IKEv1 ConfigMode: Added TRANSACTION exchange type. Added attribute_payload (IKEv2 equiv cp_payload) and data_attribute (IKEv2 equiv configuration_attribute) payload types. Did not combine with IKEv2 because it wasn't trivial to do so. This might be a task worth investigating in the future, because there is a decent amount of shared code here.
This commit is contained in:
parent
9769b76cab
commit
54a8a94fa9
|
@ -15,11 +15,13 @@ daemon.c daemon.h \
|
|||
encoding/generator.c encoding/generator.h \
|
||||
encoding/message.c encoding/message.h \
|
||||
encoding/parser.c encoding/parser.h \
|
||||
encoding/payloads/attribute_payload_v1.c encoding/payloads/attribute_payload_v1.h \
|
||||
encoding/payloads/auth_payload.c encoding/payloads/auth_payload.h \
|
||||
encoding/payloads/cert_payload.c encoding/payloads/cert_payload.h \
|
||||
encoding/payloads/certreq_payload.c encoding/payloads/certreq_payload.h \
|
||||
encoding/payloads/configuration_attribute.c encoding/payloads/configuration_attribute.h \
|
||||
encoding/payloads/cp_payload.c encoding/payloads/cp_payload.h \
|
||||
encoding/payloads/data_attribute_v1.c encoding/payloads/data_attribute_v1.h \
|
||||
encoding/payloads/delete_payload.c encoding/payloads/delete_payload.h \
|
||||
encoding/payloads/eap_payload.c encoding/payloads/eap_payload.h \
|
||||
encoding/payloads/encodings.c encoding/payloads/encodings.h \
|
||||
|
|
|
@ -631,6 +631,24 @@ static payload_order_t quick_mode_r_order[] = {
|
|||
{ID_V1, 0},
|
||||
};
|
||||
|
||||
/**
|
||||
* Message rule for TRANSACTION.
|
||||
*/
|
||||
static payload_rule_t transaction_payload_rules_v1[] = {
|
||||
/* payload type min max encr suff */
|
||||
{HASH_V1, 0, 1, TRUE, FALSE},
|
||||
{ATTRIBUTE_V1, 1, 1, FALSE, FALSE},
|
||||
};
|
||||
|
||||
/**
|
||||
* Payload order for TRANSACTION.
|
||||
*/
|
||||
static payload_order_t transaction_payload_order_v1[] = {
|
||||
/* payload type notify type */
|
||||
{HASH_V1, 0},
|
||||
{ATTRIBUTE_V1, 0},
|
||||
};
|
||||
|
||||
#endif /* USE_IKEV1 */
|
||||
|
||||
/**
|
||||
|
@ -708,6 +726,14 @@ static message_rule_t message_rules[] = {
|
|||
countof(quick_mode_r_rules), quick_mode_r_rules,
|
||||
countof(quick_mode_r_order), quick_mode_r_order,
|
||||
},
|
||||
{TRANSACTION, TRUE, TRUE,
|
||||
countof(transaction_payload_rules_v1), transaction_payload_rules_v1,
|
||||
countof(transaction_payload_order_v1), transaction_payload_order_v1,
|
||||
},
|
||||
{TRANSACTION, FALSE, TRUE,
|
||||
countof(transaction_payload_rules_v1), transaction_payload_rules_v1,
|
||||
countof(transaction_payload_order_v1), transaction_payload_order_v1,
