Compiler warning fixed.
[strongswan.git] / src / libcharon / encoding / message.c
1 /*
2 * Copyright (C) 2006-2007 Tobias Brunner
3 * Copyright (C) 2005-2010 Martin Willi
4 * Copyright (C) 2010 revosec AG
5 * Copyright (C) 2006 Daniel Roethlisberger
6 * Copyright (C) 2005 Jan Hutter
7 * Hochschule fuer Technik Rapperswil
8 *
9 * This program is free software; you can redistribute it and/or modify it
10 * under the terms of the GNU General Public License as published by the
11 * Free Software Foundation; either version 2 of the License, or (at your
12 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
13 *
14 * This program is distributed in the hope that it will be useful, but
15 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
16 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
17 * for more details.
18 */
19
20 #include <stdlib.h>
21 #include <string.h>
22
23 #include "message.h"
24
25 #include <library.h>
26 #include <daemon.h>
27 #include <sa/ike_sa_id.h>
28 #include <encoding/generator.h>
29 #include <encoding/parser.h>
30 #include <utils/linked_list.h>
31 #include <encoding/payloads/encodings.h>
32 #include <encoding/payloads/payload.h>
33 #include <encoding/payloads/encryption_payload.h>
34 #include <encoding/payloads/unknown_payload.h>
35 #include <encoding/payloads/cp_payload.h>
36
37 /**
38 * Max number of notify payloads per IKEv2 Message
39 */
40 #define MAX_NOTIFY_PAYLOADS 20
41
42 /**
43 * Max number of delete payloads per IKEv2 Message
44 */
45 #define MAX_DELETE_PAYLOADS 20
46
47 /**
48 * A payload rule defines the rules for a payload
49 * in a specific message rule. It defines if and how
50 * many times a payload must/can occur in a message
51 * and if it must be encrypted.
52 */
53 typedef struct {
54 /* Payload type */
55 payload_type_t type;
56 /* Minimal occurence of this payload. */
57 size_t min_occurence;
58 /* Max occurence of this payload. */
59 size_t max_occurence;
60 /* TRUE if payload must be encrypted */
61 bool encrypted;
62 /* If payload occurs, the message rule is fullfilled */
63 bool sufficient;
64 } payload_rule_t;
65
66 /**
67 * payload ordering structure allows us to reorder payloads according to RFC.
68 */
69 typedef struct {
70 /** payload type */
71 payload_type_t type;
72 /** notify type, if payload == NOTIFY */
73 notify_type_t notify;
74 } payload_order_t;
75
76 /**
77 * A message rule defines the kind of a message,
78 * if it has encrypted contents and a list
79 * of payload ordering rules and payload parsing rules.
80 */
81 typedef struct {
82 /** Type of message. */
83 exchange_type_t exchange_type;
84 /** Is message a request or response. */
85 bool is_request;
86 /** Message contains encrypted payloads. */
87 bool encrypted;
88 /** Number of payload rules which will follow */
89 int rule_count;
90 /** Pointer to first payload rule */
91 payload_rule_t *rules;
92 /** Number of payload order rules */
93 int order_count;
94 /** payload ordering rules */
95 payload_order_t *order;
96 } message_rule_t;
97
98 /**
99 * Message rule for IKE_SA_INIT from initiator.
100 */
101 static payload_rule_t ike_sa_init_i_rules[] = {
102 /* payload type min max encr suff */
103 {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE},
104 {SECURITY_ASSOCIATION, 1, 1, FALSE, FALSE},
105 {KEY_EXCHANGE, 1, 1, FALSE, FALSE},
106 {NONCE, 1, 1, FALSE, FALSE},
107 {VENDOR_ID, 0, 10, FALSE, FALSE},
108 };
109
110 /**
111 * payload order for IKE_SA_INIT initiator
112 */
113 static payload_order_t ike_sa_init_i_order[] = {
114 /* payload type notify type */
115 {NOTIFY, COOKIE},
116 {SECURITY_ASSOCIATION, 0},
117 {KEY_EXCHANGE, 0},
118 {NONCE, 0},
119 {NOTIFY, NAT_DETECTION_SOURCE_IP},
120 {NOTIFY, NAT_DETECTION_DESTINATION_IP},
121 {NOTIFY, 0},
122 {VENDOR_ID, 0},
123 };
124
125 /**
126 * Message rule for IKE_SA_INIT from responder.
127 */
128 static payload_rule_t ike_sa_init_r_rules[] = {
129 /* payload type min max encr suff */
130 {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, FALSE, TRUE},
131 {SECURITY_ASSOCIATION, 1, 1, FALSE, FALSE},
132 {KEY_EXCHANGE, 1, 1, FALSE, FALSE},
133 {NONCE, 1, 1, FALSE, FALSE},
134 {CERTIFICATE_REQUEST, 1, 1, FALSE, FALSE},
135 {VENDOR_ID, 0, 10, FALSE, FALSE},
136 };
137
138 /**
139 * payload order for IKE_SA_INIT responder
140 */
141 static payload_order_t ike_sa_init_r_order[] = {
142 /* payload type notify type */
143 {SECURITY_ASSOCIATION, 0},
144 {KEY_EXCHANGE, 0},
145 {NONCE, 0},
146 {NOTIFY, NAT_DETECTION_SOURCE_IP},
147 {NOTIFY, NAT_DETECTION_DESTINATION_IP},
148 {NOTIFY, HTTP_CERT_LOOKUP_SUPPORTED},
149 {CERTIFICATE_REQUEST, 0},
150 {NOTIFY, 0},
151 {VENDOR_ID, 0},
152 };
153
154 /**
155 * Message rule for IKE_AUTH from initiator.
