From f4d8999cc1f6473d9ceee87b5a30857de0758b6b Mon Sep 17 00:00:00 2001
From: Jan Hutter <jhutter@hsr.ch>
Date: Wed, 7 Dec 2005 10:25:32 +0000
Subject: [PATCH] - added support for empty traffic selectors and empty sa
 payload in IKE_AUTH request and reply

---
 Source/charon/config/configuration_manager.c    | 10 ++++++----
 Source/charon/encoding/payloads/ts_payload.c    |  4 ++--
 Source/charon/sa/states/ike_auth_requested.c    |  3 +--
 Source/charon/sa/states/ike_sa_init_responded.c | 14 ++++++++++----
 4 files changed, 19 insertions(+), 12 deletions(-)

diff --git a/Source/charon/config/configuration_manager.c b/Source/charon/config/configuration_manager.c
index de424c576..d3c6425d4 100644
--- a/Source/charon/config/configuration_manager.c
+++ b/Source/charon/config/configuration_manager.c
@@ -292,20 +292,22 @@ static void load_default_config (private_configuration_manager_t *this)
 	proposals[0].integrity_algorithm_key_length = 16;
 	proposals[0].pseudo_random_function = PRF_HMAC_MD5;
 	proposals[0].pseudo_random_function_key_length = 16;
-	proposals[0].diffie_hellman_group = MODP_1024_BIT;
+	proposals[0].diffie_hellman_group = MODP_768_BIT;
 	
 	proposals[1] = proposals[0];
 	proposals[1].integrity_algorithm = AUTH_HMAC_SHA1_96;
 	proposals[1].integrity_algorithm_key_length = 20;
 	proposals[1].pseudo_random_function = PRF_HMAC_SHA1;
 	proposals[1].pseudo_random_function_key_length = 20;
+	proposals[1].diffie_hellman_group = MODP_1024_BIT;
 
-	init_config1->add_proposal(init_config1,1,proposals[0]);
 	init_config1->add_proposal(init_config1,1,proposals[1]);
-	init_config2->add_proposal(init_config2,1,proposals[0]);
+	init_config1->add_proposal(init_config1,1,proposals[0]);
 	init_config2->add_proposal(init_config2,1,proposals[1]);
-	init_config3->add_proposal(init_config3,1,proposals[0]);
+	init_config2->add_proposal(init_config2,1,proposals[0]);
 	init_config3->add_proposal(init_config3,1,proposals[1]);
+	init_config3->add_proposal(init_config3,1,proposals[0]);
+
 	
 	sa_config1 = sa_config_create(ID_IPV4_ADDR, "152.96.193.130", 
 								  ID_IPV4_ADDR, "152.96.193.131",
diff --git a/Source/charon/encoding/payloads/ts_payload.c b/Source/charon/encoding/payloads/ts_payload.c
index d9e17c680..59b732245 100644
--- a/Source/charon/encoding/payloads/ts_payload.c
+++ b/Source/charon/encoding/payloads/ts_payload.c
@@ -128,7 +128,7 @@ encoding_rule_t ts_payload_encodings[] = {
 static status_t verify(private_ts_payload_t *this)
 {
 	iterator_t *iterator;
-	status_t status = FAILED;
+	status_t status = SUCCESS;
 	
 	if (this->critical)
 	{
@@ -340,7 +340,7 @@ ts_payload_t *ts_payload_create(bool is_initiator)
 	this->next_payload = NO_PAYLOAD;
 	this->payload_length =TS_PAYLOAD_HEADER_LENGTH;
 	this->is_initiator = is_initiator;
-	this->number_of_traffic_selectors=0;
+	this->number_of_traffic_selectors = 0;
 	this->traffic_selectors = linked_list_create();  
 
 	return &(this->public);
diff --git a/Source/charon/sa/states/ike_auth_requested.c b/Source/charon/sa/states/ike_auth_requested.c
index 208898593..199a062d3 100644
--- a/Source/charon/sa/states/ike_auth_requested.c
+++ b/Source/charon/sa/states/ike_auth_requested.c
@@ -407,8 +407,7 @@ static status_t process_ts_payload(private_ike_auth_requested_t *this, bool ts_i
 	/* check if the responder selected valid proposals */
 	if (ts_selected_count != ts_received_count)
 	{
-		this->logger->log(this->logger, AUDIT, "IKE_AUTH reply contained not offered traffic selectors. Deleting IKE_SA");
-		status = DELETE_ME;	
+		this->logger->log(this->logger, AUDIT, "IKE_AUTH reply contained not offered traffic selectors.");
 	}
 	
 	/* cleanup */
diff --git a/Source/charon/sa/states/ike_sa_init_responded.c b/Source/charon/sa/states/ike_sa_init_responded.c
index 0e481f78d..b3680da05 100644
--- a/Source/charon/sa/states/ike_sa_init_responded.c
+++ b/Source/charon/sa/states/ike_sa_init_responded.c
@@ -414,9 +414,13 @@ static status_t build_sa_payload(private_ike_sa_init_responded_t *this, sa_paylo
 	}
 	else
 	{
-		this->logger->log(this->logger, AUDIT, "IKE_AUH request did not contain any proposals. Deleting IKE_SA");
-		this->ike_sa->send_notify(this->ike_sa, IKE_AUTH, NO_PROPOSAL_CHOSEN, CHUNK_INITIALIZER);
-		status = DELETE_ME;
+		this->logger->log(this->logger, AUDIT, "IKE_AUH request did not contain any proposals. Don't create CHILD_SA.");
+/*		this->ike_sa->send_notify(this->ike_sa, IKE_AUTH, NO_PROPOSAL_CHOSEN, CHUNK_INITIALIZER);
+		status = DELETE_ME; */
+		sa_response = sa_payload_create();
+		response->add_payload(response, (payload_t*)sa_response);
+		
+		status = SUCCESS;
 	}
 	
 	
@@ -484,7 +488,9 @@ static status_t build_ts_payload(private_ike_sa_init_responded_t *this, bool ts_
 	}
 	if(ts_selected_count == 0)
 	{
-		status = DELETE_ME;	
+		this->logger->log(this->logger, AUDIT, "IKE_AUH request did not contain any traffic selectors.");
+		ts_response = ts_payload_create(ts_initiator);
+		response->add_payload(response, (payload_t*)ts_response);
 	}
 	else
 	{