diff options
Diffstat (limited to 'src/charon/encoding')
54 files changed, 1617 insertions, 1980 deletions
diff --git a/src/charon/encoding/generator.c b/src/charon/encoding/generator.c index efa845bb3..3b68af84e 100644 --- a/src/charon/encoding/generator.c +++ b/src/charon/encoding/generator.c @@ -1,10 +1,3 @@ -/** - * @file generator.c - * - * @brief Implementation of generator_t. - * - */ - /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -19,6 +12,8 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * $Id: generator.c 3589 2008-03-13 14:14:44Z martin $ */ #include <stdlib.h> diff --git a/src/charon/encoding/generator.h b/src/charon/encoding/generator.h index 8eff957cc..b6f2af2cb 100644 --- a/src/charon/encoding/generator.h +++ b/src/charon/encoding/generator.h @@ -1,10 +1,3 @@ -/** - * @file generator.h - * - * @brief Interface of generator_t. - * - */ - /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -19,6 +12,13 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * $Id: generator.h 3589 2008-03-13 14:14:44Z martin $ + */ + +/** + * @defgroup generator generator + * @{ @ingroup encoding */ #ifndef GENERATOR_H_ @@ -33,21 +33,17 @@ typedef struct generator_t generator_t; /** * Generating is done in a data buffer. * This is thehe start size of this buffer in bytes. - * - * @ingroup enconding */ #define GENERATOR_DATA_BUFFER_SIZE 500 /** * Number of bytes to increase the buffer, if it is to small. - * - * @ingroup enconding */ #define GENERATOR_DATA_BUFFER_INCREASE_VALUE 500 /** - * @brief A generator_t class used to generate IKEv2 payloads. + * A generator_t class used to generate IKEv2 payloads. * * After creation, multiple payloads can be generated with the generate_payload * method. The generated bytes are appended. After all payloads are added, @@ -56,47 +52,36 @@ typedef struct generator_t generator_t; * The generater uses a set of encoding rules, which it can get from * the supplied payload. With this rules, the generater can generate * the payload and all substructures automatically. - * - * @b Constructor: - * - generator_create() - * - * @ingroup encoding */ struct generator_t { /** - * @brief Generates a specific payload from given payload object. + * Generates a specific payload from given payload object. * * Remember: Header and substructures are also handled as payloads. * - * @param this generator_t object - * @param[in] payload interface payload_t implementing object + * @param payload interface payload_t implementing object */ void (*generate_payload) (generator_t *this,payload_t *payload); /** - * @brief Writes all generated data of the generator to a chunk. + * Writes all generated data of the generator to a chunk. * - * @param this generator_t object - * @param[out] data chunk to write the data to + * @param data chunk to write the data to */ void (*write_to_chunk) (generator_t *this,chunk_t *data); /** - * @brief Destroys a generator_t object. - * - * @param this generator_t object + * Destroys a generator_t object. */ void (*destroy) (generator_t *this); }; /** - * @brief Constructor to create a generator. + * Constructor to create a generator. * * @return generator_t object. - * - * @ingroup encoding */ generator_t *generator_create(void); -#endif /*GENERATOR_H_*/ +#endif /*GENERATOR_H_ @} */ diff --git a/src/charon/encoding/message.c b/src/charon/encoding/message.c index 3dfa64fb9..af9483192 100644 --- a/src/charon/encoding/message.c +++ b/src/charon/encoding/message.c @@ -1,10 +1,3 @@ -/** - * @file message.c - * - * @brief Implementation of message_t. - * - */ - /* * Copyright (C) 2006-2007 Tobias Brunner * Copyright (C) 2006 Daniel Roethlisberger @@ -21,6 +14,8 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * $Id: message.c 3991 2008-05-21 17:56:21Z martin $ */ #include <stdlib.h> @@ -82,13 +77,31 @@ struct payload_rule_t { bool sufficient; }; +typedef struct payload_order_t payload_order_t; + +/** + * payload ordering structure allows us to reorder payloads according to RFC. + */ +struct payload_order_t { + + /** + * payload type + */ + payload_type_t type; + + /** + * notify type, if payload == NOTIFY + */ + notify_type_t notify; +}; + + typedef struct message_rule_t message_rule_t; /** * A message rule defines the kind of a message, * if it has encrypted contents and a list - * of payload rules. - * + * of payload ordering rules and payload parsing rules. */ struct message_rule_t { /** @@ -109,161 +122,398 @@ struct message_rule_t { /** * Number of payload rules which will follow */ - size_t payload_rule_count; + int payload_rule_count; /** * Pointer to first payload rule */ payload_rule_t *payload_rules; + + /** + * Number of payload order rules + */ + int payload_order_count; + + /** + * payload ordering rules + */ + payload_order_t *payload_order; }; /** * Message rule for IKE_SA_INIT from initiator. */ static payload_rule_t ike_sa_init_i_payload_rules[] = { - {NOTIFY,0,MAX_NOTIFY_PAYLOADS,FALSE,FALSE}, - {SECURITY_ASSOCIATION,1,1,FALSE,FALSE}, - {KEY_EXCHANGE,1,1,FALSE,FALSE}, - {NONCE,1,1,FALSE,FALSE}, - {VENDOR_ID,0,10,FALSE,FALSE}, +/* payload type min max encr suff */ + {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE}, + {SECURITY_ASSOCIATION, 1, 1, FALSE, FALSE}, + {KEY_EXCHANGE, 1, 1, FALSE, FALSE}, + {NONCE, 1, 1, FALSE, FALSE}, + {VENDOR_ID, 0, 10, FALSE, FALSE}, +}; + +/** + * payload order for IKE_SA_INIT initiator + */ +static payload_order_t ike_sa_init_i_payload_order[] = { +/* payload type notify type */ + {NOTIFY, COOKIE}, + {SECURITY_ASSOCIATION, 0}, + {KEY_EXCHANGE, 0}, + {NONCE, 0}, + {NOTIFY, NAT_DETECTION_SOURCE_IP}, + {NOTIFY, NAT_DETECTION_DESTINATION_IP}, + {NOTIFY, 0}, + {VENDOR_ID, 0}, }; /** * Message rule for IKE_SA_INIT from responder. */ static payload_rule_t ike_sa_init_r_payload_rules[] = { - {NOTIFY,0,MAX_NOTIFY_PAYLOADS,FALSE,TRUE}, - {SECURITY_ASSOCIATION,1,1,FALSE,FALSE}, - {KEY_EXCHANGE,1,1,FALSE,FALSE}, - {NONCE,1,1,FALSE,FALSE}, - {VENDOR_ID,0,10,FALSE,FALSE}, +/* payload type min max encr suff */ + {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, FALSE, TRUE}, + {SECURITY_ASSOCIATION, 1, 1, FALSE, FALSE}, + {KEY_EXCHANGE, 1, 1, FALSE, FALSE}, + {NONCE, 1, 1, FALSE, FALSE}, + {VENDOR_ID, 0, 10, FALSE, FALSE}, +}; + +/** + * payload order for IKE_SA_INIT responder + */ +static payload_order_t ike_sa_init_r_payload_order[] = { +/* payload type notify type */ + {SECURITY_ASSOCIATION, 0}, + {KEY_EXCHANGE, 0}, + {NONCE, 0}, + {NOTIFY, NAT_DETECTION_SOURCE_IP}, + {NOTIFY, NAT_DETECTION_DESTINATION_IP}, + {NOTIFY, HTTP_CERT_LOOKUP_SUPPORTED}, + {CERTIFICATE_REQUEST, 0}, + {NOTIFY, 0}, + {VENDOR_ID, 0}, }; /** * Message rule for IKE_AUTH from initiator. */ static payload_rule_t ike_auth_i_payload_rules[] = { - {NOTIFY,0,MAX_NOTIFY_PAYLOADS,TRUE,FALSE}, - {EXTENSIBLE_AUTHENTICATION,0,1,TRUE,TRUE}, - {AUTHENTICATION,0,1,TRUE,TRUE}, - {ID_INITIATOR,1,1,TRUE,FALSE}, - {CERTIFICATE,0,1,TRUE,FALSE}, - {CERTIFICATE_REQUEST,0,1,TRUE,FALSE}, - {ID_RESPONDER,0,1,TRUE,FALSE}, -#ifdef P2P - {SECURITY_ASSOCIATION,0,1,TRUE,FALSE}, - {TRAFFIC_SELECTOR_INITIATOR,0,1,TRUE,FALSE}, - {TRAFFIC_SELECTOR_RESPONDER,0,1,TRUE,FALSE}, +/* payload type min max encr suff */ + {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE}, + {EXTENSIBLE_AUTHENTICATION, 0, 1, TRUE, TRUE}, + {AUTHENTICATION, 0, 1, TRUE, TRUE}, + {ID_INITIATOR, 1, 1, TRUE, FALSE}, + {CERTIFICATE, 0, 4, TRUE, FALSE}, + {CERTIFICATE_REQUEST, 0, 1, TRUE, FALSE}, + {ID_RESPONDER, 0, 1, TRUE, FALSE}, +#ifdef ME + {SECURITY_ASSOCIATION, 0, 1, TRUE, FALSE}, + {TRAFFIC_SELECTOR_INITIATOR, 0, 1, TRUE, FALSE}, + {TRAFFIC_SELECTOR_RESPONDER, 0, 1, TRUE, FALSE}, #else - {SECURITY_ASSOCIATION,1,1,TRUE,FALSE}, - {TRAFFIC_SELECTOR_INITIATOR,1,1,TRUE,FALSE}, - {TRAFFIC_SELECTOR_RESPONDER,1,1,TRUE,FALSE}, -#endif /* P2P */ - {CONFIGURATION,0,1,TRUE,FALSE}, - {VENDOR_ID,0,10,TRUE,FALSE}, + {SECURITY_ASSOCIATION, 1, 1, TRUE, FALSE}, + {TRAFFIC_SELECTOR_INITIATOR, 1, 1, TRUE, FALSE}, + {TRAFFIC_SELECTOR_RESPONDER, 1, 1, TRUE, FALSE}, +#endif /* ME */ + {CONFIGURATION, 0, 1, TRUE, FALSE}, + {VENDOR_ID, 0, 10, TRUE, FALSE}, +}; + +/** + * payload order for IKE_AUTH initiator + */ +static payload_order_t ike_auth_i_payload_order[] = { +/* payload type notify type */ + {ID_INITIATOR, 0}, + {CERTIFICATE, 0}, + {NOTIFY, INITIAL_CONTACT}, + {NOTIFY, HTTP_CERT_LOOKUP_SUPPORTED}, + {CERTIFICATE_REQUEST, 0}, + {ID_RESPONDER, 0}, + {AUTHENTICATION, 0}, + {EXTENSIBLE_AUTHENTICATION, 0}, + {CONFIGURATION, 0}, + {NOTIFY, IPCOMP_SUPPORTED}, + {NOTIFY, USE_TRANSPORT_MODE}, + {NOTIFY, ESP_TFC_PADDING_NOT_SUPPORTED}, + {NOTIFY, NON_FIRST_FRAGMENTS_ALSO}, + {SECURITY_ASSOCIATION, 0}, + {TRAFFIC_SELECTOR_INITIATOR, 0}, + {TRAFFIC_SELECTOR_RESPONDER, 0}, + {NOTIFY, MOBIKE_SUPPORTED}, + {NOTIFY, ADDITIONAL_IP4_ADDRESS}, + {NOTIFY, ADDITIONAL_IP6_ADDRESS}, + {NOTIFY, NO_ADDITIONAL_ADDRESSES}, + {NOTIFY, 0}, + {VENDOR_ID, 0}, }; /** * Message rule for IKE_AUTH from responder. */ static payload_rule_t ike_auth_r_payload_rules[] = { - {NOTIFY,0,MAX_NOTIFY_PAYLOADS,TRUE,TRUE}, - {EXTENSIBLE_AUTHENTICATION,0,1,TRUE,TRUE}, - {CERTIFICATE,0,1,TRUE,FALSE}, - {ID_RESPONDER,0,1,TRUE,FALSE}, - {AUTHENTICATION,0,1,TRUE,FALSE}, - {SECURITY_ASSOCIATION,0,1,TRUE,FALSE}, - {TRAFFIC_SELECTOR_INITIATOR,0,1,TRUE,FALSE}, - {TRAFFIC_SELECTOR_RESPONDER,0,1,TRUE,FALSE}, - {CONFIGURATION,0,1,TRUE,FALSE}, - {VENDOR_ID,0,10,TRUE,FALSE}, +/* payload type min max encr suff */ + {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, TRUE}, + {EXTENSIBLE_AUTHENTICATION, 0, 1, TRUE, TRUE}, + {CERTIFICATE, 0, 4, TRUE, FALSE}, + {ID_RESPONDER, 0, 1, TRUE, FALSE}, + {AUTHENTICATION, 0, 1, TRUE, FALSE}, + {SECURITY_ASSOCIATION, 0, 1, TRUE, FALSE}, + {TRAFFIC_SELECTOR_INITIATOR, 0, 1, TRUE, FALSE}, + {TRAFFIC_SELECTOR_RESPONDER, 0, 1, TRUE, FALSE}, + {CONFIGURATION, 0, 1, TRUE, FALSE}, + {VENDOR_ID, 0, 10, TRUE, FALSE}, }; +/** + * payload order for IKE_AUTH responder + */ +static payload_order_t ike_auth_r_payload_order[] = { +/* payload type notify type */ + {ID_RESPONDER, 0}, + {CERTIFICATE, 0}, + {AUTHENTICATION, 0}, + {EXTENSIBLE_AUTHENTICATION, 0}, + {CONFIGURATION, 0}, + {NOTIFY, IPCOMP_SUPPORTED}, + {NOTIFY, USE_TRANSPORT_MODE}, + {NOTIFY, ESP_TFC_PADDING_NOT_SUPPORTED}, + {NOTIFY, NON_FIRST_FRAGMENTS_ALSO}, + {SECURITY_ASSOCIATION, 0}, + {TRAFFIC_SELECTOR_INITIATOR, 0}, + {TRAFFIC_SELECTOR_RESPONDER, 0}, + {NOTIFY, AUTH_LIFETIME}, + {NOTIFY, MOBIKE_SUPPORTED}, + {NOTIFY, ADDITIONAL_IP4_ADDRESS}, + {NOTIFY, ADDITIONAL_IP6_ADDRESS}, + {NOTIFY, NO_ADDITIONAL_ADDRESSES}, + {NOTIFY, 0}, + {VENDOR_ID, 0}, +}; /** * Message rule for INFORMATIONAL from initiator. */ static payload_rule_t informational_i_payload_rules[] = { - {NOTIFY,0,MAX_NOTIFY_PAYLOADS,TRUE,FALSE}, - {CONFIGURATION,0,1,TRUE,FALSE}, - {DELETE,0,1,TRUE,FALSE}, - {VENDOR_ID,0,10,TRUE,FALSE}, - +/* payload type min max encr suff */ + {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE}, + {CONFIGURATION, 0, 1, TRUE, FALSE}, + {DELETE, 0, 1, TRUE, FALSE}, + {VENDOR_ID, 0, 10, TRUE, FALSE}, +}; + +/** + * payload order for INFORMATIONAL initiator + */ +static payload_order_t informational_i_payload_order[] = { +/* payload type notify type */ + {NOTIFY, UPDATE_SA_ADDRESSES}, + {NOTIFY, NAT_DETECTION_SOURCE_IP}, + {NOTIFY, NAT_DETECTION_DESTINATION_IP}, + {NOTIFY, COOKIE2}, + {NOTIFY, 0}, + {DELETE, 0}, + {CONFIGURATION, 0}, }; /** * Message rule for INFORMATIONAL from responder. */ static payload_rule_t informational_r_payload_rules[] = { - {NOTIFY,0,MAX_NOTIFY_PAYLOADS,TRUE,FALSE}, - {CONFIGURATION,0,1,TRUE,FALSE}, - {DELETE,0,1,TRUE,FALSE}, - {VENDOR_ID,0,10,TRUE,FALSE}, +/* payload type min max encr suff */ + {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE}, + {CONFIGURATION, 0, 1, TRUE, FALSE}, + {DELETE, 0, 1, TRUE, FALSE}, + {VENDOR_ID, 0, 10, TRUE, FALSE}, +}; + +/** + * payload order for INFORMATIONAL responder + */ +static payload_order_t informational_r_payload_order[] = { +/* payload type notify type */ + {NOTIFY, UPDATE_SA_ADDRESSES}, + {NOTIFY, NAT_DETECTION_SOURCE_IP}, + {NOTIFY, NAT_DETECTION_DESTINATION_IP}, + {NOTIFY, COOKIE2}, + {NOTIFY, 0}, + {DELETE, 0}, + {CONFIGURATION, 0}, }; /** * Message rule for CREATE_CHILD_SA from initiator. */ static payload_rule_t create_child_sa_i_payload_rules[] = { - {NOTIFY,0,MAX_NOTIFY_PAYLOADS,TRUE,FALSE}, - {SECURITY_ASSOCIATION,1,1,TRUE,FALSE}, - {NONCE,1,1,TRUE,FALSE}, - {KEY_EXCHANGE,0,1,TRUE,FALSE}, - {TRAFFIC_SELECTOR_INITIATOR,0,1,TRUE,FALSE}, - {TRAFFIC_SELECTOR_RESPONDER,0,1,TRUE,FALSE}, - {CONFIGURATION,0,1,TRUE,FALSE}, - {VENDOR_ID,0,10,TRUE,FALSE}, +/* payload type min max encr suff */ + {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE}, + {SECURITY_ASSOCIATION, 1, 1, TRUE, FALSE}, + {NONCE, 1, 1, TRUE, FALSE}, + {KEY_EXCHANGE, 0, 1, TRUE, FALSE}, + {TRAFFIC_SELECTOR_INITIATOR, 0, 1, TRUE, FALSE}, + {TRAFFIC_SELECTOR_RESPONDER, 0, 1, TRUE, FALSE}, + {CONFIGURATION, 0, 1, TRUE, FALSE}, + {VENDOR_ID, 0, 10, TRUE, FALSE}, +}; + +/** + * payload order for CREATE_CHILD_SA from initiator. + */ +static payload_order_t create_child_sa_i_payload_order[] = { +/* payload type notify type */ + {NOTIFY, REKEY_SA}, + {NOTIFY, IPCOMP_SUPPORTED}, + {NOTIFY, USE_TRANSPORT_MODE}, + {NOTIFY, ESP_TFC_PADDING_NOT_SUPPORTED}, + {NOTIFY, NON_FIRST_FRAGMENTS_ALSO}, + {SECURITY_ASSOCIATION, 0}, + {NONCE, 0}, + {KEY_EXCHANGE, 0}, + {TRAFFIC_SELECTOR_INITIATOR, 0}, + {TRAFFIC_SELECTOR_RESPONDER, 0}, + {NOTIFY, 0}, }; /** * Message rule for CREATE_CHILD_SA from responder. */ static payload_rule_t create_child_sa_r_payload_rules[] = { - {NOTIFY,0,MAX_NOTIFY_PAYLOADS,TRUE,TRUE}, - {SECURITY_ASSOCIATION,1,1,TRUE,FALSE}, - {NONCE,1,1,TRUE,FALSE}, - {KEY_EXCHANGE,0,1,TRUE,FALSE}, - {TRAFFIC_SELECTOR_INITIATOR,0,1,TRUE,FALSE}, - {TRAFFIC_SELECTOR_RESPONDER,0,1,TRUE,FALSE}, - {CONFIGURATION,0,1,TRUE,FALSE}, - {VENDOR_ID,0,10,TRUE,FALSE}, +/* payload type min max encr suff */ + {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, TRUE}, + {SECURITY_ASSOCIATION, 1, 1, TRUE, FALSE}, + {NONCE, 1, 1, TRUE, FALSE}, + {KEY_EXCHANGE, 0, 1, TRUE, FALSE}, + {TRAFFIC_SELECTOR_INITIATOR, 0, 1, TRUE, FALSE}, + {TRAFFIC_SELECTOR_RESPONDER, 0, 1, TRUE, FALSE}, + {CONFIGURATION, 0, 1, TRUE, FALSE}, + {VENDOR_ID, 0, 10, TRUE, FALSE}, }; -#ifdef P2P /** - * Message rule for P2P_CONNECT from initiator. + * payload order for CREATE_CHILD_SA from responder. */ -static payload_rule_t p2p_connect_i_payload_rules[] = { - {NOTIFY,0,MAX_NOTIFY_PAYLOADS,TRUE,TRUE}, - {ID_PEER,1,1,TRUE,FALSE}, - {VENDOR_ID,0,10,TRUE,FALSE} +static payload_order_t create_child_sa_r_payload_order[] = { +/* payload type notify type */ + {NOTIFY, IPCOMP_SUPPORTED}, + {NOTIFY, USE_TRANSPORT_MODE}, + {NOTIFY, ESP_TFC_PADDING_NOT_SUPPORTED}, + {NOTIFY, NON_FIRST_FRAGMENTS_ALSO}, + {SECURITY_ASSOCIATION, 0}, + {NONCE, 0}, + {KEY_EXCHANGE, 0}, + {TRAFFIC_SELECTOR_INITIATOR, 0}, + {TRAFFIC_SELECTOR_RESPONDER, 0}, + {NOTIFY, ADDITIONAL_TS_POSSIBLE}, + {NOTIFY, 0}, }; +#ifdef ME /** - * Message rule for P2P_CONNECT from responder. + * Message rule for ME_CONNECT from initiator. */ -static payload_rule_t p2p_connect_r_payload_rules[] = { - {NOTIFY,0,MAX_NOTIFY_PAYLOADS,TRUE,TRUE}, - {VENDOR_ID,0,10,TRUE,FALSE} +static payload_rule_t me_connect_i_payload_rules[] = { +/* payload type min max encr suff */ + {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, TRUE}, + {ID_PEER, 1, 1, TRUE, FALSE}, + {VENDOR_ID, 0, 10, TRUE, FALSE} }; -#endif /* P2P */ + +/** + * payload order for ME_CONNECT from initiator. + */ +static payload_order_t me_connect_i_payload_order[] = { +/* payload type notify type */ + {NOTIFY, 0}, + {ID_PEER, 0}, + {VENDOR_ID, 0}, +}; + +/** + * Message rule for ME_CONNECT from responder. + */ +static payload_rule_t me_connect_r_payload_rules[] = { +/* payload type min max encr suff */ + {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, TRUE}, + {VENDOR_ID, 0, 10, TRUE, FALSE} +}; + +/** + * payload order for ME_CONNECT from responder. + */ +static payload_order_t me_connect_r_payload_order[] = { +/* payload type notify type */ + {NOTIFY, 0}, + {VENDOR_ID, 0}, +}; +#endif /* ME */ /** * Message rules, defines allowed payloads. */ static message_rule_t message_rules[] = { - {IKE_SA_INIT,TRUE,FALSE,(sizeof(ike_sa_init_i_payload_rules)/sizeof(payload_rule_t)),ike_sa_init_i_payload_rules}, - {IKE_SA_INIT,FALSE,FALSE,(sizeof(ike_sa_init_r_payload_rules)/sizeof(payload_rule_t)),ike_sa_init_r_payload_rules}, - {IKE_AUTH,TRUE,TRUE,(sizeof(ike_auth_i_payload_rules)/sizeof(payload_rule_t)),ike_auth_i_payload_rules}, - {IKE_AUTH,FALSE,TRUE,(sizeof(ike_auth_r_payload_rules)/sizeof(payload_rule_t)),ike_auth_r_payload_rules}, - {INFORMATIONAL,TRUE,TRUE,(sizeof(informational_i_payload_rules)/sizeof(payload_rule_t)),informational_i_payload_rules}, - {INFORMATIONAL,FALSE,TRUE,(sizeof(informational_r_payload_rules)/sizeof(payload_rule_t)),informational_r_payload_rules}, - {CREATE_CHILD_SA,TRUE,TRUE,(sizeof(create_child_sa_i_payload_rules)/sizeof(payload_rule_t)),create_child_sa_i_payload_rules}, - {CREATE_CHILD_SA,FALSE,TRUE,(sizeof(create_child_sa_r_payload_rules)/sizeof(payload_rule_t)),create_child_sa_r_payload_rules}, -#ifdef P2P - {P2P_CONNECT,TRUE,TRUE,(sizeof(p2p_connect_i_payload_rules)/sizeof(payload_rule_t)),p2p_connect_i_payload_rules}, - {P2P_CONNECT,FALSE,TRUE,(sizeof(p2p_connect_r_payload_rules)/sizeof(payload_rule_t)),p2p_connect_r_payload_rules}, -#endif /* P2P */ + {IKE_SA_INIT, TRUE, FALSE, + (sizeof(ike_sa_init_i_payload_rules)/sizeof(payload_rule_t)), + ike_sa_init_i_payload_rules, + (sizeof(ike_sa_init_i_payload_order)/sizeof(payload_order_t)), + ike_sa_init_i_payload_order, + }, + {IKE_SA_INIT, FALSE, FALSE, + (sizeof(ike_sa_init_r_payload_rules)/sizeof(payload_rule_t)), + ike_sa_init_r_payload_rules, + (sizeof(ike_sa_init_r_payload_order)/sizeof(payload_order_t)), + ike_sa_init_r_payload_order, + }, + {IKE_AUTH, TRUE, TRUE, + (sizeof(ike_auth_i_payload_rules)/sizeof(payload_rule_t)), + ike_auth_i_payload_rules, + (sizeof(ike_auth_i_payload_order)/sizeof(payload_order_t)), + ike_auth_i_payload_order, + }, + {IKE_AUTH, FALSE, TRUE, + (sizeof(ike_auth_r_payload_rules)/sizeof(payload_rule_t)), + ike_auth_r_payload_rules, + (sizeof(ike_auth_r_payload_order)/sizeof(payload_order_t)), + ike_auth_r_payload_order, + }, + {INFORMATIONAL, TRUE, TRUE, + (sizeof(informational_i_payload_rules)/sizeof(payload_rule_t)), + informational_i_payload_rules, + (sizeof(informational_i_payload_order)/sizeof(payload_order_t)), + informational_i_payload_order, + }, + {INFORMATIONAL, FALSE, TRUE, + (sizeof(informational_r_payload_rules)/sizeof(payload_rule_t)), + informational_r_payload_rules, + (sizeof(informational_r_payload_order)/sizeof(payload_order_t)), + informational_r_payload_order, + }, + {CREATE_CHILD_SA, TRUE, TRUE, + (sizeof(create_child_sa_i_payload_rules)/sizeof(payload_rule_t)), + create_child_sa_i_payload_rules, + (sizeof(create_child_sa_i_payload_order)/sizeof(payload_order_t)), + create_child_sa_i_payload_order, + }, + {CREATE_CHILD_SA, FALSE, TRUE, + (sizeof(create_child_sa_r_payload_rules)/sizeof(payload_rule_t)), + create_child_sa_r_payload_rules, + (sizeof(create_child_sa_r_payload_order)/sizeof(payload_order_t)), + create_child_sa_r_payload_order, + }, +#ifdef ME + {ME_CONNECT, TRUE, TRUE, + (sizeof(me_connect_i_payload_rules)/sizeof(payload_rule_t)), + me_connect_i_payload_rules, + (sizeof(me_connect_i_payload_order)/sizeof(payload_order_t)), + me_connect_i_payload_order, + }, + {ME_CONNECT, FALSE, TRUE, + (sizeof(me_connect_r_payload_rules)/sizeof(payload_rule_t)), + me_connect_r_payload_rules, + (sizeof(me_connect_r_payload_order)/sizeof(payload_order_t)), + me_connect_r_payload_order, + }, +#endif /* ME */ }; @@ -517,38 +767,19 @@ static bool is_encoded(private_message_t *this) */ static void add_payload(private_message_t *this, payload_t *payload) { - payload_t *last_payload, *first_payload; - - if ((this->is_request && payload->get_type(payload) == ID_INITIATOR) || - (!this->is_request && payload->get_type(payload) == ID_RESPONDER)) + payload_t *last_payload; + + if (this->payloads->get_count(this->payloads) > 0) { - /* HOTD: insert ID payload in the beginning to respect RFC */ - if (this->payloads->get_first(this->payloads, - (void **)&first_payload) == SUCCESS) - { - payload->set_next_type(payload, first_payload->get_type(first_payload)); - } - else - { - payload->set_next_type(payload, NO_PAYLOAD); - } - this->first_payload = payload->get_type(payload); - this->payloads->insert_first(this->payloads, payload); + this->payloads->get_last(this->payloads, (void **)&last_payload); + last_payload->set_next_type(last_payload, payload->get_type(payload)); } else { - if (this->payloads->get_count(this->payloads) > 0) - { - this->payloads->get_last(this->payloads,(void **) &last_payload); - last_payload->set_next_type(last_payload, payload->get_type(payload)); - } - else - { - this->first_payload = payload->get_type(payload); - } - payload->set_next_type(payload, NO_PAYLOAD); - this->payloads->insert_last(this->payloads, payload); + this->first_payload = payload->get_type(payload); } + payload->set_next_type(payload, NO_PAYLOAD); + this->payloads->insert_last(this->payloads, payload); DBG2(DBG_ENC ,"added payload of type %N to message", payload_type_names, payload->get_type(payload)); @@ -694,9 +925,65 @@ static char* get_string(private_message_t *this, char *buf, int len) } /** + * reorder payloads depending on reordering rules + */ +static void order_payloads(private_message_t *this) +{ + linked_list_t *list; + payload_t *payload; + int i; + + /* move to temp list */ + list = linked_list_create(); + while (this->payloads->remove_last(this->payloads, + (void**)&payload) == SUCCESS) + { + list->insert_first(list, payload); + } + /* for each rule, ... */ + for (i = 0; i < this->message_rule->payload_order_count; i++) + { + enumerator_t *enumerator; + notify_payload_t *notify; + payload_order_t order = this->message_rule->payload_order[i]; + + /* ... find all payload ... */ + enumerator = list->create_enumerator(list); + while (enumerator->enumerate(enumerator, &payload)) + { + /* ... with that type ... */ + if (payload->get_type(payload) == order.type) + { + notify = (notify_payload_t*)payload; + + /**... and check notify for type. */ + if (order.type != NOTIFY || order.notify == 0 || + order.notify == notify->get_notify_type(notify)) + { + list->remove_at(list, enumerator); + add_payload(this, payload); + } + } + } + enumerator->destroy(enumerator); + } + /* append all payloads without a rule to the end */ + while (list->remove_last(list, (void**)&payload) == SUCCESS) + { + DBG1(DBG_ENC, "payload %N has no ordering rule in %N %s", + payload_type_names, payload->get_type(payload), + exchange_type_names, this->message_rule->exchange_type, + this->message_rule->is_request ? "request" : "response"); + add_payload(this, payload); + } + list->destroy(list); +} + +/** * Implementation of private_message_t.encrypt_payloads. */ -static status_t encrypt_payloads (private_message_t *this,crypter_t *crypter, signer_t* signer) +static status_t encrypt_payloads(private_message_t *this, + crypter_t *crypter, signer_t* signer) { encryption_payload_t *encryption_payload = NULL; status_t status; @@ -778,7 +1065,8 @@ static status_t encrypt_payloads (private_message_t *this,crypter_t *crypter, si /** * Implementation of message_t.generate. */ -static status_t generate(private_message_t *this, crypter_t *crypter, signer_t* signer, packet_t **packet) +static status_t generate(private_message_t *this, crypter_t *crypter, + signer_t* signer, packet_t **packet) { generator_t *generator; ike_header_t *ike_header; @@ -795,8 +1083,6 @@ static status_t generate(private_message_t *this, crypter_t *crypter, signer_t* return SUCCESS; } - DBG1(DBG_ENC, "generating %s", get_string(this, str, sizeof(str))); - if (this->exchange_type == EXCHANGE_TYPE_UNDEFINED) { DBG1(DBG_ENC, "exchange type is not defined"); @@ -819,6 +1105,10 @@ static status_t generate(private_message_t *this, crypter_t *crypter, signer_t* return NOT_SUPPORTED; } + order_payloads(this); + + DBG1(DBG_ENC, "generating %s", get_string(this, str, sizeof(str))); + /* going to encrypt all content which have to be encrypted */ status = encrypt_payloads(this, crypter, signer); if (status != SUCCESS) @@ -842,7 +1132,7 @@ static status_t generate(private_message_t *this, crypter_t *crypter, signer_t* payload = (payload_t*)ike_header; - /* generate every payload expect last one, this is doen later*/ + /* generate every payload expect last one, this is done later*/ iterator = this->payloads->create_iterator(this->payloads, TRUE); while(iterator->iterate(iterator, (void**)&next_payload)) { @@ -1346,3 +1636,4 @@ message_t *message_create() { return message_create_from_packet(NULL); } + diff --git a/src/charon/encoding/message.h b/src/charon/encoding/message.h index 35b659f33..8cc604ea7 100644 --- a/src/charon/encoding/message.h +++ b/src/charon/encoding/message.h @@ -1,10 +1,3 @@ -/** - * @file message.h - * - * @brief Interface of message_t. - * - */ - /* * Copyright (C) 2006-2007 Tobias Brunner * Copyright (C) 2006 Daniel Roethlisberger @@ -21,6 +14,13 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * $Id: message.h 3589 2008-03-13 14:14:44Z martin $ + */ + +/** + * @defgroup message message + * @{ @ingroup encoding */ #ifndef MESSAGE_H_ @@ -38,148 +38,126 @@ typedef struct message_t message_t; #include <crypto/signers/signer.h> /** - * @brief This class is used to represent an IKEv2-Message. + * This class is used to represent an IKEv2-Message. * * The message handles parsing and generation of payloads * via parser_t/generator_t. Encryption is done transparently * via the encryption_payload_t. A set of rules for messages * and payloads does check parsed messages. - * - * @b Constructors: - * - message_create() - * - message_create_from_packet() - * - message_create_notify_reply() - * - * @ingroup encoding */ struct message_t { /** - * @brief Sets the IKE major version of the message. + * Sets the IKE major version of the message. * - * @param this message_t object * @param major_version major version to set */ void (*set_major_version) (message_t *this,u_int8_t