IKEv1 ConfigMode: Added TRANSACTION exchange type. Added attribute_payload (IKEv2...
authorClavister OpenSource <opensource@clavister.com>
Wed, 23 Nov 2011 07:29:54 +0000 (08:29 +0100)
committerClavister OpenSource <opensource@clavister.com>
Tue, 20 Mar 2012 16:30:49 +0000 (17:30 +0100)
src/libcharon/Makefile.am
src/libcharon/encoding/message.c
src/libcharon/encoding/payloads/ike_header.c
src/libcharon/encoding/payloads/ike_header.h
src/libcharon/encoding/payloads/payload.c
src/libcharon/encoding/payloads/payload.h

index e3c73a8..d76ba49 100644 (file)
@@ -15,11 +15,13 @@ daemon.c daemon.h \
 encoding/generator.c encoding/generator.h \
 encoding/message.c encoding/message.h \
 encoding/parser.c encoding/parser.h \
+encoding/payloads/attribute_payload_v1.c encoding/payloads/attribute_payload_v1.h \
 encoding/payloads/auth_payload.c encoding/payloads/auth_payload.h \
 encoding/payloads/cert_payload.c encoding/payloads/cert_payload.h \
 encoding/payloads/certreq_payload.c encoding/payloads/certreq_payload.h \
 encoding/payloads/configuration_attribute.c encoding/payloads/configuration_attribute.h \
 encoding/payloads/cp_payload.c encoding/payloads/cp_payload.h \
+encoding/payloads/data_attribute_v1.c encoding/payloads/data_attribute_v1.h \
 encoding/payloads/delete_payload.c encoding/payloads/delete_payload.h \
 encoding/payloads/eap_payload.c encoding/payloads/eap_payload.h \
 encoding/payloads/encodings.c encoding/payloads/encodings.h \
index e7a4834..e84f9a1 100644 (file)
@@ -631,6 +631,24 @@ static payload_order_t quick_mode_r_order[] = {
        {ID_V1,                                         0},
 };
 
+/**
+ * Message rule for TRANSACTION.
+ */
+static payload_rule_t transaction_payload_rules_v1[] = {
+/*     payload type                    min     max     encr    suff */
+       {HASH_V1,                       0,      1,      TRUE,   FALSE},
+       {ATTRIBUTE_V1,                  1,      1,      FALSE,  FALSE},
+};
+
+/**
+ * Payload order for TRANSACTION.
+ */
+static payload_order_t transaction_payload_order_v1[] = {
+/*     payload type                    notify type */
+       {HASH_V1,                       0},
+       {ATTRIBUTE_V1,                  0},
+};
+
 #endif /* USE_IKEV1 */
 
 /**
@@ -708,6 +726,14 @@ static message_rule_t message_rules[] = {
                countof(quick_mode_r_rules), quick_mode_r_rules,
                countof(quick_mode_r_order), quick_mode_r_order,
        },
+       {TRANSACTION,           TRUE,   TRUE,
+               countof(transaction_payload_rules_v1), transaction_payload_rules_v1,
+               countof(transaction_payload_order_v1), transaction_payload_order_v1,
+       },
+       {TRANSACTION,           FALSE,  TRUE,
+               countof(transaction_payload_rules_v1), transaction_payload_rules_v1,
+               countof(transaction_payload_order_v1), transaction_payload_order_v1,
+       },
        /* TODO-IKEv1: define rules for other exchanges */
 #endif /* USE_IKEV1 */
 };
index 54e0465..58b6241 100644 (file)
@@ -114,12 +114,13 @@ struct private_ike_header_t {
        u_int32_t length;
 };
 
-ENUM_BEGIN(exchange_type_names, ID_PROT, INFORMATIONAL_V1,
+ENUM_BEGIN(exchange_type_names, ID_PROT, TRANSACTION,
        "ID_PROT",
        "AUTH_ONLY",
        "AGGRESSIVE",
-       "INFORMATIONAL_V1");
-ENUM_NEXT(exchange_type_names, QUICK_MODE, IKE_SESSION_RESUME, INFORMATIONAL_V1,
+       "INFORMATIONAL_V1",
+       "TRANSACTION");
+ENUM_NEXT(exchange_type_names, QUICK_MODE, IKE_SESSION_RESUME, TRANSACTION,
        "QUICK_MODE",
        "NEW_GROUP_MODE",
        "IKE_SA_INIT",
@@ -172,10 +173,10 @@ static encoding_rule_t encodings[] = {
        /* 4 Byte message id, stored in the field message_id */
        { U_INT_32,             offsetof(private_ike_header_t, message_id)              },
        /* 4 Byte length fied, stored in the field length */
-       { HEADER_LENGTH,offsetof(private_ike_header_t, length)                  },
+       { HEADER_LENGTH,        offsetof(private_ike_header_t, length)                  }
 };
 
-/*                           1                   2                   3
+/*                         1                   2                   3
        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       !                       IKE_SA Initiator's SPI                  !
@@ -206,6 +207,7 @@ METHOD(payload_t, verify, status_t,
                        /* fall */
                case AUTH_ONLY:
                case INFORMATIONAL_V1:
+               case TRANSACTION:
                case QUICK_MODE:
                case NEW_GROUP_MODE:
                        if (this->maj_version != IKEV1_MAJOR_VERSION)
index a63d379..e6b7d0d 100644 (file)
@@ -82,6 +82,11 @@ enum exchange_type_t{
        INFORMATIONAL_V1 = 5,
 
        /**
+        * Transaction (ISAKMP Cfg Mode "draft-ietf-ipsec-isakmp-mode-cfg-05")
+        */
+       TRANSACTION = 6,
+
+       /**
         * Quick Mode
         */
        QUICK_MODE = 32,
@@ -138,7 +143,6 @@ extern enum_name_t *exchange_type_names;
  * An object of this type represents an IKE header of either IKEv1 or IKEv2.
  */
 struct ike_header_t {
-
        /**
         * The payload_t interface.
         */
index 83fd1cb..7d6fa66 100644 (file)
@@ -20,6 +20,7 @@
 
 #include <encoding/payloads/ike_header.h>
 #include <encoding/payloads/sa_payload.h>
+
 #include <encoding/payloads/nonce_payload.h>
 #include <encoding/payloads/id_payload.h>
 #include <encoding/payloads/ke_payload.h>
 #include <encoding/payloads/hash_payload.h>
 #include <encoding/payloads/unknown_payload.h>
 
+#include <encoding/payloads/attribute_payload_v1.h>
+#include <encoding/payloads/data_attribute_v1.h>
 
 ENUM_BEGIN(payload_type_names, NO_PAYLOAD, NO_PAYLOAD,
        "NO_PAYLOAD");
-ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION_V1, VENDOR_ID_V1, NO_PAYLOAD,
+ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION_V1, ATTRIBUTE_V1, NO_PAYLOAD,
        "SECURITY_ASSOCIATION_V1",
        "PROPOSAL_V1",
        "TRANSFORM_V1",
@@ -53,8 +56,9 @@ ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION_V1, VENDOR_ID_V1, NO_PAYLOAD,
        "NONCE_V1",
        "NOTIFY_V1",
        "DELETE_V1",
-       "VENDOR_ID_V1");
-ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION, EXTENSIBLE_AUTHENTICATION, VENDOR_ID_V1,
+       "VENDOR_ID_V1",
+       "ATTRIBUTE_V1");
+ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION, EXTENSIBLE_AUTHENTICATION, ATTRIBUTE_V1,
        "SECURITY_ASSOCIATION",
        "KEY_EXCHANGE",
        "ID_INITIATOR",
@@ -74,7 +78,7 @@ ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION, EXTENSIBLE_AUTHENTICATION, V
 #ifdef ME
 ENUM_NEXT(payload_type_names, ID_PEER, ID_PEER, EXTENSIBLE_AUTHENTICATION,
        "ID_PEER");
-ENUM_NEXT(payload_type_names, HEADER, ENCRYPTED_V1, ID_PEER,
+ENUM_NEXT(payload_type_names, HEADER, DATA_ATTRIBUTE_V1, ID_PEER,
        "HEADER",
        "PROPOSAL_SUBSTRUCTURE",
        "PROPOSAL_SUBSTRUCTURE_V1",
@@ -84,9 +88,10 @@ ENUM_NEXT(payload_type_names, HEADER, ENCRYPTED_V1, ID_PEER,
        "TRANSFORM_ATTRIBUTE_V1",
        "TRAFFIC_SELECTOR_SUBSTRUCTURE",
        "CONFIGURATION_ATTRIBUTE",
-       "ENCRYPTED_V1");
+       "ENCRYPTED_V1",
+       "DATA_ATTRIBUTE_V1");
 #else
-ENUM_NEXT(payload_type_names, HEADER, ENCRYPTED_V1, EXTENSIBLE_AUTHENTICATION,
+ENUM_NEXT(payload_type_names, HEADER, DATA_ATTRIBUTE_V1, EXTENSIBLE_AUTHENTICATION,
        "HEADER",
        "PROPOSAL_SUBSTRUCTURE",
        "PROPOSAL_SUBSTRUCTURE_V1",
@@ -96,9 +101,10 @@ ENUM_NEXT(payload_type_names, HEADER, ENCRYPTED_V1, EXTENSIBLE_AUTHENTICATION,
        "TRANSFORM_ATTRIBUTE_V1",
        "TRAFFIC_SELECTOR_SUBSTRUCTURE",
        "CONFIGURATION_ATTRIBUTE",
-       "ENCRYPTED_V1");
+       "ENCRYPTED_V1",
+       "DATA_ATTRIBUTE_V1");
 #endif /* ME */
-ENUM_END(payload_type_names, ENCRYPTED_V1);
+ENUM_END(payload_type_names, DATA_ATTRIBUTE_V1);
 
 /* short forms of payload names */
 ENUM_BEGIN(payload_type_short_names, NO_PAYLOAD, NO_PAYLOAD,
@@ -137,7 +143,7 @@ ENUM_NEXT(payload_type_short_names, SECURITY_ASSOCIATION, EXTENSIBLE_AUTHENTICAT
 #ifdef ME
 ENUM_NEXT(payload_type_short_names, ID_PEER, ID_PEER, EXTENSIBLE_AUTHENTICATION,
        "IDp");
-ENUM_NEXT(payload_type_short_names, HEADER, ENCRYPTED_V1, ID_PEER,
+ENUM_NEXT(payload_type_short_names, HEADER, DATA_ATTRIBUTE_V1, ID_PEER,
        "HDR",
        "PROP",
        "PROP",
@@ -147,9 +153,10 @@ ENUM_NEXT(payload_type_short_names, HEADER, ENCRYPTED_V1, ID_PEER,
        "TRANSATTR",
        "TSSUB",
        "CATTR",
-       "E");
+       "E",
+       "DATAATTR");
 #else
-ENUM_NEXT(payload_type_short_names, HEADER, ENCRYPTED_V1, EXTENSIBLE_AUTHENTICATION,
+ENUM_NEXT(payload_type_short_names, HEADER, DATA_ATTRIBUTE_V1, EXTENSIBLE_AUTHENTICATION,
        "HDR",
        "PROP",
        "PROP",
@@ -159,9 +166,10 @@ ENUM_NEXT(payload_type_short_names, HEADER, ENCRYPTED_V1, EXTENSIBLE_AUTHENTICAT
        "TRANSATTR",
        "TSSUB",
        "CATTR",
-       "E");
+       "E",
+       "DATAATTR");
 #endif /* ME */
-ENUM_END(payload_type_short_names, ENCRYPTED_V1);
+ENUM_END(payload_type_short_names, DATA_ATTRIBUTE_V1);
 
 /*
  * see header
@@ -197,7 +205,8 @@ payload_t *payload_create(payload_type_t type)
                case AUTHENTICATION:
                        return (payload_t*)auth_payload_create();
                case CERTIFICATE:
-                       return (payload_t*)cert_payload_create();
+               case CERTIFICATE_V1:
+                       return (payload_t*)cert_payload_create(type);
                case CERTIFICATE_REQUEST:
                        return (payload_t*)certreq_payload_create();
                case TRAFFIC_SELECTOR_SUBSTRUCTURE:
@@ -229,6 +238,10 @@ payload_t *payload_create(payload_type_t type)
                case ENCRYPTED:
                case ENCRYPTED_V1:
                        return (payload_t*)encryption_payload_create(type);
+               case ATTRIBUTE_V1:
+                       return (payload_t*)attribute_payload_v1_create();
+               case DATA_ATTRIBUTE_V1:
+                       return (payload_t*)data_attribute_v1_create();
                default:
                        return (payload_t*)unknown_payload_create(type);
        }
index e4ed76a..f55099f 100644 (file)
@@ -113,6 +113,11 @@ enum payload_type_t {
        VENDOR_ID_V1 = 13,
 
        /**
+        * Attribute payload (ISAKMP Cfg Mode "draft-ietf-ipsec-isakmp-mode-cfg-05")
+        */
+       ATTRIBUTE_V1 = 14,
+
+       /**
         * The security association (SA) payload containing proposals.
         */
        SECURITY_ASSOCIATION = 33,
@@ -252,6 +257,12 @@ enum payload_type_t {
         * This is not really a payload, but rather the complete IKEv1 message.
         */
        ENCRYPTED_V1,
+
+       /**
+        * DATA_ATTRIBUTE, attribute in an ATTRIBUTE payload.
+        */
+       DATA_ATTRIBUTE_V1,
+
 };
 
 /**