Authenticate and verify Phase 2 IKEv1 messages with appropriate hashes.
[strongswan.git] / src / libcharon / encoding / message.c
1 /*
2 * Copyright (C) 2006-2011 Tobias Brunner
3 * Copyright (C) 2005-2010 Martin Willi
4 * Copyright (C) 2010 revosec AG
5 * Copyright (C) 2006 Daniel Roethlisberger
6 * Copyright (C) 2005 Jan Hutter
7 * Hochschule fuer Technik Rapperswil
8 *
9 * This program is free software; you can redistribute it and/or modify it
10 * under the terms of the GNU General Public License as published by the
11 * Free Software Foundation; either version 2 of the License, or (at your
12 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
13 *
14 * This program is distributed in the hope that it will be useful, but
15 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
16 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
17 * for more details.
18 */
19
20 #include <stdlib.h>
21 #include <string.h>
22
23 #include "message.h"
24
25 #include <library.h>
26 #include <daemon.h>
27 #include <sa/keymat_v1.h>
28 #include <encoding/generator.h>
29 #include <encoding/parser.h>
30 #include <encoding/payloads/encodings.h>
31 #include <encoding/payloads/payload.h>
32 #include <encoding/payloads/hash_payload.h>
33 #include <encoding/payloads/encryption_payload.h>
34 #include <encoding/payloads/unknown_payload.h>
35 #include <encoding/payloads/cp_payload.h>
36
37 /**
38 * Max number of notify payloads per IKEv2 message
39 */
40 #define MAX_NOTIFY_PAYLOADS 20
41
42 /**
43 * Max number of delete payloads per IKEv2 message
44 */
45 #define MAX_DELETE_PAYLOADS 20
46
47 /**
48 * Max number of certificate payloads per IKEv2 message
49 */
50 #define MAX_CERT_PAYLOADS 8
51
52 /**
53 * Max number of vendor ID payloads per IKEv2 message
54 */
55 #define MAX_VID_PAYLOADS 20
56
57 /**
58 * Max number of certificate request payloads per IKEv1 message
59 */
60 #define MAX_CERTREQ_PAYLOADS 5
61
62 /**
63 * A payload rule defines the rules for a payload
64 * in a specific message rule. It defines if and how
65 * many times a payload must/can occur in a message
66 * and if it must be encrypted.
67 */
68 typedef struct {
69 /* Payload type */
70 payload_type_t type;
71 /* Minimal occurrence of this payload. */
72 size_t min_occurence;
73 /* Max occurrence of this payload. */
74 size_t max_occurence;
75 /* TRUE if payload must be encrypted */
76 bool encrypted;
77 /* If payload occurs, the message rule is fulfilled */
78 bool sufficient;
79 } payload_rule_t;
80
81 /**
82 * payload ordering structure allows us to reorder payloads according to RFC.
83 */
84 typedef struct {
85 /** payload type */
86 payload_type_t type;
87 /** notify type, if payload == NOTIFY */
88 notify_type_t notify;
89 } payload_order_t;
90
91 /**
92 * A message rule defines the kind of a message,
93 * if it has encrypted contents and a list
94 * of payload ordering rules and payload parsing rules.
95 */
96 typedef struct {
97 /** Type of message. */
98 exchange_type_t exchange_type;
99 /** Is message a request or response. */
100 bool is_request;
101 /** Message contains encrypted payloads. */
102 bool encrypted;
103 /** Number of payload rules which will follow */
104 int rule_count;
105 /** Pointer to first payload rule */
106 payload_rule_t *rules;
107 /** Number of payload order rules */
108 int order_count;
109 /** payload ordering rules */
110 payload_order_t *order;
111 } message_rule_t;
112
113 /**
114 * Message rule for IKE_SA_INIT from initiator.
115 */
116 static payload_rule_t ike_sa_init_i_rules[] = {
117 /* payload type min max encr suff */
118 {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE},
119 {SECURITY_ASSOCIATION, 1, 1, FALSE, FALSE},
120 {KEY_EXCHANGE, 1, 1, FALSE, FALSE},
121 {NONCE, 1, 1, FALSE, FALSE},
122 {VENDOR_ID, 0, MAX_VID_PAYLOADS, FALSE, FALSE},
123 };
124
125 /**
126 * payload order for IKE_SA_INIT initiator
127 */
128 static payload_order_t ike_sa_init_i_order[] = {
129 /* payload type notify type */
130 {NOTIFY, COOKIE},
131 {SECURITY_ASSOCIATION, 0},
132 {KEY_EXCHANGE, 0},
133 {NONCE, 0},
134 {NOTIFY, NAT_DETECTION_SOURCE_IP},
135 {NOTIFY, NAT_DETECTION_DESTINATION_IP},
136 {NOTIFY, 0},
137 {VENDOR_ID, 0},
138 };
139
140 /**
141 * Message rule for IKE_SA_INIT from responder.
142 */
143 static payload_rule_t ike_sa_init_r_rules[] = {
144 /* payload type min max encr suff */
145 {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, FALSE, TRUE},
146 {SECURITY_ASSOCIATION, 1, 1, FALSE, FALSE},
147 {KEY_EXCHANGE, 1, 1, FALSE, FALSE},
148 {NONCE, 1, 1, FALSE, FALSE},
149 {CERTIFICATE_REQUEST, 0, 1, FALSE, FALSE},
150 {VENDOR_ID, 0, MAX_VID_PAYLOADS, FALSE, FALSE},
151 };
152
153 /**
154 * payload order for IKE_SA_INIT responder
155 */
156 static payload_order_t ike_sa_init_r_order[] = {
157 /* payload type notify type */
158 {SECURITY_ASSOCIATION, 0},
159 {KEY_EXCHANGE, 0},
160 {NONCE, 0},
161 {NOTIFY, NAT_DETECTION_SOURCE_IP},
162 {NOTIFY, NAT_DETECTION_DESTINATION_IP},
163 {NOTIFY, HTTP_CERT_LOOKUP_SUPPORTED},
164 {CERTIFICATE_REQUEST, 0},
165 {NOTIFY, 0},
166 {VENDOR_ID, 0},
167 };
168
169 /**
170 * Message rule for IKE_AUTH from initiator.
171 */
172 static payload_rule_t ike_auth_i_rules[] = {
173 /* payload type min max encr suff */
174 {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE},
175 {EXTENSIBLE_AUTHENTICATION, 0, 1, TRUE, TRUE},
176 {AUTHENTICATION, 0, 1, TRUE, TRUE},
177 {ID_INITIATOR, 0, 1, TRUE, FALSE},
178 {CERTIFICATE, 0, MAX_CERT_PAYLOADS, TRUE, FALSE},
179 {CERTIFICATE_REQUEST, 0, 1, TRUE, FALSE},
180 {ID_RESPONDER, 0, 1, TRUE, FALSE},
181 #ifdef ME
182 {SECURITY_ASSOCIATION, 0, 1, TRUE, FALSE},
183 {TRAFFIC_SELECTOR_INITIATOR, 0, 1, TRUE, FALSE},
184 {TRAFFIC_SELECTOR_RESPONDER, 0, 1, TRUE, FALSE},
185 #else
186 {SECURITY_ASSOCIATION, 0, 1, TRUE, FALSE},
187 {TRAFFIC_SELECTOR_INITIATOR, 0, 1, TRUE, FALSE},
188 {TRAFFIC_SELECTOR_RESPONDER, 0, 1, TRUE, FALSE},
189 #endif /* ME */
190 {CONFIGURATION, 0, 1, TRUE, FALSE},
191 {VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE},
192 };
193
194 /**
195 * payload order for IKE_AUTH initiator
196 */
197 static payload_order_t ike_auth_i_order[] = {
198 /* payload type notify type */
199 {ID_INITIATOR, 0},
200 {CERTIFICATE, 0},
201 {NOTIFY, INITIAL_CONTACT},
202 {NOTIFY, HTTP_CERT_LOOKUP_SUPPORTED},
203 {CERTIFICATE_REQUEST, 0},
204 {ID_RESPONDER, 0},
205 {AUTHENTICATION, 0},
206 {EXTENSIBLE_AUTHENTICATION, 0},
207 {CONFIGURATION, 0},
208 {NOTIFY, IPCOMP_SUPPORTED},
209 {NOTIFY, USE_TRANSPORT_MODE},
210 {NOTIFY, ESP_TFC_PADDING_NOT_SUPPORTED},
211 {NOTIFY, NON_FIRST_FRAGMENTS_ALSO},
212 {SECURITY_ASSOCIATION, 0},
213 {TRAFFIC_SELECTOR_INITIATOR, 0},
214 {TRAFFIC_SELECTOR_RESPONDER, 0},
215 {NOTIFY, MOBIKE_SUPPORTED},
216 {NOTIFY, ADDITIONAL_IP4_ADDRESS},
217 {NOTIFY, ADDITIONAL_IP6_ADDRESS},
218 {NOTIFY, NO_ADDITIONAL_ADDRESSES},
219 {NOTIFY, 0},
220 {VENDOR_ID, 0},
221 };
222
223 /**
224 * Message rule for IKE_AUTH from responder.