major_version); /** - * @brief Gets the IKE major version of the message. + * Gets the IKE major version of the message. * - * @param this message_t object * @return major version of the message */ u_int8_t (*get_major_version) (message_t *this); /** - * @brief Sets the IKE minor version of the message. + * Sets the IKE minor version of the message. * - * @param this message_t object * @param minor_version minor version to set */ void (*set_minor_version) (message_t *this,u_int8_t minor_version); /** - * @brief Gets the IKE minor version of the message. + * Gets the IKE minor version of the message. * - * @param this message_t object * @return minor version of the message */ u_int8_t (*get_minor_version) (message_t *this); /** - * @brief Sets the Message ID of the message. + * Sets the Message ID of the message. * - * @param this message_t object - * @param message_id message_id to set + * @param message_id message_id to set */ void (*set_message_id) (message_t *this,u_int32_t message_id); /** - * @brief Gets the Message ID of the message. + * Gets the Message ID of the message. * - * @param this message_t object * @return message_id type of the message */ u_int32_t (*get_message_id) (message_t *this); /** - * @brief Gets the initiator SPI of the message. + * Gets the initiator SPI of the message. * - * @param this message_t object * @return initiator spi of the message */ u_int64_t (*get_initiator_spi) (message_t *this); /** - * @brief Gets the responder SPI of the message. + * Gets the responder SPI of the message. * - * @param this message_t object * @return responder spi of the message */ u_int64_t (*get_responder_spi) (message_t *this); /** - * @brief Sets the IKE_SA ID of the message. + * Sets the IKE_SA ID of the message. * * ike_sa_id gets cloned. * - * @param this message_t object * @param ike_sa_id ike_sa_id to set */ void (*set_ike_sa_id) (message_t *this, ike_sa_id_t * ike_sa_id); /** - * @brief Gets the IKE_SA ID of the message. + * Gets the IKE_SA ID of the message. * * The ike_sa_id points to the message internal id, do not modify. * - * @param this message_t object * @return ike_sa_id of message */ ike_sa_id_t *(*get_ike_sa_id) (message_t *this); /** - * @brief Sets the exchange type of the message. + * Sets the exchange type of the message. * - * @param this message_t object * @param exchange_type exchange_type to set */ void (*set_exchange_type) (message_t *this,exchange_type_t exchange_type); /** - * @brief Gets the exchange type of the message. + * Gets the exchange type of the message. * - * @param this message_t object * @return exchange type of the message */ exchange_type_t (*get_exchange_type) (message_t *this); /** - * @brief Gets the payload type of the first payload. + * Gets the payload type of the first payload. * - * @param this message_t object * @return payload type of the first payload */ payload_type_t (*get_first_payload_type) (message_t *this); /** - * @brief Sets the request flag. + * Sets the request flag. * - * @param this message_t object - * @param original_initiator TRUE if message is a request, FALSE if it is a reply + * @param request TRUE if message is a request, FALSE if it is a reply */ - void (*set_request) (message_t *this,bool request); + void (*set_request) (message_t *this, bool request); /** - * @brief Gets request flag. + * Gets request flag. * - * @param this message_t object * @return TRUE if message is a request, FALSE if it is a reply */ bool (*get_request) (message_t *this); /** - * @brief Append a payload to the message. + * Append a payload to the message. * * If the payload must be encrypted is not specified here. Encryption * of payloads is evaluated via internal rules for the messages and @@ -187,19 +165,17 @@ struct message_t { * all payloads to encrypt are added to the encryption payload, which is * always the last one. * - * @param this message_t object * @param payload payload to append */ void (*add_payload) (message_t *this, payload_t *payload); /** - * @brief Build a notify payload and add it to the message. + * Build a notify payload and add it to the message. * * This is a helper method to create notify messages or add * notify payload to messages. The flush parameter specifies if existing * payloads should get removed before appending the notify. * - * @param this message_t object * @param flush TRUE to remove existing payloads * @param type type of the notify * @param data a chunk of data to add to the notify, gets cloned @@ -208,13 +184,12 @@ struct message_t { chunk_t data); /** - * @brief Parses header of message. + * Parses header of message. * * Begins parisng of a message created via message_create_from_packet(). * The parsing context is stored, so a subsequent call to parse_body() * will continue the parsing process. * - * @param this message_t object * @return * - SUCCESS if header could be parsed * - PARSE_ERROR if corrupted/invalid data found @@ -223,7 +198,7 @@ struct message_t { status_t (*parse_header) (message_t *this); /** - * @brief Parses body of message. + * Parses body of message. * * The body gets not only parsed, but rather it gets verified. * All payloads are verified if they are allowed to exist in the message @@ -234,7 +209,6 @@ struct message_t { * Crypter/signer can be omitted (by passing NULL) when no encryption * payload is expected. * - * @param this message_t object * @param crypter crypter to decrypt encryption payloads * @param signer signer to verifiy a message with an encryption payload * @return @@ -249,7 +223,7 @@ struct message_t { status_t (*parse_body) (message_t *this, crypter_t *crypter, signer_t *signer); /** - * @brief Generates the UDP packet of specific message. + * Generates the UDP packet of specific message. * * Payloads which must be encrypted are generated first and added to * an encryption payload. This encryption payload will get encrypted via @@ -260,7 +234,6 @@ struct message_t { * payload is expected. * Generation is only done once, multiple calls will just return a packet copy. * - * @param this message_t object * @param crypter crypter to use when a payload must be encrypted * @param signer signer to build a mac * @param packet copy of generated packet @@ -273,103 +246,91 @@ struct message_t { status_t (*generate) (message_t *this, crypter_t *crypter, signer_t *signer, packet_t **packet); /** - * @brief Gets the source host informations. + * Gets the source host informations. * * @warning Returned host_t object is not getting cloned, * do not destroy nor modify. * - * @param this message_t object * @return host_t object representing source host */ host_t * (*get_source) (message_t *this); /** - * @brief Sets the source host informations. + * Sets the source host informations. * * @warning host_t object is not getting cloned and gets destroyed by * message_t.destroy or next call of message_t.set_source. * - * @param this message_t object * @param host host_t object representing source host */ void (*set_source) (message_t *this, host_t *host); /** - * @brief Gets the destination host informations. + * Gets the destination host informations. * * @warning Returned host_t object is not getting cloned, * do not destroy nor modify. * - * @param this message_t object * @return host_t object representing destination host */ host_t * (*get_destination) (message_t *this); /** - * @brief Sets the destination host informations. + * Sets the destination host informations. * * @warning host_t object is not getting cloned and gets destroyed by * message_t.destroy or next call of message_t.set_destination. * - * @param this message_t object * @param host host_t object representing destination host */ void (*set_destination) (message_t *this, host_t *host); /** - * @brief Returns an iterator on all stored payloads. + * Returns an iterator on all stored payloads. * * @warning Don't insert payloads over this iterator. * Use add_payload() instead. * - * @param this message_t object * @return iterator_t object which has to get destroyd by the caller */ iterator_t * (*get_payload_iterator) (message_t *this); /** - * @brief Find a payload of a specific type. + * Find a payload of a specific type. * * Returns the first occurance. * - * @param this message_t object * @param type type of the payload to find * @return payload, or NULL if no such payload found */ payload_t* (*get_payload) (message_t *this, payload_type_t type); /** - * @brief Returns a clone of the internal stored packet_t object. + * Returns a clone of the internal stored packet_t object. * - * @param this message_t object * @return packet_t object as clone of internal one */ packet_t * (*get_packet) (message_t *this); /** - * @brief Returns a clone of the internal stored packet_t data. + * Returns a clone of the internal stored packet_t data. * - * @param this message_t object * @return clone of the internal stored packet_t data. */ chunk_t (*get_packet_data) (message_t *this); /** - * @brief Destroys a message and all including objects. - * - * @param this message_t object + * Destroys a message and all including objects. */ void (*destroy) (message_t *this); }; /** - * @brief Creates an message_t object from a incoming UDP Packet. + * Creates an message_t object from a incoming UDP Packet. * * @warning the given packet_t object is not copied and gets * destroyed in message_t's destroy call. * - * @warning Packet is not parsed in here! - * * - exchange_type is set to NOT_SET * - original_initiator is set to TRUE * - is_request is set to TRUE @@ -377,23 +338,19 @@ struct message_t { * * @param packet packet_t object which is assigned to message * @return message_t object - * - * @ingroup encoding */ message_t * message_create_from_packet(packet_t *packet); /** - * @brief Creates an empty message_t object. + * Creates an empty message_t object. * * - exchange_type is set to NOT_SET * - original_initiator is set to TRUE * - is_request is set to TRUE * * @return message_t object - * - * @ingroup encoding */ message_t * message_create(void); -#endif /*MESSAGE_H_*/ +#endif /*MESSAGE_H_ @} */ diff --git a/src/charon/encoding/parser.c b/src/charon/encoding/parser.c index d7caf7099..1b03aacb2 100644 --- a/src/charon/encoding/parser.c +++ b/src/charon/encoding/parser.c @@ -1,10 +1,3 @@ -/** - * @file parser.c - * - * @brief Implementation of parser_t. - * - */ - /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -19,6 +12,8 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * $Id: parser.c 4010 2008-05-23 18:23:17Z martin $ */ #include <stdlib.h> @@ -67,7 +62,7 @@ struct private_parser_t { parser_t public; /** - * @brief Parse a 4-Bit unsigned integer from the current parsing position. + * Parse a 4-Bit unsigned integer from the current parsing position. * * @param this parser_t object * @param rule_number number of current rule @@ -79,7 +74,7 @@ struct private_parser_t { status_t (*parse_uint4) (private_parser_t *this, int rule_number, u_int8_t *output_pos); /** - * @brief Parse a 8-Bit unsigned integer from the current parsing position. + * Parse a 8-Bit unsigned integer from the current parsing position. * * @param this parser_t object * @param rule_number number of current rule @@ -91,7 +86,7 @@ struct private_parser_t { status_t (*parse_uint8) (private_parser_t *this, int rule_number, u_int8_t *output_pos); /** - * @brief Parse a 15-Bit unsigned integer from the current parsing position. + * Parse a 15-Bit unsigned integer from the current parsing position. * * This is a special case used for ATTRIBUTE_TYPE. * Big-/Little-endian conversion is done here. @@ -106,7 +101,7 @@ struct private_parser_t { status_t (*parse_uint15) (private_parser_t *this, int rule_number, u_int16_t *output_pos); /** - * @brief Parse a 16-Bit unsigned integer from the current parsing position. + * Parse a 16-Bit unsigned integer from the current parsing position. * * Big-/Little-endian conversion is done here. * @@ -120,7 +115,7 @@ struct private_parser_t { status_t (*parse_uint16) (private_parser_t *this, int rule_number, u_int16_t *output_pos); /** - * @brief Parse a 32-Bit unsigned integer from the current parsing position. + * Parse a 32-Bit unsigned integer from the current parsing position. * * Big-/Little-endian conversion is done here. * @@ -134,7 +129,7 @@ struct private_parser_t { status_t (*parse_uint32) (private_parser_t *this, int rule_number, u_int32_t *output_pos); /** - * @brief Parse a 64-Bit unsigned integer from the current parsing position. + * Parse a 64-Bit unsigned integer from the current parsing position. * * @todo add support for big-endian machines. * @@ -148,7 +143,7 @@ struct private_parser_t { status_t (*parse_uint64) (private_parser_t *this, int rule_number, u_int64_t *output_pos); /** - * @brief Parse a given amount of bytes and writes them to a specific location + * Parse a given amount of bytes and writes them to a specific location * * @param this parser_t object * @param rule_number number of current rule @@ -161,7 +156,7 @@ struct private_parser_t { status_t (*parse_bytes) (private_parser_t *this, int rule_number, u_int8_t *output_pos,size_t bytes); /** - * @brief Parse a single Bit from the current parsing position + * Parse a single Bit from the current parsing position * * @param this parser_t object * @param rule_number number of current rule @@ -173,7 +168,7 @@ struct private_parser_t { status_t (*parse_bit) (private_parser_t *this, int rule_number, bool *output_pos); /** - * @brief Parse substructures in a list + * Parse substructures in a list * * This function calls the parser recursively to parse contained substructures * in a linked_list_t. The list must already be created. Payload defines @@ -192,7 +187,7 @@ struct private_parser_t { status_t (*parse_list) (private_parser_t *this, int rule_number, linked_list_t **output_pos, payload_type_t payload_ype, size_t length); /** - * @brief Parse data from current parsing position in a chunk. + * Parse data from current parsing position in a chunk. * * This function clones length number of bytes to output_pos, without * modifiyng them. Space will be allocated and must be freed by caller. @@ -690,6 +685,11 @@ static status_t parse_payload(private_parser_t *this, payload_type_t payload_typ return PARSE_ERROR; } payload_length = *(u_int16_t*)(output + rule->offset); + if (payload_length < UNKNOWN_PAYLOAD_HEADER_LENGTH) + { + pld->destroy(pld); + return PARSE_ERROR; + } break; } case HEADER_LENGTH: @@ -722,8 +722,9 @@ static status_t parse_payload(private_parser_t *this, payload_type_t payload_typ } case PROPOSALS: { - size_t proposals_length = payload_length - SA_PAYLOAD_HEADER_LENGTH; - if (this->parse_list(this, rule_number, output + rule->offset, PROPOSAL_SUBSTRUCTURE, proposals_length) != SUCCESS) + if (payload_length < SA_PAYLOAD_HEADER_LENGTH || + this->parse_list(this, rule_number, output + rule->offset, PROPOSAL_SUBSTRUCTURE, + payload_length - SA_PAYLOAD_HEADER_LENGTH) != SUCCESS) { pld->destroy(pld); return PARSE_ERROR; @@ -732,8 +733,9 @@ static status_t parse_payload(private_parser_t *this, payload_type_t payload_typ } case TRANSFORMS: { - size_t transforms_length = payload_length - spi_size - PROPOSAL_SUBSTRUCTURE_HEADER_LENGTH; - if (this->parse_list(this, rule_number, output + rule->offset, TRANSFORM_SUBSTRUCTURE, transforms_length) != SUCCESS) + if (payload_length < spi_size + PROPOSAL_SUBSTRUCTURE_HEADER_LENGTH || + this->parse_list(this, rule_number, output + rule->offset, TRANSFORM_SUBSTRUCTURE, + payload_length - spi_size - PROPOSAL_SUBSTRUCTURE_HEADER_LENGTH) != SUCCESS) { pld->destroy(pld); return PARSE_ERROR; @@ -742,8 +744,9 @@ static status_t parse_payload(private_parser_t *this, payload_type_t payload_typ } case TRANSFORM_ATTRIBUTES: { - size_t transform_a_length = payload_length - TRANSFORM_SUBSTRUCTURE_HEADER_LENGTH; - if (this->parse_list(this, rule_number, output + rule->offset, TRANSFORM_ATTRIBUTE, transform_a_length) != SUCCESS) + if (payload_length < TRANSFORM_SUBSTRUCTURE_HEADER_LENGTH || + this->parse_list(this, rule_number, output + rule->offset, TRANSFORM_ATTRIBUTE, + payload_length - TRANSFORM_SUBSTRUCTURE_HEADER_LENGTH) != SUCCESS) { pld->destroy(pld); return PARSE_ERROR; @@ -752,8 +755,9 @@ static status_t parse_payload(private_parser_t *this, payload_type_t payload_typ } case CONFIGURATION_ATTRIBUTES: { - size_t configuration_attributes_length = payload_length - CP_PAYLOAD_HEADER_LENGTH; - if (this->parse_list(this, rule_number, output + rule->offset, CONFIGURATION_ATTRIBUTE, configuration_attributes_length) != SUCCESS) + if (payload_length < CP_PAYLOAD_HEADER_LENGTH || + this->parse_list(this, rule_number, output + rule->offset, CONFIGURATION_ATTRIBUTE, + payload_length - CP_PAYLOAD_HEADER_LENGTH) != SUCCESS) { pld->destroy(pld); return PARSE_ERROR; @@ -814,8 +818,9 @@ static status_t parse_payload(private_parser_t *this, payload_type_t payload_typ } case NONCE_DATA: { - size_t nonce_length = payload_length - NONCE_PAYLOAD_HEADER_LENGTH; - if (this->parse_chunk(this, rule_number, output + rule->offset, nonce_length) != SUCCESS) + if (payload_length < NONCE_PAYLOAD_HEADER_LENGTH || + this->parse_chunk(this, rule_number, output + rule->offset, + payload_length - NONCE_PAYLOAD_HEADER_LENGTH) != SUCCESS) { pld->destroy(pld); return PARSE_ERROR; @@ -824,8 +829,9 @@ static status_t parse_payload(private_parser_t *this, payload_type_t payload_typ } case ID_DATA: { - size_t data_length = payload_length - ID_PAYLOAD_HEADER_LENGTH; - if (this->parse_chunk(this, rule_number, output + rule->offset, data_length) != SUCCESS) + if (payload_length < ID_PAYLOAD_HEADER_LENGTH || + this->parse_chunk(this, rule_number, output + rule->offset, + payload_length - ID_PAYLOAD_HEADER_LENGTH) != SUCCESS) { pld->destroy(pld); return PARSE_ERROR; @@ -834,8 +840,9 @@ static status_t parse_payload(private_parser_t *this, payload_type_t payload_typ } case AUTH_DATA: { - size_t data_length = payload_length - AUTH_PAYLOAD_HEADER_LENGTH; - if (this->parse_chunk(this, rule_number, output + rule->offset, data_length) != SUCCESS) + if (payload_length < AUTH_PAYLOAD_HEADER_LENGTH || + this->parse_chunk(this, rule_number, output + rule->offset, + payload_length - AUTH_PAYLOAD_HEADER_LENGTH) != SUCCESS) { pld->destroy(pld); return PARSE_ERROR; @@ -844,8 +851,9 @@ static status_t parse_payload(private_parser_t *this, payload_type_t payload_typ } case CERT_DATA: { - size_t data_length = payload_length - CERT_PAYLOAD_HEADER_LENGTH; - if (this->parse_chunk(this, rule_number, output + rule->offset, data_length) != SUCCESS) + if (payload_length < CERT_PAYLOAD_HEADER_LENGTH || + this->parse_chunk(this, rule_number, output + rule->offset, + payload_length - CERT_PAYLOAD_HEADER_LENGTH) != SUCCESS) { pld->destroy(pld); return PARSE_ERROR; @@ -854,8 +862,9 @@ static status_t parse_payload(private_parser_t *this, payload_type_t payload_typ } case CERTREQ_DATA: { - size_t data_length = payload_length - CERTREQ_PAYLOAD_HEADER_LENGTH; - if (this->parse_chunk(this, rule_number, output + rule->offset, data_length) != SUCCESS) + if (payload_length < CERTREQ_PAYLOAD_HEADER_LENGTH || + this->parse_chunk(this, rule_number, output + rule->offset, + payload_length - CERTREQ_PAYLOAD_HEADER_LENGTH) != SUCCESS) { pld->destroy(pld); return PARSE_ERROR; @@ -864,8 +873,9 @@ static status_t parse_payload(private_parser_t *this, payload_type_t payload_typ } case EAP_DATA: { - size_t data_length = payload_length - EAP_PAYLOAD_HEADER_LENGTH; - if (this->parse_chunk(this, rule_number, output + rule->offset, data_length) != SUCCESS) + if (payload_length < EAP_PAYLOAD_HEADER_LENGTH || + this->parse_chunk(this, rule_number, output + rule->offset, + payload_length - EAP_PAYLOAD_HEADER_LENGTH) != SUCCESS) { pld->destroy(pld); return PARSE_ERROR; @@ -874,8 +884,9 @@ static status_t parse_payload(private_parser_t *this, payload_type_t payload_typ } case SPIS: { - size_t data_length = payload_length - DELETE_PAYLOAD_HEADER_LENGTH; - if (this->parse_chunk(this, rule_number, output + rule->offset, data_length) != SUCCESS) + if (payload_length < DELETE_PAYLOAD_HEADER_LENGTH || + this->parse_chunk(this, rule_number, output + rule->offset, + payload_length - DELETE_PAYLOAD_HEADER_LENGTH) != SUCCESS) { pld->destroy(pld); return PARSE_ERROR; @@ -884,8 +895,9 @@ static status_t parse_payload(private_parser_t *this, payload_type_t payload_typ } case VID_DATA: { - size_t data_length = payload_length - VENDOR_ID_PAYLOAD_HEADER_LENGTH; - if (this->parse_chunk(this, rule_number, output + rule->offset, data_length) != SUCCESS) + if (payload_length < VENDOR_ID_PAYLOAD_HEADER_LENGTH || + this->parse_chunk(this, rule_number, output + rule->offset, + payload_length - VENDOR_ID_PAYLOAD_HEADER_LENGTH) != SUCCESS) { pld->destroy(pld); return PARSE_ERROR; @@ -904,8 +916,9 @@ static status_t parse_payload(private_parser_t *this, payload_type_t payload_typ } case KEY_EXCHANGE_DATA: { - size_t keydata_length = payload_length - KE_PAYLOAD_HEADER_LENGTH; - if (this->parse_chunk(this, rule_number, output + rule->offset, keydata_length) != SUCCESS) + if (payload_length < KE_PAYLOAD_HEADER_LENGTH || + this->parse_chunk(this, rule_number, output + rule->offset, + payload_length - KE_PAYLOAD_HEADER_LENGTH) != SUCCESS) { pld->destroy(pld); return PARSE_ERROR; @@ -914,8 +927,9 @@ static status_t parse_payload(private_parser_t *this, payload_type_t payload_typ } case NOTIFICATION_DATA: { - size_t notify_length = payload_length - NOTIFY_PAYLOAD_HEADER_LENGTH - spi_size; - if (this->parse_chunk(this, rule_number, output + rule->offset, notify_length) != SUCCESS) + if (payload_length < NOTIFY_PAYLOAD_HEADER_LENGTH + spi_size || + this->parse_chunk(this, rule_number, output + rule->offset, + payload_length - NOTIFY_PAYLOAD_HEADER_LENGTH - spi_size) != SUCCESS) { pld->destroy(pld); return PARSE_ERROR; @@ -924,8 +938,9 @@ static status_t parse_payload(private_parser_t *this, payload_type_t payload_typ } case ENCRYPTED_DATA: { - size_t data_length = payload_length - ENCRYPTION_PAYLOAD_HEADER_LENGTH; - if (this->parse_chunk(this, rule_number, output + rule->offset, data_length) != SUCCESS) + if (payload_length < ENCRYPTION_PAYLOAD_HEADER_LENGTH || + this->parse_chunk(this, rule_number, output + rule->offset, + payload_length - ENCRYPTION_PAYLOAD_HEADER_LENGTH) != SUCCESS) { pld->destroy(pld); return PARSE_ERROR; @@ -954,18 +969,20 @@ static status_t parse_payload(private_parser_t *this, payload_type_t payload_typ } case TRAFFIC_SELECTORS: { - size_t traffic_selectors_length = payload_length - TS_PAYLOAD_HEADER_LENGTH; - if (this->parse_list(this, rule_number, output + rule->offset, TRAFFIC_SELECTOR_SUBSTRUCTURE, traffic_selectors_length) != SUCCESS) + if (payload_length < TS_PAYLOAD_HEADER_LENGTH || + this->parse_list(this, rule_number, output + rule->offset, TRAFFIC_SELECTOR_SUBSTRUCTURE, + payload_length - TS_PAYLOAD_HEADER_LENGTH) != SUCCESS) { pld->destroy(pld); return PARSE_ERROR; } break; } - case UNKNOWN_PAYLOAD: + case UNKNOWN_DATA: { - size_t unknown_payload_data_length = payload_length - UNKNOWN_PAYLOAD_HEADER_LENGTH; - if (this->parse_chunk(this, rule_number, output + rule->offset, unknown_payload_data_length) != SUCCESS) + if (payload_length < UNKNOWN_PAYLOAD_HEADER_LENGTH || + this->parse_chunk(this, rule_number, output + rule->offset, + payload_length - UNKNOWN_PAYLOAD_HEADER_LENGTH) != SUCCESS) { pld->destroy(pld); return PARSE_ERROR; diff --git a/src/charon/encoding/parser.h b/src/charon/encoding/parser.h index e9978524c..58778b57a 100644 --- a/src/charon/encoding/parser.h +++ b/src/charon/encoding/parser.h @@ -1,10 +1,3 @@ -/** - * @file parser.h - * - * @brief Interface of parser_t. - * - */ - /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -19,6 +12,13 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * $Id: parser.h 3589 2008-03-13 14:14:44Z martin $ + */ + +/** + * @defgroup parser parser + * @{ @ingroup encoding */ #ifndef PARSER_H_ @@ -31,65 +31,51 @@ typedef struct parser_t parser_t; #include <encoding/payloads/payload.h> /** - * @brief A parser_t class to parse IKEv2 payloads. + * A parser_t class to parse IKEv2 payloads. * * A parser is used for parsing one chunk of data. Multiple * payloads can be parsed out of the chunk using parse_payload. * The parser remains the state until destroyed. - * - * @b Constructors: - * - parser_create() - * - * @ingroup encoding */ struct parser_t { /** - * @brief Parses the next payload. + * Parses the next payload. * * @warning Caller is responsible for freeing allocated payload. * * Rules for parsing are described in the payload definition. * - * @param this parser_t bject - * @param payload_type payload type to parse - * @param[out] payload pointer where parsed payload was allocated + * @param payload_type payload type to parse + * @param payload pointer where parsed payload was allocated * @return - * - SUCCESSFUL if succeeded, - * - PARSE_ERROR if corrupted/invalid data found + * - SUCCESSFUL if succeeded, + * - PARSE_ERROR if corrupted/invalid data found */ status_t (*parse_payload) (parser_t *this, payload_type_t payload_type, payload_t **payload); /** * Gets the remaining byte count which is not currently parsed. - * - * @param parser parser_t object */ int (*get_remaining_byte_count) (parser_t *this); /** - * @brief Resets the current parser context. - * - * @param parser parser_t object + * Resets the current parser context. */ void (*reset_context) (parser_t *this); /** - * @brief Destroys a parser_t object. - * - * @param parser parser_t object + * Destroys a parser_t object. */ void (*destroy) (parser_t *this); }; /** - * @brief Constructor to create a parser_t object. - * - * @param data chunk of data to parse with this parser_t object - * @return parser_t object + * Constructor to create a parser_t object. * - * @ingroup encoding + * @param data chunk of data to parse with this parser_t object + * @return parser_t object */ parser_t *parser_create(chunk_t data); -#endif /*PARSER_H_*/ +#endif /*PARSER_H_ @} */ diff --git a/src/charon/encoding/payloads/auth_payload.c b/src/charon/encoding/payloads/auth_payload.c index 256d6c8a4..f9ca23236 100644 --- a/src/charon/encoding/payloads/auth_payload.c +++ b/src/charon/encoding/payloads/auth_payload.c @@ -1,10 +1,3 @@ -/** - * @file auth_payload.h - * - * @brief Implementation