156 */
157 static payload_rule_t ike_auth_i_rules[] = {
158 /* payload type min max encr suff */
159 {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE},
160 {EXTENSIBLE_AUTHENTICATION, 0, 1, TRUE, TRUE},
161 {AUTHENTICATION, 0, 1, TRUE, TRUE},
162 {ID_INITIATOR, 0, 1, TRUE, FALSE},
163 {CERTIFICATE, 0, 4, TRUE, FALSE},
164 {CERTIFICATE_REQUEST, 0, 1, TRUE, FALSE},
165 {ID_RESPONDER, 0, 1, TRUE, FALSE},
166 #ifdef ME
167 {SECURITY_ASSOCIATION, 0, 1, TRUE, FALSE},
168 {TRAFFIC_SELECTOR_INITIATOR, 0, 1, TRUE, FALSE},
169 {TRAFFIC_SELECTOR_RESPONDER, 0, 1, TRUE, FALSE},
170 #else
171 {SECURITY_ASSOCIATION, 0, 1, TRUE, FALSE},
172 {TRAFFIC_SELECTOR_INITIATOR, 0, 1, TRUE, FALSE},
173 {TRAFFIC_SELECTOR_RESPONDER, 0, 1, TRUE, FALSE},
174 #endif /* ME */
175 {CONFIGURATION, 0, 1, TRUE, FALSE},
176 {VENDOR_ID, 0, 10, TRUE, FALSE},
177 };
178
179 /**
180 * payload order for IKE_AUTH initiator
181 */
182 static payload_order_t ike_auth_i_order[] = {
183 /* payload type notify type */
184 {ID_INITIATOR, 0},
185 {CERTIFICATE, 0},
186 {NOTIFY, INITIAL_CONTACT},
187 {NOTIFY, HTTP_CERT_LOOKUP_SUPPORTED},
188 {CERTIFICATE_REQUEST, 0},
189 {ID_RESPONDER, 0},
190 {AUTHENTICATION, 0},
191 {EXTENSIBLE_AUTHENTICATION, 0},
192 {CONFIGURATION, 0},
193 {NOTIFY, IPCOMP_SUPPORTED},
194 {NOTIFY, USE_TRANSPORT_MODE},
195 {NOTIFY, ESP_TFC_PADDING_NOT_SUPPORTED},
196 {NOTIFY, NON_FIRST_FRAGMENTS_ALSO},
197 {SECURITY_ASSOCIATION, 0},
198 {TRAFFIC_SELECTOR_INITIATOR, 0},
199 {TRAFFIC_SELECTOR_RESPONDER, 0},
200 {NOTIFY, MOBIKE_SUPPORTED},
201 {NOTIFY, ADDITIONAL_IP4_ADDRESS},
202 {NOTIFY, ADDITIONAL_IP6_ADDRESS},
203 {NOTIFY, NO_ADDITIONAL_ADDRESSES},
204 {NOTIFY, 0},
205 {VENDOR_ID, 0},
206 };
207
208 /**
209 * Message rule for IKE_AUTH from responder.
210 */
211 static payload_rule_t ike_auth_r_rules[] = {
212 /* payload type min max encr suff */
213 {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, TRUE},
214 {EXTENSIBLE_AUTHENTICATION, 0, 1, TRUE, TRUE},
215 {AUTHENTICATION, 0, 1, TRUE, TRUE},
216 {CERTIFICATE, 0, 4, TRUE, FALSE},
217 {ID_RESPONDER, 0, 1, TRUE, FALSE},
218 {SECURITY_ASSOCIATION, 0, 1, TRUE, FALSE},
219 {TRAFFIC_SELECTOR_INITIATOR, 0, 1, TRUE, FALSE},
220 {TRAFFIC_SELECTOR_RESPONDER, 0, 1, TRUE, FALSE},
221 {CONFIGURATION, 0, 1, TRUE, FALSE},
222 {VENDOR_ID, 0, 10, TRUE, FALSE},
223 };
224
225 /**
226 * payload order for IKE_AUTH responder
227 */
228 static payload_order_t ike_auth_r_order[] = {
229 /* payload type notify type */
230 {ID_RESPONDER, 0},
231 {CERTIFICATE, 0},
232 {AUTHENTICATION, 0},
233 {EXTENSIBLE_AUTHENTICATION, 0},
234 {CONFIGURATION, 0},
235 {NOTIFY, IPCOMP_SUPPORTED},
236 {NOTIFY, USE_TRANSPORT_MODE},
237 {NOTIFY, ESP_TFC_PADDING_NOT_SUPPORTED},
238 {NOTIFY, NON_FIRST_FRAGMENTS_ALSO},
239 {SECURITY_ASSOCIATION, 0},
240 {TRAFFIC_SELECTOR_INITIATOR, 0},
241 {TRAFFIC_SELECTOR_RESPONDER, 0},
242 {NOTIFY, AUTH_LIFETIME},
243 {NOTIFY, MOBIKE_SUPPORTED},
244 {NOTIFY, ADDITIONAL_IP4_ADDRESS},
245 {NOTIFY, ADDITIONAL_IP6_ADDRESS},
246 {NOTIFY, NO_ADDITIONAL_ADDRESSES},
247 {NOTIFY, 0},
248 {VENDOR_ID, 0},
249 };
250
251 /**
252 * Message rule for INFORMATIONAL from initiator.
253 */
254 static payload_rule_t informational_i_rules[] = {
255 /* payload type min max encr suff */
256 {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE},
257 {CONFIGURATION, 0, 1, TRUE, FALSE},
258 {DELETE, 0, MAX_DELETE_PAYLOADS, TRUE, FALSE},
259 {VENDOR_ID, 0, 10, TRUE, FALSE},
260 };
261
262 /**
263 * payload order for INFORMATIONAL initiator
264 */
265 static payload_order_t informational_i_order[] = {
266 /* payload type notify type */
267 {NOTIFY, UPDATE_SA_ADDRESSES},
268 {NOTIFY, NAT_DETECTION_SOURCE_IP},
269 {NOTIFY, NAT_DETECTION_DESTINATION_IP},
270 {NOTIFY, COOKIE2},
271 {NOTIFY, 0},
272 {DELETE, 0},
273 {CONFIGURATION, 0},
274 };
275
276 /**
277 * Message rule for INFORMATIONAL from responder.
278 */
279 static payload_rule_t informational_r_rules[] = {
280 /* payload type min max encr suff */
281 {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE},
282 {CONFIGURATION, 0, 1, TRUE, FALSE},
283 {DELETE, 0, MAX_DELETE_PAYLOADS, TRUE, FALSE},
284 {VENDOR_ID, 0, 10, TRUE, FALSE},
285 };
286
287 /**
288 * payload order for INFORMATIONAL responder
289 */
290 static payload_order_t informational_r_order[] = {
291 /* payload type notify type */
292 {NOTIFY, UPDATE_SA_ADDRESSES},
293 {NOTIFY, NAT_DETECTION_SOURCE_IP},
294 {NOTIFY, NAT_DETECTION_DESTINATION_IP},
295 {NOTIFY, COOKIE2},
296 {NOTIFY, 0},
297 {DELETE, 0},
298 {CONFIGURATION, 0},
299 };
300
301 /**
302 * Message rule for CREATE_CHILD_SA from initiator.
303 */
304 static payload_rule_t create_child_sa_i_rules[] = {
305 /* payload type min max encr suff */
306 {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE},
307 {SECURITY_ASSOCIATION, 1, 1, TRUE, FALSE},
308 {NONCE, 1, 1, TRUE, FALSE},
309 {KEY_EXCHANGE, 0, 1, TRUE, FALSE},
310 {TRAFFIC_SELECTOR_INITIATOR, 0, 1, TRUE, FALSE},
311 {TRAFFIC_SELECTOR_RESPONDER, 0, 1, TRUE, FALSE},
312 {CONFIGURATION, 0, 1, TRUE, FALSE},
313 {VENDOR_ID, 0, 10, TRUE, FALSE},
314 };
315
316 /**
317 * payload order for CREATE_CHILD_SA from initiator.
