From f603933427d874a34e0627ffb2998bd2da8650cf Mon Sep 17 00:00:00 2001 From: Jan Hutter Date: Wed, 30 Nov 2005 12:58:57 +0000 Subject: [PATCH] code of message_t cleaned and added more logs --- Source/charon/daemon.c | 2 +- Source/charon/encoding/message.c | 282 +++++++++++++++-------- Source/charon/encoding/message.h | 65 +++++- Source/charon/encoding/parser.c | 10 + Source/charon/encoding/parser.h | 7 + Source/charon/sa/states/responder_init.c | 4 +- 6 files changed, 260 insertions(+), 110 deletions(-) diff --git a/Source/charon/daemon.c b/Source/charon/daemon.c index 175cfa372..7fe3d5b28 100644 --- a/Source/charon/daemon.c +++ b/Source/charon/daemon.c @@ -159,7 +159,7 @@ static void build_test_jobs(private_daemon_t *this) for(i = 0; i<1; i++) { initiate_ike_sa_job_t *initiate_job; - initiate_job = initiate_ike_sa_job_create("pinflb30"); + initiate_job = initiate_ike_sa_job_create("localhost"); this->public.job_queue->add(this->public.job_queue, (job_t*)initiate_job); } } diff --git a/Source/charon/encoding/message.c b/Source/charon/encoding/message.c index d6100ea6f..a22608e86 100644 --- a/Source/charon/encoding/message.c +++ b/Source/charon/encoding/message.c @@ -125,13 +125,13 @@ static supported_payload_entry_t supported_ike_sa_init_r_payloads[] = static supported_payload_entry_t supported_ike_auth_i_payloads[] = { {ID_INITIATOR,1,1,TRUE}, -/* {CERTIFICATE,0,1,TRUE}, + {CERTIFICATE,0,1,TRUE}, {CERTIFICATE_REQUEST,0,1,TRUE}, - {ID_RESPONDER,0,1,TRUE},*/ + {ID_RESPONDER,0,1,TRUE}, {AUTHENTICATION,1,1,TRUE}, -/* {SECURITY_ASSOCIATION,1,1,TRUE}, + {SECURITY_ASSOCIATION,1,1,TRUE}, {TRAFFIC_SELECTOR_INITIATOR,1,1,TRUE}, - {TRAFFIC_SELECTOR_RESPONDER,1,1,TRUE},*/ + {TRAFFIC_SELECTOR_RESPONDER,1,1,TRUE}, }; /** @@ -141,10 +141,10 @@ static supported_payload_entry_t supported_ike_auth_r_payloads[] = { {CERTIFICATE,0,1,TRUE}, {ID_RESPONDER,0,1,TRUE}, -/* {AUTHENTICATION,1,1,TRUE}, + {AUTHENTICATION,1,1,TRUE}, {SECURITY_ASSOCIATION,1,1,TRUE}, {TRAFFIC_SELECTOR_INITIATOR,1,1,TRUE}, - {TRAFFIC_SELECTOR_RESPONDER,1,1,TRUE},*/ + {TRAFFIC_SELECTOR_RESPONDER,1,1,TRUE}, }; /** @@ -207,7 +207,6 @@ struct private_message_t { */ exchange_type_t exchange_type; - /** * TRUE if message is request. * FALSE if message is reply. @@ -247,37 +246,53 @@ struct private_message_t { logger_t *logger; /** - * Gets a list of supported payloads of this message type + * Gets a list of supported payloads of this message type. * - * @param this calling object - * @param[out] message_rule pointer is set to the message_rule of current message type + * @param this calling object + * @param[out] message_rule pointer is set to the message_rule + * of current message type * * @return - * - SUCCESS - * - NOT_FOUND if no message rule - * for specific message type could be found + * - SUCCESS + * - NOT_FOUND if no message rule + * for specific message type could be found */ status_t (*get_message_rule) (private_message_t *this, message_rule_t **message_rule); - + + /** + * Gets the supported_payload_entry_t for a specific message_rule_t and payload type. + * + * @param this calling object + * @param message_rule message rule + * @param payload_type payload type + * @param[out] payload_entry returned payload_entry_t + * + * @return + * - SUCCESS + * - NOT_FOUND if no message rule + * for specific message type could be found + */ status_t (*get_supported_payload_entry) (private_message_t *this, message_rule_t *message_rule,payload_type_t payload_type, supported_payload_entry_t **payload_entry); /** * Encrypts all payloads which has to get encrypted. * - * @param this calling object + * Can also be called with messages not containing encrypted content. + * + * @param this calling object * @param crypter crypter_t object * @param signer signer_t object */ status_t (*encrypt_payloads) (private_message_t *this,crypter_t *crypter, signer_t* signer); /** - * Decrypts all payloads which has to get decrypted. + * Decrypts encrypted contents and also verifies all payloads. * * @param this calling object * @param crypter crypter_t object * @param signer signer_t object */ - status_t (*decrypt_payloads) (private_message_t *this,crypter_t *crypter, signer_t* signer); + status_t (*decrypt_and_verify_payloads) (private_message_t *this,crypter_t *crypter, signer_t* signer); }; /** @@ -302,6 +317,9 @@ static status_t get_message_rule (private_message_t *this, message_rule_t **mes return NOT_FOUND; } +/** + * Implementation of private_message_t.get_supported_payload_entry. + */ static status_t get_supported_payload_entry (private_message_t *this, message_rule_t *message_rule,payload_type_t payload_type, supported_payload_entry_t **payload_entry) { int i; @@ -447,10 +465,8 @@ static void add_payload(private_message_t *this, payload_t *payload) payload->set_next_type(payload, NO_PAYLOAD); this->payloads->insert_last(this->payloads, (void*)payload); - this->logger->log(this->logger, CONTROL|MORE, "added payload of type %s to message", - mapping_find(payload_type_m, payload->get_type(payload))); - - + this->logger->log(this->logger, CONTROL|MORE, "Added payload of type %s to message", + mapping_find(payload_type_m, payload->get_type(payload))); } /** @@ -480,17 +496,17 @@ static void set_destination(private_message_t *this, host_t *host) /** * Implementation of message_t.get_source. */ -static void get_source(private_message_t *this, host_t **host) +static host_t* get_source(private_message_t *this) { - *host = this->packet->source; + return this->packet->source; } /** * Implementation of message_t.get_destination. */ -static void get_destination(private_message_t *this, host_t **host) +static host_t * get_destination(private_message_t *this) { - *host = this->packet->destination; + return this->packet->destination; } /** @@ -511,29 +527,39 @@ static status_t generate(private_message_t *this, crypter_t *crypter, signer_t* ike_header_t *ike_header; payload_t *payload, *next_payload; iterator_t *iterator; + message_rule_t *message_rule; status_t status; - - this->logger->log(this->logger, CONTROL, "generating message, contains %d payloads", - this->payloads->get_count(this->payloads)); + this->logger->log(this->logger, CONTROL, "Generating message of type %s, contains %d payloads", + mapping_find(exchange_type_m,this->exchange_type), + this->payloads->get_count(this->payloads)); if (this->exchange_type == EXCHANGE_TYPE_UNDEFINED) { - this->logger->log(this->logger, ERROR, "exchange type is not defined"); + this->logger->log(this->logger, ERROR | MORE, "Exchange type %s is not defined",mapping_find(exchange_type_m,this->exchange_type)); return INVALID_STATE; } + status = this->get_message_rule(this, &message_rule); + if (status != SUCCESS) + { + this->logger->log(this->logger, ERROR | MORE, "Message rule could not be found for exchange type %s", + mapping_find(exchange_type_m,this->exchange_type)); + return status; + } + if (this->packet->source == NULL || this->packet->destination == NULL) { - this->logger->log(this->logger, ERROR, "source/destination not defined"); + this->logger->log(this->logger, ERROR | MORE, "Source/destination not defined"); return INVALID_STATE; } + /* going to encrypt all content which have to be encrypted */ status = this->encrypt_payloads(this,crypter,signer); if (status != SUCCESS) { - this->logger->log(this->logger, ERROR, "Could not encrypt payloads"); + this->logger->log(this->logger, ERROR | MORE, "Could not encrypt payloads"); return status; } @@ -547,41 +573,42 @@ static status_t generate(private_message_t *this, crypter_t *crypter, signer_t* ike_header->set_initiator_spi(ike_header, this->ike_sa_id->get_initiator_spi(this->ike_sa_id)); ike_header->set_responder_spi(ike_header, this->ike_sa_id->get_responder_spi(this->ike_sa_id)); - generator = generator_create(); payload = (payload_t*)ike_header; iterator = this->payloads->create_iterator(this->payloads, TRUE); - /* generate every payload, except last one */ + /* generate every payload expect last one*/ while(iterator->has_next(iterator)) { iterator->current(iterator, (void**)&next_payload); payload->set_next_type(payload, next_payload->get_type(next_payload)); generator->generate_payload(generator, payload); - payload = next_payload; } iterator->destroy(iterator); - /* build last payload */ + /* last payload has no next payload*/ payload->set_next_type(payload, NO_PAYLOAD); generator->generate_payload(generator, payload); + ike_header->destroy(ike_header); /* build packet */ if (this->packet->data.ptr != NULL) { + this->logger->log(this->logger, CONTROL | MOST, "Replace last generated packet data"); allocator_free(this->packet->data.ptr); } generator->write_to_chunk(generator, &(this->packet->data)); generator->destroy(generator); - /* append integrity checksum if necessary */ + /* if last payload is of type encrypted, integrity checksum if necessary */ if (payload->get_type(payload) == ENCRYPTED) { + this->logger->log(this->logger, CONTROL | MORE, "Build signature on whole message"); encryption_payload_t *encryption_payload = (encryption_payload_t*)payload; status = encryption_payload->build_signature(encryption_payload, this->packet->data); if (status != SUCCESS) @@ -593,12 +620,12 @@ static status_t generate(private_message_t *this, crypter_t *crypter, signer_t* /* clone packet for caller */ *packet = this->packet->clone(this->packet); - this->logger->log(this->logger, CONTROL, "message generated successfully"); + this->logger->log(this->logger, CONTROL, "Message of type %s generated successfully",mapping_find(exchange_type_m,this->exchange_type)); return SUCCESS; } /** - * Implements message_t.parse_header. + * Implementation of message_t.parse_header. */ static status_t parse_header(private_message_t *this) { @@ -606,13 +633,13 @@ static status_t parse_header(private_message_t *this) status_t status; - this->logger->log(this->logger, CONTROL, "parsing header of message"); + this->logger->log(this->logger, CONTROL, "parsing Header of message"); this->parser->reset_context(this->parser); status = this->parser->parse_payload(this->parser,HEADER,(payload_t **) &ike_header); if (status != SUCCESS) { - this->logger->log(this->logger, ERROR, "Header could not be parsed"); + this->logger->log(this->logger, ERROR | MORE, "Header could not be parsed"); return status; } @@ -621,7 +648,7 @@ static status_t parse_header(private_message_t *this) status = ike_header->payload_interface.verify(&(ike_header->payload_interface)); if (status != SUCCESS) { - this->logger->log(this->logger, ERROR, "Header verification failed"); + this->logger->log(this->logger, ERROR | MORE, "Header verification failed"); ike_header->destroy(ike_header); return status; } @@ -643,63 +670,69 @@ static status_t parse_header(private_message_t *this) this->first_payload = ike_header->payload_interface.get_next_type(&(ike_header->payload_interface)); - this->logger->log(this->logger, CONTROL, "parsing header successfully"); + this->logger->log(this->logger, CONTROL, "Parsing and verification of header successfully"); ike_header->destroy(ike_header); return SUCCESS; } /** - * Implements message_t.parse_body. + * Implementation of message_t.parse_body. */ static status_t parse_body(private_message_t *this, crypter_t *crypter, signer_t *signer) { status_t status = SUCCESS; payload_type_t current_payload_type = this->first_payload; - this->logger->log(this->logger, CONTROL, "parsing body of message, first payload %s", - mapping_find(payload_type_m, current_payload_type)); + this->logger->log(this->logger, CONTROL, "Parsing body of message, first payload %s", + mapping_find(payload_type_m, current_payload_type)); while ((current_payload_type != NO_PAYLOAD)) { payload_t *current_payload; - this->logger->log(this->logger, CONTROL|MORE, "start parsing payload of type %s", + this->logger->log(this->logger, CONTROL|MORE, "Start parsing payload of type %s", mapping_find(payload_type_m, current_payload_type)); status = this->parser->parse_payload(this->parser,current_payload_type,(payload_t **) ¤t_payload); if (status != SUCCESS) { - this->logger->log(this->logger, ERROR, "payload type %s could not be parsed",mapping_find(payload_type_m,current_payload_type)); + this->logger->log(this->logger, ERROR, "Payload type %s could not be parsed",mapping_find(payload_type_m,current_payload_type)); return status; } + + this->logger->log(this->logger, CONTROL|MOST, "Verify payload of type %s", + mapping_find(payload_type_m, current_payload_type)); status = current_payload->verify(current_payload); if (status != SUCCESS) { - this->logger->log(this->logger, ERROR, "payload type %s could not be verified",mapping_find(payload_type_m,current_payload_type)); + this->logger->log(this->logger, ERROR, "Payload type %s could not be verified",mapping_find(payload_type_m,current_payload_type)); current_payload->destroy(current_payload); status = VERIFY_ERROR; return status; } - + this->logger->log(this->logger, CONTROL|MOST, "Payload verified. Adding to payload list", + mapping_find(payload_type_m, current_payload_type)); this->payloads->insert_last(this->payloads,current_payload); - /* stop if an encryptino payload found */ + /* stop if an encryption payload found */ if (current_payload_type == ENCRYPTED) { + this->logger->log(this->logger, CONTROL|MOST, "Payload of type encrypted found. Stop parsing.", + mapping_find(payload_type_m, current_payload_type)); break; } /* get next payload type */ current_payload_type = current_payload->get_next_type(current_payload); } - - status = this->decrypt_payloads(this,crypter,signer); + + status = this->decrypt_and_verify_payloads(this,crypter,signer); if (status != SUCCESS) { - this->logger->log(this->logger, ERROR, "Could not decrypt payloads"); + this->logger->log(this->logger, ERROR, "Could not decrypt and verify payloads"); return status; } @@ -708,7 +741,7 @@ static status_t parse_body(private_message_t *this, crypter_t *crypter, signer_t } /** - * implements message_t.verify + * Implementation of message_t.verify. */ static status_t verify(private_message_t *this) { @@ -717,12 +750,13 @@ static status_t verify(private_message_t *this) iterator_t *iterator; message_rule_t *message_rule; - this->logger->log(this->logger, CONTROL|MORE, "verifying message"); + this->logger->log(this->logger, CONTROL|MORE, "Verifying message structure"); status = this->get_message_rule(this, &message_rule); if (status != SUCCESS) { - this->logger->log(this->logger, ERROR, "Message rule could not be retrieved"); + this->logger->log(this->logger, ERROR | MORE, "Message rule could not be found for exchange type %s", + mapping_find(exchange_type_m,this->exchange_type)); return status; } @@ -730,37 +764,37 @@ static status_t verify(private_message_t *this) /* check for payloads with wrong count*/ for (i = 0; i < message_rule->supported_payloads_count;i++) { - size_t min_occurence = message_rule->supported_payloads[i].min_occurence; - size_t max_occurence = message_rule->supported_payloads[i].max_occurence; - payload_type_t payload_type = message_rule->supported_payloads[i].payload_type; size_t found_payloads = 0; + /* check all payloads for specific rule */ iterator->reset(iterator); - while(iterator->has_next(iterator)) { payload_t *current_payload; iterator->current(iterator,(void **)¤t_payload); - if (current_payload->get_type(current_payload) == payload_type) + if (current_payload->get_type(current_payload) == message_rule->supported_payloads[i].payload_type) { found_payloads++; this->logger->log(this->logger, CONTROL | MOST, "Found payload of type %s", - mapping_find(payload_type_m,payload_type)); + mapping_find(payload_type_m,message_rule->supported_payloads[i].payload_type)); - if (found_payloads > max_occurence) + /* as soon as ohe payload occures more then specified, the verification fails */ + if (found_payloads > message_rule->supported_payloads[i].max_occurence) { this->logger->log(this->logger, ERROR, "Payload of type %s more than %d times (%d) occured in current message", - mapping_find(payload_type_m,current_payload->get_type(current_payload)),max_occurence,found_payloads); + mapping_find(payload_type_m,current_payload->get_type(current_payload)), + message_rule->supported_payloads[i].max_occurence,found_payloads); iterator->destroy(iterator); return NOT_SUPPORTED; } } } - if (found_payloads < min_occurence) + if (found_payloads < message_rule->supported_payloads[i].min_occurence) { - this->logger->log(this->logger, ERROR, "Payload of type %s not occured %d times", - mapping_find(payload_type_m,payload_type),min_occurence); + this->logger->log(this->logger, ERROR, "Payload of type %s not occured %d times (%d)", + mapping_find(payload_type_m,message_rule->supported_payloads[i].payload_type), + message_rule->supported_payloads[i].min_occurence,found_payloads); iterator->destroy(iterator); return NOT_SUPPORTED; } @@ -771,36 +805,42 @@ static status_t verify(private_message_t *this) } -static status_t decrypt_payloads (private_message_t *this,crypter_t *crypter, signer_t* signer) +/** + * Implementation of private_message_t.decrypt_and_verify_payloads. + */ +static status_t decrypt_and_verify_payloads (private_message_t *this,crypter_t *crypter, signer_t* signer) { bool current_payload_was_encrypted = FALSE; - status_t status; - message_rule_t *message_rule; - iterator_t *iterator; - int payload_number = 1; payload_t *last_payload = NULL; + message_rule_t *message_rule; + int payload_number = 1; + iterator_t *iterator; + status_t status; status = this->get_message_rule(this, &message_rule); if (status != SUCCESS) { - this->logger->log(this->logger, ERROR, "No message rule for current message type"); + this->logger->log(this->logger, ERROR | MORE, "Message rule could not be found for exchange type %s", + mapping_find(exchange_type_m,this->exchange_type)); return status; } iterator = this->payloads->create_iterator(this->payloads,TRUE); + /* process each payload and decrypt a encryption payload */ while(iterator->has_next(iterator)) { - payload_t *current_payload; + supported_payload_entry_t *supported_payload_entry; payload_type_t current_payload_type; - supported_payload_entry_t *payload_entry; + payload_t *current_payload; /* get current payload */ iterator->current(iterator,(void **)¤t_payload); + /* needed to check */ current_payload_type = current_payload->get_type(current_payload); - this->logger->log(this->logger, CONTROL | MOST, "Process payload of type %s.",mapping_find(payload_type_m,current_payload_type)); + this->logger->log(this->logger, CONTROL | MOST, "Process payload of type %s",mapping_find(payload_type_m,current_payload_type)); if (current_payload_type == ENCRYPTED) { @@ -820,7 +860,7 @@ static status_t decrypt_payloads (private_message_t *this,crypter_t *crypter, si if (payload_number != this->payloads->get_count(this->payloads)) { - this->logger->log(this->logger, ERROR | MORE, "Encrypted payload is not last one"); + this->logger->log(this->logger, ERROR | MORE, "Encrypted payload is not last payload"); iterator->destroy(iterator); /* encrypted payload is not last one */ return FAILED; @@ -830,39 +870,48 @@ static status_t decrypt_payloads (private_message_t *this,crypter_t *crypter, si /* encrypt payload */ encryption_payload->set_transforms(encryption_payload, crypter, signer); + this->logger->log(this->logger, CONTROL | MORE, "Verify signature of encryption payload"); status = encryption_payload->verify_signature(encryption_payload, this->packet->data); if (status != SUCCESS) { - this->logger->log(this->logger, ERROR, "encryption payload signature invalid"); + this->logger->log(this->logger, ERROR | MORE, "encryption payload signature invalid"); iterator->destroy(iterator); return status; } + this->logger->log(this->logger, CONTROL | MORE, "Decrypt content of encryption payload"); status = encryption_payload->decrypt(encryption_payload); if (status != SUCCESS) { - this->logger->log(this->logger, ERROR, "parsing decrypted encryption payload failed"); + this->logger->log(this->logger, ERROR | MORE, "Encrypted payload could not be decrypted and parsed"); iterator->destroy(iterator); return status; } + /* needed to later find out if a payload has to be encrypted or not */ current_payload_was_encrypted = TRUE; if (encryption_payload->get_payload_count(encryption_payload) == 0) { iterator->remove(iterator); encryption_payload->destroy(encryption_payload); + /* encrypted payload contains no other payload */ current_payload_type = NO_PAYLOAD; if (last_payload == NULL) { + /* encrypted content was the only payload in IKEv2-Message + * Set the first payload to the first payload of encrypted ones */ this->first_payload = current_payload_type; } else { + /* another payload was here before the encrypted content + * Set the next payload of proceeding payload + * to the first payload of encrypted ones */ last_payload->set_next_type(last_payload,current_payload_type); - } - break; + } + } - + /* encryption_payload is replaced with first encrypted payload*/ encryption_payload->remove_first_payload(encryption_payload, ¤t_encrypted_payload); @@ -872,10 +921,15 @@ static status_t decrypt_payloads (private_message_t *this,crypter_t *crypter, si current_payload_type = current_encrypted_payload->get_type(current_encrypted_payload); if (last_payload == NULL) { + /* encrypted content was the only payload in IKEv2-Message + * Set the first payload to the first payload of encrypted ones */ this->first_payload = current_payload_type; } else { + /* another payload was here before the encrypted content + * Set the next payload of proceeding payload + * to the first payload of encrypted ones */ last_payload->set_next_type(last_payload,current_payload_type); } @@ -887,12 +941,14 @@ static status_t decrypt_payloads (private_message_t *this,crypter_t *crypter, si this->payloads->insert_last(this->payloads,current_encrypted_payload); } - + /* encryption payload is not needed anymore cause all payloads are + * moved to internal payload list */ encryption_payload->destroy(encryption_payload); + + } - status = this->get_supported_payload_entry(this,message_rule,current_payload_type,&payload_entry); - + status = this->get_supported_payload_entry(this,message_rule,current_payload_type,&supported_payload_entry); if (status != SUCCESS) { /* payload type not supported */ @@ -901,38 +957,41 @@ static status_t decrypt_payloads (private_message_t *this,crypter_t *crypter, si return status; } - if (payload_entry->encrypted != current_payload_was_encrypted) + if (supported_payload_entry->encrypted != current_payload_was_encrypted) { /* payload type not supported */ this->logger->log(this->logger, ERROR | MORE, "Payload type %s should be %s!", mapping_find(payload_type_m,current_payload_type), - (payload_entry->encrypted) ? "encrypted": "not encrypted"); + (supported_payload_entry->encrypted) ? "encrypted": "not encrypted"); iterator->destroy(iterator); return status; } payload_number++; + /* is stored to set next payload in case of found encryption payload */ last_payload = current_payload; } iterator->destroy(iterator); - return this->public.verify(&(this->public)); - } - +/** + * Implementation of private_message_t.encrypt_payloads. + */ static status_t encrypt_payloads (private_message_t *this,crypter_t *crypter, signer_t* signer) { - status_t status; - message_rule_t *message_rule; encryption_payload_t *encryption_payload = NULL; + message_rule_t *message_rule; + status_t status; linked_list_t *all_payloads; status = this->get_message_rule(this, &message_rule); if (status != SUCCESS) { - this->logger->log(this->logger, ERROR | MORE, "No message rule for this message type"); + this->logger->log(this->logger, ERROR | MORE, "Message rule could not be found for exchange type %s", + mapping_find(exchange_type_m,this->exchange_type)); return status; } + if (!message_rule->encrypted_content) { this->logger->log(this->logger, CONTROL | MORE, "Message doesn't have to be encrypted"); @@ -940,6 +999,7 @@ static status_t encrypt_payloads (private_message_t *this,crypter_t *crypter, si return SUCCESS; } + this->logger->log(this->logger, CONTROL | MOST, "Copy all payloads to a temporary list"); all_payloads = linked_list_create(); /* first copy all payloads in a temporary list */ @@ -949,22 +1009,32 @@ static status_t encrypt_payloads (private_message_t *this,crypter_t *crypter, si this->payloads->remove_first(this->payloads,¤t_payload); all_payloads->insert_last(all_payloads,current_payload); } - + + this->logger->log(this->logger, CONTROL | MOST, "Check each payloads if they have to get encrypted"); while (all_payloads->get_count(all_payloads) > 0) { + supported_payload_entry_t *supported_payload_entry; payload_t *current_payload; bool to_encrypt = FALSE; - supported_payload_entry_t *supported_payload_entry; all_payloads->remove_first(all_payloads,(void **)¤t_payload); + this->logger->log(this->logger, CONTROL | MOST, "Get rule for payload %s", mapping_find(payload_type_m,current_payload->get_type(current_payload))); status = this->get_supported_payload_entry(this,message_rule,current_payload->get_type(current_payload),&supported_payload_entry); /* for payload types which are not found in supported payload list, it is presumed * that they don't have to be encrypted */ if ((status == SUCCESS) && (supported_payload_entry->encrypted)) { + this->logger->log(this->logger, CONTROL | MOST, "Payload %s has to get encrypted", + mapping_find(payload_type_m,current_payload->get_type(current_payload))); to_encrypt = TRUE; } + else if (status != SUCCESS) + { + this->logger->log(this->logger, CONTROL | MOST, "Payload %s not defined for exchange type %s. Handle it anyway", + mapping_find(payload_type_m,current_payload->get_type(current_payload)), + mapping_find(exchange_type_m,this->exchange_type)); + } if (to_encrypt) { @@ -972,10 +1042,15 @@ static status_t encrypt_payloads (private_message_t *this,crypter_t *crypter, si { encryption_payload = encryption_payload_create(); } + this->logger->log(this->logger, CONTROL | MOST, "Insert payload %s to encryption payload", + mapping_find(payload_type_m,current_payload->get_type(current_payload))); + encryption_payload->add_payload(encryption_payload,current_payload); } else { + this->logger->log(this->logger, CONTROL | MOST, "Insert payload %s as payload wich does not have to be encrypted", + mapping_find(payload_type_m,current_payload->get_type(current_payload))); this->public.add_payload(&(this->public), (payload_t*)encryption_payload); } } @@ -983,8 +1058,11 @@ static status_t encrypt_payloads (private_message_t *this,crypter_t *crypter, si status = SUCCESS; if (encryption_payload != NULL) { + this->logger->log(this->logger, CONTROL | MOST, "Set transforms for encryption payload "); encryption_payload->set_transforms(encryption_payload,crypter,signer); + this->logger->log(this->logger, CONTROL | MORE, "Encrypt all payloads of encrypted payload"); status = encryption_payload->encrypt(encryption_payload); + this->logger->log(this->logger, CONTROL | MOST, "Add encrypted payload to payload list"); this->public.add_payload(&(this->public), (payload_t*)encryption_payload); } @@ -993,14 +1071,16 @@ static status_t encrypt_payloads (private_message_t *this,crypter_t *crypter, si return status; } + /** - * Implements message_t's destroy function. - * See #message_s.destroy. + * Implementation of message_t.destroy. */ static void destroy (private_message_t *this) { iterator_t *iterator; + this->logger->log(this->logger, CONTROL | MOST, "Going to destroy message_t object"); + this->packet->destroy(this->packet); if (this->ike_sa_id != NULL) @@ -1049,9 +1129,9 @@ message_t *message_create_from_packet(packet_t *packet) this->public.add_payload = (void(*)(message_t*,payload_t*))add_payload; this->public.generate = (status_t (*) (message_t *,crypter_t*,signer_t*,packet_t**)) generate; this->public.set_source = (void (*) (message_t*,host_t*)) set_source; - this->public.get_source = (void (*) (message_t*,host_t**)) get_source; + this->public.get_source = (host_t * (*) (message_t*)) get_source; this->public.set_destination = (void (*) (message_t*,host_t*)) set_destination; - this->public.get_destination = (void (*) (message_t*,host_t**)) get_destination; + this->public.get_destination = (host_t * (*) (message_t*)) get_destination; this->public.get_payload_iterator = (iterator_t * (*) (message_t *)) get_payload_iterator; this->public.parse_header = (status_t (*) (message_t *)) parse_header; this->public.parse_body = (status_t (*) (message_t *,crypter_t*,signer_t*)) parse_body; @@ -1069,7 +1149,7 @@ message_t *message_create_from_packet(packet_t *packet) this->get_message_rule = get_message_rule; this->get_supported_payload_entry = get_supported_payload_entry; this->encrypt_payloads = encrypt_payloads; - this->decrypt_payloads = decrypt_payloads; + this->decrypt_and_verify_payloads = decrypt_and_verify_payloads; /* private values */ if (packet == NULL) @@ -1088,7 +1168,7 @@ message_t *message_create_from_packet(packet_t *packet) } /* - * Described in Header-File + * Described in Header. */ message_t *message_create() { diff --git a/Source/charon/encoding/message.h b/Source/charon/encoding/message.h index 68558d575..8d420fbe2 100644 --- a/Source/charon/encoding/message.h +++ b/Source/charon/encoding/message.h @@ -177,8 +177,6 @@ struct message_t { * * @param this message_t object * @param payload payload to append - * @return - * - SUCCESS or */ void (*add_payload) (message_t *this, payload_t *payload); @@ -221,15 +219,70 @@ struct message_t { */ status_t (*generate) (message_t *this, crypter_t *crypter, signer_t *signer, packet_t **packet); + /** + * Verifies the structure of the message_t object. + * + * The payloads are checked for the correct occurence count. + * + * @param this message_t object + */ status_t (*verify) (message_t *this); - void (*get_source) (message_t *this, host_t **host); + + /** + * Gets the source host informations. + * + * @warning Returned host_t object is not getting cloned. + * + * @param this message_t object + * @return host_t object representing source host + */ + host_t * (*get_source) (message_t *this); + + /** + * Sets the source host informations. + * + * @warning host_t object is not getting cloned and gets destroyed by + * message_t.destroy or next call of message_t.set_source. + * + * @param this message_t object + * @param host host_t object representing source host + */ void (*set_source) (message_t *this, host_t *host); - void (*get_destination) (message_t *this, host_t **host); + + /** + * Gets the destination host informations. + * + * @warning Returned host_t object is not getting cloned. + * + * @param this message_t object + * @return host_t object representing destination host + */ + host_t * (*get_destination) (message_t *this); + + /** + * Sets the destination host informations. + * + * @warning host_t object is not getting cloned and gets destroyed by + * message_t.destroy or next call of message_t.set_destination. + * + * @param this message_t object + * @param host host_t object representing destination host + */ void (*set_destination) (message_t *this, host_t *host); + + /** + * Returns an iterator on all stored payloads. + * + * @warning Don't insert payloads over this iterator. + * Use message_t.add_payload instead. + * + * @param this message_t object + * @return iterator_t object which has to get destroyd by the caller + */ iterator_t * (*get_payload_iterator) (message_t *this); /** - * @brief Destroys a message and all including objects + * @brief Destroys a message and all including objects. * * @param this message_t object */ @@ -250,7 +303,7 @@ struct message_t { * * @param packet packet_t object which is assigned to message * - * @return created message_t object + * @return created message_t object * * @ingroup encoding */ diff --git a/Source/charon/encoding/parser.c b/Source/charon/encoding/parser.c index e3fbd468b..59b38ee0b 100644 --- a/Source/charon/encoding/parser.c +++ b/Source/charon/encoding/parser.c @@ -903,6 +903,15 @@ static status_t parse_payload(private_parser_t *this, payload_type_t payload_typ return SUCCESS; } +/** + * Implementation of parser_t.get_remaining_byte_count. + */ +static int get_remaining_byte_count (private_parser_t *this) +{ + int count = (this->input_roof - this->byte_pos); + return count; +} + /** * Implementation of parser_t.reset_context. */ @@ -932,6 +941,7 @@ parser_t *parser_create(chunk_t data) this->public.parse_payload = (status_t(*)(parser_t*,payload_type_t,payload_t**)) parse_payload; this->public.reset_context = (void(*)(parser_t*)) reset_context; + this->public.get_remaining_byte_count = (int (*) (parser_t *))get_remaining_byte_count; this->public.destroy = (void(*)(parser_t*)) destroy; diff --git a/Source/charon/encoding/parser.h b/Source/charon/encoding/parser.h index 5dd59cdb4..8a902e912 100644 --- a/Source/charon/encoding/parser.h +++ b/Source/charon/encoding/parser.h @@ -58,6 +58,13 @@ struct parser_t { */ status_t (*parse_payload) (parser_t *this, payload_type_t payload_type, payload_t **payload); + /** + * Gets the remaining byte count which is not currently parsed. + * + * @param parser parser_t object + */ + int (*get_remaining_byte_count) (parser_t *this); + /** * @brief Resets the current parser context. * diff --git a/Source/charon/sa/states/responder_init.c b/Source/charon/sa/states/responder_init.c index c056502b3..35d85fddc 100644 --- a/Source/charon/sa/states/responder_init.c +++ b/Source/charon/sa/states/responder_init.c @@ -162,8 +162,8 @@ static status_t process_message(private_responder_init_t *this, message_t *messa } /* this is the first message we process, so copy host infos */ - message->get_source(message, &source); - message->get_destination(message, &destination); + source = message->get_source(message); + destination = message->get_destination(message); /* we need to clone them, since we destroy the message later */ my_host = destination->clone(destination);