Message rules for IKEv1 AGGRESSIVE exchange added.
authorTobias Brunner <tobias@strongswan.org>
Tue, 15 Nov 2011 17:21:28 +0000 (18:21 +0100)
committerTobias Brunner <tobias@strongswan.org>
Tue, 20 Mar 2012 16:30:40 +0000 (17:30 +0100)
These are basically the same as for ID_PROT but no payloads are expected
to be encrypted (at least if using PSK or signatures for authentication).

src/libcharon/encoding/message.c

index eab3427..5386d49 100644 (file)
@@ -478,6 +478,70 @@ static payload_order_t id_prot_r_order[] = {
        {NOTIFICATION_V1,                       0},
        {VENDOR_ID_V1,                          0},
 };
        {NOTIFICATION_V1,                       0},
        {VENDOR_ID_V1,                          0},
 };
+
+/**
+ * Message rule for AGGRESSIVE from initiator.
+ */
+static payload_rule_t aggressive_i_rules[] = {
+/*     payload type                            min     max                                             encr    suff */
+       {NOTIFICATION_V1,                       0,      MAX_NOTIFY_PAYLOADS,    FALSE,  FALSE},
+       {SECURITY_ASSOCIATION_V1,       0,      1,                                              FALSE,  FALSE},
+       {KEY_EXCHANGE_V1,                       0,      1,                                              FALSE,  FALSE},
+       {NONCE_V1,                                      0,      1,                                              FALSE,  FALSE},
+       {VENDOR_ID_V1,                          0,      MAX_VID_PAYLOADS,               FALSE,  FALSE},
+       {ID_V1,                                         0,      1,                                              FALSE,  FALSE},
+       {CERTIFICATE_V1,                        0,      1,                                              FALSE,  FALSE},
+       {SIGNATURE_V1,                          0,      1,                                              FALSE,  FALSE},
+       {HASH_V1,                                       0,      1,                                              FALSE,  FALSE},
+};
+
+/**
+ * payload order for AGGRESSIVE from initiator.
+ */
+static payload_order_t aggressive_i_order[] = {
+/*     payload type                            notify type */
+       {SECURITY_ASSOCIATION_V1,       0},
+       {KEY_EXCHANGE_V1,                       0},
+       {NONCE_V1,                                      0},
+       {ID_V1,                                         0},
+       {CERTIFICATE_V1,                        0},
+       {SIGNATURE_V1,                          0},
+       {HASH_V1,                                       0},
+       {NOTIFICATION_V1,                       0},
+       {VENDOR_ID_V1,                          0},
+};
+
+/**
+ * Message rule for AGGRESSIVE from responder.
+ */
+static payload_rule_t aggressive_r_rules[] = {
+/*     payload type                            min     max                                             encr    suff */
+       {NOTIFICATION_V1,                       0,      MAX_NOTIFY_PAYLOADS,    FALSE,  FALSE},
+       {SECURITY_ASSOCIATION_V1,       0,      1,                                              FALSE,  FALSE},
+       {KEY_EXCHANGE_V1,                       0,      1,                                              FALSE,  FALSE},
+       {NONCE_V1,                                      0,      1,                                              FALSE,  FALSE},
+       {VENDOR_ID_V1,                          0,      MAX_VID_PAYLOADS,               FALSE,  FALSE},
+       {ID_V1,                                         0,      1,                                              FALSE,  FALSE},
+       {CERTIFICATE_V1,                        0,      1,                                              FALSE,  FALSE},
+       {SIGNATURE_V1,                          0,      1,                                              FALSE,  FALSE},
+       {HASH_V1,                                       0,      1,                                              FALSE,  FALSE},
+};
+
+/**
+ * payload order for AGGRESSIVE from responder.
+ */
+static payload_order_t aggressive_r_order[] = {
+/*     payload type                            notify type */
+       {SECURITY_ASSOCIATION_V1,       0},
+       {KEY_EXCHANGE_V1,                       0},
+       {NONCE_V1,                                      0},
+       {ID_V1,                                         0},
+       {CERTIFICATE_V1,                        0},
+       {SIGNATURE_V1,                          0},
+       {HASH_V1,                                       0},
+       {NOTIFICATION_V1,                       0},
+       {VENDOR_ID_V1,                          0},
+};
 #endif /* USE_IKEV1 */
 
 /**
 #endif /* USE_IKEV1 */
 
 /**
@@ -535,6 +599,14 @@ static message_rule_t message_rules[] = {
                countof(id_prot_r_rules), id_prot_r_rules,
                countof(id_prot_r_order), id_prot_r_order,
        },
                countof(id_prot_r_rules), id_prot_r_rules,
                countof(id_prot_r_order), id_prot_r_order,
        },
+       {AGGRESSIVE,            TRUE,   FALSE,
+               countof(aggressive_i_rules), aggressive_i_rules,
+               countof(aggressive_i_order), aggressive_i_order,
+       },
+       {AGGRESSIVE,            FALSE,  FALSE,
+               countof(aggressive_r_rules), aggressive_r_rules,
+               countof(aggressive_r_order), aggressive_r_order,
+       },
        /* TODO-IKEv1: define rules for other exchanges */
 #endif /* USE_IKEV1 */
 };
        /* TODO-IKEv1: define rules for other exchanges */
 #endif /* USE_IKEV1 */
 };