diff options
Diffstat (limited to 'Source')
| -rw-r--r-- | Source/charon/Makefile | 4 | ||||
| -rw-r--r-- | Source/charon/daemon.h | 2 | ||||
| -rw-r--r-- | Source/charon/encoding/generator.c | 200 | ||||
| -rw-r--r-- | Source/charon/encoding/message.c | 225 | ||||
| -rw-r--r-- | Source/charon/encoding/message.h | 8 | ||||
| -rw-r--r-- | Source/charon/encoding/parser.c | 11 | ||||
| -rw-r--r-- | Source/charon/encoding/payloads/Makefile.payloads | 4 | ||||
| -rw-r--r-- | Source/charon/encoding/payloads/encodings.h | 7 | ||||
| -rw-r--r-- | Source/charon/sa/ike_sa.c | 2 | ||||
| -rw-r--r-- | Source/charon/sa/states/ike_sa_init_requested.c | 2 | ||||
| -rw-r--r-- | Source/charon/sa/states/initiator_init.c | 2 | ||||
| -rw-r--r-- | Source/charon/sa/states/responder_init.c | 12 | ||||
| -rw-r--r-- | Source/charon/utils/logger_manager.c | 2 |
13 files changed, 272 insertions, 209 deletions
diff --git a/Source/charon/Makefile b/Source/charon/Makefile index 1491efcc2..3da6561bf 100644 --- a/Source/charon/Makefile +++ b/Source/charon/Makefile @@ -21,9 +21,7 @@ LDFLAGS= -lgmp -lpthread CFLAGS+= -Wall \ -DLEAK_DETECTIVE \ -I. \ - -g - -# -Werror + -g #-Werror # objects is extended by each included Makefile OBJS= diff --git a/Source/charon/daemon.h b/Source/charon/daemon.h index 3d83286b1..6e90018c5 100644 --- a/Source/charon/daemon.h +++ b/Source/charon/daemon.h @@ -27,7 +27,7 @@ #define DAEMON_NAME "charon" -#define NUMBER_OF_WORKING_THREADS 4 +#define NUMBER_OF_WORKING_THREADS 1 #define IKEV2_UDP_PORT 500 diff --git a/Source/charon/encoding/generator.c b/Source/charon/encoding/generator.c index 5cb92d8f1..0c32cec12 100644 --- a/Source/charon/encoding/generator.c +++ b/Source/charon/encoding/generator.c @@ -348,111 +348,112 @@ static status_t generate_u_int_type (private_generator_t *this,encoding_type_t i /* now handle each u int type differently */ switch (int_type) { - case U_INT_4: + case U_INT_4: + { + if (this->current_bit == 0) { - if (this->current_bit == 0) - { - /* highval of current byte in buffer has to be set to the new value*/ - u_int8_t high_val = *((u_int8_t *)(this->data_struct + offset)) << 4; - /* lowval in buffer is not changed */ - u_int8_t low_val = *(this->out_position) & 0x0F; - /* highval is set, low_val is not changed */ - *(this->out_position) = high_val | low_val; - this->logger->log(this->logger, RAW|MOST, " => 0x%x", *(this->out_position)); - /* write position is not changed, just bit position is moved */ - this->current_bit = 4; - } - else if (this->current_bit == 4) - { - /* highval in buffer is not changed */ - u_int high_val = *(this->out_position) & 0xF0; - /* lowval of current byte in buffer has to be set to the new value*/ - u_int low_val = *((u_int8_t *)(this->data_struct + offset)) & 0x0F; - *(this->out_position) = high_val | low_val; - this->logger->log(this->logger, RAW|MOST, " => 0x%x", *(this->out_position)); - this->out_position++; - this->current_bit = 0; - - } - else - { - this->logger->log(this->logger, ERROR, "U_INT_4 Type is not 4 Bit aligned"); - /* 4 Bit integers must have a 4 bit alignment */ - return FAILED; - }; - break; + /* highval of current byte in buffer has to be set to the new value*/ + u_int8_t high_val = *((u_int8_t *)(this->data_struct + offset)) << 4; + /* lowval in buffer is not changed */ + u_int8_t low_val = *(this->out_position) & 0x0F; + /* highval is set, low_val is not changed */ + *(this->out_position) = high_val | low_val; + this->logger->log(this->logger, RAW|MOST, " => 0x%x", *(this->out_position)); + /* write position is not changed, just bit position is moved */ + this->current_bit = 4; } - case U_INT_8: + else if (this->current_bit == 4) { - /* 8 bit values are written as they are */ - *this->out_position = *((u_int8_t *)(this->data_struct + offset)); + /* highval in buffer is not changed */ + u_int high_val = *(this->out_position) & 0xF0; + /* lowval of current byte in buffer has to be set to the new value*/ + u_int low_val = *((u_int8_t *)(this->data_struct + offset)) & 0x0F; + *(this->out_position) = high_val | low_val; this->logger->log(this->logger, RAW|MOST, " => 0x%x", *(this->out_position)); this->out_position++; - break; - - } - case ATTRIBUTE_TYPE: - { - /* attribute type must not change first bit uf current byte ! */ - if (this->current_bit != 1) - { - this->logger->log(this->logger, ERROR, "ATTRIBUTE FORMAT flag is not set"); - /* first bit has to be set! */ - return FAILED; - } - /* get value of attribute format flag */ - u_int8_t attribute_format_flag = *(this->out_position) & 0x80; - /* get attribute type value as 16 bit integer*/ - u_int16_t int16_val = htons(*((u_int16_t*)(this->data_struct + offset))); - /* last bit must be unset */ - int16_val = int16_val & 0xFF7F; - - int16_val = int16_val | attribute_format_flag; - this->logger->log(this->logger, RAW|MOST, " => 0x%x", int16_val); - /* write bytes to buffer (set bit is overwritten)*/ - this->write_bytes_to_buffer(this,&int16_val,sizeof(u_int16_t)); this->current_bit = 0; - break; - + } - case U_INT_16: + else { - u_int16_t int16_val = htons(*((u_int16_t*)(this->data_struct + offset))); - this->logger->log_bytes(this->logger, RAW|MOST, " =>", (void*)&int16_val, sizeof(int16_val)); - this->write_bytes_to_buffer(this,&int16_val,sizeof(u_int16_t)); - break; - } - case U_INT_32: - { - u_int32_t int32_val = htonl(*((u_int32_t*)(this->data_struct + offset))); - this->logger->log_bytes(this->logger, RAW|MOST, " =>", (void*)&int32_val, sizeof(int32_val)); - this->write_bytes_to_buffer(this,&int32_val,sizeof(u_int32_t)); - break; - } - case U_INT_64: + this->logger->log(this->logger, ERROR, "U_INT_4 Type is not 4 Bit aligned"); + /* 4 Bit integers must have a 4 bit alignment */ + return FAILED; + }; + break; + } + case U_INT_8: + { + /* 8 bit values are written as they are */ + *this->out_position = *((u_int8_t *)(this->data_struct + offset)); + this->logger->log(this->logger, RAW|MOST, " => 0x%x", *(this->out_position)); + this->out_position++; + break; + + } + case ATTRIBUTE_TYPE: + { + /* attribute type must not change first bit uf current byte ! */ + if (this->current_bit != 1) { - /* 64 bit integers are written as two 32 bit integers */ - u_int32_t int32_val_low = htonl(*((u_int32_t*)(this->data_struct + offset))); - u_int32_t int32_val_high = htonl(*((u_int32_t*)(this->data_struct + offset) + 1)); - this->logger->log_bytes(this->logger, RAW|MOST, " => (low)", (void*)&int32_val_low, sizeof(int32_val_low)); - this->logger->log_bytes(this->logger, RAW|MOST, " => (high)", (void*)&int32_val_high, sizeof(int32_val_high)); - /* TODO add support for big endian machines */ - this->write_bytes_to_buffer(this,&int32_val_high,sizeof(u_int32_t)); - this->write_bytes_to_buffer(this,&int32_val_low,sizeof(u_int32_t)); - break; + this->logger->log(this->logger, ERROR, "ATTRIBUTE FORMAT flag is not set"); + /* first bit has to be set! */ + return FAILED; } + /* get value of attribute format flag */ + u_int8_t attribute_format_flag = *(this->out_position) & 0x80; + /* get attribute type value as 16 bit integer*/ + u_int16_t int16_val = htons(*((u_int16_t*)(this->data_struct + offset))); + /* last bit must be unset */ + int16_val = int16_val & 0xFF7F; - case IKE_SPI: - { - /* 64 bit are written as they come :-) */ - this->write_bytes_to_buffer(this,(this->data_struct + offset),sizeof(u_int64_t)); - this->logger->log_bytes(this->logger, RAW|MOST, " =>", (void*)(this->data_struct + offset), sizeof(u_int64_t)); - break; - } - - default: + int16_val = int16_val | attribute_format_flag; + this->logger->log(this->logger, RAW|MOST, " => 0x%x", int16_val); + /* write bytes to buffer (set bit is overwritten)*/ + this->write_bytes_to_buffer(this,&int16_val,sizeof(u_int16_t)); + this->current_bit = 0; + break; + + } + case U_INT_16: + { + u_int16_t int16_val = htons(*((u_int16_t*)(this->data_struct + offset))); + this->logger->log_bytes(this->logger, RAW|MOST, " =>", (void*)&int16_val, sizeof(int16_val)); + this->write_bytes_to_buffer(this,&int16_val,sizeof(u_int16_t)); + break; + } + case U_INT_32: + { + u_int32_t int32_val = htonl(*((u_int32_t*)(this->data_struct + offset))); + this->logger->log_bytes(this->logger, RAW|MOST, " =>", (void*)&int32_val, sizeof(int32_val)); + this->write_bytes_to_buffer(this,&int32_val,sizeof(u_int32_t)); + break; + } + case U_INT_64: + { + /* 64 bit integers are written as two 32 bit integers */ + u_int32_t int32_val_low = htonl(*((u_int32_t*)(this->data_struct + offset))); + u_int32_t int32_val_high = htonl(*((u_int32_t*)(this->data_struct + offset) + 1)); + this->logger->log_bytes(this->logger, RAW|MOST, " => (low)", (void*)&int32_val_low, sizeof(int32_val_low)); + this->logger->log_bytes(this->logger, RAW|MOST, " => (high)", (void*)&int32_val_high, sizeof(int32_val_high)); + /* TODO add support for big endian machines */ + this->write_bytes_to_buffer(this,&int32_val_high,sizeof(u_int32_t)); + this->write_bytes_to_buffer(this,&int32_val_low,sizeof(u_int32_t)); + break; + } + + case IKE_SPI: + { + /* 64 bit are written as they come :-) */ + this->write_bytes_to_buffer(this,(this->data_struct + offset),sizeof(u_int64_t)); + this->logger->log_bytes(this->logger, RAW|MOST, " =>", (void*)(this->data_struct + offset), sizeof(u_int64_t)); + break; + } + default: + { this->logger->log(this->logger, ERROR, "U_INT Type %s is not supported", mapping_find(encoding_type_m,int_type)); return FAILED; + } } return SUCCESS; } @@ -1037,6 +1038,21 @@ static status_t generate_payload (private_generator_t *this,payload_t *payload) this->logger->log(this->logger, CONTROL|MOST, "attribute value has not fixed size"); /* the attribute value is generated */ status = this->generate_from_chunk(this,rules[i].offset); + if (status != SUCCESS) + { + this->logger->log(this->logger, ERROR, "could not write attribute value from chunk"); + return status; + } + } + break; + } + case ENCRYPTED_DATA: + { + status = this->generate_from_chunk(this, rules[i].offset); + if (status != SUCCESS) + { + this->logger->log(this->logger, ERROR, "could not write encrypted data from chunk"); + return status; } break; } diff --git a/Source/charon/encoding/message.c b/Source/charon/encoding/message.c index 27fd7f5d5..d1fd3a2f3 100644 --- a/Source/charon/encoding/message.c +++ b/Source/charon/encoding/message.c @@ -34,6 +34,7 @@ #include <utils/logger_manager.h> #include <encoding/payloads/encodings.h> #include <encoding/payloads/payload.h> +#include <encoding/payloads/encryption_payload.h> typedef struct supported_payload_entry_t supported_payload_entry_t; @@ -455,7 +456,7 @@ static status_t get_payload_iterator(private_message_t *this, iterator_t **itera * Implements message_t's generate function. * See #message_s.generate. */ -static status_t generate(private_message_t *this, packet_t **packet) +static status_t generate(private_message_t *this, crypter_t *crypter, signer_t* signer, packet_t **packet) { generator_t *generator; ike_header_t *ike_header; @@ -480,14 +481,13 @@ static status_t generate(private_message_t *this, packet_t **packet) return INVALID_STATE; } - + /* build ike header */ ike_header = ike_header_create(); if (ike_header == NULL) { return OUT_OF_RES; } - ike_header->set_exchange_type(ike_header, this->exchange_type); ike_header->set_message_id(ike_header, this->message_id); ike_header->set_response_flag(ike_header, !this->is_request); @@ -509,6 +509,7 @@ static status_t generate(private_message_t *this, packet_t **packet) ike_header->destroy(ike_header); return OUT_OF_RES; } + /* generate every payload, except last one */ while(iterator->has_next(iterator)) { iterator->current(iterator, (void**)&next_payload); @@ -524,7 +525,21 @@ static status_t generate(private_message_t *this, packet_t **packet) } iterator->destroy(iterator); + /* build last payload */ payload->set_next_type(payload, NO_PAYLOAD); + /* if it's an encryption payload, build it first */ + if (payload->get_type(payload) == ENCRYPTED) + { + encryption_payload_t *encryption_payload = (encryption_payload_t*)payload; + encryption_payload->set_signer(encryption_payload, signer); + status = encryption_payload->encrypt(encryption_payload, crypter); + if (status != SUCCESS) + { + generator->destroy(generator); + ike_header->destroy(ike_header); + return status; + } + } status = generator->generate_payload(generator, payload); if (status != SUCCESS) { @@ -532,27 +547,33 @@ static status_t generate(private_message_t *this, packet_t **packet) ike_header->destroy(ike_header); return status; } - ike_header->destroy(ike_header); - - - + + /* build packet */ if (this->packet->data.ptr != NULL) { allocator_free(this->packet->data.ptr); } - status = generator->write_to_chunk(generator, &(this->packet->data)); + generator->destroy(generator); if (status != SUCCESS) { - generator->destroy(generator); return status; } - this->packet->clone(this->packet, packet); - - generator->destroy(generator); + /* append integrity checksum if necessary */ + if (payload->get_type(payload) == ENCRYPTED) + { + encryption_payload_t *encryption_payload = (encryption_payload_t*)payload; + status = encryption_payload->build_signature(encryption_payload, this->packet->data); + if (status != SUCCESS) + { + return status; + } + } + /* colen packet for caller */ + this->packet->clone(this->packet, packet); this->logger->log(this->logger, CONTROL, "message generated successfully"); return SUCCESS; @@ -617,62 +638,54 @@ static status_t parse_header(private_message_t *this) } /** - * Implements message_t's parse_body function. - * See #message_s.parse_body. + * Implements message_t.parse_body. */ -static status_t parse_body (private_message_t *this) +static status_t parse_body(private_message_t *this, crypter_t *crypter, signer_t *signer) { status_t status = SUCCESS; - int i; payload_type_t current_payload_type = this->first_payload; - supported_payload_entry_t *supported_payloads; - size_t supported_payloads_count; - - - this->logger->log(this->logger, CONTROL, "parsing body of message"); - - if (this->get_supported_payloads (this, &supported_payloads, &supported_payloads_count) != SUCCESS) - { - this->logger->log(this->logger, ERROR, "could not get supported payloads"); - return FAILED; - } + this->logger->log(this->logger, CONTROL, "parsing body of message"); + while (current_payload_type != NO_PAYLOAD) { payload_t *current_payload; - bool supported = FALSE; this->logger->log(this->logger, CONTROL|MORE, "start parsing payload of type %s", mapping_find(payload_type_m, current_payload_type)); - for (i = 0; i < supported_payloads_count;i++) - { - if (supported_payloads[i].payload_type == current_payload_type) - { - supported = TRUE; - break; - } - } - if (!supported && (current_payload_type != NO_PAYLOAD)) - { - /* type not supported */ - status = NOT_SUPPORTED; - this->logger->log(this->logger, ERROR, "payload type %s not supported",mapping_find(payload_type_m,current_payload_type)); - break; - } status = this->parser->parse_payload(this->parser,current_payload_type,(payload_t **) ¤t_payload); if (status != SUCCESS) { - this->logger->log(this->logger, ERROR, "payload type %s could not be parsed",mapping_find(payload_type_m,current_payload_type)); - break; + this->logger->log(this->logger, ERROR, "payload type %s could not be parsed",mapping_find(payload_type_m,current_payload_type)); + return status; } status = current_payload->verify(current_payload); if (status != SUCCESS) { - this->logger->log(this->logger, ERROR, "payload type %s could not be verified",mapping_find(payload_type_m,current_payload_type)); + this->logger->log(this->logger, ERROR, "payload type %s could not be verified",mapping_find(payload_type_m,current_payload_type)); status = VERIFY_ERROR; - break; + return status; + } + + /* encrypted payload must be decrypted */ + if (current_payload->get_type(current_payload) == ENCRYPTED) + { + encryption_payload_t *encryption_payload = (encryption_payload_t*)current_payload; + encryption_payload->set_signer(encryption_payload, signer); + status = encryption_payload->verify_signature(encryption_payload, this->packet->data); + if (status != SUCCESS) + { + this->logger->log(this->logger, ERROR, "encryption payload signature invaild"); + return status; + } + status = encryption_payload->decrypt(encryption_payload, crypter); + if (status != SUCCESS) + { + this->logger->log(this->logger, ERROR, "parsing decrypted encryption payload failed"); + return status; + } } /* get next payload type */ @@ -681,75 +694,88 @@ static status_t parse_body (private_message_t *this) status = this->payloads->insert_last(this->payloads,current_payload); if (status != SUCCESS) { - this->logger->log(this->logger, ERROR, "Could not insert current payload to internal list cause of ressource exhausting"); - break; + this->logger->log(this->logger, ERROR, "%s on adding payload", mapping_find(status_m, status)); + return status;; } } + return this->public.verify(&(this->public)); + +} + +/** + * implements message_t.verify + */ +static status_t verify(private_message_t *this) +{ + iterator_t *iterator; + status_t status; + int i; + supported_payload_entry_t *supported_payloads; + size_t supported_payloads_count; + + this->logger->log(this->logger, CONTROL|MORE, "verifying message"); + + status = this->get_supported_payloads(this, &supported_payloads, &supported_payloads_count); if (status != SUCCESS) { - /* already parsed payload is destroyed later in destroy call from outside this object */ + this->logger->log(this->logger, ERROR, "could not get supported payloads: %s"); + return status; } - else - { - iterator_t *iterator; - status = this->payloads->create_iterator(this->payloads,&iterator,TRUE); - if (status != SUCCESS) - { - this->logger->log(this->logger, ERROR, "Could not create iterator to check supported payloads"); - return status; - } + status = this->payloads->create_iterator(this->payloads,&iterator,TRUE); + if (status != SUCCESS) + { + this->logger->log(this->logger, ERROR, "Could not create iterator to check supported payloads"); + return status; + } - /* check for payloads with wrong count*/ - for (i = 0; i < supported_payloads_count;i++) - { - size_t min_occurence = supported_payloads[i].min_occurence; - size_t max_occurence = supported_payloads[i].max_occurence; - payload_type_t payload_type = supported_payloads[i].payload_type; - size_t found_payloads = 0; + /* check for payloads with wrong count*/ + for (i = 0; i < supported_payloads_count;i++) + { + size_t min_occurence = supported_payloads[i].min_occurence; + size_t max_occurence = supported_payloads[i].max_occurence; + payload_type_t payload_type = supported_payloads[i].payload_type; + size_t found_payloads = 0; - iterator->reset(iterator); + iterator->reset(iterator); - while(iterator->has_next(iterator)) + while(iterator->has_next(iterator)) + { + payload_t *current_payload; + status = iterator->current(iterator,(void **)¤t_payload); + if (status != SUCCESS) { - payload_t *current_payload; - status = iterator->current(iterator,(void **)¤t_payload); - if (status != SUCCESS) - { - this->logger->log(this->logger, ERROR, "Could not get payload from internal list"); - iterator->destroy(iterator); - return status; - } - if (current_payload->get_type(current_payload) == payload_type) - { - found_payloads++; - if (found_payloads > max_occurence) - { - this->logger->log(this->logger, ERROR, "Payload of type %s more than %d times (%d) occured in current message", - mapping_find(payload_type_m,current_payload->get_type(current_payload)),max_occurence,found_payloads); - iterator->destroy(iterator); - return NOT_SUPPORTED; - } - } - + this->logger->log(this->logger, ERROR, "Could not get payload from internal list"); + iterator->destroy(iterator); + return OUT_OF_RES; } - if (found_payloads < min_occurence) + if (current_payload->get_type(current_payload) == payload_type) { - this->logger->log(this->logger, ERROR, "Payload of type %s not occured %d times", - mapping_find(payload_type_m,payload_type),min_occurence); + found_payloads++; + if (found_payloads > max_occurence) + { + this->logger->log(this->logger, ERROR, "Payload of type %s more than %d times (%d) occured in current message", + mapping_find(payload_type_m,current_payload->get_type(current_payload)),max_occurence,found_payloads); iterator->destroy(iterator); - return NOT_SUPPORTED; + return NOT_SUPPORTED; + } } - } - iterator->destroy(iterator); + if (found_payloads < min_occurence) + { + this->logger->log(this->logger, ERROR, "Payload of type %s not occured %d times", + mapping_find(payload_type_m,payload_type),min_occurence); + iterator->destroy(iterator); + return NOT_SUPPORTED; + } } - return status; + iterator->destroy(iterator); + + return SUCCESS; } - /** * Implements message_t's destroy function. * See #message_s.destroy. @@ -809,14 +835,15 @@ message_t *message_create_from_packet(packet_t *packet) this->public.set_request = (status_t(*)(message_t*, bool))set_request; this->public.get_request = (bool(*)(message_t*))get_request; this->public.add_payload = (status_t(*)(message_t*,payload_t*))add_payload; - this->public.generate = (status_t (*) (message_t *, packet_t**)) generate; + this->public.generate = (status_t (*) (message_t *,crypter_t*,signer_t*,packet_t**)) generate; this->public.set_source = (status_t (*) (message_t*,host_t*)) set_source; this->public.get_source = (status_t (*) (message_t*,host_t**)) get_source; this->public.set_destination = (status_t (*) (message_t*,host_t*)) set_destination; this->public.get_destination = (status_t (*) (message_t*,host_t**)) get_destination; this->public.get_payload_iterator = (status_t (*) (message_t *, iterator_t **)) get_payload_iterator; - this->public.parse_header = (status_t (*) (message_t *)) parse_header; - this->public.parse_body = (status_t (*) (message_t *)) parse_body; + this->public.parse_header = (status_t (*) (message_t *)) parse_header; + this->public.parse_body = (status_t (*) (message_t *,crypter_t*,signer_t*)) parse_body; + this->public.verify = (status_t (*) (message_t*)) verify; this->public.destroy = (status_t(*)(message_t*))destroy; /* public values */ diff --git a/Source/charon/encoding/message.h b/Source/charon/encoding/message.h index 2b2a14a1c..19c00bb76 100644 --- a/Source/charon/encoding/message.h +++ b/Source/charon/encoding/message.h @@ -28,6 +28,8 @@ #include <network/packet.h> #include <encoding/payloads/ike_header.h> #include <utils/linked_list.h> +#include <transforms/crypters/crypter.h> +#include <transforms/signers/signer.h> typedef struct message_t message_t; @@ -218,7 +220,7 @@ struct message_t { * - PARSE_ERROR if