Handle incoming delete messages
[strongswan.git] / src / libcharon / encoding / message.c
1 /*
2 * Copyright (C) 2006-2011 Tobias Brunner
3 * Copyright (C) 2005-2010 Martin Willi
4 * Copyright (C) 2010 revosec AG
5 * Copyright (C) 2006 Daniel Roethlisberger
6 * Copyright (C) 2005 Jan Hutter
7 * Hochschule fuer Technik Rapperswil
8 *
9 * This program is free software; you can redistribute it and/or modify it
10 * under the terms of the GNU General Public License as published by the
11 * Free Software Foundation; either version 2 of the License, or (at your
12 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
13 *
14 * This program is distributed in the hope that it will be useful, but
15 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
16 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
17 * for more details.
18 */
19
20 #include <stdlib.h>
21 #include <string.h>
22
23 #include "message.h"
24
25 #include <library.h>
26 #include <daemon.h>
27 #include <sa/keymat_v1.h>
28 #include <encoding/generator.h>
29 #include <encoding/parser.h>
30 #include <encoding/payloads/encodings.h>
31 #include <encoding/payloads/payload.h>
32 #include <encoding/payloads/hash_payload.h>
33 #include <encoding/payloads/encryption_payload.h>
34 #include <encoding/payloads/unknown_payload.h>
35 #include <encoding/payloads/cp_payload.h>
36
37 /**
38 * Max number of notify payloads per IKEv2 message
39 */
40 #define MAX_NOTIFY_PAYLOADS 20
41
42 /**
43 * Max number of delete payloads per IKEv2 message
44 */
45 #define MAX_DELETE_PAYLOADS 20
46
47 /**
48 * Max number of certificate payloads per IKEv2 message
49 */
50 #define MAX_CERT_PAYLOADS 8
51
52 /**
53 * Max number of vendor ID payloads per IKEv2 message
54 */
55 #define MAX_VID_PAYLOADS 20
56
57 /**
58 * Max number of certificate request payloads per IKEv1 message
59 */
60 #define MAX_CERTREQ_PAYLOADS 5
61
62 /**
63 * Max number of NAT-D payloads per IKEv1 message
64 */
65 #define MAX_NAT_D_PAYLOADS 5
66
67 /**
68 * A payload rule defines the rules for a payload
69 * in a specific message rule. It defines if and how
70 * many times a payload must/can occur in a message
71 * and if it must be encrypted.
72 */
73 typedef struct {
74 /* Payload type */
75 payload_type_t type;
76 /* Minimal occurrence of this payload. */
77 size_t min_occurence;
78 /* Max occurrence of this payload. */
79 size_t max_occurence;
80 /* TRUE if payload must be encrypted */
81 bool encrypted;
82 /* If payload occurs, the message rule is fulfilled */
83 bool sufficient;
84 } payload_rule_t;
85
86 /**
87 * payload ordering structure allows us to reorder payloads according to RFC.
88 */
89 typedef struct {
90 /** payload type */
91 payload_type_t type;
92 /** notify type, if payload == NOTIFY */
93 notify_type_t notify;
94 } payload_order_t;
95
96 /**
97 * A message rule defines the kind of a message,
98 * if it has encrypted contents and a list
99 * of payload ordering rules and payload parsing rules.
100 */
101 typedef struct {
102 /** Type of message. */
103 exchange_type_t exchange_type;
104 /** Is message a request or response. */
105 bool is_request;
106 /** Message contains encrypted payloads. */
107 bool encrypted;
108 /** Number of payload rules which will follow */
109 int rule_count;
110 /** Pointer to first payload rule */
111 payload_rule_t *rules;
112 /** Number of payload order rules */
113 int order_count;
114 /** payload ordering rules */
115 payload_order_t *order;
116 } message_rule_t;
117
118 /**
119 * Message rule for IKE_SA_INIT from initiator.
120 */
121 static payload_rule_t ike_sa_init_i_rules[] = {
122 /* payload type min max encr suff */
123 {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE},
124 {SECURITY_ASSOCIATION, 1, 1, FALSE, FALSE},
125 {KEY_EXCHANGE, 1, 1, FALSE, FALSE},
126 {NONCE, 1, 1, FALSE, FALSE},
127 {VENDOR_ID, 0, MAX_VID_PAYLOADS, FALSE, FALSE},
128 };
129
130 /**
131 * payload order for IKE_SA_INIT initiator
132 */
133 static payload_order_t ike_sa_init_i_order[] = {
134 /* payload type notify type */
135 {NOTIFY, COOKIE},
136 {SECURITY_ASSOCIATION, 0},
137 {KEY_EXCHANGE, 0},
138 {NONCE, 0},
139 {NOTIFY, NAT_DETECTION_SOURCE_IP},
140 {NOTIFY, NAT_DETECTION_DESTINATION_IP},
141 {NOTIFY, 0},
142 {VENDOR_ID, 0},
143 };
144
145 /**
146 * Message rule for IKE_SA_INIT from responder.
147 */
148 static payload_rule_t ike_sa_init_r_rules[] = {
149 /* payload type min max encr suff */
150 {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, FALSE, TRUE},
151 {SECURITY_ASSOCIATION, 1, 1, FALSE, FALSE},
152 {KEY_EXCHANGE, 1, 1, FALSE, FALSE},
153 {NONCE, 1, 1, FALSE, FALSE},
154 {CERTIFICATE_REQUEST, 0, 1, FALSE, FALSE},
155 {VENDOR_ID, 0, MAX_VID_PAYLOADS, FALSE, FALSE},
156 };
157
158 /**
159 * payload order for IKE_SA_INIT responder
160 */
161 static payload_order_t ike_sa_init_r_order[] = {
162 /* payload type notify type */
163 {SECURITY_ASSOCIATION, 0},
164 {KEY_EXCHANGE, 0},
165 {NONCE, 0},
166 {NOTIFY, NAT_DETECTION_SOURCE_IP},
167 {NOTIFY, NAT_DETECTION_DESTINATION_IP},
168 {NOTIFY, HTTP_CERT_LOOKUP_SUPPORTED},
169 {CERTIFICATE_REQUEST, 0},
170 {NOTIFY, 0},
171 {VENDOR_ID, 0},
172 };
173
174 /**
175 * Message rule for IKE_AUTH from initiator.
176 */
177 static payload_rule_t ike_auth_i_rules[] = {
178 /* payload type min max encr suff */
179 {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE},
180 {EXTENSIBLE_AUTHENTICATION, 0, 1, TRUE, TRUE},
181 {AUTHENTICATION, 0, 1, TRUE, TRUE},
182 {ID_INITIATOR, 0, 1, TRUE, FALSE},
183 {CERTIFICATE, 0, MAX_CERT_PAYLOADS, TRUE, FALSE},
184 {CERTIFICATE_REQUEST, 0, 1, TRUE, FALSE},
185 {ID_RESPONDER, 0, 1, TRUE, FALSE},
186 #ifdef ME
187 {SECURITY_ASSOCIATION, 0, 1, TRUE, FALSE},
188 {TRAFFIC_SELECTOR_INITIATOR, 0, 1, TRUE, FALSE},
189 {TRAFFIC_SELECTOR_RESPONDER, 0, 1, TRUE, FALSE},
190 #else
191 {SECURITY_ASSOCIATION, 0, 1, TRUE, FALSE},
192 {TRAFFIC_SELECTOR_INITIATOR, 0, 1, TRUE, FALSE},
193 {TRAFFIC_SELECTOR_RESPONDER, 0, 1, TRUE, FALSE},
194 #endif /* ME */
195 {CONFIGURATION, 0, 1, TRUE, FALSE},
196 {VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE},
197 };
198
199 /**
200 * payload order for IKE_AUTH initiator
201 */
202 static payload_order_t ike_auth_i_order[] = {
203 /* payload type notify type */
204 {ID_INITIATOR, 0},
205 {CERTIFICATE, 0},
206 {NOTIFY, INITIAL_CONTACT},
207 {NOTIFY, HTTP_CERT_LOOKUP_SUPPORTED},
208 {CERTIFICATE_REQUEST, 0},
209 {ID_RESPONDER, 0},
210 {AUTHENTICATION, 0},
211 {EXTENSIBLE_AUTHENTICATION, 0},
212 {CONFIGURATION, 0},
213 {NOTIFY, IPCOMP_SUPPORTED},
214 {NOTIFY, USE_TRANSPORT_MODE},
215 {NOTIFY, ESP_TFC_PADDING_NOT_SUPPORTED},
216 {NOTIFY, NON_FIRST_FRAGMENTS_ALSO},
217 {SECURITY_ASSOCIATION, 0},
218 {TRAFFIC_SELECTOR_INITIATOR, 0},
219 {TRAFFIC_SELECTOR_RESPONDER, 0},
220 {NOTIFY, MOBIKE_SUPPORTED},
221 {NOTIFY, ADDITIONAL_IP4_ADDRESS},
222 {NOTIFY, ADDITIONAL_IP6_ADDRESS},
223 {NOTIFY, NO_ADDITIONAL_ADDRESSES},
224 {NOTIFY, 0},
225 {VENDOR_ID, 0},
226 };
227
228 /**
229 * Message rule for IKE_AUTH from responder.
