ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

removed trailing spaces ([[:space:]]+$)

This commit is contained in:
Martin Willi 2009-09-04 13:46:09 +02:00
parent 7d1b030446
commit 7daf5226b7
703 changed files with 10633 additions and 10633 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
scripts/bin2array.c
View File

@ -27,7 +27,7 @@ int main(int argc, char *argv[])
{ {
break; break;
} }
} }
printf("};\n"); printf("};\n");
return 0; return 0;
} }

2
scripts/bin2sql.c
View File

@ -18,7 +18,7 @@ int main(int argc, char *argv[])
break; break;
} }
printf("%02x", (unsigned int)byte); printf("%02x", (unsigned int)byte);
} }
printf("'\n"); printf("'\n");
return 0; return 0;
} }

24
scripts/dh_speed.c
View File

@ -38,7 +38,7 @@ static void start_timing(struct timespec *start)
static double end_timing(struct timespec *start) static double end_timing(struct timespec *start)
{ {
struct timespec end; struct timespec end;
clock_gettime(CLOCK_THREAD_CPUTIME_ID, &end); clock_gettime(CLOCK_THREAD_CPUTIME_ID, &end);
return (end.tv_nsec - start->tv_nsec) / 1000000000.0 + return (end.tv_nsec - start->tv_nsec) / 1000000000.0 +
(end.tv_sec - start->tv_sec) * 1.0; (end.tv_sec - start->tv_sec) * 1.0;
@ -50,7 +50,7 @@ static void run_test(diffie_hellman_group_t group, int rounds)
chunk_t chunk; chunk_t chunk;
struct timespec timing; struct timespec timing;
int round; int round;
r = lib->crypto->create_dh(lib->crypto, group); r = lib->crypto->create_dh(lib->crypto, group);
if (!r) if (!r)
{ {
@ -58,24 +58,24 @@ static void run_test(diffie_hellman_group_t group, int rounds)
diffie_hellman_group_names, group); diffie_hellman_group_names, group);
return; return;
} }
printf("%N:\t", printf("%N:\t",
diffie_hellman_group_names, group); diffie_hellman_group_names, group);
start_timing(&timing); start_timing(&timing);
for (round = 0; round < rounds; round++) for (round = 0; round < rounds; round++)
{ {
l[round] = lib->crypto->create_dh(lib->crypto, group); l[round] = lib->crypto->create_dh(lib->crypto, group);
} }
printf("A = g^a/s: %8.1f", rounds / end_timing(&timing)); printf("A = g^a/s: %8.1f", rounds / end_timing(&timing));
for (round = 0; round < rounds; round++) for (round = 0; round < rounds; round++)
{ {
l[round]->get_my_public_value(l[round], &chunk); l[round]->get_my_public_value(l[round], &chunk);
r->set_other_public_value(r, chunk); r->set_other_public_value(r, chunk);
chunk_free(&chunk); chunk_free(&chunk);
} }
r->get_my_public_value(r, &chunk); r->get_my_public_value(r, &chunk);
start_timing(&timing); start_timing(&timing);
for (round = 0; round < rounds; round++) for (round = 0; round < rounds; round++)
@ -84,7 +84,7 @@ static void run_test(diffie_hellman_group_t group, int rounds)
} }
printf(" | S = B^a/s: %8.1f\n", rounds / end_timing(&timing)); printf(" | S = B^a/s: %8.1f\n", rounds / end_timing(&timing));
chunk_free(&chunk); chunk_free(&chunk);
for (round = 0; round < rounds; round++) for (round = 0; round < rounds; round++)
{ {
l[round]->destroy(l[round]); l[round]->destroy(l[round]);
@ -95,22 +95,22 @@ static void run_test(diffie_hellman_group_t group, int rounds)
int main(int argc, char *argv[]) int main(int argc, char *argv[])
{ {
int rounds, i, j; int rounds, i, j;
if (argc < 4) if (argc < 4)
{ {
usage(); usage();
} }
library_init(STRONGSWAN_CONF); library_init(STRONGSWAN_CONF);
lib->plugins->load(lib->plugins, IPSEC_PLUGINDIR, argv[1]); lib->plugins->load(lib->plugins, IPSEC_PLUGINDIR, argv[1]);
atexit(library_deinit); atexit(library_deinit);
rounds = atoi(argv[2]); rounds = atoi(argv[2]);
for (i = 3; i < argc; i++) for (i = 3; i < argc; i++)
{ {
bool found = FALSE; bool found = FALSE;
for (j = 0; j < countof(groups); j++) for (j = 0; j < countof(groups); j++)
{ {
if (streq(groups[j].name, argv[i])) if (streq(groups[j].name, argv[i]))

4
scripts/id2sql.c
View File

@ -10,7 +10,7 @@ int main(int argc, char *argv[])
identification_t *id; identification_t *id;
chunk_t enc; chunk_t enc;
int i; int i;
if (argc < 2) if (argc < 2)
{ {
return -1; return -1;
@ -29,7 +29,7 @@ int main(int argc, char *argv[])
for (i = 0; i < enc.len; i++) for (i = 0; i < enc.len; i++)
{ {
printf("%02x", (unsigned int)enc.ptr[i]); printf("%02x", (unsigned int)enc.ptr[i]);
} }
printf("'\n"); printf("'\n");
return 0; return 0;
} }

10
scripts/key2keyid.c
View File

@ -15,7 +15,7 @@ int main(int argc, char *argv[])
chunk_t chunk; chunk_t chunk;
char buf[8096]; char buf[8096];
int read; int read;
library_init(NULL); library_init(NULL);
lib->plugins->load(lib->plugins, IPSEC_PLUGINDIR, PLUGINS); lib->plugins->load(lib->plugins, IPSEC_PLUGINDIR, PLUGINS);
atexit(library_deinit); atexit(library_deinit);
@ -26,9 +26,9 @@ int main(int argc, char *argv[])
fprintf(stderr, "reading key failed.\n"); fprintf(stderr, "reading key failed.\n");
return -1; return -1;
} }
chunk = chunk_create(buf, read); chunk = chunk_create(buf, read);
private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
BUILD_BLOB_PEM, chunk_clone(chunk), BUILD_BLOB_PEM, chunk_clone(chunk),
BUILD_END); BUILD_END);
@ -52,7 +52,7 @@ int main(int argc, char *argv[])
private->destroy(private); private->destroy(private);
return 0; return 0;
} }
public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY,
BUILD_BLOB_PEM, chunk_clone(chunk), BUILD_BLOB_PEM, chunk_clone(chunk),
BUILD_END); BUILD_END);
@ -82,7 +82,7 @@ int main(int argc, char *argv[])
public->destroy(public); public->destroy(public);
return 0; return 0;
} }
fprintf(stderr, "unable to parse input key.\n"); fprintf(stderr, "unable to parse input key.\n");
return -1; return -1;
} }

10
scripts/keyid2sql.c
View File

@ -15,7 +15,7 @@ int main(int argc, char *argv[])
chunk_t chunk; chunk_t chunk;
char buf[8096]; char buf[8096];
int read, n; int read, n;
library_init(NULL); library_init(NULL);
lib->plugins->load(lib->plugins, IPSEC_PLUGINDIR, PLUGINS); lib->plugins->load(lib->plugins, IPSEC_PLUGINDIR, PLUGINS);
atexit(library_deinit); atexit(library_deinit);
@ -26,9 +26,9 @@ int main(int argc, char *argv[])
fprintf(stderr, "reading key failed.\n"); fprintf(stderr, "reading key failed.\n");
return -1; return -1;
} }
chunk = chunk_create(buf, read); chunk = chunk_create(buf, read);
private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
BUILD_BLOB_PEM, chunk_clone(chunk), BUILD_BLOB_PEM, chunk_clone(chunk),
BUILD_END); BUILD_END);
@ -46,7 +46,7 @@ int main(int argc, char *argv[])
private->destroy(private); private->destroy(private);
return 0; return 0;
} }
public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY,
BUILD_BLOB_PEM, chunk_clone(chunk), BUILD_BLOB_PEM, chunk_clone(chunk),
BUILD_END); BUILD_END);
@ -70,7 +70,7 @@ int main(int argc, char *argv[])
public->destroy(public); public->destroy(public);
return 0; return 0;
} }
fprintf(stderr, "unable to parse input key.\n"); fprintf(stderr, "unable to parse input key.\n");
return -1; return -1;
} }

26
scripts/pubkey_speed.c
View File

@ -13,7 +13,7 @@ void start_timing(struct timespec *start)
double end_timing(struct timespec *start) double end_timing(struct timespec *start)
{ {
struct timespec end; struct timespec end;
clock_gettime(CLOCK_THREAD_CPUTIME_ID, &end); clock_gettime(CLOCK_THREAD_CPUTIME_ID, &end);
return (end.tv_nsec - start->tv_nsec) / 1000000000.0 + return (end.tv_nsec - start->tv_nsec) / 1000000000.0 +
(end.tv_sec - start->tv_sec) * 1.0; (end.tv_sec - start->tv_sec) * 1.0;
@ -37,14 +37,14 @@ int main(int argc, char *argv[])
key_type_t type = KEY_ANY; key_type_t type = KEY_ANY;
signature_scheme_t scheme = SIGN_UNKNOWN; signature_scheme_t scheme = SIGN_UNKNOWN;
chunk_t keydata, *sigs, data = chunk_from_buf(data_buf); chunk_t keydata, *sigs, data = chunk_from_buf(data_buf);
if (argc < 4) if (argc < 4)
{ {
usage(); usage();
} }
rounds = atoi(argv[3]); rounds = atoi(argv[3]);
if (streq(argv[2], "rsa")) if (streq(argv[2], "rsa"))
{ {
type = KEY_RSA; type = KEY_RSA;
@ -58,18 +58,18 @@ int main(int argc, char *argv[])
{ {
usage(); usage();
} }
library_init(STRONGSWAN_CONF); library_init(STRONGSWAN_CONF);
lib->plugins->load(lib->plugins, IPSEC_PLUGINDIR, argv[1]); lib->plugins->load(lib->plugins, IPSEC_PLUGINDIR, argv[1]);
atexit(library_deinit); atexit(library_deinit);
keydata = chunk_create(buf, 0); keydata = chunk_create(buf, 0);
while ((read = fread(pos, 1, sizeof(buf) - (pos - buf), stdin))) while ((read = fread(pos, 1, sizeof(buf) - (pos - buf), stdin)))
{ {
pos += read; pos += read;
keydata.len += read; keydata.len += read;
} }
private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type, private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type,
BUILD_BLOB_PEM, keydata, BUILD_END); BUILD_BLOB_PEM, keydata, BUILD_END);
if (!private) if (!private)
@ -82,7 +82,7 @@ int main(int argc, char *argv[])
switch (private->get_keysize(private)) switch (private->get_keysize(private))
{ {
case 32: case 32:
scheme = SIGN_ECDSA_256; scheme = SIGN_ECDSA_256;
break; break;
case 48: case 48:
scheme = SIGN_ECDSA_384; scheme = SIGN_ECDSA_384;
@ -96,12 +96,12 @@ int main(int argc, char *argv[])
exit(1); exit(1);
} }
} }
printf("%4d bit %N: ", private->get_keysize(private)*8, printf("%4d bit %N: ", private->get_keysize(private)*8,
key_type_names, type); key_type_names, type);
sigs = malloc(sizeof(chunk_t) * rounds); sigs = malloc(sizeof(chunk_t) * rounds);
start_timing(&timing); start_timing(&timing);
for (round = 0; round < rounds; round++) for (round = 0; round < rounds; round++)
{ {
@ -112,7 +112,7 @@ int main(int argc, char *argv[])
} }
}; };
printf("sign()/s: %8.1f ", rounds / end_timing(&timing)); printf("sign()/s: %8.1f ", rounds / end_timing(&timing));
public = private->get_public_key(private); public = private->get_public_key(private);
if (!public) if (!public)
{ {
@ -131,7 +131,7 @@ int main(int argc, char *argv[])
printf("verify()/s: %8.1f\n", rounds / end_timing(&timing)); printf("verify()/s: %8.1f\n", rounds / end_timing(&timing));
public->destroy(public); public->destroy(public);
private->destroy(private); private->destroy(private);
for (round = 0; round < rounds; round++) for (round = 0; round < rounds; round++)
{ {
free(sigs[round].ptr); free(sigs[round].ptr);

22
scripts/thread_analysis.c
View File

@ -1,5 +1,5 @@
/* Analyzes the concurrent use of charon's threads /* Analyzes the concurrent use of charon's threads
* *
* Copyright (C) 2008 Andreas Steffen * Copyright (C) 2008 Andreas Steffen
* Hochschule fuer Technik Rapperswil * Hochschule fuer Technik Rapperswil
* *
@ -52,7 +52,7 @@ static int readline(FILE *fd, char *line)
*line = '\0'; *line = '\0';
return 1; return 1;
} }
line++; line++;
} }
*line = '\0'; *line = '\0';
return 0; return 0;
@ -69,14 +69,14 @@ static void printline(state_t *state, char *timestamp)
for (th = 1; th <= THREADS; th++) for (th = 1; th <= THREADS; th++)
{ {
states[state[th]]++; states[state[th]]++;
printf("<td class=\"%s\"></td>", state_names[state[th]]); printf("<td class=\"%s\"></td>", state_names[state[th]]);
} }
total = states[STATE_INIT] + states[STATE_AUTH] + states[STATE_BUSY] + states[STATE_RETRY]; total = states[STATE_INIT] + states[STATE_AUTH] + states[STATE_BUSY] + states[STATE_RETRY];
printf("<td class=\"init\">%d</td><td class=\"auth\">%d</td><td class=\"busy\">%d</td>", printf("<td class=\"init\">%d</td><td class=\"auth\">%d</td><td class=\"busy\">%d</td>",
states[STATE_INIT], states[STATE_AUTH], total); states[STATE_INIT], states[STATE_AUTH], total);
for (th = 10; th <= (THREADS + 2); th += 5) for (th = 10; th <= (THREADS + 2); th += 5)
{ {
printf("<td class=\"%s\"></td>", (th <= total + 2)? "busy":"idle"); printf("<td class=\"%s\"></td>", (th <= total + 2)? "busy":"idle");
} }
printf("\n"); printf("\n");
printf(" </tr>\n"); printf(" </tr>\n");
@ -91,13 +91,13 @@ int main(int argc, char *argv[])
FILE *fd; FILE *fd;
state_t state[THREADS + 1]; state_t state[THREADS + 1];
/* threads 1..5 and 9 are always busy */ /* threads 1..5 and 9 are always busy */
for (th = 1; th <= THREADS; th++) for (th = 1; th <= THREADS; th++)
{ {
state[th] = (th <= 7 && th != 3)? STATE_BUSY : STATE_IDLE; state[th] = (th <= 7 && th != 3)? STATE_BUSY : STATE_IDLE;
} }
/* open the log file */ /* open the log file */
fd = fopen(LOGFILE, "r"); fd = fopen(LOGFILE, "r");
if (!fd) if (!fd)
@ -135,16 +135,16 @@ int main(int argc, char *argv[])
printf(" <td class=\"log\">Timestamp</td>"); printf(" <td class=\"log\">Timestamp</td>");
for (th = 1 ; th <= THREADS; th++) for (th = 1 ; th <= THREADS; th++)
{ {
printf("<td>%02d</td>", th); printf("<td>%02d</td>", th);
} }
printf("<td class=\"init\">I</td><td class=\"auth\">A</td><td class=\"busy\">B</td>"); printf("<td class=\"init\">I</td><td class=\"auth\">A</td><td class=\"busy\">B</td>");
for (th = 10; th <= (THREADS + 2); th += 5) for (th = 10; th <= (THREADS + 2); th += 5)
{ {
printf("<td class=\"busy\">%d</td>", (th == 100)? 99:th); printf("<td class=\"busy\">%d</td>", (th == 100)? 99:th);
} }
printf("\n"); printf("\n");
printf(" </tr>\n"); printf(" </tr>\n");
while (readline(fd, line)) while (readline(fd, line))
{ {
char *p_section, *p_charon, *p_thread, *p_log; char *p_section, *p_charon, *p_thread, *p_log;
@ -170,7 +170,7 @@ int main(int argc, char *argv[])
{ {
continue; continue;
} }
/* determine thread */ /* determine thread */
p_thread = p_charon + 8; p_thread = p_charon + 8;
th = atol(p_thread); th = atol(p_thread);
@ -268,6 +268,6 @@ int main(int argc, char *argv[])
printf("</body>\n"); printf("</body>\n");
printf("</html>\n"); printf("</html>\n");
fclose(fd); fclose(fd);
return 0; return 0;
} }

4
src/_copyright/_copyright.c
View File

@ -2,12 +2,12 @@
* copyright reporter * copyright reporter
* (just avoids having the info in more than one place in the source) * (just avoids having the info in more than one place in the source)
* Copyright (C) 2001 Henry Spencer. * Copyright (C) 2001 Henry Spencer.
* *
* This program is free software; you can redistribute it and/or modify it * This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the * under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your * Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
* *
* This program is distributed in the hope that it will be useful, but * This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License

76
src/charon/bus/bus.c
View File

@ -57,22 +57,22 @@ struct private_bus_t {
* Public part of a bus_t object. * Public part of a bus_t object.
*/ */
bus_t public; bus_t public;
/** /**
* List of registered listeners as entry_t's * List of registered listeners as entry_t's
*/ */
linked_list_t *listeners; linked_list_t *listeners;
/** /**
* mutex to synchronize active listeners, recursively * mutex to synchronize active listeners, recursively
*/ */
mutex_t *mutex; mutex_t *mutex;
/** /**
* Thread local storage for a unique, simple thread ID * Thread local storage for a unique, simple thread ID
*/ */
pthread_key_t thread_id; pthread_key_t thread_id;
/** /**
* Thread local storage the threads IKE_SA * Thread local storage the threads IKE_SA
*/ */
@ -90,17 +90,17 @@ struct entry_t {
* registered listener interface * registered listener interface
*/ */
listener_t *listener; listener_t *listener;
/** /**
* is this a active listen() call with a blocking thread * is this a active listen() call with a blocking thread
*/ */
bool blocker; bool blocker;
/** /**
* are we currently calling this listener * are we currently calling this listener
*/ */
int calling; int calling;
/** /**
* condvar where active listeners wait * condvar where active listeners wait
*/ */
@ -113,12 +113,12 @@ struct entry_t {
static entry_t *entry_create(listener_t *listener, bool blocker) static entry_t *entry_create(listener_t *listener, bool blocker)
{ {
entry_t *this = malloc_thing(entry_t); entry_t *this = malloc_thing(entry_t);
this->listener = listener; this->listener = listener;
this->blocker = blocker; this->blocker = blocker;
this->calling = 0; this->calling = 0;
this->condvar = condvar_create(CONDVAR_TYPE_DEFAULT); this->condvar = condvar_create(CONDVAR_TYPE_DEFAULT);
return this; return this;
} }
@ -140,7 +140,7 @@ static u_int get_thread_number(private_bus_t *this)
{ {
static uintptr_t current_num = 0; static uintptr_t current_num = 0;
uintptr_t stored_num; uintptr_t stored_num;
stored_num = (uintptr_t)pthread_getspecific(this->thread_id); stored_num = (uintptr_t)pthread_getspecific(this->thread_id);
if (stored_num == 0) if (stored_num == 0)
{ /* first call of current thread */ { /* first call of current thread */
@ -214,7 +214,7 @@ static void listen_(private_bus_t *this, listener_t *listener, job_t *job)
{ {
int old; int old;
cleanup_data_t data; cleanup_data_t data;
data.this = this; data.this = this;
data.entry = entry_create(listener, TRUE); data.entry = entry_create(listener, TRUE);
@ -302,20 +302,20 @@ static void vlog(private_bus_t *this, debug_t group, level_t level,
char* format, va_list args) char* format, va_list args)
{ {
log_data_t data; log_data_t data;
data.ike_sa = pthread_getspecific(this->thread_sa); data.ike_sa = pthread_getspecific(this->thread_sa);
data.thread = get_thread_number(this); data.thread = get_thread_number(this);
data.group = group; data.group = group;
data.level = level; data.level = level;
data.format = format; data.format = format;
va_copy(data.args, args); va_copy(data.args, args);
this->mutex->lock(this->mutex); this->mutex->lock(this->mutex);
/* We use the remove() method to invoke all listeners. This is cheap and /* We use the remove() method to invoke all listeners. This is cheap and
* does not require an allocation for this performance critical function. */ * does not require an allocation for this performance critical function. */
this->listeners->remove(this->listeners, &data, (void*)log_cb); this->listeners->remove(this->listeners, &data, (void*)log_cb);
this->mutex->unlock(this->mutex); this->mutex->unlock(this->mutex);
va_end(data.args); va_end(data.args);
} }
@ -326,7 +326,7 @@ static void log_(private_bus_t *this, debug_t group, level_t level,
char* format, ...) char* format, ...)
{ {
va_list args; va_list args;
va_start(args, format); va_start(args, format);
vlog(this, group, level, format, args); vlog(this, group, level, format, args);
va_end(args); va_end(args);
@ -360,9 +360,9 @@ static void alert(private_bus_t *this, alert_t alert, ...)
entry_t *entry; entry_t *entry;
va_list args; va_list args;
bool keep; bool keep;
ike_sa = pthread_getspecific(this->thread_sa); ike_sa = pthread_getspecific(this->thread_sa);
this->mutex->lock(this->mutex); this->mutex->lock(this->mutex);
enumerator = this->listeners->create_enumerator(this->listeners); enumerator = this->listeners->create_enumerator(this->listeners);
while (enumerator->enumerate(enumerator, &entry)) while (enumerator->enumerate(enumerator, &entry))
@ -394,7 +394,7 @@ static void ike_state_change(private_bus_t *this, ike_sa_t *ike_sa,
enumerator_t *enumerator; enumerator_t *enumerator;
entry_t *entry; entry_t *entry;
bool keep; bool keep;
this->mutex->lock(this->mutex); this->mutex->lock(this->mutex);
enumerator = this->listeners->create_enumerator(this->listeners); enumerator = this->listeners->create_enumerator(this->listeners);
while (enumerator->enumerate(enumerator, &entry)) while (enumerator->enumerate(enumerator, &entry))
@ -425,9 +425,9 @@ static void child_state_change(private_bus_t *this, child_sa_t *child_sa,
ike_sa_t *ike_sa; ike_sa_t *ike_sa;
entry_t *entry; entry_t *entry;
bool keep; bool keep;
ike_sa = pthread_getspecific(this->thread_sa); ike_sa = pthread_getspecific(this->thread_sa);
this->mutex->lock(this->mutex); this->mutex->lock(this->mutex);
enumerator = this->listeners->create_enumerator(this->listeners); enumerator = this->listeners->create_enumerator(this->listeners);
while (enumerator->enumerate(enumerator, &entry)) while (enumerator->enumerate(enumerator, &entry))
@ -458,9 +458,9 @@ static void message(private_bus_t *this, message_t *message, bool incoming)
ike_sa_t *ike_sa; ike_sa_t *ike_sa;
entry_t *entry; entry_t *entry;
bool keep; bool keep;
ike_sa = pthread_getspecific(this->thread_sa); ike_sa = pthread_getspecific(this->thread_sa);
this->mutex->lock(this->mutex); this->mutex->lock(this->mutex);
enumerator = this->listeners->create_enumerator(this->listeners); enumerator = this->listeners->create_enumerator(this->listeners);
while (enumerator->enumerate(enumerator, &entry)) while (enumerator->enumerate(enumerator, &entry))
@ -492,7 +492,7 @@ static void ike_keys(private_bus_t *this, ike_sa_t *ike_sa,
enumerator_t *enumerator; enumerator_t *enumerator;
entry_t *entry; entry_t *entry;
bool keep; bool keep;
this->mutex->lock(this->mutex); this->mutex->lock(this->mutex);
enumerator = this->listeners->create_enumerator(this->listeners); enumerator = this->listeners->create_enumerator(this->listeners);
while (enumerator->enumerate(enumerator, &entry)) while (enumerator->enumerate(enumerator, &entry))
@ -524,9 +524,9 @@ static void child_keys(private_bus_t *this, child_sa_t *child_sa,
ike_sa_t *ike_sa; ike_sa_t *ike_sa;
entry_t *entry; entry_t *entry;
bool keep; bool keep;
ike_sa = pthread_getspecific(this->thread_sa); ike_sa = pthread_getspecific(this->thread_sa);
this->mutex->lock(this->mutex); this->mutex->lock(this->mutex);
enumerator = this->listeners->create_enumerator(this->listeners); enumerator = this->listeners->create_enumerator(this->listeners);
while (enumerator->enumerate(enumerator, &entry)) while (enumerator->enumerate(enumerator, &entry))
@ -557,9 +557,9 @@ static void child_updown(private_bus_t *this, child_sa_t *child_sa, bool up)
ike_sa_t *ike_sa; ike_sa_t *ike_sa;
entry_t *entry; entry_t *entry;
bool keep; bool keep;
ike_sa = pthread_getspecific(this->thread_sa); ike_sa = pthread_getspecific(this->thread_sa);
this->mutex->lock(this->mutex); this->mutex->lock(this->mutex);
enumerator = this->listeners->create_enumerator(this->listeners); enumerator = this->listeners->create_enumerator(this->listeners);
while (enumerator->enumerate(enumerator, &entry)) while (enumerator->enumerate(enumerator, &entry))
@ -590,9 +590,9 @@ static void child_rekey(private_bus_t *this, child_sa_t *old, child_sa_t *new)
ike_sa_t *ike_sa; ike_sa_t *ike_sa;
entry_t *entry; entry_t *entry;
bool keep; bool keep;
ike_sa = pthread_getspecific(this->thread_sa); ike_sa = pthread_getspecific(this->thread_sa);
this->mutex->lock(this->mutex); this->mutex->lock(this->mutex);
enumerator = this->listeners->create_enumerator(this->listeners); enumerator = this->listeners->create_enumerator(this->listeners);
while (enumerator->enumerate(enumerator, &entry)) while (enumerator->enumerate(enumerator, &entry))
@ -621,7 +621,7 @@ static void ike_updown(private_bus_t *this, ike_sa_t *ike_sa, bool up)
enumerator_t *enumerator; enumerator_t *enumerator;
entry_t *entry; entry_t *entry;
bool keep; bool keep;
this->mutex->lock(this->mutex); this->mutex->lock(this->mutex);
enumerator = this->listeners->create_enumerator(this->listeners); enumerator = this->listeners->create_enumerator(this->listeners);
while (enumerator->enumerate(enumerator, &entry)) while (enumerator->enumerate(enumerator, &entry))
@ -640,13 +640,13 @@ static void ike_updown(private_bus_t *this, ike_sa_t *ike_sa, bool up)
} }
enumerator->destroy(enumerator); enumerator->destroy(enumerator);
this->mutex->unlock(this->mutex); this->mutex->unlock(this->mutex);
/* a down event for IKE_SA implicitly downs all CHILD_SAs */ /* a down event for IKE_SA implicitly downs all CHILD_SAs */
if (!up) if (!up)
{ {
iterator_t *iterator; iterator_t *iterator;
child_sa_t *child_sa; child_sa_t *child_sa;
iterator = ike_sa->create_child_sa_iterator(ike_sa); iterator = ike_sa->create_child_sa_iterator(ike_sa);
while (iterator->iterate(iterator, (void**)&child_sa)) while (iterator->iterate(iterator, (void**)&child_sa))
{ {
@ -664,7 +664,7 @@ static void ike_rekey(private_bus_t *this, ike_sa_t *old, ike_sa_t *new)
enumerator_t *enumerator; enumerator_t *enumerator;
entry_t *entry; entry_t *entry;
bool keep; bool keep;
this->mutex->lock(this->mutex); this->mutex->lock(this->mutex);
enumerator = this->listeners->create_enumerator(this->listeners); enumerator = this->listeners->create_enumerator(this->listeners);
while (enumerator->enumerate(enumerator, &entry)) while (enumerator->enumerate(enumerator, &entry))
@ -694,9 +694,9 @@ static bool authorize(private_bus_t *this, linked_list_t *auth, bool final)
ike_sa_t *ike_sa; ike_sa_t *ike_sa;
entry_t *entry; entry_t *entry;
bool keep, success = TRUE; bool keep, success = TRUE;
ike_sa = pthread_getspecific(this->thread_sa); ike_sa = pthread_getspecific(this->thread_sa);
this->mutex->lock(this->mutex); this->mutex->lock(this->mutex);
enumerator = this->listeners->create_enumerator(this->listeners); enumerator = this->listeners->create_enumerator(this->listeners);
while (enumerator->enumerate(enumerator, &entry)) while (enumerator->enumerate(enumerator, &entry))
@ -739,7 +739,7 @@ static void destroy(private_bus_t *this)
bus_t *bus_create() bus_t *bus_create()
{ {
private_bus_t *this = malloc_thing(private_bus_t); private_bus_t *this = malloc_thing(private_bus_t);
this->public.add_listener = (void(*)(bus_t*,listener_t*))add_listener; this->public.add_listener = (void(*)(bus_t*,listener_t*))add_listener;
this->public.remove_listener = (void(*)(bus_t*,listener_t*))remove_listener; this->public.remove_listener = (void(*)(bus_t*,listener_t*))remove_listener;
this->public.listen = (void(*)(bus_t*, listener_t *listener, job_t *job))listen_; this->public.listen = (void(*)(bus_t*, listener_t *listener, job_t *job))listen_;
@ -758,12 +758,12 @@ bus_t *bus_create()
this->public.child_rekey = (void(*)(bus_t*, child_sa_t *old, child_sa_t *new))child_rekey; this->public.child_rekey = (void(*)(bus_t*, child_sa_t *old, child_sa_t *new))child_rekey;
this->public.authorize = (bool(*)(bus_t*, linked_list_t *auth, bool final))authorize; this->public.authorize = (bool(*)(bus_t*, linked_list_t *auth, bool final))authorize;
this->public.destroy = (void(*)(bus_t*)) destroy; this->public.destroy = (void(*)(bus_t*)) destroy;
this->listeners = linked_list_create(); this->listeners = linked_list_create();
this->mutex = mutex_create(MUTEX_TYPE_RECURSIVE); this->mutex = mutex_create(MUTEX_TYPE_RECURSIVE);
pthread_key_create(&this->thread_id, NULL); pthread_key_create(&this->thread_id, NULL);
pthread_key_create(&this->thread_sa, NULL); pthread_key_create(&this->thread_sa, NULL);
return &this->public; return &this->public;
} }

34
src/charon/bus/bus.h
View File

@ -142,7 +142,7 @@ enum alert_t {
* may wait actively to events using the blocking listen() call. * may wait actively to events using the blocking listen() call.
*/ */
struct bus_t { struct bus_t {
/** /**
* Register a listener to the bus. * Register a listener to the bus.
* *
@ -153,14 +153,14 @@ struct bus_t {
* @param listener listener to register. * @param listener listener to register.
*/ */
void (*add_listener) (bus_t *this, listener_t *listener); void (*add_listener) (bus_t *this, listener_t *listener);
/** /**
* Unregister a listener from the bus. * Unregister a listener from the bus.
* *
* @param listener listener to unregister. * @param listener listener to unregister.
*/ */
void (*remove_listener) (bus_t *this, listener_t *listener); void (*remove_listener) (bus_t *this, listener_t *listener);
/** /**
* Register a listener and block the calling thread. * Register a listener and block the calling thread.
* *
@ -174,20 +174,20 @@ struct bus_t {
* @param job job to execute asynchronously when registered, or NULL * @param job job to execute asynchronously when registered, or NULL
*/ */
void (*listen)(bus_t *this, listener_t *listener, job_t *job); void (*listen)(bus_t *this, listener_t *listener, job_t *job);
/** /**
* Set the IKE_SA the calling thread is using. * Set the IKE_SA the calling thread is using.
* *
* To associate an received log message to an IKE_SA without passing it as * To associate an received log message to an IKE_SA without passing it as
* parameter each time, the thread registers the currenlty used IKE_SA * parameter each time, the thread registers the currenlty used IKE_SA
* during check-out. Before check-in, the thread unregisters the IKE_SA. * during check-out. Before check-in, the thread unregisters the IKE_SA.
* This IKE_SA is stored per-thread, so each thread has its own IKE_SA * This IKE_SA is stored per-thread, so each thread has its own IKE_SA
* registered. * registered.
* *
* @param ike_sa ike_sa to register, or NULL to unregister * @param ike_sa ike_sa to register, or NULL to unregister
*/ */
void (*set_sa) (bus_t *this, ike_sa_t *ike_sa); void (*set_sa) (bus_t *this, ike_sa_t *ike_sa);
/** /**
* Send a log message to the bus. * Send a log message to the bus.
* *
@ -202,7 +202,7 @@ struct bus_t {
* @param ... printf() style argument list * @param ... printf() style argument list
*/ */
void (*log)(bus_t *this, debug_t group, level_t level, char* format, ...); void (*log)(bus_t *this, debug_t group, level_t level, char* format, ...);
/** /**
* Send a log message to the bus using va_list arguments. * Send a log message to the bus using va_list arguments.
* *
@ -215,7 +215,7 @@ struct bus_t {
*/ */
void (*vlog)(bus_t *this, debug_t group, level_t level, void (*vlog)(bus_t *this, debug_t group, level_t level,
char* format, va_list args); char* format, va_list args);
/** /**
* Raise an alert over the bus. * Raise an alert over the bus.
* *
@ -223,7 +223,7 @@ struct bus_t {
* @param ... alert specific attributes * @param ... alert specific attributes
*/ */
void (*alert)(bus_t *this, alert_t alert, ...); void (*alert)(bus_t *this, alert_t alert, ...);
/** /**
* Send a IKE_SA state change event to the bus. * Send a IKE_SA state change event to the bus.
* *
@ -247,7 +247,7 @@ struct bus_t {
* @param incoming TRUE for incoming messages, FALSE for outgoing * @param incoming TRUE for incoming messages, FALSE for outgoing
*/ */
void (*message)(bus_t *this, message_t *message, bool incoming); void (*message)(bus_t *this, message_t *message, bool incoming);
/** /**
* IKE_SA authorization hook. * IKE_SA authorization hook.
* *
@ -256,7 +256,7 @@ struct bus_t {
* @return TRUE to establish IKE_SA, FALSE to send AUTH_FAILED * @return TRUE to establish IKE_SA, FALSE to send AUTH_FAILED
*/ */
bool (*authorize)(bus_t *this, linked_list_t *auth, bool final); bool (*authorize)(bus_t *this, linked_list_t *auth, bool final);
/** /**
* IKE_SA keymat hook. * IKE_SA keymat hook.
* *
@ -278,7 +278,7 @@ struct bus_t {
*/ */
void (*child_keys)(bus_t *this, child_sa_t *child_sa, diffie_hellman_t *dh, void (*child_keys)(bus_t *this, child_sa_t *child_sa, diffie_hellman_t *dh,
chunk_t nonce_i, chunk_t nonce_r); chunk_t nonce_i, chunk_t nonce_r);
/** /**
* IKE_SA up/down hook. * IKE_SA up/down hook.
* *
@ -286,7 +286,7 @@ struct bus_t {
* @param up TRUE for an up event, FALSE for a down event * @param up TRUE for an up event, FALSE for a down event
*/ */
void (*ike_updown)(bus_t *this, ike_sa_t *ike_sa, bool up); void (*ike_updown)(bus_t *this, ike_sa_t *ike_sa, bool up);
/** /**
* IKE_SA rekeying hook. * IKE_SA rekeying hook.
* *
@ -294,7 +294,7 @@ struct bus_t {
* @param new new IKE_SA replacing old * @param new new IKE_SA replacing old
*/ */
void (*ike_rekey)(bus_t *this, ike_sa_t *old, ike_sa_t *new); void (*ike_rekey)(bus_t *this, ike_sa_t *old, ike_sa_t *new);
/** /**
* CHILD_SA up/down hook. * CHILD_SA up/down hook.
* *
@ -302,7 +302,7 @@ struct bus_t {
* @param up TRUE for an up event, FALSE for a down event * @param up TRUE for an up event, FALSE for a down event
*/ */
void (*child_updown)(bus_t *this, child_sa_t *child_sa, bool up); void (*child_updown)(bus_t *this, child_sa_t *child_sa, bool up);
/** /**
* CHILD_SA rekeying hook. * CHILD_SA rekeying hook.
* *
@ -310,7 +310,7 @@ struct bus_t {
* @param new new CHILD_SA replacing old * @param new new CHILD_SA replacing old
*/ */
void (*child_rekey)(bus_t *this, child_sa_t *old, child_sa_t *new); void (*child_rekey)(bus_t *this, child_sa_t *old, child_sa_t *new);
/** /**
* Destroy the event bus. * Destroy the event bus.
*/ */

16
src/charon/bus/listeners/file_logger.c
View File

@ -25,17 +25,17 @@ typedef struct private_file_logger_t private_file_logger_t;
* Private data of a file_logger_t object * Private data of a file_logger_t object
*/ */
struct private_file_logger_t { struct private_file_logger_t {
/** /**
* Public data. * Public data.
*/ */
file_logger_t public; file_logger_t public;
/** /**
* output file * output file
*/ */
FILE *out; FILE *out;
/** /**
* Maximum level to log, for each group * Maximum level to log, for each group
*/ */
@ -52,10 +52,10 @@ static bool log_(private_file_logger_t *this, debug_t group, level_t level,
{ {
char buffer[8192]; char buffer[8192];
char *current = buffer, *next; char *current = buffer, *next;
/* write in memory buffer first */ /* write in memory buffer first */
vsnprintf(buffer, sizeof(buffer), format, args); vsnprintf(buffer, sizeof(buffer), format, args);
/* prepend a prefix in front of every line */ /* prepend a prefix in front of every line */
while (current) while (current)
{ {
@ -109,17 +109,17 @@ static void destroy(private_file_logger_t *this)
file_logger_t *file_logger_create(FILE *out) file_logger_t *file_logger_create(FILE *out)
{ {
private_file_logger_t *this = malloc_thing(private_file_logger_t); private_file_logger_t *this = malloc_thing(private_file_logger_t);
/* public functions */ /* public functions */
memset(&this->public.listener, 0, sizeof(listener_t)); memset(&this->public.listener, 0, sizeof(listener_t));
this->public.listener.log = (bool(*)(listener_t*,debug_t,level_t,int,ike_sa_t*,char*,va_list))log_; this->public.listener.log = (bool(*)(listener_t*,debug_t,level_t,int,ike_sa_t*,char*,va_list))log_;
this->public.set_level = (void(*)(file_logger_t*,debug_t,level_t))set_level; this->public.set_level = (void(*)(file_logger_t*,debug_t,level_t))set_level;
this->public.destroy = (void(*)(file_logger_t*))destroy; this->public.destroy = (void(*)(file_logger_t*))destroy;
/* private variables */ /* private variables */
this->out = out; this->out = out;
set_level(this, DBG_ANY, LEVEL_SILENT); set_level(this, DBG_ANY, LEVEL_SILENT);
return &this->public; return &this->public;
} }

6
src/charon/bus/listeners/file_logger.h
View File

@ -29,12 +29,12 @@ typedef struct file_logger_t file_logger_t;
* Logger to files which implements listener_t. * Logger to files which implements listener_t.
*/ */
struct file_logger_t { struct file_logger_t {
/** /**
* Implements the listener_t interface. * Implements the listener_t interface.
*/ */
listener_t listener; listener_t listener;
/** /**
* Set the loglevel for a debug group. * Set the loglevel for a debug group.
* *
@ -42,7 +42,7 @@ struct file_logger_t {
* @param level max level to log (0..4) * @param level max level to log (0..4)
*/ */
void (*set_level) (file_logger_t *this, debug_t group, level_t level); void (*set_level) (file_logger_t *this, debug_t group, level_t level);
/** /**
* Destroys a file_logger_t object. * Destroys a file_logger_t object.
*/ */

24
src/charon/bus/listeners/listener.h
View File

@ -29,7 +29,7 @@ typedef struct listener_t listener_t;
* Listener interface, listens to events if registered to the bus. * Listener interface, listens to events if registered to the bus.
*/ */
struct listener_t { struct listener_t {
/** /**
* Log a debugging message. * Log a debugging message.
* *
@ -48,7 +48,7 @@ struct listener_t {
*/ */
bool (*log)(listener_t *this, debug_t group, level_t level, int thread, bool (*log)(listener_t *this, debug_t group, level_t level, int thread,
ike_sa_t *ike_sa, char* format, va_list args); ike_sa_t *ike_sa, char* format, va_list args);
/** /**
* Hook called if a critical alert is risen. * Hook called if a critical alert is risen.
* *
@ -59,7 +59,7 @@ struct listener_t {
*/ */
bool (*alert)(listener_t *this, ike_sa_t *ike_sa, bool (*alert)(listener_t *this, ike_sa_t *ike_sa,
alert_t alert, va_list args); alert_t alert, va_list args);
/** /**
* Handle state changes in an IKE_SA. * Handle state changes in an IKE_SA.
* *
@ -69,7 +69,7 @@ struct listener_t {
*/ */
bool (*ike_state_change)(listener_t *this, ike_sa_t *ike_sa, bool (*ike_state_change)(listener_t *this, ike_sa_t *ike_sa,
ike_sa_state_t state); ike_sa_state_t state);
/** /**
* Handle state changes in a CHILD_SA. * Handle state changes in a CHILD_SA.
* *
@ -80,7 +80,7 @@ struct listener_t {
*/ */
bool (*child_state_change)(listener_t *this, ike_sa_t *ike_sa, bool (*child_state_change)(listener_t *this, ike_sa_t *ike_sa,
child_sa_t *child_sa, child_sa_state_t state); child_sa_t *child_sa, child_sa_state_t state);
/** /**
* Hook called for received/sent messages of an IKE_SA. * Hook called for received/sent messages of an IKE_SA.
* *
@ -91,7 +91,7 @@ struct listener_t {
*/ */
bool (*message)(listener_t *this, ike_sa_t *ike_sa, message_t *message, bool (*message)(listener_t *this, ike_sa_t *ike_sa, message_t *message,
bool incoming); bool incoming);
/** /**
* Hook called with IKE_SA key material. * Hook called with IKE_SA key material.
* *
@ -104,7 +104,7 @@ struct listener_t {
*/ */
bool (*ike_keys)(listener_t *this, ike_sa_t *ike_sa, diffie_hellman_t *dh, bool (*ike_keys)(listener_t *this, ike_sa_t *ike_sa, diffie_hellman_t *dh,
chunk_t nonce_i, chunk_t nonce_r, ike_sa_t *rekey); chunk_t nonce_i, chunk_t nonce_r, ike_sa_t *rekey);
/** /**
* Hook called with CHILD_SA key material. * Hook called with CHILD_SA key material.
* *
@ -117,7 +117,7 @@ struct listener_t {
*/ */
bool (*child_keys)(listener_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa, bool (*child_keys)(listener_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa,
diffie_hellman_t *dh, chunk_t nonce_i, chunk_t nonce_r); diffie_hellman_t *dh, chunk_t nonce_i, chunk_t nonce_r);
/** /**
* Hook called if an IKE_SA gets up or down. * Hook called if an IKE_SA gets up or down.
* *
@ -126,7 +126,7 @@ struct listener_t {
* @return TRUE to stay registered, FALSE to unregister * @return TRUE to stay registered, FALSE to unregister
*/ */
bool (*ike_updown)(listener_t *this, ike_sa_t *ike_sa, bool up); bool (*ike_updown)(listener_t *this, ike_sa_t *ike_sa, bool up);
/** /**
* Hook called when an IKE_SA gets rekeyed. * Hook called when an IKE_SA gets rekeyed.
* *
@ -135,7 +135,7 @@ struct listener_t {
* @return TRUE to stay registered, FALSE to unregister * @return TRUE to stay registered, FALSE to unregister
*/ */
bool (*ike_rekey)(listener_t *this, ike_sa_t *old, ike_sa_t *new); bool (*ike_rekey)(listener_t *this, ike_sa_t *old, ike_sa_t *new);
/** /**
* Hook called when a CHILD_SA gets up or down. * Hook called when a CHILD_SA gets up or down.
* *
@ -146,7 +146,7 @@ struct listener_t {
*/ */
bool (*child_updown)(listener_t *this, ike_sa_t *ike_sa, bool (*child_updown)(listener_t *this, ike_sa_t *ike_sa,
child_sa_t *child_sa, bool up); child_sa_t *child_sa, bool up);
/** /**
* Hook called when an CHILD_SA gets rekeyed. * Hook called when an CHILD_SA gets rekeyed.
* *
@ -157,7 +157,7 @@ struct listener_t {
*/ */
bool (*child_rekey)(listener_t *this, ike_sa_t *ike_sa, bool (*child_rekey)(listener_t *this, ike_sa_t *ike_sa,
child_sa_t *old, child_sa_t *new); child_sa_t *old, child_sa_t *new);
/** /**
* Hook called to invoke additional authorization rules. * Hook called to invoke additional authorization rules.
* *

16
src/charon/bus/listeners/sys_logger.c
View File

@ -25,17 +25,17 @@ typedef struct private_sys_logger_t private_sys_logger_t;
* Private data of a sys_logger_t object * Private data of a sys_logger_t object
*/ */
struct private_sys_logger_t { struct private_sys_logger_t {
/** /**
* Public data. * Public data.
*/ */
sys_logger_t public; sys_logger_t public;
/** /**
* syslog facility to use * syslog facility to use
*/ */
int facility; int facility;
/** /**
* Maximum level to log, for each group * Maximum level to log, for each group
*/ */
@ -52,10 +52,10 @@ static bool log_(private_sys_logger_t *this, debug_t group, level_t level,
{ {
char buffer[8192]; char buffer[8192];
char *current = buffer, *next; char *current = buffer, *next;
/* write in memory buffer first */ /* write in memory buffer first */
vsnprintf(buffer, sizeof(buffer), format, args); vsnprintf(buffer, sizeof(buffer), format, args);
/* do a syslog with every line */ /* do a syslog with every line */
while (current) while (current)
{ {
@ -106,16 +106,16 @@ static void destroy(private_sys_logger_t *this)
sys_logger_t *sys_logger_create(int facility) sys_logger_t *sys_logger_create(int facility)
{ {
private_sys_logger_t *this = malloc_thing(private_sys_logger_t); private_sys_logger_t *this = malloc_thing(private_sys_logger_t);
/* public functions */ /* public functions */
memset(&this->public.listener, 0, sizeof(listener_t)); memset(&this->public.listener, 0, sizeof(listener_t));
this->public.listener.log = (bool(*)(listener_t*,debug_t,level_t,int,ike_sa_t*,char*,va_list))log_; this->public.listener.log = (bool(*)(listener_t*,debug_t,level_t,int,ike_sa_t*,char*,va_list))log_;
this->public.set_level = (void(*)(sys_logger_t*,debug_t,level_t))set_level; this->public.set_level = (void(*)(sys_logger_t*,debug_t,level_t))set_level;
this->public.destroy = (void(*)(sys_logger_t*))destroy; this->public.destroy = (void(*)(sys_logger_t*))destroy;
/* private variables */ /* private variables */
this->facility = facility; this->facility = facility;
set_level(this, DBG_ANY, LEVEL_SILENT); set_level(this, DBG_ANY, LEVEL_SILENT);
return &this->public; return &this->public;
} }

6
src/charon/bus/listeners/sys_logger.h
View File

@ -31,12 +31,12 @@ typedef struct sys_logger_t sys_logger_t;
* Logger for syslog which implements listener_t. * Logger for syslog which implements listener_t.
*/ */
struct sys_logger_t { struct sys_logger_t {
/** /**
* Implements the listener_t interface. * Implements the listener_t interface.
*/ */
listener_t listener; listener_t listener;
/** /**
* Set the loglevel for a debug group. * Set the loglevel for a debug group.
* *
@ -44,7 +44,7 @@ struct sys_logger_t {
* @param level max level to log (0..4) * @param level max level to log (0..4)
*/ */
void (*set_level) (sys_logger_t *this, debug_t group, level_t level); void (*set_level) (sys_logger_t *this, debug_t group, level_t level);
/** /**
* Destroys a sys_logger_t object. * Destroys a sys_logger_t object.
*/ */

4
src/charon/config/attributes/attribute_handler.h
View File

@ -30,7 +30,7 @@ typedef struct attribute_handler_t attribute_handler_t;
* Interface to handle configuration payload attributes. * Interface to handle configuration payload attributes.
*/ */
struct attribute_handler_t { struct attribute_handler_t {
/** /**
* Handle a configuration attribute. * Handle a configuration attribute.
* *
@ -43,7 +43,7 @@ struct attribute_handler_t {
*/ */
bool (*handle)(attribute_handler_t *this, ike_sa_t *ike_sa, bool (*handle)(attribute_handler_t *this, ike_sa_t *ike_sa,
configuration_attribute_type_t type, chunk_t data); configuration_attribute_type_t type, chunk_t data);
/** /**
* Release an attribute handled during handle(). * Release an attribute handled during handle().
* *

26
src/charon/config/attributes/attribute_manager.c
View File

@ -30,17 +30,17 @@ struct private_attribute_manager_t {
* public functions * public functions
*/ */
attribute_manager_t public; attribute_manager_t public;
/** /**
* list of registered providers * list of registered providers
*/ */
linked_list_t *providers; linked_list_t *providers;
/** /**
* list of registered handlers * list of registered handlers
*/ */
linked_list_t *handlers; linked_list_t *handlers;
/** /**
* rwlock provider list * rwlock provider list
*/ */
@ -57,7 +57,7 @@ static host_t* acquire_address(private_attribute_manager_t *this,
enumerator_t *enumerator; enumerator_t *enumerator;
attribute_provider_t *current; attribute_provider_t *current;
host_t *host = NULL; host_t *host = NULL;
this->lock->read_lock(this->lock); this->lock->read_lock(this->lock);
enumerator = this->providers->create_enumerator(this->providers); enumerator = this->providers->create_enumerator(this->providers);
while (enumerator->enumerate(enumerator, &current)) while (enumerator->enumerate(enumerator, &current))
@ -70,7 +70,7 @@ static host_t* acquire_address(private_attribute_manager_t *this,
} }
enumerator->destroy(enumerator); enumerator->destroy(enumerator);
this->lock->unlock(this->lock); this->lock->unlock(this->lock);
if (!host) if (!host)
{ {
DBG1(DBG_CFG, "acquiring address from pool '%s' failed", pool); DBG1(DBG_CFG, "acquiring address from pool '%s' failed", pool);
@ -87,7 +87,7 @@ static void release_address(private_attribute_manager_t *this,
enumerator_t *enumerator; enumerator_t *enumerator;
attribute_provider_t *current; attribute_provider_t *current;
bool found = FALSE; bool found = FALSE;
this->lock->read_lock(this->lock); this->lock->read_lock(this->lock);
enumerator = this->providers->create_enumerator(this->providers); enumerator = this->providers->create_enumerator(this->providers);
while (enumerator->enumerate(enumerator, &current)) while (enumerator->enumerate(enumerator, &current))
@ -100,7 +100,7 @@ static void release_address(private_attribute_manager_t *this,
} }
enumerator->destroy(enumerator); enumerator->destroy(enumerator);
this->lock->unlock(this->lock); this->lock->unlock(this->lock);
if (!found) if (!found)
{ {
DBG1(DBG_CFG, "releasing address to pool '%s' failed", pool); DBG1(DBG_CFG, "releasing address to pool '%s' failed", pool);
@ -161,7 +161,7 @@ static attribute_handler_t* handle(private_attribute_manager_t *this,
{ {
enumerator_t *enumerator; enumerator_t *enumerator;
attribute_handler_t *current, *handled = NULL; attribute_handler_t *current, *handled = NULL;
this->lock->read_lock(this->lock); this->lock->read_lock(this->lock);
enumerator = this->handlers->create_enumerator(this->handlers); enumerator = this->handlers->create_enumerator(this->handlers);
while (enumerator->enumerate(enumerator, &current)) while (enumerator->enumerate(enumerator, &current))
@ -174,7 +174,7 @@ static attribute_handler_t* handle(private_attribute_manager_t *this,
} }
enumerator->destroy(enumerator); enumerator->destroy(enumerator);
this->lock->unlock(this->lock); this->lock->unlock(this->lock);
if (!handled) if (!handled)
{ {
DBG1(DBG_CFG, "handling %N attribute failed", DBG1(DBG_CFG, "handling %N attribute failed",
@ -192,7 +192,7 @@ static void release(private_attribute_manager_t *this,
{ {
enumerator_t *enumerator; enumerator_t *enumerator;
attribute_handler_t *current; attribute_handler_t *current;
this->lock->read_lock(this->lock); this->lock->read_lock(this->lock);
enumerator = this->handlers->create_enumerator(this->handlers); enumerator = this->handlers->create_enumerator(this->handlers);
while (enumerator->enumerate(enumerator, &current)) while (enumerator->enumerate(enumerator, &current))
@ -246,7 +246,7 @@ static void destroy(private_attribute_manager_t *this)
attribute_manager_t *attribute_manager_create() attribute_manager_t *attribute_manager_create()
{ {
private_attribute_manager_t *this = malloc_thing(private_attribute_manager_t); private_attribute_manager_t *this = malloc_thing(private_attribute_manager_t);
this->public.acquire_address = (host_t*(*)(attribute_manager_t*, char*, identification_t*,host_t*))acquire_address; this->public.acquire_address = (host_t*(*)(attribute_manager_t*, char*, identification_t*,host_t*))acquire_address;
this->public.release_address = (void(*)(attribute_manager_t*, char *, host_t*, identification_t*))release_address; this->public.release_address = (void(*)(attribute_manager_t*, char *, host_t*, identification_t*))release_address;
this->public.create_attribute_enumerator = (enumerator_t*(*)(attribute_manager_t*, identification_t *id))create_attribute_enumerator; this->public.create_attribute_enumerator = (enumerator_t*(*)(attribute_manager_t*, identification_t *id))create_attribute_enumerator;
@ -257,11 +257,11 @@ attribute_manager_t *attribute_manager_create()
this->public.add_handler = (void(*)(attribute_manager_t*, attribute_handler_t *handler))add_handler; this->public.add_handler = (void(*)(attribute_manager_t*, attribute_handler_t *handler))add_handler;
this->public.remove_handler = (void(*)(attribute_manager_t*, attribute_handler_t *handler))remove_handler; this->public.remove_handler = (void(*)(attribute_manager_t*, attribute_handler_t *handler))remove_handler;
this->public.destroy = (void(*)(attribute_manager_t*))destroy; this->public.destroy = (void(*)(attribute_manager_t*))destroy;
this->providers = linked_list_create(); this->providers = linked_list_create();
this->handlers = linked_list_create(); this->handlers = linked_list_create();
this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT); this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT);
return &this->public; return &this->public;
} }

18
src/charon/config/attributes/attribute_manager.h
View File

@ -35,7 +35,7 @@ typedef struct attribute_manager_t attribute_manager_t;
* are received on the requesting peer. * are received on the requesting peer.
*/ */
struct attribute_manager_t { struct attribute_manager_t {
/** /**
* Acquire a virtual IP address to assign to a peer. * Acquire a virtual IP address to assign to a peer.
* *
@ -47,7 +47,7 @@ struct attribute_manager_t {
host_t* (*acquire_address)(attribute_manager_t *this, host_t* (*acquire_address)(attribute_manager_t *this,
char *pool, identification_t *id, char *pool, identification_t *id,
host_t *requested); host_t *requested);
/** /**
* Release a previously acquired address. * Release a previously acquired address.
* *
@ -57,7 +57,7 @@ struct attribute_manager_t {
*/ */
void (*release_address)(attribute_manager_t *this, void (*release_address)(attribute_manager_t *this,
char *pool, host_t *address, identification_t *id); char *pool, host_t *address, identification_t *id);
/** /**
* Create an enumerator over attributes to hand out to a peer. * Create an enumerator over attributes to hand out to a peer.
* *
@ -66,7 +66,7 @@ struct attribute_manager_t {
*/ */
enumerator_t* (*create_attribute_enumerator)(attribute_manager_t *this, enumerator_t* (*create_attribute_enumerator)(attribute_manager_t *this,
identification_t *id); identification_t *id);
/** /**
* Register an attribute provider to the manager. * Register an attribute provider to the manager.
* *
@ -81,7 +81,7 @@ struct attribute_manager_t {
*/ */
void (*remove_provider)(attribute_manager_t *this, void (*remove_provider)(attribute_manager_t *this,
attribute_provider_t *provider); attribute_provider_t *provider);
/** /**
* Handle a configuration attribute by passing them to the handlers. * Handle a configuration attribute by passing them to the handlers.
* *
@ -92,7 +92,7 @@ struct attribute_manager_t {
*/ */
attribute_handler_t* (*handle)(attribute_manager_t *this, ike_sa_t *ike_sa, attribute_handler_t* (*handle)(attribute_manager_t *this, ike_sa_t *ike_sa,
configuration_attribute_type_t type, chunk_t data); configuration_attribute_type_t type, chunk_t data);
/** /**
* Release an attribute previously handle()d by a handler. * Release an attribute previously handle()d by a handler.
* *
@ -104,7 +104,7 @@ struct attribute_manager_t {
void (*release)(attribute_manager_t *this, attribute_handler_t *handler, void (*release)(attribute_manager_t *this, attribute_handler_t *handler,
ike_sa_t *ike_sa, configuration_attribute_type_t type, ike_sa_t *ike_sa, configuration_attribute_type_t type,
chunk_t data); chunk_t data);
/** /**
* Register an attribute handler to the manager. * Register an attribute handler to the manager.
* *
@ -112,7 +112,7 @@ struct attribute_manager_t {
*/ */
void (*add_handler)(attribute_manager_t *this, void (*add_handler)(attribute_manager_t *this,
attribute_handler_t *handler); attribute_handler_t *handler);
/** /**
* Unregister an attribute handler from the manager. * Unregister an attribute handler from the manager.
* *
@ -120,7 +120,7 @@ struct attribute_manager_t {
*/ */
void (*remove_handler)(attribute_manager_t *this, void (*remove_handler)(attribute_manager_t *this,
attribute_handler_t *handler); attribute_handler_t *handler);
/** /**
* Destroy a attribute_manager instance. * Destroy a attribute_manager instance.
*/ */

4
src/charon/config/attributes/attribute_provider.h
View File

@ -41,7 +41,7 @@ struct attribute_provider_t {
* @return allocated address, NULL to serve none * @return allocated address, NULL to serve none
*/ */
host_t* (*acquire_address)(attribute_provider_t *this, host_t* (*acquire_address)(attribute_provider_t *this,
char *pool, identification_t *id, char *pool, identification_t *id,
host_t *requested); host_t *requested);
/** /**
* Release a previously acquired address. * Release a previously acquired address.
@ -53,7 +53,7 @@ struct attribute_provider_t {
*/ */
bool (*release_address)(attribute_provider_t *this, bool (*release_address)(attribute_provider_t *this,
char *pool, host_t *address, identification_t *id); char *pool, host_t *address, identification_t *id);
/** /**
* Create an enumerator over attributes to hand out to a peer. * Create an enumerator over attributes to hand out to a peer.
* *

56
src/charon/config/auth_cfg.c
View File

@ -45,12 +45,12 @@ typedef struct private_auth_cfg_t private_auth_cfg_t;
* private data of item_set * private data of item_set
*/ */
struct private_auth_cfg_t { struct private_auth_cfg_t {
/** /**
* public functions * public functions
*/ */
auth_cfg_t public; auth_cfg_t public;
/** /**
* list of entry_t * list of entry_t
*/ */
@ -84,7 +84,7 @@ typedef struct {
static bool enumerate(entry_enumerator_t *this, auth_rule_t *type, void **value) static bool enumerate(entry_enumerator_t *this, auth_rule_t *type, void **value)
{ {
entry_t *entry; entry_t *entry;
if (this->inner->enumerate(this->inner, &entry)) if (this->inner->enumerate(this->inner, &entry))
{ {
this->current = entry; this->current = entry;
@ -110,7 +110,7 @@ static void entry_enumerator_destroy(entry_enumerator_t *this)
static enumerator_t* create_enumerator(private_auth_cfg_t *this) static enumerator_t* create_enumerator(private_auth_cfg_t *this)
{ {
entry_enumerator_t *enumerator; entry_enumerator_t *enumerator;
enumerator = malloc_thing(entry_enumerator_t); enumerator = malloc_thing(entry_enumerator_t);
enumerator->inner = this->entries->create_enumerator(this->entries); enumerator->inner = this->entries->create_enumerator(this->entries);
enumerator->public.enumerate = (void*)enumerate; enumerator->public.enumerate = (void*)enumerate;
@ -168,9 +168,9 @@ static void replace(auth_cfg_t *this, entry_enumerator_t *enumerator,
if (enumerator->current) if (enumerator->current)
{ {
va_list args; va_list args;
va_start(args, type); va_start(args, type);
destroy_entry_value(enumerator->current); destroy_entry_value(enumerator->current);
enumerator->current->type = type; enumerator->current->type = type;
switch (type) switch (type)
@ -210,7 +210,7 @@ static void* get(private_auth_cfg_t *this, auth_rule_t type)
void *current_value, *best_value = NULL; void *current_value, *best_value = NULL;
auth_rule_t current_type; auth_rule_t current_type;
bool found = FALSE; bool found = FALSE;
enumerator = create_enumerator(this); enumerator = create_enumerator(this);
while (enumerator->enumerate(enumerator, &current_type, &current_value)) while (enumerator->enumerate(enumerator, &current_type, &current_value))
{ {
@ -270,7 +270,7 @@ static void add(private_auth_cfg_t *this, auth_rule_t type, ...)
{ {
entry_t *entry = malloc_thing(entry_t); entry_t *entry = malloc_thing(entry_t);
va_list args; va_list args;
va_start(args, type); va_start(args, type);
entry->type = type; entry->type = type;
switch (type) switch (type)
@ -311,7 +311,7 @@ static bool complies(private_auth_cfg_t *this, auth_cfg_t *constraints,
bool success = TRUE; bool success = TRUE;
auth_rule_t t1, t2; auth_rule_t t1, t2;
void *value; void *value;
e1 = constraints->create_enumerator(constraints); e1 = constraints->create_enumerator(constraints);
while (e1->enumerate(e1, &t1, &value)) while (e1->enumerate(e1, &t1, &value))
{ {
@ -321,9 +321,9 @@ static bool complies(private_auth_cfg_t *this, auth_cfg_t *constraints,
case AUTH_RULE_IM_CERT: case AUTH_RULE_IM_CERT:
{ {
certificate_t *c1, *c2; certificate_t *c1, *c2;
c1 = (certificate_t*)value; c1 = (certificate_t*)value;
success = FALSE; success = FALSE;
e2 = create_enumerator(this); e2 = create_enumerator(this);
while (e2->enumerate(e2, &t2, &c2)) while (e2->enumerate(e2, &t2, &c2))
@ -345,7 +345,7 @@ static bool complies(private_auth_cfg_t *this, auth_cfg_t *constraints,
case AUTH_RULE_SUBJECT_CERT: case AUTH_RULE_SUBJECT_CERT:
{ {
certificate_t *c1, *c2; certificate_t *c1, *c2;
c1 = (certificate_t*)value; c1 = (certificate_t*)value;
c2 = get(this, AUTH_RULE_SUBJECT_CERT); c2 = get(this, AUTH_RULE_SUBJECT_CERT);
if (!c2 || !c1->equals(c1, c2)) if (!c2 || !c1->equals(c1, c2))
@ -364,7 +364,7 @@ static bool complies(private_auth_cfg_t *this, auth_cfg_t *constraints,
case AUTH_RULE_OCSP_VALIDATION: case AUTH_RULE_OCSP_VALIDATION:
{ {
cert_validation_t validated, required; cert_validation_t validated, required;
required = (uintptr_t)value; required = (uintptr_t)value;
validated = (uintptr_t)get(this, t1); validated = (uintptr_t)get(this, t1);
switch (required) switch (required)
@ -401,7 +401,7 @@ static bool complies(private_auth_cfg_t *this, auth_cfg_t *constraints,
case AUTH_RULE_EAP_IDENTITY: case AUTH_RULE_EAP_IDENTITY:
{ {
identification_t *id1, *id2; identification_t *id1, *id2;
id1 = (identification_t*)value; id1 = (identification_t*)value;
id2 = get(this, t1); id2 = get(this, t1);
if (!id2 || !id2->matches(id2, id1)) if (!id2 || !id2->matches(id2, id1))
@ -499,7 +499,7 @@ static void merge(private_auth_cfg_t *this, private_auth_cfg_t *other, bool copy
enumerator_t *enumerator; enumerator_t *enumerator;
auth_rule_t type; auth_rule_t type;
void *value; void *value;
enumerator = create_enumerator(other); enumerator = create_enumerator(other);
while (enumerator->enumerate(enumerator, &type, &value)) while (enumerator->enumerate(enumerator, &type, &value))
{ {
@ -512,7 +512,7 @@ static void merge(private_auth_cfg_t *this, private_auth_cfg_t *other, bool copy
case AUTH_HELPER_SUBJECT_CERT: case AUTH_HELPER_SUBJECT_CERT:
{ {
certificate_t *cert = (certificate_t*)value; certificate_t *cert = (certificate_t*)value;
add(this, type, cert->get_ref(cert)); add(this, type, cert->get_ref(cert));
break; break;
} }
@ -530,7 +530,7 @@ static void merge(private_auth_cfg_t *this, private_auth_cfg_t *other, bool copy
case AUTH_RULE_AC_GROUP: case AUTH_RULE_AC_GROUP:
{ {
identification_t *id = (identification_t*)value; identification_t *id = (identification_t*)value;
add(this, type, id->clone(id)); add(this, type, id->clone(id));
break; break;
} }
@ -547,7 +547,7 @@ static void merge(private_auth_cfg_t *this, private_auth_cfg_t *other, bool copy
else else
{ {
entry_t *entry; entry_t *entry;
while (other->entries->remove_first(other->entries, while (other->entries->remove_first(other->entries,
(void**)&entry) == SUCCESS) (void**)&entry) == SUCCESS)
{ {
@ -564,7 +564,7 @@ static bool equals(private_auth_cfg_t *this, private_auth_cfg_t *other)
enumerator_t *e1, *e2; enumerator_t *e1, *e2;
entry_t *i1, *i2; entry_t *i1, *i2;
bool equal = TRUE, found; bool equal = TRUE, found;
if (this->entries->get_count(this->entries) != if (this->entries->get_count(this->entries) !=
other->entries->get_count(other->entries)) other->entries->get_count(other->entries))
{ {
@ -601,10 +601,10 @@ static bool equals(private_auth_cfg_t *this, private_auth_cfg_t *other)
case AUTH_HELPER_SUBJECT_CERT: case AUTH_HELPER_SUBJECT_CERT:
{ {
certificate_t *c1, *c2; certificate_t *c1, *c2;
c1 = (certificate_t*)i1->value; c1 = (certificate_t*)i1->value;
c2 = (certificate_t*)i2->value; c2 = (certificate_t*)i2->value;
if (c1->equals(c1, c2)) if (c1->equals(c1, c2))
{ {
found = TRUE; found = TRUE;
@ -617,10 +617,10 @@ static bool equals(private_auth_cfg_t *this, private_auth_cfg_t *other)
case AUTH_RULE_AC_GROUP: case AUTH_RULE_AC_GROUP:
{ {
identification_t *id1, *id2; identification_t *id1, *id2;
id1 = (identification_t*)i1->value; id1 = (identification_t*)i1->value;
id2 = (identification_t*)i2->value; id2 = (identification_t*)i2->value;
if (id1->equals(id1, id2)) if (id1->equals(id1, id2))
{ {
found = TRUE; found = TRUE;
@ -660,7 +660,7 @@ static void purge(private_auth_cfg_t *this, bool keep_ca)
{ {
entry_t *entry; entry_t *entry;
linked_list_t *cas; linked_list_t *cas;
cas = linked_list_create(); cas = linked_list_create();
while (this->entries->remove_last(this->entries, (void**)&entry) == SUCCESS) while (this->entries->remove_last(this->entries, (void**)&entry) == SUCCESS)
{ {
@ -689,7 +689,7 @@ static auth_cfg_t* clone_(private_auth_cfg_t *this)
enumerator_t *enumerator; enumerator_t *enumerator;
auth_cfg_t *clone; auth_cfg_t *clone;
entry_t *entry; entry_t *entry;
clone = auth_cfg_create(); clone = auth_cfg_create();
enumerator = this->entries->create_enumerator(this->entries); enumerator = this->entries->create_enumerator(this->entries);
while (enumerator->enumerate(enumerator, &entry)) while (enumerator->enumerate(enumerator, &entry))
@ -749,7 +749,7 @@ static void destroy(private_auth_cfg_t *this)
auth_cfg_t *auth_cfg_create() auth_cfg_t *auth_cfg_create()
{ {
private_auth_cfg_t *this = malloc_thing(private_auth_cfg_t); private_auth_cfg_t *this = malloc_thing(private_auth_cfg_t);
this->public.add = (void(*)(auth_cfg_t*, auth_rule_t type, ...))add; this->public.add = (void(*)(auth_cfg_t*, auth_rule_t type, ...))add;
this->public.get = (void*(*)(auth_cfg_t*, auth_rule_t type))get; this->public.get = (void*(*)(auth_cfg_t*, auth_rule_t type))get;
this->public.create_enumerator = (enumerator_t*(*)(auth_cfg_t*))create_enumerator; this->public.create_enumerator = (enumerator_t*(*)(auth_cfg_t*))create_enumerator;
@ -760,9 +760,9 @@ auth_cfg_t *auth_cfg_create()
this->public.equals = (bool(*)(auth_cfg_t*, auth_cfg_t *other))equals; this->public.equals = (bool(*)(auth_cfg_t*, auth_cfg_t *other))equals;
this->public.clone = (auth_cfg_t*(*)(auth_cfg_t*))clone_; this->public.clone = (auth_cfg_t*(*)(auth_cfg_t*))clone_;
this->public.destroy = (void(*)(auth_cfg_t*))destroy; this->public.destroy = (void(*)(auth_cfg_t*))destroy;
this->entries = linked_list_create(); this->entries = linked_list_create();
return &this->public; return &this->public;
} }

24
src/charon/config/auth_cfg.h
View File

@ -41,7 +41,7 @@ typedef enum auth_rule_t auth_rule_t;
* to transport credentials during the authentication process. * to transport credentials during the authentication process.
*/ */
enum auth_rule_t { enum auth_rule_t {
/** identity to use for IKEv2 authentication exchange, identification_t* */ /** identity to use for IKEv2 authentication exchange, identification_t* */
AUTH_RULE_IDENTITY, AUTH_RULE_IDENTITY,
/** authentication class, auth_class_t */ /** authentication class, auth_class_t */
@ -64,7 +64,7 @@ enum auth_rule_t {
AUTH_RULE_OCSP_VALIDATION, AUTH_RULE_OCSP_VALIDATION,
/** subject is in attribute certificate group, identification_t* */ /** subject is in attribute certificate group, identification_t* */
AUTH_RULE_AC_GROUP, AUTH_RULE_AC_GROUP,
/** intermediate certificate, certificate_t* */ /** intermediate certificate, certificate_t* */
AUTH_HELPER_IM_CERT, AUTH_HELPER_IM_CERT,
/** subject certificate, certificate_t* */ /** subject certificate, certificate_t* */
@ -86,7 +86,7 @@ extern enum_name_t *auth_rule_names;
* RFC4739 defines multiple authentication rounds. This class defines such * RFC4739 defines multiple authentication rounds. This class defines such
* a round from a configuration perspective, either for the local or the remote * a round from a configuration perspective, either for the local or the remote
* peer. Local config are called "rulesets", as they define how we authenticate. * peer. Local config are called "rulesets", as they define how we authenticate.
* Remote peer configs are called "constraits", they define what is needed to * Remote peer configs are called "constraits", they define what is needed to
* complete the authentication round successfully. * complete the authentication round successfully.
* *
* @verbatim * @verbatim
@ -122,7 +122,7 @@ struct auth_cfg_t {
* @param ... associated value to rule * @param ... associated value to rule
*/ */
void (*add)(auth_cfg_t *this, auth_rule_t rule, ...); void (*add)(auth_cfg_t *this, auth_rule_t rule, ...);
/** /**
* Get an rule value. * Get an rule value.
* *
@ -130,14 +130,14 @@ struct auth_cfg_t {
* @return bool if item has been found * @return bool if item has been found
*/ */
void* (*get)(auth_cfg_t *this, auth_rule_t rule); void* (*get)(auth_cfg_t *this, auth_rule_t rule);
/** /**
* Create an enumerator over added rules. * Create an enumerator over added rules.
* *
* @return enumerator over (auth_rule_t, union{void*,uintpr_t}) * @return enumerator over (auth_rule_t, union{void*,uintpr_t})
*/ */
enumerator_t* (*create_enumerator)(auth_cfg_t *this); enumerator_t* (*create_enumerator)(auth_cfg_t *this);
/** /**
* Replace an rule at enumerator position. * Replace an rule at enumerator position.
* *
@ -147,7 +147,7 @@ struct auth_cfg_t {
*/ */
void (*replace)(auth_cfg_t *this, enumerator_t *pos, void (*replace)(auth_cfg_t *this, enumerator_t *pos,
auth_rule_t rule, ...); auth_rule_t rule, ...);
/** /**
* Check if a used config fulfills a set of configured constraints. * Check if a used config fulfills a set of configured constraints.
* *
@ -156,7 +156,7 @@ struct auth_cfg_t {
* @return TRUE if this complies with constraints * @return TRUE if this complies with constraints
*/ */
bool (*complies)(auth_cfg_t *this, auth_cfg_t *constraints, bool log_error); bool (*complies)(auth_cfg_t *this, auth_cfg_t *constraints, bool log_error);
/** /**
* Merge items from other into this. * Merge items from other into this.
* *
@ -164,14 +164,14 @@ struct auth_cfg_t {
* @param copy TRUE to copy items, FALSE to move them * @param copy TRUE to copy items, FALSE to move them
*/ */
void (*merge)(auth_cfg_t *this, auth_cfg_t *other, bool copy); void (*merge)(auth_cfg_t *this, auth_cfg_t *other, bool copy);
/** /**
* Purge all rules in a config. * Purge all rules in a config.
* *
* @param keep_ca wheter to keep AUTH_RULE_CA_CERT entries * @param keep_ca wheter to keep AUTH_RULE_CA_CERT entries
*/ */
void (*purge)(auth_cfg_t *this, bool keep_ca); void (*purge)(auth_cfg_t *this, bool keep_ca);
/** /**
* Check two configs for equality. * Check two configs for equality.
* *
@ -179,14 +179,14 @@ struct auth_cfg_t {
* @return TRUE if auth infos identical * @return TRUE if auth infos identical
*/ */
bool (*equals)(auth_cfg_t *this, auth_cfg_t *other); bool (*equals)(auth_cfg_t *this, auth_cfg_t *other);
/** /**
* Clone a authentication config, including all rules. * Clone a authentication config, including all rules.
* *
* @return cloned configuration * @return cloned configuration
*/ */
auth_cfg_t* (*clone)(auth_cfg_t *this); auth_cfg_t* (*clone)(auth_cfg_t *this);
/** /**
* Destroy a config with all associated rules/values. * Destroy a config with all associated rules/values.
*/ */

62
src/charon/config/backend_manager.c
View File

@ -34,12 +34,12 @@ struct private_backend_manager_t {
* Public part of backend_manager_t object. * Public part of backend_manager_t object.
*/ */
backend_manager_t public; backend_manager_t public;
/** /**
* list of registered backends * list of registered backends
*/ */
linked_list_t *backends; linked_list_t *backends;
/** /**
* rwlock for backends * rwlock for backends
*/ */
@ -80,7 +80,7 @@ static ike_cfg_match_t get_ike_match(ike_cfg_t *cand, host_t *me, host_t *other)
{ {
host_t *me_cand, *other_cand; host_t *me_cand, *other_cand;
ike_cfg_match_t match = MATCH_NONE; ike_cfg_match_t match = MATCH_NONE;
if (me) if (me)
{ {
me_cand = host_create_from_dns(cand->get_my_addr(cand), me_cand = host_create_from_dns(cand->get_my_addr(cand),
@ -103,7 +103,7 @@ static ike_cfg_match_t get_ike_match(ike_cfg_t *cand, host_t *me, host_t *other)
{ {
match += MATCH_ANY; match += MATCH_ANY;
} }
if (other) if (other)
{ {
other_cand = host_create_from_dns(cand->get_other_addr(cand), other_cand = host_create_from_dns(cand->get_other_addr(cand),
@ -132,21 +132,21 @@ static ike_cfg_match_t get_ike_match(ike_cfg_t *cand, host_t *me, host_t *other)
/** /**
* implements backend_manager_t.get_ike_cfg. * implements backend_manager_t.get_ike_cfg.
*/ */
static ike_cfg_t *get_ike_cfg(private_backend_manager_t *this, static ike_cfg_t *get_ike_cfg(private_backend_manager_t *this,
host_t *me, host_t *other) host_t *me, host_t *other)
{ {
ike_cfg_t *current, *found = NULL; ike_cfg_t *current, *found = NULL;
enumerator_t *enumerator; enumerator_t *enumerator;
ike_cfg_match_t match, best = MATCH_ANY; ike_cfg_match_t match, best = MATCH_ANY;
ike_data_t *data; ike_data_t *data;
data = malloc_thing(ike_data_t); data = malloc_thing(ike_data_t);
data->this = this; data->this = this;
data->me = me; data->me = me;
data->other = other; data->other = other;
DBG2(DBG_CFG, "looking for an ike config for %H...%H", me, other); DBG2(DBG_CFG, "looking for an ike config for %H...%H", me, other);
this->lock->read_lock(this->lock); this->lock->read_lock(this->lock);
enumerator = enumerator_create_nested( enumerator = enumerator_create_nested(
this->backends->create_enumerator(this->backends), this->backends->create_enumerator(this->backends),
@ -154,11 +154,11 @@ static ike_cfg_t *get_ike_cfg(private_backend_manager_t *this,
while (enumerator->enumerate(enumerator, (void**)&current)) while (enumerator->enumerate(enumerator, (void**)&current))
{ {
match = get_ike_match(current, me, other); match = get_ike_match(current, me, other);
if (match) if (match)
{ {
DBG2(DBG_CFG, " candidate: %s...%s, prio %d", DBG2(DBG_CFG, " candidate: %s...%s, prio %d",
current->get_my_addr(current), current->get_my_addr(current),
current->get_other_addr(current), match); current->get_other_addr(current), match);
if (match > best) if (match > best)
{ {
@ -173,7 +173,7 @@ static ike_cfg_t *get_ike_cfg(private_backend_manager_t *this,
this->lock->unlock(this->lock); this->lock->unlock(this->lock);
if (found) if (found)
{ {
DBG2(DBG_CFG, "found matching ike config: %s...%s with prio %d", DBG2(DBG_CFG, "found matching ike config: %s...%s with prio %d",
found->get_my_addr(found), found->get_other_addr(found), best); found->get_my_addr(found), found->get_other_addr(found), best);
} }
return found; return found;
@ -189,12 +189,12 @@ static id_match_t get_peer_match(identification_t *id,
auth_cfg_t *auth; auth_cfg_t *auth;
identification_t *candidate; identification_t *candidate;
id_match_t match = ID_MATCH_NONE; id_match_t match = ID_MATCH_NONE;
if (!id) if (!id)
{ {
return ID_MATCH_ANY; return ID_MATCH_ANY;
} }
/* compare first auth config only */ /* compare first auth config only */
enumerator = cfg->create_auth_cfg_enumerator(cfg, local); enumerator = cfg->create_auth_cfg_enumerator(cfg, local);
if (enumerator->enumerate(enumerator, &auth)) if (enumerator->enumerate(enumerator, &auth))
@ -269,7 +269,7 @@ static bool peer_enum_filter(linked_list_t *configs,
static void peer_enum_filter_destroy(linked_list_t *configs) static void peer_enum_filter_destroy(linked_list_t *configs)
{ {
match_entry_t *entry; match_entry_t *entry;
while (configs->remove_last(configs, (void**)&entry) == SUCCESS) while (configs->remove_last(configs, (void**)&entry) == SUCCESS)
{ {
entry->cfg->destroy(entry->cfg); entry->cfg->destroy(entry->cfg);
@ -285,7 +285,7 @@ static void insert_sorted(match_entry_t *entry, linked_list_t *list,
linked_list_t *helper) linked_list_t *helper)
{ {
match_entry_t *current; match_entry_t *current;
while (list->remove_first(list, (void**)&current) == SUCCESS) while (list->remove_first(list, (void**)&current) == SUCCESS)
{ {
helper->insert_last(helper, current); helper->insert_last(helper, current);
@ -311,7 +311,7 @@ static void insert_sorted(match_entry_t *entry, linked_list_t *list,
/** /**
* Implements backend_manager_t.create_peer_cfg_enumerator. * Implements backend_manager_t.create_peer_cfg_enumerator.
*/ */
static enumerator_t *create_peer_cfg_enumerator(private_backend_manager_t *this, static enumerator_t *create_peer_cfg_enumerator(private_backend_manager_t *this,
host_t *me, host_t *other, identification_t *my_id, host_t *me, host_t *other, identification_t *my_id,
identification_t *other_id) identification_t *other_id)
@ -320,26 +320,26 @@ static enumerator_t *create_peer_cfg_enumerator(private_backend_manager_t *this,
peer_data_t *data; peer_data_t *data;
peer_cfg_t *cfg; peer_cfg_t *cfg;
linked_list_t *configs, *helper; linked_list_t *configs, *helper;
data = malloc_thing(peer_data_t); data = malloc_thing(peer_data_t);
data->lock = this->lock; data->lock = this->lock;
data->me = my_id; data->me = my_id;
data->other = other_id; data->other = other_id;
/* create a sorted list with all matches */ /* create a sorted list with all matches */
this->lock->read_lock(this->lock); this->lock->read_lock(this->lock);
enumerator = enumerator_create_nested( enumerator = enumerator_create_nested(
this->backends->create_enumerator(this->backends), this->backends->create_enumerator(this->backends),
(void*)peer_enum_create, data, (void*)peer_enum_destroy); (void*)peer_enum_create, data, (void*)peer_enum_destroy);
if (!me && !other && !my_id && !other_id) if (!me && !other && !my_id && !other_id)
{ /* shortcut if we are doing a "listall" */ { /* shortcut if we are doing a "listall" */
return enumerator; return enumerator;
} }
DBG1(DBG_CFG, "looking for peer configs matching %H[%Y]...%H[%Y]", DBG1(DBG_CFG, "looking for peer configs matching %H[%Y]...%H[%Y]",
me, my_id, other, other_id); me, my_id, other, other_id);
configs = linked_list_create(); configs = linked_list_create();
/* only once allocated helper list for sorting */ /* only once allocated helper list for sorting */
helper = linked_list_create(); helper = linked_list_create();
@ -348,16 +348,16 @@ static enumerator_t *create_peer_cfg_enumerator(private_backend_manager_t *this,
id_match_t match_peer_me, match_peer_other; id_match_t match_peer_me, match_peer_other;
ike_cfg_match_t match_ike; ike_cfg_match_t match_ike;
match_entry_t *entry; match_entry_t *entry;
match_peer_me = get_peer_match(my_id, cfg, TRUE); match_peer_me = get_peer_match(my_id, cfg, TRUE);
match_peer_other = get_peer_match(other_id, cfg, FALSE); match_peer_other = get_peer_match(other_id, cfg, FALSE);
match_ike = get_ike_match(cfg->get_ike_cfg(cfg), me, other); match_ike = get_ike_match(cfg->get_ike_cfg(cfg), me, other);
if (match_peer_me && match_peer_other && match_ike) if (match_peer_me && match_peer_other && match_ike)
{ {
DBG2(DBG_CFG, " candidate \"%s\", match: %d/%d/%d (me/other/ike)", DBG2(DBG_CFG, " candidate \"%s\", match: %d/%d/%d (me/other/ike)",
cfg->get_name(cfg), match_peer_me, match_peer_other, match_ike); cfg->get_name(cfg), match_peer_me, match_peer_other, match_ike);
entry = malloc_thing(match_entry_t); entry = malloc_thing(match_entry_t);
entry->match_peer = match_peer_me + match_peer_other; entry->match_peer = match_peer_me + match_peer_other;
entry->match_ike = match_ike; entry->match_ike = match_ike;
@ -367,7 +367,7 @@ static enumerator_t *create_peer_cfg_enumerator(private_backend_manager_t *this,
} }
enumerator->destroy(enumerator); enumerator->destroy(enumerator);
helper->destroy(helper); helper->destroy(helper);
return enumerator_create_filter(configs->create_enumerator(configs), return enumerator_create_filter(configs->create_enumerator(configs),
(void*)peer_enum_filter, configs, (void*)peer_enum_filter, configs,
(void*)peer_enum_filter_destroy); (void*)peer_enum_filter_destroy);
@ -375,13 +375,13 @@ static enumerator_t *create_peer_cfg_enumerator(private_backend_manager_t *this,
/** /**
* implements backend_manager_t.get_peer_cfg_by_name. * implements backend_manager_t.get_peer_cfg_by_name.
*/ */
static peer_cfg_t *get_peer_cfg_by_name(private_backend_manager_t *this, char *name) static peer_cfg_t *get_peer_cfg_by_name(private_backend_manager_t *this, char *name)
{ {
backend_t *backend; backend_t *backend;
peer_cfg_t *config = NULL; peer_cfg_t *config = NULL;
enumerator_t *enumerator; enumerator_t *enumerator;
this->lock->read_lock(this->lock); this->lock->read_lock(this->lock);
enumerator = this->backends->create_enumerator(this->backends); enumerator = this->backends->create_enumerator(this->backends);
while (config == NULL && enumerator->enumerate(enumerator, (void**)&backend)) while (config == NULL && enumerator->enumerate(enumerator, (void**)&backend))
@ -429,17 +429,17 @@ static void destroy(private_backend_manager_t *this)
backend_manager_t *backend_manager_create() backend_manager_t *backend_manager_create()
{ {
private_backend_manager_t *this = malloc_thing(private_backend_manager_t); private_backend_manager_t *this = malloc_thing(private_backend_manager_t);
this->public.get_ike_cfg = (ike_cfg_t* (*)(backend_manager_t*, host_t*, host_t*))get_ike_cfg; this->public.get_ike_cfg = (ike_cfg_t* (*)(backend_manager_t*, host_t*, host_t*))get_ike_cfg;
this->public.get_peer_cfg_by_name = (peer_cfg_t* (*)(backend_manager_t*,char*))get_peer_cfg_by_name; this->public.get_peer_cfg_by_name = (peer_cfg_t* (*)(backend_manager_t*,char*))get_peer_cfg_by_name;
this->public.create_peer_cfg_enumerator = (enumerator_t* (*)(backend_manager_t*,host_t*,host_t*,identification_t*,identification_t*))create_peer_cfg_enumerator; this->public.create_peer_cfg_enumerator = (enumerator_t* (*)(backend_manager_t*,host_t*,host_t*,identification_t*,identification_t*))create_peer_cfg_enumerator;
this->public.add_backend = (void(*)(backend_manager_t*, backend_t *backend))add_backend; this->public.add_backend = (void(*)(backend_manager_t*, backend_t *backend))add_backend;
this->public.remove_backend = (void(*)(backend_manager_t*, backend_t *backend))remove_backend; this->public.remove_backend = (void(*)(backend_manager_t*, backend_t *backend))remove_backend;
this->public.destroy = (void (*)(backend_manager_t*))destroy; this->public.destroy = (void (*)(backend_manager_t*))destroy;
this->backends = linked_list_create(); this->backends = linked_list_create();
this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT); this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT);
return &this->public; return &this->public;
} }

14
src/charon/config/backend_manager.h
View File

@ -46,11 +46,11 @@ typedef struct backend_manager_t backend_manager_t;
| |----->| | +--------------+ | | |----->| | +--------------+ |
| | | | | | | | | |
+---------+ +-----------+ | +---------+ +-----------+ |
@endverbatim @endverbatim
*/ */
struct backend_manager_t { struct backend_manager_t {
/** /**
* Get an ike_config identified by two hosts. * Get an ike_config identified by two hosts.
* *
@ -58,9 +58,9 @@ struct backend_manager_t {
* @param other_host address of remote host * @param other_host address of remote host
* @return matching ike_config, or NULL if none found * @return matching ike_config, or NULL if none found
*/ */
ike_cfg_t* (*get_ike_cfg)(backend_manager_t *this, ike_cfg_t* (*get_ike_cfg)(backend_manager_t *this,
host_t *my_host, host_t *other_host); host_t *my_host, host_t *other_host);
/** /**
* Get a peer_config identified by it's name. * Get a peer_config identified by it's name.
* *
@ -68,7 +68,7 @@ struct backend_manager_t {
* @return matching peer_config, or NULL if none found * @return matching peer_config, or NULL if none found
*/ */
peer_cfg_t* (*get_peer_cfg_by_name)(backend_manager_t *this, char *name); peer_cfg_t* (*get_peer_cfg_by_name)(backend_manager_t *this, char *name);
/** /**
* Create an enumerator over all matching peer configs. * Create an enumerator over all matching peer configs.
* *
@ -90,14 +90,14 @@ struct backend_manager_t {
* @param backend backend to register * @param backend backend to register
*/ */
void (*add_backend)(backend_manager_t *this, backend_t *backend); void (*add_backend)(backend_manager_t *this, backend_t *backend);
/** /**
* Unregister a backend. * Unregister a backend.
* *
* @param backend backend to unregister * @param backend backend to unregister
*/ */
void (*remove_backend)(backend_manager_t *this, backend_t *backend); void (*remove_backend)(backend_manager_t *this, backend_t *backend);
/** /**
* Destroys a backend_manager_t object. * Destroys a backend_manager_t object.
*/ */

58
src/charon/config/child_cfg.c
View File

@ -25,7 +25,7 @@ ENUM(action_names, ACTION_NONE, ACTION_RESTART,
"restart", "restart",
); );
ENUM_BEGIN(ipcomp_transform_names, IPCOMP_NONE, IPCOMP_NONE, ENUM_BEGIN(ipcomp_transform_names, IPCOMP_NONE, IPCOMP_NONE,
"IPCOMP_NONE"); "IPCOMP_NONE");
ENUM_NEXT(ipcomp_transform_names, IPCOMP_OUI, IPCOMP_LZJH, IPCOMP_NONE, ENUM_NEXT(ipcomp_transform_names, IPCOMP_OUI, IPCOMP_LZJH, IPCOMP_NONE,
"IPCOMP_OUI", "IPCOMP_OUI",
@ -45,62 +45,62 @@ struct private_child_cfg_t {
* Public part * Public part
*/ */
child_cfg_t public; child_cfg_t public;
/** /**
* Number of references hold by others to this child_cfg * Number of references hold by others to this child_cfg
*/ */
refcount_t refcount; refcount_t refcount;
/** /**
* Name of the child_cfg, used to query it * Name of the child_cfg, used to query it
*/ */
char *name; char *name;
/** /**
* list for all proposals * list for all proposals
*/ */
linked_list_t *proposals; linked_list_t *proposals;
/** /**
* list for traffic selectors for my site * list for traffic selectors for my site
*/ */
linked_list_t *my_ts; linked_list_t *my_ts;
/** /**
* list for traffic selectors for others site * list for traffic selectors for others site
*/ */
linked_list_t *other_ts; linked_list_t *other_ts;
/** /**
* updown script * updown script
*/ */
char *updown; char *updown;
/** /**
* allow host access * allow host access
*/ */
bool hostaccess; bool hostaccess;
/** /**
* Mode to propose for a initiated CHILD: tunnel/transport * Mode to propose for a initiated CHILD: tunnel/transport
*/ */
ipsec_mode_t mode; ipsec_mode_t mode;
/** /**
* action to take on DPD * action to take on DPD
*/ */
action_t dpd_action; action_t dpd_action;
/** /**
* action to take on CHILD_SA close * action to take on CHILD_SA close
*/ */
action_t close_action; action_t close_action;
/** /**
* CHILD_SA lifetime config * CHILD_SA lifetime config
*/ */
lifetime_cfg_t lifetime; lifetime_cfg_t lifetime;
/** /**
* enable IPComp * enable IPComp
*/ */
@ -141,7 +141,7 @@ static linked_list_t* get_proposals(private_child_cfg_t *this, bool strip_dh)
enumerator_t *enumerator; enumerator_t *enumerator;
proposal_t *current; proposal_t *current;
linked_list_t *proposals = linked_list_create(); linked_list_t *proposals = linked_list_create();
enumerator = this->proposals->create_enumerator(this->proposals); enumerator = this->proposals->create_enumerator(this->proposals);
while (enumerator->enumerate(enumerator, &current)) while (enumerator->enumerate(enumerator, &current))
{ {
@ -153,7 +153,7 @@ static linked_list_t* get_proposals(private_child_cfg_t *this, bool strip_dh)
proposals->insert_last(proposals, current); proposals->insert_last(proposals, current);
} }
enumerator->destroy(enumerator); enumerator->destroy(enumerator);
return proposals; return proposals;
} }
@ -165,10 +165,10 @@ static proposal_t* select_proposal(private_child_cfg_t*this,
{ {
enumerator_t *stored_enum, *supplied_enum; enumerator_t *stored_enum, *supplied_enum;
proposal_t *stored, *supplied, *selected = NULL; proposal_t *stored, *supplied, *selected = NULL;
stored_enum = this->proposals->create_enumerator(this->proposals); stored_enum = this->proposals->create_enumerator(this->proposals);
supplied_enum = proposals->create_enumerator(proposals); supplied_enum = proposals->create_enumerator(proposals);
/* compare all stored proposals with all supplied. Stored ones are preferred. */ /* compare all stored proposals with all supplied. Stored ones are preferred. */
while (stored_enum->enumerate(stored_enum, &stored)) while (stored_enum->enumerate(stored_enum, &stored))
{ {
@ -194,7 +194,7 @@ static proposal_t* select_proposal(private_child_cfg_t*this,
break; break;
} }
supplied_enum->destroy(supplied_enum); supplied_enum->destroy(supplied_enum);
supplied_enum = proposals->create_enumerator(proposals); supplied_enum = proposals->create_enumerator(proposals);
} }
stored_enum->destroy(stored_enum); stored_enum->destroy(stored_enum);
supplied_enum->destroy(supplied_enum); supplied_enum->destroy(supplied_enum);
@ -232,7 +232,7 @@ static linked_list_t* get_traffic_selectors(private_child_cfg_t *this, bool loca
enumerator_t *e1, *e2; enumerator_t *e1, *e2;
traffic_selector_t *ts1, *ts2, *selected; traffic_selector_t *ts1, *ts2, *selected;
linked_list_t *result = linked_list_create(); linked_list_t *result = linked_list_create();
if (local) if (local)
{ {
e1 = this->my_ts->create_enumerator(this->my_ts); e1 = this->my_ts->create_enumerator(this->my_ts);
@ -241,11 +241,11 @@ static linked_list_t* get_traffic_selectors(private_child_cfg_t *this, bool loca
{ {
e1 = this->other_ts->create_enumerator(this->other_ts); e1 = this->other_ts->create_enumerator(this->other_ts);
} }
/* no list supplied, just fetch the stored traffic selectors */ /* no list supplied, just fetch the stored traffic selectors */
if (supplied == NULL) if (supplied == NULL)
{ {
DBG2(DBG_CFG, "proposing traffic selectors for %s:", DBG2(DBG_CFG, "proposing traffic selectors for %s:",
local ? "us" : "other"); local ? "us" : "other");
while (e1->enumerate(e1, &ts1)) while (e1->enumerate(e1, &ts1))
{ {
@ -262,7 +262,7 @@ static linked_list_t* get_traffic_selectors(private_child_cfg_t *this, bool loca
} }
else else
{ {
DBG2(DBG_CFG, "selecting traffic selectors for %s:", DBG2(DBG_CFG, "selecting traffic selectors for %s:",
local ? "us" : "other"); local ? "us" : "other");
e2 = supplied->create_enumerator(supplied); e2 = supplied->create_enumerator(supplied);
/* iterate over all stored selectors */ /* iterate over all stored selectors */
@ -274,7 +274,7 @@ static linked_list_t* get_traffic_selectors(private_child_cfg_t *this, bool loca
{ {
ts1->set_address(ts1, host); ts1->set_address(ts1, host);
} }
/* iterate over all supplied traffic selectors */ /* iterate over all supplied traffic selectors */
while (e2->enumerate(e2, &ts2)) while (e2->enumerate(e2, &ts2))
{ {
@ -298,7 +298,7 @@ static linked_list_t* get_traffic_selectors(private_child_cfg_t *this, bool loca
e1->destroy(e1); e1->destroy(e1);
e2->destroy(e2); e2->destroy(e2);
} }
/* remove any redundant traffic selectors in the list */ /* remove any redundant traffic selectors in the list */
e1 = result->create_enumerator(result); e1 = result->create_enumerator(result);
e2 = result->create_enumerator(result); e2 = result->create_enumerator(result);
@ -329,7 +329,7 @@ static linked_list_t* get_traffic_selectors(private_child_cfg_t *this, bool loca
} }
e1->destroy(e1); e1->destroy(e1);
e2->destroy(e2); e2->destroy(e2);
return result; return result;
} }
@ -410,7 +410,7 @@ static diffie_hellman_group_t get_dh_group(private_child_cfg_t *this)
enumerator_t *enumerator; enumerator_t *enumerator;
proposal_t *proposal; proposal_t *proposal;
u_int16_t dh_group = MODP_NONE; u_int16_t dh_group = MODP_NONE;
enumerator = this->proposals->create_enumerator(this->proposals); enumerator = this->proposals->create_enumerator(this->proposals);
while (enumerator->enumerate(enumerator, &proposal)) while (enumerator->enumerate(enumerator, &proposal))
{ {
@ -514,16 +514,16 @@ child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime,
this->public.install_policy = (bool (*) (child_cfg_t *))install_policy; this->public.install_policy = (bool (*) (child_cfg_t *))install_policy;
this->public.get_ref = (child_cfg_t* (*) (child_cfg_t*))get_ref; this->public.get_ref = (child_cfg_t* (*) (child_cfg_t*))get_ref;
this->public.destroy = (void (*) (child_cfg_t*))destroy; this->public.destroy = (void (*) (child_cfg_t*))destroy;
this->name = strdup(name); this->name = strdup(name);
this->updown = updown ? strdup(updown) : NULL; this->updown = updown ? strdup(updown) : NULL;
this->hostaccess = hostaccess; this->hostaccess = hostaccess;
this->mode = mode; this->mode = mode;
this->dpd_action = dpd_action; this->dpd_action = dpd_action;
this->close_action = close_action; this->close_action = close_action;
this->use_ipcomp = ipcomp; this->use_ipcomp = ipcomp;
this->proxy_mode = FALSE; this->proxy_mode = FALSE;
this->install_policy = TRUE; this->install_policy = TRUE;
this->refcount = 1; this->refcount = 1;
this->proposals = linked_list_create(); this->proposals = linked_list_create();
this->my_ts = linked_list_create(); this->my_ts = linked_list_create();

76
src/charon/config/child_cfg.h
View File

@ -88,68 +88,68 @@ struct lifetime_cfg_t {
* After creation, proposals and traffic selectors may be added to the config. * After creation, proposals and traffic selectors may be added to the config.
* A child_cfg object is referenced multiple times, and is not thread save. * A child_cfg object is referenced multiple times, and is not thread save.
* Reading from the object is save, adding things is not allowed while other * Reading from the object is save, adding things is not allowed while other
* threads may access the object. * threads may access the object.
* A reference counter handles the number of references hold to this config. * A reference counter handles the number of references hold to this config.
* *
* @see peer_cfg_t to get an overview over the configurations. * @see peer_cfg_t to get an overview over the configurations.
*/ */
struct child_cfg_t { struct child_cfg_t {
/** /**
* Get the name of the child_cfg. * Get the name of the child_cfg.
* *
* @return child_cfg's name * @return child_cfg's name
*/ */
char *(*get_name) (child_cfg_t *this); char *(*get_name) (child_cfg_t *this);
/** /**
* Add a proposal to the list. * Add a proposal to the list.
* *
* The proposals are stored by priority, first added * The proposals are stored by priority, first added
* is the most prefered. * is the most prefered.
* After add, proposal is owned by child_cfg. * After add, proposal is owned by child_cfg.
* *
* @param proposal proposal to add * @param proposal proposal to add
*/ */
void (*add_proposal) (child_cfg_t *this, proposal_t *proposal); void (*add_proposal) (child_cfg_t *this, proposal_t *proposal);
/** /**
* Get the list of proposals for the CHILD_SA. * Get the list of proposals for the CHILD_SA.
* *
* Resulting list and all of its proposals must be freed after use. * Resulting list and all of its proposals must be freed after use.
* *
* @param strip_dh TRUE strip out diffie hellman groups * @param strip_dh TRUE strip out diffie hellman groups
* @return list of proposals * @return list of proposals
*/ */
linked_list_t* (*get_proposals)(child_cfg_t *this, bool strip_dh); linked_list_t* (*get_proposals)(child_cfg_t *this, bool strip_dh);
/** /**
* Select a proposal from a supplied list. * Select a proposal from a supplied list.
* *
* Returned propsal is newly created and must be destroyed after usage. * Returned propsal is newly created and must be destroyed after usage.
* *
* @param proposals list from from wich proposals are selected * @param proposals list from from wich proposals are selected
* @param strip_dh TRUE strip out diffie hellman groups * @param strip_dh TRUE strip out diffie hellman groups
* @return selected proposal, or NULL if nothing matches * @return selected proposal, or NULL if nothing matches
*/ */
proposal_t* (*select_proposal)(child_cfg_t*this, linked_list_t *proposals, proposal_t* (*select_proposal)(child_cfg_t*this, linked_list_t *proposals,
bool strip_dh); bool strip_dh);
/** /**
* Add a traffic selector to the config. * Add a traffic selector to the config.
* *
* Use the "local" parameter to add it for the local or the remote side. * Use the "local" parameter to add it for the local or the remote side.
* After add, traffic selector is owned by child_cfg. * After add, traffic selector is owned by child_cfg.
* *
* @param local TRUE for local side, FALSE for remote * @param local TRUE for local side, FALSE for remote
* @param ts traffic_selector to add * @param ts traffic_selector to add
*/ */
void (*add_traffic_selector)(child_cfg_t *this, bool local, void (*add_traffic_selector)(child_cfg_t *this, bool local,
traffic_selector_t *ts); traffic_selector_t *ts);
/** /**
* Get a list of traffic selectors to use for the CHILD_SA. * Get a list of traffic selectors to use for the CHILD_SA.
* *
* The config contains two set of traffic selectors, one for the local * The config contains two set of traffic selectors, one for the local
* side, one for the remote side. * side, one for the remote side.
* If a list with traffic selectors is supplied, these are used to narrow * If a list with traffic selectors is supplied, these are used to narrow
@ -158,7 +158,7 @@ struct child_cfg_t {
* to a specific address (host-to-host or virtual-IP setups). Use * to a specific address (host-to-host or virtual-IP setups). Use
* the "host" parameter to narrow such traffic selectors to that address. * the "host" parameter to narrow such traffic selectors to that address.
* Resulted list and its traffic selectors must be destroyed after use. * Resulted list and its traffic selectors must be destroyed after use.
* *
* @param local TRUE for TS on local side, FALSE for remote * @param local TRUE for TS on local side, FALSE for remote
* @param supplied list with TS to select from, or NULL * @param supplied list with TS to select from, or NULL
* @param host address to use for narrowing "dynamic" TS', or NULL * @param host address to use for narrowing "dynamic" TS', or NULL
@ -169,14 +169,14 @@ struct child_cfg_t {
host_t *host); host_t *host);
/** /**
* Get the updown script to run for the CHILD_SA. * Get the updown script to run for the CHILD_SA.
* *
* @return path to updown script * @return path to updown script
*/ */
char* (*get_updown)(child_cfg_t *this); char* (*get_updown)(child_cfg_t *this);
/** /**
* Should we allow access to the local host (gateway)? * Should we allow access to the local host (gateway)?
* *
* @return value of hostaccess flag * @return value of hostaccess flag
*/ */
bool (*get_hostaccess) (child_cfg_t *this); bool (*get_hostaccess) (child_cfg_t *this);
@ -190,41 +190,41 @@ struct child_cfg_t {
* @return lifetime_cfg_t (has to be freed) * @return lifetime_cfg_t (has to be freed)
*/ */
lifetime_cfg_t* (*get_lifetime) (child_cfg_t *this); lifetime_cfg_t* (*get_lifetime) (child_cfg_t *this);
/** /**
* Get the mode to use for the CHILD_SA. * Get the mode to use for the CHILD_SA.
* *
* The mode is either tunnel, transport or BEET. The peer must agree * The mode is either tunnel, transport or BEET. The peer must agree
* on the method, fallback is tunnel mode. * on the method, fallback is tunnel mode.
* *
* @return ipsec mode * @return ipsec mode
*/ */
ipsec_mode_t (*get_mode) (child_cfg_t *this); ipsec_mode_t (*get_mode) (child_cfg_t *this);
/** /**
* Action to take on DPD. * Action to take on DPD.
* *
* @return DPD action * @return DPD action
*/ */
action_t (*get_dpd_action) (child_cfg_t *this); action_t (*get_dpd_action) (child_cfg_t *this);
/** /**
* Action to take if CHILD_SA gets closed. * Action to take if CHILD_SA gets closed.
* *
* @return close action * @return close action
*/ */
action_t (*get_close_action) (child_cfg_t *this); action_t (*get_close_action) (child_cfg_t *this);
/** /**
* Get the DH group to use for CHILD_SA setup. * Get the DH group to use for CHILD_SA setup.
* *
* @return dh group to use * @return dh group to use
*/ */
diffie_hellman_group_t (*get_dh_group)(child_cfg_t *this); diffie_hellman_group_t (*get_dh_group)(child_cfg_t *this);
/** /**
* Check whether IPComp should be used, if the other peer supports it. * Check whether IPComp should be used, if the other peer supports it.
* *
* @return TRUE, if IPComp should be used * @return TRUE, if IPComp should be used
* FALSE, otherwise * FALSE, otherwise
*/ */
@ -232,7 +232,7 @@ struct child_cfg_t {
/** /**
* Sets two options needed for Mobile IPv6 interoperability * Sets two options needed for Mobile IPv6 interoperability
* *
* @param proxy_mode use IPsec transport proxy mode (default FALSE) * @param proxy_mode use IPsec transport proxy mode (default FALSE)
* @param install_policy install IPsec kernel policies (default TRUE) * @param install_policy install IPsec kernel policies (default TRUE)
*/ */
@ -241,27 +241,27 @@ struct child_cfg_t {
/** /**
* Check whether IPsec transport SA should be set up in proxy mode * Check whether IPsec transport SA should be set up in proxy mode
* *
* @return TRUE, if proxy mode should be used * @return TRUE, if proxy mode should be used
* FALSE, otherwise * FALSE, otherwise
*/ */
bool (*use_proxy_mode)(child_cfg_t *this); bool (*use_proxy_mode)(child_cfg_t *this);
/** /**
* Check whether IPsec policies should be installed in the kernel * Check whether IPsec policies should be installed in the kernel
* *
* @return TRUE, if IPsec kernel policies should be installed * @return TRUE, if IPsec kernel policies should be installed
* FALSE, otherwise * FALSE, otherwise
*/ */
bool (*install_policy)(child_cfg_t *this); bool (*install_policy)(child_cfg_t *this);
/** /**
* Increase the reference count. * Increase the reference count.
* *
* @return reference to this * @return reference to this
*/ */
child_cfg_t* (*get_ref) (child_cfg_t *this); child_cfg_t* (*get_ref) (child_cfg_t *this);
/** /**
* Destroys the child_cfg object. * Destroys the child_cfg object.
* *
@ -273,7 +273,7 @@ struct child_cfg_t {
/** /**
* Create a configuration template for CHILD_SA setup. * Create a configuration template for CHILD_SA setup.
* *
* The "name" string gets cloned. * The "name" string gets cloned.
* *
* The lifetime_cfg_t object gets cloned. * The lifetime_cfg_t object gets cloned.
@ -281,7 +281,7 @@ struct child_cfg_t {
* specified. Rekeying of an SA starts at (x.rekey - random(0, x.jitter)). * specified. Rekeying of an SA starts at (x.rekey - random(0, x.jitter)).
* *
* After a call to create, a reference is obtained (refcount = 1). * After a call to create, a reference is obtained (refcount = 1).
* *
* @param name name of the child_cfg * @param name name of the child_cfg
* @param lifetime lifetime_cfg_t for this child_cfg * @param lifetime lifetime_cfg_t for this child_cfg
* @param updown updown script to execute on up/down event * @param updown updown script to execute on up/down event

38
src/charon/config/ike_cfg.c
View File

@ -32,7 +32,7 @@ struct private_ike_cfg_t {
* Public part * Public part
*/ */
ike_cfg_t public; ike_cfg_t public;
/** /**
* Number of references hold by others to this ike_cfg * Number of references hold by others to this ike_cfg
*/ */
@ -45,19 +45,19 @@ struct private_ike_cfg_t {
/** /**
* Address of remote host * Address of remote host
*/ */
char *other; char *other;
/** /**
* should we send a certificate request? * should we send a certificate request?
*/ */
bool certreq; bool certreq;
/** /**
* enforce UDP encapsulation * enforce UDP encapsulation
*/ */
bool force_encap; bool force_encap;
/** /**
* List of proposals to use * List of proposals to use
*/ */
@ -71,7 +71,7 @@ static bool send_certreq(private_ike_cfg_t *this)
{ {
return this->certreq; return this->certreq;
} }
/** /**
* Implementation of ike_cfg_t.force_encap. * Implementation of ike_cfg_t.force_encap.
*/ */
@ -112,7 +112,7 @@ static linked_list_t* get_proposals(private_ike_cfg_t *this)
iterator_t *iterator; iterator_t *iterator;
proposal_t *current; proposal_t *current;
linked_list_t *proposals = linked_list_create(); linked_list_t *proposals = linked_list_create();
iterator = this->proposals->create_iterator(this->proposals, TRUE); iterator = this->proposals->create_iterator(this->proposals, TRUE);
while (iterator->iterate(iterator, (void**)&current)) while (iterator->iterate(iterator, (void**)&current))
{ {
@ -120,10 +120,10 @@ static linked_list_t* get_proposals(private_ike_cfg_t *this)
proposals->insert_last(proposals, (void*)current); proposals->insert_last(proposals, (void*)current);
} }
iterator->destroy(iterator); iterator->destroy(iterator);
return proposals; return proposals;
} }
/** /**
* Implementation of ike_cfg_t.select_proposal. * Implementation of ike_cfg_t.select_proposal.
*/ */
@ -132,16 +132,16 @@ static proposal_t *select_proposal(private_ike_cfg_t *this,
{ {
iterator_t *stored_iter, *supplied_iter; iterator_t *stored_iter, *supplied_iter;
proposal_t *stored, *supplied, *selected; proposal_t *stored, *supplied, *selected;
stored_iter = this->proposals->create_iterator(this->proposals, TRUE); stored_iter = this->proposals->create_iterator(this->proposals, TRUE);
supplied_iter = proposals->create_iterator(proposals, TRUE); supplied_iter = proposals->create_iterator(proposals, TRUE);
/* compare all stored proposals with all supplied. Stored ones are preferred.*/ /* compare all stored proposals with all supplied. Stored ones are preferred.*/
while (stored_iter->iterate(stored_iter, (void**)&stored)) while (stored_iter->iterate(stored_iter, (void**)&stored))
{ {
supplied_iter->reset(supplied_iter); supplied_iter->reset(supplied_iter);
while (supplied_iter->iterate(supplied_iter, (void**)&supplied)) while (supplied_iter->iterate(supplied_iter, (void**)&supplied))
{ {
selected = stored->select(stored, supplied); selected = stored->select(stored, supplied);
@ -162,7 +162,7 @@ static proposal_t *select_proposal(private_ike_cfg_t *this,
supplied_iter->destroy(supplied_iter); supplied_iter->destroy(supplied_iter);
DBG1(DBG_CFG, "received proposals: %#P", proposals); DBG1(DBG_CFG, "received proposals: %#P", proposals);
DBG1(DBG_CFG, "configured proposals: %#P", this->proposals); DBG1(DBG_CFG, "configured proposals: %#P", this->proposals);
return NULL; return NULL;
} }
@ -174,7 +174,7 @@ static diffie_hellman_group_t get_dh_group(private_ike_cfg_t *this)
enumerator_t *enumerator; enumerator_t *enumerator;
proposal_t *proposal; proposal_t *proposal;
u_int16_t dh_group = MODP_NONE; u_int16_t dh_group = MODP_NONE;
enumerator = this->proposals->create_enumerator(this->proposals); enumerator = this->proposals->create_enumerator(this->proposals);
while (enumerator->enumerate(enumerator, &proposal)) while (enumerator->enumerate(enumerator, &proposal))
{ {
@ -195,7 +195,7 @@ static bool equals(private_ike_cfg_t *this, private_ike_cfg_t *other)
enumerator_t *e1, *e2; enumerator_t *e1, *e2;
proposal_t *p1, *p2; proposal_t *p1, *p2;
bool eq = TRUE; bool eq = TRUE;
if (this == other) if (this == other)
{ {
return TRUE; return TRUE;
@ -260,7 +260,7 @@ ike_cfg_t *ike_cfg_create(bool certreq, bool force_encap,
char *me, char *other) char *me, char *other)
{ {
private_ike_cfg_t *this = malloc_thing(private_ike_cfg_t); private_ike_cfg_t *this = malloc_thing(private_ike_cfg_t);
/* public functions */ /* public functions */
this->public.send_certreq = (bool(*)(ike_cfg_t*))send_certreq; this->public.send_certreq = (bool(*)(ike_cfg_t*))send_certreq;
this->public.force_encap = (bool (*) (ike_cfg_t *))force_encap_meth; this->public.force_encap = (bool (*) (ike_cfg_t *))force_encap_meth;
@ -273,7 +273,7 @@ ike_cfg_t *ike_cfg_create(bool certreq, bool force_encap,
this->public.equals = (bool(*)(ike_cfg_t*,ike_cfg_t*)) equals; this->public.equals = (bool(*)(ike_cfg_t*,ike_cfg_t*)) equals;
this->public.get_ref = (ike_cfg_t*(*)(ike_cfg_t*))get_ref; this->public.get_ref = (ike_cfg_t*(*)(ike_cfg_t*))get_ref;
this->public.destroy = (void(*)(ike_cfg_t*))destroy; this->public.destroy = (void(*)(ike_cfg_t*))destroy;
/* private variables */ /* private variables */
this->refcount = 1; this->refcount = 1;
this->certreq = certreq; this->certreq = certreq;
@ -281,6 +281,6 @@ ike_cfg_t *ike_cfg_create(bool certreq, bool force_encap,
this->me = strdup(me); this->me = strdup(me);
this->other = strdup(other); this->other = strdup(other);
this->proposals = linked_list_create(); this->proposals = linked_list_create();
return &this->public; return &this->public;
} }

44
src/charon/config/ike_cfg.h
View File

@ -37,71 +37,71 @@ typedef struct ike_cfg_t ike_cfg_t;
* @see peer_cfg_t to get an overview over the configurations. * @see peer_cfg_t to get an overview over the configurations.
*/ */
struct ike_cfg_t { struct ike_cfg_t {
/** /**
* Get own address. * Get own address.
* *
* @return string of address/DNS name * @return string of address/DNS name
*/ */
char* (*get_my_addr) (ike_cfg_t *this); char* (*get_my_addr) (ike_cfg_t *this);
/** /**
* Get peers address. * Get peers address.
* *
* @return string of address/DNS name * @return string of address/DNS name
*/ */
char* (*get_other_addr) (ike_cfg_t *this); char* (*get_other_addr) (ike_cfg_t *this);
/** /**
* Adds a proposal to the list. * Adds a proposal to the list.
* *
* The first added proposal has the highest priority, the last * The first added proposal has the highest priority, the last
* added the lowest. * added the lowest.
* *
* @param proposal proposal to add * @param proposal proposal to add
*/ */
void (*add_proposal) (ike_cfg_t *this, proposal_t *proposal); void (*add_proposal) (ike_cfg_t *this, proposal_t *proposal);
/** /**
* Returns a list of all supported proposals. * Returns a list of all supported proposals.
* *
* Returned list and its proposals must be destroyed after use. * Returned list and its proposals must be destroyed after use.
* *
* @return list containing all the proposals * @return list containing all the proposals
*/ */
linked_list_t* (*get_proposals) (ike_cfg_t *this); linked_list_t* (*get_proposals) (ike_cfg_t *this);
/** /**
* Select a proposed from suggested proposals. * Select a proposed from suggested proposals.
* *
* Returned proposal must be destroyed after use. * Returned proposal must be destroyed after use.
* *
* @param proposals list of proposals to select from * @param proposals list of proposals to select from
* @return selected proposal, or NULL if none matches. * @return selected proposal, or NULL if none matches.
*/ */
proposal_t *(*select_proposal) (ike_cfg_t *this, linked_list_t *proposals); proposal_t *(*select_proposal) (ike_cfg_t *this, linked_list_t *proposals);
/** /**
* Should we send a certificate request in IKE_SA_INIT? * Should we send a certificate request in IKE_SA_INIT?
* *
* @return certificate request sending policy * @return certificate request sending policy
*/ */
bool (*send_certreq) (ike_cfg_t *this); bool (*send_certreq) (ike_cfg_t *this);
/** /**
* Enforce UDP encapsulation by faking NATD notifies? * Enforce UDP encapsulation by faking NATD notifies?
* *
* @return TRUE to enfoce UDP encapsulation * @return TRUE to enfoce UDP encapsulation
*/ */
bool (*force_encap) (ike_cfg_t *this); bool (*force_encap) (ike_cfg_t *this);
/** /**
* Get the DH group to use for IKE_SA setup. * Get the DH group to use for IKE_SA setup.
* *
* @return dh group to use for initialization * @return dh group to use for initialization
*/ */
diffie_hellman_group_t (*get_dh_group)(ike_cfg_t *this); diffie_hellman_group_t (*get_dh_group)(ike_cfg_t *this);
/** /**
* Check if two IKE configs are equal. * Check if two IKE configs are equal.
* *
@ -109,17 +109,17 @@ struct ike_cfg_t {
* @return TRUE if other equal to this * @return TRUE if other equal to this
*/ */
bool (*equals)(ike_cfg_t *this, ike_cfg_t *other); bool (*equals)(ike_cfg_t *this, ike_cfg_t *other);
/** /**
* Increase reference count. * Increase reference count.
* *
* @return reference to this * @return reference to this
*/ */
ike_cfg_t* (*get_ref) (ike_cfg_t *this); ike_cfg_t* (*get_ref) (ike_cfg_t *this);
/** /**
* Destroys a ike_cfg_t object. * Destroys a ike_cfg_t object.
* *
* Decrements the internal reference counter and * Decrements the internal reference counter and
* destroys the ike_cfg when it reaches zero. * destroys the ike_cfg when it reaches zero.
*/ */
@ -137,7 +137,7 @@ struct ike_cfg_t {
* @param other address/DNS name of remote peer * @param other address/DNS name of remote peer
* @return ike_cfg_t object. * @return ike_cfg_t object.
*/ */
ike_cfg_t *ike_cfg_create(bool certreq, bool force_encap, ike_cfg_t *ike_cfg_create(bool certreq, bool force_encap,
char *me, char *other); char *me, char *other);
#endif /** IKE_CFG_H_ @}*/ #endif /** IKE_CFG_H_ @}*/

80
src/charon/config/peer_cfg.c
View File

@ -48,113 +48,113 @@ struct private_peer_cfg_t {
* Public part * Public part
*/ */
peer_cfg_t public; peer_cfg_t public;
/** /**
* Number of references hold by others to this peer_cfg * Number of references hold by others to this peer_cfg
*/ */
refcount_t refcount; refcount_t refcount;
/** /**
* Name of the peer_cfg, used to query it * Name of the peer_cfg, used to query it
*/ */
char *name; char *name;
/** /**
* IKE version to use for initiation * IKE version to use for initiation
*/ */
u_int ike_version; u_int ike_version;
/** /**
* IKE config associated to this peer config * IKE config associated to this peer config
*/ */
ike_cfg_t *ike_cfg; ike_cfg_t *ike_cfg;
/** /**
* list of child configs associated to this peer config * list of child configs associated to this peer config
*/ */
linked_list_t *child_cfgs; linked_list_t *child_cfgs;
/** /**
* mutex to lock access to list of child_cfgs * mutex to lock access to list of child_cfgs
*/ */
mutex_t *mutex; mutex_t *mutex;
/** /**
* should we send a certificate * should we send a certificate
*/ */
cert_policy_t cert_policy; cert_policy_t cert_policy;
/** /**
* uniqueness of an IKE_SA * uniqueness of an IKE_SA
*/ */
unique_policy_t unique; unique_policy_t unique;
/** /**
* number of tries after giving up if peer does not respond * number of tries after giving up if peer does not respond
*/ */
u_int32_t keyingtries; u_int32_t keyingtries;
/** /**
* enable support for MOBIKE * enable support for MOBIKE
*/ */
bool use_mobike; bool use_mobike;
/** /**
* Time before starting rekeying * Time before starting rekeying
*/ */
u_int32_t rekey_time; u_int32_t rekey_time;
/** /**
* Time before starting reauthentication * Time before starting reauthentication
*/ */
u_int32_t reauth_time; u_int32_t reauth_time;
/** /**
* Time, which specifies the range of a random value substracted from above. * Time, which specifies the range of a random value substracted from above.
*/ */
u_int32_t jitter_time; u_int32_t jitter_time;
/** /**
* Delay before deleting a rekeying/reauthenticating SA * Delay before deleting a rekeying/reauthenticating SA
*/ */
u_int32_t over_time; u_int32_t over_time;
/** /**
* DPD check intervall * DPD check intervall
*/ */
u_int32_t dpd; u_int32_t dpd;
/** /**
* virtual IP to use locally * virtual IP to use locally
*/ */
host_t *virtual_ip; host_t *virtual_ip;
/** /**
* pool to acquire configuration attributes from * pool to acquire configuration attributes from
*/ */
char *pool; char *pool;
/** /**
* local authentication configs (rulesets) * local authentication configs (rulesets)
*/ */
linked_list_t *local_auth; linked_list_t *local_auth;
/** /**
* remote authentication configs (constraints) * remote authentication configs (constraints)
*/ */
linked_list_t *remote_auth; linked_list_t *remote_auth;
#ifdef ME #ifdef ME
/** /**
* Is this a mediation connection? * Is this a mediation connection?
*/ */
bool mediation; bool mediation;
/** /**
* Name of the mediation connection to mediate through * Name of the mediation connection to mediate through
*/ */
peer_cfg_t *mediated_by; peer_cfg_t *mediated_by;
/** /**
* ID of our peer at the mediation server (= leftid of the peer's conn with * ID of our peer at the mediation server (= leftid of the peer's conn with
* the mediation server) * the mediation server)
@ -239,12 +239,12 @@ static bool child_cfg_enumerate(child_cfg_enumerator_t *this, child_cfg_t **chd)
static enumerator_t* create_child_cfg_enumerator(private_peer_cfg_t *this) static enumerator_t* create_child_cfg_enumerator(private_peer_cfg_t *this)
{ {
child_cfg_enumerator_t *enumerator = malloc_thing(child_cfg_enumerator_t); child_cfg_enumerator_t *enumerator = malloc_thing(child_cfg_enumerator_t);
enumerator->public.enumerate = (void*)child_cfg_enumerate; enumerator->public.enumerate = (void*)child_cfg_enumerate;
enumerator->public.destroy = (void*)child_cfg_enumerator_destroy; enumerator->public.destroy = (void*)child_cfg_enumerator_destroy;
enumerator->mutex = this->mutex; enumerator->mutex = this->mutex;
enumerator->wrapped = this->child_cfgs->create_enumerator(this->child_cfgs); enumerator->wrapped = this->child_cfgs->create_enumerator(this->child_cfgs);
this->mutex->lock(this->mutex); this->mutex->lock(this->mutex);
return &enumerator->public; return &enumerator->public;
} }
@ -259,13 +259,13 @@ static int get_ts_match(child_cfg_t *cfg, bool local,
enumerator_t *sup_enum, *cfg_enum; enumerator_t *sup_enum, *cfg_enum;
traffic_selector_t *sup_ts, *cfg_ts; traffic_selector_t *sup_ts, *cfg_ts;
int match = 0, round; int match = 0, round;
/* fetch configured TS list, narrowing dynamic TS */ /* fetch configured TS list, narrowing dynamic TS */
cfg_list = cfg->get_traffic_selectors(cfg, local, NULL, host); cfg_list = cfg->get_traffic_selectors(cfg, local, NULL, host);
/* use a round counter to rate leading TS with higher priority */ /* use a round counter to rate leading TS with higher priority */
round = sup_list->get_count(sup_list); round = sup_list->get_count(sup_list);
sup_enum = sup_list->create_enumerator(sup_list); sup_enum = sup_list->create_enumerator(sup_list);
while (sup_enum->enumerate(sup_enum, &sup_ts)) while (sup_enum->enumerate(sup_enum, &sup_ts))
{ {
@ -286,9 +286,9 @@ static int get_ts_match(child_cfg_t *cfg, bool local,
round--; round--;
} }
sup_enum->destroy(sup_enum); sup_enum->destroy(sup_enum);
cfg_list->destroy_offset(cfg_list, offsetof(traffic_selector_t, destroy)); cfg_list->destroy_offset(cfg_list, offsetof(traffic_selector_t, destroy));
return match; return match;
} }
@ -303,16 +303,16 @@ static child_cfg_t* select_child_cfg(private_peer_cfg_t *this,
child_cfg_t *current, *found = NULL; child_cfg_t *current, *found = NULL;
enumerator_t *enumerator; enumerator_t *enumerator;
int best = 0; int best = 0;
DBG2(DBG_CFG, "looking for a child config for %#R=== %#R", my_ts, other_ts); DBG2(DBG_CFG, "looking for a child config for %#R=== %#R", my_ts, other_ts);
enumerator = create_child_cfg_enumerator(this); enumerator = create_child_cfg_enumerator(this);
while (enumerator->enumerate(enumerator, &current)) while (enumerator->enumerate(enumerator, &current))
{ {
int my_prio, other_prio; int my_prio, other_prio;
my_prio = get_ts_match(current, TRUE, my_ts, my_host); my_prio = get_ts_match(current, TRUE, my_ts, my_host);
other_prio = get_ts_match(current, FALSE, other_ts, other_host); other_prio = get_ts_match(current, FALSE, other_ts, other_host);
if (my_prio && other_prio) if (my_prio && other_prio)
{ {
DBG2(DBG_CFG, " candidate \"%s\" with prio %d+%d", DBG2(DBG_CFG, " candidate \"%s\" with prio %d+%d",
@ -421,7 +421,7 @@ static host_t* get_virtual_ip(private_peer_cfg_t *this)
{ {
return this->virtual_ip; return this->virtual_ip;
} }
/** /**
* Implementation of peer_cfg_t.get_pool. * Implementation of peer_cfg_t.get_pool.
*/ */
@ -493,7 +493,7 @@ static bool auth_cfg_equal(private_peer_cfg_t *this, private_peer_cfg_t *other)
enumerator_t *e1, *e2; enumerator_t *e1, *e2;
auth_cfg_t *cfg1, *cfg2; auth_cfg_t *cfg1, *cfg2;
bool equal = TRUE; bool equal = TRUE;
if (this->local_auth->get_count(this->local_auth) != if (this->local_auth->get_count(this->local_auth) !=
other->local_auth->get_count(other->local_auth)) other->local_auth->get_count(other->local_auth))
{ {
@ -504,7 +504,7 @@ static bool auth_cfg_equal(private_peer_cfg_t *this, private_peer_cfg_t *other)
{ {
return FALSE; return FALSE;
} }
e1 = this->local_auth->create_enumerator(this->local_auth); e1 = this->local_auth->create_enumerator(this->local_auth);
e2 = other->local_auth->create_enumerator(other->local_auth); e2 = other->local_auth->create_enumerator(other->local_auth);
while (e1->enumerate(e1, &cfg1) && e2->enumerate(e2, &cfg2)) while (e1->enumerate(e1, &cfg1) && e2->enumerate(e2, &cfg2))
@ -517,12 +517,12 @@ static bool auth_cfg_equal(private_peer_cfg_t *this, private_peer_cfg_t *other)
} }
e1->destroy(e1); e1->destroy(e1);
e2->destroy(e2); e2->destroy(e2);
if (!equal) if (!equal)
{ {
return FALSE; return FALSE;
} }
e1 = this->remote_auth->create_enumerator(this->remote_auth); e1 = this->remote_auth->create_enumerator(this->remote_auth);
e2 = other->remote_auth->create_enumerator(other->remote_auth); e2 = other->remote_auth->create_enumerator(other->remote_auth);
while (e1->enumerate(e1, &cfg1) && e2->enumerate(e2, &cfg2)) while (e1->enumerate(e1, &cfg1) && e2->enumerate(e2, &cfg2))
@ -535,7 +535,7 @@ static bool auth_cfg_equal(private_peer_cfg_t *this, private_peer_cfg_t *other)
} }
e1->destroy(e1); e1->destroy(e1);
e2->destroy(e2); e2->destroy(e2);
return equal; return equal;
} }
@ -552,7 +552,7 @@ static bool equals(private_peer_cfg_t *this, private_peer_cfg_t *other)
{ {
return FALSE; return FALSE;
} }
return ( return (
this->ike_version == other->ike_version && this->ike_version == other->ike_version &&
this->cert_policy == other->cert_policy && this->cert_policy == other->cert_policy &&
@ -657,7 +657,7 @@ peer_cfg_t *peer_cfg_create(char *name, u_int ike_version, ike_cfg_t *ike_cfg,
this->public.get_mediated_by = (peer_cfg_t* (*) (peer_cfg_t *))get_mediated_by; this->public.get_mediated_by = (peer_cfg_t* (*) (peer_cfg_t *))get_mediated_by;
this->public.get_peer_id = (identification_t* (*) (peer_cfg_t *))get_peer_id; this->public.get_peer_id = (identification_t* (*) (peer_cfg_t *))get_peer_id;
#endif /* ME */ #endif /* ME */
/* apply init values */ /* apply init values */
this->name = strdup(name); this->name = strdup(name);
this->ike_version = ike_version; this->ike_version = ike_version;

44
src/charon/config/peer_cfg.h
View File

@ -114,7 +114,7 @@ extern enum_name_t *unique_policy_names;
* to gain access to the configuration. * to gain access to the configuration.
*/ */
struct peer_cfg_t { struct peer_cfg_t {
/** /**
* Get the name of the peer_cfg. * Get the name of the peer_cfg.
* *
@ -123,42 +123,42 @@ struct peer_cfg_t {
* @return peer_cfg's name * @return peer_cfg's name
*/ */
char* (*get_name) (peer_cfg_t *this); char* (*get_name) (peer_cfg_t *this);
/** /**
* Get the IKE version to use for initiating. * Get the IKE version to use for initiating.
* *
* @return IKE major version * @return IKE major version
*/ */
u_int (*get_ike_version)(peer_cfg_t *this); u_int (*get_ike_version)(peer_cfg_t *this);
/** /**
* Get the IKE config to use for initiaton. * Get the IKE config to use for initiaton.
* *
* @return the IKE config to use * @return the IKE config to use
*/ */
ike_cfg_t* (*get_ike_cfg) (peer_cfg_t *this); ike_cfg_t* (*get_ike_cfg) (peer_cfg_t *this);
/** /**
* Attach a CHILD config. * Attach a CHILD config.
* *
* @param child_cfg CHILD config to add * @param child_cfg CHILD config to add
*/ */
void (*add_child_cfg) (peer_cfg_t *this, child_cfg_t *child_cfg); void (*add_child_cfg) (peer_cfg_t *this, child_cfg_t *child_cfg);
/** /**
* Detach a CHILD config, pointed to by an enumerator. * Detach a CHILD config, pointed to by an enumerator.
* *
* @param enumerator enumerator indicating element position * @param enumerator enumerator indicating element position
*/ */
void (*remove_child_cfg)(peer_cfg_t *this, enumerator_t *enumerator); void (*remove_child_cfg)(peer_cfg_t *this, enumerator_t *enumerator);
/** /**
* Create an enumerator for all attached CHILD configs. * Create an enumerator for all attached CHILD configs.
* *
* @return an enumerator over all CHILD configs. * @return an enumerator over all CHILD configs.
*/ */
enumerator_t* (*create_child_cfg_enumerator) (peer_cfg_t *this); enumerator_t* (*create_child_cfg_enumerator) (peer_cfg_t *this);
/** /**
* Select a CHILD config from traffic selectors. * Select a CHILD config from traffic selectors.
* *
@ -171,7 +171,7 @@ struct peer_cfg_t {
child_cfg_t* (*select_child_cfg) (peer_cfg_t *this, linked_list_t *my_ts, child_cfg_t* (*select_child_cfg) (peer_cfg_t *this, linked_list_t *my_ts,
linked_list_t *other_ts, host_t *my_host, linked_list_t *other_ts, host_t *my_host,
host_t *other_host); host_t *other_host);
/** /**
* Add an authentication config to the peer configuration. * Add an authentication config to the peer configuration.
* *
@ -179,7 +179,7 @@ struct peer_cfg_t {
* @param local TRUE for local rules, FALSE for remote constraints * @param local TRUE for local rules, FALSE for remote constraints
*/ */
void (*add_auth_cfg)(peer_cfg_t *this, auth_cfg_t *cfg, bool local); void (*add_auth_cfg)(peer_cfg_t *this, auth_cfg_t *cfg, bool local);
/** /**
* Create an enumerator over registered authentication configs. * Create an enumerator over registered authentication configs.
* *
@ -201,49 +201,49 @@ struct peer_cfg_t {
* @return unique policy * @return unique policy
*/ */
unique_policy_t (*get_unique_policy) (peer_cfg_t *this); unique_policy_t (*get_unique_policy) (peer_cfg_t *this);
/** /**
* Get the max number of retries after timeout. * Get the max number of retries after timeout.
* *
* @return max number retries * @return max number retries
*/ */
u_int32_t (*get_keyingtries) (peer_cfg_t *this); u_int32_t (*get_keyingtries) (peer_cfg_t *this);
/** /**
* Get a time to start rekeying (is randomized with jitter). * Get a time to start rekeying (is randomized with jitter).
* *
* @return time in s when to start rekeying, 0 disables rekeying * @return time in s when to start rekeying, 0 disables rekeying
*/ */
u_int32_t (*get_rekey_time)(peer_cfg_t *this); u_int32_t (*get_rekey_time)(peer_cfg_t *this);
/** /**
* Get a time to start reauthentication (is randomized with jitter). * Get a time to start reauthentication (is randomized with jitter).
* *
* @return time in s when to start reauthentication, 0 disables it * @return time in s when to start reauthentication, 0 disables it
*/ */
u_int32_t (*get_reauth_time)(peer_cfg_t *this); u_int32_t (*get_reauth_time)(peer_cfg_t *this);
/** /**
* Get the timeout of a rekeying/reauthenticating SA. * Get the timeout of a rekeying/reauthenticating SA.
* *
* @return timeout in s * @return timeout in s
*/ */
u_int32_t (*get_over_time)(peer_cfg_t *this); u_int32_t (*get_over_time)(peer_cfg_t *this);
/** /**
* Use MOBIKE (RFC4555) if peer supports it? * Use MOBIKE (RFC4555) if peer supports it?
* *
* @return TRUE to enable MOBIKE support * @return TRUE to enable MOBIKE support
*/ */
bool (*use_mobike) (peer_cfg_t *this); bool (*use_mobike) (peer_cfg_t *this);
/** /**
* Get the DPD check interval. * Get the DPD check interval.
* *
* @return dpd_delay in seconds * @return dpd_delay in seconds
*/ */
u_int32_t (*get_dpd) (peer_cfg_t *this); u_int32_t (*get_dpd) (peer_cfg_t *this);
/** /**
* Get a virtual IP for the local peer. * Get a virtual IP for the local peer.
* *
@ -255,14 +255,14 @@ struct peer_cfg_t {
* @return virtual IP, %any or NULL * @return virtual IP, %any or NULL
*/ */
host_t* (*get_virtual_ip) (peer_cfg_t *this); host_t* (*get_virtual_ip) (peer_cfg_t *this);
/** /**
* Get the name of the pool to acquire configuration attributes from. * Get the name of the pool to acquire configuration attributes from.
* *
* @return pool name, NULL if none defined * @return pool name, NULL if none defined
*/ */
char* (*get_pool)(peer_cfg_t *this); char* (*get_pool)(peer_cfg_t *this);
#ifdef ME #ifdef ME
/** /**
* Is this a mediation connection? * Is this a mediation connection?
@ -270,14 +270,14 @@ struct peer_cfg_t {
* @return TRUE, if this is a mediation connection * @return TRUE, if this is a mediation connection
*/ */
bool (*is_mediation) (peer_cfg_t *this); bool (*is_mediation) (peer_cfg_t *this);
/** /**
* Get peer_cfg of the connection this one is mediated through. * Get peer_cfg of the connection this one is mediated through.
* *
* @return the peer_cfg of the mediation connection * @return the peer_cfg of the mediation connection
*/ */
peer_cfg_t* (*get_mediated_by) (peer_cfg_t *this); peer_cfg_t* (*get_mediated_by) (peer_cfg_t *this);
/** /**
* Get the id of the other peer at the mediation server. * Get the id of the other peer at the mediation server.
* *
@ -300,14 +300,14 @@ struct peer_cfg_t {
* @return TRUE if peer_cfg and ike_cfg are equal * @return TRUE if peer_cfg and ike_cfg are equal
*/ */
bool (*equals)(peer_cfg_t *this, peer_cfg_t *other); bool (*equals)(peer_cfg_t *this, peer_cfg_t *other);
/** /**
* Increase reference count. * Increase reference count.
* *
* @return reference to this * @return reference to this
*/ */
peer_cfg_t* (*get_ref) (peer_cfg_t *this); peer_cfg_t* (*get_ref) (peer_cfg_t *this);
/** /**
* Destroys the peer_cfg object. * Destroys the peer_cfg object.
* *

104
src/charon/config/proposal.c
View File

@ -52,52 +52,52 @@ struct private_proposal_t {
* Public part * Public part
*/ */
proposal_t public; proposal_t public;
/** /**
* protocol (ESP or AH) * protocol (ESP or AH)
*/ */
protocol_id_t protocol; protocol_id_t protocol;
/** /**
* priority ordered list of encryption algorithms * priority ordered list of encryption algorithms
*/ */
linked_list_t *encryption_algos; linked_list_t *encryption_algos;
/** /**
* priority ordered list of integrity algorithms * priority ordered list of integrity algorithms
*/ */
linked_list_t *integrity_algos; linked_list_t *integrity_algos;
/** /**
* priority ordered list of pseudo random functions * priority ordered list of pseudo random functions
*/ */
linked_list_t *prf_algos; linked_list_t *prf_algos;
/** /**
* priority ordered list of dh groups * priority ordered list of dh groups
*/ */
linked_list_t *dh_groups; linked_list_t *dh_groups;
/** /**
* priority ordered list of extended sequence number flags * priority ordered list of extended sequence number flags
*/ */
linked_list_t *esns; linked_list_t *esns;
/** /**
* senders SPI * senders SPI
*/ */
u_int64_t spi; u_int64_t spi;
}; };
/** /**
* Struct used to store different kinds of algorithms. * Struct used to store different kinds of algorithms.
*/ */
struct algorithm_t { struct algorithm_t {
/** /**
* Value from an encryption_algorithm_t/integrity_algorithm_t/... * Value from an encryption_algorithm_t/integrity_algorithm_t/...
*/ */
u_int16_t algorithm; u_int16_t algorithm;
/** /**
* the associated key size in bits, or zero if not needed * the associated key size in bits, or zero if not needed
*/ */
@ -110,7 +110,7 @@ struct algorithm_t {
static void add_algo(linked_list_t *list, u_int16_t algo, u_int16_t key_size) static void add_algo(linked_list_t *list, u_int16_t algo, u_int16_t key_size)
{ {
algorithm_t *algo_key; algorithm_t *algo_key;
algo_key = malloc_thing(algorithm_t); algo_key = malloc_thing(algorithm_t);
algo_key->algorithm = algo; algo_key->algorithm = algo;
algo_key->key_size = key_size; algo_key->key_size = key_size;
@ -200,7 +200,7 @@ static bool get_algorithm(private_proposal_t *this, transform_type_t type,
{ {
enumerator_t *enumerator; enumerator_t *enumerator;
bool found = FALSE; bool found = FALSE;
enumerator = create_enumerator(this, type); enumerator = create_enumerator(this, type);
if (enumerator->enumerate(enumerator, alg, key_size)) if (enumerator->enumerate(enumerator, alg, key_size))
{ {
@ -216,12 +216,12 @@ static bool get_algorithm(private_proposal_t *this, transform_type_t type,
static bool has_dh_group(private_proposal_t *this, diffie_hellman_group_t group) static bool has_dh_group(private_proposal_t *this, diffie_hellman_group_t group)
{ {
bool result = FALSE; bool result = FALSE;
if (this->dh_groups->get_count(this->dh_groups)) if (this->dh_groups->get_count(this->dh_groups))
{ {
algorithm_t *current; algorithm_t *current;
enumerator_t *enumerator; enumerator_t *enumerator;
enumerator = this->dh_groups->create_enumerator(this->dh_groups); enumerator = this->dh_groups->create_enumerator(this->dh_groups);
while (enumerator->enumerate(enumerator, (void**)&current)) while (enumerator->enumerate(enumerator, (void**)&current))
{ {
@ -246,7 +246,7 @@ static bool has_dh_group(private_proposal_t *this, diffie_hellman_group_t group)
static void strip_dh(private_proposal_t *this) static void strip_dh(private_proposal_t *this)
{ {
algorithm_t *alg; algorithm_t *alg;
while (this->dh_groups->remove_last(this->dh_groups, (void**)&alg) == SUCCESS) while (this->dh_groups->remove_last(this->dh_groups, (void**)&alg) == SUCCESS)
{ {
free(alg); free(alg);
@ -282,14 +282,14 @@ static bool select_algo(linked_list_t *first, linked_list_t *second, bool *add,
{ {
enumerator_t *e1, *e2; enumerator_t *e1, *e2;
algorithm_t *alg1, *alg2; algorithm_t *alg1, *alg2;
/* if in both are zero algorithms specified, we HAVE a match */ /* if in both are zero algorithms specified, we HAVE a match */
if (first->get_count(first) == 0 && second->get_count(second) == 0) if (first->get_count(first) == 0 && second->get_count(second) == 0)
{ {
*add = FALSE; *add = FALSE;
return TRUE; return TRUE;
} }
e1 = first->create_enumerator(first); e1 = first->create_enumerator(first);
e2 = second->create_enumerator(second); e2 = second->create_enumerator(second);
/* compare algs, order of algs in "first" is preferred */ /* compare algs, order of algs in "first" is preferred */
@ -327,18 +327,18 @@ static proposal_t *select_proposal(private_proposal_t *this, private_proposal_t
u_int16_t algo; u_int16_t algo;
size_t key_size; size_t key_size;
bool add; bool add;
DBG2(DBG_CFG, "selecting proposal:"); DBG2(DBG_CFG, "selecting proposal:");
/* check protocol */ /* check protocol */
if (this->protocol != other->protocol) if (this->protocol != other->protocol)
{ {
DBG2(DBG_CFG, " protocol mismatch, skipping"); DBG2(DBG_CFG, " protocol mismatch, skipping");
return NULL; return NULL;
} }
selected = proposal_create(this->protocol); selected = proposal_create(this->protocol);
/* select encryption algorithm */ /* select encryption algorithm */
if (select_algo(this->encryption_algos, other->encryption_algos, if (select_algo(this->encryption_algos, other->encryption_algos,
&add, &algo, &key_size)) &add, &algo, &key_size))
@ -359,7 +359,7 @@ static proposal_t *select_proposal(private_proposal_t *this, private_proposal_t
/* select integrity algorithm */ /* select integrity algorithm */
if (!is_authenticated_encryption(algo)) if (!is_authenticated_encryption(algo))
{ {
if (select_algo(this->integrity_algos, other->integrity_algos, if (select_algo(this->integrity_algos, other->integrity_algos,
&add, &algo, &key_size)) &add, &algo, &key_size))
{ {
if (add) if (add)
@ -424,10 +424,10 @@ static proposal_t *select_proposal(private_proposal_t *this, private_proposal_t
return NULL; return NULL;
} }
DBG2(DBG_CFG, " proposal matches"); DBG2(DBG_CFG, " proposal matches");
/* apply SPI from "other" */ /* apply SPI from "other" */
selected->set_spi(selected, other->spi); selected->set_spi(selected, other->spi);
/* everything matched, return new proposal */ /* everything matched, return new proposal */
return selected; return selected;
} }
@ -463,7 +463,7 @@ static void clone_algo_list(linked_list_t *list, linked_list_t *clone_list)
{ {
algorithm_t *algo, *clone_algo; algorithm_t *algo, *clone_algo;
enumerator_t *enumerator; enumerator_t *enumerator;
enumerator = list->create_enumerator(list); enumerator = list->create_enumerator(list);
while (enumerator->enumerate(enumerator, &algo)) while (enumerator->enumerate(enumerator, &algo))
{ {
@ -482,12 +482,12 @@ static bool algo_list_equals(linked_list_t *l1, linked_list_t *l2)
enumerator_t *e1, *e2; enumerator_t *e1, *e2;
algorithm_t *alg1, *alg2; algorithm_t *alg1, *alg2;
bool equals = TRUE; bool equals = TRUE;
if (l1->get_count(l1) != l2->get_count(l2)) if (l1->get_count(l1) != l2->get_count(l2))
{ {
return FALSE; return FALSE;
} }
e1 = l1->create_enumerator(l1); e1 = l1->create_enumerator(l1);
e2 = l2->create_enumerator(l2); e2 = l2->create_enumerator(l2);
while (e1->enumerate(e1, &alg1) && e2->enumerate(e2, &alg2)) while (e1->enumerate(e1, &alg1) && e2->enumerate(e2, &alg2))
@ -531,15 +531,15 @@ static bool equals(private_proposal_t *this, private_proposal_t *other)
static proposal_t *clone_(private_proposal_t *this) static proposal_t *clone_(private_proposal_t *this)
{ {
private_proposal_t *clone = (private_proposal_t*)proposal_create(this->protocol); private_proposal_t *clone = (private_proposal_t*)proposal_create(this->protocol);
clone_algo_list(this->encryption_algos, clone->encryption_algos); clone_algo_list(this->encryption_algos, clone->encryption_algos);
clone_algo_list(this->integrity_algos, clone->integrity_algos); clone_algo_list(this->integrity_algos, clone->integrity_algos);
clone_algo_list(this->prf_algos, clone->prf_algos); clone_algo_list(this->prf_algos, clone->prf_algos);
clone_algo_list(this->dh_groups, clone->dh_groups); clone_algo_list(this->dh_groups, clone->dh_groups);
clone_algo_list(this->esns, clone->esns); clone_algo_list(this->esns, clone->esns);
clone->spi = this->spi; clone->spi = this->spi;
return &clone->public; return &clone->public;
} }
@ -551,7 +551,7 @@ static void check_proposal(private_proposal_t *this)
enumerator_t *e; enumerator_t *e;
algorithm_t *alg; algorithm_t *alg;
bool all_aead = TRUE; bool all_aead = TRUE;
e = this->encryption_algos->create_enumerator(this->encryption_algos); e = this->encryption_algos->create_enumerator(this->encryption_algos);
while (e->enumerate(e, &alg)) while (e->enumerate(e, &alg))
{ {
@ -562,7 +562,7 @@ static void check_proposal(private_proposal_t *this)
} }
} }
e->destroy(e); e->destroy(e);
if (all_aead) if (all_aead)
{ {
/* if all encryption algorithms in the proposal are authenticated encryption /* if all encryption algorithms in the proposal are authenticated encryption
@ -613,7 +613,7 @@ static status_t add_string_algo(private_proposal_t *this, chunk_t alg)
case AUTH_AES_XCBC_96: case AUTH_AES_XCBC_96:
prf = PRF_AES128_XCBC; prf = PRF_AES128_XCBC;
break; break;
default: default:
prf = PRF_UNDEFINED; prf = PRF_UNDEFINED;
} }
if (prf != PRF_UNDEFINED) if (prf != PRF_UNDEFINED)
@ -633,7 +633,7 @@ static int print_alg(private_proposal_t *this, char **dst, size_t *len,
enumerator_t *enumerator; enumerator_t *enumerator;
size_t written = 0; size_t written = 0;
u_int16_t alg, size; u_int16_t alg, size;
enumerator = create_enumerator(this, kind); enumerator = create_enumerator(this, kind);
while (enumerator->enumerate(enumerator, &alg, &size)) while (enumerator->enumerate(enumerator, &alg, &size))
{ {
@ -666,12 +666,12 @@ int proposal_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec,
enumerator_t *enumerator; enumerator_t *enumerator;
size_t written = 0; size_t written = 0;
bool first = TRUE; bool first = TRUE;
if (this == NULL) if (this == NULL)
{ {
return print_in_hook(dst, len, "(null)"); return print_in_hook(dst, len, "(null)");
} }
if (spec->hash) if (spec->hash)
{ {
enumerator = list->create_enumerator(list); enumerator = list->create_enumerator(list);
@ -690,7 +690,7 @@ int proposal_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec,
enumerator->destroy(enumerator); enumerator->destroy(enumerator);
return written; return written;
} }
written = print_in_hook(dst, len, "%N:", protocol_id_names, this->protocol); written = print_in_hook(dst, len, "%N:", protocol_id_names, this->protocol);
written += print_alg(this, &dst, &len, ENCRYPTION_ALGORITHM, written += print_alg(this, &dst, &len, ENCRYPTION_ALGORITHM,
encryption_algorithm_names, &first); encryption_algorithm_names, &first);
@ -724,7 +724,7 @@ static void destroy(private_proposal_t *this)
proposal_t *proposal_create(protocol_id_t protocol) proposal_t *proposal_create(protocol_id_t protocol)
{ {
private_proposal_t *this = malloc_thing(private_proposal_t); private_proposal_t *this = malloc_thing(private_proposal_t);
this->public.add_algorithm = (void (*)(proposal_t*,transform_type_t,u_int16_t,u_int16_t))add_algorithm; this->public.add_algorithm = (void (*)(proposal_t*,transform_type_t,u_int16_t,u_int16_t))add_algorithm;
this->public.create_enumerator = (enumerator_t* (*)(proposal_t*,transform_type_t))create_enumerator; this->public.create_enumerator = (enumerator_t* (*)(proposal_t*,transform_type_t))create_enumerator;
this->public.get_algorithm = (bool (*)(proposal_t*,transform_type_t,u_int16_t*,u_int16_t*))get_algorithm; this->public.get_algorithm = (bool (*)(proposal_t*,transform_type_t,u_int16_t*,u_int16_t*))get_algorithm;
@ -737,16 +737,16 @@ proposal_t *proposal_create(protocol_id_t protocol)
this->public.equals = (bool(*)(proposal_t*, proposal_t *other))equals; this->public.equals = (bool(*)(proposal_t*, proposal_t *other))equals;
this->public.clone = (proposal_t*(*)(proposal_t*))clone_; this->public.clone = (proposal_t*(*)(proposal_t*))clone_;
this->public.destroy = (void(*)(proposal_t*))destroy; this->public.destroy = (void(*)(proposal_t*))destroy;
this->spi = 0; this->spi = 0;
this->protocol = protocol; this->protocol = protocol;
this->encryption_algos = linked_list_create(); this->encryption_algos = linked_list_create();
this->integrity_algos = linked_list_create(); this->integrity_algos = linked_list_create();
this->prf_algos = linked_list_create(); this->prf_algos = linked_list_create();
this->dh_groups = linked_list_create(); this->dh_groups = linked_list_create();
this->esns = linked_list_create(); this->esns = linked_list_create();
return &this->public; return &this->public;
} }
@ -760,7 +760,7 @@ static void proposal_add_supported_ike(private_proposal_t *this)
integrity_algorithm_t integrity; integrity_algorithm_t integrity;
pseudo_random_function_t prf; pseudo_random_function_t prf;
diffie_hellman_group_t group; diffie_hellman_group_t group;
enumerator = lib->crypto->create_crypter_enumerator(lib->crypto); enumerator = lib->crypto->create_crypter_enumerator(lib->crypto);
while (enumerator->enumerate(enumerator, &encryption)) while (enumerator->enumerate(enumerator, &encryption))
{ {
@ -787,10 +787,10 @@ static void proposal_add_supported_ike(private_proposal_t *this)
break; break;
default: default:
break; break;
} }
} }
enumerator->destroy(enumerator); enumerator->destroy(enumerator);
enumerator = lib->crypto->create_signer_enumerator(lib->crypto); enumerator = lib->crypto->create_signer_enumerator(lib->crypto);
while (enumerator->enumerate(enumerator, &integrity)) while (enumerator->enumerate(enumerator, &integrity))
{ {
@ -806,10 +806,10 @@ static void proposal_add_supported_ike(private_proposal_t *this)
break; break;
default: default:
break; break;
} }
} }
enumerator->destroy(enumerator); enumerator->destroy(enumerator);
enumerator = lib->crypto->create_prf_enumerator(lib->crypto); enumerator = lib->crypto->create_prf_enumerator(lib->crypto);
while (enumerator->enumerate(enumerator, &prf)) while (enumerator->enumerate(enumerator, &prf))
{ {
@ -828,7 +828,7 @@ static void proposal_add_supported_ike(private_proposal_t *this)
} }
} }
enumerator->destroy(enumerator); enumerator->destroy(enumerator);
enumerator = lib->crypto->create_dh_enumerator(lib->crypto); enumerator = lib->crypto->create_dh_enumerator(lib->crypto);
while (enumerator->enumerate(enumerator, &group)) while (enumerator->enumerate(enumerator, &group))
{ {
@ -865,7 +865,7 @@ static void proposal_add_supported_ike(private_proposal_t *this)
proposal_t *proposal_create_default(protocol_id_t protocol) proposal_t *proposal_create_default(protocol_id_t protocol)
{ {
private_proposal_t *this = (private_proposal_t*)proposal_create(protocol); private_proposal_t *this = (private_proposal_t*)proposal_create(protocol);
switch (protocol) switch (protocol)
{ {
case PROTO_IKE: case PROTO_IKE:
@ -903,14 +903,14 @@ proposal_t *proposal_create_from_string(protocol_id_t protocol, const char *algs
chunk_t string = {(void*)algs, strlen(algs)}; chunk_t string = {(void*)algs, strlen(algs)};
chunk_t alg; chunk_t alg;
status_t status = SUCCESS; status_t status = SUCCESS;
eat_whitespace(&string); eat_whitespace(&string);
if (string.len < 1) if (string.len < 1)
{ {
destroy(this); destroy(this);
return NULL; return NULL;
} }
/* get all tokens, separated by '-' */ /* get all tokens, separated by '-' */
while (extract_token(&alg, '-', &string)) while (extract_token(&alg, '-', &string))
{ {
@ -925,9 +925,9 @@ proposal_t *proposal_create_from_string(protocol_id_t protocol, const char *algs
destroy(this); destroy(this);
return NULL; return NULL;
} }
check_proposal(this); check_proposal(this);
if (protocol == PROTO_AH || protocol == PROTO_ESP) if (protocol == PROTO_AH || protocol == PROTO_ESP)
{ {
add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0); add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);

52
src/charon/config/proposal.h
View File

@ -65,17 +65,17 @@ extern enum_name_t *extended_sequence_numbers_names;
/** /**
* Stores a set of algorithms used for an SA. * Stores a set of algorithms used for an SA.
* *
* A proposal stores algorithms for a specific * A proposal stores algorithms for a specific
* protocol. It can store algorithms for one protocol. * protocol. It can store algorithms for one protocol.
* Proposals with multiple protocols are not supported, * Proposals with multiple protocols are not supported,
* as it's not specified in RFC4301 anymore. * as it's not specified in RFC4301 anymore.
*/ */
struct proposal_t { struct proposal_t {
/** /**
* Add an algorithm to the proposal. * Add an algorithm to the proposal.
* *
* The algorithms are stored by priority, first added * The algorithms are stored by priority, first added
* is the most preferred. * is the most preferred.
* Key size is only needed for encryption algorithms * Key size is only needed for encryption algorithms
@ -84,27 +84,27 @@ struct proposal_t {
* The alg parameter accepts encryption_algorithm_t, * The alg parameter accepts encryption_algorithm_t,
* integrity_algorithm_t, dh_group_number_t and * integrity_algorithm_t, dh_group_number_t and
* extended_sequence_numbers_t. * extended_sequence_numbers_t.
* *
* @param type kind of algorithm * @param type kind of algorithm
* @param alg identifier for algorithm * @param alg identifier for algorithm
* @param key_size key size to use * @param key_size key size to use
*/ */
void (*add_algorithm) (proposal_t *this, transform_type_t type, void (*add_algorithm) (proposal_t *this, transform_type_t type,
u_int16_t alg, u_int16_t key_size); u_int16_t alg, u_int16_t key_size);
/** /**
* Get an enumerator over algorithms for a specifc algo type. * Get an enumerator over algorithms for a specifc algo type.
* *
* @param type kind of algorithm * @param type kind of algorithm
* @return enumerator over u_int16_t alg, u_int16_t key_size * @return enumerator over u_int16_t alg, u_int16_t key_size
*/ */
enumerator_t *(*create_enumerator) (proposal_t *this, transform_type_t type); enumerator_t *(*create_enumerator) (proposal_t *this, transform_type_t type);
/** /**
* Get the algorithm for a type to use. * Get the algorithm for a type to use.
* *
* If there are multiple algorithms, only the first is returned. * If there are multiple algorithms, only the first is returned.
* *
* @param type kind of algorithm * @param type kind of algorithm
* @param alg pointer which receives algorithm * @param alg pointer which receives algorithm
* @param key_size pointer which receives the key size * @param key_size pointer which receives the key size
@ -112,53 +112,53 @@ struct proposal_t {
*/ */
bool (*get_algorithm) (proposal_t *this, transform_type_t type, bool (*get_algorithm) (proposal_t *this, transform_type_t type,
u_int16_t *alg, u_int16_t *key_size); u_int16_t *alg, u_int16_t *key_size);
/** /**
* Check if the proposal has a specific DH group. * Check if the proposal has a specific DH group.
* *
* @param group group to check for * @param group group to check for
* @return TRUE if algorithm included * @return TRUE if algorithm included
*/ */
bool (*has_dh_group) (proposal_t *this, diffie_hellman_group_t group); bool (*has_dh_group) (proposal_t *this, diffie_hellman_group_t group);
/** /**
* Strip DH groups from proposal to use it without PFS. * Strip DH groups from proposal to use it without PFS.
*/ */
void (*strip_dh)(proposal_t *this); void (*strip_dh)(proposal_t *this);
/** /**
* Compare two proposal, and select a matching subset. * Compare two proposal, and select a matching subset.
* *
* If the proposals are for the same protocols (AH/ESP), they are * If the proposals are for the same protocols (AH/ESP), they are
* compared. If they have at least one algorithm of each type * compared. If they have at least one algorithm of each type
* in common, a resulting proposal of this kind is created. * in common, a resulting proposal of this kind is created.
* *
* @param other proposal to compair agains * @param other proposal to compair agains
* @return selected proposal, NULL if proposals don't match * @return selected proposal, NULL if proposals don't match
*/ */
proposal_t *(*select) (proposal_t *this, proposal_t *other); proposal_t *(*select) (proposal_t *this, proposal_t *other);
/** /**
* Get the protocol ID of the proposal. * Get the protocol ID of the proposal.
* *
* @return protocol of the proposal * @return protocol of the proposal
*/ */
protocol_id_t (*get_protocol) (proposal_t *this); protocol_id_t (*get_protocol) (proposal_t *this);
/** /**
* Get the SPI of the proposal. * Get the SPI of the proposal.
* *
* @return spi for proto * @return spi for proto
*/ */
u_int64_t (*get_spi) (proposal_t *this); u_int64_t (*get_spi) (proposal_t *this);
/** /**
* Set the SPI of the proposal. * Set the SPI of the proposal.
* *
* @param spi spi to set for proto * @param spi spi to set for proto
*/ */
void (*set_spi) (proposal_t *this, u_int64_t spi); void (*set_spi) (proposal_t *this, u_int64_t spi);
/** /**
* Check for the eqality of two proposals. * Check for the eqality of two proposals.
* *
@ -166,14 +166,14 @@ struct proposal_t {
* @return TRUE if other equal to this * @return TRUE if other equal to this
*/ */
bool (*equals)(proposal_t *this, proposal_t *other); bool (*equals)(proposal_t *this, proposal_t *other);
/** /**
* Clone a proposal. * Clone a proposal.
* *
* @return clone of proposal * @return clone of proposal
*/ */
proposal_t *(*clone) (proposal_t *this); proposal_t *(*clone) (proposal_t *this);
/** /**
* Destroys the proposal object. * Destroys the proposal object.
*/ */
@ -214,7 +214,7 @@ proposal_t *proposal_create_from_string(protocol_id_t protocol, const char *algs
/** /**
* printf hook function for proposal_t. * printf hook function for proposal_t.
* *
* Arguments are: * Arguments are:
* proposal_t *proposal * proposal_t *proposal
* With the #-specifier, arguments are: * With the #-specifier, arguments are:
* linked_list_t *list containing proposal_t* * linked_list_t *list containing proposal_t*

126
src/charon/config/traffic_selector.c
View File

@ -42,24 +42,24 @@ struct private_traffic_selector_t {
* Public part * Public part
*/ */
traffic_selector_t public; traffic_selector_t public;
/** /**
* Type of address * Type of address
*/ */
ts_type_t type; ts_type_t type;
/** /**
* IP protocol (UDP, TCP, ICMP, ...) * IP protocol (UDP, TCP, ICMP, ...)
*/ */
u_int8_t protocol; u_int8_t protocol;
/** /**
* narrow this traffic selector to hosts external ip * narrow this traffic selector to hosts external ip
* if set, from and to have no meaning until set_address() is called * if set, from and to have no meaning until set_address() is called
*/ */
bool dynamic; bool dynamic;
/** /**
* begin of address range, network order * begin of address range, network order
*/ */
union { union {
@ -70,7 +70,7 @@ struct private_traffic_selector_t {
/** IPv6 address */ /** IPv6 address */
u_int32_t from6[4]; u_int32_t from6[4];
}; };
/** /**
* end of address range, network order * end of address range, network order
*/ */
@ -82,14 +82,14 @@ struct private_traffic_selector_t {
/** IPv6 address */ /** IPv6 address */
u_int32_t to6[4]; u_int32_t to6[4];
}; };
/** /**
* begin of port range * begin of port range
*/ */
u_int16_t from_port; u_int16_t from_port;
/** /**
* end of port range * end of port range
*/ */
u_int16_t to_port; u_int16_t to_port;
}; };
@ -101,7 +101,7 @@ static void calc_range(private_traffic_selector_t *this, u_int8_t netbits)
{ {
int byte; int byte;
size_t size = (this->type == TS_IPV4_ADDR_RANGE) ? 4 : 16; size_t size = (this->type == TS_IPV4_ADDR_RANGE) ? 4 : 16;
/* go through the from address, starting at the tail. While we /* go through the from address, starting at the tail. While we
* have not processed the bits belonging to the host, set them to 1 on * have not processed the bits belonging to the host, set them to 1 on
* the to address. If we reach the bits for the net, copy them from "from". */ * the to address. If we reach the bits for the net, copy them from "from". */
@ -109,7 +109,7 @@ static void calc_range(private_traffic_selector_t *this, u_int8_t netbits)
{ {
u_char mask = 0x00; u_char mask = 0x00;
int shift; int shift;
shift = (byte+1) * 8 - netbits; shift = (byte+1) * 8 - netbits;
if (shift > 0) if (shift > 0)
{ {
@ -130,7 +130,7 @@ static u_int8_t calc_netbits(private_traffic_selector_t *this)
{ {
int byte, bit; int byte, bit;
size_t size = (this->type == TS_IPV4_ADDR_RANGE) ? 4 : 16; size_t size = (this->type == TS_IPV4_ADDR_RANGE) ? 4 : 16;
/* go trough all bits of the addresses, beginning in the front. /* go trough all bits of the addresses, beginning in the front.
* as long as they are equal, the subnet gets larger * as long as they are equal, the subnet gets larger
*/ */
@ -169,12 +169,12 @@ int traffic_selector_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec
bool has_ports; bool has_ports;
size_t written = 0; size_t written = 0;
u_int32_t from[4], to[4]; u_int32_t from[4], to[4];
if (this == NULL) if (this == NULL)
{ {
return print_in_hook(dst, len, "(null)"); return print_in_hook(dst, len, "(null)");
} }
if (spec->hash) if (spec->hash)
{ {
iterator = list->create_iterator(list, TRUE); iterator = list->create_iterator(list, TRUE);
@ -186,11 +186,11 @@ int traffic_selector_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec
iterator->destroy(iterator); iterator->destroy(iterator);
return written; return written;
} }
memset(from, 0, sizeof(from)); memset(from, 0, sizeof(from));
memset(to, 0xFF, sizeof(to)); memset(to, 0xFF, sizeof(to));
if (this->dynamic && if (this->dynamic &&
memeq(this->from, from, this->type == TS_IPV4_ADDR_RANGE ? 4 : 16) && memeq(this->from, from, this->type == TS_IPV4_ADDR_RANGE ? 4 : 16) &&
memeq(this->to, to, this->type == TS_IPV4_ADDR_RANGE ? 4 : 16)) memeq(this->to, to, this->type == TS_IPV4_ADDR_RANGE ? 4 : 16))
{ {
written += print_in_hook(dst, len, "dynamic"); written += print_in_hook(dst, len, "dynamic");
@ -208,7 +208,7 @@ int traffic_selector_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec
mask = calc_netbits(this); mask = calc_netbits(this);
written += print_in_hook(dst, len, "%s/%d", addr_str, mask); written += print_in_hook(dst, len, "%s/%d", addr_str, mask);
} }
/* check if we have protocol and/or port selectors */ /* check if we have protocol and/or port selectors */
has_proto = this->protocol != 0; has_proto = this->protocol != 0;
has_ports = !(this->from_port == 0 && this->to_port == 0xFFFF); has_ports = !(this->from_port == 0 && this->to_port == 0xFFFF);
@ -235,7 +235,7 @@ int traffic_selector_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec
written += print_in_hook(dst, len, "%d", this->protocol); written += print_in_hook(dst, len, "%d", this->protocol);
} }
} }
if (has_proto && has_ports) if (has_proto && has_ports)
{ {
written += print_in_hook(dst, len, "/"); written += print_in_hook(dst, len, "/");
@ -262,7 +262,7 @@ int traffic_selector_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec
written += print_in_hook(dst, len, "%d-%d", this->from_port, this->to_port); written += print_in_hook(dst, len, "%d-%d", this->from_port, this->to_port);
} }
} }
written += print_in_hook(dst, len, "]"); written += print_in_hook(dst, len, "]");
return written; return written;
@ -281,7 +281,7 @@ static traffic_selector_t *get_subset(private_traffic_selector_t *this, private_
u_int8_t protocol; u_int8_t protocol;
size_t size; size_t size;
private_traffic_selector_t *new_ts; private_traffic_selector_t *new_ts;
/* calculate the maximum port range allowed for both */ /* calculate the maximum port range allowed for both */
from_port = max(this->from_port, other->from_port); from_port = max(this->from_port, other->from_port);
to_port = min(this->to_port, other->to_port); to_port = min(this->to_port, other->to_port);
@ -291,7 +291,7 @@ static traffic_selector_t *get_subset(private_traffic_selector_t *this, private_
} }
/* select protocol, which is not zero */ /* select protocol, which is not zero */
protocol = max(this->protocol, other->protocol); protocol = max(this->protocol, other->protocol);
switch (this->type) switch (this->type)
{ {
case TS_IPV4_ADDR_RANGE: case TS_IPV4_ADDR_RANGE:
@ -303,7 +303,7 @@ static traffic_selector_t *get_subset(private_traffic_selector_t *this, private_
default: default:
return NULL; return NULL;
} }
/* get higher from-address */ /* get higher from-address */
if (memcmp(this->from, other->from, size) > 0) if (memcmp(this->from, other->from, size) > 0)
{ {
@ -327,14 +327,14 @@ static traffic_selector_t *get_subset(private_traffic_selector_t *this, private_
{ {
return NULL; return NULL;
} }
/* we have a match in protocol, port, and address: return it... */ /* we have a match in protocol, port, and address: return it... */
new_ts = traffic_selector_create(protocol, this->type, from_port, to_port); new_ts = traffic_selector_create(protocol, this->type, from_port, to_port);
new_ts->type = this->type; new_ts->type = this->type;
new_ts->dynamic = this->dynamic || other->dynamic; new_ts->dynamic = this->dynamic || other->dynamic;
memcpy(new_ts->from, from, size); memcpy(new_ts->from, from, size);
memcpy(new_ts->to, to, size); memcpy(new_ts->to, to, size);
return &new_ts->public; return &new_ts->public;
} }
return NULL; return NULL;
@ -390,7 +390,7 @@ static chunk_t get_from_address(private_traffic_selector_t *this)
return chunk_empty; return chunk_empty;
} }
} }
/** /**
* Implements traffic_selector_t.get_to_address. * Implements traffic_selector_t.get_to_address.
*/ */
@ -406,7 +406,7 @@ static chunk_t get_to_address(private_traffic_selector_t *this)
return chunk_empty; return chunk_empty;
} }
} }
/** /**
* Implements traffic_selector_t.get_from_port. * Implements traffic_selector_t.get_from_port.
*/ */
@ -414,7 +414,7 @@ static u_int16_t get_from_port(private_traffic_selector_t *this)
{ {
return this->from_port; return this->from_port;
} }
/** /**
* Implements traffic_selector_t.get_to_port. * Implements traffic_selector_t.get_to_port.
*/ */
@ -448,7 +448,7 @@ static bool is_host(private_traffic_selector_t *this, host_t *host)
{ {
chunk_t addr; chunk_t addr;
int family = host->get_family(host); int family = host->get_family(host);
if ((family == AF_INET && this->type == TS_IPV4_ADDR_RANGE) || if ((family == AF_INET && this->type == TS_IPV4_ADDR_RANGE) ||
(family == AF_INET6 && this->type == TS_IPV6_ADDR_RANGE)) (family == AF_INET6 && this->type == TS_IPV6_ADDR_RANGE))
{ {
@ -463,12 +463,12 @@ static bool is_host(private_traffic_selector_t *this, host_t *host)
else else
{ {
size_t length = (this->type == TS_IPV4_ADDR_RANGE) ? 4 : 16; size_t length = (this->type == TS_IPV4_ADDR_RANGE) ? 4 : 16;
if (this->dynamic) if (this->dynamic)
{ {
return TRUE; return TRUE;
} }
if (memeq(this->from, this->to, length)) if (memeq(this->from, this->to, length))
{ {
return TRUE; return TRUE;
@ -494,7 +494,7 @@ static void set_address(private_traffic_selector_t *this, host_t *host)
{ {
this->type = host->get_family(host) == AF_INET ? this->type = host->get_family(host) == AF_INET ?
TS_IPV4_ADDR_RANGE : TS_IPV6_ADDR_RANGE; TS_IPV4_ADDR_RANGE : TS_IPV6_ADDR_RANGE;
if (host->is_anyaddr(host)) if (host->is_anyaddr(host))
{ {
memset(this->from6, 0x00, sizeof(this->from6)); memset(this->from6, 0x00, sizeof(this->from6));
@ -517,9 +517,9 @@ static bool is_contained_in(private_traffic_selector_t *this,
{ {
private_traffic_selector_t *subset; private_traffic_selector_t *subset;
bool contained_in = FALSE; bool contained_in = FALSE;
subset = (private_traffic_selector_t*)get_subset(this, other); subset = (private_traffic_selector_t*)get_subset(this, other);
if (subset) if (subset)
{ {
if (equals(subset, this)) if (equals(subset, this))
@ -528,7 +528,7 @@ static bool is_contained_in(private_traffic_selector_t *this,
} }
free(subset); free(subset);
} }
return contained_in; return contained_in;
} }
/** /**
@ -543,12 +543,12 @@ static bool includes(private_traffic_selector_t *this, host_t *host)
(family == AF_INET6 && this->type == TS_IPV6_ADDR_RANGE)) (family == AF_INET6 && this->type == TS_IPV6_ADDR_RANGE))
{ {
addr = host->get_address(host); addr = host->get_address(host);
return memcmp(this->from, addr.ptr, addr.len) <= 0 && return memcmp(this->from, addr.ptr, addr.len) <= 0 &&
memcmp(this->to, addr.ptr, addr.len) >= 0; memcmp(this->to, addr.ptr, addr.len) >= 0;
} }
return FALSE; return FALSE;
} }
/** /**
@ -557,15 +557,15 @@ static bool includes(private_traffic_selector_t *this, host_t *host)
static void to_subnet(private_traffic_selector_t *this, host_t **net, u_int8_t *mask) static void to_subnet(private_traffic_selector_t *this, host_t **net, u_int8_t *mask)
{ {
/* there is no way to do this cleanly, as the address range may /* there is no way to do this cleanly, as the address range may
* be anything else but a subnet. We use from_addr as subnet * be anything else but a subnet. We use from_addr as subnet
* and try to calculate a usable subnet mask. * and try to calculate a usable subnet mask.
*/ */
int family, byte; int family, byte;
u_int16_t port = 0; u_int16_t port = 0;
chunk_t net_chunk; chunk_t net_chunk;
*mask = calc_netbits(this); *mask = calc_netbits(this);
switch (this->type) switch (this->type)
{ {
case TS_IPV4_ADDR_RANGE: case TS_IPV4_ADDR_RANGE:
@ -586,22 +586,22 @@ static void to_subnet(private_traffic_selector_t *this, host_t **net, u_int8_t *
return; return;
} }
} }
net_chunk.ptr = malloc(net_chunk.len); net_chunk.ptr = malloc(net_chunk.len);
memcpy(net_chunk.ptr, this->from, net_chunk.len); memcpy(net_chunk.ptr, this->from, net_chunk.len);
for (byte = net_chunk.len - 1; byte >= (*mask / 8); --byte) for (byte = net_chunk.len - 1; byte >= (*mask / 8); --byte)
{ {
int shift = (byte + 1) * 8 - *mask; int shift = (byte + 1) * 8 - *mask;
net_chunk.ptr[byte] = net_chunk.ptr[byte] & (0xFF << shift); net_chunk.ptr[byte] = net_chunk.ptr[byte] & (0xFF << shift);
} }
if (this->to_port == this->from_port) if (this->to_port == this->from_port)
{ {
port = this->to_port; port = this->to_port;
} }
*net = host_create_from_chunk(family, net_chunk, port); *net = host_create_from_chunk(family, net_chunk, port);
chunk_free(&net_chunk); chunk_free(&net_chunk);
} }
@ -611,10 +611,10 @@ static void to_subnet(private_traffic_selector_t *this, host_t **net, u_int8_t *
static traffic_selector_t *clone_(private_traffic_selector_t *this) static traffic_selector_t *clone_(private_traffic_selector_t *this)
{ {
private_traffic_selector_t *clone; private_traffic_selector_t *clone;
clone = traffic_selector_create(this->protocol, this->type, clone = traffic_selector_create(this->protocol, this->type,
this->from_port, this->to_port); this->from_port, this->to_port);
clone->dynamic = this->dynamic; clone->dynamic = this->dynamic;
switch (clone->type) switch (clone->type)
{ {
@ -650,13 +650,13 @@ static void destroy(private_traffic_selector_t *this)
* see header * see header
*/ */
traffic_selector_t *traffic_selector_create_from_bytes(u_int8_t protocol, traffic_selector_t *traffic_selector_create_from_bytes(u_int8_t protocol,
ts_type_t type, ts_type_t type,
chunk_t from, u_int16_t from_port, chunk_t from, u_int16_t from_port,
chunk_t to, u_int16_t to_port) chunk_t to, u_int16_t to_port)
{ {
private_traffic_selector_t *this = traffic_selector_create(protocol, type, private_traffic_selector_t *this = traffic_selector_create(protocol, type,
from_port, to_port); from_port, to_port);
switch (type) switch (type)
{ {
case TS_IPV4_ADDR_RANGE: case TS_IPV4_ADDR_RANGE:
@ -684,7 +684,7 @@ traffic_selector_t *traffic_selector_create_from_bytes(u_int8_t protocol,
default: default:
{ {
free(this); free(this);
return NULL; return NULL;
} }
} }
return (&this->public); return (&this->public);
@ -693,7 +693,7 @@ traffic_selector_t *traffic_selector_create_from_bytes(u_int8_t protocol,
/* /*
* see header * see header
*/ */
traffic_selector_t *traffic_selector_create_from_subnet(host_t *net, traffic_selector_t *traffic_selector_create_from_subnet(host_t *net,
u_int8_t netbits, u_int8_t protocol, u_int16_t port) u_int8_t netbits, u_int8_t protocol, u_int16_t port)
{ {
private_traffic_selector_t *this = traffic_selector_create(protocol, 0, 0, 65535); private_traffic_selector_t *this = traffic_selector_create(protocol, 0, 0, 65535);
@ -703,7 +703,7 @@ traffic_selector_t *traffic_selector_create_from_subnet(host_t *net,
case AF_INET: case AF_INET:
{ {
chunk_t from; chunk_t from;
this->type = TS_IPV4_ADDR_RANGE; this->type = TS_IPV4_ADDR_RANGE;
from = net->get_address(net); from = net->get_address(net);
memcpy(this->from4, from.ptr, from.len); memcpy(this->from4, from.ptr, from.len);
@ -721,7 +721,7 @@ traffic_selector_t *traffic_selector_create_from_subnet(host_t *net,
case AF_INET6: case AF_INET6:
{ {
chunk_t from; chunk_t from;
this->type = TS_IPV6_ADDR_RANGE; this->type = TS_IPV6_ADDR_RANGE;
from = net->get_address(net); from = net->get_address(net);
memcpy(this->from6, from.ptr, from.len); memcpy(this->from6, from.ptr, from.len);
@ -782,7 +782,7 @@ traffic_selector_t *traffic_selector_create_from_string(
free(this); free(this);
return NULL; return NULL;
} }
break; break;
} }
case TS_IPV6_ADDR_RANGE: case TS_IPV6_ADDR_RANGE:
{ {
@ -805,17 +805,17 @@ traffic_selector_t *traffic_selector_create_from_string(
/* /*
* see header * see header
*/ */
traffic_selector_t *traffic_selector_create_dynamic(u_int8_t protocol, traffic_selector_t *traffic_selector_create_dynamic(u_int8_t protocol,
u_int16_t from_port, u_int16_t to_port) u_int16_t from_port, u_int16_t to_port)
{ {
private_traffic_selector_t *this = traffic_selector_create( private_traffic_selector_t *this = traffic_selector_create(
protocol, TS_IPV4_ADDR_RANGE, from_port, to_port); protocol, TS_IPV4_ADDR_RANGE, from_port, to_port);
memset(this->from6, 0, sizeof(this->from6)); memset(this->from6, 0, sizeof(this->from6));
memset(this->to6, 0xFF, sizeof(this->to6)); memset(this->to6, 0xFF, sizeof(this->to6));
this->dynamic = TRUE; this->dynamic = TRUE;
return &this->public; return &this->public;
} }
@ -833,7 +833,7 @@ static private_traffic_selector_t *traffic_selector_create(u_int8_t protocol,
this->public.get_from_address = (chunk_t(*)(traffic_selector_t*))get_from_address; this->public.get_from_address = (chunk_t(*)(traffic_selector_t*))get_from_address;
this->public.get_to_address = (chunk_t(*)(traffic_selector_t*))get_to_address; this->public.get_to_address = (chunk_t(*)(traffic_selector_t*))get_to_address;
this->public.get_from_port = (u_int16_t(*)(traffic_selector_t*))get_from_port; this->public.get_from_port = (u_int16_t(*)(traffic_selector_t*))get_from_port;
this->public.get_to_port = (u_int16_t(*)(traffic_selector_t*))get_to_port; this->public.get_to_port = (u_int16_t(*)(traffic_selector_t*))get_to_port;
this->public.get_type = (ts_type_t(*)(traffic_selector_t*))get_type; this->public.get_type = (ts_type_t(*)(traffic_selector_t*))get_type;
this->public.get_protocol = (u_int8_t(*)(traffic_selector_t*))get_protocol; this->public.get_protocol = (u_int8_t(*)(traffic_selector_t*))get_protocol;
this->public.is_host = (bool(*)(traffic_selector_t*,host_t*))is_host; this->public.is_host = (bool(*)(traffic_selector_t*,host_t*))is_host;
@ -844,13 +844,13 @@ static private_traffic_selector_t *traffic_selector_create(u_int8_t protocol,
this->public.to_subnet = (void(*)(traffic_selector_t*,host_t**,u_int8_t*))to_subnet; this->public.to_subnet = (void(*)(traffic_selector_t*,host_t**,u_int8_t*))to_subnet;
this->public.clone = (traffic_selector_t*(*)(traffic_selector_t*))clone_; this->public.clone = (traffic_selector_t*(*)(traffic_selector_t*))clone_;
this->public.destroy = (void(*)(traffic_selector_t*))destroy; this->public.destroy = (void(*)(traffic_selector_t*))destroy;
this->from_port = from_port; this->from_port = from_port;
this->to_port = to_port; this->to_port = to_port;
this->protocol = protocol; this->protocol = protocol;
this->type = type; this->type = type;
this->dynamic = FALSE; this->dynamic = FALSE;
return this; return this;
} }

66
src/charon/config/traffic_selector.h
View File

@ -33,7 +33,7 @@ typedef struct traffic_selector_t traffic_selector_t;
* Traffic selector types. * Traffic selector types.
*/ */
enum ts_type_t { enum ts_type_t {
/** /**
* A range of IPv4 addresses, represented by two four (4) octet * A range of IPv4 addresses, represented by two four (4) octet
* values. The first value is the beginning IPv4 address * values. The first value is the beginning IPv4 address
@ -42,7 +42,7 @@ enum ts_type_t {
* addresses are considered to be within the list. * addresses are considered to be within the list.
*/ */
TS_IPV4_ADDR_RANGE = 7, TS_IPV4_ADDR_RANGE = 7,
/** /**
* A range of IPv6 addresses, represented by two sixteen (16) * A range of IPv6 addresses, represented by two sixteen (16)
* octet values. The first value is the beginning IPv6 address * octet values. The first value is the beginning IPv6 address
@ -65,7 +65,7 @@ extern enum_name_t *ts_type_name;
* and a range of ports. IPv6 is not fully supported yet. * and a range of ports. IPv6 is not fully supported yet.
*/ */
struct traffic_selector_t { struct traffic_selector_t {
/** /**
* Compare two traffic selectors, and create a new one * Compare two traffic selectors, and create a new one
* which is the largest subset of both (subnet & port). * which is the largest subset of both (subnet & port).
@ -77,16 +77,16 @@ struct traffic_selector_t {
* - created subset of them * - created subset of them
* - or NULL if no match between this and other * - or NULL if no match between this and other
*/ */
traffic_selector_t *(*get_subset) (traffic_selector_t *this, traffic_selector_t *(*get_subset) (traffic_selector_t *this,
traffic_selector_t *other); traffic_selector_t *other);
/** /**
* Clone a traffic selector. * Clone a traffic selector.
* *
* @return clone of it * @return clone of it
*/ */
traffic_selector_t *(*clone) (traffic_selector_t *this); traffic_selector_t *(*clone) (traffic_selector_t *this);
/** /**
* Get starting address of this ts as a chunk. * Get starting address of this ts as a chunk.
* *
@ -95,7 +95,7 @@ struct traffic_selector_t {
* @return chunk containing the address * @return chunk containing the address
*/ */
chunk_t (*get_from_address) (traffic_selector_t *this); chunk_t (*get_from_address) (traffic_selector_t *this);
/** /**
* Get ending address of this ts as a chunk. * Get ending address of this ts as a chunk.
* *
@ -104,17 +104,17 @@ struct traffic_selector_t {
* @return chunk containing the address * @return chunk containing the address
*/ */
chunk_t (*get_to_address) (traffic_selector_t *this); chunk_t (*get_to_address) (traffic_selector_t *this);
/** /**
* Get starting port of this ts. * Get starting port of this ts.
* *
* Port is in host order, since the parser converts it. * Port is in host order, since the parser converts it.
* Size depends on protocol. * Size depends on protocol.
* *
* @return port * @return port
*/ */
u_int16_t (*get_from_port) (traffic_selector_t *this); u_int16_t (*get_from_port) (traffic_selector_t *this);
/** /**
* Get ending port of this ts. * Get ending port of this ts.
* *
@ -124,21 +124,21 @@ struct traffic_selector_t {
* @return port * @return port
*/ */
u_int16_t (*get_to_port) (traffic_selector_t *this); u_int16_t (*get_to_port) (traffic_selector_t *this);
/** /**
* Get the type of the traffic selector. * Get the type of the traffic selector.
* *
* @return ts_type_t specifying the type * @return ts_type_t specifying the type
*/ */
ts_type_t (*get_type) (traffic_selector_t *this); ts_type_t (*get_type) (traffic_selector_t *this);
/** /**
* Get the protocol id of this ts. * Get the protocol id of this ts.
* *
* @return protocol id * @return protocol id
*/ */
u_int8_t (*get_protocol) (traffic_selector_t *this); u_int8_t (*get_protocol) (traffic_selector_t *this);
/** /**
* Check if the traffic selector is for a single host. * Check if the traffic selector is for a single host.
* *
@ -151,14 +151,14 @@ struct traffic_selector_t {
* @param host host_t specifying the address range * @param host host_t specifying the address range
*/ */
bool (*is_host) (traffic_selector_t *this, host_t* host); bool (*is_host) (traffic_selector_t *this, host_t* host);
/** /**
* Check if a traffic selector has been created by create_dynamic(). * Check if a traffic selector has been created by create_dynamic().
* *
* @return TRUE if TS is dynamic * @return TRUE if TS is dynamic
*/ */
bool (*is_dynamic)(traffic_selector_t *this); bool (*is_dynamic)(traffic_selector_t *this);
/** /**
* Update the address of a traffic selector. * Update the address of a traffic selector.
* *
@ -168,15 +168,15 @@ struct traffic_selector_t {
* @param host host_t specifying the address * @param host host_t specifying the address
*/ */
void (*set_address) (traffic_selector_t *this, host_t* host); void (*set_address) (traffic_selector_t *this, host_t* host);
/** /**
* Compare two traffic selectors for equality. * Compare two traffic selectors for equality.
* *
* @param other ts to compare with this * @param other ts to compare with this
* @return TRUE if equal, FALSE otherwise * @return TRUE if equal, FALSE otherwise
*/ */
bool (*equals) (traffic_selector_t *this, traffic_selector_t *other); bool (*equals) (traffic_selector_t *this, traffic_selector_t *other);
/** /**
* Check if a traffic selector is contained completly in another. * Check if a traffic selector is contained completly in another.
* *
@ -188,24 +188,24 @@ struct traffic_selector_t {
bool (*is_contained_in) (traffic_selector_t *this, traffic_selector_t *other); bool (*is_contained_in) (traffic_selector_t *this, traffic_selector_t *other);
/** /**
* Check if a specific host is included in the address range of * Check if a specific host is included in the address range of
* this traffic selector. * this traffic selector.
* *
* @param host the host to check * @param host the host to check
*/ */
bool (*includes) (traffic_selector_t *this, host_t *host); bool (*includes) (traffic_selector_t *this, host_t *host);
/** /**
* Convert a traffic selector address range to a subnet * Convert a traffic selector address range to a subnet
* and its net mask. * and its net mask.
* If from and to ports of this traffic selector are equal, * If from and to ports of this traffic selector are equal,
* the port of the returned host_t is set to that port. * the port of the returned host_t is set to that port.
* *
* @param net converted subnet (has to be freed) * @param net converted subnet (has to be freed)
* @param mask converted net mask * @param mask converted net mask
*/ */
void (*to_subnet) (traffic_selector_t *this, host_t **net, u_int8_t *mask); void (*to_subnet) (traffic_selector_t *this, host_t **net, u_int8_t *mask);
/** /**
* Destroys the ts object * Destroys the ts object
*/ */
@ -214,7 +214,7 @@ struct traffic_selector_t {
/** /**
* Create a new traffic selector using human readable params. * Create a new traffic selector using human readable params.
* *
* @param protocol protocol for this ts, such as TCP or UDP * @param protocol protocol for this ts, such as TCP or UDP
* @param type type of following addresses, such as TS_IPV4_ADDR_RANGE * @param type type of following addresses, such as TS_IPV4_ADDR_RANGE
* @param from_addr start of address range as string * @param from_addr start of address range as string
@ -232,11 +232,11 @@ traffic_selector_t *traffic_selector_create_from_string(
/** /**
* Create a new traffic selector using data read from the net. * Create a new traffic selector using data read from the net.
* *
* There exists a mix of network and host order in the params. * There exists a mix of network and host order in the params.
* But the parser gives us this data in this format, so we * But the parser gives us this data in this format, so we
* don't have to convert twice. * don't have to convert twice.
* *
* @param protocol protocol for this ts, such as TCP or UDP * @param protocol protocol for this ts, such as TCP or UDP
* @param type type of following addresses, such as TS_IPV4_ADDR_RANGE * @param type type of following addresses, such as TS_IPV4_ADDR_RANGE
* @param from_address start of address range, network order * @param from_address start of address range, network order
@ -252,14 +252,14 @@ traffic_selector_t *traffic_selector_create_from_bytes(
/** /**
* Create a new traffic selector defining a whole subnet. * Create a new traffic selector defining a whole subnet.
* *
* In most cases, definition of a traffic selector for full subnets * In most cases, definition of a traffic selector for full subnets
* is sufficient. This constructor creates a traffic selector for * is sufficient. This constructor creates a traffic selector for
* all protocols, all ports and the address range specified by the * all protocols, all ports and the address range specified by the
* subnet. * subnet.
* Additionally, a protocol and a port may be specified. Port ranges * Additionally, a protocol and a port may be specified. Port ranges
* are not supported via this constructor. * are not supported via this constructor.
* *
* @param net subnet to use * @param net subnet to use
* @param netbits size of the subnet, as used in e.g. 192.168.0.0/24 notation * @param netbits size of the subnet, as used in e.g. 192.168.0.0/24 notation
* @param protocol protocol for this ts, such as TCP or UDP * @param protocol protocol for this ts, such as TCP or UDP
@ -269,17 +269,17 @@ traffic_selector_t *traffic_selector_create_from_bytes(
* - NULL if address family of net not supported * - NULL if address family of net not supported
*/ */
traffic_selector_t *traffic_selector_create_from_subnet( traffic_selector_t *traffic_selector_create_from_subnet(
host_t *net, u_int8_t netbits, host_t *net, u_int8_t netbits,
u_int8_t protocol, u_int16_t port); u_int8_t protocol, u_int16_t port);
/** /**
* Create a traffic selector for host-to-host cases. * Create a traffic selector for host-to-host cases.
* *
* For host2host or virtual IP setups, the traffic selectors gets * For host2host or virtual IP setups, the traffic selectors gets
* created at runtime using the external/virtual IP. Using this constructor, * created at runtime using the external/virtual IP. Using this constructor,
* a call to set_address() sets this traffic selector to the supplied host. * a call to set_address() sets this traffic selector to the supplied host.
* *
* *
* @param protocol upper layer protocl to allow * @param protocol upper layer protocl to allow
* @param from_port start of allowed port range * @param from_port start of allowed port range
* @param to_port end of range * @param to_port end of range
@ -293,7 +293,7 @@ traffic_selector_t *traffic_selector_create_dynamic(u_int8_t protocol,
/** /**
* printf hook function for traffic_selector_t. * printf hook function for traffic_selector_t.
* *
* Arguments are: * Arguments are:
* traffic_selector_t *ts * traffic_selector_t *ts
* With the #-specifier, arguments are: * With the #-specifier, arguments are:
* linked_list_t *list containing traffic_selector_t* * linked_list_t *list containing traffic_selector_t*

46
src/charon/control/controller.c
View File

@ -47,42 +47,42 @@ struct interface_listener_t {
* public bus listener interface * public bus listener interface
*/ */
listener_t public; listener_t public;
/** /**
* status of the operation, return to method callers * status of the operation, return to method callers
*/ */
status_t status; status_t status;
/** /**
* interface callback (listener gets redirected to here) * interface callback (listener gets redirected to here)
*/ */
controller_cb_t callback; controller_cb_t callback;
/** /**
* user parameter to pass to callback * user parameter to pass to callback
*/ */
void *param; void *param;
/** /**
* child configuration, used for initiate * child configuration, used for initiate
*/ */
child_cfg_t *child_cfg; child_cfg_t *child_cfg;
/** /**
* peer configuration, used for initiate * peer configuration, used for initiate
*/ */
peer_cfg_t *peer_cfg; peer_cfg_t *peer_cfg;
/** /**
* IKE_SA to handle * IKE_SA to handle
*/ */
ike_sa_t *ike_sa; ike_sa_t *ike_sa;
/** /**
* CHILD_SA to handle * CHILD_SA to handle
*/ */
child_sa_t *child_sa; child_sa_t *child_sa;
/** /**
* unique ID, used for various methods * unique ID, used for various methods
*/ */
@ -100,7 +100,7 @@ struct interface_job_t {
* job interface * job interface
*/ */
job_t public; job_t public;
/** /**
* associated listener * associated listener
*/ */
@ -138,7 +138,7 @@ static bool listener_ike_state(interface_listener_t *this, ike_sa_t *ike_sa,
case IKE_ESTABLISHED: case IKE_ESTABLISHED:
{ /* mediation connections are complete without CHILD_SA */ { /* mediation connections are complete without CHILD_SA */
peer_cfg_t *peer_cfg = ike_sa->get_peer_cfg(ike_sa); peer_cfg_t *peer_cfg = ike_sa->get_peer_cfg(ike_sa);
if (peer_cfg->is_mediation(peer_cfg)) if (peer_cfg->is_mediation(peer_cfg))
{ {
this->status = SUCCESS; this->status = SUCCESS;
@ -219,17 +219,17 @@ static status_t initiate_execute(interface_job_t *job)
ike_sa_t *ike_sa; ike_sa_t *ike_sa;
interface_listener_t *listener = &job->listener; interface_listener_t *listener = &job->listener;
peer_cfg_t *peer_cfg = listener->peer_cfg; peer_cfg_t *peer_cfg = listener->peer_cfg;
ike_sa = charon->ike_sa_manager->checkout_by_config(charon->ike_sa_manager, ike_sa = charon->ike_sa_manager->checkout_by_config(charon->ike_sa_manager,
peer_cfg); peer_cfg);
listener->ike_sa = ike_sa; listener->ike_sa = ike_sa;
if (ike_sa->get_peer_cfg(ike_sa) == NULL) if (ike_sa->get_peer_cfg(ike_sa) == NULL)
{ {
ike_sa->set_peer_cfg(ike_sa, peer_cfg); ike_sa->set_peer_cfg(ike_sa, peer_cfg);
} }
peer_cfg->destroy(peer_cfg); peer_cfg->destroy(peer_cfg);
if (ike_sa->initiate(ike_sa, listener->child_cfg, 0, NULL, NULL) == SUCCESS) if (ike_sa->initiate(ike_sa, listener->child_cfg, 0, NULL, NULL) == SUCCESS)
{ {
charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
@ -279,9 +279,9 @@ static status_t terminate_ike_execute(interface_job_t *job)
{ {
interface_listener_t *listener = &job->listener; interface_listener_t *listener = &job->listener;
ike_sa_t *ike_sa = listener->ike_sa; ike_sa_t *ike_sa = listener->ike_sa;
charon->bus->set_sa(charon->bus, ike_sa); charon->bus->set_sa(charon->bus, ike_sa);
if (ike_sa->delete(ike_sa) != DESTROY_ME) if (ike_sa->delete(ike_sa) != DESTROY_ME)
{ {
charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
@ -316,7 +316,7 @@ static status_t terminate_ike(controller_t *this, u_int32_t unique_id,
.destroy = (void*)recheckin, .destroy = (void*)recheckin,
}, },
}; };
ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager, ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager,
unique_id, FALSE); unique_id, FALSE);
if (ike_sa == NULL) if (ike_sa == NULL)
@ -325,7 +325,7 @@ static status_t terminate_ike(controller_t *this, u_int32_t unique_id,
return NOT_FOUND; return NOT_FOUND;
} }
job.listener.ike_sa = ike_sa; job.listener.ike_sa = ike_sa;
if (callback == NULL) if (callback == NULL)
{ {
return terminate_ike_execute(&job); return terminate_ike_execute(&job);
@ -342,7 +342,7 @@ static status_t terminate_child_execute(interface_job_t *job)
interface_listener_t *listener = &job->listener; interface_listener_t *listener = &job->listener;
ike_sa_t *ike_sa = listener->ike_sa; ike_sa_t *ike_sa = listener->ike_sa;
child_sa_t *child_sa = listener->child_sa; child_sa_t *child_sa = listener->child_sa;
charon->bus->set_sa(charon->bus, ike_sa); charon->bus->set_sa(charon->bus, ike_sa);
if (ike_sa->delete_child_sa(ike_sa, child_sa->get_protocol(child_sa), if (ike_sa->delete_child_sa(ike_sa, child_sa->get_protocol(child_sa),
child_sa->get_spi(child_sa, TRUE)) != DESTROY_ME) child_sa->get_spi(child_sa, TRUE)) != DESTROY_ME)
@ -380,7 +380,7 @@ static status_t terminate_child(controller_t *this, u_int32_t reqid,
.destroy = (void*)recheckin, .destroy = (void*)recheckin,
}, },
}; };
ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager, ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager,
reqid, TRUE); reqid, TRUE);
if (ike_sa == NULL) if (ike_sa == NULL)
@ -390,7 +390,7 @@ static status_t terminate_child(controller_t *this, u_int32_t reqid,
return NOT_FOUND; return NOT_FOUND;
} }
job.listener.ike_sa = ike_sa; job.listener.ike_sa = ike_sa;
iterator = ike_sa->create_child_sa_iterator(ike_sa); iterator = ike_sa->create_child_sa_iterator(ike_sa);
while (iterator->iterate(iterator, (void**)&child_sa)) while (iterator->iterate(iterator, (void**)&child_sa))
{ {
@ -402,7 +402,7 @@ static status_t terminate_child(controller_t *this, u_int32_t reqid,
child_sa = NULL; child_sa = NULL;
} }
iterator->destroy(iterator); iterator->destroy(iterator);
if (child_sa == NULL) if (child_sa == NULL)
{ {
DBG1(DBG_IKE, "unable to terminate, established " DBG1(DBG_IKE, "unable to terminate, established "
@ -443,13 +443,13 @@ static void destroy(private_controller_t *this)
controller_t *controller_create(void) controller_t *controller_create(void)
{ {
private_controller_t *this = malloc_thing(private_controller_t); private_controller_t *this = malloc_thing(private_controller_t);
this->public.create_ike_sa_enumerator = (enumerator_t*(*)(controller_t*))create_ike_sa_enumerator; this->public.create_ike_sa_enumerator = (enumerator_t*(*)(controller_t*))create_ike_sa_enumerator;
this->public.initiate = (status_t(*)(controller_t*,peer_cfg_t*,child_cfg_t*,controller_cb_t,void*))initiate; this->public.initiate = (status_t(*)(controller_t*,peer_cfg_t*,child_cfg_t*,controller_cb_t,void*))initiate;
this->public.terminate_ike = (status_t(*)(controller_t*,u_int32_t,controller_cb_t, void*))terminate_ike; this->public.terminate_ike = (status_t(*)(controller_t*,u_int32_t,controller_cb_t, void*))terminate_ike;
this->public.terminate_child = (status_t(*)(controller_t*,u_int32_t,controller_cb_t, void *param))terminate_child; this->public.terminate_child = (status_t(*)(controller_t*,u_int32_t,controller_cb_t, void *param))terminate_child;
this->public.destroy = (void (*)(controller_t*))destroy; this->public.destroy = (void (*)(controller_t*))destroy;
return &this->public; return &this->public;
} }

12
src/charon/control/controller.h
View File

@ -95,7 +95,7 @@ struct controller_t {
* Terminate an IKE_SA and all of its CHILD_SAs. * Terminate an IKE_SA and all of its CHILD_SAs.
* *
* The terminate() function is synchronous and thus blocks until the * The terminate() function is synchronous and thus blocks until the
* IKE_SA is properly deleted, or the delete timed out. * IKE_SA is properly deleted, or the delete timed out.
* The terminate() function contains a thread cancellation point. * The terminate() function contains a thread cancellation point.
* *
* @param unique_id unique id of the IKE_SA to terminate. * @param unique_id unique id of the IKE_SA to terminate.
@ -106,9 +106,9 @@ struct controller_t {
* - NOT_FOUND, if no such CHILD_SA found * - NOT_FOUND, if no such CHILD_SA found
* - NEED_MORE, if callback returned FALSE * - NEED_MORE, if callback returned FALSE
*/ */
status_t (*terminate_ike)(controller_t *this, u_int32_t unique_id, status_t (*terminate_ike)(controller_t *this, u_int32_t unique_id,
controller_cb_t callback, void *param); controller_cb_t callback, void *param);
/** /**
* Terminate a CHILD_SA. * Terminate a CHILD_SA.
* *
@ -120,9 +120,9 @@ struct controller_t {
* - NOT_FOUND, if no such CHILD_SA found * - NOT_FOUND, if no such CHILD_SA found
* - NEED_MORE, if callback returned FALSE * - NEED_MORE, if callback returned FALSE
*/ */
status_t (*terminate_child)(controller_t *this, u_int32_t reqid, status_t (*terminate_child)(controller_t *this, u_int32_t reqid,
controller_cb_t callback, void *param); controller_cb_t callback, void *param);
/** /**
* Destroy a controller_t instance. * Destroy a controller_t instance.
*/ */
@ -132,7 +132,7 @@ struct controller_t {
/** /**
* Creates a controller instance. * Creates a controller instance.
* *
* @return controller_t object * @return controller_t object
*/ */
controller_t *controller_create(void); controller_t *controller_create(void);

148
src/charon/credentials/credential_manager.c
View File

@ -41,27 +41,27 @@ struct private_credential_manager_t {
* public functions * public functions
*/ */
credential_manager_t public; credential_manager_t public;
/** /**
* list of credential sets * list of credential sets
*/ */
linked_list_t *sets; linked_list_t *sets;
/** /**
* thread local set of credentials, linked_list_t with credential_set_t's * thread local set of credentials, linked_list_t with credential_set_t's
*/ */
pthread_key_t local_sets; pthread_key_t local_sets;
/** /**
* trust relationship and certificate cache * trust relationship and certificate cache
*/ */
cert_cache_t *cache; cert_cache_t *cache;
/** /**
* certificates queued for persistent caching * certificates queued for persistent caching
*/ */
linked_list_t *cache_queue; linked_list_t *cache_queue;
/** /**
* read-write lock to sets list * read-write lock to sets list
*/ */
@ -149,7 +149,7 @@ static enumerator_t *create_sets_enumerator(private_credential_manager_t *this)
{ {
linked_list_t *local; linked_list_t *local;
sets_enumerator_t *enumerator = malloc_thing(sets_enumerator_t); sets_enumerator_t *enumerator = malloc_thing(sets_enumerator_t);
enumerator->public.enumerate = (void*)sets_enumerator_enumerate; enumerator->public.enumerate = (void*)sets_enumerator_enumerate;
enumerator->public.destroy = (void*)sets_enumerator_destroy; enumerator->public.destroy = (void*)sets_enumerator_destroy;
enumerator->global = this->sets->create_enumerator(this->sets); enumerator->global = this->sets->create_enumerator(this->sets);
@ -176,7 +176,7 @@ static void destroy_cert_data(cert_data_t *data)
*/ */
static enumerator_t *create_cert(credential_set_t *set, cert_data_t *data) static enumerator_t *create_cert(credential_set_t *set, cert_data_t *data)
{ {
return set->create_cert_enumerator(set, data->cert, data->key, return set->create_cert_enumerator(set, data->cert, data->key,
data->id, data->trusted); data->id, data->trusted);
} }
@ -193,7 +193,7 @@ static enumerator_t *create_cert_enumerator(private_credential_manager_t *this,
data->key = key; data->key = key;
data->id = id; data->id = id;
data->trusted = trusted; data->trusted = trusted;
this->lock->read_lock(this->lock); this->lock->read_lock(this->lock);
return enumerator_create_nested(create_sets_enumerator(this), return enumerator_create_nested(create_sets_enumerator(this),
(void*)create_cert, data, (void*)create_cert, data,
@ -209,7 +209,7 @@ static certificate_t *get_cert(private_credential_manager_t *this,
{ {
certificate_t *current, *found = NULL; certificate_t *current, *found = NULL;
enumerator_t *enumerator; enumerator_t *enumerator;
enumerator = create_cert_enumerator(this, cert, key, id, trusted); enumerator = create_cert_enumerator(this, cert, key, id, trusted);
if (enumerator->enumerate(enumerator, &current)) if (enumerator->enumerate(enumerator, &current))
{ {
@ -247,7 +247,7 @@ static enumerator_t * create_cdp_enumerator(private_credential_manager_t *this,
data->this = this; data->this = this;
data->type = type; data->type = type;
data->id = id; data->id = id;
this->lock->read_lock(this->lock); this->lock->read_lock(this->lock);
return enumerator_create_nested(create_sets_enumerator(this), return enumerator_create_nested(create_sets_enumerator(this),
(void*)create_cdp, data, (void*)create_cdp, data,
@ -279,7 +279,7 @@ static enumerator_t* create_private_enumerator(
key_type_t key, identification_t *keyid) key_type_t key, identification_t *keyid)
{ {
private_data_t *data; private_data_t *data;
data = malloc_thing(private_data_t); data = malloc_thing(private_data_t);
data->this = this; data->this = this;
data->type = key; data->type = key;
@ -292,13 +292,13 @@ static enumerator_t* create_private_enumerator(
/** /**
* Implementation of credential_manager_t.get_private_by_keyid. * Implementation of credential_manager_t.get_private_by_keyid.
*/ */
static private_key_t *get_private_by_keyid(private_credential_manager_t *this, static private_key_t *get_private_by_keyid(private_credential_manager_t *this,
key_type_t key, identification_t *keyid) key_type_t key, identification_t *keyid)
{ {
private_key_t *found = NULL; private_key_t *found = NULL;
enumerator_t *enumerator; enumerator_t *enumerator;
enumerator = create_private_enumerator(this, key, keyid); enumerator = create_private_enumerator(this, key, keyid);
if (enumerator->enumerate(enumerator, &found)) if (enumerator->enumerate(enumerator, &found))
{ {
@ -328,7 +328,7 @@ static enumerator_t *create_shared(credential_set_t *set, shared_data_t *data)
/** /**
* Implementation of credential_manager_t.create_shared_enumerator. * Implementation of credential_manager_t.create_shared_enumerator.
*/ */
static enumerator_t *create_shared_enumerator(private_credential_manager_t *this, static enumerator_t *create_shared_enumerator(private_credential_manager_t *this,
shared_key_type_t type, shared_key_type_t type,
identification_t *me, identification_t *other) identification_t *me, identification_t *other)
{ {
@ -337,16 +337,16 @@ static enumerator_t *create_shared_enumerator(private_credential_manager_t *this
data->type = type; data->type = type;
data->me = me; data->me = me;
data->other = other; data->other = other;
this->lock->read_lock(this->lock); this->lock->read_lock(this->lock);
return enumerator_create_nested(create_sets_enumerator(this), return enumerator_create_nested(create_sets_enumerator(this),
(void*)create_shared, data, (void*)create_shared, data,
(void*)destroy_shared_data); (void*)destroy_shared_data);
} }
/** /**
* Implementation of credential_manager_t.get_shared. * Implementation of credential_manager_t.get_shared.
*/ */
static shared_key_t *get_shared(private_credential_manager_t *this, static shared_key_t *get_shared(private_credential_manager_t *this,
shared_key_type_t type, identification_t *me, shared_key_type_t type, identification_t *me,
identification_t *other) identification_t *other)
@ -355,7 +355,7 @@ static shared_key_t *get_shared(private_credential_manager_t *this,
id_match_t *best_me = ID_MATCH_NONE, *best_other = ID_MATCH_NONE; id_match_t *best_me = ID_MATCH_NONE, *best_other = ID_MATCH_NONE;
id_match_t *match_me, *match_other; id_match_t *match_me, *match_other;
enumerator_t *enumerator; enumerator_t *enumerator;
enumerator = create_shared_enumerator(this, type, me, other); enumerator = create_shared_enumerator(this, type, me, other);
while (enumerator->enumerate(enumerator, &current, &match_me, &match_other)) while (enumerator->enumerate(enumerator, &current, &match_me, &match_other))
{ {
@ -396,7 +396,7 @@ static void remove_local_set(private_credential_manager_t *this,
credential_set_t *set) credential_set_t *set)
{ {
linked_list_t *sets; linked_list_t *sets;
sets = pthread_getspecific(this->local_sets); sets = pthread_getspecific(this->local_sets);
sets->remove(sets, set, NULL); sets->remove(sets, set, NULL);
} }
@ -408,7 +408,7 @@ static void cache_cert(private_credential_manager_t *this, certificate_t *cert)
{ {
credential_set_t *set; credential_set_t *set;
enumerator_t *enumerator; enumerator_t *enumerator;
if (this->lock->try_write_lock(this->lock)) if (this->lock->try_write_lock(this->lock))
{ {
enumerator = this->sets->create_enumerator(this->sets); enumerator = this->sets->create_enumerator(this->sets);
@ -434,7 +434,7 @@ static void cache_queue(private_credential_manager_t *this)
credential_set_t *set; credential_set_t *set;
certificate_t *cert; certificate_t *cert;
enumerator_t *enumerator; enumerator_t *enumerator;
if (this->cache_queue->get_count(this->cache_queue) > 0 && if (this->cache_queue->get_count(this->cache_queue) > 0 &&
this->lock->try_write_lock(this->lock)) this->lock->try_write_lock(this->lock))
{ {
@ -454,7 +454,7 @@ static void cache_queue(private_credential_manager_t *this)
} }
/** /**
* forward declaration * forward declaration
*/ */
static enumerator_t *create_trusted_enumerator(private_credential_manager_t *this, static enumerator_t *create_trusted_enumerator(private_credential_manager_t *this,
key_type_t type, identification_t *id, bool crl, bool ocsp); key_type_t type, identification_t *id, bool crl, bool ocsp);
@ -467,7 +467,7 @@ static certificate_t *fetch_ocsp(private_credential_manager_t *this, char *url,
{ {
certificate_t *request, *response; certificate_t *request, *response;
chunk_t send, receive; chunk_t send, receive;
/* TODO: requestor name, signature */ /* TODO: requestor name, signature */
request = lib->creds->create(lib->creds, request = lib->creds->create(lib->creds,
CRED_CERTIFICATE, CERT_X509_OCSP_REQUEST, CRED_CERTIFICATE, CERT_X509_OCSP_REQUEST,
@ -478,12 +478,12 @@ static certificate_t *fetch_ocsp(private_credential_manager_t *this, char *url,
DBG1(DBG_CFG, "generating ocsp request failed"); DBG1(DBG_CFG, "generating ocsp request failed");
return NULL; return NULL;
} }
send = request->get_encoding(request); send = request->get_encoding(request);
request->destroy(request); request->destroy(request);
DBG1(DBG_CFG, " requesting ocsp status from '%s' ...", url); DBG1(DBG_CFG, " requesting ocsp status from '%s' ...", url);
if (lib->fetcher->fetch(lib->fetcher, url, &receive, if (lib->fetcher->fetch(lib->fetcher, url, &receive,
FETCH_REQUEST_DATA, send, FETCH_REQUEST_DATA, send,
FETCH_REQUEST_TYPE, "application/ocsp-request", FETCH_REQUEST_TYPE, "application/ocsp-request",
FETCH_END) != SUCCESS) FETCH_END) != SUCCESS)
@ -493,7 +493,7 @@ static certificate_t *fetch_ocsp(private_credential_manager_t *this, char *url,
return NULL; return NULL;
} }
chunk_free(&send); chunk_free(&send);
response = lib->creds->create(lib->creds, response = lib->creds->create(lib->creds,
CRED_CERTIFICATE, CERT_X509_OCSP_RESPONSE, CRED_CERTIFICATE, CERT_X509_OCSP_RESPONSE,
BUILD_BLOB_ASN1_DER, receive, BUILD_END); BUILD_BLOB_ASN1_DER, receive, BUILD_END);
@ -507,9 +507,9 @@ static certificate_t *fetch_ocsp(private_credential_manager_t *this, char *url,
} }
/** /**
* check the signature of an OCSP response * check the signature of an OCSP response
*/ */
static bool verify_ocsp(private_credential_manager_t *this, static bool verify_ocsp(private_credential_manager_t *this,
ocsp_response_t *response) ocsp_response_t *response)
{ {
certificate_t *issuer, *subject; certificate_t *issuer, *subject;
@ -520,7 +520,7 @@ static bool verify_ocsp(private_credential_manager_t *this,
wrapper = ocsp_response_wrapper_create((ocsp_response_t*)response); wrapper = ocsp_response_wrapper_create((ocsp_response_t*)response);
add_local_set(this, &wrapper->set); add_local_set(this, &wrapper->set);
subject = &response->certificate; subject = &response->certificate;
responder = subject->get_issuer(subject); responder = subject->get_issuer(subject);
enumerator = create_trusted_enumerator(this, KEY_ANY, responder, FALSE, FALSE); enumerator = create_trusted_enumerator(this, KEY_ANY, responder, FALSE, FALSE);
@ -535,7 +535,7 @@ static bool verify_ocsp(private_credential_manager_t *this,
} }
} }
enumerator->destroy(enumerator); enumerator->destroy(enumerator);
remove_local_set(this, &wrapper->set); remove_local_set(this, &wrapper->set);
wrapper->destroy(wrapper); wrapper->destroy(wrapper);
return verified; return verified;
@ -553,7 +553,7 @@ static certificate_t *get_better_ocsp(private_credential_manager_t *this,
time_t revocation, this_update, next_update, valid_until; time_t revocation, this_update, next_update, valid_until;
crl_reason_t reason; crl_reason_t reason;
bool revoked = FALSE; bool revoked = FALSE;
response = (ocsp_response_t*)cand; response = (ocsp_response_t*)cand;
/* check ocsp signature */ /* check ocsp signature */
@ -622,7 +622,7 @@ static certificate_t *get_better_ocsp(private_credential_manager_t *this,
* validate a x509 certificate using OCSP * validate a x509 certificate using OCSP
*/ */
static cert_validation_t check_ocsp(private_credential_manager_t *this, static cert_validation_t check_ocsp(private_credential_manager_t *this,
x509_t *subject, x509_t *issuer, x509_t *subject, x509_t *issuer,
auth_cfg_t *auth) auth_cfg_t *auth)
{ {
enumerator_t *enumerator; enumerator_t *enumerator;
@ -632,7 +632,7 @@ static cert_validation_t check_ocsp(private_credential_manager_t *this,
public_key_t *public; public_key_t *public;
chunk_t chunk; chunk_t chunk;
char *uri = NULL; char *uri = NULL;
/** lookup cache for valid OCSP responses */ /** lookup cache for valid OCSP responses */
enumerator = create_cert_enumerator(this, CERT_X509_OCSP_RESPONSE, enumerator = create_cert_enumerator(this, CERT_X509_OCSP_RESPONSE,
KEY_ANY, NULL, FALSE); KEY_ANY, NULL, FALSE);
@ -648,7 +648,7 @@ static cert_validation_t check_ocsp(private_credential_manager_t *this,
} }
} }
enumerator->destroy(enumerator); enumerator->destroy(enumerator);
/* derive the authorityKeyIdentifier from the issuer's public key */ /* derive the authorityKeyIdentifier from the issuer's public key */
current = &issuer->interface; current = &issuer->interface;
public = current->get_public_key(current); public = current->get_public_key(current);
@ -723,7 +723,7 @@ static certificate_t* fetch_crl(private_credential_manager_t *this, char *url)
{ {
certificate_t *crl; certificate_t *crl;
chunk_t chunk; chunk_t chunk;
DBG1(DBG_CFG, " fetching crl from '%s' ...", url); DBG1(DBG_CFG, " fetching crl from '%s' ...", url);
if (lib->fetcher->fetch(lib->fetcher, url, &chunk, FETCH_END) != SUCCESS) if (lib->fetcher->fetch(lib->fetcher, url, &chunk, FETCH_END) != SUCCESS)
{ {
@ -749,7 +749,7 @@ static bool verify_crl(private_credential_manager_t *this, certificate_t *crl)
certificate_t *issuer; certificate_t *issuer;
enumerator_t *enumerator; enumerator_t *enumerator;
bool verified = FALSE; bool verified = FALSE;
enumerator = create_trusted_enumerator(this, KEY_ANY, crl->get_issuer(crl), enumerator = create_trusted_enumerator(this, KEY_ANY, crl->get_issuer(crl),
FALSE, FALSE); FALSE, FALSE);
while (enumerator->enumerate(enumerator, &issuer, NULL)) while (enumerator->enumerate(enumerator, &issuer, NULL))
@ -763,7 +763,7 @@ static bool verify_crl(private_credential_manager_t *this, certificate_t *crl)
} }
} }
enumerator->destroy(enumerator); enumerator->destroy(enumerator);
return verified; return verified;
} }
@ -788,7 +788,7 @@ static certificate_t *get_better_crl(private_credential_manager_t *this,
cand->destroy(cand); cand->destroy(cand);
return best; return best;
} }
crl = (crl_t*)cand; crl = (crl_t*)cand;
enumerator = crl->create_enumerator(crl); enumerator = crl->create_enumerator(crl);
while (enumerator->enumerate(enumerator, &serial, &revocation, &reason)) while (enumerator->enumerate(enumerator, &serial, &revocation, &reason))
@ -837,7 +837,7 @@ static certificate_t *get_better_crl(private_credential_manager_t *this,
* validate a x509 certificate using CRL * validate a x509 certificate using CRL
*/ */
static cert_validation_t check_crl(private_credential_manager_t *this, static cert_validation_t check_crl(private_credential_manager_t *this,
x509_t *subject, x509_t *issuer, x509_t *subject, x509_t *issuer,
auth_cfg_t *auth) auth_cfg_t *auth)
{ {
cert_validation_t valid = VALIDATION_SKIPPED; cert_validation_t valid = VALIDATION_SKIPPED;
@ -848,16 +848,16 @@ static cert_validation_t check_crl(private_credential_manager_t *this,
enumerator_t *enumerator; enumerator_t *enumerator;
chunk_t chunk; chunk_t chunk;
char *uri = NULL; char *uri = NULL;
/* derive the authorityKeyIdentifier from the issuer's public key */ /* derive the authorityKeyIdentifier from the issuer's public key */
current = &issuer->interface; current = &issuer->interface;
public = current->get_public_key(current); public = current->get_public_key(current);
if (public && public->get_fingerprint(public, KEY_ID_PUBKEY_SHA1, &chunk)) if (public && public->get_fingerprint(public, KEY_ID_PUBKEY_SHA1, &chunk))
{ {
keyid = identification_create_from_encoding(ID_KEY_ID, chunk); keyid = identification_create_from_encoding(ID_KEY_ID, chunk);
/* find a cached crl by authorityKeyIdentifier */ /* find a cached crl by authorityKeyIdentifier */
enumerator = create_cert_enumerator(this, CERT_X509_CRL, KEY_ANY, enumerator = create_cert_enumerator(this, CERT_X509_CRL, KEY_ANY,
keyid, FALSE); keyid, FALSE);
while (enumerator->enumerate(enumerator, &current)) while (enumerator->enumerate(enumerator, &current))
{ {
@ -871,12 +871,12 @@ static cert_validation_t check_crl(private_credential_manager_t *this,
} }
} }
enumerator->destroy(enumerator); enumerator->destroy(enumerator);
/* fallback to fetching crls from credential sets cdps */ /* fallback to fetching crls from credential sets cdps */
if (valid != VALIDATION_GOOD && valid != VALIDATION_REVOKED) if (valid != VALIDATION_GOOD && valid != VALIDATION_REVOKED)
{ {
enumerator = create_cdp_enumerator(this, CERT_X509_CRL, keyid); enumerator = create_cdp_enumerator(this, CERT_X509_CRL, keyid);
while (enumerator->enumerate(enumerator, &uri)) while (enumerator->enumerate(enumerator, &uri))
{ {
current = fetch_crl(this, uri); current = fetch_crl(this, uri);
@ -895,12 +895,12 @@ static cert_validation_t check_crl(private_credential_manager_t *this,
keyid->destroy(keyid); keyid->destroy(keyid);
} }
DESTROY_IF(public); DESTROY_IF(public);
/* fallback to fetching crls from cdps from subject's certificate */ /* fallback to fetching crls from cdps from subject's certificate */
if (valid != VALIDATION_GOOD && valid != VALIDATION_REVOKED) if (valid != VALIDATION_GOOD && valid != VALIDATION_REVOKED)
{ {
enumerator = subject->create_crl_uri_enumerator(subject); enumerator = subject->create_crl_uri_enumerator(subject);
while (enumerator->enumerate(enumerator, &uri)) while (enumerator->enumerate(enumerator, &uri))
{ {
current = fetch_crl(this, uri); current = fetch_crl(this, uri);
@ -916,7 +916,7 @@ static cert_validation_t check_crl(private_credential_manager_t *this,
} }
enumerator->destroy(enumerator); enumerator->destroy(enumerator);
} }
/* an uri was found, but no result. switch validation state to failed */ /* an uri was found, but no result. switch validation state to failed */
if (valid == VALIDATION_SKIPPED && uri) if (valid == VALIDATION_SKIPPED && uri)
{ {
@ -947,7 +947,7 @@ static bool check_certificate(private_credential_manager_t *this,
bool crl, bool ocsp, auth_cfg_t *auth) bool crl, bool ocsp, auth_cfg_t *auth)
{ {
time_t not_before, not_after; time_t not_before, not_after;
if (!subject->get_validity(subject, NULL, &not_before, &not_after)) if (!subject->get_validity(subject, NULL, &not_before, &not_after))
{ {
DBG1(DBG_CFG, "subject certificate invalid (valid from %T to %T)", DBG1(DBG_CFG, "subject certificate invalid (valid from %T to %T)",
@ -1020,7 +1020,7 @@ static certificate_t *get_pretrusted_cert(private_credential_manager_t *this,
{ {
certificate_t *subject; certificate_t *subject;
public_key_t *public; public_key_t *public;
subject = get_cert(this, CERT_ANY, type, id, TRUE); subject = get_cert(this, CERT_ANY, type, id, TRUE);
if (!subject) if (!subject)
{ {
@ -1044,8 +1044,8 @@ static certificate_t *get_issuer_cert(private_credential_manager_t *this,
{ {
enumerator_t *enumerator; enumerator_t *enumerator;
certificate_t *issuer = NULL, *candidate; certificate_t *issuer = NULL, *candidate;
enumerator = create_cert_enumerator(this, subject->get_type(subject), KEY_ANY, enumerator = create_cert_enumerator(this, subject->get_type(subject), KEY_ANY,
subject->get_issuer(subject), trusted); subject->get_issuer(subject), trusted);
while (enumerator->enumerate(enumerator, &candidate)) while (enumerator->enumerate(enumerator, &candidate))
{ {
@ -1069,7 +1069,7 @@ static bool verify_trust_chain(private_credential_manager_t *this,
certificate_t *current, *issuer; certificate_t *current, *issuer;
auth_cfg_t *auth; auth_cfg_t *auth;
u_int level = 0; u_int level = 0;
auth = auth_cfg_create(); auth = auth_cfg_create();
current = subject->get_ref(subject); current = subject->get_ref(subject);
while (level++ < MAX_CA_LEVELS) while (level++ < MAX_CA_LEVELS)
@ -1110,7 +1110,7 @@ static bool verify_trust_chain(private_credential_manager_t *this,
} }
else else
{ {
DBG1(DBG_CFG, "no issuer certificate found for \"%Y\"", DBG1(DBG_CFG, "no issuer certificate found for \"%Y\"",
current->get_subject(current)); current->get_subject(current));
break; break;
} }
@ -1173,10 +1173,10 @@ static bool trusted_enumerate(trusted_enumerator_t *this,
certificate_t **cert, auth_cfg_t **auth) certificate_t **cert, auth_cfg_t **auth)
{ {
certificate_t *current; certificate_t *current;
DESTROY_IF(this->auth); DESTROY_IF(this->auth);
this->auth = auth_cfg_create(); this->auth = auth_cfg_create();
if (!this->candidates) if (!this->candidates)
{ {
/* first invocation, build enumerator for next one */ /* first invocation, build enumerator for next one */
@ -1187,7 +1187,7 @@ static bool trusted_enumerate(trusted_enumerator_t *this,
if (this->pretrusted) if (this->pretrusted)
{ {
/* if we find a trusted self signed certificate, we just accept it. /* if we find a trusted self signed certificate, we just accept it.
* However, in order to fulfill authorization rules, we try to build * However, in order to fulfill authorization rules, we try to build
* the trust chain if it is not self signed */ * the trust chain if it is not self signed */
if (this->this->cache->issued_by(this->this->cache, if (this->this->cache->issued_by(this->this->cache,
this->pretrusted, this->pretrusted) || this->pretrusted, this->pretrusted) ||
@ -1215,7 +1215,7 @@ static bool trusted_enumerate(trusted_enumerator_t *this,
{ /* skip pretrusted certificate we already served */ { /* skip pretrusted certificate we already served */
continue; continue;
} }
DBG1(DBG_CFG, " using certificate \"%Y\"", DBG1(DBG_CFG, " using certificate \"%Y\"",
current->get_subject(current)); current->get_subject(current));
if (verify_trust_chain(this->this, current, this->auth, FALSE, if (verify_trust_chain(this->this, current, this->auth, FALSE,
@ -1250,10 +1250,10 @@ static enumerator_t *create_trusted_enumerator(private_credential_manager_t *thi
key_type_t type, identification_t *id, bool crl, bool ocsp) key_type_t type, identification_t *id, bool crl, bool ocsp)
{ {
trusted_enumerator_t *enumerator = malloc_thing(trusted_enumerator_t); trusted_enumerator_t *enumerator = malloc_thing(trusted_enumerator_t);
enumerator->public.enumerate = (void*)trusted_enumerate; enumerator->public.enumerate = (void*)trusted_enumerate;
enumerator->public.destroy = (void*)trusted_destroy; enumerator->public.destroy = (void*)trusted_destroy;
enumerator->candidates = NULL; enumerator->candidates = NULL;
enumerator->this = this; enumerator->this = this;
enumerator->type = type; enumerator->type = type;
@ -1262,7 +1262,7 @@ static enumerator_t *create_trusted_enumerator(private_credential_manager_t *thi
enumerator->ocsp = ocsp; enumerator->ocsp = ocsp;
enumerator->pretrusted = NULL; enumerator->pretrusted = NULL;
enumerator->auth = NULL; enumerator->auth = NULL;
return &enumerator->public; return &enumerator->public;
} }
@ -1289,7 +1289,7 @@ static bool public_enumerate(public_enumerator_t *this,
public_key_t **key, auth_cfg_t **auth) public_key_t **key, auth_cfg_t **auth)
{ {
certificate_t *cert; certificate_t *cert;
while (this->inner->enumerate(this->inner, &cert, auth)) while (this->inner->enumerate(this->inner, &cert, auth))
{ {
DESTROY_IF(this->current); DESTROY_IF(this->current);
@ -1316,7 +1316,7 @@ static void public_destroy(public_enumerator_t *this)
this->wrapper->destroy(this->wrapper); this->wrapper->destroy(this->wrapper);
} }
this->this->lock->unlock(this->this->lock); this->this->lock->unlock(this->this->lock);
/* check for delayed certificate cache queue */ /* check for delayed certificate cache queue */
cache_queue(this->this); cache_queue(this->this);
free(this); free(this);
@ -1329,7 +1329,7 @@ static enumerator_t* create_public_enumerator(private_credential_manager_t *this
key_type_t type, identification_t *id, auth_cfg_t *auth) key_type_t type, identification_t *id, auth_cfg_t *auth)
{ {
public_enumerator_t *enumerator = malloc_thing(public_enumerator_t); public_enumerator_t *enumerator = malloc_thing(public_enumerator_t);
enumerator->public.enumerate = (void*)public_enumerate; enumerator->public.enumerate = (void*)public_enumerate;
enumerator->public.destroy = (void*)public_destroy; enumerator->public.destroy = (void*)public_destroy;
enumerator->inner = create_trusted_enumerator(this, type, id, TRUE, TRUE); enumerator->inner = create_trusted_enumerator(this, type, id, TRUE, TRUE);
@ -1374,13 +1374,13 @@ static bool auth_contains_cacert(auth_cfg_t *auth, certificate_t *cert)
*/ */
static auth_cfg_t *build_trustchain(private_credential_manager_t *this, static auth_cfg_t *build_trustchain(private_credential_manager_t *this,
certificate_t *subject, auth_cfg_t *auth) certificate_t *subject, auth_cfg_t *auth)
{ {
certificate_t *issuer, *current; certificate_t *issuer, *current;
auth_cfg_t *trustchain; auth_cfg_t *trustchain;
u_int level = 0; u_int level = 0;
trustchain = auth_cfg_create(); trustchain = auth_cfg_create();
current = auth->get(auth, AUTH_RULE_CA_CERT); current = auth->get(auth, AUTH_RULE_CA_CERT);
if (!current) if (!current)
{ {
@ -1428,7 +1428,7 @@ static private_key_t *get_private_by_cert(private_credential_manager_t *this,
identification_t *keyid; identification_t *keyid;
chunk_t chunk; chunk_t chunk;
public_key_t *public; public_key_t *public;
public = cert->get_public_key(cert); public = cert->get_public_key(cert);
if (public) if (public)
{ {
@ -1454,13 +1454,13 @@ static private_key_t *get_private(private_credential_manager_t *this,
certificate_t *cert; certificate_t *cert;
private_key_t *private = NULL; private_key_t *private = NULL;
auth_cfg_t *trustchain; auth_cfg_t *trustchain;
/* check if this is a lookup by key ID, and do it if so */ /* check if this is a lookup by key ID, and do it if so */
if (id && id->get_type(id) == ID_KEY_ID) if (id && id->get_type(id) == ID_KEY_ID)
{ {
return get_private_by_keyid(this, type, id); return get_private_by_keyid(this, type, id);
} }
/* if a specific certificate is preferred, check for a matching key */ /* if a specific certificate is preferred, check for a matching key */
cert = auth->get(auth, AUTH_RULE_SUBJECT_CERT); cert = auth->get(auth, AUTH_RULE_SUBJECT_CERT);
if (cert) if (cert)
@ -1477,7 +1477,7 @@ static private_key_t *get_private(private_credential_manager_t *this,
return private; return private;
} }
} }
/* try to build a trust chain for each certificate found */ /* try to build a trust chain for each certificate found */
enumerator = create_cert_enumerator(this, CERT_ANY, type, id, FALSE); enumerator = create_cert_enumerator(this, CERT_ANY, type, id, FALSE);
while (enumerator->enumerate(enumerator, &cert)) while (enumerator->enumerate(enumerator, &cert))
@ -1497,7 +1497,7 @@ static private_key_t *get_private(private_credential_manager_t *this,
} }
} }
enumerator->destroy(enumerator); enumerator->destroy(enumerator);
/* if no valid trustchain was found, fall back to the first usable cert */ /* if no valid trustchain was found, fall back to the first usable cert */
if (!private) if (!private)
{ {
@ -1567,7 +1567,7 @@ static void destroy(private_credential_manager_t *this)
credential_manager_t *credential_manager_create() credential_manager_t *credential_manager_create()
{ {
private_credential_manager_t *this = malloc_thing(private_credential_manager_t); private_credential_manager_t *this = malloc_thing(private_credential_manager_t);
this->public.create_cert_enumerator = (enumerator_t *(*)(credential_manager_t *this,certificate_type_t cert, key_type_t key,identification_t *id,bool))create_cert_enumerator; this->public.create_cert_enumerator = (enumerator_t *(*)(credential_manager_t *this,certificate_type_t cert, key_type_t key,identification_t *id,bool))create_cert_enumerator;
this->public.create_shared_enumerator = (enumerator_t *(*)(credential_manager_t *this, shared_key_type_t type,identification_t *me, identification_t *other))create_shared_enumerator; this->public.create_shared_enumerator = (enumerator_t *(*)(credential_manager_t *this, shared_key_type_t type,identification_t *me, identification_t *other))create_shared_enumerator;
this->public.create_cdp_enumerator = (enumerator_t *(*)(credential_manager_t*, certificate_type_t type, identification_t *id))create_cdp_enumerator; this->public.create_cdp_enumerator = (enumerator_t *(*)(credential_manager_t*, certificate_type_t type, identification_t *id))create_cdp_enumerator;
@ -1580,14 +1580,14 @@ credential_manager_t *credential_manager_create()
this->public.add_set = (void(*)(credential_manager_t*, credential_set_t *set))add_set; this->public.add_set = (void(*)(credential_manager_t*, credential_set_t *set))add_set;
this->public.remove_set = (void(*)(credential_manager_t*, credential_set_t *set))remove_set; this->public.remove_set = (void(*)(credential_manager_t*, credential_set_t *set))remove_set;
this->public.destroy = (void(*)(credential_manager_t*))destroy; this->public.destroy = (void(*)(credential_manager_t*))destroy;
this->sets = linked_list_create(); this->sets = linked_list_create();
pthread_key_create(&this->local_sets, (void*)this->sets->destroy); pthread_key_create(&this->local_sets, (void*)this->sets->destroy);
this->cache = cert_cache_create(); this->cache = cert_cache_create();
this->cache_queue = linked_list_create(); this->cache_queue = linked_list_create();
this->sets->insert_first(this->sets, this->cache); this->sets->insert_first(this->sets, this->cache);
this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT); this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT);
return &this->public; return &this->public;
} }

30
src/charon/credentials/credential_manager.h
View File

@ -36,11 +36,11 @@ typedef struct credential_manager_t credential_manager_t;
* *
* The credential manager is the entry point of the credential framework. It * The credential manager is the entry point of the credential framework. It
* uses so called "sets" to access credentials in a modular fashion, these * uses so called "sets" to access credentials in a modular fashion, these
* are implemented through the credential_set_t interface. * are implemented through the credential_set_t interface.
* The manager additionally does trust chain verification and trust status * The manager additionally does trust chain verification and trust status
* chaching. A set may call the managers methods if it needs credentials itself, * chaching. A set may call the managers methods if it needs credentials itself,
* the manager uses recursive locking. * the manager uses recursive locking.
* *
* @verbatim * @verbatim
+-------+ +----------------+ +-------+ +----------------+
@ -58,14 +58,14 @@ typedef struct credential_manager_t credential_manager_t;
| o | may be recursive | o | may be recursive
| r | | r |
+-------+ +-------+
@endverbatim @endverbatim
* *
* The credential manager uses rwlocks for performance reasons, credential * The credential manager uses rwlocks for performance reasons, credential
* sets must be fully thread save. * sets must be fully thread save.
*/ */
struct credential_manager_t { struct credential_manager_t {
/** /**
* Create an enumerator over all certificates. * Create an enumerator over all certificates.
* *
@ -90,7 +90,7 @@ struct credential_manager_t {
* @param second second subject between key is shared * @param second second subject between key is shared
* @return enumerator over shared keys * @return enumerator over shared keys
*/ */
enumerator_t *(*create_shared_enumerator)(credential_manager_t *this, enumerator_t *(*create_shared_enumerator)(credential_manager_t *this,
shared_key_type_t type, shared_key_type_t type,
identification_t *first, identification_t *second); identification_t *first, identification_t *second);
/** /**
@ -121,14 +121,14 @@ struct credential_manager_t {
* @param me own identity * @param me own identity
* @param other peers identity * @param other peers identity
* @return shared_key_t, NULL if none found * @return shared_key_t, NULL if none found
*/ */
shared_key_t *(*get_shared)(credential_manager_t *this, shared_key_type_t type, shared_key_t *(*get_shared)(credential_manager_t *this, shared_key_type_t type,
identification_t *me, identification_t *other); identification_t *me, identification_t *other);
/** /**
* Get a private key to create a signature. * Get a private key to create a signature.
* *
* The get_private() method gets a secret private key identified by either * The get_private() method gets a secret private key identified by either
* the keyid itself or an id the key belongs to. * the keyid itself or an id the key belongs to.
* The auth parameter contains additional information, such as receipients * The auth parameter contains additional information, such as receipients
* trusted CA certs. Auth gets filled with subject and CA certificates * trusted CA certs. Auth gets filled with subject and CA certificates
* needed to validate a created signature. * needed to validate a created signature.
@ -140,12 +140,12 @@ struct credential_manager_t {
*/ */
private_key_t* (*get_private)(credential_manager_t *this, key_type_t type, private_key_t* (*get_private)(credential_manager_t *this, key_type_t type,
identification_t *id, auth_cfg_t *auth); identification_t *id, auth_cfg_t *auth);
/** /**
* Create an enumerator over trusted public keys. * Create an enumerator over trusted public keys.
* *
* This method gets a an enumerator over trusted public keys to verify a * This method gets a an enumerator over trusted public keys to verify a
* signature created by id. The auth parameter contains additional * signature created by id. The auth parameter contains additional
* authentication infos, e.g. peer and intermediate certificates. * authentication infos, e.g. peer and intermediate certificates.
* The resulting enumerator enumerates over public_key_t *, auth_cfg_t *, * The resulting enumerator enumerates over public_key_t *, auth_cfg_t *,
* where the auth config helper contains rules for constraint checks. * where the auth config helper contains rules for constraint checks.
@ -157,14 +157,14 @@ struct credential_manager_t {
*/ */
enumerator_t* (*create_public_enumerator)(credential_manager_t *this, enumerator_t* (*create_public_enumerator)(credential_manager_t *this,
key_type_t type, identification_t *id, auth_cfg_t *auth); key_type_t type, identification_t *id, auth_cfg_t *auth);
/** /**
* Cache a certificate by invoking cache_cert() on all registerd sets. * Cache a certificate by invoking cache_cert() on all registerd sets.
* *
* @param cert certificate to cache * @param cert certificate to cache
*/ */
void (*cache_cert)(credential_manager_t *this, certificate_t *cert); void (*cache_cert)(credential_manager_t *this, certificate_t *cert);
/** /**
* Flush the certificate cache. * Flush the certificate cache.
* *
@ -174,21 +174,21 @@ struct credential_manager_t {
* @param type type of certificate to flush, or CERT_ANY * @param type type of certificate to flush, or CERT_ANY
*/ */
void (*flush_cache)(credential_manager_t *this, certificate_type_t type); void (*flush_cache)(credential_manager_t *this, certificate_type_t type);
/** /**
* Register a credential set to the manager. * Register a credential set to the manager.
* *
* @param set set to register * @param set set to register
*/ */
void (*add_set)(credential_manager_t *this, credential_set_t *set); void (*add_set)(credential_manager_t *this, credential_set_t *set);
/** /**
* Unregister a credential set from the manager. * Unregister a credential set from the manager.
* *
* @param set set to unregister * @param set set to unregister
*/ */
void (*remove_set)(credential_manager_t *this, credential_set_t *set); void (*remove_set)(credential_manager_t *this, credential_set_t *set);
/** /**
* Destroy a credential_manager instance. * Destroy a credential_manager instance.
*/ */

12
src/charon/credentials/credential_set.h
View File

@ -43,12 +43,12 @@ typedef struct credential_set_t credential_set_t;
* enumerator is alive, so it is save to use a write lock there. * enumerator is alive, so it is save to use a write lock there.
*/ */
struct credential_set_t { struct credential_set_t {
/** /**
* Create an enumerator over private keys (private_key_t). * Create an enumerator over private keys (private_key_t).
* *
* The id is either a key identifier of the requested key, or an identity * The id is either a key identifier of the requested key, or an identity
* of the key owner. * of the key owner.
* *
* @param type type of requested private key * @param type type of requested private key
* @param id key identifier/owner * @param id key identifier/owner
@ -80,10 +80,10 @@ struct credential_set_t {
* @param other other identity who owns that secret * @param other other identity who owns that secret
* @return enumerator as described above * @return enumerator as described above
*/ */
enumerator_t *(*create_shared_enumerator)(credential_set_t *this, enumerator_t *(*create_shared_enumerator)(credential_set_t *this,
shared_key_type_t type, shared_key_type_t type,
identification_t *me, identification_t *other); identification_t *me, identification_t *other);
/** /**
* Create an enumerator over certificate distribution points. * Create an enumerator over certificate distribution points.
* *
@ -93,7 +93,7 @@ struct credential_set_t {
*/ */
enumerator_t *(*create_cdp_enumerator)(credential_set_t *this, enumerator_t *(*create_cdp_enumerator)(credential_set_t *this,
certificate_type_t type, identification_t *id); certificate_type_t type, identification_t *id);
/** /**
* Cache a certificate in the credential set. * Cache a certificate in the credential set.
* *
@ -102,7 +102,7 @@ struct credential_set_t {
* *
* @param cert certificate to cache * @param cert certificate to cache
*/ */
void (*cache_cert)(credential_set_t *this, certificate_t *cert); void (*cache_cert)(credential_set_t *this, certificate_t *cert);
}; };
#endif /** CREDENTIAL_SET_H_ @}*/ #endif /** CREDENTIAL_SET_H_ @}*/

24
src/charon/credentials/sets/auth_cfg_wrapper.c
View File

@ -29,7 +29,7 @@ struct private_auth_cfg_wrapper_t {
* public functions * public functions
*/ */
auth_cfg_wrapper_t public; auth_cfg_wrapper_t public;
/** /**
* wrapped auth info * wrapped auth info
*/ */
@ -67,10 +67,10 @@ static bool fetch_cert(wrapper_enumerator_t *enumerator,
/* fetching the certificate previously failed */ /* fetching the certificate previously failed */
return FALSE; return FALSE;
} }
chunk_t data; chunk_t data;
certificate_t *cert; certificate_t *cert;
DBG1(DBG_CFG, " fetching certificate from '%s' ...", url); DBG1(DBG_CFG, " fetching certificate from '%s' ...", url);
if (lib->fetcher->fetch(lib->fetcher, url, &data, FETCH_END) != SUCCESS) if (lib->fetcher->fetch(lib->fetcher, url, &data, FETCH_END) != SUCCESS)
{ {
@ -80,11 +80,11 @@ static bool fetch_cert(wrapper_enumerator_t *enumerator,
*rule, NULL); *rule, NULL);
return FALSE; return FALSE;
} }
cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
BUILD_BLOB_ASN1_DER, data, BUILD_END); BUILD_BLOB_ASN1_DER, data, BUILD_END);
free(data.ptr); free(data.ptr);
if (!cert) if (!cert)
{ {
DBG1(DBG_CFG, " parsing fetched certificate failed"); DBG1(DBG_CFG, " parsing fetched certificate failed");
@ -93,10 +93,10 @@ static bool fetch_cert(wrapper_enumerator_t *enumerator,
*rule, NULL); *rule, NULL);
return FALSE; return FALSE;
} }
DBG1(DBG_CFG, " fetched certificate \"%Y\"", cert->get_subject(cert)); DBG1(DBG_CFG, " fetched certificate \"%Y\"", cert->get_subject(cert));
charon->credentials->cache_cert(charon->credentials, cert); charon->credentials->cache_cert(charon->credentials, cert);
if (*rule == AUTH_HELPER_IM_HASH_URL) if (*rule == AUTH_HELPER_IM_HASH_URL)
{ {
*rule = AUTH_HELPER_IM_CERT; *rule = AUTH_HELPER_IM_CERT;
@ -174,11 +174,11 @@ static void wrapper_enumerator_destroy(wrapper_enumerator_t *this)
* implementation of auth_cfg_wrapper_t.set.create_cert_enumerator * implementation of auth_cfg_wrapper_t.set.create_cert_enumerator
*/ */
static enumerator_t *create_enumerator(private_auth_cfg_wrapper_t *this, static enumerator_t *create_enumerator(private_auth_cfg_wrapper_t *this,
certificate_type_t cert, key_type_t key, certificate_type_t cert, key_type_t key,
identification_t *id, bool trusted) identification_t *id, bool trusted)
{ {
wrapper_enumerator_t *enumerator; wrapper_enumerator_t *enumerator;
if (trusted) if (trusted)
{ {
return NULL; return NULL;
@ -208,16 +208,16 @@ static void destroy(private_auth_cfg_wrapper_t *this)
auth_cfg_wrapper_t *auth_cfg_wrapper_create(auth_cfg_t *auth) auth_cfg_wrapper_t *auth_cfg_wrapper_create(auth_cfg_t *auth)
{ {
private_auth_cfg_wrapper_t *this = malloc_thing(private_auth_cfg_wrapper_t); private_auth_cfg_wrapper_t *this = malloc_thing(private_auth_cfg_wrapper_t);
this->public.set.create_private_enumerator = (void*)return_null; this->public.set.create_private_enumerator = (void*)return_null;
this->public.set.create_cert_enumerator = (void*)create_enumerator; this->public.set.create_cert_enumerator = (void*)create_enumerator;
this->public.set.create_shared_enumerator = (void*)return_null; this->public.set.create_shared_enumerator = (void*)return_null;
this->public.set.create_cdp_enumerator = (void*)return_null; this->public.set.create_cdp_enumerator = (void*)return_null;
this->public.set.cache_cert = (void*)nop; this->public.set.cache_cert = (void*)nop;
this->public.destroy = (void(*)(auth_cfg_wrapper_t*))destroy; this->public.destroy = (void(*)(auth_cfg_wrapper_t*))destroy;
this->auth = auth; this->auth = auth;
return &this->public; return &this->public;
} }

2
src/charon/credentials/sets/auth_cfg_wrapper.h
View File

@ -35,7 +35,7 @@ struct auth_cfg_wrapper_t {
* implements credential_set_t * implements credential_set_t
*/ */
credential_set_t set; credential_set_t set;
/** /**
* Destroy a auth_cfg_wrapper instance. * Destroy a auth_cfg_wrapper instance.
*/ */

44
src/charon/credentials/sets/cert_cache.c
View File

@ -35,22 +35,22 @@ typedef struct relation_t relation_t;
* A trusted relation between subject and issuer * A trusted relation between subject and issuer
*/ */
struct relation_t { struct relation_t {
/** /**
* subject of this relation * subject of this relation
*/ */
certificate_t *subject; certificate_t *subject;
/** /**
* issuer of this relation * issuer of this relation
*/ */
certificate_t *issuer; certificate_t *issuer;
/** /**
* Cache hits * Cache hits
*/ */
u_int hits; u_int hits;
/** /**
* Lock for this relation * Lock for this relation
*/ */
@ -61,12 +61,12 @@ struct relation_t {
* private data of cert_cache * private data of cert_cache
*/ */
struct private_cert_cache_t { struct private_cert_cache_t {
/** /**
* public functions * public functions
*/ */
cert_cache_t public; cert_cache_t public;
/** /**
* array of trusted subject-issuer relations * array of trusted subject-issuer relations
*/ */
@ -82,12 +82,12 @@ static void cache(private_cert_cache_t *this,
relation_t *rel; relation_t *rel;
int i, offset, try; int i, offset, try;
u_int total_hits = 0; u_int total_hits = 0;
/* check for a unused relation slot first */ /* check for a unused relation slot first */
for (i = 0; i < CACHE_SIZE; i++) for (i = 0; i < CACHE_SIZE; i++)
{ {
rel = &this->relations[i]; rel = &this->relations[i];
if (!rel->subject && rel->lock->try_write_lock(rel->lock)) if (!rel->subject && rel->lock->try_write_lock(rel->lock))
{ {
/* double-check having lock */ /* double-check having lock */
@ -109,7 +109,7 @@ static void cache(private_cert_cache_t *this,
for (i = 0; i < CACHE_SIZE; i++) for (i = 0; i < CACHE_SIZE; i++)
{ {
rel = &this->relations[(i + offset) % CACHE_SIZE]; rel = &this->relations[(i + offset) % CACHE_SIZE];
if (rel->hits > total_hits / CACHE_SIZE) if (rel->hits > total_hits / CACHE_SIZE)
{ /* skip often used slots */ { /* skip often used slots */
continue; continue;
@ -140,11 +140,11 @@ static bool issued_by(private_cert_cache_t *this,
{ {
relation_t *found = NULL, *current; relation_t *found = NULL, *current;
int i; int i;
for (i = 0; i < CACHE_SIZE; i++) for (i = 0; i < CACHE_SIZE; i++)
{ {
current = &this->relations[i]; current = &this->relations[i];
current->lock->read_lock(current->lock); current->lock->read_lock(current->lock);
if (current->subject) if (current->subject)
{ {
@ -203,14 +203,14 @@ static bool cert_enumerate(cert_enumerator_t *this, certificate_t **out)
{ {
public_key_t *public; public_key_t *public;
relation_t *rel; relation_t *rel;
if (this->locked >= 0) if (this->locked >= 0)
{ {
rel = &this->relations[this->locked]; rel = &this->relations[this->locked];
rel->lock->unlock(rel->lock); rel->lock->unlock(rel->lock);
this->locked = -1; this->locked = -1;
} }
while (++this->index < CACHE_SIZE) while (++this->index < CACHE_SIZE)
{ {
rel = &this->relations[this->index]; rel = &this->relations[this->index];
@ -219,7 +219,7 @@ static bool cert_enumerate(cert_enumerator_t *this, certificate_t **out)
if (rel->subject) if (rel->subject)
{ {
/* CRL lookup is done using issuer/authkeyidentifier */ /* CRL lookup is done using issuer/authkeyidentifier */
if (this->key == KEY_ANY && this->id && if (this->key == KEY_ANY && this->id &&
(this->cert == CERT_ANY || this->cert == CERT_X509_CRL) && (this->cert == CERT_ANY || this->cert == CERT_X509_CRL) &&
rel->subject->get_type(rel->subject) == CERT_X509_CRL && rel->subject->get_type(rel->subject) == CERT_X509_CRL &&
rel->subject->has_issuer(rel->subject, this->id)) rel->subject->has_issuer(rel->subject, this->id))
@ -261,7 +261,7 @@ static bool cert_enumerate(cert_enumerator_t *this, certificate_t **out)
static void cert_enumerator_destroy(cert_enumerator_t *this) static void cert_enumerator_destroy(cert_enumerator_t *this)
{ {
relation_t *rel; relation_t *rel;
if (this->locked >= 0) if (this->locked >= 0)
{ {
rel = &this->relations[this->locked]; rel = &this->relations[this->locked];
@ -274,11 +274,11 @@ static void cert_enumerator_destroy(cert_enumerator_t *this)
* implementation of credential_set_t.create_cert_enumerator * implementation of credential_set_t.create_cert_enumerator
*/ */
static enumerator_t *create_enumerator(private_cert_cache_t *this, static enumerator_t *create_enumerator(private_cert_cache_t *this,
certificate_type_t cert, key_type_t key, certificate_type_t cert, key_type_t key,
identification_t *id, bool trusted) identification_t *id, bool trusted)
{ {
cert_enumerator_t *enumerator; cert_enumerator_t *enumerator;
if (trusted) if (trusted)
{ {
return NULL; return NULL;
@ -292,7 +292,7 @@ static enumerator_t *create_enumerator(private_cert_cache_t *this,
enumerator->relations = this->relations; enumerator->relations = this->relations;
enumerator->index = -1; enumerator->index = -1;
enumerator->locked = -1; enumerator->locked = -1;
return &enumerator->public; return &enumerator->public;
} }
@ -303,7 +303,7 @@ static void flush(private_cert_cache_t *this, certificate_type_t type)
{ {
relation_t *rel; relation_t *rel;
int i; int i;
for (i = 0; i < CACHE_SIZE; i++) for (i = 0; i < CACHE_SIZE; i++)
{ {
rel = &this->relations[i]; rel = &this->relations[i];
@ -346,7 +346,7 @@ static void destroy(private_cert_cache_t *this)
{ {
relation_t *rel; relation_t *rel;
int i; int i;
for (i = 0; i < CACHE_SIZE; i++) for (i = 0; i < CACHE_SIZE; i++)
{ {
rel = &this->relations[i]; rel = &this->relations[i];
@ -367,7 +367,7 @@ cert_cache_t *cert_cache_create()
{ {
private_cert_cache_t *this; private_cert_cache_t *this;
int i; int i;
this = malloc_thing(private_cert_cache_t); this = malloc_thing(private_cert_cache_t);
this->public.set.create_private_enumerator = (void*)return_null; this->public.set.create_private_enumerator = (void*)return_null;
this->public.set.create_cert_enumerator = (void*)create_enumerator; this->public.set.create_cert_enumerator = (void*)create_enumerator;
@ -377,7 +377,7 @@ cert_cache_t *cert_cache_create()
this->public.issued_by = (bool(*)(cert_cache_t*, certificate_t *subject, certificate_t *issuer))issued_by; this->public.issued_by = (bool(*)(cert_cache_t*, certificate_t *subject, certificate_t *issuer))issued_by;
this->public.flush = (void(*)(cert_cache_t*, certificate_type_t type))flush; this->public.flush = (void(*)(cert_cache_t*, certificate_type_t type))flush;
this->public.destroy = (void(*)(cert_cache_t*))destroy; this->public.destroy = (void(*)(cert_cache_t*))destroy;
for (i = 0; i < CACHE_SIZE; i++) for (i = 0; i < CACHE_SIZE; i++)
{ {
this->relations[i].subject = NULL; this->relations[i].subject = NULL;

6
src/charon/credentials/sets/cert_cache.h
View File

@ -39,7 +39,7 @@ struct cert_cache_t {
* Implements credential_set_t. * Implements credential_set_t.
*/ */
credential_set_t set; credential_set_t set;
/** /**
* Caching wrapper around certificate_t.issued_by. * Caching wrapper around certificate_t.issued_by.
* *
@ -49,14 +49,14 @@ struct cert_cache_t {
*/ */
bool (*issued_by)(cert_cache_t *this, bool (*issued_by)(cert_cache_t *this,
certificate_t *subject, certificate_t *issuer); certificate_t *subject, certificate_t *issuer);
/** /**
* Flush the certificate cache. * Flush the certificate cache.
* *
* @param type type of certificate to flush, or CERT_ANY * @param type type of certificate to flush, or CERT_ANY
*/ */
void (*flush)(cert_cache_t *this, certificate_type_t type); void (*flush)(cert_cache_t *this, certificate_type_t type);
/** /**
* Destroy a cert_cache instance. * Destroy a cert_cache instance.
*/ */

14
src/charon/credentials/sets/ocsp_response_wrapper.c
View File

@ -26,7 +26,7 @@ struct private_ocsp_response_wrapper_t {
* public functions * public functions
*/ */
ocsp_response_wrapper_t public; ocsp_response_wrapper_t public;
/** /**
* wrapped OCSP response * wrapped OCSP response
*/ */
@ -98,16 +98,16 @@ static void enumerator_destroy(wrapper_enumerator_t *this)
* implementation of ocsp_response_wrapper_t.set.create_cert_enumerator * implementation of ocsp_response_wrapper_t.set.create_cert_enumerator
*/ */
static enumerator_t *create_enumerator(private_ocsp_response_wrapper_t *this, static enumerator_t *create_enumerator(private_ocsp_response_wrapper_t *this,
certificate_type_t cert, key_type_t key, certificate_type_t cert, key_type_t key,
identification_t *id, bool trusted) identification_t *id, bool trusted)
{ {
wrapper_enumerator_t *enumerator; wrapper_enumerator_t *enumerator;
if (trusted) if (trusted)
{ {
return NULL; return NULL;
} }
enumerator = malloc_thing(wrapper_enumerator_t); enumerator = malloc_thing(wrapper_enumerator_t);
enumerator->cert = cert; enumerator->cert = cert;
enumerator->key = key; enumerator->key = key;
@ -132,16 +132,16 @@ static void destroy(private_ocsp_response_wrapper_t *this)
ocsp_response_wrapper_t *ocsp_response_wrapper_create(ocsp_response_t *response) ocsp_response_wrapper_t *ocsp_response_wrapper_create(ocsp_response_t *response)
{ {
private_ocsp_response_wrapper_t *this = malloc_thing(private_ocsp_response_wrapper_t); private_ocsp_response_wrapper_t *this = malloc_thing(private_ocsp_response_wrapper_t);
this->public.set.create_private_enumerator = (void*)return_null; this->public.set.create_private_enumerator = (void*)return_null;
this->public.set.create_cert_enumerator = (void*)create_enumerator; this->public.set.create_cert_enumerator = (void*)create_enumerator;
this->public.set.create_shared_enumerator = (void*)return_null; this->public.set.create_shared_enumerator = (void*)return_null;
this->public.set.create_cdp_enumerator = (void*)return_null; this->public.set.create_cdp_enumerator = (void*)return_null;
this->public.set.cache_cert = (void*)nop; this->public.set.cache_cert = (void*)nop;
this->public.destroy = (void(*)(ocsp_response_wrapper_t*))destroy; this->public.destroy = (void(*)(ocsp_response_wrapper_t*))destroy;
this->response = response; this->response = response;
return &this->public; return &this->public;
} }

2
src/charon/credentials/sets/ocsp_response_wrapper.h
View File

@ -35,7 +35,7 @@ struct ocsp_response_wrapper_t {
* implements credential_set_t * implements credential_set_t
*/ */
credential_set_t set; credential_set_t set;
/** /**
* Destroy a ocsp_response_wrapper instance. * Destroy a ocsp_response_wrapper instance.
*/ */

100
src/charon/daemon.c
View File

@ -58,7 +58,7 @@ struct private_daemon_t {
* Public members of daemon_t. * Public members of daemon_t.
*/ */
daemon_t public; daemon_t public;
/** /**
* Signal set used for signal handling. * Signal set used for signal handling.
*/ */
@ -88,7 +88,7 @@ extern void (*dbg) (int level, char *fmt, ...);
static void dbg_bus(int level, char *fmt, ...) static void dbg_bus(int level, char *fmt, ...)
{ {
va_list args; va_list args;
va_start(args, fmt); va_start(args, fmt);
charon->bus->vlog(charon->bus, DBG_LIB, level, fmt, args); charon->bus->vlog(charon->bus, DBG_LIB, level, fmt, args);
va_end(args); va_end(args);
@ -100,7 +100,7 @@ static void dbg_bus(int level, char *fmt, ...)
static void dbg_stderr(int level, char *fmt, ...) static void dbg_stderr(int level, char *fmt, ...)
{ {
va_list args; va_list args;
if (level <= 1) if (level <= 1)
{ {
va_start(args, fmt); va_start(args, fmt);
@ -117,18 +117,18 @@ static void dbg_stderr(int level, char *fmt, ...)
static void run(private_daemon_t *this) static void run(private_daemon_t *this)
{ {
sigset_t set; sigset_t set;
/* handle SIGINT, SIGHUP ans SIGTERM in this handler */ /* handle SIGINT, SIGHUP ans SIGTERM in this handler */
sigemptyset(&set); sigemptyset(&set);
sigaddset(&set, SIGINT); sigaddset(&set, SIGINT);
sigaddset(&set, SIGHUP); sigaddset(&set, SIGHUP);
sigaddset(&set, SIGTERM); sigaddset(&set, SIGTERM);
while (TRUE) while (TRUE)
{ {
int sig; int sig;
int error; int error;
error = sigwait(&set, &sig); error = sigwait(&set, &sig);
if (error) if (error)
{ {
@ -200,7 +200,7 @@ static void destroy(private_daemon_t *this)
DESTROY_IF(this->public.socket); DESTROY_IF(this->public.socket);
/* wait until all threads are gone */ /* wait until all threads are gone */
DESTROY_IF(this->public.processor); DESTROY_IF(this->public.processor);
/* rehook library logging, shutdown logging */ /* rehook library logging, shutdown logging */
dbg = dbg_stderr; dbg = dbg_stderr;
DESTROY_IF(this->public.bus); DESTROY_IF(this->public.bus);
@ -257,7 +257,7 @@ static void drop_capabilities(private_daemon_t *this)
{ {
kill_daemon(this, "change to unprivileged user failed"); kill_daemon(this, "change to unprivileged user failed");
} }
#ifdef CAPABILITIES #ifdef CAPABILITIES
if (cap_set_proc(this->caps) != 0) if (cap_set_proc(this->caps) != 0)
{ {
@ -287,7 +287,7 @@ static void lookup_uid_gid(private_daemon_t *this)
{ {
char buf[1024]; char buf[1024];
struct passwd passwd, *pwp; struct passwd passwd, *pwp;
if (getpwnam_r(IPSEC_USER, &passwd, buf, sizeof(buf), &pwp) != 0 || if (getpwnam_r(IPSEC_USER, &passwd, buf, sizeof(buf), &pwp) != 0 ||
pwp == NULL) pwp == NULL)
{ {
@ -300,7 +300,7 @@ static void lookup_uid_gid(private_daemon_t *this)
{ {
char buf[1024]; char buf[1024];
struct group group, *grp; struct group group, *grp;
if (getgrnam_r(IPSEC_GROUP, &group, buf, sizeof(buf), &grp) != 0 || if (getgrnam_r(IPSEC_GROUP, &group, buf, sizeof(buf), &grp) != 0 ||
grp == NULL) grp == NULL)
{ {
@ -319,7 +319,7 @@ static void print_plugins()
char buf[512], *plugin; char buf[512], *plugin;
int len = 0; int len = 0;
enumerator_t *enumerator; enumerator_t *enumerator;
buf[0] = '\0'; buf[0] = '\0';
enumerator = lib->plugins->create_plugin_enumerator(lib->plugins); enumerator = lib->plugins->create_plugin_enumerator(lib->plugins);
while (len < sizeof(buf) && enumerator->enumerate(enumerator, &plugin)) while (len < sizeof(buf) && enumerator->enumerate(enumerator, &plugin))
@ -345,7 +345,7 @@ static void initialize_loggers(private_daemon_t *this, bool use_stderr,
level_t def; level_t def;
bool append; bool append;
FILE *file; FILE *file;
/* setup sysloggers */ /* setup sysloggers */
enumerator = lib->settings->create_section_enumerator(lib->settings, enumerator = lib->settings->create_section_enumerator(lib->settings,
"charon.syslog"); "charon.syslog");
@ -378,7 +378,7 @@ static void initialize_loggers(private_daemon_t *this, bool use_stderr,
this->public.bus->add_listener(this->public.bus, &sys_logger->listener); this->public.bus->add_listener(this->public.bus, &sys_logger->listener);
} }
enumerator->destroy(enumerator); enumerator->destroy(enumerator);
/* and file loggers */ /* and file loggers */
enumerator = lib->settings->create_section_enumerator(lib->settings, enumerator = lib->settings->create_section_enumerator(lib->settings,
"charon.filelog"); "charon.filelog");
@ -418,10 +418,10 @@ static void initialize_loggers(private_daemon_t *this, bool use_stderr,
this->public.file_loggers->insert_last(this->public.file_loggers, this->public.file_loggers->insert_last(this->public.file_loggers,
file_logger); file_logger);
this->public.bus->add_listener(this->public.bus, &file_logger->listener); this->public.bus->add_listener(this->public.bus, &file_logger->listener);
} }
enumerator->destroy(enumerator); enumerator->destroy(enumerator);
/* set up legacy style default loggers provided via command-line */ /* set up legacy style default loggers provided via command-line */
if (!loggers_defined) if (!loggers_defined)
{ {
@ -443,7 +443,7 @@ static void initialize_loggers(private_daemon_t *this, bool use_stderr,
file_logger->set_level(file_logger, group, levels[group]); file_logger->set_level(file_logger, group, levels[group]);
} }
} }
/* set up default auth sys_logger */ /* set up default auth sys_logger */
sys_logger = sys_logger_create(LOG_AUTHPRIV); sys_logger = sys_logger_create(LOG_AUTHPRIV);
this->public.bus->add_listener(this->public.bus, &sys_logger->listener); this->public.bus->add_listener(this->public.bus, &sys_logger->listener);
@ -460,14 +460,14 @@ static bool initialize(private_daemon_t *this, bool syslog, level_t levels[])
{ {
/* for uncritical pseudo random numbers */ /* for uncritical pseudo random numbers */
srandom(time(NULL) + getpid()); srandom(time(NULL) + getpid());
/* setup bus and it's listeners first to enable log output */ /* setup bus and it's listeners first to enable log output */
this->public.bus = bus_create(); this->public.bus = bus_create();
/* set up hook to log dbg message in library via charons message bus */ /* set up hook to log dbg message in library via charons message bus */
dbg = dbg_bus; dbg = dbg_bus;
initialize_loggers(this, !syslog, levels); initialize_loggers(this, !syslog, levels);
DBG1(DBG_DMN, "Starting IKEv2 charon daemon (strongSwan "VERSION")"); DBG1(DBG_DMN, "Starting IKEv2 charon daemon (strongSwan "VERSION")");
if (lib->integrity) if (lib->integrity)
@ -489,14 +489,14 @@ static bool initialize(private_daemon_t *this, bool syslog, level_t levels[])
this->public.kernel_interface = kernel_interface_create(); this->public.kernel_interface = kernel_interface_create();
this->public.socket = socket_create(); this->public.socket = socket_create();
this->public.traps = trap_manager_create(); this->public.traps = trap_manager_create();
/* load plugins, further infrastructure may need it */ /* load plugins, further infrastructure may need it */
if (!lib->plugins->load(lib->plugins, IPSEC_PLUGINDIR, if (!lib->plugins->load(lib->plugins, IPSEC_PLUGINDIR,
lib->settings->get_str(lib->settings, "charon.load", PLUGINS))) lib->settings->get_str(lib->settings, "charon.load", PLUGINS)))
{ {
return FALSE; return FALSE;
} }
print_plugins(); print_plugins();
this->public.ike_sa_manager = ike_sa_manager_create(); this->public.ike_sa_manager = ike_sa_manager_create();
@ -510,7 +510,7 @@ static bool initialize(private_daemon_t *this, bool syslog, level_t levels[])
{ {
return FALSE; return FALSE;
} }
#ifdef ME #ifdef ME
this->public.connect_manager = connect_manager_create(); this->public.connect_manager = connect_manager_create();
if (this->public.connect_manager == NULL) if (this->public.connect_manager == NULL)
@ -519,7 +519,7 @@ static bool initialize(private_daemon_t *this, bool syslog, level_t levels[])
} }
this->public.mediation_manager = mediation_manager_create(); this->public.mediation_manager = mediation_manager_create();
#endif /* ME */ #endif /* ME */
return TRUE; return TRUE;
} }
@ -529,12 +529,12 @@ static bool initialize(private_daemon_t *this, bool syslog, level_t levels[])
static void segv_handler(int signal) static void segv_handler(int signal)
{ {
backtrace_t *backtrace; backtrace_t *backtrace;
DBG1(DBG_DMN, "thread %u received %d", pthread_self(), signal); DBG1(DBG_DMN, "thread %u received %d", pthread_self(), signal);
backtrace = backtrace_create(2); backtrace = backtrace_create(2);
backtrace->log(backtrace, stderr); backtrace->log(backtrace, stderr);
backtrace->destroy(backtrace); backtrace->destroy(backtrace);
DBG1(DBG_DMN, "killing ourself, received critical signal"); DBG1(DBG_DMN, "killing ourself, received critical signal");
raise(SIGKILL); raise(SIGKILL);
} }
@ -546,11 +546,11 @@ private_daemon_t *daemon_create(void)
{ {
struct sigaction action; struct sigaction action;
private_daemon_t *this = malloc_thing(private_daemon_t); private_daemon_t *this = malloc_thing(private_daemon_t);
/* assign methods */ /* assign methods */
this->public.kill = (void (*) (daemon_t*,char*))kill_daemon; this->public.kill = (void (*) (daemon_t*,char*))kill_daemon;
this->public.keep_cap = (void(*)(daemon_t*, u_int cap))keep_cap; this->public.keep_cap = (void(*)(daemon_t*, u_int cap))keep_cap;
/* NULL members for clean destruction */ /* NULL members for clean destruction */
this->public.socket = NULL; this->public.socket = NULL;
this->public.ike_sa_manager = NULL; this->public.ike_sa_manager = NULL;
@ -575,7 +575,7 @@ private_daemon_t *daemon_create(void)
#endif /* ME */ #endif /* ME */
this->public.uid = 0; this->public.uid = 0;
this->public.gid = 0; this->public.gid = 0;
this->public.main_thread_id = pthread_self(); this->public.main_thread_id = pthread_self();
#ifdef CAPABILITIES #ifdef CAPABILITIES
this->caps = cap_init(); this->caps = cap_init();
@ -585,7 +585,7 @@ private_daemon_t *daemon_create(void)
keep_cap(this, CAP_SYS_NICE); keep_cap(this, CAP_SYS_NICE);
} }
#endif /* CAPABILITIES */ #endif /* CAPABILITIES */
/* add handler for SEGV and ILL, /* add handler for SEGV and ILL,
* add handler for USR1 (cancellation). * add handler for USR1 (cancellation).
* INT, TERM and HUP are handled by sigwait() in run() */ * INT, TERM and HUP are handled by sigwait() in run() */
@ -600,9 +600,9 @@ private_daemon_t *daemon_create(void)
sigaction(SIGBUS, &action, NULL); sigaction(SIGBUS, &action, NULL);
action.sa_handler = SIG_IGN; action.sa_handler = SIG_IGN;
sigaction(SIGPIPE, &action, NULL); sigaction(SIGPIPE, &action, NULL);
pthread_sigmask(SIG_SETMASK, &action.sa_mask, 0); pthread_sigmask(SIG_SETMASK, &action.sa_mask, 0);
return this; return this;
} }
@ -613,7 +613,7 @@ static bool check_pidfile()
{ {
struct stat stb; struct stat stb;
FILE *file; FILE *file;
if (stat(PID_FILE, &stb) == 0) if (stat(PID_FILE, &stb) == 0)
{ {
file = fopen(PID_FILE, "r"); file = fopen(PID_FILE, "r");
@ -621,7 +621,7 @@ static bool check_pidfile()
{ {
char buf[64]; char buf[64];
pid_t pid = 0; pid_t pid = 0;
memset(buf, 0, sizeof(buf)); memset(buf, 0, sizeof(buf));
if (fread(buf, 1, sizeof(buf), file)) if (fread(buf, 1, sizeof(buf), file))
{ {
@ -636,7 +636,7 @@ static bool check_pidfile()
DBG1(DBG_DMN, "removing pidfile '"PID_FILE"', process not running"); DBG1(DBG_DMN, "removing pidfile '"PID_FILE"', process not running");
unlink(PID_FILE); unlink(PID_FILE);
} }
/* create new pidfile */ /* create new pidfile */
file = fopen(PID_FILE, "w"); file = fopen(PID_FILE, "w");
if (file) if (file)
@ -679,17 +679,17 @@ int main(int argc, char *argv[])
private_daemon_t *private_charon; private_daemon_t *private_charon;
level_t levels[DBG_MAX]; level_t levels[DBG_MAX];
int group; int group;
/* logging for library during initialization, as we have no bus yet */ /* logging for library during initialization, as we have no bus yet */
dbg = dbg_stderr; dbg = dbg_stderr;
/* initialize library */ /* initialize library */
if (!library_init(STRONGSWAN_CONF)) if (!library_init(STRONGSWAN_CONF))
{ {
library_deinit(); library_deinit();
exit(SS_RC_LIBSTRONGSWAN_INTEGRITY); exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
} }
if (lib->integrity && if (lib->integrity &&
!lib->integrity->check_file(lib->integrity, "charon", argv[0])) !lib->integrity->check_file(lib->integrity, "charon", argv[0]))
{ {
@ -697,7 +697,7 @@ int main(int argc, char *argv[])
library_deinit(); library_deinit();
exit(SS_RC_DAEMON_INTEGRITY); exit(SS_RC_DAEMON_INTEGRITY);
} }
lib->printf_hook->add_handler(lib->printf_hook, 'R', lib->printf_hook->add_handler(lib->printf_hook, 'R',
traffic_selector_printf_hook, traffic_selector_printf_hook,
PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_POINTER,
@ -708,15 +708,15 @@ int main(int argc, char *argv[])
PRINTF_HOOK_ARGTYPE_END); PRINTF_HOOK_ARGTYPE_END);
private_charon = daemon_create(); private_charon = daemon_create();
charon = (daemon_t*)private_charon; charon = (daemon_t*)private_charon;
lookup_uid_gid(private_charon); lookup_uid_gid(private_charon);
/* use CTRL loglevel for default */ /* use CTRL loglevel for default */
for (group = 0; group < DBG_MAX; group++) for (group = 0; group < DBG_MAX; group++)
{ {
levels[group] = LEVEL_CTRL; levels[group] = LEVEL_CTRL;
} }
/* handle arguments */ /* handle arguments */
for (;;) for (;;)
{ {
@ -737,7 +737,7 @@ int main(int argc, char *argv[])
{ "debug-lib", required_argument, &group, DBG_LIB }, { "debug-lib", required_argument, &group, DBG_LIB },
{ 0,0,0,0 } { 0,0,0,0 }
}; };
int c = getopt_long(argc, argv, "", long_opts, NULL); int c = getopt_long(argc, argv, "", long_opts, NULL);
switch (c) switch (c)
{ {
@ -762,7 +762,7 @@ int main(int argc, char *argv[])
} }
break; break;
} }
/* initialize daemon */ /* initialize daemon */
if (!initialize(private_charon, use_syslog, levels)) if (!initialize(private_charon, use_syslog, levels))
{ {
@ -770,31 +770,31 @@ int main(int argc, char *argv[])
destroy(private_charon); destroy(private_charon);
exit(SS_RC_INITIALIZATION_FAILED); exit(SS_RC_INITIALIZATION_FAILED);
} }
if (check_pidfile()) if (check_pidfile())
{ {
DBG1(DBG_DMN, "charon already running (\""PID_FILE"\" exists)"); DBG1(DBG_DMN, "charon already running (\""PID_FILE"\" exists)");
destroy(private_charon); destroy(private_charon);
exit(-1); exit(-1);
} }
/* drop the capabilities we won't need */ /* drop the capabilities we won't need */
drop_capabilities(private_charon); drop_capabilities(private_charon);
/* start the engine, go multithreaded */ /* start the engine, go multithreaded */
charon->processor->set_threads(charon->processor, charon->processor->set_threads(charon->processor,
lib->settings->get_int(lib->settings, "charon.threads", lib->settings->get_int(lib->settings, "charon.threads",
DEFAULT_THREADS)); DEFAULT_THREADS));
/* run daemon */ /* run daemon */
run(private_charon); run(private_charon);
/* normal termination, cleanup and exit */ /* normal termination, cleanup and exit */
destroy(private_charon); destroy(private_charon);
unlink(PID_FILE); unlink(PID_FILE);
library_deinit(); library_deinit();
return 0; return 0;
} }

46
src/charon/daemon.h
View File

@ -199,104 +199,104 @@ typedef struct daemon_t daemon_t;
* Main class of daemon, contains some globals. * Main class of daemon, contains some globals.
*/ */
struct daemon_t { struct daemon_t {
/** /**
* A socket_t instance. * A socket_t instance.
*/ */
socket_t *socket; socket_t *socket;
/** /**
* A ike_sa_manager_t instance. * A ike_sa_manager_t instance.
*/ */
ike_sa_manager_t *ike_sa_manager; ike_sa_manager_t *ike_sa_manager;
/** /**
* Manager for triggering policies, called traps * Manager for triggering policies, called traps
*/ */
trap_manager_t *traps; trap_manager_t *traps;
/** /**
* Manager for the different configuration backends. * Manager for the different configuration backends.
*/ */
backend_manager_t *backends; backend_manager_t *backends;
/** /**
* Manager for IKEv2 cfg payload attributes * Manager for IKEv2 cfg payload attributes
*/ */
attribute_manager_t *attributes; attribute_manager_t *attributes;
/** /**
* Manager for the credential backends * Manager for the credential backends
*/ */
credential_manager_t *credentials; credential_manager_t *credentials;
/** /**
* The Sender-Thread. * The Sender-Thread.
*/ */
sender_t *sender; sender_t *sender;
/** /**
* The Receiver-Thread. * The Receiver-Thread.
*/ */
receiver_t *receiver; receiver_t *receiver;
/** /**
* The Scheduler-Thread. * The Scheduler-Thread.
*/ */
scheduler_t *scheduler; scheduler_t *scheduler;
/** /**
* Job processing using a thread pool. * Job processing using a thread pool.
*/ */
processor_t *processor; processor_t *processor;
/** /**
* The signaling bus. * The signaling bus.
*/ */
bus_t *bus; bus_t *bus;
/** /**
* A list of installed file_logger_t's * A list of installed file_logger_t's
*/ */
linked_list_t *file_loggers; linked_list_t *file_loggers;
/** /**
* A list of installed sys_logger_t's * A list of installed sys_logger_t's
*/ */
linked_list_t *sys_loggers; linked_list_t *sys_loggers;
/** /**
* Kernel Interface to communicate with kernel * Kernel Interface to communicate with kernel
*/ */
kernel_interface_t *kernel_interface; kernel_interface_t *kernel_interface;
/** /**
* Controller to control the daemon * Controller to control the daemon
*/ */
controller_t *controller; controller_t *controller;
/** /**
* EAP manager to maintain registered EAP methods * EAP manager to maintain registered EAP methods
*/ */
eap_manager_t *eap; eap_manager_t *eap;
/** /**
* SIM manager to maintain SIM cards/providers * SIM manager to maintain SIM cards/providers
*/ */
sim_manager_t *sim; sim_manager_t *sim;
#ifdef ME #ifdef ME
/** /**
* Connect manager * Connect manager
*/ */
connect_manager_t *connect_manager; connect_manager_t *connect_manager;
/** /**
* Mediation manager * Mediation manager
*/ */
mediation_manager_t *mediation_manager; mediation_manager_t *mediation_manager;
#endif /* ME */ #endif /* ME */
/** /**
* User ID the daemon will user after initialization * User ID the daemon will user after initialization
*/ */
@ -306,12 +306,12 @@ struct daemon_t {
* Group ID the daemon will use after initialization * Group ID the daemon will use after initialization
*/ */
gid_t gid; gid_t gid;
/** /**
* The thread_id of main-thread. * The thread_id of main-thread.
*/ */
pthread_t main_thread_id; pthread_t main_thread_id;
/** /**
* Do not drop a given capability after initialization. * Do not drop a given capability after initialization.
* *
@ -320,7 +320,7 @@ struct daemon_t {
* drop these. * drop these.
*/ */
void (*keep_cap)(daemon_t *this, u_int cap); void (*keep_cap)(daemon_t *this, u_int cap);
/** /**
* Shut down the daemon. * Shut down the daemon.
* *

170
src/charon/encoding/generator.c
View File

@ -53,55 +53,55 @@ struct private_generator_t {
* Public part of a generator_t object. * Public part of a generator_t object.
*/ */
generator_t public; generator_t public;
/** /**
* Buffer used to generate the data into. * Buffer used to generate the data into.
*/ */
u_int8_t *buffer; u_int8_t *buffer;
/** /**
* Current write position in buffer (one byte aligned). * Current write position in buffer (one byte aligned).
*/ */
u_int8_t *out_position; u_int8_t *out_position;
/** /**
* Position of last byte in buffer. * Position of last byte in buffer.
*/ */
u_int8_t *roof_position; u_int8_t *roof_position;
/** /**
* Current bit writing to in current byte (between 0 and 7). * Current bit writing to in current byte (between 0 and 7).
*/ */
u_int8_t current_bit; u_int8_t current_bit;
/** /**
* Associated data struct to read informations from. * Associated data struct to read informations from.
*/ */
void *data_struct; void *data_struct;
/* /*
* Last payload length position offset in the buffer. * Last payload length position offset in the buffer.
*/ */
u_int32_t last_payload_length_position_offset; u_int32_t last_payload_length_position_offset;
/** /**
* Offset of the header length field in the buffer. * Offset of the header length field in the buffer.
*/ */
u_int32_t header_length_position_offset; u_int32_t header_length_position_offset;
/** /**
* Last SPI size. * Last SPI size.
*/ */
u_int8_t last_spi_size; u_int8_t last_spi_size;
/** /**
* Attribute format of the last generated transform attribute. * Attribute format of the last generated transform attribute.
* *
* Used to check if a variable value field is used or not for * Used to check if a variable value field is used or not for
* the transform attribute value. * the transform attribute value.
*/ */
bool attribute_format; bool attribute_format;
/** /**
* Depending on the value of attribute_format this field is used * Depending on the value of attribute_format this field is used
* to hold the length of the transform attribute in bytes. * to hold the length of the transform attribute in bytes.
@ -149,14 +149,14 @@ static void make_space_available(private_generator_t *this, int bits)
while ((get_space(this) * 8 - this->current_bit) < bits) while ((get_space(this) * 8 - this->current_bit) < bits)
{ {
int old_buffer_size, new_buffer_size, out_position_offset; int old_buffer_size, new_buffer_size, out_position_offset;
old_buffer_size = get_size(this); old_buffer_size = get_size(this);
new_buffer_size = old_buffer_size + GENERATOR_DATA_BUFFER_INCREASE_VALUE; new_buffer_size = old_buffer_size + GENERATOR_DATA_BUFFER_INCREASE_VALUE;
out_position_offset = this->out_position - this->buffer; out_position_offset = this->out_position - this->buffer;
DBG2(DBG_ENC, "increasing gen buffer from %d to %d byte", DBG2(DBG_ENC, "increasing gen buffer from %d to %d byte",
old_buffer_size, new_buffer_size); old_buffer_size, new_buffer_size);
this->buffer = realloc(this->buffer,new_buffer_size); this->buffer = realloc(this->buffer,new_buffer_size);
this->out_position = (this->buffer + out_position_offset); this->out_position = (this->buffer + out_position_offset);
this->roof_position = (this->buffer + new_buffer_size); this->roof_position = (this->buffer + new_buffer_size);
@ -171,9 +171,9 @@ static void write_bytes_to_buffer(private_generator_t *this, void *bytes,
{ {
int i; int i;
u_int8_t *read_position = (u_int8_t *)bytes; u_int8_t *read_position = (u_int8_t *)bytes;
make_space_available(this, number_of_bytes * 8); make_space_available(this, number_of_bytes * 8);
for (i = 0; i < number_of_bytes; i++) for (i = 0; i < number_of_bytes; i++)
{ {
*(this->out_position) = *(read_position); *(this->out_position) = *(read_position);
@ -192,14 +192,14 @@ static void write_bytes_to_buffer_at_offset(private_generator_t *this,
u_int8_t *read_position = (u_int8_t *)bytes; u_int8_t *read_position = (u_int8_t *)bytes;
u_int8_t *write_position; u_int8_t *write_position;
u_int32_t free_space_after_offset = get_size(this) - offset; u_int32_t free_space_after_offset = get_size(this) - offset;
/* check first if enough space for new data is available */ /* check first if enough space for new data is available */
if (number_of_bytes > free_space_after_offset) if (number_of_bytes > free_space_after_offset)
{ {
make_space_available(this, make_space_available(this,
(number_of_bytes - free_space_after_offset) * 8); (number_of_bytes - free_space_after_offset) * 8);
} }
write_position = this->buffer + offset; write_position = this->buffer + offset;
for (i = 0; i < number_of_bytes; i++) for (i = 0; i < number_of_bytes; i++)
{ {
@ -216,7 +216,7 @@ static void generate_u_int_type(private_generator_t *this,
encoding_type_t int_type,u_int32_t offset) encoding_type_t int_type,u_int32_t offset)
{ {
int number_of_bits = 0; int number_of_bits = 0;
/* find out number of bits of each U_INT type to check for enough space */ /* find out number of bits of each U_INT type to check for enough space */
switch (int_type) switch (int_type)
{ {
@ -251,14 +251,14 @@ static void generate_u_int_type(private_generator_t *this,
encoding_type_names, int_type); encoding_type_names, int_type);
return; return;
} }
make_space_available(this, number_of_bits); make_space_available(this, number_of_bits);
switch (int_type) switch (int_type)
{ {
case U_INT_4: case U_INT_4:
{ {
u_int8_t high, low; u_int8_t high, low;
if (this->current_bit == 0) if (this->current_bit == 0)
{ {
/* high of current byte in buffer has to be set to the new value*/ /* high of current byte in buffer has to be set to the new value*/
@ -303,7 +303,7 @@ static void generate_u_int_type(private_generator_t *this,
{ {
u_int8_t attribute_format_flag; u_int8_t attribute_format_flag;
u_int16_t val; u_int16_t val;
/* attribute type must not change first bit of current byte */ /* attribute type must not change first bit of current byte */
if (this->current_bit != 1) if (this->current_bit != 1)
{ {
@ -325,7 +325,7 @@ static void generate_u_int_type(private_generator_t *this,
write_bytes_to_buffer(this, &val, sizeof(u_int16_t)); write_bytes_to_buffer(this, &val, sizeof(u_int16_t));
this->current_bit = 0; this->current_bit = 0;
break; break;
} }
case U_INT_16: case U_INT_16:
case CONFIGURATION_ATTRIBUTE_LENGTH: case CONFIGURATION_ATTRIBUTE_LENGTH:
@ -372,11 +372,11 @@ static void generate_reserved_field(private_generator_t *this, int bits)
return ; return ;
} }
make_space_available(this, bits); make_space_available(this, bits);
if (bits == 1) if (bits == 1)
{ {
u_int8_t reserved_bit = ~(1 << (7 - this->current_bit)); u_int8_t reserved_bit = ~(1 << (7 - this->current_bit));
*(this->out_position) = *(this->out_position) & reserved_bit; *(this->out_position) = *(this->out_position) & reserved_bit;
if (this->current_bit == 0) if (this->current_bit == 0)
{ {
@ -410,11 +410,11 @@ static void generate_flag(private_generator_t *this, u_int32_t offset)
{ {
u_int8_t flag_value; u_int8_t flag_value;
u_int8_t flag; u_int8_t flag;
flag_value = (*((bool *) (this->data_struct + offset))) ? 1 : 0; flag_value = (*((bool *) (this->data_struct + offset))) ? 1 : 0;
/* get flag position */ /* get flag position */
flag = (flag_value << (7 - this->current_bit)); flag = (flag_value << (7 - this->current_bit));
/* make sure one bit is available in buffer */ /* make sure one bit is available in buffer */
make_space_available(this, 1); make_space_available(this, 1);
if (this->current_bit == 0) if (this->current_bit == 0)
@ -422,10 +422,10 @@ static void generate_flag(private_generator_t *this, u_int32_t offset)
/* memory must be zero */ /* memory must be zero */
*(this->out_position) = 0x00; *(this->out_position) = 0x00;
} }
*(this->out_position) = *(this->out_position) | flag; *(this->out_position) = *(this->out_position) | flag;
DBG3(DBG_ENC, " => %d", *this->out_position); DBG3(DBG_ENC, " => %d", *this->out_position);
this->current_bit++; this->current_bit++;
if (this->current_bit >= 8) if (this->current_bit >= 8)
{ {
@ -440,16 +440,16 @@ static void generate_flag(private_generator_t *this, u_int32_t offset)
static void generate_from_chunk(private_generator_t *this, u_int32_t offset) static void generate_from_chunk(private_generator_t *this, u_int32_t offset)
{ {
chunk_t *value; chunk_t *value;
if (this->current_bit != 0) if (this->current_bit != 0)
{ {
DBG1(DBG_ENC, "can not generate a chunk at Bitpos %d", this->current_bit); DBG1(DBG_ENC, "can not generate a chunk at Bitpos %d", this->current_bit);
return ; return ;
} }
value = (chunk_t *)(this->data_struct + offset); value = (chunk_t *)(this->data_struct + offset);
DBG3(DBG_ENC, " => %B", value); DBG3(DBG_ENC, " => %B", value);
write_bytes_to_buffer(this, value->ptr, value->len); write_bytes_to_buffer(this, value->ptr, value->len);
} }
@ -460,7 +460,7 @@ static void write_to_chunk(private_generator_t *this,chunk_t *data)
{ {
int data_length = get_length(this); int data_length = get_length(this);
u_int32_t header_length_field = data_length; u_int32_t header_length_field = data_length;
/* write length into header length field */ /* write length into header length field */
if (this->header_length_position_offset > 0) if (this->header_length_position_offset > 0)
{ {
@ -468,14 +468,14 @@ static void write_to_chunk(private_generator_t *this,chunk_t *data)
write_bytes_to_buffer_at_offset(this, &val, sizeof(u_int32_t), write_bytes_to_buffer_at_offset(this, &val, sizeof(u_int32_t),
this->header_length_position_offset); this->header_length_position_offset);
} }
if (this->current_bit > 0) if (this->current_bit > 0)
{ {
data_length++; data_length++;
} }
*data = chunk_alloc(data_length); *data = chunk_alloc(data_length);
memcpy(data->ptr, this->buffer, data_length); memcpy(data->ptr, this->buffer, data_length);
DBG3(DBG_ENC, "generated data of this generator %B", data); DBG3(DBG_ENC, "generated data of this generator %B", data);
} }
@ -488,20 +488,20 @@ static void generate_payload (private_generator_t *this,payload_t *payload)
size_t rule_count; size_t rule_count;
encoding_rule_t *rules; encoding_rule_t *rules;
payload_type_t payload_type; payload_type_t payload_type;
this->data_struct = payload; this->data_struct = payload;
payload_type = payload->get_type(payload); payload_type = payload->get_type(payload);
/* spi size has to get reseted */ /* spi size has to get reseted */
this->last_spi_size = 0; this->last_spi_size = 0;
offset_start = this->out_position - this->buffer; offset_start = this->out_position - this->buffer;
DBG2(DBG_ENC, "generating payload of type %N", DBG2(DBG_ENC, "generating payload of type %N",
payload_type_names, payload_type); payload_type_names, payload_type);
/* each payload has its own encoding rules */ /* each payload has its own encoding rules */
payload->get_encoding_rules(payload, &rules, &rule_count); payload->get_encoding_rules(payload, &rules, &rule_count);
for (i = 0; i < rule_count;i++) for (i = 0; i < rule_count;i++)
{ {
DBG2(DBG_ENC, " generating rule %d %N", DBG2(DBG_ENC, " generating rule %d %N",
@ -529,7 +529,7 @@ static void generate_payload (private_generator_t *this,payload_t *payload)
{ {
generate_reserved_field(this, 8); generate_reserved_field(this, 8);
break; break;
} }
case FLAG: case FLAG:
{ {
generate_flag(this, rules[i].offset); generate_flag(this, rules[i].offset);
@ -578,7 +578,7 @@ static void generate_payload (private_generator_t *this,payload_t *payload)
u_int16_t length_of_payload; u_int16_t length_of_payload;
u_int16_t header_length = 0; u_int16_t header_length = 0;
u_int16_t length_in_network_order; u_int16_t length_in_network_order;
switch(rules[i].type) switch(rules[i].type)
{ {
case KEY_EXCHANGE_DATA: case KEY_EXCHANGE_DATA:
@ -619,13 +619,13 @@ static void generate_payload (private_generator_t *this,payload_t *payload)
break; break;
} }
generate_from_chunk(this, rules[i].offset); generate_from_chunk(this, rules[i].offset);
payload_length_position_offset = payload_length_position_offset =
this->last_payload_length_position_offset; this->last_payload_length_position_offset;
length_of_payload = header_length + length_of_payload = header_length +
((chunk_t *)(this->data_struct + rules[i].offset))->len; ((chunk_t *)(this->data_struct + rules[i].offset))->len;
length_in_network_order = htons(length_of_payload); length_in_network_order = htons(length_of_payload);
write_bytes_to_buffer_at_offset(this, &length_in_network_order, write_bytes_to_buffer_at_offset(this, &length_in_network_order,
sizeof(u_int16_t), payload_length_position_offset); sizeof(u_int16_t), payload_length_position_offset);
@ -633,7 +633,7 @@ static void generate_payload (private_generator_t *this,payload_t *payload)
} }
case PROPOSALS: case PROPOSALS:
{ {
u_int32_t payload_length_position_offset = u_int32_t payload_length_position_offset =
this->last_payload_length_position_offset; this->last_payload_length_position_offset;
/* Length of SA_PAYLOAD is calculated */ /* Length of SA_PAYLOAD is calculated */
u_int16_t length_of_sa_payload = SA_PAYLOAD_HEADER_LENGTH; u_int16_t length_of_sa_payload = SA_PAYLOAD_HEADER_LENGTH;
@ -642,13 +642,13 @@ static void generate_payload (private_generator_t *this,payload_t *payload)
(this->data_struct + rules[i].offset)); (this->data_struct + rules[i].offset));
iterator_t *iterator; iterator_t *iterator;
payload_t *current_proposal; payload_t *current_proposal;
iterator = proposals->create_iterator(proposals,TRUE); iterator = proposals->create_iterator(proposals,TRUE);
while (iterator->iterate(iterator, (void**)&current_proposal)) while (iterator->iterate(iterator, (void**)&current_proposal))
{ {
u_int32_t before_generate_position_offset; u_int32_t before_generate_position_offset;
u_int32_t after_generate_position_offset; u_int32_t after_generate_position_offset;
before_generate_position_offset = get_offset(this); before_generate_position_offset = get_offset(this);
generate_payload(this, current_proposal); generate_payload(this, current_proposal);
after_generate_position_offset = get_offset(this); after_generate_position_offset = get_offset(this);
@ -656,7 +656,7 @@ static void generate_payload (private_generator_t *this,payload_t *payload)
before_generate_position_offset); before_generate_position_offset);
} }
iterator->destroy(iterator); iterator->destroy(iterator);
int16_val = htons(length_of_sa_payload); int16_val = htons(length_of_sa_payload);
write_bytes_to_buffer_at_offset(this, &int16_val, write_bytes_to_buffer_at_offset(this, &int16_val,
sizeof(u_int16_t),payload_length_position_offset); sizeof(u_int16_t),payload_length_position_offset);
@ -664,36 +664,36 @@ static void generate_payload (private_generator_t *this,payload_t *payload)
} }
case TRANSFORMS: case TRANSFORMS:
{ {
u_int32_t payload_length_position_offset = u_int32_t payload_length_position_offset =
this->last_payload_length_position_offset; this->last_payload_length_position_offset;
u_int16_t length_of_proposal = u_int16_t length_of_proposal =
PROPOSAL_SUBSTRUCTURE_HEADER_LENGTH + this->last_spi_size; PROPOSAL_SUBSTRUCTURE_HEADER_LENGTH + this->last_spi_size;
u_int16_t int16_val; u_int16_t int16_val;
linked_list_t *transforms = *((linked_list_t **) linked_list_t *transforms = *((linked_list_t **)
(this->data_struct + rules[i].offset)); (this->data_struct + rules[i].offset));
iterator_t *iterator; iterator_t *iterator;
payload_t *current_transform; payload_t *current_transform;
iterator = transforms->create_iterator(transforms,TRUE); iterator = transforms->create_iterator(transforms,TRUE);
while (iterator->iterate(iterator, (void**)&current_transform)) while (iterator->iterate(iterator, (void**)&current_transform))
{ {
u_int32_t before_generate_position_offset; u_int32_t before_generate_position_offset;
u_int32_t after_generate_position_offset; u_int32_t after_generate_position_offset;
before_generate_position_offset = get_offset(this); before_generate_position_offset = get_offset(this);
generate_payload(this, current_transform); generate_payload(this, current_transform);
after_generate_position_offset = get_offset(this); after_generate_position_offset = get_offset(this);
length_of_proposal += (after_generate_position_offset - length_of_proposal += (after_generate_position_offset -
before_generate_position_offset); before_generate_position_offset);
} }
iterator->destroy(iterator); iterator->destroy(iterator);
int16_val = htons(length_of_proposal); int16_val = htons(length_of_proposal);
write_bytes_to_buffer_at_offset(this, &int16_val, write_bytes_to_buffer_at_offset(this, &int16_val,
sizeof(u_int16_t), payload_length_position_offset); sizeof(u_int16_t), payload_length_position_offset);
break; break;
} }
case TRANSFORM_ATTRIBUTES: case TRANSFORM_ATTRIBUTES:
{ {
u_int32_t transform_length_position_offset = u_int32_t transform_length_position_offset =
@ -705,32 +705,32 @@ static void generate_payload (private_generator_t *this,payload_t *payload)
(this->data_struct + rules[i].offset)); (this->data_struct + rules[i].offset));
iterator_t *iterator; iterator_t *iterator;
payload_t *current_attribute; payload_t *current_attribute;
iterator = transform_attributes->create_iterator( iterator = transform_attributes->create_iterator(
transform_attributes, TRUE); transform_attributes, TRUE);
while (iterator->iterate(iterator, (void**)&current_attribute)) while (iterator->iterate(iterator, (void**)&current_attribute))
{ {
u_int32_t before_generate_position_offset; u_int32_t before_generate_position_offset;
u_int32_t after_generate_position_offset; u_int32_t after_generate_position_offset;
before_generate_position_offset = get_offset(this); before_generate_position_offset = get_offset(this);
generate_payload(this, current_attribute); generate_payload(this, current_attribute);
after_generate_position_offset = get_offset(this); after_generate_position_offset = get_offset(this);
length_of_transform += (after_generate_position_offset - length_of_transform += (after_generate_position_offset -
before_generate_position_offset); before_generate_position_offset);
} }
iterator->destroy(iterator); iterator->destroy(iterator);
int16_val = htons(length_of_transform); int16_val = htons(length_of_transform);
write_bytes_to_buffer_at_offset(this, &int16_val, write_bytes_to_buffer_at_offset(this, &int16_val,
sizeof(u_int16_t),transform_length_position_offset); sizeof(u_int16_t),transform_length_position_offset);
break; break;
} }
case CONFIGURATION_ATTRIBUTES: case CONFIGURATION_ATTRIBUTES:
{ {
u_int32_t configurations_length_position_offset = u_int32_t configurations_length_position_offset =
this->last_payload_length_position_offset; this->last_payload_length_position_offset;
u_int16_t length_of_configurations = CP_PAYLOAD_HEADER_LENGTH; u_int16_t length_of_configurations = CP_PAYLOAD_HEADER_LENGTH;
u_int16_t int16_val; u_int16_t int16_val;
@ -738,29 +738,29 @@ static void generate_payload (private_generator_t *this,payload_t *payload)
(this->data_struct + rules[i].offset)); (this->data_struct + rules[i].offset));
iterator_t *iterator; iterator_t *iterator;
payload_t *current_attribute; payload_t *current_attribute;
iterator = configuration_attributes->create_iterator( iterator = configuration_attributes->create_iterator(
configuration_attributes,TRUE); configuration_attributes,TRUE);
while (iterator->iterate(iterator, (void**)&current_attribute)) while (iterator->iterate(iterator, (void**)&current_attribute))
{ {
u_int32_t before_generate_position_offset; u_int32_t before_generate_position_offset;
u_int32_t after_generate_position_offset; u_int32_t after_generate_position_offset;
before_generate_position_offset = get_offset(this); before_generate_position_offset = get_offset(this);
generate_payload(this, current_attribute); generate_payload(this, current_attribute);
after_generate_position_offset = get_offset(this); after_generate_position_offset = get_offset(this);
length_of_configurations += after_generate_position_offset - length_of_configurations += after_generate_position_offset -
before_generate_position_offset; before_generate_position_offset;
} }
iterator->destroy(iterator); iterator->destroy(iterator);
int16_val = htons(length_of_configurations); int16_val = htons(length_of_configurations);
write_bytes_to_buffer_at_offset(this, &int16_val, write_bytes_to_buffer_at_offset(this, &int16_val,
sizeof(u_int16_t),configurations_length_position_offset); sizeof(u_int16_t),configurations_length_position_offset);
break; break;
} }
case ATTRIBUTE_FORMAT: case ATTRIBUTE_FORMAT:
{ {
generate_flag(this, rules[i].offset); generate_flag(this, rules[i].offset);
@ -768,7 +768,7 @@ static void generate_payload (private_generator_t *this,payload_t *payload)
this->attribute_format = this->attribute_format =
*((bool *)(this->data_struct + rules[i].offset)); *((bool *)(this->data_struct + rules[i].offset));
break; break;
} }
case ATTRIBUTE_LENGTH_OR_VALUE: case ATTRIBUTE_LENGTH_OR_VALUE:
{ {
@ -797,7 +797,7 @@ static void generate_payload (private_generator_t *this,payload_t *payload)
} }
case TRAFFIC_SELECTORS: case TRAFFIC_SELECTORS:
{ {
u_int32_t payload_length_position_offset = u_int32_t payload_length_position_offset =
this->last_payload_length_position_offset; this->last_payload_length_position_offset;
u_int16_t length_of_ts_payload = TS_PAYLOAD_HEADER_LENGTH; u_int16_t length_of_ts_payload = TS_PAYLOAD_HEADER_LENGTH;
u_int16_t int16_val; u_int16_t int16_val;
@ -805,29 +805,29 @@ static void generate_payload (private_generator_t *this,payload_t *payload)
(this->data_struct + rules[i].offset)); (this->data_struct + rules[i].offset));
iterator_t *iterator; iterator_t *iterator;
payload_t *current_tss; payload_t *current_tss;
iterator = traffic_selectors->create_iterator( iterator = traffic_selectors->create_iterator(
traffic_selectors,TRUE); traffic_selectors,TRUE);
while (iterator->iterate(iterator, (void **)&current_tss)) while (iterator->iterate(iterator, (void **)&current_tss))
{ {
u_int32_t before_generate_position_offset; u_int32_t before_generate_position_offset;
u_int32_t after_generate_position_offset; u_int32_t after_generate_position_offset;
before_generate_position_offset = get_offset(this); before_generate_position_offset = get_offset(this);
generate_payload(this, current_tss); generate_payload(this, current_tss);
after_generate_position_offset = get_offset(this); after_generate_position_offset = get_offset(this);
length_of_ts_payload += (after_generate_position_offset - length_of_ts_payload += (after_generate_position_offset -
before_generate_position_offset); before_generate_position_offset);
} }
iterator->destroy(iterator); iterator->destroy(iterator);
int16_val = htons(length_of_ts_payload); int16_val = htons(length_of_ts_payload);
write_bytes_to_buffer_at_offset(this, &int16_val, write_bytes_to_buffer_at_offset(this, &int16_val,
sizeof(u_int16_t),payload_length_position_offset); sizeof(u_int16_t),payload_length_position_offset);
break; break;
} }
case ENCRYPTED_DATA: case ENCRYPTED_DATA:
{ {
generate_from_chunk(this, rules[i].offset); generate_from_chunk(this, rules[i].offset);
@ -869,10 +869,10 @@ generator_t *generator_create()
this->public.generate_payload = (void(*)(generator_t*, payload_t *))generate_payload; this->public.generate_payload = (void(*)(generator_t*, payload_t *))generate_payload;
this->public.destroy = (void(*)(generator_t*)) destroy; this->public.destroy = (void(*)(generator_t*)) destroy;
this->public.write_to_chunk = (void (*) (generator_t *,chunk_t *))write_to_chunk; this->public.write_to_chunk = (void (*) (generator_t *,chunk_t *))write_to_chunk;
/* allocate memory for buffer */ /* allocate memory for buffer */
this->buffer = malloc(GENERATOR_DATA_BUFFER_SIZE); this->buffer = malloc(GENERATOR_DATA_BUFFER_SIZE);
/* initiate private variables */ /* initiate private variables */
this->out_position = this->buffer; this->out_position = this->buffer;
this->roof_position = this->buffer + GENERATOR_DATA_BUFFER_SIZE; this->roof_position = this->buffer + GENERATOR_DATA_BUFFER_SIZE;
@ -880,7 +880,7 @@ generator_t *generator_create()
this->current_bit = 0; this->current_bit = 0;
this->last_payload_length_position_offset = 0; this->last_payload_length_position_offset = 0;
this->header_length_position_offset = 0; this->header_length_position_offset = 0;
return &(this->public); return &(this->public);
} }

10
src/charon/encoding/generator.h
View File

@ -44,7 +44,7 @@ typedef struct generator_t generator_t;
* A generator_t class used to generate IKEv2 payloads. * A generator_t class used to generate IKEv2 payloads.
* *
* After creation, multiple payloads can be generated with the generate_payload * After creation, multiple payloads can be generated with the generate_payload
* method. The generated bytes are appended. After all payloads are added, * method. The generated bytes are appended. After all payloads are added,
* the write_to_chunk method writes out all generated data since * the write_to_chunk method writes out all generated data since
* the creation of the generator. After that, the generator must be destroyed. * the creation of the generator. After that, the generator must be destroyed.
* The generater uses a set of encoding rules, which it can get from * The generater uses a set of encoding rules, which it can get from
@ -52,7 +52,7 @@ typedef struct generator_t generator_t;
* the payload and all substructures automatically. * the payload and all substructures automatically.
*/ */
struct generator_t { struct generator_t {
/** /**
* Generates a specific payload from given payload object. * Generates a specific payload from given payload object.
* *
@ -61,14 +61,14 @@ struct generator_t {
* @param payload interface payload_t implementing object * @param payload interface payload_t implementing object
*/ */
void (*generate_payload) (generator_t *this,payload_t *payload); void (*generate_payload) (generator_t *this,payload_t *payload);
/** /**
* Writes all generated data of the generator to a chunk. * Writes all generated data of the generator to a chunk.
* *
* @param data chunk to write the data to * @param data chunk to write the data to
*/ */
void (*write_to_chunk) (generator_t *this,chunk_t *data); void (*write_to_chunk) (generator_t *this,chunk_t *data);
/** /**
* Destroys a generator_t object. * Destroys a generator_t object.
*/ */
@ -77,7 +77,7 @@ struct generator_t {
/** /**
* Constructor to create a generator. * Constructor to create a generator.
* *
* @return generator_t object. * @return generator_t object.
*/ */
generator_t *generator_create(void); generator_t *generator_create(void);

206
src/charon/encoding/message.c
View File

@ -56,7 +56,7 @@ struct payload_rule_t {
* Payload type. * Payload type.
*/ */
payload_type_t payload_type; payload_type_t payload_type;
/** /**
* Minimal occurence of this payload. * Minimal occurence of this payload.
*/ */
@ -66,12 +66,12 @@ struct payload_rule_t {
* Max occurence of this payload. * Max occurence of this payload.
*/ */
size_t max_occurence; size_t max_occurence;
/** /**
* TRUE if payload must be encrypted * TRUE if payload must be encrypted
*/ */
bool encrypted; bool encrypted;
/** /**
* If this payload occurs, the message rule is * If this payload occurs, the message rule is
* fullfilled in any case. This applies e.g. to * fullfilled in any case. This applies e.g. to
@ -91,7 +91,7 @@ struct payload_order_t {
* payload type * payload type
*/ */
payload_type_t type; payload_type_t type;
/** /**
* notify type, if payload == NOTIFY * notify type, if payload == NOTIFY
*/ */
@ -111,7 +111,7 @@ struct message_rule_t {
* Type of message. * Type of message.
*/ */
exchange_type_t exchange_type; exchange_type_t exchange_type;
/** /**
* Is message a request or response. * Is message a request or response.
*/ */
@ -121,22 +121,22 @@ struct message_rule_t {
* Message contains encrypted content. * Message contains encrypted content.
*/ */
bool encrypted_content; bool encrypted_content;
/** /**
* Number of payload rules which will follow * Number of payload rules which will follow
*/ */
int payload_rule_count; int payload_rule_count;
/** /**
* Pointer to first payload rule * Pointer to first payload rule
*/ */
payload_rule_t *payload_rules; payload_rule_t *payload_rules;
/** /**
* Number of payload order rules * Number of payload order rules
*/ */
int payload_order_count; int payload_order_count;
/** /**
* payload ordering rules * payload ordering rules
*/ */
@ -536,12 +536,12 @@ struct private_message_t {
* Minor version of message. * Minor version of message.
*/ */
u_int8_t major_version; u_int8_t major_version;
/** /**
* Major version of message. * Major version of message.
*/ */
u_int8_t minor_version; u_int8_t minor_version;
/** /**
* First Payload in message. * First Payload in message.
*/ */
@ -556,32 +556,32 @@ struct private_message_t {
* TRUE if message is a request, FALSE if a reply. * TRUE if message is a request, FALSE if a reply.
*/ */
bool is_request; bool is_request;
/** /**
* Message ID of this message. * Message ID of this message.
*/ */
u_int32_t message_id; u_int32_t message_id;
/** /**
* ID of assigned IKE_SA. * ID of assigned IKE_SA.
*/ */
ike_sa_id_t *ike_sa_id; ike_sa_id_t *ike_sa_id;
/** /**
* Assigned UDP packet, stores incoming packet or last generated one. * Assigned UDP packet, stores incoming packet or last generated one.
*/ */
packet_t *packet; packet_t *packet;
/** /**
* Linked List where payload data are stored in. * Linked List where payload data are stored in.
*/ */
linked_list_t *payloads; linked_list_t *payloads;
/** /**
* Assigned parser to parse Header and Body of this message. * Assigned parser to parse Header and Body of this message.
*/ */
parser_t *parser; parser_t *parser;
/** /**
* The message rule for this message instance * The message rule for this message instance
*/ */
@ -594,7 +594,7 @@ struct private_message_t {
static status_t set_message_rule(private_message_t *this) static status_t set_message_rule(private_message_t *this)
{ {
int i; int i;
for (i = 0; i < (sizeof(message_rules) / sizeof(message_rule_t)); i++) for (i = 0; i < (sizeof(message_rules) / sizeof(message_rule_t)); i++)
{ {
if ((this->exchange_type == message_rules[i].exchange_type) && if ((this->exchange_type == message_rules[i].exchange_type) &&
@ -615,7 +615,7 @@ static status_t set_message_rule(private_message_t *this)
static status_t get_payload_rule(private_message_t *this, payload_type_t payload_type, payload_rule_t **payload_rule) static status_t get_payload_rule(private_message_t *this, payload_type_t payload_type, payload_rule_t **payload_rule)
{ {
int i; int i;
for (i = 0; i < this->message_rule->payload_rule_count;i++) for (i = 0; i < this->message_rule->payload_rule_count;i++)
{ {
if (this->message_rule->payload_rules[i].payload_type == payload_type) if (this->message_rule->payload_rules[i].payload_type == payload_type)
@ -624,7 +624,7 @@ static status_t get_payload_rule(private_message_t *this, payload_type_t payload
return SUCCESS; return SUCCESS;
} }
} }
*payload_rule = NULL; *payload_rule = NULL;
return NOT_FOUND; return NOT_FOUND;
} }
@ -757,7 +757,7 @@ static exchange_type_t get_request (private_message_t *this)
static bool is_encoded(private_message_t *this) static bool is_encoded(private_message_t *this)
{ {
chunk_t data = this->packet->get_data(this->packet); chunk_t data = this->packet->get_data(this->packet);
if (data.ptr == NULL) if (data.ptr == NULL)
{ {
return FALSE; return FALSE;
@ -796,7 +796,7 @@ static void add_notify(private_message_t *this, bool flush, notify_type_t type,
{ {
notify_payload_t *notify; notify_payload_t *notify;
payload_t *payload; payload_t *payload;
if (flush) if (flush)
{ {
while (this->payloads->remove_last(this->payloads, while (this->payloads->remove_last(this->payloads,
@ -858,7 +858,7 @@ static payload_t *get_payload(private_message_t *this, payload_type_t type)
{ {
payload_t *current, *found = NULL; payload_t *current, *found = NULL;
enumerator_t *enumerator; enumerator_t *enumerator;
enumerator = create_payload_enumerator(this); enumerator = create_payload_enumerator(this);
while (enumerator->enumerate(enumerator, &current)) while (enumerator->enumerate(enumerator, &current))
{ {
@ -880,7 +880,7 @@ static notify_payload_t* get_notify(private_message_t *this, notify_type_t type)
enumerator_t *enumerator; enumerator_t *enumerator;
notify_payload_t *notify = NULL; notify_payload_t *notify = NULL;
payload_t *payload; payload_t *payload;
enumerator = create_payload_enumerator(this); enumerator = create_payload_enumerator(this);
while (enumerator->enumerate(enumerator, &payload)) while (enumerator->enumerate(enumerator, &payload))
{ {
@ -907,10 +907,10 @@ static char* get_string(private_message_t *this, char *buf, int len)
payload_t *payload; payload_t *payload;
int written; int written;
char *pos = buf; char *pos = buf;
memset(buf, 0, len); memset(buf, 0, len);
len--; len--;
written = snprintf(pos, len, "%N %s %d [", written = snprintf(pos, len, "%N %s %d [",
exchange_type_names, this->exchange_type, exchange_type_names, this->exchange_type,
this->is_request ? "request" : "response", this->is_request ? "request" : "response",
@ -921,7 +921,7 @@ static char* get_string(private_message_t *this, char *buf, int len)
} }
pos += written; pos += written;
len -= written; len -= written;
enumerator = create_payload_enumerator(this); enumerator = create_payload_enumerator(this);
while (enumerator->enumerate(enumerator, &payload)) while (enumerator->enumerate(enumerator, &payload))
{ {
@ -947,7 +947,7 @@ static char* get_string(private_message_t *this, char *buf, int len)
} }
} }
enumerator->destroy(enumerator); enumerator->destroy(enumerator);
/* remove last space */ /* remove last space */
snprintf(pos, len, " ]"); snprintf(pos, len, " ]");
return buf; return buf;
@ -961,7 +961,7 @@ static void order_payloads(private_message_t *this)
linked_list_t *list; linked_list_t *list;
payload_t *payload; payload_t *payload;
int i; int i;
/* move to temp list */ /* move to temp list */
list = linked_list_create(); list = linked_list_create();
while (this->payloads->remove_last(this->payloads, while (this->payloads->remove_last(this->payloads,
@ -975,7 +975,7 @@ static void order_payloads(private_message_t *this)
enumerator_t *enumerator; enumerator_t *enumerator;
notify_payload_t *notify; notify_payload_t *notify;
payload_order_t order = this->message_rule->payload_order[i]; payload_order_t order = this->message_rule->payload_order[i];
/* ... find all payload ... */ /* ... find all payload ... */
enumerator = list->create_enumerator(list); enumerator = list->create_enumerator(list);
while (enumerator->enumerate(enumerator, &payload)) while (enumerator->enumerate(enumerator, &payload))
@ -984,7 +984,7 @@ static void order_payloads(private_message_t *this)
if (payload->get_type(payload) == order.type) if (payload->get_type(payload) == order.type)
{ {
notify = (notify_payload_t*)payload; notify = (notify_payload_t*)payload;
/**... and check notify for type. */ /**... and check notify for type. */
if (order.type != NOTIFY || order.notify == 0 || if (order.type != NOTIFY || order.notify == 0 ||
order.notify == notify->get_notify_type(notify)) order.notify == notify->get_notify_type(notify))
@ -1017,24 +1017,24 @@ static status_t encrypt_payloads(private_message_t *this,
encryption_payload_t *encryption_payload = NULL; encryption_payload_t *encryption_payload = NULL;
status_t status; status_t status;
linked_list_t *all_payloads; linked_list_t *all_payloads;
if (!this->message_rule->encrypted_content) if (!this->message_rule->encrypted_content)
{ {
DBG2(DBG_ENC, "message doesn't have to be encrypted"); DBG2(DBG_ENC, "message doesn't have to be encrypted");
/* message contains no content to encrypt */ /* message contains no content to encrypt */
return SUCCESS; return SUCCESS;
} }
if (!crypter || !signer) if (!crypter || !signer)
{ {
DBG2(DBG_ENC, "no crypter or signer specified, do not encrypt message"); DBG2(DBG_ENC, "no crypter or signer specified, do not encrypt message");
/* message contains no content to encrypt */ /* message contains no content to encrypt */
return SUCCESS; return SUCCESS;
} }
DBG2(DBG_ENC, "copy all payloads to a temporary list"); DBG2(DBG_ENC, "copy all payloads to a temporary list");
all_payloads = linked_list_create(); all_payloads = linked_list_create();
/* first copy all payloads in a temporary list */ /* first copy all payloads in a temporary list */
while (this->payloads->get_count(this->payloads) > 0) while (this->payloads->get_count(this->payloads) > 0)
{ {
@ -1042,7 +1042,7 @@ static status_t encrypt_payloads(private_message_t *this,
this->payloads->remove_first(this->payloads,&current_payload); this->payloads->remove_first(this->payloads,&current_payload);
all_payloads->insert_last(all_payloads,current_payload); all_payloads->insert_last(all_payloads,current_payload);
} }
encryption_payload = encryption_payload_create(); encryption_payload = encryption_payload_create();
DBG2(DBG_ENC, "check each payloads if they have to get encrypted"); DBG2(DBG_ENC, "check each payloads if they have to get encrypted");
@ -1051,9 +1051,9 @@ static status_t encrypt_payloads(private_message_t *this,
payload_rule_t *payload_rule; payload_rule_t *payload_rule;
payload_t *current_payload; payload_t *current_payload;
bool to_encrypt = FALSE; bool to_encrypt = FALSE;
all_payloads->remove_first(all_payloads,(void **)&current_payload); all_payloads->remove_first(all_payloads,(void **)&current_payload);
status = get_payload_rule(this, status = get_payload_rule(this,
current_payload->get_type(current_payload),&payload_rule); current_payload->get_type(current_payload),&payload_rule);
/* for payload types which are not found in supported payload list, /* for payload types which are not found in supported payload list,
@ -1064,7 +1064,7 @@ static status_t encrypt_payloads(private_message_t *this,
payload_type_names, current_payload->get_type(current_payload)); payload_type_names, current_payload->get_type(current_payload));
to_encrypt = TRUE; to_encrypt = TRUE;
} }
if (to_encrypt) if (to_encrypt)
{ {
DBG2(DBG_ENC, "insert payload %N to encryption payload", DBG2(DBG_ENC, "insert payload %N to encryption payload",
@ -1085,9 +1085,9 @@ static status_t encrypt_payloads(private_message_t *this,
status = encryption_payload->encrypt(encryption_payload); status = encryption_payload->encrypt(encryption_payload);
DBG2(DBG_ENC, "add encrypted payload to payload list"); DBG2(DBG_ENC, "add encrypted payload to payload list");
add_payload(this, (payload_t*)encryption_payload); add_payload(this, (payload_t*)encryption_payload);
all_payloads->destroy(all_payloads); all_payloads->destroy(all_payloads);
return status; return status;
} }
@ -1104,20 +1104,20 @@ static status_t generate(private_message_t *this, crypter_t *crypter,
status_t status; status_t status;
chunk_t packet_data; chunk_t packet_data;
char str[256]; char str[256];
if (is_encoded(this)) if (is_encoded(this))
{ {
/* already generated, return a new packet clone */ /* already generated, return a new packet clone */
*packet = this->packet->clone(this->packet); *packet = this->packet->clone(this->packet);
return SUCCESS; return SUCCESS;
} }
if (this->exchange_type == EXCHANGE_TYPE_UNDEFINED) if (this->exchange_type == EXCHANGE_TYPE_UNDEFINED)
{ {
DBG1(DBG_ENC, "exchange type is not defined"); DBG1(DBG_ENC, "exchange type is not defined");
return INVALID_STATE; return INVALID_STATE;
} }
if (this->packet->get_source(this->packet) == NULL || if (this->packet->get_source(this->packet) == NULL ||
this->packet->get_destination(this->packet) == NULL) this->packet->get_destination(this->packet) == NULL)
{ {
@ -1125,7 +1125,7 @@ static status_t generate(private_message_t *this, crypter_t *crypter,
!this->packet->get_source(this->packet) ? "source" : "destination"); !this->packet->get_source(this->packet) ? "source" : "destination");
return INVALID_STATE; return INVALID_STATE;
} }
/* set the rules for this messge */ /* set the rules for this messge */
status = set_message_rule(this); status = set_message_rule(this);
if (status != SUCCESS) if (status != SUCCESS)
@ -1133,11 +1133,11 @@ static status_t generate(private_message_t *this, crypter_t *crypter,
DBG1(DBG_ENC, "no message rules specified for this message type"); DBG1(DBG_ENC, "no message rules specified for this message type");
return NOT_SUPPORTED; return NOT_SUPPORTED;
} }
order_payloads(this); order_payloads(this);
DBG1(DBG_ENC, "generating %s", get_string(this, str, sizeof(str))); DBG1(DBG_ENC, "generating %s", get_string(this, str, sizeof(str)));
/* going to encrypt all content which have to be encrypted */ /* going to encrypt all content which have to be encrypted */
status = encrypt_payloads(this, crypter, signer); status = encrypt_payloads(this, crypter, signer);
if (status != SUCCESS) if (status != SUCCESS)
@ -1145,21 +1145,21 @@ static status_t generate(private_message_t *this, crypter_t *crypter,
DBG1(DBG_ENC, "payload encryption failed"); DBG1(DBG_ENC, "payload encryption failed");
return status; return status;
} }
/* build ike header */ /* build ike header */
ike_header = ike_header_create(); ike_header = ike_header_create();
ike_header->set_exchange_type(ike_header, this->exchange_type); ike_header->set_exchange_type(ike_header, this->exchange_type);
ike_header->set_message_id(ike_header, this->message_id); ike_header->set_message_id(ike_header, this->message_id);
ike_header->set_response_flag(ike_header, !this->is_request); ike_header->set_response_flag(ike_header, !this->is_request);
ike_header->set_initiator_flag(ike_header, this->ike_sa_id->is_initiator(this->ike_sa_id)); ike_header->set_initiator_flag(ike_header, this->ike_sa_id->is_initiator(this->ike_sa_id));
ike_header->set_initiator_spi(ike_header, this->ike_sa_id->get_initiator_spi(this->ike_sa_id)); ike_header->set_initiator_spi(ike_header, this->ike_sa_id->get_initiator_spi(this->ike_sa_id));
ike_header->set_responder_spi(ike_header, this->ike_sa_id->get_responder_spi(this->ike_sa_id)); ike_header->set_responder_spi(ike_header, this->ike_sa_id->get_responder_spi(this->ike_sa_id));
generator = generator_create(); generator = generator_create();
payload = (payload_t*)ike_header; payload = (payload_t*)ike_header;
/* generate every payload expect last one, this is done later*/ /* generate every payload expect last one, this is done later*/
enumerator = create_payload_enumerator(this); enumerator = create_payload_enumerator(this);
while (enumerator->enumerate(enumerator, &next_payload)) while (enumerator->enumerate(enumerator, &next_payload))
@ -1169,18 +1169,18 @@ static status_t generate(private_message_t *this, crypter_t *crypter,
payload = next_payload; payload = next_payload;
} }
enumerator->destroy(enumerator); enumerator->destroy(enumerator);
/* last payload has no next payload*/ /* last payload has no next payload*/
payload->set_next_type(payload, NO_PAYLOAD); payload->set_next_type(payload, NO_PAYLOAD);
generator->generate_payload(generator, payload); generator->generate_payload(generator, payload);
ike_header->destroy(ike_header); ike_header->destroy(ike_header);
/* build packet */ /* build packet */
generator->write_to_chunk(generator, &packet_data); generator->write_to_chunk(generator, &packet_data);
generator->destroy(generator); generator->destroy(generator);
/* if last payload is of type encrypted, integrity checksum if necessary */ /* if last payload is of type encrypted, integrity checksum if necessary */
if (payload->get_type(payload) == ENCRYPTED) if (payload->get_type(payload) == ENCRYPTED)
{ {
@ -1192,12 +1192,12 @@ static status_t generate(private_message_t *this, crypter_t *crypter,
return status; return status;
} }
} }
this->packet->set_data(this->packet, packet_data); this->packet->set_data(this->packet, packet_data);
/* clone packet for caller */ /* clone packet for caller */
*packet = this->packet->clone(this->packet); *packet = this->packet->clone(this->packet);
DBG2(DBG_ENC, "message generated successfully"); DBG2(DBG_ENC, "message generated successfully");
return SUCCESS; return SUCCESS;
} }
@ -1233,18 +1233,18 @@ static status_t parse_header(private_message_t *this)
{ {
ike_header_t *ike_header; ike_header_t *ike_header;
status_t status; status_t status;
DBG2(DBG_ENC, "parsing header of message"); DBG2(DBG_ENC, "parsing header of message");
this->parser->reset_context(this->parser); this->parser->reset_context(this->parser);
status = this->parser->parse_payload(this->parser,HEADER,(payload_t **) &ike_header); status = this->parser->parse_payload(this->parser,HEADER,(payload_t **) &ike_header);
if (status != SUCCESS) if (status != SUCCESS)
{ {
DBG1(DBG_ENC, "header could not be parsed"); DBG1(DBG_ENC, "header could not be parsed");
return status; return status;
} }
/* verify payload */ /* verify payload */
status = ike_header->payload_interface.verify(&(ike_header->payload_interface)); status = ike_header->payload_interface.verify(&(ike_header->payload_interface));
if (status != SUCCESS) if (status != SUCCESS)
@ -1253,12 +1253,12 @@ static status_t parse_header(private_message_t *this)
ike_header->destroy(ike_header); ike_header->destroy(ike_header);
return status; return status;
} }
if (this->ike_sa_id != NULL) if (this->ike_sa_id != NULL)
{ {
this->ike_sa_id->destroy(this->ike_sa_id); this->ike_sa_id->destroy(this->ike_sa_id);
} }
this->ike_sa_id = ike_sa_id_create(ike_header->get_initiator_spi(ike_header), this->ike_sa_id = ike_sa_id_create(ike_header->get_initiator_spi(ike_header),
ike_header->get_responder_spi(ike_header), ike_header->get_responder_spi(ike_header),
ike_header->get_initiator_flag(ike_header)); ike_header->get_initiator_flag(ike_header));
@ -1269,12 +1269,12 @@ static status_t parse_header(private_message_t *this)
this->major_version = ike_header->get_maj_version(ike_header); this->major_version = ike_header->get_maj_version(ike_header);
this->minor_version = ike_header->get_min_version(ike_header); this->minor_version = ike_header->get_min_version(ike_header);
this->first_payload = ike_header->payload_interface.get_next_type(&(ike_header->payload_interface)); this->first_payload = ike_header->payload_interface.get_next_type(&(ike_header->payload_interface));
DBG2(DBG_ENC, "parsed a %N %s", exchange_type_names, this->exchange_type, DBG2(DBG_ENC, "parsed a %N %s", exchange_type_names, this->exchange_type,
this->is_request ? "request" : "response"); this->is_request ? "request" : "response");
ike_header->destroy(ike_header); ike_header->destroy(ike_header);
/* get the rules for this messge */ /* get the rules for this messge */
status = set_message_rule(this); status = set_message_rule(this);
if (status != SUCCESS) if (status != SUCCESS)
@ -1283,7 +1283,7 @@ static status_t parse_header(private_message_t *this)
exchange_type_names, this->exchange_type, exchange_type_names, this->exchange_type,
this->is_request ? "request" : "response"); this->is_request ? "request" : "response");
} }
return status; return status;
} }
@ -1306,20 +1306,20 @@ static status_t decrypt_payloads(private_message_t *this,crypter_t *crypter, sig
{ {
payload_rule_t *payload_rule; payload_rule_t *payload_rule;
payload_type_t current_payload_type; payload_type_t current_payload_type;
/* needed to check */ /* needed to check */
current_payload_type = current_payload->get_type(current_payload); current_payload_type = current_payload->get_type(current_payload);
DBG2(DBG_ENC, "process payload of type %N", DBG2(DBG_ENC, "process payload of type %N",
payload_type_names, current_payload_type); payload_type_names, current_payload_type);
if (current_payload_type == ENCRYPTED) if (current_payload_type == ENCRYPTED)
{ {
encryption_payload_t *encryption_payload; encryption_payload_t *encryption_payload;
payload_t *current_encrypted_payload; payload_t *current_encrypted_payload;
encryption_payload = (encryption_payload_t*)current_payload; encryption_payload = (encryption_payload_t*)current_payload;
DBG2(DBG_ENC, "found an encryption payload"); DBG2(DBG_ENC, "found an encryption payload");
if (payload_number != this->payloads->get_count(this->payloads)) if (payload_number != this->payloads->get_count(this->payloads))
@ -1348,10 +1348,10 @@ static status_t decrypt_payloads(private_message_t *this,crypter_t *crypter, sig
iterator->destroy(iterator); iterator->destroy(iterator);
return PARSE_ERROR; return PARSE_ERROR;
} }
/* needed later to find out if a payload was encrypted */ /* needed later to find out if a payload was encrypted */
current_payload_was_encrypted = TRUE; current_payload_was_encrypted = TRUE;
/* check if there are payloads contained in the encryption payload */ /* check if there are payloads contained in the encryption payload */
if (encryption_payload->get_payload_count(encryption_payload) == 0) if (encryption_payload->get_payload_count(encryption_payload) == 0)
{ {
@ -1368,7 +1368,7 @@ static status_t decrypt_payloads(private_message_t *this,crypter_t *crypter, sig
iterator->replace(iterator,NULL,(void *) current_encrypted_payload); iterator->replace(iterator,NULL,(void *) current_encrypted_payload);
current_payload_type = current_encrypted_payload->get_type(current_encrypted_payload); current_payload_type = current_encrypted_payload->get_type(current_encrypted_payload);
} }
/* is the current paylad the first in the message? */ /* is the current paylad the first in the message? */
if (previous_payload == NULL) if (previous_payload == NULL)
{ {
@ -1380,7 +1380,7 @@ static status_t decrypt_payloads(private_message_t *this,crypter_t *crypter, sig
/* no, set the next_type of the previous payload to the current type */ /* no, set the next_type of the previous payload to the current type */
previous_payload->set_next_type(previous_payload, current_payload_type); previous_payload->set_next_type(previous_payload, current_payload_type);
} }
/* all encrypted payloads are added to the payload list */ /* all encrypted payloads are added to the payload list */
while (encryption_payload->get_payload_count(encryption_payload) > 0) while (encryption_payload->get_payload_count(encryption_payload) > 0)
{ {
@ -1389,7 +1389,7 @@ static status_t decrypt_payloads(private_message_t *this,crypter_t *crypter, sig
payload_type_names, current_encrypted_payload->get_type(current_encrypted_payload)); payload_type_names, current_encrypted_payload->get_type(current_encrypted_payload));
this->payloads->insert_last(this->payloads,current_encrypted_payload); this->payloads->insert_last(this->payloads,current_encrypted_payload);
} }
/* encryption payload is processed, payloads are moved. Destroy it. */ /* encryption payload is processed, payloads are moved. Destroy it. */
encryption_payload->destroy(encryption_payload); encryption_payload->destroy(encryption_payload);
} }
@ -1407,7 +1407,7 @@ static status_t decrypt_payloads(private_message_t *this,crypter_t *crypter, sig
iterator->destroy(iterator); iterator->destroy(iterator);
return VERIFY_ERROR; return VERIFY_ERROR;
} }
/* check if the payload was encrypted, and if it should been have encrypted */ /* check if the payload was encrypted, and if it should been have encrypted */
if (payload_rule->encrypted != current_payload_was_encrypted) if (payload_rule->encrypted != current_payload_was_encrypted)
{ {
@ -1437,24 +1437,24 @@ static status_t verify(private_message_t *this)
enumerator_t *enumerator; enumerator_t *enumerator;
payload_t *current_payload; payload_t *current_payload;
size_t total_found_payloads = 0; size_t total_found_payloads = 0;
DBG2(DBG_ENC, "verifying message structure"); DBG2(DBG_ENC, "verifying message structure");
/* check for payloads with wrong count*/ /* check for payloads with wrong count*/
for (i = 0; i < this->message_rule->payload_rule_count; i++) for (i = 0; i < this->message_rule->payload_rule_count; i++)
{ {
size_t found_payloads = 0; size_t found_payloads = 0;
payload_rule_t *rule; payload_rule_t *rule;
rule = &this->message_rule->payload_rules[i]; rule = &this->message_rule->payload_rules[i];
enumerator = create_payload_enumerator(this); enumerator = create_payload_enumerator(this);
/* check all payloads for specific rule */ /* check all payloads for specific rule */
while (enumerator->enumerate(enumerator, &current_payload)) while (enumerator->enumerate(enumerator, &current_payload))
{ {
payload_type_t current_payload_type; payload_type_t current_payload_type;
unknown_payload_t *unknown_payload; unknown_payload_t *unknown_payload;
current_payload_type = current_payload->get_type(current_payload); current_payload_type = current_payload->get_type(current_payload);
if (current_payload_type == UNKNOWN_PAYLOAD) if (current_payload_type == UNKNOWN_PAYLOAD)
{ {
@ -1474,7 +1474,7 @@ static status_t verify(private_message_t *this)
total_found_payloads++; total_found_payloads++;
DBG2(DBG_ENC, "found payload of type %N", payload_type_names, DBG2(DBG_ENC, "found payload of type %N", payload_type_names,
rule->payload_type); rule->payload_type);
/* as soon as ohe payload occures more then specified, /* as soon as ohe payload occures more then specified,
* the verification fails */ * the verification fails */
if (found_payloads > if (found_payloads >
@ -1489,7 +1489,7 @@ static status_t verify(private_message_t *this)
} }
} }
} }
if (found_payloads < rule->min_occurence) if (found_payloads < rule->min_occurence)
{ {
DBG1(DBG_ENC, "payload of type %N not occured %d times (%d)", DBG1(DBG_ENC, "payload of type %N not occured %d times (%d)",
@ -1517,9 +1517,9 @@ static status_t parse_body(private_message_t *this, crypter_t *crypter, signer_t
status_t status = SUCCESS; status_t status = SUCCESS;
payload_type_t current_payload_type; payload_type_t current_payload_type;
char str[256]; char str[256];
current_payload_type = this->first_payload; current_payload_type = this->first_payload;
DBG2(DBG_ENC, "parsing body of message, first payload is %N", DBG2(DBG_ENC, "parsing body of message, first payload is %N",
payload_type_names, current_payload_type); payload_type_names, current_payload_type);
@ -1527,13 +1527,13 @@ static status_t parse_body(private_message_t *this, crypter_t *crypter, signer_t
while ((current_payload_type != NO_PAYLOAD)) while ((current_payload_type != NO_PAYLOAD))
{ {
payload_t *current_payload; payload_t *current_payload;
DBG2(DBG_ENC, "starting parsing a %N payload", DBG2(DBG_ENC, "starting parsing a %N payload",
payload_type_names, current_payload_type); payload_type_names, current_payload_type);
/* parse current payload */ /* parse current payload */
status = this->parser->parse_payload(this->parser,current_payload_type,(payload_t **) &current_payload); status = this->parser->parse_payload(this->parser,current_payload_type,(payload_t **) &current_payload);
if (status != SUCCESS) if (status != SUCCESS)
{ {
DBG1(DBG_ENC, "payload type %N could not be parsed", DBG1(DBG_ENC, "payload type %N could not be parsed",
@ -1543,7 +1543,7 @@ static status_t parse_body(private_message_t *this, crypter_t *crypter, signer_t
DBG2(DBG_ENC, "verifying payload of type %N", DBG2(DBG_ENC, "verifying payload of type %N",
payload_type_names, current_payload_type); payload_type_names, current_payload_type);
/* verify it, stop parsig if its invalid */ /* verify it, stop parsig if its invalid */
status = current_payload->verify(current_payload); status = current_payload->verify(current_payload);
if (status != SUCCESS) if (status != SUCCESS)
@ -1553,11 +1553,11 @@ static status_t parse_body(private_message_t *this, crypter_t *crypter, signer_t
current_payload->destroy(current_payload); current_payload->destroy(current_payload);
return VERIFY_ERROR; return VERIFY_ERROR;
} }
DBG2(DBG_ENC, "%N payload verified. Adding to payload list", DBG2(DBG_ENC, "%N payload verified. Adding to payload list",
payload_type_names, current_payload_type); payload_type_names, current_payload_type);
this->payloads->insert_last(this->payloads,current_payload); this->payloads->insert_last(this->payloads,current_payload);
/* an encryption payload is the last one, so STOP here. decryption is done later */ /* an encryption payload is the last one, so STOP here. decryption is done later */
if (current_payload_type == ENCRYPTED) if (current_payload_type == ENCRYPTED)
{ {
@ -1565,7 +1565,7 @@ static status_t parse_body(private_message_t *this, crypter_t *crypter, signer_t
payload_type_names, current_payload_type); payload_type_names, current_payload_type);
break; break;
} }
/* get next payload type */ /* get next payload type */
current_payload_type = current_payload->get_next_type(current_payload); current_payload_type = current_payload->get_next_type(current_payload);
} }
@ -1579,15 +1579,15 @@ static status_t parse_body(private_message_t *this, crypter_t *crypter, signer_t
return status; return status;
} }
} }
status = verify(this); status = verify(this);
if (status != SUCCESS) if (status != SUCCESS)
{ {
return status; return status;
} }
DBG1(DBG_ENC, "parsed %s", get_string(this, str, sizeof(str))); DBG1(DBG_ENC, "parsed %s", get_string(this, str, sizeof(str)));
return SUCCESS; return SUCCESS;
} }
@ -1641,14 +1641,14 @@ message_t *message_create_from_packet(packet_t *packet)
this->public.get_packet = (packet_t * (*) (message_t*)) get_packet; this->public.get_packet = (packet_t * (*) (message_t*)) get_packet;
this->public.get_packet_data = (chunk_t (*) (message_t *this)) get_packet_data; this->public.get_packet_data = (chunk_t (*) (message_t *this)) get_packet_data;
this->public.destroy = (void(*)(message_t*))destroy; this->public.destroy = (void(*)(message_t*))destroy;
/* private values */ /* private values */
this->exchange_type = EXCHANGE_TYPE_UNDEFINED; this->exchange_type = EXCHANGE_TYPE_UNDEFINED;
this->is_request = TRUE; this->is_request = TRUE;
this->ike_sa_id = NULL; this->ike_sa_id = NULL;
this->first_payload = NO_PAYLOAD; this->first_payload = NO_PAYLOAD;
this->message_id = 0; this->message_id = 0;
/* private values */ /* private values */
if (packet == NULL) if (packet == NULL)
{ {
@ -1657,10 +1657,10 @@ message_t *message_create_from_packet(packet_t *packet)
this->message_rule = NULL; this->message_rule = NULL;
this->packet = packet; this->packet = packet;
this->payloads = linked_list_create(); this->payloads = linked_list_create();
/* parser is created from data of packet */ /* parser is created from data of packet */
this->parser = parser_create(this->packet->get_data(this->packet)); this->parser = parser_create(this->packet->get_data(this->packet));
return (&this->public); return (&this->public);
} }

114
src/charon/encoding/message.h
View File

@ -58,7 +58,7 @@ struct message_t {
* @return major version of the message * @return major version of the message
*/ */
u_int8_t (*get_major_version) (message_t *this); u_int8_t (*get_major_version) (message_t *this);
/** /**
* Sets the IKE minor version of the message. * Sets the IKE minor version of the message.
* *
@ -86,7 +86,7 @@ struct message_t {
* @return message_id type of the message * @return message_id type of the message
*/ */
u_int32_t (*get_message_id) (message_t *this); u_int32_t (*get_message_id) (message_t *this);
/** /**
* Gets the initiator SPI of the message. * Gets the initiator SPI of the message.
* *
@ -103,7 +103,7 @@ struct message_t {
/** /**
* Sets the IKE_SA ID of the message. * Sets the IKE_SA ID of the message.
* *
* ike_sa_id gets cloned. * ike_sa_id gets cloned.
* *
* @param ike_sa_id ike_sa_id to set * @param ike_sa_id ike_sa_id to set
@ -132,10 +132,10 @@ struct message_t {
* @return exchange type of the message * @return exchange type of the message
*/ */
exchange_type_t (*get_exchange_type) (message_t *this); exchange_type_t (*get_exchange_type) (message_t *this);
/** /**
* Gets the payload type of the first payload. * Gets the payload type of the first payload.
* *
* @return payload type of the first payload * @return payload type of the first payload
*/ */
payload_type_t (*get_first_payload_type) (message_t *this); payload_type_t (*get_first_payload_type) (message_t *this);
@ -156,20 +156,20 @@ struct message_t {
/** /**
* Append a payload to the message. * Append a payload to the message.
* *
* If the payload must be encrypted is not specified here. Encryption * If the payload must be encrypted is not specified here. Encryption
* of payloads is evaluated via internal rules for the messages and * of payloads is evaluated via internal rules for the messages and
* is done before generation. The order of payloads may change, since * is done before generation. The order of payloads may change, since
* all payloads to encrypt are added to the encryption payload, which is * all payloads to encrypt are added to the encryption payload, which is
* always the last one. * always the last one.
* *
* @param payload payload to append * @param payload payload to append
*/ */
void (*add_payload) (message_t *this, payload_t *payload); void (*add_payload) (message_t *this, payload_t *payload);
/** /**
* Build a notify payload and add it to the message. * Build a notify payload and add it to the message.
* *
* This is a helper method to create notify messages or add * This is a helper method to create notify messages or add
* notify payload to messages. The flush parameter specifies if existing * notify payload to messages. The flush parameter specifies if existing
* payloads should get removed before appending the notify. * payloads should get removed before appending the notify.
@ -177,13 +177,13 @@ struct message_t {
* @param flush TRUE to remove existing payloads * @param flush TRUE to remove existing payloads
* @param type type of the notify * @param type type of the notify
* @param data a chunk of data to add to the notify, gets cloned * @param data a chunk of data to add to the notify, gets cloned
*/ */
void (*add_notify) (message_t *this, bool flush, notify_type_t type, void (*add_notify) (message_t *this, bool flush, notify_type_t type,
chunk_t data); chunk_t data);
/** /**
* Parses header of message. * Parses header of message.
* *
* Begins parisng of a message created via message_create_from_packet(). * Begins parisng of a message created via message_create_from_packet().
* The parsing context is stored, so a subsequent call to parse_body() * The parsing context is stored, so a subsequent call to parse_body()
* will continue the parsing process. * will continue the parsing process.
@ -194,17 +194,17 @@ struct message_t {
* - FAILED if consistence check of header failed * - FAILED if consistence check of header failed
*/ */
status_t (*parse_header) (message_t *this); status_t (*parse_header) (message_t *this);
/** /**
* Parses body of message. * Parses body of message.
* *
* The body gets not only parsed, but rather it gets verified. * The body gets not only parsed, but rather it gets verified.
* All payloads are verified if they are allowed to exist in the message * All payloads are verified if they are allowed to exist in the message
* of this type and if their own structure is ok. * of this type and if their own structure is ok.
* If there are encrypted payloads, they get decrypted via the supplied * If there are encrypted payloads, they get decrypted via the supplied
* crypter. Also the message integrity gets verified with the supplied * crypter. Also the message integrity gets verified with the supplied
* signer. * signer.
* Crypter/signer can be omitted (by passing NULL) when no encryption * Crypter/signer can be omitted (by passing NULL) when no encryption
* payload is expected. * payload is expected.
* *
* @param crypter crypter to decrypt encryption payloads * @param crypter crypter to decrypt encryption payloads
@ -222,13 +222,13 @@ struct message_t {
/** /**
* Generates the UDP packet of specific message. * Generates the UDP packet of specific message.
* *
* Payloads which must be encrypted are generated first and added to * Payloads which must be encrypted are generated first and added to
* an encryption payload. This encryption payload will get encrypted via * an encryption payload. This encryption payload will get encrypted via
* the supplied crypter. Then all other payloads and the header get generated. * the supplied crypter. Then all other payloads and the header get generated.
* After that, the checksum is added to the encryption payload over the full * After that, the checksum is added to the encryption payload over the full
* message. * message.
* Crypter/signer can be omitted (by passing NULL) when no encryption * Crypter/signer can be omitted (by passing NULL) when no encryption
* payload is expected. * payload is expected.
* Generation is only done once, multiple calls will just return a packet copy. * Generation is only done once, multiple calls will just return a packet copy.
* *
@ -240,66 +240,66 @@ struct message_t {
* - INVALID_STATE if exchange type is currently not set * - INVALID_STATE if exchange type is currently not set
* - NOT_FOUND if no rules found for message generation * - NOT_FOUND if no rules found for message generation
* - INVALID_STATE if crypter/signer not supplied but needed. * - INVALID_STATE if crypter/signer not supplied but needed.
*/ */
status_t (*generate) (message_t *this, crypter_t *crypter, signer_t *signer, packet_t **packet); status_t (*generate) (message_t *this, crypter_t *crypter, signer_t *signer, packet_t **packet);
/** /**
* Gets the source host informations. * Gets the source host informations.
* *
* @warning Returned host_t object is not getting cloned, * @warning Returned host_t object is not getting cloned,
* do not destroy nor modify. * do not destroy nor modify.
* *
* @return host_t object representing source host * @return host_t object representing source host
*/ */
host_t * (*get_source) (message_t *this); host_t * (*get_source) (message_t *this);
/** /**
* Sets the source host informations. * Sets the source host informations.
* *
* @warning host_t object is not getting cloned and gets destroyed by * @warning host_t object is not getting cloned and gets destroyed by
* message_t.destroy or next call of message_t.set_source. * message_t.destroy or next call of message_t.set_source.
* *
* @param host host_t object representing source host * @param host host_t object representing source host
*/ */
void (*set_source) (message_t *this, host_t *host); void (*set_source) (message_t *this, host_t *host);
/** /**
* Gets the destination host informations. * Gets the destination host informations.
* *
* @warning Returned host_t object is not getting cloned, * @warning Returned host_t object is not getting cloned,
* do not destroy nor modify. * do not destroy nor modify.
* *
* @return host_t object representing destination host * @return host_t object representing destination host
*/ */
host_t * (*get_destination) (message_t *this); host_t * (*get_destination) (message_t *this);
/** /**
* Sets the destination host informations. * Sets the destination host informations.
* *
* @warning host_t object is not getting cloned and gets destroyed by * @warning host_t object is not getting cloned and gets destroyed by
* message_t.destroy or next call of message_t.set_destination. * message_t.destroy or next call of message_t.set_destination.
* *
* @param host host_t object representing destination host * @param host host_t object representing destination host
*/ */
void (*set_destination) (message_t *this, host_t *host); void (*set_destination) (message_t *this, host_t *host);
/** /**
* Create an enumerator over all payloads. * Create an enumerator over all payloads.
* *
* @return enumerator over payload_t * @return enumerator over payload_t
*/ */
enumerator_t * (*create_payload_enumerator) (message_t *this); enumerator_t * (*create_payload_enumerator) (message_t *this);
/** /**
* Find a payload of a specific type. * Find a payload of a specific type.
* *
* Returns the first occurance. * Returns the first occurance.
* *
* @param type type of the payload to find * @param type type of the payload to find
* @return payload, or NULL if no such payload found * @return payload, or NULL if no such payload found
*/ */
payload_t* (*get_payload) (message_t *this, payload_type_t type); payload_t* (*get_payload) (message_t *this, payload_type_t type);
/** /**
* Get the first notify payload of a specific type. * Get the first notify payload of a specific type.
* *
@ -307,21 +307,21 @@ struct message_t {
* @return notify payload, NULL if no such notify found * @return notify payload, NULL if no such notify found
*/ */
notify_payload_t* (*get_notify)(message_t *this, notify_type_t type); notify_payload_t* (*get_notify)(message_t *this, notify_type_t type);
/** /**
* Returns a clone of the internal stored packet_t object. * Returns a clone of the internal stored packet_t object.
* *
* @return packet_t object as clone of internal one * @return packet_t object as clone of internal one
*/ */
packet_t * (*get_packet) (message_t *this); packet_t * (*get_packet) (message_t *this);
/** /**
* Returns a clone of the internal stored packet_t data. * Returns a clone of the internal stored packet_t data.
* *
* @return clone of the internal stored packet_t data. * @return clone of the internal stored packet_t data.
*/ */
chunk_t (*get_packet_data) (message_t *this); chunk_t (*get_packet_data) (message_t *this);
/** /**
* Destroys a message and all including objects. * Destroys a message and all including objects.
*/ */
@ -330,16 +330,16 @@ struct message_t {
/** /**
* Creates an message_t object from a incoming UDP Packet. * Creates an message_t object from a incoming UDP Packet.
* *
* @warning the given packet_t object is not copied and gets * @warning the given packet_t object is not copied and gets
* destroyed in message_t's destroy call. * destroyed in message_t's destroy call.
* *
* - exchange_type is set to NOT_SET * - exchange_type is set to NOT_SET
* - original_initiator is set to TRUE * - original_initiator is set to TRUE
* - is_request is set to TRUE * - is_request is set to TRUE
* Call message_t.parse_header afterwards. * Call message_t.parse_header afterwards.
* *
* @param packet packet_t object which is assigned to message * @param packet packet_t object which is assigned to message
* @return message_t object * @return message_t object
*/ */
message_t * message_create_from_packet(packet_t *packet); message_t * message_create_from_packet(packet_t *packet);
@ -351,7 +351,7 @@ message_t * message_create_from_packet(packet_t *packet);
* - exchange_type is set to NOT_SET * - exchange_type is set to NOT_SET
* - original_initiator is set to TRUE * - original_initiator is set to TRUE
* - is_request is set to TRUE * - is_request is set to TRUE
* *
* @return message_t object * @return message_t object
*/ */
message_t * message_create(void); message_t * message_create(void);

44
src/charon/encoding/parser.c
View File

@ -50,7 +50,7 @@ typedef struct private_parser_t private_parser_t;
/** /**
* Private data stored in a context. * Private data stored in a context.
* *
* Contains pointers and counters to store current state. * Contains pointers and counters to store current state.
*/ */
struct private_parser_t { struct private_parser_t {
@ -58,27 +58,27 @@ struct private_parser_t {
* Public members, see parser_t. * Public members, see parser_t.
*/ */
parser_t public; parser_t public;
/** /**
* Current bit for reading in input data. * Current bit for reading in input data.
*/ */
u_int8_t bit_pos; u_int8_t bit_pos;
/** /**
* Current byte for reading in input data. * Current byte for reading in input data.
*/ */
u_int8_t *byte_pos; u_int8_t *byte_pos;
/** /**
* Input data to parse. * Input data to parse.
*/ */
u_int8_t *input; u_int8_t *input;
/** /**
* Roof of input, used for length-checking. * Roof of input, used for length-checking.
*/ */
u_int8_t *input_roof; u_int8_t *input_roof;
/** /**
* Set of encoding rules for this parsing session. * Set of encoding rules for this parsing session.
*/ */
@ -277,11 +277,11 @@ static bool parse_bit(private_parser_t *this, int rule_number,
return short_input(this, rule_number); return short_input(this, rule_number);
} }
if (output_pos) if (output_pos)
{ {
u_int8_t mask; u_int8_t mask;
mask = 0x01 << (7 - this->bit_pos); mask = 0x01 << (7 - this->bit_pos);
*output_pos = *this->byte_pos & mask; *output_pos = *this->byte_pos & mask;
if (*output_pos) if (*output_pos)
{ /* set to a "clean", comparable true */ { /* set to a "clean", comparable true */
*output_pos = TRUE; *output_pos = TRUE;
@ -303,7 +303,7 @@ static bool parse_list(private_parser_t *this, int rule_number,
linked_list_t **output_pos, payload_type_t payload_type, int length) linked_list_t **output_pos, payload_type_t payload_type, int length)
{ {
linked_list_t *list = *output_pos; linked_list_t *list = *output_pos;
if (length < 0) if (length < 0)
{ {
return short_input(this, rule_number); return short_input(this, rule_number);
@ -316,10 +316,10 @@ static bool parse_list(private_parser_t *this, int rule_number,
{ {
u_int8_t *pos_before = this->byte_pos; u_int8_t *pos_before = this->byte_pos;
payload_t *payload; payload_t *payload;
DBG2(DBG_ENC, " %d bytes left, parsing recursively %N", DBG2(DBG_ENC, " %d bytes left, parsing recursively %N",
length, payload_type_names, payload_type); length, payload_type_names, payload_type);
if (parse_payload(this, payload_type, &payload) != SUCCESS) if (parse_payload(this, payload_type, &payload) != SUCCESS)
{ {
DBG1(DBG_ENC, " parsing of a %N substructure failed", DBG1(DBG_ENC, " parsing of a %N substructure failed",
@ -377,25 +377,25 @@ static status_t parse_payload(private_parser_t *this,
bool attribute_format = FALSE; bool attribute_format = FALSE;
int rule_number; int rule_number;
encoding_rule_t *rule; encoding_rule_t *rule;
/* create instance of the payload to parse */ /* create instance of the payload to parse */
pld = payload_create(payload_type); pld = payload_create(payload_type);
DBG2(DBG_ENC, "parsing %N payload, %d bytes left", DBG2(DBG_ENC, "parsing %N payload, %d bytes left",
payload_type_names, payload_type, this->input_roof - this->byte_pos); payload_type_names, payload_type, this->input_roof - this->byte_pos);
DBG3(DBG_ENC, "parsing payload from %b", DBG3(DBG_ENC, "parsing payload from %b",
this->byte_pos, this->input_roof - this->byte_pos); this->byte_pos, this->input_roof - this->byte_pos);
if (pld->get_type(pld) == UNKNOWN_PAYLOAD) if (pld->get_type(pld) == UNKNOWN_PAYLOAD)
{ {
DBG1(DBG_ENC, " payload type %d is unknown, handling as %N", DBG1(DBG_ENC, " payload type %d is unknown, handling as %N",
payload_type, payload_type_names, UNKNOWN_PAYLOAD); payload_type, payload_type_names, UNKNOWN_PAYLOAD);
} }
/* base pointer for output, avoids casting in every rule */ /* base pointer for output, avoids casting in every rule */
output = pld; output = pld;
/* parse the payload with its own rulse */ /* parse the payload with its own rulse */
pld->get_encoding_rules(pld, &this->rules, &rule_count); pld->get_encoding_rules(pld, &this->rules, &rule_count);
for (rule_number = 0; rule_number < rule_count; rule_number++) for (rule_number = 0; rule_number < rule_count; rule_number++)
@ -765,7 +765,7 @@ static status_t parse_payload(private_parser_t *this,
case ADDRESS: case ADDRESS:
{ {
int address_length = (ts_type == TS_IPV4_ADDR_RANGE) ? 4 : 16; int address_length = (ts_type == TS_IPV4_ADDR_RANGE) ? 4 : 16;
if (!parse_chunk(this, rule_number, output + rule->offset, if (!parse_chunk(this, rule_number, output + rule->offset,
address_length)) address_length))
{ {
@ -808,7 +808,7 @@ static status_t parse_payload(private_parser_t *this,
/* process next rulue */ /* process next rulue */
rule++; rule++;
} }
*payload = pld; *payload = pld;
DBG2(DBG_ENC, "parsing %N payload finished", DBG2(DBG_ENC, "parsing %N payload finished",
payload_type_names, payload_type); payload_type_names, payload_type);
@ -846,17 +846,17 @@ static void destroy(private_parser_t *this)
parser_t *parser_create(chunk_t data) parser_t *parser_create(chunk_t data)
{ {
private_parser_t *this = malloc_thing(private_parser_t); private_parser_t *this = malloc_thing(private_parser_t);
this->public.parse_payload = (status_t(*)(parser_t*,payload_type_t,payload_t**))parse_payload; this->public.parse_payload = (status_t(*)(parser_t*,payload_type_t,payload_t**))parse_payload;
this->public.reset_context = (void(*)(parser_t*)) reset_context; this->public.reset_context = (void(*)(parser_t*)) reset_context;
this->public.get_remaining_byte_count = (int (*) (parser_t *))get_remaining_byte_count; this->public.get_remaining_byte_count = (int (*) (parser_t *))get_remaining_byte_count;
this->public.destroy = (void(*)(parser_t*)) destroy; this->public.destroy = (void(*)(parser_t*)) destroy;
this->input = data.ptr; this->input = data.ptr;
this->byte_pos = data.ptr; this->byte_pos = data.ptr;
this->bit_pos = 0; this->bit_pos = 0;
this->input_roof = data.ptr + data.len; this->input_roof = data.ptr + data.len;
return &this->public; return &this->public;
} }

16
src/charon/encoding/parser.h
View File

@ -36,32 +36,32 @@ typedef struct parser_t parser_t;
* The parser remains the state until destroyed. * The parser remains the state until destroyed.
*/ */
struct parser_t { struct parser_t {
/** /**
* Parses the next payload. * Parses the next payload.
* *
* @warning Caller is responsible for freeing allocated payload. * @warning Caller is responsible for freeing allocated payload.
* *
* Rules for parsing are described in the payload definition. * Rules for parsing are described in the payload definition.
* *
* @param payload_type payload type to parse * @param payload_type payload type to parse
* @param payload pointer where parsed payload was allocated * @param payload pointer where parsed payload was allocated
* @return * @return
* - SUCCESSFUL if succeeded, * - SUCCESSFUL if succeeded,
* - PARSE_ERROR if corrupted/invalid data found * - PARSE_ERROR if corrupted/invalid data found
*/ */
status_t (*parse_payload) (parser_t *this, payload_type_t payload_type, payload_t **payload); status_t (*parse_payload) (parser_t *this, payload_type_t payload_type, payload_t **payload);
/** /**
* Gets the remaining byte count which is not currently parsed. * Gets the remaining byte count which is not currently parsed.
*/ */
int (*get_remaining_byte_count) (parser_t *this); int (*get_remaining_byte_count) (parser_t *this);
/** /**
* Resets the current parser context. * Resets the current parser context.
*/ */
void (*reset_context) (parser_t *this); void (*reset_context) (parser_t *this);
/** /**
* Destroys a parser_t object. * Destroys a parser_t object.
*/ */
@ -70,7 +70,7 @@ struct parser_t {
/** /**
* Constructor to create a parser_t object. * Constructor to create a parser_t object.
* *
* @param data chunk of data to parse with this parser_t object * @param data chunk of data to parse with this parser_t object
* @return parser_t object * @return parser_t object
*/ */

24
src/charon/encoding/payloads/auth_payload.c
View File

@ -23,15 +23,15 @@ typedef struct private_auth_payload_t private_auth_payload_t;
/** /**
* Private data of an auth_payload_t object. * Private data of an auth_payload_t object.
* *
*/ */
struct private_auth_payload_t { struct private_auth_payload_t {
/** /**
* Public auth_payload_t interface. * Public auth_payload_t interface.
*/ */
auth_payload_t public; auth_payload_t public;
/** /**
* Next payload type. * Next payload type.
*/ */
@ -41,17 +41,17 @@ struct private_auth_payload_t {
* Critical flag. * Critical flag.
*/ */
bool critical; bool critical;
/** /**
* Length of this payload. * Length of this payload.
*/ */
u_int16_t payload_length; u_int16_t payload_length;
/** /**
* Method of the AUTH Data. * Method of the AUTH Data.
*/ */
u_int8_t auth_method; u_int8_t auth_method;
/** /**
* The contained auth data value. * The contained auth data value.
*/ */
@ -60,8 +60,8 @@ struct private_auth_payload_t {
/** /**
* Encoding rules to parse or generate a AUTH payload * Encoding rules to parse or generate a AUTH payload
* *
* The defined offsets are the positions in a object of type * The defined offsets are the positions in a object of type
* private_auth_payload_t. * private_auth_payload_t.
*/ */
encoding_rule_t auth_payload_encodings[] = { encoding_rule_t auth_payload_encodings[] = {
@ -221,8 +221,8 @@ static void destroy(private_auth_payload_t *this)
{ {
chunk_free(&(this->auth_data)); chunk_free(&(this->auth_data));
} }
free(this); free(this);
} }
/* /*
@ -240,7 +240,7 @@ auth_payload_t *auth_payload_create()
this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type;
this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_payload_type; this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_payload_type;
this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; this->public.payload_interface.destroy = (void (*) (payload_t *))destroy;
/* public functions */ /* public functions */
this->public.destroy = (void (*) (auth_payload_t *)) destroy; this->public.destroy = (void (*) (auth_payload_t *)) destroy;
this->public.set_auth_method = (void (*) (auth_payload_t *,auth_method_t)) set_auth_method; this->public.set_auth_method = (void (*) (auth_payload_t *,auth_method_t)) set_auth_method;
@ -248,7 +248,7 @@ auth_payload_t *auth_payload_create()
this->public.set_data = (void (*) (auth_payload_t *,chunk_t)) set_data; this->public.set_data = (void (*) (auth_payload_t *,chunk_t)) set_data;
this->public.get_data_clone = (chunk_t (*) (auth_payload_t *)) get_data_clone; this->public.get_data_clone = (chunk_t (*) (auth_payload_t *)) get_data_clone;
this->public.get_data = (chunk_t (*) (auth_payload_t *)) get_data; this->public.get_data = (chunk_t (*) (auth_payload_t *)) get_data;
/* private variables */ /* private variables */
this->critical = FALSE; this->critical = FALSE;
this->next_payload = NO_PAYLOAD; this->next_payload = NO_PAYLOAD;

20
src/charon/encoding/payloads/auth_payload.h
View File

@ -39,7 +39,7 @@ typedef struct auth_payload_t auth_payload_t;
* The AUTH payload format is described in RFC section 3.8. * The AUTH payload format is described in RFC section 3.8.
*/ */
struct auth_payload_t { struct auth_payload_t {
/** /**
* The payload_t interface. * The payload_t interface.
*/ */
@ -51,41 +51,41 @@ struct auth_payload_t {
* @param method auth_method_t to use * @param method auth_method_t to use
*/ */
void (*set_auth_method) (auth_payload_t *this, auth_method_t method); void (*set_auth_method) (auth_payload_t *this, auth_method_t method);
/** /**
* Get the AUTH method. * Get the AUTH method.
* *
* @return auth_method_t used * @return auth_method_t used
*/ */
auth_method_t (*get_auth_method) (auth_payload_t *this); auth_method_t (*get_auth_method) (auth_payload_t *this);
/** /**
* Set the AUTH data. * Set the AUTH data.
* *
* Data gets cloned. * Data gets cloned.
* *
* @param data AUTH data as chunk_t * @param data AUTH data as chunk_t
*/ */
void (*set_data) (auth_payload_t *this, chunk_t data); void (*set_data) (auth_payload_t *this, chunk_t data);
/** /**
* Get the AUTH data. * Get the AUTH data.
* *
* Returned data are a copy of the internal one. * Returned data are a copy of the internal one.
* *
* @return AUTH data as chunk_t * @return AUTH data as chunk_t
*/ */
chunk_t (*get_data_clone) (auth_payload_t *this); chunk_t (*get_data_clone) (auth_payload_t *this);
/** /**
* Get the AUTH data. * Get the AUTH data.
* *
* Returned data are NOT copied * Returned data are NOT copied
* *
* @return AUTH data as chunk_t * @return AUTH data as chunk_t
*/ */
chunk_t (*get_data) (auth_payload_t *this); chunk_t (*get_data) (auth_payload_t *this);
/** /**
* Destroys an auth_payload_t object. * Destroys an auth_payload_t object.
*/ */
@ -94,7 +94,7 @@ struct auth_payload_t {
/** /**
* Creates an empty auth_payload_t object. * Creates an empty auth_payload_t object.
* *
* @return auth_payload_t object * @return auth_payload_t object
*/ */
auth_payload_t *auth_payload_create(void); auth_payload_t *auth_payload_create(void);

34
src/charon/encoding/payloads/cert_payload.c
View File

@ -43,14 +43,14 @@ typedef struct private_cert_payload_t private_cert_payload_t;
/** /**
* Private data of an cert_payload_t object. * Private data of an cert_payload_t object.
* *
*/ */
struct private_cert_payload_t { struct private_cert_payload_t {
/** /**
* Public cert_payload_t interface. * Public cert_payload_t interface.
*/ */
cert_payload_t public; cert_payload_t public;
/** /**
* Next payload type. * Next payload type.
*/ */
@ -60,22 +60,22 @@ struct private_cert_payload_t {
* Critical flag. * Critical flag.
*/ */
bool critical; bool critical;
/** /**
* Length of this payload. * Length of this payload.
*/ */
u_int16_t payload_length; u_int16_t payload_length;
/** /**
* Encoding of the CERT Data. * Encoding of the CERT Data.
*/ */
u_int8_t encoding; u_int8_t encoding;
/** /**
* The contained cert data value. * The contained cert data value.
*/ */
chunk_t data; chunk_t data;
/** /**
* TRUE if the "Hash and URL" data is invalid * TRUE if the "Hash and URL" data is invalid
*/ */
@ -84,10 +84,10 @@ struct private_cert_payload_t {
/** /**
* Encoding rules to parse or generate a CERT payload * Encoding rules to parse or generate a CERT payload
* *
* The defined offsets are the positions in a object of type * The defined offsets are the positions in a object of type
* private_cert_payload_t. * private_cert_payload_t.
* *
*/ */
encoding_rule_t cert_payload_encodings[] = { encoding_rule_t cert_payload_encodings[] = {
/* 1 Byte next payload type, stored in the field next_payload */ /* 1 Byte next payload type, stored in the field next_payload */
@ -139,7 +139,7 @@ static status_t verify(private_cert_payload_t *this)
this->invalid_hash_and_url = TRUE; this->invalid_hash_and_url = TRUE;
return SUCCESS; return SUCCESS;
} }
int i = 20; /* skipping the hash */ int i = 20; /* skipping the hash */
for (; i < this->data.len; ++i) for (; i < this->data.len; ++i)
{ {
@ -156,7 +156,7 @@ static status_t verify(private_cert_payload_t *this)
return SUCCESS; return SUCCESS;
} }
} }
/* URL is not null terminated, correct that */ /* URL is not null terminated, correct that */
chunk_t data = chunk_alloc(this->data.len + 1); chunk_t data = chunk_alloc(this->data.len + 1);
memcpy(data.ptr, this->data.ptr, this->data.len); memcpy(data.ptr, this->data.ptr, this->data.len);
@ -268,7 +268,7 @@ static char *get_url(private_cert_payload_t *this)
static void destroy(private_cert_payload_t *this) static void destroy(private_cert_payload_t *this)
{ {
chunk_free(&this->data); chunk_free(&this->data);
free(this); free(this);
} }
/* /*
@ -285,13 +285,13 @@ cert_payload_t *cert_payload_create()
this->public.payload_interface.set_next_type = (void (*) (payload_t*,payload_type_t))set_next_type; this->public.payload_interface.set_next_type = (void (*) (payload_t*,payload_type_t))set_next_type;
this->public.payload_interface.get_type = (payload_type_t (*) (payload_t*))get_payload_type; this->public.payload_interface.get_type = (payload_type_t (*) (payload_t*))get_payload_type;
this->public.payload_interface.destroy = (void (*) (payload_t*))destroy; this->public.payload_interface.destroy = (void (*) (payload_t*))destroy;
this->public.destroy = (void (*) (cert_payload_t*))destroy; this->public.destroy = (void (*) (cert_payload_t*))destroy;
this->public.get_cert = (certificate_t* (*) (cert_payload_t*))get_cert; this->public.get_cert = (certificate_t* (*) (cert_payload_t*))get_cert;
this->public.get_cert_encoding = (cert_encoding_t (*) (cert_payload_t*))get_cert_encoding; this->public.get_cert_encoding = (cert_encoding_t (*) (cert_payload_t*))get_cert_encoding;
this->public.get_hash = (chunk_t (*) (cert_payload_t*))get_hash; this->public.get_hash = (chunk_t (*) (cert_payload_t*))get_hash;
this->public.get_url = (char* (*) (cert_payload_t*))get_url; this->public.get_url = (char* (*) (cert_payload_t*))get_url;
this->critical = FALSE; this->critical = FALSE;
this->next_payload = NO_PAYLOAD; this->next_payload = NO_PAYLOAD;
this->payload_length = CERT_PAYLOAD_HEADER_LENGTH; this->payload_length = CERT_PAYLOAD_HEADER_LENGTH;
@ -332,12 +332,12 @@ cert_payload_t *cert_payload_create_from_hash_and_url(chunk_t hash, char *url)
{ {
private_cert_payload_t *this = (private_cert_payload_t*)cert_payload_create(); private_cert_payload_t *this = (private_cert_payload_t*)cert_payload_create();
chunk_t url_chunk; chunk_t url_chunk;
this->encoding = ENC_X509_HASH_AND_URL; this->encoding = ENC_X509_HASH_AND_URL;
url_chunk.ptr = url; url_chunk.ptr = url;
url_chunk.len = strlen(url) + 1; url_chunk.len = strlen(url) + 1;
this->data = chunk_cat("cc", hash, url_chunk); this->data = chunk_cat("cc", hash, url_chunk);
this->payload_length = CERT_PAYLOAD_HEADER_LENGTH + this->data.len; this->payload_length = CERT_PAYLOAD_HEADER_LENGTH + this->data.len;
return &this->public; return &this->public;

30
src/charon/encoding/payloads/cert_payload.h
View File

@ -65,45 +65,45 @@ extern enum_name_t *cert_encoding_names;
* The CERT payload format is described in RFC section 3.6. * The CERT payload format is described in RFC section 3.6.
*/ */
struct cert_payload_t { struct cert_payload_t {
/** /**
* The payload_t interface. * The payload_t interface.
*/ */
payload_t payload_interface; payload_t payload_interface;
/** /**
* Get the playoads encoded certifcate. * Get the playoads encoded certifcate.
* *
* @return certifcate copy * @return certifcate copy
*/ */
certificate_t *(*get_cert)(cert_payload_t *this); certificate_t *(*get_cert)(cert_payload_t *this);
/** /**
* Get the encoding of the certificate. * Get the encoding of the certificate.
* *
* @return encoding * @return encoding
*/ */
cert_encoding_t (*get_cert_encoding)(cert_payload_t *this); cert_encoding_t (*get_cert_encoding)(cert_payload_t *this);
/** /**
* Get the hash if this is a hash and URL encoded certificate. * Get the hash if this is a hash and URL encoded certificate.
* *
* This function returns internal data, do not free. * This function returns internal data, do not free.
* *
* @return hash * @return hash
*/ */
chunk_t (*get_hash)(cert_payload_t *this); chunk_t (*get_hash)(cert_payload_t *this);
/** /**
* Get the URL if this is a hash and URL encoded certificate. * Get the URL if this is a hash and URL encoded certificate.
* *
* This function returns internal data, do not free. * This function returns internal data, do not free.
* *
* @return url * @return url
*/ */
char *(*get_url)(cert_payload_t *this); char *(*get_url)(cert_payload_t *this);
/** /**
* Destroys the cert_payload object. * Destroys the cert_payload object.
*/ */
@ -112,14 +112,14 @@ struct cert_payload_t {
/** /**
* Creates an empty certificate payload. * Creates an empty certificate payload.
* *
* @return cert_payload_t object * @return cert_payload_t object
*/ */
cert_payload_t *cert_payload_create(void); cert_payload_t *cert_payload_create(void);
/** /**
* Creates a certificate payload with an embedded certificate. * Creates a certificate payload with an embedded certificate.
* *
* @param cert certificate to embed * @param cert certificate to embed
* @return cert_payload_t object * @return cert_payload_t object
*/ */
@ -127,7 +127,7 @@ cert_payload_t *cert_payload_create_from_cert(certificate_t *cert);
/** /**
* Creates a certificate payload with hash and URL encoding of a certificate. * Creates a certificate payload with hash and URL encoding of a certificate.
* *
* @param hash hash of the DER encoded certificate (get's cloned) * @param hash hash of the DER encoded certificate (get's cloned)
* @param url the URL to locate the certificate (get's cloned) * @param url the URL to locate the certificate (get's cloned)
* @return cert_payload_t object * @return cert_payload_t object

26
src/charon/encoding/payloads/certreq_payload.c
View File

@ -27,14 +27,14 @@ typedef struct private_certreq_payload_t private_certreq_payload_t;
/** /**
* Private data of an certreq_payload_t object. * Private data of an certreq_payload_t object.
* *
*/ */
struct private_certreq_payload_t { struct private_certreq_payload_t {
/** /**
* Public certreq_payload_t interface. * Public certreq_payload_t interface.
*/ */
certreq_payload_t public; certreq_payload_t public;
/** /**
* Next payload type. * Next payload type.
*/ */
@ -44,17 +44,17 @@ struct private_certreq_payload_t {
* Critical flag. * Critical flag.
*/ */
bool critical; bool critical;
/** /**
* Length of this payload. * Length of this payload.
*/ */
u_int16_t payload_length; u_int16_t payload_length;
/** /**
* Encoding of the CERT Data. * Encoding of the CERT Data.
*/ */
u_int8_t encoding; u_int8_t encoding;
/** /**
* The contained certreq data value. * The contained certreq data value.
*/ */
@ -63,10 +63,10 @@ struct private_certreq_payload_t {
/** /**
* Encoding rules to parse or generate a CERTREQ payload * Encoding rules to parse or generate a CERTREQ payload
* *
* The defined offsets are the positions in a object of type * The defined offsets are the positions in a object of type
* private_certreq_payload_t. * private_certreq_payload_t.
* *
*/ */
encoding_rule_t certreq_payload_encodings[] = { encoding_rule_t certreq_payload_encodings[] = {
/* 1 Byte next payload type, stored in the field next_payload */ /* 1 Byte next payload type, stored in the field next_payload */
@ -160,7 +160,7 @@ static size_t get_length(private_certreq_payload_t *this)
{ {
return this->payload_length; return this->payload_length;
} }
/** /**
* Implementation of certreq_payload_t.add_keyid. * Implementation of certreq_payload_t.add_keyid.
*/ */
@ -240,7 +240,7 @@ static certificate_type_t get_cert_type(private_certreq_payload_t *this)
static void destroy(private_certreq_payload_t *this) static void destroy(private_certreq_payload_t *this)
{ {
chunk_free(&this->data); chunk_free(&this->data);
free(this); free(this);
} }
/* /*
@ -258,13 +258,13 @@ certreq_payload_t *certreq_payload_create()
this->public.payload_interface.set_next_type = (void (*) (payload_t*,payload_type_t))set_next_type; this->public.payload_interface.set_next_type = (void (*) (payload_t*,payload_type_t))set_next_type;
this->public.payload_interface.get_type = (payload_type_t (*) (payload_t*))get_payload_type; this->public.payload_interface.get_type = (payload_type_t (*) (payload_t*))get_payload_type;
this->public.payload_interface.destroy = (void (*) (payload_t*))destroy; this->public.payload_interface.destroy = (void (*) (payload_t*))destroy;
/* public functions */ /* public functions */
this->public.destroy = (void (*) (certreq_payload_t*)) destroy; this->public.destroy = (void (*) (certreq_payload_t*)) destroy;
this->public.create_keyid_enumerator = (enumerator_t*(*)(certreq_payload_t*))create_keyid_enumerator; this->public.create_keyid_enumerator = (enumerator_t*(*)(certreq_payload_t*))create_keyid_enumerator;
this->public.get_cert_type = (certificate_type_t(*)(certreq_payload_t*))get_cert_type; this->public.get_cert_type = (certificate_type_t(*)(certreq_payload_t*))get_cert_type;
this->public.add_keyid = (void(*)(certreq_payload_t*, chunk_t keyid))add_keyid; this->public.add_keyid = (void(*)(certreq_payload_t*, chunk_t keyid))add_keyid;
/* private variables */ /* private variables */
this->critical = FALSE; this->critical = FALSE;
this->next_payload = NO_PAYLOAD; this->next_payload = NO_PAYLOAD;
@ -281,7 +281,7 @@ certreq_payload_t *certreq_payload_create()
certreq_payload_t *certreq_payload_create_type(certificate_type_t type) certreq_payload_t *certreq_payload_create_type(certificate_type_t type)
{ {
private_certreq_payload_t *this = (private_certreq_payload_t*)certreq_payload_create(); private_certreq_payload_t *this = (private_certreq_payload_t*)certreq_payload_create();
switch (type) switch (type)
{ {
case CERT_X509: case CERT_X509:

10
src/charon/encoding/payloads/certreq_payload.h
View File

@ -50,14 +50,14 @@ struct certreq_payload_t {
* @return enumerator over chunk_t's. * @return enumerator over chunk_t's.
*/ */
enumerator_t* (*create_keyid_enumerator)(certreq_payload_t *this); enumerator_t* (*create_keyid_enumerator)(certreq_payload_t *this);
/** /**
* Get the type of contained certificate keyids. * Get the type of contained certificate keyids.
* *
* @return certificate keyid type * @return certificate keyid type
*/ */
certificate_type_t (*get_cert_type)(certreq_payload_t *this); certificate_type_t (*get_cert_type)(certreq_payload_t *this);
/** /**
* Add a certificates keyid to the payload. * Add a certificates keyid to the payload.
* *
@ -65,7 +65,7 @@ struct certreq_payload_t {
* @return * @return
*/ */
void (*add_keyid)(certreq_payload_t *this, chunk_t keyid); void (*add_keyid)(certreq_payload_t *this, chunk_t keyid);
/** /**
* Destroys an certreq_payload_t object. * Destroys an certreq_payload_t object.
*/ */
@ -74,14 +74,14 @@ struct certreq_payload_t {
/** /**
* Creates an empty certreq_payload_t object. * Creates an empty certreq_payload_t object.
* *
* @return certreq payload * @return certreq payload
*/ */
certreq_payload_t *certreq_payload_create(void); certreq_payload_t *certreq_payload_create(void);
/** /**
* Creates an empty certreq_payload_t for a kind of certificates. * Creates an empty certreq_payload_t for a kind of certificates.
* *
* @param type type of the added keyids * @param type type of the added keyids
* @return certreq payload * @return certreq payload
*/ */

30
src/charon/encoding/payloads/configuration_attribute.c
View File

@ -27,19 +27,19 @@ typedef struct private_configuration_attribute_t private_configuration_attribute
/** /**
* Private data of an configuration_attribute_t object. * Private data of an configuration_attribute_t object.
* *
*/ */
struct private_configuration_attribute_t { struct private_configuration_attribute_t {
/** /**
* Public configuration_attribute_t interface. * Public configuration_attribute_t interface.
*/ */
configuration_attribute_t public; configuration_attribute_t public;
/** /**
* Type of the attribute. * Type of the attribute.
*/ */
u_int16_t attribute_type; u_int16_t attribute_type;
/** /**
* Length of the attribute. * Length of the attribute.
*/ */
@ -74,16 +74,16 @@ ENUM_END(configuration_attribute_type_names, INTERNAL_IP6_SERVER);
/** /**
* Encoding rules to parse or generate a configuration attribute. * Encoding rules to parse or generate a configuration attribute.
* *
* The defined offsets are the positions in a object of type * The defined offsets are the positions in a object of type
* private_configuration_attribute_t. * private_configuration_attribute_t.
* *
*/ */
encoding_rule_t configuration_attribute_encodings[] = { encoding_rule_t configuration_attribute_encodings[] = {
{ RESERVED_BIT, 0 }, { RESERVED_BIT, 0 },
/* type of the attribute as 15 bit unsigned integer */ /* type of the attribute as 15 bit unsigned integer */
{ ATTRIBUTE_TYPE, offsetof(private_configuration_attribute_t, attribute_type) }, { ATTRIBUTE_TYPE, offsetof(private_configuration_attribute_t, attribute_type) },
/* Length of attribute value */ /* Length of attribute value */
{ CONFIGURATION_ATTRIBUTE_LENGTH, offsetof(private_configuration_attribute_t, attribute_length)}, { CONFIGURATION_ATTRIBUTE_LENGTH, offsetof(private_configuration_attribute_t, attribute_length)},
/* Value of attribute if attribute format flag is zero */ /* Value of attribute if attribute format flag is zero */
@ -159,11 +159,11 @@ static status_t verify(private_configuration_attribute_t *this)
/* any length acceptable */ /* any length acceptable */
break; break;
default: default:
DBG1(DBG_ENC, "unknown attribute type %N", DBG1(DBG_ENC, "unknown attribute type %N",
configuration_attribute_type_names, this->attribute_type); configuration_attribute_type_names, this->attribute_type);
break; break;
} }
if (failed) if (failed)
{ {
DBG1(DBG_ENC, "invalid attribute length %d for %N", DBG1(DBG_ENC, "invalid attribute length %d for %N",
@ -222,12 +222,12 @@ static void set_value(private_configuration_attribute_t *this, chunk_t value)
if (this->attribute_value.ptr != NULL) if (this->attribute_value.ptr != NULL)
{ {
/* free existing value */ /* free existing value */
chunk_free(&(this->attribute_value)); chunk_free(&(this->attribute_value));
} }
this->attribute_value.ptr = clalloc(value.ptr,value.len); this->attribute_value.ptr = clalloc(value.ptr,value.len);
this->attribute_value.len = value.len; this->attribute_value.len = value.len;
this->attribute_length = this->attribute_value.len; this->attribute_length = this->attribute_value.len;
} }
@ -272,7 +272,7 @@ static void destroy(private_configuration_attribute_t *this)
if (this->attribute_value.ptr != NULL) if (this->attribute_value.ptr != NULL)
{ {
free(this->attribute_value.ptr); free(this->attribute_value.ptr);
} }
free(this); free(this);
} }
@ -291,7 +291,7 @@ configuration_attribute_t *configuration_attribute_create()
this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type;
this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type; this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type;
this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; this->public.payload_interface.destroy = (void (*) (payload_t *))destroy;
/* public functions */ /* public functions */
this->public.set_value = (void (*) (configuration_attribute_t *,chunk_t)) set_value; this->public.set_value = (void (*) (configuration_attribute_t *,chunk_t)) set_value;
this->public.get_value = (chunk_t (*) (configuration_attribute_t *)) get_value; this->public.get_value = (chunk_t (*) (configuration_attribute_t *)) get_value;
@ -299,7 +299,7 @@ configuration_attribute_t *configuration_attribute_create()
this->public.get_type = (u_int16_t (*) (configuration_attribute_t *)) get_attribute_type; this->public.get_type = (u_int16_t (*) (configuration_attribute_t *)) get_attribute_type;
this->public.get_length = (u_int16_t (*) (configuration_attribute_t *)) get_attribute_length; this->public.get_length = (u_int16_t (*) (configuration_attribute_t *)) get_attribute_length;
this->public.destroy = (void (*) (configuration_attribute_t *)) destroy; this->public.destroy = (void (*) (configuration_attribute_t *)) destroy;
/* set default values of the fields */ /* set default values of the fields */
this->attribute_type = 0; this->attribute_type = 0;
this->attribute_value = chunk_empty; this->attribute_value = chunk_empty;

28
src/charon/encoding/payloads/configuration_attribute.h
View File

@ -57,14 +57,14 @@ enum configuration_attribute_type_t {
INTERNAL_IP6_SERVER = 23457 INTERNAL_IP6_SERVER = 23457
}; };
/** /**
* enum names for configuration_attribute_type_t. * enum names for configuration_attribute_type_t.
*/ */
extern enum_name_t *configuration_attribute_type_names; extern enum_name_t *configuration_attribute_type_names;
/** /**
* Class representing an IKEv2-CONFIGURATION Attribute. * Class representing an IKEv2-CONFIGURATION Attribute.
* *
* The CONFIGURATION ATTRIBUTE format is described in RFC section 3.15.1. * The CONFIGURATION ATTRIBUTE format is described in RFC section 3.15.1.
*/ */
struct configuration_attribute_t { struct configuration_attribute_t {
@ -75,43 +75,43 @@ struct configuration_attribute_t {
/** /**
* Returns the currently set value of the attribute. * Returns the currently set value of the attribute.
* *
* @warning Returned data are not copied. * @warning Returned data are not copied.
* *
* @return chunk_t pointing to the value * @return chunk_t pointing to the value
*/ */
chunk_t (*get_value) (configuration_attribute_t *this); chunk_t (*get_value) (configuration_attribute_t *this);
/** /**
* Sets the value of the attribute. * Sets the value of the attribute.
* *
* Value is getting copied. * Value is getting copied.
* *
* @param value chunk_t pointing to the value to set * @param value chunk_t pointing to the value to set
*/ */
void (*set_value) (configuration_attribute_t *this, chunk_t value); void (*set_value) (configuration_attribute_t *this, chunk_t value);
/** /**
* Sets the type of the attribute. * Sets the type of the attribute.
* *
* @param type type to set (most significant bit is set to zero) * @param type type to set (most significant bit is set to zero)
*/ */
void (*set_type) (configuration_attribute_t *this, u_int16_t type); void (*set_type) (configuration_attribute_t *this, u_int16_t type);
/** /**
* get the type of the attribute. * get the type of the attribute.
* *
* @return type of the value * @return type of the value
*/ */
u_int16_t (*get_type) (configuration_attribute_t *this); u_int16_t (*get_type) (configuration_attribute_t *this);
/** /**
* get the length of an attribute. * get the length of an attribute.
* *
* @return type of the value * @return type of the value
*/ */
u_int16_t (*get_length) (configuration_attribute_t *this); u_int16_t (*get_length) (configuration_attribute_t *this);
/** /**
* Destroys an configuration_attribute_t object. * Destroys an configuration_attribute_t object.
*/ */
@ -120,7 +120,7 @@ struct configuration_attribute_t {
/** /**
* Creates an empty configuration_attribute_t object. * Creates an empty configuration_attribute_t object.
* *
* @return created configuration_attribute_t object * @return created configuration_attribute_t object
*/ */
configuration_attribute_t *configuration_attribute_create(void); configuration_attribute_t *configuration_attribute_create(void);

54
src/charon/encoding/payloads/cp_payload.c
View File

@ -32,14 +32,14 @@ typedef struct private_cp_payload_t private_cp_payload_t;
/** /**
* Private data of an cp_payload_t object. * Private data of an cp_payload_t object.
* *
*/ */
struct private_cp_payload_t { struct private_cp_payload_t {
/** /**
* Public cp_payload_t interface. * Public cp_payload_t interface.
*/ */
cp_payload_t public; cp_payload_t public;
/** /**
* Next payload type. * Next payload type.
*/ */
@ -49,17 +49,17 @@ struct private_cp_payload_t {
* Critical flag. * Critical flag.
*/ */
bool critical; bool critical;
/** /**
* Length of this payload. * Length of this payload.
*/ */
u_int16_t payload_length; u_int16_t payload_length;
/** /**
* Configuration Attributes in this payload are stored in a linked_list_t. * Configuration Attributes in this payload are stored in a linked_list_t.
*/ */
linked_list_t * attributes; linked_list_t * attributes;
/** /**
* Config Type. * Config Type.
*/ */
@ -68,32 +68,32 @@ struct private_cp_payload_t {
/** /**
* Encoding rules to parse or generate a IKEv2-CP Payload * Encoding rules to parse or generate a IKEv2-CP Payload
* *
* The defined offsets are the positions in a object of type * The defined offsets are the positions in a object of type
* private_cp_payload_t. * private_cp_payload_t.
* *
*/ */
encoding_rule_t cp_payload_encodings[] = { encoding_rule_t cp_payload_encodings[] = {
/* 1 Byte next payload type, stored in the field next_payload */ /* 1 Byte next payload type, stored in the field next_payload */
{ U_INT_8, offsetof(private_cp_payload_t, next_payload) }, { U_INT_8, offsetof(private_cp_payload_t, next_payload) },
/* the critical bit */ /* the critical bit */
{ FLAG, offsetof(private_cp_payload_t, critical) }, { FLAG, offsetof(private_cp_payload_t, critical) },
/* 7 Bit reserved bits, nowhere stored */ /* 7 Bit reserved bits, nowhere stored */
{ RESERVED_BIT, 0 }, { RESERVED_BIT, 0 },
{ RESERVED_BIT, 0 }, { RESERVED_BIT, 0 },
{ RESERVED_BIT, 0 }, { RESERVED_BIT, 0 },
{ RESERVED_BIT, 0 }, { RESERVED_BIT, 0 },
{ RESERVED_BIT, 0 }, { RESERVED_BIT, 0 },
{ RESERVED_BIT, 0 }, { RESERVED_BIT, 0 },
{ RESERVED_BIT, 0 }, { RESERVED_BIT, 0 },
/* Length of the whole CP payload*/ /* Length of the whole CP payload*/
{ PAYLOAD_LENGTH, offsetof(private_cp_payload_t, payload_length) }, { PAYLOAD_LENGTH, offsetof(private_cp_payload_t, payload_length) },
/* Proposals are stored in a proposal substructure, /* Proposals are stored in a proposal substructure,
offset points to a linked_list_t pointer */ offset points to a linked_list_t pointer */
{ U_INT_8, offsetof(private_cp_payload_t, config_type) }, { U_INT_8, offsetof(private_cp_payload_t, config_type) },
{ RESERVED_BYTE,0 }, { RESERVED_BYTE,0 },
{ RESERVED_BYTE,0 }, { RESERVED_BYTE,0 },
{ RESERVED_BYTE,0 }, { RESERVED_BYTE,0 },
{ CONFIGURATION_ATTRIBUTES, offsetof(private_cp_payload_t, attributes) } { CONFIGURATION_ATTRIBUTES, offsetof(private_cp_payload_t, attributes) }
}; };
@ -119,7 +119,7 @@ static status_t verify(private_cp_payload_t *this)
status_t status = SUCCESS; status_t status = SUCCESS;
iterator_t *iterator; iterator_t *iterator;
configuration_attribute_t *attribute; configuration_attribute_t *attribute;
iterator = this->attributes->create_iterator(this->attributes,TRUE); iterator = this->attributes->create_iterator(this->attributes,TRUE);
while(iterator->iterate(iterator, (void**)&attribute)) while(iterator->iterate(iterator, (void**)&attribute))
{ {
@ -174,14 +174,14 @@ static void compute_length(private_cp_payload_t *this)
iterator_t *iterator; iterator_t *iterator;
payload_t *current_attribute; payload_t *current_attribute;
size_t length = CP_PAYLOAD_HEADER_LENGTH; size_t length = CP_PAYLOAD_HEADER_LENGTH;
iterator = this->attributes->create_iterator(this->attributes,TRUE); iterator = this->attributes->create_iterator(this->attributes,TRUE);
while (iterator->iterate(iterator, (void**)&current_attribute)) while (iterator->iterate(iterator, (void**)&current_attribute))
{ {
length += current_attribute->get_length(current_attribute); length += current_attribute->get_length(current_attribute);
} }
iterator->destroy(iterator); iterator->destroy(iterator);
this->payload_length = length; this->payload_length = length;
} }
@ -243,7 +243,7 @@ static void destroy(private_cp_payload_t *this)
cp_payload_t *cp_payload_create() cp_payload_t *cp_payload_create()
{ {
private_cp_payload_t *this = malloc_thing(private_cp_payload_t); private_cp_payload_t *this = malloc_thing(private_cp_payload_t);
/* public interface */ /* public interface */
this->public.payload_interface.verify = (status_t (*) (payload_t *))verify; this->public.payload_interface.verify = (status_t (*) (payload_t *))verify;
this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules; this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules;
@ -252,14 +252,14 @@ cp_payload_t *cp_payload_create()
this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type;
this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type; this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type;
this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; this->public.payload_interface.destroy = (void (*) (payload_t *))destroy;
/* public functions */ /* public functions */
this->public.create_attribute_iterator = (iterator_t* (*) (cp_payload_t *)) create_attribute_iterator; this->public.create_attribute_iterator = (iterator_t* (*) (cp_payload_t *)) create_attribute_iterator;
this->public.add_configuration_attribute = (void (*) (cp_payload_t *,configuration_attribute_t *)) add_configuration_attribute; this->public.add_configuration_attribute = (void (*) (cp_payload_t *,configuration_attribute_t *)) add_configuration_attribute;
this->public.set_config_type = (void (*) (cp_payload_t *, config_type_t)) set_config_type; this->public.set_config_type = (void (*) (cp_payload_t *, config_type_t)) set_config_type;
this->public.get_config_type = (config_type_t (*) (cp_payload_t *)) get_config_type; this->public.get_config_type = (config_type_t (*) (cp_payload_t *)) get_config_type;
this->public.destroy = (void (*) (cp_payload_t *)) destroy; this->public.destroy = (void (*) (cp_payload_t *)) destroy;
/* set default values of the fields */ /* set default values of the fields */
this->critical = FALSE; this->critical = FALSE;
this->next_payload = NO_PAYLOAD; this->next_payload = NO_PAYLOAD;

18
src/charon/encoding/payloads/cp_payload.h
View File

@ -52,7 +52,7 @@ extern enum_name_t *config_type_names;
/** /**
* Class representing an IKEv2-CP Payload. * Class representing an IKEv2-CP Payload.
* *
* The CP Payload format is described in RFC section 3.15. * The CP Payload format is described in RFC section 3.15.
*/ */
struct cp_payload_t { struct cp_payload_t {
@ -60,41 +60,41 @@ struct cp_payload_t {
* The payload_t interface. * The payload_t interface.
*/ */
payload_t payload_interface; payload_t payload_interface;
/** /**
* Creates an iterator of stored configuration_attribute_t objects. * Creates an iterator of stored configuration_attribute_t objects.
* *
* When deleting an attribute using this iterator, the length of this * When deleting an attribute using this iterator, the length of this
* configuration_attribute_t has to be refreshed by calling get_length()! * configuration_attribute_t has to be refreshed by calling get_length()!
* *
* @return created iterator_t object * @return created iterator_t object
*/ */
iterator_t *(*create_attribute_iterator) (cp_payload_t *this); iterator_t *(*create_attribute_iterator) (cp_payload_t *this);
/** /**
* Adds a configuration_attribute_t object to this object. * Adds a configuration_attribute_t object to this object.
* *
* The added configuration_attribute_t object is getting destroyed in * The added configuration_attribute_t object is getting destroyed in
* destroy function of cp_payload_t. * destroy function of cp_payload_t.
* *
* @param attribute configuration_attribute_t object to add * @param attribute configuration_attribute_t object to add
*/ */
void (*add_configuration_attribute) (cp_payload_t *this, configuration_attribute_t *attribute); void (*add_configuration_attribute) (cp_payload_t *this, configuration_attribute_t *attribute);
/** /**
* Set the config type. * Set the config type.
* *
* @param config_type config_type_t to set * @param config_type config_type_t to set
*/ */
void (*set_config_type) (cp_payload_t *this,config_type_t config_type); void (*set_config_type) (cp_payload_t *this,config_type_t config_type);
/** /**
* Get the config type. * Get the config type.
* *
* @return config_type_t * @return config_type_t
*/ */
config_type_t (*get_config_type) (cp_payload_t *this); config_type_t (*get_config_type) (cp_payload_t *this);
/** /**
* Destroys an cp_payload_t object. * Destroys an cp_payload_t object.
*/ */
@ -103,7 +103,7 @@ struct cp_payload_t {
/** /**
* Creates an empty cp_payload_t object * Creates an empty cp_payload_t object
* *
* @return cp_payload_t object * @return cp_payload_t object
*/ */
cp_payload_t *cp_payload_create(void); cp_payload_t *cp_payload_create(void);

30
src/charon/encoding/payloads/delete_payload.c
View File

@ -23,14 +23,14 @@ typedef struct private_delete_payload_t private_delete_payload_t;
/** /**
* Private data of an delete_payload_t object. * Private data of an delete_payload_t object.
* *
*/ */
struct private_delete_payload_t { struct private_delete_payload_t {
/** /**
* Public delete_payload_t interface. * Public delete_payload_t interface.
*/ */
delete_payload_t public; delete_payload_t public;
/** /**
* Next payload type. * Next payload type.
*/ */
@ -40,12 +40,12 @@ struct private_delete_payload_t {
* Critical flag. * Critical flag.
*/ */
bool critical; bool critical;
/** /**
* Length of this payload. * Length of this payload.
*/ */
u_int16_t payload_length; u_int16_t payload_length;
/** /**
* Protocol ID. * Protocol ID.
*/ */
@ -55,29 +55,29 @@ struct private_delete_payload_t {
* SPI Size. * SPI Size.
*/ */
u_int8_t spi_size; u_int8_t spi_size;
/** /**
* Number of SPI's. * Number of SPI's.
*/ */
u_int16_t spi_count; u_int16_t spi_count;
/** /**
* The contained SPI's. * The contained SPI's.
*/ */
chunk_t spis; chunk_t spis;
/** /**
* List containing u_int32_t spis * List containing u_int32_t spis
*/ */
linked_list_t *spi_list; linked_list_t *spi_list;
}; };
/** /**
* Encoding rules to parse or generate a DELETE payload * Encoding rules to parse or generate a DELETE payload
* *
* The defined offsets are the positions in a object of type * The defined offsets are the positions in a object of type
* private_delete_payload_t. * private_delete_payload_t.
* *
*/ */
encoding_rule_t delete_payload_encodings[] = { encoding_rule_t delete_payload_encodings[] = {
/* 1 Byte next payload type, stored in the field next_payload */ /* 1 Byte next payload type, stored in the field next_payload */
@ -223,7 +223,7 @@ static void add_spi(private_delete_payload_t *this, u_int32_t spi)
static iterator_t* create_spi_iterator(private_delete_payload_t *this) static iterator_t* create_spi_iterator(private_delete_payload_t *this)
{ {
int i; int i;
if (this->spi_list == NULL) if (this->spi_list == NULL)
{ {
this->spi_list = linked_list_create(); this->spi_list = linked_list_create();
@ -253,7 +253,7 @@ static void destroy(private_delete_payload_t *this)
{ {
this->spi_list->destroy(this->spi_list); this->spi_list->destroy(this->spi_list);
} }
free(this); free(this);
} }
/* /*
@ -271,13 +271,13 @@ delete_payload_t *delete_payload_create(protocol_id_t protocol_id)
this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type;
this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_payload_type; this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_payload_type;
this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; this->public.payload_interface.destroy = (void (*) (payload_t *))destroy;
/* public functions */ /* public functions */
this->public.destroy = (void (*) (delete_payload_t *)) destroy; this->public.destroy = (void (*) (delete_payload_t *)) destroy;
this->public.get_protocol_id = (protocol_id_t (*) (delete_payload_t *)) get_protocol_id; this->public.get_protocol_id = (protocol_id_t (*) (delete_payload_t *)) get_protocol_id;
this->public.add_spi = (void (*) (delete_payload_t *,u_int32_t))add_spi; this->public.add_spi = (void (*) (delete_payload_t *,u_int32_t))add_spi;
this->public.create_spi_iterator = (iterator_t* (*) (delete_payload_t *)) create_spi_iterator; this->public.create_spi_iterator = (iterator_t* (*) (delete_payload_t *)) create_spi_iterator;
/* private variables */ /* private variables */
this->critical = FALSE; this->critical = FALSE;
this->next_payload = NO_PAYLOAD; this->next_payload = NO_PAYLOAD;

10
src/charon/encoding/payloads/delete_payload.h
View File

@ -43,21 +43,21 @@ struct delete_payload_t {
* The payload_t interface. * The payload_t interface.
*/ */
payload_t payload_interface; payload_t payload_interface;
/** /**
* Get the protocol ID. * Get the protocol ID.
* *
* @return protocol ID * @return protocol ID
*/ */
protocol_id_t (*get_protocol_id) (delete_payload_t *this); protocol_id_t (*get_protocol_id) (delete_payload_t *this);
/** /**
* Add an SPI to the list of deleted SAs. * Add an SPI to the list of deleted SAs.
* *
* @param spi spi to add * @param spi spi to add
*/ */
void (*add_spi) (delete_payload_t *this, u_int32_t spi); void (*add_spi) (delete_payload_t *this, u_int32_t spi);
/** /**
* Get an iterator over the SPIs. * Get an iterator over the SPIs.
* *
@ -66,7 +66,7 @@ struct delete_payload_t {
* @return iterator over SPIs * @return iterator over SPIs
*/ */
iterator_t *(*create_spi_iterator) (delete_payload_t *this); iterator_t *(*create_spi_iterator) (delete_payload_t *this);
/** /**
* Destroys an delete_payload_t object. * Destroys an delete_payload_t object.
*/ */
@ -75,7 +75,7 @@ struct delete_payload_t {
/** /**
* Creates an empty delete_payload_t object. * Creates an empty delete_payload_t object.
* *
* @param protocol_id protocol, such as AH|ESP * @param protocol_id protocol, such as AH|ESP
* @return delete_payload_t object * @return delete_payload_t object
*/ */

34
src/charon/encoding/payloads/eap_payload.c
View File

@ -24,14 +24,14 @@ typedef struct private_eap_payload_t private_eap_payload_t;
/** /**
* Private data of an eap_payload_t object. * Private data of an eap_payload_t object.
* *
*/ */
struct private_eap_payload_t { struct private_eap_payload_t {
/** /**
* Public eap_payload_t interface. * Public eap_payload_t interface.
*/ */
eap_payload_t public; eap_payload_t public;
/** /**
* Next payload type. * Next payload type.
*/ */
@ -41,12 +41,12 @@ struct private_eap_payload_t {
* Critical flag. * Critical flag.
*/ */
bool critical; bool critical;
/** /**
* Length of this payload. * Length of this payload.
*/ */
u_int16_t payload_length; u_int16_t payload_length;
/** /**
* EAP message data, if available * EAP message data, if available
*/ */
@ -55,10 +55,10 @@ struct private_eap_payload_t {
/** /**
* Encoding rules to parse or generate a EAP payload. * Encoding rules to parse or generate a EAP payload.
* *
* The defined offsets are the positions in a object of type * The defined offsets are the positions in a object of type
* private_eap_payload_t. * private_eap_payload_t.
* *
*/ */
encoding_rule_t eap_payload_encodings[] = { encoding_rule_t eap_payload_encodings[] = {
/* 1 Byte next payload type, stored in the field next_payload */ /* 1 Byte next payload type, stored in the field next_payload */
@ -98,7 +98,7 @@ static status_t verify(private_eap_payload_t *this)
{ {
u_int16_t length; u_int16_t length;
u_int8_t code; u_int8_t code;
if (this->data.len < 4) if (this->data.len < 4)
{ {
DBG1(DBG_ENC, "EAP payloads EAP message too short (%d)", this->data.len); DBG1(DBG_ENC, "EAP payloads EAP message too short (%d)", this->data.len);
@ -264,7 +264,7 @@ static void destroy(private_eap_payload_t *this)
eap_payload_t *eap_payload_create() eap_payload_t *eap_payload_create()
{ {
private_eap_payload_t *this = malloc_thing(private_eap_payload_t); private_eap_payload_t *this = malloc_thing(private_eap_payload_t);
/* interface functions */ /* interface functions */
this->public.payload_interface.verify = (status_t (*) (payload_t *))verify; this->public.payload_interface.verify = (status_t (*) (payload_t *))verify;
this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules; this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules;
@ -273,7 +273,7 @@ eap_payload_t *eap_payload_create()
this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type;
this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_payload_type; this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_payload_type;
this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; this->public.payload_interface.destroy = (void (*) (payload_t *))destroy;
/* public functions */ /* public functions */
this->public.destroy = (void (*) (eap_payload_t *)) destroy; this->public.destroy = (void (*) (eap_payload_t *)) destroy;
this->public.get_data = (chunk_t (*) (eap_payload_t*))get_data; this->public.get_data = (chunk_t (*) (eap_payload_t*))get_data;
@ -281,13 +281,13 @@ eap_payload_t *eap_payload_create()
this->public.get_code = (eap_code_t (*) (eap_payload_t*))get_code; this->public.get_code = (eap_code_t (*) (eap_payload_t*))get_code;
this->public.get_identifier = (u_int8_t (*) (eap_payload_t*))get_identifier; this->public.get_identifier = (u_int8_t (*) (eap_payload_t*))get_identifier;
this->public.get_type = (eap_type_t (*) (eap_payload_t*,u_int32_t*))get_type; this->public.get_type = (eap_type_t (*) (eap_payload_t*,u_int32_t*))get_type;
/* private variables */ /* private variables */
this->critical = FALSE; this->critical = FALSE;
this->next_payload = NO_PAYLOAD; this->next_payload = NO_PAYLOAD;
this->payload_length = EAP_PAYLOAD_HEADER_LENGTH; this->payload_length = EAP_PAYLOAD_HEADER_LENGTH;
this->data = chunk_empty; this->data = chunk_empty;
return &(this->public); return &(this->public);
} }
@ -297,7 +297,7 @@ eap_payload_t *eap_payload_create()
eap_payload_t *eap_payload_create_data(chunk_t data) eap_payload_t *eap_payload_create_data(chunk_t data)
{ {
eap_payload_t *this = eap_payload_create(); eap_payload_t *this = eap_payload_create();
this->set_data(this, data); this->set_data(this, data);
return this; return this;
} }
@ -309,11 +309,11 @@ eap_payload_t *eap_payload_create_code(eap_code_t code, u_int8_t identifier)
{ {
eap_payload_t *this = eap_payload_create(); eap_payload_t *this = eap_payload_create();
chunk_t data = chunk_alloca(4); chunk_t data = chunk_alloca(4);
*(data.ptr + 0) = code; *(data.ptr + 0) = code;
*(data.ptr + 1) = identifier; *(data.ptr + 1) = identifier;
*(u_int16_t*)(data.ptr + 2) = htons(data.len); *(u_int16_t*)(data.ptr + 2) = htons(data.len);
this->set_data(this, data); this->set_data(this, data);
return this; return this;
} }
@ -325,12 +325,12 @@ eap_payload_t *eap_payload_create_nak(u_int8_t identifier)
{ {
eap_payload_t *this = eap_payload_create(); eap_payload_t *this = eap_payload_create();
chunk_t data = chunk_alloca(5); chunk_t data = chunk_alloca(5);
*(data.ptr + 0) = EAP_RESPONSE; *(data.ptr + 0) = EAP_RESPONSE;
*(data.ptr + 1) = identifier; *(data.ptr + 1) = identifier;
*(u_int16_t*)(data.ptr + 2) = htons(data.len); *(u_int16_t*)(data.ptr + 2) = htons(data.len);
*(data.ptr + 4) = EAP_NAK; *(data.ptr + 4) = EAP_NAK;
this->set_data(this, data); this->set_data(this, data);
return this; return this;
} }

16
src/charon/encoding/payloads/eap_payload.h
View File

@ -39,12 +39,12 @@ typedef struct eap_payload_t eap_payload_t;
* The EAP payload format is described in RFC section 3.16. * The EAP payload format is described in RFC section 3.16.
*/ */
struct eap_payload_t { struct eap_payload_t {
/** /**
* The payload_t interface. * The payload_t interface.
*/ */
payload_t payload_interface; payload_t payload_interface;
/** /**
* Set the contained EAP data. * Set the contained EAP data.
* *
@ -54,7 +54,7 @@ struct eap_payload_t {
* @param message EAP data * @param message EAP data
*/ */
void (*set_data) (eap_payload_t *this, chunk_t data); void (*set_data) (eap_payload_t *this, chunk_t data);
/** /**
* Get the contained EAP data. * Get the contained EAP data.
* *
@ -63,21 +63,21 @@ struct eap_payload_t {
* @return EAP data (pointer to internal data) * @return EAP data (pointer to internal data)
*/ */
chunk_t (*get_data) (eap_payload_t *this); chunk_t (*get_data) (eap_payload_t *this);
/** /**
* Get the EAP code. * Get the EAP code.
* *
* @return EAP message as chunk_t * @return EAP message as chunk_t
*/ */
eap_code_t (*get_code) (eap_payload_t *this); eap_code_t (*get_code) (eap_payload_t *this);
/** /**
* Get the EAP identifier. * Get the EAP identifier.
* *
* @return unique identifier * @return unique identifier
*/ */
u_int8_t (*get_identifier) (eap_payload_t *this); u_int8_t (*get_identifier) (eap_payload_t *this);
/** /**
* Get the EAP method type. * Get the EAP method type.
* *
@ -85,7 +85,7 @@ struct eap_payload_t {
* @return EAP method type, vendor specific if vendor != 0 * @return EAP method type, vendor specific if vendor != 0
*/ */
eap_type_t (*get_type) (eap_payload_t *this, u_int32_t *vendor); eap_type_t (*get_type) (eap_payload_t *this, u_int32_t *vendor);
/** /**
* Destroys an eap_payload_t object. * Destroys an eap_payload_t object.
*/ */
@ -109,7 +109,7 @@ eap_payload_t *eap_payload_create_data(chunk_t data);
/** /**
* Creates an eap_payload_t object with a code. * Creates an eap_payload_t object with a code.
* *
* Could should be either EAP_SUCCESS/EAP_FAILURE, use * Could should be either EAP_SUCCESS/EAP_FAILURE, use
* constructor above otherwise. * constructor above otherwise.
* *
* @param code EAP status code * @param code EAP status code

330
src/charon/encoding/payloads/encodings.h
View File

@ -28,266 +28,266 @@ typedef struct encoding_rule_t encoding_rule_t;
#include <library.h> #include <library.h>
/** /**
* All different kinds of encoding types. * All different kinds of encoding types.
* *
* Each field of an IKEv2-Message (in header or payload) * Each field of an IKEv2-Message (in header or payload)
* which has to be parsed or generated differently has its own * which has to be parsed or generated differently has its own
* type defined here. * type defined here.
* *
* Header is parsed like a payload and gets its one payload_id * Header is parsed like a payload and gets its one payload_id
* from PRIVATE USE space. Also the substructures * from PRIVATE USE space. Also the substructures
* of specific payload types get their own payload_id * of specific payload types get their own payload_id
* from PRIVATE_USE space. See IKEv2-Draft for more informations. * from PRIVATE_USE space. See IKEv2-Draft for more informations.
*/ */
enum encoding_type_t { enum encoding_type_t {
/** /**
* Representing a 4 Bit unsigned int value. * Representing a 4 Bit unsigned int value.
* *
* *
* When generating it must be changed from host to network order. * When generating it must be changed from host to network order.
* The value is read from the associated data struct. * The value is read from the associated data struct.
* The current write position is moved 4 bit forward afterwards. * The current write position is moved 4 bit forward afterwards.
* *
* When parsing it must be changed from network to host order. * When parsing it must be changed from network to host order.
* The value is written to the associated data struct. * The value is written to the associated data struct.
* The current read pointer is moved 4 bit forward afterwards. * The current read pointer is moved 4 bit forward afterwards.
*/ */
U_INT_4, U_INT_4,
/** /**
* Representing a 8 Bit unsigned int value. * Representing a 8 Bit unsigned int value.
* *
* *
* When generating it must be changed from host to network order. * When generating it must be changed from host to network order.
* The value is read from the associated data struct. * The value is read from the associated data struct.
* The current write position is moved 8 bit forward afterwards. * The current write position is moved 8 bit forward afterwards.
* *
* When parsing it must be changed from network to host order. * When parsing it must be changed from network to host order.
* The value is written to the associated data struct. * The value is written to the associated data struct.
* The current read pointer is moved 8 bit forward afterwards. * The current read pointer is moved 8 bit forward afterwards.
*/ */
U_INT_8, U_INT_8,
/** /**
* Representing a 16 Bit unsigned int value. * Representing a 16 Bit unsigned int value.
* *
* *
* When generating it must be changed from host to network order. * When generating it must be changed from host to network order.
* The value is read from the associated data struct. * The value is read from the associated data struct.
* The current write position is moved 16 bit forward afterwards. * The current write position is moved 16 bit forward afterwards.
* *
* When parsing it must be changed from network to host order. * When parsing it must be changed from network to host order.
* The value is written to the associated data struct. * The value is written to the associated data struct.
* The current read pointer is moved 16 bit forward afterwards. * The current read pointer is moved 16 bit forward afterwards.
*/ */
U_INT_16, U_INT_16,
/** /**
* Representing a 32 Bit unsigned int value. * Representing a 32 Bit unsigned int value.
* *
* When generating it must be changed from host to network order. * When generating it must be changed from host to network order.
* The value is read from the associated data struct. * The value is read from the associated data struct.
* The current write position is moved 32 bit forward afterwards. * The current write position is moved 32 bit forward afterwards.
* *
* When parsing it must be changed from network to host order. * When parsing it must be changed from network to host order.
* The value is written to the associated data struct. * The value is written to the associated data struct.
* The current read pointer is moved 32 bit forward afterwards. * The current read pointer is moved 32 bit forward afterwards.
*/ */
U_INT_32, U_INT_32,
/** /**
* represents a RESERVED_BIT used in FLAG-Bytes. * represents a RESERVED_BIT used in FLAG-Bytes.
* *
* When generating, the next bit is set to zero and the current write * When generating, the next bit is set to zero and the current write
* position is moved one bit forward. * position is moved one bit forward.
* No value is read from the associated data struct. * No value is read from the associated data struct.
* The current write position is moved 1 bit forward afterwards. * The current write position is moved 1 bit forward afterwards.
* *
* When parsing, the current read pointer is moved one bit forward. * When parsing, the current read pointer is moved one bit forward.
* No value is written to the associated data struct. * No value is written to the associated data struct.
* The current read pointer is moved 1 bit forward afterwards. * The current read pointer is moved 1 bit forward afterwards.
*/ */
RESERVED_BIT, RESERVED_BIT,
/** /**
* represents a RESERVED_BYTE. * represents a RESERVED_BYTE.
* *
* When generating, the next byte is set to zero and the current write * When generating, the next byte is set to zero and the current write
* position is moved one byte forward. * position is moved one byte forward.
* No value is read from the associated data struct. * No value is read from the associated data struct.
* The current write position is moved 1 byte forward afterwards. * The current write position is moved 1 byte forward afterwards.
* *
* When parsing, the current read pointer is moved one byte forward. * When parsing, the current read pointer is moved one byte forward.
* No value is written to the associated data struct. * No value is written to the associated data struct.
* The current read pointer is moved 1 byte forward afterwards. * The current read pointer is moved 1 byte forward afterwards.
*/ */
RESERVED_BYTE, RESERVED_BYTE,
/** /**
* Representing a 1 Bit flag. * Representing a 1 Bit flag.
* *
* When generation, the next bit is set to 1 if the associated value * When generation, the next bit is set to 1 if the associated value
* in the data struct is TRUE, 0 otherwise. The current write position * in the data struct is TRUE, 0 otherwise. The current write position
* is moved 1 bit forward afterwards. * is moved 1 bit forward afterwards.
* *
* When parsing, the next bit is read and stored in the associated data * When parsing, the next bit is read and stored in the associated data
* struct. 0 means FALSE, 1 means TRUE, The current read pointer * struct. 0 means FALSE, 1 means TRUE, The current read pointer
* is moved 1 bit forward afterwards * is moved 1 bit forward afterwards
*/ */
FLAG, FLAG,
/** /**
* Representating a length field of a payload. * Representating a length field of a payload.
* *
* When generating it must be changed from host to network order. * When generating it must be changed from host to network order.
* The value is read from the associated data struct. * The value is read from the associated data struct.
* The current write position is moved 16 bit forward afterwards. * The current write position is moved 16 bit forward afterwards.
* *
* When parsing it must be changed from network to host order. * When parsing it must be changed from network to host order.
* The value is written to the associated data struct. * The value is written to the associated data struct.
* The current read pointer is moved 16 bit forward afterwards. * The current read pointer is moved 16 bit forward afterwards.
*/ */
PAYLOAD_LENGTH, PAYLOAD_LENGTH,
/** /**
* Representating a length field of a header. * Representating a length field of a header.
* *
* When generating it must be changed from host to network order. * When generating it must be changed from host to network order.
* The value is read from the associated data struct. * The value is read from the associated data struct.
* The current write position is moved 32 bit forward afterwards. * The current write position is moved 32 bit forward afterwards.
* *
* When parsing it must be changed from network to host order. * When parsing it must be changed from network to host order.
* The value is written to the associated data struct. * The value is written to the associated data struct.
* The current read pointer is moved 32 bit forward afterwards. * The current read pointer is moved 32 bit forward afterwards.
*/ */
HEADER_LENGTH, HEADER_LENGTH,
/** /**
* Representating a spi size field. * Representating a spi size field.
* *
* When generating it must be changed from host to network order. * When generating it must be changed from host to network order.
* The value is read from the associated data struct. * The value is read from the associated data struct.
* The current write position is moved 8 bit forward afterwards. * The current write position is moved 8 bit forward afterwards.
* *
* When parsing it must be changed from network to host order. * When parsing it must be changed from network to host order.
* The value is written to the associated data struct. * The value is written to the associated data struct.
* The current read pointer is moved 8 bit forward afterwards. * The current read pointer is moved 8 bit forward afterwards.
*/ */
SPI_SIZE, SPI_SIZE,
/** /**
* Representating a spi field. * Representating a spi field.
* *
* When generating the content of the chunkt pointing to * When generating the content of the chunkt pointing to
* is written. * is written.
* *
* When parsing SPI_SIZE bytes are read and written into the chunk pointing to. * When parsing SPI_SIZE bytes are read and written into the chunk pointing to.
*/ */
SPI, SPI,
/** /**
* Representating a Key Exchange Data field. * Representating a Key Exchange Data field.
* *
* When generating the content of the chunkt pointing to * When generating the content of the chunkt pointing to
* is written. * is written.
* *
* When parsing (Payload Length - 8) bytes are read and written into the chunk pointing to. * When parsing (Payload Length - 8) bytes are read and written into the chunk pointing to.
*/ */
KEY_EXCHANGE_DATA, KEY_EXCHANGE_DATA,
/** /**
* Representating a Notification field. * Representating a Notification field.
* *
* When generating the content of the chunkt pointing to * When generating the content of the chunkt pointing to
* is written. * is written.
* *
* When parsing (Payload Length - spi size - 8) bytes are read and written into the chunk pointing to. * When parsing (Payload Length - spi size - 8) bytes are read and written into the chunk pointing to.
*/ */
NOTIFICATION_DATA, NOTIFICATION_DATA,
/** /**
* Representating one or more proposal substructures. * Representating one or more proposal substructures.
* *
* The offset points to a linked_list_t pointer. * The offset points to a linked_list_t pointer.
* *
* When generating the proposal_substructure_t objects are stored * When generating the proposal_substructure_t objects are stored
* in the pointed linked_list. * in the pointed linked_list.
* *
* When parsing the parsed proposal_substructure_t objects have * When parsing the parsed proposal_substructure_t objects have
* to be stored in the pointed linked_list. * to be stored in the pointed linked_list.
*/ */
PROPOSALS, PROPOSALS,
/** /**
* Representating one or more transform substructures. * Representating one or more transform substructures.
* *
* The offset points to a linked_list_t pointer. * The offset points to a linked_list_t pointer.
* *
* When generating the transform_substructure_t objects are stored * When generating the transform_substructure_t objects are stored
* in the pointed linked_list. * in the pointed linked_list.
* *
* When parsing the parsed transform_substructure_t objects have * When parsing the parsed transform_substructure_t objects have
* to be stored in the pointed linked_list. * to be stored in the pointed linked_list.
*/ */
TRANSFORMS, TRANSFORMS,
/** /**
* Representating one or more Attributes of a transform substructure. * Representating one or more Attributes of a transform substructure.
* *
* The offset points to a linked_list_t pointer. * The offset points to a linked_list_t pointer.
* *
* When generating the transform_attribute_t objects are stored * When generating the transform_attribute_t objects are stored
* in the pointed linked_list. * in the pointed linked_list.
* *
* When parsing the parsed transform_attribute_t objects have * When parsing the parsed transform_attribute_t objects have
* to be stored in the pointed linked_list. * to be stored in the pointed linked_list.
*/ */
TRANSFORM_ATTRIBUTES, TRANSFORM_ATTRIBUTES,
/** /**
* Representating one or more Attributes of a configuration payload. * Representating one or more Attributes of a configuration payload.
* *
* The offset points to a linked_list_t pointer. * The offset points to a linked_list_t pointer.
* *
* When generating the configuration_attribute_t objects are stored * When generating the configuration_attribute_t objects are stored
* in the pointed linked_list. * in the pointed linked_list.
* *
* When parsing the parsed configuration_attribute_t objects have * When parsing the parsed configuration_attribute_t objects have
* to be stored in the pointed linked_list. * to be stored in the pointed linked_list.
*/ */
CONFIGURATION_ATTRIBUTES, CONFIGURATION_ATTRIBUTES,
/** /**
* *
* When generating the content of the chunkt pointing to * When generating the content of the chunkt pointing to
* is written. * is written.
* *
* When parsing (Payload Length - 4) bytes are read and written into the chunk pointing to. * When parsing (Payload Length - 4) bytes are read and written into the chunk pointing to.
*/ */
CONFIGURATION_ATTRIBUTE_VALUE, CONFIGURATION_ATTRIBUTE_VALUE,
/** /**
* Representing a 1 Bit flag specifying the format of a transform attribute. * Representing a 1 Bit flag specifying the format of a transform attribute.
* *
* When generation, the next bit is set to 1 if the associated value * When generation, the next bit is set to 1 if the associated value
* in the data struct is TRUE, 0 otherwise. The current write position * in the data struct is TRUE, 0 otherwise. The current write position
* is moved 1 bit forward afterwards. * is moved 1 bit forward afterwards.
* *
* When parsing, the next bit is read and stored in the associated data * When parsing, the next bit is read and stored in the associated data
* struct. 0 means FALSE, 1 means TRUE, The current read pointer * struct. 0 means FALSE, 1 means TRUE, The current read pointer
* is moved 1 bit forward afterwards. * is moved 1 bit forward afterwards.
*/ */
ATTRIBUTE_FORMAT, ATTRIBUTE_FORMAT,
/** /**
* Representing a 15 Bit unsigned int value used as attribute type * Representing a 15 Bit unsigned int value used as attribute type
* in an attribute transform. * in an attribute transform.
* *
* *
* When generating it must be changed from host to network order. * When generating it must be changed from host to network order.
* The value is read from the associated data struct. * The value is read from the associated data struct.
* The current write position is moved 15 bit forward afterwards. * The current write position is moved 15 bit forward afterwards.
* *
* When parsing it must be changed from network to host order. * When parsing it must be changed from network to host order.
* The value is written to the associated data struct. * The value is written to the associated data struct.
* The current read pointer is moved 15 bit forward afterwards. * The current read pointer is moved 15 bit forward afterwards.
@ -298,11 +298,11 @@ enum encoding_type_t {
* Depending on the field of type ATTRIBUTE_FORMAT * Depending on the field of type ATTRIBUTE_FORMAT
* this field contains the length or the value of an transform attribute. * this field contains the length or the value of an transform attribute.
* Its stored in a 16 unsigned integer field. * Its stored in a 16 unsigned integer field.
* *
* When generating it must be changed from host to network order. * When generating it must be changed from host to network order.
* The value is read from the associated data struct. * The value is read from the associated data struct.
* The current write position is moved 16 bit forward afterwards. * The current write position is moved 16 bit forward afterwards.
* *
* When parsing it must be changed from network to host order. * When parsing it must be changed from network to host order.
* The value is written to the associated data struct. * The value is written to the associated data struct.
* The current read pointer is moved 16 bit forward afterwards. * The current read pointer is moved 16 bit forward afterwards.
@ -312,11 +312,11 @@ enum encoding_type_t {
/** /**
* This field contains the length or the value of an configuration attribute. * This field contains the length or the value of an configuration attribute.
* Its stored in a 16 unsigned integer field. * Its stored in a 16 unsigned integer field.
* *
* When generating it must be changed from host to network order. * When generating it must be changed from host to network order.
* The value is read from the associated data struct. * The value is read from the associated data struct.
* The current write position is moved 16 bit forward afterwards. * The current write position is moved 16 bit forward afterwards.
* *
* When parsing it must be changed from network to host order. * When parsing it must be changed from network to host order.
* The value is written to the associated data struct. * The value is written to the associated data struct.
* The current read pointer is moved 16 bit forward afterwards. * The current read pointer is moved 16 bit forward afterwards.
@ -325,155 +325,155 @@ enum encoding_type_t {
/** /**
* Depending on the field of type ATTRIBUTE_FORMAT * Depending on the field of type ATTRIBUTE_FORMAT
* this field is available or missing and so parsed/generated * this field is available or missing and so parsed/generated
* or not parsed/not generated. * or not parsed/not generated.
* *
* When generating the content of the chunkt pointing to * When generating the content of the chunkt pointing to
* is written. * is written.
* *
* When parsing SPI_SIZE bytes are read and written into the chunk pointing to. * When parsing SPI_SIZE bytes are read and written into the chunk pointing to.
*/ */
ATTRIBUTE_VALUE, ATTRIBUTE_VALUE,
/** /**
* Representating one or more Traffic selectors of a TS payload. * Representating one or more Traffic selectors of a TS payload.
* *
* The offset points to a linked_list_t pointer. * The offset points to a linked_list_t pointer.
* *
* When generating the traffic_selector_substructure_t objects are stored * When generating the traffic_selector_substructure_t objects are stored
* in the pointed linked_list. * in the pointed linked_list.
* *
* When parsing the parsed traffic_selector_substructure_t objects have * When parsing the parsed traffic_selector_substructure_t objects have
* to be stored in the pointed linked_list. * to be stored in the pointed linked_list.
*/ */
TRAFFIC_SELECTORS, TRAFFIC_SELECTORS,
/** /**
* Representating a Traffic selector type field. * Representating a Traffic selector type field.
* *
* When generating it must be changed from host to network order. * When generating it must be changed from host to network order.
* The value is read from the associated data struct. * The value is read from the associated data struct.
* The current write position is moved 16 bit forward afterwards. * The current write position is moved 16 bit forward afterwards.
* *
* When parsing it must be changed from network to host order. * When parsing it must be changed from network to host order.
* The value is written to the associated data struct. * The value is written to the associated data struct.
* The current read pointer is moved 16 bit forward afterwards. * The current read pointer is moved 16 bit forward afterwards.
*/ */
TS_TYPE, TS_TYPE,
/** /**
* Representating an address field in a traffic selector. * Representating an address field in a traffic selector.
* *
* Depending on the last field of type TS_TYPE * Depending on the last field of type TS_TYPE
* this field is either 4 or 16 byte long. * this field is either 4 or 16 byte long.
* *
* When generating the content of the chunkt pointing to * When generating the content of the chunkt pointing to
* is written. * is written.
* *
* When parsing 4 or 16 bytes are read and written into the chunk pointing to. * When parsing 4 or 16 bytes are read and written into the chunk pointing to.
*/ */
ADDRESS, ADDRESS,
/** /**
* Representating a Nonce Data field. * Representating a Nonce Data field.
* *
* When generating the content of the chunkt pointing to * When generating the content of the chunkt pointing to
* is written. * is written.
* *
* When parsing (Payload Length - 4) bytes are read and written into the chunk pointing to. * When parsing (Payload Length - 4) bytes are read and written into the chunk pointing to.
*/ */
NONCE_DATA, NONCE_DATA,
/** /**
* Representating a ID Data field. * Representating a ID Data field.
* *
* When generating the content of the chunkt pointing to * When generating the content of the chunkt pointing to
* is written. * is written.
* *
* When parsing (Payload Length - 8) bytes are read and written into the chunk pointing to. * When parsing (Payload Length - 8) bytes are read and written into the chunk pointing to.
*/ */
ID_DATA, ID_DATA,
/** /**
* Representating a AUTH Data field. * Representating a AUTH Data field.
* *
* When generating the content of the chunkt pointing to * When generating the content of the chunkt pointing to
* is written. * is written.
* *
* When parsing (Payload Length - 8) bytes are read and written into the chunk pointing to. * When parsing (Payload Length - 8) bytes are read and written into the chunk pointing to.
*/ */
AUTH_DATA, AUTH_DATA,
/** /**
* Representating a CERT Data field. * Representating a CERT Data field.
* *
* When generating the content of the chunkt pointing to * When generating the content of the chunkt pointing to
* is written. * is written.
* *
* When parsing (Payload Length - 5) bytes are read and written into the chunk pointing to. * When parsing (Payload Length - 5) bytes are read and written into the chunk pointing to.
*/ */
CERT_DATA, CERT_DATA,
/** /**
* Representating a CERTREQ Data field. * Representating a CERTREQ Data field.
* *
* When generating the content of the chunkt pointing to * When generating the content of the chunkt pointing to
* is written. * is written.
* *
* When parsing (Payload Length - 5) bytes are read and written into the chunk pointing to. * When parsing (Payload Length - 5) bytes are read and written into the chunk pointing to.
*/ */
CERTREQ_DATA, CERTREQ_DATA,
/** /**
* Representating an EAP message field. * Representating an EAP message field.
* *
* When generating the content of the chunkt pointing to * When generating the content of the chunkt pointing to
* is written. * is written.
* *
* When parsing (Payload Length - 4) bytes are read and written into the chunk pointing to. * When parsing (Payload Length - 4) bytes are read and written into the chunk pointing to.
*/ */
EAP_DATA, EAP_DATA,
/** /**
* Representating the SPIS field in a DELETE payload. * Representating the SPIS field in a DELETE payload.
* *
* When generating the content of the chunkt pointing to * When generating the content of the chunkt pointing to
* is written. * is written.
* *
* When parsing (Payload Length - 8) bytes are read and written into the chunk pointing to. * When parsing (Payload Length - 8) bytes are read and written into the chunk pointing to.
*/ */
SPIS, SPIS,
/** /**
* Representating the VID DATA field in a VENDOR ID payload. * Representating the VID DATA field in a VENDOR ID payload.
* *
* When generating the content of the chunkt pointing to * When generating the content of the chunkt pointing to
* is written. * is written.
* *
* When parsing (Payload Length - 4) bytes are read and written into the chunk pointing to. * When parsing (Payload Length - 4) bytes are read and written into the chunk pointing to.
*/ */
VID_DATA, VID_DATA,
/** /**
* Representating the DATA of an unknown payload. * Representating the DATA of an unknown payload.
* *
* When generating the content of the chunkt pointing to * When generating the content of the chunkt pointing to
* is written. * is written.
* *
* When parsing (Payload Length - 4) bytes are read and written into the chunk pointing to. * When parsing (Payload Length - 4) bytes are read and written into the chunk pointing to.
*/ */
UNKNOWN_DATA, UNKNOWN_DATA,
/** /**
* Representating an IKE_SPI field in an IKEv2 Header. * Representating an IKE_SPI field in an IKEv2 Header.
* *
* When generating the value of the u_int64_t pointing to * When generating the value of the u_int64_t pointing to
* is written (host and networ order is not changed). * is written (host and networ order is not changed).
* *
* When parsing 8 bytes are read and written into the u_int64_t pointing to. * When parsing 8 bytes are read and written into the u_int64_t pointing to.
*/ */
IKE_SPI, IKE_SPI,
/** /**
* Representing the encrypted data body of a encryption payload. * Representing the encrypted data body of a encryption payload.
*/ */
@ -488,25 +488,25 @@ extern enum_name_t *encoding_type_names;
/** /**
* Rule how to en-/decode a payload field. * Rule how to en-/decode a payload field.
* *
* An encoding rule is a mapping of a specific encoding type to * An encoding rule is a mapping of a specific encoding type to
* a location in the data struct where the current field is stored to * a location in the data struct where the current field is stored to
* or read from. * or read from.
* This rules are used by parser and generator. * This rules are used by parser and generator.
*/ */
struct encoding_rule_t { struct encoding_rule_t {
/** /**
* Encoding type. * Encoding type.
*/ */
encoding_type_t type; encoding_type_t type;
/** /**
* Offset in the data struct. * Offset in the data struct.
* *
* When parsing, data are written to this offset of the * When parsing, data are written to this offset of the
* data struct. * data struct.
* *
* When generating, data are read from this offset in the * When generating, data are read from this offset in the
* data struct. * data struct.
*/ */
u_int32_t offset; u_int32_t offset;

132
src/charon/encoding/payloads/encryption_payload.c
View File

@ -32,19 +32,19 @@ typedef struct private_encryption_payload_t private_encryption_payload_t;
/** /**
* Private data of an encryption_payload_t' Object. * Private data of an encryption_payload_t' Object.
* *
*/ */
struct private_encryption_payload_t { struct private_encryption_payload_t {
/** /**
* Public encryption_payload_t interface. * Public encryption_payload_t interface.
*/ */
encryption_payload_t public; encryption_payload_t public;
/** /**
* There is no next payload for an encryption payload, * There is no next payload for an encryption payload,
* since encryption payload MUST be the last one. * since encryption payload MUST be the last one.
* next_payload means here the first payload of the * next_payload means here the first payload of the
* contained, encrypted payload. * contained, encrypted payload.
*/ */
u_int8_t next_payload; u_int8_t next_payload;
@ -53,33 +53,33 @@ struct private_encryption_payload_t {
* Critical flag. * Critical flag.
*/ */
bool critical; bool critical;
/** /**
* Length of this payload * Length of this payload
*/ */
u_int16_t payload_length; u_int16_t payload_length;
/** /**
* Chunk containing the iv, data, padding, * Chunk containing the iv, data, padding,
* and (an eventually not calculated) signature. * and (an eventually not calculated) signature.
*/ */
chunk_t encrypted; chunk_t encrypted;
/** /**
* Chunk containing the data in decrypted (unpadded) form. * Chunk containing the data in decrypted (unpadded) form.
*/ */
chunk_t decrypted; chunk_t decrypted;
/** /**
* Signer set by set_signer. * Signer set by set_signer.
*/ */
signer_t *signer; signer_t *signer;
/** /**
* Crypter, supplied by encrypt/decrypt * Crypter, supplied by encrypt/decrypt
*/ */
crypter_t *crypter; crypter_t *crypter;
/** /**
* Contained payloads of this encrpytion_payload. * Contained payloads of this encrpytion_payload.
*/ */
@ -88,10 +88,10 @@ struct private_encryption_payload_t {
/** /**
* Encoding rules to parse or generate a IKEv2-Encryption Payload. * Encoding rules to parse or generate a IKEv2-Encryption Payload.
* *
* The defined offsets are the positions in a object of type * The defined offsets are the positions in a object of type
* private_encryption_payload_t. * private_encryption_payload_t.
* *
*/ */
encoding_rule_t encryption_payload_encodings[] = { encoding_rule_t encryption_payload_encodings[] = {
/* 1 Byte next payload type, stored in the field next_payload */ /* 1 Byte next payload type, stored in the field next_payload */
@ -170,7 +170,7 @@ static payload_type_t get_next_type(private_encryption_payload_t *this)
*/ */
static void set_next_type(private_encryption_payload_t *this, payload_type_t type) static void set_next_type(private_encryption_payload_t *this, payload_type_t type)
{ {
/* set next type is not allowed, since this payload MUST be the last one /* set next type is not allowed, since this payload MUST be the last one
* and so nothing is done in here*/ * and so nothing is done in here*/
} }
@ -190,7 +190,7 @@ static void compute_length(private_encryption_payload_t *this)
length += current_payload->get_length(current_payload); length += current_payload->get_length(current_payload);
} }
iterator->destroy(iterator); iterator->destroy(iterator);
if (this->crypter && this->signer) if (this->crypter && this->signer)
{ {
/* append one byte for padding length */ /* append one byte for padding length */
@ -268,13 +268,13 @@ static void generate(private_encryption_payload_t *this)
payload_t *current_payload, *next_payload; payload_t *current_payload, *next_payload;
generator_t *generator; generator_t *generator;
iterator_t *iterator; iterator_t *iterator;
/* recalculate length before generating */ /* recalculate length before generating */
compute_length(this); compute_length(this);
/* create iterator */ /* create iterator */
iterator = this->payloads->create_iterator(this->payloads, TRUE); iterator = this->payloads->create_iterator(this->payloads, TRUE);
/* get first payload */ /* get first payload */
if (iterator->iterate(iterator, (void**)&current_payload)) if (iterator->iterate(iterator, (void**)&current_payload))
{ {
@ -289,9 +289,9 @@ static void generate(private_encryption_payload_t *this)
iterator->destroy(iterator); iterator->destroy(iterator);
return; return;
} }
generator = generator_create(); generator = generator_create();
/* build all payload, except last */ /* build all payload, except last */
while(iterator->iterate(iterator, (void**)&next_payload)) while(iterator->iterate(iterator, (void**)&next_payload))
{ {
@ -300,14 +300,14 @@ static void generate(private_encryption_payload_t *this)
current_payload = next_payload; current_payload = next_payload;
} }
iterator->destroy(iterator); iterator->destroy(iterator);
/* build last payload */ /* build last payload */
current_payload->set_next_type(current_payload, NO_PAYLOAD); current_payload->set_next_type(current_payload, NO_PAYLOAD);
generator->generate_payload(generator, current_payload); generator->generate_payload(generator, current_payload);
/* free already generated data */ /* free already generated data */
free(this->decrypted.ptr); free(this->decrypted.ptr);
generator->write_to_chunk(generator, &(this->decrypted)); generator->write_to_chunk(generator, &(this->decrypted));
generator->destroy(generator); generator->destroy(generator);
DBG2(DBG_ENC, "successfully generated content in encryption payload"); DBG2(DBG_ENC, "successfully generated content in encryption payload");
@ -321,13 +321,13 @@ static status_t encrypt(private_encryption_payload_t *this)
chunk_t iv, padding, to_crypt, result; chunk_t iv, padding, to_crypt, result;
rng_t *rng; rng_t *rng;
size_t block_size; size_t block_size;
if (this->signer == NULL || this->crypter == NULL) if (this->signer == NULL || this->crypter == NULL)
{ {
DBG1(DBG_ENC, "could not encrypt, signer/crypter not set"); DBG1(DBG_ENC, "could not encrypt, signer/crypter not set");
return INVALID_STATE; return INVALID_STATE;
} }
/* for random data in iv and padding */ /* for random data in iv and padding */
rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
if (!rng) if (!rng)
@ -337,15 +337,15 @@ static status_t encrypt(private_encryption_payload_t *this)
} }
/* build payload chunk */ /* build payload chunk */
generate(this); generate(this);
DBG2(DBG_ENC, "encrypting payloads"); DBG2(DBG_ENC, "encrypting payloads");
DBG3(DBG_ENC, "data to encrypt %B", &this->decrypted); DBG3(DBG_ENC, "data to encrypt %B", &this->decrypted);
/* build padding */ /* build padding */
block_size = this->crypter->get_block_size(this->crypter); block_size = this->crypter->get_block_size(this->crypter);
padding.len = block_size - ((this->decrypted.len + 1) % block_size); padding.len = block_size - ((this->decrypted.len + 1) % block_size);
rng->allocate_bytes(rng, padding.len, &padding); rng->allocate_bytes(rng, padding.len, &padding);
/* concatenate payload data, padding, padding len */ /* concatenate payload data, padding, padding len */
to_crypt.len = this->decrypted.len + padding.len + 1; to_crypt.len = this->decrypted.len + padding.len + 1;
to_crypt.ptr = malloc(to_crypt.len); to_crypt.ptr = malloc(to_crypt.len);
@ -353,36 +353,36 @@ static status_t encrypt(private_encryption_payload_t *this)
memcpy(to_crypt.ptr, this->decrypted.ptr, this->decrypted.len); memcpy(to_crypt.ptr, this->decrypted.ptr, this->decrypted.len);
memcpy(to_crypt.ptr + this->decrypted.len, padding.ptr, padding.len); memcpy(to_crypt.ptr + this->decrypted.len, padding.ptr, padding.len);
*(to_crypt.ptr + to_crypt.len - 1) = padding.len; *(to_crypt.ptr + to_crypt.len - 1) = padding.len;
/* build iv */ /* build iv */
iv.len = block_size; iv.len = block_size;
rng->allocate_bytes(rng, iv.len, &iv); rng->allocate_bytes(rng, iv.len, &iv);
rng->destroy(rng); rng->destroy(rng);
DBG3(DBG_ENC, "data before encryption with padding %B", &to_crypt); DBG3(DBG_ENC, "data before encryption with padding %B", &to_crypt);
/* encrypt to_crypt chunk */ /* encrypt to_crypt chunk */
free(this->encrypted.ptr); free(this->encrypted.ptr);
this->crypter->encrypt(this->crypter, to_crypt, iv, &result); this->crypter->encrypt(this->crypter, to_crypt, iv, &result);
free(padding.ptr); free(padding.ptr);
free(to_crypt.ptr); free(to_crypt.ptr);
DBG3(DBG_ENC, "data after encryption %B", &result); DBG3(DBG_ENC, "data after encryption %B", &result);
/* build encrypted result with iv and signature */ /* build encrypted result with iv and signature */
this->encrypted.len = iv.len + result.len + this->signer->get_block_size(this->signer); this->encrypted.len = iv.len + result.len + this->signer->get_block_size(this->signer);
free(this->encrypted.ptr); free(this->encrypted.ptr);
this->encrypted.ptr = malloc(this->encrypted.len); this->encrypted.ptr = malloc(this->encrypted.len);
/* fill in result, signature is left out */ /* fill in result, signature is left out */
memcpy(this->encrypted.ptr, iv.ptr, iv.len); memcpy(this->encrypted.ptr, iv.ptr, iv.len);
memcpy(this->encrypted.ptr + iv.len, result.ptr, result.len); memcpy(this->encrypted.ptr + iv.len, result.ptr, result.len);
free(result.ptr); free(result.ptr);
free(iv.ptr); free(iv.ptr);
DBG3(DBG_ENC, "data after encryption with IV and (invalid) signature %B", DBG3(DBG_ENC, "data after encryption with IV and (invalid) signature %B",
&this->encrypted); &this->encrypted);
return SUCCESS; return SUCCESS;
} }
@ -394,16 +394,16 @@ static status_t parse(private_encryption_payload_t *this)
parser_t *parser; parser_t *parser;
status_t status; status_t status;
payload_type_t current_payload_type; payload_type_t current_payload_type;
/* build a parser on the decrypted data */ /* build a parser on the decrypted data */
parser = parser_create(this->decrypted); parser = parser_create(this->decrypted);
current_payload_type = this->next_payload; current_payload_type = this->next_payload;
/* parse all payloads */ /* parse all payloads */
while (current_payload_type != NO_PAYLOAD) while (current_payload_type != NO_PAYLOAD)
{ {
payload_t *current_payload; payload_t *current_payload;
status = parser->parse_payload(parser, current_payload_type, (payload_t**)&current_payload); status = parser->parse_payload(parser, current_payload_type, (payload_t**)&current_payload);
if (status != SUCCESS) if (status != SUCCESS)
{ {
@ -423,7 +423,7 @@ static status_t parse(private_encryption_payload_t *this)
/* get next payload type */ /* get next payload type */
current_payload_type = current_payload->get_next_type(current_payload); current_payload_type = current_payload->get_next_type(current_payload);
this->payloads->insert_last(this->payloads,current_payload); this->payloads->insert_last(this->payloads,current_payload);
} }
parser->destroy(parser); parser->destroy(parser);
@ -438,50 +438,50 @@ static status_t decrypt(private_encryption_payload_t *this)
{ {
chunk_t iv, concatenated; chunk_t iv, concatenated;
u_int8_t padding_length; u_int8_t padding_length;
DBG2(DBG_ENC, "decrypting encryption payload"); DBG2(DBG_ENC, "decrypting encryption payload");
DBG3(DBG_ENC, "data before decryption with IV and (invalid) signature %B", DBG3(DBG_ENC, "data before decryption with IV and (invalid) signature %B",
&this->encrypted); &this->encrypted);
if (this->signer == NULL || this->crypter == NULL) if (this->signer == NULL || this->crypter == NULL)
{ {
DBG1(DBG_ENC, "could not decrypt, no crypter/signer set"); DBG1(DBG_ENC, "could not decrypt, no crypter/signer set");
return INVALID_STATE; return INVALID_STATE;
} }
/* get IV */ /* get IV */
iv.len = this->crypter->get_block_size(this->crypter); iv.len = this->crypter->get_block_size(this->crypter);
iv.ptr = this->encrypted.ptr; iv.ptr = this->encrypted.ptr;
/* point concatenated to data + padding + padding_length*/ /* point concatenated to data + padding + padding_length*/
concatenated.ptr = this->encrypted.ptr + iv.len; concatenated.ptr = this->encrypted.ptr + iv.len;
concatenated.len = this->encrypted.len - iv.len - concatenated.len = this->encrypted.len - iv.len -
this->signer->get_block_size(this->signer); this->signer->get_block_size(this->signer);
/* concatenated must be a multiple of block_size of crypter */ /* concatenated must be a multiple of block_size of crypter */
if (concatenated.len < iv.len || concatenated.len % iv.len) if (concatenated.len < iv.len || concatenated.len % iv.len)
{ {
DBG1(DBG_ENC, "could not decrypt, invalid input"); DBG1(DBG_ENC, "could not decrypt, invalid input");
return FAILED; return FAILED;
} }
/* free previus data, if any */ /* free previus data, if any */
free(this->decrypted.ptr); free(this->decrypted.ptr);
DBG3(DBG_ENC, "data before decryption %B", &concatenated); DBG3(DBG_ENC, "data before decryption %B", &concatenated);
this->crypter->decrypt(this->crypter, concatenated, iv, &this->decrypted); this->crypter->decrypt(this->crypter, concatenated, iv, &this->decrypted);
DBG3(DBG_ENC, "data after decryption with padding %B", &this->decrypted); DBG3(DBG_ENC, "data after decryption with padding %B", &this->decrypted);
/* get padding length, sits just bevore signature */ /* get padding length, sits just bevore signature */
padding_length = *(this->decrypted.ptr + this->decrypted.len - 1); padding_length = *(this->decrypted.ptr + this->decrypted.len - 1);
/* add one byte to the padding length, since the padding_length field is /* add one byte to the padding length, since the padding_length field is
* not included */ * not included */
padding_length++; padding_length++;
this->decrypted.len -= padding_length; this->decrypted.len -= padding_length;
/* check size again */ /* check size again */
if (padding_length > concatenated.len || this->decrypted.len < 0) if (padding_length > concatenated.len || this->decrypted.len < 0)
{ {
@ -489,7 +489,7 @@ static status_t decrypt(private_encryption_payload_t *this)
/* decryption failed :-/ */ /* decryption failed :-/ */
return FAILED; return FAILED;
} }
/* free padding */ /* free padding */
this->decrypted.ptr = realloc(this->decrypted.ptr, this->decrypted.len); this->decrypted.ptr = realloc(this->decrypted.ptr, this->decrypted.len);
DBG3(DBG_ENC, "data after decryption without padding %B", &this->decrypted); DBG3(DBG_ENC, "data after decryption without padding %B", &this->decrypted);
@ -513,13 +513,13 @@ static status_t build_signature(private_encryption_payload_t *this, chunk_t data
{ {
chunk_t data_without_sig = data; chunk_t data_without_sig = data;
chunk_t sig; chunk_t sig;
if (this->signer == NULL) if (this->signer == NULL)
{ {
DBG1(DBG_ENC, "unable to build signature, no signer set"); DBG1(DBG_ENC, "unable to build signature, no signer set");
return INVALID_STATE; return INVALID_STATE;
} }
sig.len = this->signer->get_block_size(this->signer); sig.len = this->signer->get_block_size(this->signer);
data_without_sig.len -= sig.len; data_without_sig.len -= sig.len;
sig.ptr = data.ptr + data_without_sig.len; sig.ptr = data.ptr + data_without_sig.len;
@ -535,7 +535,7 @@ static status_t verify_signature(private_encryption_payload_t *this, chunk_t dat
{ {
chunk_t sig, data_without_sig; chunk_t sig, data_without_sig;
bool valid; bool valid;
if (this->signer == NULL) if (this->signer == NULL)
{ {
DBG1(DBG_ENC, "unable to verify signature, no signer set"); DBG1(DBG_ENC, "unable to verify signature, no signer set");
@ -549,18 +549,18 @@ static status_t verify_signature(private_encryption_payload_t *this, chunk_t dat
return FAILED; return FAILED;
} }
sig.ptr = data.ptr + data.len - sig.len; sig.ptr = data.ptr + data.len - sig.len;
/* verify it */ /* verify it */
data_without_sig.len = data.len - sig.len; data_without_sig.len = data.len - sig.len;
data_without_sig.ptr = data.ptr; data_without_sig.ptr = data.ptr;
valid = this->signer->verify_signature(this->signer, data_without_sig, sig); valid = this->signer->verify_signature(this->signer, data_without_sig, sig);
if (!valid) if (!valid)
{ {
DBG1(DBG_ENC, "signature verification failed"); DBG1(DBG_ENC, "signature verification failed");
return FAILED; return FAILED;
} }
DBG2(DBG_ENC, "signature verification successful"); DBG2(DBG_ENC, "signature verification successful");
return SUCCESS; return SUCCESS;
} }
@ -582,7 +582,7 @@ static void destroy(private_encryption_payload_t *this)
encryption_payload_t *encryption_payload_create() encryption_payload_t *encryption_payload_create()
{ {
private_encryption_payload_t *this = malloc_thing(private_encryption_payload_t); private_encryption_payload_t *this = malloc_thing(private_encryption_payload_t);
/* payload_t interface functions */ /* payload_t interface functions */
this->public.payload_interface.verify = (status_t (*) (payload_t *))verify; this->public.payload_interface.verify = (status_t (*) (payload_t *))verify;
this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules; this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules;
@ -591,20 +591,20 @@ encryption_payload_t *encryption_payload_create()
this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type;
this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type; this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type;
this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; this->public.payload_interface.destroy = (void (*) (payload_t *))destroy;
/* public functions */ /* public functions */
this->public.create_payload_iterator = (iterator_t * (*) (encryption_payload_t *,bool)) create_payload_iterator; this->public.create_payload_iterator = (iterator_t * (*) (encryption_payload_t *,bool)) create_payload_iterator;
this->public.add_payload = (void (*) (encryption_payload_t *,payload_t *)) add_payload; this->public.add_payload = (void (*) (encryption_payload_t *,payload_t *)) add_payload;
this->public.remove_first_payload = (status_t (*)(encryption_payload_t*, payload_t **)) remove_first_payload; this->public.remove_first_payload = (status_t (*)(encryption_payload_t*, payload_t **)) remove_first_payload;
this->public.get_payload_count = (size_t (*)(encryption_payload_t*)) get_payload_count; this->public.get_payload_count = (size_t (*)(encryption_payload_t*)) get_payload_count;
this->public.encrypt = (status_t (*) (encryption_payload_t *)) encrypt; this->public.encrypt = (status_t (*) (encryption_payload_t *)) encrypt;
this->public.decrypt = (status_t (*) (encryption_payload_t *)) decrypt; this->public.decrypt = (status_t (*) (encryption_payload_t *)) decrypt;
this->public.set_transforms = (void (*) (encryption_payload_t*,crypter_t*,signer_t*)) set_transforms; this->public.set_transforms = (void (*) (encryption_payload_t*,crypter_t*,signer_t*)) set_transforms;
this->public.build_signature = (status_t (*) (encryption_payload_t*, chunk_t)) build_signature; this->public.build_signature = (status_t (*) (encryption_payload_t*, chunk_t)) build_signature;
this->public.verify_signature = (status_t (*) (encryption_payload_t*, chunk_t)) verify_signature; this->public.verify_signature = (status_t (*) (encryption_payload_t*, chunk_t)) verify_signature;
this->public.destroy = (void (*) (encryption_payload_t *)) destroy; this->public.destroy = (void (*) (encryption_payload_t *)) destroy;
/* set default values of the fields */ /* set default values of the fields */
this->critical = FALSE; this->critical = FALSE;
this->next_payload = NO_PAYLOAD; this->next_payload = NO_PAYLOAD;
@ -614,6 +614,6 @@ encryption_payload_t *encryption_payload_create()
this->signer = NULL; this->signer = NULL;
this->crypter = NULL; this->crypter = NULL;
this->payloads = linked_list_create(); this->payloads = linked_list_create();
return (&(this->public)); return (&(this->public));
} }

44
src/charon/encoding/payloads/encryption_payload.h
View File

@ -39,7 +39,7 @@ typedef struct encryption_payload_t encryption_payload_t;
/** /**
* The encryption payload as described in RFC section 3.14. * The encryption payload as described in RFC section 3.14.
* *
* Before any crypt/decrypt/sign/verify operation can occur, * Before any crypt/decrypt/sign/verify operation can occur,
* the transforms must be set. After that, a parsed encryption payload * the transforms must be set. After that, a parsed encryption payload
* can be decrypted, which also will parse the contained payloads. * can be decrypted, which also will parse the contained payloads.
* Encryption is done the same way, added payloads will get generated * Encryption is done the same way, added payloads will get generated
@ -54,24 +54,24 @@ struct encryption_payload_t {
* Implements payload_t interface. * Implements payload_t interface.
*/ */
payload_t payload_interface; payload_t payload_interface;
/** /**
* Creates an iterator for all contained payloads. * Creates an iterator for all contained payloads.
* *
* iterator_t object has to get destroyed by the caller. * iterator_t object has to get destroyed by the caller.
* *
* @param forward iterator direction (TRUE: front to end) * @param forward iterator direction (TRUE: front to end)
* return created iterator_t object * return created iterator_t object
*/ */
iterator_t *(*create_payload_iterator) (encryption_payload_t *this, bool forward); iterator_t *(*create_payload_iterator) (encryption_payload_t *this, bool forward);
/** /**
* Adds a payload to this encryption payload. * Adds a payload to this encryption payload.
* *
* @param payload payload_t object to add * @param payload payload_t object to add
*/ */
void (*add_payload) (encryption_payload_t *this, payload_t *payload); void (*add_payload) (encryption_payload_t *this, payload_t *payload);
/** /**
* Reove the last payload in the contained payload list. * Reove the last payload in the contained payload list.
* *
@ -81,20 +81,20 @@ struct encryption_payload_t {
* - NOT_FOUND if list empty * - NOT_FOUND if list empty
*/ */
status_t (*remove_first_payload) (encryption_payload_t *this, payload_t **payload); status_t (*remove_first_payload) (encryption_payload_t *this, payload_t **payload);
/** /**
* Get the number of payloads. * Get the number of payloads.
* *
* @return number of contained payloads * @return number of contained payloads
*/ */
size_t (*get_payload_count) (encryption_payload_t *this); size_t (*get_payload_count) (encryption_payload_t *this);
/** /**
* Set transforms to use. * Set transforms to use.
* *
* To decryption, encryption, signature building and verifying, * To decryption, encryption, signature building and verifying,
* the payload needs a crypter and a signer object. * the payload needs a crypter and a signer object.
* *
* @warning Do NOT call this function again after encryption, since * @warning Do NOT call this function again after encryption, since
* the signer must be the same while encrypting and signature building! * the signer must be the same while encrypting and signature building!
* *
@ -102,10 +102,10 @@ struct encryption_payload_t {
* @param signer signer_t to use for data signing/verifying * @param signer signer_t to use for data signing/verifying
*/ */
void (*set_transforms) (encryption_payload_t *this, crypter_t *crypter, signer_t *signer); void (*set_transforms) (encryption_payload_t *this, crypter_t *crypter, signer_t *signer);
/** /**
* Generate and encrypt contained payloads. * Generate and encrypt contained payloads.
* *
* This function generates the content for added payloads * This function generates the content for added payloads
* and encrypts them. Signature is not built, since we need * and encrypts them. Signature is not built, since we need
* additional data (the full message). * additional data (the full message).
@ -113,11 +113,11 @@ struct encryption_payload_t {
* @return SUCCESS, or INVALID_STATE if transforms not set * @return SUCCESS, or INVALID_STATE if transforms not set
*/ */
status_t (*encrypt) (encryption_payload_t *this); status_t (*encrypt) (encryption_payload_t *this);
/** /**
* Decrypt and parse contained payloads. * Decrypt and parse contained payloads.
* *
* This function decrypts the contained data. After, * This function decrypts the contained data. After,
* the payloads are parsed internally and are accessible * the payloads are parsed internally and are accessible
* via the iterator. * via the iterator.
* *
@ -127,29 +127,29 @@ struct encryption_payload_t {
* - FAILED if data is invalid * - FAILED if data is invalid
*/ */
status_t (*decrypt) (encryption_payload_t *this); status_t (*decrypt) (encryption_payload_t *this);
/** /**
* Build the signature. * Build the signature.
* *
* The signature is built over the FULL message, so the header * The signature is built over the FULL message, so the header
* and every payload (inclusive this one) must already be generated. * and every payload (inclusive this one) must already be generated.
* The generated message is supplied via the data paramater. * The generated message is supplied via the data paramater.
* *
* @param data chunk contains the already generated message * @param data chunk contains the already generated message
* @return * @return
* - SUCCESS, or * - SUCCESS, or
* - INVALID_STATE if transforms not set * - INVALID_STATE if transforms not set
*/ */
status_t (*build_signature) (encryption_payload_t *this, chunk_t data); status_t (*build_signature) (encryption_payload_t *this, chunk_t data);
/** /**
* Verify the signature. * Verify the signature.
* *
* Since the signature is built over the full message, we need * Since the signature is built over the full message, we need
* this data to do the verification. The message data * this data to do the verification. The message data
* is supplied via the data argument. * is supplied via the data argument.
* *
* @param data chunk contains the message * @param data chunk contains the message
* @return * @return
* - SUCCESS, or * - SUCCESS, or
* - FAILED if signature invalid, or * - FAILED if signature invalid, or
@ -165,7 +165,7 @@ struct encryption_payload_t {
/** /**
* Creates an empty encryption_payload_t object. * Creates an empty encryption_payload_t object.
* *
* @return encryption_payload_t object * @return encryption_payload_t object
*/ */
encryption_payload_t *encryption_payload_create(void); encryption_payload_t *encryption_payload_create(void);

90
src/charon/encoding/payloads/endpoint_notify.c
View File

@ -23,34 +23,34 @@ typedef struct private_endpoint_notify_t private_endpoint_notify_t;
/** /**
* Private data of an notify_payload_t object. * Private data of an notify_payload_t object.
* *
*/ */
struct private_endpoint_notify_t { struct private_endpoint_notify_t {
/** /**
* Public endpoint_notify_t interface. * Public endpoint_notify_t interface.
*/ */
endpoint_notify_t public; endpoint_notify_t public;
/** /**
* Priority * Priority
*/ */
u_int32_t priority; u_int32_t priority;
/** /**
* Family * Family
*/ */
me_endpoint_family_t family; me_endpoint_family_t family;
/** /**
* Endpoint type * Endpoint type
*/ */
me_endpoint_type_t type; me_endpoint_type_t type;
/** /**
* Endpoint * Endpoint
*/ */
host_t *endpoint; host_t *endpoint;
/** /**
* Base (used for server reflexive endpoints) * Base (used for server reflexive endpoints)
*/ */
@ -65,7 +65,7 @@ struct private_endpoint_notify_t {
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
! Family ! Type ! Port ! ! Family ! Type ! Port !
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
! IP Address (variable) ! IP Address (variable)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
*/ */
@ -122,9 +122,9 @@ static status_t parse_notification_data(private_endpoint_notify_t *this, chunk_t
chunk_t addr; chunk_t addr;
u_int8_t *cur = data.ptr; u_int8_t *cur = data.ptr;
u_int8_t *top = data.ptr + data.len; u_int8_t *top = data.ptr + data.len;
DBG3(DBG_IKE, "me_endpoint_data %B", &data); DBG3(DBG_IKE, "me_endpoint_data %B", &data);
if (parse_uint32(&cur, top, &this->priority) != SUCCESS) if (parse_uint32(&cur, top, &this->priority) != SUCCESS)
{ {
DBG1(DBG_IKE, "failed to parse ME_ENDPOINT: invalid priority"); DBG1(DBG_IKE, "failed to parse ME_ENDPOINT: invalid priority");
@ -136,20 +136,20 @@ static status_t parse_notification_data(private_endpoint_notify_t *this, chunk_t
DBG1(DBG_IKE, "failed to parse ME_ENDPOINT: invalid family"); DBG1(DBG_IKE, "failed to parse ME_ENDPOINT: invalid family");
return FAILED; return FAILED;
} }
this->family = (me_endpoint_family_t)family; this->family = (me_endpoint_family_t)family;
if (parse_uint8(&cur, top, &type) != SUCCESS || type >= MAX_TYPE) if (parse_uint8(&cur, top, &type) != SUCCESS || type >= MAX_TYPE)
{ {
DBG1(DBG_IKE, "failed to parse ME_ENDPOINT: invalid type"); DBG1(DBG_IKE, "failed to parse ME_ENDPOINT: invalid type");
return FAILED; return FAILED;
} }
this->type = (me_endpoint_type_t)type; this->type = (me_endpoint_type_t)type;
addr_family = AF_INET; addr_family = AF_INET;
addr.len = 4; addr.len = 4;
switch(this->family) switch(this->family)
{ {
case IPv6: case IPv6:
@ -160,24 +160,24 @@ static status_t parse_notification_data(private_endpoint_notify_t *this, chunk_t
if (parse_uint16(&cur, top, &port) != SUCCESS) if (parse_uint16(&cur, top, &port) != SUCCESS)
{ {
DBG1(DBG_IKE, "failed to parse ME_ENDPOINT: invalid port"); DBG1(DBG_IKE, "failed to parse ME_ENDPOINT: invalid port");
return FAILED; return FAILED;
} }
if (cur + addr.len > top) if (cur + addr.len > top)
{ {
DBG1(DBG_IKE, "failed to parse ME_ENDPOINT: invalid IP address"); DBG1(DBG_IKE, "failed to parse ME_ENDPOINT: invalid IP address");
return FAILED; return FAILED;
} }
addr.ptr = cur; addr.ptr = cur;
this->endpoint = host_create_from_chunk(addr_family, addr, port); this->endpoint = host_create_from_chunk(addr_family, addr, port);
break; break;
case NO_FAMILY: case NO_FAMILY:
default: default:
this->endpoint = NULL; this->endpoint = NULL;
break; break;
} }
return SUCCESS; return SUCCESS;
} }
@ -192,14 +192,14 @@ static chunk_t build_notification_data(private_endpoint_notify_t *this)
u_int32_t prio; u_int32_t prio;
u_int16_t port; u_int16_t port;
u_int8_t family, type; u_int8_t family, type;
prio = htonl(this->priority); prio = htonl(this->priority);
prio_chunk = chunk_from_thing(prio); prio_chunk = chunk_from_thing(prio);
family = this->family; family = this->family;
family_chunk = chunk_from_thing(family); family_chunk = chunk_from_thing(family);
type = this->type; type = this->type;
type_chunk = chunk_from_thing(type); type_chunk = chunk_from_thing(type);
if (this->endpoint) if (this->endpoint)
{ {
port = htons(this->endpoint->get_port(this->endpoint)); port = htons(this->endpoint->get_port(this->endpoint));
@ -208,15 +208,15 @@ static chunk_t build_notification_data(private_endpoint_notify_t *this)
else else
{ {
port = 0; port = 0;
addr_chunk = chunk_empty; addr_chunk = chunk_empty;
} }
port_chunk = chunk_from_thing(port); port_chunk = chunk_from_thing(port);
/* data = prio | family | type | port | addr */ /* data = prio | family | type | port | addr */
data = chunk_cat("ccccc", prio_chunk, family_chunk, type_chunk, data = chunk_cat("ccccc", prio_chunk, family_chunk, type_chunk,
port_chunk, addr_chunk); port_chunk, addr_chunk);
DBG3(DBG_IKE, "me_endpoint_data %B", &data); DBG3(DBG_IKE, "me_endpoint_data %B", &data);
return data; return data;
} }
@ -226,14 +226,14 @@ static chunk_t build_notification_data(private_endpoint_notify_t *this)
static notify_payload_t *build_notify(private_endpoint_notify_t *this) static notify_payload_t *build_notify(private_endpoint_notify_t *this)
{ {
chunk_t data; chunk_t data;
notify_payload_t *notify; notify_payload_t *notify;
notify = notify_payload_create(); notify = notify_payload_create();
notify->set_notify_type(notify, ME_ENDPOINT); notify->set_notify_type(notify, ME_ENDPOINT);
data = build_notification_data(this); data = build_notification_data(this);
notify->set_notification_data(notify, data); notify->set_notification_data(notify, data);
chunk_free(&data); chunk_free(&data);
return notify; return notify;
} }
@ -291,7 +291,7 @@ static host_t *get_base(private_endpoint_notify_t *this)
static endpoint_notify_t *_clone(private_endpoint_notify_t *this) static endpoint_notify_t *_clone(private_endpoint_notify_t *this)
{ {
private_endpoint_notify_t *clone = (private_endpoint_notify_t*)endpoint_notify_create(); private_endpoint_notify_t *clone = (private_endpoint_notify_t*)endpoint_notify_create();
clone->priority = this->priority; clone->priority = this->priority;
clone->type = this->type; clone->type = this->type;
clone->family = this->family; clone->family = this->family;
@ -299,12 +299,12 @@ static endpoint_notify_t *_clone(private_endpoint_notify_t *this)
{ {
clone->endpoint = this->endpoint->clone(this->endpoint); clone->endpoint = this->endpoint->clone(this->endpoint);
} }
if (this->base) if (this->base)
{ {
clone->base = this->base->clone(this->base); clone->base = this->base->clone(this->base);
} }
return &clone->public; return &clone->public;
} }
@ -336,14 +336,14 @@ endpoint_notify_t *endpoint_notify_create()
this->public.build_notify = (notify_payload_t *(*) (endpoint_notify_t *)) build_notify; this->public.build_notify = (notify_payload_t *(*) (endpoint_notify_t *)) build_notify;
this->public.clone = (endpoint_notify_t *(*) (endpoint_notify_t *)) _clone; this->public.clone = (endpoint_notify_t *(*) (endpoint_notify_t *)) _clone;
this->public.destroy = (void (*) (endpoint_notify_t *)) destroy; this->public.destroy = (void (*) (endpoint_notify_t *)) destroy;
/* set default values of the fields */ /* set default values of the fields */
this->priority = 0; this->priority = 0;
this->family = NO_FAMILY; this->family = NO_FAMILY;
this->type = NO_TYPE; this->type = NO_TYPE;
this->endpoint = NULL; this->endpoint = NULL;
this->base = NULL; this->base = NULL;
return &this->public; return &this->public;
} }
@ -353,34 +353,34 @@ endpoint_notify_t *endpoint_notify_create()
endpoint_notify_t *endpoint_notify_create_from_host(me_endpoint_type_t type, host_t *host, host_t *base) endpoint_notify_t *endpoint_notify_create_from_host(me_endpoint_type_t type, host_t *host, host_t *base)
{ {
private_endpoint_notify_t *this = (private_endpoint_notify_t*)endpoint_notify_create(); private_endpoint_notify_t *this = (private_endpoint_notify_t*)endpoint_notify_create();
this->type = type; this->type = type;
switch(type) switch(type)
{ {
case HOST: case HOST:
this->priority = pow(2, 16) * ME_PRIO_HOST; this->priority = pow(2, 16) * ME_PRIO_HOST;
break; break;
case PEER_REFLEXIVE: case PEER_REFLEXIVE:
this->priority = pow(2, 16) * ME_PRIO_PEER; this->priority = pow(2, 16) * ME_PRIO_PEER;
break; break;
case SERVER_REFLEXIVE: case SERVER_REFLEXIVE:
this->priority = pow(2, 16) * ME_PRIO_SERVER; this->priority = pow(2, 16) * ME_PRIO_SERVER;
break; break;
case RELAYED: case RELAYED:
default: default:
this->priority = pow(2, 16) * ME_PRIO_RELAY; this->priority = pow(2, 16) * ME_PRIO_RELAY;
break; break;
} }
/* FIXME: if there is more than one ip address we should vary this priority */ /* FIXME: if there is more than one ip address we should vary this priority */
this->priority += 65535; this->priority += 65535;
if (!host) if (!host)
{ {
return &this->public; return &this->public;
} }
switch(host->get_family(host)) switch(host->get_family(host))
{ {
case AF_INET: case AF_INET:
@ -394,14 +394,14 @@ endpoint_notify_t *endpoint_notify_create_from_host(me_endpoint_type_t type, hos
* (family is set to NO_FAMILY) */ * (family is set to NO_FAMILY) */
return &this->public; return &this->public;
} }
this->endpoint = host->clone(host); this->endpoint = host->clone(host);
if (base) if (base)
{ {
this->base = base->clone(base); this->base = base->clone(base);
} }
return &this->public; return &this->public;
} }
@ -414,7 +414,7 @@ endpoint_notify_t *endpoint_notify_create_from_payload(notify_payload_t *notify)
{ {
return NULL; return NULL;
} }
private_endpoint_notify_t *this = (private_endpoint_notify_t*)endpoint_notify_create(); private_endpoint_notify_t *this = (private_endpoint_notify_t*)endpoint_notify_create();
chunk_t data = notify->get_notification_data(notify); chunk_t data = notify->get_notification_data(notify);
if (parse_notification_data(this, data) != SUCCESS) if (parse_notification_data(this, data) != SUCCESS)

62
src/charon/encoding/payloads/endpoint_notify.h
View File

@ -36,34 +36,34 @@ typedef struct endpoint_notify_t endpoint_notify_t;
* ME endpoint families. * ME endpoint families.
*/ */
enum me_endpoint_family_t { enum me_endpoint_family_t {
NO_FAMILY = 0, NO_FAMILY = 0,
IPv4 = 1, IPv4 = 1,
IPv6 = 2, IPv6 = 2,
MAX_FAMILY = 3 MAX_FAMILY = 3
}; };
/** /**
* ME endpoint types. * ME endpoint types.
*/ */
enum me_endpoint_type_t { enum me_endpoint_type_t {
NO_TYPE = 0, NO_TYPE = 0,
HOST = 1, HOST = 1,
PEER_REFLEXIVE = 2, PEER_REFLEXIVE = 2,
SERVER_REFLEXIVE = 3, SERVER_REFLEXIVE = 3,
RELAYED = 4, RELAYED = 4,
MAX_TYPE = 5 MAX_TYPE = 5
}; };
/** /**
@ -79,52 +79,52 @@ extern enum_name_t *me_endpoint_type_names;
struct endpoint_notify_t { struct endpoint_notify_t {
/** /**
* Returns the priority of this endpoint. * Returns the priority of this endpoint.
* *
* @return priority * @return priority
*/ */
u_int32_t (*get_priority) (endpoint_notify_t *this); u_int32_t (*get_priority) (endpoint_notify_t *this);
/** /**
* Sets the priority of this endpoint. * Sets the priority of this endpoint.
* *
* @param priority priority * @param priority priority
*/ */
void (*set_priority) (endpoint_notify_t *this, u_int32_t priority); void (*set_priority) (endpoint_notify_t *this, u_int32_t priority);
/** /**
* Returns the endpoint type of this endpoint. * Returns the endpoint type of this endpoint.
* *
* @return endpoint type * @return endpoint type
*/ */
me_endpoint_type_t (*get_type) (endpoint_notify_t *this); me_endpoint_type_t (*get_type) (endpoint_notify_t *this);
/** /**
* Returns the endpoint family of this endpoint. * Returns the endpoint family of this endpoint.
* *
* @return endpoint family * @return endpoint family
*/ */
me_endpoint_family_t (*get_family) (endpoint_notify_t *this); me_endpoint_family_t (*get_family) (endpoint_notify_t *this);
/** /**
* Returns the host of this endpoint. * Returns the host of this endpoint.
* *
* @return host * @return host
*/ */
host_t *(*get_host) (endpoint_notify_t *this); host_t *(*get_host) (endpoint_notify_t *this);
/** /**
* Returns the base of this endpoint. * Returns the base of this endpoint.
* *
* If this is not a SERVER_REFLEXIVE endpoint, the returned host is the same * If this is not a SERVER_REFLEXIVE endpoint, the returned host is the same
* as the one returned by get_host. * as the one returned by get_host.
* *
* @return host * @return host
*/ */
host_t *(*get_base) (endpoint_notify_t *this); host_t *(*get_base) (endpoint_notify_t *this);
/** /**
* Generates a notification payload from this endpoint. * Generates a notification payload from this endpoint.
* *
* @return built notify_payload_t * @return built notify_payload_t
*/ */
notify_payload_t *(*build_notify) (endpoint_notify_t *this); notify_payload_t *(*build_notify) (endpoint_notify_t *this);
@ -135,7 +135,7 @@ struct endpoint_notify_t {
* @return cloned object * @return cloned object
*/ */
endpoint_notify_t *(*clone) (endpoint_notify_t *this); endpoint_notify_t *(*clone) (endpoint_notify_t *this);
/** /**
* Destroys an endpoint_notify_t object. * Destroys an endpoint_notify_t object.
*/ */
@ -144,7 +144,7 @@ struct endpoint_notify_t {
/** /**
* Creates an empty endpoint_notify_t object. * Creates an empty endpoint_notify_t object.
* *
* @return created endpoint_notify_t object * @return created endpoint_notify_t object
*/ */
endpoint_notify_t *endpoint_notify_create(void); endpoint_notify_t *endpoint_notify_create(void);
@ -152,7 +152,7 @@ endpoint_notify_t *endpoint_notify_create(void);
/** /**
* Creates an endpoint_notify_t object from a host. * Creates an endpoint_notify_t object from a host.
* *
* @param type the endpoint type * @param type the endpoint type
* @param host host to base the notify on (gets cloned) * @param host host to base the notify on (gets cloned)
* @param base base of the endpoint, applies only to reflexive endpoints (gets cloned) * @param base base of the endpoint, applies only to reflexive endpoints (gets cloned)
@ -163,7 +163,7 @@ endpoint_notify_t *endpoint_notify_create_from_host(me_endpoint_type_t type,
/** /**
* Creates an endpoint_notify_t object from a notify payload. * Creates an endpoint_notify_t object from a notify payload.
* *
* @param notify the notify payload * @param notify the notify payload
* @return - created endpoint_notify_t object * @return - created endpoint_notify_t object
* - NULL if invalid payload * - NULL if invalid payload

26
src/charon/encoding/payloads/id_payload.c
View File

@ -27,19 +27,19 @@ typedef struct private_id_payload_t private_id_payload_t;
/** /**
* Private data of an id_payload_t object. * Private data of an id_payload_t object.
* *
*/ */
struct private_id_payload_t { struct private_id_payload_t {
/** /**
* Public id_payload_t interface. * Public id_payload_t interface.
*/ */
id_payload_t public; id_payload_t public;
/** /**
* one of ID_INITIATOR, ID_RESPONDER * one of ID_INITIATOR, ID_RESPONDER
*/ */
payload_type_t payload_type; payload_type_t payload_type;
/** /**
* Next payload type. * Next payload type.
*/ */
@ -49,17 +49,17 @@ struct private_id_payload_t {
* Critical flag. * Critical flag.
*/ */
bool critical; bool critical;
/** /**
* Length of this payload. * Length of this payload.
*/ */
u_int16_t payload_length; u_int16_t payload_length;
/** /**
* Type of the ID Data. * Type of the ID Data.
*/ */
u_int8_t id_type; u_int8_t id_type;
/** /**
* The contained id data value. * The contained id data value.
*/ */
@ -68,10 +68,10 @@ struct private_id_payload_t {
/** /**
* Encoding rules to parse or generate a ID payload * Encoding rules to parse or generate a ID payload
* *
* The defined offsets are the positions in a object of type * The defined offsets are the positions in a object of type
* private_id_payload_t. * private_id_payload_t.
* *
*/ */
encoding_rule_t id_payload_encodings[] = { encoding_rule_t id_payload_encodings[] = {
/* 1 Byte next payload type, stored in the field next_payload */ /* 1 Byte next payload type, stored in the field next_payload */
@ -126,7 +126,7 @@ static status_t verify(private_id_payload_t *this)
DBG1(DBG_ENC, "received ID with reserved type %d", this->id_type); DBG1(DBG_ENC, "received ID with reserved type %d", this->id_type);
return FAILED; return FAILED;
} }
return SUCCESS; return SUCCESS;
} }
@ -242,7 +242,7 @@ static void destroy(private_id_payload_t *this)
{ {
chunk_free(&(this->id_data)); chunk_free(&(this->id_data));
} }
free(this); free(this);
} }
/* /*
@ -260,7 +260,7 @@ id_payload_t *id_payload_create(payload_type_t payload_type)
this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type;
this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_payload_type; this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_payload_type;
this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; this->public.payload_interface.destroy = (void (*) (payload_t *))destroy;
/* public functions */ /* public functions */
this->public.destroy = (void (*) (id_payload_t *)) destroy; this->public.destroy = (void (*) (id_payload_t *)) destroy;
this->public.set_id_type = (void (*) (id_payload_t *,id_type_t)) set_id_type; this->public.set_id_type = (void (*) (id_payload_t *,id_type_t)) set_id_type;
@ -268,7 +268,7 @@ id_payload_t *id_payload_create(payload_type_t payload_type)
this->public.set_data = (void (*) (id_payload_t *,chunk_t)) set_data; this->public.set_data = (void (*) (id_payload_t *,chunk_t)) set_data;
this->public.get_data = (chunk_t (*) (id_payload_t *)) get_data; this->public.get_data = (chunk_t (*) (id_payload_t *)) get_data;
this->public.get_data_clone = (chunk_t (*) (id_payload_t *)) get_data_clone; this->public.get_data_clone = (chunk_t (*) (id_payload_t *)) get_data_clone;
this->public.get_identification = (identification_t * (*) (id_payload_t *this)) get_identification; this->public.get_identification = (identification_t * (*) (id_payload_t *this)) get_identification;
/* private variables */ /* private variables */

26
src/charon/encoding/payloads/id_payload.h
View File

@ -51,35 +51,35 @@ struct id_payload_t {
* @param type Type of ID * @param type Type of ID
*/ */
void (*set_id_type) (id_payload_t *this, id_type_t type); void (*set_id_type) (id_payload_t *this, id_type_t type);
/** /**
* Get the ID type. * Get the ID type.
* *
* @return type of the ID * @return type of the ID
*/ */
id_type_t (*get_id_type) (id_payload_t *this); id_type_t (*get_id_type) (id_payload_t *this);
/** /**
* Set the ID data. * Set the ID data.
* *
* Data are getting cloned. * Data are getting cloned.
* *
* @param data ID data as chunk_t * @param data ID data as chunk_t
*/ */
void (*set_data) (id_payload_t *this, chunk_t data); void (*set_data) (id_payload_t *this, chunk_t data);
/** /**
* Get the ID data. * Get the ID data.
* *
* Returned data are a copy of the internal one * Returned data are a copy of the internal one
* *
* @return ID data as chunk_t * @return ID data as chunk_t
*/ */
chunk_t (*get_data_clone) (id_payload_t *this); chunk_t (*get_data_clone) (id_payload_t *this);
/** /**
* Get the ID data. * Get the ID data.
* *
* Returned data are NOT copied. * Returned data are NOT copied.
* *
* @return ID data as chunk_t * @return ID data as chunk_t
@ -88,13 +88,13 @@ struct id_payload_t {
/** /**
* Creates an identification object of this id payload. * Creates an identification object of this id payload.
* *
* Returned object has to get destroyed by the caller. * Returned object has to get destroyed by the caller.
* *
* @return identification_t object * @return identification_t object
*/ */
identification_t *(*get_identification) (id_payload_t *this); identification_t *(*get_identification) (id_payload_t *this);
/** /**
* Destroys an id_payload_t object. * Destroys an id_payload_t object.
*/ */
@ -103,7 +103,7 @@ struct id_payload_t {
/** /**
* Creates an empty id_payload_t object. * Creates an empty id_payload_t object.
* *
* @param payload_type one of ID_INITIATOR, ID_RESPONDER * @param payload_type one of ID_INITIATOR, ID_RESPONDER
* @return id_payload_t object * @return id_payload_t object
*/ */
@ -111,7 +111,7 @@ id_payload_t *id_payload_create(payload_type_t payload_type);
/** /**
* Creates an id_payload_t from an existing identification_t object. * Creates an id_payload_t from an existing identification_t object.
* *
* @param payload_type one of ID_INITIATOR, ID_RESPONDER * @param payload_type one of ID_INITIATOR, ID_RESPONDER
* @param identification identification_t object * @param identification identification_t object
* @return id_payload_t object * @return id_payload_t object

20
src/charon/encoding/payloads/ike_header.c
View File

@ -33,7 +33,7 @@ struct private_ike_header_t {
* Public interface. * Public interface.
*/ */
ike_header_t public; ike_header_t public;
/** /**
* SPI of the initiator. * SPI of the initiator.
*/ */
@ -62,7 +62,7 @@ struct private_ike_header_t {
* Exchange type . * Exchange type .
*/ */
u_int8_t exchange_type; u_int8_t exchange_type;
/** /**
* Flags of the Message. * Flags of the Message.
*/ */
@ -87,7 +87,7 @@ struct private_ike_header_t {
* Associated Message-ID. * Associated Message-ID.
*/ */
u_int32_t message_id; u_int32_t message_id;
/** /**
* Length of the whole IKEv2-Message (header and all payloads). * Length of the whole IKEv2-Message (header and all payloads).
*/ */
@ -111,7 +111,7 @@ ENUM_END(exchange_type_names, INFORMATIONAL);
/** /**
* Encoding rules to parse or generate a IKEv2-Header. * Encoding rules to parse or generate a IKEv2-Header.
* *
* The defined offsets are the positions in a object of type * The defined offsets are the positions in a object of type
* ike_header_t. * ike_header_t.
*/ */
@ -191,9 +191,9 @@ static status_t verify(private_ike_header_t *this)
/* initiator spi not set */ /* initiator spi not set */
return FAILED; return FAILED;
} }
/* verification of version is not done in here */ /* verification of version is not done in here */
return SUCCESS; return SUCCESS;
} }
@ -372,7 +372,7 @@ static size_t get_length(payload_t *this)
ike_header_t *ike_header_create() ike_header_t *ike_header_create()
{ {
private_ike_header_t *this = malloc_thing(private_ike_header_t); private_ike_header_t *this = malloc_thing(private_ike_header_t);
this->public.payload_interface.verify = (status_t (*) (payload_t *))verify; this->public.payload_interface.verify = (status_t (*) (payload_t *))verify;
this->public.payload_interface.get_encoding_rules = get_encoding_rules; this->public.payload_interface.get_encoding_rules = get_encoding_rules;
this->public.payload_interface.get_length = get_length; this->public.payload_interface.get_length = get_length;
@ -381,7 +381,7 @@ ike_header_t *ike_header_create()
this->public.payload_interface.get_type = get_type; this->public.payload_interface.get_type = get_type;
this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; this->public.payload_interface.destroy = (void (*) (payload_t *))destroy;
this->public.destroy = destroy; this->public.destroy = destroy;
this->public.get_initiator_spi = (u_int64_t (*) (ike_header_t*))get_initiator_spi; this->public.get_initiator_spi = (u_int64_t (*) (ike_header_t*))get_initiator_spi;
this->public.set_initiator_spi = (void (*) (ike_header_t*,u_int64_t))set_initiator_spi; this->public.set_initiator_spi = (void (*) (ike_header_t*,u_int64_t))set_initiator_spi;
this->public.get_responder_spi = (u_int64_t (*) (ike_header_t*))get_responder_spi; this->public.get_responder_spi = (u_int64_t (*) (ike_header_t*))get_responder_spi;
@ -397,7 +397,7 @@ ike_header_t *ike_header_create()
this->public.set_exchange_type = (void (*) (ike_header_t*,u_int8_t))set_exchange_type; this->public.set_exchange_type = (void (*) (ike_header_t*,u_int8_t))set_exchange_type;
this->public.get_message_id = (u_int32_t (*) (ike_header_t*))get_message_id; this->public.get_message_id = (u_int32_t (*) (ike_header_t*))get_message_id;
this->public.set_message_id = (void (*) (ike_header_t*,u_int32_t))set_message_id; this->public.set_message_id = (void (*) (ike_header_t*,u_int32_t))set_message_id;
/* set default values of the fields */ /* set default values of the fields */
this->initiator_spi = 0; this->initiator_spi = 0;
this->responder_spi = 0; this->responder_spi = 0;
@ -410,6 +410,6 @@ ike_header_t *ike_header_create()
this->flags.response = FALSE; this->flags.response = FALSE;
this->message_id = 0; this->message_id = 0;
this->length = IKE_HEADER_LENGTH; this->length = IKE_HEADER_LENGTH;
return (ike_header_t*)this; return (ike_header_t*)this;
} }

30
src/charon/encoding/payloads/ike_header.h
View File

@ -60,7 +60,7 @@ enum exchange_type_t{
* EXCHANGE_TYPE_UNDEFINED. In private space, since not a official message type. * EXCHANGE_TYPE_UNDEFINED. In private space, since not a official message type.
*/ */
EXCHANGE_TYPE_UNDEFINED = 255, EXCHANGE_TYPE_UNDEFINED = 255,
/** /**
* IKE_SA_INIT. * IKE_SA_INIT.
*/ */
@ -106,56 +106,56 @@ struct ike_header_t {
* The payload_t interface. * The payload_t interface.
*/ */
payload_t payload_interface; payload_t payload_interface;
/** /**
* Get the initiator spi. * Get the initiator spi.
* *
* @return initiator_spi * @return initiator_spi
*/ */
u_int64_t (*get_initiator_spi) (ike_header_t *this); u_int64_t (*get_initiator_spi) (ike_header_t *this);
/** /**
* Set the initiator spi. * Set the initiator spi.
* *
* @param initiator_spi initiator_spi * @param initiator_spi initiator_spi
*/ */
void (*set_initiator_spi) (ike_header_t *this, u_int64_t initiator_spi); void (*set_initiator_spi) (ike_header_t *this, u_int64_t initiator_spi);
/** /**
* Get the responder spi. * Get the responder spi.
* *
* @return responder_spi * @return responder_spi
*/ */
u_int64_t (*get_responder_spi) (ike_header_t *this); u_int64_t (*get_responder_spi) (ike_header_t *this);
/** /**
* Set the responder spi. * Set the responder spi.
* *
* @param responder_spi responder_spi * @param responder_spi responder_spi
*/ */
void (*set_responder_spi) (ike_header_t *this, u_int64_t responder_spi); void (*set_responder_spi) (ike_header_t *this, u_int64_t responder_spi);
/** /**
* Get the major version. * Get the major version.
* *
* @return major version * @return major version
*/ */
u_int8_t (*get_maj_version) (ike_header_t *this); u_int8_t (*get_maj_version) (ike_header_t *this);
/** /**
* Get the minor version. * Get the minor version.
* *
* @return minor version * @return minor version
*/ */
u_int8_t (*get_min_version) (ike_header_t *this); u_int8_t (*get_min_version) (ike_header_t *this);
/** /**
* Get the response flag. * Get the response flag.
* *
* @return response flag * @return response flag
*/ */
bool (*get_response_flag) (ike_header_t *this); bool (*get_response_flag) (ike_header_t *this);
/** /**
* Set the response flag- * Set the response flag-
* *
@ -168,14 +168,14 @@ struct ike_header_t {
* @return version flag * @return version flag
*/ */
bool (*get_version_flag) (ike_header_t *this); bool (*get_version_flag) (ike_header_t *this);
/** /**
* Get the initiator flag. * Get the initiator flag.
* *
* @return initiator flag * @return initiator flag
*/ */
bool (*get_initiator_flag) (ike_header_t *this); bool (*get_initiator_flag) (ike_header_t *this);
/** /**
* Set the initiator flag. * Set the initiator flag.
* *
@ -189,28 +189,28 @@ struct ike_header_t {
* @return exchange type * @return exchange type
*/ */
u_int8_t (*get_exchange_type) (ike_header_t *this); u_int8_t (*get_exchange_type) (ike_header_t *this);
/** /**
* Set the exchange type. * Set the exchange type.
* *
* @param exchange_type exchange type * @param exchange_type exchange type
*/ */
void (*set_exchange_type) (ike_header_t *this, u_int8_t exchange_type); void (*set_exchange_type) (ike_header_t *this, u_int8_t exchange_type);
/** /**
* Get the message id. * Get the message id.
* *
* @return message id * @return message id
*/ */
u_int32_t (*get_message_id) (ike_header_t *this); u_int32_t (*get_message_id) (ike_header_t *this);
/** /**
* Set the message id. * Set the message id.
* *
* @param initiator_spi message id * @param initiator_spi message id
*/ */
void (*set_message_id) (ike_header_t *this, u_int32_t message_id); void (*set_message_id) (ike_header_t *this, u_int32_t message_id);
/** /**
* Destroys a ike_header_t object. * Destroys a ike_header_t object.
*/ */

50
src/charon/encoding/payloads/ke_payload.c
View File

@ -25,14 +25,14 @@ typedef struct private_ke_payload_t private_ke_payload_t;
/** /**
* Private data of an ke_payload_t object. * Private data of an ke_payload_t object.
* *
*/ */
struct private_ke_payload_t { struct private_ke_payload_t {
/** /**
* Public ke_payload_t interface. * Public ke_payload_t interface.
*/ */
ke_payload_t public; ke_payload_t public;
/** /**
* Next payload type. * Next payload type.
*/ */
@ -42,17 +42,17 @@ struct private_ke_payload_t {
* Critical flag. * Critical flag.
*/ */
bool critical; bool critical;
/** /**
* Length of this payload. * Length of this payload.
*/ */
u_int16_t payload_length; u_int16_t payload_length;
/** /**
* DH Group Number. * DH Group Number.
*/ */
u_int16_t dh_group_number; u_int16_t dh_group_number;
/** /**
* Key Exchange Data of this KE payload. * Key Exchange Data of this KE payload.
*/ */
@ -61,30 +61,30 @@ struct private_ke_payload_t {
/** /**
* Encoding rules to parse or generate a IKEv2-KE Payload. * Encoding rules to parse or generate a IKEv2-KE Payload.
* *
* The defined offsets are the positions in a object of type * The defined offsets are the positions in a object of type
* private_ke_payload_t. * private_ke_payload_t.
* *
*/ */
encoding_rule_t ke_payload_encodings[] = { encoding_rule_t ke_payload_encodings[] = {
/* 1 Byte next payload type, stored in the field next_payload */ /* 1 Byte next payload type, stored in the field next_payload */
{ U_INT_8, offsetof(private_ke_payload_t, next_payload) }, { U_INT_8, offsetof(private_ke_payload_t, next_payload) },
/* the critical bit */ /* the critical bit */
{ FLAG, offsetof(private_ke_payload_t, critical) }, { FLAG, offsetof(private_ke_payload_t, critical) },
/* 7 Bit reserved bits, nowhere stored */ /* 7 Bit reserved bits, nowhere stored */
{ RESERVED_BIT, 0 }, { RESERVED_BIT, 0 },
{ RESERVED_BIT, 0 }, { RESERVED_BIT, 0 },
{ RESERVED_BIT, 0 }, { RESERVED_BIT, 0 },
{ RESERVED_BIT, 0 }, { RESERVED_BIT, 0 },
{ RESERVED_BIT, 0 }, { RESERVED_BIT, 0 },
{ RESERVED_BIT, 0 }, { RESERVED_BIT, 0 },
{ RESERVED_BIT, 0 }, { RESERVED_BIT, 0 },
/* Length of the whole payload*/ /* Length of the whole payload*/
{ PAYLOAD_LENGTH, offsetof(private_ke_payload_t, payload_length) }, { PAYLOAD_LENGTH, offsetof(private_ke_payload_t, payload_length) },
/* DH Group number as 16 bit field*/ /* DH Group number as 16 bit field*/
{ U_INT_16, offsetof(private_ke_payload_t, dh_group_number) }, { U_INT_16, offsetof(private_ke_payload_t, dh_group_number) },
{ RESERVED_BYTE, 0 }, { RESERVED_BYTE, 0 },
{ RESERVED_BYTE, 0 }, { RESERVED_BYTE, 0 },
/* Key Exchange Data is from variable size */ /* Key Exchange Data is from variable size */
{ KEY_EXCHANGE_DATA, offsetof(private_ke_payload_t, key_exchange_data)} { KEY_EXCHANGE_DATA, offsetof(private_ke_payload_t, key_exchange_data)}
}; };
@ -166,7 +166,7 @@ static void compute_length(private_ke_payload_t *this)
if (this->key_exchange_data.ptr != NULL) if (this->key_exchange_data.ptr != NULL)
{ {
length += this->key_exchange_data.len; length += this->key_exchange_data.len;
} }
this->payload_length = length; this->payload_length = length;
} }
@ -199,9 +199,9 @@ static void set_key_exchange_data(private_ke_payload_t *this, chunk_t key_exchan
free(this->key_exchange_data.ptr); free(this->key_exchange_data.ptr);
this->key_exchange_data.ptr = NULL; this->key_exchange_data.ptr = NULL;
this->key_exchange_data.len = 0; this->key_exchange_data.len = 0;
} }
this->key_exchange_data = chunk_clone(key_exchange_data); this->key_exchange_data = chunk_clone(key_exchange_data);
compute_length(this); compute_length(this);
} }
@ -244,7 +244,7 @@ ke_payload_t *ke_payload_create()
this->public.get_dh_group_number = (diffie_hellman_group_t (*) (ke_payload_t *)) get_dh_group_number; this->public.get_dh_group_number = (diffie_hellman_group_t (*) (ke_payload_t *)) get_dh_group_number;
this->public.set_dh_group_number =(void (*) (ke_payload_t *,diffie_hellman_group_t)) set_dh_group_number; this->public.set_dh_group_number =(void (*) (ke_payload_t *,diffie_hellman_group_t)) set_dh_group_number;
this->public.destroy = (void (*) (ke_payload_t *)) destroy; this->public.destroy = (void (*) (ke_payload_t *)) destroy;
/* set default values of the fields */ /* set default values of the fields */
this->critical = FALSE; this->critical = FALSE;
this->next_payload = NO_PAYLOAD; this->next_payload = NO_PAYLOAD;
@ -261,10 +261,10 @@ ke_payload_t *ke_payload_create()
ke_payload_t *ke_payload_create_from_diffie_hellman(diffie_hellman_t *dh) ke_payload_t *ke_payload_create_from_diffie_hellman(diffie_hellman_t *dh)
{ {
private_ke_payload_t *this = (private_ke_payload_t*)ke_payload_create(); private_ke_payload_t *this = (private_ke_payload_t*)ke_payload_create();
dh->get_my_public_value(dh, &this->key_exchange_data); dh->get_my_public_value(dh, &this->key_exchange_data);
this->dh_group_number = dh->get_dh_group(dh); this->dh_group_number = dh->get_dh_group(dh);
compute_length(this); compute_length(this);
return &this->public; return &this->public;
} }

22
src/charon/encoding/payloads/ke_payload.h
View File

@ -45,38 +45,38 @@ struct ke_payload_t {
* The payload_t interface. * The payload_t interface.
*/ */
payload_t payload_interface; payload_t payload_interface;
/** /**
* Returns the currently set key exchange data of this KE payload. * Returns the currently set key exchange data of this KE payload.
* *
* @warning Returned data are not copied. * @warning Returned data are not copied.
* *
* @return chunk_t pointing to the value * @return chunk_t pointing to the value
*/ */
chunk_t (*get_key_exchange_data) (ke_payload_t *this); chunk_t (*get_key_exchange_data) (ke_payload_t *this);
/** /**
* Sets the key exchange data of this KE payload. * Sets the key exchange data of this KE payload.
* *
* Value is getting copied. * Value is getting copied.
* *
* @param key_exchange_data chunk_t pointing to the value to set * @param key_exchange_data chunk_t pointing to the value to set
*/ */
void (*set_key_exchange_data) (ke_payload_t *this, chunk_t key_exchange_data); void (*set_key_exchange_data) (ke_payload_t *this, chunk_t key_exchange_data);
/** /**
* Gets the Diffie-Hellman Group Number of this KE payload. * Gets the Diffie-Hellman Group Number of this KE payload.
* *
* @return DH Group Number of this payload * @return DH Group Number of this payload
*/ */
diffie_hellman_group_t (*get_dh_group_number) (ke_payload_t *this); diffie_hellman_group_t (*get_dh_group_number) (ke_payload_t *this);
/** /**
* Sets the Diffie-Hellman Group Number of this KE payload. * Sets the Diffie-Hellman Group Number of this KE payload.
* *
* @param dh_group_number DH Group to set * @param dh_group_number DH Group to set
*/ */
void (*set_dh_group_number) (ke_payload_t *this, void (*set_dh_group_number) (ke_payload_t *this,
diffie_hellman_group_t dh_group_number); diffie_hellman_group_t dh_group_number);
/** /**
@ -87,14 +87,14 @@ struct ke_payload_t {
/** /**
* Creates an empty ke_payload_t object * Creates an empty ke_payload_t object
* *
* @return ke_payload_t object * @return ke_payload_t object
*/ */
ke_payload_t *ke_payload_create(void); ke_payload_t *ke_payload_create(void);
/** /**
* Creates a ke_payload_t from a diffie_hellman_t * Creates a ke_payload_t from a diffie_hellman_t
* *
* @param diffie_hellman diffie hellman object containing group and key * @param diffie_hellman diffie hellman object containing group and key
* @return ke_payload_t object * @return ke_payload_t object
*/ */

44
src/charon/encoding/payloads/nonce_payload.c
View File

@ -13,7 +13,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details. * for more details.
*/ */
/* offsetof macro */ /* offsetof macro */
#include <stddef.h> #include <stddef.h>
@ -26,14 +26,14 @@ typedef struct private_nonce_payload_t private_nonce_payload_t;
/** /**
* Private data of an nonce_payload_t object. * Private data of an nonce_payload_t object.
* *
*/ */
struct private_nonce_payload_t { struct private_nonce_payload_t {
/** /**
* Public nonce_payload_t interface. * Public nonce_payload_t interface.
*/ */
nonce_payload_t public; nonce_payload_t public;
/** /**
* Next payload type. * Next payload type.
*/ */
@ -43,12 +43,12 @@ struct private_nonce_payload_t {
* Critical flag. * Critical flag.
*/ */
bool critical; bool critical;
/** /**
* Length of this payload. * Length of this payload.
*/ */
u_int16_t payload_length; u_int16_t payload_length;
/** /**
* The contained nonce value. * The contained nonce value.
*/ */
@ -57,26 +57,26 @@ struct private_nonce_payload_t {
/** /**
* Encoding rules to parse or generate a nonce payload * Encoding rules to parse or generate a nonce payload
* *
* The defined offsets are the positions in a object of type * The defined offsets are the positions in a object of type
* private_nonce_payload_t. * private_nonce_payload_t.
* *
*/ */
encoding_rule_t nonce_payload_encodings[] = { encoding_rule_t nonce_payload_encodings[] = {
/* 1 Byte next payload type, stored in the field next_payload */ /* 1 Byte next payload type, stored in the field next_payload */
{ U_INT_8, offsetof(private_nonce_payload_t, next_payload) }, { U_INT_8, offsetof(private_nonce_payload_t, next_payload) },
/* the critical bit */ /* the critical bit */
{ FLAG, offsetof(private_nonce_payload_t, critical) }, { FLAG, offsetof(private_nonce_payload_t, critical) },
/* 7 Bit reserved bits, nowhere stored */ /* 7 Bit reserved bits, nowhere stored */
{ RESERVED_BIT, 0 }, { RESERVED_BIT, 0 },
{ RESERVED_BIT, 0 }, { RESERVED_BIT, 0 },
{ RESERVED_BIT, 0 }, { RESERVED_BIT, 0 },
{ RESERVED_BIT, 0 }, { RESERVED_BIT, 0 },
{ RESERVED_BIT, 0 }, { RESERVED_BIT, 0 },
{ RESERVED_BIT, 0 }, { RESERVED_BIT, 0 },
{ RESERVED_BIT, 0 }, { RESERVED_BIT, 0 },
/* Length of the whole nonce payload*/ /* Length of the whole nonce payload*/
{ PAYLOAD_LENGTH, offsetof(private_nonce_payload_t, payload_length) }, { PAYLOAD_LENGTH, offsetof(private_nonce_payload_t, payload_length) },
/* some nonce bytes, lenth is defined in PAYLOAD_LENGTH */ /* some nonce bytes, lenth is defined in PAYLOAD_LENGTH */
{ NONCE_DATA, offsetof(private_nonce_payload_t, nonce) } { NONCE_DATA, offsetof(private_nonce_payload_t, nonce) }
}; };
@ -102,7 +102,7 @@ static status_t verify(private_nonce_payload_t *this)
/* nonce length is wrong */ /* nonce length is wrong */
return FAILED; return FAILED;
} }
return SUCCESS; return SUCCESS;
} }
@ -187,8 +187,8 @@ static void destroy(private_nonce_payload_t *this)
{ {
free(this->nonce.ptr); free(this->nonce.ptr);
} }
free(this); free(this);
} }
/* /*
@ -206,12 +206,12 @@ nonce_payload_t *nonce_payload_create()
this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type;
this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type; this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type;
this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; this->public.payload_interface.destroy = (void (*) (payload_t *))destroy;
/* public functions */ /* public functions */
this->public.destroy = (void (*) (nonce_payload_t *)) destroy; this->public.destroy = (void (*) (nonce_payload_t *)) destroy;
this->public.set_nonce = (void (*) (nonce_payload_t *,chunk_t)) set_nonce; this->public.set_nonce = (void (*) (nonce_payload_t *,chunk_t)) set_nonce;
this->public.get_nonce = (chunk_t (*) (nonce_payload_t *)) get_nonce; this->public.get_nonce = (chunk_t (*) (nonce_payload_t *)) get_nonce;
/* private variables */ /* private variables */
this->critical = FALSE; this->critical = FALSE;
this->next_payload = NO_PAYLOAD; this->next_payload = NO_PAYLOAD;

8
src/charon/encoding/payloads/nonce_payload.h
View File

@ -39,7 +39,7 @@ typedef struct nonce_payload_t nonce_payload_t;
/** /**
* Object representing an IKEv2 Nonce payload. * Object representing an IKEv2 Nonce payload.
* *
* The Nonce payload format is described in RFC section 3.3. * The Nonce payload format is described in RFC section 3.3.
*/ */
struct nonce_payload_t { struct nonce_payload_t {
@ -54,14 +54,14 @@ struct nonce_payload_t {
* @param nonce chunk containing the nonce, will be cloned * @param nonce chunk containing the nonce, will be cloned
*/ */
void (*set_nonce) (nonce_payload_t *this, chunk_t nonce); void (*set_nonce) (nonce_payload_t *this, chunk_t nonce);
/** /**
* Get the nonce value. * Get the nonce value.
* *
* @return a chunk containing the cloned nonce * @return a chunk containing the cloned nonce
*/ */
chunk_t (*get_nonce) (nonce_payload_t *this); chunk_t (*get_nonce) (nonce_payload_t *this);
/** /**
* Destroys an nonce_payload_t object. * Destroys an nonce_payload_t object.
*/ */
@ -70,7 +70,7 @@ struct nonce_payload_t {
/** /**
* Creates an empty nonce_payload_t object * Creates an empty nonce_payload_t object
* *
* @return nonce_payload_t object * @return nonce_payload_t object
*/ */
nonce_payload_t *nonce_payload_create(void); nonce_payload_t *nonce_payload_create(void);

46
src/charon/encoding/payloads/notify_payload.c
View File

@ -160,14 +160,14 @@ typedef struct private_notify_payload_t private_notify_payload_t;
/** /**
* Private data of an notify_payload_t object. * Private data of an notify_payload_t object.
* *
*/ */
struct private_notify_payload_t { struct private_notify_payload_t {
/** /**
* Public notify_payload_t interface. * Public notify_payload_t interface.
*/ */
notify_payload_t public; notify_payload_t public;
/** /**
* Next payload type. * Next payload type.
*/ */
@ -177,27 +177,27 @@ struct private_notify_payload_t {
* Critical flag. * Critical flag.
*/ */
bool critical; bool critical;
/** /**
* Length of this payload. * Length of this payload.
*/ */
u_int16_t payload_length; u_int16_t payload_length;
/** /**
* Protocol id. * Protocol id.
*/ */
u_int8_t protocol_id; u_int8_t protocol_id;
/** /**
* Spi size. * Spi size.
*/ */
u_int8_t spi_size; u_int8_t spi_size;
/** /**
* Notify message type. * Notify message type.
*/ */
u_int16_t notify_type; u_int16_t notify_type;
/** /**
* Security parameter index (spi). * Security parameter index (spi).
*/ */
@ -211,26 +211,26 @@ struct private_notify_payload_t {
/** /**
* Encoding rules to parse or generate a IKEv2-Notify Payload. * Encoding rules to parse or generate a IKEv2-Notify Payload.
* *
* The defined offsets are the positions in a object of type * The defined offsets are the positions in a object of type
* private_notify_payload_t. * private_notify_payload_t.
* *
*/ */
encoding_rule_t notify_payload_encodings[] = { encoding_rule_t notify_payload_encodings[] = {
/* 1 Byte next payload type, stored in the field next_payload */ /* 1 Byte next payload type, stored in the field next_payload */
{ U_INT_8, offsetof(private_notify_payload_t, next_payload) }, { U_INT_8, offsetof(private_notify_payload_t, next_payload) },
/* the critical bit */ /* the critical bit */
{ FLAG, offsetof(private_notify_payload_t, critical) }, { FLAG, offsetof(private_notify_payload_t, critical) },
/* 7 Bit reserved bits, nowhere stored */ /* 7 Bit reserved bits, nowhere stored */
{ RESERVED_BIT, 0 }, { RESERVED_BIT, 0 },
{ RESERVED_BIT, 0 }, { RESERVED_BIT, 0 },
{ RESERVED_BIT, 0 }, { RESERVED_BIT, 0 },
{ RESERVED_BIT, 0 }, { RESERVED_BIT, 0 },
{ RESERVED_BIT, 0 }, { RESERVED_BIT, 0 },
{ RESERVED_BIT, 0 }, { RESERVED_BIT, 0 },
{ RESERVED_BIT, 0 }, { RESERVED_BIT, 0 },
/* Length of the whole payload*/ /* Length of the whole payload*/
{ PAYLOAD_LENGTH, offsetof(private_notify_payload_t, payload_length) }, { PAYLOAD_LENGTH, offsetof(private_notify_payload_t, payload_length) },
/* Protocol ID as 8 bit field*/ /* Protocol ID as 8 bit field*/
{ U_INT_8, offsetof(private_notify_payload_t, protocol_id) }, { U_INT_8, offsetof(private_notify_payload_t, protocol_id) },
/* SPI Size as 8 bit field*/ /* SPI Size as 8 bit field*/
@ -279,7 +279,7 @@ static status_t verify(private_notify_payload_t *this)
DBG1(DBG_ENC, "Unknown protocol (%d)", this->protocol_id); DBG1(DBG_ENC, "Unknown protocol (%d)", this->protocol_id);
return FAILED; return FAILED;
} }
switch (this->notify_type) switch (this->notify_type)
{ {
case INVALID_KE_PAYLOAD: case INVALID_KE_PAYLOAD:
@ -567,7 +567,7 @@ notify_payload_t *notify_payload_create()
this->public.get_notification_data = (chunk_t (*) (notify_payload_t *)) get_notification_data; this->public.get_notification_data = (chunk_t (*) (notify_payload_t *)) get_notification_data;
this->public.set_notification_data = (void (*) (notify_payload_t *,chunk_t)) set_notification_data; this->public.set_notification_data = (void (*) (notify_payload_t *,chunk_t)) set_notification_data;
this->public.destroy = (void (*) (notify_payload_t *)) destroy; this->public.destroy = (void (*) (notify_payload_t *)) destroy;
/* set default values of the fields */ /* set default values of the fields */
this->critical = FALSE; this->critical = FALSE;
this->next_payload = NO_PAYLOAD; this->next_payload = NO_PAYLOAD;
@ -579,7 +579,7 @@ notify_payload_t *notify_payload_create()
this->spi_size = 0; this->spi_size = 0;
this->notification_data.ptr = NULL; this->notification_data.ptr = NULL;
this->notification_data.len = 0; this->notification_data.len = 0;
return &this->public; return &this->public;
} }
@ -592,6 +592,6 @@ notify_payload_t *notify_payload_create_from_protocol_and_type(protocol_id_t pro
notify->set_notify_type(notify,notify_type); notify->set_notify_type(notify,notify_type);
notify->set_protocol_id(notify,protocol_id); notify->set_protocol_id(notify,protocol_id);
return notify; return notify;
} }

36
src/charon/encoding/payloads/notify_payload.h
View File

@ -63,7 +63,7 @@ enum notify_type_t {
UNEXPECTED_NAT_DETECTED = 41, UNEXPECTED_NAT_DETECTED = 41,
/* IKE-ME, private use */ /* IKE-ME, private use */
ME_CONNECT_FAILED = 8192, ME_CONNECT_FAILED = 8192,
/* notify status messages */ /* notify status messages */
INITIAL_CONTACT = 16384, INITIAL_CONTACT = 16384,
SET_WINDOW_SIZE = 16385, SET_WINDOW_SIZE = 16385,
@ -116,7 +116,7 @@ extern enum_name_t *notify_type_short_names;
/** /**
* Class representing an IKEv2-Notify Payload. * Class representing an IKEv2-Notify Payload.
* *
* The Notify Payload format is described in Draft section 3.10. * The Notify Payload format is described in Draft section 3.10.
*/ */
struct notify_payload_t { struct notify_payload_t {
@ -124,67 +124,67 @@ struct notify_payload_t {
* The payload_t interface. * The payload_t interface.
*/ */
payload_t payload_interface; payload_t payload_interface;
/** /**
* Gets the protocol id of this payload. * Gets the protocol id of this payload.
* *
* @return protocol id of this payload * @return protocol id of this payload
*/ */
u_int8_t (*get_protocol_id) (notify_payload_t *this); u_int8_t (*get_protocol_id) (notify_payload_t *this);
/** /**
* Sets the protocol id of this payload. * Sets the protocol id of this payload.
* *
* @param protocol_id protocol id to set * @param protocol_id protocol id to set
*/ */
void (*set_protocol_id) (notify_payload_t *this, u_int8_t protocol_id); void (*set_protocol_id) (notify_payload_t *this, u_int8_t protocol_id);
/** /**
* Gets the notify message type of this payload. * Gets the notify message type of this payload.
* *
* @return notify message type of this payload * @return notify message type of this payload
*/ */
notify_type_t (*get_notify_type) (notify_payload_t *this); notify_type_t (*get_notify_type) (notify_payload_t *this);
/** /**
* Sets notify message type of this payload. * Sets notify message type of this payload.
* *
* @param type notify message type to set * @param type notify message type to set
*/ */
void (*set_notify_type) (notify_payload_t *this, notify_type_t type); void (*set_notify_type) (notify_payload_t *this, notify_type_t type);
/** /**
* Returns the currently set spi of this payload. * Returns the currently set spi of this payload.
* *
* This is only valid for notifys with protocol AH|ESP * This is only valid for notifys with protocol AH|ESP
* *
* @return SPI value * @return SPI value
*/ */
u_int32_t (*get_spi) (notify_payload_t *this); u_int32_t (*get_spi) (notify_payload_t *this);
/** /**
* Sets the spi of this payload. * Sets the spi of this payload.
* *
* This is only valid for notifys with protocol AH|ESP * This is only valid for notifys with protocol AH|ESP
* *
* @param spi SPI value * @param spi SPI value
*/ */
void (*set_spi) (notify_payload_t *this, u_int32_t spi); void (*set_spi) (notify_payload_t *this, u_int32_t spi);
/** /**
* Returns the currently set notification data of payload. * Returns the currently set notification data of payload.
* *
* Returned data are not copied. * Returned data are not copied.
* *
* @return chunk_t pointing to the value * @return chunk_t pointing to the value
*/ */
chunk_t (*get_notification_data) (notify_payload_t *this); chunk_t (*get_notification_data) (notify_payload_t *this);
/** /**
* Sets the notification data of this payload. * Sets the notification data of this payload.
* *
* @warning Value is getting copied. * @warning Value is getting copied.
* *
* @param notification_data chunk_t pointing to the value to set * @param notification_data chunk_t pointing to the value to set
*/ */
void (*set_notification_data) (notify_payload_t *this, void (*set_notification_data) (notify_payload_t *this,
@ -198,14 +198,14 @@ struct notify_payload_t {
/** /**
* Creates an empty notify_payload_t object * Creates an empty notify_payload_t object
* *
* @return created notify_payload_t object * @return created notify_payload_t object
*/ */
notify_payload_t *notify_payload_create(void); notify_payload_t *notify_payload_create(void);
/** /**
* Creates an notify_payload_t object of specific type for specific protocol id. * Creates an notify_payload_t object of specific type for specific protocol id.
* *
* @param protocol_id protocol id (IKE, AH or ESP) * @param protocol_id protocol id (IKE, AH or ESP)
* @param type notify type (see notify_type_t) * @param type notify type (see notify_type_t)
* @return notify_payload_t object * @return notify_payload_t object

22
src/charon/encoding/payloads/payload.h
View File

@ -42,7 +42,7 @@ enum payload_type_t{
* End of payload list in next_payload * End of payload list in next_payload
*/ */
NO_PAYLOAD = 0, NO_PAYLOAD = 0,
/** /**
* The security association (SA) payload containing proposals. * The security association (SA) payload containing proposals.
*/ */
@ -122,7 +122,7 @@ enum payload_type_t{
* Extensible authentication payload (EAP). * Extensible authentication payload (EAP).
*/ */
EXTENSIBLE_AUTHENTICATION = 48, EXTENSIBLE_AUTHENTICATION = 48,
#ifdef ME #ifdef ME
/** /**
* Identification payload for peers has a value from * Identification payload for peers has a value from
@ -130,7 +130,7 @@ enum payload_type_t{
*/ */
ID_PEER = 128, ID_PEER = 128,
#endif /* ME */ #endif /* ME */
/** /**
* Header has a value of PRIVATE USE space. * Header has a value of PRIVATE USE space.
* *
@ -138,7 +138,7 @@ enum payload_type_t{
* used internally to handle IKEv2-Header like a payload. * used internally to handle IKEv2-Header like a payload.
*/ */
HEADER = 140, HEADER = 140,
/** /**
* PROPOSAL_SUBSTRUCTURE has a value of PRIVATE USE space. * PROPOSAL_SUBSTRUCTURE has a value of PRIVATE USE space.
* *
@ -154,7 +154,7 @@ enum payload_type_t{
* used internally to handle a transform substructure like a payload. * used internally to handle a transform substructure like a payload.
*/ */
TRANSFORM_SUBSTRUCTURE = 142, TRANSFORM_SUBSTRUCTURE = 142,
/** /**
* TRANSFORM_ATTRIBUTE has a value of PRIVATE USE space. * TRANSFORM_ATTRIBUTE has a value of PRIVATE USE space.
* *
@ -170,7 +170,7 @@ enum payload_type_t{
* used internally to handle a transform selector like a payload. * used internally to handle a transform selector like a payload.
*/ */
TRAFFIC_SELECTOR_SUBSTRUCTURE = 144, TRAFFIC_SELECTOR_SUBSTRUCTURE = 144,
/** /**
* CONFIGURATION_ATTRIBUTE has a value of PRIVATE USE space. * CONFIGURATION_ATTRIBUTE has a value of PRIVATE USE space.
* *
@ -178,7 +178,7 @@ enum payload_type_t{
* used internally to handle a transform attribute like a payload. * used internally to handle a transform attribute like a payload.
*/ */
CONFIGURATION_ATTRIBUTE = 145, CONFIGURATION_ATTRIBUTE = 145,
/** /**
* A unknown payload has a value of PRIVATE USE space. * A unknown payload has a value of PRIVATE USE space.
* *
@ -207,7 +207,7 @@ extern enum_name_t *payload_type_short_names;
* handling of all payloads. * handling of all payloads.
*/ */
struct payload_t { struct payload_t {
/** /**
* Get encoding rules for this payload. * Get encoding rules for this payload.
* *
@ -229,7 +229,7 @@ struct payload_t {
* @return type of next payload * @return type of next payload
*/ */
payload_type_t (*get_next_type) (payload_t *this); payload_type_t (*get_next_type) (payload_t *this);
/** /**
* Set type of next payload. * Set type of next payload.
* *
@ -243,14 +243,14 @@ struct payload_t {
* @return length of this payload * @return length of this payload
*/ */
size_t (*get_length) (payload_t *this); size_t (*get_length) (payload_t *this);
/** /**
* Verifies payload structure and makes consistence check. * Verifies payload structure and makes consistence check.
* *
* @return SUCCESS, FAILED if consistence not given * @return SUCCESS, FAILED if consistence not given
*/ */
status_t (*verify) (payload_t *this); status_t (*verify) (payload_t *this);
/** /**
* Destroys a payload and all included substructures. * Destroys a payload and all included substructures.
*/ */

86
src/charon/encoding/payloads/proposal_substructure.c
View File

@ -35,14 +35,14 @@ typedef struct private_proposal_substructure_t private_proposal_substructure_t;
/** /**
* Private data of an proposal_substructure_t object. * Private data of an proposal_substructure_t object.
* *
*/ */
struct private_proposal_substructure_t { struct private_proposal_substructure_t {
/** /**
* Public proposal_substructure_t interface. * Public proposal_substructure_t interface.
*/ */
proposal_substructure_t public; proposal_substructure_t public;
/** /**
* Next payload type. * Next payload type.
*/ */
@ -52,12 +52,12 @@ struct private_proposal_substructure_t {
* Length of this payload. * Length of this payload.
*/ */
u_int16_t proposal_length; u_int16_t proposal_length;
/** /**
* Proposal number. * Proposal number.
*/ */
u_int8_t proposal_number; u_int8_t proposal_number;
/** /**
* Protocol ID. * Protocol ID.
*/ */
@ -72,12 +72,12 @@ struct private_proposal_substructure_t {
* Number of transforms. * Number of transforms.
*/ */
u_int8_t transforms_count; u_int8_t transforms_count;
/** /**
* SPI is stored as chunk. * SPI is stored as chunk.
*/ */
chunk_t spi; chunk_t spi;
/** /**
* Transforms are stored in a linked_list_t. * Transforms are stored in a linked_list_t.
*/ */
@ -87,7 +87,7 @@ struct private_proposal_substructure_t {
/** /**
* Encoding rules to parse or generate a Proposal substructure. * Encoding rules to parse or generate a Proposal substructure.
* *
* The defined offsets are the positions in a object of type * The defined offsets are the positions in a object of type
* private_proposal_substructure_t. * private_proposal_substructure_t.
*/ */
encoding_rule_t proposal_substructure_encodings[] = { encoding_rule_t proposal_substructure_encodings[] = {
@ -107,7 +107,7 @@ encoding_rule_t proposal_substructure_encodings[] = {
{ U_INT_8, offsetof(private_proposal_substructure_t, transforms_count) }, { U_INT_8, offsetof(private_proposal_substructure_t, transforms_count) },
/* SPI is a chunk of variable size*/ /* SPI is a chunk of variable size*/
{ SPI, offsetof(private_proposal_substructure_t, spi) }, { SPI, offsetof(private_proposal_substructure_t, spi) },
/* Transforms are stored in a transform substructure, /* Transforms are stored in a transform substructure,
offset points to a linked_list_t pointer */ offset points to a linked_list_t pointer */
{ TRANSFORMS, offsetof(private_proposal_substructure_t, transforms) } { TRANSFORMS, offsetof(private_proposal_substructure_t, transforms) }
}; };
@ -136,7 +136,7 @@ static status_t verify(private_proposal_substructure_t *this)
status_t status = SUCCESS; status_t status = SUCCESS;
iterator_t *iterator; iterator_t *iterator;
payload_t *current_transform; payload_t *current_transform;
if ((this->next_payload != NO_PAYLOAD) && (this->next_payload != 2)) if ((this->next_payload != NO_PAYLOAD) && (this->next_payload != 2))
{ {
/* must be 0 or 2 */ /* must be 0 or 2 */
@ -178,7 +178,7 @@ static status_t verify(private_proposal_substructure_t *this)
DBG1(DBG_ENC, "invalid protocol"); DBG1(DBG_ENC, "invalid protocol");
return FAILED; return FAILED;
} }
iterator = this->transforms->create_iterator(this->transforms,TRUE); iterator = this->transforms->create_iterator(this->transforms,TRUE);
while(iterator->iterate(iterator, (void**)&current_transform)) while(iterator->iterate(iterator, (void**)&current_transform))
{ {
@ -190,8 +190,8 @@ static status_t verify(private_proposal_substructure_t *this)
} }
} }
iterator->destroy(iterator); iterator->destroy(iterator);
/* proposal number is checked in SA payload */ /* proposal number is checked in SA payload */
return status; return status;
} }
@ -236,7 +236,7 @@ static void compute_length(private_proposal_substructure_t *this)
payload_t *current_transform; payload_t *current_transform;
size_t transforms_count = 0; size_t transforms_count = 0;
size_t length = PROPOSAL_SUBSTRUCTURE_HEADER_LENGTH; size_t length = PROPOSAL_SUBSTRUCTURE_HEADER_LENGTH;
iterator = this->transforms->create_iterator(this->transforms,TRUE); iterator = this->transforms->create_iterator(this->transforms,TRUE);
while (iterator->iterate(iterator, (void**)&current_transform)) while (iterator->iterate(iterator, (void**)&current_transform))
{ {
@ -244,7 +244,7 @@ static void compute_length(private_proposal_substructure_t *this)
transforms_count++; transforms_count++;
} }
iterator->destroy(iterator); iterator->destroy(iterator);
length += this->spi.len; length += this->spi.len;
this->transforms_count = transforms_count; this->transforms_count = transforms_count;
this->proposal_length = length; this->proposal_length = length;
@ -282,7 +282,7 @@ static void add_transform_substructure (private_proposal_substructure_t *this,tr
} }
transform->set_is_last_transform(transform,TRUE); transform->set_is_last_transform(transform,TRUE);
this->transforms->insert_last(this->transforms,(void *) transform); this->transforms->insert_last(this->transforms,(void *) transform);
compute_length(this); compute_length(this);
} }
@ -340,7 +340,7 @@ static void set_spi(private_proposal_substructure_t *this, chunk_t spi)
this->spi.len = 0; this->spi.len = 0;
compute_length(this); compute_length(this);
} }
this->spi.ptr = clalloc(spi.ptr,spi.len); this->spi.ptr = clalloc(spi.ptr,spi.len);
this->spi.len = spi.len; this->spi.len = spi.len;
this->spi_size = spi.len; this->spi_size = spi.len;
@ -355,7 +355,7 @@ static chunk_t get_spi(private_proposal_substructure_t *this)
chunk_t spi; chunk_t spi;
spi.ptr = this->spi.ptr; spi.ptr = this->spi.ptr;
spi.len = this->spi.len; spi.len = this->spi.len;
return spi; return spi;
} }
@ -384,24 +384,24 @@ proposal_t* get_proposal(private_proposal_substructure_t *this)
transform_substructure_t *transform; transform_substructure_t *transform;
proposal_t *proposal; proposal_t *proposal;
u_int64_t spi; u_int64_t spi;
proposal = proposal_create(this->protocol_id); proposal = proposal_create(this->protocol_id);
iterator = this->transforms->create_iterator(this->transforms, TRUE); iterator = this->transforms->create_iterator(this->transforms, TRUE);
while (iterator->iterate(iterator, (void**)&transform)) while (iterator->iterate(iterator, (void**)&transform))
{ {
transform_type_t transform_type; transform_type_t transform_type;
u_int16_t transform_id; u_int16_t transform_id;
u_int16_t key_length = 0; u_int16_t key_length = 0;
transform_type = transform->get_transform_type(transform); transform_type = transform->get_transform_type(transform);
transform_id = transform->get_transform_id(transform); transform_id = transform->get_transform_id(transform);
transform->get_key_length(transform, &key_length); transform->get_key_length(transform, &key_length);
proposal->add_algorithm(proposal, transform_type, transform_id, key_length); proposal->add_algorithm(proposal, transform_type, transform_id, key_length);
} }
iterator->destroy(iterator); iterator->destroy(iterator);
switch (this->spi.len) switch (this->spi.len)
{ {
case 4: case 4:
@ -414,7 +414,7 @@ proposal_t* get_proposal(private_proposal_substructure_t *this)
spi = 0; spi = 0;
} }
proposal->set_spi(proposal, spi); proposal->set_spi(proposal, spi);
return proposal; return proposal;
} }
@ -426,7 +426,7 @@ static private_proposal_substructure_t* clone_(private_proposal_substructure_t *
private_proposal_substructure_t *clone; private_proposal_substructure_t *clone;
iterator_t *transforms; iterator_t *transforms;
transform_substructure_t *current_transform; transform_substructure_t *current_transform;
clone = (private_proposal_substructure_t *) proposal_substructure_create(); clone = (private_proposal_substructure_t *) proposal_substructure_create();
clone->next_payload = this->next_payload; clone->next_payload = this->next_payload;
clone->proposal_number = this->proposal_number; clone->proposal_number = this->proposal_number;
@ -444,8 +444,8 @@ static private_proposal_substructure_t* clone_(private_proposal_substructure_t *
current_transform = current_transform->clone(current_transform); current_transform = current_transform->clone(current_transform);
clone->public.add_transform_substructure(&clone->public, current_transform); clone->public.add_transform_substructure(&clone->public, current_transform);
} }
transforms->destroy(transforms); transforms->destroy(transforms);
return clone; return clone;
} }
@ -468,16 +468,16 @@ proposal_substructure_t *proposal_substructure_create()
{ {
private_proposal_substructure_t *this = malloc_thing(private_proposal_substructure_t); private_proposal_substructure_t *this = malloc_thing(private_proposal_substructure_t);
/* interface functions */ /* interface functions */
this->public.payload_interface.verify = (status_t (*) (payload_t *))verify; this->public.payload_interface.verify = (status_t (*) (payload_t *))verify;
this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules; this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules;
this->public.payload_interface.get_length = (size_t (*) (payload_t *)) get_length; this->public.payload_interface.get_length = (size_t (*) (payload_t *)) get_length;
this->public.payload_interface.get_next_type = (payload_type_t (*) (payload_t *)) get_next_type; this->public.payload_interface.get_next_type = (payload_type_t (*) (payload_t *)) get_next_type;
this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type;
this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type; this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type;
this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; this->public.payload_interface.destroy = (void (*) (payload_t *))destroy;
/* public functions */ /* public functions */
this->public.create_transform_substructure_iterator = (iterator_t* (*) (proposal_substructure_t *,bool)) create_transform_substructure_iterator; this->public.create_transform_substructure_iterator = (iterator_t* (*) (proposal_substructure_t *,bool)) create_transform_substructure_iterator;
this->public.add_transform_substructure = (void (*) (proposal_substructure_t *,transform_substructure_t *)) add_transform_substructure; this->public.add_transform_substructure = (void (*) (proposal_substructure_t *,transform_substructure_t *)) add_transform_substructure;
@ -490,10 +490,10 @@ proposal_substructure_t *proposal_substructure_create()
this->public.set_spi = (void (*) (proposal_substructure_t *,chunk_t))set_spi; this->public.set_spi = (void (*) (proposal_substructure_t *,chunk_t))set_spi;
this->public.get_spi = (chunk_t (*) (proposal_substructure_t *)) get_spi; this->public.get_spi = (chunk_t (*) (proposal_substructure_t *)) get_spi;
this->public.get_transform_count = (size_t (*) (proposal_substructure_t *)) get_transform_count; this->public.get_transform_count = (size_t (*) (proposal_substructure_t *)) get_transform_count;
this->public.get_spi_size = (size_t (*) (proposal_substructure_t *)) get_spi_size; this->public.get_spi_size = (size_t (*) (proposal_substructure_t *)) get_spi_size;
this->public.clone = (proposal_substructure_t * (*) (proposal_substructure_t *)) clone_; this->public.clone = (proposal_substructure_t * (*) (proposal_substructure_t *)) clone_;
this->public.destroy = (void (*) (proposal_substructure_t *)) destroy; this->public.destroy = (void (*) (proposal_substructure_t *)) destroy;
/* set default values of the fields */ /* set default values of the fields */
this->next_payload = NO_PAYLOAD; this->next_payload = NO_PAYLOAD;
this->proposal_length = 0; this->proposal_length = 0;
@ -503,9 +503,9 @@ proposal_substructure_t *proposal_substructure_create()
this->spi_size = 0; this->spi_size = 0;
this->spi.ptr = NULL; this->spi.ptr = NULL;
this->spi.len = 0; this->spi.len = 0;
this->transforms = linked_list_create(); this->transforms = linked_list_create();
return (&(this->public)); return (&(this->public));
} }
@ -518,9 +518,9 @@ proposal_substructure_t *proposal_substructure_create_from_proposal(proposal_t *
private_proposal_substructure_t *this; private_proposal_substructure_t *this;
u_int16_t alg, key_size; u_int16_t alg, key_size;
enumerator_t *enumerator; enumerator_t *enumerator;
this = (private_proposal_substructure_t*)proposal_substructure_create(); this = (private_proposal_substructure_t*)proposal_substructure_create();
/* encryption algorithm is only availble in ESP */ /* encryption algorithm is only availble in ESP */
enumerator = proposal->create_enumerator(proposal, ENCRYPTION_ALGORITHM); enumerator = proposal->create_enumerator(proposal, ENCRYPTION_ALGORITHM);
while (enumerator->enumerate(enumerator, &alg, &key_size)) while (enumerator->enumerate(enumerator, &alg, &key_size))
@ -530,7 +530,7 @@ proposal_substructure_t *proposal_substructure_create_from_proposal(proposal_t *
add_transform_substructure(this, transform); add_transform_substructure(this, transform);
} }
enumerator->destroy(enumerator); enumerator->destroy(enumerator);
/* integrity algorithms */ /* integrity algorithms */
enumerator = proposal->create_enumerator(proposal, INTEGRITY_ALGORITHM); enumerator = proposal->create_enumerator(proposal, INTEGRITY_ALGORITHM);
while (enumerator->enumerate(enumerator, &alg, &key_size)) while (enumerator->enumerate(enumerator, &alg, &key_size))
@ -540,7 +540,7 @@ proposal_substructure_t *proposal_substructure_create_from_proposal(proposal_t *
add_transform_substructure(this, transform); add_transform_substructure(this, transform);
} }
enumerator->destroy(enumerator); enumerator->destroy(enumerator);
/* prf algorithms */ /* prf algorithms */
enumerator = proposal->create_enumerator(proposal, PSEUDO_RANDOM_FUNCTION); enumerator = proposal->create_enumerator(proposal, PSEUDO_RANDOM_FUNCTION);
while (enumerator->enumerate(enumerator, &alg, &key_size)) while (enumerator->enumerate(enumerator, &alg, &key_size))
@ -550,17 +550,17 @@ proposal_substructure_t *proposal_substructure_create_from_proposal(proposal_t *
add_transform_substructure(this, transform); add_transform_substructure(this, transform);
} }
enumerator->destroy(enumerator); enumerator->destroy(enumerator);
/* dh groups */ /* dh groups */
enumerator = proposal->create_enumerator(proposal, DIFFIE_HELLMAN_GROUP); enumerator = proposal->create_enumerator(proposal, DIFFIE_HELLMAN_GROUP);
while (enumerator->enumerate(enumerator, &alg, NULL)) while (enumerator->enumerate(enumerator, &alg, NULL))
{ {
transform = transform_substructure_create_type(DIFFIE_HELLMAN_GROUP, transform = transform_substructure_create_type(DIFFIE_HELLMAN_GROUP,
alg, 0); alg, 0);
add_transform_substructure(this, transform); add_transform_substructure(this, transform);
} }
enumerator->destroy(enumerator); enumerator->destroy(enumerator);
/* extended sequence numbers */ /* extended sequence numbers */
enumerator = proposal->create_enumerator(proposal, EXTENDED_SEQUENCE_NUMBERS); enumerator = proposal->create_enumerator(proposal, EXTENDED_SEQUENCE_NUMBERS);
while (enumerator->enumerate(enumerator, &alg, NULL)) while (enumerator->enumerate(enumerator, &alg, NULL))
@ -570,7 +570,7 @@ proposal_substructure_t *proposal_substructure_create_from_proposal(proposal_t *
add_transform_substructure(this, transform); add_transform_substructure(this, transform);
} }
enumerator->destroy(enumerator); enumerator->destroy(enumerator);
/* add SPI, if necessary */ /* add SPI, if necessary */
switch (proposal->get_protocol(proposal)) switch (proposal->get_protocol(proposal))
{ {
@ -593,6 +593,6 @@ proposal_substructure_t *proposal_substructure_create_from_proposal(proposal_t *
} }
this->proposal_number = 0; this->proposal_number = 0;
this->protocol_id = proposal->get_protocol(proposal); this->protocol_id = proposal->get_protocol(proposal);
return &this->public; return &this->public;
} }

36
src/charon/encoding/payloads/proposal_substructure.h
View File

@ -38,7 +38,7 @@ typedef struct proposal_substructure_t proposal_substructure_t;
/** /**
* Class representing an IKEv2-PROPOSAL SUBSTRUCTURE. * Class representing an IKEv2-PROPOSAL SUBSTRUCTURE.
* *
* The PROPOSAL SUBSTRUCTURE format is described in RFC section 3.3.1. * The PROPOSAL SUBSTRUCTURE format is described in RFC section 3.3.1.
*/ */
struct proposal_substructure_t { struct proposal_substructure_t {
@ -55,7 +55,7 @@ struct proposal_substructure_t {
*/ */
iterator_t *(*create_transform_substructure_iterator) ( iterator_t *(*create_transform_substructure_iterator) (
proposal_substructure_t *this, bool forward); proposal_substructure_t *this, bool forward);
/** /**
* Adds a transform_substructure_t object to this object. * Adds a transform_substructure_t object to this object.
* *
@ -63,7 +63,7 @@ struct proposal_substructure_t {
*/ */
void (*add_transform_substructure) (proposal_substructure_t *this, void (*add_transform_substructure) (proposal_substructure_t *this,
transform_substructure_t *transform); transform_substructure_t *transform);
/** /**
* Sets the proposal number of current proposal. * Sets the proposal number of current proposal.
* *
@ -71,24 +71,24 @@ struct proposal_substructure_t {
*/ */
void (*set_proposal_number) (proposal_substructure_t *this, void (*set_proposal_number) (proposal_substructure_t *this,
u_int8_t proposal_number); u_int8_t proposal_number);
/** /**
* get proposal number of current proposal. * get proposal number of current proposal.
* *
* @return proposal number of current proposal substructure. * @return proposal number of current proposal substructure.
*/ */
u_int8_t (*get_proposal_number) (proposal_substructure_t *this); u_int8_t (*get_proposal_number) (proposal_substructure_t *this);
/** /**
* get the number of transforms in current proposal. * get the number of transforms in current proposal.
* *
* @return transform count in current proposal * @return transform count in current proposal
*/ */
size_t (*get_transform_count) (proposal_substructure_t *this); size_t (*get_transform_count) (proposal_substructure_t *this);
/** /**
* get size of the set spi in bytes. * get size of the set spi in bytes.
* *
* @return size of the spi in bytes * @return size of the spi in bytes
*/ */
size_t (*get_spi_size) (proposal_substructure_t *this); size_t (*get_spi_size) (proposal_substructure_t *this);
@ -100,43 +100,43 @@ struct proposal_substructure_t {
*/ */
void (*set_protocol_id) (proposal_substructure_t *this, void (*set_protocol_id) (proposal_substructure_t *this,
u_int8_t protocol_id); u_int8_t protocol_id);
/** /**
* get protocol id of current proposal. * get protocol id of current proposal.
* *
* @return protocol id of current proposal substructure. * @return protocol id of current proposal substructure.
*/ */
u_int8_t (*get_protocol_id) (proposal_substructure_t *this); u_int8_t (*get_protocol_id) (proposal_substructure_t *this);
/** /**
* Sets the next_payload field of this substructure * Sets the next_payload field of this substructure
* *
* If this is the last proposal, next payload field is set to 0, * If this is the last proposal, next payload field is set to 0,
* otherwise to 2 * otherwise to 2
* *
* @param is_last When TRUE, next payload field is set to 0, otherwise to 2 * @param is_last When TRUE, next payload field is set to 0, otherwise to 2
*/ */
void (*set_is_last_proposal) (proposal_substructure_t *this, bool is_last); void (*set_is_last_proposal) (proposal_substructure_t *this, bool is_last);
/** /**
* Returns the currently set SPI of this proposal. * Returns the currently set SPI of this proposal.
* *
* @return chunk_t pointing to the value * @return chunk_t pointing to the value
*/ */
chunk_t (*get_spi) (proposal_substructure_t *this); chunk_t (*get_spi) (proposal_substructure_t *this);
/** /**
* Sets the SPI of the current proposal. * Sets the SPI of the current proposal.
* *
* @warning SPI is getting copied * @warning SPI is getting copied
* *
* @param spi chunk_t pointing to the value to set * @param spi chunk_t pointing to the value to set
*/ */
void (*set_spi) (proposal_substructure_t *this, chunk_t spi); void (*set_spi) (proposal_substructure_t *this, chunk_t spi);
/** /**
* Get a proposal_t from the propsal_substructure_t. * Get a proposal_t from the propsal_substructure_t.
* *
* @return proposal_t * @return proposal_t
*/ */
proposal_t * (*get_proposal) (proposal_substructure_t *this); proposal_t * (*get_proposal) (proposal_substructure_t *this);
@ -156,7 +156,7 @@ struct proposal_substructure_t {
/** /**
* Creates an empty proposal_substructure_t object * Creates an empty proposal_substructure_t object
* *
* @return proposal_substructure_t object * @return proposal_substructure_t object
*/ */
proposal_substructure_t *proposal_substructure_create(void); proposal_substructure_t *proposal_substructure_create(void);

70
src/charon/encoding/payloads/sa_payload.c
View File

@ -27,14 +27,14 @@ typedef struct private_sa_payload_t private_sa_payload_t;
/** /**
* Private data of an sa_payload_t object. * Private data of an sa_payload_t object.
* *
*/ */
struct private_sa_payload_t { struct private_sa_payload_t {
/** /**
* Public sa_payload_t interface. * Public sa_payload_t interface.
*/ */
sa_payload_t public; sa_payload_t public;
/** /**
* Next payload type. * Next payload type.
*/ */
@ -44,12 +44,12 @@ struct private_sa_payload_t {
* Critical flag. * Critical flag.
*/ */
bool critical; bool critical;
/** /**
* Length of this payload. * Length of this payload.
*/ */
u_int16_t payload_length; u_int16_t payload_length;
/** /**
* Proposals in this payload are stored in a linked_list_t. * Proposals in this payload are stored in a linked_list_t.
*/ */
@ -58,27 +58,27 @@ struct private_sa_payload_t {
/** /**
* Encoding rules to parse or generate a IKEv2-SA Payload * Encoding rules to parse or generate a IKEv2-SA Payload
* *
* The defined offsets are the positions in a object of type * The defined offsets are the positions in a object of type
* private_sa_payload_t. * private_sa_payload_t.
* *
*/ */
encoding_rule_t sa_payload_encodings[] = { encoding_rule_t sa_payload_encodings[] = {
/* 1 Byte next payload type, stored in the field next_payload */ /* 1 Byte next payload type, stored in the field next_payload */
{ U_INT_8, offsetof(private_sa_payload_t, next_payload) }, { U_INT_8, offsetof(private_sa_payload_t, next_payload) },
/* the critical bit */ /* the critical bit */
{ FLAG, offsetof(private_sa_payload_t, critical) }, { FLAG, offsetof(private_sa_payload_t, critical) },
/* 7 Bit reserved bits, nowhere stored */ /* 7 Bit reserved bits, nowhere stored */
{ RESERVED_BIT, 0 }, { RESERVED_BIT, 0 },
{ RESERVED_BIT, 0 }, { RESERVED_BIT, 0 },
{ RESERVED_BIT, 0 }, { RESERVED_BIT, 0 },
{ RESERVED_BIT, 0 }, { RESERVED_BIT, 0 },
{ RESERVED_BIT, 0 }, { RESERVED_BIT, 0 },
{ RESERVED_BIT, 0 }, { RESERVED_BIT, 0 },
{ RESERVED_BIT, 0 }, { RESERVED_BIT, 0 },
/* Length of the whole SA payload*/ /* Length of the whole SA payload*/
{ PAYLOAD_LENGTH, offsetof(private_sa_payload_t, payload_length) }, { PAYLOAD_LENGTH, offsetof(private_sa_payload_t, payload_length) },
/* Proposals are stored in a proposal substructure, /* Proposals are stored in a proposal substructure,
offset points to a linked_list_t pointer */ offset points to a linked_list_t pointer */
{ PROPOSALS, offsetof(private_sa_payload_t, proposals) } { PROPOSALS, offsetof(private_sa_payload_t, proposals) }
}; };
@ -108,12 +108,12 @@ static status_t verify(private_sa_payload_t *this)
/* check proposal numbering */ /* check proposal numbering */
iterator = this->proposals->create_iterator(this->proposals,TRUE); iterator = this->proposals->create_iterator(this->proposals,TRUE);
while(iterator->iterate(iterator, (void**)&current_proposal)) while(iterator->iterate(iterator, (void**)&current_proposal))
{ {
current_number = current_proposal->get_proposal_number(current_proposal); current_number = current_proposal->get_proposal_number(current_proposal);
if (current_number < expected_number) if (current_number < expected_number)
{ {
if (current_number != (expected_number + 1)) if (current_number != (expected_number + 1))
{ {
DBG1(DBG_ENC, "proposal number is %d, expected %d or %d", DBG1(DBG_ENC, "proposal number is %d, expected %d or %d",
@ -129,7 +129,7 @@ static status_t verify(private_sa_payload_t *this)
status = FAILED; status = FAILED;
break; break;
} }
status = current_proposal->payload_interface.verify(&(current_proposal->payload_interface)); status = current_proposal->payload_interface.verify(&(current_proposal->payload_interface));
if (status != SUCCESS) if (status != SUCCESS)
{ {
@ -139,7 +139,7 @@ static status_t verify(private_sa_payload_t *this)
first = FALSE; first = FALSE;
expected_number = current_number; expected_number = current_number;
} }
iterator->destroy(iterator); iterator->destroy(iterator);
return status; return status;
} }
@ -197,14 +197,14 @@ static void compute_length (private_sa_payload_t *this)
iterator_t *iterator; iterator_t *iterator;
payload_t *current_proposal; payload_t *current_proposal;
size_t length = SA_PAYLOAD_HEADER_LENGTH; size_t length = SA_PAYLOAD_HEADER_LENGTH;
iterator = this->proposals->create_iterator(this->proposals,TRUE); iterator = this->proposals->create_iterator(this->proposals,TRUE);
while (iterator->iterate(iterator, (void **)&current_proposal)) while (iterator->iterate(iterator, (void **)&current_proposal))
{ {
length += current_proposal->get_length(current_proposal); length += current_proposal->get_length(current_proposal);
} }
iterator->destroy(iterator); iterator->destroy(iterator);
this->payload_length = length; this->payload_length = length;
} }
@ -232,7 +232,7 @@ static void add_proposal_substructure(private_sa_payload_t *this,proposal_substr
{ {
status_t status; status_t status;
u_int proposal_count = this->proposals->get_count(this->proposals); u_int proposal_count = this->proposals->get_count(this->proposals);
if (proposal_count > 0) if (proposal_count > 0)
{ {
proposal_substructure_t *last_proposal; proposal_substructure_t *last_proposal;
@ -252,7 +252,7 @@ static void add_proposal_substructure(private_sa_payload_t *this,proposal_substr
static void add_proposal(private_sa_payload_t *this, proposal_t *proposal) static void add_proposal(private_sa_payload_t *this, proposal_t *proposal)
{ {
proposal_substructure_t *substructure; proposal_substructure_t *substructure;
substructure = proposal_substructure_create_from_proposal(proposal); substructure = proposal_substructure_create_from_proposal(proposal);
add_proposal_substructure(this, substructure); add_proposal_substructure(this, substructure);
} }
@ -267,10 +267,10 @@ static linked_list_t *get_proposals(private_sa_payload_t *this)
iterator_t *iterator; iterator_t *iterator;
proposal_substructure_t *proposal_struct; proposal_substructure_t *proposal_struct;
linked_list_t *proposal_list; linked_list_t *proposal_list;
/* this list will hold our proposals */ /* this list will hold our proposals */
proposal_list = linked_list_create(); proposal_list = linked_list_create();
/* we do not support proposals split up to two proposal substructures, as /* we do not support proposals split up to two proposal substructures, as
* AH+ESP bundles are not supported in RFC4301 anymore. * AH+ESP bundles are not supported in RFC4301 anymore.
* To handle such structures safely, we just skip proposals with multiple * To handle such structures safely, we just skip proposals with multiple
@ -280,7 +280,7 @@ static linked_list_t *get_proposals(private_sa_payload_t *this)
while (iterator->iterate(iterator, (void **)&proposal_struct)) while (iterator->iterate(iterator, (void **)&proposal_struct))
{ {
proposal_t *proposal; proposal_t *proposal;
/* check if a proposal has a single protocol */ /* check if a proposal has a single protocol */
if (proposal_struct->get_proposal_number(proposal_struct) == struct_number) if (proposal_struct->get_proposal_number(proposal_struct) == struct_number)
{ {
@ -310,7 +310,7 @@ static linked_list_t *get_proposals(private_sa_payload_t *this)
sa_payload_t *sa_payload_create() sa_payload_t *sa_payload_create()
{ {
private_sa_payload_t *this = malloc_thing(private_sa_payload_t); private_sa_payload_t *this = malloc_thing(private_sa_payload_t);
/* public interface */ /* public interface */
this->public.payload_interface.verify = (status_t (*) (payload_t *))verify; this->public.payload_interface.verify = (status_t (*) (payload_t *))verify;
this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules; this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules;
@ -319,14 +319,14 @@ sa_payload_t *sa_payload_create()
this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type;
this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type; this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type;
this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; this->public.payload_interface.destroy = (void (*) (payload_t *))destroy;
/* public functions */ /* public functions */
this->public.create_proposal_substructure_iterator = (iterator_t* (*) (sa_payload_t *,bool)) create_proposal_substructure_iterator; this->public.create_proposal_substructure_iterator = (iterator_t* (*) (sa_payload_t *,bool)) create_proposal_substructure_iterator;
this->public.add_proposal_substructure = (void (*) (sa_payload_t *,proposal_substructure_t *)) add_proposal_substructure; this->public.add_proposal_substructure = (void (*) (sa_payload_t *,proposal_substructure_t *)) add_proposal_substructure;
this->public.add_proposal = (void (*) (sa_payload_t*,proposal_t*))add_proposal; this->public.add_proposal = (void (*) (sa_payload_t*,proposal_t*))add_proposal;
this->public.get_proposals = (linked_list_t* (*) (sa_payload_t *)) get_proposals; this->public.get_proposals = (linked_list_t* (*) (sa_payload_t *)) get_proposals;
this->public.destroy = (void (*) (sa_payload_t *)) destroy; this->public.destroy = (void (*) (sa_payload_t *)) destroy;
/* set default values of the fields */ /* set default values of the fields */
this->critical = FALSE; this->critical = FALSE;
this->next_payload = NO_PAYLOAD; this->next_payload = NO_PAYLOAD;
@ -343,7 +343,7 @@ sa_payload_t *sa_payload_create_from_proposal_list(linked_list_t *proposals)
iterator_t *iterator; iterator_t *iterator;
proposal_t *proposal; proposal_t *proposal;
sa_payload_t *sa_payload = sa_payload_create(); sa_payload_t *sa_payload = sa_payload_create();
/* add every payload from the list */ /* add every payload from the list */
iterator = proposals->create_iterator(proposals, TRUE); iterator = proposals->create_iterator(proposals, TRUE);
while (iterator->iterate(iterator, (void**)&proposal)) while (iterator->iterate(iterator, (void**)&proposal))
@ -351,7 +351,7 @@ sa_payload_t *sa_payload_create_from_proposal_list(linked_list_t *proposals)
add_proposal((private_sa_payload_t*)sa_payload, proposal); add_proposal((private_sa_payload_t*)sa_payload, proposal);
} }
iterator->destroy(iterator); iterator->destroy(iterator);
return sa_payload; return sa_payload;
} }
@ -361,8 +361,8 @@ sa_payload_t *sa_payload_create_from_proposal_list(linked_list_t *proposals)
sa_payload_t *sa_payload_create_from_proposal(proposal_t *proposal) sa_payload_t *sa_payload_create_from_proposal(proposal_t *proposal)
{ {
sa_payload_t *sa_payload = sa_payload_create(); sa_payload_t *sa_payload = sa_payload_create();
add_proposal((private_sa_payload_t*)sa_payload, proposal); add_proposal((private_sa_payload_t*)sa_payload, proposal);
return sa_payload; return sa_payload;
} }

26
src/charon/encoding/payloads/sa_payload.h
View File

@ -44,12 +44,12 @@ struct sa_payload_t {
* The payload_t interface. * The payload_t interface.
*/ */
payload_t payload_interface; payload_t payload_interface;
/** /**
* Creates an iterator of stored proposal_substructure_t objects. * Creates an iterator of stored proposal_substructure_t objects.
* *
* When deleting an proposal using this iterator, * When deleting an proposal using this iterator,
* the length of this transform substructure has to be refreshed * the length of this transform substructure has to be refreshed
* by calling get_length()! * by calling get_length()!
* *
* @param forward iterator direction (TRUE: front to end) * @param forward iterator direction (TRUE: front to end)
@ -57,7 +57,7 @@ struct sa_payload_t {
*/ */
iterator_t *(*create_proposal_substructure_iterator) (sa_payload_t *this, iterator_t *(*create_proposal_substructure_iterator) (sa_payload_t *this,
bool forward); bool forward);
/** /**
* Adds a proposal_substructure_t object to this object. * Adds a proposal_substructure_t object to this object.
* *
@ -68,18 +68,18 @@ struct sa_payload_t {
/** /**
* Gets the proposals in this payload as a list. * Gets the proposals in this payload as a list.
* *
* @return a list containing proposal_t s * @return a list containing proposal_t s
*/ */
linked_list_t *(*get_proposals) (sa_payload_t *this); linked_list_t *(*get_proposals) (sa_payload_t *this);
/** /**
* Add a child proposal (AH/ESP) to the payload. * Add a child proposal (AH/ESP) to the payload.
* *
* @param proposal child proposal to add to the payload * @param proposal child proposal to add to the payload
*/ */
void (*add_proposal) (sa_payload_t *this, proposal_t *proposal); void (*add_proposal) (sa_payload_t *this, proposal_t *proposal);
/** /**
* Destroys an sa_payload_t object. * Destroys an sa_payload_t object.
*/ */
@ -88,14 +88,14 @@ struct sa_payload_t {
/** /**
* Creates an empty sa_payload_t object * Creates an empty sa_payload_t object
* *
* @return created sa_payload_t object * @return created sa_payload_t object
*/ */
sa_payload_t *sa_payload_create(void); sa_payload_t *sa_payload_create(void);
/** /**
* Creates a sa_payload_t object from a list of proposals. * Creates a sa_payload_t object from a list of proposals.
* *
* @param proposals list of proposals to build the payload from * @param proposals list of proposals to build the payload from
* @return sa_payload_t object * @return sa_payload_t object
*/ */
@ -103,10 +103,10 @@ sa_payload_t *sa_payload_create_from_proposal_list(linked_list_t *proposals);
/** /**
* Creates a sa_payload_t object from a single proposal. * Creates a sa_payload_t object from a single proposal.
* *
* This is only for convenience. Use sa_payload_create_from_proposal_list * This is only for convenience. Use sa_payload_create_from_proposal_list
* if you want to add more than one proposal. * if you want to add more than one proposal.
* *
* @param proposal proposal from which the payload should be built. * @param proposal proposal from which the payload should be built.
* @return sa_payload_t object * @return sa_payload_t object
*/ */

38
src/charon/encoding/payloads/traffic_selector_substructure.c
View File

@ -24,19 +24,19 @@ typedef struct private_traffic_selector_substructure_t private_traffic_selector_
/** /**
* Private data of an traffic_selector_substructure_t object. * Private data of an traffic_selector_substructure_t object.
* *
*/ */
struct private_traffic_selector_substructure_t { struct private_traffic_selector_substructure_t {
/** /**
* Public traffic_selector_substructure_t interface. * Public traffic_selector_substructure_t interface.
*/ */
traffic_selector_substructure_t public; traffic_selector_substructure_t public;
/** /**
* Type of traffic selector. * Type of traffic selector.
*/ */
u_int8_t ts_type; u_int8_t ts_type;
/** /**
* IP Protocol ID. * IP Protocol ID.
*/ */
@ -46,7 +46,7 @@ struct private_traffic_selector_substructure_t {
* Length of this payload. * Length of this payload.
*/ */
u_int16_t payload_length; u_int16_t payload_length;
/** /**
* Start port number. * Start port number.
*/ */
@ -56,7 +56,7 @@ struct private_traffic_selector_substructure_t {
* End port number. * End port number.
*/ */
u_int16_t end_port; u_int16_t end_port;
/** /**
* Starting address. * Starting address.
*/ */
@ -70,17 +70,17 @@ struct private_traffic_selector_substructure_t {
/** /**
* Encoding rules to parse or generate a TS payload * Encoding rules to parse or generate a TS payload
* *
* The defined offsets are the positions in a object of type * The defined offsets are the positions in a object of type
* private_traffic_selector_substructure_t. * private_traffic_selector_substructure_t.
* *
*/ */
encoding_rule_t traffic_selector_substructure_encodings[] = { encoding_rule_t traffic_selector_substructure_encodings[] = {
/* 1 Byte next ts type*/ /* 1 Byte next ts type*/
{ TS_TYPE, offsetof(private_traffic_selector_substructure_t, ts_type) }, { TS_TYPE, offsetof(private_traffic_selector_substructure_t, ts_type) },
/* 1 Byte IP protocol id*/ /* 1 Byte IP protocol id*/
{ U_INT_8, offsetof(private_traffic_selector_substructure_t, ip_protocol_id) }, { U_INT_8, offsetof(private_traffic_selector_substructure_t, ip_protocol_id) },
/* Length of the whole payload*/ /* Length of the whole payload*/
{ PAYLOAD_LENGTH, offsetof(private_traffic_selector_substructure_t, payload_length) }, { PAYLOAD_LENGTH, offsetof(private_traffic_selector_substructure_t, payload_length) },
/* 2 Byte start port*/ /* 2 Byte start port*/
{ U_INT_16, offsetof(private_traffic_selector_substructure_t, start_port) }, { U_INT_16, offsetof(private_traffic_selector_substructure_t, start_port) },
@ -124,7 +124,7 @@ static status_t verify(private_traffic_selector_substructure_t *this)
{ {
case TS_IPV4_ADDR_RANGE: case TS_IPV4_ADDR_RANGE:
{ {
if ((this->starting_address.len != 4) || if ((this->starting_address.len != 4) ||
(this->ending_address.len != 4)) (this->ending_address.len != 4))
{ {
/* ipv4 address must be 4 bytes long */ /* ipv4 address must be 4 bytes long */
@ -148,7 +148,7 @@ static status_t verify(private_traffic_selector_substructure_t *this)
return FAILED; return FAILED;
} }
} }
return SUCCESS; return SUCCESS;
} }
@ -182,7 +182,7 @@ static payload_type_t get_next_type(private_traffic_selector_substructure_t *thi
*/ */
static void set_next_type(private_traffic_selector_substructure_t *this,payload_type_t type) static void set_next_type(private_traffic_selector_substructure_t *this,payload_type_t type)
{ {
} }
/** /**
@ -199,8 +199,8 @@ static size_t get_length(private_traffic_selector_substructure_t *this)
static traffic_selector_t *get_traffic_selector(private_traffic_selector_substructure_t *this) static traffic_selector_t *get_traffic_selector(private_traffic_selector_substructure_t *this)
{ {
traffic_selector_t *ts; traffic_selector_t *ts;
ts = traffic_selector_create_from_bytes(this->ip_protocol_id, this->ts_type, ts = traffic_selector_create_from_bytes(this->ip_protocol_id, this->ts_type,
this->starting_address, this->start_port, this->starting_address, this->start_port,
this->ending_address, this->end_port); this->ending_address, this->end_port);
return ts; return ts;
} }
@ -221,7 +221,7 @@ static void destroy(private_traffic_selector_substructure_t *this)
{ {
free(this->starting_address.ptr); free(this->starting_address.ptr);
free(this->ending_address.ptr); free(this->ending_address.ptr);
free(this); free(this);
} }
/* /*
@ -239,11 +239,11 @@ traffic_selector_substructure_t *traffic_selector_substructure_create()
this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type;
this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_payload_type; this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_payload_type;
this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; this->public.payload_interface.destroy = (void (*) (payload_t *))destroy;
/* public functions */ /* public functions */
this->public.get_traffic_selector = (traffic_selector_t* (*)(traffic_selector_substructure_t*))get_traffic_selector; this->public.get_traffic_selector = (traffic_selector_t* (*)(traffic_selector_substructure_t*))get_traffic_selector;
this->public.destroy = (void (*) (traffic_selector_substructure_t *)) destroy; this->public.destroy = (void (*) (traffic_selector_substructure_t *)) destroy;
/* private variables */ /* private variables */
this->payload_length = TRAFFIC_SELECTOR_HEADER_LENGTH; this->payload_length = TRAFFIC_SELECTOR_HEADER_LENGTH;
this->start_port = 0; this->start_port = 0;
@ -269,8 +269,8 @@ traffic_selector_substructure_t *traffic_selector_substructure_create_from_traff
this->end_port = traffic_selector->get_to_port(traffic_selector); this->end_port = traffic_selector->get_to_port(traffic_selector);
this->starting_address = chunk_clone(traffic_selector->get_from_address(traffic_selector)); this->starting_address = chunk_clone(traffic_selector->get_from_address(traffic_selector));
this->ending_address = chunk_clone(traffic_selector->get_to_address(traffic_selector)); this->ending_address = chunk_clone(traffic_selector->get_to_address(traffic_selector));
compute_length(this); compute_length(this);
return &(this->public); return &(this->public);
} }

44
src/charon/encoding/payloads/traffic_selector_substructure.h
View File

@ -36,7 +36,7 @@ typedef struct traffic_selector_substructure_t traffic_selector_substructure_t;
/** /**
* Class representing an IKEv2 TRAFFIC SELECTOR. * Class representing an IKEv2 TRAFFIC SELECTOR.
* *
* The TRAFFIC SELECTOR format is described in RFC section 3.13.1. * The TRAFFIC SELECTOR format is described in RFC section 3.13.1.
*/ */
struct traffic_selector_substructure_t { struct traffic_selector_substructure_t {
@ -44,49 +44,49 @@ struct traffic_selector_substructure_t {
* The payload_t interface. * The payload_t interface.
*/ */
payload_t payload_interface; payload_t payload_interface;
/** /**
* Get the type of Traffic selector. * Get the type of Traffic selector.
* *
* @return type of traffic selector * @return type of traffic selector
* *
*/ */
ts_type_t (*get_ts_type) (traffic_selector_substructure_t *this); ts_type_t (*get_ts_type) (traffic_selector_substructure_t *this);
/** /**
* Set the type of Traffic selector. * Set the type of Traffic selector.
* *
* @param ts_type type of traffic selector * @param ts_type type of traffic selector
*/ */
void (*set_ts_type) (traffic_selector_substructure_t *this, void (*set_ts_type) (traffic_selector_substructure_t *this,
ts_type_t ts_type); ts_type_t ts_type);
/** /**
* Get the IP protocol ID of Traffic selector. * Get the IP protocol ID of Traffic selector.
* *
* @return type of traffic selector * @return type of traffic selector
* *
*/ */
u_int8_t (*get_protocol_id) (traffic_selector_substructure_t *this); u_int8_t (*get_protocol_id) (traffic_selector_substructure_t *this);
/** /**
* Set the IP protocol ID of Traffic selector * Set the IP protocol ID of Traffic selector
* *
* @param protocol_id protocol ID of traffic selector * @param protocol_id protocol ID of traffic selector
*/ */
void (*set_protocol_id) (traffic_selector_substructure_t *this, void (*set_protocol_id) (traffic_selector_substructure_t *this,
u_int8_t protocol_id); u_int8_t protocol_id);
/** /**
* Get the start port and address as host_t object. * Get the start port and address as host_t object.
* *
* Returned host_t object has to get destroyed by the caller. * Returned host_t object has to get destroyed by the caller.
* *
* @return start host as host_t object * @return start host as host_t object
* *
*/ */
host_t *(*get_start_host) (traffic_selector_substructure_t *this); host_t *(*get_start_host) (traffic_selector_substructure_t *this);
/** /**
* Set the start port and address as host_t object. * Set the start port and address as host_t object.
* *
@ -94,17 +94,17 @@ struct traffic_selector_substructure_t {
*/ */
void (*set_start_host) (traffic_selector_substructure_t *this, void (*set_start_host) (traffic_selector_substructure_t *this,
host_t *start_host); host_t *start_host);
/** /**
* Get the end port and address as host_t object. * Get the end port and address as host_t object.
* *
* Returned host_t object has to get destroyed by the caller. * Returned host_t object has to get destroyed by the caller.
* *
* @return end host as host_t object * @return end host as host_t object
* *
*/ */
host_t *(*get_end_host) (traffic_selector_substructure_t *this); host_t *(*get_end_host) (traffic_selector_substructure_t *this);
/** /**
* Set the end port and address as host_t object. * Set the end port and address as host_t object.
* *
@ -112,17 +112,17 @@ struct traffic_selector_substructure_t {
*/ */
void (*set_end_host) (traffic_selector_substructure_t *this, void (*set_end_host) (traffic_selector_substructure_t *this,
host_t *end_host); host_t *end_host);
/** /**
* Get a traffic_selector_t from this substructure. * Get a traffic_selector_t from this substructure.
* *
* @warning traffic_selector_t must be destroyed after usage. * @warning traffic_selector_t must be destroyed after usage.
* *
* @return contained traffic_selector_t * @return contained traffic_selector_t
*/ */
traffic_selector_t *(*get_traffic_selector) ( traffic_selector_t *(*get_traffic_selector) (
traffic_selector_substructure_t *this); traffic_selector_substructure_t *this);
/** /**
* Destroys an traffic_selector_substructure_t object. * Destroys an traffic_selector_substructure_t object.
*/ */
@ -133,7 +133,7 @@ struct traffic_selector_substructure_t {
* Creates an empty traffic_selector_substructure_t object. * Creates an empty traffic_selector_substructure_t object.
* *
* TS type is set to default TS_IPV4_ADDR_RANGE! * TS type is set to default TS_IPV4_ADDR_RANGE!
* *
* @return traffic_selector_substructure_t object * @return traffic_selector_substructure_t object
*/ */
traffic_selector_substructure_t *traffic_selector_substructure_create(void); traffic_selector_substructure_t *traffic_selector_substructure_create(void);
@ -141,7 +141,7 @@ traffic_selector_substructure_t *traffic_selector_substructure_create(void);
/** /**
* Creates an initialized traffif selector substructure using * Creates an initialized traffif selector substructure using
* the values from a traffic_selector_t. * the values from a traffic_selector_t.
* *
* @param traffic_selector traffic_selector_t to use for initialization * @param traffic_selector traffic_selector_t to use for initialization
* @return traffic_selector_substructure_t object * @return traffic_selector_substructure_t object
*/ */

50
src/charon/encoding/payloads/transform_attribute.c
View File

@ -26,32 +26,32 @@ typedef struct private_transform_attribute_t private_transform_attribute_t;
/** /**
* Private data of an transform_attribute_t object. * Private data of an transform_attribute_t object.
* *
*/ */
struct private_transform_attribute_t { struct private_transform_attribute_t {
/** /**
* Public transform_attribute_t interface. * Public transform_attribute_t interface.
*/ */
transform_attribute_t public; transform_attribute_t public;
/** /**
* Attribute Format Flag. * Attribute Format Flag.
* *
* - TRUE means value is stored in attribute_length_or_value * - TRUE means value is stored in attribute_length_or_value
* - FALSE means value is stored in attribute_value * - FALSE means value is stored in attribute_value
*/ */
bool attribute_format; bool attribute_format;
/** /**
* Type of the attribute. * Type of the attribute.
*/ */
u_int16_t attribute_type; u_int16_t attribute_type;
/** /**
* Attribute Length if attribute_format is 0, attribute Value otherwise. * Attribute Length if attribute_format is 0, attribute Value otherwise.
*/ */
u_int16_t attribute_length_or_value; u_int16_t attribute_length_or_value;
/** /**
* Attribute value as chunk if attribute_format is 0 (FALSE). * Attribute value as chunk if attribute_format is 0 (FALSE).
*/ */
@ -67,16 +67,16 @@ ENUM_END(transform_attribute_type_name, KEY_LENGTH);
/** /**
* Encoding rules to parse or generate a Transform attribute. * Encoding rules to parse or generate a Transform attribute.
* *
* The defined offsets are the positions in a object of type * The defined offsets are the positions in a object of type
* private_transform_attribute_t. * private_transform_attribute_t.
* *
*/ */
encoding_rule_t transform_attribute_encodings[] = { encoding_rule_t transform_attribute_encodings[] = {
/* Flag defining the format of this payload */ /* Flag defining the format of this payload */
{ ATTRIBUTE_FORMAT, offsetof(private_transform_attribute_t, attribute_format) }, { ATTRIBUTE_FORMAT, offsetof(private_transform_attribute_t, attribute_format) },
/* type of the attribute as 15 bit unsigned integer */ /* type of the attribute as 15 bit unsigned integer */
{ ATTRIBUTE_TYPE, offsetof(private_transform_attribute_t, attribute_type) }, { ATTRIBUTE_TYPE, offsetof(private_transform_attribute_t, attribute_type) },
/* Length or value, depending on the attribute format flag */ /* Length or value, depending on the attribute format flag */
{ ATTRIBUTE_LENGTH_OR_VALUE, offsetof(private_transform_attribute_t, attribute_length_or_value) }, { ATTRIBUTE_LENGTH_OR_VALUE, offsetof(private_transform_attribute_t, attribute_length_or_value) },
/* Value of attribute if attribute format flag is zero */ /* Value of attribute if attribute format flag is zero */
@ -104,7 +104,7 @@ static status_t verify(private_transform_attribute_t *this)
{ {
return FAILED; return FAILED;
} }
return SUCCESS; return SUCCESS;
} }
@ -164,16 +164,16 @@ static void set_value_chunk(private_transform_attribute_t *this, chunk_t value)
free(this->attribute_value.ptr); free(this->attribute_value.ptr);
this->attribute_value.ptr = NULL; this->attribute_value.ptr = NULL;
this->attribute_value.len = 0; this->attribute_value.len = 0;
} }
if (value.len > 2) if (value.len > 2)
{ {
this->attribute_value.ptr = clalloc(value.ptr,value.len); this->attribute_value.ptr = clalloc(value.ptr,value.len);
this->attribute_value.len = value.len; this->attribute_value.len = value.len;
this->attribute_length_or_value = value.len; this->attribute_length_or_value = value.len;
/* attribute has not a fixed length */ /* attribute has not a fixed length */
this->attribute_format = FALSE; this->attribute_format = FALSE;
} }
else else
{ {
@ -192,7 +192,7 @@ static void set_value(private_transform_attribute_t *this, u_int16_t value)
free(this->attribute_value.ptr); free(this->attribute_value.ptr);
this->attribute_value.ptr = NULL; this->attribute_value.ptr = NULL;
this->attribute_value.len = 0; this->attribute_value.len = 0;
} }
this->attribute_length_or_value = value; this->attribute_length_or_value = value;
} }
@ -207,14 +207,14 @@ static chunk_t get_value_chunk (private_transform_attribute_t *this)
if (this->attribute_format == FALSE) if (this->attribute_format == FALSE)
{ {
value.ptr = this->attribute_value.ptr; value.ptr = this->attribute_value.ptr;
value.len = this->attribute_value.len; value.len = this->attribute_value.len;
} }
else else
{ {
value.ptr = (void *) &(this->attribute_length_or_value); value.ptr = (void *) &(this->attribute_length_or_value);
value.len = 2; value.len = 2;
} }
return value; return value;
} }
@ -249,19 +249,19 @@ static u_int16_t get_attribute_type (private_transform_attribute_t *this)
static transform_attribute_t * _clone(private_transform_attribute_t *this) static transform_attribute_t * _clone(private_transform_attribute_t *this)
{ {
private_transform_attribute_t *new_clone; private_transform_attribute_t *new_clone;
new_clone = (private_transform_attribute_t *) transform_attribute_create(); new_clone = (private_transform_attribute_t *) transform_attribute_create();
new_clone->attribute_format = this->attribute_format; new_clone->attribute_format = this->attribute_format;
new_clone->attribute_type = this->attribute_type; new_clone->attribute_type = this->attribute_type;
new_clone->attribute_length_or_value = this->attribute_length_or_value; new_clone->attribute_length_or_value = this->attribute_length_or_value;
if (!new_clone->attribute_format) if (!new_clone->attribute_format)
{ {
new_clone->attribute_value.ptr = clalloc(this->attribute_value.ptr,this->attribute_value.len); new_clone->attribute_value.ptr = clalloc(this->attribute_value.ptr,this->attribute_value.len);
new_clone->attribute_value.len = this->attribute_value.len; new_clone->attribute_value.len = this->attribute_value.len;
} }
return (transform_attribute_t *) new_clone; return (transform_attribute_t *) new_clone;
} }
@ -273,7 +273,7 @@ static void destroy(private_transform_attribute_t *this)
if (this->attribute_value.ptr != NULL) if (this->attribute_value.ptr != NULL)
{ {
free(this->attribute_value.ptr); free(this->attribute_value.ptr);
} }
free(this); free(this);
} }
@ -292,7 +292,7 @@ transform_attribute_t *transform_attribute_create()
this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type;
this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type; this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type;
this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; this->public.payload_interface.destroy = (void (*) (payload_t *))destroy;
/* public functions */ /* public functions */
this->public.set_value_chunk = (void (*) (transform_attribute_t *,chunk_t)) set_value_chunk; this->public.set_value_chunk = (void (*) (transform_attribute_t *,chunk_t)) set_value_chunk;
this->public.set_value = (void (*) (transform_attribute_t *,u_int16_t)) set_value; this->public.set_value = (void (*) (transform_attribute_t *,u_int16_t)) set_value;
@ -302,7 +302,7 @@ transform_attribute_t *transform_attribute_create()
this->public.get_attribute_type = (u_int16_t (*) (transform_attribute_t *)) get_attribute_type; this->public.get_attribute_type = (u_int16_t (*) (transform_attribute_t *)) get_attribute_type;
this->public.clone = (transform_attribute_t * (*) (transform_attribute_t *)) _clone; this->public.clone = (transform_attribute_t * (*) (transform_attribute_t *)) _clone;
this->public.destroy = (void (*) (transform_attribute_t *)) destroy; this->public.destroy = (void (*) (transform_attribute_t *)) destroy;
/* set default values of the fields */ /* set default values of the fields */
this->attribute_format = TRUE; this->attribute_format = TRUE;
this->attribute_type = 0; this->attribute_type = 0;

34
src/charon/encoding/payloads/transform_attribute.h
View File

@ -37,14 +37,14 @@ enum transform_attribute_type_t {
KEY_LENGTH = 14 KEY_LENGTH = 14
}; };
/** /**
* enum name for transform_attribute_type_t. * enum name for transform_attribute_type_t.
*/ */
extern enum_name_t *transform_attribute_type_names; extern enum_name_t *transform_attribute_type_names;
/** /**
* Class representing an IKEv2- TRANSFORM Attribute. * Class representing an IKEv2- TRANSFORM Attribute.
* *
* The TRANSFORM ATTRIBUTE format is described in RFC section 3.3.5. * The TRANSFORM ATTRIBUTE format is described in RFC section 3.3.5.
*/ */
struct transform_attribute_t { struct transform_attribute_t {
@ -55,52 +55,52 @@ struct transform_attribute_t {
/** /**
* Returns the currently set value of the attribute. * Returns the currently set value of the attribute.
* *
* Returned data are not copied. * Returned data are not copied.
* *
* @return chunk_t pointing to the value * @return chunk_t pointing to the value
*/ */
chunk_t (*get_value_chunk) (transform_attribute_t *this); chunk_t (*get_value_chunk) (transform_attribute_t *this);
/** /**
* Returns the currently set value of the attribute. * Returns the currently set value of the attribute.
* *
* Returned data are not copied. * Returned data are not copied.
* *
* @return value * @return value
*/ */
u_int16_t (*get_value) (transform_attribute_t *this); u_int16_t (*get_value) (transform_attribute_t *this);
/** /**
* Sets the value of the attribute. * Sets the value of the attribute.
* *
* Value is getting copied. * Value is getting copied.
* *
* @param value chunk_t pointing to the value to set * @param value chunk_t pointing to the value to set
*/ */
void (*set_value_chunk) (transform_attribute_t *this, chunk_t value); void (*set_value_chunk) (transform_attribute_t *this, chunk_t value);
/** /**
* Sets the value of the attribute. * Sets the value of the attribute.
* *
* @param value value to set * @param value value to set
*/ */
void (*set_value) (transform_attribute_t *this, u_int16_t value); void (*set_value) (transform_attribute_t *this, u_int16_t value);
/** /**
* Sets the type of the attribute. * Sets the type of the attribute.
* *
* @param type type to set (most significant bit is set to zero) * @param type type to set (most significant bit is set to zero)
*/ */
void (*set_attribute_type) (transform_attribute_t *this, u_int16_t type); void (*set_attribute_type) (transform_attribute_t *this, u_int16_t type);
/** /**
* get the type of the attribute. * get the type of the attribute.
* *
* @return type of the value * @return type of the value
*/ */
u_int16_t (*get_attribute_type) (transform_attribute_t *this); u_int16_t (*get_attribute_type) (transform_attribute_t *this);
/** /**
* Clones an transform_attribute_t object. * Clones an transform_attribute_t object.
* *
@ -116,14 +116,14 @@ struct transform_attribute_t {
/** /**
* Creates an empty transform_attribute_t object. * Creates an empty transform_attribute_t object.
* *
* @return transform_attribute_t object * @return transform_attribute_t object
*/ */
transform_attribute_t *transform_attribute_create(void); transform_attribute_t *transform_attribute_create(void);
/** /**
* Creates an transform_attribute_t of type KEY_LENGTH. * Creates an transform_attribute_t of type KEY_LENGTH.
* *
* @param key_length key length in bytes * @param key_length key length in bytes
* @return transform_attribute_t object * @return transform_attribute_t object
*/ */

76
src/charon/encoding/payloads/transform_substructure.c
View File

@ -29,36 +29,36 @@ typedef struct private_transform_substructure_t private_transform_substructure_t
/** /**
* Private data of an transform_substructure_t object. * Private data of an transform_substructure_t object.
* *
*/ */
struct private_transform_substructure_t { struct private_transform_substructure_t {
/** /**
* Public transform_substructure_t interface. * Public transform_substructure_t interface.
*/ */
transform_substructure_t public; transform_substructure_t public;
/** /**
* Next payload type. * Next payload type.
*/ */
u_int8_t next_payload; u_int8_t next_payload;
/** /**
* Length of this payload. * Length of this payload.
*/ */
u_int16_t transform_length; u_int16_t transform_length;
/** /**
* Type of the transform. * Type of the transform.
*/ */
u_int8_t transform_type; u_int8_t transform_type;
/** /**
* Transform ID. * Transform ID.
*/ */
u_int16_t transform_id; u_int16_t transform_id;
/** /**
* Transforms Attributes are stored in a linked_list_t. * Transforms Attributes are stored in a linked_list_t.
*/ */
@ -68,25 +68,25 @@ struct private_transform_substructure_t {
/** /**
* Encoding rules to parse or generate a Transform substructure. * Encoding rules to parse or generate a Transform substructure.
* *
* The defined offsets are the positions in a object of type * The defined offsets are the positions in a object of type
* private_transform_substructure_t. * private_transform_substructure_t.
* *
*/ */
encoding_rule_t transform_substructure_encodings[] = { encoding_rule_t transform_substructure_encodings[] = {
/* 1 Byte next payload type, stored in the field next_payload */ /* 1 Byte next payload type, stored in the field next_payload */
{ U_INT_8, offsetof(private_transform_substructure_t, next_payload) }, { U_INT_8, offsetof(private_transform_substructure_t, next_payload) },
/* Reserved Byte is skipped */ /* Reserved Byte is skipped */
{ RESERVED_BYTE, 0 }, { RESERVED_BYTE, 0 },
/* Length of the whole transform substructure*/ /* Length of the whole transform substructure*/
{ PAYLOAD_LENGTH, offsetof(private_transform_substructure_t, transform_length) }, { PAYLOAD_LENGTH, offsetof(private_transform_substructure_t, transform_length) },
/* transform type is a number of 8 bit */ /* transform type is a number of 8 bit */
{ U_INT_8, offsetof(private_transform_substructure_t, transform_type) }, { U_INT_8, offsetof(private_transform_substructure_t, transform_type) },
/* Reserved Byte is skipped */ /* Reserved Byte is skipped */
{ RESERVED_BYTE, 0 }, { RESERVED_BYTE, 0 },
/* tranform ID is a number of 8 bit */ /* tranform ID is a number of 8 bit */
{ U_INT_16, offsetof(private_transform_substructure_t, transform_id) }, { U_INT_16, offsetof(private_transform_substructure_t, transform_id) },
/* Attributes are stored in a transform attribute, /* Attributes are stored in a transform attribute,
offset points to a linked_list_t pointer */ offset points to a linked_list_t pointer */
{ TRANSFORM_ATTRIBUTES, offsetof(private_transform_substructure_t, attributes) } { TRANSFORM_ATTRIBUTES, offsetof(private_transform_substructure_t, attributes) }
}; };
@ -114,7 +114,7 @@ static status_t verify(private_transform_substructure_t *this)
status_t status = SUCCESS; status_t status = SUCCESS;
iterator_t *iterator; iterator_t *iterator;
payload_t *current_attributes; payload_t *current_attributes;
if ((this->next_payload != NO_PAYLOAD) && (this->next_payload != 3)) if ((this->next_payload != NO_PAYLOAD) && (this->next_payload != 3))
{ {
/* must be 0 or 3 */ /* must be 0 or 3 */
@ -139,7 +139,7 @@ static status_t verify(private_transform_substructure_t *this)
} }
} }
iterator = this->attributes->create_iterator(this->attributes,TRUE); iterator = this->attributes->create_iterator(this->attributes,TRUE);
while(iterator->iterate(iterator, (void**)&current_attributes)) while(iterator->iterate(iterator, (void**)&current_attributes))
{ {
status = current_attributes->verify(current_attributes); status = current_attributes->verify(current_attributes);
@ -149,8 +149,8 @@ static status_t verify(private_transform_substructure_t *this)
} }
} }
iterator->destroy(iterator); iterator->destroy(iterator);
/* proposal number is checked in SA payload */ /* proposal number is checked in SA payload */
return status; return status;
} }
@ -187,14 +187,14 @@ static void compute_length (private_transform_substructure_t *this)
iterator_t *iterator; iterator_t *iterator;
payload_t *current_attribute; payload_t *current_attribute;
size_t length = TRANSFORM_SUBSTRUCTURE_HEADER_LENGTH; size_t length = TRANSFORM_SUBSTRUCTURE_HEADER_LENGTH;
iterator = this->attributes->create_iterator(this->attributes,TRUE); iterator = this->attributes->create_iterator(this->attributes,TRUE);
while (iterator->iterate(iterator, (void**)&current_attribute)) while (iterator->iterate(iterator, (void**)&current_attribute))
{ {
length += current_attribute->get_length(current_attribute); length += current_attribute->get_length(current_attribute);
} }
iterator->destroy(iterator); iterator->destroy(iterator);
this->transform_length = length; this->transform_length = length;
} }
@ -254,7 +254,7 @@ static void set_transform_type (private_transform_substructure_t *this,u_int8_t
{ {
this->transform_type = type; this->transform_type = type;
} }
/** /**
* Implementation of transform_substructure_t.get_transform_type. * Implementation of transform_substructure_t.get_transform_type.
*/ */
@ -270,7 +270,7 @@ static void set_transform_id (private_transform_substructure_t *this,u_int16_t i
{ {
this->transform_id = id; this->transform_id = id;
} }
/** /**
* Implementation of transform_substructure_t.get_transform_id. * Implementation of transform_substructure_t.get_transform_id.
*/ */
@ -287,20 +287,20 @@ static transform_substructure_t *clone_(private_transform_substructure_t *this)
private_transform_substructure_t *clone; private_transform_substructure_t *clone;
iterator_t *attributes; iterator_t *attributes;
transform_attribute_t *current_attribute; transform_attribute_t *current_attribute;
clone = (private_transform_substructure_t *) transform_substructure_create(); clone = (private_transform_substructure_t *) transform_substructure_create();
clone->next_payload = this->next_payload; clone->next_payload = this->next_payload;
clone->transform_type = this->transform_type; clone->transform_type = this->transform_type;
clone->transform_id = this->transform_id; clone->transform_id = this->transform_id;
attributes = this->attributes->create_iterator(this->attributes, FALSE); attributes = this->attributes->create_iterator(this->attributes, FALSE);
while (attributes->iterate(attributes, (void**)&current_attribute)) while (attributes->iterate(attributes, (void**)&current_attribute))
{ {
current_attribute = current_attribute->clone(current_attribute); current_attribute = current_attribute->clone(current_attribute);
clone->public.add_transform_attribute(&clone->public, current_attribute); clone->public.add_transform_attribute(&clone->public, current_attribute);
} }
attributes->destroy(attributes); attributes->destroy(attributes);
return &clone->public; return &clone->public;
} }
@ -312,14 +312,14 @@ static status_t get_key_length(private_transform_substructure_t *this, u_int16_t
{ {
iterator_t *attributes; iterator_t *attributes;
transform_attribute_t *current_attribute; transform_attribute_t *current_attribute;
attributes = this->attributes->create_iterator(this->attributes, TRUE); attributes = this->attributes->create_iterator(this->attributes, TRUE);
while (attributes->iterate(attributes, (void**)&current_attribute)) while (attributes->iterate(attributes, (void**)&current_attribute))
{ {
if (current_attribute->get_attribute_type(current_attribute) == KEY_LENGTH) if (current_attribute->get_attribute_type(current_attribute) == KEY_LENGTH)
{ {
*key_length = current_attribute->get_value(current_attribute); *key_length = current_attribute->get_value(current_attribute);
attributes->destroy(attributes); attributes->destroy(attributes);
return SUCCESS; return SUCCESS;
} }
} }
@ -350,10 +350,10 @@ transform_substructure_t *transform_substructure_create()
this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules; this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules;
this->public.payload_interface.get_length = (size_t (*) (payload_t *)) get_length; this->public.payload_interface.get_length = (size_t (*) (payload_t *)) get_length;
this->public.payload_interface.get_next_type = (payload_type_t (*) (payload_t *)) get_next_type; this->public.payload_interface.get_next_type = (payload_type_t (*) (payload_t *)) get_next_type;
this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type;
this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type; this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type;
this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; this->public.payload_interface.destroy = (void (*) (payload_t *))destroy;
/* public functions */ /* public functions */
this->public.create_transform_attribute_iterator = (iterator_t * (*) (transform_substructure_t *,bool)) create_transform_attribute_iterator; this->public.create_transform_attribute_iterator = (iterator_t * (*) (transform_substructure_t *,bool)) create_transform_attribute_iterator;
this->public.add_transform_attribute = (void (*) (transform_substructure_t *,transform_attribute_t *)) add_transform_attribute; this->public.add_transform_attribute = (void (*) (transform_substructure_t *,transform_attribute_t *)) add_transform_attribute;
@ -366,14 +366,14 @@ transform_substructure_t *transform_substructure_create()
this->public.get_key_length = (status_t (*) (transform_substructure_t *,u_int16_t *)) get_key_length; this->public.get_key_length = (status_t (*) (transform_substructure_t *,u_int16_t *)) get_key_length;
this->public.clone = (transform_substructure_t* (*) (transform_substructure_t *)) clone_; this->public.clone = (transform_substructure_t* (*) (transform_substructure_t *)) clone_;
this->public.destroy = (void (*) (transform_substructure_t *)) destroy; this->public.destroy = (void (*) (transform_substructure_t *)) destroy;
/* set default values of the fields */ /* set default values of the fields */
this->next_payload = NO_PAYLOAD; this->next_payload = NO_PAYLOAD;
this->transform_length = TRANSFORM_SUBSTRUCTURE_HEADER_LENGTH; this->transform_length = TRANSFORM_SUBSTRUCTURE_HEADER_LENGTH;
this->transform_id = 0; this->transform_id = 0;
this->transform_type = 0; this->transform_type = 0;
this->attributes = linked_list_create(); this->attributes = linked_list_create();
return (&(this->public)); return (&(this->public));
} }
@ -385,17 +385,17 @@ transform_substructure_t *transform_substructure_create_type(
u_int16_t transform_id, u_int16_t key_length) u_int16_t transform_id, u_int16_t key_length)
{ {
transform_substructure_t *transform = transform_substructure_create(); transform_substructure_t *transform = transform_substructure_create();
transform->set_transform_type(transform,transform_type); transform->set_transform_type(transform,transform_type);
transform->set_transform_id(transform,transform_id); transform->set_transform_id(transform,transform_id);
if (key_length) if (key_length)
{ {
transform_attribute_t *attribute; transform_attribute_t *attribute;
attribute = transform_attribute_create_key_length(key_length); attribute = transform_attribute_create_key_length(key_length);
transform->add_transform_attribute(transform, attribute); transform->add_transform_attribute(transform, attribute);
} }
return transform; return transform;
} }

50
src/charon/encoding/payloads/transform_substructure.h
View File

@ -48,7 +48,7 @@ typedef struct transform_substructure_t transform_substructure_t;
/** /**
* Class representing an IKEv2- TRANSFORM SUBSTRUCTURE. * Class representing an IKEv2- TRANSFORM SUBSTRUCTURE.
* *
* The TRANSFORM SUBSTRUCTURE format is described in RFC section 3.3.2. * The TRANSFORM SUBSTRUCTURE format is described in RFC section 3.3.2.
*/ */
struct transform_substructure_t { struct transform_substructure_t {
@ -56,12 +56,12 @@ struct transform_substructure_t {
* The payload_t interface. * The payload_t interface.
*/ */
payload_t payload_interface; payload_t payload_interface;
/** /**
* Creates an iterator of stored transform_attribute_t objects. * Creates an iterator of stored transform_attribute_t objects.
* *
* When deleting an transform attribute using this iterator, * When deleting an transform attribute using this iterator,
* the length of this transform substructure has to be refreshed * the length of this transform substructure has to be refreshed
* by calling get_length(). * by calling get_length().
* *
* @param forward iterator direction (TRUE: front to end) * @param forward iterator direction (TRUE: front to end)
@ -69,7 +69,7 @@ struct transform_substructure_t {
*/ */
iterator_t * (*create_transform_attribute_iterator) ( iterator_t * (*create_transform_attribute_iterator) (
transform_substructure_t *this, bool forward); transform_substructure_t *this, bool forward);
/** /**
* Adds a transform_attribute_t object to this object. * Adds a transform_attribute_t object to this object.
* *
@ -77,59 +77,59 @@ struct transform_substructure_t {
*/ */
void (*add_transform_attribute) (transform_substructure_t *this, void (*add_transform_attribute) (transform_substructure_t *this,
transform_attribute_t *attribute); transform_attribute_t *attribute);
/** /**
* Sets the next_payload field of this substructure * Sets the next_payload field of this substructure
* *
* If this is the last transform, next payload field is set to 0, * If this is the last transform, next payload field is set to 0,
* otherwise to 3 * otherwise to 3
* *
* @param is_last When TRUE, next payload field is set to 0, otherwise to 3 * @param is_last When TRUE, next payload field is set to 0, otherwise to 3
*/ */
void (*set_is_last_transform) (transform_substructure_t *this, bool is_last); void (*set_is_last_transform) (transform_substructure_t *this, bool is_last);
/** /**
* Checks if this is the last transform. * Checks if this is the last transform.
* *
* @return TRUE if this is the last Transform, FALSE otherwise * @return TRUE if this is the last Transform, FALSE otherwise
*/ */
bool (*get_is_last_transform) (transform_substructure_t *this); bool (*get_is_last_transform) (transform_substructure_t *this);
/** /**
* Sets transform type of the current transform substructure. * Sets transform type of the current transform substructure.
* *
* @param type type value to set * @param type type value to set
*/ */
void (*set_transform_type) (transform_substructure_t *this, u_int8_t type); void (*set_transform_type) (transform_substructure_t *this, u_int8_t type);
/** /**
* get transform type of the current transform. * get transform type of the current transform.
* *
* @return Transform type of current transform substructure. * @return Transform type of current transform substructure.
*/ */
u_int8_t (*get_transform_type) (transform_substructure_t *this); u_int8_t (*get_transform_type) (transform_substructure_t *this);
/** /**
* Sets transform id of the current transform substructure. * Sets transform id of the current transform substructure.
* *
* @param id transform id to set * @param id transform id to set
*/ */
void (*set_transform_id) (transform_substructure_t *this, u_int16_t id); void (*set_transform_id) (transform_substructure_t *this, u_int16_t id);
/** /**
* get transform id of the current transform. * get transform id of the current transform.
* *
* @return Transform id of current transform substructure. * @return Transform id of current transform substructure.
*/ */
u_int16_t (*get_transform_id) (transform_substructure_t *this); u_int16_t (*get_transform_id) (transform_substructure_t *this);
/** /**
* get transform id of the current transform. * get transform id of the current transform.
* *
* @param key_length The key length is written to this location * @param key_length The key length is written to this location
* @return * @return
* - SUCCESS if a key length attribute is contained * - SUCCESS if a key length attribute is contained
* - FAILED if no key length attribute is part of this * - FAILED if no key length attribute is part of this
* transform or key length uses more then 16 bit! * transform or key length uses more then 16 bit!
*/ */
status_t (*get_key_length) (transform_substructure_t *this, status_t (*get_key_length) (transform_substructure_t *this,
@ -150,18 +150,18 @@ struct transform_substructure_t {
/** /**
* Creates an empty transform_substructure_t object. * Creates an empty transform_substructure_t object.
* *
* @return created transform_substructure_t object * @return created transform_substructure_t object
*/ */
transform_substructure_t *transform_substructure_create(void); transform_substructure_t *transform_substructure_create(void);
/** /**
* Creates an empty transform_substructure_t object. * Creates an empty transform_substructure_t object.
* *
* The key length is used for the transport types ENCRYPTION_ALGORITHM, * The key length is used for the transport types ENCRYPTION_ALGORITHM,
* PSEUDO_RANDOM_FUNCTION, INTEGRITY_ALGORITHM. For all * PSEUDO_RANDOM_FUNCTION, INTEGRITY_ALGORITHM. For all
* other transport types the key_length parameter is not used * other transport types the key_length parameter is not used
* *
* @param transform_type type of transform to create * @param transform_type type of transform to create
* @param transform_id transform id specifying the specific algorithm of a transform type * @param transform_id transform id specifying the specific algorithm of a transform type
* @param key_length Key length for key lenght attribute * @param key_length Key length for key lenght attribute

48
src/charon/encoding/payloads/ts_payload.c
View File

@ -25,19 +25,19 @@ typedef struct private_ts_payload_t private_ts_payload_t;
/** /**
* Private data of an ts_payload_t object. * Private data of an ts_payload_t object.
* *
*/ */
struct private_ts_payload_t { struct private_ts_payload_t {
/** /**
* Public ts_payload_t interface. * Public ts_payload_t interface.
*/ */
ts_payload_t public; ts_payload_t public;
/** /**
* TRUE if this TS payload is of type TSi, FALSE for TSr. * TRUE if this TS payload is of type TSi, FALSE for TSr.
*/ */
bool is_initiator; bool is_initiator;
/** /**
* Next payload type. * Next payload type.
*/ */
@ -47,17 +47,17 @@ struct private_ts_payload_t {
* Critical flag. * Critical flag.
*/ */
bool critical; bool critical;
/** /**
* Length of this payload. * Length of this payload.
*/ */
u_int16_t payload_length; u_int16_t payload_length;
/** /**
* Number of traffic selectors * Number of traffic selectors
*/ */
u_int8_t number_of_traffic_selectors; u_int8_t number_of_traffic_selectors;
/** /**
* Contains the traffic selectors of type traffic_selector_substructure_t. * Contains the traffic selectors of type traffic_selector_substructure_t.
*/ */
@ -66,10 +66,10 @@ struct private_ts_payload_t {
/** /**
* Encoding rules to parse or generate a TS payload * Encoding rules to parse or generate a TS payload
* *
* The defined offsets are the positions in a object of type * The defined offsets are the positions in a object of type
* private_ts_payload_t. * private_ts_payload_t.
* *
*/ */
encoding_rule_t ts_payload_encodings[] = { encoding_rule_t ts_payload_encodings[] = {
/* 1 Byte next payload type, stored in the field next_payload */ /* 1 Byte next payload type, stored in the field next_payload */
@ -84,7 +84,7 @@ encoding_rule_t ts_payload_encodings[] = {
{ RESERVED_BIT, 0 }, { RESERVED_BIT, 0 },
{ RESERVED_BIT, 0 }, { RESERVED_BIT, 0 },
{ RESERVED_BIT, 0 }, { RESERVED_BIT, 0 },
/* Length of the whole payload*/ /* Length of the whole payload*/
{ PAYLOAD_LENGTH, offsetof(private_ts_payload_t, payload_length)}, { PAYLOAD_LENGTH, offsetof(private_ts_payload_t, payload_length)},
/* 1 Byte TS type*/ /* 1 Byte TS type*/
{ U_INT_8, offsetof(private_ts_payload_t, number_of_traffic_selectors) }, { U_INT_8, offsetof(private_ts_payload_t, number_of_traffic_selectors) },
@ -118,13 +118,13 @@ static status_t verify(private_ts_payload_t *this)
iterator_t *iterator; iterator_t *iterator;
payload_t *current_traffic_selector; payload_t *current_traffic_selector;
status_t status = SUCCESS; status_t status = SUCCESS;
if (this->number_of_traffic_selectors != (this->traffic_selectors->get_count(this->traffic_selectors))) if (this->number_of_traffic_selectors != (this->traffic_selectors->get_count(this->traffic_selectors)))
{ {
/* must be the same */ /* must be the same */
return FAILED; return FAILED;
} }
iterator = this->traffic_selectors->create_iterator(this->traffic_selectors,TRUE); iterator = this->traffic_selectors->create_iterator(this->traffic_selectors,TRUE);
while(iterator->iterate(iterator, (void**)&current_traffic_selector)) while(iterator->iterate(iterator, (void**)&current_traffic_selector))
{ {
@ -135,7 +135,7 @@ static status_t verify(private_ts_payload_t *this)
} }
} }
iterator->destroy(iterator); iterator->destroy(iterator);
return status; return status;
} }
@ -188,7 +188,7 @@ static void compute_length (private_ts_payload_t *this)
size_t ts_count = 0; size_t ts_count = 0;
size_t length = TS_PAYLOAD_HEADER_LENGTH; size_t length = TS_PAYLOAD_HEADER_LENGTH;
payload_t *current_traffic_selector; payload_t *current_traffic_selector;
iterator = this->traffic_selectors->create_iterator(this->traffic_selectors,TRUE); iterator = this->traffic_selectors->create_iterator(this->traffic_selectors,TRUE);
while (iterator->iterate(iterator, (void**)&current_traffic_selector)) while (iterator->iterate(iterator, (void**)&current_traffic_selector))
{ {
@ -196,9 +196,9 @@ static void compute_length (private_ts_payload_t *this)
ts_count++; ts_count++;
} }
iterator->destroy(iterator); iterator->destroy(iterator);
this->number_of_traffic_selectors= ts_count; this->number_of_traffic_selectors= ts_count;
this->payload_length = length; this->payload_length = length;
} }
/** /**
@ -252,7 +252,7 @@ static linked_list_t *get_traffic_selectors(private_ts_payload_t *this)
iterator_t *iterator; iterator_t *iterator;
traffic_selector_substructure_t *ts_substructure; traffic_selector_substructure_t *ts_substructure;
linked_list_t *ts_list = linked_list_create(); linked_list_t *ts_list = linked_list_create();
iterator = this->traffic_selectors->create_iterator(this->traffic_selectors, TRUE); iterator = this->traffic_selectors->create_iterator(this->traffic_selectors, TRUE);
while (iterator->iterate(iterator, (void**)&ts_substructure)) while (iterator->iterate(iterator, (void**)&ts_substructure))
{ {
@ -260,7 +260,7 @@ static linked_list_t *get_traffic_selectors(private_ts_payload_t *this)
ts_list->insert_last(ts_list, (void*)ts); ts_list->insert_last(ts_list, (void*)ts);
} }
iterator->destroy(iterator); iterator->destroy(iterator);
return ts_list; return ts_list;
} }
@ -289,7 +289,7 @@ ts_payload_t *ts_payload_create(bool is_initiator)
this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type;
this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_payload_type; this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_payload_type;
this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; this->public.payload_interface.destroy = (void (*) (payload_t *))destroy;
/* public functions */ /* public functions */
this->public.destroy = (void (*) (ts_payload_t *)) destroy; this->public.destroy = (void (*) (ts_payload_t *)) destroy;
this->public.get_initiator = (bool (*) (ts_payload_t *)) get_initiator; this->public.get_initiator = (bool (*) (ts_payload_t *)) get_initiator;
@ -297,14 +297,14 @@ ts_payload_t *ts_payload_create(bool is_initiator)
this->public.add_traffic_selector_substructure = (void (*) (ts_payload_t *,traffic_selector_substructure_t *)) add_traffic_selector_substructure; this->public.add_traffic_selector_substructure = (void (*) (ts_payload_t *,traffic_selector_substructure_t *)) add_traffic_selector_substructure;
this->public.create_traffic_selector_substructure_iterator = (iterator_t* (*) (ts_payload_t *,bool)) create_traffic_selector_substructure_iterator; this->public.create_traffic_selector_substructure_iterator = (iterator_t* (*) (ts_payload_t *,bool)) create_traffic_selector_substructure_iterator;
this->public.get_traffic_selectors = (linked_list_t *(*) (ts_payload_t *)) get_traffic_selectors; this->public.get_traffic_selectors = (linked_list_t *(*) (ts_payload_t *)) get_traffic_selectors;
/* private variables */ /* private variables */
this->critical = FALSE; this->critical = FALSE;
this->next_payload = NO_PAYLOAD; this->next_payload = NO_PAYLOAD;
this->payload_length =TS_PAYLOAD_HEADER_LENGTH; this->payload_length =TS_PAYLOAD_HEADER_LENGTH;
this->is_initiator = is_initiator; this->is_initiator = is_initiator;
this->number_of_traffic_selectors = 0; this->number_of_traffic_selectors = 0;
this->traffic_selectors = linked_list_create(); this->traffic_selectors = linked_list_create();
return &(this->public); return &(this->public);
} }
@ -318,9 +318,9 @@ ts_payload_t *ts_payload_create_from_traffic_selectors(bool is_initiator, linked
traffic_selector_t *ts; traffic_selector_t *ts;
traffic_selector_substructure_t *ts_substructure; traffic_selector_substructure_t *ts_substructure;
private_ts_payload_t *this; private_ts_payload_t *this;
this = (private_ts_payload_t*)ts_payload_create(is_initiator); this = (private_ts_payload_t*)ts_payload_create(is_initiator);
iterator = traffic_selectors->create_iterator(traffic_selectors, TRUE); iterator = traffic_selectors->create_iterator(traffic_selectors, TRUE);
while (iterator->iterate(iterator, (void**)&ts)) while (iterator->iterate(iterator, (void**)&ts))
{ {
@ -328,7 +328,7 @@ ts_payload_t *ts_payload_create_from_traffic_selectors(bool is_initiator, linked
this->public.add_traffic_selector_substructure(&(this->public), ts_substructure); this->public.add_traffic_selector_substructure(&(this->public), ts_substructure);
} }
iterator->destroy(iterator); iterator->destroy(iterator);
return &(this->public); return &(this->public);
} }

30
src/charon/encoding/payloads/ts_payload.h
View File

@ -47,7 +47,7 @@ struct ts_payload_t {
* The payload_t interface. * The payload_t interface.
*/ */
payload_t payload_interface; payload_t payload_interface;
/** /**
* Get the type of TSpayload (TSi or TSr). * Get the type of TSpayload (TSi or TSr).
* *
@ -56,16 +56,16 @@ struct ts_payload_t {
* - FALSE if this payload is of type TSr * - FALSE if this payload is of type TSr
*/ */
bool (*get_initiator) (ts_payload_t *this); bool (*get_initiator) (ts_payload_t *this);
/** /**
* Set the type of TS payload (TSi or TSr). * Set the type of TS payload (TSi or TSr).
* *
* @param is_initiator * @param is_initiator
* - TRUE if this payload is of type TSi * - TRUE if this payload is of type TSi
* - FALSE if this payload is of type TSr * - FALSE if this payload is of type TSr
*/ */
void (*set_initiator) (ts_payload_t *this,bool is_initiator); void (*set_initiator) (ts_payload_t *this,bool is_initiator);
/** /**
* Adds a traffic_selector_substructure_t object to this object. * Adds a traffic_selector_substructure_t object to this object.
* *
@ -73,12 +73,12 @@ struct ts_payload_t {
*/ */
void (*add_traffic_selector_substructure) (ts_payload_t *this, void (*add_traffic_selector_substructure) (ts_payload_t *this,
traffic_selector_substructure_t *traffic_selector); traffic_selector_substructure_t *traffic_selector);
/** /**
* Creates an iterator of stored traffic_selector_substructure_t objects. * Creates an iterator of stored traffic_selector_substructure_t objects.
* *
* When removing an traffic_selector_substructure_t object * When removing an traffic_selector_substructure_t object
* using this iterator, the length of this payload * using this iterator, the length of this payload
* has to get refreshed by calling payload_t.get_length! * has to get refreshed by calling payload_t.get_length!
* *
* @param forward iterator direction (TRUE: front to end) * @param forward iterator direction (TRUE: front to end)
@ -86,10 +86,10 @@ struct ts_payload_t {
*/ */
iterator_t *(*create_traffic_selector_substructure_iterator) ( iterator_t *(*create_traffic_selector_substructure_iterator) (
ts_payload_t *this, bool forward); ts_payload_t *this, bool forward);
/** /**
* Get a list of nested traffic selectors as traffic_selector_t. * Get a list of nested traffic selectors as traffic_selector_t.
* *
* Resulting list and its traffic selectors must be destroyed after usage * Resulting list and its traffic selectors must be destroyed after usage
* *
* @return list of traffic selectors * @return list of traffic selectors
@ -104,8 +104,8 @@ struct ts_payload_t {
/** /**
* Creates an empty ts_payload_t object. * Creates an empty ts_payload_t object.
* *
* @param is_initiator * @param is_initiator
* - TRUE if this payload is of type TSi * - TRUE if this payload is of type TSi
* - FALSE if this payload is of type TSr * - FALSE if this payload is of type TSr
* @return ts_payload_t object * @return ts_payload_t object
@ -114,14 +114,14 @@ ts_payload_t *ts_payload_create(bool is_initiator);
/** /**
* Creates ts_payload with a list of traffic_selector_t * Creates ts_payload with a list of traffic_selector_t
* *
* @param is_initiator * @param is_initiator
* - TRUE if this payload is of type TSi * - TRUE if this payload is of type TSi
* - FALSE if this payload is of type TSr * - FALSE if this payload is of type TSr
* @param traffic_selectors list of traffic selectors to include * @param traffic_selectors list of traffic selectors to include
* @return ts_payload_t object * @return ts_payload_t object
*/ */
ts_payload_t *ts_payload_create_from_traffic_selectors(bool is_initiator, ts_payload_t *ts_payload_create_from_traffic_selectors(bool is_initiator,
linked_list_t *traffic_selectors); linked_list_t *traffic_selectors);
#endif /** TS_PAYLOAD_H_ @}*/ #endif /** TS_PAYLOAD_H_ @}*/

24
src/charon/encoding/payloads/unknown_payload.c
View File

@ -26,12 +26,12 @@ typedef struct private_unknown_payload_t private_unknown_payload_t;
* Private data of an unknown_payload_t object. * Private data of an unknown_payload_t object.
*/ */
struct private_unknown_payload_t { struct private_unknown_payload_t {
/** /**
* Public unknown_payload_t interface. * Public unknown_payload_t interface.
*/ */
unknown_payload_t public; unknown_payload_t public;
/** /**
* Next payload type. * Next payload type.
*/ */
@ -41,12 +41,12 @@ struct private_unknown_payload_t {
* Critical flag. * Critical flag.
*/ */
bool critical; bool critical;
/** /**
* Length of this payload. * Length of this payload.
*/ */
u_int16_t payload_length; u_int16_t payload_length;
/** /**
* The contained data. * The contained data.
*/ */
@ -55,10 +55,10 @@ struct private_unknown_payload_t {
/** /**
* Encoding rules to parse an payload which is not further specified. * Encoding rules to parse an payload which is not further specified.
* *
* The defined offsets are the positions in a object of type * The defined offsets are the positions in a object of type
* private_unknown_payload_t. * private_unknown_payload_t.
* *
*/ */
encoding_rule_t unknown_payload_encodings[] = { encoding_rule_t unknown_payload_encodings[] = {
/* 1 Byte next payload type, stored in the field next_payload */ /* 1 Byte next payload type, stored in the field next_payload */
@ -146,7 +146,7 @@ static size_t get_length(private_unknown_payload_t *this)
*/ */
static bool is_critical(private_unknown_payload_t *this) static bool is_critical(private_unknown_payload_t *this)
{ {
return this->critical; return this->critical;
} }
/** /**
@ -166,8 +166,8 @@ static void destroy(private_unknown_payload_t *this)
{ {
chunk_free(&(this->data)); chunk_free(&(this->data));
} }
free(this); free(this);
} }
/* /*
@ -185,12 +185,12 @@ unknown_payload_t *unknown_payload_create()
this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type;
this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_payload_type; this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_payload_type;
this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; this->public.payload_interface.destroy = (void (*) (payload_t *))destroy;
/* public functions */ /* public functions */
this->public.destroy = (void (*) (unknown_payload_t *)) destroy; this->public.destroy = (void (*) (unknown_payload_t *)) destroy;
this->public.is_critical = (bool (*) (unknown_payload_t *)) is_critical; this->public.is_critical = (bool (*) (unknown_payload_t *)) is_critical;
this->public.get_data = (chunk_t (*) (unknown_payload_t *)) get_data; this->public.get_data = (chunk_t (*) (unknown_payload_t *)) get_data;
/* private variables */ /* private variables */
this->critical = FALSE; this->critical = FALSE;
this->next_payload = NO_PAYLOAD; this->next_payload = NO_PAYLOAD;

14
src/charon/encoding/payloads/unknown_payload.h
View File

@ -40,29 +40,29 @@ typedef struct unknown_payload_t unknown_payload_t;
* a check for the critical bit in the header. * a check for the critical bit in the header.
*/ */
struct unknown_payload_t { struct unknown_payload_t {
/** /**
* The payload_t interface. * The payload_t interface.
*/ */
payload_t payload_interface; payload_t payload_interface;
/** /**
* Get the raw data of this payload, without * Get the raw data of this payload, without
* the generic payload header. * the generic payload header.
* *
* Returned data are NOT copied and must not be freed. * Returned data are NOT copied and must not be freed.
* *
* @return data as chunk_t * @return data as chunk_t
*/ */
chunk_t (*get_data) (unknown_payload_t *this); chunk_t (*get_data) (unknown_payload_t *this);
/** /**
* Get the critical flag. * Get the critical flag.
* *
* @return TRUE if payload is critical, FALSE if not * @return TRUE if payload is critical, FALSE if not
*/ */
bool (*is_critical) (unknown_payload_t *this); bool (*is_critical) (unknown_payload_t *this);
/** /**
* Destroys an unknown_payload_t object. * Destroys an unknown_payload_t object.
*/ */
@ -71,7 +71,7 @@ struct unknown_payload_t {
/** /**
* Creates an empty unknown_payload_t object. * Creates an empty unknown_payload_t object.
* *
* @return unknown_payload_t object * @return unknown_payload_t object
*/ */
unknown_payload_t *unknown_payload_create(void); unknown_payload_t *unknown_payload_create(void);

20
src/charon/encoding/payloads/vendor_id_payload.c
View File

@ -23,14 +23,14 @@ typedef struct private_vendor_id_payload_t private_vendor_id_payload_t;
/** /**
* Private data of an vendor_id_payload_t object. * Private data of an vendor_id_payload_t object.
* *
*/ */
struct private_vendor_id_payload_t { struct private_vendor_id_payload_t {
/** /**
* Public vendor_id_payload_t interface. * Public vendor_id_payload_t interface.
*/ */
vendor_id_payload_t public; vendor_id_payload_t public;
/** /**
* Next payload type. * Next payload type.
*/ */
@ -40,12 +40,12 @@ struct private_vendor_id_payload_t {
* Critical flag. * Critical flag.
*/ */
bool critical; bool critical;
/** /**
* Length of this payload. * Length of this payload.
*/ */
u_int16_t payload_length; u_int16_t payload_length;
/** /**
* The contained vendor_id data value. * The contained vendor_id data value.
*/ */
@ -54,10 +54,10 @@ struct private_vendor_id_payload_t {
/** /**
* Encoding rules to parse or generate a VENDOR ID payload * Encoding rules to parse or generate a VENDOR ID payload
* *
* The defined offsets are the positions in a object of type * The defined offsets are the positions in a object of type
* private_vendor_id_payload_t. * private_vendor_id_payload_t.
* *
*/ */
encoding_rule_t vendor_id_payload_encodings[] = { encoding_rule_t vendor_id_payload_encodings[] = {
/* 1 Byte next payload type, stored in the field next_payload */ /* 1 Byte next payload type, stored in the field next_payload */
@ -185,7 +185,7 @@ static void destroy(private_vendor_id_payload_t *this)
{ {
chunk_free(&(this->vendor_id_data)); chunk_free(&(this->vendor_id_data));
} }
free(this); free(this);
} }
/* /*
@ -203,13 +203,13 @@ vendor_id_payload_t *vendor_id_payload_create()
this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type; this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type;
this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_payload_type; this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_payload_type;
this->public.payload_interface.destroy = (void (*) (payload_t *))destroy; this->public.payload_interface.destroy = (void (*) (payload_t *))destroy;
/* public functions */ /* public functions */
this->public.destroy = (void (*) (vendor_id_payload_t *)) destroy; this->public.destroy = (void (*) (vendor_id_payload_t *)) destroy;
this->public.set_data = (void (*) (vendor_id_payload_t *,chunk_t)) set_data; this->public.set_data = (void (*) (vendor_id_payload_t *,chunk_t)) set_data;
this->public.get_data_clone = (chunk_t (*) (vendor_id_payload_t *)) get_data_clone; this->public.get_data_clone = (chunk_t (*) (vendor_id_payload_t *)) get_data_clone;
this->public.get_data = (chunk_t (*) (vendor_id_payload_t *)) get_data; this->public.get_data = (chunk_t (*) (vendor_id_payload_t *)) get_data;
/* private variables */ /* private variables */
this->critical = FALSE; this->critical = FALSE;
this->next_payload = NO_PAYLOAD; this->next_payload = NO_PAYLOAD;

14
src/charon/encoding/payloads/vendor_id_payload.h
View File

@ -46,31 +46,31 @@ struct vendor_id_payload_t {
/** /**
* Set the VID data. * Set the VID data.
* *
* Data are getting cloned. * Data are getting cloned.
* *
* @param data VID data as chunk_t * @param data VID data as chunk_t
*/ */
void (*set_data) (vendor_id_payload_t *this, chunk_t data); void (*set_data) (vendor_id_payload_t *this, chunk_t data);
/** /**
* Get the VID data. * Get the VID data.
* *
* Returned data are a copy of the internal one. * Returned data are a copy of the internal one.
* *
* @return VID data as chunk_t * @return VID data as chunk_t
*/ */
chunk_t (*get_data_clone) (vendor_id_payload_t *this); chunk_t (*get_data_clone) (vendor_id_payload_t *this);
/** /**
* Get the VID data. * Get the VID data.
* *
* Returned data are NOT copied. * Returned data are NOT copied.
* *
* @return VID data as chunk_t * @return VID data as chunk_t
*/ */
chunk_t (*get_data) (vendor_id_payload_t *this); chunk_t (*get_data) (vendor_id_payload_t *this);
/** /**
* Destroys an vendor_id_payload_t object. * Destroys an vendor_id_payload_t object.
*/ */
@ -79,7 +79,7 @@ struct vendor_id_payload_t {
/** /**
* Creates an empty vendor_id_payload_t object. * Creates an empty vendor_id_payload_t object.
* *
* @return vendor_id_payload_t object * @return vendor_id_payload_t object
*/ */
vendor_id_payload_t *vendor_id_payload_create(void); vendor_id_payload_t *vendor_id_payload_create(void);

38
src/charon/kernel/kernel_interface.c
View File

@ -30,12 +30,12 @@ struct private_kernel_interface_t {
* Public part of kernel_interface_t object. * Public part of kernel_interface_t object.
*/ */
kernel_interface_t public; kernel_interface_t public;
/** /**
* ipsec interface * ipsec interface
*/ */
kernel_ipsec_t *ipsec; kernel_ipsec_t *ipsec;
/** /**
* network interface * network interface
*/ */
@ -45,7 +45,7 @@ struct private_kernel_interface_t {
/** /**
* Implementation of kernel_interface_t.get_spi * Implementation of kernel_interface_t.get_spi
*/ */
static status_t get_spi(private_kernel_interface_t *this, host_t *src, host_t *dst, static status_t get_spi(private_kernel_interface_t *this, host_t *src, host_t *dst,
protocol_id_t protocol, u_int32_t reqid, u_int32_t *spi) protocol_id_t protocol, u_int32_t reqid, u_int32_t *spi)
{ {
if (!this->ipsec) if (!this->ipsec)
@ -58,7 +58,7 @@ static status_t get_spi(private_kernel_interface_t *this, host_t *src, host_t *d
/** /**
* Implementation of kernel_interface_t.get_cpi * Implementation of kernel_interface_t.get_cpi
*/ */
static status_t get_cpi(private_kernel_interface_t *this, host_t *src, host_t *dst, static status_t get_cpi(private_kernel_interface_t *this, host_t *src, host_t *dst,
u_int32_t reqid, u_int16_t *cpi) u_int32_t reqid, u_int16_t *cpi)
{ {
if (!this->ipsec) if (!this->ipsec)
@ -92,7 +92,7 @@ static status_t add_sa(private_kernel_interface_t *this, host_t *src, host_t *ds
* Implementation of kernel_interface_t.update_sa * Implementation of kernel_interface_t.update_sa
*/ */
static status_t update_sa(private_kernel_interface_t *this, u_int32_t spi, static status_t update_sa(private_kernel_interface_t *this, u_int32_t spi,
protocol_id_t protocol, u_int16_t cpi, host_t *src, host_t *dst, protocol_id_t protocol, u_int16_t cpi, host_t *src, host_t *dst,
host_t *new_src, host_t *new_dst, bool encap, bool new_encap) host_t *new_src, host_t *new_dst, bool encap, bool new_encap)
{ {
if (!this->ipsec) if (!this->ipsec)
@ -289,13 +289,13 @@ static status_t get_address_by_ts(private_kernel_interface_t *this,
host_t *host; host_t *host;
int family; int family;
bool found = FALSE; bool found = FALSE;
DBG2(DBG_KNL, "getting a local address in traffic selector %R", ts); DBG2(DBG_KNL, "getting a local address in traffic selector %R", ts);
/* if we have a family which includes localhost, we do not /* if we have a family which includes localhost, we do not
* search for an IP, we use the default */ * search for an IP, we use the default */
family = ts->get_type(ts) == TS_IPV4_ADDR_RANGE ? AF_INET : AF_INET6; family = ts->get_type(ts) == TS_IPV4_ADDR_RANGE ? AF_INET : AF_INET6;
if (family == AF_INET) if (family == AF_INET)
{ {
host = host_create_from_string("127.0.0.1", 0); host = host_create_from_string("127.0.0.1", 0);
@ -304,7 +304,7 @@ static status_t get_address_by_ts(private_kernel_interface_t *this,
{ {
host = host_create_from_string("::1", 0); host = host_create_from_string("::1", 0);
} }
if (ts->includes(ts, host)) if (ts->includes(ts, host))
{ {
*ip = host_create_any(family); *ip = host_create_any(family);
@ -313,7 +313,7 @@ static status_t get_address_by_ts(private_kernel_interface_t *this,
return SUCCESS; return SUCCESS;
} }
host->destroy(host); host->destroy(host);
addrs = create_address_enumerator(this, TRUE, TRUE); addrs = create_address_enumerator(this, TRUE, TRUE);
while (addrs->enumerate(addrs, (void**)&host)) while (addrs->enumerate(addrs, (void**)&host))
{ {
@ -325,13 +325,13 @@ static status_t get_address_by_ts(private_kernel_interface_t *this,
} }
} }
addrs->destroy(addrs); addrs->destroy(addrs);
if (!found) if (!found)
{ {
DBG1(DBG_KNL, "no local address found in traffic selector %R", ts); DBG1(DBG_KNL, "no local address found in traffic selector %R", ts);
return FAILED; return FAILED;
} }
DBG2(DBG_KNL, "using host %H", *ip); DBG2(DBG_KNL, "using host %H", *ip);
return SUCCESS; return SUCCESS;
} }
@ -395,7 +395,7 @@ static void destroy(private_kernel_interface_t *this)
kernel_interface_t *kernel_interface_create() kernel_interface_t *kernel_interface_create()
{ {
private_kernel_interface_t *this = malloc_thing(private_kernel_interface_t); private_kernel_interface_t *this = malloc_thing(private_kernel_interface_t);
this->public.get_spi = (status_t(*)(kernel_interface_t*,host_t*,host_t*,protocol_id_t,u_int32_t,u_int32_t*))get_spi; this->public.get_spi = (status_t(*)(kernel_interface_t*,host_t*,host_t*,protocol_id_t,u_int32_t,u_int32_t*))get_spi;
this->public.get_cpi = (status_t(*)(kernel_interface_t*,host_t*,host_t*,u_int32_t,u_int16_t*))get_cpi; this->public.get_cpi = (status_t(*)(kernel_interface_t*,host_t*,host_t*,u_int32_t,u_int16_t*))get_cpi;
this->public.add_sa = (status_t(*)(kernel_interface_t *,host_t*,host_t*,u_int32_t,protocol_id_t,u_int32_t,lifetime_cfg_t*,u_int16_t,chunk_t,u_int16_t,chunk_t,ipsec_mode_t,u_int16_t,u_int16_t,bool,bool))add_sa; this->public.add_sa = (status_t(*)(kernel_interface_t *,host_t*,host_t*,u_int32_t,protocol_id_t,u_int32_t,lifetime_cfg_t*,u_int16_t,chunk_t,u_int16_t,chunk_t,ipsec_mode_t,u_int16_t,u_int16_t,bool,bool))add_sa;
@ -405,7 +405,7 @@ kernel_interface_t *kernel_interface_create()
this->public.add_policy = (status_t(*)(kernel_interface_t*,host_t*,host_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t,protocol_id_t,u_int32_t,ipsec_mode_t,u_int16_t,u_int16_t,bool))add_policy; this->public.add_policy = (status_t(*)(kernel_interface_t*,host_t*,host_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t,protocol_id_t,u_int32_t,ipsec_mode_t,u_int16_t,u_int16_t,bool))add_policy;
this->public.query_policy = (status_t(*)(kernel_interface_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t*))query_policy; this->public.query_policy = (status_t(*)(kernel_interface_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t*))query_policy;
this->public.del_policy = (status_t(*)(kernel_interface_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,bool))del_policy; this->public.del_policy = (status_t(*)(kernel_interface_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,bool))del_policy;
this->public.get_source_addr = (host_t*(*)(kernel_interface_t*, host_t *dest, host_t *src))get_source_addr; this->public.get_source_addr = (host_t*(*)(kernel_interface_t*, host_t *dest, host_t *src))get_source_addr;
this->public.get_nexthop = (host_t*(*)(kernel_interface_t*, host_t *dest))get_nexthop; this->public.get_nexthop = (host_t*(*)(kernel_interface_t*, host_t *dest))get_nexthop;
this->public.get_interface = (char*(*)(kernel_interface_t*,host_t*))get_interface; this->public.get_interface = (char*(*)(kernel_interface_t*,host_t*))get_interface;
@ -414,18 +414,18 @@ kernel_interface_t *kernel_interface_create()
this->public.del_ip = (status_t(*)(kernel_interface_t*,host_t*)) del_ip; this->public.del_ip = (status_t(*)(kernel_interface_t*,host_t*)) del_ip;
this->public.add_route = (status_t(*)(kernel_interface_t*,chunk_t,u_int8_t,host_t*,host_t*,char*)) add_route; this->public.add_route = (status_t(*)(kernel_interface_t*,chunk_t,u_int8_t,host_t*,host_t*,char*)) add_route;
this->public.del_route = (status_t(*)(kernel_interface_t*,chunk_t,u_int8_t,host_t*,host_t*,char*)) del_route; this->public.del_route = (status_t(*)(kernel_interface_t*,chunk_t,u_int8_t,host_t*,host_t*,char*)) del_route;
this->public.get_address_by_ts = (status_t(*)(kernel_interface_t*,traffic_selector_t*,host_t**))get_address_by_ts; this->public.get_address_by_ts = (status_t(*)(kernel_interface_t*,traffic_selector_t*,host_t**))get_address_by_ts;
this->public.add_ipsec_interface = (void(*)(kernel_interface_t*, kernel_ipsec_constructor_t))add_ipsec_interface; this->public.add_ipsec_interface = (void(*)(kernel_interface_t*, kernel_ipsec_constructor_t))add_ipsec_interface;
this->public.remove_ipsec_interface = (void(*)(kernel_interface_t*, kernel_ipsec_constructor_t))remove_ipsec_interface; this->public.remove_ipsec_interface = (void(*)(kernel_interface_t*, kernel_ipsec_constructor_t))remove_ipsec_interface;
this->public.add_net_interface = (void(*)(kernel_interface_t*, kernel_net_constructor_t))add_net_interface; this->public.add_net_interface = (void(*)(kernel_interface_t*, kernel_net_constructor_t))add_net_interface;
this->public.remove_net_interface = (void(*)(kernel_interface_t*, kernel_net_constructor_t))remove_net_interface; this->public.remove_net_interface = (void(*)(kernel_interface_t*, kernel_net_constructor_t))remove_net_interface;
this->public.destroy = (void (*)(kernel_interface_t*))destroy; this->public.destroy = (void (*)(kernel_interface_t*))destroy;
this->ipsec = NULL; this->ipsec = NULL;
this->net = NULL; this->net = NULL;
return &this->public; return &this->public;
} }

Some files were not shown because too many files have changed in this diff Show More