store IKE and ESP proposals in SQL database

diff --git a/src/libcharon/plugins/sql/mysql.sql b/src/libcharon/plugins/sql/mysql.sql
index 36bac22c539d0c2853017723afe8912806165575..3262015a10e675b1c3fb95da3ca9bfaa34a6066a 100644 (file)
--- a/src/libcharon/plugins/sql/mysql.sql
+++ b/src/libcharon/plugins/sql/mysql.sql
@@ -38,6 +38,21 @@ CREATE TABLE `child_config_traffic_selector` (
 ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
 
 
+DROP TABLE IF EXISTS `algorithms`;
+CREATE TABLE `algorithms` (
+  `id` int(10) unsigned NOT NULL auto_increment,
+  `algorithm` varchar(128) NOT NULL
+);
+
+
+DROP TABLE IF EXISTS `child_config_algorithm`;
+CREATE TABLE `child_config_algorithm` (
+  `child_cfg` int(10) unsigned NOT NULL,
+  `prio` smallint(5) unsigned NOT NULL,
+  `alg` int(10) unsigned NOT NULL
+);
+
+
 DROP TABLE IF EXISTS `ike_configs`;
 CREATE TABLE `ike_configs` (
   `id` int(10) unsigned NOT NULL auto_increment,
@@ -49,6 +64,14 @@ CREATE TABLE `ike_configs` (
 ) ENGINE=MyISAM  DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
 
 
+DROP TABLE IF EXISTS `ike_config_algorithm`;
+CREATE TABLE `ike_config_algorithm` (
+  `ike_cfg` int(10) unsigned NOT NULL,
+  `prio` smallint(5) unsigned NOT NULL,
+  `alg` int(10) unsigned NOT NULL
+);
+
+
 DROP TABLE IF EXISTS `peer_configs`;
 CREATE TABLE `peer_configs` (
   `id` int(10) unsigned NOT NULL auto_increment,

diff --git a/src/libcharon/plugins/sql/sql_config.c b/src/libcharon/plugins/sql/sql_config.c
index d33bddc7fc4eab141415cbffe4fb2858d228b7d1..bc562c2bf8f41f7ebbeac1d7a608808f0383b6f3 100644 (file)
--- a/src/libcharon/plugins/sql/sql_config.c
+++ b/src/libcharon/plugins/sql/sql_config.c
@@ -38,13 +38,13 @@ struct private_sql_config_t {
 };
 
 /**
- * forward declaration
+ * Forward declaration
  */
 static peer_cfg_t *build_peer_cfg(private_sql_config_t *this, enumerator_t *e,
                                                                  identification_t *me, identification_t *other);
 
 /**
- * build a traffic selector from a SQL query
+ * Build a traffic selector from an SQL query
  */
 static traffic_selector_t *build_traffic_selector(private_sql_config_t *this,
                                                                                                  enumerator_t *e, bool *local)
@@ -119,7 +119,39 @@ static void add_traffic_selectors(private_sql_config_t *this,
 }
 
 /**
- * build a Child configuration from a SQL query
+ * Add ESP proposals to a child config
+ */
+static void add_esp_proposals(private_sql_config_t *this,
+                                                         child_cfg_t *child, int id)
+{
+       enumerator_t *e;
+       proposal_t *proposal;
+       char *alg;
+       bool use_default = TRUE;
+
+       e = this->db->query(this->db,
+                       "SELECT algorithm "
+                       "FROM algorithms JOIN child_config_algorithm ON id = alg "
+                       "WHERE child_cfg = ? ORDER BY prio",
+                       DB_INT, id, DB_TEXT);
+       if (e)
+       {
+               while (e->enumerate(e, &alg))
+               {
+                       proposal = proposal_create_from_string(PROTO_ESP, alg);
+                       child->add_proposal(child, proposal);
+                       use_default = FALSE;
+               }
+               e->destroy(e);
+       }
+       if (use_default)
+       {
+               child->add_proposal(child, proposal_create_default(PROTO_ESP));
+       }
+}
+
+/**
+ * Build a child config from an SQL query
  */
 static child_cfg_t *build_child_cfg(private_sql_config_t *this, enumerator_t *e)
 {
@@ -136,8 +168,7 @@ static child_cfg_t *build_child_cfg(private_sql_config_t *this, enumerator_t *e)
                };
                child_cfg = child_cfg_create(name, &lft, updown, hostaccess, mode,
                                                                         start, dpd, close, ipcomp, 0, 0, NULL, NULL);
-               /* TODO: read proposal from db */
-               child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
+               add_esp_proposals(this, child_cfg, id);
                add_traffic_selectors(this, child_cfg, id);
                return child_cfg;
        }
@@ -171,29 +202,60 @@ static void add_child_cfgs(private_sql_config_t *this, peer_cfg_t *peer, int id)
 }
 
