- fixed alot of bugs in child_proposal
authorMartin Willi <martin@strongswan.org>
Wed, 8 Feb 2006 15:25:34 +0000 (15:25 -0000)
committerMartin Willi <martin@strongswan.org>
Wed, 8 Feb 2006 15:25:34 +0000 (15:25 -0000)
- near to working state ;-)

29 files changed:
Source/charon/config/child_proposal.c [new file with mode: 0644]
Source/charon/config/child_proposal.h [new file with mode: 0644]
Source/charon/config/child_proposal.o [new file with mode: 0644]
Source/charon/config/configuration_manager.c
Source/charon/config/sa_config.c
Source/charon/config/sa_config.h
Source/charon/daemon.h
Source/charon/definitions.h
Source/charon/encoding/message.c
Source/charon/encoding/parser.c
Source/charon/encoding/payloads/encryption_payload.c
Source/charon/encoding/payloads/proposal_substructure.c
Source/charon/encoding/payloads/proposal_substructure.h
Source/charon/encoding/payloads/sa_payload.c
Source/charon/encoding/payloads/sa_payload.h
Source/charon/encoding/payloads/transform_substructure.c
Source/charon/network/socket.c
Source/charon/sa/states/ike_auth_requested.c
Source/charon/sa/states/ike_sa_init_requested.c
Source/charon/sa/states/ike_sa_init_responded.c
Source/charon/testcases/Makefile.testcases
Source/charon/testcases/child_proposal_test.c [new file with mode: 0644]
Source/charon/testcases/child_proposal_test.h [new file with mode: 0644]
Source/charon/testcases/generator_test.c
Source/charon/testcases/parser_test.c
Source/charon/testcases/sa_config_test.c
Source/charon/testcases/testcases.c
Source/charon/utils/linked_list.c
Source/charon/utils/linked_list.h

diff --git a/Source/charon/config/child_proposal.c b/Source/charon/config/child_proposal.c
new file mode 100644 (file)
index 0000000..391c321
--- /dev/null
@@ -0,0 +1,541 @@
+/**
+ * @file child_proposal.c
+ * 
+ * @brief Implementation of child_proposal_t.
+ * 
+ */
+
+/*
+ * Copyright (C) 2006 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "child_proposal.h"
+
+#include <utils/linked_list.h>
+#include <utils/allocator.h>
+#include <utils/identification.h>
+#include <utils/logger.h>
+
+
+/** 
+ * String mappings for protocol_id_t.
+ */
+mapping_t protocol_id_m[] = {
+       {UNDEFINED_PROTOCOL_ID, "UNDEFINED_PROTOCOL_ID"},
+       {IKE, "IKE"},
+       {AH, "AH"},
+       {ESP, "ESP"},
+       {MAPPING_END, NULL}
+};
+
+/** 
+ * String mappings for transform_type_t.
+ */
+mapping_t transform_type_m[] = {
+       {UNDEFINED_TRANSFORM_TYPE, "UNDEFINED_TRANSFORM_TYPE"},
+       {ENCRYPTION_ALGORITHM, "ENCRYPTION_ALGORITHM"},
+       {PSEUDO_RANDOM_FUNCTION, "PSEUDO_RANDOM_FUNCTION"},
+       {INTEGRITY_ALGORITHM, "INTEGRITY_ALGORITHM"},
+       {DIFFIE_HELLMAN_GROUP, "DIFFIE_HELLMAN_GROUP"},
+       {EXTENDED_SEQUENCE_NUMBERS, "EXTENDED_SEQUENCE_NUMBERS"},
+       {MAPPING_END, NULL}
+};
+
+/** 
+ * String mappings for extended_sequence_numbers_t.
+ */
+mapping_t extended_sequence_numbers_m[] = {
+       {NO_EXT_SEQ_NUMBERS, "NO_EXT_SEQ_NUMBERS"},
+       {EXT_SEQ_NUMBERS, "EXT_SEQ_NUMBERS"},
+       {MAPPING_END, NULL}
+};
+
+
+typedef struct protocol_proposal_t protocol_proposal_t;
+
+/**
+ * substructure which holds all data algos for a specific protocol
+ */
+struct protocol_proposal_t {
+       /**
+        * protocol (ESP or AH)
+        */
+       protocol_id_t protocol;
+       
+       /**
+        * priority ordered list of encryption algorithms
+        */
+       linked_list_t *encryption_algos;
+       
+       /**
+        * priority ordered list of integrity algorithms
+        */
+       linked_list_t *integrity_algos;
+       
+       /**
+        * priority ordered list of pseudo random functions
+        */
+       linked_list_t *prf_algos;
+       
+       /**
+        * priority ordered list of dh groups
+        */
+       linked_list_t *dh_groups;
+       
+       /**
+        * priority ordered list of extended sequence number flags
+       */
+       linked_list_t *esns;
+       
+       /** 
+        * senders SPI
+        */
+       chunk_t spi;
+};
+
+
+typedef struct private_child_proposal_t private_child_proposal_t;
+
+/**
+ * Private data of an child_proposal_t object
+ */
+struct private_child_proposal_t {
+
+       /**
+        * Public part
+        */
+       child_proposal_t public;
+       
+       /**
+        * number of this proposal, as used in the payload
+        */
+       u_int8_t number;
+       
+       /**
+        * list of protocol_proposal_t's
+        */
+       linked_list_t *protocol_proposals;
+};
+
+/**
+ * Look up a protocol_proposal, or create one if necessary...
+ */
+static protocol_proposal_t *get_protocol_proposal(private_child_proposal_t *this, protocol_id_t proto, bool create)
+{
+       protocol_proposal_t *proto_proposal = NULL, *current_proto_proposal;;
+       iterator_t *iterator;
+        
+       /* find our protocol in the proposals */
+       iterator = this->protocol_proposals->create_iterator(this->protocol_proposals, TRUE);
+       while (iterator->has_next(iterator))
+       {
+               iterator->current(iterator, (void**)&current_proto_proposal);
+               if (current_proto_proposal->protocol == proto)
+               {
+                       proto_proposal = current_proto_proposal;
+                       break;
+               }
+       }
+       iterator->destroy(iterator);
+
+       if (!proto_proposal && create)
+       {
+               /* nope, create a new one */
+               proto_proposal = allocator_alloc_thing(protocol_proposal_t);
+               proto_proposal->protocol = proto;
+               proto_proposal->encryption_algos = linked_list_create();
+               proto_proposal->integrity_algos = linked_list_create();
+               proto_proposal->prf_algos = linked_list_create();
+               proto_proposal->dh_groups = linked_list_create();
+               proto_proposal->esns = linked_list_create();
+               if (proto == IKE)
+               {
+                       proto_proposal->spi.len = 8;
+               }
+               else
+               {
+                       proto_proposal->spi.len = 4;
+               }
+               proto_proposal->spi.ptr = allocator_alloc(proto_proposal->spi.len);
+               /* add to the list */
+               this->protocol_proposals->insert_last(this->protocol_proposals, (void*)proto_proposal);
+       }
+       return proto_proposal;
+}
+
+/**
+ * Add algorithm/keysize to a algorithm list
+ */
+static void add_algo(linked_list_t *list, u_int8_t algo, size_t key_size)
+{
+       algorithm_t *algo_key = allocator_alloc_thing(algorithm_t);
+       
+       algo_key->algorithm = algo;
+       algo_key->key_size = key_size;
+       list->insert_last(list, (void*)algo_key);
+}
+
+/**
+ * Implements child_proposal_t.add_algorithm
+ */
+static void add_algorithm(private_child_proposal_t *this, protocol_id_t proto, transform_type_t type, u_int16_t algo, size_t key_size)
+{
+       protocol_proposal_t *proto_proposal = get_protocol_proposal(this, proto, TRUE);
+       
+       switch (type)
+       {
+               case ENCRYPTION_ALGORITHM:
+                       add_algo(proto_proposal->encryption_algos, algo, key_size);
+                       break;
+               case INTEGRITY_ALGORITHM:
+                       add_algo(proto_proposal->integrity_algos, algo, key_size);
+                       break;
+               case PSEUDO_RANDOM_FUNCTION:
+                       add_algo(proto_proposal->prf_algos, algo, key_size);
+                       break;
+               case DIFFIE_HELLMAN_GROUP:
+                       add_algo(proto_proposal->dh_groups, algo, 0);
+                       break;
+               case EXTENDED_SEQUENCE_NUMBERS:
+                       add_algo(proto_proposal->esns, algo, 0);
+                       break;
+               default:
+                       break;
+       }
+}
+
+/**
+ * Implements child_proposal_t.create_algorithm_iterator.
+ */
+static iterator_t *create_algorithm_iterator(private_child_proposal_t *this, protocol_id_t proto, transform_type_t type)
+{
+       protocol_proposal_t *proto_proposal = get_protocol_proposal(this, proto, FALSE);
+       if (proto_proposal == NULL)
+       {
+               return NULL;
+       }       
+       
+       switch (type)
+       {
+               case ENCRYPTION_ALGORITHM:
+                       return proto_proposal->encryption_algos->create_iterator(proto_proposal->encryption_algos, TRUE);
+               case INTEGRITY_ALGORITHM:
+                       return proto_proposal->integrity_algos->create_iterator(proto_proposal->integrity_algos, TRUE);
+               case PSEUDO_RANDOM_FUNCTION:
+                       return proto_proposal->prf_algos->create_iterator(proto_proposal->prf_algos, TRUE);
+               case DIFFIE_HELLMAN_GROUP:
+                       return proto_proposal->dh_groups->create_iterator(proto_proposal->dh_groups, TRUE);
+               case EXTENDED_SEQUENCE_NUMBERS:
+                       return proto_proposal->esns->create_iterator(proto_proposal->esns, TRUE);
+               default:
+                       break;
+       }
+       return NULL;
+       
+}
+
+/**
+ * Find a matching alg/keysize in two linked lists
+ */
+static bool select_algo(linked_list_t *first, linked_list_t *second, u_int16_t *alg, size_t *key_size)
+{
+       iterator_t *first_iter, *second_iter;
+       algorithm_t *first_alg, *second_alg;
+       
+       /* if in both are zero algorithms specified, we HAVE a match */
+       if (first->get_count(first) == 0 && second->get_count(second) == 0)
+       {
+               *alg = 0;
+               return TRUE;
+       }
+       
+       first_iter = first->create_iterator(first, TRUE);
+       second_iter = second->create_iterator(second, TRUE);
+       /* compare algs, order of algs in "first" is preferred */
+       while (first_iter->has_next(first_iter))
+       {
+               first_iter->current(first_iter, (void**)&first_alg);
+               second_iter->reset(second_iter);
+               while (second_iter->has_next(second_iter))
+               {
+                       second_iter->current(second_iter, (void**)&second_alg);
+                       if (first_alg->algorithm == second_alg->algorithm &&
+                               first_alg->key_size == second_alg->key_size)
+                       {
+                               /* ok, we have an algorithm */
+                               *alg = first_alg->algorithm;
+                               *key_size = first_alg->key_size;
+                               first_iter->destroy(first_iter);
+                               second_iter->destroy(second_iter);
+                               return TRUE;
+                       }
+               }
+       }
+       /* no match in all comparisons */
+       first_iter->destroy(first_iter);
+       second_iter->destroy(second_iter);
+       return FALSE;
+}
+
+/**
+ * Implements child_proposal_t.select.
+ */
+static child_proposal_t *select_proposal(private_child_proposal_t *this, private_child_proposal_t *other)
+{
+       child_proposal_t *selected;
+       u_int16_t algo;
+       size_t key_size;
+       iterator_t *iterator;
+       protocol_proposal_t *this_prop, *other_prop;
+       protocol_id_t proto;
+       
+       /* empty proposal? no match */
+       if (this->protocol_proposals->get_count(this->protocol_proposals) == 0 ||
+               other->protocol_proposals->get_count(other->protocol_proposals) == 0)
+       {
+               return NULL;
+       }
+       /* they MUST have the same amount of protocols */
+       if (this->protocol_proposals->get_count(this->protocol_proposals) !=
+               other->protocol_proposals->get_count(other->protocol_proposals))
+       {
+               return NULL;
+       }
+       
+       selected = child_proposal_create(this->number);
+       
+       /* iterate over supplied proposals */
+       iterator = other->protocol_proposals->create_iterator(other->protocol_proposals, TRUE);
+       while (iterator->has_next(iterator))
+       {
+               iterator->current(iterator, (void**)&other_prop);
+               /* get the proposal with the same protocol */
+               proto = other_prop->protocol;
+               this_prop = get_protocol_proposal(this, proto, FALSE);
+               
+               if (this_prop == NULL)
+               {
+                       iterator->destroy(iterator);
+                       selected->destroy(selected);
+                       return NULL;
+               }
+               
+               /* select encryption algorithm */
+               if (select_algo(this_prop->encryption_algos, other_prop->encryption_algos, &algo, &key_size))
+               {
+                       if (algo)
+                       {
+                               selected->add_algorithm(selected, proto, ENCRYPTION_ALGORITHM, algo, key_size);
+                       }
+               }
+               else
+               {
+                       iterator->destroy(iterator);
+                       selected->destroy(selected);
+                       return NULL;
+               }
+               /* select integrity algorithm */
+               if (select_algo(this_prop->integrity_algos, other_prop->integrity_algos, &algo, &key_size))
+               {
+                       if (algo)
+                       {
+                               selected->add_algorithm(selected, proto, INTEGRITY_ALGORITHM, algo, key_size);
+                       }
+               }
+               else
+               {
+                       iterator->destroy(iterator);
+                       selected->destroy(selected);
+                       return NULL;
+               }
+               /* select prf algorithm */
+               if (select_algo(this_prop->prf_algos, other_prop->prf_algos, &algo, &key_size))
+               {
+                       if (algo)
+                       {
+                               selected->add_algorithm(selected, proto, PSEUDO_RANDOM_FUNCTION, algo, key_size);
+                       }
+               }
+               else
+               {
+                       iterator->destroy(iterator);
+                       selected->destroy(selected);
+                       return NULL;
+               }
+               /* select a DH-group */
+               if (select_algo(this_prop->dh_groups, other_prop->dh_groups, &algo, &key_size))
+               {
+                       if (algo)
+                       {
+                               selected->add_algorithm(selected, proto, DIFFIE_HELLMAN_GROUP, algo, 0);
+                       }
+               }
+               else
+               {
+                       iterator->destroy(iterator);
+                       selected->destroy(selected);
+                       return NULL;
+               }
+               /* select if we use ESNs */
+               if (select_algo(this_prop->esns, other_prop->esns, &algo, &key_size))
+               {
+                       if (algo)
+                       {
+                               selected->add_algorithm(selected, proto, EXTENDED_SEQUENCE_NUMBERS, algo, 0);
+                       }
+               }
+               else
+               {
+                       iterator->destroy(iterator);
+                       selected->destroy(selected);
+                       return NULL;
+               }
+       }
+       iterator->destroy(iterator);
+       /* everything matched, return new proposal */
+       return selected;
+}
+
+/**
+ * Implements child_proposal_t.get_number.
+ */
+static u_int8_t get_number(private_child_proposal_t *this)
+{
+       return this->number;
+}
+
+/**
+ * Implements child_proposal_t.get_protocols.
+ */
+static void get_protocols(private_child_proposal_t *this, protocol_id_t ids[2])
+{
+       iterator_t *iterator = this->protocol_proposals->create_iterator(this->protocol_proposals, TRUE);
+       u_int i = 0;
+       
+       ids[0] = UNDEFINED_PROTOCOL_ID;
+       ids[1] = UNDEFINED_PROTOCOL_ID;
+       while (iterator->has_next(iterator))
+       {
+               protocol_proposal_t *proto_prop;
+               iterator->current(iterator, (void**)&proto_prop);
+               ids[i++] = proto_prop->protocol;
+               if (i>1)
+               {
+                       /* should not happen, but who knows */
+                       return;
+               }
+       }
+}
+
+/**
+ * Implements child_proposal_t.set_spi.
+ */
+static void set_spi(private_child_proposal_t *this, protocol_id_t proto, u_int64_t spi)
+{
+       protocol_proposal_t *proto_proposal = get_protocol_proposal(this, proto, FALSE);
+       if (proto_proposal)
+       {
+               if (proto == IKE)
+               {
+                       *((u_int32_t*)proto_proposal->spi.ptr) = (u_int32_t)spi;
+               }
+               else
+               {
+                       *((u_int64_t*)proto_proposal->spi.ptr) = spi;
+               }
+               
+       }
+}
+
+/**
+ * Implements child_proposal_t.get_spi.
+ */
+static u_int64_t get_spi(private_child_proposal_t *this, protocol_id_t proto)
+{
+       protocol_proposal_t *proto_proposal = get_protocol_proposal(this, proto, FALSE);
+       if (proto_proposal)
+       {
+               if (proto == IKE)
+               {
+                       return (u_int64_t)*((u_int32_t*)proto_proposal->spi.ptr);
+               }
+               else
+               {
+                       return *((u_int64_t*)proto_proposal->spi.ptr);
+               }
+       }
+       return 0;
+}
+
+/**
+ * Frees all list items and destroys the list
+ */
+static void free_algo_list(linked_list_t *list)
+{
+       algorithm_t *algo;
+       
+       while(list->get_count(list) > 0)
+       {
+               list->remove_last(list, (void**)&algo);
+               allocator_free(algo);
+       }
+       list->destroy(list);
+}
+
+/**
+ * Implements child_proposal_t.destroy.
+ */
+static void destroy(private_child_proposal_t *this)
+{
+       while(this->protocol_proposals->get_count(this->protocol_proposals) > 0)
+       {
+               protocol_proposal_t *proto_prop;
+               this->protocol_proposals->remove_last(this->protocol_proposals, (void**)&proto_prop);
+               
+               free_algo_list(proto_prop->encryption_algos);
+               free_algo_list(proto_prop->integrity_algos);
+               free_algo_list(proto_prop->prf_algos);
+               free_algo_list(proto_prop->dh_groups);
+               free_algo_list(proto_prop->esns);
+               
+               allocator_free(proto_prop->spi.ptr);
+               allocator_free(proto_prop);
+       }
+       this->protocol_proposals->destroy(this->protocol_proposals);
+       
+       allocator_free(this);
+}
+
+/*
+ * Describtion in header-file
+ */
+child_proposal_t *child_proposal_create(u_int8_t number)
+{
+       private_child_proposal_t *this = allocator_alloc_thing(private_child_proposal_t);
+       
+       this->public.add_algorithm = (void (*)(child_proposal_t*,protocol_id_t,transform_type_t,u_int16_t,size_t))add_algorithm;
+       this->public.create_algorithm_iterator = (iterator_t* (*)(child_proposal_t*,protocol_id_t,transform_type_t))create_algorithm_iterator;
+       this->public.select = (child_proposal_t* (*)(child_proposal_t*,child_proposal_t*))select_proposal;
+       this->public.get_number = (u_int8_t (*)(child_proposal_t*))get_number;
+       this->public.get_protocols = (void(*)(child_proposal_t *this, protocol_id_t ids[2]))get_protocols;
+       this->public.set_spi = (void(*)(child_proposal_t*,protocol_id_t,u_int64_t spi))set_spi;
+       this->public.get_spi = (u_int64_t(*)(child_proposal_t*,protocol_id_t))get_spi;
+       this->public.destroy = (void(*)(child_proposal_t*))destroy;
+       
+       /* init private members*/
+       this->number = number;
+       this->protocol_proposals = linked_list_create();
+       
+       return (&this->public);
+}
diff --git a/Source/charon/config/child_proposal.h b/Source/charon/config/child_proposal.h
new file mode 100644 (file)
index 0000000..d9e483e
--- /dev/null
@@ -0,0 +1,239 @@
+/**
+ * @file child_proposal.h
+ * 
+ * @brief Interface of child_proposal_t.
+ *
+ */
+
+/*
+ * Copyright (C) 2006 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#ifndef _CHILD_PROPOSAL_H_
+#define _CHILD_PROPOSAL_H_
+
+#include <types.h>
+#include <utils/identification.h>
+#include <utils/linked_list.h>
+#include <network/host.h>
+#include <transforms/crypters/crypter.h>
+#include <transforms/signers/signer.h>
+#include <transforms/diffie_hellman.h>
+#include <config/traffic_selector.h>
+
+
+typedef enum protocol_id_t protocol_id_t;
+
+/**
+ * Protocol ID of a proposal.
+ * 
+ * @ingroup config
+ */
+enum protocol_id_t {
+       UNDEFINED_PROTOCOL_ID = 201,
+       IKE = 1,
+       AH = 2,
+       ESP = 3,
+};
+
+/** 
+ * String mappings for protocol_id_t.
+ * 
+ * @ingroup config
+ */
+extern mapping_t protocol_id_m[];
+
+
+typedef enum transform_type_t transform_type_t;
+
+/**
+ * Type of a transform, as in IKEv2 draft 3.3.2.
+ * 
+ * @ingroup payloads
+ */
+enum transform_type_t {
+       UNDEFINED_TRANSFORM_TYPE = 241,
+       ENCRYPTION_ALGORITHM = 1,
+       PSEUDO_RANDOM_FUNCTION = 2,
+       INTEGRITY_ALGORITHM = 3,
+       DIFFIE_HELLMAN_GROUP = 4,
+       EXTENDED_SEQUENCE_NUMBERS = 5
+};
+
+/** 
+ * String mappings for transform_type_t.
+ * 
+ * @ingroup payloads
+ */
+extern mapping_t transform_type_m[];
+
+
+typedef enum extended_sequence_numbers_t extended_sequence_numbers_t;
+
+/** 
+ * Extended sequence numbers, as in IKEv2 draft 3.3.2.
+ * 
+ * @ingroup payloads
+ */
+enum extended_sequence_numbers_t {
+       NO_EXT_SEQ_NUMBERS = 0,
+       EXT_SEQ_NUMBERS = 1
+};
+
+/** 
+ * String mappings for extended_sequence_numbers_t.
+ * 
+ * @ingroup payloads
+ */
+extern mapping_t extended_sequence_numbers_m[];
+
+
+typedef struct algorithm_t algorithm_t;
+
+/**
+ * Struct used to store different kinds of algorithms. The internal
+ * lists of algorithms contain such structures.
+ */
+struct algorithm_t {
+       /**
+        * Value from an encryption_algorithm_t/integrity_algorithm_t/...
+        */
+       u_int16_t algorithm;
+       
+       /**
+        * the associated key size, or zero if not needed
+        */
+       u_int16_t key_size;
+};
+
+typedef struct child_proposal_t child_proposal_t;
+
+/**
+ * @brief Stores a proposal for a child SA.
+ * 
+ * A child_proposal may contain more than one algorithm
+ * of the same kind. ONE of them can be selected.
+ *
+ * @warning This class is NOT thread-save!
+ * 
+ * @b Constructors:
+ *   - child_proposal_create()
+ * 
+ * @ingroup config
+ */
+struct child_proposal_t {
+       
+       /**
+        * @brief Add an algorithm to the proposal.
+        * 
+        * The algorithms are stored by priority, first added
+        * is the most preferred.
+        * Key size is only needed for encryption algorithms
+        * with variable key size (such as AES), or integrity
+        * algorithms.
+        * The alg parameter accepts encryption_algorithm_t,
+        * integrity_algorithm_t, dh_group_number_t and
+        * extended_sequence_numbers_t.
+        * 
+        * @warning Do not add while other threads are reading.
+        * 
+        * @param this                                  calling object
+        * @param proto                                 desired protocol
+        * @param type                                  kind of algorithm
+        * @param alg                                   identifier for algorithm
+        * @param key_size                              key size to use
+        */
+       void (*add_algorithm) (child_proposal_t *this, protocol_id_t proto, transform_type_t type, u_int16_t alg, size_t key_size);
+       
+       /**
+        * @brief Get an iterator over algorithms for a specifc protocol/algo type.
+        * 
+        * @param this                                  calling object
+        * @param proto                                 desired protocol
+        * @param type                                  kind of algorithm
+        * @return                                              iterator over algorithms
+        */
+       iterator_t *(*create_algorithm_iterator) (child_proposal_t *this, protocol_id_t proto, transform_type_t type);
+
+       /**
+        * @brief Compare two proposal, and select a matching subset.
+        * 
+        * If the proposals are for the same protocols (AH/ESP), they are
+        * compared. If they have at least one algorithm of each type
+        * in common, a resulting proposal of this kind is created.
+        * 
+        * @param this                                  calling object
+        * @param other                                 proposal to compair agains
+        * @return                                              
+        *                                                              - selected proposal, if possible
+        *                                                              - NULL, if proposals don't match
+        */
+       child_proposal_t *(*select) (child_proposal_t *this, child_proposal_t *other);
+       
+       /**
+        * @brief Get the number set on construction.
+        * 
+        * @param this                          calling object
+        * @return                                      number
+        */
+       u_int8_t (*get_number) (child_proposal_t *this);
+       
+       /**
+        * @brief Get the protocol ids in the proposals.
+        * 
+        * With AH and ESP, there could be two protocols in one
+        * proposal.
+        * 
+        * @param this                          calling object
+        * @param ids                           array of protocol ids, 
+        */
+       void (*get_protocols) (child_proposal_t *this, protocol_id_t ids[2]);
+       
+       /**
+        * @brief Get the spi for a specific protocol.
+        * 
+        * @param this                          calling object
+        * @param proto                         AH/ESP
+        * @return                                      spi for proto
+        */
+       u_int64_t (*get_spi) (child_proposal_t *this, protocol_id_t proto);
+       
+       /**
+        * @brief Set the spi for a specific protocol.
+        * 
+        * @param this                          calling object
+        * @param proto                         AH/ESP
+        * @param spi                           spi to set for proto
+        */
+       void (*set_spi) (child_proposal_t *this, protocol_id_t proto, u_int64_t spi);
+       
+       /**
+        * @brief Destroys the proposal object.
+        * 
+        * @param this                          calling object
+        */
+       void (*destroy) (child_proposal_t *this);
+};
+
+/**
+ * @brief Create a child proposal for AH and/or ESP.
+ * 
+ * @param number                       number of the proposal, as in the payload
+ * @return                                     child_proposal_t object
+ * 
+ * @ingroup config
+ */
+child_proposal_t *child_proposal_create(u_int8_t number);
+
+#endif //_CHILD_PROPOSAL_H_
diff --git a/Source/charon/config/child_proposal.o b/Source/charon/config/child_proposal.o
new file mode 100644 (file)
index 0000000..8399232
Binary files /dev/null and b/Source/charon/config/child_proposal.o differ
index f4873fa..fa27ba3 100644 (file)
@@ -274,126 +274,59 @@ u_int8_t private_key_2[];
  */
 static void load_default_config (private_configuration_manager_t *this)
 {
-       init_config_t *init_config1, *init_config2, *init_config3, *init_config4, *init_config5;
-       ike_proposal_t proposals[4];
+       init_config_t *init_config;
+       ike_proposal_t proposals;
        child_proposal_t *child_proposal;
-       sa_config_t *sa_config1, *sa_config2, *sa_config3, *sa_config4, *sa_config5;
+       sa_config_t *sa_config;
        traffic_selector_t *ts;
        
-       init_config1 = init_config_create("0.0.0.0","192.168.1.1",IKEV2_UDP_PORT,IKEV2_UDP_PORT);
-       init_config2 = init_config_create("0.0.0.0","192.168.1.2",IKEV2_UDP_PORT,IKEV2_UDP_PORT);
-       init_config3 = init_config_create("0.0.0.0","127.0.0.1",IKEV2_UDP_PORT,IKEV2_UDP_PORT);
-       init_config4 = init_config_create("0.0.0.0","127.0.0.1",IKEV2_UDP_PORT,IKEV2_UDP_PORT);
-       init_config5 = init_config_create("0.0.0.0","192.168.1.2",IKEV2_UDP_PORT,IKEV2_UDP_PORT);
+       init_config = init_config_create("0.0.0.0","127.0.0.1",IKEV2_UDP_PORT,IKEV2_UDP_PORT);
+       
        ts = traffic_selector_create_from_string(1, TS_IPV4_ADDR_RANGE, "0.0.0.0", 0, "255.255.255.255", 65535);
        
+       proposals.encryption_algorithm = ENCR_AES_CBC;
+       proposals.encryption_algorithm_key_length = 16;
+       proposals.integrity_algorithm = AUTH_HMAC_MD5_96;
+       proposals.integrity_algorithm_key_length = 16;
+       proposals.pseudo_random_function = PRF_HMAC_MD5;
+       proposals.pseudo_random_function_key_length = 16;
+       proposals.diffie_hellman_group = MODP_1024_BIT;
 
-       proposals[0].encryption_algorithm = ENCR_AES_CBC;
-       proposals[0].encryption_algorithm_key_length = 16;
-       proposals[0].integrity_algorithm = AUTH_HMAC_MD5_96;
-       proposals[0].integrity_algorithm_key_length = 16;
-       proposals[0].pseudo_random_function = PRF_HMAC_MD5;
-       proposals[0].pseudo_random_function_key_length = 16;
-       proposals[0].diffie_hellman_group = MODP_1024_BIT;
-       
-       proposals[1] = proposals[0];
-       proposals[1].integrity_algorithm = AUTH_HMAC_SHA1_96;
-       proposals[1].integrity_algorithm_key_length = 20;
-       proposals[1].pseudo_random_function = PRF_HMAC_SHA1;
-       proposals[1].pseudo_random_function_key_length = 20;
-       proposals[1].diffie_hellman_group = MODP_2048_BIT;
-       
-       
-       proposals[2] = proposals[1];
-       proposals[2].diffie_hellman_group = MODP_4096_BIT;
-       proposals[3] = proposals[1];
-       proposals[3].diffie_hellman_group = MODP_2048_BIT;
-
-       init_config1->add_proposal(init_config1,1,proposals[1]);
-       init_config1->add_proposal(init_config1,1,proposals[0]);
-       init_config2->add_proposal(init_config2,1,proposals[1]);
-       init_config2->add_proposal(init_config2,1,proposals[0]);
-       init_config3->add_proposal(init_config3,1,proposals[1]);
-       init_config3->add_proposal(init_config3,1,proposals[0]);
-       init_config4->add_proposal(init_config4,1,proposals[3]);
-       init_config4->add_proposal(init_config4,1,proposals[2]);
-       init_config5->add_proposal(init_config5,1,proposals[3]);
-       init_config5->add_proposal(init_config5,1,proposals[2]);
-       
-       sa_config1 = sa_config_create(ID_IPV4_ADDR, "192.168.1.2", 
-                                                                 ID_IPV4_ADDR, "192.168.1.1",
-                                                                 SHARED_KEY_MESSAGE_INTEGRITY_CODE,
-                                                                 30000);
-                                                                 
-       sa_config1->add_traffic_selector_initiator(sa_config1,ts);
-       sa_config1->add_traffic_selector_responder(sa_config1,ts);
-
-       sa_config2 = sa_config_create(ID_IPV4_ADDR, "192.168.1.1", 
-                                                                 ID_IPV4_ADDR, "192.168.1.2",
-                                                                 SHARED_KEY_MESSAGE_INTEGRITY_CODE,
-                                                                 30000);
-
-       sa_config2->add_traffic_selector_initiator(sa_config2,ts);
-       sa_config2->add_traffic_selector_responder(sa_config2,ts);
+       init_config->add_proposal(init_config,1,proposals);
                                                                  
-       sa_config3 = sa_config_create(ID_IPV4_ADDR, "192.168.1.1", 
-                                                                 ID_IPV4_ADDR, "192.168.1.2",
-                                                                 SHARED_KEY_MESSAGE_INTEGRITY_CODE,
-                                                                 30000);
+       sa_config = sa_config_create(ID_IPV4_ADDR, "127.0.0.1", 
+                                                                ID_IPV4_ADDR, "127.0.0.1",
+                                                                RSA_DIGITAL_SIGNATURE,
+                                                                30000);
 
-       sa_config3->add_traffic_selector_initiator(sa_config3,ts);
-       sa_config3->add_traffic_selector_responder(sa_config3,ts);
-                                                                 
-       sa_config4 = sa_config_create(ID_IPV4_ADDR, "127.0.0.1", 
-                                                                 ID_IPV4_ADDR, "127.0.0.1",
-                                                                 RSA_DIGITAL_SIGNATURE,
-                                                                 30000);
-
-       sa_config4->add_traffic_selector_initiator(sa_config4,ts);
-       sa_config4->add_traffic_selector_responder(sa_config4,ts);
-       
-       sa_config5 = sa_config_create(ID_IPV4_ADDR, "192.168.1.1", 
-                                                                 ID_IPV4_ADDR, "192.168.1.2",
-                                                                 RSA_DIGITAL_SIGNATURE,
-                                                                 30000);
-
-       sa_config5->add_traffic_selector_initiator(sa_config5,ts);
-       sa_config5->add_traffic_selector_responder(sa_config5,ts);
+       sa_config->add_traffic_selector_initiator(sa_config,ts);
+       sa_config->add_traffic_selector_responder(sa_config,ts);
        
        ts->destroy(ts);
        
        /* ah and esp prop */
-       child_proposal->add_algorithm(child_proposal, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
-       child_proposal->add_algorithm(child_proposal, AH, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
-       child_proposal->add_algorithm(child_proposal, AH, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
+       child_proposal = child_proposal_create(1);
+       
+       //child_proposal->add_algorithm(child_proposal, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
+       //child_proposal->add_algorithm(child_proposal, AH, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
+       //child_proposal->add_algorithm(child_proposal, AH, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
 
        child_proposal->add_algorithm(child_proposal, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
        child_proposal->add_algorithm(child_proposal, ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
-       child_proposal->add_algorithm(child_proposal, ESP, DIFFIE_HELLMAN_GROUP, MODP_UNDEFINED, 0);
+       child_proposal->add_algorithm(child_proposal, ESP, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
        child_proposal->add_algorithm(child_proposal, ESP, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
        
-       sa_config1->add_proposal(sa_config1, child_proposal);
-       sa_config2->add_proposal(sa_config2, child_proposal);
-       sa_config3->add_proposal(sa_config3, child_proposal);
-       sa_config5->add_proposal(sa_config5, child_proposal);
+       sa_config->add_proposal(sa_config, child_proposal);
 
-       this->add_new_configuration(this,"jan",init_config1,sa_config1);
-       this->add_new_configuration(this,"martin",init_config2,sa_config2);
-       this->add_new_configuration(this,"localhost-shared",init_config3,sa_config3);
-       this->add_new_configuration(this,"localhost-rsa",init_config3,sa_config4);
-       this->add_new_configuration(this,"localhost-bad_dh_group",init_config4, sa_config3);
-       this->add_new_configuration(this,"martin-bad_dh_group",init_config5, sa_config3);
-       this->add_new_configuration(this,"martin-rsa",init_config2, sa_config5);
+       this->add_new_configuration(this,"localhost",init_config,sa_config);
        
 
-       this->add_new_preshared_secret(this,ID_IPV4_ADDR, "192.168.1.2","verschluesselt");
-       this->add_new_preshared_secret(this,ID_IPV4_ADDR, "192.168.1.1","verschluesselt");
-       this->add_new_preshared_secret(this,ID_IPV4_ADDR, "127.0.0.1","verschluesselt");
+       //this->add_new_preshared_secret(this,ID_IPV4_ADDR, "192.168.1.2","verschluesselt");
        
        this->add_new_rsa_public_key(this,ID_IPV4_ADDR, "127.0.0.1", public_key_1, 256);
-       this->add_new_rsa_public_key(this,ID_IPV4_ADDR, "192.168.1.1", public_key_2, 256);
+       //this->add_new_rsa_public_key(this,ID_IPV4_ADDR, "192.168.1.1", public_key_2, 256);
        this->add_new_rsa_private_key(this,ID_IPV4_ADDR, "127.0.0.1", private_key_1, 1024);
-       this->add_new_rsa_private_key(this,ID_IPV4_ADDR, "192.168.1.1", private_key_2, 1024);
+       //this->add_new_rsa_private_key(this,ID_IPV4_ADDR, "192.168.1.1", private_key_2, 1024);
 }
 
 /**
index 1a21d0f..f098d17 100644 (file)
@@ -208,9 +208,9 @@ static size_t select_traffic_selectors(private_sa_config_t *this, linked_list_t
 /**
  * Implementation of sa_config_t.get_proposal_iterator
  */
-static iterator_t *create_proposal_iterator(private_sa_config_t *this)
+static linked_list_t *get_proposals(private_sa_config_t *this)
 {
-       return this->proposals->create_iterator(this->proposals, TRUE);
+       return this->proposals;
 }
 
 /**
@@ -334,7 +334,7 @@ sa_config_t *sa_config_create(id_type_t my_id_type, char *my_id, id_type_t other
        this->public.select_traffic_selectors_initiator = (size_t(*)(sa_config_t*,traffic_selector_t*[],size_t,traffic_selector_t**[]))select_traffic_selectors_initiator;
        this->public.get_traffic_selectors_responder = (size_t(*)(sa_config_t*,traffic_selector_t**[]))get_traffic_selectors_responder;
        this->public.select_traffic_selectors_responder = (size_t(*)(sa_config_t*,traffic_selector_t*[],size_t,traffic_selector_t**[]))select_traffic_selectors_responder;
-       this->public.create_proposal_iterator = (iterator_t*(*)(sa_config_t*))create_proposal_iterator;
+       this->public.get_proposals = (linked_list_t*(*)(sa_config_t*))get_proposals;
        this->public.select_proposal = (child_proposal_t*(*)(sa_config_t*,linked_list_t*))select_proposal;
        this->public.add_traffic_selector_initiator = (void(*)(sa_config_t*,traffic_selector_t*))add_traffic_selector_initiator;
        this->public.add_traffic_selector_responder = (void(*)(sa_config_t*,traffic_selector_t*))add_traffic_selector_responder;
index 0bfde77..fd19528 100644 (file)
@@ -154,15 +154,18 @@ struct sa_config_t {
        size_t (*select_traffic_selectors_responder) (sa_config_t *this, traffic_selector_t *supplied[], size_t count, traffic_selector_t **selected[]);
        