230 */
231 static payload_rule_t ike_auth_r_rules[] = {
232 /* payload type min max encr suff */
233 {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, TRUE},
234 {EXTENSIBLE_AUTHENTICATION, 0, 1, TRUE, TRUE},
235 {AUTHENTICATION, 0, 1, TRUE, TRUE},
236 {CERTIFICATE, 0, MAX_CERT_PAYLOADS, TRUE, FALSE},
237 {ID_RESPONDER, 0, 1, TRUE, FALSE},
238 {SECURITY_ASSOCIATION, 0, 1, TRUE, FALSE},
239 {TRAFFIC_SELECTOR_INITIATOR, 0, 1, TRUE, FALSE},
240 {TRAFFIC_SELECTOR_RESPONDER, 0, 1, TRUE, FALSE},
241 {CONFIGURATION, 0, 1, TRUE, FALSE},
242 {VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE},
243 };
244
245 /**
246 * payload order for IKE_AUTH responder
247 */
248 static payload_order_t ike_auth_r_order[] = {
249 /* payload type notify type */
250 {ID_RESPONDER, 0},
251 {CERTIFICATE, 0},
252 {AUTHENTICATION, 0},
253 {EXTENSIBLE_AUTHENTICATION, 0},
254 {CONFIGURATION, 0},
255 {NOTIFY, IPCOMP_SUPPORTED},
256 {NOTIFY, USE_TRANSPORT_MODE},
257 {NOTIFY, ESP_TFC_PADDING_NOT_SUPPORTED},
258 {NOTIFY, NON_FIRST_FRAGMENTS_ALSO},
259 {SECURITY_ASSOCIATION, 0},
260 {TRAFFIC_SELECTOR_INITIATOR, 0},
261 {TRAFFIC_SELECTOR_RESPONDER, 0},
262 {NOTIFY, AUTH_LIFETIME},
263 {NOTIFY, MOBIKE_SUPPORTED},
264 {NOTIFY, ADDITIONAL_IP4_ADDRESS},
265 {NOTIFY, ADDITIONAL_IP6_ADDRESS},
266 {NOTIFY, NO_ADDITIONAL_ADDRESSES},
267 {NOTIFY, 0},
268 {VENDOR_ID, 0},
269 };
270
271 /**
272 * Message rule for INFORMATIONAL from initiator.
273 */
274 static payload_rule_t informational_i_rules[] = {
275 /* payload type min max encr suff */
276 {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE},
277 {CONFIGURATION, 0, 1, TRUE, FALSE},
278 {DELETE, 0, MAX_DELETE_PAYLOADS, TRUE, FALSE},
279 {VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE},
280 };
281
282 /**
283 * payload order for INFORMATIONAL initiator
284 */
285 static payload_order_t informational_i_order[] = {
286 /* payload type notify type */
287 {NOTIFY, UPDATE_SA_ADDRESSES},
288 {NOTIFY, NAT_DETECTION_SOURCE_IP},
289 {NOTIFY, NAT_DETECTION_DESTINATION_IP},
290 {NOTIFY, COOKIE2},
291 {NOTIFY, 0},
292 {DELETE, 0},
293 {CONFIGURATION, 0},
294 };
295
296 /**
297 * Message rule for INFORMATIONAL from responder.
298 */
299 static payload_rule_t informational_r_rules[] = {
300 /* payload type min max encr suff */
301 {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE},
302 {CONFIGURATION, 0, 1, TRUE, FALSE},
303 {DELETE, 0, MAX_DELETE_PAYLOADS, TRUE, FALSE},
304 {VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE},
305 };
306
307 /**
308 * payload order for INFORMATIONAL responder
309 */
310 static payload_order_t informational_r_order[] = {
311 /* payload type notify type */
312 {NOTIFY, UPDATE_SA_ADDRESSES},
313 {NOTIFY, NAT_DETECTION_SOURCE_IP},
314 {NOTIFY, NAT_DETECTION_DESTINATION_IP},
315 {NOTIFY, COOKIE2},
316 {NOTIFY, 0},
317 {DELETE, 0},
318 {CONFIGURATION, 0},
319 };
320
321 /**
322 * Message rule for CREATE_CHILD_SA from initiator.
323 */
324 static payload_rule_t create_child_sa_i_rules[] = {
325 /* payload type min max encr suff */
326 {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE},
327 {SECURITY_ASSOCIATION, 1, 1, TRUE, FALSE},
328 {NONCE, 1, 1, TRUE, FALSE},
329 {KEY_EXCHANGE, 0, 1, TRUE, FALSE},
330 {TRAFFIC_SELECTOR_INITIATOR, 0, 1, TRUE, FALSE},
331 {TRAFFIC_SELECTOR_RESPONDER, 0, 1, TRUE, FALSE},
332 {CONFIGURATION, 0, 1, TRUE, FALSE},
333 {VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE},
334 };
335
336 /**
337 * payload order for CREATE_CHILD_SA from initiator.
338 */
339 static payload_order_t create_child_sa_i_order[] = {
340 /* payload type notify type */
341 {NOTIFY, REKEY_SA},
342 {NOTIFY, IPCOMP_SUPPORTED},
343 {NOTIFY, USE_TRANSPORT_MODE},
344 {NOTIFY, ESP_TFC_PADDING_NOT_SUPPORTED},
345 {NOTIFY, NON_FIRST_FRAGMENTS_ALSO},
346 {SECURITY_ASSOCIATION, 0},
347 {NONCE, 0},
348 {KEY_EXCHANGE, 0},
349 {TRAFFIC_SELECTOR_INITIATOR, 0},
350 {TRAFFIC_SELECTOR_RESPONDER, 0},
351 {NOTIFY, 0},
352 };
353
354 /**
355 * Message rule for CREATE_CHILD_SA from responder.
356 */
357 static payload_rule_t create_child_sa_r_rules[] = {
358 /* payload type min max encr suff */
359 {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, TRUE},
360 {SECURITY_ASSOCIATION, 1, 1, TRUE, FALSE},
361 {NONCE, 1, 1, TRUE, FALSE},
362 {KEY_EXCHANGE, 0, 1, TRUE, FALSE},
363 {TRAFFIC_SELECTOR_INITIATOR, 0, 1, TRUE, FALSE},
364 {TRAFFIC_SELECTOR_RESPONDER, 0, 1, TRUE, FALSE},
365 {CONFIGURATION, 0, 1, TRUE, FALSE},
366 {VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE},
367 };
368
369 /**
370 * payload order for CREATE_CHILD_SA from responder.
371 */
372 static payload_order_t create_child_sa_r_order[] = {
373 /* payload type notify type */
374 {NOTIFY, IPCOMP_SUPPORTED},
375 {NOTIFY, USE_TRANSPORT_MODE},
376 {NOTIFY, ESP_TFC_PADDING_NOT_SUPPORTED},
377 {NOTIFY, NON_FIRST_FRAGMENTS_ALSO},
378 {SECURITY_ASSOCIATION, 0},
379 {NONCE, 0},
380 {KEY_EXCHANGE, 0},
381 {TRAFFIC_SELECTOR_INITIATOR, 0},
382 {TRAFFIC_SELECTOR_RESPONDER, 0},
383 {NOTIFY, ADDITIONAL_TS_POSSIBLE},
384 {NOTIFY, 0},
385 };
386
387 #ifdef ME
388 /**
389 * Message rule for ME_CONNECT from initiator.
390 */
391 static payload_rule_t me_connect_i_rules[] = {
392 /* payload type min max encr suff */
393 {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, TRUE},
394 {ID_PEER, 1, 1, TRUE, FALSE},
395 {VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE}
396 };
397
398 /**
399 * payload order for ME_CONNECT from initiator.
400 */
401 static payload_order_t me_connect_i_order[] = {
402 /* payload type notify type */
403 {NOTIFY, 0},
404 {ID_PEER, 0},
405 {VENDOR_ID, 0},
406 };
407
408 /**
409 * Message rule for ME_CONNECT from responder.
410 */
411 static payload_rule_t me_connect_r_rules[] = {
412 /* payload type min max encr suff */
413 {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, TRUE},
414 {VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE}
415 };
416
417 /**
418 * payload order for ME_CONNECT from responder.
419 */
420 static payload_order_t me_connect_r_order[] = {
421 /* payload type notify type */
422 {NOTIFY, 0},
423 {VENDOR_ID, 0},
424 };
425 #endif /* ME */
426
427 #ifdef USE_IKEV1
428 /**
429 * Message rule for ID_PROT from initiator.
430 */
431 static payload_rule_t id_prot_i_rules[] = {
432 /* payload type min max encr suff */
433 {NOTIFY_V1, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE},
434 {SECURITY_ASSOCIATION_V1, 0, 1, FALSE, FALSE},
435 {KEY_EXCHANGE_V1, 0, 1, FALSE, FALSE},
436 {NONCE_V1, 0, 1, FALSE, FALSE},
437 {VENDOR_ID_V1, 0, MAX_VID_PAYLOADS, FALSE, FALSE},
438 {CERTIFICATE_REQUEST_V1, 0, MAX_CERTREQ_PAYLOADS, FALSE, FALSE},
439 {NAT_D_V1, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE},
440 {ID_V1, 0, 1, TRUE, FALSE},
441 {CERTIFICATE_V1, 0, 2, TRUE, FALSE},
442 {SIGNATURE_V1, 0, 1, TRUE, FALSE},
443 {HASH_V1, 0, 1, TRUE, FALSE},
444 };
445
446 /**
447 * payload order for ID_PROT from initiator.
