certificate handling for XAuth responder.
[strongswan.git] / src / libcharon / encoding / message.c
1 /*
2 * Copyright (C) 2006-2011 Tobias Brunner
3 * Copyright (C) 2005-2010 Martin Willi
4 * Copyright (C) 2010 revosec AG
5 * Copyright (C) 2006 Daniel Roethlisberger
6 * Copyright (C) 2005 Jan Hutter
7 * Hochschule fuer Technik Rapperswil
8 *
9 * This program is free software; you can redistribute it and/or modify it
10 * under the terms of the GNU General Public License as published by the
11 * Free Software Foundation; either version 2 of the License, or (at your
12 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
13 *
14 * This program is distributed in the hope that it will be useful, but
15 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
16 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
17 * for more details.
18 */
19
20 #include <stdlib.h>
21 #include <string.h>
22
23 #include "message.h"
24
25 #include <library.h>
26 #include <daemon.h>
27 #include <sa/keymat_v1.h>
28 #include <encoding/generator.h>
29 #include <encoding/parser.h>
30 #include <encoding/payloads/encodings.h>
31 #include <encoding/payloads/payload.h>
32 #include <encoding/payloads/hash_payload.h>
33 #include <encoding/payloads/encryption_payload.h>
34 #include <encoding/payloads/unknown_payload.h>
35 #include <encoding/payloads/cp_payload.h>
36
37 /**
38 * Max number of notify payloads per IKEv2 message
39 */
40 #define MAX_NOTIFY_PAYLOADS 20
41
42 /**
43 * Max number of delete payloads per IKEv2 message
44 */
45 #define MAX_DELETE_PAYLOADS 20
46
47 /**
48 * Max number of certificate payloads per IKEv2 message
49 */
50 #define MAX_CERT_PAYLOADS 8
51
52 /**
53 * Max number of vendor ID payloads per IKEv2 message
54 */
55 #define MAX_VID_PAYLOADS 20
56
57 /**
58 * Max number of certificate request payloads per IKEv1 message
59 */
60 #define MAX_CERTREQ_PAYLOADS 5
61
62 /**
63 * Max number of NAT-D payloads per IKEv1 message
64 */
65 #define MAX_NAT_D_PAYLOADS 5
66
67 /**
68 * A payload rule defines the rules for a payload
69 * in a specific message rule. It defines if and how
70 * many times a payload must/can occur in a message
71 * and if it must be encrypted.
72 */
73 typedef struct {
74 /* Payload type */
75 payload_type_t type;
76 /* Minimal occurrence of this payload. */
77 size_t min_occurence;
78 /* Max occurrence of this payload. */
79 size_t max_occurence;
80 /* TRUE if payload must be encrypted */
81 bool encrypted;
82 /* If payload occurs, the message rule is fulfilled */
83 bool sufficient;
84 } payload_rule_t;
85
86 /**
87 * payload ordering structure allows us to reorder payloads according to RFC.
88 */
89 typedef struct {
90 /** payload type */
91 payload_type_t type;
92 /** notify type, if payload == NOTIFY */
93 notify_type_t notify;
94 } payload_order_t;
95
96 /**
97 * A message rule defines the kind of a message,
98 * if it has encrypted contents and a list
99 * of payload ordering rules and payload parsing rules.
100 */
101 typedef struct {
102 /** Type of message. */
103 exchange_type_t exchange_type;
104 /** Is message a request or response. */
105 bool is_request;
106 /** Message contains encrypted payloads. */
107 bool encrypted;
108 /** Number of payload rules which will follow */
109 int rule_count;
110 /** Pointer to first payload rule */
111 payload_rule_t *rules;
112 /** Number of payload order rules */
113 int order_count;
114 /** payload ordering rules */
115 payload_order_t *order;
116 } message_rule_t;
117
118 /**
119 * Message rule for IKE_SA_INIT from initiator.
120 */
121 static payload_rule_t ike_sa_init_i_rules[] = {
122 /* payload type min max encr suff */
123 {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE},
124 {SECURITY_ASSOCIATION, 1, 1, FALSE, FALSE},
125 {KEY_EXCHANGE, 1, 1, FALSE, FALSE},
126 {NONCE, 1, 1, FALSE, FALSE},
127 {VENDOR_ID, 0, MAX_VID_PAYLOADS, FALSE, FALSE},
128 };
129
130 /**
131 * payload order for IKE_SA_INIT initiator
132 */
133 static payload_order_t ike_sa_init_i_order[] = {
134 /* payload type notify type */
135 {NOTIFY, COOKIE},
136 {SECURITY_ASSOCIATION, 0},
137 {KEY_EXCHANGE, 0},
138 {NONCE, 0},
139 {NOTIFY, NAT_DETECTION_SOURCE_IP},
140 {NOTIFY, NAT_DETECTION_DESTINATION_IP},
141 {NOTIFY, 0},
142 {VENDOR_ID, 0},
143 };
144
145 /**
146 * Message rule for IKE_SA_INIT from responder.
147 */
148 static payload_rule_t ike_sa_init_r_rules[] = {
149 /* payload type min max encr suff */
150 {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, FALSE, TRUE},
151 {SECURITY_ASSOCIATION, 1, 1, FALSE, FALSE},
152 {KEY_EXCHANGE, 1, 1, FALSE, FALSE},
153 {NONCE, 1, 1, FALSE, FALSE},
154 {CERTIFICATE_REQUEST, 0, 1, FALSE, FALSE},
155 {VENDOR_ID, 0, MAX_VID_PAYLOADS, FALSE, FALSE},
156 };
157
158 /**
159 * payload order for IKE_SA_INIT responder
160 */
161 static payload_order_t ike_sa_init_r_order[] = {
162 /* payload type notify type */
163 {SECURITY_ASSOCIATION, 0},
164 {KEY_EXCHANGE, 0},
165 {NONCE, 0},
166 {NOTIFY, NAT_DETECTION_SOURCE_IP},
167 {NOTIFY, NAT_DETECTION_DESTINATION_IP},
168 {NOTIFY, HTTP_CERT_LOOKUP_SUPPORTED},
169 {CERTIFICATE_REQUEST, 0},
170 {NOTIFY, 0},
171 {VENDOR_ID, 0},
172 };
173
174 /**
175 * Message rule for IKE_AUTH from initiator.
176 */
177 static payload_rule_t ike_auth_i_rules[] = {
178 /* payload type min max encr suff */
179 {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE},
180 {EXTENSIBLE_AUTHENTICATION, 0, 1, TRUE, TRUE},
181 {AUTHENTICATION, 0, 1, TRUE, TRUE},
182 {ID_INITIATOR, 0, 1, TRUE, FALSE},
183 {CERTIFICATE, 0, MAX_CERT_PAYLOADS, TRUE, FALSE},
184 {CERTIFICATE_REQUEST, 0, 1, TRUE, FALSE},
185 {ID_RESPONDER, 0, 1, TRUE, FALSE},
186 #ifdef ME
187 {SECURITY_ASSOCIATION, 0, 1, TRUE, FALSE},
188 {TRAFFIC_SELECTOR_INITIATOR, 0, 1, TRUE, FALSE},
189 {TRAFFIC_SELECTOR_RESPONDER, 0, 1, TRUE, FALSE},
190 #else
191 {SECURITY_ASSOCIATION, 0, 1, TRUE, FALSE},
192 {TRAFFIC_SELECTOR_INITIATOR, 0, 1, TRUE, FALSE},
193 {TRAFFIC_SELECTOR_RESPONDER, 0, 1, TRUE, FALSE},
194 #endif /* ME */
195 {CONFIGURATION, 0, 1, TRUE, FALSE},
196 {VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE},
197 };
198
199 /**
200 * payload order for IKE_AUTH initiator
201 */
202 static payload_order_t ike_auth_i_order[] = {
203 /* payload type notify type */
204 {ID_INITIATOR, 0},
205 {CERTIFICATE, 0},
206 {NOTIFY, INITIAL_CONTACT},
207 {NOTIFY, HTTP_CERT_LOOKUP_SUPPORTED},
208 {CERTIFICATE_REQUEST, 0},
209 {ID_RESPONDER, 0},
210 {AUTHENTICATION, 0},
211 {EXTENSIBLE_AUTHENTICATION, 0},
212 {CONFIGURATION, 0},
213 {NOTIFY, IPCOMP_SUPPORTED},
214 {NOTIFY, USE_TRANSPORT_MODE},
215 {NOTIFY, ESP_TFC_PADDING_NOT_SUPPORTED},
216 {NOTIFY, NON_FIRST_FRAGMENTS_ALSO},
217 {SECURITY_ASSOCIATION, 0},
218 {TRAFFIC_SELECTOR_INITIATOR, 0},
219 {TRAFFIC_SELECTOR_RESPONDER, 0},
220 {NOTIFY, MOBIKE_SUPPORTED},
221 {NOTIFY, ADDITIONAL_IP4_ADDRESS},
222 {NOTIFY, ADDITIONAL_IP6_ADDRESS},
223 {NOTIFY, NO_ADDITIONAL_ADDRESSES},
224 {NOTIFY, 0},
225 {VENDOR_ID, 0},
226 };
227
228 /**
229 * Message rule for IKE_AUTH from responder.
