From b0b9d185931e7f88f0f7c89e9ef4e6034ac38dd3 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Wed, 16 Nov 2011 09:29:38 +0100 Subject: Extend sa_payload for IKEv1 support --- src/conftest/hooks/custom_proposal.c | 3 ++- src/conftest/hooks/pretend_auth.c | 3 ++- src/conftest/hooks/set_proposal_number.c | 2 +- 3 files changed, 5 insertions(+), 3 deletions(-) (limited to 'src/conftest/hooks') diff --git a/src/conftest/hooks/custom_proposal.c b/src/conftest/hooks/custom_proposal.c index e4acd841f..9522335b1 100644 --- a/src/conftest/hooks/custom_proposal.c +++ b/src/conftest/hooks/custom_proposal.c @@ -145,7 +145,8 @@ METHOD(listener_t, message, bool, proposal->get_protocol(proposal), proposal->get_spi(proposal)); DBG1(DBG_CFG, "injecting custom proposal: %#P", new_props); - new = sa_payload_create_from_proposal_list(new_props); + new = sa_payload_create_from_proposal_list( + SECURITY_ASSOCIATION, new_props); message->add_payload(message, (payload_t*)new); new_props->destroy_offset(new_props, offsetof(proposal_t, destroy)); } diff --git a/src/conftest/hooks/pretend_auth.c b/src/conftest/hooks/pretend_auth.c index 4b7168cac..dd6ab9959 100644 --- a/src/conftest/hooks/pretend_auth.c +++ b/src/conftest/hooks/pretend_auth.c @@ -294,7 +294,8 @@ static void process_auth_response(private_pretend_auth_t *this, if (this->proposal) { message->add_payload(message, (payload_t*) - sa_payload_create_from_proposal(this->proposal)); + sa_payload_create_from_proposal(SECURITY_ASSOCIATION, + this->proposal)); } if (this->tsi) { diff --git a/src/conftest/hooks/set_proposal_number.c b/src/conftest/hooks/set_proposal_number.c index a59d96b6d..32b0155cb 100644 --- a/src/conftest/hooks/set_proposal_number.c +++ b/src/conftest/hooks/set_proposal_number.c @@ -121,7 +121,7 @@ METHOD(listener_t, message, bool, } enumerator->destroy(enumerator); } - sa = sa_payload_create_from_proposal_list(updated); + sa = sa_payload_create_from_proposal_list(SECURITY_ASSOCIATION, updated); list->destroy_offset(list, offsetof(proposal_t, destroy)); updated->destroy_offset(updated, offsetof(proposal_t, destroy)); message->add_payload(message, (payload_t*)sa); -- cgit v1.2.3 From 4ed52db2bbe4d884e5e0ed507b0d9c19f7b4343e Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Wed, 16 Nov 2011 12:06:55 +0100 Subject: Allow creation of message_t objects for IKEv1 packets. --- src/conftest/hooks/force_cookie.c | 2 +- src/conftest/hooks/unencrypted_notify.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'src/conftest/hooks') diff --git a/src/conftest/hooks/force_cookie.c b/src/conftest/hooks/force_cookie.c index e34f82851..e2ccb66a8 100644 --- a/src/conftest/hooks/force_cookie.c +++ b/src/conftest/hooks/force_cookie.c @@ -68,7 +68,7 @@ METHOD(listener_t, message, bool, chunk_t data = chunk_from_thing("COOKIE test data"); DBG1(DBG_CFG, "sending COOKIE: %#B", &data); - response = message_create(); + response = message_create(IKEV2_MAJOR_VERSION, IKEV2_MINOR_VERSION); dst = message->get_source(message); src = message->get_destination(message); response->set_source(response, src->clone(src)); diff --git a/src/conftest/hooks/unencrypted_notify.c b/src/conftest/hooks/unencrypted_notify.c index 80bdc64b7..507f30cae 100644 --- a/src/conftest/hooks/unencrypted_notify.c +++ b/src/conftest/hooks/unencrypted_notify.c @@ -95,7 +95,7 @@ METHOD(listener_t, ike_updown, bool, DBG1(DBG_CFG, "injecting unencrypted INFORMATIONAL message"); - message = message_create(); + message = message_create(IKEV2_MAJOR_VERSION, IKEV2_MINOR_VERSION); message->set_message_id(message, this->id); message->set_ike_sa_id(message, ike_sa->get_id(ike_sa)); message->set_exchange_type(message, INFORMATIONAL); -- cgit v1.2.3 From e9b55b832546d05f464bdddbe779ed21cd17b624 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 17 Nov 2011 11:27:55 +0100 Subject: Simplify signature of get_encoding_rules(), make all rules static --- src/conftest/hooks/set_length.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'src/conftest/hooks') diff --git a/src/conftest/hooks/set_length.c b/src/conftest/hooks/set_length.c index 0379dcb7c..eb72e72d9 100644 --- a/src/conftest/hooks/set_length.c +++ b/src/conftest/hooks/set_length.c @@ -76,11 +76,10 @@ METHOD(listener_t, message, bool, if (type == payload->get_type(payload)) { encoding_rule_t *rules; - size_t count; u_int16_t *len; - int i; + int i, count; - payload->get_encoding_rules(payload, &rules, &count); + count = payload->get_encoding_rules(payload, &rules); for (i = 0; i < count; i++) { if (rules[i].type == PAYLOAD_LENGTH) -- cgit v1.2.3 From 38fb67fbf18489f40845b072e4ed50b1f6cf0c9c Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 17 Nov 2011 11:27:46 +0000 Subject: Add a payload.get_header_length() method, remove header length definitions --- src/conftest/hooks/ike_auth_fill.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'src/conftest/hooks') diff --git a/src/conftest/hooks/ike_auth_fill.c b/src/conftest/hooks/ike_auth_fill.c index 2843d60c1..052a4be08 100644 --- a/src/conftest/hooks/ike_auth_fill.c +++ b/src/conftest/hooks/ike_auth_fill.c @@ -51,7 +51,10 @@ struct private_ike_auth_fill_t { /** size of non ESP-Marker */ #define NON_ESP_MARKER_LEN 4 - +/** length of fixed encryption payload header */ +#define ENCRYPTION_PAYLOAD_HEADER_LENGTH 4 +/** length of fixed cert payload header */ +#define CERT_PAYLOAD_HEADER_LENGTH 5 /** * Calculate packet size on wire (without ethernet/IP header) */ -- cgit v1.2.3 From 04ee2b7fed91b4430ba4870a2f1b98ee3e228f50 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 17 Nov 2011 18:01:41 +0100 Subject: Added IKEv1 support to notify payload --- src/conftest/hooks/add_notify.c | 2 +- src/conftest/hooks/unencrypted_notify.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'src/conftest/hooks') diff --git a/src/conftest/hooks/add_notify.c b/src/conftest/hooks/add_notify.c index de46ca81f..a9731960b 100644 --- a/src/conftest/hooks/add_notify.c +++ b/src/conftest/hooks/add_notify.c @@ -89,7 +89,7 @@ METHOD(listener_t, message, bool, { data = chunk_clone(chunk_create(this->data, strlen(this->data))); } - notify = notify_payload_create_from_protocol_and_type( + notify = notify_payload_create_from_protocol_and_type(NOTIFY, this->esp ? PROTO_ESP : PROTO_IKE, type); notify->set_spi(notify, this->spi); if (data.len) diff --git a/src/conftest/hooks/unencrypted_notify.c b/src/conftest/hooks/unencrypted_notify.c index 507f30cae..958e33e98 100644 --- a/src/conftest/hooks/unencrypted_notify.c +++ b/src/conftest/hooks/unencrypted_notify.c @@ -84,7 +84,7 @@ METHOD(listener_t, ike_updown, bool, { data = chunk_clone(chunk_create(this->data, strlen(this->data))); } - notify = notify_payload_create_from_protocol_and_type( + notify = notify_payload_create_from_protocol_and_type(NOTIFY, this->esp ? PROTO_ESP : PROTO_IKE, type); notify->set_spi(notify, this->spi); if (data.len) -- cgit v1.2.3 From c311d22d0f62b68bf0e69c110d94b569788c0fd3 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Fri, 18 Nov 2011 17:49:53 +0100 Subject: Don't clone chunk in message.get_packet_data --- src/conftest/hooks/pretend_auth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/conftest/hooks') diff --git a/src/conftest/hooks/pretend_auth.c b/src/conftest/hooks/pretend_auth.c index dd6ab9959..ff99900f2 100644 --- a/src/conftest/hooks/pretend_auth.c +++ b/src/conftest/hooks/pretend_auth.c @@ -135,7 +135,7 @@ static void process_auth_request(private_pretend_auth_t *this, static void process_init_response(private_pretend_auth_t *this, ike_sa_t *ike_sa, message_t *message) { - this->ike_init = message->get_packet_data(message); + this->ike_init = chunk_clone(message->get_packet_data(message)); } /** -- cgit v1.2.3 From a0563846b0aebb692cb81647862807712d173e59 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Fri, 18 Nov 2011 10:56:48 +0100 Subject: Moved version specific keymat functions to specific interfaces. --- src/conftest/hooks/pretend_auth.c | 5 +++-- src/conftest/hooks/rebuild_auth.c | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) (limited to 'src/conftest/hooks') diff --git a/src/conftest/hooks/pretend_auth.c b/src/conftest/hooks/pretend_auth.c index ff99900f2..f91b6bf9b 100644 --- a/src/conftest/hooks/pretend_auth.c +++ b/src/conftest/hooks/pretend_auth.c @@ -15,6 +15,7 @@ #include "hook.h" +#include #include #include #include @@ -190,7 +191,7 @@ static bool build_auth(private_pretend_auth_t *this, auth_payload_t *auth_payload; auth_method_t auth_method; signature_scheme_t scheme; - keymat_t *keymat; + keymat_v2_t *keymat; auth = auth_cfg_create(); private = lib->credmgr->get_private(lib->credmgr, KEY_ANY, this->id, auth); @@ -235,7 +236,7 @@ static bool build_auth(private_pretend_auth_t *this, key_type_names, private->get_type(private)); return FALSE; } - keymat = ike_sa->get_keymat(ike_sa); + keymat = (keymat_v2_t*)ike_sa->get_keymat(ike_sa); octets = keymat->get_auth_octets(keymat, TRUE, this->ike_init, this->nonce, this->id, this->reserved); if (!private->sign(private, scheme, octets, &auth_data)) diff --git a/src/conftest/hooks/rebuild_auth.c b/src/conftest/hooks/rebuild_auth.c index 993c952e0..cf9b113cc 100644 --- a/src/conftest/hooks/rebuild_auth.c +++ b/src/conftest/hooks/rebuild_auth.c @@ -15,6 +15,7 @@ #include "hook.h" +#include #include #include #include @@ -62,7 +63,7 @@ static bool rebuild_auth(private_rebuild_auth_t *this, ike_sa_t *ike_sa, auth_payload_t *auth_payload; auth_method_t auth_method; signature_scheme_t scheme; - keymat_t *keymat; + keymat_v2_t *keymat; identification_t *id; char reserved[3]; generator_t *generator; @@ -137,7 +138,7 @@ static bool rebuild_auth(private_rebuild_auth_t *this, ike_sa_t *ike_sa, id->destroy(id); return FALSE; } - keymat = ike_sa->get_keymat(ike_sa); + keymat = (keymat_v2_t*)ike_sa->get_keymat(ike_sa); octets = keymat->get_auth_octets(keymat, FALSE, this->ike_init, this->nonce, id, reserved); if (!private->sign(private, scheme, octets, &auth_data)) -- cgit v1.2.3 From d6cec44b2400589a746649862326f72490288544 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Wed, 23 Nov 2011 12:11:49 +0100 Subject: Fixed conftests after extending CERT payload. --- src/conftest/hooks/ike_auth_fill.c | 2 +- src/conftest/hooks/pretend_auth.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'src/conftest/hooks') diff --git a/src/conftest/hooks/ike_auth_fill.c b/src/conftest/hooks/ike_auth_fill.c index 052a4be08..ac26d1bfe 100644 --- a/src/conftest/hooks/ike_auth_fill.c +++ b/src/conftest/hooks/ike_auth_fill.c @@ -108,7 +108,7 @@ METHOD(listener_t, message, bool, diff = this->bytes - size - CERT_PAYLOAD_HEADER_LENGTH; data = chunk_alloc(diff); memset(data.ptr, 0x12, data.len); - pld = cert_payload_create_custom(201, data); + pld = cert_payload_create_custom(201, data, CERTIFICATE); message->add_payload(message, &pld->payload_interface); DBG1(DBG_CFG, "inserting %d dummy bytes certificate payload", diff); } diff --git a/src/conftest/hooks/pretend_auth.c b/src/conftest/hooks/pretend_auth.c index f91b6bf9b..560864db5 100644 --- a/src/conftest/hooks/pretend_auth.c +++ b/src/conftest/hooks/pretend_auth.c @@ -154,7 +154,7 @@ static void build_certs(private_pretend_auth_t *this, cert = auth->get(auth, AUTH_RULE_SUBJECT_CERT); if (cert) { - payload = cert_payload_create_from_cert(cert); + payload = cert_payload_create_from_cert(cert, CERTIFICATE); if (payload) { DBG1(DBG_IKE, "pretending end entity cert \"%Y\"", @@ -167,7 +167,7 @@ static void build_certs(private_pretend_auth_t *this, { if (type == AUTH_RULE_IM_CERT) { - payload = cert_payload_create_from_cert(cert); + payload = cert_payload_create_from_cert(cert, CERTIFICATE); if (payload) { DBG1(DBG_IKE, "pretending issuer cert \"%Y\"", -- cgit v1.2.3 From e174e0d4455e30a8d9a1900916a195f20588afdb Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 24 Nov 2011 11:39:31 +0100 Subject: Added not-yet used sa_payload parameters used in IKEv1 --- src/conftest/hooks/custom_proposal.c | 3 +-- src/conftest/hooks/pretend_auth.c | 3 +-- src/conftest/hooks/set_proposal_number.c | 2 +- 3 files changed, 3 insertions(+), 5 deletions(-) (limited to 'src/conftest/hooks') diff --git a/src/conftest/hooks/custom_proposal.c b/src/conftest/hooks/custom_proposal.c index 9522335b1..4acea18ce 100644 --- a/src/conftest/hooks/custom_proposal.c +++ b/src/conftest/hooks/custom_proposal.c @@ -145,8 +145,7 @@ METHOD(listener_t, message, bool, proposal->get_protocol(proposal), proposal->get_spi(proposal)); DBG1(DBG_CFG, "injecting custom proposal: %#P", new_props); - new = sa_payload_create_from_proposal_list( - SECURITY_ASSOCIATION, new_props); + new = sa_payload_create_from_proposals_v2(new_props); message->add_payload(message, (payload_t*)new); new_props->destroy_offset(new_props, offsetof(proposal_t, destroy)); } diff --git a/src/conftest/hooks/pretend_auth.c b/src/conftest/hooks/pretend_auth.c index 560864db5..b8f961403 100644 --- a/src/conftest/hooks/pretend_auth.c +++ b/src/conftest/hooks/pretend_auth.c @@ -295,8 +295,7 @@ static void process_auth_response(private_pretend_auth_t *this, if (this->proposal) { message->add_payload(message, (payload_t*) - sa_payload_create_from_proposal(SECURITY_ASSOCIATION, - this->proposal)); + sa_payload_create_from_proposal_v2(this->proposal)); } if (this->tsi) { diff --git a/src/conftest/hooks/set_proposal_number.c b/src/conftest/hooks/set_proposal_number.c index 32b0155cb..839ca1f37 100644 --- a/src/conftest/hooks/set_proposal_number.c +++ b/src/conftest/hooks/set_proposal_number.c @@ -121,7 +121,7 @@ METHOD(listener_t, message, bool, } enumerator->destroy(enumerator); } - sa = sa_payload_create_from_proposal_list(SECURITY_ASSOCIATION, updated); + sa = sa_payload_create_from_proposals_v2(updated); list->destroy_offset(list, offsetof(proposal_t, destroy)); updated->destroy_offset(updated, offsetof(proposal_t, destroy)); message->add_payload(message, (payload_t*)sa); -- cgit v1.2.3 From 9ad5b8fa951c294f3f79ffe701cac712a6cf18df Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Tue, 6 Dec 2011 13:37:57 +0100 Subject: Cleanup CERT payload constructors --- src/conftest/hooks/ike_auth_fill.c | 2 +- src/conftest/hooks/pretend_auth.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'src/conftest/hooks') diff --git a/src/conftest/hooks/ike_auth_fill.c b/src/conftest/hooks/ike_auth_fill.c index ac26d1bfe..7362c19f4 100644 --- a/src/conftest/hooks/ike_auth_fill.c +++ b/src/conftest/hooks/ike_auth_fill.c @@ -108,7 +108,7 @@ METHOD(listener_t, message, bool, diff = this->bytes - size - CERT_PAYLOAD_HEADER_LENGTH; data = chunk_alloc(diff); memset(data.ptr, 0x12, data.len); - pld = cert_payload_create_custom(201, data, CERTIFICATE); + pld = cert_payload_create_custom(CERTIFICATE, 201, data); message->add_payload(message, &pld->payload_interface); DBG1(DBG_CFG, "inserting %d dummy bytes certificate payload", diff); } diff --git a/src/conftest/hooks/pretend_auth.c b/src/conftest/hooks/pretend_auth.c index b8f961403..10b13c6ac 100644 --- a/src/conftest/hooks/pretend_auth.c +++ b/src/conftest/hooks/pretend_auth.c @@ -154,7 +154,7 @@ static void build_certs(private_pretend_auth_t *this, cert = auth->get(auth, AUTH_RULE_SUBJECT_CERT); if (cert) { - payload = cert_payload_create_from_cert(cert, CERTIFICATE); + payload = cert_payload_create_from_cert(CERTIFICATE, cert); if (payload) { DBG1(DBG_IKE, "pretending end entity cert \"%Y\"", @@ -167,7 +167,7 @@ static void build_certs(private_pretend_auth_t *this, { if (type == AUTH_RULE_IM_CERT) { - payload = cert_payload_create_from_cert(cert, CERTIFICATE); + payload = cert_payload_create_from_cert(CERTIFICATE, cert); if (payload) { DBG1(DBG_IKE, "pretending issuer cert \"%Y\"", -- cgit v1.2.3 From 15a682f4c23d0b8340b31077698e6f6d924c2861 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Mon, 19 Dec 2011 13:10:29 +0100 Subject: Separated libcharon/sa directory with ikev1 and ikev2 subfolders --- src/conftest/hooks/pretend_auth.c | 2 +- src/conftest/hooks/rebuild_auth.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'src/conftest/hooks') diff --git a/src/conftest/hooks/pretend_auth.c b/src/conftest/hooks/pretend_auth.c index 10b13c6ac..3a7bb4f6b 100644 --- a/src/conftest/hooks/pretend_auth.c +++ b/src/conftest/hooks/pretend_auth.c @@ -15,7 +15,7 @@ #include "hook.h" -#include +#include #include #include #include diff --git a/src/conftest/hooks/rebuild_auth.c b/src/conftest/hooks/rebuild_auth.c index cf9b113cc..1197eb2dc 100644 --- a/src/conftest/hooks/rebuild_auth.c +++ b/src/conftest/hooks/rebuild_auth.c @@ -15,7 +15,7 @@ #include "hook.h" -#include +#include #include #include #include -- cgit v1.2.3 From 47b8f6ef4b3637e94d4b211721b38ba263f6d9c0 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 19 Jan 2012 16:22:25 +0100 Subject: Invoke bus_t.message hook twice, once plain and parsed, once encoded and encrypted --- src/conftest/hooks/add_notify.c | 4 +-- src/conftest/hooks/add_payload.c | 4 +-- src/conftest/hooks/custom_proposal.c | 4 +-- src/conftest/hooks/force_cookie.c | 4 +-- src/conftest/hooks/ignore_message.c | 4 +-- src/conftest/hooks/ike_auth_fill.c | 4 +-- src/conftest/hooks/log_id.c | 4 +-- src/conftest/hooks/log_ke.c | 4 +-- src/conftest/hooks/log_proposals.c | 4 +-- src/conftest/hooks/log_ts.c | 4 +-- src/conftest/hooks/pretend_auth.c | 45 ++++++++++++++++-------------- src/conftest/hooks/rebuild_auth.c | 47 +++++++++++++++++--------------- src/conftest/hooks/set_critical.c | 4 +-- src/conftest/hooks/set_ike_initiator.c | 4 +-- src/conftest/hooks/set_ike_request.c | 4 +-- src/conftest/hooks/set_ike_spi.c | 4 +-- src/conftest/hooks/set_ike_version.c | 4 +-- src/conftest/hooks/set_length.c | 4 +-- src/conftest/hooks/set_proposal_number.c | 4 +-- src/conftest/hooks/set_reserved.c | 4 +-- src/conftest/hooks/unsort_message.c | 4 +-- 21 files changed, 87 insertions(+), 81 deletions(-) (limited to 'src/conftest/hooks') diff --git a/src/conftest/hooks/add_notify.c b/src/conftest/hooks/add_notify.c index a9731960b..e3fbbc878 100644 --- a/src/conftest/hooks/add_notify.c +++ b/src/conftest/hooks/add_notify.c @@ -60,9 +60,9 @@ struct private_add_notify_t { METHOD(listener_t, message, bool, private_add_notify_t *this, ike_sa_t *ike_sa, message_t *message, - bool incoming) + bool incoming, bool plain) { - if (!incoming && + if (!incoming && plain && message->get_request(message) == this->req && message->get_message_id(message) == this->id) { diff --git a/src/conftest/hooks/add_payload.c b/src/conftest/hooks/add_payload.c index 03a47cc23..37484e808 100644 --- a/src/conftest/hooks/add_payload.c +++ b/src/conftest/hooks/add_payload.c @@ -62,9 +62,9 @@ struct private_add_payload_t { METHOD(listener_t, message, bool, private_add_payload_t *this, ike_sa_t *ike_sa, message_t *message, - bool incoming) + bool incoming, bool plain) { - if (!incoming && + if (!incoming && plain && message->get_request(message) == this->req && message->get_message_id(message) == this->id) { diff --git a/src/conftest/hooks/custom_proposal.c b/src/conftest/hooks/custom_proposal.c index 4acea18ce..958bc1052 100644 --- a/src/conftest/hooks/custom_proposal.c +++ b/src/conftest/hooks/custom_proposal.c @@ -111,9 +111,9 @@ static linked_list_t* load_proposals(private_custom_proposal_t *this, METHOD(listener_t, message, bool, private_custom_proposal_t *this, ike_sa_t *ike_sa, message_t *message, - bool incoming) + bool incoming, bool plain) { - if (!incoming && + if (!incoming && plain && message->get_request(message) == this->req && message->get_message_id(message) == this->id) { diff --git a/src/conftest/hooks/force_cookie.c b/src/conftest/hooks/force_cookie.c index e2ccb66a8..1b044db14 100644 --- a/src/conftest/hooks/force_cookie.c +++ b/src/conftest/hooks/force_cookie.c @@ -32,9 +32,9 @@ struct private_force_cookie_t { METHOD(listener_t, message, bool, private_force_cookie_t *this, ike_sa_t *ike_sa, message_t *message, - bool incoming) + bool incoming, bool plain) { - if (incoming && message->get_request(message) && + if (incoming && plain && message->get_request(message) && message->get_exchange_type(message) == IKE_SA_INIT) { enumerator_t *enumerator; diff --git a/src/conftest/hooks/ignore_message.c b/src/conftest/hooks/ignore_message.c index 210f3ac50..3cb5f2059 100644 --- a/src/conftest/hooks/ignore_message.c +++ b/src/conftest/hooks/ignore_message.c @@ -45,9 +45,9 @@ struct private_ignore_message_t { METHOD(listener_t, message, bool, private_ignore_message_t *this, ike_sa_t *ike_sa, message_t *message, - bool incoming) + bool incoming, bool plain) { - if (incoming == this->in && + if (incoming == this->in && plain && message->get_request(message) == this->req && message->get_message_id(message) == this->id) { diff --git a/src/conftest/hooks/ike_auth_fill.c b/src/conftest/hooks/ike_auth_fill.c index 7362c19f4..09590d4f3 100644 --- a/src/conftest/hooks/ike_auth_fill.c +++ b/src/conftest/hooks/ike_auth_fill.c @@ -92,9 +92,9 @@ static size_t calculate_wire_size(message_t *message, ike_sa_t *ike_sa) METHOD(listener_t, message, bool, private_ike_auth_fill_t *this, ike_sa_t *ike_sa, message_t *message, - bool incoming) + bool incoming, bool plain) { - if (!incoming && + if (!incoming && plain && message->get_request(message) == this->req && message->get_message_id(message) == this->id) { diff --git a/src/conftest/hooks/log_id.c b/src/conftest/hooks/log_id.c index ad14cea10..07dd6a44e 100644 --- a/src/conftest/hooks/log_id.c +++ b/src/conftest/hooks/log_id.c @@ -32,9 +32,9 @@ struct private_log_id_t { METHOD(listener_t, message, bool, private_log_id_t *this, ike_sa_t *ike_sa, message_t *message, - bool incoming) + bool incoming, bool plain) { - if (incoming) + if (incoming && plain) { enumerator_t *enumerator; payload_t *payload; diff --git a/src/conftest/hooks/log_ke.c b/src/conftest/hooks/log_ke.c index 231c0a8d8..710482326 100644 --- a/src/conftest/hooks/log_ke.c +++ b/src/conftest/hooks/log_ke.c @@ -32,9 +32,9 @@ struct private_log_ke_t { METHOD(listener_t, message, bool, private_log_ke_t *this, ike_sa_t *ike_sa, message_t *message, - bool incoming) + bool incoming, bool plain) { - if (incoming) + if (incoming && plain) { enumerator_t *enumerator; payload_t *payload; diff --git a/src/conftest/hooks/log_proposals.c b/src/conftest/hooks/log_proposals.c index 8c330ab3d..347b83209 100644 --- a/src/conftest/hooks/log_proposals.c +++ b/src/conftest/hooks/log_proposals.c @@ -32,9 +32,9 @@ struct private_log_proposals_t { METHOD(listener_t, message, bool, private_log_proposals_t *this, ike_sa_t *ike_sa, message_t *message, - bool incoming) + bool incoming, bool plain) { - if (incoming) + if (incoming && plain) { enumerator_t *enumerator, *proposals; payload_t *payload; diff --git a/src/conftest/hooks/log_ts.c b/src/conftest/hooks/log_ts.c index fb7c89a0a..f212efa12 100644 --- a/src/conftest/hooks/log_ts.c +++ b/src/conftest/hooks/log_ts.c @@ -32,9 +32,9 @@ struct private_log_ts_t { METHOD(listener_t, message, bool, private_log_ts_t *this, ike_sa_t *ike_sa, message_t *message, - bool incoming) + bool incoming, bool plain) { - if (incoming) + if (incoming && plain) { enumerator_t *enumerator; payload_t *payload; diff --git a/src/conftest/hooks/pretend_auth.c b/src/conftest/hooks/pretend_auth.c index 3a7bb4f6b..cfc39e3a9 100644 --- a/src/conftest/hooks/pretend_auth.c +++ b/src/conftest/hooks/pretend_auth.c @@ -311,35 +311,38 @@ static void process_auth_response(private_pretend_auth_t *this, METHOD(listener_t, message, bool, private_pretend_auth_t *this, ike_sa_t *ike_sa, message_t *message, - bool incoming) + bool incoming, bool plain) { - if (incoming) + if (plain) { - if (!message->get_request(message)) + if (incoming) { - if (message->get_exchange_type(message) == IKE_SA_INIT) + if (!message->get_request(message)) { - process_init_response(this, ike_sa, message); - } - if (message->get_exchange_type(message) == IKE_AUTH && - message->get_message_id(message) == 1) - { - process_auth_response(this, ike_sa, message); + if (message->get_exchange_type(message) == IKE_SA_INIT) + { + process_init_response(this, ike_sa, message); + } + if (message->get_exchange_type(message) == IKE_AUTH && + message->get_message_id(message) == 1) + { + process_auth_response(this, ike_sa, message); + } } } - } - else - { - if (message->get_request(message)) + else { - if (message->get_exchange_type(message) == IKE_SA_INIT) - { - process_init_request(this, ike_sa, message); - } - if (message->get_exchange_type(message) == IKE_AUTH && - message->get_message_id(message) == 1) + if (message->get_request(message)) { - process_auth_request(this, ike_sa, message); + if (message->get_exchange_type(message) == IKE_SA_INIT) + { + process_init_request(this, ike_sa, message); + } + if (message->get_exchange_type(message) == IKE_AUTH && + message->get_message_id(message) == 1) + { + process_auth_request(this, ike_sa, message); + } } } } diff --git a/src/conftest/hooks/rebuild_auth.c b/src/conftest/hooks/rebuild_auth.c index 1197eb2dc..8ee4e14b1 100644 --- a/src/conftest/hooks/rebuild_auth.c +++ b/src/conftest/hooks/rebuild_auth.c @@ -175,34 +175,37 @@ static bool rebuild_auth(private_rebuild_auth_t *this, ike_sa_t *ike_sa, METHOD(listener_t, message, bool, private_rebuild_auth_t *this, ike_sa_t *ike_sa, message_t *message, - bool incoming) + bool incoming, bool plain) { - if (!incoming && message->get_message_id(message) == 1) + if (plain) { - rebuild_auth(this, ike_sa, message); - } - if (message->get_exchange_type(message) == IKE_SA_INIT) - { - if (incoming) + if (!incoming && message->get_message_id(message) == 1) { - nonce_payload_t *nonce; - - nonce = (nonce_payload_t*)message->get_payload(message, NONCE); - if (nonce) - { - free(this->nonce.ptr); - this->nonce = nonce->get_nonce(nonce); - } + rebuild_auth(this, ike_sa, message); } - else + if (message->get_exchange_type(message) == IKE_SA_INIT) { - packet_t *packet; - - if (message->generate(message, NULL, &packet) == SUCCESS) + if (incoming) + { + nonce_payload_t *nonce; + + nonce = (nonce_payload_t*)message->get_payload(message, NONCE); + if (nonce) + { + free(this->nonce.ptr); + this->nonce = nonce->get_nonce(nonce); + } + } + else { - free(this->ike_init.ptr); - this->ike_init = chunk_clone(packet->get_data(packet)); - packet->destroy(packet); + packet_t *packet; + + if (message->generate(message, NULL, &packet) == SUCCESS) + { + free(this->ike_init.ptr); + this->ike_init = chunk_clone(packet->get_data(packet)); + packet->destroy(packet); + } } } } diff --git a/src/conftest/hooks/set_critical.c b/src/conftest/hooks/set_critical.c index caf2215c3..8ec84e13d 100644 --- a/src/conftest/hooks/set_critical.c +++ b/src/conftest/hooks/set_critical.c @@ -47,9 +47,9 @@ struct private_set_critical_t { METHOD(listener_t, message, bool, private_set_critical_t *this, ike_sa_t *ike_sa, message_t *message, - bool incoming) + bool incoming, bool plain) { - if (!incoming && + if (!incoming && plain && message->get_request(message) == this->req && message->get_message_id(message) == this->id) { diff --git a/src/conftest/hooks/set_ike_initiator.c b/src/conftest/hooks/set_ike_initiator.c index 6ba43eaca..1674f0a2d 100644 --- a/src/conftest/hooks/set_ike_initiator.c +++ b/src/conftest/hooks/set_ike_initiator.c @@ -42,9 +42,9 @@ struct private_set_ike_initiator_t { METHOD(listener_t, message, bool, private_set_ike_initiator_t *this, ike_sa_t *ike_sa, message_t *message, - bool incoming) + bool incoming, bool plain) { - if (!incoming && + if (!incoming && plain && message->get_request(message) == this->req && message->get_message_id(message) == this->id) { diff --git a/src/conftest/hooks/set_ike_request.c b/src/conftest/hooks/set_ike_request.c index baabea66a..fd5b6de61 100644 --- a/src/conftest/hooks/set_ike_request.c +++ b/src/conftest/hooks/set_ike_request.c @@ -42,9 +42,9 @@ struct private_set_ike_request_t { METHOD(listener_t, message, bool, private_set_ike_request_t *this, ike_sa_t *ike_sa, message_t *message, - bool incoming) + bool incoming, bool plain) { - if (!incoming && + if (!incoming && plain && message->get_request(message) == this->req && message->get_message_id(message) == this->id) { diff --git a/src/conftest/hooks/set_ike_spi.c b/src/conftest/hooks/set_ike_spi.c index 14a0da9cd..bda02580d 100644 --- a/src/conftest/hooks/set_ike_spi.c +++ b/src/conftest/hooks/set_ike_spi.c @@ -52,9 +52,9 @@ struct private_set_ike_spi_t { METHOD(listener_t, message, bool, private_set_ike_spi_t *this, ike_sa_t *ike_sa, message_t *message, - bool incoming) + bool incoming, bool plain) { - if (!incoming && + if (!incoming && plain && message->get_request(message) == this->req && message->get_message_id(message) == this->id) { diff --git a/src/conftest/hooks/set_ike_version.c b/src/conftest/hooks/set_ike_version.c index d2de9dc81..ca52879d1 100644 --- a/src/conftest/hooks/set_ike_version.c +++ b/src/conftest/hooks/set_ike_version.c @@ -57,9 +57,9 @@ struct private_set_ike_version_t { METHOD(listener_t, message, bool, private_set_ike_version_t *this, ike_sa_t *ike_sa, message_t *message, - bool incoming) + bool incoming, bool plain) { - if (!incoming && + if (!incoming && plain && message->get_request(message) == this->req && message->get_message_id(message) == this->id) { diff --git a/src/conftest/hooks/set_length.c b/src/conftest/hooks/set_length.c index eb72e72d9..c1a867a99 100644 --- a/src/conftest/hooks/set_length.c +++ b/src/conftest/hooks/set_length.c @@ -50,9 +50,9 @@ struct private_set_length_t { METHOD(listener_t, message, bool, private_set_length_t *this, ike_sa_t *ike_sa, message_t *message, - bool incoming) + bool incoming, bool plain) { - if (!incoming && + if (!incoming && plain && message->get_request(message) == this->req && message->get_message_id(message) == this->id) { diff --git a/src/conftest/hooks/set_proposal_number.c b/src/conftest/hooks/set_proposal_number.c index 839ca1f37..0cc3cfc63 100644 --- a/src/conftest/hooks/set_proposal_number.c +++ b/src/conftest/hooks/set_proposal_number.c @@ -69,9 +69,9 @@ static void copy_proposal_algs(proposal_t *from, proposal_t *to, METHOD(listener_t, message, bool, private_set_proposal_number_t *this, ike_sa_t *ike_sa, message_t *message, - bool incoming) + bool incoming, bool plain) { - if (!incoming && + if (!incoming && plain && message->get_request(message) == this->req && message->get_message_id(message) == this->id) { diff --git a/src/conftest/hooks/set_reserved.c b/src/conftest/hooks/set_reserved.c index 77a605d2a..d1a4a977b 100644 --- a/src/conftest/hooks/set_reserved.c +++ b/src/conftest/hooks/set_reserved.c @@ -163,9 +163,9 @@ static void set_byte(private_set_reserved_t *this, message_t *message, METHOD(listener_t, message, bool, private_set_reserved_t *this, ike_sa_t *ike_sa, message_t *message, - bool incoming) + bool incoming, bool plain) { - if (!incoming && + if (!incoming && plain && message->get_request(message) == this->req && message->get_message_id(message) == this->id) { diff --git a/src/conftest/hooks/unsort_message.c b/src/conftest/hooks/unsort_message.c index b37b261a4..1b2b302af 100644 --- a/src/conftest/hooks/unsort_message.c +++ b/src/conftest/hooks/unsort_message.c @@ -45,9 +45,9 @@ struct private_unsort_message_t { METHOD(listener_t, message, bool, private_unsort_message_t *this, ike_sa_t *ike_sa, message_t *message, - bool incoming) + bool incoming, bool plain) { - if (!incoming && + if (!incoming && plain && message->get_request(message) == this->req && message->get_message_id(message) == this->id) { -- cgit v1.2.3 From 5aef6bd0f35ef690e2d2fb84155c77783bfd2bc7 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Mon, 23 Jan 2012 12:25:38 +0100 Subject: Accept NULL auth_cfg_t passed to credential_manager_t.get_private() --- src/conftest/hooks/rebuild_auth.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'src/conftest/hooks') diff --git a/src/conftest/hooks/rebuild_auth.c b/src/conftest/hooks/rebuild_auth.c index 8ee4e14b1..eb95833e8 100644 --- a/src/conftest/hooks/rebuild_auth.c +++ b/src/conftest/hooks/rebuild_auth.c @@ -58,7 +58,6 @@ static bool rebuild_auth(private_rebuild_auth_t *this, ike_sa_t *ike_sa, enumerator_t *enumerator; chunk_t octets, auth_data; private_key_t *private; - auth_cfg_t *auth; payload_t *payload; auth_payload_t *auth_payload; auth_method_t auth_method; @@ -91,10 +90,8 @@ static bool rebuild_auth(private_rebuild_auth_t *this, ike_sa_t *ike_sa, id = identification_create_from_encoding(data.ptr[4], chunk_skip(data, 8)); generator->destroy(generator); - auth = auth_cfg_create(); private = lib->credmgr->get_private(lib->credmgr, KEY_ANY, - this->id ?: id, auth); - auth->destroy(auth); + this->id ?: id, NULL); if (private == NULL) { DBG1(DBG_CFG, "no private key found for '%Y' to rebuild AUTH", -- cgit v1.2.3