- implemented sa_config
authorMartin Willi <martin@strongswan.org>
Thu, 1 Dec 2005 07:35:03 +0000 (07:35 -0000)
committerMartin Willi <martin@strongswan.org>
Thu, 1 Dec 2005 07:35:03 +0000 (07:35 -0000)
- uses identification
- and host
- untested
- ts need further tuning

12 files changed:
Source/charon/config/Makefile.config
Source/charon/config/sa_config.c
Source/charon/config/sa_config.h
Source/charon/network/host.c
Source/charon/network/host.h
Source/charon/sa/states/ike_sa_init_requested.c
Source/charon/sa/states/ike_sa_init_responded.c
Source/charon/utils/Makefile.utils
Source/charon/utils/allocator.c
Source/charon/utils/allocator.h
Source/charon/utils/identification.c [new file with mode: 0644]
Source/charon/utils/identification.h [new file with mode: 0644]

index 1333a24..b575e1f 100644 (file)
@@ -18,7 +18,11 @@ CONFIG_DIR= $(MAIN_DIR)config/
 OBJS+= $(BUILD_DIR)configuration_manager.o
 $(BUILD_DIR)configuration_manager.o :          $(CONFIG_DIR)configuration_manager.c $(CONFIG_DIR)configuration_manager.h
                                                                                        $(CC) $(CFLAGS) -c -o $@ $<
-                                                                               
+                                               
 OBJS+= $(BUILD_DIR)init_config.o
 $(BUILD_DIR)init_config.o :                                    $(CONFIG_DIR)init_config.c $(CONFIG_DIR)init_config.h
                                                                                        $(CC) $(CFLAGS) -c -o $@ $<
+                                                                                       
+OBJS+= $(BUILD_DIR)sa_config.o
+$(BUILD_DIR)sa_config.o :                                      $(CONFIG_DIR)sa_config.c $(CONFIG_DIR)sa_config.h
+                                                                                       $(CC) $(CFLAGS) -c -o $@ $<
index e69de29..deee85b 100644 (file)
@@ -0,0 +1,293 @@
+/**
+ * @file sa_config.c
+ * 
+ * @brief Implementation of sa_config_t.
+ * 
+ */
+
+/*
+ * Copyright (C) 2005 Jan Hutter, Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "sa_config.h"
+
+#include <utils/linked_list.h>
+#include <utils/allocator.h>
+
+typedef struct private_sa_config_t private_sa_config_t;
+
+/**
+ * Private data of an sa_config_t object
+ */
+struct private_sa_config_t {
+
+       /**
+        * Public part
+        */
+       sa_config_t public;
+       
+       /**
+        * id to use to identify us
+        */
+       identification_t *my_id;
+       
+       /**
+        * allowed id for other
+        */
+       identification_t *other_id;
+       
+       /**
+        * authentification method to use
+        */
+       auth_method_t auth_method;
+       
+       /**
+        * list for all proposals
+        */
+       linked_list_t *proposals;
+       
+       /**
+        * list for traffic selectors
+        */
+       linked_list_t *ts;
+       
+       /**
+        * compare two traffic_selectors for equality
+        */
+       bool (*traffic_selector_equals) (private_sa_config_t *this, traffic_selector_t *first,  traffic_selector_t *second);
+
+       /**
+        * compare two proposals for equality
+        */
+       bool (*proposal_equals) (private_sa_config_t *this, child_proposal_t *first, child_proposal_t *second);
+};
+
+
+static identification_t *get_my_id(private_sa_config_t *this)
+{
+       return this->my_id;
+}
+
+static identification_t *get_other_id(private_sa_config_t *this)
+{
+       return this->other_id;
+}
+
+static auth_method_t get_auth_method(private_sa_config_t *this)
+{
+       return this->auth_method;
+}
+       
+static size_t get_traffic_selectors(private_sa_config_t *this, traffic_selector_t **traffic_selectors)
+{
+       iterator_t *iterator;
+       traffic_selector_t *current_ts;
+       int counter = 0;
+       *traffic_selectors = allocator_alloc(sizeof(traffic_selector_t) * this->ts->get_count(this->ts));
+       
+       /* copy all ts from the list in an array */
+       iterator = this->ts->create_iterator(this->ts, TRUE);
+       while (iterator->has_next(iterator))
+       {
+               iterator->current(iterator, (void**)&current_ts);
+               memcpy((*traffic_selectors) + counter, current_ts, sizeof(traffic_selector_t));
+               counter++;
+       }
+       iterator->destroy(iterator);
+       return counter; 
+}
+
+static size_t select_traffic_selectors(private_sa_config_t *this, traffic_selector_t *supplied, size_t count, traffic_selector_t **selected)
+{
+       iterator_t *iterator;
+       traffic_selector_t *current_ts;
+       int i, counter = 0;
+       *selected = allocator_alloc(sizeof(traffic_selector_t) * this->ts->get_count(this->ts));
+       
+       /* iterate over all stored proposals */
+       iterator = this->ts->create_iterator(this->ts, TRUE);
+       while (iterator->has_next(iterator))
+       {
+               iterator->current(iterator, (void**)&current_ts);
+               for (i = 0; i < count; i++)
+               {
+                       /* copy if a supplied one is equal to ours */
+                       if (this->traffic_selector_equals(this, &(supplied[i]), current_ts))
+                       {
+                               memcpy((*selected) + counter, current_ts, sizeof(traffic_selector_t));
+                               counter++;
+                       }
+               }
+       }
+       iterator->destroy(iterator);
+       
+       /* free unused space */
+       *selected = allocator_realloc(*selected, sizeof(traffic_selector_t) * counter);
+       return counter; 
+}
+       
+static size_t get_proposals(private_sa_config_t *this, child_proposal_t **proposals)
+{
+       iterator_t *iterator;
+       child_proposal_t *current_proposal;
+       int counter = 0;
+       *proposals = allocator_alloc(sizeof(child_proposal_t) * this->proposals->get_count(this->proposals));
+       
+       /* copy all proposals from the list in an array */
+       iterator = this->proposals->create_iterator(this->proposals, TRUE);
+       while (iterator->has_next(iterator))
+       {
+               iterator->current(iterator, (void**)&current_proposal);
+               memcpy((*proposals) + counter, current_proposal, sizeof(child_proposal_t));
+               counter++;
+       }
+       iterator->destroy(iterator);
+       return counter; 
+}
+
+static child_proposal_t *select_proposal(private_sa_config_t *this, child_proposal_t *supplied, size_t count)
+{
+       iterator_t *iterator;
+       child_proposal_t *current_proposal, *selected_proposal = NULL;
+       int i;
+       
+       /* iterate over all stored proposals */
+       iterator = this->proposals->create_iterator(this->proposals, TRUE);
+       while (iterator->has_next(iterator))
+       {
+               iterator->current(iterator, (void**)&current_proposal);
+               /* copy and break if a proposal matches */
+               for (i = 0; i < count; i++)
+               {
+                       if (this->proposal_equals(this, &(supplied[i]), current_proposal))
+                       {
+                               selected_proposal = allocator_alloc(sizeof(child_proposal_t));
+                               memcpy(selected_proposal, current_proposal, sizeof(child_proposal_t));
+                               break;
+                       }
+               }
+       }
+       iterator->destroy(iterator);
+
+       return selected_proposal;
+}
+
+static bool traffic_selector_equals(private_sa_config_t *this, traffic_selector_t *first,  traffic_selector_t *second)
+{
+       if (first->protocol == second->protocol)
+       {
+               if (first->begin->equals(first->begin, second->begin) &&
+                       first->end->equals(first->end, second->end))
+               {
+                       return TRUE;
+                               
+               }
+       }
+       return FALSE;   
+}
+
+static bool proposal_equals(private_sa_config_t *this, child_proposal_t *first, child_proposal_t *second)
+{
+       if (first->ah.is_set && second->ah.is_set)
+       {
+               if ((first->ah.integrity_algorithm != second->ah.integrity_algorithm) ||
+                       (first->ah.key_size != second->ah.key_size))
+               {
+                       return FALSE;
+               }
+       }
+       else
+       {
+               return FALSE;   
+       }
+       if (first->esp.is_set && second->esp.is_set)
+       {
+               if ((first->esp.encryption_algorithm != second->esp.encryption_algorithm) ||
+                       (first->esp.key_size != second->esp.key_size))
+               {
+                       return FALSE;
+               }
+       }
+       else
+       {
+               return FALSE;   
+       }
+       return TRUE;
+}
+       
+static void add_traffic_selector(private_sa_config_t *this, traffic_selector_t *traffic_selector)
+{
+       this->ts->insert_last(this->ts, (void*)traffic_selector);
+}
+
+static void add_proposal(private_sa_config_t *this, child_proposal_t *proposal)
+{
+       this->proposals->insert_last(this->ts, (void*)proposal);
+}
+
+/**
+ * Implements sa_config_t.destroy.
+ */
+static status_t destroy(private_sa_config_t *this)
+{      
+       child_proposal_t *proposal;
+       traffic_selector_t *traffic_selector;
+       
+       /* delete proposals */
+       while(this->proposals->get_count(this->proposals) > 0)
+       {
+               this->proposals->remove_last(this->proposals, (void**)&proposal);
+               allocator_free(proposal);
+       }
+       this->proposals->destroy(this->proposals);
+       
+       /* delete traffic selectors */
+       while(this->ts->get_count(this->ts) > 0)
+       {
+               this->ts->remove_last(this->ts, (void**)&traffic_selector);
+               allocator_free(traffic_selector);
+       }
+       this->ts->destroy(this->ts);
+       
+       allocator_free(this);
+       return SUCCESS;
+}
+
+/*
+ * Described in header-file
+ */
+sa_config_t *sa_config_create()
+{
+       private_sa_config_t *this = allocator_alloc_thing(private_sa_config_t);
+
+       /* public functions */
+       this->public.get_my_id = (identification_t(*)(sa_config_t*))get_my_id;
+       this->public.get_other_id = (identification_t(*)(sa_config_t*))get_other_id;
+       this->public.get_auth_method = (auth_method_t(*)(sa_config_t*))get_auth_method;
+       this->public.get_traffic_selectors = (size_t(*)(sa_config_t*,traffic_selector_t**))get_traffic_selectors;
+       this->public.select_traffic_selectors = (size_t(*)(sa_config_t*,traffic_selector_t*,size_t,traffic_selector_t**))select_traffic_selectors;
+       this->public.get_proposals = (size_t(*)(sa_config_t*,child_proposal_t**))get_proposals;
+       this->public.select_proposal = (child_proposal_t*(*)(sa_config_t*,child_proposal_t*,size_t))select_proposal;
+       this->public.add_traffic_selector = (void(*)(sa_config_t*,traffic_selector_t*))add_traffic_selector;
+       this->public.add_proposal = (void(*)(sa_config_t*,child_proposal_t*))add_proposal;
+       this->public.destroy = (void(*)(sa_config_t*))destroy;
+
+       /* private variables */
+       this->proposal_equals = proposal_equals;
+       this->traffic_selector_equals = traffic_selector_equals;
+       this->proposals = linked_list_create();
+       this->ts = linked_list_create();
+
+       return (&this->public);
+}
index 94d05e1..9d6cbea 100644 (file)
@@ -1,4 +1,220 @@
+/**
+ * @file sa_config.h
+ * 
+ * @brief Interface of sa_config_t.
+ *  
+ */
+
+/*
+ * Copyright (C) 2005 Jan Hutter, Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
 #ifndef _SA_CONFIG_H_
 #define _SA_CONFIG_H_
 
