projects / strongswan.git / blob
? search:


efa748bd05341385b9bee9d56055fa1357be1adf
[strongswan.git] / src / libcharon / encoding / payloads / proposal_substructure.c
1 /*
2 * Copyright (C) 2005-2010 Martin Willi
3 * Copyright (C) 2005 Jan Hutter
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include <stddef.h>
18
19 #include "proposal_substructure.h"
20
21 #include <encoding/payloads/encodings.h>
22 #include <encoding/payloads/transform_substructure.h>
23 #include <library.h>
24 #include <utils/linked_list.h>
25 #include <daemon.h>
26
27 /**
28 * IKEv2 Value for a proposal payload.
29 */
30 #define PROPOSAL_TYPE_VALUE 2
31
32 typedef struct private_proposal_substructure_t private_proposal_substructure_t;
33
34 /**
35 * Private data of an proposal_substructure_t object.
36 */
37 struct private_proposal_substructure_t {
38
39 /**
40 * Public proposal_substructure_t interface.
41 */
42 proposal_substructure_t public;
43
44 /**
45 * Next payload type.
46 */
47 u_int8_t next_payload;
48
49 /**
50 * reserved byte
51 */
52 u_int8_t reserved;
53
54 /**
55 * Length of this payload.
56 */
57 u_int16_t proposal_length;
58
59 /**
60 * Proposal number.
61 */
62 u_int8_t proposal_number;
63
64 /**
65 * Protocol ID.
66 */
67 u_int8_t protocol_id;
68
69 /**
70 * SPI size of the following SPI.
71 */
72 u_int8_t spi_size;
73
74 /**
75 * Number of transforms.
76 */
77 u_int8_t transforms_count;
78
79 /**
80 * SPI is stored as chunk.
81 */
82 chunk_t spi;
83
84 /**
85 * Transforms are stored in a linked_list_t.
86 */
87 linked_list_t *transforms;
88
89 /**
90 * Type of this payload, PROPOSAL_SUBSTRUCTURE or PROPOSAL_SUBSTRUCTURE_V1
91 */
92 payload_type_t type;
93 };
94
95 /**
96 * Encoding rules for a IKEv1 Proposal substructure.
97 */
98 static encoding_rule_t encodings_v1[] = {
99 /* 1 Byte next payload type, stored in the field next_payload */
100 { U_INT_8, offsetof(private_proposal_substructure_t, next_payload) },
101 /* 1 Reserved Byte */
102 { RESERVED_BYTE, offsetof(private_proposal_substructure_t, reserved) },
103 /* Length of the whole proposal substructure payload*/
104 { PAYLOAD_LENGTH, offsetof(private_proposal_substructure_t, proposal_length) },
105 /* proposal number is a number of 8 bit */
106 { U_INT_8, offsetof(private_proposal_substructure_t, proposal_number) },
107 /* protocol ID is a number of 8 bit */
108 { U_INT_8, offsetof(private_proposal_substructure_t, protocol_id) },
109 /* SPI Size has its own type */
110 { SPI_SIZE, offsetof(private_proposal_substructure_t, spi_size) },
111 /* Number of transforms is a number of 8 bit */
112 { U_INT_8, offsetof(private_proposal_substructure_t, transforms_count) },
113 /* SPI is a chunk of variable size*/
114 { SPI, offsetof(private_proposal_substructure_t, spi) },
115 /* Transforms are stored in a transform substructure,
116 offset points to a linked_list_t pointer */
117 { TRANSFORMS_V1, offsetof(private_proposal_substructure_t, transforms) }
118 };
119
120 /**
121 * Encoding rules for a IKEv2 Proposal substructure.
