- fixed bugs
authorJan Hutter <jhutter@hsr.ch>
Thu, 1 Dec 2005 19:53:48 +0000 (19:53 -0000)
committerJan Hutter <jhutter@hsr.ch>
Thu, 1 Dec 2005 19:53:48 +0000 (19:53 -0000)
12 files changed:
Source/charon/config/configuration_manager.c
Source/charon/encoding/message.c
Source/charon/encoding/parser.c
Source/charon/encoding/payloads/encryption_payload.c
Source/charon/encoding/payloads/id_payload.c
Source/charon/encoding/payloads/id_payload.h
Source/charon/sa/states/ike_sa_init_requested.c
Source/charon/sa/states/ike_sa_init_responded.c
Source/charon/sa/states/initiator_init.c
Source/charon/utils/identification.c
Source/charon/utils/identification.h
Source/charon/utils/logger_manager.c

index 2d38005..697b949 100644 (file)
@@ -150,27 +150,30 @@ struct private_configuration_manager_t {
 static void load_default_config (private_configuration_manager_t *this)
 {
        init_config_t *init_config1, *init_config2, *init_config3;
-       ike_proposal_t proposals[2];    
-       sa_config_t *sa_config;
+       ike_proposal_t proposals[2];
+       child_proposal_t child_proposals[1];
+       sa_config_t *sa_config1, *sa_config2;
+       traffic_selector_t *ts;
        
-       init_config1 = init_config_create("152.96.193.130","152.96.193.131",IKEV2_UDP_PORT,IKEV2_UDP_PORT);
+       init_config1 = init_config_create("152.96.193.131","152.96.193.131",IKEV2_UDP_PORT,500);
        init_config2 = init_config_create("152.96.193.131","152.96.193.130",IKEV2_UDP_PORT,IKEV2_UDP_PORT);
        init_config3 = init_config_create("0.0.0.0","127.0.0.1",IKEV2_UDP_PORT,IKEV2_UDP_PORT);
+       ts = traffic_selector_create_from_string(1, TS_IPV4_ADDR_RANGE, "0.0.0.0", 0, "255.255.255.255", 65535);
        
 
        proposals[0].encryption_algorithm = ENCR_AES_CBC;
-       proposals[0].encryption_algorithm_key_length = 20;
-       proposals[0].integrity_algorithm = AUTH_HMAC_SHA1_96;
-       proposals[0].integrity_algorithm_key_length = 20;
-       proposals[0].pseudo_random_function = PRF_HMAC_SHA1;
-       proposals[0].pseudo_random_function_key_length = 20;
-       proposals[0].diffie_hellman_group = MODP_768_BIT;
+       proposals[0].encryption_algorithm_key_length = 16;
+       proposals[0].integrity_algorithm = AUTH_HMAC_MD5_96;
+       proposals[0].integrity_algorithm_key_length = 16;
+       proposals[0].pseudo_random_function = PRF_HMAC_MD5;
+       proposals[0].pseudo_random_function_key_length = 16;
+       proposals[0].diffie_hellman_group = MODP_1024_BIT;
        
        proposals[1] = proposals[0];
-       proposals[1].integrity_algorithm = AUTH_HMAC_MD5_96;
-       proposals[1].integrity_algorithm_key_length = 16;
-       proposals[1].pseudo_random_function = PRF_HMAC_MD5;
-       proposals[1].pseudo_random_function_key_length = 16;
+       proposals[1].integrity_algorithm = AUTH_HMAC_SHA1_96;
+       proposals[1].integrity_algorithm_key_length = 20;
+       proposals[1].pseudo_random_function = PRF_HMAC_SHA1;
+       proposals[1].pseudo_random_function_key_length = 20;
 
        init_config1->add_proposal(init_config1,1,proposals[0]);
        init_config1->add_proposal(init_config1,1,proposals[1]);
@@ -179,9 +182,45 @@ static void load_default_config (private_configuration_manager_t *this)
        init_config3->add_proposal(init_config3,1,proposals[0]);
        init_config3->add_proposal(init_config3,1,proposals[1]);
        
-       this->add_new_configuration(this,"pinflb31",init_config1,sa_config);
-       this->add_new_configuration(this,"pinflb30",init_config2,sa_config);
-       this->add_new_configuration(this,"localhost",init_config3,sa_config);
+       sa_config1 = sa_config_create(ID_IPV4_ADDR, "152.96.193.130", 
+                                                                 ID_IPV4_ADDR, "152.96.193.131",
+                                                                 RSA_DIGITAL_SIGNATURE);
+                                                                 
+       sa_config1->add_traffic_selector_initiator(sa_config1,ts);
+       sa_config1->add_traffic_selector_responder(sa_config1,ts);
+
+       sa_config2 = sa_config_create(ID_IPV4_ADDR, "152.96.193.130", 
+                                                                 ID_IPV4_ADDR, "152.96.193.131",
+                                                                 RSA_DIGITAL_SIGNATURE);
+
+       sa_config2->add_traffic_selector_initiator(sa_config2,ts);
+       sa_config2->add_traffic_selector_responder(sa_config2,ts);
+       
+       ts->destroy(ts);
+       
+       /* ah and esp prop */
+       child_proposals[0].ah.is_set = TRUE;
+       child_proposals[0].ah.integrity_algorithm = AUTH_HMAC_MD5_96;
+       child_proposals[0].ah.integrity_algorithm_key_size = 16;
+       child_proposals[0].ah.diffie_hellman_group = MODP_1024_BIT;
+       child_proposals[0].ah.extended_sequence_numbers = NO_EXT_SEQ_NUMBERS;
+
+       child_proposals[0].esp.is_set = TRUE;
+       child_proposals[0].esp.diffie_hellman_group = MODP_1024_BIT;
+       child_proposals[0].esp.encryption_algorithm = ENCR_AES_CBC;
+       child_proposals[0].esp.encryption_algorithm_key_size = 16;
+       child_proposals[0].esp.integrity_algorithm = AUTH_UNDEFINED;
+       child_proposals[0].esp.spi[0] = 2;
+       child_proposals[0].esp.spi[1] = 2;
+       child_proposals[0].esp.spi[2] = 2;
+       child_proposals[0].esp.spi[3] = 2;
+       
+       sa_config1->add_proposal(sa_config1, &child_proposals[0]);
+       sa_config2->add_proposal(sa_config2, &child_proposals[0]);
+
+       this->add_new_configuration(this,"pinflb31",init_config1,sa_config2);
+       this->add_new_configuration(this,"pinflb30",init_config2,sa_config1);
+       this->add_new_configuration(this,"localhost",init_config3,sa_config1);
 
 }
 
@@ -430,7 +469,7 @@ static void destroy(private_configuration_manager_t *this)
        {
                sa_config_t *sa_config;
                this->sa_configs->remove_first(this->sa_configs,(void **) &sa_config);
-//             sa_config->destroy(sa_config);
+               sa_config->destroy(sa_config);
        }
 
        this->sa_configs->destroy(this->sa_configs);
index a22608e..d3b92f3 100644 (file)
@@ -892,6 +892,7 @@ static status_t decrypt_and_verify_payloads (private_message_t *this,crypter_t *
                                
                        if (encryption_payload->get_payload_count(encryption_payload) == 0)
                        {
+                               this->logger->log(this->logger, CONTROL | MORE, "Encrypted payload is empty");
                                iterator->remove(iterator);
                                encryption_payload->destroy(encryption_payload);
                                /* encrypted payload contains no other payload */
@@ -908,10 +909,13 @@ static status_t decrypt_and_verify_payloads (private_message_t *this,crypter_t *
                                         * Set the next payload of proceeding payload 
                                         * to the first payload of encrypted ones */
                                        last_payload->set_next_type(last_payload,current_payload_type);
-                               }               
+                               }
+                               break;
 
                        }
        
+                       this->logger->log(this->logger, CONTROL | MORE, "Encrypted payload is not empty");
+                       
                        /* encryption_payload is replaced with first encrypted payload*/
                        encryption_payload->remove_first_payload(encryption_payload, &current_encrypted_payload);
                        
index 59b38ee..aa037ce 100644 (file)
@@ -814,7 +814,7 @@ static status_t parse_payload(private_parser_t *this, payload_type_t payload_typ
                                {
                                        pld->destroy(pld);
                                        return PARSE_ERROR;
-                               }               
+                               }       
                                break;                  
                        }
                        case AUTH_DATA:
index e43d38f..70bdcc9 100644 (file)
@@ -388,9 +388,7 @@ static status_t decrypt(private_encryption_payload_t *this)
        /* free padding */
        this->decrypted.ptr = allocator_realloc(this->decrypted.ptr, this->decrypted.len);
        