+#include <types.h>
+#include <utils/identification.h>
+#include <encoding/payloads/auth_payload.h>
+#include <network/host.h>
+#include <transforms/crypters/crypter.h>
+#include <transforms/signers/signer.h>
+
+
+typedef struct child_proposal_t child_proposal_t;
+
+/**
+ * @brief Storage structure for a proposal for a child sa.
+ * 
+ * A proposal for a child sa contains data for 
+ * AH, ESP, or both.
+ * 
+ * @ingroup config
+ */
+struct child_proposal_t {
+       
+       /**
+        * Data for AH, if set
+        */
+       struct {
+               bool is_set;
+               integrity_algorithm_t integrity_algorithm;
+               size_t key_size;
+       } ah;
+       
+       /**
+        * data for ESP, if set
+        */
+       struct {
+               bool is_set;
+               encryption_algorithm_t encryption_algorithm;
+               size_t key_size;
+       } esp;
+};
+
+
+typedef struct traffic_selector_t traffic_selector_t;
+
+/**
+ * @brief Storage structure for a traffic selection.
+ * 
+ * Specifies a protocol and a valid IP and port range.
+ * 
+ * @ingroup config
+ */
+struct traffic_selector_t {
+       /**
+        * Protocol for which this ts applies (TCP/UDP/ICMP)
+        */
+       u_int8_t protocol;
+       /**
+        * Start address and port for allowed range
+        */
+       host_t *begin;
+       /**
+        * End address and port for allowed range
+        */
+       host_t *end;
+};
+
+
+typedef struct sa_config_t sa_config_t;
+
+/**
+ * @brief Stores configuration of an initialized connection.
+ * 
+ * During the IKE_AUTH phase, we have enought data to specify a 
+ * configuration. 
+ * 
+ * @warning This config is not thread save.
+ * 
+ * @ingroup config
+ */
+struct sa_config_t {
+       
+       /**
+        * @brief Get own id to use for identification.
+        * 
+        * @param this                                  calling object
+        * @return                                              own id
+        */
+       identification_t (*get_my_id) (sa_config_t *this);
+       
+       /**
+        * @brief Get id of communication partner..
+        * 
+        * @param this                                  calling object
+        * @return                                              other id
+        */
+       identification_t (*get_other_id) (sa_config_t *this);
+       
+       /**
+        * @brief Get authentication method to use for IKE_AUTH.
+        * 
+        * @param this                                  calling object
+        * @return                                              authentication methood
+        */
+       auth_method_t (*get_auth_method) (sa_config_t *this);
+       
+       /**
+        * @brief Get configured traffic selectors.
+        * 
+        * @warning Resulting array must be freed!
+        * 
+        * @param this                                  calling object
+        * @param[out]traffic_selectors pointer where traffic selectors will be allocated
+        * @return                                              number of returned traffic selectors
+        */
+       size_t (*get_traffic_selectors) (sa_config_t *this, traffic_selector_t **traffic_selectors);
+       
+       /**
+        * @brief Select traffic selectors from a supplied list.
+        * 
+        * @warning Resulting array must be freed!
+        * 
+        * @param this                                  calling object
+        * @param supplied                              pointer to an array of ts to select from.
+        * @param count                                 number of ts stored at supplied
+        * @param[out]traffic_selectors pointer where selected traffic selectors will be allocated
+        * @return                                              number of selected traffic selectors
+        */
+       size_t (*select_traffic_selectors) (sa_config_t *this, traffic_selector_t *supplied, size_t count, traffic_selector_t **selected);
+       
+       /**
+        * @brief Get the list of proposals for this config.
+        * 
+        * @warning Resulting array must be freed!
+        * 
+        * @param this                                  calling object
+        * @param[out]traffic_selectors pointer where proposals will be allocated
+        * @return                                              number of allocated proposals
+        */
+       size_t (*get_proposals) (sa_config_t *this, child_proposal_t **proposals);
+       
+       /**
+        * @brief Select a proposal from a supplied list
+        * 
+        * @warning Resulting array must be freed!
+        * 
+        * @param this                                  calling object
+        * @param supplied                              pointer to an array of proposals to select from.
+        * @param count                                 number of proposals stored at supplied
+        * @return                                              the selected proposal
+        */
+       child_proposal_t* (*select_proposal) (sa_config_t *this, child_proposal_t *supplied, size_t count);
+       
+       /**
+        * @brief Add a traffic selector to the list. 
+        * 
+        * Added proposal will be destroyed with config destruction.
+        * 
+        * @warning Do not add while other threads are reading.
+        * 
+        * @param this                                  calling object
+        * @param traffic_selector              traffic_selector to add
+        */
+       void (*add_traffic_selector) (sa_config_t *this, traffic_selector_t *traffic_selector);
+       
+       /**
+        * @brief Add a proposal to the list. 
+        * 
+        * The proposals are stored by priority, first added
+        * is the most prefered.
+        * Added proposal will be destroyed with config destruction.
+        * 
+        * @warning Do not add while other threads are reading.
+        * 
+        * @param this                                  calling object
+        * @param proposal                              proposal to add
+        */
+       void (*add_proposal) (sa_config_t *this, child_proposal_t *proposal);
+       
+       /**
+        * @brief Destroys the config object
+        * 
+        * 
+        * @param this                          calling object
+        */
+       void (*destroy) (sa_config_t *this);
+};
+
+/**
+ * @brief Create a configuration object for IKE_AUTH and later.
+ * 
+ * @return             created sa_config_t
+ * 
+ * @ingroup config
+ */
+sa_config_t *sa_config_create();
+
 #endif //_SA_CONFIG_H_
index 4386123..f78e7b8 100644 (file)
@@ -153,6 +153,30 @@ static private_host_t *clone(private_host_t *this)
 }
 