448 */
449 static payload_order_t id_prot_i_order[] = {
450 /* payload type notify type */
451 {SECURITY_ASSOCIATION_V1, 0},
452 {KEY_EXCHANGE_V1, 0},
453 {NONCE_V1, 0},
454 {ID_V1, 0},
455 {CERTIFICATE_V1, 0},
456 {SIGNATURE_V1, 0},
457 {HASH_V1, 0},
458 {CERTIFICATE_REQUEST_V1, 0},
459 {NOTIFY_V1, 0},
460 {VENDOR_ID_V1, 0},
461 {NAT_D_V1, 0},
462 };
463
464 /**
465 * Message rule for ID_PROT from responder.
466 */
467 static payload_rule_t id_prot_r_rules[] = {
468 /* payload type min max encr suff */
469 {NOTIFY_V1, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE},
470 {SECURITY_ASSOCIATION_V1, 0, 1, FALSE, FALSE},
471 {KEY_EXCHANGE_V1, 0, 1, FALSE, FALSE},
472 {NONCE_V1, 0, 1, FALSE, FALSE},
473 {VENDOR_ID_V1, 0, MAX_VID_PAYLOADS, FALSE, FALSE},
474 {CERTIFICATE_REQUEST_V1, 0, MAX_CERTREQ_PAYLOADS, FALSE, FALSE},
475 {NAT_D_V1, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE},
476 {ID_V1, 0, 1, TRUE, FALSE},
477 {CERTIFICATE_V1, 0, 2, TRUE, FALSE},
478 {SIGNATURE_V1, 0, 1, TRUE, FALSE},
479 {HASH_V1, 0, 1, TRUE, FALSE},
480 };
481
482 /**
483 * payload order for ID_PROT from responder.
484 */
485 static payload_order_t id_prot_r_order[] = {
486 /* payload type notify type */
487 {SECURITY_ASSOCIATION_V1, 0},
488 {KEY_EXCHANGE_V1, 0},
489 {NONCE_V1, 0},
490 {ID_V1, 0},
491 {CERTIFICATE_V1, 0},
492 {SIGNATURE_V1, 0},
493 {HASH_V1, 0},
494 {CERTIFICATE_REQUEST_V1, 0},
495 {NOTIFY_V1, 0},
496 {VENDOR_ID_V1, 0},
497 {NAT_D_V1, 0},
498 };
499
500 /**
501 * Message rule for AGGRESSIVE from initiator.
502 */
503 static payload_rule_t aggressive_i_rules[] = {
504 /* payload type min max encr suff */
505 {NOTIFY_V1, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE},
506 {SECURITY_ASSOCIATION_V1, 0, 1, FALSE, FALSE},
507 {KEY_EXCHANGE_V1, 0, 1, FALSE, FALSE},
508 {NONCE_V1, 0, 1, FALSE, FALSE},
509 {VENDOR_ID_V1, 0, MAX_VID_PAYLOADS, FALSE, FALSE},
510 {CERTIFICATE_REQUEST_V1, 0, MAX_CERTREQ_PAYLOADS, FALSE, FALSE},
511 {NAT_D_V1, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE},
512 {ID_V1, 0, 1, FALSE, FALSE},
513 {CERTIFICATE_V1, 0, 1, FALSE, FALSE},
514 {SIGNATURE_V1, 0, 1, FALSE, FALSE},
515 {HASH_V1, 0, 1, FALSE, FALSE},
516 };
517
518 /**
519 * payload order for AGGRESSIVE from initiator.
520 */
521 static payload_order_t aggressive_i_order[] = {
522 /* payload type notify type */
523 {SECURITY_ASSOCIATION_V1, 0},
524 {KEY_EXCHANGE_V1, 0},
525 {NONCE_V1, 0},
526 {ID_V1, 0},
527 {CERTIFICATE_V1, 0},
528 {NAT_D_V1, 0},
529 {SIGNATURE_V1, 0},
530 {HASH_V1, 0},
531 {CERTIFICATE_REQUEST_V1, 0},
532 {NOTIFY_V1, 0},
533 {VENDOR_ID_V1, 0},
534 };
535
536 /**
537 * Message rule for AGGRESSIVE from responder.
538 */
539 static payload_rule_t aggressive_r_rules[] = {
540 /* payload type min max encr suff */
541 {NOTIFY_V1, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE},
542 {SECURITY_ASSOCIATION_V1, 0, 1, FALSE, FALSE},
543 {KEY_EXCHANGE_V1, 0, 1, FALSE, FALSE},
544 {NONCE_V1, 0, 1, FALSE, FALSE},
545 {VENDOR_ID_V1, 0, MAX_VID_PAYLOADS, FALSE, FALSE},
546 {CERTIFICATE_REQUEST_V1, 0, MAX_CERTREQ_PAYLOADS, FALSE, FALSE},
547 {NAT_D_V1, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE},
548 {ID_V1, 0, 1, FALSE, FALSE},
549 {CERTIFICATE_V1, 0, 1, FALSE, FALSE},
550 {SIGNATURE_V1, 0, 1, FALSE, FALSE},
551 {HASH_V1, 0, 1, FALSE, FALSE},
552 };
553
554 /**
555 * payload order for AGGRESSIVE from responder.
556 */
557 static payload_order_t aggressive_r_order[] = {
558 /* payload type notify type */
559 {SECURITY_ASSOCIATION_V1, 0},
560 {KEY_EXCHANGE_V1, 0},
561 {NONCE_V1, 0},
562 {ID_V1, 0},
563 {CERTIFICATE_V1, 0},
564 {NAT_D_V1, 0},
565 {SIGNATURE_V1, 0},
566 {HASH_V1, 0},
567 {CERTIFICATE_REQUEST_V1, 0},
568 {NOTIFY_V1, 0},
569 {VENDOR_ID_V1, 0},
570 };
571
572 /**
573 * Message rule for INFORMATIONAL_V1 from initiator.
574 */
575 static payload_rule_t informational_i_rules_v1[] = {
576 /* payload type min max encr suff */
577 {NOTIFY_V1, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE},
578 {NOTIFY_V1, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE},
579 {DELETE_V1, 0, MAX_DELETE_PAYLOADS, TRUE, FALSE},
580 {VENDOR_ID_V1, 0, MAX_VID_PAYLOADS, TRUE, FALSE},
581 };
582
583 /**
584 * payload order for INFORMATIONAL_V1 from initiator.
585 */
586 static payload_order_t informational_i_order_v1[] = {
587 /* payload type notify type */
588 {NOTIFY_V1, 0},
589 {DELETE_V1, 0},
590 {VENDOR_ID_V1, 0},
591 };
592
593 /**
594 * Message rule for INFORMATIONAL_V1 from responder.
595 */
596 static payload_rule_t informational_r_rules_v1[] = {
597 /* payload type min max encr suff */
598 {NOTIFY_V1, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE},
599 {NOTIFY_V1, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE},
600 {DELETE_V1, 0, MAX_DELETE_PAYLOADS, TRUE, FALSE},
601 {VENDOR_ID_V1, 0, MAX_VID_PAYLOADS, TRUE, FALSE},
602 };
603
604 /**
605 * payload order for INFORMATIONAL_V1 from responder.
606 */
607 static payload_order_t informational_r_order_v1[] = {
608 /* payload type notify type */
609 {NOTIFY_V1, 0},
610 {DELETE_V1, 0},
611 {VENDOR_ID_V1, 0},
612 };
613
614 /**
615 * Message rule for QUICK_MODE from initiator.
616 */
617 static payload_rule_t quick_mode_i_rules[] = {
618 /* payload type min max encr suff */
619 {NOTIFY_V1, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE},
620 {VENDOR_ID_V1, 0, MAX_VID_PAYLOADS, TRUE, FALSE},
621 {HASH_V1, 0, 1, TRUE, FALSE},
622 {SECURITY_ASSOCIATION_V1, 0, 2, TRUE, FALSE},
623 {NONCE_V1, 0, 1, TRUE, FALSE},
624 {KEY_EXCHANGE_V1, 0, 1, TRUE, FALSE},
625 {ID_V1, 0, 2, TRUE, FALSE},
626 {NAT_OA_V1, 0, 2, TRUE, FALSE},
627 };
628
629 /**
630 * payload order for QUICK_MODE from initiator.
631 */
632 static payload_order_t quick_mode_i_order[] = {
633 /* payload type notify type */
634 {NOTIFY_V1, 0},
635 {VENDOR_ID_V1, 0},
636 {HASH_V1, 0},
637 {SECURITY_ASSOCIATION_V1, 0},
638 {NONCE_V1, 0},
639 {KEY_EXCHANGE_V1, 0},
640 {ID_V1, 0},
641 {NAT_OA_V1, 0},
642 };
643
644 /**
645 * Message rule for QUICK_MODE from responder.
646 */
647 static payload_rule_t quick_mode_r_rules[] = {
648 /* payload type min max encr suff */
649 {NOTIFY_V1, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE},
650 {VENDOR_ID_V1, 0, MAX_VID_PAYLOADS, TRUE, FALSE},
651 {HASH_V1, 0, 1, TRUE, FALSE},
652 {SECURITY_ASSOCIATION_V1, 0, 2, TRUE, FALSE},
653 {NONCE_V1, 0, 1, TRUE, FALSE},
654 {KEY_EXCHANGE_V1, 0, 1, TRUE, FALSE},
655 {ID_V1, 0, 2, TRUE, FALSE},
656 {NAT_OA_V1, 0, 2, TRUE, FALSE},
657 };
658
659 /**
660 * payload order for QUICK_MODE from responder.
661 */
662 static payload_order_t quick_mode_r_order[] = {
663 /* payload type notify type */
664 {NOTIFY_V1, 0},
665 {VENDOR_ID_V1, 0},
666 {HASH_V1, 0},
667 {SECURITY_ASSOCIATION_V1, 0},
668 {NONCE_V1, 0},
669 {KEY_EXCHANGE_V1, 0},
670 {ID_V1, 0},
671 {NAT_OA_V1, 0},
672 };
673
674 /**
675 * Message rule for TRANSACTION.
676 */
677 static payload_rule_t transaction_payload_rules_v1[] = {
678 /* payload type min max encr suff */
679 {HASH_V1, 0, 1, TRUE, FALSE},
680 {CONFIGURATION_V1, 1, 1, FALSE, FALSE},
681 };
682
683 /**
684 * Payload order for TRANSACTION.
685 */
686 static payload_order_t transaction_payload_order_v1[] = {
687 /* payload type notify type */
688 {HASH_V1, 0},
689 {CONFIGURATION_V1, 0},
690 };
691
692 #endif /* USE_IKEV1 */
693
694 /**
695 * Message rules, defines allowed payloads.
696 */
697 static message_rule_t message_rules[] = {
698 {IKE_SA_INIT, TRUE, FALSE,
699 countof(ike_sa_init_i_rules), ike_sa_init_i_rules,
700 countof(ike_sa_init_i_order), ike_sa_init_i_order,
701 },
702 {IKE_SA_INIT, FALSE, FALSE,
703 countof(ike_sa_init_r_rules), ike_sa_init_r_rules,
704 countof(ike_sa_init_r_order), ike_sa_init_r_order,
705 },
706 {IKE_AUTH, TRUE, TRUE,
707 countof(ike_auth_i_rules), ike_auth_i_rules,
708 countof(ike_auth_i_order), ike_auth_i_order,
709 },
710 {IKE_AUTH, FALSE, TRUE,
711 countof(ike_auth_r_rules), ike_auth_r_rules,
712 countof(ike_auth_r_order), ike_auth_r_order,
713 },
714 {INFORMATIONAL, TRUE, TRUE,
715 countof(informational_i_rules), informational_i_rules,
716 countof(informational_i_order), informational_i_order,
717 },
718 {INFORMATIONAL, FALSE, TRUE,
719 countof(informational_r_rules), informational_r_rules,
720 countof(informational_r_order), informational_r_order,
721 },
722 {CREATE_CHILD_SA, TRUE, TRUE,
723 countof(create_child_sa_i_rules), create_child_sa_i_rules,
724 countof(create_child_sa_i_order), create_child_sa_i_order,
725 },
726 {CREATE_CHILD_SA, FALSE, TRUE,
727 countof(create_child_sa_r_rules), create_child_sa_r_rules,
728 countof(create_child_sa_r_order), create_child_sa_r_order,
729 },
730 #ifdef ME
731 {ME_CONNECT, TRUE, TRUE,
732 countof(me_connect_i_rules), me_connect_i_rules,
733 countof(me_connect_i_order), me_connect_i_order,
734 },
735 {ME_CONNECT, FALSE, TRUE,
736 countof(me_connect_r_rules), me_connect_r_rules,
737 countof(me_connect_r_order), me_connect_r_order,
738 },
739 #endif /* ME */
740 #ifdef USE_IKEV1
741 {ID_PROT, TRUE, FALSE,
742 countof(id_prot_i_rules), id_prot_i_rules,
743 countof(id_prot_i_order), id_prot_i_order,
744 },
745 {ID_PROT, FALSE, FALSE,
746 countof(id_prot_r_rules), id_prot_r_rules,
747 countof(id_prot_r_order), id_prot_r_order,
748 },
749 {AGGRESSIVE, TRUE, FALSE,
750 countof(aggressive_i_rules), aggressive_i_rules,
751 countof(aggressive_i_order), aggressive_i_order,
752 },
753 {AGGRESSIVE, FALSE, FALSE,
754 countof(aggressive_r_rules), aggressive_r_rules,
755 countof(aggressive_r_order), aggressive_r_order,
756 },
757 {INFORMATIONAL_V1, TRUE, TRUE,
758 countof(informational_i_rules_v1), informational_i_rules_v1,
759 countof(informational_i_order_v1), informational_i_order_v1,
760 },
761 {INFORMATIONAL_V1, FALSE, TRUE,
762 countof(informational_r_rules_v1), informational_r_rules_v1,
763 countof(informational_r_order_v1), informational_r_order_v1,
764 },
765 {QUICK_MODE, TRUE, TRUE,
766 countof(quick_mode_i_rules), quick_mode_i_rules,
767 countof(quick_mode_i_order), quick_mode_i_order,
768 },
769 {QUICK_MODE, FALSE, TRUE,
770 countof(quick_mode_r_rules), quick_mode_r_rules,
771 countof(quick_mode_r_order), quick_mode_r_order,
772 },
773 {TRANSACTION, TRUE, TRUE,
774 countof(transaction_payload_rules_v1), transaction_payload_rules_v1,
775 countof(transaction_payload_order_v1), transaction_payload_order_v1,
776 },
777 {TRANSACTION, FALSE, TRUE,
778 countof(transaction_payload_rules_v1), transaction_payload_rules_v1,
779 countof(transaction_payload_order_v1), transaction_payload_order_v1,
780 },
781 /* TODO-IKEv1: define rules for other exchanges */
782 #endif /* USE_IKEV1 */
783 };
784
785
786 typedef struct private_message_t private_message_t;
787
788 /**
789 * Private data of an message_t object.
790 */
791 struct private_message_t {
792
793 /**
794 * Public part of a message_t object.
795 */
796 message_t public;
797
798 /**
799 * Minor version of message.
800 */
801 u_int8_t major_version;
802
803 /**
804 * Major version of message.
805 */
806 u_int8_t minor_version;
807
808 /**
809 * First Payload in message.
810 */
811 payload_type_t first_payload;
812
813 /**
814 * Assigned exchange type.
815 */
816 exchange_type_t exchange_type;
817
818 /**
819 * TRUE if message is a request, FALSE if a reply.
820 */
821 bool is_request;
822
823 /**
824 * The message is encrypted (IKEv1)
825 */
826 bool is_encrypted;
827
828 /**
829 * Higher version supported?
830 */
831 bool version_flag;
832
833 /**
834 * Reserved bits in IKE header
835 */
836 bool reserved[2];
837
838 /**
839 * Sorting of message disabled?
840 */
841 bool sort_disabled;
842
843 /**
844 * Message ID of this message.
845 */
846 u_int32_t message_id;
847
848 /**
849 * ID of assigned IKE_SA.
850 */
851 ike_sa_id_t *ike_sa_id;
852
853 /**
854 * Assigned UDP packet, stores incoming packet or last generated one.
855 */
856 packet_t *packet;
857
858 /**
859 * Linked List where payload data are stored in.
860 */
861 linked_list_t *payloads;
862
863 /**
864 * Assigned parser to parse Header and Body of this message.
865 */
866 parser_t *parser;
867
868 /**
869 * The message rule for this message instance
870 */
871 message_rule_t *rule;
872 };
873
874 /**
875 * Get the message rule that applies to this message
876 */
877 static message_rule_t* get_message_rule(private_message_t *this)
878 {
879 int i;
880
881 for (i = 0; i < countof(message_rules); i++)
882 {
883 if ((this->exchange_type == message_rules[i].exchange_type) &&
884 (this->is_request == message_rules[i].is_request))
885 {
886 return &message_rules[i];
887 }
888 }
889 return NULL;
890 }
891
892 /**
893 * Look up a payload rule
894 */
895 static payload_rule_t* get_payload_rule(private_message_t *this,
896 payload_type_t type)
897 {
898 int i;
899
900 for (i = 0; i < this->rule->rule_count;i++)
901 {
902 if (this->rule->rules[i].type == type)
903 {
904 return &this->rule->rules[i];
905 }
906 }
907 return NULL;
908 }
909
910 METHOD(message_t, set_ike_sa_id, void,
911 private_message_t *this,ike_sa_id_t *ike_sa_id)
912 {
913 DESTROY_IF(this->ike_sa_id);
914 this->ike_sa_id = ike_sa_id->clone(ike_sa_id);
915 }
916
917 METHOD(message_t, get_ike_sa_id, ike_sa_id_t*,
918 private_message_t *this)
919 {
920 return this->ike_sa_id;
921 }
922
923 METHOD(message_t, set_message_id, void,
924 private_message_t *this,u_int32_t message_id)
925 {
926 this->message_id = message_id;
927 }
928
929 METHOD(message_t, get_message_id, u_int32_t,
930 private_message_t *this)
931 {
932 return this->message_id;
933 }
934
935 METHOD(message_t, get_initiator_spi, u_int64_t,
936 private_message_t *this)
937 {
938 return (this->ike_sa_id->get_initiator_spi(this->ike_sa_id));
939 }
940
941 METHOD(message_t, get_responder_spi, u_int64_t,
942 private_message_t *this)
943 {
944 return (this->ike_sa_id->get_responder_spi(this->ike_sa_id));
945 }
946
947 METHOD(message_t, set_major_version, void,
948 private_message_t *this, u_int8_t major_version)
949 {
950 this->major_version = major_version;
951 }
952
953 METHOD(message_t, get_major_version, u_int8_t,
954 private_message_t *this)
955 {
956 return this->major_version;
957 }
958
959 METHOD(message_t, set_minor_version, void,
960 private_message_t *this,u_int8_t minor_version)
961 {
962 this->minor_version = minor_version;
963 }
964
965 METHOD(message_t, get_minor_version, u_int8_t,
966 private_message_t *this)
967 {
968 return this->minor_version;
969 }
970
971 METHOD(message_t, set_exchange_type, void,
972 private_message_t *this, exchange_type_t exchange_type)
973 {
974 this->exchange_type = exchange_type;
975 }
976
977 METHOD(message_t, get_exchange_type, exchange_type_t,
978 private_message_t *this)
979 {
980 return this->exchange_type;
981 }
982
983 METHOD(message_t, get_first_payload_type, payload_type_t,
984 private_message_t *this)
985 {
986 return this->first_payload;
987 }
988
989 METHOD(message_t, set_request, void,
990 private_message_t *this, bool request)
991 {
992 this->is_request = request;
993 }
994
995 METHOD(message_t, get_request, bool,
996 private_message_t *this)
997 {
998 return this->is_request;
999 }
1000
1001 METHOD(message_t, set_version_flag, void,
1002 private_message_t *this)
1003 {
1004 this->version_flag = TRUE;
1005 }
1006
1007 METHOD(message_t, get_reserved_header_bit, bool,
1008 private_message_t *this, u_int nr)
1009 {
1010 if (nr < countof(this->reserved))
1011 {
1012 return this->reserved[nr];
1013 }
1014 return FALSE;
1015 }
1016
1017 METHOD(message_t, set_reserved_header_bit, void,
1018 private_message_t *this, u_int nr)
1019 {
1020 if (nr < countof(this->reserved))
1021 {
1022 this->reserved[nr] = TRUE;
1023 }
1024 }
1025
1026 METHOD(message_t, is_encoded, bool,
1027 private_message_t *this)
1028 {
1029 return this->packet->get_data(this->packet).ptr != NULL;
1030 }
1031
1032 METHOD(message_t, add_payload, void,
1033 private_message_t *this, payload_t *payload)
1034 {
1035 payload_t *last_payload;
1036
1037 if (this->payloads->get_count(this->payloads) > 0)
1038 {
1039 this->payloads->get_last(this->payloads, (void **)&last_payload);
1040 last_payload->set_next_type(last_payload, payload->get_type(payload));
1041 }
1042 else
1043 {
1044 this->first_payload = payload->get_type(payload);
1045 }
1046 payload->set_next_type(payload, NO_PAYLOAD);
1047 this->payloads->insert_last(this->payloads, payload);
1048
1049 DBG2(DBG_ENC ,"added payload of type %N to message",
1050 payload_type_names, payload->get_type(payload));
1051 }
1052
1053 METHOD(message_t, add_notify, void,
1054 private_message_t *this, bool flush, notify_type_t type, chunk_t data)
1055 {
1056 notify_payload_t *notify;
1057 payload_t *payload;
1058
1059 if (flush)
1060 {
1061 while (this->payloads->remove_last(this->payloads,
1062 (void**)&payload) == SUCCESS)
1063 {
1064 payload->destroy(payload);
1065 }
1066 }
1067 if (this->major_version == IKEV2_MAJOR_VERSION)
1068 {
1069 notify = notify_payload_create(NOTIFY);
1070 }
1071 else
1072 {
1073 notify = notify_payload_create(NOTIFY_V1);
1074 }
1075 notify->set_notify_type(notify, type);
1076 notify->set_notification_data(notify, data);
1077 add_payload(this, (payload_t*)notify);
1078 }
1079
1080 METHOD(message_t, set_source, void,
1081 private_message_t *this, host_t *host)
1082 {
1083 this->packet->set_source(this->packet, host);
1084 }
1085
1086 METHOD(message_t, set_destination, void,
1087 private_message_t *this, host_t *host)
1088 {
1089 this->packet->set_destination(this->packet, host);
1090 }
1091
1092 METHOD(message_t, get_source, host_t*,
1093 private_message_t *this)
1094 {
1095 return this->packet->get_source(this->packet);
1096 }
1097
1098 METHOD(message_t, get_destination, host_t*,
1099 private_message_t *this)
1100 {
1101 return this->packet->get_destination(this->packet);
1102 }
1103
1104 METHOD(message_t, create_payload_enumerator, enumerator_t*,
1105 private_message_t *this)
1106 {
1107 return this->payloads->create_enumerator(this->payloads);
1108 }
1109
1110 METHOD(message_t, remove_payload_at, void,
1111 private_message_t *this, enumerator_t *enumerator)
1112 {
1113 this->payloads->remove_at(this->payloads, enumerator);
1114 }
1115
1116 METHOD(message_t, get_payload, payload_t*,
1117 private_message_t *this, payload_type_t type)
1118 {
1119 payload_t *current, *found = NULL;
1120 enumerator_t *enumerator;
1121
1122 enumerator = create_payload_enumerator(this);
1123 while (enumerator->enumerate(enumerator, &current))
1124 {
1125 if (current->get_type(current) == type)
1126 {
1127 found = current;
1128 break;
1129 }
1130 }
1131 enumerator->destroy(enumerator);
1132 return found;
1133 }
1134
1135 METHOD(message_t, get_notify, notify_payload_t*,
1136 private_message_t *this, notify_type_t type)
1137 {
1138 enumerator_t *enumerator;
1139 notify_payload_t *notify = NULL;
1140 payload_t *payload;
1141
1142 enumerator = create_payload_enumerator(this);
1143 while (enumerator->enumerate(enumerator, &payload))
1144 {
1145 if (payload->get_type(payload) == NOTIFY)
1146 {
1147 notify = (notify_payload_t*)payload;
1148 if (notify->get_notify_type(notify) == type)
1149 {
1150 break;
1151 }
1152 notify = NULL;
1153 }
1154 }
1155 enumerator->destroy(enumerator);
1156 return notify;
1157 }
1158
1159 /**
1160 * get a string representation of the message
1161 */
1162 static char* get_string(private_message_t *this, char *buf, int len)
1163 {
1164 enumerator_t *enumerator;
1165 payload_t *payload;
1166 int written;
1167 char *pos = buf;
1168
1169 memset(buf, 0, len);
1170 len--;
1171
1172 written = snprintf(pos, len, "%N %s %u [",
1173 exchange_type_names, this->exchange_type,
1174 this->is_request ? "request" : "response",
1175 this->message_id);
1176 if (written >= len || written < 0)
1177 {
1178 return "";
1179 }
1180 pos += written;
1181 len -= written;
1182
1183 enumerator = create_payload_enumerator(this);
1184 while (enumerator->enumerate(enumerator, &payload))
1185 {
1186 written = snprintf(pos, len, " %N", payload_type_short_names,
1187 payload->get_type(payload));
1188 if (written >= len || written < 0)
1189 {
1190 return buf;
1191 }
1192 pos += written;
1193 len -= written;
1194 if (payload->get_type(payload) == NOTIFY)
1195 {
1196 notify_payload_t *notify;
1197 notify_type_t type;
1198 chunk_t data;
1199
1200 notify = (notify_payload_t*)payload;
1201 type = notify->get_notify_type(notify);
1202 data = notify->get_notification_data(notify);
1203 if (type == MS_NOTIFY_STATUS && data.len == 4)
1204 {
1205 written = snprintf(pos, len, "(%N(%d))", notify_type_short_names,
1206 type, untoh32(data.ptr));
1207 }
1208 else
1209 {