of auth_payload_t. - * - */ - /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -19,6 +12,8 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * $Id: auth_payload.c 4051 2008-06-10 09:08:27Z tobias $ */ #include "auth_payload.h" @@ -116,7 +111,8 @@ encoding_rule_t auth_payload_encodings[] = { static status_t verify(private_auth_payload_t *this) { if (this->auth_method == 0 || - (this->auth_method >= 4 && this->auth_method <= 200)) + (this->auth_method >= 4 && this->auth_method <= 8) || + (this->auth_method >= 12 && this->auth_method <= 200)) { /* reserved IDs */ return FAILED; diff --git a/src/charon/encoding/payloads/auth_payload.h b/src/charon/encoding/payloads/auth_payload.h index 2db82ec0b..bdbba9e35 100644 --- a/src/charon/encoding/payloads/auth_payload.h +++ b/src/charon/encoding/payloads/auth_payload.h @@ -1,10 +1,3 @@ -/** - * @file auth_payload.h - * - * @brief Interface of auth_payload_t. - * - */ - /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -19,6 +12,13 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * $Id: auth_payload.h 3589 2008-03-13 14:14:44Z martin $ + */ + +/** + * @defgroup auth_payload auth_payload + * @{ @ingroup payloads */ #ifndef AUTH_PAYLOAD_H_ @@ -32,20 +32,13 @@ typedef struct auth_payload_t auth_payload_t; /** * Length of a auth payload without the auth data in bytes. - * - * @ingroup payloads */ #define AUTH_PAYLOAD_HEADER_LENGTH 8 /** - * @brief Class representing an IKEv2 AUTH payload. + * Class representing an IKEv2 AUTH payload. * * The AUTH payload format is described in RFC section 3.8. - * - * @b Constructors: - * - auth_payload_create() - * - * @ingroup payloads */ struct auth_payload_t { @@ -55,67 +48,57 @@ struct auth_payload_t { payload_t payload_interface; /** - * @brief Set the AUTH method. + * Set the AUTH method. * - * @param this calling auth_payload_t object * @param method auth_method_t to use */ void (*set_auth_method) (auth_payload_t *this, auth_method_t method); /** - * @brief Get the AUTH method. + * Get the AUTH method. * - * @param this calling auth_payload_t object * @return auth_method_t used */ auth_method_t (*get_auth_method) (auth_payload_t *this); /** - * @brief Set the AUTH data. + * Set the AUTH data. * - * Data are getting cloned. + * Data gets cloned. * - * @param this calling auth_payload_t object * @param data AUTH data as chunk_t */ void (*set_data) (auth_payload_t *this, chunk_t data); /** - * @brief Get the AUTH data. + * Get the AUTH data. * * Returned data are a copy of the internal one. * - * @param this calling auth_payload_t object * @return AUTH data as chunk_t */ chunk_t (*get_data_clone) (auth_payload_t *this); /** - * @brief Get the AUTH data. + * Get the AUTH data. * * Returned data are NOT copied * - * @param this calling auth_payload_t object * @return AUTH data as chunk_t */ chunk_t (*get_data) (auth_payload_t *this); /** - * @brief Destroys an auth_payload_t object. - * - * @param this auth_payload_t object to destroy + * Destroys an auth_payload_t object. */ void (*destroy) (auth_payload_t *this); }; /** - * @brief Creates an empty auth_payload_t object. + * Creates an empty auth_payload_t object. * * @return auth_payload_t object - * - * @ingroup payloads */ auth_payload_t *auth_payload_create(void); - -#endif /* AUTH_PAYLOAD_H_ */ +#endif /* AUTH_PAYLOAD_H_ @} */ diff --git a/src/charon/encoding/payloads/cert_payload.c b/src/charon/encoding/payloads/cert_payload.c index c456f4936..99f504c5e 100644 --- a/src/charon/encoding/payloads/cert_payload.c +++ b/src/charon/encoding/payloads/cert_payload.c @@ -1,12 +1,6 @@ -/** - * @file cert_payload.c - * - * @brief Implementation of cert_payload_t. - * - */ - /* - * Copyright (C) 2005-2006 Martin Willi + * Copyright (C) 2008 Tobias Brunner + * Copyright (C) 2005-2007 Martin Willi * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil * @@ -19,29 +13,32 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * $Id: cert_payload.c 3852 2008-04-18 21:27:08Z andreas $ */ #include <stddef.h> +#include <ctype.h> -#include "cert_payload.h" +#include <daemon.h> +#include "cert_payload.h" -ENUM(cert_encoding_names, CERT_NONE, CERT_OCSP_CONTENT, - "CERT_NONE", - "CERT_PKCS7_WRAPPED_X509", - "CERT_PGP", - "CERT_DNS_SIGNED_KEY", - "CERT_X509_SIGNATURE", - "CERT_X509_KEY_EXCHANGE", - "CERT_KERBEROS_TOKENS", - "CERT_CRL", - "CERT_ARL", - "CERT_SPKI", - "CERT_X509_ATTRIBUTE", - "CERT_RAW_RSA_KEY", - "CERT_X509_HASH_AND_URL", - "CERT_X509_HASH_AND_URL_BUNDLE", - "CERT_OCSP_CONTENT", +ENUM(cert_encoding_names, ENC_PKCS7_WRAPPED_X509, ENC_OCSP_CONTENT, + "ENC_PKCS7_WRAPPED_X509", + "ENC_PGP", + "ENC_DNS_SIGNED_KEY", + "ENC_X509_SIGNATURE", + "ENC_X509_KEY_EXCHANGE", + "ENC_KERBEROS_TOKENS", + "ENC_CRL", + "ENC_ARL", + "ENC_SPKI", + "ENC_X509_ATTRIBUTE", + "ENC_RAW_RSA_KEY", + "ENC_X509_HASH_AND_URL", + "ENC_X509_HASH_AND_URL_BUNDLE", + "ENC_OCSP_CONTENT", ); typedef struct private_cert_payload_t private_cert_payload_t; @@ -74,12 +71,17 @@ struct private_cert_payload_t { /** * Encoding of the CERT Data. */ - u_int8_t cert_encoding; + u_int8_t encoding; /** * The contained cert data value. */ - chunk_t cert_data; + chunk_t data; + + /** + * TRUE if the "Hash and URL" data is invalid + */ + bool invalid_hash_and_url; }; /** @@ -105,9 +107,9 @@ encoding_rule_t cert_payload_encodings[] = { /* Length of the whole payload*/ { PAYLOAD_LENGTH, offsetof(private_cert_payload_t, payload_length)}, /* 1 Byte CERT type*/ - { U_INT_8, offsetof(private_cert_payload_t, cert_encoding) }, + { U_INT_8, offsetof(private_cert_payload_t, encoding) }, /* some cert data bytes, length is defined in PAYLOAD_LENGTH */ - { CERT_DATA, offsetof(private_cert_payload_t, cert_data) } + { CERT_DATA, offsetof(private_cert_payload_t, data) } }; /* @@ -128,11 +130,41 @@ encoding_rule_t cert_payload_encodings[] = { */ static status_t verify(private_cert_payload_t *this) { - if ((this->cert_encoding == 0) || - ((this->cert_encoding >= CERT_ROOF) && (this->cert_encoding <= 200))) + if (this->encoding == ENC_X509_HASH_AND_URL || + this->encoding == ENC_X509_HASH_AND_URL_BUNDLE) { - /* reserved IDs */ - return FAILED; + /* coarse verification of "Hash and URL" encoded certificates */ + if (this->data.len <= 20) + { + DBG1(DBG_ENC, "invalid payload length for hash-and-url (%d), ignore", + this->data.len); + this->invalid_hash_and_url = TRUE; + return SUCCESS; + } + + int i = 20; /* skipping the hash */ + for (; i < this->data.len; ++i) + { + if (this->data.ptr[i] == '\0') + { + /* null terminated, fine */ + return SUCCESS; + } + else if (!isprint(this->data.ptr[i])) + { + DBG1(DBG_ENC, "non printable characters in url of hash-and-url" + " encoded certificate payload, ignore"); + this->invalid_hash_and_url = TRUE; + return SUCCESS; + } + } + + /* URL is not null terminated, correct that */ + chunk_t data = chunk_alloc(this->data.len + 1); + memcpy(data.ptr, this->data.ptr, this->data.len); + data.ptr[this->data.len] = '\0'; + chunk_free(&this->data); + this->data = data; } return SUCCESS; } @@ -140,7 +172,8 @@ static status_t verify(private_cert_payload_t *this) /** * Implementation of cert_payload_t.get_encoding_rules. */ -static void get_encoding_rules(private_cert_payload_t *this, encoding_rule_t **rules, size_t *rule_count) +static void get_encoding_rules(private_cert_payload_t *this, + encoding_rule_t **rules, size_t *rule_count) { *rules = cert_payload_encodings; *rule_count = sizeof(cert_payload_encodings) / sizeof(encoding_rule_t); @@ -159,7 +192,7 @@ static payload_type_t get_payload_type(private_cert_payload_t *this) */ static payload_type_t get_next_type(private_cert_payload_t *this) { - return (this->next_payload); + return this->next_payload; } /** @@ -179,56 +212,56 @@ static size_t get_length(private_cert_payload_t *this) } /** - * Implementation of cert_payload_t.set_cert_encoding. - */ -static void set_cert_encoding (private_cert_payload_t *this, cert_encoding_t encoding) -{ - this->cert_encoding = encoding; -} - -/** * Implementation of cert_payload_t.get_cert_encoding. */ -static cert_encoding_t get_cert_encoding (private_cert_payload_t *this) +static cert_encoding_t get_cert_encoding(private_cert_payload_t *this) { - return (this->cert_encoding); + return this->encoding; } /** - * Implementation of cert_payload_t.set_data. + * Implementation of cert_payload_t.get_cert. */ -static void set_data (private_cert_payload_t *this, chunk_t data) +static certificate_t *get_cert(private_cert_payload_t *this) { - if (this->cert_data.ptr != NULL) + if (this->encoding != ENC_X509_SIGNATURE) { - chunk_free(&(this->cert_data)); + return NULL; } - this->cert_data.ptr = clalloc(data.ptr,data.len); - this->cert_data.len = data.len; - this->payload_length = CERT_PAYLOAD_HEADER_LENGTH + this->cert_data.len; + return lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, + BUILD_BLOB_ASN1_DER, chunk_clone(this->data), + BUILD_END); } /** - * Implementation of cert_payload_t.get_data. + * Implementation of cert_payload_t.get_hash. */ -static chunk_t get_data (private_cert_payload_t *this) +static chunk_t get_hash(private_cert_payload_t *this) { - return (this->cert_data); + chunk_t hash = chunk_empty; + if ((this->encoding != ENC_X509_HASH_AND_URL && + this->encoding != ENC_X509_HASH_AND_URL_BUNDLE) || + this->invalid_hash_and_url) + { + return hash; + } + hash.ptr = this->data.ptr; + hash.len = 20; + return hash; } /** - * Implementation of cert_payload_t.get_data_clone. + * Implementation of cert_payload_t.get_url. */ -static chunk_t get_data_clone (private_cert_payload_t *this) +static char *get_url(private_cert_payload_t *this) { - chunk_t cloned_data; - if (this->cert_data.ptr == NULL) + if ((this->encoding != ENC_X509_HASH_AND_URL && + this->encoding != ENC_X509_HASH_AND_URL_BUNDLE) || + this->invalid_hash_and_url) { - return (this->cert_data); + return NULL; } - cloned_data.ptr = clalloc(this->cert_data.ptr,this->cert_data.len); - cloned_data.len = this->cert_data.len; - return cloned_data; + return (char*)this->data.ptr + 20; } /** @@ -236,11 +269,7 @@ static chunk_t get_data_clone (private_cert_payload_t *this) */ static void destroy(private_cert_payload_t *this) { - if (this->cert_data.ptr != NULL) - { - chunk_free(&(this->cert_data)); - } - + chunk_free(&this->data); free(this); } @@ -251,7 +280,6 @@ cert_payload_t *cert_payload_create() { private_cert_payload_t *this = malloc_thing(private_cert_payload_t); - /* interface functions */ this->public.payload_interface.verify = (status_t (*) (payload_t*))verify; this->public.payload_interface.get_encoding_rules = (void (*) (payload_t*,encoding_rule_t**, size_t*))get_encoding_rules; this->public.payload_interface.get_length = (size_t (*) (payload_t*))get_length; @@ -260,31 +288,60 @@ cert_payload_t *cert_payload_create() this->public.payload_interface.get_type = (payload_type_t (*) (payload_t*))get_payload_type; this->public.payload_interface.destroy = (void (*) (payload_t*))destroy; - /* public functions */ this->public.destroy = (void (*) (cert_payload_t*))destroy; - this->public.set_cert_encoding = (void (*) (cert_payload_t*,cert_encoding_t))set_cert_encoding; + this->public.get_cert = (certificate_t* (*) (cert_payload_t*))get_cert; this->public.get_cert_encoding = (cert_encoding_t (*) (cert_payload_t*))get_cert_encoding; - this->public.set_data = (void (*) (cert_payload_t*,chunk_t))set_data; - this->public.get_data_clone = (chunk_t (*) (cert_payload_t*))get_data_clone; - this->public.get_data = (chunk_t (*) (cert_payload_t*))get_data; + this->public.get_hash = (chunk_t (*) (cert_payload_t*))get_hash; + this->public.get_url = (char* (*) (cert_payload_t*))get_url; - /* private variables */ this->critical = FALSE; this->next_payload = NO_PAYLOAD; this->payload_length = CERT_PAYLOAD_HEADER_LENGTH; - this->cert_data = chunk_empty; + this->data = chunk_empty; + this->encoding = 0; + this->invalid_hash_and_url = FALSE; - return (&(this->public)); + return &this->public; } /* * Described in header */ -cert_payload_t *cert_payload_create_from_x509(x509_t *cert) +cert_payload_t *cert_payload_create_from_cert(certificate_t *cert) { - cert_payload_t *this = cert_payload_create(); + private_cert_payload_t *this = (private_cert_payload_t*)cert_payload_create(); + + switch (cert->get_type(cert)) + { + case CERT_X509: + this->encoding = ENC_X509_SIGNATURE; + break; + default: + DBG1(DBG_ENC, "embedding %N certificate in payload failed", + certificate_type_names, cert->get_type(cert)); + free(this); + return NULL; + } + this->data = cert->get_encoding(cert); + this->payload_length = CERT_PAYLOAD_HEADER_LENGTH + this->data.len; + return &this->public; +} - this->set_cert_encoding(this, CERT_X509_SIGNATURE); - this->set_data(this, cert->get_certificate(cert)); - return this; +/* + * Described in header + */ +cert_payload_t *cert_payload_create_from_hash_and_url(chunk_t hash, char *url) +{ + private_cert_payload_t *this = (private_cert_payload_t*)cert_payload_create(); + chunk_t url_chunk; + + this->encoding = ENC_X509_HASH_AND_URL; + + url_chunk.ptr = url; + url_chunk.len = strlen(url) + 1; + + this->data = chunk_cat("cc", hash, url_chunk); + this->payload_length = CERT_PAYLOAD_HEADER_LENGTH + this->data.len; + return &this->public; } + diff --git a/src/charon/encoding/payloads/cert_payload.h b/src/charon/encoding/payloads/cert_payload.h index bcb961398..aa16104a8 100644 --- a/src/charon/encoding/payloads/cert_payload.h +++ b/src/charon/encoding/payloads/cert_payload.h @@ -1,12 +1,6 @@ -/** - * @file cert_payload.h - * - * @brief Interface of cert_payload_t. - * - */ - /* - * Copyright (C) 2005-2006 Martin Willi + * Copyright (C) 2008 Tobias Brunner + * Copyright (C) 2005-2007 Martin Willi * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil * @@ -19,69 +13,58 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * $Id: cert_payload.h 3838 2008-04-18 11:24:45Z tobias $ + */ + +/** + * @defgroup cert_payload cert_payload + * @{ @ingroup payloads */ #ifndef CERT_PAYLOAD_H_ #define CERT_PAYLOAD_H_ -typedef enum cert_encoding_t cert_encoding_t; typedef struct cert_payload_t cert_payload_t; +typedef enum cert_encoding_t cert_encoding_t; #include <library.h> -#include <crypto/x509.h> +#include <credentials/certificates/certificate.h> #include <encoding/payloads/payload.h> /** * Length of a cert payload without the cert data in bytes. - * - * @ingroup payloads */ #define CERT_PAYLOAD_HEADER_LENGTH 5 /** - * @brief Certificate encoding, as described in IKEv2 RFC section 3.6 - * - * @ingroup payloads + * Certifcate encodings, as in RFC4306 */ enum cert_encoding_t { - CERT_NONE = 0, - CERT_PKCS7_WRAPPED_X509 = 1, - CERT_PGP = 2, - CERT_DNS_SIGNED_KEY = 3, - CERT_X509_SIGNATURE = 4, - CERT_KERBEROS_TOKEN = 6, - CERT_CRL = 7, - CERT_ARL = 8, - CERT_SPKI = 9, - CERT_X509_ATTRIBUTE = 10, - CERT_RAW_RSA_KEY = 11, - CERT_X509_HASH_AND_URL = 12, - CERT_X509_HASH_AND_URL_BUNDLE = 13, - CERT_OCSP_CONTENT = 14, /* from RFC 4806 */ - CERT_ROOF = 15 + ENC_PKCS7_WRAPPED_X509 = 1, + ENC_PGP = 2, + ENC_DNS_SIGNED_KEY = 3, + ENC_X509_SIGNATURE = 4, + ENC_KERBEROS_TOKEN = 6, + ENC_CRL = 7, + ENC_ARL = 8, + ENC_SPKI = 9, + ENC_X509_ATTRIBUTE = 10, + ENC_RAW_RSA_KEY = 11, + ENC_X509_HASH_AND_URL = 12, + ENC_X509_HASH_AND_URL_BUNDLE = 13, + ENC_OCSP_CONTENT = 14, /* from RFC 4806 */ }; /** - * string mappings for cert_encoding_t. - * - * @ingroup payloads + * Enum names for cert_encoding_t */ extern enum_name_t *cert_encoding_names; /** - * @brief Class representing an IKEv2 CERT payload. + * Class representing an IKEv2 CERT payload. * * The CERT payload format is described in RFC section 3.6. - * This is just a dummy implementation to fullfill the standards - * requirements. A full implementation would offer setters/getters - * for the different encoding types. - * - * @b Constructors: - * - cert_payload_create() - * - * @todo Implement setters/getters for the different certificate encodings. - * - * @ingroup payloads */ struct cert_payload_t { @@ -89,78 +72,69 @@ struct cert_payload_t { * The payload_t interface. */ payload_t payload_interface; - - /** - * @brief Set the CERT encoding. - * - * @param this calling cert_payload_t object - * @param encoding CERT encoding - */ - void (*set_cert_encoding) (cert_payload_t *this, cert_encoding_t encoding); /** - * @brief Get the CERT encoding. + * Get the playoads encoded certifcate. * - * @param this calling cert_payload_t object - * @return Encoding of the CERT + * @return certifcate copy */ - cert_encoding_t (*get_cert_encoding) (cert_payload_t *this); + certificate_t *(*get_cert)(cert_payload_t *this); /** - * @brief Set the CERT data. + * Get the encoding of the certificate. * - * Data are getting cloned. - * - * @param this calling cert_payload_t object - * @param data CERT data as chunk_t + * @return encoding */ - void (*set_data) (cert_payload_t *this, chunk_t data); + cert_encoding_t (*get_cert_encoding)(cert_payload_t *this); /** - * @brief Get the CERT data. + * Get the hash if this is a hash and URL encoded certificate. * - * Returned data are a copy of the internal one. - * - * @param this calling cert_payload_t object - * @return CERT data as chunk_t + * This function returns internal data, do not free. + * + * @return hash */ - chunk_t (*get_data_clone) (cert_payload_t *this); + chunk_t (*get_hash)(cert_payload_t *this); /** - * @brief Get the CERT data. + * Get the URL if this is a hash and URL encoded certificate. * - * Returned data are NOT copied. - * - * @param this calling cert_payload_t object - * @return CERT data as chunk_t + * This function returns internal data, do not free. + * + * @return url */ - chunk_t (*get_data) (cert_payload_t *this); + char *(*get_url)(cert_payload_t *this); + /** - * @brief Destroys an cert_payload_t object. - * - * @param this cert_payload_t object to destroy + * Destroys the cert_payload object. */ void (*destroy) (cert_payload_t *this); }; /** - * @brief Creates an empty cert_payload_t object. + * Creates an empty certificate payload. * + * @param cert certificate to embed * @return cert_payload_t object - * - * @ingroup payloads */ cert_payload_t *cert_payload_create(void); /** - * @brief Creates a cert_payload_t object with an X.509 certificate. + * Creates a certificate payload with an embedded certificate. * - * @param cert X.509 certificate + * @param cert certificate to embed * @return cert_payload_t object + */ +cert_payload_t *cert_payload_create_from_cert(certificate_t *cert); + +/** + * Creates a certificate payload with hash and URL encoding of a certificate. * - * @ingroup payloads + * @param hash hash of the DER encoded certificate (get's cloned) + * @param url the URL to locate the certificate (get's cloned) + * @return cert_payload_t object */ -cert_payload_t *cert_payload_create_from_x509(x509_t *cert); +cert_payload_t *cert_payload_create_from_hash_and_url(chunk_t hash, char *url); -#endif /* CERT_PAYLOAD_H_ */ +#endif /* CERT_PAYLOAD_H_ @} */ diff --git a/src/charon/encoding/payloads/certreq_payload.c b/src/charon/encoding/payloads/certreq_payload.c index 46663811a..1b499e9e8 100644 --- a/src/charon/encoding/payloads/certreq_payload.c +++ b/src/charon/encoding/payloads/certreq_payload.c @@ -1,10 +1,3 @@ -/** - * @file certreq_payload.c - * - * @brief Implementation of certreq_payload_t. - * - */ - /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -19,14 +12,15 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * $Id: certreq_payload.c 3589 2008-03-13 14:14:44Z martin $ */ #include <stddef.h> -#include <string.h> #include <daemon.h> #include <crypto/hashers/hasher.h> -#include <crypto/ca.h> +#include <encoding/payloads/cert_payload.h> #include "certreq_payload.h" @@ -61,12 +55,12 @@ struct private_certreq_payload_t { /** * Encoding of the CERT Data. */ - u_int8_t cert_encoding; + u_int8_t encoding; /** * The contained certreq data value. */ - chunk_t certreq_data; + chunk_t data; }; /** @@ -90,11 +84,11 @@ encoding_rule_t certreq_payload_encodings[] = { { RESERVED_BIT, 0 }, { RESERVED_BIT, 0 }, /* Length of the whole payload*/ - { PAYLOAD_LENGTH, offsetof(private_certreq_payload_t, payload_length)}, + { PAYLOAD_LENGTH, offsetof(private_certreq_payload_t, payload_length) }, /* 1 Byte CERTREQ type*/ - { U_INT_8, offsetof(private_certreq_payload_t, cert_encoding)}, + { U_INT_8, offsetof(private_certreq_payload_t, encoding) }, /* some certreq data bytes, length is defined in PAYLOAD_LENGTH */ - { CERTREQ_DATA, offsetof(private_certreq_payload_t, certreq_data)} + { CERTREQ_DATA, offsetof(private_certreq_payload_t, data) } }; /* @@ -115,11 +109,15 @@ encoding_rule_t certreq_payload_encodings[] = { */ static status_t verify(private_certreq_payload_t *this) { - if ((this->cert_encoding == 0) || - ((this->cert_encoding >= CERT_ROOF) && (this->cert_encoding <= 200))) + if (this->encoding == ENC_X509_SIGNATURE) { - /* reserved IDs */ - return FAILED; + if (this->data.len < HASH_SIZE_SHA1 || + this->data.len % HASH_SIZE_SHA1) + { + DBG1(DBG_ENC, "invalid X509 hash length (%d) in certreq", + this->data.len); + return FAILED; + } } return SUCCESS; } @@ -164,58 +162,78 @@ static size_t get_length(private_certreq_payload_t *this) { return this->payload_length; } - + /** - * Implementation of certreq_payload_t.set_cert_encoding. + * Implementation of certreq_payload_t.add_keyid. */ -static void set_cert_encoding (private_certreq_payload_t *this, cert_encoding_t encoding) +static void add_keyid(private_certreq_payload_t *this, chunk_t keyid) { - this->cert_encoding = encoding; + this->data = chunk_cat("mc", this->data, keyid); + this->payload_length += keyid.len; } +typedef struct keyid_enumerator_t keyid_enumerator_t; + /** - * Implementation of certreq_payload_t.get_cert_encoding. + * enumerator to enumerate keyids */ -static cert_encoding_t get_cert_encoding (private_certreq_payload_t *this) -{ - return (this->cert_encoding); -} +struct keyid_enumerator_t { + enumerator_t public; + chunk_t full; + u_char *pos; +}; /** - * Implementation of certreq_payload_t.set_data. + * enumerate function for keyid_enumerator */ -static void set_data (private_certreq_payload_t *this, chunk_t data) +static bool keyid_enumerate(keyid_enumerator_t *this, chunk_t *chunk) { - if (this->certreq_data.ptr != NULL) + if (this->pos == NULL) + { + this->pos = this->full.ptr; + } + else { - chunk_free(&(this->certreq_data)); + this->pos += HASH_SIZE_SHA1; + if (this->pos > (this->full.ptr + this->full.len - HASH_SIZE_SHA1)) + { + this->pos = NULL; + } } - this->certreq_data.ptr = clalloc(data.ptr,data.len); - this->certreq_data.len = data.len; - this->payload_length = CERTREQ_PAYLOAD_HEADER_LENGTH + this->certreq_data.len; + if (this->pos) + { + chunk->ptr = this->pos; + chunk->len = HASH_SIZE_SHA1; + return TRUE; + } + return FALSE; } /** - * Implementation of certreq_payload_t.get_data. + * Implementation of certreq_payload_t.create_keyid_enumerator. */ -static chunk_t get_data (private_certreq_payload_t *this) +static enumerator_t* create_keyid_enumerator(private_certreq_payload_t *this) { - return (this->certreq_data); + keyid_enumerator_t *enumerator = malloc_thing(keyid_enumerator_t); + enumerator->public.enumerate = (void*)keyid_enumerate; + enumerator->public.destroy = (void*)free; + enumerator->full = this->data; + enumerator->pos = NULL; + return &enumerator->public; } /** - * Implementation of certreq_payload_t.get_data_clone. + * Implementation of certreq_payload_t.get_cert_type. */ -static chunk_t get_data_clone (private_certreq_payload_t *this) +static certificate_type_t get_cert_type(private_certreq_payload_t *this) { - chunk_t cloned_data; - if (this->certreq_data.ptr == NULL) + switch (this->encoding) { - return (this->certreq_data); + case ENC_X509_SIGNATURE: + return CERT_X509; + default: + return CERT_ANY; } - cloned_data.ptr = clalloc(this->certreq_data.ptr,this->certreq_data.len); - cloned_data.len = this->certreq_data.len; - return cloned_data; } /** @@ -223,11 +241,7 @@ static chunk_t get_data_clone (private_certreq_payload_t *this) */ static void destroy(private_certreq_payload_t *this) { - if (this->certreq_data.ptr != NULL) - { - chunk_free(&(this->certreq_data)); - } - + chunk_free(&this->data); free(this); } @@ -249,87 +263,38 @@ certreq_payload_t *certreq_payload_create() /* public functions */ this->public.destroy = (void (*) (certreq_payload_t*)) destroy; - this->public.set_cert_encoding = (void (*) (certreq_payload_t*,cert_encoding_t))set_cert_encoding; - this->public.get_cert_encoding = (cert_encoding_t (*) (certreq_payload_t*))get_cert_encoding; - this->public.set_data = (void (*) (certreq_payload_t*,chunk_t))set_data; - this->public.get_data_clone = (chunk_t (*) (certreq_payload_t*))get_data_clone; - this->public.get_data = (chunk_t (*) (certreq_payload_t*))get_data; + this->public.create_keyid_enumerator = (enumerator_t*(*)(certreq_payload_t*))create_keyid_enumerator; + this->public.get_cert_type = (certificate_type_t(*)(certreq_payload_t*))get_cert_type; + this->public.add_keyid = (void(*)(certreq_payload_t*, chunk_t keyid))add_keyid; /* private variables */ this->critical = FALSE; this->next_payload = NO_PAYLOAD; - this->payload_length =CERTREQ_PAYLOAD_HEADER_LENGTH; - this->certreq_data = chunk_empty; + this->payload_length = CERTREQ_PAYLOAD_HEADER_LENGTH; + this->data = chunk_empty; + this->encoding = 0; - return (&(this->public)); + return &this->public; } /* * Described in header */ -certreq_payload_t *certreq_payload_create_from_cacert(identification_t *id) +certreq_payload_t *certreq_payload_create_type(certificate_type_t type) { - x509_t *cacert; - rsa_public_key_t *pubkey; - chunk_t keyid; - certreq_payload_t *this; + private_certreq_payload_t *this = (private_certreq_payload_t*)certreq_payload_create(); - cacert = charon->credentials->get_auth_certificate(charon->credentials, AUTH_CA, id); - if (cacert == NULL) + switch (type) { - /* no such CA cert */ - return NULL; + case CERT_X509: + this->encoding = ENC_X509_SIGNATURE; + break; + default: + DBG1(DBG_ENC, "certificate type %N not supported in requests", + certificate_type_names, type); + free(this); + return NULL; } - - this = certreq_payload_create(); - pubkey = cacert->get_public_key(cacert); - keyid = pubkey->get_keyid(pubkey); - - DBG2(DBG_IKE, "requesting certificate issued by '%D'", id); - DBG2(DBG_IKE, " with keyid %#B", &keyid); - - this->set_cert_encoding(this, CERT_X509_SIGNATURE); - this->set_data(this, keyid); - return this; + return &this->public; } -/* - * Described in header - */ -certreq_payload_t *certreq_payload_create_from_cacerts(void) -{ - certreq_payload_t *this; - chunk_t keyids; - u_char *pos; - ca_info_t *cainfo; - - iterator_t *iterator = charon->credentials->create_cainfo_iterator(charon->credentials); - int count = iterator->get_count(iterator); - - if (count == 0) - { - iterator->destroy(iterator); - return NULL; - } - - this = certreq_payload_create(); - keyids = chunk_alloc(count * HASH_SIZE_SHA1); - pos = keyids.ptr; - - while (iterator->iterate(iterator, (void**)&cainfo)) - { - x509_t *cacert = cainfo->get_certificate(cainfo); - chunk_t keyid = cacert->get_keyid(cacert); - - DBG2(DBG_IKE, "requesting certificate issued by '%D'", cacert->get_subject(cacert)); - DBG2(DBG_IKE, " with keyid %#B", &keyid); - memcpy(pos, keyid.ptr, keyid.len); - pos += HASH_SIZE_SHA1; - } - iterator->destroy(iterator); - - this->set_cert_encoding(this, CERT_X509_SIGNATURE); - this->set_data(this, keyids); - free(keyids.ptr); - return this; -} diff --git a/src/charon/encoding/payloads/certreq_payload.h b/src/charon/encoding/payloads/certreq_payload.h index 2985fdae1..b835d7ad6 100644 --- a/src/charon/encoding/payloads/certreq_payload.h +++ b/src/charon/encoding/payloads/certreq_payload.h @@ -1,10 +1,3 @@ -/** - * @file certreq_payload.h - * - * @brief Interface of certreq_payload_t. - * - */ - /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -19,6 +12,13 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * $Id: certreq_payload.h 3589 2008-03-13 14:14:44Z martin $ + */ + +/** + * @defgroup certreq_payload certreq_payload + * @{ @ingroup payloads */ #ifndef CERTREQ_PAYLOAD_H_ @@ -32,26 +32,13 @@ typedef struct certreq_payload_t certreq_payload_t; /** * Length of a CERTREQ payload without the CERTREQ data in bytes. - * - * @ingroup payloads */ #define CERTREQ_PAYLOAD_HEADER_LENGTH 5 - /** - * @brief Class representing an IKEv2 CERTREQ payload. + * Class representing an IKEv2 CERTREQ payload. * * The CERTREQ payload format is described in RFC section 3.7. - * This is just a dummy implementation to fullfill the standards - * requirements. A full implementation would offer setters/getters - * for the different encoding types. - * - * @b Constructors: - * - certreq_payload_create() - * - * @todo Implement payload functionality. - * - * @ingroup payloads */ struct certreq_payload_t { /** @@ -60,85 +47,46 @@ struct certreq_payload_t { payload_t payload_interface; /** - * @brief Set the CERT encoding. - * - * @param this calling certreq_payload_t object - * @param encoding CERT encoding - */ - void (*set_cert_encoding) (certreq_payload_t *this, cert_encoding_t encoding); - - /** - * @brief Get the CERT encoding. - * - * @param this calling certreq_payload_t object - * @return Encoding of the CERT - */ - cert_encoding_t (*get_cert_encoding) (certreq_payload_t *this); - - /** - * @brief Set the CERTREQ data. - * - * Data are getting cloned. + * Create an enumerator over contained keyids. * - * @param this calling certreq_payload_t object - * @param data CERTREQ data as chunk_t + * @return enumerator over chunk_t's. */ - void (*set_data) (certreq_payload_t *this, chunk_t data); + enumerator_t* (*create_keyid_enumerator)(certreq_payload_t *this); /** - * @brief Get the CERTREQ data. - * - * Returned data are a copy of the internal one. + * Get the type of contained certificate keyids. * - * @param this calling certreq_payload_t object - * @return CERTREQ data as chunk_t + * @return certificate keyid type */ - chunk_t (*get_data_clone) (certreq_payload_t *this); + certificate_type_t (*get_cert_type)(certreq_payload_t *this); /** - * @brief Get the CERTREQ data. - * - * Returned data are NOT copied. + * Add a certificates keyid to the payload. * - * @param this calling certreq_payload_t object - * @return CERTREQ data as chunk_t + * @param keyid keyid of the trusted certifcate + * @return */ - chunk_t (*get_data) (certreq_payload_t *this); + void (*add_keyid)(certreq_payload_t *this, chunk_t keyid); /** - * @brief Destroys an certreq_payload_t object. - * - * @param this certreq_payload_t object to destroy + * Destroys an certreq_payload_t object. */ void (*destroy) (certreq_payload_t *this); }; /** - * @brief Creates an empty certreq_payload_t object. + * Creates an empty certreq_payload_t object. * - * @return certreq_payload_t object - * - * @ingroup payloads + * @return certreq payload */ certreq_payload_t *certreq_payload_create(void); /** - * @brief Creates a certreq_payload_t object from a ca certificate - * - * @param id subject distinguished name of CA certificate - * @return certreq_payload_t object - * - * @ingroup payloads - */ -certreq_payload_t *certreq_payload_create_from_cacert(identification_t *id); - -/** - * @brief Creates a certreq_payload_t object from all ca certificates - * - * @return certreq_payload_t object + * Creates an empty certreq_payload_t for a kind of certificates. * - * @ingroup payloads + * @param type type of the added keyids + * @return certreq payload */ -certreq_payload_t *certreq_payload_create_from_cacerts(void); +certreq_payload_t *certreq_payload_create_type(certificate_type_t type); -#endif /* CERTREQ_PAYLOAD_H_ */ +#endif /* CERTREQ_PAYLOAD_H_ @} */ diff --git a/src/charon/encoding/payloads/configuration_attribute.c b/src/charon/encoding/payloads/configuration_attribute.c index afd08c6be..6b1cbffb4 100644 --- a/src/charon/encoding/payloads/configuration_attribute.c +++ b/src/charon/encoding/payloads/configuration_attribute.c @@ -1,10 +1,3 @@ -/** - * @file configuration_attribute.c - * - * @brief Implementation of configuration_attribute_t. - * - */ - /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -19,6 +12,8 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * $Id: configuration_attribute.c 3589 2008-03-13 14:14:44Z martin $ */ #include <stddef.h> diff --git a/src/charon/encoding/payloads/configuration_attribute.h b/src/charon/encoding/payloads/configuration_attribute.h index 5c4f65b14..ade837107 100644 --- a/src/charon/encoding/payloads/configuration_attribute.h +++ b/src/charon/encoding/payloads/configuration_attribute.h @@ -1,10 +1,3 @@ -/** - * @file configuration_attribute.h - * - * @brief Interface of configuration_attribute_t. - * - */ - /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -19,6 +12,13 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * $Id: configuration_attribute.h 3589 2008-03-13 14:14:44Z martin $ + */ + +/** + * @defgroup configuration_attribute configuration_attribute + * @{ @ingroup payloads */ #ifndef CONFIGURATION_ATTRIBUTE_H_ @@ -33,15 +33,11 @@ typedef struct configuration_attribute_t configuration_attribute_t; /** * Configuration attribute header length in bytes. - * - * @ingroup payloads */ #define CONFIGURATION_ATTRIBUTE_HEADER_LENGTH 4 /** * Type of the attribute, as in IKEv2 RFC 3.15.1. - * - * @ingroup payloads */ enum configuration_attribute_type_t { INTERNAL_IP4_ADDRESS = 1, @@ -62,20 +58,13 @@ enum configuration_attribute_type_t { /** * enum names for configuration_attribute_type_t. - * - * @ingroup payloads */ extern enum_name_t *configuration_attribute_type_names; /** - * @brief Class representing an IKEv2-CONFIGURATION Attribute. + * Class representing an IKEv2-CONFIGURATION Attribute. * * The CONFIGURATION ATTRIBUTE format is described in RFC section 3.15.1. - * - * @b Constructors: - * - configuration_attribute_create() - * - * @ingroup payloads */ struct configuration_attribute_t { /** @@ -84,64 +73,55 @@ struct configuration_attribute_t { payload_t payload_interface; /** - * @brief Returns the currently set value of the attribute. + * Returns the currently set value of the attribute. * * @warning Returned data are not copied. * - * @param this calling configuration_attribute_t object * @return chunk_t pointing to the value */ chunk_t (*get_value) (configuration_attribute_t *this); /** - * @brief Sets the value of the attribute. + * Sets the value of the attribute. * - * @warning Value is getting copied. + * Value is getting copied. * - * @param this calling configuration_attribute_t object * @param value chunk_t pointing to the value to set */ void (*set_value) (configuration_attribute_t *this, chunk_t value); /** - * @brief Sets the type of the attribute. + * Sets the type of the attribute. * - * @param this calling configuration_attribute_t object * @param type type to set (most significant bit is set to zero) */ void (*set_type) (configuration_attribute_t *this, u_int16_t type); /** - * @brief get the type of the attribute. + * get the type of the attribute. * - * @param this calling configuration_attribute_t object * @return type of the value */ u_int16_t (*get_type) (configuration_attribute_t *this); /** - * @brief get the length of an attribute. + * get the length of an attribute. * - * @param this calling configuration_attribute_t object * @return type of the value */ u_int16_t (*get_length) (configuration_attribute_t *this); /** - * @brief Destroys an configuration_attribute_t object. - * - * @param this configuration_attribute_t object to destroy + * Destroys an configuration_attribute_t object. */ void (*destroy) (configuration_attribute_t *this); }; /** - * @brief Creates an empty configuration_attribute_t object. + * Creates an empty configuration_attribute_t object. * * @return created configuration_attribute_t object - * - * @ingroup payloads */ configuration_attribute_t *configuration_attribute_create(void); -#endif /* CONFIGURATION_ATTRIBUTE_H_*/ +#endif /* CONFIGURATION_ATTRIBUTE_H_ @} */ diff --git a/src/charon/encoding/payloads/cp_payload.c b/src/charon/encoding/payloads/cp_payload.c index 380ed9681..d39dc2a47 100644 --- a/src/charon/encoding/payloads/cp_payload.c +++ b/src/charon/encoding/payloads/cp_payload.c @@ -1,10 +1,3 @@ -/** - * @file cp_payload.c - * - * @brief Implementation of cp_payload_t. - * - */ - /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -19,6 +12,8 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * $Id: cp_payload.c 3589 2008-03-13 14:14:44Z martin $ */ #include <stddef.h> diff --git a/src/charon/encoding/payloads/cp_payload.h b/src/charon/encoding/payloads/cp_payload.h index 27ff41005..0ca75e71d 100644 --- a/src/charon/encoding/payloads/cp_payload.h +++ b/src/charon/encoding/payloads/cp_payload.h @@ -1,10 +1,3 @@ -/** - * @file cp_payload.h - * - * @brief Interface of cp_payload_t. - * - */ - /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -19,6 +12,13 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * $Id: cp_payload.h 3589 2008-03-13 14:14:44Z martin $ + */ + +/** + * @defgroup cp_payload cp_payload + * @{ @ingroup payloads */ #ifndef CP_PAYLOAD_H_ @@ -34,15 +34,11 @@ typedef struct cp_payload_t cp_payload_t; /** * CP_PAYLOAD length in bytes without any proposal substructure. - * - * @ingroup payloads */ #define CP_PAYLOAD_HEADER_LENGTH 8 /** * Config Type of an Configuration Payload. - * - * @ingroup payloads */ enum config_type_t { CFG_REQUEST = 1, @@ -53,20 +49,13 @@ enum config_type_t { /** * enum name for config_type_t. - * - * @ingroup payloads */ extern enum_name_t *config_type_names; /** - * @brief Class representing an IKEv2-CP Payload. + * Class representing an IKEv2-CP Payload. * * The CP Payload format is described in RFC section 3.15. - * - * @b Constructors: - * - cp_payload_create() - * - * @ingroup payloads */ struct cp_payload_t { /** @@ -75,58 +64,50 @@ struct cp_payload_t { payload_t payload_interface; /** - * @brief Creates an iterator of stored configuration_attribute_t objects. + * Creates an iterator of stored configuration_attribute_t objects. * * When deleting an attribute using this iterator, the length of this * configuration_attribute_t has to be refreshed by calling get_length()! * - * @param this calling cp_payload_t object * @return created iterator_t object */ iterator_t *(*create_attribute_iterator) (cp_payload_t *this); /** - * @brief Adds a configuration_attribute_t object to this object. + * Adds a configuration_attribute_t object to this object. * * The added configuration_attribute_t object is getting destroyed in * destroy function of cp_payload_t. * - * @param this calling cp_payload_t object * @param attribute configuration_attribute_t object to add */ void (*add_configuration_attribute) (cp_payload_t *this, configuration_attribute_t *attribute); /** - * @brief Set the config type. + * Set the config type. * - * @param this calling cp_payload_t object * @param config_type config_type_t to set */ void (*set_config_type) (cp_payload_t *this,config_type_t config_type); /** - * @brief Get the config type. + * Get the config type. * - * @param this calling cp_payload_t object * @return config_type_t */ config_type_t (*get_config_type) (cp_payload_t *this); /** - * @brief Destroys an cp_payload_t object. - * - * @param this cp_payload_t object to destroy + * Destroys an cp_payload_t object. */ void (*destroy) (cp_payload_t *this); }; /** - * @brief Creates an empty cp_payload_t object + * Creates an empty cp_payload_t object * * @return cp_payload_t object - * - * @ingroup payloads */ cp_payload_t *cp_payload_create(void); -#endif /*CP_PAYLOAD_H_*/ +#endif /*CP_PAYLOAD_H_ @} */ diff --git a/src/charon/encoding/payloads/delete_payload.c b/src/charon/encoding/payloads/delete_payload.c index 1d42a3af2..01ee7f027 100644 --- a/src/charon/encoding/payloads/delete_payload.c +++ b/src/charon/encoding/payloads/delete_payload.c @@ -1,10 +1,3 @@ -/** - * @file delete_payload.c - * - * @brief Implementation of delete_payload_t. - * - */ - /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -19,6 +12,8 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * $Id: delete_payload.c 3589 2008-03-13 14:14:44Z martin $ */ #include <stddef.h> diff --git a/src/charon/encoding/payloads/delete_payload.h b/src/charon/encoding/payloads/delete_payload.h index 508f7fba2..2c1a596b9 100644 --- a/src/charon/encoding/payloads/delete_payload.h +++ b/src/charon/encoding/payloads/delete_payload.h @@ -1,10 +1,3 @@ -/** - * @file delete_payload.h - * - * @brief Interface of delete_payload_t. - * - */ - /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -19,6 +12,13 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * $Id: delete_payload.h 3589 2008-03-13 14:14:44Z martin $ + */ + +/** + * @defgroup delete_payload delete_payload + * @{ @ingroup payloads */ #ifndef DELETE_PAYLOAD_H_ @@ -32,22 +32,13 @@ typedef struct delete_payload_t delete_payload_t; /** * Length of a delete payload without the SPI in bytes. - * - * @ingroup payloads */ #define DELETE_PAYLOAD_HEADER_LENGTH 8 /** - * @brief Class representing an IKEv2 DELETE payload. + * Class representing an IKEv2 DELETE payload. * * The DELETE payload format is described in RFC section 3.11. - * - * @b Constructors: - * - delete_payload_create() - * - * @todo Implement better setter/getters - * - * @ingroup payloads */ struct delete_payload_t { /** @@ -56,47 +47,40 @@ struct delete_payload_t { payload_t payload_interface; /** - * @brief Get the protocol ID. + * Get the protocol ID. * - * @param this calling delete_payload_t object * @return protocol ID */ protocol_id_t (*get_protocol_id) (delete_payload_t *this); /** - * @brief Add an SPI to the list of deleted SAs. + * Add an SPI to the list of deleted SAs. * - * @param this calling delete_payload_t object * @param spi spi to add */ void (*add_spi) (delete_payload_t *this, u_int32_t spi); /** - * @brief Get an iterator over the SPIs. + * Get an iterator over the SPIs. * * The iterate() function returns a pointer to a u_int32_t SPI. * - * @param this calling delete_payload_t object * @return iterator over SPIs */ iterator_t *(*create_spi_iterator) (delete_payload_t *this); /** - * @brief Destroys an delete_payload_t object. - * - * @param this delete_payload_t object to destroy + * Destroys an delete_payload_t object. */ void (*destroy) (delete_payload_t *this); }; /** - * @brief Creates an empty delete_payload_t object. + * Creates an empty delete_payload_t object. * * @param protocol_id protocol, such as AH|ESP * @return delete_payload_t object - * - * @ingroup payloads */ delete_payload_t *delete_payload_create(protocol_id_t protocol_id); -#endif /* DELETE_PAYLOAD_H_ */ +#endif /* DELETE_PAYLOAD_H_ @} */ diff --git a/src/charon/encoding/payloads/eap_payload.c b/src/charon/encoding/payloads/eap_payload.c index da2498c5e..d9a6fe6dd 100644 --- a/src/charon/encoding/payloads/eap_payload.c +++ b/src/charon/encoding/payloads/eap_payload.c @@ -1,10 +1,3 @@ -/** - * @file eap_payload.c - * - * @brief Implementation of eap_payload_t. - * - */ - /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -19,6 +12,8 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * $Id: eap_payload.c 3589 2008-03-13 14:14:44Z martin $ */ #include <stddef.h> diff --git a/src/charon/encoding/payloads/eap_payload.h b/src/charon/encoding/payloads/eap_payload.h index e4f8663c2..23558053d 100644 --- a/src/charon/encoding/payloads/eap_payload.h +++ b/src/charon/encoding/payloads/eap_payload.h @@ -1,10 +1,3 @@ -/** - * @file eap_payload.h - * - * @brief Interface of eap_payload_t. - * - */ - /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -19,6 +12,13 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * $Id: eap_payload.h 3589 2008-03-13 14:14:44Z martin $ + */ + +/** + * @defgroup eap_payload eap_payload + * @{ @ingroup payloads */ #ifndef EAP_PAYLOAD_H_ @@ -32,20 +32,13 @@ typedef struct eap_payload_t eap_payload_t; /** * Length of a EAP payload without the EAP Message in bytes. - * - * @ingroup payloads */ #define EAP_PAYLOAD_HEADER_LENGTH 4 /** - * @brief Class representing an IKEv2 EAP payload. + * Class representing an IKEv2 EAP payload. * * The EAP payload format is described in RFC section 3.16. - * - * @b Constructors: - * - eap_payload_create() - * - * @ingroup payloads */ struct eap_payload_t { @@ -55,79 +48,68 @@ struct eap_payload_t { payload_t payload_interface; /** - * @brief Set the contained EAP data. + * Set the contained EAP data. * * This contains the FULL EAP message starting with "code". * Chunk gets cloned. * - * @param this calling eap_payload_t object * @param message EAP data */ void (*set_data) (eap_payload_t *this, chunk_t data); /** - * @brief Get the contained EAP data. + * Get the contained EAP data. * * This contains the FULL EAP message starting with "code". * - * @param this calling eap_payload_t object * @return EAP data (pointer to internal data) */ chunk_t (*get_data) (eap_payload_t *this); /** - * @brief Get the EAP code. + * Get the EAP code. * - * @param this calling eap_payload_t object * @return EAP message as chunk_t */ eap_code_t (*get_code) (eap_payload_t *this); /** - * @brief Get the EAP identifier. + * Get the EAP identifier. * - * @param this calling eap_payload_t object * @return unique identifier */ u_int8_t (*get_identifier) (eap_payload_t *this); /** - * @brief Get the EAP method type. + * Get the EAP method type. * - * @param this calling eap_payload_t object * @param vendor pointer receiving vendor identifier * @return EAP method type, vendor specific if vendor != 0 */ eap_type_t (*get_type) (eap_payload_t *this, u_int32_t *vendor); /** - * @brief Destroys an eap_payload_t object. - * - * @param this eap_payload_t object to destroy + * Destroys an eap_payload_t object. */ void (*destroy) (eap_payload_t *this); }; /** - * @brief Creates an empty eap_payload_t object. + * Creates an empty eap_payload_t object. * * @return eap_payload_t object - * - * @ingroup payloads */ eap_payload_t *eap_payload_create(void); /** - * @brief Creates an eap_payload_t object with data. + * Creates an eap_payload_t object with data. * * @return eap_payload_t object - * - * @ingroup payloads */ eap_payload_t *eap_payload_create_data(chunk_t data); /** - * @brief Creates an eap_payload_t object with a code. + * Creates an eap_payload_t object with a code. * * Could should be either EAP_SUCCESS/EAP_FAILURE, use * constructor above otherwise. @@ -135,19 +117,15 @@ eap_payload_t *eap_payload_create_data(chunk_t data); * @param code EAP status code * @param identifier EAP identifier to use in payload * @return eap_payload_t object - * - * @ingroup payloads */ eap_payload_t *eap_payload_create_code(eap_code_t code, u_int8_t identifier); /** - * @brief Creates an eap_payload_t EAP_RESPONSE containing an EAP_NAK. + * Creates an eap_payload_t EAP_RESPONSE containing an EAP_NAK. * * @param identifier EAP identifier to use in payload * @return eap_payload_t object - * - * @ingroup payloads */ eap_payload_t *eap_payload_create_nak(u_int8_t identifier); -#endif /* EAP_PAYLOAD_H_ */ +#endif /* EAP_PAYLOAD_H_ @} */ diff --git a/src/charon/encoding/payloads/encodings.c b/src/charon/encoding/payloads/encodings.c index 55a7cf132..66c1fd999 100644 --- a/src/charon/encoding/payloads/encodings.c +++ b/src/charon/encoding/payloads/encodings.c @@ -1,10 +1,3 @@ -/** - * @file encodings.c - * - * @brief String mappings of encoding_type_t. - * - */ - /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -19,6 +12,8 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * $Id: encodings.c 3589 2008-03-13 14:14:44Z martin $ */ diff --git a/src/charon/encoding/payloads/encodings.h b/src/charon/encoding/payloads/encodings.h index 5e07fbfab..73c5f9c36 100644 --- a/src/charon/encoding/payloads/encodings.h +++ b/src/charon/encoding/payloads/encodings.h @@ -1,10 +1,3 @@ -/** - * @file encodings.h - * - * @brief Definition of encoding_type_t. - * - */ - /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -19,6 +12,13 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * $Id: encodings.h 3589 2008-03-13 14:14:44Z martin $ + */ + +/** + * @defgroup encodings encodings + * @{ @ingroup payloads */ #ifndef ENCODINGS_H_ @@ -30,7 +30,7 @@ typedef struct encoding_rule_t encoding_rule_t; #include <library.h> /** - * @brief All different kinds of encoding types. + * All different kinds of encoding types. * * Each field of an IKEv2-Message (in header or payload) * which has to be parsed or generated differently has its own @@ -40,8 +40,6 @@ typedef struct encoding_rule_t encoding_rule_t; * from PRIVATE USE space. Also the substructures * of specific payload types get their own payload_id * from PRIVATE_USE space. See IKEv2-Draft for more informations. - * - * @ingroup payloads */ enum encoding_type_t { @@ -114,7 +112,7 @@ enum encoding_type_t { U_INT_64, /** - * @brief represents a RESERVED_BIT used in FLAG-Bytes. + * represents a RESERVED_BIT used in FLAG-Bytes. * * When generating, the next bit is set to zero and the current write * position is moved one bit forward. @@ -128,7 +126,7 @@ enum encoding_type_t { RESERVED_BIT, /** - * @brief represents a RESERVED_BYTE. + * represents a RESERVED_BYTE. * * When generating, the next byte is set to zero and the current write * position is moved one byte forward. @@ -499,21 +497,16 @@ enum encoding_type_t { /** * enum name for encoding_type_t - * - * @ingroup payloads */ extern enum_name_t *encoding_type_names; /** + * Rule how to en-/decode a payload field. + * * An encoding rule is a mapping of a specific encoding type to * a location in the data struct where the current field is stored to * or read from. - * - * For examples see files in this directory. - * * This rules are used by parser and generator. - * - * @ingroup payloads */ struct encoding_rule_t { @@ -534,4 +527,4 @@ struct encoding_rule_t { u_int32_t offset; }; -#endif /*ENCODINGS_H_*/ +#endif /*ENCODINGS_H_ @} */ diff --git a/src/charon/encoding/payloads/encryption_payload.c b/src/charon/encoding/payloads/encryption_payload.c index 23b6e8d9f..7237c69c5 100644 --- a/src/charon/encoding/payloads/encryption_payload.c +++ b/src/charon/encoding/payloads/encryption_payload.c @@ -1,10 +1,3 @@ -/** - * @file encryption_payload.c - * - * @brief Implementation of encryption_payload_t. - * - */ - /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -19,6 +12,8 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * $Id: encryption_payload.c 3862 2008-04-22 07:14:24Z martin $ */ #include <stddef.h> @@ -32,7 +27,6 @@ #include <encoding/generator.h> #include <encoding/parser.h> #include <utils/iterator.h> -#include <utils/randomizer.h> #include <crypto/signers/signer.h> @@ -327,8 +321,7 @@ static void generate(private_encryption_payload_t *this) static status_t encrypt(private_encryption_payload_t *this) { chunk_t iv, padding, to_crypt, result; - randomizer_t *randomizer; - status_t status; + rng_t *rng; size_t block_size; if (this->signer == NULL || this->crypter == NULL) @@ -338,8 +331,12 @@ static status_t encrypt(private_encryption_payload_t *this) } /* for random data in iv and padding */ - randomizer = randomizer_create(); - + rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); + if (!rng) + { + DBG1(DBG_ENC, "could not encrypt, no RNG found"); + return FAILED; + } /* build payload chunk */ generate(this); @@ -349,12 +346,7 @@ static status_t encrypt(private_encryption_payload_t *this) /* build padding */ block_size = this->crypter->get_block_size(this->crypter); padding.len = block_size - ((this->decrypted.len + 1) % block_size); - status = randomizer->allocate_pseudo_random_bytes(randomizer, padding.len, &padding); - if (status != SUCCESS) - { - randomizer->destroy(randomizer); - return status; - } + rng->allocate_bytes(rng, padding.len, &padding); /* concatenate payload data, padding, padding len */ to_crypt.len = this->decrypted.len + padding.len + 1; @@ -366,28 +358,17 @@ static status_t encrypt(private_encryption_payload_t *this) /* build iv */ iv.len = block_size; - status = randomizer->allocate_pseudo_random_bytes(randomizer, iv.len, &iv); - randomizer->destroy(randomizer); - if (status != SUCCESS) - { - chunk_free(&to_crypt); - chunk_free(&padding); - return status; - } + rng->allocate_bytes(rng, iv.len, &iv); + rng->destroy(rng); DBG3(DBG_ENC, "data before encryption with padding %B", &to_crypt); /* encrypt to_crypt chunk */ free(this->encrypted.ptr); - status = this->crypter->encrypt(this->crypter, to_crypt, iv, &result); + this->crypter->encrypt(this->crypter, to_crypt, iv, &result); free(padding.ptr); free(to_crypt.ptr); - if (status != SUCCESS) - { - DBG2(DBG_ENC, "encryption failed"); - free(iv.ptr); - return status; - } + DBG3(DBG_ENC, "data after encryption %B", &result); /* build encrypted result with iv and signature */ @@ -459,7 +440,6 @@ static status_t decrypt(private_encryption_payload_t *this) { chunk_t iv, concatenated; u_int8_t padding_length; - status_t status; DBG2(DBG_ENC, "decrypting encryption payload"); DBG3(DBG_ENC, "data before decryption with IV and (invalid) signature %B", @@ -478,12 +458,11 @@ static status_t decrypt(private_encryption_payload_t *this) /* point concatenated to data + padding + padding_length*/ concatenated.ptr = this->encrypted.ptr + iv.len; - concatenated.len = this->encrypted.len - iv.len - this->signer->get_block_size(this->signer); + concatenated.len = this->encrypted.len - iv.len - + this->signer->get_block_size(this->signer); - /* check the size of input: - * concatenated must be at least on block_size of crypter - */ - if (concatenated.len < iv.len) + /* concatenated must be a multiple of block_size of crypter */ + if (concatenated.len < iv.len || concatenated.len % iv.len) { DBG1(DBG_ENC, "could not decrypt, invalid input"); return FAILED; @@ -494,18 +473,14 @@ static status_t decrypt(private_encryption_payload_t *this) DBG3(DBG_ENC, "data before decryption %B", &concatenated); - status = this->crypter->decrypt(this->crypter, concatenated, iv, &(this->decrypted)); - if (status != SUCCESS) - { - DBG1(DBG_ENC, "could not decrypt, decryption failed"); - return FAILED; - } + this->crypter->decrypt(this->crypter, concatenated, iv, &this->decrypted); + DBG3(DBG_ENC, "data after decryption with padding %B", &this->decrypted); - /* get padding length, sits just bevore signature */ padding_length = *(this->decrypted.ptr + this->decrypted.len - 1); - /* add one byte to the padding length, since the padding_length field is not included */ + /* add one byte to the padding length, since the padding_length field is + * not included */ padding_length++; this->decrypted.len -= padding_length; diff --git a/src/charon/encoding/payloads/encryption_payload.h b/src/charon/encoding/payloads/encryption_payload.h index 7cf53619f..e20ff6acc 100644 --- a/src/charon/encoding/payloads/encryption_payload.h +++ b/src/charon/encoding/payloads/encryption_payload.h @@ -1,9 +1,3 @@ -/** - * @file encryption_payload.h - * - * @brief Interface of encryption_payload_t. - */ - /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -18,6 +12,13 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * $Id: encryption_payload.h 3589 2008-03-13 14:14:44Z martin $ + */ + +/** + * @defgroup encryption_payload encryption_payload + * @{ @ingroup payloads */ #ifndef ENCRYPTION_PAYLOAD_H_ @@ -33,14 +34,12 @@ typedef struct encryption_payload_t encryption_payload_t; /** * Encrpytion payload length in bytes without IV and following data. - * - * @ingroup payloads */ #define ENCRYPTION_PAYLOAD_HEADER_LENGTH 4 /** - * @brief The encryption payload as described in RFC section 3.14. + * The encryption payload as described in RFC section 3.14. * * Before any crypt/decrypt/sign/verify operation can occur, * the transforms must be set. After that, a parsed encryption payload @@ -51,11 +50,6 @@ typedef struct encryption_payload_t encryption_payload_t; * must be builded after generation of all payloads and the encryption * of the encryption payload. * Signature verificatin is done before decryption. - * - * @b Constructors: - * - encryption_payload_create() - * - * @ingroup payloads */ struct encryption_payload_t { /** @@ -64,29 +58,26 @@ struct encryption_payload_t { payload_t payload_interface; /** - * @brief Creates an iterator for all contained payloads. + * Creates an iterator for all contained payloads. * - * @warning iterator_t object has to get destroyed by the caller. + * iterator_t object has to get destroyed by the caller. * - * @param this calling encryption_payload_t object - * @param[in] forward iterator direction (TRUE: front to end) + * @param forward iterator direction (TRUE: front to end) * return created iterator_t object */ iterator_t *(*create_payload_iterator) (encryption_payload_t *this, bool forward); /** - * @brief Adds a payload to this encryption payload. + * Adds a payload to this encryption payload. * - * @param this calling encryption_payload_t object * @param payload payload_t object to add */ void (*add_payload) (encryption_payload_t *this, payload_t *payload); /** - * @brief Reove the last payload in the contained payload list. + * Reove the last payload in the contained payload list. * - * @param this calling encryption_payload_t object - * @param[out] payload removed payload + * @param payload removed payload * @return * - SUCCESS, or * - NOT_FOUND if list empty @@ -94,15 +85,14 @@ struct encryption_payload_t { status_t (*remove_first_payload) (encryption_payload_t *this, payload_t **payload); /** - * @brief Get the number of payloads. + * Get the number of payloads. * - * @param this calling encryption_payload_t object * @return number of contained payloads */ size_t (*get_payload_count) (encryption_payload_t *this); /** - * @brief Set transforms to use. + * Set transforms to use. * * To decryption, encryption, signature building and verifying, * the payload needs a crypter and a signer object. @@ -110,34 +100,29 @@ struct encryption_payload_t { * @warning Do NOT call this function again after encryption, since * the signer must be the same while encrypting and signature building! * - * @param this calling encryption_payload_t * @param crypter crypter_t to use for data de-/encryption * @param signer signer_t to use for data signing/verifying */ void (*set_transforms) (encryption_payload_t *this, crypter_t *crypter, signer_t *signer); /** - * @brief Generate and encrypt contained payloads. + * Generate and encrypt contained payloads. * * This function generates the content for added payloads * and encrypts them. Signature is not built, since we need * additional data (the full message). * - * @param this calling encryption_payload_t - * @return - * - SUCCESS, or - * - INVALID_STATE if transforms not set + * @return SUCCESS, or INVALID_STATE if transforms not set */ status_t (*encrypt) (encryption_payload_t *this); /** - * @brief Decrypt and parse contained payloads. + * Decrypt and parse contained payloads. * * This function decrypts the contained data. After, * the payloads are parsed internally and are accessible * via the iterator. * - * @param this calling encryption_payload_t * @return * - SUCCESS, or * - INVALID_STATE if transforms not set, or @@ -146,13 +131,12 @@ struct encryption_payload_t { status_t (*decrypt) (encryption_payload_t *this); /** - * @brief Build the signature. + * Build the signature. * * The signature is built over the FULL message, so the header * and every payload (inclusive this one) must already be generated. * The generated message is supplied via the data paramater. * - * @param this calling encryption_payload_t * @param data chunk contains the already generated message * @return * - SUCCESS, or @@ -161,13 +145,12 @@ struct encryption_payload_t { status_t (*build_signature) (encryption_payload_t *this, chunk_t data); /** - * @brief Verify the signature. + * Verify the signature. * * Since the signature is built over the full message, we need * this data to do the verification. The message data * is supplied via the data argument. * - * @param this calling encryption_payload_t * @param data chunk contains the message * @return * - SUCCESS, or @@ -177,21 +160,16 @@ struct encryption_payload_t { status_t (*verify_signature) (encryption_payload_t *this, chunk_t data); /** - * @brief Destroys an encryption_payload_t object. - * - * @param this encryption_payload_t object to destroy + * Destroys an encryption_payload_t object. */ void (*destroy) (encryption_payload_t *this); }; /** - * @brief Creates an empty encryption_payload_t object. + * Creates an empty encryption_payload_t object. * * @return encryption_payload_t object - * - * @ingroup payloads */ encryption_payload_t *encryption_payload_create(void); - -#endif /*ENCRYPTION_PAYLOAD_H_*/ +#endif /*ENCRYPTION_PAYLOAD_H_ @} */ diff --git a/src/charon/encoding/payloads/endpoint_notify.c b/src/charon/encoding/payloads/endpoint_notify.c index 98bfb2ea0..c9ef47afb 100644 --- a/src/charon/encoding/payloads/endpoint_notify.c +++ b/src/charon/encoding/payloads/endpoint_notify.c @@ -1,10 +1,3 @@ -/** - * @file endpoint_notify.c - * - * @brief Implementation of endpoint_notify_t. - * - */ - /* * Copyright (C) 2007 Tobias Brunner * Hochschule fuer Technik Rapperswil @@ -18,6 +11,8 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * $Id: endpoint_notify.c 3735 2008-04-02 18:21:03Z tobias $ */ #include "endpoint_notify.h" @@ -46,12 +41,12 @@ struct private_endpoint_notify_t { /** * Family */ - p2p_endpoint_family_t family; + me_endpoint_family_t family; /** * Endpoint type */ - p2p_endpoint_type_t type; + me_endpoint_type_t type; /** * Endpoint @@ -76,10 +71,10 @@ struct private_endpoint_notify_t { +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ -ENUM(p2p_endpoint_type_names, HOST, RELAYED, +ENUM(me_endpoint_type_names, HOST, RELAYED, "HOST", - "SERVER_REFLEXIVE", "PEER_REFLEXIVE", + "SERVER_REFLEXIVE", "RELAYED" ); @@ -120,7 +115,7 @@ static status_t parse_uint32(u_int8_t **cur, u_int8_t *top, u_int32_t *val) } /** - * Parses the notification data of a P2P_ENDPOINT notify + * Parses the notification data of a ME_ENDPOINT notify */ static status_t parse_notification_data(private_endpoint_notify_t *this, chunk_t data) { @@ -130,29 +125,29 @@ static status_t parse_notification_data(private_endpoint_notify_t *this, chunk_t u_int8_t *cur = data.ptr; u_int8_t *top = data.ptr + data.len; - DBG3(DBG_IKE, "p2p_endpoint_data %B", &data); + DBG3(DBG_IKE, "me_endpoint_data %B", &data); if (parse_uint32(&cur, top, &this->priority) != SUCCESS) { - DBG1(DBG_IKE, "failed to parse P2P_ENDPOINT: invalid priority"); + DBG1(DBG_IKE, "failed to parse ME_ENDPOINT: invalid priority"); return FAILED; } if (parse_uint8(&cur, top, &family) != SUCCESS || family >= MAX_FAMILY) { - DBG1(DBG_IKE, "failed to parse P2P_ENDPOINT: invalid family"); + DBG1(DBG_IKE, "failed to parse ME_ENDPOINT: invalid family"); return FAILED; } - this->family = (p2p_endpoint_family_t)family; + this->family = (me_endpoint_family_t)family; if (parse_uint8(&cur, top, &type) != SUCCESS || type >= MAX_TYPE) { - DBG1(DBG_IKE, "failed to parse P2P_ENDPOINT: invalid type"); + DBG1(DBG_IKE, "failed to parse ME_ENDPOINT: invalid type"); return FAILED; } - this->type = (p2p_endpoint_type_t)type; + this->type = (me_endpoint_type_t)type; addr_family = AF_INET; addr.len = 4; @@ -166,13 +161,13 @@ static status_t parse_notification_data(private_endpoint_notify_t *this, chunk_t case IPv4: if (parse_uint16(&cur, top, &port) != SUCCESS) { - DBG1(DBG_IKE, "failed to parse P2P_ENDPOINT: invalid port"); + DBG1(DBG_IKE, "failed to parse ME_ENDPOINT: invalid port"); return FAILED; } if (cur + addr.len > top) { - DBG1(DBG_IKE, "failed to parse P2P_ENDPOINT: invalid IP address"); + DBG1(DBG_IKE, "failed to parse ME_ENDPOINT: invalid IP address"); return FAILED; } @@ -190,7 +185,7 @@ static status_t parse_notification_data(private_endpoint_notify_t *this, chunk_t /** - * Generates the notification data of a P2P_ENDPOINT notify + * Generates the notification data of a ME_ENDPOINT notify */ static chunk_t build_notification_data(private_endpoint_notify_t *this) { @@ -222,7 +217,7 @@ static chunk_t build_notification_data(private_endpoint_notify_t *this) /* data = prio | family | type | port | addr */ data = chunk_cat("ccccc", prio_chunk, family_chunk, type_chunk, port_chunk, addr_chunk); - DBG3(DBG_IKE, "p2p_endpoint_data %B", &data); + DBG3(DBG_IKE, "me_endpoint_data %B", &data); return data; } @@ -236,7 +231,7 @@ static notify_payload_t *build_notify(private_endpoint_notify_t *this) notify_payload_t *notify; notify = notify_payload_create(); - notify->set_notify_type(notify, P2P_ENDPOINT); + notify->set_notify_type(notify, ME_ENDPOINT); data = build_notification_data(this); notify->set_notification_data(notify, data); chunk_free(&data); @@ -263,7 +258,7 @@ static void set_priority(private_endpoint_notify_t *this, u_int32_t priority) /** * Implementation of endpoint_notify_t.get_type. */ -static p2p_endpoint_type_t get_type(private_endpoint_notify_t *this) +static me_endpoint_type_t get_type(private_endpoint_notify_t *this) { return this->type; } @@ -271,7 +266,7 @@ static p2p_endpoint_type_t get_type(private_endpoint_notify_t *this) /** * Implementation of endpoint_notify_t.get_family. */ -static p2p_endpoint_family_t get_family(private_endpoint_notify_t *this) +static me_endpoint_family_t get_family(private_endpoint_notify_t *this) { return this->family; } @@ -321,6 +316,7 @@ static endpoint_notify_t *_clone(private_endpoint_notify_t *this) static status_t destroy(private_endpoint_notify_t *this) { DESTROY_IF(this->endpoint); + DESTROY_IF(this->base); free(this); return SUCCESS; } @@ -335,8 +331,8 @@ endpoint_notify_t *endpoint_notify_create() /* public functions */ this->public.get_priority = (u_int32_t (*) (endpoint_notify_t *)) get_priority; this->public.set_priority = (void (*) (endpoint_notify_t *, u_int32_t)) set_priority; - this->public.get_type = (p2p_endpoint_type_t (*) (endpoint_notify_t *)) get_type; - this->public.get_family = (p2p_endpoint_family_t (*) (endpoint_notify_t *)) get_family; + this->public.get_type = (me_endpoint_type_t (*) (endpoint_notify_t *)) get_type; + this->public.get_family = (me_endpoint_family_t (*) (endpoint_notify_t *)) get_family; this->public.get_host = (host_t *(*) (endpoint_notify_t *)) get_host; this->public.get_base = (host_t *(*) (endpoint_notify_t *)) get_base; this->public.build_notify = (notify_payload_t *(*) (endpoint_notify_t *)) build_notify; @@ -356,7 +352,7 @@ endpoint_notify_t *endpoint_notify_create() /** * Described in header */ -endpoint_notify_t *endpoint_notify_create_from_host(p2p_endpoint_type_t type, host_t *host, host_t *base) +endpoint_notify_t *endpoint_notify_create_from_host(me_endpoint_type_t type, host_t *host, host_t *base) { private_endpoint_notify_t *this = (private_endpoint_notify_t*)endpoint_notify_create(); @@ -365,20 +361,21 @@ endpoint_notify_t *endpoint_notify_create_from_host(p2p_endpoint_type_t type, ho switch(type) { case HOST: - this->priority = pow(2, 16) * P2P_PRIO_HOST; - break; - case SERVER_REFLEXIVE: - this->priority = pow(2, 16) * P2P_PRIO_SERVER; + this->priority = pow(2, 16) * ME_PRIO_HOST; break; case PEER_REFLEXIVE: - this->priority = pow(2, 16) * P2P_PRIO_PEER; + this->priority = pow(2, 16) * ME_PRIO_PEER; + break; + case SERVER_REFLEXIVE: + this->priority = pow(2, 16) * ME_PRIO_SERVER; break; case RELAYED: default: - this->priority = pow(2, 16) * P2P_PRIO_RELAY; + this->priority = pow(2, 16) * ME_PRIO_RELAY; break; } + /* FIXME: if there is more than one ip address we should vary this priority */ this->priority += 65535; if (!host) @@ -395,7 +392,7 @@ endpoint_notify_t *endpoint_notify_create_from_host(p2p_endpoint_type_t type, ho this->family = IPv6; break; default: - /* unsupported family type, we do not set the hsot + /* unsupported family type, we do not set the host * (family is set to NO_FAMILY) */ return &this->public; } @@ -415,7 +412,7 @@ endpoint_notify_t *endpoint_notify_create_from_host(p2p_endpoint_type_t type, ho */ endpoint_notify_t *endpoint_notify_create_from_payload(notify_payload_t *notify) { - if (notify->get_notify_type(notify) != P2P_ENDPOINT) + if (notify->get_notify_type(notify) != ME_ENDPOINT) { return NULL; } diff --git a/src/charon/encoding/payloads/endpoint_notify.h b/src/charon/encoding/payloads/endpoint_notify.h index 4a3a68f95..9a4a4d7a1 100644 --- a/src/charon/encoding/payloads/endpoint_notify.h +++ b/src/charon/encoding/payloads/endpoint_notify.h @@ -1,10 +1,3 @@ -/** - * @file endpoint_notify.h - * - * @brief Interface of endpoint_notify_t. - * - */ - /* * Copyright (C) 2007 Tobias Brunner * Hochschule fuer Technik Rapperswil @@ -18,29 +11,33 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * $Id: endpoint_notify.h 3701 2008-03-31 10:56:49Z tobias $ */ +/** + * @defgroup endpoint_notify endpoint_notify + * @{ @ingroup payloads + */ #ifndef ENDPOINT_NOTIFY_H_ #define ENDPOINT_NOTIFY_H_ -#define P2P_PRIO_HOST 255 -#define P2P_PRIO_SERVER 100 -#define P2P_PRIO_PEER 120 -#define P2P_PRIO_RELAY 0 +#define ME_PRIO_HOST 255 +#define ME_PRIO_PEER 128 +#define ME_PRIO_SERVER 64 +#define ME_PRIO_RELAY 0 -typedef enum p2p_endpoint_family_t p2p_endpoint_family_t; -typedef enum p2p_endpoint_type_t p2p_endpoint_type_t; +typedef enum me_endpoint_family_t me_endpoint_family_t; +typedef enum me_endpoint_type_t me_endpoint_type_t; typedef struct endpoint_notify_t endpoint_notify_t; #include <encoding/payloads/notify_payload.h> /** - * @brief P2P endpoint families. - * - * @ingroup payloads + * ME endpoint families. */ -enum p2p_endpoint_family_t { +enum me_endpoint_family_t { NO_FAMILY = 0, @@ -53,19 +50,17 @@ enum p2p_endpoint_family_t { }; /** - * @brief P2P endpoint types. - * - * @ingroup payloads + * ME endpoint types. */ -enum p2p_endpoint_type_t { +enum me_endpoint_type_t { NO_TYPE = 0, HOST = 1, - SERVER_REFLEXIVE = 2, + PEER_REFLEXIVE = 2, - PEER_REFLEXIVE = 3, + SERVER_REFLEXIVE = 3, RELAYED = 4, @@ -74,129 +69,107 @@ enum p2p_endpoint_type_t { }; /** - * enum name for p2p_endpoint_type_t. - * - * @ingroup payloads + * enum name for me_endpoint_type_t. */ -extern enum_name_t *p2p_endpoint_type_names; +extern enum_name_t *me_endpoint_type_names; /** - * @brief Class representing a P2P_ENDPOINT notify. In fact it's not + * Class representing a ME_ENDPOINT Notify payload. In fact it's not * the notify per se, but the notification data of that notify that is * handled with this class. - * - * @b Constructors: - * - endpoint_notify_create() - * - endpoint_notify_create_from_host() - * - * @ingroup payloads */ struct endpoint_notify_t { /** - * @brief Returns the priority of this endpoint. + * Returns the priority of this endpoint. * - * @param this object * @return priority */ u_int32_t (*get_priority) (endpoint_notify_t *this); /** - * @brief Sets the priority of this endpoint. + * Sets the priority of this endpoint. * - * @param this object * @param priority priority */ void (*set_priority) (endpoint_notify_t *this, u_int32_t priority); /** - * @brief Returns the endpoint type of this endpoint. + * Returns the endpoint type of this endpoint. * - * @param this object * @return endpoint type */ - p2p_endpoint_type_t (*get_type) (endpoint_notify_t *this); + me_endpoint_type_t (*get_type) (endpoint_notify_t *this); /** - * @brief Returns the endpoint family of this endpoint. + * Returns the endpoint family of this endpoint. * - * @param this object * @return endpoint family */ - p2p_endpoint_family_t (*get_family) (endpoint_notify_t *this); + me_endpoint_family_t (*get_family) (endpoint_notify_t *this); /** - * @brief Returns the host of this endpoint. + * Returns the host of this endpoint. * - * @param this object * @return host */ host_t *(*get_host) (endpoint_notify_t *this); /** - * @brief Returns the base of this endpoint. + * Returns the base of this endpoint. * * If this is not a SERVER_REFLEXIVE endpoint, the returned host is the same * as the one returned by get_host. * - * @param this object * @return host */ host_t *(*get_base) (endpoint_notify_t *this); /** - * @brief Generates a notification payload from this endpoint. + * Generates a notification payload from this endpoint. * - * @param this object * @return built notify_payload_t */ notify_payload_t *(*build_notify) (endpoint_notify_t *this); /** - * @brief Clones an endpoint_notify_t object. + * Clones an endpoint_notify_t object. * - * @param this endpoint_notify_t object to clone - * @return cloned object + * @return cloned object */ endpoint_notify_t *(*clone) (endpoint_notify_t *this); /** - * @brief Destroys an endpoint_notify_t object. - * - * @param this endpoint_notify_t object to destroy + * Destroys an endpoint_notify_t object. */ void (*destroy) (endpoint_notify_t *this); }; /** - * @brief Creates an empty endpoint_notify_t object. + * Creates an empty endpoint_notify_t object. * * @return created endpoint_notify_t object - * - * @ingroup payloads */ endpoint_notify_t *endpoint_notify_create(void); /** - * @brief Creates an endpoint_notify_t object from a host. + * Creates an endpoint_notify_t object from a host. * * @param type the endpoint type * @param host host to base the notify on (gets cloned) * @param base base of the endpoint, applies only to reflexive endpoints (gets cloned) * @return created endpoint_notify_t object - * - * @ingroup payloads */ -endpoint_notify_t *endpoint_notify_create_from_host(p2p_endpoint_type_t type, host_t *host, host_t *base); +endpoint_notify_t *endpoint_notify_create_from_host(me_endpoint_type_t type, + host_t *host, host_t *base); /** - * @brief Creates an endpoint_notify_t object from a notify payload. + * Creates an endpoint_notify_t object from a notify payload. * * @param notify the notify payload * @return - created endpoint_notify_t object * - NULL if invalid payload - * @ingroup payloads */ endpoint_notify_t *endpoint_notify_create_from_payload(notify_payload_t *notify); -#endif /*ENDPOINT_NOTIFY_H_*/ +#endif /*ENDPOINT_NOTIFY_H_ @} */ diff --git a/src/charon/encoding/payloads/id_payload.c b/src/charon/encoding/payloads/id_payload.c index aef8f6b7e..347ad7563 100644 --- a/src/charon/encoding/payloads/id_payload.c +++ b/src/charon/encoding/payloads/id_payload.c @@ -1,10 +1,3 @@ -/** - * @file id_payload.h - * - * @brief Interface of id_payload_t. - * - */ - /* * Copyright (C) 2007 Tobias Brunner * Copyright (C) 2005-2006 Martin Willi @@ -21,6 +14,8 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * $Id: id_payload.c 3589 2008-03-13 14:14:44Z martin $ */ #include <stddef.h> diff --git a/src/charon/encoding/payloads/id_payload.h b/src/charon/encoding/payloads/id_payload.h index 8e9322b4a..49e6c214b 100644 --- a/src/charon/encoding/payloads/id_payload.h +++ b/src/charon/encoding/payloads/id_payload.h @@ -1,10 +1,3 @@ -/** - * @file id_payload.h - * - * @brief Interface of id_payload_t. - * - */ - /* * Copyright (C) 2007 Tobias Brunner * Copyright (C) 2005-2006 Martin Willi @@ -20,8 +13,14 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * $Id: id_payload.h 3589 2008-03-13 14:14:44Z martin $ */ +/** + * @defgroup id_payload id_payload + * @{ @ingroup payloads + */ #ifndef ID_PAYLOAD_H_ #define ID_PAYLOAD_H_ @@ -34,8 +33,6 @@ typedef struct id_payload_t id_payload_t; /** * Length of a id payload without the data in bytes. - * - * @ingroup payloads */ #define ID_PAYLOAD_HEADER_LENGTH 8 @@ -43,12 +40,6 @@ typedef struct id_payload_t id_payload_t; * Object representing an IKEv2 ID payload. * * The ID payload format is described in RFC section 3.5. - * - * @b Constructors: - * - id_payload_create_from_identification() - * - id_payload_create() - * - * @ingroup payloads */ struct id_payload_t { /** @@ -57,90 +48,77 @@ struct id_payload_t { payload_t payload_interface; /** - * @brief Set the ID type. + * Set the ID type. * - * @param this calling id_payload_t object * @param type Type of ID */ void (*set_id_type) (id_payload_t *this, id_type_t type); /** - * @brief Get the ID type. + * Get the ID type. * - * @param this calling id_payload_t object * @return type of the ID */ id_type_t (*get_id_type) (id_payload_t *this); /** - * @brief Set the ID data. + * Set the ID data. * * Data are getting cloned. * - * @param this calling id_payload_t object * @param data ID data as chunk_t */ void (*set_data) (id_payload_t *this, chunk_t data); /** - * @brief Get the ID data. + * Get the ID data. * * Returned data are a copy of the internal one * - * @param this calling id_payload_t object * @return ID data as chunk_t */ chunk_t (*get_data_clone) (id_payload_t *this); /** - * @brief Get the ID data. + * Get the ID data. * * Returned data are NOT copied. * - * @param this calling id_payload_t object * @return ID data as chunk_t */ chunk_t (*get_data) (id_payload_t *this); /** - * @brief Creates an identification object of this id payload. + * Creates an identification object of this id payload. * * Returned object has to get destroyed by the caller. * - * @param this calling id_payload_t object * @return identification_t object */ identification_t *(*get_identification) (id_payload_t *this); /** - * @brief Destroys an id_payload_t object. - * - * @param this id_payload_t object to destroy + * Destroys an id_payload_t object. */ void (*destroy) (id_payload_t *this); }; /** - * @brief Creates an empty id_payload_t object. + * Creates an empty id_payload_t object. * * @param payload_type one of ID_INITIATOR, ID_RESPONDER * @return id_payload_t object - * - * @ingroup payloads */ id_payload_t *id_payload_create(payload_type_t payload_type); /** - * @brief Creates an id_payload_t from an existing identification_t object. + * Creates an id_payload_t from an existing identification_t object. * * @param payload_type one of ID_INITIATOR, ID_RESPONDER * @param identification identification_t object * @return id_payload_t object - * - * @ingroup payloads */ -id_payload_t *id_payload_create_from_identification(payload_type_t payload_type, identification_t *identification); - - +id_payload_t *id_payload_create_from_identification(payload_type_t payload_type, + identification_t *identification); -#endif /* ID_PAYLOAD_H_ */ +#endif /* ID_PAYLOAD_H_ @} */ diff --git a/src/charon/encoding/payloads/ike_header.c b/src/charon/encoding/payloads/ike_header.c index 3a171b095..1db64f0e3 100644 --- a/src/charon/encoding/payloads/ike_header.c +++ b/src/charon/encoding/payloads/ike_header.c @@ -1,10 +1,3 @@ -/** - * @file ike_header.c - * - * @brief Implementation of ike_header_t. - * - */ - /* * Copyright (C) 2007 Tobias Brunner * Copyright (C) 2005-2006 Martin Willi @@ -20,6 +13,8 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * $Id: ike_header.c 3666 2008-03-26 18:40:19Z tobias $ */ /* offsetof macro */ @@ -110,13 +105,13 @@ ENUM_NEXT(exchange_type_names, IKE_SA_INIT, INFORMATIONAL, EXCHANGE_TYPE_UNDEFIN "IKE_AUTH", "CREATE_CHILD_SA", "INFORMATIONAL"); -#ifdef P2P -ENUM_NEXT(exchange_type_names, P2P_CONNECT, P2P_CONNECT, INFORMATIONAL, - "P2P_CONNECT"); -ENUM_END(exchange_type_names, P2P_CONNECT); +#ifdef ME +ENUM_NEXT(exchange_type_names, ME_CONNECT, ME_CONNECT, INFORMATIONAL, + "ME_CONNECT"); +ENUM_END(exchange_type_names, ME_CONNECT); #else ENUM_END(exchange_type_names, INFORMATIONAL); -#endif /* P2P */ +#endif /* ME */ /** * Encoding rules to parse or generate a IKEv2-Header. @@ -181,9 +176,9 @@ static status_t verify(private_ike_header_t *this) { if ((this->exchange_type < IKE_SA_INIT) || ((this->exchange_type > INFORMATIONAL) -#ifdef P2P - && (this->exchange_type != P2P_CONNECT) -#endif /* P2P */ +#ifdef ME + && (this->exchange_type != ME_CONNECT) +#endif /* ME */ )) { /* unsupported exchange type */ @@ -191,11 +186,11 @@ static status_t verify(private_ike_header_t *this) } if (this->initiator_spi == 0 -#ifdef P2P +#ifdef ME /* we allow zero spi for INFORMATIONAL exchanges, - * to allow P2P connectivity checks */ + * to allow connectivity checks */ && this->exchange_type != INFORMATIONAL -#endif /* P2P */ +#endif /* ME */ ) { /* initiator spi not set */ diff --git a/src/charon/encoding/payloads/ike_header.h b/src/charon/encoding/payloads/ike_header.h index e80964482..5568f081b 100644 --- a/src/charon/encoding/payloads/ike_header.h +++ b/src/charon/encoding/payloads/ike_header.h @@ -1,10 +1,3 @@ -/** - * @file ike_header.h - * - * @brief Interface of ike_header_t. - * - */ - /* * Copyright (C) 2007 Tobias Brunner * Copyright (C) 2005-2006 Martin Willi @@ -20,6 +13,13 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * $Id: ike_header.h 3666 2008-03-26 18:40:19Z tobias $ + */ + +/** + * @defgroup ike_header ike_header + * @{ @ingroup payloads */ #ifndef IKE_HEADER_H_ @@ -33,38 +33,28 @@ typedef struct ike_header_t ike_header_t; /** * Major Version of IKEv2. - * - * @ingroup payloads */ #define IKE_MAJOR_VERSION 2 /** * Minor Version of IKEv2. - * - * @ingroup payloads */ #define IKE_MINOR_VERSION 0 /** * Flag in IKEv2-Header. Always 0. - * - * @ingroup payloads */ #define HIGHER_VERSION_SUPPORTED_FLAG 0 /** * Length of IKE Header in Bytes. - * - * @ingroup payloads */ #define IKE_HEADER_LENGTH 28 /** - * @brief Different types of IKE-Exchanges. + * Different types of IKE-Exchanges. * - * See Draft for different types. - * - * @ingroup payloads + * See RFC for different types. */ enum exchange_type_t{ @@ -92,33 +82,26 @@ enum exchange_type_t{ * INFORMATIONAL. */ INFORMATIONAL = 37, -#ifdef P2P +#ifdef ME /** - * P2P_CONNECT + * ME_CONNECT */ - P2P_CONNECT = 240 -#endif /* P2P */ + ME_CONNECT = 240 +#endif /* ME */ }; /** * enum name for exchange_type_t - * - * @ingroup payloads */ extern enum_name_t *exchange_type_names; /** - * @brief An object of this type represents an IKEv2 header and is used to + * An object of this type represents an IKEv2 header and is used to * generate and parse IKEv2 headers. * * The header format of an IKEv2-Message is compatible to the * ISAKMP-Header format to allow implementations supporting * both versions of the IKE-protocol. - * - * @b Constructors: - * - ike_header_create() - * - * @ingroup payloads */ struct ike_header_t { /** @@ -127,141 +110,121 @@ struct ike_header_t { payload_t payload_interface; /** - * @brief Get the initiator spi. + * Get the initiator spi. * - * @param this ike_header_t object * @return initiator_spi */ u_int64_t (*get_initiator_spi) (ike_header_t *this); /** - * @brief Set the initiator spi. + * Set the initiator spi. * - * @param this ike_header_t object * @param initiator_spi initiator_spi */ void (*set_initiator_spi) (ike_header_t *this, u_int64_t initiator_spi); /** - * @brief Get the responder spi. + * Get the responder spi. * - * @param this ike_header_t object * @return responder_spi */ u_int64_t (*get_responder_spi) (ike_header_t *this); /** - * @brief Set the responder spi. + * Set the responder spi. * - * @param this ike_header_t object * @param responder_spi responder_spi */ void (*set_responder_spi) (ike_header_t *this, u_int64_t responder_spi); /** - * @brief Get the major version. + * Get the major version. * - * @param this ike_header_t object * @return major version */ u_int8_t (*get_maj_version) (ike_header_t *this); /** - * @brief Get the minor version. + * Get the minor version. * - * @param this ike_header_t object * @return minor version */ u_int8_t (*get_min_version) (ike_header_t *this); /** - * @brief Get the response flag. + * Get the response flag. * - * @param this ike_header_t object * @return response flag */ bool (*get_response_flag) (ike_header_t *this); /** - * @brief Set the response flag- + * Set the response flag- * - * @param this ike_header_t object * @param response response flag * */ void (*set_response_flag) (ike_header_t *this, bool response); /** - * @brief Get "higher version supported"-flag. + * Get "higher version supported"-flag. * - * @param this ike_header_t object * @return version flag */ bool (*get_version_flag) (ike_header_t *this); /** - * @brief Get the initiator flag. + * Get the initiator flag. * - * @param this ike_header_t object * @return initiator flag */ bool (*get_initiator_flag) (ike_header_t *this); /** - * @brief Set the initiator flag. + * Set the initiator flag. * - * @param this ike_header_t object * @param initiator initiator flag - * */ void (*set_initiator_flag) (ike_header_t *this, bool initiator); /** - * @brief Get the exchange type. + * Get the exchange type. * - * @param this ike_header_t object - * @return exchange type + * @return exchange type */ u_int8_t (*get_exchange_type) (ike_header_t *this); /** - * @brief Set the exchange type. + * Set the exchange type. * - * @param this ike_header_t object * @param exchange_type exchange type */ void (*set_exchange_type) (ike_header_t *this, u_int8_t exchange_type); /** - * @brief Get the message id. + * Get the message id. * - * @param this ike_header_t object * @return message id */ u_int32_t (*get_message_id) (ike_header_t *this); /** - * @brief Set the message id. + * Set the message id. * - * @param this ike_header_t object * @param initiator_spi message id */ void (*set_message_id) (ike_header_t *this, u_int32_t message_id); /** - * @brief Destroys a ike_header_t object. - * - * @param this ike_header_t object to destroy + * Destroys a ike_header_t object. */ void (*destroy) (ike_header_t *this); }; /** - * @brief Create an ike_header_t object + * Create an ike_header_t object * * @return ike_header_t object - * - * @ingroup payloads */ ike_header_t *ike_header_create(void); -#endif /*IKE_HEADER_H_*/ +#endif /*IKE_HEADER_H_ @} */ diff --git a/src/charon/encoding/payloads/ke_payload.c b/src/charon/encoding/payloads/ke_payload.c index 8926b15f9..2f718e49c 100644 --- a/src/charon/encoding/payloads/ke_payload.c +++ b/src/charon/encoding/payloads/ke_payload.c @@ -1,10 +1,3 @@ -/** - * @file ke_payload.c - * - * @brief Implementation of ke_payload_t. - * - */ - /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -19,6 +12,8 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * $Id: ke_payload.c 3589 2008-03-13 14:14:44Z martin $ */ #include <stddef.h> diff --git a/src/charon/encoding/payloads/ke_payload.h b/src/charon/encoding/payloads/ke_payload.h index 52be8ffe3..222d2ec7c 100644 --- a/src/charon/encoding/payloads/ke_payload.h +++ b/src/charon/encoding/payloads/ke_payload.h @@ -1,10 +1,3 @@ -/** - * @file ke_payload.h - * - * @brief Interface of ke_payload_t. - * - */ - /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -19,6 +12,13 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * $Id: ke_payload.h 3589 2008-03-13 14:14:44Z martin $ + */ + +/** + * @defgroup ke_payload ke_payload + * @{ @ingroup payloads */ #ifndef KE_PAYLOAD_H_ @@ -34,20 +34,13 @@ typedef struct ke_payload_t ke_payload_t; /** * KE payload length in bytes without any key exchange data. - * - * @ingroup payloads */ #define KE_PAYLOAD_HEADER_LENGTH 8 /** - * @brief Class representing an IKEv2-KE Payload. + * Class representing an IKEv2-KE Payload. * * The KE Payload format is described in RFC section 3.4. - * - * @b Constructors: - * - ke_payload_create() - * - * @ingroup payloads */ struct ke_payload_t { /** @@ -56,66 +49,58 @@ struct ke_payload_t { payload_t payload_interface; /** - * @brief Returns the currently set key exchange data of this KE payload. + * Returns the currently set key exchange data of this KE payload. * * @warning Returned data are not copied. * - * @param this calling ke_payload_t object * @return chunk_t pointing to the value */ chunk_t (*get_key_exchange_data) (ke_payload_t *this); /** - * @brief Sets the key exchange data of this KE payload. + * Sets the key exchange data of this KE payload. * - * @warning Value is getting copied. + * Value is getting copied. * - * @param this calling ke_payload_t object - * @param key_exchange_data chunk_t pointing to the value to set + * @param key_exchange_data chunk_t pointing to the value to set */ void (*set_key_exchange_data) (ke_payload_t *this, chunk_t key_exchange_data); /** - * @brief Gets the Diffie-Hellman Group Number of this KE payload. + * Gets the Diffie-Hellman Group Number of this KE payload. * - * @param this calling ke_payload_t object - * @return DH Group Number of this payload + * @return DH Group Number of this payload */ diffie_hellman_group_t (*get_dh_group_number) (ke_payload_t *this); /** - * @brief Sets the Diffie-Hellman Group Number of this KE payload. + * Sets the Diffie-Hellman Group Number of this KE payload. * - * @param this calling ke_payload_t object * @param dh_group_number DH Group to set */ - void (*set_dh_group_number) (ke_payload_t *this, diffie_hellman_group_t dh_group_number); + void (*set_dh_group_number) (ke_payload_t *this, + diffie_hellman_group_t dh_group_number); /** - * @brief Destroys an ke_payload_t object. - * - * @param this ke_payload_t object to destroy + * Destroys an ke_payload_t object. */ void (*destroy) (ke_payload_t *this); }; /** - * @brief Creates an empty ke_payload_t object + * Creates an empty ke_payload_t object * * @return ke_payload_t object - * - * @ingroup payloads */ ke_payload_t *ke_payload_create(void); /** - * @brief Creates a ke_payload_t from a diffie_hellman_t + * Creates a ke_payload_t from a diffie_hellman_t * * @param diffie_hellman diffie hellman object containing group and key * @return ke_payload_t object - * - * @ingroup payloads */ -ke_payload_t *ke_payload_create_from_diffie_hellman(diffie_hellman_t *diffie_hellman); +ke_payload_t *ke_payload_create_from_diffie_hellman( + diffie_hellman_t *diffie_hellman); -#endif /* KE_PAYLOAD_H_ */ +#endif /* KE_PAYLOAD_H_ @} */ diff --git a/src/charon/encoding/payloads/nonce_payload.c b/src/charon/encoding/payloads/nonce_payload.c index 8e1fc505e..da68ce4ab 100644 --- a/src/charon/encoding/payloads/nonce_payload.c +++ b/src/charon/encoding/payloads/nonce_payload.c @@ -1,10 +1,3 @@ -/** - * @file nonce_payload.h - * - * @brief Implementation of nonce_payload_t. - * - */ - /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -19,6 +12,8 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * $Id: nonce_payload.c 3589 2008-03-13 14:14:44Z martin $ */ /* offsetof macro */ diff --git a/src/charon/encoding/payloads/nonce_payload.h b/src/charon/encoding/payloads/nonce_payload.h index 96d83b028..f1679834e 100644 --- a/src/charon/encoding/payloads/nonce_payload.h +++ b/src/charon/encoding/payloads/nonce_payload.h @@ -1,10 +1,3 @@ -/** - * @file nonce_payload.h - * - * @brief Interface of nonce_payload_t. - * - */ - /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -19,6 +12,13 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * $Id: nonce_payload.h 3589 2008-03-13 14:14:44Z martin $ + */ + +/** + * @defgroup nonce_payload nonce_payload + * @{ @ingroup payloads */ #ifndef NONCE_PAYLOAD_H_ @@ -31,17 +31,11 @@ typedef struct nonce_payload_t nonce_payload_t; /** * Nonce size in bytes for nonces sending to other peer. - * - * @warning Nonce size MUST be between 16 and 256 bytes. - * - * @ingroup payloads */ #define NONCE_SIZE 16 /** * Length of a nonce payload without a nonce in bytes. - * - * @ingroup payloads */ #define NONCE_PAYLOAD_HEADER_LENGTH 4 @@ -49,11 +43,6 @@ typedef struct nonce_payload_t nonce_payload_t; * Object representing an IKEv2 Nonce payload. * * The Nonce payload format is described in RFC section 3.3. - * - * @b Constructors: - * - nonce_payload_create() - * - * @ingroup payloads */ struct nonce_payload_t { /** @@ -62,38 +51,30 @@ struct nonce_payload_t { payload_t payload_interface; /** - * @brief Set the nonce value. + * Set the nonce value. * - * @param this calling nonce_payload_t object * @param nonce chunk containing the nonce, will be cloned */ void (*set_nonce) (nonce_payload_t *this, chunk_t nonce); /** - * @brief Get the nonce value. + * Get the nonce value. * - * @param this calling nonce_payload_t object * @return a chunk containing the cloned nonce */ chunk_t (*get_nonce) (nonce_payload_t *this); /** - * @brief Destroys an nonce_payload_t object. - * - * @param this nonce_payload_t object to destroy + * Destroys an nonce_payload_t object. */ void (*destroy) (nonce_payload_t *this); }; /** - * @brief Creates an empty nonce_payload_t object + * Creates an empty nonce_payload_t object * * @return nonce_payload_t object - * - * @ingroup payloads */ - nonce_payload_t *nonce_payload_create(void); - -#endif /*NONCE_PAYLOAD_H_*/ +#endif /*NONCE_PAYLOAD_H_ @} */ diff --git a/src/charon/encoding/payloads/notify_payload.c b/src/charon/encoding/payloads/notify_payload.c index d32257af6..defb0b98a 100644 --- a/src/charon/encoding/payloads/notify_payload.c +++ b/src/charon/encoding/payloads/notify_payload.c @@ -1,12 +1,5 @@ -/** - * @file notify_payload.c - * - * @brief Implementation of notify_payload_t. - * - */ - /* - * Copyright (C) 2006-2007 Tobias Brunner + * Copyright (C) 2006-2008 Tobias Brunner * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -21,6 +14,8 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * $Id: notify_payload.c 3920 2008-05-08 16:19:11Z tobias $ */ #include <stddef.h> @@ -57,9 +52,9 @@ ENUM_NEXT(notify_type_names, SINGLE_PAIR_REQUIRED, UNEXPECTED_NAT_DETECTED, AUTH "INVALID_SELECTORS", "UNACCEPTABLE_ADDRESSES", "UNEXPECTED_NAT_DETECTED"); -ENUM_NEXT(notify_type_names, P2P_CONNECT_FAILED, P2P_CONNECT_FAILED, UNEXPECTED_NAT_DETECTED, - "P2P_CONNECT_FAILED"); -ENUM_NEXT(notify_type_names, INITIAL_CONTACT, AUTH_LIFETIME, P2P_CONNECT_FAILED, +ENUM_NEXT(notify_type_names, ME_CONNECT_FAILED, ME_CONNECT_FAILED, UNEXPECTED_NAT_DETECTED, + "ME_CONNECT_FAILED"); +ENUM_NEXT(notify_type_names, INITIAL_CONTACT, AUTH_LIFETIME, ME_CONNECT_FAILED, "INITIAL_CONTACT", "SET_WINDOW_SIZE", "ADDITIONAL_TS_POSSIBLE", @@ -84,14 +79,15 @@ ENUM_NEXT(notify_type_names, EAP_ONLY_AUTHENTICATION, EAP_ONLY_AUTHENTICATION, A "EAP_ONLY_AUTHENTICATION"); ENUM_NEXT(notify_type_names, USE_BEET_MODE, USE_BEET_MODE, EAP_ONLY_AUTHENTICATION, "USE_BEET_MODE"); -ENUM_NEXT(notify_type_names, P2P_MEDIATION, P2P_RESPONSE, USE_BEET_MODE, - "P2P_MEDIATION", - "P2P_ENDPOINT", - "P2P_CALLBACK", - "P2P_SESSIONID", - "P2P_SESSIONKEY", - "P2P_RESPONSE"); -ENUM_END(notify_type_names, P2P_RESPONSE); +ENUM_NEXT(notify_type_names, ME_MEDIATION, ME_RESPONSE, USE_BEET_MODE, + "ME_MEDIATION", + "ME_ENDPOINT", + "ME_CALLBACK", + "ME_CONNECTID", + "ME_CONNECTKEY", + "ME_CONNECTAUTH", + "ME_RESPONSE"); +ENUM_END(notify_type_names, ME_RESPONSE); ENUM_BEGIN(notify_type_short_names, UNSUPPORTED_CRITICAL_PAYLOAD, UNSUPPORTED_CRITICAL_PAYLOAD, @@ -120,9 +116,9 @@ ENUM_NEXT(notify_type_short_names, SINGLE_PAIR_REQUIRED, UNEXPECTED_NAT_DETECTED "INVAL_SEL", "UNACCEPT_ADDR", "UNEXPECT_NAT"); -ENUM_NEXT(notify_type_short_names, P2P_CONNECT_FAILED, P2P_CONNECT_FAILED, UNEXPECTED_NAT_DETECTED, - "P2P_CONN_FAIL"); -ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT, AUTH_LIFETIME, P2P_CONNECT_FAILED, +ENUM_NEXT(notify_type_short_names, ME_CONNECT_FAILED, ME_CONNECT_FAILED, UNEXPECTED_NAT_DETECTED, + "ME_CONN_FAIL"); +ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT, AUTH_LIFETIME, ME_CONNECT_FAILED, "INIT_CONTACT", "SET_WINSIZE", "ADD_TS_POSS", @@ -147,14 +143,15 @@ ENUM_NEXT(notify_type_short_names, EAP_ONLY_AUTHENTICATION, EAP_ONLY_AUTHENTICAT "EAP_ONLY"); ENUM_NEXT(notify_type_short_names, USE_BEET_MODE, USE_BEET_MODE, EAP_ONLY_AUTHENTICATION, "BEET_MODE"); -ENUM_NEXT(notify_type_short_names, P2P_MEDIATION, P2P_RESPONSE, USE_BEET_MODE, - "P2P_MED", - "P2P_EP", - "P2P_CB", - "P2P_SID", - "P2P_SKEY", - "P2P_R"); -ENUM_END(notify_type_short_names, P2P_RESPONSE); +ENUM_NEXT(notify_type_short_names, ME_MEDIATION, ME_RESPONSE, USE_BEET_MODE, + "ME_MED", + "ME_EP", + "ME_CB", + "ME_CID", + "ME_CKEY", + "ME_CAUTH", + "ME_R"); +ENUM_END(notify_type_short_names, ME_RESPONSE); typedef struct private_notify_payload_t private_notify_payload_t; @@ -293,6 +290,7 @@ static status_t verify(private_notify_payload_t *this) } case NAT_DETECTION_SOURCE_IP: case NAT_DETECTION_DESTINATION_IP: + case ME_CONNECTAUTH: { if (this->notification_data.len != HASH_SIZE_SHA1) { @@ -334,7 +332,36 @@ static status_t verify(private_notify_payload_t *this) } break; } - /* FIXME: check size of P2P-NAT-T payloads */ + case IPCOMP_SUPPORTED: + { + if (this->notification_data.len != 3) + { + bad_length = TRUE; + } + break; + } + case ME_ENDPOINT: + if (this->notification_data.len != 8 && + this->notification_data.len != 12 && + this->notification_data.len != 24) + { + bad_length = TRUE; + } + break; + case ME_CONNECTID: + if (this->notification_data.len < 4 || + this->notification_data.len > 16) + { + bad_length = TRUE; + } + break; + case ME_CONNECTKEY: + if (this->notification_data.len < 16 || + this->notification_data.len > 32) + { + bad_length = TRUE; + } + break; default: /* TODO: verify */ break; diff --git a/src/charon/encoding/payloads/notify_payload.h b/src/charon/encoding/payloads/notify_payload.h index 03f61d473..f4a3bf27c 100644 --- a/src/charon/encoding/payloads/notify_payload.h +++ b/src/charon/encoding/payloads/notify_payload.h @@ -1,12 +1,5 @@ -/** - * @file notify_payload.h - * - * @brief Interface of notify_payload_t. - * - */ - /* - * Copyright (C) 2006-2007 Tobias Brunner + * Copyright (C) 2006-2008 Tobias Brunner * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -21,8 +14,14 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * $Id: notify_payload.h 3670 2008-03-27 09:54:09Z tobias $ */ +/** + * @defgroup notify_payload notify_payload + * @{ @ingroup payloads + */ #ifndef NOTIFY_PAYLOAD_H_ #define NOTIFY_PAYLOAD_H_ @@ -37,17 +36,13 @@ typedef struct notify_payload_t notify_payload_t; /** * Notify payload length in bytes without any spi and notification data. - * - * @ingroup payloads */ #define NOTIFY_PAYLOAD_HEADER_LENGTH 8 /** - * @brief Notify message types. + * Notify message types. * * See IKEv2 RFC 3.10.1. - * - * @ingroup payloads */ enum notify_type_t { /* notify error messages */ @@ -68,8 +63,8 @@ enum notify_type_t { INVALID_SELECTORS = 39, UNACCEPTABLE_ADDRESSES = 40, UNEXPECTED_NAT_DETECTED = 41, - /* P2P-NAT-T, private use */ - P2P_CONNECT_FAILED = 8192, + /* IKE-ME, private use */ + ME_CONNECT_FAILED = 8192, /* notify status messages */ INITIAL_CONTACT = 16384, @@ -98,41 +93,30 @@ enum notify_type_t { EAP_ONLY_AUTHENTICATION = 40960, /* BEET mode, not even a draft yet. private use */ USE_BEET_MODE = 40961, - /* P2P-NAT-T, private use */ - P2P_MEDIATION = 40962, - P2P_ENDPOINT = 40963, - P2P_CALLBACK = 40964, - P2P_SESSIONID = 40965, - P2P_SESSIONKEY = 40966, - P2P_RESPONSE = 40967 + /* IKE-ME, private use */ + ME_MEDIATION = 40962, + ME_ENDPOINT = 40963, + ME_CALLBACK = 40964, + ME_CONNECTID = 40965, + ME_CONNECTKEY = 40966, + ME_CONNECTAUTH = 40967, + ME_RESPONSE = 40968 }; /** * enum name for notify_type_t. - * - * @ingroup payloads */ extern enum_name_t *notify_type_names; /** * enum name for notify_type_t (shorter strings). - * - * @ingroup payloads */ extern enum_name_t *notify_type_short_names; /** - * @brief Class representing an IKEv2-Notify Payload. + * Class representing an IKEv2-Notify Payload. * * The Notify Payload format is described in Draft section 3.10. - * - * @b Constructors: - * - notify_payload_create() - * - notify_payload_create_from_protocol_and_type() - * - * @todo Build specified constructor/getter for notify's - * - * @ingroup payloads */ struct notify_payload_t { /** @@ -141,104 +125,91 @@ struct notify_payload_t { payload_t payload_interface; /** - * @brief Gets the protocol id of this payload. + * Gets the protocol id of this payload. * - * @param this calling notify_payload_t object * @return protocol id of this payload */ u_int8_t (*get_protocol_id) (notify_payload_t *this); /** - * @brief Sets the protocol id of this payload. + * Sets the protocol id of this payload. * - * @param this calling notify_payload_t object * @param protocol_id protocol id to set */ void (*set_protocol_id) (notify_payload_t *this, u_int8_t protocol_id); /** - * @brief Gets the notify message type of this payload. + * Gets the notify message type of this payload. * - * @param this calling notify_payload_t object * @return notify message type of this payload */ notify_type_t (*get_notify_type) (notify_payload_t *this); /** - * @brief Sets notify message type of this payload. + * Sets notify message type of this payload. * - * @param this calling notify_payload_t object * @param type notify message type to set */ void (*set_notify_type) (notify_payload_t *this, notify_type_t type); /** - * @brief Returns the currently set spi of this payload. + * Returns the currently set spi of this payload. * * This is only valid for notifys with protocol AH|ESP * - * @param this calling notify_payload_t object * @return SPI value */ u_int32_t (*get_spi) (notify_payload_t *this); /** - * @brief Sets the spi of this payload. + * Sets the spi of this payload. * * This is only valid for notifys with protocol AH|ESP * - * @param this calling notify_payload_t object * @param spi SPI value */ void (*set_spi) (notify_payload_t *this, u_int32_t spi); /** - * @brief Returns the currently set notification data of payload. + * Returns the currently set notification data of payload. * - * @warning Returned data are not copied. + * Returned data are not copied. * - * @param this calling notify_payload_t object * @return chunk_t pointing to the value */ chunk_t (*get_notification_data) (notify_payload_t *this); /** - * @brief Sets the notification data of this payload. + * Sets the notification data of this payload. * * @warning Value is getting copied. * - * @param this calling notify_payload_t object * @param notification_data chunk_t pointing to the value to set */ - void (*set_notification_data) (notify_payload_t *this, chunk_t notification_data); + void (*set_notification_data) (notify_payload_t *this, + chunk_t notification_data); /** - * @brief Destroys an notify_payload_t object. - * - * @param this notify_payload_t object to destroy + * Destroys an notify_payload_t object. */ void (*destroy) (notify_payload_t *this); }; /** - * @brief Creates an empty notify_payload_t object + * Creates an empty notify_payload_t object * * @return created notify_payload_t object - * - * @ingroup payloads */ notify_payload_t *notify_payload_create(void); /** - * @brief Creates an notify_payload_t object of specific type for specific protocol id. + * Creates an notify_payload_t object of specific type for specific protocol id. * * @param protocol_id protocol id (IKE, AH or ESP) * @param type notify type (see notify_type_t) * @return notify_payload_t object - * - * @ingroup payloads */ -notify_payload_t *notify_payload_create_from_protocol_and_type(protocol_id_t protocol_id, notify_type_t type); - +notify_payload_t *notify_payload_create_from_protocol_and_type( + protocol_id_t protocol_id, notify_type_t type); -#endif /*NOTIFY_PAYLOAD_H_*/ +#endif /*NOTIFY_PAYLOAD_H_ @} */ diff --git a/src/charon/encoding/payloads/payload.c b/src/charon/encoding/payloads/payload.c index 2c51c60de..17986dd58 100644 --- a/src/charon/encoding/payloads/payload.c +++ b/src/charon/encoding/payloads/payload.c @@ -1,11 +1,3 @@ -/** - * @file payload.c - * - * @brief Generic constructor to the payload_t interface. - * - * - */ - /* * Copyright (C) 2007 Tobias Brunner * Copyright (C) 2005-2006 Martin Willi @@ -21,6 +13,8 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * $Id: payload.c 3666 2008-03-26 18:40:19Z tobias $ */ @@ -64,13 +58,13 @@ ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION, EXTENSIBLE_AUTHENTICATION, N "ENCRYPTED", "CONFIGURATION", "EXTENSIBLE_AUTHENTICATION"); -#ifdef P2P +#ifdef ME ENUM_NEXT(payload_type_names, ID_PEER, ID_PEER, EXTENSIBLE_AUTHENTICATION, "ID_PEER"); ENUM_NEXT(payload_type_names, HEADER, UNKNOWN_PAYLOAD, ID_PEER, #else ENUM_NEXT(payload_type_names, HEADER, UNKNOWN_PAYLOAD, EXTENSIBLE_AUTHENTICATION, -#endif /* P2P */ +#endif /* ME */ "HEADER", "PROPOSAL_SUBSTRUCTURE", "TRANSFORM_SUBSTRUCTURE", @@ -100,13 +94,13 @@ ENUM_NEXT(payload_type_short_names, SECURITY_ASSOCIATION, EXTENSIBLE_AUTHENTICAT "E", "CP", "EAP"); -#ifdef P2P +#ifdef ME ENUM_NEXT(payload_type_short_names, ID_PEER, ID_PEER, EXTENSIBLE_AUTHENTICATION, "IDp"); ENUM_NEXT(payload_type_short_names, HEADER, UNKNOWN_PAYLOAD, ID_PEER, #else ENUM_NEXT(payload_type_short_names, HEADER, UNKNOWN_PAYLOAD, EXTENSIBLE_AUTHENTICATION, -#endif /* P2P */ +#endif /* ME */ "HDR", "PROP", "TRANS", @@ -139,10 +133,10 @@ payload_t *payload_create(payload_type_t type) return (payload_t*)id_payload_create(ID_INITIATOR); case ID_RESPONDER: return (payload_t*)id_payload_create(ID_RESPONDER); -#ifdef P2P +#ifdef ME case ID_PEER: return (payload_t*)id_payload_create(ID_PEER); -#endif /* P2P */ +#endif /* ME */ case AUTHENTICATION: return (payload_t*)auth_payload_create(); case CERTIFICATE: diff --git a/src/charon/encoding/payloads/payload.h b/src/charon/encoding/payloads/payload.h index ab902d755..abc79259a 100644 --- a/src/charon/encoding/payloads/payload.h +++ b/src/charon/encoding/payloads/payload.h @@ -1,10 +1,3 @@ -/** - * @file payload.h - * - * @brief Interface payload_t. - * - */ - /* * Copyright (C) 2007 Tobias Brunner * Copyright (C) 2005-2006 Martin Willi @@ -20,6 +13,13 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * $Id: payload.h 3666 2008-03-26 18:40:19Z tobias $ + */ + +/** + * @defgroup payload payload + * @{ @ingroup payloads */ #ifndef PAYLOAD_H_ @@ -33,12 +33,10 @@ typedef struct payload_t payload_t; /** - * @brief Payload-Types of a IKEv2-Message. + * Payload-Types of a IKEv2-Message. * * Header and substructures are also defined as * payload types with values from PRIVATE USE space. - * - * @ingroup payloads */ enum payload_type_t{ @@ -127,13 +125,13 @@ enum payload_type_t{ */ EXTENSIBLE_AUTHENTICATION = 48, -#ifdef P2P +#ifdef ME /** - * Identification payload for peers in P2P-NAT-T has a value from + * Identification payload for peers has a value from * the PRIVATE USE space. */ ID_PEER = 128, -#endif /* P2P */ +#endif /* ME */ /** * Header has a value of PRIVATE USE space. @@ -204,80 +202,65 @@ extern enum_name_t *payload_type_names; extern enum_name_t *payload_type_short_names; /** - * @brief Generic interface for all payload types (incl.header and substructures). + * Generic interface for all payload types (incl.header and substructures). * * To handle all kinds of payloads on a generic way, this interface must * be implemented by every payload. This allows parser_t/generator_t a simple * handling of all payloads. - * - * @b Constructors: - * - payload_create() with the payload to instantiate. - * - * @ingroup payloads */ struct payload_t { /** - * @brief Get encoding rules for this payload. + * Get encoding rules for this payload. * - * @param this calling object - * @param[out] rules location to store pointer of first rule - * @param[out] rule_count location to store number of rules + * @param rules location to store pointer of first rule + * @param rule_count location to store number of rules */ void (*get_encoding_rules) (payload_t *this, encoding_rule_t **rules, size_t *rule_count); /** - * @brief Get type of payload. + * Get type of payload. * - * @param this calling object - * @return type of this payload + * @return type of this payload */ payload_type_t (*get_type) (payload_t *this); /** - * @brief Get type of next payload or NO_PAYLOAD (0) if this is the last one. + * Get type of next payload or NO_PAYLOAD (0) if this is the last one. * - * @param this calling object - * @return type of next payload + * @return type of next payload */ payload_type_t (*get_next_type) (payload_t *this); /** - * @brief Set type of next payload. + * Set type of next payload. * - * @param this calling object - * @param type type of next payload + * @param type type of next payload */ void (*set_next_type) (payload_t *this,payload_type_t type); /** - * @brief Get length of payload. + * Get length of payload. * - * @param this calling object - * @return length of this payload + * @return length of this payload */ size_t (*get_length) (payload_t *this); /** - * @brief Verifies payload structure and makes consistence check. + * Verifies payload structure and makes consistence check. * - * @param this calling object - * @return - * - SUCCESS - * - FAILED if consistence not given + * @return SUCCESS, FAILED if consistence not given */ status_t (*verify) (payload_t *this); /** - * @brief Destroys a payload and all included substructures. - * - * @param this payload to destroy + * Destroys a payload and all included substructures. */ void (*destroy) (payload_t *this); }; /** - * @brief Create an empty payload. + * Create an empty payload. * * Useful for the parser, who wants a generic constructor for all payloads. * It supports all payload_t methods. If a payload type is not known, @@ -288,4 +271,4 @@ struct payload_t { */ payload_t *payload_create(payload_type_t type); -#endif /*PAYLOAD_H_*/ +#endif /*PAYLOAD_H_ @} */ diff --git a/src/charon/encoding/payloads/proposal_substructure.c b/src/charon/encoding/payloads/proposal_substructure.c index 182d2b6e8..daa015d3e 100644 --- a/src/charon/encoding/payloads/proposal_substructure.c +++ b/src/charon/encoding/payloads/proposal_substructure.c @@ -1,10 +1,3 @@ -/** - * @file proposal_substructure.h - * - * @brief Implementation of proposal_substructure_t. - * - */ - /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -19,6 +12,8 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * $Id: proposal_substructure.c 3658 2008-03-26 10:06:45Z martin $ */ #include <stddef.h> @@ -521,60 +516,62 @@ proposal_substructure_t *proposal_substructure_create() */ proposal_substructure_t *proposal_substructure_create_from_proposal(proposal_t *proposal) { - private_proposal_substructure_t *this = (private_proposal_substructure_t*) - proposal_substructure_create(); - iterator_t *iterator; - algorithm_t *algo; transform_substructure_t *transform; + private_proposal_substructure_t *this; + u_int16_t alg, key_size; + enumerator_t *enumerator; + + this = (private_proposal_substructure_t*)proposal_substructure_create(); /* encryption algorithm is only availble in ESP */ - iterator = proposal->create_algorithm_iterator(proposal, ENCRYPTION_ALGORITHM); - while (iterator->iterate(iterator, (void**)&algo)) + enumerator = proposal->create_enumerator(proposal, ENCRYPTION_ALGORITHM); + while (enumerator->enumerate(enumerator, &alg, &key_size)) { transform = transform_substructure_create_type(ENCRYPTION_ALGORITHM, - algo->algorithm, algo->key_size); - this->public.add_transform_substructure(&(this->public), transform); + alg, key_size); + add_transform_substructure(this, transform); } - iterator->destroy(iterator); + enumerator->destroy(enumerator); /* integrity algorithms */ - iterator = proposal->create_algorithm_iterator(proposal, INTEGRITY_ALGORITHM); - while (iterator->iterate(iterator, (void**)&algo)) + enumerator = proposal->create_enumerator(proposal, INTEGRITY_ALGORITHM); + while (enumerator->enumerate(enumerator, &alg, &key_size)) { transform = transform_substructure_create_type(INTEGRITY_ALGORITHM, - algo->algorithm, algo->key_size); - this->public.add_transform_substructure(&(this->public), transform); + alg, key_size); + add_transform_substructure(this, transform); } - iterator->destroy(iterator); + enumerator->destroy(enumerator); /* prf algorithms */ - iterator = proposal->create_algorithm_iterator(proposal, PSEUDO_RANDOM_FUNCTION); - while (iterator->iterate(iterator, (void**)&algo)) + enumerator = proposal->create_enumerator(proposal, PSEUDO_RANDOM_FUNCTION); + while (enumerator->enumerate(enumerator, &alg, &key_size)) { transform = transform_substructure_create_type(PSEUDO_RANDOM_FUNCTION, - algo->algorithm, algo->key_size); - this->public.add_transform_substructure(&(this->public), transform); + alg, key_size); + add_transform_substructure(this, transform); } - iterator->destroy(iterator); + enumerator->destroy(enumerator); /* dh groups */ - iterator = proposal->create_algorithm_iterator(proposal, DIFFIE_HELLMAN_GROUP); - while (iterator->iterate(iterator, (void**)&algo)) + enumerator = proposal->create_enumerator(proposal, DIFFIE_HELLMAN_GROUP); + while (enumerator->enumerate(enumerator, &alg, NULL)) { - transform = transform_substructure_create_type(DIFFIE_HELLMAN_GROUP, algo->algorithm, 0); - this->public.add_transform_substructure(&(this->public), transform); + transform = transform_substructure_create_type(DIFFIE_HELLMAN_GROUP, + alg, 0); + add_transform_substructure(this, transform); } - iterator->destroy(iterator); + enumerator->destroy(enumerator); /* extended sequence numbers */ - iterator = proposal->create_algorithm_iterator(proposal, EXTENDED_SEQUENCE_NUMBERS); - while (iterator->iterate(iterator, (void**)&algo)) + enumerator = proposal->create_enumerator(proposal, EXTENDED_SEQUENCE_NUMBERS); + while (enumerator->enumerate(enumerator, &alg, NULL)) { transform = transform_substructure_create_type(EXTENDED_SEQUENCE_NUMBERS, - algo->algorithm, 0); - this->public.add_transform_substructure(&(this->public), transform); + alg, 0); + add_transform_substructure(this, transform); } - iterator->destroy(iterator); + enumerator->destroy(enumerator); /* add SPI, if necessary */ switch (proposal->get_protocol(proposal)) diff --git a/src/charon/encoding/payloads/proposal_substructure.h b/src/charon/encoding/payloads/proposal_substructure.h index 93a8d7b2f..85daadddc 100644 --- a/src/charon/encoding/payloads/proposal_substructure.h +++ b/src/charon/encoding/payloads/proposal_substructure.h @@ -1,10 +1,3 @@ -/** - * @file proposal_substructure.h - * - * @brief Interface of proposal_substructure_t. - * - */ - /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -19,6 +12,13 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * $Id: proposal_substructure.h 3589 2008-03-13 14:14:44Z martin $ + */ + +/** + * @defgroup proposal_substructure proposal_substructure + * @{ @ingroup payloads */ #ifndef PROPOSAL_SUBSTRUCTURE_H_ @@ -35,20 +35,13 @@ typedef struct proposal_substructure_t proposal_substructure_t; /** * Length of the proposal substructure header (without spi). - * - * @ingroup payloads */ #define PROPOSAL_SUBSTRUCTURE_HEADER_LENGTH 8 /** - * @brief Class representing an IKEv2-PROPOSAL SUBSTRUCTURE. + * Class representing an IKEv2-PROPOSAL SUBSTRUCTURE. * * The PROPOSAL SUBSTRUCTURE format is described in RFC section 3.3.1. - * - * @b Constructors: - * - proposal_substructure_create() - * - * @ingroup payloads */ struct proposal_substructure_t { /** @@ -57,150 +50,126 @@ struct proposal_substructure_t { payload_t payload_interface; /** - * @brief Creates an iterator of stored transform_substructure_t objects. - * - * @warning The created iterator has to get destroyed by the caller! - * When deleting any transform over this iterator, call - * get_size to make sure the length and number values are ok. + * Creates an iterator of stored transform_substructure_t objects. * - * @param this calling proposal_substructure_t object * @param forward iterator direction (TRUE: front to end) * @return created iterator_t object */ - iterator_t *(*create_transform_substructure_iterator) (proposal_substructure_t *this, bool forward); + iterator_t *(*create_transform_substructure_iterator) ( + proposal_substructure_t *this, bool forward); /** - * @brief Adds a transform_substructure_t object to this object. - * - * @warning The added transform_substructure_t object is - * getting destroyed in destroy function of proposal_substructure_t. + * Adds a transform_substructure_t object to this object. * - * @param this calling proposal_substructure_t object - * @param transform transform_substructure_t object to add + * @param transform transform_substructure_t object to add */ - void (*add_transform_substructure) (proposal_substructure_t *this,transform_substructure_t *transform); + void (*add_transform_substructure) (proposal_substructure_t *this, + transform_substructure_t *transform); /** - * @brief Sets the proposal number of current proposal. + * Sets the proposal number of current proposal. * - * @param this calling proposal_substructure_t object - * @param id proposal number to set + * @param id proposal number to set */ - void (*set_proposal_number) (proposal_substructure_t *this,u_int8_t proposal_number); + void (*set_proposal_number) (proposal_substructure_t *this, + u_int8_t proposal_number); /** - * @brief get proposal number of current proposal. + * get proposal number of current proposal. * - * @param this calling proposal_substructure_t object * @return proposal number of current proposal substructure. */ u_int8_t (*get_proposal_number) (proposal_substructure_t *this); /** - * @brief get the number of transforms in current proposal. + * get the number of transforms in current proposal. * - * @param this calling proposal_substructure_t object * @return transform count in current proposal */ size_t (*get_transform_count) (proposal_substructure_t *this); /** - * @brief get size of the set spi in bytes. + * get size of the set spi in bytes. * - * @param this calling proposal_substructure_t object * @return size of the spi in bytes */ size_t (*get_spi_size) (proposal_substructure_t *this); /** - * @brief Sets the protocol id of current proposal. + * Sets the protocol id of current proposal. * - * @param this calling proposal_substructure_t object - * @param id protocol id to set + * @param id protocol id to set */ - void (*set_protocol_id) (proposal_substructure_t *this,u_int8_t protocol_id); + void (*set_protocol_id) (proposal_substructure_t *this, + u_int8_t protocol_id); /** - * @brief get protocol id of current proposal. + * get protocol id of current proposal. * - * @param this calling proposal_substructure_t object * @return protocol id of current proposal substructure. */ u_int8_t (*get_protocol_id) (proposal_substructure_t *this); /** - * @brief Sets the next_payload field of this substructure + * Sets the next_payload field of this substructure * * If this is the last proposal, next payload field is set to 0, * otherwise to 2 * - * @param this calling proposal_substructure_t object * @param is_last When TRUE, next payload field is set to 0, otherwise to 2 */ void (*set_is_last_proposal) (proposal_substructure_t *this, bool is_last); /** - * @brief Returns the currently set SPI of this proposal. - * - * @warning Returned data are not copied - * - * @param this calling proposal_substructure_t object - * @return chunk_t pointing to the value + * Returns the currently set SPI of this proposal. + * + * @return chunk_t pointing to the value */ chunk_t (*get_spi) (proposal_substructure_t *this); /** - * @brief Sets the SPI of the current proposal. + * Sets the SPI of the current proposal. * * @warning SPI is getting copied * - * @param this calling proposal_substructure_t object - * @param spi chunk_t pointing to the value to set + * @param spi chunk_t pointing to the value to set */ void (*set_spi) (proposal_substructure_t *this, chunk_t spi); /** - * @brief Get a proposal_t from the propsal_substructure_t. + * Get a proposal_t from the propsal_substructure_t. * - * @param this calling proposal_substructure_t object * @return proposal_t */ proposal_t * (*get_proposal) (proposal_substructure_t *this); /** - * @brief Clones an proposal_substructure_t object. + * Clones an proposal_substructure_t object. * - * @param this proposal_substructure_t object to clone * @return cloned object */ proposal_substructure_t* (*clone) (proposal_substructure_t *this); /** - * @brief Destroys an proposal_substructure_t object. - * - * @param this proposal_substructure_t object to destroy + * Destroys an proposal_substructure_t object. */ void (*destroy) (proposal_substructure_t *this); }; /** - * @brief Creates an empty proposal_substructure_t object + * Creates an empty proposal_substructure_t object * * @return proposal_substructure_t object - * - * @ingroup payloads */ proposal_substructure_t *proposal_substructure_create(void); /** - * @brief Creates a proposal_substructure_t from a proposal_t. + * Creates a proposal_substructure_t from a proposal_t. * * @param proposal proposal to build a substruct out of it * @return proposal_substructure_t object - * - * @ingroup payloads */ -proposal_substructure_t *proposal_substructure_create_from_proposal(proposal_t *proposal); - +proposal_substructure_t *proposal_substructure_create_from_proposal( + proposal_t *proposal); -#endif /*PROPOSAL_SUBSTRUCTURE_H_*/ +#endif /*PROPOSAL_SUBSTRUCTURE_H_ @} */ diff --git a/src/charon/encoding/payloads/sa_payload.c b/src/charon/encoding/payloads/sa_payload.c index 304f1b64c..ecc3b0f60 100644 --- a/src/charon/encoding/payloads/sa_payload.c +++ b/src/charon/encoding/payloads/sa_payload.c @@ -1,10 +1,3 @@ -/** - * @file sa_payload.c - * - * @brief Implementation of sa_payload_t. - * - */ - /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -19,6 +12,8 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * $Id: sa_payload.c 3589 2008-03-13 14:14:44Z martin $ */ #include <stddef.h> diff --git a/src/charon/encoding/payloads/sa_payload.h b/src/charon/encoding/payloads/sa_payload.h index 67d687857..34906c889 100644 --- a/src/charon/encoding/payloads/sa_payload.h +++ b/src/charon/encoding/payloads/sa_payload.h @@ -1,10 +1,3 @@ -/** - * @file sa_payload.h - * - * @brief Interface of sa_payload_t. - * - */ - /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -19,6 +12,13 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * $Id: sa_payload.h 3589 2008-03-13 14:14:44Z martin $ + */ + +/** + * @defgroup sa_payload sa_payload + * @{ @ingroup payloads */ #ifndef SA_PAYLOAD_H_ @@ -33,24 +33,13 @@ typedef struct sa_payload_t sa_payload_t; /** * SA_PAYLOAD length in bytes without any proposal substructure. - * - * @ingroup payloads */ #define SA_PAYLOAD_HEADER_LENGTH 4 /** - * @brief Class representing an IKEv2-SA Payload. + * Class representing an IKEv2-SA Payload. * * The SA Payload format is described in RFC section 3.3. - * - * @b Constructors: - * - sa_payload_create() - * - sa_payload_create_from_ike_proposals() - * - sa_payload_create_from_proposal() - * - * @todo Add support of algorithms without specified keylength in get_proposals and get_ike_proposals. - * - * @ingroup payloads */ struct sa_payload_t { /** @@ -59,83 +48,70 @@ struct sa_payload_t { payload_t payload_interface; /** - * @brief Creates an iterator of stored proposal_substructure_t objects. + * Creates an iterator of stored proposal_substructure_t objects. * - * @warning The created iterator has to get destroyed by the caller! - * - * @warning When deleting an proposal using this iterator, - * the length of this transform substructure has to be refreshed - * by calling get_length()! + * When deleting an proposal using this iterator, + * the length of this transform substructure has to be refreshed + * by calling get_length()! * - * @param this calling sa_payload_t object - * @param[in] forward iterator direction (TRUE: front to end) - * @return created iterator_t object + * @param forward iterator direction (TRUE: front to end) + * @return created iterator_t object */ - iterator_t *(*create_proposal_substructure_iterator) (sa_payload_t *this, bool forward); + iterator_t *(*create_proposal_substructure_iterator) (sa_payload_t *this, + bool forward); /** - * @brief Adds a proposal_substructure_t object to this object. - * - * @warning The added proposal_substructure_t object is - * getting destroyed in destroy function of sa_payload_t. + * Adds a proposal_substructure_t object to this object. * - * @param this calling sa_payload_t object * @param proposal proposal_substructure_t object to add */ - void (*add_proposal_substructure) (sa_payload_t *this,proposal_substructure_t *proposal); + void (*add_proposal_substructure) (sa_payload_t *this, + proposal_substructure_t *proposal); /** - * @brief Gets the proposals in this payload as a list. + * Gets the proposals in this payload as a list. * * @return a list containing proposal_t s */ linked_list_t *(*get_proposals) (sa_payload_t *this); /** - * @brief Add a child proposal (AH/ESP) to the payload. + * Add a child proposal (AH/ESP) to the payload. * * @param proposal child proposal to add to the payload */ void (*add_proposal) (sa_payload_t *this, proposal_t *proposal); /** - * @brief Destroys an sa_payload_t object. - * - * @param this sa_payload_t object to destroy + * Destroys an sa_payload_t object. */ void (*destroy) (sa_payload_t *this); }; /** - * @brief Creates an empty sa_payload_t object + * Creates an empty sa_payload_t object * * @return created sa_payload_t object - * - * @ingroup payloads */ sa_payload_t *sa_payload_create(void); /** - * @brief Creates a sa_payload_t object from a list of proposals. + * Creates a sa_payload_t object from a list of proposals. * * @param proposals list of proposals to build the payload from * @return sa_payload_t object - * - * @ingroup payloads */ sa_payload_t *sa_payload_create_from_proposal_list(linked_list_t *proposals); /** - * @brief Creates a sa_payload_t object from a single proposal. + * Creates a sa_payload_t object from a single proposal. * * This is only for convenience. Use sa_payload_create_from_proposal_list * if you want to add more than one proposal. * * @param proposal proposal from which the payload should be built. * @return sa_payload_t object - * - * @ingroup payloads */ sa_payload_t *sa_payload_create_from_proposal(proposal_t *proposal); -#endif /*SA_PAYLOAD_H_*/ +#endif /*SA_PAYLOAD_H_ @} */ diff --git a/src/charon/encoding/payloads/traffic_selector_substructure.c b/src/charon/encoding/payloads/traffic_selector_substructure.c index 573139bf3..f6042b4b6 100644 --- a/src/charon/encoding/payloads/traffic_selector_substructure.c +++ b/src/charon/encoding/payloads/traffic_selector_substructure.c @@ -1,10 +1,3 @@ -/** - * @file traffic_selector_substructure.c - * - * @brief Interface of traffic_selector_substructure_t. - * - */ - /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -19,6 +12,8 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * $Id: traffic_selector_substructure.c 3589 2008-03-13 14:14:44Z martin $ */ #include "traffic_selector_substructure.h" diff --git a/src/charon/encoding/payloads/traffic_selector_substructure.h b/src/charon/encoding/payloads/traffic_selector_substructure.h index 14efccc89..2a2769fb6 100644 --- a/src/charon/encoding/payloads/traffic_selector_substructure.h +++ b/src/charon/encoding/payloads/traffic_selector_substructure.h @@ -1,10 +1,3 @@ -/** - * @file traffic_selector_substructure.h - * - * @brief Interface of traffic_selector_substructure_t. - * - */ - /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -19,8 +12,14 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * $Id: traffic_selector_substructure.h 3589 2008-03-13 14:14:44Z martin $ */ +/** + * @defgroup traffic_selector_substructure traffic_selector_substructure + * @{ @ingroup payloads + */ #ifndef TRAFFIC_SELECTOR_SUBSTRUCTURE_H_ #define TRAFFIC_SELECTOR_SUBSTRUCTURE_H_ @@ -34,21 +33,13 @@ typedef struct traffic_selector_substructure_t traffic_selector_substructure_t; /** * Length of a TRAFFIC SELECTOR SUBSTRUCTURE without start and end address. - * - * @ingroup payloads */ #define TRAFFIC_SELECTOR_HEADER_LENGTH 8 /** - * @brief Class representing an IKEv2 TRAFFIC SELECTOR. + * Class representing an IKEv2 TRAFFIC SELECTOR. * * The TRAFFIC SELECTOR format is described in RFC section 3.13.1. - * - * @b Constructors: - * - traffic_selector_substructure_create() - * - traffic_selector_substructure_create_from_traffic_selector() - * - * @ingroup payloads */ struct traffic_selector_substructure_t { /** @@ -57,116 +48,106 @@ struct traffic_selector_substructure_t { payload_t payload_interface; /** - * @brief Get the type of Traffic selector. + * Get the type of Traffic selector. * - * @param this calling traffic_selector_substructure_t object * @return type of traffic selector * */ ts_type_t (*get_ts_type) (traffic_selector_substructure_t *this); /** - * @brief Set the type of Traffic selector. + * Set the type of Traffic selector. * - * @param this calling traffic_selector_substructure_t object * @param ts_type type of traffic selector */ - void (*set_ts_type) (traffic_selector_substructure_t *this,ts_type_t ts_type); + void (*set_ts_type) (traffic_selector_substructure_t *this, + ts_type_t ts_type); /** - * @brief Get the IP protocol ID of Traffic selector. + * Get the IP protocol ID of Traffic selector. * - * @param this calling traffic_selector_substructure_t object * @return type of traffic selector * */ u_int8_t (*get_protocol_id) (traffic_selector_substructure_t *this); /** - * @brief Set the IP protocol ID of Traffic selector + * Set the IP protocol ID of Traffic selector * - * @param this calling traffic_selector_substructure_t object * @param protocol_id protocol ID of traffic selector */ - void (*set_protocol_id) (traffic_selector_substructure_t *this,u_int8_t protocol_id); + void (*set_protocol_id) (traffic_selector_substructure_t *this, + u_int8_t protocol_id); /** - * @brief Get the start port and address as host_t object. + * Get the start port and address as host_t object. * * Returned host_t object has to get destroyed by the caller. * - * @param this calling traffic_selector_substructure_t object * @return start host as host_t object * */ host_t *(*get_start_host) (traffic_selector_substructure_t *this); /** - * @brief Set the start port and address as host_t object. + * Set the start port and address as host_t object. * - * @param this calling traffic_selector_substructure_t object * @param start_host start host as host_t object */ - void (*set_start_host) (traffic_selector_substructure_t *this,host_t *start_host); + void (*set_start_host) (traffic_selector_substructure_t *this, + host_t *start_host); /** - * @brief Get the end port and address as host_t object. + * Get the end port and address as host_t object. * * Returned host_t object has to get destroyed by the caller. * - * @param this calling traffic_selector_substructure_t object * @return end host as host_t object * */ host_t *(*get_end_host) (traffic_selector_substructure_t *this); /** - * @brief Set the end port and address as host_t object. + * Set the end port and address as host_t object. * - * @param this calling traffic_selector_substructure_t object * @param end_host end host as host_t object */ - void (*set_end_host) (traffic_selector_substructure_t *this,host_t *end_host); + void (*set_end_host) (traffic_selector_substructure_t *this, + host_t *end_host); /** - * @brief Get a traffic_selector_t from this substructure. + * Get a traffic_selector_t from this substructure. * * @warning traffic_selector_t must be destroyed after usage. * - * @param this calling traffic_selector_substructure_t object * @return contained traffic_selector_t */ - traffic_selector_t *(*get_traffic_selector) (traffic_selector_substructure_t *this); + traffic_selector_t *(*get_traffic_selector) ( + traffic_selector_substructure_t *this); /** - * @brief Destroys an traffic_selector_substructure_t object. - * - * @param this traffic_selector_substructure_t object to destroy + * Destroys an traffic_selector_substructure_t object. */ void (*destroy) (traffic_selector_substructure_t *this); }; /** - * @brief Creates an empty traffic_selector_substructure_t object. + * Creates an empty traffic_selector_substructure_t object. * * TS type is set to default TS_IPV4_ADDR_RANGE! * * @return traffic_selector_substructure_t object - * - * @ingroup payloads */ traffic_selector_substructure_t *traffic_selector_substructure_create(void); /** - * @brief Creates an initialized traffif selector substructure using + * Creates an initialized traffif selector substructure using * the values from a traffic_selector_t. * * @param traffic_selector traffic_selector_t to use for initialization * @return traffic_selector_substructure_t object - * - * @ingroup payloads */ -traffic_selector_substructure_t *traffic_selector_substructure_create_from_traffic_selector(traffic_selector_t *traffic_selector); - +traffic_selector_substructure_t *traffic_selector_substructure_create_from_traffic_selector( + traffic_selector_t *traffic_selector); -#endif /* /TRAFFIC_SELECTOR_SUBSTRUCTURE_H_ */ +#endif /* /TRAFFIC_SELECTOR_SUBSTRUCTURE_H_ @} */ diff --git a/src/charon/encoding/payloads/transform_attribute.c b/src/charon/encoding/payloads/transform_attribute.c index 066885c55..b9b5ff879 100644 --- a/src/charon/encoding/payloads/transform_attribute.c +++ b/src/charon/encoding/payloads/transform_attribute.c @@ -1,10 +1,3 @@ -/** - * @file transform_attribute.c - * - * @brief Implementation of transform_attribute_t. - * - */ - /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -19,6 +12,8 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * $Id: transform_attribute.c 3589 2008-03-13 14:14:44Z martin $ */ #include <string.h> diff --git a/src/charon/encoding/payloads/transform_attribute.h b/src/charon/encoding/payloads/transform_attribute.h index 30583b23f..891155913 100644 --- a/src/charon/encoding/payloads/transform_attribute.h +++ b/src/charon/encoding/payloads/transform_attribute.h @@ -1,10 +1,3 @@ -/** - * @file transform_attribute.h - * - * @brief Interface of transform_attribute_t. - * - */ - /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -19,6 +12,13 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * $Id: transform_attribute.h 3589 2008-03-13 14:14:44Z martin $ + */ + +/** + * @defgroup transform_attribute transform_attribute + * @{ @ingroup payloads */ #ifndef TRANSFORM_ATTRIBUTE_H_ @@ -33,8 +33,6 @@ typedef struct transform_attribute_t transform_attribute_t; /** * Type of the attribute, as in IKEv2 RFC 3.3.5. - * - * @ingroup payloads */ enum transform_attribute_type_t { ATTRIBUTE_UNDEFINED = 16384, @@ -43,17 +41,13 @@ enum transform_attribute_type_t { /** * enum name for transform_attribute_type_t. - * - * @ingroup payloads */ extern enum_name_t *transform_attribute_type_names; /** - * @brief Class representing an IKEv2- TRANSFORM Attribute. + * Class representing an IKEv2- TRANSFORM Attribute. * * The TRANSFORM ATTRIBUTE format is described in RFC section 3.3.5. - * - * @ingroup payloads */ struct transform_attribute_t { /** @@ -62,93 +56,79 @@ struct transform_attribute_t { payload_t payload_interface; /** - * @brief Returns the currently set value of the attribute. + * Returns the currently set value of the attribute. * - * @warning Returned data are not copied. + * Returned data are not copied. * - * @param this calling transform_attribute_t object * @return chunk_t pointing to the value */ chunk_t (*get_value_chunk) (transform_attribute_t *this); /** - * @brief Returns the currently set value of the attribute. + * Returns the currently set value of the attribute. * - * @warning Returned data are not copied. + * Returned data are not copied. * - * @param this calling transform_attribute_t object * @return value */ u_int16_t (*get_value) (transform_attribute_t *this); /** - * @brief Sets the value of the attribute. + * Sets the value of the attribute. * - * @warning Value is getting copied. + * Value is getting copied. * - * @param this calling transform_attribute_t object * @param value chunk_t pointing to the value to set */ void (*set_value_chunk) (transform_attribute_t *this, chunk_t value); /** - * @brief Sets the value of the attribute. + * Sets the value of the attribute. * - * @param this calling transform_attribute_t object * @param value value to set */ void (*set_value) (transform_attribute_t *this, u_int16_t value); /** - * @brief Sets the type of the attribute. + * Sets the type of the attribute. * - * @param this calling transform_attribute_t object * @param type type to set (most significant bit is set to zero) */ void (*set_attribute_type) (transform_attribute_t *this, u_int16_t type); /** - * @brief get the type of the attribute. + * get the type of the attribute. * - * @param this calling transform_attribute_t object * @return type of the value */ u_int16_t (*get_attribute_type) (transform_attribute_t *this); /** - * @brief Clones an transform_attribute_t object. + * Clones an transform_attribute_t object. * - * @param this transform_attribute_t object to clone * @return cloned transform_attribute_t object */ transform_attribute_t * (*clone) (transform_attribute_t *this); /** - * @brief Destroys an transform_attribute_t object. - * - * @param this transform_attribute_t object to destroy + * Destroys an transform_attribute_t object. */ void (*destroy) (transform_attribute_t *this); }; /** - * @brief Creates an empty transform_attribute_t object. + * Creates an empty transform_attribute_t object. * * @return transform_attribute_t object - * - * @ingroup payloads */ transform_attribute_t *transform_attribute_create(void); /** - * @brief Creates an transform_attribute_t of type KEY_LENGTH. + * Creates an transform_attribute_t of type KEY_LENGTH. * * @param key_length key length in bytes * @return transform_attribute_t object - * - * @ingroup payloads */ transform_attribute_t *transform_attribute_create_key_length(u_int16_t key_length); - -#endif /*TRANSFORM_ATTRIBUTE_H_*/ +#endif /*TRANSFORM_ATTRIBUTE_H_ @} */ diff --git a/src/charon/encoding/payloads/transform_substructure.c b/src/charon/encoding/payloads/transform_substructure.c index d64d6c754..7c3d6421a 100644 --- a/src/charon/encoding/payloads/transform_substructure.c +++ b/src/charon/encoding/payloads/transform_substructure.c @@ -1,10 +1,3 @@ -/** - * @file transform_substructure.h - * - * @brief Implementation of transform_substructure_t. - * - */ - /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -19,6 +12,8 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * $Id: transform_substructure.c 3971 2008-05-16 13:27:21Z tobias $ */ #include <stddef.h> @@ -395,14 +390,28 @@ transform_substructure_t *transform_substructure_create_type(transform_type_t tr transform->set_transform_id(transform,transform_id); /* a keylength attribute is only created for variable length algos */ - if (transform_type == ENCRYPTION_ALGORITHM && - (transform_id == ENCR_AES_CBC || - transform_id == ENCR_IDEA || - transform_id == ENCR_CAST || - transform_id == ENCR_BLOWFISH)) + if (transform_type == ENCRYPTION_ALGORITHM) { - transform_attribute_t *attribute = transform_attribute_create_key_length(key_length); - transform->add_transform_attribute(transform,attribute); + switch(transform_id) + { + case ENCR_AES_CBC: + case ENCR_IDEA: + case ENCR_CAST: + case ENCR_BLOWFISH: + case ENCR_AES_CCM_ICV8: + case ENCR_AES_CCM_ICV12: + case ENCR_AES_CCM_ICV16: + case ENCR_AES_GCM_ICV8: + case ENCR_AES_GCM_ICV12: + case ENCR_AES_GCM_ICV16: + { + transform_attribute_t *attribute = transform_attribute_create_key_length(key_length); + transform->add_transform_attribute(transform,attribute); + break; + } + default: + break; + } } return transform; diff --git a/src/charon/encoding/payloads/transform_substructure.h b/src/charon/encoding/payloads/transform_substructure.h index 97f587d5d..6be4b6d1e 100644 --- a/src/charon/encoding/payloads/transform_substructure.h +++ b/src/charon/encoding/payloads/transform_substructure.h @@ -1,10 +1,3 @@ -/** - * @file transform_substructure.h - * - * @brief Interface of transform_substructure_t. - * - */ - /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -19,6 +12,13 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * $Id: transform_substructure.h 3589 2008-03-13 14:14:44Z martin $ + */ + +/** + * @defgroup transform_substructure transform_substructure + * @{ @ingroup payloads */ #ifndef TRANSFORM_SUBSTRUCTURE_H_ @@ -39,25 +39,19 @@ typedef struct transform_substructure_t transform_substructure_t; /** * IKEv1 Value for a transform payload. - * - * @ingroup payloads */ #define TRANSFORM_TYPE_VALUE 3 /** * Length of the transform substructure header in bytes. - * - * @ingroup payloads */ #define TRANSFORM_SUBSTRUCTURE_HEADER_LENGTH 8 /** - * @brief Class representing an IKEv2- TRANSFORM SUBSTRUCTURE. + * Class representing an IKEv2- TRANSFORM SUBSTRUCTURE. * * The TRANSFORM SUBSTRUCTURE format is described in RFC section 3.3.2. - * - * @ingroup payloads */ struct transform_substructure_t { /** @@ -66,121 +60,105 @@ struct transform_substructure_t { payload_t payload_interface; /** - * @brief Creates an iterator of stored transform_attribute_t objects. - * - * @warning The created iterator has to get destroyed by the caller! + * Creates an iterator of stored transform_attribute_t objects. * - * @warning When deleting an transform attribute using this iterator, - * the length of this transform substructure has to be refreshed - * by calling get_length()! + * When deleting an transform attribute using this iterator, + * the length of this transform substructure has to be refreshed + * by calling get_length(). * - * @param this calling transform_substructure_t object - * @param[in] forward iterator direction (TRUE: front to end) + * @param forward iterator direction (TRUE: front to end) * @return created iterator_t object. */ - iterator_t * (*create_transform_attribute_iterator) (transform_substructure_t *this, bool forward); + iterator_t * (*create_transform_attribute_iterator) ( + transform_substructure_t *this, bool forward); /** - * @brief Adds a transform_attribute_t object to this object. - * - * @warning The added proposal_substructure_t object is - * getting destroyed in destroy function of transform_substructure_t. + * Adds a transform_attribute_t object to this object. * - * @param this calling transform_substructure_t object * @param proposal transform_attribute_t object to add */ - void (*add_transform_attribute) (transform_substructure_t *this,transform_attribute_t *attribute); + void (*add_transform_attribute) (transform_substructure_t *this, + transform_attribute_t *attribute); /** - * @brief Sets the next_payload field of this substructure + * Sets the next_payload field of this substructure * * If this is the last transform, next payload field is set to 0, * otherwise to 3 * - * @param this calling transform_substructure_t object * @param is_last When TRUE, next payload field is set to 0, otherwise to 3 */ void (*set_is_last_transform) (transform_substructure_t *this, bool is_last); /** - * @brief Checks if this is the last transform. + * Checks if this is the last transform. * - * @param this calling transform_substructure_t object * @return TRUE if this is the last Transform, FALSE otherwise */ bool (*get_is_last_transform) (transform_substructure_t *this); /** - * @brief Sets transform type of the current transform substructure. + * Sets transform type of the current transform substructure. * - * @param this calling transform_substructure_t object * @param type type value to set */ - void (*set_transform_type) (transform_substructure_t *this,u_int8_t type); + void (*set_transform_type) (transform_substructure_t *this, u_int8_t type); /** - * @brief get transform type of the current transform. + * get transform type of the current transform. * - * @param this calling transform_substructure_t object * @return Transform type of current transform substructure. */ u_int8_t (*get_transform_type) (transform_substructure_t *this); /** - * @brief Sets transform id of the current transform substructure. + * Sets transform id of the current transform substructure. * - * @param this calling transform_substructure_t object - * @param id transform id to set + * @param id transform id to set */ - void (*set_transform_id) (transform_substructure_t *this,u_int16_t id); + void (*set_transform_id) (transform_substructure_t *this, u_int16_t id); /** - * @brief get transform id of the current transform. + * get transform id of the current transform. * - * @param this calling transform_substructure_t object * @return Transform id of current transform substructure. */ u_int16_t (*get_transform_id) (transform_substructure_t *this); /** - * @brief get transform id of the current transform. + * get transform id of the current transform. * - * @param this calling transform_substructure_t object - * @param key_length The key length is written to this location + * @param key_length The key length is written to this location * @return * - SUCCESS if a key length attribute is contained * - FAILED if no key length attribute is part of this * transform or key length uses more then 16 bit! */ - status_t (*get_key_length) (transform_substructure_t *this,u_int16_t *key_length); + status_t (*get_key_length) (transform_substructure_t *this, + u_int16_t *key_length); /** - * @brief Clones an transform_substructure_t object. + * Clones an transform_substructure_t object. * - * @param this transform_substructure_t object to clone * @return cloned transform_substructure_t object */ transform_substructure_t* (*clone) (transform_substructure_t *this); /** - * @brief Destroys an transform_substructure_t object. - * - * @param this transform_substructure_t object to destroy + * Destroys an transform_substructure_t object. */ void (*destroy) (transform_substructure_t *this); }; /** - * @brief Creates an empty transform_substructure_t object. + * Creates an empty transform_substructure_t object. * * @return created transform_substructure_t object - * - * @ingroup payloads */ transform_substructure_t *transform_substructure_create(void); /** - * @brief Creates an empty transform_substructure_t object. + * Creates an empty transform_substructure_t object. * * The key length is used for the transport types ENCRYPTION_ALGORITHM, * PSEUDO_RANDOM_FUNCTION, INTEGRITY_ALGORITHM. For all @@ -190,9 +168,9 @@ transform_substructure_t *transform_substructure_create(void); * @param transform_id transform id specifying the specific algorithm of a transform type * @param key_length Key length for key lenght attribute * @return transform_substructure_t object - * - * @ingroup payloads */ -transform_substructure_t *transform_substructure_create_type(transform_type_t transform_type, u_int16_t transform_id, u_int16_t key_length); +transform_substructure_t *transform_substructure_create_type( + transform_type_t transform_type, u_int16_t transform_id, + u_int16_t key_length); -#endif /*TRANSFORM_SUBSTRUCTURE_H_*/ +#endif /*TRANSFORM_SUBSTRUCTURE_H_ @} */ diff --git a/src/charon/encoding/payloads/ts_payload.c b/src/charon/encoding/payloads/ts_payload.c index ae89919f6..5d53793b1 100644 --- a/src/charon/encoding/payloads/ts_payload.c +++ b/src/charon/encoding/payloads/ts_payload.c @@ -1,10 +1,3 @@ -/** - * @file ts_payload.c - * - * @brief Implementation of ts_payload_t. - * - */ - /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -19,6 +12,8 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * $Id: ts_payload.c 3589 2008-03-13 14:14:44Z martin $ */ #include <stddef.h> diff --git a/src/charon/encoding/payloads/ts_payload.h b/src/charon/encoding/payloads/ts_payload.h index 1addee22c..d8a108ddd 100644 --- a/src/charon/encoding/payloads/ts_payload.h +++ b/src/charon/encoding/payloads/ts_payload.h @@ -1,10 +1,3 @@ -/** - * @file ts_payload.h - * - * @brief Interface of ts_payload_t. - * - */ - /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -19,6 +12,13 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * $Id: ts_payload.h 3589 2008-03-13 14:14:44Z martin $ + */ + +/** + * @defgroup ts_payload ts_payload + * @{ @ingroup payloads */ @@ -35,22 +35,14 @@ typedef struct ts_payload_t ts_payload_t; /** * Length of a TS payload without the Traffic selectors. - * - * @ingroup payloads */ #define TS_PAYLOAD_HEADER_LENGTH 8 /** - * @brief Class representing an IKEv2 TS payload. + * Class representing an IKEv2 TS payload. * * The TS payload format is described in RFC section 3.13. - * - * @b Constructors: - * - ts_payload_create() - * - ts_payload_create_from_traffic_selectors() - * - * @ingroup payloads */ struct ts_payload_t { /** @@ -59,9 +51,8 @@ struct ts_payload_t { payload_t payload_interface; /** - * @brief Get the type of TSpayload (TSi or TSr). + * Get the type of TSpayload (TSi or TSr). * - * @param this calling id_payload_t object * @return * - TRUE if this payload is of type TSi * - FALSE if this payload is of type TSr @@ -69,9 +60,8 @@ struct ts_payload_t { bool (*get_initiator) (ts_payload_t *this); /** - * @brief Set the type of TS payload (TSi or TSr). + * Set the type of TS payload (TSi or TSr). * - * @param this calling id_payload_t object * @param is_initiator * - TRUE if this payload is of type TSi * - FALSE if this payload is of type TSr @@ -79,75 +69,61 @@ struct ts_payload_t { void (*set_initiator) (ts_payload_t *this,bool is_initiator); /** - * @brief Adds a traffic_selector_substructure_t object to this object. - * - * @warning The added traffic_selector_substructure_t object is - * getting destroyed in destroy function of ts_payload_t. + * Adds a traffic_selector_substructure_t object to this object. * - * @param this calling ts_payload_t object * @param traffic_selector traffic_selector_substructure_t object to add */ - void (*add_traffic_selector_substructure) (ts_payload_t *this,traffic_selector_substructure_t *traffic_selector); + void (*add_traffic_selector_substructure) (ts_payload_t *this, + traffic_selector_substructure_t *traffic_selector); /** - * @brief Creates an iterator of stored traffic_selector_substructure_t objects. + * Creates an iterator of stored traffic_selector_substructure_t objects. * - * @warning The created iterator has to get destroyed by the caller! - * - * @warning When removing an traffic_selector_substructure_t object - * using this iterator, the length of this payload - * has to get refreshed by calling payload_t.get_length! + * When removing an traffic_selector_substructure_t object + * using this iterator, the length of this payload + * has to get refreshed by calling payload_t.get_length! * - * @param this calling ts_payload_t object - * @param[in] forward iterator direction (TRUE: front to end) + * @param forward iterator direction (TRUE: front to end) * @return created iterator_t object */ - iterator_t *(*create_traffic_selector_substructure_iterator) (ts_payload_t *this, bool forward); + iterator_t *(*create_traffic_selector_substructure_iterator) ( + ts_payload_t *this, bool forward); /** - * @brief Get a list of nested traffic selectors as traffic_selector_t. + * Get a list of nested traffic selectors as traffic_selector_t. * * Resulting list and its traffic selectors must be destroyed after usage * - * @param this calling ts_payload_t object * @return list of traffic selectors */ linked_list_t *(*get_traffic_selectors) (ts_payload_t *this); /** - * @brief Destroys an ts_payload_t object. - * - * @param this ts_payload_t object to destroy + * Destroys an ts_payload_t object. */ void (*destroy) (ts_payload_t *this); }; /** - * @brief Creates an empty ts_payload_t object. - * + * Creates an empty ts_payload_t object. * * @param is_initiator * - TRUE if this payload is of type TSi * - FALSE if this payload is of type TSr * @return ts_payload_t object - * - * @ingroup payloads */ ts_payload_t *ts_payload_create(bool is_initiator); /** - * @brief Creates ts_payload with a list of traffic_selector_t - * + * Creates ts_payload with a list of traffic_selector_t * * @param is_initiator * - TRUE if this payload is of type TSi * - FALSE if this payload is of type TSr * @param traffic_selectors list of traffic selectors to include * @return ts_payload_t object - * - * @ingroup payloads */ -ts_payload_t *ts_payload_create_from_traffic_selectors(bool is_initiator, linked_list_t *traffic_selectors); - +ts_payload_t *ts_payload_create_from_traffic_selectors(bool is_initiator, + linked_list_t *traffic_selectors); -#endif /* TS_PAYLOAD_H_ */ +#endif /* TS_PAYLOAD_H_ @} */ diff --git a/src/charon/encoding/payloads/unknown_payload.c b/src/charon/encoding/payloads/unknown_payload.c index bbe736085..8a8db308d 100644 --- a/src/charon/encoding/payloads/unknown_payload.c +++ b/src/charon/encoding/payloads/unknown_payload.c @@ -1,10 +1,3 @@ -/** - * @file unknown_payload.c - * - * @brief Implementation of unknown_payload_t. - * - */ - /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -19,6 +12,8 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * $Id: unknown_payload.c 3589 2008-03-13 14:14:44Z martin $ */ #include <stddef.h> diff --git a/src/charon/encoding/payloads/unknown_payload.h b/src/charon/encoding/payloads/unknown_payload.h index 8d13a03a3..045448f06 100644 --- a/src/charon/encoding/payloads/unknown_payload.h +++ b/src/charon/encoding/payloads/unknown_payload.h @@ -1,10 +1,3 @@ -/** - * @file unknown_payload.h - * - * @brief Interface of unknown_payload_t. - * - */ - /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -19,6 +12,13 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * $Id: unknown_payload.h 3589 2008-03-13 14:14:44Z martin $ + */ + +/** + * @defgroup unknown_payload unknown_payload + * @{ @ingroup payloads */ #ifndef UNKNOWN_PAYLOAD_H_ @@ -31,22 +31,15 @@ typedef struct unknown_payload_t unknown_payload_t; /** * Header length of the unknown payload. - * - * @ingroup payloads */ #define UNKNOWN_PAYLOAD_HEADER_LENGTH 4 /** - * @brief Payload which can't be processed further. + * Payload which can't be processed further. * * When the parser finds an unknown payload, he builds an instance of * this class. This allows further processing of this payload, such as * a check for the critical bit in the header. - * - * @b Constructors: - * - unknown_payload_create() - * - * @ingroup payloads */ struct unknown_payload_t { @@ -56,40 +49,33 @@ struct unknown_payload_t { payload_t payload_interface; /** - * @brief Get the raw data of this payload, without + * Get the raw data of this payload, without * the generic payload header. * * Returned data are NOT copied and must not be freed. * - * @param this calling unknown_payload_t object * @return data as chunk_t */ chunk_t (*get_data) (unknown_payload_t *this); /** - * @brief Get the critical flag. + * Get the critical flag. * - * @param this calling unknown_payload_t object * @return TRUE if payload is critical, FALSE if not */ bool (*is_critical) (unknown_payload_t *this); /** - * @brief Destroys an unknown_payload_t object. - * - * @param this unknown_payload_t object to destroy + * Destroys an unknown_payload_t object. */ void (*destroy) (unknown_payload_t *this); }; /** - * @brief Creates an empty unknown_payload_t object. + * Creates an empty unknown_payload_t object. * * @return unknown_payload_t object - * - * @ingroup payloads */ unknown_payload_t *unknown_payload_create(void); - -#endif /* UNKNOWN_PAYLOAD_H_ */ +#endif /* UNKNOWN_PAYLOAD_H_ @} */ diff --git a/src/charon/encoding/payloads/vendor_id_payload.c b/src/charon/encoding/payloads/vendor_id_payload.c index e3a4d2e1f..3eacc1a72 100644 --- a/src/charon/encoding/payloads/vendor_id_payload.c +++ b/src/charon/encoding/payloads/vendor_id_payload.c @@ -1,10 +1,3 @@ -/** - * @file vendor_id_payload.c - * - * @brief Implementation of vendor_id_payload_t. - * - */ - /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -19,6 +12,8 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * $Id: vendor_id_payload.c 3589 2008-03-13 14:14:44Z martin $ */ #include <stddef.h> diff --git a/src/charon/encoding/payloads/vendor_id_payload.h b/src/charon/encoding/payloads/vendor_id_payload.h index c7eebc155..e489bfd5a 100644 --- a/src/charon/encoding/payloads/vendor_id_payload.h +++ b/src/charon/encoding/payloads/vendor_id_payload.h @@ -1,10 +1,3 @@ -/** - * @file vendor_id_payload.h - * - * @brief Interface of vendor_id_payload_t. - * - */ - /* * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -19,6 +12,13 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. + * + * $Id: vendor_id_payload.h 3589 2008-03-13 14:14:44Z martin $ + */ + +/** + * @defgroup vendor_id_payload vendor_id_payload + * @{ @ingroup payloads */ #ifndef VENDOR_ID_PAYLOAD_H_ @@ -31,21 +31,14 @@ typedef struct vendor_id_payload_t vendor_id_payload_t; /** * Length of a VENDOR ID payload without the VID data in bytes. - * - * @ingroup payloads */ #define VENDOR_ID_PAYLOAD_HEADER_LENGTH 4 /** - * @brief Class representing an IKEv2 VENDOR ID payload. + * Class representing an IKEv2 VENDOR ID payload. * * The VENDOR ID payload format is described in RFC section 3.12. - * - * @b Constructors: - * - vendor_id_payload_create() - * - * @ingroup payloads */ struct vendor_id_payload_t { /** @@ -54,51 +47,43 @@ struct vendor_id_payload_t { payload_t payload_interface; /** - * @brief Set the VID data. + * Set the VID data. * * Data are getting cloned. * - * @param this calling vendor_id_payload_t object * @param data VID data as chunk_t */ void (*set_data) (vendor_id_payload_t *this, chunk_t data); /** - * @brief Get the VID data. + * Get the VID data. * * Returned data are a copy of the internal one. * - * @param this calling vendor_id_payload_t object * @return VID data as chunk_t */ chunk_t (*get_data_clone) (vendor_id_payload_t *this); /** - * @brief Get the VID data. + * Get the VID data. * * Returned data are NOT copied. * - * @param this calling vendor_id_payload_t object * @return VID data as chunk_t */ chunk_t (*get_data) (vendor_id_payload_t *this); /** - * @brief Destroys an vendor_id_payload_t object. - * - * @param this vendor_id_payload_t object to destroy + * Destroys an vendor_id_payload_t object. */ void (*destroy) (vendor_id_payload_t *this); }; /** - * @brief Creates an empty vendor_id_payload_t object. + * Creates an empty vendor_id_payload_t object. * * @return vendor_id_payload_t object - * - * @ingroup payloads */ vendor_id_payload_t *vendor_id_payload_create(void); - -#endif /* VENDOR_ID_PAYLOAD_H_ */ +#endif /* VENDOR_ID_PAYLOAD_H_ @} */ |