diff options
| author | Martin Willi <martin@revosec.ch> | 2011-11-23 11:26:04 +0100 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2012-03-20 17:30:49 +0100 |
| commit | 017d98bf39e3824829cf17be1723b460a2ddeb4e (patch) | |
| tree | ec0187ea36553eb0f11942de6e179a53fd5753e7 | |
| parent | df99e976be113cb55d7d38061e546bc8f0377c95 (diff) | |
| download | strongswan-017d98bf39e3824829cf17be1723b460a2ddeb4e.tar.bz2 strongswan-017d98bf39e3824829cf17be1723b460a2ddeb4e.tar.xz | |
Merged IKEv1 attribute payload/data into configuration payload/attribute
| -rw-r--r-- | src/libcharon/Makefile.am | 2 | ||||
| -rw-r--r-- | src/libcharon/encoding/message.c | 10 | ||||
| -rw-r--r-- | src/libcharon/encoding/payloads/attribute_payload_v1.c | 231 | ||||
| -rw-r--r-- | src/libcharon/encoding/payloads/attribute_payload_v1.h | 93 | ||||
| -rw-r--r-- | src/libcharon/encoding/payloads/configuration_attribute.c | 144 | ||||
| -rw-r--r-- | src/libcharon/encoding/payloads/configuration_attribute.h | 39 | ||||
| -rw-r--r-- | src/libcharon/encoding/payloads/cp_payload.c | 84 | ||||
| -rw-r--r-- | src/libcharon/encoding/payloads/cp_payload.h | 16 | ||||
| -rw-r--r-- | src/libcharon/encoding/payloads/data_attribute_v1.c | 260 | ||||
| -rw-r--r-- | src/libcharon/encoding/payloads/data_attribute_v1.h | 88 | ||||
| -rw-r--r-- | src/libcharon/encoding/payloads/payload.c | 56 | ||||
| -rw-r--r-- | src/libcharon/encoding/payloads/payload.h | 15 | ||||
| -rw-r--r-- | src/libcharon/sa/tasks/ike_config.c | 23 | ||||
| -rw-r--r-- | src/libcharon/sa/tasks/xauth_request.c | 26 |
14 files changed, 273 insertions, 814 deletions
diff --git a/src/libcharon/Makefile.am b/src/libcharon/Makefile.am index 2bead3beb..a813e97f1 100644 --- a/src/libcharon/Makefile.am +++ b/src/libcharon/Makefile.am @@ -15,13 +15,11 @@ daemon.c daemon.h \ encoding/generator.c encoding/generator.h \ encoding/message.c encoding/message.h \ encoding/parser.c encoding/parser.h \ -encoding/payloads/attribute_payload_v1.c encoding/payloads/attribute_payload_v1.h \ encoding/payloads/auth_payload.c encoding/payloads/auth_payload.h \ encoding/payloads/cert_payload.c encoding/payloads/cert_payload.h \ encoding/payloads/certreq_payload.c encoding/payloads/certreq_payload.h \ encoding/payloads/configuration_attribute.c encoding/payloads/configuration_attribute.h \ encoding/payloads/cp_payload.c encoding/payloads/cp_payload.h \ -encoding/payloads/data_attribute_v1.c encoding/payloads/data_attribute_v1.h \ encoding/payloads/delete_payload.c encoding/payloads/delete_payload.h \ encoding/payloads/eap_payload.c encoding/payloads/eap_payload.h \ encoding/payloads/encodings.c encoding/payloads/encodings.h \ diff --git a/src/libcharon/encoding/message.c b/src/libcharon/encoding/message.c index e84f9a123..032fc1b1c 100644 --- a/src/libcharon/encoding/message.c +++ b/src/libcharon/encoding/message.c @@ -635,9 +635,9 @@ static payload_order_t quick_mode_r_order[] = { * Message rule for TRANSACTION. */ static payload_rule_t transaction_payload_rules_v1[] = { -/* payload type min max encr suff */ - {HASH_V1, 0, 1, TRUE, FALSE}, - {ATTRIBUTE_V1, 1, 1, FALSE, FALSE}, +/* payload type min max encr suff */ + {HASH_V1, 0, 1, TRUE, FALSE}, + {CONFIGURATION_V1, 1, 1, FALSE, FALSE}, }; /** @@ -645,8 +645,8 @@ static payload_rule_t transaction_payload_rules_v1[] = { */ static payload_order_t transaction_payload_order_v1[] = { /* payload type notify type */ - {HASH_V1, 0}, - {ATTRIBUTE_V1, 0}, + {HASH_V1, 0}, + {CONFIGURATION_V1, 0}, }; #endif /* USE_IKEV1 */ diff --git a/src/libcharon/encoding/payloads/attribute_payload_v1.c b/src/libcharon/encoding/payloads/attribute_payload_v1.c deleted file mode 100644 index 3aa0bc3a1..000000000 --- a/src/libcharon/encoding/payloads/attribute_payload_v1.c +++ /dev/null @@ -1,231 +0,0 @@ - -#include <stddef.h> - -#include "attribute_payload_v1.h" - -#include <encoding/payloads/encodings.h> -#include <utils/linked_list.h> - -ENUM(config_type_v1_names, ISAKMP_CFG_REQUEST, ISAKMP_CFG_ACK, - "ISAKMP_CFG_REQUEST", - "ISAKMP_CFG_REPLY", - "ISAKMP_CFG_SET", - "ISAKMP_CFG_ACK", -); - -typedef struct private_attribute_payload_v1_t private_attribute_payload_v1_t; - -/** - * Private data of an attribute_payload_v1_t object. - */ -struct private_attribute_payload_v1_t { - - /** - * Public cp_payload_t interface. - */ - attribute_payload_v1_t public; - - /** - * Next payload type. - */ - u_int8_t next_payload; - - /** - * Length of this payload. - */ - u_int16_t payload_length; - - /** - * List of attributes, as configuration_attribute_t - */ - linked_list_t *attributes; - - /** - * Reserved bytes - */ - u_int8_t reserved_byte[2]; - - /** - * Identifier - */ - u_int16_t identifier; - - /** - * Config Type. - */ - u_int8_t type; -}; - -/** - * Encoding rules to parse or generate a IKEv2-CP Payload - * - * The defined offsets are the positions in a object of type - * private_attribute_payload_v1_t. - */ -encoding_rule_t attribute_payload_v1_encodings[] = { - /* 1 Byte next payload type, stored in the field next_payload */ - { U_INT_8, offsetof(private_attribute_payload_v1_t, next_payload) }, - /* reserved byte */ - { RESERVED_BYTE, offsetof(private_attribute_payload_v1_t, reserved_byte[0]) }, - /* Length of the whole Attribute payload*/ - { PAYLOAD_LENGTH, offsetof(private_attribute_payload_v1_t, payload_length) }, - /* Config type */ - { U_INT_8, offsetof(private_attribute_payload_v1_t, type) }, - /* 3 reserved bytes */ - { RESERVED_BYTE, offsetof(private_attribute_payload_v1_t, reserved_byte[1])}, - - /* Identifier */ - { U_INT_16, offsetof(private_attribute_payload_v1_t, identifier)}, - - /* List of configuration attributes */ - { PAYLOAD_LIST + CONFIGURATION_ATTRIBUTE, offsetof(private_attribute_payload_v1_t, attributes) } -}; - -/* - 1 2 3 - 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 - +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - ! Next Payload ! RESERVED ! Payload Length ! - +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - ! CFG Type ! RESERVED ! Identifier ! - +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - ! ! - ~ Configuration Attributes ~ - ! ! - +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ -*/ - -METHOD(payload_t, verify, status_t, - private_attribute_payload_v1_t *this) -{ - status_t status = SUCCESS; - enumerator_t *enumerator; - payload_t *attribute; - - enumerator = this->attributes->create_enumerator(this->attributes); - while (enumerator->enumerate(enumerator, &attribute)) - { - status = attribute->verify(attribute); - if (status != SUCCESS) - { - break; - } - } - enumerator->destroy(enumerator); - return status; -} - -METHOD(payload_t, get_encoding_rules, void, - private_attribute_payload_v1_t *this, encoding_rule_t **rules, size_t *rule_count) -{ - *rules = attribute_payload_v1_encodings; - *rule_count = countof(attribute_payload_v1_encodings); -} - -METHOD(payload_t, get_type, payload_type_t, - private_attribute_payload_v1_t *this) -{ - return ATTRIBUTE_V1; -} - -METHOD(payload_t, get_next_type, payload_type_t, - private_attribute_payload_v1_t *this) -{ - return this->next_payload; -} - -METHOD(payload_t, set_next_type, void, - private_attribute_payload_v1_t *this,payload_type_t type) -{ - this->next_payload = type; -} - -/** - * recompute the length of the payload. - */ -static void compute_length(private_attribute_payload_v1_t *this) -{ - enumerator_t *enumerator; - payload_t *attribute; - - this->payload_length = ATTRIBUTE_PAYLOAD_V1_HEADER_LENGTH; - - enumerator = this->attributes->create_enumerator(this->attributes); - while (enumerator->enumerate(enumerator, &attribute)) - { - this->payload_length += attribute->get_length(attribute); - } - enumerator->destroy(enumerator); -} - -METHOD(payload_t, get_length, size_t, - private_attribute_payload_v1_t *this) -{ - return this->payload_length; -} - -METHOD(attribute_payload_v1_t, create_attribute_enumerator, enumerator_t*, - private_attribute_payload_v1_t *this) -{ - return this->attributes->create_enumerator(this->attributes); -} - -METHOD(attribute_payload_v1_t, add_attribute, void, - private_attribute_payload_v1_t *this, data_attribute_v1_t *attribute) -{ - this->attributes->insert_last(this->attributes, attribute); - compute_length(this); -} - -METHOD(attribute_payload_v1_t, get_config_type, config_type_v1_t, - private_attribute_payload_v1_t *this) -{ - return this->type; -} - -METHOD2(payload_t, attribute_payload_v1_t, destroy, void, - private_attribute_payload_v1_t *this) -{ - this->attributes->destroy_offset(this->attributes, - offsetof(data_attribute_v1_t, destroy)); - free(this); -} - -/* - * Described in header. - */ -attribute_payload_v1_t *attribute_payload_v1_create_type(config_type_v1_t type) -{ - private_attribute_payload_v1_t *this; - - INIT(this, - .public = { - .payload_interface = { - .verify = _verify, - .get_encoding_rules = _get_encoding_rules, - .get_length = _get_length, - .get_next_type = _get_next_type, - .set_next_type = _set_next_type, - .get_type = _get_type, - .destroy = _destroy, - }, - .create_attribute_enumerator = _create_attribute_enumerator, - .add_attribute = _add_attribute, - .get_type = _get_config_type, - .destroy = _destroy, - }, - .next_payload = NO_PAYLOAD, - .payload_length = ATTRIBUTE_PAYLOAD_V1_HEADER_LENGTH, - .attributes = linked_list_create(), - .type = type, - ); - return &this->public; -} - -/* - * Described in header. - */ -attribute_payload_v1_t *attribute_payload_v1_create() -{ - return attribute_payload_v1_create_type(ISAKMP_CFG_REQUEST); -} diff --git a/src/libcharon/encoding/payloads/attribute_payload_v1.h b/src/libcharon/encoding/payloads/attribute_payload_v1.h deleted file mode 100644 index d59d9981e..000000000 --- a/src/libcharon/encoding/payloads/attribute_payload_v1.h +++ /dev/null @@ -1,93 +0,0 @@ - -/** - * @defgroup attribute_payload_v1 attribute_payload_v1 - * @{ @ingroup payloads - */ - -#ifndef ATTRIBUTE_PAYLOAD_V1_H_ -#define ATTRIBUTE_PAYLOAD_V1_H_ - -typedef enum config_type_v1_t config_type_v1_t; -typedef struct attribute_payload_v1_t attribute_payload_v1_t; - -#include <library.h> -#include <encoding/payloads/payload.h> -#include <encoding/payloads/data_attribute_v1.h> -#include <utils/enumerator.h> - -/** - * ATTRIBUTE_PAYLOAD_V1 length in bytes without any proposal substructure. - */ -#define ATTRIBUTE_PAYLOAD_V1_HEADER_LENGTH 8 - -/** - * Config Type of an Attribute Payload. - */ -enum config_type_v1_t { - ISAKMP_CFG_REQUEST = 1, - ISAKMP_CFG_REPLY = 2, - ISAKMP_CFG_SET = 3, - ISAKMP_CFG_ACK = 4, -}; - -/** - * enum name for config_type_v1_t. - */ -extern enum_name_t *config_type_v1_names; - -/** - * Class representing an ISAKMP Config Mode Attribute Payload. - * - * The Attribute Payload format is described in draft-ietf-ipsec-isakmp-mode-cfg-o5.txt section 3.2. - */ -struct attribute_payload_v1_t { - - /** - * The payload_t interface. - */ - payload_t payload_interface; - - /** - * Creates an enumerator of stored data_attribute_v1_t objects. - * - * @return enumerator over configration_attribute_t - */ - enumerator_t *(*create_attribute_enumerator) (attribute_payload_v1_t *this); - - /** - * Adds a configuration attribute to the attribute payload. - * - * @param attribute attribute to add - */ - void (*add_attribute)(attribute_payload_v1_t *this, - data_attribute_v1_t *attribute); - - /** - * Get the attribute payload type. - * - * @return type of attribute payload - */ - config_type_v1_t (*get_type) (attribute_payload_v1_t *this); - - /** - * Destroys an attribute_payload_v1_t object. - */ - void (*destroy) (attribute_payload_v1_t *this); -}; - -/** - * Creates an empty attribute payload - * - * @return empty attribute payload - */ -attribute_payload_v1_t *attribute_payload_v1_create(); - -/** - * Creates an attribute_payload_v1_t with type and value - * - * @param config_type type of attribute payload to create - * @return created attribute payload - */ -attribute_payload_v1_t *attribute_payload_v1_create_type(config_type_v1_t config_type); - -#endif /** ATTRIBUTE_PAYLOAD_V1_H_ @}*/ diff --git a/src/libcharon/encoding/payloads/configuration_attribute.c b/src/libcharon/encoding/payloads/configuration_attribute.c index 88e43fa3d..58173077d 100644 --- a/src/libcharon/encoding/payloads/configuration_attribute.c +++ b/src/libcharon/encoding/payloads/configuration_attribute.c @@ -36,41 +36,48 @@ struct private_configuration_attribute_t { configuration_attribute_t public; /** - * Reserved bit + * Value encoded in length field? + */ + bool af_flag; + + /** + * Reserved bit (af_flag in IKEv2) */ bool reserved; /** * Type of the attribute. */ - u_int16_t type; + u_int16_t attr_type; /** - * Length of the attribute. + * Length of the attribute, value if af_flag set. */ - u_int16_t length; + u_int16_t length_or_value; /** * Attribute value as chunk. */ chunk_t value; + + /** + * Payload type, CONFIGURATION_ATTRIBUTE or DATA_ATTRIBUTE_V1 + */ + payload_type_t type; }; /** - * Encoding rules to parse or generate a configuration attribute. - * - * The defined offsets are the positions in a object of type - * private_configuration_attribute_t. + * Encoding rules for a IKEv2 configuration attribute / IKEv1 data attribute */ -static encoding_rule_t encodings[] = { +static encoding_rule_t encodings_v2[] = { /* 1 reserved bit */ - { RESERVED_BIT, offsetof(private_configuration_attribute_t, reserved)}, + { RESERVED_BIT, offsetof(private_configuration_attribute_t, reserved) }, /* type of the attribute as 15 bit unsigned integer */ - { ATTRIBUTE_TYPE, offsetof(private_configuration_attribute_t, type) }, + { ATTRIBUTE_TYPE, offsetof(private_configuration_attribute_t, attr_type) }, /* Length of attribute value */ - { CONFIGURATION_ATTRIBUTE_LENGTH, offsetof(private_configuration_attribute_t, length) }, + { CONFIGURATION_ATTRIBUTE_LENGTH, offsetof(private_configuration_attribute_t, length_or_value)}, /* Value of attribute if attribute format flag is zero */ - { CHUNK_DATA, offsetof(private_configuration_attribute_t, value) } + { CHUNK_DATA, offsetof(private_configuration_attribute_t, value) }, }; /* @@ -85,18 +92,39 @@ static encoding_rule_t encodings[] = { +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ +/** + * Encoding rules for a IKEv1 data attribute + */ +static encoding_rule_t encodings_v1[] = { + /* AF Flag */ + { FLAG, offsetof(private_configuration_attribute_t, af_flag) }, + /* type of the attribute as 15 bit unsigned integer */ + { ATTRIBUTE_TYPE, offsetof(private_configuration_attribute_t, type) }, + /* Length of attribute value */ + { ATTRIBUTE_LENGTH_OR_VALUE, offsetof(private_configuration_attribute_t, length_or_value)}, + /* Value of attribute if attribute format flag is zero */ + { ATTRIBUTE_VALUE, offsetof(private_configuration_attribute_t, value) }, +}; + +/* + 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + !F| Attribute Type ! Length | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | | + ~ Value ~ + | | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +*/ + + METHOD(payload_t, verify, status_t, private_configuration_attribute_t *this) { bool failed = FALSE; - if (this->length != this->value.len) - { - DBG1(DBG_ENC, "invalid attribute length"); - return FAILED; - } - - switch (this->type) + switch (this->attr_type) { case INTERNAL_IP4_ADDRESS: case INTERNAL_IP4_NETMASK: @@ -104,20 +132,20 @@ METHOD(payload_t, verify, status_t, case INTERNAL_IP4_NBNS: case INTERNAL_ADDRESS_EXPIRY: case INTERNAL_IP4_DHCP: - if (this->length != 0 && this->length != 4) + if (this->length_or_value != 0 && this->length_or_value != 4) { failed = TRUE; } break; case INTERNAL_IP4_SUBNET: - if (this->length != 0 && this->length != 8) + if (this->length_or_value != 0 && this->length_or_value != 8) { failed = TRUE; } break; case INTERNAL_IP6_ADDRESS: case INTERNAL_IP6_SUBNET: - if (this->length != 0 && this->length != 17) + if (this->length_or_value != 0 && this->length_or_value != 17) { failed = TRUE; } @@ -125,13 +153,13 @@ METHOD(payload_t, verify, status_t, case INTERNAL_IP6_DNS: case INTERNAL_IP6_NBNS: case INTERNAL_IP6_DHCP: - if (this->length != 0 && this->length != 16) + if (this->length_or_value != 0 && this->length_or_value != 16) { failed = TRUE; } break; case SUPPORTED_ATTRIBUTES: - if (this->length % 2) + if (this->length_or_value % 2) { failed = TRUE; } @@ -141,14 +169,15 @@ METHOD(payload_t, verify, status_t, break; default: DBG1(DBG_ENC, "unknown attribute type %N", - configuration_attribute_type_names, this->type); + configuration_attribute_type_names, this->attr_type); break; } if (failed) { DBG1(DBG_ENC, "invalid attribute length %d for %N", - this->length, configuration_attribute_type_names, this->type); + this->length_or_value, configuration_attribute_type_names, + this->attr_type); return FAILED; } return SUCCESS; @@ -157,8 +186,13 @@ METHOD(payload_t, verify, status_t, METHOD(payload_t, get_encoding_rules, int, private_configuration_attribute_t *this, encoding_rule_t **rules) { - *rules = encodings; - return countof(encodings); + if (this->type == CONFIGURATION_ATTRIBUTE) + { + *rules = encodings_v2; + return countof(encodings_v2); + } + *rules = encodings_v1; + return countof(encodings_v1); } METHOD(payload_t, get_header_length, int, @@ -170,7 +204,7 @@ METHOD(payload_t, get_header_length, int, METHOD(payload_t, get_type, payload_type_t, private_configuration_attribute_t *this) { - return CONFIGURATION_ATTRIBUTE; + return this->type; } METHOD(payload_t, get_next_type, payload_type_t, @@ -193,15 +227,29 @@ METHOD(payload_t, get_length, size_t, METHOD(configuration_attribute_t, get_cattr_type, configuration_attribute_type_t, private_configuration_attribute_t *this) { - return this->type; + return this->attr_type; } -METHOD(configuration_attribute_t, get_value, chunk_t, +METHOD(configuration_attribute_t, get_chunk, chunk_t, private_configuration_attribute_t *this) { + if (this->af_flag) + { + return chunk_from_thing(this->length_or_value); + } return this->value; } +METHOD(configuration_attribute_t, get_value, u_int16_t, + private_configuration_attribute_t *this) +{ + if (this->af_flag) + { + return this->length_or_value; + } + return 0; +} + METHOD2(payload_t, configuration_attribute_t, destroy, void, private_configuration_attribute_t *this) { @@ -212,7 +260,7 @@ METHOD2(payload_t, configuration_attribute_t, destroy, void, /* * Described in header. */ -configuration_attribute_t *configuration_attribute_create() +configuration_attribute_t *configuration_attribute_create(payload_type_t type) { private_configuration_attribute_t *this; @@ -228,10 +276,12 @@ configuration_attribute_t *configuration_attribute_create() .get_type = _get_type, .destroy = _destroy, }, + .get_chunk = _get_chunk, .get_value = _get_value, .get_type = _get_cattr_type, .destroy = _destroy, }, + .type = type ); return &this->public; } @@ -239,15 +289,33 @@ configuration_attribute_t *configuration_attribute_create() /* * Described in header. */ +configuration_attribute_t *configuration_attribute_create_chunk( + payload_type_t type, configuration_attribute_type_t attr_type, chunk_t chunk) +{ + private_configuration_attribute_t *this; + + this = (private_configuration_attribute_t*) + configuration_attribute_create(type); + this->attr_type = ((u_int16_t)attr_type) & 0x7FFF; + this->value = chunk_clone(chunk); + this->length_or_value = chunk.len; + + return &this->public; +} + +/* + * Described in header. + */ configuration_attribute_t *configuration_attribute_create_value( - configuration_attribute_type_t type, chunk_t value) + configuration_attribute_type_t attr_type, u_int16_t value) { private_configuration_attribute_t *this; - this = (private_configuration_attribute_t*)configuration_attribute_create(); - this->type = ((u_int16_t)type) & 0x7FFF; - this->value = chunk_clone(value); - this->length = value.len; + this = (private_configuration_attribute_t*) + configuration_attribute_create(CONFIGURATION_ATTRIBUTE_V1); + this->attr_type = ((u_int16_t)attr_type) & 0x7FFF; + this->length_or_value = value; + this->af_flag = TRUE; return &this->public; } diff --git a/src/libcharon/encoding/payloads/configuration_attribute.h b/src/libcharon/encoding/payloads/configuration_attribute.h index e216ee366..ecc0f9c07 100644 --- a/src/libcharon/encoding/payloads/configuration_attribute.h +++ b/src/libcharon/encoding/payloads/configuration_attribute.h @@ -29,9 +29,7 @@ typedef struct configuration_attribute_t configuration_attribute_t; #include <encoding/payloads/payload.h> /** - * Class representing an IKEv2-CONFIGURATION Attribute. - * - * The CONFIGURATION ATTRIBUTE format is described in RFC section 3.15.1. + * Class representing an IKEv2 configuration attribute / IKEv1 data attribute. */ struct configuration_attribute_t { @@ -48,11 +46,18 @@ struct configuration_attribute_t { configuration_attribute_type_t (*get_type)(configuration_attribute_t *this); /** - * Returns the value of the attribute. + * Returns the value of the attribute as chunk. * * @return chunk_t pointing to the internal value */ - chunk_t (*get_value) (configuration_attribute_t *this); + chunk_t (*get_chunk) (configuration_attribute_t *this); + + /** + * Returns the 2 byte value of the attribute as u_int16. + * + * @return attribute value + */ + u_int16_t (*get_value) (configuration_attribute_t *this); /** * Destroys an configuration_attribute_t object. @@ -63,18 +68,30 @@ struct configuration_attribute_t { /** * Creates an empty configuration attribute. * - * @return created configuration attribute + * @param type CONFIGURATION_ATTRIBUTE or CONFIGURATION_ATTRIBUTE_V1 + * @return created configuration attribute */ -configuration_attribute_t *configuration_attribute_create(); +configuration_attribute_t *configuration_attribute_create(payload_type_t type); /** * Creates a configuration attribute with type and value. * - * @param type type of configuration attribute - * @param value value, gets cloned - * @return created configuration attribute + * @param type CONFIGURATION_ATTRIBUTE or CONFIGURATION_ATTRIBUTE_V1 + * @param attr_type type of configuration attribute + * @param chunk attribute value, gets cloned + * @return created configuration attribute + */ +configuration_attribute_t *configuration_attribute_create_chunk( + payload_type_t type, configuration_attribute_type_t attr_type, chunk_t chunk); + +/** + * Creates a IKEv1 configuration attribute with 2 bytes value (IKEv1 only). + * + * @param attr_type type of configuration attribute + * @param value attribute value, gets cloned + * @return created CONFIGURATION_ATTRIBUTE_V1 configuration attribute */ configuration_attribute_t *configuration_attribute_create_value( - configuration_attribute_type_t type, chunk_t value); + configuration_attribute_type_t attr_type, u_int16_t value); #endif /** CONFIGURATION_ATTRIBUTE_H_ @}*/ diff --git a/src/libcharon/encoding/payloads/cp_payload.c b/src/libcharon/encoding/payloads/cp_payload.c index 1813c9790..9ecb15006 100644 --- a/src/libcharon/encoding/payloads/cp_payload.c +++ b/src/libcharon/encoding/payloads/cp_payload.c @@ -44,7 +44,7 @@ struct private_cp_payload_t { /** * Next payload type. */ - u_int8_t next_payload; + u_int8_t next_payload; /** * Critical flag. @@ -67,6 +67,11 @@ struct private_cp_payload_t { u_int16_t payload_length; /** + * Identifier field, IKEv1 only + */ + u_int16_t identifier; + + /** * List of attributes, as configuration_attribute_t */ linked_list_t *attributes; @@ -74,16 +79,18 @@ struct private_cp_payload_t { /** * Config Type. */ - u_int8_t type; + u_int8_t cfg_type; + + /** + * CONFIGURATION or CONFIGURATION_V1 + */ + payload_type_t type; }; /** - * Encoding rules to parse or generate a IKEv2-CP Payload - * - * The defined offsets are the positions in a object of type - * private_cp_payload_t. + * Encoding rules to for an IKEv2 configuration payload */ -static encoding_rule_t encodings[] = { +static encoding_rule_t encodings_v2[] = { /* 1 Byte next payload type, stored in the field next_payload */ { U_INT_8, offsetof(private_cp_payload_t, next_payload) }, /* the critical bit */ @@ -98,7 +105,7 @@ static encoding_rule_t encodings[] = { { RESERVED_BIT, offsetof(private_cp_payload_t, reserved_bit[6]) }, /* Length of the whole CP payload*/ { PAYLOAD_LENGTH, offsetof(private_cp_payload_t, payload_length) }, - { U_INT_8, offsetof(private_cp_payload_t, type) }, + { U_INT_8, offsetof(private_cp_payload_t, cfg_type) }, /* 3 reserved bytes */ { RESERVED_BYTE, offsetof(private_cp_payload_t, reserved_byte[0])}, { RESERVED_BYTE, offsetof(private_cp_payload_t, reserved_byte[1])}, @@ -122,6 +129,47 @@ static encoding_rule_t encodings[] = { +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ +/** + * Encoding rules to for an IKEv1 configuration payload + */ +static encoding_rule_t encodings_v1[] = { + /* 1 Byte next payload type, stored in the field next_payload */ + { U_INT_8, offsetof(private_cp_payload_t, next_payload) }, + /* the critical bit */ + { FLAG, offsetof(private_cp_payload_t, critical) }, + /* 7 Bit reserved bits */ + { RESERVED_BIT, offsetof(private_cp_payload_t, reserved_bit[0]) }, + { RESERVED_BIT, offsetof(private_cp_payload_t, reserved_bit[1]) }, + { RESERVED_BIT, offsetof(private_cp_payload_t, reserved_bit[2]) }, + { RESERVED_BIT, offsetof(private_cp_payload_t, reserved_bit[3]) }, + { RESERVED_BIT, offsetof(private_cp_payload_t, reserved_bit[4]) }, + { RESERVED_BIT, offsetof(private_cp_payload_t, reserved_bit[5]) }, + { RESERVED_BIT, offsetof(private_cp_payload_t, reserved_bit[6]) }, + /* Length of the whole CP payload*/ + { PAYLOAD_LENGTH, offsetof(private_cp_payload_t, payload_length) }, + { U_INT_8, offsetof(private_cp_payload_t, cfg_type) }, + /* 1 reserved bytes */ + { RESERVED_BYTE, offsetof(private_cp_payload_t, reserved_byte[0])}, + { U_INT_16, offsetof(private_cp_payload_t, identifier)}, + /* list of configuration attributes in a list */ + { PAYLOAD_LIST + CONFIGURATION_ATTRIBUTE, + offsetof(private_cp_payload_t, attributes) }, +}; + +/* + 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ! Next Payload ! RESERVED ! Payload Length ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ! CFG Type ! RESERVED ! Identifier ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ! ! + ~ Configuration Attributes ~ + ! ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +*/ + METHOD(payload_t, verify, status_t, private_cp_payload_t *this) { @@ -145,8 +193,13 @@ METHOD(payload_t, verify, status_t, METHOD(payload_t, get_encoding_rules, int, private_cp_payload_t *this, encoding_rule_t **rules) { - *rules = encodings; - return countof(encodings); + if (this->type == CONFIGURATION) + { + *rules = encodings_v2; + return countof(encodings_v2); + } + *rules = encodings_v1; + return countof(encodings_v1); } METHOD(payload_t, get_header_length, int, @@ -158,7 +211,7 @@ METHOD(payload_t, get_header_length, int, METHOD(payload_t, get_type, payload_type_t, private_cp_payload_t *this) { - return CONFIGURATION; + return this->type; } METHOD(payload_t, get_next_type, payload_type_t, @@ -213,7 +266,7 @@ METHOD(cp_payload_t, add_attribute, void, METHOD(cp_payload_t, get_config_type, config_type_t, private_cp_payload_t *this) { - return this->type; + return this->cfg_type; } METHOD2(payload_t, cp_payload_t, destroy, void, @@ -227,7 +280,7 @@ METHOD2(payload_t, cp_payload_t, destroy, void, /* * Described in header. */ -cp_payload_t *cp_payload_create_type(config_type_t type) +cp_payload_t *cp_payload_create_type(payload_type_t type, config_type_t cfg_type) { private_cp_payload_t *this; @@ -251,6 +304,7 @@ cp_payload_t *cp_payload_create_type(config_type_t type) .next_payload = NO_PAYLOAD, .payload_length = get_header_length(this), .attributes = linked_list_create(), + .cfg_type = cfg_type, .type = type, ); return &this->public; @@ -259,7 +313,7 @@ cp_payload_t *cp_payload_create_type(config_type_t type) /* * Described in header. */ -cp_payload_t *cp_payload_create() +cp_payload_t *cp_payload_create(payload_type_t type) { - return cp_payload_create_type(CFG_REQUEST); + return cp_payload_create_type(type, CFG_REQUEST); } diff --git a/src/libcharon/encoding/payloads/cp_payload.h b/src/libcharon/encoding/payloads/cp_payload.h index bc6bdee50..0e3cf53bc 100644 --- a/src/libcharon/encoding/payloads/cp_payload.h +++ b/src/libcharon/encoding/payloads/cp_payload.h @@ -46,9 +46,7 @@ enum config_type_t { extern enum_name_t *config_type_names; /** - * Class representing an IKEv2-CP Payload. - * - * The CP Payload format is described in RFC section 3.15. + * Class representing an IKEv2 configuration / IKEv1 attribute payload. */ struct cp_payload_t { @@ -88,16 +86,18 @@ struct cp_payload_t { /** * Creates an empty configuration payload * - * @return empty configuration payload + * @param type payload type, CONFIGURATION or CONFIGURATION_V1 + * @return empty configuration payload */ -cp_payload_t *cp_payload_create(); +cp_payload_t *cp_payload_create(payload_type_t type); /** * Creates an cp_payload_t with type and value * - * @param config_type type of configuration payload to create - * @return created configuration payload + * @param type payload type, CONFIGURATION or CONFIGURATION_V1 + * @param cfg_type type of configuration payload to create + * @return created configuration payload */ -cp_payload_t *cp_payload_create_type(config_type_t config_type); +cp_payload_t *cp_payload_create_type(payload_type_t type, config_type_t cfg_type); #endif /** CP_PAYLOAD_H_ @}*/ diff --git a/src/libcharon/encoding/payloads/data_attribute_v1.c b/src/libcharon/encoding/payloads/data_attribute_v1.c deleted file mode 100644 index 37f7c0072..000000000 --- a/src/libcharon/encoding/payloads/data_attribute_v1.c +++ /dev/null @@ -1,260 +0,0 @@ - -#include <stddef.h> - -#include "data_attribute_v1.h" - -#include <encoding/payloads/encodings.h> -#include <library.h> -#include <daemon.h> - -typedef struct private_data_attribute_v1_t private_data_attribute_v1_t; - -/** - * Private data of an data_attribute_v1_t object. - */ -struct private_data_attribute_v1_t { - - /** - * Public data_attribute_v1_t interface. - */ - data_attribute_v1_t public; - - /** - * Reserved bit - */ - bool af_flag; - - /** - * Type of the attribute. - */ - u_int16_t type; - - /** - * Length of the attribute. - */ - u_int16_t length_or_value; - - /** - * Attribute value as chunk. - */ - chunk_t value; -}; - -/** - * Encoding rules to parse or generate a configuration attribute. - * - * The defined offsets are the positions in a object of type - * private_data_attribute_v1_t. - */ -encoding_rule_t data_attribute_v1_encodings[] = { - /* AF Flag */ - { FLAG, offsetof(private_data_attribute_v1_t, af_flag)}, - /* type of the attribute as 15 bit unsigned integer */ - { ATTRIBUTE_TYPE, offsetof(private_data_attribute_v1_t, type) }, - /* Length of attribute value */ - { ATTRIBUTE_LENGTH_OR_VALUE, offsetof(private_data_attribute_v1_t, length_or_value) }, - /* Value of attribute if attribute format flag is zero */ - { ATTRIBUTE_VALUE, offsetof(private_data_attribute_v1_t, value) } -}; - -/* - 1 2 3 - 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 - +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - !R| Attribute Type ! Length | - +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - | | - ~ Value ~ - | | - +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ -*/ - -METHOD(payload_t, verify, status_t, - private_data_attribute_v1_t *this) -{ - bool failed = FALSE; - - if (this->length_or_value != this->value.len) - { - DBG1(DBG_ENC, "invalid attribute length"); - return FAILED; - } - - switch (this->type) - { - case INTERNAL_IP4_ADDRESS: - case INTERNAL_IP4_NETMASK: - case INTERNAL_IP4_DNS: - case INTERNAL_IP4_NBNS: - case INTERNAL_ADDRESS_EXPIRY: - case INTERNAL_IP4_DHCP: - if (this->length_or_value != 0 && this->length_or_value != 4) - { - failed = TRUE; - } - break; - case INTERNAL_IP4_SUBNET: - if (this->length_or_value != 0 && this->length_or_value != 8) - { - failed = TRUE; - } - break; - case INTERNAL_IP6_ADDRESS: - case INTERNAL_IP6_SUBNET: - if (this->length_or_value != 0 && this->length_or_value != 17) - { - failed = TRUE; - } - break; - case INTERNAL_IP6_DNS: - case INTERNAL_IP6_NBNS: - case INTERNAL_IP6_DHCP: - if (this->length_or_value != 0 && this->length_or_value != 16) - { - failed = TRUE; - } - break; - case SUPPORTED_ATTRIBUTES: - if (this->length_or_value % 2) - { - failed = TRUE; - } - break; - case APPLICATION_VERSION: - /* any length acceptable */ - break; - default: - DBG1(DBG_ENC, "unknown attribute type %N", - configuration_attribute_type_names, this->type); - break; - } - - if (failed) - { - DBG1(DBG_ENC, "invalid attribute length %d for %N", - this->length_or_value, configuration_attribute_type_names, this->type); - return FAILED; - } - return SUCCESS; -} - -METHOD(payload_t, get_encoding_rules, void, - private_data_attribute_v1_t *this, encoding_rule_t **rules, - size_t *rule_count) -{ - *rules = data_attribute_v1_encodings; - *rule_count = countof(data_attribute_v1_encodings); -} - -METHOD(payload_t, get_header_length, int, - private_data_attribute_v1_t *this) -{ - return 4; -} - -METHOD(payload_t, get_type, payload_type_t, - private_data_attribute_v1_t *this) -{ - return DATA_ATTRIBUTE_V1; -} - -METHOD(payload_t, get_next_type, payload_type_t, - private_data_attribute_v1_t *this) -{ - return NO_PAYLOAD; -} - -METHOD(payload_t, set_next_type, void, - private_data_attribute_v1_t *this, payload_type_t type) -{ -} - -METHOD(payload_t, get_length, size_t, - private_data_attribute_v1_t *this) -{ - return get_header_length(this) + this->value.len; -} - -METHOD(data_attribute_v1_t, get_dattr_type, configuration_attribute_type_t, - private_data_attribute_v1_t *this) -{ - return this->type; -} - -METHOD(data_attribute_v1_t, get_value, u_int16_t, - private_data_attribute_v1_t *this) -{ - return this->length_or_value; -} - -METHOD(data_attribute_v1_t, get_value_chunk, chunk_t, - private_data_attribute_v1_t *this) -{ - return this->value; -} - -METHOD2(payload_t, data_attribute_v1_t, destroy, void, - private_data_attribute_v1_t *this) -{ - free(this->value.ptr); - free(this); -} - -/* - * Described in header. - */ -data_attribute_v1_t *data_attribute_v1_create() -{ - private_data_attribute_v1_t *this; - - INIT(this, - .public = { - .payload_interface = { - .verify = _verify, - .get_encoding_rules = _get_encoding_rules, - .get_length = _get_length, - .get_next_type = _get_next_type, - .set_next_type = _set_next_type, - .get_type = _get_type, - .destroy = _destroy, - }, - .get_value_chunk = _get_value_chunk, - .get_type = _get_dattr_type, - .destroy = _destroy, - }, - ); - return &this->public; -} - -/* - * Described in header. - */ -data_attribute_v1_t *data_attribute_v1_create_value( - configuration_attribute_type_t type, chunk_t value) -{ - private_data_attribute_v1_t *this; - - this = (private_data_attribute_v1_t*)data_attribute_v1_create(); - this->type = ((u_int16_t)type) & 0x7FFF; - this->value = chunk_clone(value); - this->length_or_value = value.len; - this->af_flag = FALSE; - - return &this->public; -} - -/* - * Described in header. - */ -data_attribute_v1_t *data_attribute_v1_create_basic( - configuration_attribute_type_t type, u_int16_t value) -{ - private_data_attribute_v1_t *this; - - this = (private_data_attribute_v1_t*)data_attribute_v1_create(); - this->type = ((u_int16_t)type) & 0x7FFF; - this->length_or_value = value; - this->af_flag = TRUE; - - return &this->public; -} diff --git a/src/libcharon/encoding/payloads/data_attribute_v1.h b/src/libcharon/encoding/payloads/data_attribute_v1.h deleted file mode 100644 index 568b3143a..000000000 --- a/src/libcharon/encoding/payloads/data_attribute_v1.h +++ /dev/null @@ -1,88 +0,0 @@ - -/** - * @defgroup data_attribute_v1 data_attribute_v1 - * @{ @ingroup payloads - */ - -#ifndef DATA_ATTRIBUTE_V1_H_ -#define DATA_ATTRIBUTE_V1_H_ - -typedef struct data_attribute_v1_t data_attribute_v1_t; - -#include <library.h> -#include <attributes/attributes.h> -#include <encoding/payloads/payload.h> - -/** - * Configuration attribute header length in bytes. - */ -#define DATA_ATTRIBUTE_V1_HEADER_LENGTH 4 - -/** - * Class representing an IKEv1-Data Attribute. - * - * The DATA_ATTRIBUTE_V1 format is described in RFC section 3.15.1. - */ -struct data_attribute_v1_t { - - /** - * Implements payload_t interface. - */ - payload_t payload_interface; - - /** - * Get the type of the attribute. - * - * @return type of the data attribute - */ - configuration_attribute_type_t (*get_type)(data_attribute_v1_t *this); - - /** - * Returns the value of the attribute. - * - * @return the basic internal value - */ - u_int16_t (*get_value) (data_attribute_v1_t *this); - - /** - * Returns the value of the attribute. - * - * @return chunk_t pointing to the internal value - */ - chunk_t (*get_value_chunk) (data_attribute_v1_t *this); - - /** - * Destroys an configuration_attribute_t