Message rules for IKEv1 ID_PROT exchange added.

These rules are quite broad and cover main mode with at least PSK and signature based authentication.
2011-11-15 16:13:50 +01:00 · 2011-11-15 16:13:50 +01:00 · 6ba70ba8dd
parent fdb8421f36
commit 6ba70ba8dd
1 changed files with 77 additions and 0 deletions
--- a/src/libcharon/encoding/message.c
+++ b/src/libcharon/encoding/message.c
@ -414,6 +414,72 @@ static payload_order_t me_connect_r_order[] = {
 };
 #endif /* ME */

+#ifdef USE_IKEV1
+/**
+ * Message rule for ID_PROT from initiator.
+ */
+static payload_rule_t id_prot_i_rules[] = {
+/*	payload type				min	max						encr	suff */
+	{NOTIFICATION_V1,			0,	MAX_NOTIFY_PAYLOADS,	FALSE,	FALSE},
+	{SECURITY_ASSOCIATION_V1,	0,	1,						FALSE,	FALSE},
+	{KEY_EXCHANGE_V1,			0,	1,						FALSE,	FALSE},
+	{NONCE_V1,					0,	1,						FALSE,	FALSE},
+	{VENDOR_ID_V1,				0,	MAX_VID_PAYLOADS,		FALSE,	FALSE},
+	{ID_V1,						0,	1,						TRUE,	FALSE},
+	{CERTIFICATE_V1,			0,	1,						TRUE,	FALSE},
+	{SIGNATURE_V1,				0,	1,						TRUE,	FALSE},
+	{HASH_V1,					0,	1,						TRUE,	FALSE},
+};
+
+/**
+ * payload order for ID_PROT from initiator.
+ */
+static payload_order_t id_prot_i_order[] = {
+/*	payload type				notify type */
+	{SECURITY_ASSOCIATION_V1,	0},
+	{KEY_EXCHANGE_V1,			0},
+	{NONCE_V1,					0},
+	{ID_V1,						0},
+	{CERTIFICATE_V1,			0},
+	{SIGNATURE_V1,				0},
+	{HASH_V1,					0},
+	{NOTIFICATION_V1,			0},
+	{VENDOR_ID_V1,				0},
+};
+
+/**
+ * Message rule for ID_PROT from responder.
+ */
+static payload_rule_t id_prot_r_rules[] = {
+/*	payload type				min	max						encr	suff */
+	{NOTIFICATION_V1,			0,	MAX_NOTIFY_PAYLOADS,	FALSE,	FALSE},
+	{SECURITY_ASSOCIATION_V1,	0,	1,						FALSE,	FALSE},
+	{KEY_EXCHANGE_V1,			0,	1,						FALSE,	FALSE},
+	{NONCE_V1,					0,	1,						FALSE,	FALSE},
+	{VENDOR_ID_V1,				0,	MAX_VID_PAYLOADS,		FALSE,	FALSE},
+	{ID_V1,						0,	1,						TRUE,	FALSE},
+	{CERTIFICATE_V1,			0,	1,						TRUE,	FALSE},
+	{SIGNATURE_V1,				0,	1,						TRUE,	FALSE},
+	{HASH_V1,					0,	1,						TRUE,	FALSE},
+};
+
+/**
+ * payload order for ID_PROT from responder.
+ */
+static payload_order_t id_prot_r_order[] = {
+/*	payload type				notify type */
+	{SECURITY_ASSOCIATION_V1,	0},
+	{KEY_EXCHANGE_V1,			0},
+	{NONCE_V1,					0},
+	{ID_V1,						0},
+	{CERTIFICATE_V1,			0},
+	{SIGNATURE_V1,				0},
+	{HASH_V1,					0},
+	{NOTIFICATION_V1,			0},
+	{VENDOR_ID_V1,				0},
+};
+#endif /* USE_IKEV1 */
+
 /**
 * Message rules, defines allowed payloads.
 */
@ -460,6 +526,17 @@ static message_rule_t message_rules[] = {
 		countof(me_connect_r_order), me_connect_r_order,
 	},
 #endif /* ME */
+#ifdef USE_IKEV1
+	{ID_PROT,			TRUE,	FALSE,
+		countof(id_prot_i_rules), id_prot_i_rules,
+		countof(id_prot_i_order), id_prot_i_order,
+	},
+	{ID_PROT,			FALSE,	FALSE,
+		countof(id_prot_r_rules), id_prot_r_rules,
+		countof(id_prot_r_order), id_prot_r_order,
+	},
+	/* TODO-IKEv1: define rules for other exchanges */
+#endif /* USE_IKEV1 */
 };