230 */
231 static payload_rule_t ike_auth_r_rules[] = {
232 /* payload type min max encr suff */
233 {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, TRUE},
234 {EXTENSIBLE_AUTHENTICATION, 0, 1, TRUE, TRUE},
235 {AUTHENTICATION, 0, 1, TRUE, TRUE},
236 {CERTIFICATE, 0, MAX_CERT_PAYLOADS, TRUE, FALSE},
237 {ID_RESPONDER, 0, 1, TRUE, FALSE},
238 {SECURITY_ASSOCIATION, 0, 1, TRUE, FALSE},
239 {TRAFFIC_SELECTOR_INITIATOR, 0, 1, TRUE, FALSE},
240 {TRAFFIC_SELECTOR_RESPONDER, 0, 1, TRUE, FALSE},
241 {CONFIGURATION, 0, 1, TRUE, FALSE},
242 {VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE},
243 };
244
245 /**
246 * payload order for IKE_AUTH responder
247 */
248 static payload_order_t ike_auth_r_order[] = {
249 /* payload type notify type */
250 {ID_RESPONDER, 0},
251 {CERTIFICATE, 0},
252 {AUTHENTICATION, 0},
253 {EXTENSIBLE_AUTHENTICATION, 0},
254 {CONFIGURATION, 0},
255 {NOTIFY, IPCOMP_SUPPORTED},
256 {NOTIFY, USE_TRANSPORT_MODE},
257 {NOTIFY, ESP_TFC_PADDING_NOT_SUPPORTED},
258 {NOTIFY, NON_FIRST_FRAGMENTS_ALSO},
259 {SECURITY_ASSOCIATION, 0},
260 {TRAFFIC_SELECTOR_INITIATOR, 0},
261 {TRAFFIC_SELECTOR_RESPONDER, 0},
262 {NOTIFY, AUTH_LIFETIME},
263 {NOTIFY, MOBIKE_SUPPORTED},
264 {NOTIFY, ADDITIONAL_IP4_ADDRESS},
265 {NOTIFY, ADDITIONAL_IP6_ADDRESS},
266 {NOTIFY, NO_ADDITIONAL_ADDRESSES},
267 {NOTIFY, 0},
268 {VENDOR_ID, 0},
269 };
270
271 /**
272 * Message rule for INFORMATIONAL from initiator.
273 */
274 static payload_rule_t informational_i_rules[] = {
275 /* payload type min max encr suff */
276 {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE},
277 {CONFIGURATION, 0, 1, TRUE, FALSE},
278 {DELETE, 0, MAX_DELETE_PAYLOADS, TRUE, FALSE},
279 {VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE},
280 };
281
282 /**
283 * payload order for INFORMATIONAL initiator
284 */
285 static payload_order_t informational_i_order[] = {
286 /* payload type notify type */
287 {NOTIFY, UPDATE_SA_ADDRESSES},
288 {NOTIFY, NAT_DETECTION_SOURCE_IP},
289 {NOTIFY, NAT_DETECTION_DESTINATION_IP},
290 {NOTIFY, COOKIE2},
291 {NOTIFY, 0},
292 {DELETE, 0},
293 {CONFIGURATION, 0},
294 };
295
296 /**
297 * Message rule for INFORMATIONAL from responder.
298 */
299 static payload_rule_t informational_r_rules[] = {
300 /* payload type min max encr suff */
301 {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE},
302 {CONFIGURATION, 0, 1, TRUE, FALSE},
303 {DELETE, 0, MAX_DELETE_PAYLOADS, TRUE, FALSE},
304 {VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE},
305 };
306
307 /**
308 * payload order for INFORMATIONAL responder
309 */
310 static payload_order_t informational_r_order[] = {
311 /* payload type notify type */
312 {NOTIFY, UPDATE_SA_ADDRESSES},
313 {NOTIFY, NAT_DETECTION_SOURCE_IP},
314 {NOTIFY, NAT_DETECTION_DESTINATION_IP},
315 {NOTIFY, COOKIE2},
316 {NOTIFY, 0},
317 {DELETE, 0},
318 {CONFIGURATION, 0},
319 };
320
321 /**
322 * Message rule for CREATE_CHILD_SA from initiator.
323 */
324 static payload_rule_t create_child_sa_i_rules[] = {
325 /* payload type min max encr suff */
326 {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE},
327 {SECURITY_ASSOCIATION, 1, 1, TRUE, FALSE},
328 {NONCE, 1, 1, TRUE, FALSE},
329 {KEY_EXCHANGE, 0, 1, TRUE, FALSE},
330 {TRAFFIC_SELECTOR_INITIATOR, 0, 1, TRUE, FALSE},
331 {TRAFFIC_SELECTOR_RESPONDER, 0, 1, TRUE, FALSE},
332 {CONFIGURATION, 0, 1, TRUE, FALSE},
333 {VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE},
334 };
335
336 /**
337 * payload order for CREATE_CHILD_SA from initiator.
338 */
339 static payload_order_t create_child_sa_i_order[] = {
340 /* payload type notify type */
341 {NOTIFY, REKEY_SA},
342 {NOTIFY, IPCOMP_SUPPORTED},
343 {NOTIFY, USE_TRANSPORT_MODE},
344 {NOTIFY, ESP_TFC_PADDING_NOT_SUPPORTED},
345 {NOTIFY, NON_FIRST_FRAGMENTS_ALSO},
346 {SECURITY_ASSOCIATION, 0},
347 {NONCE, 0},
348 {KEY_EXCHANGE, 0},
349 {TRAFFIC_SELECTOR_INITIATOR, 0},
350 {TRAFFIC_SELECTOR_RESPONDER, 0},
351 {NOTIFY, 0},
352 };
353
354 /**
355 * Message rule for CREATE_CHILD_SA from responder.
356 */
357 static payload_rule_t create_child_sa_r_rules[] = {
358 /* payload type min max encr suff */
359 {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, TRUE},
360 {SECURITY_ASSOCIATION, 1, 1, TRUE, FALSE},
361 {NONCE, 1, 1, TRUE, FALSE},
362 {KEY_EXCHANGE, 0, 1, TRUE, FALSE},
363 {TRAFFIC_SELECTOR_INITIATOR, 0, 1, TRUE, FALSE},
364 {TRAFFIC_SELECTOR_RESPONDER, 0, 1, TRUE, FALSE},
365 {CONFIGURATION, 0, 1, TRUE, FALSE},
366 {VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE},
367 };
368
369 /**
370 * payload order for CREATE_CHILD_SA from responder.
371 */
372 static payload_order_t create_child_sa_r_order[] = {
373 /* payload type notify type */
374 {NOTIFY, IPCOMP_SUPPORTED},
375 {NOTIFY, USE_TRANSPORT_MODE},
376 {NOTIFY, ESP_TFC_PADDING_NOT_SUPPORTED},
377 {NOTIFY, NON_FIRST_FRAGMENTS_ALSO},
378 {SECURITY_ASSOCIATION, 0},
379 {NONCE, 0},
380 {KEY_EXCHANGE, 0},
381 {TRAFFIC_SELECTOR_INITIATOR, 0},
382 {TRAFFIC_SELECTOR_RESPONDER, 0},
383 {NOTIFY, ADDITIONAL_TS_POSSIBLE},
384 {NOTIFY, 0},
385 };
386
387 #ifdef ME
388 /**
389 * Message rule for ME_CONNECT from initiator.
390 */
391 static payload_rule_t me_connect_i_rules[] = {
392 /* payload type min max encr suff */
393 {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, TRUE},
394 {ID_PEER, 1, 1, TRUE, FALSE},
395 {VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE}
396 };
397
398 /**
399 * payload order for ME_CONNECT from initiator.
400 */
401 static payload_order_t me_connect_i_order[] = {
402 /* payload type notify type */
403 {NOTIFY, 0},
404 {ID_PEER, 0},
405 {VENDOR_ID, 0},
406 };
407
408 /**
409 * Message rule for ME_CONNECT from responder.
410 */
411 static payload_rule_t me_connect_r_rules[] = {
412 /* payload type min max encr suff */
413 {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, TRUE},
414 {VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE}
415 };
416
417 /**
418 * payload order for ME_CONNECT from responder.
419 */
420 static payload_order_t me_connect_r_order[] = {
421 /* payload type notify type */
422 {NOTIFY, 0},
423 {VENDOR_ID, 0},
424 };
425 #endif /* ME */
426
427 #ifdef USE_IKEV1
428 /**
429 * Message rule for ID_PROT from initiator.
430 */
431 static payload_rule_t id_prot_i_rules[] = {
432 /* payload type min max encr suff */
433 {NOTIFY_V1, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE},
434 {SECURITY_ASSOCIATION_V1, 0, 1, FALSE, FALSE},
435 {KEY_EXCHANGE_V1, 0, 1, FALSE, FALSE},
436 {NONCE_V1, 0, 1, FALSE, FALSE},
437 {VENDOR_ID_V1, 0, MAX_VID_PAYLOADS, FALSE, FALSE},
438 {CERTIFICATE_REQUEST_V1, 0, MAX_CERTREQ_PAYLOADS, FALSE, FALSE},
439 {NAT_D_V1, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE},
440 {ID_V1, 0, 1, TRUE, FALSE},
441 {CERTIFICATE_V1, 0, 2, TRUE, FALSE},
442 {SIGNATURE_V1, 0, 1, TRUE, FALSE},
443 {HASH_V1, 0, 1, TRUE, FALSE},
444 };
445
446 /**
447 * payload order for ID_PROT from initiator.
