diff options
| -rw-r--r-- | Source/charon/config/configuration_manager.c | 73 | ||||
| -rw-r--r-- | Source/charon/encoding/message.c | 6 | ||||
| -rw-r--r-- | Source/charon/encoding/parser.c | 2 | ||||
| -rw-r--r-- | Source/charon/encoding/payloads/encryption_payload.c | 6 | ||||
| -rw-r--r-- | Source/charon/encoding/payloads/id_payload.c | 45 | ||||
| -rw-r--r-- | Source/charon/encoding/payloads/id_payload.h | 82 | ||||
| -rw-r--r-- | Source/charon/sa/states/ike_sa_init_requested.c | 192 | ||||
| -rw-r--r-- | Source/charon/sa/states/ike_sa_init_responded.c | 1 | ||||
| -rw-r--r-- | Source/charon/sa/states/initiator_init.c | 13 | ||||
| -rw-r--r-- | Source/charon/utils/identification.c | 18 | ||||
| -rw-r--r-- | Source/charon/utils/identification.h | 54 | ||||
| -rw-r--r-- | Source/charon/utils/logger_manager.c | 1 |
12 files changed, 356 insertions, 137 deletions
diff --git a/Source/charon/config/configuration_manager.c b/Source/charon/config/configuration_manager.c index 2d380059a..697b949e5 100644 --- a/Source/charon/config/configuration_manager.c +++ b/Source/charon/config/configuration_manager.c @@ -150,27 +150,30 @@ struct private_configuration_manager_t { static void load_default_config (private_configuration_manager_t *this) { init_config_t *init_config1, *init_config2, *init_config3; - ike_proposal_t proposals[2]; - sa_config_t *sa_config; + ike_proposal_t proposals[2]; + child_proposal_t child_proposals[1]; + sa_config_t *sa_config1, *sa_config2; + traffic_selector_t *ts; - init_config1 = init_config_create("152.96.193.130","152.96.193.131",IKEV2_UDP_PORT,IKEV2_UDP_PORT); + init_config1 = init_config_create("152.96.193.131","152.96.193.131",IKEV2_UDP_PORT,500); init_config2 = init_config_create("152.96.193.131","152.96.193.130",IKEV2_UDP_PORT,IKEV2_UDP_PORT); init_config3 = init_config_create("0.0.0.0","127.0.0.1",IKEV2_UDP_PORT,IKEV2_UDP_PORT); + ts = traffic_selector_create_from_string(1, TS_IPV4_ADDR_RANGE, "0.0.0.0", 0, "255.255.255.255", 65535); proposals[0].encryption_algorithm = ENCR_AES_CBC; - proposals[0].encryption_algorithm_key_length = 20; - proposals[0].integrity_algorithm = AUTH_HMAC_SHA1_96; - proposals[0].integrity_algorithm_key_length = 20; - proposals[0].pseudo_random_function = PRF_HMAC_SHA1; - proposals[0].pseudo_random_function_key_length = 20; - proposals[0].diffie_hellman_group = MODP_768_BIT; + proposals[0].encryption_algorithm_key_length = 16; + proposals[0].integrity_algorithm = AUTH_HMAC_MD5_96; + proposals[0].integrity_algorithm_key_length = 16; + proposals[0].pseudo_random_function = PRF_HMAC_MD5; + proposals[0].pseudo_random_function_key_length = 16; + proposals[0].diffie_hellman_group = MODP_1024_BIT; proposals[1] = proposals[0]; - proposals[1].integrity_algorithm = AUTH_HMAC_MD5_96; - proposals[1].integrity_algorithm_key_length = 16; - proposals[1].pseudo_random_function = PRF_HMAC_MD5; - proposals[1].pseudo_random_function_key_length = 16; + proposals[1].integrity_algorithm = AUTH_HMAC_SHA1_96; + proposals[1].integrity_algorithm_key_length = 20; + proposals[1].pseudo_random_function = PRF_HMAC_SHA1; + proposals[1].pseudo_random_function_key_length = 20; init_config1->add_proposal(init_config1,1,proposals[0]); init_config1->add_proposal(init_config1,1,proposals[1]); @@ -179,9 +182,45 @@ static void load_default_config (private_configuration_manager_t *this) init_config3->add_proposal(init_config3,1,proposals[0]); init_config3->add_proposal(init_config3,1,proposals[1]); - this->add_new_configuration(this,"pinflb31",init_config1,sa_config); - this->add_new_configuration(this,"pinflb30",init_config2,sa_config); - this->add_new_configuration(this,"localhost",init_config3,sa_config); + sa_config1 = sa_config_create(ID_IPV4_ADDR, "152.96.193.130", + ID_IPV4_ADDR, "152.96.193.131", + RSA_DIGITAL_SIGNATURE); + + sa_config1->add_traffic_selector_initiator(sa_config1,ts); + sa_config1->add_traffic_selector_responder(sa_config1,ts); + + sa_config2 = sa_config_create(ID_IPV4_ADDR, "152.96.193.130", + ID_IPV4_ADDR, "152.96.193.131", + RSA_DIGITAL_SIGNATURE); + + sa_config2->add_traffic_selector_initiator(sa_config2,ts); + sa_config2->add_traffic_selector_responder(sa_config2,ts); + + ts->destroy(ts); + + /* ah and esp prop */ + child_proposals[0].ah.is_set = TRUE; + child_proposals[0].ah.integrity_algorithm = AUTH_HMAC_MD5_96; + child_proposals[0].ah.integrity_algorithm_key_size = 16; + child_proposals[0].ah.diffie_hellman_group = MODP_1024_BIT; + child_proposals[0].ah.extended_sequence_numbers = NO_EXT_SEQ_NUMBERS; + + child_proposals[0].esp.is_set = TRUE; + child_proposals[0].esp.diffie_hellman_group = MODP_1024_BIT; + child_proposals[0].esp.encryption_algorithm = ENCR_AES_CBC; + child_proposals[0].esp.encryption_algorithm_key_size = 16; + child_proposals[0].esp.integrity_algorithm = AUTH_UNDEFINED; + child_proposals[0].esp.spi[0] = 2; + child_proposals[0].esp.spi[1] = 2; + child_proposals[0].esp.spi[2] = 2; + child_proposals[0].esp.spi[3] = 2; + + sa_config1->add_proposal(sa_config1, &child_proposals[0]); + sa_config2->add_proposal(sa_config2, &child_proposals[0]); + + this->add_new_configuration(this,"pinflb31",init_config1,sa_config2); + this->add_new_configuration(this,"pinflb30",init_config2,sa_config1); + this->add_new_configuration(this,"localhost",init_config3,sa_config1); } @@ -430,7 +469,7 @@ static void destroy(private_configuration_manager_t *this) { sa_config_t *sa_config; this->sa_configs->remove_first(this->sa_configs,(void **) &sa_config); -// sa_config->destroy(sa_config); + sa_config->destroy(sa_config); } this->sa_configs->destroy(this->sa_configs); diff --git a/Source/charon/encoding/message.c b/Source/charon/encoding/message.c index a22608e86..d3b92f3f1 100644 --- a/Source/charon/encoding/message.c +++ b/Source/charon/encoding/message.c @@ -892,6 +892,7 @@ static status_t decrypt_and_verify_payloads (private_message_t *this,crypter_t * if (encryption_payload->get_payload_count(encryption_payload) == 0) { + this->logger->log(this->logger, CONTROL | MORE, "Encrypted payload is empty"); iterator->remove(iterator); encryption_payload->destroy(encryption_payload); /* encrypted payload contains no other payload */ @@ -908,10 +909,13 @@ static status_t decrypt_and_verify_payloads (private_message_t *this,crypter_t * * Set the next payload of proceeding payload * to the first payload of encrypted ones */ last_payload->set_next_type(last_payload,current_payload_type); - } + } + break; } + this->logger->log(this->logger, CONTROL | MORE, "Encrypted payload is not empty"); + /* encryption_payload is replaced with first encrypted payload*/ encryption_payload->remove_first_payload(encryption_payload, ¤t_encrypted_payload); diff --git a/Source/charon/encoding/parser.c b/Source/charon/encoding/parser.c index 59b38ee0b..aa037ce72 100644 --- a/Source/charon/encoding/parser.c +++ b/Source/charon/encoding/parser.c @@ -814,7 +814,7 @@ static status_t parse_payload(private_parser_t *this, payload_type_t payload_typ { pld->destroy(pld); return PARSE_ERROR; - } + } break; } case AUTH_DATA: diff --git a/Source/charon/encoding/payloads/encryption_payload.c b/Source/charon/encoding/payloads/encryption_payload.c index e43d38fe0..70bdcc9b2 100644 --- a/Source/charon/encoding/payloads/encryption_payload.c +++ b/Source/charon/encoding/payloads/encryption_payload.c @@ -388,9 +388,7 @@ static status_t decrypt(private_encryption_payload_t *this) /* free padding */ this->decrypted.ptr = allocator_realloc(this->decrypted.ptr, this->decrypted.len); - this->parse(this); - - return SUCCESS; + return (this->parse(this)); } /** @@ -539,9 +537,11 @@ static status_t parse(private_encryption_payload_t *this) return PARSE_ERROR; } + status = current_payload->verify(current_payload); if (status != SUCCESS) { + current_payload->destroy(current_payload); parser->destroy(parser); return VERIFY_ERROR; } diff --git a/Source/charon/encoding/payloads/id_payload.c b/Source/charon/encoding/payloads/id_payload.c index 0eae19f16..285791279 100644 --- a/Source/charon/encoding/payloads/id_payload.c +++ b/Source/charon/encoding/payloads/id_payload.c @@ -25,21 +25,6 @@ #include <encoding/payloads/encodings.h> #include <utils/allocator.h> -/** - * String mappings for id_type_t. - */ -mapping_t id_type_m[] = { -{ID_IPV4_ADDR, "ID_IPV4_ADDR"}, -{ID_FQDN, "ID_FQDN"}, -{ID_RFC822_ADDR, "ID_RFC822_ADDR"}, -{ID_IPV6_ADDR, "ID_IPV6_ADDR"}, -{ID_DER_ASN1_DN, "ID_DER_ASN1_DN"}, -{ID_DER_ASN1_GN, "ID_DER_ASN1_GN"}, -{ID_KEY_ID, "ID_KEY_ID"}, -{MAPPING_END, NULL} -}; - - typedef struct private_id_payload_t private_id_payload_t; /** @@ -108,11 +93,11 @@ encoding_rule_t id_payload_encodings[] = { /* 1 Byte ID type*/ { U_INT_8, offsetof(private_id_payload_t, id_type) }, /* 3 reserved bytes */ - { RESERVED_BYTE, 0 }, - { RESERVED_BYTE, 0 }, - { RESERVED_BYTE, 0 }, + { RESERVED_BYTE, 0 }, + { RESERVED_BYTE, 0 }, + { RESERVED_BYTE, 0 }, /* some id data bytes, length is defined in PAYLOAD_LENGTH */ - { ID_DATA, offsetof(private_id_payload_t, id_data) } + { ID_DATA, offsetof(private_id_payload_t, id_data) } }; /* @@ -261,6 +246,14 @@ static void set_initiator (private_id_payload_t *this,bool is_initiator) } /** + * Implementation of id_payload_t.get_identification. + */ +static identification_t * get_identification (private_id_payload_t *this) +{ + return identification_create_from_encoding(this->id_type,this->id_data); +} + +/** * Implementation of payload_t.destroy and id_payload_t.destroy. */ static void destroy(private_id_payload_t *this) @@ -274,7 +267,7 @@ static void destroy(private_id_payload_t *this) } /* - * Described in header + * Described in header. */ id_payload_t *id_payload_create(bool is_initiator) { @@ -297,6 +290,7 @@ id_payload_t *id_payload_create(bool is_initiator) this->public.get_data = (chunk_t (*) (id_payload_t *)) get_data; this->public.get_initiator = (bool (*) (id_payload_t *)) get_initiator; this->public.set_initiator = (void (*) (id_payload_t *,bool)) set_initiator; + this->public.get_identification = (identification_t * (*) (id_payload_t *this)) get_identification; /* private variables */ this->critical = FALSE; @@ -307,3 +301,14 @@ id_payload_t *id_payload_create(bool is_initiator) return (&(this->public)); } + +/* + * Described in header. + */ +id_payload_t *id_payload_create_from_identification(bool is_initiator,identification_t *identification) +{ + id_payload_t *this= id_payload_create(is_initiator); + this->set_data(this,identification->get_encoding(identification)); + this->set_id_type(this,identification->get_type(identification)); + return this; +} diff --git a/Source/charon/encoding/payloads/id_payload.h b/Source/charon/encoding/payloads/id_payload.h index 416c1c4b5..7348f2668 100644 --- a/Source/charon/encoding/payloads/id_payload.h +++ b/Source/charon/encoding/payloads/id_payload.h @@ -25,6 +25,7 @@ #define _ID_PAYLOAD_H_ #include <types.h> +#include <utils/identification.h> #include <encoding/payloads/payload.h> /** @@ -35,61 +36,6 @@ #define ID_PAYLOAD_HEADER_LENGTH 8 -typedef enum id_type_t id_type_t; - -/** - * ID Types of a ID payload. - * - * @ingroup payloads - */ -enum id_type_t { - /** - * ID data is a single four (4) octet IPv4 address. - */ - ID_IPV4_ADDR = 1, - - /** - * ID data is a fully-qualified domain name string. - * An example of a ID_FQDN is, "example.com". - * The string MUST not contain any terminators (e.g., NULL, CR, etc.). - */ - ID_FQDN = 2, - - /** - * ID data is a fully-qualified RFC822 email address string, An example of - * a ID_RFC822_ADDR is, "jsmith@example.com". The string MUST - * not contain any terminators. - */ - ID_RFC822_ADDR = 3, - - /** - * ID data is a single sixteen (16) octet IPv6 address. - */ - ID_IPV6_ADDR = 5, - - /** - * ID data is the binary DER encoding of an ASN.1 X.500 Distinguished Name - * [X.501]. - */ - ID_DER_ASN1_DN = 9, - - /** - * ID data is the binary DER encoding of an ASN.1 X.500 GeneralName - * [X.509]. - */ - ID_DER_ASN1_GN = 10, - - /** - * ID data is an opaque octet stream which may be used to pass vendor- - * specific information necessary to do certain proprietary - * types of identification. - */ - ID_KEY_ID = 11 -}; - -extern mapping_t id_type_m[]; - - typedef struct id_payload_t id_payload_t; /** @@ -144,6 +90,18 @@ struct id_payload_t { chunk_t (*get_data) (id_payload_t *this); /** + * @brief Creates an identification object of this id payload. + * + * Returned object has to get destroyed by the caller. + * + * @param this calling id_payload_t object + * @return + * - identification_t object + * - NULL if ID type not supported + */ + identification_t *(*get_identification) (id_payload_t *this); + + /** * @brief Get the type of ID payload (IDi or IDr). * * @param this calling id_payload_t object @@ -186,5 +144,19 @@ struct id_payload_t { */ id_payload_t *id_payload_create(bool is_initiator); +/** + * @brief Creates an id_payload_t from an existing identification_t object. + * + * @param is_initiator + * - TRUE if this payload is of type IDi + * - FALSE if this payload is of type IDr + * @param identification identification_t object + * @return created id_payload_t object + * + * @ingroup payloads + */ +id_payload_t *id_payload_create_from_identification(bool is_initiator,identification_t *identification); + + #endif //_ID_PAYLOAD_H_ diff --git a/Source/charon/sa/states/ike_sa_init_requested.c b/Source/charon/sa/states/ike_sa_init_requested.c index 29d6c284a..946e46839 100644 --- a/Source/charon/sa/states/ike_sa_init_requested.c +++ b/Source/charon/sa/states/ike_sa_init_requested.c @@ -29,6 +29,7 @@ #include <encoding/payloads/nonce_payload.h> #include <encoding/payloads/id_payload.h> #include <encoding/payloads/auth_payload.h> +#include <encoding/payloads/ts_payload.h> #include <transforms/diffie_hellman.h> #include <sa/states/ike_auth_requested.h> @@ -73,7 +74,7 @@ struct private_ike_sa_init_requested_t { /** * DH group priority used to get dh_group_number from configuration manager. * - * Currently uused but usable if informational messages of unsupported dh group number are processed. + * Currently unused but usable if informational messages of unsupported dh group number are processed. */ u_int16_t dh_group_priority; @@ -111,6 +112,33 @@ struct private_ike_sa_init_requested_t { void (*build_auth_payload) (private_ike_sa_init_requested_t *this, payload_t **payload); /** + * Builds the SA payload for this state. + * + * @param this calling object + * @param payload The generated payload object of type sa_payload_t is + * stored at this location. + */ + void (*build_sa_payload) (private_ike_sa_init_requested_t *this, payload_t **payload); + + /** + * Builds the TSi payload for this state. + * + * @param this calling object + * @param payload The generated payload object of type ts_payload_t is + * stored at this location. + */ + void (*build_tsi_payload) (private_ike_sa_init_requested_t *this, payload_t **payload); + + /** + * Builds the TSr payload for this state. + * + * @param this calling object + * @param payload The generated payload object of type ts_payload_t is + * stored at this location. + */ + void (*build_tsr_payload) (private_ike_sa_init_requested_t *this, payload_t **payload); + + /** * Destroy function called internally of this class after state change succeeded. * * This destroy function does not destroy objects which were passed to the new state. @@ -123,45 +151,61 @@ struct private_ike_sa_init_requested_t { /** * Implements state_t.get_state */ -static status_t process_message(private_ike_sa_init_requested_t *this, message_t *reply) +static status_t process_message(private_ike_sa_init_requested_t *this, message_t *ike_sa_init_reply) { - status_t status; - iterator_t *payloads; + ike_auth_requested_t *next_state; exchange_type_t exchange_type; - message_t *request; - packet_t *packet; u_int64_t responder_spi; ike_sa_id_t *ike_sa_id; - ike_auth_requested_t *next_state; + iterator_t *payloads; + message_t *request; + packet_t *packet; + status_t status; - - exchange_type = reply->get_exchange_type(reply); + /* + * In this state a reply message of type IKE_SA_INIT is expected: + * + * <-- HDR, SAr1, KEr, Nr, [CERTREQ] + * or + * <-- HDR, N + */ + exchange_type = ike_sa_init_reply->get_exchange_type(ike_sa_init_reply); if (exchange_type != IKE_SA_INIT) { this->logger->log(this->logger, ERROR | MORE, "Message of type %s not supported in state ike_sa_init_requested",mapping_find(exchange_type_m,exchange_type)); return FAILED; } - if (reply->get_request(reply)) + if (ike_sa_init_reply->get_request(ike_sa_init_reply)) { this->logger->log(this->logger, ERROR | MORE, "Only responses of type IKE_SA_INIT supported in state ike_sa_init_requested"); return FAILED; } /* parse incoming message */ - status = reply->parse_body(reply, NULL, NULL); + status = ike_sa_init_reply->parse_body(ike_sa_init_reply, NULL, NULL); if (status != SUCCESS) { - this->logger->log(this->logger, ERROR | MORE, "Could not parse body"); + this->logger->log(this->logger, ERROR | MORE, "Parsing of body returned error: %s",mapping_find(status_m,status)); return status; } - responder_spi = reply->get_responder_spi(reply); + + if (responder_spi == 0) + { + this->logger->log(this->logger, ERROR | MORE, "Responder SPI still zero."); + return FAILED; + } + /* because I am original initiator i have to update the responder SPI to the new one */ + responder_spi = ike_sa_init_reply->get_responder_spi(ike_sa_init_reply); ike_sa_id = this->ike_sa->public.get_id(&(this->ike_sa->public)); ike_sa_id->set_responder_spi(ike_sa_id,responder_spi); - /* iterate over incoming payloads */ - payloads = reply->get_payload_iterator(reply); + /* Iterate over all payloads. + * + * The message is allready checked for the right payload types. + */ + payloads = ike_sa_init_reply->get_payload_iterator(ike_sa_init_reply); while (payloads->has_next(payloads)) { payload_t *payload; @@ -269,7 +313,7 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t if (status != SUCCESS) { this->logger->log(this->logger, ERROR, "could not generate packet from message"); - reply->destroy(reply); + request->destroy(request); return status; } @@ -315,7 +359,6 @@ static void build_ike_auth_request (private_ike_sa_init_requested_t *this, messa this->logger->log(this->logger, CONTROL|MOST, "Going to build empty message"); this->ike_sa->build_message(this->ike_sa, IKE_AUTH, TRUE, &message); - /* build id payload */ this->build_id_payload(this, &payload); this->logger->log(this->logger, CONTROL|MOST, "add ID payload to message"); @@ -326,6 +369,21 @@ static void build_ike_auth_request (private_ike_sa_init_requested_t *this, messa this->logger->log(this->logger, CONTROL|MOST, "add AUTH payload to message"); message->add_payload(message, payload); + /* build sa payload */ + this->build_sa_payload(this, &payload); + this->logger->log(this->logger, CONTROL|MOST, "add SA payload to message"); + message->add_payload(message, payload); + + /* build tsi payload */ + this->build_tsi_payload(this, &payload); + this->logger->log(this->logger, CONTROL|MOST, "add TSi payload to message"); + message->add_payload(message, payload); + + /* build tsr payload */ + this->build_tsr_payload(this, &payload); + this->logger->log(this->logger, CONTROL|MOST, "add TSr payload to message"); + message->add_payload(message, payload); + *request = message; } @@ -334,18 +392,16 @@ static void build_ike_auth_request (private_ike_sa_init_requested_t *this, messa */ static void build_id_payload (private_ike_sa_init_requested_t *this, payload_t **payload) { + sa_config_t *sa_config; id_payload_t *id_payload; - chunk_t email; + identification_t *identification; + + sa_config = this->ike_sa->get_sa_config(this->ike_sa); + + identification = sa_config->get_my_id(sa_config); /* create IDi */ - id_payload = id_payload_create(TRUE); - /* TODO special functions on id payload */ - /* TODO configuration manager request */ - id_payload->set_id_type(id_payload,ID_RFC822_ADDR); - email.ptr = "moerdi@hsr.ch"; - email.len = strlen(email.ptr)+1; - this->logger->log_chunk(this->logger, CONTROL, "Moerdi",&email); - id_payload->set_data(id_payload,email); + id_payload = id_payload_create_from_identification(TRUE,identification); *payload = (payload_t *) id_payload; } @@ -356,20 +412,78 @@ static void build_id_payload (private_ike_sa_init_requested_t *this, payload_t * static void build_auth_payload (private_ike_sa_init_requested_t *this, payload_t **payload) { auth_payload_t *auth_payload; - chunk_t auth_data; + sa_config_t *sa_config; + + sa_config = this->ike_sa->get_sa_config(this->ike_sa); - /* create IDi */ auth_payload = auth_payload_create(); - /* TODO configuration manager request */ - auth_payload->set_auth_method(auth_payload,RSA_DIGITAL_SIGNATURE); - auth_data.ptr = "this is the key"; - auth_data.len = strlen(auth_data.ptr); - this->logger->log_chunk(this->logger, CONTROL, "Auth Data",&auth_data); - auth_payload->set_data(auth_payload,auth_data); + auth_payload->set_auth_method(auth_payload,sa_config->get_auth_method(sa_config)); *payload = (payload_t *) auth_payload; } /** + * Implementation of private_ike_sa_init_requested_t.build_sa_payload. + */ +static void build_sa_payload (private_ike_sa_init_requested_t *this, payload_t **payload) +{ + sa_config_t *sa_config; + sa_payload_t *sa_payload; + u_int8_t esp_spi[4] = {0x01,0x01,0x01,0x01}; + u_int8_t ah_spi[4] = {0x01,0x01,0x01,0x01}; + size_t proposal_count; + child_proposal_t *proposals; + + sa_config = this->ike_sa->get_sa_config(this->ike_sa); + + proposal_count = sa_config->get_proposals(sa_config,ah_spi,esp_spi,&proposals); + /* create IDi */ + sa_payload = sa_payload_create_from_child_proposals(proposals, proposal_count); + allocator_free(proposals); + *payload = (payload_t *) sa_payload; +} + +/** + * Implementation of private_ike_sa_init_requested_t.build_tsi_payload. + */ +static void build_tsi_payload (private_ike_sa_init_requested_t *this, payload_t **payload) +{ + sa_config_t *sa_config; + ts_payload_t *ts_payload; + size_t traffic_selectors_count; + traffic_selector_t **traffic_selectors; + + sa_config = this->ike_sa->get_sa_config(this->ike_sa); + + traffic_selectors_count = sa_config->get_traffic_selectors_initiator(sa_config,&traffic_selectors); + + /* create