object. - */ - void (*destroy) (data_attribute_v1_t *this); -}; - -/** - * Creates an empty data attribute. - * - * @return created data attribute - */ -data_attribute_v1_t *data_attribute_v1_create(); - -/** - * Creates a data attribute with type and value. - * - * @param type type of data attribute - * @param value value, gets cloned - * @return created data attribute - */ -data_attribute_v1_t *data_attribute_v1_create_value( - configuration_attribute_type_t type, chunk_t value); - - -/** - * Creates a data attribute with type and value. - * - * @param type type of data attribute - * @param value value - * @return created data attribute - */ -data_attribute_v1_t *data_attribute_v1_create_basic( - configuration_attribute_type_t type, u_int16_t value); - -#endif /** DATA_ATTRIBUTE_V1_H_ @}*/ diff --git a/src/libcharon/encoding/payloads/payload.c b/src/libcharon/encoding/payloads/payload.c index 7d6fa6674..3a411606c 100644 --- a/src/libcharon/encoding/payloads/payload.c +++ b/src/libcharon/encoding/payloads/payload.c @@ -38,12 +38,9 @@ #include <encoding/payloads/hash_payload.h> #include <encoding/payloads/unknown_payload.h> -#include <encoding/payloads/attribute_payload_v1.h> -#include <encoding/payloads/data_attribute_v1.h> - ENUM_BEGIN(payload_type_names, NO_PAYLOAD, NO_PAYLOAD, "NO_PAYLOAD"); -ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION_V1, ATTRIBUTE_V1, NO_PAYLOAD, +ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION_V1, CONFIGURATION_V1, NO_PAYLOAD, "SECURITY_ASSOCIATION_V1", "PROPOSAL_V1", "TRANSFORM_V1", @@ -57,8 +54,8 @@ ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION_V1, ATTRIBUTE_V1, NO_PAYLOAD, "NOTIFY_V1", "DELETE_V1", "VENDOR_ID_V1", - "ATTRIBUTE_V1"); -ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION, EXTENSIBLE_AUTHENTICATION, ATTRIBUTE_V1, + "CONFIGURATION_V1"); +ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION, EXTENSIBLE_AUTHENTICATION, CONFIGURATION_V1, "SECURITY_ASSOCIATION", "KEY_EXCHANGE", "ID_INITIATOR", @@ -78,7 +75,7 @@ ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION, EXTENSIBLE_AUTHENTICATION, A #ifdef ME ENUM_NEXT(payload_type_names, ID_PEER, ID_PEER, EXTENSIBLE_AUTHENTICATION, "ID_PEER"); -ENUM_NEXT(payload_type_names, HEADER, DATA_ATTRIBUTE_V1, ID_PEER, +ENUM_NEXT(payload_type_names, HEADER, ENCRYPTED_V1, ID_PEER, "HEADER", "PROPOSAL_SUBSTRUCTURE", "PROPOSAL_SUBSTRUCTURE_V1", @@ -88,10 +85,10 @@ ENUM_NEXT(payload_type_names, HEADER, DATA_ATTRIBUTE_V1, ID_PEER, "TRANSFORM_ATTRIBUTE_V1", "TRAFFIC_SELECTOR_SUBSTRUCTURE", "CONFIGURATION_ATTRIBUTE", - "ENCRYPTED_V1", - "DATA_ATTRIBUTE_V1"); + "CONFIGURATION_ATTRIBUTE_V1", + "ENCRYPTED_V1"); #else -ENUM_NEXT(payload_type_names, HEADER, DATA_ATTRIBUTE_V1, EXTENSIBLE_AUTHENTICATION, +ENUM_NEXT(payload_type_names, HEADER, ENCRYPTED_V1, EXTENSIBLE_AUTHENTICATION, "HEADER", "PROPOSAL_SUBSTRUCTURE", "PROPOSAL_SUBSTRUCTURE_V1", @@ -101,15 +98,15 @@ ENUM_NEXT(payload_type_names, HEADER, DATA_ATTRIBUTE_V1, EXTENSIBLE_AUTHENTICATI "TRANSFORM_ATTRIBUTE_V1", "TRAFFIC_SELECTOR_SUBSTRUCTURE", "CONFIGURATION_ATTRIBUTE", - "ENCRYPTED_V1", - "DATA_ATTRIBUTE_V1"); + "CONFIGURATION_ATTRIBUTE_V1", + "ENCRYPTED_V1"); #endif /* ME */ -ENUM_END(payload_type_names, DATA_ATTRIBUTE_V1); +ENUM_END(payload_type_names, ENCRYPTED_V1); /* short forms of payload names */ ENUM_BEGIN(payload_type_short_names, NO_PAYLOAD, NO_PAYLOAD, "--"); -ENUM_NEXT(payload_type_short_names, SECURITY_ASSOCIATION_V1, VENDOR_ID_V1, NO_PAYLOAD, +ENUM_NEXT(payload_type_short_names, SECURITY_ASSOCIATION_V1, CONFIGURATION_V1, NO_PAYLOAD, "SA", "PROP", "TRANS", @@ -122,8 +119,9 @@ ENUM_NEXT(payload_type_short_names, SECURITY_ASSOCIATION_V1, VENDOR_ID_V1, NO_PA "No", "N", "D", - "V"); -ENUM_NEXT(payload_type_short_names, SECURITY_ASSOCIATION, EXTENSIBLE_AUTHENTICATION, VENDOR_ID_V1, + "V", + "CP"); +ENUM_NEXT(payload_type_short_names, SECURITY_ASSOCIATION, EXTENSIBLE_AUTHENTICATION, CONFIGURATION_V1, "SA", "KE", "IDi", @@ -143,7 +141,7 @@ ENUM_NEXT(payload_type_short_names, SECURITY_ASSOCIATION, EXTENSIBLE_AUTHENTICAT #ifdef ME ENUM_NEXT(payload_type_short_names, ID_PEER, ID_PEER, EXTENSIBLE_AUTHENTICATION, "IDp"); -ENUM_NEXT(payload_type_short_names, HEADER, DATA_ATTRIBUTE_V1, ID_PEER, +ENUM_NEXT(payload_type_short_names, HEADER, ENCRYPTED_V1, ID_PEER, "HDR", "PROP", "PROP", @@ -153,10 +151,10 @@ ENUM_NEXT(payload_type_short_names, HEADER, DATA_ATTRIBUTE_V1, ID_PEER, "TRANSATTR", "TSSUB", "CATTR", - "E", - "DATAATTR"); + "CATTR", + "E"); #else -ENUM_NEXT(payload_type_short_names, HEADER, DATA_ATTRIBUTE_V1, EXTENSIBLE_AUTHENTICATION, +ENUM_NEXT(payload_type_short_names, HEADER, ENCRYPTED_V1, EXTENSIBLE_AUTHENTICATION, "HDR", "PROP", "PROP", @@ -166,10 +164,10 @@ ENUM_NEXT(payload_type_short_names, HEADER, DATA_ATTRIBUTE_V1, EXTENSIBLE_AUTHEN "TRANSATTR", "TSSUB", "CATTR", - "E", - "DATAATTR"); + "CATTR", + "E"); #endif /* ME */ -ENUM_END(payload_type_short_names, DATA_ATTRIBUTE_V1); +ENUM_END(payload_type_short_names, ENCRYPTED_V1); /* * see header @@ -230,18 +228,16 @@ payload_t *payload_create(payload_type_t type) case HASH_V1: return (payload_t*)hash_payload_create(); case CONFIGURATION: - return (payload_t*)cp_payload_create(); + case CONFIGURATION_V1: + return (payload_t*)cp_payload_create(type); case CONFIGURATION_ATTRIBUTE: - return (payload_t*)configuration_attribute_create(); + case CONFIGURATION_ATTRIBUTE_V1: + return (payload_t*)configuration_attribute_create(type); case EXTENSIBLE_AUTHENTICATION: return (payload_t*)eap_payload_create(); case ENCRYPTED: case ENCRYPTED_V1: return (payload_t*)encryption_payload_create(type); - case ATTRIBUTE_V1: - return (payload_t*)attribute_payload_v1_create(); - case DATA_ATTRIBUTE_V1: - return (payload_t*)data_attribute_v1_create(); default: return (payload_t*)unknown_payload_create(type); } @@ -260,7 +256,7 @@ bool payload_is_known(payload_type_t type) { return TRUE; } - if (type >= SECURITY_ASSOCIATION_V1 && type <= VENDOR_ID_V1) + if (type >= SECURITY_ASSOCIATION_V1 && type <= CONFIGURATION_V1) { return TRUE; } diff --git a/src/libcharon/encoding/payloads/payload.h b/src/libcharon/encoding/payloads/payload.h