-       this->parse(this);
-       
-       return SUCCESS;
+       return (this->parse(this));
 }
 
 /**
@@ -539,9 +537,11 @@ static status_t parse(private_encryption_payload_t *this)
                        return PARSE_ERROR;
                }
                
+
                status = current_payload->verify(current_payload);
                if (status != SUCCESS)
                {
+                       current_payload->destroy(current_payload);
                        parser->destroy(parser);
                        return VERIFY_ERROR;
                }
index 0eae19f..2857912 100644 (file)
 #include <encoding/payloads/encodings.h>
 #include <utils/allocator.h>
 
-/** 
- * String mappings for id_type_t.
- */
-mapping_t id_type_m[] = {
-{ID_IPV4_ADDR, "ID_IPV4_ADDR"},
-{ID_FQDN, "ID_FQDN"},
-{ID_RFC822_ADDR, "ID_RFC822_ADDR"},
-{ID_IPV6_ADDR, "ID_IPV6_ADDR"},
-{ID_DER_ASN1_DN, "ID_DER_ASN1_DN"},
-{ID_DER_ASN1_GN, "ID_DER_ASN1_GN"},
-{ID_KEY_ID, "ID_KEY_ID"},
-{MAPPING_END, NULL}
-};
-
-
 typedef struct private_id_payload_t private_id_payload_t;
 
 /**
@@ -108,11 +93,11 @@ encoding_rule_t id_payload_encodings[] = {
        /* 1 Byte ID type*/
        { U_INT_8,                      offsetof(private_id_payload_t, id_type)                 },
        /* 3 reserved bytes */
-       { RESERVED_BYTE,        0                                                                                                       },
-       { RESERVED_BYTE,        0                                                                                                       },
-       { RESERVED_BYTE,        0                                                                                                       },
+       { RESERVED_BYTE,        0                                                                                               },
+       { RESERVED_BYTE,        0                                                                                               },
+       { RESERVED_BYTE,        0                                                                                               },
        /* some id data bytes, length is defined in PAYLOAD_LENGTH */
-       { ID_DATA,                      offsetof(private_id_payload_t, id_data)                         }
+       { ID_DATA,                      offsetof(private_id_payload_t, id_data)                 }
 };
 
 /*
@@ -261,6 +246,14 @@ static void set_initiator (private_id_payload_t *this,bool is_initiator)
 }
 
 /**
+ * Implementation of id_payload_t.get_identification.
+ */
+static identification_t * get_identification (private_id_payload_t *this)
+{
+       return identification_create_from_encoding(this->id_type,this->id_data);
+}
+
+/**
  * Implementation of payload_t.destroy and id_payload_t.destroy.
  */
 static void destroy(private_id_payload_t *this)
@@ -274,7 +267,7 @@ static void destroy(private_id_payload_t *this)
 }
 
 /*
- * Described in header
+ * Described in header.
  */
 id_payload_t *id_payload_create(bool is_initiator)
 {
@@ -297,6 +290,7 @@ id_payload_t *id_payload_create(bool is_initiator)
        this->public.get_data = (chunk_t (*) (id_payload_t *)) get_data;
        this->public.get_initiator = (bool (*) (id_payload_t *)) get_initiator;
        this->public.set_initiator = (void (*) (id_payload_t *,bool)) set_initiator;
+       this->public.get_identification = (identification_t * (*) (id_payload_t *this)) get_identification;
 
        /* private variables */
        this->critical = FALSE;
@@ -307,3 +301,14 @@ id_payload_t *id_payload_create(bool is_initiator)
 
        return (&(this->public));
 }
+
+/*
+ * Described in header.
+ */
+id_payload_t *id_payload_create_from_identification(bool is_initiator,identification_t *identification)
+{
+       id_payload_t *this= id_payload_create(is_initiator);
+       this->set_data(this,identification->get_encoding(identification));
+       this->set_id_type(this,identification->get_type(identification));
+       return this;
+}
index 416c1c4..7348f26 100644 (file)
@@ -25,6 +25,7 @@
 #define _ID_PAYLOAD_H_
 
 #include <types.h>
+#include <utils/identification.h>
 #include <encoding/payloads/payload.h>
 