 /**
- * build a ike configuration from a SQL query
+ * Add IKE proposals to an IKE config
+ */
+static void add_ike_proposals(private_sql_config_t *this,
+                                                         ike_cfg_t *ike_cfg, int id)
+{
+       enumerator_t *e;
+       proposal_t *proposal;
+       char *alg;
+       bool use_default = TRUE;
+
+       e = this->db->query(this->db,
+                       "SELECT algorithm "
+                       "FROM algorithms JOIN ike_config_algorithm ON id = alg "
+                       "WHERE ike_cfg = ? ORDER BY prio",
+                       DB_INT, id, DB_TEXT);
+       if (e)
+       {
+               while (e->enumerate(e, &alg))
+               {
+                       proposal = proposal_create_from_string(PROTO_IKE, alg);
+                       ike_cfg->add_proposal(ike_cfg, proposal);
+                       use_default = FALSE;
+               }
+               e->destroy(e);
+       }
+       if (use_default)
+       {
+               ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
+       }
+}
+
+/**
+ * Build an IKE config from an SQL query
  */
 static ike_cfg_t *build_ike_cfg(private_sql_config_t *this, enumerator_t *e,
                                                                host_t *my_host, host_t *other_host)
 {
-       int certreq, force_encap;
+       int id, certreq, force_encap;
        char *local, *remote;
 
-       while (e->enumerate(e, &certreq, &force_encap, &local, &remote))
+       while (e->enumerate(e, &id, &certreq, &force_encap, &local, &remote))
        {
                ike_cfg_t *ike_cfg;
 
                ike_cfg = ike_cfg_create(certreq, force_encap,
                                                                 local, IKEV2_UDP_PORT, remote, IKEV2_UDP_PORT);
-               /* TODO: read proposal from db */
-               ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
+               add_ike_proposals(this, ike_cfg, id);
                return ike_cfg;
        }
        return NULL;
 }
 
 /**
- * Query a IKE config by its id
+ * Query an IKE config by its id
  */
 static ike_cfg_t* get_ike_cfg_by_id(private_sql_config_t *this, int id)
 {
@@ -201,10 +263,10 @@ static ike_cfg_t* get_ike_cfg_by_id(private_sql_config_t *this, int id)
        ike_cfg_t *ike_cfg = NULL;
 
        e = this->db->query(this->db,
-                       "SELECT certreq, force_encap, local, remote "
+                       "SELECT id, certreq, force_encap, local, remote "
                        "FROM ike_configs WHERE id = ?",
                        DB_INT, id,
-                       DB_INT, DB_INT, DB_TEXT, DB_TEXT);
+                       DB_INT, DB_INT, DB_INT, DB_TEXT, DB_TEXT);
        if (e)
        {
                ike_cfg = build_ike_cfg(this, e, NULL, NULL);
@@ -247,7 +309,7 @@ static peer_cfg_t *get_peer_cfg_by_id(private_sql_config_t *this, int id)
 }
 
