aboutsummaryrefslogtreecommitdiffstats
path: root/Source/charon/encoding/payloads
diff options
context:
space:
mode:
authorMartin Willi <martin@strongswan.org>2006-02-14 14:52:00 +0000
committerMartin Willi <martin@strongswan.org>2006-02-14 14:52:00 +0000
commitce461bbd13c5ea6a94ba0b34cbb4d1be8159b67e (patch)
treed3ba1aa2e97e7aeb7b24163d4b8671abbeb9a7c9 /Source/charon/encoding/payloads
parent409d010131f14e551e0645e9b88ad7621d08b781 (diff)
downloadstrongswan-ce461bbd13c5ea6a94ba0b34cbb4d1be8159b67e.tar.bz2
strongswan-ce461bbd13c5ea6a94ba0b34cbb4d1be8159b67e.tar.xz
- refactored ike proposal
- uses now proposal_t, wich is also used by child proposals - ike key derivation refactored - crypter_t api has get_key_size now - some other improvements here and there
Diffstat (limited to 'Source/charon/encoding/payloads')
-rw-r--r--Source/charon/encoding/payloads/notify_payload.c16
-rw-r--r--Source/charon/encoding/payloads/proposal_substructure.c8
-rw-r--r--Source/charon/encoding/payloads/proposal_substructure.h8
-rw-r--r--Source/charon/encoding/payloads/sa_payload.c208
-rw-r--r--Source/charon/encoding/payloads/sa_payload.h53
-rw-r--r--Source/charon/encoding/payloads/transform_substructure.h2
6 files changed, 61 insertions, 234 deletions
diff --git a/Source/charon/encoding/payloads/notify_payload.c b/Source/charon/encoding/payloads/notify_payload.c
index dccc9d169..ee4b44e9e 100644
--- a/Source/charon/encoding/payloads/notify_payload.c
+++ b/Source/charon/encoding/payloads/notify_payload.c
@@ -180,8 +180,22 @@ static status_t verify(private_notify_payload_t *this)
return FAILED;
}
- /* notify message types and data is not getting checked in here */
+ /* TODO: Check all kinds of notify */
+ if (this->notify_message_type == INVALID_KE_PAYLOAD)
+ {
+ /* check notification data */
+ diffie_hellman_group_t dh_group;
+ if (this->notification_data.len != 2)
+ {
+ return FAILED;
+ }
+ dh_group = ntohs(*((u_int16_t*)this->notification_data.ptr));
+ if (dh_group < MODP_1024_BIT || dh_group > MODP_8192_BIT)
+ {
+ return FAILED;
+ }
+ }
return SUCCESS;
}
diff --git a/Source/charon/encoding/payloads/proposal_substructure.c b/Source/charon/encoding/payloads/proposal_substructure.c
index a2ba15b9e..2cf96fbb6 100644
--- a/Source/charon/encoding/payloads/proposal_substructure.c
+++ b/Source/charon/encoding/payloads/proposal_substructure.c
@@ -406,9 +406,9 @@ static size_t get_spi_size (private_proposal_substructure_t *this)
}
/**
- * Implementation of proposal_substructure_t.add_to_child_proposal.
+ * Implementation of proposal_substructure_t.add_to_proposal.
*/
-void add_to_child_proposal(private_proposal_substructure_t *this, child_proposal_t *proposal)
+void add_to_proposal(private_proposal_substructure_t *this, proposal_t *proposal)
{
iterator_t *iterator = this->transforms->create_iterator(this->transforms, TRUE);
@@ -525,7 +525,7 @@ proposal_substructure_t *proposal_substructure_create()
this->public.get_protocol_id = (u_int8_t (*) (proposal_substructure_t *)) get_protocol_id;
this->public.get_info_for_transform_type = (status_t (*) (proposal_substructure_t *,transform_type_t,u_int16_t *, u_int16_t *))get_info_for_transform_type;
this->public.set_is_last_proposal = (void (*) (proposal_substructure_t *,bool)) set_is_last_proposal;
- this->public.add_to_child_proposal = (void (*) (proposal_substructure_t*,child_proposal_t*))add_to_child_proposal;
+ this->public.add_to_proposal = (void (*) (proposal_substructure_t*,proposal_t*))add_to_proposal;
this->public.set_spi = (void (*) (proposal_substructure_t *,chunk_t))set_spi;
this->public.get_spi = (chunk_t (*) (proposal_substructure_t *)) get_spi;
this->public.get_transform_count = (size_t (*) (proposal_substructure_t *)) get_transform_count;
@@ -554,7 +554,7 @@ proposal_substructure_t *proposal_substructure_create()
/*
* Described in header.
