- code cleanup of encoding package
This commit is contained in:
parent
59de50868b
commit
c3dc864eaa
|
@ -62,10 +62,7 @@ struct private_generator_t {
|
|||
* Public part of a generator_t object.
|
||||
*/
|
||||
generator_t public;
|
||||
|
||||
/* private functions and fields */
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* Generates a U_INT-Field type and writes it to buffer.
|
||||
*
|
||||
|
@ -73,9 +70,9 @@ struct private_generator_t {
|
|||
* @param int_type type of U_INT field (U_INT_4, U_INT_8, etc.)
|
||||
* ATTRIBUTE_TYPE is also generated in this function
|
||||
* @param offset offset of value in data struct
|
||||
* @param generator_contexts generator_contexts_t object where the context is written or read from
|
||||
* @param generator_contexts generator_contexts_t object where the context is written or read from
|
||||
* @return
|
||||
* - SUCCESS
|
||||
* - SUCCESS
|
||||
* - FAILED if allignment is wrong
|
||||
*/
|
||||
void (*generate_u_int_type) (private_generator_t *this,encoding_type_t int_type,u_int32_t offset);
|
||||
|
@ -117,7 +114,7 @@ struct private_generator_t {
|
|||
* it to the buffer.
|
||||
*
|
||||
* @param this private_generator_t object
|
||||
* @param generator_contexts generator_contexts_t object where the context is written or read from
|
||||
* @param generator_contexts generator_contexts_t object where the context is written or read from
|
||||
* @param bits number of bits to generate
|
||||
*/
|
||||
void (*generate_reserved_field) (private_generator_t *this,int bits);
|
||||
|
@ -126,8 +123,8 @@ struct private_generator_t {
|
|||
* Generates a FLAG field.
|
||||
*
|
||||
* @param this private_generator_t object
|
||||
* @param generator_contexts generator_contexts_t object where the context is written or read from
|
||||
* @param offset offset of flag value in data struct
|
||||
* @param generator_contexts generator_contexts_t object where the context is written or read from
|
||||
* @param offset offset of flag value in data struct
|
||||
*/
|
||||
void (*generate_flag) (private_generator_t *this,u_int32_t offset);
|
||||
|
||||
|
@ -144,8 +141,8 @@ struct private_generator_t {
|
|||
/**
|
||||
* Generates a bytestream from a chunk_t.
|
||||
*
|
||||
* @param this private_generator_t object
|
||||
* @param offset offset of chunk_t value in data struct
|
||||
* @param this private_generator_t object
|
||||
* @param offset offset of chunk_t value in data struct
|
||||
*/
|
||||
void (*generate_from_chunk) (private_generator_t *this,u_int32_t offset);
|
||||
|
||||
|
@ -167,7 +164,7 @@ struct private_generator_t {
|
|||
* is increased.
|
||||
*
|
||||
* @param this calling private_generator_t object
|
||||
* @param bytes pointer to bytes to write
|
||||
* @param bytes pointer to bytes to write
|
||||
* @param number_of_bytes number of bytes to write into buffer
|
||||
*/
|
||||
void (*write_bytes_to_buffer) (private_generator_t *this,void * bytes,size_t number_of_bytes);
|
||||
|
@ -179,9 +176,9 @@ struct private_generator_t {
|
|||
* @warning buffer size is not check to hold the data if offset is to large.
|
||||
*
|
||||
* @param this calling private_generator_t object
|
||||
* @param bytes pointer to bytes to write
|
||||
* @param bytes pointer to bytes to write
|
||||
* @param number_of_bytes number of bytes to write into buffer
|
||||
* @param offset offset to write the data into
|
||||
* @param offset offset to write the data into
|
||||
*/
|
||||
void (*write_bytes_to_buffer_at_offset) (private_generator_t *this,void * bytes,size_t number_of_bytes,u_int32_t offset);
|
||||
|
||||
|
@ -557,7 +554,6 @@ static void make_space_available (private_generator_t *this, size_t bits)
|
|||
while (((this->get_current_buffer_space(this) * 8) - this->current_bit) < bits)
|
||||
{
|
||||
/* must increase buffer */
|
||||
u_int8_t *new_buffer;
|
||||
size_t old_buffer_size = this->get_current_buffer_size(this);
|
||||
size_t new_buffer_size = old_buffer_size + GENERATOR_DATA_BUFFER_INCREASE_VALUE;
|
||||
size_t out_position_offset = ((this->out_position) - (this->buffer));
|
||||
|
@ -566,13 +562,7 @@ static void make_space_available (private_generator_t *this, size_t bits)
|
|||
old_buffer_size, new_buffer_size);
|
||||
|
||||
/* Reallocate space for new buffer */
|
||||
new_buffer = allocator_realloc(this->buffer,new_buffer_size);
|
||||
if (new_buffer == NULL)
|
||||
{
|
||||
this->logger->log(this->logger, ERROR, "reallocation of gen buffer failed!!!");
|
||||
}
|
||||
|
||||
this->buffer = new_buffer;
|
||||
this->buffer = allocator_realloc(this->buffer,new_buffer_size);
|
||||
|
||||
this->out_position = (this->buffer + out_position_offset);
|
||||
this->roof_position = (this->buffer + new_buffer_size);
|
||||
|
@ -620,7 +610,6 @@ static void write_bytes_to_buffer_at_offset (private_generator_t *this,void * by
|
|||
read_position++;
|
||||
write_position++;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -968,7 +957,6 @@ static void generate_payload (private_generator_t *this,payload_t *payload)
|
|||
else
|
||||
{
|
||||
this->generate_u_int_type(this,U_INT_16,rules[i].offset);
|
||||
// status = this->write_bytes_to_buffer(this,(this->data_struct + rules[i].offset),2);
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
@ -1031,7 +1019,6 @@ static void generate_payload (private_generator_t *this,payload_t *payload)
|
|||
}
|
||||
this->logger->log_bytes(this->logger, RAW|MORE, "generated data for this payload",
|
||||
payload_start, this->out_position-payload_start);
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -1048,7 +1035,7 @@ static status_t destroy(private_generator_t *this)
|
|||
/*
|
||||
* Described in header
|
||||
*/
|
||||
generator_t * generator_create()
|
||||
generator_t *generator_create()
|
||||
{
|
||||
private_generator_t *this;
|
||||
|
||||
|
|
|
@ -30,18 +30,34 @@
|
|||
/**
|
||||
* Generating is done in a data buffer.
|
||||
* This is thehe start size of this buffer in bytes.
|
||||
*
|
||||
* @ingroup enconding
|
||||
*/
|
||||
#define GENERATOR_DATA_BUFFER_SIZE 500
|
||||
|
||||
/**
|
||||
* Number of bytes to increase the buffer, if it is to small.
|
||||
*
|
||||
* @ingroup enconding
|
||||
*/
|
||||
#define GENERATOR_DATA_BUFFER_INCREASE_VALUE 500
|
||||
|
||||
|
||||
typedef struct generator_t generator_t;
|
||||
|
||||
/**
|
||||
* A generator_t class used to generate IKEv2 payloads.
|
||||
* @brief A generator_t class used to generate IKEv2 payloads.
|
||||
*
|
||||
* After creation, multiple payloads can be generated with the generate_payload
|
||||
* method. The generated bytes are appended. After all payloads are added,
|
||||
* the write_to_chunk method writes out all generated data since
|
||||
* the creation of the generator. After that, the generator must be destroyed.
|
||||
* The generater uses a set of encoding rules, which it can get from
|
||||
* the supplied payload. With this rules, the generater can generate
|
||||
* the payload and all substructures automatically.
|
||||
*
|
||||
* @b Constructor:
|
||||
* - generator_create()
|
||||
*
|
||||
* @ingroup encoding
|
||||
*/
|
||||
|
@ -58,28 +74,28 @@ struct generator_t {
|
|||
void (*generate_payload) (generator_t *this,payload_t *payload);
|
||||
|
||||
/**
|
||||
* Writes all generated data of current generator context to a chunk.
|
||||
* @brief Writes all generated data of the generator to a chunk.
|
||||
*
|
||||
* @param this generator_t object
|
||||
* @param[out] data chunk to write the data to
|
||||
* @param[out] data chunk to write the data to
|
||||
*/
|
||||
void (*write_to_chunk) (generator_t *this,chunk_t *data);
|
||||
|
||||
/**
|
||||
* @brief Destroys a generator_t object.
|
||||
*
|
||||
* @param this generator_t object
|
||||
* @param this generator_t object
|
||||
*/
|
||||
void (*destroy) (generator_t *this);
|
||||
};
|
||||
|
||||
/**
|
||||
* Constructor to create a generator.
|
||||
* @brief Constructor to create a generator.
|
||||
*
|
||||
* Returns a new generator_t object.
|
||||
* @return generator_t object.
