Imported Upstream version 5.0.1

author: Yves-Alexis Perez <corsac@debian.org> 2013-01-02 14:18:20 +0100
committer: Yves-Alexis Perez <corsac@debian.org> 2013-01-02 14:18:20 +0100
commit: c1343b3278cdf99533b7902744d15969f9d6fdc1 (patch)
tree: d5ed3dc5677a59260ec41cd39bb284d3e94c91b3 /src/conftest
parent: b34738ed08c2227300d554b139e2495ca5da97d6 (diff)
download: vyos-strongswan-c1343b3278cdf99533b7902744d15969f9d6fdc1.tar.gz
vyos-strongswan-c1343b3278cdf99533b7902744d15969f9d6fdc1.zip
27 files changed, 154 insertions, 132 deletions
diff --git a/src/conftest/Makefile.am b/src/conftest/Makefile.am
index 7eab0df27..64a2cc6d3 100644
--- a/src/conftest/Makefile.am
+++ b/src/conftest/Makefile.am
@@ -1,6 +1,7 @@
 ipsec_PROGRAMS = conftest
 
-AM_CFLAGS = -rdynamic
+AM_CFLAGS = -rdynamic \
+	-DPLUGINS=\""${charon_plugins}\""
 
 conftest_SOURCES = conftest.c conftest.h config.c config.h actions.c actions.h \
 	hooks/hook.h hooks/ike_auth_fill.c hooks/unsort_message.c \
diff --git a/src/conftest/Makefile.in b/src/conftest/Makefile.in
index 4efdeaad5..ea26b70e7 100644
--- a/src/conftest/Makefile.in
+++ b/src/conftest/Makefile.in
@@ -50,6 +50,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
 CONFIG_CLEAN_VPATH_FILES =
 am__installdirs = "$(DESTDIR)$(ipsecdir)"
@@ -73,7 +74,7 @@ conftest_DEPENDENCIES =  \
 	$(top_builddir)/src/libhydra/libhydra.la \
 	$(top_builddir)/src/libcharon/libcharon.la \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
-DEFAULT_INCLUDES = -I.@am__isrc@
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
 am__mv = mv -f
@@ -99,6 +100,7 @@ AUTOCONF = @AUTOCONF@
 AUTOHEADER = @AUTOHEADER@
 AUTOMAKE = @AUTOMAKE@
 AWK = @AWK@
+BFDLIB = @BFDLIB@
 BTLIB = @BTLIB@
 CC = @CC@
 CCDEPMODE = @CCDEPMODE@
@@ -193,11 +195,14 @@ build_os = @build_os@
 build_vendor = @build_vendor@
 builddir = @builddir@
 c_plugins = @c_plugins@
+charon_natt_port = @charon_natt_port@
+charon_plugins = @charon_plugins@
+charon_udp_port = @charon_udp_port@
 clearsilver_LIBS = @clearsilver_LIBS@
 datadir = @datadir@
 datarootdir = @datarootdir@
 dbusservicedir = @dbusservicedir@
-default_pkcs11 = @default_pkcs11@
+dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
 exec_prefix = @exec_prefix@
@@ -214,11 +219,12 @@ imcvdir = @imcvdir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
+ipsec_script = @ipsec_script@
+ipsec_script_upper = @ipsec_script_upper@
 ipsecdir = @ipsecdir@
 ipsecgroup = @ipsecgroup@
 ipseclibdir = @ipseclibdir@
 ipsecuser = @ipsecuser@
-libcharon_plugins = @libcharon_plugins@
 libdir = @libdir@
 libexecdir = @libexecdir@
 linux_headers = @linux_headers@
@@ -234,6 +240,7 @@ mkdir_p = @mkdir_p@
 nm_CFLAGS = @nm_CFLAGS@
 nm_LIBS = @nm_LIBS@
 nm_ca_dir = @nm_ca_dir@
+nm_plugins = @nm_plugins@
 oldincludedir = @oldincludedir@
 openac_plugins = @openac_plugins@
 p_plugins = @p_plugins@
@@ -243,7 +250,6 @@ pdfdir = @pdfdir@
 piddir = @piddir@
 pki_plugins = @pki_plugins@
 plugindir = @plugindir@
-pluto_plugins = @pluto_plugins@
 pool_plugins = @pool_plugins@
 prefix = @prefix@
 program_transform_name = @program_transform_name@
@@ -271,7 +277,9 @@ top_srcdir = @top_srcdir@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
-AM_CFLAGS = -rdynamic
+AM_CFLAGS = -rdynamic \
+	-DPLUGINS=\""${charon_plugins}\""
+
 conftest_SOURCES = conftest.c conftest.h config.c config.h actions.c actions.h \
 	hooks/hook.h hooks/ike_auth_fill.c hooks/unsort_message.c \
 	hooks/add_notify.c hooks/unencrypted_notify.c hooks/ignore_message.c \
diff --git a/src/conftest/config.c b/src/conftest/config.c
index 952141211..cbc6ac05f 100644
--- a/src/conftest/config.c
+++ b/src/conftest/config.c
@@ -103,9 +103,9 @@ static ike_cfg_t *load_ike_config(private_config_t *this,
 
 	ike_cfg = ike_cfg_create(TRUE,
 		settings->get_bool(settings, "configs.%s.fake_nat", FALSE, config),
-		settings->get_str(settings, "configs.%s.lhost", "%any", config),
+		settings->get_str(settings, "configs.%s.lhost", "%any", config), FALSE,
 		settings->get_int(settings, "configs.%s.lport", 500, config),
-		settings->get_str(settings, "configs.%s.rhost", "%any", config),
+		settings->get_str(settings, "configs.%s.rhost", "%any", config), FALSE,
 		settings->get_int(settings, "configs.%s.rport", 500, config));
 	token = settings->get_str(settings, "configs.%s.proposal", NULL, config);
 	if (token)
@@ -251,9 +251,9 @@ static peer_cfg_t *load_peer_config(private_config_t *this,
 	uintptr_t strength;
 
 	ike_cfg = load_ike_config(this, settings, config);
-	peer_cfg = peer_cfg_create(config, 2, ike_cfg, CERT_ALWAYS_SEND,
-							   UNIQUE_NO, 1, 0, 0, 0, 0, FALSE, 0,
-							   NULL, NULL, FALSE, NULL, NULL);
+	peer_cfg = peer_cfg_create(config, IKEV2, ike_cfg, CERT_ALWAYS_SEND,
+							   UNIQUE_NO, 1, 0, 0, 0, 0, FALSE, FALSE, 0, 0,
+							   FALSE, NULL, NULL);
 
 	auth = auth_cfg_create();
 	auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
diff --git a/src/conftest/conftest.c b/src/conftest/conftest.c
index 48bf9681f..6491fd294 100644
--- a/src/conftest/conftest.c
+++ b/src/conftest/conftest.c
@@ -289,7 +289,8 @@ static bool load_hooks()
 		pos = strchr(name, '-');
 		if (pos)
 		{
-			snprintf(buf, sizeof(buf), "%.*s_hook_create", pos - name, name);
+			snprintf(buf, sizeof(buf), "%.*s_hook_create", (int)(pos - name),
+					 name);
 		}
 		else
 		{
@@ -392,7 +393,7 @@ static void load_loggers(file_logger_t *logger)
 			}
 			logger = file_logger_create(file, NULL, FALSE);
 			load_log_levels(logger, section);
-			charon->bus->add_listener(charon->bus, &logger->listener);
+			charon->bus->add_logger(charon->bus, &logger->logger);
 			charon->file_loggers->insert_last(charon->file_loggers, logger);
 		}
 	}
@@ -422,7 +423,7 @@ int main(int argc, char *argv[])
 		library_deinit();
 		return SS_RC_INITIALIZATION_FAILED;
 	}
-	if (!libcharon_init())
+	if (!libcharon_init("conftest"))
 	{
 		libcharon_deinit();
 		libhydra_deinit();
@@ -436,7 +437,7 @@ int main(int argc, char *argv[])
 
 	logger = file_logger_create(stdout, NULL, FALSE);
 	logger->set_level(logger, DBG_ANY, LEVEL_CTRL);
-	charon->bus->add_listener(charon->bus, &logger->listener);
+	charon->bus->add_logger(charon->bus, &logger->logger);
 	charon->file_loggers->insert_last(charon->file_loggers, logger);
 
 	lib->credmgr->add_set(lib->credmgr, &conftest->creds->set);
@@ -488,7 +489,7 @@ int main(int argc, char *argv[])
 	{
 		return 1;
 	}
-	if (!charon->initialize(charon))
+	if (!charon->initialize(charon, PLUGINS))
 	{
 		return 1;
 	}
diff --git a/src/conftest/hooks/add_notify.c b/src/conftest/hooks/add_notify.c
index de46ca81f..9611cad6c 100644
--- a/src/conftest/hooks/add_notify.c
+++ b/src/conftest/hooks/add_notify.c
@@ -60,9 +60,9 @@ struct private_add_notify_t {
 
 METHOD(listener_t, message, bool,
 	private_add_notify_t *this, ike_sa_t *ike_sa, message_t *message,
-	bool incoming)
+	bool incoming, bool plain)
 {
-	if (!incoming &&
+	if (!incoming && plain &&
 		message->get_request(message) == this->req &&
 		message->get_message_id(message) == this->id)
 	{
@@ -85,11 +85,11 @@ METHOD(listener_t, message, bool,
 			data = chunk_skip(chunk_create(this->data, strlen(this->data)), 2);
 			data = chunk_from_hex(data, NULL);
 		}
-		else if (this->data && strlen(this->data))
+		else if (strlen(this->data))
 		{
 			data = chunk_clone(chunk_create(this->data, strlen(this->data)));
 		}
-		notify = notify_payload_create_from_protocol_and_type(
+		notify = notify_payload_create_from_protocol_and_type(NOTIFY,
 									this->esp ? PROTO_ESP : PROTO_IKE, type);
 		notify->set_spi(notify, this->spi);
 		if (data.len)
diff --git a/src/conftest/hooks/add_payload.c b/src/conftest/hooks/add_payload.c
index 03a47cc23..2903bb20f 100644
--- a/src/conftest/hooks/add_payload.c
+++ b/src/conftest/hooks/add_payload.c
@@ -62,9 +62,9 @@ struct private_add_payload_t {
 
 METHOD(listener_t, message, bool,
 	private_add_payload_t *this, ike_sa_t *ike_sa, message_t *message,
-	bool incoming)
+	bool incoming, bool plain)
 {
-	if (!incoming &&
+	if (!incoming && plain &&
 		message->get_request(message) == this->req &&
 		message->get_message_id(message) == this->id)
 	{
@@ -103,7 +103,7 @@ METHOD(listener_t, message, bool,
 			data = chunk_skip(chunk_create(this->data, strlen(this->data)), 2);
 			data = chunk_from_hex(data, NULL);
 		}
-		else if (this->data && strlen(this->data))
+		else if (strlen(this->data))
 		{
 			data = chunk_clone(chunk_create(this->data, strlen(this->data)));
 		}
diff --git a/src/conftest/hooks/custom_proposal.c b/src/conftest/hooks/custom_proposal.c
index e4acd841f..38d4286c4 100644
--- a/src/conftest/hooks/custom_proposal.c
+++ b/src/conftest/hooks/custom_proposal.c
@@ -19,7 +19,6 @@
 
 #include <encoding/payloads/sa_payload.h>
 #include <config/proposal.h>
-#include <crypto/proposal/proposal_keywords.h>
 
 typedef struct private_custom_proposal_t private_custom_proposal_t;
 
@@ -91,7 +90,7 @@ static linked_list_t* load_proposals(private_custom_proposal_t *this,
 			alg = strtoul(value, &end, 10);
 			if (end == value || errno)
 			{
-				token = proposal_get_token(value, strlen(value));
+				token = lib->proposal->get_token(lib->proposal, value);
 				if (!token)
 				{
 					DBG1(DBG_CFG, "unknown algorithm: '%s', skipped", value);
@@ -111,9 +110,9 @@ static linked_list_t* load_proposals(private_custom_proposal_t *this,
 
 METHOD(listener_t, message, bool,
 	private_custom_proposal_t *this, ike_sa_t *ike_sa, message_t *message,
-	bool incoming)
+	bool incoming, bool plain)
 {
-	if (!incoming &&
+	if (!incoming && plain &&
 		message->get_request(message) == this->req &&
 		message->get_message_id(message) == this->id)
 	{
@@ -145,7 +144,7 @@ METHOD(listener_t, message, bool,
 										   proposal->get_protocol(proposal),
 										   proposal->get_spi(proposal));
 				DBG1(DBG_CFG, "injecting custom proposal: %#P", new_props);
-				new = sa_payload_create_from_proposal_list(new_props);
+				new = sa_payload_create_from_proposals_v2(new_props);
 				message->add_payload(message, (payload_t*)new);
 				new_props->destroy_offset(new_props, offsetof(proposal_t, destroy));
 			}
diff --git a/src/conftest/hooks/force_cookie.c b/src/conftest/hooks/force_cookie.c
index e34f82851..1b044db14 100644
--- a/src/conftest/hooks/force_cookie.c
+++ b/src/conftest/hooks/force_cookie.c
@@ -32,9 +32,9 @@ struct private_force_cookie_t {
 
 METHOD(listener_t, message, bool,
 	private_force_cookie_t *this, ike_sa_t *ike_sa, message_t *message,
-	bool incoming)
+	bool incoming, bool plain)
 {
-	if (incoming && message->get_request(message) &&
+	if (incoming && plain && message->get_request(message) &&
 		message->get_exchange_type(message) == IKE_SA_INIT)
 	{
 		enumerator_t *enumerator;
@@ -68,7 +68,7 @@ METHOD(listener_t, message, bool,
 			chunk_t data = chunk_from_thing("COOKIE test data");
 
 			DBG1(DBG_CFG, "sending COOKIE: %#B", &data);
-			response = message_create();
+			response = message_create(IKEV2_MAJOR_VERSION, IKEV2_MINOR_VERSION);
 			dst = message->get_source(message);
 			src = message->get_destination(message);
 			response->set_source(response, src->clone(src));
diff --git a/src/conftest/hooks/ignore_message.c b/src/conftest/hooks/ignore_message.c
index 210f3ac50..3cb5f2059 100644
--- a/src/conftest/hooks/ignore_message.c
+++ b/src/conftest/hooks/ignore_message.c
@@ -45,9 +45,9 @@ struct private_ignore_message_t {
 
 METHOD(listener_t, message, bool,
 	private_ignore_message_t *this, ike_sa_t *ike_sa, message_t *message,
-	bool incoming)
+	bool incoming, bool plain)
 {
-	if (incoming == this->in &&
+	if (incoming == this->in && plain &&
 		message->get_request(message) == this->req &&
 		message->get_message_id(message) == this->id)
 	{
diff --git a/src/conftest/hooks/ike_auth_fill.c b/src/conftest/hooks/ike_auth_fill.c
index 2843d60c1..09590d4f3 100644
--- a/src/conftest/hooks/ike_auth_fill.c
+++ b/src/conftest/hooks/ike_auth_fill.c
@@ -51,7 +51,10 @@ struct private_ike_auth_fill_t {
 
 /** size of non ESP-Marker */
 #define NON_ESP_MARKER_LEN 4
-
+/** length of fixed encryption payload header */
+#define ENCRYPTION_PAYLOAD_HEADER_LENGTH 4
+/** length of fixed cert payload header */
+#define CERT_PAYLOAD_HEADER_LENGTH 5
 /**
  * Calculate packet size on wire (without ethernet/IP header)
  */
@@ -89,9 +92,9 @@ static size_t calculate_wire_size(message_t *message, ike_sa_t *ike_sa)
 
 METHOD(listener_t, message, bool,
 	private_ike_auth_fill_t *this, ike_sa_t *ike_sa, message_t *message,
-	bool incoming)
+	bool incoming, bool plain)
 {
-	if (!incoming &&
+	if (!incoming && plain &&
 		message->get_request(message) == this->req &&
 		message->get_message_id(message) == this->id)
 	{
@@ -105,7 +108,7 @@ METHOD(listener_t, message, bool,
 			diff = this->bytes - size - CERT_PAYLOAD_HEADER_LENGTH;
 			data = chunk_alloc(diff);
 			memset(data.ptr, 0x12, data.len);
-			pld = cert_payload_create_custom(201, data);
+			pld = cert_payload_create_custom(CERTIFICATE, 201, data);
 			message->add_payload(message, &pld->payload_interface);
 			DBG1(DBG_CFG, "inserting %d dummy bytes certificate payload", diff);
 		}
diff --git a/src/conftest/hooks/log_id.c b/src/conftest/hooks/log_id.c
index ad14cea10..07dd6a44e 100644
--- a/src/conftest/hooks/log_id.c
+++ b/src/conftest/hooks/log_id.c
@@ -32,9 +32,9 @@ struct private_log_id_t {
 
 METHOD(listener_t, message, bool,
 	private_log_id_t *this, ike_sa_t *ike_sa, message_t *message,
-	bool incoming)
+	bool incoming, bool plain)
 {
-	if (incoming)
+	if (incoming && plain)
 	{
 		enumerator_t *enumerator;
 		payload_t *payload;
diff --git a/src/conftest/hooks/log_ke.c b/src/conftest/hooks/log_ke.c
index 231c0a8d8..710482326 100644
--- a/src/conftest/hooks/log_ke.c
+++ b/src/conftest/hooks/log_ke.c
@@ -32,9 +32,9 @@ struct private_log_ke_t {
 
 METHOD(listener_t, message, bool,
 	private_log_ke_t *this, ike_sa_t *ike_sa, message_t *message,
-	bool incoming)
+	bool incoming, bool plain)
 {
-	if (incoming)
+	if (incoming && plain)
 	{
 		enumerator_t *enumerator;
 		payload_t *payload;
diff --git a/src/conftest/hooks/log_proposals.c b/src/conftest/hooks/log_proposals.c
index 8c330ab3d..347b83209 100644
--- a/src/conftest/hooks/log_proposals.c
+++ b/src/conftest/hooks/log_proposals.c
@@ -32,9 +32,9 @@ struct private_log_proposals_t {
 
 METHOD(listener_t, message, bool,
 	private_log_proposals_t *this, ike_sa_t *ike_sa, message_t *message,
-	bool incoming)
+	bool incoming, bool plain)
 {
-	if (incoming)
+	if (incoming && plain)
 	{
 		enumerator_t *enumerator, *proposals;
 		payload_t *payload;
diff --git a/src/conftest/hooks/log_ts.c b/src/conftest/hooks/log_ts.c
index fb7c89a0a..f212efa12 100644
--- a/src/conftest/hooks/log_ts.c
+++ b/src/conftest/hooks/log_ts.c
@@ -32,9 +32,9 @@ struct private_log_ts_t {
 
 METHOD(listener_t, message, bool,
 	private_log_ts_t *this, ike_sa_t *ike_sa, message_t *message,
-	bool incoming)
+	bool incoming, bool plain)
 {
-	if (incoming)
+	if (incoming && plain)
 	{
 		enumerator_t *enumerator;
 		payload_t *payload;
diff --git a/src/conftest/hooks/pretend_auth.c b/src/conftest/hooks/pretend_auth.c
index 4b7168cac..4166afc79 100644
--- a/src/conftest/hooks/pretend_auth.c
+++ b/src/conftest/hooks/pretend_auth.c
@@ -15,6 +15,7 @@
 
 #include "hook.h"
 
+#include <sa/ikev2/keymat_v2.h>
 #include <encoding/payloads/nonce_payload.h>
 #include <encoding/payloads/cert_payload.h>
 #include <encoding/payloads/auth_payload.h>
@@ -135,7 +136,7 @@ static void process_auth_request(private_pretend_auth_t *this,
 static void process_init_response(private_pretend_auth_t *this,
 								  ike_sa_t *ike_sa, message_t *message)
 {
-	this->ike_init = message->get_packet_data(message);
+	this->ike_init = chunk_clone(message->get_packet_data(message));
 }
 
 /**
@@ -153,7 +154,7 @@ static void build_certs(private_pretend_auth_t *this,
 	cert = auth->get(auth, AUTH_RULE_SUBJECT_CERT);
 	if (cert)
 	{
-		payload = cert_payload_create_from_cert(cert);
+		payload = cert_payload_create_from_cert(CERTIFICATE, cert);
 		if (payload)
 		{
 			DBG1(DBG_IKE, "pretending end entity cert \"%Y\"",
@@ -166,7 +167,7 @@ static void build_certs(private_pretend_auth_t *this,
 	{
 		if (type == AUTH_RULE_IM_CERT)
 		{
-			payload = cert_payload_create_from_cert(cert);
+			payload = cert_payload_create_from_cert(CERTIFICATE, cert);
 			if (payload)
 			{
 				DBG1(DBG_IKE, "pretending issuer cert \"%Y\"",
@@ -190,7 +191,7 @@ static bool build_auth(private_pretend_auth_t *this,
 	auth_payload_t *auth_payload;
 	auth_method_t auth_method;
 	signature_scheme_t scheme;
-	keymat_t *keymat;
+	keymat_v2_t *keymat;
 
 	auth = auth_cfg_create();
 	private = lib->credmgr->get_private(lib->credmgr, KEY_ANY, this->id, auth);
@@ -235,9 +236,13 @@ static bool build_auth(private_pretend_auth_t *this,
 					key_type_names, private->get_type(private));
 			return FALSE;
 	}
-	keymat = ike_sa->get_keymat(ike_sa);
-	octets = keymat->get_auth_octets(keymat, TRUE, this->ike_init,
-									 this->nonce, this->id, this->reserved);
+	keymat = (keymat_v2_t*)ike_sa->get_keymat(ike_sa);
+	if (!keymat->get_auth_octets(keymat, TRUE, this->ike_init,
+								 this->nonce, this->id, this->reserved, &octets))
+	{
+		private->destroy(private);
+		return FALSE;
+	}
 	if (!private->sign(private, scheme, octets, &auth_data))
 	{
 		chunk_free(&octets);
@@ -294,7 +299,7 @@ static void process_auth_response(private_pretend_auth_t *this,
 	if (this->proposal)
 	{
 		message->add_payload(message, (payload_t*)
-					sa_payload_create_from_proposal(this->proposal));
+					sa_payload_create_from_proposal_v2(this->proposal));
 	}
 	if (this->tsi)
 	{
@@ -310,35 +315,38 @@ static void process_auth_response(private_pretend_auth_t *this,
 
 METHOD(listener_t, message, bool,
 	private_pretend_auth_t *this, ike_sa_t *ike_sa, message_t *message,
-	bool incoming)
+	bool incoming, bool plain)
 {
-	if (incoming)
+	if (plain)
 	{
-		if (!message->get_request(message))
+		if (incoming)
 		{
-			if (message->get_exchange_type(message) == IKE_SA_INIT)
-			{
-				process_init_response(this, ike_sa, message);
-			}
-			if (message->get_exchange_type(message) == IKE_AUTH &&
-				message->get_message_id(message) == 1)
+			if (!message->get_request(message))
 			{
-				process_auth_response(this, ike_sa, message);
+				if (message->get_exchange_type(message) == IKE_SA_INIT)
+				{
+					process_init_response(this, ike_sa, message);
+				}
+				if (message->get_exchange_type(message) == IKE_AUTH &&
+					message->get_message_id(message) == 1)
+				{
+					process_auth_response(this, ike_sa, message);
+				}
 			}
 		}
-	}
-	else
-	{
-		if (message->get_request(message))
+		else
 		{
-			if (message->get_exchange_type(message) == IKE_SA_INIT)
-			{
-				process_init_request(this, ike_sa, message);
-			}
-			if (message->get_exchange_type(message) == IKE_AUTH &&
-				message->get_message_id(message) == 1)
+			if (message->get_request(message))
 			{
-				process_auth_request(this, ike_sa, message);
+				if (message->get_exchange_type(message) == IKE_SA_INIT)
+				{
+					process_init_request(this, ike_sa, message);
+				}
+				if (message->get_exchange_type(message) == IKE_AUTH &&
+					message->get_message_id(message) == 1)
+				{
+					process_auth_request(this, ike_sa, message);
+				}
 			}
 		}
 	}
diff --git a/src/conftest/hooks/rebuild_auth.c b/src/conftest/hooks/rebuild_auth.c
index 993c952e0..b7e6f22e7 100644
--- a/src/conftest/hooks/rebuild_auth.c
+++ b/src/conftest/hooks/rebuild_auth.c
@@ -15,6 +15,7 @@
 
 #include "hook.h"
 
+#include <sa/ikev2/keymat_v2.h>
 #include <encoding/generator.h>
 #include <encoding/payloads/nonce_payload.h>
 #include <encoding/payloads/auth_payload.h>
@@ -57,12 +58,11 @@ static bool rebuild_auth(private_rebuild_auth_t *this, ike_sa_t *ike_sa,
 	enumerator_t *enumerator;
 	chunk_t octets, auth_data;
 	private_key_t *private;
-	auth_cfg_t *auth;
 	payload_t *payload;
 	auth_payload_t *auth_payload;
 	auth_method_t auth_method;
 	signature_scheme_t scheme;
-	keymat_t *keymat;
+	keymat_v2_t *keymat;
 	identification_t *id;
 	char reserved[3];
 	generator_t *generator;
@@ -90,10 +90,8 @@ static bool rebuild_auth(private_rebuild_auth_t *this, ike_sa_t *ike_sa,
 	id = identification_create_from_encoding(data.ptr[4], chunk_skip(data, 8));
 	generator->destroy(generator);
 
-	auth = auth_cfg_create();
 	private = lib->credmgr->get_private(lib->credmgr, KEY_ANY,
-										this->id ?: id, auth);
-	auth->destroy(auth);
+										this->id ?: id, NULL);
 	if (private == NULL)
 	{
 		DBG1(DBG_CFG, "no private key found for '%Y' to rebuild AUTH",
@@ -137,9 +135,14 @@ static bool rebuild_auth(private_rebuild_auth_t *this, ike_sa_t *ike_sa,
 			id->destroy(id);
 			return FALSE;
 	}
-	keymat = ike_sa->get_keymat(ike_sa);
-	octets = keymat->get_auth_octets(keymat, FALSE, this->ike_init,
-									 this->nonce, id, reserved);
+	keymat = (keymat_v2_t*)ike_sa->get_keymat(ike_sa);
+	if (!keymat->get_auth_octets(keymat, FALSE, this->ike_init,
+								 this->nonce, id, reserved, &octets))
+	{
+		private->destroy(private);
+		id->destroy(id);
+		return FALSE;
+	}
 	if (!private->sign(private, scheme, octets, &auth_data))
 	{
 		chunk_free(&octets);
@@ -174,34 +177,37 @@ static bool rebuild_auth(private_rebuild_auth_t *this, ike_sa_t *ike_sa,
 
 METHOD(listener_t, message, bool,
 	private_rebuild_auth_t *this, ike_sa_t *ike_sa, message_t *message,
-	bool incoming)
+	bool incoming, bool plain)
 {
-	if (!incoming && message->get_message_id(message) == 1)
-	{
-		rebuild_auth(this, ike_sa, message);
-	}
-	if (message->get_exchange_type(message) == IKE_SA_INIT)
+	if (plain)
 	{
-		if (incoming)
+		if (!incoming && message->get_message_id(message) == 1)
 		{
-			nonce_payload_t *nonce;
-
-			nonce = (nonce_payload_t*)message->get_payload(message, NONCE);
-			if (nonce)
-			{
-				free(this->nonce.ptr);
-				this->nonce = nonce->get_nonce(nonce);
-			}
+			rebuild_auth(this, ike_sa, message);
 		}
-		else
+		if (message->get_exchange_type(message) == IKE_SA_INIT)
 		{
-			packet_t *packet;
-
-			if (message->generate(message, NULL, &packet) == SUCCESS)
+			if (incoming)
+			{
+				nonce_payload_t *nonce;
+
+				nonce = (nonce_payload_t*)message->get_payload(message, NONCE);
+				if (nonce)
+				{
+					free(this->nonce.ptr);
+					this->nonce = nonce->get_nonce(nonce);
+				}
+			}
+			else
 			{
-				free(this->ike_init.ptr);
-				this->ike_init = chunk_clone(packet->get_data(packet));
-				packet->destroy(packet);
+				packet_t *packet;
+
+				if (message->generate(message, NULL, &packet) == SUCCESS)
+				{
+					free(this->ike_init.ptr);
+					this->ike_init = chunk_clone(packet->get_data(packet));
+					packet->destroy(packet);
+				}
 			}
 		}
 	}
diff --git a/src/conftest/hooks/reset_seq.c b/src/conftest/hooks/reset_seq.c
index ccf8e997d..6fb7a2e4b 100644
--- a/src/conftest/hooks/reset_seq.c
+++ b/src/conftest/hooks/reset_seq.c
@@ -51,7 +51,6 @@ static job_requeue_t reset_cb(struct xfrm_usersa_id *data)
 	struct nlmsghdr *hdr;
 	struct xfrm_aevent_id *id;
 	struct rtattr *rthdr;
-	struct xfrm_replay_state *replay;
 	struct sockaddr_nl addr;
 	int s, len;
 
@@ -74,8 +73,6 @@ static job_requeue_t reset_cb(struct xfrm_usersa_id *data)
 	rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_replay_state));
 	hdr->nlmsg_len += rthdr->rta_len;
 
-	replay = (struct xfrm_replay_state*)RTA_DATA(rthdr);
-
 	s = socket(AF_NETLINK, SOCK_RAW, NETLINK_XFRM);
 	if (s == -1)
 	{
diff --git a/src/conftest/hooks/set_critical.c b/src/conftest/hooks/set_critical.c
index caf2215c3..8ec84e13d 100644
--- a/src/conftest/hooks/set_critical.c
+++ b/src/conftest/hooks/set_critical.c
@@ -47,9 +47,9 @@ struct private_set_critical_t {
 
 METHOD(listener_t, message, bool,
 	private_set_critical_t *this, ike_sa_t *ike_sa, message_t *message,
-	bool incoming)
+	bool incoming, bool plain)
 {
-	if (!incoming &&
+	if (!incoming && plain &&
 		message->get_request(message) == this->req &&
 		message->get_message_id(message) == this->id)
 	{
diff --git a/src/conftest/hooks/set_ike_initiator.c b/src/conftest/hooks/set_ike_initiator.c
index 6ba43eaca..1674f0a2d 100644
--- a/src/conftest/hooks/set_ike_initiator.c
+++ b/src/conftest/hooks/set_ike_initiator.c
@@ -42,9 +42,9 @@ struct private_set_ike_initiator_t {
 
 METHOD(listener_t, message, bool,
 	private_set_ike_initiator_t *this, ike_sa_t *ike_sa, message_t *message,
-	bool incoming)
+	bool incoming, bool plain)
 {
-	if (!incoming &&
+	if (!incoming && plain &&
 		message->get_request(message) == this->req &&
 		message->get_message_id(message) == this->id)
 	{
diff --git a/src/conftest/hooks/set_ike_request.c b/src/conftest/hooks/set_ike_request.c
index baabea66a..fd5b6de61 100644
--- a/src/conftest/hooks/set_ike_request.c
+++ b/src/conftest/hooks/set_ike_request.c
@@ -42,9 +42,9 @@ struct private_set_ike_request_t {
 
 METHOD(listener_t, message, bool,
 	private_set_ike_request_t *this, ike_sa_t *ike_sa, message_t *message,
-	bool incoming)
+	bool incoming, bool plain)
 {
-	if (!incoming &&
+	if (!incoming && plain &&
 		message->get_request(message) == this->req &&
 		message->get_message_id(message) == this->id)
 	{
diff --git a/src/conftest/hooks/set_ike_spi.c b/src/conftest/hooks/set_ike_spi.c
index 14a0da9cd..bda02580d 100644
--- a/src/conftest/hooks/set_ike_spi.c
+++ b/src/conftest/hooks/set_ike_spi.c
@@ -52,9 +52,9 @@ struct private_set_ike_spi_t {
 
 METHOD(listener_t, message, bool,
 	private_set_ike_spi_t *this, ike_sa_t *ike_sa, message_t *message,
-	bool incoming)
+	bool incoming, bool plain)
 {
-	if (!incoming &&
+	if (!incoming && plain &&
 		message->get_request(message) == this->req &&
 		message->get_message_id(message) == this->id)
 	{
diff --git a/src/conftest/hooks/set_ike_version.c b/src/conftest/hooks/set_ike_version.c
index d2de9dc81..ca52879d1 100644
--- a/src/conftest/hooks/set_ike_version.c
+++ b/src/conftest/hooks/set_ike_version.c
@@ -57,9 +57,9 @@ struct private_set_ike_version_t {
 
 METHOD(listener_t, message, bool,
 	private_set_ike_version_t *this, ike_sa_t *ike_sa, message_t *message,
-	bool incoming)
+	bool incoming, bool plain)
 {
-	if (!incoming &&
+	if (!incoming && plain &&
 		message->get_request(message) == this->req &&
 		message->get_message_id(message) == this->id)
 	{
diff --git a/src/conftest/hooks/set_length.c b/src/conftest/hooks/set_length.c
index 0379dcb7c..c1a867a99 100644
--- a/src/conftest/hooks/set_length.c
+++ b/src/conftest/hooks/set_length.c
@@ -50,9 +50,9 @@ struct private_set_length_t {
 
 METHOD(listener_t, message, bool,
 	private_set_length_t *this, ike_sa_t *ike_sa, message_t *message,
-	bool incoming)
+	bool incoming, bool plain)
 {
-	if (!incoming &&
+	if (!incoming && plain &&
 		message->get_request(message) == this->req &&
 		message->get_message_id(message) == this->id)
 	{
@@ -76,11 +76,10 @@ METHOD(listener_t, message, bool,
 			if (type == payload->get_type(payload))
 			{
 				encoding_rule_t *rules;
-				size_t count;
 				u_int16_t *len;
-				int i;
+				int i, count;
 
-				payload->get_encoding_rules(payload, &rules, &count);
+				count = payload->get_encoding_rules(payload, &rules);
 				for (i = 0; i < count; i++)
 				{
 					if (rules[i].type == PAYLOAD_LENGTH)
diff --git a/src/conftest/hooks/set_proposal_number.c b/src/conftest/hooks/set_proposal_number.c
index a59d96b6d..0cc3cfc63 100644
--- a/src/conftest/hooks/set_proposal_number.c
+++ b/src/conftest/hooks/set_proposal_number.c
@@ -69,9 +69,9 @@ static void copy_proposal_algs(proposal_t *from, proposal_t *to,
 
 METHOD(listener_t, message, bool,
 	private_set_proposal_number_t *this, ike_sa_t *ike_sa, message_t *message,
-	bool incoming)
+	bool incoming, bool plain)
 {
-	if (!incoming &&
+	if (!incoming && plain &&
 		message->get_request(message) == this->req &&
 		message->get_message_id(message) == this->id)
 	{
@@ -121,7 +121,7 @@ METHOD(listener_t, message, bool,
 			}
 			enumerator->destroy(enumerator);
 		}
-		sa = sa_payload_create_from_proposal_list(updated);
+		sa = sa_payload_create_from_proposals_v2(updated);
 		list->destroy_offset(list, offsetof(proposal_t, destroy));
 		updated->destroy_offset(updated, offsetof(proposal_t, destroy));
 		message->add_payload(message, (payload_t*)sa);
diff --git a/src/conftest/hooks/set_reserved.c b/src/conftest/hooks/set_reserved.c
index 77a605d2a..d1a4a977b 100644
--- a/src/conftest/hooks/set_reserved.c
+++ b/src/conftest/hooks/set_reserved.c
@@ -163,9 +163,9 @@ static void set_byte(private_set_reserved_t *this, message_t *message,
 
 METHOD(listener_t, message, bool,
 	private_set_reserved_t *this, ike_sa_t *ike_sa, message_t *message,
-	bool incoming)
+	bool incoming, bool plain)
 {
-	if (!incoming &&
+	if (!incoming && plain &&
 		message->get_request(message) == this->req &&
 		message->get_message_id(message) == this->id)
 	{
diff --git a/src/conftest/hooks/unencrypted_notify.c b/src/conftest/hooks/unencrypted_notify.c
index 80bdc64b7..f4c35725c 100644
--- a/src/conftest/hooks/unencrypted_notify.c
+++ b/src/conftest/hooks/unencrypted_notify.c
@@ -80,11 +80,11 @@ METHOD(listener_t, ike_updown, bool,
 			data = chunk_skip(chunk_create(this->data, strlen(this->data)), 2);
 			data = chunk_from_hex(data, NULL);
 		}
-		else if (this->data && strlen(this->data))
+		else if (strlen(this->data))
 		{
 			data = chunk_clone(chunk_create(this->data, strlen(this->data)));
 		}
-		notify = notify_payload_create_from_protocol_and_type(
+		notify = notify_payload_create_from_protocol_and_type(NOTIFY,
 									this->esp ? PROTO_ESP : PROTO_IKE, type);
 		notify->set_spi(notify, this->spi);
 		if (data.len)
@@ -95,7 +95,7 @@ METHOD(listener_t, ike_updown, bool,
 
 		DBG1(DBG_CFG, "injecting unencrypted INFORMATIONAL message");
 
-		message = message_create();
+		message = message_create(IKEV2_MAJOR_VERSION, IKEV2_MINOR_VERSION);
 		message->set_message_id(message, this->id);
 		message->set_ike_sa_id(message, ike_sa->get_id(ike_sa));
 		message->set_exchange_type(message, INFORMATIONAL);
diff --git a/src/conftest/hooks/unsort_message.c b/src/conftest/hooks/unsort_message.c
index b37b261a4..1b2b302af 100644
--- a/src/conftest/hooks/unsort_message.c
+++ b/src/conftest/hooks/unsort_message.c
@@ -45,9 +45,9 @@ struct private_unsort_message_t {
 
 METHOD(listener_t, message, bool,
 	private_unsort_message_t *this, ike_sa_t *ike_sa, message_t *message,
-	bool incoming)
+	bool incoming, bool plain)
 {
-	if (!incoming &&
+	if (!incoming && plain &&
 		message->get_request(message) == this->req &&
 		message->get_message_id(message) == this->id)
 	{
author	Yves-Alexis Perez <corsac@debian.org>	2013-01-02 14:18:20 +0100
committer	Yves-Alexis Perez <corsac@debian.org>	2013-01-02 14:18:20 +0100
commit	c1343b3278cdf99533b7902744d15969f9d6fdc1 (patch)
tree	d5ed3dc5677a59260ec41cd39bb284d3e94c91b3 /src/conftest
parent	b34738ed08c2227300d554b139e2495ca5da97d6 (diff)
download	vyos-strongswan-c1343b3278cdf99533b7902744d15969f9d6fdc1.tar.gz vyos-strongswan-c1343b3278cdf99533b7902744d15969f9d6fdc1.zip