Added not-yet used sa_payload parameters used in IKEv1
This commit is contained in:
parent
d08269c700
commit
e174e0d445
|
@ -145,8 +145,7 @@ METHOD(listener_t, message, bool,
|
|||
proposal->get_protocol(proposal),
|
||||
proposal->get_spi(proposal));
|
||||
DBG1(DBG_CFG, "injecting custom proposal: %#P", new_props);
|
||||
new = sa_payload_create_from_proposal_list(
|
||||
SECURITY_ASSOCIATION, new_props);
|
||||
new = sa_payload_create_from_proposals_v2(new_props);
|
||||
message->add_payload(message, (payload_t*)new);
|
||||
new_props->destroy_offset(new_props, offsetof(proposal_t, destroy));
|
||||
}
|
||||
|
|
|
@ -295,8 +295,7 @@ static void process_auth_response(private_pretend_auth_t *this,
|
|||
if (this->proposal)
|
||||
{
|
||||
message->add_payload(message, (payload_t*)
|
||||
sa_payload_create_from_proposal(SECURITY_ASSOCIATION,
|
||||
this->proposal));
|
||||
sa_payload_create_from_proposal_v2(this->proposal));
|
||||
}
|
||||
if (this->tsi)
|
||||
{
|
||||
|
|
|
@ -121,7 +121,7 @@ METHOD(listener_t, message, bool,
|
|||
}
|
||||
enumerator->destroy(enumerator);
|
||||
}
|
||||
sa = sa_payload_create_from_proposal_list(SECURITY_ASSOCIATION, updated);
|
||||
sa = sa_payload_create_from_proposals_v2(updated);
|
||||
list->destroy_offset(list, offsetof(proposal_t, destroy));
|
||||
updated->destroy_offset(updated, offsetof(proposal_t, destroy));
|
||||
message->add_payload(message, (payload_t*)sa);
|
||||
|
|
|
@ -341,6 +341,31 @@ METHOD(sa_payload_t, create_substructure_enumerator, enumerator_t*,
|
|||
return this->proposals->create_enumerator(this->proposals);
|
||||
}
|
||||
|
||||
METHOD(sa_payload_t, get_lifetime, u_int32_t,
|
||||
private_sa_payload_t *this)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
METHOD(sa_payload_t, get_lifebytes, u_int64_t,
|
||||
private_sa_payload_t *this)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
METHOD(sa_payload_t, get_auth_method, auth_method_t,
|
||||
private_sa_payload_t *this)
|
||||
{
|
||||
return AUTH_NONE;
|
||||
}
|
||||
|
||||
METHOD(sa_payload_t, get_encap_mode, ipsec_mode_t,
|
||||
private_sa_payload_t *this, bool *udp)
|
||||
{
|
||||
*udp = FALSE;
|
||||
return MODE_NONE;
|
||||
}
|
||||
|
||||
METHOD2(payload_t, sa_payload_t, destroy, void,
|
||||
private_sa_payload_t *this)
|
||||
{
|
||||
|
@ -370,6 +395,10 @@ sa_payload_t *sa_payload_create(payload_type_t type)
|
|||
},
|
||||
.get_proposals = _get_proposals,
|
||||
.create_substructure_enumerator = _create_substructure_enumerator,
|
||||
.get_lifetime = _get_lifetime,
|
||||
.get_lifebytes = _get_lifebytes,
|
||||
.get_auth_method = _get_auth_method,
|
||||
.get_encap_mode = _get_encap_mode,
|
||||
.destroy = _destroy,
|
||||
},
|
||||
.next_payload = NO_PAYLOAD,
|
||||
|
@ -431,3 +460,80 @@ sa_payload_t *sa_payload_create_from_proposal(payload_type_t type,
|
|||
|
||||
return &this->public;
|
||||
}
|
||||
|
||||
/*
|
||||
* Described in header.
|
||||
*/
|
||||
sa_payload_t *sa_payload_create_from_proposals_v2(linked_list_t *proposals)
|
||||
{
|
||||
private_sa_payload_t *this;
|
||||
enumerator_t *enumerator;
|
||||
proposal_t *proposal;
|
||||
|
||||
this = (private_sa_payload_t*)sa_payload_create(SECURITY_ASSOCIATION);
|
||||
enumerator = proposals->create_enumerator(proposals);
|
||||
while (enumerator->enumerate(enumerator, &proposal))
|
||||
{
|
||||
add_proposal(this, proposal);
|
||||
}
|
||||
enumerator->destroy(enumerator);
|
||||
|
||||
return &this->public;
|
||||
}
|
||||
|
||||
/*
|
||||
* Described in header.
|
||||
*/
|
||||
sa_payload_t *sa_payload_create_from_proposal_v2(proposal_t *proposal)
|
||||
{
|
||||
private_sa_payload_t *this;
|
||||
|
||||
this = (private_sa_payload_t*)sa_payload_create(SECURITY_ASSOCIATION);
|
||||
add_proposal(this, proposal);
|
||||
|
||||
return &this->public;
|
||||
|
||||
}
|
||||
|
||||
/*
|
||||
* Described in header.
|
||||
*/
|
||||
sa_payload_t *sa_payload_create_from_proposals_v1(linked_list_t *proposals,
|
||||
u_int32_t lifetime, u_int64_t lifebytes,
|
||||
auth_method_t auth, ipsec_mode_t mode, bool udp)
|
||||
{
|
||||
proposal_substructure_t *substruct;
|
||||
private_sa_payload_t *this;
|
||||
|
||||
this = (private_sa_payload_t*)sa_payload_create(SECURITY_ASSOCIATION);
|
||||
|
||||
/* IKEv1 encodes multiple proposals in a single substructure
|
||||
* TODO-IKEv1: Encode ESP+AH proposals in two different substructs */
|
||||
substruct = proposal_substructure_create_from_proposals(proposals);
|
||||
substruct->set_is_last_proposal(substruct, TRUE);
|
||||
this->proposals->insert_last(this->proposals, substruct);
|
||||
compute_length(this);
|
||||
|
||||
return &this->public;
|
||||
}
|
||||
|
||||
/*
|
||||
* Described in header.
|
||||
*/
|
||||
sa_payload_t *sa_payload_create_from_proposal_v1(proposal_t *proposal,
|
||||
u_int32_t lifetime, u_int64_t lifebytes,
|
||||
auth_method_t auth, ipsec_mode_t mode, bool udp)
|
||||
{
|
||||
proposal_substructure_t *substruct;
|
||||
private_sa_payload_t *this;
|
||||
|
||||
this = (private_sa_payload_t*)sa_payload_create(SECURITY_ASSOCIATION_V1);
|
||||
|
||||
substruct = proposal_substructure_create_from_proposal(
|
||||
PROPOSAL_SUBSTRUCTURE_V1, proposal);
|
||||
substruct->set_is_last_proposal(substruct, TRUE);
|
||||
this->proposals->insert_last(this->proposals, substruct);
|
||||
compute_length(this);
|
||||
|
||||
return &this->public;
|
||||
}
|
||||
|
|
|
@ -28,6 +28,8 @@ typedef struct sa_payload_t sa_payload_t;
|
|||
#include <encoding/payloads/payload.h>
|
||||
#include <encoding/payloads/proposal_substructure.h>
|
||||
#include <utils/linked_list.h>
|
||||
#include <kernel/kernel_ipsec.h>
|
||||
#include <sa/authenticators/authenticator.h>
|
||||
|
||||
/**
|
||||
* Class representing an IKEv1 or IKEv2 SA Payload.
|
||||
|
@ -48,6 +50,35 @@ struct sa_payload_t {
|
|||
*/
|
||||
linked_list_t *(*get_proposals) (sa_payload_t *this);
|
||||
|
||||
/**
|
||||
* Get the (shortest) lifetime of a proposal (IKEv1 only).
|
||||
*
|
||||
* @return lifetime, in seconds
|
||||
*/
|
||||
u_int32_t (*get_lifetime)(sa_payload_t *this);
|
||||
|
||||
/**
|
||||
* Get the (shortest) life duration of a proposal (IKEv1 only).
|
||||
*
|
||||
* @return life duration, in bytes
|
||||
*/
|
||||
u_int64_t (*get_lifebytes)(sa_payload_t *this);
|
||||
|
||||
/**
|
||||
* Get the first authentication method from the proposal (IKEv1 only).
|
||||
*
|
||||
* @return auth method, or AUTH_NONE
|
||||
*/
|
||||
auth_method_t (*get_auth_method)(sa_payload_t *this);
|
||||
|
||||
/**
|
||||
* Get the (first) encapsulation mode from a proposal (IKEv1 only).
|
||||
*
|
||||
* @param udp set to TRUE if UDP encapsulation used
|
||||
* @return ipsec encapsulation mode
|
||||
*/
|
||||
ipsec_mode_t (*get_encap_mode)(sa_payload_t *this, bool *udp);
|
||||
|
||||
/**
|
||||
* Create an enumerator over all proposal substructures.
|
||||
*
|
||||
|
@ -70,26 +101,49 @@ struct sa_payload_t {
|
|||
sa_payload_t *sa_payload_create(payload_type_t type);
|
||||
|
||||
/**
|
||||
* Creates a sa_payload_t object from a list of proposals.
|
||||
* Creates an IKEv2 sa_payload_t object from a list of proposals.
|
||||
*
|
||||
* @param type SECURITY_ASSOCIATION or SECURITY_ASSOCIATION_V1
|
||||
* @param proposals list of proposals to build the payload from
|
||||
* @return sa_payload_t object
|
||||
*/
|
||||
sa_payload_t *sa_payload_create_from_proposal_list(payload_type_t type,
|
||||
linked_list_t *proposals);
|
||||
sa_payload_t *sa_payload_create_from_proposals_v2(linked_list_t *proposals);
|
||||
|
||||
/**
|
||||
* Creates a sa_payload_t object from a single proposal.
|
||||
* Creates an IKEv2 sa_payload_t object from a single proposal.
|
||||
*
|
||||
* This is only for convenience. Use sa_payload_create_from_proposal_list
|
||||
* if you want to add more than one proposal.
|
||||
*
|
||||
* @param type SECURITY_ASSOCIATION or SECURITY_ASSOCIATION_V1
|
||||
* @param proposal proposal from which the payload should be built.
|
||||
* @return sa_payload_t object
|
||||
*/
|
||||
sa_payload_t *sa_payload_create_from_proposal(payload_type_t type,
|
||||
proposal_t *proposal);
|
||||
sa_payload_t *sa_payload_create_from_proposal_v2(proposal_t *proposal);
|
||||
|
||||
/**
|
||||
* Creates an IKEv1 sa_payload_t object from a list of proposals.
|
||||
*
|
||||
* @param proposals list of proposals to build the payload from
|
||||
* @param lifetime lifetime in seconds
|
||||
* @param lifebytes lifebytes, in bytes
|
||||
* @param auth authentication method to use, or AUTH_NONE
|
||||
* @param mode IPsec encapsulation mode, TRANSPORT or TUNNEL
|
||||
* @param udp TRUE to use UDP encapsulation
|
||||
* @return sa_payload_t object
|
||||
*/
|
||||
sa_payload_t *sa_payload_create_from_proposals_v1(linked_list_t *proposals,
|
||||
u_int32_t lifetime, u_int64_t lifebytes,
|
||||
auth_method_t auth, ipsec_mode_t mode, bool udp);
|
||||
|
||||
/**
|
||||
* Creates an IKEv1 sa_payload_t object from a single proposal.
|
||||
*
|
||||
* @param proposal proposal from which the payload should be built.
|
||||
* @param lifetime lifetime in seconds
|
||||
* @param lifebytes lifebytes, in bytes
|
||||
* @param auth authentication method to use, or AUTH_NONE
|
||||
* @param mode IPsec encapsulation mode, TRANSPORT or TUNNEL
|
||||
* @param udp TRUE to use UDP encapsulation
|
||||
* @return sa_payload_t object
|
||||
*/
|
||||
sa_payload_t *sa_payload_create_from_proposal_v1(proposal_t *proposal,
|
||||
u_int32_t lifetime, u_int64_t lifebytes,
|
||||
auth_method_t auth, ipsec_mode_t mode, bool udp);
|
||||
|
||||
#endif /** SA_PAYLOAD_H_ @}*/
|
||||
|
|
|
@ -34,6 +34,12 @@ typedef struct authenticator_t authenticator_t;
|
|||
* Method to use for authentication, as defined in IKEv2.
|
||||
*/
|
||||
enum auth_method_t {
|
||||
|
||||
/**
|
||||
* No authentication used.
|
||||
*/
|
||||
AUTH_NONE = 0,
|
||||
|
||||
/**
|
||||
* Computed as specified in section 2.15 of RFC using
|
||||
* an RSA private key over a PKCS#1 padded hash.
|
||||
|
|
|
@ -527,13 +527,11 @@ static void build_payloads(private_child_create_t *this, message_t *message)
|
|||
/* add SA payload */
|
||||
if (this->initiator)
|
||||
{
|
||||
sa_payload = sa_payload_create_from_proposal_list(SECURITY_ASSOCIATION,
|
||||
this->proposals);
|
||||
sa_payload = sa_payload_create_from_proposals_v2(this->proposals);
|
||||
}
|
||||
else
|
||||
{
|
||||
sa_payload = sa_payload_create_from_proposal(SECURITY_ASSOCIATION,
|
||||
this->proposal);
|
||||
sa_payload = sa_payload_create_from_proposal_v2(this->proposal);
|
||||
}
|
||||
message->add_payload(message, (payload_t*)sa_payload);
|
||||
|
||||
|
|
|
@ -133,8 +133,7 @@ static void build_payloads(private_ike_init_t *this, message_t *message)
|
|||
enumerator->destroy(enumerator);
|
||||
}
|
||||
|
||||
sa_payload = sa_payload_create_from_proposal_list(SECURITY_ASSOCIATION,
|
||||
proposal_list);
|
||||
sa_payload = sa_payload_create_from_proposals_v2(proposal_list);
|
||||
proposal_list->destroy_offset(proposal_list, offsetof(proposal_t, destroy));
|
||||
}
|
||||
else
|
||||
|
@ -144,8 +143,7 @@ static void build_payloads(private_ike_init_t *this, message_t *message)
|
|||
/* include SPI of new IKE_SA when we are rekeying */
|
||||
this->proposal->set_spi(this->proposal, id->get_responder_spi(id));
|
||||
}
|
||||
sa_payload = sa_payload_create_from_proposal(SECURITY_ASSOCIATION,
|
||||
this->proposal);
|
||||
sa_payload = sa_payload_create_from_proposal_v2(this->proposal);
|
||||
}
|
||||
message->add_payload(message, (payload_t*)sa_payload);
|
||||
|
||||
|
|
|
@ -299,8 +299,8 @@ METHOD(task_t, build_i, status_t,
|
|||
|
||||
proposals = this->ike_cfg->get_proposals(this->ike_cfg);
|
||||
|
||||
sa_payload = sa_payload_create_from_proposal_list(
|
||||
SECURITY_ASSOCIATION_V1, proposals);
|
||||
sa_payload = sa_payload_create_from_proposals_v1(proposals,
|
||||
0, 0, AUTH_NONE, MODE_NONE, FALSE);
|
||||
proposals->destroy_offset(proposals, offsetof(proposal_t, destroy));
|
||||
|
||||
message->add_payload(message, &sa_payload->payload_interface);
|
||||
|
@ -573,8 +573,8 @@ METHOD(task_t, build_r, status_t,
|
|||
{
|
||||
sa_payload_t *sa_payload;
|
||||
|
||||
sa_payload = sa_payload_create_from_proposal(SECURITY_ASSOCIATION_V1,
|
||||
this->proposal);
|
||||
sa_payload = sa_payload_create_from_proposal_v1(this->proposal,
|
||||
0, 0, AUTH_NONE, MODE_NONE, FALSE);
|
||||
message->add_payload(message, &sa_payload->payload_interface);
|
||||
|
||||
return NEED_MORE;
|
||||
|
|
|
@ -425,8 +425,8 @@ METHOD(task_t, build_i, status_t,
|
|||
}
|
||||
enumerator->destroy(enumerator);
|
||||
|
||||
sa_payload = sa_payload_create_from_proposal_list(
|
||||
SECURITY_ASSOCIATION_V1, list);
|
||||
sa_payload = sa_payload_create_from_proposals_v1(list,
|
||||
0, 0, AUTH_NONE, MODE_NONE, FALSE);
|
||||
list->destroy_offset(list, offsetof(proposal_t, destroy));
|
||||
message->add_payload(message, &sa_payload->payload_interface);
|
||||
|
||||
|
@ -551,8 +551,8 @@ METHOD(task_t, build_r, status_t,
|
|||
}
|
||||
this->proposal->set_spi(this->proposal, this->spi_r);
|
||||
|
||||
sa_payload = sa_payload_create_from_proposal(
|
||||
SECURITY_ASSOCIATION_V1, this->proposal);
|
||||
sa_payload = sa_payload_create_from_proposal_v1(this->proposal,
|
||||
0, 0, AUTH_NONE, MODE_NONE, FALSE);
|
||||
message->add_payload(message, &sa_payload->payload_interface);
|
||||
|
||||
if (!add_nonce(this, &this->nonce_r, message))
|
||||
|
|
|
@ -43,6 +43,8 @@ typedef struct mark_t mark_t;
|
|||
* Mode of an IPsec SA.
|
||||
*/
|
||||
enum ipsec_mode_t {
|
||||
/** not using any encapsulation */
|
||||
MODE_NONE = 0,
|
||||
/** transport mode, no inner address */
|
||||
MODE_TRANSPORT = 1,
|
||||
/** tunnel mode, inner and outer addresses */
|
||||
|
|
Loading…
Reference in New Issue