IDi */ + ts_payload = ts_payload_create_from_traffic_selectors(TRUE,traffic_selectors, traffic_selectors_count); + allocator_free(traffic_selectors); + *payload = (payload_t *) ts_payload; +} + +/** + * Implementation of private_ike_sa_init_requested_t.build_tsr_payload. + */ +static void build_tsr_payload (private_ike_sa_init_requested_t *this, payload_t **payload) +{ + sa_config_t *sa_config; + ts_payload_t *ts_payload; + size_t traffic_selectors_count; + traffic_selector_t **traffic_selectors; + + sa_config = this->ike_sa->get_sa_config(this->ike_sa); + + traffic_selectors_count = sa_config->get_traffic_selectors_responder(sa_config,&traffic_selectors); + + /* create IDi */ + ts_payload = ts_payload_create_from_traffic_selectors(FALSE,traffic_selectors, traffic_selectors_count); + allocator_free(traffic_selectors); + *payload = (payload_t *) ts_payload; +} + + +/** * Implements state_t.get_state */ static ike_sa_state_t get_state(private_ike_sa_init_requested_t *this) @@ -386,12 +500,11 @@ static void destroy_after_state_change (private_ike_sa_init_requested_t *this) this->logger->log(this->logger, CONTROL | MOST, "Destroy diffie hellman object"); this->diffie_hellman->destroy(this->diffie_hellman); - + allocator_free(this->sent_nonce.ptr); allocator_free(this->received_nonce.ptr); allocator_free(this->shared_secret.ptr); - allocator_free(this); - + allocator_free(this); } /** @@ -413,7 +526,7 @@ static void destroy(private_ike_sa_init_requested_t *this) /* * Described in header. */ -ike_sa_init_requested_t *ike_sa_init_requested_create(protected_ike_sa_t *ike_sa,u_int16_t dh_group_priority, diffie_hellman_t *diffie_hellman, chunk_t sent_nonce) +ike_sa_init_requested_t *ike_sa_init_requested_create(protected_ike_sa_t *ike_sa, u_int16_t dh_group_priority, diffie_hellman_t *diffie_hellman, chunk_t sent_nonce) { private_ike_sa_init_requested_t *this = allocator_alloc_thing(private_ike_sa_init_requested_t); @@ -426,6 +539,9 @@ ike_sa_init_requested_t *ike_sa_init_requested_create(protected_ike_sa_t *ike_sa this->build_ike_auth_request = build_ike_auth_request; this->build_id_payload = build_id_payload; this->build_auth_payload = build_auth_payload; + this->build_sa_payload = build_sa_payload; + this->build_tsi_payload = build_tsi_payload; + this->build_tsr_payload = build_tsr_payload; this->destroy_after_state_change = destroy_after_state_change; /* private data */ diff --git a/Source/charon/sa/states/ike_sa_init_responded.c b/Source/charon/sa/states/ike_sa_init_responded.c index 7aa1fd044..70090eb71 100644 --- a/Source/charon/sa/states/ike_sa_init_responded.c +++ b/Source/charon/sa/states/ike_sa_init_responded.c @@ -109,6 +109,7 @@ static status_t process_message(private_ike_sa_init_responded_t *this, message_t crypter = this->ike_sa->get_crypter_initiator(this->ike_sa); /* parse incoming message */ + status = message->parse_body(message, crypter, signer); if (status != SUCCESS) { diff --git a/Source/charon/sa/states/initiator_init.c b/Source/charon/sa/states/initiator_init.c index 2c653ee2f..8a0669a12 100644 --- a/Source/charon/sa/states/initiator_init.c +++ b/Source/charon/sa/states/initiator_init.c @@ -136,6 +136,7 @@ static status_t initiate_connection (private_initiator_init_t *this, char *name) status_t status; randomizer_t *randomizer; init_config_t *init_config; + sa_config_t *sa_config; this->logger->log(this->logger, CONTROL, "Initializing connection %s",name); @@ -151,6 +152,18 @@ static status_t initiate_connection (private_initiator_init_t *this, char *name) /* configuration can be set */ this->ike_sa->set_init_config(this->ike_sa,init_config); + /* get sa_config_t object */ + status = charon->configuration_manager->get_sa_config_for_name(charon->configuration_manager,name,&sa_config); + + if (status != SUCCESS) + { + this->logger->log(this->logger, ERROR | MORE, "Could not retrieve SA configuration informations for %s",name); + return INVALID_ARG; + } + + /* configuration can be set */ + this->ike_sa->set_sa_config(this->ike_sa,sa_config); + this->ike_sa->set_other_host(this->ike_sa,init_config->get_other_host_clone(init_config)); this->ike_sa->set_my_host(this->ike_sa,init_config->get_my_host_clone(init_config)); diff --git a/Source/charon/utils/identification.c b/Source/charon/utils/identification.c index 124ae46fb..139fd4ac9 100644 --- a/Source/charon/utils/identification.c +++ b/Source/charon/utils/identification.c @@ -29,6 +29,22 @@ #include <utils/allocator.h> +/** + * String mappings for id_type_t. + */ +mapping_t id_type_m[] = { +{ID_IPV4_ADDR, "ID_IPV4_ADDR"}, +{ID_FQDN, "ID_FQDN"}, +{ID_RFC822_ADDR, "ID_RFC822_ADDR"}, +{ID_IPV6_ADDR, "ID_IPV6_ADDR"}, +{ID_DER_ASN1_DN, "ID_DER_ASN1_DN"}, +{ID_DER_ASN1_GN, "ID_DER_ASN1_GN"}, +{ID_KEY_ID, "ID_KEY_ID"}, +{MAPPING_END, NULL} +}; + + + typedef struct private_identification_t private_identification_t; /** @@ -136,6 +152,7 @@ static private_identification_t *identification_create() identification_t *identification_create_from_string(id_type_t type, char *string) { private_identification_t *this = identification_create(); + this->type = type; switch (type) { case ID_IPV4_ADDR: @@ -175,6 +192,7 @@ identification_t *identification_create_from_string(id_type_t type, char *string identification_t *identification_create_from_encoding(id_type_t type, chunk_t encoded) { private_identification_t *this = identification_create(); + this->type = type; switch (type) { case ID_IPV4_ADDR: diff --git a/Source/charon/utils/identification.h b/Source/charon/utils/identification.h index 0231721a5..199018382 100644 --- a/Source/charon/utils/identification.h +++ b/Source/charon/utils/identification.h @@ -27,7 +27,59 @@ #include "types.h" -#include <encoding/payloads/id_payload.h> +typedef enum id_type_t id_type_t; + +/** + * ID Types of a ID payload. + * + * @ingroup payloads + */ +enum id_type_t { + /** + * ID data is a single four (4) octet IPv4 address. + */ + ID_IPV4_ADDR = 1, + + /** + * ID data is a fully-qualified domain name string. + * An example of a ID_FQDN is, "example.com". + * The string MUST not contain any terminators (e.g., NULL, CR, etc.). + */ + ID_FQDN = 2, + + /** + * ID data is a fully-qualified RFC822 email address string, An example of + * a ID_RFC822_ADDR is, "jsmith@example.com". The string MUST + * not contain any terminators. + */ + ID_RFC822_ADDR = 3, + + /** + * ID data is a single sixteen (16) octet IPv6 address. + */ + ID_IPV6_ADDR = 5, + + /** + * ID data is the binary DER encoding of an ASN.1 X.500 Distinguished Name + * [X.501]. + */ + ID_DER_ASN1_DN = 9, + + /** + * ID data is the binary DER encoding of an ASN.1 X.500 GeneralName + * [X.509]. + */ + ID_DER_ASN1_GN = 10, + + /** + * ID data is an opaque octet stream which may be used to pass vendor- + * specific information necessary to do certain proprietary + * types of identification. + */ + ID_KEY_ID = 11 +}; + +extern mapping_t id_type_m[]; typedef struct identification_t identification_t; diff --git a/Source/charon/utils/logger_manager.c b/Source/charon/utils/logger_manager.c index cd73e8ac9..d030d5cbe 100644 --- a/Source/charon/utils/logger_manager.c +++ b/Source/charon/utils/logger_manager.c @@ -150,7 +150,6 @@ static logger_t *create_logger(private_logger_manager_t *this, logger_context_t case MESSAGE: case WORKER: logger_level |= ALL; - break; case PARSER: case GENERATOR: case THREAD_POOL: |