From e33b41e7b04440e93096786f304ce9b4a88c7cba Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Tue, 15 Nov 2011 14:47:20 +0100 Subject: Added IKEv1 payload identifiers --- src/libcharon/encoding/payloads/payload.h | 69 ++++++++++++++++++++++++++++++- 1 file changed, 67 insertions(+), 2 deletions(-) (limited to 'src/libcharon/encoding/payloads/payload.h') diff --git a/src/libcharon/encoding/payloads/payload.h b/src/libcharon/encoding/payloads/payload.h index ad3023fe6..021383a1d 100644 --- a/src/libcharon/encoding/payloads/payload.h +++ b/src/libcharon/encoding/payloads/payload.h @@ -31,18 +31,83 @@ typedef struct payload_t payload_t; /** - * Payload-Types of a IKEv2-Message. + * Payload-Types of an IKE message. * * Header and substructures are also defined as * payload types with values from PRIVATE USE space. */ -enum payload_type_t{ +enum payload_type_t { /** * End of payload list in next_payload */ NO_PAYLOAD = 0, + /** + * The security association (SA) payload containing proposals. + */ + SECURITY_ASSOCIATION_V1 = 1, + + /** + * The proposal payload, containing transforms. + */ + PROPOSAL_V1 = 2, + + /** + * The transform payload. + */ + TRANSFORM_V1 = 3, + + /** + * The key exchange (KE) payload containing diffie-hellman values. + */ + KEY_EXCHANGE_V1 = 4, + + /** + * ID payload. + */ + ID_V1 = 5, + + /** + * Certificate payload with certificates (CERT). + */ + CERTIFICATE_V1 = 6, + + /** + * Certificate request payload. + */ + CERTIFICATE_REQUEST_V1 = 7, + + /** + * Hash payload. + */ + HASH_V1 = 8, + + /** + * Signature payload + */ + SIGNATURE_V1 = 9, + + /** + * Nonce payload. + */ + NONCE_V1 = 10, + + /** + * Notification payload. + */ + NOTIFICATION_V1 = 11, + + /** + * Delete payload. + */ + DELETE_V1 = 12, + + /** + * Vendor id payload. + */ + VENDOR_ID_V1 = 13, + /** * The security association (SA) payload containing proposals. */ -- cgit v1.2.3 From b0b9d185931e7f88f0f7c89e9ef4e6034ac38dd3 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Wed, 16 Nov 2011 09:29:38 +0100 Subject: Extend sa_payload for IKEv1 support --- src/libcharon/encoding/payloads/payload.h | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'src/libcharon/encoding/payloads/payload.h') diff --git a/src/libcharon/encoding/payloads/payload.h b/src/libcharon/encoding/payloads/payload.h index 021383a1d..ff1ae73a3 100644 --- a/src/libcharon/encoding/payloads/payload.h +++ b/src/libcharon/encoding/payloads/payload.h @@ -29,6 +29,10 @@ typedef struct payload_t payload_t; #include #include +/** + * Domain of interpretation used by IPsec/IKEv1 + */ +#define IKEV1_DOI_IPSEC 1 /** * Payload-Types of an IKE message. @@ -243,6 +247,14 @@ enum payload_type_t { * used internally to handle a transform attribute like a payload. */ CONFIGURATION_ATTRIBUTE = 261, + + /** + * PROPOSAL_SUBSTRUCTURE has a value of PRIVATE USE space. + * + * This payload type is not sent over wire and just + * used internally to handle a proposal substructure like a payload. + */ + PROPOSAL_SUBSTRUCTURE_V1 = 262, }; /** -- cgit v1.2.3 From 3f6d1b13a7d53bf465c65687e18425d14a143af8 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Wed, 16 Nov 2011 12:40:09 +0000 Subject: Added additional IKEv1 payload and encoding identifiers --- src/libcharon/encoding/payloads/payload.h | 56 +++++++++++++------------------ 1 file changed, 24 insertions(+), 32 deletions(-) (limited to 'src/libcharon/encoding/payloads/payload.h') diff --git a/src/libcharon/encoding/payloads/payload.h b/src/libcharon/encoding/payloads/payload.h index ff1ae73a3..5e0b7dd38 100644 --- a/src/libcharon/encoding/payloads/payload.h +++ b/src/libcharon/encoding/payloads/payload.h @@ -203,58 +203,50 @@ enum payload_type_t { /** * Header has a value of PRIVATE USE space. * - * This payload type is not sent over wire and just - * used internally to handle IKEv2-Header like a payload. + * This type and all the following are never sent over wire and are + * used internally only. */ HEADER = 256, /** - * PROPOSAL_SUBSTRUCTURE has a value of PRIVATE USE space. - * - * This payload type is not sent over wire and just - * used internally to handle a proposal substructure like a payload. + * PROPOSAL_SUBSTRUCTURE, IKEv2 proposals in a SA payload. */ - PROPOSAL_SUBSTRUCTURE = 257, + PROPOSAL_SUBSTRUCTURE, /** - * TRANSFORM_SUBSTRUCTURE has a value of PRIVATE USE space. - * - * This payload type is not sent over wire and just - * used internally to handle a transform substructure like a payload. + * PROPOSAL_SUBSTRUCTURE_V1, IKEv1 proposals in a SA payload. */ - TRANSFORM_SUBSTRUCTURE = 258, + PROPOSAL_SUBSTRUCTURE_V1, /** - * TRANSFORM_ATTRIBUTE has a value of PRIVATE USE space. - * - * This payload type is not sent over wire and just - * used internally to handle a transform attribute like a payload. + * TRANSFORM_SUBSTRUCTURE, IKEv2 transforms in a proposal substructure. */ - TRANSFORM_ATTRIBUTE = 259, + TRANSFORM_SUBSTRUCTURE, /** - * TRAFFIC_SELECTOR_SUBSTRUCTURE has a value of PRIVATE USE space. - * - * This payload type is not sent over wire and just - * used internally to handle a transform selector like a payload. + * TRANSFORM_SUBSTRUCTURE_V1, IKEv1 transforms in a proposal substructure. */ - TRAFFIC_SELECTOR_SUBSTRUCTURE = 260, + TRANSFORM_SUBSTRUCTURE_V1, /** - * CONFIGURATION_ATTRIBUTE has a value of PRIVATE USE space. - * - * This payload type is not sent over wire and just - * used internally to handle a transform attribute like a payload. + * TRANSFORM_ATTRIBUTE, IKEv2 attribute in a transform. */ - CONFIGURATION_ATTRIBUTE = 261, + TRANSFORM_ATTRIBUTE, /** - * PROPOSAL_SUBSTRUCTURE has a value of PRIVATE USE space. - * - * This payload type is not sent over wire and just - * used internally to handle a proposal substructure like a payload. + * TRANSFORM_ATTRIBUTE_V1, IKEv1 attribute in a transform. + */ + TRANSFORM_ATTRIBUTE_V1, + + /** + * TRAFFIC_SELECTOR_SUBSTRUCTURE, traffic selector in a TS payload. + */ + TRAFFIC_SELECTOR_SUBSTRUCTURE, + + /** + * CONFIGURATION_ATTRIBUTE, attribute in a configuration payload. */ - PROPOSAL_SUBSTRUCTURE_V1 = 262, + CONFIGURATION_ATTRIBUTE, }; /** -- cgit v1.2.3 From e9b55b832546d05f464bdddbe779ed21cd17b624 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 17 Nov 2011 11:27:55 +0100 Subject: Simplify signature of get_encoding_rules(), make all rules static --- src/libcharon/encoding/payloads/payload.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'src/libcharon/encoding/payloads/payload.h') diff --git a/src/libcharon/encoding/payloads/payload.h b/src/libcharon/encoding/payloads/payload.h index 5e0b7dd38..963c5f090 100644 --- a/src/libcharon/encoding/payloads/payload.h +++ b/src/libcharon/encoding/payloads/payload.h @@ -271,10 +271,10 @@ struct payload_t { /** * Get encoding rules for this payload. * - * @param rules location to store pointer of first rule - * @param rule_count location to store number of rules + * @param rules location to store pointer to rules + * @return number of rules */ - void (*get_encoding_rules) (payload_t *this, encoding_rule_t **rules, size_t *rule_count); + int (*get_encoding_rules) (payload_t *this, encoding_rule_t **rules); /** * Get type of payload. -- cgit v1.2.3 From 38fb67fbf18489f40845b072e4ed50b1f6cf0c9c Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 17 Nov 2011 11:27:46 +0000 Subject: Add a payload.get_header_length() method, remove header length definitions --- src/libcharon/encoding/payloads/payload.h | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'src/libcharon/encoding/payloads/payload.h') diff --git a/src/libcharon/encoding/payloads/payload.h b/src/libcharon/encoding/payloads/payload.h index 963c5f090..0060e3730 100644 --- a/src/libcharon/encoding/payloads/payload.h +++ b/src/libcharon/encoding/payloads/payload.h @@ -276,6 +276,13 @@ struct payload_t { */ int (*get_encoding_rules) (payload_t *this, encoding_rule_t **rules); + /** + * Get non-variable header length for a variable length payload. + * + * @return fixed length of the payload + */ + int (*get_header_length)(payload_t *this); + /** * Get type of payload. * -- cgit v1.2.3 From 04ee2b7fed91b4430ba4870a2f1b98ee3e228f50 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 17 Nov 2011 18:01:41 +0100 Subject: Added IKEv1 support to notify payload --- src/libcharon/encoding/payloads/payload.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/libcharon/encoding/payloads/payload.h') diff --git a/src/libcharon/encoding/payloads/payload.h b/src/libcharon/encoding/payloads/payload.h index 0060e3730..84871cfb6 100644 --- a/src/libcharon/encoding/payloads/payload.h +++ b/src/libcharon/encoding/payloads/payload.h @@ -100,7 +100,7 @@ enum payload_type_t { /** * Notification payload. */ - NOTIFICATION_V1 = 11, + NOTIFY_V1 = 11, /** * Delete payload. -- cgit v1.2.3 From 6f5f8ee4b59484e15cc1cba356cfe37b6c4a9c23 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Mon, 21 Nov 2011 11:53:23 +0100 Subject: Use modified encryption payload to encrypt/decrypt complete IKEv1 messages. --- src/libcharon/encoding/payloads/payload.h | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) (limited to 'src/libcharon/encoding/payloads/payload.h') diff --git a/src/libcharon/encoding/payloads/payload.h b/src/libcharon/encoding/payloads/payload.h index 84871cfb6..e4ed76abf 100644 --- a/src/libcharon/encoding/payloads/payload.h +++ b/src/libcharon/encoding/payloads/payload.h @@ -247,6 +247,11 @@ enum payload_type_t { * CONFIGURATION_ATTRIBUTE, attribute in a configuration payload. */ CONFIGURATION_ATTRIBUTE, + + /** + * This is not really a payload, but rather the complete IKEv1 message. + */ + ENCRYPTED_V1, }; /** @@ -286,35 +291,35 @@ struct payload_t { /** * Get type of payload. * - * @return type of this payload + * @return type of this payload */ payload_type_t (*get_type) (payload_t *this); /** * Get type of next payload or NO_PAYLOAD (0) if this is the last one. * - * @return type of next payload + * @return type of next payload */ payload_type_t (*get_next_type) (payload_t *this); /** * Set type of next payload. * - * @param type type of next payload + * @param type type of next payload */ void (*set_next_type) (payload_t *this,payload_type_t type); /** * Get length of payload. * - * @return length of this payload + * @return length of this payload */ size_t (*get_length) (payload_t *this); /** * Verifies payload structure and makes consistence check. * - * @return SUCCESS, FAILED if consistence not given + * @return SUCCESS, FAILED if consistence not given */ status_t (*verify) (payload_t *this); -- cgit v1.2.3 From 54a8a94fa9009437e4c4d7df52d881fc1203c2ac Mon Sep 17 00:00:00 2001 From: Clavister OpenSource Date: Wed, 23 Nov 2011 08:29:54 +0100 Subject: IKEv1 ConfigMode: Added TRANSACTION exchange type. Added attribute_payload (IKEv2 equiv cp_payload) and data_attribute (IKEv2 equiv configuration_attribute) payload types. Did not combine with IKEv2 because it wasn't trivial to do so. This might be a task worth investigating in the future, because there is a decent amount of shared code here. --- src/libcharon/encoding/payloads/payload.h | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'src/libcharon/encoding/payloads/payload.h') diff --git a/src/libcharon/encoding/payloads/payload.h b/src/libcharon/encoding/payloads/payload.h index e4ed76abf..f55099fe7 100644 --- a/src/libcharon/encoding/payloads/payload.h +++ b/src/libcharon/encoding/payloads/payload.h @@ -112,6 +112,11 @@ enum payload_type_t { */ VENDOR_ID_V1 = 13, + /** + * Attribute payload (ISAKMP Cfg Mode "draft-ietf-ipsec-isakmp-mode-cfg-05") + */ + ATTRIBUTE_V1 = 14, + /** * The security association (SA) payload containing proposals. */ @@ -252,6 +257,12 @@ enum payload_type_t { * This is not really a payload, but rather the complete IKEv1 message. */ ENCRYPTED_V1, + + /** + * DATA_ATTRIBUTE, attribute in an ATTRIBUTE payload. + */ + DATA_ATTRIBUTE_V1, + }; /** -- cgit v1.2.3 From 017d98bf39e3824829cf17be1723b460a2ddeb4e Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Wed, 23 Nov 2011 11:26:04 +0100 Subject: Merged IKEv1 attribute payload/data into configuration payload/attribute --- src/libcharon/encoding/payloads/payload.h | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) (limited to 'src/libcharon/encoding/payloads/payload.h') diff --git a/src/libcharon/encoding/payloads/payload.h b/src/libcharon/encoding/payloads/payload.h index f55099fe7..6209b0822 100644 --- a/src/libcharon/encoding/payloads/payload.h +++ b/src/libcharon/encoding/payloads/payload.h @@ -113,9 +113,9 @@ enum payload_type_t { VENDOR_ID_V1 = 13, /** - * Attribute payload (ISAKMP Cfg Mode "draft-ietf-ipsec-isakmp-mode-cfg-05") + * Attribute payload (ISAKMP Mode Config, aka configuration payload. */ - ATTRIBUTE_V1 = 14, + CONFIGURATION_V1 = 14, /** * The security association (SA) payload containing proposals. @@ -249,20 +249,19 @@ enum payload_type_t { TRAFFIC_SELECTOR_SUBSTRUCTURE, /** - * CONFIGURATION_ATTRIBUTE, attribute in a configuration payload. + * CONFIGURATION_ATTRIBUTE, IKEv2 attribute in a configuration payload. */ CONFIGURATION_ATTRIBUTE, /** - * This is not really a payload, but rather the complete IKEv1 message. + * CONFIGURATION_ATTRIBUTE_V1, IKEv1 attribute in a configuration payload. */ - ENCRYPTED_V1, + CONFIGURATION_ATTRIBUTE_V1, /** - * DATA_ATTRIBUTE, attribute in an ATTRIBUTE payload. + * This is not really a payload, but rather the complete IKEv1 message. */ - DATA_ATTRIBUTE_V1, - + ENCRYPTED_V1, }; /** -- cgit v1.2.3 From 1e97783c993caec7f7556d6be5b7168701c31062 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Tue, 29 Nov 2011 11:14:25 +0100 Subject: Added payloads for IKEv1 NAT-Traversal negotiation. --- src/libcharon/encoding/payloads/payload.h | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'src/libcharon/encoding/payloads/payload.h') diff --git a/src/libcharon/encoding/payloads/payload.h b/src/libcharon/encoding/payloads/payload.h index 6209b0822..ed839fc07 100644 --- a/src/libcharon/encoding/payloads/payload.h +++ b/src/libcharon/encoding/payloads/payload.h @@ -117,6 +117,16 @@ enum payload_type_t { */ CONFIGURATION_V1 = 14, + /** + * NAT discovery payload (NAT-D). + */ + NAT_D_V1 = 20, + + /** + * NAT original address payload (NAT-OA) + */ + NAT_OA_V1 = 21, + /** * The security association (SA) payload containing proposals. */ -- cgit v1.2.3