IKEv1 ConfigMode: Added TRANSACTION exchange type. Added attribute_payload (IKEv2 equiv cp_payload) and data_attribute (IKEv2 equiv configuration_attribute) payload types. Did not combine with IKEv2 because it wasn't trivial to do so. This might be a task worth investigating in the future, because there is a decent amount of shared code here.

src/libcharon/Makefile.am

@@ -15,11 +15,13 @@ daemon.c daemon.h \
 encoding/generator.c encoding/generator.h \
 encoding/message.c encoding/message.h \
 encoding/parser.c encoding/parser.h \
+encoding/payloads/attribute_payload_v1.c encoding/payloads/attribute_payload_v1.h \
 encoding/payloads/auth_payload.c encoding/payloads/auth_payload.h \
 encoding/payloads/cert_payload.c encoding/payloads/cert_payload.h \
 encoding/payloads/certreq_payload.c encoding/payloads/certreq_payload.h \
 encoding/payloads/configuration_attribute.c encoding/payloads/configuration_attribute.h \
 encoding/payloads/cp_payload.c encoding/payloads/cp_payload.h \
+encoding/payloads/data_attribute_v1.c encoding/payloads/data_attribute_v1.h \
 encoding/payloads/delete_payload.c encoding/payloads/delete_payload.h \
 encoding/payloads/eap_payload.c encoding/payloads/eap_payload.h \
 encoding/payloads/encodings.c encoding/payloads/encodings.h \

src/libcharon/encoding/message.c

@@ -631,6 +631,24 @@ static payload_order_t quick_mode_r_order[] = {
 	{ID_V1,						0},
 };
 
+/**
+ * Message rule for TRANSACTION.
+ */
+static payload_rule_t transaction_payload_rules_v1[] = {
+/*	payload type			min	max	encr	suff */
+	{HASH_V1,			0,	1,	TRUE,	FALSE},
+	{ATTRIBUTE_V1,			1,	1,	FALSE,	FALSE},
+};
+
+/**
+ * Payload order for TRANSACTION.
+ */
+static payload_order_t transaction_payload_order_v1[] = {
+/*	payload type			notify type */
+	{HASH_V1,			0},
+	{ATTRIBUTE_V1,			0},
+};
+
 #endif /* USE_IKEV1 */
 
 /**
@@ -708,6 +726,14 @@ static message_rule_t message_rules[] = {
 		countof(quick_mode_r_rules), quick_mode_r_rules,
 		countof(quick_mode_r_order), quick_mode_r_order,
 	},
+	{TRANSACTION,		TRUE,	TRUE,
+		countof(transaction_payload_rules_v1), transaction_payload_rules_v1,
+		countof(transaction_payload_order_v1), transaction_payload_order_v1,
+	},
+	{TRANSACTION,		FALSE,	TRUE,
+		countof(transaction_payload_rules_v1), transaction_payload_rules_v1,
+		countof(transaction_payload_order_v1), transaction_payload_order_v1,
+	},
 	/* TODO-IKEv1: define rules for other exchanges */
 #endif /* USE_IKEV1 */
 };

src/libcharon/encoding/payloads/ike_header.c

@@ -114,12 +114,13 @@ struct private_ike_header_t {
 	u_int32_t length;
 };
 
-ENUM_BEGIN(exchange_type_names, ID_PROT, INFORMATIONAL_V1,
+ENUM_BEGIN(exchange_type_names, ID_PROT, TRANSACTION,
 	"ID_PROT",
 	"AUTH_ONLY",
 	"AGGRESSIVE",
-	"INFORMATIONAL_V1");
-ENUM_NEXT(exchange_type_names, QUICK_MODE, IKE_SESSION_RESUME, INFORMATIONAL_V1,
+	"INFORMATIONAL_V1",
+	"TRANSACTION");
+ENUM_NEXT(exchange_type_names, QUICK_MODE, IKE_SESSION_RESUME, TRANSACTION,
 	"QUICK_MODE",
 	"NEW_GROUP_MODE",
 	"IKE_SA_INIT",
@@ -172,10 +173,10 @@ static encoding_rule_t encodings[] = {
 	/* 4 Byte message id, stored in the field message_id */
 	{ U_INT_32,		offsetof(private_ike_header_t, message_id)		},
 	/* 4 Byte length fied, stored in the field length */
-	{ HEADER_LENGTH,offsetof(private_ike_header_t, length)			},
+	{ HEADER_LENGTH,	offsetof(private_ike_header_t, length)			}
 };
 
