diff options
Diffstat (limited to 'Source/charon/encoding')
| -rw-r--r-- | Source/charon/encoding/message.c | 55 | ||||
| -rw-r--r-- | Source/charon/encoding/payloads/notify_payload.c | 35 | ||||
| -rw-r--r-- | Source/charon/encoding/payloads/notify_payload.h | 47 | ||||
| -rw-r--r-- | Source/charon/encoding/payloads/proposal_substructure.c | 12 | ||||
| -rw-r--r-- | Source/charon/encoding/payloads/proposal_substructure.h | 7 |
5 files changed, 133 insertions, 23 deletions
diff --git a/Source/charon/encoding/message.c b/Source/charon/encoding/message.c index d3b92f3f1..bf33c5067 100644 --- a/Source/charon/encoding/message.c +++ b/Source/charon/encoding/message.c @@ -63,6 +63,11 @@ struct supported_payload_entry_t { * TRUE if payload has to get encrypted */ bool encrypted; + + /** + * Verifying can stop after checking this payload. + */ + bool can_be_last; }; typedef struct message_rule_t message_rule_t; @@ -104,9 +109,9 @@ struct message_rule_t { */ static supported_payload_entry_t supported_ike_sa_init_i_payloads[] = { - {SECURITY_ASSOCIATION,1,1,FALSE}, - {KEY_EXCHANGE,1,1,FALSE}, - {NONCE,1,1,FALSE}, + {SECURITY_ASSOCIATION,1,1,FALSE,FALSE}, + {KEY_EXCHANGE,1,1,FALSE,FALSE}, + {NONCE,1,1,FALSE,FALSE}, }; /** @@ -114,9 +119,10 @@ static supported_payload_entry_t supported_ike_sa_init_i_payloads[] = */ static supported_payload_entry_t supported_ike_sa_init_r_payloads[] = { - {SECURITY_ASSOCIATION,1,1,FALSE}, - {KEY_EXCHANGE,1,1,FALSE}, - {NONCE,1,1,FALSE}, + {NOTIFY,0,1,FALSE,TRUE}, + {SECURITY_ASSOCIATION,1,1,FALSE,FALSE}, + {KEY_EXCHANGE,1,1,FALSE,FALSE}, + {NONCE,1,1,FALSE,FALSE}, }; /** @@ -124,14 +130,14 @@ static supported_payload_entry_t supported_ike_sa_init_r_payloads[] = */ static supported_payload_entry_t supported_ike_auth_i_payloads[] = { - {ID_INITIATOR,1,1,TRUE}, - {CERTIFICATE,0,1,TRUE}, - {CERTIFICATE_REQUEST,0,1,TRUE}, - {ID_RESPONDER,0,1,TRUE}, - {AUTHENTICATION,1,1,TRUE}, - {SECURITY_ASSOCIATION,1,1,TRUE}, - {TRAFFIC_SELECTOR_INITIATOR,1,1,TRUE}, - {TRAFFIC_SELECTOR_RESPONDER,1,1,TRUE}, + {ID_INITIATOR,1,1,TRUE,FALSE}, + {CERTIFICATE,0,1,TRUE,FALSE}, + {CERTIFICATE_REQUEST,0,1,TRUE,FALSE}, + {ID_RESPONDER,0,1,TRUE,FALSE}, + {AUTHENTICATION,1,1,TRUE,FALSE}, + {SECURITY_ASSOCIATION,1,1,TRUE,FALSE}, + {TRAFFIC_SELECTOR_INITIATOR,1,1,TRUE,FALSE}, + {TRAFFIC_SELECTOR_RESPONDER,1,1,TRUE,FALSE}, }; /** @@ -139,12 +145,12 @@ static supported_payload_entry_t supported_ike_auth_i_payloads[] = */ static supported_payload_entry_t supported_ike_auth_r_payloads[] = { - {CERTIFICATE,0,1,TRUE}, - {ID_RESPONDER,0,1,TRUE}, - {AUTHENTICATION,1,1,TRUE}, - {SECURITY_ASSOCIATION,1,1,TRUE}, - {TRAFFIC_SELECTOR_INITIATOR,1,1,TRUE}, - {TRAFFIC_SELECTOR_RESPONDER,1,1,TRUE}, + {CERTIFICATE,0,1,TRUE,FALSE}, + {ID_RESPONDER,0,1,TRUE,FALSE}, + {AUTHENTICATION,1,1,TRUE,FALSE}, + {SECURITY_ASSOCIATION,1,1,TRUE,FALSE}, + {TRAFFIC_SELECTOR_INITIATOR,1,1,TRUE,FALSE}, + {TRAFFIC_SELECTOR_RESPONDER,1,1,TRUE,FALSE}, }; /** @@ -749,6 +755,7 @@ static status_t verify(private_message_t *this) status_t status; iterator_t *iterator; message_rule_t *message_rule; + size_t total_found_payloads = 0; this->logger->log(this->logger, CONTROL|MORE, "Verifying message structure"); @@ -759,7 +766,7 @@ static status_t verify(private_message_t *this) mapping_find(exchange_type_m,this->exchange_type)); return status; } - + iterator = this->payloads->create_iterator(this->payloads,TRUE); /* check for payloads with wrong count*/ for (i = 0; i < message_rule->supported_payloads_count;i++) @@ -776,6 +783,7 @@ static status_t verify(private_message_t *this) if (current_payload->get_type(current_payload) == message_rule->supported_payloads[i].payload_type) { found_payloads++; + total_found_payloads++; this->logger->log(this->logger, CONTROL | MOST, "Found payload of type %s", mapping_find(payload_type_m,message_rule->supported_payloads[i].payload_type)); @@ -798,6 +806,11 @@ static status_t verify(private_message_t *this) iterator->destroy(iterator); return NOT_SUPPORTED; } + if ((message_rule->supported_payloads[i].can_be_last) && (this->payloads->get_count(this->payloads) == total_found_payloads)) + { + iterator->destroy(iterator); + return SUCCESS; + } } iterator->destroy(iterator); diff --git a/Source/charon/encoding/payloads/notify_payload.c b/Source/charon/encoding/payloads/notify_payload.c index 31e02d2d6..3bbc44df0 100644 --- a/Source/charon/encoding/payloads/notify_payload.c +++ b/Source/charon/encoding/payloads/notify_payload.c @@ -28,6 +28,27 @@ #include <encoding/payloads/encodings.h> #include <utils/allocator.h> +/** + * String mappings for notify_message_type_t. + */ +mapping_t notify_message_type_m[] = { + {UNSUPPORTED_CRITICAL_PAYLOAD, "UNSUPPORTED_CRITICAL_PAYLOAD"}, + {INVALID_IKE_SPI, "INVALID_IKE_SPI"}, + {INVALID_MAJOR_VERSION, "INVALID_MAJOR_VERSION"}, + {INVALID_SYNTAX, "INVALID_SYNTAX"}, + {INVALID_MESSAGE_ID, "MODP_2048_BIT"}, + {INVALID_SPI, "INVALID_SPI"}, + {NO_PROPOSAL_CHOSEN, "NO_PROPOSAL_CHOSEN"}, + {INVALID_KE_PAYLOAD, "INVALID_KE_PAYLOAD"}, + {AUTHENTICATION_FAILED, "AUTHENTICATION_FAILED"}, + {SINGLE_PAIR_REQUIRED, "SINGLE_PAIR_REQUIRED"}, + {NO_ADDITIONAL_SAS, "NO_ADDITIONAL_SAS"}, + {INTERNAL_ADDRESS_FAILURE, "INTERNAL_ADDRESS_FAILURE"}, + {FAILED_CP_REQUIRED, "FAILED_CP_REQUIRED"}, + {TS_UACCEPTABLE, "TS_UACCEPTABLE"}, + {INVALID_SELECTORS, "INVALID_SELECTORS"}, + {MAPPING_END, NULL} +}; typedef struct private_notify_payload_t private_notify_payload_t; @@ -176,7 +197,7 @@ static void get_encoding_rules(private_notify_payload_t *this, encoding_rule_t * */ static payload_type_t get_type(private_notify_payload_t *this) { - return KEY_EXCHANGE; + return NOTIFY; } /** @@ -378,3 +399,15 @@ notify_payload_t *notify_payload_create() return (&(this->public)); } +/* + * Described in header. + */ +notify_payload_t *notify_payload_create_from_protocol_and_type(protocol_id_t protocol_id, notify_message_type_t notify_message_type) +{ + notify_payload_t *notify = notify_payload_create(); + + notify->set_notify_message_type(notify,notify_message_type); + notify->set_protocol_id(notify,protocol_id); + + return notify; +} diff --git a/Source/charon/encoding/payloads/notify_payload.h b/Source/charon/encoding/payloads/notify_payload.h index 19dd14ef0..e877e07c7 100644 --- a/Source/charon/encoding/payloads/notify_payload.h +++ b/Source/charon/encoding/payloads/notify_payload.h @@ -26,6 +26,7 @@ #include <types.h> #include <encoding/payloads/payload.h> +#include <encoding/payloads/proposal_substructure.h> #include <utils/linked_list.h> /** @@ -42,6 +43,41 @@ */ #define NOTIFY_PAYLOAD_HEADER_LENGTH 8 +typedef enum notify_message_type_t notify_message_type_t; + + +/** + * @brief Notify message types. + * + * Ssee IKEv2 draft 3.10.1. + * + * @ingroup payloads + */ +enum notify_message_type_t { + UNSUPPORTED_CRITICAL_PAYLOAD = 1, + INVALID_IKE_SPI = 4, + INVALID_MAJOR_VERSION = 5, + INVALID_SYNTAX = 7, + INVALID_MESSAGE_ID = 9, + INVALID_SPI = 11, + NO_PROPOSAL_CHOSEN = 14, + INVALID_KE_PAYLOAD = 17, + AUTHENTICATION_FAILED = 24, + SINGLE_PAIR_REQUIRED = 34, + NO_ADDITIONAL_SAS = 35, + INTERNAL_ADDRESS_FAILURE = 36, + FAILED_CP_REQUIRED = 37, + TS_UACCEPTABLE = 38, + INVALID_SELECTORS = 39 +}; + +/** + * String mappings for notify_message_type_t. + */ +extern mapping_t notify_message_type_m[]; + + + typedef struct notify_payload_t notify_payload_t; /** @@ -147,5 +183,16 @@ struct notify_payload_t { */ notify_payload_t *notify_payload_create(); +/** + * @brief Creates an notify_payload_t object of specific type for specific protocol id. + * + * @param protocol_id protocol id (IKE, AH or ESP) + * @param notify_message_type notify type (see notify_message_type_t) + * @return created notify_payload_t object + * + * @ingroup payloads + */ +notify_payload_t *notify_payload_create_from_protocol_and_type(protocol_id_t protocol_id, notify_message_type_t notify_message_type); + #endif /*NOTIFY_PAYLOAD_H_*/ diff --git a/Source/charon/encoding/payloads/proposal_substructure.c b/Source/charon/encoding/payloads/proposal_substructure.c index 05b375ef9..e207e77e8 100644 --- a/Source/charon/encoding/payloads/proposal_substructure.c +++ b/Source/charon/encoding/payloads/proposal_substructure.c @@ -31,6 +31,18 @@ #include <utils/allocator.h> #include <utils/linked_list.h> +/** + * String mappings for protocol_id_t. + */ +mapping_t protocol_id_m[] = { + {UNDEFINED_PROTOCOL_ID, "UNDEFINED_PROTOCOL_ID"}, + {IKE, "IKE"}, + {AH, "AH"}, + {ESP, "ESP"}, + {MAPPING_END, NULL} +}; + + typedef struct private_proposal_substructure_t private_proposal_substructure_t; /** diff --git a/Source/charon/encoding/payloads/proposal_substructure.h b/Source/charon/encoding/payloads/proposal_substructure.h index a2015fbfe..736987fc8 100644 --- a/Source/charon/encoding/payloads/proposal_substructure.h +++ b/Source/charon/encoding/payloads/proposal_substructure.h @@ -56,7 +56,12 @@ enum protocol_id_t { IKE = 1, AH = 2, ESP = 3, -}; +}; + +/** + * String mappings for protocol_id_t. + */ +extern mapping_t protocol_id_m[]; typedef struct proposal_substructure_t proposal_substructure_t; |