New upstream version 5.7.0

author: Yves-Alexis Perez <corsac@debian.org> 2018-09-24 15:11:14 +0200
committer: Yves-Alexis Perez <corsac@debian.org> 2018-09-24 15:11:14 +0200
commit: e0e280b7669435b991b7e457abd8aa450930b3e8 (patch)
tree: 3e6084f13b14ad2df104e2ce6e589eb96c5f7ac9 /src/libcharon/encoding/payloads
parent: 51a71ee15c1bcf0e82f363a16898f571e211f9c3 (diff)
download: vyos-strongswan-e0e280b7669435b991b7e457abd8aa450930b3e8.tar.gz
vyos-strongswan-e0e280b7669435b991b7e457abd8aa450930b3e8.zip
4 files changed, 60 insertions, 9 deletions
diff --git a/src/libcharon/encoding/payloads/encrypted_payload.c b/src/libcharon/encoding/payloads/encrypted_payload.c
index 4f4b1d1d6..ba56ace55 100644
--- a/src/libcharon/encoding/payloads/encrypted_payload.c
+++ b/src/libcharon/encoding/payloads/encrypted_payload.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2014 Tobias Brunner
+ * Copyright (C) 2011-2018 Tobias Brunner
  * Copyright (C) 2005-2010 Martin Willi
  * Copyright (C) 2010 revosec AG
  * Copyright (C) 2005 Jan Hutter
@@ -326,6 +326,21 @@ METHOD2(payload_t, encrypted_payload_t, get_length, size_t,
 	return this->payload_length;
 }
 
+METHOD2(payload_t, encrypted_payload_t, get_length_plain, size_t,
+	private_encrypted_payload_t *this)
+{
+	/* contains only the decrypted payload data, no IV, padding or ICV */
+	this->payload_length = this->encrypted.len;
+
+	if (this->aead)
+	{
+		this->payload_length += compute_overhead(this->aead,
+												 this->payload_length);
+	}
+	this->payload_length += get_header_length(this);
+	return this->payload_length;
+}
+
 METHOD(encrypted_payload_t, add_payload, void,
 	private_encrypted_payload_t *this, payload_t *payload)
 {
@@ -727,6 +742,12 @@ METHOD(encrypted_payload_t, set_transform, void,
 	this->aead = aead;
 }
 
+METHOD(encrypted_payload_t, get_transform, aead_t*,
+	private_encrypted_payload_t *this)
+{
+	return this->aead;
+}
+
 METHOD2(payload_t, encrypted_payload_t, destroy, void,
 	private_encrypted_payload_t *this)
 {
@@ -759,6 +780,7 @@ encrypted_payload_t *encrypted_payload_create(payload_type_t type)
 			.remove_payload = _remove_payload,
 			.generate_payloads = _generate_payloads,
 			.set_transform = _set_transform,
+			.get_transform = _get_transform,
 			.encrypt = _encrypt,
 			.decrypt = _decrypt,
 			.destroy = _destroy,
@@ -787,10 +809,11 @@ encrypted_payload_t *encrypted_payload_create_from_plain(payload_type_t next,
 	private_encrypted_payload_t *this;
 
 	this = (private_encrypted_payload_t*)encrypted_payload_create(PLV2_ENCRYPTED);
+	this->public.payload_interface.get_length = _get_length_plain;
+	this->public.get_length = _get_length_plain;
 	this->public.decrypt = _decrypt_plain;
 	this->next_payload = next;
 	this->encrypted = plain;
-	compute_length(this);
 
 	return &this->public;
 }
@@ -899,6 +922,12 @@ METHOD(encrypted_payload_t, frag_set_transform, void,
 	this->aead = aead;
 }
 
+METHOD(encrypted_payload_t, frag_get_transform, aead_t*,
+	private_encrypted_fragment_payload_t *this)
+{
+	return this->aead;
+}
+
 /**
  * Append the encrypted fragment payload header to the associated data
  */
@@ -996,6 +1025,7 @@ encrypted_fragment_payload_t *encrypted_fragment_payload_create()
 				.remove_payload = (void*)return_null,
 				.generate_payloads = nop,
 				.set_transform = _frag_set_transform,
+				.get_transform = _frag_get_transform,
 				.encrypt = _frag_encrypt,
 				.decrypt = _frag_decrypt,
 				.destroy = _frag_destroy,
diff --git a/src/libcharon/encoding/payloads/encrypted_payload.h b/src/libcharon/encoding/payloads/encrypted_payload.h
index 72a256553..be7a24f43 100644
--- a/src/libcharon/encoding/payloads/encrypted_payload.h
+++ b/src/libcharon/encoding/payloads/encrypted_payload.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014 Tobias Brunner
+ * Copyright (C) 2014-2018 Tobias Brunner
  * Copyright (C) 2005-2010 Martin Willi
  * Copyright (C) 2010 revosec AG
  * Copyright (C) 2005 Jan Hutter
@@ -74,9 +74,16 @@ struct encrypted_payload_t {
 	/**
 	 * Set the AEAD transform to use.
 	 *
-	 * @param aead		aead transform to use
+	 * @param aead			aead transform to use
 	 */
-	void (*set_transform) (encrypted_payload_t *this, aead_t *aead);
+	void (*set_transform)(encrypted_payload_t *this, aead_t *aead);
+
+	/**
+	 * Get the AEAD transform that to use (or was used).
+	 *
+	 * @param aead			aead transform to use (or was used)
+	 */
+	aead_t *(*get_transform)(encrypted_payload_t *this);
 
 	/**
 	 * Generate, encrypt and sign contained payloads.
diff --git a/src/libcharon/encoding/payloads/notify_payload.c b/src/libcharon/encoding/payloads/notify_payload.c
index 0c6f010b5..a69db9357 100644
--- a/src/libcharon/encoding/payloads/notify_payload.c
+++ b/src/libcharon/encoding/payloads/notify_payload.c
@@ -1,7 +1,7 @@
 /*
+ * Copyright (C) 2006-2018 Tobias Brunner
  * Copyright (C) 2005-2010 Martin Willi
  * Copyright (C) 2010 revosec AG
- * Copyright (C) 2006-2008 Tobias Brunner
  * Copyright (C) 2006 Daniel Roethlisberger
  * Copyright (C) 2005 Jan Hutter
  * HSR Hochschule fuer Technik Rapperswil
@@ -114,7 +114,11 @@ ENUM_NEXT(notify_type_names, INITIAL_CONTACT, SIGNATURE_HASH_ALGORITHMS, MS_NOTI
 	"SENDER_REQUEST_ID",
 	"FRAGMENTATION_SUPPORTED",
 	"SIGNATURE_HASH_ALGORITHMS");
-ENUM_NEXT(notify_type_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, SIGNATURE_HASH_ALGORITHMS,
+ENUM_NEXT(notify_type_names, USE_PPK, NO_PPK_AUTH, SIGNATURE_HASH_ALGORITHMS,
+	"USE_PPK",
+	"PPK_IDENTITY",
+	"NO_PPK_AUTH");
+ENUM_NEXT(notify_type_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, NO_PPK_AUTH,
 	"INITIAL_CONTACT");
 ENUM_NEXT(notify_type_names, DPD_R_U_THERE, DPD_R_U_THERE_ACK, INITIAL_CONTACT_IKEV1,
 	"DPD_R_U_THERE",
@@ -224,7 +228,11 @@ ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT, SIGNATURE_HASH_ALGORITHMS, M
 	"SENDER_REQ_ID",
 	"FRAG_SUP",
 	"HASH_ALG");
-ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, SIGNATURE_HASH_ALGORITHMS,
+ENUM_NEXT(notify_type_short_names, USE_PPK, NO_PPK_AUTH, SIGNATURE_HASH_ALGORITHMS,
+	"USE_PPK",
+	"PPK_ID",
+	"NO_PPK");
+ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, NO_PPK_AUTH,
 	"INITIAL_CONTACT");
 ENUM_NEXT(notify_type_short_names, DPD_R_U_THERE, DPD_R_U_THERE_ACK, INITIAL_CONTACT_IKEV1,
 	"DPD",
diff --git a/src/libcharon/encoding/payloads/notify_payload.h b/src/libcharon/encoding/payloads/notify_payload.h
index 39e4c915b..b0cf69d02 100644
--- a/src/libcharon/encoding/payloads/notify_payload.h
+++ b/src/libcharon/encoding/payloads/notify_payload.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2006-2008 Tobias Brunner
+ * Copyright (C) 2006-2018 Tobias Brunner
  * Copyright (C) 2006 Daniel Roethlisberger
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
@@ -153,6 +153,12 @@ enum notify_type_t {
 	FRAGMENTATION_SUPPORTED = 16430,
 	/* Signature Hash Algorithms, RFC 7427 */
 	SIGNATURE_HASH_ALGORITHMS = 16431,
+	/* Use Postquantum Preshared Key (draft-ietf-ipsecme-qr-ikev2) */
+	USE_PPK = 16435,
+	/* Postquantum Preshared Key Identity (draft-ietf-ipsecme-qr-ikev2) */
+	PPK_IDENTITY = 16436,
+	/* No Postquantum Preshared Key Auth (draft-ietf-ipsecme-qr-ikev2) */
+	NO_PPK_AUTH = 16437,
 	/* IKEv1 initial contact */
 	INITIAL_CONTACT_IKEV1 = 24578,
 	/* IKEv1 DPD */
author	Yves-Alexis Perez <corsac@debian.org>	2018-09-24 15:11:14 +0200
committer	Yves-Alexis Perez <corsac@debian.org>	2018-09-24 15:11:14 +0200
commit	e0e280b7669435b991b7e457abd8aa450930b3e8 (patch)
tree	3e6084f13b14ad2df104e2ce6e589eb96c5f7ac9 /src/libcharon/encoding/payloads
parent	51a71ee15c1bcf0e82f363a16898f571e211f9c3 (diff)
download	vyos-strongswan-e0e280b7669435b991b7e457abd8aa450930b3e8.tar.gz vyos-strongswan-e0e280b7669435b991b7e457abd8aa450930b3e8.zip