 
+/**
+ * Impelements host_t.equals
+ */
+static bool equals(private_host_t *this, private_host_t *other)
+{
+       switch (this->family)
+       {
+               /* IPv4 */
+               case AF_INET:
+               {
+                       struct sockaddr_in *sin1 = (struct sockaddr_in*)&(this->address);
+                       struct sockaddr_in *sin2 = (struct sockaddr_in*)&(other->address);
+                       if ((sin1->sin_family == sin2->sin_family) &&
+                               (sin1->sin_port == sin2->sin_port) &&
+                               (sin1->sin_addr.s_addr == sin2->sin_addr.s_addr))
+                       {
+                               return TRUE;    
+                       }
+               }
+       }
+       return FALSE;
+}
+
+
 /*
  * Described in header.
  */
@@ -200,6 +224,7 @@ host_t *host_create_from_chunk(int family, chunk_t address, u_int16_t port)
        this->public.get_address = (char* (*) (host_t *))get_address;
        this->public.get_address_as_chunk = (chunk_t (*) (host_t *)) get_address_as_chunk;
        this->public.get_port = (u_int16_t (*) (host_t *))get_port;
+       this->public.equals = (bool (*) (host_t *,host_t *))equals;
        this->public.destroy = (void (*) (host_t*))destroy;
        
        this->family = family;
index fa06b14..379eab0 100644 (file)
@@ -105,6 +105,15 @@ struct host_t {
         * @return                              port number
         */
        u_int16_t (*get_port) (host_t *this);
+               
+       /** 
+        * @brief Compare two hosts.
+        * 
+        * @param this                  object to compare
+        * @param other                 the other to compare
+        * @return                              TRUE if port and address are equal
+        */
+       bool (*equals) (host_t *this, host_t *other);
        
        /** 
         * @brief Destroy this host object
index dc68fb9..5f6679f 100644 (file)
@@ -352,7 +352,7 @@ static void build_id_payload (private_ike_sa_init_requested_t *this, payload_t *
        /* TODO configuration manager request */
        id_payload->set_id_type(id_payload,ID_RFC822_ADDR);
        email.ptr = "moerdi@hsr.ch";
-       email.len = strlen(email.ptr);
+       email.len = strlen(email.ptr)+1;
        this->logger->log_chunk(this->logger, CONTROL, "Moerdi",&email);
        id_payload->set_data(id_payload,email);
        
index 34bc1db..cd44faf 100644 (file)
  
 #include "ike_sa_init_responded.h"
 
+#include <daemon.h>
 #include <utils/allocator.h>
+#include <encoding/payloads/ts_payload.h>
+#include <encoding/payloads/sa_payload.h>
+#include <encoding/payloads/id_payload.h>
+#include <encoding/payloads/auth_payload.h>
 #include <transforms/signers/signer.h>
 #include <transforms/crypters/crypter.h>
 
@@ -78,9 +83,12 @@ static status_t process_message(private_ike_sa_init_responded_t *this, message_t
        status_t status;
        signer_t *signer;
        crypter_t *crypter;
-       iterator_t *payloads;
+       iterator_t *payloads, *iterator;
        exchange_type_t exchange_type;
-       
+       id_payload_t *idi_payload, *idr_payload;
+       auth_payload_t *auth_payload;
+       sa_payload_t *sa_payload;
+       ts_payload_t *tsi_payload, *tsr_payload;
 
        exchange_type = message->get_exchange_type(message);
        if (exchange_type != IKE_AUTH)
@@ -96,7 +104,6 @@ static status_t process_message(private_ike_sa_init_responded_t *this, message_t
                return FAILED;
        }
        
-       
        /* get signer for verification and crypter for decryption */
        signer = this->ike_sa->get_signer_initiator(this->ike_sa);
        crypter = this->ike_sa->get_crypter_initiator(this->ike_sa);
@@ -109,77 +116,59 @@ static status_t process_message(private_ike_sa_init_responded_t *this, message_t
                return status;
        }
        
-       /* iterate over incoming payloads. We can be sure, the message contains only accepted payloads! */
+       /* iterate over incoming payloads. Message is verified, we can be sure there are the required payloads */
        payloads = message->get_payload_iterator(message);
-       
        while (payloads->has_next(payloads))
        {
                payload_t *payload;
-               
-               /* get current payload */
                payloads->current(payloads, (void**)&payload);
                
-               this->logger->log(this->logger, CONTROL|MORE, "Processing payload of type %s", mapping_find(payload_type_m, payload->get_type(payload)));
                switch (payload->get_type(payload))
                {
-//                     case SECURITY_ASSOCIATION:
-//                     {
-//                             sa_payload_t *sa_payload = (sa_payload_t*)payload;
-//                             iterator_t *suggested_proposals, *accepted_proposals;
-//                             proposal_substructure_t *accepted_proposal;
-//                             
-//                             accepted_proposals = this->proposals->create_iterator(this->proposals, FALSE);
-//                             
-//                             /* get the list of suggested proposals */ 
-//                             suggested_proposals = sa_payload->create_proposal_substructure_iterator(sa_payload, TRUE);
-//                             
-//                             /* now let the configuration-manager select a subset of the proposals */
-//                             status = charon->configuration_manager->select_proposals_for_host(charon->configuration_manager,
-//                                                                     this->ike_sa->get_other_host(this->ike_sa), suggested_proposals, accepted_proposals);
-//                             if (status != SUCCESS)
-//                             {
-//                                     this->logger->log(this->logger, CONTROL | MORE, "No proposal of suggested proposals selected");
-//                                     suggested_proposals->destroy(suggested_proposals);
-//                                     accepted_proposals->destroy(accepted_proposals);
-//                                     payloads->destroy(payloads);
-//                                     return status;
-//                             }
-//                             
-//                             /* iterators are not needed anymore */                  
-//                             suggested_proposals->destroy(suggested_proposals);
-//                             
-//                             /* let the ike_sa create their own transforms from proposal informations */
-//                             accepted_proposals->reset(accepted_proposals);
-//                             /* TODO check for true*/
-//                             accepted_proposals->has_next(accepted_proposals);
-//                             status = accepted_proposals->current(accepted_proposals,(void **)&accepted_proposal);
-//                             if (status != SUCCESS)
-//                             {
-//                                     this->logger->log(this->logger, ERROR | MORE, "Accepted proposals not supported?!");
-//                                     accepted_proposals->destroy(accepted_proposals);
-//                                     payloads->destroy(payloads);
-//                                     return status;
-//                             }
-//                             
-//                             status = this->ike_sa->create_transforms_from_proposal(this->ike_sa,accepted_proposal); 
-//                             accepted_proposals->destroy(accepted_proposals);
-//                             if (status != SUCCESS)
-//                             {
-//                                     this->logger->log(this->logger, ERROR | MORE, "Transform objects could not be created from selected proposal");
-//                                     payloads->destroy(payloads);
-//                                     return status;
-//                             }
-//                             
-//                             this->logger->log(this->logger, CONTROL | MORE, "SA Payload processed");
-//                             /* ok, we have what we need for sa_payload (proposals are stored in this->proposals)*/
-//                             break;
-//                     }
-       
+                       case ID_INITIATOR:
+                       {
+                               idi_payload = (id_payload_t*)payload;
+                               break;  
+                       }
+                       case AUTHENTICATION:
+                       {
+                               auth_payload = (auth_payload_t*)payload;
+                               break;  
+                       }
+                       case ID_RESPONDER:
+                       {
+                               /* TODO handle idr payloads */
+                               break;  
+                       }
+                       case SECURITY_ASSOCIATION:
+                       {
+                               sa_payload = (sa_payload_t*)payload;
+                               break;
+                       }
+                       case CERTIFICATE:
+                       {
+                               /* TODO handle cert payloads */
+                               break;
+                       }
+                       case CERTIFICATE_REQUEST:
+                       {
+                               /* TODO handle certrequest payloads */
+                               break;
+                       }
+                       case TRAFFIC_SELECTOR_INITIATOR:
+                       {
+                               tsi_payload = (ts_payload_t*)payload;                           
+                               break;  
+                       }
+                       case TRAFFIC_SELECTOR_RESPONDER:
+                       {
+                               tsr_payload = (ts_payload_t*)payload;
+                               break;  
+                       }
                        default:
                        {
-                               this->logger->log(this->logger, ERROR | MORE, "Payload type not supported!");
-                               payloads->destroy(payloads);
-                               return NOT_SUPPORTED;
+                               /* can't happen, since message is verified */
+                               break;
                        }
                }
        }
@@ -187,11 +176,64 @@ static status_t process_message(private_ike_sa_init_responded_t *this, message_t
        payloads->destroy(payloads);
        
        
+       /* 
+        * ID Payload 
+        */
+       this->logger->log(this->logger, CONTROL|MOST, "type of IDi is %s", 
+                                               mapping_find(id_type_m, idi_payload->get_id_type(idi_payload)));
+       chunk_t data = idi_payload->get_data(idi_payload);
+       
+       this->logger->log(this->logger, CONTROL|MOST, "data of IDi is %s", 
+                                               data.ptr);
+       
+//     charon->configuration_manager->get_my_default_id(charon->configuration_manager, id
+//
+//     
+//     
+//     
+//     this->logger->log(this->logger, CONTROL|MOST, "type of AUTH is %s", 
+//                                             mapping_find(auth_method_m, auth_payload->get_auth_method(auth_payload)));
+//     
+//     /* get the list of suggested proposals */ 
+//     suggested_proposals = sa_payload->create_proposal_substructure_iterator(sa_payload, TRUE);
+//     
+//     /* now let the configuration-manager select a subset of the proposals */
+//     status = charon->configuration_manager->select_proposals_for_host(charon->configuration_manager,
+//                                             this->ike_sa->get_other_host(this->ike_sa), suggested_proposals, accepted_proposals);
+//                             
+                       
+//     iterator = tsi_payload->create_traffic_selector_substructure_iterator(tsi_payload, TRUE);
+//     while (iterator->has_next(iterator))
+//     {
+//             traffic_selector_substructure_t *ts;
+//             iterator->current(iterator, (void**)ts);
+//             this->logger->log(this->logger, CONTROL|MOST, "type of TSi is %s", 
+//                                                     mapping_find(ts_type_m, ts->get_ts_type(ts)));
+//             
+//     }
+//     iterator->destroy(iterator);
+//     
+//     iterator = tsr_payload->create_traffic_selector_substructure_iterator(tsr_payload, TRUE);
+//     while (iterator->has_next(iterator))
+//     {
+//             traffic_selector_substructure_t *ts;
+//             iterator->current(iterator, (void**)ts);
+//             this->logger->log(this->logger, CONTROL|MOST, "type of TSr is %s", 
+//                                                     mapping_find(ts_type_m, ts->get_ts_type(ts)));
+//             
+//     }
+//     iterator->destroy(iterator);
+       
+       
        
        this->logger->log(this->logger, CONTROL | MORE, "Request successfully handled. Going to create reply.");
-
-       this->logger->log(this->logger, CONTROL | MOST, "Going to create nonce.");      
        
+       return SUCCESS;
+}
+
+
+static status_t build_id_payload(private_ike_sa_init_responded_t *this, id_payload_t *id_payload)
+{
        
        return SUCCESS;
 }
index e66a060..b9c0067 100644 (file)
@@ -42,3 +42,7 @@ $(BUILD_DIR)randomizer.o :            $(UTILS_DIR)randomizer.c $(UTILS_DIR)randomizer.h
 OBJS+= $(BUILD_DIR)tester.o
 $(BUILD_DIR)tester.o :                 $(UTILS_DIR)tester.c $(UTILS_DIR)tester.h
                                                                $(CC) $(CFLAGS) -c -o $@ $<
+
+OBJS+= $(BUILD_DIR)identification.o
+$(BUILD_DIR)identification.o : $(UTILS_DIR)identification.c $(UTILS_DIR)identification.h
+                                                               $(CC) $(CFLAGS) -c -o $@ $<
index 46194e8..8c314a8 100644 (file)
@@ -264,6 +264,25 @@ static void * clone_bytes(allocator_t *allocator,void * to_clone, size_t bytes,
        return new_space;
 }
 
+
+/**
+ * Implementation of allocator_t.clone_chunk. 
+ */
+static chunk_t clone_chunk(allocator_t *allocator, chunk_t chunk, char * file, int line)
+{
+       private_allocator_t *this = (private_allocator_t *) allocator;
+       chunk_t clone = CHUNK_INITIALIZER;
+       
+       if (chunk.ptr && chunk.len > 0)
+       {
+               clone.ptr = this->allocate_special(this,chunk.len,file,line,TRUE);
+               clone.len = chunk.len;
+               memcpy(clone.ptr, chunk.ptr, chunk.len);
+       }
+       
+    return clone;
+}
+
 /**
  * Implementation of allocator_t.allocator_report_memory_leaks. 
  */
@@ -305,6 +324,7 @@ static private_allocator_t allocator = {
                         free_pointer: free_pointer,
                         reallocate: reallocate,
                         clone_bytes : clone_bytes,
+                        clone_chunk : clone_chunk,
                         report_memory_leaks: allocator_report_memory_leaks},
        allocations: NULL,
        allocate_special : allocate_special,
@@ -356,6 +376,25 @@ void * allocator_clone_bytes(void * pointer, size_t size)
        return (data);
 }
 
+
+/**
+ * Described in header
+ */
+static chunk_t clone_chunk(chunk_t chunk)
+{
+       chunk_t clone = CHUNK_INITIALIZER;
+       
+       if (chunk.ptr && chunk.len > 0)
+       {
+               clone.ptr = malloc(chunk.len);
+               if (clone.ptr == NULL) {exit(-1)};
+               clone.len = chunk.len;
+               memcpy(clone.ptr, chunk.ptr, chunk.len);
+       }
+       
+    return clone;
+}
+
 /*
  * Described in header
  */
index f27610a..a863117 100644 (file)
                 *                              - NULL if out of ressources
                 */ 
                void * (*clone_bytes) (allocator_t *this,void * to_clone, size_t bytes, char * file, int line);         
+               
+               /**
+                * Clones a chunk with LEAK_DETECTION and returns a cloned chunk.
+                * 
+                * @warning     Use this function not directly, only with assigned macro 
+                *                              #allocator_clone_chunk-
+                * 
+                * @param this  allocator_t object
+                * @param chunk chunk to clone
+                * @param file  filename from which the memory is allocated
+                * @param line  line number in specific file
+                * @return              
+                *                              - pointer to reallocated memory area if successful
+                *                              - NULL if out of ressources
+                */ 
+               chunk_t (*clone_chunk) (allocator_t *this, chunk_t chunk, char * file, int line);               
                                
                /**
                 * Frees memory with LEAK_DETECTION.
         */
        #define allocator_clone_bytes(old,bytes) (global_allocator->clone_bytes(global_allocator,old,bytes,__FILE__, __LINE__))
        
+       
+       /**
+        * Macro to clone a chunk and its contents
+        * 
+        * See #allocator_t.clone_chunk  for description.
+        * 
+        * @ingroup utils
+        */
+       #define allocator_clone_chunk(chunk) (global_allocator->clone_chunk(global_allocator,chunk,__FILE__, __LINE__))
+       
        /**
         * Macro to free some memory.
         * 
        void * allocator_clone_bytes(void * pointer, size_t size);
        
        /**
+        * Clone a chunk and its contents.
+        *
+        *
+        * @param chunk         chunk to clone
+        * @return                      cloned chunk
+        * 
+        * @ingroup utils
+        */
+       chunk_t allocator_clone_bytes(chunk_t chunk);
+       
+       /**
         * Frees memory used by chunk.
         * 
         * @param chunk         pointer of chunk to free
diff --git a/Source/charon/utils/identification.c b/Source/charon/utils/identification.c
new file mode 100644 (file)
index 0000000..270d962
--- /dev/null
@@ -0,0 +1,189 @@
+/**
+ * @file identification.c
+ * 
+ * @brief Implementation of identification_t. 
+ * 
+ */
+
+/*
+ * Copyright (C) 2005 Jan Hutter, Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
+#include "identification.h"
+
+#include <utils/allocator.h>
+
+
+typedef struct private_identification_t private_identification_t;
+
+/**
+ * Private data of an identification_t object.
+ */
+struct private_identification_t {
+       /**
+        * Public interface.
+        */
+       identification_t public;
+       
+       /**
+        * string representation of this id
+        */
+       char *string;
+       
+       /**
+        * encoded representation of this id
+        */
+       chunk_t encoded;
+       
+       /**
+        * type of this id
+        */
+       id_type_t type;
+};
+
+/**
+ * implements identification_t.get_encoding
+ */
+static chunk_t get_encoding(private_identification_t *this)
+{
+       return this->encoded;
+}
+
+/**
+ * implements identification_t.get_type
+ */
+static id_type_t get_type(private_identification_t *this)
+{
+       return this->type;
+}
+       
+/**
+ * implements identification_t.get_string
+ */
+static char *get_string(private_identification_t *this)
+{
+       return this->string;
+}
+
+/**
+ * implements identification_t.destroy
+ */
+static void destroy(private_identification_t *this)
+{
+       allocator_free(this->string);
+       allocator_free(this->encoded.ptr);
+       allocator_free(this);   
+}
+
+/**
+ * Generic constructor used for the other twos
+ */
+static private_identification_t *identification_create()
+{
+       
+       private_identification_t *this = allocator_alloc_thing(private_identification_t);
+       
+       /* assign methods */
+       this->public.get_encoding = (chunk_t (*) (identification_t*))get_encoding;
+       this->public.get_type = (id_type_t (*) (identification_t*))get_type;
+       this->public.get_string = (char* (*) (identification_t*))get_string;
+       this->public.destroy = (void (*) (identification_t*))destroy;
+       
+       this->string = NULL;
+       this->encoded = CHUNK_INITIALIZER;
+       
+       return this;
+}
+
+/*
+ * Described in header.
+ */
+identification_t *identification_create_from_string(id_type_t type, char *string)
+{
+       private_identification_t *this = identification_create();
+       switch (type)
+       {
+               case ID_IPV4_ADDR:
+               {
+                       /* convert string */
+                       this->encoded.len = 4;
+                       this->encoded.ptr = allocator_alloc(this->encoded.len);
+                       if (inet_aton(string, ((struct in_addr*)(this->encoded.ptr))) == 0)
+                       {
+                               allocator_free(this->encoded.ptr);
+                               allocator_free(this);
+                               return NULL;
+                       }
+                       /* clone string */
+                       this->string = allocator_alloc(strlen(string)+1);
+                       strcpy(this->string, string);
+                       return &(this->public);
+               }
+               case ID_IPV6_ADDR:
+               case ID_FQDN:
+               case ID_RFC822_ADDR:
+               case ID_DER_ASN1_DN:
+               case ID_DER_ASN1_GN:
+               case ID_KEY_ID:
+               default:
+               {
+                       /* not supported */
+                       allocator_free(this);
+                       return NULL;
+               }
+       }
+}
+
+/*
+ * Described in header.
+ */
+identification_t *identification_create_from_encoding(id_type_t type, chunk_t encoded)
+{
+       private_identification_t *this = identification_create();
+       switch (type)
+       {
+               case ID_IPV4_ADDR:
+               {
+                       char *tmp;
+                       /* clone chunk */
+                       if (encoded.len != 4)
+                       {
+                               allocator_free(this);
+                               return NULL;    
+                       }
+                       this->encoded = allocator_clone_chunk(encoded);
+                       tmp = inet_ntoa(*((struct in_addr*)(encoded.ptr)));
+                       /* build string, must be cloned */
+                       this->string = allocator_alloc(strlen(tmp)+1);
+                       strcpy(this->string, tmp);
+                       return &(this->public);
+               }
+               case ID_IPV6_ADDR:
+               case ID_FQDN:
+               case ID_RFC822_ADDR:
+               case ID_DER_ASN1_DN:
+               case ID_DER_ASN1_GN:
+               case ID_KEY_ID:
+               default:
+               {
+                       /* not supported */
+                       allocator_free(this);
+                       return NULL;
+               }
+       }
+}
diff --git a/Source/charon/utils/identification.h b/Source/charon/utils/identification.h
new file mode 100644 (file)
index 0000000..54e4e02
--- /dev/null
@@ -0,0 +1,114 @@
+/**
+ * @file identification.h
+ *
+ * @brief Interface of identification_t.
+ *
+ */
+
+/*
+ * Copyright (C) 2005 Jan Hutter, Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+
+#ifndef _IDENTIFICATION_H_
+#define _IDENTIFICATION_H_
+
+
+#include "types.h"
+
+#include <encoding/payloads/id_payload.h>
+
+typedef struct identification_t identification_t;
+
+/**
+ * @brief Generic identification, such as used in ID payload.
+ * 
+ * The following types are possible:
+ * 
+ * - ID_IPV4_ADDR 
+ * - ID_FQDN (not implemented)
+ * - ID_RFC822_ADDR  (not implemented)
+ * - ID_IPV6_ADDR (not implemented)
+ * - ID_DER_ASN1_DN  (not implemented)
+ * - ID_DER_ASN1_GN (not implemented)
+ * - ID_KEY_ID (not implemented)
+ *
+ * @ingroup sa
+ */
+struct identification_t {
+       
+       /**
+        * @brief Get the encoding of this id, to send over
+        * the network.
+        * 
+        * @warning Result points to internal data, do NOT free!
+        * 
+        * @param this          the identification_t_object
+        * @return                      a chunk containing the encoded bytes
+        */
+       chunk_t (*get_encoding) (identification_t *this);
+       
+       /**
+        * @brief Get the type of this identification.
+        * 
+        * @param this          the identification_t_object
+        * @return                      id_type_t
+        */
+       id_type_t (*get_type) (identification_t *this);
+       
+       /**
+        * @brief Get a string representation of this id.
+        * 
+        * @warning Result points to internal data, do NOT free!
+        * 
+        * @param this          the identification_t_object
+        * @return                      string
+        */
+       char *(*get_string) (identification_t *this);
+
+       /**
+        * @brief Destroys a identification_t object.
+        *
+        * @param this                          identification_t object
+        */
+       void (*destroy) (identification_t *this);
+};
+
+/**
+ * @brief Creates an identification_t object from a string.
+ * 
+ * @param type         type of this id, such as ID_IPV4_ADDR or ID_RFC822_ADDR
+ * @param string       input string, which will be converted
+ * @return                     - created identification_t object, or
+ *                                     - NULL if type not supported.
+ * 
+ * @ingroup sa
+ */
+identification_t * identification_create_from_string(id_type_t type, char *string);
+
+
+/**
+ * @brief Creates an identification_t object from an encoded chunk.
+ * 
+ * @param type         type of this id, such as ID_IPV4_ADDR or ID_RFC822_ADDR
+ * @param encoded      encoded bytes, such as from identification_t.get_encoding
+ * @return                     - created identification_t object, or
+ *                                     - NULL if type not supported.
+ * 
+ * @ingroup sa
+ */
+identification_t * identification_create_from_encoding(id_type_t type, chunk_t encoded);
+
+
+#endif //_IDENTIFICATION_H_