225 */
226 static payload_rule_t ike_auth_r_rules[] = {
227 /* payload type min max encr suff */
228 {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, TRUE},
229 {EXTENSIBLE_AUTHENTICATION, 0, 1, TRUE, TRUE},
230 {AUTHENTICATION, 0, 1, TRUE, TRUE},
231 {CERTIFICATE, 0, MAX_CERT_PAYLOADS, TRUE, FALSE},
232 {ID_RESPONDER, 0, 1, TRUE, FALSE},
233 {SECURITY_ASSOCIATION, 0, 1, TRUE, FALSE},
234 {TRAFFIC_SELECTOR_INITIATOR, 0, 1, TRUE, FALSE},
235 {TRAFFIC_SELECTOR_RESPONDER, 0, 1, TRUE, FALSE},
236 {CONFIGURATION, 0, 1, TRUE, FALSE},
237 {VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE},
238 };
239
240 /**
241 * payload order for IKE_AUTH responder
242 */
243 static payload_order_t ike_auth_r_order[] = {
244 /* payload type notify type */
245 {ID_RESPONDER, 0},
246 {CERTIFICATE, 0},
247 {AUTHENTICATION, 0},
248 {EXTENSIBLE_AUTHENTICATION, 0},
249 {CONFIGURATION, 0},
250 {NOTIFY, IPCOMP_SUPPORTED},
251 {NOTIFY, USE_TRANSPORT_MODE},
252 {NOTIFY, ESP_TFC_PADDING_NOT_SUPPORTED},
253 {NOTIFY, NON_FIRST_FRAGMENTS_ALSO},
254 {SECURITY_ASSOCIATION, 0},
255 {TRAFFIC_SELECTOR_INITIATOR, 0},
256 {TRAFFIC_SELECTOR_RESPONDER, 0},
257 {NOTIFY, AUTH_LIFETIME},
258 {NOTIFY, MOBIKE_SUPPORTED},
259 {NOTIFY, ADDITIONAL_IP4_ADDRESS},
260 {NOTIFY, ADDITIONAL_IP6_ADDRESS},
261 {NOTIFY, NO_ADDITIONAL_ADDRESSES},
262 {NOTIFY, 0},
263 {VENDOR_ID, 0},
264 };
265
266 /**
267 * Message rule for INFORMATIONAL from initiator.
268 */
269 static payload_rule_t informational_i_rules[] = {
270 /* payload type min max encr suff */
271 {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE},
272 {CONFIGURATION, 0, 1, TRUE, FALSE},
273 {DELETE, 0, MAX_DELETE_PAYLOADS, TRUE, FALSE},
274 {VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE},
275 };
276
277 /**
278 * payload order for INFORMATIONAL initiator
279 */
280 static payload_order_t informational_i_order[] = {
281 /* payload type notify type */
282 {NOTIFY, UPDATE_SA_ADDRESSES},
283 {NOTIFY, NAT_DETECTION_SOURCE_IP},
284 {NOTIFY, NAT_DETECTION_DESTINATION_IP},
285 {NOTIFY, COOKIE2},
286 {NOTIFY, 0},
287 {DELETE, 0},
288 {CONFIGURATION, 0},
289 };
290
291 /**
292 * Message rule for INFORMATIONAL from responder.
293 */
294 static payload_rule_t informational_r_rules[] = {
295 /* payload type min max encr suff */
296 {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE},
297 {CONFIGURATION, 0, 1, TRUE, FALSE},
298 {DELETE, 0, MAX_DELETE_PAYLOADS, TRUE, FALSE},
299 {VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE},
300 };
301
302 /**
303 * payload order for INFORMATIONAL responder
304 */
305 static payload_order_t informational_r_order[] = {
306 /* payload type notify type */
307 {NOTIFY, UPDATE_SA_ADDRESSES},
308 {NOTIFY, NAT_DETECTION_SOURCE_IP},
309 {NOTIFY, NAT_DETECTION_DESTINATION_IP},
310 {NOTIFY, COOKIE2},
311 {NOTIFY, 0},
312 {DELETE, 0},
313 {CONFIGURATION, 0},
314 };
315
316 /**
317 * Message rule for CREATE_CHILD_SA from initiator.
318 */
319 static payload_rule_t create_child_sa_i_rules[] = {
320 /* payload type min max encr suff */
321 {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE},
322 {SECURITY_ASSOCIATION, 1, 1, TRUE, FALSE},
323 {NONCE, 1, 1, TRUE, FALSE},
324 {KEY_EXCHANGE, 0, 1, TRUE, FALSE},
325 {TRAFFIC_SELECTOR_INITIATOR, 0, 1, TRUE, FALSE},
326 {TRAFFIC_SELECTOR_RESPONDER, 0, 1, TRUE, FALSE},
327 {CONFIGURATION, 0, 1, TRUE, FALSE},
328 {VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE},
329 };
330
331 /**
332 * payload order for CREATE_CHILD_SA from initiator.
333 */
334 static payload_order_t create_child_sa_i_order[] = {
335 /* payload type notify type */
336 {NOTIFY, REKEY_SA},
337 {NOTIFY, IPCOMP_SUPPORTED},
338 {NOTIFY, USE_TRANSPORT_MODE},
339 {NOTIFY, ESP_TFC_PADDING_NOT_SUPPORTED},
340 {NOTIFY, NON_FIRST_FRAGMENTS_ALSO},
341 {SECURITY_ASSOCIATION, 0},
342 {NONCE, 0},
343 {KEY_EXCHANGE, 0},
344 {TRAFFIC_SELECTOR_INITIATOR, 0},
345 {TRAFFIC_SELECTOR_RESPONDER, 0},
346 {NOTIFY, 0},
347 };
348
349 /**
350 * Message rule for CREATE_CHILD_SA from responder.
351 */
352 static payload_rule_t create_child_sa_r_rules[] = {
353 /* payload type min max encr suff */
354 {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, TRUE},
355 {SECURITY_ASSOCIATION, 1, 1, TRUE, FALSE},
356 {NONCE, 1, 1, TRUE, FALSE},
357 {KEY_EXCHANGE, 0, 1, TRUE, FALSE},
358 {TRAFFIC_SELECTOR_INITIATOR, 0, 1, TRUE, FALSE},
359 {TRAFFIC_SELECTOR_RESPONDER, 0, 1, TRUE, FALSE},
360 {CONFIGURATION, 0, 1, TRUE, FALSE},
361 {VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE},
362 };
363
364 /**
365 * payload order for CREATE_CHILD_SA from responder.
366 */
367 static payload_order_t create_child_sa_r_order[] = {
368 /* payload type notify type */
369 {NOTIFY, IPCOMP_SUPPORTED},
370 {NOTIFY, USE_TRANSPORT_MODE},
371 {NOTIFY, ESP_TFC_PADDING_NOT_SUPPORTED},
372 {NOTIFY, NON_FIRST_FRAGMENTS_ALSO},
373 {SECURITY_ASSOCIATION, 0},
374 {NONCE, 0},
375 {KEY_EXCHANGE, 0},
376 {TRAFFIC_SELECTOR_INITIATOR, 0},
377 {TRAFFIC_SELECTOR_RESPONDER, 0},
378 {NOTIFY, ADDITIONAL_TS_POSSIBLE},
379 {NOTIFY, 0},
380 };
381
382 #ifdef ME
383 /**
384 * Message rule for ME_CONNECT from initiator.
385 */
386 static payload_rule_t me_connect_i_rules[] = {
387 /* payload type min max encr suff */
388 {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, TRUE},
389 {ID_PEER, 1, 1, TRUE, FALSE},
390 {VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE}
391 };
392
393 /**
394 * payload order for ME_CONNECT from initiator.
395 */
396 static payload_order_t me_connect_i_order[] = {
397 /* payload type notify type */
398 {NOTIFY, 0},
399 {ID_PEER, 0},
400 {VENDOR_ID, 0},
401 };
402
403 /**
404 * Message rule for ME_CONNECT from responder.
405 */
406 static payload_rule_t me_connect_r_rules[] = {
407 /* payload type min max encr suff */
408 {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, TRUE},
409 {VENDOR_ID, 0, MAX_VID_PAYLOADS, TRUE, FALSE}
410 };
411
412 /**
413 * payload order for ME_CONNECT from responder.
414 */
415 static payload_order_t me_connect_r_order[] = {
416 /* payload type notify type */
417 {NOTIFY, 0},
418 {VENDOR_ID, 0},
419 };
420 #endif /* ME */
421
422 #ifdef USE_IKEV1
423 /**
424 * Message rule for ID_PROT from initiator.
425 */
426 static payload_rule_t id_prot_i_rules[] = {
427 /* payload type min max encr suff */
428 {NOTIFY_V1, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE},
429 {SECURITY_ASSOCIATION_V1, 0, 1, FALSE, FALSE},
430 {KEY_EXCHANGE_V1, 0, 1, FALSE, FALSE},
431 {NONCE_V1, 0, 1, FALSE, FALSE},
432 {VENDOR_ID_V1, 0, MAX_VID_PAYLOADS, FALSE, FALSE},
433 {CERTIFICATE_REQUEST_V1, 0, MAX_CERTREQ_PAYLOADS, FALSE, FALSE},
434 {ID_V1, 0, 1, TRUE, FALSE},
435 {CERTIFICATE_V1, 0, 1, TRUE, FALSE},
436 {SIGNATURE_V1, 0, 1, TRUE, FALSE},
437 {HASH_V1, 0, 1, TRUE, FALSE},
438 };
439
440 /**
441 * payload order for ID_PROT from initiator.