 /**
- * build a peer configuration from a SQL query
+ * Build a peer config from an SQL query
  */
 static peer_cfg_t *build_peer_cfg(private_sql_config_t *this, enumerator_t *e,
                                                                  identification_t *me, identification_t *other)
@@ -415,9 +477,9 @@ static enumerator_t* create_ike_cfg_enumerator(private_sql_config_t *this,
        e->public.destroy = (void*)ike_enumerator_destroy;
 
        e->inner = this->db->query(this->db,
-                       "SELECT certreq, force_encap, local, remote "
+                       "SELECT id, certreq, force_encap, local, remote "
                        "FROM ike_configs",
-                       DB_INT, DB_INT, DB_TEXT, DB_TEXT);
+                       DB_INT, DB_INT, DB_INT, DB_TEXT, DB_TEXT);
        if (!e->inner)
        {
                free(e);

diff --git a/src/libcharon/plugins/sql/sqlite.sql b/src/libcharon/plugins/sql/sqlite.sql
index fb5f474b1fb4928a8987ed70618085507b1289bf..603ecaeb783ab924fb0737b8e0fda94e9afb588b 100644 (file)
--- a/src/libcharon/plugins/sql/sqlite.sql
+++ b/src/libcharon/plugins/sql/sqlite.sql
@@ -41,6 +41,20 @@ CREATE INDEX child_config_traffic_selector_all ON child_config_traffic_selector
   child_cfg, traffic_selector
 );
 
+DROP TABLE IF EXISTS algorithms;
+CREATE TABLE algorithms (
+  id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+  algorithm TEXT NOT NULL
+);
+
+
+DROP TABLE IF EXISTS child_config_algorithm;
+CREATE TABLE child_config_algorithm (
+  child_cfg INTEGER NOT NULL,
+  prio INTEGER NOT NULL,
+  alg INTEGER NOT NULL
+);
+
 
 DROP TABLE IF EXISTS ike_configs;
 CREATE TABLE ike_configs (
@@ -52,6 +66,14 @@ CREATE TABLE ike_configs (
 );
 
 
+DROP TABLE IF EXISTS ike_config_algorithm;
+CREATE TABLE ike_config_algorithm (
+  ike_cfg INTEGER NOT NULL,
+  prio INTEGER NOT NULL,
+  alg INTEGER NOT NULL
+);
+
+
 DROP TABLE IF EXISTS peer_configs;
 CREATE TABLE peer_configs (
   id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,

diff --git a/testing/hosts/default/etc/ipsec.d/tables.sql b/testing/hosts/default/etc/ipsec.d/tables.sql
index a4ae7227029dcb7b9e986f89386e54f25161ef88..1ac7f056c730b9802ee1b02326119887b88199d3 100644 (file)
--- a/testing/hosts/default/etc/ipsec.d/tables.sql
+++ b/testing/hosts/default/etc/ipsec.d/tables.sql
@@ -39,6 +39,19 @@ CREATE INDEX child_config_traffic_selector_all ON child_config_traffic_selector
   child_cfg, traffic_selector
 );
 
+DROP TABLE IF EXISTS algorithms;
+CREATE TABLE algorithms (
+  id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+  algorithm TEXT NOT NULL
+);
+
+DROP TABLE IF EXISTS child_config_algorithm;
+CREATE TABLE child_config_algorithm (
+  child_cfg INTEGER NOT NULL,
+  prio INTEGER NOT NULL,
+  alg INTEGER NOT NULL
+);
+
 DROP TABLE IF EXISTS ike_configs;
 CREATE TABLE ike_configs (
   id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
@@ -48,6 +61,13 @@ CREATE TABLE ike_configs (
   remote TEXT NOT NULL
 );
 
+DROP TABLE IF EXISTS ike_config_algorithm;
+CREATE TABLE ike_config_algorithm (
+  ike_cfg INTEGER NOT NULL,
+  prio INTEGER NOT NULL,
+  alg INTEGER NOT NULL
+);
+
 DROP TABLE IF EXISTS peer_configs;
 CREATE TABLE peer_configs (
   id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,

diff --git a/testing/tests/sql/net2net-route-pem/hosts/moon/etc/ipsec.d/data.sql b/testing/tests/sql/net2net-route-pem/hosts/moon/etc/ipsec.d/data.sql
index 8d85497e238e154ffe18f50157948e5632bf07eb..0eabb354083099a10339a41e2040327dfdcd7e91 100644 (file)
--- a/testing/tests/sql/net2net-route-pem/hosts/moon/etc/ipsec.d/data.sql
+++ b/testing/tests/sql/net2net-route-pem/hosts/moon/etc/ipsec.d/data.sql
@@ -100,6 +100,14 @@ INSERT INTO private_key_identity (
   1, 6 
 );
 
