- encryptino payload
authorMartin Willi <martin@strongswan.org>
Mon, 28 Nov 2005 15:43:05 +0000 (15:43 -0000)
committerMartin Willi <martin@strongswan.org>
Mon, 28 Nov 2005 15:43:05 +0000 (15:43 -0000)
13 files changed:
Source/charon/Makefile
Source/charon/daemon.h
Source/charon/encoding/generator.c
Source/charon/encoding/message.c
Source/charon/encoding/message.h
Source/charon/encoding/parser.c
Source/charon/encoding/payloads/Makefile.payloads
Source/charon/encoding/payloads/encodings.h
Source/charon/sa/ike_sa.c
Source/charon/sa/states/ike_sa_init_requested.c
Source/charon/sa/states/initiator_init.c
Source/charon/sa/states/responder_init.c
Source/charon/utils/logger_manager.c

index 1491efc..3da6561 100644 (file)
@@ -21,9 +21,7 @@ LDFLAGS= -lgmp -lpthread
 CFLAGS+= -Wall \
                 -DLEAK_DETECTIVE \
                 -I. \
-                -g
-
-#               -Werror
+                -g #-Werror
 
 # objects is extended by each included Makefile
 OBJS= 
index 3d83286..6e90018 100644 (file)
@@ -27,7 +27,7 @@
 
 #define DAEMON_NAME "charon"
 
-#define NUMBER_OF_WORKING_THREADS 4
+#define NUMBER_OF_WORKING_THREADS 1
 
 #define IKEV2_UDP_PORT 500
 
index 5cb92d8..0c32cec 100644 (file)
@@ -348,111 +348,112 @@ static status_t generate_u_int_type (private_generator_t *this,encoding_type_t i
        /* now handle each u int type differently */
        switch (int_type)
        {
-                       case U_INT_4:
+               case U_INT_4:
+               {
+                       if (this->current_bit == 0)
                        {
-                               if (this->current_bit == 0)
-                               {
-                                       /* highval of current byte in buffer has to be set to the new value*/
-                                       u_int8_t high_val = *((u_int8_t *)(this->data_struct + offset)) << 4;
-                                       /* lowval in buffer is not changed */
-                                       u_int8_t low_val = *(this->out_position) & 0x0F;
-                                       /* highval is set, low_val is not changed */
-                                       *(this->out_position) = high_val | low_val;
-                                       this->logger->log(this->logger, RAW|MOST, "   => 0x%x", *(this->out_position));
-                                       /* write position is not changed, just bit position is moved */
-                                       this->current_bit = 4;
-                               }
-                               else if (this->current_bit == 4)
-                               {
-                                       /* highval in buffer is not changed */
-                                       u_int high_val = *(this->out_position) & 0xF0;
-                                       /* lowval of current byte in buffer has to be set to the new value*/
-                                       u_int low_val = *((u_int8_t *)(this->data_struct + offset)) & 0x0F;
-                                       *(this->out_position) = high_val | low_val;
-                                       this->logger->log(this->logger, RAW|MOST, "   => 0x%x", *(this->out_position));
-                                       this->out_position++;
-                                       this->current_bit = 0;
-
-                               }
-                               else
-                               {
-                                       this->logger->log(this->logger, ERROR, "U_INT_4 Type is not 4 Bit aligned");
-                                       /* 4 Bit integers must have a 4 bit alignment */
-                                       return FAILED;
-                               };
-                               break;
+                               /* highval of current byte in buffer has to be set to the new value*/
+                               u_int8_t high_val = *((u_int8_t *)(this->data_struct + offset)) << 4;
+                               /* lowval in buffer is not changed */
+                               u_int8_t low_val = *(this->out_position) & 0x0F;
+                               /* highval is set, low_val is not changed */
+                               *(this->out_position) = high_val | low_val;
+                               this->logger->log(this->logger, RAW|MOST, "   => 0x%x", *(this->out_position));
+                               /* write position is not changed, just bit position is moved */
+                               this->current_bit = 4;
                        }
-                       case U_INT_8:
+                       else if (this->current_bit == 4)
                        {
-                               /* 8 bit values are written as they are */
-                               *this->out_position = *((u_int8_t *)(this->data_struct + offset));
+                               /* highval in buffer is not changed */
+                               u_int high_val = *(this->out_position) & 0xF0;
+                               /* lowval of current byte in buffer has to be set to the new value*/
+                               u_int low_val = *((u_int8_t *)(this->data_struct + offset)) & 0x0F;
+                               *(this->out_position) = high_val | low_val;
                                this->logger->log(this->logger, RAW|MOST, "   => 0x%x", *(this->out_position));
                                this->out_position++;
-                               break;
-
-                       }
-                       case ATTRIBUTE_TYPE:
-                       {
-                               /* attribute type must not change first bit uf current byte ! */
-                               if (this->current_bit != 1)
-                               {
-                                       this->logger->log(this->logger, ERROR, "ATTRIBUTE FORMAT flag is not set");
-                                       /* first bit has to be set! */
-                                       return FAILED;
-                               }
-                               /* get value of attribute format flag */
-                               u_int8_t attribute_format_flag = *(this->out_position) & 0x80;
-                               /* get attribute type value as 16 bit integer*/
-                               u_int16_t int16_val = htons(*((u_int16_t*)(this->data_struct + offset)));
-                               /* last bit must be unset */
-                               int16_val = int16_val & 0xFF7F;
-                               
-                               int16_val = int16_val | attribute_format_flag;
-                               this->logger->log(this->logger, RAW|MOST, "   => 0x%x", int16_val);
-                               /* write bytes to buffer (set bit is overwritten)*/                             
-                               this->write_bytes_to_buffer(this,&int16_val,sizeof(u_int16_t));
                                this->current_bit = 0;
-                               break;
-                               
+
                        }
-                       case U_INT_16:
+                       else
                        {
-                               u_int16_t int16_val = htons(*((u_int16_t*)(this->data_struct + offset)));
-                               this->logger->log_bytes(this->logger, RAW|MOST, "   =>", (void*)&int16_val, sizeof(int16_val));
-                               this->write_bytes_to_buffer(this,&int16_val,sizeof(u_int16_t));
-                               break;
-                       }
-                       case U_INT_32:
-                       {
-                               u_int32_t int32_val = htonl(*((u_int32_t*)(this->data_struct + offset)));
-                               this->logger->log_bytes(this->logger, RAW|MOST, "   =>", (void*)&int32_val, sizeof(int32_val));
-                               this->write_bytes_to_buffer(this,&int32_val,sizeof(u_int32_t));
-                               break;
-                       }
-                       case U_INT_64:
+                               this->logger->log(this->logger, ERROR, "U_INT_4 Type is not 4 Bit aligned");
+                               /* 4 Bit integers must have a 4 bit alignment */
+                               return FAILED;
+                       };
+                       break;
+               }
+               case U_INT_8:
+               {
+                       /* 8 bit values are written as they are */
+                       *this->out_position = *((u_int8_t *)(this->data_struct + offset));
+                       this->logger->log(this->logger, RAW|MOST, "   => 0x%x", *(this->out_position));
+                       this->out_position++;
+                       break;
+
+               }
+               case ATTRIBUTE_TYPE:
+               {
+                       /* attribute type must not change first bit uf current byte ! */
+                       if (this->current_bit != 1)
                        {
-                               /* 64 bit integers are written as two 32 bit integers */
-                               u_int32_t int32_val_low = htonl(*((u_int32_t*)(this->data_struct + offset)));
-                               u_int32_t int32_val_high = htonl(*((u_int32_t*)(this->data_struct + offset) + 1));
-                               this->logger->log_bytes(this->logger, RAW|MOST, "   => (low)", (void*)&int32_val_low, sizeof(int32_val_low));
-                               this->logger->log_bytes(this->logger, RAW|MOST, "   => (high)", (void*)&int32_val_high, sizeof(int32_val_high));
-                               /* TODO add support for big endian machines */
-                               this->write_bytes_to_buffer(this,&int32_val_high,sizeof(u_int32_t));
-                               this->write_bytes_to_buffer(this,&int32_val_low,sizeof(u_int32_t));
-                               break;
+                               this->logger->log(this->logger, ERROR, "ATTRIBUTE FORMAT flag is not set");
+                               /* first bit has to be set! */
+                               return FAILED;
                        }
+                       /* get value of attribute format flag */
+                       u_int8_t attribute_format_flag = *(this->out_position) & 0x80;
+                       /* get attribute type value as 16 bit integer*/
+                       u_int16_t int16_val = htons(*((u_int16_t*)(this->data_struct + offset)));
+                       /* last bit must be unset */
+                       int16_val = int16_val & 0xFF7F;
                        
-                       case IKE_SPI:
-                       {
-                               /* 64 bit are written as they come :-) */
-                               this->write_bytes_to_buffer(this,(this->data_struct + offset),sizeof(u_int64_t));
-                               this->logger->log_bytes(this->logger, RAW|MOST, "   =>", (void*)(this->data_struct + offset), sizeof(u_int64_t));
-                               break;
-                       }
-
-                       default:
+                       int16_val = int16_val | attribute_format_flag;
+                       this->logger->log(this->logger, RAW|MOST, "   => 0x%x", int16_val);
+                       /* write bytes to buffer (set bit is overwritten)*/                             
+                       this->write_bytes_to_buffer(this,&int16_val,sizeof(u_int16_t));
+                       this->current_bit = 0;
+                       break;
+                       
+               }
+               case U_INT_16:
+               {
+                       u_int16_t int16_val = htons(*((u_int16_t*)(this->data_struct + offset)));
+                       this->logger->log_bytes(this->logger, RAW|MOST, "   =>", (void*)&int16_val, sizeof(int16_val));
+                       this->write_bytes_to_buffer(this,&int16_val,sizeof(u_int16_t));
+                       break;
+               }
+               case U_INT_32:
+               {
+                       u_int32_t int32_val = htonl(*((u_int32_t*)(this->data_struct + offset)));
+                       this->logger->log_bytes(this->logger, RAW|MOST, "   =>", (void*)&int32_val, sizeof(int32_val));
+                       this->write_bytes_to_buffer(this,&int32_val,sizeof(u_int32_t));
+                       break;
+               }
+               case U_INT_64:
+               {
+                       /* 64 bit integers are written as two 32 bit integers */
+                       u_int32_t int32_val_low = htonl(*((u_int32_t*)(this->data_struct + offset)));
+                       u_int32_t int32_val_high = htonl(*((u_int32_t*)(this->data_struct + offset) + 1));
+                       this->logger->log_bytes(this->logger, RAW|MOST, "   => (low)", (void*)&int32_val_low, sizeof(int32_val_low));
+                       this->logger->log_bytes(this->logger, RAW|MOST, "   => (high)", (void*)&int32_val_high, sizeof(int32_val_high));
+                       /* TODO add support for big endian machines */
+                       this->write_bytes_to_buffer(this,&int32_val_high,sizeof(u_int32_t));
+                       this->write_bytes_to_buffer(this,&int32_val_low,sizeof(u_int32_t));
+                       break;
+               }
+               
+               case IKE_SPI:
+               {
+                       /* 64 bit are written as they come :-) */
+                       this->write_bytes_to_buffer(this,(this->data_struct + offset),sizeof(u_int64_t));
+                       this->logger->log_bytes(this->logger, RAW|MOST, "   =>", (void*)(this->data_struct + offset), sizeof(u_int64_t));
+                       break;
+               }
+               default:
+               {
                        this->logger->log(this->logger, ERROR, "U_INT Type %s is not supported", mapping_find(encoding_type_m,int_type));
                        return FAILED;
+               }
        }
        return SUCCESS;
 }
@@ -1037,6 +1038,21 @@ static status_t generate_payload (private_generator_t *this,payload_t *payload)
                                        this->logger->log(this->logger, CONTROL|MOST, "attribute value has not fixed size");
                                        /* the attribute value is generated */
                                        status = this->generate_from_chunk(this,rules[i].offset);
+                                       if (status != SUCCESS)
+                                       {
+                                               this->logger->log(this->logger, ERROR, "could not write attribute value from chunk");   
+                                               return status;
+                                       }
+                               }
+                               break;
+                       }
+                       case ENCRYPTED_DATA:
+                       {
+                               status = this->generate_from_chunk(this, rules[i].offset);
+                               if (status != SUCCESS)
+                               {
+                                       this->logger->log(this->logger, ERROR, "could not write encrypted data from chunk");    
+                                       return status;
                                }
                                break;
                        }
index 27fd7f5..d1fd3a2 100644 (file)
@@ -34,6 +34,7 @@
 #include <utils/logger_manager.h>
 #include <encoding/payloads/encodings.h>
 #include <encoding/payloads/payload.h>
+#include <encoding/payloads/encryption_payload.h>
 
 
 typedef struct supported_payload_entry_t supported_payload_entry_t;
@@ -455,7 +456,7 @@ static status_t get_payload_iterator(private_message_t *this, iterator_t **itera
  * Implements message_t's generate function.
  * See #message_s.generate.
  */
-static status_t generate(private_message_t *this, packet_t **packet)
+static status_t generate(private_message_t *this, crypter_t *crypter, signer_t* signer, packet_t **packet)
 {
        generator_t *generator;
        ike_header_t *ike_header;
@@ -480,14 +481,13 @@ static status_t generate(private_message_t *this, packet_t **packet)
                return INVALID_STATE;
        }
        
-       
+       /* build ike header */
        ike_header = ike_header_create();
        if (ike_header == NULL)
        {
                return OUT_OF_RES;
        }
        
-       
        ike_header->set_exchange_type(ike_header, this->exchange_type);
        ike_header->set_message_id(ike_header, this->message_id);
        ike_header->set_response_flag(ike_header, !this->is_request);
@@ -509,6 +509,7 @@ static status_t generate(private_message_t *this, packet_t **packet)
                ike_header->destroy(ike_header);
                return OUT_OF_RES;
        }
+       /* generate every payload, except last one */
        while(iterator->has_next(iterator))
        {
                iterator->current(iterator, (void**)&next_payload);
@@ -524,7 +525,21 @@ static status_t generate(private_message_t *this, packet_t **packet)
        }
        iterator->destroy(iterator);
        
+       /* build last payload */
        payload->set_next_type(payload, NO_PAYLOAD);
+       /* if it's an encryption payload, build it first */
+       if (payload->get_type(payload) == ENCRYPTED)
+       {
+               encryption_payload_t *encryption_payload = (encryption_payload_t*)payload;
+               encryption_payload->set_signer(encryption_payload, signer);
+               status = encryption_payload->encrypt(encryption_payload, crypter);
+               if (status != SUCCESS)
+               {
+                       generator->destroy(generator);
+                       ike_header->destroy(ike_header);
+                       return status;
+               }
+       }
        status = generator->generate_payload(generator, payload);
        if (status != SUCCESS)
        {
@@ -532,27 +547,33 @@ static status_t generate(private_message_t *this, packet_t **packet)
                ike_header->destroy(ike_header);
                return status;
        }
-       
        ike_header->destroy(ike_header);
-       
-       
-       
+               
+       /* build packet */
        if (this->packet->data.ptr != NULL)
        {
                allocator_free(this->packet->data.ptr);
        }       
-       
        status = generator->write_to_chunk(generator, &(this->packet->data));
+       generator->destroy(generator);
        if (status != SUCCESS)
        {
-               generator->destroy(generator);
                return status;
        }
        
-       this->packet->clone(this->packet, packet);
-       
-       generator->destroy(generator);
+       /* append integrity checksum if necessary */
+       if (payload->get_type(payload) == ENCRYPTED)
+       {
+               encryption_payload_t *encryption_payload = (encryption_payload_t*)payload;
+               status = encryption_payload->build_signature(encryption_payload, this->packet->data);
+               if (status != SUCCESS)
+               {
+                       return status;
+               }
+       }
        
+       /* colen packet for caller */
+       this->packet->clone(this->packet, packet);
        
        this->logger->log(this->logger, CONTROL, "message generated successfully");
        return SUCCESS;
@@ -617,62 +638,54 @@ static status_t parse_header(private_message_t *this)
 }
 
 /**
- * Implements message_t's parse_body function.
- * See #message_s.parse_body.
+ * Implements message_t.parse_body.
  */
-static status_t parse_body (private_message_t *this)
+static status_t parse_body(private_message_t *this, crypter_t *crypter, signer_t *signer)
 {
        status_t status = SUCCESS;
-       int i;
        payload_type_t current_payload_type = this->first_payload;
-       supported_payload_entry_t *supported_payloads;
-       size_t supported_payloads_count;
-       
-       
-       this->logger->log(this->logger, CONTROL, "parsing body of message");
-                       
-       if (this->get_supported_payloads (this, &supported_payloads, &supported_payloads_count) != SUCCESS)
-       {
-               this->logger->log(this->logger, ERROR, "could not get supported payloads");
-               return FAILED;
-       }
                
+       this->logger->log(this->logger, CONTROL, "parsing body of message");
+       
        while (current_payload_type != NO_PAYLOAD)
        {
                payload_t *current_payload;
-               bool supported = FALSE;
                
                this->logger->log(this->logger, CONTROL|MORE, "start parsing payload of type %s", 
                                                        mapping_find(payload_type_m, current_payload_type));
-               for (i = 0; i < supported_payloads_count;i++)
-               {
-                       if (supported_payloads[i].payload_type == current_payload_type)
-                       {
-                               supported = TRUE;
-                               break;
-                       }
-               }
-               if (!supported && (current_payload_type != NO_PAYLOAD))
-               {
-                       /* type not supported */
-                       status = NOT_SUPPORTED;
-                       this->logger->log(this->logger, ERROR, "payload type %s not supported",mapping_find(payload_type_m,current_payload_type));
-                       break;
-               }
                
                status = this->parser->parse_payload(this->parser,current_payload_type,(payload_t **) &current_payload);
                if (status != SUCCESS)
                {
-                       this->logger->log(this->logger, ERROR, "payload type %s could not be parsed",mapping_find(payload_type_m,current_payload_type));                        
-                       break;
+                       this->logger->log(this->logger, ERROR, "payload type %s could not be parsed",mapping_find(payload_type_m,current_payload_type));
+                       return status;
                }
                
                status = current_payload->verify(current_payload);
                if (status != SUCCESS)
                {
-                       this->logger->log(this->logger, ERROR, "payload type %s could not be verified",mapping_find(payload_type_m,current_payload_type));                      
+                       this->logger->log(this->logger, ERROR, "payload type %s could not be verified",mapping_find(payload_type_m,current_payload_type));
                        status = VERIFY_ERROR;
-                       break;
+                       return status;
+               }
+               
+               /* encrypted payload must be decrypted */
+               if (current_payload->get_type(current_payload) == ENCRYPTED)
+               {
+                       encryption_payload_t *encryption_payload = (encryption_payload_t*)current_payload;
+                       encryption_payload->set_signer(encryption_payload, signer);
+                       status = encryption_payload->verify_signature(encryption_payload, this->packet->data);
+                       if (status != SUCCESS)
+                       {
+                               this->logger->log(this->logger, ERROR, "encryption payload signature invaild");
+                               return status;
+                       }
+                       status = encryption_payload->decrypt(encryption_payload, crypter);
+                       if (status != SUCCESS)
+                       {
+                               this->logger->log(this->logger, ERROR, "parsing decrypted encryption payload failed");
+                               return status;
+                       }
                }
 
                /* get next payload type */
@@ -681,75 +694,88 @@ static status_t parse_body (private_message_t *this)
                status = this->payloads->insert_last(this->payloads,current_payload);
                if (status != SUCCESS)
                {
-                       this->logger->log(this->logger, ERROR, "Could not insert current payload to internal list cause of ressource exhausting");
-                       break;                  
+                       this->logger->log(this->logger, ERROR, "%s on adding payload", mapping_find(status_m, status));
+                       return status;;
                }
                
        }
+       return this->public.verify(&(this->public));
+       
+}
+
+/**
+ * implements message_t.verify
+ */
+static status_t verify(private_message_t *this)
+{
+       iterator_t *iterator;
+       status_t status;
+       int i;
+       supported_payload_entry_t *supported_payloads;
+       size_t supported_payloads_count;
+       
+       this->logger->log(this->logger, CONTROL|MORE, "verifying message");
+       
+       status = this->get_supported_payloads(this, &supported_payloads, &supported_payloads_count);
        if (status != SUCCESS)
        {
-               /* already parsed payload is destroyed later in destroy call from outside this object */
+               this->logger->log(this->logger, ERROR, "could not get supported payloads: %s");
+               return status;
        }
-       else
-       {
-               iterator_t *iterator;
                
-               status = this->payloads->create_iterator(this->payloads,&iterator,TRUE);
-               if (status != SUCCESS)
-               {
-                       this->logger->log(this->logger, ERROR, "Could not create iterator to check supported payloads");
-                       return status;
-               }
+       status = this->payloads->create_iterator(this->payloads,&iterator,TRUE);
+       if (status != SUCCESS)
+       {
+               this->logger->log(this->logger, ERROR, "Could not create iterator to check supported payloads");
+               return status;
+       }
                
-               /* check for payloads with wrong count*/
-               for (i = 0; i < supported_payloads_count;i++)
-               {
-                       size_t min_occurence = supported_payloads[i].min_occurence;
-                       size_t max_occurence = supported_payloads[i].max_occurence;
-                       payload_type_t payload_type = supported_payloads[i].payload_type;
-                       size_t found_payloads = 0;
+       /* check for payloads with wrong count*/
+       for (i = 0; i < supported_payloads_count;i++)
+       {
+               size_t min_occurence = supported_payloads[i].min_occurence;
+               size_t max_occurence = supported_payloads[i].max_occurence;
+               payload_type_t payload_type = supported_payloads[i].payload_type;
+               size_t found_payloads = 0;
        
-                       iterator->reset(iterator);
+               iterator->reset(iterator);
                        
-                       while(iterator->has_next(iterator))
+               while(iterator->has_next(iterator))
+               {
+                       payload_t *current_payload;
+                       status = iterator->current(iterator,(void **)&current_payload);
+                       if (status != SUCCESS)
                        {
-                               payload_t *current_payload;
-                               status = iterator->current(iterator,(void **)&current_payload);
-                               if (status != SUCCESS)
-                               {
-                                       this->logger->log(this->logger, ERROR, "Could not get payload from internal list");
-                                       iterator->destroy(iterator);
-                                       return status;
-                               }
-                               if (current_payload->get_type(current_payload) == payload_type)
-                               {
-                                       found_payloads++;
-                                       if (found_payloads > max_occurence)
-                                       {
-                                               this->logger->log(this->logger, ERROR, "Payload of type %s more than %d times (%d) occured in current message",
-                                                                                 mapping_find(payload_type_m,current_payload->get_type(current_payload)),max_occurence,found_payloads);
-                                               iterator->destroy(iterator);
-                                               return NOT_SUPPORTED;                                   
-                                       }
-                               }
-
+                               this->logger->log(this->logger, ERROR, "Could not get payload from internal list");
+                               iterator->destroy(iterator);
+                               return OUT_OF_RES;
                        }
-                       if (found_payloads < min_occurence)
+                       if (current_payload->get_type(current_payload) == payload_type)
                        {
-                                       this->logger->log(this->logger, ERROR, "Payload of type %s not occured %d times",
-                                                                         mapping_find(payload_type_m,payload_type),min_occurence);
+                               found_payloads++;
+                               if (found_payloads > max_occurence)
+                               {
+                                       this->logger->log(this->logger, ERROR, "Payload of type %s more than %d times (%d) occured in current message",
+                                                                         mapping_find(payload_type_m,current_payload->get_type(current_payload)),max_occurence,found_payloads);
                                        iterator->destroy(iterator);
-                                       return NOT_SUPPORTED;
+                                       return NOT_SUPPORTED;                                   
+                               }
                        }
-                       
                }
-               iterator->destroy(iterator);
+               if (found_payloads < min_occurence)
+               {
+                       this->logger->log(this->logger, ERROR, "Payload of type %s not occured %d times",
+                                                         mapping_find(payload_type_m,payload_type),min_occurence);
+                       iterator->destroy(iterator);
+                       return NOT_SUPPORTED;
+               }
        }
-       return status;  
+       iterator->destroy(iterator);
+       
+       return SUCCESS;
 }
 
 
-
 /**
  * Implements message_t's destroy function.
  * See #message_s.destroy.
@@ -809,14 +835,15 @@ message_t *message_create_from_packet(packet_t *packet)
        this->public.set_request = (status_t(*)(message_t*, bool))set_request;
        this->public.get_request = (bool(*)(message_t*))get_request;
        this->public.add_payload = (status_t(*)(message_t*,payload_t*))add_payload;
-       this->public.generate = (status_t (*) (message_t *, packet_t**)) generate;
+       this->public.generate = (status_t (*) (message_t *,crypter_t*,signer_t*,packet_t**)) generate;
        this->public.set_source = (status_t (*) (message_t*,host_t*)) set_source;
        this->public.get_source = (status_t (*) (message_t*,host_t**)) get_source;
        this->public.set_destination = (status_t (*) (message_t*,host_t*)) set_destination;
        this->public.get_destination = (status_t (*) (message_t*,host_t**)) get_destination;
        this->public.get_payload_iterator = (status_t (*) (message_t *, iterator_t **)) get_payload_iterator;
-       this->public.parse_header =     (status_t (*) (message_t *)) parse_header;
-       this->public.parse_body =       (status_t (*) (message_t *)) parse_body;
+       this->public.parse_header = (status_t (*) (message_t *)) parse_header;
+       this->public.parse_body = (status_t (*) (message_t *,crypter_t*,signer_t*)) parse_body;
+       this->public.verify =  (status_t (*) (message_t*)) verify;
        this->public.destroy = (status_t(*)(message_t*))destroy;
                
        /* public values */
index 2b2a14a..19c00bb 100644 (file)
@@ -28,6 +28,8 @@
 #include <network/packet.h>
 #include <encoding/payloads/ike_header.h>
 #include <utils/linked_list.h>
+#include <transforms/crypters/crypter.h>
+#include <transforms/signers/signer.h>
 
 
 typedef struct message_t message_t;
@@ -218,7 +220,7 @@ struct message_t {
         *                                      - PARSE_ERROR if corrupted/invalid data found
         *                                      - VERIFY_ERROR if verification of some payload failed
         */
-       status_t (*parse_body) (message_t *this);
+       status_t (*parse_body) (message_t *this, crypter_t *crypter, signer_t *signer);
 
        /**
         * @brief Generates the UDP packet of specific message
@@ -229,7 +231,9 @@ struct message_t {
         *                                      - EXCHANGE_TYPE_NOT_SET if exchange type is currently not set
         * ....
         */     
-       status_t (*generate) (message_t *this, packet_t **packet);
+       status_t (*generate) (message_t *this, crypter_t *crypter, signer_t *signer, packet_t **packet);
+       
+       status_t (*verify) (message_t *this);
        status_t (*get_source) (message_t *this, host_t **host);
        status_t (*set_source) (message_t *this, host_t *host);
        status_t (*get_destination) (message_t *this, host_t **host);
index 1b213c0..dad4869 100644 (file)
@@ -40,6 +40,7 @@
 #include <encoding/payloads/ke_payload.h>
 #include <encoding/payloads/nonce_payload.h>
 #include <encoding/payloads/notify_payload.h>
+#include <encoding/payloads/encryption_payload.h>
 
 
 
@@ -836,6 +837,16 @@ static status_t parse_payload(private_parser_t *this, payload_type_t payload_typ
                                }               
                                break;                  
                        }
+                       case ENCRYPTED_DATA:
+                       {                               
+                               size_t data_length = payload_length - ENCRYPTION_PAYLOAD_HEADER_LENGTH ;
+                               if (this->parse_chunk(this, rule_number, output + rule->offset, data_length) != SUCCESS) 
+                               {
+                                       pld->destroy(pld);
+                                       return PARSE_ERROR;
+                               }               
+                               break;  
+                       }
                        default:
                        {
                                this->logger->log(this->logger, ERROR, "  no rule to parse rule %d %s (%d)", rule_number, mapping_find(encoding_type_m, rule->type), rule->type);
index 2aedd38..e32dd5b 100644 (file)
@@ -53,4 +53,8 @@ $(BUILD_DIR)transform_attribute.o :           $(PAYLOADS_DIR)transform_attribute.c $(PAYL
 OBJS+= $(BUILD_DIR)transform_substructure.o
 $(BUILD_DIR)transform_substructure.o : $(PAYLOADS_DIR)transform_substructure.c $(PAYLOADS_DIR)transform_substructure.h
                                                                                $(CC) $(CFLAGS) -c -o $@ $<
+
+OBJS+= $(BUILD_DIR)encryption_payload.o
+$(BUILD_DIR)encryption_payload.o :             $(PAYLOADS_DIR)encryption_payload.c $(PAYLOADS_DIR)encryption_payload.h
+                                                                               $(CC) $(CFLAGS) -c -o $@ $<
                                                                
index 25e3175..92fdc77 100644 (file)
@@ -286,7 +286,7 @@ enum encoding_type_t{
         */
        ATTRIBUTE_LENGTH_OR_VALUE,
 
-       /*      
+       /**
         * Depending on the field of type ATTRIBUTE_FORMAT
         * this field is available or missing and so parsed/generated 
         * or not parsed/not generated
@@ -316,7 +316,10 @@ enum encoding_type_t{
         * 
         * When parsing 8 bytes are read and written into the u_int64_t pointing to.
         */
-       IKE_SPI
+       IKE_SPI,
+       
+       ENCRYPTED_DATA,
+       
 };
 
 /**
index 914da1e..cd2a666 100644 (file)
@@ -529,7 +529,7 @@ status_t resend_last_reply (private_ike_sa_t *this)
        packet_t *packet;
        status_t status;
        
-       status = this->last_responded_message->generate(this->last_responded_message, &packet);
+       status = this->last_responded_message->generate(this->last_responded_message, NULL, NULL, &packet);
        if (status != SUCCESS)
        {
                this->logger->log(this->logger, ERROR, "Could not generate message to resent");
index fd80326..2db9336 100644 (file)
@@ -108,7 +108,7 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t
        }
        
        /* parse incoming message */
-       status = message->parse_body(message);
+       status = message->parse_body(message, NULL, NULL);
        if (status != SUCCESS)
        {
                this->logger->log(this->logger, ERROR | MORE, "Could not parse body");
index b120781..68413c1 100644 (file)
@@ -239,7 +239,7 @@ static status_t initiate_connection (private_initiator_init_t *this, char *name)
        
        /* generate packet */   
        this->logger->log(this->logger, CONTROL|MOST, "generate packet from message");
-       status = message->generate(message, &packet);
+       status = message->generate(message, NULL, NULL, &packet);
        if (status != SUCCESS)
        {
                this->logger->log(this->logger, ERROR, "Fatal error: could not generate packet from message");
index 8a8e0c6..03fd08a 100644 (file)
@@ -194,7 +194,7 @@ static status_t process_message(private_responder_init_t *this, message_t *messa
        this->ike_sa->set_other_host(this->ike_sa, other_host);
        
        /* parse incoming message */
-       status = message->parse_body(message);
+       status = message->parse_body(message, NULL, NULL);
        if (status != SUCCESS)
        {
                this->logger->log(this->logger, ERROR | MORE, "Could not parse body of request message");
@@ -411,7 +411,7 @@ static status_t process_message(private_responder_init_t *this, message_t *messa
                return status;
        }
        
-       this    ->logger->log(this->logger, CONTROL|MOST, "add SA payload to message");
+       this->logger->log(this->logger, CONTROL|MOST, "add SA payload to message");
        status = response->add_payload(response, payload);
        if (status != SUCCESS)
        {       
@@ -427,7 +427,7 @@ static status_t process_message(private_responder_init_t *this, message_t *messa
                return status;
        }
 
-       this    ->logger->log(this->logger, CONTROL|MOST, "add KE payload to message");
+       this->logger->log(this->logger, CONTROL|MOST, "add KE payload to message");
        status = response->add_payload(response, payload);
        if (status != SUCCESS)
        {       
@@ -443,7 +443,7 @@ static status_t process_message(private_responder_init_t *this, message_t *messa
                return status;
        }
 
-       this    ->logger->log(this->logger, CONTROL|MOST, "add nonce payload to message");
+       this->logger->log(this->logger, CONTROL|MOST, "add nonce payload to message");
        status = response->add_payload(response, payload);
        if (status != SUCCESS)
        {       
@@ -452,8 +452,8 @@ static status_t process_message(private_responder_init_t *this, message_t *messa
        }
        
        /* generate packet */   
-       this    ->logger->log(this->logger, CONTROL|MOST, "generate packet from message");
-       status = response->generate(response, &packet);
+       this->logger->log(this->logger, CONTROL|MOST, "generate packet from message");
+       status = response->generate(response, NULL, NULL, &packet);
        if (status != SUCCESS)
        {
                this->logger->log(this->logger, ERROR, "Fatal error: could not generate packet from message");
index 005e694..0207eab 100644 (file)
@@ -151,11 +151,11 @@ static logger_t *create_logger(private_logger_manager_t *this, logger_context_t
                        logger_level |= FULL;
                case IKE_SA_MANAGER:
                case MESSAGE:
+               case WORKER:
                        logger_level |= ALL;
                case PARSER:
                case GENERATOR:
                case THREAD_POOL:
-               case WORKER:
                case SCHEDULER:
                case SENDER:
                case RECEIVER: