- new configuration support added to ike_sa and states
authorJan Hutter <jhutter@hsr.ch>
Thu, 1 Dec 2005 17:16:10 +0000 (17:16 -0000)
committerJan Hutter <jhutter@hsr.ch>
Thu, 1 Dec 2005 17:16:10 +0000 (17:16 -0000)
16 files changed:
Source/charon/config/configuration_manager.c
Source/charon/config/configuration_manager.h
Source/charon/config/init_config.c
Source/charon/config/init_config.h
Source/charon/daemon.h
Source/charon/network/host.c
Source/charon/network/host.h
Source/charon/sa/ike_sa.c
Source/charon/sa/ike_sa.h
Source/charon/sa/states/ike_sa_init_requested.c
Source/charon/sa/states/ike_sa_init_responded.c
Source/charon/sa/states/initiator_init.c
Source/charon/sa/states/responder_init.c
Source/charon/utils/identification.c
Source/charon/utils/identification.h
Source/charon/utils/logger_manager.c

index 0ab8129..2d38005 100644 (file)
 #include <types.h>
 #include <daemon.h>
 #include <utils/allocator.h>
-#include <encoding/payloads/nonce_payload.h>
-#include <encoding/payloads/proposal_substructure.h>
-#include <encoding/payloads/ke_payload.h>
-#include <encoding/payloads/transform_attribute.h>
 
-typedef struct private_configuration_manager_t private_configuration_manager_t;
+typedef struct configuration_entry_t configuration_entry_t;
 
-/**
- * Private data of an configuration_t object
+/* A configuration entry combines a configuration name with a init and sa 
+ * configuration represented as init_config_t and sa_config_t objects.
  */
-struct private_configuration_manager_t {
-
+struct configuration_entry_t {
+       
        /**
-        * Public part
+        * Configuration name.
+        * 
         */
-       configuration_manager_t public;
+       char *name;
+       
+       /**
+        * Configuration for IKE_SA_INIT exchange.
+        */
+       init_config_t *init_config;
 
        /**
-        * Assigned logger object 
+        * Configuration for all phases after IKE_SA_INIT exchange.
         */
-       logger_t *logger;
+       sa_config_t *sa_config;
+       
+       /**
+        * Destroys a configuration_entry_t
+        * 
+        * 
+        * @param this                          calling object
+        */
+       void (*destroy) (configuration_entry_t *this);
 };
 
+static void configuration_entry_destroy (configuration_entry_t *this)
+{
+       allocator_free(this->name);
+       allocator_free(this);
+}
+
 /**
- * Implements function configuration_manager_t.get_remote_host.
+ * Creates a configuration_entry_t object 
+ * 
+ * @param name                         name of the configuration entry (gets copied)
+ * @param init_config  object of type init_config_t
+ * @param sa_config            object of type sa_config_t
  */
-static status_t get_remote_host(private_configuration_manager_t *this, char *name, host_t **host)
+configuration_entry_t * configuration_entry_create(char * name, init_config_t * init_config, sa_config_t * sa_config)
 {
-       /*
-        * For testing purposes, hard coded host informations for two configurations are returned.
-        * 
-        * Further improvements could store them in a linked list or hash table.
-        */
+       configuration_entry_t *entry = allocator_alloc_thing(configuration_entry_t);
 
-       host_t *remote;
-       status_t status = SUCCESS;
-       
-       if (strcmp(name, "pinflb30") == 0)
-       {
-               remote = host_create(AF_INET, "152.96.193.130", 500);
-       }
-       else if (strcmp(name, "pinflb31") == 0)
-       {
-               remote = host_create(AF_INET, "152.96.193.131", 500);
-       }
-       else if (strcmp(name, "localhost") == 0)
-       {
-               remote = host_create(AF_INET, "127.0.0.1", 500);
-       }
-       else
-       {
-               status = NOT_FOUND;
-       }
+       /* functions */
+       entry->destroy = configuration_entry_destroy;
 
-       *host = remote;
-       return status;
+       /* private data */
+       entry->init_config = init_config;
+       entry->sa_config = sa_config;
+       entry->name = allocator_alloc(strlen(name) + 1);
+       strcpy(entry->name,name);
+       return entry;
 }
 
+
+typedef struct private_configuration_manager_t private_configuration_manager_t;
+
 /**
- * Implements function configuration_manager_t.get_local_host.
+ * Private data of an configuration_t object
  */
-static status_t get_local_host(private_configuration_manager_t *this, char *name, host_t **host)
-{
-       /*
-        * For testing purposes, only the default route is returned for each configuration.
+struct private_configuration_manager_t {
+
+       /**
+        * Public part of configuration manager.
+        */
+       configuration_manager_t public;
+
+       /**
+        * Holding all configurations.
+        */
+       linked_list_t *configurations;
+
+       /**
+        * Holding all init_configs.
+        */
+       linked_list_t *init_configs;
+
+       /**
+        * Holding all init_configs.
+        */
+       linked_list_t *sa_configs;
+
+
+       /**
+        * Assigned logger object.
+        */
+       logger_t *logger;
+
+       /**
+        * Load default configuration
         * 
-        * Further improvements could store different local host informations in a linked list or hash table.
+        * 
+        * @param this                          calling object
+        * @param name                          name for the configuration
+        * @param init_config           init_config_t object
+        * @param sa_config                     sa_config_t object
         */
-       *host = host_create(AF_INET, "0.0.0.0", 0);
-       return SUCCESS;
-}
+       void (*add_new_configuration) (private_configuration_manager_t *this, char *name, init_config_t *init_config, sa_config_t *sa_config);
+       
+       /**
+        * Load default configuration
+        * 
+        * 
+        * @param this                          calling object
+        */
+       void (*load_default_config) (private_configuration_manager_t *this);
+};
 
 /**
- * Implements function configuration_manager_t.get_dh_group_number.
+ * Implementation of private_configuration_manager_t.load_default_config.
  */
-static status_t get_dh_group_number(private_configuration_manager_t *this,char *name, u_int16_t *dh_group_number, u_int16_t priority)
+static void load_default_config (private_configuration_manager_t *this)
 {
-       /* Currently only two dh_group_numbers are supported for each configuration*/
+       init_config_t *init_config1, *init_config2, *init_config3;
+       ike_proposal_t proposals[2];    
+       sa_config_t *sa_config;
        
-       if (priority == 1)
-       {
-               *dh_group_number = MODP_1024_BIT;
-       }
-       else
-       {
-               *dh_group_number = MODP_768_BIT;
-       }
-       return SUCCESS;
+       init_config1 = init_config_create("152.96.193.130","152.96.193.131",IKEV2_UDP_PORT,IKEV2_UDP_PORT);
+       init_config2 = init_config_create("152.96.193.131","152.96.193.130",IKEV2_UDP_PORT,IKEV2_UDP_PORT);
+       init_config3 = init_config_create("0.0.0.0","127.0.0.1",IKEV2_UDP_PORT,IKEV2_UDP_PORT);
+       
+
+       proposals[0].encryption_algorithm = ENCR_AES_CBC;
+       proposals[0].encryption_algorithm_key_length = 20;
+       proposals[0].integrity_algorithm = AUTH_HMAC_SHA1_96;
+       proposals[0].integrity_algorithm_key_length = 20;
+       proposals[0].pseudo_random_function = PRF_HMAC_SHA1;
+       proposals[0].pseudo_random_function_key_length = 20;
+       proposals[0].diffie_hellman_group = MODP_768_BIT;
+       
+       proposals[1] = proposals[0];
+       proposals[1].integrity_algorithm = AUTH_HMAC_MD5_96;
+       proposals[1].integrity_algorithm_key_length = 16;
+       proposals[1].pseudo_random_function = PRF_HMAC_MD5;
+       proposals[1].pseudo_random_function_key_length = 16;
+
+       init_config1->add_proposal(init_config1,1,proposals[0]);
+       init_config1->add_proposal(init_config1,1,proposals[1]);
+       init_config2->add_proposal(init_config2,1,proposals[0]);
+       init_config2->add_proposal(init_config2,1,proposals[1]);
+       init_config3->add_proposal(init_config3,1,proposals[0]);
+       init_config3->add_proposal(init_config3,1,proposals[1]);
+       
+       this->add_new_configuration(this,"pinflb31",init_config1,sa_config);
+       this->add_new_configuration(this,"pinflb30",init_config2,sa_config);
+       this->add_new_configuration(this,"localhost",init_config3,sa_config);
+
 }
 
 /**
- * Implements function configuration_manager_t.get_proposals_for_host.
+ * Implementation of configuration_manager_t.get_init_config_for_host.
  */
-static status_t get_proposals_for_host(private_configuration_manager_t *this, host_t *host, iterator_t *iterator)
+static status_t get_init_config_for_host (private_configuration_manager_t *this, host_t *my_host, host_t *other_host,init_config_t **init_config)
 {
-       /* 
-        * Currently the following hard coded proposal is created and returned for all hosts:
-        * - ENCR_AES_CBC 128Bit
-        * - PRF_HMAC_MD5 128Bit
-        * - AUTH_HMAC_MD5_96 128Bit
-        * - MODP_1024_BIT
-        */
-       proposal_substructure_t *proposal;
-       transform_substructure_t *transform;
-       transform_attribute_t *attribute;
-       
-       proposal = proposal_substructure_create();
+       iterator_t *iterator;
+       status_t status = NOT_FOUND;
        
-       proposal->set_proposal_number(proposal, 1);
-       proposal->set_protocol_id(proposal, 1);
+       iterator = this->configurations->create_iterator(this->configurations,TRUE);
        
-       /* 
-        * Encryption Algorithm 
-        */
-       transform = transform_substructure_create();
-
-       proposal->add_transform_substructure(proposal, transform);
-
-       transform->set_transform_type(transform, ENCRYPTION_ALGORITHM);
-       transform->set_transform_id(transform, ENCR_AES_CBC);
+       while (iterator->has_next(iterator))
+       {
+               configuration_entry_t *entry;
+               host_t *config_my_host;
+               host_t *config_other_host;
+               
+               iterator->current(iterator,(void **) &entry);
+
+               config_my_host = entry->init_config->get_my_host(entry->init_config);
+               config_other_host = entry->init_config->get_other_host(entry->init_config);
+
+               /* first check if ip is equal */
+               if(config_other_host->ip_is_equal(config_other_host,other_host))
+               {
+                       /* could be right one, check my_host for default route*/
+                       if (config_my_host->is_default_route(config_my_host))
+                       {
+                               *init_config = entry->init_config;
+                               status = SUCCESS;
+                               break;
+                       }
+                       /* check now if host informations are the same */
+                       else if (config_my_host->ip_is_equal(config_my_host,my_host))
+                       {
+                               *init_config = entry->init_config;
+                               status = SUCCESS;
+                               break;
+                       }
+                       
+               }
+               /* Then check for wildcard hosts!
+                * TODO
+                * actually its only checked if other host with default route can be found! */
+               else if (config_other_host->is_default_route(config_other_host))
+               {
+                       /* could be right one, check my_host for default route*/
+                       if (config_my_host->is_default_route(config_my_host))
+                       {
+                               *init_config = entry->init_config;
+                               status = SUCCESS;
+                               break;
+                       }
+                       /* check now if host informations are the same */
+                       else if (config_my_host->ip_is_equal(config_my_host,my_host))
+                       {
+                               *init_config = entry->init_config;
+                               status = SUCCESS;
+                               break;
+                       }
+               }
+       }
        
-       attribute = transform_attribute_create();
-
-       transform->add_transform_attribute(transform, attribute);
-
-       attribute->set_attribute_type(attribute, KEY_LENGTH);
-       attribute->set_value(attribute, 16);
+       iterator->destroy(iterator);
        
-       /* 
-        * Pseudo-random Function
-        */
-       transform = transform_substructure_create();
-
-       proposal->add_transform_substructure(proposal, transform);
+       return status;
+}
 
-       transform->set_transform_type(transform, PSEUDO_RANDOM_FUNCTION);
-       transform->set_transform_id(transform, PRF_HMAC_MD5);
+/**
+ * Implementation of configuration_manager_t.get_init_config_for_name.
+ */
+static status_t get_init_config_for_name (private_configuration_manager_t *this, char *name, init_config_t **init_config)
+{
+       iterator_t *iterator;
+       status_t status = NOT_FOUND;
        
-       attribute = transform_attribute_create();
-
-       transform->add_transform_attribute(transform, attribute);
-
-       attribute->set_attribute_type(attribute, KEY_LENGTH);
-       attribute->set_value(attribute, 16);
-
-       
-       /* 
-        * Integrity Algorithm 
-        */
-       transform = transform_substructure_create();
-
-       proposal->add_transform_substructure(proposal, transform);
-
-       transform->set_transform_type(transform, INTEGRITY_ALGORITHM);
-       transform->set_transform_id(transform, AUTH_HMAC_MD5_96);
+       iterator = this->configurations->create_iterator(this->configurations,TRUE);
        
-       attribute = transform_attribute_create();
-
-       transform->add_transform_attribute(transform, attribute);
-
-       attribute->set_attribute_type(attribute, KEY_LENGTH);
-       attribute->set_value(attribute, 16);
-       
-       
-    /* 
-     * Diffie-Hellman Group 
-     */
-       transform = transform_substructure_create();
+       while (iterator->has_next(iterator))
+       {
+               configuration_entry_t *entry;
+               iterator->current(iterator,(void **) &entry);
 
-       proposal->add_transform_substructure(proposal, transform);
+               if (strcmp(entry->name,name) == 0)
+               {
 
-       transform->set_transform_type(transform, DIFFIE_HELLMAN_GROUP);
-       transform->set_transform_id(transform, MODP_1024_BIT);
+                       /* found configuration */
+                       *init_config = entry->init_config;
+                       status = SUCCESS;
+                       break;
+               }
+       }
        
-       iterator->insert_after(iterator, (void*)proposal);
+       iterator->destroy(iterator);
        
-       return SUCCESS;
+       return status;
 }
        
 /**
- * Implements function configuration_manager_t.select_proposals_for_host.
+ * Implementation of configuration_manager_t.get_sa_config_for_name.
  */
-static status_t select_proposals_for_host(private_configuration_manager_t *this, host_t *host, iterator_t *in, iterator_t *out)
+static status_t get_sa_config_for_name (private_configuration_manager_t *this, char *name, sa_config_t **sa_config)
 {
-       /* Currently the first suggested proposal is selected, cloned and then returned*/
-       proposal_substructure_t *first_suggested_proposal;
-       proposal_substructure_t *selected_proposal;
+       iterator_t *iterator;
+       status_t status = NOT_FOUND;
+       
+       iterator = this->configurations->create_iterator(this->configurations,TRUE);
        
-       this->logger->log(this->logger,CONTROL | MORE, "Going to select first suggested proposal");
-       if (!in->has_next(in))
+       while (iterator->has_next(iterator))
        {
-               this->logger->log(this->logger,ERROR | MORE, "No proposal suggested");
-               /* no suggested proposal! */
-               return FAILED;
+               configuration_entry_t *entry;
+               iterator->current(iterator,(void **) &entry);
+
+               if (strcmp(entry->name,name) == 0)
+               {
+                       /* found configuration */
+                       *sa_config = entry->sa_config;
+                       status = SUCCESS;
+                       break;
+               }
        }
        
-       in->current(in,(void **) &first_suggested_proposal);
-
-       selected_proposal = first_suggested_proposal->clone(first_suggested_proposal);
+       iterator->destroy(iterator);
        
-       out->insert_after(out,selected_proposal);
-       return SUCCESS;
+       return status;
 }
 
 /**
- * Implements function configuration_manager_t.check_selected_proposals_for_host.
+ * Implementation of configuration_manager_t.get_sa_config_for_init_config_and_id.
  */
-static status_t check_selected_proposals_for_host (private_configuration_manager_t *this, host_t *host, iterator_t *proposals,bool *valid)
-{
-       /*
-        * Currently the given proposals are not checked if they are valid for specific host!
-        * 
-        * The first proposal is taken
-        */
-
-       this->logger->log(this->logger,CONTROL|MORE, "Going to check selected proposals");
-       return SUCCESS;
+static status_t get_sa_config_for_init_config_and_id (private_configuration_manager_t *this, init_config_t *init_config, identification_t *other_id, identification_t *my_id,sa_config_t **sa_config)
+{      
+       iterator_t *iterator;
+       status_t status = NOT_FOUND;
+       
+       iterator = this->configurations->create_iterator(this->configurations,TRUE);
+       
+       while (iterator->has_next(iterator))
+       {
+               configuration_entry_t *entry;
+               iterator->current(iterator,(void **) &entry);
+
+               if (entry->init_config == init_config)
+               {
+                       identification_t *config_my_id = entry->sa_config->get_my_id(entry->sa_config);
+                       identification_t *config_other_id = entry->sa_config->get_other_id(entry->sa_config);
+
+                       /* host informations seem to be the same */
+                       if (config_other_id->equals(config_other_id,other_id))
+                       {
+                               /* other ids seems to match */
+                               
+                               if (my_id == NULL)
+                               {
+                                       /* first matching one is selected */
+                                       
+                                       /* TODO priorize found entries */
+                                       *sa_config = entry->sa_config;
+                                       status = SUCCESS;
+                                       break;
+                               }
+
+                               if (config_my_id->equals(config_my_id,my_id))
+                               {
+                                       *sa_config = entry->sa_config;
+                                       status = SUCCESS;
+                                       break;
+                               }
+
+                       }
+               }
+       }
+       
+       iterator->destroy(iterator);
+       
+       return status;
 }
 
 /**
- * Implements function configuration_manager_t.is_dh_group_allowed_for_host.
+ * Implementation of private_configuration_manager_t.add_new_configuration.
  */
-static status_t is_dh_group_allowed_for_host(private_configuration_manager_t *this, host_t *host, diffie_hellman_group_t group, bool *allowed)
+static void add_new_configuration (private_configuration_manager_t *this, char *name, init_config_t *init_config, sa_config_t *sa_config)
 {
-       /*
-        * Only the two DH groups 768 and 1024 are supported for each configuration
-        */
+       iterator_t *iterator;
+       bool found;
        
-       if (group == MODP_768_BIT || group == MODP_1024_BIT)
+       iterator = this->init_configs->create_iterator(this->init_configs,TRUE);
+       found = FALSE;
+       while (iterator->has_next(iterator))
+       {
+               init_config_t *found_init_config;
+               iterator->current(iterator,(void **) &found_init_config);
+               if (init_config == found_init_config)
+               {
+                       found = TRUE;
+                       break;
+               }
+       }
+       iterator->destroy(iterator);
+       if (!found)
        {
-               *allowed = TRUE;                
+               this->init_configs->insert_first(this->init_configs,init_config);
        }
-       *allowed = FALSE;
        
-       this->logger->log(this->logger,CONTROL | MORE, "DH group %s is %s",mapping_find(diffie_hellman_group_m, group),(allowed)? "allowed" : "not allowed");
-       return SUCCESS;
-}
+       iterator = this->sa_configs->create_iterator(this->sa_configs,TRUE);
+       found = FALSE;
+       while (iterator->has_next(iterator))
+       {
+               sa_config_t *found_sa_config;
+               iterator->current(iterator,(void **) &found_sa_config);
+               if (sa_config == found_sa_config)
+               {
+                       found = TRUE;
+                       break;
+               }
+       }
+       iterator->destroy(iterator);
+       if (!found)
+       {
+               this->sa_configs->insert_first(this->sa_configs,sa_config);
+       }
 
+       this->configurations->insert_first(this->configurations,configuration_entry_create(name,init_config,sa_config));
+}
 
 /**
- * Implements function destroy of configuration_t.
- * See #configuration_s.destroy for description.
+ * Implementation of configuration_manager_t.destroy.
  */
-static status_t destroy(private_configuration_manager_t *this)
+static void destroy(private_configuration_manager_t *this)
 {
        this->logger->log(this->logger,CONTROL | MORE, "Going to destroy configuration manager ");
+
+       while (this->configurations->get_count(this->configurations) > 0)
+       {
+               configuration_entry_t *entry;
+               this->configurations->remove_first(this->configurations,(void **) &entry);
+               entry->destroy(entry);
+       }
+       /* todo delete all config objects */
+       
+       this->configurations->destroy(this->configurations);
+       
+       while (this->sa_configs->get_count(this->sa_configs) > 0)
+       {
+               sa_config_t *sa_config;
+               this->sa_configs->remove_first(this->sa_configs,(void **) &sa_config);
+//             sa_config->destroy(sa_config);
+       }
+
+       this->sa_configs->destroy(this->sa_configs);
+       
+       while (this->init_configs->get_count(this->init_configs) > 0)
+       {
+               init_config_t *init_config;
+               this->init_configs->remove_first(this->init_configs,(void **) &init_config);
+               init_config->destroy(init_config);
+       }
+       this->init_configs->destroy(this->init_configs);
        
        this->logger->log(this->logger,CONTROL | MOST, "Destroy assigned logger");
        charon->logger_manager->destroy_logger(charon->logger_manager,this->logger);
        allocator_free(this);
-       return SUCCESS;
 }
 
 /*
@@ -290,17 +456,23 @@ configuration_manager_t *configuration_manager_create()
        private_configuration_manager_t *this = allocator_alloc_thing(private_configuration_manager_t);
 
        /* public functions */
-       this->public.destroy = (status_t(*)(configuration_manager_t*))destroy;
-       this->public.get_remote_host = (status_t(*)(configuration_manager_t*,char*,host_t**))get_remote_host;
-       this->public.get_local_host = (status_t(*)(configuration_manager_t*,char*,host_t**))get_local_host;
-       this->public.get_dh_group_number = (status_t(*)(configuration_manager_t*,char*,u_int16_t *, u_int16_t))get_dh_group_number;
-       this->public.get_proposals_for_host = (status_t(*)(configuration_manager_t*,host_t*,iterator_t*))get_proposals_for_host;
-       this->public.select_proposals_for_host = (status_t(*)(configuration_manager_t*,host_t*,iterator_t*,iterator_t*))select_proposals_for_host;
-       this->public.check_selected_proposals_for_host =  (status_t (*) (configuration_manager_t *, host_t *, iterator_t *,bool *)) check_selected_proposals_for_host;
-       this->public.is_dh_group_allowed_for_host = (status_t(*)(configuration_manager_t*,host_t*,diffie_hellman_group_t,bool*)) is_dh_group_allowed_for_host;
-
+       this->public.destroy = (void(*)(configuration_manager_t*))destroy;
+       this->public.get_init_config_for_name = (status_t (*) (configuration_manager_t *, char *, init_config_t **)) get_init_config_for_name;
+       this->public.get_init_config_for_host = (status_t (*) (configuration_manager_t *, host_t *, host_t *,init_config_t **)) get_init_config_for_host;
+       this->public.get_sa_config_for_name =(status_t (*) (configuration_manager_t *, char *, sa_config_t **)) get_sa_config_for_name;
+       this->public.get_sa_config_for_init_config_and_id =(status_t (*) (configuration_manager_t *, init_config_t *, identification_t *, identification_t *,sa_config_t **)) get_sa_config_for_init_config_and_id;
+       
+       /* private functions */
+       this->load_default_config = load_default_config;
+       this->add_new_configuration = add_new_configuration;
+       
        /* private variables */
        this->logger = charon->logger_manager->create_logger(charon->logger_manager,CONFIGURATION_MANAGER,NULL);
+       this->configurations = linked_list_create();
+       this->sa_configs = linked_list_create();
+       this->init_configs = linked_list_create();
+       
+       this->load_default_config(this);
 
        return (&this->public);
 }
index 787286a..9cc6a31 100644 (file)
 #define CONFIGURATION_MANAGER_H_
 
 #include <types.h>
-#include <utils/linked_list.h>
-#include <network/host.h>
-#include <encoding/payloads/transform_substructure.h>
-#include <transforms/prfs/prf.h>
-#include <transforms/signers/signer.h>
-#include <transforms/crypters/crypter.h>
+#include <config/init_config.h>
+#include <config/sa_config.h>
 
 
 typedef struct configuration_manager_t configuration_manager_t;
@@ -37,138 +33,77 @@ typedef struct configuration_manager_t configuration_manager_t;
 /**
  * @brief Manages all configuration aspects of the daemon.
  * 
- * Currently the configuration manager class does not store specific configurations.
- * It is expected, that in future different configurations are stored in a linked list 
- * or a hash map and are managed by this class.
- * 
  * @ingroup config
  * 
  */
 struct configuration_manager_t { 
-       
+
        /**
-        * Gets the remote host information for a specific configuration name.
+        * Gets the configuration information needed for IKE_SA_INIT exchange 
+        * for a specific configuration name.
         * 
-        * A host information consist of IP address and UDP port.
+        * The returned init_config_t object MUST NOT be destroyed cause it's the original one.
         * 
-        * @param this  calling object
-        * @param name  name of the configuration
-        * @param host  remote host information gets stored at this location
+        * @param this                          calling object
+        * @param name                          name of the configuration
+        * @param[out] init_config      the configuration is stored at this place
         * 
         * @return              
         *                              - NOT_FOUND
         *                              - SUCCESS
         */
-       status_t (*get_remote_host) (configuration_manager_t *this, char *name, host_t **host);
+       status_t (*get_init_config_for_name) (configuration_manager_t *this, char *name, init_config_t **init_config);
 
        /**
-        * Gets the local host information for a specific configuration name
+        * Gets the configuration information needed for IKE_SA_INIT exchange 
+        * for specific host informations.
         * 
-        * A host information consist of IP address and UDP port.
+        * The returned init_config_t object MUST NOT be destroyed cause it's the original one.
         * 
-        * @param this  calling object
-        * @param name  name of the configuration
-        * @param host  local host information gets stored at this location
+        * @param this                          calling object
+        * @param my_host                       my host informations
+        * @param other_host                    other host informations
+        * @param[out] init_config      the configuration is stored at this place
         * 
         * @return              
-        *                              - NOT_FOUND (not yet implemented)
+        *                              - NOT_FOUND
         *                              - SUCCESS
-        */
-       status_t (*get_local_host) (configuration_manager_t *this, char *name, host_t **host);
+        */     
+       status_t (*get_init_config_for_host) (configuration_manager_t *this, host_t *my_host, host_t *other_host,init_config_t **init_config);
        
        /**
-        * Returns the DH group number to use when initiating a connection.
-        * 
-        * To make sure that different group numbers are supported in case 
-        * a group number is not supported by other peer, a priority has to get defined.
+        * Gets the configuration information needed after IKE_SA_INIT exchange.
         * 
+        * The returned sa_config_t object MUST not be destroyed cause it's the original one.
         * 
         * @param this                          calling object
         * @param name                          name of the configuration
-        * @param dh_group_number       the DH group number gets stored at this location
-        * @param priority                      priority to use for selection of DH group number.
-        *                                                      Highest priority is 1. All higher values have lower
-        *                                                      priority.
+        * @param[out] sa_config        the configuration is stored at this place
         * 
         * @return              
-        *                                                      - FAILED (not yet implemented)
-        *                                                      - NOT_FOUND (not yet implemented)
-        *                                                      - SUCCESS
-        */
-       status_t (*get_dh_group_number) (configuration_manager_t *this, char *name, u_int16_t *dh_group_number, u_int16_t priority);
-       
-       /**
-        * Returns the proposals which should be used to initiate a connection with a specific
-        * host.
-        * 
-        * The proposals of type proposal_substructure_t * are returned over the given iterator 
-        * and have to be destroyed by the caller.
-        * 
-        * 
-        * @param this                          calling object
-        * @param host                          host information used to find the correct proposals
-        * @param list                          iterator where the proposals are written to
-        * 
-        * @return              
-        *                                                      - NOT_FOUND (not yet implemented)
-        *                                                      - SUCCESS
-        */
-       status_t (*get_proposals_for_host) (configuration_manager_t *this, host_t *host, iterator_t *list);
-       
-       /**
-        * Checks the suggested proposals passed as iterator in and selects one proposal to be sent as selection
-        * of this proposals.
-        * 
-        * Currently there is no check implemented. The first suggested proposal is cloned and then as selected returned.
-        * 
-        * 
-        * @param this                          calling object
-        * @param host                          host information used to find the correct proposals
-        * @param in                                    iterator with suggested proposals of type proposal_substructure_t *
-        * @param out                           The selected proposals of type proposal_substructure_t * are written to this iterator
-        * 
-        * @return              
-        *                                                      - FAILED
-        *                                                      - NOT_FOUND (not yet implemented)
-        *                                                      - SUCCESS
-        */
-       status_t (*select_proposals_for_host) (configuration_manager_t *this, host_t *host, iterator_t *in, iterator_t *out);
-       
-       /**
-        * Checks if the selected proposals of a remote hosts are valid.
-        * 
-        * 
-        * @param this                          calling object
-        * @param host                          host information
-        * @param proposals                     iterator with selected proposals
-        * @param[out] valid                    TRUE if selected proposals are accepted
-        * 
-        * @return                      
-        *                                                                                              - FAILED
-        *                                                                                              - NOT_FOUND (not yet implemented)
-        *                                                                                              - SUCCESS
+        *                              - NOT_FOUND
+        *                              - SUCCESS
         */
-       status_t (*check_selected_proposals_for_host) (configuration_manager_t *this,
-                                                                                                  host_t *host, 
-                                                                                                  iterator_t *proposals,
-                                                                                                  bool *valid);
+       status_t (*get_sa_config_for_name) (configuration_manager_t *this, char *name, sa_config_t **sa_config);
        
