aboutsummaryrefslogtreecommitdiffstats
path: root/src/charon/encoding
diff options
context:
space:
mode:
Diffstat (limited to 'src/charon/encoding')
-rw-r--r--src/charon/encoding/message.c12
-rw-r--r--src/charon/encoding/payloads/encryption_payload.c8
-rw-r--r--src/charon/encoding/payloads/notify_payload.c25
-rw-r--r--src/charon/encoding/payloads/notify_payload.h8
-rw-r--r--src/charon/encoding/payloads/sa_payload.c24
5 files changed, 43 insertions, 34 deletions
diff --git a/src/charon/encoding/message.c b/src/charon/encoding/message.c
index 0629fb769..ece29094f 100644
--- a/src/charon/encoding/message.c
+++ b/src/charon/encoding/message.c
@@ -966,7 +966,7 @@ static status_t decrypt_payloads(private_message_t *this,crypter_t *crypter, sig
if (payload_number != this->payloads->get_count(this->payloads))
{
/* encrypted payload is not last one */
- this->logger->log(this->logger, ERROR | LEVEL1, "encrypted payload is not last payload");
+ this->logger->log(this->logger, ERROR, "encrypted payload is not last payload");
iterator->destroy(iterator);
return FAILED;
}
@@ -976,7 +976,7 @@ static status_t decrypt_payloads(private_message_t *this,crypter_t *crypter, sig
status = encryption_payload->verify_signature(encryption_payload, this->packet->get_data(this->packet));
if (status != SUCCESS)
{
- this->logger->log(this->logger, ERROR | LEVEL1, "encryption payload signature invalid");
+ this->logger->log(this->logger, ERROR, "encryption payload signature invalid");
iterator->destroy(iterator);
return status;
}
@@ -984,7 +984,7 @@ static status_t decrypt_payloads(private_message_t *this,crypter_t *crypter, sig
status = encryption_payload->decrypt(encryption_payload);
if (status != SUCCESS)
{
- this->logger->log(this->logger, ERROR | LEVEL1,
+ this->logger->log(this->logger, ERROR,
"encrypted payload could not be decrypted and parsed: %s",
mapping_find(status_m, status));
iterator->destroy(iterator);
@@ -1045,7 +1045,7 @@ static status_t decrypt_payloads(private_message_t *this,crypter_t *crypter, sig
if (status != SUCCESS)
{
/* payload is not allowed */
- this->logger->log(this->logger, ERROR | LEVEL1, "payload type %s not allowed",
+ this->logger->log(this->logger, ERROR, "payload type %s not allowed",
mapping_find(payload_type_m,current_payload_type));
iterator->destroy(iterator);
return status;
@@ -1055,7 +1055,7 @@ static status_t decrypt_payloads(private_message_t *this,crypter_t *crypter, sig
if (payload_rule->encrypted != current_payload_was_encrypted)
{
/* payload was not encrypted, but should have been. or vice-versa */
- this->logger->log(this->logger, ERROR | LEVEL1, "payload type %s should be %s!",
+ this->logger->log(this->logger, ERROR, "payload type %s should be %s!",
mapping_find(payload_type_m,current_payload_type),
(payload_rule->encrypted) ? "encrypted" : "not encrypted");
iterator->destroy(iterator);
@@ -1276,7 +1276,7 @@ message_t *message_create_notify_reply(host_t *source, host_t *destination, exch
message->set_message_id(message,0);
message->set_ike_sa_id(message, ike_sa_id);
- payload = notify_payload_create_from_protocol_and_type(PROTO_IKE, notify_type);
+ payload = notify_payload_create_from_protocol_and_type(PROTO_NONE, notify_type);
message->add_payload(message,(payload_t *) payload);
return message;
diff --git a/src/charon/encoding/payloads/encryption_payload.c b/src/charon/encoding/payloads/encryption_payload.c
index 358f371e9..20d733ea1 100644
--- a/src/charon/encoding/payloads/encryption_payload.c
+++ b/src/charon/encoding/payloads/encryption_payload.c
@@ -385,7 +385,7 @@ static status_t decrypt(private_encryption_payload_t *this)
*/
if (concatenated.len < iv.len)
{
- this->logger->log(this->logger, ERROR|LEVEL1, "could not decrypt, invalid input");
+ this->logger->log(this->logger, ERROR, "could not decrypt, invalid input");
return FAILED;
}
@@ -397,7 +397,7 @@ static status_t decrypt(private_encryption_payload_t *this)
status = this->crypter->decrypt(this->crypter, concatenated, iv, &(this->decrypted));
if (status != SUCCESS)
{
- this->logger->log(this->logger, ERROR|LEVEL1, "could not decrypt, decryption failed");
+ this->logger->log(this->logger, ERROR, "could not decrypt, decryption failed");
return FAILED;
}
this->logger->log_chunk(this->logger, RAW|LEVEL2, "data after decryption with padding", this->decrypted);
@@ -412,7 +412,7 @@ static status_t decrypt(private_encryption_payload_t *this)
/* check size again */
if (padding_length > concatenated.len || this->decrypted.len < 0)
{
- this->logger->log(this->logger, ERROR|LEVEL1, "decryption failed, invalid padding length found. Invalid key?");
+ this->logger->log(this->logger, ERROR, "decryption failed, invalid padding length found. Invalid key?");
/* decryption failed :-/ */
return FAILED;
}
@@ -575,7 +575,7 @@ static status_t parse(private_encryption_payload_t *this)
status = current_payload->verify(current_payload);
if (status != SUCCESS)
{
- this->logger->log(this->logger, ERROR|LEVEL1, "%s verification failed: %s",
+ this->logger->log(this->logger, ERROR, "%s verification failed: %s",
mapping_find(payload_type_m,current_payload->get_type(current_payload)),
mapping_find(status_m, status));
current_payload->destroy(current_payload);
diff --git a/src/charon/encoding/payloads/notify_payload.c b/src/charon/encoding/payloads/notify_payload.c
index a09e33778..575b4e5c9 100644
--- a/src/charon/encoding/payloads/notify_payload.c
+++ b/src/charon/encoding/payloads/notify_payload.c
@@ -175,25 +175,24 @@ static status_t verify(private_notify_payload_t *this)
{
switch (this->protocol_id)
{
+ case PROTO_NONE:
case PROTO_IKE:
- if (this->spi.len != 8)
- {
- return FAILED;
- }
break;
case PROTO_AH:
case PROTO_ESP:
if (this->spi.len != 4)
{
+ this->logger->log(this->logger, ERROR, "Invalid SPI size for %s",
+ mapping_find(protocol_id_m, this->protocol_id));
return FAILED;
}
break;
default:
+ this->logger->log(this->logger, ERROR, "Unknown protocol (%d)", this->protocol_id);
return FAILED;
}
-
- /* TODO: Check all kinds of notify */
+ /* TODO: Check all kinds of notify */
if (this->notify_message_type == INVALID_KE_PAYLOAD)
{
/* check notification data */
@@ -316,12 +315,10 @@ static void set_notify_message_type(private_notify_payload_t *this, u_int16_t no
/**
* Implementation of notify_payload_t.get_spi.
*/
-static u_int64_t get_spi(private_notify_payload_t *this)
+static u_int32_t get_spi(private_notify_payload_t *this)
{
switch (this->protocol_id)
{
- case PROTO_IKE:
- return *((u_int64_t*)this->spi.ptr);
case PROTO_AH:
case PROTO_ESP:
return *((u_int32_t*)this->spi.ptr);
@@ -333,15 +330,11 @@ static u_int64_t get_spi(private_notify_payload_t *this)
/**
* Implementation of notify_payload_t.set_spi.
*/
-static void set_spi(private_notify_payload_t *this, u_int64_t spi)
+static void set_spi(private_notify_payload_t *this, u_int32_t spi)
{
chunk_free(&this->spi);
switch (this->protocol_id)
{
- case PROTO_IKE:
- this->spi = chunk_alloc(8);
- *((u_int64_t*)this->spi.ptr) = spi;
- break;
case PROTO_AH:
case PROTO_ESP:
this->spi = chunk_alloc(4);
@@ -422,8 +415,8 @@ notify_payload_t *notify_payload_create()
this->public.set_protocol_id = (void (*) (notify_payload_t *,u_int8_t)) set_protocol_id;
this->public.get_notify_message_type = (notify_message_type_t (*) (notify_payload_t *)) get_notify_message_type;
this->public.set_notify_message_type = (void (*) (notify_payload_t *,notify_message_type_t)) set_notify_message_type;
- this->public.get_spi = (u_int64_t (*) (notify_payload_t *)) get_spi;
- this->public.set_spi = (void (*) (notify_payload_t *,u_int64_t)) set_spi;
+ this->public.get_spi = (u_int32_t (*) (notify_payload_t *)) get_spi;
+ this->public.set_spi = (void (*) (notify_payload_t *,u_int32_t)) set_spi;
this->public.get_notification_data = (chunk_t (*) (notify_payload_t *)) get_notification_data;
this->public.set_notification_data = (void (*) (notify_payload_t *,chunk_t)) set_notification_data;
this->public.destroy = (void (*) (notify_payload_t *)) destroy;
diff --git a/src/charon/encoding/payloads/notify_payload.h b/src/charon/encoding/payloads/notify_payload.h
index ef425f314..e15493691 100644
--- a/src/charon/encoding/payloads/notify_payload.h
+++ b/src/charon/encoding/payloads/notify_payload.h
@@ -131,19 +131,23 @@ struct notify_payload_t {
/**
* @brief Returns the currently set spi of this payload.
+ *
+ * This is only valid for notifys with protocol AH|ESP
*
* @param this calling notify_payload_t object
* @return SPI value
*/
- u_int64_t (*get_spi) (notify_payload_t *this);
+ u_int32_t (*get_spi) (notify_payload_t *this);
/**
* @brief Sets the spi of this payload.
*
+ * This is only valid for notifys with protocol AH|ESP
+ *
* @param this calling notify_payload_t object
* @param spi SPI value
*/
- void (*set_spi) (notify_payload_t *this, u_int64_t spi);
+ void (*set_spi) (notify_payload_t *this, u_int32_t spi);
/**
* @brief Returns the currently set notification data of payload.
diff --git a/src/charon/encoding/payloads/sa_payload.c b/src/charon/encoding/payloads/sa_payload.c
index a54e406a3..0c752b81f 100644
--- a/src/charon/encoding/payloads/sa_payload.c
+++ b/src/charon/encoding/payloads/sa_payload.c
@@ -26,6 +26,7 @@
#include <encoding/payloads/encodings.h>
#include <utils/linked_list.h>
+#include <utils/logger_manager.h>
typedef struct private_sa_payload_t private_sa_payload_t;
@@ -61,6 +62,11 @@ struct private_sa_payload_t {
linked_list_t * proposals;
/**
+ * Logger for error handling
+ */
+ logger_t *logger;
+
+ /**
* @brief Computes the length of this payload.
*
* @param this calling private_sa_payload_t object
@@ -112,7 +118,7 @@ encoding_rule_t sa_payload_encodings[] = {
*/
static status_t verify(private_sa_payload_t *this)
{
- int proposal_number = 1;
+ int expected_number = 1, current_number;
status_t status = SUCCESS;
iterator_t *iterator;
bool first = TRUE;
@@ -124,25 +130,28 @@ static status_t verify(private_sa_payload_t *this)
{
proposal_substructure_t *current_proposal;
iterator->current(iterator,(void **)&current_proposal);
- if (current_proposal->get_proposal_number(current_proposal) > proposal_number)
+ current_number = current_proposal->get_proposal_number(current_proposal);
+ if (current_number > expected_number)
{
if (first)
{
- /* first number must be 1 */
+ this->logger->log(this->logger, ERROR, "first proposal is not proposal #1");
status = FAILED;
break;
}
- if (current_proposal->get_proposal_number(current_proposal) != (proposal_number + 1))
+ if (current_number != (expected_number + 1))
{
- /* must be only one more then previous proposal */
+ this->logger->log(this->logger, ERROR, "proposal number is %d, excepted %d or %d",
+ current_number, expected_number, expected_number + 1);
status = FAILED;
break;
}
}
- else if (current_proposal->get_proposal_number(current_proposal) < proposal_number)
+ else if (current_number < expected_number)
{
/* must not be smaller then proceeding one */
+ this->logger->log(this->logger, ERROR, "proposal number smaller than that of previous proposal");
status = FAILED;
break;
}
@@ -150,9 +159,11 @@ static status_t verify(private_sa_payload_t *this)
status = current_proposal->payload_interface.verify(&(current_proposal->payload_interface));
if (status != SUCCESS)
{
+ this->logger->log(this->logger, ERROR, "proposal substructure verification failed");
break;
}
first = FALSE;
+ expected_number = current_number;
}
iterator->destroy(iterator);
@@ -358,6 +369,7 @@ sa_payload_t *sa_payload_create()
this->critical = FALSE;
this->next_payload = NO_PAYLOAD;
this->payload_length = SA_PAYLOAD_HEADER_LENGTH;
+ this->logger = logger_manager->get_logger(logger_manager, PARSER);
this->proposals = linked_list_create();
return &this->public;
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-14 07:24:59 +0000