318 */
319 static payload_order_t create_child_sa_i_order[] = {
320 /* payload type notify type */
321 {NOTIFY, REKEY_SA},
322 {NOTIFY, IPCOMP_SUPPORTED},
323 {NOTIFY, USE_TRANSPORT_MODE},
324 {NOTIFY, ESP_TFC_PADDING_NOT_SUPPORTED},
325 {NOTIFY, NON_FIRST_FRAGMENTS_ALSO},
326 {SECURITY_ASSOCIATION, 0},
327 {NONCE, 0},
328 {KEY_EXCHANGE, 0},
329 {TRAFFIC_SELECTOR_INITIATOR, 0},
330 {TRAFFIC_SELECTOR_RESPONDER, 0},
331 {NOTIFY, 0},
332 };
333
334 /**
335 * Message rule for CREATE_CHILD_SA from responder.
336 */
337 static payload_rule_t create_child_sa_r_rules[] = {
338 /* payload type min max encr suff */
339 {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, TRUE},
340 {SECURITY_ASSOCIATION, 1, 1, TRUE, FALSE},
341 {NONCE, 1, 1, TRUE, FALSE},
342 {KEY_EXCHANGE, 0, 1, TRUE, FALSE},
343 {TRAFFIC_SELECTOR_INITIATOR, 0, 1, TRUE, FALSE},
344 {TRAFFIC_SELECTOR_RESPONDER, 0, 1, TRUE, FALSE},
345 {CONFIGURATION, 0, 1, TRUE, FALSE},
346 {VENDOR_ID, 0, 10, TRUE, FALSE},
347 };
348
349 /**
350 * payload order for CREATE_CHILD_SA from responder.
351 */
352 static payload_order_t create_child_sa_r_order[] = {
353 /* payload type notify type */
354 {NOTIFY, IPCOMP_SUPPORTED},
355 {NOTIFY, USE_TRANSPORT_MODE},
356 {NOTIFY, ESP_TFC_PADDING_NOT_SUPPORTED},
357 {NOTIFY, NON_FIRST_FRAGMENTS_ALSO},
358 {SECURITY_ASSOCIATION, 0},
359 {NONCE, 0},
360 {KEY_EXCHANGE, 0},
361 {TRAFFIC_SELECTOR_INITIATOR, 0},
362 {TRAFFIC_SELECTOR_RESPONDER, 0},
363 {NOTIFY, ADDITIONAL_TS_POSSIBLE},
364 {NOTIFY, 0},
365 };
366
367 #ifdef ME
368 /**
369 * Message rule for ME_CONNECT from initiator.
370 */
371 static payload_rule_t me_connect_i_rules[] = {
372 /* payload type min max encr suff */
373 {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, TRUE},
374 {ID_PEER, 1, 1, TRUE, FALSE},
375 {VENDOR_ID, 0, 10, TRUE, FALSE}
376 };
377
378 /**
379 * payload order for ME_CONNECT from initiator.
380 */
381 static payload_order_t me_connect_i_order[] = {
382 /* payload type notify type */
383 {NOTIFY, 0},
384 {ID_PEER, 0},
385 {VENDOR_ID, 0},
386 };
387
388 /**
389 * Message rule for ME_CONNECT from responder.
390 */
391 static payload_rule_t me_connect_r_rules[] = {
392 /* payload type min max encr suff */
393 {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, TRUE},
394 {VENDOR_ID, 0, 10, TRUE, FALSE}
395 };
396
397 /**
398 * payload order for ME_CONNECT from responder.
399 */
400 static payload_order_t me_connect_r_order[] = {
401 /* payload type notify type */
402 {NOTIFY, 0},
403 {VENDOR_ID, 0},
404 };
405 #endif /* ME */
406
407 /**
408 * Message rules, defines allowed payloads.
409 */
410 static message_rule_t message_rules[] = {
411 {IKE_SA_INIT, TRUE, FALSE,
412 countof(ike_sa_init_i_rules), ike_sa_init_i_rules,
413 countof(ike_sa_init_i_order), ike_sa_init_i_order,
414 },
415 {IKE_SA_INIT, FALSE, FALSE,
416 countof(ike_sa_init_r_rules), ike_sa_init_r_rules,
417 countof(ike_sa_init_r_order), ike_sa_init_r_order,
418 },
419 {IKE_AUTH, TRUE, TRUE,
420 countof(ike_auth_i_rules), ike_auth_i_rules,
421 countof(ike_auth_i_order), ike_auth_i_order,
422 },
423 {IKE_AUTH, FALSE, TRUE,
424 countof(ike_auth_r_rules), ike_auth_r_rules,
425 countof(ike_auth_r_order), ike_auth_r_order,
426 },
427 {INFORMATIONAL, TRUE, TRUE,
428 countof(informational_i_rules), informational_i_rules,
429 countof(informational_i_order), informational_i_order,
430 },
431 {INFORMATIONAL, FALSE, TRUE,
432 countof(informational_r_rules), informational_r_rules,
433 countof(informational_r_order), informational_r_order,
434 },
435 {CREATE_CHILD_SA, TRUE, TRUE,
436 countof(create_child_sa_i_rules), create_child_sa_i_rules,
437 countof(create_child_sa_i_order), create_child_sa_i_order,
438 },
439 {CREATE_CHILD_SA, FALSE, TRUE,
440 countof(create_child_sa_r_rules), create_child_sa_r_rules,
441 countof(create_child_sa_r_order), create_child_sa_r_order,
442 },
443 #ifdef ME
444 {ME_CONNECT, TRUE, TRUE,
445 countof(me_connect_i_rules), me_connect_i_rules,
446 countof(me_connect_i_order), me_connect_i_order,
447 },
448 {ME_CONNECT, FALSE, TRUE,
449 countof(me_connect_r_rules), me_connect_r_rules,
450 countof(me_connect_r_order), me_connect_r_order,
451 },
452 #endif /* ME */
453 };
454
455
456 typedef struct private_message_t private_message_t;
457
458 /**
459 * Private data of an message_t object.
460 */
461 struct private_message_t {
462
463 /**
464 * Public part of a message_t object.
465 */
466 message_t public;
467
468 /**
469 * Minor version of message.
470 */
471 u_int8_t major_version;
472
473 /**
474 * Major version of message.
475 */
476 u_int8_t minor_version;
477
478 /**
479 * First Payload in message.
480 */
481 payload_type_t first_payload;
482
483 /**
484 * Assigned exchange type.
485 */
486 exchange_type_t exchange_type;
487
488 /**
489 * TRUE if message is a request, FALSE if a reply.
490 */
491 bool is_request;
492
493 /**
494 * Higher version supported?
495 */
496 bool version_flag;
497
498 /**
499 * Reserved bits in IKE header
500 */
501 bool reserved[5];
502
503 /**
504 * Sorting of message disabled?
505 */
506 bool sort_disabled;
507
508 /**
509 * Message ID of this message.
510 */
511 u_int32_t message_id;
512
513 /**
514 * ID of assigned IKE_SA.
515 */
516 ike_sa_id_t *ike_sa_id;
517
518 /**
519 * Assigned UDP packet, stores incoming packet or last generated one.
520 */
521 packet_t *packet;
522
523 /**
524 * Linked List where payload data are stored in.
525 */
526 linked_list_t *payloads;
527
528 /**
529 * Assigned parser to parse Header and Body of this message.
530 */
531 parser_t *parser;
532
533 /**
534 * The message rule for this message instance
535 */
536 message_rule_t *rule;
537 };
538
539 /**
540 * Get the message rule that applies to this message
541 */
542 static message_rule_t* get_message_rule(private_message_t *this)
543 {
544 int i;
545
546 for (i = 0; i < countof(message_rules); i++)
547 {
548 if ((this->exchange_type == message_rules[i].exchange_type) &&
549 (this->is_request == message_rules[i].is_request))
550 {
551 return &message_rules[i];
552 }
553 }
554 return NULL;
555 }
556
557 /**
558 * Look up a payload rule
559 */
560 static payload_rule_t* get_payload_rule(private_message_t *this,
561 payload_type_t type)
562 {
563 int i;
564
565 for (i = 0; i < this->rule->rule_count;i++)
566 {
567 if (this->rule->rules[i].type == type)
568 {
569 return &this->rule->rules[i];
570 }
571 }
572 return NULL;
573 }
574
575 METHOD(message_t, set_ike_sa_id, void,
576 private_message_t *this,ike_sa_id_t *ike_sa_id)
577 {
578 DESTROY_IF(this->ike_sa_id);
579 this->ike_sa_id = ike_sa_id->clone(ike_sa_id);
580 }
581
582 METHOD(message_t, get_ike_sa_id, ike_sa_id_t*,
583 private_message_t *this)
584 {
585 return this->ike_sa_id;
586 }
587
588 METHOD(message_t, set_message_id, void,
589 private_message_t *this,u_int32_t message_id)
590 {
591 this->message_id = message_id;
592 }
593
594 METHOD(message_t, get_message_id, u_int32_t,
595 private_message_t *this)
596 {
597 return this->message_id;
598 }
599
600 METHOD(message_t, get_initiator_spi, u_int64_t,
601 private_message_t *this)
602 {
603 return (this->ike_sa_id->get_initiator_spi(this->ike_sa_id));
604 }
605
606 METHOD(message_t, get_responder_spi, u_int64_t,
607 private_message_t *this)
608 {
609 return (this->ike_sa_id->get_responder_spi(this->ike_sa_id));
610 }
611
612 METHOD(message_t, set_major_version, void,
613 private_message_t *this, u_int8_t major_version)
614 {
615 this->major_version = major_version;
616 }
617
618 METHOD(message_t, get_major_version, u_int8_t,
619 private_message_t *this)
620 {
621 return this->major_version;
622 }
623
624 METHOD(message_t, set_minor_version, void,
625 private_message_t *this,u_int8_t minor_version)
626 {
627 this->minor_version = minor_version;
628 }
629
630 METHOD(message_t, get_minor_version, u_int8_t,
631 private_message_t *this)
632 {
633 return this->minor_version;
634 }
635
636 METHOD(message_t, set_exchange_type, void,
637 private_message_t *this, exchange_type_t exchange_type)
638 {
639 this->exchange_type = exchange_type;
640 }
641
642 METHOD(message_t, get_exchange_type, exchange_type_t,
643 private_message_t *this)
644 {
645 return this->exchange_type;
646 }
647
648 METHOD(message_t, get_first_payload_type, payload_type_t,
649 private_message_t *this)
650 {
651 return this->first_payload;
652 }
653
654 METHOD(message_t, set_request, void,
655 private_message_t *this, bool request)
656 {
657 this->is_request = request;
658 }
659
660 METHOD(message_t, get_request, bool,
661 private_message_t *this)
662 {
663 return this->is_request;
664 }
665
666 METHOD(message_t, set_version_flag, void,
667 private_message_t *this)
668 {
669 this->version_flag = TRUE;
670 }
671
672 METHOD(message_t, get_reserved_header_bit, bool,
673 private_message_t *this, u_int nr)
674 {
675 if (nr < countof(this->reserved))
676 {
677 return this->reserved[nr];
678 }
679 return FALSE;
680 }
681
682 METHOD(message_t, set_reserved_header_bit, void,
683 private_message_t *this, u_int nr)
684 {
685 if (nr < countof(this->reserved))
686 {
687 this->reserved[nr] = TRUE;
688 }
689 }
690
691 METHOD(message_t, is_encoded, bool,
692 private_message_t *this)
693 {
694 return this->packet->get_data(this->packet).ptr != NULL;
695 }
696
697 METHOD(message_t, add_payload, void,
698 private_message_t *this, payload_t *payload)
699 {
700 payload_t *last_payload;
701
702 if (this->payloads->get_count(this->payloads) > 0)
703 {
704 this->payloads->get_last(this->payloads, (void **)&last_payload);
705 last_payload->set_next_type(last_payload, payload->get_type(payload));
706 }
707 else
708 {
709 this->first_payload = payload->get_type(payload);
710 }
711 payload->set_next_type(payload, NO_PAYLOAD);
712 this->payloads->insert_last(this->payloads, payload);
713
714 DBG2(DBG_ENC ,"added payload of type %N to message",
715 payload_type_names, payload->get_type(payload));
716 }
717
718 METHOD(message_t, add_notify, void,
719 private_message_t *this, bool flush, notify_type_t type, chunk_t data)
720 {
721 notify_payload_t *notify;
722 payload_t *payload;
723
724 if (flush)
725 {
726 while (this->payloads->remove_last(this->payloads,
727 (void**)&payload) == SUCCESS)
728 {
729 payload->destroy(payload);
730 }
731 }
732 notify = notify_payload_create();
733 notify->set_notify_type(notify, type);
734 notify->set_notification_data(notify, data);
735 add_payload(this, (payload_t*)notify);
736 }
737
738 METHOD(message_t, set_source, void,
