diff options
| author | Jan Hutter <jhutter@hsr.ch> | 2005-11-17 12:49:35 +0000 |
|---|---|---|
| committer | Jan Hutter <jhutter@hsr.ch> | 2005-11-17 12:49:35 +0000 |
| commit | e31eb71e1c88a9dd6ae940fa6cec61a9cb5d72c8 (patch) | |
| tree | 5dc7166713c6057eab07ba4410e03cd94080eb13 | |
| parent | 9e64c7e03aad168529852d0d9efa9fbe5eeec6f7 (diff) | |
| download | strongswan-e31eb71e1c88a9dd6ae940fa6cec61a9cb5d72c8.tar.bz2 strongswan-e31eb71e1c88a9dd6ae940fa6cec61a9cb5d72c8.tar.xz | |
- added verify function to all payload types
| -rw-r--r-- | Source/charon/payloads/ike_header.c | 42 | ||||
| -rw-r--r-- | Source/charon/payloads/ke_payload.c | 31 | ||||
| -rw-r--r-- | Source/charon/payloads/nonce_payload.c | 32 | ||||
| -rw-r--r-- | Source/charon/payloads/notify_payload.c | 41 | ||||
| -rw-r--r-- | Source/charon/payloads/payload.h | 10 | ||||
| -rw-r--r-- | Source/charon/payloads/proposal_substructure.c | 49 | ||||
| -rw-r--r-- | Source/charon/payloads/sa_payload.c | 80 | ||||
| -rw-r--r-- | Source/charon/payloads/transform_attribute.c | 30 | ||||
| -rw-r--r-- | Source/charon/payloads/transform_substructure.c | 100 |
9 files changed, 413 insertions, 2 deletions
diff --git a/Source/charon/payloads/ike_header.c b/Source/charon/payloads/ike_header.c index 6f9a16bc9..9141e846d 100644 --- a/Source/charon/payloads/ike_header.c +++ b/Source/charon/payloads/ike_header.c @@ -143,6 +143,47 @@ encoding_rule_t ike_header_encodings[] = { { HEADER_LENGTH, offsetof(private_ike_header_t, length) } }; + +/* 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ! IKE_SA Initiator's SPI ! + ! ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ! IKE_SA Responder's SPI ! + ! ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ! Next Payload ! MjVer ! MnVer ! Exchange Type ! Flags ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ! Message ID ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ! Length ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +*/ + + +/** + * Implements payload_t's verify function. + * See #payload_s.verify for description. + */ +static status_t verify(private_ike_header_t *this) +{ + if ((this->exchange_type < IKE_SA_INIT) || (this->exchange_type > INFORMATIONAL)) + { + /* unsupported exchange type */ + return FAILED; + } + if ((this->initiator_spi == 0) && (this->responder_spi != 0)) + { + /* initiator spi not set */ + return FAILED; + } + + /* verification of version is not done in here */ + + return SUCCESS; +} + /** * Implements payload_t's set_next_type function. * See #payload_s.set_next_type for description. @@ -348,6 +389,7 @@ ike_header_t *ike_header_create() return NULL; } + this->public.payload_interface.verify = (status_t (*) (payload_t *))verify; this->public.payload_interface.get_encoding_rules = get_encoding_rules; this->public.payload_interface.get_length = get_length; this->public.payload_interface.get_next_type = get_next_type; diff --git a/Source/charon/payloads/ke_payload.c b/Source/charon/payloads/ke_payload.c index cfbd536c4..624727a57 100644 --- a/Source/charon/payloads/ke_payload.c +++ b/Source/charon/payloads/ke_payload.c @@ -111,6 +111,36 @@ encoding_rule_t ke_payload_encodings[] = { { KEY_EXCHANGE_DATA, offsetof(private_ke_payload_t, key_exchange_data) } }; +/* + 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ! Next Payload !C! RESERVED ! Payload Length ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ! DH Group # ! RESERVED ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ! ! + ~ Key Exchange Data ~ + ! ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +*/ + +/** + * Implements payload_t's verify function. + * See #payload_s.verify for description. + */ +static status_t verify(private_ke_payload_t *this) +{ + if (this->critical) + { + /* critical bit is set! */ + return FAILED; + } + + /* dh group is not verified in here */ + return SUCCESS; +} + /** * Implements payload_t's and ke_payload_t's destroy function. * See #payload_s.destroy or ke_payload_s.destroy for description. @@ -259,6 +289,7 @@ ke_payload_t *ke_payload_create() return NULL; } /* interface functions */ + this->public.payload_interface.verify = (status_t (*) (payload_t *))verify; this->public.payload_interface.get_encoding_rules = (status_t (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules; this->public.payload_interface.get_length = (size_t (*) (payload_t *)) get_length; this->public.payload_interface.get_next_type = (payload_type_t (*) (payload_t *)) get_next_type; diff --git a/Source/charon/payloads/nonce_payload.c b/Source/charon/payloads/nonce_payload.c index 296c6cfb6..36a8defed 100644 --- a/Source/charon/payloads/nonce_payload.c +++ b/Source/charon/payloads/nonce_payload.c @@ -100,6 +100,37 @@ encoding_rule_t nonce_payload_encodings[] = { { NONCE_DATA, offsetof(private_nonce_payload_t, nonce) } }; +/* 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ! Next Payload !C! RESERVED ! Payload Length ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ! ! + ~ Nonce Data ~ + ! ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +*/ + +/** + * Implements payload_t's verify function. + * See #payload_s.verify for description. + */ +static status_t verify(private_nonce_payload_t *this) +{ + if (this->critical) + { + /* critical bit is set! */ + return FAILED; + } + if ((this->nonce.len < 16) || ((this->nonce.len > 256))) + { + /* nonce length is wrong */ + return FAILED; + } + + return SUCCESS; +} + /** * Implements payload_t's and nonce_payload_t's destroy function. * See #payload_s.destroy or nonce_payload_s.destroy for description. @@ -203,6 +234,7 @@ nonce_payload_t *nonce_payload_create() return NULL; } + this->public.payload_interface.verify = (status_t (*) (payload_t *))verify; this->public.payload_interface.get_encoding_rules = (status_t (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules; this->public.payload_interface.get_length = (size_t (*) (payload_t *)) get_length; this->public.payload_interface.get_next_type = (payload_type_t (*) (payload_t *)) get_next_type; diff --git a/Source/charon/payloads/notify_payload.c b/Source/charon/payloads/notify_payload.c index 3526038d7..1593662a3 100644 --- a/Source/charon/payloads/notify_payload.c +++ b/Source/charon/payloads/notify_payload.c @@ -128,6 +128,46 @@ encoding_rule_t notify_payload_encodings[] = { { NOTIFICATION_DATA, offsetof(private_notify_payload_t, notification_data) } }; +/* + 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ! Next Payload !C! RESERVED ! Payload Length ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ! Protocol ID ! SPI Size ! Notify Message Type ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ! ! + ~ Security Parameter Index (SPI) ~ + ! ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ! ! + ~ Notification Data ~ + ! ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +*/ + +/** + * Implements payload_t's verify function. + * See #payload_s.verify for description. + */ +static status_t verify(private_notify_payload_t *this) +{ + if (this->critical) + { + /* critical bit is set! */ + return FAILED; + } + if (this->protocol_id > 3) + { + /* reserved for future use */ + return FAILED; + } + + /* notify message types and data is not getting checked in here */ + + return SUCCESS; +} + /** * Implements payload_t's and notify_payload_t's destroy function. * See #payload_s.destroy or notify_payload_s.destroy for description. @@ -341,6 +381,7 @@ notify_payload_t *notify_payload_create() return NULL; } /* interface functions */ + this->public.payload_interface.verify = (status_t (*) (payload_t *))verify; this->public.payload_interface.get_encoding_rules = (status_t (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules; this->public.payload_interface.get_length = (size_t (*) (payload_t *)) get_length; this->public.payload_interface.get_next_type = (payload_type_t (*) (payload_t *)) get_next_type; diff --git a/Source/charon/payloads/payload.h b/Source/charon/payloads/payload.h index 84735cb1d..35c0cf45f 100644 --- a/Source/charon/payloads/payload.h +++ b/Source/charon/payloads/payload.h @@ -211,6 +211,16 @@ struct payload_s { * @return length of this payload */ size_t (*get_length) (payload_t *this); + + /** + * @brief Verifies payload structure and makes consistence check + * + * @param this calling object + * @return + * - SUCCESS + * - FAILED if consistence not given + */ + status_t (*verify) (payload_t *this); }; /** diff --git a/Source/charon/payloads/proposal_substructure.c b/Source/charon/payloads/proposal_substructure.c index 8947b7446..32c856744 100644 --- a/Source/charon/payloads/proposal_substructure.c +++ b/Source/charon/payloads/proposal_substructure.c @@ -126,6 +126,49 @@ encoding_rule_t proposal_substructure_encodings[] = { { TRANSFORMS, offsetof(private_proposal_substructure_t, transforms) } }; +/* + 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ! 0 (last) or 2 ! RESERVED ! Proposal Length ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ! Proposal # ! Protocol ID ! SPI Size !# of Transforms! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ~ SPI (variable) ~ + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ! ! + ~ <Transforms> ~ + ! ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +*/ + +/** + * Implements payload_t's verify function. + * See #payload_s.verify for description. + */ +static status_t verify(private_proposal_substructure_t *this) +{ + if ((this->next_payload != NO_PAYLOAD) && (this->next_payload != PROPOSAL_SUBSTRUCTURE)) + { + /* must be 0 or 2 */ + return FAILED; + } + if (this->transforms_count != this->transforms->get_count(this->transforms)) + { + /* must be the same! */ + return FAILED; + } + + if (this->protocol_id > 4) + { + /* reserved are not supported */ + return FAILED; + } + + /* proposal number is checked in SA payload */ + return SUCCESS; +} + /** * Implements payload_t's and proposal_substructure_t's destroy function. * See #payload_s.destroy or proposal_substructure_s.destroy for description. @@ -354,13 +397,17 @@ proposal_substructure_t *proposal_substructure_create() { return NULL; } - + + /* interface functions */ + this->public.payload_interface.verify = (status_t (*) (payload_t *))verify; this->public.payload_interface.get_encoding_rules = (status_t (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules; this->public.payload_interface.get_length = (size_t (*) (payload_t *)) get_length; this->public.payload_interface.get_next_type = (payload_type_t (*) (payload_t *)) get_next_type; this->public.payload_interface.set_next_type = (status_t (*) (payload_t *,payload_type_t)) set_next_type; this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type; this->public.payload_interface.destroy = (status_t (*) (payload_t *))destroy; + + /* public functions */ this->public.create_transform_substructure_iterator = (status_t (*) (proposal_substructure_t *,linked_list_iterator_t **,bool)) create_transform_substructure_iterator; this->public.add_transform_substructure = (status_t (*) (proposal_substructure_t *,transform_substructure_t *)) add_transform_substructure; this->public.set_proposal_number = (status_t (*) (proposal_substructure_t *,u_int8_t))set_proposal_number; diff --git a/Source/charon/payloads/sa_payload.c b/Source/charon/payloads/sa_payload.c index 9d4f95401..f5f2c958f 100644 --- a/Source/charon/payloads/sa_payload.c +++ b/Source/charon/payloads/sa_payload.c @@ -102,6 +102,80 @@ encoding_rule_t sa_payload_encodings[] = { { PROPOSALS, offsetof(private_sa_payload_t, proposals) } }; +/* + 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ! Next Payload !C! RESERVED ! Payload Length ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ! ! + ~ <Proposals> ~ + ! ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +*/ + +/** + * Implements payload_t's verify function. + * See #payload_s.verify for description. + */ +static status_t verify(private_sa_payload_t *this) +{ + int proposal_number = 1; + status_t status; + linked_list_iterator_t *iterator; + bool first = TRUE; + + if (this->critical) + { + /* critical bit set! */ + return FAILED; + } + + /* check proposal numbering */ + status = this->proposals->create_iterator(this->proposals,&iterator,TRUE); + if (status != SUCCESS) + { + return status; + } + + while(iterator->has_next(iterator)) + { + proposal_substructure_t *current_proposal; + status = iterator->current(iterator,(void **)¤t_proposal); + { + break; + } + if (current_proposal->get_proposal_number(current_proposal) > proposal_number) + { + if (first) + { + /* first number must be 1 */ + status = FAILED; + break; + } + + if (current_proposal->get_proposal_number(current_proposal) != (proposal_number + 1)) + { + /* must be only one more then previous proposal */ + status = FAILED; + break; + } + } + else if (current_proposal->get_proposal_number(current_proposal) < proposal_number) + { + iterator->destroy(iterator); + /* must not be smaller then proceeding one */ + status = FAILED; + break; + } + first = FALSE; + } + + iterator->destroy(iterator); + return status; +} + + /** * Implements payload_t's and sa_payload_t's destroy function. * See #payload_s.destroy or sa_payload_s.destroy for description. @@ -234,12 +308,16 @@ sa_payload_t *sa_payload_create() return NULL; } + /* public interface */ + this->public.payload_interface.verify = (status_t (*) (payload_t *))verify; this->public.payload_interface.get_encoding_rules = (status_t (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules; this->public.payload_interface.get_length = (size_t (*) (payload_t *)) get_length; this->public.payload_interface.get_next_type = (payload_type_t (*) (payload_t *)) get_next_type; this->public.payload_interface.set_next_type = (status_t (*) (payload_t *,payload_type_t)) set_next_type; this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type; this->public.payload_interface.destroy = (status_t (*) (payload_t *))destroy; + + /* public functions */ this->public.create_proposal_substructure_iterator = (status_t (*) (sa_payload_t *,linked_list_iterator_t **,bool)) create_proposal_substructure_iterator; this->public.add_proposal_substructure = (status_t (*) (sa_payload_t *,proposal_substructure_t *)) add_proposal_substructure; this->public.destroy = (status_t (*) (sa_payload_t *)) destroy; @@ -248,7 +326,7 @@ sa_payload_t *sa_payload_create() this->compute_length = compute_length; /* set default values of the fields */ - this->critical = SA_PAYLOAD_CRITICAL_FLAG; + this->critical = 1;//SA_PAYLOAD_CRITICAL_FLAG; this->next_payload = NO_PAYLOAD; this->payload_length = SA_PAYLOAD_HEADER_LENGTH; diff --git a/Source/charon/payloads/transform_attribute.c b/Source/charon/payloads/transform_attribute.c index 3b2404817..275f85857 100644 --- a/Source/charon/payloads/transform_attribute.c +++ b/Source/charon/payloads/transform_attribute.c @@ -96,6 +96,32 @@ encoding_rule_t transform_attribute_encodings[] = { { ATTRIBUTE_VALUE, offsetof(private_transform_attribute_t, attribute_value) } }; +/* + 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + !A! Attribute Type ! AF=0 Attribute Length ! + !F! ! AF=1 Attribute Value ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ! AF=0 Attribute Value ! + ! AF=1 Not Transmitted ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +*/ + +/** + * Implements payload_t's verify function. + * See #payload_s.verify for description. + */ +static status_t verify(private_transform_attribute_t *this) +{ + if (this->attribute_type != KEY_LENGTH) + { + return FAILED; + } + + return SUCCESS; +} + /** * Implements payload_t's and transform_attribute_t's destroy function. * See #payload_s.destroy or transform_attribute_s.destroy for description. @@ -277,12 +303,16 @@ transform_attribute_t *transform_attribute_create() return NULL; } + /* payload interface */ + this->public.payload_interface.verify = (status_t (*) (payload_t *))verify; this->public.payload_interface.get_encoding_rules = (status_t (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules; this->public.payload_interface.get_length = (size_t (*) (payload_t *)) get_length; this->public.payload_interface.get_next_type = (payload_type_t (*) (payload_t *)) get_next_type; this->public.payload_interface.set_next_type = (status_t (*) (payload_t *,payload_type_t)) set_next_type; this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type; this->public.payload_interface.destroy = (status_t (*) (payload_t *))destroy; + + /* public functions */ this->public.set_value_chunk = (status_t (*) (transform_attribute_t *,chunk_t)) set_value_chunk; this->public.set_value = (status_t (*) (transform_attribute_t *,u_int16_t)) set_value; this->public.get_value_chunk = (chunk_t (*) (transform_attribute_t *)) get_value_chunk; diff --git a/Source/charon/payloads/transform_substructure.c b/Source/charon/payloads/transform_substructure.c index ec52ec81a..74cb08587 100644 --- a/Source/charon/payloads/transform_substructure.c +++ b/Source/charon/payloads/transform_substructure.c @@ -192,6 +192,102 @@ encoding_rule_t transform_substructure_encodings[] = { { TRANSFORM_ATTRIBUTES, offsetof(private_transform_substructure_t, attributes) } }; +/* + 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ! 0 (last) or 3 ! RESERVED ! Transform Length ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + !Transform Type ! RESERVED ! Transform ID ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ! ! + ~ Transform Attributes ~ + ! ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +*/ + + +/** + * Implements payload_t's verify function. + * See #payload_s.verify for description. + */ +static status_t verify(private_transform_substructure_t *this) +{ + if ((this->next_payload != NO_PAYLOAD) && (this->next_payload != TRANSFORM_SUBSTRUCTURE)) + { + /* must be 0 or 3 */ + return FAILED; + } + + switch (this->transform_type) + { + case ENCRYPTION_ALGORITHM: + { + if ((this->transform_id < ENCR_DES_IV64) || (this->transform_id > ENCR_AES_CTR)) + { + return FAILED; + } + break; + } + case PSEUDO_RANDOM_FUNCTION: + { + if ((this->transform_id < PRF_HMAC_MD5) || (this->transform_id > PRF_AES128_CBC)) + { + return FAILED; + } + break; + } + case INTEGRITIY_ALGORITHM: + { + if ((this->transform_id < AUTH_HMAC_MD5_96) || (this->transform_id > AUTH_AES_XCBC_96)) + { + return FAILED; + } + break; + } + case DIFFIE_HELLMAN_GROUP: + { + switch (this->transform_id) + { + case MODP_768_BIT: + case MODP_1024_BIT: + case MODP_1536_BIT: + case MODP_2048_BIT: + case MODP_3072_BIT: + case MODP_4096_BIT: + case MODP_6144_BIT: + case MODP_8192_BIT: + { + break; + } + default: + { + return FAILED; + } + } + + + break; + } + case EXTENDED_SEQUENCE_NUNBERS: + { + if ((this->transform_id != NO_EXT_SEQ_NUMBERS) && (this->transform_id != EXT_SEQ_NUMBERS)) + { + return FAILED; + } + break; + } + default: + { + /* not a supported transform type! */ + return FAILED; + } + } + + /* proposal number is checked in SA payload */ + return SUCCESS; +} + /** * Implements payload_t's and transform_substructure_t's destroy function. * See #payload_s.destroy or transform_substructure_s.destroy for description. @@ -381,12 +477,16 @@ transform_substructure_t *transform_substructure_create() return NULL; } + /* payload interface */ + this->public.payload_interface.verify = (status_t (*) (payload_t *))verify; this->public.payload_interface.get_encoding_rules = (status_t (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules; this->public.payload_interface.get_length = (size_t (*) (payload_t *)) get_length; this->public.payload_interface.get_next_type = (payload_type_t (*) (payload_t *)) get_next_type; this->public.payload_interface.set_next_type = (status_t (*) (payload_t *,payload_type_t)) set_next_type; this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type; this->public.payload_interface.destroy = (status_t (*) (payload_t *))destroy; + + /* public functions */ this->public.create_transform_attribute_iterator = (status_t (*) (transform_substructure_t *,linked_list_iterator_t **,bool)) create_transform_attribute_iterator; this->public.add_transform_attribute = (status_t (*) (transform_substructure_t *,transform_attribute_t *)) add_transform_attribute; this->public.set_is_last_transform = (status_t (*) (transform_substructure_t *,bool)) set_is_last_transform; |