Added IKEv1 support to notify payload
authorMartin Willi <martin@revosec.ch>
Thu, 17 Nov 2011 17:01:41 +0000 (18:01 +0100)
committerMartin Willi <martin@revosec.ch>
Tue, 20 Mar 2012 16:30:43 +0000 (17:30 +0100)
src/conftest/hooks/add_notify.c
src/conftest/hooks/unencrypted_notify.c
src/libcharon/encoding/message.c
src/libcharon/encoding/payloads/endpoint_notify.c
src/libcharon/encoding/payloads/notify_payload.c
src/libcharon/encoding/payloads/notify_payload.h
src/libcharon/encoding/payloads/payload.c
src/libcharon/encoding/payloads/payload.h
src/libcharon/encoding/payloads/proposal_substructure.c
src/libcharon/sa/tasks/child_rekey.c
src/libcharon/sa/tasks/ike_natd.c

index de46ca8..a973196 100644 (file)
@@ -89,7 +89,7 @@ METHOD(listener_t, message, bool,
                {
                        data = chunk_clone(chunk_create(this->data, strlen(this->data)));
                }
-               notify = notify_payload_create_from_protocol_and_type(
+               notify = notify_payload_create_from_protocol_and_type(NOTIFY,
                                                                        this->esp ? PROTO_ESP : PROTO_IKE, type);
                notify->set_spi(notify, this->spi);
                if (data.len)
index 507f30c..958e33e 100644 (file)
@@ -84,7 +84,7 @@ METHOD(listener_t, ike_updown, bool,
                {
                        data = chunk_clone(chunk_create(this->data, strlen(this->data)));
                }
-               notify = notify_payload_create_from_protocol_and_type(
+               notify = notify_payload_create_from_protocol_and_type(NOTIFY,
                                                                        this->esp ? PROTO_ESP : PROTO_IKE, type);
                notify->set_spi(notify, this->spi);
                if (data.len)
index 6640b76..0789da4 100644 (file)
@@ -425,7 +425,7 @@ static payload_order_t me_connect_r_order[] = {
  */
 static payload_rule_t id_prot_i_rules[] = {
 /*     payload type                            min     max                                             encr    suff */
-       {NOTIFICATION_V1,                       0,      MAX_NOTIFY_PAYLOADS,    FALSE,  FALSE},
+       {NOTIFY_V1,                                     0,      MAX_NOTIFY_PAYLOADS,    FALSE,  FALSE},
        {SECURITY_ASSOCIATION_V1,       0,      1,                                              FALSE,  FALSE},
        {KEY_EXCHANGE_V1,                       0,      1,                                              FALSE,  FALSE},
        {NONCE_V1,                                      0,      1,                                              FALSE,  FALSE},
@@ -450,7 +450,7 @@ static payload_order_t id_prot_i_order[] = {
        {SIGNATURE_V1,                          0},
        {HASH_V1,                                       0},
        {CERTIFICATE_REQUEST_V1,        0},
-       {NOTIFICATION_V1,                       0},
+       {NOTIFY_V1,                                     0},
        {VENDOR_ID_V1,                          0},
 };
 
@@ -459,7 +459,7 @@ static payload_order_t id_prot_i_order[] = {
  */
 static payload_rule_t id_prot_r_rules[] = {
 /*     payload type                            min     max                                             encr    suff */
-       {NOTIFICATION_V1,                       0,      MAX_NOTIFY_PAYLOADS,    FALSE,  FALSE},
+       {NOTIFY_V1,                                     0,      MAX_NOTIFY_PAYLOADS,    FALSE,  FALSE},
        {SECURITY_ASSOCIATION_V1,       0,      1,                                              FALSE,  FALSE},
        {KEY_EXCHANGE_V1,                       0,      1,                                              FALSE,  FALSE},
        {NONCE_V1,                                      0,      1,                                              FALSE,  FALSE},
@@ -484,7 +484,7 @@ static payload_order_t id_prot_r_order[] = {
        {SIGNATURE_V1,                          0},
        {HASH_V1,                                       0},
        {CERTIFICATE_REQUEST_V1,        0},
-       {NOTIFICATION_V1,                       0},
+       {NOTIFY_V1,                                     0},
        {VENDOR_ID_V1,                          0},
 };
 
@@ -493,7 +493,7 @@ static payload_order_t id_prot_r_order[] = {
  */
 static payload_rule_t aggressive_i_rules[] = {
 /*     payload type                            min     max                                             encr    suff */
-       {NOTIFICATION_V1,                       0,      MAX_NOTIFY_PAYLOADS,    FALSE,  FALSE},
+       {NOTIFY_V1,                                     0,      MAX_NOTIFY_PAYLOADS,    FALSE,  FALSE},
        {SECURITY_ASSOCIATION_V1,       0,      1,                                              FALSE,  FALSE},
        {KEY_EXCHANGE_V1,                       0,      1,                                              FALSE,  FALSE},
        {NONCE_V1,                                      0,      1,                                              FALSE,  FALSE},
@@ -518,7 +518,7 @@ static payload_order_t aggressive_i_order[] = {
        {SIGNATURE_V1,                          0},
        {HASH_V1,                                       0},
        {CERTIFICATE_REQUEST_V1,        0},
-       {NOTIFICATION_V1,                       0},
+       {NOTIFY_V1,                                     0},
        {VENDOR_ID_V1,                          0},
 };
 
@@ -527,7 +527,7 @@ static payload_order_t aggressive_i_order[] = {
  */
 static payload_rule_t aggressive_r_rules[] = {
 /*     payload type                            min     max                                             encr    suff */
-       {NOTIFICATION_V1,                       0,      MAX_NOTIFY_PAYLOADS,    FALSE,  FALSE},
+       {NOTIFY_V1,                                     0,      MAX_NOTIFY_PAYLOADS,    FALSE,  FALSE},
        {SECURITY_ASSOCIATION_V1,       0,      1,                                              FALSE,  FALSE},
        {KEY_EXCHANGE_V1,                       0,      1,                                              FALSE,  FALSE},
        {NONCE_V1,                                      0,      1,                                              FALSE,  FALSE},
@@ -552,7 +552,7 @@ static payload_order_t aggressive_r_order[] = {
        {SIGNATURE_V1,                          0},
        {HASH_V1,                                       0},
        {CERTIFICATE_REQUEST_V1,        0},
-       {NOTIFICATION_V1,                       0},
+       {NOTIFY_V1,                                     0},
        {VENDOR_ID_V1,                          0},
 };
 
@@ -561,7 +561,7 @@ static payload_order_t aggressive_r_order[] = {
  */
 static payload_rule_t informational_i_rules_v1[] = {
 /*     payload type                            min     max                                             encr    suff */
-       {NOTIFICATION_V1,                       0,      MAX_NOTIFY_PAYLOADS,    TRUE,   FALSE},
+       {NOTIFY_V1,                                     0,      MAX_NOTIFY_PAYLOADS,    TRUE,   FALSE},
        {DELETE_V1,                                     0,      MAX_DELETE_PAYLOADS,    TRUE,   FALSE},
        {VENDOR_ID_V1,                          0,      MAX_VID_PAYLOADS,               TRUE,   FALSE},
 };
@@ -571,7 +571,7 @@ static payload_rule_t informational_i_rules_v1[] = {
  */
 static payload_order_t informational_i_order_v1[] = {
 /*     payload type                            notify type */
-       {NOTIFICATION_V1,                       0},
+       {NOTIFY_V1,                                     0},
        {DELETE_V1,                                     0},
        {VENDOR_ID_V1,                          0},
 };
@@ -930,7 +930,14 @@ METHOD(message_t, add_notify, void,
                        payload->destroy(payload);
                }
        }
-       notify = notify_payload_create();
+       if (this->major_version == IKEV2_MAJOR_VERSION)
+       {
+               notify = notify_payload_create(NOTIFY);
+       }
+       else
+       {
+               notify = notify_payload_create(NOTIFY_V1);
+       }
        notify->set_notify_type(notify, type);
        notify->set_notification_data(notify, data);
        add_payload(this, (payload_t*)notify);
index 1ead0a0..8dc1c19 100644 (file)
@@ -227,7 +227,7 @@ METHOD(endpoint_notify_t, build_notify, notify_payload_t*,
        chunk_t data;
        notify_payload_t *notify;
 
-       notify = notify_payload_create();
+       notify = notify_payload_create(NOTIFICATION);
        notify->set_notify_type(notify, ME_ENDPOINT);
        data = build_notification_data(this);
        notify->set_notification_data(notify, data);
index 7dab941..a5ffb06 100644 (file)
@@ -38,7 +38,8 @@ ENUM_NEXT(notify_type_names, INVALID_SPI, INVALID_SPI, INVALID_MESSAGE_ID,
        "INVALID_SPI");
 ENUM_NEXT(notify_type_names, NO_PROPOSAL_CHOSEN, NO_PROPOSAL_CHOSEN, INVALID_SPI,
        "NO_PROPOSAL_CHOSEN");
-ENUM_NEXT(notify_type_names, INVALID_KE_PAYLOAD, INVALID_KE_PAYLOAD, NO_PROPOSAL_CHOSEN,
+ENUM_NEXT(notify_type_names, PAYLOAD_MALFORMED, INVALID_KE_PAYLOAD, NO_PROPOSAL_CHOSEN,
+       "PAYLOAD_MALFORMED",
        "INVALID_KE_PAYLOAD");
 ENUM_NEXT(notify_type_names, AUTHENTICATION_FAILED, AUTHENTICATION_FAILED, INVALID_KE_PAYLOAD,
        "AUTHENTICATION_FAILED");
@@ -99,7 +100,9 @@ ENUM_NEXT(notify_type_names, INITIAL_CONTACT, IPSEC_REPLAY_COUNTER_SYNC, MS_NOTI
        "IKEV2_REPLAY_COUNTER_SYNC_SUPPORTED",
        "IKEV2_MESSAGE_ID_SYNC",
        "IPSEC_REPLAY_COUNTER_SYNC");
-ENUM_NEXT(notify_type_names, USE_BEET_MODE, USE_BEET_MODE, IPSEC_REPLAY_COUNTER_SYNC,
+ENUM_NEXT(notify_type_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, IPSEC_REPLAY_COUNTER_SYNC,
+       "INITIAL_CONTACT");
+ENUM_NEXT(notify_type_names, USE_BEET_MODE, USE_BEET_MODE, INITIAL_CONTACT_IKEV1,
        "USE_BEET_MODE");
 ENUM_NEXT(notify_type_names, ME_MEDIATION, ME_RESPONSE, USE_BEET_MODE,
        "ME_MEDIATION",
@@ -125,7 +128,8 @@ ENUM_NEXT(notify_type_short_names, INVALID_SPI, INVALID_SPI, INVALID_MESSAGE_ID,
        "INVAL_SPI");
 ENUM_NEXT(notify_type_short_names, NO_PROPOSAL_CHOSEN, NO_PROPOSAL_CHOSEN, INVALID_SPI,
        "NO_PROP");
-ENUM_NEXT(notify_type_short_names, INVALID_KE_PAYLOAD, INVALID_KE_PAYLOAD, NO_PROPOSAL_CHOSEN,
+ENUM_NEXT(notify_type_short_names, PAYLOAD_MALFORMED, INVALID_KE_PAYLOAD, NO_PROPOSAL_CHOSEN,
+       "PLD_MAL",
        "INVAL_KE");
 ENUM_NEXT(notify_type_short_names, AUTHENTICATION_FAILED, AUTHENTICATION_FAILED, INVALID_KE_PAYLOAD,
        "AUTH_FAILED");
@@ -186,7 +190,9 @@ ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT, IPSEC_REPLAY_COUNTER_SYNC, M
        "RPL_CTR_SYN_SUP",
        "MSG_ID_SYN",
        "RPL_CTR_SYN");
-ENUM_NEXT(notify_type_short_names, USE_BEET_MODE, USE_BEET_MODE, IPSEC_REPLAY_COUNTER_SYNC,
+ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, IPSEC_REPLAY_COUNTER_SYNC,
+       "INITIAL_CONTACT");
+ENUM_NEXT(notify_type_short_names, USE_BEET_MODE, USE_BEET_MODE, INITIAL_CONTACT_IKEV1,
        "BEET_MODE");
 ENUM_NEXT(notify_type_short_names, ME_MEDIATION, ME_RESPONSE, USE_BEET_MODE,
        "ME_MED",
@@ -224,7 +230,7 @@ struct private_notify_payload_t {
        /**
         * reserved bits
         */
-       bool reserved[7];
+       bool reserved[8];
 
        /**
         * Length of this payload.
@@ -232,6 +238,11 @@ struct private_notify_payload_t {
        u_int16_t payload_length;
 
        /**
+        * Domain of interpretation, IKEv1 only.
+        */
+       u_int32_t doi;
+
+       /**
         * Protocol id.
         */
        u_int8_t protocol_id;
@@ -254,40 +265,42 @@ struct private_notify_payload_t {
        /**
         * Notification data.
         */
-       chunk_t notification_data;
+       chunk_t notify_data;
+
+       /**
+        * Type of payload, NOTIFY or NOTIFY_V1
+        */
+       payload_type_t type;
 };
 
 /**
- * Encoding rules to parse or generate a IKEv2-Notify Payload.
- *
- * The defined offsets are the positions in a object of type
- * private_notify_payload_t.
+ * Encoding rules for an IKEv2 notification payload
  */
-static encoding_rule_t encodings[] = {
+static encoding_rule_t encodings_v2[] = {
        /* 1 Byte next payload type, stored in the field next_payload */
-       { U_INT_8,                      offsetof(private_notify_payload_t, next_payload)                },
+       { U_INT_8,                      offsetof(private_notify_payload_t, next_payload)        },
        /* the critical bit */
-       { FLAG,                         offsetof(private_notify_payload_t, critical)                    },
+       { FLAG,                         offsetof(private_notify_payload_t, critical)            },
        /* 7 Bit reserved bits, nowhere stored */
-       { RESERVED_BIT,         offsetof(private_notify_payload_t, reserved[0])                 },
-       { RESERVED_BIT,         offsetof(private_notify_payload_t, reserved[1])                 },
-       { RESERVED_BIT,         offsetof(private_notify_payload_t, reserved[2])                 },
-       { RESERVED_BIT,         offsetof(private_notify_payload_t, reserved[3])                 },
-       { RESERVED_BIT,         offsetof(private_notify_payload_t, reserved[4])                 },
-       { RESERVED_BIT,         offsetof(private_notify_payload_t, reserved[5])                 },
-       { RESERVED_BIT,         offsetof(private_notify_payload_t, reserved[6])                 },
+       { RESERVED_BIT,         offsetof(private_notify_payload_t, reserved[0])         },
+       { RESERVED_BIT,         offsetof(private_notify_payload_t, reserved[1])         },
+       { RESERVED_BIT,         offsetof(private_notify_payload_t, reserved[2])         },
+       { RESERVED_BIT,         offsetof(private_notify_payload_t, reserved[3])         },
+       { RESERVED_BIT,         offsetof(private_notify_payload_t, reserved[4])         },
+       { RESERVED_BIT,         offsetof(private_notify_payload_t, reserved[5])         },
+       { RESERVED_BIT,         offsetof(private_notify_payload_t, reserved[6])         },
        /* Length of the whole payload*/
-       { PAYLOAD_LENGTH,       offsetof(private_notify_payload_t, payload_length)              },
+       { PAYLOAD_LENGTH,       offsetof(private_notify_payload_t, payload_length)      },
        /* Protocol ID as 8 bit field*/
-       { U_INT_8,                      offsetof(private_notify_payload_t, protocol_id)                 },
+       { U_INT_8,                      offsetof(private_notify_payload_t, protocol_id)         },
        /* SPI Size as 8 bit field*/
-       { SPI_SIZE,                     offsetof(private_notify_payload_t, spi_size)                    },
+       { SPI_SIZE,                     offsetof(private_notify_payload_t, spi_size)            },
        /* Notify message type as 16 bit field*/
-       { U_INT_16,                     offsetof(private_notify_payload_t, notify_type)                 },
+       { U_INT_16,                     offsetof(private_notify_payload_t, notify_type)         },
        /* SPI as variable length field*/
-       { SPI,                          offsetof(private_notify_payload_t, spi)                                 },
+       { SPI,                          offsetof(private_notify_payload_t, spi)                         },
        /* Key Exchange Data is from variable size */
-       { CHUNK_DATA,           offsetof(private_notify_payload_t, notification_data)   }
+       { CHUNK_DATA,           offsetof(private_notify_payload_t, notify_data)         },
 };
 
 /*
@@ -307,6 +320,57 @@ static encoding_rule_t encodings[] = {
       !                                                               !
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 */
+/**
+ * Encoding rules for an IKEv1 notification payload
+ */
+static encoding_rule_t encodings_v1[] = {
+       /* 1 Byte next payload type, stored in the field next_payload */
+       { U_INT_8,                      offsetof(private_notify_payload_t, next_payload)        },
+       /* 8 reserved bits */
+       { RESERVED_BIT,         offsetof(private_notify_payload_t, reserved[0])         },
+       { RESERVED_BIT,         offsetof(private_notify_payload_t, reserved[1])         },
+       { RESERVED_BIT,         offsetof(private_notify_payload_t, reserved[2])         },
+       { RESERVED_BIT,         offsetof(private_notify_payload_t, reserved[3])         },
+       { RESERVED_BIT,         offsetof(private_notify_payload_t, reserved[4])         },
+       { RESERVED_BIT,         offsetof(private_notify_payload_t, reserved[5])         },
+       { RESERVED_BIT,         offsetof(private_notify_payload_t, reserved[6])         },
+       { RESERVED_BIT,         offsetof(private_notify_payload_t, reserved[7])         },
+       /* Length of the whole payload*/
+       { PAYLOAD_LENGTH,       offsetof(private_notify_payload_t, payload_length)      },
+       /* DOI as  32 bit field*/
+       { U_INT_32,                     offsetof(private_notify_payload_t, doi)                         },
+       /* Protocol ID as 8 bit field*/
+       { U_INT_8,                      offsetof(private_notify_payload_t, protocol_id)         },
+       /* SPI Size as 8 bit field*/
+       { SPI_SIZE,                     offsetof(private_notify_payload_t, spi_size)            },
+       /* Notify message type as 16 bit field*/
+       { U_INT_16,                     offsetof(private_notify_payload_t, notify_type)         },
+       /* SPI as variable length field*/
+       { SPI,                          offsetof(private_notify_payload_t, spi)                         },
+       /* Key Exchange Data is from variable size */
+       { CHUNK_DATA,           offsetof(private_notify_payload_t, notify_data)         },
+};
+
+/*
+                           1                   2                   3
+       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+      ! Next Payload  !    RESERVED   !         Payload Length        !
+      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+      !                             DOI                               !
+      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+      !  Protocol ID  !   SPI Size    !      Notify Message Type      !
+      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+      !                                                               !
+      ~                Security Parameter Index (SPI)                 ~
+      !                                                               !
+      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+      !                                                               !
+      ~                       Notification Data                       ~
+      !                                                               !
+      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+*/
+
 
 METHOD(payload_t, verify, status_t,
        private_notify_payload_t *this)
@@ -329,7 +393,7 @@ METHOD(payload_t, verify, status_t,
        {
                case INVALID_KE_PAYLOAD:
                {
-                       if (this->notification_data.len != 2)
+                       if (this->notify_data.len != 2)
                        {
                                bad_length = TRUE;
                        }
@@ -339,7 +403,7 @@ METHOD(payload_t, verify, status_t,
                case NAT_DETECTION_DESTINATION_IP:
                case ME_CONNECTAUTH:
                {
-                       if (this->notification_data.len != HASH_SIZE_SHA1)
+                       if (this->notify_data.len != HASH_SIZE_SHA1)
                        {
                                bad_length = TRUE;
                        }
@@ -349,7 +413,7 @@ METHOD(payload_t, verify, status_t,
                case INVALID_MAJOR_VERSION:
                case NO_PROPOSAL_CHOSEN:
                {
-                       if (this->notification_data.len != 0)
+                       if (this->notify_data.len != 0)
                        {
                                bad_length = TRUE;
                        }
@@ -357,7 +421,7 @@ METHOD(payload_t, verify, status_t,
                }
                case ADDITIONAL_IP4_ADDRESS:
                {
-                       if (this->notification_data.len != 4)
+                       if (this->notify_data.len != 4)
                        {
                                bad_length = TRUE;
                        }
@@ -365,7 +429,7 @@ METHOD(payload_t, verify, status_t,
                }
                case ADDITIONAL_IP6_ADDRESS:
                {
-                       if (this->notification_data.len != 16)
+                       if (this->notify_data.len != 16)
                        {
                                bad_length = TRUE;
                        }
@@ -373,7 +437,7 @@ METHOD(payload_t, verify, status_t,
                }
                case AUTH_LIFETIME:
                {
-                       if (this->notification_data.len != 4)
+                       if (this->notify_data.len != 4)
                        {
                                bad_length = TRUE;
                        }
@@ -381,30 +445,30 @@ METHOD(payload_t, verify, status_t,
                }
                case IPCOMP_SUPPORTED:
                {
-                       if (this->notification_data.len != 3)
+                       if (this->notify_data.len != 3)
                        {
                                bad_length = TRUE;
                        }
                        break;
                }
                case ME_ENDPOINT:
-                       if (this->notification_data.len != 8 &&
-                               this->notification_data.len != 12 &&
-                               this->notification_data.len != 24)
+                       if (this->notify_data.len != 8 &&
+                               this->notify_data.len != 12 &&
+                               this->notify_data.len != 24)
                        {
                                bad_length = TRUE;
                        }
                        break;
                case ME_CONNECTID:
-                       if (this->notification_data.len < 4 ||
-                               this->notification_data.len > 16)
+                       if (this->notify_data.len < 4 ||
+                               this->notify_data.len > 16)
                        {
                                bad_length = TRUE;
                        }
                        break;
                case ME_CONNECTKEY:
-                       if (this->notification_data.len < 16 ||
-                               this->notification_data.len > 32)
+                       if (this->notify_data.len < 16 ||
+                               this->notify_data.len > 32)
                        {
                                bad_length = TRUE;
                        }
@@ -417,7 +481,7 @@ METHOD(payload_t, verify, status_t,
        {
                DBG1(DBG_ENC, "invalid notify data length for %N (%d)",
                         notify_type_names, this->notify_type,
-                        this->notification_data.len);
+                        this->notify_data.len);
                return FAILED;
        }
        return SUCCESS;
@@ -426,20 +490,29 @@ METHOD(payload_t, verify, status_t,
 METHOD(payload_t, get_encoding_rules, int,
        private_notify_payload_t *this, encoding_rule_t **rules)
 {
-       *rules = encodings;
-       return countof(encodings);
+       if (this->type == NOTIFY)
+       {
+               *rules = encodings_v2;
+               return countof(encodings_v2);
+       }
+       *rules = encodings_v1;
+       return countof(encodings_v1);
 }
 
 METHOD(payload_t, get_header_length, int,
        private_notify_payload_t *this)
 {
-       return 8 + this->spi_size;
+       if (this->type == NOTIFY)
+       {
+               return 8 + this->spi_size;
+       }
+       return 12 + this->spi_size;
 }
 
 METHOD(payload_t, get_type, payload_type_t,
        private_notify_payload_t *this)
 {
-       return NOTIFY;
+       return this->type;
 }
 
 METHOD(payload_t, get_next_type, payload_type_t,
@@ -459,7 +532,7 @@ METHOD(payload_t, set_next_type, void,
  */
 static void compute_length(private_notify_payload_t *this)
 {
-       this->payload_length = get_header_length(this) + this->notification_data.len;
+       this->payload_length = get_header_length(this) + this->notify_data.len;
 }
 
 METHOD(payload_t, get_length, size_t,
@@ -530,21 +603,21 @@ METHOD(notify_payload_t, set_spi, void,
 METHOD(notify_payload_t, get_notification_data, chunk_t,
        private_notify_payload_t *this)
 {
-       return this->notification_data;
+       return this->notify_data;
 }
 
 METHOD(notify_payload_t, set_notification_data, void,
        private_notify_payload_t *this, chunk_t data)
 {
-       free(this->notification_data.ptr);
-       this->notification_data = chunk_clone(data);
+       free(this->notify_data.ptr);
+       this->notify_data = chunk_clone(data);
        compute_length(this);
 }
 