739 private_message_t *this, host_t *host)
740 {
741 this->packet->set_source(this->packet, host);
742 }
743
744 METHOD(message_t, set_destination, void,
745 private_message_t *this, host_t *host)
746 {
747 this->packet->set_destination(this->packet, host);
748 }
749
750 METHOD(message_t, get_source, host_t*,
751 private_message_t *this)
752 {
753 return this->packet->get_source(this->packet);
754 }
755
756 METHOD(message_t, get_destination, host_t*,
757 private_message_t *this)
758 {
759 return this->packet->get_destination(this->packet);
760 }
761
762 METHOD(message_t, create_payload_enumerator, enumerator_t*,
763 private_message_t *this)
764 {
765 return this->payloads->create_enumerator(this->payloads);
766 }
767
768 METHOD(message_t, remove_payload_at, void,
769 private_message_t *this, enumerator_t *enumerator)
770 {
771 this->payloads->remove_at(this->payloads, enumerator);
772 }
773
774 METHOD(message_t, get_payload, payload_t*,
775 private_message_t *this, payload_type_t type)
776 {
777 payload_t *current, *found = NULL;
778 enumerator_t *enumerator;
779
780 enumerator = create_payload_enumerator(this);
781 while (enumerator->enumerate(enumerator, &current))
782 {
783 if (current->get_type(current) == type)
784 {
785 found = current;
786 break;
787 }
788 }
789 enumerator->destroy(enumerator);
790 return found;
791 }
792
793 METHOD(message_t, get_notify, notify_payload_t*,
794 private_message_t *this, notify_type_t type)
795 {
796 enumerator_t *enumerator;
797 notify_payload_t *notify = NULL;
798 payload_t *payload;
799
800 enumerator = create_payload_enumerator(this);
801 while (enumerator->enumerate(enumerator, &payload))
802 {
803 if (payload->get_type(payload) == NOTIFY)
804 {
805 notify = (notify_payload_t*)payload;
806 if (notify->get_notify_type(notify) == type)
807 {
808 break;
809 }
810 notify = NULL;
811 }
812 }
813 enumerator->destroy(enumerator);
814 return notify;
815 }
816
817 /**
818 * get a string representation of the message
819 */
820 static char* get_string(private_message_t *this, char *buf, int len)
821 {
822 enumerator_t *enumerator;
823 payload_t *payload;
824 int written;
825 char *pos = buf;
826
827 memset(buf, 0, len);
828 len--;
829
830 written = snprintf(pos, len, "%N %s %d [",
831 exchange_type_names, this->exchange_type,
832 this->is_request ? "request" : "response",
833 this->message_id);
834 if (written >= len || written < 0)
835 {
836 return "";
837 }
838 pos += written;
839 len -= written;
840
841 enumerator = create_payload_enumerator(this);
842 while (enumerator->enumerate(enumerator, &payload))
843 {
844 written = snprintf(pos, len, " %N", payload_type_short_names,
845 payload->get_type(payload));
846 if (written >= len || written < 0)
847 {
848 return buf;
849 }
850 pos += written;
851 len -= written;
852 if (payload->get_type(payload) == NOTIFY)
853 {
854 notify_payload_t *notify = (notify_payload_t*)payload;
855 written = snprintf(pos, len, "(%N)", notify_type_short_names,
856 notify->get_notify_type(notify));
857 if (written >= len || written < 0)
858 {
859 return buf;
860 }
861 pos += written;
862 len -= written;
863 }
864 if (payload->get_type(payload) == EXTENSIBLE_AUTHENTICATION)
865 {
866 eap_payload_t *eap = (eap_payload_t*)payload;
867 u_int32_t vendor;
868 eap_type_t type;
869 char method[64] = "";
870
871 type = eap->get_type(eap, &vendor);
872 if (type)
873 {
874 if (vendor)
875 {
876 snprintf(method, sizeof(method), "/%d-%d", type, vendor);
877 }
878 else
879 {
880 snprintf(method, sizeof(method), "/%N",
881 eap_type_short_names, type);
882 }
883 }
884 written = snprintf(pos, len, "/%N%s", eap_code_short_names,
885 eap->get_code(eap), method);
886 if (written >= len || written < 0)
887 {
888 return buf;
889 }
890 pos += written;
891 len -= written;
892 }
893 if (payload->get_type(payload) == CONFIGURATION)
894 {
895 cp_payload_t *cp = (cp_payload_t*)payload;
896 enumerator_t *attributes;
897 configuration_attribute_t *attribute;
898 bool first = TRUE;
899
900 attributes = cp->create_attribute_enumerator(cp);
901 while (attributes->enumerate(attributes, &attribute))
902 {
903 written = snprintf(pos, len, "%s%N", first ? "(" : " ",
904 configuration_attribute_type_short_names,
905 attribute->get_type(attribute));
906 if (written >= len || written < 0)
907 {
908 return buf;
909 }
910 pos += written;
911 len -= written;
912 first = FALSE;
913 }
914 attributes->destroy(attributes);
915 if (!first)
916 {
917 written = snprintf(pos, len, ")");
918 if (written >= len || written < 0)
919 {
920 return buf;
921 }
922 pos += written;
923 len -= written;
924 }
925 }
926 }
927 enumerator->destroy(enumerator);
928
929 /* remove last space */
930 snprintf(pos, len, " ]");
931 return buf;
932 }
933
934 /**
935 * reorder payloads depending on reordering rules
936 */
937 static void order_payloads(private_message_t *this)
938 {
939 linked_list_t *list;
940 payload_t *payload;
941 int i;
942
943 /* move to temp list */
944 list = linked_list_create();
945 while (this->payloads->remove_last(this->payloads,
946 (void**)&payload) == SUCCESS)
947 {
948 list->insert_first(list, payload);
949 }
950 /* for each rule, ... */
951 for (i = 0; i < this->rule->order_count; i++)
952 {
953 enumerator_t *enumerator;
954 notify_payload_t *notify;
955 payload_order_t order;
956
957 order = this->rule->order[i];
958
959 /* ... find all payload ... */
960 enumerator = list->create_enumerator(list);
961 while (enumerator->enumerate(enumerator, &payload))
962 {
963 /* ... with that type ... */
964 if (payload->get_type(payload) == order.type)
965 {
966 notify = (notify_payload_t*)payload;
967
968 /**... and check notify for type. */
969 if (order.type != NOTIFY || order.notify == 0 ||
970 order.notify == notify->get_notify_type(notify))
971 {
972 list->remove_at(list, enumerator);
973 add_payload(this, payload);
974 }
975 }
976 }
977 enumerator->destroy(enumerator);
978 }
979 /* append all payloads without a rule to the end */
980 while (list->remove_last(list, (void**)&payload) == SUCCESS)
981 {
982 /* do not complain about payloads in private use space */
983 if (payload->get_type(payload) < 128)
984 {
985 DBG1(DBG_ENC, "payload %N has no ordering rule in %N %s",
986 payload_type_names, payload->get_type(payload),
987 exchange_type_names, this->rule->exchange_type,
988 this->rule->is_request ? "request" : "response");
989 }
990 add_payload(this, payload);
991 }
992 list->destroy(list);
993 }
994
995 /**
996 * Wrap payloads in a encryption payload
997 */
998 static encryption_payload_t* wrap_payloads(private_message_t *this)
999 {
1000 encryption_payload_t *encryption;
1001 linked_list_t *payloads;
1002 payload_t *current;
1003
1004 /* copy all payloads in a temporary list */
1005 payloads = linked_list_create();
1006 while (this->payloads->remove_first(this->payloads,
1007 (void**)&current) == SUCCESS)
1008 {
1009 payloads->insert_last(payloads, current);
1010 }
1011
1012 encryption = encryption_payload_create();
1013 while (payloads->remove_first(payloads, (void**)&current) == SUCCESS)
1014 {
1015 payload_rule_t *rule;
1016 payload_type_t type;
1017 bool encrypt = TRUE;
1018
1019 type = current->get_type(current);
1020 rule = get_payload_rule(this, type);
1021 if (rule)
1022 {
1023 encrypt = rule->encrypted;
1024 }
1025 if (encrypt)
1026 {
1027 DBG2(DBG_ENC, "insert payload %N to encryption payload",
1028 payload_type_names, type);
1029 encryption->add_payload(encryption, current);
1030 }
1031 else
1032 {
1033 DBG2(DBG_ENC, "insert payload %N unencrypted",
1034 payload_type_names, type);
1035 add_payload(this, current);
1036 }
1037 }
1038 payloads->destroy(payloads);
1039
1040 return encryption;
1041 }
1042
1043 METHOD(message_t, disable_sort, void,
1044 private_message_t *this)
1045 {
1046 this->sort_disabled = TRUE;
1047 }
1048
1049 METHOD(message_t, generate, status_t,
1050 private_message_t *this, aead_t *aead, packet_t **packet)
1051 {
1052 generator_t *generator;
1053 ike_header_t *ike_header;
1054 payload_t *payload, *next;
1055 encryption_payload_t *encryption = NULL;
1056 enumerator_t *enumerator;
1057 chunk_t chunk;
1058 char str[256];
1059 u_int32_t *lenpos;
1060 bool *reserved;
1061 int i;
1062
1063 if (this->exchange_type == EXCHANGE_TYPE_UNDEFINED)
1064 {
1065 DBG1(DBG_ENC, "exchange type is not defined");
1066 return INVALID_STATE;
1067 }
1068
1069 if (this->packet->get_source(this->packet) == NULL ||
1070 this->packet->get_destination(this->packet) == NULL)
1071 {
1072 DBG1(DBG_ENC, "source/destination not defined");
1073 return INVALID_STATE;
1074 }
1075
1076 this->rule = get_message_rule(this);
1077 if (!this->rule)
1078 {
1079 DBG1(DBG_ENC, "no message rules specified for this message type");
1080 return NOT_SUPPORTED;
1081 }
1082
1083 if (!this->sort_disabled)
1084 {
1085 order_payloads(this);
1086 }
1087
1088 DBG1(DBG_ENC, "generating %s", get_string(this, str, sizeof(str)));
1089
1090 if (aead && this->rule->encrypted)
1091 {
1092 encryption = wrap_payloads(this);
1093 }
1094 else
1095 {
1096 DBG2(DBG_ENC, "not encrypting payloads");
1097 }
1098
1099 ike_header = ike_header_create();
1100 ike_header->set_maj_version(ike_header, this->major_version);
1101 ike_header->set_min_version(ike_header, this->minor_version);
1102 ike_header->set_exchange_type(ike_header, this->exchange_type);
1103 ike_header->set_message_id(ike_header, this->message_id);
1104 ike_header->set_response_flag(ike_header, !this->is_request);
1105 ike_header->set_version_flag(ike_header, this->version_flag);
1106 ike_header->set_initiator_flag(ike_header,
1107 this->ike_sa_id->is_initiator(this->ike_sa_id));
1108 ike_header->set_initiator_spi(ike_header,
1109 this->ike_sa_id->get_initiator_spi(this->ike_sa_id));
1110 ike_header->set_responder_spi(ike_header,
1111 this->ike_sa_id->get_responder_spi(this->ike_sa_id));
1112
1113 for (i = 0; i < countof(this->reserved); i++)
1114 {
1115 reserved = payload_get_field(&ike_header->payload_interface,
1116 RESERVED_BIT, i);
1117 if (reserved)
1118 {
1119 *reserved = this->reserved[i];
1120 }
1121 }
1122
1123 generator = generator_create();
1124
1125 /* generate all payloads with proper next type */
1126 payload = (payload_t*)ike_header;
1127 enumerator = create_payload_enumerator(this);
1128 while (enumerator->enumerate(enumerator, &next))
1129 {
1130 payload->set_next_type(payload, next->get_type(next));
1131 generator->generate_payload(generator, payload);
1132 payload = next;
1133 }
1134 enumerator->destroy(enumerator);
1135 payload->set_next_type(payload, encryption ? ENCRYPTED : NO_PAYLOAD);
1136 generator->generate_payload(generator, payload);
1137 ike_header->destroy(ike_header);
1138
1139 if (encryption)
1140 {
1141 u_int32_t *lenpos;
1142
1143 /* build associated data (without header of encryption payload) */
1144 chunk = generator->get_chunk(generator, &lenpos);
1145 encryption->set_transform(encryption, aead);
1146 /* fill in length, including encryption payload */
1147 htoun32(lenpos, chunk.len + encryption->get_length(encryption));
1148
1149 this->payloads->insert_last(this->payloads, encryption);
1150 if (!encryption->encrypt(encryption, chunk))
1151 {
1152 generator->destroy(generator);
1153 return INVALID_STATE;
1154 }
1155 generator->generate_payload(generator, &encryption->payload_interface);
1156 }
1157 chunk = generator->get_chunk(generator, &lenpos);
1158 htoun32(lenpos, chunk.len);
1159 this->packet->set_data(this->packet, chunk_clone(chunk));
1160 generator->destroy(generator);
1161
1162 *packet = this->packet->clone(this->packet);
1163 return SUCCESS;
1164 }
1165
1166 METHOD(message_t, get_packet, packet_t*,
1167 private_message_t *this)
1168 {
1169 if (this->packet == NULL)
1170 {
1171 return NULL;
1172 }
1173 return this->packet->clone(this->packet);
1174 }
1175
1176 METHOD(message_t, get_packet_data, chunk_t,
1177 private_message_t *this)
1178 {
1179 if (this->packet == NULL)
1180 {
1181 return chunk_empty;
1182 }
1183 return chunk_clone(this->packet->get_data(this->packet));
1184 }
1185
1186 METHOD(message_t, parse_header, status_t,
1187 private_message_t *this)
1188 {
1189 ike_header_t *ike_header;
1190 status_t status;
1191 bool *reserved;
1192 int i;
1193
1194 DBG2(DBG_ENC, "parsing header of message");
1195
1196 this->parser->reset_context(this->parser);
1197 status = this->parser->parse_payload(this->parser, HEADER,
1198 (payload_t**)&ike_header);
1199 if (status != SUCCESS)
1200 {
1201 DBG1(DBG_ENC, "header could not be parsed");
1202 return status;
1203
1204 }
1205
1206 status = ike_header->payload_interface.verify(
1207 &ike_header->payload_interface);
1208 if (status != SUCCESS)
1209 {
1210 DBG1(DBG_ENC, "header verification failed");
1211 ike_header->destroy(ike_header);
1212 return status;
1213 }
1214
1215 DESTROY_IF(this->ike_sa_id);
1216 this->ike_sa_id = ike_sa_id_create(ike_header->get_initiator_spi(ike_header),
1217 ike_header->get_responder_spi(ike_header),
1218 ike_header->get_initiator_flag(ike_header));
1219
1220 this->exchange_type = ike_header->get_exchange_type(ike_header);
1221 this->message_id = ike_header->get_message_id(ike_header);
1222 this->is_request = !ike_header->get_response_flag(ike_header);
1223 this->major_version = ike_header->get_maj_version(ike_header);
1224 this->minor_version = ike_header->get_min_version(ike_header);
1225 this->first_payload = ike_header->payload_interface.get_next_type(
1226 &ike_header->payload_interface);
1227 for (i = 0; i < countof(this->reserved); i++)
1228 {
1229 reserved = payload_get_field(&ike_header->payload_interface,
1230 RESERVED_BIT, i);
1231 if (reserved)
1232 {
1233 this->reserved[i] = *reserved;
1234 }
1235 }
1236 DBG2(DBG_ENC, "parsed a %N %s", exchange_type_names, this->exchange_type,
1237 this->is_request ? "request" : "response");
1238
1239 ike_header->destroy(ike_header);
1240
1241 this->rule = get_message_rule(this);
1242 if (!this->rule)
1243 {
1244 DBG1(DBG_ENC, "no message rules specified for a %N %s",
1245 exchange_type_names, this->exchange_type,
1246 this->is_request ? "request" : "response");
1247 }
1248 return status;
1249 }
1250
1251 /**
1252 * Check if a payload is for a mediation extension connectivity check
1253 */
1254 static bool is_connectivity_check(private_message_t *this, payload_t *payload)
1255 {
1256 #ifdef ME
1257 if (this->exchange_type == INFORMATIONAL &&
1258 payload->get_type(payload) == NOTIFY)
1259 {
1260 notify_payload_t *notify = (notify_payload_t*)payload;
1261
1262 switch (notify->get_notify_type(notify))
1263 {
1264 case ME_CONNECTID:
1265 case ME_ENDPOINT:
1266 case ME_CONNECTAUTH:
1267 return TRUE;
1268 default:
1269 break;
1270 }
1271 }
1272 #endif /* !ME */
1273 return FALSE;
1274 }
1275
1276 /**
1277 * Decrypt payload from the encryption payload
1278 */
1279 static status_t decrypt_payloads(private_message_t *this, aead_t *aead)
1280 {
1281 bool was_encrypted = FALSE;
1282 payload_t *payload, *previous = NULL;
1283 enumerator_t *enumerator;
1284 payload_rule_t *rule;
1285 payload_type_t type;
1286 status_t status = SUCCESS;
1287
1288 enumerator = this->payloads->create_enumerator(this->payloads);
1289 while (enumerator->enumerate(enumerator, &payload))
1290 {
1291 type = payload->get_type(payload);
1292
1293 DBG2(DBG_ENC, "process payload of type %N", payload_type_names, type);
1294
1295 if (type == ENCRYPTED)
1296 {
1297 encryption_payload_t *encryption;
1298 payload_t *encrypted;
1299 chunk_t chunk;
1300
1301 encryption = (encryption_payload_t*)payload;
1302
1303 DBG2(DBG_ENC, "found an encryption payload");
1304
1305 if (enumerator->enumerate(enumerator, &payload))
1306 {
1307 DBG1(DBG_ENC, "encrypted payload is not last payload");
1308 status = VERIFY_ERROR;
1309 break;
1310 }
1311 encryption->set_transform(encryption, aead);
1312 chunk = this->packet->get_data(this->packet);
1313 if (chunk.len < encryption->get_length(encryption))
1314 {
1315 DBG1(DBG_ENC, "invalid payload length");
1316 status = VERIFY_ERROR;
1317 break;
1318 }
1319 chunk.len -= encryption->get_length(encryption);
1320 status = encryption->decrypt(encryption, chunk);
1321 if (status != SUCCESS)
1322 {
1323 break;
1324 }
1325
1326 was_encrypted = TRUE;
1327 this->payloads->remove_at(this->payloads, enumerator);
1328
1329 while ((encrypted = encryption->remove_payload(encryption)))
1330 {
1331 type = encrypted->get_type(encrypted);
1332 if (previous)
1333 {
1334 previous->set_next_type(previous, type);
1335 }
1336 else
1337 {
1338 this->first_payload = type;
1339 }
1340 DBG2(DBG_ENC, "insert decrypted payload of type "
1341 "%N at end of list", payload_type_names, type);
1342 this->payloads->insert_last(this->payloads, encrypted);
1343 previous = encrypted;
1344 }
1345 encryption->destroy(encryption);
1346 }
1347 if (payload_is_known(type) && !was_encrypted &&
1348 !is_connectivity_check(this, payload))
1349 {
1350 rule = get_payload_rule(this, type);
1351 if (!rule || rule->encrypted)
1352 {
1353 DBG1(DBG_ENC, "payload type %N was not encrypted",
1354 payload_type_names, type);
1355 status = FAILED;
1356 break;
1357 }
1358 }
1359 previous = payload;
1360 }
1361 enumerator->destroy(enumerator);
1362 return status;
1363 }
1364
1365 /**
1366 * Verify a message and all payload according to message/payload rules
1367 */
1368 static status_t verify(private_message_t *this)