*/
-proposal_substructure_t *proposal_substructure_create_from_child_proposal(child_proposal_t *proposal, protocol_id_t proto)
+proposal_substructure_t *proposal_substructure_create_from_proposal(proposal_t *proposal, protocol_id_t proto)
{
private_proposal_substructure_t *this = (private_proposal_substructure_t*)proposal_substructure_create();
iterator_t *iterator;
diff --git a/Source/charon/encoding/payloads/proposal_substructure.h b/Source/charon/encoding/payloads/proposal_substructure.h
index 0247584bb..2270a525b 100644
--- a/Source/charon/encoding/payloads/proposal_substructure.h
+++ b/Source/charon/encoding/payloads/proposal_substructure.h
@@ -26,7 +26,7 @@
#include <types.h>
#include <encoding/payloads/payload.h>
#include <encoding/payloads/transform_substructure.h>
-#include <config/child_proposal.h>
+#include <config/proposal.h>
#include <utils/linked_list.h>
@@ -173,7 +173,7 @@ struct proposal_substructure_t {
*/
void (*set_spi) (proposal_substructure_t *this, chunk_t spi);
- void (*add_to_child_proposal) (proposal_substructure_t *this, child_proposal_t *proposal);
+ void (*add_to_proposal) (proposal_substructure_t *this, proposal_t *proposal);
/**
* @brief Clones an proposal_substructure_t object.
@@ -201,7 +201,7 @@ struct proposal_substructure_t {
proposal_substructure_t *proposal_substructure_create();
/**
- * @brief Creates a proposal substructure from a child_proposal.
+ * @brief Creates a proposal substructure from a proposal.
*
* Since a child proposal may contain data for both AH and ESP,
* the protocol must be specified. If the proposal does not contain
@@ -215,7 +215,7 @@ proposal_substructure_t *proposal_substructure_create();
*
* @ingroup payloads
*/
-proposal_substructure_t *proposal_substructure_create_from_child_proposal(child_proposal_t *proposal, protocol_id_t proto);
+proposal_substructure_t *proposal_substructure_create_from_proposal(proposal_t *proposal, protocol_id_t proto);
#endif /*PROPOSAL_SUBSTRUCTURE_H_*/
diff --git a/Source/charon/encoding/payloads/sa_payload.c b/Source/charon/encoding/payloads/sa_payload.c
index 90f8698f8..3a40d41b2 100644
--- a/Source/charon/encoding/payloads/sa_payload.c
+++ b/Source/charon/encoding/payloads/sa_payload.c
@@ -257,9 +257,9 @@ static void add_proposal_substructure (private_sa_payload_t *this,proposal_subst
}
/**
- * Implementation of sa_payload_t.add_child_proposal.
+ * Implementation of sa_payload_t.add_proposal.
*/
-static void add_child_proposal(private_sa_payload_t *this, child_proposal_t *proposal)
+static void add_proposal(private_sa_payload_t *this, proposal_t *proposal)
{
proposal_substructure_t *substructure;
protocol_id_t proto[2];
@@ -271,161 +271,26 @@ static void add_child_proposal(private_sa_payload_t *this, child_proposal_t *pro
{
if (proto[i] != UNDEFINED_PROTOCOL_ID)
{
- substructure = proposal_substructure_create_from_child_proposal(proposal, proto[i]);
+ substructure = proposal_substructure_create_from_proposal(proposal, proto[i]);
add_proposal_substructure(this, substructure);
}
}
}
-
/**
- * Implementation of sa_payload_t.get_ike_proposals.
+ * Implementation of sa_payload_t.get_proposals.
*/
-static status_t get_ike_proposals (private_sa_payload_t *this,ike_proposal_t ** proposals, size_t *proposal_count)
-{
- int found_ike_proposals = 0;
- int current_proposal_number = 0;
- iterator_t *iterator;
- ike_proposal_t *tmp_proposals;
-
- iterator = this->proposals->create_iterator(this->proposals,TRUE);
-
- /* first find out the number of ike proposals and check their number of transforms and
- * if the SPI is empty!*/
- while (iterator->has_next(iterator))
- {
- proposal_substructure_t *current_proposal;
- iterator->current(iterator,(void **)&(current_proposal));
- if (current_proposal->get_protocol_id(current_proposal) == IKE)
- {
- /* a ike proposal consists of an empty spi*/
- if (current_proposal->get_spi_size(current_proposal) != 0)
- {
- iterator->destroy(iterator);
- return FAILED;
- }
-
- found_ike_proposals++;
- }
- }
- iterator->reset(iterator);
-
- if (found_ike_proposals == 0)
- {
- iterator->destroy(iterator);
- return NOT_FOUND;
- }
-
- /* allocate memory to hold each proposal as ike_proposal_t */
-
- tmp_proposals = allocator_alloc(found_ike_proposals * sizeof(ike_proposal_t));
-
- /* create from each proposal_substructure a ike_proposal_t data area*/
- while (iterator->has_next(iterator))
- {
- proposal_substructure_t *current_proposal;
- iterator->current(iterator,(void **)&(current_proposal));
- if (current_proposal->get_protocol_id(current_proposal) == IKE)
- {
- bool encryption_algorithm_found = FALSE;
- bool integrity_algorithm_found = FALSE;
- bool pseudo_random_function_found = FALSE;
- bool diffie_hellman_group_found = FALSE;
- status_t status;
- iterator_t *transforms;
-
- transforms = current_proposal->create_transform_substructure_iterator(current_proposal,TRUE);
- while (transforms->has_next(transforms))
- {
- transform_substructure_t *current_transform;
- transforms->current(transforms,(void **)&(current_transform));
-
- switch (current_transform->get_transform_type(current_transform))
- {
- case ENCRYPTION_ALGORITHM:
- {
- tmp_proposals[current_proposal_number].encryption_algorithm = current_transform->get_transform_id(current_transform);
- status = current_transform->get_key_length(current_transform,&(tmp_proposals[current_proposal_number].encryption_algorithm_key_length));
- if (status == SUCCESS)
- {
- encryption_algorithm_found = TRUE;
- }
- break;
- }
- case INTEGRITY_ALGORITHM:
- {
- tmp_proposals[current_proposal_number].integrity_algorithm = current_transform->get_transform_id(current_transform);
- status = current_transform->get_key_length(current_transform,&(tmp_proposals[current_proposal_number].integrity_algorithm_key_length));
- if (status == SUCCESS)
- {
- integrity_algorithm_found = TRUE;
- }
- break;
- }
- case PSEUDO_RANDOM_FUNCTION:
- {
- tmp_proposals[current_proposal_number].pseudo_random_function = current_transform->get_transform_id(current_transform);
- status = current_transform->get_key_length(current_transform,&(tmp_proposals[current_proposal_number].pseudo_random_function_key_length));
- if (status == SUCCESS)
- {
- pseudo_random_function_found = TRUE;
- }
- break;
- }
- case DIFFIE_HELLMAN_GROUP:
- {
- tmp_proposals[current_proposal_number].diffie_hellman_group = current_transform->get_transform_id(current_transform);
- diffie_hellman_group_found = TRUE;
- break;
- }
- default:
- {
- /* not a transform of an ike proposal. Break here */
- break;
- }
- }
-
- }
-
- transforms->destroy(transforms);
-
- if ((!encryption_algorithm_found) ||
- (!integrity_algorithm_found) ||
- (!pseudo_random_function_found) ||
- (!diffie_hellman_group_found))
- {
- /* one of needed transforms could not be found */
- iterator->reset(iterator);
- allocator_free(tmp_proposals);
- return FAILED;
- }
-
- current_proposal_number++;
- }
- }
-
- iterator->destroy(iterator);
-
- *proposals = tmp_proposals;
- *proposal_count = found_ike_proposals;
-
- return SUCCESS;
-}
-
-/**
- * Implementation of sa_payload_t.get_child_proposals.
- */
-static linked_list_t *get_child_proposals(private_sa_payload_t *this)
+static linked_list_t *get_proposals(private_sa_payload_t *this)
{
int proposal_struct_number = 0;
iterator_t *iterator;
- child_proposal_t *proposal;
+ proposal_t *proposal;
linked_list_t *proposal_list;
/* this list will hold our proposals */
proposal_list = linked_list_create();
- /* iterate over structures, one OR MORE structures will result in a child_proposal */
+ /* iterate over structures, one OR MORE structures will result in a proposal */
iterator = this->proposals->create_iterator(this->proposals,TRUE);
while (iterator->has_next(iterator))
{
@@ -436,11 +301,11 @@ static linked_list_t *get_child_proposals(private_sa_payload_t *this)
{
/* here starts a new proposal, create a new one and add it to the list */
proposal_struct_number = proposal_struct->get_proposal_number(proposal_struct);
- proposal = child_proposal_create(proposal_struct_number);
+ proposal = proposal_create(proposal_struct_number);
proposal_list->insert_last(proposal_list, proposal);
}
/* proposal_substructure_t does the dirty work and builds up the proposal */
- proposal_struct->add_to_child_proposal(proposal_struct, proposal);
+ proposal_struct->add_to_proposal(proposal_struct, proposal);
}
iterator->destroy(iterator);
return proposal_list;
@@ -484,8 +349,7 @@ sa_payload_t *sa_payload_create()
/* public functions */
this->public.create_proposal_substructure_iterator = (iterator_t* (*) (sa_payload_t *,bool)) create_proposal_substructure_iterator;
this->public.add_proposal_substructure = (void (*) (sa_payload_t *,proposal_substructure_t *)) add_proposal_substructure;
- this->public.get_ike_proposals = (status_t (*) (sa_payload_t *, ike_proposal_t **, size_t *)) get_ike_proposals;
- this->public.get_child_proposals = (linked_list_t* (*) (sa_payload_t *)) get_child_proposals;
+ this->public.get_proposals = (linked_list_t* (*) (sa_payload_t *)) get_proposals;
this->public.destroy = (void (*) (sa_payload_t *)) destroy;
/* private functions */
@@ -503,52 +367,10 @@ sa_payload_t *sa_payload_create()
/*
* Described in header.
