aboutsummaryrefslogtreecommitdiffstats
path: root/Source
diff options
context:
space:
mode:
Diffstat (limited to 'Source')
-rw-r--r--Source/charon/encoding/message.c8
-rw-r--r--Source/charon/sa/states/ike_sa_init_responded.c120
2 files changed, 125 insertions, 3 deletions
diff --git a/Source/charon/encoding/message.c b/Source/charon/encoding/message.c
index e7b773eec..b06850b23 100644
--- a/Source/charon/encoding/message.c
+++ b/Source/charon/encoding/message.c
@@ -153,8 +153,8 @@ static supported_payload_entry_t supported_ike_auth_r_payloads[] =
static message_rule_t message_rules[] = {
{IKE_SA_INIT,TRUE,FALSE,(sizeof(supported_ike_sa_init_i_payloads)/sizeof(supported_payload_entry_t)),supported_ike_sa_init_i_payloads},
{IKE_SA_INIT,FALSE,FALSE,(sizeof(supported_ike_sa_init_r_payloads)/sizeof(supported_payload_entry_t)),supported_ike_sa_init_r_payloads},
- {IKE_AUTH,TRUE,FALSE,(sizeof(supported_ike_auth_i_payloads)/sizeof(supported_payload_entry_t)),supported_ike_auth_i_payloads},
- {IKE_AUTH,FALSE,FALSE,(sizeof(supported_ike_auth_r_payloads)/sizeof(supported_payload_entry_t)),supported_ike_auth_r_payloads}
+ {IKE_AUTH,TRUE,TRUE,(sizeof(supported_ike_auth_i_payloads)/sizeof(supported_payload_entry_t)),supported_ike_auth_i_payloads},
+ {IKE_AUTH,FALSE,TRUE,(sizeof(supported_ike_auth_r_payloads)/sizeof(supported_payload_entry_t)),supported_ike_auth_r_payloads}
};
typedef struct payload_entry_t payload_entry_t;
@@ -869,7 +869,9 @@ static status_t decrypt_payloads (private_message_t *this,crypter_t *crypter, si
if (payload_entry->encrypted != current_payload_was_encrypted)
{
/* payload type not supported */
- this->logger->log(this->logger, ERROR | MORE, "Payload type %s should be %s!",(payload_entry->encrypted) ? "encrypted": "not encrypted");
+ this->logger->log(this->logger, ERROR | MORE, "Payload type %s should be %s!",
+ mapping_find(payload_type_m,current_payload->get_type(current_payload)),
+ (payload_entry->encrypted) ? "encrypted": "not encrypted");
iterator->destroy(iterator);
return status;
}
diff --git a/Source/charon/sa/states/ike_sa_init_responded.c b/Source/charon/sa/states/ike_sa_init_responded.c
index 8725a001a..34bc1dbda 100644
--- a/Source/charon/sa/states/ike_sa_init_responded.c
+++ b/Source/charon/sa/states/ike_sa_init_responded.c
@@ -23,6 +23,8 @@
#include "ike_sa_init_responded.h"
#include <utils/allocator.h>
+#include <transforms/signers/signer.h>
+#include <transforms/crypters/crypter.h>
typedef struct private_ike_sa_init_responded_t private_ike_sa_init_responded_t;
@@ -73,6 +75,124 @@ struct private_ike_sa_init_responded_t {
*/
static status_t process_message(private_ike_sa_init_responded_t *this, message_t *message)
{
+ status_t status;
+ signer_t *signer;
+ crypter_t *crypter;
+ iterator_t *payloads;
+ exchange_type_t exchange_type;
+
+
+ exchange_type = message->get_exchange_type(message);
+ if (exchange_type != IKE_AUTH)
+ {
+ this->logger->log(this->logger, ERROR | MORE, "Message of type %s not supported in state ike_sa_init_responded",
+ mapping_find(exchange_type_m,exchange_type));
+ return FAILED;
+ }
+
+ if (!message->get_request(message))
+ {
+ this->logger->log(this->logger, ERROR | MORE, "Only requests of type IKE_AUTH supported in state ike_sa_init_responded");
+ return FAILED;
+ }
+
+
+ /* get signer for verification and crypter for decryption */
+ signer = this->ike_sa->get_signer_initiator(this->ike_sa);
+ crypter = this->ike_sa->get_crypter_initiator(this->ike_sa);
+
+ /* parse incoming message */
+ status = message->parse_body(message, crypter, signer);
+ if (status != SUCCESS)
+ {
+ this->logger->log(this->logger, ERROR | MORE, "Could not parse body of request message");
+ return status;
+ }
+
+ /* iterate over incoming payloads. We can be sure, the message contains only accepted payloads! */
+ payloads = message->get_payload_iterator(message);
+
+ while (payloads->has_next(payloads))
+ {
+ payload_t *payload;
+
+ /* get current payload */
+ payloads->current(payloads, (void**)&payload);
+
+ this->logger->log(this->logger, CONTROL|MORE, "Processing payload of type %s", mapping_find(payload_type_m, payload->get_type(payload)));
+ switch (payload->get_type(payload))
+ {
+// case SECURITY_ASSOCIATION:
+// {
+// sa_payload_t *sa_payload = (sa_payload_t*)payload;
+// iterator_t *suggested_proposals, *accepted_proposals;
+// proposal_substructure_t *accepted_proposal;
+//
+// accepted_proposals = this->proposals->create_iterator(this->proposals, FALSE);
+//
+// /* get the list of suggested proposals */
+// suggested_proposals = sa_payload->create_proposal_substructure_iterator(sa_payload, TRUE);
+//
+// /* now let the configuration-manager select a subset of the proposals */
+// status = charon->configuration_manager->select_proposals_for_host(charon->configuration_manager,
+// this->ike_sa->get_other_host(this->ike_sa), suggested_proposals, accepted_proposals);
+// if (status != SUCCESS)
+// {
+// this->logger->log(this->logger, CONTROL | MORE, "No proposal of suggested proposals selected");
+// suggested_proposals->destroy(suggested_proposals);
+// accepted_proposals->destroy(accepted_proposals);
+// payloads->destroy(payloads);
+// return status;
+// }
+//
+// /* iterators are not needed anymore */
+// suggested_proposals->destroy(suggested_proposals);
+//
+// /* let the ike_sa create their own transforms from proposal informations */
+// accepted_proposals->reset(accepted_proposals);
+// /* TODO check for true*/
+// accepted_proposals->has_next(accepted_proposals);
+// status = accepted_proposals->current(accepted_proposals,(void **)&accepted_proposal);
+// if (status != SUCCESS)
+// {
+// this->logger->log(this->logger, ERROR | MORE, "Accepted proposals not supported?!");
+// accepted_proposals->destroy(accepted_proposals);
+// payloads->destroy(payloads);
+// return status;
+// }
+//
+// status = this->ike_sa->create_transforms_from_proposal(this->ike_sa,accepted_proposal);
+// accepted_proposals->destroy(accepted_proposals);
+// if (status != SUCCESS)
+// {
+// this->logger->log(this->logger, ERROR | MORE, "Transform objects could not be created from selected proposal");
+// payloads->destroy(payloads);
+// return status;
+// }
+//
+// this->logger->log(this->logger, CONTROL | MORE, "SA Payload processed");
+// /* ok, we have what we need for sa_payload (proposals are stored in this->proposals)*/
+// break;
+// }
+
+ default:
+ {
+ this->logger->log(this->logger, ERROR | MORE, "Payload type not supported!");
+ payloads->destroy(payloads);
+ return NOT_SUPPORTED;
+ }
+ }
+ }
+ /* iterator can be destroyed */
+ payloads->destroy(payloads);
+
+
+
+ this->logger->log(this->logger, CONTROL | MORE, "Request successfully handled. Going to create reply.");
+
+ this->logger->log(this->logger, CONTROL | MOST, "Going to create nonce.");
+
+
return SUCCESS;
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-23 16:08:31 +0000