        /**
-        * Checks if a given dh_group number is allowed for a specific host
+        * Gets the configuration information needed after IKE_SA_INIT exchange 
+        * for specific init_config_t and ID data.
         * 
+        * The returned sa_config_t object MUST NOT be destroyed cause it's the original one.
         * 
         * @param this                          calling object
-        * @param host                          host information
-        * @param group                         DH group number to check if allowed
-        * @param[out] allowed          will be set to TRUE if group number is allowed, FALSE otherwise
+        * @param init_config           init_config_t object
+        * @param other_id                      identification of other one
+        * @param my_id                 my identification (can be NULL)
+        * @param[out] sa_config        the configuration is stored at this place
         * 
         * @return              
-        *                                                      - FAILED
-        *                                                      - NOT_FOUND (not yet implemented)
-        *                                                      - SUCCESS
-        */
-       status_t (*is_dh_group_allowed_for_host) (configuration_manager_t *this, host_t *host, diffie_hellman_group_t group, bool *allowed);
-       
+        *                              - NOT_FOUND
+        *                              - SUCCESS
+        */     
+       status_t (*get_sa_config_for_init_config_and_id) (configuration_manager_t *this, init_config_t *init_config, identification_t *other_id, identification_t *my_id,sa_config_t **sa_config);
+
        /**
         * Destroys configuration manager
         * 
@@ -177,7 +112,7 @@ struct configuration_manager_t {
         * @return              
         *                                                      - SUCCESS
         */
-       status_t (*destroy) (configuration_manager_t *this);
+       void (*destroy) (configuration_manager_t *this);
 };
 
 /**
index 495feb7..27f669b 100644 (file)
@@ -24,6 +24,7 @@
 
 #include <utils/allocator.h>
 #include <utils/linked_list.h>
+#include <utils/logger.h>
 
 typedef struct private_init_config_t private_init_config_t;
 
@@ -58,7 +59,7 @@ struct private_init_config_t {
  */
 static host_t * get_my_host (private_init_config_t *this)
 {
-       return this->my_host->clone(this->my_host);
+       return this->my_host;
 }
 
 /**
@@ -66,6 +67,22 @@ static host_t * get_my_host (private_init_config_t *this)
  */
 static host_t * get_other_host (private_init_config_t *this)
 {
+       return this->other_host;
+}
+
+/**
+ * Implementation of init_config_t.get_my_host_clone.
+ */
+static host_t * get_my_host_clone (private_init_config_t *this)
+{
+       return this->my_host->clone(this->my_host);
+}
+
+/**
+ * Implementation of init_config_t.get_other_host_clone.
+ */
+static host_t * get_other_host_clone (private_init_config_t *this)
+{
        return this->other_host->clone(this->other_host);
 }
 
@@ -131,13 +148,21 @@ static status_t select_proposal (private_init_config_t *this, ike_proposal_t *pr
                {
                        my_iterator->current(my_iterator,(void **) &my_current_proposal);
                
-                       if (memcmp(my_current_proposal,&proposals[i],sizeof(ike_proposal_t)) == 0)
+                       /* memcmp doesn't work here */
+                       if ((proposals[i].encryption_algorithm == my_current_proposal->encryption_algorithm) &&
+                               (proposals[i].encryption_algorithm_key_length == my_current_proposal->encryption_algorithm_key_length) &&
+                               (proposals[i].integrity_algorithm == my_current_proposal->integrity_algorithm) &&
+                               (proposals[i].integrity_algorithm_key_length == my_current_proposal->integrity_algorithm_key_length) &&
+                               (proposals[i].pseudo_random_function == my_current_proposal->pseudo_random_function) &&
+                               (proposals[i].pseudo_random_function_key_length == my_current_proposal->pseudo_random_function_key_length) &&
+                               (proposals[i].diffie_hellman_group == my_current_proposal->diffie_hellman_group))
                        {
                                /* found a matching proposal */
                                *selected_proposal = *my_current_proposal;
                                my_iterator->destroy(my_iterator);
                                return SUCCESS;
                        }
+                       
                }                               
        }
        
@@ -151,6 +176,7 @@ static status_t select_proposal (private_init_config_t *this, ike_proposal_t *pr
 static void add_proposal (private_init_config_t *this,size_t priority, ike_proposal_t proposal)
 {
        ike_proposal_t * new_proposal = allocator_alloc(sizeof(ike_proposal_t));
+       status_t status;
        
        *new_proposal = proposal;
         
@@ -161,7 +187,8 @@ static void add_proposal (private_init_config_t *this,size_t priority, ike_propo
                return;
        }
        
-       this->proposals->insert_at_position(this->proposals,(priority - 1),new_proposal);
+       status = this->proposals->insert_at_position(this->proposals,(priority - 1),new_proposal);
+
 }
 
 /**
@@ -180,7 +207,6 @@ static void destroy (private_init_config_t *this)
        
        this->my_host->destroy(this->my_host);
        this->other_host->destroy(this->other_host);
-       
        allocator_free(this);
 }
 
@@ -194,6 +220,8 @@ init_config_t * init_config_create(char * my_ip, char *other_ip, u_int16_t my_po
        /* public functions */
        this->public.get_my_host = (host_t*(*)(init_config_t*))get_my_host;
        this->public.get_other_host = (host_t*(*)(init_config_t*))get_other_host;
+       this->public.get_my_host_clone = (host_t*(*)(init_config_t*))get_my_host_clone;
+       this->public.get_other_host_clone = (host_t*(*)(init_config_t*))get_other_host_clone;
        this->public.get_dh_group_number = (diffie_hellman_group_t (*)(init_config_t*,size_t))get_dh_group_number;
        this->public.get_proposals = (size_t(*)(init_config_t*,ike_proposal_t**))get_proposals;
        this->public.select_proposal = (status_t(*)(init_config_t*,ike_proposal_t*,size_t,ike_proposal_t*))select_proposal;
@@ -203,7 +231,7 @@ init_config_t * init_config_create(char * my_ip, char *other_ip, u_int16_t my_po
        /* private variables */
        this->my_host = host_create(AF_INET,my_ip, my_port);
        this->other_host = host_create(AF_INET,other_ip, other_port);
-       
+               
        this->proposals = linked_list_create();
 
        return (&this->public);
index 7ff46cc..5e189f9 100644 (file)
@@ -87,7 +87,7 @@ struct init_config_t {
        /**
         * Get my host information as host_t object.
         * 
-        * @warning Object is getting cloned and has to get destroyed by caller.
+        * @warning Object is NOT getting cloned.
         * 
         * @param this  calling object
         * @return              host information as host_t object
@@ -97,7 +97,7 @@ struct init_config_t {
        /**
         * Get other host information as host_t object.
         * 
-        * @warning Object is getting cloned and has to get destroyed by caller.
+        * @warning Object is NOT getting cloned.
         * 
         * @param this  calling object
         * @return              host information as host_t object
@@ -105,6 +105,26 @@ struct init_config_t {
        host_t * (*get_other_host) (init_config_t *this);
        
        /**
+        * Get my host information as host_t object.
+        * 
+        * @warning Object is not getting cloned and has to get destroyed by caller.
+        * 
+        * @param this  calling object
+        * @return              host information as host_t object
+        */
+       host_t * (*get_my_host_clone) (init_config_t *this);
+
+       /**
+        * Get other host information as host_t object.
+        * 
+        * @warning Object is not getting cloned and has to get destroyed by caller.
+        * 
+        * @param this  calling object
+        * @return              host information as host_t object
+        */
+       host_t * (*get_other_host_clone) (init_config_t *this);
+       
+       /**
         * Get the diffie hellman group to use as initiator with given priority.
         * 
         * 
index 651ed03..8da5eb5 100644 (file)
@@ -54,7 +54,7 @@
  * Port on which the daemon will 
  * listen for incoming traffic
  */
-#define IKEV2_UDP_PORT 500
+#define IKEV2_UDP_PORT 4500
 
 /**
  * Default loglevel to use. This is the
index f78e7b8..95a4537 100644 (file)
@@ -70,6 +70,34 @@ static socklen_t *get_sockaddr_len(private_host_t *this)
 }
 
 /**
+ * Implementation of host_t.is_default_route.
+ */
+static bool is_default_route (private_host_t *this)
+{
+       switch (this->family) 
+       {
+               case AF_INET: 
+               {
+                       int i;
+                       for (i = 0; i < 4;i++)
+                       {
+                               struct sockaddr_in *sin = (struct sockaddr_in*)&(this->address);
+                               if (*((&sin->sin_addr.s_addr) + i) != 0)
+                               {
+                                       return FALSE;
+                               }
+                       }
+                       return TRUE;
+               }
+               default:
+               {
+                       /* empty chunk is returned */
+                       return FALSE;
+               }       
+       }
+}
+
+/**
  * implements host_t.get_address
  */
 static char *get_address(private_host_t *this)
@@ -156,7 +184,7 @@ static private_host_t *clone(private_host_t *this)
 /**
  * Impelements host_t.equals
  */
-static bool equals(private_host_t *this, private_host_t *other)
+static bool ip_is_equal(private_host_t *this, private_host_t *other)
 {
        switch (this->family)
        {
@@ -166,7 +194,6 @@ static bool equals(private_host_t *this, private_host_t *other)
                        struct sockaddr_in *sin1 = (struct sockaddr_in*)&(this->address);
                        struct sockaddr_in *sin2 = (struct sockaddr_in*)&(other->address);
                        if ((sin1->sin_family == sin2->sin_family) &&
-                               (sin1->sin_port == sin2->sin_port) &&
                                (sin1->sin_addr.s_addr == sin2->sin_addr.s_addr))
                        {
                                return TRUE;    
@@ -177,10 +204,10 @@ static bool equals(private_host_t *this, private_host_t *other)
 }
 
 
-/*
- * Described in header.
+/**
+ * Creates an empty host_t object 
  */
-host_t *host_create(int family, char *address, u_int16_t port)
+static private_host_t *host_create_empty()
 {
        private_host_t *this = allocator_alloc_thing(private_host_t);
        