+/* Algorithms */
+
+INSERT INTO algorithms (
+  algorithm
+) VALUES (
+  'aes128-sha256-modp3072'
+);
+
 /* Configurations */
 
 INSERT INTO ike_configs (
@@ -108,6 +116,12 @@ INSERT INTO ike_configs (
   'PH_IP_MOON', 'PH_IP_SUN'
 );
 
+INSERT INTO ike_config_algorithm (
+  ike_cfg, prio, alg
+) VALUES (
+  1, 1, 1
+);
+
 INSERT INTO peer_configs (
   name, ike_cfg, local_id, remote_id, mobike, dpd_delay
 ) VALUES (
@@ -150,6 +164,24 @@ INSERT INTO peer_config_child_config (
   1, 3
 );
 
+INSERT INTO child_config_algorithm (
+  child_cfg, prio, alg
+) VALUES (
+  1, 1, 1
+);
+
+INSERT INTO child_config_algorithm (
+  child_cfg, prio, alg
+) VALUES (
+  2, 1, 1
+);
+
+INSERT INTO child_config_algorithm (
+  child_cfg, prio, alg
+) VALUES (
+  3, 1, 1
+);
+
 INSERT INTO traffic_selectors (
   type, start_addr, end_addr
 ) VALUES (

diff --git a/testing/tests/sql/net2net-route-pem/hosts/sun/etc/ipsec.d/data.sql b/testing/tests/sql/net2net-route-pem/hosts/sun/etc/ipsec.d/data.sql
index aeacf493fc3000a09c4c781f8f3c39ab6df463e3..2a7b7423e94eea5b451d699eb121d0501dceba3d 100644 (file)
--- a/testing/tests/sql/net2net-route-pem/hosts/sun/etc/ipsec.d/data.sql
+++ b/testing/tests/sql/net2net-route-pem/hosts/sun/etc/ipsec.d/data.sql
@@ -100,6 +100,14 @@ INSERT INTO private_key_identity (
   1, 6 
 );
 
+/* Algorithms */
+
+INSERT INTO algorithms (
+  algorithm
+) VALUES (
+  'aes128-sha256-modp3072'
+);
+
 /* Configurations */
 
 INSERT INTO ike_configs (
@@ -108,6 +116,12 @@ INSERT INTO ike_configs (
   'PH_IP_SUN', 'PH_IP_MOON'
 );
 
+INSERT INTO ike_config_algorithm (
+  ike_cfg, prio, alg
+) VALUES (
+  1, 1, 1
+);
+
 INSERT INTO peer_configs (
   name, ike_cfg, local_id, remote_id, mobike, dpd_delay
 ) VALUES (
@@ -150,6 +164,24 @@ INSERT INTO peer_config_child_config (
   1, 3
 );
 
+INSERT INTO child_config_algorithm (
+  child_cfg, prio, alg
+) VALUES (
+  1, 1, 1
+);
+
+INSERT INTO child_config_algorithm (
+  child_cfg, prio, alg
+) VALUES (
+  2, 1, 1
+);
+
+INSERT INTO child_config_algorithm (
+  child_cfg, prio, alg
+) VALUES (
+  3, 1, 1
+);
+
 INSERT INTO traffic_selectors (
   type, start_addr, end_addr
 ) VALUES (

diff --git a/testing/tests/sql/net2net-start-pem/hosts/moon/etc/ipsec.d/data.sql b/testing/tests/sql/net2net-start-pem/hosts/moon/etc/ipsec.d/data.sql
index 542bdeae24e011ea7a5fb9013fd5987eb179a89d..2ffe55c60593f0695a3b1063750c4f73aafb415c 100644 (file)
--- a/testing/tests/sql/net2net-start-pem/hosts/moon/etc/ipsec.d/data.sql
+++ b/testing/tests/sql/net2net-start-pem/hosts/moon/etc/ipsec.d/data.sql
@@ -100,6 +100,32 @@ INSERT INTO private_key_identity (
   1, 6 
 );
 