122 */
123 static encoding_rule_t encodings_v2[] = {
124 /* 1 Byte next payload type, stored in the field next_payload */
125 { U_INT_8, offsetof(private_proposal_substructure_t, next_payload) },
126 /* 1 Reserved Byte */
127 { RESERVED_BYTE, offsetof(private_proposal_substructure_t, reserved) },
128 /* Length of the whole proposal substructure payload*/
129 { PAYLOAD_LENGTH, offsetof(private_proposal_substructure_t, proposal_length) },
130 /* proposal number is a number of 8 bit */
131 { U_INT_8, offsetof(private_proposal_substructure_t, proposal_number) },
132 /* protocol ID is a number of 8 bit */
133 { U_INT_8, offsetof(private_proposal_substructure_t, protocol_id) },
134 /* SPI Size has its own type */
135 { SPI_SIZE, offsetof(private_proposal_substructure_t, spi_size) },
136 /* Number of transforms is a number of 8 bit */
137 { U_INT_8, offsetof(private_proposal_substructure_t, transforms_count) },
138 /* SPI is a chunk of variable size*/
139 { SPI, offsetof(private_proposal_substructure_t, spi) },
140 /* Transforms are stored in a transform substructure,
141 offset points to a linked_list_t pointer */
142 { TRANSFORMS, offsetof(private_proposal_substructure_t, transforms) }
143 };
144
145 /*
146 1 2 3
147 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
148 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
149 ! 0 (last) or 2 ! RESERVED ! Proposal Length !
150 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
151 ! Proposal # ! Protocol ID ! SPI Size !# of Transforms!
152 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
153 ~ SPI (variable) ~
154 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
155 ! !
156 ~ <Transforms> ~
157 ! !
158 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
159 */
160
161 /**
162 * Encryption.
163 */
164 typedef enum {
165 IKEV1_ENCR_DES_CBC = 1,
166 IKEV1_ENCR_IDEA_CBC = 2,
167 IKEV1_ENCR_BLOWFISH_CBC = 3,
168 IKEV1_ENCR_RC5_R16_B64_CBC = 4,
169 IKEV1_ENCR_3DES_CBC = 5,
170 IKEV1_ENCR_CAST_CBC = 6,
171 IKEV1_ENCR_AES_CBC = 7,
172 IKEV1_ENCR_CAMELLIA_CBC = 8,
173 IKEV1_ENCR_LAST = 9,
174 } ikev1_encryption_t;
175
176 /**
177 * IKEv1 hash.
178 */
179 typedef enum {
180 IKEV1_HASH_MD5 = 1,
181 IKEV1_HASH_SHA1 = 2,
182 IKEV1_HASH_TIGER = 3,
183 IKEV1_HASH_SHA2_256 = 4,
184 IKEV1_HASH_SHA2_384 = 5,
185 IKEV1_HASH_SHA2_512 = 6,
186 } ikev1_hash_t;
187
188 /**
189 * IKEv1 Transform ID IKE.
190 */
191 typedef enum {
192 IKEV1_TRANSID_KEY_IKE = 1,
193 } ikev1_ike_transid_t;
194
195 /**
196 * IKEv1 Transform ID ESP.
197 */
198 typedef enum {
199 IKEV1_TRANSID_ESP_DES_IV64 = 1,
200 IKEV1_TRANSID_ESP_DES = 2,
201 IKEV1_TRANSID_ESP_3DES = 3,
202 IKEV1_TRANSID_ESP_RC5 = 4,
203 IKEV1_TRANSID_ESP_IDEA = 5,
204 IKEV1_TRANSID_ESP_CAST = 6,
205 IKEV1_TRANSID_ESP_BLOWFISH = 7,
206 IKEV1_TRANSID_ESP_3IDEA = 8,
207 IKEV1_TRANSID_ESP_DES_IV32 = 9,
208 IKEV1_TRANSID_ESP_RC4 = 10,
209 IKEV1_TRANSID_ESP_NULL = 11,
210 IKEV1_TRANSID_ESP_AES_CBC = 12,
211 } ikev1_esp_transid_t;
212
213 /**
214 * IKEv1 ESP Encapsulation mode.
