- fixed message rule

- decryption attempt
author: Martin Willi <martin@strongswan.org> 2005-11-30 08:46:56 +0000
committer: Martin Willi <martin@strongswan.org> 2005-11-30 08:46:56 +0000
commit: 9b8f174db4ac03700aa185338709846d9f6f9cc8 (patch)
tree: 72ab20b63f859d44e533a8c42eed22865fb8d2f6 /Source
parent: d440fe6d0bf4cbe34ef69f3f4245ec2c685e6fde (diff)
download: strongswan-9b8f174db4ac03700aa185338709846d9f6f9cc8.tar.bz2
strongswan-9b8f174db4ac03700aa185338709846d9f6f9cc8.tar.xz
2 files changed, 125 insertions, 3 deletions
diff --git a/Source/charon/encoding/message.c b/Source/charon/encoding/message.c
index e7b773eec..b06850b23 100644
--- a/Source/charon/encoding/message.c
+++ b/Source/charon/encoding/message.c
@@ -153,8 +153,8 @@ static supported_payload_entry_t supported_ike_auth_r_payloads[] =
 static message_rule_t message_rules[] = {
 	{IKE_SA_INIT,TRUE,FALSE,(sizeof(supported_ike_sa_init_i_payloads)/sizeof(supported_payload_entry_t)),supported_ike_sa_init_i_payloads},
 	{IKE_SA_INIT,FALSE,FALSE,(sizeof(supported_ike_sa_init_r_payloads)/sizeof(supported_payload_entry_t)),supported_ike_sa_init_r_payloads},
-	{IKE_AUTH,TRUE,FALSE,(sizeof(supported_ike_auth_i_payloads)/sizeof(supported_payload_entry_t)),supported_ike_auth_i_payloads},
-	{IKE_AUTH,FALSE,FALSE,(sizeof(supported_ike_auth_r_payloads)/sizeof(supported_payload_entry_t)),supported_ike_auth_r_payloads}
+	{IKE_AUTH,TRUE,TRUE,(sizeof(supported_ike_auth_i_payloads)/sizeof(supported_payload_entry_t)),supported_ike_auth_i_payloads},
+	{IKE_AUTH,FALSE,TRUE,(sizeof(supported_ike_auth_r_payloads)/sizeof(supported_payload_entry_t)),supported_ike_auth_r_payloads}
 };
 
 typedef struct payload_entry_t payload_entry_t;
@@ -869,7 +869,9 @@ static status_t decrypt_payloads (private_message_t *this,crypter_t *crypter, si
 		if (payload_entry->encrypted != current_payload_was_encrypted)
 		{
 			/* payload type not supported */
-			this->logger->log(this->logger, ERROR | MORE, "Payload type %s should be %s!",(payload_entry->encrypted) ? "encrypted": "not encrypted");
+			this->logger->log(this->logger, ERROR | MORE, "Payload type %s should be %s!", 
+								mapping_find(payload_type_m,current_payload->get_type(current_payload)),
+								(payload_entry->encrypted) ? "encrypted": "not encrypted");
 			iterator->destroy(iterator);
 			return status;
 		}
diff --git a/Source/charon/sa/states/ike_sa_init_responded.c b/Source/charon/sa/states/ike_sa_init_responded.c
index 8725a001a..34bc1dbda 100644
--- a/Source/charon/sa/states/ike_sa_init_responded.c
+++ b/Source/charon/sa/states/ike_sa_init_responded.c
@@ -23,6 +23,8 @@
 #include "ike_sa_init_responded.h"
 
 #include <utils/allocator.h>
+#include <transforms/signers/signer.h>
+#include <transforms/crypters/crypter.h>
 
 
 typedef struct private_ike_sa_init_responded_t private_ike_sa_init_responded_t;
@@ -73,6 +75,124 @@ struct private_ike_sa_init_responded_t {
  */
 static status_t process_message(private_ike_sa_init_responded_t *this, message_t *message)
 {
+	status_t status;
+	signer_t *signer;
+	crypter_t *crypter;
+	iterator_t *payloads;
+	exchange_type_t exchange_type;
+	
+
+	exchange_type = message->get_exchange_type(message);
+	if (exchange_type != IKE_AUTH)
+	{
+		this->logger->log(this->logger, ERROR | MORE, "Message of type %s not supported in state ike_sa_init_responded",
+							mapping_find(exchange_type_m,exchange_type));
+		return FAILED;
+	}
+	
+	if (!message->get_request(message))
+	{
+		this->logger->log(this->logger, ERROR | MORE, "Only requests of type IKE_AUTH supported in state ike_sa_init_responded");
+		return FAILED;
+	}
+	
+	
+	/* get signer for verification and crypter for decryption */
+	signer = this->ike_sa->get_signer_initiator(this->ike_sa);
+	crypter = this->ike_sa->get_crypter_initiator(this->ike_sa);
+	
+	/* parse incoming message */
+	status = message->parse_body(message, crypter, signer);
+	if (status != SUCCESS)
+	{
+		this->logger->log(this->logger, ERROR | MORE, "Could not parse body of request message");
+		return status;
+	}
+	
+	/* iterate over incoming payloads. We can be sure, the message contains only accepted payloads! */
+	payloads = message->get_payload_iterator(message);
+	
+	while (payloads->has_next(payloads))
+	{
+		payload_t *payload;
+		
+		/* get current payload */
+		payloads->current(payloads, (void**)&payload);
+		
+		this->logger->log(this->logger, CONTROL|MORE, "Processing payload of type %s", mapping_find(payload_type_m, payload->get_type(payload)));
+		switch (payload->get_type(payload))
+		{
+//			case SECURITY_ASSOCIATION:
+//			{
+//				sa_payload_t *sa_payload = (sa_payload_t*)payload;
+//				iterator_t *suggested_proposals, *accepted_proposals;
+//				proposal_substructure_t *accepted_proposal;
+//				
+//				accepted_proposals = this->proposals->create_iterator(this->proposals, FALSE);
+//				
+//				/* get the list of suggested proposals */ 
+//				suggested_proposals = sa_payload->create_proposal_substructure_iterator(sa_payload, TRUE);
+//				
+//				/* now let the configuration-manager select a subset of the proposals */
+//				status = charon->configuration_manager->select_proposals_for_host(charon->configuration_manager,
+//									this->ike_sa->get_other_host(this->ike_sa), suggested_proposals, accepted_proposals);
+//				if (status != SUCCESS)
+//				{
+//					this->logger->log(this->logger, CONTROL | MORE, "No proposal of suggested proposals selected");
+//					suggested_proposals->destroy(suggested_proposals);
+//					accepted_proposals->destroy(accepted_proposals);
+//					payloads->destroy(payloads);
+//					return status;
+//				}
+//				
+//				/* iterators are not needed anymore */			
+//				suggested_proposals->destroy(suggested_proposals);
+//				
+//				/* let the ike_sa create their own transforms from proposal informations */
+//				accepted_proposals->reset(accepted_proposals);
+//				/* TODO check for true*/
+//				accepted_proposals->has_next(accepted_proposals);
+//				status = accepted_proposals->current(accepted_proposals,(void **)&accepted_proposal);
+//				if (status != SUCCESS)
+//				{
+//					this->logger->log(this->logger, ERROR | MORE, "Accepted proposals not supported?!");
+//					accepted_proposals->destroy(accepted_proposals);
+//					payloads->destroy(payloads);
+//					return status;
+//				}
+//				
+//				status = this->ike_sa->create_transforms_from_proposal(this->ike_sa,accepted_proposal);	
+//				accepted_proposals->destroy(accepted_proposals);
+//				if (status != SUCCESS)
+//				{
+//					this->logger->log(this->logger, ERROR | MORE, "Transform objects could not be created from selected proposal");
+//					payloads->destroy(payloads);
+//					return status;
+//				}
+//				
+//				this->logger->log(this->logger, CONTROL | MORE, "SA Payload processed");
+//				/* ok, we have what we need for sa_payload (proposals are stored in this->proposals)*/
+//				break;
+//			}
+	
+			default:
+			{
+				this->logger->log(this->logger, ERROR | MORE, "Payload type not supported!");
+				payloads->destroy(payloads);
+				return NOT_SUPPORTED;
+			}
+		}
+	}
+	/* iterator can be destroyed */
+	payloads->destroy(payloads);
+	
+	
+	
+	this->logger->log(this->logger, CONTROL | MORE, "Request successfully handled. Going to create reply.");
+
+	this->logger->log(this->logger, CONTROL | MOST, "Going to create nonce.");	
+	
+	
 	return SUCCESS;
 }
author	Martin Willi <martin@strongswan.org>	2005-11-30 08:46:56 +0000
committer	Martin Willi <martin@strongswan.org>	2005-11-30 08:46:56 +0000
commit	9b8f174db4ac03700aa185338709846d9f6f9cc8 (patch)
tree	72ab20b63f859d44e533a8c42eed22865fb8d2f6 /Source
parent	d440fe6d0bf4cbe34ef69f3f4245ec2c685e6fde (diff)
download	strongswan-9b8f174db4ac03700aa185338709846d9f6f9cc8.tar.bz2 strongswan-9b8f174db4ac03700aa185338709846d9f6f9cc8.tar.xz