aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/encoding
diff options
context:
space:
mode:
Diffstat (limited to 'src/libcharon/encoding')
-rw-r--r--src/libcharon/encoding/generator.c2
-rw-r--r--src/libcharon/encoding/parser.c2
-rw-r--r--src/libcharon/encoding/payloads/certreq_payload.c3
-rwxr-xr-xsrc/libcharon/encoding/payloads/notify_payload.c18
-rwxr-xr-xsrc/libcharon/encoding/payloads/notify_payload.h5
-rw-r--r--src/libcharon/encoding/payloads/payload.c19
-rw-r--r--src/libcharon/encoding/payloads/payload.h5
7 files changed, 36 insertions, 18 deletions
diff --git a/src/libcharon/encoding/generator.c b/src/libcharon/encoding/generator.c
index bf4480193..4d65bce84 100644
--- a/src/libcharon/encoding/generator.c
+++ b/src/libcharon/encoding/generator.c
@@ -566,7 +566,7 @@ METHOD(generator_t, generate_payload, void,
payload_type_names, payload_type);
DBG3(DBG_ENC, "generated data for this payload %b",
this->buffer + offset_start,
- this->out_position - this->buffer - offset_start);
+ (u_int)(this->out_position - this->buffer - offset_start));
}
}
diff --git a/src/libcharon/encoding/parser.c b/src/libcharon/encoding/parser.c
index a599de60f..e4b140c3e 100644
--- a/src/libcharon/encoding/parser.c
+++ b/src/libcharon/encoding/parser.c
@@ -376,7 +376,7 @@ METHOD(parser_t, parse_payload, status_t,
payload_type_names, payload_type, this->input_roof - this->byte_pos);
DBG3(DBG_ENC, "parsing payload from %b",
- this->byte_pos, this->input_roof - this->byte_pos);
+ this->byte_pos, (u_int)(this->input_roof - this->byte_pos));
/* base pointer for output, avoids casting in every rule */
output = pld;
diff --git a/src/libcharon/encoding/payloads/certreq_payload.c b/src/libcharon/encoding/payloads/certreq_payload.c
index 26d1f0a43..df5e73b5b 100644
--- a/src/libcharon/encoding/payloads/certreq_payload.c
+++ b/src/libcharon/encoding/payloads/certreq_payload.c
@@ -114,8 +114,7 @@ METHOD(payload_t, verify, status_t,
if (this->type == CERTIFICATE_REQUEST &&
this->encoding == ENC_X509_SIGNATURE)
{
- if (this->data.len < HASH_SIZE_SHA1 ||
- this->data.len % HASH_SIZE_SHA1)
+ if (this->data.len % HASH_SIZE_SHA1)
{
DBG1(DBG_ENC, "invalid X509 hash length (%d) in certreq",
this->data.len);
diff --git a/src/libcharon/encoding/payloads/notify_payload.c b/src/libcharon/encoding/payloads/notify_payload.c
index 411534491..d168e1c12 100755
--- a/src/libcharon/encoding/payloads/notify_payload.c
+++ b/src/libcharon/encoding/payloads/notify_payload.c
@@ -65,7 +65,7 @@ ENUM_NEXT(notify_type_names, ME_CONNECT_FAILED, ME_CONNECT_FAILED, CHILD_SA_NOT_
"ME_CONNECT_FAILED");
ENUM_NEXT(notify_type_names, MS_NOTIFY_STATUS, MS_NOTIFY_STATUS, ME_CONNECT_FAILED,
"MS_NOTIFY_STATUS");
-ENUM_NEXT(notify_type_names, INITIAL_CONTACT, IPSEC_REPLAY_COUNTER_SYNC, MS_NOTIFY_STATUS,
