aboutsummaryrefslogtreecommitdiffstats
path: root/Source/charon/encoding/payloads/sa_payload.c
diff options
context:
space:
mode:
Diffstat (limited to 'Source/charon/encoding/payloads/sa_payload.c')
-rw-r--r--Source/charon/encoding/payloads/sa_payload.c186
1 files changed, 186 insertions, 0 deletions
diff --git a/Source/charon/encoding/payloads/sa_payload.c b/Source/charon/encoding/payloads/sa_payload.c
index 4054c6fb3..d2aecf875 100644
--- a/Source/charon/encoding/payloads/sa_payload.c
+++ b/Source/charon/encoding/payloads/sa_payload.c
@@ -243,11 +243,157 @@ static iterator_t *create_proposal_substructure_iterator (private_sa_payload_t *
*/
static void add_proposal_substructure (private_sa_payload_t *this,proposal_substructure_t *proposal)
{
+ status_t status;
+ if (this->proposals->get_count(this->proposals) > 0)
+ {
+ proposal_substructure_t *last_proposal;
+ status = this->proposals->get_last(this->proposals,(void **) &last_proposal);
+ /* last transform is now not anymore last one */
+ last_proposal->set_is_last_proposal(last_proposal,FALSE);
+ }
+ proposal->set_is_last_proposal(proposal,TRUE);
+
this->proposals->insert_last(this->proposals,(void *) proposal);
this->compute_length(this);
}
/**
+ * Implementation of sa_payload_t.get_ike_proposals.
+ */
+static status_t get_ike_proposals (private_sa_payload_t *this,ike_proposal_t ** proposals, size_t *proposal_count)
+{
+ int found_ike_proposals = 0;
+ int current_proposal_number = 0;
+ iterator_t *iterator;
+ ike_proposal_t *tmp_proposals;
+
+
+ iterator = this->proposals->create_iterator(this->proposals,TRUE);
+
+ /* first find out the number of ike proposals and check their number of transforms and
+ * if the SPI is empty!*/
+ while (iterator->has_next(iterator))
+ {
+ proposal_substructure_t *current_proposal;
+ iterator->current(iterator,(void **)&(current_proposal));
+ if (current_proposal->get_protocol_id(current_proposal) == IKE)
+ {
+ /* a ike proposal consists of 4 transforms and an empty spi*/
+ if ((current_proposal->get_transform_count(current_proposal) != 4) ||
+ (current_proposal->get_spi_size(current_proposal) != 0))
+ {
+ iterator->destroy(iterator);
+ return FAILED;
+ }
+
+ found_ike_proposals++;
+ }
+ }
+ iterator->reset(iterator);
+
+ if (found_ike_proposals == 0)
+ {
+ iterator->destroy(iterator);
+ return NOT_FOUND;
+ }
+
+ /* allocate memory to hold each proposal as ike_proposal_t */
+
+ tmp_proposals = allocator_alloc(found_ike_proposals * sizeof(ike_proposal_t));
+
+ /* create from each proposal_substructure a ike_proposal_t data area*/
+ while (iterator->has_next(iterator))
+ {
+ proposal_substructure_t *current_proposal;
+ iterator->current(iterator,(void **)&(current_proposal));
+ if (current_proposal->get_protocol_id(current_proposal) == IKE)
+ {
+ bool encryption_algorithm_found = FALSE;
+ bool integrity_algorithm_found = FALSE;
+ bool pseudo_random_function_found = FALSE;
+ bool diffie_hellman_group_found = FALSE;
+ status_t status;
+ iterator_t *transforms;
+
+ transforms = current_proposal->create_transform_substructure_iterator(current_proposal,TRUE);
+ while (transforms->has_next(transforms))
+ {
+ transform_substructure_t *current_transform;
+ transforms->current(transforms,(void **)&(current_transform));
+
+ switch (current_transform->get_transform_type(current_transform))
+ {
+ case ENCRYPTION_ALGORITHM:
+ {
+ tmp_proposals[current_proposal_number].encryption_algorithm = current_transform->get_transform_id(current_transform);
+ status = current_transform->get_key_length(current_transform,&(tmp_proposals[current_proposal_number].encryption_algorithm_key_length));
+ if (status == SUCCESS)
+ {
+ encryption_algorithm_found = TRUE;
+ }
+ break;
+ }
+ case INTEGRITY_ALGORITHM:
+ {
+ tmp_proposals[current_proposal_number].integrity_algorithm = current_transform->get_transform_id(current_transform);
+ status = current_transform->get_key_length(current_transform,&(tmp_proposals[current_proposal_number].integrity_algorithm_key_length));
+ if (status == SUCCESS)
+ {
+ integrity_algorithm_found = TRUE;
+ }
+ break;
+ }
+ case PSEUDO_RANDOM_FUNCTION:
+ {
+ tmp_proposals[current_proposal_number].pseudo_random_function = current_transform->get_transform_id(current_transform);
+ status = current_transform->get_key_length(current_transform,&(tmp_proposals[current_proposal_number].pseudo_random_function_key_length));
+ if (status == SUCCESS)
+ {
+ pseudo_random_function_found = TRUE;
+ }
+ break;
+ }
+ case DIFFIE_HELLMAN_GROUP:
+ {
+ tmp_proposals[current_proposal_number].diffie_hellman_group = current_transform->get_transform_id(current_transform);
+ diffie_hellman_group_found = TRUE;
+ break;
+ }
+ default:
+ {
+ /* not a transform of an ike proposal. Break here */
+ break;
+ }
+ }
+
+ }
+
+ transforms->destroy(transforms);
+
+ if ((!encryption_algorithm_found) ||
+ (!integrity_algorithm_found) ||
+ (!pseudo_random_function_found) ||
+ (!diffie_hellman_group_found))
+ {
+ /* one of needed transforms could not be found */
+ iterator->reset(iterator);
+ allocator_free(tmp_proposals);
+ return FAILED;
+ }
+
+ current_proposal_number++;
+ }
+ }
+
+ iterator->destroy(iterator);
+
+ *proposals = tmp_proposals;
+ *proposal_count = found_ike_proposals;
+
+ return SUCCESS;
+}
+
+/**
* Implementation of private_sa_payload_t.compute_length.
*/
static void compute_length (private_sa_payload_t *this)
@@ -285,6 +431,7 @@ sa_payload_t *sa_payload_create()
/* public functions */
this->public.create_proposal_substructure_iterator = (iterator_t* (*) (sa_payload_t *,bool)) create_proposal_substructure_iterator;
this->public.add_proposal_substructure = (void (*) (sa_payload_t *,proposal_substructure_t *)) add_proposal_substructure;
+ this->public.get_ike_proposals = (status_t (*) (sa_payload_t *, ike_proposal_t **, size_t *)) get_ike_proposals;
this->public.destroy = (void (*) (sa_payload_t *)) destroy;
/* private functions */
@@ -299,4 +446,43 @@ sa_payload_t *sa_payload_create()
return (&(this->public));
}
+/*
+ * Described in header.
+ */
+sa_payload_t *sa_payload_create_from_ike_proposals(ike_proposal_t *proposals, size_t proposal_count)
+{
+ int i;
+ sa_payload_t *sa_payload= sa_payload_create();
+
+ for (i = 0; i < proposal_count; i++)
+ {
+ proposal_substructure_t *proposal_substructure;
+ transform_substructure_t *encryption_algorithm;
+ transform_substructure_t *integrity_algorithm;
+ transform_substructure_t *pseudo_random_function;
+ transform_substructure_t *diffie_hellman_group;
+
+ /* create proposal substructure */
+ proposal_substructure = proposal_substructure_create();
+ proposal_substructure->set_protocol_id(proposal_substructure,IKE);
+ proposal_substructure->set_proposal_number(proposal_substructure,(i + 1));
+ /* create transform substructures to hold each specific transform for an ike proposal */
+ encryption_algorithm = transform_substructure_create_type(ENCRYPTION_ALGORITHM,proposals[i].encryption_algorithm,proposals[i].encryption_algorithm_key_length);
+ proposal_substructure->add_transform_substructure(proposal_substructure,encryption_algorithm);
+
+ pseudo_random_function = transform_substructure_create_type(PSEUDO_RANDOM_FUNCTION,proposals[i].pseudo_random_function,proposals[i].pseudo_random_function_key_length);
+ proposal_substructure->add_transform_substructure(proposal_substructure,pseudo_random_function);
+
+ integrity_algorithm = transform_substructure_create_type(INTEGRITY_ALGORITHM,proposals[i].integrity_algorithm,proposals[i].integrity_algorithm_key_length);
+ proposal_substructure->add_transform_substructure(proposal_substructure,integrity_algorithm);
+
+ diffie_hellman_group = transform_substructure_create_type(DIFFIE_HELLMAN_GROUP,proposals[i].diffie_hellman_group,0);
+ proposal_substructure->add_transform_substructure(proposal_substructure,diffie_hellman_group);
+
+ /* add proposal to sa payload */
+ sa_payload->add_proposal_substructure(sa_payload,proposal_substructure);
+ }
+
+ return sa_payload;
+}
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-20 05:02:30 +0000