projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Simplify signature of get_encoding_rules(), make all rules static
[strongswan.git] / src / libcharon / encoding / payloads / sa_payload.c
1 /*
2 * Copyright (C) 2005-2010 Martin Willi
3 * Copyright (C) 2005 Jan Hutter
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include <stddef.h>
18
19 #include "sa_payload.h"
20
21 #include <encoding/payloads/encodings.h>
22 #include <utils/linked_list.h>
23 #include <daemon.h>
24
25 /* IKEv1 situation */
26 #define SIT_IDENTITY_ONLY 1
27
28 typedef struct private_sa_payload_t private_sa_payload_t;
29
30 /**
31 * Private data of an sa_payload_t object.
32 */
33 struct private_sa_payload_t {
34
35 /**
36 * Public sa_payload_t interface.
37 */
38 sa_payload_t public;
39
40 /**
41 * Next payload type.
42 */
43 u_int8_t next_payload;
44
45 /**
46 * Critical flag.
47 */
48 bool critical;
49
50 /**
51 * Reserved bits
52 */
53 bool reserved[8];
54
55 /**
56 * Length of this payload.
57 */
58 u_int16_t payload_length;
59
60 /**
61 * Proposals in this payload are stored in a linked_list_t.
62 */
63 linked_list_t *proposals;
64
65 /**
66 * Type of this payload, V1 or V2
67 */
68 payload_type_t type;
69
70 /**
71 * IKEv1 DOI
72 */
73 u_int32_t doi;
74
75 /**
76 * IKEv1 situation
77 */
78 u_int32_t situation;
79 };
80
81 /**
82 * Encoding rules for IKEv1 SA payload
83 */
84 static encoding_rule_t encodings_v1[] = {
85 /* 1 Byte next payload type, stored in the field next_payload */
86 { U_INT_8, offsetof(private_sa_payload_t, next_payload) },
87 /* 8 reserved bits */
88 { RESERVED_BIT, offsetof(private_sa_payload_t, reserved[0]) },
89 { RESERVED_BIT, offsetof(private_sa_payload_t, reserved[1]) },
90 { RESERVED_BIT, offsetof(private_sa_payload_t, reserved[2]) },
91 { RESERVED_BIT, offsetof(private_sa_payload_t, reserved[3]) },
92 { RESERVED_BIT, offsetof(private_sa_payload_t, reserved[4]) },
93 { RESERVED_BIT, offsetof(private_sa_payload_t, reserved[5]) },
94 { RESERVED_BIT, offsetof(private_sa_payload_t, reserved[6]) },
95 { RESERVED_BIT, offsetof(private_sa_payload_t, reserved[7]) },
96 /* Length of the whole SA payload*/
97 { PAYLOAD_LENGTH, offsetof(private_sa_payload_t, payload_length) },
98 /* DOI*/
99 { U_INT_32, offsetof(private_sa_payload_t, doi) },
100 /* Situation*/
101 { U_INT_32, offsetof(private_sa_payload_t, situation) },
102 /* Proposals are stored in a proposal substructure,
103 offset points to a linked_list_t pointer */
104 { PROPOSALS_V1, offsetof(private_sa_payload_t, proposals) },
105 };
106
107 /*
108 1 2 3
109 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
110 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
111 ! Next Payload ! RESERVED ! Payload Length !
112 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
113 ! DOI !
114 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
115 ! Situation !
116 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
117 ! !
118 ~ <Proposals> ~
119 ! !
120 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
121 */
122
123 /**
124 * Encoding rules for IKEv2 SA payload
125 */
126 static encoding_rule_t encodings_v2[] = {
127 /* 1 Byte next payload type, stored in the field next_payload */
128 { U_INT_8, offsetof(private_sa_payload_t, next_payload) },
129 /* the critical bit */
130 { FLAG, offsetof(private_sa_payload_t, critical) },
131 /* 7 Bit reserved bits */
132 { RESERVED_BIT, offsetof(private_sa_payload_t, reserved[0]) },
133 { RESERVED_BIT, offsetof(private_sa_payload_t, reserved[1]) },
134 { RESERVED_BIT, offsetof(private_sa_payload_t, reserved[2]) },
135 { RESERVED_BIT, offsetof(private_sa_payload_t, reserved[3]) },
136 { RESERVED_BIT, offsetof(private_sa_payload_t, reserved[4]) },
137 { RESERVED_BIT, offsetof(private_sa_payload_t, reserved[5]) },
138 { RESERVED_BIT, offsetof(private_sa_payload_t, reserved[6]) },
139 /* Length of the whole SA payload*/
140 { PAYLOAD_LENGTH, offsetof(private_sa_payload_t, payload_length) },
141 /* Proposals are stored in a proposal substructure,
142 offset points to a linked_list_t pointer */
143 { PROPOSALS, offsetof(private_sa_payload_t, proposals) },
144 };
145
146 /*
147 1 2 3
148 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
149 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
150 ! Next Payload !C! RESERVED ! Payload Length !
