diff options
Diffstat (limited to 'Source/charon/encoding')
| -rw-r--r-- | Source/charon/encoding/message.c | 1 | ||||
| -rw-r--r-- | Source/charon/encoding/parser.c | 5 | ||||
| -rw-r--r-- | Source/charon/encoding/payloads/encryption_payload.c | 1 | ||||
| -rw-r--r-- | Source/charon/encoding/payloads/proposal_substructure.c | 69 | ||||
| -rw-r--r-- | Source/charon/encoding/payloads/proposal_substructure.h | 8 | ||||
| -rw-r--r-- | Source/charon/encoding/payloads/sa_payload.c | 418 | ||||
| -rw-r--r-- | Source/charon/encoding/payloads/sa_payload.h | 10 | ||||
| -rw-r--r-- | Source/charon/encoding/payloads/transform_substructure.c | 2 |
8 files changed, 110 insertions, 404 deletions
diff --git a/Source/charon/encoding/message.c b/Source/charon/encoding/message.c index 2aedf8492..d11bacfd3 100644 --- a/Source/charon/encoding/message.c +++ b/Source/charon/encoding/message.c @@ -759,6 +759,7 @@ static status_t parse_body(private_message_t *this, crypter_t *crypter, signer_t /* parse current payload */ status = this->parser->parse_payload(this->parser,current_payload_type,(payload_t **) ¤t_payload); + if (status != SUCCESS) { this->logger->log(this->logger, ERROR, "Payload type %s could not be parsed", diff --git a/Source/charon/encoding/parser.c b/Source/charon/encoding/parser.c index 83643bf6b..49d432103 100644 --- a/Source/charon/encoding/parser.c +++ b/Source/charon/encoding/parser.c @@ -998,8 +998,9 @@ static status_t parse_payload(private_parser_t *this, payload_type_t payload_typ rule++; } - *payload = pld; - + *payload = pld; + this->logger->log(this->logger, CONTROL|LEVEL2, "parsing %s payload finished.", + mapping_find(payload_type_m, payload_type)); return SUCCESS; } diff --git a/Source/charon/encoding/payloads/encryption_payload.c b/Source/charon/encoding/payloads/encryption_payload.c index 52918df04..bd720ea4f 100644 --- a/Source/charon/encoding/payloads/encryption_payload.c +++ b/Source/charon/encoding/payloads/encryption_payload.c @@ -554,7 +554,6 @@ static status_t parse(private_encryption_payload_t *this) parser->destroy(parser); return PARSE_ERROR; } - status = current_payload->verify(current_payload); if (status != SUCCESS) diff --git a/Source/charon/encoding/payloads/proposal_substructure.c b/Source/charon/encoding/payloads/proposal_substructure.c index 00e093234..1f52281cc 100644 --- a/Source/charon/encoding/payloads/proposal_substructure.c +++ b/Source/charon/encoding/payloads/proposal_substructure.c @@ -406,6 +406,33 @@ static size_t get_spi_size (private_proposal_substructure_t *this) } /** + * Implementation of proposal_substructure_t.add_to_child_proposal. + */ +void add_to_child_proposal(private_proposal_substructure_t *this, child_proposal_t *proposal) +{ + iterator_t *iterator = this->transforms->create_iterator(this->transforms, TRUE); + + proposal->set_spi(proposal, this->protocol_id, *((u_int32_t*)this->spi.ptr)); + + while (iterator->has_next(iterator)) + { + transform_substructure_t *transform; + transform_type_t transform_type; + u_int16_t transform_id; + u_int16_t key_length = 0; + + iterator->current(iterator, (void**)&transform); + + transform_type = transform->get_transform_type(transform); + transform_id = transform->get_transform_id(transform); + transform->get_key_length(transform, &key_length); + + proposal->add_algorithm(proposal, this->protocol_id, transform_type, transform_id, key_length); + } + iterator->destroy(iterator); +} + +/** * Implementation of proposal_substructure_t.clone. */ static private_proposal_substructure_t* clone(private_proposal_substructure_t *this) @@ -498,7 +525,7 @@ proposal_substructure_t *proposal_substructure_create() this->public.get_protocol_id = (u_int8_t (*) (proposal_substructure_t *)) get_protocol_id; this->public.get_info_for_transform_type = (status_t (*) (proposal_substructure_t *,transform_type_t,u_int16_t *, u_int16_t *))get_info_for_transform_type; this->public.set_is_last_proposal = (void (*) (proposal_substructure_t *,bool)) set_is_last_proposal; - + this->public.add_to_child_proposal = (void (*) (proposal_substructure_t*,child_proposal_t*))add_to_child_proposal; this->public.set_spi = (void (*) (proposal_substructure_t *,chunk_t))set_spi; this->public.get_spi = (chunk_t (*) (proposal_substructure_t *)) get_spi; this->public.get_transform_count = (size_t (*) (proposal_substructure_t *)) get_transform_count; @@ -506,7 +533,6 @@ proposal_substructure_t *proposal_substructure_create() this->public.clone = (proposal_substructure_t * (*) (proposal_substructure_t *)) clone; this->public.destroy = (void (*) (proposal_substructure_t *)) destroy; - /* private functions */ this->compute_length = compute_length; @@ -528,25 +554,31 @@ proposal_substructure_t *proposal_substructure_create() /* * Described in header. */ -proposal_substructure_t *proposal_substructure_create_from_child_proposal(child_proposal_t *proposal, protocol_id_t *proto) +proposal_substructure_t *proposal_substructure_create_from_child_proposal(child_proposal_t *proposal, protocol_id_t proto) { private_proposal_substructure_t *this = (private_proposal_substructure_t*)proposal_substructure_create(); iterator_t *iterator; algorithm_t *algo; transform_substructure_t *transform; + /* take over general infos */ + this->spi_size = proto == IKE ? 8 : 4; + this->spi.len = this->spi_size; + this->spi.ptr = allocator_alloc(this->spi_size); + *((u_int32_t*)this->spi.ptr) = proposal->get_spi(proposal, proto); + this->proposal_number = proposal->get_number(proposal); + this->protocol_id = proto; + + /* encryption algorithm is only availble in ESP */ - if (proto == ESP) + iterator = proposal->create_algorithm_iterator(proposal, proto, ENCRYPTION_ALGORITHM); + while (iterator->has_next(iterator)) { - iterator = proposal->create_algorithm_iterator(proposal, proto, ENCRYPTION_ALGORITHM); - while (iterator->has_next(iterator)) - { - iterator->current(iterator, (void**)&algo); - transform = transform_substructure_create_type(ENCRYPTION_ALGORITHM, algo->algorithm, algo->key_size); - this->public.add_transform_substructure(&(this->public), transform); - } - iterator->destroy(iterator); + iterator->current(iterator, (void**)&algo); + transform = transform_substructure_create_type(ENCRYPTION_ALGORITHM, algo->algorithm, algo->key_size); + this->public.add_transform_substructure(&(this->public), transform); } + iterator->destroy(iterator); /* integrity algorithms */ iterator = proposal->create_algorithm_iterator(proposal, proto, INTEGRITY_ALGORITHM); @@ -559,6 +591,17 @@ proposal_substructure_t *proposal_substructure_create_from_child_proposal(child_ } iterator->destroy(iterator); + /* prf algorithms */ + iterator = proposal->create_algorithm_iterator(proposal, proto, PSEUDO_RANDOM_FUNCTION); + while (iterator->has_next(iterator)) + { + algorithm_t *algo; + iterator->current(iterator, (void**)&algo); + transform = transform_substructure_create_type(PSEUDO_RANDOM_FUNCTION, algo->algorithm, algo->key_size); + this->public.add_transform_substructure(&(this->public), transform); + } + iterator->destroy(iterator); + /* dh groups */ iterator = proposal->create_algorithm_iterator(proposal, proto, DIFFIE_HELLMAN_GROUP); while (iterator->has_next(iterator)) @@ -580,4 +623,6 @@ proposal_substructure_t *proposal_substructure_create_from_child_proposal(child_ this->public.add_transform_substructure(&(this->public), transform); } iterator->destroy(iterator); + + return &(this->public); } diff --git a/Source/charon/encoding/payloads/proposal_substructure.h b/Source/charon/encoding/payloads/proposal_substructure.h index afa58516b..0247584bb 100644 --- a/Source/charon/encoding/payloads/proposal_substructure.h +++ b/Source/charon/encoding/payloads/proposal_substructure.h @@ -63,8 +63,8 @@ struct proposal_substructure_t { * When deleting any transform over this iterator, call * get_size to make sure the length and number values are ok. * - * @param this calling proposal_substructure_t object - * @param[in] forward iterator direction (TRUE: front to end) + * @param this calling proposal_substructure_t object + * @param forward iterator direction (TRUE: front to end) * @return created iterator_t object */ iterator_t * (*create_transform_substructure_iterator) (proposal_substructure_t *this, bool forward); @@ -84,7 +84,7 @@ struct proposal_substructure_t { * @brief Sets the proposal number of current proposal. * * @param this calling proposal_substructure_t object - * @param id proposal number to set + * @param id proposal number to set */ void (*set_proposal_number) (proposal_substructure_t *this,u_int8_t proposal_number); @@ -172,6 +172,8 @@ struct proposal_substructure_t { * @param spi chunk_t pointing to the value to set */ void (*set_spi) (proposal_substructure_t *this, chunk_t spi); + + void (*add_to_child_proposal) (proposal_substructure_t *this, child_proposal_t *proposal); /** * @brief Clones an proposal_substructure_t object. diff --git a/Source/charon/encoding/payloads/sa_payload.c b/Source/charon/encoding/payloads/sa_payload.c index b433d67ac..b0b94df20 100644 --- a/Source/charon/encoding/payloads/sa_payload.c +++ b/Source/charon/encoding/payloads/sa_payload.c @@ -150,7 +150,6 @@ static status_t verify(private_sa_payload_t *this) } else if (current_proposal->get_proposal_number(current_proposal) < proposal_number) { - iterator->destroy(iterator); /* must not be smaller then proceeding one */ status = FAILED; break; @@ -263,25 +262,19 @@ static void add_proposal_substructure (private_sa_payload_t *this,proposal_subst static void add_child_proposal(private_sa_payload_t *this, child_proposal_t *proposal) { proposal_substructure_t *substructure; - protocol_id_t proto; + protocol_id_t proto[2]; + u_int i; - /* watch out to build the substructures in the right order */ - proto = proposal->get_first_protocol(proposal); - if (proto != AH && proto != ESP) + /* build the substructures for every protocol */ + proposal->get_protocols(proposal, proto); + for (i = 0; i<2; i++) { - return; - } - substructure = proposal_substructure_create_from_child_proposal(proposal, proto); - add_proposal_substructure(this, substructure); - - /* first is done, now do the (possible) other */ - proto = proposal->get_second_protocol(proposal); - if (proto != AH && proto != ESP) - { - return; + if (proto[i] != UNDEFINED_PROTOCOL_ID) + { + substructure = proposal_substructure_create_from_child_proposal(proposal, proto[i]); + add_proposal_substructure(this, substructure); + } } - substructure = proposal_substructure_create_from_child_proposal(proposal, proto); - add_proposal_substructure(this, substructure); } @@ -422,298 +415,37 @@ static status_t get_ike_proposals (private_sa_payload_t *this,ike_proposal_t ** /** * Implementation of sa_payload_t.get_child_proposals. */ -static status_t get_child_proposals (private_sa_payload_t *this,child_proposal_t ** proposals, size_t *proposal_count) +static linked_list_t *get_child_proposals(private_sa_payload_t *this) { - int found_child_proposals = 0; - int found_suites = 1; - int current_suite_number = 0; - + int proposal_struct_number = 0; iterator_t *iterator; - child_proposal_t *tmp_proposals; - - iterator = this->proposals->create_iterator(this->proposals,TRUE); - - /* first find out the number of child proposals and check their number of transforms and - * if the SPI is 4 byte long!*/ - current_suite_number = 1; - while (iterator->has_next(iterator)) - { - proposal_substructure_t *current_proposal; - iterator->current(iterator,(void **)&(current_proposal)); - if ((current_proposal->get_protocol_id(current_proposal) == AH) || - (current_proposal->get_protocol_id(current_proposal) == ESP)) - { - if (current_proposal->get_spi_size(current_proposal) != 4) - { - iterator->destroy(iterator); - return FAILED; - } - if (current_proposal->get_proposal_number(current_proposal) == (current_suite_number + 1)) - { - found_suites++; - current_suite_number = current_proposal->get_proposal_number(current_proposal); - } - found_child_proposals++; - } - } - iterator->reset(iterator); - - if (found_child_proposals == 0) - { - iterator->destroy(iterator); - return NOT_FOUND; - } - - /* allocate memory to hold each proposal as child_proposal_t */ - - tmp_proposals = allocator_alloc(found_child_proposals * sizeof(child_proposal_t)); + child_proposal_t *proposal; + linked_list_t *proposal_list; - current_suite_number = 1; - tmp_proposals[current_suite_number - 1].ah.extended_sequence_numbers = NO_EXT_SEQ_NUMBERS; - tmp_proposals[current_suite_number - 1].ah.diffie_hellman_group = MODP_UNDEFINED; - tmp_proposals[current_suite_number - 1].ah.integrity_algorithm = AUTH_UNDEFINED; - tmp_proposals[current_suite_number - 1].ah.is_set = FALSE; + /* this list will hold our proposals */ + proposal_list = linked_list_create(); - tmp_proposals[current_suite_number - 1].esp.integrity_algorithm = AUTH_UNDEFINED; - tmp_proposals[current_suite_number - 1].esp.diffie_hellman_group = MODP_UNDEFINED; - tmp_proposals[current_suite_number - 1].esp.extended_sequence_numbers = NO_EXT_SEQ_NUMBERS; - tmp_proposals[current_suite_number - 1].esp.is_set = FALSE; - - /* create from each proposal_substructure a child_proposal_t data area*/ + /* iterate over structures, one OR MORE structures will result in a child_proposal */ + iterator = this->proposals->create_iterator(this->proposals,TRUE); while (iterator->has_next(iterator)) { - proposal_substructure_t *current_proposal; - iterator->current(iterator,(void **)&(current_proposal)); + proposal_substructure_t *proposal_struct; + iterator->current(iterator,(void **)&(proposal_struct)); - if (current_proposal->get_proposal_number(current_proposal) == (current_suite_number + 1)) + if (proposal_struct->get_proposal_number(proposal_struct) > proposal_struct_number) { - current_suite_number++; - if (current_suite_number > found_suites) - { - /* inconsistent situation */ - return FAILED; - } - tmp_proposals[current_suite_number - 1].ah.extended_sequence_numbers = NO_EXT_SEQ_NUMBERS; - tmp_proposals[current_suite_number - 1].ah.diffie_hellman_group = MODP_UNDEFINED; - - tmp_proposals[current_suite_number - 1].esp.integrity_algorithm = AUTH_UNDEFINED; - tmp_proposals[current_suite_number - 1].esp.diffie_hellman_group = MODP_UNDEFINED; - tmp_proposals[current_suite_number - 1].esp.extended_sequence_numbers = NO_EXT_SEQ_NUMBERS; - } - - if (current_proposal->get_protocol_id(current_proposal) == AH) - { - bool integrity_algorithm_found = FALSE; - bool diffie_hellman_group_found = FALSE; - bool extended_sequence_numbers_found = FALSE; - iterator_t *transforms; - status_t status; - - chunk_t spi; - - tmp_proposals[current_suite_number - 1].ah.is_set = TRUE; - - spi = current_proposal->get_spi(current_proposal); - memcpy(tmp_proposals[current_suite_number - 1].ah.spi,spi.ptr,min(spi.len,4)); - - transforms = current_proposal->create_transform_substructure_iterator(current_proposal,TRUE); - while (transforms->has_next(transforms)) - { - transform_substructure_t *current_transform; - transforms->current(transforms,(void **)&(current_transform)); - - switch (current_transform->get_transform_type(current_transform)) - { - case INTEGRITY_ALGORITHM: - { - u_int16_t key_size; - - if (integrity_algorithm_found) - { - transforms->destroy(transforms); - iterator->destroy(iterator); - allocator_free(tmp_proposals); - return FAILED; - } - tmp_proposals[current_suite_number - 1].ah.integrity_algorithm = current_transform->get_transform_id(current_transform); - status = current_transform->get_key_length(current_transform,&key_size); - tmp_proposals[current_suite_number - 1].ah.integrity_algorithm_key_size = key_size; - if (status == SUCCESS) - { - integrity_algorithm_found = TRUE; - } - break; - } - case EXTENDED_SEQUENCE_NUMBERS: - { - if (extended_sequence_numbers_found) - { - transforms->destroy(transforms); - iterator->destroy(iterator); - allocator_free(tmp_proposals); - return FAILED; - } - tmp_proposals[current_suite_number - 1].ah.extended_sequence_numbers = current_transform->get_transform_id(current_transform); - extended_sequence_numbers_found = TRUE; - break; - } - case DIFFIE_HELLMAN_GROUP: - { - if (diffie_hellman_group_found) - { - transforms->destroy(transforms); - iterator->destroy(iterator); - allocator_free(tmp_proposals); - return FAILED; - } - tmp_proposals[current_suite_number - 1].ah.diffie_hellman_group = current_transform->get_transform_id(current_transform); - diffie_hellman_group_found = TRUE; - break; - } - default: - { - /* not a transform of an child proposal. return here */ - transforms->destroy(transforms); - iterator->destroy(iterator); - allocator_free(tmp_proposals); - return FAILED; - } - } - - } - transforms->destroy(transforms); - - if (!integrity_algorithm_found) - { - /* one of needed transforms could not be found */ - iterator->reset(iterator); - allocator_free(tmp_proposals); - return FAILED; - } - } - else if (current_proposal->get_protocol_id(current_proposal) == ESP) - { - bool encryption_algorithm_found = FALSE; - bool integrity_algorithm_found = FALSE; - bool diffie_hellman_group_found = FALSE; - bool extended_sequence_numbers_found = FALSE; - iterator_t *transforms; - status_t status; - chunk_t spi; - - spi = current_proposal->get_spi(current_proposal); - memcpy(tmp_proposals[current_suite_number - 1].esp.spi,spi.ptr,min(spi.len,4)); - tmp_proposals[current_suite_number - 1].esp.is_set = TRUE; - - - transforms = current_proposal->create_transform_substructure_iterator(current_proposal,TRUE); - while (transforms->has_next(transforms)) - { - transform_substructure_t *current_transform; - transforms->current(transforms,(void **)&(current_transform)); - - switch (current_transform->get_transform_type(current_transform)) - { - case ENCRYPTION_ALGORITHM: - { - u_int16_t key_size; - - if (encryption_algorithm_found) - { - transforms->destroy(transforms); - iterator->destroy(iterator); - allocator_free(tmp_proposals); - return FAILED; - } - tmp_proposals[current_suite_number - 1].esp.encryption_algorithm = current_transform->get_transform_id(current_transform); - status = current_transform->get_key_length(current_transform,&key_size); - tmp_proposals[current_suite_number - 1].esp.encryption_algorithm_key_size = key_size; - if (status == SUCCESS) - { - encryption_algorithm_found = TRUE; - } - break; - } - case INTEGRITY_ALGORITHM: - { - u_int16_t key_size; - - if (integrity_algorithm_found) - { - transforms->destroy(transforms); - iterator->destroy(iterator); - allocator_free(tmp_proposals); - return FAILED; - } - tmp_proposals[current_suite_number - 1].esp.integrity_algorithm = current_transform->get_transform_id(current_transform); - status = current_transform->get_key_length(current_transform,&key_size); - tmp_proposals[current_suite_number - 1].esp.integrity_algorithm_key_size = key_size; - if (status == SUCCESS) - { - integrity_algorithm_found = TRUE; - } - break; - } - case EXTENDED_SEQUENCE_NUMBERS: - { - if (extended_sequence_numbers_found) - { - transforms->destroy(transforms); - iterator->destroy(iterator); - allocator_free(tmp_proposals); - return FAILED; - } - tmp_proposals[current_suite_number - 1].esp.extended_sequence_numbers = current_transform->get_transform_id(current_transform); - extended_sequence_numbers_found = TRUE; - break; - } - case DIFFIE_HELLMAN_GROUP: - { - if (diffie_hellman_group_found) - { - transforms->destroy(transforms); - iterator->destroy(iterator); - allocator_free(tmp_proposals); - return FAILED; - } - tmp_proposals[current_suite_number - 1].esp.diffie_hellman_group = current_transform->get_transform_id(current_transform); - diffie_hellman_group_found = TRUE; - break; - } - default: - { - /* not a transform of an child proposal. return here */ - transforms->destroy(transforms); - iterator->destroy(iterator); - allocator_free(tmp_proposals); - return FAILED; - } - } - - } - transforms->destroy(transforms); - - - if (!encryption_algorithm_found) - { - /* one of needed transforms could not be found */ - iterator->reset(iterator); - allocator_free(tmp_proposals); - return FAILED; - } - + /* here starts a new proposal, create a new one and add it to the list */ + proposal_struct_number = proposal_struct->get_proposal_number(proposal_struct); + proposal = child_proposal_create(proposal_struct_number); + proposal_list->insert_last(proposal_list, proposal); } + /* proposal_substructure_t does the dirty work and builds up the proposal */ + proposal_struct->add_to_child_proposal(proposal_struct, proposal); } - - iterator->destroy(iterator); - - *proposals = tmp_proposals; - *proposal_count = found_suites; - - return SUCCESS; + iterator->destroy(iterator); + return proposal_list; } - /** * Implementation of private_sa_payload_t.compute_length. */ @@ -753,7 +485,7 @@ sa_payload_t *sa_payload_create() this->public.create_proposal_substructure_iterator = (iterator_t* (*) (sa_payload_t *,bool)) create_proposal_substructure_iterator; this->public.add_proposal_substructure = (void (*) (sa_payload_t *,proposal_substructure_t *)) add_proposal_substructure; this->public.get_ike_proposals = (status_t (*) (sa_payload_t *, ike_proposal_t **, size_t *)) get_ike_proposals; - this->public.get_child_proposals = (status_t (*) (sa_payload_t *, child_proposal_t **, size_t *)) get_child_proposals; + this->public.get_child_proposals = (linked_list_t* (*) (sa_payload_t *)) get_child_proposals; this->public.destroy = (void (*) (sa_payload_t *)) destroy; /* private functions */ @@ -813,88 +545,18 @@ sa_payload_t *sa_payload_create_from_ike_proposals(ike_proposal_t *proposals, si /* * Described in header. */ -sa_payload_t *sa_payload_create_from_child_proposals(child_proposal_t *proposals, size_t proposal_count) -{ - int i; - sa_payload_t *sa_payload= sa_payload_create(); +sa_payload_t *sa_payload_create_from_child_proposals(linked_list_t *proposals) +{ + iterator_t *iterator; + child_proposal_t *proposal; + sa_payload_t *sa_payload = sa_payload_create(); - for (i = 0; i < proposal_count; i++) + /* add every payload from the list */ + iterator = proposals->create_iterator(proposals, TRUE); + while (iterator->has_next(iterator)) { - /* first the AH part is created */ - if (proposals[i].ah.is_set) - { - transform_substructure_t *integrity_algorithm; - proposal_substructure_t *proposal_substructure; - chunk_t spi; - - proposal_substructure = proposal_substructure_create(); - proposal_substructure->set_protocol_id(proposal_substructure,AH); - proposal_substructure->set_proposal_number(proposal_substructure,(i + 1)); - spi.ptr = proposals[i].ah.spi; - spi.len = 4; - proposal_substructure->set_spi(proposal_substructure,spi); - - integrity_algorithm = transform_substructure_create_type(INTEGRITY_ALGORITHM,proposals[i].ah.integrity_algorithm,proposals[i].ah.integrity_algorithm_key_size); - proposal_substructure->add_transform_substructure(proposal_substructure,integrity_algorithm); - if (proposals[i].ah.diffie_hellman_group != MODP_UNDEFINED) - { - transform_substructure_t *diffie_hellman_group; - diffie_hellman_group = transform_substructure_create_type(DIFFIE_HELLMAN_GROUP,proposals[i].ah.diffie_hellman_group,0); - proposal_substructure->add_transform_substructure(proposal_substructure,diffie_hellman_group); - - } - if (proposals[i].ah.extended_sequence_numbers == EXT_SEQ_NUMBERS) - { - transform_substructure_t *extended_sequence_numbers; - extended_sequence_numbers = transform_substructure_create_type(EXTENDED_SEQUENCE_NUMBERS,proposals[i].ah.extended_sequence_numbers,0); - proposal_substructure->add_transform_substructure(proposal_substructure,extended_sequence_numbers); - } - - sa_payload->add_proposal_substructure(sa_payload,proposal_substructure); - } - - /* then the ESP part is created */ - if (proposals[i].esp.is_set) - { - transform_substructure_t *encryption_algorithm; - proposal_substructure_t *proposal_substructure; - chunk_t spi; - - proposal_substructure = proposal_substructure_create(); - proposal_substructure->set_protocol_id(proposal_substructure,ESP); - proposal_substructure->set_proposal_number(proposal_substructure,(i + 1)); - spi.ptr = proposals[i].esp.spi; - spi.len = 4; - proposal_substructure->set_spi(proposal_substructure,spi); - - encryption_algorithm = transform_substructure_create_type(ENCRYPTION_ALGORITHM,proposals[i].esp.encryption_algorithm,proposals[i].esp.encryption_algorithm_key_size); - proposal_substructure->add_transform_substructure(proposal_substructure,encryption_algorithm); - - if (proposals[i].esp.integrity_algorithm != AUTH_UNDEFINED) - { - transform_substructure_t *integrity_algorithm; - integrity_algorithm = transform_substructure_create_type(INTEGRITY_ALGORITHM,proposals[i].esp.integrity_algorithm,proposals[i].esp.integrity_algorithm_key_size); - proposal_substructure->add_transform_substructure(proposal_substructure,integrity_algorithm); - - } - - if (proposals[i].esp.diffie_hellman_group != MODP_UNDEFINED) - { - transform_substructure_t *diffie_hellman_group; - diffie_hellman_group = transform_substructure_create_type(DIFFIE_HELLMAN_GROUP,proposals[i].esp.diffie_hellman_group,0); - proposal_substructure->add_transform_substructure(proposal_substructure,diffie_hellman_group); - - } - if (proposals[i].esp.extended_sequence_numbers == EXT_SEQ_NUMBERS) - { - transform_substructure_t *extended_sequence_numbers; - extended_sequence_numbers = transform_substructure_create_type(EXTENDED_SEQUENCE_NUMBERS,proposals[i].esp.extended_sequence_numbers,0); - proposal_substructure->add_transform_substructure(proposal_substructure,extended_sequence_numbers); - } - - sa_payload->add_proposal_substructure(sa_payload,proposal_substructure); - } - + iterator->current(iterator, (void**)&proposal); + add_child_proposal((private_sa_payload_t*)sa_payload, proposal); } return sa_payload; diff --git a/Source/charon/encoding/payloads/sa_payload.h b/Source/charon/encoding/payloads/sa_payload.h index 90f57b760..b9ba209cb 100644 --- a/Source/charon/encoding/payloads/sa_payload.h +++ b/Source/charon/encoding/payloads/sa_payload.h @@ -111,14 +111,9 @@ struct sa_payload_t { /** * @brief Creates an array of child_proposal_t's in this SA payload. * - * @param proposals the pointer to the first entry of child_proposal_t's is set - * @param proposal_count the number of found proposals is written at this location - * @return - * - SUCCESS if child proposals could be found - * - NOT_FOUND if no child proposal could be found - * - FAILED if a proposal does not contain all needed transforms + * @return a list containing child_proposal_t s */ - status_t (*get_child_proposals) (sa_payload_t *this, child_proposal_t **proposals, size_t *proposal_count); + linked_list_t *(*get_child_proposals) (sa_payload_t *this); /** * @brief Add a child proposal (AH/ESP) to the payload. @@ -156,5 +151,6 @@ sa_payload_t *sa_payload_create(); */ sa_payload_t *sa_payload_create_from_ike_proposals(ike_proposal_t *proposals, size_t proposal_count); +sa_payload_t *sa_payload_create_from_child_proposals(linked_list_t *proposals); #endif /*SA_PAYLOAD_H_*/ diff --git a/Source/charon/encoding/payloads/transform_substructure.c b/Source/charon/encoding/payloads/transform_substructure.c index ba064c506..e2f368fd8 100644 --- a/Source/charon/encoding/payloads/transform_substructure.c +++ b/Source/charon/encoding/payloads/transform_substructure.c @@ -144,7 +144,7 @@ static status_t verify(private_transform_substructure_t *this) } break; } - case PSEUDO_RANDOM_FUNCTION: + case PSEUDO_RANDOM_FUNCTION: { if ((this->transform_id < PRF_HMAC_MD5) || (this->transform_id > PRF_AES128_CBC)) { |