       this->worker_logger->log(this->worker_logger, CONTROL, "Initiating connection \"%s\"", 
                                                         job->get_configuration_name(job));
        status = ike_sa->initialize_connection(ike_sa, job->get_configuration_name(job));
        if (status != SUCCESS)
        {
-               this->worker_logger->log(this->worker_logger, ERROR, "%s: By initialize_conection, going to delete IKE_SA.", 
+               this->worker_logger->log(this->worker_logger, ERROR, "Initiation returned %s, going to delete IKE_SA.", 
                                                                 mapping_find(status_m, status));
                charon->ike_sa_manager->checkin_and_delete(charon->ike_sa_manager, ike_sa);
                return;
        }
 
        this->worker_logger->log(this->worker_logger, CONTROL|LEVEL3, "Create Job to delete half open IKE_SA.");
-       this->create_delete_half_open_ike_sa_job(this,ike_sa->get_id(ike_sa),charon->configuration_manager->get_half_open_ike_sa_timeout(charon->configuration_manager));
+       this->create_delete_half_open_ike_sa_job(this,ike_sa->get_id(ike_sa),charon->configuration->get_half_open_ike_sa_timeout(charon->configuration));
        
        this->worker_logger->log(this->worker_logger, CONTROL|LEVEL2, "Checking in IKE SA");
        status = charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
        if (status != SUCCESS)
        {
-               this->worker_logger->log(this->worker_logger, ERROR, "%s: Could not checkin IKE_SA.", 
+               this->worker_logger->log(this->worker_logger, ERROR, "Could not checkin IKE_SA (%s)", 
                                                                 mapping_find(status_m, status));
        }
 }
@@ -510,7 +510,7 @@ static void process_retransmit_request_job(private_thread_pool_t *this, retransm
        }
        
        job->increase_retransmit_count(job);
-       status = charon->configuration_manager->get_retransmit_timeout (charon->configuration_manager,job->get_retransmit_count(job),&timeout);
+       status = charon->configuration->get_retransmit_timeout (charon->configuration,job->get_retransmit_count(job),&timeout);
        if (status != SUCCESS)
        {
                this->worker_logger->log(this->worker_logger, CONTROL | LEVEL2, "Message will not be anymore retransmitted");
index 7f371de..9c219f5 100644 (file)
@@ -28,7 +28,7 @@
 typedef enum encryption_algorithm_t encryption_algorithm_t;
 
 /**
- * @brief Encryption algorithm, as in IKEv2 draft 3.3.2.
+ * @brief Encryption algorithm, as in IKEv2 RFC 3.3.2.
  * 
  * Currently only the following algorithms are implemented and therefore supported:
  * - ENCR_AES_CBC
index d4f9563..9a3608a 100644 (file)
@@ -33,7 +33,7 @@ typedef enum diffie_hellman_group_t diffie_hellman_group_t;
  * 
  * The modulus (or group) to use for a Diffie-Hellman calculation.
  * 
- * See IKEv2 draft 3.3.2 and RFC 3526.
+ * See IKEv2 RFC 3.3.2 and RFC 3526.
  * 
  * @warning Use of big modulus sizes can be cpu consuming.
  * 
index 538724c..8291917 100644 (file)
 typedef struct prf_plus_t prf_plus_t;
 
 /**
- * @brief Implementation of the prf+ function described in IKEv2 draft.
+ * @brief Implementation of the prf+ function described in IKEv2 RFC.
  *
  * This class implements the prf+ algorithm. Internally it uses a pseudo random
  * function, which implements the prf_t interface.
  * 
- * See IKEv2 draft 2.13.
+ * See IKEv2 RFC 2.13.
  * 
  * @b Constructors:
  *  - prf_plus_create()
index 17b1110..b1c1e6a 100644 (file)
@@ -28,7 +28,7 @@
 typedef enum pseudo_random_function_t pseudo_random_function_t;
 
 /**
- * @brief Pseudo random function, as in IKEv2 draft 3.3.2.
+ * @brief Pseudo random function, as in IKEv2 RFC 3.3.2.
  * 
  * Currently only the following algorithms are implemented and therefore supported:
  * - PRF_HMAC_MD5
index 1c33917..9625af8 100644 (file)
@@ -29,7 +29,7 @@
 typedef enum integrity_algorithm_t integrity_algorithm_t;
 
 /**
- * @brief Integrity algorithm, as in IKEv2 draft 3.3.2.
+ * @brief Integrity algorithm, as in IKEv2 RFC 3.3.2.
  * 
  * Currently only the following algorithms are implemented and therefore supported:
  * - AUTH_HMAC_MD5_96
index 1a2da19..bdc8aae 100644 (file)
@@ -45,7 +45,7 @@ mapping_t logger_context_t_mappings[] = {
        {SOCKET, "SOCKET"},
        {TESTER, "TESTER"},
        {DAEMON, "DAEMON"},
-       {CONFIGURATION_MANAGER, "CONFIG"},
+       {CONFIG, "CONFIG"},
        {ENCRYPTION_PAYLOAD, "ENCPLD"},
        {MAPPING_END, NULL},
 };
@@ -175,13 +175,15 @@ static logger_t *create_logger(private_logger_manager_t *this, logger_context_t
                        log_thread_ids = TRUE;
                        break;
                case IKE_SA:
+                       logger_level |= LEVEL1;
                        log_thread_ids = TRUE;
                        break;
                case CHILD_SA:
                        logger_level |= LEVEL1;
                        log_thread_ids = TRUE;
                        break;
-               case CONFIGURATION_MANAGER:
+               case CONFIG:
+                       logger_level |= FULL;
                        log_thread_ids = TRUE;
                        break;
                case MESSAGE:
index 41466b2..e934435 100644 (file)
@@ -50,7 +50,7 @@ enum logger_context_t {
        SOCKET,
        TESTER,
        DAEMON,
-       CONFIGURATION_MANAGER,
+       CONFIG,
        ENCRYPTION_PAYLOAD,
 };