corrupted/invalid data found * - VERIFY_ERROR if verification of some payload failed */ - status_t (*parse_body) (message_t *this); + status_t (*parse_body) (message_t *this, crypter_t *crypter, signer_t *signer); /** * @brief Generates the UDP packet of specific message @@ -229,7 +231,9 @@ struct message_t { * - EXCHANGE_TYPE_NOT_SET if exchange type is currently not set * .... */ - status_t (*generate) (message_t *this, packet_t **packet); + status_t (*generate) (message_t *this, crypter_t *crypter, signer_t *signer, packet_t **packet); + + status_t (*verify) (message_t *this); status_t (*get_source) (message_t *this, host_t **host); status_t (*set_source) (message_t *this, host_t *host); status_t (*get_destination) (message_t *this, host_t **host); diff --git a/Source/charon/encoding/parser.c b/Source/charon/encoding/parser.c index 1b213c047..dad48693e 100644 --- a/Source/charon/encoding/parser.c +++ b/Source/charon/encoding/parser.c @@ -40,6 +40,7 @@ #include <encoding/payloads/ke_payload.h> #include <encoding/payloads/nonce_payload.h> #include <encoding/payloads/notify_payload.h> +#include <encoding/payloads/encryption_payload.h> @@ -836,6 +837,16 @@ static status_t parse_payload(private_parser_t *this, payload_type_t payload_typ } break; } + case ENCRYPTED_DATA: + { + size_t data_length = payload_length - ENCRYPTION_PAYLOAD_HEADER_LENGTH ; + if (this->parse_chunk(this, rule_number, output + rule->offset, data_length) != SUCCESS) + { + pld->destroy(pld); + return PARSE_ERROR; + } + break; + } default: { this->logger->log(this->logger, ERROR, " no rule to parse rule %d %s (%d)", rule_number, mapping_find(encoding_type_m, rule->type), rule->type); diff --git a/Source/charon/encoding/payloads/Makefile.payloads b/Source/charon/encoding/payloads/Makefile.payloads index 2aedd3840..e32dd5b81 100644 --- a/Source/charon/encoding/payloads/Makefile.payloads +++ b/Source/charon/encoding/payloads/Makefile.payloads @@ -53,4 +53,8 @@ $(BUILD_DIR)transform_attribute.o : $(PAYLOADS_DIR)transform_attribute.c $(PAYL OBJS+= $(BUILD_DIR)transform_substructure.o $(BUILD_DIR)transform_substructure.o : $(PAYLOADS_DIR)transform_substructure.c $(PAYLOADS_DIR)transform_substructure.h $(CC) $(CFLAGS) -c -o $@ $< + +OBJS+= $(BUILD_DIR)encryption_payload.o +$(BUILD_DIR)encryption_payload.o : $(PAYLOADS_DIR)encryption_payload.c $(PAYLOADS_DIR)encryption_payload.h + $(CC) $(CFLAGS) -c -o $@ $< diff --git a/Source/charon/encoding/payloads/encodings.h b/Source/charon/encoding/payloads/encodings.h index 25e317549..92fdc77a5 100644 --- a/Source/charon/encoding/payloads/encodings.h +++ b/Source/charon/encoding/payloads/encodings.h @@ -286,7 +286,7 @@ enum encoding_type_t{ */ ATTRIBUTE_LENGTH_OR_VALUE, - /* + /** * Depending on the field of type ATTRIBUTE_FORMAT * this field is available or missing and so parsed/generated * or not parsed/not generated @@ -316,7 +316,10 @@ enum encoding_type_t{ * * When parsing 8 bytes are read and written into the u_int64_t pointing to. */ - IKE_SPI + IKE_SPI, + + ENCRYPTED_DATA, + }; /** diff --git a/Source/charon/sa/ike_sa.c b/Source/charon/sa/ike_sa.c index 914da1e74..cd2a666cb 100644 --- a/Source/charon/sa/ike_sa.c +++ b/Source/charon/sa/ike_sa.c @@ -529,7 +529,7 @@ status_t resend_last_reply (private_ike_sa_t *this) packet_t *packet; status_t status; - status = this->last_responded_message->generate(this->last_responded_message, &packet); + status = this->last_responded_message->generate(this->last_responded_message, NULL, NULL, &packet); if (status != SUCCESS) { this->logger->log(this->logger, ERROR, "Could not generate message to resent"); diff --git a/Source/charon/sa/states/ike_sa_init_requested.c b/Source/charon/sa/states/ike_sa_init_requested.c index fd8032695..2db933681 100644 --- a/Source/charon/sa/states/ike_sa_init_requested.c +++ b/Source/charon/sa/states/ike_sa_init_requested.c @@ -108,7 +108,7 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t } /* parse incoming message */ - status = message->parse_body(message); + status = message->parse_body(message, NULL, NULL); if (status != SUCCESS) { this->logger->log(this->logger, ERROR | MORE, "Could not parse body"); diff --git a/Source/charon/sa/states/initiator_init.c b/Source/charon/sa/states/initiator_init.c index b12078109..68413c119 100644 --- a/Source/charon/sa/states/initiator_init.c +++ b/Source/charon/sa/states/initiator_init.c @@ -239,7 +239,7 @@ static status_t initiate_connection (private_initiator_init_t *this, char *name) /* generate packet */ this->logger->log(this->logger, CONTROL|MOST, "generate packet from message"); - status = message->generate(message, &packet); + status = message->generate(message, NULL, NULL, &packet); if (status != SUCCESS) { this->logger->log(this->logger, ERROR, "Fatal error: could not generate packet from message"); diff --git a/Source/charon/sa/states/responder_init.c b/Source/charon/sa/states/responder_init.c index 8a8e0c6fc..03fd08acc 100644 --- a/Source/charon/sa/states/responder_init.c +++ b/Source/charon/sa/states/responder_init.c @@ -194,7 +194,7 @@ static status_t process_message(private_responder_init_t *this, message_t *messa this->ike_sa->set_other_host(this->ike_sa, other_host); /* parse incoming message */ - status = message->parse_body(message); + status = message->parse_body(message, NULL, NULL); if (status != SUCCESS) { this->logger->log(this->logger, ERROR | MORE, "Could not parse body of request message"); @@ -411,7 +411,7 @@ static status_t process_message(private_responder_init_t *this, message_t *messa return status; } - this ->logger->log(this->logger, CONTROL|MOST, "add SA payload to message"); + this->logger->log(this->logger, CONTROL|MOST, "add SA payload to message"); status = response->add_payload(response, payload); if (status != SUCCESS) { @@ -427,7 +427,7 @@ static status_t process_message(private_responder_init_t *this, message_t *messa return status; } - this ->logger->log(this->logger, CONTROL|MOST, "add KE payload to message"); + this->logger->log(this->logger, CONTROL|MOST, "add KE payload to message"); status = response->add_payload(response, payload); if (status != SUCCESS) { @@ -443,7 +443,7 @@ static status_t process_message(private_responder_init_t *this, message_t *messa return status; } - this ->logger->log(this->logger, CONTROL|MOST, "add nonce payload to message"); + this->logger->log(this->logger, CONTROL|MOST, "add nonce payload to message"); status = response->add_payload(response, payload); if (status != SUCCESS) { @@ -452,8 +452,8 @@ static status_t process_message(private_responder_init_t *this, message_t *messa } /* generate packet */ - this ->logger->log(this->logger, CONTROL|MOST, "generate packet from message"); - status = response->generate(response, &packet); + this->logger->log(this->logger, CONTROL|MOST, "generate packet from message"); + status = response->generate(response, NULL, NULL, &packet); if (status != SUCCESS) { this->logger->log(this->logger, ERROR, "Fatal error: could not generate packet from message"); diff --git a/Source/charon/utils/logger_manager.c b/Source/charon/utils/logger_manager.c index 005e6948b..0207eab24 100644 --- a/Source/charon/utils/logger_manager.c +++ b/Source/charon/utils/logger_manager.c @@ -151,11 +151,11 @@ static logger_t *create_logger(private_logger_manager_t *this, logger_context_t logger_level |= FULL; case IKE_SA_MANAGER: case MESSAGE: + case WORKER: logger_level |= ALL; case PARSER: case GENERATOR: case THREAD_POOL: - case WORKER: case SCHEDULER: case SENDER: case RECEIVER: |