ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

- better management of unknown_payload, with critical check 

- message code cleanup
This commit is contained in:
Martin Willi 2005-12-06 11:51:13 +00:00
parent 9affa65c79
commit 668f9fcba9
7 changed files with 376 additions and 402 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

452
Source/charon/encoding/message.c
View File

@ -35,6 +35,7 @@
#include <encoding/payloads/encodings.h>
#include <encoding/payloads/payload.h>
#include <encoding/payloads/encryption_payload.h>
#include <encoding/payloads/unknown_payload.h>
/**
* Max number of notify payloads per IKEv2 Message
@ -42,13 +43,15 @@
#define MAX_NOTIFY_PAYLOADS 10
typedef struct supported_payload_entry_t supported_payload_entry_t;
typedef struct payload_rule_t payload_rule_t;
/**
* Supported payload entry used in message_rule_t.
*
* A payload rule defines the rules for a payload
* in a specific message rule. It defines if and how
* many times a payload must/can occur in a message
* and if it must be encrypted.
*/
struct supported_payload_entry_t {
struct payload_rule_t {
/**
* Payload type.
*/
@ -65,21 +68,24 @@ struct supported_payload_entry_t {
size_t max_occurence;
/**
* TRUE if payload has to get encrypted
* TRUE if payload must be encrypted
*/
bool encrypted;
/**
* Verifying can stop after checking this payload.
* If this payload occurs, the message rule is
* fullfilled in any case. This applies e.g. to
* notify_payloads.
*/
bool can_be_last;
bool sufficient;
};
typedef struct message_rule_t message_rule_t;
/**
* Message Rule used to find out which payloads
* are supported by each message type.
* A message rule defines the kind of a message,
* if it has encrypted contents and a list
* of payload rules.
*
*/
struct message_rule_t {
@ -98,22 +104,21 @@ struct message_rule_t {
*/
bool encrypted_content;
/**
* Number of supported payloads.
*/
size_t supported_payloads_count;
/**
* Number of payload rules which will follow
*/
size_t payload_rule_count;
/**
* Pointer to first supported payload entry.
* Pointer to first payload rule
*/
supported_payload_entry_t *supported_payloads;
payload_rule_t *payload_rules;
};
/**
* Message rule for IKE_SA_INIT from initiator.
*/
static supported_payload_entry_t supported_ike_sa_init_i_payloads[] =
{
static payload_rule_t ike_sa_init_i_payload_rules[] = {
{NOTIFY,0,MAX_NOTIFY_PAYLOADS,FALSE,FALSE},
{SECURITY_ASSOCIATION,1,1,FALSE,FALSE},
{KEY_EXCHANGE,1,1,FALSE,FALSE},
@ -123,8 +128,7 @@ static supported_payload_entry_t supported_ike_sa_init_i_payloads[] =
/**
* Message rule for IKE_SA_INIT from responder.
*/
static supported_payload_entry_t supported_ike_sa_init_r_payloads[] =
{
static payload_rule_t ike_sa_init_r_payload_rules[] = {
{NOTIFY,0,MAX_NOTIFY_PAYLOADS,FALSE,TRUE},
{SECURITY_ASSOCIATION,1,1,FALSE,FALSE},
{KEY_EXCHANGE,1,1,FALSE,FALSE},
@ -134,8 +138,7 @@ static supported_payload_entry_t supported_ike_sa_init_r_payloads[] =
/**
* Message rule for IKE_AUTH from initiator.
*/
static supported_payload_entry_t supported_ike_auth_i_payloads[] =
{
static payload_rule_t ike_auth_i_payload_rules[] = {
{NOTIFY,0,MAX_NOTIFY_PAYLOADS,TRUE,FALSE},
{ID_INITIATOR,1,1,TRUE,FALSE},
{CERTIFICATE,0,1,TRUE,FALSE},
@ -145,13 +148,13 @@ static supported_payload_entry_t supported_ike_auth_i_payloads[] =
{SECURITY_ASSOCIATION,1,1,TRUE,FALSE},
{TRAFFIC_SELECTOR_INITIATOR,1,1,TRUE,FALSE},
{TRAFFIC_SELECTOR_RESPONDER,1,1,TRUE,FALSE},
{CONFIGURATION,0,1,TRUE,FALSE},
};
/**
* Message rule for IKE_AUTH from responder.
*/
static supported_payload_entry_t supported_ike_auth_r_payloads[] =
{
static payload_rule_t ike_auth_r_payload_rules[] = {
{NOTIFY,0,MAX_NOTIFY_PAYLOADS,TRUE,TRUE},
{CERTIFICATE,0,1,TRUE,FALSE},
{ID_RESPONDER,1,1,TRUE,FALSE},
@ -159,33 +162,17 @@ static supported_payload_entry_t supported_ike_auth_r_payloads[] =
{SECURITY_ASSOCIATION,1,1,TRUE,FALSE},
{TRAFFIC_SELECTOR_INITIATOR,1,1,TRUE,FALSE},
{TRAFFIC_SELECTOR_RESPONDER,1,1,TRUE,FALSE},
{CONFIGURATION,0,1,TRUE,FALSE},
};
/**
* Message rules, defines allowed payloads.
*/
static message_rule_t message_rules[] = {
{IKE_SA_INIT,TRUE,FALSE,(sizeof(supported_ike_sa_init_i_payloads)/sizeof(supported_payload_entry_t)),supported_ike_sa_init_i_payloads},
{IKE_SA_INIT,FALSE,FALSE,(sizeof(supported_ike_sa_init_r_payloads)/sizeof(supported_payload_entry_t)),supported_ike_sa_init_r_payloads},
{IKE_AUTH,TRUE,TRUE,(sizeof(supported_ike_auth_i_payloads)/sizeof(supported_payload_entry_t)),supported_ike_auth_i_payloads},
{IKE_AUTH,FALSE,TRUE,(sizeof(supported_ike_auth_r_payloads)/sizeof(supported_payload_entry_t)),supported_ike_auth_r_payloads}
};
typedef struct payload_entry_t payload_entry_t;
/**
* Entry for a payload in the internal used linked list.
*
*/
struct payload_entry_t {
/**
* Type of payload.
*/
payload_type_t payload_type;
/**
* Data struct holding the data of given payload.
*/
void *data_struct;
{IKE_SA_INIT,TRUE,FALSE,(sizeof(ike_sa_init_i_payload_rules)/sizeof(payload_rule_t)),ike_sa_init_i_payload_rules},
{IKE_SA_INIT,FALSE,FALSE,(sizeof(ike_sa_init_r_payload_rules)/sizeof(payload_rule_t)),ike_sa_init_r_payload_rules},
{IKE_AUTH,TRUE,TRUE,(sizeof(ike_auth_i_payload_rules)/sizeof(payload_rule_t)),ike_auth_i_payload_rules},
{IKE_AUTH,FALSE,TRUE,(sizeof(ike_auth_r_payload_rules)/sizeof(payload_rule_t)),ike_auth_r_payload_rules}
};
@ -222,8 +209,7 @@ struct private_message_t {
exchange_type_t exchange_type;
/**
* TRUE if message is request.
* FALSE if message is reply.
* TRUE if message is a request, FALSE if a reply.
*/
bool is_request;
@ -238,9 +224,7 @@ struct private_message_t {
ike_sa_id_t *ike_sa_id;
/**
* Assigned UDP packet.
*
* Stores incoming packet or last generated one.
* Assigned UDP packet, stores incoming packet or last generated one.
*/
packet_t *packet;
@ -254,39 +238,39 @@ struct private_message_t {
*/
parser_t *parser;
/**
* The message rule for this message instance
*/
message_rule_t *message_rule;
/**
* Assigned logger.
*/
logger_t *logger;
/**
* Gets a list of supported payloads of this message type.
* Sets the private message_rule member to the rule which
* applies to this message. Must be called before get_payload_rule().
*
* @param this calling object
* @param[out] message_rule pointer is set to the message_rule
* of current message type
*
* @return
* - SUCCESS
* - NOT_FOUND if no message rule
* for specific message type could be found
* - NOT_FOUND if no message rule applies to this message.
*/
status_t (*get_message_rule) (private_message_t *this, message_rule_t **message_rule);
status_t (*set_message_rule) (private_message_t *this);
/**
* Gets the supported_payload_entry_t for a specific message_rule_t and payload type.
* Gets the payload_rule_t for a specific message_rule_t and payload type.
*
* @param this calling object
* @param message_rule message rule
* @param payload_type payload type
* @param[out] payload_entry returned payload_entry_t
*
* @param[out] payload_rule returned payload_rule_t
* @return
* - SUCCESS
* - NOT_FOUND if no message rule
* for specific message type could be found
* - NOT_FOUND if payload not defined in current message rule
* - INVALID_STATE if message rule is not set via set_message_rule()
*/
status_t (*get_supported_payload_entry) (private_message_t *this, message_rule_t *message_rule,payload_type_t payload_type, supported_payload_entry_t **payload_entry);
status_t (*get_payload_rule) (private_message_t *this, payload_type_t payload_type, payload_rule_t **payload_rule);
/**
* Encrypts all payloads which has to get encrypted.
@ -296,24 +280,40 @@ struct private_message_t {
* @param this calling object
* @param crypter crypter_t object
* @param signer signer_t object
* @return
* - SUCCESS
* - INVALID_STATE if no crypter/signer supplied but needed
*/
status_t (*encrypt_payloads) (private_message_t *this,crypter_t *crypter, signer_t* signer);
/**
* Decrypts encrypted contents and also verifies all payloads.
* Decrypts encrypted contents, and checks if a payload is encrypted if it has to be.
*
* @param this calling object
* @param crypter crypter_t object
* @param signer signer_t object
* @return
* - SUCCESS
* - FAILED if decryption not successfull
* - INVALID_STATE if no crypter/signer supplied but needed
*/
status_t (*decrypt_and_verify_payloads) (private_message_t *this,crypter_t *crypter, signer_t* signer);
status_t (*decrypt_payloads) (private_message_t *this,crypter_t *crypter, signer_t* signer);
/**
* Verifies the message. Checks for payloads count.
*
* @param calling object
* @return
* - SUCCESS if message valid, or
* - FAILED if message does not align with message rules.
*/
status_t (*verify) (private_message_t *this);
};
/**
* Implementation of private_message_t.get_supported_payloads.
* Implementation of private_message_t.set_message_rule.
*/
static status_t get_message_rule (private_message_t *this, message_rule_t **message_rule)
static status_t set_message_rule(private_message_t *this)
{
int i;
@ -323,31 +323,31 @@ static status_t get_message_rule (private_message_t *this, message_rule_t **mes
(this->is_request == message_rules[i].is_request))
{
/* found rule for given exchange_type*/
*message_rule = &(message_rules[i]);
this->message_rule = &(message_rules[i]);
return SUCCESS;
}
}
*message_rule = NULL;
this->message_rule = NULL;
return NOT_FOUND;
}
/**
* Implementation of private_message_t.get_supported_payload_entry.
* Implementation of private_message_t.get_payload_rule.
*/
static status_t get_supported_payload_entry (private_message_t *this, message_rule_t *message_rule,payload_type_t payload_type, supported_payload_entry_t **payload_entry)
static status_t get_payload_rule(private_message_t *this, payload_type_t payload_type, payload_rule_t **payload_rule)
{
int i;
for (i = 0; i < message_rule->supported_payloads_count;i++)
for (i = 0; i < this->message_rule->payload_rule_count;i++)
{
if (message_rule->supported_payloads[i].payload_type == payload_type)
if (this->message_rule->payload_rules[i].payload_type == payload_type)
{
*payload_entry = &(message_rule->supported_payloads[i]);
*payload_rule = &(this->message_rule->payload_rules[i]);
return SUCCESS;
}
}
*payload_entry = NULL;
*payload_rule = NULL;
return NOT_FOUND;
}
@ -541,7 +541,6 @@ static status_t generate(private_message_t *this, crypter_t *crypter, signer_t*
ike_header_t *ike_header;
payload_t *payload, *next_payload;
iterator_t *iterator;
message_rule_t *message_rule;
status_t status;
this->logger->log(this->logger, CONTROL, "Generating message of type %s, contains %d payloads",
@ -550,27 +549,32 @@ static status_t generate(private_message_t *this, crypter_t *crypter, signer_t*
if (this->exchange_type == EXCHANGE_TYPE_UNDEFINED)
{
this->logger->log(this->logger, ERROR | MORE, "Exchange type %s is not defined",mapping_find(exchange_type_m,this->exchange_type));
this->logger->log(this->logger, ERROR | MORE, "Exchange type %s is not defined",
mapping_find(exchange_type_m,this->exchange_type));
return INVALID_STATE;
}
status = this->get_message_rule(this, &message_rule);
if (status != SUCCESS)
{
this->logger->log(this->logger, ERROR | MORE, "Message rule could not be found for exchange type %s",
mapping_find(exchange_type_m,this->exchange_type));
return status;
}
if (this->packet->source == NULL ||
this->packet->destination == NULL)
{
this->logger->log(this->logger, ERROR | MORE, "Source/destination not defined");
this->logger->log(this->logger, ERROR|MORE, "%s not defined",
!this->packet->source ? "source" : "destination");
return INVALID_STATE;
}
/* set the rules for this messge */
status = this->set_message_rule(this);
if (status != SUCCESS)
{
this->logger->log(this->logger, ERROR, "No message rules specified for a %s %s",
mapping_find(exchange_type_m,this->exchange_type),
this->is_request ? "request" : "response");
return NOT_SUPPORTED;
}
/* going to encrypt all content which have to be encrypted */
status = this->encrypt_payloads(this,crypter,signer);
status = this->encrypt_payloads(this, crypter, signer);
if (status != SUCCESS)
{
this->logger->log(this->logger, ERROR | MORE, "Could not encrypt payloads");
@ -591,9 +595,9 @@ static status_t generate(private_message_t *this, crypter_t *crypter, signer_t*
payload = (payload_t*)ike_header;
iterator = this->payloads->create_iterator(this->payloads, TRUE);
/* generate every payload expect last one*/
/* generate every payload expect last one, this is doen later*/
iterator = this->payloads->create_iterator(this->payloads, TRUE);
while(iterator->has_next(iterator))
{
iterator->current(iterator, (void**)&next_payload);
@ -634,7 +638,8 @@ static status_t generate(private_message_t *this, crypter_t *crypter, signer_t*
/* clone packet for caller */
*packet = this->packet->clone(this->packet);
this->logger->log(this->logger, CONTROL, "Message of type %s generated successfully",mapping_find(exchange_type_m,this->exchange_type));
this->logger->log(this->logger, CONTROL, "Message of type %s generated successfully",
mapping_find(exchange_type_m,this->exchange_type));
return SUCCESS;
}
@ -699,11 +704,22 @@ static status_t parse_header(private_message_t *this)
this->minor_version = ike_header->get_min_version(ike_header);
this->first_payload = ike_header->payload_interface.get_next_type(&(ike_header->payload_interface));
this->logger->log(this->logger, CONTROL, "Parsed a %s %s", mapping_find(exchange_type_m, this->exchange_type),
this->logger->log(this->logger, CONTROL, "Parsed a %s %s",
mapping_find(exchange_type_m, this->exchange_type),
this->is_request ? "request" : "response");
ike_header->destroy(ike_header);
return SUCCESS;
ike_header->destroy(ike_header);
/* get the rules for this messge */
status = this->set_message_rule(this);
if (status != SUCCESS)
{
this->logger->log(this->logger, ERROR, "No message rules specified for a %s %s",
mapping_find(exchange_type_m,this->exchange_type),
this->is_request ? "request" : "response");
}
return status;
}
/**
@ -712,11 +728,14 @@ static status_t parse_header(private_message_t *this)
static status_t parse_body(private_message_t *this, crypter_t *crypter, signer_t *signer)
{
status_t status = SUCCESS;
payload_type_t current_payload_type = this->first_payload;
payload_type_t current_payload_type;
current_payload_type = this->first_payload;
this->logger->log(this->logger, CONTROL|MORE, "Parsing body of message, first payload %s",
mapping_find(payload_type_m, current_payload_type));
/* parse payload for payload, while there are more available */
while ((current_payload_type != NO_PAYLOAD))
{
payload_t *current_payload;
@ -724,6 +743,7 @@ static status_t parse_body(private_message_t *this, crypter_t *crypter, signer_t
this->logger->log(this->logger, CONTROL|MOST, "Start parsing payload of type %s",
mapping_find(payload_type_m, current_payload_type));
/* parse current payload */
status = this->parser->parse_payload(this->parser,current_payload_type,(payload_t **) &current_payload);
if (status != SUCCESS)
{
@ -734,6 +754,7 @@ static status_t parse_body(private_message_t *this, crypter_t *crypter, signer_t
this->logger->log(this->logger, CONTROL|MOST, "Verify payload of type %s",
mapping_find(payload_type_m, current_payload_type));
/* verify it, stop parsig if its invalid */
status = current_payload->verify(current_payload);
if (status != SUCCESS)
{
@ -747,7 +768,7 @@ static status_t parse_body(private_message_t *this, crypter_t *crypter, signer_t
mapping_find(payload_type_m, current_payload_type));
this->payloads->insert_last(this->payloads,current_payload);
/* stop if an encryption payload found */
/* an encryption payload is the last one, so STOP here. decryption is done later */
if (current_payload_type == ENCRYPTED)
{
this->logger->log(this->logger, CONTROL|MOST, "Payload of type encrypted found. Stop parsing.",
@ -764,78 +785,91 @@ static status_t parse_body(private_message_t *this, crypter_t *crypter, signer_t
this->is_request ? "request" : "response",
this->payloads->get_count(this->payloads));
status = this->decrypt_and_verify_payloads(this,crypter,signer);
/* */
if (current_payload_type == ENCRYPTED)
status = this->decrypt_payloads(this,crypter,signer);
if (status != SUCCESS)
{
this->logger->log(this->logger, ERROR, "Could not decrypt and verify payloads");
this->logger->log(this->logger, ERROR, "Could not decrypt payloads");
return status;
}
return SUCCESS;
status = this->verify(this);
if (status != SUCCESS)
{
this->logger->log(this->logger, ERROR, "Verification of message failed");
}
return status;
}
/**
* Implementation of message_t.verify.
* Implementation of private_message_t.verify.
*/
static status_t verify(private_message_t *this)
{
int i;
status_t status;
iterator_t *iterator;
message_rule_t *message_rule;
size_t total_found_payloads = 0;
this->logger->log(this->logger, CONTROL|MORE, "Verifying message structure");
status = this->get_message_rule(this, &message_rule);
if (status != SUCCESS)
{
this->logger->log(this->logger, ERROR | MORE, "Message rule could not be found for exchange type %s",
mapping_find(exchange_type_m,this->exchange_type));
return status;
}
iterator = this->payloads->create_iterator(this->payloads,TRUE);
/* check for payloads with wrong count*/
for (i = 0; i < message_rule->supported_payloads_count;i++)
for (i = 0; i < this->message_rule->payload_rule_count;i++)
{
size_t found_payloads = 0;
/* check all payloads for specific rule */
iterator->reset(iterator);
while(iterator->has_next(iterator))
{
payload_t *current_payload;
iterator->current(iterator,(void **)&current_payload);
payload_type_t current_payload_type;
if (current_payload->get_type(current_payload) == message_rule->supported_payloads[i].payload_type)
iterator->current(iterator,(void **)&current_payload);
current_payload_type = current_payload->get_type(current_payload);
if (current_payload_type == UNKNOWN_PAYLOAD)
{
/* unknown payloads are ignored, IF they are not critical */
unknown_payload_t *unknown_payload = (unknown_payload_t*)current_payload;
if (unknown_payload->is_critical(unknown_payload))
{
this->logger->log(this->logger, ERROR, "%s (%d) is not supported, but its critical!",
mapping_find(payload_type_m, current_payload_type), current_payload_type);
iterator->destroy(iterator);
return NOT_SUPPORTED;
}
}
else if (current_payload_type == this->message_rule->payload_rules[i].payload_type)
{
found_payloads++;
total_found_payloads++;
this->logger->log(this->logger, CONTROL | MOST, "Found payload of type %s",
mapping_find(payload_type_m,message_rule->supported_payloads[i].payload_type));
mapping_find(payload_type_m, this->message_rule->payload_rules[i].payload_type));
/* as soon as ohe payload occures more then specified, the verification fails */
if (found_payloads > message_rule->supported_payloads[i].max_occurence)
if (found_payloads > this->message_rule->payload_rules[i].max_occurence)
{
this->logger->log(this->logger, ERROR, "Payload of type %s more than %d times (%d) occured in current message",
mapping_find(payload_type_m,current_payload->get_type(current_payload)),
message_rule->supported_payloads[i].max_occurence,found_payloads);
mapping_find(payload_type_m, current_payload_type),
this->message_rule->payload_rules[i].max_occurence, found_payloads);
iterator->destroy(iterator);
return NOT_SUPPORTED;
return FAILED;
}
}
}
if (found_payloads < message_rule->supported_payloads[i].min_occurence)
if (found_payloads < this->message_rule->payload_rules[i].min_occurence)
{
this->logger->log(this->logger, ERROR, "Payload of type %s not occured %d times (%d)",
mapping_find(payload_type_m,message_rule->supported_payloads[i].payload_type),
message_rule->supported_payloads[i].min_occurence,found_payloads);
mapping_find(payload_type_m, this->message_rule->payload_rules[i].payload_type),
this->message_rule->payload_rules[i].min_occurence, found_payloads);
iterator->destroy(iterator);
return NOT_SUPPORTED;
return FAILED;
}
if ((message_rule->supported_payloads[i].can_be_last) && (this->payloads->get_count(this->payloads) == total_found_payloads))
if ((this->message_rule->payload_rules[i].sufficient) && (this->payloads->get_count(this->payloads) == total_found_payloads))
{
iterator->destroy(iterator);
return SUCCESS;
@ -849,29 +883,20 @@ static status_t verify(private_message_t *this)
/**
* Implementation of private_message_t.decrypt_and_verify_payloads.
*/
static status_t decrypt_and_verify_payloads (private_message_t *this,crypter_t *crypter, signer_t* signer)
static status_t decrypt_payloads(private_message_t *this,crypter_t *crypter, signer_t* signer)
{
bool current_payload_was_encrypted = FALSE;
payload_t *last_payload = NULL;
message_rule_t *message_rule;
payload_t *previous_payload = NULL;
int payload_number = 1;
iterator_t *iterator;
status_t status;
status = this->get_message_rule(this, &message_rule);
if (status != SUCCESS)
{
this->logger->log(this->logger, ERROR | MORE, "Message rule could not be found for exchange type %s",
mapping_find(exchange_type_m,this->exchange_type));
return status;
}
iterator = this->payloads->create_iterator(this->payloads,TRUE);
/* process each payload and decrypt a encryption payload */
while(iterator->has_next(iterator))
{
supported_payload_entry_t *supported_payload_entry;
payload_rule_t *payload_rule;
payload_type_t current_payload_type;
payload_t *current_payload;
@ -888,28 +913,18 @@ static status_t decrypt_and_verify_payloads (private_message_t *this,crypter_t *
encryption_payload_t *encryption_payload;
payload_t *current_encrypted_payload;
encryption_payload = (encryption_payload_t*)current_payload;
this->logger->log(this->logger, CONTROL | MORE, "Found an encryption payload");
if (!message_rule->encrypted_content)
{
this->logger->log(this->logger, ERROR | MORE, "Encrypted payload not allowed for this message type");
iterator->destroy(iterator);
/* encrypted payload is not last one */
return FAILED;
}
if (payload_number != this->payloads->get_count(this->payloads))
{
/* encrypted payload is not last one */
this->logger->log(this->logger, ERROR | MORE, "Encrypted payload is not last payload");
iterator->destroy(iterator);
/* encrypted payload is not last one */
return FAILED;
}
iterator->current(iterator,(void **)&encryption_payload);
/* encrypt payload */
/* decrypt */
encryption_payload->set_transforms(encryption_payload, crypter, signer);
this->logger->log(this->logger, CONTROL | MORE, "Verify signature of encryption payload");
status = encryption_payload->verify_signature(encryption_payload, this->packet->data);
@ -929,54 +944,37 @@ static status_t decrypt_and_verify_payloads (private_message_t *this,crypter_t *
return status;
}
/* needed to later find out if a payload has to be encrypted or not */
/* needed later to find out if a payload was encrypted */
current_payload_was_encrypted = TRUE;
/* check if there are payloads contained in the encryption payload */
if (encryption_payload->get_payload_count(encryption_payload) == 0)
{
this->logger->log(this->logger, CONTROL | MORE, "Encrypted payload is empty");
this->logger->log(this->logger, CONTROL | MOST, "Encrypted payload is empty");
/* remove the encryption payload, is not needed anymore */
iterator->remove(iterator);
encryption_payload->destroy(encryption_payload);
/* encrypted payload contains no other payload */
current_payload_type = NO_PAYLOAD;
if (last_payload == NULL)
{
/* encrypted content was the only payload in IKEv2-Message
* Set the first payload to the first payload of encrypted ones */
this->first_payload = current_payload_type;
}
else
{
/* another payload was here before the encrypted content
* Set the next payload of proceeding payload
* to the first payload of encrypted ones */
last_payload->set_next_type(last_payload,current_payload_type);
}
break;
}
this->logger->log(this->logger, CONTROL | MORE, "Encrypted payload is not empty");
/* encryption_payload is replaced with first encrypted payload*/
encryption_payload->remove_first_payload(encryption_payload, &current_encrypted_payload);
this->logger->log(this->logger, CONTROL | MORE, "Replace encrypted payload with payload of type %s.",
mapping_find(payload_type_m,current_encrypted_payload->get_type(current_encrypted_payload)));
iterator->replace(iterator,NULL,(void *) current_encrypted_payload);
current_payload_type = current_encrypted_payload->get_type(current_encrypted_payload);
if (last_payload == NULL)
else
{
/* encrypted content was the only payload in IKEv2-Message
* Set the first payload to the first payload of encrypted ones */
this->logger->log(this->logger, CONTROL | MOST, "Encrypted payload is not empty");
/* encryption_payload is replaced with first payload contained in encryption_payload */
encryption_payload->remove_first_payload(encryption_payload, &current_encrypted_payload);
iterator->replace(iterator,NULL,(void *) current_encrypted_payload);
current_payload_type = current_encrypted_payload->get_type(current_encrypted_payload);
}
/* is the current paylad the first in the message? */
if (previous_payload == NULL)
{
/* yes, set the first payload type of the message to the current type */
this->first_payload = current_payload_type;
}
else
{
/* another payload was here before the encrypted content
* Set the next payload of proceeding payload
* to the first payload of encrypted ones */
last_payload->set_next_type(last_payload,current_payload_type);
/* no, set the next_type of the previous payload to the current type */
previous_payload->set_next_type(previous_payload, current_payload_type);
}
/* all encrypted payloads are added to the payload list */
@ -987,37 +985,41 @@ static status_t decrypt_and_verify_payloads (private_message_t *this,crypter_t *
this->payloads->insert_last(this->payloads,current_encrypted_payload);
}
/* encryption payload is not needed anymore cause all payloads are
* moved to internal payload list */
encryption_payload->destroy(encryption_payload);
/* encryption payload is processed, payloads are moved. Destroy it. */
encryption_payload->destroy(encryption_payload);
}
status = this->get_supported_payload_entry(this,message_rule,current_payload_type,&supported_payload_entry);
if (status != SUCCESS)
/* we allow unknown payloads of any type and don't bother if it was encrypted. Not our problem. */
if (current_payload_type != UNKNOWN_PAYLOAD)
{
/* payload type not supported */
this->logger->log(this->logger, ERROR | MORE, "Payload type %s not allowed",mapping_find(payload_type_m,current_payload_type));
iterator->destroy(iterator);
return status;
}
if (supported_payload_entry->encrypted != current_payload_was_encrypted)
{
/* payload type not supported */
this->logger->log(this->logger, ERROR | MORE, "Payload type %s should be %s!",
mapping_find(payload_type_m,current_payload_type),
(supported_payload_entry->encrypted) ? "encrypted": "not encrypted");
iterator->destroy(iterator);
return status;
/* get the ruleset for found payload */
status = this->get_payload_rule(this, current_payload_type, &payload_rule);
if (status != SUCCESS)
{
/* payload is not allowed */
this->logger->log(this->logger, ERROR | MORE, "Payload type %s not allowed",mapping_find(payload_type_m,current_payload_type));
iterator->destroy(iterator);
return status;
}
/* check if the payload was encrypted, and if it should been have encrypted */
if (payload_rule->encrypted != current_payload_was_encrypted)
{
/* payload was not encrypted, but should have been. or vice-versa */
this->logger->log(this->logger, ERROR | MORE, "Payload type %s should be %s!",
mapping_find(payload_type_m,current_payload_type),
(payload_rule->encrypted) ? "encrypted": "not encrypted");
iterator->destroy(iterator);
return FAILED;
}
}
/* advance to the next payload */
payload_number++;
/* is stored to set next payload in case of found encryption payload */
last_payload = current_payload;
previous_payload = current_payload;
}
iterator->destroy(iterator);
return this->public.verify(&(this->public));
return SUCCESS;
}
/**
@ -1026,19 +1028,10 @@ static status_t decrypt_and_verify_payloads (private_message_t *this,crypter_t *
static status_t encrypt_payloads (private_message_t *this,crypter_t *crypter, signer_t* signer)
{
encryption_payload_t *encryption_payload = NULL;
message_rule_t *message_rule;
status_t status;
linked_list_t *all_payloads;
status = this->get_message_rule(this, &message_rule);
if (status != SUCCESS)
{
this->logger->log(this->logger, ERROR | MORE, "Message rule could not be found for exchange type %s",
mapping_find(exchange_type_m,this->exchange_type));
return status;
}
if (!message_rule->encrypted_content)
if (!this->message_rule->encrypted_content)
{
this->logger->log(this->logger, CONTROL | MORE, "Message doesn't have to be encrypted");
/* message contains no content to encrypt */
@ -1059,17 +1052,17 @@ static status_t encrypt_payloads (private_message_t *this,crypter_t *crypter, si
this->logger->log(this->logger, CONTROL | MOST, "Check each payloads if they have to get encrypted");
while (all_payloads->get_count(all_payloads) > 0)
{
supported_payload_entry_t *supported_payload_entry;
payload_rule_t *payload_rule;
payload_t *current_payload;
bool to_encrypt = FALSE;
all_payloads->remove_first(all_payloads,(void **)&current_payload);
this->logger->log(this->logger, CONTROL | MOST, "Get rule for payload %s", mapping_find(payload_type_m,current_payload->get_type(current_payload)));
status = this->get_supported_payload_entry(this,message_rule,current_payload->get_type(current_payload),&supported_payload_entry);
status = this->get_payload_rule(this,current_payload->get_type(current_payload),&payload_rule);
/* for payload types which are not found in supported payload list, it is presumed
* that they don't have to be encrypted */
if ((status == SUCCESS) && (supported_payload_entry->encrypted))
if ((status == SUCCESS) && (payload_rule->encrypted))
{
this->logger->log(this->logger, CONTROL | MOST, "Payload %s has to get encrypted",
mapping_find(payload_type_m,current_payload->get_type(current_payload)));
@ -1125,7 +1118,7 @@ static void destroy (private_message_t *this)
{
iterator_t *iterator;
this->logger->log(this->logger, CONTROL | MOST, "Going to destroy message_t object");
this->logger->log(this->logger, CONTROL|ALL, "Going to destroy message_t object");
this->packet->destroy(this->packet);
@ -1139,7 +1132,7 @@ static void destroy (private_message_t *this)
{
payload_t *payload;
iterator->current(iterator, (void**)&payload);
this->logger->log(this->logger, CONTROL|MOST, "Destroying payload of type %s",
this->logger->log(this->logger, CONTROL|ALL, "Destroying payload of type %s",
mapping_find(payload_type_m, payload->get_type(payload)));
payload->destroy(payload);
}
@ -1181,7 +1174,6 @@ message_t *message_create_from_packet(packet_t *packet)
this->public.get_payload_iterator = (iterator_t * (*) (message_t *)) get_payload_iterator;
this->public.parse_header = (status_t (*) (message_t *)) parse_header;
this->public.parse_body = (status_t (*) (message_t *,crypter_t*,signer_t*)) parse_body;
this->public.verify = (status_t (*) (message_t*)) verify;
this->public.get_packet = (packet_t * (*) (message_t*)) get_packet;
this->public.get_packet_data = (chunk_t (*) (message_t *this)) get_packet_data;
this->public.destroy = (void(*)(message_t*))destroy;
@ -1194,16 +1186,18 @@ message_t *message_create_from_packet(packet_t *packet)
this->message_id = 0;
/* private functions */
this->get_message_rule = get_message_rule;
this->get_supported_payload_entry = get_supported_payload_entry;
this->set_message_rule = set_message_rule;
this->get_payload_rule = get_payload_rule;
this->encrypt_payloads = encrypt_payloads;
this->decrypt_and_verify_payloads = decrypt_and_verify_payloads;
this->decrypt_payloads = decrypt_payloads;
this->verify = verify;
/* private values */
if (packet == NULL)
{
packet = packet_create();
}
this->message_rule = NULL;
this->packet = packet;
this->payloads = linked_list_create();

90
Source/charon/encoding/message.h
View File

@ -38,7 +38,15 @@ typedef struct message_t message_t;
/**
* @brief This class is used to represent an IKEv2-Message.
*
* An IKEv2-Message is either a request or response.
* The message handles parsing and generation of payloads
* via parser_t/generator_t. Encryption is done transparently
* via the encryption_payload_t. A set of rules for messages
* and payloads does check parsed messages.
*
* @b Constructors:
* - message_create()
* - message_create_from_packet()
* - message_create_notify_reply()
*
* @ingroup encoding
*/
@ -159,6 +167,12 @@ struct message_t {
/**
* @brief Append a payload to the message.
*
* If the payload must be encrypted is not specified here. Encryption
* of payloads is evaluated via internal rules for the messages and
* is done before generation. The order of payloads may change, since
* all payloads to encrypt are added to the encryption payload, which is
* always the last one.
*
* @param this message_t object
* @param payload payload to append
@ -166,7 +180,11 @@ struct message_t {
void (*add_payload) (message_t *this, payload_t *payload);
/**
* @brief Parses header of message
* @brief Parses header of message.
*
* Begins parisng of a message created via message_create_from_packet().
* The parsing context is stored, so a subsequent call to parse_body()
* will continue the parsing process.
*
* @param this message_t object
* @return
@ -181,42 +199,53 @@ struct message_t {
*
* The body gets not only parsed, but rather it gets verified.
* All payloads are verified if they are allowed to exist in the message
* of this type and if their own structure is ok.
* of this type and if their own structure is ok.
* If there are encrypted payloads, they get decrypted via the supplied
* crypter. Also the message integrity gets verified with the supplied
* signer.
* Crypter/signer can be omitted (by passing NULL) when no encryption
* payload is expected.
*
* @param this message_t object
* @param crypter crypter to decrypt encryption payloads
* @param signer signer to verifiy a message with an encryption payload
* @return
* - SUCCESS if header could be parsed
* - NOT_SUPPORTED if unsupported payload are contained in body
* - NOT_SUPPORTED if ciritcal unknown payloads found
* - FAILED if message type is not suppported!
* - PARSE_ERROR if corrupted/invalid data found
* - VERIFY_ERROR if verification of some payload failed
* - INVALID_STATE if crypter/signer not supplied, but needed
*/
status_t (*parse_body) (message_t *this, crypter_t *crypter, signer_t *signer);
/**
* @brief Generates the UDP packet of specific message
* @brief Generates the UDP packet of specific message.
*
* Payloads which must be encrypted are generated first and added to
* an encryption payload. This encryption payload will get encrypted via
* the supplied crypter. Then all other payloads and the header get generated.
* After that, the checksum is added to the encryption payload over the full
* message.
* Crypter/signer can be omitted (by passing NULL) when no encryption
* payload is expected.
*
* @param this message_t object
* @param crypter crypter to use when a payload must be encrypted
* @param signer signer to build a mac
* @return
* - SUCCESS if packet could be generated
* - EXCHANGE_TYPE_NOT_SET if exchange type is currently not set
* ....
* - INVALID_STATE if exchange type is currently not set
* - NOT_FOUND if no rules found for message generation
* - INVALID_STATE if crypter/signer not supplied but needed.
*/
status_t (*generate) (message_t *this, crypter_t *crypter, signer_t *signer, packet_t **packet);
/**
* Verifies the structure of the message_t object.
* @brief Gets the source host informations.
*
* The payloads are checked for the correct occurence count.
*
* @param this message_t object
*/
status_t (*verify) (message_t *this);
/**
* Gets the source host informations.
*
* @warning Returned host_t object is not getting cloned.
* @warning Returned host_t object is not getting cloned,
* do not destroy nor modify.
*
* @param this message_t object
* @return host_t object representing source host
@ -224,7 +253,7 @@ struct message_t {
host_t * (*get_source) (message_t *this);
/**
* Sets the source host informations.
* @brief Sets the source host informations.
*
* @warning host_t object is not getting cloned and gets destroyed by
* message_t.destroy or next call of message_t.set_source.
@ -235,9 +264,10 @@ struct message_t {
void (*set_source) (message_t *this, host_t *host);
/**
* Gets the destination host informations.
* @brief Gets the destination host informations.
*
* @warning Returned host_t object is not getting cloned.
* @warning Returned host_t object is not getting cloned,
* do not destroy nor modify.
*
* @param this message_t object
* @return host_t object representing destination host
@ -245,7 +275,7 @@ struct message_t {
host_t * (*get_destination) (message_t *this);
/**
* Sets the destination host informations.
* @brief Sets the destination host informations.
*
* @warning host_t object is not getting cloned and gets destroyed by
* message_t.destroy or next call of message_t.set_destination.
@ -256,10 +286,10 @@ struct message_t {
void (*set_destination) (message_t *this, host_t *host);
/**
* Returns an iterator on all stored payloads.
* @brief Returns an iterator on all stored payloads.
*
* @warning Don't insert payloads over this iterator.
* Use message_t.add_payload instead.
* Use add_payload() instead.
*
* @param this message_t object
* @return iterator_t object which has to get destroyd by the caller
@ -292,7 +322,7 @@ struct message_t {
};
/**
* Creates an message_t object from a incoming UDP Packet.
* @brief Creates an message_t object from a incoming UDP Packet.
*
* @warning the given packet_t object is not copied and gets
* destroyed in message_t's destroy call.
@ -302,9 +332,9 @@ struct message_t {
* - exchange_type is set to NOT_SET
* - original_initiator is set to TRUE
* - is_request is set to TRUE
* Call message_t.parse_header afterwards.
*
* @param packet packet_t object which is assigned to message
*
* @param packet packet_t object which is assigned to message
* @return created message_t object
*
* @ingroup encoding
@ -313,7 +343,7 @@ message_t * message_create_from_packet(packet_t *packet);
/**
* Creates an empty message_t object.
* @brief Creates an empty message_t object.
*
* - exchange_type is set to NOT_SET
* - original_initiator is set to TRUE
@ -326,7 +356,7 @@ message_t * message_create_from_packet(packet_t *packet);
message_t * message_create();
/**
* Creates an message_t object of type reply containing a notify payload.
* @brief Creates an message_t object of type reply containing a notify payload.
*
* @return created message_t object
*

25
Source/charon/encoding/parser.c
View File

@ -51,6 +51,7 @@
#include <encoding/payloads/cp_payload.h>
#include <encoding/payloads/configuration_attribute.h>
#include <encoding/payloads/eap_payload.h>
#include <encoding/payloads/unknown_payload.h>
typedef struct private_parser_t private_parser_t;
@ -587,6 +588,9 @@ static status_t parse_payload(private_parser_t *this, payload_type_t payload_typ
int rule_number;
encoding_rule_t *rule;
/* create instance of the payload to parse */
pld = payload_create(payload_type);
this->logger->log(this->logger, CONTROL|MORE, "parsing %s payload, %d bytes left",
mapping_find(payload_type_m, payload_type),
this->input_roof-this->byte_pos);
@ -594,18 +598,17 @@ static status_t parse_payload(private_parser_t *this, payload_type_t payload_typ
this->logger->log_bytes(this->logger, RAW, "parsing payload from", this->byte_pos,
this->input_roof-this->byte_pos);
/* ok, do the parsing */
pld = payload_create(payload_type);
if (pld == NULL)
if (pld->get_type(pld) == UNKNOWN_PAYLOAD)
{
this->logger->log(this->logger, ERROR, " payload %s not supported", mapping_find(payload_type_m, payload_type));
return NOT_SUPPORTED;
this->logger->log(this->logger, ERROR|MORE, " payload type %d is unknown, handling as %s",
payload_type, mapping_find(payload_type_m, UNKNOWN_PAYLOAD));
}
/* base pointer for output, avoids casting in every rule */
output = pld;
/* parse the payload with its own rulse */
pld->get_encoding_rules(pld, &(this->rules), &rule_count);
for (rule_number = 0; rule_number < rule_count; rule_number++)
{
rule = &(this->rules[rule_number]);
@ -974,6 +977,16 @@ static status_t parse_payload(private_parser_t *this, payload_type_t payload_typ
}
break;
}
case UNKNOWN_PAYLOAD:
{
size_t unknown_payload_data_length = payload_length - UNKNOWN_PAYLOAD_HEADER_LENGTH;
if (this->parse_chunk(this, rule_number, output + rule->offset, unknown_payload_data_length) != SUCCESS)
{
pld->destroy(pld);
return PARSE_ERROR;
}
break;
}
default:
{
this->logger->log(this->logger, ERROR, " no rule to parse rule %d %s (%d)", rule_number, mapping_find(encoding_type_m, rule->type), rule->type);

6
Source/charon/encoding/payloads/payload.c
View File

@ -1,7 +1,7 @@
/**
* @file payload.c
*
* @brief Generic payload interface
* @brief Generic constructor to the payload_t interface.
*
*
*/
@ -122,12 +122,10 @@ payload_t *payload_create(payload_type_t type)
return (payload_t*)configuration_attribute_create();
case EXTENSIBLE_AUTHENTICATION:
return (payload_t*)eap_payload_create();
case UNKNOWN_PAYLOAD:
return (payload_t*)unknown_payload_create();
case ENCRYPTED:
return (payload_t*)encryption_payload_create();
default:
return NULL;
return (payload_t*)unknown_payload_create();
}
}

82
Source/charon/encoding/payloads/payload.h
View File

@ -1,7 +1,7 @@
/**
* @file payload.h
*
* @brief Generic payload interface.
* @brief Interface payload_t.
*
*
*/
@ -32,8 +32,7 @@
typedef enum payload_type_t payload_type_t;
/**
* Payload-Types of a IKEv2-Message.
*
* @brief Payload-Types of a IKEv2-Message.
*
* Header and substructures are also defined as
* payload types with values from PRIVATE USE space.
@ -43,87 +42,87 @@ typedef enum payload_type_t payload_type_t;
enum payload_type_t{
/**
* NO_PAYLOAD
* End of payload list in next_payload
*/
NO_PAYLOAD = 0,
/**
* SA
* The security association (SA) payload containing proposals.
*/
SECURITY_ASSOCIATION = 33,
/**
* KE
* The key exchange (KE) payload containing diffie-hellman values.
*/
KEY_EXCHANGE = 34,
/**
* IDi
* Identification for the original initiator (IDi).
*/
ID_INITIATOR = 35,
/**
* IDr
* Identification for the original responder (IDr).
*/
ID_RESPONDER = 36,
/**
* CERT
* Certificate payload with certificates (CERT).
*/
CERTIFICATE = 37,
/**
* CERTREQ
* Certificate request payload (CERTREQ).
*/
CERTIFICATE_REQUEST = 38,
/**
* AUTH
* Authentication payload contains auth data (AUTH).
*/
AUTHENTICATION = 39,
/**
* Ni, Nr
* Nonces, for initator and responder (Ni, Nr, N)
*/
NONCE = 40,
/**
* N
* Notif paylaod (N).
*/
NOTIFY = 41,
/**
* D
* Delete payload (D)
*/
DELETE = 42,
/**
* V
* Vendor id paylpoad (V).
*/
VENDOR_ID = 43,
/**
* TSi
* Traffic selector for the original initiator (TSi).
*/
TRAFFIC_SELECTOR_INITIATOR = 44,
/**
* TSr
* Traffic selector for the original responser (TSr).
*/
TRAFFIC_SELECTOR_RESPONDER = 45,
/**
* E
* Encryption payload, contains other payloads (E).
*/
ENCRYPTED = 46,
/**
* CP
* Configuration payload (CP).
*/
CONFIGURATION = 47,
/**
* EAP
* Extensible authentication payload (EAP).
*/
EXTENSIBLE_AUTHENTICATION = 48,
@ -185,8 +184,8 @@ enum payload_type_t{
};
/*
* Build string mapping array for payload_type_t.
/**
* String mappings for payload_type_t.
*/
extern mapping_t payload_type_m[];
@ -194,21 +193,21 @@ extern mapping_t payload_type_m[];
typedef struct payload_t payload_t;
/**
* @brief Generic interface for all payload types (inclusive
* header and substructures).
* @brief Generic interface for all payload types (incl.header and substructures).
*
* To handle all kinds of payloads on a generic way, this interface must
* be implemented by every payload. This allows parser_t/generator_t a simple
* handling of all payloads.
*
* @b Constructors:
* - payload_create() with the payload to instanciate.
*
* @ingroup payloads
*/
struct payload_t {
/**
* @brief Destroys a payload and all included substructures.
*
* @param this payload to destroy
*/
void (*destroy) (payload_t *this);
/**
* @brief Get encoding rules for this payload
* @brief Get encoding rules for this payload.
*
* @param this calling object
* @param[out] rules location to store pointer of first rule
@ -217,7 +216,7 @@ struct payload_t {
void (*get_encoding_rules) (payload_t *this, encoding_rule_t **rules, size_t *rule_count);
/**
* @brief get type of payload
* @brief Get type of payload.
*
* @param this calling object
* @return type of this payload
@ -225,7 +224,7 @@ struct payload_t {
payload_type_t (*get_type) (payload_t *this);
/**
* @brief get type of next payload or zero if this is the last one
* @brief Get type of next payload or NO_PAYLOAD (0) if this is the last one.
*
* @param this calling object
* @return type of next payload
@ -233,7 +232,7 @@ struct payload_t {
payload_type_t (*get_next_type) (payload_t *this);
/**
* @brief set type of next payload
* @brief Set type of next payload.
*
* @param this calling object
* @param type type of next payload
@ -241,7 +240,7 @@ struct payload_t {
void (*set_next_type) (payload_t *this,payload_type_t type);
/**
* @brief get length of payload
* @brief Get length of payload.
*
* @param this calling object
* @return length of this payload
@ -249,7 +248,7 @@ struct payload_t {
size_t (*get_length) (payload_t *this);
/**
* @brief Verifies payload structure and makes consistence check
* @brief Verifies payload structure and makes consistence check.
*
* @param this calling object
* @return
@ -257,18 +256,25 @@ struct payload_t {
* - FAILED if consistence not given
*/
status_t (*verify) (payload_t *this);
/**
* @brief Destroys a payload and all included substructures.
*
* @param this payload to destroy
*/
void (*destroy) (payload_t *this);
};
/**
* @brief Create an empty payload.
*
* Useful for the parser, who wants a generic constructor for all payloads.
* It supports all payload_t methods.
* It supports all payload_t methods. If a payload type is not known,
* an unknwon_paylod is created with the chunk of data in it.
*
* @param type type of the payload to create
* @return created payload
*/
payload_t *payload_create(payload_type_t type);
#endif /*PAYLOAD_H_*/

66
Source/charon/encoding/payloads/unknown_payload.c
View File

@ -29,9 +29,9 @@ typedef struct private_unknown_payload_t private_unknown_payload_t;
/**
* Private data of an unknown_payload_t object.
*
*/
struct private_unknown_payload_t {
/**
* Public unknown_payload_t interface.
*/
@ -40,7 +40,7 @@ struct private_unknown_payload_t {
/**
* Next payload type.
*/
u_int8_t next_payload;
u_int8_t next_payload;
/**
* Critical flag.
@ -52,11 +52,6 @@ struct private_unknown_payload_t {
*/
u_int16_t payload_length;
/**
* Type of this payload.
*/
payload_type_t payload_type;
/**
* The contained data.
*/
@ -64,7 +59,7 @@ struct private_unknown_payload_t {
};
/**
* Encoding rules to parse or generate a EAP payload.
* Encoding rules to parse an payload which is not further specified.
*
* The defined offsets are the positions in a object of type
* private_unknown_payload_t.
@ -86,7 +81,7 @@ encoding_rule_t unknown_payload_encodings[] = {
/* Length of the whole payload*/
{ PAYLOAD_LENGTH, offsetof(private_unknown_payload_t, payload_length)},
/* some unknown data bytes, length is defined in PAYLOAD_LENGTH */
{ UNKNOWN_DATA, offsetof(private_unknown_payload_t, data) }
{ UNKNOWN_DATA, offsetof(private_unknown_payload_t, data) }
};
/*
@ -110,7 +105,7 @@ static status_t verify(private_unknown_payload_t *this)
}
/**
* Implementation of unknown_payload_t.get_encoding_rules.
* Implementation of payload_t.get_encoding_rules.
*/
static void get_encoding_rules(private_unknown_payload_t *this, encoding_rule_t **rules, size_t *rule_count)
{
@ -142,22 +137,6 @@ static void set_next_type(private_unknown_payload_t *this,payload_type_t type)
this->next_payload = type;
}
/**
* Implementation of unknown_payload_t.set_real_type.
*/
static void set_real_type(private_unknown_payload_t *this,payload_type_t type)
{
this->payload_type = type;
}
/**
* Implementation of unknown_payload_t.get_real_type.
*/
static payload_type_t get_real_type(private_unknown_payload_t *this)
{
return this->payload_type;
}
/**
* Implementation of payload_t.get_length.
*/
@ -167,17 +146,11 @@ static size_t get_length(private_unknown_payload_t *this)
}
/**
* Implementation of unknown_payload_t.set_data.
* Implementation of unknown_payload_t.get_data.
*/
static void set_data (private_unknown_payload_t *this, chunk_t data)
static bool is_critical(private_unknown_payload_t *this)
{
if (this->data.ptr != NULL)
{
allocator_free_chunk(&(this->data));
}
this->data.ptr = allocator_clone_bytes(data.ptr,data.len);
this->data.len = data.len;
this->payload_length = DEFAULT_PAYLOAD_HEADER_LENGTH + this->data.len;
return this->critical;
}
/**
@ -188,21 +161,6 @@ static chunk_t get_data (private_unknown_payload_t *this)
return (this->data);
}
/**
* Implementation of unknown_payload_t.get_data_clone.
*/
static chunk_t get_data_clone (private_unknown_payload_t *this)
{
chunk_t cloned_data;
if (this->data.ptr == NULL)
{
return (this->data);
}
cloned_data.ptr = allocator_clone_bytes(this->data.ptr,this->data.len);
cloned_data.len = this->data.len;
return cloned_data;
}
/**
* Implementation of payload_t.destroy and unknown_payload_t.destroy.
*/
@ -234,17 +192,13 @@ unknown_payload_t *unknown_payload_create()
/* public functions */
this->public.destroy = (void (*) (unknown_payload_t *)) destroy;
this->public.set_real_type = (void (*) (unknown_payload_t *,payload_type_t)) set_real_type;
this->public.get_real_type = (payload_type_t (*) (unknown_payload_t *)) get_real_type;
this->public.set_data = (void (*) (unknown_payload_t *,chunk_t)) set_data;
this->public.get_data_clone = (chunk_t (*) (unknown_payload_t *)) get_data_clone;
this->public.is_critical = (bool (*) (unknown_payload_t *)) is_critical;
this->public.get_data = (chunk_t (*) (unknown_payload_t *)) get_data;
/* private variables */
this->critical = FALSE;
this->next_payload = NO_PAYLOAD;
this->payload_type = NO_PAYLOAD;
this->payload_length = DEFAULT_PAYLOAD_HEADER_LENGTH;
this->payload_length = UNKNOWN_PAYLOAD_HEADER_LENGTH;
this->data = CHUNK_INITIALIZER;
return (&(this->public));

57
Source/charon/encoding/payloads/unknown_payload.h
View File

@ -27,73 +27,52 @@
#include <encoding/payloads/payload.h>
/**
* Length of a default payload header.
* Header length of the unknown payload.
*
* @ingroup payloads
*/
#define DEFAULT_PAYLOAD_HEADER_LENGTH 4
#define UNKNOWN_PAYLOAD_HEADER_LENGTH 4
typedef struct unknown_payload_t unknown_payload_t;
/**
* Object representing an unknown IKEv2 payload.
* @brief Payload which can't be processed further.
*
* When the parser finds an unknown payload, he builds an instance of
* this class. This allows further processing of this payload, such as
* a check for the critical bit in the header.
*
* @b Constructors:
* - unknown_payload_create()
*
* @ingroup payloads
*
*/
struct unknown_payload_t {
/**
* The payload_t interface.
*/
payload_t payload_interface;
/**
* @brief Set the Data of the unknown payload.
* @brief Get the raw data of this payload, without
* the generic payload header.
*
* Data are getting cloned.
*
* @param this calling unknown_payload_t object
* @param data data following the header as chunk_t
*/
void (*set_data) (unknown_payload_t *this, chunk_t data);
/**
* @brief Get the data of the message.
*
* Returned data are a copy of the internal one.
*
* @param this calling unknown_payload_t object
* @return data as chunk_t
*/
chunk_t (*get_data_clone) (unknown_payload_t *this);
/**
* @brief Get the data of the message.
*
* Returned data are NOT copied.
* Returned data are NOT copied and must not be freed.
*
* @param this calling unknown_payload_t object
* @return data as chunk_t
*/
chunk_t (*get_data) (unknown_payload_t *this);
/**
* @brief Set the real Type of this payload.
*
* @param this calling unknown_payload_t object
* @param type real type of this payload.
*/
void (*set_real_type) (unknown_payload_t *this,payload_type_t type);
/**
* @brief Get the real Type of this payload.
* @brief Get the critical flag.
*
* @param this calling unknown_payload_t object
* @return real type of this payload.
* @param this calling unknown_payload_t object
* @return TRUE if payload is critical, FALSE if not
*/
payload_type_t (*get_real_type) (unknown_payload_t *this);
bool (*is_critical) (unknown_payload_t *this);
/**
* @brief Destroys an unknown_payload_t object.