215 */
216 typedef enum {
217 IKEV1_ENCAP_TUNNEL = 1,
218 IKEV1_ENCAP_TRANSPORT = 2,
219 IKEV1_ENCAP_UDP_TUNNEL = 3,
220 IKEV1_ENCAP_UDP_TRANSPORT = 4,
221 } ikev1_esp_encap_t;
222
223 /**
224 * IKEv1 Life duration types.
225 */
226 typedef enum {
227 IKEV1_LIFE_TYPE_SECONDS = 1,
228 IKEV1_LIFE_TYPE_KILOBYTES = 2,
229 } ikev1_life_type_t;
230
231 METHOD(payload_t, verify, status_t,
232 private_proposal_substructure_t *this)
233 {
234 status_t status = SUCCESS;
235 enumerator_t *enumerator;
236 payload_t *current;
237
238 if (this->next_payload != NO_PAYLOAD && this->next_payload != 2)
239 {
240 /* must be 0 or 2 */
241 DBG1(DBG_ENC, "inconsistent next payload");
242 return FAILED;
243 }
244 if (this->transforms_count != this->transforms->get_count(this->transforms))
245 {
246 /* must be the same! */
247 DBG1(DBG_ENC, "transform count invalid");
248 return FAILED;
249 }
250
251 switch (this->protocol_id)
252 {
253 case PROTO_AH:
254 case PROTO_ESP:
255 if (this->spi.len != 4)
256 {
257 DBG1(DBG_ENC, "invalid SPI length in %N proposal",
258 protocol_id_names, this->protocol_id);
259 return FAILED;
260 }
261 break;
262 case PROTO_IKE:
263 if (this->spi.len != 0 && this->spi.len != 8)
264 {
265 DBG1(DBG_ENC, "invalid SPI length in IKE proposal");
266 return FAILED;
267 }
268 break;
269 default:
270 break;
271 }
272 enumerator = this->transforms->create_enumerator(this->transforms);
273 while (enumerator->enumerate(enumerator, &current))
274 {
275 status = current->verify(current);
276 if (status != SUCCESS)
277 {
278 DBG1(DBG_ENC, "TRANSFORM_SUBSTRUCTURE verification failed");
279 break;
280 }
281 }
282 enumerator->destroy(enumerator);
283
284 /* proposal number is checked in SA payload */
285 return status;
286 }
287
288 METHOD(payload_t, get_encoding_rules, void,
289 private_proposal_substructure_t *this, encoding_rule_t **rules,
290 size_t *rule_count)
291 {
292 if (this->type == PROPOSAL_SUBSTRUCTURE)
293 {
294 *rules = encodings_v2;
295 *rule_count = countof(encodings_v2);
296 }
297 else
298 {
299 *rules = encodings_v1;
300 *rule_count = countof(encodings_v1);
301 }
302 }
303
304 METHOD(payload_t, get_type, payload_type_t,
305 private_proposal_substructure_t *this)
306 {
307 return this->type;
308 }
309
310 METHOD(payload_t, get_next_type, payload_type_t,
311 private_proposal_substructure_t *this)
312 {
313 return this->next_payload;
314 }
315
316 METHOD(payload_t, set_next_type, void,
317 private_proposal_substructure_t *this, payload_type_t type)
318 {
319 }
320
321 /**
322 * (re-)compute the length of the payload.