 /**
 #define ID_PAYLOAD_HEADER_LENGTH 8
 
 
-typedef enum id_type_t id_type_t;
-
-/**
- * ID Types of a ID payload.
- * 
- * @ingroup payloads
- */
-enum id_type_t {
-       /**
-        * ID data is a single four (4) octet IPv4 address.
-        */
-       ID_IPV4_ADDR = 1,
-
-       /**
-        * ID data is a fully-qualified domain name string.
-        * An example of a ID_FQDN is, "example.com".
-        * The string MUST not contain any terminators (e.g., NULL, CR, etc.).
-        */
-       ID_FQDN = 2,
-       
-       /**
-        * ID data is a fully-qualified RFC822 email address string, An example of
-        * a ID_RFC822_ADDR is, "jsmith@example.com".  The string MUST
-        * not contain any terminators.
-        */
-       ID_RFC822_ADDR = 3,
-       
-       /**
-        * ID data is a single sixteen (16) octet IPv6 address.
-        */
-       ID_IPV6_ADDR = 5,
-       
-       /**
-        * ID data is the binary DER encoding of an ASN.1 X.500 Distinguished Name
-     * [X.501].
-     */
-       ID_DER_ASN1_DN = 9,
-       
-       /**
-        * ID data is the binary DER encoding of an ASN.1 X.500 GeneralName
-     * [X.509].
-     */
-       ID_DER_ASN1_GN = 10,
-       
-       /**
-        * ID data is an opaque octet stream which may be used to pass vendor-
-     * specific information necessary to do certain proprietary
-     * types of identification.
-     */
-       ID_KEY_ID = 11
-};
-
-extern mapping_t id_type_m[];
-
-
 typedef struct id_payload_t id_payload_t;
 
 /**
@@ -144,6 +90,18 @@ struct id_payload_t {
        chunk_t (*get_data) (id_payload_t *this);
        
        /**
+        * @brief Creates an identification object of this id payload.
+        * 
+        * Returned object has to get destroyed by the caller.
+        *
+        * @param this                  calling id_payload_t object
+        * @return                              
+        *                                              - identification_t object 
+        *                                              - NULL if ID type not supported
+        */
+       identification_t *(*get_identification) (id_payload_t *this);
+       
+       /**
         * @brief Get the type of ID payload (IDi or IDr).
         *
         * @param this                  calling id_payload_t object
@@ -186,5 +144,19 @@ struct id_payload_t {
  */
 id_payload_t *id_payload_create(bool is_initiator);
 
+/**
+ * @brief Creates an id_payload_t from an existing identification_t object.
+ * 
+ * @param is_initiator 
+ *                                                     - TRUE if this payload is of type IDi
+ *                                                     - FALSE if this payload is of type IDr
+ * @param identification       identification_t object
+ * @return                                     created id_payload_t object
+ * 
+ * @ingroup payloads
+ */
+id_payload_t *id_payload_create_from_identification(bool is_initiator,identification_t *identification);
+
+
 
 #endif //_ID_PAYLOAD_H_
index 29d6c28..946e468 100644 (file)
@@ -29,6 +29,7 @@
 #include <encoding/payloads/nonce_payload.h>
 #include <encoding/payloads/id_payload.h>
 #include <encoding/payloads/auth_payload.h>
+#include <encoding/payloads/ts_payload.h>
 #include <transforms/diffie_hellman.h>
 #include <sa/states/ike_auth_requested.h>
 
@@ -73,7 +74,7 @@ struct private_ike_sa_init_requested_t {
        /**
         * DH group priority used to get dh_group_number from configuration manager.
         * 
-        * Currently uused but usable if informational messages of unsupported dh group number are processed.
+        * Currently unused but usable if informational messages of unsupported dh group number are processed.
         */
        u_int16_t dh_group_priority;
        
@@ -111,6 +112,33 @@ struct private_ike_sa_init_requested_t {
        void (*build_auth_payload) (private_ike_sa_init_requested_t *this, payload_t **payload);
        