448 */
449 static payload_order_t id_prot_i_order[] = {
450 /* payload type notify type */
451 {SECURITY_ASSOCIATION_V1, 0},
452 {KEY_EXCHANGE_V1, 0},
453 {NONCE_V1, 0},
454 {ID_V1, 0},
455 {CERTIFICATE_V1, 0},
456 {SIGNATURE_V1, 0},
457 {HASH_V1, 0},
458 {CERTIFICATE_REQUEST_V1, 0},
459 {NOTIFY_V1, 0},
460 {VENDOR_ID_V1, 0},
461 {NAT_D_V1, 0},
462 };
463
464 /**
465 * Message rule for ID_PROT from responder.
466 */
467 static payload_rule_t id_prot_r_rules[] = {
468 /* payload type min max encr suff */
469 {NOTIFY_V1, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE},
470 {SECURITY_ASSOCIATION_V1, 0, 1, FALSE, FALSE},
471 {KEY_EXCHANGE_V1, 0, 1, FALSE, FALSE},
472 {NONCE_V1, 0, 1, FALSE, FALSE},
473 {VENDOR_ID_V1, 0, MAX_VID_PAYLOADS, FALSE, FALSE},
474 {CERTIFICATE_REQUEST_V1, 0, MAX_CERTREQ_PAYLOADS, FALSE, FALSE},
475 {NAT_D_V1, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE},
476 {ID_V1, 0, 1, TRUE, FALSE},
477 {CERTIFICATE_V1, 0, 2, TRUE, FALSE},
478 {SIGNATURE_V1, 0, 1, TRUE, FALSE},
479 {HASH_V1, 0, 1, TRUE, FALSE},
480 };
481
482 /**
483 * payload order for ID_PROT from responder.
484 */
485 static payload_order_t id_prot_r_order[] = {
486 /* payload type notify type */
487 {SECURITY_ASSOCIATION_V1, 0},
488 {KEY_EXCHANGE_V1, 0},
489 {NONCE_V1, 0},
490 {ID_V1, 0},
491 {CERTIFICATE_V1, 0},
492 {SIGNATURE_V1, 0},
493 {HASH_V1, 0},
494 {CERTIFICATE_REQUEST_V1, 0},
495 {NOTIFY_V1, 0},
496 {VENDOR_ID_V1, 0},
497 {NAT_D_V1, 0},
498 };
499
500 /**
501 * Message rule for AGGRESSIVE from initiator.
502 */
503 static payload_rule_t aggressive_i_rules[] = {
504 /* payload type min max encr suff */
505 {NOTIFY_V1, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE},
506 {SECURITY_ASSOCIATION_V1, 0, 1, FALSE, FALSE},
507 {KEY_EXCHANGE_V1, 0, 1, FALSE, FALSE},
508 {NONCE_V1, 0, 1, FALSE, FALSE},
509 {VENDOR_ID_V1, 0, MAX_VID_PAYLOADS, FALSE, FALSE},
510 {CERTIFICATE_REQUEST_V1, 0, MAX_CERTREQ_PAYLOADS, FALSE, FALSE},
511 {NAT_D_V1, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE},
512 {ID_V1, 0, 1, FALSE, FALSE},
513 {CERTIFICATE_V1, 0, 1, FALSE, FALSE},
514 {SIGNATURE_V1, 0, 1, FALSE, FALSE},
515 {HASH_V1, 0, 1, FALSE, FALSE},
516 };
517
518 /**
519 * payload order for AGGRESSIVE from initiator.
520 */
521 static payload_order_t aggressive_i_order[] = {
522 /* payload type notify type */
523 {SECURITY_ASSOCIATION_V1, 0},
524 {KEY_EXCHANGE_V1, 0},
525 {NONCE_V1, 0},
526 {ID_V1, 0},
527 {CERTIFICATE_V1, 0},
528 {NAT_D_V1, 0},
529 {SIGNATURE_V1, 0},
530 {HASH_V1, 0},
531 {CERTIFICATE_REQUEST_V1, 0},
532 {NOTIFY_V1, 0},
533 {VENDOR_ID_V1, 0},
534 };
535
536 /**
537 * Message rule for AGGRESSIVE from responder.
538 */
539 static payload_rule_t aggressive_r_rules[] = {
540 /* payload type min max encr suff */
541 {NOTIFY_V1, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE},
542 {SECURITY_ASSOCIATION_V1, 0, 1, FALSE, FALSE},
543 {KEY_EXCHANGE_V1, 0, 1, FALSE, FALSE},
544 {NONCE_V1, 0, 1, FALSE, FALSE},
545 {VENDOR_ID_V1, 0, MAX_VID_PAYLOADS, FALSE, FALSE},
546 {CERTIFICATE_REQUEST_V1, 0, MAX_CERTREQ_PAYLOADS, FALSE, FALSE},
547 {NAT_D_V1, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE},
548 {ID_V1, 0, 1, FALSE, FALSE},
549 {CERTIFICATE_V1, 0, 1, FALSE, FALSE},
550 {SIGNATURE_V1, 0, 1, FALSE, FALSE},
551 {HASH_V1, 0, 1, FALSE, FALSE},
552 };
553
554 /**
555 * payload order for AGGRESSIVE from responder.
556 */
557 static payload_order_t aggressive_r_order[] = {
558 /* payload type notify type */
559 {SECURITY_ASSOCIATION_V1, 0},
560 {KEY_EXCHANGE_V1, 0},
561 {NONCE_V1, 0},
562 {ID_V1, 0},
563 {CERTIFICATE_V1, 0},
564 {NAT_D_V1, 0},
565 {SIGNATURE_V1, 0},
566 {HASH_V1, 0},
567 {CERTIFICATE_REQUEST_V1, 0},
568 {NOTIFY_V1, 0},
569 {VENDOR_ID_V1, 0},
570 };
571
572 /**
573 * Message rule for INFORMATIONAL_V1 from initiator.
574 */
575 static payload_rule_t informational_i_rules_v1[] = {
576 /* payload type min max encr suff */
577 {NOTIFY_V1, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE},
578 {NOTIFY_V1, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE},
579 {DELETE_V1, 0, MAX_DELETE_PAYLOADS, TRUE, FALSE},
580 {VENDOR_ID_V1, 0, MAX_VID_PAYLOADS, TRUE, FALSE},
581 };
582
583 /**
584 * payload order for INFORMATIONAL_V1 from initiator.
585 */
586 static payload_order_t informational_i_order_v1[] = {
587 /* payload type notify type */
588 {NOTIFY_V1, 0},
589 {DELETE_V1, 0},
590 {VENDOR_ID_V1, 0},
591 };
592
593 /**
594 * Message rule for QUICK_MODE from initiator.
595 */
596 static payload_rule_t quick_mode_i_rules[] = {
597 /* payload type min max encr suff */
598 {NOTIFY_V1, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE},
599 {VENDOR_ID_V1, 0, MAX_VID_PAYLOADS, TRUE, FALSE},
600 {HASH_V1, 0, 1, TRUE, FALSE},
601 {SECURITY_ASSOCIATION_V1, 0, 2, TRUE, FALSE},
602 {NONCE_V1, 0, 1, TRUE, FALSE},
603 {KEY_EXCHANGE_V1, 0, 1, TRUE, FALSE},
604 {ID_V1, 0, 2, TRUE, FALSE},
605 {NAT_OA_V1, 0, 2, TRUE, FALSE},
606 };
607
608 /**
609 * payload order for QUICK_MODE from initiator.
610 */
611 static payload_order_t quick_mode_i_order[] = {
612 /* payload type notify type */
613 {NOTIFY_V1, 0},
614 {VENDOR_ID_V1, 0},
615 {HASH_V1, 0},
616 {SECURITY_ASSOCIATION_V1, 0},
617 {NONCE_V1, 0},
618 {KEY_EXCHANGE_V1, 0},
619 {ID_V1, 0},
620 {NAT_OA_V1, 0},
621 };
622
623 /**
624 * Message rule for QUICK_MODE from responder.
625 */
626 static payload_rule_t quick_mode_r_rules[] = {
627 /* payload type min max encr suff */
628 {NOTIFY_V1, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE},
629 {VENDOR_ID_V1, 0, MAX_VID_PAYLOADS, TRUE, FALSE},
630 {HASH_V1, 0, 1, TRUE, FALSE},
631 {SECURITY_ASSOCIATION_V1, 0, 2, TRUE, FALSE},
632 {NONCE_V1, 0, 1, TRUE, FALSE},
633 {KEY_EXCHANGE_V1, 0, 1, TRUE, FALSE},
634 {ID_V1, 0, 2, TRUE, FALSE},
635 {NAT_OA_V1, 0, 2, TRUE, FALSE},
636 };
637
638 /**
639 * payload order for QUICK_MODE from responder.
640 */
641 static payload_order_t quick_mode_r_order[] = {
642 /* payload type notify type */
643 {NOTIFY_V1, 0},
644 {VENDOR_ID_V1, 0},
645 {HASH_V1, 0},
646 {SECURITY_ASSOCIATION_V1, 0},
647 {NONCE_V1, 0},
648 {KEY_EXCHANGE_V1, 0},
649 {ID_V1, 0},
650 {NAT_OA_V1, 0},
651 };
652
653 /**
654 * Message rule for TRANSACTION.
655 */
656 static payload_rule_t transaction_payload_rules_v1[] = {
657 /* payload type min max encr suff */
658 {HASH_V1, 0, 1, TRUE, FALSE},
659 {CONFIGURATION_V1, 1, 1, FALSE, FALSE},
660 };
661
662 /**
663 * Payload order for TRANSACTION.
664 */
665 static payload_order_t transaction_payload_order_v1[] = {
666 /* payload type notify type */
667 {HASH_V1, 0},
668 {CONFIGURATION_V1, 0},
669 };
670
671 #endif /* USE_IKEV1 */
672
673 /**
674 * Message rules, defines allowed payloads.
675 */
676 static message_rule_t message_rules[] = {
677 {IKE_SA_INIT, TRUE, FALSE,
678 countof(ike_sa_init_i_rules), ike_sa_init_i_rules,
679 countof(ike_sa_init_i_order), ike_sa_init_i_order,
680 },
681 {IKE_SA_INIT, FALSE, FALSE,
682 countof(ike_sa_init_r_rules), ike_sa_init_r_rules,
683 countof(ike_sa_init_r_order), ike_sa_init_r_order,
684 },
685 {IKE_AUTH, TRUE, TRUE,
686 countof(ike_auth_i_rules), ike_auth_i_rules,
687 countof(ike_auth_i_order), ike_auth_i_order,
688 },
689 {IKE_AUTH, FALSE, TRUE,
690 countof(ike_auth_r_rules), ike_auth_r_rules,
691 countof(ike_auth_r_order), ike_auth_r_order,
692 },
693 {INFORMATIONAL, TRUE, TRUE,
694 countof(informational_i_rules), informational_i_rules,
695 countof(informational_i_order), informational_i_order,
696 },
697 {INFORMATIONAL, FALSE, TRUE,
698 countof(informational_r_rules), informational_r_rules,
699 countof(informational_r_order), informational_r_order,
700 },
701 {CREATE_CHILD_SA, TRUE, TRUE,
702 countof(create_child_sa_i_rules), create_child_sa_i_rules,
703 countof(create_child_sa_i_order), create_child_sa_i_order,
704 },
705 {CREATE_CHILD_SA, FALSE, TRUE,
706 countof(create_child_sa_r_rules), create_child_sa_r_rules,
707 countof(create_child_sa_r_order), create_child_sa_r_order,
708 },
709 #ifdef ME
710 {ME_CONNECT, TRUE, TRUE,
711 countof(me_connect_i_rules), me_connect_i_rules,
712 countof(me_connect_i_order), me_connect_i_order,
713 },
714 {ME_CONNECT, FALSE, TRUE,
715 countof(me_connect_r_rules), me_connect_r_rules,
716 countof(me_connect_r_order), me_connect_r_order,
717 },
718 #endif /* ME */
719 #ifdef USE_IKEV1
720 {ID_PROT, TRUE, FALSE,
721 countof(id_prot_i_rules), id_prot_i_rules,
722 countof(id_prot_i_order), id_prot_i_order,
723 },
724 {ID_PROT, FALSE, FALSE,
725 countof(id_prot_r_rules), id_prot_r_rules,
726 countof(id_prot_r_order), id_prot_r_order,
727 },
728 {AGGRESSIVE, TRUE, FALSE,
729 countof(aggressive_i_rules), aggressive_i_rules,
730 countof(aggressive_i_order), aggressive_i_order,
731 },
732 {AGGRESSIVE, FALSE, FALSE,
733 countof(aggressive_r_rules), aggressive_r_rules,
734 countof(aggressive_r_order), aggressive_r_order,
735 },
736 {INFORMATIONAL_V1, TRUE, TRUE,
737 countof(informational_i_rules_v1), informational_i_rules_v1,
738 countof(informational_i_order_v1), informational_i_order_v1,
739 },
740 {QUICK_MODE, TRUE, TRUE,
741 countof(quick_mode_i_rules), quick_mode_i_rules,
742 countof(quick_mode_i_order), quick_mode_i_order,
743 },
744 {QUICK_MODE, FALSE, TRUE,
745 countof(quick_mode_r_rules), quick_mode_r_rules,
746 countof(quick_mode_r_order), quick_mode_r_order,
747 },
748 {TRANSACTION, TRUE, TRUE,
749 countof(transaction_payload_rules_v1), transaction_payload_rules_v1,
750 countof(transaction_payload_order_v1), transaction_payload_order_v1,
751 },
752 {TRANSACTION, FALSE, TRUE,
753 countof(transaction_payload_rules_v1), transaction_payload_rules_v1,
754 countof(transaction_payload_order_v1), transaction_payload_order_v1,
755 },
756 /* TODO-IKEv1: define rules for other exchanges */
757 #endif /* USE_IKEV1 */
758 };
759
760
761 typedef struct private_message_t private_message_t;
762
763 /**
764 * Private data of an message_t object.
765 */
766 struct private_message_t {
767
768 /**
769 * Public part of a message_t object.
770 */
771 message_t public;
772
773 /**
774 * Minor version of message.
775 */
776 u_int8_t major_version;
777
778 /**
779 * Major version of message.
780 */
781 u_int8_t minor_version;
782
783 /**
784 * First Payload in message.
785 */
786 payload_type_t first_payload;
787
788 /**
789 * Assigned exchange type.
790 */
791 exchange_type_t exchange_type;
792
793 /**
794 * TRUE if message is a request, FALSE if a reply.
795 */
796 bool is_request;
797
798 /**
799 * The message is encrypted (IKEv1)
800 */
801 bool is_encrypted;
802
803 /**
804 * Higher version supported?
805 */
806 bool version_flag;
807
808 /**
809 * Reserved bits in IKE header
810 */
811 bool reserved[2];
812
813 /**
814 * Sorting of message disabled?
815 */
816 bool sort_disabled;
817
818 /**
819 * Message ID of this message.
820 */
821 u_int32_t message_id;
822
823 /**
824 * ID of assigned IKE_SA.
825 */
826 ike_sa_id_t *ike_sa_id;
827
828 /**
829 * Assigned UDP packet, stores incoming packet or last generated one.
830 */
831 packet_t *packet;
832
833 /**
834 * Linked List where payload data are stored in.
835 */
836 linked_list_t *payloads;
837
838 /**
839 * Assigned parser to parse Header and Body of this message.
840 */
841 parser_t *parser;
842
843 /**
844 * The message rule for this message instance
845 */
846 message_rule_t *rule;
847 };
848
849 /**
850 * Get the message rule that applies to this message
851 */
852 static message_rule_t* get_message_rule(private_message_t *this)
853 {
854 int i;
855
856 for (i = 0; i < countof(message_rules); i++)
857 {
858 if ((this->exchange_type == message_rules[i].exchange_type) &&
859 (this->is_request == message_rules[i].is_request))
860 {
861 return &message_rules[i];
862 }
863 }
864 return NULL;
865 }
866
867 /**
868 * Look up a payload rule
869 */
870 static payload_rule_t* get_payload_rule(private_message_t *this,
871 payload_type_t type)
872 {
873 int i;
874
875 for (i = 0; i < this->rule->rule_count;i++)
876 {
877 if (this->rule->rules[i].type == type)
878 {
879 return &this->rule->rules[i];
880 }
881 }
882 return NULL;
883 }
884
885 METHOD(message_t, set_ike_sa_id, void,
886 private_message_t *this,ike_sa_id_t *ike_sa_id)
887 {
888 DESTROY_IF(this->ike_sa_id);
889 this->ike_sa_id = ike_sa_id->clone(ike_sa_id);
890 }
891
892 METHOD(message_t, get_ike_sa_id, ike_sa_id_t*,
893 private_message_t *this)
894 {
895 return this->ike_sa_id;
896 }
897
898 METHOD(message_t, set_message_id, void,
899 private_message_t *this,u_int32_t message_id)
900 {
901 this->message_id = message_id;
902 }
903
904 METHOD(message_t, get_message_id, u_int32_t,
905 private_message_t *this)
906 {
907 return this->message_id;
908 }
909
910 METHOD(message_t, get_initiator_spi, u_int64_t,
911 private_message_t *this)
912 {
913 return (this->ike_sa_id->get_initiator_spi(this->ike_sa_id));
914 }
915
916 METHOD(message_t, get_responder_spi, u_int64_t,
917 private_message_t *this)
918 {
919 return (this->ike_sa_id->get_responder_spi(this->ike_sa_id));
920 }
921
922 METHOD(message_t, set_major_version, void,
923 private_message_t *this, u_int8_t major_version)
924 {
925 this->major_version = major_version;
926 }
927
928 METHOD(message_t, get_major_version, u_int8_t,
929 private_message_t *this)
930 {
931 return this->major_version;
932 }
933
934 METHOD(message_t, set_minor_version, void,
935 private_message_t *this,u_int8_t minor_version)
936 {
937 this->minor_version = minor_version;
938 }
939
940 METHOD(message_t, get_minor_version, u_int8_t,
941 private_message_t *this)
942 {
943 return this->minor_version;
944 }
945
946 METHOD(message_t, set_exchange_type, void,
947 private_message_t *this, exchange_type_t exchange_type)
948 {
949 this->exchange_type = exchange_type;
950 }
951
952 METHOD(message_t, get_exchange_type, exchange_type_t,
953 private_message_t *this)
954 {
955 return this->exchange_type;
956 }
957
958 METHOD(message_t, get_first_payload_type, payload_type_t,
959 private_message_t *this)
960 {
961 return this->first_payload;
962 }
963
964 METHOD(message_t, set_request, void,
