Added payloads for IKEv1 NAT-Traversal negotiation.

7 files changed, 51 insertions, 16 deletions

diff --git a/src/libcharon/encoding/message.c b/src/libcharon/encoding/message.c
index 6c6004fac..835073a5c 100644
--- a/src/libcharon/encoding/message.c
+++ b/src/libcharon/encoding/message.c
@@ -1412,7 +1412,7 @@ METHOD(message_t, generate, status_t,
 		chunk_t hash = keymat_v1->get_hash_phase2(keymat_v1, &this->public);
 		if (hash.ptr)
 		{	/* insert a HASH payload as first payload */
-			hash_payload_t *hash_payload = hash_payload_create();
+			hash_payload_t *hash_payload = hash_payload_create(HASH_V1);
 			hash_payload->set_hash(hash_payload, hash);
 			this->payloads->insert_first(this->payloads,
 										 (payload_t*)hash_payload);
diff --git a/src/libcharon/encoding/payloads/hash_payload.c b/src/libcharon/encoding/payloads/hash_payload.c
index 9542b1c03..0cf63ba67 100644
--- a/src/libcharon/encoding/payloads/hash_payload.c
+++ b/src/libcharon/encoding/payloads/hash_payload.c
@@ -50,6 +50,11 @@ struct private_hash_payload_t {
 	 * The contained hash value.
 	 */
 	chunk_t hash;
+
+	/**
+	 * either HASH_V1 or NAT_D_V1
+	 */
+	payload_type_t type;
 };
 
 /**
@@ -99,7 +104,7 @@ METHOD(payload_t, get_header_length, int,
 METHOD(payload_t, get_type, payload_type_t,
 	private_hash_payload_t *this)
 {
-	return HASH_V1;
+	return this->type;
 }
 
 METHOD(payload_t, get_next_type, payload_type_t,
@@ -166,6 +171,7 @@ hash_payload_t *hash_payload_create(payload_type_t type)
 		},
 		.next_payload = NO_PAYLOAD,
 		.payload_length = get_header_length(this),
+		.type = type,
 	);
 	return &this->public;
 }
diff --git a/src/libcharon/encoding/payloads/hash_payload.h b/src/libcharon/encoding/payloads/hash_payload.h
index 9f4b6e59b..cfe28460c 100644
--- a/src/libcharon/encoding/payloads/hash_payload.h
+++ b/src/libcharon/encoding/payloads/hash_payload.h
@@ -59,8 +59,9 @@ struct hash_payload_t {
 /**
  * Creates an empty hash_payload_t object.
  *
+ * @param type		either HASH_V1 or NAT_D_V1
  * @return			hash_payload_t object
  */
-hash_payload_t *hash_payload_create();
+hash_payload_t *hash_payload_create(payload_type_t type);
 
 #endif /** HASH_PAYLOAD_H_ @}*/
diff --git a/src/libcharon/encoding/payloads/id_payload.c b/src/libcharon/encoding/payloads/id_payload.c
index 317cbd624..96d713e46 100644
--- a/src/libcharon/encoding/payloads/id_payload.c
+++ b/src/libcharon/encoding/payloads/id_payload.c
@@ -1,9 +1,8 @@
 /*
- * Copyright (C) 2005-2010 Martin Willi
+ * Copyright (C) 2005-2011 Martin Willi
  * Copyright (C) 2010 revosec AG
- * Copyright (C) 2007 Tobias Brunner
+ * Copyright (C) 2007-2011 Tobias Brunner
  * Copyright (C) 2005 Jan Hutter
- *
  * Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -82,7 +81,7 @@ struct private_id_payload_t {
 	u_int16_t port;
 
 	/**
-	 * one of ID_INITIATOR, ID_RESPONDER and IDv1
+	 * one of ID_INITIATOR, ID_RESPONDER, IDv1 and NAT_OA_V1
 	 */
 	payload_type_t type;
 };
@@ -92,9 +91,9 @@ struct private_id_payload_t {
  */
 static encoding_rule_t encodings_v2[] = {
 	/* 1 Byte next payload type, stored in the field next_payload */
-	{ U_INT_8,			offsetof(private_id_payload_t, next_payload) 	},
+	{ U_INT_8,			offsetof(private_id_payload_t, next_payload)	},
 	/* the critical bit */
-	{ FLAG,				offsetof(private_id_payload_t, critical) 		},
+	{ FLAG,				offsetof(private_id_payload_t, critical)		},
 	/* 7 Bit reserved bits */
 	{ RESERVED_BIT,		offsetof(private_id_payload_t, reserved_bit[0])	},
 	{ RESERVED_BIT,		offsetof(private_id_payload_t, reserved_bit[1])	},
@@ -104,7 +103,7 @@ static encoding_rule_t encodings_v2[] = {
 	{ RESERVED_BIT,		offsetof(private_id_payload_t, reserved_bit[5])	},
 	{ RESERVED_BIT,		offsetof(private_id_payload_t, reserved_bit[6])	},
 	/* Length of the whole payload*/
-	{ PAYLOAD_LENGTH,	offsetof(private_id_payload_t, payload_length) 	},
+	{ PAYLOAD_LENGTH,	offsetof(private_id_payload_t, payload_length)	},
 	/* 1 Byte ID type*/
 	{ U_INT_8,			offsetof(private_id_payload_t, id_type)			},
 	/* 3 reserved bytes */
@@ -166,6 +165,13 @@ METHOD(payload_t, verify, status_t,
 {
 	bool bad_length = FALSE;
 