|
||||
},
|
||||
/* TODO-IKEv1: define rules for other exchanges */
|
||||
#endif /* USE_IKEV1 */
|
||||
};
|
||||
|
|
|
@ -114,12 +114,13 @@ struct private_ike_header_t {
|
|||
u_int32_t length;
|
||||
};
|
||||
|
||||
ENUM_BEGIN(exchange_type_names, ID_PROT, INFORMATIONAL_V1,
|
||||
ENUM_BEGIN(exchange_type_names, ID_PROT, TRANSACTION,
|
||||
"ID_PROT",
|
||||
"AUTH_ONLY",
|
||||
"AGGRESSIVE",
|
||||
"INFORMATIONAL_V1");
|
||||
ENUM_NEXT(exchange_type_names, QUICK_MODE, IKE_SESSION_RESUME, INFORMATIONAL_V1,
|
||||
"INFORMATIONAL_V1",
|
||||
"TRANSACTION");
|
||||
ENUM_NEXT(exchange_type_names, QUICK_MODE, IKE_SESSION_RESUME, TRANSACTION,
|
||||
"QUICK_MODE",
|
||||
"NEW_GROUP_MODE",
|
||||
"IKE_SA_INIT",
|
||||
|
@ -172,10 +173,10 @@ static encoding_rule_t encodings[] = {
|
|||
/* 4 Byte message id, stored in the field message_id */
|
||||
{ U_INT_32, offsetof(private_ike_header_t, message_id) },
|
||||
/* 4 Byte length fied, stored in the field length */
|
||||
{ HEADER_LENGTH,offsetof(private_ike_header_t, length) },
|
||||
{ HEADER_LENGTH, offsetof(private_ike_header_t, length) }
|
||||
};
|
||||
|
||||
/* 1 2 3
|
||||
/* 1 2 3
|
||||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
|
||||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||||
! IKE_SA Initiator's SPI !
|
||||
|
@ -206,6 +207,7 @@ METHOD(payload_t, verify, status_t,
|
|||
/* fall */
|
||||
case AUTH_ONLY:
|
||||
case INFORMATIONAL_V1:
|
||||
case TRANSACTION:
|
||||
case QUICK_MODE:
|
||||
case NEW_GROUP_MODE:
|
||||
if (this->maj_version != IKEV1_MAJOR_VERSION)
|
||||
|
|
|
@ -81,6 +81,11 @@ enum exchange_type_t{
|
|||
*/
|
||||
INFORMATIONAL_V1 = 5,
|
||||
|
||||
/**
|
||||
* Transaction (ISAKMP Cfg Mode "draft-ietf-ipsec-isakmp-mode-cfg-05")
|
||||
*/
|
||||
TRANSACTION = 6,
|
||||
|
||||
/**
|
||||
* Quick Mode
|
||||
*/
|
||||
|
@ -138,7 +143,6 @@ extern enum_name_t *exchange_type_names;
|
|||
* An object of this type represents an IKE header of either IKEv1 or IKEv2.
|
||||
*/
|
||||
struct ike_header_t {
|
||||
|
||||
/**
|
||||
* The payload_t interface.
|
||||
*/
|
||||
|
|
|
@ -20,6 +20,7 @@
|
|||
|
||||
#include <encoding/payloads/ike_header.h>
|
||||
#include <encoding/payloads/sa_payload.h>
|
||||
|
||||
#include <encoding/payloads/nonce_payload.h>
|
||||
#include <encoding/payloads/id_payload.h>
|
||||
#include <encoding/payloads/ke_payload.h>
|
||||
|
@ -37,10 +38,12 @@
|
|||
#include <encoding/payloads/hash_payload.h>
|
||||
#include <encoding/payloads/unknown_payload.h>
|
||||
|
||||
#include <encoding/payloads/attribute_payload_v1.h>
|
||||
#include <encoding/payloads/data_attribute_v1.h>
|
||||
|
||||
ENUM_BEGIN(payload_type_names, NO_PAYLOAD, NO_PAYLOAD,
|
||||
"NO_PAYLOAD");
|
||||
ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION_V1, VENDOR_ID_V1, NO_PAYLOAD,
|
||||
ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION_V1, ATTRIBUTE_V1, NO_PAYLOAD,
|
||||
"SECURITY_ASSOCIATION_V1",
|
||||
"PROPOSAL_V1",
|
||||
"TRANSFORM_V1",
|
||||
|
@ -53,8 +56,9 @@ ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION_V1, VENDOR_ID_V1, NO_PAYLOAD,
|
|||
"NONCE_V1",
|
||||
"NOTIFY_V1",
|
||||
"DELETE_V1",
|
||||
"VENDOR_ID_V1");
|
||||
ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION, EXTENSIBLE_AUTHENTICATION, VENDOR_ID_V1,
|
||||
"VENDOR_ID_V1",
|
||||
"ATTRIBUTE_V1");
|
||||
ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION, EXTENSIBLE_AUTHENTICATION, ATTRIBUTE_V1,
|
||||
"SECURITY_ASSOCIATION",
|
||||
"KEY_EXCHANGE",
|
||||
"ID_INITIATOR",
|
||||
|
@ -74,7 +78,7 @@ ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION, EXTENSIBLE_AUTHENTICATION, V
|
|||
#ifdef ME
|
||||
ENUM_NEXT(payload_type_names, ID_PEER, ID_PEER, EXTENSIBLE_AUTHENTICATION,
|
||||
"ID_PEER");
|
||||
ENUM_NEXT(payload_type_names, HEADER, ENCRYPTED_V1, ID_PEER,
|
||||
ENUM_NEXT(payload_type_names, HEADER, DATA_ATTRIBUTE_V1, ID_PEER,
|
||||
"HEADER",
|
||||
"PROPOSAL_SUBSTRUCTURE",
|
||||
"PROPOSAL_SUBSTRUCTURE_V1",
|
||||
|
@ -84,9 +88,10 @@ ENUM_NEXT(payload_type_names, HEADER, ENCRYPTED_V1, ID_PEER,
|
|||
"TRANSFORM_ATTRIBUTE_V1",
|
||||
"TRAFFIC_SELECTOR_SUBSTRUCTURE",
|
||||
"CONFIGURATION_ATTRIBUTE",
|
||||
"ENCRYPTED_V1");
|
||||
"ENCRYPTED_V1",
|
||||
"DATA_ATTRIBUTE_V1");
|
||||
#else
|
||||
ENUM_NEXT(payload_type_names, HEADER, ENCRYPTED_V1, EXTENSIBLE_AUTHENTICATION,
|
||||
ENUM_NEXT(payload_type_names, HEADER, DATA_ATTRIBUTE_V1, EXTENSIBLE_AUTHENTICATION,
|
||||
"HEADER",
|
||||
"PROPOSAL_SUBSTRUCTURE",
|
||||
"PROPOSAL_SUBSTRUCTURE_V1",
|
||||
|
@ -96,9 +101,10 @@ ENUM_NEXT(payload_type_names, HEADER, ENCRYPTED_V1, EXTENSIBLE_AUTHENTICATION,
|
|||
"TRANSFORM_ATTRIBUTE_V1",
|
||||
"TRAFFIC_SELECTOR_SUBSTRUCTURE",
|
||||
"CONFIGURATION_ATTRIBUTE",
|
||||
"ENCRYPTED_V1");
|
||||
"ENCRYPTED_V1",
|
||||
"DATA_ATTRIBUTE_V1");
|
||||
#endif /* ME */
|
||||
ENUM_END(payload_type_names, ENCRYPTED_V1);
|
||||
ENUM_END(payload_type_names, DATA_ATTRIBUTE_V1);
|
||||
|
||||
/* short forms of payload names */
|
||||
ENUM_BEGIN(payload_type_short_names, NO_PAYLOAD, NO_PAYLOAD,
|
||||
|
@ -137,7 +143,7 @@ ENUM_NEXT(payload_type_short_names, SECURITY_ASSOCIATION, EXTENSIBLE_AUTHENTICAT
|
|||
#ifdef ME
|
||||
ENUM_NEXT(payload_type_short_names, ID_PEER, ID_PEER, EXTENSIBLE_AUTHENTICATION,
|
||||
"IDp");
|
||||
ENUM_NEXT(payload_type_short_names, HEADER, ENCRYPTED_V1, ID_PEER,
|
||||
ENUM_NEXT(payload_type_short_names, HEADER, DATA_ATTRIBUTE_V1, ID_PEER,
|
||||
"HDR",
|
||||
"PROP",
|
||||
"PROP",
|
||||
|
@ -147,9 +153,10 @@ ENUM_NEXT(payload_type_short_names, HEADER, ENCRYPTED_V1, ID_PEER,
|
|||
"TRANSATTR",
|
||||
"TSSUB",
|
||||
"CATTR",
|
||||
"E");
|
||||
"E",
|
||||
"DATAATTR");
|
||||
#else
|
||||
ENUM_NEXT(payload_type_short_names, HEADER, ENCRYPTED_V1, EXTENSIBLE_AUTHENTICATION,
|
||||
ENUM_NEXT(payload_type_short_names, HEADER, DATA_ATTRIBUTE_V1, EXTENSIBLE_AUTHENTICATION,
|
||||
"HDR",
|
||||
"PROP",
|
||||
"PROP",
|
||||
|
@ -159,9 +166,10 @@ ENUM_NEXT(payload_type_short_names, HEADER, ENCRYPTED_V1, EXTENSIBLE_AUTHENTICAT
|
|||
"TRANSATTR",
|
||||
"TSSUB",
|
||||
"CATTR",
|
||||
"E");
|
||||
"E",
|
||||
"DATAATTR");
|
||||
#endif /* ME */
|
||||
ENUM_END(payload_type_short_names, ENCRYPTED_V1);
|
||||
ENUM_END(payload_type_short_names, DATA_ATTRIBUTE_V1);
|
||||
|
||||
/*
|
||||
* see header
|
||||
|
@ -197,7 +205,8 @@ payload_t *payload_create(payload_type_t type)
|
|||
case AUTHENTICATION:
|
||||
return (payload_t*)auth_payload_create();
|
||||
case CERTIFICATE:
|
||||
return (payload_t*)cert_payload_create();
|
||||
case CERTIFICATE_V1:
|
||||
return (payload_t*)cert_payload_create(type);
|
||||
case CERTIFICATE_REQUEST:
|
||||
return (payload_t*)certreq_payload_create();
|
||||
case TRAFFIC_SELECTOR_SUBSTRUCTURE:
|
||||
|
@ -229,6 +238,10 @@ payload_t *payload_create(payload_type_t type)
|
|||
case ENCRYPTED:
|
||||
case ENCRYPTED_V1:
|
||||
return (payload_t*)encryption_payload_create(type);
|
||||
case ATTRIBUTE_V1:
|
||||
return (payload_t*)attribute_payload_v1_create();
|
||||
case DATA_ATTRIBUTE_V1:
|
||||
return (payload_t*)data_attribute_v1_create();
|
||||
default:
|
||||
return (payload_t*)unknown_payload_create(type);
|
||||
}
|
||||
|
|
|
@ -112,6 +112,11 @@ enum payload_type_t {
|
|||
*/
|
||||
VENDOR_ID_V1 = 13,
|
||||
|
||||
/**
|
||||
* Attribute payload (ISAKMP Cfg Mode "draft-ietf-ipsec-isakmp-mode-cfg-05")
|
||||
*/
|
||||
ATTRIBUTE_V1 = 14,
|
||||
|
||||
/**
|
||||
* The security association (SA) payload containing proposals.
|
||||
*/
|
||||
|
@ -252,6 +257,12 @@ enum payload_type_t {
|
|||
* This is not really a payload, but rather the complete IKEv1 message.
|
||||
*/
|
||||
ENCRYPTED_V1,
|
||||
|
||||
/**
|
||||
* DATA_ATTRIBUTE, attribute in an ATTRIBUTE payload.
|
||||
*/
|
||||
DATA_ATTRIBUTE_V1,
|
||||
|
||||
};
|
||||
|
||||
/**
|
||||
|
|
Loading…
Reference in New Issue