aboutsummaryrefslogtreecommitdiffstats
path: root/src/charon/encoding
diff options
context:
space:
mode:
Diffstat (limited to 'src/charon/encoding')
-rw-r--r--src/charon/encoding/payloads/encryption_payload.c5
-rw-r--r--src/charon/encoding/payloads/proposal_substructure.c15
-rw-r--r--src/charon/encoding/payloads/sa_payload.c2
-rw-r--r--src/charon/encoding/payloads/transform_substructure.c80
4 files changed, 36 insertions, 66 deletions
diff --git a/src/charon/encoding/payloads/encryption_payload.c b/src/charon/encoding/payloads/encryption_payload.c
index 026603a9a..caf34fbaa 100644
--- a/src/charon/encoding/payloads/encryption_payload.c
+++ b/src/charon/encoding/payloads/encryption_payload.c
@@ -576,9 +576,8 @@ static status_t parse(private_encryption_payload_t *this)
status = current_payload->verify(current_payload);
if (status != SUCCESS)
{
- this->logger->log(this->logger, ERROR, "%s verification failed: %s",
- mapping_find(payload_type_m,current_payload->get_type(current_payload)),
- mapping_find(status_m, status));
+ this->logger->log(this->logger, ERROR, "%s verification failed",
+ mapping_find(payload_type_m,current_payload->get_type(current_payload)));
current_payload->destroy(current_payload);
parser->destroy(parser);
return VERIFY_ERROR;
diff --git a/src/charon/encoding/payloads/proposal_substructure.c b/src/charon/encoding/payloads/proposal_substructure.c
index d97763360..cf4e413ea 100644
--- a/src/charon/encoding/payloads/proposal_substructure.c
+++ b/src/charon/encoding/payloads/proposal_substructure.c
@@ -29,6 +29,7 @@
#include <encoding/payloads/transform_substructure.h>
#include <types.h>
#include <utils/linked_list.h>
+#include <utils/logger_manager.h>
/**
@@ -90,6 +91,11 @@ struct private_proposal_substructure_t {
linked_list_t * transforms;
/**
+ * assigned logger
+ */
+ logger_t *logger;
+
+ /**
* @brief Computes the length of this substructure.
*
* @param this calling private_proposal_substructure_t object
@@ -153,17 +159,20 @@ static status_t verify(private_proposal_substructure_t *this)
if ((this->next_payload != NO_PAYLOAD) && (this->next_payload != 2))
{
/* must be 0 or 2 */
+ this->logger->log(this->logger, ERROR, "inconsistent next payload");
return FAILED;
}
if (this->transforms_count != this->transforms->get_count(this->transforms))
{
/* must be the same! */
+ this->logger->log(this->logger, ERROR, "transform count invalid");
return FAILED;
}
if ((this->protocol_id == 0) || (this->protocol_id >= 4))
{
/* reserved are not supported */
+ this->logger->log(this->logger, ERROR, "invalid protocol");
return FAILED;
}
@@ -177,6 +186,7 @@ static status_t verify(private_proposal_substructure_t *this)
status = current_transform->verify(current_transform);
if (status != SUCCESS)
{
+ this->logger->log(this->logger, ERROR, "TRANSFORM_SUBSTRUCTURE verification failed");
break;
}
}
@@ -452,7 +462,7 @@ proposal_t* get_proposal(private_proposal_substructure_t *this)
/**
* Implementation of proposal_substructure_t.clone.
*/
-static private_proposal_substructure_t* clone(private_proposal_substructure_t *this)
+static private_proposal_substructure_t* clone_(private_proposal_substructure_t *this)
{
private_proposal_substructure_t * new_clone;
iterator_t *transforms;
@@ -547,7 +557,7 @@ proposal_substructure_t *proposal_substructure_create()
this->public.get_spi = (chunk_t (*) (proposal_substructure_t *)) get_spi;
this->public.get_transform_count = (size_t (*) (proposal_substructure_t *)) get_transform_count;
this->public.get_spi_size = (size_t (*) (proposal_substructure_t *)) get_spi_size;
- this->public.clone = (proposal_substructure_t * (*) (proposal_substructure_t *)) clone;
+ this->public.clone = (proposal_substructure_t * (*) (proposal_substructure_t *)) clone_;
this->public.destroy = (void (*) (proposal_substructure_t *)) destroy;
/* private functions */
@@ -562,6 +572,7 @@ proposal_substructure_t *proposal_substructure_create()
this->spi_size = 0;
this->spi.ptr = NULL;
this->spi.len = 0;
+ this->logger = logger_manager->get_logger(logger_manager, PAYLOAD);
this->transforms = linked_list_create();
diff --git a/src/charon/encoding/payloads/sa_payload.c b/src/charon/encoding/payloads/sa_payload.c
index 49b0dc483..32b6b6a7e 100644
--- a/src/charon/encoding/payloads/sa_payload.c
+++ b/src/charon/encoding/payloads/sa_payload.c
@@ -160,7 +160,7 @@ static status_t verify(private_sa_payload_t *this)
status = current_proposal->payload_interface.verify(&(current_proposal->payload_interface));
if (status != SUCCESS)
{
- this->logger->log(this->logger, ERROR, "proposal substructure verification failed");
+ this->logger->log(this->logger, ERROR, "PROPOSAL_SUBSTRUCTURE verification failed");
break;
}
first = FALSE;
diff --git a/src/charon/encoding/payloads/transform_substructure.c b/src/charon/encoding/payloads/transform_substructure.c
index ecbf6ac56..e24191814 100644
--- a/src/charon/encoding/payloads/transform_substructure.c
+++ b/src/charon/encoding/payloads/transform_substructure.c
@@ -29,6 +29,7 @@
#include <encoding/payloads/encodings.h>
#include <types.h>
#include <utils/linked_list.h>
+#include <utils/logger_manager.h>
typedef struct private_transform_substructure_t private_transform_substructure_t;
@@ -58,7 +59,7 @@ struct private_transform_substructure_t {
/**
* Type of the transform.
*/
- u_int8_t transform_type;
+ u_int8_t transform_type;
/**
* Transform ID.
@@ -66,10 +67,15 @@ struct private_transform_substructure_t {
u_int16_t transform_id;
/**
- * Transforms Attributes are stored in a linked_list_t.
- */
+ * Transforms Attributes are stored in a linked_list_t.
+ */
linked_list_t *attributes;
+ /**
+ * assigned logger
+ */
+ logger_t *logger;
+
/**
* @brief Computes the length of this substructure.
*
@@ -130,70 +136,24 @@ static status_t verify(private_transform_substructure_t *this)
if ((this->next_payload != NO_PAYLOAD) && (this->next_payload != 3))
{
/* must be 0 or 3 */
+ this->logger->log(this->logger, ERROR, "inconsistent next payload");
return FAILED;
}
switch (this->transform_type)
{
case ENCRYPTION_ALGORITHM:
- {
- if ((this->transform_id < ENCR_DES_IV64) || (this->transform_id > ENCR_AES_CTR))
- {
- return FAILED;
- }
- break;
- }
case PSEUDO_RANDOM_FUNCTION:
- {
- if ((this->transform_id < PRF_HMAC_MD5) || (this->transform_id > PRF_AES128_CBC))
- {
- return FAILED;
- }
- break;
- }
case INTEGRITY_ALGORITHM:
- {
- if ((this->transform_id < AUTH_HMAC_MD5_96) || (this->transform_id > AUTH_AES_XCBC_96))
- {
- return FAILED;
- }
- break;
- }
case DIFFIE_HELLMAN_GROUP:
- {
- switch (this->transform_id)
- {
- case MODP_768_BIT:
- case MODP_1024_BIT:
- case MODP_1536_BIT:
- case MODP_2048_BIT:
- case MODP_3072_BIT:
- case MODP_4096_BIT:
- case MODP_6144_BIT:
- case MODP_8192_BIT:
- {
- break;
- }
- default:
- {
- return FAILED;
- }
- }
-
-
- break;
- }
case EXTENDED_SEQUENCE_NUMBERS:
- {
- if ((this->transform_id != NO_EXT_SEQ_NUMBERS) && (this->transform_id != EXT_SEQ_NUMBERS))
- {
- return FAILED;
- }
+ /* we don't check transform ID, we want to reply
+ * cleanly with NO_PROPOSAL_CHOSEN or so if we don't support it */
break;
- }
default:
{
- /* not a supported transform type! */
+ this->logger->log(this->logger, ERROR, "invalid transform type: %d",
+ this->transform_type);
return FAILED;
}
}
@@ -207,13 +167,12 @@ static status_t verify(private_transform_substructure_t *this)
status = current_attributes->verify(current_attributes);
if (status != SUCCESS)
{
- break;
+ this->logger->log(this->logger, ERROR,
+ "TRANSFORM_ATTRIBUTE verification failed");
}
}
-
iterator->destroy(iterator);
-
-
+
/* proposal number is checked in SA payload */
return status;
}
@@ -347,7 +306,7 @@ static void compute_length (private_transform_substructure_t *this)
/**
* Implementation of transform_substructure_t.clone.
*/
-static transform_substructure_t *clone(private_transform_substructure_t *this)
+static transform_substructure_t *clone_(private_transform_substructure_t *this)
{
private_transform_substructure_t *new_clone;
iterator_t *attributes;
@@ -448,7 +407,7 @@ transform_substructure_t *transform_substructure_create()
this->public.set_transform_id = (void (*) (transform_substructure_t *,u_int16_t)) set_transform_id;
this->public.get_transform_id = (u_int16_t (*) (transform_substructure_t *)) get_transform_id;
this->public.get_key_length = (status_t (*) (transform_substructure_t *,u_int16_t *)) get_key_length;
- this->public.clone = (transform_substructure_t* (*) (transform_substructure_t *)) clone;
+ this->public.clone = (transform_substructure_t* (*) (transform_substructure_t *)) clone_;
this->public.destroy = (void (*) (transform_substructure_t *)) destroy;
/* private functions */
@@ -460,6 +419,7 @@ transform_substructure_t *transform_substructure_create()
this->transform_id = 0;
this->transform_type = 0;
this->attributes = linked_list_create();
+ this->logger = logger_manager->get_logger(logger_manager, PAYLOAD);
return (&(this->public));
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-15 07:18:18 +0000