From 526b5afb4510163372f7981e57d69fad3ea53906 Mon Sep 17 00:00:00 2001
From: Martin Willi <martin@revosec.ch>
Date: Tue, 15 Nov 2011 13:53:56 +0100
Subject: Extended IKE header for IKEv1 support

---
 src/libcharon/encoding/payloads/ike_header.c | 169 +++++++++++++++++++++------
 1 file changed, 134 insertions(+), 35 deletions(-)

(limited to 'src/libcharon/encoding/payloads/ike_header.c')

diff --git a/src/libcharon/encoding/payloads/ike_header.c b/src/libcharon/encoding/payloads/ike_header.c
index 24d22f3a1..556e42258 100644
--- a/src/libcharon/encoding/payloads/ike_header.c
+++ b/src/libcharon/encoding/payloads/ike_header.c
@@ -81,12 +81,27 @@ struct private_ike_header_t {
 		 * TRUE, if this is a response, FALSE if its a Request.
 		 */
 		bool response;
+
+		/**
+		 * TRUE, if the packet is encrypted (IKEv1).
+		 */
+		bool encryption;
+
+		/**
+		 * TRUE, if the commit flag is set (IKEv1).
+		 */
+		bool commit;
+
+		/**
+		 * TRUE, if the auth only flag is set (IKEv1).
+		 */
+		bool authonly;
 	} flags;
 
 	/**
 	 * Reserved bits of IKE header
 	 */
-	bool reserved[5];
+	bool reserved[2];
 
 	/**
 	 * Associated Message-ID.
@@ -99,9 +114,14 @@ struct private_ike_header_t {
 	u_int32_t length;
 };
 
-ENUM_BEGIN(exchange_type_names, EXCHANGE_TYPE_UNDEFINED, EXCHANGE_TYPE_UNDEFINED,
-	"EXCHANGE_TYPE_UNDEFINED");
-ENUM_NEXT(exchange_type_names, IKE_SA_INIT, IKE_SESSION_RESUME, EXCHANGE_TYPE_UNDEFINED,
+ENUM_BEGIN(exchange_type_names, ID_PROT, INFORMATIONAL_V1,
+	"ID_PROT",
+	"AUTH_ONLY",
+	"AGGRESSIVE",
+	"INFORMATIONAL_V1");
+ENUM_NEXT(exchange_type_names, QUICK_MODE, IKE_SESSION_RESUME, INFORMATIONAL_V1,
+	"QUICK_MODE",
+	"NEW_GROUP_MODE",
 	"IKE_SA_INIT",
 	"IKE_AUTH",
 	"CREATE_CHILD_SA",
@@ -110,13 +130,18 @@ ENUM_NEXT(exchange_type_names, IKE_SA_INIT, IKE_SESSION_RESUME, EXCHANGE_TYPE_UN
 #ifdef ME
 ENUM_NEXT(exchange_type_names, ME_CONNECT, ME_CONNECT, IKE_SESSION_RESUME,
 	"ME_CONNECT");
-ENUM_END(exchange_type_names, ME_CONNECT);
+ENUM_NEXT(exchange_type_names, EXCHANGE_TYPE_UNDEFINED,
+							   EXCHANGE_TYPE_UNDEFINED, ME_CONNECT,
+	"EXCHANGE_TYPE_UNDEFINED");
 #else
-ENUM_END(exchange_type_names, IKE_SESSION_RESUME);
+ENUM_NEXT(exchange_type_names, EXCHANGE_TYPE_UNDEFINED,
+							   EXCHANGE_TYPE_UNDEFINED, IKE_SESSION_RESUME,
+	"EXCHANGE_TYPE_UNDEFINED");
 #endif /* ME */
+ENUM_END(exchange_type_names, EXCHANGE_TYPE_UNDEFINED);
 
 /**
- * Encoding rules to parse or generate a IKEv2-Header.
+ * Encoding rules to parse or generate a IKE-Header.
  *
  * The defined offsets are the positions in a object of type
  * ike_header_t.
@@ -137,21 +162,19 @@ encoding_rule_t ike_header_encodings[] = {
 	/* 2 Bit reserved bits */
 	{ RESERVED_BIT,	offsetof(private_ike_header_t, reserved[0])		},
 	{ RESERVED_BIT,	offsetof(private_ike_header_t, reserved[1])		},
-	/* 3 Bit flags, stored in the fields response, version and initiator */
+	/* 6 flags  */
 	{ FLAG,			offsetof(private_ike_header_t, flags.response)	},
 	{ FLAG,			offsetof(private_ike_header_t, flags.version)	},
 	{ FLAG,			offsetof(private_ike_header_t, flags.initiator)	},
-	/* 3 Bit reserved bits */
-	{ RESERVED_BIT,	offsetof(private_ike_header_t, reserved[2])		},
-	{ RESERVED_BIT,	offsetof(private_ike_header_t, reserved[3])		},
-	{ RESERVED_BIT,	offsetof(private_ike_header_t, reserved[4])		},
+	{ FLAG,			offsetof(private_ike_header_t, flags.authonly)	},
+	{ FLAG,			offsetof(private_ike_header_t, flags.commit)	},
+	{ FLAG,			offsetof(private_ike_header_t, flags.encryption)},
 	/* 4 Byte message id, stored in the field message_id */
 	{ U_INT_32,		offsetof(private_ike_header_t, message_id)		},
 	/* 4 Byte length fied, stored in the field length */
 	{ HEADER_LENGTH,offsetof(private_ike_header_t, length)			},
 };
 
-
 /*                           1                   2                   3
        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
@@ -172,26 +195,51 @@ encoding_rule_t ike_header_encodings[] = {
 METHOD(payload_t, verify, status_t,
 	private_ike_header_t *this)
 {
-	if ((this->exchange_type < IKE_SA_INIT) ||
-		((this->exchange_type > INFORMATIONAL)
+	switch (this->exchange_type)
+	{
+		case ID_PROT:
+		case AGGRESSIVE:
+			if (this->message_id != 0)
+			{
+				return FAILED;
+			}
+			/* fall */
+		case AUTH_ONLY:
+		case INFORMATIONAL_V1:
+		case QUICK_MODE:
+		case NEW_GROUP_MODE:
+			if (this->maj_version != IKEV1_MAJOR_VERSION)
+			{
+				return FAILED;
+			}
+			break;
+		case IKE_SA_INIT:
+		case IKE_AUTH:
+		case CREATE_CHILD_SA:
+		case INFORMATIONAL:
+		case IKE_SESSION_RESUME:
 #ifdef ME
-			&& (this->exchange_type != ME_CONNECT)
+		case ME_CONNECT:
 #endif /* ME */
-		))
-	{
-		/* unsupported exchange type */
-		return FAILED;
+			if (this->maj_version != IKEV2_MAJOR_VERSION)
+			{
+				return FAILED;
+			}
+			break;
+		default:
+			/* unsupported exchange type */
+			return FAILED;
 	}
-	if (this->initiator_spi == 0
+	if (this->initiator_spi == 0)
+	{
 #ifdef ME
-		/* we allow zero spi for INFORMATIONAL exchanges,
-		 * to allow connectivity checks */
-		&& this->exchange_type != INFORMATIONAL
+		if (this->exchange_type != INFORMATIONAL)
+			/* we allow zero spi for INFORMATIONAL exchanges,
+			 * to allow connectivity checks */
 #endif /* ME */
-		)
-	{
-		/* initiator spi not set */
-		return FAILED;
+		{
+			return FAILED;
+		}
 	}
 	return SUCCESS;
 }
@@ -311,6 +359,43 @@ METHOD(ike_header_t, set_initiator_flag, void,
 	this->flags.initiator = initiator;
 }
 
+METHOD(ike_header_t, get_encryption_flag, bool,
+	private_ike_header_t *this)
+{
+	return this->flags.encryption;
+}
+
+METHOD(ike_header_t, set_encryption_flag, void,
+	private_ike_header_t *this, bool encryption)
+{
+	this->flags.encryption = encryption;
+}
+
+
+METHOD(ike_header_t, get_commit_flag, bool,
+	private_ike_header_t *this)
+{
+	return this->flags.commit;
+}
+
+METHOD(ike_header_t, set_commit_flag, void,
+	private_ike_header_t *this, bool commit)
+{
+	this->flags.commit = commit;
+}
+
+METHOD(ike_header_t, get_authonly_flag, bool,
+	private_ike_header_t *this)
+{
+	return this->flags.authonly;
+}
+
+METHOD(ike_header_t, set_authonly_flag, void,
+	private_ike_header_t *this, bool authonly)
+{
+	this->flags.authonly = authonly;
+}
+
 METHOD(ike_header_t, get_exchange_type, u_int8_t,
 	private_ike_header_t *this)
 {
@@ -373,21 +458,35 @@ ike_header_t *ike_header_create()
 			.set_version_flag = _set_version_flag,
 			.get_initiator_flag = _get_initiator_flag,
 			.set_initiator_flag = _set_initiator_flag,
+			.get_encryption_flag = _get_encryption_flag,
+			.set_encryption_flag = _set_encryption_flag,
+			.get_commit_flag = _get_commit_flag,
+			.set_commit_flag = _set_commit_flag,
+			.get_authonly_flag = _get_authonly_flag,
+			.set_authonly_flag = _set_authonly_flag,
 			.get_exchange_type = _get_exchange_type,
 			.set_exchange_type = _set_exchange_type,
 			.get_message_id = _get_message_id,
 			.set_message_id = _set_message_id,
 			.destroy = _destroy,
 		},
-		.maj_version = IKE_MAJOR_VERSION,
-		.min_version = IKE_MINOR_VERSION,
-		.exchange_type = EXCHANGE_TYPE_UNDEFINED,
-		.flags = {
-			.initiator = TRUE,
-			.version = HIGHER_VERSION_SUPPORTED_FLAG,
-		},
 		.length = IKE_HEADER_LENGTH,
+		.exchange_type = EXCHANGE_TYPE_UNDEFINED,
 	);
 
 	return &this->public;
 }
+
+/*
+ * Described in header.
+ */
+ike_header_t *ike_header_create_version(int major, int minor)
+{
+	ike_header_t *this = ike_header_create();
+
+	this->set_maj_version(this, major);
+	this->set_min_version(this, minor);
+	this->set_initiator_flag(this, TRUE);
+
+	return this;
+}
-- 
cgit v1.2.3


From da8cadbd93e93f746daba2698156a9744861537c Mon Sep 17 00:00:00 2001
From: Martin Willi <martin@revosec.ch>
Date: Wed, 16 Nov 2011 15:09:02 +0000
Subject: Set default IKE header initiator flag in IKEv2 only

---
 src/libcharon/encoding/payloads/ike_header.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'src/libcharon/encoding/payloads/ike_header.c')

diff --git a/src/libcharon/encoding/payloads/ike_header.c b/src/libcharon/encoding/payloads/ike_header.c
index 556e42258..8f379442b 100644
--- a/src/libcharon/encoding/payloads/ike_header.c
+++ b/src/libcharon/encoding/payloads/ike_header.c
@@ -486,7 +486,10 @@ ike_header_t *ike_header_create_version(int major, int minor)
 
 	this->set_maj_version(this, major);
 	this->set_min_version(this, minor);
-	this->set_initiator_flag(this, TRUE);
-
+	if (major == IKEV2_MAJOR_VERSION)
+	{
+		this->set_initiator_flag(this, TRUE);
+	}
 	return this;
 }
+
-- 
cgit v1.2.3


From e9b55b832546d05f464bdddbe779ed21cd17b624 Mon Sep 17 00:00:00 2001
From: Martin Willi <martin@revosec.ch>
Date: Thu, 17 Nov 2011 11:27:55 +0100
Subject: Simplify signature of get_encoding_rules(), make all rules static

---
 src/libcharon/encoding/payloads/ike_header.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'src/libcharon/encoding/payloads/ike_header.c')

diff --git a/src/libcharon/encoding/payloads/ike_header.c b/src/libcharon/encoding/payloads/ike_header.c
index 8f379442b..97c6d8c26 100644
--- a/src/libcharon/encoding/payloads/ike_header.c
+++ b/src/libcharon/encoding/payloads/ike_header.c
@@ -146,7 +146,7 @@ ENUM_END(exchange_type_names, EXCHANGE_TYPE_UNDEFINED);
  * The defined offsets are the positions in a object of type
  * ike_header_t.
  */
-encoding_rule_t ike_header_encodings[] = {
+static encoding_rule_t encodings[] = {
 	/* 8 Byte SPI, stored in the field initiator_spi */
 	{ IKE_SPI,		offsetof(private_ike_header_t, initiator_spi)	},
 	/* 8 Byte SPI, stored in the field responder_spi */
@@ -244,11 +244,11 @@ METHOD(payload_t, verify, status_t,
 	return SUCCESS;
 }
 
-METHOD(payload_t, get_encoding_rules, void,
-	private_ike_header_t *this, encoding_rule_t **rules, size_t *rule_count)
+METHOD(payload_t, get_encoding_rules, int,
+	private_ike_header_t *this, encoding_rule_t **rules)
 {
-	*rules = ike_header_encodings;
-	*rule_count = sizeof(ike_header_encodings) / sizeof(encoding_rule_t);
+	*rules = encodings;
+	return countof(encodings);
 }
 
 METHOD(payload_t, get_type, payload_type_t,
-- 
cgit v1.2.3


From 38fb67fbf18489f40845b072e4ed50b1f6cf0c9c Mon Sep 17 00:00:00 2001
From: Martin Willi <martin@revosec.ch>
Date: Thu, 17 Nov 2011 11:27:46 +0000
Subject: Add a payload.get_header_length() method, remove header length
 definitions

---
 src/libcharon/encoding/payloads/ike_header.c | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'src/libcharon/encoding/payloads/ike_header.c')

diff --git a/src/libcharon/encoding/payloads/ike_header.c b/src/libcharon/encoding/payloads/ike_header.c
index 97c6d8c26..54e04658c 100644
--- a/src/libcharon/encoding/payloads/ike_header.c
+++ b/src/libcharon/encoding/payloads/ike_header.c
@@ -251,6 +251,12 @@ METHOD(payload_t, get_encoding_rules, int,
 	return countof(encodings);
 }
 
+METHOD(payload_t, get_header_length, int,
+	private_ike_header_t *this)
+{
+	return IKE_HEADER_LENGTH;
+}
+
 METHOD(payload_t, get_type, payload_type_t,
 	private_ike_header_t *this)
 {
@@ -438,6 +444,7 @@ ike_header_t *ike_header_create()
 			.payload_interface = {
 				.verify = _verify,
 				.get_encoding_rules = _get_encoding_rules,
+				.get_header_length = _get_header_length,
 				.get_length = _get_length,
 				.get_next_type = _get_next_type,
 				.set_next_type = _set_next_type,
-- 
cgit v1.2.3


From 54a8a94fa9009437e4c4d7df52d881fc1203c2ac Mon Sep 17 00:00:00 2001
From: Clavister OpenSource <opensource@clavister.com>
Date: Wed, 23 Nov 2011 08:29:54 +0100
Subject: IKEv1 ConfigMode: Added TRANSACTION exchange type.  Added
 attribute_payload (IKEv2 equiv cp_payload) and data_attribute (IKEv2 equiv
 configuration_attribute) payload types.  Did not combine with IKEv2 because
 it wasn't trivial to do so.  This might be a task worth investigating in the
 future, because there is a decent amount of shared code here.

---
 src/libcharon/encoding/payloads/ike_header.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

(limited to 'src/libcharon/encoding/payloads/ike_header.c')

diff --git a/src/libcharon/encoding/payloads/ike_header.c b/src/libcharon/encoding/payloads/ike_header.c
index 54e04658c..58b624192 100644
--- a/src/libcharon/encoding/payloads/ike_header.c
+++ b/src/libcharon/encoding/payloads/ike_header.c
@@ -114,12 +114,13 @@ struct private_ike_header_t {
 	u_int32_t length;
 };
 
-ENUM_BEGIN(exchange_type_names, ID_PROT, INFORMATIONAL_V1,
+ENUM_BEGIN(exchange_type_names, ID_PROT, TRANSACTION,
 	"ID_PROT",
 	"AUTH_ONLY",
 	"AGGRESSIVE",
-	"INFORMATIONAL_V1");
-ENUM_NEXT(exchange_type_names, QUICK_MODE, IKE_SESSION_RESUME, INFORMATIONAL_V1,
+	"INFORMATIONAL_V1",
+	"TRANSACTION");
+ENUM_NEXT(exchange_type_names, QUICK_MODE, IKE_SESSION_RESUME, TRANSACTION,
 	"QUICK_MODE",
 	"NEW_GROUP_MODE",
 	"IKE_SA_INIT",
@@ -172,10 +173,10 @@ static encoding_rule_t encodings[] = {
 	/* 4 Byte message id, stored in the field message_id */
 	{ U_INT_32,		offsetof(private_ike_header_t, message_id)		},
 	/* 4 Byte length fied, stored in the field length */
-	{ HEADER_LENGTH,offsetof(private_ike_header_t, length)			},
+	{ HEADER_LENGTH,	offsetof(private_ike_header_t, length)			}
 };
 
-/*                           1                   2                   3
+/*                         1                   2                   3
        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       !                       IKE_SA Initiator's SPI                  !
@@ -206,6 +207,7 @@ METHOD(payload_t, verify, status_t,
 			/* fall */
 		case AUTH_ONLY:
 		case INFORMATIONAL_V1:
+		case TRANSACTION:
 		case QUICK_MODE:
 		case NEW_GROUP_MODE:
 			if (this->maj_version != IKEV1_MAJOR_VERSION)
-- 
cgit v1.2.3