        /**
+        * Builds the SA payload for this state.
+        * 
+        * @param this          calling object
+        * @param payload       The generated payload object of type sa_payload_t is 
+        *                                      stored at this location.
+        */
+       void (*build_sa_payload) (private_ike_sa_init_requested_t *this, payload_t **payload);
+       
+       /**
+        * Builds the TSi payload for this state.
+        * 
+        * @param this          calling object
+        * @param payload       The generated payload object of type ts_payload_t is 
+        *                                      stored at this location.
+        */
+       void (*build_tsi_payload) (private_ike_sa_init_requested_t *this, payload_t **payload);
+       
+       /**
+        * Builds the TSr payload for this state.
+        * 
+        * @param this          calling object
+        * @param payload       The generated payload object of type ts_payload_t is 
+        *                                      stored at this location.
+        */
+       void (*build_tsr_payload) (private_ike_sa_init_requested_t *this, payload_t **payload);
+       
+       /**
         * Destroy function called internally of this class after state change succeeded.
         * 
         * This destroy function does not destroy objects which were passed to the new state.
@@ -123,45 +151,61 @@ struct private_ike_sa_init_requested_t {
 /**
  * Implements state_t.get_state
  */
-static status_t process_message(private_ike_sa_init_requested_t *this, message_t *reply)
+static status_t process_message(private_ike_sa_init_requested_t *this, message_t *ike_sa_init_reply)
 {
-       status_t status;
-       iterator_t *payloads;
+       ike_auth_requested_t *next_state;
        exchange_type_t exchange_type;
-       message_t *request;
-       packet_t *packet;
        u_int64_t responder_spi;
        ike_sa_id_t *ike_sa_id;
-       ike_auth_requested_t *next_state;
+       iterator_t *payloads;
+       message_t *request;
+       packet_t *packet;
+       status_t status;
        
-
-       exchange_type = reply->get_exchange_type(reply);
+       /*
+        * In this state a reply message of type IKE_SA_INIT is expected:
+        * 
+        *   <--    HDR, SAr1, KEr, Nr, [CERTREQ]
+        * or
+        *   <--    HDR, N
+        */
+       exchange_type = ike_sa_init_reply->get_exchange_type(ike_sa_init_reply);
        if (exchange_type != IKE_SA_INIT)
        {
                this->logger->log(this->logger, ERROR | MORE, "Message of type %s not supported in state ike_sa_init_requested",mapping_find(exchange_type_m,exchange_type));
                return FAILED;
        }
        
-       if (reply->get_request(reply))
+       if (ike_sa_init_reply->get_request(ike_sa_init_reply))
        {
                this->logger->log(this->logger, ERROR | MORE, "Only responses of type IKE_SA_INIT supported in state ike_sa_init_requested");
                return FAILED;
        }
        
        /* parse incoming message */
-       status = reply->parse_body(reply, NULL, NULL);
+       status = ike_sa_init_reply->parse_body(ike_sa_init_reply, NULL, NULL);
        if (status != SUCCESS)
        {
-               this->logger->log(this->logger, ERROR | MORE, "Could not parse body");
+               this->logger->log(this->logger, ERROR | MORE, "Parsing of body returned error: %s",mapping_find(status_m,status));
                return status;  
        }
        
-       responder_spi = reply->get_responder_spi(reply);
+
+       if (responder_spi == 0)
+       {
+               this->logger->log(this->logger, ERROR | MORE, "Responder SPI still zero.");
+               return FAILED;
+       }
+       /* because I am original initiator i have to update the responder SPI to the new one */ 
+       responder_spi = ike_sa_init_reply->get_responder_spi(ike_sa_init_reply);
        ike_sa_id = this->ike_sa->public.get_id(&(this->ike_sa->public));
        ike_sa_id->set_responder_spi(ike_sa_id,responder_spi);
        
-       /* iterate over incoming payloads */
-       payloads = reply->get_payload_iterator(reply);
+       /* Iterate over all payloads.
+        * 
+        * The message is allready checked for the right payload types.
+        */
+       payloads = ike_sa_init_reply->get_payload_iterator(ike_sa_init_reply);
        while (payloads->has_next(payloads))
        {
                payload_t *payload;
@@ -269,7 +313,7 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t
        if (status != SUCCESS)
        {
                this->logger->log(this->logger, ERROR, "could not generate packet from message");
-               reply->destroy(reply);
+               request->destroy(request);
                return status;
        }
        
@@ -315,7 +359,6 @@ static void build_ike_auth_request (private_ike_sa_init_requested_t *this, messa
        this->logger->log(this->logger, CONTROL|MOST, "Going to build empty message");
        this->ike_sa->build_message(this->ike_sa, IKE_AUTH, TRUE, &message);
        