1210 written = snprintf(pos, len, "(%N)", notify_type_short_names,
1211 type);
1212 }
1213 if (written >= len || written < 0)
1214 {
1215 return buf;
1216 }
1217 pos += written;
1218 len -= written;
1219 }
1220 if (payload->get_type(payload) == EXTENSIBLE_AUTHENTICATION)
1221 {
1222 eap_payload_t *eap = (eap_payload_t*)payload;
1223 u_int32_t vendor;
1224 eap_type_t type;
1225 char method[64] = "";
1226
1227 type = eap->get_type(eap, &vendor);
1228 if (type)
1229 {
1230 if (vendor)
1231 {
1232 snprintf(method, sizeof(method), "/%d-%d", type, vendor);
1233 }
1234 else
1235 {
1236 snprintf(method, sizeof(method), "/%N",
1237 eap_type_short_names, type);
1238 }
1239 }
1240 written = snprintf(pos, len, "/%N%s", eap_code_short_names,
1241 eap->get_code(eap), method);
1242 if (written >= len || written < 0)
1243 {
1244 return buf;
1245 }
1246 pos += written;
1247 len -= written;
1248 }
1249 if (payload->get_type(payload) == CONFIGURATION)
1250 {
1251 cp_payload_t *cp = (cp_payload_t*)payload;
1252 enumerator_t *attributes;
1253 configuration_attribute_t *attribute;
1254 bool first = TRUE;
1255
1256 attributes = cp->create_attribute_enumerator(cp);
1257 while (attributes->enumerate(attributes, &attribute))
1258 {
1259 written = snprintf(pos, len, "%s%N", first ? "(" : " ",
1260 configuration_attribute_type_short_names,
1261 attribute->get_type(attribute));
1262 if (written >= len || written < 0)
1263 {
1264 return buf;
1265 }
1266 pos += written;
1267 len -= written;
1268 first = FALSE;
1269 }
1270 attributes->destroy(attributes);
1271 if (!first)
1272 {
1273 written = snprintf(pos, len, ")");
1274 if (written >= len || written < 0)
1275 {
1276 return buf;
1277 }
1278 pos += written;
1279 len -= written;
1280 }
1281 }
1282 }
1283 enumerator->destroy(enumerator);
1284
1285 /* remove last space */
1286 snprintf(pos, len, " ]");
1287 return buf;
1288 }
1289
1290 /**
1291 * reorder payloads depending on reordering rules
1292 */
1293 static void order_payloads(private_message_t *this)
1294 {
1295 linked_list_t *list;
1296 payload_t *payload;
1297 int i;
1298
1299 /* move to temp list */
1300 list = linked_list_create();
1301 while (this->payloads->remove_last(this->payloads,
1302 (void**)&payload) == SUCCESS)
1303 {
1304 list->insert_first(list, payload);
1305 }
1306 /* for each rule, ... */
1307 for (i = 0; i < this->rule->order_count; i++)
1308 {
1309 enumerator_t *enumerator;
1310 notify_payload_t *notify;
1311 payload_order_t order;
1312
1313 order = this->rule->order[i];
1314
1315 /* ... find all payload ... */
1316 enumerator = list->create_enumerator(list);
1317 while (enumerator->enumerate(enumerator, &payload))
1318 {
1319 /* ... with that type ... */
1320 if (payload->get_type(payload) == order.type)
1321 {
1322 notify = (notify_payload_t*)payload;
1323
1324 /**... and check notify for type. */
1325 if (order.type != NOTIFY || order.notify == 0 ||
1326 order.notify == notify->get_notify_type(notify))
1327 {
1328 list->remove_at(list, enumerator);
1329 add_payload(this, payload);
1330 }
1331 }
1332 }
1333 enumerator->destroy(enumerator);
1334 }
1335 /* append all payloads without a rule to the end */
1336 while (list->remove_last(list, (void**)&payload) == SUCCESS)
1337 {
1338 /* do not complain about payloads in private use space */
1339 if (payload->get_type(payload) < 128)
1340 {
1341 DBG1(DBG_ENC, "payload %N has no ordering rule in %N %s",
1342 payload_type_names, payload->get_type(payload),
1343 exchange_type_names, this->rule->exchange_type,
1344 this->rule->is_request ? "request" : "response");
1345 }
1346 add_payload(this, payload);
1347 }
1348 list->destroy(list);
1349 }
1350
1351 /**
1352 * Wrap payloads in an encryption payload
1353 */
1354 static encryption_payload_t* wrap_payloads(private_message_t *this,
1355 payload_type_t encryption_type)
1356 {
1357 encryption_payload_t *encryption;
1358 linked_list_t *payloads;
1359 payload_t *current;
1360
1361 /* copy all payloads in a temporary list */
1362 payloads = linked_list_create();
1363 while (this->payloads->remove_first(this->payloads,
1364 (void**)&current) == SUCCESS)
1365 {
1366 payloads->insert_last(payloads, current);
1367 }
1368
1369 encryption = encryption_payload_create(encryption_type);
1370 while (payloads->remove_first(payloads, (void**)&current) == SUCCESS)
1371 {
1372 payload_rule_t *rule;
1373 payload_type_t type;
1374 bool encrypt = TRUE;
1375
1376 type = current->get_type(current);
1377 rule = get_payload_rule(this, type);
1378 if (rule)
1379 {
1380 encrypt = rule->encrypted;
1381 }
1382 if (encrypt || this->is_encrypted)
1383 { /* encryption is forced for IKEv1 */
1384 DBG2(DBG_ENC, "insert payload %N to encryption payload",
1385 payload_type_names, type);
1386 encryption->add_payload(encryption, current);
1387 }
1388 else
1389 {
1390 DBG2(DBG_ENC, "insert payload %N unencrypted",
1391 payload_type_names, type);
1392 add_payload(this, current);
1393 }
1394 }
1395 payloads->destroy(payloads);
1396
1397 return encryption;
1398 }
1399
1400 METHOD(message_t, disable_sort, void,
1401 private_message_t *this)
1402 {
1403 this->sort_disabled = TRUE;
1404 }
1405
1406 METHOD(message_t, generate, status_t,
1407 private_message_t *this, keymat_t *keymat, packet_t **packet)
1408 {
1409 keymat_v1_t *keymat_v1 = (keymat_v1_t*)keymat;
1410 generator_t *generator;
1411 ike_header_t *ike_header;
1412 payload_t *payload, *next;
1413 encryption_payload_t *encryption = NULL;
1414 payload_type_t next_type;
1415 enumerator_t *enumerator;
1416 aead_t *aead;
1417 chunk_t chunk;
1418 char str[BUF_LEN];
1419 u_int32_t *lenpos;
1420 bool encrypted = FALSE, *reserved;
1421 int i;
1422
1423 if (this->exchange_type == EXCHANGE_TYPE_UNDEFINED)
1424 {
1425 DBG1(DBG_ENC, "exchange type is not defined");
1426 return INVALID_STATE;
1427 }
1428
1429 if (this->packet->get_source(this->packet) == NULL ||
1430 this->packet->get_destination(this->packet) == NULL)
1431 {
1432 DBG1(DBG_ENC, "source/destination not defined");
1433 return INVALID_STATE;
1434 }
1435
1436 this->rule = get_message_rule(this);
1437 if (!this->rule)
1438 {
1439 DBG1(DBG_ENC, "no message rules specified for this message type");
1440 return NOT_SUPPORTED;
1441 }
1442
1443 if (!this->sort_disabled)
1444 {
1445 order_payloads(this);
1446 }
1447
1448 if (this->major_version == IKEV2_MAJOR_VERSION)
1449 {
1450 encrypted = this->rule->encrypted;
1451 }
1452 else
1453 {
1454 /* get a hash for this message, if any is required */
1455 chunk_t hash = keymat_v1->get_hash_phase2(keymat_v1, &this->public);
1456 if (hash.ptr)
1457 { /* insert a HASH payload as first payload */
1458 hash_payload_t *hash_payload = hash_payload_create(HASH_V1);
1459 hash_payload->set_hash(hash_payload, hash);
1460 this->payloads->insert_first(this->payloads,
1461 (payload_t*)hash_payload);
1462 chunk_free(&hash);
1463 }
1464
1465 /* if at least one payload requires encryption, encrypt the message.
1466 * if we have no key material available, the flag will be reset below */
1467 enumerator = this->payloads->create_enumerator(this->payloads);
1468 while (enumerator->enumerate(enumerator, (void**)&payload))
1469 {
1470 payload_rule_t *rule;
1471 rule = get_payload_rule(this, payload->get_type(payload));
1472 if (rule && rule->encrypted)
1473 {
1474 this->is_encrypted = TRUE;
1475 encrypted = TRUE;
1476 break;
1477 }
1478 }
1479 enumerator->destroy(enumerator);
1480 }
1481
1482 DBG1(DBG_ENC, "generating %s", get_string(this, str, sizeof(str)));
1483
1484 aead = keymat->get_aead(keymat, FALSE);
1485 if (aead && encrypted)
1486 {
1487 encryption = wrap_payloads(this, this->is_encrypted ? ENCRYPTED_V1
1488 : ENCRYPTED);
1489 }
1490 else
1491 {
1492 DBG2(DBG_ENC, "not encrypting payloads");
1493 this->is_encrypted = FALSE;
1494 }
1495
1496 ike_header = ike_header_create_version(this->major_version,
1497 this->minor_version);
1498 ike_header->set_exchange_type(ike_header, this->exchange_type);
1499 ike_header->set_message_id(ike_header, this->message_id);
1500 if (this->major_version == IKEV2_MAJOR_VERSION)
1501 {
1502 ike_header->set_response_flag(ike_header, !this->is_request);
1503 ike_header->set_version_flag(ike_header, this->version_flag);
1504 ike_header->set_initiator_flag(ike_header,
1505 this->ike_sa_id->is_initiator(this->ike_sa_id));
1506 }
1507 else
1508 {
1509 ike_header->set_encryption_flag(ike_header, this->is_encrypted);
1510 }
1511 ike_header->set_initiator_spi(ike_header,
1512 this->ike_sa_id->get_initiator_spi(this->ike_sa_id));
1513 ike_header->set_responder_spi(ike_header,
