removed trailing spaces ([[:space:]]+$)
This commit is contained in:
parent
7d1b030446
commit
7daf5226b7
|
@ -27,7 +27,7 @@ int main(int argc, char *argv[])
|
|||
{
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
printf("};\n");
|
||||
return 0;
|
||||
}
|
||||
|
|
|
@ -18,7 +18,7 @@ int main(int argc, char *argv[])
|
|||
break;
|
||||
}
|
||||
printf("%02x", (unsigned int)byte);
|
||||
}
|
||||
}
|
||||
printf("'\n");
|
||||
return 0;
|
||||
}
|
||||
|
|
|
@ -38,7 +38,7 @@ static void start_timing(struct timespec *start)
|
|||
static double end_timing(struct timespec *start)
|
||||
{
|
||||
struct timespec end;
|
||||
|
||||
|
||||
clock_gettime(CLOCK_THREAD_CPUTIME_ID, &end);
|
||||
return (end.tv_nsec - start->tv_nsec) / 1000000000.0 +
|
||||
(end.tv_sec - start->tv_sec) * 1.0;
|
||||
|
@ -50,7 +50,7 @@ static void run_test(diffie_hellman_group_t group, int rounds)
|
|||
chunk_t chunk;
|
||||
struct timespec timing;
|
||||
int round;
|
||||
|
||||
|
||||
r = lib->crypto->create_dh(lib->crypto, group);
|
||||
if (!r)
|
||||
{
|
||||
|
@ -58,24 +58,24 @@ static void run_test(diffie_hellman_group_t group, int rounds)
|
|||
diffie_hellman_group_names, group);
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
printf("%N:\t",
|
||||
diffie_hellman_group_names, group);
|
||||
|
||||
|
||||
start_timing(&timing);
|
||||
for (round = 0; round < rounds; round++)
|
||||
{
|
||||
l[round] = lib->crypto->create_dh(lib->crypto, group);
|
||||
}
|
||||
printf("A = g^a/s: %8.1f", rounds / end_timing(&timing));
|
||||
|
||||
|
||||
for (round = 0; round < rounds; round++)
|
||||
{
|
||||
l[round]->get_my_public_value(l[round], &chunk);
|
||||
r->set_other_public_value(r, chunk);
|
||||
chunk_free(&chunk);
|
||||
}
|
||||
|
||||
|
||||
r->get_my_public_value(r, &chunk);
|
||||
start_timing(&timing);
|
||||
for (round = 0; round < rounds; round++)
|
||||
|
@ -84,7 +84,7 @@ static void run_test(diffie_hellman_group_t group, int rounds)
|
|||
}
|
||||
printf(" | S = B^a/s: %8.1f\n", rounds / end_timing(&timing));
|
||||
chunk_free(&chunk);
|
||||
|
||||
|
||||
for (round = 0; round < rounds; round++)
|
||||
{
|
||||
l[round]->destroy(l[round]);
|
||||
|
@ -95,22 +95,22 @@ static void run_test(diffie_hellman_group_t group, int rounds)
|
|||
int main(int argc, char *argv[])
|
||||
{
|
||||
int rounds, i, j;
|
||||
|
||||
|
||||
if (argc < 4)
|
||||
{
|
||||
usage();
|
||||
}
|
||||
|
||||
|
||||
library_init(STRONGSWAN_CONF);
|
||||
lib->plugins->load(lib->plugins, IPSEC_PLUGINDIR, argv[1]);
|
||||
atexit(library_deinit);
|
||||
|
||||
|
||||
rounds = atoi(argv[2]);
|
||||
|
||||
|
||||
for (i = 3; i < argc; i++)
|
||||
{
|
||||
bool found = FALSE;
|
||||
|
||||
|
||||
for (j = 0; j < countof(groups); j++)
|
||||
{
|
||||
if (streq(groups[j].name, argv[i]))
|
||||
|
|
|
@ -10,7 +10,7 @@ int main(int argc, char *argv[])
|
|||
identification_t *id;
|
||||
chunk_t enc;
|
||||
int i;
|
||||
|
||||
|
||||
if (argc < 2)
|
||||
{
|
||||
return -1;
|
||||
|
@ -29,7 +29,7 @@ int main(int argc, char *argv[])
|
|||
for (i = 0; i < enc.len; i++)
|
||||
{
|
||||
printf("%02x", (unsigned int)enc.ptr[i]);
|
||||
}
|
||||
}
|
||||
printf("'\n");
|
||||
return 0;
|
||||
}
|
||||
|
|
|
@ -15,7 +15,7 @@ int main(int argc, char *argv[])
|
|||
chunk_t chunk;
|
||||
char buf[8096];
|
||||
int read;
|
||||
|
||||
|
||||
library_init(NULL);
|
||||
lib->plugins->load(lib->plugins, IPSEC_PLUGINDIR, PLUGINS);
|
||||
atexit(library_deinit);
|
||||
|
@ -26,9 +26,9 @@ int main(int argc, char *argv[])
|
|||
fprintf(stderr, "reading key failed.\n");
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
||||
chunk = chunk_create(buf, read);
|
||||
|
||||
|
||||
private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
|
||||
BUILD_BLOB_PEM, chunk_clone(chunk),
|
||||
BUILD_END);
|
||||
|
@ -52,7 +52,7 @@ int main(int argc, char *argv[])
|
|||
private->destroy(private);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY,
|
||||
BUILD_BLOB_PEM, chunk_clone(chunk),
|
||||
BUILD_END);
|
||||
|
@ -82,7 +82,7 @@ int main(int argc, char *argv[])
|
|||
public->destroy(public);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
fprintf(stderr, "unable to parse input key.\n");
|
||||
return -1;
|
||||
}
|
||||
|
|
|
@ -15,7 +15,7 @@ int main(int argc, char *argv[])
|
|||
chunk_t chunk;
|
||||
char buf[8096];
|
||||
int read, n;
|
||||
|
||||
|
||||
library_init(NULL);
|
||||
lib->plugins->load(lib->plugins, IPSEC_PLUGINDIR, PLUGINS);
|
||||
atexit(library_deinit);
|
||||
|
@ -26,9 +26,9 @@ int main(int argc, char *argv[])
|
|||
fprintf(stderr, "reading key failed.\n");
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
||||
chunk = chunk_create(buf, read);
|
||||
|
||||
|
||||
private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
|
||||
BUILD_BLOB_PEM, chunk_clone(chunk),
|
||||
BUILD_END);
|
||||
|
@ -46,7 +46,7 @@ int main(int argc, char *argv[])
|
|||
private->destroy(private);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY,
|
||||
BUILD_BLOB_PEM, chunk_clone(chunk),
|
||||
BUILD_END);
|
||||
|
@ -70,7 +70,7 @@ int main(int argc, char *argv[])
|
|||
public->destroy(public);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
fprintf(stderr, "unable to parse input key.\n");
|
||||
return -1;
|
||||
}
|
||||
|
|
|
@ -13,7 +13,7 @@ void start_timing(struct timespec *start)
|
|||
double end_timing(struct timespec *start)
|
||||
{
|
||||
struct timespec end;
|
||||
|
||||
|
||||
clock_gettime(CLOCK_THREAD_CPUTIME_ID, &end);
|
||||
return (end.tv_nsec - start->tv_nsec) / 1000000000.0 +
|
||||
(end.tv_sec - start->tv_sec) * 1.0;
|
||||
|
@ -37,14 +37,14 @@ int main(int argc, char *argv[])
|
|||
key_type_t type = KEY_ANY;
|
||||
signature_scheme_t scheme = SIGN_UNKNOWN;
|
||||
chunk_t keydata, *sigs, data = chunk_from_buf(data_buf);
|
||||
|
||||
|
||||
if (argc < 4)
|
||||
{
|
||||
usage();
|
||||
}
|
||||
|
||||
|
||||
rounds = atoi(argv[3]);
|
||||
|
||||
|
||||
if (streq(argv[2], "rsa"))
|
||||
{
|
||||
type = KEY_RSA;
|
||||
|
@ -58,18 +58,18 @@ int main(int argc, char *argv[])
|
|||
{
|
||||
usage();
|
||||
}
|
||||
|
||||
|
||||
library_init(STRONGSWAN_CONF);
|
||||
lib->plugins->load(lib->plugins, IPSEC_PLUGINDIR, argv[1]);
|
||||
atexit(library_deinit);
|
||||
|
||||
|
||||
keydata = chunk_create(buf, 0);
|
||||
while ((read = fread(pos, 1, sizeof(buf) - (pos - buf), stdin)))
|
||||
{
|
||||
pos += read;
|
||||
keydata.len += read;
|
||||
}
|
||||
|
||||
|
||||
private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type,
|
||||
BUILD_BLOB_PEM, keydata, BUILD_END);
|
||||
if (!private)
|
||||
|
@ -82,7 +82,7 @@ int main(int argc, char *argv[])
|
|||
switch (private->get_keysize(private))
|
||||
{
|
||||
case 32:
|
||||
scheme = SIGN_ECDSA_256;
|
||||
scheme = SIGN_ECDSA_256;
|
||||
break;
|
||||
case 48:
|
||||
scheme = SIGN_ECDSA_384;
|
||||
|
@ -96,12 +96,12 @@ int main(int argc, char *argv[])
|
|||
exit(1);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
printf("%4d bit %N: ", private->get_keysize(private)*8,
|
||||
key_type_names, type);
|
||||
|
||||
|
||||
sigs = malloc(sizeof(chunk_t) * rounds);
|
||||
|
||||
|
||||
start_timing(&timing);
|
||||
for (round = 0; round < rounds; round++)
|
||||
{
|
||||
|
@ -112,7 +112,7 @@ int main(int argc, char *argv[])
|
|||
}
|
||||
};
|
||||
printf("sign()/s: %8.1f ", rounds / end_timing(&timing));
|
||||
|
||||
|
||||
public = private->get_public_key(private);
|
||||
if (!public)
|
||||
{
|
||||
|
@ -131,7 +131,7 @@ int main(int argc, char *argv[])
|
|||
printf("verify()/s: %8.1f\n", rounds / end_timing(&timing));
|
||||
public->destroy(public);
|
||||
private->destroy(private);
|
||||
|
||||
|
||||
for (round = 0; round < rounds; round++)
|
||||
{
|
||||
free(sigs[round].ptr);
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/* Analyzes the concurrent use of charon's threads
|
||||
*
|
||||
*
|
||||
* Copyright (C) 2008 Andreas Steffen
|
||||
* Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
|
@ -52,7 +52,7 @@ static int readline(FILE *fd, char *line)
|
|||
*line = '\0';
|
||||
return 1;
|
||||
}
|
||||
line++;
|
||||
line++;
|
||||
}
|
||||
*line = '\0';
|
||||
return 0;
|
||||
|
@ -69,14 +69,14 @@ static void printline(state_t *state, char *timestamp)
|
|||
for (th = 1; th <= THREADS; th++)
|
||||
{
|
||||
states[state[th]]++;
|
||||
printf("<td class=\"%s\"></td>", state_names[state[th]]);
|
||||
printf("<td class=\"%s\"></td>", state_names[state[th]]);
|
||||
}
|
||||
total = states[STATE_INIT] + states[STATE_AUTH] + states[STATE_BUSY] + states[STATE_RETRY];
|
||||
printf("<td class=\"init\">%d</td><td class=\"auth\">%d</td><td class=\"busy\">%d</td>",
|
||||
states[STATE_INIT], states[STATE_AUTH], total);
|
||||
for (th = 10; th <= (THREADS + 2); th += 5)
|
||||
{
|
||||
printf("<td class=\"%s\"></td>", (th <= total + 2)? "busy":"idle");
|
||||
printf("<td class=\"%s\"></td>", (th <= total + 2)? "busy":"idle");
|
||||
}
|
||||
printf("\n");
|
||||
printf(" </tr>\n");
|
||||
|
@ -91,13 +91,13 @@ int main(int argc, char *argv[])
|
|||
FILE *fd;
|
||||
|
||||
state_t state[THREADS + 1];
|
||||
|
||||
|
||||
/* threads 1..5 and 9 are always busy */
|
||||
for (th = 1; th <= THREADS; th++)
|
||||
{
|
||||
state[th] = (th <= 7 && th != 3)? STATE_BUSY : STATE_IDLE;
|
||||
}
|
||||
|
||||
|
||||
/* open the log file */
|
||||
fd = fopen(LOGFILE, "r");
|
||||
if (!fd)
|
||||
|
@ -135,16 +135,16 @@ int main(int argc, char *argv[])
|
|||
printf(" <td class=\"log\">Timestamp</td>");
|
||||
for (th = 1 ; th <= THREADS; th++)
|
||||
{
|
||||
printf("<td>%02d</td>", th);
|
||||
printf("<td>%02d</td>", th);
|
||||
}
|
||||
printf("<td class=\"init\">I</td><td class=\"auth\">A</td><td class=\"busy\">B</td>");
|
||||
for (th = 10; th <= (THREADS + 2); th += 5)
|
||||
{
|
||||
printf("<td class=\"busy\">%d</td>", (th == 100)? 99:th);
|
||||
printf("<td class=\"busy\">%d</td>", (th == 100)? 99:th);
|
||||
}
|
||||
printf("\n");
|
||||
printf(" </tr>\n");
|
||||
|
||||
|
||||
while (readline(fd, line))
|
||||
{
|
||||
char *p_section, *p_charon, *p_thread, *p_log;
|
||||
|
@ -170,7 +170,7 @@ int main(int argc, char *argv[])
|
|||
{
|
||||
continue;
|
||||
}
|
||||
|
||||
|
||||
/* determine thread */
|
||||
p_thread = p_charon + 8;
|
||||
th = atol(p_thread);
|
||||
|
@ -268,6 +268,6 @@ int main(int argc, char *argv[])
|
|||
printf("</body>\n");
|
||||
printf("</html>\n");
|
||||
|
||||
fclose(fd);
|
||||
fclose(fd);
|
||||
return 0;
|
||||
}
|
||||
|
|
|
@ -2,12 +2,12 @@
|
|||
* copyright reporter
|
||||
* (just avoids having the info in more than one place in the source)
|
||||
* Copyright (C) 2001 Henry Spencer.
|
||||
*
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
|
|
|
@ -57,22 +57,22 @@ struct private_bus_t {
|
|||
* Public part of a bus_t object.
|
||||
*/
|
||||
bus_t public;
|
||||
|
||||
|
||||
/**
|
||||
* List of registered listeners as entry_t's
|
||||
*/
|
||||
linked_list_t *listeners;
|
||||
|
||||
|
||||
/**
|
||||
* mutex to synchronize active listeners, recursively
|
||||
*/
|
||||
mutex_t *mutex;
|
||||
|
||||
|
||||
/**
|
||||
* Thread local storage for a unique, simple thread ID
|
||||
*/
|
||||
pthread_key_t thread_id;
|
||||
|
||||
|
||||
/**
|
||||
* Thread local storage the threads IKE_SA
|
||||
*/
|
||||
|
@ -90,17 +90,17 @@ struct entry_t {
|
|||
* registered listener interface
|
||||
*/
|
||||
listener_t *listener;
|
||||
|
||||
|
||||
/**
|
||||
* is this a active listen() call with a blocking thread
|
||||
*/
|
||||
bool blocker;
|
||||
|
||||
|
||||
/**
|
||||
* are we currently calling this listener
|
||||
*/
|
||||
int calling;
|
||||
|
||||
|
||||
/**
|
||||
* condvar where active listeners wait
|
||||
*/
|
||||
|
@ -113,12 +113,12 @@ struct entry_t {
|
|||
static entry_t *entry_create(listener_t *listener, bool blocker)
|
||||
{
|
||||
entry_t *this = malloc_thing(entry_t);
|
||||
|
||||
|
||||
this->listener = listener;
|
||||
this->blocker = blocker;
|
||||
this->calling = 0;
|
||||
this->condvar = condvar_create(CONDVAR_TYPE_DEFAULT);
|
||||
|
||||
|
||||
return this;
|
||||
}
|
||||
|
||||
|
@ -140,7 +140,7 @@ static u_int get_thread_number(private_bus_t *this)
|
|||
{
|
||||
static uintptr_t current_num = 0;
|
||||
uintptr_t stored_num;
|
||||
|
||||
|
||||
stored_num = (uintptr_t)pthread_getspecific(this->thread_id);
|
||||
if (stored_num == 0)
|
||||
{ /* first call of current thread */
|
||||
|
@ -214,7 +214,7 @@ static void listen_(private_bus_t *this, listener_t *listener, job_t *job)
|
|||
{
|
||||
int old;
|
||||
cleanup_data_t data;
|
||||
|
||||
|
||||
data.this = this;
|
||||
data.entry = entry_create(listener, TRUE);
|
||||
|
||||
|
@ -302,20 +302,20 @@ static void vlog(private_bus_t *this, debug_t group, level_t level,
|
|||
char* format, va_list args)
|
||||
{
|
||||
log_data_t data;
|
||||
|
||||
|
||||
data.ike_sa = pthread_getspecific(this->thread_sa);
|
||||
data.thread = get_thread_number(this);
|
||||
data.group = group;
|
||||
data.level = level;
|
||||
data.format = format;
|
||||
va_copy(data.args, args);
|
||||
|
||||
|
||||
this->mutex->lock(this->mutex);
|
||||
/* We use the remove() method to invoke all listeners. This is cheap and
|
||||
* does not require an allocation for this performance critical function. */
|
||||
this->listeners->remove(this->listeners, &data, (void*)log_cb);
|
||||
this->mutex->unlock(this->mutex);
|
||||
|
||||
|
||||
va_end(data.args);
|
||||
}
|
||||
|
||||
|
@ -326,7 +326,7 @@ static void log_(private_bus_t *this, debug_t group, level_t level,
|
|||
char* format, ...)
|
||||
{
|
||||
va_list args;
|
||||
|
||||
|
||||
va_start(args, format);
|
||||
vlog(this, group, level, format, args);
|
||||
va_end(args);
|
||||
|
@ -360,9 +360,9 @@ static void alert(private_bus_t *this, alert_t alert, ...)
|
|||
entry_t *entry;
|
||||
va_list args;
|
||||
bool keep;
|
||||
|
||||
|
||||
ike_sa = pthread_getspecific(this->thread_sa);
|
||||
|
||||
|
||||
this->mutex->lock(this->mutex);
|
||||
enumerator = this->listeners->create_enumerator(this->listeners);
|
||||
while (enumerator->enumerate(enumerator, &entry))
|
||||
|
@ -394,7 +394,7 @@ static void ike_state_change(private_bus_t *this, ike_sa_t *ike_sa,
|
|||
enumerator_t *enumerator;
|
||||
entry_t *entry;
|
||||
bool keep;
|
||||
|
||||
|
||||
this->mutex->lock(this->mutex);
|
||||
enumerator = this->listeners->create_enumerator(this->listeners);
|
||||
while (enumerator->enumerate(enumerator, &entry))
|
||||
|
@ -425,9 +425,9 @@ static void child_state_change(private_bus_t *this, child_sa_t *child_sa,
|
|||
ike_sa_t *ike_sa;
|
||||
entry_t *entry;
|
||||
bool keep;
|
||||
|
||||
|
||||
ike_sa = pthread_getspecific(this->thread_sa);
|
||||
|
||||
|
||||
this->mutex->lock(this->mutex);
|
||||
enumerator = this->listeners->create_enumerator(this->listeners);
|
||||
while (enumerator->enumerate(enumerator, &entry))
|
||||
|
@ -458,9 +458,9 @@ static void message(private_bus_t *this, message_t *message, bool incoming)
|
|||
ike_sa_t *ike_sa;
|
||||
entry_t *entry;
|
||||
bool keep;
|
||||
|
||||
|
||||
ike_sa = pthread_getspecific(this->thread_sa);
|
||||
|
||||
|
||||
this->mutex->lock(this->mutex);
|
||||
enumerator = this->listeners->create_enumerator(this->listeners);
|
||||
while (enumerator->enumerate(enumerator, &entry))
|
||||
|
@ -492,7 +492,7 @@ static void ike_keys(private_bus_t *this, ike_sa_t *ike_sa,
|
|||
enumerator_t *enumerator;
|
||||
entry_t *entry;
|
||||
bool keep;
|
||||
|
||||
|
||||
this->mutex->lock(this->mutex);
|
||||
enumerator = this->listeners->create_enumerator(this->listeners);
|
||||
while (enumerator->enumerate(enumerator, &entry))
|
||||
|
@ -524,9 +524,9 @@ static void child_keys(private_bus_t *this, child_sa_t *child_sa,
|
|||
ike_sa_t *ike_sa;
|
||||
entry_t *entry;
|
||||
bool keep;
|
||||
|
||||
|
||||
ike_sa = pthread_getspecific(this->thread_sa);
|
||||
|
||||
|
||||
this->mutex->lock(this->mutex);
|
||||
enumerator = this->listeners->create_enumerator(this->listeners);
|
||||
while (enumerator->enumerate(enumerator, &entry))
|
||||
|
@ -557,9 +557,9 @@ static void child_updown(private_bus_t *this, child_sa_t *child_sa, bool up)
|
|||
ike_sa_t *ike_sa;
|
||||
entry_t *entry;
|
||||
bool keep;
|
||||
|
||||
|
||||
ike_sa = pthread_getspecific(this->thread_sa);
|
||||
|
||||
|
||||
this->mutex->lock(this->mutex);
|
||||
enumerator = this->listeners->create_enumerator(this->listeners);
|
||||
while (enumerator->enumerate(enumerator, &entry))
|
||||
|
@ -590,9 +590,9 @@ static void child_rekey(private_bus_t *this, child_sa_t *old, child_sa_t *new)
|
|||
ike_sa_t *ike_sa;
|
||||
entry_t *entry;
|
||||
bool keep;
|
||||
|
||||
|
||||
ike_sa = pthread_getspecific(this->thread_sa);
|
||||
|
||||
|
||||
this->mutex->lock(this->mutex);
|
||||
enumerator = this->listeners->create_enumerator(this->listeners);
|
||||
while (enumerator->enumerate(enumerator, &entry))
|
||||
|
@ -621,7 +621,7 @@ static void ike_updown(private_bus_t *this, ike_sa_t *ike_sa, bool up)
|
|||
enumerator_t *enumerator;
|
||||
entry_t *entry;
|
||||
bool keep;
|
||||
|
||||
|
||||
this->mutex->lock(this->mutex);
|
||||
enumerator = this->listeners->create_enumerator(this->listeners);
|
||||
while (enumerator->enumerate(enumerator, &entry))
|
||||
|
@ -640,13 +640,13 @@ static void ike_updown(private_bus_t *this, ike_sa_t *ike_sa, bool up)
|
|||
}
|
||||
enumerator->destroy(enumerator);
|
||||
this->mutex->unlock(this->mutex);
|
||||
|
||||
|
||||
/* a down event for IKE_SA implicitly downs all CHILD_SAs */
|
||||
if (!up)
|
||||
{
|
||||
iterator_t *iterator;
|
||||
child_sa_t *child_sa;
|
||||
|
||||
|
||||
iterator = ike_sa->create_child_sa_iterator(ike_sa);
|
||||
while (iterator->iterate(iterator, (void**)&child_sa))
|
||||
{
|
||||
|
@ -664,7 +664,7 @@ static void ike_rekey(private_bus_t *this, ike_sa_t *old, ike_sa_t *new)
|
|||
enumerator_t *enumerator;
|
||||
entry_t *entry;
|
||||
bool keep;
|
||||
|
||||
|
||||
this->mutex->lock(this->mutex);
|
||||
enumerator = this->listeners->create_enumerator(this->listeners);
|
||||
while (enumerator->enumerate(enumerator, &entry))
|
||||
|
@ -694,9 +694,9 @@ static bool authorize(private_bus_t *this, linked_list_t *auth, bool final)
|
|||
ike_sa_t *ike_sa;
|
||||
entry_t *entry;
|
||||
bool keep, success = TRUE;
|
||||
|
||||
|
||||
ike_sa = pthread_getspecific(this->thread_sa);
|
||||
|
||||
|
||||
this->mutex->lock(this->mutex);
|
||||
enumerator = this->listeners->create_enumerator(this->listeners);
|
||||
while (enumerator->enumerate(enumerator, &entry))
|
||||
|
@ -739,7 +739,7 @@ static void destroy(private_bus_t *this)
|
|||
bus_t *bus_create()
|
||||
{
|
||||
private_bus_t *this = malloc_thing(private_bus_t);
|
||||
|
||||
|
||||
this->public.add_listener = (void(*)(bus_t*,listener_t*))add_listener;
|
||||
this->public.remove_listener = (void(*)(bus_t*,listener_t*))remove_listener;
|
||||
this->public.listen = (void(*)(bus_t*, listener_t *listener, job_t *job))listen_;
|
||||
|
@ -758,12 +758,12 @@ bus_t *bus_create()
|
|||
this->public.child_rekey = (void(*)(bus_t*, child_sa_t *old, child_sa_t *new))child_rekey;
|
||||
this->public.authorize = (bool(*)(bus_t*, linked_list_t *auth, bool final))authorize;
|
||||
this->public.destroy = (void(*)(bus_t*)) destroy;
|
||||
|
||||
|
||||
this->listeners = linked_list_create();
|
||||
this->mutex = mutex_create(MUTEX_TYPE_RECURSIVE);
|
||||
pthread_key_create(&this->thread_id, NULL);
|
||||
pthread_key_create(&this->thread_sa, NULL);
|
||||
|
||||
|
||||
return &this->public;
|
||||
}
|
||||
|
||||
|
|
|
@ -142,7 +142,7 @@ enum alert_t {
|
|||
* may wait actively to events using the blocking listen() call.
|
||||
*/
|
||||
struct bus_t {
|
||||
|
||||
|
||||
/**
|
||||
* Register a listener to the bus.
|
||||
*
|
||||
|
@ -153,14 +153,14 @@ struct bus_t {
|
|||
* @param listener listener to register.
|
||||
*/
|
||||
void (*add_listener) (bus_t *this, listener_t *listener);
|
||||
|
||||
|
||||
/**
|
||||
* Unregister a listener from the bus.
|
||||
*
|
||||
* @param listener listener to unregister.
|
||||
*/
|
||||
void (*remove_listener) (bus_t *this, listener_t *listener);
|
||||
|
||||
|
||||
/**
|
||||
* Register a listener and block the calling thread.
|
||||
*
|
||||
|
@ -174,20 +174,20 @@ struct bus_t {
|
|||
* @param job job to execute asynchronously when registered, or NULL
|
||||
*/
|
||||
void (*listen)(bus_t *this, listener_t *listener, job_t *job);
|
||||
|
||||
|
||||
/**
|
||||
* Set the IKE_SA the calling thread is using.
|
||||
*
|
||||
* To associate an received log message to an IKE_SA without passing it as
|
||||
* parameter each time, the thread registers the currenlty used IKE_SA
|
||||
* during check-out. Before check-in, the thread unregisters the IKE_SA.
|
||||
* during check-out. Before check-in, the thread unregisters the IKE_SA.
|
||||
* This IKE_SA is stored per-thread, so each thread has its own IKE_SA
|
||||
* registered.
|
||||
*
|
||||
*
|
||||
* @param ike_sa ike_sa to register, or NULL to unregister
|
||||
*/
|
||||
void (*set_sa) (bus_t *this, ike_sa_t *ike_sa);
|
||||
|
||||
|
||||
/**
|
||||
* Send a log message to the bus.
|
||||
*
|
||||
|
@ -202,7 +202,7 @@ struct bus_t {
|
|||
* @param ... printf() style argument list
|
||||
*/
|
||||
void (*log)(bus_t *this, debug_t group, level_t level, char* format, ...);
|
||||
|
||||
|
||||
/**
|
||||
* Send a log message to the bus using va_list arguments.
|
||||
*
|
||||
|
@ -215,7 +215,7 @@ struct bus_t {
|
|||
*/
|
||||
void (*vlog)(bus_t *this, debug_t group, level_t level,
|
||||
char* format, va_list args);
|
||||
|
||||
|
||||
/**
|
||||
* Raise an alert over the bus.
|
||||
*
|
||||
|
@ -223,7 +223,7 @@ struct bus_t {
|
|||
* @param ... alert specific attributes
|
||||
*/
|
||||
void (*alert)(bus_t *this, alert_t alert, ...);
|
||||
|
||||
|
||||
/**
|
||||
* Send a IKE_SA state change event to the bus.
|
||||
*
|
||||
|
@ -247,7 +247,7 @@ struct bus_t {
|
|||
* @param incoming TRUE for incoming messages, FALSE for outgoing
|
||||
*/
|
||||
void (*message)(bus_t *this, message_t *message, bool incoming);
|
||||
|
||||
|
||||
/**
|
||||
* IKE_SA authorization hook.
|
||||
*
|
||||
|
@ -256,7 +256,7 @@ struct bus_t {
|
|||
* @return TRUE to establish IKE_SA, FALSE to send AUTH_FAILED
|
||||
*/
|
||||
bool (*authorize)(bus_t *this, linked_list_t *auth, bool final);
|
||||
|
||||
|
||||
/**
|
||||
* IKE_SA keymat hook.
|
||||
*
|
||||
|
@ -278,7 +278,7 @@ struct bus_t {
|
|||
*/
|
||||
void (*child_keys)(bus_t *this, child_sa_t *child_sa, diffie_hellman_t *dh,
|
||||
chunk_t nonce_i, chunk_t nonce_r);
|
||||
|
||||
|
||||
/**
|
||||
* IKE_SA up/down hook.
|
||||
*
|
||||
|
@ -286,7 +286,7 @@ struct bus_t {
|
|||
* @param up TRUE for an up event, FALSE for a down event
|
||||
*/
|
||||
void (*ike_updown)(bus_t *this, ike_sa_t *ike_sa, bool up);
|
||||
|
||||
|
||||
/**
|
||||
* IKE_SA rekeying hook.
|
||||
*
|
||||
|
@ -294,7 +294,7 @@ struct bus_t {
|
|||
* @param new new IKE_SA replacing old
|
||||
*/
|
||||
void (*ike_rekey)(bus_t *this, ike_sa_t *old, ike_sa_t *new);
|
||||
|
||||
|
||||
/**
|
||||
* CHILD_SA up/down hook.
|
||||
*
|
||||
|
@ -302,7 +302,7 @@ struct bus_t {
|
|||
* @param up TRUE for an up event, FALSE for a down event
|
||||
*/
|
||||
void (*child_updown)(bus_t *this, child_sa_t *child_sa, bool up);
|
||||
|
||||
|
||||
/**
|
||||
* CHILD_SA rekeying hook.
|
||||
*
|
||||
|
@ -310,7 +310,7 @@ struct bus_t {
|
|||
* @param new new CHILD_SA replacing old
|
||||
*/
|
||||
void (*child_rekey)(bus_t *this, child_sa_t *old, child_sa_t *new);
|
||||
|
||||
|
||||
/**
|
||||
* Destroy the event bus.
|
||||
*/
|
||||
|
|
|
@ -25,17 +25,17 @@ typedef struct private_file_logger_t private_file_logger_t;
|
|||
* Private data of a file_logger_t object
|
||||
*/
|
||||
struct private_file_logger_t {
|
||||
|
||||
|
||||
/**
|
||||
* Public data.
|
||||
*/
|
||||
file_logger_t public;
|
||||
|
||||
|
||||
/**
|
||||
* output file
|
||||
*/
|
||||
FILE *out;
|
||||
|
||||
|
||||
/**
|
||||
* Maximum level to log, for each group
|
||||
*/
|
||||
|
@ -52,10 +52,10 @@ static bool log_(private_file_logger_t *this, debug_t group, level_t level,
|
|||
{
|
||||
char buffer[8192];
|
||||
char *current = buffer, *next;
|
||||
|
||||
|
||||
/* write in memory buffer first */
|
||||
vsnprintf(buffer, sizeof(buffer), format, args);
|
||||
|
||||
|
||||
/* prepend a prefix in front of every line */
|
||||
while (current)
|
||||
{
|
||||
|
@ -109,17 +109,17 @@ static void destroy(private_file_logger_t *this)
|
|||
file_logger_t *file_logger_create(FILE *out)
|
||||
{
|
||||
private_file_logger_t *this = malloc_thing(private_file_logger_t);
|
||||
|
||||
|
||||
/* public functions */
|
||||
memset(&this->public.listener, 0, sizeof(listener_t));
|
||||
this->public.listener.log = (bool(*)(listener_t*,debug_t,level_t,int,ike_sa_t*,char*,va_list))log_;
|
||||
this->public.set_level = (void(*)(file_logger_t*,debug_t,level_t))set_level;
|
||||
this->public.destroy = (void(*)(file_logger_t*))destroy;
|
||||
|
||||
|
||||
/* private variables */
|
||||
this->out = out;
|
||||
set_level(this, DBG_ANY, LEVEL_SILENT);
|
||||
|
||||
|
||||
return &this->public;
|
||||
}
|
||||
|
||||
|
|
|
@ -29,12 +29,12 @@ typedef struct file_logger_t file_logger_t;
|
|||
* Logger to files which implements listener_t.
|
||||
*/
|
||||
struct file_logger_t {
|
||||
|
||||
|
||||
/**
|
||||
* Implements the listener_t interface.
|
||||
*/
|
||||
listener_t listener;
|
||||
|
||||
|
||||
/**
|
||||
* Set the loglevel for a debug group.
|
||||
*
|
||||
|
@ -42,7 +42,7 @@ struct file_logger_t {
|
|||
* @param level max level to log (0..4)
|
||||
*/
|
||||
void (*set_level) (file_logger_t *this, debug_t group, level_t level);
|
||||
|
||||
|
||||
/**
|
||||
* Destroys a file_logger_t object.
|
||||
*/
|
||||
|
|
|
@ -29,7 +29,7 @@ typedef struct listener_t listener_t;
|
|||
* Listener interface, listens to events if registered to the bus.
|
||||
*/
|
||||
struct listener_t {
|
||||
|
||||
|
||||
/**
|
||||
* Log a debugging message.
|
||||
*
|
||||
|
@ -48,7 +48,7 @@ struct listener_t {
|
|||
*/
|
||||
bool (*log)(listener_t *this, debug_t group, level_t level, int thread,
|
||||
ike_sa_t *ike_sa, char* format, va_list args);
|
||||
|
||||
|
||||
/**
|
||||
* Hook called if a critical alert is risen.
|
||||
*
|
||||
|
@ -59,7 +59,7 @@ struct listener_t {
|
|||
*/
|
||||
bool (*alert)(listener_t *this, ike_sa_t *ike_sa,
|
||||
alert_t alert, va_list args);
|
||||
|
||||
|
||||
/**
|
||||
* Handle state changes in an IKE_SA.
|
||||
*
|
||||
|
@ -69,7 +69,7 @@ struct listener_t {
|
|||
*/
|
||||
bool (*ike_state_change)(listener_t *this, ike_sa_t *ike_sa,
|
||||
ike_sa_state_t state);
|
||||
|
||||
|
||||
/**
|
||||
* Handle state changes in a CHILD_SA.
|
||||
*
|
||||
|
@ -80,7 +80,7 @@ struct listener_t {
|
|||
*/
|
||||
bool (*child_state_change)(listener_t *this, ike_sa_t *ike_sa,
|
||||
child_sa_t *child_sa, child_sa_state_t state);
|
||||
|
||||
|
||||
/**
|
||||
* Hook called for received/sent messages of an IKE_SA.
|
||||
*
|
||||
|
@ -91,7 +91,7 @@ struct listener_t {
|
|||
*/
|
||||
bool (*message)(listener_t *this, ike_sa_t *ike_sa, message_t *message,
|
||||
bool incoming);
|
||||
|
||||
|
||||
/**
|
||||
* Hook called with IKE_SA key material.
|
||||
*
|
||||
|
@ -104,7 +104,7 @@ struct listener_t {
|
|||
*/
|
||||
bool (*ike_keys)(listener_t *this, ike_sa_t *ike_sa, diffie_hellman_t *dh,
|
||||
chunk_t nonce_i, chunk_t nonce_r, ike_sa_t *rekey);
|
||||
|
||||
|
||||
/**
|
||||
* Hook called with CHILD_SA key material.
|
||||
*
|
||||
|
@ -117,7 +117,7 @@ struct listener_t {
|
|||
*/
|
||||
bool (*child_keys)(listener_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa,
|
||||
diffie_hellman_t *dh, chunk_t nonce_i, chunk_t nonce_r);
|
||||
|
||||
|
||||
/**
|
||||
* Hook called if an IKE_SA gets up or down.
|
||||
*
|
||||
|
@ -126,7 +126,7 @@ struct listener_t {
|
|||
* @return TRUE to stay registered, FALSE to unregister
|
||||
*/
|
||||
bool (*ike_updown)(listener_t *this, ike_sa_t *ike_sa, bool up);
|
||||
|
||||
|
||||
/**
|
||||
* Hook called when an IKE_SA gets rekeyed.
|
||||
*
|
||||
|
@ -135,7 +135,7 @@ struct listener_t {
|
|||
* @return TRUE to stay registered, FALSE to unregister
|
||||
*/
|
||||
bool (*ike_rekey)(listener_t *this, ike_sa_t *old, ike_sa_t *new);
|
||||
|
||||
|
||||
/**
|
||||
* Hook called when a CHILD_SA gets up or down.
|
||||
*
|
||||
|
@ -146,7 +146,7 @@ struct listener_t {
|
|||
*/
|
||||
bool (*child_updown)(listener_t *this, ike_sa_t *ike_sa,
|
||||
child_sa_t *child_sa, bool up);
|
||||
|
||||
|
||||
/**
|
||||
* Hook called when an CHILD_SA gets rekeyed.
|
||||
*
|
||||
|
@ -157,7 +157,7 @@ struct listener_t {
|
|||
*/
|
||||
bool (*child_rekey)(listener_t *this, ike_sa_t *ike_sa,
|
||||
child_sa_t *old, child_sa_t *new);
|
||||
|
||||
|
||||
/**
|
||||
* Hook called to invoke additional authorization rules.
|
||||
*
|
||||
|
|
|
@ -25,17 +25,17 @@ typedef struct private_sys_logger_t private_sys_logger_t;
|
|||
* Private data of a sys_logger_t object
|
||||
*/
|
||||
struct private_sys_logger_t {
|
||||
|
||||
|
||||
/**
|
||||
* Public data.
|
||||
*/
|
||||
sys_logger_t public;
|
||||
|
||||
|
||||
/**
|
||||
* syslog facility to use
|
||||
*/
|
||||
int facility;
|
||||
|
||||
|
||||
/**
|
||||
* Maximum level to log, for each group
|
||||
*/
|
||||
|
@ -52,10 +52,10 @@ static bool log_(private_sys_logger_t *this, debug_t group, level_t level,
|
|||
{
|
||||
char buffer[8192];
|
||||
char *current = buffer, *next;
|
||||
|
||||
|
||||
/* write in memory buffer first */
|
||||
vsnprintf(buffer, sizeof(buffer), format, args);
|
||||
|
||||
|
||||
/* do a syslog with every line */
|
||||
while (current)
|
||||
{
|
||||
|
@ -106,16 +106,16 @@ static void destroy(private_sys_logger_t *this)
|
|||
sys_logger_t *sys_logger_create(int facility)
|
||||
{
|
||||
private_sys_logger_t *this = malloc_thing(private_sys_logger_t);
|
||||
|
||||
|
||||
/* public functions */
|
||||
memset(&this->public.listener, 0, sizeof(listener_t));
|
||||
this->public.listener.log = (bool(*)(listener_t*,debug_t,level_t,int,ike_sa_t*,char*,va_list))log_;
|
||||
this->public.set_level = (void(*)(sys_logger_t*,debug_t,level_t))set_level;
|
||||
this->public.destroy = (void(*)(sys_logger_t*))destroy;
|
||||
|
||||
|
||||
/* private variables */
|
||||
this->facility = facility;
|
||||
set_level(this, DBG_ANY, LEVEL_SILENT);
|
||||
|
||||
|
||||
return &this->public;
|
||||
}
|
||||
|
|
|
@ -31,12 +31,12 @@ typedef struct sys_logger_t sys_logger_t;
|
|||
* Logger for syslog which implements listener_t.
|
||||
*/
|
||||
struct sys_logger_t {
|
||||
|
||||
|
||||
/**
|
||||
* Implements the listener_t interface.
|
||||
*/
|
||||
listener_t listener;
|
||||
|
||||
|
||||
/**
|
||||
* Set the loglevel for a debug group.
|
||||
*
|
||||
|
@ -44,7 +44,7 @@ struct sys_logger_t {
|
|||
* @param level max level to log (0..4)
|
||||
*/
|
||||
void (*set_level) (sys_logger_t *this, debug_t group, level_t level);
|
||||
|
||||
|
||||
/**
|
||||
* Destroys a sys_logger_t object.
|
||||
*/
|
||||
|
|
|
@ -30,7 +30,7 @@ typedef struct attribute_handler_t attribute_handler_t;
|
|||
* Interface to handle configuration payload attributes.
|
||||
*/
|
||||
struct attribute_handler_t {
|
||||
|
||||
|
||||
/**
|
||||
* Handle a configuration attribute.
|
||||
*
|
||||
|
@ -43,7 +43,7 @@ struct attribute_handler_t {
|
|||
*/
|
||||
bool (*handle)(attribute_handler_t *this, ike_sa_t *ike_sa,
|
||||
configuration_attribute_type_t type, chunk_t data);
|
||||
|
||||
|
||||
/**
|
||||
* Release an attribute handled during handle().
|
||||
*
|
||||
|
|
|
@ -30,17 +30,17 @@ struct private_attribute_manager_t {
|
|||
* public functions
|
||||
*/
|
||||
attribute_manager_t public;
|
||||
|
||||
|
||||
/**
|
||||
* list of registered providers
|
||||
*/
|
||||
linked_list_t *providers;
|
||||
|
||||
|
||||
/**
|
||||
* list of registered handlers
|
||||
*/
|
||||
linked_list_t *handlers;
|
||||
|
||||
|
||||
/**
|
||||
* rwlock provider list
|
||||
*/
|
||||
|
@ -57,7 +57,7 @@ static host_t* acquire_address(private_attribute_manager_t *this,
|
|||
enumerator_t *enumerator;
|
||||
attribute_provider_t *current;
|
||||
host_t *host = NULL;
|
||||
|
||||
|
||||
this->lock->read_lock(this->lock);
|
||||
enumerator = this->providers->create_enumerator(this->providers);
|
||||
while (enumerator->enumerate(enumerator, ¤t))
|
||||
|
@ -70,7 +70,7 @@ static host_t* acquire_address(private_attribute_manager_t *this,
|
|||
}
|
||||
enumerator->destroy(enumerator);
|
||||
this->lock->unlock(this->lock);
|
||||
|
||||
|
||||
if (!host)
|
||||
{
|
||||
DBG1(DBG_CFG, "acquiring address from pool '%s' failed", pool);
|
||||
|
@ -87,7 +87,7 @@ static void release_address(private_attribute_manager_t *this,
|
|||
enumerator_t *enumerator;
|
||||
attribute_provider_t *current;
|
||||
bool found = FALSE;
|
||||
|
||||
|
||||
this->lock->read_lock(this->lock);
|
||||
enumerator = this->providers->create_enumerator(this->providers);
|
||||
while (enumerator->enumerate(enumerator, ¤t))
|
||||
|
@ -100,7 +100,7 @@ static void release_address(private_attribute_manager_t *this,
|
|||
}
|
||||
enumerator->destroy(enumerator);
|
||||
this->lock->unlock(this->lock);
|
||||
|
||||
|
||||
if (!found)
|
||||
{
|
||||
DBG1(DBG_CFG, "releasing address to pool '%s' failed", pool);
|
||||
|
@ -161,7 +161,7 @@ static attribute_handler_t* handle(private_attribute_manager_t *this,
|
|||
{
|
||||
enumerator_t *enumerator;
|
||||
attribute_handler_t *current, *handled = NULL;
|
||||
|
||||
|
||||
this->lock->read_lock(this->lock);
|
||||
enumerator = this->handlers->create_enumerator(this->handlers);
|
||||
while (enumerator->enumerate(enumerator, ¤t))
|
||||
|
@ -174,7 +174,7 @@ static attribute_handler_t* handle(private_attribute_manager_t *this,
|
|||
}
|
||||
enumerator->destroy(enumerator);
|
||||
this->lock->unlock(this->lock);
|
||||
|
||||
|
||||
if (!handled)
|
||||
{
|
||||
DBG1(DBG_CFG, "handling %N attribute failed",
|
||||
|
@ -192,7 +192,7 @@ static void release(private_attribute_manager_t *this,
|
|||
{
|
||||
enumerator_t *enumerator;
|
||||
attribute_handler_t *current;
|
||||
|
||||
|
||||
this->lock->read_lock(this->lock);
|
||||
enumerator = this->handlers->create_enumerator(this->handlers);
|
||||
while (enumerator->enumerate(enumerator, ¤t))
|
||||
|
@ -246,7 +246,7 @@ static void destroy(private_attribute_manager_t *this)
|
|||
attribute_manager_t *attribute_manager_create()
|
||||
{
|
||||
private_attribute_manager_t *this = malloc_thing(private_attribute_manager_t);
|
||||
|
||||
|
||||
this->public.acquire_address = (host_t*(*)(attribute_manager_t*, char*, identification_t*,host_t*))acquire_address;
|
||||
this->public.release_address = (void(*)(attribute_manager_t*, char *, host_t*, identification_t*))release_address;
|
||||
this->public.create_attribute_enumerator = (enumerator_t*(*)(attribute_manager_t*, identification_t *id))create_attribute_enumerator;
|
||||
|
@ -257,11 +257,11 @@ attribute_manager_t *attribute_manager_create()
|
|||
this->public.add_handler = (void(*)(attribute_manager_t*, attribute_handler_t *handler))add_handler;
|
||||
this->public.remove_handler = (void(*)(attribute_manager_t*, attribute_handler_t *handler))remove_handler;
|
||||
this->public.destroy = (void(*)(attribute_manager_t*))destroy;
|
||||
|
||||
|
||||
this->providers = linked_list_create();
|
||||
this->handlers = linked_list_create();
|
||||
this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT);
|
||||
|
||||
|
||||
return &this->public;
|
||||
}
|
||||
|
||||
|
|
|
@ -35,7 +35,7 @@ typedef struct attribute_manager_t attribute_manager_t;
|
|||
* are received on the requesting peer.
|
||||
*/
|
||||
struct attribute_manager_t {
|
||||
|
||||
|
||||
/**
|
||||
* Acquire a virtual IP address to assign to a peer.
|
||||
*
|
||||
|
@ -47,7 +47,7 @@ struct attribute_manager_t {
|
|||
host_t* (*acquire_address)(attribute_manager_t *this,
|
||||
char *pool, identification_t *id,
|
||||
host_t *requested);
|
||||
|
||||
|
||||
/**
|
||||
* Release a previously acquired address.
|
||||
*
|
||||
|
@ -57,7 +57,7 @@ struct attribute_manager_t {
|
|||
*/
|
||||
void (*release_address)(attribute_manager_t *this,
|
||||
char *pool, host_t *address, identification_t *id);
|
||||
|
||||
|
||||
/**
|
||||
* Create an enumerator over attributes to hand out to a peer.
|
||||
*
|
||||
|
@ -66,7 +66,7 @@ struct attribute_manager_t {
|
|||
*/
|
||||
enumerator_t* (*create_attribute_enumerator)(attribute_manager_t *this,
|
||||
identification_t *id);
|
||||
|
||||
|
||||
/**
|
||||
* Register an attribute provider to the manager.
|
||||
*
|
||||
|
@ -81,7 +81,7 @@ struct attribute_manager_t {
|
|||
*/
|
||||
void (*remove_provider)(attribute_manager_t *this,
|
||||
attribute_provider_t *provider);
|
||||
|
||||
|
||||
/**
|
||||
* Handle a configuration attribute by passing them to the handlers.
|
||||
*
|
||||
|
@ -92,7 +92,7 @@ struct attribute_manager_t {
|
|||
*/
|
||||
attribute_handler_t* (*handle)(attribute_manager_t *this, ike_sa_t *ike_sa,
|
||||
configuration_attribute_type_t type, chunk_t data);
|
||||
|
||||
|
||||
/**
|
||||
* Release an attribute previously handle()d by a handler.
|
||||
*
|
||||
|
@ -104,7 +104,7 @@ struct attribute_manager_t {
|
|||
void (*release)(attribute_manager_t *this, attribute_handler_t *handler,
|
||||
ike_sa_t *ike_sa, configuration_attribute_type_t type,
|
||||
chunk_t data);
|
||||
|
||||
|
||||
/**
|
||||
* Register an attribute handler to the manager.
|
||||
*
|
||||
|
@ -112,7 +112,7 @@ struct attribute_manager_t {
|
|||
*/
|
||||
void (*add_handler)(attribute_manager_t *this,
|
||||
attribute_handler_t *handler);
|
||||
|
||||
|
||||
/**
|
||||
* Unregister an attribute handler from the manager.
|
||||
*
|
||||
|
@ -120,7 +120,7 @@ struct attribute_manager_t {
|
|||
*/
|
||||
void (*remove_handler)(attribute_manager_t *this,
|
||||
attribute_handler_t *handler);
|
||||
|
||||
|
||||
/**
|
||||
* Destroy a attribute_manager instance.
|
||||
*/
|
||||
|
|
|
@ -41,7 +41,7 @@ struct attribute_provider_t {
|
|||
* @return allocated address, NULL to serve none
|
||||
*/
|
||||
host_t* (*acquire_address)(attribute_provider_t *this,
|
||||
char *pool, identification_t *id,
|
||||
char *pool, identification_t *id,
|
||||
host_t *requested);
|
||||
/**
|
||||
* Release a previously acquired address.
|
||||
|
@ -53,7 +53,7 @@ struct attribute_provider_t {
|
|||
*/
|
||||
bool (*release_address)(attribute_provider_t *this,
|
||||
char *pool, host_t *address, identification_t *id);
|
||||
|
||||
|
||||
/**
|
||||
* Create an enumerator over attributes to hand out to a peer.
|
||||
*
|
||||
|
|
|
@ -45,12 +45,12 @@ typedef struct private_auth_cfg_t private_auth_cfg_t;
|
|||
* private data of item_set
|
||||
*/
|
||||
struct private_auth_cfg_t {
|
||||
|
||||
|
||||
/**
|
||||
* public functions
|
||||
*/
|
||||
auth_cfg_t public;
|
||||
|
||||
|
||||
/**
|
||||
* list of entry_t
|
||||
*/
|
||||
|
@ -84,7 +84,7 @@ typedef struct {
|
|||
static bool enumerate(entry_enumerator_t *this, auth_rule_t *type, void **value)
|
||||
{
|
||||
entry_t *entry;
|
||||
|
||||
|
||||
if (this->inner->enumerate(this->inner, &entry))
|
||||
{
|
||||
this->current = entry;
|
||||
|
@ -110,7 +110,7 @@ static void entry_enumerator_destroy(entry_enumerator_t *this)
|
|||
static enumerator_t* create_enumerator(private_auth_cfg_t *this)
|
||||
{
|
||||
entry_enumerator_t *enumerator;
|
||||
|
||||
|
||||
enumerator = malloc_thing(entry_enumerator_t);
|
||||
enumerator->inner = this->entries->create_enumerator(this->entries);
|
||||
enumerator->public.enumerate = (void*)enumerate;
|
||||
|
@ -168,9 +168,9 @@ static void replace(auth_cfg_t *this, entry_enumerator_t *enumerator,
|
|||
if (enumerator->current)
|
||||
{
|
||||
va_list args;
|
||||
|
||||
|
||||
va_start(args, type);
|
||||
|
||||
|
||||
destroy_entry_value(enumerator->current);
|
||||
enumerator->current->type = type;
|
||||
switch (type)
|
||||
|
@ -210,7 +210,7 @@ static void* get(private_auth_cfg_t *this, auth_rule_t type)
|
|||
void *current_value, *best_value = NULL;
|
||||
auth_rule_t current_type;
|
||||
bool found = FALSE;
|
||||
|
||||
|
||||
enumerator = create_enumerator(this);
|
||||
while (enumerator->enumerate(enumerator, ¤t_type, ¤t_value))
|
||||
{
|
||||
|
@ -270,7 +270,7 @@ static void add(private_auth_cfg_t *this, auth_rule_t type, ...)
|
|||
{
|
||||
entry_t *entry = malloc_thing(entry_t);
|
||||
va_list args;
|
||||
|
||||
|
||||
va_start(args, type);
|
||||
entry->type = type;
|
||||
switch (type)
|
||||
|
@ -311,7 +311,7 @@ static bool complies(private_auth_cfg_t *this, auth_cfg_t *constraints,
|
|||
bool success = TRUE;
|
||||
auth_rule_t t1, t2;
|
||||
void *value;
|
||||
|
||||
|
||||
e1 = constraints->create_enumerator(constraints);
|
||||
while (e1->enumerate(e1, &t1, &value))
|
||||
{
|
||||
|
@ -321,9 +321,9 @@ static bool complies(private_auth_cfg_t *this, auth_cfg_t *constraints,
|
|||
case AUTH_RULE_IM_CERT:
|
||||
{
|
||||
certificate_t *c1, *c2;
|
||||
|
||||
|
||||
c1 = (certificate_t*)value;
|
||||
|
||||
|
||||
success = FALSE;
|
||||
e2 = create_enumerator(this);
|
||||
while (e2->enumerate(e2, &t2, &c2))
|
||||
|
@ -345,7 +345,7 @@ static bool complies(private_auth_cfg_t *this, auth_cfg_t *constraints,
|
|||
case AUTH_RULE_SUBJECT_CERT:
|
||||
{
|
||||
certificate_t *c1, *c2;
|
||||
|
||||
|
||||
c1 = (certificate_t*)value;
|
||||
c2 = get(this, AUTH_RULE_SUBJECT_CERT);
|
||||
if (!c2 || !c1->equals(c1, c2))
|
||||
|
@ -364,7 +364,7 @@ static bool complies(private_auth_cfg_t *this, auth_cfg_t *constraints,
|
|||
case AUTH_RULE_OCSP_VALIDATION:
|
||||
{
|
||||
cert_validation_t validated, required;
|
||||
|
||||
|
||||
required = (uintptr_t)value;
|
||||
validated = (uintptr_t)get(this, t1);
|
||||
switch (required)
|
||||
|
@ -401,7 +401,7 @@ static bool complies(private_auth_cfg_t *this, auth_cfg_t *constraints,
|
|||
case AUTH_RULE_EAP_IDENTITY:
|
||||
{
|
||||
identification_t *id1, *id2;
|
||||
|
||||
|
||||
id1 = (identification_t*)value;
|
||||
id2 = get(this, t1);
|
||||
if (!id2 || !id2->matches(id2, id1))
|
||||
|
@ -499,7 +499,7 @@ static void merge(private_auth_cfg_t *this, private_auth_cfg_t *other, bool copy
|
|||
enumerator_t *enumerator;
|
||||
auth_rule_t type;
|
||||
void *value;
|
||||
|
||||
|
||||
enumerator = create_enumerator(other);
|
||||
while (enumerator->enumerate(enumerator, &type, &value))
|
||||
{
|
||||
|
@ -512,7 +512,7 @@ static void merge(private_auth_cfg_t *this, private_auth_cfg_t *other, bool copy
|
|||
case AUTH_HELPER_SUBJECT_CERT:
|
||||
{
|
||||
certificate_t *cert = (certificate_t*)value;
|
||||
|
||||
|
||||
add(this, type, cert->get_ref(cert));
|
||||
break;
|
||||
}
|
||||
|
@ -530,7 +530,7 @@ static void merge(private_auth_cfg_t *this, private_auth_cfg_t *other, bool copy
|
|||
case AUTH_RULE_AC_GROUP:
|
||||
{
|
||||
identification_t *id = (identification_t*)value;
|
||||
|
||||
|
||||
add(this, type, id->clone(id));
|
||||
break;
|
||||
}
|
||||
|
@ -547,7 +547,7 @@ static void merge(private_auth_cfg_t *this, private_auth_cfg_t *other, bool copy
|
|||
else
|
||||
{
|
||||
entry_t *entry;
|
||||
|
||||
|
||||
while (other->entries->remove_first(other->entries,
|
||||
(void**)&entry) == SUCCESS)
|
||||
{
|
||||
|
@ -564,7 +564,7 @@ static bool equals(private_auth_cfg_t *this, private_auth_cfg_t *other)
|
|||
enumerator_t *e1, *e2;
|
||||
entry_t *i1, *i2;
|
||||
bool equal = TRUE, found;
|
||||
|
||||
|
||||
if (this->entries->get_count(this->entries) !=
|
||||
other->entries->get_count(other->entries))
|
||||
{
|
||||
|
@ -601,10 +601,10 @@ static bool equals(private_auth_cfg_t *this, private_auth_cfg_t *other)
|
|||
case AUTH_HELPER_SUBJECT_CERT:
|
||||
{
|
||||
certificate_t *c1, *c2;
|
||||
|
||||
|
||||
c1 = (certificate_t*)i1->value;
|
||||
c2 = (certificate_t*)i2->value;
|
||||
|
||||
|
||||
if (c1->equals(c1, c2))
|
||||
{
|
||||
found = TRUE;
|
||||
|
@ -617,10 +617,10 @@ static bool equals(private_auth_cfg_t *this, private_auth_cfg_t *other)
|
|||
case AUTH_RULE_AC_GROUP:
|
||||
{
|
||||
identification_t *id1, *id2;
|
||||
|
||||
|
||||
id1 = (identification_t*)i1->value;
|
||||
id2 = (identification_t*)i2->value;
|
||||
|
||||
|
||||
if (id1->equals(id1, id2))
|
||||
{
|
||||
found = TRUE;
|
||||
|
@ -660,7 +660,7 @@ static void purge(private_auth_cfg_t *this, bool keep_ca)
|
|||
{
|
||||
entry_t *entry;
|
||||
linked_list_t *cas;
|
||||
|
||||
|
||||
cas = linked_list_create();
|
||||
while (this->entries->remove_last(this->entries, (void**)&entry) == SUCCESS)
|
||||
{
|
||||
|
@ -689,7 +689,7 @@ static auth_cfg_t* clone_(private_auth_cfg_t *this)
|
|||
enumerator_t *enumerator;
|
||||
auth_cfg_t *clone;
|
||||
entry_t *entry;
|
||||
|
||||
|
||||
clone = auth_cfg_create();
|
||||
enumerator = this->entries->create_enumerator(this->entries);
|
||||
while (enumerator->enumerate(enumerator, &entry))
|
||||
|
@ -749,7 +749,7 @@ static void destroy(private_auth_cfg_t *this)
|
|||
auth_cfg_t *auth_cfg_create()
|
||||
{
|
||||
private_auth_cfg_t *this = malloc_thing(private_auth_cfg_t);
|
||||
|
||||
|
||||
this->public.add = (void(*)(auth_cfg_t*, auth_rule_t type, ...))add;
|
||||
this->public.get = (void*(*)(auth_cfg_t*, auth_rule_t type))get;
|
||||
this->public.create_enumerator = (enumerator_t*(*)(auth_cfg_t*))create_enumerator;
|
||||
|
@ -760,9 +760,9 @@ auth_cfg_t *auth_cfg_create()
|
|||
this->public.equals = (bool(*)(auth_cfg_t*, auth_cfg_t *other))equals;
|
||||
this->public.clone = (auth_cfg_t*(*)(auth_cfg_t*))clone_;
|
||||
this->public.destroy = (void(*)(auth_cfg_t*))destroy;
|
||||
|
||||
|
||||
this->entries = linked_list_create();
|
||||
|
||||
|
||||
return &this->public;
|
||||
}
|
||||
|
||||
|
|
|
@ -41,7 +41,7 @@ typedef enum auth_rule_t auth_rule_t;
|
|||
* to transport credentials during the authentication process.
|
||||
*/
|
||||
enum auth_rule_t {
|
||||
|
||||
|
||||
/** identity to use for IKEv2 authentication exchange, identification_t* */
|
||||
AUTH_RULE_IDENTITY,
|
||||
/** authentication class, auth_class_t */
|
||||
|
@ -64,7 +64,7 @@ enum auth_rule_t {
|
|||
AUTH_RULE_OCSP_VALIDATION,
|
||||
/** subject is in attribute certificate group, identification_t* */
|
||||
AUTH_RULE_AC_GROUP,
|
||||
|
||||
|
||||
/** intermediate certificate, certificate_t* */
|
||||
AUTH_HELPER_IM_CERT,
|
||||
/** subject certificate, certificate_t* */
|
||||
|
@ -86,7 +86,7 @@ extern enum_name_t *auth_rule_names;
|
|||
* RFC4739 defines multiple authentication rounds. This class defines such
|
||||
* a round from a configuration perspective, either for the local or the remote
|
||||
* peer. Local config are called "rulesets", as they define how we authenticate.
|
||||
* Remote peer configs are called "constraits", they define what is needed to
|
||||
* Remote peer configs are called "constraits", they define what is needed to
|
||||
* complete the authentication round successfully.
|
||||
*
|
||||
* @verbatim
|
||||
|
@ -122,7 +122,7 @@ struct auth_cfg_t {
|
|||
* @param ... associated value to rule
|
||||
*/
|
||||
void (*add)(auth_cfg_t *this, auth_rule_t rule, ...);
|
||||
|
||||
|
||||
/**
|
||||
* Get an rule value.
|
||||
*
|
||||
|
@ -130,14 +130,14 @@ struct auth_cfg_t {
|
|||
* @return bool if item has been found
|
||||
*/
|
||||
void* (*get)(auth_cfg_t *this, auth_rule_t rule);
|
||||
|
||||
|
||||
/**
|
||||
* Create an enumerator over added rules.
|
||||
*
|
||||
* @return enumerator over (auth_rule_t, union{void*,uintpr_t})
|
||||
*/
|
||||
enumerator_t* (*create_enumerator)(auth_cfg_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Replace an rule at enumerator position.
|
||||
*
|
||||
|
@ -147,7 +147,7 @@ struct auth_cfg_t {
|
|||
*/
|
||||
void (*replace)(auth_cfg_t *this, enumerator_t *pos,
|
||||
auth_rule_t rule, ...);
|
||||
|
||||
|
||||
/**
|
||||
* Check if a used config fulfills a set of configured constraints.
|
||||
*
|
||||
|
@ -156,7 +156,7 @@ struct auth_cfg_t {
|
|||
* @return TRUE if this complies with constraints
|
||||
*/
|
||||
bool (*complies)(auth_cfg_t *this, auth_cfg_t *constraints, bool log_error);
|
||||
|
||||
|
||||
/**
|
||||
* Merge items from other into this.
|
||||
*
|
||||
|
@ -164,14 +164,14 @@ struct auth_cfg_t {
|
|||
* @param copy TRUE to copy items, FALSE to move them
|
||||
*/
|
||||
void (*merge)(auth_cfg_t *this, auth_cfg_t *other, bool copy);
|
||||
|
||||
|
||||
/**
|
||||
* Purge all rules in a config.
|
||||
*
|
||||
* @param keep_ca wheter to keep AUTH_RULE_CA_CERT entries
|
||||
*/
|
||||
void (*purge)(auth_cfg_t *this, bool keep_ca);
|
||||
|
||||
|
||||
/**
|
||||
* Check two configs for equality.
|
||||
*
|
||||
|
@ -179,14 +179,14 @@ struct auth_cfg_t {
|
|||
* @return TRUE if auth infos identical
|
||||
*/
|
||||
bool (*equals)(auth_cfg_t *this, auth_cfg_t *other);
|
||||
|
||||
|
||||
/**
|
||||
* Clone a authentication config, including all rules.
|
||||
*
|
||||
* @return cloned configuration
|
||||
*/
|
||||
auth_cfg_t* (*clone)(auth_cfg_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Destroy a config with all associated rules/values.
|
||||
*/
|
||||
|
|
|
@ -34,12 +34,12 @@ struct private_backend_manager_t {
|
|||
* Public part of backend_manager_t object.
|
||||
*/
|
||||
backend_manager_t public;
|
||||
|
||||
|
||||
/**
|
||||
* list of registered backends
|
||||
*/
|
||||
linked_list_t *backends;
|
||||
|
||||
|
||||
/**
|
||||
* rwlock for backends
|
||||
*/
|
||||
|
@ -80,7 +80,7 @@ static ike_cfg_match_t get_ike_match(ike_cfg_t *cand, host_t *me, host_t *other)
|
|||
{
|
||||
host_t *me_cand, *other_cand;
|
||||
ike_cfg_match_t match = MATCH_NONE;
|
||||
|
||||
|
||||
if (me)
|
||||
{
|
||||
me_cand = host_create_from_dns(cand->get_my_addr(cand),
|
||||
|
@ -103,7 +103,7 @@ static ike_cfg_match_t get_ike_match(ike_cfg_t *cand, host_t *me, host_t *other)
|
|||
{
|
||||
match += MATCH_ANY;
|
||||
}
|
||||
|
||||
|
||||
if (other)
|
||||
{
|
||||
other_cand = host_create_from_dns(cand->get_other_addr(cand),
|
||||
|
@ -132,21 +132,21 @@ static ike_cfg_match_t get_ike_match(ike_cfg_t *cand, host_t *me, host_t *other)
|
|||
/**
|
||||
* implements backend_manager_t.get_ike_cfg.
|
||||
*/
|
||||
static ike_cfg_t *get_ike_cfg(private_backend_manager_t *this,
|
||||
static ike_cfg_t *get_ike_cfg(private_backend_manager_t *this,
|
||||
host_t *me, host_t *other)
|
||||
{
|
||||
ike_cfg_t *current, *found = NULL;
|
||||
enumerator_t *enumerator;
|
||||
ike_cfg_match_t match, best = MATCH_ANY;
|
||||
ike_data_t *data;
|
||||
|
||||
|
||||
data = malloc_thing(ike_data_t);
|
||||
data->this = this;
|
||||
data->me = me;
|
||||
data->other = other;
|
||||
|
||||
|
||||
DBG2(DBG_CFG, "looking for an ike config for %H...%H", me, other);
|
||||
|
||||
|
||||
this->lock->read_lock(this->lock);
|
||||
enumerator = enumerator_create_nested(
|
||||
this->backends->create_enumerator(this->backends),
|
||||
|
@ -154,11 +154,11 @@ static ike_cfg_t *get_ike_cfg(private_backend_manager_t *this,
|
|||
while (enumerator->enumerate(enumerator, (void**)¤t))
|
||||
{
|
||||
match = get_ike_match(current, me, other);
|
||||
|
||||
|
||||
if (match)
|
||||
{
|
||||
DBG2(DBG_CFG, " candidate: %s...%s, prio %d",
|
||||
current->get_my_addr(current),
|
||||
DBG2(DBG_CFG, " candidate: %s...%s, prio %d",
|
||||
current->get_my_addr(current),
|
||||
current->get_other_addr(current), match);
|
||||
if (match > best)
|
||||
{
|
||||
|
@ -173,7 +173,7 @@ static ike_cfg_t *get_ike_cfg(private_backend_manager_t *this,
|
|||
this->lock->unlock(this->lock);
|
||||
if (found)
|
||||
{
|
||||
DBG2(DBG_CFG, "found matching ike config: %s...%s with prio %d",
|
||||
DBG2(DBG_CFG, "found matching ike config: %s...%s with prio %d",
|
||||
found->get_my_addr(found), found->get_other_addr(found), best);
|
||||
}
|
||||
return found;
|
||||
|
@ -189,12 +189,12 @@ static id_match_t get_peer_match(identification_t *id,
|
|||
auth_cfg_t *auth;
|
||||
identification_t *candidate;
|
||||
id_match_t match = ID_MATCH_NONE;
|
||||
|
||||
|
||||
if (!id)
|
||||
{
|
||||
return ID_MATCH_ANY;
|
||||
}
|
||||
|
||||
|
||||
/* compare first auth config only */
|
||||
enumerator = cfg->create_auth_cfg_enumerator(cfg, local);
|
||||
if (enumerator->enumerate(enumerator, &auth))
|
||||
|
@ -269,7 +269,7 @@ static bool peer_enum_filter(linked_list_t *configs,
|
|||
static void peer_enum_filter_destroy(linked_list_t *configs)
|
||||
{
|
||||
match_entry_t *entry;
|
||||
|
||||
|
||||
while (configs->remove_last(configs, (void**)&entry) == SUCCESS)
|
||||
{
|
||||
entry->cfg->destroy(entry->cfg);
|
||||
|
@ -285,7 +285,7 @@ static void insert_sorted(match_entry_t *entry, linked_list_t *list,
|
|||
linked_list_t *helper)
|
||||
{
|
||||
match_entry_t *current;
|
||||
|
||||
|
||||
while (list->remove_first(list, (void**)¤t) == SUCCESS)
|
||||
{
|
||||
helper->insert_last(helper, current);
|
||||
|
@ -311,7 +311,7 @@ static void insert_sorted(match_entry_t *entry, linked_list_t *list,
|
|||
|
||||
/**
|
||||
* Implements backend_manager_t.create_peer_cfg_enumerator.
|
||||
*/
|
||||
*/
|
||||
static enumerator_t *create_peer_cfg_enumerator(private_backend_manager_t *this,
|
||||
host_t *me, host_t *other, identification_t *my_id,
|
||||
identification_t *other_id)
|
||||
|
@ -320,26 +320,26 @@ static enumerator_t *create_peer_cfg_enumerator(private_backend_manager_t *this,
|
|||
peer_data_t *data;
|
||||
peer_cfg_t *cfg;
|
||||
linked_list_t *configs, *helper;
|
||||
|
||||
|
||||
data = malloc_thing(peer_data_t);
|
||||
data->lock = this->lock;
|
||||
data->me = my_id;
|
||||
data->other = other_id;
|
||||
|
||||
|
||||
/* create a sorted list with all matches */
|
||||
this->lock->read_lock(this->lock);
|
||||
enumerator = enumerator_create_nested(
|
||||
this->backends->create_enumerator(this->backends),
|
||||
(void*)peer_enum_create, data, (void*)peer_enum_destroy);
|
||||
|
||||
|
||||
if (!me && !other && !my_id && !other_id)
|
||||
{ /* shortcut if we are doing a "listall" */
|
||||
return enumerator;
|
||||
}
|
||||
|
||||
|
||||
DBG1(DBG_CFG, "looking for peer configs matching %H[%Y]...%H[%Y]",
|
||||
me, my_id, other, other_id);
|
||||
|
||||
|
||||
configs = linked_list_create();
|
||||
/* only once allocated helper list for sorting */
|
||||
helper = linked_list_create();
|
||||
|
@ -348,16 +348,16 @@ static enumerator_t *create_peer_cfg_enumerator(private_backend_manager_t *this,
|
|||
id_match_t match_peer_me, match_peer_other;
|
||||
ike_cfg_match_t match_ike;
|
||||
match_entry_t *entry;
|
||||
|
||||
|
||||
match_peer_me = get_peer_match(my_id, cfg, TRUE);
|
||||
match_peer_other = get_peer_match(other_id, cfg, FALSE);
|
||||
match_ike = get_ike_match(cfg->get_ike_cfg(cfg), me, other);
|
||||
|
||||
|
||||
if (match_peer_me && match_peer_other && match_ike)
|
||||
{
|
||||
DBG2(DBG_CFG, " candidate \"%s\", match: %d/%d/%d (me/other/ike)",
|
||||
cfg->get_name(cfg), match_peer_me, match_peer_other, match_ike);
|
||||
|
||||
|
||||
entry = malloc_thing(match_entry_t);
|
||||
entry->match_peer = match_peer_me + match_peer_other;
|
||||
entry->match_ike = match_ike;
|
||||
|
@ -367,7 +367,7 @@ static enumerator_t *create_peer_cfg_enumerator(private_backend_manager_t *this,
|
|||
}
|
||||
enumerator->destroy(enumerator);
|
||||
helper->destroy(helper);
|
||||
|
||||
|
||||
return enumerator_create_filter(configs->create_enumerator(configs),
|
||||
(void*)peer_enum_filter, configs,
|
||||
(void*)peer_enum_filter_destroy);
|
||||
|
@ -375,13 +375,13 @@ static enumerator_t *create_peer_cfg_enumerator(private_backend_manager_t *this,
|
|||
|
||||
/**
|
||||
* implements backend_manager_t.get_peer_cfg_by_name.
|
||||
*/
|
||||
*/
|
||||
static peer_cfg_t *get_peer_cfg_by_name(private_backend_manager_t *this, char *name)
|
||||
{
|
||||
backend_t *backend;
|
||||
peer_cfg_t *config = NULL;
|
||||
enumerator_t *enumerator;
|
||||
|
||||
|
||||
this->lock->read_lock(this->lock);
|
||||
enumerator = this->backends->create_enumerator(this->backends);
|
||||
while (config == NULL && enumerator->enumerate(enumerator, (void**)&backend))
|
||||
|
@ -429,17 +429,17 @@ static void destroy(private_backend_manager_t *this)
|
|||
backend_manager_t *backend_manager_create()
|
||||
{
|
||||
private_backend_manager_t *this = malloc_thing(private_backend_manager_t);
|
||||
|
||||
|
||||
this->public.get_ike_cfg = (ike_cfg_t* (*)(backend_manager_t*, host_t*, host_t*))get_ike_cfg;
|
||||
this->public.get_peer_cfg_by_name = (peer_cfg_t* (*)(backend_manager_t*,char*))get_peer_cfg_by_name;
|
||||
this->public.create_peer_cfg_enumerator = (enumerator_t* (*)(backend_manager_t*,host_t*,host_t*,identification_t*,identification_t*))create_peer_cfg_enumerator;
|
||||
this->public.add_backend = (void(*)(backend_manager_t*, backend_t *backend))add_backend;
|
||||
this->public.remove_backend = (void(*)(backend_manager_t*, backend_t *backend))remove_backend;
|
||||
this->public.destroy = (void (*)(backend_manager_t*))destroy;
|
||||
|
||||
|
||||
this->backends = linked_list_create();
|
||||
this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT);
|
||||
|
||||
|
||||
return &this->public;
|
||||
}
|
||||
|
||||
|
|
|
@ -46,11 +46,11 @@ typedef struct backend_manager_t backend_manager_t;
|
|||
| |----->| | +--------------+ |
|
||||
| | | | |
|
||||
+---------+ +-----------+ |
|
||||
|
||||
|
||||
@endverbatim
|
||||
*/
|
||||
struct backend_manager_t {
|
||||
|
||||
|
||||
/**
|
||||
* Get an ike_config identified by two hosts.
|
||||
*
|
||||
|
@ -58,9 +58,9 @@ struct backend_manager_t {
|
|||
* @param other_host address of remote host
|
||||
* @return matching ike_config, or NULL if none found
|
||||
*/
|
||||
ike_cfg_t* (*get_ike_cfg)(backend_manager_t *this,
|
||||
ike_cfg_t* (*get_ike_cfg)(backend_manager_t *this,
|
||||
host_t *my_host, host_t *other_host);
|
||||
|
||||
|
||||
/**
|
||||
* Get a peer_config identified by it's name.
|
||||
*
|
||||
|
@ -68,7 +68,7 @@ struct backend_manager_t {
|
|||
* @return matching peer_config, or NULL if none found
|
||||
*/
|
||||
peer_cfg_t* (*get_peer_cfg_by_name)(backend_manager_t *this, char *name);
|
||||
|
||||
|
||||
/**
|
||||
* Create an enumerator over all matching peer configs.
|
||||
*
|
||||
|
@ -90,14 +90,14 @@ struct backend_manager_t {
|
|||
* @param backend backend to register
|
||||
*/
|
||||
void (*add_backend)(backend_manager_t *this, backend_t *backend);
|
||||
|
||||
|
||||
/**
|
||||
* Unregister a backend.
|
||||
*
|
||||
* @param backend backend to unregister
|
||||
*/
|
||||
void (*remove_backend)(backend_manager_t *this, backend_t *backend);
|
||||
|
||||
|
||||
/**
|
||||
* Destroys a backend_manager_t object.
|
||||
*/
|
||||
|
|
|
@ -25,7 +25,7 @@ ENUM(action_names, ACTION_NONE, ACTION_RESTART,
|
|||
"restart",
|
||||
);
|
||||
|
||||
ENUM_BEGIN(ipcomp_transform_names, IPCOMP_NONE, IPCOMP_NONE,
|
||||
ENUM_BEGIN(ipcomp_transform_names, IPCOMP_NONE, IPCOMP_NONE,
|
||||
"IPCOMP_NONE");
|
||||
ENUM_NEXT(ipcomp_transform_names, IPCOMP_OUI, IPCOMP_LZJH, IPCOMP_NONE,
|
||||
"IPCOMP_OUI",
|
||||
|
@ -45,62 +45,62 @@ struct private_child_cfg_t {
|
|||
* Public part
|
||||
*/
|
||||
child_cfg_t public;
|
||||
|
||||
|
||||
/**
|
||||
* Number of references hold by others to this child_cfg
|
||||
*/
|
||||
refcount_t refcount;
|
||||
|
||||
|
||||
/**
|
||||
* Name of the child_cfg, used to query it
|
||||
*/
|
||||
char *name;
|
||||
|
||||
|
||||
/**
|
||||
* list for all proposals
|
||||
*/
|
||||
linked_list_t *proposals;
|
||||
|
||||
|
||||
/**
|
||||
* list for traffic selectors for my site
|
||||
*/
|
||||
linked_list_t *my_ts;
|
||||
|
||||
|
||||
/**
|
||||
* list for traffic selectors for others site
|
||||
*/
|
||||
linked_list_t *other_ts;
|
||||
|
||||
|
||||
/**
|
||||
* updown script
|
||||
*/
|
||||
char *updown;
|
||||
|
||||
|
||||
/**
|
||||
* allow host access
|
||||
*/
|
||||
bool hostaccess;
|
||||
|
||||
|
||||
/**
|
||||
* Mode to propose for a initiated CHILD: tunnel/transport
|
||||
*/
|
||||
ipsec_mode_t mode;
|
||||
|
||||
|
||||
/**
|
||||
* action to take on DPD
|
||||
*/
|
||||
action_t dpd_action;
|
||||
|
||||
|
||||
/**
|
||||
* action to take on CHILD_SA close
|
||||
*/
|
||||
action_t close_action;
|
||||
|
||||
|
||||
/**
|
||||
* CHILD_SA lifetime config
|
||||
*/
|
||||
lifetime_cfg_t lifetime;
|
||||
|
||||
|
||||
/**
|
||||
* enable IPComp
|
||||
*/
|
||||
|
@ -141,7 +141,7 @@ static linked_list_t* get_proposals(private_child_cfg_t *this, bool strip_dh)
|
|||
enumerator_t *enumerator;
|
||||
proposal_t *current;
|
||||
linked_list_t *proposals = linked_list_create();
|
||||
|
||||
|
||||
enumerator = this->proposals->create_enumerator(this->proposals);
|
||||
while (enumerator->enumerate(enumerator, ¤t))
|
||||
{
|
||||
|
@ -153,7 +153,7 @@ static linked_list_t* get_proposals(private_child_cfg_t *this, bool strip_dh)
|
|||
proposals->insert_last(proposals, current);
|
||||
}
|
||||
enumerator->destroy(enumerator);
|
||||
|
||||
|
||||
return proposals;
|
||||
}
|
||||
|
||||
|
@ -165,10 +165,10 @@ static proposal_t* select_proposal(private_child_cfg_t*this,
|
|||
{
|
||||
enumerator_t *stored_enum, *supplied_enum;
|
||||
proposal_t *stored, *supplied, *selected = NULL;
|
||||
|
||||
|
||||
stored_enum = this->proposals->create_enumerator(this->proposals);
|
||||
supplied_enum = proposals->create_enumerator(proposals);
|
||||
|
||||
|
||||
/* compare all stored proposals with all supplied. Stored ones are preferred. */
|
||||
while (stored_enum->enumerate(stored_enum, &stored))
|
||||
{
|
||||
|
@ -194,7 +194,7 @@ static proposal_t* select_proposal(private_child_cfg_t*this,
|
|||
break;
|
||||
}
|
||||
supplied_enum->destroy(supplied_enum);
|
||||
supplied_enum = proposals->create_enumerator(proposals);
|
||||
supplied_enum = proposals->create_enumerator(proposals);
|
||||
}
|
||||
stored_enum->destroy(stored_enum);
|
||||
supplied_enum->destroy(supplied_enum);
|
||||
|
@ -232,7 +232,7 @@ static linked_list_t* get_traffic_selectors(private_child_cfg_t *this, bool loca
|
|||
enumerator_t *e1, *e2;
|
||||
traffic_selector_t *ts1, *ts2, *selected;
|
||||
linked_list_t *result = linked_list_create();
|
||||
|
||||
|
||||
if (local)
|
||||
{
|
||||
e1 = this->my_ts->create_enumerator(this->my_ts);
|
||||
|
@ -241,11 +241,11 @@ static linked_list_t* get_traffic_selectors(private_child_cfg_t *this, bool loca
|
|||
{
|
||||
e1 = this->other_ts->create_enumerator(this->other_ts);
|
||||
}
|
||||
|
||||
|
||||
/* no list supplied, just fetch the stored traffic selectors */
|
||||
if (supplied == NULL)
|
||||
{
|
||||
DBG2(DBG_CFG, "proposing traffic selectors for %s:",
|
||||
DBG2(DBG_CFG, "proposing traffic selectors for %s:",
|
||||
local ? "us" : "other");
|
||||
while (e1->enumerate(e1, &ts1))
|
||||
{
|
||||
|
@ -262,7 +262,7 @@ static linked_list_t* get_traffic_selectors(private_child_cfg_t *this, bool loca
|
|||
}
|
||||
else
|
||||
{
|
||||
DBG2(DBG_CFG, "selecting traffic selectors for %s:",
|
||||
DBG2(DBG_CFG, "selecting traffic selectors for %s:",
|
||||
local ? "us" : "other");
|
||||
e2 = supplied->create_enumerator(supplied);
|
||||
/* iterate over all stored selectors */
|
||||
|
@ -274,7 +274,7 @@ static linked_list_t* get_traffic_selectors(private_child_cfg_t *this, bool loca
|
|||
{
|
||||
ts1->set_address(ts1, host);
|
||||
}
|
||||
|
||||
|
||||
/* iterate over all supplied traffic selectors */
|
||||
while (e2->enumerate(e2, &ts2))
|
||||
{
|
||||
|
@ -298,7 +298,7 @@ static linked_list_t* get_traffic_selectors(private_child_cfg_t *this, bool loca
|
|||
e1->destroy(e1);
|
||||
e2->destroy(e2);
|
||||
}
|
||||
|
||||
|
||||
/* remove any redundant traffic selectors in the list */
|
||||
e1 = result->create_enumerator(result);
|
||||
e2 = result->create_enumerator(result);
|
||||
|
@ -329,7 +329,7 @@ static linked_list_t* get_traffic_selectors(private_child_cfg_t *this, bool loca
|
|||
}
|
||||
e1->destroy(e1);
|
||||
e2->destroy(e2);
|
||||
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
|
@ -410,7 +410,7 @@ static diffie_hellman_group_t get_dh_group(private_child_cfg_t *this)
|
|||
enumerator_t *enumerator;
|
||||
proposal_t *proposal;
|
||||
u_int16_t dh_group = MODP_NONE;
|
||||
|
||||
|
||||
enumerator = this->proposals->create_enumerator(this->proposals);
|
||||
while (enumerator->enumerate(enumerator, &proposal))
|
||||
{
|
||||
|
@ -514,16 +514,16 @@ child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime,
|
|||
this->public.install_policy = (bool (*) (child_cfg_t *))install_policy;
|
||||
this->public.get_ref = (child_cfg_t* (*) (child_cfg_t*))get_ref;
|
||||
this->public.destroy = (void (*) (child_cfg_t*))destroy;
|
||||
|
||||
|
||||
this->name = strdup(name);
|
||||
this->updown = updown ? strdup(updown) : NULL;
|
||||
this->hostaccess = hostaccess;
|
||||
this->mode = mode;
|
||||
this->dpd_action = dpd_action;
|
||||
this->close_action = close_action;
|
||||
this->use_ipcomp = ipcomp;
|
||||
this->use_ipcomp = ipcomp;
|
||||
this->proxy_mode = FALSE;
|
||||
this->install_policy = TRUE;
|
||||
this->install_policy = TRUE;
|
||||
this->refcount = 1;
|
||||
this->proposals = linked_list_create();
|
||||
this->my_ts = linked_list_create();
|
||||
|
|
|
@ -88,68 +88,68 @@ struct lifetime_cfg_t {
|
|||
* After creation, proposals and traffic selectors may be added to the config.
|
||||
* A child_cfg object is referenced multiple times, and is not thread save.
|
||||
* Reading from the object is save, adding things is not allowed while other
|
||||
* threads may access the object.
|
||||
* threads may access the object.
|
||||
* A reference counter handles the number of references hold to this config.
|
||||
*
|
||||
* @see peer_cfg_t to get an overview over the configurations.
|
||||
*/
|
||||
struct child_cfg_t {
|
||||
|
||||
|
||||
/**
|
||||
* Get the name of the child_cfg.
|
||||
*
|
||||
*
|
||||
* @return child_cfg's name
|
||||
*/
|
||||
char *(*get_name) (child_cfg_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Add a proposal to the list.
|
||||
*
|
||||
* Add a proposal to the list.
|
||||
*
|
||||
* The proposals are stored by priority, first added
|
||||
* is the most prefered.
|
||||
* After add, proposal is owned by child_cfg.
|
||||
*
|
||||
*
|
||||
* @param proposal proposal to add
|
||||
*/
|
||||
void (*add_proposal) (child_cfg_t *this, proposal_t *proposal);
|
||||
|
||||
|
||||
/**
|
||||
* Get the list of proposals for the CHILD_SA.
|
||||
*
|
||||
* Resulting list and all of its proposals must be freed after use.
|
||||
*
|
||||
*
|
||||
* @param strip_dh TRUE strip out diffie hellman groups
|
||||
* @return list of proposals
|
||||
*/
|
||||
linked_list_t* (*get_proposals)(child_cfg_t *this, bool strip_dh);
|
||||
|
||||
|
||||
/**
|
||||
* Select a proposal from a supplied list.
|
||||
*
|
||||
* Returned propsal is newly created and must be destroyed after usage.
|
||||
*
|
||||
*
|
||||
* @param proposals list from from wich proposals are selected
|
||||
* @param strip_dh TRUE strip out diffie hellman groups
|
||||
* @return selected proposal, or NULL if nothing matches
|
||||
*/
|
||||
proposal_t* (*select_proposal)(child_cfg_t*this, linked_list_t *proposals,
|
||||
bool strip_dh);
|
||||
|
||||
|
||||
/**
|
||||
* Add a traffic selector to the config.
|
||||
*
|
||||
*
|
||||
* Use the "local" parameter to add it for the local or the remote side.
|
||||
* After add, traffic selector is owned by child_cfg.
|
||||
*
|
||||
*
|
||||
* @param local TRUE for local side, FALSE for remote
|
||||
* @param ts traffic_selector to add
|
||||
*/
|
||||
void (*add_traffic_selector)(child_cfg_t *this, bool local,
|
||||
traffic_selector_t *ts);
|
||||
|
||||
|
||||
/**
|
||||
* Get a list of traffic selectors to use for the CHILD_SA.
|
||||
*
|
||||
*
|
||||
* The config contains two set of traffic selectors, one for the local
|
||||
* side, one for the remote side.
|
||||
* If a list with traffic selectors is supplied, these are used to narrow
|
||||
|
@ -158,7 +158,7 @@ struct child_cfg_t {
|
|||
* to a specific address (host-to-host or virtual-IP setups). Use
|
||||
* the "host" parameter to narrow such traffic selectors to that address.
|
||||
* Resulted list and its traffic selectors must be destroyed after use.
|
||||
*
|
||||
*
|
||||
* @param local TRUE for TS on local side, FALSE for remote
|
||||
* @param supplied list with TS to select from, or NULL
|
||||
* @param host address to use for narrowing "dynamic" TS', or NULL
|
||||
|
@ -169,14 +169,14 @@ struct child_cfg_t {
|
|||
host_t *host);
|
||||
/**
|
||||
* Get the updown script to run for the CHILD_SA.
|
||||
*
|
||||
*
|
||||
* @return path to updown script
|
||||
*/
|
||||
char* (*get_updown)(child_cfg_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Should we allow access to the local host (gateway)?
|
||||
*
|
||||
*
|
||||
* @return value of hostaccess flag
|
||||
*/
|
||||
bool (*get_hostaccess) (child_cfg_t *this);
|
||||
|
@ -190,41 +190,41 @@ struct child_cfg_t {
|
|||
* @return lifetime_cfg_t (has to be freed)
|
||||
*/
|
||||
lifetime_cfg_t* (*get_lifetime) (child_cfg_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Get the mode to use for the CHILD_SA.
|
||||
*
|
||||
* The mode is either tunnel, transport or BEET. The peer must agree
|
||||
* on the method, fallback is tunnel mode.
|
||||
*
|
||||
*
|
||||
* @return ipsec mode
|
||||
*/
|
||||
ipsec_mode_t (*get_mode) (child_cfg_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Action to take on DPD.
|
||||
*
|
||||
* @return DPD action
|
||||
*/
|
||||
*/
|
||||
action_t (*get_dpd_action) (child_cfg_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Action to take if CHILD_SA gets closed.
|
||||
*
|
||||
* @return close action
|
||||
*/
|
||||
*/
|
||||
action_t (*get_close_action) (child_cfg_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Get the DH group to use for CHILD_SA setup.
|
||||
*
|
||||
*
|
||||
* @return dh group to use
|
||||
*/
|
||||
diffie_hellman_group_t (*get_dh_group)(child_cfg_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Check whether IPComp should be used, if the other peer supports it.
|
||||
*
|
||||
*
|
||||
* @return TRUE, if IPComp should be used
|
||||
* FALSE, otherwise
|
||||
*/
|
||||
|
@ -232,7 +232,7 @@ struct child_cfg_t {
|
|||
|
||||
/**
|
||||
* Sets two options needed for Mobile IPv6 interoperability
|
||||
*
|
||||
*
|
||||
* @param proxy_mode use IPsec transport proxy mode (default FALSE)
|
||||
* @param install_policy install IPsec kernel policies (default TRUE)
|
||||
*/
|
||||
|
@ -241,27 +241,27 @@ struct child_cfg_t {
|
|||
|
||||
/**
|
||||
* Check whether IPsec transport SA should be set up in proxy mode
|
||||
*
|
||||
*
|
||||
* @return TRUE, if proxy mode should be used
|
||||
* FALSE, otherwise
|
||||
*/
|
||||
bool (*use_proxy_mode)(child_cfg_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Check whether IPsec policies should be installed in the kernel
|
||||
*
|
||||
*
|
||||
* @return TRUE, if IPsec kernel policies should be installed
|
||||
* FALSE, otherwise
|
||||
*/
|
||||
bool (*install_policy)(child_cfg_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Increase the reference count.
|
||||
*
|
||||
* @return reference to this
|
||||
*/
|
||||
child_cfg_t* (*get_ref) (child_cfg_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Destroys the child_cfg object.
|
||||
*
|
||||
|
@ -273,7 +273,7 @@ struct child_cfg_t {
|
|||
|
||||
/**
|
||||
* Create a configuration template for CHILD_SA setup.
|
||||
*
|
||||
*
|
||||
* The "name" string gets cloned.
|
||||
*
|
||||
* The lifetime_cfg_t object gets cloned.
|
||||
|
@ -281,7 +281,7 @@ struct child_cfg_t {
|
|||
* specified. Rekeying of an SA starts at (x.rekey - random(0, x.jitter)).
|
||||
*
|
||||
* After a call to create, a reference is obtained (refcount = 1).
|
||||
*
|
||||
*
|
||||
* @param name name of the child_cfg
|
||||
* @param lifetime lifetime_cfg_t for this child_cfg
|
||||
* @param updown updown script to execute on up/down event
|
||||
|
|
|
@ -32,7 +32,7 @@ struct private_ike_cfg_t {
|
|||
* Public part
|
||||
*/
|
||||
ike_cfg_t public;
|
||||
|
||||
|
||||
/**
|
||||
* Number of references hold by others to this ike_cfg
|
||||
*/
|
||||
|
@ -45,19 +45,19 @@ struct private_ike_cfg_t {
|
|||
|
||||
/**
|
||||
* Address of remote host
|
||||
*/
|
||||
*/
|
||||
char *other;
|
||||
|
||||
|
||||
/**
|
||||
* should we send a certificate request?
|
||||
*/
|
||||
bool certreq;
|
||||
|
||||
|
||||
/**
|
||||
* enforce UDP encapsulation
|
||||
*/
|
||||
bool force_encap;
|
||||
|
||||
|
||||
/**
|
||||
* List of proposals to use
|
||||
*/
|
||||
|
@ -71,7 +71,7 @@ static bool send_certreq(private_ike_cfg_t *this)
|
|||
{
|
||||
return this->certreq;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Implementation of ike_cfg_t.force_encap.
|
||||
*/
|
||||
|
@ -112,7 +112,7 @@ static linked_list_t* get_proposals(private_ike_cfg_t *this)
|
|||
iterator_t *iterator;
|
||||
proposal_t *current;
|
||||
linked_list_t *proposals = linked_list_create();
|
||||
|
||||
|
||||
iterator = this->proposals->create_iterator(this->proposals, TRUE);
|
||||
while (iterator->iterate(iterator, (void**)¤t))
|
||||
{
|
||||
|
@ -120,10 +120,10 @@ static linked_list_t* get_proposals(private_ike_cfg_t *this)
|
|||
proposals->insert_last(proposals, (void*)current);
|
||||
}
|
||||
iterator->destroy(iterator);
|
||||
|
||||
|
||||
return proposals;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Implementation of ike_cfg_t.select_proposal.
|
||||
*/
|
||||
|
@ -132,16 +132,16 @@ static proposal_t *select_proposal(private_ike_cfg_t *this,
|
|||
{
|
||||
iterator_t *stored_iter, *supplied_iter;
|
||||
proposal_t *stored, *supplied, *selected;
|
||||
|
||||
|
||||
stored_iter = this->proposals->create_iterator(this->proposals, TRUE);
|
||||
supplied_iter = proposals->create_iterator(proposals, TRUE);
|
||||
|
||||
|
||||
|
||||
|
||||
/* compare all stored proposals with all supplied. Stored ones are preferred.*/
|
||||
while (stored_iter->iterate(stored_iter, (void**)&stored))
|
||||
{
|
||||
supplied_iter->reset(supplied_iter);
|
||||
|
||||
|
||||
while (supplied_iter->iterate(supplied_iter, (void**)&supplied))
|
||||
{
|
||||
selected = stored->select(stored, supplied);
|
||||
|
@ -162,7 +162,7 @@ static proposal_t *select_proposal(private_ike_cfg_t *this,
|
|||
supplied_iter->destroy(supplied_iter);
|
||||
DBG1(DBG_CFG, "received proposals: %#P", proposals);
|
||||
DBG1(DBG_CFG, "configured proposals: %#P", this->proposals);
|
||||
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
@ -174,7 +174,7 @@ static diffie_hellman_group_t get_dh_group(private_ike_cfg_t *this)
|
|||
enumerator_t *enumerator;
|
||||
proposal_t *proposal;
|
||||
u_int16_t dh_group = MODP_NONE;
|
||||
|
||||
|
||||
enumerator = this->proposals->create_enumerator(this->proposals);
|
||||
while (enumerator->enumerate(enumerator, &proposal))
|
||||
{
|
||||
|
@ -195,7 +195,7 @@ static bool equals(private_ike_cfg_t *this, private_ike_cfg_t *other)
|
|||
enumerator_t *e1, *e2;
|
||||
proposal_t *p1, *p2;
|
||||
bool eq = TRUE;
|
||||
|
||||
|
||||
if (this == other)
|
||||
{
|
||||
return TRUE;
|
||||
|
@ -260,7 +260,7 @@ ike_cfg_t *ike_cfg_create(bool certreq, bool force_encap,
|
|||
char *me, char *other)
|
||||
{
|
||||
private_ike_cfg_t *this = malloc_thing(private_ike_cfg_t);
|
||||
|
||||
|
||||
/* public functions */
|
||||
this->public.send_certreq = (bool(*)(ike_cfg_t*))send_certreq;
|
||||
this->public.force_encap = (bool (*) (ike_cfg_t *))force_encap_meth;
|
||||
|
@ -273,7 +273,7 @@ ike_cfg_t *ike_cfg_create(bool certreq, bool force_encap,
|
|||
this->public.equals = (bool(*)(ike_cfg_t*,ike_cfg_t*)) equals;
|
||||
this->public.get_ref = (ike_cfg_t*(*)(ike_cfg_t*))get_ref;
|
||||
this->public.destroy = (void(*)(ike_cfg_t*))destroy;
|
||||
|
||||
|
||||
/* private variables */
|
||||
this->refcount = 1;
|
||||
this->certreq = certreq;
|
||||
|
@ -281,6 +281,6 @@ ike_cfg_t *ike_cfg_create(bool certreq, bool force_encap,
|
|||
this->me = strdup(me);
|
||||
this->other = strdup(other);
|
||||
this->proposals = linked_list_create();
|
||||
|
||||
|
||||
return &this->public;
|
||||
}
|
||||
|
|
|
@ -37,71 +37,71 @@ typedef struct ike_cfg_t ike_cfg_t;
|
|||
* @see peer_cfg_t to get an overview over the configurations.
|
||||
*/
|
||||
struct ike_cfg_t {
|
||||
|
||||
|
||||
/**
|
||||
* Get own address.
|
||||
*
|
||||
*
|
||||
* @return string of address/DNS name
|
||||
*/
|
||||
char* (*get_my_addr) (ike_cfg_t *this);
|
||||
|
||||
/**
|
||||
* Get peers address.
|
||||
*
|
||||
*
|
||||
* @return string of address/DNS name
|
||||
*/
|
||||
char* (*get_other_addr) (ike_cfg_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Adds a proposal to the list.
|
||||
*
|
||||
*
|
||||
* The first added proposal has the highest priority, the last
|
||||
* added the lowest.
|
||||
*
|
||||
*
|
||||
* @param proposal proposal to add
|
||||
*/
|
||||
void (*add_proposal) (ike_cfg_t *this, proposal_t *proposal);
|
||||
|
||||
|
||||
/**
|
||||
* Returns a list of all supported proposals.
|
||||
*
|
||||
*
|
||||
* Returned list and its proposals must be destroyed after use.
|
||||
*
|
||||
*
|
||||
* @return list containing all the proposals
|
||||
*/
|
||||
linked_list_t* (*get_proposals) (ike_cfg_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Select a proposed from suggested proposals.
|
||||
*
|
||||
*
|
||||
* Returned proposal must be destroyed after use.
|
||||
*
|
||||
*
|
||||
* @param proposals list of proposals to select from
|
||||
* @return selected proposal, or NULL if none matches.
|
||||
*/
|
||||
proposal_t *(*select_proposal) (ike_cfg_t *this, linked_list_t *proposals);
|
||||
|
||||
|
||||
/**
|
||||
* Should we send a certificate request in IKE_SA_INIT?
|
||||
*
|
||||
* @return certificate request sending policy
|
||||
*/
|
||||
bool (*send_certreq) (ike_cfg_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Enforce UDP encapsulation by faking NATD notifies?
|
||||
*
|
||||
*
|
||||
* @return TRUE to enfoce UDP encapsulation
|
||||
*/
|
||||
bool (*force_encap) (ike_cfg_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Get the DH group to use for IKE_SA setup.
|
||||
*
|
||||
*
|
||||
* @return dh group to use for initialization
|
||||
*/
|
||||
diffie_hellman_group_t (*get_dh_group)(ike_cfg_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Check if two IKE configs are equal.
|
||||
*
|
||||
|
@ -109,17 +109,17 @@ struct ike_cfg_t {
|
|||
* @return TRUE if other equal to this
|
||||
*/
|
||||
bool (*equals)(ike_cfg_t *this, ike_cfg_t *other);
|
||||
|
||||
|
||||
/**
|
||||
* Increase reference count.
|
||||
*
|
||||
* @return reference to this
|
||||
*/
|
||||
ike_cfg_t* (*get_ref) (ike_cfg_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Destroys a ike_cfg_t object.
|
||||
*
|
||||
*
|
||||
* Decrements the internal reference counter and
|
||||
* destroys the ike_cfg when it reaches zero.
|
||||
*/
|
||||
|
@ -137,7 +137,7 @@ struct ike_cfg_t {
|
|||
* @param other address/DNS name of remote peer
|
||||
* @return ike_cfg_t object.
|
||||
*/
|
||||
ike_cfg_t *ike_cfg_create(bool certreq, bool force_encap,
|
||||
ike_cfg_t *ike_cfg_create(bool certreq, bool force_encap,
|
||||
char *me, char *other);
|
||||
|
||||
#endif /** IKE_CFG_H_ @}*/
|
||||
|
|
|
@ -48,113 +48,113 @@ struct private_peer_cfg_t {
|
|||
* Public part
|
||||
*/
|
||||
peer_cfg_t public;
|
||||
|
||||
|
||||
/**
|
||||
* Number of references hold by others to this peer_cfg
|
||||
*/
|
||||
refcount_t refcount;
|
||||
|
||||
|
||||
/**
|
||||
* Name of the peer_cfg, used to query it
|
||||
*/
|
||||
char *name;
|
||||
|
||||
|
||||
/**
|
||||
* IKE version to use for initiation
|
||||
*/
|
||||
u_int ike_version;
|
||||
|
||||
|
||||
/**
|
||||
* IKE config associated to this peer config
|
||||
*/
|
||||
ike_cfg_t *ike_cfg;
|
||||
|
||||
|
||||
/**
|
||||
* list of child configs associated to this peer config
|
||||
*/
|
||||
linked_list_t *child_cfgs;
|
||||
|
||||
|
||||
/**
|
||||
* mutex to lock access to list of child_cfgs
|
||||
*/
|
||||
mutex_t *mutex;
|
||||
|
||||
|
||||
/**
|
||||
* should we send a certificate
|
||||
*/
|
||||
cert_policy_t cert_policy;
|
||||
|
||||
|
||||
/**
|
||||
* uniqueness of an IKE_SA
|
||||
*/
|
||||
unique_policy_t unique;
|
||||
|
||||
|
||||
/**
|
||||
* number of tries after giving up if peer does not respond
|
||||
*/
|
||||
u_int32_t keyingtries;
|
||||
|
||||
|
||||
/**
|
||||
* enable support for MOBIKE
|
||||
*/
|
||||
bool use_mobike;
|
||||
|
||||
|
||||
/**
|
||||
* Time before starting rekeying
|
||||
*/
|
||||
u_int32_t rekey_time;
|
||||
|
||||
|
||||
/**
|
||||
* Time before starting reauthentication
|
||||
*/
|
||||
u_int32_t reauth_time;
|
||||
|
||||
|
||||
/**
|
||||
* Time, which specifies the range of a random value substracted from above.
|
||||
*/
|
||||
u_int32_t jitter_time;
|
||||
|
||||
|
||||
/**
|
||||
* Delay before deleting a rekeying/reauthenticating SA
|
||||
*/
|
||||
u_int32_t over_time;
|
||||
|
||||
|
||||
/**
|
||||
* DPD check intervall
|
||||
*/
|
||||
u_int32_t dpd;
|
||||
|
||||
|
||||
/**
|
||||
* virtual IP to use locally
|
||||
*/
|
||||
host_t *virtual_ip;
|
||||
|
||||
|
||||
/**
|
||||
* pool to acquire configuration attributes from
|
||||
*/
|
||||
char *pool;
|
||||
|
||||
|
||||
/**
|
||||
* local authentication configs (rulesets)
|
||||
*/
|
||||
linked_list_t *local_auth;
|
||||
|
||||
|
||||
/**
|
||||
* remote authentication configs (constraints)
|
||||
*/
|
||||
linked_list_t *remote_auth;
|
||||
|
||||
|
||||
#ifdef ME
|
||||
/**
|
||||
* Is this a mediation connection?
|
||||
*/
|
||||
bool mediation;
|
||||
|
||||
|
||||
/**
|
||||
* Name of the mediation connection to mediate through
|
||||
*/
|
||||
peer_cfg_t *mediated_by;
|
||||
|
||||
|
||||
/**
|
||||
* ID of our peer at the mediation server (= leftid of the peer's conn with
|
||||
* the mediation server)
|
||||
|
@ -239,12 +239,12 @@ static bool child_cfg_enumerate(child_cfg_enumerator_t *this, child_cfg_t **chd)
|
|||
static enumerator_t* create_child_cfg_enumerator(private_peer_cfg_t *this)
|
||||
{
|
||||
child_cfg_enumerator_t *enumerator = malloc_thing(child_cfg_enumerator_t);
|
||||
|
||||
|
||||
enumerator->public.enumerate = (void*)child_cfg_enumerate;
|
||||
enumerator->public.destroy = (void*)child_cfg_enumerator_destroy;
|
||||
enumerator->mutex = this->mutex;
|
||||
enumerator->wrapped = this->child_cfgs->create_enumerator(this->child_cfgs);
|
||||
|
||||
|
||||
this->mutex->lock(this->mutex);
|
||||
return &enumerator->public;
|
||||
}
|
||||
|
@ -259,13 +259,13 @@ static int get_ts_match(child_cfg_t *cfg, bool local,
|
|||
enumerator_t *sup_enum, *cfg_enum;
|
||||
traffic_selector_t *sup_ts, *cfg_ts;
|
||||
int match = 0, round;
|
||||
|
||||
|
||||
/* fetch configured TS list, narrowing dynamic TS */
|
||||
cfg_list = cfg->get_traffic_selectors(cfg, local, NULL, host);
|
||||
|
||||
|
||||
/* use a round counter to rate leading TS with higher priority */
|
||||
round = sup_list->get_count(sup_list);
|
||||
|
||||
|
||||
sup_enum = sup_list->create_enumerator(sup_list);
|
||||
while (sup_enum->enumerate(sup_enum, &sup_ts))
|
||||
{
|
||||
|
@ -286,9 +286,9 @@ static int get_ts_match(child_cfg_t *cfg, bool local,
|
|||
round--;
|
||||
}
|
||||
sup_enum->destroy(sup_enum);
|
||||
|
||||
|
||||
cfg_list->destroy_offset(cfg_list, offsetof(traffic_selector_t, destroy));
|
||||
|
||||
|
||||
return match;
|
||||
}
|
||||
|
||||
|
@ -303,16 +303,16 @@ static child_cfg_t* select_child_cfg(private_peer_cfg_t *this,
|
|||
child_cfg_t *current, *found = NULL;
|
||||
enumerator_t *enumerator;
|
||||
int best = 0;
|
||||
|
||||
|
||||
DBG2(DBG_CFG, "looking for a child config for %#R=== %#R", my_ts, other_ts);
|
||||
enumerator = create_child_cfg_enumerator(this);
|
||||
while (enumerator->enumerate(enumerator, ¤t))
|
||||
{
|
||||
int my_prio, other_prio;
|
||||
|
||||
|
||||
my_prio = get_ts_match(current, TRUE, my_ts, my_host);
|
||||
other_prio = get_ts_match(current, FALSE, other_ts, other_host);
|
||||
|
||||
|
||||
if (my_prio && other_prio)
|
||||
{
|
||||
DBG2(DBG_CFG, " candidate \"%s\" with prio %d+%d",
|
||||
|
@ -421,7 +421,7 @@ static host_t* get_virtual_ip(private_peer_cfg_t *this)
|
|||
{
|
||||
return this->virtual_ip;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Implementation of peer_cfg_t.get_pool.
|
||||
*/
|
||||
|
@ -493,7 +493,7 @@ static bool auth_cfg_equal(private_peer_cfg_t *this, private_peer_cfg_t *other)
|
|||
enumerator_t *e1, *e2;
|
||||
auth_cfg_t *cfg1, *cfg2;
|
||||
bool equal = TRUE;
|
||||
|
||||
|
||||
if (this->local_auth->get_count(this->local_auth) !=
|
||||
other->local_auth->get_count(other->local_auth))
|
||||
{
|
||||
|
@ -504,7 +504,7 @@ static bool auth_cfg_equal(private_peer_cfg_t *this, private_peer_cfg_t *other)
|
|||
{
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
|
||||
e1 = this->local_auth->create_enumerator(this->local_auth);
|
||||
e2 = other->local_auth->create_enumerator(other->local_auth);
|
||||
while (e1->enumerate(e1, &cfg1) && e2->enumerate(e2, &cfg2))
|
||||
|
@ -517,12 +517,12 @@ static bool auth_cfg_equal(private_peer_cfg_t *this, private_peer_cfg_t *other)
|
|||
}
|
||||
e1->destroy(e1);
|
||||
e2->destroy(e2);
|
||||
|
||||
|
||||
if (!equal)
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
|
||||
e1 = this->remote_auth->create_enumerator(this->remote_auth);
|
||||
e2 = other->remote_auth->create_enumerator(other->remote_auth);
|
||||
while (e1->enumerate(e1, &cfg1) && e2->enumerate(e2, &cfg2))
|
||||
|
@ -535,7 +535,7 @@ static bool auth_cfg_equal(private_peer_cfg_t *this, private_peer_cfg_t *other)
|
|||
}
|
||||
e1->destroy(e1);
|
||||
e2->destroy(e2);
|
||||
|
||||
|
||||
return equal;
|
||||
}
|
||||
|
||||
|
@ -552,7 +552,7 @@ static bool equals(private_peer_cfg_t *this, private_peer_cfg_t *other)
|
|||
{
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
|
||||
return (
|
||||
this->ike_version == other->ike_version &&
|
||||
this->cert_policy == other->cert_policy &&
|
||||
|
@ -657,7 +657,7 @@ peer_cfg_t *peer_cfg_create(char *name, u_int ike_version, ike_cfg_t *ike_cfg,
|
|||
this->public.get_mediated_by = (peer_cfg_t* (*) (peer_cfg_t *))get_mediated_by;
|
||||
this->public.get_peer_id = (identification_t* (*) (peer_cfg_t *))get_peer_id;
|
||||
#endif /* ME */
|
||||
|
||||
|
||||
/* apply init values */
|
||||
this->name = strdup(name);
|
||||
this->ike_version = ike_version;
|
||||
|
|
|
@ -114,7 +114,7 @@ extern enum_name_t *unique_policy_names;
|
|||
* to gain access to the configuration.
|
||||
*/
|
||||
struct peer_cfg_t {
|
||||
|
||||
|
||||
/**
|
||||
* Get the name of the peer_cfg.
|
||||
*
|
||||
|
@ -123,42 +123,42 @@ struct peer_cfg_t {
|
|||
* @return peer_cfg's name
|
||||
*/
|
||||
char* (*get_name) (peer_cfg_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Get the IKE version to use for initiating.
|
||||
*
|
||||
* @return IKE major version
|
||||
*/
|
||||
u_int (*get_ike_version)(peer_cfg_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Get the IKE config to use for initiaton.
|
||||
*
|
||||
* @return the IKE config to use
|
||||
*/
|
||||
ike_cfg_t* (*get_ike_cfg) (peer_cfg_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Attach a CHILD config.
|
||||
*
|
||||
* @param child_cfg CHILD config to add
|
||||
*/
|
||||
void (*add_child_cfg) (peer_cfg_t *this, child_cfg_t *child_cfg);
|
||||
|
||||
|
||||
/**
|
||||
* Detach a CHILD config, pointed to by an enumerator.
|
||||
*
|
||||
* @param enumerator enumerator indicating element position
|
||||
*/
|
||||
void (*remove_child_cfg)(peer_cfg_t *this, enumerator_t *enumerator);
|
||||
|
||||
|
||||
/**
|
||||
* Create an enumerator for all attached CHILD configs.
|
||||
*
|
||||
* @return an enumerator over all CHILD configs.
|
||||
*/
|
||||
enumerator_t* (*create_child_cfg_enumerator) (peer_cfg_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Select a CHILD config from traffic selectors.
|
||||
*
|
||||
|
@ -171,7 +171,7 @@ struct peer_cfg_t {
|
|||
child_cfg_t* (*select_child_cfg) (peer_cfg_t *this, linked_list_t *my_ts,
|
||||
linked_list_t *other_ts, host_t *my_host,
|
||||
host_t *other_host);
|
||||
|
||||
|
||||
/**
|
||||
* Add an authentication config to the peer configuration.
|
||||
*
|
||||
|
@ -179,7 +179,7 @@ struct peer_cfg_t {
|
|||
* @param local TRUE for local rules, FALSE for remote constraints
|
||||
*/
|
||||
void (*add_auth_cfg)(peer_cfg_t *this, auth_cfg_t *cfg, bool local);
|
||||
|
||||
|
||||
/**
|
||||
* Create an enumerator over registered authentication configs.
|
||||
*
|
||||
|
@ -201,49 +201,49 @@ struct peer_cfg_t {
|
|||
* @return unique policy
|
||||
*/
|
||||
unique_policy_t (*get_unique_policy) (peer_cfg_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Get the max number of retries after timeout.
|
||||
*
|
||||
* @return max number retries
|
||||
*/
|
||||
u_int32_t (*get_keyingtries) (peer_cfg_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Get a time to start rekeying (is randomized with jitter).
|
||||
*
|
||||
* @return time in s when to start rekeying, 0 disables rekeying
|
||||
*/
|
||||
u_int32_t (*get_rekey_time)(peer_cfg_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Get a time to start reauthentication (is randomized with jitter).
|
||||
*
|
||||
* @return time in s when to start reauthentication, 0 disables it
|
||||
*/
|
||||
u_int32_t (*get_reauth_time)(peer_cfg_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Get the timeout of a rekeying/reauthenticating SA.
|
||||
*
|
||||
* @return timeout in s
|
||||
*/
|
||||
u_int32_t (*get_over_time)(peer_cfg_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Use MOBIKE (RFC4555) if peer supports it?
|
||||
*
|
||||
* @return TRUE to enable MOBIKE support
|
||||
*/
|
||||
bool (*use_mobike) (peer_cfg_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Get the DPD check interval.
|
||||
*
|
||||
* @return dpd_delay in seconds
|
||||
*/
|
||||
u_int32_t (*get_dpd) (peer_cfg_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Get a virtual IP for the local peer.
|
||||
*
|
||||
|
@ -255,14 +255,14 @@ struct peer_cfg_t {
|
|||
* @return virtual IP, %any or NULL
|
||||
*/
|
||||
host_t* (*get_virtual_ip) (peer_cfg_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Get the name of the pool to acquire configuration attributes from.
|
||||
*
|
||||
* @return pool name, NULL if none defined
|
||||
*/
|
||||
char* (*get_pool)(peer_cfg_t *this);
|
||||
|
||||
|
||||
#ifdef ME
|
||||
/**
|
||||
* Is this a mediation connection?
|
||||
|
@ -270,14 +270,14 @@ struct peer_cfg_t {
|
|||
* @return TRUE, if this is a mediation connection
|
||||
*/
|
||||
bool (*is_mediation) (peer_cfg_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Get peer_cfg of the connection this one is mediated through.
|
||||
*
|
||||
* @return the peer_cfg of the mediation connection
|
||||
*/
|
||||
peer_cfg_t* (*get_mediated_by) (peer_cfg_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Get the id of the other peer at the mediation server.
|
||||
*
|
||||
|
@ -300,14 +300,14 @@ struct peer_cfg_t {
|
|||
* @return TRUE if peer_cfg and ike_cfg are equal
|
||||
*/
|
||||
bool (*equals)(peer_cfg_t *this, peer_cfg_t *other);
|
||||
|
||||
|
||||
/**
|
||||
* Increase reference count.
|
||||
*
|
||||
* @return reference to this
|
||||
*/
|
||||
peer_cfg_t* (*get_ref) (peer_cfg_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Destroys the peer_cfg object.
|
||||
*
|
||||
|
|
|
@ -52,52 +52,52 @@ struct private_proposal_t {
|
|||
* Public part
|
||||
*/
|
||||
proposal_t public;
|
||||
|
||||
|
||||
/**
|
||||
* protocol (ESP or AH)
|
||||
*/
|
||||
protocol_id_t protocol;
|
||||
|
||||
|
||||
/**
|
||||
* priority ordered list of encryption algorithms
|
||||
*/
|
||||
linked_list_t *encryption_algos;
|
||||
|
||||
|
||||
/**
|
||||
* priority ordered list of integrity algorithms
|
||||
*/
|
||||
linked_list_t *integrity_algos;
|
||||
|
||||
|
||||
/**
|
||||
* priority ordered list of pseudo random functions
|
||||
*/
|
||||
linked_list_t *prf_algos;
|
||||
|
||||
|
||||
/**
|
||||
* priority ordered list of dh groups
|
||||
*/
|
||||
linked_list_t *dh_groups;
|
||||
|
||||
|
||||
/**
|
||||
* priority ordered list of extended sequence number flags
|
||||
*/
|
||||
linked_list_t *esns;
|
||||
|
||||
/**
|
||||
|
||||
/**
|
||||
* senders SPI
|
||||
*/
|
||||
u_int64_t spi;
|
||||
};
|
||||
|
||||
/**
|
||||
* Struct used to store different kinds of algorithms.
|
||||
* Struct used to store different kinds of algorithms.
|
||||
*/
|
||||
struct algorithm_t {
|
||||
/**
|
||||
* Value from an encryption_algorithm_t/integrity_algorithm_t/...
|
||||
*/
|
||||
u_int16_t algorithm;
|
||||
|
||||
|
||||
/**
|
||||
* the associated key size in bits, or zero if not needed
|
||||
*/
|
||||
|
@ -110,7 +110,7 @@ struct algorithm_t {
|
|||
static void add_algo(linked_list_t *list, u_int16_t algo, u_int16_t key_size)
|
||||
{
|
||||
algorithm_t *algo_key;
|
||||
|
||||
|
||||
algo_key = malloc_thing(algorithm_t);
|
||||
algo_key->algorithm = algo;
|
||||
algo_key->key_size = key_size;
|
||||
|
@ -200,7 +200,7 @@ static bool get_algorithm(private_proposal_t *this, transform_type_t type,
|
|||
{
|
||||
enumerator_t *enumerator;
|
||||
bool found = FALSE;
|
||||
|
||||
|
||||
enumerator = create_enumerator(this, type);
|
||||
if (enumerator->enumerate(enumerator, alg, key_size))
|
||||
{
|
||||
|
@ -216,12 +216,12 @@ static bool get_algorithm(private_proposal_t *this, transform_type_t type,
|
|||
static bool has_dh_group(private_proposal_t *this, diffie_hellman_group_t group)
|
||||
{
|
||||
bool result = FALSE;
|
||||
|
||||
|
||||
if (this->dh_groups->get_count(this->dh_groups))
|
||||
{
|
||||
algorithm_t *current;
|
||||
enumerator_t *enumerator;
|
||||
|
||||
|
||||
enumerator = this->dh_groups->create_enumerator(this->dh_groups);
|
||||
while (enumerator->enumerate(enumerator, (void**)¤t))
|
||||
{
|
||||
|
@ -246,7 +246,7 @@ static bool has_dh_group(private_proposal_t *this, diffie_hellman_group_t group)
|
|||
static void strip_dh(private_proposal_t *this)
|
||||
{
|
||||
algorithm_t *alg;
|
||||
|
||||
|
||||
while (this->dh_groups->remove_last(this->dh_groups, (void**)&alg) == SUCCESS)
|
||||
{
|
||||
free(alg);
|
||||
|
@ -282,14 +282,14 @@ static bool select_algo(linked_list_t *first, linked_list_t *second, bool *add,
|
|||
{
|
||||
enumerator_t *e1, *e2;
|
||||
algorithm_t *alg1, *alg2;
|
||||
|
||||
|
||||
/* if in both are zero algorithms specified, we HAVE a match */
|
||||
if (first->get_count(first) == 0 && second->get_count(second) == 0)
|
||||
{
|
||||
*add = FALSE;
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
|
||||
e1 = first->create_enumerator(first);
|
||||
e2 = second->create_enumerator(second);
|
||||
/* compare algs, order of algs in "first" is preferred */
|
||||
|
@ -327,18 +327,18 @@ static proposal_t *select_proposal(private_proposal_t *this, private_proposal_t
|
|||
u_int16_t algo;
|
||||
size_t key_size;
|
||||
bool add;
|
||||
|
||||
|
||||
DBG2(DBG_CFG, "selecting proposal:");
|
||||
|
||||
|
||||
/* check protocol */
|
||||
if (this->protocol != other->protocol)
|
||||
{
|
||||
DBG2(DBG_CFG, " protocol mismatch, skipping");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
selected = proposal_create(this->protocol);
|
||||
|
||||
|
||||
/* select encryption algorithm */
|
||||
if (select_algo(this->encryption_algos, other->encryption_algos,
|
||||
&add, &algo, &key_size))
|
||||
|
@ -359,7 +359,7 @@ static proposal_t *select_proposal(private_proposal_t *this, private_proposal_t
|
|||
/* select integrity algorithm */
|
||||
if (!is_authenticated_encryption(algo))
|
||||
{
|
||||
if (select_algo(this->integrity_algos, other->integrity_algos,
|
||||
if (select_algo(this->integrity_algos, other->integrity_algos,
|
||||
&add, &algo, &key_size))
|
||||
{
|
||||
if (add)
|
||||
|
@ -424,10 +424,10 @@ static proposal_t *select_proposal(private_proposal_t *this, private_proposal_t
|
|||
return NULL;
|
||||
}
|
||||
DBG2(DBG_CFG, " proposal matches");
|
||||
|
||||
|
||||
/* apply SPI from "other" */
|
||||
selected->set_spi(selected, other->spi);
|
||||
|
||||
|
||||
/* everything matched, return new proposal */
|
||||
return selected;
|
||||
}
|
||||
|
@ -463,7 +463,7 @@ static void clone_algo_list(linked_list_t *list, linked_list_t *clone_list)
|
|||
{
|
||||
algorithm_t *algo, *clone_algo;
|
||||
enumerator_t *enumerator;
|
||||
|
||||
|
||||
enumerator = list->create_enumerator(list);
|
||||
while (enumerator->enumerate(enumerator, &algo))
|
||||
{
|
||||
|
@ -482,12 +482,12 @@ static bool algo_list_equals(linked_list_t *l1, linked_list_t *l2)
|
|||
enumerator_t *e1, *e2;
|
||||
algorithm_t *alg1, *alg2;
|
||||
bool equals = TRUE;
|
||||
|
||||
|
||||
if (l1->get_count(l1) != l2->get_count(l2))
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
|
||||
e1 = l1->create_enumerator(l1);
|
||||
e2 = l2->create_enumerator(l2);
|
||||
while (e1->enumerate(e1, &alg1) && e2->enumerate(e2, &alg2))
|
||||
|
@ -531,15 +531,15 @@ static bool equals(private_proposal_t *this, private_proposal_t *other)
|
|||
static proposal_t *clone_(private_proposal_t *this)
|
||||
{
|
||||
private_proposal_t *clone = (private_proposal_t*)proposal_create(this->protocol);
|
||||
|
||||
|
||||
clone_algo_list(this->encryption_algos, clone->encryption_algos);
|
||||
clone_algo_list(this->integrity_algos, clone->integrity_algos);
|
||||
clone_algo_list(this->prf_algos, clone->prf_algos);
|
||||
clone_algo_list(this->dh_groups, clone->dh_groups);
|
||||
clone_algo_list(this->esns, clone->esns);
|
||||
|
||||
|
||||
clone->spi = this->spi;
|
||||
|
||||
|
||||
return &clone->public;
|
||||
}
|
||||
|
||||
|
@ -551,7 +551,7 @@ static void check_proposal(private_proposal_t *this)
|
|||
enumerator_t *e;
|
||||
algorithm_t *alg;
|
||||
bool all_aead = TRUE;
|
||||
|
||||
|
||||
e = this->encryption_algos->create_enumerator(this->encryption_algos);
|
||||
while (e->enumerate(e, &alg))
|
||||
{
|
||||
|
@ -562,7 +562,7 @@ static void check_proposal(private_proposal_t *this)
|
|||
}
|
||||
}
|
||||
e->destroy(e);
|
||||
|
||||
|
||||
if (all_aead)
|
||||
{
|
||||
/* if all encryption algorithms in the proposal are authenticated encryption
|
||||
|
@ -613,7 +613,7 @@ static status_t add_string_algo(private_proposal_t *this, chunk_t alg)
|
|||
case AUTH_AES_XCBC_96:
|
||||
prf = PRF_AES128_XCBC;
|
||||
break;
|
||||
default:
|
||||
default:
|
||||
prf = PRF_UNDEFINED;
|
||||
}
|
||||
if (prf != PRF_UNDEFINED)
|
||||
|
@ -633,7 +633,7 @@ static int print_alg(private_proposal_t *this, char **dst, size_t *len,
|
|||
enumerator_t *enumerator;
|
||||
size_t written = 0;
|
||||
u_int16_t alg, size;
|
||||
|
||||
|
||||
enumerator = create_enumerator(this, kind);
|
||||
while (enumerator->enumerate(enumerator, &alg, &size))
|
||||
{
|
||||
|
@ -666,12 +666,12 @@ int proposal_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec,
|
|||
enumerator_t *enumerator;
|
||||
size_t written = 0;
|
||||
bool first = TRUE;
|
||||
|
||||
|
||||
if (this == NULL)
|
||||
{
|
||||
return print_in_hook(dst, len, "(null)");
|
||||
}
|
||||
|
||||
|
||||
if (spec->hash)
|
||||
{
|
||||
enumerator = list->create_enumerator(list);
|
||||
|
@ -690,7 +690,7 @@ int proposal_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec,
|
|||
enumerator->destroy(enumerator);
|
||||
return written;
|
||||
}
|
||||
|
||||
|
||||
written = print_in_hook(dst, len, "%N:", protocol_id_names, this->protocol);
|
||||
written += print_alg(this, &dst, &len, ENCRYPTION_ALGORITHM,
|
||||
encryption_algorithm_names, &first);
|
||||
|
@ -724,7 +724,7 @@ static void destroy(private_proposal_t *this)
|
|||
proposal_t *proposal_create(protocol_id_t protocol)
|
||||
{
|
||||
private_proposal_t *this = malloc_thing(private_proposal_t);
|
||||
|
||||
|
||||
this->public.add_algorithm = (void (*)(proposal_t*,transform_type_t,u_int16_t,u_int16_t))add_algorithm;
|
||||
this->public.create_enumerator = (enumerator_t* (*)(proposal_t*,transform_type_t))create_enumerator;
|
||||
this->public.get_algorithm = (bool (*)(proposal_t*,transform_type_t,u_int16_t*,u_int16_t*))get_algorithm;
|
||||
|
@ -737,16 +737,16 @@ proposal_t *proposal_create(protocol_id_t protocol)
|
|||
this->public.equals = (bool(*)(proposal_t*, proposal_t *other))equals;
|
||||
this->public.clone = (proposal_t*(*)(proposal_t*))clone_;
|
||||
this->public.destroy = (void(*)(proposal_t*))destroy;
|
||||
|
||||
|
||||
this->spi = 0;
|
||||
this->protocol = protocol;
|
||||
|
||||
|
||||
this->encryption_algos = linked_list_create();
|
||||
this->integrity_algos = linked_list_create();
|
||||
this->prf_algos = linked_list_create();
|
||||
this->dh_groups = linked_list_create();
|
||||
this->esns = linked_list_create();
|
||||
|
||||
|
||||
return &this->public;
|
||||
}
|
||||
|
||||
|
@ -760,7 +760,7 @@ static void proposal_add_supported_ike(private_proposal_t *this)
|
|||
integrity_algorithm_t integrity;
|
||||
pseudo_random_function_t prf;
|
||||
diffie_hellman_group_t group;
|
||||
|
||||
|
||||
enumerator = lib->crypto->create_crypter_enumerator(lib->crypto);
|
||||
while (enumerator->enumerate(enumerator, &encryption))
|
||||
{
|
||||
|
@ -787,10 +787,10 @@ static void proposal_add_supported_ike(private_proposal_t *this)
|
|||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
enumerator->destroy(enumerator);
|
||||
|
||||
|
||||
enumerator = lib->crypto->create_signer_enumerator(lib->crypto);
|
||||
while (enumerator->enumerate(enumerator, &integrity))
|
||||
{
|
||||
|
@ -806,10 +806,10 @@ static void proposal_add_supported_ike(private_proposal_t *this)
|
|||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
enumerator->destroy(enumerator);
|
||||
|
||||
|
||||
enumerator = lib->crypto->create_prf_enumerator(lib->crypto);
|
||||
while (enumerator->enumerate(enumerator, &prf))
|
||||
{
|
||||
|
@ -828,7 +828,7 @@ static void proposal_add_supported_ike(private_proposal_t *this)
|
|||
}
|
||||
}
|
||||
enumerator->destroy(enumerator);
|
||||
|
||||
|
||||
enumerator = lib->crypto->create_dh_enumerator(lib->crypto);
|
||||
while (enumerator->enumerate(enumerator, &group))
|
||||
{
|
||||
|
@ -865,7 +865,7 @@ static void proposal_add_supported_ike(private_proposal_t *this)
|
|||
proposal_t *proposal_create_default(protocol_id_t protocol)
|
||||
{
|
||||
private_proposal_t *this = (private_proposal_t*)proposal_create(protocol);
|
||||
|
||||
|
||||
switch (protocol)
|
||||
{
|
||||
case PROTO_IKE:
|
||||
|
@ -903,14 +903,14 @@ proposal_t *proposal_create_from_string(protocol_id_t protocol, const char *algs
|
|||
chunk_t string = {(void*)algs, strlen(algs)};
|
||||
chunk_t alg;
|
||||
status_t status = SUCCESS;
|
||||
|
||||
|
||||
eat_whitespace(&string);
|
||||
if (string.len < 1)
|
||||
{
|
||||
destroy(this);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
/* get all tokens, separated by '-' */
|
||||
while (extract_token(&alg, '-', &string))
|
||||
{
|
||||
|
@ -925,9 +925,9 @@ proposal_t *proposal_create_from_string(protocol_id_t protocol, const char *algs
|
|||
destroy(this);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
check_proposal(this);
|
||||
|
||||
|
||||
if (protocol == PROTO_AH || protocol == PROTO_ESP)
|
||||
{
|
||||
add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
|
||||
|
|
|
@ -65,17 +65,17 @@ extern enum_name_t *extended_sequence_numbers_names;
|
|||
|
||||
/**
|
||||
* Stores a set of algorithms used for an SA.
|
||||
*
|
||||
* A proposal stores algorithms for a specific
|
||||
*
|
||||
* A proposal stores algorithms for a specific
|
||||
* protocol. It can store algorithms for one protocol.
|
||||
* Proposals with multiple protocols are not supported,
|
||||
* as it's not specified in RFC4301 anymore.
|
||||
*/
|
||||
struct proposal_t {
|
||||
|
||||
|
||||
/**
|
||||
* Add an algorithm to the proposal.
|
||||
*
|
||||
*
|
||||
* The algorithms are stored by priority, first added
|
||||
* is the most preferred.
|
||||
* Key size is only needed for encryption algorithms
|
||||
|
@ -84,27 +84,27 @@ struct proposal_t {
|
|||
* The alg parameter accepts encryption_algorithm_t,
|
||||
* integrity_algorithm_t, dh_group_number_t and
|
||||
* extended_sequence_numbers_t.
|
||||
*
|
||||
*
|
||||
* @param type kind of algorithm
|
||||
* @param alg identifier for algorithm
|
||||
* @param key_size key size to use
|
||||
*/
|
||||
void (*add_algorithm) (proposal_t *this, transform_type_t type,
|
||||
u_int16_t alg, u_int16_t key_size);
|
||||
|
||||
|
||||
/**
|
||||
* Get an enumerator over algorithms for a specifc algo type.
|
||||
*
|
||||
*
|
||||
* @param type kind of algorithm
|
||||
* @return enumerator over u_int16_t alg, u_int16_t key_size
|
||||
*/
|
||||
enumerator_t *(*create_enumerator) (proposal_t *this, transform_type_t type);
|
||||
|
||||
|
||||
/**
|
||||
* Get the algorithm for a type to use.
|
||||
*
|
||||
*
|
||||
* If there are multiple algorithms, only the first is returned.
|
||||
*
|
||||
*
|
||||
* @param type kind of algorithm
|
||||
* @param alg pointer which receives algorithm
|
||||
* @param key_size pointer which receives the key size
|
||||
|
@ -112,53 +112,53 @@ struct proposal_t {
|
|||
*/
|
||||
bool (*get_algorithm) (proposal_t *this, transform_type_t type,
|
||||
u_int16_t *alg, u_int16_t *key_size);
|
||||
|
||||
|
||||
/**
|
||||
* Check if the proposal has a specific DH group.
|
||||
*
|
||||
*
|
||||
* @param group group to check for
|
||||
* @return TRUE if algorithm included
|
||||
*/
|
||||
bool (*has_dh_group) (proposal_t *this, diffie_hellman_group_t group);
|
||||
|
||||
|
||||
/**
|
||||
* Strip DH groups from proposal to use it without PFS.
|
||||
*/
|
||||
void (*strip_dh)(proposal_t *this);
|
||||
void (*strip_dh)(proposal_t *this);
|
||||
|
||||
/**
|
||||
* Compare two proposal, and select a matching subset.
|
||||
*
|
||||
*
|
||||
* If the proposals are for the same protocols (AH/ESP), they are
|
||||
* compared. If they have at least one algorithm of each type
|
||||
* in common, a resulting proposal of this kind is created.
|
||||
*
|
||||
*
|
||||
* @param other proposal to compair agains
|
||||
* @return selected proposal, NULL if proposals don't match
|
||||
*/
|
||||
proposal_t *(*select) (proposal_t *this, proposal_t *other);
|
||||
|
||||
|
||||
/**
|
||||
* Get the protocol ID of the proposal.
|
||||
*
|
||||
* @return protocol of the proposal
|
||||
*/
|
||||
protocol_id_t (*get_protocol) (proposal_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Get the SPI of the proposal.
|
||||
*
|
||||
*
|
||||
* @return spi for proto
|
||||
*/
|
||||
u_int64_t (*get_spi) (proposal_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Set the SPI of the proposal.
|
||||
*
|
||||
*
|
||||
* @param spi spi to set for proto
|
||||
*/
|
||||
void (*set_spi) (proposal_t *this, u_int64_t spi);
|
||||
|
||||
|
||||
/**
|
||||
* Check for the eqality of two proposals.
|
||||
*
|
||||
|
@ -166,14 +166,14 @@ struct proposal_t {
|
|||
* @return TRUE if other equal to this
|
||||
*/
|
||||
bool (*equals)(proposal_t *this, proposal_t *other);
|
||||
|
||||
|
||||
/**
|
||||
* Clone a proposal.
|
||||
*
|
||||
*
|
||||
* @return clone of proposal
|
||||
*/
|
||||
proposal_t *(*clone) (proposal_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Destroys the proposal object.
|
||||
*/
|
||||
|
@ -214,7 +214,7 @@ proposal_t *proposal_create_from_string(protocol_id_t protocol, const char *algs
|
|||
/**
|
||||
* printf hook function for proposal_t.
|
||||
*
|
||||
* Arguments are:
|
||||
* Arguments are:
|
||||
* proposal_t *proposal
|
||||
* With the #-specifier, arguments are:
|
||||
* linked_list_t *list containing proposal_t*
|
||||
|
|
|
@ -42,24 +42,24 @@ struct private_traffic_selector_t {
|
|||
* Public part
|
||||
*/
|
||||
traffic_selector_t public;
|
||||
|
||||
|
||||
/**
|
||||
* Type of address
|
||||
*/
|
||||
ts_type_t type;
|
||||
|
||||
|
||||
/**
|
||||
* IP protocol (UDP, TCP, ICMP, ...)
|
||||
*/
|
||||
u_int8_t protocol;
|
||||
|
||||
|
||||
/**
|
||||
* narrow this traffic selector to hosts external ip
|
||||
* if set, from and to have no meaning until set_address() is called
|
||||
*/
|
||||
bool dynamic;
|
||||
|
||||
/**
|
||||
|
||||
/**
|
||||
* begin of address range, network order
|
||||
*/
|
||||
union {
|
||||
|
@ -70,7 +70,7 @@ struct private_traffic_selector_t {
|
|||
/** IPv6 address */
|
||||
u_int32_t from6[4];
|
||||
};
|
||||
|
||||
|
||||
/**
|
||||
* end of address range, network order
|
||||
*/
|
||||
|
@ -82,14 +82,14 @@ struct private_traffic_selector_t {
|
|||
/** IPv6 address */
|
||||
u_int32_t to6[4];
|
||||
};
|
||||
|
||||
|
||||
/**
|
||||
* begin of port range
|
||||
* begin of port range
|
||||
*/
|
||||
u_int16_t from_port;
|
||||
|
||||
|
||||
/**
|
||||
* end of port range
|
||||
* end of port range
|
||||
*/
|
||||
u_int16_t to_port;
|
||||
};
|
||||
|
@ -101,7 +101,7 @@ static void calc_range(private_traffic_selector_t *this, u_int8_t netbits)
|
|||
{
|
||||
int byte;
|
||||
size_t size = (this->type == TS_IPV4_ADDR_RANGE) ? 4 : 16;
|
||||
|
||||
|
||||
/* go through the from address, starting at the tail. While we
|
||||
* have not processed the bits belonging to the host, set them to 1 on
|
||||
* the to address. If we reach the bits for the net, copy them from "from". */
|
||||
|
@ -109,7 +109,7 @@ static void calc_range(private_traffic_selector_t *this, u_int8_t netbits)
|
|||
{
|
||||
u_char mask = 0x00;
|
||||
int shift;
|
||||
|
||||
|
||||
shift = (byte+1) * 8 - netbits;
|
||||
if (shift > 0)
|
||||
{
|
||||
|
@ -130,7 +130,7 @@ static u_int8_t calc_netbits(private_traffic_selector_t *this)
|
|||
{
|
||||
int byte, bit;
|
||||
size_t size = (this->type == TS_IPV4_ADDR_RANGE) ? 4 : 16;
|
||||
|
||||
|
||||
/* go trough all bits of the addresses, beginning in the front.
|
||||
* as long as they are equal, the subnet gets larger
|
||||
*/
|
||||
|
@ -169,12 +169,12 @@ int traffic_selector_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec
|
|||
bool has_ports;
|
||||
size_t written = 0;
|
||||
u_int32_t from[4], to[4];
|
||||
|
||||
|
||||
if (this == NULL)
|
||||
{
|
||||
return print_in_hook(dst, len, "(null)");
|
||||
}
|
||||
|
||||
|
||||
if (spec->hash)
|
||||
{
|
||||
iterator = list->create_iterator(list, TRUE);
|
||||
|
@ -186,11 +186,11 @@ int traffic_selector_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec
|
|||
iterator->destroy(iterator);
|
||||
return written;
|
||||
}
|
||||
|
||||
|
||||
memset(from, 0, sizeof(from));
|
||||
memset(to, 0xFF, sizeof(to));
|
||||
if (this->dynamic &&
|
||||
memeq(this->from, from, this->type == TS_IPV4_ADDR_RANGE ? 4 : 16) &&
|
||||
memeq(this->from, from, this->type == TS_IPV4_ADDR_RANGE ? 4 : 16) &&
|
||||
memeq(this->to, to, this->type == TS_IPV4_ADDR_RANGE ? 4 : 16))
|
||||
{
|
||||
written += print_in_hook(dst, len, "dynamic");
|
||||
|
@ -208,7 +208,7 @@ int traffic_selector_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec
|
|||
mask = calc_netbits(this);
|
||||
written += print_in_hook(dst, len, "%s/%d", addr_str, mask);
|
||||
}
|
||||
|
||||
|
||||
/* check if we have protocol and/or port selectors */
|
||||
has_proto = this->protocol != 0;
|
||||
has_ports = !(this->from_port == 0 && this->to_port == 0xFFFF);
|
||||
|
@ -235,7 +235,7 @@ int traffic_selector_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec
|
|||
written += print_in_hook(dst, len, "%d", this->protocol);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
if (has_proto && has_ports)
|
||||
{
|
||||
written += print_in_hook(dst, len, "/");
|
||||
|
@ -262,7 +262,7 @@ int traffic_selector_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec
|
|||
written += print_in_hook(dst, len, "%d-%d", this->from_port, this->to_port);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
written += print_in_hook(dst, len, "]");
|
||||
|
||||
return written;
|
||||
|
@ -281,7 +281,7 @@ static traffic_selector_t *get_subset(private_traffic_selector_t *this, private_
|
|||
u_int8_t protocol;
|
||||
size_t size;
|
||||
private_traffic_selector_t *new_ts;
|
||||
|
||||
|
||||
/* calculate the maximum port range allowed for both */
|
||||
from_port = max(this->from_port, other->from_port);
|
||||
to_port = min(this->to_port, other->to_port);
|
||||
|
@ -291,7 +291,7 @@ static traffic_selector_t *get_subset(private_traffic_selector_t *this, private_
|
|||
}
|
||||
/* select protocol, which is not zero */
|
||||
protocol = max(this->protocol, other->protocol);
|
||||
|
||||
|
||||
switch (this->type)
|
||||
{
|
||||
case TS_IPV4_ADDR_RANGE:
|
||||
|
@ -303,7 +303,7 @@ static traffic_selector_t *get_subset(private_traffic_selector_t *this, private_
|
|||
default:
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
/* get higher from-address */
|
||||
if (memcmp(this->from, other->from, size) > 0)
|
||||
{
|
||||
|
@ -327,14 +327,14 @@ static traffic_selector_t *get_subset(private_traffic_selector_t *this, private_
|
|||
{
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
/* we have a match in protocol, port, and address: return it... */
|
||||
new_ts = traffic_selector_create(protocol, this->type, from_port, to_port);
|
||||
new_ts->type = this->type;
|
||||
new_ts->dynamic = this->dynamic || other->dynamic;
|
||||
memcpy(new_ts->from, from, size);
|
||||
memcpy(new_ts->to, to, size);
|
||||
|
||||
|
||||
return &new_ts->public;
|
||||
}
|
||||
return NULL;
|
||||
|
@ -390,7 +390,7 @@ static chunk_t get_from_address(private_traffic_selector_t *this)
|
|||
return chunk_empty;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Implements traffic_selector_t.get_to_address.
|
||||
*/
|
||||
|
@ -406,7 +406,7 @@ static chunk_t get_to_address(private_traffic_selector_t *this)
|
|||
return chunk_empty;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Implements traffic_selector_t.get_from_port.
|
||||
*/
|
||||
|
@ -414,7 +414,7 @@ static u_int16_t get_from_port(private_traffic_selector_t *this)
|
|||
{
|
||||
return this->from_port;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Implements traffic_selector_t.get_to_port.
|
||||
*/
|
||||
|
@ -448,7 +448,7 @@ static bool is_host(private_traffic_selector_t *this, host_t *host)
|
|||
{
|
||||
chunk_t addr;
|
||||
int family = host->get_family(host);
|
||||
|
||||
|
||||
if ((family == AF_INET && this->type == TS_IPV4_ADDR_RANGE) ||
|
||||
(family == AF_INET6 && this->type == TS_IPV6_ADDR_RANGE))
|
||||
{
|
||||
|
@ -463,12 +463,12 @@ static bool is_host(private_traffic_selector_t *this, host_t *host)
|
|||
else
|
||||
{
|
||||
size_t length = (this->type == TS_IPV4_ADDR_RANGE) ? 4 : 16;
|
||||
|
||||
|
||||
if (this->dynamic)
|
||||
{
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
|
||||
if (memeq(this->from, this->to, length))
|
||||
{
|
||||
return TRUE;
|
||||
|
@ -494,7 +494,7 @@ static void set_address(private_traffic_selector_t *this, host_t *host)
|
|||
{
|
||||
this->type = host->get_family(host) == AF_INET ?
|
||||
TS_IPV4_ADDR_RANGE : TS_IPV6_ADDR_RANGE;
|
||||
|
||||
|
||||
if (host->is_anyaddr(host))
|
||||
{
|
||||
memset(this->from6, 0x00, sizeof(this->from6));
|
||||
|
@ -517,9 +517,9 @@ static bool is_contained_in(private_traffic_selector_t *this,
|
|||
{
|
||||
private_traffic_selector_t *subset;
|
||||
bool contained_in = FALSE;
|
||||
|
||||
|
||||
subset = (private_traffic_selector_t*)get_subset(this, other);
|
||||
|
||||
|
||||
if (subset)
|
||||
{
|
||||
if (equals(subset, this))
|
||||
|
@ -528,7 +528,7 @@ static bool is_contained_in(private_traffic_selector_t *this,
|
|||
}
|
||||
free(subset);
|
||||
}
|
||||
return contained_in;
|
||||
return contained_in;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -543,12 +543,12 @@ static bool includes(private_traffic_selector_t *this, host_t *host)
|
|||
(family == AF_INET6 && this->type == TS_IPV6_ADDR_RANGE))
|
||||
{
|
||||
addr = host->get_address(host);
|
||||
|
||||
|
||||
return memcmp(this->from, addr.ptr, addr.len) <= 0 &&
|
||||
memcmp(this->to, addr.ptr, addr.len) >= 0;
|
||||
}
|
||||
|
||||
return FALSE;
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -557,15 +557,15 @@ static bool includes(private_traffic_selector_t *this, host_t *host)
|
|||
static void to_subnet(private_traffic_selector_t *this, host_t **net, u_int8_t *mask)
|
||||
{
|
||||
/* there is no way to do this cleanly, as the address range may
|
||||
* be anything else but a subnet. We use from_addr as subnet
|
||||
* be anything else but a subnet. We use from_addr as subnet
|
||||
* and try to calculate a usable subnet mask.
|
||||
*/
|
||||
int family, byte;
|
||||
u_int16_t port = 0;
|
||||
chunk_t net_chunk;
|
||||
|
||||
|
||||
*mask = calc_netbits(this);
|
||||
|
||||
|
||||
switch (this->type)
|
||||
{
|
||||
case TS_IPV4_ADDR_RANGE:
|
||||
|
@ -586,22 +586,22 @@ static void to_subnet(private_traffic_selector_t *this, host_t **net, u_int8_t *
|
|||
return;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
net_chunk.ptr = malloc(net_chunk.len);
|
||||
memcpy(net_chunk.ptr, this->from, net_chunk.len);
|
||||
|
||||
|
||||
for (byte = net_chunk.len - 1; byte >= (*mask / 8); --byte)
|
||||
{
|
||||
int shift = (byte + 1) * 8 - *mask;
|
||||
net_chunk.ptr[byte] = net_chunk.ptr[byte] & (0xFF << shift);
|
||||
}
|
||||
|
||||
|
||||
if (this->to_port == this->from_port)
|
||||
{
|
||||
port = this->to_port;
|
||||
}
|
||||
|
||||
*net = host_create_from_chunk(family, net_chunk, port);
|
||||
|
||||
*net = host_create_from_chunk(family, net_chunk, port);
|
||||
chunk_free(&net_chunk);
|
||||
}
|
||||
|
||||
|
@ -611,10 +611,10 @@ static void to_subnet(private_traffic_selector_t *this, host_t **net, u_int8_t *
|
|||
static traffic_selector_t *clone_(private_traffic_selector_t *this)
|
||||
{
|
||||
private_traffic_selector_t *clone;
|
||||
|
||||
clone = traffic_selector_create(this->protocol, this->type,
|
||||
|
||||
clone = traffic_selector_create(this->protocol, this->type,
|
||||
this->from_port, this->to_port);
|
||||
|
||||
|
||||
clone->dynamic = this->dynamic;
|
||||
switch (clone->type)
|
||||
{
|
||||
|
@ -650,13 +650,13 @@ static void destroy(private_traffic_selector_t *this)
|
|||
* see header
|
||||
*/
|
||||
traffic_selector_t *traffic_selector_create_from_bytes(u_int8_t protocol,
|
||||
ts_type_t type,
|
||||
chunk_t from, u_int16_t from_port,
|
||||
ts_type_t type,
|
||||
chunk_t from, u_int16_t from_port,
|
||||
chunk_t to, u_int16_t to_port)
|
||||
{
|
||||
private_traffic_selector_t *this = traffic_selector_create(protocol, type,
|
||||
from_port, to_port);
|
||||
|
||||
|
||||
switch (type)
|
||||
{
|
||||
case TS_IPV4_ADDR_RANGE:
|
||||
|
@ -684,7 +684,7 @@ traffic_selector_t *traffic_selector_create_from_bytes(u_int8_t protocol,
|
|||
default:
|
||||
{
|
||||
free(this);
|
||||
return NULL;
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
return (&this->public);
|
||||
|
@ -693,7 +693,7 @@ traffic_selector_t *traffic_selector_create_from_bytes(u_int8_t protocol,
|
|||
/*
|
||||
* see header
|
||||
*/
|
||||
traffic_selector_t *traffic_selector_create_from_subnet(host_t *net,
|
||||
traffic_selector_t *traffic_selector_create_from_subnet(host_t *net,
|
||||
u_int8_t netbits, u_int8_t protocol, u_int16_t port)
|
||||
{
|
||||
private_traffic_selector_t *this = traffic_selector_create(protocol, 0, 0, 65535);
|
||||
|
@ -703,7 +703,7 @@ traffic_selector_t *traffic_selector_create_from_subnet(host_t *net,
|
|||
case AF_INET:
|
||||
{
|
||||
chunk_t from;
|
||||
|
||||
|
||||
this->type = TS_IPV4_ADDR_RANGE;
|
||||
from = net->get_address(net);
|
||||
memcpy(this->from4, from.ptr, from.len);
|
||||
|
@ -721,7 +721,7 @@ traffic_selector_t *traffic_selector_create_from_subnet(host_t *net,
|
|||
case AF_INET6:
|
||||
{
|
||||
chunk_t from;
|
||||
|
||||
|
||||
this->type = TS_IPV6_ADDR_RANGE;
|
||||
from = net->get_address(net);
|
||||
memcpy(this->from6, from.ptr, from.len);
|
||||
|
@ -782,7 +782,7 @@ traffic_selector_t *traffic_selector_create_from_string(
|
|||
free(this);
|
||||
return NULL;
|
||||
}
|
||||
break;
|
||||
break;
|
||||
}
|
||||
case TS_IPV6_ADDR_RANGE:
|
||||
{
|
||||
|
@ -805,17 +805,17 @@ traffic_selector_t *traffic_selector_create_from_string(
|
|||
/*
|
||||
* see header
|
||||
*/
|
||||
traffic_selector_t *traffic_selector_create_dynamic(u_int8_t protocol,
|
||||
traffic_selector_t *traffic_selector_create_dynamic(u_int8_t protocol,
|
||||
u_int16_t from_port, u_int16_t to_port)
|
||||
{
|
||||
private_traffic_selector_t *this = traffic_selector_create(
|
||||
protocol, TS_IPV4_ADDR_RANGE, from_port, to_port);
|
||||
|
||||
|
||||
memset(this->from6, 0, sizeof(this->from6));
|
||||
memset(this->to6, 0xFF, sizeof(this->to6));
|
||||
|
||||
|
||||
this->dynamic = TRUE;
|
||||
|
||||
|
||||
return &this->public;
|
||||
}
|
||||
|
||||
|
@ -833,7 +833,7 @@ static private_traffic_selector_t *traffic_selector_create(u_int8_t protocol,
|
|||
this->public.get_from_address = (chunk_t(*)(traffic_selector_t*))get_from_address;
|
||||
this->public.get_to_address = (chunk_t(*)(traffic_selector_t*))get_to_address;
|
||||
this->public.get_from_port = (u_int16_t(*)(traffic_selector_t*))get_from_port;
|
||||
this->public.get_to_port = (u_int16_t(*)(traffic_selector_t*))get_to_port;
|
||||
this->public.get_to_port = (u_int16_t(*)(traffic_selector_t*))get_to_port;
|
||||
this->public.get_type = (ts_type_t(*)(traffic_selector_t*))get_type;
|
||||
this->public.get_protocol = (u_int8_t(*)(traffic_selector_t*))get_protocol;
|
||||
this->public.is_host = (bool(*)(traffic_selector_t*,host_t*))is_host;
|
||||
|
@ -844,13 +844,13 @@ static private_traffic_selector_t *traffic_selector_create(u_int8_t protocol,
|
|||
this->public.to_subnet = (void(*)(traffic_selector_t*,host_t**,u_int8_t*))to_subnet;
|
||||
this->public.clone = (traffic_selector_t*(*)(traffic_selector_t*))clone_;
|
||||
this->public.destroy = (void(*)(traffic_selector_t*))destroy;
|
||||
|
||||
|
||||
this->from_port = from_port;
|
||||
this->to_port = to_port;
|
||||
this->protocol = protocol;
|
||||
this->type = type;
|
||||
this->dynamic = FALSE;
|
||||
|
||||
|
||||
return this;
|
||||
}
|
||||
|
||||
|
|
|
@ -33,7 +33,7 @@ typedef struct traffic_selector_t traffic_selector_t;
|
|||
* Traffic selector types.
|
||||
*/
|
||||
enum ts_type_t {
|
||||
|
||||
|
||||
/**
|
||||
* A range of IPv4 addresses, represented by two four (4) octet
|
||||
* values. The first value is the beginning IPv4 address
|
||||
|
@ -42,7 +42,7 @@ enum ts_type_t {
|
|||
* addresses are considered to be within the list.
|
||||
*/
|
||||
TS_IPV4_ADDR_RANGE = 7,
|
||||
|
||||
|
||||
/**
|
||||
* A range of IPv6 addresses, represented by two sixteen (16)
|
||||
* octet values. The first value is the beginning IPv6 address
|
||||
|
@ -65,7 +65,7 @@ extern enum_name_t *ts_type_name;
|
|||
* and a range of ports. IPv6 is not fully supported yet.
|
||||
*/
|
||||
struct traffic_selector_t {
|
||||
|
||||
|
||||
/**
|
||||
* Compare two traffic selectors, and create a new one
|
||||
* which is the largest subset of both (subnet & port).
|
||||
|
@ -77,16 +77,16 @@ struct traffic_selector_t {
|
|||
* - created subset of them
|
||||
* - or NULL if no match between this and other
|
||||
*/
|
||||
traffic_selector_t *(*get_subset) (traffic_selector_t *this,
|
||||
traffic_selector_t *(*get_subset) (traffic_selector_t *this,
|
||||
traffic_selector_t *other);
|
||||
|
||||
|
||||
/**
|
||||
* Clone a traffic selector.
|
||||
*
|
||||
* @return clone of it
|
||||
*/
|
||||
traffic_selector_t *(*clone) (traffic_selector_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Get starting address of this ts as a chunk.
|
||||
*
|
||||
|
@ -95,7 +95,7 @@ struct traffic_selector_t {
|
|||
* @return chunk containing the address
|
||||
*/
|
||||
chunk_t (*get_from_address) (traffic_selector_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Get ending address of this ts as a chunk.
|
||||
*
|
||||
|
@ -104,17 +104,17 @@ struct traffic_selector_t {
|
|||
* @return chunk containing the address
|
||||
*/
|
||||
chunk_t (*get_to_address) (traffic_selector_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Get starting port of this ts.
|
||||
*
|
||||
*
|
||||
* Port is in host order, since the parser converts it.
|
||||
* Size depends on protocol.
|
||||
*
|
||||
*
|
||||
* @return port
|
||||
*/
|
||||
u_int16_t (*get_from_port) (traffic_selector_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Get ending port of this ts.
|
||||
*
|
||||
|
@ -124,21 +124,21 @@ struct traffic_selector_t {
|
|||
* @return port
|
||||
*/
|
||||
u_int16_t (*get_to_port) (traffic_selector_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Get the type of the traffic selector.
|
||||
*
|
||||
* @return ts_type_t specifying the type
|
||||
*/
|
||||
ts_type_t (*get_type) (traffic_selector_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Get the protocol id of this ts.
|
||||
*
|
||||
* @return protocol id
|
||||
*/
|
||||
u_int8_t (*get_protocol) (traffic_selector_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Check if the traffic selector is for a single host.
|
||||
*
|
||||
|
@ -151,14 +151,14 @@ struct traffic_selector_t {
|
|||
* @param host host_t specifying the address range
|
||||
*/
|
||||
bool (*is_host) (traffic_selector_t *this, host_t* host);
|
||||
|
||||
|
||||
/**
|
||||
* Check if a traffic selector has been created by create_dynamic().
|
||||
*
|
||||
* @return TRUE if TS is dynamic
|
||||
*/
|
||||
bool (*is_dynamic)(traffic_selector_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Update the address of a traffic selector.
|
||||
*
|
||||
|
@ -168,15 +168,15 @@ struct traffic_selector_t {
|
|||
* @param host host_t specifying the address
|
||||
*/
|
||||
void (*set_address) (traffic_selector_t *this, host_t* host);
|
||||
|
||||
|
||||
/**
|
||||
* Compare two traffic selectors for equality.
|
||||
*
|
||||
*
|
||||
* @param other ts to compare with this
|
||||
* @return TRUE if equal, FALSE otherwise
|
||||
*/
|
||||
bool (*equals) (traffic_selector_t *this, traffic_selector_t *other);
|
||||
|
||||
|
||||
/**
|
||||
* Check if a traffic selector is contained completly in another.
|
||||
*
|
||||
|
@ -188,24 +188,24 @@ struct traffic_selector_t {
|
|||
bool (*is_contained_in) (traffic_selector_t *this, traffic_selector_t *other);
|
||||
|
||||
/**
|
||||
* Check if a specific host is included in the address range of
|
||||
* Check if a specific host is included in the address range of
|
||||
* this traffic selector.
|
||||
*
|
||||
* @param host the host to check
|
||||
*/
|
||||
bool (*includes) (traffic_selector_t *this, host_t *host);
|
||||
|
||||
|
||||
/**
|
||||
* Convert a traffic selector address range to a subnet
|
||||
* and its net mask.
|
||||
* If from and to ports of this traffic selector are equal,
|
||||
* the port of the returned host_t is set to that port.
|
||||
*
|
||||
*
|
||||
* @param net converted subnet (has to be freed)
|
||||
* @param mask converted net mask
|
||||
*/
|
||||
void (*to_subnet) (traffic_selector_t *this, host_t **net, u_int8_t *mask);
|
||||
|
||||
|
||||
/**
|
||||
* Destroys the ts object
|
||||
*/
|
||||
|
@ -214,7 +214,7 @@ struct traffic_selector_t {
|
|||
|
||||
/**
|
||||
* Create a new traffic selector using human readable params.
|
||||
*
|
||||
*
|
||||
* @param protocol protocol for this ts, such as TCP or UDP
|
||||
* @param type type of following addresses, such as TS_IPV4_ADDR_RANGE
|
||||
* @param from_addr start of address range as string
|
||||
|
@ -232,11 +232,11 @@ traffic_selector_t *traffic_selector_create_from_string(
|
|||
|
||||
/**
|
||||
* Create a new traffic selector using data read from the net.
|
||||
*
|
||||
*
|
||||
* There exists a mix of network and host order in the params.
|
||||
* But the parser gives us this data in this format, so we
|
||||
* don't have to convert twice.
|
||||
*
|
||||
*
|
||||
* @param protocol protocol for this ts, such as TCP or UDP
|
||||
* @param type type of following addresses, such as TS_IPV4_ADDR_RANGE
|
||||
* @param from_address start of address range, network order
|
||||
|
@ -252,14 +252,14 @@ traffic_selector_t *traffic_selector_create_from_bytes(
|
|||
|
||||
/**
|
||||
* Create a new traffic selector defining a whole subnet.
|
||||
*
|
||||
*
|
||||
* In most cases, definition of a traffic selector for full subnets
|
||||
* is sufficient. This constructor creates a traffic selector for
|
||||
* all protocols, all ports and the address range specified by the
|
||||
* subnet.
|
||||
* Additionally, a protocol and a port may be specified. Port ranges
|
||||
* are not supported via this constructor.
|
||||
*
|
||||
*
|
||||
* @param net subnet to use
|
||||
* @param netbits size of the subnet, as used in e.g. 192.168.0.0/24 notation
|
||||
* @param protocol protocol for this ts, such as TCP or UDP
|
||||
|
@ -269,17 +269,17 @@ traffic_selector_t *traffic_selector_create_from_bytes(
|
|||
* - NULL if address family of net not supported
|
||||
*/
|
||||
traffic_selector_t *traffic_selector_create_from_subnet(
|
||||
host_t *net, u_int8_t netbits,
|
||||
host_t *net, u_int8_t netbits,
|
||||
u_int8_t protocol, u_int16_t port);
|
||||
|
||||
/**
|
||||
* Create a traffic selector for host-to-host cases.
|
||||
*
|
||||
*
|
||||
* For host2host or virtual IP setups, the traffic selectors gets
|
||||
* created at runtime using the external/virtual IP. Using this constructor,
|
||||
* a call to set_address() sets this traffic selector to the supplied host.
|
||||
*
|
||||
*
|
||||
*
|
||||
*
|
||||
* @param protocol upper layer protocl to allow
|
||||
* @param from_port start of allowed port range
|
||||
* @param to_port end of range
|
||||
|
@ -293,7 +293,7 @@ traffic_selector_t *traffic_selector_create_dynamic(u_int8_t protocol,
|
|||
/**
|
||||
* printf hook function for traffic_selector_t.
|
||||
*
|
||||
* Arguments are:
|
||||
* Arguments are:
|
||||
* traffic_selector_t *ts
|
||||
* With the #-specifier, arguments are:
|
||||
* linked_list_t *list containing traffic_selector_t*
|
||||
|
|
|
@ -47,42 +47,42 @@ struct interface_listener_t {
|
|||
* public bus listener interface
|
||||
*/
|
||||
listener_t public;
|
||||
|
||||
|
||||
/**
|
||||
* status of the operation, return to method callers
|
||||
*/
|
||||
status_t status;
|
||||
|
||||
|
||||
/**
|
||||
* interface callback (listener gets redirected to here)
|
||||
*/
|
||||
controller_cb_t callback;
|
||||
|
||||
|
||||
/**
|
||||
* user parameter to pass to callback
|
||||
*/
|
||||
void *param;
|
||||
|
||||
|
||||
/**
|
||||
* child configuration, used for initiate
|
||||
*/
|
||||
child_cfg_t *child_cfg;
|
||||
|
||||
|
||||
/**
|
||||
* peer configuration, used for initiate
|
||||
*/
|
||||
peer_cfg_t *peer_cfg;
|
||||
|
||||
|
||||
/**
|
||||
* IKE_SA to handle
|
||||
*/
|
||||
ike_sa_t *ike_sa;
|
||||
|
||||
|
||||
/**
|
||||
* CHILD_SA to handle
|
||||
*/
|
||||
child_sa_t *child_sa;
|
||||
|
||||
|
||||
/**
|
||||
* unique ID, used for various methods
|
||||
*/
|
||||
|
@ -100,7 +100,7 @@ struct interface_job_t {
|
|||
* job interface
|
||||
*/
|
||||
job_t public;
|
||||
|
||||
|
||||
/**
|
||||
* associated listener
|
||||
*/
|
||||
|
@ -138,7 +138,7 @@ static bool listener_ike_state(interface_listener_t *this, ike_sa_t *ike_sa,
|
|||
case IKE_ESTABLISHED:
|
||||
{ /* mediation connections are complete without CHILD_SA */
|
||||
peer_cfg_t *peer_cfg = ike_sa->get_peer_cfg(ike_sa);
|
||||
|
||||
|
||||
if (peer_cfg->is_mediation(peer_cfg))
|
||||
{
|
||||
this->status = SUCCESS;
|
||||
|
@ -219,17 +219,17 @@ static status_t initiate_execute(interface_job_t *job)
|
|||
ike_sa_t *ike_sa;
|
||||
interface_listener_t *listener = &job->listener;
|
||||
peer_cfg_t *peer_cfg = listener->peer_cfg;
|
||||
|
||||
|
||||
ike_sa = charon->ike_sa_manager->checkout_by_config(charon->ike_sa_manager,
|
||||
peer_cfg);
|
||||
listener->ike_sa = ike_sa;
|
||||
|
||||
|
||||
if (ike_sa->get_peer_cfg(ike_sa) == NULL)
|
||||
{
|
||||
ike_sa->set_peer_cfg(ike_sa, peer_cfg);
|
||||
}
|
||||
peer_cfg->destroy(peer_cfg);
|
||||
|
||||
|
||||
if (ike_sa->initiate(ike_sa, listener->child_cfg, 0, NULL, NULL) == SUCCESS)
|
||||
{
|
||||
charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
|
||||
|
@ -279,9 +279,9 @@ static status_t terminate_ike_execute(interface_job_t *job)
|
|||
{
|
||||
interface_listener_t *listener = &job->listener;
|
||||
ike_sa_t *ike_sa = listener->ike_sa;
|
||||
|
||||
|
||||
charon->bus->set_sa(charon->bus, ike_sa);
|
||||
|
||||
|
||||
if (ike_sa->delete(ike_sa) != DESTROY_ME)
|
||||
{
|
||||
charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
|
||||
|
@ -316,7 +316,7 @@ static status_t terminate_ike(controller_t *this, u_int32_t unique_id,
|
|||
.destroy = (void*)recheckin,
|
||||
},
|
||||
};
|
||||
|
||||
|
||||
ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager,
|
||||
unique_id, FALSE);
|
||||
if (ike_sa == NULL)
|
||||
|
@ -325,7 +325,7 @@ static status_t terminate_ike(controller_t *this, u_int32_t unique_id,
|
|||
return NOT_FOUND;
|
||||
}
|
||||
job.listener.ike_sa = ike_sa;
|
||||
|
||||
|
||||
if (callback == NULL)
|
||||
{
|
||||
return terminate_ike_execute(&job);
|
||||
|
@ -342,7 +342,7 @@ static status_t terminate_child_execute(interface_job_t *job)
|
|||
interface_listener_t *listener = &job->listener;
|
||||
ike_sa_t *ike_sa = listener->ike_sa;
|
||||
child_sa_t *child_sa = listener->child_sa;
|
||||
|
||||
|
||||
charon->bus->set_sa(charon->bus, ike_sa);
|
||||
if (ike_sa->delete_child_sa(ike_sa, child_sa->get_protocol(child_sa),
|
||||
child_sa->get_spi(child_sa, TRUE)) != DESTROY_ME)
|
||||
|
@ -380,7 +380,7 @@ static status_t terminate_child(controller_t *this, u_int32_t reqid,
|
|||
.destroy = (void*)recheckin,
|
||||
},
|
||||
};
|
||||
|
||||
|
||||
ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager,
|
||||
reqid, TRUE);
|
||||
if (ike_sa == NULL)
|
||||
|
@ -390,7 +390,7 @@ static status_t terminate_child(controller_t *this, u_int32_t reqid,
|
|||
return NOT_FOUND;
|
||||
}
|
||||
job.listener.ike_sa = ike_sa;
|
||||
|
||||
|
||||
iterator = ike_sa->create_child_sa_iterator(ike_sa);
|
||||
while (iterator->iterate(iterator, (void**)&child_sa))
|
||||
{
|
||||
|
@ -402,7 +402,7 @@ static status_t terminate_child(controller_t *this, u_int32_t reqid,
|
|||
child_sa = NULL;
|
||||
}
|
||||
iterator->destroy(iterator);
|
||||
|
||||
|
||||
if (child_sa == NULL)
|
||||
{
|
||||
DBG1(DBG_IKE, "unable to terminate, established "
|
||||
|
@ -443,13 +443,13 @@ static void destroy(private_controller_t *this)
|
|||
controller_t *controller_create(void)
|
||||
{
|
||||
private_controller_t *this = malloc_thing(private_controller_t);
|
||||
|
||||
|
||||
this->public.create_ike_sa_enumerator = (enumerator_t*(*)(controller_t*))create_ike_sa_enumerator;
|
||||
this->public.initiate = (status_t(*)(controller_t*,peer_cfg_t*,child_cfg_t*,controller_cb_t,void*))initiate;
|
||||
this->public.terminate_ike = (status_t(*)(controller_t*,u_int32_t,controller_cb_t, void*))terminate_ike;
|
||||
this->public.terminate_child = (status_t(*)(controller_t*,u_int32_t,controller_cb_t, void *param))terminate_child;
|
||||
this->public.destroy = (void (*)(controller_t*))destroy;
|
||||
|
||||
|
||||
return &this->public;
|
||||
}
|
||||
|
||||
|
|
|
@ -95,7 +95,7 @@ struct controller_t {
|
|||
* Terminate an IKE_SA and all of its CHILD_SAs.
|
||||
*
|
||||
* The terminate() function is synchronous and thus blocks until the
|
||||
* IKE_SA is properly deleted, or the delete timed out.
|
||||
* IKE_SA is properly deleted, or the delete timed out.
|
||||
* The terminate() function contains a thread cancellation point.
|
||||
*
|
||||
* @param unique_id unique id of the IKE_SA to terminate.
|
||||
|
@ -106,9 +106,9 @@ struct controller_t {
|
|||
* - NOT_FOUND, if no such CHILD_SA found
|
||||
* - NEED_MORE, if callback returned FALSE
|
||||
*/
|
||||
status_t (*terminate_ike)(controller_t *this, u_int32_t unique_id,
|
||||
status_t (*terminate_ike)(controller_t *this, u_int32_t unique_id,
|
||||
controller_cb_t callback, void *param);
|
||||
|
||||
|
||||
/**
|
||||
* Terminate a CHILD_SA.
|
||||
*
|
||||
|
@ -120,9 +120,9 @@ struct controller_t {
|
|||
* - NOT_FOUND, if no such CHILD_SA found
|
||||
* - NEED_MORE, if callback returned FALSE
|
||||
*/
|
||||
status_t (*terminate_child)(controller_t *this, u_int32_t reqid,
|
||||
status_t (*terminate_child)(controller_t *this, u_int32_t reqid,
|
||||
controller_cb_t callback, void *param);
|
||||
|
||||
|
||||
/**
|
||||
* Destroy a controller_t instance.
|
||||
*/
|
||||
|
@ -132,7 +132,7 @@ struct controller_t {
|
|||
|
||||
/**
|
||||
* Creates a controller instance.
|
||||
*
|
||||
*
|
||||
* @return controller_t object
|
||||
*/
|
||||
controller_t *controller_create(void);
|
||||
|
|
|
@ -41,27 +41,27 @@ struct private_credential_manager_t {
|
|||
* public functions
|
||||
*/
|
||||
credential_manager_t public;
|
||||
|
||||
|
||||
/**
|
||||
* list of credential sets
|
||||
*/
|
||||
linked_list_t *sets;
|
||||
|
||||
|
||||
/**
|
||||
* thread local set of credentials, linked_list_t with credential_set_t's
|
||||
*/
|
||||
pthread_key_t local_sets;
|
||||
|
||||
|
||||
/**
|
||||
* trust relationship and certificate cache
|
||||
*/
|
||||
cert_cache_t *cache;
|
||||
|
||||
|
||||
/**
|
||||
* certificates queued for persistent caching
|
||||
*/
|
||||
linked_list_t *cache_queue;
|
||||
|
||||
|
||||
/**
|
||||
* read-write lock to sets list
|
||||
*/
|
||||
|
@ -149,7 +149,7 @@ static enumerator_t *create_sets_enumerator(private_credential_manager_t *this)
|
|||
{
|
||||
linked_list_t *local;
|
||||
sets_enumerator_t *enumerator = malloc_thing(sets_enumerator_t);
|
||||
|
||||
|
||||
enumerator->public.enumerate = (void*)sets_enumerator_enumerate;
|
||||
enumerator->public.destroy = (void*)sets_enumerator_destroy;
|
||||
enumerator->global = this->sets->create_enumerator(this->sets);
|
||||
|
@ -176,7 +176,7 @@ static void destroy_cert_data(cert_data_t *data)
|
|||
*/
|
||||
static enumerator_t *create_cert(credential_set_t *set, cert_data_t *data)
|
||||
{
|
||||
return set->create_cert_enumerator(set, data->cert, data->key,
|
||||
return set->create_cert_enumerator(set, data->cert, data->key,
|
||||
data->id, data->trusted);
|
||||
}
|
||||
|
||||
|
@ -193,7 +193,7 @@ static enumerator_t *create_cert_enumerator(private_credential_manager_t *this,
|
|||
data->key = key;
|
||||
data->id = id;
|
||||
data->trusted = trusted;
|
||||
|
||||
|
||||
this->lock->read_lock(this->lock);
|
||||
return enumerator_create_nested(create_sets_enumerator(this),
|
||||
(void*)create_cert, data,
|
||||
|
@ -209,7 +209,7 @@ static certificate_t *get_cert(private_credential_manager_t *this,
|
|||
{
|
||||
certificate_t *current, *found = NULL;
|
||||
enumerator_t *enumerator;
|
||||
|
||||
|
||||
enumerator = create_cert_enumerator(this, cert, key, id, trusted);
|
||||
if (enumerator->enumerate(enumerator, ¤t))
|
||||
{
|
||||
|
@ -247,7 +247,7 @@ static enumerator_t * create_cdp_enumerator(private_credential_manager_t *this,
|
|||
data->this = this;
|
||||
data->type = type;
|
||||
data->id = id;
|
||||
|
||||
|
||||
this->lock->read_lock(this->lock);
|
||||
return enumerator_create_nested(create_sets_enumerator(this),
|
||||
(void*)create_cdp, data,
|
||||
|
@ -279,7 +279,7 @@ static enumerator_t* create_private_enumerator(
|
|||
key_type_t key, identification_t *keyid)
|
||||
{
|
||||
private_data_t *data;
|
||||
|
||||
|
||||
data = malloc_thing(private_data_t);
|
||||
data->this = this;
|
||||
data->type = key;
|
||||
|
@ -292,13 +292,13 @@ static enumerator_t* create_private_enumerator(
|
|||
|
||||
/**
|
||||
* Implementation of credential_manager_t.get_private_by_keyid.
|
||||
*/
|
||||
*/
|
||||
static private_key_t *get_private_by_keyid(private_credential_manager_t *this,
|
||||
key_type_t key, identification_t *keyid)
|
||||
{
|
||||
private_key_t *found = NULL;
|
||||
enumerator_t *enumerator;
|
||||
|
||||
|
||||
enumerator = create_private_enumerator(this, key, keyid);
|
||||
if (enumerator->enumerate(enumerator, &found))
|
||||
{
|
||||
|
@ -328,7 +328,7 @@ static enumerator_t *create_shared(credential_set_t *set, shared_data_t *data)
|
|||
/**
|
||||
* Implementation of credential_manager_t.create_shared_enumerator.
|
||||
*/
|
||||
static enumerator_t *create_shared_enumerator(private_credential_manager_t *this,
|
||||
static enumerator_t *create_shared_enumerator(private_credential_manager_t *this,
|
||||
shared_key_type_t type,
|
||||
identification_t *me, identification_t *other)
|
||||
{
|
||||
|
@ -337,16 +337,16 @@ static enumerator_t *create_shared_enumerator(private_credential_manager_t *this
|
|||
data->type = type;
|
||||
data->me = me;
|
||||
data->other = other;
|
||||
|
||||
|
||||
this->lock->read_lock(this->lock);
|
||||
return enumerator_create_nested(create_sets_enumerator(this),
|
||||
(void*)create_shared, data,
|
||||
(void*)create_shared, data,
|
||||
(void*)destroy_shared_data);
|
||||
}
|
||||
|
||||
/**
|
||||
* Implementation of credential_manager_t.get_shared.
|
||||
*/
|
||||
*/
|
||||
static shared_key_t *get_shared(private_credential_manager_t *this,
|
||||
shared_key_type_t type, identification_t *me,
|
||||
identification_t *other)
|
||||
|
@ -355,7 +355,7 @@ static shared_key_t *get_shared(private_credential_manager_t *this,
|
|||
id_match_t *best_me = ID_MATCH_NONE, *best_other = ID_MATCH_NONE;
|
||||
id_match_t *match_me, *match_other;
|
||||
enumerator_t *enumerator;
|
||||
|
||||
|
||||
enumerator = create_shared_enumerator(this, type, me, other);
|
||||
while (enumerator->enumerate(enumerator, ¤t, &match_me, &match_other))
|
||||
{
|
||||
|
@ -396,7 +396,7 @@ static void remove_local_set(private_credential_manager_t *this,
|
|||
credential_set_t *set)
|
||||
{
|
||||
linked_list_t *sets;
|
||||
|
||||
|
||||
sets = pthread_getspecific(this->local_sets);
|
||||
sets->remove(sets, set, NULL);
|
||||
}
|
||||
|
@ -408,7 +408,7 @@ static void cache_cert(private_credential_manager_t *this, certificate_t *cert)
|
|||
{
|
||||
credential_set_t *set;
|
||||
enumerator_t *enumerator;
|
||||
|
||||
|
||||
if (this->lock->try_write_lock(this->lock))
|
||||
{
|
||||
enumerator = this->sets->create_enumerator(this->sets);
|
||||
|
@ -434,7 +434,7 @@ static void cache_queue(private_credential_manager_t *this)
|
|||
credential_set_t *set;
|
||||
certificate_t *cert;
|
||||
enumerator_t *enumerator;
|
||||
|
||||
|
||||
if (this->cache_queue->get_count(this->cache_queue) > 0 &&
|
||||
this->lock->try_write_lock(this->lock))
|
||||
{
|
||||
|
@ -454,7 +454,7 @@ static void cache_queue(private_credential_manager_t *this)
|
|||
}
|
||||
|
||||
/**
|
||||
* forward declaration
|
||||
* forward declaration
|
||||
*/
|
||||
static enumerator_t *create_trusted_enumerator(private_credential_manager_t *this,
|
||||
key_type_t type, identification_t *id, bool crl, bool ocsp);
|
||||
|
@ -467,7 +467,7 @@ static certificate_t *fetch_ocsp(private_credential_manager_t *this, char *url,
|
|||
{
|
||||
certificate_t *request, *response;
|
||||
chunk_t send, receive;
|
||||
|
||||
|
||||
/* TODO: requestor name, signature */
|
||||
request = lib->creds->create(lib->creds,
|
||||
CRED_CERTIFICATE, CERT_X509_OCSP_REQUEST,
|
||||
|
@ -478,12 +478,12 @@ static certificate_t *fetch_ocsp(private_credential_manager_t *this, char *url,
|
|||
DBG1(DBG_CFG, "generating ocsp request failed");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
send = request->get_encoding(request);
|
||||
request->destroy(request);
|
||||
|
||||
DBG1(DBG_CFG, " requesting ocsp status from '%s' ...", url);
|
||||
if (lib->fetcher->fetch(lib->fetcher, url, &receive,
|
||||
if (lib->fetcher->fetch(lib->fetcher, url, &receive,
|
||||
FETCH_REQUEST_DATA, send,
|
||||
FETCH_REQUEST_TYPE, "application/ocsp-request",
|
||||
FETCH_END) != SUCCESS)
|
||||
|
@ -493,7 +493,7 @@ static certificate_t *fetch_ocsp(private_credential_manager_t *this, char *url,
|
|||
return NULL;
|
||||
}
|
||||
chunk_free(&send);
|
||||
|
||||
|
||||
response = lib->creds->create(lib->creds,
|
||||
CRED_CERTIFICATE, CERT_X509_OCSP_RESPONSE,
|
||||
BUILD_BLOB_ASN1_DER, receive, BUILD_END);
|
||||
|
@ -507,9 +507,9 @@ static certificate_t *fetch_ocsp(private_credential_manager_t *this, char *url,
|
|||
}
|
||||
|
||||
/**
|
||||
* check the signature of an OCSP response
|
||||
* check the signature of an OCSP response
|
||||
*/
|
||||
static bool verify_ocsp(private_credential_manager_t *this,
|
||||
static bool verify_ocsp(private_credential_manager_t *this,
|
||||
ocsp_response_t *response)
|
||||
{
|
||||
certificate_t *issuer, *subject;
|
||||
|
@ -520,7 +520,7 @@ static bool verify_ocsp(private_credential_manager_t *this,
|
|||
|
||||
wrapper = ocsp_response_wrapper_create((ocsp_response_t*)response);
|
||||
add_local_set(this, &wrapper->set);
|
||||
|
||||
|
||||
subject = &response->certificate;
|
||||
responder = subject->get_issuer(subject);
|
||||
enumerator = create_trusted_enumerator(this, KEY_ANY, responder, FALSE, FALSE);
|
||||
|
@ -535,7 +535,7 @@ static bool verify_ocsp(private_credential_manager_t *this,
|
|||
}
|
||||
}
|
||||
enumerator->destroy(enumerator);
|
||||
|
||||
|
||||
remove_local_set(this, &wrapper->set);
|
||||
wrapper->destroy(wrapper);
|
||||
return verified;
|
||||
|
@ -553,7 +553,7 @@ static certificate_t *get_better_ocsp(private_credential_manager_t *this,
|
|||
time_t revocation, this_update, next_update, valid_until;
|
||||
crl_reason_t reason;
|
||||
bool revoked = FALSE;
|
||||
|
||||
|
||||
response = (ocsp_response_t*)cand;
|
||||
|
||||
/* check ocsp signature */
|
||||
|
@ -622,7 +622,7 @@ static certificate_t *get_better_ocsp(private_credential_manager_t *this,
|
|||
* validate a x509 certificate using OCSP
|
||||
*/
|
||||
static cert_validation_t check_ocsp(private_credential_manager_t *this,
|
||||
x509_t *subject, x509_t *issuer,
|
||||
x509_t *subject, x509_t *issuer,
|
||||
auth_cfg_t *auth)
|
||||
{
|
||||
enumerator_t *enumerator;
|
||||
|
@ -632,7 +632,7 @@ static cert_validation_t check_ocsp(private_credential_manager_t *this,
|
|||
public_key_t *public;
|
||||
chunk_t chunk;
|
||||
char *uri = NULL;
|
||||
|
||||
|
||||
/** lookup cache for valid OCSP responses */
|
||||
enumerator = create_cert_enumerator(this, CERT_X509_OCSP_RESPONSE,
|
||||
KEY_ANY, NULL, FALSE);
|
||||
|
@ -648,7 +648,7 @@ static cert_validation_t check_ocsp(private_credential_manager_t *this,
|
|||
}
|
||||
}
|
||||
enumerator->destroy(enumerator);
|
||||
|
||||
|
||||
/* derive the authorityKeyIdentifier from the issuer's public key */
|
||||
current = &issuer->interface;
|
||||
public = current->get_public_key(current);
|
||||
|
@ -723,7 +723,7 @@ static certificate_t* fetch_crl(private_credential_manager_t *this, char *url)
|
|||
{
|
||||
certificate_t *crl;
|
||||
chunk_t chunk;
|
||||
|
||||
|
||||
DBG1(DBG_CFG, " fetching crl from '%s' ...", url);
|
||||
if (lib->fetcher->fetch(lib->fetcher, url, &chunk, FETCH_END) != SUCCESS)
|
||||
{
|
||||
|
@ -749,7 +749,7 @@ static bool verify_crl(private_credential_manager_t *this, certificate_t *crl)
|
|||
certificate_t *issuer;
|
||||
enumerator_t *enumerator;
|
||||
bool verified = FALSE;
|
||||
|
||||
|
||||
enumerator = create_trusted_enumerator(this, KEY_ANY, crl->get_issuer(crl),
|
||||
FALSE, FALSE);
|
||||
while (enumerator->enumerate(enumerator, &issuer, NULL))
|
||||
|
@ -763,7 +763,7 @@ static bool verify_crl(private_credential_manager_t *this, certificate_t *crl)
|
|||
}
|
||||
}
|
||||
enumerator->destroy(enumerator);
|
||||
|
||||
|
||||
return verified;
|
||||
}
|
||||
|
||||
|
@ -788,7 +788,7 @@ static certificate_t *get_better_crl(private_credential_manager_t *this,
|
|||
cand->destroy(cand);
|
||||
return best;
|
||||
}
|
||||
|
||||
|
||||
crl = (crl_t*)cand;
|
||||
enumerator = crl->create_enumerator(crl);
|
||||
while (enumerator->enumerate(enumerator, &serial, &revocation, &reason))
|
||||
|
@ -837,7 +837,7 @@ static certificate_t *get_better_crl(private_credential_manager_t *this,
|
|||
* validate a x509 certificate using CRL
|
||||
*/
|
||||
static cert_validation_t check_crl(private_credential_manager_t *this,
|
||||
x509_t *subject, x509_t *issuer,
|
||||
x509_t *subject, x509_t *issuer,
|
||||
auth_cfg_t *auth)
|
||||
{
|
||||
cert_validation_t valid = VALIDATION_SKIPPED;
|
||||
|
@ -848,16 +848,16 @@ static cert_validation_t check_crl(private_credential_manager_t *this,
|
|||
enumerator_t *enumerator;
|
||||
chunk_t chunk;
|
||||
char *uri = NULL;
|
||||
|
||||
|
||||
/* derive the authorityKeyIdentifier from the issuer's public key */
|
||||
current = &issuer->interface;
|
||||
public = current->get_public_key(current);
|
||||
if (public && public->get_fingerprint(public, KEY_ID_PUBKEY_SHA1, &chunk))
|
||||
{
|
||||
keyid = identification_create_from_encoding(ID_KEY_ID, chunk);
|
||||
|
||||
|
||||
/* find a cached crl by authorityKeyIdentifier */
|
||||
enumerator = create_cert_enumerator(this, CERT_X509_CRL, KEY_ANY,
|
||||
enumerator = create_cert_enumerator(this, CERT_X509_CRL, KEY_ANY,
|
||||
keyid, FALSE);
|
||||
while (enumerator->enumerate(enumerator, ¤t))
|
||||
{
|
||||
|
@ -871,12 +871,12 @@ static cert_validation_t check_crl(private_credential_manager_t *this,
|
|||
}
|
||||
}
|
||||
enumerator->destroy(enumerator);
|
||||
|
||||
|
||||
/* fallback to fetching crls from credential sets cdps */
|
||||
if (valid != VALIDATION_GOOD && valid != VALIDATION_REVOKED)
|
||||
{
|
||||
enumerator = create_cdp_enumerator(this, CERT_X509_CRL, keyid);
|
||||
|
||||
|
||||
while (enumerator->enumerate(enumerator, &uri))
|
||||
{
|
||||
current = fetch_crl(this, uri);
|
||||
|
@ -895,12 +895,12 @@ static cert_validation_t check_crl(private_credential_manager_t *this,
|
|||
keyid->destroy(keyid);
|
||||
}
|
||||
DESTROY_IF(public);
|
||||
|
||||
|
||||
/* fallback to fetching crls from cdps from subject's certificate */
|
||||
if (valid != VALIDATION_GOOD && valid != VALIDATION_REVOKED)
|
||||
{
|
||||
enumerator = subject->create_crl_uri_enumerator(subject);
|
||||
|
||||
|
||||
while (enumerator->enumerate(enumerator, &uri))
|
||||
{
|
||||
current = fetch_crl(this, uri);
|
||||
|
@ -916,7 +916,7 @@ static cert_validation_t check_crl(private_credential_manager_t *this,
|
|||
}
|
||||
enumerator->destroy(enumerator);
|
||||
}
|
||||
|
||||
|
||||
/* an uri was found, but no result. switch validation state to failed */
|
||||
if (valid == VALIDATION_SKIPPED && uri)
|
||||
{
|
||||
|
@ -947,7 +947,7 @@ static bool check_certificate(private_credential_manager_t *this,
|
|||
bool crl, bool ocsp, auth_cfg_t *auth)
|
||||
{
|
||||
time_t not_before, not_after;
|
||||
|
||||
|
||||
if (!subject->get_validity(subject, NULL, ¬_before, ¬_after))
|
||||
{
|
||||
DBG1(DBG_CFG, "subject certificate invalid (valid from %T to %T)",
|
||||
|
@ -1020,7 +1020,7 @@ static certificate_t *get_pretrusted_cert(private_credential_manager_t *this,
|
|||
{
|
||||
certificate_t *subject;
|
||||
public_key_t *public;
|
||||
|
||||
|
||||
subject = get_cert(this, CERT_ANY, type, id, TRUE);
|
||||
if (!subject)
|
||||
{
|
||||
|
@ -1044,8 +1044,8 @@ static certificate_t *get_issuer_cert(private_credential_manager_t *this,
|
|||
{
|
||||
enumerator_t *enumerator;
|
||||
certificate_t *issuer = NULL, *candidate;
|
||||
|
||||
enumerator = create_cert_enumerator(this, subject->get_type(subject), KEY_ANY,
|
||||
|
||||
enumerator = create_cert_enumerator(this, subject->get_type(subject), KEY_ANY,
|
||||
subject->get_issuer(subject), trusted);
|
||||
while (enumerator->enumerate(enumerator, &candidate))
|
||||
{
|
||||
|
@ -1069,7 +1069,7 @@ static bool verify_trust_chain(private_credential_manager_t *this,
|
|||
certificate_t *current, *issuer;
|
||||
auth_cfg_t *auth;
|
||||
u_int level = 0;
|
||||
|
||||
|
||||
auth = auth_cfg_create();
|
||||
current = subject->get_ref(subject);
|
||||
while (level++ < MAX_CA_LEVELS)
|
||||
|
@ -1110,7 +1110,7 @@ static bool verify_trust_chain(private_credential_manager_t *this,
|
|||
}
|
||||
else
|
||||
{
|
||||
DBG1(DBG_CFG, "no issuer certificate found for \"%Y\"",
|
||||
DBG1(DBG_CFG, "no issuer certificate found for \"%Y\"",
|
||||
current->get_subject(current));
|
||||
break;
|
||||
}
|
||||
|
@ -1173,10 +1173,10 @@ static bool trusted_enumerate(trusted_enumerator_t *this,
|
|||
certificate_t **cert, auth_cfg_t **auth)
|
||||
{
|
||||
certificate_t *current;
|
||||
|
||||
|
||||
DESTROY_IF(this->auth);
|
||||
this->auth = auth_cfg_create();
|
||||
|
||||
|
||||
if (!this->candidates)
|
||||
{
|
||||
/* first invocation, build enumerator for next one */
|
||||
|
@ -1187,7 +1187,7 @@ static bool trusted_enumerate(trusted_enumerator_t *this,
|
|||
if (this->pretrusted)
|
||||
{
|
||||
/* if we find a trusted self signed certificate, we just accept it.
|
||||
* However, in order to fulfill authorization rules, we try to build
|
||||
* However, in order to fulfill authorization rules, we try to build
|
||||
* the trust chain if it is not self signed */
|
||||
if (this->this->cache->issued_by(this->this->cache,
|
||||
this->pretrusted, this->pretrusted) ||
|
||||
|
@ -1215,7 +1215,7 @@ static bool trusted_enumerate(trusted_enumerator_t *this,
|
|||
{ /* skip pretrusted certificate we already served */
|
||||
continue;
|
||||
}
|
||||
|
||||
|
||||
DBG1(DBG_CFG, " using certificate \"%Y\"",
|
||||
current->get_subject(current));
|
||||
if (verify_trust_chain(this->this, current, this->auth, FALSE,
|
||||
|
@ -1250,10 +1250,10 @@ static enumerator_t *create_trusted_enumerator(private_credential_manager_t *thi
|
|||
key_type_t type, identification_t *id, bool crl, bool ocsp)
|
||||
{
|
||||
trusted_enumerator_t *enumerator = malloc_thing(trusted_enumerator_t);
|
||||
|
||||
|
||||
enumerator->public.enumerate = (void*)trusted_enumerate;
|
||||
enumerator->public.destroy = (void*)trusted_destroy;
|
||||
|
||||
|
||||
enumerator->candidates = NULL;
|
||||
enumerator->this = this;
|
||||
enumerator->type = type;
|
||||
|
@ -1262,7 +1262,7 @@ static enumerator_t *create_trusted_enumerator(private_credential_manager_t *thi
|
|||
enumerator->ocsp = ocsp;
|
||||
enumerator->pretrusted = NULL;
|
||||
enumerator->auth = NULL;
|
||||
|
||||
|
||||
return &enumerator->public;
|
||||
}
|
||||
|
||||
|
@ -1289,7 +1289,7 @@ static bool public_enumerate(public_enumerator_t *this,
|
|||
public_key_t **key, auth_cfg_t **auth)
|
||||
{
|
||||
certificate_t *cert;
|
||||
|
||||
|
||||
while (this->inner->enumerate(this->inner, &cert, auth))
|
||||
{
|
||||
DESTROY_IF(this->current);
|
||||
|
@ -1316,7 +1316,7 @@ static void public_destroy(public_enumerator_t *this)
|
|||
this->wrapper->destroy(this->wrapper);
|
||||
}
|
||||
this->this->lock->unlock(this->this->lock);
|
||||
|
||||
|
||||
/* check for delayed certificate cache queue */
|
||||
cache_queue(this->this);
|
||||
free(this);
|
||||
|
@ -1329,7 +1329,7 @@ static enumerator_t* create_public_enumerator(private_credential_manager_t *this
|
|||
key_type_t type, identification_t *id, auth_cfg_t *auth)
|
||||
{
|
||||
public_enumerator_t *enumerator = malloc_thing(public_enumerator_t);
|
||||
|
||||
|
||||
enumerator->public.enumerate = (void*)public_enumerate;
|
||||
enumerator->public.destroy = (void*)public_destroy;
|
||||
enumerator->inner = create_trusted_enumerator(this, type, id, TRUE, TRUE);
|
||||
|
@ -1374,13 +1374,13 @@ static bool auth_contains_cacert(auth_cfg_t *auth, certificate_t *cert)
|
|||
*/
|
||||
static auth_cfg_t *build_trustchain(private_credential_manager_t *this,
|
||||
certificate_t *subject, auth_cfg_t *auth)
|
||||
{
|
||||
{
|
||||
certificate_t *issuer, *current;
|
||||
auth_cfg_t *trustchain;
|
||||
u_int level = 0;
|
||||
|
||||
|
||||
trustchain = auth_cfg_create();
|
||||
|
||||
|
||||
current = auth->get(auth, AUTH_RULE_CA_CERT);
|
||||
if (!current)
|
||||
{
|
||||
|
@ -1428,7 +1428,7 @@ static private_key_t *get_private_by_cert(private_credential_manager_t *this,
|
|||
identification_t *keyid;
|
||||
chunk_t chunk;
|
||||
public_key_t *public;
|
||||
|
||||
|
||||
public = cert->get_public_key(cert);
|
||||
if (public)
|
||||
{
|
||||
|
@ -1454,13 +1454,13 @@ static private_key_t *get_private(private_credential_manager_t *this,
|
|||
certificate_t *cert;
|
||||
private_key_t *private = NULL;
|
||||
auth_cfg_t *trustchain;
|
||||
|
||||
|
||||
/* check if this is a lookup by key ID, and do it if so */
|
||||
if (id && id->get_type(id) == ID_KEY_ID)
|
||||
{
|
||||
return get_private_by_keyid(this, type, id);
|
||||
}
|
||||
|
||||
|
||||
/* if a specific certificate is preferred, check for a matching key */
|
||||
cert = auth->get(auth, AUTH_RULE_SUBJECT_CERT);
|
||||
if (cert)
|
||||
|
@ -1477,7 +1477,7 @@ static private_key_t *get_private(private_credential_manager_t *this,
|
|||
return private;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/* try to build a trust chain for each certificate found */
|
||||
enumerator = create_cert_enumerator(this, CERT_ANY, type, id, FALSE);
|
||||
while (enumerator->enumerate(enumerator, &cert))
|
||||
|
@ -1497,7 +1497,7 @@ static private_key_t *get_private(private_credential_manager_t *this,
|
|||
}
|
||||
}
|
||||
enumerator->destroy(enumerator);
|
||||
|
||||
|
||||
/* if no valid trustchain was found, fall back to the first usable cert */
|
||||
if (!private)
|
||||
{
|
||||
|
@ -1567,7 +1567,7 @@ static void destroy(private_credential_manager_t *this)
|
|||
credential_manager_t *credential_manager_create()
|
||||
{
|
||||
private_credential_manager_t *this = malloc_thing(private_credential_manager_t);
|
||||
|
||||
|
||||
this->public.create_cert_enumerator = (enumerator_t *(*)(credential_manager_t *this,certificate_type_t cert, key_type_t key,identification_t *id,bool))create_cert_enumerator;
|
||||
this->public.create_shared_enumerator = (enumerator_t *(*)(credential_manager_t *this, shared_key_type_t type,identification_t *me, identification_t *other))create_shared_enumerator;
|
||||
this->public.create_cdp_enumerator = (enumerator_t *(*)(credential_manager_t*, certificate_type_t type, identification_t *id))create_cdp_enumerator;
|
||||
|
@ -1580,14 +1580,14 @@ credential_manager_t *credential_manager_create()
|
|||
this->public.add_set = (void(*)(credential_manager_t*, credential_set_t *set))add_set;
|
||||
this->public.remove_set = (void(*)(credential_manager_t*, credential_set_t *set))remove_set;
|
||||
this->public.destroy = (void(*)(credential_manager_t*))destroy;
|
||||
|
||||
|
||||
this->sets = linked_list_create();
|
||||
pthread_key_create(&this->local_sets, (void*)this->sets->destroy);
|
||||
this->cache = cert_cache_create();
|
||||
this->cache_queue = linked_list_create();
|
||||
this->sets->insert_first(this->sets, this->cache);
|
||||
this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT);
|
||||
|
||||
|
||||
return &this->public;
|
||||
}
|
||||
|
||||
|
|
|
@ -36,11 +36,11 @@ typedef struct credential_manager_t credential_manager_t;
|
|||
*
|
||||
* The credential manager is the entry point of the credential framework. It
|
||||
* uses so called "sets" to access credentials in a modular fashion, these
|
||||
* are implemented through the credential_set_t interface.
|
||||
* are implemented through the credential_set_t interface.
|
||||
* The manager additionally does trust chain verification and trust status
|
||||
* chaching. A set may call the managers methods if it needs credentials itself,
|
||||
* the manager uses recursive locking.
|
||||
*
|
||||
*
|
||||
* @verbatim
|
||||
|
||||
+-------+ +----------------+
|
||||
|
@ -58,14 +58,14 @@ typedef struct credential_manager_t credential_manager_t;
|
|||
| o | may be recursive
|
||||
| r |
|
||||
+-------+
|
||||
|
||||
@endverbatim
|
||||
|
||||
@endverbatim
|
||||
*
|
||||
* The credential manager uses rwlocks for performance reasons, credential
|
||||
* sets must be fully thread save.
|
||||
*/
|
||||
struct credential_manager_t {
|
||||
|
||||
|
||||
/**
|
||||
* Create an enumerator over all certificates.
|
||||
*
|
||||
|
@ -90,7 +90,7 @@ struct credential_manager_t {
|
|||
* @param second second subject between key is shared
|
||||
* @return enumerator over shared keys
|
||||
*/
|
||||
enumerator_t *(*create_shared_enumerator)(credential_manager_t *this,
|
||||
enumerator_t *(*create_shared_enumerator)(credential_manager_t *this,
|
||||
shared_key_type_t type,
|
||||
identification_t *first, identification_t *second);
|
||||
/**
|
||||
|
@ -121,14 +121,14 @@ struct credential_manager_t {
|
|||
* @param me own identity
|
||||
* @param other peers identity
|
||||
* @return shared_key_t, NULL if none found
|
||||
*/
|
||||
*/
|
||||
shared_key_t *(*get_shared)(credential_manager_t *this, shared_key_type_t type,
|
||||
identification_t *me, identification_t *other);
|
||||
/**
|
||||
* Get a private key to create a signature.
|
||||
*
|
||||
* The get_private() method gets a secret private key identified by either
|
||||
* the keyid itself or an id the key belongs to.
|
||||
* the keyid itself or an id the key belongs to.
|
||||
* The auth parameter contains additional information, such as receipients
|
||||
* trusted CA certs. Auth gets filled with subject and CA certificates
|
||||
* needed to validate a created signature.
|
||||
|
@ -140,12 +140,12 @@ struct credential_manager_t {
|
|||
*/
|
||||
private_key_t* (*get_private)(credential_manager_t *this, key_type_t type,
|
||||
identification_t *id, auth_cfg_t *auth);
|
||||
|
||||
|
||||
/**
|
||||
* Create an enumerator over trusted public keys.
|
||||
*
|
||||
* This method gets a an enumerator over trusted public keys to verify a
|
||||
* signature created by id. The auth parameter contains additional
|
||||
* signature created by id. The auth parameter contains additional
|
||||
* authentication infos, e.g. peer and intermediate certificates.
|
||||
* The resulting enumerator enumerates over public_key_t *, auth_cfg_t *,
|
||||
* where the auth config helper contains rules for constraint checks.
|
||||
|
@ -157,14 +157,14 @@ struct credential_manager_t {
|
|||
*/
|
||||
enumerator_t* (*create_public_enumerator)(credential_manager_t *this,
|
||||
key_type_t type, identification_t *id, auth_cfg_t *auth);
|
||||
|
||||
|
||||
/**
|
||||
* Cache a certificate by invoking cache_cert() on all registerd sets.
|
||||
*
|
||||
* @param cert certificate to cache
|
||||
*/
|
||||
void (*cache_cert)(credential_manager_t *this, certificate_t *cert);
|
||||
|
||||
|
||||
/**
|
||||
* Flush the certificate cache.
|
||||
*
|
||||
|
@ -174,21 +174,21 @@ struct credential_manager_t {
|
|||
* @param type type of certificate to flush, or CERT_ANY
|
||||
*/
|
||||
void (*flush_cache)(credential_manager_t *this, certificate_type_t type);
|
||||
|
||||
|
||||
/**
|
||||
* Register a credential set to the manager.
|
||||
*
|
||||
* @param set set to register
|
||||
*/
|
||||
void (*add_set)(credential_manager_t *this, credential_set_t *set);
|
||||
|
||||
|
||||
/**
|
||||
* Unregister a credential set from the manager.
|
||||
*
|
||||
* @param set set to unregister
|
||||
*/
|
||||
void (*remove_set)(credential_manager_t *this, credential_set_t *set);
|
||||
|
||||
|
||||
/**
|
||||
* Destroy a credential_manager instance.
|
||||
*/
|
||||
|
|
|
@ -43,12 +43,12 @@ typedef struct credential_set_t credential_set_t;
|
|||
* enumerator is alive, so it is save to use a write lock there.
|
||||
*/
|
||||
struct credential_set_t {
|
||||
|
||||
|
||||
/**
|
||||
* Create an enumerator over private keys (private_key_t).
|
||||
*
|
||||
* The id is either a key identifier of the requested key, or an identity
|
||||
* of the key owner.
|
||||
* of the key owner.
|
||||
*
|
||||
* @param type type of requested private key
|
||||
* @param id key identifier/owner
|
||||
|
@ -80,10 +80,10 @@ struct credential_set_t {
|
|||
* @param other other identity who owns that secret
|
||||
* @return enumerator as described above
|
||||
*/
|
||||
enumerator_t *(*create_shared_enumerator)(credential_set_t *this,
|
||||
enumerator_t *(*create_shared_enumerator)(credential_set_t *this,
|
||||
shared_key_type_t type,
|
||||
identification_t *me, identification_t *other);
|
||||
|
||||
|
||||
/**
|
||||
* Create an enumerator over certificate distribution points.
|
||||
*
|
||||
|
@ -93,7 +93,7 @@ struct credential_set_t {
|
|||
*/
|
||||
enumerator_t *(*create_cdp_enumerator)(credential_set_t *this,
|
||||
certificate_type_t type, identification_t *id);
|
||||
|
||||
|
||||
/**
|
||||
* Cache a certificate in the credential set.
|
||||
*
|
||||
|
@ -102,7 +102,7 @@ struct credential_set_t {
|
|||
*
|
||||
* @param cert certificate to cache
|
||||
*/
|
||||
void (*cache_cert)(credential_set_t *this, certificate_t *cert);
|
||||
void (*cache_cert)(credential_set_t *this, certificate_t *cert);
|
||||
};
|
||||
|
||||
#endif /** CREDENTIAL_SET_H_ @}*/
|
||||
|
|
|
@ -29,7 +29,7 @@ struct private_auth_cfg_wrapper_t {
|
|||
* public functions
|
||||
*/
|
||||
auth_cfg_wrapper_t public;
|
||||
|
||||
|
||||
/**
|
||||
* wrapped auth info
|
||||
*/
|
||||
|
@ -67,10 +67,10 @@ static bool fetch_cert(wrapper_enumerator_t *enumerator,
|
|||
/* fetching the certificate previously failed */
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
|
||||
chunk_t data;
|
||||
certificate_t *cert;
|
||||
|
||||
|
||||
DBG1(DBG_CFG, " fetching certificate from '%s' ...", url);
|
||||
if (lib->fetcher->fetch(lib->fetcher, url, &data, FETCH_END) != SUCCESS)
|
||||
{
|
||||
|
@ -80,11 +80,11 @@ static bool fetch_cert(wrapper_enumerator_t *enumerator,
|
|||
*rule, NULL);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
|
||||
cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
|
||||
BUILD_BLOB_ASN1_DER, data, BUILD_END);
|
||||
free(data.ptr);
|
||||
|
||||
|
||||
if (!cert)
|
||||
{
|
||||
DBG1(DBG_CFG, " parsing fetched certificate failed");
|
||||
|
@ -93,10 +93,10 @@ static bool fetch_cert(wrapper_enumerator_t *enumerator,
|
|||
*rule, NULL);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
|
||||
DBG1(DBG_CFG, " fetched certificate \"%Y\"", cert->get_subject(cert));
|
||||
charon->credentials->cache_cert(charon->credentials, cert);
|
||||
|
||||
|
||||
if (*rule == AUTH_HELPER_IM_HASH_URL)
|
||||
{
|
||||
*rule = AUTH_HELPER_IM_CERT;
|
||||
|
@ -174,11 +174,11 @@ static void wrapper_enumerator_destroy(wrapper_enumerator_t *this)
|
|||
* implementation of auth_cfg_wrapper_t.set.create_cert_enumerator
|
||||
*/
|
||||
static enumerator_t *create_enumerator(private_auth_cfg_wrapper_t *this,
|
||||
certificate_type_t cert, key_type_t key,
|
||||
certificate_type_t cert, key_type_t key,
|
||||
identification_t *id, bool trusted)
|
||||
{
|
||||
wrapper_enumerator_t *enumerator;
|
||||
|
||||
|
||||
if (trusted)
|
||||
{
|
||||
return NULL;
|
||||
|
@ -208,16 +208,16 @@ static void destroy(private_auth_cfg_wrapper_t *this)
|
|||
auth_cfg_wrapper_t *auth_cfg_wrapper_create(auth_cfg_t *auth)
|
||||
{
|
||||
private_auth_cfg_wrapper_t *this = malloc_thing(private_auth_cfg_wrapper_t);
|
||||
|
||||
|
||||
this->public.set.create_private_enumerator = (void*)return_null;
|
||||
this->public.set.create_cert_enumerator = (void*)create_enumerator;
|
||||
this->public.set.create_shared_enumerator = (void*)return_null;
|
||||
this->public.set.create_cdp_enumerator = (void*)return_null;
|
||||
this->public.set.cache_cert = (void*)nop;
|
||||
this->public.destroy = (void(*)(auth_cfg_wrapper_t*))destroy;
|
||||
|
||||
|
||||
this->auth = auth;
|
||||
|
||||
|
||||
return &this->public;
|
||||
}
|
||||
|
||||
|
|
|
@ -35,7 +35,7 @@ struct auth_cfg_wrapper_t {
|
|||
* implements credential_set_t
|
||||
*/
|
||||
credential_set_t set;
|
||||
|
||||
|
||||
/**
|
||||
* Destroy a auth_cfg_wrapper instance.
|
||||
*/
|
||||
|
|
|
@ -35,22 +35,22 @@ typedef struct relation_t relation_t;
|
|||
* A trusted relation between subject and issuer
|
||||
*/
|
||||
struct relation_t {
|
||||
|
||||
|
||||
/**
|
||||
* subject of this relation
|
||||
*/
|
||||
certificate_t *subject;
|
||||
|
||||
|
||||
/**
|
||||
* issuer of this relation
|
||||
*/
|
||||
certificate_t *issuer;
|
||||
|
||||
|
||||
/**
|
||||
* Cache hits
|
||||
*/
|
||||
u_int hits;
|
||||
|
||||
|
||||
/**
|
||||
* Lock for this relation
|
||||
*/
|
||||
|
@ -61,12 +61,12 @@ struct relation_t {
|
|||
* private data of cert_cache
|
||||
*/
|
||||
struct private_cert_cache_t {
|
||||
|
||||
|
||||
/**
|
||||
* public functions
|
||||
*/
|
||||
cert_cache_t public;
|
||||
|
||||
|
||||
/**
|
||||
* array of trusted subject-issuer relations
|
||||
*/
|
||||
|
@ -82,12 +82,12 @@ static void cache(private_cert_cache_t *this,
|
|||
relation_t *rel;
|
||||
int i, offset, try;
|
||||
u_int total_hits = 0;
|
||||
|
||||
|
||||
/* check for a unused relation slot first */
|
||||
for (i = 0; i < CACHE_SIZE; i++)
|
||||
{
|
||||
rel = &this->relations[i];
|
||||
|
||||
|
||||
if (!rel->subject && rel->lock->try_write_lock(rel->lock))
|
||||
{
|
||||
/* double-check having lock */
|
||||
|
@ -109,7 +109,7 @@ static void cache(private_cert_cache_t *this,
|
|||
for (i = 0; i < CACHE_SIZE; i++)
|
||||
{
|
||||
rel = &this->relations[(i + offset) % CACHE_SIZE];
|
||||
|
||||
|
||||
if (rel->hits > total_hits / CACHE_SIZE)
|
||||
{ /* skip often used slots */
|
||||
continue;
|
||||
|
@ -140,11 +140,11 @@ static bool issued_by(private_cert_cache_t *this,
|
|||
{
|
||||
relation_t *found = NULL, *current;
|
||||
int i;
|
||||
|
||||
|
||||
for (i = 0; i < CACHE_SIZE; i++)
|
||||
{
|
||||
current = &this->relations[i];
|
||||
|
||||
|
||||
current->lock->read_lock(current->lock);
|
||||
if (current->subject)
|
||||
{
|
||||
|
@ -203,14 +203,14 @@ static bool cert_enumerate(cert_enumerator_t *this, certificate_t **out)
|
|||
{
|
||||
public_key_t *public;
|
||||
relation_t *rel;
|
||||
|
||||
|
||||
if (this->locked >= 0)
|
||||
{
|
||||
rel = &this->relations[this->locked];
|
||||
rel->lock->unlock(rel->lock);
|
||||
this->locked = -1;
|
||||
}
|
||||
|
||||
|
||||
while (++this->index < CACHE_SIZE)
|
||||
{
|
||||
rel = &this->relations[this->index];
|
||||
|
@ -219,7 +219,7 @@ static bool cert_enumerate(cert_enumerator_t *this, certificate_t **out)
|
|||
if (rel->subject)
|
||||
{
|
||||
/* CRL lookup is done using issuer/authkeyidentifier */
|
||||
if (this->key == KEY_ANY && this->id &&
|
||||
if (this->key == KEY_ANY && this->id &&
|
||||
(this->cert == CERT_ANY || this->cert == CERT_X509_CRL) &&
|
||||
rel->subject->get_type(rel->subject) == CERT_X509_CRL &&
|
||||
rel->subject->has_issuer(rel->subject, this->id))
|
||||
|
@ -261,7 +261,7 @@ static bool cert_enumerate(cert_enumerator_t *this, certificate_t **out)
|
|||
static void cert_enumerator_destroy(cert_enumerator_t *this)
|
||||
{
|
||||
relation_t *rel;
|
||||
|
||||
|
||||
if (this->locked >= 0)
|
||||
{
|
||||
rel = &this->relations[this->locked];
|
||||
|
@ -274,11 +274,11 @@ static void cert_enumerator_destroy(cert_enumerator_t *this)
|
|||
* implementation of credential_set_t.create_cert_enumerator
|
||||
*/
|
||||
static enumerator_t *create_enumerator(private_cert_cache_t *this,
|
||||
certificate_type_t cert, key_type_t key,
|
||||
certificate_type_t cert, key_type_t key,
|
||||
identification_t *id, bool trusted)
|
||||
{
|
||||
cert_enumerator_t *enumerator;
|
||||
|
||||
|
||||
if (trusted)
|
||||
{
|
||||
return NULL;
|
||||
|
@ -292,7 +292,7 @@ static enumerator_t *create_enumerator(private_cert_cache_t *this,
|
|||
enumerator->relations = this->relations;
|
||||
enumerator->index = -1;
|
||||
enumerator->locked = -1;
|
||||
|
||||
|
||||
return &enumerator->public;
|
||||
}
|
||||
|
||||
|
@ -303,7 +303,7 @@ static void flush(private_cert_cache_t *this, certificate_type_t type)
|
|||
{
|
||||
relation_t *rel;
|
||||
int i;
|
||||
|
||||
|
||||
for (i = 0; i < CACHE_SIZE; i++)
|
||||
{
|
||||
rel = &this->relations[i];
|
||||
|
@ -346,7 +346,7 @@ static void destroy(private_cert_cache_t *this)
|
|||
{
|
||||
relation_t *rel;
|
||||
int i;
|
||||
|
||||
|
||||
for (i = 0; i < CACHE_SIZE; i++)
|
||||
{
|
||||
rel = &this->relations[i];
|
||||
|
@ -367,7 +367,7 @@ cert_cache_t *cert_cache_create()
|
|||
{
|
||||
private_cert_cache_t *this;
|
||||
int i;
|
||||
|
||||
|
||||
this = malloc_thing(private_cert_cache_t);
|
||||
this->public.set.create_private_enumerator = (void*)return_null;
|
||||
this->public.set.create_cert_enumerator = (void*)create_enumerator;
|
||||
|
@ -377,7 +377,7 @@ cert_cache_t *cert_cache_create()
|
|||
this->public.issued_by = (bool(*)(cert_cache_t*, certificate_t *subject, certificate_t *issuer))issued_by;
|
||||
this->public.flush = (void(*)(cert_cache_t*, certificate_type_t type))flush;
|
||||
this->public.destroy = (void(*)(cert_cache_t*))destroy;
|
||||
|
||||
|
||||
for (i = 0; i < CACHE_SIZE; i++)
|
||||
{
|
||||
this->relations[i].subject = NULL;
|
||||
|
|
|
@ -39,7 +39,7 @@ struct cert_cache_t {
|
|||
* Implements credential_set_t.
|
||||
*/
|
||||
credential_set_t set;
|
||||
|
||||
|
||||
/**
|
||||
* Caching wrapper around certificate_t.issued_by.
|
||||
*
|
||||
|
@ -49,14 +49,14 @@ struct cert_cache_t {
|
|||
*/
|
||||
bool (*issued_by)(cert_cache_t *this,
|
||||
certificate_t *subject, certificate_t *issuer);
|
||||
|
||||
|
||||
/**
|
||||
* Flush the certificate cache.
|
||||
*
|
||||
* @param type type of certificate to flush, or CERT_ANY
|
||||
*/
|
||||
void (*flush)(cert_cache_t *this, certificate_type_t type);
|
||||
|
||||
|
||||
/**
|
||||
* Destroy a cert_cache instance.
|
||||
*/
|
||||
|
|
|
@ -26,7 +26,7 @@ struct private_ocsp_response_wrapper_t {
|
|||
* public functions
|
||||
*/
|
||||
ocsp_response_wrapper_t public;
|
||||
|
||||
|
||||
/**
|
||||
* wrapped OCSP response
|
||||
*/
|
||||
|
@ -98,16 +98,16 @@ static void enumerator_destroy(wrapper_enumerator_t *this)
|
|||
* implementation of ocsp_response_wrapper_t.set.create_cert_enumerator
|
||||
*/
|
||||
static enumerator_t *create_enumerator(private_ocsp_response_wrapper_t *this,
|
||||
certificate_type_t cert, key_type_t key,
|
||||
certificate_type_t cert, key_type_t key,
|
||||
identification_t *id, bool trusted)
|
||||
{
|
||||
wrapper_enumerator_t *enumerator;
|
||||
|
||||
|
||||
if (trusted)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
enumerator = malloc_thing(wrapper_enumerator_t);
|
||||
enumerator->cert = cert;
|
||||
enumerator->key = key;
|
||||
|
@ -132,16 +132,16 @@ static void destroy(private_ocsp_response_wrapper_t *this)
|
|||
ocsp_response_wrapper_t *ocsp_response_wrapper_create(ocsp_response_t *response)
|
||||
{
|
||||
private_ocsp_response_wrapper_t *this = malloc_thing(private_ocsp_response_wrapper_t);
|
||||
|
||||
|
||||
this->public.set.create_private_enumerator = (void*)return_null;
|
||||
this->public.set.create_cert_enumerator = (void*)create_enumerator;
|
||||
this->public.set.create_shared_enumerator = (void*)return_null;
|
||||
this->public.set.create_cdp_enumerator = (void*)return_null;
|
||||
this->public.set.cache_cert = (void*)nop;
|
||||
this->public.destroy = (void(*)(ocsp_response_wrapper_t*))destroy;
|
||||
|
||||
|
||||
this->response = response;
|
||||
|
||||
|
||||
return &this->public;
|
||||
}
|
||||
|
||||
|
|
|
@ -35,7 +35,7 @@ struct ocsp_response_wrapper_t {
|
|||
* implements credential_set_t
|
||||
*/
|
||||
credential_set_t set;
|
||||
|
||||
|
||||
/**
|
||||
* Destroy a ocsp_response_wrapper instance.
|
||||
*/
|
||||
|
|
|
@ -58,7 +58,7 @@ struct private_daemon_t {
|
|||
* Public members of daemon_t.
|
||||
*/
|
||||
daemon_t public;
|
||||
|
||||
|
||||
/**
|
||||
* Signal set used for signal handling.
|
||||
*/
|
||||
|
@ -88,7 +88,7 @@ extern void (*dbg) (int level, char *fmt, ...);
|
|||
static void dbg_bus(int level, char *fmt, ...)
|
||||
{
|
||||
va_list args;
|
||||
|
||||
|
||||
va_start(args, fmt);
|
||||
charon->bus->vlog(charon->bus, DBG_LIB, level, fmt, args);
|
||||
va_end(args);
|
||||
|
@ -100,7 +100,7 @@ static void dbg_bus(int level, char *fmt, ...)
|
|||
static void dbg_stderr(int level, char *fmt, ...)
|
||||
{
|
||||
va_list args;
|
||||
|
||||
|
||||
if (level <= 1)
|
||||
{
|
||||
va_start(args, fmt);
|
||||
|
@ -117,18 +117,18 @@ static void dbg_stderr(int level, char *fmt, ...)
|
|||
static void run(private_daemon_t *this)
|
||||
{
|
||||
sigset_t set;
|
||||
|
||||
|
||||
/* handle SIGINT, SIGHUP ans SIGTERM in this handler */
|
||||
sigemptyset(&set);
|
||||
sigaddset(&set, SIGINT);
|
||||
sigaddset(&set, SIGHUP);
|
||||
sigaddset(&set, SIGTERM);
|
||||
|
||||
|
||||
while (TRUE)
|
||||
{
|
||||
int sig;
|
||||
int error;
|
||||
|
||||
|
||||
error = sigwait(&set, &sig);
|
||||
if (error)
|
||||
{
|
||||
|
@ -200,7 +200,7 @@ static void destroy(private_daemon_t *this)
|
|||
DESTROY_IF(this->public.socket);
|
||||
/* wait until all threads are gone */
|
||||
DESTROY_IF(this->public.processor);
|
||||
|
||||
|
||||
/* rehook library logging, shutdown logging */
|
||||
dbg = dbg_stderr;
|
||||
DESTROY_IF(this->public.bus);
|
||||
|
@ -257,7 +257,7 @@ static void drop_capabilities(private_daemon_t *this)
|
|||
{
|
||||
kill_daemon(this, "change to unprivileged user failed");
|
||||
}
|
||||
|
||||
|
||||
#ifdef CAPABILITIES
|
||||
if (cap_set_proc(this->caps) != 0)
|
||||
{
|
||||
|
@ -287,7 +287,7 @@ static void lookup_uid_gid(private_daemon_t *this)
|
|||
{
|
||||
char buf[1024];
|
||||
struct passwd passwd, *pwp;
|
||||
|
||||
|
||||
if (getpwnam_r(IPSEC_USER, &passwd, buf, sizeof(buf), &pwp) != 0 ||
|
||||
pwp == NULL)
|
||||
{
|
||||
|
@ -300,7 +300,7 @@ static void lookup_uid_gid(private_daemon_t *this)
|
|||
{
|
||||
char buf[1024];
|
||||
struct group group, *grp;
|
||||
|
||||
|
||||
if (getgrnam_r(IPSEC_GROUP, &group, buf, sizeof(buf), &grp) != 0 ||
|
||||
grp == NULL)
|
||||
{
|
||||
|
@ -319,7 +319,7 @@ static void print_plugins()
|
|||
char buf[512], *plugin;
|
||||
int len = 0;
|
||||
enumerator_t *enumerator;
|
||||
|
||||
|
||||
buf[0] = '\0';
|
||||
enumerator = lib->plugins->create_plugin_enumerator(lib->plugins);
|
||||
while (len < sizeof(buf) && enumerator->enumerate(enumerator, &plugin))
|
||||
|
@ -345,7 +345,7 @@ static void initialize_loggers(private_daemon_t *this, bool use_stderr,
|
|||
level_t def;
|
||||
bool append;
|
||||
FILE *file;
|
||||
|
||||
|
||||
/* setup sysloggers */
|
||||
enumerator = lib->settings->create_section_enumerator(lib->settings,
|
||||
"charon.syslog");
|
||||
|
@ -378,7 +378,7 @@ static void initialize_loggers(private_daemon_t *this, bool use_stderr,
|
|||
this->public.bus->add_listener(this->public.bus, &sys_logger->listener);
|
||||
}
|
||||
enumerator->destroy(enumerator);
|
||||
|
||||
|
||||
/* and file loggers */
|
||||
enumerator = lib->settings->create_section_enumerator(lib->settings,
|
||||
"charon.filelog");
|
||||
|
@ -418,10 +418,10 @@ static void initialize_loggers(private_daemon_t *this, bool use_stderr,
|
|||
this->public.file_loggers->insert_last(this->public.file_loggers,
|
||||
file_logger);
|
||||
this->public.bus->add_listener(this->public.bus, &file_logger->listener);
|
||||
|
||||
|
||||
}
|
||||
enumerator->destroy(enumerator);
|
||||
|
||||
|
||||
/* set up legacy style default loggers provided via command-line */
|
||||
if (!loggers_defined)
|
||||
{
|
||||
|
@ -443,7 +443,7 @@ static void initialize_loggers(private_daemon_t *this, bool use_stderr,
|
|||
file_logger->set_level(file_logger, group, levels[group]);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/* set up default auth sys_logger */
|
||||
sys_logger = sys_logger_create(LOG_AUTHPRIV);
|
||||
this->public.bus->add_listener(this->public.bus, &sys_logger->listener);
|
||||
|
@ -460,14 +460,14 @@ static bool initialize(private_daemon_t *this, bool syslog, level_t levels[])
|
|||
{
|
||||
/* for uncritical pseudo random numbers */
|
||||
srandom(time(NULL) + getpid());
|
||||
|
||||
|
||||
/* setup bus and it's listeners first to enable log output */
|
||||
this->public.bus = bus_create();
|
||||
/* set up hook to log dbg message in library via charons message bus */
|
||||
dbg = dbg_bus;
|
||||
|
||||
|
||||
initialize_loggers(this, !syslog, levels);
|
||||
|
||||
|
||||
DBG1(DBG_DMN, "Starting IKEv2 charon daemon (strongSwan "VERSION")");
|
||||
|
||||
if (lib->integrity)
|
||||
|
@ -489,14 +489,14 @@ static bool initialize(private_daemon_t *this, bool syslog, level_t levels[])
|
|||
this->public.kernel_interface = kernel_interface_create();
|
||||
this->public.socket = socket_create();
|
||||
this->public.traps = trap_manager_create();
|
||||
|
||||
|
||||
/* load plugins, further infrastructure may need it */
|
||||
if (!lib->plugins->load(lib->plugins, IPSEC_PLUGINDIR,
|
||||
lib->settings->get_str(lib->settings, "charon.load", PLUGINS)))
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
|
||||
print_plugins();
|
||||
|
||||
this->public.ike_sa_manager = ike_sa_manager_create();
|
||||
|
@ -510,7 +510,7 @@ static bool initialize(private_daemon_t *this, bool syslog, level_t levels[])
|
|||
{
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
|
||||
#ifdef ME
|
||||
this->public.connect_manager = connect_manager_create();
|
||||
if (this->public.connect_manager == NULL)
|
||||
|
@ -519,7 +519,7 @@ static bool initialize(private_daemon_t *this, bool syslog, level_t levels[])
|
|||
}
|
||||
this->public.mediation_manager = mediation_manager_create();
|
||||
#endif /* ME */
|
||||
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
|
@ -529,12 +529,12 @@ static bool initialize(private_daemon_t *this, bool syslog, level_t levels[])
|
|||
static void segv_handler(int signal)
|
||||
{
|
||||
backtrace_t *backtrace;
|
||||
|
||||
|
||||
DBG1(DBG_DMN, "thread %u received %d", pthread_self(), signal);
|
||||
backtrace = backtrace_create(2);
|
||||
backtrace->log(backtrace, stderr);
|
||||
backtrace->destroy(backtrace);
|
||||
|
||||
|
||||
DBG1(DBG_DMN, "killing ourself, received critical signal");
|
||||
raise(SIGKILL);
|
||||
}
|
||||
|
@ -546,11 +546,11 @@ private_daemon_t *daemon_create(void)
|
|||
{
|
||||
struct sigaction action;
|
||||
private_daemon_t *this = malloc_thing(private_daemon_t);
|
||||
|
||||
|
||||
/* assign methods */
|
||||
this->public.kill = (void (*) (daemon_t*,char*))kill_daemon;
|
||||
this->public.keep_cap = (void(*)(daemon_t*, u_int cap))keep_cap;
|
||||
|
||||
|
||||
/* NULL members for clean destruction */
|
||||
this->public.socket = NULL;
|
||||
this->public.ike_sa_manager = NULL;
|
||||
|
@ -575,7 +575,7 @@ private_daemon_t *daemon_create(void)
|
|||
#endif /* ME */
|
||||
this->public.uid = 0;
|
||||
this->public.gid = 0;
|
||||
|
||||
|
||||
this->public.main_thread_id = pthread_self();
|
||||
#ifdef CAPABILITIES
|
||||
this->caps = cap_init();
|
||||
|
@ -585,7 +585,7 @@ private_daemon_t *daemon_create(void)
|
|||
keep_cap(this, CAP_SYS_NICE);
|
||||
}
|
||||
#endif /* CAPABILITIES */
|
||||
|
||||
|
||||
/* add handler for SEGV and ILL,
|
||||
* add handler for USR1 (cancellation).
|
||||
* INT, TERM and HUP are handled by sigwait() in run() */
|
||||
|
@ -600,9 +600,9 @@ private_daemon_t *daemon_create(void)
|
|||
sigaction(SIGBUS, &action, NULL);
|
||||
action.sa_handler = SIG_IGN;
|
||||
sigaction(SIGPIPE, &action, NULL);
|
||||
|
||||
|
||||
pthread_sigmask(SIG_SETMASK, &action.sa_mask, 0);
|
||||
|
||||
|
||||
return this;
|
||||
}
|
||||
|
||||
|
@ -613,7 +613,7 @@ static bool check_pidfile()
|
|||
{
|
||||
struct stat stb;
|
||||
FILE *file;
|
||||
|
||||
|
||||
if (stat(PID_FILE, &stb) == 0)
|
||||
{
|
||||
file = fopen(PID_FILE, "r");
|
||||
|
@ -621,7 +621,7 @@ static bool check_pidfile()
|
|||
{
|
||||
char buf[64];
|
||||
pid_t pid = 0;
|
||||
|
||||
|
||||
memset(buf, 0, sizeof(buf));
|
||||
if (fread(buf, 1, sizeof(buf), file))
|
||||
{
|
||||
|
@ -636,7 +636,7 @@ static bool check_pidfile()
|
|||
DBG1(DBG_DMN, "removing pidfile '"PID_FILE"', process not running");
|
||||
unlink(PID_FILE);
|
||||
}
|
||||
|
||||
|
||||
/* create new pidfile */
|
||||
file = fopen(PID_FILE, "w");
|
||||
if (file)
|
||||
|
@ -679,17 +679,17 @@ int main(int argc, char *argv[])
|
|||
private_daemon_t *private_charon;
|
||||
level_t levels[DBG_MAX];
|
||||
int group;
|
||||
|
||||
|
||||
/* logging for library during initialization, as we have no bus yet */
|
||||
dbg = dbg_stderr;
|
||||
|
||||
|
||||
/* initialize library */
|
||||
if (!library_init(STRONGSWAN_CONF))
|
||||
{
|
||||
library_deinit();
|
||||
exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
|
||||
}
|
||||
|
||||
|
||||
if (lib->integrity &&
|
||||
!lib->integrity->check_file(lib->integrity, "charon", argv[0]))
|
||||
{
|
||||
|
@ -697,7 +697,7 @@ int main(int argc, char *argv[])
|
|||
library_deinit();
|
||||
exit(SS_RC_DAEMON_INTEGRITY);
|
||||
}
|
||||
|
||||
|
||||
lib->printf_hook->add_handler(lib->printf_hook, 'R',
|
||||
traffic_selector_printf_hook,
|
||||
PRINTF_HOOK_ARGTYPE_POINTER,
|
||||
|
@ -708,15 +708,15 @@ int main(int argc, char *argv[])
|
|||
PRINTF_HOOK_ARGTYPE_END);
|
||||
private_charon = daemon_create();
|
||||
charon = (daemon_t*)private_charon;
|
||||
|
||||
|
||||
lookup_uid_gid(private_charon);
|
||||
|
||||
|
||||
/* use CTRL loglevel for default */
|
||||
for (group = 0; group < DBG_MAX; group++)
|
||||
{
|
||||
levels[group] = LEVEL_CTRL;
|
||||
}
|
||||
|
||||
|
||||
/* handle arguments */
|
||||
for (;;)
|
||||
{
|
||||
|
@ -737,7 +737,7 @@ int main(int argc, char *argv[])
|
|||
{ "debug-lib", required_argument, &group, DBG_LIB },
|
||||
{ 0,0,0,0 }
|
||||
};
|
||||
|
||||
|
||||
int c = getopt_long(argc, argv, "", long_opts, NULL);
|
||||
switch (c)
|
||||
{
|
||||
|
@ -762,7 +762,7 @@ int main(int argc, char *argv[])
|
|||
}
|
||||
break;
|
||||
}
|
||||
|
||||
|
||||
/* initialize daemon */
|
||||
if (!initialize(private_charon, use_syslog, levels))
|
||||
{
|
||||
|
@ -770,31 +770,31 @@ int main(int argc, char *argv[])
|
|||
destroy(private_charon);
|
||||
exit(SS_RC_INITIALIZATION_FAILED);
|
||||
}
|
||||
|
||||
|
||||
if (check_pidfile())
|
||||
{
|
||||
DBG1(DBG_DMN, "charon already running (\""PID_FILE"\" exists)");
|
||||
destroy(private_charon);
|
||||
exit(-1);
|
||||
}
|
||||
|
||||
|
||||
/* drop the capabilities we won't need */
|
||||
drop_capabilities(private_charon);
|
||||
|
||||
|
||||
/* start the engine, go multithreaded */
|
||||
charon->processor->set_threads(charon->processor,
|
||||
lib->settings->get_int(lib->settings, "charon.threads",
|
||||
DEFAULT_THREADS));
|
||||
|
||||
|
||||
/* run daemon */
|
||||
run(private_charon);
|
||||
|
||||
|
||||
/* normal termination, cleanup and exit */
|
||||
destroy(private_charon);
|
||||
unlink(PID_FILE);
|
||||
|
||||
|
||||
library_deinit();
|
||||
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
|
@ -199,104 +199,104 @@ typedef struct daemon_t daemon_t;
|
|||
* Main class of daemon, contains some globals.
|
||||
*/
|
||||
struct daemon_t {
|
||||
|
||||
|
||||
/**
|
||||
* A socket_t instance.
|
||||
*/
|
||||
socket_t *socket;
|
||||
|
||||
|
||||
/**
|
||||
* A ike_sa_manager_t instance.
|
||||
*/
|
||||
ike_sa_manager_t *ike_sa_manager;
|
||||
|
||||
|
||||
/**
|
||||
* Manager for triggering policies, called traps
|
||||
*/
|
||||
trap_manager_t *traps;
|
||||
|
||||
|
||||
/**
|
||||
* Manager for the different configuration backends.
|
||||
*/
|
||||
backend_manager_t *backends;
|
||||
|
||||
|
||||
/**
|
||||
* Manager for IKEv2 cfg payload attributes
|
||||
*/
|
||||
attribute_manager_t *attributes;
|
||||
|
||||
|
||||
/**
|
||||
* Manager for the credential backends
|
||||
*/
|
||||
credential_manager_t *credentials;
|
||||
|
||||
|
||||
/**
|
||||
* The Sender-Thread.
|
||||
*/
|
||||
sender_t *sender;
|
||||
|
||||
|
||||
/**
|
||||
* The Receiver-Thread.
|
||||
*/
|
||||
receiver_t *receiver;
|
||||
|
||||
|
||||
/**
|
||||
* The Scheduler-Thread.
|
||||
*/
|
||||
scheduler_t *scheduler;
|
||||
|
||||
|
||||
/**
|
||||
* Job processing using a thread pool.
|
||||
*/
|
||||
processor_t *processor;
|
||||
|
||||
|
||||
/**
|
||||
* The signaling bus.
|
||||
*/
|
||||
bus_t *bus;
|
||||
|
||||
|
||||
/**
|
||||
* A list of installed file_logger_t's
|
||||
*/
|
||||
linked_list_t *file_loggers;
|
||||
|
||||
|
||||
/**
|
||||
* A list of installed sys_logger_t's
|
||||
*/
|
||||
linked_list_t *sys_loggers;
|
||||
|
||||
|
||||
/**
|
||||
* Kernel Interface to communicate with kernel
|
||||
*/
|
||||
kernel_interface_t *kernel_interface;
|
||||
|
||||
|
||||
/**
|
||||
* Controller to control the daemon
|
||||
*/
|
||||
controller_t *controller;
|
||||
|
||||
|
||||
/**
|
||||
* EAP manager to maintain registered EAP methods
|
||||
*/
|
||||
eap_manager_t *eap;
|
||||
|
||||
|
||||
/**
|
||||
* SIM manager to maintain SIM cards/providers
|
||||
*/
|
||||
sim_manager_t *sim;
|
||||
|
||||
|
||||
#ifdef ME
|
||||
/**
|
||||
* Connect manager
|
||||
*/
|
||||
connect_manager_t *connect_manager;
|
||||
|
||||
|
||||
/**
|
||||
* Mediation manager
|
||||
*/
|
||||
mediation_manager_t *mediation_manager;
|
||||
#endif /* ME */
|
||||
|
||||
|
||||
/**
|
||||
* User ID the daemon will user after initialization
|
||||
*/
|
||||
|
@ -306,12 +306,12 @@ struct daemon_t {
|
|||
* Group ID the daemon will use after initialization
|
||||
*/
|
||||
gid_t gid;
|
||||
|
||||
|
||||
/**
|
||||
* The thread_id of main-thread.
|
||||
*/
|
||||
pthread_t main_thread_id;
|
||||
|
||||
|
||||
/**
|
||||
* Do not drop a given capability after initialization.
|
||||
*
|
||||
|
@ -320,7 +320,7 @@ struct daemon_t {
|
|||
* drop these.
|
||||
*/
|
||||
void (*keep_cap)(daemon_t *this, u_int cap);
|
||||
|
||||
|
||||
/**
|
||||
* Shut down the daemon.
|
||||
*
|
||||
|
|
|
@ -53,55 +53,55 @@ struct private_generator_t {
|
|||
* Public part of a generator_t object.
|
||||
*/
|
||||
generator_t public;
|
||||
|
||||
|
||||
/**
|
||||
* Buffer used to generate the data into.
|
||||
*/
|
||||
u_int8_t *buffer;
|
||||
|
||||
|
||||
/**
|
||||
* Current write position in buffer (one byte aligned).
|
||||
*/
|
||||
u_int8_t *out_position;
|
||||
|
||||
|
||||
/**
|
||||
* Position of last byte in buffer.
|
||||
*/
|
||||
u_int8_t *roof_position;
|
||||
|
||||
|
||||
/**
|
||||
* Current bit writing to in current byte (between 0 and 7).
|
||||
*/
|
||||
u_int8_t current_bit;
|
||||
|
||||
|
||||
/**
|
||||
* Associated data struct to read informations from.
|
||||
*/
|
||||
void *data_struct;
|
||||
|
||||
|
||||
/*
|
||||
* Last payload length position offset in the buffer.
|
||||
*/
|
||||
u_int32_t last_payload_length_position_offset;
|
||||
|
||||
|
||||
/**
|
||||
* Offset of the header length field in the buffer.
|
||||
*/
|
||||
u_int32_t header_length_position_offset;
|
||||
|
||||
|
||||
/**
|
||||
* Last SPI size.
|
||||
*/
|
||||
u_int8_t last_spi_size;
|
||||
|
||||
|
||||
/**
|
||||
* Attribute format of the last generated transform attribute.
|
||||
*
|
||||
* Used to check if a variable value field is used or not for
|
||||
* Used to check if a variable value field is used or not for
|
||||
* the transform attribute value.
|
||||
*/
|
||||
bool attribute_format;
|
||||
|
||||
|
||||
/**
|
||||
* Depending on the value of attribute_format this field is used
|
||||
* to hold the length of the transform attribute in bytes.
|
||||
|
@ -149,14 +149,14 @@ static void make_space_available(private_generator_t *this, int bits)
|
|||
while ((get_space(this) * 8 - this->current_bit) < bits)
|
||||
{
|
||||
int old_buffer_size, new_buffer_size, out_position_offset;
|
||||
|
||||
|
||||
old_buffer_size = get_size(this);
|
||||
new_buffer_size = old_buffer_size + GENERATOR_DATA_BUFFER_INCREASE_VALUE;
|
||||
out_position_offset = this->out_position - this->buffer;
|
||||
|
||||
DBG2(DBG_ENC, "increasing gen buffer from %d to %d byte",
|
||||
|
||||
DBG2(DBG_ENC, "increasing gen buffer from %d to %d byte",
|
||||
old_buffer_size, new_buffer_size);
|
||||
|
||||
|
||||
this->buffer = realloc(this->buffer,new_buffer_size);
|
||||
this->out_position = (this->buffer + out_position_offset);
|
||||
this->roof_position = (this->buffer + new_buffer_size);
|
||||
|
@ -171,9 +171,9 @@ static void write_bytes_to_buffer(private_generator_t *this, void *bytes,
|
|||
{
|
||||
int i;
|
||||
u_int8_t *read_position = (u_int8_t *)bytes;
|
||||
|
||||
|
||||
make_space_available(this, number_of_bytes * 8);
|
||||
|
||||
|
||||
for (i = 0; i < number_of_bytes; i++)
|
||||
{
|
||||
*(this->out_position) = *(read_position);
|
||||
|
@ -192,14 +192,14 @@ static void write_bytes_to_buffer_at_offset(private_generator_t *this,
|
|||
u_int8_t *read_position = (u_int8_t *)bytes;
|
||||
u_int8_t *write_position;
|
||||
u_int32_t free_space_after_offset = get_size(this) - offset;
|
||||
|
||||
/* check first if enough space for new data is available */
|
||||
|
||||
/* check first if enough space for new data is available */
|
||||
if (number_of_bytes > free_space_after_offset)
|
||||
{
|
||||
make_space_available(this,
|
||||
make_space_available(this,
|
||||
(number_of_bytes - free_space_after_offset) * 8);
|
||||
}
|
||||
|
||||
|
||||
write_position = this->buffer + offset;
|
||||
for (i = 0; i < number_of_bytes; i++)
|
||||
{
|
||||
|
@ -216,7 +216,7 @@ static void generate_u_int_type(private_generator_t *this,
|
|||
encoding_type_t int_type,u_int32_t offset)
|
||||
{
|
||||
int number_of_bits = 0;
|
||||
|
||||
|
||||
/* find out number of bits of each U_INT type to check for enough space */
|
||||
switch (int_type)
|
||||
{
|
||||
|
@ -251,14 +251,14 @@ static void generate_u_int_type(private_generator_t *this,
|
|||
encoding_type_names, int_type);
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
make_space_available(this, number_of_bits);
|
||||
switch (int_type)
|
||||
{
|
||||
case U_INT_4:
|
||||
{
|
||||
u_int8_t high, low;
|
||||
|
||||
|
||||
if (this->current_bit == 0)
|
||||
{
|
||||
/* high of current byte in buffer has to be set to the new value*/
|
||||
|
@ -303,7 +303,7 @@ static void generate_u_int_type(private_generator_t *this,
|
|||
{
|
||||
u_int8_t attribute_format_flag;
|
||||
u_int16_t val;
|
||||
|
||||
|
||||
/* attribute type must not change first bit of current byte */
|
||||
if (this->current_bit != 1)
|
||||
{
|
||||
|
@ -325,7 +325,7 @@ static void generate_u_int_type(private_generator_t *this,
|
|||
write_bytes_to_buffer(this, &val, sizeof(u_int16_t));
|
||||
this->current_bit = 0;
|
||||
break;
|
||||
|
||||
|
||||
}
|
||||
case U_INT_16:
|
||||
case CONFIGURATION_ATTRIBUTE_LENGTH:
|
||||
|
@ -372,11 +372,11 @@ static void generate_reserved_field(private_generator_t *this, int bits)
|
|||
return ;
|
||||
}
|
||||
make_space_available(this, bits);
|
||||
|
||||
|
||||
if (bits == 1)
|
||||
{
|
||||
u_int8_t reserved_bit = ~(1 << (7 - this->current_bit));
|
||||
|
||||
|
||||
*(this->out_position) = *(this->out_position) & reserved_bit;
|
||||
if (this->current_bit == 0)
|
||||
{
|
||||
|
@ -410,11 +410,11 @@ static void generate_flag(private_generator_t *this, u_int32_t offset)
|
|||
{
|
||||
u_int8_t flag_value;
|
||||
u_int8_t flag;
|
||||
|
||||
|
||||
flag_value = (*((bool *) (this->data_struct + offset))) ? 1 : 0;
|
||||
/* get flag position */
|
||||
flag = (flag_value << (7 - this->current_bit));
|
||||
|
||||
|
||||
/* make sure one bit is available in buffer */
|
||||
make_space_available(this, 1);
|
||||
if (this->current_bit == 0)
|
||||
|
@ -422,10 +422,10 @@ static void generate_flag(private_generator_t *this, u_int32_t offset)
|
|||
/* memory must be zero */
|
||||
*(this->out_position) = 0x00;
|
||||
}
|
||||
|
||||
|
||||
*(this->out_position) = *(this->out_position) | flag;
|
||||
DBG3(DBG_ENC, " => %d", *this->out_position);
|
||||
|
||||
|
||||
this->current_bit++;
|
||||
if (this->current_bit >= 8)
|
||||
{
|
||||
|
@ -440,16 +440,16 @@ static void generate_flag(private_generator_t *this, u_int32_t offset)
|
|||
static void generate_from_chunk(private_generator_t *this, u_int32_t offset)
|
||||
{
|
||||
chunk_t *value;
|
||||
|
||||
|
||||
if (this->current_bit != 0)
|
||||
{
|
||||
DBG1(DBG_ENC, "can not generate a chunk at Bitpos %d", this->current_bit);
|
||||
return ;
|
||||
}
|
||||
|
||||
|
||||
value = (chunk_t *)(this->data_struct + offset);
|
||||
DBG3(DBG_ENC, " => %B", value);
|
||||
|
||||
|
||||
write_bytes_to_buffer(this, value->ptr, value->len);
|
||||
}
|
||||
|
||||
|
@ -460,7 +460,7 @@ static void write_to_chunk(private_generator_t *this,chunk_t *data)
|
|||
{
|
||||
int data_length = get_length(this);
|
||||
u_int32_t header_length_field = data_length;
|
||||
|
||||
|
||||
/* write length into header length field */
|
||||
if (this->header_length_position_offset > 0)
|
||||
{
|
||||
|
@ -468,14 +468,14 @@ static void write_to_chunk(private_generator_t *this,chunk_t *data)
|
|||
write_bytes_to_buffer_at_offset(this, &val, sizeof(u_int32_t),
|
||||
this->header_length_position_offset);
|
||||
}
|
||||
|
||||
|
||||
if (this->current_bit > 0)
|
||||
{
|
||||
data_length++;
|
||||
}
|
||||
*data = chunk_alloc(data_length);
|
||||
memcpy(data->ptr, this->buffer, data_length);
|
||||
|
||||
|
||||
DBG3(DBG_ENC, "generated data of this generator %B", data);
|
||||
}
|
||||
|
||||
|
@ -488,20 +488,20 @@ static void generate_payload (private_generator_t *this,payload_t *payload)
|
|||
size_t rule_count;
|
||||
encoding_rule_t *rules;
|
||||
payload_type_t payload_type;
|
||||
|
||||
|
||||
this->data_struct = payload;
|
||||
payload_type = payload->get_type(payload);
|
||||
/* spi size has to get reseted */
|
||||
this->last_spi_size = 0;
|
||||
|
||||
|
||||
offset_start = this->out_position - this->buffer;
|
||||
|
||||
|
||||
DBG2(DBG_ENC, "generating payload of type %N",
|
||||
payload_type_names, payload_type);
|
||||
|
||||
|
||||
/* each payload has its own encoding rules */
|
||||
payload->get_encoding_rules(payload, &rules, &rule_count);
|
||||
|
||||
|
||||
for (i = 0; i < rule_count;i++)
|
||||
{
|
||||
DBG2(DBG_ENC, " generating rule %d %N",
|
||||
|
@ -529,7 +529,7 @@ static void generate_payload (private_generator_t *this,payload_t *payload)
|
|||
{
|
||||
generate_reserved_field(this, 8);
|
||||
break;
|
||||
}
|
||||
}
|
||||
case FLAG:
|
||||
{
|
||||
generate_flag(this, rules[i].offset);
|
||||
|
@ -578,7 +578,7 @@ static void generate_payload (private_generator_t *this,payload_t *payload)
|
|||
u_int16_t length_of_payload;
|
||||
u_int16_t header_length = 0;
|
||||
u_int16_t length_in_network_order;
|
||||
|
||||
|
||||
switch(rules[i].type)
|
||||
{
|
||||
case KEY_EXCHANGE_DATA:
|
||||
|
@ -619,13 +619,13 @@ static void generate_payload (private_generator_t *this,payload_t *payload)
|
|||
break;
|
||||
}
|
||||
generate_from_chunk(this, rules[i].offset);
|
||||
|
||||
|
||||
payload_length_position_offset =
|
||||
this->last_payload_length_position_offset;
|
||||
|
||||
length_of_payload = header_length +
|
||||
|
||||
length_of_payload = header_length +
|
||||
((chunk_t *)(this->data_struct + rules[i].offset))->len;
|
||||
|
||||
|
||||
length_in_network_order = htons(length_of_payload);
|
||||
write_bytes_to_buffer_at_offset(this, &length_in_network_order,
|
||||
sizeof(u_int16_t), payload_length_position_offset);
|
||||
|
@ -633,7 +633,7 @@ static void generate_payload (private_generator_t *this,payload_t *payload)
|
|||
}
|
||||
case PROPOSALS:
|
||||
{
|
||||
u_int32_t payload_length_position_offset =
|
||||
u_int32_t payload_length_position_offset =
|
||||
this->last_payload_length_position_offset;
|
||||
/* Length of SA_PAYLOAD is calculated */
|
||||
u_int16_t length_of_sa_payload = SA_PAYLOAD_HEADER_LENGTH;
|
||||
|
@ -642,13 +642,13 @@ static void generate_payload (private_generator_t *this,payload_t *payload)
|
|||
(this->data_struct + rules[i].offset));
|
||||
iterator_t *iterator;
|
||||
payload_t *current_proposal;
|
||||
|
||||
|
||||
iterator = proposals->create_iterator(proposals,TRUE);
|
||||
while (iterator->iterate(iterator, (void**)¤t_proposal))
|
||||
{
|
||||
u_int32_t before_generate_position_offset;
|
||||
u_int32_t after_generate_position_offset;
|
||||
|
||||
|
||||
before_generate_position_offset = get_offset(this);
|
||||
generate_payload(this, current_proposal);
|
||||
after_generate_position_offset = get_offset(this);
|
||||
|
@ -656,7 +656,7 @@ static void generate_payload (private_generator_t *this,payload_t *payload)
|
|||
before_generate_position_offset);
|
||||
}
|
||||
iterator->destroy(iterator);
|
||||
|
||||
|
||||
int16_val = htons(length_of_sa_payload);
|
||||
write_bytes_to_buffer_at_offset(this, &int16_val,
|
||||
sizeof(u_int16_t),payload_length_position_offset);
|
||||
|
@ -664,36 +664,36 @@ static void generate_payload (private_generator_t *this,payload_t *payload)
|
|||
}
|
||||
case TRANSFORMS:
|
||||
{
|
||||
u_int32_t payload_length_position_offset =
|
||||
u_int32_t payload_length_position_offset =
|
||||
this->last_payload_length_position_offset;
|
||||
u_int16_t length_of_proposal =
|
||||
u_int16_t length_of_proposal =
|
||||
PROPOSAL_SUBSTRUCTURE_HEADER_LENGTH + this->last_spi_size;
|
||||
u_int16_t int16_val;
|
||||
linked_list_t *transforms = *((linked_list_t **)
|
||||
(this->data_struct + rules[i].offset));
|
||||
iterator_t *iterator;
|
||||
payload_t *current_transform;
|
||||
|
||||
|
||||
iterator = transforms->create_iterator(transforms,TRUE);
|
||||
while (iterator->iterate(iterator, (void**)¤t_transform))
|
||||
{
|
||||
u_int32_t before_generate_position_offset;
|
||||
u_int32_t after_generate_position_offset;
|
||||
|
||||
|
||||
before_generate_position_offset = get_offset(this);
|
||||
generate_payload(this, current_transform);
|
||||
after_generate_position_offset = get_offset(this);
|
||||
|
||||
|
||||
length_of_proposal += (after_generate_position_offset -
|
||||
before_generate_position_offset);
|
||||
}
|
||||
iterator->destroy(iterator);
|
||||
|
||||
|
||||
int16_val = htons(length_of_proposal);
|
||||
write_bytes_to_buffer_at_offset(this, &int16_val,
|
||||
sizeof(u_int16_t), payload_length_position_offset);
|
||||
break;
|
||||
}
|
||||
}
|
||||
case TRANSFORM_ATTRIBUTES:
|
||||
{
|
||||
u_int32_t transform_length_position_offset =
|
||||
|
@ -705,32 +705,32 @@ static void generate_payload (private_generator_t *this,payload_t *payload)
|
|||
(this->data_struct + rules[i].offset));
|
||||
iterator_t *iterator;
|
||||
payload_t *current_attribute;
|
||||
|
||||
|
||||
iterator = transform_attributes->create_iterator(
|
||||
transform_attributes, TRUE);
|
||||
while (iterator->iterate(iterator, (void**)¤t_attribute))
|
||||
{
|
||||
u_int32_t before_generate_position_offset;
|
||||
u_int32_t after_generate_position_offset;
|
||||
|
||||
|
||||
before_generate_position_offset = get_offset(this);
|
||||
generate_payload(this, current_attribute);
|
||||
after_generate_position_offset = get_offset(this);
|
||||
|
||||
|
||||
length_of_transform += (after_generate_position_offset -
|
||||
before_generate_position_offset);
|
||||
}
|
||||
|
||||
|
||||
iterator->destroy(iterator);
|
||||
|
||||
|
||||
int16_val = htons(length_of_transform);
|
||||
write_bytes_to_buffer_at_offset(this, &int16_val,
|
||||
write_bytes_to_buffer_at_offset(this, &int16_val,
|
||||
sizeof(u_int16_t),transform_length_position_offset);
|
||||
break;
|
||||
}
|
||||
case CONFIGURATION_ATTRIBUTES:
|
||||
{
|
||||
u_int32_t configurations_length_position_offset =
|
||||
u_int32_t configurations_length_position_offset =
|
||||
this->last_payload_length_position_offset;
|
||||
u_int16_t length_of_configurations = CP_PAYLOAD_HEADER_LENGTH;
|
||||
u_int16_t int16_val;
|
||||
|
@ -738,29 +738,29 @@ static void generate_payload (private_generator_t *this,payload_t *payload)
|
|||
(this->data_struct + rules[i].offset));
|
||||
iterator_t *iterator;
|
||||
payload_t *current_attribute;
|
||||
|
||||
|
||||
iterator = configuration_attributes->create_iterator(
|
||||
configuration_attributes,TRUE);
|
||||
while (iterator->iterate(iterator, (void**)¤t_attribute))
|
||||
{
|
||||
u_int32_t before_generate_position_offset;
|
||||
u_int32_t after_generate_position_offset;
|
||||
|
||||
|
||||
before_generate_position_offset = get_offset(this);
|
||||
generate_payload(this, current_attribute);
|
||||
after_generate_position_offset = get_offset(this);
|
||||
|
||||
|
||||
length_of_configurations += after_generate_position_offset -
|
||||
before_generate_position_offset;
|
||||
}
|
||||
|
||||
|
||||
iterator->destroy(iterator);
|
||||
|
||||
|
||||
int16_val = htons(length_of_configurations);
|
||||
write_bytes_to_buffer_at_offset(this, &int16_val,
|
||||
write_bytes_to_buffer_at_offset(this, &int16_val,
|
||||
sizeof(u_int16_t),configurations_length_position_offset);
|
||||
break;
|
||||
}
|
||||
}
|
||||
case ATTRIBUTE_FORMAT:
|
||||
{
|
||||
generate_flag(this, rules[i].offset);
|
||||
|
@ -768,7 +768,7 @@ static void generate_payload (private_generator_t *this,payload_t *payload)
|
|||
this->attribute_format =
|
||||
*((bool *)(this->data_struct + rules[i].offset));
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
case ATTRIBUTE_LENGTH_OR_VALUE:
|
||||
{
|
||||
|
@ -797,7 +797,7 @@ static void generate_payload (private_generator_t *this,payload_t *payload)
|
|||
}
|
||||
case TRAFFIC_SELECTORS:
|
||||
{
|
||||
u_int32_t payload_length_position_offset =
|
||||
u_int32_t payload_length_position_offset =
|
||||
this->last_payload_length_position_offset;
|
||||
u_int16_t length_of_ts_payload = TS_PAYLOAD_HEADER_LENGTH;
|
||||
u_int16_t int16_val;
|
||||
|
@ -805,29 +805,29 @@ static void generate_payload (private_generator_t *this,payload_t *payload)
|
|||
(this->data_struct + rules[i].offset));
|
||||
iterator_t *iterator;
|
||||
payload_t *current_tss;
|
||||
|
||||
|
||||
iterator = traffic_selectors->create_iterator(
|
||||
traffic_selectors,TRUE);
|
||||
while (iterator->iterate(iterator, (void **)¤t_tss))
|
||||
{
|
||||
u_int32_t before_generate_position_offset;
|
||||
u_int32_t after_generate_position_offset;
|
||||
|
||||
|
||||
before_generate_position_offset = get_offset(this);
|
||||
generate_payload(this, current_tss);
|
||||
after_generate_position_offset = get_offset(this);
|
||||
|
||||
|
||||
length_of_ts_payload += (after_generate_position_offset -
|
||||
before_generate_position_offset);
|
||||
}
|
||||
iterator->destroy(iterator);
|
||||
|
||||
|
||||
int16_val = htons(length_of_ts_payload);
|
||||
write_bytes_to_buffer_at_offset(this, &int16_val,
|
||||
sizeof(u_int16_t),payload_length_position_offset);
|
||||
break;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
case ENCRYPTED_DATA:
|
||||
{
|
||||
generate_from_chunk(this, rules[i].offset);
|
||||
|
@ -869,10 +869,10 @@ generator_t *generator_create()
|
|||
this->public.generate_payload = (void(*)(generator_t*, payload_t *))generate_payload;
|
||||
this->public.destroy = (void(*)(generator_t*)) destroy;
|
||||
this->public.write_to_chunk = (void (*) (generator_t *,chunk_t *))write_to_chunk;
|
||||
|
||||
|
||||
/* allocate memory for buffer */
|
||||
this->buffer = malloc(GENERATOR_DATA_BUFFER_SIZE);
|
||||
|
||||
|
||||
/* initiate private variables */
|
||||
this->out_position = this->buffer;
|
||||
this->roof_position = this->buffer + GENERATOR_DATA_BUFFER_SIZE;
|
||||
|
@ -880,7 +880,7 @@ generator_t *generator_create()
|
|||
this->current_bit = 0;
|
||||
this->last_payload_length_position_offset = 0;
|
||||
this->header_length_position_offset = 0;
|
||||
|
||||
|
||||
return &(this->public);
|
||||
}
|
||||
|
||||
|
|
|
@ -44,7 +44,7 @@ typedef struct generator_t generator_t;
|
|||
* A generator_t class used to generate IKEv2 payloads.
|
||||
*
|
||||
* After creation, multiple payloads can be generated with the generate_payload
|
||||
* method. The generated bytes are appended. After all payloads are added,
|
||||
* method. The generated bytes are appended. After all payloads are added,
|
||||
* the write_to_chunk method writes out all generated data since
|
||||
* the creation of the generator. After that, the generator must be destroyed.
|
||||
* The generater uses a set of encoding rules, which it can get from
|
||||
|
@ -52,7 +52,7 @@ typedef struct generator_t generator_t;
|
|||
* the payload and all substructures automatically.
|
||||
*/
|
||||
struct generator_t {
|
||||
|
||||
|
||||
/**
|
||||
* Generates a specific payload from given payload object.
|
||||
*
|
||||
|
@ -61,14 +61,14 @@ struct generator_t {
|
|||
* @param payload interface payload_t implementing object
|
||||
*/
|
||||
void (*generate_payload) (generator_t *this,payload_t *payload);
|
||||
|
||||
|
||||
/**
|
||||
* Writes all generated data of the generator to a chunk.
|
||||
*
|
||||
* @param data chunk to write the data to
|
||||
*/
|
||||
void (*write_to_chunk) (generator_t *this,chunk_t *data);
|
||||
|
||||
|
||||
/**
|
||||
* Destroys a generator_t object.
|
||||
*/
|
||||
|
@ -77,7 +77,7 @@ struct generator_t {
|
|||
|
||||
/**
|
||||
* Constructor to create a generator.
|
||||
*
|
||||
*
|
||||
* @return generator_t object.
|
||||
*/
|
||||
generator_t *generator_create(void);
|
||||
|
|
|
@ -56,7 +56,7 @@ struct payload_rule_t {
|
|||
* Payload type.
|
||||
*/
|
||||
payload_type_t payload_type;
|
||||
|
||||
|
||||
/**
|
||||
* Minimal occurence of this payload.
|
||||
*/
|
||||
|
@ -66,12 +66,12 @@ struct payload_rule_t {
|
|||
* Max occurence of this payload.
|
||||
*/
|
||||
size_t max_occurence;
|
||||
|
||||
|
||||
/**
|
||||
* TRUE if payload must be encrypted
|
||||
*/
|
||||
bool encrypted;
|
||||
|
||||
|
||||
/**
|
||||
* If this payload occurs, the message rule is
|
||||
* fullfilled in any case. This applies e.g. to
|
||||
|
@ -91,7 +91,7 @@ struct payload_order_t {
|
|||
* payload type
|
||||
*/
|
||||
payload_type_t type;
|
||||
|
||||
|
||||
/**
|
||||
* notify type, if payload == NOTIFY
|
||||
*/
|
||||
|
@ -111,7 +111,7 @@ struct message_rule_t {
|
|||
* Type of message.
|
||||
*/
|
||||
exchange_type_t exchange_type;
|
||||
|
||||
|
||||
/**
|
||||
* Is message a request or response.
|
||||
*/
|
||||
|
@ -121,22 +121,22 @@ struct message_rule_t {
|
|||
* Message contains encrypted content.
|
||||
*/
|
||||
bool encrypted_content;
|
||||
|
||||
|
||||
/**
|
||||
* Number of payload rules which will follow
|
||||
*/
|
||||
int payload_rule_count;
|
||||
|
||||
|
||||
/**
|
||||
* Pointer to first payload rule
|
||||
*/
|
||||
payload_rule_t *payload_rules;
|
||||
|
||||
|
||||
/**
|
||||
* Number of payload order rules
|
||||
*/
|
||||
int payload_order_count;
|
||||
|
||||
|
||||
/**
|
||||
* payload ordering rules
|
||||
*/
|
||||
|
@ -536,12 +536,12 @@ struct private_message_t {
|
|||
* Minor version of message.
|
||||
*/
|
||||
u_int8_t major_version;
|
||||
|
||||
|
||||
/**
|
||||
* Major version of message.
|
||||
*/
|
||||
u_int8_t minor_version;
|
||||
|
||||
|
||||
/**
|
||||
* First Payload in message.
|
||||
*/
|
||||
|
@ -556,32 +556,32 @@ struct private_message_t {
|
|||
* TRUE if message is a request, FALSE if a reply.
|
||||
*/
|
||||
bool is_request;
|
||||
|
||||
|
||||
/**
|
||||
* Message ID of this message.
|
||||
*/
|
||||
u_int32_t message_id;
|
||||
|
||||
|
||||
/**
|
||||
* ID of assigned IKE_SA.
|
||||
*/
|
||||
ike_sa_id_t *ike_sa_id;
|
||||
|
||||
|
||||
/**
|
||||
* Assigned UDP packet, stores incoming packet or last generated one.
|
||||
*/
|
||||
packet_t *packet;
|
||||
|
||||
|
||||
/**
|
||||
* Linked List where payload data are stored in.
|
||||
*/
|
||||
linked_list_t *payloads;
|
||||
|
||||
|
||||
/**
|
||||
* Assigned parser to parse Header and Body of this message.
|
||||
*/
|
||||
parser_t *parser;
|
||||
|
||||
|
||||
/**
|
||||
* The message rule for this message instance
|
||||
*/
|
||||
|
@ -594,7 +594,7 @@ struct private_message_t {
|
|||
static status_t set_message_rule(private_message_t *this)
|
||||
{
|
||||
int i;
|
||||
|
||||
|
||||
for (i = 0; i < (sizeof(message_rules) / sizeof(message_rule_t)); i++)
|
||||
{
|
||||
if ((this->exchange_type == message_rules[i].exchange_type) &&
|
||||
|
@ -615,7 +615,7 @@ static status_t set_message_rule(private_message_t *this)
|
|||
static status_t get_payload_rule(private_message_t *this, payload_type_t payload_type, payload_rule_t **payload_rule)
|
||||
{
|
||||
int i;
|
||||
|
||||
|
||||
for (i = 0; i < this->message_rule->payload_rule_count;i++)
|
||||
{
|
||||
if (this->message_rule->payload_rules[i].payload_type == payload_type)
|
||||
|
@ -624,7 +624,7 @@ static status_t get_payload_rule(private_message_t *this, payload_type_t payload
|
|||
return SUCCESS;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
*payload_rule = NULL;
|
||||
return NOT_FOUND;
|
||||
}
|
||||
|
@ -757,7 +757,7 @@ static exchange_type_t get_request (private_message_t *this)
|
|||
static bool is_encoded(private_message_t *this)
|
||||
{
|
||||
chunk_t data = this->packet->get_data(this->packet);
|
||||
|
||||
|
||||
if (data.ptr == NULL)
|
||||
{
|
||||
return FALSE;
|
||||
|
@ -796,7 +796,7 @@ static void add_notify(private_message_t *this, bool flush, notify_type_t type,
|
|||
{
|
||||
notify_payload_t *notify;
|
||||
payload_t *payload;
|
||||
|
||||
|
||||
if (flush)
|
||||
{
|
||||
while (this->payloads->remove_last(this->payloads,
|
||||
|
@ -858,7 +858,7 @@ static payload_t *get_payload(private_message_t *this, payload_type_t type)
|
|||
{
|
||||
payload_t *current, *found = NULL;
|
||||
enumerator_t *enumerator;
|
||||
|
||||
|
||||
enumerator = create_payload_enumerator(this);
|
||||
while (enumerator->enumerate(enumerator, ¤t))
|
||||
{
|
||||
|
@ -880,7 +880,7 @@ static notify_payload_t* get_notify(private_message_t *this, notify_type_t type)
|
|||
enumerator_t *enumerator;
|
||||
notify_payload_t *notify = NULL;
|
||||
payload_t *payload;
|
||||
|
||||
|
||||
enumerator = create_payload_enumerator(this);
|
||||
while (enumerator->enumerate(enumerator, &payload))
|
||||
{
|
||||
|
@ -907,10 +907,10 @@ static char* get_string(private_message_t *this, char *buf, int len)
|
|||
payload_t *payload;
|
||||
int written;
|
||||
char *pos = buf;
|
||||
|
||||
|
||||
memset(buf, 0, len);
|
||||
len--;
|
||||
|
||||
|
||||
written = snprintf(pos, len, "%N %s %d [",
|
||||
exchange_type_names, this->exchange_type,
|
||||
this->is_request ? "request" : "response",
|
||||
|
@ -921,7 +921,7 @@ static char* get_string(private_message_t *this, char *buf, int len)
|
|||
}
|
||||
pos += written;
|
||||
len -= written;
|
||||
|
||||
|
||||
enumerator = create_payload_enumerator(this);
|
||||
while (enumerator->enumerate(enumerator, &payload))
|
||||
{
|
||||
|
@ -947,7 +947,7 @@ static char* get_string(private_message_t *this, char *buf, int len)
|
|||
}
|
||||
}
|
||||
enumerator->destroy(enumerator);
|
||||
|
||||
|
||||
/* remove last space */
|
||||
snprintf(pos, len, " ]");
|
||||
return buf;
|
||||
|
@ -961,7 +961,7 @@ static void order_payloads(private_message_t *this)
|
|||
linked_list_t *list;
|
||||
payload_t *payload;
|
||||
int i;
|
||||
|
||||
|
||||
/* move to temp list */
|
||||
list = linked_list_create();
|
||||
while (this->payloads->remove_last(this->payloads,
|
||||
|
@ -975,7 +975,7 @@ static void order_payloads(private_message_t *this)
|
|||
enumerator_t *enumerator;
|
||||
notify_payload_t *notify;
|
||||
payload_order_t order = this->message_rule->payload_order[i];
|
||||
|
||||
|
||||
/* ... find all payload ... */
|
||||
enumerator = list->create_enumerator(list);
|
||||
while (enumerator->enumerate(enumerator, &payload))
|
||||
|
@ -984,7 +984,7 @@ static void order_payloads(private_message_t *this)
|
|||
if (payload->get_type(payload) == order.type)
|
||||
{
|
||||
notify = (notify_payload_t*)payload;
|
||||
|
||||
|
||||
/**... and check notify for type. */
|
||||
if (order.type != NOTIFY || order.notify == 0 ||
|
||||
order.notify == notify->get_notify_type(notify))
|
||||
|
@ -1017,24 +1017,24 @@ static status_t encrypt_payloads(private_message_t *this,
|
|||
encryption_payload_t *encryption_payload = NULL;
|
||||
status_t status;
|
||||
linked_list_t *all_payloads;
|
||||
|
||||
|
||||
if (!this->message_rule->encrypted_content)
|
||||
{
|
||||
DBG2(DBG_ENC, "message doesn't have to be encrypted");
|
||||
/* message contains no content to encrypt */
|
||||
return SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
if (!crypter || !signer)
|
||||
{
|
||||
DBG2(DBG_ENC, "no crypter or signer specified, do not encrypt message");
|
||||
/* message contains no content to encrypt */
|
||||
return SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
DBG2(DBG_ENC, "copy all payloads to a temporary list");
|
||||
all_payloads = linked_list_create();
|
||||
|
||||
|
||||
/* first copy all payloads in a temporary list */
|
||||
while (this->payloads->get_count(this->payloads) > 0)
|
||||
{
|
||||
|
@ -1042,7 +1042,7 @@ static status_t encrypt_payloads(private_message_t *this,
|
|||
this->payloads->remove_first(this->payloads,¤t_payload);
|
||||
all_payloads->insert_last(all_payloads,current_payload);
|
||||
}
|
||||
|
||||
|
||||
encryption_payload = encryption_payload_create();
|
||||
|
||||
DBG2(DBG_ENC, "check each payloads if they have to get encrypted");
|
||||
|
@ -1051,9 +1051,9 @@ static status_t encrypt_payloads(private_message_t *this,
|
|||
payload_rule_t *payload_rule;
|
||||
payload_t *current_payload;
|
||||
bool to_encrypt = FALSE;
|
||||
|
||||
|
||||
all_payloads->remove_first(all_payloads,(void **)¤t_payload);
|
||||
|
||||
|
||||
status = get_payload_rule(this,
|
||||
current_payload->get_type(current_payload),&payload_rule);
|
||||
/* for payload types which are not found in supported payload list,
|
||||
|
@ -1064,7 +1064,7 @@ static status_t encrypt_payloads(private_message_t *this,
|
|||
payload_type_names, current_payload->get_type(current_payload));
|
||||
to_encrypt = TRUE;
|
||||
}
|
||||
|
||||
|
||||
if (to_encrypt)
|
||||
{
|
||||
DBG2(DBG_ENC, "insert payload %N to encryption payload",
|
||||
|
@ -1085,9 +1085,9 @@ static status_t encrypt_payloads(private_message_t *this,
|
|||
status = encryption_payload->encrypt(encryption_payload);
|
||||
DBG2(DBG_ENC, "add encrypted payload to payload list");
|
||||
add_payload(this, (payload_t*)encryption_payload);
|
||||
|
||||
|
||||
all_payloads->destroy(all_payloads);
|
||||
|
||||
|
||||
return status;
|
||||
}
|
||||
|
||||
|
@ -1104,20 +1104,20 @@ static status_t generate(private_message_t *this, crypter_t *crypter,
|
|||
status_t status;
|
||||
chunk_t packet_data;
|
||||
char str[256];
|
||||
|
||||
|
||||
if (is_encoded(this))
|
||||
{
|
||||
/* already generated, return a new packet clone */
|
||||
*packet = this->packet->clone(this->packet);
|
||||
return SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
if (this->exchange_type == EXCHANGE_TYPE_UNDEFINED)
|
||||
{
|
||||
DBG1(DBG_ENC, "exchange type is not defined");
|
||||
return INVALID_STATE;
|
||||
}
|
||||
|
||||
|
||||
if (this->packet->get_source(this->packet) == NULL ||
|
||||
this->packet->get_destination(this->packet) == NULL)
|
||||
{
|
||||
|
@ -1125,7 +1125,7 @@ static status_t generate(private_message_t *this, crypter_t *crypter,
|
|||
!this->packet->get_source(this->packet) ? "source" : "destination");
|
||||
return INVALID_STATE;
|
||||
}
|
||||
|
||||
|
||||
/* set the rules for this messge */
|
||||
status = set_message_rule(this);
|
||||
if (status != SUCCESS)
|
||||
|
@ -1133,11 +1133,11 @@ static status_t generate(private_message_t *this, crypter_t *crypter,
|
|||
DBG1(DBG_ENC, "no message rules specified for this message type");
|
||||
return NOT_SUPPORTED;
|
||||
}
|
||||
|
||||
|
||||
order_payloads(this);
|
||||
|
||||
|
||||
DBG1(DBG_ENC, "generating %s", get_string(this, str, sizeof(str)));
|
||||
|
||||
|
||||
/* going to encrypt all content which have to be encrypted */
|
||||
status = encrypt_payloads(this, crypter, signer);
|
||||
if (status != SUCCESS)
|
||||
|
@ -1145,21 +1145,21 @@ static status_t generate(private_message_t *this, crypter_t *crypter,
|
|||
DBG1(DBG_ENC, "payload encryption failed");
|
||||
return status;
|
||||
}
|
||||
|
||||
|
||||
/* build ike header */
|
||||
ike_header = ike_header_create();
|
||||
|
||||
|
||||
ike_header->set_exchange_type(ike_header, this->exchange_type);
|
||||
ike_header->set_message_id(ike_header, this->message_id);
|
||||
ike_header->set_response_flag(ike_header, !this->is_request);
|
||||
ike_header->set_initiator_flag(ike_header, this->ike_sa_id->is_initiator(this->ike_sa_id));
|
||||
ike_header->set_initiator_spi(ike_header, this->ike_sa_id->get_initiator_spi(this->ike_sa_id));
|
||||
ike_header->set_responder_spi(ike_header, this->ike_sa_id->get_responder_spi(this->ike_sa_id));
|
||||
|
||||
|
||||
generator = generator_create();
|
||||
|
||||
|
||||
payload = (payload_t*)ike_header;
|
||||
|
||||
|
||||
/* generate every payload expect last one, this is done later*/
|
||||
enumerator = create_payload_enumerator(this);
|
||||
while (enumerator->enumerate(enumerator, &next_payload))
|
||||
|
@ -1169,18 +1169,18 @@ static status_t generate(private_message_t *this, crypter_t *crypter,
|
|||
payload = next_payload;
|
||||
}
|
||||
enumerator->destroy(enumerator);
|
||||
|
||||
|
||||
/* last payload has no next payload*/
|
||||
payload->set_next_type(payload, NO_PAYLOAD);
|
||||
|
||||
generator->generate_payload(generator, payload);
|
||||
|
||||
ike_header->destroy(ike_header);
|
||||
|
||||
|
||||
/* build packet */
|
||||
generator->write_to_chunk(generator, &packet_data);
|
||||
generator->destroy(generator);
|
||||
|
||||
|
||||
/* if last payload is of type encrypted, integrity checksum if necessary */
|
||||
if (payload->get_type(payload) == ENCRYPTED)
|
||||
{
|
||||
|
@ -1192,12 +1192,12 @@ static status_t generate(private_message_t *this, crypter_t *crypter,
|
|||
return status;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
this->packet->set_data(this->packet, packet_data);
|
||||
|
||||
|
||||
/* clone packet for caller */
|
||||
*packet = this->packet->clone(this->packet);
|
||||
|
||||
|
||||
DBG2(DBG_ENC, "message generated successfully");
|
||||
return SUCCESS;
|
||||
}
|
||||
|
@ -1233,18 +1233,18 @@ static status_t parse_header(private_message_t *this)
|
|||
{
|
||||
ike_header_t *ike_header;
|
||||
status_t status;
|
||||
|
||||
|
||||
DBG2(DBG_ENC, "parsing header of message");
|
||||
|
||||
|
||||
this->parser->reset_context(this->parser);
|
||||
status = this->parser->parse_payload(this->parser,HEADER,(payload_t **) &ike_header);
|
||||
if (status != SUCCESS)
|
||||
{
|
||||
DBG1(DBG_ENC, "header could not be parsed");
|
||||
return status;
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
||||
/* verify payload */
|
||||
status = ike_header->payload_interface.verify(&(ike_header->payload_interface));
|
||||
if (status != SUCCESS)
|
||||
|
@ -1253,12 +1253,12 @@ static status_t parse_header(private_message_t *this)
|
|||
ike_header->destroy(ike_header);
|
||||
return status;
|
||||
}
|
||||
|
||||
|
||||
if (this->ike_sa_id != NULL)
|
||||
{
|
||||
this->ike_sa_id->destroy(this->ike_sa_id);
|
||||
}
|
||||
|
||||
|
||||
this->ike_sa_id = ike_sa_id_create(ike_header->get_initiator_spi(ike_header),
|
||||
ike_header->get_responder_spi(ike_header),
|
||||
ike_header->get_initiator_flag(ike_header));
|
||||
|
@ -1269,12 +1269,12 @@ static status_t parse_header(private_message_t *this)
|
|||
this->major_version = ike_header->get_maj_version(ike_header);
|
||||
this->minor_version = ike_header->get_min_version(ike_header);
|
||||
this->first_payload = ike_header->payload_interface.get_next_type(&(ike_header->payload_interface));
|
||||
|
||||
|
||||
DBG2(DBG_ENC, "parsed a %N %s", exchange_type_names, this->exchange_type,
|
||||
this->is_request ? "request" : "response");
|
||||
|
||||
|
||||
ike_header->destroy(ike_header);
|
||||
|
||||
|
||||
/* get the rules for this messge */
|
||||
status = set_message_rule(this);
|
||||
if (status != SUCCESS)
|
||||
|
@ -1283,7 +1283,7 @@ static status_t parse_header(private_message_t *this)
|
|||
exchange_type_names, this->exchange_type,
|
||||
this->is_request ? "request" : "response");
|
||||
}
|
||||
|
||||
|
||||
return status;
|
||||
}
|
||||
|
||||
|
@ -1306,20 +1306,20 @@ static status_t decrypt_payloads(private_message_t *this,crypter_t *crypter, sig
|
|||
{
|
||||
payload_rule_t *payload_rule;
|
||||
payload_type_t current_payload_type;
|
||||
|
||||
|
||||
/* needed to check */
|
||||
current_payload_type = current_payload->get_type(current_payload);
|
||||
|
||||
|
||||
DBG2(DBG_ENC, "process payload of type %N",
|
||||
payload_type_names, current_payload_type);
|
||||
|
||||
|
||||
if (current_payload_type == ENCRYPTED)
|
||||
{
|
||||
encryption_payload_t *encryption_payload;
|
||||
payload_t *current_encrypted_payload;
|
||||
|
||||
|
||||
encryption_payload = (encryption_payload_t*)current_payload;
|
||||
|
||||
|
||||
DBG2(DBG_ENC, "found an encryption payload");
|
||||
|
||||
if (payload_number != this->payloads->get_count(this->payloads))
|
||||
|
@ -1348,10 +1348,10 @@ static status_t decrypt_payloads(private_message_t *this,crypter_t *crypter, sig
|
|||
iterator->destroy(iterator);
|
||||
return PARSE_ERROR;
|
||||
}
|
||||
|
||||
|
||||
/* needed later to find out if a payload was encrypted */
|
||||
current_payload_was_encrypted = TRUE;
|
||||
|
||||
|
||||
/* check if there are payloads contained in the encryption payload */
|
||||
if (encryption_payload->get_payload_count(encryption_payload) == 0)
|
||||
{
|
||||
|
@ -1368,7 +1368,7 @@ static status_t decrypt_payloads(private_message_t *this,crypter_t *crypter, sig
|
|||
iterator->replace(iterator,NULL,(void *) current_encrypted_payload);
|
||||
current_payload_type = current_encrypted_payload->get_type(current_encrypted_payload);
|
||||
}
|
||||
|
||||
|
||||
/* is the current paylad the first in the message? */
|
||||
if (previous_payload == NULL)
|
||||
{
|
||||
|
@ -1380,7 +1380,7 @@ static status_t decrypt_payloads(private_message_t *this,crypter_t *crypter, sig
|
|||
/* no, set the next_type of the previous payload to the current type */
|
||||
previous_payload->set_next_type(previous_payload, current_payload_type);
|
||||
}
|
||||
|
||||
|
||||
/* all encrypted payloads are added to the payload list */
|
||||
while (encryption_payload->get_payload_count(encryption_payload) > 0)
|
||||
{
|
||||
|
@ -1389,7 +1389,7 @@ static status_t decrypt_payloads(private_message_t *this,crypter_t *crypter, sig
|
|||
payload_type_names, current_encrypted_payload->get_type(current_encrypted_payload));
|
||||
this->payloads->insert_last(this->payloads,current_encrypted_payload);
|
||||
}
|
||||
|
||||
|
||||
/* encryption payload is processed, payloads are moved. Destroy it. */
|
||||
encryption_payload->destroy(encryption_payload);
|
||||
}
|
||||
|
@ -1407,7 +1407,7 @@ static status_t decrypt_payloads(private_message_t *this,crypter_t *crypter, sig
|
|||
iterator->destroy(iterator);
|
||||
return VERIFY_ERROR;
|
||||
}
|
||||
|
||||
|
||||
/* check if the payload was encrypted, and if it should been have encrypted */
|
||||
if (payload_rule->encrypted != current_payload_was_encrypted)
|
||||
{
|
||||
|
@ -1437,24 +1437,24 @@ static status_t verify(private_message_t *this)
|
|||
enumerator_t *enumerator;
|
||||
payload_t *current_payload;
|
||||
size_t total_found_payloads = 0;
|
||||
|
||||
|
||||
DBG2(DBG_ENC, "verifying message structure");
|
||||
|
||||
|
||||
/* check for payloads with wrong count*/
|
||||
for (i = 0; i < this->message_rule->payload_rule_count; i++)
|
||||
{
|
||||
size_t found_payloads = 0;
|
||||
payload_rule_t *rule;
|
||||
|
||||
|
||||
rule = &this->message_rule->payload_rules[i];
|
||||
enumerator = create_payload_enumerator(this);
|
||||
|
||||
|
||||
/* check all payloads for specific rule */
|
||||
while (enumerator->enumerate(enumerator, ¤t_payload))
|
||||
{
|
||||
payload_type_t current_payload_type;
|
||||
unknown_payload_t *unknown_payload;
|
||||
|
||||
|
||||
current_payload_type = current_payload->get_type(current_payload);
|
||||
if (current_payload_type == UNKNOWN_PAYLOAD)
|
||||
{
|
||||
|
@ -1474,7 +1474,7 @@ static status_t verify(private_message_t *this)
|
|||
total_found_payloads++;
|
||||
DBG2(DBG_ENC, "found payload of type %N", payload_type_names,
|
||||
rule->payload_type);
|
||||
|
||||
|
||||
/* as soon as ohe payload occures more then specified,
|
||||
* the verification fails */
|
||||
if (found_payloads >
|
||||
|
@ -1489,7 +1489,7 @@ static status_t verify(private_message_t *this)
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
if (found_payloads < rule->min_occurence)
|
||||
{
|
||||
DBG1(DBG_ENC, "payload of type %N not occured %d times (%d)",
|
||||
|
@ -1517,9 +1517,9 @@ static status_t parse_body(private_message_t *this, crypter_t *crypter, signer_t
|
|||
status_t status = SUCCESS;
|
||||
payload_type_t current_payload_type;
|
||||
char str[256];
|
||||
|
||||
|
||||
current_payload_type = this->first_payload;
|
||||
|
||||
|
||||
DBG2(DBG_ENC, "parsing body of message, first payload is %N",
|
||||
payload_type_names, current_payload_type);
|
||||
|
||||
|
@ -1527,13 +1527,13 @@ static status_t parse_body(private_message_t *this, crypter_t *crypter, signer_t
|
|||
while ((current_payload_type != NO_PAYLOAD))
|
||||
{
|
||||
payload_t *current_payload;
|
||||
|
||||
|
||||
DBG2(DBG_ENC, "starting parsing a %N payload",
|
||||
payload_type_names, current_payload_type);
|
||||
|
||||
|
||||
/* parse current payload */
|
||||
status = this->parser->parse_payload(this->parser,current_payload_type,(payload_t **) ¤t_payload);
|
||||
|
||||
|
||||
if (status != SUCCESS)
|
||||
{
|
||||
DBG1(DBG_ENC, "payload type %N could not be parsed",
|
||||
|
@ -1543,7 +1543,7 @@ static status_t parse_body(private_message_t *this, crypter_t *crypter, signer_t
|
|||
|
||||
DBG2(DBG_ENC, "verifying payload of type %N",
|
||||
payload_type_names, current_payload_type);
|
||||
|
||||
|
||||
/* verify it, stop parsig if its invalid */
|
||||
status = current_payload->verify(current_payload);
|
||||
if (status != SUCCESS)
|
||||
|
@ -1553,11 +1553,11 @@ static status_t parse_body(private_message_t *this, crypter_t *crypter, signer_t
|
|||
current_payload->destroy(current_payload);
|
||||
return VERIFY_ERROR;
|
||||
}
|
||||
|
||||
|
||||
DBG2(DBG_ENC, "%N payload verified. Adding to payload list",
|
||||
payload_type_names, current_payload_type);
|
||||
this->payloads->insert_last(this->payloads,current_payload);
|
||||
|
||||
|
||||
/* an encryption payload is the last one, so STOP here. decryption is done later */
|
||||
if (current_payload_type == ENCRYPTED)
|
||||
{
|
||||
|
@ -1565,7 +1565,7 @@ static status_t parse_body(private_message_t *this, crypter_t *crypter, signer_t
|
|||
payload_type_names, current_payload_type);
|
||||
break;
|
||||
}
|
||||
|
||||
|
||||
/* get next payload type */
|
||||
current_payload_type = current_payload->get_next_type(current_payload);
|
||||
}
|
||||
|
@ -1579,15 +1579,15 @@ static status_t parse_body(private_message_t *this, crypter_t *crypter, signer_t
|
|||
return status;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
status = verify(this);
|
||||
if (status != SUCCESS)
|
||||
{
|
||||
return status;
|
||||
}
|
||||
|
||||
|
||||
DBG1(DBG_ENC, "parsed %s", get_string(this, str, sizeof(str)));
|
||||
|
||||
|
||||
return SUCCESS;
|
||||
}
|
||||
|
||||
|
@ -1641,14 +1641,14 @@ message_t *message_create_from_packet(packet_t *packet)
|
|||
this->public.get_packet = (packet_t * (*) (message_t*)) get_packet;
|
||||
this->public.get_packet_data = (chunk_t (*) (message_t *this)) get_packet_data;
|
||||
this->public.destroy = (void(*)(message_t*))destroy;
|
||||
|
||||
|
||||
/* private values */
|
||||
this->exchange_type = EXCHANGE_TYPE_UNDEFINED;
|
||||
this->is_request = TRUE;
|
||||
this->ike_sa_id = NULL;
|
||||
this->first_payload = NO_PAYLOAD;
|
||||
this->message_id = 0;
|
||||
|
||||
|
||||
/* private values */
|
||||
if (packet == NULL)
|
||||
{
|
||||
|
@ -1657,10 +1657,10 @@ message_t *message_create_from_packet(packet_t *packet)
|
|||
this->message_rule = NULL;
|
||||
this->packet = packet;
|
||||
this->payloads = linked_list_create();
|
||||
|
||||
|
||||
/* parser is created from data of packet */
|
||||
this->parser = parser_create(this->packet->get_data(this->packet));
|
||||
|
||||
|
||||
return (&this->public);
|
||||
}
|
||||
|
||||
|
|
|
@ -58,7 +58,7 @@ struct message_t {
|
|||
* @return major version of the message
|
||||
*/
|
||||
u_int8_t (*get_major_version) (message_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Sets the IKE minor version of the message.
|
||||
*
|
||||
|
@ -86,7 +86,7 @@ struct message_t {
|
|||
* @return message_id type of the message
|
||||
*/
|
||||
u_int32_t (*get_message_id) (message_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Gets the initiator SPI of the message.
|
||||
*
|
||||
|
@ -103,7 +103,7 @@ struct message_t {
|
|||
|
||||
/**
|
||||
* Sets the IKE_SA ID of the message.
|
||||
*
|
||||
*
|
||||
* ike_sa_id gets cloned.
|
||||
*
|
||||
* @param ike_sa_id ike_sa_id to set
|
||||
|
@ -132,10 +132,10 @@ struct message_t {
|
|||
* @return exchange type of the message
|
||||
*/
|
||||
exchange_type_t (*get_exchange_type) (message_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Gets the payload type of the first payload.
|
||||
*
|
||||
*
|
||||
* @return payload type of the first payload
|
||||
*/
|
||||
payload_type_t (*get_first_payload_type) (message_t *this);
|
||||
|
@ -156,20 +156,20 @@ struct message_t {
|
|||
|
||||
/**
|
||||
* Append a payload to the message.
|
||||
*
|
||||
*
|
||||
* If the payload must be encrypted is not specified here. Encryption
|
||||
* of payloads is evaluated via internal rules for the messages and
|
||||
* is done before generation. The order of payloads may change, since
|
||||
* all payloads to encrypt are added to the encryption payload, which is
|
||||
* all payloads to encrypt are added to the encryption payload, which is
|
||||
* always the last one.
|
||||
*
|
||||
* @param payload payload to append
|
||||
*/
|
||||
*/
|
||||
void (*add_payload) (message_t *this, payload_t *payload);
|
||||
|
||||
/**
|
||||
* Build a notify payload and add it to the message.
|
||||
*
|
||||
*
|
||||
* This is a helper method to create notify messages or add
|
||||
* notify payload to messages. The flush parameter specifies if existing
|
||||
* payloads should get removed before appending the notify.
|
||||
|
@ -177,13 +177,13 @@ struct message_t {
|
|||
* @param flush TRUE to remove existing payloads
|
||||
* @param type type of the notify
|
||||
* @param data a chunk of data to add to the notify, gets cloned
|
||||
*/
|
||||
void (*add_notify) (message_t *this, bool flush, notify_type_t type,
|
||||
*/
|
||||
void (*add_notify) (message_t *this, bool flush, notify_type_t type,
|
||||
chunk_t data);
|
||||
|
||||
/**
|
||||
* Parses header of message.
|
||||
*
|
||||
*
|
||||
* Begins parisng of a message created via message_create_from_packet().
|
||||
* The parsing context is stored, so a subsequent call to parse_body()
|
||||
* will continue the parsing process.
|
||||
|
@ -194,17 +194,17 @@ struct message_t {
|
|||
* - FAILED if consistence check of header failed
|
||||
*/
|
||||
status_t (*parse_header) (message_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Parses body of message.
|
||||
*
|
||||
* The body gets not only parsed, but rather it gets verified.
|
||||
* All payloads are verified if they are allowed to exist in the message
|
||||
* of this type and if their own structure is ok.
|
||||
* If there are encrypted payloads, they get decrypted via the supplied
|
||||
*
|
||||
* The body gets not only parsed, but rather it gets verified.
|
||||
* All payloads are verified if they are allowed to exist in the message
|
||||
* of this type and if their own structure is ok.
|
||||
* If there are encrypted payloads, they get decrypted via the supplied
|
||||
* crypter. Also the message integrity gets verified with the supplied
|
||||
* signer.
|
||||
* Crypter/signer can be omitted (by passing NULL) when no encryption
|
||||
* Crypter/signer can be omitted (by passing NULL) when no encryption
|
||||
* payload is expected.
|
||||
*
|
||||
* @param crypter crypter to decrypt encryption payloads
|
||||
|
@ -222,13 +222,13 @@ struct message_t {
|
|||
|
||||
/**
|
||||
* Generates the UDP packet of specific message.
|
||||
*
|
||||
*
|
||||
* Payloads which must be encrypted are generated first and added to
|
||||
* an encryption payload. This encryption payload will get encrypted via
|
||||
* an encryption payload. This encryption payload will get encrypted via
|
||||
* the supplied crypter. Then all other payloads and the header get generated.
|
||||
* After that, the checksum is added to the encryption payload over the full
|
||||
* After that, the checksum is added to the encryption payload over the full
|
||||
* message.
|
||||
* Crypter/signer can be omitted (by passing NULL) when no encryption
|
||||
* Crypter/signer can be omitted (by passing NULL) when no encryption
|
||||
* payload is expected.
|
||||
* Generation is only done once, multiple calls will just return a packet copy.
|
||||
*
|
||||
|
@ -240,66 +240,66 @@ struct message_t {
|
|||
* - INVALID_STATE if exchange type is currently not set
|
||||
* - NOT_FOUND if no rules found for message generation
|
||||
* - INVALID_STATE if crypter/signer not supplied but needed.
|
||||
*/
|
||||
*/
|
||||
status_t (*generate) (message_t *this, crypter_t *crypter, signer_t *signer, packet_t **packet);
|
||||
|
||||
/**
|
||||
* Gets the source host informations.
|
||||
*
|
||||
* @warning Returned host_t object is not getting cloned,
|
||||
* Gets the source host informations.
|
||||
*
|
||||
* @warning Returned host_t object is not getting cloned,
|
||||
* do not destroy nor modify.
|
||||
*
|
||||
* @return host_t object representing source host
|
||||
*/
|
||||
*/
|
||||
host_t * (*get_source) (message_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Sets the source host informations.
|
||||
*
|
||||
* Sets the source host informations.
|
||||
*
|
||||
* @warning host_t object is not getting cloned and gets destroyed by
|
||||
* message_t.destroy or next call of message_t.set_source.
|
||||
*
|
||||
* @param host host_t object representing source host
|
||||
*/
|
||||
*/
|
||||
void (*set_source) (message_t *this, host_t *host);
|
||||
|
||||
/**
|
||||
* Gets the destination host informations.
|
||||
*
|
||||
* @warning Returned host_t object is not getting cloned,
|
||||
* Gets the destination host informations.
|
||||
*
|
||||
* @warning Returned host_t object is not getting cloned,
|
||||
* do not destroy nor modify.
|
||||
*
|
||||
* @return host_t object representing destination host
|
||||
*/
|
||||
*/
|
||||
host_t * (*get_destination) (message_t *this);
|
||||
|
||||
/**
|
||||
* Sets the destination host informations.
|
||||
*
|
||||
* Sets the destination host informations.
|
||||
*
|
||||
* @warning host_t object is not getting cloned and gets destroyed by
|
||||
* message_t.destroy or next call of message_t.set_destination.
|
||||
*
|
||||
* @param host host_t object representing destination host
|
||||
*/
|
||||
*/
|
||||
void (*set_destination) (message_t *this, host_t *host);
|
||||
|
||||
|
||||
/**
|
||||
* Create an enumerator over all payloads.
|
||||
*
|
||||
* @return enumerator over payload_t
|
||||
*/
|
||||
*/
|
||||
enumerator_t * (*create_payload_enumerator) (message_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Find a payload of a specific type.
|
||||
*
|
||||
* Returns the first occurance.
|
||||
*
|
||||
* Returns the first occurance.
|
||||
*
|
||||
* @param type type of the payload to find
|
||||
* @return payload, or NULL if no such payload found
|
||||
*/
|
||||
*/
|
||||
payload_t* (*get_payload) (message_t *this, payload_type_t type);
|
||||
|
||||
|
||||
/**
|
||||
* Get the first notify payload of a specific type.
|
||||
*
|
||||
|
@ -307,21 +307,21 @@ struct message_t {
|
|||
* @return notify payload, NULL if no such notify found
|
||||
*/
|
||||
notify_payload_t* (*get_notify)(message_t *this, notify_type_t type);
|
||||
|
||||
|
||||
/**
|
||||
* Returns a clone of the internal stored packet_t object.
|
||||
*
|
||||
* @return packet_t object as clone of internal one
|
||||
*/
|
||||
*/
|
||||
packet_t * (*get_packet) (message_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Returns a clone of the internal stored packet_t data.
|
||||
*
|
||||
* @return clone of the internal stored packet_t data.
|
||||
*/
|
||||
*/
|
||||
chunk_t (*get_packet_data) (message_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Destroys a message and all including objects.
|
||||
*/
|
||||
|
@ -330,16 +330,16 @@ struct message_t {
|
|||
|
||||
/**
|
||||
* Creates an message_t object from a incoming UDP Packet.
|
||||
*
|
||||
* @warning the given packet_t object is not copied and gets
|
||||
*
|
||||
* @warning the given packet_t object is not copied and gets
|
||||
* destroyed in message_t's destroy call.
|
||||
*
|
||||
*
|
||||
* - exchange_type is set to NOT_SET
|
||||
* - original_initiator is set to TRUE
|
||||
* - is_request is set to TRUE
|
||||
* Call message_t.parse_header afterwards.
|
||||
*
|
||||
* @param packet packet_t object which is assigned to message
|
||||
*
|
||||
* @param packet packet_t object which is assigned to message
|
||||
* @return message_t object
|
||||
*/
|
||||
message_t * message_create_from_packet(packet_t *packet);
|
||||
|
@ -351,7 +351,7 @@ message_t * message_create_from_packet(packet_t *packet);
|
|||
* - exchange_type is set to NOT_SET
|
||||
* - original_initiator is set to TRUE
|
||||
* - is_request is set to TRUE
|
||||
*
|
||||
*
|
||||
* @return message_t object
|
||||
*/
|
||||
message_t * message_create(void);
|
||||
|
|
|
@ -50,7 +50,7 @@ typedef struct private_parser_t private_parser_t;
|
|||
|
||||
/**
|
||||
* Private data stored in a context.
|
||||
*
|
||||
*
|
||||
* Contains pointers and counters to store current state.
|
||||
*/
|
||||
struct private_parser_t {
|
||||
|
@ -58,27 +58,27 @@ struct private_parser_t {
|
|||
* Public members, see parser_t.
|
||||
*/
|
||||
parser_t public;
|
||||
|
||||
|
||||
/**
|
||||
* Current bit for reading in input data.
|
||||
*/
|
||||
u_int8_t bit_pos;
|
||||
|
||||
|
||||
/**
|
||||
* Current byte for reading in input data.
|
||||
*/
|
||||
u_int8_t *byte_pos;
|
||||
|
||||
|
||||
/**
|
||||
* Input data to parse.
|
||||
*/
|
||||
u_int8_t *input;
|
||||
|
||||
|
||||
/**
|
||||
* Roof of input, used for length-checking.
|
||||
*/
|
||||
u_int8_t *input_roof;
|
||||
|
||||
|
||||
/**
|
||||
* Set of encoding rules for this parsing session.
|
||||
*/
|
||||
|
@ -277,11 +277,11 @@ static bool parse_bit(private_parser_t *this, int rule_number,
|
|||
return short_input(this, rule_number);
|
||||
}
|
||||
if (output_pos)
|
||||
{
|
||||
{
|
||||
u_int8_t mask;
|
||||
mask = 0x01 << (7 - this->bit_pos);
|
||||
*output_pos = *this->byte_pos & mask;
|
||||
|
||||
|
||||
if (*output_pos)
|
||||
{ /* set to a "clean", comparable true */
|
||||
*output_pos = TRUE;
|
||||
|
@ -303,7 +303,7 @@ static bool parse_list(private_parser_t *this, int rule_number,
|
|||
linked_list_t **output_pos, payload_type_t payload_type, int length)
|
||||
{
|
||||
linked_list_t *list = *output_pos;
|
||||
|
||||
|
||||
if (length < 0)
|
||||
{
|
||||
return short_input(this, rule_number);
|
||||
|
@ -316,10 +316,10 @@ static bool parse_list(private_parser_t *this, int rule_number,
|
|||
{
|
||||
u_int8_t *pos_before = this->byte_pos;
|
||||
payload_t *payload;
|
||||
|
||||
|
||||
DBG2(DBG_ENC, " %d bytes left, parsing recursively %N",
|
||||
length, payload_type_names, payload_type);
|
||||
|
||||
|
||||
if (parse_payload(this, payload_type, &payload) != SUCCESS)
|
||||
{
|
||||
DBG1(DBG_ENC, " parsing of a %N substructure failed",
|
||||
|
@ -377,25 +377,25 @@ static status_t parse_payload(private_parser_t *this,
|
|||
bool attribute_format = FALSE;
|
||||
int rule_number;
|
||||
encoding_rule_t *rule;
|
||||
|
||||
|
||||
/* create instance of the payload to parse */
|
||||
pld = payload_create(payload_type);
|
||||
|
||||
|
||||
DBG2(DBG_ENC, "parsing %N payload, %d bytes left",
|
||||
payload_type_names, payload_type, this->input_roof - this->byte_pos);
|
||||
|
||||
|
||||
DBG3(DBG_ENC, "parsing payload from %b",
|
||||
this->byte_pos, this->input_roof - this->byte_pos);
|
||||
|
||||
|
||||
if (pld->get_type(pld) == UNKNOWN_PAYLOAD)
|
||||
{
|
||||
DBG1(DBG_ENC, " payload type %d is unknown, handling as %N",
|
||||
payload_type, payload_type_names, UNKNOWN_PAYLOAD);
|
||||
}
|
||||
|
||||
|
||||
/* base pointer for output, avoids casting in every rule */
|
||||
output = pld;
|
||||
|
||||
|
||||
/* parse the payload with its own rulse */
|
||||
pld->get_encoding_rules(pld, &this->rules, &rule_count);
|
||||
for (rule_number = 0; rule_number < rule_count; rule_number++)
|
||||
|
@ -765,7 +765,7 @@ static status_t parse_payload(private_parser_t *this,
|
|||
case ADDRESS:
|
||||
{
|
||||
int address_length = (ts_type == TS_IPV4_ADDR_RANGE) ? 4 : 16;
|
||||
|
||||
|
||||
if (!parse_chunk(this, rule_number, output + rule->offset,
|
||||
address_length))
|
||||
{
|
||||
|
@ -808,7 +808,7 @@ static status_t parse_payload(private_parser_t *this,
|
|||
/* process next rulue */
|
||||
rule++;
|
||||
}
|
||||
|
||||
|
||||
*payload = pld;
|
||||
DBG2(DBG_ENC, "parsing %N payload finished",
|
||||
payload_type_names, payload_type);
|
||||
|
@ -846,17 +846,17 @@ static void destroy(private_parser_t *this)
|
|||
parser_t *parser_create(chunk_t data)
|
||||
{
|
||||
private_parser_t *this = malloc_thing(private_parser_t);
|
||||
|
||||
|
||||
this->public.parse_payload = (status_t(*)(parser_t*,payload_type_t,payload_t**))parse_payload;
|
||||
this->public.reset_context = (void(*)(parser_t*)) reset_context;
|
||||
this->public.get_remaining_byte_count = (int (*) (parser_t *))get_remaining_byte_count;
|
||||
this->public.destroy = (void(*)(parser_t*)) destroy;
|
||||
|
||||
|
||||
this->input = data.ptr;
|
||||
this->byte_pos = data.ptr;
|
||||
this->bit_pos = 0;
|
||||
this->input_roof = data.ptr + data.len;
|
||||
|
||||
|
||||
return &this->public;
|
||||
}
|
||||
|
||||
|
|
|
@ -36,32 +36,32 @@ typedef struct parser_t parser_t;
|
|||
* The parser remains the state until destroyed.
|
||||
*/
|
||||
struct parser_t {
|
||||
|
||||
|
||||
/**
|
||||
* Parses the next payload.
|
||||
*
|
||||
*
|
||||
* @warning Caller is responsible for freeing allocated payload.
|
||||
*
|
||||
*
|
||||
* Rules for parsing are described in the payload definition.
|
||||
*
|
||||
* @param payload_type payload type to parse
|
||||
* @param payload pointer where parsed payload was allocated
|
||||
* @return
|
||||
* @return
|
||||
* - SUCCESSFUL if succeeded,
|
||||
* - PARSE_ERROR if corrupted/invalid data found
|
||||
*/
|
||||
status_t (*parse_payload) (parser_t *this, payload_type_t payload_type, payload_t **payload);
|
||||
|
||||
|
||||
/**
|
||||
* Gets the remaining byte count which is not currently parsed.
|
||||
*/
|
||||
int (*get_remaining_byte_count) (parser_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Resets the current parser context.
|
||||
*/
|
||||
void (*reset_context) (parser_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Destroys a parser_t object.
|
||||
*/
|
||||
|
@ -70,7 +70,7 @@ struct parser_t {
|
|||
|
||||
/**
|
||||
* Constructor to create a parser_t object.
|
||||
*
|
||||
*
|
||||
* @param data chunk of data to parse with this parser_t object
|
||||
* @return parser_t object
|
||||
*/
|
||||
|
|
|
@ -23,15 +23,15 @@ typedef struct private_auth_payload_t private_auth_payload_t;
|
|||
|
||||
/**
|
||||
* Private data of an auth_payload_t object.
|
||||
*
|
||||
*
|
||||
*/
|
||||
struct private_auth_payload_t {
|
||||
|
||||
|
||||
/**
|
||||
* Public auth_payload_t interface.
|
||||
*/
|
||||
auth_payload_t public;
|
||||
|
||||
|
||||
/**
|
||||
* Next payload type.
|
||||
*/
|
||||
|
@ -41,17 +41,17 @@ struct private_auth_payload_t {
|
|||
* Critical flag.
|
||||
*/
|
||||
bool critical;
|
||||
|
||||
|
||||
/**
|
||||
* Length of this payload.
|
||||
*/
|
||||
u_int16_t payload_length;
|
||||
|
||||
|
||||
/**
|
||||
* Method of the AUTH Data.
|
||||
*/
|
||||
u_int8_t auth_method;
|
||||
|
||||
|
||||
/**
|
||||
* The contained auth data value.
|
||||
*/
|
||||
|
@ -60,8 +60,8 @@ struct private_auth_payload_t {
|
|||
|
||||
/**
|
||||
* Encoding rules to parse or generate a AUTH payload
|
||||
*
|
||||
* The defined offsets are the positions in a object of type
|
||||
*
|
||||
* The defined offsets are the positions in a object of type
|
||||
* private_auth_payload_t.
|
||||
*/
|
||||
encoding_rule_t auth_payload_encodings[] = {
|
||||
|
@ -221,8 +221,8 @@ static void destroy(private_auth_payload_t *this)
|
|||
{
|
||||
chunk_free(&(this->auth_data));
|
||||
}
|
||||
|
||||
free(this);
|
||||
|
||||
free(this);
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -240,7 +240,7 @@ auth_payload_t *auth_payload_create()
|
|||
this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type;
|
||||
this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_payload_type;
|
||||
this->public.payload_interface.destroy = (void (*) (payload_t *))destroy;
|
||||
|
||||
|
||||
/* public functions */
|
||||
this->public.destroy = (void (*) (auth_payload_t *)) destroy;
|
||||
this->public.set_auth_method = (void (*) (auth_payload_t *,auth_method_t)) set_auth_method;
|
||||
|
@ -248,7 +248,7 @@ auth_payload_t *auth_payload_create()
|
|||
this->public.set_data = (void (*) (auth_payload_t *,chunk_t)) set_data;
|
||||
this->public.get_data_clone = (chunk_t (*) (auth_payload_t *)) get_data_clone;
|
||||
this->public.get_data = (chunk_t (*) (auth_payload_t *)) get_data;
|
||||
|
||||
|
||||
/* private variables */
|
||||
this->critical = FALSE;
|
||||
this->next_payload = NO_PAYLOAD;
|
||||
|
|
|
@ -39,7 +39,7 @@ typedef struct auth_payload_t auth_payload_t;
|
|||
* The AUTH payload format is described in RFC section 3.8.
|
||||
*/
|
||||
struct auth_payload_t {
|
||||
|
||||
|
||||
/**
|
||||
* The payload_t interface.
|
||||
*/
|
||||
|
@ -51,41 +51,41 @@ struct auth_payload_t {
|
|||
* @param method auth_method_t to use
|
||||
*/
|
||||
void (*set_auth_method) (auth_payload_t *this, auth_method_t method);
|
||||
|
||||
|
||||
/**
|
||||
* Get the AUTH method.
|
||||
*
|
||||
* @return auth_method_t used
|
||||
*/
|
||||
auth_method_t (*get_auth_method) (auth_payload_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Set the AUTH data.
|
||||
*
|
||||
*
|
||||
* Data gets cloned.
|
||||
*
|
||||
* @param data AUTH data as chunk_t
|
||||
*/
|
||||
void (*set_data) (auth_payload_t *this, chunk_t data);
|
||||
|
||||
|
||||
/**
|
||||
* Get the AUTH data.
|
||||
*
|
||||
*
|
||||
* Returned data are a copy of the internal one.
|
||||
*
|
||||
* @return AUTH data as chunk_t
|
||||
*/
|
||||
chunk_t (*get_data_clone) (auth_payload_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Get the AUTH data.
|
||||
*
|
||||
*
|
||||
* Returned data are NOT copied
|
||||
*
|
||||
* @return AUTH data as chunk_t
|
||||
*/
|
||||
chunk_t (*get_data) (auth_payload_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Destroys an auth_payload_t object.
|
||||
*/
|
||||
|
@ -94,7 +94,7 @@ struct auth_payload_t {
|
|||
|
||||
/**
|
||||
* Creates an empty auth_payload_t object.
|
||||
*
|
||||
*
|
||||
* @return auth_payload_t object
|
||||
*/
|
||||
auth_payload_t *auth_payload_create(void);
|
||||
|
|
|
@ -43,14 +43,14 @@ typedef struct private_cert_payload_t private_cert_payload_t;
|
|||
|
||||
/**
|
||||
* Private data of an cert_payload_t object.
|
||||
*
|
||||
*
|
||||
*/
|
||||
struct private_cert_payload_t {
|
||||
/**
|
||||
* Public cert_payload_t interface.
|
||||
*/
|
||||
cert_payload_t public;
|
||||
|
||||
|
||||
/**
|
||||
* Next payload type.
|
||||
*/
|
||||
|
@ -60,22 +60,22 @@ struct private_cert_payload_t {
|
|||
* Critical flag.
|
||||
*/
|
||||
bool critical;
|
||||
|
||||
|
||||
/**
|
||||
* Length of this payload.
|
||||
*/
|
||||
u_int16_t payload_length;
|
||||
|
||||
|
||||
/**
|
||||
* Encoding of the CERT Data.
|
||||
*/
|
||||
u_int8_t encoding;
|
||||
|
||||
|
||||
/**
|
||||
* The contained cert data value.
|
||||
*/
|
||||
chunk_t data;
|
||||
|
||||
|
||||
/**
|
||||
* TRUE if the "Hash and URL" data is invalid
|
||||
*/
|
||||
|
@ -84,10 +84,10 @@ struct private_cert_payload_t {
|
|||
|
||||
/**
|
||||
* Encoding rules to parse or generate a CERT payload
|
||||
*
|
||||
* The defined offsets are the positions in a object of type
|
||||
*
|
||||
* The defined offsets are the positions in a object of type
|
||||
* private_cert_payload_t.
|
||||
*
|
||||
*
|
||||
*/
|
||||
encoding_rule_t cert_payload_encodings[] = {
|
||||
/* 1 Byte next payload type, stored in the field next_payload */
|
||||
|
@ -139,7 +139,7 @@ static status_t verify(private_cert_payload_t *this)
|
|||
this->invalid_hash_and_url = TRUE;
|
||||
return SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
int i = 20; /* skipping the hash */
|
||||
for (; i < this->data.len; ++i)
|
||||
{
|
||||
|
@ -156,7 +156,7 @@ static status_t verify(private_cert_payload_t *this)
|
|||
return SUCCESS;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/* URL is not null terminated, correct that */
|
||||
chunk_t data = chunk_alloc(this->data.len + 1);
|
||||
memcpy(data.ptr, this->data.ptr, this->data.len);
|
||||
|
@ -268,7 +268,7 @@ static char *get_url(private_cert_payload_t *this)
|
|||
static void destroy(private_cert_payload_t *this)
|
||||
{
|
||||
chunk_free(&this->data);
|
||||
free(this);
|
||||
free(this);
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -285,13 +285,13 @@ cert_payload_t *cert_payload_create()
|
|||
this->public.payload_interface.set_next_type = (void (*) (payload_t*,payload_type_t))set_next_type;
|
||||
this->public.payload_interface.get_type = (payload_type_t (*) (payload_t*))get_payload_type;
|
||||
this->public.payload_interface.destroy = (void (*) (payload_t*))destroy;
|
||||
|
||||
|
||||
this->public.destroy = (void (*) (cert_payload_t*))destroy;
|
||||
this->public.get_cert = (certificate_t* (*) (cert_payload_t*))get_cert;
|
||||
this->public.get_cert_encoding = (cert_encoding_t (*) (cert_payload_t*))get_cert_encoding;
|
||||
this->public.get_hash = (chunk_t (*) (cert_payload_t*))get_hash;
|
||||
this->public.get_url = (char* (*) (cert_payload_t*))get_url;
|
||||
|
||||
|
||||
this->critical = FALSE;
|
||||
this->next_payload = NO_PAYLOAD;
|
||||
this->payload_length = CERT_PAYLOAD_HEADER_LENGTH;
|
||||
|
@ -332,12 +332,12 @@ cert_payload_t *cert_payload_create_from_hash_and_url(chunk_t hash, char *url)
|
|||
{
|
||||
private_cert_payload_t *this = (private_cert_payload_t*)cert_payload_create();
|
||||
chunk_t url_chunk;
|
||||
|
||||
|
||||
this->encoding = ENC_X509_HASH_AND_URL;
|
||||
|
||||
|
||||
url_chunk.ptr = url;
|
||||
url_chunk.len = strlen(url) + 1;
|
||||
|
||||
|
||||
this->data = chunk_cat("cc", hash, url_chunk);
|
||||
this->payload_length = CERT_PAYLOAD_HEADER_LENGTH + this->data.len;
|
||||
return &this->public;
|
||||
|
|
|
@ -65,45 +65,45 @@ extern enum_name_t *cert_encoding_names;
|
|||
* The CERT payload format is described in RFC section 3.6.
|
||||
*/
|
||||
struct cert_payload_t {
|
||||
|
||||
|
||||
/**
|
||||
* The payload_t interface.
|
||||
*/
|
||||
payload_t payload_interface;
|
||||
|
||||
|
||||
/**
|
||||
* Get the playoads encoded certifcate.
|
||||
*
|
||||
* @return certifcate copy
|
||||
*/
|
||||
certificate_t *(*get_cert)(cert_payload_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Get the encoding of the certificate.
|
||||
*
|
||||
*
|
||||
* @return encoding
|
||||
*/
|
||||
cert_encoding_t (*get_cert_encoding)(cert_payload_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Get the hash if this is a hash and URL encoded certificate.
|
||||
*
|
||||
*
|
||||
* This function returns internal data, do not free.
|
||||
*
|
||||
*
|
||||
* @return hash
|
||||
*/
|
||||
chunk_t (*get_hash)(cert_payload_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Get the URL if this is a hash and URL encoded certificate.
|
||||
*
|
||||
*
|
||||
* This function returns internal data, do not free.
|
||||
*
|
||||
*
|
||||
* @return url
|
||||
*/
|
||||
char *(*get_url)(cert_payload_t *this);
|
||||
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* Destroys the cert_payload object.
|
||||
*/
|
||||
|
@ -112,14 +112,14 @@ struct cert_payload_t {
|
|||
|
||||
/**
|
||||
* Creates an empty certificate payload.
|
||||
*
|
||||
*
|
||||
* @return cert_payload_t object
|
||||
*/
|
||||
cert_payload_t *cert_payload_create(void);
|
||||
|
||||
/**
|
||||
* Creates a certificate payload with an embedded certificate.
|
||||
*
|
||||
*
|
||||
* @param cert certificate to embed
|
||||
* @return cert_payload_t object
|
||||
*/
|
||||
|
@ -127,7 +127,7 @@ cert_payload_t *cert_payload_create_from_cert(certificate_t *cert);
|
|||
|
||||
/**
|
||||
* Creates a certificate payload with hash and URL encoding of a certificate.
|
||||
*
|
||||
*
|
||||
* @param hash hash of the DER encoded certificate (get's cloned)
|
||||
* @param url the URL to locate the certificate (get's cloned)
|
||||
* @return cert_payload_t object
|
||||
|
|
|
@ -27,14 +27,14 @@ typedef struct private_certreq_payload_t private_certreq_payload_t;
|
|||
|
||||
/**
|
||||
* Private data of an certreq_payload_t object.
|
||||
*
|
||||
*
|
||||
*/
|
||||
struct private_certreq_payload_t {
|
||||
/**
|
||||
* Public certreq_payload_t interface.
|
||||
*/
|
||||
certreq_payload_t public;
|
||||
|
||||
|
||||
/**
|
||||
* Next payload type.
|
||||
*/
|
||||
|
@ -44,17 +44,17 @@ struct private_certreq_payload_t {
|
|||
* Critical flag.
|
||||
*/
|
||||
bool critical;
|
||||
|
||||
|
||||
/**
|
||||
* Length of this payload.
|
||||
*/
|
||||
u_int16_t payload_length;
|
||||
|
||||
|
||||
/**
|
||||
* Encoding of the CERT Data.
|
||||
*/
|
||||
u_int8_t encoding;
|
||||
|
||||
|
||||
/**
|
||||
* The contained certreq data value.
|
||||
*/
|
||||
|
@ -63,10 +63,10 @@ struct private_certreq_payload_t {
|
|||
|
||||
/**
|
||||
* Encoding rules to parse or generate a CERTREQ payload
|
||||
*
|
||||
* The defined offsets are the positions in a object of type
|
||||
*
|
||||
* The defined offsets are the positions in a object of type
|
||||
* private_certreq_payload_t.
|
||||
*
|
||||
*
|
||||
*/
|
||||
encoding_rule_t certreq_payload_encodings[] = {
|
||||
/* 1 Byte next payload type, stored in the field next_payload */
|
||||
|
@ -160,7 +160,7 @@ static size_t get_length(private_certreq_payload_t *this)
|
|||
{
|
||||
return this->payload_length;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Implementation of certreq_payload_t.add_keyid.
|
||||
*/
|
||||
|
@ -240,7 +240,7 @@ static certificate_type_t get_cert_type(private_certreq_payload_t *this)
|
|||
static void destroy(private_certreq_payload_t *this)
|
||||
{
|
||||
chunk_free(&this->data);
|
||||
free(this);
|
||||
free(this);
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -258,13 +258,13 @@ certreq_payload_t *certreq_payload_create()
|
|||
this->public.payload_interface.set_next_type = (void (*) (payload_t*,payload_type_t))set_next_type;
|
||||
this->public.payload_interface.get_type = (payload_type_t (*) (payload_t*))get_payload_type;
|
||||
this->public.payload_interface.destroy = (void (*) (payload_t*))destroy;
|
||||
|
||||
|
||||
/* public functions */
|
||||
this->public.destroy = (void (*) (certreq_payload_t*)) destroy;
|
||||
this->public.create_keyid_enumerator = (enumerator_t*(*)(certreq_payload_t*))create_keyid_enumerator;
|
||||
this->public.get_cert_type = (certificate_type_t(*)(certreq_payload_t*))get_cert_type;
|
||||
this->public.add_keyid = (void(*)(certreq_payload_t*, chunk_t keyid))add_keyid;
|
||||
|
||||
|
||||
/* private variables */
|
||||
this->critical = FALSE;
|
||||
this->next_payload = NO_PAYLOAD;
|
||||
|
@ -281,7 +281,7 @@ certreq_payload_t *certreq_payload_create()
|
|||
certreq_payload_t *certreq_payload_create_type(certificate_type_t type)
|
||||
{
|
||||
private_certreq_payload_t *this = (private_certreq_payload_t*)certreq_payload_create();
|
||||
|
||||
|
||||
switch (type)
|
||||
{
|
||||
case CERT_X509:
|
||||
|
|
|
@ -50,14 +50,14 @@ struct certreq_payload_t {
|
|||
* @return enumerator over chunk_t's.
|
||||
*/
|
||||
enumerator_t* (*create_keyid_enumerator)(certreq_payload_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Get the type of contained certificate keyids.
|
||||
*
|
||||
* @return certificate keyid type
|
||||
*/
|
||||
certificate_type_t (*get_cert_type)(certreq_payload_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Add a certificates keyid to the payload.
|
||||
*
|
||||
|
@ -65,7 +65,7 @@ struct certreq_payload_t {
|
|||
* @return
|
||||
*/
|
||||
void (*add_keyid)(certreq_payload_t *this, chunk_t keyid);
|
||||
|
||||
|
||||
/**
|
||||
* Destroys an certreq_payload_t object.
|
||||
*/
|
||||
|
@ -74,14 +74,14 @@ struct certreq_payload_t {
|
|||
|
||||
/**
|
||||
* Creates an empty certreq_payload_t object.
|
||||
*
|
||||
*
|
||||
* @return certreq payload
|
||||
*/
|
||||
certreq_payload_t *certreq_payload_create(void);
|
||||
|
||||
/**
|
||||
* Creates an empty certreq_payload_t for a kind of certificates.
|
||||
*
|
||||
*
|
||||
* @param type type of the added keyids
|
||||
* @return certreq payload
|
||||
*/
|
||||
|
|
|
@ -27,19 +27,19 @@ typedef struct private_configuration_attribute_t private_configuration_attribute
|
|||
|
||||
/**
|
||||
* Private data of an configuration_attribute_t object.
|
||||
*
|
||||
*
|
||||
*/
|
||||
struct private_configuration_attribute_t {
|
||||
/**
|
||||
* Public configuration_attribute_t interface.
|
||||
*/
|
||||
configuration_attribute_t public;
|
||||
|
||||
|
||||
/**
|
||||
* Type of the attribute.
|
||||
*/
|
||||
u_int16_t attribute_type;
|
||||
|
||||
|
||||
/**
|
||||
* Length of the attribute.
|
||||
*/
|
||||
|
@ -74,16 +74,16 @@ ENUM_END(configuration_attribute_type_names, INTERNAL_IP6_SERVER);
|
|||
|
||||
/**
|
||||
* Encoding rules to parse or generate a configuration attribute.
|
||||
*
|
||||
* The defined offsets are the positions in a object of type
|
||||
*
|
||||
* The defined offsets are the positions in a object of type
|
||||
* private_configuration_attribute_t.
|
||||
*
|
||||
*
|
||||
*/
|
||||
encoding_rule_t configuration_attribute_encodings[] = {
|
||||
|
||||
{ RESERVED_BIT, 0 },
|
||||
/* type of the attribute as 15 bit unsigned integer */
|
||||
{ ATTRIBUTE_TYPE, offsetof(private_configuration_attribute_t, attribute_type) },
|
||||
{ ATTRIBUTE_TYPE, offsetof(private_configuration_attribute_t, attribute_type) },
|
||||
/* Length of attribute value */
|
||||
{ CONFIGURATION_ATTRIBUTE_LENGTH, offsetof(private_configuration_attribute_t, attribute_length)},
|
||||
/* Value of attribute if attribute format flag is zero */
|
||||
|
@ -159,11 +159,11 @@ static status_t verify(private_configuration_attribute_t *this)
|
|||
/* any length acceptable */
|
||||
break;
|
||||
default:
|
||||
DBG1(DBG_ENC, "unknown attribute type %N",
|
||||
DBG1(DBG_ENC, "unknown attribute type %N",
|
||||
configuration_attribute_type_names, this->attribute_type);
|
||||
break;
|
||||
}
|
||||
|
||||
|
||||
if (failed)
|
||||
{
|
||||
DBG1(DBG_ENC, "invalid attribute length %d for %N",
|
||||
|
@ -222,12 +222,12 @@ static void set_value(private_configuration_attribute_t *this, chunk_t value)
|
|||
if (this->attribute_value.ptr != NULL)
|
||||
{
|
||||
/* free existing value */
|
||||
chunk_free(&(this->attribute_value));
|
||||
chunk_free(&(this->attribute_value));
|
||||
}
|
||||
|
||||
|
||||
this->attribute_value.ptr = clalloc(value.ptr,value.len);
|
||||
this->attribute_value.len = value.len;
|
||||
|
||||
|
||||
this->attribute_length = this->attribute_value.len;
|
||||
}
|
||||
|
||||
|
@ -272,7 +272,7 @@ static void destroy(private_configuration_attribute_t *this)
|
|||
if (this->attribute_value.ptr != NULL)
|
||||
{
|
||||
free(this->attribute_value.ptr);
|
||||
}
|
||||
}
|
||||
free(this);
|
||||
}
|
||||
|
||||
|
@ -291,7 +291,7 @@ configuration_attribute_t *configuration_attribute_create()
|
|||
this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type;
|
||||
this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type;
|
||||
this->public.payload_interface.destroy = (void (*) (payload_t *))destroy;
|
||||
|
||||
|
||||
/* public functions */
|
||||
this->public.set_value = (void (*) (configuration_attribute_t *,chunk_t)) set_value;
|
||||
this->public.get_value = (chunk_t (*) (configuration_attribute_t *)) get_value;
|
||||
|
@ -299,7 +299,7 @@ configuration_attribute_t *configuration_attribute_create()
|
|||
this->public.get_type = (u_int16_t (*) (configuration_attribute_t *)) get_attribute_type;
|
||||
this->public.get_length = (u_int16_t (*) (configuration_attribute_t *)) get_attribute_length;
|
||||
this->public.destroy = (void (*) (configuration_attribute_t *)) destroy;
|
||||
|
||||
|
||||
/* set default values of the fields */
|
||||
this->attribute_type = 0;
|
||||
this->attribute_value = chunk_empty;
|
||||
|
|
|
@ -57,14 +57,14 @@ enum configuration_attribute_type_t {
|
|||
INTERNAL_IP6_SERVER = 23457
|
||||
};
|
||||
|
||||
/**
|
||||
/**
|
||||
* enum names for configuration_attribute_type_t.
|
||||
*/
|
||||
extern enum_name_t *configuration_attribute_type_names;
|
||||
|
||||
/**
|
||||
* Class representing an IKEv2-CONFIGURATION Attribute.
|
||||
*
|
||||
*
|
||||
* The CONFIGURATION ATTRIBUTE format is described in RFC section 3.15.1.
|
||||
*/
|
||||
struct configuration_attribute_t {
|
||||
|
@ -75,43 +75,43 @@ struct configuration_attribute_t {
|
|||
|
||||
/**
|
||||
* Returns the currently set value of the attribute.
|
||||
*
|
||||
*
|
||||
* @warning Returned data are not copied.
|
||||
*
|
||||
*
|
||||
* @return chunk_t pointing to the value
|
||||
*/
|
||||
chunk_t (*get_value) (configuration_attribute_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Sets the value of the attribute.
|
||||
*
|
||||
*
|
||||
* Value is getting copied.
|
||||
*
|
||||
*
|
||||
* @param value chunk_t pointing to the value to set
|
||||
*/
|
||||
void (*set_value) (configuration_attribute_t *this, chunk_t value);
|
||||
|
||||
/**
|
||||
* Sets the type of the attribute.
|
||||
*
|
||||
*
|
||||
* @param type type to set (most significant bit is set to zero)
|
||||
*/
|
||||
void (*set_type) (configuration_attribute_t *this, u_int16_t type);
|
||||
|
||||
|
||||
/**
|
||||
* get the type of the attribute.
|
||||
*
|
||||
*
|
||||
* @return type of the value
|
||||
*/
|
||||
u_int16_t (*get_type) (configuration_attribute_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* get the length of an attribute.
|
||||
*
|
||||
*
|
||||
* @return type of the value
|
||||
*/
|
||||
u_int16_t (*get_length) (configuration_attribute_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Destroys an configuration_attribute_t object.
|
||||
*/
|
||||
|
@ -120,7 +120,7 @@ struct configuration_attribute_t {
|
|||
|
||||
/**
|
||||
* Creates an empty configuration_attribute_t object.
|
||||
*
|
||||
*
|
||||
* @return created configuration_attribute_t object
|
||||
*/
|
||||
configuration_attribute_t *configuration_attribute_create(void);
|
||||
|
|
|
@ -32,14 +32,14 @@ typedef struct private_cp_payload_t private_cp_payload_t;
|
|||
|
||||
/**
|
||||
* Private data of an cp_payload_t object.
|
||||
*
|
||||
*
|
||||
*/
|
||||
struct private_cp_payload_t {
|
||||
/**
|
||||
* Public cp_payload_t interface.
|
||||
*/
|
||||
cp_payload_t public;
|
||||
|
||||
|
||||
/**
|
||||
* Next payload type.
|
||||
*/
|
||||
|
@ -49,17 +49,17 @@ struct private_cp_payload_t {
|
|||
* Critical flag.
|
||||
*/
|
||||
bool critical;
|
||||
|
||||
|
||||
/**
|
||||
* Length of this payload.
|
||||
*/
|
||||
u_int16_t payload_length;
|
||||
|
||||
|
||||
/**
|
||||
* Configuration Attributes in this payload are stored in a linked_list_t.
|
||||
*/
|
||||
linked_list_t * attributes;
|
||||
|
||||
|
||||
/**
|
||||
* Config Type.
|
||||
*/
|
||||
|
@ -68,32 +68,32 @@ struct private_cp_payload_t {
|
|||
|
||||
/**
|
||||
* Encoding rules to parse or generate a IKEv2-CP Payload
|
||||
*
|
||||
* The defined offsets are the positions in a object of type
|
||||
*
|
||||
* The defined offsets are the positions in a object of type
|
||||
* private_cp_payload_t.
|
||||
*
|
||||
*
|
||||
*/
|
||||
encoding_rule_t cp_payload_encodings[] = {
|
||||
/* 1 Byte next payload type, stored in the field next_payload */
|
||||
{ U_INT_8, offsetof(private_cp_payload_t, next_payload) },
|
||||
/* the critical bit */
|
||||
{ FLAG, offsetof(private_cp_payload_t, critical) },
|
||||
{ FLAG, offsetof(private_cp_payload_t, critical) },
|
||||
/* 7 Bit reserved bits, nowhere stored */
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
/* Length of the whole CP payload*/
|
||||
{ PAYLOAD_LENGTH, offsetof(private_cp_payload_t, payload_length) },
|
||||
/* Proposals are stored in a proposal substructure,
|
||||
{ PAYLOAD_LENGTH, offsetof(private_cp_payload_t, payload_length) },
|
||||
/* Proposals are stored in a proposal substructure,
|
||||
offset points to a linked_list_t pointer */
|
||||
{ U_INT_8, offsetof(private_cp_payload_t, config_type) },
|
||||
{ RESERVED_BYTE,0 },
|
||||
{ RESERVED_BYTE,0 },
|
||||
{ RESERVED_BYTE,0 },
|
||||
{ RESERVED_BYTE,0 },
|
||||
{ RESERVED_BYTE,0 },
|
||||
{ RESERVED_BYTE,0 },
|
||||
{ CONFIGURATION_ATTRIBUTES, offsetof(private_cp_payload_t, attributes) }
|
||||
};
|
||||
|
||||
|
@ -119,7 +119,7 @@ static status_t verify(private_cp_payload_t *this)
|
|||
status_t status = SUCCESS;
|
||||
iterator_t *iterator;
|
||||
configuration_attribute_t *attribute;
|
||||
|
||||
|
||||
iterator = this->attributes->create_iterator(this->attributes,TRUE);
|
||||
while(iterator->iterate(iterator, (void**)&attribute))
|
||||
{
|
||||
|
@ -174,14 +174,14 @@ static void compute_length(private_cp_payload_t *this)
|
|||
iterator_t *iterator;
|
||||
payload_t *current_attribute;
|
||||
size_t length = CP_PAYLOAD_HEADER_LENGTH;
|
||||
|
||||
|
||||
iterator = this->attributes->create_iterator(this->attributes,TRUE);
|
||||
while (iterator->iterate(iterator, (void**)¤t_attribute))
|
||||
{
|
||||
length += current_attribute->get_length(current_attribute);
|
||||
}
|
||||
iterator->destroy(iterator);
|
||||
|
||||
|
||||
this->payload_length = length;
|
||||
}
|
||||
|
||||
|
@ -243,7 +243,7 @@ static void destroy(private_cp_payload_t *this)
|
|||
cp_payload_t *cp_payload_create()
|
||||
{
|
||||
private_cp_payload_t *this = malloc_thing(private_cp_payload_t);
|
||||
|
||||
|
||||
/* public interface */
|
||||
this->public.payload_interface.verify = (status_t (*) (payload_t *))verify;
|
||||
this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules;
|
||||
|
@ -252,14 +252,14 @@ cp_payload_t *cp_payload_create()
|
|||
this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type;
|
||||
this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type;
|
||||
this->public.payload_interface.destroy = (void (*) (payload_t *))destroy;
|
||||
|
||||
|
||||
/* public functions */
|
||||
this->public.create_attribute_iterator = (iterator_t* (*) (cp_payload_t *)) create_attribute_iterator;
|
||||
this->public.add_configuration_attribute = (void (*) (cp_payload_t *,configuration_attribute_t *)) add_configuration_attribute;
|
||||
this->public.set_config_type = (void (*) (cp_payload_t *, config_type_t)) set_config_type;
|
||||
this->public.get_config_type = (config_type_t (*) (cp_payload_t *)) get_config_type;
|
||||
this->public.destroy = (void (*) (cp_payload_t *)) destroy;
|
||||
|
||||
|
||||
/* set default values of the fields */
|
||||
this->critical = FALSE;
|
||||
this->next_payload = NO_PAYLOAD;
|
||||
|
|
|
@ -52,7 +52,7 @@ extern enum_name_t *config_type_names;
|
|||
|
||||
/**
|
||||
* Class representing an IKEv2-CP Payload.
|
||||
*
|
||||
*
|
||||
* The CP Payload format is described in RFC section 3.15.
|
||||
*/
|
||||
struct cp_payload_t {
|
||||
|
@ -60,41 +60,41 @@ struct cp_payload_t {
|
|||
* The payload_t interface.
|
||||
*/
|
||||
payload_t payload_interface;
|
||||
|
||||
|
||||
/**
|
||||
* Creates an iterator of stored configuration_attribute_t objects.
|
||||
*
|
||||
*
|
||||
* When deleting an attribute using this iterator, the length of this
|
||||
* configuration_attribute_t has to be refreshed by calling get_length()!
|
||||
*
|
||||
* @return created iterator_t object
|
||||
*/
|
||||
iterator_t *(*create_attribute_iterator) (cp_payload_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Adds a configuration_attribute_t object to this object.
|
||||
*
|
||||
*
|
||||
* The added configuration_attribute_t object is getting destroyed in
|
||||
* destroy function of cp_payload_t.
|
||||
*
|
||||
* @param attribute configuration_attribute_t object to add
|
||||
*/
|
||||
void (*add_configuration_attribute) (cp_payload_t *this, configuration_attribute_t *attribute);
|
||||
|
||||
|
||||
/**
|
||||
* Set the config type.
|
||||
*
|
||||
* @param config_type config_type_t to set
|
||||
*/
|
||||
void (*set_config_type) (cp_payload_t *this,config_type_t config_type);
|
||||
|
||||
|
||||
/**
|
||||
* Get the config type.
|
||||
*
|
||||
* @return config_type_t
|
||||
*/
|
||||
config_type_t (*get_config_type) (cp_payload_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Destroys an cp_payload_t object.
|
||||
*/
|
||||
|
@ -103,7 +103,7 @@ struct cp_payload_t {
|
|||
|
||||
/**
|
||||
* Creates an empty cp_payload_t object
|
||||
*
|
||||
*
|
||||
* @return cp_payload_t object
|
||||
*/
|
||||
cp_payload_t *cp_payload_create(void);
|
||||
|
|
|
@ -23,14 +23,14 @@ typedef struct private_delete_payload_t private_delete_payload_t;
|
|||
|
||||
/**
|
||||
* Private data of an delete_payload_t object.
|
||||
*
|
||||
*
|
||||
*/
|
||||
struct private_delete_payload_t {
|
||||
/**
|
||||
* Public delete_payload_t interface.
|
||||
*/
|
||||
delete_payload_t public;
|
||||
|
||||
|
||||
/**
|
||||
* Next payload type.
|
||||
*/
|
||||
|
@ -40,12 +40,12 @@ struct private_delete_payload_t {
|
|||
* Critical flag.
|
||||
*/
|
||||
bool critical;
|
||||
|
||||
|
||||
/**
|
||||
* Length of this payload.
|
||||
*/
|
||||
u_int16_t payload_length;
|
||||
|
||||
|
||||
/**
|
||||
* Protocol ID.
|
||||
*/
|
||||
|
@ -55,29 +55,29 @@ struct private_delete_payload_t {
|
|||
* SPI Size.
|
||||
*/
|
||||
u_int8_t spi_size;
|
||||
|
||||
|
||||
/**
|
||||
* Number of SPI's.
|
||||
*/
|
||||
u_int16_t spi_count;
|
||||
|
||||
|
||||
/**
|
||||
* The contained SPI's.
|
||||
*/
|
||||
chunk_t spis;
|
||||
|
||||
|
||||
/**
|
||||
* List containing u_int32_t spis
|
||||
* List containing u_int32_t spis
|
||||
*/
|
||||
linked_list_t *spi_list;
|
||||
};
|
||||
|
||||
/**
|
||||
* Encoding rules to parse or generate a DELETE payload
|
||||
*
|
||||
* The defined offsets are the positions in a object of type
|
||||
*
|
||||
* The defined offsets are the positions in a object of type
|
||||
* private_delete_payload_t.
|
||||
*
|
||||
*
|
||||
*/
|
||||
encoding_rule_t delete_payload_encodings[] = {
|
||||
/* 1 Byte next payload type, stored in the field next_payload */
|
||||
|
@ -223,7 +223,7 @@ static void add_spi(private_delete_payload_t *this, u_int32_t spi)
|
|||
static iterator_t* create_spi_iterator(private_delete_payload_t *this)
|
||||
{
|
||||
int i;
|
||||
|
||||
|
||||
if (this->spi_list == NULL)
|
||||
{
|
||||
this->spi_list = linked_list_create();
|
||||
|
@ -253,7 +253,7 @@ static void destroy(private_delete_payload_t *this)
|
|||
{
|
||||
this->spi_list->destroy(this->spi_list);
|
||||
}
|
||||
free(this);
|
||||
free(this);
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -271,13 +271,13 @@ delete_payload_t *delete_payload_create(protocol_id_t protocol_id)
|
|||
this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type;
|
||||
this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_payload_type;
|
||||
this->public.payload_interface.destroy = (void (*) (payload_t *))destroy;
|
||||
|
||||
|
||||
/* public functions */
|
||||
this->public.destroy = (void (*) (delete_payload_t *)) destroy;
|
||||
this->public.get_protocol_id = (protocol_id_t (*) (delete_payload_t *)) get_protocol_id;
|
||||
this->public.add_spi = (void (*) (delete_payload_t *,u_int32_t))add_spi;
|
||||
this->public.create_spi_iterator = (iterator_t* (*) (delete_payload_t *)) create_spi_iterator;
|
||||
|
||||
|
||||
/* private variables */
|
||||
this->critical = FALSE;
|
||||
this->next_payload = NO_PAYLOAD;
|
||||
|
|
|
@ -43,21 +43,21 @@ struct delete_payload_t {
|
|||
* The payload_t interface.
|
||||
*/
|
||||
payload_t payload_interface;
|
||||
|
||||
|
||||
/**
|
||||
* Get the protocol ID.
|
||||
*
|
||||
* @return protocol ID
|
||||
*/
|
||||
protocol_id_t (*get_protocol_id) (delete_payload_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Add an SPI to the list of deleted SAs.
|
||||
*
|
||||
* @param spi spi to add
|
||||
*/
|
||||
void (*add_spi) (delete_payload_t *this, u_int32_t spi);
|
||||
|
||||
|
||||
/**
|
||||
* Get an iterator over the SPIs.
|
||||
*
|
||||
|
@ -66,7 +66,7 @@ struct delete_payload_t {
|
|||
* @return iterator over SPIs
|
||||
*/
|
||||
iterator_t *(*create_spi_iterator) (delete_payload_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Destroys an delete_payload_t object.
|
||||
*/
|
||||
|
@ -75,7 +75,7 @@ struct delete_payload_t {
|
|||
|
||||
/**
|
||||
* Creates an empty delete_payload_t object.
|
||||
*
|
||||
*
|
||||
* @param protocol_id protocol, such as AH|ESP
|
||||
* @return delete_payload_t object
|
||||
*/
|
||||
|
|
|
@ -24,14 +24,14 @@ typedef struct private_eap_payload_t private_eap_payload_t;
|
|||
|
||||
/**
|
||||
* Private data of an eap_payload_t object.
|
||||
*
|
||||
*
|
||||
*/
|
||||
struct private_eap_payload_t {
|
||||
/**
|
||||
* Public eap_payload_t interface.
|
||||
*/
|
||||
eap_payload_t public;
|
||||
|
||||
|
||||
/**
|
||||
* Next payload type.
|
||||
*/
|
||||
|
@ -41,12 +41,12 @@ struct private_eap_payload_t {
|
|||
* Critical flag.
|
||||
*/
|
||||
bool critical;
|
||||
|
||||
|
||||
/**
|
||||
* Length of this payload.
|
||||
*/
|
||||
u_int16_t payload_length;
|
||||
|
||||
|
||||
/**
|
||||
* EAP message data, if available
|
||||
*/
|
||||
|
@ -55,10 +55,10 @@ struct private_eap_payload_t {
|
|||
|
||||
/**
|
||||
* Encoding rules to parse or generate a EAP payload.
|
||||
*
|
||||
* The defined offsets are the positions in a object of type
|
||||
*
|
||||
* The defined offsets are the positions in a object of type
|
||||
* private_eap_payload_t.
|
||||
*
|
||||
*
|
||||
*/
|
||||
encoding_rule_t eap_payload_encodings[] = {
|
||||
/* 1 Byte next payload type, stored in the field next_payload */
|
||||
|
@ -98,7 +98,7 @@ static status_t verify(private_eap_payload_t *this)
|
|||
{
|
||||
u_int16_t length;
|
||||
u_int8_t code;
|
||||
|
||||
|
||||
if (this->data.len < 4)
|
||||
{
|
||||
DBG1(DBG_ENC, "EAP payloads EAP message too short (%d)", this->data.len);
|
||||
|
@ -264,7 +264,7 @@ static void destroy(private_eap_payload_t *this)
|
|||
eap_payload_t *eap_payload_create()
|
||||
{
|
||||
private_eap_payload_t *this = malloc_thing(private_eap_payload_t);
|
||||
|
||||
|
||||
/* interface functions */
|
||||
this->public.payload_interface.verify = (status_t (*) (payload_t *))verify;
|
||||
this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules;
|
||||
|
@ -273,7 +273,7 @@ eap_payload_t *eap_payload_create()
|
|||
this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type;
|
||||
this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_payload_type;
|
||||
this->public.payload_interface.destroy = (void (*) (payload_t *))destroy;
|
||||
|
||||
|
||||
/* public functions */
|
||||
this->public.destroy = (void (*) (eap_payload_t *)) destroy;
|
||||
this->public.get_data = (chunk_t (*) (eap_payload_t*))get_data;
|
||||
|
@ -281,13 +281,13 @@ eap_payload_t *eap_payload_create()
|
|||
this->public.get_code = (eap_code_t (*) (eap_payload_t*))get_code;
|
||||
this->public.get_identifier = (u_int8_t (*) (eap_payload_t*))get_identifier;
|
||||
this->public.get_type = (eap_type_t (*) (eap_payload_t*,u_int32_t*))get_type;
|
||||
|
||||
|
||||
/* private variables */
|
||||
this->critical = FALSE;
|
||||
this->next_payload = NO_PAYLOAD;
|
||||
this->payload_length = EAP_PAYLOAD_HEADER_LENGTH;
|
||||
this->data = chunk_empty;
|
||||
|
||||
|
||||
return &(this->public);
|
||||
}
|
||||
|
||||
|
@ -297,7 +297,7 @@ eap_payload_t *eap_payload_create()
|
|||
eap_payload_t *eap_payload_create_data(chunk_t data)
|
||||
{
|
||||
eap_payload_t *this = eap_payload_create();
|
||||
|
||||
|
||||
this->set_data(this, data);
|
||||
return this;
|
||||
}
|
||||
|
@ -309,11 +309,11 @@ eap_payload_t *eap_payload_create_code(eap_code_t code, u_int8_t identifier)
|
|||
{
|
||||
eap_payload_t *this = eap_payload_create();
|
||||
chunk_t data = chunk_alloca(4);
|
||||
|
||||
|
||||
*(data.ptr + 0) = code;
|
||||
*(data.ptr + 1) = identifier;
|
||||
*(u_int16_t*)(data.ptr + 2) = htons(data.len);
|
||||
|
||||
|
||||
this->set_data(this, data);
|
||||
return this;
|
||||
}
|
||||
|
@ -325,12 +325,12 @@ eap_payload_t *eap_payload_create_nak(u_int8_t identifier)
|
|||
{
|
||||
eap_payload_t *this = eap_payload_create();
|
||||
chunk_t data = chunk_alloca(5);
|
||||
|
||||
|
||||
*(data.ptr + 0) = EAP_RESPONSE;
|
||||
*(data.ptr + 1) = identifier;
|
||||
*(u_int16_t*)(data.ptr + 2) = htons(data.len);
|
||||
*(data.ptr + 4) = EAP_NAK;
|
||||
|
||||
|
||||
this->set_data(this, data);
|
||||
return this;
|
||||
}
|
||||
|
|
|
@ -39,12 +39,12 @@ typedef struct eap_payload_t eap_payload_t;
|
|||
* The EAP payload format is described in RFC section 3.16.
|
||||
*/
|
||||
struct eap_payload_t {
|
||||
|
||||
|
||||
/**
|
||||
* The payload_t interface.
|
||||
*/
|
||||
payload_t payload_interface;
|
||||
|
||||
|
||||
/**
|
||||
* Set the contained EAP data.
|
||||
*
|
||||
|
@ -54,7 +54,7 @@ struct eap_payload_t {
|
|||
* @param message EAP data
|
||||
*/
|
||||
void (*set_data) (eap_payload_t *this, chunk_t data);
|
||||
|
||||
|
||||
/**
|
||||
* Get the contained EAP data.
|
||||
*
|
||||
|
@ -63,21 +63,21 @@ struct eap_payload_t {
|
|||
* @return EAP data (pointer to internal data)
|
||||
*/
|
||||
chunk_t (*get_data) (eap_payload_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Get the EAP code.
|
||||
*
|
||||
* @return EAP message as chunk_t
|
||||
*/
|
||||
eap_code_t (*get_code) (eap_payload_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Get the EAP identifier.
|
||||
*
|
||||
* @return unique identifier
|
||||
*/
|
||||
u_int8_t (*get_identifier) (eap_payload_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Get the EAP method type.
|
||||
*
|
||||
|
@ -85,7 +85,7 @@ struct eap_payload_t {
|
|||
* @return EAP method type, vendor specific if vendor != 0
|
||||
*/
|
||||
eap_type_t (*get_type) (eap_payload_t *this, u_int32_t *vendor);
|
||||
|
||||
|
||||
/**
|
||||
* Destroys an eap_payload_t object.
|
||||
*/
|
||||
|
@ -109,7 +109,7 @@ eap_payload_t *eap_payload_create_data(chunk_t data);
|
|||
/**
|
||||
* Creates an eap_payload_t object with a code.
|
||||
*
|
||||
* Could should be either EAP_SUCCESS/EAP_FAILURE, use
|
||||
* Could should be either EAP_SUCCESS/EAP_FAILURE, use
|
||||
* constructor above otherwise.
|
||||
*
|
||||
* @param code EAP status code
|
||||
|
|
|
@ -28,266 +28,266 @@ typedef struct encoding_rule_t encoding_rule_t;
|
|||
#include <library.h>
|
||||
|
||||
/**
|
||||
* All different kinds of encoding types.
|
||||
* All different kinds of encoding types.
|
||||
*
|
||||
* Each field of an IKEv2-Message (in header or payload)
|
||||
* Each field of an IKEv2-Message (in header or payload)
|
||||
* which has to be parsed or generated differently has its own
|
||||
* type defined here.
|
||||
*
|
||||
* Header is parsed like a payload and gets its one payload_id
|
||||
* from PRIVATE USE space. Also the substructures
|
||||
* of specific payload types get their own payload_id
|
||||
* Header is parsed like a payload and gets its one payload_id
|
||||
* from PRIVATE USE space. Also the substructures
|
||||
* of specific payload types get their own payload_id
|
||||
* from PRIVATE_USE space. See IKEv2-Draft for more informations.
|
||||
*/
|
||||
enum encoding_type_t {
|
||||
|
||||
|
||||
/**
|
||||
* Representing a 4 Bit unsigned int value.
|
||||
*
|
||||
*
|
||||
*
|
||||
*
|
||||
* When generating it must be changed from host to network order.
|
||||
* The value is read from the associated data struct.
|
||||
* The current write position is moved 4 bit forward afterwards.
|
||||
*
|
||||
*
|
||||
* When parsing it must be changed from network to host order.
|
||||
* The value is written to the associated data struct.
|
||||
* The current read pointer is moved 4 bit forward afterwards.
|
||||
*/
|
||||
U_INT_4,
|
||||
|
||||
|
||||
/**
|
||||
* Representing a 8 Bit unsigned int value.
|
||||
*
|
||||
*
|
||||
*
|
||||
*
|
||||
* When generating it must be changed from host to network order.
|
||||
* The value is read from the associated data struct.
|
||||
* The current write position is moved 8 bit forward afterwards.
|
||||
*
|
||||
*
|
||||
* When parsing it must be changed from network to host order.
|
||||
* The value is written to the associated data struct.
|
||||
* The current read pointer is moved 8 bit forward afterwards.
|
||||
*/
|
||||
U_INT_8,
|
||||
|
||||
|
||||
/**
|
||||
* Representing a 16 Bit unsigned int value.
|
||||
*
|
||||
*
|
||||
*
|
||||
*
|
||||
* When generating it must be changed from host to network order.
|
||||
* The value is read from the associated data struct.
|
||||
* The current write position is moved 16 bit forward afterwards.
|
||||
*
|
||||
*
|
||||
* When parsing it must be changed from network to host order.
|
||||
* The value is written to the associated data struct.
|
||||
* The current read pointer is moved 16 bit forward afterwards.
|
||||
*/
|
||||
U_INT_16,
|
||||
|
||||
|
||||
/**
|
||||
* Representing a 32 Bit unsigned int value.
|
||||
*
|
||||
*
|
||||
* When generating it must be changed from host to network order.
|
||||
* The value is read from the associated data struct.
|
||||
* The current write position is moved 32 bit forward afterwards.
|
||||
*
|
||||
*
|
||||
* When parsing it must be changed from network to host order.
|
||||
* The value is written to the associated data struct.
|
||||
* The current read pointer is moved 32 bit forward afterwards.
|
||||
*/
|
||||
U_INT_32,
|
||||
|
||||
|
||||
/**
|
||||
* represents a RESERVED_BIT used in FLAG-Bytes.
|
||||
*
|
||||
* When generating, the next bit is set to zero and the current write
|
||||
*
|
||||
* When generating, the next bit is set to zero and the current write
|
||||
* position is moved one bit forward.
|
||||
* No value is read from the associated data struct.
|
||||
* The current write position is moved 1 bit forward afterwards.
|
||||
*
|
||||
*
|
||||
* When parsing, the current read pointer is moved one bit forward.
|
||||
* No value is written to the associated data struct.
|
||||
* The current read pointer is moved 1 bit forward afterwards.
|
||||
*/
|
||||
RESERVED_BIT,
|
||||
|
||||
|
||||
/**
|
||||
* represents a RESERVED_BYTE.
|
||||
*
|
||||
* When generating, the next byte is set to zero and the current write
|
||||
*
|
||||
* When generating, the next byte is set to zero and the current write
|
||||
* position is moved one byte forward.
|
||||
* No value is read from the associated data struct.
|
||||
* The current write position is moved 1 byte forward afterwards.
|
||||
*
|
||||
*
|
||||
* When parsing, the current read pointer is moved one byte forward.
|
||||
* No value is written to the associated data struct.
|
||||
* The current read pointer is moved 1 byte forward afterwards.
|
||||
*/
|
||||
RESERVED_BYTE,
|
||||
|
||||
|
||||
/**
|
||||
* Representing a 1 Bit flag.
|
||||
*
|
||||
* When generation, the next bit is set to 1 if the associated value
|
||||
* in the data struct is TRUE, 0 otherwise. The current write position
|
||||
*
|
||||
* When generation, the next bit is set to 1 if the associated value
|
||||
* in the data struct is TRUE, 0 otherwise. The current write position
|
||||
* is moved 1 bit forward afterwards.
|
||||
*
|
||||
* When parsing, the next bit is read and stored in the associated data
|
||||
* struct. 0 means FALSE, 1 means TRUE, The current read pointer
|
||||
* When parsing, the next bit is read and stored in the associated data
|
||||
* struct. 0 means FALSE, 1 means TRUE, The current read pointer
|
||||
* is moved 1 bit forward afterwards
|
||||
*/
|
||||
FLAG,
|
||||
|
||||
|
||||
/**
|
||||
* Representating a length field of a payload.
|
||||
*
|
||||
*
|
||||
* When generating it must be changed from host to network order.
|
||||
* The value is read from the associated data struct.
|
||||
* The current write position is moved 16 bit forward afterwards.
|
||||
*
|
||||
*
|
||||
* When parsing it must be changed from network to host order.
|
||||
* The value is written to the associated data struct.
|
||||
* The current read pointer is moved 16 bit forward afterwards.
|
||||
*/
|
||||
PAYLOAD_LENGTH,
|
||||
|
||||
|
||||
/**
|
||||
* Representating a length field of a header.
|
||||
*
|
||||
*
|
||||
* When generating it must be changed from host to network order.
|
||||
* The value is read from the associated data struct.
|
||||
* The current write position is moved 32 bit forward afterwards.
|
||||
*
|
||||
*
|
||||
* When parsing it must be changed from network to host order.
|
||||
* The value is written to the associated data struct.
|
||||
* The current read pointer is moved 32 bit forward afterwards.
|
||||
*/
|
||||
HEADER_LENGTH,
|
||||
|
||||
|
||||
/**
|
||||
* Representating a spi size field.
|
||||
*
|
||||
*
|
||||
* When generating it must be changed from host to network order.
|
||||
* The value is read from the associated data struct.
|
||||
* The current write position is moved 8 bit forward afterwards.
|
||||
*
|
||||
*
|
||||
* When parsing it must be changed from network to host order.
|
||||
* The value is written to the associated data struct.
|
||||
* The current read pointer is moved 8 bit forward afterwards.
|
||||
*/
|
||||
SPI_SIZE,
|
||||
|
||||
|
||||
/**
|
||||
* Representating a spi field.
|
||||
*
|
||||
* When generating the content of the chunkt pointing to
|
||||
*
|
||||
* When generating the content of the chunkt pointing to
|
||||
* is written.
|
||||
*
|
||||
*
|
||||
* When parsing SPI_SIZE bytes are read and written into the chunk pointing to.
|
||||
*/
|
||||
SPI,
|
||||
|
||||
|
||||
/**
|
||||
* Representating a Key Exchange Data field.
|
||||
*
|
||||
* When generating the content of the chunkt pointing to
|
||||
*
|
||||
* When generating the content of the chunkt pointing to
|
||||
* is written.
|
||||
*
|
||||
*
|
||||
* When parsing (Payload Length - 8) bytes are read and written into the chunk pointing to.
|
||||
*/
|
||||
KEY_EXCHANGE_DATA,
|
||||
|
||||
|
||||
/**
|
||||
* Representating a Notification field.
|
||||
*
|
||||
* When generating the content of the chunkt pointing to
|
||||
*
|
||||
* When generating the content of the chunkt pointing to
|
||||
* is written.
|
||||
*
|
||||
*
|
||||
* When parsing (Payload Length - spi size - 8) bytes are read and written into the chunk pointing to.
|
||||
*/
|
||||
NOTIFICATION_DATA,
|
||||
|
||||
|
||||
/**
|
||||
* Representating one or more proposal substructures.
|
||||
*
|
||||
*
|
||||
* The offset points to a linked_list_t pointer.
|
||||
*
|
||||
* When generating the proposal_substructure_t objects are stored
|
||||
*
|
||||
* When generating the proposal_substructure_t objects are stored
|
||||
* in the pointed linked_list.
|
||||
*
|
||||
* When parsing the parsed proposal_substructure_t objects have
|
||||
*
|
||||
* When parsing the parsed proposal_substructure_t objects have
|
||||
* to be stored in the pointed linked_list.
|
||||
*/
|
||||
*/
|
||||
PROPOSALS,
|
||||
|
||||
|
||||
/**
|
||||
* Representating one or more transform substructures.
|
||||
*
|
||||
*
|
||||
* The offset points to a linked_list_t pointer.
|
||||
*
|
||||
* When generating the transform_substructure_t objects are stored
|
||||
*
|
||||
* When generating the transform_substructure_t objects are stored
|
||||
* in the pointed linked_list.
|
||||
*
|
||||
* When parsing the parsed transform_substructure_t objects have
|
||||
*
|
||||
* When parsing the parsed transform_substructure_t objects have
|
||||
* to be stored in the pointed linked_list.
|
||||
*/
|
||||
*/
|
||||
TRANSFORMS,
|
||||
|
||||
|
||||
/**
|
||||
* Representating one or more Attributes of a transform substructure.
|
||||
*
|
||||
*
|
||||
* The offset points to a linked_list_t pointer.
|
||||
*
|
||||
* When generating the transform_attribute_t objects are stored
|
||||
*
|
||||
* When generating the transform_attribute_t objects are stored
|
||||
* in the pointed linked_list.
|
||||
*
|
||||
* When parsing the parsed transform_attribute_t objects have
|
||||
*
|
||||
* When parsing the parsed transform_attribute_t objects have
|
||||
* to be stored in the pointed linked_list.
|
||||
*/
|
||||
*/
|
||||
TRANSFORM_ATTRIBUTES,
|
||||
|
||||
/**
|
||||
* Representating one or more Attributes of a configuration payload.
|
||||
*
|
||||
*
|
||||
* The offset points to a linked_list_t pointer.
|
||||
*
|
||||
* When generating the configuration_attribute_t objects are stored
|
||||
*
|
||||
* When generating the configuration_attribute_t objects are stored
|
||||
* in the pointed linked_list.
|
||||
*
|
||||
* When parsing the parsed configuration_attribute_t objects have
|
||||
*
|
||||
* When parsing the parsed configuration_attribute_t objects have
|
||||
* to be stored in the pointed linked_list.
|
||||
*/
|
||||
*/
|
||||
CONFIGURATION_ATTRIBUTES,
|
||||
|
||||
|
||||
/**
|
||||
*
|
||||
* When generating the content of the chunkt pointing to
|
||||
*
|
||||
* When generating the content of the chunkt pointing to
|
||||
* is written.
|
||||
*
|
||||
*
|
||||
* When parsing (Payload Length - 4) bytes are read and written into the chunk pointing to.
|
||||
*/
|
||||
CONFIGURATION_ATTRIBUTE_VALUE,
|
||||
|
||||
|
||||
/**
|
||||
* Representing a 1 Bit flag specifying the format of a transform attribute.
|
||||
*
|
||||
* When generation, the next bit is set to 1 if the associated value
|
||||
* in the data struct is TRUE, 0 otherwise. The current write position
|
||||
*
|
||||
* When generation, the next bit is set to 1 if the associated value
|
||||
* in the data struct is TRUE, 0 otherwise. The current write position
|
||||
* is moved 1 bit forward afterwards.
|
||||
*
|
||||
* When parsing, the next bit is read and stored in the associated data
|
||||
* struct. 0 means FALSE, 1 means TRUE, The current read pointer
|
||||
* When parsing, the next bit is read and stored in the associated data
|
||||
* struct. 0 means FALSE, 1 means TRUE, The current read pointer
|
||||
* is moved 1 bit forward afterwards.
|
||||
*/
|
||||
ATTRIBUTE_FORMAT,
|
||||
/**
|
||||
* Representing a 15 Bit unsigned int value used as attribute type
|
||||
* Representing a 15 Bit unsigned int value used as attribute type
|
||||
* in an attribute transform.
|
||||
*
|
||||
*
|
||||
*
|
||||
*
|
||||
* When generating it must be changed from host to network order.
|
||||
* The value is read from the associated data struct.
|
||||
* The current write position is moved 15 bit forward afterwards.
|
||||
*
|
||||
*
|
||||
* When parsing it must be changed from network to host order.
|
||||
* The value is written to the associated data struct.
|
||||
* The current read pointer is moved 15 bit forward afterwards.
|
||||
|
@ -298,11 +298,11 @@ enum encoding_type_t {
|
|||
* Depending on the field of type ATTRIBUTE_FORMAT
|
||||
* this field contains the length or the value of an transform attribute.
|
||||
* Its stored in a 16 unsigned integer field.
|
||||
*
|
||||
*
|
||||
* When generating it must be changed from host to network order.
|
||||
* The value is read from the associated data struct.
|
||||
* The current write position is moved 16 bit forward afterwards.
|
||||
*
|
||||
*
|
||||
* When parsing it must be changed from network to host order.
|
||||
* The value is written to the associated data struct.
|
||||
* The current read pointer is moved 16 bit forward afterwards.
|
||||
|
@ -312,11 +312,11 @@ enum encoding_type_t {
|
|||
/**
|
||||
* This field contains the length or the value of an configuration attribute.
|
||||
* Its stored in a 16 unsigned integer field.
|
||||
*
|
||||
*
|
||||
* When generating it must be changed from host to network order.
|
||||
* The value is read from the associated data struct.
|
||||
* The current write position is moved 16 bit forward afterwards.
|
||||
*
|
||||
*
|
||||
* When parsing it must be changed from network to host order.
|
||||
* The value is written to the associated data struct.
|
||||
* The current read pointer is moved 16 bit forward afterwards.
|
||||
|
@ -325,155 +325,155 @@ enum encoding_type_t {
|
|||
|
||||
/**
|
||||
* Depending on the field of type ATTRIBUTE_FORMAT
|
||||
* this field is available or missing and so parsed/generated
|
||||
* this field is available or missing and so parsed/generated
|
||||
* or not parsed/not generated.
|
||||
*
|
||||
* When generating the content of the chunkt pointing to
|
||||
*
|
||||
* When generating the content of the chunkt pointing to
|
||||
* is written.
|
||||
*
|
||||
*
|
||||
* When parsing SPI_SIZE bytes are read and written into the chunk pointing to.
|
||||
*/
|
||||
ATTRIBUTE_VALUE,
|
||||
|
||||
|
||||
/**
|
||||
* Representating one or more Traffic selectors of a TS payload.
|
||||
*
|
||||
*
|
||||
* The offset points to a linked_list_t pointer.
|
||||
*
|
||||
* When generating the traffic_selector_substructure_t objects are stored
|
||||
*
|
||||
* When generating the traffic_selector_substructure_t objects are stored
|
||||
* in the pointed linked_list.
|
||||
*
|
||||
* When parsing the parsed traffic_selector_substructure_t objects have
|
||||
*
|
||||
* When parsing the parsed traffic_selector_substructure_t objects have
|
||||
* to be stored in the pointed linked_list.
|
||||
*/
|
||||
*/
|
||||
TRAFFIC_SELECTORS,
|
||||
|
||||
|
||||
/**
|
||||
* Representating a Traffic selector type field.
|
||||
*
|
||||
*
|
||||
* When generating it must be changed from host to network order.
|
||||
* The value is read from the associated data struct.
|
||||
* The current write position is moved 16 bit forward afterwards.
|
||||
*
|
||||
*
|
||||
* When parsing it must be changed from network to host order.
|
||||
* The value is written to the associated data struct.
|
||||
* The current read pointer is moved 16 bit forward afterwards.
|
||||
*/
|
||||
TS_TYPE,
|
||||
|
||||
|
||||
/**
|
||||
* Representating an address field in a traffic selector.
|
||||
*
|
||||
*
|
||||
* Depending on the last field of type TS_TYPE
|
||||
* this field is either 4 or 16 byte long.
|
||||
*
|
||||
* When generating the content of the chunkt pointing to
|
||||
*
|
||||
* When generating the content of the chunkt pointing to
|
||||
* is written.
|
||||
*
|
||||
*
|
||||
* When parsing 4 or 16 bytes are read and written into the chunk pointing to.
|
||||
*/
|
||||
ADDRESS,
|
||||
|
||||
/**
|
||||
* Representating a Nonce Data field.
|
||||
*
|
||||
* When generating the content of the chunkt pointing to
|
||||
*
|
||||
* When generating the content of the chunkt pointing to
|
||||
* is written.
|
||||
*
|
||||
*
|
||||
* When parsing (Payload Length - 4) bytes are read and written into the chunk pointing to.
|
||||
*/
|
||||
NONCE_DATA,
|
||||
|
||||
|
||||
/**
|
||||
* Representating a ID Data field.
|
||||
*
|
||||
* When generating the content of the chunkt pointing to
|
||||
*
|
||||
* When generating the content of the chunkt pointing to
|
||||
* is written.
|
||||
*
|
||||
*
|
||||
* When parsing (Payload Length - 8) bytes are read and written into the chunk pointing to.
|
||||
*/
|
||||
ID_DATA,
|
||||
|
||||
|
||||
/**
|
||||
* Representating a AUTH Data field.
|
||||
*
|
||||
* When generating the content of the chunkt pointing to
|
||||
*
|
||||
* When generating the content of the chunkt pointing to
|
||||
* is written.
|
||||
*
|
||||
*
|
||||
* When parsing (Payload Length - 8) bytes are read and written into the chunk pointing to.
|
||||
*/
|
||||
AUTH_DATA,
|
||||
|
||||
|
||||
/**
|
||||
* Representating a CERT Data field.
|
||||
*
|
||||
* When generating the content of the chunkt pointing to
|
||||
*
|
||||
* When generating the content of the chunkt pointing to
|
||||
* is written.
|
||||
*
|
||||
*
|
||||
* When parsing (Payload Length - 5) bytes are read and written into the chunk pointing to.
|
||||
*/
|
||||
CERT_DATA,
|
||||
|
||||
/**
|
||||
* Representating a CERTREQ Data field.
|
||||
*
|
||||
* When generating the content of the chunkt pointing to
|
||||
*
|
||||
* When generating the content of the chunkt pointing to
|
||||
* is written.
|
||||
*
|
||||
*
|
||||
* When parsing (Payload Length - 5) bytes are read and written into the chunk pointing to.
|
||||
*/
|
||||
CERTREQ_DATA,
|
||||
|
||||
|
||||
/**
|
||||
* Representating an EAP message field.
|
||||
*
|
||||
* When generating the content of the chunkt pointing to
|
||||
*
|
||||
* When generating the content of the chunkt pointing to
|
||||
* is written.
|
||||
*
|
||||
*
|
||||
* When parsing (Payload Length - 4) bytes are read and written into the chunk pointing to.
|
||||
*/
|
||||
EAP_DATA,
|
||||
|
||||
|
||||
/**
|
||||
* Representating the SPIS field in a DELETE payload.
|
||||
*
|
||||
* When generating the content of the chunkt pointing to
|
||||
*
|
||||
* When generating the content of the chunkt pointing to
|
||||
* is written.
|
||||
*
|
||||
*
|
||||
* When parsing (Payload Length - 8) bytes are read and written into the chunk pointing to.
|
||||
*/
|
||||
SPIS,
|
||||
|
||||
|
||||
/**
|
||||
* Representating the VID DATA field in a VENDOR ID payload.
|
||||
*
|
||||
* When generating the content of the chunkt pointing to
|
||||
*
|
||||
* When generating the content of the chunkt pointing to
|
||||
* is written.
|
||||
*
|
||||
*
|
||||
* When parsing (Payload Length - 4) bytes are read and written into the chunk pointing to.
|
||||
*/
|
||||
VID_DATA,
|
||||
|
||||
|
||||
/**
|
||||
* Representating the DATA of an unknown payload.
|
||||
*
|
||||
* When generating the content of the chunkt pointing to
|
||||
*
|
||||
* When generating the content of the chunkt pointing to
|
||||
* is written.
|
||||
*
|
||||
*
|
||||
* When parsing (Payload Length - 4) bytes are read and written into the chunk pointing to.
|
||||
*/
|
||||
UNKNOWN_DATA,
|
||||
|
||||
|
||||
/**
|
||||
* Representating an IKE_SPI field in an IKEv2 Header.
|
||||
*
|
||||
* When generating the value of the u_int64_t pointing to
|
||||
*
|
||||
* When generating the value of the u_int64_t pointing to
|
||||
* is written (host and networ order is not changed).
|
||||
*
|
||||
*
|
||||
* When parsing 8 bytes are read and written into the u_int64_t pointing to.
|
||||
*/
|
||||
IKE_SPI,
|
||||
|
||||
|
||||
/**
|
||||
* Representing the encrypted data body of a encryption payload.
|
||||
*/
|
||||
|
@ -488,25 +488,25 @@ extern enum_name_t *encoding_type_names;
|
|||
/**
|
||||
* Rule how to en-/decode a payload field.
|
||||
*
|
||||
* An encoding rule is a mapping of a specific encoding type to
|
||||
* An encoding rule is a mapping of a specific encoding type to
|
||||
* a location in the data struct where the current field is stored to
|
||||
* or read from.
|
||||
* This rules are used by parser and generator.
|
||||
*/
|
||||
struct encoding_rule_t {
|
||||
|
||||
|
||||
/**
|
||||
* Encoding type.
|
||||
*/
|
||||
encoding_type_t type;
|
||||
|
||||
|
||||
/**
|
||||
* Offset in the data struct.
|
||||
*
|
||||
* When parsing, data are written to this offset of the
|
||||
*
|
||||
* When parsing, data are written to this offset of the
|
||||
* data struct.
|
||||
*
|
||||
* When generating, data are read from this offset in the
|
||||
*
|
||||
* When generating, data are read from this offset in the
|
||||
* data struct.
|
||||
*/
|
||||
u_int32_t offset;
|
||||
|
|
|
@ -32,19 +32,19 @@ typedef struct private_encryption_payload_t private_encryption_payload_t;
|
|||
|
||||
/**
|
||||
* Private data of an encryption_payload_t' Object.
|
||||
*
|
||||
*
|
||||
*/
|
||||
struct private_encryption_payload_t {
|
||||
|
||||
|
||||
/**
|
||||
* Public encryption_payload_t interface.
|
||||
*/
|
||||
encryption_payload_t public;
|
||||
|
||||
|
||||
/**
|
||||
* There is no next payload for an encryption payload,
|
||||
* There is no next payload for an encryption payload,
|
||||
* since encryption payload MUST be the last one.
|
||||
* next_payload means here the first payload of the
|
||||
* next_payload means here the first payload of the
|
||||
* contained, encrypted payload.
|
||||
*/
|
||||
u_int8_t next_payload;
|
||||
|
@ -53,33 +53,33 @@ struct private_encryption_payload_t {
|
|||
* Critical flag.
|
||||
*/
|
||||
bool critical;
|
||||
|
||||
|
||||
/**
|
||||
* Length of this payload
|
||||
*/
|
||||
u_int16_t payload_length;
|
||||
|
||||
|
||||
/**
|
||||
* Chunk containing the iv, data, padding,
|
||||
* and (an eventually not calculated) signature.
|
||||
*/
|
||||
chunk_t encrypted;
|
||||
|
||||
|
||||
/**
|
||||
* Chunk containing the data in decrypted (unpadded) form.
|
||||
*/
|
||||
chunk_t decrypted;
|
||||
|
||||
|
||||
/**
|
||||
* Signer set by set_signer.
|
||||
*/
|
||||
signer_t *signer;
|
||||
|
||||
|
||||
/**
|
||||
* Crypter, supplied by encrypt/decrypt
|
||||
*/
|
||||
crypter_t *crypter;
|
||||
|
||||
|
||||
/**
|
||||
* Contained payloads of this encrpytion_payload.
|
||||
*/
|
||||
|
@ -88,10 +88,10 @@ struct private_encryption_payload_t {
|
|||
|
||||
/**
|
||||
* Encoding rules to parse or generate a IKEv2-Encryption Payload.
|
||||
*
|
||||
* The defined offsets are the positions in a object of type
|
||||
*
|
||||
* The defined offsets are the positions in a object of type
|
||||
* private_encryption_payload_t.
|
||||
*
|
||||
*
|
||||
*/
|
||||
encoding_rule_t encryption_payload_encodings[] = {
|
||||
/* 1 Byte next payload type, stored in the field next_payload */
|
||||
|
@ -170,7 +170,7 @@ static payload_type_t get_next_type(private_encryption_payload_t *this)
|
|||
*/
|
||||
static void set_next_type(private_encryption_payload_t *this, payload_type_t type)
|
||||
{
|
||||
/* set next type is not allowed, since this payload MUST be the last one
|
||||
/* set next type is not allowed, since this payload MUST be the last one
|
||||
* and so nothing is done in here*/
|
||||
}
|
||||
|
||||
|
@ -190,7 +190,7 @@ static void compute_length(private_encryption_payload_t *this)
|
|||
length += current_payload->get_length(current_payload);
|
||||
}
|
||||
iterator->destroy(iterator);
|
||||
|
||||
|
||||
if (this->crypter && this->signer)
|
||||
{
|
||||
/* append one byte for padding length */
|
||||
|
@ -268,13 +268,13 @@ static void generate(private_encryption_payload_t *this)
|
|||
payload_t *current_payload, *next_payload;
|
||||
generator_t *generator;
|
||||
iterator_t *iterator;
|
||||
|
||||
|
||||
/* recalculate length before generating */
|
||||
compute_length(this);
|
||||
|
||||
|
||||
/* create iterator */
|
||||
iterator = this->payloads->create_iterator(this->payloads, TRUE);
|
||||
|
||||
|
||||
/* get first payload */
|
||||
if (iterator->iterate(iterator, (void**)¤t_payload))
|
||||
{
|
||||
|
@ -289,9 +289,9 @@ static void generate(private_encryption_payload_t *this)
|
|||
iterator->destroy(iterator);
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
generator = generator_create();
|
||||
|
||||
|
||||
/* build all payload, except last */
|
||||
while(iterator->iterate(iterator, (void**)&next_payload))
|
||||
{
|
||||
|
@ -300,14 +300,14 @@ static void generate(private_encryption_payload_t *this)
|
|||
current_payload = next_payload;
|
||||
}
|
||||
iterator->destroy(iterator);
|
||||
|
||||
|
||||
/* build last payload */
|
||||
current_payload->set_next_type(current_payload, NO_PAYLOAD);
|
||||
generator->generate_payload(generator, current_payload);
|
||||
|
||||
|
||||
/* free already generated data */
|
||||
free(this->decrypted.ptr);
|
||||
|
||||
|
||||
generator->write_to_chunk(generator, &(this->decrypted));
|
||||
generator->destroy(generator);
|
||||
DBG2(DBG_ENC, "successfully generated content in encryption payload");
|
||||
|
@ -321,13 +321,13 @@ static status_t encrypt(private_encryption_payload_t *this)
|
|||
chunk_t iv, padding, to_crypt, result;
|
||||
rng_t *rng;
|
||||
size_t block_size;
|
||||
|
||||
|
||||
if (this->signer == NULL || this->crypter == NULL)
|
||||
{
|
||||
DBG1(DBG_ENC, "could not encrypt, signer/crypter not set");
|
||||
return INVALID_STATE;
|
||||
}
|
||||
|
||||
|
||||
/* for random data in iv and padding */
|
||||
rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
|
||||
if (!rng)
|
||||
|
@ -337,15 +337,15 @@ static status_t encrypt(private_encryption_payload_t *this)
|
|||
}
|
||||
/* build payload chunk */
|
||||
generate(this);
|
||||
|
||||
|
||||
DBG2(DBG_ENC, "encrypting payloads");
|
||||
DBG3(DBG_ENC, "data to encrypt %B", &this->decrypted);
|
||||
|
||||
|
||||
/* build padding */
|
||||
block_size = this->crypter->get_block_size(this->crypter);
|
||||
padding.len = block_size - ((this->decrypted.len + 1) % block_size);
|
||||
rng->allocate_bytes(rng, padding.len, &padding);
|
||||
|
||||
|
||||
/* concatenate payload data, padding, padding len */
|
||||
to_crypt.len = this->decrypted.len + padding.len + 1;
|
||||
to_crypt.ptr = malloc(to_crypt.len);
|
||||
|
@ -353,36 +353,36 @@ static status_t encrypt(private_encryption_payload_t *this)
|
|||
memcpy(to_crypt.ptr, this->decrypted.ptr, this->decrypted.len);
|
||||
memcpy(to_crypt.ptr + this->decrypted.len, padding.ptr, padding.len);
|
||||
*(to_crypt.ptr + to_crypt.len - 1) = padding.len;
|
||||
|
||||
|
||||
/* build iv */
|
||||
iv.len = block_size;
|
||||
rng->allocate_bytes(rng, iv.len, &iv);
|
||||
rng->destroy(rng);
|
||||
|
||||
|
||||
DBG3(DBG_ENC, "data before encryption with padding %B", &to_crypt);
|
||||
|
||||
|
||||
/* encrypt to_crypt chunk */
|
||||
free(this->encrypted.ptr);
|
||||
this->crypter->encrypt(this->crypter, to_crypt, iv, &result);
|
||||
free(padding.ptr);
|
||||
free(to_crypt.ptr);
|
||||
|
||||
|
||||
DBG3(DBG_ENC, "data after encryption %B", &result);
|
||||
|
||||
|
||||
/* build encrypted result with iv and signature */
|
||||
this->encrypted.len = iv.len + result.len + this->signer->get_block_size(this->signer);
|
||||
free(this->encrypted.ptr);
|
||||
this->encrypted.ptr = malloc(this->encrypted.len);
|
||||
|
||||
|
||||
/* fill in result, signature is left out */
|
||||
memcpy(this->encrypted.ptr, iv.ptr, iv.len);
|
||||
memcpy(this->encrypted.ptr + iv.len, result.ptr, result.len);
|
||||
|
||||
|
||||
free(result.ptr);
|
||||
free(iv.ptr);
|
||||
DBG3(DBG_ENC, "data after encryption with IV and (invalid) signature %B",
|
||||
&this->encrypted);
|
||||
|
||||
|
||||
return SUCCESS;
|
||||
}
|
||||
|
||||
|
@ -394,16 +394,16 @@ static status_t parse(private_encryption_payload_t *this)
|
|||
parser_t *parser;
|
||||
status_t status;
|
||||
payload_type_t current_payload_type;
|
||||
|
||||
|
||||
/* build a parser on the decrypted data */
|
||||
parser = parser_create(this->decrypted);
|
||||
|
||||
|
||||
current_payload_type = this->next_payload;
|
||||
/* parse all payloads */
|
||||
while (current_payload_type != NO_PAYLOAD)
|
||||
{
|
||||
payload_t *current_payload;
|
||||
|
||||
payload_t *current_payload;
|
||||
|
||||
status = parser->parse_payload(parser, current_payload_type, (payload_t**)¤t_payload);
|
||||
if (status != SUCCESS)
|
||||
{
|
||||
|
@ -423,7 +423,7 @@ static status_t parse(private_encryption_payload_t *this)
|
|||
|
||||
/* get next payload type */
|
||||
current_payload_type = current_payload->get_next_type(current_payload);
|
||||
|
||||
|
||||
this->payloads->insert_last(this->payloads,current_payload);
|
||||
}
|
||||
parser->destroy(parser);
|
||||
|
@ -438,50 +438,50 @@ static status_t decrypt(private_encryption_payload_t *this)
|
|||
{
|
||||
chunk_t iv, concatenated;
|
||||
u_int8_t padding_length;
|
||||
|
||||
|
||||
DBG2(DBG_ENC, "decrypting encryption payload");
|
||||
DBG3(DBG_ENC, "data before decryption with IV and (invalid) signature %B",
|
||||
&this->encrypted);
|
||||
|
||||
|
||||
if (this->signer == NULL || this->crypter == NULL)
|
||||
{
|
||||
DBG1(DBG_ENC, "could not decrypt, no crypter/signer set");
|
||||
return INVALID_STATE;
|
||||
}
|
||||
|
||||
|
||||
/* get IV */
|
||||
iv.len = this->crypter->get_block_size(this->crypter);
|
||||
|
||||
|
||||
iv.ptr = this->encrypted.ptr;
|
||||
|
||||
|
||||
/* point concatenated to data + padding + padding_length*/
|
||||
concatenated.ptr = this->encrypted.ptr + iv.len;
|
||||
concatenated.len = this->encrypted.len - iv.len -
|
||||
this->signer->get_block_size(this->signer);
|
||||
|
||||
|
||||
/* concatenated must be a multiple of block_size of crypter */
|
||||
if (concatenated.len < iv.len || concatenated.len % iv.len)
|
||||
{
|
||||
DBG1(DBG_ENC, "could not decrypt, invalid input");
|
||||
return FAILED;
|
||||
}
|
||||
|
||||
|
||||
/* free previus data, if any */
|
||||
free(this->decrypted.ptr);
|
||||
|
||||
|
||||
DBG3(DBG_ENC, "data before decryption %B", &concatenated);
|
||||
|
||||
|
||||
this->crypter->decrypt(this->crypter, concatenated, iv, &this->decrypted);
|
||||
|
||||
DBG3(DBG_ENC, "data after decryption with padding %B", &this->decrypted);
|
||||
|
||||
|
||||
/* get padding length, sits just bevore signature */
|
||||
padding_length = *(this->decrypted.ptr + this->decrypted.len - 1);
|
||||
/* add one byte to the padding length, since the padding_length field is
|
||||
/* add one byte to the padding length, since the padding_length field is
|
||||
* not included */
|
||||
padding_length++;
|
||||
this->decrypted.len -= padding_length;
|
||||
|
||||
|
||||
/* check size again */
|
||||
if (padding_length > concatenated.len || this->decrypted.len < 0)
|
||||
{
|
||||
|
@ -489,7 +489,7 @@ static status_t decrypt(private_encryption_payload_t *this)
|
|||
/* decryption failed :-/ */
|
||||
return FAILED;
|
||||
}
|
||||
|
||||
|
||||
/* free padding */
|
||||
this->decrypted.ptr = realloc(this->decrypted.ptr, this->decrypted.len);
|
||||
DBG3(DBG_ENC, "data after decryption without padding %B", &this->decrypted);
|
||||
|
@ -513,13 +513,13 @@ static status_t build_signature(private_encryption_payload_t *this, chunk_t data
|
|||
{
|
||||
chunk_t data_without_sig = data;
|
||||
chunk_t sig;
|
||||
|
||||
|
||||
if (this->signer == NULL)
|
||||
{
|
||||
DBG1(DBG_ENC, "unable to build signature, no signer set");
|
||||
return INVALID_STATE;
|
||||
}
|
||||
|
||||
|
||||
sig.len = this->signer->get_block_size(this->signer);
|
||||
data_without_sig.len -= sig.len;
|
||||
sig.ptr = data.ptr + data_without_sig.len;
|
||||
|
@ -535,7 +535,7 @@ static status_t verify_signature(private_encryption_payload_t *this, chunk_t dat
|
|||
{
|
||||
chunk_t sig, data_without_sig;
|
||||
bool valid;
|
||||
|
||||
|
||||
if (this->signer == NULL)
|
||||
{
|
||||
DBG1(DBG_ENC, "unable to verify signature, no signer set");
|
||||
|
@ -549,18 +549,18 @@ static status_t verify_signature(private_encryption_payload_t *this, chunk_t dat
|
|||
return FAILED;
|
||||
}
|
||||
sig.ptr = data.ptr + data.len - sig.len;
|
||||
|
||||
|
||||
/* verify it */
|
||||
data_without_sig.len = data.len - sig.len;
|
||||
data_without_sig.ptr = data.ptr;
|
||||
valid = this->signer->verify_signature(this->signer, data_without_sig, sig);
|
||||
|
||||
|
||||
if (!valid)
|
||||
{
|
||||
DBG1(DBG_ENC, "signature verification failed");
|
||||
return FAILED;
|
||||
}
|
||||
|
||||
|
||||
DBG2(DBG_ENC, "signature verification successful");
|
||||
return SUCCESS;
|
||||
}
|
||||
|
@ -582,7 +582,7 @@ static void destroy(private_encryption_payload_t *this)
|
|||
encryption_payload_t *encryption_payload_create()
|
||||
{
|
||||
private_encryption_payload_t *this = malloc_thing(private_encryption_payload_t);
|
||||
|
||||
|
||||
/* payload_t interface functions */
|
||||
this->public.payload_interface.verify = (status_t (*) (payload_t *))verify;
|
||||
this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules;
|
||||
|
@ -591,20 +591,20 @@ encryption_payload_t *encryption_payload_create()
|
|||
this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type;
|
||||
this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type;
|
||||
this->public.payload_interface.destroy = (void (*) (payload_t *))destroy;
|
||||
|
||||
|
||||
/* public functions */
|
||||
this->public.create_payload_iterator = (iterator_t * (*) (encryption_payload_t *,bool)) create_payload_iterator;
|
||||
this->public.add_payload = (void (*) (encryption_payload_t *,payload_t *)) add_payload;
|
||||
this->public.remove_first_payload = (status_t (*)(encryption_payload_t*, payload_t **)) remove_first_payload;
|
||||
this->public.get_payload_count = (size_t (*)(encryption_payload_t*)) get_payload_count;
|
||||
|
||||
|
||||
this->public.encrypt = (status_t (*) (encryption_payload_t *)) encrypt;
|
||||
this->public.decrypt = (status_t (*) (encryption_payload_t *)) decrypt;
|
||||
this->public.set_transforms = (void (*) (encryption_payload_t*,crypter_t*,signer_t*)) set_transforms;
|
||||
this->public.build_signature = (status_t (*) (encryption_payload_t*, chunk_t)) build_signature;
|
||||
this->public.verify_signature = (status_t (*) (encryption_payload_t*, chunk_t)) verify_signature;
|
||||
this->public.destroy = (void (*) (encryption_payload_t *)) destroy;
|
||||
|
||||
|
||||
/* set default values of the fields */
|
||||
this->critical = FALSE;
|
||||
this->next_payload = NO_PAYLOAD;
|
||||
|
@ -614,6 +614,6 @@ encryption_payload_t *encryption_payload_create()
|
|||
this->signer = NULL;
|
||||
this->crypter = NULL;
|
||||
this->payloads = linked_list_create();
|
||||
|
||||
|
||||
return (&(this->public));
|
||||
}
|
||||
|
|
|
@ -39,7 +39,7 @@ typedef struct encryption_payload_t encryption_payload_t;
|
|||
/**
|
||||
* The encryption payload as described in RFC section 3.14.
|
||||
*
|
||||
* Before any crypt/decrypt/sign/verify operation can occur,
|
||||
* Before any crypt/decrypt/sign/verify operation can occur,
|
||||
* the transforms must be set. After that, a parsed encryption payload
|
||||
* can be decrypted, which also will parse the contained payloads.
|
||||
* Encryption is done the same way, added payloads will get generated
|
||||
|
@ -54,24 +54,24 @@ struct encryption_payload_t {
|
|||
* Implements payload_t interface.
|
||||
*/
|
||||
payload_t payload_interface;
|
||||
|
||||
|
||||
/**
|
||||
* Creates an iterator for all contained payloads.
|
||||
*
|
||||
*
|
||||
* iterator_t object has to get destroyed by the caller.
|
||||
*
|
||||
* @param forward iterator direction (TRUE: front to end)
|
||||
* return created iterator_t object
|
||||
*/
|
||||
iterator_t *(*create_payload_iterator) (encryption_payload_t *this, bool forward);
|
||||
|
||||
|
||||
/**
|
||||
* Adds a payload to this encryption payload.
|
||||
*
|
||||
* @param payload payload_t object to add
|
||||
*/
|
||||
void (*add_payload) (encryption_payload_t *this, payload_t *payload);
|
||||
|
||||
|
||||
/**
|
||||
* Reove the last payload in the contained payload list.
|
||||
*
|
||||
|
@ -81,20 +81,20 @@ struct encryption_payload_t {
|
|||
* - NOT_FOUND if list empty
|
||||
*/
|
||||
status_t (*remove_first_payload) (encryption_payload_t *this, payload_t **payload);
|
||||
|
||||
|
||||
/**
|
||||
* Get the number of payloads.
|
||||
*
|
||||
* @return number of contained payloads
|
||||
*/
|
||||
size_t (*get_payload_count) (encryption_payload_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Set transforms to use.
|
||||
*
|
||||
*
|
||||
* To decryption, encryption, signature building and verifying,
|
||||
* the payload needs a crypter and a signer object.
|
||||
*
|
||||
*
|
||||
* @warning Do NOT call this function again after encryption, since
|
||||
* the signer must be the same while encrypting and signature building!
|
||||
*
|
||||
|
@ -102,10 +102,10 @@ struct encryption_payload_t {
|
|||
* @param signer signer_t to use for data signing/verifying
|
||||
*/
|
||||
void (*set_transforms) (encryption_payload_t *this, crypter_t *crypter, signer_t *signer);
|
||||
|
||||
|
||||
/**
|
||||
* Generate and encrypt contained payloads.
|
||||
*
|
||||
*
|
||||
* This function generates the content for added payloads
|
||||
* and encrypts them. Signature is not built, since we need
|
||||
* additional data (the full message).
|
||||
|
@ -113,11 +113,11 @@ struct encryption_payload_t {
|
|||
* @return SUCCESS, or INVALID_STATE if transforms not set
|
||||
*/
|
||||
status_t (*encrypt) (encryption_payload_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Decrypt and parse contained payloads.
|
||||
*
|
||||
* This function decrypts the contained data. After,
|
||||
*
|
||||
* This function decrypts the contained data. After,
|
||||
* the payloads are parsed internally and are accessible
|
||||
* via the iterator.
|
||||
*
|
||||
|
@ -127,29 +127,29 @@ struct encryption_payload_t {
|
|||
* - FAILED if data is invalid
|
||||
*/
|
||||
status_t (*decrypt) (encryption_payload_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Build the signature.
|
||||
*
|
||||
*
|
||||
* The signature is built over the FULL message, so the header
|
||||
* and every payload (inclusive this one) must already be generated.
|
||||
* The generated message is supplied via the data paramater.
|
||||
*
|
||||
*
|
||||
* @param data chunk contains the already generated message
|
||||
* @return
|
||||
* - SUCCESS, or
|
||||
* - INVALID_STATE if transforms not set
|
||||
*/
|
||||
status_t (*build_signature) (encryption_payload_t *this, chunk_t data);
|
||||
|
||||
|
||||
/**
|
||||
* Verify the signature.
|
||||
*
|
||||
*
|
||||
* Since the signature is built over the full message, we need
|
||||
* this data to do the verification. The message data
|
||||
* is supplied via the data argument.
|
||||
*
|
||||
* @param data chunk contains the message
|
||||
*
|
||||
* @param data chunk contains the message
|
||||
* @return
|
||||
* - SUCCESS, or
|
||||
* - FAILED if signature invalid, or
|
||||
|
@ -165,7 +165,7 @@ struct encryption_payload_t {
|
|||
|
||||
/**
|
||||
* Creates an empty encryption_payload_t object.
|
||||
*
|
||||
*
|
||||
* @return encryption_payload_t object
|
||||
*/
|
||||
encryption_payload_t *encryption_payload_create(void);
|
||||
|
|
|
@ -23,34 +23,34 @@ typedef struct private_endpoint_notify_t private_endpoint_notify_t;
|
|||
|
||||
/**
|
||||
* Private data of an notify_payload_t object.
|
||||
*
|
||||
*
|
||||
*/
|
||||
struct private_endpoint_notify_t {
|
||||
/**
|
||||
* Public endpoint_notify_t interface.
|
||||
*/
|
||||
endpoint_notify_t public;
|
||||
|
||||
|
||||
/**
|
||||
* Priority
|
||||
*/
|
||||
u_int32_t priority;
|
||||
|
||||
|
||||
/**
|
||||
* Family
|
||||
*/
|
||||
me_endpoint_family_t family;
|
||||
|
||||
|
||||
/**
|
||||
* Endpoint type
|
||||
*/
|
||||
me_endpoint_type_t type;
|
||||
|
||||
|
||||
/**
|
||||
* Endpoint
|
||||
*/
|
||||
host_t *endpoint;
|
||||
|
||||
|
||||
/**
|
||||
* Base (used for server reflexive endpoints)
|
||||
*/
|
||||
|
@ -65,7 +65,7 @@ struct private_endpoint_notify_t {
|
|||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||||
! Family ! Type ! Port !
|
||||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||||
! IP Address (variable)
|
||||
! IP Address (variable)
|
||||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||||
*/
|
||||
|
||||
|
@ -122,9 +122,9 @@ static status_t parse_notification_data(private_endpoint_notify_t *this, chunk_t
|
|||
chunk_t addr;
|
||||
u_int8_t *cur = data.ptr;
|
||||
u_int8_t *top = data.ptr + data.len;
|
||||
|
||||
|
||||
DBG3(DBG_IKE, "me_endpoint_data %B", &data);
|
||||
|
||||
|
||||
if (parse_uint32(&cur, top, &this->priority) != SUCCESS)
|
||||
{
|
||||
DBG1(DBG_IKE, "failed to parse ME_ENDPOINT: invalid priority");
|
||||
|
@ -136,20 +136,20 @@ static status_t parse_notification_data(private_endpoint_notify_t *this, chunk_t
|
|||
DBG1(DBG_IKE, "failed to parse ME_ENDPOINT: invalid family");
|
||||
return FAILED;
|
||||
}
|
||||
|
||||
|
||||
this->family = (me_endpoint_family_t)family;
|
||||
|
||||
|
||||
if (parse_uint8(&cur, top, &type) != SUCCESS || type >= MAX_TYPE)
|
||||
{
|
||||
DBG1(DBG_IKE, "failed to parse ME_ENDPOINT: invalid type");
|
||||
return FAILED;
|
||||
}
|
||||
|
||||
|
||||
this->type = (me_endpoint_type_t)type;
|
||||
|
||||
|
||||
addr_family = AF_INET;
|
||||
addr.len = 4;
|
||||
|
||||
|
||||
switch(this->family)
|
||||
{
|
||||
case IPv6:
|
||||
|
@ -160,24 +160,24 @@ static status_t parse_notification_data(private_endpoint_notify_t *this, chunk_t
|
|||
if (parse_uint16(&cur, top, &port) != SUCCESS)
|
||||
{
|
||||
DBG1(DBG_IKE, "failed to parse ME_ENDPOINT: invalid port");
|
||||
return FAILED;
|
||||
return FAILED;
|
||||
}
|
||||
|
||||
|
||||
if (cur + addr.len > top)
|
||||
{
|
||||
DBG1(DBG_IKE, "failed to parse ME_ENDPOINT: invalid IP address");
|
||||
return FAILED;
|
||||
}
|
||||
|
||||
|
||||
addr.ptr = cur;
|
||||
|
||||
|
||||
this->endpoint = host_create_from_chunk(addr_family, addr, port);
|
||||
break;
|
||||
case NO_FAMILY:
|
||||
default:
|
||||
this->endpoint = NULL;
|
||||
break;
|
||||
}
|
||||
}
|
||||
return SUCCESS;
|
||||
}
|
||||
|
||||
|
@ -192,14 +192,14 @@ static chunk_t build_notification_data(private_endpoint_notify_t *this)
|
|||
u_int32_t prio;
|
||||
u_int16_t port;
|
||||
u_int8_t family, type;
|
||||
|
||||
|
||||
prio = htonl(this->priority);
|
||||
prio_chunk = chunk_from_thing(prio);
|
||||
family = this->family;
|
||||
family_chunk = chunk_from_thing(family);
|
||||
type = this->type;
|
||||
type_chunk = chunk_from_thing(type);
|
||||
|
||||
|
||||
if (this->endpoint)
|
||||
{
|
||||
port = htons(this->endpoint->get_port(this->endpoint));
|
||||
|
@ -208,15 +208,15 @@ static chunk_t build_notification_data(private_endpoint_notify_t *this)
|
|||
else
|
||||
{
|
||||
port = 0;
|
||||
addr_chunk = chunk_empty;
|
||||
addr_chunk = chunk_empty;
|
||||
}
|
||||
port_chunk = chunk_from_thing(port);
|
||||
|
||||
|
||||
/* data = prio | family | type | port | addr */
|
||||
data = chunk_cat("ccccc", prio_chunk, family_chunk, type_chunk,
|
||||
port_chunk, addr_chunk);
|
||||
DBG3(DBG_IKE, "me_endpoint_data %B", &data);
|
||||
|
||||
|
||||
return data;
|
||||
}
|
||||
|
||||
|
@ -226,14 +226,14 @@ static chunk_t build_notification_data(private_endpoint_notify_t *this)
|
|||
static notify_payload_t *build_notify(private_endpoint_notify_t *this)
|
||||
{
|
||||
chunk_t data;
|
||||
notify_payload_t *notify;
|
||||
|
||||
notify_payload_t *notify;
|
||||
|
||||
notify = notify_payload_create();
|
||||
notify->set_notify_type(notify, ME_ENDPOINT);
|
||||
data = build_notification_data(this);
|
||||
notify->set_notification_data(notify, data);
|
||||
chunk_free(&data);
|
||||
|
||||
|
||||
return notify;
|
||||
}
|
||||
|
||||
|
@ -291,7 +291,7 @@ static host_t *get_base(private_endpoint_notify_t *this)
|
|||
static endpoint_notify_t *_clone(private_endpoint_notify_t *this)
|
||||
{
|
||||
private_endpoint_notify_t *clone = (private_endpoint_notify_t*)endpoint_notify_create();
|
||||
|
||||
|
||||
clone->priority = this->priority;
|
||||
clone->type = this->type;
|
||||
clone->family = this->family;
|
||||
|
@ -299,12 +299,12 @@ static endpoint_notify_t *_clone(private_endpoint_notify_t *this)
|
|||
{
|
||||
clone->endpoint = this->endpoint->clone(this->endpoint);
|
||||
}
|
||||
|
||||
|
||||
if (this->base)
|
||||
{
|
||||
clone->base = this->base->clone(this->base);
|
||||
}
|
||||
|
||||
|
||||
return &clone->public;
|
||||
}
|
||||
|
||||
|
@ -336,14 +336,14 @@ endpoint_notify_t *endpoint_notify_create()
|
|||
this->public.build_notify = (notify_payload_t *(*) (endpoint_notify_t *)) build_notify;
|
||||
this->public.clone = (endpoint_notify_t *(*) (endpoint_notify_t *)) _clone;
|
||||
this->public.destroy = (void (*) (endpoint_notify_t *)) destroy;
|
||||
|
||||
|
||||
/* set default values of the fields */
|
||||
this->priority = 0;
|
||||
this->family = NO_FAMILY;
|
||||
this->type = NO_TYPE;
|
||||
this->endpoint = NULL;
|
||||
this->base = NULL;
|
||||
|
||||
|
||||
return &this->public;
|
||||
}
|
||||
|
||||
|
@ -353,34 +353,34 @@ endpoint_notify_t *endpoint_notify_create()
|
|||
endpoint_notify_t *endpoint_notify_create_from_host(me_endpoint_type_t type, host_t *host, host_t *base)
|
||||
{
|
||||
private_endpoint_notify_t *this = (private_endpoint_notify_t*)endpoint_notify_create();
|
||||
|
||||
|
||||
this->type = type;
|
||||
|
||||
|
||||
switch(type)
|
||||
{
|
||||
case HOST:
|
||||
this->priority = pow(2, 16) * ME_PRIO_HOST;
|
||||
this->priority = pow(2, 16) * ME_PRIO_HOST;
|
||||
break;
|
||||
case PEER_REFLEXIVE:
|
||||
this->priority = pow(2, 16) * ME_PRIO_PEER;
|
||||
this->priority = pow(2, 16) * ME_PRIO_PEER;
|
||||
break;
|
||||
case SERVER_REFLEXIVE:
|
||||
this->priority = pow(2, 16) * ME_PRIO_SERVER;
|
||||
this->priority = pow(2, 16) * ME_PRIO_SERVER;
|
||||
break;
|
||||
case RELAYED:
|
||||
default:
|
||||
this->priority = pow(2, 16) * ME_PRIO_RELAY;
|
||||
this->priority = pow(2, 16) * ME_PRIO_RELAY;
|
||||
break;
|
||||
}
|
||||
|
||||
|
||||
/* FIXME: if there is more than one ip address we should vary this priority */
|
||||
this->priority += 65535;
|
||||
|
||||
|
||||
if (!host)
|
||||
{
|
||||
return &this->public;
|
||||
}
|
||||
|
||||
|
||||
switch(host->get_family(host))
|
||||
{
|
||||
case AF_INET:
|
||||
|
@ -394,14 +394,14 @@ endpoint_notify_t *endpoint_notify_create_from_host(me_endpoint_type_t type, hos
|
|||
* (family is set to NO_FAMILY) */
|
||||
return &this->public;
|
||||
}
|
||||
|
||||
|
||||
this->endpoint = host->clone(host);
|
||||
|
||||
|
||||
if (base)
|
||||
{
|
||||
this->base = base->clone(base);
|
||||
}
|
||||
|
||||
|
||||
return &this->public;
|
||||
}
|
||||
|
||||
|
@ -414,7 +414,7 @@ endpoint_notify_t *endpoint_notify_create_from_payload(notify_payload_t *notify)
|
|||
{
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
private_endpoint_notify_t *this = (private_endpoint_notify_t*)endpoint_notify_create();
|
||||
chunk_t data = notify->get_notification_data(notify);
|
||||
if (parse_notification_data(this, data) != SUCCESS)
|
||||
|
|
|
@ -36,34 +36,34 @@ typedef struct endpoint_notify_t endpoint_notify_t;
|
|||
* ME endpoint families.
|
||||
*/
|
||||
enum me_endpoint_family_t {
|
||||
|
||||
|
||||
NO_FAMILY = 0,
|
||||
|
||||
|
||||
IPv4 = 1,
|
||||
|
||||
|
||||
IPv6 = 2,
|
||||
|
||||
|
||||
MAX_FAMILY = 3
|
||||
|
||||
|
||||
};
|
||||
|
||||
/**
|
||||
* ME endpoint types.
|
||||
*/
|
||||
enum me_endpoint_type_t {
|
||||
|
||||
|
||||
NO_TYPE = 0,
|
||||
|
||||
|
||||
HOST = 1,
|
||||
|
||||
|
||||
PEER_REFLEXIVE = 2,
|
||||
|
||||
|
||||
SERVER_REFLEXIVE = 3,
|
||||
|
||||
|
||||
RELAYED = 4,
|
||||
|
||||
|
||||
MAX_TYPE = 5
|
||||
|
||||
|
||||
};
|
||||
|
||||
/**
|
||||
|
@ -79,52 +79,52 @@ extern enum_name_t *me_endpoint_type_names;
|
|||
struct endpoint_notify_t {
|
||||
/**
|
||||
* Returns the priority of this endpoint.
|
||||
*
|
||||
*
|
||||
* @return priority
|
||||
*/
|
||||
u_int32_t (*get_priority) (endpoint_notify_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Sets the priority of this endpoint.
|
||||
*
|
||||
*
|
||||
* @param priority priority
|
||||
*/
|
||||
void (*set_priority) (endpoint_notify_t *this, u_int32_t priority);
|
||||
|
||||
|
||||
/**
|
||||
* Returns the endpoint type of this endpoint.
|
||||
*
|
||||
*
|
||||
* @return endpoint type
|
||||
*/
|
||||
me_endpoint_type_t (*get_type) (endpoint_notify_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Returns the endpoint family of this endpoint.
|
||||
*
|
||||
*
|
||||
* @return endpoint family
|
||||
*/
|
||||
me_endpoint_family_t (*get_family) (endpoint_notify_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Returns the host of this endpoint.
|
||||
*
|
||||
*
|
||||
* @return host
|
||||
*/
|
||||
host_t *(*get_host) (endpoint_notify_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Returns the base of this endpoint.
|
||||
*
|
||||
*
|
||||
* If this is not a SERVER_REFLEXIVE endpoint, the returned host is the same
|
||||
* as the one returned by get_host.
|
||||
*
|
||||
*
|
||||
* @return host
|
||||
*/
|
||||
host_t *(*get_base) (endpoint_notify_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Generates a notification payload from this endpoint.
|
||||
*
|
||||
* Generates a notification payload from this endpoint.
|
||||
*
|
||||
* @return built notify_payload_t
|
||||
*/
|
||||
notify_payload_t *(*build_notify) (endpoint_notify_t *this);
|
||||
|
@ -135,7 +135,7 @@ struct endpoint_notify_t {
|
|||
* @return cloned object
|
||||
*/
|
||||
endpoint_notify_t *(*clone) (endpoint_notify_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Destroys an endpoint_notify_t object.
|
||||
*/
|
||||
|
@ -144,7 +144,7 @@ struct endpoint_notify_t {
|
|||
|
||||
/**
|
||||
* Creates an empty endpoint_notify_t object.
|
||||
*
|
||||
*
|
||||
* @return created endpoint_notify_t object
|
||||
*/
|
||||
endpoint_notify_t *endpoint_notify_create(void);
|
||||
|
@ -152,7 +152,7 @@ endpoint_notify_t *endpoint_notify_create(void);
|
|||
|
||||
/**
|
||||
* Creates an endpoint_notify_t object from a host.
|
||||
*
|
||||
*
|
||||
* @param type the endpoint type
|
||||
* @param host host to base the notify on (gets cloned)
|
||||
* @param base base of the endpoint, applies only to reflexive endpoints (gets cloned)
|
||||
|
@ -163,7 +163,7 @@ endpoint_notify_t *endpoint_notify_create_from_host(me_endpoint_type_t type,
|
|||
|
||||
/**
|
||||
* Creates an endpoint_notify_t object from a notify payload.
|
||||
*
|
||||
*
|
||||
* @param notify the notify payload
|
||||
* @return - created endpoint_notify_t object
|
||||
* - NULL if invalid payload
|
||||
|
|
|
@ -27,19 +27,19 @@ typedef struct private_id_payload_t private_id_payload_t;
|
|||
|
||||
/**
|
||||
* Private data of an id_payload_t object.
|
||||
*
|
||||
*
|
||||
*/
|
||||
struct private_id_payload_t {
|
||||
/**
|
||||
* Public id_payload_t interface.
|
||||
*/
|
||||
id_payload_t public;
|
||||
|
||||
|
||||
/**
|
||||
* one of ID_INITIATOR, ID_RESPONDER
|
||||
*/
|
||||
payload_type_t payload_type;
|
||||
|
||||
|
||||
/**
|
||||
* Next payload type.
|
||||
*/
|
||||
|
@ -49,17 +49,17 @@ struct private_id_payload_t {
|
|||
* Critical flag.
|
||||
*/
|
||||
bool critical;
|
||||
|
||||
|
||||
/**
|
||||
* Length of this payload.
|
||||
*/
|
||||
u_int16_t payload_length;
|
||||
|
||||
|
||||
/**
|
||||
* Type of the ID Data.
|
||||
*/
|
||||
u_int8_t id_type;
|
||||
|
||||
|
||||
/**
|
||||
* The contained id data value.
|
||||
*/
|
||||
|
@ -68,10 +68,10 @@ struct private_id_payload_t {
|
|||
|
||||
/**
|
||||
* Encoding rules to parse or generate a ID payload
|
||||
*
|
||||
* The defined offsets are the positions in a object of type
|
||||
*
|
||||
* The defined offsets are the positions in a object of type
|
||||
* private_id_payload_t.
|
||||
*
|
||||
*
|
||||
*/
|
||||
encoding_rule_t id_payload_encodings[] = {
|
||||
/* 1 Byte next payload type, stored in the field next_payload */
|
||||
|
@ -126,7 +126,7 @@ static status_t verify(private_id_payload_t *this)
|
|||
DBG1(DBG_ENC, "received ID with reserved type %d", this->id_type);
|
||||
return FAILED;
|
||||
}
|
||||
|
||||
|
||||
return SUCCESS;
|
||||
}
|
||||
|
||||
|
@ -242,7 +242,7 @@ static void destroy(private_id_payload_t *this)
|
|||
{
|
||||
chunk_free(&(this->id_data));
|
||||
}
|
||||
free(this);
|
||||
free(this);
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -260,7 +260,7 @@ id_payload_t *id_payload_create(payload_type_t payload_type)
|
|||
this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type;
|
||||
this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_payload_type;
|
||||
this->public.payload_interface.destroy = (void (*) (payload_t *))destroy;
|
||||
|
||||
|
||||
/* public functions */
|
||||
this->public.destroy = (void (*) (id_payload_t *)) destroy;
|
||||
this->public.set_id_type = (void (*) (id_payload_t *,id_type_t)) set_id_type;
|
||||
|
@ -268,7 +268,7 @@ id_payload_t *id_payload_create(payload_type_t payload_type)
|
|||
this->public.set_data = (void (*) (id_payload_t *,chunk_t)) set_data;
|
||||
this->public.get_data = (chunk_t (*) (id_payload_t *)) get_data;
|
||||
this->public.get_data_clone = (chunk_t (*) (id_payload_t *)) get_data_clone;
|
||||
|
||||
|
||||
this->public.get_identification = (identification_t * (*) (id_payload_t *this)) get_identification;
|
||||
|
||||
/* private variables */
|
||||
|
|
|
@ -51,35 +51,35 @@ struct id_payload_t {
|
|||
* @param type Type of ID
|
||||
*/
|
||||
void (*set_id_type) (id_payload_t *this, id_type_t type);
|
||||
|
||||
|
||||
/**
|
||||
* Get the ID type.
|
||||
*
|
||||
* @return type of the ID
|
||||
* @return type of the ID
|
||||
*/
|
||||
id_type_t (*get_id_type) (id_payload_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Set the ID data.
|
||||
*
|
||||
*
|
||||
* Data are getting cloned.
|
||||
*
|
||||
* @param data ID data as chunk_t
|
||||
*/
|
||||
void (*set_data) (id_payload_t *this, chunk_t data);
|
||||
|
||||
|
||||
/**
|
||||
* Get the ID data.
|
||||
*
|
||||
*
|
||||
* Returned data are a copy of the internal one
|
||||
*
|
||||
* @return ID data as chunk_t
|
||||
*/
|
||||
chunk_t (*get_data_clone) (id_payload_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Get the ID data.
|
||||
*
|
||||
*
|
||||
* Returned data are NOT copied.
|
||||
*
|
||||
* @return ID data as chunk_t
|
||||
|
@ -88,13 +88,13 @@ struct id_payload_t {
|
|||
|
||||
/**
|
||||
* Creates an identification object of this id payload.
|
||||
*
|
||||
*
|
||||
* Returned object has to get destroyed by the caller.
|
||||
*
|
||||
* @return identification_t object
|
||||
* @return identification_t object
|
||||
*/
|
||||
identification_t *(*get_identification) (id_payload_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Destroys an id_payload_t object.
|
||||
*/
|
||||
|
@ -103,7 +103,7 @@ struct id_payload_t {
|
|||
|
||||
/**
|
||||
* Creates an empty id_payload_t object.
|
||||
*
|
||||
*
|
||||
* @param payload_type one of ID_INITIATOR, ID_RESPONDER
|
||||
* @return id_payload_t object
|
||||
*/
|
||||
|
@ -111,7 +111,7 @@ id_payload_t *id_payload_create(payload_type_t payload_type);
|
|||
|
||||
/**
|
||||
* Creates an id_payload_t from an existing identification_t object.
|
||||
*
|
||||
*
|
||||
* @param payload_type one of ID_INITIATOR, ID_RESPONDER
|
||||
* @param identification identification_t object
|
||||
* @return id_payload_t object
|
||||
|
|
|
@ -33,7 +33,7 @@ struct private_ike_header_t {
|
|||
* Public interface.
|
||||
*/
|
||||
ike_header_t public;
|
||||
|
||||
|
||||
/**
|
||||
* SPI of the initiator.
|
||||
*/
|
||||
|
@ -62,7 +62,7 @@ struct private_ike_header_t {
|
|||
* Exchange type .
|
||||
*/
|
||||
u_int8_t exchange_type;
|
||||
|
||||
|
||||
/**
|
||||
* Flags of the Message.
|
||||
*/
|
||||
|
@ -87,7 +87,7 @@ struct private_ike_header_t {
|
|||
* Associated Message-ID.
|
||||
*/
|
||||
u_int32_t message_id;
|
||||
|
||||
|
||||
/**
|
||||
* Length of the whole IKEv2-Message (header and all payloads).
|
||||
*/
|
||||
|
@ -111,7 +111,7 @@ ENUM_END(exchange_type_names, INFORMATIONAL);
|
|||
|
||||
/**
|
||||
* Encoding rules to parse or generate a IKEv2-Header.
|
||||
*
|
||||
*
|
||||
* The defined offsets are the positions in a object of type
|
||||
* ike_header_t.
|
||||
*/
|
||||
|
@ -191,9 +191,9 @@ static status_t verify(private_ike_header_t *this)
|
|||
/* initiator spi not set */
|
||||
return FAILED;
|
||||
}
|
||||
|
||||
|
||||
/* verification of version is not done in here */
|
||||
|
||||
|
||||
return SUCCESS;
|
||||
}
|
||||
|
||||
|
@ -372,7 +372,7 @@ static size_t get_length(payload_t *this)
|
|||
ike_header_t *ike_header_create()
|
||||
{
|
||||
private_ike_header_t *this = malloc_thing(private_ike_header_t);
|
||||
|
||||
|
||||
this->public.payload_interface.verify = (status_t (*) (payload_t *))verify;
|
||||
this->public.payload_interface.get_encoding_rules = get_encoding_rules;
|
||||
this->public.payload_interface.get_length = get_length;
|
||||
|
@ -381,7 +381,7 @@ ike_header_t *ike_header_create()
|
|||
this->public.payload_interface.get_type = get_type;
|
||||
this->public.payload_interface.destroy = (void (*) (payload_t *))destroy;
|
||||
this->public.destroy = destroy;
|
||||
|
||||
|
||||
this->public.get_initiator_spi = (u_int64_t (*) (ike_header_t*))get_initiator_spi;
|
||||
this->public.set_initiator_spi = (void (*) (ike_header_t*,u_int64_t))set_initiator_spi;
|
||||
this->public.get_responder_spi = (u_int64_t (*) (ike_header_t*))get_responder_spi;
|
||||
|
@ -397,7 +397,7 @@ ike_header_t *ike_header_create()
|
|||
this->public.set_exchange_type = (void (*) (ike_header_t*,u_int8_t))set_exchange_type;
|
||||
this->public.get_message_id = (u_int32_t (*) (ike_header_t*))get_message_id;
|
||||
this->public.set_message_id = (void (*) (ike_header_t*,u_int32_t))set_message_id;
|
||||
|
||||
|
||||
/* set default values of the fields */
|
||||
this->initiator_spi = 0;
|
||||
this->responder_spi = 0;
|
||||
|
@ -410,6 +410,6 @@ ike_header_t *ike_header_create()
|
|||
this->flags.response = FALSE;
|
||||
this->message_id = 0;
|
||||
this->length = IKE_HEADER_LENGTH;
|
||||
|
||||
|
||||
return (ike_header_t*)this;
|
||||
}
|
||||
|
|
|
@ -60,7 +60,7 @@ enum exchange_type_t{
|
|||
* EXCHANGE_TYPE_UNDEFINED. In private space, since not a official message type.
|
||||
*/
|
||||
EXCHANGE_TYPE_UNDEFINED = 255,
|
||||
|
||||
|
||||
/**
|
||||
* IKE_SA_INIT.
|
||||
*/
|
||||
|
@ -106,56 +106,56 @@ struct ike_header_t {
|
|||
* The payload_t interface.
|
||||
*/
|
||||
payload_t payload_interface;
|
||||
|
||||
|
||||
/**
|
||||
* Get the initiator spi.
|
||||
*
|
||||
* @return initiator_spi
|
||||
*/
|
||||
u_int64_t (*get_initiator_spi) (ike_header_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Set the initiator spi.
|
||||
*
|
||||
* @param initiator_spi initiator_spi
|
||||
*/
|
||||
void (*set_initiator_spi) (ike_header_t *this, u_int64_t initiator_spi);
|
||||
|
||||
|
||||
/**
|
||||
* Get the responder spi.
|
||||
*
|
||||
* @return responder_spi
|
||||
*/
|
||||
u_int64_t (*get_responder_spi) (ike_header_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Set the responder spi.
|
||||
*
|
||||
* @param responder_spi responder_spi
|
||||
*/
|
||||
void (*set_responder_spi) (ike_header_t *this, u_int64_t responder_spi);
|
||||
|
||||
|
||||
/**
|
||||
* Get the major version.
|
||||
*
|
||||
* @return major version
|
||||
*/
|
||||
u_int8_t (*get_maj_version) (ike_header_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Get the minor version.
|
||||
*
|
||||
* @return minor version
|
||||
*/
|
||||
u_int8_t (*get_min_version) (ike_header_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Get the response flag.
|
||||
*
|
||||
* @return response flag
|
||||
*/
|
||||
bool (*get_response_flag) (ike_header_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Set the response flag-
|
||||
*
|
||||
|
@ -168,14 +168,14 @@ struct ike_header_t {
|
|||
* @return version flag
|
||||
*/
|
||||
bool (*get_version_flag) (ike_header_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Get the initiator flag.
|
||||
*
|
||||
* @return initiator flag
|
||||
*/
|
||||
bool (*get_initiator_flag) (ike_header_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Set the initiator flag.
|
||||
*
|
||||
|
@ -189,28 +189,28 @@ struct ike_header_t {
|
|||
* @return exchange type
|
||||
*/
|
||||
u_int8_t (*get_exchange_type) (ike_header_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Set the exchange type.
|
||||
*
|
||||
* @param exchange_type exchange type
|
||||
*/
|
||||
void (*set_exchange_type) (ike_header_t *this, u_int8_t exchange_type);
|
||||
|
||||
|
||||
/**
|
||||
* Get the message id.
|
||||
*
|
||||
* @return message id
|
||||
*/
|
||||
u_int32_t (*get_message_id) (ike_header_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Set the message id.
|
||||
*
|
||||
* @param initiator_spi message id
|
||||
*/
|
||||
void (*set_message_id) (ike_header_t *this, u_int32_t message_id);
|
||||
|
||||
|
||||
/**
|
||||
* Destroys a ike_header_t object.
|
||||
*/
|
||||
|
|
|
@ -25,14 +25,14 @@ typedef struct private_ke_payload_t private_ke_payload_t;
|
|||
|
||||
/**
|
||||
* Private data of an ke_payload_t object.
|
||||
*
|
||||
*
|
||||
*/
|
||||
struct private_ke_payload_t {
|
||||
/**
|
||||
* Public ke_payload_t interface.
|
||||
*/
|
||||
ke_payload_t public;
|
||||
|
||||
|
||||
/**
|
||||
* Next payload type.
|
||||
*/
|
||||
|
@ -42,17 +42,17 @@ struct private_ke_payload_t {
|
|||
* Critical flag.
|
||||
*/
|
||||
bool critical;
|
||||
|
||||
|
||||
/**
|
||||
* Length of this payload.
|
||||
*/
|
||||
u_int16_t payload_length;
|
||||
|
||||
|
||||
/**
|
||||
* DH Group Number.
|
||||
*/
|
||||
u_int16_t dh_group_number;
|
||||
|
||||
|
||||
/**
|
||||
* Key Exchange Data of this KE payload.
|
||||
*/
|
||||
|
@ -61,30 +61,30 @@ struct private_ke_payload_t {
|
|||
|
||||
/**
|
||||
* Encoding rules to parse or generate a IKEv2-KE Payload.
|
||||
*
|
||||
* The defined offsets are the positions in a object of type
|
||||
*
|
||||
* The defined offsets are the positions in a object of type
|
||||
* private_ke_payload_t.
|
||||
*
|
||||
*
|
||||
*/
|
||||
encoding_rule_t ke_payload_encodings[] = {
|
||||
/* 1 Byte next payload type, stored in the field next_payload */
|
||||
{ U_INT_8, offsetof(private_ke_payload_t, next_payload) },
|
||||
/* the critical bit */
|
||||
{ FLAG, offsetof(private_ke_payload_t, critical) },
|
||||
{ FLAG, offsetof(private_ke_payload_t, critical) },
|
||||
/* 7 Bit reserved bits, nowhere stored */
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
/* Length of the whole payload*/
|
||||
{ PAYLOAD_LENGTH, offsetof(private_ke_payload_t, payload_length) },
|
||||
{ PAYLOAD_LENGTH, offsetof(private_ke_payload_t, payload_length) },
|
||||
/* DH Group number as 16 bit field*/
|
||||
{ U_INT_16, offsetof(private_ke_payload_t, dh_group_number) },
|
||||
{ RESERVED_BYTE, 0 },
|
||||
{ RESERVED_BYTE, 0 },
|
||||
{ RESERVED_BYTE, 0 },
|
||||
{ RESERVED_BYTE, 0 },
|
||||
/* Key Exchange Data is from variable size */
|
||||
{ KEY_EXCHANGE_DATA, offsetof(private_ke_payload_t, key_exchange_data)}
|
||||
};
|
||||
|
@ -166,7 +166,7 @@ static void compute_length(private_ke_payload_t *this)
|
|||
if (this->key_exchange_data.ptr != NULL)
|
||||
{
|
||||
length += this->key_exchange_data.len;
|
||||
}
|
||||
}
|
||||
this->payload_length = length;
|
||||
}
|
||||
|
||||
|
@ -199,9 +199,9 @@ static void set_key_exchange_data(private_ke_payload_t *this, chunk_t key_exchan
|
|||
free(this->key_exchange_data.ptr);
|
||||
this->key_exchange_data.ptr = NULL;
|
||||
this->key_exchange_data.len = 0;
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
||||
this->key_exchange_data = chunk_clone(key_exchange_data);
|
||||
compute_length(this);
|
||||
}
|
||||
|
@ -244,7 +244,7 @@ ke_payload_t *ke_payload_create()
|
|||
this->public.get_dh_group_number = (diffie_hellman_group_t (*) (ke_payload_t *)) get_dh_group_number;
|
||||
this->public.set_dh_group_number =(void (*) (ke_payload_t *,diffie_hellman_group_t)) set_dh_group_number;
|
||||
this->public.destroy = (void (*) (ke_payload_t *)) destroy;
|
||||
|
||||
|
||||
/* set default values of the fields */
|
||||
this->critical = FALSE;
|
||||
this->next_payload = NO_PAYLOAD;
|
||||
|
@ -261,10 +261,10 @@ ke_payload_t *ke_payload_create()
|
|||
ke_payload_t *ke_payload_create_from_diffie_hellman(diffie_hellman_t *dh)
|
||||
{
|
||||
private_ke_payload_t *this = (private_ke_payload_t*)ke_payload_create();
|
||||
|
||||
|
||||
dh->get_my_public_value(dh, &this->key_exchange_data);
|
||||
this->dh_group_number = dh->get_dh_group(dh);
|
||||
compute_length(this);
|
||||
|
||||
|
||||
return &this->public;
|
||||
}
|
||||
|
|
|
@ -45,38 +45,38 @@ struct ke_payload_t {
|
|||
* The payload_t interface.
|
||||
*/
|
||||
payload_t payload_interface;
|
||||
|
||||
|
||||
/**
|
||||
* Returns the currently set key exchange data of this KE payload.
|
||||
*
|
||||
*
|
||||
* @warning Returned data are not copied.
|
||||
*
|
||||
*
|
||||
* @return chunk_t pointing to the value
|
||||
*/
|
||||
chunk_t (*get_key_exchange_data) (ke_payload_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Sets the key exchange data of this KE payload.
|
||||
*
|
||||
*
|
||||
* Value is getting copied.
|
||||
*
|
||||
*
|
||||
* @param key_exchange_data chunk_t pointing to the value to set
|
||||
*/
|
||||
void (*set_key_exchange_data) (ke_payload_t *this, chunk_t key_exchange_data);
|
||||
|
||||
/**
|
||||
* Gets the Diffie-Hellman Group Number of this KE payload.
|
||||
*
|
||||
*
|
||||
* @return DH Group Number of this payload
|
||||
*/
|
||||
diffie_hellman_group_t (*get_dh_group_number) (ke_payload_t *this);
|
||||
|
||||
/**
|
||||
* Sets the Diffie-Hellman Group Number of this KE payload.
|
||||
*
|
||||
*
|
||||
* @param dh_group_number DH Group to set
|
||||
*/
|
||||
void (*set_dh_group_number) (ke_payload_t *this,
|
||||
void (*set_dh_group_number) (ke_payload_t *this,
|
||||
diffie_hellman_group_t dh_group_number);
|
||||
|
||||
/**
|
||||
|
@ -87,14 +87,14 @@ struct ke_payload_t {
|
|||
|
||||
/**
|
||||
* Creates an empty ke_payload_t object
|
||||
*
|
||||
*
|
||||
* @return ke_payload_t object
|
||||
*/
|
||||
ke_payload_t *ke_payload_create(void);
|
||||
|
||||
/**
|
||||
* Creates a ke_payload_t from a diffie_hellman_t
|
||||
*
|
||||
*
|
||||
* @param diffie_hellman diffie hellman object containing group and key
|
||||
* @return ke_payload_t object
|
||||
*/
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
|
||||
/* offsetof macro */
|
||||
#include <stddef.h>
|
||||
|
||||
|
@ -26,14 +26,14 @@ typedef struct private_nonce_payload_t private_nonce_payload_t;
|
|||
|
||||
/**
|
||||
* Private data of an nonce_payload_t object.
|
||||
*
|
||||
*
|
||||
*/
|
||||
struct private_nonce_payload_t {
|
||||
/**
|
||||
* Public nonce_payload_t interface.
|
||||
*/
|
||||
nonce_payload_t public;
|
||||
|
||||
|
||||
/**
|
||||
* Next payload type.
|
||||
*/
|
||||
|
@ -43,12 +43,12 @@ struct private_nonce_payload_t {
|
|||
* Critical flag.
|
||||
*/
|
||||
bool critical;
|
||||
|
||||
|
||||
/**
|
||||
* Length of this payload.
|
||||
*/
|
||||
u_int16_t payload_length;
|
||||
|
||||
|
||||
/**
|
||||
* The contained nonce value.
|
||||
*/
|
||||
|
@ -57,26 +57,26 @@ struct private_nonce_payload_t {
|
|||
|
||||
/**
|
||||
* Encoding rules to parse or generate a nonce payload
|
||||
*
|
||||
* The defined offsets are the positions in a object of type
|
||||
*
|
||||
* The defined offsets are the positions in a object of type
|
||||
* private_nonce_payload_t.
|
||||
*
|
||||
*
|
||||
*/
|
||||
encoding_rule_t nonce_payload_encodings[] = {
|
||||
/* 1 Byte next payload type, stored in the field next_payload */
|
||||
{ U_INT_8, offsetof(private_nonce_payload_t, next_payload) },
|
||||
/* the critical bit */
|
||||
{ FLAG, offsetof(private_nonce_payload_t, critical) },
|
||||
{ FLAG, offsetof(private_nonce_payload_t, critical) },
|
||||
/* 7 Bit reserved bits, nowhere stored */
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
/* Length of the whole nonce payload*/
|
||||
{ PAYLOAD_LENGTH, offsetof(private_nonce_payload_t, payload_length) },
|
||||
{ PAYLOAD_LENGTH, offsetof(private_nonce_payload_t, payload_length) },
|
||||
/* some nonce bytes, lenth is defined in PAYLOAD_LENGTH */
|
||||
{ NONCE_DATA, offsetof(private_nonce_payload_t, nonce) }
|
||||
};
|
||||
|
@ -102,7 +102,7 @@ static status_t verify(private_nonce_payload_t *this)
|
|||
/* nonce length is wrong */
|
||||
return FAILED;
|
||||
}
|
||||
|
||||
|
||||
return SUCCESS;
|
||||
}
|
||||
|
||||
|
@ -187,8 +187,8 @@ static void destroy(private_nonce_payload_t *this)
|
|||
{
|
||||
free(this->nonce.ptr);
|
||||
}
|
||||
|
||||
free(this);
|
||||
|
||||
free(this);
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -206,12 +206,12 @@ nonce_payload_t *nonce_payload_create()
|
|||
this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type;
|
||||
this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type;
|
||||
this->public.payload_interface.destroy = (void (*) (payload_t *))destroy;
|
||||
|
||||
|
||||
/* public functions */
|
||||
this->public.destroy = (void (*) (nonce_payload_t *)) destroy;
|
||||
this->public.set_nonce = (void (*) (nonce_payload_t *,chunk_t)) set_nonce;
|
||||
this->public.get_nonce = (chunk_t (*) (nonce_payload_t *)) get_nonce;
|
||||
|
||||
|
||||
/* private variables */
|
||||
this->critical = FALSE;
|
||||
this->next_payload = NO_PAYLOAD;
|
||||
|
|
|
@ -39,7 +39,7 @@ typedef struct nonce_payload_t nonce_payload_t;
|
|||
|
||||
/**
|
||||
* Object representing an IKEv2 Nonce payload.
|
||||
*
|
||||
*
|
||||
* The Nonce payload format is described in RFC section 3.3.
|
||||
*/
|
||||
struct nonce_payload_t {
|
||||
|
@ -54,14 +54,14 @@ struct nonce_payload_t {
|
|||
* @param nonce chunk containing the nonce, will be cloned
|
||||
*/
|
||||
void (*set_nonce) (nonce_payload_t *this, chunk_t nonce);
|
||||
|
||||
|
||||
/**
|
||||
* Get the nonce value.
|
||||
*
|
||||
* @return a chunk containing the cloned nonce
|
||||
*/
|
||||
chunk_t (*get_nonce) (nonce_payload_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Destroys an nonce_payload_t object.
|
||||
*/
|
||||
|
@ -70,7 +70,7 @@ struct nonce_payload_t {
|
|||
|
||||
/**
|
||||
* Creates an empty nonce_payload_t object
|
||||
*
|
||||
*
|
||||
* @return nonce_payload_t object
|
||||
*/
|
||||
nonce_payload_t *nonce_payload_create(void);
|
||||
|
|
|
@ -160,14 +160,14 @@ typedef struct private_notify_payload_t private_notify_payload_t;
|
|||
|
||||
/**
|
||||
* Private data of an notify_payload_t object.
|
||||
*
|
||||
*
|
||||
*/
|
||||
struct private_notify_payload_t {
|
||||
/**
|
||||
* Public notify_payload_t interface.
|
||||
*/
|
||||
notify_payload_t public;
|
||||
|
||||
|
||||
/**
|
||||
* Next payload type.
|
||||
*/
|
||||
|
@ -177,27 +177,27 @@ struct private_notify_payload_t {
|
|||
* Critical flag.
|
||||
*/
|
||||
bool critical;
|
||||
|
||||
|
||||
/**
|
||||
* Length of this payload.
|
||||
*/
|
||||
u_int16_t payload_length;
|
||||
|
||||
|
||||
/**
|
||||
* Protocol id.
|
||||
*/
|
||||
u_int8_t protocol_id;
|
||||
|
||||
|
||||
/**
|
||||
* Spi size.
|
||||
*/
|
||||
u_int8_t spi_size;
|
||||
|
||||
|
||||
/**
|
||||
* Notify message type.
|
||||
*/
|
||||
u_int16_t notify_type;
|
||||
|
||||
|
||||
/**
|
||||
* Security parameter index (spi).
|
||||
*/
|
||||
|
@ -211,26 +211,26 @@ struct private_notify_payload_t {
|
|||
|
||||
/**
|
||||
* Encoding rules to parse or generate a IKEv2-Notify Payload.
|
||||
*
|
||||
* The defined offsets are the positions in a object of type
|
||||
*
|
||||
* The defined offsets are the positions in a object of type
|
||||
* private_notify_payload_t.
|
||||
*
|
||||
*
|
||||
*/
|
||||
encoding_rule_t notify_payload_encodings[] = {
|
||||
/* 1 Byte next payload type, stored in the field next_payload */
|
||||
{ U_INT_8, offsetof(private_notify_payload_t, next_payload) },
|
||||
/* the critical bit */
|
||||
{ FLAG, offsetof(private_notify_payload_t, critical) },
|
||||
{ FLAG, offsetof(private_notify_payload_t, critical) },
|
||||
/* 7 Bit reserved bits, nowhere stored */
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
/* Length of the whole payload*/
|
||||
{ PAYLOAD_LENGTH, offsetof(private_notify_payload_t, payload_length) },
|
||||
{ PAYLOAD_LENGTH, offsetof(private_notify_payload_t, payload_length) },
|
||||
/* Protocol ID as 8 bit field*/
|
||||
{ U_INT_8, offsetof(private_notify_payload_t, protocol_id) },
|
||||
/* SPI Size as 8 bit field*/
|
||||
|
@ -279,7 +279,7 @@ static status_t verify(private_notify_payload_t *this)
|
|||
DBG1(DBG_ENC, "Unknown protocol (%d)", this->protocol_id);
|
||||
return FAILED;
|
||||
}
|
||||
|
||||
|
||||
switch (this->notify_type)
|
||||
{
|
||||
case INVALID_KE_PAYLOAD:
|
||||
|
@ -567,7 +567,7 @@ notify_payload_t *notify_payload_create()
|
|||
this->public.get_notification_data = (chunk_t (*) (notify_payload_t *)) get_notification_data;
|
||||
this->public.set_notification_data = (void (*) (notify_payload_t *,chunk_t)) set_notification_data;
|
||||
this->public.destroy = (void (*) (notify_payload_t *)) destroy;
|
||||
|
||||
|
||||
/* set default values of the fields */
|
||||
this->critical = FALSE;
|
||||
this->next_payload = NO_PAYLOAD;
|
||||
|
@ -579,7 +579,7 @@ notify_payload_t *notify_payload_create()
|
|||
this->spi_size = 0;
|
||||
this->notification_data.ptr = NULL;
|
||||
this->notification_data.len = 0;
|
||||
|
||||
|
||||
return &this->public;
|
||||
}
|
||||
|
||||
|
@ -592,6 +592,6 @@ notify_payload_t *notify_payload_create_from_protocol_and_type(protocol_id_t pro
|
|||
|
||||
notify->set_notify_type(notify,notify_type);
|
||||
notify->set_protocol_id(notify,protocol_id);
|
||||
|
||||
|
||||
return notify;
|
||||
}
|
||||
|
|
|
@ -63,7 +63,7 @@ enum notify_type_t {
|
|||
UNEXPECTED_NAT_DETECTED = 41,
|
||||
/* IKE-ME, private use */
|
||||
ME_CONNECT_FAILED = 8192,
|
||||
|
||||
|
||||
/* notify status messages */
|
||||
INITIAL_CONTACT = 16384,
|
||||
SET_WINDOW_SIZE = 16385,
|
||||
|
@ -116,7 +116,7 @@ extern enum_name_t *notify_type_short_names;
|
|||
|
||||
/**
|
||||
* Class representing an IKEv2-Notify Payload.
|
||||
*
|
||||
*
|
||||
* The Notify Payload format is described in Draft section 3.10.
|
||||
*/
|
||||
struct notify_payload_t {
|
||||
|
@ -124,67 +124,67 @@ struct notify_payload_t {
|
|||
* The payload_t interface.
|
||||
*/
|
||||
payload_t payload_interface;
|
||||
|
||||
|
||||
/**
|
||||
* Gets the protocol id of this payload.
|
||||
*
|
||||
*
|
||||
* @return protocol id of this payload
|
||||
*/
|
||||
u_int8_t (*get_protocol_id) (notify_payload_t *this);
|
||||
|
||||
/**
|
||||
* Sets the protocol id of this payload.
|
||||
*
|
||||
*
|
||||
* @param protocol_id protocol id to set
|
||||
*/
|
||||
void (*set_protocol_id) (notify_payload_t *this, u_int8_t protocol_id);
|
||||
|
||||
/**
|
||||
* Gets the notify message type of this payload.
|
||||
*
|
||||
*
|
||||
* @return notify message type of this payload
|
||||
*/
|
||||
notify_type_t (*get_notify_type) (notify_payload_t *this);
|
||||
|
||||
/**
|
||||
* Sets notify message type of this payload.
|
||||
*
|
||||
*
|
||||
* @param type notify message type to set
|
||||
*/
|
||||
void (*set_notify_type) (notify_payload_t *this, notify_type_t type);
|
||||
|
||||
/**
|
||||
* Returns the currently set spi of this payload.
|
||||
*
|
||||
*
|
||||
* This is only valid for notifys with protocol AH|ESP
|
||||
*
|
||||
* @return SPI value
|
||||
*/
|
||||
u_int32_t (*get_spi) (notify_payload_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Sets the spi of this payload.
|
||||
*
|
||||
*
|
||||
* This is only valid for notifys with protocol AH|ESP
|
||||
*
|
||||
*
|
||||
* @param spi SPI value
|
||||
*/
|
||||
void (*set_spi) (notify_payload_t *this, u_int32_t spi);
|
||||
|
||||
/**
|
||||
* Returns the currently set notification data of payload.
|
||||
*
|
||||
*
|
||||
* Returned data are not copied.
|
||||
*
|
||||
*
|
||||
* @return chunk_t pointing to the value
|
||||
*/
|
||||
chunk_t (*get_notification_data) (notify_payload_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Sets the notification data of this payload.
|
||||
*
|
||||
*
|
||||
* @warning Value is getting copied.
|
||||
*
|
||||
*
|
||||
* @param notification_data chunk_t pointing to the value to set
|
||||
*/
|
||||
void (*set_notification_data) (notify_payload_t *this,
|
||||
|
@ -198,14 +198,14 @@ struct notify_payload_t {
|
|||
|
||||
/**
|
||||
* Creates an empty notify_payload_t object
|
||||
*
|
||||
*
|
||||
* @return created notify_payload_t object
|
||||
*/
|
||||
notify_payload_t *notify_payload_create(void);
|
||||
|
||||
/**
|
||||
* Creates an notify_payload_t object of specific type for specific protocol id.
|
||||
*
|
||||
*
|
||||
* @param protocol_id protocol id (IKE, AH or ESP)
|
||||
* @param type notify type (see notify_type_t)
|
||||
* @return notify_payload_t object
|
||||
|
|
|
@ -42,7 +42,7 @@ enum payload_type_t{
|
|||
* End of payload list in next_payload
|
||||
*/
|
||||
NO_PAYLOAD = 0,
|
||||
|
||||
|
||||
/**
|
||||
* The security association (SA) payload containing proposals.
|
||||
*/
|
||||
|
@ -122,7 +122,7 @@ enum payload_type_t{
|
|||
* Extensible authentication payload (EAP).
|
||||
*/
|
||||
EXTENSIBLE_AUTHENTICATION = 48,
|
||||
|
||||
|
||||
#ifdef ME
|
||||
/**
|
||||
* Identification payload for peers has a value from
|
||||
|
@ -130,7 +130,7 @@ enum payload_type_t{
|
|||
*/
|
||||
ID_PEER = 128,
|
||||
#endif /* ME */
|
||||
|
||||
|
||||
/**
|
||||
* Header has a value of PRIVATE USE space.
|
||||
*
|
||||
|
@ -138,7 +138,7 @@ enum payload_type_t{
|
|||
* used internally to handle IKEv2-Header like a payload.
|
||||
*/
|
||||
HEADER = 140,
|
||||
|
||||
|
||||
/**
|
||||
* PROPOSAL_SUBSTRUCTURE has a value of PRIVATE USE space.
|
||||
*
|
||||
|
@ -154,7 +154,7 @@ enum payload_type_t{
|
|||
* used internally to handle a transform substructure like a payload.
|
||||
*/
|
||||
TRANSFORM_SUBSTRUCTURE = 142,
|
||||
|
||||
|
||||
/**
|
||||
* TRANSFORM_ATTRIBUTE has a value of PRIVATE USE space.
|
||||
*
|
||||
|
@ -170,7 +170,7 @@ enum payload_type_t{
|
|||
* used internally to handle a transform selector like a payload.
|
||||
*/
|
||||
TRAFFIC_SELECTOR_SUBSTRUCTURE = 144,
|
||||
|
||||
|
||||
/**
|
||||
* CONFIGURATION_ATTRIBUTE has a value of PRIVATE USE space.
|
||||
*
|
||||
|
@ -178,7 +178,7 @@ enum payload_type_t{
|
|||
* used internally to handle a transform attribute like a payload.
|
||||
*/
|
||||
CONFIGURATION_ATTRIBUTE = 145,
|
||||
|
||||
|
||||
/**
|
||||
* A unknown payload has a value of PRIVATE USE space.
|
||||
*
|
||||
|
@ -207,7 +207,7 @@ extern enum_name_t *payload_type_short_names;
|
|||
* handling of all payloads.
|
||||
*/
|
||||
struct payload_t {
|
||||
|
||||
|
||||
/**
|
||||
* Get encoding rules for this payload.
|
||||
*
|
||||
|
@ -229,7 +229,7 @@ struct payload_t {
|
|||
* @return type of next payload
|
||||
*/
|
||||
payload_type_t (*get_next_type) (payload_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Set type of next payload.
|
||||
*
|
||||
|
@ -243,14 +243,14 @@ struct payload_t {
|
|||
* @return length of this payload
|
||||
*/
|
||||
size_t (*get_length) (payload_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Verifies payload structure and makes consistence check.
|
||||
*
|
||||
* @return SUCCESS, FAILED if consistence not given
|
||||
*/
|
||||
status_t (*verify) (payload_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Destroys a payload and all included substructures.
|
||||
*/
|
||||
|
|
|
@ -35,14 +35,14 @@ typedef struct private_proposal_substructure_t private_proposal_substructure_t;
|
|||
|
||||
/**
|
||||
* Private data of an proposal_substructure_t object.
|
||||
*
|
||||
*
|
||||
*/
|
||||
struct private_proposal_substructure_t {
|
||||
/**
|
||||
* Public proposal_substructure_t interface.
|
||||
*/
|
||||
proposal_substructure_t public;
|
||||
|
||||
|
||||
/**
|
||||
* Next payload type.
|
||||
*/
|
||||
|
@ -52,12 +52,12 @@ struct private_proposal_substructure_t {
|
|||
* Length of this payload.
|
||||
*/
|
||||
u_int16_t proposal_length;
|
||||
|
||||
|
||||
/**
|
||||
* Proposal number.
|
||||
*/
|
||||
u_int8_t proposal_number;
|
||||
|
||||
|
||||
/**
|
||||
* Protocol ID.
|
||||
*/
|
||||
|
@ -72,12 +72,12 @@ struct private_proposal_substructure_t {
|
|||
* Number of transforms.
|
||||
*/
|
||||
u_int8_t transforms_count;
|
||||
|
||||
|
||||
/**
|
||||
* SPI is stored as chunk.
|
||||
*/
|
||||
chunk_t spi;
|
||||
|
||||
|
||||
/**
|
||||
* Transforms are stored in a linked_list_t.
|
||||
*/
|
||||
|
@ -87,7 +87,7 @@ struct private_proposal_substructure_t {
|
|||
/**
|
||||
* Encoding rules to parse or generate a Proposal substructure.
|
||||
*
|
||||
* The defined offsets are the positions in a object of type
|
||||
* The defined offsets are the positions in a object of type
|
||||
* private_proposal_substructure_t.
|
||||
*/
|
||||
encoding_rule_t proposal_substructure_encodings[] = {
|
||||
|
@ -107,7 +107,7 @@ encoding_rule_t proposal_substructure_encodings[] = {
|
|||
{ U_INT_8, offsetof(private_proposal_substructure_t, transforms_count) },
|
||||
/* SPI is a chunk of variable size*/
|
||||
{ SPI, offsetof(private_proposal_substructure_t, spi) },
|
||||
/* Transforms are stored in a transform substructure,
|
||||
/* Transforms are stored in a transform substructure,
|
||||
offset points to a linked_list_t pointer */
|
||||
{ TRANSFORMS, offsetof(private_proposal_substructure_t, transforms) }
|
||||
};
|
||||
|
@ -136,7 +136,7 @@ static status_t verify(private_proposal_substructure_t *this)
|
|||
status_t status = SUCCESS;
|
||||
iterator_t *iterator;
|
||||
payload_t *current_transform;
|
||||
|
||||
|
||||
if ((this->next_payload != NO_PAYLOAD) && (this->next_payload != 2))
|
||||
{
|
||||
/* must be 0 or 2 */
|
||||
|
@ -178,7 +178,7 @@ static status_t verify(private_proposal_substructure_t *this)
|
|||
DBG1(DBG_ENC, "invalid protocol");
|
||||
return FAILED;
|
||||
}
|
||||
|
||||
|
||||
iterator = this->transforms->create_iterator(this->transforms,TRUE);
|
||||
while(iterator->iterate(iterator, (void**)¤t_transform))
|
||||
{
|
||||
|
@ -190,8 +190,8 @@ static status_t verify(private_proposal_substructure_t *this)
|
|||
}
|
||||
}
|
||||
iterator->destroy(iterator);
|
||||
|
||||
/* proposal number is checked in SA payload */
|
||||
|
||||
/* proposal number is checked in SA payload */
|
||||
return status;
|
||||
}
|
||||
|
||||
|
@ -236,7 +236,7 @@ static void compute_length(private_proposal_substructure_t *this)
|
|||
payload_t *current_transform;
|
||||
size_t transforms_count = 0;
|
||||
size_t length = PROPOSAL_SUBSTRUCTURE_HEADER_LENGTH;
|
||||
|
||||
|
||||
iterator = this->transforms->create_iterator(this->transforms,TRUE);
|
||||
while (iterator->iterate(iterator, (void**)¤t_transform))
|
||||
{
|
||||
|
@ -244,7 +244,7 @@ static void compute_length(private_proposal_substructure_t *this)
|
|||
transforms_count++;
|
||||
}
|
||||
iterator->destroy(iterator);
|
||||
|
||||
|
||||
length += this->spi.len;
|
||||
this->transforms_count = transforms_count;
|
||||
this->proposal_length = length;
|
||||
|
@ -282,7 +282,7 @@ static void add_transform_substructure (private_proposal_substructure_t *this,tr
|
|||
|
||||
}
|
||||
transform->set_is_last_transform(transform,TRUE);
|
||||
|
||||
|
||||
this->transforms->insert_last(this->transforms,(void *) transform);
|
||||
compute_length(this);
|
||||
}
|
||||
|
@ -340,7 +340,7 @@ static void set_spi(private_proposal_substructure_t *this, chunk_t spi)
|
|||
this->spi.len = 0;
|
||||
compute_length(this);
|
||||
}
|
||||
|
||||
|
||||
this->spi.ptr = clalloc(spi.ptr,spi.len);
|
||||
this->spi.len = spi.len;
|
||||
this->spi_size = spi.len;
|
||||
|
@ -355,7 +355,7 @@ static chunk_t get_spi(private_proposal_substructure_t *this)
|
|||
chunk_t spi;
|
||||
spi.ptr = this->spi.ptr;
|
||||
spi.len = this->spi.len;
|
||||
|
||||
|
||||
return spi;
|
||||
}
|
||||
|
||||
|
@ -384,24 +384,24 @@ proposal_t* get_proposal(private_proposal_substructure_t *this)
|
|||
transform_substructure_t *transform;
|
||||
proposal_t *proposal;
|
||||
u_int64_t spi;
|
||||
|
||||
|
||||
proposal = proposal_create(this->protocol_id);
|
||||
|
||||
|
||||
iterator = this->transforms->create_iterator(this->transforms, TRUE);
|
||||
while (iterator->iterate(iterator, (void**)&transform))
|
||||
{
|
||||
transform_type_t transform_type;
|
||||
u_int16_t transform_id;
|
||||
u_int16_t key_length = 0;
|
||||
|
||||
|
||||
transform_type = transform->get_transform_type(transform);
|
||||
transform_id = transform->get_transform_id(transform);
|
||||
transform->get_key_length(transform, &key_length);
|
||||
|
||||
|
||||
proposal->add_algorithm(proposal, transform_type, transform_id, key_length);
|
||||
}
|
||||
iterator->destroy(iterator);
|
||||
|
||||
|
||||
switch (this->spi.len)
|
||||
{
|
||||
case 4:
|
||||
|
@ -414,7 +414,7 @@ proposal_t* get_proposal(private_proposal_substructure_t *this)
|
|||
spi = 0;
|
||||
}
|
||||
proposal->set_spi(proposal, spi);
|
||||
|
||||
|
||||
return proposal;
|
||||
}
|
||||
|
||||
|
@ -426,7 +426,7 @@ static private_proposal_substructure_t* clone_(private_proposal_substructure_t *
|
|||
private_proposal_substructure_t *clone;
|
||||
iterator_t *transforms;
|
||||
transform_substructure_t *current_transform;
|
||||
|
||||
|
||||
clone = (private_proposal_substructure_t *) proposal_substructure_create();
|
||||
clone->next_payload = this->next_payload;
|
||||
clone->proposal_number = this->proposal_number;
|
||||
|
@ -444,8 +444,8 @@ static private_proposal_substructure_t* clone_(private_proposal_substructure_t *
|
|||
current_transform = current_transform->clone(current_transform);
|
||||
clone->public.add_transform_substructure(&clone->public, current_transform);
|
||||
}
|
||||
transforms->destroy(transforms);
|
||||
|
||||
transforms->destroy(transforms);
|
||||
|
||||
return clone;
|
||||
}
|
||||
|
||||
|
@ -468,16 +468,16 @@ proposal_substructure_t *proposal_substructure_create()
|
|||
{
|
||||
private_proposal_substructure_t *this = malloc_thing(private_proposal_substructure_t);
|
||||
|
||||
/* interface functions */
|
||||
/* interface functions */
|
||||
this->public.payload_interface.verify = (status_t (*) (payload_t *))verify;
|
||||
this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules;
|
||||
this->public.payload_interface.get_length = (size_t (*) (payload_t *)) get_length;
|
||||
this->public.payload_interface.get_next_type = (payload_type_t (*) (payload_t *)) get_next_type;
|
||||
this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type;
|
||||
this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type;
|
||||
this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type;
|
||||
this->public.payload_interface.destroy = (void (*) (payload_t *))destroy;
|
||||
|
||||
|
||||
|
||||
|
||||
/* public functions */
|
||||
this->public.create_transform_substructure_iterator = (iterator_t* (*) (proposal_substructure_t *,bool)) create_transform_substructure_iterator;
|
||||
this->public.add_transform_substructure = (void (*) (proposal_substructure_t *,transform_substructure_t *)) add_transform_substructure;
|
||||
|
@ -490,10 +490,10 @@ proposal_substructure_t *proposal_substructure_create()
|
|||
this->public.set_spi = (void (*) (proposal_substructure_t *,chunk_t))set_spi;
|
||||
this->public.get_spi = (chunk_t (*) (proposal_substructure_t *)) get_spi;
|
||||
this->public.get_transform_count = (size_t (*) (proposal_substructure_t *)) get_transform_count;
|
||||
this->public.get_spi_size = (size_t (*) (proposal_substructure_t *)) get_spi_size;
|
||||
this->public.get_spi_size = (size_t (*) (proposal_substructure_t *)) get_spi_size;
|
||||
this->public.clone = (proposal_substructure_t * (*) (proposal_substructure_t *)) clone_;
|
||||
this->public.destroy = (void (*) (proposal_substructure_t *)) destroy;
|
||||
|
||||
|
||||
/* set default values of the fields */
|
||||
this->next_payload = NO_PAYLOAD;
|
||||
this->proposal_length = 0;
|
||||
|
@ -503,9 +503,9 @@ proposal_substructure_t *proposal_substructure_create()
|
|||
this->spi_size = 0;
|
||||
this->spi.ptr = NULL;
|
||||
this->spi.len = 0;
|
||||
|
||||
|
||||
this->transforms = linked_list_create();
|
||||
|
||||
|
||||
return (&(this->public));
|
||||
}
|
||||
|
||||
|
@ -518,9 +518,9 @@ proposal_substructure_t *proposal_substructure_create_from_proposal(proposal_t *
|
|||
private_proposal_substructure_t *this;
|
||||
u_int16_t alg, key_size;
|
||||
enumerator_t *enumerator;
|
||||
|
||||
|
||||
this = (private_proposal_substructure_t*)proposal_substructure_create();
|
||||
|
||||
|
||||
/* encryption algorithm is only availble in ESP */
|
||||
enumerator = proposal->create_enumerator(proposal, ENCRYPTION_ALGORITHM);
|
||||
while (enumerator->enumerate(enumerator, &alg, &key_size))
|
||||
|
@ -530,7 +530,7 @@ proposal_substructure_t *proposal_substructure_create_from_proposal(proposal_t *
|
|||
add_transform_substructure(this, transform);
|
||||
}
|
||||
enumerator->destroy(enumerator);
|
||||
|
||||
|
||||
/* integrity algorithms */
|
||||
enumerator = proposal->create_enumerator(proposal, INTEGRITY_ALGORITHM);
|
||||
while (enumerator->enumerate(enumerator, &alg, &key_size))
|
||||
|
@ -540,7 +540,7 @@ proposal_substructure_t *proposal_substructure_create_from_proposal(proposal_t *
|
|||
add_transform_substructure(this, transform);
|
||||
}
|
||||
enumerator->destroy(enumerator);
|
||||
|
||||
|
||||
/* prf algorithms */
|
||||
enumerator = proposal->create_enumerator(proposal, PSEUDO_RANDOM_FUNCTION);
|
||||
while (enumerator->enumerate(enumerator, &alg, &key_size))
|
||||
|
@ -550,17 +550,17 @@ proposal_substructure_t *proposal_substructure_create_from_proposal(proposal_t *
|
|||
add_transform_substructure(this, transform);
|
||||
}
|
||||
enumerator->destroy(enumerator);
|
||||
|
||||
|
||||
/* dh groups */
|
||||
enumerator = proposal->create_enumerator(proposal, DIFFIE_HELLMAN_GROUP);
|
||||
while (enumerator->enumerate(enumerator, &alg, NULL))
|
||||
{
|
||||
transform = transform_substructure_create_type(DIFFIE_HELLMAN_GROUP,
|
||||
transform = transform_substructure_create_type(DIFFIE_HELLMAN_GROUP,
|
||||
alg, 0);
|
||||
add_transform_substructure(this, transform);
|
||||
}
|
||||
enumerator->destroy(enumerator);
|
||||
|
||||
|
||||
/* extended sequence numbers */
|
||||
enumerator = proposal->create_enumerator(proposal, EXTENDED_SEQUENCE_NUMBERS);
|
||||
while (enumerator->enumerate(enumerator, &alg, NULL))
|
||||
|
@ -570,7 +570,7 @@ proposal_substructure_t *proposal_substructure_create_from_proposal(proposal_t *
|
|||
add_transform_substructure(this, transform);
|
||||
}
|
||||
enumerator->destroy(enumerator);
|
||||
|
||||
|
||||
/* add SPI, if necessary */
|
||||
switch (proposal->get_protocol(proposal))
|
||||
{
|
||||
|
@ -593,6 +593,6 @@ proposal_substructure_t *proposal_substructure_create_from_proposal(proposal_t *
|
|||
}
|
||||
this->proposal_number = 0;
|
||||
this->protocol_id = proposal->get_protocol(proposal);
|
||||
|
||||
|
||||
return &this->public;
|
||||
}
|
||||
|
|
|
@ -38,7 +38,7 @@ typedef struct proposal_substructure_t proposal_substructure_t;
|
|||
|
||||
/**
|
||||
* Class representing an IKEv2-PROPOSAL SUBSTRUCTURE.
|
||||
*
|
||||
*
|
||||
* The PROPOSAL SUBSTRUCTURE format is described in RFC section 3.3.1.
|
||||
*/
|
||||
struct proposal_substructure_t {
|
||||
|
@ -55,7 +55,7 @@ struct proposal_substructure_t {
|
|||
*/
|
||||
iterator_t *(*create_transform_substructure_iterator) (
|
||||
proposal_substructure_t *this, bool forward);
|
||||
|
||||
|
||||
/**
|
||||
* Adds a transform_substructure_t object to this object.
|
||||
*
|
||||
|
@ -63,7 +63,7 @@ struct proposal_substructure_t {
|
|||
*/
|
||||
void (*add_transform_substructure) (proposal_substructure_t *this,
|
||||
transform_substructure_t *transform);
|
||||
|
||||
|
||||
/**
|
||||
* Sets the proposal number of current proposal.
|
||||
*
|
||||
|
@ -71,24 +71,24 @@ struct proposal_substructure_t {
|
|||
*/
|
||||
void (*set_proposal_number) (proposal_substructure_t *this,
|
||||
u_int8_t proposal_number);
|
||||
|
||||
|
||||
/**
|
||||
* get proposal number of current proposal.
|
||||
*
|
||||
*
|
||||
* @return proposal number of current proposal substructure.
|
||||
*/
|
||||
u_int8_t (*get_proposal_number) (proposal_substructure_t *this);
|
||||
|
||||
/**
|
||||
* get the number of transforms in current proposal.
|
||||
*
|
||||
*
|
||||
* @return transform count in current proposal
|
||||
*/
|
||||
size_t (*get_transform_count) (proposal_substructure_t *this);
|
||||
|
||||
/**
|
||||
* get size of the set spi in bytes.
|
||||
*
|
||||
*
|
||||
* @return size of the spi in bytes
|
||||
*/
|
||||
size_t (*get_spi_size) (proposal_substructure_t *this);
|
||||
|
@ -100,43 +100,43 @@ struct proposal_substructure_t {
|
|||
*/
|
||||
void (*set_protocol_id) (proposal_substructure_t *this,
|
||||
u_int8_t protocol_id);
|
||||
|
||||
|
||||
/**
|
||||
* get protocol id of current proposal.
|
||||
*
|
||||
*
|
||||
* @return protocol id of current proposal substructure.
|
||||
*/
|
||||
u_int8_t (*get_protocol_id) (proposal_substructure_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Sets the next_payload field of this substructure
|
||||
*
|
||||
*
|
||||
* If this is the last proposal, next payload field is set to 0,
|
||||
* otherwise to 2
|
||||
*
|
||||
* @param is_last When TRUE, next payload field is set to 0, otherwise to 2
|
||||
*/
|
||||
void (*set_is_last_proposal) (proposal_substructure_t *this, bool is_last);
|
||||
|
||||
|
||||
/**
|
||||
* Returns the currently set SPI of this proposal.
|
||||
*
|
||||
* @return chunk_t pointing to the value
|
||||
*/
|
||||
chunk_t (*get_spi) (proposal_substructure_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Sets the SPI of the current proposal.
|
||||
*
|
||||
*
|
||||
* @warning SPI is getting copied
|
||||
*
|
||||
*
|
||||
* @param spi chunk_t pointing to the value to set
|
||||
*/
|
||||
void (*set_spi) (proposal_substructure_t *this, chunk_t spi);
|
||||
|
||||
|
||||
/**
|
||||
* Get a proposal_t from the propsal_substructure_t.
|
||||
*
|
||||
*
|
||||
* @return proposal_t
|
||||
*/
|
||||
proposal_t * (*get_proposal) (proposal_substructure_t *this);
|
||||
|
@ -156,7 +156,7 @@ struct proposal_substructure_t {
|
|||
|
||||
/**
|
||||
* Creates an empty proposal_substructure_t object
|
||||
*
|
||||
*
|
||||
* @return proposal_substructure_t object
|
||||
*/
|
||||
proposal_substructure_t *proposal_substructure_create(void);
|
||||
|
|
|
@ -27,14 +27,14 @@ typedef struct private_sa_payload_t private_sa_payload_t;
|
|||
|
||||
/**
|
||||
* Private data of an sa_payload_t object.
|
||||
*
|
||||
*
|
||||
*/
|
||||
struct private_sa_payload_t {
|
||||
/**
|
||||
* Public sa_payload_t interface.
|
||||
*/
|
||||
sa_payload_t public;
|
||||
|
||||
|
||||
/**
|
||||
* Next payload type.
|
||||
*/
|
||||
|
@ -44,12 +44,12 @@ struct private_sa_payload_t {
|
|||
* Critical flag.
|
||||
*/
|
||||
bool critical;
|
||||
|
||||
|
||||
/**
|
||||
* Length of this payload.
|
||||
*/
|
||||
u_int16_t payload_length;
|
||||
|
||||
|
||||
/**
|
||||
* Proposals in this payload are stored in a linked_list_t.
|
||||
*/
|
||||
|
@ -58,27 +58,27 @@ struct private_sa_payload_t {
|
|||
|
||||
/**
|
||||
* Encoding rules to parse or generate a IKEv2-SA Payload
|
||||
*
|
||||
* The defined offsets are the positions in a object of type
|
||||
*
|
||||
* The defined offsets are the positions in a object of type
|
||||
* private_sa_payload_t.
|
||||
*
|
||||
*
|
||||
*/
|
||||
encoding_rule_t sa_payload_encodings[] = {
|
||||
/* 1 Byte next payload type, stored in the field next_payload */
|
||||
{ U_INT_8, offsetof(private_sa_payload_t, next_payload) },
|
||||
/* the critical bit */
|
||||
{ FLAG, offsetof(private_sa_payload_t, critical) },
|
||||
{ FLAG, offsetof(private_sa_payload_t, critical) },
|
||||
/* 7 Bit reserved bits, nowhere stored */
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
/* Length of the whole SA payload*/
|
||||
{ PAYLOAD_LENGTH, offsetof(private_sa_payload_t, payload_length) },
|
||||
/* Proposals are stored in a proposal substructure,
|
||||
{ PAYLOAD_LENGTH, offsetof(private_sa_payload_t, payload_length) },
|
||||
/* Proposals are stored in a proposal substructure,
|
||||
offset points to a linked_list_t pointer */
|
||||
{ PROPOSALS, offsetof(private_sa_payload_t, proposals) }
|
||||
};
|
||||
|
@ -108,12 +108,12 @@ static status_t verify(private_sa_payload_t *this)
|
|||
|
||||
/* check proposal numbering */
|
||||
iterator = this->proposals->create_iterator(this->proposals,TRUE);
|
||||
|
||||
|
||||
while(iterator->iterate(iterator, (void**)¤t_proposal))
|
||||
{
|
||||
current_number = current_proposal->get_proposal_number(current_proposal);
|
||||
if (current_number < expected_number)
|
||||
{
|
||||
{
|
||||
if (current_number != (expected_number + 1))
|
||||
{
|
||||
DBG1(DBG_ENC, "proposal number is %d, expected %d or %d",
|
||||
|
@ -129,7 +129,7 @@ static status_t verify(private_sa_payload_t *this)
|
|||
status = FAILED;
|
||||
break;
|
||||
}
|
||||
|
||||
|
||||
status = current_proposal->payload_interface.verify(&(current_proposal->payload_interface));
|
||||
if (status != SUCCESS)
|
||||
{
|
||||
|
@ -139,7 +139,7 @@ static status_t verify(private_sa_payload_t *this)
|
|||
first = FALSE;
|
||||
expected_number = current_number;
|
||||
}
|
||||
|
||||
|
||||
iterator->destroy(iterator);
|
||||
return status;
|
||||
}
|
||||
|
@ -197,14 +197,14 @@ static void compute_length (private_sa_payload_t *this)
|
|||
iterator_t *iterator;
|
||||
payload_t *current_proposal;
|
||||
size_t length = SA_PAYLOAD_HEADER_LENGTH;
|
||||
|
||||
|
||||
iterator = this->proposals->create_iterator(this->proposals,TRUE);
|
||||
while (iterator->iterate(iterator, (void **)¤t_proposal))
|
||||
{
|
||||
length += current_proposal->get_length(current_proposal);
|
||||
}
|
||||
iterator->destroy(iterator);
|
||||
|
||||
|
||||
this->payload_length = length;
|
||||
}
|
||||
|
||||
|
@ -232,7 +232,7 @@ static void add_proposal_substructure(private_sa_payload_t *this,proposal_substr
|
|||
{
|
||||
status_t status;
|
||||
u_int proposal_count = this->proposals->get_count(this->proposals);
|
||||
|
||||
|
||||
if (proposal_count > 0)
|
||||
{
|
||||
proposal_substructure_t *last_proposal;
|
||||
|
@ -252,7 +252,7 @@ static void add_proposal_substructure(private_sa_payload_t *this,proposal_substr
|
|||
static void add_proposal(private_sa_payload_t *this, proposal_t *proposal)
|
||||
{
|
||||
proposal_substructure_t *substructure;
|
||||
|
||||
|
||||
substructure = proposal_substructure_create_from_proposal(proposal);
|
||||
add_proposal_substructure(this, substructure);
|
||||
}
|
||||
|
@ -267,10 +267,10 @@ static linked_list_t *get_proposals(private_sa_payload_t *this)
|
|||
iterator_t *iterator;
|
||||
proposal_substructure_t *proposal_struct;
|
||||
linked_list_t *proposal_list;
|
||||
|
||||
|
||||
/* this list will hold our proposals */
|
||||
proposal_list = linked_list_create();
|
||||
|
||||
|
||||
/* we do not support proposals split up to two proposal substructures, as
|
||||
* AH+ESP bundles are not supported in RFC4301 anymore.
|
||||
* To handle such structures safely, we just skip proposals with multiple
|
||||
|
@ -280,7 +280,7 @@ static linked_list_t *get_proposals(private_sa_payload_t *this)
|
|||
while (iterator->iterate(iterator, (void **)&proposal_struct))
|
||||
{
|
||||
proposal_t *proposal;
|
||||
|
||||
|
||||
/* check if a proposal has a single protocol */
|
||||
if (proposal_struct->get_proposal_number(proposal_struct) == struct_number)
|
||||
{
|
||||
|
@ -310,7 +310,7 @@ static linked_list_t *get_proposals(private_sa_payload_t *this)
|
|||
sa_payload_t *sa_payload_create()
|
||||
{
|
||||
private_sa_payload_t *this = malloc_thing(private_sa_payload_t);
|
||||
|
||||
|
||||
/* public interface */
|
||||
this->public.payload_interface.verify = (status_t (*) (payload_t *))verify;
|
||||
this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules;
|
||||
|
@ -319,14 +319,14 @@ sa_payload_t *sa_payload_create()
|
|||
this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type;
|
||||
this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type;
|
||||
this->public.payload_interface.destroy = (void (*) (payload_t *))destroy;
|
||||
|
||||
|
||||
/* public functions */
|
||||
this->public.create_proposal_substructure_iterator = (iterator_t* (*) (sa_payload_t *,bool)) create_proposal_substructure_iterator;
|
||||
this->public.add_proposal_substructure = (void (*) (sa_payload_t *,proposal_substructure_t *)) add_proposal_substructure;
|
||||
this->public.add_proposal = (void (*) (sa_payload_t*,proposal_t*))add_proposal;
|
||||
this->public.get_proposals = (linked_list_t* (*) (sa_payload_t *)) get_proposals;
|
||||
this->public.destroy = (void (*) (sa_payload_t *)) destroy;
|
||||
|
||||
|
||||
/* set default values of the fields */
|
||||
this->critical = FALSE;
|
||||
this->next_payload = NO_PAYLOAD;
|
||||
|
@ -343,7 +343,7 @@ sa_payload_t *sa_payload_create_from_proposal_list(linked_list_t *proposals)
|
|||
iterator_t *iterator;
|
||||
proposal_t *proposal;
|
||||
sa_payload_t *sa_payload = sa_payload_create();
|
||||
|
||||
|
||||
/* add every payload from the list */
|
||||
iterator = proposals->create_iterator(proposals, TRUE);
|
||||
while (iterator->iterate(iterator, (void**)&proposal))
|
||||
|
@ -351,7 +351,7 @@ sa_payload_t *sa_payload_create_from_proposal_list(linked_list_t *proposals)
|
|||
add_proposal((private_sa_payload_t*)sa_payload, proposal);
|
||||
}
|
||||
iterator->destroy(iterator);
|
||||
|
||||
|
||||
return sa_payload;
|
||||
}
|
||||
|
||||
|
@ -361,8 +361,8 @@ sa_payload_t *sa_payload_create_from_proposal_list(linked_list_t *proposals)
|
|||
sa_payload_t *sa_payload_create_from_proposal(proposal_t *proposal)
|
||||
{
|
||||
sa_payload_t *sa_payload = sa_payload_create();
|
||||
|
||||
|
||||
add_proposal((private_sa_payload_t*)sa_payload, proposal);
|
||||
|
||||
|
||||
return sa_payload;
|
||||
}
|
||||
|
|
|
@ -44,12 +44,12 @@ struct sa_payload_t {
|
|||
* The payload_t interface.
|
||||
*/
|
||||
payload_t payload_interface;
|
||||
|
||||
|
||||
/**
|
||||
* Creates an iterator of stored proposal_substructure_t objects.
|
||||
*
|
||||
* When deleting an proposal using this iterator,
|
||||
* the length of this transform substructure has to be refreshed
|
||||
*
|
||||
* When deleting an proposal using this iterator,
|
||||
* the length of this transform substructure has to be refreshed
|
||||
* by calling get_length()!
|
||||
*
|
||||
* @param forward iterator direction (TRUE: front to end)
|
||||
|
@ -57,7 +57,7 @@ struct sa_payload_t {
|
|||
*/
|
||||
iterator_t *(*create_proposal_substructure_iterator) (sa_payload_t *this,
|
||||
bool forward);
|
||||
|
||||
|
||||
/**
|
||||
* Adds a proposal_substructure_t object to this object.
|
||||
*
|
||||
|
@ -68,18 +68,18 @@ struct sa_payload_t {
|
|||
|
||||
/**
|
||||
* Gets the proposals in this payload as a list.
|
||||
*
|
||||
*
|
||||
* @return a list containing proposal_t s
|
||||
*/
|
||||
linked_list_t *(*get_proposals) (sa_payload_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Add a child proposal (AH/ESP) to the payload.
|
||||
*
|
||||
*
|
||||
* @param proposal child proposal to add to the payload
|
||||
*/
|
||||
void (*add_proposal) (sa_payload_t *this, proposal_t *proposal);
|
||||
|
||||
|
||||
/**
|
||||
* Destroys an sa_payload_t object.
|
||||
*/
|
||||
|
@ -88,14 +88,14 @@ struct sa_payload_t {
|
|||
|
||||
/**
|
||||
* Creates an empty sa_payload_t object
|
||||
*
|
||||
*
|
||||
* @return created sa_payload_t object
|
||||
*/
|
||||
sa_payload_t *sa_payload_create(void);
|
||||
|
||||
/**
|
||||
* Creates a sa_payload_t object from a list of proposals.
|
||||
*
|
||||
*
|
||||
* @param proposals list of proposals to build the payload from
|
||||
* @return sa_payload_t object
|
||||
*/
|
||||
|
@ -103,10 +103,10 @@ sa_payload_t *sa_payload_create_from_proposal_list(linked_list_t *proposals);
|
|||
|
||||
/**
|
||||
* Creates a sa_payload_t object from a single proposal.
|
||||
*
|
||||
*
|
||||
* This is only for convenience. Use sa_payload_create_from_proposal_list
|
||||
* if you want to add more than one proposal.
|
||||
*
|
||||
*
|
||||
* @param proposal proposal from which the payload should be built.
|
||||
* @return sa_payload_t object
|
||||
*/
|
||||
|
|
|
@ -24,19 +24,19 @@ typedef struct private_traffic_selector_substructure_t private_traffic_selector_
|
|||
|
||||
/**
|
||||
* Private data of an traffic_selector_substructure_t object.
|
||||
*
|
||||
*
|
||||
*/
|
||||
struct private_traffic_selector_substructure_t {
|
||||
/**
|
||||
* Public traffic_selector_substructure_t interface.
|
||||
*/
|
||||
traffic_selector_substructure_t public;
|
||||
|
||||
|
||||
/**
|
||||
* Type of traffic selector.
|
||||
*/
|
||||
u_int8_t ts_type;
|
||||
|
||||
|
||||
/**
|
||||
* IP Protocol ID.
|
||||
*/
|
||||
|
@ -46,7 +46,7 @@ struct private_traffic_selector_substructure_t {
|
|||
* Length of this payload.
|
||||
*/
|
||||
u_int16_t payload_length;
|
||||
|
||||
|
||||
/**
|
||||
* Start port number.
|
||||
*/
|
||||
|
@ -56,7 +56,7 @@ struct private_traffic_selector_substructure_t {
|
|||
* End port number.
|
||||
*/
|
||||
u_int16_t end_port;
|
||||
|
||||
|
||||
/**
|
||||
* Starting address.
|
||||
*/
|
||||
|
@ -70,17 +70,17 @@ struct private_traffic_selector_substructure_t {
|
|||
|
||||
/**
|
||||
* Encoding rules to parse or generate a TS payload
|
||||
*
|
||||
* The defined offsets are the positions in a object of type
|
||||
*
|
||||
* The defined offsets are the positions in a object of type
|
||||
* private_traffic_selector_substructure_t.
|
||||
*
|
||||
*
|
||||
*/
|
||||
encoding_rule_t traffic_selector_substructure_encodings[] = {
|
||||
/* 1 Byte next ts type*/
|
||||
{ TS_TYPE, offsetof(private_traffic_selector_substructure_t, ts_type) },
|
||||
/* 1 Byte IP protocol id*/
|
||||
{ U_INT_8, offsetof(private_traffic_selector_substructure_t, ip_protocol_id) },
|
||||
/* Length of the whole payload*/
|
||||
/* Length of the whole payload*/
|
||||
{ PAYLOAD_LENGTH, offsetof(private_traffic_selector_substructure_t, payload_length) },
|
||||
/* 2 Byte start port*/
|
||||
{ U_INT_16, offsetof(private_traffic_selector_substructure_t, start_port) },
|
||||
|
@ -124,7 +124,7 @@ static status_t verify(private_traffic_selector_substructure_t *this)
|
|||
{
|
||||
case TS_IPV4_ADDR_RANGE:
|
||||
{
|
||||
if ((this->starting_address.len != 4) ||
|
||||
if ((this->starting_address.len != 4) ||
|
||||
(this->ending_address.len != 4))
|
||||
{
|
||||
/* ipv4 address must be 4 bytes long */
|
||||
|
@ -148,7 +148,7 @@ static status_t verify(private_traffic_selector_substructure_t *this)
|
|||
return FAILED;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
return SUCCESS;
|
||||
}
|
||||
|
||||
|
@ -182,7 +182,7 @@ static payload_type_t get_next_type(private_traffic_selector_substructure_t *thi
|
|||
*/
|
||||
static void set_next_type(private_traffic_selector_substructure_t *this,payload_type_t type)
|
||||
{
|
||||
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -199,8 +199,8 @@ static size_t get_length(private_traffic_selector_substructure_t *this)
|
|||
static traffic_selector_t *get_traffic_selector(private_traffic_selector_substructure_t *this)
|
||||
{
|
||||
traffic_selector_t *ts;
|
||||
ts = traffic_selector_create_from_bytes(this->ip_protocol_id, this->ts_type,
|
||||
this->starting_address, this->start_port,
|
||||
ts = traffic_selector_create_from_bytes(this->ip_protocol_id, this->ts_type,
|
||||
this->starting_address, this->start_port,
|
||||
this->ending_address, this->end_port);
|
||||
return ts;
|
||||
}
|
||||
|
@ -221,7 +221,7 @@ static void destroy(private_traffic_selector_substructure_t *this)
|
|||
{
|
||||
free(this->starting_address.ptr);
|
||||
free(this->ending_address.ptr);
|
||||
free(this);
|
||||
free(this);
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -239,11 +239,11 @@ traffic_selector_substructure_t *traffic_selector_substructure_create()
|
|||
this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type;
|
||||
this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_payload_type;
|
||||
this->public.payload_interface.destroy = (void (*) (payload_t *))destroy;
|
||||
|
||||
|
||||
/* public functions */
|
||||
this->public.get_traffic_selector = (traffic_selector_t* (*)(traffic_selector_substructure_t*))get_traffic_selector;
|
||||
this->public.destroy = (void (*) (traffic_selector_substructure_t *)) destroy;
|
||||
|
||||
|
||||
/* private variables */
|
||||
this->payload_length = TRAFFIC_SELECTOR_HEADER_LENGTH;
|
||||
this->start_port = 0;
|
||||
|
@ -269,8 +269,8 @@ traffic_selector_substructure_t *traffic_selector_substructure_create_from_traff
|
|||
this->end_port = traffic_selector->get_to_port(traffic_selector);
|
||||
this->starting_address = chunk_clone(traffic_selector->get_from_address(traffic_selector));
|
||||
this->ending_address = chunk_clone(traffic_selector->get_to_address(traffic_selector));
|
||||
|
||||
|
||||
compute_length(this);
|
||||
|
||||
|
||||
return &(this->public);
|
||||
}
|
||||
|
|
|
@ -36,7 +36,7 @@ typedef struct traffic_selector_substructure_t traffic_selector_substructure_t;
|
|||
|
||||
/**
|
||||
* Class representing an IKEv2 TRAFFIC SELECTOR.
|
||||
*
|
||||
*
|
||||
* The TRAFFIC SELECTOR format is described in RFC section 3.13.1.
|
||||
*/
|
||||
struct traffic_selector_substructure_t {
|
||||
|
@ -44,49 +44,49 @@ struct traffic_selector_substructure_t {
|
|||
* The payload_t interface.
|
||||
*/
|
||||
payload_t payload_interface;
|
||||
|
||||
|
||||
/**
|
||||
* Get the type of Traffic selector.
|
||||
*
|
||||
* @return type of traffic selector
|
||||
*
|
||||
*
|
||||
*/
|
||||
ts_type_t (*get_ts_type) (traffic_selector_substructure_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Set the type of Traffic selector.
|
||||
*
|
||||
* @param ts_type type of traffic selector
|
||||
* @param ts_type type of traffic selector
|
||||
*/
|
||||
void (*set_ts_type) (traffic_selector_substructure_t *this,
|
||||
ts_type_t ts_type);
|
||||
|
||||
|
||||
/**
|
||||
* Get the IP protocol ID of Traffic selector.
|
||||
*
|
||||
* @return type of traffic selector
|
||||
*
|
||||
*
|
||||
*/
|
||||
u_int8_t (*get_protocol_id) (traffic_selector_substructure_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Set the IP protocol ID of Traffic selector
|
||||
*
|
||||
* @param protocol_id protocol ID of traffic selector
|
||||
* @param protocol_id protocol ID of traffic selector
|
||||
*/
|
||||
void (*set_protocol_id) (traffic_selector_substructure_t *this,
|
||||
u_int8_t protocol_id);
|
||||
|
||||
|
||||
/**
|
||||
* Get the start port and address as host_t object.
|
||||
*
|
||||
* Returned host_t object has to get destroyed by the caller.
|
||||
*
|
||||
*
|
||||
* @return start host as host_t object
|
||||
*
|
||||
*
|
||||
*/
|
||||
host_t *(*get_start_host) (traffic_selector_substructure_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Set the start port and address as host_t object.
|
||||
*
|
||||
|
@ -94,17 +94,17 @@ struct traffic_selector_substructure_t {
|
|||
*/
|
||||
void (*set_start_host) (traffic_selector_substructure_t *this,
|
||||
host_t *start_host);
|
||||
|
||||
|
||||
/**
|
||||
* Get the end port and address as host_t object.
|
||||
*
|
||||
* Returned host_t object has to get destroyed by the caller.
|
||||
*
|
||||
*
|
||||
* @return end host as host_t object
|
||||
*
|
||||
*
|
||||
*/
|
||||
host_t *(*get_end_host) (traffic_selector_substructure_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Set the end port and address as host_t object.
|
||||
*
|
||||
|
@ -112,17 +112,17 @@ struct traffic_selector_substructure_t {
|
|||
*/
|
||||
void (*set_end_host) (traffic_selector_substructure_t *this,
|
||||
host_t *end_host);
|
||||
|
||||
|
||||
/**
|
||||
* Get a traffic_selector_t from this substructure.
|
||||
*
|
||||
* @warning traffic_selector_t must be destroyed after usage.
|
||||
*
|
||||
*
|
||||
* @return contained traffic_selector_t
|
||||
*/
|
||||
traffic_selector_t *(*get_traffic_selector) (
|
||||
traffic_selector_substructure_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Destroys an traffic_selector_substructure_t object.
|
||||
*/
|
||||
|
@ -133,7 +133,7 @@ struct traffic_selector_substructure_t {
|
|||
* Creates an empty traffic_selector_substructure_t object.
|
||||
*
|
||||
* TS type is set to default TS_IPV4_ADDR_RANGE!
|
||||
*
|
||||
*
|
||||
* @return traffic_selector_substructure_t object
|
||||
*/
|
||||
traffic_selector_substructure_t *traffic_selector_substructure_create(void);
|
||||
|
@ -141,7 +141,7 @@ traffic_selector_substructure_t *traffic_selector_substructure_create(void);
|
|||
/**
|
||||
* Creates an initialized traffif selector substructure using
|
||||
* the values from a traffic_selector_t.
|
||||
*
|
||||
*
|
||||
* @param traffic_selector traffic_selector_t to use for initialization
|
||||
* @return traffic_selector_substructure_t object
|
||||
*/
|
||||
|
|
|
@ -26,32 +26,32 @@ typedef struct private_transform_attribute_t private_transform_attribute_t;
|
|||
|
||||
/**
|
||||
* Private data of an transform_attribute_t object.
|
||||
*
|
||||
*
|
||||
*/
|
||||
struct private_transform_attribute_t {
|
||||
/**
|
||||
* Public transform_attribute_t interface.
|
||||
*/
|
||||
transform_attribute_t public;
|
||||
|
||||
|
||||
/**
|
||||
* Attribute Format Flag.
|
||||
*
|
||||
*
|
||||
* - TRUE means value is stored in attribute_length_or_value
|
||||
* - FALSE means value is stored in attribute_value
|
||||
*/
|
||||
bool attribute_format;
|
||||
|
||||
|
||||
/**
|
||||
* Type of the attribute.
|
||||
*/
|
||||
u_int16_t attribute_type;
|
||||
|
||||
|
||||
/**
|
||||
* Attribute Length if attribute_format is 0, attribute Value otherwise.
|
||||
*/
|
||||
u_int16_t attribute_length_or_value;
|
||||
|
||||
|
||||
/**
|
||||
* Attribute value as chunk if attribute_format is 0 (FALSE).
|
||||
*/
|
||||
|
@ -67,16 +67,16 @@ ENUM_END(transform_attribute_type_name, KEY_LENGTH);
|
|||
|
||||
/**
|
||||
* Encoding rules to parse or generate a Transform attribute.
|
||||
*
|
||||
* The defined offsets are the positions in a object of type
|
||||
*
|
||||
* The defined offsets are the positions in a object of type
|
||||
* private_transform_attribute_t.
|
||||
*
|
||||
*
|
||||
*/
|
||||
encoding_rule_t transform_attribute_encodings[] = {
|
||||
/* Flag defining the format of this payload */
|
||||
{ ATTRIBUTE_FORMAT, offsetof(private_transform_attribute_t, attribute_format) },
|
||||
/* type of the attribute as 15 bit unsigned integer */
|
||||
{ ATTRIBUTE_TYPE, offsetof(private_transform_attribute_t, attribute_type) },
|
||||
{ ATTRIBUTE_TYPE, offsetof(private_transform_attribute_t, attribute_type) },
|
||||
/* Length or value, depending on the attribute format flag */
|
||||
{ ATTRIBUTE_LENGTH_OR_VALUE, offsetof(private_transform_attribute_t, attribute_length_or_value) },
|
||||
/* Value of attribute if attribute format flag is zero */
|
||||
|
@ -104,7 +104,7 @@ static status_t verify(private_transform_attribute_t *this)
|
|||
{
|
||||
return FAILED;
|
||||
}
|
||||
|
||||
|
||||
return SUCCESS;
|
||||
}
|
||||
|
||||
|
@ -164,16 +164,16 @@ static void set_value_chunk(private_transform_attribute_t *this, chunk_t value)
|
|||
free(this->attribute_value.ptr);
|
||||
this->attribute_value.ptr = NULL;
|
||||
this->attribute_value.len = 0;
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
||||
if (value.len > 2)
|
||||
{
|
||||
this->attribute_value.ptr = clalloc(value.ptr,value.len);
|
||||
this->attribute_value.len = value.len;
|
||||
this->attribute_length_or_value = value.len;
|
||||
/* attribute has not a fixed length */
|
||||
this->attribute_format = FALSE;
|
||||
this->attribute_format = FALSE;
|
||||
}
|
||||
else
|
||||
{
|
||||
|
@ -192,7 +192,7 @@ static void set_value(private_transform_attribute_t *this, u_int16_t value)
|
|||
free(this->attribute_value.ptr);
|
||||
this->attribute_value.ptr = NULL;
|
||||
this->attribute_value.len = 0;
|
||||
|
||||
|
||||
}
|
||||
this->attribute_length_or_value = value;
|
||||
}
|
||||
|
@ -207,14 +207,14 @@ static chunk_t get_value_chunk (private_transform_attribute_t *this)
|
|||
if (this->attribute_format == FALSE)
|
||||
{
|
||||
value.ptr = this->attribute_value.ptr;
|
||||
value.len = this->attribute_value.len;
|
||||
value.len = this->attribute_value.len;
|
||||
}
|
||||
else
|
||||
{
|
||||
value.ptr = (void *) &(this->attribute_length_or_value);
|
||||
value.len = 2;
|
||||
}
|
||||
|
||||
|
||||
return value;
|
||||
}
|
||||
|
||||
|
@ -249,19 +249,19 @@ static u_int16_t get_attribute_type (private_transform_attribute_t *this)
|
|||
static transform_attribute_t * _clone(private_transform_attribute_t *this)
|
||||
{
|
||||
private_transform_attribute_t *new_clone;
|
||||
|
||||
|
||||
new_clone = (private_transform_attribute_t *) transform_attribute_create();
|
||||
|
||||
|
||||
new_clone->attribute_format = this->attribute_format;
|
||||
new_clone->attribute_type = this->attribute_type;
|
||||
new_clone->attribute_length_or_value = this->attribute_length_or_value;
|
||||
|
||||
|
||||
if (!new_clone->attribute_format)
|
||||
{
|
||||
new_clone->attribute_value.ptr = clalloc(this->attribute_value.ptr,this->attribute_value.len);
|
||||
new_clone->attribute_value.ptr = clalloc(this->attribute_value.ptr,this->attribute_value.len);
|
||||
new_clone->attribute_value.len = this->attribute_value.len;
|
||||
}
|
||||
|
||||
|
||||
return (transform_attribute_t *) new_clone;
|
||||
}
|
||||
|
||||
|
@ -273,7 +273,7 @@ static void destroy(private_transform_attribute_t *this)
|
|||
if (this->attribute_value.ptr != NULL)
|
||||
{
|
||||
free(this->attribute_value.ptr);
|
||||
}
|
||||
}
|
||||
free(this);
|
||||
}
|
||||
|
||||
|
@ -292,7 +292,7 @@ transform_attribute_t *transform_attribute_create()
|
|||
this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type;
|
||||
this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type;
|
||||
this->public.payload_interface.destroy = (void (*) (payload_t *))destroy;
|
||||
|
||||
|
||||
/* public functions */
|
||||
this->public.set_value_chunk = (void (*) (transform_attribute_t *,chunk_t)) set_value_chunk;
|
||||
this->public.set_value = (void (*) (transform_attribute_t *,u_int16_t)) set_value;
|
||||
|
@ -302,7 +302,7 @@ transform_attribute_t *transform_attribute_create()
|
|||
this->public.get_attribute_type = (u_int16_t (*) (transform_attribute_t *)) get_attribute_type;
|
||||
this->public.clone = (transform_attribute_t * (*) (transform_attribute_t *)) _clone;
|
||||
this->public.destroy = (void (*) (transform_attribute_t *)) destroy;
|
||||
|
||||
|
||||
/* set default values of the fields */
|
||||
this->attribute_format = TRUE;
|
||||
this->attribute_type = 0;
|
||||
|
|
|
@ -37,14 +37,14 @@ enum transform_attribute_type_t {
|
|||
KEY_LENGTH = 14
|
||||
};
|
||||
|
||||
/**
|
||||
/**
|
||||
* enum name for transform_attribute_type_t.
|
||||
*/
|
||||
extern enum_name_t *transform_attribute_type_names;
|
||||
|
||||
/**
|
||||
* Class representing an IKEv2- TRANSFORM Attribute.
|
||||
*
|
||||
*
|
||||
* The TRANSFORM ATTRIBUTE format is described in RFC section 3.3.5.
|
||||
*/
|
||||
struct transform_attribute_t {
|
||||
|
@ -55,52 +55,52 @@ struct transform_attribute_t {
|
|||
|
||||
/**
|
||||
* Returns the currently set value of the attribute.
|
||||
*
|
||||
*
|
||||
* Returned data are not copied.
|
||||
*
|
||||
*
|
||||
* @return chunk_t pointing to the value
|
||||
*/
|
||||
chunk_t (*get_value_chunk) (transform_attribute_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Returns the currently set value of the attribute.
|
||||
*
|
||||
*
|
||||
* Returned data are not copied.
|
||||
*
|
||||
*
|
||||
* @return value
|
||||
*/
|
||||
u_int16_t (*get_value) (transform_attribute_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Sets the value of the attribute.
|
||||
*
|
||||
*
|
||||
* Value is getting copied.
|
||||
*
|
||||
*
|
||||
* @param value chunk_t pointing to the value to set
|
||||
*/
|
||||
void (*set_value_chunk) (transform_attribute_t *this, chunk_t value);
|
||||
|
||||
/**
|
||||
* Sets the value of the attribute.
|
||||
*
|
||||
*
|
||||
* @param value value to set
|
||||
*/
|
||||
void (*set_value) (transform_attribute_t *this, u_int16_t value);
|
||||
|
||||
/**
|
||||
* Sets the type of the attribute.
|
||||
*
|
||||
*
|
||||
* @param type type to set (most significant bit is set to zero)
|
||||
*/
|
||||
void (*set_attribute_type) (transform_attribute_t *this, u_int16_t type);
|
||||
|
||||
|
||||
/**
|
||||
* get the type of the attribute.
|
||||
*
|
||||
*
|
||||
* @return type of the value
|
||||
*/
|
||||
u_int16_t (*get_attribute_type) (transform_attribute_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Clones an transform_attribute_t object.
|
||||
*
|
||||
|
@ -116,14 +116,14 @@ struct transform_attribute_t {
|
|||
|
||||
/**
|
||||
* Creates an empty transform_attribute_t object.
|
||||
*
|
||||
*
|
||||
* @return transform_attribute_t object
|
||||
*/
|
||||
transform_attribute_t *transform_attribute_create(void);
|
||||
|
||||
/**
|
||||
* Creates an transform_attribute_t of type KEY_LENGTH.
|
||||
*
|
||||
*
|
||||
* @param key_length key length in bytes
|
||||
* @return transform_attribute_t object
|
||||
*/
|
||||
|
|
|
@ -29,36 +29,36 @@ typedef struct private_transform_substructure_t private_transform_substructure_t
|
|||
|
||||
/**
|
||||
* Private data of an transform_substructure_t object.
|
||||
*
|
||||
*
|
||||
*/
|
||||
struct private_transform_substructure_t {
|
||||
/**
|
||||
* Public transform_substructure_t interface.
|
||||
*/
|
||||
transform_substructure_t public;
|
||||
|
||||
|
||||
/**
|
||||
* Next payload type.
|
||||
*/
|
||||
u_int8_t next_payload;
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* Length of this payload.
|
||||
*/
|
||||
u_int16_t transform_length;
|
||||
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* Type of the transform.
|
||||
*/
|
||||
u_int8_t transform_type;
|
||||
|
||||
|
||||
/**
|
||||
* Transform ID.
|
||||
*/
|
||||
u_int16_t transform_id;
|
||||
|
||||
|
||||
/**
|
||||
* Transforms Attributes are stored in a linked_list_t.
|
||||
*/
|
||||
|
@ -68,25 +68,25 @@ struct private_transform_substructure_t {
|
|||
|
||||
/**
|
||||
* Encoding rules to parse or generate a Transform substructure.
|
||||
*
|
||||
* The defined offsets are the positions in a object of type
|
||||
*
|
||||
* The defined offsets are the positions in a object of type
|
||||
* private_transform_substructure_t.
|
||||
*
|
||||
*
|
||||
*/
|
||||
encoding_rule_t transform_substructure_encodings[] = {
|
||||
/* 1 Byte next payload type, stored in the field next_payload */
|
||||
{ U_INT_8, offsetof(private_transform_substructure_t, next_payload) },
|
||||
/* Reserved Byte is skipped */
|
||||
{ RESERVED_BYTE, 0 },
|
||||
{ RESERVED_BYTE, 0 },
|
||||
/* Length of the whole transform substructure*/
|
||||
{ PAYLOAD_LENGTH, offsetof(private_transform_substructure_t, transform_length) },
|
||||
{ PAYLOAD_LENGTH, offsetof(private_transform_substructure_t, transform_length) },
|
||||
/* transform type is a number of 8 bit */
|
||||
{ U_INT_8, offsetof(private_transform_substructure_t, transform_type) },
|
||||
{ U_INT_8, offsetof(private_transform_substructure_t, transform_type) },
|
||||
/* Reserved Byte is skipped */
|
||||
{ RESERVED_BYTE, 0 },
|
||||
{ RESERVED_BYTE, 0 },
|
||||
/* tranform ID is a number of 8 bit */
|
||||
{ U_INT_16, offsetof(private_transform_substructure_t, transform_id) },
|
||||
/* Attributes are stored in a transform attribute,
|
||||
{ U_INT_16, offsetof(private_transform_substructure_t, transform_id) },
|
||||
/* Attributes are stored in a transform attribute,
|
||||
offset points to a linked_list_t pointer */
|
||||
{ TRANSFORM_ATTRIBUTES, offsetof(private_transform_substructure_t, attributes) }
|
||||
};
|
||||
|
@ -114,7 +114,7 @@ static status_t verify(private_transform_substructure_t *this)
|
|||
status_t status = SUCCESS;
|
||||
iterator_t *iterator;
|
||||
payload_t *current_attributes;
|
||||
|
||||
|
||||
if ((this->next_payload != NO_PAYLOAD) && (this->next_payload != 3))
|
||||
{
|
||||
/* must be 0 or 3 */
|
||||
|
@ -139,7 +139,7 @@ static status_t verify(private_transform_substructure_t *this)
|
|||
}
|
||||
}
|
||||
iterator = this->attributes->create_iterator(this->attributes,TRUE);
|
||||
|
||||
|
||||
while(iterator->iterate(iterator, (void**)¤t_attributes))
|
||||
{
|
||||
status = current_attributes->verify(current_attributes);
|
||||
|
@ -149,8 +149,8 @@ static status_t verify(private_transform_substructure_t *this)
|
|||
}
|
||||
}
|
||||
iterator->destroy(iterator);
|
||||
|
||||
/* proposal number is checked in SA payload */
|
||||
|
||||
/* proposal number is checked in SA payload */
|
||||
return status;
|
||||
}
|
||||
|
||||
|
@ -187,14 +187,14 @@ static void compute_length (private_transform_substructure_t *this)
|
|||
iterator_t *iterator;
|
||||
payload_t *current_attribute;
|
||||
size_t length = TRANSFORM_SUBSTRUCTURE_HEADER_LENGTH;
|
||||
|
||||
|
||||
iterator = this->attributes->create_iterator(this->attributes,TRUE);
|
||||
while (iterator->iterate(iterator, (void**)¤t_attribute))
|
||||
{
|
||||
length += current_attribute->get_length(current_attribute);
|
||||
}
|
||||
iterator->destroy(iterator);
|
||||
|
||||
|
||||
this->transform_length = length;
|
||||
}
|
||||
|
||||
|
@ -254,7 +254,7 @@ static void set_transform_type (private_transform_substructure_t *this,u_int8_t
|
|||
{
|
||||
this->transform_type = type;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Implementation of transform_substructure_t.get_transform_type.
|
||||
*/
|
||||
|
@ -270,7 +270,7 @@ static void set_transform_id (private_transform_substructure_t *this,u_int16_t i
|
|||
{
|
||||
this->transform_id = id;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Implementation of transform_substructure_t.get_transform_id.
|
||||
*/
|
||||
|
@ -287,20 +287,20 @@ static transform_substructure_t *clone_(private_transform_substructure_t *this)
|
|||
private_transform_substructure_t *clone;
|
||||
iterator_t *attributes;
|
||||
transform_attribute_t *current_attribute;
|
||||
|
||||
|
||||
clone = (private_transform_substructure_t *) transform_substructure_create();
|
||||
clone->next_payload = this->next_payload;
|
||||
clone->transform_type = this->transform_type;
|
||||
clone->transform_id = this->transform_id;
|
||||
|
||||
|
||||
attributes = this->attributes->create_iterator(this->attributes, FALSE);
|
||||
while (attributes->iterate(attributes, (void**)¤t_attribute))
|
||||
{
|
||||
current_attribute = current_attribute->clone(current_attribute);
|
||||
clone->public.add_transform_attribute(&clone->public, current_attribute);
|
||||
}
|
||||
attributes->destroy(attributes);
|
||||
|
||||
attributes->destroy(attributes);
|
||||
|
||||
return &clone->public;
|
||||
}
|
||||
|
||||
|
@ -312,14 +312,14 @@ static status_t get_key_length(private_transform_substructure_t *this, u_int16_t
|
|||
{
|
||||
iterator_t *attributes;
|
||||
transform_attribute_t *current_attribute;
|
||||
|
||||
|
||||
attributes = this->attributes->create_iterator(this->attributes, TRUE);
|
||||
while (attributes->iterate(attributes, (void**)¤t_attribute))
|
||||
{
|
||||
if (current_attribute->get_attribute_type(current_attribute) == KEY_LENGTH)
|
||||
{
|
||||
*key_length = current_attribute->get_value(current_attribute);
|
||||
attributes->destroy(attributes);
|
||||
attributes->destroy(attributes);
|
||||
return SUCCESS;
|
||||
}
|
||||
}
|
||||
|
@ -350,10 +350,10 @@ transform_substructure_t *transform_substructure_create()
|
|||
this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules;
|
||||
this->public.payload_interface.get_length = (size_t (*) (payload_t *)) get_length;
|
||||
this->public.payload_interface.get_next_type = (payload_type_t (*) (payload_t *)) get_next_type;
|
||||
this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type;
|
||||
this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type;
|
||||
this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type;
|
||||
this->public.payload_interface.destroy = (void (*) (payload_t *))destroy;
|
||||
|
||||
|
||||
/* public functions */
|
||||
this->public.create_transform_attribute_iterator = (iterator_t * (*) (transform_substructure_t *,bool)) create_transform_attribute_iterator;
|
||||
this->public.add_transform_attribute = (void (*) (transform_substructure_t *,transform_attribute_t *)) add_transform_attribute;
|
||||
|
@ -366,14 +366,14 @@ transform_substructure_t *transform_substructure_create()
|
|||
this->public.get_key_length = (status_t (*) (transform_substructure_t *,u_int16_t *)) get_key_length;
|
||||
this->public.clone = (transform_substructure_t* (*) (transform_substructure_t *)) clone_;
|
||||
this->public.destroy = (void (*) (transform_substructure_t *)) destroy;
|
||||
|
||||
|
||||
/* set default values of the fields */
|
||||
this->next_payload = NO_PAYLOAD;
|
||||
this->transform_length = TRANSFORM_SUBSTRUCTURE_HEADER_LENGTH;
|
||||
this->transform_id = 0;
|
||||
this->transform_type = 0;
|
||||
this->attributes = linked_list_create();
|
||||
|
||||
|
||||
return (&(this->public));
|
||||
}
|
||||
|
||||
|
@ -385,17 +385,17 @@ transform_substructure_t *transform_substructure_create_type(
|
|||
u_int16_t transform_id, u_int16_t key_length)
|
||||
{
|
||||
transform_substructure_t *transform = transform_substructure_create();
|
||||
|
||||
|
||||
transform->set_transform_type(transform,transform_type);
|
||||
transform->set_transform_id(transform,transform_id);
|
||||
|
||||
|
||||
if (key_length)
|
||||
{
|
||||
transform_attribute_t *attribute;
|
||||
|
||||
|
||||
attribute = transform_attribute_create_key_length(key_length);
|
||||
transform->add_transform_attribute(transform, attribute);
|
||||
|
||||
|
||||
}
|
||||
return transform;
|
||||
}
|
||||
|
|
|
@ -48,7 +48,7 @@ typedef struct transform_substructure_t transform_substructure_t;
|
|||
|
||||
/**
|
||||
* Class representing an IKEv2- TRANSFORM SUBSTRUCTURE.
|
||||
*
|
||||
*
|
||||
* The TRANSFORM SUBSTRUCTURE format is described in RFC section 3.3.2.
|
||||
*/
|
||||
struct transform_substructure_t {
|
||||
|
@ -56,12 +56,12 @@ struct transform_substructure_t {
|
|||
* The payload_t interface.
|
||||
*/
|
||||
payload_t payload_interface;
|
||||
|
||||
|
||||
/**
|
||||
* Creates an iterator of stored transform_attribute_t objects.
|
||||
*
|
||||
* When deleting an transform attribute using this iterator,
|
||||
* the length of this transform substructure has to be refreshed
|
||||
*
|
||||
* When deleting an transform attribute using this iterator,
|
||||
* the length of this transform substructure has to be refreshed
|
||||
* by calling get_length().
|
||||
*
|
||||
* @param forward iterator direction (TRUE: front to end)
|
||||
|
@ -69,7 +69,7 @@ struct transform_substructure_t {
|
|||
*/
|
||||
iterator_t * (*create_transform_attribute_iterator) (
|
||||
transform_substructure_t *this, bool forward);
|
||||
|
||||
|
||||
/**
|
||||
* Adds a transform_attribute_t object to this object.
|
||||
*
|
||||
|
@ -77,59 +77,59 @@ struct transform_substructure_t {
|
|||
*/
|
||||
void (*add_transform_attribute) (transform_substructure_t *this,
|
||||
transform_attribute_t *attribute);
|
||||
|
||||
|
||||
/**
|
||||
* Sets the next_payload field of this substructure
|
||||
*
|
||||
*
|
||||
* If this is the last transform, next payload field is set to 0,
|
||||
* otherwise to 3
|
||||
*
|
||||
* @param is_last When TRUE, next payload field is set to 0, otherwise to 3
|
||||
*/
|
||||
void (*set_is_last_transform) (transform_substructure_t *this, bool is_last);
|
||||
|
||||
|
||||
/**
|
||||
* Checks if this is the last transform.
|
||||
*
|
||||
*
|
||||
* @return TRUE if this is the last Transform, FALSE otherwise
|
||||
*/
|
||||
bool (*get_is_last_transform) (transform_substructure_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Sets transform type of the current transform substructure.
|
||||
*
|
||||
* @param type type value to set
|
||||
*/
|
||||
void (*set_transform_type) (transform_substructure_t *this, u_int8_t type);
|
||||
|
||||
|
||||
/**
|
||||
* get transform type of the current transform.
|
||||
*
|
||||
*
|
||||
* @return Transform type of current transform substructure.
|
||||
*/
|
||||
u_int8_t (*get_transform_type) (transform_substructure_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Sets transform id of the current transform substructure.
|
||||
*
|
||||
* @param id transform id to set
|
||||
*/
|
||||
void (*set_transform_id) (transform_substructure_t *this, u_int16_t id);
|
||||
|
||||
|
||||
/**
|
||||
* get transform id of the current transform.
|
||||
*
|
||||
*
|
||||
* @return Transform id of current transform substructure.
|
||||
*/
|
||||
u_int16_t (*get_transform_id) (transform_substructure_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* get transform id of the current transform.
|
||||
*
|
||||
* @param key_length The key length is written to this location
|
||||
* @return
|
||||
*
|
||||
* @param key_length The key length is written to this location
|
||||
* @return
|
||||
* - SUCCESS if a key length attribute is contained
|
||||
* - FAILED if no key length attribute is part of this
|
||||
* - FAILED if no key length attribute is part of this
|
||||
* transform or key length uses more then 16 bit!
|
||||
*/
|
||||
status_t (*get_key_length) (transform_substructure_t *this,
|
||||
|
@ -150,18 +150,18 @@ struct transform_substructure_t {
|
|||
|
||||
/**
|
||||
* Creates an empty transform_substructure_t object.
|
||||
*
|
||||
*
|
||||
* @return created transform_substructure_t object
|
||||
*/
|
||||
transform_substructure_t *transform_substructure_create(void);
|
||||
|
||||
/**
|
||||
* Creates an empty transform_substructure_t object.
|
||||
*
|
||||
*
|
||||
* The key length is used for the transport types ENCRYPTION_ALGORITHM,
|
||||
* PSEUDO_RANDOM_FUNCTION, INTEGRITY_ALGORITHM. For all
|
||||
* PSEUDO_RANDOM_FUNCTION, INTEGRITY_ALGORITHM. For all
|
||||
* other transport types the key_length parameter is not used
|
||||
*
|
||||
*
|
||||
* @param transform_type type of transform to create
|
||||
* @param transform_id transform id specifying the specific algorithm of a transform type
|
||||
* @param key_length Key length for key lenght attribute
|
||||
|
|
|
@ -25,19 +25,19 @@ typedef struct private_ts_payload_t private_ts_payload_t;
|
|||
|
||||
/**
|
||||
* Private data of an ts_payload_t object.
|
||||
*
|
||||
*
|
||||
*/
|
||||
struct private_ts_payload_t {
|
||||
/**
|
||||
* Public ts_payload_t interface.
|
||||
*/
|
||||
ts_payload_t public;
|
||||
|
||||
|
||||
/**
|
||||
* TRUE if this TS payload is of type TSi, FALSE for TSr.
|
||||
*/
|
||||
bool is_initiator;
|
||||
|
||||
|
||||
/**
|
||||
* Next payload type.
|
||||
*/
|
||||
|
@ -47,17 +47,17 @@ struct private_ts_payload_t {
|
|||
* Critical flag.
|
||||
*/
|
||||
bool critical;
|
||||
|
||||
|
||||
/**
|
||||
* Length of this payload.
|
||||
*/
|
||||
u_int16_t payload_length;
|
||||
|
||||
|
||||
/**
|
||||
* Number of traffic selectors
|
||||
*/
|
||||
u_int8_t number_of_traffic_selectors;
|
||||
|
||||
|
||||
/**
|
||||
* Contains the traffic selectors of type traffic_selector_substructure_t.
|
||||
*/
|
||||
|
@ -66,10 +66,10 @@ struct private_ts_payload_t {
|
|||
|
||||
/**
|
||||
* Encoding rules to parse or generate a TS payload
|
||||
*
|
||||
* The defined offsets are the positions in a object of type
|
||||
*
|
||||
* The defined offsets are the positions in a object of type
|
||||
* private_ts_payload_t.
|
||||
*
|
||||
*
|
||||
*/
|
||||
encoding_rule_t ts_payload_encodings[] = {
|
||||
/* 1 Byte next payload type, stored in the field next_payload */
|
||||
|
@ -84,7 +84,7 @@ encoding_rule_t ts_payload_encodings[] = {
|
|||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
{ RESERVED_BIT, 0 },
|
||||
/* Length of the whole payload*/
|
||||
/* Length of the whole payload*/
|
||||
{ PAYLOAD_LENGTH, offsetof(private_ts_payload_t, payload_length)},
|
||||
/* 1 Byte TS type*/
|
||||
{ U_INT_8, offsetof(private_ts_payload_t, number_of_traffic_selectors) },
|
||||
|
@ -118,13 +118,13 @@ static status_t verify(private_ts_payload_t *this)
|
|||
iterator_t *iterator;
|
||||
payload_t *current_traffic_selector;
|
||||
status_t status = SUCCESS;
|
||||
|
||||
|
||||
if (this->number_of_traffic_selectors != (this->traffic_selectors->get_count(this->traffic_selectors)))
|
||||
{
|
||||
/* must be the same */
|
||||
return FAILED;
|
||||
}
|
||||
|
||||
|
||||
iterator = this->traffic_selectors->create_iterator(this->traffic_selectors,TRUE);
|
||||
while(iterator->iterate(iterator, (void**)¤t_traffic_selector))
|
||||
{
|
||||
|
@ -135,7 +135,7 @@ static status_t verify(private_ts_payload_t *this)
|
|||
}
|
||||
}
|
||||
iterator->destroy(iterator);
|
||||
|
||||
|
||||
return status;
|
||||
}
|
||||
|
||||
|
@ -188,7 +188,7 @@ static void compute_length (private_ts_payload_t *this)
|
|||
size_t ts_count = 0;
|
||||
size_t length = TS_PAYLOAD_HEADER_LENGTH;
|
||||
payload_t *current_traffic_selector;
|
||||
|
||||
|
||||
iterator = this->traffic_selectors->create_iterator(this->traffic_selectors,TRUE);
|
||||
while (iterator->iterate(iterator, (void**)¤t_traffic_selector))
|
||||
{
|
||||
|
@ -196,9 +196,9 @@ static void compute_length (private_ts_payload_t *this)
|
|||
ts_count++;
|
||||
}
|
||||
iterator->destroy(iterator);
|
||||
|
||||
|
||||
this->number_of_traffic_selectors= ts_count;
|
||||
this->payload_length = length;
|
||||
this->payload_length = length;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -252,7 +252,7 @@ static linked_list_t *get_traffic_selectors(private_ts_payload_t *this)
|
|||
iterator_t *iterator;
|
||||
traffic_selector_substructure_t *ts_substructure;
|
||||
linked_list_t *ts_list = linked_list_create();
|
||||
|
||||
|
||||
iterator = this->traffic_selectors->create_iterator(this->traffic_selectors, TRUE);
|
||||
while (iterator->iterate(iterator, (void**)&ts_substructure))
|
||||
{
|
||||
|
@ -260,7 +260,7 @@ static linked_list_t *get_traffic_selectors(private_ts_payload_t *this)
|
|||
ts_list->insert_last(ts_list, (void*)ts);
|
||||
}
|
||||
iterator->destroy(iterator);
|
||||
|
||||
|
||||
return ts_list;
|
||||
}
|
||||
|
||||
|
@ -289,7 +289,7 @@ ts_payload_t *ts_payload_create(bool is_initiator)
|
|||
this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type;
|
||||
this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_payload_type;
|
||||
this->public.payload_interface.destroy = (void (*) (payload_t *))destroy;
|
||||
|
||||
|
||||
/* public functions */
|
||||
this->public.destroy = (void (*) (ts_payload_t *)) destroy;
|
||||
this->public.get_initiator = (bool (*) (ts_payload_t *)) get_initiator;
|
||||
|
@ -297,14 +297,14 @@ ts_payload_t *ts_payload_create(bool is_initiator)
|
|||
this->public.add_traffic_selector_substructure = (void (*) (ts_payload_t *,traffic_selector_substructure_t *)) add_traffic_selector_substructure;
|
||||
this->public.create_traffic_selector_substructure_iterator = (iterator_t* (*) (ts_payload_t *,bool)) create_traffic_selector_substructure_iterator;
|
||||
this->public.get_traffic_selectors = (linked_list_t *(*) (ts_payload_t *)) get_traffic_selectors;
|
||||
|
||||
|
||||
/* private variables */
|
||||
this->critical = FALSE;
|
||||
this->next_payload = NO_PAYLOAD;
|
||||
this->payload_length =TS_PAYLOAD_HEADER_LENGTH;
|
||||
this->is_initiator = is_initiator;
|
||||
this->number_of_traffic_selectors = 0;
|
||||
this->traffic_selectors = linked_list_create();
|
||||
this->traffic_selectors = linked_list_create();
|
||||
|
||||
return &(this->public);
|
||||
}
|
||||
|
@ -318,9 +318,9 @@ ts_payload_t *ts_payload_create_from_traffic_selectors(bool is_initiator, linked
|
|||
traffic_selector_t *ts;
|
||||
traffic_selector_substructure_t *ts_substructure;
|
||||
private_ts_payload_t *this;
|
||||
|
||||
|
||||
this = (private_ts_payload_t*)ts_payload_create(is_initiator);
|
||||
|
||||
|
||||
iterator = traffic_selectors->create_iterator(traffic_selectors, TRUE);
|
||||
while (iterator->iterate(iterator, (void**)&ts))
|
||||
{
|
||||
|
@ -328,7 +328,7 @@ ts_payload_t *ts_payload_create_from_traffic_selectors(bool is_initiator, linked
|
|||
this->public.add_traffic_selector_substructure(&(this->public), ts_substructure);
|
||||
}
|
||||
iterator->destroy(iterator);
|
||||
|
||||
|
||||
return &(this->public);
|
||||
}
|
||||
|
||||
|
|
|
@ -47,7 +47,7 @@ struct ts_payload_t {
|
|||
* The payload_t interface.
|
||||
*/
|
||||
payload_t payload_interface;
|
||||
|
||||
|
||||
/**
|
||||
* Get the type of TSpayload (TSi or TSr).
|
||||
*
|
||||
|
@ -56,16 +56,16 @@ struct ts_payload_t {
|
|||
* - FALSE if this payload is of type TSr
|
||||
*/
|
||||
bool (*get_initiator) (ts_payload_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Set the type of TS payload (TSi or TSr).
|
||||
*
|
||||
* @param is_initiator
|
||||
* @param is_initiator
|
||||
* - TRUE if this payload is of type TSi
|
||||
* - FALSE if this payload is of type TSr
|
||||
*/
|
||||
void (*set_initiator) (ts_payload_t *this,bool is_initiator);
|
||||
|
||||
|
||||
/**
|
||||
* Adds a traffic_selector_substructure_t object to this object.
|
||||
*
|
||||
|
@ -73,12 +73,12 @@ struct ts_payload_t {
|
|||
*/
|
||||
void (*add_traffic_selector_substructure) (ts_payload_t *this,
|
||||
traffic_selector_substructure_t *traffic_selector);
|
||||
|
||||
|
||||
/**
|
||||
* Creates an iterator of stored traffic_selector_substructure_t objects.
|
||||
*
|
||||
* When removing an traffic_selector_substructure_t object
|
||||
* using this iterator, the length of this payload
|
||||
*
|
||||
* When removing an traffic_selector_substructure_t object
|
||||
* using this iterator, the length of this payload
|
||||
* has to get refreshed by calling payload_t.get_length!
|
||||
*
|
||||
* @param forward iterator direction (TRUE: front to end)
|
||||
|
@ -86,10 +86,10 @@ struct ts_payload_t {
|
|||
*/
|
||||
iterator_t *(*create_traffic_selector_substructure_iterator) (
|
||||
ts_payload_t *this, bool forward);
|
||||
|
||||
|
||||
/**
|
||||
* Get a list of nested traffic selectors as traffic_selector_t.
|
||||
*
|
||||
*
|
||||
* Resulting list and its traffic selectors must be destroyed after usage
|
||||
*
|
||||
* @return list of traffic selectors
|
||||
|
@ -104,8 +104,8 @@ struct ts_payload_t {
|
|||
|
||||
/**
|
||||
* Creates an empty ts_payload_t object.
|
||||
*
|
||||
* @param is_initiator
|
||||
*
|
||||
* @param is_initiator
|
||||
* - TRUE if this payload is of type TSi
|
||||
* - FALSE if this payload is of type TSr
|
||||
* @return ts_payload_t object
|
||||
|
@ -114,14 +114,14 @@ ts_payload_t *ts_payload_create(bool is_initiator);
|
|||
|
||||
/**
|
||||
* Creates ts_payload with a list of traffic_selector_t
|
||||
*
|
||||
* @param is_initiator
|
||||
*
|
||||
* @param is_initiator
|
||||
* - TRUE if this payload is of type TSi
|
||||
* - FALSE if this payload is of type TSr
|
||||
* @param traffic_selectors list of traffic selectors to include
|
||||
* @return ts_payload_t object
|
||||
*/
|
||||
ts_payload_t *ts_payload_create_from_traffic_selectors(bool is_initiator,
|
||||
ts_payload_t *ts_payload_create_from_traffic_selectors(bool is_initiator,
|
||||
linked_list_t *traffic_selectors);
|
||||
|
||||
#endif /** TS_PAYLOAD_H_ @}*/
|
||||
|
|
|
@ -26,12 +26,12 @@ typedef struct private_unknown_payload_t private_unknown_payload_t;
|
|||
* Private data of an unknown_payload_t object.
|
||||
*/
|
||||
struct private_unknown_payload_t {
|
||||
|
||||
|
||||
/**
|
||||
* Public unknown_payload_t interface.
|
||||
*/
|
||||
unknown_payload_t public;
|
||||
|
||||
|
||||
/**
|
||||
* Next payload type.
|
||||
*/
|
||||
|
@ -41,12 +41,12 @@ struct private_unknown_payload_t {
|
|||
* Critical flag.
|
||||
*/
|
||||
bool critical;
|
||||
|
||||
|
||||
/**
|
||||
* Length of this payload.
|
||||
*/
|
||||
u_int16_t payload_length;
|
||||
|
||||
|
||||
/**
|
||||
* The contained data.
|
||||
*/
|
||||
|
@ -55,10 +55,10 @@ struct private_unknown_payload_t {
|
|||
|
||||
/**
|
||||
* Encoding rules to parse an payload which is not further specified.
|
||||
*
|
||||
* The defined offsets are the positions in a object of type
|
||||
*
|
||||
* The defined offsets are the positions in a object of type
|
||||
* private_unknown_payload_t.
|
||||
*
|
||||
*
|
||||
*/
|
||||
encoding_rule_t unknown_payload_encodings[] = {
|
||||
/* 1 Byte next payload type, stored in the field next_payload */
|
||||
|
@ -146,7 +146,7 @@ static size_t get_length(private_unknown_payload_t *this)
|
|||
*/
|
||||
static bool is_critical(private_unknown_payload_t *this)
|
||||
{
|
||||
return this->critical;
|
||||
return this->critical;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -166,8 +166,8 @@ static void destroy(private_unknown_payload_t *this)
|
|||
{
|
||||
chunk_free(&(this->data));
|
||||
}
|
||||
|
||||
free(this);
|
||||
|
||||
free(this);
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -185,12 +185,12 @@ unknown_payload_t *unknown_payload_create()
|
|||
this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type;
|
||||
this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_payload_type;
|
||||
this->public.payload_interface.destroy = (void (*) (payload_t *))destroy;
|
||||
|
||||
|
||||
/* public functions */
|
||||
this->public.destroy = (void (*) (unknown_payload_t *)) destroy;
|
||||
this->public.is_critical = (bool (*) (unknown_payload_t *)) is_critical;
|
||||
this->public.get_data = (chunk_t (*) (unknown_payload_t *)) get_data;
|
||||
|
||||
|
||||
/* private variables */
|
||||
this->critical = FALSE;
|
||||
this->next_payload = NO_PAYLOAD;
|
||||
|
|
|
@ -40,29 +40,29 @@ typedef struct unknown_payload_t unknown_payload_t;
|
|||
* a check for the critical bit in the header.
|
||||
*/
|
||||
struct unknown_payload_t {
|
||||
|
||||
|
||||
/**
|
||||
* The payload_t interface.
|
||||
*/
|
||||
payload_t payload_interface;
|
||||
|
||||
|
||||
/**
|
||||
* Get the raw data of this payload, without
|
||||
* Get the raw data of this payload, without
|
||||
* the generic payload header.
|
||||
*
|
||||
*
|
||||
* Returned data are NOT copied and must not be freed.
|
||||
*
|
||||
* @return data as chunk_t
|
||||
*/
|
||||
chunk_t (*get_data) (unknown_payload_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Get the critical flag.
|
||||
*
|
||||
* @return TRUE if payload is critical, FALSE if not
|
||||
*/
|
||||
bool (*is_critical) (unknown_payload_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Destroys an unknown_payload_t object.
|
||||
*/
|
||||
|
@ -71,7 +71,7 @@ struct unknown_payload_t {
|
|||
|
||||
/**
|
||||
* Creates an empty unknown_payload_t object.
|
||||
*
|
||||
*
|
||||
* @return unknown_payload_t object
|
||||
*/
|
||||
unknown_payload_t *unknown_payload_create(void);
|
||||
|
|
|
@ -23,14 +23,14 @@ typedef struct private_vendor_id_payload_t private_vendor_id_payload_t;
|
|||
|
||||
/**
|
||||
* Private data of an vendor_id_payload_t object.
|
||||
*
|
||||
*
|
||||
*/
|
||||
struct private_vendor_id_payload_t {
|
||||
/**
|
||||
* Public vendor_id_payload_t interface.
|
||||
*/
|
||||
vendor_id_payload_t public;
|
||||
|
||||
|
||||
/**
|
||||
* Next payload type.
|
||||
*/
|
||||
|
@ -40,12 +40,12 @@ struct private_vendor_id_payload_t {
|
|||
* Critical flag.
|
||||
*/
|
||||
bool critical;
|
||||
|
||||
|
||||
/**
|
||||
* Length of this payload.
|
||||
*/
|
||||
u_int16_t payload_length;
|
||||
|
||||
|
||||
/**
|
||||
* The contained vendor_id data value.
|
||||
*/
|
||||
|
@ -54,10 +54,10 @@ struct private_vendor_id_payload_t {
|
|||
|
||||
/**
|
||||
* Encoding rules to parse or generate a VENDOR ID payload
|
||||
*
|
||||
* The defined offsets are the positions in a object of type
|
||||
*
|
||||
* The defined offsets are the positions in a object of type
|
||||
* private_vendor_id_payload_t.
|
||||
*
|
||||
*
|
||||
*/
|
||||
encoding_rule_t vendor_id_payload_encodings[] = {
|
||||
/* 1 Byte next payload type, stored in the field next_payload */
|
||||
|
@ -185,7 +185,7 @@ static void destroy(private_vendor_id_payload_t *this)
|
|||
{
|
||||
chunk_free(&(this->vendor_id_data));
|
||||
}
|
||||
free(this);
|
||||
free(this);
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -203,13 +203,13 @@ vendor_id_payload_t *vendor_id_payload_create()
|
|||
this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type;
|
||||
this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_payload_type;
|
||||
this->public.payload_interface.destroy = (void (*) (payload_t *))destroy;
|
||||
|
||||
|
||||
/* public functions */
|
||||
this->public.destroy = (void (*) (vendor_id_payload_t *)) destroy;
|
||||
this->public.set_data = (void (*) (vendor_id_payload_t *,chunk_t)) set_data;
|
||||
this->public.get_data_clone = (chunk_t (*) (vendor_id_payload_t *)) get_data_clone;
|
||||
this->public.get_data = (chunk_t (*) (vendor_id_payload_t *)) get_data;
|
||||
|
||||
|
||||
/* private variables */
|
||||
this->critical = FALSE;
|
||||
this->next_payload = NO_PAYLOAD;
|
||||
|
|
|
@ -46,31 +46,31 @@ struct vendor_id_payload_t {
|
|||
|
||||
/**
|
||||
* Set the VID data.
|
||||
*
|
||||
*
|
||||
* Data are getting cloned.
|
||||
*
|
||||
* @param data VID data as chunk_t
|
||||
*/
|
||||
void (*set_data) (vendor_id_payload_t *this, chunk_t data);
|
||||
|
||||
|
||||
/**
|
||||
* Get the VID data.
|
||||
*
|
||||
*
|
||||
* Returned data are a copy of the internal one.
|
||||
*
|
||||
* @return VID data as chunk_t
|
||||
*/
|
||||
chunk_t (*get_data_clone) (vendor_id_payload_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Get the VID data.
|
||||
*
|
||||
*
|
||||
* Returned data are NOT copied.
|
||||
*
|
||||
* @return VID data as chunk_t
|
||||
*/
|
||||
chunk_t (*get_data) (vendor_id_payload_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Destroys an vendor_id_payload_t object.
|
||||
*/
|
||||
|
@ -79,7 +79,7 @@ struct vendor_id_payload_t {
|
|||
|
||||
/**
|
||||
* Creates an empty vendor_id_payload_t object.
|
||||
*
|
||||
*
|
||||
* @return vendor_id_payload_t object
|
||||
*/
|
||||
vendor_id_payload_t *vendor_id_payload_create(void);
|
||||
|
|
|
@ -30,12 +30,12 @@ struct private_kernel_interface_t {
|
|||
* Public part of kernel_interface_t object.
|
||||
*/
|
||||
kernel_interface_t public;
|
||||
|
||||
|
||||
/**
|
||||
* ipsec interface
|
||||
*/
|
||||
kernel_ipsec_t *ipsec;
|
||||
|
||||
|
||||
/**
|
||||
* network interface
|
||||
*/
|
||||
|
@ -45,7 +45,7 @@ struct private_kernel_interface_t {
|
|||
/**
|
||||
* Implementation of kernel_interface_t.get_spi
|
||||
*/
|
||||
static status_t get_spi(private_kernel_interface_t *this, host_t *src, host_t *dst,
|
||||
static status_t get_spi(private_kernel_interface_t *this, host_t *src, host_t *dst,
|
||||
protocol_id_t protocol, u_int32_t reqid, u_int32_t *spi)
|
||||
{
|
||||
if (!this->ipsec)
|
||||
|
@ -58,7 +58,7 @@ static status_t get_spi(private_kernel_interface_t *this, host_t *src, host_t *d
|
|||
/**
|
||||
* Implementation of kernel_interface_t.get_cpi
|
||||
*/
|
||||
static status_t get_cpi(private_kernel_interface_t *this, host_t *src, host_t *dst,
|
||||
static status_t get_cpi(private_kernel_interface_t *this, host_t *src, host_t *dst,
|
||||
u_int32_t reqid, u_int16_t *cpi)
|
||||
{
|
||||
if (!this->ipsec)
|
||||
|
@ -92,7 +92,7 @@ static status_t add_sa(private_kernel_interface_t *this, host_t *src, host_t *ds
|
|||
* Implementation of kernel_interface_t.update_sa
|
||||
*/
|
||||
static status_t update_sa(private_kernel_interface_t *this, u_int32_t spi,
|
||||
protocol_id_t protocol, u_int16_t cpi, host_t *src, host_t *dst,
|
||||
protocol_id_t protocol, u_int16_t cpi, host_t *src, host_t *dst,
|
||||
host_t *new_src, host_t *new_dst, bool encap, bool new_encap)
|
||||
{
|
||||
if (!this->ipsec)
|
||||
|
@ -289,13 +289,13 @@ static status_t get_address_by_ts(private_kernel_interface_t *this,
|
|||
host_t *host;
|
||||
int family;
|
||||
bool found = FALSE;
|
||||
|
||||
|
||||
DBG2(DBG_KNL, "getting a local address in traffic selector %R", ts);
|
||||
|
||||
|
||||
/* if we have a family which includes localhost, we do not
|
||||
* search for an IP, we use the default */
|
||||
family = ts->get_type(ts) == TS_IPV4_ADDR_RANGE ? AF_INET : AF_INET6;
|
||||
|
||||
|
||||
if (family == AF_INET)
|
||||
{
|
||||
host = host_create_from_string("127.0.0.1", 0);
|
||||
|
@ -304,7 +304,7 @@ static status_t get_address_by_ts(private_kernel_interface_t *this,
|
|||
{
|
||||
host = host_create_from_string("::1", 0);
|
||||
}
|
||||
|
||||
|
||||
if (ts->includes(ts, host))
|
||||
{
|
||||
*ip = host_create_any(family);
|
||||
|
@ -313,7 +313,7 @@ static status_t get_address_by_ts(private_kernel_interface_t *this,
|
|||
return SUCCESS;
|
||||
}
|
||||
host->destroy(host);
|
||||
|
||||
|
||||
addrs = create_address_enumerator(this, TRUE, TRUE);
|
||||
while (addrs->enumerate(addrs, (void**)&host))
|
||||
{
|
||||
|
@ -325,13 +325,13 @@ static status_t get_address_by_ts(private_kernel_interface_t *this,
|
|||
}
|
||||
}
|
||||
addrs->destroy(addrs);
|
||||
|
||||
|
||||
if (!found)
|
||||
{
|
||||
DBG1(DBG_KNL, "no local address found in traffic selector %R", ts);
|
||||
return FAILED;
|
||||
}
|
||||
|
||||
|
||||
DBG2(DBG_KNL, "using host %H", *ip);
|
||||
return SUCCESS;
|
||||
}
|
||||
|
@ -395,7 +395,7 @@ static void destroy(private_kernel_interface_t *this)
|
|||
kernel_interface_t *kernel_interface_create()
|
||||
{
|
||||
private_kernel_interface_t *this = malloc_thing(private_kernel_interface_t);
|
||||
|
||||
|
||||
this->public.get_spi = (status_t(*)(kernel_interface_t*,host_t*,host_t*,protocol_id_t,u_int32_t,u_int32_t*))get_spi;
|
||||
this->public.get_cpi = (status_t(*)(kernel_interface_t*,host_t*,host_t*,u_int32_t,u_int16_t*))get_cpi;
|
||||
this->public.add_sa = (status_t(*)(kernel_interface_t *,host_t*,host_t*,u_int32_t,protocol_id_t,u_int32_t,lifetime_cfg_t*,u_int16_t,chunk_t,u_int16_t,chunk_t,ipsec_mode_t,u_int16_t,u_int16_t,bool,bool))add_sa;
|
||||
|
@ -405,7 +405,7 @@ kernel_interface_t *kernel_interface_create()
|
|||
this->public.add_policy = (status_t(*)(kernel_interface_t*,host_t*,host_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t,protocol_id_t,u_int32_t,ipsec_mode_t,u_int16_t,u_int16_t,bool))add_policy;
|
||||
this->public.query_policy = (status_t(*)(kernel_interface_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t*))query_policy;
|
||||
this->public.del_policy = (status_t(*)(kernel_interface_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,bool))del_policy;
|
||||
|
||||
|
||||
this->public.get_source_addr = (host_t*(*)(kernel_interface_t*, host_t *dest, host_t *src))get_source_addr;
|
||||
this->public.get_nexthop = (host_t*(*)(kernel_interface_t*, host_t *dest))get_nexthop;
|
||||
this->public.get_interface = (char*(*)(kernel_interface_t*,host_t*))get_interface;
|
||||
|
@ -414,18 +414,18 @@ kernel_interface_t *kernel_interface_create()
|
|||
this->public.del_ip = (status_t(*)(kernel_interface_t*,host_t*)) del_ip;
|
||||
this->public.add_route = (status_t(*)(kernel_interface_t*,chunk_t,u_int8_t,host_t*,host_t*,char*)) add_route;
|
||||
this->public.del_route = (status_t(*)(kernel_interface_t*,chunk_t,u_int8_t,host_t*,host_t*,char*)) del_route;
|
||||
|
||||
|
||||
this->public.get_address_by_ts = (status_t(*)(kernel_interface_t*,traffic_selector_t*,host_t**))get_address_by_ts;
|
||||
|
||||
|
||||
this->public.add_ipsec_interface = (void(*)(kernel_interface_t*, kernel_ipsec_constructor_t))add_ipsec_interface;
|
||||
this->public.remove_ipsec_interface = (void(*)(kernel_interface_t*, kernel_ipsec_constructor_t))remove_ipsec_interface;
|
||||
this->public.add_net_interface = (void(*)(kernel_interface_t*, kernel_net_constructor_t))add_net_interface;
|
||||
this->public.remove_net_interface = (void(*)(kernel_interface_t*, kernel_net_constructor_t))remove_net_interface;
|
||||
|
||||
|
||||
this->public.destroy = (void (*)(kernel_interface_t*))destroy;
|
||||
|
||||
|
||||
this->ipsec = NULL;
|
||||
this->net = NULL;
|
||||
|
||||
|
||||
return &this->public;
|
||||
}
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue