Use modified encryption payload to encrypt/decrypt complete IKEv1 messages.
[strongswan.git] / src / libcharon / encoding / payloads / payload.c
1 /*
2 * Copyright (C) 2007 Tobias Brunner
3 * Copyright (C) 2005-2006 Martin Willi
4 * Copyright (C) 2005 Jan Hutter
5 * Hochschule fuer Technik Rapperswil
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 *
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * for more details.
16 */
17
18
19 #include "payload.h"
20
21 #include <encoding/payloads/ike_header.h>
22 #include <encoding/payloads/sa_payload.h>
23 #include <encoding/payloads/nonce_payload.h>
24 #include <encoding/payloads/id_payload.h>
25 #include <encoding/payloads/ke_payload.h>
26 #include <encoding/payloads/notify_payload.h>
27 #include <encoding/payloads/auth_payload.h>
28 #include <encoding/payloads/cert_payload.h>
29 #include <encoding/payloads/certreq_payload.h>
30 #include <encoding/payloads/encryption_payload.h>
31 #include <encoding/payloads/ts_payload.h>
32 #include <encoding/payloads/delete_payload.h>
33 #include <encoding/payloads/vendor_id_payload.h>
34 #include <encoding/payloads/cp_payload.h>
35 #include <encoding/payloads/configuration_attribute.h>
36 #include <encoding/payloads/eap_payload.h>
37 #include <encoding/payloads/unknown_payload.h>
38
39
40 ENUM_BEGIN(payload_type_names, NO_PAYLOAD, NO_PAYLOAD,
41 "NO_PAYLOAD");
42 ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION_V1, VENDOR_ID_V1, NO_PAYLOAD,
43 "SECURITY_ASSOCIATION_V1",
44 "PROPOSAL_V1",
45 "TRANSFORM_V1",
46 "KEY_EXCHANGE_V1",
47 "ID_V1",
48 "CERTIFICATE_V1",
49 "CERTIFICATE_REQUEST_V1",
50 "HASH_V1",
51 "SIGNATURE_V1",
52 "NONCE_V1",
53 "NOTIFY_V1",
54 "DELETE_V1",
55 "VENDOR_ID_V1");
56 ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION, EXTENSIBLE_AUTHENTICATION, VENDOR_ID_V1,
57 "SECURITY_ASSOCIATION",
58 "KEY_EXCHANGE",
59 "ID_INITIATOR",
60 "ID_RESPONDER",
61 "CERTIFICATE",
62 "CERTIFICATE_REQUEST",
63 "AUTHENTICATION",
64 "NONCE",
65 "NOTIFY",
66 "DELETE",
67 "VENDOR_ID",
68 "TRAFFIC_SELECTOR_INITIATOR",
69 "TRAFFIC_SELECTOR_RESPONDER",
70 "ENCRYPTED",
71 "CONFIGURATION",
72 "EXTENSIBLE_AUTHENTICATION");
73 #ifdef ME
74 ENUM_NEXT(payload_type_names, ID_PEER, ID_PEER, EXTENSIBLE_AUTHENTICATION,
75 "ID_PEER");
76 ENUM_NEXT(payload_type_names, HEADER, CONFIGURATION_ATTRIBUTE, ID_PEER,
77 "HEADER",
78 "PROPOSAL_SUBSTRUCTURE",
79 "PROPOSAL_SUBSTRUCTURE_V1",
80 "TRANSFORM_SUBSTRUCTURE",
81 "TRANSFORM_SUBSTRUCTURE_V1",
82 "TRANSFORM_ATTRIBUTE",
83 "TRANSFORM_ATTRIBUTE_V1",
84 "TRAFFIC_SELECTOR_SUBSTRUCTURE",
85 "CONFIGURATION_ATTRIBUTE");
86 #else
87 ENUM_NEXT(payload_type_names, HEADER, CONFIGURATION_ATTRIBUTE, EXTENSIBLE_AUTHENTICATION,
88 "HEADER",
89 "PROPOSAL_SUBSTRUCTURE",
90 "PROPOSAL_SUBSTRUCTURE_V1",
91 "TRANSFORM_SUBSTRUCTURE",
92 "TRANSFORM_SUBSTRUCTURE_V1",
93 "TRANSFORM_ATTRIBUTE",
94 "TRANSFORM_ATTRIBUTE_V1",
95 "TRAFFIC_SELECTOR_SUBSTRUCTURE",
96 "CONFIGURATION_ATTRIBUTE");
97 #endif /* ME */
98 ENUM_END(payload_type_names, CONFIGURATION_ATTRIBUTE);
99
100 /* short forms of payload names */
101 ENUM_BEGIN(payload_type_short_names, NO_PAYLOAD, NO_PAYLOAD,
102 "--");
103 ENUM_NEXT(payload_type_short_names, SECURITY_ASSOCIATION_V1, VENDOR_ID_V1, NO_PAYLOAD,
104 "SA",
105 "PROP",
106 "TRANS",
107 "KE",
108 "ID",
109 "CERT",
110 "CERTREQ",
111 "HASH",
112 "SIG",
113 "No",
114 "N",
115 "D",
116 "V");
117 ENUM_NEXT(payload_type_short_names, SECURITY_ASSOCIATION, EXTENSIBLE_AUTHENTICATION, VENDOR_ID_V1,
118 "SA",
119 "KE",
120 "IDi",
121 "IDr",
122 "CERT",
123 "CERTREQ",
124 "AUTH",
125 "No",
126 "N",
127 "D",
128 "V",
129 "TSi",
130 "TSr",
131 "E",
132 "CP",
133 "EAP");
134 #ifdef ME