323 */
324 static void compute_length(private_proposal_substructure_t *this)
325 {
326 enumerator_t *enumerator;
327 payload_t *transform;
328
329 this->transforms_count = 0;
330 this->proposal_length = PROPOSAL_SUBSTRUCTURE_HEADER_LENGTH + this->spi.len;
331 enumerator = this->transforms->create_enumerator(this->transforms);
332 while (enumerator->enumerate(enumerator, &transform))
333 {
334 this->proposal_length += transform->get_length(transform);
335 this->transforms_count++;
336 }
337 enumerator->destroy(enumerator);
338 }
339
340 METHOD(payload_t, get_length, size_t,
341 private_proposal_substructure_t *this)
342 {
343 return this->proposal_length;
344 }
345
346 /**
347 * Add a transform substructure to the proposal
348 */
349 static void add_transform_substructure(private_proposal_substructure_t *this,
350 transform_substructure_t *transform)
351 {
352 if (this->transforms->get_count(this->transforms) > 0)
353 {
354 transform_substructure_t *last;
355
356 this->transforms->get_last(this->transforms, (void **)&last);
357 last->set_is_last_transform(last, FALSE);
358 }
359 transform->set_is_last_transform(transform,TRUE);
360 this->transforms->insert_last(this->transforms, transform);
361 compute_length(this);
362 }
363
364 METHOD(proposal_substructure_t, set_is_last_proposal, void,
365 private_proposal_substructure_t *this, bool is_last)
366 {
367 this->next_payload = is_last ? 0 : PROPOSAL_TYPE_VALUE;
368 }
369
370 METHOD(proposal_substructure_t, set_proposal_number, void,
371 private_proposal_substructure_t *this,u_int8_t proposal_number)
372 {
373 this->proposal_number = proposal_number;
374 }
375
376 METHOD(proposal_substructure_t, get_proposal_number, u_int8_t,
377 private_proposal_substructure_t *this)
378 {
379 return this->proposal_number;
380 }
381
382 METHOD(proposal_substructure_t, set_protocol_id, void,
383 private_proposal_substructure_t *this,u_int8_t protocol_id)
384 {
385 this->protocol_id = protocol_id;
386 }
387
388 METHOD(proposal_substructure_t, get_protocol_id, u_int8_t,
389 private_proposal_substructure_t *this)
390 {
391 return this->protocol_id;
392 }
393
394 METHOD(proposal_substructure_t, set_spi, void,
395 private_proposal_substructure_t *this, chunk_t spi)
396 {
397 free(this->spi.ptr);
398 this->spi = chunk_clone(spi);
399 this->spi_size = spi.len;
400 compute_length(this);
401 }
402
403 METHOD(proposal_substructure_t, get_spi, chunk_t,
404 private_proposal_substructure_t *this)
405 {
406 return this->spi;
407 }
408
409 /**
410 * Add a transform to a proposal for IKEv2
411 */
412 static void add_to_proposal_v2(proposal_t *proposal,
413 transform_substructure_t *transform)
414 {
415 transform_attribute_t *tattr;
416 enumerator_t *enumerator;
417 u_int16_t key_length = 0;
418
419 enumerator = transform->create_attribute_enumerator(transform);
420 while (enumerator->enumerate(enumerator, &tattr))
421 {
422 if (tattr->get_attribute_type(tattr) == TATTR_IKEV2_KEY_LENGTH)
423 {
424 key_length = tattr->get_value(tattr);
425 break;
426 }
427 }
428 enumerator->destroy(enumerator);
429
430 proposal->add_algorithm(proposal,
431 transform->get_transform_type_or_number(transform),