-       
        /* build id payload */
        this->build_id_payload(this, &payload);
        this->logger->log(this->logger, CONTROL|MOST, "add ID payload to message");
@@ -326,6 +369,21 @@ static void build_ike_auth_request (private_ike_sa_init_requested_t *this, messa
        this->logger->log(this->logger, CONTROL|MOST, "add AUTH payload to message");
        message->add_payload(message, payload);
        
+       /* build sa payload */
+       this->build_sa_payload(this, &payload);
+       this->logger->log(this->logger, CONTROL|MOST, "add SA payload to message");
+       message->add_payload(message, payload);
+       
+       /* build tsi payload */
+       this->build_tsi_payload(this, &payload);
+       this->logger->log(this->logger, CONTROL|MOST, "add TSi payload to message");
+       message->add_payload(message, payload); 
+       
+       /* build tsr payload */
+       this->build_tsr_payload(this, &payload);
+       this->logger->log(this->logger, CONTROL|MOST, "add TSr payload to message");
+       message->add_payload(message, payload); 
+       
        *request = message;
 }
 
@@ -334,18 +392,16 @@ static void build_ike_auth_request (private_ike_sa_init_requested_t *this, messa
  */
 static void build_id_payload (private_ike_sa_init_requested_t *this, payload_t **payload)
 {
+       sa_config_t *sa_config;
        id_payload_t *id_payload;
-       chunk_t email;
+       identification_t *identification;
+       
+       sa_config = this->ike_sa->get_sa_config(this->ike_sa);
+
+       identification = sa_config->get_my_id(sa_config);
        
        /* create IDi */
-       id_payload = id_payload_create(TRUE);
-       /* TODO special functions on id payload */
-       /* TODO configuration manager request */
-       id_payload->set_id_type(id_payload,ID_RFC822_ADDR);
-       email.ptr = "moerdi@hsr.ch";
-       email.len = strlen(email.ptr)+1;
-       this->logger->log_chunk(this->logger, CONTROL, "Moerdi",&email);
-       id_payload->set_data(id_payload,email);
+       id_payload = id_payload_create_from_identification(TRUE,identification);
        
        *payload = (payload_t *) id_payload;
 }
@@ -356,20 +412,78 @@ static void build_id_payload (private_ike_sa_init_requested_t *this, payload_t *
 static void build_auth_payload (private_ike_sa_init_requested_t *this, payload_t **payload)
 {
        auth_payload_t *auth_payload;
-       chunk_t auth_data;
+       sa_config_t *sa_config;
+
+       sa_config = this->ike_sa->get_sa_config(this->ike_sa);
        
-       /* create IDi */
        auth_payload = auth_payload_create();
-       /* TODO configuration manager request */
-       auth_payload->set_auth_method(auth_payload,RSA_DIGITAL_SIGNATURE);
-       auth_data.ptr = "this is the key";
-       auth_data.len = strlen(auth_data.ptr);
-       this->logger->log_chunk(this->logger, CONTROL, "Auth Data",&auth_data);
-       auth_payload->set_data(auth_payload,auth_data);
+       auth_payload->set_auth_method(auth_payload,sa_config->get_auth_method(sa_config));
        *payload = (payload_t *) auth_payload;
 }
 
