Use AEAD wrapper for encryption payload encryption/decryption
authorMartin Willi <martin@revosec.ch>
Tue, 17 Aug 2010 15:36:09 +0000 (17:36 +0200)
committerMartin Willi <martin@revosec.ch>
Thu, 19 Aug 2010 17:02:33 +0000 (19:02 +0200)
src/libcharon/encoding/generator.c
src/libcharon/encoding/generator.h
src/libcharon/encoding/message.c
src/libcharon/encoding/message.h
src/libcharon/encoding/payloads/encryption_payload.c
src/libcharon/encoding/payloads/encryption_payload.h
src/libcharon/network/receiver.c
src/libcharon/sa/connect_manager.c
src/libcharon/sa/ike_sa.c
src/libcharon/sa/keymat.c
src/libcharon/sa/keymat.h

index c114eb2..224f76f 100644 (file)
@@ -463,24 +463,15 @@ static void generate_from_chunk(private_generator_t *this, u_int32_t offset)
        write_bytes_to_buffer(this, value->ptr, value->len);
 }
 
-METHOD(generator_t, write_to_chunk, void,
-       private_generator_t *this, chunk_t *data)
+METHOD(generator_t, get_chunk, chunk_t,
+       private_generator_t *this, u_int32_t **lenpos)
 {
-       u_int32_t len, val;
+       chunk_t data;
 
-       len = get_length(this);
-
-       /* write length into header length field */
-       if (this->header_length_position_offset > 0)
-       {
-               val = htonl(len);
-               write_bytes_to_buffer_at_offset(this, &val, sizeof(u_int32_t),
-                                                                               this->header_length_position_offset);
-       }
-       *data = chunk_alloc(len);
-       memcpy(data->ptr, this->buffer, len);
-
-       DBG3(DBG_ENC, "generated data of this generator %B", data);
+       *lenpos = (u_int32_t*)(this->buffer + this->header_length_position_offset);
+       data = chunk_create(this->buffer, get_length(this));
+       DBG3(DBG_ENC, "generated data of this generator %B", &data);
+       return data;
 }
 
 METHOD(generator_t, generate_payload, void,
@@ -864,7 +855,7 @@ generator_t *generator_create()
 
        INIT(this,
                .public = {
-                       .write_to_chunk = _write_to_chunk,
+                       .get_chunk = _get_chunk,
                        .generate_payload = _generate_payload,
                        .destroy = _destroy,
                },
index 90a43de..fe561fd 100644 (file)
@@ -44,18 +44,20 @@ struct generator_t {
        /**
         * Generates a specific payload from given payload object.
         *
-        * Remember: Header and substructures are also handled as payloads.
-        *
         * @param payload               interface payload_t implementing object
         */
        void (*generate_payload) (generator_t *this,payload_t *payload);
 
        /**
-        * Writes all generated data of the generator to a chunk.
+        * Return a chunk for the currently generated data.
+        *
+        * The returned length pointer must be filled in with the length of
+        * the generated chunk (in network order).
         *
-        * @param data          chunk to write the data to
+        * @param lenpos                receives a pointer to fill in length value
+        * @param return                chunk to internal buffer.
         */
-       void (*write_to_chunk) (generator_t *this,chunk_t *data);
+       chunk_t (*get_chunk) (generator_t *this, u_int32_t **lenpos);
 
        /**
         * Destroys a generator_t object.
index eba1a56..232cfa3 100644 (file)
@@ -1,6 +1,7 @@
 /*
  * Copyright (C) 2006-2007 Tobias Brunner
- * Copyright (C) 2005-2009 Martin Willi
+ * Copyright (C) 2005-2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
  * Copyright (C) 2006 Daniel Roethlisberger
  * Copyright (C) 2005 Jan Hutter
  * Hochschule fuer Technik Rapperswil
  */
 #define MAX_DELETE_PAYLOADS 20
 
-
-typedef struct payload_rule_t payload_rule_t;
-
 /**
  * A payload rule defines the rules for a payload
  * in a specific message rule. It defines if and how
  * many times a payload must/can occur in a message
  * and if it must be encrypted.
  */
-struct payload_rule_t {
-       /**
-        * Payload type.
-        */
-        payload_type_t payload_type;
-
-        /**
-         * Minimal occurence of this payload.
-         */
-        size_t min_occurence;
-
-        /**
-         * Max occurence of this payload.
-         */
-        size_t max_occurence;
-
-        /**
-         * TRUE if payload must be encrypted
-         */
-        bool encrypted;
-
-        /**
-         * If this payload occurs, the message rule is
-         * fullfilled in any case. This applies e.g. to
-         * notify_payloads.
-         */
-        bool sufficient;
-};
-
-typedef struct payload_order_t payload_order_t;
+typedef struct {
+       /* Payload type */
+        payload_type_t type;
+       /* Minimal occurence of this payload. */
+       size_t min_occurence;
+       /* Max occurence of this payload. */
+       size_t max_occurence;
+       /* TRUE if payload must be encrypted */
+       bool encrypted;
+       /* If payload occurs, the message rule is fullfilled */
+       bool sufficient;
+} payload_rule_t;
 
 /**
  * payload ordering structure allows us to reorder payloads according to RFC.
  */
-struct payload_order_t {
-
-       /**
-        * payload type
-        */
+typedef struct {
+       /** payload type */
        payload_type_t type;
-
-       /**
-        * notify type, if payload == NOTIFY
-        */
+       /** notify type, if payload == NOTIFY */
        notify_type_t notify;
-};
-
-
-typedef struct message_rule_t message_rule_t;
+} payload_order_t;
 
 /**
  * A message rule defines the kind of a message,
  * if it has encrypted contents and a list
  * of payload ordering rules and payload parsing rules.
  */
-struct message_rule_t {
-       /**
-        * Type of message.
-        */
+typedef struct {
+       /** Type of message. */
        exchange_type_t exchange_type;
-
-       /**
-        * Is message a request or response.
-        */
+       /** Is message a request or response. */
        bool is_request;
-
-       /**
-        * Message contains encrypted content.
-        */
-       bool encrypted_content;
-
-       /**
-        * Number of payload rules which will follow
-        */
-       int payload_rule_count;
-
-       /**
-        * Pointer to first payload rule
-        */
-       payload_rule_t *payload_rules;
-
-       /**
-        * Number of payload order rules
-        */
-       int payload_order_count;
-
-       /**
-        * payload ordering rules
-        */
-       payload_order_t *payload_order;
-};
+       /** Message contains encrypted payloads. */
+       bool encrypted;
+       /** Number of payload rules which will follow */
+       int rule_count;
+       /** Pointer to first payload rule */
+       payload_rule_t *rules;
+       /** Number of payload order rules */
+       int order_count;
+       /** payload ordering rules */
+       payload_order_t *order;
+} message_rule_t;
 