|
||||
*
|
||||
* @ingroup encoding
|
||||
*/
|
||||
generator_t * generator_create();
|
||||
generator_t *generator_create();
|
||||
|
||||
#endif /*GENERATOR_H_*/
|
||||
|
|
|
@ -747,7 +747,8 @@ static status_t parse_body(private_message_t *this, crypter_t *crypter, signer_t
|
|||
status = this->parser->parse_payload(this->parser,current_payload_type,(payload_t **) ¤t_payload);
|
||||
if (status != SUCCESS)
|
||||
{
|
||||
this->logger->log(this->logger, ERROR, "Payload type %s could not be parsed",mapping_find(payload_type_m,current_payload_type));
|
||||
this->logger->log(this->logger, ERROR, "Payload type %s could not be parsed",
|
||||
mapping_find(payload_type_m,current_payload_type));
|
||||
return status;
|
||||
}
|
||||
|
||||
|
@ -758,7 +759,8 @@ static status_t parse_body(private_message_t *this, crypter_t *crypter, signer_t
|
|||
status = current_payload->verify(current_payload);
|
||||
if (status != SUCCESS)
|
||||
{
|
||||
this->logger->log(this->logger, ERROR, "Payload type %s could not be verified",mapping_find(payload_type_m,current_payload_type));
|
||||
this->logger->log(this->logger, ERROR, "Payload type %s verification failed",
|
||||
mapping_find(payload_type_m,current_payload_type));
|
||||
current_payload->destroy(current_payload);
|
||||
status = VERIFY_ERROR;
|
||||
return status;
|
||||
|
@ -771,7 +773,7 @@ static status_t parse_body(private_message_t *this, crypter_t *crypter, signer_t
|
|||
/* an encryption payload is the last one, so STOP here. decryption is done later */
|
||||
if (current_payload_type == ENCRYPTED)
|
||||
{
|
||||
this->logger->log(this->logger, CONTROL|MOST, "Payload of type encrypted found. Stop parsing.",
|
||||
this->logger->log(this->logger, CONTROL|MOST, "Payload of type encrypted found. Stop parsing",
|
||||
mapping_find(payload_type_m, current_payload_type));
|
||||
break;
|
||||
}
|
||||
|
@ -779,13 +781,7 @@ static status_t parse_body(private_message_t *this, crypter_t *crypter, signer_t
|
|||
/* get next payload type */
|
||||
current_payload_type = current_payload->get_next_type(current_payload);
|
||||
}
|
||||
|
||||
this->logger->log(this->logger, CONTROL, "Message a %s %s contains %d payloads",
|
||||
mapping_find(exchange_type_m, this->exchange_type),
|
||||
this->is_request ? "request" : "response",
|
||||
this->payloads->get_count(this->payloads));
|
||||
|
||||
/* */
|
||||
if (current_payload_type == ENCRYPTED)
|
||||
status = this->decrypt_payloads(this,crypter,signer);
|
||||
if (status != SUCCESS)
|
||||
|
@ -799,6 +795,12 @@ static status_t parse_body(private_message_t *this, crypter_t *crypter, signer_t
|
|||
{
|
||||
this->logger->log(this->logger, ERROR, "Verification of message failed");
|
||||
}
|
||||
|
||||
this->logger->log(this->logger, CONTROL, "Message a %s %s contains %d payloads",
|
||||
mapping_find(exchange_type_m, this->exchange_type),
|
||||
this->is_request ? "request" : "response",
|
||||
this->payloads->get_count(this->payloads));
|
||||
|
||||
return status;
|
||||
}
|
||||
|
||||
|
@ -836,7 +838,7 @@ static status_t verify(private_message_t *this)
|
|||
unknown_payload_t *unknown_payload = (unknown_payload_t*)current_payload;
|
||||
if (unknown_payload->is_critical(unknown_payload))
|
||||
{
|
||||
this->logger->log(this->logger, ERROR, "%s (%d) is not supported, but its critical!",
|
||||
this->logger->log(this->logger, ERROR|MORE, "%s (%d) is not supported, but its critical!",
|
||||
mapping_find(payload_type_m, current_payload_type), current_payload_type);
|
||||
iterator->destroy(iterator);
|
||||
return NOT_SUPPORTED;
|
||||
|
@ -846,13 +848,13 @@ static status_t verify(private_message_t *this)
|
|||
{
|
||||
found_payloads++;
|
||||
total_found_payloads++;
|
||||
this->logger->log(this->logger, CONTROL | MOST, "Found payload of type %s",
|
||||
this->logger->log(this->logger, CONTROL|MOST, "Found payload of type %s",
|
||||
mapping_find(payload_type_m, this->message_rule->payload_rules[i].payload_type));
|
||||
|
||||
/* as soon as ohe payload occures more then specified, the verification fails */
|
||||
if (found_payloads > this->message_rule->payload_rules[i].max_occurence)
|
||||
{
|
||||
this->logger->log(this->logger, ERROR, "Payload of type %s more than %d times (%d) occured in current message",
|
||||
this->logger->log(this->logger, ERROR|MORE, "Payload of type %s more than %d times (%d) occured in current message",
|
||||
mapping_find(payload_type_m, current_payload_type),
|
||||
this->message_rule->payload_rules[i].max_occurence, found_payloads);
|
||||
iterator->destroy(iterator);
|
||||
|
@ -863,7 +865,7 @@ static status_t verify(private_message_t *this)
|
|||
|
||||
if (found_payloads < this->message_rule->payload_rules[i].min_occurence)
|
||||
{
|
||||
this->logger->log(this->logger, ERROR, "Payload of type %s not occured %d times (%d)",
|
||||
this->logger->log(this->logger, ERROR|MORE, "Payload of type %s not occured %d times (%d)",
|
||||
mapping_find(payload_type_m, this->message_rule->payload_rules[i].payload_type),
|
||||
this->message_rule->payload_rules[i].min_occurence, found_payloads);
|
||||
iterator->destroy(iterator);
|
||||
|
@ -906,7 +908,8 @@ static status_t decrypt_payloads(private_message_t *this,crypter_t *crypter, sig
|
|||
/* needed to check */
|
||||
current_payload_type = current_payload->get_type(current_payload);
|
||||
|
||||
this->logger->log(this->logger, CONTROL | MOST, "Process payload of type %s",mapping_find(payload_type_m,current_payload_type));
|
||||
this->logger->log(this->logger, CONTROL|MOST, "Process payload of type %s",
|
||||
mapping_find(payload_type_m,current_payload_type));
|
||||
|
||||
if (current_payload_type == ENCRYPTED)
|
||||
{
|
||||
|
@ -915,7 +918,7 @@ static status_t decrypt_payloads(private_message_t *this,crypter_t *crypter, sig
|
|||
|
||||
encryption_payload = (encryption_payload_t*)current_payload;
|
||||
|
||||
this->logger->log(this->logger, CONTROL | MORE, "Found an encryption payload");
|
||||
this->logger->log(this->logger, CONTROL | MOST, "Found an encryption payload");
|
||||
|
||||
if (payload_number != this->payloads->get_count(this->payloads))
|
||||
{
|
||||
|
@ -934,7 +937,7 @@ static status_t decrypt_payloads(private_message_t *this,crypter_t *crypter, sig
|
|||
iterator->destroy(iterator);
|
||||
return status;
|
||||
}
|
||||
this->logger->log(this->logger, CONTROL | MORE, "Decrypt content of encryption payload");
|
||||
this->logger->log(this->logger, CONTROL | MOST, "Decrypt content of encryption payload");
|
||||
status = encryption_payload->decrypt(encryption_payload);
|
||||
if (status != SUCCESS)
|
||||
{
|
||||
|
@ -950,7 +953,7 @@ static status_t decrypt_payloads(private_message_t *this,crypter_t *crypter, sig
|
|||
/* check if there are payloads contained in the encryption payload */
|
||||
if (encryption_payload->get_payload_count(encryption_payload) == 0)
|
||||
{
|
||||
this->logger->log(this->logger, CONTROL | MOST, "Encrypted payload is empty");
|
||||
this->logger->log(this->logger, CONTROL|MOST, "Encrypted payload is empty");
|
||||
/* remove the encryption payload, is not needed anymore */
|
||||
iterator->remove(iterator);
|
||||
/* encrypted payload contains no other payload */
|
||||
|
@ -958,7 +961,6 @@ static status_t decrypt_payloads(private_message_t *this,crypter_t *crypter, sig
|
|||
}
|
||||
else
|
||||
{
|
||||
this->logger->log(this->logger, CONTROL | MOST, "Encrypted payload is not empty");
|
||||
/* encryption_payload is replaced with first payload contained in encryption_payload */
|
||||
encryption_payload->remove_first_payload(encryption_payload, ¤t_encrypted_payload);
|
||||
iterator->replace(iterator,NULL,(void *) current_encrypted_payload);
|
||||
|
@ -981,7 +983,8 @@ static status_t decrypt_payloads(private_message_t *this,crypter_t *crypter, sig
|
|||
while (encryption_payload->get_payload_count(encryption_payload) > 0)
|
||||
{
|
||||
encryption_payload->remove_first_payload(encryption_payload, ¤t_encrypted_payload);
|
||||
this->logger->log(this->logger, CONTROL | MORE, "Insert unencrypted payload of type %s at end of list.",mapping_find(payload_type_m,current_encrypted_payload->get_type(current_encrypted_payload)));
|
||||
this->logger->log(this->logger, CONTROL | MORE, "Insert unencrypted payload of type %s at end of list.",
|
||||
mapping_find(payload_type_m,current_encrypted_payload->get_type(current_encrypted_payload)));
|
||||
this->payloads->insert_last(this->payloads,current_encrypted_payload);
|
||||
}
|
||||
|
||||
|
@ -1008,7 +1011,7 @@ static status_t decrypt_payloads(private_message_t *this,crypter_t *crypter, sig
|
|||
/* payload was not encrypted, but should have been. or vice-versa */
|
||||
this->logger->log(this->logger, ERROR | MORE, "Payload type %s should be %s!",
|
||||
mapping_find(payload_type_m,current_payload_type),
|
||||
(payload_rule->encrypted) ? "encrypted": "not encrypted");
|
||||
(payload_rule->encrypted) ? "encrypted" : "not encrypted");
|
||||
iterator->destroy(iterator);
|
||||
return FAILED;
|
||||
}
|
||||
|
@ -1057,7 +1060,8 @@ static status_t encrypt_payloads (private_message_t *this,crypter_t *crypter, si
|
|||
bool to_encrypt = FALSE;
|
||||
|
||||
all_payloads->remove_first(all_payloads,(void **)¤t_payload);
|
||||
this->logger->log(this->logger, CONTROL | MOST, "Get rule for payload %s", mapping_find(payload_type_m,current_payload->get_type(current_payload)));
|
||||
this->logger->log(this->logger, CONTROL | ALL, "Get rule for payload %s",
|
||||
mapping_find(payload_type_m,current_payload->get_type(current_payload)));
|
||||
|
||||
status = this->get_payload_rule(this,current_payload->get_type(current_payload),&payload_rule);
|
||||
/* for payload types which are not found in supported payload list, it is presumed
|
||||
|
|
|
@ -335,7 +335,7 @@ struct message_t {
|
|||
* Call message_t.parse_header afterwards.
|
||||
*
|
||||
* @param packet packet_t object which is assigned to message
|
||||
* @return created message_t object
|
||||
* @return message_t object
|
||||
*
|
||||
* @ingroup encoding
|
||||
*/
|
||||
|
@ -349,7 +349,7 @@ message_t * message_create_from_packet(packet_t *packet);
|
|||
* - original_initiator is set to TRUE
|
||||
* - is_request is set to TRUE
|
||||
*
|
||||
* @return created message_t object
|
||||
* @return message_t object
|
||||
*
|
||||
* @ingroup encoding
|
||||
*/
|
||||
|
@ -358,7 +358,7 @@ message_t * message_create();
|
|||
/**
|
||||
* @brief Creates an message_t object of type reply containing a notify payload.
