diff options
| author | Martin Willi <martin@revosec.ch> | 2011-11-17 18:01:41 +0100 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2012-03-20 17:30:43 +0100 |
| commit | 04ee2b7fed91b4430ba4870a2f1b98ee3e228f50 (patch) | |
| tree | 6b2f395dc73a9289d4dd246cdd18adeceaac07e0 | |
| parent | 043ed1b346fcc2130be8ff8a5a3bd503dfb1ac22 (diff) | |
| download | strongswan-04ee2b7fed91b4430ba4870a2f1b98ee3e228f50.tar.bz2 strongswan-04ee2b7fed91b4430ba4870a2f1b98ee3e228f50.tar.xz | |
Added IKEv1 support to notify payload
| -rw-r--r-- | src/conftest/hooks/add_notify.c | 2 | ||||
| -rw-r--r-- | src/conftest/hooks/unencrypted_notify.c | 2 | ||||
| -rw-r--r-- | src/libcharon/encoding/message.c | 29 | ||||
| -rw-r--r-- | src/libcharon/encoding/payloads/endpoint_notify.c | 2 | ||||
| -rw-r--r-- | src/libcharon/encoding/payloads/notify_payload.c | 187 | ||||
| -rw-r--r-- | src/libcharon/encoding/payloads/notify_payload.h | 20 | ||||
| -rw-r--r-- | src/libcharon/encoding/payloads/payload.c | 7 | ||||
| -rw-r--r-- | src/libcharon/encoding/payloads/payload.h | 2 | ||||
| -rw-r--r-- | src/libcharon/encoding/payloads/proposal_substructure.c | 4 | ||||
| -rw-r--r-- | src/libcharon/sa/tasks/child_rekey.c | 6 | ||||
| -rw-r--r-- | src/libcharon/sa/tasks/ike_natd.c | 2 |
11 files changed, 177 insertions, 86 deletions
diff --git a/src/conftest/hooks/add_notify.c b/src/conftest/hooks/add_notify.c index de46ca81f..a9731960b 100644 --- a/src/conftest/hooks/add_notify.c +++ b/src/conftest/hooks/add_notify.c @@ -89,7 +89,7 @@ METHOD(listener_t, message, bool, { data = chunk_clone(chunk_create(this->data, strlen(this->data))); } - notify = notify_payload_create_from_protocol_and_type( + notify = notify_payload_create_from_protocol_and_type(NOTIFY, this->esp ? PROTO_ESP : PROTO_IKE, type); notify->set_spi(notify, this->spi); if (data.len) diff --git a/src/conftest/hooks/unencrypted_notify.c b/src/conftest/hooks/unencrypted_notify.c index 507f30cae..958e33e98 100644 --- a/src/conftest/hooks/unencrypted_notify.c +++ b/src/conftest/hooks/unencrypted_notify.c @@ -84,7 +84,7 @@ METHOD(listener_t, ike_updown, bool, { data = chunk_clone(chunk_create(this->data, strlen(this->data))); } - notify = notify_payload_create_from_protocol_and_type( + notify = notify_payload_create_from_protocol_and_type(NOTIFY, this->esp ? PROTO_ESP : PROTO_IKE, type); notify->set_spi(notify, this->spi); if (data.len) diff --git a/src/libcharon/encoding/message.c b/src/libcharon/encoding/message.c index 6640b7696..0789da4b7 100644 --- a/src/libcharon/encoding/message.c +++ b/src/libcharon/encoding/message.c @@ -425,7 +425,7 @@ static payload_order_t me_connect_r_order[] = { */ static payload_rule_t id_prot_i_rules[] = { /* payload type min max encr suff */ - {NOTIFICATION_V1, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE}, + {NOTIFY_V1, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE}, {SECURITY_ASSOCIATION_V1, 0, 1, FALSE, FALSE}, {KEY_EXCHANGE_V1, 0, 1, FALSE, FALSE}, {NONCE_V1, 0, 1, FALSE, FALSE}, @@ -450,7 +450,7 @@ static payload_order_t id_prot_i_order[] = { {SIGNATURE_V1, 0}, {HASH_V1, 0}, {CERTIFICATE_REQUEST_V1, 0}, - {NOTIFICATION_V1, 0}, + {NOTIFY_V1, 