+ENUM_NEXT(notify_type_names, INITIAL_CONTACT, PSK_CONFIRM, MS_NOTIFY_STATUS,
"INITIAL_CONTACT",
"SET_WINDOW_SIZE",
"ADDITIONAL_TS_POSSIBLE",
@@ -105,8 +105,11 @@ ENUM_NEXT(notify_type_names, INITIAL_CONTACT, IPSEC_REPLAY_COUNTER_SYNC, MS_NOTI
"IKEV2_MESSAGE_ID_SYNC_SUPPORTED",
"IKEV2_REPLAY_COUNTER_SYNC_SUPPORTED",
"IKEV2_MESSAGE_ID_SYNC",
- "IPSEC_REPLAY_COUNTER_SYNC");
-ENUM_NEXT(notify_type_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, IPSEC_REPLAY_COUNTER_SYNC,
+ "IPSEC_REPLAY_COUNTER_SYNC",
+ "SECURE PASSWORD_METHOD",
+ "PSK_PERSIST",
+ "PSK_CONFIRM");
+ENUM_NEXT(notify_type_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, PSK_CONFIRM,
"INITIAL_CONTACT");
ENUM_NEXT(notify_type_names, DPD_R_U_THERE, DPD_R_U_THERE_ACK, INITIAL_CONTACT_IKEV1,
"DPD_R_U_THERE",
@@ -167,7 +170,7 @@ ENUM_NEXT(notify_type_short_names, ME_CONNECT_FAILED, ME_CONNECT_FAILED, CHILD_S
"ME_CONN_FAIL");
ENUM_NEXT(notify_type_short_names, MS_NOTIFY_STATUS, MS_NOTIFY_STATUS, ME_CONNECT_FAILED,
"MS_STATUS");
-ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT, IPSEC_REPLAY_COUNTER_SYNC, MS_NOTIFY_STATUS,
+ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT, PSK_CONFIRM, MS_NOTIFY_STATUS,
"INIT_CONTACT",
"SET_WINSIZE",
"ADD_TS_POSS",
@@ -207,8 +210,11 @@ ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT, IPSEC_REPLAY_COUNTER_SYNC, M
"MSG_ID_SYN_SUP",
"RPL_CTR_SYN_SUP",
"MSG_ID_SYN",
- "RPL_CTR_SYN");
-ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, IPSEC_REPLAY_COUNTER_SYNC,
+ "RPL_CTR_SYN",
+ "SEC_PASSWD",
+ "PSK_PST",
+ "PSK_CFM");
+ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, PSK_CONFIRM,
"INITIAL_CONTACT");
ENUM_NEXT(notify_type_short_names, DPD_R_U_THERE, DPD_R_U_THERE_ACK, INITIAL_CONTACT_IKEV1,
"DPD",
diff --git a/src/libcharon/encoding/payloads/notify_payload.h b/src/libcharon/encoding/payloads/notify_payload.h
index 07fbcb49b..beec1e233 100755
--- a/src/libcharon/encoding/payloads/notify_payload.h
+++ b/src/libcharon/encoding/payloads/notify_payload.h
@@ -138,6 +138,11 @@ enum notify_type_t {
IKEV2_REPLAY_COUNTER_SYNC_SUPPORTED = 16421,
IKEV2_MESSAGE_ID_SYNC = 16422,
IPSEC_REPLAY_COUNTER_SYNC = 16423,
+ /* Secure password methods, RFC 6467 */
+ SECURE_PASSWORD_METHOD = 16424,
+ /* PACE - draft-kuegler-ipsecme-pace-ikev2 */
+ PSK_PERSIST = 16425,
+ PSK_CONFIRM = 16426,
/* IKEv1 initial contact */
INITIAL_CONTACT_IKEV1 = 24578,
/* IKEv1 DPD */
diff --git a/src/libcharon/encoding/payloads/payload.c b/src/libcharon/encoding/payloads/payload.c
index 257d53858..dc158476b 100644
--- a/src/libcharon/encoding/payloads/payload.c
+++ b/src/libcharon/encoding/payloads/payload.c
@@ -58,7 +58,7 @@ ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION_V1, CONFIGURATION_V1, NO_PAYL
ENUM_NEXT(payload_type_names, NAT_D_V1, NAT_OA_V1, CONFIGURATION_V1,
"NAT_D_V1",
"NAT_OA_V1");
-ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION, EXTENSIBLE_AUTHENTICATION, NAT_OA_V1,
+ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION, GENERIC_SECURE_PASSWORD_METHOD, NAT_OA_V1,
"SECURITY_ASSOCIATION",
"KEY_EXCHANGE",
"ID_INITIATOR",
@@ -74,9 +74,10 @@ ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION, EXTENSIBLE_AUTHENTICATION, N
"TRAFFIC_SELECTOR_RESPONDER",
"ENCRYPTED",
"CONFIGURATION",
- "EXTENSIBLE_AUTHENTICATION");
+ "EXTENSIBLE_AUTHENTICATION",
+ "GENERIC_SECURE_PASSWORD_METHOD");
#ifdef ME
-ENUM_NEXT(payload_type_names, ID_PEER, ID_PEER, EXTENSIBLE_AUTHENTICATION,
+ENUM_NEXT(payload_type_names, ID_PEER, ID_PEER, GENERIC_SECURE_PASSWORD_METHOD,
"ID_PEER");
ENUM_NEXT(payload_type_names, HEADER, ENCRYPTED_V1, ID_PEER,
"HEADER",
@@ -91,7 +92,7 @@ ENUM_NEXT(payload_type_names, HEADER, ENCRYPTED_V1, ID_PEER,
"CONFIGURATION_ATTRIBUTE_V1",
"ENCRYPTED_V1");
#else
-ENUM_NEXT(payload_type_names, HEADER, ENCRYPTED_V1, EXTENSIBLE_AUTHENTICATION,
+ENUM_NEXT(payload_type_names, HEADER, ENCRYPTED_V1, GENERIC_SECURE_PASSWORD_METHOD,
"HEADER",
"PROPOSAL_SUBSTRUCTURE",
"PROPOSAL_SUBSTRUCTURE_V1",
@@ -127,7 +128,7 @@ ENUM_NEXT(payload_type_short_names, SECURITY_ASSOCIATION_V1, CONFIGURATION_V1, N
ENUM_NEXT(payload_type_short_names, NAT_D_V1, NAT_OA_V1, CONFIGURATION_V1,
"NAT-D",
"NAT-OA");
-ENUM_NEXT(payload_type_short_names, SECURITY_ASSOCIATION, EXTENSIBLE_AUTHENTICATION, NAT_OA_V1,
+ENUM_NEXT(payload_type_short_names, SECURITY_ASSOCIATION, GENERIC_SECURE_PASSWORD_METHOD, NAT_OA_V1,
"SA",
"KE",
"IDi",
@@ -143,9 +144,11 @@ ENUM_NEXT(payload_type_short_names, SECURITY_ASSOCIATION, EXTENSIBLE_AUTHENTICAT
"TSr",
"E",
"CP",
- "EAP");
+ "EAP",
+ "GSPM");
#ifdef ME
-ENUM_NEXT(payload_type_short_names, ID_PEER, ID_PEER, EXTENSIBLE_AUTHENTICATION,
+ENUM_NEXT(payload_type_short_names, ID_PEER, ID_PEER,
+ GENERIC_SECURE_PASSWORD_METHOD,
"IDp");
ENUM_NEXT(payload_type_short_names, HEADER, ENCRYPTED_V1, ID_PEER,
"HDR",
@@ -160,7 +163,7 @@ ENUM_NEXT(payload_type_short_names, HEADER, ENCRYPTED_V1, ID_PEER,
"CATTR",
"E");
#else
-ENUM_NEXT(payload_type_short_names, HEADER, ENCRYPTED_V1, EXTENSIBLE_AUTHENTICATION,
+ENUM_NEXT(payload_type_short_names, HEADER, ENCRYPTED_V1, GENERIC_SECURE_PASSWORD_METHOD,
"HDR",
"PROP",
"PROP",
diff --git a/src/libcharon/encoding/payloads/payload.h b/src/libcharon/encoding/payloads/payload.h
index ed839fc07..d5e862601 100644
--- a/src/libcharon/encoding/payloads/payload.h
+++ b/src/libcharon/encoding/payloads/payload.h
@@ -207,6 +207,11 @@ enum payload_type_t {
*/
EXTENSIBLE_AUTHENTICATION = 48,
+ /**
+ * Generic Secure Password Method (GSPM).
+ */
+ GENERIC_SECURE_PASSWORD_METHOD = 49,
+
#ifdef ME
/**
* Identification payload for peers has a value from