965 private_message_t *this, bool request)
966 {
967 this->is_request = request;
968 }
969
970 METHOD(message_t, get_request, bool,
971 private_message_t *this)
972 {
973 return this->is_request;
974 }
975
976 METHOD(message_t, set_version_flag, void,
977 private_message_t *this)
978 {
979 this->version_flag = TRUE;
980 }
981
982 METHOD(message_t, get_reserved_header_bit, bool,
983 private_message_t *this, u_int nr)
984 {
985 if (nr < countof(this->reserved))
986 {
987 return this->reserved[nr];
988 }
989 return FALSE;
990 }
991
992 METHOD(message_t, set_reserved_header_bit, void,
993 private_message_t *this, u_int nr)
994 {
995 if (nr < countof(this->reserved))
996 {
997 this->reserved[nr] = TRUE;
998 }
999 }
1000
1001 METHOD(message_t, is_encoded, bool,
1002 private_message_t *this)
1003 {
1004 return this->packet->get_data(this->packet).ptr != NULL;
1005 }
1006
1007 METHOD(message_t, add_payload, void,
1008 private_message_t *this, payload_t *payload)
1009 {
1010 payload_t *last_payload;
1011
1012 if (this->payloads->get_count(this->payloads) > 0)
1013 {
1014 this->payloads->get_last(this->payloads, (void **)&last_payload);
1015 last_payload->set_next_type(last_payload, payload->get_type(payload));
1016 }
1017 else
1018 {
1019 this->first_payload = payload->get_type(payload);
1020 }
1021 payload->set_next_type(payload, NO_PAYLOAD);
1022 this->payloads->insert_last(this->payloads, payload);
1023
1024 DBG2(DBG_ENC ,"added payload of type %N to message",
1025 payload_type_names, payload->get_type(payload));
1026 }
1027
1028 METHOD(message_t, add_notify, void,
1029 private_message_t *this, bool flush, notify_type_t type, chunk_t data)
1030 {
1031 notify_payload_t *notify;
1032 payload_t *payload;
1033
1034 if (flush)
1035 {
1036 while (this->payloads->remove_last(this->payloads,
1037 (void**)&payload) == SUCCESS)
1038 {
1039 payload->destroy(payload);
1040 }
1041 }
1042 if (this->major_version == IKEV2_MAJOR_VERSION)
1043 {
1044 notify = notify_payload_create(NOTIFY);
1045 }
1046 else
1047 {
1048 notify = notify_payload_create(NOTIFY_V1);
1049 }
1050 notify->set_notify_type(notify, type);
1051 notify->set_notification_data(notify, data);
1052 add_payload(this, (payload_t*)notify);
1053 }
1054
1055 METHOD(message_t, set_source, void,
1056 private_message_t *this, host_t *host)
1057 {
1058 this->packet->set_source(this->packet, host);
1059 }
1060
1061 METHOD(message_t, set_destination, void,
1062 private_message_t *this, host_t *host)
1063 {
1064 this->packet->set_destination(this->packet, host);
1065 }
1066
1067 METHOD(message_t, get_source, host_t*,
1068 private_message_t *this)
1069 {
1070 return this->packet->get_source(this->packet);
1071 }
1072
1073 METHOD(message_t, get_destination, host_t*,
1074 private_message_t *this)
1075 {
1076 return this->packet->get_destination(this->packet);
1077 }
1078
1079 METHOD(message_t, create_payload_enumerator, enumerator_t*,
1080 private_message_t *this)
1081 {
1082 return this->payloads->create_enumerator(this->payloads);
1083 }
1084
1085 METHOD(message_t, remove_payload_at, void,
1086 private_message_t *this, enumerator_t *enumerator)
1087 {
1088 this->payloads->remove_at(this->payloads, enumerator);
1089 }
1090
1091 METHOD(message_t, get_payload, payload_t*,
1092 private_message_t *this, payload_type_t type)
1093 {
1094 payload_t *current, *found = NULL;
1095 enumerator_t *enumerator;
1096
1097 enumerator = create_payload_enumerator(this);
1098 while (enumerator->enumerate(enumerator, &current))
1099 {
1100 if (current->get_type(current) == type)
1101 {
1102 found = current;
1103 break;
1104 }
1105 }
1106 enumerator->destroy(enumerator);
1107 return found;
1108 }
1109
1110 METHOD(message_t, get_notify, notify_payload_t*,
1111 private_message_t *this, notify_type_t type)
1112 {
1113 enumerator_t *enumerator;
1114 notify_payload_t *notify = NULL;
1115 payload_t *payload;
1116
1117 enumerator = create_payload_enumerator(this);
1118 while (enumerator->enumerate(enumerator, &payload))
1119 {
1120 if (payload->get_type(payload) == NOTIFY)
1121 {
1122 notify = (notify_payload_t*)payload;
1123 if (notify->get_notify_type(notify) == type)
1124 {
1125 break;
1126 }
1127 notify = NULL;
1128 }
1129 }
1130 enumerator->destroy(enumerator);
1131 return notify;
1132 }
1133
1134 /**
1135 * get a string representation of the message
1136 */
1137 static char* get_string(private_message_t *this, char *buf, int len)
1138 {
1139 enumerator_t *enumerator;
1140 payload_t *payload;
1141 int written;
1142 char *pos = buf;
1143
1144 memset(buf, 0, len);
1145 len--;
1146
1147 written = snprintf(pos, len, "%N %s %u [",
1148 exchange_type_names, this->exchange_type,
1149 this->is_request ? "request" : "response",
1150 this->message_id);
1151 if (written >= len || written < 0)
1152 {
1153 return "";
1154 }
1155 pos += written;
1156 len -= written;
1157
1158 enumerator = create_payload_enumerator(this);
1159 while (enumerator->enumerate(enumerator, &payload))
1160 {
1161 written = snprintf(pos, len, " %N", payload_type_short_names,
1162 payload->get_type(payload));
1163 if (written >= len || written < 0)
1164 {
1165 return buf;
1166 }
1167 pos += written;
1168 len -= written;
1169 if (payload->get_type(payload) == NOTIFY)
1170 {
1171 notify_payload_t *notify;
1172 notify_type_t type;
1173 chunk_t data;
1174
1175 notify = (notify_payload_t*)payload;
1176 type = notify->get_notify_type(notify);
1177 data = notify->get_notification_data(notify);
1178 if (type == MS_NOTIFY_STATUS && data.len == 4)
1179 {
1180 written = snprintf(pos, len, "(%N(%d))", notify_type_short_names,
1181 type, untoh32(data.ptr));
1182 }
1183 else
1184 {
1185 written = snprintf(pos, len, "(%N)", notify_type_short_names,
1186 type);
1187 }
1188 if (written >= len || written < 0)
1189 {
1190 return buf;
1191 }
1192 pos += written;
1193 len -= written;
1194 }
1195 if (payload->get_type(payload) == EXTENSIBLE_AUTHENTICATION)
1196 {
1197 eap_payload_t *eap = (eap_payload_t*)payload;
1198 u_int32_t vendor;
1199 eap_type_t type;
1200 char method[64] = "";
1201
1202 type = eap->get_type(eap, &vendor);
1203 if (type)
1204 {
1205 if (vendor)
1206 {
1207 snprintf(method, sizeof(method), "/%d-%d", type, vendor);
1208 }
1209 else
1210 {
1211 snprintf(method, sizeof(method), "/%N",
1212 eap_type_short_names, type);
1213 }
1214 }
1215 written = snprintf(pos, len, "/%N%s", eap_code_short_names,
1216 eap->get_code(eap), method);
1217 if (written >= len || written < 0)
1218 {
1219 return buf;
1220 }
1221 pos += written;
1222 len -= written;
1223 }
1224 if (payload->get_type(payload) == CONFIGURATION)
1225 {
1226 cp_payload_t *cp = (cp_payload_t*)payload;
1227 enumerator_t *attributes;
1228 configuration_attribute_t *attribute;
1229 bool first = TRUE;
1230
1231 attributes = cp->create_attribute_enumerator(cp);
1232 while (attributes->enumerate(attributes, &attribute))
1233 {
1234 written = snprintf(pos, len, "%s%N", first ? "(" : " ",
1235 configuration_attribute_type_short_names,
1236 attribute->get_type(attribute));
1237 if (written >= len || written < 0)
1238 {
1239 return buf;
1240 }
1241 pos += written;
1242 len -= written;
1243 first = FALSE;
1244 }
1245 attributes->destroy(attributes);
1246 if (!first)
1247 {
1248 written = snprintf(pos, len, ")");
1249 if (written >= len || written < 0)
1250 {
1251 return buf;
1252 }
1253 pos += written;
1254 len -= written;
1255 }
1256 }
1257 }
1258 enumerator->destroy(enumerator);
1259
1260 /* remove last space */
1261 snprintf(pos, len, " ]");
1262 return buf;
1263 }
1264
1265 /**
1266 * reorder payloads depending on reordering rules
1267 */
1268 static void order_payloads(private_message_t *this)
1269 {
1270 linked_list_t *list;
1271 payload_t *payload;
1272 int i;
1273
1274 /* move to temp list */
1275 list = linked_list_create();
1276 while (this->payloads->remove_last(this->payloads,
1277 (void**)&payload) == SUCCESS)
1278 {
1279 list->insert_first(list, payload);
1280 }
1281 /* for each rule, ... */
1282 for (i = 0; i < this->rule->order_count; i++)
1283 {
1284 enumerator_t *enumerator;
1285 notify_payload_t *notify;
1286 payload_order_t order;
1287
1288 order = this->rule->order[i];
1289
1290 /* ... find all payload ... */
1291 enumerator = list->create_enumerator(list);
1292 while (enumerator->enumerate(enumerator, &payload))
1293 {
1294 /* ... with that type ... */
1295 if (payload->get_type(payload) == order.type)
1296 {
1297 notify = (notify_payload_t*)payload;
1298
1299 /**... and check notify for type. */
1300 if (order.type != NOTIFY || order.notify == 0 ||
1301 order.notify == notify->get_notify_type(notify))
1302 {
1303 list->remove_at(list, enumerator);
1304 add_payload(this, payload);
1305 }
1306 }
1307 }
1308 enumerator->destroy(enumerator);
1309 }
1310 /* append all payloads without a rule to the end */
1311 while (list->remove_last(list, (void**)&payload) == SUCCESS)
1312 {
1313 /* do not complain about payloads in private use space */
1314 if (payload->get_type(payload) < 128)
1315 {
1316 DBG1(DBG_ENC, "payload %N has no ordering rule in %N %s",
1317 payload_type_names, payload->get_type(payload),
1318 exchange_type_names, this->rule->exchange_type,
1319 this->rule->is_request ? "request" : "response");
1320 }
1321 add_payload(this, payload);
1322 }
1323 list->destroy(list);
1324 }
1325
1326 /**
1327 * Wrap payloads in an encryption payload
1328 */
1329 static encryption_payload_t* wrap_payloads(private_message_t *this,
1330 payload_type_t encryption_type)
1331 {
1332 encryption_payload_t *encryption;
1333 linked_list_t *payloads;
1334 payload_t *current;
1335
1336 /* copy all payloads in a temporary list */
1337 payloads = linked_list_create();
1338 while (this->payloads->remove_first(this->payloads,
1339 (void**)&current) == SUCCESS)
1340 {
1341 payloads->insert_last(payloads, current);
1342 }
1343
1344 encryption = encryption_payload_create(encryption_type);
1345 while (payloads->remove_first(payloads, (void**)&current) == SUCCESS)
1346 {
1347 payload_rule_t *rule;
1348 payload_type_t type;
1349 bool encrypt = TRUE;
1350
1351 type = current->get_type(current);
1352 rule = get_payload_rule(this, type);
1353 if (rule)
1354 {
1355 encrypt = rule->encrypted;
1356 }
1357 if (encrypt || this->is_encrypted)
1358 { /* encryption is forced for IKEv1 */
1359 DBG2(DBG_ENC, "insert payload %N to encryption payload",
1360 payload_type_names, type);
1361 encryption->add_payload(encryption, current);
1362 }
1363 else
1364 {
1365 DBG2(DBG_ENC, "insert payload %N unencrypted",
1366 payload_type_names, type);
1367 add_payload(this, current);
1368 }
1369 }
1370 payloads->destroy(payloads);
1371
1372 return encryption;
1373 }
1374
1375 METHOD(message_t, disable_sort, void,
1376 private_message_t *this)
1377 {
1378 this->sort_disabled = TRUE;
1379 }
1380
1381 METHOD(message_t, generate, status_t,
1382 private_message_t *this, keymat_t *keymat, packet_t **packet)
1383 {
1384 keymat_v1_t *keymat_v1 = (keymat_v1_t*)keymat;
1385 generator_t *generator;
1386 ike_header_t *ike_header;
1387 payload_t *payload, *next;
1388 encryption_payload_t *encryption = NULL;
1389 payload_type_t next_type;
1390 enumerator_t *enumerator;
1391 aead_t *aead;
1392 chunk_t chunk;
1393 char str[BUF_LEN];
1394 u_int32_t *lenpos;
1395 bool encrypted = FALSE, *reserved;
1396 int i;
1397
1398 if (this->exchange_type == EXCHANGE_TYPE_UNDEFINED)
1399 {
1400 DBG1(DBG_ENC, "exchange type is not defined");
1401 return INVALID_STATE;
1402 }
1403
1404 if (this->packet->get_source(this->packet) == NULL ||
1405 this->packet->get_destination(this->packet) == NULL)
1406 {
1407 DBG1(DBG_ENC, "source/destination not defined");
1408 return INVALID_STATE;
1409 }
1410
1411 this->rule = get_message_rule(this);
1412 if (!this->rule)
1413 {
1414 DBG1(DBG_ENC, "no message rules specified for this message type");
1415 return NOT_SUPPORTED;
1416 }
1417
1418 if (!this->sort_disabled)
1419 {
1420 order_payloads(this);
1421 }
1422
1423 if (this->major_version == IKEV2_MAJOR_VERSION)
1424 {
1425 encrypted = this->rule->encrypted;
1426 }
1427 else
1428 {
1429 /* get a hash for this message, if any is required */
1430 chunk_t hash = keymat_v1->get_hash_phase2(keymat_v1, &this->public);
1431 if (hash.ptr)
1432 { /* insert a HASH payload as first payload */
1433 hash_payload_t *hash_payload = hash_payload_create(HASH_V1);
1434 hash_payload->set_hash(hash_payload, hash);
1435 this->payloads->insert_first(this->payloads,
1436 (payload_t*)hash_payload);
1437 chunk_free(&hash);
1438 }
1439
1440 /* if at least one payload requires encryption, encrypt the message.
1441 * if we have no key material available, the flag will be reset below */
1442 enumerator = this->payloads->create_enumerator(this->payloads);
1443 while (enumerator->enumerate(enumerator, (void**)&payload))
1444 {
1445 payload_rule_t *rule;
1446 rule = get_payload_rule(this, payload->get_type(payload));
1447 if (rule && rule->encrypted)
1448 {
1449 this->is_encrypted = TRUE;
1450 encrypted = TRUE;
1451 break;
1452 }
1453 }
1454 enumerator->destroy(enumerator);
1455 }
1456
1457 DBG1(DBG_ENC, "generating %s", get_string(this, str, sizeof(str)));
1458
1459 aead = keymat->get_aead(keymat, FALSE);
1460 if (aead && encrypted)
1461 {
1462 encryption = wrap_payloads(this, this->is_encrypted ? ENCRYPTED_V1
1463 : ENCRYPTED);
1464 }
1465 else
1466 {
1467 DBG2(DBG_ENC, "not encrypting payloads");
1468 this->is_encrypted = FALSE;
1469 }
1470
1471 ike_header = ike_header_create_version(this->major_version,
1472 this->minor_version);
1473 ike_header->set_exchange_type(ike_header, this->exchange_type);
1474 ike_header->set_message_id(ike_header, this->message_id);
1475 if (this->major_version == IKEV2_MAJOR_VERSION)
1476 {
1477 ike_header->set_response_flag(ike_header, !this->is_request);
1478 ike_header->set_version_flag(ike_header, this->version_flag);
1479 ike_header->set_initiator_flag(ike_header,
1480 this->ike_sa_id->is_initiator(this->ike_sa_id));
1481 }
1482 else
1483 {
1484 ike_header->set_encryption_flag(ike_header, this->is_encrypted);
1485 }
1486 ike_header->set_initiator_spi(ike_header,
1487 this->ike_sa_id->get_initiator_spi(this->ike_sa_id));
1488 ike_header->set_responder_spi(ike_header,
1489 this->ike_sa_id->get_responder_spi(this->ike_sa_id));
1490
1491 for (i = 0; i < countof(this->reserved); i++)
1492 {
1493 reserved = payload_get_field(&ike_header->payload_interface,
1494 RESERVED_BIT, i);
1495 if (reserved)
1496 {
1497 *reserved = this->reserved[i];
1498 }
1499 }
1500
1501 generator = generator_create();
1502
1503 /* generate all payloads with proper next type */
1504 payload = (payload_t*)ike_header;
1505 enumerator = create_payload_enumerator(this);
1506 while (enumerator->enumerate(enumerator, &next))
1507 {
1508 payload->set_next_type(payload, next->get_type(next));
1509 generator->generate_payload(generator, payload);
1510 payload = next;
1511 }
1512 enumerator->destroy(enumerator);
1513 if (this->is_encrypted)
1514 { /* for encrypted IKEv1 messages */
1515 next_type = encryption->payload_interface.get_next_type(
1516 (payload_t*)encryption);
1517 }
1518 else
1519 {
1520 next_type = encryption ? ENCRYPTED : NO_PAYLOAD;
1521 }
1522 payload->set_next_type(payload, next_type);
1523 generator->generate_payload(generator, payload);
1524 ike_header->destroy(ike_header);
1525
1526 if (encryption)
1527 { /* set_transform() has to be called before get_length() */
1528 encryption->set_transform(encryption, aead);
1529 if (this->is_encrypted)
1530 { /* for IKEv1 instead of associated data we provide the IV */
1531 chunk = keymat_v1->get_iv(keymat_v1, this->message_id);
1532 }
1533 else
1534 { /* build associated data (without header of encryption payload) */
1535 chunk = generator->get_chunk(generator, &lenpos);
1536 /* fill in length, including encryption payload */
1537 htoun32(lenpos, chunk.len + encryption->get_length(encryption));
1538 }
1539 this->payloads->insert_last(this->payloads, encryption);
1540 if (!encryption->encrypt(encryption, chunk))
1541 {
1542 generator->destroy(generator);
1543 return INVALID_STATE;
1544 }
1545 generator->generate_payload(generator, &encryption->payload_interface);
1546 }
1547 chunk = generator->get_chunk(generator, &lenpos);
1548 htoun32(lenpos, chunk.len);
1549 this->packet->set_data(this->packet, chunk_clone(chunk));
1550 if (this->is_encrypted)
1551 { /* update the IV for the next IKEv1 message */
1552 chunk_t last_block;
1553 size_t bs = aead->get_block_size(aead);
1554 last_block = chunk_create(chunk.ptr + chunk.len - bs, bs);
1555 keymat_v1->update_iv(keymat_v1, this->message_id, last_block);
1556 keymat_v1->confirm_iv(keymat_v1, this->message_id);
1557 }
1558 generator->destroy(generator);
1559 *packet = this->packet->clone(this->packet);
1560 return SUCCESS;
1561 }
1562
1563 METHOD(message_t, get_packet, packet_t*,
1564 private_message_t *this)
1565 {
1566 if (this->packet == NULL)
1567 {
1568 return NULL;
1569 }
1570 return this->packet->clone(this->packet);
1571 }
1572
1573 METHOD(message_t, get_packet_data, chunk_t,
1574 private_message_t *this)
1575 {
1576 if (this->packet == NULL)
1577 {
1578 return chunk_empty;
1579 }
1580 return this->packet->get_data(this->packet);
1581 }
1582
1583 METHOD(message_t, parse_header, status_t,
1584 private_message_t *this)
1585 {
1586 ike_header_t *ike_header;
1587 status_t status;
1588 bool *reserved;
1589 int i;
1590
1591 DBG2(DBG_ENC, "parsing header of message");
1592
1593 this->parser->reset_context(this->parser);
1594 status = this->parser->parse_payload(this->parser, HEADER,
1595 (payload_t**)&ike_header);
1596 if (status != SUCCESS)
1597 {
1598 DBG1(DBG_ENC, "header could not be parsed");
1599 return status;
1600
1601 }
1602
1603 status = ike_header->payload_interface.verify(
1604 &ike_header->payload_interface);
1605 if (status != SUCCESS)
1606 {
1607 DBG1(DBG_ENC, "header verification failed");
1608 ike_header->destroy(ike_header);
1609 return status;
1610 }
1611
1612 DESTROY_IF(this->ike_sa_id);
1613 this->ike_sa_id = ike_sa_id_create(
1614 ike_header->get_initiator_spi(ike_header),
1615 ike_header->get_responder_spi(ike_header),
1616 ike_header->get_initiator_flag(ike_header));
1617
1618 this->exchange_type = ike_header->get_exchange_type(ike_header);
1619 this->message_id = ike_header->get_message_id(ike_header);
1620 this->major_version = ike_header->get_maj_version(ike_header);
1621 this->minor_version = ike_header->get_min_version(ike_header);
1622 if (this->major_version == IKEV2_MAJOR_VERSION)
1623 {
1624 this->is_request = !ike_header->get_response_flag(ike_header);
1625 }
1626 else
1627 {
1628 this->is_encrypted = ike_header->get_encryption_flag(ike_header);
1629 }
1630 this->first_payload = ike_header->payload_interface.get_next_type(
1631 &ike_header->payload_interface);
1632 for (i = 0; i < countof(this->reserved); i++)
1633 {
1634 reserved = payload_get_field(&ike_header->payload_interface,
1635 RESERVED_BIT, i);
1636 if (reserved)
1637 {
1638 this->reserved[i] = *reserved;
1639 }
1640 }
1641 ike_header->destroy(ike_header);
1642
1643 DBG2(DBG_ENC, "parsed a %N %s header", exchange_type_names,
1644 this->exchange_type, this->major_version == IKEV1_MAJOR_VERSION ?
1645 "message" : (this->is_request ? "request" : "response"));
1646 return SUCCESS;
1647 }
1648
1649 /**
1650 * Check if a payload is for a mediation extension connectivity check
1651 */
1652 static bool is_connectivity_check(private_message_t *this, payload_t *payload)
1653 {
1654 #ifdef ME
1655 if (this->exchange_type == INFORMATIONAL &&
1656 payload->get_type(payload) == NOTIFY)
1657 {
1658 notify_payload_t *notify = (notify_payload_t*)payload;
1659
1660 switch (notify->get_notify_type(notify))
1661 {
1662 case ME_CONNECTID:
1663 case ME_ENDPOINT:
1664 case ME_CONNECTAUTH:
1665 return TRUE;
1666 default:
1667 break;
1668 }
1669 }
1670 #endif /* !ME */
1671 return FALSE;
1672 }
1673
1674 /**
1675 * Parses and verifies the unencrypted payloads contained in the message
1676 */
1677 static status_t parse_payloads(private_message_t *this)
1678 {
1679 payload_type_t type = this->first_payload;
1680 payload_t *payload;
1681 status_t status;
1682
1683 if (this->is_encrypted)
1684 { /* wrap the whole encrypted IKEv1 message in a special encryption
1685 * payload which is then handled just like a regular payload */
1686 encryption_payload_t *encryption;
1687 status = this->parser->parse_payload(this->parser, ENCRYPTED_V1,
1688 (payload_t**)&encryption);
1689 if (status != SUCCESS)
1690 {
1691 DBG1(DBG_ENC, "failed to wrap encrypted IKEv1 message");
1692 return PARSE_ERROR;
1693 }
1694 encryption->payload_interface.set_next_type((payload_t*)encryption,
1695 this->first_payload);
1696 this->payloads->insert_last(this->payloads, encryption);
1697 return SUCCESS;
1698 }
1699
1700 while (type != NO_PAYLOAD)
1701 {
1702 DBG2(DBG_ENC, "starting parsing a %N payload",
1703 payload_type_names, type);
1704
1705 status = this->parser->parse_payload(this->parser, type, &payload);
1706 if (status != SUCCESS)
1707 {
1708 DBG1(DBG_ENC, "payload type %N could not be parsed",
1709 payload_type_names, type);
1710 return PARSE_ERROR;
1711 }
1712
1713 DBG2(DBG_ENC, "verifying payload of type %N", payload_type_names, type);
1714 status = payload->verify(payload);
1715 if (status != SUCCESS)
1716 {
1717 DBG1(DBG_ENC, "%N payload verification failed",
1718 payload_type_names, type);
1719 payload->destroy(payload);
1720 return VERIFY_ERROR;
1721 }
1722
1723 DBG2(DBG_ENC, "%N payload verified. Adding to payload list",
1724 payload_type_names, type);
1725 this->payloads->insert_last(this->payloads, payload);
1726
1727 /* an encryption payload is the last one, so STOP here. decryption is
1728 * done later */
1729 if (type == ENCRYPTED)
1730 {
1731 DBG2(DBG_ENC, "%N payload found. Stop parsing",
1732 payload_type_names, type);
1733 break;
1734 }
1735 type = payload->get_next_type(payload);
1736 }
1737 return SUCCESS;
1738 }
1739
1740 /**
1741 * Decrypt payload from the encryption payload
1742 */
1743 static status_t decrypt_payloads(private_message_t *this, keymat_t *keymat)
1744 {
1745 bool was_encrypted = FALSE;
1746 payload_t *payload, *previous = NULL;
1747 enumerator_t *enumerator;
1748 payload_rule_t *rule;
1749 payload_type_t type;
1750 aead_t *aead;
1751 status_t status = SUCCESS;
1752
1753 enumerator = this->payloads->create_enumerator(this->payloads);
1754 while (enumerator->enumerate(enumerator, &payload))
1755 {
1756 type = payload->get_type(payload);
1757
1758 DBG2(DBG_ENC, "process payload of type %N", payload_type_names, type);
1759
1760 if (type == ENCRYPTED || type == ENCRYPTED_V1)
1761 {
1762 encryption_payload_t *encryption;
1763 payload_t *encrypted;
1764 chunk_t chunk;
1765 size_t bs;
1766
1767 encryption = (encryption_payload_t*)payload;
1768
1769 DBG2(DBG_ENC, "found an encryption payload");
1770
1771 if (this->payloads->has_more(this->payloads, enumerator))
1772 {
1773 DBG1(DBG_ENC, "encrypted payload is not last payload");
1774 status = VERIFY_ERROR;
1775 break;
1776 }
1777 aead = keymat->get_aead(keymat, TRUE);
1778 bs = aead->get_block_size(aead);
1779 encryption->set_transform(encryption, aead);
1780 chunk = this->packet->get_data(this->packet);
1781 if (chunk.len < encryption->get_length(encryption) ||
1782 chunk.len < bs)
1783 {
1784 DBG1(DBG_ENC, "invalid payload length");
1785 status = VERIFY_ERROR;
1786 break;
1787 }
1788 if (type == ENCRYPTED_V1)
1789 { /* instead of associated data we provide the IV, we also update
1790 * the IV with the last encrypted block */
1791 keymat_v1_t *keymat_v1 = (keymat_v1_t*)keymat;
1792 chunk_t last_block = chunk_create(chunk.ptr + chunk.len - bs,
1793 bs);
1794 chunk = keymat_v1->get_iv(keymat_v1, this->message_id);
1795 keymat_v1->update_iv(keymat_v1, this->message_id, last_block);
1796 }
1797 else
1798 {
1799 chunk.len -= encryption->get_length(encryption);
1800 }
1801 status = encryption->decrypt(encryption, chunk);
1802 if (status != SUCCESS)
1803 {
1804 break;
1805 }
1806
1807 was_encrypted = TRUE;
1808 this->payloads->remove_at(this->payloads, enumerator);
1809
1810 while ((encrypted = encryption->remove_payload(encryption)))
1811 {
1812 type = encrypted->get_type(encrypted);
1813 if (previous)
1814 {
1815 previous->set_next_type(previous, type);
1816 }
1817 else
1818 {
1819 this->first_payload = type;
1820 }
1821 DBG2(DBG_ENC, "insert decrypted payload of type "
1822 "%N at end of list", payload_type_names, type);
1823 this->payloads->insert_last(this->payloads, encrypted);
1824 previous = encrypted;
1825 }
1826 encryption->destroy(encryption);
1827 }
1828 if (payload_is_known(type) && !was_encrypted &&
1829 !is_connectivity_check(this, payload))
1830 {
1831 rule = get_payload_rule(this, type);
1832 if (!rule || rule->encrypted)
1833 {
1834 DBG1(DBG_ENC, "payload type %N was not encrypted",
1835 payload_type_names, type);
1836 status = FAILED;
1837 break;
1838 }
1839 }
1840 previous = payload;
1841 }
1842 enumerator->destroy(enumerator);
1843 return status;
1844 }
1845
1846 /**
1847 * Verify a message and all payload according to message/payload rules
1848 */
1849 static status_t verify(private_message_t *this)
1850 {
1851 bool complete = FALSE;
1852 int i;
1853
1854 DBG2(DBG_ENC, "verifying message structure");
1855
1856 /* check for payloads with wrong count */
1857 for (i = 0; i < this->rule->rule_count; i++)
1858 {
1859 enumerator_t *enumerator;
1860 payload_t *payload;
1861 payload_rule_t *rule;
1862 int found = 0;
1863
1864 rule = &this->rule->rules[i];
1865 enumerator = create_payload_enumerator(this);
1866 while (enumerator->enumerate(enumerator, &payload))
1867 {
1868 payload_type_t type;
1869
1870 type = payload->get_type(payload);
1871 if (type == rule->type)
1872 {
1873 found++;
1874 DBG2(DBG_ENC, "found payload of type %N",
1875 payload_type_names, type);
1876 if (found > rule->max_occurence)
1877 {
1878 DBG1(DBG_ENC, "payload of type %N more than %d times (%d) "
1879 "occurred in current message", payload_type_names,
1880 type, rule->max_occurence, found);
1881 enumerator->destroy(enumerator);
1882 return VERIFY_ERROR;
1883 }
1884 }
1885 }
1886 enumerator->destroy(enumerator);
1887
1888 if (!complete && found < rule->min_occurence)
1889 {
1890 DBG1(DBG_ENC, "payload of type %N not occurred %d times (%d)",
1891 payload_type_names, rule->type, rule->min_occurence, found);
1892 return VERIFY_ERROR;
1893 }
1894 if (found && rule->sufficient)
1895 {
1896 complete = TRUE;
1897 }
1898 }
1899 return SUCCESS;
1900 }
1901
1902 METHOD(message_t, parse_body, status_t,
1903 private_message_t *this, keymat_t *keymat)
1904 {
1905 status_t status = SUCCESS;
1906 char str[BUF_LEN];
1907
1908 DBG2(DBG_ENC, "parsing body of message, first payload is %N",
1909 payload_type_names, this->first_payload);
1910
1911 this->rule = get_message_rule(this);
1912 if (!this->rule)
1913 {
1914 DBG1(DBG_ENC, "no message rules specified for a %N %s",
1915 exchange_type_names, this->exchange_type,
1916 this->is_request ? "request" : "response");
1917 return NOT_SUPPORTED;
1918 }
1919
1920 status = parse_payloads(this);
1921 if (status != SUCCESS)
1922 { /* error is already logged */
1923 return status;
1924 }
1925
1926 status = decrypt_payloads(this, keymat);
1927 if (status != SUCCESS)
1928 {
1929 DBG1(DBG_ENC, "could not decrypt payloads");
1930 return status;
1931 }
1932
1933 status = verify(this);
1934 if (status != SUCCESS)
1935 {
1936 return status;
1937 }
1938
1939 DBG1(DBG_ENC, "parsed %s", get_string(this, str, sizeof(str)));
1940
1941 if (this->major_version == IKEV1_MAJOR_VERSION)
1942 {
1943 keymat_v1_t *keymat_v1 = (keymat_v1_t*)keymat;
1944 chunk_t hash;
1945 hash = keymat_v1->get_hash_phase2(keymat_v1, &this->public);
1946 if (hash.ptr)
1947 {
1948 hash_payload_t *hash_payload;
1949 chunk_t other_hash;
1950 if ((this->first_payload != HASH_V1) && (this->public.get_exchange_type(&this->public) != INFORMATIONAL_V1))
1951 {
1952 DBG1(DBG_ENC, "expected HASH payload as first payload");
1953 chunk_free(&hash);
1954 return VERIFY_ERROR;
1955 }
1956 if (this->first_payload == HASH_V1)
1957 {
1958 hash_payload = (hash_payload_t*)get_payload(this, HASH_V1);
1959 other_hash = hash_payload->get_hash(hash_payload);
1960 if (!chunk_equals(hash, other_hash))
1961 {
1962 DBG1(DBG_ENC, "our hash does not match received %B",
1963 &other_hash);
1964 chunk_free(&hash);
1965 return FAILED;
1966 }
1967 DBG2(DBG_ENC, "verified IKEv1 message with hash %B", &hash);
1968 }
1969 chunk_free(&hash);
1970 }
1971 }
1972
1973 if (this->is_encrypted)
1974 { /* TODO-IKEv1: this should be done later when we know this is no
1975 * retransmit */
1976 keymat_v1_t *keymat_v1 = (keymat_v1_t*)keymat;
1977 keymat_v1->confirm_iv(keymat_v1, this->message_id);
1978 }
1979
1980 return SUCCESS;
1981 }
1982
1983 METHOD(message_t, destroy, void,
1984 private_message_t *this)
1985 {
1986 DESTROY_IF(this->ike_sa_id);
1987 this->payloads->destroy_offset(this->payloads, offsetof(payload_t, destroy));
1988 this->packet->destroy(this->packet);
1989 this->parser->destroy(this->parser);
1990 free(this);
1991 }
1992
1993 /*
1994 * Described in header.
1995 */
1996 message_t *message_create_from_packet(packet_t *packet)
1997 {
1998 private_message_t *this;
1999
2000 INIT(this,
2001 .public = {
2002 .set_major_version = _set_major_version,
2003 .get_major_version = _get_major_version,
2004 .set_minor_version = _set_minor_version,
2005 .get_minor_version = _get_minor_version,
2006 .set_message_id = _set_message_id,
2007 .get_message_id = _get_message_id,
2008 .get_initiator_spi = _get_initiator_spi,
2009 .get_responder_spi = _get_responder_spi,
2010 .set_ike_sa_id = _set_ike_sa_id,
2011 .get_ike_sa_id = _get_ike_sa_id,
2012 .set_exchange_type = _set_exchange_type,
2013 .get_exchange_type = _get_exchange_type,
2014 .get_first_payload_type = _get_first_payload_type,
2015 .set_request = _set_request,
2016 .get_request = _get_request,
2017 .set_version_flag = _set_version_flag,
2018 .get_reserved_header_bit = _get_reserved_header_bit,
2019 .set_reserved_header_bit = _set_reserved_header_bit,
2020 .add_payload = _add_payload,
2021 .add_notify = _add_notify,
2022 .disable_sort = _disable_sort,
2023 .generate = _generate,
2024 .is_encoded = _is_encoded,
2025 .set_source = _set_source,
2026 .get_source = _get_source,
2027 .set_destination = _set_destination,
2028 .get_destination = _get_destination,
2029 .create_payload_enumerator = _create_payload_enumerator,
2030 .remove_payload_at = _remove_payload_at,
2031 .get_payload = _get_payload,
2032 .get_notify = _get_notify,
2033 .parse_header = _parse_header,
2034 .parse_body = _parse_body,
2035 .get_packet = _get_packet,
2036 .get_packet_data = _get_packet_data,
2037 .destroy = _destroy,
2038 },
2039 .exchange_type = EXCHANGE_TYPE_UNDEFINED,
2040 .is_request = TRUE,
2041 .first_payload = NO_PAYLOAD,
2042 .packet = packet,
2043 .payloads = linked_list_create(),
2044 .parser = parser_create(packet->get_data(packet)),
2045 );
2046
2047 return &this->public;
2048 }
2049
2050 /*
2051 * Described in header.
2052 */
2053 message_t *message_create(int major, int minor)
2054 {
2055 message_t *this = message_create_from_packet(packet_create());
2056
2057 this->set_major_version(this, major);
2058 this->set_minor_version(this, minor);
2059
2060 return this;
2061 }