*/
-sa_payload_t *sa_payload_create_from_ike_proposals(ike_proposal_t *proposals, size_t proposal_count)
-{
- int i;
- sa_payload_t *sa_payload= sa_payload_create();
-
- for (i = 0; i < proposal_count; i++)
- {
- proposal_substructure_t *proposal_substructure;
- transform_substructure_t *encryption_algorithm;
- transform_substructure_t *integrity_algorithm;
- transform_substructure_t *pseudo_random_function;
- transform_substructure_t *diffie_hellman_group;
-
- /* create proposal substructure */
- proposal_substructure = proposal_substructure_create();
- proposal_substructure->set_protocol_id(proposal_substructure,IKE);
- proposal_substructure->set_proposal_number(proposal_substructure,(i + 1));
-
-
- /* create transform substructures to hold each specific transform for an ike proposal */
- encryption_algorithm = transform_substructure_create_type(ENCRYPTION_ALGORITHM,proposals[i].encryption_algorithm,proposals[i].encryption_algorithm_key_length);
- proposal_substructure->add_transform_substructure(proposal_substructure,encryption_algorithm);
-
- pseudo_random_function = transform_substructure_create_type(PSEUDO_RANDOM_FUNCTION,proposals[i].pseudo_random_function,proposals[i].pseudo_random_function_key_length);
- proposal_substructure->add_transform_substructure(proposal_substructure,pseudo_random_function);
-
- integrity_algorithm = transform_substructure_create_type(INTEGRITY_ALGORITHM,proposals[i].integrity_algorithm,proposals[i].integrity_algorithm_key_length);
- proposal_substructure->add_transform_substructure(proposal_substructure,integrity_algorithm);
-
- diffie_hellman_group = transform_substructure_create_type(DIFFIE_HELLMAN_GROUP,proposals[i].diffie_hellman_group,0);
- proposal_substructure->add_transform_substructure(proposal_substructure,diffie_hellman_group);
-
- /* add proposal to sa payload */
- sa_payload->add_proposal_substructure(sa_payload,proposal_substructure);
- }
-
- return sa_payload;
-}
-
-/*
- * Described in header.
- */
-sa_payload_t *sa_payload_create_from_child_proposal_list(linked_list_t *proposals)
+sa_payload_t *sa_payload_create_from_proposal_list(linked_list_t *proposals)
{
iterator_t *iterator;
- child_proposal_t *proposal;
+ proposal_t *proposal;
sa_payload_t *sa_payload = sa_payload_create();
/* add every payload from the list */
@@ -556,7 +378,7 @@ sa_payload_t *sa_payload_create_from_child_proposal_list(linked_list_t *proposal
while (iterator->has_next(iterator))
{
iterator->current(iterator, (void**)&proposal);
- add_child_proposal((private_sa_payload_t*)sa_payload, proposal);
+ add_proposal((private_sa_payload_t*)sa_payload, proposal);
}
iterator->destroy(iterator);
@@ -566,11 +388,11 @@ sa_payload_t *sa_payload_create_from_child_proposal_list(linked_list_t *proposal
/*
* Described in header.
*/
-sa_payload_t *sa_payload_create_from_child_proposal(child_proposal_t *proposal)
+sa_payload_t *sa_payload_create_from_proposal(proposal_t *proposal)
{
sa_payload_t *sa_payload = sa_payload_create();
- add_child_proposal((private_sa_payload_t*)sa_payload, proposal);
+ add_proposal((private_sa_payload_t*)sa_payload, proposal);
return sa_payload;
}
diff --git a/Source/charon/encoding/payloads/sa_payload.h b/Source/charon/encoding/payloads/sa_payload.h
index 0c54ae689..1f11d516c 100644
--- a/Source/charon/encoding/payloads/sa_payload.h
+++ b/Source/charon/encoding/payloads/sa_payload.h
@@ -54,9 +54,9 @@ typedef struct sa_payload_t sa_payload_t;
* @b Constructors:
* - sa_payload_create()
* - sa_payload_create_from_ike_proposals()
- * - sa_payload_create_from_child_proposal()
+ * - sa_payload_create_from_proposal()
*
- * @todo Add support of algorithms without specified keylength in get_child_proposals and get_ike_proposals.
+ * @todo Add support of algorithms without specified keylength in get_proposals and get_ike_proposals.
*
* @ingroup payloads
*/
@@ -91,36 +91,20 @@ struct sa_payload_t {
* @param proposal proposal_substructure_t object to add
*/
void (*add_proposal_substructure) (sa_payload_t *this,proposal_substructure_t *proposal);
-
- /**
- * @brief Creates an array of ike_proposal_t's in this SA payload.
- *
- * An IKE proposal consist of transform of type ENCRYPTION_ALGORITHM,
- * PSEUDO_RANDOM_FUNCTION, INTEGRITY_ALGORITHM and DIFFIE_HELLMAN_GROUP
- *
- * @param proposals the pointer to the first entry of ike_proposal_t's is set
- * @param proposal_count the number of found proposals is written at this location
- * @return
- * - SUCCESS if an IKE proposal could be found
- * - NOT_FOUND if no IKE proposal could be found
- * - FAILED if a proposal does not contain all needed transforms
- * for a IKE_PROPOSAL
- */
- status_t (*get_ike_proposals) (sa_payload_t *this, ike_proposal_t **proposals, size_t *proposal_count);
-
+
/**
- * @brief Creates an array of child_proposal_t's in this SA payload.
+ * @brief Gets the proposals in this payload as a list.
*
- * @return a list containing child_proposal_t s
+ * @return a list containing proposal_t s
*/
- linked_list_t *(*get_child_proposals) (sa_payload_t *this);
+ linked_list_t *(*get_proposals) (sa_payload_t *this);
/**
* @brief Add a child proposal (AH/ESP) to the payload.
*
* @param proposal child proposal to add to the payload
*/
- void (*add_child_proposal) (sa_payload_t *this, child_proposal_t *proposal);
+ void (*add_proposal) (sa_payload_t *this, proposal_t *proposal);
/**
* @brief Destroys an sa_payload_t object.
@@ -140,19 +124,26 @@ struct sa_payload_t {
sa_payload_t *sa_payload_create();
/**
- * @brief Creates a sa_payload_t object from array of ike_proposal_t's.
+ * @brief Creates a sa_payload_t object from a list of proposals.
*
- * @return created sa_payload_t object
- * @param proposals pointer to first proposal in array of type ike_proposal_t
- * @param proposal_count number of ike_proposal_t's in array
+ * @param proposals list of proposals to build the payload from
* @return sa_payload_t object
*
* @ingroup payloads
*/
-sa_payload_t *sa_payload_create_from_ike_proposals(ike_proposal_t *proposals, size_t proposal_count);
+sa_payload_t *sa_payload_create_from_proposal_list(linked_list_t *proposals);
-sa_payload_t *sa_payload_create_from_child_proposal_list(linked_list_t *proposals);
-
-sa_payload_t *sa_payload_create_from_child_proposal(child_proposal_t *proposal);
+/**
+ * @brief Creates a sa_payload_t object from a single proposal.
+ *
+ * This is only for convenience. Use sa_payload_create_from_proposal_list
+ * if you want to add more than one proposal.
+ *
+ * @param proposal proposal from which the payload should be built.
+ * @return sa_payload_t object
+ *
+ * @ingroup payloads
+ */
+sa_payload_t *sa_payload_create_from_proposal(proposal_t *proposal);
#endif /*SA_PAYLOAD_H_*/
diff --git a/Source/charon/encoding/payloads/transform_substructure.h b/Source/charon/encoding/payloads/transform_substructure.h
index 79dd101d0..62def3309 100644
--- a/Source/charon/encoding/payloads/transform_substructure.h
+++ b/Source/charon/encoding/payloads/transform_substructure.h
@@ -32,7 +32,7 @@
#include <transforms/signers/signer.h>
#include <transforms/prfs/prf.h>
#include <transforms/crypters/crypter.h>
-#include <config/child_proposal.h>
+#include <config/proposal.h>
/**
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-18 14:58:15 +0000