442 */
443 static payload_order_t id_prot_i_order[] = {
444 /* payload type notify type */
445 {SECURITY_ASSOCIATION_V1, 0},
446 {KEY_EXCHANGE_V1, 0},
447 {NONCE_V1, 0},
448 {ID_V1, 0},
449 {CERTIFICATE_V1, 0},
450 {SIGNATURE_V1, 0},
451 {HASH_V1, 0},
452 {CERTIFICATE_REQUEST_V1, 0},
453 {NOTIFY_V1, 0},
454 {VENDOR_ID_V1, 0},
455 };
456
457 /**
458 * Message rule for ID_PROT from responder.
459 */
460 static payload_rule_t id_prot_r_rules[] = {
461 /* payload type min max encr suff */
462 {NOTIFY_V1, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE},
463 {SECURITY_ASSOCIATION_V1, 0, 1, FALSE, FALSE},
464 {KEY_EXCHANGE_V1, 0, 1, FALSE, FALSE},
465 {NONCE_V1, 0, 1, FALSE, FALSE},
466 {VENDOR_ID_V1, 0, MAX_VID_PAYLOADS, FALSE, FALSE},
467 {CERTIFICATE_REQUEST_V1, 0, MAX_CERTREQ_PAYLOADS, FALSE, FALSE},
468 {ID_V1, 0, 1, TRUE, FALSE},
469 {CERTIFICATE_V1, 0, 1, TRUE, FALSE},
470 {SIGNATURE_V1, 0, 1, TRUE, FALSE},
471 {HASH_V1, 0, 1, TRUE, FALSE},
472 };
473
474 /**
475 * payload order for ID_PROT from responder.
476 */
477 static payload_order_t id_prot_r_order[] = {
478 /* payload type notify type */
479 {SECURITY_ASSOCIATION_V1, 0},
480 {KEY_EXCHANGE_V1, 0},
481 {NONCE_V1, 0},
482 {ID_V1, 0},
483 {CERTIFICATE_V1, 0},
484 {SIGNATURE_V1, 0},
485 {HASH_V1, 0},
486 {CERTIFICATE_REQUEST_V1, 0},
487 {NOTIFY_V1, 0},
488 {VENDOR_ID_V1, 0},
489 };
490
491 /**
492 * Message rule for AGGRESSIVE from initiator.
493 */
494 static payload_rule_t aggressive_i_rules[] = {
495 /* payload type min max encr suff */
496 {NOTIFY_V1, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE},
497 {SECURITY_ASSOCIATION_V1, 0, 1, FALSE, FALSE},
498 {KEY_EXCHANGE_V1, 0, 1, FALSE, FALSE},
499 {NONCE_V1, 0, 1, FALSE, FALSE},
500 {VENDOR_ID_V1, 0, MAX_VID_PAYLOADS, FALSE, FALSE},
501 {CERTIFICATE_REQUEST_V1, 0, MAX_CERTREQ_PAYLOADS, FALSE, FALSE},
502 {ID_V1, 0, 1, FALSE, FALSE},
503 {CERTIFICATE_V1, 0, 1, FALSE, FALSE},
504 {SIGNATURE_V1, 0, 1, FALSE, FALSE},
505 {HASH_V1, 0, 1, FALSE, FALSE},
506 };
507
508 /**
509 * payload order for AGGRESSIVE from initiator.
510 */
511 static payload_order_t aggressive_i_order[] = {
512 /* payload type notify type */
513 {SECURITY_ASSOCIATION_V1, 0},
514 {KEY_EXCHANGE_V1, 0},
515 {NONCE_V1, 0},
516 {ID_V1, 0},
517 {CERTIFICATE_V1, 0},
518 {SIGNATURE_V1, 0},
519 {HASH_V1, 0},
520 {CERTIFICATE_REQUEST_V1, 0},
521 {NOTIFY_V1, 0},
522 {VENDOR_ID_V1, 0},
523 };
524
525 /**
526 * Message rule for AGGRESSIVE from responder.
527 */
528 static payload_rule_t aggressive_r_rules[] = {
529 /* payload type min max encr suff */
530 {NOTIFY_V1, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE},
531 {SECURITY_ASSOCIATION_V1, 0, 1, FALSE, FALSE},
532 {KEY_EXCHANGE_V1, 0, 1, FALSE, FALSE},
533 {NONCE_V1, 0, 1, FALSE, FALSE},
534 {VENDOR_ID_V1, 0, MAX_VID_PAYLOADS, FALSE, FALSE},
535 {CERTIFICATE_REQUEST_V1, 0, MAX_CERTREQ_PAYLOADS, FALSE, FALSE},
536 {ID_V1, 0, 1, FALSE, FALSE},
537 {CERTIFICATE_V1, 0, 1, FALSE, FALSE},
538 {SIGNATURE_V1, 0, 1, FALSE, FALSE},
539 {HASH_V1, 0, 1, FALSE, FALSE},
540 };
541
542 /**
543 * payload order for AGGRESSIVE from responder.
544 */
545 static payload_order_t aggressive_r_order[] = {
546 /* payload type notify type */
547 {SECURITY_ASSOCIATION_V1, 0},
548 {KEY_EXCHANGE_V1, 0},
549 {NONCE_V1, 0},
550 {ID_V1, 0},
551 {CERTIFICATE_V1, 0},
552 {SIGNATURE_V1, 0},
553 {HASH_V1, 0},
554 {CERTIFICATE_REQUEST_V1, 0},
555 {NOTIFY_V1, 0},
556 {VENDOR_ID_V1, 0},
557 };
558
559 /**
560 * Message rule for INFORMATIONAL_V1 from initiator.
561 */
562 static payload_rule_t informational_i_rules_v1[] = {
563 /* payload type min max encr suff */
564 {NOTIFY_V1, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE},
565 {DELETE_V1, 0, MAX_DELETE_PAYLOADS, TRUE, FALSE},
566 {VENDOR_ID_V1, 0, MAX_VID_PAYLOADS, TRUE, FALSE},
567 };
568
569 /**
570 * payload order for INFORMATIONAL_V1 from initiator.
571 */
572 static payload_order_t informational_i_order_v1[] = {
573 /* payload type notify type */
574 {NOTIFY_V1, 0},
575 {DELETE_V1, 0},
576 {VENDOR_ID_V1, 0},
577 };
578
579 /**
580 * Message rule for QUICK_MODE from initiator.
581 */
582 static payload_rule_t quick_mode_i_rules[] = {
583 /* payload type min max encr suff */
584 {NOTIFY_V1, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE},
585 {VENDOR_ID_V1, 0, MAX_VID_PAYLOADS, TRUE, FALSE},
586 {HASH_V1, 0, 1, TRUE, FALSE},
587 {SECURITY_ASSOCIATION_V1, 0, 2, TRUE, FALSE},
588 {NONCE_V1, 0, 1, TRUE, FALSE},
589 {KEY_EXCHANGE_V1, 0, 1, TRUE, FALSE},
590 {ID_V1, 0, 2, TRUE, FALSE},
591 };
592
593 /**
594 * payload order for QUICK_MODE from initiator.
595 */
596 static payload_order_t quick_mode_i_order[] = {
597 /* payload type notify type */
598 {NOTIFY_V1, 0},
599 {VENDOR_ID_V1, 0},
600 {HASH_V1, 0},
601 {SECURITY_ASSOCIATION_V1, 0},
602 {NONCE_V1, 0},
603 {KEY_EXCHANGE_V1, 0},
604 {ID_V1, 0},
605 };
606
607 /**
608 * Message rule for QUICK_MODE from responder.
609 */
610 static payload_rule_t quick_mode_r_rules[] = {
611 /* payload type min max encr suff */
612 {NOTIFY_V1, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE},
613 {VENDOR_ID_V1, 0, MAX_VID_PAYLOADS, TRUE, FALSE},
614 {HASH_V1, 0, 1, TRUE, FALSE},
615 {SECURITY_ASSOCIATION_V1, 0, 2, TRUE, FALSE},
616 {NONCE_V1, 0, 1, TRUE, FALSE},
617 {KEY_EXCHANGE_V1, 0, 1, TRUE, FALSE},
618 {ID_V1, 0, 2, TRUE, FALSE},
619 };
620
621 /**
622 * payload order for QUICK_MODE from responder.
623 */
624 static payload_order_t quick_mode_r_order[] = {
625 /* payload type notify type */
626 {NOTIFY_V1, 0},
627 {VENDOR_ID_V1, 0},
628 {HASH_V1, 0},
629 {SECURITY_ASSOCIATION_V1, 0},
630 {NONCE_V1, 0},
631 {KEY_EXCHANGE_V1, 0},
632 {ID_V1, 0},
633 };
634
635 /**
636 * Message rule for TRANSACTION.
637 */
638 static payload_rule_t transaction_payload_rules_v1[] = {
639 /* payload type min max encr suff */
640 {HASH_V1, 0, 1, TRUE, FALSE},
641 {CONFIGURATION_V1, 1, 1, FALSE, FALSE},
642 };
643
644 /**
645 * Payload order for TRANSACTION.
646 */
647 static payload_order_t transaction_payload_order_v1[] = {
648 /* payload type notify type */
649 {HASH_V1, 0},
650 {CONFIGURATION_V1, 0},
651 };
652
653 #endif /* USE_IKEV1 */
654
655 /**
656 * Message rules, defines allowed payloads.
657 */
658 static message_rule_t message_rules[] = {
659 {IKE_SA_INIT, TRUE, FALSE,
660 countof(ike_sa_init_i_rules), ike_sa_init_i_rules,
661 countof(ike_sa_init_i_order), ike_sa_init_i_order,
662 },
663 {IKE_SA_INIT, FALSE, FALSE,
664 countof(ike_sa_init_r_rules), ike_sa_init_r_rules,
665 countof(ike_sa_init_r_order), ike_sa_init_r_order,
666 },
667 {IKE_AUTH, TRUE, TRUE,
668 countof(ike_auth_i_rules), ike_auth_i_rules,
669 countof(ike_auth_i_order), ike_auth_i_order,
670 },
671 {IKE_AUTH, FALSE, TRUE,
672 countof(ike_auth_r_rules), ike_auth_r_rules,
673 countof(ike_auth_r_order), ike_auth_r_order,
674 },
675 {INFORMATIONAL, TRUE, TRUE,
676 countof(informational_i_rules), informational_i_rules,
677 countof(informational_i_order), informational_i_order,
678 },
679 {INFORMATIONAL, FALSE, TRUE,
680 countof(informational_r_rules), informational_r_rules,
681 countof(informational_r_order), informational_r_order,
682 },
683 {CREATE_CHILD_SA, TRUE, TRUE,
684 countof(create_child_sa_i_rules), create_child_sa_i_rules,
685 countof(create_child_sa_i_order), create_child_sa_i_order,
686 },
687 {CREATE_CHILD_SA, FALSE, TRUE,
688 countof(create_child_sa_r_rules), create_child_sa_r_rules,
689 countof(create_child_sa_r_order), create_child_sa_r_order,
690 },
691 #ifdef ME
692 {ME_CONNECT, TRUE, TRUE,
693 countof(me_connect_i_rules), me_connect_i_rules,
694 countof(me_connect_i_order), me_connect_i_order,
695 },
696 {ME_CONNECT, FALSE, TRUE,
697 countof(me_connect_r_rules), me_connect_r_rules,
698 countof(me_connect_r_order), me_connect_r_order,
699 },
700 #endif /* ME */
701 #ifdef USE_IKEV1
702 {ID_PROT, TRUE, FALSE,
703 countof(id_prot_i_rules), id_prot_i_rules,
704 countof(id_prot_i_order), id_prot_i_order,
705 },
706 {ID_PROT, FALSE, FALSE,
707 countof(id_prot_r_rules), id_prot_r_rules,
708 countof(id_prot_r_order), id_prot_r_order,
709 },
710 {AGGRESSIVE, TRUE, FALSE,
711 countof(aggressive_i_rules), aggressive_i_rules,
712 countof(aggressive_i_order), aggressive_i_order,
713 },
714 {AGGRESSIVE, FALSE, FALSE,
715 countof(aggressive_r_rules), aggressive_r_rules,
716 countof(aggressive_r_order), aggressive_r_order,
717 },
718 {INFORMATIONAL_V1, TRUE, TRUE,
719 countof(informational_i_rules_v1), informational_i_rules_v1,
720 countof(informational_i_order_v1), informational_i_order_v1,
721 },
722 {QUICK_MODE, TRUE, TRUE,
723 countof(quick_mode_i_rules), quick_mode_i_rules,
724 countof(quick_mode_i_order), quick_mode_i_order,
725 },
726 {QUICK_MODE, FALSE, TRUE,
727 countof(quick_mode_r_rules), quick_mode_r_rules,
728 countof(quick_mode_r_order), quick_mode_r_order,
729 },
730 {TRANSACTION, TRUE, TRUE,
731 countof(transaction_payload_rules_v1), transaction_payload_rules_v1,
732 countof(transaction_payload_order_v1), transaction_payload_order_v1,
733 },
734 {TRANSACTION, FALSE, TRUE,
735 countof(transaction_payload_rules_v1), transaction_payload_rules_v1,
736 countof(transaction_payload_order_v1), transaction_payload_order_v1,
737 },
738 /* TODO-IKEv1: define rules for other exchanges */
739 #endif /* USE_IKEV1 */
740 };
741
742
743 typedef struct private_message_t private_message_t;
744
745 /**
746 * Private data of an message_t object.
747 */
748 struct private_message_t {
749
750 /**
751 * Public part of a message_t object.
752 */
753 message_t public;
754
755 /**
756 * Minor version of message.
757 */
758 u_int8_t major_version;
759
760 /**
761 * Major version of message.
762 */
763 u_int8_t minor_version;
764
765 /**
766 * First Payload in message.
767 */
768 payload_type_t first_payload;
769
770 /**
771 * Assigned exchange type.
772 */
773 exchange_type_t exchange_type;
774
775 /**
776 * TRUE if message is a request, FALSE if a reply.
777 */
778 bool is_request;
779
780 /**
781 * The message is encrypted (IKEv1)
782 */
783 bool is_encrypted;
784
785 /**
786 * Higher version supported?
787 */
788 bool version_flag;
789
790 /**
791 * Reserved bits in IKE header
792 */
793 bool reserved[2];
794
795 /**
796 * Sorting of message disabled?
797 */
798 bool sort_disabled;
799
800 /**
801 * Message ID of this message.
802 */
803 u_int32_t message_id;
804
805 /**
806 * ID of assigned IKE_SA.
807 */
808 ike_sa_id_t *ike_sa_id;
809
810 /**
811 * Assigned UDP packet, stores incoming packet or last generated one.
812 */
813 packet_t *packet;
814
815 /**
816 * Linked List where payload data are stored in.
817 */
818 linked_list_t *payloads;
819
820 /**
821 * Assigned parser to parse Header and Body of this message.
822 */
823 parser_t *parser;
824
825 /**
826 * The message rule for this message instance
827 */
828 message_rule_t *rule;
829 };
830
831 /**
832 * Get the message rule that applies to this message
833 */
834 static message_rule_t* get_message_rule(private_message_t *this)
835 {
836 int i;
837
838 for (i = 0; i < countof(message_rules); i++)
839 {
840 if ((this->exchange_type == message_rules[i].exchange_type) &&
841 (this->is_request == message_rules[i].is_request))
842 {
843 return &message_rules[i];
844 }
845 }
846 return NULL;
847 }
848
849 /**
850 * Look up a payload rule
851 */
852 static payload_rule_t* get_payload_rule(private_message_t *this,
853 payload_type_t type)
854 {
855 int i;
856
857 for (i = 0; i < this->rule->rule_count;i++)
858 {
859 if (this->rule->rules[i].type == type)
860 {
861 return &this->rule->rules[i];
862 }
863 }
864 return NULL;
865 }
866
867 METHOD(message_t, set_ike_sa_id, void,
868 private_message_t *this,ike_sa_id_t *ike_sa_id)
869 {
870 DESTROY_IF(this->ike_sa_id);
871 this->ike_sa_id = ike_sa_id->clone(ike_sa_id);
872 }
873
874 METHOD(message_t, get_ike_sa_id, ike_sa_id_t*,
875 private_message_t *this)
876 {
877 return this->ike_sa_id;
878 }
879
880 METHOD(message_t, set_message_id, void,
881 private_message_t *this,u_int32_t message_id)
882 {
883 this->message_id = message_id;
884 }
885
886 METHOD(message_t, get_message_id, u_int32_t,
887 private_message_t *this)
888 {
889 return this->message_id;
890 }
891
892 METHOD(message_t, get_initiator_spi, u_int64_t,
893 private_message_t *this)
894 {
895 return (this->ike_sa_id->get_initiator_spi(this->ike_sa_id));
896 }
897
898 METHOD(message_t, get_responder_spi, u_int64_t,
899 private_message_t *this)
900 {
901 return (this->ike_sa_id->get_responder_spi(this->ike_sa_id));
902 }
903
904 METHOD(message_t, set_major_version, void,
905 private_message_t *this, u_int8_t major_version)
906 {
907 this->major_version = major_version;
908 }
909
910 METHOD(message_t, get_major_version, u_int8_t,
911 private_message_t *this)
912 {
913 return this->major_version;
914 }
915
916 METHOD(message_t, set_minor_version, void,
917 private_message_t *this,u_int8_t minor_version)
918 {
919 this->minor_version = minor_version;
920 }
921
922 METHOD(message_t, get_minor_version, u_int8_t,
923 private_message_t *this)
924 {
925 return this->minor_version;
926 }
927
928 METHOD(message_t, set_exchange_type, void,
929 private_message_t *this, exchange_type_t exchange_type)
930 {
931 this->exchange_type = exchange_type;
932 }
933
934 METHOD(message_t, get_exchange_type, exchange_type_t,
935 private_message_t *this)
936 {
937 return this->exchange_type;
938 }
939
940 METHOD(message_t, get_first_payload_type, payload_type_t,
941 private_message_t *this)
942 {
943 return this->first_payload;
944 }
945
946 METHOD(message_t, set_request, void,
947 private_message_t *this, bool request)
948 {
949 this->is_request = request;
950 }
951
952 METHOD(message_t, get_request, bool,
953 private_message_t *this)
954 {
955 return this->is_request;
956 }
957
958 METHOD(message_t, set_version_flag, void,
959 private_message_t *this)
960 {
961 this->version_flag = TRUE;
962 }
963
964 METHOD(message_t, get_reserved_header_bit, bool,
965 private_message_t *this, u_int nr)
966 {
967 if (nr < countof(this->reserved))
968 {
969 return this->reserved[nr];
970 }
971 return FALSE;
972 }
973
974 METHOD(message_t, set_reserved_header_bit, void,
975 private_message_t *this, u_int nr)
976 {
977 if (nr < countof(this->reserved))
978 {
979 this->reserved[nr] = TRUE;
980 }
981 }
982
983 METHOD(message_t, is_encoded, bool,
984 private_message_t *this)
985 {
986 return this->packet->get_data(this->packet).ptr != NULL;
987 }
988
989 METHOD(message_t, add_payload, void,
990 private_message_t *this, payload_t *payload)
991 {
992 payload_t *last_payload;
993
994 if (this->payloads->get_count(this->payloads) > 0)
995 {
996 this->payloads->get_last(this->payloads, (void **)&last_payload);
997 last_payload->set_next_type(last_payload, payload->get_type(payload));
998 }
999 else
1000 {
1001 this->first_payload = payload->get_type(payload);
1002 }
1003 payload->set_next_type(payload, NO_PAYLOAD);
1004 this->payloads->insert_last(this->payloads, payload);
1005
1006 DBG2(DBG_ENC ,"added payload of type %N to message",
1007 payload_type_names, payload->get_type(payload));
1008 }
1009
1010 METHOD(message_t, add_notify, void,
1011 private_message_t *this, bool flush, notify_type_t type, chunk_t data)
1012 {
1013 notify_payload_t *notify;
1014 payload_t *payload;
1015
1016 if (flush)
1017 {
1018 while (this->payloads->remove_last(this->payloads,
1019 (void**)&payload) == SUCCESS)
1020 {
1021 payload->destroy(payload);
1022 }
1023 }
1024 if (this->major_version == IKEV2_MAJOR_VERSION)
1025 {
1026 notify = notify_payload_create(NOTIFY);
1027 }
1028 else
1029 {
1030 notify = notify_payload_create(NOTIFY_V1);
1031 }
1032 notify->set_notify_type(notify, type);
1033 notify->set_notification_data(notify, data);
1034 add_payload(this, (payload_t*)notify);
1035 }
1036
1037 METHOD(message_t, set_source, void,
1038 private_message_t *this, host_t *host)
1039 {
1040 this->packet->set_source(this->packet, host);
1041 }
1042
1043 METHOD(message_t, set_destination, void,
1044 private_message_t *this, host_t *host)
1045 {
1046 this->packet->set_destination(this->packet, host);
1047 }
1048
1049 METHOD(message_t, get_source, host_t*,
1050 private_message_t *this)
1051 {
1052 return this->packet->get_source(this->packet);
1053 }
1054
1055 METHOD(message_t, get_destination, host_t*,
1056 private_message_t *this)
1057 {
1058 return this->packet->get_destination(this->packet);
1059 }
1060
1061 METHOD(message_t, create_payload_enumerator, enumerator_t*,
1062 private_message_t *this)
1063 {
1064 return this->payloads->create_enumerator(this->payloads);
1065 }
1066
1067 METHOD(message_t, remove_payload_at, void,
1068 private_message_t *this, enumerator_t *enumerator)
1069 {
1070 this->payloads->remove_at(this->payloads, enumerator);
1071 }
1072
1073 METHOD(message_t, get_payload, payload_t*,
1074 private_message_t *this, payload_type_t type)
1075 {
1076 payload_t *current, *found = NULL;
1077 enumerator_t *enumerator;
1078
1079 enumerator = create_payload_enumerator(this);
1080 while (enumerator->enumerate(enumerator, &current))
1081 {
1082 if (current->get_type(current) == type)
1083 {
1084 found = current;
1085 break;
1086 }
1087 }
1088 enumerator->destroy(enumerator);
1089 return found;
1090 }
1091
1092 METHOD(message_t, get_notify, notify_payload_t*,
1093 private_message_t *this, notify_type_t type)
1094 {
1095 enumerator_t *enumerator;
1096 notify_payload_t *notify = NULL;
1097 payload_t *payload;
1098
1099 enumerator = create_payload_enumerator(this);
1100 while (enumerator->enumerate(enumerator, &payload))
1101 {
1102 if (payload->get_type(payload) == NOTIFY)
1103 {
1104 notify = (notify_payload_t*)payload;
1105 if (notify->get_notify_type(notify) == type)
1106 {
1107 break;
1108 }
1109 notify = NULL;
1110 }
1111 }
1112 enumerator->destroy(enumerator);
1113 return notify;
1114 }
1115
1116 /**
1117 * get a string representation of the message
1118 */
1119 static char* get_string(private_message_t *this, char *buf, int len)
1120 {
1121 enumerator_t *enumerator;
1122 payload_t *payload;
1123 int written;
1124 char *pos = buf;
1125
1126 memset(buf, 0, len);
1127 len--;
1128
1129 written = snprintf(pos, len, "%N %s %u [",
1130 exchange_type_names, this->exchange_type,
1131 this->is_request ? "request" : "response",
1132 this->message_id);
1133 if (written >= len || written < 0)
1134 {
1135 return "";
1136 }
1137 pos += written;
1138 len -= written;
1139
1140 enumerator = create_payload_enumerator(this);
1141 while (enumerator->enumerate(enumerator, &payload))
1142 {
1143 written = snprintf(pos, len, " %N", payload_type_short_names,
1144 payload->get_type(payload));
1145 if (written >= len || written < 0)
1146 {
1147 return buf;
1148 }
1149 pos += written;
1150 len -= written;
1151 if (payload->get_type(payload) == NOTIFY)
1152 {
1153 notify_payload_t *notify;
1154 notify_type_t type;
1155 chunk_t data;
1156
1157 notify = (notify_payload_t*)payload;
1158 type = notify->get_notify_type(notify);
1159 data = notify->get_notification_data(notify);
1160 if (type == MS_NOTIFY_STATUS && data.len == 4)
1161 {
1162 written = snprintf(pos, len, "(%N(%d))", notify_type_short_names,
1163 type, untoh32(data.ptr));
1164 }
1165 else
1166 {
1167 written = snprintf(pos, len, "(%N)", notify_type_short_names,
1168 type);
1169 }
1170 if (written >= len || written < 0)
1171 {
1172 return buf;
1173 }
1174 pos += written;
1175 len -= written;
1176 }
1177 if (payload->get_type(payload) == EXTENSIBLE_AUTHENTICATION)
1178 {
1179 eap_payload_t *eap = (eap_payload_t*)payload;
1180 u_int32_t vendor;
1181 eap_type_t type;
1182 char method[64] = "";
1183
1184 type = eap->get_type(eap, &vendor);
1185 if (type)
1186 {
1187 if (vendor)
1188 {
1189 snprintf(method, sizeof(method), "/%d-%d", type, vendor);
1190 }
1191 else
1192 {
1193 snprintf(method, sizeof(method), "/%N",
1194 eap_type_short_names, type);
1195 }
1196 }
1197 written = snprintf(pos, len, "/%N%s", eap_code_short_names,
1198 eap->get_code(eap), method);
1199 if (written >= len || written < 0)
1200 {
1201 return buf;
1202 }
1203 pos += written;
1204 len -= written;
1205 }
1206 if (payload->get_type(payload) == CONFIGURATION)
1207 {
1208 cp_payload_t *cp = (cp_payload_t*)payload;
1209 enumerator_t *attributes;
1210 configuration_attribute_t *attribute;
1211 bool first = TRUE;
1212
1213 attributes = cp->create_attribute_enumerator(cp);
1214 while (attributes->enumerate(attributes, &attribute))
1215 {
1216 written = snprintf(pos, len, "%s%N", first ? "(" : " ",
1217 configuration_attribute_type_short_names,
1218 attribute->get_type(attribute));
1219 if (written >= len || written < 0)
1220 {
1221 return buf;
1222 }
1223 pos += written;
1224 len -= written;
1225 first = FALSE;
1226 }
1227 attributes->destroy(attributes);
1228 if (!first)
1229 {
1230 written = snprintf(pos, len, ")");
1231 if (written >= len || written < 0)
1232 {
1233 return buf;
1234 }
1235 pos += written;
1236 len -= written;
1237 }
1238 }
1239 }
1240 enumerator->destroy(enumerator);
1241
1242 /* remove last space */
1243 snprintf(pos, len, " ]");
1244 return buf;
1245 }
1246
1247 /**
1248 * reorder payloads depending on reordering rules
1249 */
1250 static void order_payloads(private_message_t *this)
1251 {
1252 linked_list_t *list;
1253 payload_t *payload;
1254 int i;
1255
1256 /* move to temp list */
1257 list = linked_list_create();
1258 while (this->payloads->remove_last(this->payloads,
1259 (void**)&payload) == SUCCESS)
1260 {
1261 list->insert_first(list, payload);
1262 }
1263 /* for each rule, ... */
1264 for (i = 0; i < this->rule->order_count; i++)
1265 {
1266 enumerator_t *enumerator;
1267 notify_payload_t *notify;
1268 payload_order_t order;
1269
1270 order = this->rule->order[i];
1271
1272 /* ... find all payload ... */
1273 enumerator = list->create_enumerator(list);
1274 while (enumerator->enumerate(enumerator, &payload))
1275 {
1276 /* ... with that type ... */
1277 if (payload->get_type(payload) == order.type)
1278 {
1279 notify = (notify_payload_t*)payload;
1280
1281 /**... and check notify for type. */
1282 if (order.type != NOTIFY || order.notify == 0 ||
1283 order.notify == notify->get_notify_type(notify))
1284 {
1285 list->remove_at(list, enumerator);
1286 add_payload(this, payload);
1287 }
1288 }
1289 }
1290 enumerator->destroy(enumerator);
1291 }
1292 /* append all payloads without a rule to the end */
1293 while (list->remove_last(list, (void**)&payload) == SUCCESS)
1294 {
1295 /* do not complain about payloads in private use space */
1296 if (payload->get_type(payload) < 128)
1297 {
1298 DBG1(DBG_ENC, "payload %N has no ordering rule in %N %s",
1299 payload_type_names, payload->get_type(payload),
1300 exchange_type_names, this->rule->exchange_type,
1301 this->rule->is_request ? "request" : "response");
1302 }
1303 add_payload(this, payload);
1304 }
1305 list->destroy(list);
1306 }
1307
1308 /**
1309 * Wrap payloads in an encryption payload
1310 */
1311 static encryption_payload_t* wrap_payloads(private_message_t *this,
1312 payload_type_t encryption_type)
1313 {
1314 encryption_payload_t *encryption;
1315 linked_list_t *payloads;
1316 payload_t *current;
1317
1318 /* copy all payloads in a temporary list */
1319 payloads = linked_list_create();
1320 while (this->payloads->remove_first(this->payloads,
1321 (void**)&current) == SUCCESS)
1322 {
1323 payloads->insert_last(payloads, current);
1324 }
1325
1326 encryption = encryption_payload_create(encryption_type);
1327 while (payloads->remove_first(payloads, (void**)&current) == SUCCESS)
1328 {
1329 payload_rule_t *rule;
1330 payload_type_t type;
1331 bool encrypt = TRUE;
1332
1333 type = current->get_type(current);
1334 rule = get_payload_rule(this, type);
1335 if (rule)
1336 {
1337 encrypt = rule->encrypted;
1338 }
1339 if (encrypt || this->is_encrypted)
1340 { /* encryption is forced for IKEv1 */
1341 DBG2(DBG_ENC, "insert payload %N to encryption payload",
1342 payload_type_names, type);
1343 encryption->add_payload(encryption, current);
1344 }
1345 else
1346 {
1347 DBG2(DBG_ENC, "insert payload %N unencrypted",
1348 payload_type_names, type);
1349 add_payload(this, current);
1350 }
1351 }
1352 payloads->destroy(payloads);
1353
1354 return encryption;
1355 }
1356
1357 METHOD(message_t, disable_sort, void,
1358 private_message_t *this)
1359 {
1360 this->sort_disabled = TRUE;
1361 }
1362
1363 METHOD(message_t, generate, status_t,
1364 private_message_t *this, keymat_t *keymat, packet_t **packet)
1365 {
1366 keymat_v1_t *keymat_v1 = (keymat_v1_t*)keymat;
1367 generator_t *generator;
1368 ike_header_t *ike_header;
1369 payload_t *payload, *next;
1370 encryption_payload_t *encryption = NULL;
1371 payload_type_t next_type;
1372 enumerator_t *enumerator;
1373 aead_t *aead;
1374 chunk_t chunk;
1375 char str[BUF_LEN];
1376 u_int32_t *lenpos;
1377 bool encrypted = FALSE, *reserved;
1378 int i;
1379
1380 if (this->exchange_type == EXCHANGE_TYPE_UNDEFINED)
1381 {
1382 DBG1(DBG_ENC, "exchange type is not defined");
1383 return INVALID_STATE;
1384 }
1385
1386 if (this->packet->get_source(this->packet) == NULL ||
1387 this->packet->get_destination(this->packet) == NULL)
1388 {
1389 DBG1(DBG_ENC, "source/destination not defined");
1390 return INVALID_STATE;
1391 }
1392
1393 this->rule = get_message_rule(this);
1394 if (!this->rule)
1395 {
1396 DBG1(DBG_ENC, "no message rules specified for this message type");
1397 return NOT_SUPPORTED;
1398 }
1399
1400 if (!this->sort_disabled)
1401 {
1402 order_payloads(this);
1403 }
1404
1405 DBG1(DBG_ENC, "generating %s", get_string(this, str, sizeof(str)));
1406
1407 if (this->major_version == IKEV2_MAJOR_VERSION)
1408 {
1409 encrypted = this->rule->encrypted;
1410 }
1411 else
1412 {
1413 /* get a hash for this message, if any is required */
1414 chunk_t hash = keymat_v1->get_hash_phase2(keymat_v1, &this->public);
1415 if (hash.ptr)
1416 { /* insert a HASH payload as first payload */
1417 hash_payload_t *hash_payload = hash_payload_create();
1418 hash_payload->set_hash(hash_payload, hash);
1419 this->payloads->insert_first(this->payloads,
1420 (payload_t*)hash_payload);
1421 chunk_free(&hash);
1422 }
1423
1424 /* if at least one payload requires encryption, encrypt the message */
1425 /* TODO-IKEV1: set is_encrypted externally instead of this check? */
1426 enumerator = this->payloads->create_enumerator(this->payloads);
1427 while (enumerator->enumerate(enumerator, (void**)&payload))
1428 {
1429 payload_rule_t *rule;
1430 rule = get_payload_rule(this, payload->get_type(payload));
1431 if (rule && rule->encrypted)
1432 {
1433 this->is_encrypted = TRUE;
1434 encrypted = TRUE;
1435 break;
1436 }
1437 }
1438 enumerator->destroy(enumerator);
1439 }
1440
1441 aead = keymat->get_aead(keymat, FALSE);
1442 if (aead && encrypted)
1443 {
1444 encryption = wrap_payloads(this, this->is_encrypted ? ENCRYPTED_V1
1445 : ENCRYPTED);
1446 }
1447 else
1448 {
1449 DBG2(DBG_ENC, "not encrypting payloads");
1450 }
1451
1452 ike_header = ike_header_create_version(this->major_version,
1453 this->minor_version);
1454 ike_header->set_exchange_type(ike_header, this->exchange_type);
1455 ike_header->set_message_id(ike_header, this->message_id);
1456 if (this->major_version == IKEV2_MAJOR_VERSION)
1457 {
1458 ike_header->set_response_flag(ike_header, !this->is_request);
1459 ike_header->set_version_flag(ike_header, this->version_flag);
1460 ike_header->set_initiator_flag(ike_header,
1461 this->ike_sa_id->is_initiator(this->ike_sa_id));
1462 }
1463 else
1464 {
1465 ike_header->set_encryption_flag(ike_header, this->is_encrypted);
1466 }
1467 ike_header->set_initiator_spi(ike_header,
1468 this->ike_sa_id->get_initiator_spi(this->ike_sa_id));
1469 ike_header->set_responder_spi(ike_header,
1470 this->ike_sa_id->get_responder_spi(this->ike_sa_id));
1471
1472 for (i = 0; i < countof(this->reserved); i++)
1473 {
1474 reserved = payload_get_field(&ike_header->payload_interface,
1475 RESERVED_BIT, i);
1476 if (reserved)
1477 {
1478 *reserved = this->reserved[i];
1479 }
1480 }
1481
1482 generator = generator_create();
1483
1484 /* generate all payloads with proper next type */
1485 payload = (payload_t*)ike_header;
1486 enumerator = create_payload_enumerator(this);
1487 while (enumerator->enumerate(enumerator, &next))
1488 {
1489 payload->set_next_type(payload, next->get_type(next));
1490 generator->generate_payload(generator, payload);
1491 payload = next;
1492 }
1493 enumerator->destroy(enumerator);
1494 if (this->is_encrypted)
1495 { /* for encrypted IKEv1 messages */
1496 next_type = encryption->payload_interface.get_next_type(
1497 (payload_t*)encryption);
1498 }
1499 else
1500 {
1501 next_type = encryption ? ENCRYPTED : NO_PAYLOAD;
1502 }
1503 payload->set_next_type(payload, next_type);
1504 generator->generate_payload(generator, payload);
1505 ike_header->destroy(ike_header);
1506
1507 if (encryption)
1508 {
1509 if (this->is_encrypted)
1510 { /* for IKEv1 instead of associated data we provide the IV */
1511 chunk = keymat_v1->get_iv(keymat_v1, this->message_id);
1512 }
1513 else
1514 { /* build associated data (without header of encryption payload) */
1515 chunk = generator->get_chunk(generator, &lenpos);
1516 /* fill in length, including encryption payload */
1517 htoun32(lenpos, chunk.len + encryption->get_length(encryption));
1518 }
1519 encryption->set_transform(encryption, aead);
1520 this->payloads->insert_last(this->payloads, encryption);
1521 if (!encryption->encrypt(encryption, chunk))
1522 {
1523 generator->destroy(generator);
1524 return INVALID_STATE;
1525 }
1526 generator->generate_payload(generator, &encryption->payload_interface);
1527 }
1528 chunk = generator->get_chunk(generator, &lenpos);
1529 htoun32(lenpos, chunk.len);
1530 this->packet->set_data(this->packet, chunk_clone(chunk));
1531 if (this->is_encrypted)
1532 { /* update the IV for the next IKEv1 message */
1533 chunk_t last_block;
1534 size_t bs = aead->get_block_size(aead);
1535 last_block = chunk_create(chunk.ptr + chunk.len - bs, bs);
1536 keymat_v1->update_iv(keymat_v1, this->message_id, last_block);
1537 keymat_v1->confirm_iv(keymat_v1, this->message_id);
1538 }
1539 generator->destroy(generator);
1540 *packet = this->packet->clone(this->packet);
1541 return SUCCESS;
1542 }
1543
1544 METHOD(message_t, get_packet, packet_t*,
1545 private_message_t *this)
1546 {
1547 if (this->packet == NULL)
1548 {
1549 return NULL;
1550 }
1551 return this->packet->clone(this->packet);
1552 }
1553
1554 METHOD(message_t, get_packet_data, chunk_t,
1555 private_message_t *this)
1556 {
1557 if (this->packet == NULL)
1558 {
1559 return chunk_empty;
1560 }
1561 return this->packet->get_data(this->packet);
1562 }
1563
1564 METHOD(message_t, parse_header, status_t,
1565 private_message_t *this)
1566 {
1567 ike_header_t *ike_header;
1568 status_t status;
1569 bool *reserved;
1570 int i;
1571
1572 DBG2(DBG_ENC, "parsing header of message");
1573
1574 this->parser->reset_context(this->parser);
1575 status = this->parser->parse_payload(this->parser, HEADER,
1576 (payload_t**)&ike_header);
1577 if (status != SUCCESS)
1578 {
1579 DBG1(DBG_ENC, "header could not be parsed");
1580 return status;
1581
1582 }
1583
1584 status = ike_header->payload_interface.verify(
1585 &ike_header->payload_interface);
1586 if (status != SUCCESS)
1587 {
1588 DBG1(DBG_ENC, "header verification failed");
1589 ike_header->destroy(ike_header);
1590 return status;
1591 }
1592
1593 DESTROY_IF(this->ike_sa_id);
1594 this->ike_sa_id = ike_sa_id_create(
1595 ike_header->get_initiator_spi(ike_header),
1596 ike_header->get_responder_spi(ike_header),
1597 ike_header->get_initiator_flag(ike_header));
1598
1599 this->exchange_type = ike_header->get_exchange_type(ike_header);
1600 this->message_id = ike_header->get_message_id(ike_header);
1601 this->major_version = ike_header->get_maj_version(ike_header);
1602 this->minor_version = ike_header->get_min_version(ike_header);
1603 if (this->major_version == IKEV2_MAJOR_VERSION)
1604 {
1605 this->is_request = !ike_header->get_response_flag(ike_header);
1606 }
1607 else
1608 {
1609 this->is_encrypted = ike_header->get_encryption_flag(ike_header);
1610 }
1611 this->first_payload = ike_header->payload_interface.get_next_type(
1612 &ike_header->payload_interface);
1613 for (i = 0; i < countof(this->reserved); i++)
1614 {
1615 reserved = payload_get_field(&ike_header->payload_interface,
1616 RESERVED_BIT, i);
1617 if (reserved)
1618 {
1619 this->reserved[i] = *reserved;
1620 }
1621 }
1622 ike_header->destroy(ike_header);
1623
1624 DBG2(DBG_ENC, "parsed a %N %s header", exchange_type_names,
1625 this->exchange_type, this->major_version == IKEV1_MAJOR_VERSION ?
1626 "message" : (this->is_request ? "request" : "response"));
1627 return SUCCESS;
1628 }
1629
1630 /**
1631 * Check if a payload is for a mediation extension connectivity check
1632 */
1633 static bool is_connectivity_check(private_message_t *this, payload_t *payload)
1634 {
1635 #ifdef ME
1636 if (this->exchange_type == INFORMATIONAL &&
1637 payload->get_type(payload) == NOTIFY)
1638 {
1639 notify_payload_t *notify = (notify_payload_t*)payload;
1640
1641 switch (notify->get_notify_type(notify))
1642 {
1643 case ME_CONNECTID:
1644 case ME_ENDPOINT:
1645 case ME_CONNECTAUTH:
1646 return TRUE;
1647 default:
1648 break;
1649 }
1650 }
1651 #endif /* !ME */
1652 return FALSE;
1653 }
1654
1655 /**
1656 * Parses and verifies the unencrypted payloads contained in the message
1657 */
1658 static status_t parse_payloads(private_message_t *this)
1659 {
1660 payload_type_t type = this->first_payload;
1661 payload_t *payload;
1662 status_t status;
1663
1664 if (this->is_encrypted)
1665 { /* wrap the whole encrypted IKEv1 message in a special encryption
1666 * payload which is then handled just like a regular payload */
1667 encryption_payload_t *encryption;
1668 status = this->parser->parse_payload(this->parser, ENCRYPTED_V1,
1669 (payload_t**)&encryption);
1670 if (status != SUCCESS)
1671 {
1672 DBG1(DBG_ENC, "failed to wrap encrypted IKEv1 message");
1673 return PARSE_ERROR;
1674 }
1675 encryption->payload_interface.set_next_type((payload_t*)encryption,
1676 this->first_payload);
1677 this->payloads->insert_last(this->payloads, encryption);
1678 return SUCCESS;
1679 }
1680
1681 while (type != NO_PAYLOAD)
1682 {
1683 DBG2(DBG_ENC, "starting parsing a %N payload",
1684 payload_type_names, type);
1685
1686 status = this->parser->parse_payload(this->parser, type, &payload);
1687 if (status != SUCCESS)
1688 {
1689 DBG1(DBG_ENC, "payload type %N could not be parsed",
1690 payload_type_names, type);
1691 return PARSE_ERROR;
1692 }
1693
1694 DBG2(DBG_ENC, "verifying payload of type %N", payload_type_names, type);
1695 status = payload->verify(payload);
1696 if (status != SUCCESS)
1697 {
1698 DBG1(DBG_ENC, "%N payload verification failed",
1699 payload_type_names, type);
1700 payload->destroy(payload);
1701 return VERIFY_ERROR;
1702 }
1703
1704 DBG2(DBG_ENC, "%N payload verified. Adding to payload list",
1705 payload_type_names, type);
1706 this->payloads->insert_last(this->payloads, payload);
1707
1708 /* an encryption payload is the last one, so STOP here. decryption is
1709 * done later */
1710 if (type == ENCRYPTED)
1711 {
1712 DBG2(DBG_ENC, "%N payload found. Stop parsing",
1713 payload_type_names, type);
1714 break;
1715 }
1716 type = payload->get_next_type(payload);
1717 }
1718 return SUCCESS;
1719 }
1720
1721 /**
1722 * Decrypt payload from the encryption payload
1723 */
1724 static status_t decrypt_payloads(private_message_t *this, keymat_t *keymat)
1725 {
1726 bool was_encrypted = FALSE;
1727 payload_t *payload, *previous = NULL;
1728 enumerator_t *enumerator;
1729 payload_rule_t *rule;
1730 payload_type_t type;
1731 aead_t *aead;
1732 status_t status = SUCCESS;
1733
1734 enumerator = this->payloads->create_enumerator(this->payloads);
1735 while (enumerator->enumerate(enumerator, &payload))
1736 {
1737 type = payload->get_type(payload);
1738
1739 DBG2(DBG_ENC, "process payload of type %N", payload_type_names, type);
1740
1741 if (type == ENCRYPTED || type == ENCRYPTED_V1)
1742 {
1743 encryption_payload_t *encryption;
1744 payload_t *encrypted;
1745 chunk_t chunk;
1746 size_t bs;
1747
1748 encryption = (encryption_payload_t*)payload;
1749
1750 DBG2(DBG_ENC, "found an encryption payload");
1751
1752 if (this->payloads->has_more(this->payloads, enumerator))
1753 {
1754 DBG1(DBG_ENC, "encrypted payload is not last payload");
1755 status = VERIFY_ERROR;
1756 break;
1757 }
1758 aead = keymat->get_aead(keymat, TRUE);
1759 bs = aead->get_block_size(aead);
1760 encryption->set_transform(encryption, aead);
1761 chunk = this->packet->get_data(this->packet);
1762 if (chunk.len < encryption->get_length(encryption) ||
1763 chunk.len < bs)
1764 {
1765 DBG1(DBG_ENC, "invalid payload length");
1766 status = VERIFY_ERROR;
1767 break;
1768 }
1769 if (type == ENCRYPTED_V1)
1770 { /* instead of associated data we provide the IV, we also update
1771 * the IV with the last encrypted block */
1772 keymat_v1_t *keymat_v1 = (keymat_v1_t*)keymat;
1773 chunk_t last_block = chunk_create(chunk.ptr + chunk.len - bs,
1774 bs);
1775 chunk = keymat_v1->get_iv(keymat_v1, this->message_id);
1776 keymat_v1->update_iv(keymat_v1, this->message_id, last_block);
1777 }
1778 else
1779 {
1780 chunk.len -= encryption->get_length(encryption);
1781 }
1782 status = encryption->decrypt(encryption, chunk);
1783 if (status != SUCCESS)
1784 {
1785 break;
1786 }
1787
1788 was_encrypted = TRUE;
1789 this->payloads->remove_at(this->payloads, enumerator);
1790
1791 while ((encrypted = encryption->remove_payload(encryption)))
1792 {
1793 type = encrypted->get_type(encrypted);
1794 if (previous)
1795 {
1796 previous->set_next_type(previous, type);
1797 }
1798 else
1799 {
1800 this->first_payload = type;
1801 }
1802 DBG2(DBG_ENC, "insert decrypted payload of type "
1803 "%N at end of list", payload_type_names, type);
1804 this->payloads->insert_last(this->payloads, encrypted);
1805 previous = encrypted;
1806 }
1807 encryption->destroy(encryption);
1808 }
1809 if (payload_is_known(type) && !was_encrypted &&
1810 !is_connectivity_check(this, payload))
1811 {
1812 rule = get_payload_rule(this, type);
1813 if (!rule || rule->encrypted)
1814 {
1815 DBG1(DBG_ENC, "payload type %N was not encrypted",
1816 payload_type_names, type);
1817 status = FAILED;
1818 break;
1819 }
1820 }
1821 previous = payload;
1822 }
1823 enumerator->destroy(enumerator);
1824 return status;
1825 }
1826
1827 /**
1828 * Verify a message and all payload according to message/payload rules
1829 */
1830 static status_t verify(private_message_t *this)
1831 {
1832 bool complete = FALSE;
1833 int i;
1834
1835 DBG2(DBG_ENC, "verifying message structure");
1836
1837 /* check for payloads with wrong count */
1838 for (i = 0; i < this->rule->rule_count; i++)
1839 {
1840 enumerator_t *enumerator;
1841 payload_t *payload;
1842 payload_rule_t *rule;
1843 int found = 0;
1844
1845 rule = &this->rule->rules[i];
1846 enumerator = create_payload_enumerator(this);
1847 while (enumerator->enumerate(enumerator, &payload))
1848 {
1849 payload_type_t type;
1850
1851 type = payload->get_type(payload);
1852 if (type == rule->type)
1853 {
1854 found++;
1855 DBG2(DBG_ENC, "found payload of type %N",
1856 payload_type_names, type);
1857 if (found > rule->max_occurence)
1858 {
1859 DBG1(DBG_ENC, "payload of type %N more than %d times (%d) "
1860 "occurred in current message", payload_type_names,
1861 type, rule->max_occurence, found);
1862 enumerator->destroy(enumerator);
1863 return VERIFY_ERROR;
1864 }
1865 }
1866 }
1867 enumerator->destroy(enumerator);
1868
1869 if (!complete && found < rule->min_occurence)
1870 {
1871 DBG1(DBG_ENC, "payload of type %N not occurred %d times (%d)",
1872 payload_type_names, rule->type, rule->min_occurence, found);
1873 return VERIFY_ERROR;
1874 }
1875 if (found && rule->sufficient)
1876 {
1877 complete = TRUE;
1878 }
1879 }
1880 return SUCCESS;
1881 }
1882
1883 METHOD(message_t, parse_body, status_t,
1884 private_message_t *this, keymat_t *keymat)
1885 {
1886 status_t status = SUCCESS;
1887 char str[BUF_LEN];
1888
1889 DBG2(DBG_ENC, "parsing body of message, first payload is %N",
1890 payload_type_names, this->first_payload);
1891
1892 this->rule = get_message_rule(this);
1893 if (!this->rule)
1894 {
1895 DBG1(DBG_ENC, "no message rules specified for a %N %s",
1896 exchange_type_names, this->exchange_type,
1897 this->is_request ? "request" : "response");
1898 return PARSE_ERROR;
1899 }
1900
1901 status = parse_payloads(this);
1902 if (status != SUCCESS)
1903 { /* error is already logged */
1904 return status;
1905 }
1906
1907 status = decrypt_payloads(this, keymat);
1908 if (status != SUCCESS)
1909 {
1910 DBG1(DBG_ENC, "could not decrypt payloads");
1911 return status;
1912 }
1913
1914 status = verify(this);
1915 if (status != SUCCESS)
1916 {
1917 return status;
1918 }
1919
1920 DBG1(DBG_ENC, "parsed %s", get_string(this, str, sizeof(str)));
1921
1922 if (this->major_version == IKEV1_MAJOR_VERSION)
1923 {
1924 keymat_v1_t *keymat_v1 = (keymat_v1_t*)keymat;
1925 chunk_t hash;
1926 hash = keymat_v1->get_hash_phase2(keymat_v1, &this->public);
1927 if (hash.ptr)
1928 {
1929 hash_payload_t *hash_payload;
1930 chunk_t other_hash;
1931 if (this->first_payload != HASH_V1)
1932 {
1933 DBG1(DBG_ENC, "expected HASH payload as first payload");
1934 chunk_free(&hash);
1935 return VERIFY_ERROR;
1936 }
1937 hash_payload = (hash_payload_t*)get_payload(this, HASH_V1);
1938 other_hash = hash_payload->get_hash(hash_payload);
1939 if (!chunk_equals(hash, other_hash))
1940 {
1941 DBG1(DBG_ENC, "our hash does not match received %B",
1942 &other_hash);
1943 chunk_free(&hash);
1944 return VERIFY_ERROR;
1945 }
1946 DBG2(DBG_ENC, "verified IKEv1 message with hash %B", &hash);
1947 chunk_free(&hash);
1948 }
1949 }
1950
1951 if (this->is_encrypted)
1952 { /* TODO-IKEv1: this should be done later when we know this is no
1953 * retransmit */
1954 keymat_v1_t *keymat_v1 = (keymat_v1_t*)keymat;
1955 keymat_v1->confirm_iv(keymat_v1, this->message_id);
1956 }
1957
1958 return SUCCESS;
1959 }
1960
1961 METHOD(message_t, destroy, void,
1962 private_message_t *this)
1963 {
1964 DESTROY_IF(this->ike_sa_id);
1965 this->payloads->destroy_offset(this->payloads, offsetof(payload_t, destroy));
1966 this->packet->destroy(this->packet);
1967 this->parser->destroy(this->parser);
1968 free(this);
1969 }
1970
1971 /*
1972 * Described in header.
1973 */
1974 message_t *message_create_from_packet(packet_t *packet)
1975 {
1976 private_message_t *this;
1977
1978 INIT(this,
1979 .public = {
1980 .set_major_version = _set_major_version,
1981 .get_major_version = _get_major_version,
1982 .set_minor_version = _set_minor_version,
1983 .get_minor_version = _get_minor_version,
1984 .set_message_id = _set_message_id,
1985 .get_message_id = _get_message_id,
1986 .get_initiator_spi = _get_initiator_spi,
1987 .get_responder_spi = _get_responder_spi,
1988 .set_ike_sa_id = _set_ike_sa_id,
1989 .get_ike_sa_id = _get_ike_sa_id,
1990 .set_exchange_type = _set_exchange_type,
1991 .get_exchange_type = _get_exchange_type,
1992 .get_first_payload_type = _get_first_payload_type,
1993 .set_request = _set_request,
1994 .get_request = _get_request,
1995 .set_version_flag = _set_version_flag,
1996 .get_reserved_header_bit = _get_reserved_header_bit,
1997 .set_reserved_header_bit = _set_reserved_header_bit,
1998 .add_payload = _add_payload,
1999 .add_notify = _add_notify,
2000 .disable_sort = _disable_sort,
2001 .generate = _generate,
2002 .is_encoded = _is_encoded,
2003 .set_source = _set_source,
2004 .get_source = _get_source,
2005 .set_destination = _set_destination,
2006 .get_destination = _get_destination,
2007 .create_payload_enumerator = _create_payload_enumerator,
2008 .remove_payload_at = _remove_payload_at,
2009 .get_payload = _get_payload,
2010 .get_notify = _get_notify,
2011 .parse_header = _parse_header,
2012 .parse_body = _parse_body,
2013 .get_packet = _get_packet,
2014 .get_packet_data = _get_packet_data,
2015 .destroy = _destroy,
2016 },
2017 .exchange_type = EXCHANGE_TYPE_UNDEFINED,
2018 .is_request = TRUE,
2019 .first_payload = NO_PAYLOAD,
2020 .packet = packet,
2021 .payloads = linked_list_create(),
2022 .parser = parser_create(packet->get_data(packet)),
2023 );
2024
2025 return &this->public;
2026 }
2027
2028 /*
2029 * Described in header.
2030 */
2031 message_t *message_create(int major, int minor)
2032 {
2033 message_t *this = message_create_from_packet(packet_create());
2034
2035 this->set_major_version(this, major);
2036 this->set_minor_version(this, minor);
2037
2038 return this;
2039 }