 /**
+ * Implementation of private_ike_sa_init_requested_t.build_sa_payload.
+ */
+static void build_sa_payload (private_ike_sa_init_requested_t *this, payload_t **payload)
+{
+       sa_config_t *sa_config;
+       sa_payload_t *sa_payload;
+       u_int8_t esp_spi[4] = {0x01,0x01,0x01,0x01};
+       u_int8_t ah_spi[4] = {0x01,0x01,0x01,0x01};
+       size_t proposal_count;
+       child_proposal_t *proposals;
+
+       sa_config = this->ike_sa->get_sa_config(this->ike_sa);
+
+       proposal_count = sa_config->get_proposals(sa_config,ah_spi,esp_spi,&proposals);
+       /* create IDi */
+       sa_payload = sa_payload_create_from_child_proposals(proposals, proposal_count);
+       allocator_free(proposals);
+       *payload = (payload_t *) sa_payload;
+}
+
+/**
+ * Implementation of private_ike_sa_init_requested_t.build_tsi_payload.
+ */
+static void build_tsi_payload (private_ike_sa_init_requested_t *this, payload_t **payload)
+{
+       sa_config_t *sa_config;
+       ts_payload_t *ts_payload;
+       size_t traffic_selectors_count;
+       traffic_selector_t **traffic_selectors;
+       
+       sa_config = this->ike_sa->get_sa_config(this->ike_sa);
+       
+       traffic_selectors_count = sa_config->get_traffic_selectors_initiator(sa_config,&traffic_selectors);
+
+       /* create IDi */
+       ts_payload = ts_payload_create_from_traffic_selectors(TRUE,traffic_selectors, traffic_selectors_count);
+       allocator_free(traffic_selectors);
+       *payload = (payload_t *) ts_payload;
+}
+
+/**
+ * Implementation of private_ike_sa_init_requested_t.build_tsr_payload.
+ */
+static void build_tsr_payload (private_ike_sa_init_requested_t *this, payload_t **payload)
+{
+       sa_config_t *sa_config;
+       ts_payload_t *ts_payload;
+       size_t traffic_selectors_count;
+       traffic_selector_t **traffic_selectors;
+       
+       sa_config = this->ike_sa->get_sa_config(this->ike_sa);
+       
+       traffic_selectors_count = sa_config->get_traffic_selectors_responder(sa_config,&traffic_selectors);
+
+       /* create IDi */
+       ts_payload = ts_payload_create_from_traffic_selectors(FALSE,traffic_selectors, traffic_selectors_count);
+       allocator_free(traffic_selectors);
+       *payload = (payload_t *) ts_payload;
+}
+
+
+/**
  * Implements state_t.get_state
  */
 static ike_sa_state_t get_state(private_ike_sa_init_requested_t *this)
@@ -386,12 +500,11 @@ static void destroy_after_state_change (private_ike_sa_init_requested_t *this)
        
        this->logger->log(this->logger, CONTROL | MOST, "Destroy diffie hellman object");
        this->diffie_hellman->destroy(this->diffie_hellman);
-       
+
        allocator_free(this->sent_nonce.ptr);
        allocator_free(this->received_nonce.ptr);
        allocator_free(this->shared_secret.ptr);
-       allocator_free(this);
-       
+       allocator_free(this);   
 }
 
 /**
@@ -413,7 +526,7 @@ static void destroy(private_ike_sa_init_requested_t *this)
 /* 
  * Described in header.
  */
-ike_sa_init_requested_t *ike_sa_init_requested_create(protected_ike_sa_t *ike_sa,u_int16_t dh_group_priority, diffie_hellman_t *diffie_hellman, chunk_t sent_nonce)
+ike_sa_init_requested_t *ike_sa_init_requested_create(protected_ike_sa_t *ike_sa, u_int16_t dh_group_priority, diffie_hellman_t *diffie_hellman, chunk_t sent_nonce)
 {
        private_ike_sa_init_requested_t *this = allocator_alloc_thing(private_ike_sa_init_requested_t);
        
@@ -426,6 +539,9 @@ ike_sa_init_requested_t *ike_sa_init_requested_create(protected_ike_sa_t *ike_sa
        this->build_ike_auth_request = build_ike_auth_request;
        this->build_id_payload = build_id_payload;
        this->build_auth_payload = build_auth_payload;
+       this->build_sa_payload = build_sa_payload;
+       this->build_tsi_payload = build_tsi_payload;
+       this->build_tsr_payload = build_tsr_payload;
        this->destroy_after_state_change = destroy_after_state_change;
        
        /* private data */
index 7aa1fd0..70090eb 100644 (file)
@@ -109,6 +109,7 @@ static status_t process_message(private_ike_sa_init_responded_t *this, message_t
        crypter = this->ike_sa->get_crypter_initiator(this->ike_sa);
        
        /* parse incoming message */
+
        status = message->parse_body(message, crypter, signer);
        if (status != SUCCESS)
        {
index 2c653ee..8a0669a 100644 (file)
@@ -136,6 +136,7 @@ static status_t initiate_connection (private_initiator_init_t *this, char *name)
        status_t status;
        randomizer_t *randomizer;
        init_config_t *init_config;
+       sa_config_t *sa_config;
        
        this->logger->log(this->logger, CONTROL, "Initializing connection %s",name);
        
@@ -151,6 +152,18 @@ static status_t initiate_connection (private_initiator_init_t *this, char *name)
        /* configuration can be set */
        this->ike_sa->set_init_config(this->ike_sa,init_config);
        
