aboutsummaryrefslogtreecommitdiffstats
path: root/Source/charon/sa
diff options
context:
space:
mode:
Diffstat (limited to 'Source/charon/sa')
-rw-r--r--Source/charon/sa/states/ike_sa_init_requested.c2
-rw-r--r--Source/charon/sa/states/ike_sa_init_responded.c174
2 files changed, 109 insertions, 67 deletions
diff --git a/Source/charon/sa/states/ike_sa_init_requested.c b/Source/charon/sa/states/ike_sa_init_requested.c
index dc68fb943..5f6679f63 100644
--- a/Source/charon/sa/states/ike_sa_init_requested.c
+++ b/Source/charon/sa/states/ike_sa_init_requested.c
@@ -352,7 +352,7 @@ static void build_id_payload (private_ike_sa_init_requested_t *this, payload_t *
/* TODO configuration manager request */
id_payload->set_id_type(id_payload,ID_RFC822_ADDR);
email.ptr = "moerdi@hsr.ch";
- email.len = strlen(email.ptr);
+ email.len = strlen(email.ptr)+1;
this->logger->log_chunk(this->logger, CONTROL, "Moerdi",&email);
id_payload->set_data(id_payload,email);
diff --git a/Source/charon/sa/states/ike_sa_init_responded.c b/Source/charon/sa/states/ike_sa_init_responded.c
index 34bc1dbda..cd44fafca 100644
--- a/Source/charon/sa/states/ike_sa_init_responded.c
+++ b/Source/charon/sa/states/ike_sa_init_responded.c
@@ -22,7 +22,12 @@
#include "ike_sa_init_responded.h"
+#include <daemon.h>
#include <utils/allocator.h>
+#include <encoding/payloads/ts_payload.h>
+#include <encoding/payloads/sa_payload.h>
+#include <encoding/payloads/id_payload.h>
+#include <encoding/payloads/auth_payload.h>
#include <transforms/signers/signer.h>
#include <transforms/crypters/crypter.h>
@@ -78,9 +83,12 @@ static status_t process_message(private_ike_sa_init_responded_t *this, message_t
status_t status;
signer_t *signer;
crypter_t *crypter;
- iterator_t *payloads;
+ iterator_t *payloads, *iterator;
exchange_type_t exchange_type;
-
+ id_payload_t *idi_payload, *idr_payload;
+ auth_payload_t *auth_payload;
+ sa_payload_t *sa_payload;
+ ts_payload_t *tsi_payload, *tsr_payload;
exchange_type = message->get_exchange_type(message);
if (exchange_type != IKE_AUTH)
@@ -96,7 +104,6 @@ static status_t process_message(private_ike_sa_init_responded_t *this, message_t
return FAILED;
}
-
/* get signer for verification and crypter for decryption */
signer = this->ike_sa->get_signer_initiator(this->ike_sa);
crypter = this->ike_sa->get_crypter_initiator(this->ike_sa);
@@ -109,77 +116,59 @@ static status_t process_message(private_ike_sa_init_responded_t *this, message_t
return status;
}
- /* iterate over incoming payloads. We can be sure, the message contains only accepted payloads! */
+ /* iterate over incoming payloads. Message is verified, we can be sure there are the required payloads */
payloads = message->get_payload_iterator(message);
-
while (payloads->has_next(payloads))
{
payload_t *payload;
-
- /* get current payload */
payloads->current(payloads, (void**)&payload);
- this->logger->log(this->logger, CONTROL|MORE, "Processing payload of type %s", mapping_find(payload_type_m, payload->get_type(payload)));
switch (payload->get_type(payload))
{
-// case SECURITY_ASSOCIATION:
-// {
-// sa_payload_t *sa_payload = (sa_payload_t*)payload;
-// iterator_t *suggested_proposals, *accepted_proposals;
-// proposal_substructure_t *accepted_proposal;
-//
-// accepted_proposals = this->proposals->create_iterator(this->proposals, FALSE);
-//
-// /* get the list of suggested proposals */
-// suggested_proposals = sa_payload->create_proposal_substructure_iterator(sa_payload, TRUE);
-//
-// /* now let the configuration-manager select a subset of the proposals */
-// status = charon->configuration_manager->select_proposals_for_host(charon->configuration_manager,
-// this->ike_sa->get_other_host(this->ike_sa), suggested_proposals, accepted_proposals);
-// if (status != SUCCESS)
-// {
-// this->logger->log(this->logger, CONTROL | MORE, "No proposal of suggested proposals selected");
-// suggested_proposals->destroy(suggested_proposals);
-// accepted_proposals->destroy(accepted_proposals);
-// payloads->destroy(payloads);
-// return status;
-// }
-//
-// /* iterators are not needed anymore */
-// suggested_proposals->destroy(suggested_proposals);
-//
-// /* let the ike_sa create their own transforms from proposal informations */
-// accepted_proposals->reset(accepted_proposals);
-// /* TODO check for true*/
-// accepted_proposals->has_next(accepted_proposals);
-// status = accepted_proposals->current(accepted_proposals,(void **)&accepted_proposal);
-// if (status != SUCCESS)
-// {
-// this->logger->log(this->logger, ERROR | MORE, "Accepted proposals not supported?!");
-// accepted_proposals->destroy(accepted_proposals);
-// payloads->destroy(payloads);
-// return status;
-// }
-//
-// status = this->ike_sa->create_transforms_from_proposal(this->ike_sa,accepted_proposal);
-// accepted_proposals->destroy(accepted_proposals);
-// if (status != SUCCESS)
-// {
-// this->logger->log(this->logger, ERROR | MORE, "Transform objects could not be created from selected proposal");
-// payloads->destroy(payloads);
-// return status;
-// }
-//
-// this->logger->log(this->logger, CONTROL | MORE, "SA Payload processed");
-// /* ok, we have what we need for sa_payload (proposals are stored in this->proposals)*/
-// break;
-// }
-
+ case ID_INITIATOR:
+ {
+ idi_payload = (id_payload_t*)payload;
+ break;
+ }
+ case AUTHENTICATION:
+ {
+ auth_payload = (auth_payload_t*)payload;
+ break;
+ }
+ case ID_RESPONDER:
+ {
+ /* TODO handle idr payloads */
+ break;
+ }
+ case SECURITY_ASSOCIATION:
+ {
+ sa_payload = (sa_payload_t*)payload;
+ break;
+ }
+ case CERTIFICATE:
+ {
+ /* TODO handle cert payloads */
+ break;
+ }
+ case CERTIFICATE_REQUEST:
+ {
+ /* TODO handle certrequest payloads */
+ break;
+ }
+ case TRAFFIC_SELECTOR_INITIATOR:
+ {
+ tsi_payload = (ts_payload_t*)payload;
+ break;
+ }
+ case TRAFFIC_SELECTOR_RESPONDER:
+ {
+ tsr_payload = (ts_payload_t*)payload;
+ break;
+ }
default:
{
- this->logger->log(this->logger, ERROR | MORE, "Payload type not supported!");
- payloads->destroy(payloads);
- return NOT_SUPPORTED;
+ /* can't happen, since message is verified */
+ break;
}
}
}
@@ -187,11 +176,64 @@ static status_t process_message(private_ike_sa_init_responded_t *this, message_t
payloads->destroy(payloads);
+ /*
+ * ID Payload
+ */
+ this->logger->log(this->logger, CONTROL|MOST, "type of IDi is %s",
+ mapping_find(id_type_m, idi_payload->get_id_type(idi_payload)));
+ chunk_t data = idi_payload->get_data(idi_payload);
+
+ this->logger->log(this->logger, CONTROL|MOST, "data of IDi is %s",
+ data.ptr);
+
+// charon->configuration_manager->get_my_default_id(charon->configuration_manager, id
+//
+//
+//
+//
+// this->logger->log(this->logger, CONTROL|MOST, "type of AUTH is %s",
+// mapping_find(auth_method_m, auth_payload->get_auth_method(auth_payload)));
+//
+// /* get the list of suggested proposals */
+// suggested_proposals = sa_payload->create_proposal_substructure_iterator(sa_payload, TRUE);
+//
+// /* now let the configuration-manager select a subset of the proposals */
+// status = charon->configuration_manager->select_proposals_for_host(charon->configuration_manager,
+// this->ike_sa->get_other_host(this->ike_sa), suggested_proposals, accepted_proposals);
+//
+
+// iterator = tsi_payload->create_traffic_selector_substructure_iterator(tsi_payload, TRUE);
+// while (iterator->has_next(iterator))
+// {
+// traffic_selector_substructure_t *ts;
+// iterator->current(iterator, (void**)ts);
+// this->logger->log(this->logger, CONTROL|MOST, "type of TSi is %s",
+// mapping_find(ts_type_m, ts->get_ts_type(ts)));
+//
+// }
+// iterator->destroy(iterator);
+//
+// iterator = tsr_payload->create_traffic_selector_substructure_iterator(tsr_payload, TRUE);
+// while (iterator->has_next(iterator))
+// {
+// traffic_selector_substructure_t *ts;
+// iterator->current(iterator, (void**)ts);
+// this->logger->log(this->logger, CONTROL|MOST, "type of TSr is %s",
+// mapping_find(ts_type_m, ts->get_ts_type(ts)));
+//
+// }
+// iterator->destroy(iterator);
+
+
this->logger->log(this->logger, CONTROL | MORE, "Request successfully handled. Going to create reply.");
-
- this->logger->log(this->logger, CONTROL | MOST, "Going to create nonce.");
+ return SUCCESS;
+}
+
+
+static status_t build_id_payload(private_ike_sa_init_responded_t *this, id_payload_t *id_payload)
+{
return SUCCESS;
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-23 22:26:53 +0000