+	if (this->type == NAT_OA_V1 &&
+		this->id_type != ID_IPV4_ADDR && this->id_type != ID_IPV6_ADDR)
+	{
+		DBG1(DBG_ENC, "invalid ID type %N for %N payload", id_type_names,
+			 this->id_type, payload_type_short_names, this->type);
+		return FAILED;
+	}
 	switch (this->id_type)
 	{
 		case ID_IPV4_ADDR_RANGE:
@@ -189,7 +195,7 @@ METHOD(payload_t, verify, status_t,
 METHOD(payload_t, get_encoding_rules, int,
 	private_id_payload_t *this, encoding_rule_t **rules)
 {
-	if (this->type == ID_V1)
+	if (this->type == ID_V1 || this->type == NAT_OA_V1)
 	{
 		*rules = encodings_v1;
 		return countof(encodings_v1);
diff --git a/src/libcharon/encoding/payloads/id_payload.h b/src/libcharon/encoding/payloads/id_payload.h
index bc6920012..22016bc19 100644
--- a/src/libcharon/encoding/payloads/id_payload.h
+++ b/src/libcharon/encoding/payloads/id_payload.h
@@ -63,7 +63,7 @@ struct id_payload_t {
 /**
  * Creates an empty id_payload_t object.
  *
- * @param type		one of ID_INITIATOR, ID_RESPONDER and ID_V1
+ * @param type		one of ID_INITIATOR, ID_RESPONDER, ID_V1 and NAT_OA_V1
  * @return			id_payload_t object
  */
 id_payload_t *id_payload_create(payload_type_t payload_type);
@@ -71,7 +71,7 @@ id_payload_t *id_payload_create(payload_type_t payload_type);
 /**
  * Creates an id_payload_t from an existing identification_t object.
  *
- * @param type		one of ID_INITIATOR, ID_RESPONDER and ID_V1
+ * @param type		one of ID_INITIATOR, ID_RESPONDER, ID_V1 and NAT_OA_V1
  * @param id		identification_t object
  * @return			id_payload_t object
  */
diff --git a/src/libcharon/encoding/payloads/payload.c b/src/libcharon/encoding/payloads/payload.c
index 3a411606c..baa838715 100644
--- a/src/libcharon/encoding/payloads/payload.c
+++ b/src/libcharon/encoding/payloads/payload.c
@@ -55,7 +55,10 @@ ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION_V1, CONFIGURATION_V1, NO_PAYL
 	"DELETE_V1",
 	"VENDOR_ID_V1",
 	"CONFIGURATION_V1");
-ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION, EXTENSIBLE_AUTHENTICATION, CONFIGURATION_V1,
+ENUM_NEXT(payload_type_names, NAT_D_V1, NAT_OA_V1, CONFIGURATION_V1,
+	"NAT_D_V1",
+	"NAT_OA_V1");
+ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION, EXTENSIBLE_AUTHENTICATION, NAT_OA_V1,
 	"SECURITY_ASSOCIATION",
 	"KEY_EXCHANGE",
 	"ID_INITIATOR",
@@ -121,7 +124,10 @@ ENUM_NEXT(payload_type_short_names, SECURITY_ASSOCIATION_V1, CONFIGURATION_V1, N
 	"D",
 	"V",
 	"CP");
-ENUM_NEXT(payload_type_short_names, SECURITY_ASSOCIATION, EXTENSIBLE_AUTHENTICATION, CONFIGURATION_V1,
+ENUM_NEXT(payload_type_short_names, NAT_D_V1, NAT_OA_V1, CONFIGURATION_V1,
+	"NAT-D",
+	"NAT-OA");
+ENUM_NEXT(payload_type_short_names, SECURITY_ASSOCIATION, EXTENSIBLE_AUTHENTICATION, NAT_OA_V1,
 	"SA",
 	"KE",
 	"IDi",
@@ -196,6 +202,7 @@ payload_t *payload_create(payload_type_t type)
 		case ID_INITIATOR:
 		case ID_RESPONDER:
 		case ID_V1:
+		case NAT_OA_V1:
 #ifdef ME
 		case ID_PEER:
 #endif /* ME */
@@ -226,7 +233,8 @@ payload_t *payload_create(payload_type_t type)
 		case VENDOR_ID_V1:
 			return (payload_t*)vendor_id_payload_create(type);
 		case HASH_V1:
-			return (payload_t*)hash_payload_create();
+		case NAT_D_V1:
+			return (payload_t*)hash_payload_create(type);
 		case CONFIGURATION:
 		case CONFIGURATION_V1:
 			return (payload_t*)cp_payload_create(type);
@@ -260,6 +268,10 @@ bool payload_is_known(payload_type_t type)
 	{
 		return TRUE;
 	}
+	if (type >= NAT_D_V1 && type <= NAT_OA_V1)
+	{
+		return TRUE;
+	}
 #ifdef ME
 	if (type == ID_PEER)
 	{
diff --git a/src/libcharon/encoding/payloads/payload.h b/src/libcharon/encoding/payloads/payload.h
index 6209b0822..ed839fc07 100644
--- a/src/libcharon/encoding/payloads/payload.h
+++ b/src/libcharon/encoding/payloads/payload.h
@@ -118,6 +118,16 @@ enum payload_type_t {
 	CONFIGURATION_V1 = 14,
 
 	/**
+	 * NAT discovery payload (NAT-D).
+	 */
+	NAT_D_V1 = 20,
+
+	/**
+	 * NAT original address payload (NAT-OA)
+	 */
+	NAT_OA_V1 = 21,
+
+	/**
 	 * The security association (SA) payload containing proposals.
 	 */
 	SECURITY_ASSOCIATION = 33,