+       /* get sa_config_t object */
+       status = charon->configuration_manager->get_sa_config_for_name(charon->configuration_manager,name,&sa_config);
+       
+       if (status != SUCCESS)
+       {       
+               this->logger->log(this->logger, ERROR | MORE, "Could not retrieve SA configuration informations for %s",name);
+               return INVALID_ARG;
+       }
+       
+       /* configuration can be set */
+       this->ike_sa->set_sa_config(this->ike_sa,sa_config);
+       
        this->ike_sa->set_other_host(this->ike_sa,init_config->get_other_host_clone(init_config));
        this->ike_sa->set_my_host(this->ike_sa,init_config->get_my_host_clone(init_config));
        
index 124ae46..139fd4a 100644 (file)
 #include <utils/allocator.h>
 
 
+/** 
+ * String mappings for id_type_t.
+ */
+mapping_t id_type_m[] = {
+{ID_IPV4_ADDR, "ID_IPV4_ADDR"},
+{ID_FQDN, "ID_FQDN"},
+{ID_RFC822_ADDR, "ID_RFC822_ADDR"},
+{ID_IPV6_ADDR, "ID_IPV6_ADDR"},
+{ID_DER_ASN1_DN, "ID_DER_ASN1_DN"},
+{ID_DER_ASN1_GN, "ID_DER_ASN1_GN"},
+{ID_KEY_ID, "ID_KEY_ID"},
+{MAPPING_END, NULL}
+};
+
+
+
 typedef struct private_identification_t private_identification_t;
 
 /**
@@ -136,6 +152,7 @@ static private_identification_t *identification_create()
 identification_t *identification_create_from_string(id_type_t type, char *string)
 {
        private_identification_t *this = identification_create();
+       this->type = type;
        switch (type)
        {
                case ID_IPV4_ADDR:
@@ -175,6 +192,7 @@ identification_t *identification_create_from_string(id_type_t type, char *string
 identification_t *identification_create_from_encoding(id_type_t type, chunk_t encoded)
 {
        private_identification_t *this = identification_create();
+       this->type = type;
        switch (type)
        {
                case ID_IPV4_ADDR:
index 0231721..1990183 100644 (file)
 
 #include "types.h"
 
-#include <encoding/payloads/id_payload.h>
+typedef enum id_type_t id_type_t;
+
+/**
+ * ID Types of a ID payload.
+ * 
+ * @ingroup payloads
+ */
+enum id_type_t {
+       /**
+        * ID data is a single four (4) octet IPv4 address.
+        */
+       ID_IPV4_ADDR = 1,
+
+       /**
+        * ID data is a fully-qualified domain name string.
+        * An example of a ID_FQDN is, "example.com".
+        * The string MUST not contain any terminators (e.g., NULL, CR, etc.).
+        */
+       ID_FQDN = 2,
+       
+       /**
+        * ID data is a fully-qualified RFC822 email address string, An example of
+        * a ID_RFC822_ADDR is, "jsmith@example.com".  The string MUST
+        * not contain any terminators.
+        */
+       ID_RFC822_ADDR = 3,
+       
+       /**
+        * ID data is a single sixteen (16) octet IPv6 address.
+        */
+       ID_IPV6_ADDR = 5,
+       
+       /**
+        * ID data is the binary DER encoding of an ASN.1 X.500 Distinguished Name
+     * [X.501].
+     */
+       ID_DER_ASN1_DN = 9,
+       
+       /**
+        * ID data is the binary DER encoding of an ASN.1 X.500 GeneralName
+     * [X.509].
+     */
+       ID_DER_ASN1_GN = 10,
+       
+       /**
+        * ID data is an opaque octet stream which may be used to pass vendor-
+     * specific information necessary to do certain proprietary
+     * types of identification.
+     */
+       ID_KEY_ID = 11
+};
+
+extern mapping_t id_type_m[];
 
 typedef struct identification_t identification_t;
 
index cd73e8a..d030d5c 100644 (file)
@@ -150,7 +150,6 @@ static logger_t *create_logger(private_logger_manager_t *this, logger_context_t
                case MESSAGE:
                case WORKER:
                        logger_level |= ALL;
-                       break;
                case PARSER:
                case GENERATOR:
                case THREAD_POOL: