Added not-yet used sa_payload parameters used in IKEv1

src/conftest/hooks/custom_proposal.c

@@ -145,8 +145,7 @@ METHOD(listener_t, message, bool,
 										   proposal->get_protocol(proposal),
 										   proposal->get_spi(proposal));
 				DBG1(DBG_CFG, "injecting custom proposal: %#P", new_props);
-				new = sa_payload_create_from_proposal_list(
-											SECURITY_ASSOCIATION, new_props);
+				new = sa_payload_create_from_proposals_v2(new_props);
 				message->add_payload(message, (payload_t*)new);
 				new_props->destroy_offset(new_props, offsetof(proposal_t, destroy));
 			}

src/conftest/hooks/pretend_auth.c

@@ -295,8 +295,7 @@ static void process_auth_response(private_pretend_auth_t *this,
 	if (this->proposal)
 	{
 		message->add_payload(message, (payload_t*)
-					sa_payload_create_from_proposal(SECURITY_ASSOCIATION,
-													this->proposal));
+					sa_payload_create_from_proposal_v2(this->proposal));
 	}
 	if (this->tsi)
 	{

src/conftest/hooks/set_proposal_number.c

@@ -121,7 +121,7 @@ METHOD(listener_t, message, bool,
 			}
 			enumerator->destroy(enumerator);
 		}
-		sa = sa_payload_create_from_proposal_list(SECURITY_ASSOCIATION, updated);
+		sa = sa_payload_create_from_proposals_v2(updated);
 		list->destroy_offset(list, offsetof(proposal_t, destroy));
 		updated->destroy_offset(updated, offsetof(proposal_t, destroy));
 		message->add_payload(message, (payload_t*)sa);

src/libcharon/encoding/payloads/sa_payload.c

@@ -341,6 +341,31 @@ METHOD(sa_payload_t, create_substructure_enumerator, enumerator_t*,
 	return this->proposals->create_enumerator(this->proposals);
 }
 
+METHOD(sa_payload_t, get_lifetime, u_int32_t,
+	private_sa_payload_t *this)
+{
+	return 0;
+}
+
+METHOD(sa_payload_t, get_lifebytes, u_int64_t,
+	private_sa_payload_t *this)
+{
+	return 0;
+}
+
+METHOD(sa_payload_t, get_auth_method, auth_method_t,
+	private_sa_payload_t *this)
+{
+	return AUTH_NONE;
+}
+
+METHOD(sa_payload_t, get_encap_mode, ipsec_mode_t,
+	private_sa_payload_t *this, bool *udp)
+{
+	*udp = FALSE;
+	return MODE_NONE;
+}
+
 METHOD2(payload_t, sa_payload_t, destroy, void,
 	private_sa_payload_t *this)
 {
@@ -370,6 +395,10 @@ sa_payload_t *sa_payload_create(payload_type_t type)
 			},
 			.get_proposals = _get_proposals,
 			.create_substructure_enumerator = _create_substructure_enumerator,
+			.get_lifetime = _get_lifetime,
+			.get_lifebytes = _get_lifebytes,
+			.get_auth_method = _get_auth_method,
+			.get_encap_mode = _get_encap_mode,
 			.destroy = _destroy,
 		},
 		.next_payload = NO_PAYLOAD,
@@ -431,3 +460,80 @@ sa_payload_t *sa_payload_create_from_proposal(payload_type_t type,
 
 	return &this->public;
 }
+
+/*
+ * Described in header.
+ */
+sa_payload_t *sa_payload_create_from_proposals_v2(linked_list_t *proposals)
+{
+	private_sa_payload_t *this;
+	enumerator_t *enumerator;
+	proposal_t *proposal;
+
+	this = (private_sa_payload_t*)sa_payload_create(SECURITY_ASSOCIATION);
+	enumerator = proposals->create_enumerator(proposals);
+	while (enumerator->enumerate(enumerator, &proposal))
+	{
+		add_proposal(this, proposal);
+	}
+	enumerator->destroy(enumerator);
+
+	return &this->public;
+}
+
+/*
+ * Described in header.
+ */
+sa_payload_t *sa_payload_create_from_proposal_v2(proposal_t *proposal)
+{
+	private_sa_payload_t *this;
+
+	this = (private_sa_payload_t*)sa_payload_create(SECURITY_ASSOCIATION);
+	add_proposal(this, proposal);
+
+	return &this->public;
+
+}
+
+/*
+ * Described in header.
+ */
+sa_payload_t *sa_payload_create_from_proposals_v1(linked_list_t *proposals,
+								u_int32_t lifetime, u_int64_t lifebytes,
+								auth_method_t auth, ipsec_mode_t mode, bool udp)
+{
+	proposal_substructure_t *substruct;
+	private_sa_payload_t *this;
+
+	this = (private_sa_payload_t*)sa_payload_create(SECURITY_ASSOCIATION);
+
+	/* IKEv1 encodes multiple proposals in a single substructure
+	 * TODO-IKEv1: Encode ESP+AH proposals in two different substructs */
+	substruct = proposal_substructure_create_from_proposals(proposals);
+	substruct->set_is_last_proposal(substruct, TRUE);
+	this->proposals->insert_last(this->proposals, substruct);
+	compute_length(this);
+
+	return &this->public;
+}
+
+/*
+ * Described in header.
+ */
+sa_payload_t *sa_payload_create_from_proposal_v1(proposal_t *proposal,
+								u_int32_t lifetime, u_int64_t lifebytes,
+								auth_method_t auth, ipsec_mode_t mode, bool udp)
+{
+	proposal_substructure_t *substruct;
+	private_sa_payload_t *this;
+
+	this = (private_sa_payload_t*)sa_payload_create(SECURITY_ASSOCIATION_V1);
+
+	substruct = proposal_substructure_create_from_proposal(
+											PROPOSAL_SUBSTRUCTURE_V1, proposal);
+	substruct->set_is_last_proposal(substruct, TRUE);
+	this->proposals->insert_last(this->proposals, substruct);
+	compute_length(this);
+
+	return &this->public;
+}

src/libcharon/encoding/payloads/sa_payload.h

@@ -28,6 +28,8 @@ typedef struct sa_payload_t sa_payload_t;
 #include <encoding/payloads/payload.h>
 #include <encoding/payloads/proposal_substructure.h>
 #include <utils/linked_list.h>
+#include <kernel/kernel_ipsec.h>
+#include <sa/authenticators/authenticator.h>
 
 /**
  * Class representing an IKEv1 or IKEv2 SA Payload.
@@ -48,6 +50,35 @@ struct sa_payload_t {
 	 */
 	linked_list_t *(*get_proposals) (sa_payload_t *this);
 
+	/**
+	 * Get the (shortest) lifetime of a proposal (IKEv1 only).
+	 *
+	 * @return					lifetime, in seconds
+	 */
+	u_int32_t (*get_lifetime)(sa_payload_t *this);
+
+	/**
+	 * Get the (shortest) life duration of a proposal (IKEv1 only).
+	 *
+	 * @return					life duration, in bytes
+	 */
+	u_int64_t (*get_lifebytes)(sa_payload_t *this);
+
+	/**
+	 * Get the first authentication method from the proposal (IKEv1 only).
+	 *
+	 * @return					auth method, or AUTH_NONE
+	 */
+	auth_method_t (*get_auth_method)(sa_payload_t *this);
+
+	/**
+	 * Get the (first) encapsulation mode from a proposal (IKEv1 only).
+	 *
+	 * @param udp				set to TRUE if UDP encapsulation used
+	 * @return					ipsec encapsulation mode
+	 */
+	ipsec_mode_t (*get_encap_mode)(sa_payload_t *this, bool *udp);
+
 	/**
 	 * Create an enumerator over all proposal substructures.
 	 *
@@ -70,26 +101,49 @@ struct sa_payload_t {
 sa_payload_t *sa_payload_create(payload_type_t type);
 
 /**
- * Creates a sa_payload_t object from a list of proposals.
+ * Creates an IKEv2 sa_payload_t object from a list of proposals.
  *
- * @param type				SECURITY_ASSOCIATION or SECURITY_ASSOCIATION_V1
  * @param proposals			list of proposals to build the payload from
  * @return					sa_payload_t object
  */
-sa_payload_t *sa_payload_create_from_proposal_list(payload_type_t type,
-												   linked_list_t *proposals);
+sa_payload_t *sa_payload_create_from_proposals_v2(linked_list_t *proposals);
 
 /**
- * Creates a sa_payload_t object from a single proposal.
+ * Creates an IKEv2 sa_payload_t object from a single proposal.
  *
- * This is only for convenience. Use sa_payload_create_from_proposal_list
- * if you want to add more than one proposal.
- *
- * @param type				SECURITY_ASSOCIATION or SECURITY_ASSOCIATION_V1
  * @param proposal			proposal from which the payload should be built.
  * @return					sa_payload_t object
  */
-sa_payload_t *sa_payload_create_from_proposal(payload_type_t type,
-											  proposal_t *proposal);
+sa_payload_t *sa_payload_create_from_proposal_v2(proposal_t *proposal);
+
+/**
+ * Creates an IKEv1 sa_payload_t object from a list of proposals.
+ *
+ * @param proposals			list of proposals to build the payload from
+ * @param lifetime			lifetime in seconds
+ * @param lifebytes			lifebytes, in bytes
+ * @param auth				authentication method to use, or AUTH_NONE
+ * @param mode				IPsec encapsulation mode, TRANSPORT or TUNNEL
+ * @param udp				TRUE to use UDP encapsulation
+ * @return					sa_payload_t object
+ */
+sa_payload_t *sa_payload_create_from_proposals_v1(linked_list_t *proposals,
+							u_int32_t lifetime, u_int64_t lifebytes,
+							auth_method_t auth, ipsec_mode_t mode, bool udp);
+
+/**
+ * Creates an IKEv1 sa_payload_t object from a single proposal.
+ *
+ * @param proposal			proposal from which the payload should be built.
+ * @param lifetime			lifetime in seconds
+ * @param lifebytes			lifebytes, in bytes
+ * @param auth				authentication method to use, or AUTH_NONE
+ * @param mode				IPsec encapsulation mode, TRANSPORT or TUNNEL
+ * @param udp				TRUE to use UDP encapsulation
+ * @return					sa_payload_t object
+ */
+sa_payload_t *sa_payload_create_from_proposal_v1(proposal_t *proposal,
+							u_int32_t lifetime, u_int64_t lifebytes,
+							auth_method_t auth, ipsec_mode_t mode, bool udp);
 
 #endif /** SA_PAYLOAD_H_ @}*/

src/libcharon/sa/authenticators/authenticator.h

@@ -34,6 +34,12 @@ typedef struct authenticator_t authenticator_t;
  * Method to use for authentication, as defined in IKEv2.
  */
 enum auth_method_t {
+
+	/**
+	 * No authentication used.
+	 */
+	AUTH_NONE = 0,
+
 	/**
 	 * Computed as specified in section 2.15 of RFC using
 	 * an RSA private key over a PKCS#1 padded hash.

src/libcharon/sa/tasks/child_create.c

@@ -527,13 +527,11 @@ static void build_payloads(private_child_create_t *this, message_t *message)
 	/* add SA payload */
 	if (this->initiator)
 	{
-		sa_payload = sa_payload_create_from_proposal_list(SECURITY_ASSOCIATION,
-														  this->proposals);
+		sa_payload = sa_payload_create_from_proposals_v2(this->proposals);
 	}
 	else
 	{
-		sa_payload = sa_payload_create_from_proposal(SECURITY_ASSOCIATION,
-													 this->proposal);
+		sa_payload = sa_payload_create_from_proposal_v2(this->proposal);
 	}
 	message->add_payload(message, (payload_t*)sa_payload);
 

src/libcharon/sa/tasks/ike_init.c

@@ -133,8 +133,7 @@ static void build_payloads(private_ike_init_t *this, message_t *message)
 			enumerator->destroy(enumerator);
 		}
 
-		sa_payload = sa_payload_create_from_proposal_list(SECURITY_ASSOCIATION,
-														  proposal_list);
+		sa_payload = sa_payload_create_from_proposals_v2(proposal_list);
 		proposal_list->destroy_offset(proposal_list, offsetof(proposal_t, destroy));
 	}
 	else
@@ -144,8 +143,7 @@ static void build_payloads(private_ike_init_t *this, message_t *message)
 			/* include SPI of new IKE_SA when we are rekeying */
 			this->proposal->set_spi(this->proposal, id->get_responder_spi(id));
 		}
-		sa_payload = sa_payload_create_from_proposal(SECURITY_ASSOCIATION,
-													 this->proposal);
+		sa_payload = sa_payload_create_from_proposal_v2(this->proposal);
 	}
 	message->add_payload(message, (payload_t*)sa_payload);
 

src/libcharon/sa/tasks/main_mode.c

@@ -299,8 +299,8 @@ METHOD(task_t, build_i, status_t,
 
 			proposals = this->ike_cfg->get_proposals(this->ike_cfg);
 
-			sa_payload = sa_payload_create_from_proposal_list(
-											SECURITY_ASSOCIATION_V1, proposals);
+			sa_payload = sa_payload_create_from_proposals_v1(proposals,
+								0, 0, AUTH_NONE, MODE_NONE, FALSE);
 			proposals->destroy_offset(proposals, offsetof(proposal_t, destroy));
 
 			message->add_payload(message, &sa_payload->payload_interface);
@@ -573,8 +573,8 @@ METHOD(task_t, build_r, status_t,
 		{
 			sa_payload_t *sa_payload;
 
-			sa_payload = sa_payload_create_from_proposal(SECURITY_ASSOCIATION_V1,
-														 this->proposal);
+			sa_payload = sa_payload_create_from_proposal_v1(this->proposal,
+											0, 0, AUTH_NONE, MODE_NONE, FALSE);
 			message->add_payload(message, &sa_payload->payload_interface);
 
 			return NEED_MORE;

src/libcharon/sa/tasks/quick_mode.c

@@ -425,8 +425,8 @@ METHOD(task_t, build_i, status_t,
 			}
 			enumerator->destroy(enumerator);
 
-			sa_payload = sa_payload_create_from_proposal_list(
-												SECURITY_ASSOCIATION_V1, list);
+			sa_payload = sa_payload_create_from_proposals_v1(list,
+											0, 0, AUTH_NONE, MODE_NONE, FALSE);
 			list->destroy_offset(list, offsetof(proposal_t, destroy));
 			message->add_payload(message, &sa_payload->payload_interface);
 
@@ -551,8 +551,8 @@ METHOD(task_t, build_r, status_t,
 			}
 			this->proposal->set_spi(this->proposal, this->spi_r);
 
-			sa_payload = sa_payload_create_from_proposal(
-									SECURITY_ASSOCIATION_V1, this->proposal);
+			sa_payload = sa_payload_create_from_proposal_v1(this->proposal,
+											0, 0, AUTH_NONE, MODE_NONE, FALSE);
 			message->add_payload(message, &sa_payload->payload_interface);
 
 			if (!add_nonce(this, &this->nonce_r, message))

src/libhydra/kernel/kernel_ipsec.h

@@ -43,6 +43,8 @@ typedef struct mark_t mark_t;
  * Mode of an IPsec SA.
  */
 enum ipsec_mode_t {
+	/** not using any encapsulation */
+	MODE_NONE = 0,
 	/** transport mode, no inner address */
 	MODE_TRANSPORT = 1,
 	/** tunnel mode, inner and outer addresses */