 METHOD2(payload_t, notify_payload_t, destroy, void,
        private_notify_payload_t *this)
 {
-       free(this->notification_data.ptr);
+       free(this->notify_data.ptr);
        free(this->spi.ptr);
        free(this);
 }
@@ -552,7 +625,7 @@ METHOD2(payload_t, notify_payload_t, destroy, void,
 /*
  * Described in header
  */
-notify_payload_t *notify_payload_create()
+notify_payload_t *notify_payload_create(payload_type_t type)
 {
        private_notify_payload_t *this;
 
@@ -578,7 +651,9 @@ notify_payload_t *notify_payload_create()
                        .set_notification_data = _set_notification_data,
                        .destroy = _destroy,
                },
+               .doi = IKEV1_DOI_IPSEC,
                .next_payload = NO_PAYLOAD,
+               .type = type,
        );
        compute_length(this);
        return &this->public;
@@ -588,12 +663,12 @@ notify_payload_t *notify_payload_create()
  * Described in header.
  */
 notify_payload_t *notify_payload_create_from_protocol_and_type(
-                                               protocol_id_t protocol_id, notify_type_t notify_type)
+                       payload_type_t type, protocol_id_t protocol, notify_type_t notify)
 {
-       notify_payload_t *notify = notify_payload_create();
+       notify_payload_t *this = notify_payload_create(type);
 
-       notify->set_notify_type(notify, notify_type);
-       notify->set_protocol_id(notify, protocol_id);
+       this->set_notify_type(this, notify);
+       this->set_protocol_id(this, protocol);
 
-       return notify;
+       return this;
 }
index 91a3cac..1fc3109 100644 (file)
@@ -33,19 +33,23 @@ typedef struct notify_payload_t notify_payload_t;
 #include <utils/linked_list.h>
 
 /**
- * Notify message types.
- *
- * See IKEv2 RFC 3.10.1.
+ * Notify message types for IKEv2, and a subset for IKEv1.
  */
 enum notify_type_t {
        /* notify error messages */
        UNSUPPORTED_CRITICAL_PAYLOAD = 1,
+       /* IKEv1 alias */
+       INVALID_PAYLOAD_TYPE = 1,
        INVALID_IKE_SPI = 4,
        INVALID_MAJOR_VERSION = 5,
        INVALID_SYNTAX = 7,
+       /* IKEv1 alias */
+       INVALID_EXCHANGE_TYPE = 7,
        INVALID_MESSAGE_ID = 9,
        INVALID_SPI = 11,
        NO_PROPOSAL_CHOSEN = 14,
+       /* IKEv1 only */
+       PAYLOAD_MALFORMED = 16,
        INVALID_KE_PAYLOAD = 17,
        AUTHENTICATION_FAILED = 24,
        SINGLE_PAIR_REQUIRED = 34,
@@ -122,6 +126,8 @@ enum notify_type_t {
        IKEV2_REPLAY_COUNTER_SYNC_SUPPORTED = 16421,
        IKEV2_MESSAGE_ID_SYNC = 16422,
        IPSEC_REPLAY_COUNTER_SYNC = 16423,
+       /* IKEv1 initial contact */
+       INITIAL_CONTACT_IKEV1 = 24578,
        /* BEET mode, not even a draft yet. private use */
        USE_BEET_MODE = 40961,
        /* IKE-ME, private use */
@@ -229,18 +235,20 @@ struct notify_payload_t {
 /**
  * Creates an empty notify_payload_t object
  *
+ * @param type         payload type, NOTIFY or NOTIFY_V1
  * @return                     created notify_payload_t object
  */
-notify_payload_t *notify_payload_create(void);
+notify_payload_t *notify_payload_create(payload_type_t type);
 
 /**
  * Creates an notify_payload_t object of specific type for specific protocol id.
  *
- * @param protocol_id                  protocol id (IKE, AH or ESP)
+ * @param type                                 payload type, NOTIFY or NOTIFY_V1
+ * @param protocol                             protocol id (IKE, AH or ESP)
  * @param type                                 notify type (see notify_type_t)
  * @return                                             notify_payload_t object
  */
 notify_payload_t *notify_payload_create_from_protocol_and_type(
-                                                               protocol_id_t protocol_id, notify_type_t type);
+                       payload_type_t type, protocol_id_t protocol, notify_type_t notify);
 
 #endif /** NOTIFY_PAYLOAD_H_ @}*/
index 014d3c5..95f1601 100644 (file)
@@ -50,7 +50,7 @@ ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION_V1, VENDOR_ID_V1, NO_PAYLOAD,
        "HASH_V1",
        "SIGNATURE_V1",
        "NONCE_V1",
-       "NOTIFICATION_V1",
+       "NOTIFY_V1",
        "DELETE_V1",
        "VENDOR_ID_V1");
 ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION, EXTENSIBLE_AUTHENTICATION, VENDOR_ID_V1,
@@ -111,7 +111,7 @@ ENUM_NEXT(payload_type_short_names, SECURITY_ASSOCIATION_V1, VENDOR_ID_V1, NO_PA
        "HASH",
        "SIG",
        "No",
-       "NO",
+       "N",
        "D",
        "V");
 ENUM_NEXT(payload_type_short_names, SECURITY_ASSOCIATION, EXTENSIBLE_AUTHENTICATION, VENDOR_ID_V1,
@@ -205,7 +205,8 @@ payload_t *payload_create(payload_type_t type)
                case KEY_EXCHANGE_V1:
                        return (payload_t*)ke_payload_create(type);
                case NOTIFY:
-                       return (payload_t*)notify_payload_create();
+               case NOTIFY_V1:
+                       return (payload_t*)notify_payload_create(type);
                case DELETE:
                        return (payload_t*)delete_payload_create(0);
                case VENDOR_ID:
index 0060e37..84871cf 100644 (file)
@@ -100,7 +100,7 @@ enum payload_type_t {
        /**
         * Notification payload.
         */
-       NOTIFICATION_V1 = 11,
+       NOTIFY_V1 = 11,
 
        /**
         * Delete payload.
index aa3f067..20f4e22 100644 (file)
@@ -780,10 +780,10 @@ static void set_from_proposal_v1_ike(private_proposal_substructure_t *this,
        }
        enumerator->destroy(enumerator);
 
-       /* TODO-IKEv1: Add lifetime, non-fixed auth-method and other attributes */
+       /* TODO-IKEv1: Add lifetime, non-fixed auth-method and other attributes
        transform->add_transform_attribute(transform,
                transform_attribute_create_value(TRANSFORM_ATTRIBUTE_V1,
-                                                       TATTR_PH1_AUTH_METHOD, IKEV1_AUTH_PSK));
+                                                       TATTR_PH1_AUTH_METHOD, IKEV1_AUTH_PSK));*/
 
        add_transform_substructure(this, transform);
 }
index 76d1855..bcdf093 100644 (file)
@@ -153,8 +153,8 @@ METHOD(task_t, build_i, status_t,
        config = this->child_sa->get_config(this->child_sa);
 
        /* we just need the rekey notify ... */
-       notify = notify_payload_create_from_protocol_and_type(this->protocol,
-                                                                                                                 REKEY_SA);
+       notify = notify_payload_create_from_protocol_and_type(NOTIFY,
+                                                                                                       this->protocol, REKEY_SA);
        notify->set_spi(notify, this->spi);
        message->add_payload(message, (payload_t*)notify);
 
@@ -462,7 +462,7 @@ child_rekey_t *child_rekey_create(ike_sa_t *ike_sa, protocol_id_t protocol,
                .protocol = protocol,
                .spi = spi,
        );
+
        if (protocol != PROTO_NONE)
        {
                this->public.task.build = _build_i;
index f06a518..6b658f8 100644 (file)
@@ -152,7 +152,7 @@ static notify_payload_t *build_natd_payload(private_ike_natd_t *this,
        {
                hash = generate_natd_hash(this, ike_sa_id, host);
        }
-       notify = notify_payload_create();
+       notify = notify_payload_create(NOTIFY);
        notify->set_notify_type(notify, type);
        notify->set_notification_data(notify, hash);
        chunk_free(&hash);