1514 this->ike_sa_id->get_responder_spi(this->ike_sa_id));
1515
1516 for (i = 0; i < countof(this->reserved); i++)
1517 {
1518 reserved = payload_get_field(&ike_header->payload_interface,
1519 RESERVED_BIT, i);
1520 if (reserved)
1521 {
1522 *reserved = this->reserved[i];
1523 }
1524 }
1525
1526 generator = generator_create();
1527
1528 /* generate all payloads with proper next type */
1529 payload = (payload_t*)ike_header;
1530 enumerator = create_payload_enumerator(this);
1531 while (enumerator->enumerate(enumerator, &next))
1532 {
1533 payload->set_next_type(payload, next->get_type(next));
1534 generator->generate_payload(generator, payload);
1535 payload = next;
1536 }
1537 enumerator->destroy(enumerator);
1538 if (this->is_encrypted)
1539 { /* for encrypted IKEv1 messages */
1540 next_type = encryption->payload_interface.get_next_type(
1541 (payload_t*)encryption);
1542 }
1543 else
1544 {
1545 next_type = encryption ? ENCRYPTED : NO_PAYLOAD;
1546 }
1547 payload->set_next_type(payload, next_type);
1548 generator->generate_payload(generator, payload);
1549 ike_header->destroy(ike_header);
1550
1551 if (encryption)
1552 { /* set_transform() has to be called before get_length() */
1553 encryption->set_transform(encryption, aead);
1554 if (this->is_encrypted)
1555 { /* for IKEv1 instead of associated data we provide the IV */
1556 chunk = keymat_v1->get_iv(keymat_v1, this->message_id);
1557 }
1558 else
1559 { /* build associated data (without header of encryption payload) */
1560 chunk = generator->get_chunk(generator, &lenpos);
1561 /* fill in length, including encryption payload */
1562 htoun32(lenpos, chunk.len + encryption->get_length(encryption));
1563 }
1564 this->payloads->insert_last(this->payloads, encryption);
1565 if (!encryption->encrypt(encryption, chunk))
1566 {
1567 generator->destroy(generator);
1568 return INVALID_STATE;
1569 }
1570 generator->generate_payload(generator, &encryption->payload_interface);
1571 }
1572 chunk = generator->get_chunk(generator, &lenpos);
1573 htoun32(lenpos, chunk.len);
1574 this->packet->set_data(this->packet, chunk_clone(chunk));
1575 if (this->is_encrypted)
1576 { /* update the IV for the next IKEv1 message */
1577 chunk_t last_block;
1578 size_t bs = aead->get_block_size(aead);
1579 last_block = chunk_create(chunk.ptr + chunk.len - bs, bs);
1580 keymat_v1->update_iv(keymat_v1, this->message_id, last_block);
1581 keymat_v1->confirm_iv(keymat_v1, this->message_id);
1582 }
1583 generator->destroy(generator);
1584 *packet = this->packet->clone(this->packet);
1585 return SUCCESS;
1586 }
1587
1588 METHOD(message_t, get_packet, packet_t*,
1589 private_message_t *this)
1590 {
1591 if (this->packet == NULL)
1592 {
1593 return NULL;
1594 }
1595 return this->packet->clone(this->packet);
1596 }
1597
1598 METHOD(message_t, get_packet_data, chunk_t,
1599 private_message_t *this)
1600 {
1601 if (this->packet == NULL)
1602 {
1603 return chunk_empty;
1604 }
1605 return this->packet->get_data(this->packet);
1606 }
1607
1608 METHOD(message_t, parse_header, status_t,
1609 private_message_t *this)
1610 {
1611 ike_header_t *ike_header;
1612 status_t status;
1613 bool *reserved;
1614 int i;
1615
1616 DBG2(DBG_ENC, "parsing header of message");
1617
1618 this->parser->reset_context(this->parser);
1619 status = this->parser->parse_payload(this->parser, HEADER,
1620 (payload_t**)&ike_header);
1621 if (status != SUCCESS)
1622 {
1623 DBG1(DBG_ENC, "header could not be parsed");
1624 return status;
1625
1626 }
1627
1628 status = ike_header->payload_interface.verify(
1629 &ike_header->payload_interface);
1630 if (status != SUCCESS)
1631 {
1632 DBG1(DBG_ENC, "header verification failed");
1633 ike_header->destroy(ike_header);
1634 return status;
1635 }
1636
1637 DESTROY_IF(this->ike_sa_id);
1638 this->ike_sa_id = ike_sa_id_create(
1639 ike_header->get_initiator_spi(ike_header),
1640 ike_header->get_responder_spi(ike_header),
1641 ike_header->get_initiator_flag(ike_header));
1642
1643 this->exchange_type = ike_header->get_exchange_type(ike_header);
1644 this->message_id = ike_header->get_message_id(ike_header);
1645 this->major_version = ike_header->get_maj_version(ike_header);
1646 this->minor_version = ike_header->get_min_version(ike_header);
1647 if (this->major_version == IKEV2_MAJOR_VERSION)
1648 {
1649 this->is_request = !ike_header->get_response_flag(ike_header);
1650 }
1651 else
1652 {
1653 this->is_encrypted = ike_header->get_encryption_flag(ike_header);
1654 }
1655 this->first_payload = ike_header->payload_interface.get_next_type(
1656 &ike_header->payload_interface);
1657 for (i = 0; i < countof(this->reserved); i++)
1658 {
1659 reserved = payload_get_field(&ike_header->payload_interface,
1660 RESERVED_BIT, i);
1661 if (reserved)
1662 {
1663 this->reserved[i] = *reserved;
1664 }
1665 }
1666 ike_header->destroy(ike_header);
1667
1668 DBG2(DBG_ENC, "parsed a %N %s header", exchange_type_names,
1669 this->exchange_type, this->major_version == IKEV1_MAJOR_VERSION ?
1670 "message" : (this->is_request ? "request" : "response"));
1671 return SUCCESS;
1672 }
1673
1674 /**
1675 * Check if a payload is for a mediation extension connectivity check
1676 */
1677 static bool is_connectivity_check(private_message_t *this, payload_t *payload)
1678 {
1679 #ifdef ME
1680 if (this->exchange_type == INFORMATIONAL &&
1681 payload->get_type(payload) == NOTIFY)
1682 {
1683 notify_payload_t *notify = (notify_payload_t*)payload;
1684
1685 switch (notify->get_notify_type(notify))
1686 {
1687 case ME_CONNECTID:
1688 case ME_ENDPOINT:
1689 case ME_CONNECTAUTH:
1690 return TRUE;
1691 default:
1692 break;
1693 }
1694 }
1695 #endif /* !ME */
1696 return FALSE;
1697 }
1698
1699 /**
1700 * Parses and verifies the unencrypted payloads contained in the message
1701 */
1702 static status_t parse_payloads(private_message_t *this)
1703 {
1704 payload_type_t type = this->first_payload;
1705 payload_t *payload;
1706 status_t status;
1707
1708 if (this->is_encrypted)
1709 { /* wrap the whole encrypted IKEv1 message in a special encryption
1710 * payload which is then handled just like a regular payload */
1711 encryption_payload_t *encryption;
1712 status = this->parser->parse_payload(this->parser, ENCRYPTED_V1,
1713 (payload_t**)&encryption);
1714 if (status != SUCCESS)
1715 {
1716 DBG1(DBG_ENC, "failed to wrap encrypted IKEv1 message");
1717 return PARSE_ERROR;
1718 }
1719 encryption->payload_interface.set_next_type((payload_t*)encryption,
1720 this->first_payload);
1721 this->payloads->insert_last(this->payloads, encryption);
1722 return SUCCESS;
1723 }
1724
1725 while (type != NO_PAYLOAD)
1726 {
1727 DBG2(DBG_ENC, "starting parsing a %N payload",
1728 payload_type_names, type);
1729
1730 status = this->parser->parse_payload(this->parser, type, &payload);
1731 if (status != SUCCESS)
1732 {
1733 DBG1(DBG_ENC, "payload type %N could not be parsed",
1734 payload_type_names, type);
1735 return PARSE_ERROR;
1736 }
1737
1738 DBG2(DBG_ENC, "verifying payload of type %N", payload_type_names, type);
1739 status = payload->verify(payload);
1740 if (status != SUCCESS)
1741 {
1742 DBG1(DBG_ENC, "%N payload verification failed",
1743 payload_type_names, type);
1744 payload->destroy(payload);
1745 return VERIFY_ERROR;
1746 }
1747
1748 DBG2(DBG_ENC, "%N payload verified. Adding to payload list",
1749 payload_type_names, type);
1750 this->payloads->insert_last(this->payloads, payload);
1751
1752 /* an encryption payload is the last one, so STOP here. decryption is
1753 * done later */
1754 if (type == ENCRYPTED)
1755 {
1756 DBG2(DBG_ENC, "%N payload found. Stop parsing",
1757 payload_type_names, type);
1758 break;
1759 }
1760 type = payload->get_next_type(payload);
1761 }
1762 return SUCCESS;
1763 }
1764
1765 /**
1766 * Decrypt payload from the encryption payload
1767 */
1768 static status_t decrypt_payloads(private_message_t *this, keymat_t *keymat)
1769 {
1770 bool was_encrypted = FALSE;
1771 payload_t *payload, *previous = NULL;
1772 enumerator_t *enumerator;
1773 payload_rule_t *rule;
1774 payload_type_t type;
1775 aead_t *aead;
1776 status_t status = SUCCESS;
1777
1778 enumerator = this->payloads->create_enumerator(this->payloads);
1779 while (enumerator->enumerate(enumerator, &payload))
1780 {
1781 type = payload->get_type(payload);
1782
1783 DBG2(DBG_ENC, "process payload of type %N", payload_type_names, type);
1784
1785 if (type == ENCRYPTED || type == ENCRYPTED_V1)
1786 {
1787 encryption_payload_t *encryption;
1788 payload_t *encrypted;
1789 chunk_t chunk;
1790 size_t bs;
1791
1792 encryption = (encryption_payload_t*)payload;
1793
1794 DBG2(DBG_ENC, "found an encryption payload");
1795
1796 if (this->payloads->has_more(this->payloads, enumerator))
1797 {
1798 DBG1(DBG_ENC, "encrypted payload is not last payload");
1799 status = VERIFY_ERROR;
1800 break;
1801 }
1802 aead = keymat->get_aead(keymat, TRUE);
1803 bs = aead->get_block_size(aead);
1804 encryption->set_transform(encryption, aead);
1805 chunk = this->packet->get_data(this->packet);
1806 if (chunk.len < encryption->get_length(encryption) ||
1807 chunk.len < bs)
1808 {
1809 DBG1(DBG_ENC, "invalid payload length");
1810 status = VERIFY_ERROR;
1811 break;
1812 }
1813 if (type == ENCRYPTED_V1)
1814 { /* instead of associated data we provide the IV, we also update
1815 * the IV with the last encrypted block */
1816 keymat_v1_t *keymat_v1 = (keymat_v1_t*)keymat;
1817 chunk_t last_block = chunk_create(chunk.ptr + chunk.len - bs,
1818 bs);
1819 chunk = keymat_v1->get_iv(keymat_v1, this->message_id);
1820 keymat_v1->update_iv(keymat_v1, this->message_id, last_block);
1821 }
1822 else
1823 {
1824 chunk.len -= encryption->get_length(encryption);
1825 }
1826 status = encryption->decrypt(encryption, chunk);
1827 if (status != SUCCESS)
1828 {
1829 break;
1830 }
1831
1832 was_encrypted = TRUE;
1833 this->payloads->remove_at(this->payloads, enumerator);
1834
1835 while ((encrypted = encryption->remove_payload(encryption)))
1836 {
1837 type = encrypted->get_type(encrypted);
1838 if (previous)
1839 {
1840 previous->set_next_type(previous, type);
1841 }
1842 else
1843 {
1844 this->first_payload = type;
1845 }
1846 DBG2(DBG_ENC, "insert decrypted payload of type "
1847 "%N at end of list", payload_type_names, type);
1848 this->payloads->insert_last(this->payloads, encrypted);
1849 previous = encrypted;
1850 }
1851 encryption->destroy(encryption);
1852 }
1853 if (payload_is_known(type) && !was_encrypted &&
1854 !is_connectivity_check(this, payload))
1855 {
1856 rule = get_payload_rule(this, type);
1857 if (!rule || rule->encrypted)
1858 {
1859 DBG1(DBG_ENC, "payload type %N was not encrypted",
1860 payload_type_names, type);
1861 status = FAILED;
1862 break;
1863 }
1864 }
1865 previous = payload;
1866 }
1867 enumerator->destroy(enumerator);
1868 return status;
1869 }
1870
1871 /**
1872 * Verify a message and all payload according to message/payload rules
1873 */
1874 static status_t verify(private_message_t *this)
1875 {
1876 bool complete = FALSE;
1877 int i;
1878
1879 DBG2(DBG_ENC, "verifying message structure");
1880
1881 /* check for payloads with wrong count */
1882 for (i = 0; i < this->rule->rule_count; i++)
1883 {
1884 enumerator_t *enumerator;
1885 payload_t *payload;
1886 payload_rule_t *rule;
1887 int found = 0;
1888
1889 rule = &this->rule->rules[i];
1890 enumerator = create_payload_enumerator(this);
1891 while (enumerator->enumerate(enumerator, &payload))
1892 {
1893 payload_type_t type;
1894
1895 type = payload->get_type(payload);
1896 if (type == rule->type)
1897 {
1898 found++;
1899 DBG2(DBG_ENC, "found payload of type %N",
1900 payload_type_names, type);
1901 if (found > rule->max_occurence)
1902 {
1903 DBG1(DBG_ENC, "payload of type %N more than %d times (%d) "
1904 "occurred in current message", payload_type_names,
1905 type, rule->max_occurence, found);
1906 enumerator->destroy(enumerator);
1907 return VERIFY_ERROR;
1908 }
1909 }
1910 }
1911 enumerator->destroy(enumerator);
1912
1913 if (!complete && found < rule->min_occurence)
1914 {
1915 DBG1(DBG_ENC, "payload of type %N not occurred %d times (%d)",
1916 payload_type_names, rule->type, rule->min_occurence, found);
1917 return VERIFY_ERROR;
1918 }
1919 if (found && rule->sufficient)
1920 {
1921 complete = TRUE;
1922 }
1923 }
1924 return SUCCESS;
1925 }
1926
1927 METHOD(message_t, parse_body, status_t,
1928 private_message_t *this, keymat_t *keymat)
1929 {
1930 status_t status = SUCCESS;
1931 char str[BUF_LEN];
1932
1933 DBG2(DBG_ENC, "parsing body of message, first payload is %N",
1934 payload_type_names, this->first_payload);
1935
1936 this->rule = get_message_rule(this);
1937 if (!this->rule)
1938 {
1939 DBG1(DBG_ENC, "no message rules specified for a %N %s",
1940 exchange_type_names, this->exchange_type,
1941 this->is_request ? "request" : "response");
1942 return NOT_SUPPORTED;
1943 }
1944
1945 status = parse_payloads(this);
1946 if (status != SUCCESS)
1947 { /* error is already logged */
1948 return status;
1949 }
1950
1951 status = decrypt_payloads(this, keymat);
1952 if (status != SUCCESS)
1953 {
1954 DBG1(DBG_ENC, "could not decrypt payloads");
1955 return status;
1956 }
1957
1958 status = verify(this);
1959 if (status != SUCCESS)
1960 {
1961 return status;
1962 }
1963
1964 DBG1(DBG_ENC, "parsed %s", get_string(this, str, sizeof(str)));
1965
1966 if (this->major_version == IKEV1_MAJOR_VERSION)
1967 {
1968 keymat_v1_t *keymat_v1 = (keymat_v1_t*)keymat;
1969 chunk_t hash;
1970 hash = keymat_v1->get_hash_phase2(keymat_v1, &this->public);
1971 if (hash.ptr)
1972 {
1973 hash_payload_t *hash_payload;
1974 chunk_t other_hash;
1975 if ((this->first_payload != HASH_V1) && (this->public.get_exchange_type(&this->public) != INFORMATIONAL_V1))
1976 {
1977 DBG1(DBG_ENC, "expected HASH payload as first payload");
1978 chunk_free(&hash);
1979 return VERIFY_ERROR;
1980 }
1981 if (this->first_payload == HASH_V1)
1982 {
1983 hash_payload = (hash_payload_t*)get_payload(this, HASH_V1);
1984 other_hash = hash_payload->get_hash(hash_payload);
1985 if (!chunk_equals(hash, other_hash))
1986 {
1987 DBG1(DBG_ENC, "our hash does not match received %B",
1988 &other_hash);
1989 chunk_free(&hash);
1990 return FAILED;
1991 }
1992 DBG2(DBG_ENC, "verified IKEv1 message with hash %B", &hash);
1993 }
1994 chunk_free(&hash);
1995 }
1996 }
1997
1998 if (this->is_encrypted)
1999 { /* TODO-IKEv1: this should be done later when we know this is no
2000 * retransmit */
2001 keymat_v1_t *keymat_v1 = (keymat_v1_t*)keymat;
2002 keymat_v1->confirm_iv(keymat_v1, this->message_id);
2003 }
2004
2005 return SUCCESS;
2006 }
2007
2008 METHOD(message_t, destroy, void,
2009 private_message_t *this)
2010 {
2011 DESTROY_IF(this->ike_sa_id);
2012 this->payloads->destroy_offset(this->payloads, offsetof(payload_t, destroy));
2013 this->packet->destroy(this->packet);
2014 this->parser->destroy(this->parser);
2015 free(this);
2016 }
2017
2018 /*
2019 * Described in header.
2020 */
2021 message_t *message_create_from_packet(packet_t *packet)
2022 {
2023 private_message_t *this;
2024
2025 INIT(this,
2026 .public = {
2027 .set_major_version = _set_major_version,
2028 .get_major_version = _get_major_version,
2029 .set_minor_version = _set_minor_version,
2030 .get_minor_version = _get_minor_version,
2031 .set_message_id = _set_message_id,
2032 .get_message_id = _get_message_id,
2033 .get_initiator_spi = _get_initiator_spi,
2034 .get_responder_spi = _get_responder_spi,
2035 .set_ike_sa_id = _set_ike_sa_id,
2036 .get_ike_sa_id = _get_ike_sa_id,
2037 .set_exchange_type = _set_exchange_type,
2038 .get_exchange_type = _get_exchange_type,
2039 .get_first_payload_type = _get_first_payload_type,
2040 .set_request = _set_request,
2041 .get_request = _get_request,
2042 .set_version_flag = _set_version_flag,
2043 .get_reserved_header_bit = _get_reserved_header_bit,
2044 .set_reserved_header_bit = _set_reserved_header_bit,
2045 .add_payload = _add_payload,
2046 .add_notify = _add_notify,
2047 .disable_sort = _disable_sort,
2048 .generate = _generate,
2049 .is_encoded = _is_encoded,
2050 .set_source = _set_source,
2051 .get_source = _get_source,
2052 .set_destination = _set_destination,
2053 .get_destination = _get_destination,
2054 .create_payload_enumerator = _create_payload_enumerator,
2055 .remove_payload_at = _remove_payload_at,
2056 .get_payload = _get_payload,
2057 .get_notify = _get_notify,
2058 .parse_header = _parse_header,
2059 .parse_body = _parse_body,
2060 .get_packet = _get_packet,
2061 .get_packet_data = _get_packet_data,
2062 .destroy = _destroy,
2063 },
2064 .exchange_type = EXCHANGE_TYPE_UNDEFINED,
2065 .is_request = TRUE,
2066 .first_payload = NO_PAYLOAD,
2067 .packet = packet,
2068 .payloads = linked_list_create(),
2069 .parser = parser_create(packet->get_data(packet)),
2070 );
2071
2072 return &this->public;
2073 }
2074
2075 /*
2076 * Described in header.
2077 */
2078 message_t *message_create(int major, int minor)
2079 {
2080 message_t *this = message_create_from_packet(packet_create());
2081
2082 this->set_major_version(this, major);
2083 this->set_minor_version(this, minor);
2084
2085 return this;
2086 }