432 transform->get_transform_id(transform), key_length);
433 }
434
435 /**
436 * Get IKEv2 algorithm from IKEv1 identifier
437 */
438 static u_int16_t get_alg_from_ikev1(transform_type_t type, u_int16_t value)
439 {
440 typedef struct {
441 u_int16_t ikev1;
442 u_int16_t ikev2;
443 } algo_map_t;
444
445 static algo_map_t encr[] = {
446 { IKEV1_ENCR_DES_CBC, ENCR_DES },
447 { IKEV1_ENCR_IDEA_CBC, ENCR_IDEA },
448 { IKEV1_ENCR_BLOWFISH_CBC, ENCR_BLOWFISH },
449 { IKEV1_ENCR_3DES_CBC, ENCR_3DES },
450 { IKEV1_ENCR_CAST_CBC, ENCR_CAST },
451 { IKEV1_ENCR_AES_CBC, ENCR_AES_CBC },
452 { IKEV1_ENCR_CAMELLIA_CBC, ENCR_CAMELLIA_CBC },
453 };
454 static algo_map_t integ[] = {
455 { IKEV1_HASH_MD5, AUTH_HMAC_MD5_96 },
456 { IKEV1_HASH_SHA1, AUTH_HMAC_SHA1_96 },
457 { IKEV1_HASH_SHA2_256, AUTH_HMAC_SHA2_256_128 },
458 { IKEV1_HASH_SHA2_384, AUTH_HMAC_SHA2_384_192 },
459 { IKEV1_HASH_SHA2_512, AUTH_HMAC_SHA2_512_256 },
460 };
461 static algo_map_t prf[] = {
462 { IKEV1_HASH_MD5, PRF_HMAC_MD5 },
463 { IKEV1_HASH_SHA1, PRF_HMAC_SHA1 },
464 { IKEV1_HASH_SHA2_256, PRF_HMAC_SHA2_256 },
465 { IKEV1_HASH_SHA2_384, PRF_HMAC_SHA2_384 },
466 { IKEV1_HASH_SHA2_512, PRF_HMAC_SHA2_512 },
467 };
468 int i, count;
469 u_int16_t def;
470 algo_map_t *map;
471
472 switch (type)
473 {
474 case ENCRYPTION_ALGORITHM:
475 map = encr;
476 count = countof(encr);
477 def = ENCR_UNDEFINED;
478 break;
479 case INTEGRITY_ALGORITHM:
480 map = integ;
481 count = countof(integ);
482 def = AUTH_UNDEFINED;
483 break;
484 case PSEUDO_RANDOM_FUNCTION:
485 map = prf;
486 count = countof(prf);
487 def = PRF_UNDEFINED;
488 break;
489 default:
490 return 0;
491 }
492
493 for (i = 0; i < count; i++)
494 {
495 if (map[i].ikev1 == value)
496 {
497 return map[i].ikev2;
498 }
499 }
500 return def;
501 }
502
503 /**
504 * Add an IKE transform to a proposal for IKEv1
505 */
506 static void add_to_proposal_v1_ike(proposal_t *proposal,
507 transform_substructure_t *transform)
508 {
509 transform_attribute_type_t type;
510 transform_attribute_t *tattr;
511 enumerator_t *enumerator;
512 u_int16_t value, key_length = 0;
513 u_int16_t encr = ENCR_UNDEFINED;
514
515 enumerator = transform->create_attribute_enumerator(transform);
516 while (enumerator->enumerate(enumerator, &tattr))
517 {
518 type = tattr->get_attribute_type(tattr);
519 value = tattr->get_value(tattr);
520 switch (type)
521 {
522 case TATTR_PH1_ENCRYPTION_ALGORITHM:
523 encr = get_alg_from_ikev1(ENCRYPTION_ALGORITHM, value);
524 break;
525 case TATTR_PH1_KEY_LENGTH:
526 key_length = value;
527 break;
528 case TATTR_PH1_HASH_ALGORITHM:
529 proposal->add_algorithm(proposal, INTEGRITY_ALGORITHM,
530 get_alg_from_ikev1(INTEGRITY_ALGORITHM, value), 0);
531 proposal->add_algorithm(proposal, PSEUDO_RANDOM_FUNCTION,
532 get_alg_from_ikev1(PSEUDO_RANDOM_FUNCTION, value), 0);
533 break;
534 case TATTR_PH1_GROUP:
535 proposal->add_algorithm(proposal, DIFFIE_HELLMAN_GROUP,
536 value, 0);
537 break;
538 default:
539 /* TODO-IKEv1: lifetimes, authentication and other attributes */
540 break;
541 }
542 }
543 enumerator->destroy(enumerator);
544
545 if (encr != ENCR_UNDEFINED)
546 {
547 proposal->add_algorithm(proposal, ENCRYPTION_ALGORITHM, encr, key_length);