151 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
152 ! !
153 ~ <Proposals> ~
154 ! !
155 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
156 */
157
158 METHOD(payload_t, verify, status_t,
159 private_sa_payload_t *this)
160 {
161 int expected_number = 0, current_number;
162 status_t status = SUCCESS;
163 enumerator_t *enumerator;
164 proposal_substructure_t *substruct;
165
166 if (this->type == SECURITY_ASSOCIATION)
167 {
168 expected_number = 1;
169 }
170
171 /* check proposal numbering */
172 enumerator = this->proposals->create_enumerator(this->proposals);
173 while (enumerator->enumerate(enumerator, (void**)&substruct))
174 {
175 current_number = substruct->get_proposal_number(substruct);
176 if (current_number < expected_number)
177 {
178 if (current_number != expected_number + 1)
179 {
180 DBG1(DBG_ENC, "proposal number is %d, expected %d or %d",
181 current_number, expected_number, expected_number + 1);
182 status = FAILED;
183 break;
184 }
185 }
186 else if (current_number < expected_number)
187 {
188 DBG1(DBG_ENC, "proposal number smaller than previous");
189 status = FAILED;
190 break;
191 }
192
193 status = substruct->payload_interface.verify(&substruct->payload_interface);
194 if (status != SUCCESS)
195 {
196 DBG1(DBG_ENC, "PROPOSAL_SUBSTRUCTURE verification failed");
197 break;
198 }
199 expected_number = current_number;
200 }
201 enumerator->destroy(enumerator);
202 return status;
203 }
204
205 METHOD(payload_t, get_encoding_rules, int,
206 private_sa_payload_t *this, encoding_rule_t **rules)
207 {
208 if (this->type == SECURITY_ASSOCIATION_V1)
209 {
210 *rules = encodings_v1;
211 return countof(encodings_v1);
212 }
213 *rules = encodings_v2;
214 return countof(encodings_v2);
215 }
216
217 METHOD(payload_t, get_type, payload_type_t,
218 private_sa_payload_t *this)
219 {
220 return this->type;
221 }
222
223 METHOD(payload_t, get_next_type, payload_type_t,
224 private_sa_payload_t *this)
225 {
226 return this->next_payload;
227 }
228
229 METHOD(payload_t, set_next_type, void,
230 private_sa_payload_t *this,payload_type_t type)
231 {
232 this->next_payload = type;
233 }
234
235 /**
236 * recompute length of the payload.
237 */
238 static void compute_length(private_sa_payload_t *this)
239 {
240 enumerator_t *enumerator;
241 payload_t *current;
242 size_t length = SA_PAYLOAD_HEADER_LENGTH;
243
244 if (this->type == SECURITY_ASSOCIATION_V1)
245 {
246 length = SA_PAYLOAD_V1_HEADER_LENGTH;
247 }
248
249 enumerator = this->proposals->create_enumerator(this->proposals);
250 while (enumerator->enumerate(enumerator, (void **)&current))
251 {
252 length += current->get_length(current);
253 }
254 enumerator->destroy(enumerator);
255
256 this->payload_length = length;
257 }
258
259 METHOD(payload_t, get_length, size_t,
260 private_sa_payload_t *this)
261 {
262 return this->payload_length;
263 }
264
265 METHOD(sa_payload_t, add_proposal, void,
266 private_sa_payload_t *this, proposal_t *proposal)
267 {
268 proposal_substructure_t *substruct, *last;
269 payload_type_t subtype = PROPOSAL_SUBSTRUCTURE;
270 u_int count;
271
272 if (this->type == SECURITY_ASSOCIATION_V1)
273 {
274 subtype = PROPOSAL_SUBSTRUCTURE_V1;
275 }
276 substruct = proposal_substructure_create_from_proposal(subtype, proposal);
277 count = this->proposals->get_count(this->proposals);
278 if (count > 0)
279 {
280 this->proposals->get_last(this->proposals, (void**)&last);
281 /* last transform is now not anymore last one */
282 last->set_is_last_proposal(last, FALSE);
283 }
284 substruct->set_is_last_proposal(substruct, TRUE);
285 if (proposal->get_number(proposal))
286 { /* use the selected proposals number, if any */
287 substruct->set_proposal_number(substruct, proposal->get_number(proposal));
288 }
289 else
290 {
291 substruct->set_proposal_number(substruct, count + 1);
292 }
293 this->proposals->insert_last(this->proposals, substruct);
294 compute_length(this);
295 }
296
297 METHOD(sa_payload_t, get_proposals, linked_list_t*,
298 private_sa_payload_t *this)
299 {
300 int struct_number = 0;
301 int ignore_struct_number = 0;
302 enumerator_t *enumerator;
303 proposal_substructure_t *substruct;
304 linked_list_t *list;
305 proposal_t *proposal;
306
307 if (this->type == SECURITY_ASSOCIATION_V1)
308 { /* IKEv1 proposals start with 0 */
309 struct_number = ignore_struct_number = -1;
310 }
311
312 list = linked_list_create();
313 /* we do not support proposals split up to two proposal substructures, as
314 * AH+ESP bundles are not supported in RFC4301 anymore.
315 * To handle such structures safely, we just skip proposals with multiple
316 * protocols.
317 */
318 enumerator = this->proposals->create_enumerator(this->proposals);
319 while (enumerator->enumerate(enumerator, &substruct))
320 {
321 /* check if a proposal has a single protocol */
322 if (substruct->get_proposal_number(substruct) == struct_number)
323 {
324 if (ignore_struct_number < struct_number)
325 {
326 /* remove an already added, if first of series */
327 list->remove_last(list, (void**)&proposal);
328 proposal->destroy(proposal);
329 ignore_struct_number = struct_number;
330 }
331 continue;
332 }
333 struct_number++;
334 proposal = substruct->get_proposal(substruct);
335 if (proposal)
336 {
337 list->insert_last(list, proposal);
338 }
339 }
340 enumerator->destroy(enumerator);
341 return list;
342 }
343
344 METHOD(sa_payload_t, create_substructure_enumerator, enumerator_t*,
345 private_sa_payload_t *this)
346 {
347 return this->proposals->create_enumerator(this->proposals);
348 }
349
350 METHOD2(payload_t, sa_payload_t, destroy, void,
351 private_sa_payload_t *this)
352 {
353 this->proposals->destroy_offset(this->proposals,
354 offsetof(payload_t, destroy));
355 free(this);
356 }
357
358 /*
359 * Described in header.
360 */
361 sa_payload_t *sa_payload_create(payload_type_t type)
362 {
363 private_sa_payload_t *this;
364
365 INIT(this,
366 .public = {
367 .payload_interface = {
368 .verify = _verify,
369 .get_encoding_rules = _get_encoding_rules,
370 .get_length = _get_length,
371 .get_next_type = _get_next_type,
372 .set_next_type = _set_next_type,
373 .get_type = _get_type,
374 .destroy = _destroy,
375 },
376 .add_proposal = _add_proposal,
377 .get_proposals = _get_proposals,
378 .create_substructure_enumerator = _create_substructure_enumerator,
379 .destroy = _destroy,
380 },
381 .next_payload = NO_PAYLOAD,
382 .proposals = linked_list_create(),
383 .type = type,
384 /* for IKEv1 only */
385 .doi = IKEV1_DOI_IPSEC,
386 .situation = SIT_IDENTITY_ONLY,
387 );
388
389 compute_length(this);
390
391 return &this->public;
392 }
393
394 /*
395 * Described in header.
396 */
397 sa_payload_t *sa_payload_create_from_proposal_list(payload_type_t type,
398 linked_list_t *proposals)
399 {
400 sa_payload_t *this;
401 enumerator_t *enumerator;
402 proposal_t *proposal;
403
404 this = sa_payload_create(type);
405 enumerator = proposals->create_enumerator(proposals);
406 while (enumerator->enumerate(enumerator, &proposal))
407 {
408 this->add_proposal(this, proposal);
409 }
410 enumerator->destroy(enumerator);
411
412 return this;
413 }
414
415 /*
416 * Described in header.
417 */
418 sa_payload_t *sa_payload_create_from_proposal(payload_type_t type,
419 proposal_t *proposal)
420 {
421 sa_payload_t *this;
422
423 this = sa_payload_create(type);
424 this->add_proposal(this, proposal);
425
426 return this;
427 }
strongSwan - IPsec VPN