1369 {
1370 bool complete = FALSE;
1371 int i;
1372
1373 DBG2(DBG_ENC, "verifying message structure");
1374
1375 /* check for payloads with wrong count*/
1376 for (i = 0; i < this->rule->rule_count; i++)
1377 {
1378 enumerator_t *enumerator;
1379 payload_t *payload;
1380 payload_rule_t *rule;
1381 int found = 0;
1382
1383 rule = &this->rule->rules[i];
1384 enumerator = create_payload_enumerator(this);
1385 while (enumerator->enumerate(enumerator, &payload))
1386 {
1387 payload_type_t type;
1388
1389 type = payload->get_type(payload);
1390 if (type == rule->type)
1391 {
1392 found++;
1393 DBG2(DBG_ENC, "found payload of type %N",
1394 payload_type_names, type);
1395 if (found > rule->max_occurence)
1396 {
1397 DBG1(DBG_ENC, "payload of type %N more than %d times (%d) "
1398 "occured in current message", payload_type_names,
1399 type, rule->max_occurence, found);
1400 enumerator->destroy(enumerator);
1401 return VERIFY_ERROR;
1402 }
1403 }
1404 }
1405 enumerator->destroy(enumerator);
1406
1407 if (!complete && found < rule->min_occurence)
1408 {
1409 DBG1(DBG_ENC, "payload of type %N not occured %d times (%d)",
1410 payload_type_names, rule->type, rule->min_occurence, found);
1411 return VERIFY_ERROR;
1412 }
1413 if (found && rule->sufficient)
1414 {
1415 complete = TRUE;
1416 }
1417 }
1418 return SUCCESS;
1419 }
1420
1421 METHOD(message_t, parse_body, status_t,
1422 private_message_t *this, aead_t *aead)
1423 {
1424 status_t status = SUCCESS;
1425 payload_t *payload;
1426 payload_type_t type;
1427 char str[256];
1428
1429 type = this->first_payload;
1430
1431 DBG2(DBG_ENC, "parsing body of message, first payload is %N",
1432 payload_type_names, type);
1433
1434 while (type != NO_PAYLOAD)
1435 {
1436 DBG2(DBG_ENC, "starting parsing a %N payload",
1437 payload_type_names, type);
1438
1439 status = this->parser->parse_payload(this->parser, type, &payload);
1440 if (status != SUCCESS)
1441 {
1442 DBG1(DBG_ENC, "payload type %N could not be parsed",
1443 payload_type_names, type);
1444 return this->exchange_type == IKE_SA_INIT ? PARSE_ERROR : FAILED;
1445 }
1446
1447 DBG2(DBG_ENC, "verifying payload of type %N", payload_type_names, type);
1448 status = payload->verify(payload);
1449 if (status != SUCCESS)
1450 {
1451 DBG1(DBG_ENC, "%N payload verification failed",
1452 payload_type_names, type);
1453 payload->destroy(payload);
1454 return this->exchange_type == IKE_SA_INIT ? VERIFY_ERROR : FAILED;
1455 }
1456
1457 DBG2(DBG_ENC, "%N payload verified. Adding to payload list",
1458 payload_type_names, type);
1459 this->payloads->insert_last(this->payloads, payload);
1460
1461 /* an encryption payload is the last one, so STOP here. decryption is
1462 * done later */
1463 if (type == ENCRYPTED)
1464 {
1465 DBG2(DBG_ENC, "%N payload found. Stop parsing",
1466 payload_type_names, type);
1467 break;
1468 }
1469 type = payload->get_next_type(payload);
1470 }
1471
1472 status = decrypt_payloads(this, aead);
1473 if (status != SUCCESS)
1474 {
1475 DBG1(DBG_ENC, "could not decrypt payloads");
1476 return status;
1477 }
1478
1479 status = verify(this);
1480 if (status != SUCCESS)
1481 {
1482 return status;
1483 }
1484
1485 DBG1(DBG_ENC, "parsed %s", get_string(this, str, sizeof(str)));
1486
1487 return SUCCESS;
1488 }
1489
1490 METHOD(message_t, destroy, void,
1491 private_message_t *this)
1492 {
1493 DESTROY_IF(this->ike_sa_id);
1494 this->payloads->destroy_offset(this->payloads, offsetof(payload_t, destroy));
1495 this->packet->destroy(this->packet);
1496 this->parser->destroy(this->parser);
1497 free(this);
1498 }
1499
1500 /*
1501 * Described in Header-File
1502 */
1503 message_t *message_create_from_packet(packet_t *packet)
1504 {
1505 private_message_t *this;
1506
1507 INIT(this,
1508 .public = {
1509 .set_major_version = _set_major_version,
1510 .get_major_version = _get_major_version,
1511 .set_minor_version = _set_minor_version,
1512 .get_minor_version = _get_minor_version,
1513 .set_message_id = _set_message_id,
1514 .get_message_id = _get_message_id,
1515 .get_initiator_spi = _get_initiator_spi,
1516 .get_responder_spi = _get_responder_spi,
1517 .set_ike_sa_id = _set_ike_sa_id,
1518 .get_ike_sa_id = _get_ike_sa_id,
1519 .set_exchange_type = _set_exchange_type,
1520 .get_exchange_type = _get_exchange_type,
1521 .get_first_payload_type = _get_first_payload_type,
1522 .set_request = _set_request,
1523 .get_request = _get_request,
1524 .set_version_flag = _set_version_flag,
1525 .get_reserved_header_bit = _get_reserved_header_bit,
1526 .set_reserved_header_bit = _set_reserved_header_bit,
1527 .add_payload = _add_payload,
1528 .add_notify = _add_notify,
1529 .disable_sort = _disable_sort,
1530 .generate = _generate,
1531 .is_encoded = _is_encoded,
1532 .set_source = _set_source,
1533 .get_source = _get_source,
1534 .set_destination = _set_destination,
1535 .get_destination = _get_destination,
1536 .create_payload_enumerator = _create_payload_enumerator,
1537 .remove_payload_at = _remove_payload_at,
1538 .get_payload = _get_payload,
1539 .get_notify = _get_notify,
1540 .parse_header = _parse_header,
1541 .parse_body = _parse_body,
1542 .get_packet = _get_packet,
1543 .get_packet_data = _get_packet_data,
1544 .destroy = _destroy,
1545 },
1546 .major_version = IKE_MAJOR_VERSION,
1547 .minor_version = IKE_MINOR_VERSION,
1548 .exchange_type = EXCHANGE_TYPE_UNDEFINED,
1549 .is_request = TRUE,
1550 .first_payload = NO_PAYLOAD,
1551 .packet = packet,
1552 .payloads = linked_list_create(),
1553 .parser = parser_create(packet->get_data(packet)),
1554 );
1555
1556 return (&this->public);
1557 }
1558
1559 /*
1560 * Described in Header.
1561 */
1562 message_t *message_create()
1563 {
1564 return message_create_from_packet(packet_create());
1565 }
1566