projects / strongswan.git / blob
? search:


d2aecf875a1f987711170e24fd13c93ed4af1d89
[strongswan.git] / Source / charon / encoding / payloads / sa_payload.c
1 /**
2 * @file sa_payload.c
3 *
4 * @brief Implementation of sa_payload_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2005 Jan Hutter, Martin Willi
10 * Hochschule fuer Technik Rapperswil
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * for more details.
21 */
22
23 /* offsetof macro */
24 #include <stddef.h>
25
26 #include "sa_payload.h"
27
28 #include <encoding/payloads/encodings.h>
29 #include <utils/allocator.h>
30 #include <utils/linked_list.h>
31
32
33 typedef struct private_sa_payload_t private_sa_payload_t;
34
35 /**
36 * Private data of an sa_payload_t object.
37 *
38 */
39 struct private_sa_payload_t {
40 /**
41 * Public sa_payload_t interface.
42 */
43 sa_payload_t public;
44
45 /**
46 * Next payload type.
47 */
48 u_int8_t next_payload;
49
50 /**
51 * Critical flag.
52 */
53 bool critical;
54
55 /**
56 * Length of this payload.
57 */
58 u_int16_t payload_length;
59
60 /**
61 * Proposals in this payload are stored in a linked_list_t.
62 */
63 linked_list_t * proposals;
64
65 /**
66 * @brief Computes the length of this payload.
67 *
68 * @param this calling private_sa_payload_t object
69 */
70 void (*compute_length) (private_sa_payload_t *this);
71 };
72
73 /**
74 * Encoding rules to parse or generate a IKEv2-SA Payload
75 *
76 * The defined offsets are the positions in a object of type
77 * private_sa_payload_t.
78 *
79 */
80 encoding_rule_t sa_payload_encodings[] = {
81 /* 1 Byte next payload type, stored in the field next_payload */
82 { U_INT_8, offsetof(private_sa_payload_t, next_payload) },
83 /* the critical bit */
84 { FLAG, offsetof(private_sa_payload_t, critical) },
85 /* 7 Bit reserved bits, nowhere stored */
86 { RESERVED_BIT, 0 },
87 { RESERVED_BIT, 0 },
88 { RESERVED_BIT, 0 },
89 { RESERVED_BIT, 0 },
90 { RESERVED_BIT, 0 },
91 { RESERVED_BIT, 0 },
92 { RESERVED_BIT, 0 },
93 /* Length of the whole SA payload*/
94 { PAYLOAD_LENGTH, offsetof(private_sa_payload_t, payload_length) },
95 /* Proposals are stored in a proposal substructure,
96 offset points to a linked_list_t pointer */
97 { PROPOSALS, offsetof(private_sa_payload_t, proposals) }
98 };
99
100 /*
101 1 2 3
102 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
103 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
104 ! Next Payload !C! RESERVED ! Payload Length !
105 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
106 ! !
107 ~ <Proposals> ~
108 ! !
109 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
110 */
111
112 /**
113 * Implementation of payload_t.verify.
114 */
115 static status_t verify(private_sa_payload_t *this)
116 {
117 int proposal_number = 1;
118 status_t status = SUCCESS;
119 iterator_t *iterator;
120 bool first = TRUE;
121
122 if (this->critical)
123 {
124 /* critical bit set! */
125 return FAILED;
126 }
127
128 /* check proposal numbering */
129 iterator = this->proposals->create_iterator(this->proposals,TRUE);
130
131 while(iterator->has_next(iterator))
132 {
133 proposal_substructure_t *current_proposal;
134 iterator->current(iterator,(void **)&current_proposal);
135 if (current_proposal->get_proposal_number(current_proposal) > proposal_number)
136 {
137 if (first)
138 {
139 /* first number must be 1 */
140 status = FAILED;
141 break;
142 }
143
144 if (current_proposal->get_proposal_number(current_proposal) != (proposal_number + 1))
145 {
146 /* must be only one more then previous proposal */
147 status = FAILED;
148 break;
149 }
150 }
151 else if (current_proposal->get_proposal_number(current_proposal) < proposal_number)
152 {
153 iterator->destroy(iterator);
154 /* must not be smaller then proceeding one */
155 status = FAILED;
156 break;
157 }
158
159 status = current_proposal->payload_interface.verify(&(current_proposal->payload_interface));
160 if (status != SUCCESS)
161 {
162 break;
163 }
164 first = FALSE;
165 }
166
167 iterator->destroy(iterator);
168 return status;
169 }
170
171
172 /**
173 * Implementation of payload_t.destroy and sa_payload_t.destroy.
174 */
175 static status_t destroy(private_sa_payload_t *this)
176 {
177 /* all proposals are getting destroyed */
178 while (this->proposals->get_count(this->proposals) > 0)
179 {
180 proposal_substructure_t *current_proposal;
181 this->proposals->remove_last(this->proposals,(void **)&current_proposal);
182 current_proposal->destroy(current_proposal);
183 }
184 this->proposals->destroy(this->proposals);
185
186 allocator_free(this);
187
188 return SUCCESS;
189 }
190
191 /**
192 * Implementation of payload_t.get_encoding_rules.
193 */
194 static void get_encoding_rules(private_sa_payload_t *this, encoding_rule_t **rules, size_t *rule_count)
195 {
196 *rules = sa_payload_encodings;
197 *rule_count = sizeof(sa_payload_encodings) / sizeof(encoding_rule_t);
198 }
199
200 /**
201 * Implementation of payload_t.get_type.
202 */
203 static payload_type_t get_type(private_sa_payload_t *this)
204 {
205 return SECURITY_ASSOCIATION;
206 }
207
208 /**
209 * Implementation of payload_t.get_next_type.
210 */
211 static payload_type_t get_next_type(private_sa_payload_t *this)
212 {
213 return (this->next_payload);
214 }
215
216 /**
217 * Implementation of payload_t.set_next_type.
218 */
219 static void set_next_type(private_sa_payload_t *this,payload_type_t type)
220 {
221 this->next_payload = type;
222 }
223
224 /**
225 * Implementation of payload_t.get_length.
226 */
227 static size_t get_length(private_sa_payload_t *this)
228 {
229 this->compute_length(this);
230 return this->payload_length;
231 }
232
233 /**
234 * Implementation of sa_payload_t.create_proposal_substructure_iterator.
235 */
236 static iterator_t *create_proposal_substructure_iterator (private_sa_payload_t *this,bool forward)
237 {
238 return this->proposals->create_iterator(this->proposals,forward);
239 }
240
241 /**
242 * Implementation of sa_payload_t.add_proposal_substructure.
243 */
244 static void add_proposal_substructure (private_sa_payload_t *this,proposal_substructure_t *proposal)
245 {
246 status_t status;
247 if (this->proposals->get_count(this->proposals) > 0)
248 {
249 proposal_substructure_t *last_proposal;
250 status = this->proposals->get_last(this->proposals,(void **) &last_proposal);
251 /* last transform is now not anymore last one */
252 last_proposal->set_is_last_proposal(last_proposal,FALSE);
253 }
254 proposal->set_is_last_proposal(proposal,TRUE);
255
256 this->proposals->insert_last(this->proposals,(void *) proposal);
257 this->compute_length(this);
258 }
259
260 /**
261 * Implementation of sa_payload_t.get_ike_proposals.
262 */
263 static status_t get_ike_proposals (private_sa_payload_t *this,ike_proposal_t ** proposals, size_t *proposal_count)
264 {
265 int found_ike_proposals = 0;
266 int current_proposal_number = 0;
267 iterator_t *iterator;
268 ike_proposal_t *tmp_proposals;
269
270
271 iterator = this->proposals->create_iterator(this->proposals,TRUE);
272
273 /* first find out the number of ike proposals and check their number of transforms and
274 * if the SPI is empty!*/
275 while (iterator->has_next(iterator))
276 {
277 proposal_substructure_t *current_proposal;
278 iterator->current(iterator,(void **)&(current_proposal));
279 if (current_proposal->get_protocol_id(current_proposal) == IKE)
280 {
281 /* a ike proposal consists of 4 transforms and an empty spi*/
282 if ((current_proposal->get_transform_count(current_proposal) != 4) ||
283 (current_proposal->get_spi_size(current_proposal) != 0))
284 {
285 iterator->destroy(iterator);
286 return FAILED;
287 }
288
289 found_ike_proposals++;
290 }
291 }
292 iterator->reset(iterator);
293
294 if (found_ike_proposals == 0)
295 {
296 iterator->destroy(iterator);
297 return NOT_FOUND;
298 }
299
300 /* allocate memory to hold each proposal as ike_proposal_t */
301
302 tmp_proposals = allocator_alloc(found_ike_proposals * sizeof(ike_proposal_t));
303
304 /* create from each proposal_substructure a ike_proposal_t data area*/
305 while (iterator->has_next(iterator))
306 {
307 proposal_substructure_t *current_proposal;
308 iterator->current(iterator,(void **)&(current_proposal));
309 if (current_proposal->get_protocol_id(current_proposal) == IKE)
310 {
311 bool encryption_algorithm_found = FALSE;
312 bool integrity_algorithm_found = FALSE;
313 bool pseudo_random_function_found = FALSE;
314 bool diffie_hellman_group_found = FALSE;
315 status_t status;
316 iterator_t *transforms;
317
318 transforms = current_proposal->create_transform_substructure_iterator(current_proposal,TRUE);
319 while (transforms->has_next(transforms))
320 {
321 transform_substructure_t *current_transform;
322 transforms->current(transforms,(void **)&(current_transform));
323
324 switch (current_transform->get_transform_type(current_transform))
325 {
326 case ENCRYPTION_ALGORITHM:
327 {
328 tmp_proposals[current_proposal_number].encryption_algorithm = current_transform->get_transform_id(current_transform);
329 status = current_transform->get_key_length(current_transform,&(tmp_proposals[current_proposal_number].encryption_algorithm_key_length));
330 if (status == SUCCESS)
331 {
332 encryption_algorithm_found = TRUE;
333 }
334 break;
335 }
336 case INTEGRITY_ALGORITHM:
337 {
338 tmp_proposals[current_proposal_number].integrity_algorithm = current_transform->get_transform_id(current_transform);
339 status = current_transform->get_key_length(current_transform,&(tmp_proposals[current_proposal_number].integrity_algorithm_key_length));
340 if (status == SUCCESS)
341 {
342 integrity_algorithm_found = TRUE;
343 }
344 break;
345 }
346 case PSEUDO_RANDOM_FUNCTION:
347 {
348 tmp_proposals[current_proposal_number].pseudo_random_function = current_transform->get_transform_id(current_transform);
349 status = current_transform->get_key_length(current_transform,&(tmp_proposals[current_proposal_number].pseudo_random_function_key_length));
350 if (status == SUCCESS)
351 {
352 pseudo_random_function_found = TRUE;
353 }
354 break;
355 }
356 case DIFFIE_HELLMAN_GROUP:
357 {
358 tmp_proposals[current_proposal_number].diffie_hellman_group = current_transform->get_transform_id(current_transform);
359 diffie_hellman_group_found = TRUE;
360 break;
361 }
362 default:
363 {
364 /* not a transform of an ike proposal. Break here */
365 break;
366 }
367 }
368
369 }
370
371 transforms->destroy(transforms);
372
373 if ((!encryption_algorithm_found) ||
374 (!integrity_algorithm_found) ||
375 (!pseudo_random_function_found) ||
376 (!diffie_hellman_group_found))
377 {
378 /* one of needed transforms could not be found */
379 iterator->reset(iterator);
380 allocator_free(tmp_proposals);
381 return FAILED;
382 }
383
384 current_proposal_number++;
385 }
386 }
387
388 iterator->destroy(iterator);
389
390 *proposals = tmp_proposals;
391 *proposal_count = found_ike_proposals;
392
393 return SUCCESS;
394 }
395
396 /**
397 * Implementation of private_sa_payload_t.compute_length.
398 */
399 static void compute_length (private_sa_payload_t *this)
400 {
401 iterator_t *iterator;
402 size_t length = SA_PAYLOAD_HEADER_LENGTH;
403 iterator = this->proposals->create_iterator(this->proposals,TRUE);
404 while (iterator->has_next(iterator))
405 {
406 payload_t *current_proposal;
407 iterator->current(iterator,(void **) &current_proposal);
408 length += current_proposal->get_length(current_proposal);
409 }
410 iterator->destroy(iterator);
411
412 this->payload_length = length;
413 }
414
415 /*
416 * Described in header.
417 */
418 sa_payload_t *sa_payload_create()
419 {
420 private_sa_payload_t *this = allocator_alloc_thing(private_sa_payload_t);
421
422 /* public interface */
423 this->public.payload_interface.verify = (status_t (*) (payload_t *))verify;
424 this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules;
425 this->public.payload_interface.get_length = (size_t (*) (payload_t *)) get_length;
426 this->public.payload_interface.get_next_type = (payload_type_t (*) (payload_t *)) get_next_type;
427 this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type;
428 this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type;
429 this->public.payload_interface.destroy = (void (*) (payload_t *))destroy;
430
431 /* public functions */
432 this->public.create_proposal_substructure_iterator = (iterator_t* (*) (sa_payload_t *,bool)) create_proposal_substructure_iterator;
433 this->public.add_proposal_substructure = (void (*) (sa_payload_t *,proposal_substructure_t *)) add_proposal_substructure;
434 this->public.get_ike_proposals = (status_t (*) (sa_payload_t *, ike_proposal_t **, size_t *)) get_ike_proposals;
435 this->public.destroy = (void (*) (sa_payload_t *)) destroy;
436
437 /* private functions */
438 this->compute_length = compute_length;
439
440 /* set default values of the fields */
441 this->critical = SA_PAYLOAD_CRITICAL_FLAG;
442 this->next_payload = NO_PAYLOAD;
443 this->payload_length = SA_PAYLOAD_HEADER_LENGTH;
444
445 this->proposals = linked_list_create();
446 return (&(this->public));
447 }
448
449 /*
450 * Described in header.
451 */
452 sa_payload_t *sa_payload_create_from_ike_proposals(ike_proposal_t *proposals, size_t proposal_count)
453 {
454 int i;
455 sa_payload_t *sa_payload= sa_payload_create();
456
457 for (i = 0; i < proposal_count; i++)
458 {
459 proposal_substructure_t *proposal_substructure;
460 transform_substructure_t *encryption_algorithm;
461 transform_substructure_t *integrity_algorithm;
462 transform_substructure_t *pseudo_random_function;
463 transform_substructure_t *diffie_hellman_group;
464
465 /* create proposal substructure */
466 proposal_substructure = proposal_substructure_create();
467 proposal_substructure->set_protocol_id(proposal_substructure,IKE);
468 proposal_substructure->set_proposal_number(proposal_substructure,(i + 1));
469
470 /* create transform substructures to hold each specific transform for an ike proposal */
471 encryption_algorithm = transform_substructure_create_type(ENCRYPTION_ALGORITHM,proposals[i].encryption_algorithm,proposals[i].encryption_algorithm_key_length);
472 proposal_substructure->add_transform_substructure(proposal_substructure,encryption_algorithm);
473
474 pseudo_random_function = transform_substructure_create_type(PSEUDO_RANDOM_FUNCTION,proposals[i].pseudo_random_function,proposals[i].pseudo_random_function_key_length);
475 proposal_substructure->add_transform_substructure(proposal_substructure,pseudo_random_function);
476
477 integrity_algorithm = transform_substructure_create_type(INTEGRITY_ALGORITHM,proposals[i].integrity_algorithm,proposals[i].integrity_algorithm_key_length);
478 proposal_substructure->add_transform_substructure(proposal_substructure,integrity_algorithm);
479
480 diffie_hellman_group = transform_substructure_create_type(DIFFIE_HELLMAN_GROUP,proposals[i].diffie_hellman_group,0);
481 proposal_substructure->add_transform_substructure(proposal_substructure,diffie_hellman_group);
482
483 /* add proposal to sa payload */
484 sa_payload->add_proposal_substructure(sa_payload,proposal_substructure);
485 }
486
487 return sa_payload;
488 }
strongSwan - IPsec VPN