        /**
-        * @brief Get an iterator for the internally stored proposals.
+        * @brief Get the list of internally stored proposals.
         * 
-        * @warning Items are still owned by sa_config and MUST NOT
+        * Rembember: sa_config_t does store proposals for AH/ESP, 
+        * IKE proposals are in the init_config_t
+        * 
+        * @warning List and Items are still owned by sa_config and MUST NOT
         *                      be manipulated or freed!
         * 
         * @param this                                  calling object
-        * @return                                              iterator for the proposals
+        * @return                                              lists with proposals
         */
-       iterator_t *(*create_proposal_iterator) (sa_config_t *this);
+       linked_list_t *(*get_proposals) (sa_config_t *this);
        
        /**
         * @brief Select a proposal from a supplied list.
index cbe1ab0..0b474ea 100644 (file)
@@ -51,7 +51,7 @@
 /**
  * UDP Port on which the daemon will listen for incoming traffic.
  */
-#define IKEV2_UDP_PORT 500
+#define IKEV2_UDP_PORT 4501
 
 /**
  * @brief First retransmit timeout in milliseconds.
  */
 #define MAX_RETRANSMIT_COUNT 0
 
-
-/**
- * Max number of primes to precompute per prime type.
- */
-#define PRIME_PRE_COMPUTATION_LIMIT 5
-
 /**
  * @brief Default loglevel for every logger context.
  * 
  * This is the maximum allowed level for ever context, the definiton
  * of the context may be less verbose.
  */
-#define DEFAULT_LOGLEVEL CONTROL | ERROR | AUDIT
+#define DEFAULT_LOGLEVEL CONTROL | ERROR | AUDIT | FULL
 
 
 typedef struct daemon_t daemon_t;
index fe9a5cc..958b313 100644 (file)
 #define min(x,y) (x < y ? x : y)
 
 /**
+ * Debug macro to follow control flow
+ */
+#define POS printf("%s, line %d\n", __FILE__, __LINE__)
+
+/**
  * Papping entry which defines the end of a mapping_t array.
  */
 #define MAPPING_END (-1)
index 2aedf84..d11bacf 100644 (file)
@@ -759,6 +759,7 @@ static status_t parse_body(private_message_t *this, crypter_t *crypter, signer_t
                
                /* parse current payload */
                status = this->parser->parse_payload(this->parser,current_payload_type,(payload_t **) &current_payload);
+               
                if (status != SUCCESS)
                {
                        this->logger->log(this->logger, ERROR, "Payload type %s could not be parsed",
index 83643bf..49d4321 100644 (file)
@@ -998,8 +998,9 @@ static status_t parse_payload(private_parser_t *this, payload_type_t payload_typ
                rule++;
        }
        
-       *payload = pld;
-       
+       *payload = pld; 
+       this->logger->log(this->logger, CONTROL|LEVEL2, "parsing %s payload finished.", 
+                                         mapping_find(payload_type_m, payload_type));
        return SUCCESS;
 }
 
index 52918df..bd720ea 100644 (file)
@@ -554,7 +554,6 @@ static status_t parse(private_encryption_payload_t *this)
                        parser->destroy(parser);
                        return PARSE_ERROR;
                }
-               
 
                status = current_payload->verify(current_payload);
                if (status != SUCCESS)
index 00e0932..1f52281 100644 (file)
@@ -406,6 +406,33 @@ static size_t get_spi_size (private_proposal_substructure_t *this)
 }
 
 /**
+ * Implementation of proposal_substructure_t.add_to_child_proposal.
+ */
+void add_to_child_proposal(private_proposal_substructure_t *this, child_proposal_t *proposal)
+{
+       iterator_t *iterator = this->transforms->create_iterator(this->transforms, TRUE);
+       
+       proposal->set_spi(proposal, this->protocol_id, *((u_int32_t*)this->spi.ptr));
+       
+       while (iterator->has_next(iterator))
+       {
+               transform_substructure_t *transform;
+               transform_type_t transform_type;
+               u_int16_t transform_id;
+               u_int16_t key_length = 0;
+               
+               iterator->current(iterator, (void**)&transform);
+               
+               transform_type = transform->get_transform_type(transform);
+               transform_id = transform->get_transform_id(transform);
+               transform->get_key_length(transform, &key_length);
+               
+               proposal->add_algorithm(proposal, this->protocol_id, transform_type, transform_id, key_length);
+       }
+       iterator->destroy(iterator);
+}
+
+/**
  * Implementation of proposal_substructure_t.clone.
  */
 static private_proposal_substructure_t* clone(private_proposal_substructure_t *this)
@@ -498,7 +525,7 @@ proposal_substructure_t *proposal_substructure_create()
        this->public.get_protocol_id = (u_int8_t (*) (proposal_substructure_t *)) get_protocol_id;
        this->public.get_info_for_transform_type =      (status_t (*) (proposal_substructure_t *,transform_type_t,u_int16_t *, u_int16_t *))get_info_for_transform_type;
        this->public.set_is_last_proposal = (void (*) (proposal_substructure_t *,bool)) set_is_last_proposal;
-       
+       this->public.add_to_child_proposal = (void (*) (proposal_substructure_t*,child_proposal_t*))add_to_child_proposal;
        this->public.set_spi = (void (*) (proposal_substructure_t *,chunk_t))set_spi;
        this->public.get_spi = (chunk_t (*) (proposal_substructure_t *)) get_spi;
        this->public.get_transform_count = (size_t (*) (proposal_substructure_t *)) get_transform_count;
@@ -506,7 +533,6 @@ proposal_substructure_t *proposal_substructure_create()
        this->public.clone = (proposal_substructure_t * (*) (proposal_substructure_t *)) clone;
        this->public.destroy = (void (*) (proposal_substructure_t *)) destroy;
        
-       
        /* private functions */
        this->compute_length = compute_length;
        
@@ -528,25 +554,31 @@ proposal_substructure_t *proposal_substructure_create()
 /*
  * Described in header.
  */
-proposal_substructure_t *proposal_substructure_create_from_child_proposal(child_proposal_t *proposal, protocol_id_t *proto)
+proposal_substructure_t *proposal_substructure_create_from_child_proposal(child_proposal_t *proposal, protocol_id_t proto)
 {
        private_proposal_substructure_t *this = (private_proposal_substructure_t*)proposal_substructure_create();
        iterator_t *iterator;
        algorithm_t *algo;
        transform_substructure_t *transform;
        
+       /* take over general infos */
+       this->spi_size = proto == IKE ? 8 : 4;
+       this->spi.len = this->spi_size;
+       this->spi.ptr = allocator_alloc(this->spi_size);
+       *((u_int32_t*)this->spi.ptr) = proposal->get_spi(proposal, proto);
+       this->proposal_number = proposal->get_number(proposal);
+       this->protocol_id = proto;
+       
+       
        /* encryption algorithm is only availble in ESP */
-       if (proto == ESP)
+       iterator = proposal->create_algorithm_iterator(proposal, proto, ENCRYPTION_ALGORITHM);
+       while (iterator->has_next(iterator))
        {
-               iterator = proposal->create_algorithm_iterator(proposal, proto, ENCRYPTION_ALGORITHM);
-               while (iterator->has_next(iterator))
-               {
-                       iterator->current(iterator, (void**)&algo);
-                       transform = transform_substructure_create_type(ENCRYPTION_ALGORITHM, algo->algorithm, algo->key_size);
-                       this->public.add_transform_substructure(&(this->public), transform);
-               }
-               iterator->destroy(iterator);
+               iterator->current(iterator, (void**)&algo);
+               transform = transform_substructure_create_type(ENCRYPTION_ALGORITHM, algo->algorithm, algo->key_size);
+               this->public.add_transform_substructure(&(this->public), transform);
        }
+       iterator->destroy(iterator);
        
        /* integrity algorithms */
        iterator = proposal->create_algorithm_iterator(proposal, proto, INTEGRITY_ALGORITHM);
@@ -559,6 +591,17 @@ proposal_substructure_t *proposal_substructure_create_from_child_proposal(child_
        }
        iterator->destroy(iterator);
        
+       /* prf algorithms */
+       iterator = proposal->create_algorithm_iterator(proposal, proto, PSEUDO_RANDOM_FUNCTION);
+       while (iterator->has_next(iterator))
+       {
+               algorithm_t *algo;
+               iterator->current(iterator, (void**)&algo);
+               transform = transform_substructure_create_type(PSEUDO_RANDOM_FUNCTION, algo->algorithm, algo->key_size);
+               this->public.add_transform_substructure(&(this->public), transform);
+       }
+       iterator->destroy(iterator);
+       
        /* dh groups */
        iterator = proposal->create_algorithm_iterator(proposal, proto, DIFFIE_HELLMAN_GROUP);
        while (iterator->has_next(iterator))
@@ -580,4 +623,6 @@ proposal_substructure_t *proposal_substructure_create_from_child_proposal(child_
                this->public.add_transform_substructure(&(this->public), transform);
        }
        iterator->destroy(iterator);
+       
+       return &(this->public);
 }
index afa5851..0247584 100644 (file)
@@ -63,8 +63,8 @@ struct proposal_substructure_t {
         *                      When deleting any transform over this iterator, call 
         *                      get_size to make sure the length and number values are ok.
         *
-        * @param this                  calling proposal_substructure_t object
-        * @param[in] forward   iterator direction (TRUE: front to end)
+        * @param this                  calling proposal_substructure_t object
+        * @param forward               iterator direction (TRUE: front to end)
         * @return                              created iterator_t object
         */
        iterator_t * (*create_transform_substructure_iterator) (proposal_substructure_t *this, bool forward);
@@ -84,7 +84,7 @@ struct proposal_substructure_t {
         * @brief Sets the proposal number of current proposal.
         *
         * @param this          calling proposal_substructure_t object
-        * @param id                    proposal number to set
+        * @param id            proposal number to set
         */
        void (*set_proposal_number) (proposal_substructure_t *this,u_int8_t proposal_number);
        
@@ -172,6 +172,8 @@ struct proposal_substructure_t {
         * @param spi   chunk_t pointing to the value to set
         */
        void (*set_spi) (proposal_substructure_t *this, chunk_t spi);
+       
+       void (*add_to_child_proposal) (proposal_substructure_t *this, child_proposal_t *proposal);
 
        /**
         * @brief Clones an proposal_substructure_t object.
index b433d67..b0b94df 100644 (file)
@@ -150,7 +150,6 @@ static status_t verify(private_sa_payload_t *this)
                }
                else if (current_proposal->get_proposal_number(current_proposal) < proposal_number)
                {
-                       iterator->destroy(iterator);
                        /* must not be smaller then proceeding one */
                        status = FAILED;
                        break;
@@ -263,25 +262,19 @@ static void add_proposal_substructure (private_sa_payload_t *this,proposal_subst
 static void add_child_proposal(private_sa_payload_t *this, child_proposal_t *proposal)
 {
        proposal_substructure_t *substructure;
-       protocol_id_t proto;
+       protocol_id_t proto[2];
+       u_int i;
        
-       /* watch out to build the substructures in the right order */
-       proto = proposal->get_first_protocol(proposal);
-       if (proto != AH && proto != ESP)
+       /* build the substructures for every protocol */
+       proposal->get_protocols(proposal, proto);
+       for (i = 0; i<2; i++)
        {
-               return;
-       }
-       substructure = proposal_substructure_create_from_child_proposal(proposal, proto);
-       add_proposal_substructure(this, substructure);
-       
-       /* first is done, now do the (possible) other */
-       proto = proposal->get_second_protocol(proposal);
-       if (proto != AH && proto != ESP)
-       {
-               return;
+               if (proto[i] != UNDEFINED_PROTOCOL_ID)
+               {
+                       substructure = proposal_substructure_create_from_child_proposal(proposal, proto[i]);
+                       add_proposal_substructure(this, substructure);
+               }
        }
-       substructure = proposal_substructure_create_from_child_proposal(proposal, proto);
-       add_proposal_substructure(this, substructure);
 }
 
 
@@ -422,298 +415,37 @@ static status_t get_ike_proposals (private_sa_payload_t *this,ike_proposal_t **
 /**
  * Implementation of sa_payload_t.get_child_proposals.
  */
-static status_t get_child_proposals (private_sa_payload_t *this,child_proposal_t ** proposals, size_t *proposal_count)
+static linked_list_t *get_child_proposals(private_sa_payload_t *this)
 {
-       int found_child_proposals = 0;
-       int found_suites = 1;
-       int current_suite_number = 0;
-       
+       int proposal_struct_number = 0;
        iterator_t *iterator;
-       child_proposal_t *tmp_proposals;
-       
-       iterator = this->proposals->create_iterator(this->proposals,TRUE);
-       
-       /* first find out the number of child proposals and check their number of transforms and 
-        * if the SPI is 4 byte long!*/
-       current_suite_number = 1;
-       while (iterator->has_next(iterator))
-       {
-               proposal_substructure_t *current_proposal;
-               iterator->current(iterator,(void **)&(current_proposal));
-               if ((current_proposal->get_protocol_id(current_proposal) == AH) ||
-                       (current_proposal->get_protocol_id(current_proposal) == ESP))
-               {
-                       if (current_proposal->get_spi_size(current_proposal) != 4)
-                   {
-                       iterator->destroy(iterator);
-                       return FAILED;
-                   }
-                       if (current_proposal->get_proposal_number(current_proposal) == (current_suite_number + 1))
-                       {
-                               found_suites++;
-                               current_suite_number = current_proposal->get_proposal_number(current_proposal);
-                       }       
-                       found_child_proposals++;
-               }
-       }
-       iterator->reset(iterator);
-       
-       if (found_child_proposals == 0)
-       {
-               iterator->destroy(iterator);
-               return NOT_FOUND;
-       }
-       
-       /* allocate memory to hold each proposal as child_proposal_t */
-
-       tmp_proposals = allocator_alloc(found_child_proposals * sizeof(child_proposal_t));
+       child_proposal_t *proposal;
+       linked_list_t *proposal_list;
        
-       current_suite_number = 1;
-       tmp_proposals[current_suite_number - 1].ah.extended_sequence_numbers = NO_EXT_SEQ_NUMBERS;
-       tmp_proposals[current_suite_number - 1].ah.diffie_hellman_group = MODP_UNDEFINED;
-       tmp_proposals[current_suite_number - 1].ah.integrity_algorithm = AUTH_UNDEFINED;
-       tmp_proposals[current_suite_number - 1].ah.is_set = FALSE;
+       /* this list will hold our proposals */
+       proposal_list = linked_list_create();
        
-       tmp_proposals[current_suite_number - 1].esp.integrity_algorithm = AUTH_UNDEFINED;
-       tmp_proposals[current_suite_number - 1].esp.diffie_hellman_group = MODP_UNDEFINED;
-       tmp_proposals[current_suite_number - 1].esp.extended_sequence_numbers = NO_EXT_SEQ_NUMBERS;
-       tmp_proposals[current_suite_number - 1].esp.is_set = FALSE;
-       
-       /* create from each proposal_substructure a child_proposal_t data area*/
+       /* iterate over structures, one OR MORE structures will result in a child_proposal */
+       iterator = this->proposals->create_iterator(this->proposals,TRUE);
        while (iterator->has_next(iterator))
        {
-               proposal_substructure_t *current_proposal;
-               iterator->current(iterator,(void **)&(current_proposal));
+               proposal_substructure_t *proposal_struct;
+               iterator->current(iterator,(void **)&(proposal_struct));
                
-               if (current_proposal->get_proposal_number(current_proposal) == (current_suite_number + 1))
+               if (proposal_struct->get_proposal_number(proposal_struct) > proposal_struct_number)
                {
-                       current_suite_number++;
-                       if (current_suite_number > found_suites)
-                       {
-                               /* inconsistent situation */
-                               return FAILED;
-                       }
-                       tmp_proposals[current_suite_number - 1].ah.extended_sequence_numbers = NO_EXT_SEQ_NUMBERS;
-                       tmp_proposals[current_suite_number - 1].ah.diffie_hellman_group = MODP_UNDEFINED;
-
-                       tmp_proposals[current_suite_number - 1].esp.integrity_algorithm = AUTH_UNDEFINED;
-                       tmp_proposals[current_suite_number - 1].esp.diffie_hellman_group = MODP_UNDEFINED;
-                       tmp_proposals[current_suite_number - 1].esp.extended_sequence_numbers = NO_EXT_SEQ_NUMBERS;
-               }
-                               
-               if (current_proposal->get_protocol_id(current_proposal) == AH)
-               {
-                       bool integrity_algorithm_found = FALSE;
-                       bool diffie_hellman_group_found = FALSE;
-                       bool extended_sequence_numbers_found = FALSE;
-                       iterator_t *transforms;
-                       status_t status;
-                       
-                       chunk_t spi;
-
-                       tmp_proposals[current_suite_number - 1].ah.is_set = TRUE;
-
-                       spi = current_proposal->get_spi(current_proposal);
-                       memcpy(tmp_proposals[current_suite_number - 1].ah.spi,spi.ptr,min(spi.len,4));
-
-                       transforms = current_proposal->create_transform_substructure_iterator(current_proposal,TRUE);
-                       while (transforms->has_next(transforms))
-                       {
-                               transform_substructure_t *current_transform;
-                               transforms->current(transforms,(void **)&(current_transform));
-                               
-                               switch (current_transform->get_transform_type(current_transform))
-                               {
-                                       case INTEGRITY_ALGORITHM:
-                                       {
-                                               u_int16_t key_size;
-                                               
-                                               if (integrity_algorithm_found)
-                                               {
-                                                               transforms->destroy(transforms);
-                                                               iterator->destroy(iterator);
-                                                               allocator_free(tmp_proposals);
-                                                               return FAILED;
-                                               }
-                                               tmp_proposals[current_suite_number - 1].ah.integrity_algorithm = current_transform->get_transform_id(current_transform);
-                                               status = current_transform->get_key_length(current_transform,&key_size);
-                                               tmp_proposals[current_suite_number - 1].ah.integrity_algorithm_key_size = key_size;
-                                               if (status == SUCCESS)
-                                               {
-                                                       integrity_algorithm_found = TRUE;
-                                               }
-                                               break;
-                                       }
-                                       case EXTENDED_SEQUENCE_NUMBERS:
-                                       {
-                                               if (extended_sequence_numbers_found)
-                                               {
-                                                               transforms->destroy(transforms);
-                                                               iterator->destroy(iterator);
-                                                               allocator_free(tmp_proposals);
-                                                               return FAILED;
-                                               }
-                                               tmp_proposals[current_suite_number - 1].ah.extended_sequence_numbers = current_transform->get_transform_id(current_transform);
-                                               extended_sequence_numbers_found = TRUE;
-                                               break;
-                                       }
-                                       case DIFFIE_HELLMAN_GROUP:
-                                       {
-                                               if (diffie_hellman_group_found)
-                                               {
-                                                               transforms->destroy(transforms);
-                                                               iterator->destroy(iterator);
-                                                               allocator_free(tmp_proposals);
-                                                               return FAILED;
-                                               }
-                                               tmp_proposals[current_suite_number - 1].ah.diffie_hellman_group = current_transform->get_transform_id(current_transform);
-                                               diffie_hellman_group_found = TRUE;
-                                               break;
-                                       }
-                                       default:
-                                       {
-                                               /* not a transform of an child proposal. return here */
-                                               transforms->destroy(transforms);
-                                               iterator->destroy(iterator);
-                                               allocator_free(tmp_proposals);
-                                               return FAILED;
-                                       }
-                               }
-                               
-                       }
-                       transforms->destroy(transforms);
-
-                       if (!integrity_algorithm_found)
-                       {
-                               /* one of needed transforms could not be found */
-                               iterator->reset(iterator);
-                               allocator_free(tmp_proposals);
-                               return FAILED;
-                       }
-               }
-               else if (current_proposal->get_protocol_id(current_proposal) == ESP)
-               {
-                       bool encryption_algorithm_found = FALSE;
-                       bool integrity_algorithm_found = FALSE;
-                       bool diffie_hellman_group_found = FALSE;
-                       bool extended_sequence_numbers_found = FALSE;
-                       iterator_t *transforms;
-                       status_t status;
-                       chunk_t spi;
-
-                       spi = current_proposal->get_spi(current_proposal);
-                       memcpy(tmp_proposals[current_suite_number - 1].esp.spi,spi.ptr,min(spi.len,4));
-                       tmp_proposals[current_suite_number - 1].esp.is_set = TRUE;
-
-
-                       transforms = current_proposal->create_transform_substructure_iterator(current_proposal,TRUE);
-                       while (transforms->has_next(transforms))
-                       {
-                               transform_substructure_t *current_transform;
-                               transforms->current(transforms,(void **)&(current_transform));
-                                                               
-                               switch (current_transform->get_transform_type(current_transform))
-                               {
-                                       case ENCRYPTION_ALGORITHM:
-                                       {
-                                               u_int16_t key_size;
-                                               
-                                               if (encryption_algorithm_found)
-                                               {
-                                                               transforms->destroy(transforms);
-                                                               iterator->destroy(iterator);
-                                                               allocator_free(tmp_proposals);
-                                                               return FAILED;
-                                               }
-                                               tmp_proposals[current_suite_number - 1].esp.encryption_algorithm = current_transform->get_transform_id(current_transform);
-                                               status = current_transform->get_key_length(current_transform,&key_size);
-                                               tmp_proposals[current_suite_number - 1].esp.encryption_algorithm_key_size = key_size;
-                                               if (status == SUCCESS)
-                                               {
-                                                       encryption_algorithm_found = TRUE;
-                                               }
-                                               break;
-                                       }
-                                       case INTEGRITY_ALGORITHM:
-                                       {
-                                               u_int16_t key_size;
-                                               
-                                               if (integrity_algorithm_found)
-                                               {
-                                                               transforms->destroy(transforms);
-                                                               iterator->destroy(iterator);
-                                                               allocator_free(tmp_proposals);
-                                                               return FAILED;
-                                               }
-                                               tmp_proposals[current_suite_number - 1].esp.integrity_algorithm = current_transform->get_transform_id(current_transform);
-                                               status = current_transform->get_key_length(current_transform,&key_size);
-                                               tmp_proposals[current_suite_number - 1].esp.integrity_algorithm_key_size = key_size;
-                                               if (status == SUCCESS)
-                                               {
-                                                       integrity_algorithm_found = TRUE;
-                                               }
-                                               break;
-                                       }
-                                       case EXTENDED_SEQUENCE_NUMBERS:
-                                       {
-                                               if (extended_sequence_numbers_found)
-                                               {
-                                                               transforms->destroy(transforms);
-                                                               iterator->destroy(iterator);
-                                                               allocator_free(tmp_proposals);
-                                                               return FAILED;
-                                               }
-                                               tmp_proposals[current_suite_number - 1].esp.extended_sequence_numbers = current_transform->get_transform_id(current_transform);
-                                               extended_sequence_numbers_found = TRUE;
-                                               break;
-                                       }
-                                       case DIFFIE_HELLMAN_GROUP:
-                                       {
-                                               if (diffie_hellman_group_found)
-                                               {
-                                                               transforms->destroy(transforms);
-                                                               iterator->destroy(iterator);
-                                                               allocator_free(tmp_proposals);
-                                                               return FAILED;
-                                               }
-                                               tmp_proposals[current_suite_number - 1].esp.diffie_hellman_group = current_transform->get_transform_id(current_transform);
-                                               diffie_hellman_group_found = TRUE;
-                                               break;
-                                       }
-                                       default:
-                                       {
-                                               /* not a transform of an child proposal. return here */
-                                               transforms->destroy(transforms);
-                                               iterator->destroy(iterator);
-                                               allocator_free(tmp_proposals);
-                                               return FAILED;
-                                       }
-                               }
-                               
-                       }
-                       transforms->destroy(transforms);
-                       
-
-                       if (!encryption_algorithm_found)
-                       {
-                               /* one of needed transforms could not be found */
-                               iterator->reset(iterator);
-                               allocator_free(tmp_proposals);
-                               return FAILED;
-                       }
-                       
+                       /* here starts a new proposal, create a new one and add it to the list */
+                       proposal_struct_number = proposal_struct->get_proposal_number(proposal_struct);
+                       proposal = child_proposal_create(proposal_struct_number);
+                       proposal_list->insert_last(proposal_list, proposal);
                }
+               /* proposal_substructure_t does the dirty work and builds up the proposal */
+               proposal_struct->add_to_child_proposal(proposal_struct, proposal);
        }
-
-       iterator->destroy(iterator);    
-       
-       *proposals = tmp_proposals;
-       *proposal_count = found_suites;
-
-       return SUCCESS;
+       iterator->destroy(iterator);
+       return proposal_list;
 }
 
-
 /**
  * Implementation of private_sa_payload_t.compute_length.
  */
@@ -753,7 +485,7 @@ sa_payload_t *sa_payload_create()
        this->public.create_proposal_substructure_iterator = (iterator_t* (*) (sa_payload_t *,bool)) create_proposal_substructure_iterator;
        this->public.add_proposal_substructure = (void (*) (sa_payload_t *,proposal_substructure_t *)) add_proposal_substructure;
        this->public.get_ike_proposals = (status_t (*) (sa_payload_t *, ike_proposal_t **, size_t *)) get_ike_proposals;
-       this->public.get_child_proposals = (status_t (*) (sa_payload_t *, child_proposal_t **, size_t *)) get_child_proposals;
+       this->public.get_child_proposals = (linked_list_t* (*) (sa_payload_t *)) get_child_proposals;
        this->public.destroy = (void (*) (sa_payload_t *)) destroy;
        
        /* private functions */
@@ -813,88 +545,18 @@ sa_payload_t *sa_payload_create_from_ike_proposals(ike_proposal_t *proposals, si
 /*
  * Described in header.
  */
-sa_payload_t *sa_payload_create_from_child_proposals(child_proposal_t *proposals, size_t proposal_count)
-{      
-       int i;
-       sa_payload_t *sa_payload= sa_payload_create();
+sa_payload_t *sa_payload_create_from_child_proposals(linked_list_t *proposals)
+{
+       iterator_t *iterator;
+       child_proposal_t *proposal;
+       sa_payload_t *sa_payload = sa_payload_create();
        
-       for (i = 0; i < proposal_count; i++)
+       /* add every payload from the list */
+       iterator = proposals->create_iterator(proposals, TRUE);
+       while (iterator->has_next(iterator))
        {
-               /* first the AH part is created */
-               if (proposals[i].ah.is_set)
-               {
-                       transform_substructure_t *integrity_algorithm;
-                       proposal_substructure_t *proposal_substructure; 
-                       chunk_t spi;
-                       
-                       proposal_substructure = proposal_substructure_create();
-                       proposal_substructure->set_protocol_id(proposal_substructure,AH);
-                       proposal_substructure->set_proposal_number(proposal_substructure,(i + 1));
-                       spi.ptr = proposals[i].ah.spi;
-                       spi.len = 4;
-                       proposal_substructure->set_spi(proposal_substructure,spi);
-                       
-                       integrity_algorithm = transform_substructure_create_type(INTEGRITY_ALGORITHM,proposals[i].ah.integrity_algorithm,proposals[i].ah.integrity_algorithm_key_size);
-                       proposal_substructure->add_transform_substructure(proposal_substructure,integrity_algorithm);
-                       if (proposals[i].ah.diffie_hellman_group != MODP_UNDEFINED)
-                       {
-                               transform_substructure_t *diffie_hellman_group;
-                               diffie_hellman_group = transform_substructure_create_type(DIFFIE_HELLMAN_GROUP,proposals[i].ah.diffie_hellman_group,0);
-                               proposal_substructure->add_transform_substructure(proposal_substructure,diffie_hellman_group);
-                               
-                       }
-                       if (proposals[i].ah.extended_sequence_numbers == EXT_SEQ_NUMBERS)
-                       {
-                               transform_substructure_t *extended_sequence_numbers;
-                               extended_sequence_numbers = transform_substructure_create_type(EXTENDED_SEQUENCE_NUMBERS,proposals[i].ah.extended_sequence_numbers,0);
-                               proposal_substructure->add_transform_substructure(proposal_substructure,extended_sequence_numbers);
-                       }
-
-                       sa_payload->add_proposal_substructure(sa_payload,proposal_substructure);        
-               }
-
-               /* then the ESP part is created */
-               if (proposals[i].esp.is_set)
-               {
-                       transform_substructure_t *encryption_algorithm;
-                       proposal_substructure_t *proposal_substructure; 
-                       chunk_t spi;
-                       
-                       proposal_substructure = proposal_substructure_create();
-                       proposal_substructure->set_protocol_id(proposal_substructure,ESP);
-                       proposal_substructure->set_proposal_number(proposal_substructure,(i + 1));
-                       spi.ptr = proposals[i].esp.spi;
-                       spi.len = 4;
-                       proposal_substructure->set_spi(proposal_substructure,spi);
-                       
-                       encryption_algorithm = transform_substructure_create_type(ENCRYPTION_ALGORITHM,proposals[i].esp.encryption_algorithm,proposals[i].esp.encryption_algorithm_key_size);
-                       proposal_substructure->add_transform_substructure(proposal_substructure,encryption_algorithm);
-                       
-                       if (proposals[i].esp.integrity_algorithm != AUTH_UNDEFINED)
-                       {
-                               transform_substructure_t *integrity_algorithm;
-                               integrity_algorithm = transform_substructure_create_type(INTEGRITY_ALGORITHM,proposals[i].esp.integrity_algorithm,proposals[i].esp.integrity_algorithm_key_size);
-                               proposal_substructure->add_transform_substructure(proposal_substructure,integrity_algorithm);
-                               
-                       }
-                       
-                       if (proposals[i].esp.diffie_hellman_group != MODP_UNDEFINED)
-                       {
-                               transform_substructure_t *diffie_hellman_group;
-                               diffie_hellman_group = transform_substructure_create_type(DIFFIE_HELLMAN_GROUP,proposals[i].esp.diffie_hellman_group,0);
-                               proposal_substructure->add_transform_substructure(proposal_substructure,diffie_hellman_group);
-                               
-                       }
-                       if (proposals[i].esp.extended_sequence_numbers == EXT_SEQ_NUMBERS)
-                       {
-                               transform_substructure_t *extended_sequence_numbers;
-                               extended_sequence_numbers = transform_substructure_create_type(EXTENDED_SEQUENCE_NUMBERS,proposals[i].esp.extended_sequence_numbers,0);
-                               proposal_substructure->add_transform_substructure(proposal_substructure,extended_sequence_numbers);
-                       }
-
-                       sa_payload->add_proposal_substructure(sa_payload,proposal_substructure);                        
-               }
-               
+               iterator->current(iterator, (void**)&proposal);
+               add_child_proposal((private_sa_payload_t*)sa_payload, proposal);
        }
        
        return sa_payload;
index 90f57b7..b9ba209 100644 (file)
@@ -111,14 +111,9 @@ struct sa_payload_t {
        /**
         * @brief Creates an array of child_proposal_t's in this SA payload.
         * 
-        * @param proposals                     the pointer to the first entry of child_proposal_t's is set
-        * @param proposal_count        the number of found proposals is written at this location
-        * @return
-        *                                                      - SUCCESS if child proposals could be found
-        *                                                      - NOT_FOUND if no child proposal could be found
-        *                                                      - FAILED if a proposal does not contain all needed transforms
+        * @return                                      a list containing child_proposal_t s
         */
-       status_t (*get_child_proposals) (sa_payload_t *this, child_proposal_t **proposals, size_t *proposal_count);     
+       linked_list_t *(*get_child_proposals) (sa_payload_t *this);
        
        /**
         * @brief Add a child proposal (AH/ESP) to the payload.
@@ -156,5 +151,6 @@ sa_payload_t *sa_payload_create();
  */
 sa_payload_t *sa_payload_create_from_ike_proposals(ike_proposal_t *proposals, size_t proposal_count);
 
+sa_payload_t *sa_payload_create_from_child_proposals(linked_list_t *proposals);
 
 #endif /*SA_PAYLOAD_H_*/
index ba064c5..e2f368f 100644 (file)
@@ -144,7 +144,7 @@ static status_t verify(private_transform_substructure_t *this)
                        }
                        break;
                }
-               case     PSEUDO_RANDOM_FUNCTION:
+               case PSEUDO_RANDOM_FUNCTION:
                {
                        if ((this->transform_id < PRF_HMAC_MD5) || (this->transform_id > PRF_AES128_CBC))
                        {
index 670ae23..d26f66a 100644 (file)
@@ -164,7 +164,7 @@ socket_t *socket_create(u_int16_t port)
        
        /* create default ipv4 socket */
        this->socket_fd = socket(PF_INET, SOCK_DGRAM, 0);
-       if (this->socket_fd < 0) 
+       if (this->socket_fd < 0)
        {
                this->logger->log(this->logger, ERROR, "unable to open socket: %s", strerror(errno));
                charon->logger_manager->destroy_logger(charon->logger_manager, this->logger);
index 13d980b..ad23fa0 100644 (file)
@@ -325,42 +325,34 @@ static status_t process_idr_payload(private_ike_auth_requested_t *this, id_paylo
  */
 static status_t process_sa_payload(private_ike_auth_requested_t *this, sa_payload_t *sa_payload)
 {
-       child_proposal_t *proposals, *proposal_chosen;
-       size_t proposal_count;
-       status_t status;
-       
-       /* dummy spis, until we have a child sa to request them */
-       u_int8_t ah_spi[4] = {0x01, 0x02, 0x03, 0x04};
-       u_int8_t esp_spi[4] = {0x05, 0x06, 0x07, 0x08};
-       
-       /* check selected proposal */
-       status = sa_payload->get_child_proposals(sa_payload, &proposals, &proposal_count);
-       if (status != SUCCESS)
+       child_proposal_t *proposal;
+       linked_list_t *proposal_list;
+       /* TODO fix mem allocation */
+       /* TODO child sa stuff */
+       /* get selected proposal */
+       proposal_list = sa_payload->get_child_proposals(sa_payload);
+       /* check count of proposals */
+       if (proposal_list->get_count(proposal_list) == 0)
        {
-               /* there are no proposals. This is possible if the requester doesn't want to setup a child sa */
-               this->logger->log(this->logger, AUDIT, "IKE_AUH reply did not contain any proposals. Don't create CHILD_SA");
+               /* no proposal? we accept this, no child sa is built */
+               this->logger->log(this->logger, AUDIT, "IKE_AUTH reply's SA_PAYLOAD didn't contain any proposals. No CHILD_SA created",
+                                                 proposal_list->get_count(proposal_list));
                return SUCCESS;
        }
-       if (proposal_count > 1)
+       if (proposal_list->get_count(proposal_list) > 1)
        {
-               this->logger->log(this->logger, AUDIT, "IKE_AUTH reply's SA_PAYLOAD contained more than one proposal. Deleting IKE_SA");
-               allocator_free(proposals);
+               this->logger->log(this->logger, AUDIT, "IKE_AUTH reply's SA_PAYLOAD contained %d proposal. Deleting IKE_SA",
+                                                 proposal_list->get_count(proposal_list));
                return DELETE_ME;
        }
        
-       proposal_chosen = this->sa_config->select_proposal(this->sa_config, ah_spi, esp_spi, proposals, proposal_count);
-       if (proposal_chosen == NULL)
+       /* we have to re-check here if other's selection is valid */
+       proposal = this->sa_config->select_proposal(this->sa_config, proposal_list);
+       if (proposal == NULL)
        {
                this->logger->log(this->logger, AUDIT, "IKE_AUTH reply contained a not offered proposal. Deleting IKE_SA");
-               allocator_free(proposals);
                return DELETE_ME;
        }
-       else
-       {
-               allocator_free(proposal_chosen);
-       }
-       
-       allocator_free(proposals);
        
        return SUCCESS;
 }
index 81b75e7..1bbffa1 100644 (file)
@@ -521,20 +521,15 @@ static status_t build_auth_payload (private_ike_sa_init_requested_t *this, id_pa
  */
 static status_t build_sa_payload (private_ike_sa_init_requested_t *this, message_t *request)
 {
-       child_proposal_t *proposals;
+       linked_list_t *proposal_list;
        sa_payload_t *sa_payload;
-       sa_config_t *sa_config;
-       size_t proposal_count;
-       /*
-        * TODO: get SPIs from kernel
-        */
-       u_int8_t esp_spi[4] = {0x01,0x01,0x01,0x01};
-       u_int8_t ah_spi[4] = {0x01,0x01,0x01,0x01};
-
+       sa_config_t *sa_config; 
+       POS;
        sa_config = this->ike_sa->get_sa_config(this->ike_sa);
-       proposal_count = sa_config->get_proposals(sa_config,ah_spi,esp_spi,&proposals);
-       sa_payload = sa_payload_create_from_child_proposals(proposals, proposal_count);
-       allocator_free(proposals);
+       proposal_list = sa_config->get_proposals(sa_config);
+       sa_payload = sa_payload_create_from_child_proposals(proposal_list);
+       /* TODO: fix mem allocation */
+       /* TODO child sa stuff */
 
        this->logger->log(this->logger, CONTROL|LEVEL2, "Add SA payload to message");
        request->add_payload(request,(payload_t *) sa_payload);
index 3d8f9e0..fd98356 100644 (file)
@@ -272,7 +272,6 @@ static status_t process_message(private_ike_sa_init_responded_t *this, message_t
        this->ike_sa->build_message(this->ike_sa, IKE_AUTH, FALSE, &response);
        
        /* add payloads to it */
-       
        status = this->build_idr_payload(this, idi_request, idr_request, response,&idr_response);
        if (status != SUCCESS)
        {
@@ -387,43 +386,42 @@ static status_t build_idr_payload(private_ike_sa_init_responded_t *this, id_payl
  */
 static status_t build_sa_payload(private_ike_sa_init_responded_t *this, sa_payload_t *request, message_t *response)
 {
-       child_proposal_t *proposals, *proposal_chosen;
-       size_t proposal_count;
-       status_t status;
+       child_proposal_t *proposal;
+       linked_list_t *proposal_list, *dummy_list;
        sa_payload_t *sa_response;
        
-       /* dummy spis, until we have a child sa to request them */
-       u_int8_t ah_spi[4] = {0x01, 0x02, 0x03, 0x04};
-       u_int8_t esp_spi[4] = {0x05, 0x06, 0x07, 0x08};
+       POS;
+       /* TODO: fix mem */
+       /* TODO: child sa stuff */
        
-       status = request->get_child_proposals(request, &proposals, &proposal_count);
-       if (status == SUCCESS)
-       {
-               proposal_chosen = this->sa_config->select_proposal(this->sa_config, ah_spi, esp_spi, proposals, proposal_count);
-               if (proposal_chosen != NULL)
-               {
-                       sa_response = sa_payload_create_from_child_proposals(proposal_chosen, 1);
-                       response->add_payload(response, (payload_t*)sa_response);
-                       allocator_free(proposal_chosen);
-               }
-               else
-               {
-                       this->logger->log(this->logger, AUDIT, "IKE_AUTH request did not contain any proposals we accept. Deleting IKE_SA");
-                       this->ike_sa->send_notify(this->ike_sa, IKE_AUTH, NO_PROPOSAL_CHOSEN, CHUNK_INITIALIZER);
-                       status = DELETE_ME;     
-               }
-               allocator_free(proposals);
-       }
-       else
+       /* get proposals from request */
+       proposal_list = request->get_child_proposals(request);
+       if (proposal_list->get_count(proposal_list) == 0)
        {
-               this->logger->log(this->logger, AUDIT, "IKE_AUH request did not contain any proposals. Don't create CHILD_SA");
+               /* if the other side did not offer any proposals, we do not create child sa's */
+               this->logger->log(this->logger, AUDIT, "IKE_AUH request did not contain any proposals. No CHILD_SA created");
                sa_response = sa_payload_create();
                response->add_payload(response, (payload_t*)sa_response);
-               
-               status = SUCCESS;
+               return SUCCESS;
+       }
+       /* now select a proposal */
+       proposal = this->sa_config->select_proposal(this->sa_config, proposal_list);
+       if (proposal == NULL)
+       {
+               POS;
+               this->logger->log(this->logger, AUDIT, "IKE_AUTH request did not contain any proposals we accept. Deleting IKE_SA");
+               this->ike_sa->send_notify(this->ike_sa, IKE_AUTH, NO_PROPOSAL_CHOSEN, CHUNK_INITIALIZER);
+               return DELETE_ME;       
        }
        
-       return status;
+       /* we need a dummy list to build an sa payload from ONE proposal */
+       dummy_list = linked_list_create();
+       dummy_list->insert_last(dummy_list, (void*)proposal);
+       sa_response = sa_payload_create_from_child_proposals(dummy_list);
+       dummy_list->destroy(dummy_list);
+       response->add_payload(response, (payload_t*)sa_response);
+       
+       return SUCCESS;
 }
 
 /**
index d6a113f..b338989 100644 (file)
@@ -116,6 +116,10 @@ TEST_OBJS+= $(BUILD_DIR)sa_config_test.o
 $(BUILD_DIR)sa_config_test.o :         $(TESTCASES_DIR)sa_config_test.c $(TESTCASES_DIR)sa_config_test.h
                                                                        $(CC) $(CFLAGS) -c -o $@ $<
 
+TEST_OBJS+= $(BUILD_DIR)child_proposal_test.o
+$(BUILD_DIR)child_proposal_test.o :    $(TESTCASES_DIR)child_proposal_test.c $(TESTCASES_DIR)child_proposal_test.h
+                                                                       $(CC) $(CFLAGS) -c -o $@ $<
+
 TEST_OBJS+= $(BUILD_DIR)rsa_test.o
 $(BUILD_DIR)rsa_test.o :                       $(TESTCASES_DIR)rsa_test.c $(TESTCASES_DIR)rsa_test.h
                                                                        $(CC) $(CFLAGS) -c -o $@ $<
diff --git a/Source/charon/testcases/child_proposal_test.c b/Source/charon/testcases/child_proposal_test.c
new file mode 100644 (file)
index 0000000..e1ca7de
--- /dev/null
@@ -0,0 +1,99 @@
+/**
+ * @file child_proposal_test.c
+ *
+ * @brief Tests for the child_proposal_t class.
+ *
+ */
+
+/*
+ * Copyright (C) 2005 Jan Hutter, Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "child_proposal_test.h"
+
+#include <daemon.h>
+#include <config/child_proposal.h>
+#include <utils/allocator.h>
+#include <utils/logger.h>
+
+
+/**
+ * Described in header.
+ */
+void test_child_proposal(protected_tester_t *tester)
+{
+       child_proposal_t *proposal1, *proposal2, *proposal3;
+       iterator_t *iterator;
+
+       proposal1 = child_proposal_create(1);
+       proposal1->add_algorithm(proposal1, ESP, ENCRYPTION_ALGORITHM, ENCR_3DES, 0);
+       proposal1->add_algorithm(proposal1, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 32);
+       proposal1->add_algorithm(proposal1, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
+       proposal1->add_algorithm(proposal1, ESP, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 0);
+       proposal1->add_algorithm(proposal1, ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
+       proposal1->add_algorithm(proposal1, ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20);
+       proposal1->add_algorithm(proposal1, AH, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
+       proposal1->add_algorithm(proposal1, AH, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0);
+       
+       proposal2 = child_proposal_create(2);
+       proposal2->add_algorithm(proposal2, ESP, ENCRYPTION_ALGORITHM, ENCR_3IDEA, 0);
+       proposal2->add_algorithm(proposal2, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
+       proposal2->add_algorithm(proposal2, ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20);
+       //proposal1->add_algorithm(proposal2, AH, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
+       
+       /* ah and esp prop */
+       proposal3 = proposal1->select(proposal1, proposal2);
+       tester->assert_false(tester, proposal3 == NULL, "proposal select");
+       if (proposal3)
+       {
+               iterator = proposal3->create_algorithm_iterator(proposal3, ESP, ENCRYPTION_ALGORITHM);
+               tester->assert_false(tester, iterator == NULL, "encryption algo select");
+               while(iterator->has_next(iterator))
+               {
+                       algorithm_t *algo;
+                       iterator->current(iterator, (void**)&algo);
+                       tester->assert_true(tester, algo->algorithm == ENCR_AES_CBC, "encryption algo");
+                       tester->assert_true(tester, algo->key_size == 16, "encryption keylen");
+               }
+               iterator->destroy(iterator);
+               
+               iterator = proposal3->create_algorithm_iterator(proposal3, ESP, INTEGRITY_ALGORITHM);
+               tester->assert_false(tester, iterator == NULL, "integrity algo select");
+               while(iterator->has_next(iterator))
+               {
+                       algorithm_t *algo;
+                       iterator->current(iterator, (void**)&algo);
+                       tester->assert_true(tester, algo->algorithm == AUTH_HMAC_MD5_96, "integrity algo");
+                       tester->assert_true(tester, algo->key_size == 20, "integrity keylen");
+               }
+               iterator->destroy(iterator);
+               
+               iterator = proposal3->create_algorithm_iterator(proposal3, AH, DIFFIE_HELLMAN_GROUP );
+               tester->assert_false(tester, iterator == NULL, "dh group algo select");
+               while(iterator->has_next(iterator))
+               {
+                       algorithm_t *algo;
+                       iterator->current(iterator, (void**)&algo);
+                       tester->assert_true(tester, algo->algorithm == MODP_1024_BIT, "dh group algo");
+                       tester->assert_true(tester, algo->key_size == 0, "dh gorup keylen");
+               }
+               iterator->destroy(iterator);
+               
+               proposal3->destroy(proposal3);
+       }
+       
+       proposal1->destroy(proposal1);
+       proposal2->destroy(proposal2);
+       return;
+}
diff --git a/Source/charon/testcases/child_proposal_test.h b/Source/charon/testcases/child_proposal_test.h
new file mode 100644 (file)
index 0000000..400951e
--- /dev/null
@@ -0,0 +1,42 @@
+/**
+ * @file child_proposal_test.h
+ *
+ * @brief Tests for the child_proposal_t class.
+ *
+ */
+
+/*
+ * Copyright (C) 2005 Jan Hutter, Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+
+#ifndef CHILD_PROPOSAL_TEST_H_
+#define CHILD_PROPOSAL_TEST_H_
+
+#include <utils/tester.h>
+
+/**
+ * @brief Test function used to test the child_proposal_t functionality.
+ *
+ * @param tester associated protected_tester_t object
+ * 
+ * @ingroup testcases
+ */
+void test_child_proposal(protected_tester_t *tester);
+
+#endif //CHILD_PROPOSAL_TEST_H_
+
+
+
+
index cbd7e0e..8da86e7 100644 (file)
@@ -424,8 +424,8 @@ void test_generator_with_sa_payload(protected_tester_t *tester)
        transform_substructure_t *transform1, *transform2;
        proposal_substructure_t *proposal1, *proposal2;
        ike_proposal_t *ike_proposals;
-       size_t child_proposal_count;
-       child_proposal_t *child_proposals;
+       linked_list_t *list;
+       child_proposal_t *child_proposal1, *child_proposal2;
        size_t ike_proposal_count;
        sa_payload_t *sa_payload;
        ike_header_t *ike_header;
@@ -655,52 +655,32 @@ void test_generator_with_sa_payload(protected_tester_t *tester)
        tester->assert_true(tester,(generator != NULL), "generator create check");
        
 
-       child_proposal_count = 2;
-       child_proposals = allocator_alloc(child_proposal_count * (sizeof(child_proposal_t)));
-
-       child_proposals[0].ah.is_set = TRUE;
-       child_proposals[0].ah.integrity_algorithm = AUTH_HMAC_MD5_96;
-       child_proposals[0].ah.integrity_algorithm_key_size = 20;
-       child_proposals[0].ah.diffie_hellman_group = MODP_2048_BIT;
-       child_proposals[0].ah.extended_sequence_numbers = EXT_SEQ_NUMBERS;
-       child_proposals[0].ah.spi[0] = 1;
-       child_proposals[0].ah.spi[1] = 1;
-       child_proposals[0].ah.spi[2] = 1;
-       child_proposals[0].ah.spi[3] = 1;
-
-       child_proposals[0].esp.is_set = TRUE;
-       child_proposals[0].esp.diffie_hellman_group = MODP_1024_BIT;
-       child_proposals[0].esp.encryption_algorithm = ENCR_AES_CBC;
-       child_proposals[0].esp.encryption_algorithm_key_size = 32;
-       child_proposals[0].esp.integrity_algorithm = AUTH_UNDEFINED;
-       child_proposals[0].esp.spi[0] = 2;
-       child_proposals[0].esp.spi[1] = 2;
-       child_proposals[0].esp.spi[2] = 2;
-       child_proposals[0].esp.spi[3] = 2;
-       
-       child_proposals[1].ah.is_set = TRUE;
-       child_proposals[1].ah.integrity_algorithm = AUTH_HMAC_MD5_96;
-       child_proposals[1].ah.integrity_algorithm_key_size = 20;
-       child_proposals[1].ah.diffie_hellman_group = MODP_2048_BIT;
-       child_proposals[1].ah.extended_sequence_numbers = EXT_SEQ_NUMBERS;
-       child_proposals[1].ah.spi[0] = 1;
-       child_proposals[1].ah.spi[1] = 1;
-       child_proposals[1].ah.spi[2] = 1;
-       child_proposals[1].ah.spi[3] = 1;
-
-       child_proposals[1].esp.is_set = TRUE;
-       child_proposals[1].esp.diffie_hellman_group = MODP_1024_BIT;
-       child_proposals[1].esp.encryption_algorithm = ENCR_AES_CBC;
-       child_proposals[1].esp.encryption_algorithm_key_size = 32;
-       child_proposals[1].esp.integrity_algorithm = AUTH_HMAC_MD5_96;
-       child_proposals[1].esp.integrity_algorithm_key_size = 20;
-       child_proposals[1].esp.spi[0] = 2;
-       child_proposals[1].esp.spi[1] = 2;
-       child_proposals[1].esp.spi[2] = 2;
-       child_proposals[1].esp.spi[3] = 2;      
-       
-       
-       sa_payload = sa_payload_create_from_child_proposals(child_proposals,child_proposal_count);
+       child_proposal1 = child_proposal_create(1);
+       
+       child_proposal1->add_algorithm(child_proposal1, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20);
+       child_proposal1->add_algorithm(child_proposal1, AH, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0);
+       child_proposal1->add_algorithm(child_proposal1, AH, EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0);
+       child_proposal1->set_spi(child_proposal1, AH, 0x01010101l);
+       
+       child_proposal1->add_algorithm(child_proposal1, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 20);
+       child_proposal1->add_algorithm(child_proposal1, ESP, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
+       child_proposal1->set_spi(child_proposal1, ESP, 0x02020202);
+       
+       
+       child_proposal2->add_algorithm(child_proposal2, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20);
+       child_proposal2->add_algorithm(child_proposal2, AH, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0);
+       child_proposal2->add_algorithm(child_proposal2, AH, EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0);
+       child_proposal2->set_spi(child_proposal2, AH, 0x01010101);
+       
+       child_proposal2->add_algorithm(child_proposal2, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 32);
+       child_proposal2->add_algorithm(child_proposal2, ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20);
+       child_proposal2->add_algorithm(child_proposal2, ESP, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
+       child_proposal2->set_spi(child_proposal2, ESP, 0x02020202);
+       
+       list->insert_last(list, (void*)child_proposal1);
+       list->insert_last(list, (void*)child_proposal2);
+       
+       sa_payload = sa_payload_create_from_child_proposals(list);
        tester->assert_true(tester,(sa_payload != NULL), "sa_payload create check");
 
        generator->generate_payload(generator,(payload_t *)sa_payload);
@@ -774,7 +754,9 @@ void test_generator_with_sa_payload(protected_tester_t *tester)
        tester->assert_true(tester,(memcmp(expected_generation3,generated_data.ptr,sizeof(expected_generation3)) == 0), "compare generated data");
 
        sa_payload->destroy(sa_payload);
-       allocator_free(child_proposals);
+       child_proposal1->destroy(child_proposal1);
+       child_proposal2->destroy(child_proposal2);
+       list->destroy(list);
        allocator_free_chunk(&generated_data);
        generator->destroy(generator);
        
index 8ab2dc0..92493b2 100644 (file)
@@ -106,8 +106,6 @@ void test_parser_with_sa_payload(protected_tester_t *tester)
        iterator_t *proposals, *transforms, *attributes;
     ike_proposal_t *ike_proposals;
     size_t ike_proposal_count;
-    child_proposal_t *child_proposals;
-    size_t child_proposal_count;
        
        /* first test generic parsing functionality */
                
@@ -352,7 +350,7 @@ void test_parser_with_sa_payload(protected_tester_t *tester)
 
        status = sa_payload->get_ike_proposals (sa_payload, &ike_proposals, &ike_proposal_count);       
        tester->assert_false(tester,(status == SUCCESS),"get ike proposals call check");
-       
+       /*
        status = sa_payload->get_child_proposals (sa_payload, &child_proposals, &child_proposal_count); 
        tester->assert_true(tester,(status == SUCCESS),"get child proposals call check");       
        
@@ -398,12 +396,12 @@ void test_parser_with_sa_payload(protected_tester_t *tester)
        tester->assert_true(tester,(child_proposals[1].esp.spi[1] == 2),"spi check");
        tester->assert_true(tester,(child_proposals[1].esp.spi[2] == 2),"spi check");
        tester->assert_true(tester,(child_proposals[1].esp.spi[3] == 2),"spi check");
-
+       
        if (status == SUCCESS)
        {
                allocator_free(child_proposals);
        }
-
+       */
        
        sa_payload->destroy(sa_payload);
 }
index 7eecb63..aada26c 100644 (file)
@@ -37,13 +37,12 @@ void test_sa_config(protected_tester_t *tester)
 {
        sa_config_t *sa_config; 
        traffic_selector_t *ts_policy[3], *ts_request[4], *ts_reference[3], **ts_result;
-       child_proposal_t prop[3], *prop_result;
+       child_proposal_t *proposal1, *proposal2, *proposal3, *proposal_sel;
+       linked_list_t *list;
        size_t count;
        logger_t *logger;
        ts_payload_t *ts_payload;
        
-       u_int8_t spi[4] = {0x01,0x02,0x03,0x04};
-       
        logger = charon->logger_manager->create_logger(charon->logger_manager, TESTER, NULL);
        logger->disable_level(logger, FULL);
        
@@ -61,43 +60,29 @@ void test_sa_config(protected_tester_t *tester)
         */
        
        /* esp only prop */
-       prop[0].ah.is_set = FALSE;
-       prop[0].esp.is_set = TRUE;
-       prop[0].esp.encryption_algorithm = ENCR_AES_CBC;
-       prop[0].esp.encryption_algorithm_key_size = 16;
+       proposal1 = child_proposal_create(1);
+       proposal1->add_algorithm(proposal1, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
        
        /* ah only prop */
-       prop[1].esp.is_set = FALSE;
-       prop[1].ah.is_set = TRUE;
-       prop[1].ah.integrity_algorithm = AUTH_HMAC_SHA1_96;
-       prop[1].ah.integrity_algorithm_key_size = 20;
+       proposal2 = child_proposal_create(2);
+       proposal2->add_algorithm(proposal2, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
        
        /* ah and esp prop */
-       prop[2].esp.is_set = TRUE;
-       prop[2].esp.encryption_algorithm = ENCR_3DES;
-       prop[2].esp.encryption_algorithm_key_size = 16;
-       prop[2].ah.is_set = TRUE;
-       prop[2].ah.integrity_algorithm = AUTH_HMAC_MD5_96;
-       prop[2].ah.integrity_algorithm_key_size = 20;
+       proposal3 = child_proposal_create(3);
+       proposal3->add_algorithm(proposal3, ESP, ENCRYPTION_ALGORITHM, ENCR_3DES, 16);
+       proposal3->add_algorithm(proposal3, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20);
        
        
-       sa_config->add_proposal(sa_config, &prop[0]);
-       sa_config->add_proposal(sa_config, &prop[1]);
-       sa_config->add_proposal(sa_config, &prop[2]);
+       sa_config->add_proposal(sa_config, proposal1);
+       sa_config->add_proposal(sa_config, proposal2);
+       sa_config->add_proposal(sa_config, proposal3);
 
        
-       count = sa_config->get_proposals(sa_config, spi, spi, &prop_result);
-       tester->assert_true(tester, (count == 3), "proposal count");
-       allocator_free(prop_result);
+       list = sa_config->get_proposals(sa_config);
+       tester->assert_true(tester, (list->get_count(list) == 3), "proposal count");
        
        
-               
-       prop_result = sa_config->select_proposal(sa_config, spi, spi, &prop[1], 2);
-       tester->assert_true(tester, prop_result->esp.is_set == prop[1].esp.is_set, "esp.is_set");
-       tester->assert_true(tester, prop_result->ah.integrity_algorithm == prop[1].ah.integrity_algorithm, "ah.integrity_algorithm");
-       tester->assert_true(tester, prop_result->ah.integrity_algorithm_key_size == prop[1].ah.integrity_algorithm_key_size, "ah.integrity_algorithm_key_size");
-       tester->assert_true(tester, memcmp(prop_result->ah.spi, spi, 4) == 0, "spi");
-       allocator_free(prop_result);
+       //proposal_sel = sa_config->select_proposal(sa_config, list);
 
        
        /* 
index 603d6db..40a1142 100644 (file)
@@ -58,6 +58,7 @@
 #include <testcases/encryption_payload_test.h>
 #include <testcases/init_config_test.h>
 #include <testcases/sa_config_test.h>
+#include <testcases/child_proposal_test.h>
 #include <testcases/rsa_test.h>
 #include <testcases/kernel_interface_test.h>
 
@@ -122,6 +123,7 @@ test_t hmac_signer_test2 = {test_hmac_sha1_signer, "HMAC SHA1 signer test"};
 test_t encryption_payload_test = {test_encryption_payload, "encryption payload test"};
 test_t init_config_test = {test_init_config, "init_config_t test"};
 test_t sa_config_test = {test_sa_config, "sa_config_t test"};
+test_t child_proposal_test = {test_child_proposal, "child_proposal_t test"};
 test_t rsa_test = {test_rsa, "RSA private/public key test"};
 test_t kernel_interface_test = {test_kernel_interface, "Kernel Interface"};
 
@@ -136,7 +138,7 @@ static void daemon_kill(daemon_t *this, char* none)
        this->job_queue->destroy(this->job_queue);
        this->event_queue->destroy(this->event_queue);
        this->send_queue->destroy(this->send_queue);
-       this->configuration_manager->destroy(this->configuration_manager);
+       //this->configuration_manager->destroy(this->configuration_manager);
        allocator_free(charon);
 }
 
@@ -153,12 +155,12 @@ daemon_t *daemon_create()
        charon->kill = daemon_kill;
        
        charon->logger_manager = logger_manager_create(0);
-       charon->socket = socket_create(4600);
+       charon->socket = socket_create(4510);
        charon->ike_sa_manager = ike_sa_manager_create();
        charon->job_queue = job_queue_create();
        charon->event_queue = event_queue_create();
        charon->send_queue = send_queue_create();
-       charon->configuration_manager = configuration_manager_create(RETRANSMIT_TIMEOUT,MAX_RETRANSMIT_COUNT,HALF_OPEN_IKE_SA_TIMEOUT);
+       //charon->configuration_manager = configuration_manager_create(RETRANSMIT_TIMEOUT,MAX_RETRANSMIT_COUNT,HALF_OPEN_IKE_SA_TIMEOUT);
        charon->sender = NULL;
        charon->receiver = NULL;
        charon->scheduler = NULL;
@@ -231,6 +233,7 @@ int main()
                &encryption_payload_test,
                &init_config_test,
                &sa_config_test,
+               &child_proposal_test,
                &rsa_test,
                NULL
        };
@@ -247,7 +250,7 @@ int main()
        
 
        //tester->perform_tests(tester,all_tests);
-       tester->perform_test(tester,&kernel_interface_test);
+       tester->perform_test(tester,&child_proposal_test);
        
        
        tester->destroy(tester);
index 69e0ffc..f3e686a 100644 (file)
@@ -360,6 +360,23 @@ static int get_count(private_linked_list_t *this)
        return this->count;
 }
 
+/**
+ * Implementation of linked_list_t.call_on_items.
+ */
+static void call_on_items(private_linked_list_t *this, void(*func)(void*))
+{
+       iterator_t *iterator;
+       void *item;
+       
+       iterator = this->public.create_iterator(&(this->public),TRUE);
+       
+       while (iterator->has_next(iterator))
+       {
+               iterator->current(iterator, &item);
+               (*func)(item);
+       }
+       iterator->destroy(iterator);
+}
 
 /**
  * Implementation of linked_list_t.insert_first.
@@ -408,7 +425,10 @@ static status_t remove_first(private_linked_list_t *this, void **item)
        }
        this->first = element->next;
 
-       *item = element->value;
+       if (item != NULL)
+       {
+               *item = element->value;
+       }
 
        this->count--;
 
@@ -478,7 +498,10 @@ static status_t remove_last(private_linked_list_t *this, void **item)
        }
        this->last = element->previous;
 
-       *item = element->value;
+       if (item != NULL)
+       {
+               *item = element->value;
+       }
 
        this->count--;
 
@@ -649,6 +672,7 @@ linked_list_t *linked_list_create()
 
        this->public.get_count = (int (*) (linked_list_t *)) get_count;
        this->public.create_iterator = (iterator_t * (*) (linked_list_t *,bool )) create_iterator;
+       this->public.call_on_items = (void (*) (linked_list_t *, void(*func)(void*)))call_on_items;
        this->public.get_first = (status_t (*) (linked_list_t *, void **item)) get_first;
        this->public.get_last = (status_t (*) (linked_list_t *, void **item)) get_last;
        this->public.insert_first = (void (*) (linked_list_t *, void *item)) insert_first;
index 113d642..8647f06 100644 (file)
@@ -64,6 +64,22 @@ struct linked_list_t {
         * @return                              new iterator_t object
         */
        iterator_t * (*create_iterator) (linked_list_t *linked_list, bool forward);
+       
+       /**
+        * @brief Call a function with list element as argument.
+        * 
+        * This method accepts a function, which will be called for 
+        * each list element once. The function must accept the list
+        * element as the first argument. Handy for destruction of
+        * list elements.
+        * 
+        * @todo Additional vararg which are passed to the 
+        *               function would be nice...
+        * 
+        * @param linked_list   calling object
+        * @param func                  function to call
+        */
+       void (*call_on_items) (linked_list_t *linked_list, void(*func)(void*));
 
        /**
         * @brief Inserts a new item at the beginning of the list.
@@ -77,7 +93,7 @@ struct linked_list_t {
         * @brief Removes the first item in the list and returns its value.
         * 
         * @param linked_list   calling object
-        * @param[out] item     returned value of first item
+        * @param[out] item     returned value of first item, or NULL
         * @return
         *                                              - SUCCESS
         *                                              - NOT_FOUND, if list is empty
@@ -143,7 +159,7 @@ struct linked_list_t {
         * @brief Removes the last item in the list and returns its value.
         * 
         * @param linked_list   calling object
-        * @param[out] item             item returned value of last item
+        * @param[out] item             returned value of last item, or NULL
         * @return
         *                                              - SUCCESS
         *                                              - NOT_FOUND if list is empty
@@ -154,7 +170,7 @@ struct linked_list_t {
         * @brief Returns the value of the last list item without removing it.
         * 
         * @param linked_list   calling object
-        * @param[out] item             item returned value of last item
+        * @param[out] item             returned value of last item
         * @return
         *                                              - SUCCESS
         *                                              - NOT_FOUND if list is empty