@@ -190,8 +217,20 @@ host_t *host_create(int family, char *address, u_int16_t port)
        this->public.get_address = (char* (*) (host_t *))get_address;
        this->public.get_address_as_chunk = (chunk_t (*) (host_t *)) get_address_as_chunk;
        this->public.get_port = (u_int16_t (*) (host_t *))get_port;
+       this->public.ip_is_equal = (bool (*) (host_t *,host_t *)) ip_is_equal;
+       this->public.is_default_route = (bool (*) (host_t *)) is_default_route;
        this->public.destroy = (void (*) (host_t*))destroy;
        
+       return this;
+}
+
+/*
+ * Described in header.
+ */
+host_t *host_create(int family, char *address, u_int16_t port)
+{
+       private_host_t *this = host_create_empty();
+       
        this->family = family;
 
        switch (family)
@@ -204,11 +243,16 @@ host_t *host_create(int family, char *address, u_int16_t port)
                        sin->sin_addr.s_addr = inet_addr(address);
                        sin->sin_port = htons(port);
                        this->socklen = sizeof(struct sockaddr_in);
-                       return (host_t*)this;
+                       return &(this->public);
+               }
+               default:
+               {
+                       allocator_free(this);
+                       return NULL;
+
                }
        }
-       allocator_free(this);
-       return NULL;
+       
 }
 
 /*
@@ -216,16 +260,7 @@ host_t *host_create(int family, char *address, u_int16_t port)
  */
 host_t *host_create_from_chunk(int family, chunk_t address, u_int16_t port)
 {
-       private_host_t *this = allocator_alloc_thing(private_host_t);
-       
-       this->public.get_sockaddr = (sockaddr_t* (*) (host_t*))get_sockaddr;
-       this->public.get_sockaddr_len = (socklen_t*(*) (host_t*))get_sockaddr_len;
-       this->public.clone = (host_t* (*) (host_t*))clone;
-       this->public.get_address = (char* (*) (host_t *))get_address;
-       this->public.get_address_as_chunk = (chunk_t (*) (host_t *)) get_address_as_chunk;
-       this->public.get_port = (u_int16_t (*) (host_t *))get_port;
-       this->public.equals = (bool (*) (host_t *,host_t *))equals;
-       this->public.destroy = (void (*) (host_t*))destroy;
+       private_host_t *this = host_create_empty();
        
        this->family = family;
 
@@ -241,8 +276,9 @@ host_t *host_create_from_chunk(int family, chunk_t address, u_int16_t port)
                                memcpy(&(sin->sin_addr.s_addr),address.ptr,4);
                                sin->sin_port = htons(port);
                                this->socklen = sizeof(struct sockaddr_in);
-                               return (host_t*)this;
+                               return &(this->public);
                        }
+                       
                }
        }
        allocator_free(this);
index 379eab0..b5223ef 100644 (file)
@@ -81,17 +81,27 @@ struct host_t {
         * Mostly used for debugging purposes. 
         * @warning string must NOT be freed
         * 
-        * @param this                  object to clone
+        * @param this                  object
         * @return                              address string, 
         */
        char* (*get_address) (host_t *this);
        
        /** 
+        * @brief Checks if the ip address of host is set to default route.
+        * 
+        * @param this                  calling object
+        * @return                              
+        *                                              - TRUE if host has IP 0.0.0.0 for default route 
+        *                                              - FALSE otherwise
+        */
+       bool (*is_default_route) (host_t *this);
+       
+       /** 
         * @brief get the address of this host as chunk_t
         * 
         * @warning returned chunk has to get destroyed by caller.
         * 
-        * @param this                  object to clone
+        * @param this                  object
         * @return                              address string, 
         */
        chunk_t (*get_address_as_chunk) (host_t *this);
@@ -107,13 +117,13 @@ struct host_t {
        u_int16_t (*get_port) (host_t *this);
                
        /** 
-        * @brief Compare two hosts.
+        * @brief Compare the ips of two hosts hosts.
         * 
         * @param this                  object to compare
         * @param other                 the other to compare
-        * @return                              TRUE if port and address are equal
+        * @return                              TRUE if addresses are equal.
         */
-       bool (*equals) (host_t *this, host_t *other);
+       bool (*ip_is_equal) (host_t *this, host_t *other);
        
        /** 
         * @brief Destroy this host object
index 60e6086..1ab5d2f 100644 (file)
@@ -81,6 +81,16 @@ struct private_ike_sa_t {
         * Linked List containing the child sa's of the current IKE_SA
         */
        linked_list_t *child_sas;
+       
+       /**
+        * TODO
+        */
+       init_config_t *init_config;
+       
+       /**
+        * TODO
+        */
+       sa_config_t *sa_config;
 
        /**
         * Current state of the IKE_SA
@@ -297,11 +307,7 @@ static status_t initialize_connection(private_ike_sa_t *this, char *name)
        current_state = (initiator_init_t *) this->current_state;
        
        status = current_state->initiate_connection(current_state,name);
-       
-       if (status != SUCCESS)
-       {
-               this->create_delete_job(this);
-       }
+
        return status;
 }
 
@@ -468,15 +474,42 @@ static host_t *get_other_host (private_ike_sa_t *this)
 }
 
 /**
+ * Implementation of protected_ike_sa_t.get_init_config.
+ */
+static init_config_t *get_init_config (private_ike_sa_t *this)
+{
+       return this->init_config;
+}
+
+/**
+ * Implementation of protected_ike_sa_t.set_init_config.
+ */
+static void set_init_config (private_ike_sa_t *this,init_config_t * init_config)
+{
+       this->init_config = init_config;
+}
+
+/**
+ * Implementation of protected_ike_sa_t.get_sa_config.
+ */
+static sa_config_t *get_sa_config (private_ike_sa_t *this)
+{
+       return this->sa_config;
+}
+
+/**
+ * Implementation of protected_ike_sa_t.set_sa_config.
+ */
+static void set_sa_config (private_ike_sa_t *this,sa_config_t * sa_config)
+{
+       this->sa_config = sa_config;
+}
+
+/**
  * Implementation of protected_ike_sa_t.set_my_host.
  */
 static void set_my_host (private_ike_sa_t *this, host_t *my_host)
 {
-       if (this->me.host != NULL)
-       {
-               this    ->logger->log(this->logger, CONTROL|MOST, "Destroy existing my host object");
-               this->me.host->destroy(this->me.host);
-       }
        this->me.host = my_host;
 }
 
@@ -485,61 +518,25 @@ static void set_my_host (private_ike_sa_t *this, host_t *my_host)
  */
 static void set_other_host (private_ike_sa_t *this, host_t *other_host)
 {
-       if (this->other.host != NULL)
-       {
-               this    ->logger->log(this->logger, CONTROL|MOST, "Destroy existing other host object");
-               this->other.host->destroy(this->other.host);
-       }
        this->other.host = other_host;
 }
 
 /**
  * Implementation of protected_ike_sa_t.set_prf.
  */
-static status_t create_transforms_from_proposal (private_ike_sa_t *this,proposal_substructure_t *proposal)
+static status_t create_transforms_from_proposal (private_ike_sa_t *this,ike_proposal_t *proposal)
 {
-       status_t status;
-       u_int16_t encryption_algorithm;
-       u_int16_t encryption_algorithm_key_length;
-       u_int16_t integrity_algorithm;
-       u_int16_t integrity_algorithm_key_length;
-       u_int16_t pseudo_random_function;
-       u_int16_t pseudo_random_function_key_length;
-       
        this->logger->log(this->logger, CONTROL|MORE, "Going to create transform objects for proposal");
        
-       this->logger->log(this->logger, CONTROL|MOST, "Get encryption transform type");
-       status = proposal->get_info_for_transform_type(proposal,ENCRYPTION_ALGORITHM,&(encryption_algorithm),&(encryption_algorithm_key_length));
-       if (status != SUCCESS)
-       {
-               this->logger->log(this->logger, ERROR|MORE, "Could not get encryption transform type");
-               return status;
-       }
-       this->logger->log(this->logger, CONTROL|MORE, "Encryption algorithm: %s with keylength %d",mapping_find(encryption_algorithm_m,encryption_algorithm),encryption_algorithm_key_length);
-       
-       this->logger->log(this->logger, CONTROL|MOST, "Get integrity transform type");
-       status = proposal->get_info_for_transform_type(proposal,INTEGRITY_ALGORITHM,&(integrity_algorithm),&(integrity_algorithm_key_length));
-       if (status != SUCCESS)
-       {
-               this->logger->log(this->logger, ERROR|MORE, "Could not get integrity transform type");
-               return status;
-       }
-       this->logger->log(this->logger, CONTROL|MORE, "integrity algorithm: %s with keylength %d",mapping_find(integrity_algorithm_m,integrity_algorithm),integrity_algorithm_key_length);
-       
-       this->logger->log(this->logger, CONTROL|MOST, "Get prf transform type");
-       status = proposal->get_info_for_transform_type(proposal,PSEUDO_RANDOM_FUNCTION,&(pseudo_random_function),&(pseudo_random_function_key_length));
-       if (status != SUCCESS)
-       {
-               this->logger->log(this->logger, ERROR|MORE, "Could not prf transform type");
-               return status;
-       }
-       this->logger->log(this->logger, CONTROL|MORE, "prf: %s with keylength %d",mapping_find(pseudo_random_function_m,pseudo_random_function),pseudo_random_function_key_length);
+       this->logger->log(this->logger, CONTROL|MORE, "Encryption algorithm: %s with keylength %d",mapping_find(encryption_algorithm_m,proposal->encryption_algorithm),proposal->encryption_algorithm_key_length);
+       this->logger->log(this->logger, CONTROL|MORE, "integrity algorithm: %s with keylength %d",mapping_find(integrity_algorithm_m,proposal->integrity_algorithm),proposal->integrity_algorithm_key_length);
+       this->logger->log(this->logger, CONTROL|MORE, "prf: %s with keylength %d",mapping_find(pseudo_random_function_m,proposal->pseudo_random_function),proposal->pseudo_random_function_key_length);
        
        if (this->prf != NULL)
        {
                this->prf->destroy(this->prf);
        }
-       this->prf = prf_create(pseudo_random_function);
+       this->prf = prf_create(proposal->pseudo_random_function);
        if (this->prf == NULL)
        {
                this->logger->log(this->logger, ERROR|MORE, "prf not supported!");
@@ -550,7 +547,7 @@ static status_t create_transforms_from_proposal (private_ike_sa_t *this,proposal
        {
                this->crypter_initiator->destroy(this->crypter_initiator);
        }
-       this->crypter_initiator = crypter_create(encryption_algorithm,encryption_algorithm_key_length);
+       this->crypter_initiator = crypter_create(proposal->encryption_algorithm,proposal->encryption_algorithm_key_length);
        if (this->crypter_initiator == NULL)
        {
                this->logger->log(this->logger, ERROR|MORE, "encryption algorithm not supported!");
@@ -561,7 +558,7 @@ static status_t create_transforms_from_proposal (private_ike_sa_t *this,proposal
        {
                this->crypter_responder->destroy(this->crypter_responder);
        }
-       this->crypter_responder = crypter_create(encryption_algorithm,encryption_algorithm_key_length);
+       this->crypter_responder = crypter_create(proposal->encryption_algorithm,proposal->encryption_algorithm_key_length);
        if (this->crypter_responder == NULL)
        {
                this->logger->log(this->logger, ERROR|MORE, "encryption algorithm not supported!");
@@ -572,7 +569,7 @@ static status_t create_transforms_from_proposal (private_ike_sa_t *this,proposal
        {
                this->signer_initiator->destroy(this->signer_initiator);
        }
-       this->signer_initiator = signer_create(integrity_algorithm);
+       this->signer_initiator = signer_create(proposal->integrity_algorithm);
        if (this->signer_initiator == NULL)
        {
                this->logger->log(this->logger, ERROR|MORE, "integrity algorithm not supported!");
@@ -583,7 +580,7 @@ static status_t create_transforms_from_proposal (private_ike_sa_t *this,proposal
        {
                this->signer_responder->destroy(this->signer_responder);
        }
-       this->signer_responder = signer_create(integrity_algorithm);
+       this->signer_responder = signer_create(proposal->integrity_algorithm);
        if (this->signer_responder == NULL)
        {
                this->logger->log(this->logger, ERROR|MORE, "integrity algorithm not supported!");
@@ -733,24 +730,27 @@ static void destroy (private_ike_sa_t *this)
                this->last_requested_message->destroy(this->last_requested_message);
        }
        
-       /* destroy stored responded messages */
-       if (this->last_responded_message != NULL)
-       {
-               this->last_responded_message->destroy(this->last_responded_message);
-       }
-       
-       this->randomizer->destroy(this->randomizer);
-
+       /* destroy stored host_t objects */
        if (this->me.host != NULL)
        {
                this->me.host->destroy(this->me.host);
        }
        
+       /* destroy stored host_t objects */
        if (this->other.host != NULL)
        {
                this->other.host->destroy(this->other.host);
        }
        
+       
+       /* destroy stored responded messages */
+       if (this->last_responded_message != NULL)
+       {
+               this->last_responded_message->destroy(this->last_responded_message);
+       }
+       
+       this->randomizer->destroy(this->randomizer);
+
        this->logger->log(this->logger, CONTROL | MOST, "Destroy current state object");
        this->current_state->destroy(this->current_state);
        
@@ -777,6 +777,10 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
        this->protected.build_message = (void (*) (protected_ike_sa_t *, exchange_type_t , bool , message_t **)) build_message;
        this->protected.compute_secrets = (void (*) (protected_ike_sa_t *,chunk_t ,chunk_t , chunk_t )) compute_secrets;
        this->protected.get_logger = (logger_t *(*) (protected_ike_sa_t *)) get_logger;         
+       this->protected.set_init_config = (void (*) (protected_ike_sa_t *,init_config_t *)) set_init_config;
+       this->protected.get_init_config = (init_config_t *(*) (protected_ike_sa_t *)) get_init_config;
+       this->protected.set_sa_config = (void (*) (protected_ike_sa_t *,sa_config_t *)) set_sa_config;
+       this->protected.get_sa_config = (sa_config_t *(*) (protected_ike_sa_t *)) get_sa_config;
        this->protected.get_my_host = (host_t *(*) (protected_ike_sa_t *)) get_my_host;
        this->protected.get_other_host = (host_t *(*) (protected_ike_sa_t *)) get_other_host;
        this->protected.set_my_host = (void(*) (protected_ike_sa_t *,host_t *)) set_my_host;
@@ -784,7 +788,7 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
        this->protected.get_randomizer = (randomizer_t *(*) (protected_ike_sa_t *)) get_randomizer;
        this->protected.set_last_requested_message = (status_t (*) (protected_ike_sa_t *,message_t *)) set_last_requested_message;
        this->protected.set_last_responded_message = (status_t (*) (protected_ike_sa_t *,message_t *)) set_last_responded_message;
-       this->protected.create_transforms_from_proposal = (status_t (*) (protected_ike_sa_t *,proposal_substructure_t *)) create_transforms_from_proposal;
+       this->protected.create_transforms_from_proposal = (status_t (*) (protected_ike_sa_t *,ike_proposal_t *)) create_transforms_from_proposal;
        this->protected.set_new_state = (void (*) (protected_ike_sa_t *,state_t *)) set_new_state;
        this->protected.get_crypter_initiator = (crypter_t *(*) (protected_ike_sa_t *)) get_crypter_initiator;
        this->protected.get_signer_initiator = (signer_t *(*) (protected_ike_sa_t *)) get_signer_initiator;     
@@ -821,6 +825,8 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
        this->signer_initiator = NULL;
        this->signer_responder = NULL;
        this->prf = NULL;
+       this->init_config = NULL;
+       this->sa_config = NULL;
        
        /* at creation time, IKE_SA is in a initiator state */
        if (ike_sa_id->is_initiator(ike_sa_id))
index 51d8be4..a5cf637 100644 (file)
@@ -27,6 +27,7 @@
 #include <encoding/message.h>
 #include <encoding/payloads/proposal_substructure.h>
 #include <sa/ike_sa_id.h>
+#include <config/configuration_manager.h>
 #include <utils/logger.h>
 #include <utils/randomizer.h>
 #include <sa/states/state.h>
@@ -137,6 +138,41 @@ struct protected_ike_sa_t {
         */
        logger_t *(*get_logger) (protected_ike_sa_t *this);
        
+       /**
+        * Gets the internal stored init_config_t object.
+        * 
+        * Returned value has to get checked for NULL value!
+        * 
+        * @param this                          calling object
+        * @return                                      pointer to the internal stored init_config_t object
+        */
+       init_config_t *(*get_init_config) (protected_ike_sa_t *this);
+       
+       /**
+        * Sets the internal init_config_t object.
+        * 
+        * @param this                          calling object
+        * @param init_config           object of type init_config_t
+        */
+       void (*set_init_config) (protected_ike_sa_t *this,init_config_t *init_config);
+       
+       /**
+        * Gets the internal stored sa_config_t object.
+        * 
+        * Returned value has to get checked for NULL value!
+        * 
+        * @param this                          calling object
+        * @return                                      pointer to the internal stored sa_config_t object
+        */
+       sa_config_t *(*get_sa_config) (protected_ike_sa_t *this);
+       
+       /**
+        * Sets the internal sa_config_t object.
+        * 
+        * @param this                          calling object
+        * @param sa_config                     object of type sa_config_t
+        */
+       void (*set_sa_config) (protected_ike_sa_t *this,sa_config_t *sa_config);
 
        /**
         * Gets the internal stored host_t object for my host.
@@ -176,7 +212,7 @@ struct protected_ike_sa_t {
        
        /**
         * Creates all needed transform objects for given ike_sa_t using 
-        * the informations stored in a proposal_substructure_t object
+        * the informations stored in a ike_proposal_t object
         * 
         * Allready existing objects get destroyed.
         * 
@@ -184,7 +220,7 @@ struct protected_ike_sa_t {
         * @param proposal                      proposal used to get informations for transform
         *                                                      objects (algorithms, key lengths, etc.)
         */
-       status_t (*create_transforms_from_proposal) (protected_ike_sa_t *this,proposal_substructure_t *proposal);
+       status_t (*create_transforms_from_proposal) (protected_ike_sa_t *this,ike_proposal_t * proposal);
        
        /**
         * Sets the last requested message.
index 5f6679f..29d6c28 100644 (file)
@@ -173,57 +173,48 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t
                        case SECURITY_ASSOCIATION:
                        {
                                sa_payload_t *sa_payload = (sa_payload_t*)payload;
-                               iterator_t      *suggested_proposals;
-                               proposal_substructure_t *suggested_proposal;                    
-                               bool valid;
-                               
+                               ike_proposal_t *ike_proposals;
+                               ike_proposal_t selected_proposal;
+                               size_t proposal_count;                  
+                               init_config_t *init_config;     
                                
                                /* get the list of suggested proposals */ 
-                               suggested_proposals = sa_payload->create_proposal_substructure_iterator(sa_payload, TRUE);
-
-                               
-                               /* now let the configuration-manager check the selected proposals*/
-                               this->logger->log(this->logger, CONTROL | MOST, "Check suggested proposals");
-                               status = charon->configuration_manager->check_selected_proposals_for_host(charon->configuration_manager,
-                                                                       this->ike_sa->get_other_host(this->ike_sa), suggested_proposals,&valid);
+                               status = sa_payload->get_ike_proposals (sa_payload, &ike_proposals,&proposal_count);
                                if (status != SUCCESS)
                                {
-                                       this->logger->log(this->logger, ERROR | MORE, "Could not check suggested proposals!");
-                                       suggested_proposals->destroy(suggested_proposals);
+                                       this->logger->log(this->logger, ERROR | MORE, "SA payload does not contain IKE proposals");
                                        payloads->destroy(payloads);
-                                       return status;
+                                       return status;  
                                }
-
-                               if (!valid)
+                               
+                               if (proposal_count != 1)
                                {
-                                       this->logger->log(this->logger, ERROR | MORE, "Suggested proposals not accepted!");
+                                       this->logger->log(this->logger, ERROR | MORE, "More then one proposal selected!");
+                                       allocator_free(ike_proposals);
                                        payloads->destroy(payloads);
-                                       return status;
+                                       return status;                                                  
                                }
+                               
+                               /* now let the configuration-manager check the selected proposals*/
+                               this->logger->log(this->logger, CONTROL | MOST, "Check suggested proposals");
+                               init_config = this->ike_sa->get_init_config(this->ike_sa);
 
-
-                               /* let the ike_sa create their own transforms from proposal informations */
-                               suggested_proposals->reset(suggested_proposals);
-                               /* TODO check for true*/
-                               suggested_proposals->has_next(suggested_proposals);
-                               status = suggested_proposals->current(suggested_proposals,(void **)&suggested_proposal);
-                               suggested_proposals->destroy(suggested_proposals);
+                               status = init_config->select_proposal (init_config,ike_proposals,1,&selected_proposal);
+                               allocator_free(ike_proposals);
                                if (status != SUCCESS)
                                {
-                                       this->logger->log(this->logger, ERROR | MORE, "Could not get first proposal");
+                                       this->logger->log(this->logger, ERROR | MORE, "Selected proposal not a suggested one!");
                                        payloads->destroy(payloads);
                                        return status;
                                }
-                                                               
-                               status = this->ike_sa->create_transforms_from_proposal(this->ike_sa,suggested_proposal);        
+                                                       
+                               status = this->ike_sa->create_transforms_from_proposal(this->ike_sa,&selected_proposal);        
                                if (status != SUCCESS)
                                {
                                        this->logger->log(this->logger, ERROR | MORE, "Transform objects could not be created from selected proposal");
                                        payloads->destroy(payloads);
                                        return status;
                                }
-                               
-
                                /* ok, we have what we need for sa_payload */
                                break;
                        }
index cd44faf..7aa1fd0 100644 (file)
@@ -83,7 +83,7 @@ static status_t process_message(private_ike_sa_init_responded_t *this, message_t
        status_t status;
        signer_t *signer;
        crypter_t *crypter;
-       iterator_t *payloads, *iterator;
+       iterator_t *payloads;
        exchange_type_t exchange_type;
        id_payload_t *idi_payload, *idr_payload;
        auth_payload_t *auth_payload;
@@ -234,7 +234,6 @@ static status_t process_message(private_ike_sa_init_responded_t *this, message_t
 
 static status_t build_id_payload(private_ike_sa_init_responded_t *this, id_payload_t *id_payload)
 {
-       
        return SUCCESS;
 }
 
index 7ade885..2c653ee 100644 (file)
@@ -72,12 +72,6 @@ struct private_initiator_init_t {
         * This nonce is passed to the next state of type ike_sa_init_requested_t.
         */
        chunk_t sent_nonce;
-       
-       /**
-        * Proposals used to initiate connection.
-        * 
-        */
-       linked_list_t *proposals;
 
        /**
         * Logger used to log :-)
@@ -136,66 +130,43 @@ struct private_initiator_init_t {
  */
 static status_t initiate_connection (private_initiator_init_t *this, char *name)
 {
-       iterator_t *proposal_iterator;
        ike_sa_init_requested_t *next_state;
        message_t *message;
        packet_t *packet;
        status_t status;
-       host_t *my_host;
-       host_t *other_host;
        randomizer_t *randomizer;
+       init_config_t *init_config;
        
        this->logger->log(this->logger, CONTROL, "Initializing connection %s",name);
        
-       /* get local host */
-       status = charon->configuration_manager->get_local_host(charon->configuration_manager, name, &my_host);
-       if (status != SUCCESS)
-       {       
-               this->logger->log(this->logger, ERROR | MORE, "Could not retrieve local host configuration information for %s",name);
-               return INVALID_ARG;
-       }
-       this->ike_sa->set_my_host(this->ike_sa,my_host);
+       /* get init_config_t object */
+       status = charon->configuration_manager->get_init_config_for_name(charon->configuration_manager,name,&init_config);
        
-       /* get remote host */
-       status = charon->configuration_manager->get_remote_host(charon->configuration_manager, name, &other_host);
        if (status != SUCCESS)
        {       
-               this->logger->log(this->logger, ERROR | MORE, "Could not retrieve remote host configuration information for %s",name);
+               this->logger->log(this->logger, ERROR | MORE, "Could not retrieve INIT configuration informations for %s",name);
                return INVALID_ARG;
        }
-       this->ike_sa->set_other_host(this->ike_sa,other_host);
        
-       /* get dh group */
-       status = charon->configuration_manager->get_dh_group_number(charon->configuration_manager, name, &(this->dh_group_number), this->dh_group_priority);
-       if (status != SUCCESS)
+       /* configuration can be set */
+       this->ike_sa->set_init_config(this->ike_sa,init_config);
+       
+       this->ike_sa->set_other_host(this->ike_sa,init_config->get_other_host_clone(init_config));
+       this->ike_sa->set_my_host(this->ike_sa,init_config->get_my_host_clone(init_config));
+       
+       this->dh_group_number = init_config->get_dh_group_number(init_config,this->dh_group_priority);
+       if (this->dh_group_number == MODP_UNDEFINED)
        {
-               this->logger->log(this->logger, ERROR | MORE, "Could not retrieve DH group number configuration for %s",name);
+               this->logger->log(this->logger, ERROR | MORE, "Diffie hellman group could not be  retrieved with priority %d", this->dh_group_priority);
                return INVALID_ARG;
        }
-
-       /* get proposals */
-       proposal_iterator = this->proposals->create_iterator(this->proposals, FALSE);
-       status = charon->configuration_manager->get_proposals_for_host(charon->configuration_manager, this->ike_sa->get_other_host(this->ike_sa), proposal_iterator);
        
-       proposal_iterator->destroy(proposal_iterator);
-       if (status != SUCCESS)
-       {
-               this->logger->log(this->logger, ERROR | MORE, "Could not retrieve Proposals for %s",name);
-               return status;
-       }
-
        /* a diffie hellman object could allready exist caused by an failed initiate_connection call */ 
        if (this->diffie_hellman == NULL)
        {
                this->diffie_hellman = diffie_hellman_create(this->dh_group_number);
        }
        
-       if (this->diffie_hellman == NULL)
-       {
-               this->logger->log(this->logger, ERROR, "Object of type diffie_hellman_t could not be created!");
-               return FAILED;
-       }
-       
        if (this->sent_nonce.ptr != NULL)
        {
                allocator_free(this->sent_nonce.ptr);
@@ -286,29 +257,19 @@ static void build_ike_sa_init_request (private_initiator_init_t *this, message_t
 static void build_sa_payload(private_initiator_init_t *this, payload_t **payload)
 {
        sa_payload_t* sa_payload;
-       iterator_t *proposal_iterator;
+       size_t proposal_count;
+       ike_proposal_t *proposals;
+       init_config_t *init_config;
        
-       /* SA payload takes proposals from this->ike_sa_init_data.proposals 
-        * and writes them to the created sa_payload 
-        */
-
        this->logger->log(this->logger, CONTROL|MORE, "building sa payload");
-       proposal_iterator = this->proposals->create_iterator(this->proposals, FALSE);
        
-       sa_payload = sa_payload_create();
-       
-       while (proposal_iterator->has_next(proposal_iterator))
-       {
-               proposal_substructure_t *current_proposal;
-               proposal_substructure_t *current_proposal_clone;
-               proposal_iterator->current(proposal_iterator,(void **) &current_proposal);
+       init_config = this->ike_sa->get_init_config(this->ike_sa);
 
-               current_proposal_clone = current_proposal->clone(current_proposal);
-               
-               sa_payload->add_proposal_substructure(sa_payload,current_proposal_clone);
-       }
-       proposal_iterator->destroy(proposal_iterator);
+       proposal_count = init_config->get_proposals(init_config,&proposals);
        
+       sa_payload = sa_payload_create_from_ike_proposals(proposals,proposal_count);    
+
+       allocator_free(proposals);
        *payload = (payload_t *) sa_payload;    
 }
 
@@ -375,14 +336,7 @@ static void destroy(private_initiator_init_t *this)
 
        /* destroy stored proposal */
        this->logger->log(this->logger, CONTROL | MOST, "Destroy stored proposals");
-       while (this->proposals->get_count(this->proposals) > 0)
-       {
-               proposal_substructure_t *current_proposal;
-               this->proposals->remove_first(this->proposals,(void **)&current_proposal);
-               current_proposal->destroy(current_proposal);
-       }
-       this->proposals->destroy(this->proposals);
-       
+
        /* destroy diffie hellman object */
        if (this->diffie_hellman != NULL)
        {
@@ -406,13 +360,6 @@ static void destroy_after_state_change (private_initiator_init_t *this)
        
        /* destroy stored proposal */
        this->logger->log(this->logger, CONTROL | MOST, "Destroy stored proposals");
-       while (this->proposals->get_count(this->proposals) > 0)
-       {
-               proposal_substructure_t *current_proposal;
-               this->proposals->remove_first(this->proposals,(void **)&current_proposal);
-               current_proposal->destroy(current_proposal);
-       }
-       this->proposals->destroy(this->proposals);
        allocator_free(this);
 }
 
@@ -442,7 +389,6 @@ initiator_init_t *initiator_init_create(protected_ike_sa_t *ike_sa)
        this->ike_sa = ike_sa;
        this->dh_group_priority = 1;
        this->logger = this->ike_sa->get_logger(this->ike_sa);
-       this->proposals = linked_list_create();
        this->sent_nonce = CHUNK_INITIALIZER;
 
        return &(this->public);
index 35d85fd..fd730db 100644 (file)
@@ -89,10 +89,10 @@ struct private_responder_init_t {
        logger_t *logger;
        
        /**
-        * Proposals used to initiate connection
+        * Selected proposal from suggested ones.
         */
-       linked_list_t *proposals;
-       
+       ike_proposal_t selected_proposal;
+
        /**
         * Builds the SA payload for this state.
         * 
@@ -147,6 +147,8 @@ static status_t process_message(private_responder_init_t *this, message_t *messa
        host_t *my_host;
        host_t *other_host;
        randomizer_t *randomizer;
+       init_config_t *init_config;
+       diffie_hellman_group_t dh_group = MODP_UNDEFINED;
 
        exchange_type = message->get_exchange_type(message);
        if (exchange_type != IKE_SA_INIT)
@@ -154,16 +156,26 @@ static status_t process_message(private_responder_init_t *this, message_t *messa
                this->logger->log(this->logger, ERROR | MORE, "Message of type %s not supported in state responder_init",mapping_find(exchange_type_m,exchange_type));
                return FAILED;
        }
-       
        if (!message->get_request(message))
        {
                this->logger->log(this->logger, ERROR | MORE, "Only requests of type IKE_SA_INIT supported in state responder_init");
                return FAILED;
        }
-       
        /* this is the first message we process, so copy host infos */
        source = message->get_source(message);
        destination = message->get_destination(message);
+
+       status = charon->configuration_manager->get_init_config_for_host(charon->configuration_manager,destination,source,&init_config);
+
+       if (status != SUCCESS)
+       {
+               /* no configuration matches given host */
+               this->logger->log(this->logger, ERROR | MORE, "No INIT configuration found for given remote and local hosts");
+               return FAILED;
+       }
+       
+       this->ike_sa->set_init_config(this->ike_sa,init_config);
+       
        
        /* we need to clone them, since we destroy the message later */
        my_host = destination->clone(destination);
@@ -195,44 +207,30 @@ static status_t process_message(private_responder_init_t *this, message_t *messa
                        case SECURITY_ASSOCIATION:
                        {
                                sa_payload_t *sa_payload = (sa_payload_t*)payload;
-                               iterator_t *suggested_proposals, *accepted_proposals;
-                               proposal_substructure_t *accepted_proposal;
-                               
-                               accepted_proposals = this->proposals->create_iterator(this->proposals, FALSE);
-                               
+                               ike_proposal_t *ike_proposals;
+                               size_t proposal_count;
+                       
                                /* get the list of suggested proposals */ 
-                               suggested_proposals = sa_payload->create_proposal_substructure_iterator(sa_payload, TRUE);
-                               
-                               /* now let the configuration-manager select a subset of the proposals */
-                               status = charon->configuration_manager->select_proposals_for_host(charon->configuration_manager,
-                                                                       this->ike_sa->get_other_host(this->ike_sa), suggested_proposals, accepted_proposals);
+                               status = sa_payload->get_ike_proposals (sa_payload, &ike_proposals,&proposal_count);
                                if (status != SUCCESS)
                                {
-                                       this->logger->log(this->logger, CONTROL | MORE, "No proposal of suggested proposals selected");
-                                       suggested_proposals->destroy(suggested_proposals);
-                                       accepted_proposals->destroy(accepted_proposals);
+                                       this->logger->log(this->logger, ERROR | MORE, "SA payload does not contain IKE proposals");
                                        payloads->destroy(payloads);
-                                       return status;
+                                       return status;  
                                }
-                               
-                               /* iterators are not needed anymore */                  
-                               suggested_proposals->destroy(suggested_proposals);
-                               
-                               /* let the ike_sa create their own transforms from proposal informations */
-                               accepted_proposals->reset(accepted_proposals);
-                               /* TODO check for true*/
-                               accepted_proposals->has_next(accepted_proposals);
-                               status = accepted_proposals->current(accepted_proposals,(void **)&accepted_proposal);
+       
+                               status = init_config->select_proposal(init_config, ike_proposals,proposal_count,&(this->selected_proposal));
+                               allocator_free(ike_proposals);
                                if (status != SUCCESS)
                                {
-                                       this->logger->log(this->logger, ERROR | MORE, "Accepted proposals not supported?!");
-                                       accepted_proposals->destroy(accepted_proposals);
+                                       this->logger->log(this->logger, ERROR | MORE, "No proposal of suggested proposals selected");
                                        payloads->destroy(payloads);
                                        return status;
                                }
                                
-                               status = this->ike_sa->create_transforms_from_proposal(this->ike_sa,accepted_proposal); 
-                               accepted_proposals->destroy(accepted_proposals);
+                               dh_group = this->selected_proposal.diffie_hellman_group;
+                               
+                               status = this->ike_sa->create_transforms_from_proposal(this->ike_sa,&(this->selected_proposal));        
                                if (status != SUCCESS)
                                {
                                        this->logger->log(this->logger, ERROR | MORE, "Transform objects could not be created from selected proposal");
@@ -253,12 +251,9 @@ static status_t process_message(private_responder_init_t *this, message_t *messa
                                
                                group = ke_payload->get_dh_group_number(ke_payload);
                                
-                               status = charon->configuration_manager->is_dh_group_allowed_for_host(charon->configuration_manager,
-                                                               this->ike_sa->get_other_host(this->ike_sa), group, &allowed_group);
-
-                               if (status != SUCCESS)
+                               if (dh_group == MODP_UNDEFINED)
                                {
-                                       this->logger->log(this->logger, ERROR | MORE, "Could not get informations about DH group");
+                                       this->logger->log(this->logger, ERROR | MORE, "Could not get informations about DH group. SA payload before KE payload?");
                                        payloads->destroy(payloads);
                                        return status;
                                }
@@ -387,27 +382,12 @@ static status_t process_message(private_responder_init_t *this, message_t *messa
 static void build_sa_payload(private_responder_init_t *this, payload_t **payload)
 {
        sa_payload_t* sa_payload;
-       iterator_t *proposal_iterator;
        
        /* SA payload takes proposals from this->ike_sa_init_data.proposals and writes them to the created sa_payload */
        
        this->logger->log(this->logger, CONTROL|MORE, "building sa payload");
        
-       proposal_iterator = this->proposals->create_iterator(this->proposals, FALSE);
-       
-       sa_payload = sa_payload_create();
-       
-       while (proposal_iterator->has_next(proposal_iterator))
-       {
-               proposal_substructure_t *current_proposal;
-               proposal_substructure_t *current_proposal_clone;
-               
-               proposal_iterator->current(proposal_iterator,(void **) &current_proposal);
-               current_proposal_clone = current_proposal->clone(current_proposal);
-               sa_payload->add_proposal_substructure(sa_payload,current_proposal_clone);
-       }
-       
-       proposal_iterator->destroy(proposal_iterator);  
+       sa_payload = sa_payload_create_from_ike_proposals(&(this->selected_proposal),1);        
        
        *payload = (payload_t *) sa_payload;
 }
@@ -466,13 +446,6 @@ static void destroy(private_responder_init_t *this)
        
        /* destroy stored proposal */
        this->logger->log(this->logger, CONTROL | MOST, "Destroy stored proposals");
-       while (this->proposals->get_count(this->proposals) > 0)
-       {
-               proposal_substructure_t *current_proposal;
-               this->proposals->remove_first(this->proposals,(void **)&current_proposal);
-               current_proposal->destroy(current_proposal);
-       }
-       this->proposals->destroy(this->proposals);
        
        allocator_free(this->sent_nonce.ptr);
        allocator_free(this->received_nonce.ptr);
@@ -493,13 +466,6 @@ static void destroy_after_state_change (private_responder_init_t *this)
        
        /* destroy stored proposal */
        this->logger->log(this->logger, CONTROL | MOST, "Destroy stored proposals");
-       while (this->proposals->get_count(this->proposals) > 0)
-       {
-               proposal_substructure_t *current_proposal;
-               this->proposals->remove_first(this->proposals,(void **)&current_proposal);
-               current_proposal->destroy(current_proposal);
-       }
-       this->proposals->destroy(this->proposals);
        
        /* destroy diffie hellman object */
        if (this->diffie_hellman != NULL)
@@ -534,7 +500,6 @@ responder_init_t *responder_init_create(protected_ike_sa_t *ike_sa)
        this->logger = this->ike_sa->get_logger(this->ike_sa);
        this->sent_nonce = CHUNK_INITIALIZER;
        this->received_nonce = CHUNK_INITIALIZER;
-       this->proposals = linked_list_create();
 
        return &(this->public);
 }
index 270d962..124ae46 100644 (file)
@@ -81,6 +81,25 @@ static char *get_string(private_identification_t *this)
 }
 
 /**
+ * Implementation of identification_t.equals.
+ */
+static bool equals (private_identification_t *this,private_identification_t *other)
+{
+       if (this->type == other->type)
+       {
+               if (this->encoded.len != other->encoded.len)
+               {
+                       return FALSE;
+               }
+               if (memcmp(this->encoded.ptr,other->encoded.ptr,this->encoded.len) == 0)
+               {
+                       return TRUE;
+               }
+       }
+       return FALSE;
+}
+
+/**
  * implements identification_t.destroy
  */
 static void destroy(private_identification_t *this)
@@ -99,6 +118,7 @@ static private_identification_t *identification_create()
        private_identification_t *this = allocator_alloc_thing(private_identification_t);
        
        /* assign methods */
+       this->public.equals = (bool (*) (identification_t*,identification_t*))equals;
        this->public.get_encoding = (chunk_t (*) (identification_t*))get_encoding;
        this->public.get_type = (id_type_t (*) (identification_t*))get_type;
        this->public.get_string = (char* (*) (identification_t*))get_string;
index 54e4e02..0231721 100644 (file)
@@ -76,6 +76,16 @@ struct identification_t {
         * @return                      string
         */
        char *(*get_string) (identification_t *this);
+       
+       /**
+        * @brief Check if two identification_t objects are equal.
+        * 
+        * @param this          the identification_t_object
+        * @param other         other identification_t_object
+        * @return                      string
+        */
+       bool (*equals) (identification_t *this,identification_t *other);
+
 
        /**
         * @brief Destroys a identification_t object.
index d030d5c..cd73e8a 100644 (file)
@@ -150,6 +150,7 @@ static logger_t *create_logger(private_logger_manager_t *this, logger_context_t
                case MESSAGE:
                case WORKER:
                        logger_level |= ALL;
+                       break;
                case PARSER:
                case GENERATOR:
                case THREAD_POOL: