diff options
Diffstat (limited to 'src/libcharon/encoding')
-rw-r--r-- | src/libcharon/encoding/generator.c | 2 | ||||
-rw-r--r-- | src/libcharon/encoding/parser.c | 2 | ||||
-rw-r--r-- | src/libcharon/encoding/payloads/certreq_payload.c | 3 | ||||
-rwxr-xr-x | src/libcharon/encoding/payloads/notify_payload.c | 18 | ||||
-rwxr-xr-x | src/libcharon/encoding/payloads/notify_payload.h | 5 | ||||
-rw-r--r-- | src/libcharon/encoding/payloads/payload.c | 19 | ||||
-rw-r--r-- | src/libcharon/encoding/payloads/payload.h | 5 |
7 files changed, 36 insertions, 18 deletions
diff --git a/src/libcharon/encoding/generator.c b/src/libcharon/encoding/generator.c index bf4480193..4d65bce84 100644 --- a/src/libcharon/encoding/generator.c +++ b/src/libcharon/encoding/generator.c @@ -566,7 +566,7 @@ METHOD(generator_t, generate_payload, void, payload_type_names, payload_type); DBG3(DBG_ENC, "generated data for this payload %b", this->buffer + offset_start, - this->out_position - this->buffer - offset_start); + (u_int)(this->out_position - this->buffer - offset_start)); } } diff --git a/src/libcharon/encoding/parser.c b/src/libcharon/encoding/parser.c index a599de60f..e4b140c3e 100644 --- a/src/libcharon/encoding/parser.c +++ b/src/libcharon/encoding/parser.c @@ -376,7 +376,7 @@ METHOD(parser_t, parse_payload, status_t, payload_type_names, payload_type, this->input_roof - this->byte_pos); DBG3(DBG_ENC, "parsing payload from %b", - this->byte_pos, this->input_roof - this->byte_pos); + this->byte_pos, (u_int)(this->input_roof - this->byte_pos)); /* base pointer for output, avoids casting in every rule */ output = pld; diff --git a/src/libcharon/encoding/payloads/certreq_payload.c b/src/libcharon/encoding/payloads/certreq_payload.c index 26d1f0a43..df5e73b5b 100644 --- a/src/libcharon/encoding/payloads/certreq_payload.c +++ b/src/libcharon/encoding/payloads/certreq_payload.c @@ -114,8 +114,7 @@ METHOD(payload_t, verify, status_t, if (this->type == CERTIFICATE_REQUEST && this->encoding == ENC_X509_SIGNATURE) { - if (this->data.len < HASH_SIZE_SHA1 || - this->data.len % HASH_SIZE_SHA1) + if (this->data.len % HASH_SIZE_SHA1) { DBG1(DBG_ENC, "invalid X509 hash length (%d) in certreq", this->data.len); diff --git a/src/libcharon/encoding/payloads/notify_payload.c b/src/libcharon/encoding/payloads/notify_payload.c index 411534491..d168e1c12 100755 --- a/src/libcharon/encoding/payloads/notify_payload.c +++ b/src/libcharon/encoding/payloads/notify_payload.c @@ -65,7 +65,7 @@ ENUM_NEXT(notify_type_names, ME_CONNECT_FAILED, ME_CONNECT_FAILED, CHILD_SA_NOT_ "ME_CONNECT_FAILED"); ENUM_NEXT(notify_type_names, MS_NOTIFY_STATUS, MS_NOTIFY_STATUS, ME_CONNECT_FAILED, "MS_NOTIFY_STATUS"); -ENUM_NEXT(notify_type_names, INITIAL_CONTACT, IPSEC_REPLAY_COUNTER_SYNC, MS_NOTIFY_STATUS, +ENUM_NEXT(notify_type_names, INITIAL_CONTACT, PSK_CONFIRM, MS_NOTIFY_STATUS, "INITIAL_CONTACT", "SET_WINDOW_SIZE", "ADDITIONAL_TS_POSSIBLE", @@ -105,8 +105,11 @@ ENUM_NEXT(notify_type_names, INITIAL_CONTACT, IPSEC_REPLAY_COUNTER_SYNC, MS_NOTI "IKEV2_MESSAGE_ID_SYNC_SUPPORTED", "IKEV2_REPLAY_COUNTER_SYNC_SUPPORTED", "IKEV2_MESSAGE_ID_SYNC", - "IPSEC_REPLAY_COUNTER_SYNC"); -ENUM_NEXT(notify_type_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, IPSEC_REPLAY_COUNTER_SYNC, + "IPSEC_REPLAY_COUNTER_SYNC", + "SECURE PASSWORD_METHOD", + "PSK_PERSIST", + "PSK_CONFIRM"); +ENUM_NEXT(notify_type_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, PSK_CONFIRM, "INITIAL_CONTACT"); ENUM_NEXT(notify_type_names, DPD_R_U_THERE, DPD_R_U_THERE_ACK, INITIAL_CONTACT_IKEV1, "DPD_R_U_THERE", @@ -167,7 +170,7 @@ ENUM_NEXT(notify_type_short_names, ME_CONNECT_FAILED, ME_CONNECT_FAILED, CHILD_S "ME_CONN_FAIL"); ENUM_NEXT(notify_type_short_names, MS_NOTIFY_STATUS, MS_NOTIFY_STATUS, ME_CONNECT_FAILED, "MS_STATUS"); -ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT, IPSEC_REPLAY_COUNTER_SYNC, MS_NOTIFY_STATUS, +ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT, PSK_CONFIRM, MS_NOTIFY_STATUS, "INIT_CONTACT", "SET_WINSIZE", "ADD_TS_POSS", @@ -207,8 +210,11 @@ ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT, IPSEC_REPLAY_COUNTER_SYNC, M "MSG_ID_SYN_SUP", "RPL_CTR_SYN_SUP", "MSG_ID_SYN", - "RPL_CTR_SYN"); -ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, IPSEC_REPLAY_COUNTER_SYNC, + "RPL_CTR_SYN", + "SEC_PASSWD", + "PSK_PST", + "PSK_CFM"); +ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, PSK_CONFIRM, "INITIAL_CONTACT"); ENUM_NEXT(notify_type_short_names, DPD_R_U_THERE, DPD_R_U_THERE_ACK, INITIAL_CONTACT_IKEV1, "DPD", diff --git a/src/libcharon/encoding/payloads/notify_payload.h b/src/libcharon/encoding/payloads/notify_payload.h index 07fbcb49b..beec1e233 100755 --- a/src/libcharon/encoding/payloads/notify_payload.h +++ b/src/libcharon/encoding/payloads/notify_payload.h @@ -138,6 +138,11 @@ enum notify_type_t { IKEV2_REPLAY_COUNTER_SYNC_SUPPORTED = 16421, IKEV2_MESSAGE_ID_SYNC = 16422, IPSEC_REPLAY_COUNTER_SYNC = 16423, + /* Secure password methods, RFC 6467 */ + SECURE_PASSWORD_METHOD = 16424, + /* PACE - draft-kuegler-ipsecme-pace-ikev2 */ + PSK_PERSIST = 16425, + PSK_CONFIRM = 16426, /* IKEv1 initial contact */ INITIAL_CONTACT_IKEV1 = 24578, /* IKEv1 DPD */ diff --git a/src/libcharon/encoding/payloads/payload.c b/src/libcharon/encoding/payloads/payload.c index 257d53858..dc158476b 100644 --- a/src/libcharon/encoding/payloads/payload.c +++ b/src/libcharon/encoding/payloads/payload.c @@ -58,7 +58,7 @@ ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION_V1, CONFIGURATION_V1, NO_PAYL ENUM_NEXT(payload_type_names, NAT_D_V1, NAT_OA_V1, CONFIGURATION_V1, "NAT_D_V1", "NAT_OA_V1"); -ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION, EXTENSIBLE_AUTHENTICATION, NAT_OA_V1, +ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION, GENERIC_SECURE_PASSWORD_METHOD, NAT_OA_V1, "SECURITY_ASSOCIATION", "KEY_EXCHANGE", "ID_INITIATOR", @@ -74,9 +74,10 @@ ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION, EXTENSIBLE_AUTHENTICATION, N "TRAFFIC_SELECTOR_RESPONDER", "ENCRYPTED", "CONFIGURATION", - "EXTENSIBLE_AUTHENTICATION"); + "EXTENSIBLE_AUTHENTICATION", + "GENERIC_SECURE_PASSWORD_METHOD"); #ifdef ME -ENUM_NEXT(payload_type_names, ID_PEER, ID_PEER, EXTENSIBLE_AUTHENTICATION, +ENUM_NEXT(payload_type_names, ID_PEER, ID_PEER, GENERIC_SECURE_PASSWORD_METHOD, "ID_PEER"); ENUM_NEXT(payload_type_names, HEADER, ENCRYPTED_V1, ID_PEER, "HEADER", @@ -91,7 +92,7 @@ ENUM_NEXT(payload_type_names, HEADER, ENCRYPTED_V1, ID_PEER, "CONFIGURATION_ATTRIBUTE_V1", "ENCRYPTED_V1"); #else -ENUM_NEXT(payload_type_names, HEADER, ENCRYPTED_V1, EXTENSIBLE_AUTHENTICATION, +ENUM_NEXT(payload_type_names, HEADER, ENCRYPTED_V1, GENERIC_SECURE_PASSWORD_METHOD, "HEADER", "PROPOSAL_SUBSTRUCTURE", "PROPOSAL_SUBSTRUCTURE_V1", @@ -127,7 +128,7 @@ ENUM_NEXT(payload_type_short_names, SECURITY_ASSOCIATION_V1, CONFIGURATION_V1, N ENUM_NEXT(payload_type_short_names, NAT_D_V1, NAT_OA_V1, CONFIGURATION_V1, "NAT-D", "NAT-OA"); -ENUM_NEXT(payload_type_short_names, SECURITY_ASSOCIATION, EXTENSIBLE_AUTHENTICATION, NAT_OA_V1, +ENUM_NEXT(payload_type_short_names, SECURITY_ASSOCIATION, GENERIC_SECURE_PASSWORD_METHOD, NAT_OA_V1, "SA", "KE", "IDi", @@ -143,9 +144,11 @@ ENUM_NEXT(payload_type_short_names, SECURITY_ASSOCIATION, EXTENSIBLE_AUTHENTICAT "TSr", "E", "CP", - "EAP"); + "EAP", + "GSPM"); #ifdef ME -ENUM_NEXT(payload_type_short_names, ID_PEER, ID_PEER, EXTENSIBLE_AUTHENTICATION, +ENUM_NEXT(payload_type_short_names, ID_PEER, ID_PEER, + GENERIC_SECURE_PASSWORD_METHOD, "IDp"); ENUM_NEXT(payload_type_short_names, HEADER, ENCRYPTED_V1, ID_PEER, "HDR", @@ -160,7 +163,7 @@ ENUM_NEXT(payload_type_short_names, HEADER, ENCRYPTED_V1, ID_PEER, "CATTR", "E"); #else -ENUM_NEXT(payload_type_short_names, HEADER, ENCRYPTED_V1, EXTENSIBLE_AUTHENTICATION, +ENUM_NEXT(payload_type_short_names, HEADER, ENCRYPTED_V1, GENERIC_SECURE_PASSWORD_METHOD, "HDR", "PROP", "PROP", diff --git a/src/libcharon/encoding/payloads/payload.h b/src/libcharon/encoding/payloads/payload.h index ed839fc07..d5e862601 100644 --- a/src/libcharon/encoding/payloads/payload.h +++ b/src/libcharon/encoding/payloads/payload.h @@ -207,6 +207,11 @@ enum payload_type_t { */ EXTENSIBLE_AUTHENTICATION = 48, + /** + * Generic Secure Password Method (GSPM). + */ + GENERIC_SECURE_PASSWORD_METHOD = 49, + #ifdef ME /** * Identification payload for peers has a value from |