- added support for empty traffic selectors and empty sa payload in
authorJan Hutter <jhutter@hsr.ch>
Wed, 7 Dec 2005 10:25:32 +0000 (10:25 -0000)
committerJan Hutter <jhutter@hsr.ch>
Wed, 7 Dec 2005 10:25:32 +0000 (10:25 -0000)
IKE_AUTH request and reply

Source/charon/config/configuration_manager.c
Source/charon/encoding/payloads/ts_payload.c
Source/charon/sa/states/ike_auth_requested.c
Source/charon/sa/states/ike_sa_init_responded.c

index de424c5..d3c6425 100644 (file)
@@ -292,20 +292,22 @@ static void load_default_config (private_configuration_manager_t *this)
        proposals[0].integrity_algorithm_key_length = 16;
        proposals[0].pseudo_random_function = PRF_HMAC_MD5;
        proposals[0].pseudo_random_function_key_length = 16;
-       proposals[0].diffie_hellman_group = MODP_1024_BIT;
+       proposals[0].diffie_hellman_group = MODP_768_BIT;
        
        proposals[1] = proposals[0];
        proposals[1].integrity_algorithm = AUTH_HMAC_SHA1_96;
        proposals[1].integrity_algorithm_key_length = 20;
        proposals[1].pseudo_random_function = PRF_HMAC_SHA1;
        proposals[1].pseudo_random_function_key_length = 20;
+       proposals[1].diffie_hellman_group = MODP_1024_BIT;
 
-       init_config1->add_proposal(init_config1,1,proposals[0]);
        init_config1->add_proposal(init_config1,1,proposals[1]);
-       init_config2->add_proposal(init_config2,1,proposals[0]);
+       init_config1->add_proposal(init_config1,1,proposals[0]);
        init_config2->add_proposal(init_config2,1,proposals[1]);
-       init_config3->add_proposal(init_config3,1,proposals[0]);
+       init_config2->add_proposal(init_config2,1,proposals[0]);
        init_config3->add_proposal(init_config3,1,proposals[1]);
+       init_config3->add_proposal(init_config3,1,proposals[0]);
+
        
        sa_config1 = sa_config_create(ID_IPV4_ADDR, "152.96.193.130", 
                                                                  ID_IPV4_ADDR, "152.96.193.131",
index d9e17c6..59b7322 100644 (file)
@@ -128,7 +128,7 @@ encoding_rule_t ts_payload_encodings[] = {
 static status_t verify(private_ts_payload_t *this)
 {
        iterator_t *iterator;
-       status_t status = FAILED;
+       status_t status = SUCCESS;
        
        if (this->critical)
        {
@@ -340,7 +340,7 @@ ts_payload_t *ts_payload_create(bool is_initiator)
        this->next_payload = NO_PAYLOAD;
        this->payload_length =TS_PAYLOAD_HEADER_LENGTH;
        this->is_initiator = is_initiator;
-       this->number_of_traffic_selectors=0;
+       this->number_of_traffic_selectors = 0;
        this->traffic_selectors = linked_list_create();  
 
        return &(this->public);
index 2088985..199a062 100644 (file)
@@ -407,8 +407,7 @@ static status_t process_ts_payload(private_ike_auth_requested_t *this, bool ts_i
        /* check if the responder selected valid proposals */
        if (ts_selected_count != ts_received_count)
        {
-               this->logger->log(this->logger, AUDIT, "IKE_AUTH reply contained not offered traffic selectors. Deleting IKE_SA");
-               status = DELETE_ME;     
+               this->logger->log(this->logger, AUDIT, "IKE_AUTH reply contained not offered traffic selectors.");
        }
        
        /* cleanup */
index 0e481f7..b3680da 100644 (file)
@@ -414,9 +414,13 @@ static status_t build_sa_payload(private_ike_sa_init_responded_t *this, sa_paylo
        }
        else
        {
-               this->logger->log(this->logger, AUDIT, "IKE_AUH request did not contain any proposals. Deleting IKE_SA");
-               this->ike_sa->send_notify(this->ike_sa, IKE_AUTH, NO_PROPOSAL_CHOSEN, CHUNK_INITIALIZER);
-               status = DELETE_ME;
+               this->logger->log(this->logger, AUDIT, "IKE_AUH request did not contain any proposals. Don't create CHILD_SA.");
+/*             this->ike_sa->send_notify(this->ike_sa, IKE_AUTH, NO_PROPOSAL_CHOSEN, CHUNK_INITIALIZER);
+               status = DELETE_ME; */
+               sa_response = sa_payload_create();
+               response->add_payload(response, (payload_t*)sa_response);
+               
+               status = SUCCESS;
        }
        
        
@@ -484,7 +488,9 @@ static status_t build_ts_payload(private_ike_sa_init_responded_t *this, bool ts_
        }
        if(ts_selected_count == 0)
        {
-               status = DELETE_ME;     
+               this->logger->log(this->logger, AUDIT, "IKE_AUH request did not contain any traffic selectors.");
+               ts_response = ts_payload_create(ts_initiator);
+               response->add_payload(response, (payload_t*)ts_response);
        }
        else
        {