-/*                           1                   2                   3
+/*                         1                   2                   3
        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       !                       IKE_SA Initiator's SPI                  !
@@ -206,6 +207,7 @@ METHOD(payload_t, verify, status_t,
 			/* fall */
 		case AUTH_ONLY:
 		case INFORMATIONAL_V1:
+		case TRANSACTION:
 		case QUICK_MODE:
 		case NEW_GROUP_MODE:
 			if (this->maj_version != IKEV1_MAJOR_VERSION)

src/libcharon/encoding/payloads/ike_header.h

@@ -81,6 +81,11 @@ enum exchange_type_t{
 	 */
 	INFORMATIONAL_V1 = 5,
 
+	/**
+	 * Transaction (ISAKMP Cfg Mode "draft-ietf-ipsec-isakmp-mode-cfg-05")
+	 */
+	TRANSACTION = 6,
+
 	/**
 	 * Quick Mode
 	 */
@@ -138,7 +143,6 @@ extern enum_name_t *exchange_type_names;
  * An object of this type represents an IKE header of either IKEv1 or IKEv2.
  */
 struct ike_header_t {
-
 	/**
 	 * The payload_t interface.
 	 */

src/libcharon/encoding/payloads/payload.c

@@ -20,6 +20,7 @@
 
 #include <encoding/payloads/ike_header.h>
 #include <encoding/payloads/sa_payload.h>
+
 #include <encoding/payloads/nonce_payload.h>
 #include <encoding/payloads/id_payload.h>
 #include <encoding/payloads/ke_payload.h>
@@ -37,10 +38,12 @@
 #include <encoding/payloads/hash_payload.h>
 #include <encoding/payloads/unknown_payload.h>
 
+#include <encoding/payloads/attribute_payload_v1.h>
+#include <encoding/payloads/data_attribute_v1.h>
 
 ENUM_BEGIN(payload_type_names, NO_PAYLOAD, NO_PAYLOAD,
 	"NO_PAYLOAD");
-ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION_V1, VENDOR_ID_V1, NO_PAYLOAD,
+ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION_V1, ATTRIBUTE_V1, NO_PAYLOAD,
 	"SECURITY_ASSOCIATION_V1",
 	"PROPOSAL_V1",
 	"TRANSFORM_V1",
@@ -53,8 +56,9 @@ ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION_V1, VENDOR_ID_V1, NO_PAYLOAD,
 	"NONCE_V1",
 	"NOTIFY_V1",
 	"DELETE_V1",
-	"VENDOR_ID_V1");
-ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION, EXTENSIBLE_AUTHENTICATION, VENDOR_ID_V1,
+	"VENDOR_ID_V1",
+	"ATTRIBUTE_V1");
+ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION, EXTENSIBLE_AUTHENTICATION, ATTRIBUTE_V1,
 	"SECURITY_ASSOCIATION",
 	"KEY_EXCHANGE",
 	"ID_INITIATOR",
@@ -74,7 +78,7 @@ ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION, EXTENSIBLE_AUTHENTICATION, V
 #ifdef ME
 ENUM_NEXT(payload_type_names, ID_PEER, ID_PEER, EXTENSIBLE_AUTHENTICATION,
 	"ID_PEER");
-ENUM_NEXT(payload_type_names, HEADER, ENCRYPTED_V1, ID_PEER,
+ENUM_NEXT(payload_type_names, HEADER, DATA_ATTRIBUTE_V1, ID_PEER,
 	"HEADER",
 	"PROPOSAL_SUBSTRUCTURE",
 	"PROPOSAL_SUBSTRUCTURE_V1",
@@ -84,9 +88,10 @@ ENUM_NEXT(payload_type_names, HEADER, ENCRYPTED_V1, ID_PEER,
 	"TRANSFORM_ATTRIBUTE_V1",
 	"TRAFFIC_SELECTOR_SUBSTRUCTURE",
 	"CONFIGURATION_ATTRIBUTE",
-	"ENCRYPTED_V1");
+	"ENCRYPTED_V1",
+	"DATA_ATTRIBUTE_V1");
 #else
-ENUM_NEXT(payload_type_names, HEADER, ENCRYPTED_V1, EXTENSIBLE_AUTHENTICATION,
+ENUM_NEXT(payload_type_names, HEADER, DATA_ATTRIBUTE_V1, EXTENSIBLE_AUTHENTICATION,
 	"HEADER",
 	"PROPOSAL_SUBSTRUCTURE",
 	"PROPOSAL_SUBSTRUCTURE_V1",
@@ -96,9 +101,10 @@ ENUM_NEXT(payload_type_names, HEADER, ENCRYPTED_V1, EXTENSIBLE_AUTHENTICATION,
 	"TRANSFORM_ATTRIBUTE_V1",
 	"TRAFFIC_SELECTOR_SUBSTRUCTURE",
 	"CONFIGURATION_ATTRIBUTE",
-	"ENCRYPTED_V1");
+	"ENCRYPTED_V1",
+	"DATA_ATTRIBUTE_V1");
 #endif /* ME */
-ENUM_END(payload_type_names, ENCRYPTED_V1);
+ENUM_END(payload_type_names, DATA_ATTRIBUTE_V1);
 
 /* short forms of payload names */
 ENUM_BEGIN(payload_type_short_names, NO_PAYLOAD, NO_PAYLOAD,
@@ -137,7 +143,7 @@ ENUM_NEXT(payload_type_short_names, SECURITY_ASSOCIATION, EXTENSIBLE_AUTHENTICAT
 #ifdef ME
 ENUM_NEXT(payload_type_short_names, ID_PEER, ID_PEER, EXTENSIBLE_AUTHENTICATION,
 	"IDp");
-ENUM_NEXT(payload_type_short_names, HEADER, ENCRYPTED_V1, ID_PEER,
+ENUM_NEXT(payload_type_short_names, HEADER, DATA_ATTRIBUTE_V1, ID_PEER,
 	"HDR",
 	"PROP",
 	"PROP",
@@ -147,9 +153,10 @@ ENUM_NEXT(payload_type_short_names, HEADER, ENCRYPTED_V1, ID_PEER,
 	"TRANSATTR",
 	"TSSUB",
 	"CATTR",
-	"E");
+	"E",
+	"DATAATTR");
 #else
-ENUM_NEXT(payload_type_short_names, HEADER, ENCRYPTED_V1, EXTENSIBLE_AUTHENTICATION,
+ENUM_NEXT(payload_type_short_names, HEADER, DATA_ATTRIBUTE_V1, EXTENSIBLE_AUTHENTICATION,
 	"HDR",
 	"PROP",
 	"PROP",
@@ -159,9 +166,10 @@ ENUM_NEXT(payload_type_short_names, HEADER, ENCRYPTED_V1, EXTENSIBLE_AUTHENTICAT
 	"TRANSATTR",
 	"TSSUB",
 	"CATTR",
-	"E");
+	"E",
+	"DATAATTR");
 #endif /* ME */
-ENUM_END(payload_type_short_names, ENCRYPTED_V1);
+ENUM_END(payload_type_short_names, DATA_ATTRIBUTE_V1);
 
 /*
  * see header
@@ -197,7 +205,8 @@ payload_t *payload_create(payload_type_t type)
 		case AUTHENTICATION:
 			return (payload_t*)auth_payload_create();
 		case CERTIFICATE:
-			return (payload_t*)cert_payload_create();
+		case CERTIFICATE_V1:
+			return (payload_t*)cert_payload_create(type);
 		case CERTIFICATE_REQUEST:
 			return (payload_t*)certreq_payload_create();
 		case TRAFFIC_SELECTOR_SUBSTRUCTURE:
@@ -229,6 +238,10 @@ payload_t *payload_create(payload_type_t type)
 		case ENCRYPTED:
 		case ENCRYPTED_V1:
 			return (payload_t*)encryption_payload_create(type);
+		case ATTRIBUTE_V1:
+			return (payload_t*)attribute_payload_v1_create();
+		case DATA_ATTRIBUTE_V1:
+			return (payload_t*)data_attribute_v1_create();
 		default:
 			return (payload_t*)unknown_payload_create(type);
 	}

src/libcharon/encoding/payloads/payload.h

@@ -112,6 +112,11 @@ enum payload_type_t {
 	 */
 	VENDOR_ID_V1 = 13,
 
+	/**
+	 * Attribute payload (ISAKMP Cfg Mode "draft-ietf-ipsec-isakmp-mode-cfg-05")
+	 */
+	ATTRIBUTE_V1 = 14,
+
 	/**
 	 * The security association (SA) payload containing proposals.
 	 */
@@ -252,6 +257,12 @@ enum payload_type_t {
 	 * This is not really a payload, but rather the complete IKEv1 message.
 	 */
 	ENCRYPTED_V1,
+
+	/**
+	 * DATA_ATTRIBUTE, attribute in an ATTRIBUTE payload.
+	 */
+	DATA_ATTRIBUTE_V1,
+
 };
 
 /**