 /**
  * Message rule for IKE_SA_INIT from initiator.
  */
-static payload_rule_t ike_sa_init_i_payload_rules[] = {
+static payload_rule_t ike_sa_init_i_rules[] = {
 /*     payload type                                    min     max                                             encr    suff */
        {NOTIFY,                                                0,      MAX_NOTIFY_PAYLOADS,    FALSE,  FALSE},
        {SECURITY_ASSOCIATION,                  1,      1,                                              FALSE,  FALSE},
@@ -159,7 +110,7 @@ static payload_rule_t ike_sa_init_i_payload_rules[] = {
 /**
  * payload order for IKE_SA_INIT initiator
  */
-static payload_order_t ike_sa_init_i_payload_order[] = {
+static payload_order_t ike_sa_init_i_order[] = {
 /*     payload type                                    notify type */
        {NOTIFY,                                                COOKIE},
        {SECURITY_ASSOCIATION,                  0},
@@ -174,7 +125,7 @@ static payload_order_t ike_sa_init_i_payload_order[] = {
 /**
  * Message rule for IKE_SA_INIT from responder.
  */
-static payload_rule_t ike_sa_init_r_payload_rules[] = {
+static payload_rule_t ike_sa_init_r_rules[] = {
 /*     payload type                                    min     max                                             encr    suff */
        {NOTIFY,                                                0,      MAX_NOTIFY_PAYLOADS,    FALSE,  TRUE},
        {SECURITY_ASSOCIATION,                  1,      1,                                              FALSE,  FALSE},
@@ -186,7 +137,7 @@ static payload_rule_t ike_sa_init_r_payload_rules[] = {
 /**
  * payload order for IKE_SA_INIT responder
  */
-static payload_order_t ike_sa_init_r_payload_order[] = {
+static payload_order_t ike_sa_init_r_order[] = {
 /*     payload type                                    notify type */
        {SECURITY_ASSOCIATION,                  0},
        {KEY_EXCHANGE,                                  0},
@@ -202,7 +153,7 @@ static payload_order_t ike_sa_init_r_payload_order[] = {
 /**
  * Message rule for IKE_AUTH from initiator.
  */
-static payload_rule_t ike_auth_i_payload_rules[] = {
+static payload_rule_t ike_auth_i_rules[] = {
 /*     payload type                                    min     max                                             encr    suff */
        {NOTIFY,                                                0,      MAX_NOTIFY_PAYLOADS,    TRUE,   FALSE},
        {EXTENSIBLE_AUTHENTICATION,             0,      1,                                              TRUE,   TRUE},
@@ -227,7 +178,7 @@ static payload_rule_t ike_auth_i_payload_rules[] = {
 /**
  * payload order for IKE_AUTH initiator
  */
-static payload_order_t ike_auth_i_payload_order[] = {
+static payload_order_t ike_auth_i_order[] = {
 /*     payload type                                    notify type */
        {ID_INITIATOR,                                  0},
        {CERTIFICATE,                                   0},
@@ -256,7 +207,7 @@ static payload_order_t ike_auth_i_payload_order[] = {
 /**
  * Message rule for IKE_AUTH from responder.
  */
-static payload_rule_t ike_auth_r_payload_rules[] = {
+static payload_rule_t ike_auth_r_rules[] = {
 /*     payload type                                    min     max                                             encr    suff */
        {NOTIFY,                                                0,      MAX_NOTIFY_PAYLOADS,    TRUE,   TRUE},
        {EXTENSIBLE_AUTHENTICATION,             0,      1,                                              TRUE,   TRUE},
@@ -273,7 +224,7 @@ static payload_rule_t ike_auth_r_payload_rules[] = {
 /**
  * payload order for IKE_AUTH responder
  */
-static payload_order_t ike_auth_r_payload_order[] = {
+static payload_order_t ike_auth_r_order[] = {
 /*     payload type                                    notify type */
        {ID_RESPONDER,                                  0},
        {CERTIFICATE,                                   0},
@@ -299,7 +250,7 @@ static payload_order_t ike_auth_r_payload_order[] = {
 /**
  * Message rule for INFORMATIONAL from initiator.
  */
-static payload_rule_t informational_i_payload_rules[] = {
+static payload_rule_t informational_i_rules[] = {
 /*     payload type                                    min     max                                             encr    suff */
        {NOTIFY,                                                0,      MAX_NOTIFY_PAYLOADS,    TRUE,   FALSE},
        {CONFIGURATION,                                 0,      1,                                              TRUE,   FALSE},
@@ -310,7 +261,7 @@ static payload_rule_t informational_i_payload_rules[] = {
 /**
  * payload order for INFORMATIONAL initiator
  */
-static payload_order_t informational_i_payload_order[] = {
+static payload_order_t informational_i_order[] = {
 /*     payload type                                    notify type */
        {NOTIFY,                                                UPDATE_SA_ADDRESSES},
        {NOTIFY,                                                NAT_DETECTION_SOURCE_IP},
@@ -324,7 +275,7 @@ static payload_order_t informational_i_payload_order[] = {
 /**
  * Message rule for INFORMATIONAL from responder.
  */
-static payload_rule_t informational_r_payload_rules[] = {
+static payload_rule_t informational_r_rules[] = {
 /*     payload type                                    min     max                                             encr    suff */
        {NOTIFY,                                                0,      MAX_NOTIFY_PAYLOADS,    TRUE,   FALSE},
        {CONFIGURATION,                                 0,      1,                                              TRUE,   FALSE},
@@ -335,7 +286,7 @@ static payload_rule_t informational_r_payload_rules[] = {
 /**
  * payload order for INFORMATIONAL responder
  */
-static payload_order_t informational_r_payload_order[] = {
+static payload_order_t informational_r_order[] = {
 /*     payload type                                    notify type */
        {NOTIFY,                                                UPDATE_SA_ADDRESSES},
        {NOTIFY,                                                NAT_DETECTION_SOURCE_IP},
@@ -349,7 +300,7 @@ static payload_order_t informational_r_payload_order[] = {
 /**
  * Message rule for CREATE_CHILD_SA from initiator.
  */
-static payload_rule_t create_child_sa_i_payload_rules[] = {
+static payload_rule_t create_child_sa_i_rules[] = {
 /*     payload type                                    min     max                                             encr    suff */
        {NOTIFY,                                                0,      MAX_NOTIFY_PAYLOADS,    TRUE,   FALSE},
        {SECURITY_ASSOCIATION,                  1,      1,                                              TRUE,   FALSE},
@@ -364,7 +315,7 @@ static payload_rule_t create_child_sa_i_payload_rules[] = {
 /**
  * payload order for CREATE_CHILD_SA from initiator.
  */
-static payload_order_t create_child_sa_i_payload_order[] = {
+static payload_order_t create_child_sa_i_order[] = {
 /*     payload type                                    notify type */
        {NOTIFY,                                                REKEY_SA},
        {NOTIFY,                                                IPCOMP_SUPPORTED},
@@ -382,7 +333,7 @@ static payload_order_t create_child_sa_i_payload_order[] = {
 /**
  * Message rule for CREATE_CHILD_SA from responder.
  */
-static payload_rule_t create_child_sa_r_payload_rules[] = {
+static payload_rule_t create_child_sa_r_rules[] = {
 /*     payload type                                    min     max                                             encr    suff */
        {NOTIFY,                                                0,      MAX_NOTIFY_PAYLOADS,    TRUE,   TRUE},
        {SECURITY_ASSOCIATION,                  1,      1,                                              TRUE,   FALSE},
@@ -397,7 +348,7 @@ static payload_rule_t create_child_sa_r_payload_rules[] = {
 /**
  * payload order for CREATE_CHILD_SA from responder.
  */
-static payload_order_t create_child_sa_r_payload_order[] = {
+static payload_order_t create_child_sa_r_order[] = {
 /*     payload type                                    notify type */
        {NOTIFY,                                                IPCOMP_SUPPORTED},
        {NOTIFY,                                                USE_TRANSPORT_MODE},
@@ -416,7 +367,7 @@ static payload_order_t create_child_sa_r_payload_order[] = {
 /**
  * Message rule for ME_CONNECT from initiator.
  */
-static payload_rule_t me_connect_i_payload_rules[] = {
+static payload_rule_t me_connect_i_rules[] = {
 /*     payload type                                    min     max                                             encr    suff */
        {NOTIFY,                                                0,      MAX_NOTIFY_PAYLOADS,    TRUE,   TRUE},
        {ID_PEER,                                               1,      1,                                              TRUE,   FALSE},
@@ -426,7 +377,7 @@ static payload_rule_t me_connect_i_payload_rules[] = {
 /**
  * payload order for ME_CONNECT from initiator.
  */
-static payload_order_t me_connect_i_payload_order[] = {
+static payload_order_t me_connect_i_order[] = {
 /*     payload type                                    notify type */
        {NOTIFY,                                                0},
        {ID_PEER,                                               0},
@@ -436,7 +387,7 @@ static payload_order_t me_connect_i_payload_order[] = {
 /**
  * Message rule for ME_CONNECT from responder.
  */
-static payload_rule_t me_connect_r_payload_rules[] = {
+static payload_rule_t me_connect_r_rules[] = {
 /*     payload type                                    min     max                                             encr    suff */
        {NOTIFY,                                                0,      MAX_NOTIFY_PAYLOADS,    TRUE,   TRUE},
        {VENDOR_ID,                                             0,      10,                                             TRUE,   FALSE}
@@ -445,7 +396,7 @@ static payload_rule_t me_connect_r_payload_rules[] = {
 /**
  * payload order for ME_CONNECT from responder.
  */
-static payload_order_t me_connect_r_payload_order[] = {
+static payload_order_t me_connect_r_order[] = {
 /*     payload type                                    notify type */
        {NOTIFY,                                                0},
        {VENDOR_ID,                                             0},
@@ -457,65 +408,45 @@ static payload_order_t me_connect_r_payload_order[] = {
  */
 static message_rule_t message_rules[] = {
        {IKE_SA_INIT,           TRUE,   FALSE,
-               (sizeof(ike_sa_init_i_payload_rules)/sizeof(payload_rule_t)),
-               ike_sa_init_i_payload_rules,
-               (sizeof(ike_sa_init_i_payload_order)/sizeof(payload_order_t)),
-               ike_sa_init_i_payload_order,
+               countof(ike_sa_init_i_rules), ike_sa_init_i_rules,
+               countof(ike_sa_init_i_order), ike_sa_init_i_order,
        },
        {IKE_SA_INIT,           FALSE,  FALSE,
-               (sizeof(ike_sa_init_r_payload_rules)/sizeof(payload_rule_t)),
-               ike_sa_init_r_payload_rules,
-               (sizeof(ike_sa_init_r_payload_order)/sizeof(payload_order_t)),
-               ike_sa_init_r_payload_order,
+               countof(ike_sa_init_r_rules), ike_sa_init_r_rules,
+               countof(ike_sa_init_r_order), ike_sa_init_r_order,
        },
        {IKE_AUTH,                      TRUE,   TRUE,
-               (sizeof(ike_auth_i_payload_rules)/sizeof(payload_rule_t)),
-               ike_auth_i_payload_rules,
-               (sizeof(ike_auth_i_payload_order)/sizeof(payload_order_t)),
-               ike_auth_i_payload_order,
+               countof(ike_auth_i_rules), ike_auth_i_rules,
+               countof(ike_auth_i_order), ike_auth_i_order,
        },
        {IKE_AUTH,                      FALSE,  TRUE,
-               (sizeof(ike_auth_r_payload_rules)/sizeof(payload_rule_t)),
-               ike_auth_r_payload_rules,
-               (sizeof(ike_auth_r_payload_order)/sizeof(payload_order_t)),
-               ike_auth_r_payload_order,
+               countof(ike_auth_r_rules), ike_auth_r_rules,
+               countof(ike_auth_r_order), ike_auth_r_order,
        },
        {INFORMATIONAL,         TRUE,   TRUE,
-               (sizeof(informational_i_payload_rules)/sizeof(payload_rule_t)),
-               informational_i_payload_rules,
-               (sizeof(informational_i_payload_order)/sizeof(payload_order_t)),
-               informational_i_payload_order,
+               countof(informational_i_rules), informational_i_rules,
+               countof(informational_i_order), informational_i_order,
        },
        {INFORMATIONAL,         FALSE,  TRUE,
-               (sizeof(informational_r_payload_rules)/sizeof(payload_rule_t)),
-               informational_r_payload_rules,
-               (sizeof(informational_r_payload_order)/sizeof(payload_order_t)),
-               informational_r_payload_order,
+               countof(informational_r_rules), informational_r_rules,
+               countof(informational_r_order), informational_r_order,
        },
        {CREATE_CHILD_SA,       TRUE,   TRUE,
-               (sizeof(create_child_sa_i_payload_rules)/sizeof(payload_rule_t)),
-               create_child_sa_i_payload_rules,
-               (sizeof(create_child_sa_i_payload_order)/sizeof(payload_order_t)),
-               create_child_sa_i_payload_order,
+               countof(create_child_sa_i_rules), create_child_sa_i_rules,
+               countof(create_child_sa_i_order), create_child_sa_i_order,
        },
        {CREATE_CHILD_SA,       FALSE,  TRUE,
-               (sizeof(create_child_sa_r_payload_rules)/sizeof(payload_rule_t)),
-               create_child_sa_r_payload_rules,
-               (sizeof(create_child_sa_r_payload_order)/sizeof(payload_order_t)),
-               create_child_sa_r_payload_order,
+               countof(create_child_sa_r_rules), create_child_sa_r_rules,
+               countof(create_child_sa_r_order), create_child_sa_r_order,
        },
 #ifdef ME
        {ME_CONNECT,            TRUE,   TRUE,
-               (sizeof(me_connect_i_payload_rules)/sizeof(payload_rule_t)),
-               me_connect_i_payload_rules,
-               (sizeof(me_connect_i_payload_order)/sizeof(payload_order_t)),
-               me_connect_i_payload_order,
+               countof(me_connect_i_rules), me_connect_i_rules,
+               countof(me_connect_i_order), me_connect_i_order,
        },
        {ME_CONNECT,            FALSE,  TRUE,
-               (sizeof(me_connect_r_payload_rules)/sizeof(payload_rule_t)),
-               me_connect_r_payload_rules,
-               (sizeof(me_connect_r_payload_order)/sizeof(payload_order_t)),
-               me_connect_r_payload_order,
+               countof(me_connect_r_rules), me_connect_r_rules,
+               countof(me_connect_r_order), me_connect_r_order,
        },
 #endif /* ME */
 };
@@ -586,49 +517,43 @@ struct private_message_t {
        /**
         * The message rule for this message instance
         */
-       message_rule_t *message_rule;
+       message_rule_t *rule;
 };
 
 /**
- * Set the message rule that applies to this message
+ * Get the message rule that applies to this message
  */
-static status_t set_message_rule(private_message_t *this)
+static message_rule_t* get_message_rule(private_message_t *this)
 {
        int i;
 
-       for (i = 0; i < (sizeof(message_rules) / sizeof(message_rule_t)); i++)
+       for (i = 0; i < countof(message_rules); i++)
        {
                if ((this->exchange_type == message_rules[i].exchange_type) &&
                        (this->is_request == message_rules[i].is_request))
                {
-                       /* found rule for given exchange_type*/
-                       this->message_rule = &(message_rules[i]);
-                       return SUCCESS;
+                       return &message_rules[i];
                }
        }
-       this->message_rule = NULL;
-       return NOT_FOUND;
+       return NULL;
 }
 
 /**
  * Look up a payload rule
  */
-static status_t get_payload_rule(private_message_t *this,
-                                       payload_type_t payload_type, payload_rule_t **payload_rule)
+static payload_rule_t* get_payload_rule(private_message_t *this,
+                                                                               payload_type_t type)
 {
        int i;
 
-       for (i = 0; i < this->message_rule->payload_rule_count;i++)
+       for (i = 0; i < this->rule->rule_count;i++)
        {
-               if (this->message_rule->payload_rules[i].payload_type == payload_type)
+               if (this->rule->rules[i].type == type)
                {
-                       *payload_rule = &(this->message_rule->payload_rules[i]);
-                       return SUCCESS;
+                       return &this->rule->rules[i];
                }
        }
-
-       *payload_rule = NULL;
-       return NOT_FOUND;
+       return NULL;
 }
 
 METHOD(message_t, set_ike_sa_id, void,
@@ -984,11 +909,13 @@ static void order_payloads(private_message_t *this)
                list->insert_first(list, payload);
        }
        /* for each rule, ... */
-       for (i = 0; i < this->message_rule->payload_order_count; i++)
+       for (i = 0; i < this->rule->order_count; i++)
        {
                enumerator_t *enumerator;
                notify_payload_t *notify;
-               payload_order_t order = this->message_rule->payload_order[i];
+               payload_order_t order;
+
+               order = this->rule->order[i];
 
                /* ... find all payload ... */
                enumerator = list->create_enumerator(list);
@@ -1018,8 +945,8 @@ static void order_payloads(private_message_t *this)
                {
                        DBG1(DBG_ENC, "payload %N has no ordering rule in %N %s",
                                 payload_type_names, payload->get_type(payload),
-                                exchange_type_names, this->message_rule->exchange_type,
-                                this->message_rule->is_request ? "request" : "response");
+                                exchange_type_names, this->rule->exchange_type,
+                                this->rule->is_request ? "request" : "response");
                }
                add_payload(this, payload);
        }
@@ -1027,96 +954,73 @@ static void order_payloads(private_message_t *this)
 }
 
 /**
- * Encrypt payload to an encryption payload
+ * Wrap payloads in a encryption payload, if required
  */
-static status_t encrypt_payloads(private_message_t *this,
-                                                                crypter_t *crypter, signer_t* signer)
+static encryption_payload_t* wrap_payloads(private_message_t *this)
 {
        encryption_payload_t *encryption;
        linked_list_t *payloads;
        payload_t *current;
-       status_t status;
-
-       if (!this->message_rule->encrypted_content)
-       {
-               DBG2(DBG_ENC, "message doesn't have to be encrypted");
-               /* message contains no content to encrypt */
-               return SUCCESS;
-       }
 
-       if (!crypter || !signer)
+       if (!this->rule->encrypted)
        {
-               DBG2(DBG_ENC, "no crypter or signer specified, do not encrypt message");
-               /* message contains no content to encrypt */
-               return SUCCESS;
+               DBG2(DBG_ENC, "not encrypting payloads");
+               return NULL;
        }
 
-       DBG2(DBG_ENC, "copy all payloads to a temporary list");
+       /* copy all payloads in a temporary list */
        payloads = linked_list_create();
-
-       /* first copy all payloads in a temporary list */
-       while (this->payloads->get_count(this->payloads) > 0)
+       while (this->payloads->remove_first(this->payloads,
+                                                                               (void**)&current) == SUCCESS)
        {
-               this->payloads->remove_first(this->payloads, (void**)&current);
                payloads->insert_last(payloads, current);
        }
 
        encryption = encryption_payload_create();
-
-       DBG2(DBG_ENC, "check each payloads if they have to get encrypted");
-       while (payloads->get_count(payloads) > 0)
+       while (payloads->remove_first(payloads, (void**)&current) == SUCCESS)
        {
                payload_rule_t *rule;
                payload_type_t type;
-               bool to_encrypt = TRUE;
-
-               payloads->remove_first(payloads, (void**)&current);
+               bool encrypt = TRUE;
 
                type = current->get_type(current);
-               if (get_payload_rule(this, type, &rule) == SUCCESS)
+               rule = get_payload_rule(this, type);
+               if (rule)
                {
-                       to_encrypt = rule->encrypted;
+                       encrypt = rule->encrypted;
                }
-               if (to_encrypt)
+               if (encrypt)
                {
                        DBG2(DBG_ENC, "insert payload %N to encryption payload",
-                                payload_type_names, current->get_type(current));
+                                payload_type_names, type);
                        encryption->add_payload(encryption, current);
                }
                else
                {
                        DBG2(DBG_ENC, "insert payload %N unencrypted",
-                                payload_type_names, current->get_type(current));
-                       add_payload(this, (payload_t*)current);
+                                payload_type_names, type);
+                       add_payload(this, current);
                }
        }
-
-       DBG2(DBG_ENC, "encrypting encryption payload");
-       encryption->set_transforms(encryption, crypter, signer);
-       status = encryption->encrypt(encryption);
-       DBG2(DBG_ENC, "add encrypted payload to payload list");
-       add_payload(this, (payload_t*)encryption);
-
        payloads->destroy(payloads);
 
-       return status;
+       return encryption;
 }
 
 METHOD(message_t, generate, status_t,
-       private_message_t *this, crypter_t *crypter, signer_t* signer,
-       packet_t **packet)
+       private_message_t *this, aead_t *aead, packet_t **packet)
 {
        generator_t *generator;
        ike_header_t *ike_header;
-       payload_t *payload, *next_payload;
+       payload_t *payload, *next;
+       encryption_payload_t *encryption;
        enumerator_t *enumerator;
-       status_t status;
-       chunk_t packet_data;
+       chunk_t chunk;
        char str[256];
+       u_int32_t *lenpos;
 
        if (is_encoded(this))
-       {
-               /* already generated, return a new packet clone */
+       {       /* already generated, return a new packet clone */
                *packet = this->packet->clone(this->packet);
                return SUCCESS;
        }
@@ -1130,14 +1034,12 @@ METHOD(message_t, generate, status_t,
        if (this->packet->get_source(this->packet) == NULL ||
                this->packet->get_destination(this->packet) == NULL)
        {
-               DBG1(DBG_ENC, "%s not defined",
-                        !this->packet->get_source(this->packet) ? "source" : "destination");
+               DBG1(DBG_ENC, "source/destination not defined");
                return INVALID_STATE;
        }
 
-       /* set the rules for this messge */
-       status = set_message_rule(this);
-       if (status != SUCCESS)
+       this->rule = get_message_rule(this);
+       if (!this->rule)
        {
                DBG1(DBG_ENC, "no message rules specified for this message type");
                return NOT_SUPPORTED;
@@ -1147,17 +1049,9 @@ METHOD(message_t, generate, status_t,
 
        DBG1(DBG_ENC, "generating %s", get_string(this, str, sizeof(str)));
 
-       /* going to encrypt all content which have to be encrypted */
-       status = encrypt_payloads(this, crypter, signer);
-       if (status != SUCCESS)
-       {
-               DBG1(DBG_ENC, "payload encryption failed");
-               return status;
-       }
+       encryption = wrap_payloads(this);
 
-       /* build ike header */
        ike_header = ike_header_create();
-
        ike_header->set_exchange_type(ike_header, this->exchange_type);
        ike_header->set_message_id(ike_header, this->message_id);
        ike_header->set_response_flag(ike_header, !this->is_request);
@@ -1170,47 +1064,44 @@ METHOD(message_t, generate, status_t,
 
        generator = generator_create();
 
+       /* generate all payloads with proper next type */
        payload = (payload_t*)ike_header;
-
-       /* generate every payload expect last one, this is done later*/
        enumerator = create_payload_enumerator(this);
-       while (enumerator->enumerate(enumerator, &next_payload))
+       while (enumerator->enumerate(enumerator, &next))
        {
-               payload->set_next_type(payload, next_payload->get_type(next_payload));
+               payload->set_next_type(payload, next->get_type(next));
                generator->generate_payload(generator, payload);
-               payload = next_payload;
+               payload = next;
        }
        enumerator->destroy(enumerator);
-
-       /* last payload has no next payload*/
-       payload->set_next_type(payload, NO_PAYLOAD);
-
+       payload->set_next_type(payload, encryption ? ENCRYPTED : NO_PAYLOAD);
        generator->generate_payload(generator, payload);
-
        ike_header->destroy(ike_header);
 
-       /* build packet */
-       generator->write_to_chunk(generator, &packet_data);
-       generator->destroy(generator);
-
-       /* if last payload is of type encrypted, integrity checksum if necessary */
-       if (payload->get_type(payload) == ENCRYPTED)
+       if (encryption)
        {
-               DBG2(DBG_ENC, "build signature on whole message");
-               encryption_payload_t *encryption_payload = (encryption_payload_t*)payload;
-               status = encryption_payload->build_signature(encryption_payload, packet_data);
-               if (status != SUCCESS)
+               u_int32_t *lenpos;
+
+               /* build associated data (without header of encryption payload) */
+               chunk = generator->get_chunk(generator, &lenpos);
+               encryption->set_transform(encryption, aead);
+               /* fill in length, including encryption payload */
+               htoun32(lenpos, chunk.len + encryption->get_length(encryption));
+
+               this->payloads->insert_last(this->payloads, encryption);
+               if (!encryption->encrypt(encryption, chunk))
                {
-                       return status;
+                       generator->destroy(generator);
+                       return INVALID_STATE;
                }
+               generator->generate_payload(generator, &encryption->payload_interface);
        }
+       chunk = generator->get_chunk(generator, &lenpos);
+       htoun32(lenpos, chunk.len);
+       this->packet->set_data(this->packet, chunk_clone(chunk));
+       generator->destroy(generator);
 
-       this->packet->set_data(this->packet, packet_data);
-
-       /* clone packet for caller */
        *packet = this->packet->clone(this->packet);
-
-       DBG2(DBG_ENC, "message generated successfully");
        return SUCCESS;
 }
 
@@ -1252,7 +1143,6 @@ METHOD(message_t, parse_header, status_t,
 
        }
 
-       /* verify payload */
        status = ike_header->payload_interface.verify(
                                                                                &ike_header->payload_interface);
        if (status != SUCCESS)
@@ -1262,18 +1152,14 @@ METHOD(message_t, parse_header, status_t,
                return status;
        }
 
-       if (this->ike_sa_id != NULL)
-       {
-               this->ike_sa_id->destroy(this->ike_sa_id);
-       }
-
+       DESTROY_IF(this->ike_sa_id);
        this->ike_sa_id = ike_sa_id_create(ike_header->get_initiator_spi(ike_header),
                                                                        ike_header->get_responder_spi(ike_header),
                                                                        ike_header->get_initiator_flag(ike_header));
 
        this->exchange_type = ike_header->get_exchange_type(ike_header);
        this->message_id = ike_header->get_message_id(ike_header);
-       this->is_request = (!(ike_header->get_response_flag(ike_header)));
+       this->is_request = !ike_header->get_response_flag(ike_header);
        this->major_version = ike_header->get_maj_version(ike_header);
        this->minor_version = ike_header->get_min_version(ike_header);
        this->first_payload = ike_header->payload_interface.get_next_type(
@@ -1284,174 +1170,102 @@ METHOD(message_t, parse_header, status_t,
 
        ike_header->destroy(ike_header);
 
-       /* get the rules for this messge */
-       status = set_message_rule(this);
-       if (status != SUCCESS)
+       this->rule = get_message_rule(this);
+       if (!this->rule)
        {
                DBG1(DBG_ENC, "no message rules specified for a %N %s",
                         exchange_type_names, this->exchange_type,
                         this->is_request ? "request" : "response");
        }
-
        return status;
 }
 
 /**
  * Decrypt payload from the encryption payload
  */
-static status_t decrypt_payloads(private_message_t *this,
-                                                                crypter_t *crypter, signer_t* signer)
+static status_t decrypt_payloads(private_message_t *this, aead_t *aead)
 {
-       bool current_payload_was_encrypted = FALSE;
-       payload_t *previous_payload = NULL;
-       int payload_number = 1;
-       iterator_t *iterator;
-       payload_t *current_payload;
-       status_t status;
-
-       iterator = this->payloads->create_iterator(this->payloads,TRUE);
+       bool was_encrypted = FALSE;
+       payload_t *payload, *previous = NULL;
+       enumerator_t *enumerator;
+       payload_rule_t *rule;
+       payload_type_t type;
+       status_t status = SUCCESS;
 
-       /* process each payload and decrypt a encryption payload */
-       while(iterator->iterate(iterator, (void**)&current_payload))
+       enumerator = this->payloads->create_enumerator(this->payloads);
+       while (enumerator->enumerate(enumerator, &payload))
        {
-               payload_rule_t *payload_rule;
-               payload_type_t current_payload_type;
+               type = payload->get_type(payload);
 
-               /* needed to check */
-               current_payload_type = current_payload->get_type(current_payload);
+               DBG2(DBG_ENC, "process payload of type %N", payload_type_names, type);
 
-               DBG2(DBG_ENC, "process payload of type %N",
-                        payload_type_names, current_payload_type);
-
-               if (current_payload_type == ENCRYPTED)
+               if (type == ENCRYPTED)
                {
-                       encryption_payload_t *encryption_payload;
-                       payload_t *current_encrypted_payload;
+                       encryption_payload_t *encryption;
+                       payload_t *encrypted;
+                       chunk_t chunk;
 
-                       encryption_payload = (encryption_payload_t*)current_payload;
+                       encryption = (encryption_payload_t*)payload;
 
                        DBG2(DBG_ENC, "found an encryption payload");
 
-                       if (payload_number != this->payloads->get_count(this->payloads))
+                       if (enumerator->enumerate(enumerator, &payload))
                        {
-                               /* encrypted payload is not last one */
                                DBG1(DBG_ENC, "encrypted payload is not last payload");
-                               iterator->destroy(iterator);
-                               return VERIFY_ERROR;
-                       }
-                       /* decrypt */
-                       encryption_payload->set_transforms(encryption_payload,
-                                                                                          crypter, signer);
-                       DBG2(DBG_ENC, "verify signature of encryption payload");
-                       status = encryption_payload->verify_signature(encryption_payload,
-                                                                               this->packet->get_data(this->packet));
-                       if (status != SUCCESS)
-                       {
-                               DBG1(DBG_ENC, "encryption payload signature invalid");
-                               iterator->destroy(iterator);
-                               return FAILED;
-                       }
-                       DBG2(DBG_ENC, "decrypting content of encryption payload");
-                       status = encryption_payload->decrypt(encryption_payload);
-                       if (status != SUCCESS)
-                       {
-                               DBG1(DBG_ENC, "encrypted payload could not be decrypted and parsed");
-                               iterator->destroy(iterator);
-                               return PARSE_ERROR;
+                               status = VERIFY_ERROR;
+                               break;
                        }
-
-                       /* needed later to find out if a payload was encrypted */
-                       current_payload_was_encrypted = TRUE;
-
-                       /* check if there are payloads contained in the encryption payload */
-                       if (encryption_payload->get_payload_count(encryption_payload) == 0)
+                       encryption->set_transform(encryption, aead);
+                       chunk = this->packet->get_data(this->packet);
+                       if (chunk.len < encryption->get_length(encryption))
                        {
-                               DBG2(DBG_ENC, "encrypted payload is empty");
-                               /* remove the encryption payload, is not needed anymore */
-                               iterator->remove(iterator);
-                               /* encrypted payload contains no other payload */
-                               current_payload_type = NO_PAYLOAD;
+                               DBG1(DBG_ENC, "invalid payload length");
+                               status = VERIFY_ERROR;
+                               break;
                        }
-                       else
+                       chunk.len -= encryption->get_length(encryption);
+                       if (!encryption->decrypt(encryption, chunk))
                        {
-                               /* encryption_payload is replaced with first payload contained
-                                * in encryption_payload */
-                               encryption_payload->remove_first_payload(encryption_payload,
-                                                                                                       &current_encrypted_payload);
-                               iterator->replace(iterator, NULL,
-                                                                 (void *)current_encrypted_payload);
-                               current_payload_type = current_encrypted_payload->get_type(
-                                                                                                       current_encrypted_payload);
+                               status = VERIFY_ERROR;
+                               break;
                        }
 
-                       /* is the current paylad the first in the message? */
-                       if (previous_payload == NULL)
-                       {
-                               /* yes, set the first payload type of the message to the
-                                * current type */
-                               this->first_payload = current_payload_type;
-                       }
-                       else
-                       {
-                               /* no, set the next_type of the previous payload to the
-                                * current type */
-                               previous_payload->set_next_type(previous_payload,
-                                                                                               current_payload_type);
-                       }
+                       was_encrypted = TRUE;
+                       this->payloads->remove_at(this->payloads, enumerator);
 
-                       /* all encrypted payloads are added to the payload list */
-                       while (encryption_payload->get_payload_count(encryption_payload) > 0)
+                       while ((encrypted = encryption->remove_payload(encryption)))
                        {
-                               encryption_payload->remove_first_payload(encryption_payload,
-                                                                                                       &current_encrypted_payload);
-                               DBG2(DBG_ENC, "insert unencrypted payload of type "
-                                        "%N at end of list", payload_type_names,
-                                        current_encrypted_payload->get_type(
-                                                                                       current_encrypted_payload));
-                               this->payloads->insert_last(this->payloads,
-                                                                                       current_encrypted_payload);
+                               type = encrypted->get_type(encrypted);
+                               if (previous)
+                               {
+                                       previous->set_next_type(previous, type);
+                               }
+                               else
+                               {
+                                       this->first_payload = type;
+                               }
+                               DBG2(DBG_ENC, "insert decrypted payload of type "
+                                        "%N at end of list", payload_type_names, type);
+                               this->payloads->insert_last(this->payloads, encrypted);
+                               previous = encrypted;
                        }
-
-                       /* encryption payload is processed, payloads are moved. Destroy it. */
-                       encryption_payload->destroy(encryption_payload);
+                       encryption->destroy(encryption);
                }
-
-               /* we allow unknown payloads of any type and don't bother if it was
-                * encrypted. Not our problem. */
-               if (current_payload_type != UNKNOWN_PAYLOAD &&
-                       current_payload_type != NO_PAYLOAD)
+               if (type != UNKNOWN_PAYLOAD && !was_encrypted)
                {
-                       /* get the ruleset for found payload */
-                       status = get_payload_rule(this, current_payload_type, &payload_rule);
-                       if (status != SUCCESS)
+                       rule = get_payload_rule(this, type);
+                       if (!rule || rule->encrypted)
                        {
-                               /* payload is not allowed */
-                               DBG1(DBG_ENC, "payload type %N not allowed",
-                                                                 payload_type_names, current_payload_type);
-                               iterator->destroy(iterator);
-                               return VERIFY_ERROR;
-                       }
-
-                       /* check if the payload was encrypted, and if it should been have
-                        * encrypted */
-                       if (payload_rule->encrypted != current_payload_was_encrypted)
-                       {
-                               /* payload was not encrypted, but should have been.
-                                * or vice-versa */
-                               DBG1(DBG_ENC, "payload type %N should be %s!",
-                                        payload_type_names, current_payload_type,
-                                        (payload_rule->encrypted) ? "encrypted" : "not encrypted");
-                               iterator->destroy(iterator);
-                               return VERIFY_ERROR;
+                               DBG1(DBG_ENC, "payload type %N was not encrypted",
+                                        payload_type_names, type);
+                               status = VERIFY_ERROR;
+                               break;
                        }
                }
-               /* advance to the next payload */
-               payload_number++;
-               /* is stored to set next payload in case of found encryption payload */
-               previous_payload = current_payload;
+               previous = payload;
        }
-       iterator->destroy(iterator);
-       return SUCCESS;
+       enumerator->destroy(enumerator);
+       return status;
 }
 
 /**
@@ -1460,56 +1274,47 @@ static status_t decrypt_payloads(private_message_t *this,
 static status_t verify(private_message_t *this)
 {
        int i;
-       enumerator_t *enumerator;
-       payload_t *current_payload;
-       size_t total_found_payloads = 0;
 
        DBG2(DBG_ENC, "verifying message structure");
 
        /* check for payloads with wrong count*/
-       for (i = 0; i < this->message_rule->payload_rule_count; i++)
+       for (i = 0; i < this->rule->rule_count; i++)
        {
-               size_t found_payloads = 0;
+               enumerator_t *enumerator;
+               payload_t *payload;
                payload_rule_t *rule;
+               int found = 0;
 
-               rule = &this->message_rule->payload_rules[i];
+               rule = &this->rule->rules[i];
                enumerator = create_payload_enumerator(this);
-
-               /* check all payloads for specific rule */
-               while (enumerator->enumerate(enumerator, &current_payload))
+               while (enumerator->enumerate(enumerator, &payload))
                {
-                       payload_type_t current_payload_type;
-                       unknown_payload_t *unknown_payload;
+                       payload_type_t type;
+                       unknown_payload_t *unknown;
 
-                       current_payload_type = current_payload->get_type(current_payload);
-                       if (current_payload_type == UNKNOWN_PAYLOAD)
+                       type = payload->get_type(payload);
+                       if (type == UNKNOWN_PAYLOAD)
                        {
-                               /* unknown payloads are ignored, IF they are not critical */
-                               unknown_payload = (unknown_payload_t*)current_payload;
-                               if (unknown_payload->is_critical(unknown_payload))
+                               /* unknown payloads are ignored if they are not critical */
+                               unknown = (unknown_payload_t*)payload;
+                               if (unknown->is_critical(unknown))
                                {
                                        DBG1(DBG_ENC, "%N is not supported, but its critical!",
-                                                payload_type_names, current_payload_type);
+                                                payload_type_names, type);
                                        enumerator->destroy(enumerator);
                                        return NOT_SUPPORTED;
                                }
                        }
-                       else if (current_payload_type == rule->payload_type)
+                       else if (type == rule->type)
                        {
-                               found_payloads++;
-                               total_found_payloads++;
-                               DBG2(DBG_ENC, "found payload of type %N", payload_type_names,
-                                        rule->payload_type);
-
-                               /* as soon as ohe payload occures more then specified,
-                                * the verification fails */
-                               if (found_payloads >
-                                       rule->max_occurence)
+                               found++;
+                               DBG2(DBG_ENC, "found payload of type %N",
+                                        payload_type_names, type);
+                               if (found > rule->max_occurence)
                                {
                                        DBG1(DBG_ENC, "payload of type %N more than %d times (%d) "
                                                 "occured in current message", payload_type_names,
-                                                current_payload_type, rule->max_occurence,
-                                                found_payloads);
+                                                type, rule->max_occurence, found);
                                        enumerator->destroy(enumerator);
                                        return VERIFY_ERROR;
                                }
@@ -1517,11 +1322,10 @@ static status_t verify(private_message_t *this)
                }
                enumerator->destroy(enumerator);
 
-               if (found_payloads < rule->min_occurence)
+               if (found < rule->min_occurence)
                {
                        DBG1(DBG_ENC, "payload of type %N not occured %d times (%d)",
-                                payload_type_names, rule->payload_type, rule->min_occurence,
-                                found_payloads);
+                                payload_type_names, rule->type, rule->min_occurence, found);
                        return VERIFY_ERROR;
                }
                if (rule->sufficient)
@@ -1533,68 +1337,59 @@ static status_t verify(private_message_t *this)
 }
 
 METHOD(message_t, parse_body, status_t,
-       private_message_t *this, crypter_t *crypter, signer_t *signer)
+       private_message_t *this, aead_t *aead)
 {
        status_t status = SUCCESS;
-       payload_type_t current_payload_type;
+       payload_t *payload;
+       payload_type_t type;
        char str[256];
 
-       current_payload_type = this->first_payload;
+       type = this->first_payload;
 
        DBG2(DBG_ENC, "parsing body of message, first payload is %N",
-                payload_type_names, current_payload_type);
+                payload_type_names, type);
 
-       /* parse payload for payload, while there are more available */
-       while ((current_payload_type != NO_PAYLOAD))
+       while (type != NO_PAYLOAD)
        {
-               payload_t *current_payload;
-
                DBG2(DBG_ENC, "starting parsing a %N payload",
-                        payload_type_names, current_payload_type);
+                        payload_type_names, type);
 
-               /* parse current payload */
-               status = this->parser->parse_payload(this->parser, current_payload_type,
-                                                                                        (payload_t**)&current_payload);
+               status = this->parser->parse_payload(this->parser, type, &payload);
                if (status != SUCCESS)
                {
                        DBG1(DBG_ENC, "payload type %N could not be parsed",
-                                payload_type_names, current_payload_type);
+                                payload_type_names, type);
                        return PARSE_ERROR;
                }
 
-               DBG2(DBG_ENC, "verifying payload of type %N",
-                        payload_type_names, current_payload_type);
-
-               /* verify it, stop parsig if its invalid */
-               status = current_payload->verify(current_payload);
+               DBG2(DBG_ENC, "verifying payload of type %N", payload_type_names, type);
+               status = payload->verify(payload);
                if (status != SUCCESS)
                {
                        DBG1(DBG_ENC, "%N payload verification failed",
-                                payload_type_names, current_payload_type);
-                       current_payload->destroy(current_payload);
+                                payload_type_names, type);
+                       payload->destroy(payload);
                        return VERIFY_ERROR;
                }
 
                DBG2(DBG_ENC, "%N payload verified. Adding to payload list",
-                        payload_type_names, current_payload_type);
-               this->payloads->insert_last(this->payloads,current_payload);
+                        payload_type_names, type);
+               this->payloads->insert_last(this->payloads, payload);
 
                /* an encryption payload is the last one, so STOP here. decryption is
                 * done later */
-               if (current_payload_type == ENCRYPTED)
+               if (type == ENCRYPTED)
                {
                        DBG2(DBG_ENC, "%N payload found. Stop parsing",
-                                payload_type_names, current_payload_type);
+                                payload_type_names, type);
                        break;
                }
-
-               /* get next payload type */
-               current_payload_type = current_payload->get_next_type(current_payload);
+               type = payload->get_next_type(payload);
        }
 
-       if (current_payload_type == ENCRYPTED)
+       if (type == ENCRYPTED)
        {
-               status = decrypt_payloads(this,crypter,signer);
+               status = decrypt_payloads(this, aead);
                if (status != SUCCESS)
                {
                        DBG1(DBG_ENC, "could not decrypt payloads");
index 2c7718f..8c1cbcd 100644 (file)
@@ -32,8 +32,7 @@ typedef struct message_t message_t;
 #include <encoding/payloads/ike_header.h>
 #include <encoding/payloads/notify_payload.h>
 #include <utils/linked_list.h>
-#include <crypto/crypters/crypter.h>
-#include <crypto/signers/signer.h>
+#include <crypto/aead.h>
 
 /**
  * This class is used to represent an IKEv2-Message.
@@ -201,14 +200,10 @@ struct message_t {
         * The body gets not only parsed, but rather it gets verified.
         * All payloads are verified if they are allowed to exist in the message
         * of this type and if their own structure is ok.
-        * If there are encrypted payloads, they get decrypted via the supplied
-        * crypter. Also the message integrity gets verified with the supplied
-        * signer.
-        * Crypter/signer can be omitted (by passing NULL) when no encryption
-        * payload is expected.
-        *
-        * @param crypter       crypter to decrypt encryption payloads
-        * @param signer        signer to verifiy a message with an encryption payload
+        * If there are encrypted payloads, they get decrypted and verified using
+        * the given aead transform (if given).
+        *
+        * @param aead          aead transform to verify/decrypt message
         * @return
         *                                      - SUCCESS if parsing successful
         *                                      - NOT_SUPPORTED if ciritcal unknown payloads found
@@ -216,32 +211,28 @@ struct message_t {
         *                                      - PARSE_ERROR if message parsing failed
         *                                      - VERIFY_ERROR if message verification failed (bad syntax)
         *                                      - FAILED if integrity check failed
-        *                                      - INVALID_STATE if crypter/signer not supplied, but needed
+        *                                      - INVALID_STATE if aead not supplied, but needed
         */
-       status_t (*parse_body) (message_t *this, crypter_t *crypter, signer_t *signer);
+       status_t (*parse_body) (message_t *this, aead_t *aead);
 
        /**
         * Generates the UDP packet of specific message.
         *
         * Payloads which must be encrypted are generated first and added to
-        * an encryption payload. This encryption payload will get encrypted via
-        * the supplied crypter. Then all other payloads and the header get generated.
-        * After that, the checksum is added to the encryption payload over the full
-        * message.
-        * Crypter/signer can be omitted (by passing NULL) when no encryption
-        * payload is expected.
-        * Generation is only done once, multiple calls will just return a packet copy.
-        *
-        * @param crypter       crypter to use when a payload must be encrypted
-        * @param signer        signer to build a mac
+        * an encryption payload. This encryption payload will get encrypted and
+        * signed via the supplied aead transform (if given).
+        * Generation is only done once, multiple calls will just return a copy
+        * of the packet.
+        *
+        * @param aead          aead transform to encrypt/sign message
         * @param packet        copy of generated packet
         * @return
         *                                      - SUCCESS if packet could be generated
         *                                      - INVALID_STATE if exchange type is currently not set
         *                                      - NOT_FOUND if no rules found for message generation
-        *                                      - INVALID_STATE if crypter/signer not supplied but needed.
+        *                                      - INVALID_STATE if aead not supplied but needed.
         */
-       status_t (*generate) (message_t *this, crypter_t *crypter, signer_t *signer, packet_t **packet);
+       status_t (*generate) (message_t *this, aead_t *aead, packet_t **packet);
 
        /**
         * Gets the source host informations.
@@ -331,13 +322,8 @@ struct message_t {
 /**
  * Creates an message_t object from a incoming UDP Packet.
  *
- * @warning the given packet_t object is not copied and gets
- *                     destroyed in message_t's destroy call.
- *
- * - exchange_type is set to NOT_SET
- * - original_initiator is set to TRUE
- * - is_request is set to TRUE
- * Call message_t.parse_header afterwards.
+ * The given packet gets owned by the message. The message is uninitialized,
+ * call parse_header() to populate header fields.
  *
  * @param packet               packet_t object which is assigned to message
  * @return                             message_t object
index 157f32b..05e1d0e 100644 (file)
@@ -1,5 +1,6 @@
 /*
- * Copyright (C) 2005-2006 Martin Willi
+ * Copyright (C) 2005-2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
  * Copyright (C) 2005 Jan Hutter
  * Hochschule fuer Technik Rapperswil
  *
@@ -24,9 +25,6 @@
 #include <utils/linked_list.h>
 #include <encoding/generator.h>
 #include <encoding/parser.h>
-#include <utils/iterator.h>
-#include <crypto/signers/signer.h>
-
 
 typedef struct private_encryption_payload_t private_encryption_payload_t;
 
@@ -50,9 +48,9 @@ struct private_encryption_payload_t {
        u_int8_t next_payload;
 
        /**
-        * Critical flag.
+        * Flags, including reserved bits
         */
-       bool critical;
+       u_int8_t flags;
 
        /**
         * Length of this payload
@@ -60,28 +58,17 @@ struct private_encryption_payload_t {
        u_int16_t payload_length;
 
        /**
-        * Chunk containing the iv, data, padding,
-        * and (an eventually not calculated) signature.
+        * Chunk containing the IV, plain, padding and ICV.
         */
        chunk_t encrypted;
 
        /**
-        * Chunk containing the data in decrypted (unpadded) form.
-        */
-       chunk_t decrypted;
-
-       /**
-        * Signer set by set_signer.
-        */
-       signer_t *signer;
-
-       /**
-        * Crypter, supplied by encrypt/decrypt
+        * AEAD transform to use
         */
-       crypter_t *crypter;
+       aead_t *aead;
 
        /**
-        * Contained payloads of this encrpytion_payload.
+        * Contained payloads
         */
        linked_list_t *payloads;
 };
@@ -95,16 +82,8 @@ struct private_encryption_payload_t {
 encoding_rule_t encryption_payload_encodings[] = {
        /* 1 Byte next payload type, stored in the field next_payload */
        { U_INT_8,                      offsetof(private_encryption_payload_t, next_payload)    },
-       /* the critical bit */
-       { FLAG,                         offsetof(private_encryption_payload_t, critical)                },
-       /* 7 Bit reserved bits, nowhere stored */
-       { RESERVED_BIT,         0                                                                                                               },
-       { RESERVED_BIT,         0                                                                                                               },
-       { RESERVED_BIT,         0                                                                                                               },
-       { RESERVED_BIT,         0                                                                                                               },
-       { RESERVED_BIT,         0                                                                                                               },
-       { RESERVED_BIT,         0                                                                                                               },
-       { RESERVED_BIT,         0                                                                                                               },
+       /* Critical and 7 reserved bits, all stored for reconstruction */
+       { U_INT_8,                      offsetof(private_encryption_payload_t, flags)                   },
        /* Length of the whole encryption payload*/
        { PAYLOAD_LENGTH,       offsetof(private_encryption_payload_t, payload_length)  },
        /* encrypted data, stored in a chunk. contains iv, data, padding */
@@ -169,44 +148,43 @@ static void compute_length(private_encryption_payload_t *this)
 {
        enumerator_t *enumerator;
        payload_t *payload;
-       size_t block_size, length = 0;
+       size_t bs, length = 0;
 
-       enumerator = this->payloads->create_enumerator(this->payloads);
-       while (enumerator->enumerate(enumerator, &payload))
+       if (this->encrypted.len)
        {
-               length += payload->get_length(payload);
+               length = this->encrypted.len;
        }
-       enumerator->destroy(enumerator);
-
-       if (this->crypter && this->signer)
+       else
        {
-               /* append one byte for padding length */
-               length++;
-               /* append padding */
-               block_size = this->crypter->get_block_size(this->crypter);
-               length += block_size - length % block_size;
-               /* add iv */
-               length += this->crypter->get_iv_size(this->crypter);
-               /* add signature */
-               length += this->signer->get_block_size(this->signer);
+               enumerator = this->payloads->create_enumerator(this->payloads);
+               while (enumerator->enumerate(enumerator, &payload))
+               {
+                       length += payload->get_length(payload);
+               }
+               enumerator->destroy(enumerator);
+
+               if (this->aead)
+               {
+                       /* append padding */
+                       bs = this->aead->get_block_size(this->aead);
+                       length += bs - (length % bs);
+                       /* add iv */
+                       length += this->aead->get_iv_size(this->aead);
+                       /* add icv */
+                       length += this->aead->get_icv_size(this->aead);
+               }
        }
        length += ENCRYPTION_PAYLOAD_HEADER_LENGTH;
        this->payload_length = length;
 }
 
-METHOD(payload_t, get_length, size_t,
+METHOD2(payload_t, encryption_payload_t, get_length, size_t,
        private_encryption_payload_t *this)
 {
        compute_length(this);
        return this->payload_length;
 }
 
-METHOD(encryption_payload_t, create_payload_iterator, iterator_t*,
-       private_encryption_payload_t *this, bool forward)
-{
-       return this->payloads->create_iterator(this->payloads, forward);
-}
-
 METHOD(encryption_payload_t, add_payload, void,
        private_encryption_payload_t *this, payload_t *payload)
 {
@@ -226,295 +204,244 @@ METHOD(encryption_payload_t, add_payload, void,
        compute_length(this);
 }
 
-METHOD(encryption_payload_t, remove_first_payload, status_t,
-       private_encryption_payload_t *this, payload_t **payload)
-{
-       return this->payloads->remove_first(this->payloads, (void**)payload);
-}
-
-METHOD(encryption_payload_t, get_payload_count, size_t,
+METHOD(encryption_payload_t, remove_payload, payload_t *,
        private_encryption_payload_t *this)
 {
-       return this->payloads->get_count(this->payloads);
+       payload_t *payload;
+
+       if (this->payloads->remove_first(this->payloads,
+                                                                        (void**)&payload) == SUCCESS)
+       {
+               return payload;
+       }
+       return NULL;
 }
 
 /**
- * Generate payload before encryption.
+ * Generate payload before encryption
  */
-static void generate(private_encryption_payload_t *this)
+static chunk_t generate(private_encryption_payload_t *this,
+                                               generator_t *generator)
 {
        payload_t *current, *next;
-       generator_t *generator;
        enumerator_t *enumerator;
-
-       compute_length(this);
-       chunk_free(&this->decrypted);
+       u_int32_t *lenpos;
+       chunk_t chunk = chunk_empty;
 
        enumerator = this->payloads->create_enumerator(this->payloads);
        if (enumerator->enumerate(enumerator, &current))
        {
                this->next_payload = current->get_type(current);
 
-               generator = generator_create();
                while (enumerator->enumerate(enumerator, &next))
                {
                        current->set_next_type(current, next->get_type(next));
                        generator->generate_payload(generator, current);
                        current = next;
                }
-               enumerator->destroy(enumerator);
                current->set_next_type(current, NO_PAYLOAD);
                generator->generate_payload(generator, current);
 
-               generator->write_to_chunk(generator, &this->decrypted);
-               generator->destroy(generator);
+               chunk = generator->get_chunk(generator, &lenpos);
                DBG2(DBG_ENC, "generated content in encryption payload");
        }
-       else
-       {
-               DBG2(DBG_ENC, "generating contained payloads, but none available");
-       }
        enumerator->destroy(enumerator);
+       return chunk;
 }
 
-METHOD(encryption_payload_t, encrypt, status_t,
-       private_encryption_payload_t *this)
+/**
+ * Append the encryption payload header to the associated data
+ */
+static chunk_t append_header(private_encryption_payload_t *this, chunk_t assoc)
+{
+       struct {
+               u_int8_t next_payload;
+               u_int8_t flags;
+               u_int16_t length;
+       } __attribute__((packed)) header = {
+               .next_payload = this->next_payload,
+               .flags = this->flags,
+               .length = htons(get_length(this)),
+       };
+       return chunk_cat("cc", assoc, chunk_from_thing(header));
+}
+
+METHOD(encryption_payload_t, encrypt, bool,
+       private_encryption_payload_t *this, chunk_t assoc)
 {
-       chunk_t iv, padding, to_crypt, result;
+       chunk_t iv, plain, padding, icv, crypt;
+       generator_t *generator;
        rng_t *rng;
-       size_t block_size;
+       size_t bs;
 
-       if (this->signer == NULL || this->crypter == NULL)
+       if (this->aead == NULL)
        {
-               DBG1(DBG_ENC, "could not encrypt, signer/crypter not set");
-               return INVALID_STATE;
+               DBG1(DBG_ENC, "encrypting encryption payload failed, transform missing");
+               return FALSE;
        }
 
-       /* for random data in iv and padding */
        rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
        if (!rng)
        {
-               DBG1(DBG_ENC, "could not encrypt, no RNG found");
-               return FAILED;
+               DBG1(DBG_ENC, "encrypting encryption payload failed, no RNG found");
+               return FALSE;
        }
-       /* build payload chunk */
-       generate(this);
-
-       DBG2(DBG_ENC, "encrypting payloads");
-       DBG3(DBG_ENC, "data to encrypt %B", &this->decrypted);
-
-       /* build padding */
-       block_size = this->crypter->get_block_size(this->crypter);
-       padding.len = block_size - ((this->decrypted.len + 1) %  block_size);
-       rng->allocate_bytes(rng, padding.len, &padding);
-
-       /* concatenate payload data, padding, padding len */
-       to_crypt.len = this->decrypted.len + padding.len + 1;
-       to_crypt.ptr = malloc(to_crypt.len);
-
-       memcpy(to_crypt.ptr, this->decrypted.ptr, this->decrypted.len);
-       memcpy(to_crypt.ptr + this->decrypted.len, padding.ptr, padding.len);
-       *(to_crypt.ptr + to_crypt.len - 1) = padding.len;
 
-       /* build iv */
-       iv.len = this->crypter->get_iv_size(this->crypter);
-       rng->allocate_bytes(rng, iv.len, &iv);
-       rng->destroy(rng);
-
-       DBG3(DBG_ENC, "data before encryption with padding %B", &to_crypt);
-
-       /* encrypt to_crypt chunk */
+       assoc = append_header(this, assoc);
+
+       generator = generator_create();
+       plain = generate(this, generator);
+       bs = this->aead->get_block_size(this->aead);
+       /* we need at least one byte padding to store the padding length */
+       padding.len = bs - (plain.len % bs);
+       iv.len = this->aead->get_iv_size(this->aead);
+       icv.len = this->aead->get_icv_size(this->aead);
+
+       /* prepare data to authenticate-encrypt:
+        * | IV | plain | padding | ICV |
+        *       \____crypt______/   ^
+        *              |           /
+        *              v          /
+        *     assoc -> + ------->/
+        */
        free(this->encrypted.ptr);
-       this->crypter->encrypt(this->crypter, to_crypt, iv, &result);
-       free(padding.ptr);
-       free(to_crypt.ptr);
+       this->encrypted = chunk_alloc(iv.len + plain.len + padding.len + icv.len);
+       iv.ptr = this->encrypted.ptr;
+       memcpy(iv.ptr + iv.len, plain.ptr, plain.len);
+       plain.ptr = iv.ptr + iv.len;
+       padding.ptr = plain.ptr + plain.len;
+       icv.ptr = padding.ptr + padding.len;
+       crypt = chunk_create(plain.ptr, plain.len + padding.len);
+       generator->destroy(generator);
+
+       rng->get_bytes(rng, iv.len, iv.ptr);
+       rng->get_bytes(rng, padding.len - 1, padding.ptr);
+       padding.ptr[padding.len - 1] = padding.len - 1;
+       rng->destroy(rng);
 
-       DBG3(DBG_ENC, "data after encryption %B", &result);
+       DBG3(DBG_ENC, "encryption payload encryption:");
+       DBG3(DBG_ENC, "IV %B", &iv);
+       DBG3(DBG_ENC, "plain %B", &plain);
+       DBG3(DBG_ENC, "padding %B", &padding);
+       DBG3(DBG_ENC, "assoc %B", &assoc);
 
-       /* build encrypted result with iv and signature */
-       this->encrypted.len = iv.len + result.len + this->signer->get_block_size(this->signer);
-       free(this->encrypted.ptr);
-       this->encrypted.ptr = malloc(this->encrypted.len);
+       this->aead->encrypt(this->aead, crypt, assoc, iv, NULL);
 
-       /* fill in result, signature is left out */
-       memcpy(this->encrypted.ptr, iv.ptr, iv.len);
-       memcpy(this->encrypted.ptr + iv.len, result.ptr, result.len);
+       DBG3(DBG_ENC, "encrypted %B", &crypt);
+       DBG3(DBG_ENC, "ICV %B", &icv);
 
-       free(result.ptr);
-       free(iv.ptr);
-       DBG3(DBG_ENC, "data after encryption with IV and (invalid) signature %B",
-                &this->encrypted);
+       free(assoc.ptr);
 
-       return SUCCESS;
+       return TRUE;
 }
 
 /**
  * Parse the payloads after decryption.
  */
-static status_t parse(private_encryption_payload_t *this)
+static status_t parse(private_encryption_payload_t *this, chunk_t plain)
 {
        parser_t *parser;
-       status_t status;
        payload_type_t type;
 
-       parser = parser_create(this->decrypted);
+       parser = parser_create(plain);
        type = this->next_payload;
        while (type != NO_PAYLOAD)
        {
                payload_t *payload;
 
-               status = parser->parse_payload(parser, type, &payload);
-               if (status != SUCCESS)
+               if (parser->parse_payload(parser, type, &payload) != SUCCESS)
                {
                        parser->destroy(parser);
-                       return PARSE_ERROR;
+                       return FALSE;
                }
-               status = payload->verify(payload);
-               if (status != SUCCESS)
+               if (payload->verify(payload) != SUCCESS)
                {
                        DBG1(DBG_ENC, "%N verification failed",
                                 payload_type_names, payload->get_type(payload));
                        payload->destroy(payload);
                        parser->destroy(parser);
-                       return VERIFY_ERROR;
+                       return FALSE;
                }
                type = payload->get_next_type(payload);
                this->payloads->insert_last(this->payloads, payload);
        }
        parser->destroy(parser);
        DBG2(DBG_ENC, "parsed content of encryption payload");
-       return SUCCESS;
+       return TRUE;
 }
 
-METHOD(encryption_payload_t, decrypt, status_t,
-       private_encryption_payload_t *this)
+METHOD(encryption_payload_t, decrypt, bool,
+       private_encryption_payload_t *this, chunk_t assoc)
 {
-       chunk_t iv, concatenated;
-       u_int8_t padding_length;
-
-       DBG2(DBG_ENC, "decrypting encryption payload");
-       DBG3(DBG_ENC, "data before decryption with IV and (invalid) signature %B",
-                &this->encrypted);
+       chunk_t iv, plain, padding, icv, crypt;
+       size_t bs;
 
-       if (this->signer == NULL || this->crypter == NULL)
+       if (this->aead == NULL)
        {
-               DBG1(DBG_ENC, "could not decrypt, no crypter/signer set");
-               return INVALID_STATE;
+               DBG1(DBG_ENC, "decrypting encryption payload failed, transform missing");
+               return FALSE;
        }
 
-       /* get IV */
-       iv.len = this->crypter->get_iv_size(this->crypter);
-       if (iv.len > this->encrypted.len)
-       {
-               DBG1(DBG_ENC, "could not decrypt, input too short");
-               return FAILED;
-       }
-       iv.ptr = this->encrypted.ptr;
-
-       /* point concatenated to data + padding + padding_length */
-       concatenated.ptr = this->encrypted.ptr + iv.len;
-       concatenated.len = this->encrypted.len - iv.len -
-                                                               this->signer->get_block_size(this->signer);
-
-       /* concatenated must be a multiple of block_size of crypter */
-       if (concatenated.len < iv.len ||
-               concatenated.len % this->crypter->get_block_size(this->crypter))
-       {
-               DBG1(DBG_ENC, "could not decrypt, invalid input");
-               return FAILED;
-       }
-
-       /* free previus data, if any */
-       free(this->decrypted.ptr);
-
-       DBG3(DBG_ENC, "data before decryption %B", &concatenated);
-
-       this->crypter->decrypt(this->crypter, concatenated, iv, &this->decrypted);
-
-       DBG3(DBG_ENC, "data after decryption with padding %B", &this->decrypted);
+       /* prepare data to authenticate-decrypt:
+        * | IV | plain | padding | ICV |
+        *       \____crypt______/   ^
+        *              |           /
+        *              v          /
+        *     assoc -> + ------->/
+        */
 
-       /* get padding length, sits just bevore signature */
-       padding_length = *(this->decrypted.ptr + this->decrypted.len - 1);
-       /* add one byte to the padding length, since the padding_length field is
-        * not included */
-       padding_length++;
+       bs = this->aead->get_block_size(this->aead);
+       iv.len = this->aead->get_iv_size(this->aead);
+       iv.ptr = this->encrypted.ptr;
+       icv.len = this->aead->get_icv_size(this->aead);
+       icv.ptr = this->encrypted.ptr + this->encrypted.len - icv.len;
+       crypt.ptr = iv.ptr + iv.len;
+       crypt.len = this->encrypted.len - iv.len;
 
-       /* check size again */
-       if (padding_length > concatenated.len || padding_length > this->decrypted.len)
+       if (iv.len + icv.len > this->encrypted.len ||
+               (crypt.len - icv.len) % bs)
        {
-               DBG1(DBG_ENC, "decryption failed, invalid padding length found. Invalid key?");
-               /* decryption failed :-/ */
-               return FAILED;
+               DBG1(DBG_ENC, "decrypting encryption payload failed, invalid length");
+               return FALSE;
        }
-       this->decrypted.len -= padding_length;
 
-       /* free padding */
-       this->decrypted.ptr = realloc(this->decrypted.ptr, this->decrypted.len);
-       DBG3(DBG_ENC, "data after decryption without padding %B", &this->decrypted);
-       DBG2(DBG_ENC, "decryption successful, trying to parse content");
-       return parse(this);
-}
+       assoc = append_header(this, assoc);
 
-METHOD(encryption_payload_t, set_transforms, void,
-       private_encryption_payload_t *this, crypter_t* crypter, signer_t* signer)
-{
-       this->signer = signer;
-       this->crypter = crypter;
-}
-
-METHOD(encryption_payload_t, build_signature, status_t,
-       private_encryption_payload_t *this, chunk_t data)
-{
-       chunk_t data_without_sig = data;
-       chunk_t sig;
+       DBG3(DBG_ENC, "encryption payload decryption:");
+       DBG3(DBG_ENC, "IV %B", &iv);
+       DBG3(DBG_ENC, "encrypted %B", &crypt);
+       DBG3(DBG_ENC, "ICV %B", &icv);
+       DBG3(DBG_ENC, "assoc %B", &assoc);
 
-       if (this->signer == NULL)
+       if (!this->aead->decrypt(this->aead, crypt, assoc, iv, NULL))
        {
-               DBG1(DBG_ENC, "unable to build signature, no signer set");
-               return INVALID_STATE;
+               DBG1(DBG_ENC, "verifying encryption payload integrity failed");
+               free(assoc.ptr);
+               return FALSE;
        }
+       free(assoc.ptr);
 
-       sig.len = this->signer->get_block_size(this->signer);
-       data_without_sig.len -= sig.len;
-       sig.ptr = data.ptr + data_without_sig.len;
-       DBG2(DBG_ENC, "building signature");
-       this->signer->get_signature(this->signer, data_without_sig, sig.ptr);
-       return SUCCESS;
-}
-
-METHOD(encryption_payload_t, verify_signature, status_t,
-       private_encryption_payload_t *this, chunk_t data)
-{
-       chunk_t sig, data_without_sig;
-       bool valid;
-
-       if (this->signer == NULL)
+       plain = chunk_create(crypt.ptr, crypt.len - icv.len);
+       padding.len = plain.ptr[plain.len - 1] + 1;
+       if (padding.len >= plain.len)
        {
-               DBG1(DBG_ENC, "unable to verify signature, no signer set");
-               return INVALID_STATE;
-       }
-       /* find signature in data chunk */
-       sig.len = this->signer->get_block_size(this->signer);
-       if (data.len <= sig.len)
-       {
-               DBG1(DBG_ENC, "unable to verify signature, invalid input");
+               DBG1(DBG_ENC, "decrypting encryption payload failed, "
+                        "padding invalid %B", &crypt);
                return FAILED;
        }
-       sig.ptr = data.ptr + data.len - sig.len;
+       plain.len -= padding.len;
+       padding.ptr = plain.ptr + plain.len;
 
-       /* verify it */
-       data_without_sig.len = data.len - sig.len;
-       data_without_sig.ptr = data.ptr;
-       valid = this->signer->verify_signature(this->signer, data_without_sig, sig);
+       DBG3(DBG_ENC, "plain %B", &plain);
+       DBG3(DBG_ENC, "padding %B", &padding);
 
-       if (!valid)
-       {
-               DBG1(DBG_ENC, "signature verification failed");
-               return FAILED;
-       }
+       return parse(this, plain);
+}
 
-       DBG2(DBG_ENC, "signature verification successful");
-       return SUCCESS;
+METHOD(encryption_payload_t, set_transform, void,
+       private_encryption_payload_t *this, aead_t* aead)
+{
+       this->aead = aead;
 }
 
 METHOD2(payload_t, encryption_payload_t, destroy, void,
@@ -522,7 +449,6 @@ METHOD2(payload_t, encryption_payload_t, destroy, void,
 {
        this->payloads->destroy_offset(this->payloads, offsetof(payload_t, destroy));
        free(this->encrypted.ptr);
-       free(this->decrypted.ptr);
        free(this);
 }
 
@@ -544,15 +470,12 @@ encryption_payload_t *encryption_payload_create()
                                .get_type = _get_type,
                                .destroy = _destroy,
                        },
-                       .create_payload_iterator = _create_payload_iterator,
+                       .get_length = _get_length,
                        .add_payload = _add_payload,
-                       .remove_first_payload = _remove_first_payload,
-                       .get_payload_count = _get_payload_count,
+                       .remove_payload = _remove_payload,
+                       .set_transform = _set_transform,
                        .encrypt = _encrypt,
                        .decrypt = _decrypt,
-                       .set_transforms = _set_transforms,
-                       .build_signature = _build_signature,
-                       .verify_signature = _verify_signature,
                        .destroy = _destroy,
                },
                .next_payload = NO_PAYLOAD,
index ac5326b..9fc6194 100644 (file)
@@ -1,5 +1,6 @@
 /*
- * Copyright (C) 2005-2006 Martin Willi
+ * Copyright (C) 2005-2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
  * Copyright (C) 2005 Jan Hutter
  * Hochschule fuer Technik Rapperswil
  *
 typedef struct encryption_payload_t encryption_payload_t;
 
 #include <library.h>
-#include <crypto/crypters/crypter.h>
-#include <crypto/signers/signer.h>
+#include <crypto/aead.h>
 #include <encoding/payloads/payload.h>
-#include <utils/linked_list.h>
 
 /**
  * Encrpytion payload length in bytes without IV and following data.
  */
 #define ENCRYPTION_PAYLOAD_HEADER_LENGTH 4
 
-
 /**
  * The encryption payload as described in RFC section 3.14.
- *
- * Before any crypt/decrypt/sign/verify operation can occur,
- * the transforms must be set. After that, a parsed encryption payload
- * can be decrypted, which also will parse the contained payloads.
- * Encryption is done the same way, added payloads will get generated
- * and then encrypted.
- * For signature building, there is the FULL packet needed. Meaning it
- * must be builded after generation of all payloads and the encryption
- * of the encryption payload.
- * Signature verificatin is done before decryption.
  */
 struct encryption_payload_t {
+
        /**
         * Implements payload_t interface.
         */
        payload_t payload_interface;
 
        /**
-        * Creates an iterator for all contained payloads.
+        * Get the payload length.
         *
-        * iterator_t object has to get destroyed by the caller.
-        *
-        * @param forward               iterator direction (TRUE: front to end)
-        * return                               created iterator_t object
+        * @return                      (expected) payload length
         */
-        iterator_t *(*create_payload_iterator) (encryption_payload_t *this, bool forward);
+       size_t (*get_length)(encryption_payload_t *this);
 
        /**
         * Adds a payload to this encryption payload.
@@ -73,89 +59,35 @@ struct encryption_payload_t {
        void (*add_payload) (encryption_payload_t *this, payload_t *payload);
 
        /**
-        * Reove the last payload in the contained payload list.
+        * Remove the first payload in the list
         *
         * @param payload               removed payload
-        * @return
-        *                                              - SUCCESS, or
-        *                                              - NOT_FOUND if list empty
-        */
-       status_t (*remove_first_payload) (encryption_payload_t *this, payload_t **payload);
-
-       /**
-        * Get the number of payloads.
-        *
-        * @return                              number of contained payloads
-        */
-       size_t (*get_payload_count) (encryption_payload_t *this);
-
-       /**
-        * Set transforms to use.
-        *
-        * To decryption, encryption, signature building and verifying,
-        * the payload needs a crypter and a signer object.
-        *
-        * @warning Do NOT call this function again after encryption, since
-        * the signer must be the same while encrypting and signature building!
-        *
-        * @param crypter               crypter_t to use for data de-/encryption
-        * @param signer                signer_t to use for data signing/verifying
+        * @return                              payload, NULL if none left
         */
-       void (*set_transforms) (encryption_payload_t *this, crypter_t *crypter, signer_t *signer);
+       payload_t* (*remove_payload)(encryption_payload_t *this);
 
        /**
-        * Generate and encrypt contained payloads.
+        * Set the AEAD transform to use.
         *
-        * This function generates the content for added payloads
-        * and encrypts them. Signature is not built, since we need
-        * additional data (the full message).
-        *
-        * @return                              SUCCESS, or INVALID_STATE if transforms not set
+        * @param aead          aead transform to use
         */
-       status_t (*encrypt) (encryption_payload_t *this);
+       void (*set_transform) (encryption_payload_t *this, aead_t *aead);
 
        /**
-        * Decrypt and parse contained payloads.
-        *
-        * This function decrypts the contained data. After,
-        * the payloads are parsed internally and are accessible
-        * via the iterator.
+        * Generate, encrypt and sign contained payloads.
         *
-        * @return
-        *                                              - SUCCESS, or
-        *                                              - INVALID_STATE if transforms not set, or
-        *                                              - FAILED if data is invalid
+        * @param assoc                 associated data
+        * @return                              TRUE if encrypted
         */
-       status_t (*decrypt) (encryption_payload_t *this);
+       bool (*encrypt) (encryption_payload_t *this, chunk_t assoc);
 
        /**
-        * Build the signature.
-        *
-        * The signature is built over the FULL message, so the header
-        * and every payload (inclusive this one) must already be generated.
-        * The generated message is supplied via the data paramater.
-        *
-        * @param data                  chunk contains the already generated message
-        * @return
-        *                                              - SUCCESS, or
-        *                                              - INVALID_STATE if transforms not set
-        */
-       status_t (*build_signature) (encryption_payload_t *this, chunk_t data);
-
-       /**
-        * Verify the signature.
-        *
-        * Since the signature is built over the full message, we need
-        * this data to do the verification. The message data
-        * is supplied via the data argument.
+        * Decrypt, verify and parse contained payloads.
         *
-        * @param data                  chunk contains the message
-        * @return
-        *                                              - SUCCESS, or
-        *                                              - FAILED if signature invalid, or
-        *                                              - INVALID_STATE if transforms not set
+        * @param assoc                 associated data
+        * @return                              TRUE if decrypted and verified successfully
         */
-       status_t (*verify_signature) (encryption_payload_t *this, chunk_t data);
+       bool (*decrypt) (encryption_payload_t *this, chunk_t assoc);
 
        /**
         * Destroys an encryption_payload_t object.
@@ -166,7 +98,7 @@ struct encryption_payload_t {
 /**
  * Creates an empty encryption_payload_t object.
  *
- * @return encryption_payload_t object
+ * @return                     encryption_payload_t object
  */
 encryption_payload_t *encryption_payload_create(void);
 
index b53dea4..1a25d45 100644 (file)
@@ -146,7 +146,7 @@ static void send_notify(message_t *request, notify_type_t type, chunk_t data)
                ike_sa_id->switch_initiator(ike_sa_id);
                response->set_ike_sa_id(response, ike_sa_id);
                response->add_notify(response, FALSE, type, data);
-               if (response->generate(response, NULL, NULL, &packet) == SUCCESS)
+               if (response->generate(response, NULL, &packet) == SUCCESS)
                {
                        charon->sender->send(charon->sender, packet);
                        response->destroy(response);
index b78ba07..fad0813 100644 (file)
@@ -1064,7 +1064,7 @@ static void send_check(private_connect_manager_t *this, check_list_t *checklist,
        DBG2(DBG_IKE, "send ME_CONNECTAUTH %#B", &check->auth);
 
        packet_t *packet;
-       if (message->generate(message, NULL, NULL, &packet) == SUCCESS)
+       if (message->generate(message, NULL, &packet) == SUCCESS)
        {
                charon->sender->send(charon->sender, packet->clone(packet));
 
index 7536662..83d1e00 100644 (file)
@@ -882,8 +882,7 @@ METHOD(ike_sa_t, generate_message, status_t,
        this->stats[STAT_OUTBOUND] = time_monotonic(NULL);
        message->set_ike_sa_id(message, this->ike_sa_id);
        return message->generate(message,
-                               this->keymat->get_crypter(this->keymat, FALSE),
-                               this->keymat->get_signer(this->keymat, FALSE), packet);
+                               this->keymat->get_aead(this->keymat, FALSE), packet);
 }
 
 /**
@@ -1173,8 +1172,7 @@ METHOD(ike_sa_t, process_message, status_t,
        is_request = message->get_request(message);
 
        status = message->parse_body(message,
-                                                                this->keymat->get_crypter(this->keymat, TRUE),
-                                                                this->keymat->get_signer(this->keymat, TRUE));
+                                                                this->keymat->get_aead(this->keymat, TRUE));
        if (status != SUCCESS)
        {
 
index 91d5d98..4c391a6 100644 (file)
@@ -36,24 +36,14 @@ struct private_keymat_t {
        bool initiator;
 
        /**
-        * inbound signer (verify)
+        * inbound AEAD
         */
-       signer_t *signer_in;
+       aead_t *aead_in;
 
        /**
-        * outbound signer (sign)
+        * outbound AEAD
         */
-       signer_t *signer_out;
-
-       /**
-        * inbound crypter (decrypt)
-        */
-       crypter_t *crypter_in;
-
-       /**
-        * outbound crypter (encrypt)
-        */
-       crypter_t *crypter_out;
+       aead_t *aead_out;
 
        /**
         * General purpose PRF
@@ -140,6 +130,99 @@ METHOD(keymat_t, create_dh, diffie_hellman_t*,
        return lib->crypto->create_dh(lib->crypto, group);;
 }
 
+/**
+ * Derive IKE keys for a combined AEAD algorithm
+ */
+static bool derive_ike_aead(private_keymat_t *this, proposal_t *proposal,
+                                                       prf_plus_t *prf_plus)
+{
+       return FALSE;
+}
+
+/**
+ * Derive IKE keys for traditional encryption and MAC algorithms
+ */
+static bool derive_ike_traditional(private_keymat_t *this, proposal_t *proposal,
+                                                                  prf_plus_t *prf_plus)
+{
+       crypter_t *crypter_i, *crypter_r;
+       signer_t *signer_i, *signer_r;
+       u_int16_t alg, key_size;
+       chunk_t key;
+
+       /* SK_ai/SK_ar used for integrity protection */
+       if (!proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM, &alg, NULL))
+       {
+               DBG1(DBG_IKE, "no %N selected",
+                        transform_type_names, INTEGRITY_ALGORITHM);
+               return FALSE;
+       }
+       signer_i = lib->crypto->create_signer(lib->crypto, alg);
+       signer_r = lib->crypto->create_signer(lib->crypto, alg);
+       if (signer_i == NULL || signer_r == NULL)
+       {
+               DBG1(DBG_IKE, "%N %N not supported!",
+                        transform_type_names, INTEGRITY_ALGORITHM,
+                        integrity_algorithm_names ,alg);
+               return FALSE;
+       }
+       key_size = signer_i->get_key_size(signer_i);
+
+       prf_plus->allocate_bytes(prf_plus, key_size, &key);
+       DBG4(DBG_IKE, "Sk_ai secret %B", &key);
+       signer_i->set_key(signer_i, key);
+       chunk_clear(&key);
+
+       prf_plus->allocate_bytes(prf_plus, key_size, &key);
+       DBG4(DBG_IKE, "Sk_ar secret %B", &key);
+       signer_r->set_key(signer_r, key);
+       chunk_clear(&key);
+
+       /* SK_ei/SK_er used for encryption */
+       if (!proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &alg, &key_size))
+       {
+               DBG1(DBG_IKE, "no %N selected",
+                        transform_type_names, ENCRYPTION_ALGORITHM);
+               signer_i->destroy(signer_i);
+               signer_r->destroy(signer_r);
+               return FALSE;
+       }
+       crypter_i = lib->crypto->create_crypter(lib->crypto, alg, key_size / 8);
+       crypter_r = lib->crypto->create_crypter(lib->crypto, alg, key_size / 8);
+       if (crypter_i == NULL || crypter_r == NULL)
+       {
+               DBG1(DBG_IKE, "%N %N (key size %d) not supported!",
+                        transform_type_names, ENCRYPTION_ALGORITHM,
+                        encryption_algorithm_names, alg, key_size);
+               signer_i->destroy(signer_i);
+               signer_r->destroy(signer_r);
+               return FALSE;
+       }
+       key_size = crypter_i->get_key_size(crypter_i);
+
+       prf_plus->allocate_bytes(prf_plus, key_size, &key);
+       DBG4(DBG_IKE, "Sk_ei secret %B", &key);
+       crypter_i->set_key(crypter_i, key);
+       chunk_clear(&key);
+
+       prf_plus->allocate_bytes(prf_plus, key_size, &key);
+       DBG4(DBG_IKE, "Sk_er secret %B", &key);
+       crypter_r->set_key(crypter_r, key);
+       chunk_clear(&key);
+
+       if (this->initiator)
+       {
+               this->aead_in = aead_create(crypter_r, signer_r);
+               this->aead_out = aead_create(crypter_i, signer_i);
+       }
+       else
+       {
+               this->aead_in = aead_create(crypter_i, signer_i);
+               this->aead_out = aead_create(crypter_r, signer_r);
+       }
+       return TRUE;
+}
+
 METHOD(keymat_t, derive_ike_keys, bool,
        private_keymat_t *this, proposal_t *proposal, diffie_hellman_t *dh,
        chunk_t nonce_i, chunk_t nonce_r, ike_sa_id_t *id,
@@ -147,8 +230,6 @@ METHOD(keymat_t, derive_ike_keys, bool,
 {
        chunk_t skeyseed, key, secret, full_nonce, fixed_nonce, prf_plus_seed;
        chunk_t spi_i, spi_r;
-       crypter_t *crypter_i, *crypter_r;
-       signer_t *signer_i, *signer_r;
        prf_plus_t *prf_plus;
        u_int16_t alg, key_size;
        prf_t *rekey_prf = NULL;
@@ -251,50 +332,6 @@ METHOD(keymat_t, derive_ike_keys, bool,
        prf_plus->allocate_bytes(prf_plus, key_size, &this->skd);
        DBG4(DBG_IKE, "Sk_d secret %B", &this->skd);
 
-       /* SK_ai/SK_ar used for integrity protection => signer_in/signer_out */
-       if (!proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM, &alg, NULL))
-       {
-               DBG1(DBG_IKE, "no %N selected",
-                        transform_type_names, INTEGRITY_ALGORITHM);
-               prf_plus->destroy(prf_plus);
-               DESTROY_IF(rekey_prf);
-               return FALSE;
-       }
-       signer_i = lib->crypto->create_signer(lib->crypto, alg);
-       signer_r = lib->crypto->create_signer(lib->crypto, alg);
-       if (signer_i == NULL || signer_r == NULL)
-       {
-               DBG1(DBG_IKE, "%N %N not supported!",
-                        transform_type_names, INTEGRITY_ALGORITHM,
-                        integrity_algorithm_names ,alg);
-               prf_plus->destroy(prf_plus);
-               DESTROY_IF(rekey_prf);
-               return FALSE;
-       }
-       key_size = signer_i->get_key_size(signer_i);
-
-       prf_plus->allocate_bytes(prf_plus, key_size, &key);
-       DBG4(DBG_IKE, "Sk_ai secret %B", &key);
-       signer_i->set_key(signer_i, key);
-       chunk_clear(&key);
-
-       prf_plus->allocate_bytes(prf_plus, key_size, &key);
-       DBG4(DBG_IKE, "Sk_ar secret %B", &key);
-       signer_r->set_key(signer_r, key);
-       chunk_clear(&key);
-
-       if (this->initiator)
-       {
-               this->signer_in = signer_r;
-               this->signer_out = signer_i;
-       }
-       else
-       {
-               this->signer_in = signer_i;
-               this->signer_out = signer_r;
-       }
-
-       /* SK_ei/SK_er used for encryption => crypter_in/crypter_out */
        if (!proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &alg, &key_size))
        {
                DBG1(DBG_IKE, "no %N selected",
@@ -303,38 +340,24 @@ METHOD(keymat_t, derive_ike_keys, bool,
                DESTROY_IF(rekey_prf);
                return FALSE;
        }
-       crypter_i = lib->crypto->create_crypter(lib->crypto, alg, key_size / 8);
-       crypter_r = lib->crypto->create_crypter(lib->crypto, alg, key_size / 8);
-       if (crypter_i == NULL || crypter_r == NULL)
-       {
-               DBG1(DBG_IKE, "%N %N (key size %d) not supported!",
-                        transform_type_names, ENCRYPTION_ALGORITHM,
-                        encryption_algorithm_names, alg, key_size);
-               prf_plus->destroy(prf_plus);
-               DESTROY_IF(rekey_prf);
-               return FALSE;
-       }
-       key_size = crypter_i->get_key_size(crypter_i);
-
-       prf_plus->allocate_bytes(prf_plus, key_size, &key);
-       DBG4(DBG_IKE, "Sk_ei secret %B", &key);
-       crypter_i->set_key(crypter_i, key);
-       chunk_clear(&key);
-
-       prf_plus->allocate_bytes(prf_plus, key_size, &key);
-       DBG4(DBG_IKE, "Sk_er secret %B", &key);
-       crypter_r->set_key(crypter_r, key);
-       chunk_clear(&key);
 
-       if (this->initiator)
+       if (encryption_algorithm_is_aead(alg))
        {
-               this->crypter_in = crypter_r;
-               this->crypter_out = crypter_i;
+               if (!derive_ike_aead(this, proposal, prf_plus))
+               {
+                       prf_plus->destroy(prf_plus);
+                       DESTROY_IF(rekey_prf);
+                       return FALSE;
+               }
        }
        else
        {
-               this->crypter_in = crypter_i;
-               this->crypter_out = crypter_r;
+               if (!derive_ike_traditional(this, proposal, prf_plus))
+               {
+                       prf_plus->destroy(prf_plus);
+                       DESTROY_IF(rekey_prf);
+                       return FALSE;
+               }
        }
 
        /* SK_pi/SK_pr used for authentication => stored for later */
@@ -479,16 +502,10 @@ METHOD(keymat_t, get_skd, pseudo_random_function_t,
        return this->prf_alg;
 }
 
-METHOD(keymat_t, get_signer, signer_t*,
-       private_keymat_t *this, bool in)
-{
-       return in ? this->signer_in : this->signer_out;
-}
-
-METHOD(keymat_t, get_crypter, crypter_t*,
+METHOD(keymat_t, get_aead, aead_t*,
        private_keymat_t *this, bool in)
 {
-       return in ? this->crypter_in : this->crypter_out;
+       return in ? this->aead_in : this->aead_out;
 }
 
 METHOD(keymat_t, get_auth_octets, chunk_t,
@@ -550,10 +567,8 @@ METHOD(keymat_t, get_psk_sig, chunk_t,
 METHOD(keymat_t, destroy, void,
        private_keymat_t *this)
 {
-       DESTROY_IF(this->signer_in);
-       DESTROY_IF(this->signer_out);
-       DESTROY_IF(this->crypter_in);
-       DESTROY_IF(this->crypter_out);
+       DESTROY_IF(this->aead_in);
+       DESTROY_IF(this->aead_out);
        DESTROY_IF(this->prf);
        chunk_clear(&this->skd);
        chunk_clear(&this->skp_verify);
@@ -574,8 +589,7 @@ keymat_t *keymat_create(bool initiator)
                        .derive_ike_keys = _derive_ike_keys,
                        .derive_child_keys = _derive_child_keys,
                        .get_skd = _get_skd,
-                       .get_signer = _get_signer,
-                       .get_crypter = _get_crypter,
+                       .get_aead = _get_aead,
                        .get_auth_octets = _get_auth_octets,
                        .get_psk_sig = _get_psk_sig,
                        .destroy = _destroy,
index e51709e..4f01aa4 100644 (file)
@@ -24,8 +24,7 @@
 #include <library.h>
 #include <utils/identification.h>
 #include <crypto/prfs/prf.h>
-#include <crypto/crypters/crypter.h>
-#include <crypto/signers/signer.h>
+#include <crypto/aead.h>
 #include <config/proposal.h>
 #include <sa/ike_sa_id.h>
 
@@ -99,21 +98,13 @@ struct keymat_t {
         */
        pseudo_random_function_t (*get_skd)(keymat_t *this, chunk_t *skd);
 
-       /**
-        * Get a signer to sign/verify IKE messages.
-        *
-        * @param in            TRUE for inbound (verify), FALSE for outbound (sign)
-        * @return                      signer
-        */
-       signer_t* (*get_signer)(keymat_t *this, bool in);
-
        /*
-        * Get a crypter to en-/decrypt IKE messages.
+        * Get a AEAD transform to en-/decrypt and sign/verify IKE messages.
         *
         * @param in            TRUE for inbound (decrypt), FALSE for outbound (encrypt)
         * @return                      crypter
         */
-       crypter_t* (*get_crypter)(keymat_t *this, bool in);
+       aead_t* (*get_aead)(keymat_t *this, bool in);
 
        /**
         * Generate octets to use for authentication procedure (RFC4306 2.15).