projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Store proposal number in proposal_t to reuse it in the selected proposal
[strongswan.git] / src / libcharon / encoding / payloads / sa_payload.c
1 /*
2 * Copyright (C) 2005-2010 Martin Willi
3 * Copyright (C) 2005 Jan Hutter
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include <stddef.h>
18
19 #include "sa_payload.h"
20
21 #include <encoding/payloads/encodings.h>
22 #include <utils/linked_list.h>
23 #include <daemon.h>
24
25
26 typedef struct private_sa_payload_t private_sa_payload_t;
27
28 /**
29 * Private data of an sa_payload_t object.
30 */
31 struct private_sa_payload_t {
32
33 /**
34 * Public sa_payload_t interface.
35 */
36 sa_payload_t public;
37
38 /**
39 * Next payload type.
40 */
41 u_int8_t next_payload;
42
43 /**
44 * Critical flag.
45 */
46 bool critical;
47
48 /**
49 * Length of this payload.
50 */
51 u_int16_t payload_length;
52
53 /**
54 * Proposals in this payload are stored in a linked_list_t.
55 */
56 linked_list_t * proposals;
57 };
58
59 /**
60 * Encoding rules to parse or generate a IKEv2-SA Payload
61 *
62 * The defined offsets are the positions in a object of type
63 * private_sa_payload_t.
64 */
65 encoding_rule_t sa_payload_encodings[] = {
66 /* 1 Byte next payload type, stored in the field next_payload */
67 { U_INT_8, offsetof(private_sa_payload_t, next_payload) },
68 /* the critical bit */
69 { FLAG, offsetof(private_sa_payload_t, critical) },
70 /* 7 Bit reserved bits, nowhere stored */
71 { RESERVED_BIT, 0 },
72 { RESERVED_BIT, 0 },
73 { RESERVED_BIT, 0 },
74 { RESERVED_BIT, 0 },
75 { RESERVED_BIT, 0 },
76 { RESERVED_BIT, 0 },
77 { RESERVED_BIT, 0 },
78 /* Length of the whole SA payload*/
79 { PAYLOAD_LENGTH, offsetof(private_sa_payload_t, payload_length) },
80 /* Proposals are stored in a proposal substructure,
81 offset points to a linked_list_t pointer */
82 { PROPOSALS, offsetof(private_sa_payload_t, proposals) },
83 };
84
85 /*
86 1 2 3
87 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
88 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
89 ! Next Payload !C! RESERVED ! Payload Length !
90 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
91 ! !
92 ~ <Proposals> ~
93 ! !
94 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
95 */
96
97 METHOD(payload_t, verify, status_t,
98 private_sa_payload_t *this)
99 {
100 int expected_number = 1, current_number;
101 status_t status = SUCCESS;
102 enumerator_t *enumerator;
103 proposal_substructure_t *substruct;
104 bool first = TRUE;
105
106 /* check proposal numbering */
107 enumerator = this->proposals->create_enumerator(this->proposals);
108 while (enumerator->enumerate(enumerator, (void**)&substruct))
109 {
110 current_number = substruct->get_proposal_number(substruct);
111 if (current_number < expected_number)
112 {
113 if (current_number != expected_number + 1)
114 {
115 DBG1(DBG_ENC, "proposal number is %d, expected %d or %d",
116 current_number, expected_number, expected_number + 1);
117 status = FAILED;
118 break;
119 }
120 }
121 else if (current_number < expected_number)
122 {
123 DBG1(DBG_ENC, "proposal number smaller than previous");
124 status = FAILED;
125 break;
126 }
127
128 status = substruct->payload_interface.verify(&substruct->payload_interface);
129 if (status != SUCCESS)
130 {
131 DBG1(DBG_ENC, "PROPOSAL_SUBSTRUCTURE verification failed");
132 break;
133 }
134 first = FALSE;
135 expected_number = current_number;
136 }
137 enumerator->destroy(enumerator);
138 return status;
139 }
140
141 METHOD(payload_t, get_encoding_rules, void,
142 private_sa_payload_t *this, encoding_rule_t **rules, size_t *rule_count)
143 {
144 *rules = sa_payload_encodings;
145 *rule_count = countof(sa_payload_encodings);
146 }
147
148 METHOD(payload_t, get_type, payload_type_t,
149 private_sa_payload_t *this)
150 {
151 return SECURITY_ASSOCIATION;
152 }
153
154 METHOD(payload_t, get_next_type, payload_type_t,
155 private_sa_payload_t *this)
156 {
157 return this->next_payload;
158 }
159
160 METHOD(payload_t, set_next_type, void,
161 private_sa_payload_t *this,payload_type_t type)
162 {
163 this->next_payload = type;
164 }
165
166 /**
167 * recompute length of the payload.
168 */
169 static void compute_length(private_sa_payload_t *this)
170 {
171 enumerator_t *enumerator;
172 payload_t *current;
173 size_t length = SA_PAYLOAD_HEADER_LENGTH;
174
175 enumerator = this->proposals->create_enumerator(this->proposals);
176 while (enumerator->enumerate(enumerator, (void **)&current))
177 {
178 length += current->get_length(current);
179 }
180 enumerator->destroy(enumerator);
181
182 this->payload_length = length;
183 }
184
185 METHOD(payload_t, get_length, size_t,
186 private_sa_payload_t *this)
187 {
188 compute_length(this);
189 return this->payload_length;
190 }
191
192 METHOD(sa_payload_t, add_proposal, void,
193 private_sa_payload_t *this, proposal_t *proposal)
194 {
195 proposal_substructure_t *substruct, *last;
196 u_int count;
197
198 count = this->proposals->get_count(this->proposals);
199 substruct = proposal_substructure_create_from_proposal(proposal);
200 if (count > 0)
201 {
202 this->proposals->get_last(this->proposals, (void**)&last);
203 /* last transform is now not anymore last one */
204 last->set_is_last_proposal(last, FALSE);
205 }
206 substruct->set_is_last_proposal(substruct, TRUE);
207 if (proposal->get_number(proposal))
208 { /* use the selected proposals number, if any */
209 substruct->set_proposal_number(substruct, proposal->get_number(proposal));
210 }
211 else
212 {
213 substruct->set_proposal_number(substruct, count + 1);
214 }
215 this->proposals->insert_last(this->proposals, substruct);
216 compute_length(this);
217 }
218
219 METHOD(sa_payload_t, get_proposals, linked_list_t*,
220 private_sa_payload_t *this)
221 {
222 int struct_number = 0;
223 int ignore_struct_number = 0;
224 enumerator_t *enumerator;
225 proposal_substructure_t *substruct;
226 linked_list_t *list;
227 proposal_t *proposal;
228
229 list = linked_list_create();
230 /* we do not support proposals split up to two proposal substructures, as
231 * AH+ESP bundles are not supported in RFC4301 anymore.
232 * To handle such structures safely, we just skip proposals with multiple
233 * protocols.
234 */
235 enumerator = this->proposals->create_enumerator(this->proposals);
236 while (enumerator->enumerate(enumerator, &substruct))
237 {
238 /* check if a proposal has a single protocol */
239 if (substruct->get_proposal_number(substruct) == struct_number)
240 {
241 if (ignore_struct_number < struct_number)
242 {
243 /* remove an already added, if first of series */
244 list->remove_last(list, (void**)&proposal);
245 proposal->destroy(proposal);
246 ignore_struct_number = struct_number;
247 }
248 continue;
249 }
250 struct_number++;
251 proposal = substruct->get_proposal(substruct);
252 if (proposal)
253 {
254 list->insert_last(list, proposal);
255 }
256 }
257 enumerator->destroy(enumerator);
258 return list;
259 }
260
261 METHOD2(payload_t, sa_payload_t, destroy, void,
262 private_sa_payload_t *this)
263 {
264 this->proposals->destroy_offset(this->proposals,
265 offsetof(proposal_substructure_t, destroy));
266 free(this);
267 }
268
269 /*
270 * Described in header.
271 */
272 sa_payload_t *sa_payload_create()
273 {
274 private_sa_payload_t *this;
275
276 INIT(this,
277 .public = {
278 .payload_interface = {
279 .verify = _verify,
280 .get_encoding_rules = _get_encoding_rules,
281 .get_length = _get_length,
282 .get_next_type = _get_next_type,
283 .set_next_type = _set_next_type,
284 .get_type = _get_type,
285 .destroy = _destroy,
286 },
287 .add_proposal = _add_proposal,
288 .get_proposals = _get_proposals,
289 .destroy = _destroy,
290 },
291 .next_payload = NO_PAYLOAD,
292 .payload_length = SA_PAYLOAD_HEADER_LENGTH,
293 .proposals = linked_list_create(),
294 );
295 return &this->public;
296 }
297
298 /*
299 * Described in header.
300 */
301 sa_payload_t *sa_payload_create_from_proposal_list(linked_list_t *proposals)
302 {
303 private_sa_payload_t *this;
304 enumerator_t *enumerator;
305 proposal_t *proposal;
306
307 this = (private_sa_payload_t*)sa_payload_create();
308 enumerator = proposals->create_enumerator(proposals);
309 while (enumerator->enumerate(enumerator, &proposal))
310 {
311 add_proposal(this, proposal);
312 }
313 enumerator->destroy(enumerator);
314
315 return &this->public;
316 }
317
318 /*
319 * Described in header.
320 */
321 sa_payload_t *sa_payload_create_from_proposal(proposal_t *proposal)
322 {
323 private_sa_payload_t *this;
324
325 this = (private_sa_payload_t*)sa_payload_create();
326 add_proposal(this, proposal);
327
328 return &this->public;
329 }
strongSwan - IPsec VPN