+/* Algorithms */
+
+INSERT INTO algorithms (
+  algorithm
+) VALUES (
+  'aes128-sha256-modp2048'
+);
+
+INSERT INTO algorithms (
+  algorithm
+) VALUES (
+  'aes192-sha384-modp3072'
+);
+
+INSERT INTO algorithms (
+  algorithm
+) VALUES (
+  'aes128gcm128'
+);
+
+INSERT INTO algorithms (
+  algorithm
+) VALUES (
+  'aes192gcm128'
+);
+
 /* Configurations */
 
 INSERT INTO ike_configs (
@@ -108,6 +134,18 @@ INSERT INTO ike_configs (
   'PH_IP_MOON', 'PH_IP_SUN'
 );
 
+INSERT INTO ike_config_algorithm (
+  ike_cfg, prio, alg
+) VALUES (
+  1, 1, 1
+);
+
+INSERT INTO ike_config_algorithm (
+  ike_cfg, prio, alg
+) VALUES (
+  1, 2, 2
+);
+
 INSERT INTO peer_configs (
   name, ike_cfg, local_id, remote_id, mobike, dpd_delay
 ) VALUES (
@@ -150,6 +188,30 @@ INSERT INTO peer_config_child_config (
   1, 3
 );
 
+INSERT INTO child_config_algorithm (
+  child_cfg, prio, alg
+) VALUES (
+  1, 1, 3
+);
+
+INSERT INTO child_config_algorithm (
+  child_cfg, prio, alg
+) VALUES (
+  2, 1, 4
+);
+
+INSERT INTO child_config_algorithm (
+  child_cfg, prio, alg
+) VALUES (
+  3, 1, 3
+);
+
+INSERT INTO child_config_algorithm (
+  child_cfg, prio, alg
+) VALUES (
+  3, 2, 4
+);
+
 INSERT INTO traffic_selectors (
   type, start_addr, end_addr
 ) VALUES (

diff --git a/testing/tests/sql/net2net-start-pem/hosts/sun/etc/ipsec.d/data.sql b/testing/tests/sql/net2net-start-pem/hosts/sun/etc/ipsec.d/data.sql
index 3bcefd3d20c39921cd0c80c3516e5e7ca720a2b2..e07f7b7b0c69ddc3519b05674956686dfb20784a 100644 (file)
--- a/testing/tests/sql/net2net-start-pem/hosts/sun/etc/ipsec.d/data.sql
+++ b/testing/tests/sql/net2net-start-pem/hosts/sun/etc/ipsec.d/data.sql
@@ -100,6 +100,32 @@ INSERT INTO private_key_identity (
   1, 6 
 );
 
+/* Algorithms */
+
+INSERT INTO algorithms (
+  algorithm
+) VALUES (
+  'aes128-sha256-modp2048'
+);
+
+INSERT INTO algorithms (
+  algorithm
+) VALUES (
+  'aes192-sha384-modp3072'
+);
+
+INSERT INTO algorithms (
+  algorithm
+) VALUES (
+  'aes128gcm128'
+);
+
+INSERT INTO algorithms (
+  algorithm
+) VALUES (
+  'aes192gcm128'
+);
+
 /* Configurations */
 
 INSERT INTO ike_configs (
@@ -108,6 +134,18 @@ INSERT INTO ike_configs (
   'PH_IP_SUN', 'PH_IP_MOON'
 );
 
+INSERT INTO ike_config_algorithm (
+  ike_cfg, prio, alg
+) VALUES (
+  1, 1, 1
+);
+
+INSERT INTO ike_config_algorithm (
+  ike_cfg, prio, alg
+) VALUES (
+  1, 2, 2
+);
+
 INSERT INTO peer_configs (
   name, ike_cfg, local_id, remote_id, mobike, dpd_delay
 ) VALUES (
@@ -150,6 +188,24 @@ INSERT INTO peer_config_child_config (
   1, 3
 );
 
+INSERT INTO child_config_algorithm (
+  child_cfg, prio, alg
+) VALUES (
+  1, 1, 3
+);
+
+INSERT INTO child_config_algorithm (
+  child_cfg, prio, alg
+) VALUES (
+  2, 1, 4
+);
+
+INSERT INTO child_config_algorithm (
+  child_cfg, prio, alg
+) VALUES (
+  3, 1, 4
+);
+
 INSERT INTO traffic_selectors (
   type, start_addr, end_addr
 ) VALUES (