index f55099fe7..6209b0822 100644 --- a/src/libcharon/encoding/payloads/payload.h +++ b/src/libcharon/encoding/payloads/payload.h @@ -113,9 +113,9 @@ enum payload_type_t { VENDOR_ID_V1 = 13, /** - * Attribute payload (ISAKMP Cfg Mode "draft-ietf-ipsec-isakmp-mode-cfg-05") + * Attribute payload (ISAKMP Mode Config, aka configuration payload. */ - ATTRIBUTE_V1 = 14, + CONFIGURATION_V1 = 14, /** * The security association (SA) payload containing proposals. @@ -249,20 +249,19 @@ enum payload_type_t { TRAFFIC_SELECTOR_SUBSTRUCTURE, /** - * CONFIGURATION_ATTRIBUTE, attribute in a configuration payload. + * CONFIGURATION_ATTRIBUTE, IKEv2 attribute in a configuration payload. */ CONFIGURATION_ATTRIBUTE, /** - * This is not really a payload, but rather the complete IKEv1 message. + * CONFIGURATION_ATTRIBUTE_V1, IKEv1 attribute in a configuration payload. */ - ENCRYPTED_V1, + CONFIGURATION_ATTRIBUTE_V1, /** - * DATA_ATTRIBUTE, attribute in an ATTRIBUTE payload. + * This is not really a payload, but rather the complete IKEv1 message. */ - DATA_ATTRIBUTE_V1, - + ENCRYPTED_V1, }; /** diff --git a/src/libcharon/sa/tasks/ike_config.c b/src/libcharon/sa/tasks/ike_config.c index 6623730d1..332af465b 100644 --- a/src/libcharon/sa/tasks/ike_config.c +++ b/src/libcharon/sa/tasks/ike_config.c @@ -98,7 +98,8 @@ static configuration_attribute_t *build_vip(host_t *vip) chunk = chunk_cata("cc", chunk, prefix); } } - return configuration_attribute_create_value(type, chunk); + return configuration_attribute_create_chunk(CONFIGURATION_ATTRIBUTE, + type, chunk); } /** @@ -128,11 +129,11 @@ static void handle_attribute(private_ike_config_t *this, /* and pass it to the handle function */ handler = hydra->attributes->handle(hydra->attributes, this->ike_sa->get_other_id(this->ike_sa), handler, - ca->get_type(ca), ca->get_value(ca)); + ca->get_type(ca), ca->get_chunk(ca)); if (handler) { this->ike_sa->add_configuration_attribute(this->ike_sa, - handler, ca->get_type(ca), ca->get_value(ca)); + handler, ca->get_type(ca), ca->get_chunk(ca)); } } @@ -153,7 +154,7 @@ static void process_attribute(private_ike_config_t *this, /* fall */ case INTERNAL_IP6_ADDRESS: { - addr = ca->get_value(ca); + addr = ca->get_chunk(ca); if (addr.len == 0) { ip = host_create_any(family); @@ -252,7 +253,7 @@ METHOD(task_t, build_i, status_t, } if (vip) { - cp = cp_payload_create_type(CFG_REQUEST); + cp = cp_payload_create_type(CONFIGURATION, CFG_REQUEST); cp->add_attribute(cp, build_vip(vip)); } @@ -266,10 +267,11 @@ METHOD(task_t, build_i, status_t, /* create configuration attribute */ DBG2(DBG_IKE, "building %N attribute", configuration_attribute_type_names, type); - ca = configuration_attribute_create_value(type, data); + ca = configuration_attribute_create_chunk(CONFIGURATION_ATTRIBUTE, + type, data); if (!cp) { - cp = cp_payload_create_type(CFG_REQUEST); + cp = cp_payload_create_type(CONFIGURATION, CFG_REQUEST); } cp->add_attribute(cp, ca); @@ -335,7 +337,7 @@ METHOD(task_t, build_r, status_t, DBG1(DBG_IKE, "assigning virtual IP %H to peer '%Y'", vip, id); this->ike_sa->set_virtual_ip(this->ike_sa, FALSE, vip); - cp = cp_payload_create_type(CFG_REPLY); + cp = cp_payload_create_type(CONFIGURATION, CFG_REPLY); cp->add_attribute(cp, build_vip(vip)); } @@ -346,12 +348,13 @@ METHOD(task_t, build_r, status_t, { if (!cp) { - cp = cp_payload_create_type(CFG_REPLY); + cp = cp_payload_create_type(CONFIGURATION, CFG_REPLY); } DBG2(DBG_IKE, "building %N attribute", configuration_attribute_type_names, type); cp->add_attribute(cp, - configuration_attribute_create_value(type, value)); + configuration_attribute_create_chunk(CONFIGURATION_ATTRIBUTE, + type, value)); } enumerator->destroy(enumerator); diff --git a/src/libcharon/sa/tasks/xauth_request.c b/src/libcharon/sa/tasks/xauth_request.c index a50d0fb43..60914beef 100644 --- a/src/libcharon/sa/tasks/xauth_request.c +++ b/src/libcharon/sa/tasks/xauth_request.c @@ -3,8 +3,7 @@ #include <daemon.h> #include <hydra.h> -#include <encoding/payloads/attribute_payload_v1.h> -#include <encoding/payloads/data_attribute_v1.h> +#include <encoding/payloads/cp_payload.h> #include <encoding/payloads/hash_payload.h> #include <encoding/generator.h> @@ -61,10 +60,9 @@ static void process_payloads(private_xauth_request_t *this, message_t *message) METHOD(task_t, build_i, status_t, private_xauth_request_t *this, message_t *message) { - attribute_payload_v1_t *ap = NULL; + cp_payload_t *cp; chunk_t chunk = chunk_empty; - data_attribute_v1_t *da = NULL; - hash_payload_t *hash_payload = NULL; + hash_payload_t *hash_payload; generator_t *generator; chunk_t attr_chunk; chunk_t mid_chunk; @@ -76,13 +74,11 @@ METHOD(task_t, build_i, status_t, DBG1(DBG_IKE, "BUILDING XAUTH REQUEST PACKET"); /* TODO1: Create ATTR payload */ - ap = attribute_payload_v1_create(); - - da = data_attribute_v1_create_value(XAUTH_USER_NAME, chunk); - ap->add_attribute(ap, da); - - da = data_attribute_v1_create_value(XAUTH_USER_PASSWORD, chunk); - ap->add_attribute(ap, da); + cp = cp_payload_create(CONFIGURATION_V1); + cp->add_attribute(cp, configuration_attribute_create_chunk( + CONFIGURATION_ATTRIBUTE_V1, XAUTH_USER_NAME, chunk)); + cp->add_attribute(cp, configuration_attribute_create_chunk( + CONFIGURATION_ATTRIBUTE_V1, XAUTH_USER_PASSWORD, chunk)); /* Create HASH payload */ hash_payload = hash_payload_create(); @@ -90,8 +86,8 @@ METHOD(task_t, build_i, status_t, /* Calculate the chunk for the ATTR payload */ generator = generator_create(); - ap->payload_interface.set_next_type(&ap->payload_interface, NO_PAYLOAD); - generator->generate_payload(generator, (payload_t *)ap); + cp->payload_interface.set_next_type(&cp->payload_interface, NO_PAYLOAD); + generator->generate_payload(generator, (payload_t *)cp); attr_chunk = generator->get_chunk(generator, &lenpos); /* Get the message ID in network order */ @@ -102,7 +98,7 @@ METHOD(task_t, build_i, status_t, hash_in = chunk_cat("cc", mid_chunk, attr_chunk); message->add_payload(message, (payload_t *)hash_payload); - message->add_payload(message, (payload_t *)ap); + message->add_payload(message, (payload_t *)cp); return NEED_MORE; } |