From 6aa61b01d21becff0bc7215fccecf6aab8f27f5b Mon Sep 17 00:00:00 2001 From: Jan Hutter Date: Tue, 22 Nov 2005 12:29:39 +0000 Subject: [PATCH] - documented --- Source/charon/configuration_manager.c | 69 +++++++++++++++---- Source/charon/configuration_manager.h | 121 ++++++++++++++++++++++++++++++++-- 2 files changed, 172 insertions(+), 18 deletions(-) diff --git a/Source/charon/configuration_manager.c b/Source/charon/configuration_manager.c index 75d613f..a0235ca 100644 --- a/Source/charon/configuration_manager.c +++ b/Source/charon/configuration_manager.c @@ -3,7 +3,7 @@ * * @brief Configuration class used to store IKE_SA-configurations. * - * Object of this type represents a configuration for an IKE_SA and its child_sa's. + * Object of this type represents the configuration for all IKE_SA's and their child_sa's. * */ @@ -53,14 +53,14 @@ struct private_configuration_manager_s { }; /** - * Implements function configuration_manager_t.get_remote_host . + * Implements function configuration_manager_t.get_remote_host. */ static status_t get_remote_host(private_configuration_manager_t *this, char *name, host_t **host) { /* - * For testing purposes, hard coded host informations are returned. + * For testing purposes, hard coded host informations for two configurations are returned. * - * Further improvements could store them in a linked list or hash table + * Further improvements could store them in a linked list or hash table. */ host_t *remote; @@ -86,10 +86,17 @@ static status_t get_remote_host(private_configuration_manager_t *this, char *nam *host = remote; return status; } - + +/** + * Implements function configuration_manager_t.get_local_host. + */ static status_t get_local_host(private_configuration_manager_t *this, char *name, host_t **host) { - /* use default route for now */ + /* + * For testing purposes, only the default route is returned for each configuration. + * + * Further improvements could store different local host informations in a linked list or hash table. + */ host_t *local; local = host_create(AF_INET, "0.0.0.0", 0); if (local == NULL) @@ -100,18 +107,34 @@ static status_t get_local_host(private_configuration_manager_t *this, char *name return SUCCESS; } +/** + * Implements function configuration_manager_t.get_dh_group_number. + */ static status_t get_dh_group_number(private_configuration_manager_t *this,char *name, u_int16_t *dh_group_number, u_int16_t priority) { - *dh_group_number = MODP_1024_BIT; + /* Currently only two dh_group_numbers are supported for each configuration*/ + + if (priority == 1) + { + *dh_group_number = MODP_1024_BIT; + } + else + { + *dh_group_number = MODP_768_BIT; + } return SUCCESS; } - + +/** + * Implements function configuration_manager_t.get_proposals_for_host. + */ static status_t get_proposals_for_host(private_configuration_manager_t *this, host_t *host, linked_list_iterator_t *iterator) { - /* use a default IKE proposal: + /* + * Currently the following hard coded proposal is created and returned for all hosts: * - ENCR_AES_CBC 128Bit - * - PRF_HMAC_SHA1 128Bit - * - AUTH_HMAC_SHA1_96 96Bit + * - PRF_HMAC_SHA1 160Bit + * - AUTH_HMAC_SHA1_96 128Bit * - MODP_1024_BIT */ proposal_substructure_t *proposal; @@ -252,14 +275,16 @@ static status_t get_proposals_for_host(private_configuration_manager_t *this, ho return SUCCESS; } +/** + * Implements function configuration_manager_t.select_proposals_for_host. + */ static status_t select_proposals_for_host(private_configuration_manager_t *this, host_t *host, linked_list_iterator_t *in, linked_list_iterator_t *out) { + /* Currently the first suggested proposal is selected, cloned and then returned*/ status_t status; proposal_substructure_t *first_suggested_proposal; proposal_substructure_t *selected_proposal; - /* select just first suggested proposal */ - this->logger->log(this->logger,CONTROL | MORE, "Going to select first suggested proposal"); if (!in->has_next(in)) { @@ -290,11 +315,20 @@ static status_t select_proposals_for_host(private_configuration_manager_t *this, return status; } +/** + * Implements function configuration_manager_t.get_transforms_for_host_and_proposals. + */ static status_t get_transforms_for_host_and_proposals (private_configuration_manager_t *this, host_t *host, linked_list_iterator_t *proposals,crypter_t **crypter,signer_t **signer, prf_t **prf) { + /* + * Currently the given proposals are not checked if they are valid for specific host! + * + * The first proposal is taken and the appropriate transform objects are created (only if they are supported) + */ + + prf_t *selected_prf = NULL; crypter_t *selected_crypter = NULL; signer_t *selected_signer = NULL; - prf_t *selected_prf = NULL; proposal_substructure_t *proposal; linked_list_iterator_t *transforms; status_t status; @@ -387,8 +421,15 @@ static status_t get_transforms_for_host_and_proposals (private_configuration_man return SUCCESS; } +/** + * Implements function configuration_manager_t.is_dh_group_allowed_for_host. + */ static status_t is_dh_group_allowed_for_host(private_configuration_manager_t *this, host_t *host, diffie_hellman_group_t group, bool *allowed) { + /* + * Only the two DH groups 768 and 1024 are supported for each configuration + */ + if (group == MODP_768_BIT || group == MODP_1024_BIT) { *allowed = TRUE; diff --git a/Source/charon/configuration_manager.h b/Source/charon/configuration_manager.h index 07cdef5..2228688 100644 --- a/Source/charon/configuration_manager.h +++ b/Source/charon/configuration_manager.h @@ -34,37 +34,150 @@ /** * @brief Manages all configuration aspects of the daemon. * + * Currently the configuration manager class does not store specific configurations. + * It is expected, that in future different configurations are stored in a linked list + * or a hash map and are managed by this class. + * */ typedef struct configuration_manager_s configuration_manager_t; struct configuration_manager_s { /** - * Gets the remote host informations for a specific configuration name + * Gets the remote host information for a specific configuration name. + * + * A host information consist of IP address and UDP port. * * @param this calling object * @param name name of the configuration - * @param host remote host informations are stored at this location + * @param host remote host information gets stored at this location * * @return + * - OUT_OF_RES * - NOT_FOUND * - SUCCESS - * - OUT_OF_RES */ status_t (*get_remote_host) (configuration_manager_t *this, char *name, host_t **host); - + + /** + * Gets the local host information for a specific configuration name + * + * A host information consist of IP address and UDP port. + * + * @param this calling object + * @param name name of the configuration + * @param host local host information gets stored at this location + * + * @return + * - OUT_OF_RES + * - NOT_FOUND (not yet implemented) + * - SUCCESS + */ status_t (*get_local_host) (configuration_manager_t *this, char *name, host_t **host); + /** + * Returns the DH group number to use when initiating a connection. + * + * To make sure that different group numbers are supported in case + * a group number is not supported by other peer, a priority has to get defined. + * + * + * @param this calling object + * @param name name of the configuration + * @param dh_group_number the DH group number gets stored at this location + * @param priority priority to use for selection of DH group number. + * Highest priority is 1. All higher values have lower + * priority. + * + * @return + * - FAILED (not yet implemented) + * - NOT_FOUND (not yet implemented) + * - SUCCESS + */ status_t (*get_dh_group_number) (configuration_manager_t *this, char *name, u_int16_t *dh_group_number, u_int16_t priority); + /** + * Returns the proposals which should be used to initiate a connection with a specific + * host. + * + * The proposals of type proposal_substructure_t * are returned over the given iterator + * and have to be destroyed by the caller. + * + * + * @param this calling object + * @param host host information used to find the correct proposals + * @param list iterator where the proposals are written to + * + * @return + * - OUT_OF_RES + * - NOT_FOUND (not yet implemented) + * - SUCCESS + */ status_t (*get_proposals_for_host) (configuration_manager_t *this, host_t *host, linked_list_iterator_t *list); + /** + * Checks the suggested proposals passed as iterator in and selects one proposal to be sent as selection + * of this proposals. + * + * Currently there is no check implemented. The first suggested proposal is cloned and then as selected returned. + * + * + * @param this calling object + * @param host host information used to find the correct proposals + * @param in iterator with suggested proposals of type proposal_substructure_t * + * @param out The selected proposals of type proposal_substructure_t * are written to this iterator + * + * @return + * - OUT_OF_RES + * - FAILED + * - NOT_FOUND (not yet implemented) + * - SUCCESS + */ status_t (*select_proposals_for_host) (configuration_manager_t *this, host_t *host, linked_list_iterator_t *in, linked_list_iterator_t *out); + /** + * Returns the transforms of type crypter_t, signer_t and prf_t as specified in given proposal. + * + * + * @param this calling object + * @param host host information + * @param proposals iterator with selected proposals + * @param[out] crypter The created transform object of type crypter_t is stored at this location + * @param[out] signer The created transform object of type signer_t is stored at this location + * @param[out] prf The created transform object of type prf_t is stored at this location + * + * @return + * - OUT_OF_RES + * - FAILED + * - NOT_FOUND (not yet implemented) + * - SUCCESS + */ status_t (*get_transforms_for_host_and_proposals) (configuration_manager_t *this, host_t *host, linked_list_iterator_t *proposals,crypter_t **crypter,signer_t **signer, prf_t **prf); + /** + * Checks if a given dh_group number is allowed for a specific host + * + * + * @param this calling object + * @param host host information + * @param group DH group number to check if allowed + * @param[out] allowed will be set to TRUE if group number is allowed, FALSE otherwise + * + * @return + * - FAILED + * - NOT_FOUND (not yet implemented) + * - SUCCESS + */ status_t (*is_dh_group_allowed_for_host) (configuration_manager_t *this, host_t *host, diffie_hellman_group_t group, bool *allowed); + /** + * Destroys configuration manager + * + * + * @param this calling object + * @return + * - SUCCESS + */ status_t (*destroy) (configuration_manager_t *this); }; -- 2.7.4