From 1bf2971ff2d63f1f1c4d59d1091b8a1b11b0ef62 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Wed, 16 Nov 2011 13:46:54 +0100 Subject: Implemented limited payload parsing for IKEv1 SA payloads --- .../encoding/payloads/transform_attribute.c | 89 +++++++++++++++------- 1 file changed, 63 insertions(+), 26 deletions(-) (limited to 'src/libcharon/encoding/payloads/transform_attribute.c') diff --git a/src/libcharon/encoding/payloads/transform_attribute.c b/src/libcharon/encoding/payloads/transform_attribute.c index 7d21258b1..e928dcddb 100644 --- a/src/libcharon/encoding/payloads/transform_attribute.c +++ b/src/libcharon/encoding/payloads/transform_attribute.c @@ -23,6 +23,44 @@ #include #include +ENUM(tattr_ph1_names, TATTR_PH1_ENCRYPTION_ALGORITHM, TATTR_PH1_GROUP_ORDER, + "ENCRYPTION_ALGORITHM", + "HASH_ALGORITHM", + "AUTH_METHOD", + "GROUP", + "GROUP_TYPE", + "GROUP_PRIME", + "GROUP_GENONE", + "GROUP_GENTWO", + "GROUP_CURVE_A", + "GROUP_CURVE_B", + "LIFE_TYPE", + "LIFE_DURATION", + "PRF", + "KEY_LENGTH", + "FIELD_SIZE", + "GROUP_ORDER", +); + +ENUM(tattr_ph2_names, TATTR_PH2_SA_LIFE_TYPE, TATTR_PH2_EXT_SEQ_NUMBER, + "SA_LIFE_TYPE", + "SA_LIFE_DURATION", + "GROUP", + "ENCAP_MODE", + "AUTH_ALGORITHM", + "KEY_LENGTH", + "KEY_ROUNDS", + "COMP_DICT_SIZE", + "COMP_PRIV_ALGORITHM", + "ECN_TUNNEL", + "EXT_SEQ_NUMBER", +); + +ENUM(tattr_ikev2_names, TATTR_IKEV2_KEY_LENGTH, TATTR_IKEV2_KEY_LENGTH, + "KEY_LENGTH", +); + + typedef struct private_transform_attribute_t private_transform_attribute_t; /** @@ -57,22 +95,17 @@ struct private_transform_attribute_t { * Attribute value as chunk if attribute_format is 0 (FALSE). */ chunk_t attribute_value; -}; - -ENUM_BEGIN(transform_attribute_type_name, ATTRIBUTE_UNDEFINED, ATTRIBUTE_UNDEFINED, - "ATTRIBUTE_UNDEFINED"); -ENUM_NEXT(transform_attribute_type_name, KEY_LENGTH, KEY_LENGTH, ATTRIBUTE_UNDEFINED, - "KEY_LENGTH"); -ENUM_END(transform_attribute_type_name, KEY_LENGTH); + /** + * Payload type, TRANSFORM_ATTRIBUTE or TRANSFORM_ATTRIBUTE_V1 + */ + payload_type_t type; +}; /** - * Encoding rules to parse or generate a Transform attribute. - * - * The defined offsets are the positions in a object of type - * private_transform_attribute_t. + * Encoding rules for IKEv1/IKEv2 transform attributes */ -encoding_rule_t transform_attribute_encodings[] = { +static encoding_rule_t encodings[] = { /* Flag defining the format of this payload */ { ATTRIBUTE_FORMAT, offsetof(private_transform_attribute_t, attribute_format) }, /* type of the attribute as 15 bit unsigned integer */ @@ -105,14 +138,14 @@ METHOD(payload_t, get_encoding_rules, void, private_transform_attribute_t *this, encoding_rule_t **rules, size_t *rule_count) { - *rules = transform_attribute_encodings; - *rule_count = countof(transform_attribute_encodings); + *rules = encodings; + *rule_count = countof(encodings); } METHOD(payload_t, get_type, payload_type_t, private_transform_attribute_t *this) { - return TRANSFORM_ATTRIBUTE; + return this->type; } METHOD(payload_t, get_next_type, payload_type_t, @@ -192,19 +225,19 @@ METHOD(transform_attribute_t, get_attribute_type, u_int16_t, METHOD(transform_attribute_t, clone_, transform_attribute_t*, private_transform_attribute_t *this) { - private_transform_attribute_t *new_clone; + private_transform_attribute_t *new; - new_clone = (private_transform_attribute_t *)transform_attribute_create(); + new = (private_transform_attribute_t*)transform_attribute_create(this->type); - new_clone->attribute_format = this->attribute_format; - new_clone->attribute_type = this->attribute_type; - new_clone->attribute_length_or_value = this->attribute_length_or_value; + new->attribute_format = this->attribute_format; + new->attribute_type = this->attribute_type; + new->attribute_length_or_value = this->attribute_length_or_value; - if (!new_clone->attribute_format) + if (!new->attribute_format) { - new_clone->attribute_value = chunk_clone(this->attribute_value); + new->attribute_value = chunk_clone(this->attribute_value); } - return &new_clone->public; + return &new->public; } METHOD2(payload_t, transform_attribute_t, destroy, void, @@ -217,7 +250,7 @@ METHOD2(payload_t, transform_attribute_t, destroy, void, /* * Described in header. */ -transform_attribute_t *transform_attribute_create() +transform_attribute_t *transform_attribute_create(payload_type_t type) { private_transform_attribute_t *this; @@ -242,6 +275,7 @@ transform_attribute_t *transform_attribute_create() .destroy = _destroy, }, .attribute_format = TRUE, + .type = type, ); return &this->public; } @@ -251,8 +285,11 @@ transform_attribute_t *transform_attribute_create() */ transform_attribute_t *transform_attribute_create_key_length(u_int16_t key_length) { - transform_attribute_t *attribute = transform_attribute_create(); - attribute->set_attribute_type(attribute, KEY_LENGTH); + transform_attribute_t *attribute; + + attribute = transform_attribute_create(TRANSFORM_ATTRIBUTE); + attribute->set_attribute_type(attribute, TATTR_IKEV2_KEY_LENGTH); attribute->set_value(attribute, key_length); + return attribute; } -- cgit v1.2.3 From 3a470f303542dfb127eb8b17553da06a92892ebb Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Wed, 16 Nov 2011 18:24:14 +0100 Subject: Added limiting encoding of IKEv1 SA payloads --- src/libcharon/encoding/payloads/transform_attribute.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'src/libcharon/encoding/payloads/transform_attribute.c') diff --git a/src/libcharon/encoding/payloads/transform_attribute.c b/src/libcharon/encoding/payloads/transform_attribute.c index e928dcddb..97bde8bce 100644 --- a/src/libcharon/encoding/payloads/transform_attribute.c +++ b/src/libcharon/encoding/payloads/transform_attribute.c @@ -283,13 +283,14 @@ transform_attribute_t *transform_attribute_create(payload_type_t type) /* * Described in header. */ -transform_attribute_t *transform_attribute_create_key_length(u_int16_t key_length) +transform_attribute_t *transform_attribute_create_value(payload_type_t type, + transform_attribute_type_t kind, u_int16_t value) { transform_attribute_t *attribute; - attribute = transform_attribute_create(TRANSFORM_ATTRIBUTE); - attribute->set_attribute_type(attribute, TATTR_IKEV2_KEY_LENGTH); - attribute->set_value(attribute, key_length); + attribute = transform_attribute_create(type); + attribute->set_attribute_type(attribute, kind); + attribute->set_value(attribute, value); return attribute; } -- cgit v1.2.3 From e9b55b832546d05f464bdddbe779ed21cd17b624 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 17 Nov 2011 11:27:55 +0100 Subject: Simplify signature of get_encoding_rules(), make all rules static --- src/libcharon/encoding/payloads/transform_attribute.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'src/libcharon/encoding/payloads/transform_attribute.c') diff --git a/src/libcharon/encoding/payloads/transform_attribute.c b/src/libcharon/encoding/payloads/transform_attribute.c index 97bde8bce..fa344019b 100644 --- a/src/libcharon/encoding/payloads/transform_attribute.c +++ b/src/libcharon/encoding/payloads/transform_attribute.c @@ -134,12 +134,11 @@ METHOD(payload_t, verify, status_t, return SUCCESS; } -METHOD(payload_t, get_encoding_rules, void, - private_transform_attribute_t *this, encoding_rule_t **rules, - size_t *rule_count) +METHOD(payload_t, get_encoding_rules, int, + private_transform_attribute_t *this, encoding_rule_t **rules) { *rules = encodings; - *rule_count = countof(encodings); + return countof(encodings); } METHOD(payload_t, get_type, payload_type_t, -- cgit v1.2.3 From 38fb67fbf18489f40845b072e4ed50b1f6cf0c9c Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 17 Nov 2011 11:27:46 +0000 Subject: Add a payload.get_header_length() method, remove header length definitions --- src/libcharon/encoding/payloads/transform_attribute.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'src/libcharon/encoding/payloads/transform_attribute.c') diff --git a/src/libcharon/encoding/payloads/transform_attribute.c b/src/libcharon/encoding/payloads/transform_attribute.c index fa344019b..474362fca 100644 --- a/src/libcharon/encoding/payloads/transform_attribute.c +++ b/src/libcharon/encoding/payloads/transform_attribute.c @@ -141,6 +141,12 @@ METHOD(payload_t, get_encoding_rules, int, return countof(encodings); } +METHOD(payload_t, get_header_length, int, + private_transform_attribute_t *this) +{ + return 0; +} + METHOD(payload_t, get_type, payload_type_t, private_transform_attribute_t *this) { @@ -258,6 +264,7 @@ transform_attribute_t *transform_attribute_create(payload_type_t type) .payload_interface = { .verify = _verify, .get_encoding_rules = _get_encoding_rules, + .get_header_length = _get_header_length, .get_length = _get_length, .get_next_type = _get_next_type, .set_next_type = _set_next_type, -- cgit v1.2.3 From fbebc2a068942d16c20f8439b140027395ba25a0 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 24 Nov 2011 12:52:11 +0100 Subject: Implemented encoding of additional IKEv1 proposal attributes --- src/libcharon/encoding/payloads/transform_attribute.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) (limited to 'src/libcharon/encoding/payloads/transform_attribute.c') diff --git a/src/libcharon/encoding/payloads/transform_attribute.c b/src/libcharon/encoding/payloads/transform_attribute.c index 474362fca..7e8a9c7c7 100644 --- a/src/libcharon/encoding/payloads/transform_attribute.c +++ b/src/libcharon/encoding/payloads/transform_attribute.c @@ -290,13 +290,28 @@ transform_attribute_t *transform_attribute_create(payload_type_t type) * Described in header. */ transform_attribute_t *transform_attribute_create_value(payload_type_t type, - transform_attribute_type_t kind, u_int16_t value) + transform_attribute_type_t kind, u_int64_t value) { transform_attribute_t *attribute; attribute = transform_attribute_create(type); attribute->set_attribute_type(attribute, kind); - attribute->set_value(attribute, value); + if (value <= UINT16_MAX) + { + attribute->set_value(attribute, value); + } + else if (value <= UINT32_MAX) + { + u_int32_t val32; + + val32 = htonl(value); + attribute->set_value_chunk(attribute, chunk_from_thing(val32)); + } + else + { + value = htobe64(value); + attribute->set_value_chunk(attribute, chunk_from_thing(value)); + } return attribute; } -- cgit v1.2.3 From 914ec2dbf29ea70a397418860fb304196131d845 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 24 Nov 2011 15:25:22 +0100 Subject: Implemented IKEv1 attribute encoding in SA payload --- src/libcharon/encoding/payloads/transform_attribute.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) (limited to 'src/libcharon/encoding/payloads/transform_attribute.c') diff --git a/src/libcharon/encoding/payloads/transform_attribute.c b/src/libcharon/encoding/payloads/transform_attribute.c index 7e8a9c7c7..0be39316a 100644 --- a/src/libcharon/encoding/payloads/transform_attribute.c +++ b/src/libcharon/encoding/payloads/transform_attribute.c @@ -209,10 +209,22 @@ METHOD(transform_attribute_t, get_value_chunk, chunk_t, return this->attribute_value; } -METHOD(transform_attribute_t, get_value, u_int16_t, +METHOD(transform_attribute_t, get_value, u_int64_t, private_transform_attribute_t *this) { - return this->attribute_length_or_value; + u_int64_t value = 0; + + if (this->attribute_format) + { + return this->attribute_length_or_value; + } + if (this->attribute_value.len > sizeof(value)) + { + return UINT64_MAX; + } + memcpy(((char*)&value) + sizeof(value) - this->attribute_value.len, + this->attribute_value.ptr, this->attribute_value.len); + return be64toh(value); } METHOD(transform_attribute_t, set_attribute_type, void, -- cgit v1.2.3 From eeca2af81c22e04532585d0dd2a5284bd83d8f5c Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 24 Nov 2011 15:32:13 +0100 Subject: Removed obsolete transform attribute setters --- .../encoding/payloads/transform_attribute.c | 73 ++++------------------ 1 file changed, 12 insertions(+), 61 deletions(-) (limited to 'src/libcharon/encoding/payloads/transform_attribute.c') diff --git a/src/libcharon/encoding/payloads/transform_attribute.c b/src/libcharon/encoding/payloads/transform_attribute.c index 0be39316a..50b5b77cc 100644 --- a/src/libcharon/encoding/payloads/transform_attribute.c +++ b/src/libcharon/encoding/payloads/transform_attribute.c @@ -174,31 +174,6 @@ METHOD(payload_t, get_length, size_t, return this->attribute_length_or_value + 4; } -METHOD(transform_attribute_t, set_value_chunk, void, - private_transform_attribute_t *this, chunk_t value) -{ - chunk_free(&this->attribute_value); - - if (value.len != 2) - { - this->attribute_value = chunk_clone(value); - this->attribute_length_or_value = value.len; - this->attribute_format = FALSE; - } - else - { - memcpy(&this->attribute_length_or_value, value.ptr, value.len); - } -} - -METHOD(transform_attribute_t, set_value, void, - private_transform_attribute_t *this, u_int16_t value) -{ - chunk_free(&this->attribute_value); - this->attribute_length_or_value = value; - this->attribute_format = TRUE; -} - METHOD(transform_attribute_t, get_value_chunk, chunk_t, private_transform_attribute_t *this) { @@ -227,36 +202,12 @@ METHOD(transform_attribute_t, get_value, u_int64_t, return be64toh(value); } -METHOD(transform_attribute_t, set_attribute_type, void, - private_transform_attribute_t *this, u_int16_t type) -{ - this->attribute_type = type & 0x7FFF; -} - METHOD(transform_attribute_t, get_attribute_type, u_int16_t, private_transform_attribute_t *this) { return this->attribute_type; } -METHOD(transform_attribute_t, clone_, transform_attribute_t*, - private_transform_attribute_t *this) -{ - private_transform_attribute_t *new; - - new = (private_transform_attribute_t*)transform_attribute_create(this->type); - - new->attribute_format = this->attribute_format; - new->attribute_type = this->attribute_type; - new->attribute_length_or_value = this->attribute_length_or_value; - - if (!new->attribute_format) - { - new->attribute_value = chunk_clone(this->attribute_value); - } - return &new->public; -} - METHOD2(payload_t, transform_attribute_t, destroy, void, private_transform_attribute_t *this) { @@ -283,16 +234,12 @@ transform_attribute_t *transform_attribute_create(payload_type_t type) .get_type = _get_type, .destroy = _destroy, }, - .set_value_chunk = _set_value_chunk, - .set_value = _set_value, .get_value_chunk = _get_value_chunk, .get_value = _get_value, - .set_attribute_type = _set_attribute_type, .get_attribute_type = _get_attribute_type, - .clone = _clone_, .destroy = _destroy, }, - .attribute_format = TRUE, + .attribute_format = FALSE, .type = type, ); return &this->public; @@ -304,26 +251,30 @@ transform_attribute_t *transform_attribute_create(payload_type_t type) transform_attribute_t *transform_attribute_create_value(payload_type_t type, transform_attribute_type_t kind, u_int64_t value) { - transform_attribute_t *attribute; + private_transform_attribute_t *this; + + this = (private_transform_attribute_t*)transform_attribute_create(type); - attribute = transform_attribute_create(type); - attribute->set_attribute_type(attribute, kind); + this->attribute_type = kind & 0x7FFF; if (value <= UINT16_MAX) { - attribute->set_value(attribute, value); + this->attribute_length_or_value = value; + this->attribute_format = TRUE; } else if (value <= UINT32_MAX) { u_int32_t val32; val32 = htonl(value); - attribute->set_value_chunk(attribute, chunk_from_thing(val32)); + this->attribute_value = chunk_clone(chunk_from_thing(val32)); + this->attribute_length_or_value = sizeof(val32); } else { value = htobe64(value); - attribute->set_value_chunk(attribute, chunk_from_thing(value)); + this->attribute_value = chunk_clone(chunk_from_thing(value)); + this->attribute_length_or_value = sizeof(value); } - return attribute; + return &this->public; } -- cgit v1.2.3 From bd8700f0553e23f9301e1d13e2a21166dde65a88 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Mon, 5 Dec 2011 15:45:01 +0100 Subject: Don't use unportable htobe64 macro directly --- src/libcharon/encoding/payloads/transform_attribute.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/libcharon/encoding/payloads/transform_attribute.c') diff --git a/src/libcharon/encoding/payloads/transform_attribute.c b/src/libcharon/encoding/payloads/transform_attribute.c index 50b5b77cc..6a6451eb2 100644 --- a/src/libcharon/encoding/payloads/transform_attribute.c +++ b/src/libcharon/encoding/payloads/transform_attribute.c @@ -272,7 +272,7 @@ transform_attribute_t *transform_attribute_create_value(payload_type_t type, } else { - value = htobe64(value); + htoun64(&value, value); this->attribute_value = chunk_clone(chunk_from_thing(value)); this->attribute_length_or_value = sizeof(value); } -- cgit v1.2.3 From 6f6380e670a6f078d673ad276baf67044dbbc8f0 Mon Sep 17 00:00:00 2001 From: Andreas Steffen Date: Tue, 6 Dec 2011 15:15:40 +0100 Subject: use untoh64 instead of non-portable be64toh --- src/libcharon/encoding/payloads/transform_attribute.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/libcharon/encoding/payloads/transform_attribute.c') diff --git a/src/libcharon/encoding/payloads/transform_attribute.c b/src/libcharon/encoding/payloads/transform_attribute.c index 6a6451eb2..a11ee98a4 100644 --- a/src/libcharon/encoding/payloads/transform_attribute.c +++ b/src/libcharon/encoding/payloads/transform_attribute.c @@ -199,7 +199,7 @@ METHOD(transform_attribute_t, get_value, u_int64_t, } memcpy(((char*)&value) + sizeof(value) - this->attribute_value.len, this->attribute_value.ptr, this->attribute_value.len); - return be64toh(value); + return untoh64((char*)&value); } METHOD(transform_attribute_t, get_attribute_type, u_int16_t, -- cgit v1.2.3