- fixed bug in diffie hellman exchange (no public value was written)
authorJan Hutter <jhutter@hsr.ch>
Tue, 29 Nov 2005 12:23:40 +0000 (12:23 -0000)
committerJan Hutter <jhutter@hsr.ch>
Tue, 29 Nov 2005 12:23:40 +0000 (12:23 -0000)
Source/charon/encoding/message.c
Source/charon/encoding/payloads/Makefile.payloads
Source/charon/encoding/payloads/auth_payload.c
Source/charon/encoding/payloads/id_payload.c
Source/charon/encoding/payloads/id_payload.h
Source/charon/encoding/payloads/proposal_substructure.c
Source/charon/encoding/payloads/sa_payload.c
Source/charon/encoding/payloads/transform_substructure.c
Source/charon/sa/states/responder_init.c

index 82572e5..9e96232 100644 (file)
@@ -614,6 +614,7 @@ static status_t parse_body(private_message_t *this, crypter_t *crypter, signer_t
                if (status != SUCCESS)
                {
                        this->logger->log(this->logger, ERROR, "payload type %s could not be verified",mapping_find(payload_type_m,current_payload_type));
+                       current_payload->destroy(current_payload);
                        status = VERIFY_ERROR;
                        return status;
                }
@@ -627,12 +628,14 @@ static status_t parse_body(private_message_t *this, crypter_t *crypter, signer_t
                        if (status != SUCCESS)
                        {
                                this->logger->log(this->logger, ERROR, "encryption payload signature invaild");
+                               current_payload->destroy(current_payload);
                                return status;
                        }
                        status = encryption_payload->decrypt(encryption_payload, crypter);
                        if (status != SUCCESS)
                        {
                                this->logger->log(this->logger, ERROR, "parsing decrypted encryption payload failed");
+                               current_payload->destroy(current_payload);
                                return status;
                        }
                }
index da2587e..c9046a0 100644 (file)
@@ -42,6 +42,10 @@ OBJS+= $(BUILD_DIR)auth_payload.o
 $(BUILD_DIR)auth_payload.o :                           $(PAYLOADS_DIR)auth_payload.c $(PAYLOADS_DIR)auth_payload.h
                                                                                $(CC) $(CFLAGS) -c -o $@ $<
 
+#OBJS+= $(BUILD_DIR)ts_payload.o
+#$(BUILD_DIR)ts_payload.o :                            $(PAYLOADS_DIR)ts_payload.c $(PAYLOADS_DIR)ts_payload.h
+#                                                                              $(CC) $(CFLAGS) -c -o $@ $<
+
 OBJS+= $(BUILD_DIR)payload.o
 $(BUILD_DIR)payload.o :                                        $(PAYLOADS_DIR)payload.c $(PAYLOADS_DIR)payload.h
                                                                                $(CC) $(CFLAGS) -c -o $@ $<
index d5af17f..1070826 100644 (file)
@@ -1,7 +1,7 @@
 /**
  * @file auth_payload.h
  * 
- * @brief Interface of auth_payload_t.
+ * @brief Implementation of auth_payload_t.
  * 
  */
 
index 6201dcc..073be79 100644 (file)
@@ -53,7 +53,7 @@ struct private_id_payload_t {
        id_payload_t public;
        
        /**
-        * TRUE if this ID payload is of type IDi, FALSE for IDr
+        * TRUE if this ID payload is of type IDi, FALSE for IDr.
         */
        bool is_initiator;
        
index 6837d91..416c1c4 100644 (file)
@@ -176,8 +176,6 @@ struct id_payload_t {
 /**
  * @brief Creates an empty id_payload_t object.
  * 
- * As default a ID payload of type IDi is created.
- * 
  * @param is_initiator 
  *                                             - TRUE if this payload is of type IDi
  *                                             - FALSE if this payload is of type IDr
index c80880d..354eedb 100644 (file)
@@ -141,6 +141,9 @@ encoding_rule_t proposal_substructure_encodings[] = {
  */
 static status_t verify(private_proposal_substructure_t *this)
 {
+       status_t status = SUCCESS;
+       iterator_t *iterator;
+       
        if ((this->next_payload != NO_PAYLOAD) && (this->next_payload != PROPOSAL_SUBSTRUCTURE))
        {
                /* must be 0 or 2 */
@@ -157,9 +160,26 @@ static status_t verify(private_proposal_substructure_t *this)
                /* reserved are not supported */
                return FAILED;
        }
+       
+       iterator = this->transforms->create_iterator(this->transforms,TRUE);
+       
+       while(iterator->has_next(iterator))
+       {
+               payload_t *current_transform;
+               iterator->current(iterator,(void **)&current_transform);
+
+               status = current_transform->verify(current_transform);
+               if (status != SUCCESS)
+               {
+                       break;
+               }
+       }
+       
+       iterator->destroy(iterator);
+
 
        /* proposal number is checked in SA payload */  
-       return SUCCESS;
+       return status;
 }
 
 /**
index d9175de..4054c6f 100644 (file)
@@ -115,7 +115,7 @@ encoding_rule_t sa_payload_encodings[] = {
 static status_t verify(private_sa_payload_t *this)
 {
        int proposal_number = 1;
-       status_t status;
+       status_t status = SUCCESS;
        iterator_t *iterator;
        bool first = TRUE;
        
@@ -131,10 +131,7 @@ static status_t verify(private_sa_payload_t *this)
        while(iterator->has_next(iterator))
        {
                proposal_substructure_t *current_proposal;
-               status = iterator->current(iterator,(void **)&current_proposal);
-               {
-                       break;
-               }
+               iterator->current(iterator,(void **)&current_proposal);
                if (current_proposal->get_proposal_number(current_proposal) > proposal_number)
                {
                        if (first) 
@@ -158,6 +155,12 @@ static status_t verify(private_sa_payload_t *this)
                        status = FAILED;
                        break;
                }
+               
+               status = current_proposal->payload_interface.verify(&(current_proposal->payload_interface));
+               if (status != SUCCESS)
+               {
+                       break;
+               }
                first = FALSE;
        }
        
index 4e3655b..3c91b25 100644 (file)
@@ -148,7 +148,10 @@ encoding_rule_t transform_substructure_encodings[] = {
  */
 static status_t verify(private_transform_substructure_t *this)
 {
-       if ((this->next_payload != NO_PAYLOAD) && (this->next_payload != TRANSFORM_SUBSTRUCTURE))
+       status_t status = SUCCESS;
+       iterator_t *iterator;
+       
+       if ((this->next_payload != NO_PAYLOAD) && (this->next_payload != 3))
        {
                /* must be 0 or 3 */
                return FAILED;
@@ -218,9 +221,25 @@ static status_t verify(private_transform_substructure_t *this)
                        return FAILED;
                }
        }
+       iterator = this->attributes->create_iterator(this->attributes,TRUE);
+       
+       while(iterator->has_next(iterator))
+       {
+               payload_t *current_attributes;
+               iterator->current(iterator,(void **)&current_attributes);
+
+               status = current_attributes->verify(current_attributes);
+               if (status != SUCCESS)
+               {
+                       break;
+               }
+       }
+       
+       iterator->destroy(iterator);
+
 
        /* proposal number is checked in SA payload */  
-       return SUCCESS;
+       return status;
 }
 
 /**
index ae906fc..c056502 100644 (file)
@@ -275,7 +275,6 @@ static status_t process_message(private_responder_init_t *this, message_t *messa
                                        payloads->destroy(payloads);
                                        return NOT_SUPPORTED;
                                }
-
                                this->logger->log(this->logger, CONTROL | MORE, "Set other DH public value");
                                
                                dh->set_other_public_value(dh, ke_payload->get_key_exchange_data(ke_payload));
@@ -425,6 +424,7 @@ static void build_ke_payload(private_responder_init_t *this, payload_t **payload
        this->diffie_hellman->get_my_public_value(this->diffie_hellman,&key_data);
 
        ke_payload = ke_payload_create();
+       ke_payload->set_key_exchange_data(ke_payload,key_data);
        ke_payload->set_dh_group_number(ke_payload, MODP_1024_BIT);
 
        allocator_free_chunk(&key_data);