IKEv1: Added basic support for INFORMATIONAL exchange types, and for NOTIFY_V1 messages in the 3rd message in quick_mode.

1 files changed, 13 insertions, 9 deletions

diff --git a/src/libcharon/encoding/message.c b/src/libcharon/encoding/message.c
index b63264bf9..0a808ac02 100644
--- a/src/libcharon/encoding/message.c
+++ b/src/libcharon/encoding/message.c
@@ -574,6 +574,7 @@ static payload_order_t aggressive_r_order[] = {
  */
 static payload_rule_t informational_i_rules_v1[] = {
 /*	payload type				min	max						encr	suff */
+	{NOTIFY_V1,					0,	MAX_NOTIFY_PAYLOADS,	FALSE,	FALSE},
 	{NOTIFY_V1,					0,	MAX_NOTIFY_PAYLOADS,	TRUE,	FALSE},
 	{DELETE_V1,					0,	MAX_DELETE_PAYLOADS,	TRUE,	FALSE},
 	{VENDOR_ID_V1,				0,	MAX_VID_PAYLOADS,		TRUE,	FALSE},
@@ -1946,22 +1947,25 @@ METHOD(message_t, parse_body, status_t,
 		{
 			hash_payload_t *hash_payload;
 			chunk_t other_hash;
-			if (this->first_payload != HASH_V1)
+			if ((this->first_payload != HASH_V1) && (this->public.get_exchange_type(&this->public) != INFORMATIONAL_V1))
 			{
 				DBG1(DBG_ENC, "expected HASH payload as first payload");
 				chunk_free(&hash);
 				return VERIFY_ERROR;
 			}
-			hash_payload = (hash_payload_t*)get_payload(this, HASH_V1);
-			other_hash = hash_payload->get_hash(hash_payload);
-			if (!chunk_equals(hash, other_hash))
+			if (this->first_payload == HASH_V1)
 			{
-				DBG1(DBG_ENC, "our hash does not match received %B",
-					 &other_hash);
-				chunk_free(&hash);
-				return FAILED;
+				hash_payload = (hash_payload_t*)get_payload(this, HASH_V1);
+				other_hash = hash_payload->get_hash(hash_payload);
+				if (!chunk_equals(hash, other_hash))
+				{
+					DBG1(DBG_ENC, "our hash does not match received %B",
+						 &other_hash);
+					chunk_free(&hash);
+					return FAILED;
+				}
+				DBG2(DBG_ENC, "verified IKEv1 message with hash %B", &hash);
 			}
-			DBG2(DBG_ENC, "verified IKEv1 message with hash %B", &hash);
 			chunk_free(&hash);
 		}
 	}