|
||||
*
|
||||
* @return created message_t object
|
||||
* @return message_t object
|
||||
*
|
||||
* @ingroup encoding
|
||||
*/
|
||||
|
|
|
@ -1044,7 +1044,6 @@ parser_t *parser_create(chunk_t data)
|
|||
this->public.get_remaining_byte_count = (int (*) (parser_t *))get_remaining_byte_count;
|
||||
this->public.destroy = (void(*)(parser_t*)) destroy;
|
||||
|
||||
|
||||
this->parse_uint4 = parse_uint4;
|
||||
this->parse_uint8 = parse_uint8;
|
||||
this->parse_uint15 = parse_uint15;
|
||||
|
|
|
@ -31,12 +31,15 @@
|
|||
typedef struct parser_t parser_t;
|
||||
|
||||
/**
|
||||
* A parser_t class to parse IKEv2 payloads.
|
||||
* @brief A parser_t class to parse IKEv2 payloads.
|
||||
*
|
||||
* A parser is used for parsing one chunk of data. Multiple
|
||||
* payloads can be parsed out of the chunk using parse_payload.
|
||||
* The parser remains the state until destroyed.
|
||||
*
|
||||
* @b Constructors:
|
||||
* - parser_create()
|
||||
*
|
||||
* @ingroup encoding
|
||||
*/
|
||||
struct parser_t {
|
||||
|
@ -53,7 +56,6 @@ struct parser_t {
|
|||
* @param[out] payload pointer where parsed payload was allocated
|
||||
* @return
|
||||
* - SUCCESSFUL if succeeded,
|
||||
* - NOT_SUPPORTED if payload_type is not supported
|
||||
* - PARSE_ERROR if corrupted/invalid data found
|
||||
*/
|
||||
status_t (*parse_payload) (parser_t *this, payload_type_t payload_type, payload_t **payload);
|
||||
|
@ -84,7 +86,7 @@ struct parser_t {
|
|||
* @brief Constructor to create a parser_t object.
|
||||
*
|
||||
* @param data chunk of data to parse with this parser_t object
|
||||
* @return the parser_t object
|
||||
* @return parser_t object
|
||||
*
|
||||
* @ingroup encoding
|
||||
*/
|
||||
|
|
|
@ -29,10 +29,10 @@
|
|||
* String mappings for auth_method_t.
|
||||
*/
|
||||
mapping_t auth_method_m[] = {
|
||||
{RSA_DIGITAL_SIGNATURE, "RSA_DIGITAL_SIGNATURE"},
|
||||
{SHARED_KEY_MESSAGE_INTEGRITY_CODE, "SHARED_KEY_MESSAGE_INTEGRITY_CODE"},
|
||||
{DSS_DIGITAL_SIGNATURE, "DSS_DIGITAL_SIGNATURE"},
|
||||
{MAPPING_END, NULL}
|
||||
{RSA_DIGITAL_SIGNATURE, "RSA_DIGITAL_SIGNATURE"},
|
||||
{SHARED_KEY_MESSAGE_INTEGRITY_CODE, "SHARED_KEY_MESSAGE_INTEGRITY_CODE"},
|
||||
{DSS_DIGITAL_SIGNATURE, "DSS_DIGITAL_SIGNATURE"},
|
||||
{MAPPING_END, NULL}
|
||||
};
|
||||
|
||||
|
||||
|
@ -43,6 +43,7 @@ typedef struct private_auth_payload_t private_auth_payload_t;
|
|||
*
|
||||
*/
|
||||
struct private_auth_payload_t {
|
||||
|
||||
/**
|
||||
* Public auth_payload_t interface.
|
||||
*/
|
||||
|
|
|
@ -61,20 +61,28 @@ enum auth_method_t {
|
|||
DSS_DIGITAL_SIGNATURE = 3,
|
||||
};
|
||||
|
||||
/**
|
||||
* string mappings for auth method.
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
extern mapping_t auth_method_m[];
|
||||
|
||||
|
||||
typedef struct auth_payload_t auth_payload_t;
|
||||
|
||||
/**
|
||||
* Object representing an IKEv2 AUTH payload.
|
||||
* @brief Object representing an IKEv2 AUTH payload.
|
||||
*
|
||||
* The AUTH payload format is described in draft section 3.8.
|
||||
*
|
||||
* @ingroup payloads
|
||||
* @b Constructors:
|
||||
* - auth_payload_create()
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
struct auth_payload_t {
|
||||
|
||||
/**
|
||||
* The payload_t interface.
|
||||
*/
|
||||
|
@ -82,10 +90,9 @@ struct auth_payload_t {
|
|||
|
||||
/**
|
||||
* @brief Set the AUTH method.
|
||||
*
|
||||
*
|
||||
* @param this calling auth_payload_t object
|
||||
* @param method Method of AUTH
|
||||
* @param method auth_method_t to use
|
||||
*/
|
||||
void (*set_auth_method) (auth_payload_t *this, auth_method_t method);
|
||||
|
||||
|
@ -93,7 +100,7 @@ struct auth_payload_t {
|
|||
* @brief Get the AUTH method.
|
||||
*
|
||||
* @param this calling auth_payload_t object
|
||||
* @return Method of the AUTH
|
||||
* @return auth_method_t used
|
||||
*/
|
||||
auth_method_t (*get_auth_method) (auth_payload_t *this);
|
||||
|
||||
|
@ -110,7 +117,7 @@ struct auth_payload_t {
|
|||
/**
|
||||
* @brief Get the AUTH data.
|
||||
*
|
||||
* Returned data are a copy of the internal one
|
||||
* Returned data are a copy of the internal one.
|
||||
*
|
||||
* @param this calling auth_payload_t object
|
||||
* @return AUTH data as chunk_t
|
||||
|
@ -130,7 +137,7 @@ struct auth_payload_t {
|
|||
/**
|
||||
* @brief Destroys an auth_payload_t object.
|
||||
*
|
||||
* @param this auth_payload_t object to destroy
|
||||
* @param this auth_payload_t object to destroy
|
||||
*/
|
||||
void (*destroy) (auth_payload_t *this);
|
||||
};
|
||||
|
@ -138,7 +145,7 @@ struct auth_payload_t {
|
|||
/**
|
||||
* @brief Creates an empty auth_payload_t object.
|
||||
*
|
||||
* @return created auth_payload_t object
|
||||
* @return auth_payload_t object
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
|
|
|
@ -29,19 +29,19 @@
|
|||
* String mappings for cert_encoding_t.
|
||||
*/
|
||||
mapping_t cert_encoding_m[] = {
|
||||
{PKCS7_WRAPPED_X509_CERTIFICATE, "PKCS7_WRAPPED_X509_CERTIFICATE"},
|
||||
{PGP_CERTIFICATE, "PGP_CERTIFICATE"},
|
||||
{DNS_SIGNED_KEY, "DNS_SIGNED_KEY"},
|
||||
{X509_CERTIFICATE_SIGNATURE, "X509_CERTIFICATE_SIGNATURE"},
|
||||
{KERBEROS_TOKEN, "KERBEROS_TOKEN"},
|
||||
{CERTIFICATE_REVOCATION_LIST, "CERTIFICATE_REVOCATION_LIST"},
|
||||
{AUTHORITY_REVOCATION_LIST, "AUTHORITY_REVOCATION_LIST"},
|
||||
{SPKI_CERTIFICATE, "SPKI_CERTIFICATE"},
|
||||
{X509_CERTIFICATE_ATTRIBUTE, "X509_CERTIFICATE_ATTRIBUTE"},
|
||||
{RAW_SA_KEY, "RAW_SA_KEY"},
|
||||
{HASH_AND_URL_X509_CERTIFICATE, "HASH_AND_URL_X509_CERTIFICATE"},
|
||||
{HASH_AND_URL_X509_BUNDLE, "HASH_AND_URL_X509_BUNDLE"},
|
||||
{MAPPING_END, NULL}
|
||||
{PKCS7_WRAPPED_X509_CERTIFICATE, "PKCS7_WRAPPED_X509_CERTIFICATE"},
|
||||
{PGP_CERTIFICATE, "PGP_CERTIFICATE"},
|
||||
{DNS_SIGNED_KEY, "DNS_SIGNED_KEY"},
|
||||
{X509_CERTIFICATE_SIGNATURE, "X509_CERTIFICATE_SIGNATURE"},
|
||||
{KERBEROS_TOKEN, "KERBEROS_TOKEN"},
|
||||
{CERTIFICATE_REVOCATION_LIST, "CERTIFICATE_REVOCATION_LIST"},
|
||||
{AUTHORITY_REVOCATION_LIST, "AUTHORITY_REVOCATION_LIST"},
|
||||
{SPKI_CERTIFICATE, "SPKI_CERTIFICATE"},
|
||||
{X509_CERTIFICATE_ATTRIBUTE, "X509_CERTIFICATE_ATTRIBUTE"},
|
||||
{RAW_SA_KEY, "RAW_SA_KEY"},
|
||||
{HASH_AND_URL_X509_CERTIFICATE, "HASH_AND_URL_X509_CERTIFICATE"},
|
||||
{HASH_AND_URL_X509_BUNDLE, "HASH_AND_URL_X509_BUNDLE"},
|
||||
{MAPPING_END, NULL}
|
||||
};
|
||||
|
||||
|
||||
|
|
|
@ -37,7 +37,7 @@
|
|||
typedef enum cert_encoding_t cert_encoding_t;
|
||||
|
||||
/**
|
||||
* Cert Encoding.
|
||||
* @brief Certificate encoding, as described in IKEv2 draft section 3.6
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
|
@ -56,6 +56,11 @@ enum cert_encoding_t {
|
|||
HASH_AND_URL_X509_BUNDLE = 13
|
||||
};
|
||||
|
||||
/**
|
||||
* string mappings for cert_encoding_t.
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
extern mapping_t cert_encoding_m[];
|
||||
|
||||
|
||||
|
@ -65,11 +70,17 @@ typedef struct cert_payload_t cert_payload_t;
|
|||
* Object representing an IKEv2 CERT payload.
|
||||
*
|
||||
* The CERT payload format is described in draft section 3.6.
|
||||
* This is just a dummy implementation to fullfill the standards
|
||||
* requirements. A full implementation would offer setters/getters
|
||||
* for the different encoding types.
|
||||
*
|
||||
* @b Constructors:
|
||||
* - cert_payload_create()
|
||||
*
|
||||
* @ingroup payloads
|
||||
*
|
||||
*/
|
||||
struct cert_payload_t {
|
||||
|
||||
/**
|
||||
* The payload_t interface.
|
||||
*/
|
||||
|
@ -77,7 +88,6 @@ struct cert_payload_t {
|
|||
|
||||
/**
|
||||
* @brief Set the CERT encoding.
|
||||
*
|
||||
*
|
||||
* @param this calling cert_payload_t object
|
||||
* @param encoding CERT encoding
|
||||
|
@ -125,7 +135,7 @@ struct cert_payload_t {
|
|||
/**
|
||||
* @brief Destroys an cert_payload_t object.
|
||||
*
|
||||
* @param this cert_payload_t object to destroy
|
||||
* @param this cert_payload_t object to destroy
|
||||
*/
|
||||
void (*destroy) (cert_payload_t *this);
|
||||
};
|
||||
|
@ -133,7 +143,7 @@ struct cert_payload_t {
|
|||
/**
|
||||
* @brief Creates an empty cert_payload_t object.
|
||||
*
|
||||
* @return created cert_payload_t object
|
||||
* @return cert_payload_t object
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
|
|
|
@ -38,12 +38,17 @@
|
|||
typedef struct certreq_payload_t certreq_payload_t;
|
||||
|
||||
/**
|
||||
* Object representing an IKEv2 CERTREQ payload.
|
||||
* @brief Class representing an IKEv2 CERTREQ payload.
|
||||
*
|
||||
* The CERTREQ payload format is described in draft section 3.7.
|
||||
* This is just a dummy implementation to fullfill the standards
|
||||
* requirements. A full implementation would offer setters/getters
|
||||
* for the different encoding types.
|
||||
*
|
||||
* @b Constructors:
|
||||
* - certreq_payload_create()
|
||||
*
|
||||
* @ingroup payloads
|
||||
*
|
||||
*/
|
||||
struct certreq_payload_t {
|
||||
/**
|
||||
|
@ -53,7 +58,6 @@ struct certreq_payload_t {
|
|||
|
||||
/**
|
||||
* @brief Set the CERT encoding.
|
||||
*
|
||||
*
|
||||
* @param this calling certreq_payload_t object
|
||||
* @param encoding CERT encoding
|
||||
|
@ -109,7 +113,7 @@ struct certreq_payload_t {
|
|||
/**
|
||||
* @brief Creates an empty certreq_payload_t object.
|
||||
*
|
||||
* @return created certreq_payload_t object
|
||||
* @return certreq_payload_t object
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
|
|
|
@ -70,10 +70,13 @@ extern mapping_t configuration_attribute_type_m[];
|
|||
typedef struct configuration_attribute_t configuration_attribute_t;
|
||||
|
||||
/**
|
||||
* Object representing an IKEv2- CONFIGURATION Attribute.
|
||||
* @brief Class representing an IKEv2-CONFIGURATION Attribute.
|
||||
*
|
||||
* The CONFIGURATION ATTRIBUTE format is described in RFC section 3.15.1.
|
||||
*
|
||||
* @b Constructors:
|
||||
* - configuration_attribute_create()
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
struct configuration_attribute_t {
|
||||
|
|
|
@ -34,11 +34,11 @@
|
|||
* String mappings for config_type_t.
|
||||
*/
|
||||
mapping_t config_type_m[] = {
|
||||
{CFG_REQUEST, "CFG_REQUEST"},
|
||||
{CFG_REPLY, "CFG_REPLY"},
|
||||
{CFG_SET, "CFG_SET"},
|
||||
{CFG_ACK, "CFG_ACK"},
|
||||
{MAPPING_END, NULL}
|
||||
{CFG_REQUEST, "CFG_REQUEST"},
|
||||
{CFG_REPLY, "CFG_REPLY"},
|
||||
{CFG_SET, "CFG_SET"},
|
||||
{CFG_ACK, "CFG_ACK"},
|
||||
{MAPPING_END, NULL}
|
||||
};
|
||||
|
||||
|
||||
|
|
|
@ -51,16 +51,24 @@ enum config_type_t {
|
|||
CFG_ACK = 4,
|
||||
};
|
||||
|
||||
/**
|
||||
* string mappings for config_type_t.
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
extern mapping_t config_type_m[];
|
||||
|
||||
|
||||
typedef struct cp_payload_t cp_payload_t;
|
||||
|
||||
/**
|
||||
* Class representing an IKEv2-CP Payload.
|
||||
* @brief Class representing an IKEv2-CP Payload.
|
||||
*
|
||||
* The CP Payload format is described in RFC section 3.15.
|
||||
*
|
||||
* @b Constructors:
|
||||
* - cp_payload_create()
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
struct cp_payload_t {
|
||||
|
@ -90,19 +98,31 @@ struct cp_payload_t {
|
|||
* @warning The added configuration_attribute_t object is
|
||||
* getting destroyed in destroy function of cp_payload_t.
|
||||
*
|
||||
* @param this calling cp_payload_t object
|
||||
* @param attribute configuration_attribute_t object to add
|
||||
* @param this calling cp_payload_t object
|
||||
* @param attribute configuration_attribute_t object to add
|
||||
*/
|
||||
void (*add_configuration_attribute) (cp_payload_t *this, configuration_attribute_t *attribute);
|
||||
|
||||
/**
|
||||
* @brief Set the config type.
|
||||
*
|
||||
* @param this calling cp_payload_t object
|
||||
* @param config_type config_type_t to set
|
||||
*/
|
||||
void (*set_config_type) (cp_payload_t *this,config_type_t config_type);
|
||||
|
||||
/**
|
||||
* @brief Get the config type.
|
||||
*
|
||||
* @param this calling cp_payload_t object
|
||||
* @return config_type_t
|
||||
*/
|
||||
config_type_t (*get_config_type) (cp_payload_t *this);
|
||||
|
||||
/**
|
||||
* @brief Destroys an cp_payload_t object.
|
||||
*
|
||||
* @param this cp_payload_t object to destroy
|
||||
* @param this cp_payload_t object to destroy
|
||||
*/
|
||||
void (*destroy) (cp_payload_t *this);
|
||||
};
|
||||
|
@ -110,7 +130,7 @@ struct cp_payload_t {
|
|||
/**
|
||||
* @brief Creates an empty cp_payload_t object
|
||||
*
|
||||
* @return created cp_payload_t object
|
||||
* @return cp_payload_t object
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
|
|
|
@ -39,12 +39,14 @@
|
|||
typedef struct delete_payload_t delete_payload_t;
|
||||
|
||||
/**
|
||||
* Object representing an IKEv2 DELETE payload.
|
||||
* @brief Class representing an IKEv2 DELETE payload.
|
||||
*
|
||||
* The DELETE payload format is described in draft section 3.11.
|
||||
*
|
||||
* @ingroup payloads
|
||||
* @b Constructors:
|
||||
* - delete_payload_create()
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
struct delete_payload_t {
|
||||
/**
|
||||
|
@ -54,7 +56,6 @@ struct delete_payload_t {
|
|||
|
||||
/**
|
||||
* @brief Set the protocol ID.
|
||||
*
|
||||
*
|
||||
* @param this calling delete_payload_t object
|
||||
* @param protocol_id protocol ID
|
||||
|
@ -82,13 +83,12 @@ struct delete_payload_t {
|
|||
* @brief Get the SPI size.
|
||||
*
|
||||
* @param this calling delete_payload_t object
|
||||
* @return SPI size
|
||||
* @return SPI size
|
||||
*/
|
||||
u_int8_t (*get_spi_size) (delete_payload_t *this);
|
||||
|
||||
/**
|
||||
* @brief Set the SPI count.
|
||||
*
|
||||
*
|
||||
* @param this calling delete_payload_t object
|
||||
* @param spi_count SPI count
|
||||
|
@ -144,7 +144,7 @@ struct delete_payload_t {
|
|||
/**
|
||||
* @brief Creates an empty delete_payload_t object.
|
||||
*
|
||||
* @return created delete_payload_t object
|
||||
* @return delete_payload_t object
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
|
|
|
@ -37,12 +37,14 @@
|
|||
typedef struct eap_payload_t eap_payload_t;
|
||||
|
||||
/**
|
||||
* Object representing an IKEv2 EAP payload.
|
||||
* @brief Class representing an IKEv2 EAP payload.
|
||||
*
|
||||
* The EAP payload format is described in draft section 3.16.
|
||||
*
|
||||
* @ingroup payloads
|
||||
* @b Constructors:
|
||||
* - eap_payload_create()
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
struct eap_payload_t {
|
||||
/**
|
||||
|
@ -91,7 +93,7 @@ struct eap_payload_t {
|
|||
/**
|
||||
* @brief Creates an empty eap_payload_t object.
|
||||
*
|
||||
* @return created eap_payload_t object
|
||||
* @return eap_payload_t object
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/**
|
||||
* @file encodings.c
|
||||
*
|
||||
* @brief Encoding types of fields in a IKEv2 payload.
|
||||
* @brief String mappings of encoding_type_t.
|
||||
*
|
||||
*/
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/**
|
||||
* @file encodings.h
|
||||
*
|
||||
* @brief Encoding types of fields in a IKEv2 payload.
|
||||
* @brief Definition of encoding_type_t.
|
||||
*
|
||||
*/
|
||||
|
||||
|
@ -43,7 +43,8 @@ typedef enum encoding_type_t encoding_type_t;
|
|||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
enum encoding_type_t{
|
||||
enum encoding_type_t {
|
||||
|
||||
/**
|
||||
* Representing a 4 Bit unsigned int value.
|
||||
*
|
||||
|
@ -57,6 +58,7 @@ enum encoding_type_t{
|
|||
* The current read pointer is moved 4 bit forward afterwards.
|
||||
*/
|
||||
U_INT_4,
|
||||
|
||||
/**
|
||||
* Representing a 8 Bit unsigned int value.
|
||||
*
|
||||
|
@ -70,6 +72,7 @@ enum encoding_type_t{
|
|||
* The current read pointer is moved 8 bit forward afterwards.
|
||||
*/
|
||||
U_INT_8,
|
||||
|
||||
/**
|
||||
* Representing a 16 Bit unsigned int value.
|
||||
*
|
||||
|
@ -83,6 +86,7 @@ enum encoding_type_t{
|
|||
* The current read pointer is moved 16 bit forward afterwards.
|
||||
*/
|
||||
U_INT_16,
|
||||
|
||||
/**
|
||||
* Representing a 32 Bit unsigned int value.
|
||||
*
|
||||
|
@ -94,8 +98,8 @@ enum encoding_type_t{
|
|||
* The value is written to the associated data struct.
|
||||
* The current read pointer is moved 32 bit forward afterwards.
|
||||
*/
|
||||
|
||||
U_INT_32,
|
||||
|
||||
/**
|
||||
* Representing a 64 Bit unsigned int value.
|
||||
*
|
||||
|
@ -108,6 +112,7 @@ enum encoding_type_t{
|
|||
* The current read pointer is moved 64 bit forward afterwards.
|
||||
*/
|
||||
U_INT_64,
|
||||
|
||||
/**
|
||||
* @brief represents a RESERVED_BIT used in FLAG-Bytes.
|
||||
*
|
||||
|
@ -121,6 +126,7 @@ enum encoding_type_t{
|
|||
* The current read pointer is moved 1 bit forward afterwards.
|
||||
*/
|
||||
RESERVED_BIT,
|
||||
|
||||
/**
|
||||
* @brief represents a RESERVED_BYTE.
|
||||
*
|
||||
|
@ -134,6 +140,7 @@ enum encoding_type_t{
|
|||
* The current read pointer is moved 1 byte forward afterwards.
|
||||
*/
|
||||
RESERVED_BYTE,
|
||||
|
||||
/**
|
||||
* Representing a 1 Bit flag.
|
||||
*
|
||||
|
@ -146,6 +153,7 @@ enum encoding_type_t{
|
|||
* is moved 1 bit forward afterwards
|
||||
*/
|
||||
FLAG,
|
||||
|
||||
/**
|
||||
* Representating a length field of a payload.
|
||||
*
|
||||
|
@ -158,6 +166,7 @@ enum encoding_type_t{
|
|||
* The current read pointer is moved 16 bit forward afterwards.
|
||||
*/
|
||||
PAYLOAD_LENGTH,
|
||||
|
||||
/**
|
||||
* Representating a length field of a header.
|
||||
*
|
||||
|
@ -170,6 +179,7 @@ enum encoding_type_t{
|
|||
* The current read pointer is moved 32 bit forward afterwards.
|
||||
*/
|
||||
HEADER_LENGTH,
|
||||
|
||||
/**
|
||||
* Representating a spi size field.
|
||||
*
|
||||
|
@ -182,6 +192,7 @@ enum encoding_type_t{
|
|||
* The current read pointer is moved 8 bit forward afterwards.
|
||||
*/
|
||||
SPI_SIZE,
|
||||
|
||||
/**
|
||||
* Representating a spi field.
|
||||
*
|
||||
|
@ -191,6 +202,7 @@ enum encoding_type_t{
|
|||
* When parsing SPI_SIZE bytes are read and written into the chunk pointing to.
|
||||
*/
|
||||
SPI,
|
||||
|
||||
/**
|
||||
* Representating a Key Exchange Data field.
|
||||
*
|
||||
|
@ -200,6 +212,7 @@ enum encoding_type_t{
|
|||
* When parsing (Payload Length - 8) bytes are read and written into the chunk pointing to.
|
||||
*/
|
||||
KEY_EXCHANGE_DATA,
|
||||
|
||||
/**
|
||||
* Representating a Notification field.
|
||||
*
|
||||
|
@ -209,6 +222,7 @@ enum encoding_type_t{
|
|||
* When parsing (Payload Length - spi size - 8) bytes are read and written into the chunk pointing to.
|
||||
*/
|
||||
NOTIFICATION_DATA,
|
||||
|
||||
/**
|
||||
* Representating one or more proposal substructures.
|
||||
*
|
||||
|
@ -221,6 +235,7 @@ enum encoding_type_t{
|
|||
* to be stored in the pointed linked_list.
|
||||
*/
|
||||
PROPOSALS,
|
||||
|
||||
/**
|
||||
* Representating one or more transform substructures.
|
||||
*
|
||||
|
@ -233,6 +248,7 @@ enum encoding_type_t{
|
|||
* to be stored in the pointed linked_list.
|
||||
*/
|
||||
TRANSFORMS,
|
||||
|
||||
/**
|
||||
* Representating one or more Attributes of a transform substructure.
|
||||
*
|
||||
|
@ -464,8 +480,7 @@ enum encoding_type_t{
|
|||
* When parsing (Payload Length - 4) bytes are read and written into the chunk pointing to.
|
||||
*/
|
||||
UNKNOWN_DATA,
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* Representating an IKE_SPI field in an IKEv2 Header.
|
||||
*
|
||||
|
@ -480,14 +495,16 @@ enum encoding_type_t{
|
|||
* Representing the encrypted data body of a encryption payload.
|
||||
*/
|
||||
ENCRYPTED_DATA,
|
||||
|
||||
};
|
||||
|
||||
/**
|
||||
* mappings to map encoding_type_t's to strings
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
extern mapping_t encoding_type_m[];
|
||||
|
||||
|
||||
typedef struct encoding_rule_t encoding_rule_t;
|
||||
|
||||
/**
|
||||
|
@ -502,6 +519,7 @@ typedef struct encoding_rule_t encoding_rule_t;
|
|||
* @ingroup payloads
|
||||
*/
|
||||
struct encoding_rule_t {
|
||||
|
||||
/**
|
||||
* Encoding type.
|
||||
*/
|
||||
|
|
|
@ -46,6 +46,7 @@ typedef struct private_encryption_payload_t private_encryption_payload_t;
|
|||
*
|
||||
*/
|
||||
struct private_encryption_payload_t {
|
||||
|
||||
/**
|
||||
* Public encryption_payload_t interface.
|
||||
*/
|
||||
|
@ -314,7 +315,7 @@ static status_t encrypt(private_encryption_payload_t *this)
|
|||
allocator_free(to_crypt.ptr);
|
||||
if (status != SUCCESS)
|
||||
{
|
||||
this->logger->log(this->logger, ERROR, "encryption failed");
|
||||
this->logger->log(this->logger, ERROR|MORE, "encryption failed");
|
||||
allocator_free(iv.ptr);
|
||||
return status;
|
||||
}
|
||||
|
@ -365,7 +366,7 @@ static status_t decrypt(private_encryption_payload_t *this)
|
|||
*/
|
||||
if (concatenated.len < iv.len)
|
||||
{
|
||||
this->logger->log(this->logger, ERROR, "could not decrypt, invalid input");
|
||||
this->logger->log(this->logger, ERROR|MORE, "could not decrypt, invalid input");
|
||||
return FAILED;
|
||||
}
|
||||
|
||||
|
@ -375,7 +376,7 @@ static status_t decrypt(private_encryption_payload_t *this)
|
|||
status = this->crypter->decrypt(this->crypter, concatenated, iv, &(this->decrypted));
|
||||
if (status != SUCCESS)
|
||||
{
|
||||
this->logger->log(this->logger, ERROR, "could not decrypt, decryption failed");
|
||||
this->logger->log(this->logger, ERROR|MORE, "could not decrypt, decryption failed");
|
||||
return FAILED;
|
||||
}
|
||||
|
||||
|
@ -388,7 +389,7 @@ static status_t decrypt(private_encryption_payload_t *this)
|
|||
/* check size again */
|
||||
if (padding_length > concatenated.len || this->decrypted.len < 0)
|
||||
{
|
||||
this->logger->log(this->logger, ERROR, "decryption failed, invalid padding length found. Invalid key ?");
|
||||
this->logger->log(this->logger, ERROR|MORE, "decryption failed, invalid padding length found. Invalid key?");
|
||||
/* decryption failed :-/ */
|
||||
return FAILED;
|
||||
}
|
||||
|
@ -491,7 +492,7 @@ static void generate(private_encryption_payload_t *this)
|
|||
else
|
||||
{
|
||||
/* no paylads? */
|
||||
this->logger->log(this->logger, CONTROL|MOST, "generating contained payloads, but no available");
|
||||
this->logger->log(this->logger, CONTROL|MORE, "generating contained payloads, but no available");
|
||||
allocator_free(this->decrypted.ptr);
|
||||
this->decrypted = CHUNK_INITIALIZER;
|
||||
iterator->destroy(iterator);
|
||||
|
@ -519,7 +520,7 @@ static void generate(private_encryption_payload_t *this)
|
|||
|
||||
generator->write_to_chunk(generator, &(this->decrypted));
|
||||
generator->destroy(generator);
|
||||
this->logger->log(this->logger, CONTROL|MOST, "successfully generated content in encrpytion payload");
|
||||
this->logger->log(this->logger, CONTROL|MORE, "successfully generated content in encrpytion payload");
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -558,8 +559,7 @@ static status_t parse(private_encryption_payload_t *this)
|
|||
status = current_payload->verify(current_payload);
|
||||
if (status != SUCCESS)
|
||||
{
|
||||
|
||||
this->logger->log(this->logger, ERROR, "%s verification failed: %s",
|
||||
this->logger->log(this->logger, ERROR|MORE, "%s verification failed: %s",
|
||||
mapping_find(payload_type_m,current_payload->get_type(current_payload)),
|
||||
mapping_find(status_m, status));
|
||||
current_payload->destroy(current_payload);
|
||||
|
@ -573,7 +573,7 @@ static status_t parse(private_encryption_payload_t *this)
|
|||
this->payloads->insert_last(this->payloads,current_payload);
|
||||
}
|
||||
parser->destroy(parser);
|
||||
this->logger->log(this->logger, CONTROL|MOST, "succesfully parsed content of encryption payload");
|
||||
this->logger->log(this->logger, CONTROL|MORE, "succesfully parsed content of encryption payload");
|
||||
return SUCCESS;
|
||||
}
|
||||
|
||||
|
@ -678,5 +678,3 @@ encryption_payload_t *encryption_payload_create()
|
|||
|
||||
return (&(this->public));
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -30,6 +30,8 @@
|
|||
|
||||
/**
|
||||
* Encrpytion payload length in bytes without IV and following data.
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
#define ENCRYPTION_PAYLOAD_HEADER_LENGTH 4
|
||||
|
||||
|
@ -39,6 +41,19 @@ typedef struct encryption_payload_t encryption_payload_t;
|
|||
/**
|
||||
* @brief The encryption payload as described in RFC section 3.14.
|
||||
*
|
||||
* Before any crypt/decrypt/sign/verify operation can occur,
|
||||
* the transforms must be set. After that, a parsed encryption payload
|
||||
* can be decrypted, which also will parse the contained payloads.
|
||||
* Encryption is done the same way, added payloads will get generated
|
||||
* and then encrypted.
|
||||
* For signature building, there is the FULL packet needed. Meaning it
|
||||
* must be builded after generation of all payloads and the encryption
|
||||
* of the encryption payload.
|
||||
* Signature verificatin is done before decryption.
|
||||
*
|
||||
* @b Constructors:
|
||||
* - encryption_payload_create()
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
struct encryption_payload_t {
|
||||
|
@ -91,7 +106,8 @@ struct encryption_payload_t {
|
|||
* To decryption, encryption, signature building and verifying,
|
||||
* the payload needs a crypter and a signer object.
|
||||
*
|
||||
* @warning Do NOT call this function twice!
|
||||
* @warning Do NOT call this function again after encryption, since
|
||||
* the signer must be the same while encrypting and signature building!
|
||||
*
|
||||
* @param this calling encryption_payload_t
|
||||
* @param crypter crypter_t to use for data de-/encryption
|
||||
|
@ -162,7 +178,7 @@ struct encryption_payload_t {
|
|||
/**
|
||||
* @brief Destroys an encryption_payload_t object.
|
||||
*
|
||||
* @param this encryption_payload_t object to destroy
|
||||
* @param this encryption_payload_t object to destroy
|
||||
*/
|
||||
void (*destroy) (encryption_payload_t *this);
|
||||
};
|
||||
|
@ -170,11 +186,11 @@ struct encryption_payload_t {
|
|||
/**
|
||||
* @brief Creates an empty encryption_payload_t object.
|
||||
*
|
||||
* @return created encryption_payload_t object
|
||||
* @returnencryption_payload_t object
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
|
||||
encryption_payload_t *encryption_payload_create();
|
||||
|
||||
|
||||
#endif /*ENCRYPTION_PAYLOAD_H_*/
|
||||
|
|
|
@ -257,7 +257,7 @@ static void set_initiator (private_id_payload_t *this,bool is_initiator)
|
|||
/**
|
||||
* Implementation of id_payload_t.get_identification.
|
||||
*/
|
||||
static identification_t * get_identification (private_id_payload_t *this)
|
||||
static identification_t *get_identification (private_id_payload_t *this)
|
||||
{
|
||||
return identification_create_from_encoding(this->id_type,this->id_data);
|
||||
}
|
||||
|
@ -271,7 +271,6 @@ static void destroy(private_id_payload_t *this)
|
|||
{
|
||||
allocator_free_chunk(&(this->id_data));
|
||||
}
|
||||
|
||||
allocator_free(this);
|
||||
}
|
||||
|
||||
|
|
|
@ -43,8 +43,11 @@ typedef struct id_payload_t id_payload_t;
|
|||
*
|
||||
* The ID payload format is described in draft section 3.5.
|
||||
*
|
||||
* @ingroup payloads
|
||||
* @b Constructors:
|
||||
* - id_payload_create_from_identification()
|
||||
* - id_payload_create()
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
struct id_payload_t {
|
||||
/**
|
||||
|
@ -54,7 +57,6 @@ struct id_payload_t {
|
|||
|
||||
/**
|
||||
* @brief Set the ID type.
|
||||
*
|
||||
*
|
||||
* @param this calling id_payload_t object
|
||||
* @param type Type of ID
|
||||
|
@ -105,9 +107,7 @@ struct id_payload_t {
|
|||
* Returned object has to get destroyed by the caller.
|
||||
*
|
||||
* @param this calling id_payload_t object
|
||||
* @return
|
||||
* - identification_t object
|
||||
* - NULL if ID type not supported
|
||||
* @return identification_t object
|
||||
*/
|
||||
identification_t *(*get_identification) (id_payload_t *this);
|
||||
|
||||
|
@ -148,7 +148,7 @@ struct id_payload_t {
|
|||
* - TRUE if this payload is of type IDi
|
||||
* - FALSE if this payload is of type IDr
|
||||
*
|
||||
* @return created id_payload_t object
|
||||
* @return id_payload_t object
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
|
@ -161,7 +161,7 @@ id_payload_t *id_payload_create(bool is_initiator);
|
|||
* - TRUE if this payload is of type IDi
|
||||
* - FALSE if this payload is of type IDr
|
||||
* @param identification identification_t object
|
||||
* @return created id_payload_t object
|
||||
* @return id_payload_t object
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
|
|
|
@ -66,7 +66,7 @@ typedef enum exchange_type_t exchange_type_t;
|
|||
enum exchange_type_t{
|
||||
|
||||
/**
|
||||
* EXCHANGE_TYPE_UNDEFINED, not a official message type :-).
|
||||
* EXCHANGE_TYPE_UNDEFINED. In private space, since not a official message type.
|
||||
*/
|
||||
EXCHANGE_TYPE_UNDEFINED = 240,
|
||||
|
||||
|
@ -91,19 +91,27 @@ enum exchange_type_t{
|
|||
INFORMATIONAL = 37
|
||||
};
|
||||
|
||||
/**
|
||||
* string mappings for exchange_type_t
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
extern mapping_t exchange_type_m[];
|
||||
|
||||
|
||||
typedef struct ike_header_t ike_header_t;
|
||||
|
||||
/**
|
||||
* An object of this type represents an IKEv2 header and is used to
|
||||
* @brief An object of this type represents an IKEv2 header and is used to
|
||||
* generate and parse IKEv2 headers.
|
||||
*
|
||||
*
|
||||
* The header format of an IKEv2-Message is compatible to the
|
||||
* ISAKMP-Header format to allow implementations supporting
|
||||
* both versions of the IKE-protocol.
|
||||
*
|
||||
* @b Constructors:
|
||||
* - ike_header_create()
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
struct ike_header_t {
|
||||
|
@ -236,7 +244,7 @@ struct ike_header_t {
|
|||
/**
|
||||
* @brief Destroys a ike_header_t object.
|
||||
*
|
||||
* @param this ike_header_t object to destroy
|
||||
* @param this ike_header_t object to destroy
|
||||
*/
|
||||
void (*destroy) (ike_header_t *this);
|
||||
};
|
||||
|
@ -244,7 +252,7 @@ struct ike_header_t {
|
|||
/**
|
||||
* @brief Create an ike_header_t object
|
||||
*
|
||||
* @return created ike_header_t object
|
||||
* @return ike_header_t object
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
|
|
|
@ -56,7 +56,6 @@ struct private_ke_payload_t {
|
|||
*/
|
||||
u_int16_t payload_length;
|
||||
|
||||
|
||||
/**
|
||||
* DH Group Number.
|
||||
*/
|
||||
|
@ -274,7 +273,7 @@ ke_payload_t *ke_payload_create()
|
|||
this->compute_length = compute_length;
|
||||
|
||||
/* set default values of the fields */
|
||||
this->critical = KE_PAYLOAD_CRITICAL_FLAG;
|
||||
this->critical = FALSE;
|
||||
this->next_payload = NO_PAYLOAD;
|
||||
this->payload_length = KE_PAYLOAD_HEADER_LENGTH;
|
||||
this->key_exchange_data.ptr = NULL;
|
||||
|
|
|
@ -27,14 +27,6 @@
|
|||
#include <encoding/payloads/payload.h>
|
||||
#include <encoding/payloads/transform_substructure.h>
|
||||
#include <utils/linked_list.h>
|
||||
|
||||
/**
|
||||
* Critical flag must not be set.
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
#define KE_PAYLOAD_CRITICAL_FLAG FALSE;
|
||||
|
||||
/**
|
||||
* KE payload length in bytes without any key exchange data.
|
||||
*
|
||||
|
@ -46,10 +38,13 @@
|
|||
typedef struct ke_payload_t ke_payload_t;
|
||||
|
||||
/**
|
||||
* Object representing an IKEv2-KE Payload.
|
||||
* @brief Class representing an IKEv2-KE Payload.
|
||||
*
|
||||
* The KE Payload format is described in RFC section 3.4.
|
||||
*
|
||||
* @b Constructors:
|
||||
* - ke_payload_create()
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
struct ke_payload_t {
|
||||
|
@ -105,7 +100,7 @@ struct ke_payload_t {
|
|||
/**
|
||||
* @brief Creates an empty ke_payload_t object
|
||||
*
|
||||
* @return created ke_payload_t object
|
||||
* @return ke_payload_t object
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
|
|
|
@ -130,24 +130,21 @@ static status_t verify(private_nonce_payload_t *this)
|
|||
*/
|
||||
static status_t set_nonce(private_nonce_payload_t *this, chunk_t nonce)
|
||||
{
|
||||
if (nonce.len >= 16 && nonce.len <= 256)
|
||||
{
|
||||
|
||||
this->nonce.ptr = allocator_clone_bytes(nonce.ptr, nonce.len);
|
||||
this->nonce.len = nonce.len;
|
||||
this->payload_length = NONCE_PAYLOAD_HEADER_LENGTH + nonce.len;
|
||||
return SUCCESS;
|
||||
}
|
||||
return INVALID_ARG;
|
||||
this->nonce.ptr = allocator_clone_bytes(nonce.ptr, nonce.len);
|
||||
this->nonce.len = nonce.len;
|
||||
this->payload_length = NONCE_PAYLOAD_HEADER_LENGTH + nonce.len;
|
||||
return SUCCESS;
|
||||
}
|
||||
|
||||
/**
|
||||
* Implementation of nonce_payload_t.get_nonce.
|
||||
*/
|
||||
static void get_nonce(private_nonce_payload_t *this, chunk_t *nonce)
|
||||
static chunk_t get_nonce(private_nonce_payload_t *this)
|
||||
{
|
||||
nonce->ptr = allocator_clone_bytes(this->nonce.ptr,this->nonce.len);
|
||||
nonce->len = this->nonce.len;
|
||||
chunk_t nonce;
|
||||
nonce.ptr = allocator_clone_bytes(this->nonce.ptr,this->nonce.len);
|
||||
nonce.len = this->nonce.len;
|
||||
return nonce;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -231,8 +228,8 @@ nonce_payload_t *nonce_payload_create()
|
|||
|
||||
/* public functions */
|
||||
this->public.destroy = (void (*) (nonce_payload_t *)) destroy;
|
||||
this->public.set_nonce = (status_t (*) (nonce_payload_t *,chunk_t)) set_nonce;
|
||||
this->public.get_nonce = (void (*) (nonce_payload_t *,chunk_t*)) get_nonce;
|
||||
this->public.set_nonce = (void (*) (nonce_payload_t *,chunk_t)) set_nonce;
|
||||
this->public.get_nonce = (chunk_t (*) (nonce_payload_t *)) get_nonce;
|
||||
|
||||
/* private functions */
|
||||
this->compute_length = compute_length;
|
||||
|
|
|
@ -40,8 +40,10 @@ typedef struct nonce_payload_t nonce_payload_t;
|
|||
*
|
||||
* The Nonce payload format is described in draft section 3.3.
|
||||
*
|
||||
* @ingroup payloads
|
||||
* @b Constructors:
|
||||
* - nonce_payload_create()
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
struct nonce_payload_t {
|
||||
/**
|
||||
|
@ -51,24 +53,19 @@ struct nonce_payload_t {
|
|||
|
||||
/**
|
||||
* @brief Set the nonce value.
|
||||
*
|
||||
* The nonce must have length between 16 and 256 bytes.
|
||||
*
|
||||
* @param this calling nonce_payload_t object
|
||||
* @param nonce chunk containing the nonce, will be cloned
|
||||
* @return
|
||||
* - SUCCESS or
|
||||
* - INVALID_ARG, if nonce has an invalid size
|
||||
*/
|
||||
status_t (*set_nonce) (nonce_payload_t *this, chunk_t nonce);
|
||||
void (*set_nonce) (nonce_payload_t *this, chunk_t nonce);
|
||||
|
||||
/**
|
||||
* @brief Get the nonce value.
|
||||
*
|
||||
* @param this calling nonce_payload_t object
|
||||
* @param[out] nonce chunk where nonce data is located (cloned)
|
||||
* @return a chunk containing the cloned nonce
|
||||
*/
|
||||
void (*get_nonce) (nonce_payload_t *this, chunk_t *nonce);
|
||||
chunk_t (*get_nonce) (nonce_payload_t *this);
|
||||
|
||||
/**
|
||||
* @brief Destroys an nonce_payload_t object.
|
||||
|
@ -81,7 +78,7 @@ struct nonce_payload_t {
|
|||
/**
|
||||
* @brief Creates an empty nonce_payload_t object
|
||||
*
|
||||
* @return created nonce_payload_t object
|
||||
* @return nonce_payload_t object
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
|
|
|
@ -47,11 +47,8 @@ mapping_t notify_message_type_m[] = {
|
|||
{FAILED_CP_REQUIRED, "FAILED_CP_REQUIRED"},
|
||||
{TS_UACCEPTABLE, "TS_UACCEPTABLE"},
|
||||
{INVALID_SELECTORS, "INVALID_SELECTORS"},
|
||||
|
||||
/* status messages */
|
||||
{INITIAL_CONTACT, "INITIAL_CONTACT"},
|
||||
{SET_WINDOW_SIZE, "SET_WINDOW_SIZE"},
|
||||
|
||||
{MAPPING_END, NULL}
|
||||
};
|
||||
|
||||
|
|
|
@ -49,7 +49,7 @@ typedef enum notify_message_type_t notify_message_type_t;
|
|||
/**
|
||||
* @brief Notify message types.
|
||||
*
|
||||
* Ssee IKEv2 draft 3.10.1.
|
||||
* See IKEv2 draft 3.10.1.
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
|
@ -76,18 +76,22 @@ enum notify_message_type_t {
|
|||
|
||||
/**
|
||||
* String mappings for notify_message_type_t.
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
extern mapping_t notify_message_type_m[];
|
||||
|
||||
|
||||
|
||||
typedef struct notify_payload_t notify_payload_t;
|
||||
|
||||
/**
|
||||
* Object representing an IKEv2-Notify Payload.
|
||||
* @brief Class representing an IKEv2-Notify Payload.
|
||||
*
|
||||
* The Notify Payload format is described in Draft section 3.10.
|
||||
*
|
||||
*
|
||||
* @b Constructors:
|
||||
* - notify_payload_create()
|
||||
* - notify_payload_create_from_protocol_and_type()
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
|
@ -191,7 +195,7 @@ notify_payload_t *notify_payload_create();
|
|||
*
|
||||
* @param protocol_id protocol id (IKE, AH or ESP)
|
||||
* @param notify_message_type notify type (see notify_message_type_t)
|
||||
* @return created notify_payload_t object
|
||||
* @return notify_payload_t object
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
|
|
|
@ -3,7 +3,6 @@
|
|||
*
|
||||
* @brief Interface payload_t.
|
||||
*
|
||||
*
|
||||
*/
|
||||
|
||||
/*
|
||||
|
@ -273,7 +272,7 @@ struct payload_t {
|
|||
* an unknwon_paylod is created with the chunk of data in it.
|
||||
*
|
||||
* @param type type of the payload to create
|
||||
* @return created payload
|
||||
* @return payload_t object
|
||||
*/
|
||||
payload_t *payload_create(payload_type_t type);
|
||||
|
||||
|
|
|
@ -31,6 +31,12 @@
|
|||
#include <utils/allocator.h>
|
||||
#include <utils/linked_list.h>
|
||||
|
||||
|
||||
/**
|
||||
* IKEv1 Value for a proposal payload.
|
||||
*/
|
||||
#define PROPOSAL_TYPE_VALUE 2
|
||||
|
||||
/**
|
||||
* String mappings for protocol_id_t.
|
||||
*/
|
||||
|
|
|
@ -28,16 +28,9 @@
|
|||
#include <encoding/payloads/transform_substructure.h>
|
||||
#include <utils/linked_list.h>
|
||||
|
||||
/**
|
||||
* IKEv1 Value for a proposal payload.
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
#define PROPOSAL_TYPE_VALUE 2
|
||||
|
||||
/**
|
||||
* Length of the proposal substructure header
|
||||
* (without spi).
|
||||
* Length of the proposal substructure header (without spi).
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
|
@ -60,6 +53,8 @@ enum protocol_id_t {
|
|||
|
||||
/**
|
||||
* String mappings for protocol_id_t.
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
extern mapping_t protocol_id_m[];
|
||||
|
||||
|
@ -70,6 +65,9 @@ typedef struct proposal_substructure_t proposal_substructure_t;
|
|||
*
|
||||
* The PROPOSAL SUBSTRUCTURE format is described in RFC section 3.3.1.
|
||||
*
|
||||
* @b Constructors:
|
||||
* - proposal_substructure_create()
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
struct proposal_substructure_t {
|
||||
|
@ -214,12 +212,11 @@ struct proposal_substructure_t {
|
|||
/**
|
||||
* @brief Creates an empty proposal_substructure_t object
|
||||
*
|
||||
* @return created proposal_substructure_t object
|
||||
* @return proposal_substructure_t object
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
proposal_substructure_t *proposal_substructure_create();
|
||||
|
||||
|
||||
|
||||
#endif /*PROPOSAL_SUBSTRUCTURE_H_*/
|
||||
|
|
|
@ -47,10 +47,15 @@
|
|||
typedef struct sa_payload_t sa_payload_t;
|
||||
|
||||
/**
|
||||
* Class representing an IKEv2-SA Payload.
|
||||
* @brief Class representing an IKEv2-SA Payload.
|
||||
*
|
||||
* The SA Payload format is described in RFC section 3.3.
|
||||
*
|
||||
* @b Constructors:
|
||||
* - sa_payload_create()
|
||||
* - sa_payload_create_from_ike_proposals()
|
||||
* - sa_payload_create_from_child_proposal()
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
struct sa_payload_t {
|
||||
|
@ -68,9 +73,9 @@ struct sa_payload_t {
|
|||
* the length of this transform substructure has to be refreshed
|
||||
* by calling get_length()!
|
||||
*
|
||||
* @param this calling sa_payload_t object
|
||||
* @param[in] forward iterator direction (TRUE: front to end)
|
||||
* @return created iterator_t object
|
||||
* @param this calling sa_payload_t object
|
||||
* @param[in] forward iterator direction (TRUE: front to end)
|
||||
* @return created iterator_t object
|
||||
*/
|
||||
iterator_t *(*create_proposal_substructure_iterator) (sa_payload_t *this, bool forward);
|
||||
|
||||
|
@ -80,13 +85,13 @@ struct sa_payload_t {
|
|||
* @warning The added proposal_substructure_t object is
|
||||
* getting destroyed in destroy function of sa_payload_t.
|
||||
*
|
||||
* @param this calling sa_payload_t object
|
||||
* @param proposal proposal_substructure_t object to add
|
||||
* @param this calling sa_payload_t object
|
||||
* @param proposal proposal_substructure_t object to add
|
||||
*/
|
||||
void (*add_proposal_substructure) (sa_payload_t *this,proposal_substructure_t *proposal);
|
||||
|
||||
/**
|
||||
* Creates an array of ike_proposal_t's in this SA payload.
|
||||
* @brief Creates an array of ike_proposal_t's in this SA payload.
|
||||
*
|
||||
* An IKE proposal consist of transform of type ENCRYPTION_ALGORITHM,
|
||||
* PSEUDO_RANDOM_FUNCTION, INTEGRITY_ALGORITHM and DIFFIE_HELLMAN_GROUP
|
||||
|
@ -102,7 +107,7 @@ struct sa_payload_t {
|
|||
status_t (*get_ike_proposals) (sa_payload_t *this, ike_proposal_t **proposals, size_t *proposal_count);
|
||||
|
||||
/**
|
||||
* Creates an array of child_proposal_t's in this SA payload.
|
||||
* @brief Creates an array of child_proposal_t's in this SA payload.
|
||||
*
|
||||
* @param proposals the pointer to the first entry of child_proposal_t's is set
|
||||
* @param proposal_count the number of found proposals is written at this location
|
||||
|
@ -124,7 +129,7 @@ struct sa_payload_t {
|
|||
/**
|
||||
* @brief Creates an empty sa_payload_t object
|
||||
*
|
||||
* @return created sa_payload_t object
|
||||
* @return created sa_payload_t object
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
|
@ -136,6 +141,7 @@ sa_payload_t *sa_payload_create();
|
|||
* @return created sa_payload_t object
|
||||
* @param proposals pointer to first proposal in array of type ike_proposal_t
|
||||
* @param proposal_count number of ike_proposal_t's in array
|
||||
* @return sa_payload_t object
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
|
@ -150,9 +156,11 @@ sa_payload_t *sa_payload_create_from_ike_proposals(ike_proposal_t *proposals, si
|
|||
* @return created sa_payload_t object
|
||||
* @param proposals pointer to first proposal in array of type child_proposal_t
|
||||
* @param proposal_count number of child_proposal_t's in array
|
||||
* @return sa_payload_t object
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
sa_payload_t *sa_payload_create_from_child_proposals(child_proposal_t *proposals, size_t proposal_count);
|
||||
|
||||
|
||||
#endif /*SA_PAYLOAD_H_*/
|
||||
|
|
|
@ -30,9 +30,9 @@
|
|||
* String mappings for ts_type_t.
|
||||
*/
|
||||
mapping_t ts_type_m[] = {
|
||||
{TS_IPV4_ADDR_RANGE, "TS_IPV4_ADDR_RANGE"},
|
||||
{TS_IPV6_ADDR_RANGE, "TS_IPV6_ADDR_RANGE"},
|
||||
{MAPPING_END, NULL}
|
||||
{TS_IPV4_ADDR_RANGE, "TS_IPV4_ADDR_RANGE"},
|
||||
{TS_IPV6_ADDR_RANGE, "TS_IPV6_ADDR_RANGE"},
|
||||
{MAPPING_END, NULL}
|
||||
};
|
||||
|
||||
|
||||
|
|
|
@ -39,12 +39,15 @@
|
|||
typedef struct traffic_selector_substructure_t traffic_selector_substructure_t;
|
||||
|
||||
/**
|
||||
* Object representing an IKEv2 TRAFFIC SELECTOR.
|
||||
* @brief Class representing an IKEv2 TRAFFIC SELECTOR.
|
||||
*
|
||||
* The TRAFFIC SELECTOR format is described in draft section 3.13.1.
|
||||
*
|
||||
* @ingroup payloads
|
||||
* @b Constructors:
|
||||
* - traffic_selector_substructure_create()
|
||||
* - traffic_selector_substructure_create_from_traffic_selector()
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
struct traffic_selector_substructure_t {
|
||||
/**
|
||||
|
@ -147,7 +150,7 @@ struct traffic_selector_substructure_t {
|
|||
*
|
||||
* TS type is set to default TS_IPV4_ADDR_RANGE!
|
||||
*
|
||||
* @return created traffic_selector_substructure_t object
|
||||
* @return traffic_selector_substructure_t object
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
|
@ -158,7 +161,7 @@ traffic_selector_substructure_t *traffic_selector_substructure_create();
|
|||
* the values from a traffic_selector_t.
|
||||
*
|
||||
* @param traffic_selector traffic_selector_t to use for initialization
|
||||
* @return created traffic_selector_substructure_t object
|
||||
* @return traffic_selector_substructure_t object
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
|
|
|
@ -134,7 +134,7 @@ struct transform_attribute_t {
|
|||
/**
|
||||
* @brief Creates an empty transform_attribute_t object.
|
||||
*
|
||||
* @return created transform_attribute_t object
|
||||
* @return transform_attribute_t object
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
|
@ -144,7 +144,7 @@ transform_attribute_t *transform_attribute_create();
|
|||
* @brief Creates an transform_attribute_t of type KEY_LENGTH.
|
||||
*
|
||||
* @param key_length key length in bytes
|
||||
* @return created transform_attribute_t object
|
||||
* @return transform_attribute_t object
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
|
|
|
@ -228,10 +228,10 @@ transform_substructure_t *transform_substructure_create();
|
|||
* PSEUDO_RANDOM_FUNCTION, INTEGRITY_ALGORITHM. For all
|
||||
* other transport types the key_length parameter is not used
|
||||
*
|
||||
* @return created transform_substructure_t object
|
||||
* @param transform_type type of transform to create
|
||||
* @param transform_id transform id specifying the specific algorithm of a transform type
|
||||
* @param key_length Key length for key lenght attribute
|
||||
* @return transform_substructure_t object
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
|
|
|
@ -41,12 +41,15 @@
|
|||
typedef struct ts_payload_t ts_payload_t;
|
||||
|
||||
/**
|
||||
* Object representing an IKEv2 TS payload.
|
||||
* @brief Class representing an IKEv2 TS payload.
|
||||
*
|
||||
* The TS payload format is described in draft section 3.13.
|
||||
*
|
||||
* @ingroup payloads
|
||||
* @b Constructors:
|
||||
* - ts_payload_create()
|
||||
* - ts_payload_create_from_traffic_selectors()
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
struct ts_payload_t {
|
||||
/**
|
||||
|
@ -61,7 +64,6 @@ struct ts_payload_t {
|
|||
* @return
|
||||
* - TRUE if this payload is of type TSi
|
||||
* - FALSE if this payload is of type TSr
|
||||
*
|
||||
*/
|
||||
bool (*get_initiator) (ts_payload_t *this);
|
||||
|
||||
|
@ -72,7 +74,6 @@ struct ts_payload_t {
|
|||
* @param is_initiator
|
||||
* - TRUE if this payload is of type TSi
|
||||
* - FALSE if this payload is of type TSr
|
||||
*
|
||||
*/
|
||||
void (*set_initiator) (ts_payload_t *this,bool is_initiator);
|
||||
|
||||
|
@ -129,8 +130,7 @@ struct ts_payload_t {
|
|||
* @param is_initiator
|
||||
* - TRUE if this payload is of type TSi
|
||||
* - FALSE if this payload is of type TSr
|
||||
*
|
||||
* @return created ts_payload_t object
|
||||
* @return ts_payload_t object
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
|
@ -143,8 +143,7 @@ ts_payload_t *ts_payload_create(bool is_initiator);
|
|||
* @param is_initiator
|
||||
* - TRUE if this payload is of type TSi
|
||||
* - FALSE if this payload is of type TSr
|
||||
*
|
||||
* @return created ts_payload_t object
|
||||
* @return ts_payload_t object
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
|
|
|
@ -101,6 +101,7 @@ encoding_rule_t unknown_payload_encodings[] = {
|
|||
*/
|
||||
static status_t verify(private_unknown_payload_t *this)
|
||||
{
|
||||
/* can't do any checks, so we assume its good */
|
||||
return SUCCESS;
|
||||
}
|
||||
|
||||
|
|
|
@ -85,7 +85,7 @@ struct unknown_payload_t {
|
|||
/**
|
||||
* @brief Creates an empty unknown_payload_t object.
|
||||
*
|
||||
* @return created unknown_payload_t object
|
||||
* @return unknown_payload_t object
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
|
|
|
@ -198,7 +198,6 @@ static void destroy(private_vendor_id_payload_t *this)
|
|||
{
|
||||
allocator_free_chunk(&(this->vendor_id_data));
|
||||
}
|
||||
|
||||
allocator_free(this);
|
||||
}
|
||||
|
||||
|
@ -227,7 +226,7 @@ vendor_id_payload_t *vendor_id_payload_create()
|
|||
/* private variables */
|
||||
this->critical = FALSE;
|
||||
this->next_payload = NO_PAYLOAD;
|
||||
this->payload_length =VENDOR_ID_PAYLOAD_HEADER_LENGTH;
|
||||
this->payload_length = VENDOR_ID_PAYLOAD_HEADER_LENGTH;
|
||||
this->vendor_id_data = CHUNK_INITIALIZER;
|
||||
|
||||
return (&(this->public));
|
||||
|
|
|
@ -37,12 +37,14 @@
|
|||
typedef struct vendor_id_payload_t vendor_id_payload_t;
|
||||
|
||||
/**
|
||||
* Object representing an IKEv2 VENDOR ID payload.
|
||||
* @brief Class representing an IKEv2 VENDOR ID payload.
|
||||
*
|
||||
* The VENDOR ID payload format is described in draft section 3.12.
|
||||
*
|
||||
* @ingroup payloads
|
||||
* @b Constructors:
|
||||
* - vendor_id_payload_create()
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
struct vendor_id_payload_t {
|
||||
/**
|
||||
|
@ -91,7 +93,7 @@ struct vendor_id_payload_t {
|
|||
/**
|
||||
* @brief Creates an empty vendor_id_payload_t object.
|
||||
*
|
||||
* @return created vendor_id_payload_t object
|
||||
* @return vendor_id_payload_t object
|
||||
*
|
||||
* @ingroup payloads
|
||||
*/
|
||||
|
|
|
@ -465,7 +465,7 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t
|
|||
status_t process_nonce_payload (private_ike_sa_init_requested_t *this, nonce_payload_t *nonce_payload)
|
||||
{
|
||||
allocator_free(this->received_nonce.ptr);
|
||||
nonce_payload->get_nonce(nonce_payload, &(this->received_nonce));
|
||||
this->received_nonce = nonce_payload->get_nonce(nonce_payload);
|
||||
return SUCCESS;
|
||||
}
|
||||
|
||||
|
|
|
@ -455,7 +455,7 @@ static status_t build_nonce_payload(private_responder_init_t *this,nonce_payload
|
|||
this->received_nonce = CHUNK_INITIALIZER;
|
||||
|
||||
this->logger->log(this->logger, CONTROL | MOST, "Get NONCE value and store it");
|
||||
nonce_request->get_nonce(nonce_request, &(this->received_nonce));
|
||||
this->received_nonce = nonce_request->get_nonce(nonce_request);
|
||||
|
||||
this->logger->log(this->logger, CONTROL | MOST, "Create new NONCE value.");
|
||||
|
||||
|
|
|
@ -118,7 +118,7 @@ void test_encryption_payload(tester_t *tester)
|
|||
while (iterator->has_next(iterator))
|
||||
{
|
||||
iterator->current(iterator, (void**)&nonce_payload);
|
||||
nonce_payload->get_nonce(nonce_payload, &got_nonce);
|
||||
got_nonce = nonce_payload->get_nonce(nonce_payload);
|
||||
}
|
||||
iterator->destroy(iterator);
|
||||
|
||||
|
|
|
@ -439,7 +439,7 @@ void test_parser_with_nonce_payload(tester_t *tester)
|
|||
{
|
||||
return;
|
||||
}
|
||||
nonce_payload->get_nonce(nonce_payload, &result);
|
||||
result = nonce_payload->get_nonce(nonce_payload);
|
||||
tester->assert_true(tester,(result.len == 16), "parsed nonce lenght");
|
||||
tester->assert_false(tester,(memcmp(nonce_bytes + 4, result.ptr, result.len)), "parsed nonce data");
|
||||
nonce_payload->destroy(nonce_payload);
|
||||
|
|
Loading…
Reference in New Issue