0}, {VENDOR_ID_V1, 0}, }; @@ -459,7 +459,7 @@ static payload_order_t id_prot_i_order[] = { */ static payload_rule_t id_prot_r_rules[] = { /* payload type min max encr suff */ - {NOTIFICATION_V1, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE}, + {NOTIFY_V1, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE}, {SECURITY_ASSOCIATION_V1, 0, 1, FALSE, FALSE}, {KEY_EXCHANGE_V1, 0, 1, FALSE, FALSE}, {NONCE_V1, 0, 1, FALSE, FALSE}, @@ -484,7 +484,7 @@ static payload_order_t id_prot_r_order[] = { {SIGNATURE_V1, 0}, {HASH_V1, 0}, {CERTIFICATE_REQUEST_V1, 0}, - {NOTIFICATION_V1, 0}, + {NOTIFY_V1, 0}, {VENDOR_ID_V1, 0}, }; @@ -493,7 +493,7 @@ static payload_order_t id_prot_r_order[] = { */ static payload_rule_t aggressive_i_rules[] = { /* payload type min max encr suff */ - {NOTIFICATION_V1, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE}, + {NOTIFY_V1, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE}, {SECURITY_ASSOCIATION_V1, 0, 1, FALSE, FALSE}, {KEY_EXCHANGE_V1, 0, 1, FALSE, FALSE}, {NONCE_V1, 0, 1, FALSE, FALSE}, @@ -518,7 +518,7 @@ static payload_order_t aggressive_i_order[] = { {SIGNATURE_V1, 0}, {HASH_V1, 0}, {CERTIFICATE_REQUEST_V1, 0}, - {NOTIFICATION_V1, 0}, + {NOTIFY_V1, 0}, {VENDOR_ID_V1, 0}, }; @@ -527,7 +527,7 @@ static payload_order_t aggressive_i_order[] = { */ static payload_rule_t aggressive_r_rules[] = { /* payload type min max encr suff */ - {NOTIFICATION_V1, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE}, + {NOTIFY_V1, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE}, {SECURITY_ASSOCIATION_V1, 0, 1, FALSE, FALSE}, {KEY_EXCHANGE_V1, 0, 1, FALSE, FALSE}, {NONCE_V1, 0, 1, FALSE, FALSE}, @@ -552,7 +552,7 @@ static payload_order_t aggressive_r_order[] = { {SIGNATURE_V1, 0}, {HASH_V1, 0}, {CERTIFICATE_REQUEST_V1, 0}, - {NOTIFICATION_V1, 0}, + {NOTIFY_V1, 0}, {VENDOR_ID_V1, 0}, }; @@ -561,7 +561,7 @@ static payload_order_t aggressive_r_order[] = { */ static payload_rule_t informational_i_rules_v1[] = { /* payload type min max encr suff */ - {NOTIFICATION_V1, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE}, + {NOTIFY_V1, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE}, {DELETE_V1, 0, MAX_DELETE_PAYLOADS, TRUE, FALSE}, {VENDOR_ID_V1, 0, MAX_VID_PAYLOADS, TRUE, FALSE}, }; @@ -571,7 +571,7 @@ static payload_rule_t informational_i_rules_v1[] = { */ static payload_order_t informational_i_order_v1[] = { /* payload type notify type */ - {NOTIFICATION_V1, 0}, + {NOTIFY_V1, 0}, {DELETE_V1, 0}, {VENDOR_ID_V1, 0}, }; @@ -930,7 +930,14 @@ METHOD(message_t, add_notify, void, payload->destroy(payload); } } - notify = notify_payload_create(); + if (this->major_version == IKEV2_MAJOR_VERSION) + { + notify = notify_payload_create(NOTIFY); + } + else + { + notify = notify_payload_create(NOTIFY_V1); + } notify->set_notify_type(notify, type); notify->set_notification_data(notify, data); add_payload(this, (payload_t*)notify); diff --git a/src/libcharon/encoding/payloads/endpoint_notify.c b/src/libcharon/encoding/payloads/endpoint_notify.c index 1ead0a052..8dc1c1955 100644 --- a/src/libcharon/encoding/payloads/endpoint_notify.c +++ b/src/libcharon/encoding/payloads/endpoint_notify.c @@ -227,7 +227,7 @@ METHOD(endpoint_notify_t, build_notify, notify_payload_t*, chunk_t data; notify_payload_t *notify; - notify = notify_payload_create(); + notify = notify_payload_create(NOTIFICATION); notify->set_notify_type(notify, ME_ENDPOINT); data = build_notification_data(this); notify->set_notification_data(notify, data); diff --git a/src/libcharon/encoding/payloads/notify_payload.c b/src/libcharon/encoding/payloads/notify_payload.c index 7dab941b8..a5ffb0693 100644 --- a/src/libcharon/encoding/payloads/notify_payload.c +++ b/src/libcharon/encoding/payloads/notify_payload.c @@ -38,7 +38,8 @@ ENUM_NEXT(notify_type_names, INVALID_SPI, INVALID_SPI, INVALID_MESSAGE_ID, "INVALID_SPI"); ENUM_NEXT(notify_type_names, NO_PROPOSAL_CHOSEN, NO_PROPOSAL_CHOSEN, INVALID_SPI, "NO_PROPOSAL_CHOSEN"); -ENUM_NEXT(notify_type_names, INVALID_KE_PAYLOAD, INVALID_KE_PAYLOAD, NO_PROPOSAL_CHOSEN, +ENUM_NEXT(notify_type_names, PAYLOAD_MALFORMED, INVALID_KE_PAYLOAD, NO_PROPOSAL_CHOSEN, + "PAYLOAD_MALFORMED", "INVALID_KE_PAYLOAD"); ENUM_NEXT(notify_type_names, AUTHENTICATION_FAILED, AUTHENTICATION_FAILED, INVALID_KE_PAYLOAD, "AUTHENTICATION_FAILED"); @@ -99,7 +100,9 @@ ENUM_NEXT(notify_type_names, INITIAL_CONTACT, IPSEC_REPLAY_COUNTER_SYNC, MS_NOTI "IKEV2_REPLAY_COUNTER_SYNC_SUPPORTED", "IKEV2_MESSAGE_ID_SYNC", "IPSEC_REPLAY_COUNTER_SYNC"); -ENUM_NEXT(notify_type_names, USE_BEET_MODE, USE_BEET_MODE, IPSEC_REPLAY_COUNTER_SYNC, +ENUM_NEXT(notify_type_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, IPSEC_REPLAY_COUNTER_SYNC, + "INITIAL_CONTACT"); +ENUM_NEXT(notify_type_names, USE_BEET_MODE, USE_BEET_MODE, INITIAL_CONTACT_IKEV1, "USE_BEET_MODE"); ENUM_NEXT(notify_type_names, ME_MEDIATION, ME_RESPONSE, USE_BEET_MODE, "ME_MEDIATION", @@ -125,7 +128,8 @@ ENUM_NEXT(notify_type_short_names, INVALID_SPI, INVALID_SPI, INVALID_MESSAGE_ID, "INVAL_SPI"); ENUM_NEXT(notify_type_short_names, NO_PROPOSAL_CHOSEN, NO_PROPOSAL_CHOSEN, INVALID_SPI, "NO_PROP"); -ENUM_NEXT(notify_type_short_names, INVALID_KE_PAYLOAD, INVALID_KE_PAYLOAD, NO_PROPOSAL_CHOSEN, +ENUM_NEXT(notify_type_short_names, PAYLOAD_MALFORMED, INVALID_KE_PAYLOAD, NO_PROPOSAL_CHOSEN, + "PLD_MAL", "INVAL_KE"); ENUM_NEXT(notify_type_short_names, AUTHENTICATION_FAILED, AUTHENTICATION_FAILED, INVALID_KE_PAYLOAD, "AUTH_FAILED"); @@ -186,7 +190,9 @@ ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT, IPSEC_REPLAY_COUNTER_SYNC, M "RPL_CTR_SYN_SUP", "MSG_ID_SYN", "RPL_CTR_SYN"); -ENUM_NEXT(notify_type_short_names, USE_BEET_MODE, USE_BEET_MODE, IPSEC_REPLAY_COUNTER_SYNC, +ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, IPSEC_REPLAY_COUNTER_SYNC, + "INITIAL_CONTACT"); +ENUM_NEXT(notify_type_short_names, USE_BEET_MODE, USE_BEET_MODE, INITIAL_CONTACT_IKEV1, "BEET_MODE"); ENUM_NEXT(notify_type_short_names, ME_MEDIATION, ME_RESPONSE, USE_BEET_MODE, "ME_MED", @@ -224,7 +230,7 @@ struct private_notify_payload_t { /** * reserved bits */ - bool reserved[7]; + bool reserved[8]; /** * Length of this payload. @@ -232,6 +238,11 @@ struct private_notify_payload_t { u_int16_t payload_length; /** + * Domain of interpretation, IKEv1 only. + */ + u_int32_t doi; + + /** * Protocol id. */ u_int8_t protocol_id; @@ -254,40 +265,42 @@ struct private_notify_payload_t { /** * Notification data. */ - chunk_t notification_data; + chunk_t notify_data; + + /** + * Type of payload, NOTIFY or NOTIFY_V1 + */ + payload_type_t type; }; /** - * Encoding rules to parse or generate a IKEv2-Notify Payload. - * - * The defined offsets are the positions in a object of type - * private_notify_payload_t. + * Encoding rules for an IKEv2 notification payload */ -static encoding_rule_t encodings[] = { +static encoding_rule_t encodings_v2[] = { /* 1 Byte next payload type, stored in the field next_payload */ - { U_INT_8, offsetof(private_notify_payload_t, next_payload) }, + { U_INT_8, offsetof(private_notify_payload_t, next_payload) }, /* the critical bit */ - { FLAG, offsetof(private_notify_payload_t, critical) }, + { FLAG, offsetof(private_notify_payload_t, critical) }, /* 7 Bit reserved bits, nowhere stored */ - { RESERVED_BIT, offsetof(private_notify_payload_t, reserved[0]) }, - { RESERVED_BIT, offsetof(private_notify_payload_t, reserved[1]) }, - { RESERVED_BIT, offsetof(private_notify_payload_t, reserved[2]) }, - { RESERVED_BIT, offsetof(private_notify_payload_t, reserved[3]) }, - { RESERVED_BIT, offsetof(private_notify_payload_t, reserved[4]) }, - { RESERVED_BIT, offsetof(private_notify_payload_t, reserved[5]) }, - { RESERVED_BIT, offsetof(private_notify_payload_t, reserved[6]) }, + { RESERVED_BIT, offsetof(private_notify_payload_t, reserved[0]) }, + { RESERVED_BIT, offsetof(private_notify_payload_t, reserved[1]) }, + { RESERVED_BIT, offsetof(private_notify_payload_t, reserved[2]) }, + { RESERVED_BIT, offsetof(private_notify_payload_t, reserved[3]) }, + { RESERVED_BIT, offsetof(private_notify_payload_t, reserved[4]) }, + { RESERVED_BIT, offsetof(private_notify_payload_t, reserved[5]) }, + { RESERVED_BIT, offsetof(private_notify_payload_t, reserved[6]) }, /* Length of the whole payload*/ - { PAYLOAD_LENGTH, offsetof(private_notify_payload_t, payload_length) }, + { PAYLOAD_LENGTH, offsetof(private_notify_payload_t, payload_length) }, /* Protocol ID as 8 bit field*/ - { U_INT_8, offsetof(private_notify_payload_t, protocol_id) }, + { U_INT_8, offsetof(private_notify_payload_t, protocol_id) }, /* SPI Size as 8 bit field*/ - { SPI_SIZE, offsetof(private_notify_payload_t, spi_size) }, + { SPI_SIZE, offsetof(private_notify_payload_t, spi_size) }, /* Notify message type as 16 bit field*/ - { U_INT_16, offsetof(private_notify_payload_t, notify_type) }, + { U_INT_16, offsetof(private_notify_payload_t, notify_type) }, /* SPI as variable length field*/ - { SPI, offsetof(private_notify_payload_t, spi) }, + { SPI, offsetof(private_notify_payload_t, spi) }, /* Key Exchange Data is from variable size */ - { CHUNK_DATA, offsetof(private_notify_payload_t, notification_data) } + { CHUNK_DATA, offsetof(private_notify_payload_t, notify_data) }, }; /* @@ -307,6 +320,57 @@ static encoding_rule_t encodings[] = { ! ! +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ +/** + * Encoding rules for an IKEv1 notification payload + */ +static encoding_rule_t encodings_v1[] = { + /* 1 Byte next payload type, stored in the field next_payload */ + { U_INT_8, offsetof(private_notify_payload_t, next_payload) }, + /* 8 reserved bits */ + { RESERVED_BIT, offsetof(private_notify_payload_t, reserved[0]) }, + { RESERVED_BIT, offsetof(private_notify_payload_t, reserved[1]) }, + { RESERVED_BIT, offsetof(private_notify_payload_t, reserved[2]) }, + { RESERVED_BIT, offsetof(private_notify_payload_t, reserved[3]) }, + { RESERVED_BIT, offsetof(private_notify_payload_t, reserved[4]) }, + { RESERVED_BIT, offsetof(private_notify_payload_t, reserved[5]) }, + { RESERVED_BIT, offsetof(private_notify_payload_t, reserved[6]) }, + { RESERVED_BIT, offsetof(private_notify_payload_t, reserved[7]) }, + /* Length of the whole payload*/ + { PAYLOAD_LENGTH, offsetof(private_notify_payload_t, payload_length) }, + /* DOI as 32 bit field*/ + { U_INT_32, offsetof(private_notify_payload_t, doi) }, + /* Protocol ID as 8 bit field*/ + { U_INT_8, offsetof(private_notify_payload_t, protocol_id) }, + /* SPI Size as 8 bit field*/ + { SPI_SIZE, offsetof(private_notify_payload_t, spi_size) }, + /* Notify message type as 16 bit field*/ + { U_INT_16, offsetof(private_notify_payload_t, notify_type) }, + /* SPI as variable length field*/ + { SPI, offsetof(private_notify_payload_t, spi) }, + /* Key Exchange Data is from variable size */ + { CHUNK_DATA, offsetof(private_notify_payload_t, notify_data) }, +}; + +/* + 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ! Next Payload ! RESERVED ! Payload Length ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ! DOI ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ! Protocol ID ! SPI Size ! Notify Message Type ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ! ! + ~ Security Parameter Index (SPI) ~ + ! ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ! ! + ~ Notification Data ~ + ! ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +*/ + METHOD(payload_t, verify, status_t, private_notify_payload_t *this) @@ -329,7 +393,7 @@ METHOD(payload_t, verify, status_t, { case INVALID_KE_PAYLOAD: { - if (this->notification_data.len != 2) + if (this->notify_data.len != 2) { bad_length = TRUE; } @@ -339,7 +403,7 @@ METHOD(payload_t, verify, status_t, case NAT_DETECTION_DESTINATION_IP: case ME_CONNECTAUTH: { - if (this->notification_data.len != HASH_SIZE_SHA1) + if (this->notify_data.len != HASH_SIZE_SHA1) { bad_length = TRUE; } @@ -349,7 +413,7 @@ METHOD(payload_t, verify, status_t, case INVALID_MAJOR_VERSION: case NO_PROPOSAL_CHOSEN: { - if (this->notification_data.len != 0) + if (this->notify_data.len != 0) { bad_length = TRUE; } @@ -357,7 +421,7 @@ METHOD(payload_t, verify, status_t, } case ADDITIONAL_IP4_ADDRESS: { - if (this->notification_data.len != 4) + if (this->notify_data.len != 4) { bad_length = TRUE; } @@ -365,7 +429,7 @@ METHOD(payload_t, verify, status_t, } case ADDITIONAL_IP6_ADDRESS: { - if (this->notification_data.len != 16) + if (this->notify_data.len != 16) { bad_length = TRUE; } @@ -373,7 +437,7 @@ METHOD(payload_t, verify, status_t, } case AUTH_LIFETIME: { - if (this->notification_data.len != 4) + if (this->notify_data.len != 4) { bad_length = TRUE; } @@ -381,30 +445,30 @@ METHOD(payload_t, verify, status_t, } case IPCOMP_SUPPORTED: { - if (this->notification_data.len != 3) + if (this->notify_data.len != 3) { bad_length = TRUE; } break; } case ME_ENDPOINT: - if (this->notification_data.len != 8 && - this->notification_data.len != 12 && - this->notification_data.len != 24) + if (this->notify_data.len != 8 && + this->notify_data.len != 12 && + this->notify_data.len != 24) { bad_length = TRUE; } break; case ME_CONNECTID: - if (this->notification_data.len < 4 || - this->notification_data.len > 16) + if (this->notify_data.len < 4 || + this->notify_data.len > 16) { bad_length = TRUE; } break; case ME_CONNECTKEY: - if (this->notification_data.len < 16 || - this->notification_data.len > 32) + if (this->notify_data.len < 16 || + this->notify_data.len > 32) { bad_length = TRUE; } @@ -417,7 +481,7 @@ METHOD(payload_t, verify, status_t, { DBG1(DBG_ENC, "invalid notify data length for %N (%d)", notify_type_names, this->notify_type, - this->notification_data.len); + this->notify_data.len); return FAILED; } return SUCCESS; @@ -426,20 +490,29 @@ METHOD(payload_t, verify, status_t, METHOD(payload_t, get_encoding_rules, int, private_notify_payload_t *this, encoding_rule_t **rules) { - *rules = encodings; - return countof(encodings); + if (this->type == NOTIFY) + { + *rules = encodings_v2; + return countof(encodings_v2); + } + *rules = encodings_v1; + return countof(encodings_v1); } METHOD(payload_t, get_header_length, int, private_notify_payload_t *this) { - return 8 + this->spi_size; + if (this->type == NOTIFY) + { + return 8 + this->spi_size; + } + return 12 + this->spi_size; } METHOD(payload_t, get_type, payload_type_t, private_notify_payload_t *this) { - return NOTIFY; + return this->type; } METHOD(payload_t, get_next_type, payload_type_t, @@ -459,7 +532,7 @@ METHOD(payload_t, set_next_type, void, */ static void compute_length(private_notify_payload_t *this) { - this->payload_length = get_header_length(this) + this->notification_data.len; + this->payload_length = get_header_length(this) + this->notify_data.len; } METHOD(payload_t, get_length, size_t, @@ -530,21 +603,21 @@ METHOD(notify_payload_t, set_spi, void, METHOD(notify_payload_t, get_notification_data, chunk_t, private_notify_payload_t *this) { - return this->notification_data; + return this->notify_data; } METHOD(notify_payload_t, set_notification_data, void, private_notify_payload_t *this, chunk_t data) { - free(this->notification_data.ptr); - this->notification_data = chunk_clone(data); + free(this->notify_data.ptr); + this->notify_data = chunk_clone(data); compute_length(this); } METHOD2(payload_t, notify_payload_t, destroy, void, private_notify_payload_t *this) { - free(this->notification_data.ptr); + free(this->notify_data.ptr); free(this->spi.ptr); free(this); } @@ -552,7 +625,7 @@ METHOD2(payload_t, notify_payload_t, destroy, void, /* * Described in header */ -notify_payload_t *notify_payload_create() +notify_payload_t *notify_payload_create(payload_type_t type) { private_notify_payload_t *this; @@ -578,7 +651,9 @@ notify_payload_t *notify_payload_create() .set_notification_data = _set_notification_data, .destroy = _destroy, }, + .doi = IKEV1_DOI_IPSEC, .next_payload = NO_PAYLOAD, + .type = type, ); compute_length(this); return &this->public; @@ -588,12 +663,12 @@ notify_payload_t *notify_payload_create() * Described in header. */ notify_payload_t *notify_payload_create_from_protocol_and_type( - protocol_id_t protocol_id, notify_type_t notify_type) + payload_type_t type, protocol_id_t protocol, notify_type_t notify) { - notify_payload_t *notify = notify_payload_create(); + notify_payload_t *this = notify_payload_create(type); - notify->set_notify_type(notify, notify_type); - notify->set_protocol_id(notify, protocol_id); + this->set_notify_type(this, notify); + this->set_protocol_id(this, protocol); - return notify; + return this; } diff --git a/src/libcharon/encoding/payloads/notify_payload.h b/src/libcharon/encoding/payloads/notify_payload.h index 91a3cac0f..1fc310962 100644 --- a/src/libcharon/encoding/payloads/notify_payload.h +++ b/src/libcharon/encoding/payloads/notify_payload.h @@ -33,19 +33,23 @@ typedef struct notify_payload_t notify_payload_t; #include <utils/linked_list.h> /** - * Notify message types. - * - * See IKEv2 RFC 3.10.1. + * Notify message types for IKEv2, and a subset for IKEv1. */ enum notify_type_t { /* notify error messages */ UNSUPPORTED_CRITICAL_PAYLOAD = 1, + /* IKEv1 alias */ + INVALID_PAYLOAD_TYPE = 1, INVALID_IKE_SPI = 4, INVALID_MAJOR_VERSION = 5, INVALID_SYNTAX = 7, + /* IKEv1 alias */ + INVALID_EXCHANGE_TYPE = 7, INVALID_MESSAGE_ID = 9, INVALID_SPI = 11, NO_PROPOSAL_CHOSEN = 14, + /* IKEv1 only */ + PAYLOAD_MALFORMED = 16, INVALID_KE_PAYLOAD = 17, AUTHENTICATION_FAILED = 24, SINGLE_PAIR_REQUIRED = 34, @@ -122,6 +126,8 @@ enum notify_type_t { IKEV2_REPLAY_COUNTER_SYNC_SUPPORTED = 16421, IKEV2_MESSAGE_ID_SYNC = 16422, IPSEC_REPLAY_COUNTER_SYNC = 16423, + /* IKEv1 initial contact */ + INITIAL_CONTACT_IKEV1 = 24578, /* BEET mode, not even a draft yet. private use */ USE_BEET_MODE = 40961, /* IKE-ME, private use */ @@ -229,18 +235,20 @@ struct notify_payload_t { /** * Creates an empty notify_payload_t object * + * @param type payload type, NOTIFY or NOTIFY_V1 * @return created notify_payload_t object */ -notify_payload_t *notify_payload_create(void); +notify_payload_t *notify_payload_create(payload_type_t type); /** * Creates an notify_payload_t object of specific type for specific protocol id. * - * @param protocol_id protocol id (IKE, AH or ESP) + * @param type payload type, NOTIFY or NOTIFY_V1 + * @param protocol protocol id (IKE, AH or ESP) * @param type notify type (see notify_type_t) * @return notify_payload_t object */ notify_payload_t *notify_payload_create_from_protocol_and_type( - protocol_id_t protocol_id, notify_type_t type); + payload_type_t type, protocol_id_t protocol, notify_type_t notify); #endif /** NOTIFY_PAYLOAD_H_ @}*/ diff --git a/src/libcharon/encoding/payloads/payload.c b/src/libcharon/encoding/payloads/payload.c index 014d3c525..95f1601ed 100644 --- a/src/libcharon/encoding/payloads/payload.c +++ b/src/libcharon/encoding/payloads/payload.c @@ -50,7 +50,7 @@ ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION_V1, VENDOR_ID_V1, NO_PAYLOAD, "HASH_V1", "SIGNATURE_V1", "NONCE_V1", - "NOTIFICATION_V1", + "NOTIFY_V1", "DELETE_V1", "VENDOR_ID_V1"); ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION, EXTENSIBLE_AUTHENTICATION, VENDOR_ID_V1, @@ -111,7 +111,7 @@ ENUM_NEXT(payload_type_short_names, SECURITY_ASSOCIATION_V1, VENDOR_ID_V1, NO_PA "HASH", "SIG", "No", - "NO", + "N", "D", "V"); ENUM_NEXT(payload_type_short_names, SECURITY_ASSOCIATION, EXTENSIBLE_AUTHENTICATION, VENDOR_ID_V1, @@ -205,7 +205,8 @@ payload_t *payload_create(payload_type_t type) case KEY_EXCHANGE_V1: return (payload_t*)ke_payload_create(type); case NOTIFY: - return (payload_t*)notify_payload_create(); + case NOTIFY_V1: + return (payload_t*)notify_payload_create(type); case DELETE: return (payload_t*)delete_payload_create(0); case VENDOR_ID: diff --git a/src/libcharon/encoding/payloads/payload.h b/src/libcharon/encoding/payloads/payload.h index 0060e3730..84871cfb6 100644 --- a/src/libcharon/encoding/payloads/payload.h +++ b/src/libcharon/encoding/payloads/payload.h @@ -100,7 +100,7 @@ enum payload_type_t { /** * Notification payload. */ - NOTIFICATION_V1 = 11, + NOTIFY_V1 = 11, /** * Delete payload. diff --git a/src/libcharon/encoding/payloads/proposal_substructure.c b/src/libcharon/encoding/payloads/proposal_substructure.c index aa3f0674f..20f4e223d 100644 --- a/src/libcharon/encoding/payloads/proposal_substructure.c +++ b/src/libcharon/encoding/payloads/proposal_substructure.c @@ -780,10 +780,10 @@ static void set_from_proposal_v1_ike(private_proposal_substructure_t *this, } enumerator->destroy(enumerator); - /* TODO-IKEv1: Add lifetime, non-fixed auth-method and other attributes */ + /* TODO-IKEv1: Add lifetime, non-fixed auth-method and other attributes transform->add_transform_attribute(transform, transform_attribute_create_value(TRANSFORM_ATTRIBUTE_V1, - TATTR_PH1_AUTH_METHOD, IKEV1_AUTH_PSK)); + TATTR_PH1_AUTH_METHOD, IKEV1_AUTH_PSK));*/ add_transform_substructure(this, transform); } diff --git a/src/libcharon/sa/tasks/child_rekey.c b/src/libcharon/sa/tasks/child_rekey.c index 76d185590..bcdf093b8 100644 --- a/src/libcharon/sa/tasks/child_rekey.c +++ b/src/libcharon/sa/tasks/child_rekey.c @@ -153,8 +153,8 @@ METHOD(task_t, build_i, status_t, config = this->child_sa->get_config(this->child_sa); /* we just need the rekey notify ... */ - notify = notify_payload_create_from_protocol_and_type(this->protocol, - REKEY_SA); + notify = notify_payload_create_from_protocol_and_type(NOTIFY, + this->protocol, REKEY_SA); notify->set_spi(notify, this->spi); message->add_payload(message, (payload_t*)notify); @@ -462,7 +462,7 @@ child_rekey_t *child_rekey_create(ike_sa_t *ike_sa, protocol_id_t protocol, .protocol = protocol, .spi = spi, ); - + if (protocol != PROTO_NONE) { this->public.task.build = _build_i; diff --git a/src/libcharon/sa/tasks/ike_natd.c b/src/libcharon/sa/tasks/ike_natd.c index f06a518fa..6b658f8b1 100644 --- a/src/libcharon/sa/tasks/ike_natd.c +++ b/src/libcharon/sa/tasks/ike_natd.c @@ -152,7 +152,7 @@ static notify_payload_t *build_natd_payload(private_ike_natd_t *this, { hash = generate_natd_hash(this, ike_sa_id, host); } - notify = notify_payload_create(); + notify = notify_payload_create(NOTIFY); notify->set_notify_type(notify, type); notify->set_notification_data(notify, hash); chunk_free(&hash); |