135 ENUM_NEXT(payload_type_short_names, ID_PEER, ID_PEER, EXTENSIBLE_AUTHENTICATION,
136 "IDp");
137 ENUM_NEXT(payload_type_short_names, HEADER, CONFIGURATION_ATTRIBUTE, ID_PEER,
138 "HDR",
139 "PROP",
140 "PROP",
141 "TRANS",
142 "TRANS",
143 "TRANSATTR",
144 "TRANSATTR",
145 "TSSUB",
146 "CATTR");
147 #else
148 ENUM_NEXT(payload_type_short_names, HEADER, CONFIGURATION_ATTRIBUTE, EXTENSIBLE_AUTHENTICATION,
149 "HDR",
150 "PROP",
151 "PROP",
152 "TRANS",
153 "TRANS",
154 "TRANSATTR",
155 "TRANSATTR",
156 "TSSUB",
157 "CATTR");
158 #endif /* ME */
159 ENUM_END(payload_type_short_names, CONFIGURATION_ATTRIBUTE);
160
161 /*
162 * see header
163 */
164 payload_t *payload_create(payload_type_t type)
165 {
166 switch (type)
167 {
168 case HEADER:
169 return (payload_t*)ike_header_create();
170 case SECURITY_ASSOCIATION:
171 case SECURITY_ASSOCIATION_V1:
172 return (payload_t*)sa_payload_create(type);
173 case PROPOSAL_SUBSTRUCTURE:
174 case PROPOSAL_SUBSTRUCTURE_V1:
175 return (payload_t*)proposal_substructure_create(type);
176 case TRANSFORM_SUBSTRUCTURE:
177 case TRANSFORM_SUBSTRUCTURE_V1:
178 return (payload_t*)transform_substructure_create(type);
179 case TRANSFORM_ATTRIBUTE:
180 case TRANSFORM_ATTRIBUTE_V1:
181 return (payload_t*)transform_attribute_create(type);
182 case NONCE:
183 case NONCE_V1:
184 return (payload_t*)nonce_payload_create(type);
185 case ID_INITIATOR:
186 case ID_RESPONDER:
187 case ID_V1:
188 #ifdef ME
189 case ID_PEER:
190 #endif /* ME */
191 return (payload_t*)id_payload_create(type);
192 case AUTHENTICATION:
193 return (payload_t*)auth_payload_create();
194 case CERTIFICATE:
195 return (payload_t*)cert_payload_create();
196 case CERTIFICATE_REQUEST:
197 return (payload_t*)certreq_payload_create();
198 case TRAFFIC_SELECTOR_SUBSTRUCTURE:
199 return (payload_t*)traffic_selector_substructure_create();
200 case TRAFFIC_SELECTOR_INITIATOR:
201 return (payload_t*)ts_payload_create(TRUE);
202 case TRAFFIC_SELECTOR_RESPONDER:
203 return (payload_t*)ts_payload_create(FALSE);
204 case KEY_EXCHANGE:
205 case KEY_EXCHANGE_V1:
206 return (payload_t*)ke_payload_create(type);
207 case NOTIFY:
208 case NOTIFY_V1:
209 return (payload_t*)notify_payload_create(type);
210 case DELETE:
211 case DELETE_V1:
212 return (payload_t*)delete_payload_create(type, 0);
213 case VENDOR_ID:
214 case VENDOR_ID_V1:
215 return (payload_t*)vendor_id_payload_create(type);
216 case CONFIGURATION:
217 return (payload_t*)cp_payload_create();
218 case CONFIGURATION_ATTRIBUTE:
219 return (payload_t*)configuration_attribute_create();
220 case EXTENSIBLE_AUTHENTICATION:
221 return (payload_t*)eap_payload_create();
222 case ENCRYPTED:
223 case ENCRYPTED_V1:
224 return (payload_t*)encryption_payload_create(type);
225 default:
226 return (payload_t*)unknown_payload_create(type);
227 }
228 }
229
230 /**
231 * See header.
232 */
233 bool payload_is_known(payload_type_t type)
234 {
235 if (type == HEADER)
236 {
237 return TRUE;
238 }
239 if (type >= SECURITY_ASSOCIATION && type <= EXTENSIBLE_AUTHENTICATION)
240 {
241 return TRUE;
242 }
243 if (type >= SECURITY_ASSOCIATION_V1 && type <= VENDOR_ID_V1)
244 {
245 return TRUE;
246 }
247 #ifdef ME
248 if (type == ID_PEER)
249 {
250 return TRUE;
251 }
252 #endif
253 return FALSE;
254 }
255
256 /**
257 * See header.
258 */
259 void* payload_get_field(payload_t *payload, encoding_type_t type, u_int skip)
260 {
261 encoding_rule_t *rule;
262 int i, count;
263
264 count = payload->get_encoding_rules(payload, &rule);
265 for (i = 0; i < count; i++)
266 {
267 if (rule[i].type == type && skip-- == 0)
268 {
269 return ((char*)payload) + rule[i].offset;
270 }
271 }
272 return NULL;
273 }