548 }
549 }
550
551 /**
552 * Add an ESP transform to a proposal for IKEv1
553 */
554 static void add_to_proposal_v1_esp(proposal_t *proposal,
555 transform_substructure_t *transform)
556 {
557 /* TODO-IKEv1: create ESP proposals */
558 }
559
560 METHOD(proposal_substructure_t, get_proposal, proposal_t*,
561 private_proposal_substructure_t *this)
562 {
563 transform_substructure_t *transform;
564 enumerator_t *enumerator;
565 proposal_t *proposal;
566
567 proposal = proposal_create(this->protocol_id, this->proposal_number);
568
569 enumerator = this->transforms->create_enumerator(this->transforms);
570 while (enumerator->enumerate(enumerator, &transform))
571 {
572 if (this->type == PROPOSAL_SUBSTRUCTURE)
573 {
574 add_to_proposal_v2(proposal, transform);
575 }
576 else
577 {
578 switch (this->protocol_id)
579 {
580 case PROTO_IKE:
581 add_to_proposal_v1_ike(proposal, transform);
582 break;
583 case PROTO_ESP:
584 add_to_proposal_v1_esp(proposal, transform);
585 break;
586 default:
587 break;
588 }
589 /* TODO-IKEv1: We currently accept the first set of transforms
590 * in a substructure only. We need to return multiple proposals,
591 * but this messes up proposal numbering, as we don't support
592 * transform numbering. */
593 break;
594 }
595 }
596 enumerator->destroy(enumerator);
597
598 switch (this->spi.len)
599 {
600 case 4:
601 proposal->set_spi(proposal, *((u_int32_t*)this->spi.ptr));
602 break;
603 case 8:
604 proposal->set_spi(proposal, *((u_int64_t*)this->spi.ptr));
605 break;
606 default:
607 break;
608 }
609
610 return proposal;
611 }
612
613 METHOD(proposal_substructure_t, create_substructure_enumerator, enumerator_t*,
614 private_proposal_substructure_t *this)
615 {
616 return this->transforms->create_enumerator(this->transforms);
617 }
618
619 METHOD2(payload_t, proposal_substructure_t, destroy, void,
620 private_proposal_substructure_t *this)
621 {
622 this->transforms->destroy_offset(this->transforms,
623 offsetof(payload_t, destroy));
624 chunk_free(&this->spi);
625 free(this);
626 }
627
628 /*
629 * Described in header.
630 */
631 proposal_substructure_t *proposal_substructure_create(payload_type_t type)
632 {
633 private_proposal_substructure_t *this;
634
635 INIT(this,
636 .public = {
637 .payload_interface = {
638 .verify = _verify,
639 .get_encoding_rules = _get_encoding_rules,
640 .get_length = _get_length,
641 .get_next_type = _get_next_type,
642 .set_next_type = _set_next_type,
643 .get_type = _get_type,
644 .destroy = _destroy,
645 },
646 .set_proposal_number = _set_proposal_number,
647 .get_proposal_number = _get_proposal_number,
648 .set_protocol_id = _set_protocol_id,
649 .get_protocol_id = _get_protocol_id,
650 .set_is_last_proposal = _set_is_last_proposal,
651 .get_proposal = _get_proposal,
652 .create_substructure_enumerator = _create_substructure_enumerator,
653 .set_spi = _set_spi,
654 .get_spi = _get_spi,
655 .destroy = _destroy,
656 },
657 .next_payload = NO_PAYLOAD,
658 .proposal_length = PROPOSAL_SUBSTRUCTURE_HEADER_LENGTH,
659 .transforms = linked_list_create(),
660 .type = type,
661 );
662
663 return &this->public;
664 }
665
666 /*
667 * Described in header.
668 */
669 proposal_substructure_t *proposal_substructure_create_from_proposal(
670 payload_type_t type, proposal_t *proposal)
671 {
672 transform_substructure_t *transform;
673 private_proposal_substructure_t *this;
674 u_int16_t alg, key_size;
675 enumerator_t *enumerator;
676 payload_type_t subtype = TRANSFORM_SUBSTRUCTURE;
677
678 if (type == PROPOSAL_SUBSTRUCTURE_V1)
679 {
680 /* TODO-IKEv1: IKEv1 specific proposal encoding */
681 subtype = TRANSFORM_SUBSTRUCTURE_V1;
682 }
683
684 this = (private_proposal_substructure_t*)proposal_substructure_create(type);
685
686 /* encryption algorithm is only available in ESP */
687 enumerator = proposal->create_enumerator(proposal, ENCRYPTION_ALGORITHM);
688 while (enumerator->enumerate(enumerator, &alg, &key_size))
689 {
690 transform = transform_substructure_create_type(subtype,
691 ENCRYPTION_ALGORITHM, alg, key_size);
692 add_transform_substructure(this, transform);
693 }
694 enumerator->destroy(enumerator);
695
696 /* integrity algorithms */
697 enumerator = proposal->create_enumerator(proposal, INTEGRITY_ALGORITHM);
698 while (enumerator->enumerate(enumerator, &alg, &key_size))
699 {
700 transform = transform_substructure_create_type(subtype,
701 INTEGRITY_ALGORITHM, alg, key_size);
702 add_transform_substructure(this, transform);
703 }
704 enumerator->destroy(enumerator);
705
706 /* prf algorithms */
707 enumerator = proposal->create_enumerator(proposal, PSEUDO_RANDOM_FUNCTION);
708 while (enumerator->enumerate(enumerator, &alg, &key_size))
709 {
710 transform = transform_substructure_create_type(subtype,
711 PSEUDO_RANDOM_FUNCTION, alg, key_size);
712 add_transform_substructure(this, transform);
713 }
714 enumerator->destroy(enumerator);
715
716 /* dh groups */
717 enumerator = proposal->create_enumerator(proposal, DIFFIE_HELLMAN_GROUP);
718 while (enumerator->enumerate(enumerator, &alg, NULL))
719 {
720 transform = transform_substructure_create_type(subtype,
721 DIFFIE_HELLMAN_GROUP, alg, 0);
722 add_transform_substructure(this, transform);
723 }
724 enumerator->destroy(enumerator);
725
726 /* extended sequence numbers */
727 enumerator = proposal->create_enumerator(proposal, EXTENDED_SEQUENCE_NUMBERS);
728 while (enumerator->enumerate(enumerator, &alg, NULL))
729 {
730 transform = transform_substructure_create_type(subtype,
731 EXTENDED_SEQUENCE_NUMBERS, alg, 0);
732 add_transform_substructure(this, transform);
733 }
734 enumerator->destroy(enumerator);
735
736 /* add SPI, if necessary */
737 switch (proposal->get_protocol(proposal))
738 {
739 case PROTO_AH:
740 case PROTO_ESP:
741 this->spi_size = this->spi.len = 4;
742 this->spi.ptr = malloc(this->spi_size);
743 *((u_int32_t*)this->spi.ptr) = proposal->get_spi(proposal);
744 break;
745 case PROTO_IKE:
746 if (proposal->get_spi(proposal))
747 { /* IKE only uses SPIS when rekeying, but on initial setup */
748 this->spi_size = this->spi.len = 8;
749 this->spi.ptr = malloc(this->spi_size);
750 *((u_int64_t*)this->spi.ptr) = proposal->get_spi(proposal);
751 }
752 break;
753 default:
754 break;
755 }
756 this->proposal_number = proposal->get_number(proposal);
757 this->protocol_id = proposal->get_protocol(proposal);
758 compute_length(this);
759
760 return &this->public;
761 }
strongSwan - IPsec VPN