75af146aff21101d99e7936ad6d11e952160e926
[strongswan.git] / src / libcharon / sa / ikev1 / tasks / isakmp_vendor.c
1 /*
2 * Copyright (C) 2009 Martin Willi
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "isakmp_vendor.h"
17
18 #include <daemon.h>
19 #include <encoding/payloads/vendor_id_payload.h>
20
21 typedef struct private_isakmp_vendor_t private_isakmp_vendor_t;
22
23 /**
24 * Private data of an isakmp_vendor_t object.
25 */
26 struct private_isakmp_vendor_t {
27
28 /**
29 * Public isakmp_vendor_t interface.
30 */
31 isakmp_vendor_t public;
32
33 /**
34 * Associated IKE_SA
35 */
36 ike_sa_t *ike_sa;
37
38 /**
39 * Are we the inititator of this task
40 */
41 bool initiator;
42 };
43
44 /**
45 * IKEv1 Vendor ID database
46 */
47 static struct {
48 /* Description */
49 char *desc;
50 /* extension flag negotiated with vendor ID, if any */
51 ike_extension_t extension;
52 /* send yourself? */
53 bool send;
54 /* length of vendor ID string */
55 int len;
56 /* vendor ID string */
57 char *id;
58 } vendor_ids[] = {
59
60 /* strongSwan MD5("strongSwan") */
61 { "strongSwan", EXT_STRONGSWAN, FALSE, 16,
62 "\x88\x2f\xe5\x6d\x6f\xd2\x0d\xbc\x22\x51\x61\x3b\x2e\xbe\x5b\xeb"},
63
64 /* XAuth, MD5("draft-ietf-ipsra-isakmp-xauth-06.txt") */
65 { "XAuth", EXT_XAUTH, TRUE, 8,
66 "\x09\x00\x26\x89\xdf\xd6\xb7\x12"},
67
68 /* NAT-Traversal, MD5("RFC 3947") */
69 { "NAT-T (RFC 3947)", EXT_NATT, TRUE, 16,
70 "\x4a\x13\x1c\x81\x07\x03\x58\x45\x5c\x57\x28\xf2\x0e\x95\x45\x2f"},
71
72 /* Dead peer detection, RFC 3706 */
73 { "DPD", EXT_DPD, TRUE, 16,
74 "\xaf\xca\xd7\x13\x68\xa1\xf1\xc9\x6b\x86\x96\xfc\x77\x57\x01\x00"},
75
76 { "draft-stenberg-ipsec-nat-traversal-01", 0, FALSE, 16,
77 "\x27\xba\xb5\xdc\x01\xea\x07\x60\xea\x4e\x31\x90\xac\x27\xc0\xd0"},
78
79 { "draft-stenberg-ipsec-nat-traversal-02", 0, FALSE, 16,
80 "\x61\x05\xc4\x22\xe7\x68\x47\xe4\x3f\x96\x84\x80\x12\x92\xae\xcd"},
81
82 { "draft-ietf-ipsec-nat-t-ike", 0, FALSE, 16,
83 "\x4d\xf3\x79\x28\xe9\xfc\x4f\xd1\xb3\x26\x21\x70\xd5\x15\xc6\x62"},
84
85 { "draft-ietf-ipsec-nat-t-ike-00", 0, FALSE, 16,
86 "\x44\x85\x15\x2d\x18\xb6\xbb\xcd\x0b\xe8\xa8\x46\x95\x79\xdd\xcc"},
87
88 { "draft-ietf-ipsec-nat-t-ike-02", 0, FALSE, 16,
89 "\xcd\x60\x46\x43\x35\xdf\x21\xf8\x7c\xfd\xb2\xfc\x68\xb6\xa4\x48"},
90
91 { "draft-ietf-ipsec-nat-t-ike-02\\n", 0, FALSE, 16,
92 "\x90\xcb\x80\x91\x3e\xbb\x69\x6e\x08\x63\x81\xb5\xec\x42\x7b\x1f"},
93
94 { "draft-ietf-ipsec-nat-t-ike-03", 0, FALSE, 16,
95 "\x7d\x94\x19\xa6\x53\x10\xca\x6f\x2c\x17\x9d\x92\x15\x52\x9d\x56"},
96
97 { "draft-ietf-ipsec-nat-t-ike-04", 0, FALSE, 16,
98 "\x99\x09\xb6\x4e\xed\x93\x7c\x65\x73\xde\x52\xac\xe9\x52\xfa\x6b"},
99
100 { "draft-ietf-ipsec-nat-t-ike-05", 0, FALSE, 16,
101 "\x80\xd0\xbb\x3d\xef\x54\x56\x5e\xe8\x46\x45\xd4\xc8\x5c\xe3\xee"},
102
103 { "draft-ietf-ipsec-nat-t-ike-06", 0, FALSE, 16,
104 "\x4d\x1e\x0e\x13\x6d\xea\xfa\x34\xc4\xf3\xea\x9f\x02\xec\x72\x85"},
105
106 { "draft-ietf-ipsec-nat-t-ike-07", 0, FALSE, 16,
107 "\x43\x9b\x59\xf8\xba\x67\x6c\x4c\x77\x37\xae\x22\xea\xb8\xf5\x82"},
108
109 { "draft-ietf-ipsec-nat-t-ike-08", 0, FALSE, 16,
110 "\x8f\x8d\x83\x82\x6d\x24\x6b\x6f\xc7\xa8\xa6\xa4\x28\xc1\x1d\xe8"},
111
112 { "Cisco Unity", 0, FALSE, 16,
113 "\x12\xf5\xf2\x8c\x45\x71\x68\xa9\x70\x2d\x9f\xe2\x74\xcc\x01\x00"},
114 };
115
116 METHOD(task_t, build, status_t,
117 private_isakmp_vendor_t *this, message_t *message)
118 {
119 vendor_id_payload_t *vid_payload;
120 bool strongswan;
121 int i;
122
123 strongswan = lib->settings->get_bool(lib->settings,
124 "%s.send_vendor_id", FALSE, charon->name);
125 for (i = 0; i < countof(vendor_ids); i++)
126 {
127 if (vendor_ids[i].send ||
128 (vendor_ids[i].extension == EXT_STRONGSWAN && strongswan))
129 {
130 vid_payload = vendor_id_payload_create_data(VENDOR_ID_V1,
131 chunk_clone(chunk_create(vendor_ids[i].id, vendor_ids[i].len)));
132 message->add_payload(message, &vid_payload->payload_interface);
133 }
134 }
135 return this->initiator ? NEED_MORE : SUCCESS;
136 }
137
138 METHOD(task_t, process, status_t,
139 private_isakmp_vendor_t *this, message_t *message)
140 {
141 enumerator_t *enumerator;
142 payload_t *payload;
143 int i;
144
145 enumerator = message->create_payload_enumerator(message);
146 while (enumerator->enumerate(enumerator, &payload))
147 {
148 if (payload->get_type(payload) == VENDOR_ID_V1)
149 {
150 vendor_id_payload_t *vid;
151 bool found = FALSE;
152 chunk_t data;
153
154 vid = (vendor_id_payload_t*)payload;
155 data = vid->get_data(vid);
156
157 for (i = 0; i < countof(vendor_ids); i++)
158 {
159 if (chunk_equals(data, chunk_create(vendor_ids[i].id,
160 vendor_ids[i].len)))
161 {
162 DBG1(DBG_IKE, "received %s vendor ID", vendor_ids[i].desc);
163 if (vendor_ids[i].extension)
164 {
165 this->ike_sa->enable_extension(this->ike_sa,
166 vendor_ids[i].extension);
167 }
168 found = TRUE;
169 }
170 }
171 if (!found)
172 {
173 DBG1(DBG_ENC, "received unknown vendor ID: %#B", &data);
174 }
175 }
176 }
177 enumerator->destroy(enumerator);
178
179 return this->initiator ? SUCCESS : NEED_MORE;
180 }
181
182 METHOD(task_t, migrate, void,
183 private_isakmp_vendor_t *this, ike_sa_t *ike_sa)
184 {
185 this->ike_sa = ike_sa;
186 }
187
188 METHOD(task_t, get_type, task_type_t,
189 private_isakmp_vendor_t *this)
190 {
191 return TASK_ISAKMP_VENDOR;
192 }
193
194 METHOD(task_t, destroy, void,
195 private_isakmp_vendor_t *this)
196 {
197 free(this);
198 }
199
200 /**
201 * See header
202 */
203 isakmp_vendor_t *isakmp_vendor_create(ike_sa_t *ike_sa, bool initiator)
204 {
205 private_isakmp_vendor_t *this;
206
207 INIT(this,
208 .public = {
209 .task = {
210 .build = _build,
211 .process = _process,
212 .migrate = _migrate,
213 .get_type = _get_type,
214 .destroy = _destroy,
215 },
216 },
217 .initiator = initiator,
218 .ike_sa = ike_sa,
219 );
220
221 return &this->public;
222 }