diff options
Diffstat (limited to 'src/conftest')
27 files changed, 154 insertions, 132 deletions
diff --git a/src/conftest/Makefile.am b/src/conftest/Makefile.am index 7eab0df27..64a2cc6d3 100644 --- a/src/conftest/Makefile.am +++ b/src/conftest/Makefile.am @@ -1,6 +1,7 @@ ipsec_PROGRAMS = conftest -AM_CFLAGS = -rdynamic +AM_CFLAGS = -rdynamic \ + -DPLUGINS=\""${charon_plugins}\"" conftest_SOURCES = conftest.c conftest.h config.c config.h actions.c actions.h \ hooks/hook.h hooks/ike_auth_fill.c hooks/unsort_message.c \ diff --git a/src/conftest/Makefile.in b/src/conftest/Makefile.in index 4efdeaad5..ea26b70e7 100644 --- a/src/conftest/Makefile.in +++ b/src/conftest/Makefile.in @@ -50,6 +50,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__installdirs = "$(DESTDIR)$(ipsecdir)" @@ -73,7 +74,7 @@ conftest_DEPENDENCIES = \ $(top_builddir)/src/libhydra/libhydra.la \ $(top_builddir)/src/libcharon/libcharon.la \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) -DEFAULT_INCLUDES = -I.@am__isrc@ +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles am__mv = mv -f @@ -99,6 +100,7 @@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ +BFDLIB = @BFDLIB@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ @@ -193,11 +195,14 @@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ c_plugins = @c_plugins@ +charon_natt_port = @charon_natt_port@ +charon_plugins = @charon_plugins@ +charon_udp_port = @charon_udp_port@ clearsilver_LIBS = @clearsilver_LIBS@ datadir = @datadir@ datarootdir = @datarootdir@ dbusservicedir = @dbusservicedir@ -default_pkcs11 = @default_pkcs11@ +dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -214,11 +219,12 @@ imcvdir = @imcvdir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ +ipsec_script = @ipsec_script@ +ipsec_script_upper = @ipsec_script_upper@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ -libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ @@ -234,6 +240,7 @@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ nm_ca_dir = @nm_ca_dir@ +nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ @@ -243,7 +250,6 @@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ -pluto_plugins = @pluto_plugins@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ @@ -271,7 +277,9 @@ top_srcdir = @top_srcdir@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -AM_CFLAGS = -rdynamic +AM_CFLAGS = -rdynamic \ + -DPLUGINS=\""${charon_plugins}\"" + conftest_SOURCES = conftest.c conftest.h config.c config.h actions.c actions.h \ hooks/hook.h hooks/ike_auth_fill.c hooks/unsort_message.c \ hooks/add_notify.c hooks/unencrypted_notify.c hooks/ignore_message.c \ diff --git a/src/conftest/config.c b/src/conftest/config.c index 952141211..cbc6ac05f 100644 --- a/src/conftest/config.c +++ b/src/conftest/config.c @@ -103,9 +103,9 @@ static ike_cfg_t *load_ike_config(private_config_t *this, ike_cfg = ike_cfg_create(TRUE, settings->get_bool(settings, "configs.%s.fake_nat", FALSE, config), - settings->get_str(settings, "configs.%s.lhost", "%any", config), + settings->get_str(settings, "configs.%s.lhost", "%any", config), FALSE, settings->get_int(settings, "configs.%s.lport", 500, config), - settings->get_str(settings, "configs.%s.rhost", "%any", config), + settings->get_str(settings, "configs.%s.rhost", "%any", config), FALSE, settings->get_int(settings, "configs.%s.rport", 500, config)); token = settings->get_str(settings, "configs.%s.proposal", NULL, config); if (token) @@ -251,9 +251,9 @@ static peer_cfg_t *load_peer_config(private_config_t *this, uintptr_t strength; ike_cfg = load_ike_config(this, settings, config); - peer_cfg = peer_cfg_create(config, 2, ike_cfg, CERT_ALWAYS_SEND, - UNIQUE_NO, 1, 0, 0, 0, 0, FALSE, 0, - NULL, NULL, FALSE, NULL, NULL); + peer_cfg = peer_cfg_create(config, IKEV2, ike_cfg, CERT_ALWAYS_SEND, + UNIQUE_NO, 1, 0, 0, 0, 0, FALSE, FALSE, 0, 0, + FALSE, NULL, NULL); auth = auth_cfg_create(); auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY); diff --git a/src/conftest/conftest.c b/src/conftest/conftest.c index 48bf9681f..6491fd294 100644 --- a/src/conftest/conftest.c +++ b/src/conftest/conftest.c @@ -289,7 +289,8 @@ static bool load_hooks() pos = strchr(name, '-'); if (pos) { - snprintf(buf, sizeof(buf), "%.*s_hook_create", pos - name, name); + snprintf(buf, sizeof(buf), "%.*s_hook_create", (int)(pos - name), + name); } else { @@ -392,7 +393,7 @@ static void load_loggers(file_logger_t *logger) } logger = file_logger_create(file, NULL, FALSE); load_log_levels(logger, section); - charon->bus->add_listener(charon->bus, &logger->listener); + charon->bus->add_logger(charon->bus, &logger->logger); charon->file_loggers->insert_last(charon->file_loggers, logger); } } @@ -422,7 +423,7 @@ int main(int argc, char *argv[]) library_deinit(); return SS_RC_INITIALIZATION_FAILED; } - if (!libcharon_init()) + if (!libcharon_init("conftest")) { libcharon_deinit(); libhydra_deinit(); @@ -436,7 +437,7 @@ int main(int argc, char *argv[]) logger = file_logger_create(stdout, NULL, FALSE); logger->set_level(logger, DBG_ANY, LEVEL_CTRL); - charon->bus->add_listener(charon->bus, &logger->listener); + charon->bus->add_logger(charon->bus, &logger->logger); charon->file_loggers->insert_last(charon->file_loggers, logger); lib->credmgr->add_set(lib->credmgr, &conftest->creds->set); @@ -488,7 +489,7 @@ int main(int argc, char *argv[]) { return 1; } - if (!charon->initialize(charon)) + if (!charon->initialize(charon, PLUGINS)) { return 1; } diff --git a/src/conftest/hooks/add_notify.c b/src/conftest/hooks/add_notify.c index de46ca81f..9611cad6c 100644 --- a/src/conftest/hooks/add_notify.c +++ b/src/conftest/hooks/add_notify.c @@ -60,9 +60,9 @@ struct private_add_notify_t { METHOD(listener_t, message, bool, private_add_notify_t *this, ike_sa_t *ike_sa, message_t *message, - bool incoming) + bool incoming, bool plain) { - if (!incoming && + if (!incoming && plain && message->get_request(message) == this->req && message->get_message_id(message) == this->id) { @@ -85,11 +85,11 @@ METHOD(listener_t, message, bool, data = chunk_skip(chunk_create(this->data, strlen(this->data)), 2); data = chunk_from_hex(data, NULL); } - else if (this->data && strlen(this->data)) + else if (strlen(this->data)) { data = chunk_clone(chunk_create(this->data, strlen(this->data))); } - notify = notify_payload_create_from_protocol_and_type( + notify = notify_payload_create_from_protocol_and_type(NOTIFY, this->esp ? PROTO_ESP : PROTO_IKE, type); notify->set_spi(notify, this->spi); if (data.len) diff --git a/src/conftest/hooks/add_payload.c b/src/conftest/hooks/add_payload.c index 03a47cc23..2903bb20f 100644 --- a/src/conftest/hooks/add_payload.c +++ b/src/conftest/hooks/add_payload.c @@ -62,9 +62,9 @@ struct private_add_payload_t { METHOD(listener_t, message, bool, private_add_payload_t *this, ike_sa_t *ike_sa, message_t *message, - bool incoming) + bool incoming, bool plain) { - if (!incoming && + if (!incoming && plain && message->get_request(message) == this->req && message->get_message_id(message) == this->id) { @@ -103,7 +103,7 @@ METHOD(listener_t, message, bool, data = chunk_skip(chunk_create(this->data, strlen(this->data)), 2); data = chunk_from_hex(data, NULL); } - else if (this->data && strlen(this->data)) + else if (strlen(this->data)) { data = chunk_clone(chunk_create(this->data, strlen(this->data))); } diff --git a/src/conftest/hooks/custom_proposal.c b/src/conftest/hooks/custom_proposal.c index e4acd841f..38d4286c4 100644 --- a/src/conftest/hooks/custom_proposal.c +++ b/src/conftest/hooks/custom_proposal.c @@ -19,7 +19,6 @@ #include <encoding/payloads/sa_payload.h> #include <config/proposal.h> -#include <crypto/proposal/proposal_keywords.h> typedef struct private_custom_proposal_t private_custom_proposal_t; @@ -91,7 +90,7 @@ static linked_list_t* load_proposals(private_custom_proposal_t *this, alg = strtoul(value, &end, 10); if (end == value || errno) { - token = proposal_get_token(value, strlen(value)); + token = lib->proposal->get_token(lib->proposal, value); if (!token) { DBG1(DBG_CFG, "unknown algorithm: '%s', skipped", value); @@ -111,9 +110,9 @@ static linked_list_t* load_proposals(private_custom_proposal_t *this, METHOD(listener_t, message, bool, private_custom_proposal_t *this, ike_sa_t *ike_sa, message_t *message, - bool incoming) + bool incoming, bool plain) { - if (!incoming && + if (!incoming && plain && message->get_request(message) == this->req && message->get_message_id(message) == this->id) { @@ -145,7 +144,7 @@ METHOD(listener_t, message, bool, proposal->get_protocol(proposal), proposal->get_spi(proposal)); DBG1(DBG_CFG, "injecting custom proposal: %#P", new_props); - new = sa_payload_create_from_proposal_list(new_props); + new = sa_payload_create_from_proposals_v2(new_props); message->add_payload(message, (payload_t*)new); new_props->destroy_offset(new_props, offsetof(proposal_t, destroy)); } diff --git a/src/conftest/hooks/force_cookie.c b/src/conftest/hooks/force_cookie.c index e34f82851..1b044db14 100644 --- a/src/conftest/hooks/force_cookie.c +++ b/src/conftest/hooks/force_cookie.c @@ -32,9 +32,9 @@ struct private_force_cookie_t { METHOD(listener_t, message, bool, private_force_cookie_t *this, ike_sa_t *ike_sa, message_t *message, - bool incoming) + bool incoming, bool plain) { - if (incoming && message->get_request(message) && + if (incoming && plain && message->get_request(message) && message->get_exchange_type(message) == IKE_SA_INIT) { enumerator_t *enumerator; @@ -68,7 +68,7 @@ METHOD(listener_t, message, bool, chunk_t data = chunk_from_thing("COOKIE test data"); DBG1(DBG_CFG, "sending COOKIE: %#B", &data); - response = message_create(); + response = message_create(IKEV2_MAJOR_VERSION, IKEV2_MINOR_VERSION); dst = message->get_source(message); src = message->get_destination(message); response->set_source(response, src->clone(src)); diff --git a/src/conftest/hooks/ignore_message.c b/src/conftest/hooks/ignore_message.c index 210f3ac50..3cb5f2059 100644 --- a/src/conftest/hooks/ignore_message.c +++ b/src/conftest/hooks/ignore_message.c @@ -45,9 +45,9 @@ struct private_ignore_message_t { METHOD(listener_t, message, bool, private_ignore_message_t *this, ike_sa_t *ike_sa, message_t *message, - bool incoming) + bool incoming, bool plain) { - if (incoming == this->in && + if (incoming == this->in && plain && message->get_request(message) == this->req && message->get_message_id(message) == this->id) { diff --git a/src/conftest/hooks/ike_auth_fill.c b/src/conftest/hooks/ike_auth_fill.c index 2843d60c1..09590d4f3 100644 --- a/src/conftest/hooks/ike_auth_fill.c +++ b/src/conftest/hooks/ike_auth_fill.c @@ -51,7 +51,10 @@ struct private_ike_auth_fill_t { /** size of non ESP-Marker */ #define NON_ESP_MARKER_LEN 4 - +/** length of fixed encryption payload header */ +#define ENCRYPTION_PAYLOAD_HEADER_LENGTH 4 +/** length of fixed cert payload header */ +#define CERT_PAYLOAD_HEADER_LENGTH 5 /** * Calculate packet size on wire (without ethernet/IP header) */ @@ -89,9 +92,9 @@ static size_t calculate_wire_size(message_t *message, ike_sa_t *ike_sa) METHOD(listener_t, message, bool, private_ike_auth_fill_t *this, ike_sa_t *ike_sa, message_t *message, - bool incoming) + bool incoming, bool plain) { - if (!incoming && + if (!incoming && plain && message->get_request(message) == this->req && message->get_message_id(message) == this->id) { @@ -105,7 +108,7 @@ METHOD(listener_t, message, bool, diff = this->bytes - size - CERT_PAYLOAD_HEADER_LENGTH; data = chunk_alloc(diff); memset(data.ptr, 0x12, data.len); - pld = cert_payload_create_custom(201, data); + pld = cert_payload_create_custom(CERTIFICATE, 201, data); message->add_payload(message, &pld->payload_interface); DBG1(DBG_CFG, "inserting %d dummy bytes certificate payload", diff); } diff --git a/src/conftest/hooks/log_id.c b/src/conftest/hooks/log_id.c index ad14cea10..07dd6a44e 100644 --- a/src/conftest/hooks/log_id.c +++ b/src/conftest/hooks/log_id.c @@ -32,9 +32,9 @@ struct private_log_id_t { METHOD(listener_t, message, bool, private_log_id_t *this, ike_sa_t *ike_sa, message_t *message, - bool incoming) + bool incoming, bool plain) { - if (incoming) + if (incoming && plain) { enumerator_t *enumerator; payload_t *payload; diff --git a/src/conftest/hooks/log_ke.c b/src/conftest/hooks/log_ke.c index 231c0a8d8..710482326 100644 --- a/src/conftest/hooks/log_ke.c +++ b/src/conftest/hooks/log_ke.c @@ -32,9 +32,9 @@ struct private_log_ke_t { METHOD(listener_t, message, bool, private_log_ke_t *this, ike_sa_t *ike_sa, message_t *message, - bool incoming) + bool incoming, bool plain) { - if (incoming) + if (incoming && plain) { enumerator_t *enumerator; payload_t *payload; diff --git a/src/conftest/hooks/log_proposals.c b/src/conftest/hooks/log_proposals.c index 8c330ab3d..347b83209 100644 --- a/src/conftest/hooks/log_proposals.c +++ b/src/conftest/hooks/log_proposals.c @@ -32,9 +32,9 @@ struct private_log_proposals_t { METHOD(listener_t, message, bool, private_log_proposals_t *this, ike_sa_t *ike_sa, message_t *message, - bool incoming) + bool incoming, bool plain) { - if (incoming) + if (incoming && plain) { enumerator_t *enumerator, *proposals; payload_t *payload; diff --git a/src/conftest/hooks/log_ts.c b/src/conftest/hooks/log_ts.c index fb7c89a0a..f212efa12 100644 --- a/src/conftest/hooks/log_ts.c +++ b/src/conftest/hooks/log_ts.c @@ -32,9 +32,9 @@ struct private_log_ts_t { METHOD(listener_t, message, bool, private_log_ts_t *this, ike_sa_t *ike_sa, message_t *message, - bool incoming) + bool incoming, bool plain) { - if (incoming) + if (incoming && plain) { enumerator_t *enumerator; payload_t *payload; diff --git a/src/conftest/hooks/pretend_auth.c b/src/conftest/hooks/pretend_auth.c index 4b7168cac..4166afc79 100644 --- a/src/conftest/hooks/pretend_auth.c +++ b/src/conftest/hooks/pretend_auth.c @@ -15,6 +15,7 @@ #include "hook.h" +#include <sa/ikev2/keymat_v2.h> #include <encoding/payloads/nonce_payload.h> #include <encoding/payloads/cert_payload.h> #include <encoding/payloads/auth_payload.h> @@ -135,7 +136,7 @@ static void process_auth_request(private_pretend_auth_t *this, static void process_init_response(private_pretend_auth_t *this, ike_sa_t *ike_sa, message_t *message) { - this->ike_init = message->get_packet_data(message); + this->ike_init = chunk_clone(message->get_packet_data(message)); } /** @@ -153,7 +154,7 @@ static void build_certs(private_pretend_auth_t *this, cert = auth->get(auth, AUTH_RULE_SUBJECT_CERT); if (cert) { - payload = cert_payload_create_from_cert(cert); + payload = cert_payload_create_from_cert(CERTIFICATE, cert); if (payload) { DBG1(DBG_IKE, "pretending end entity cert \"%Y\"", @@ -166,7 +167,7 @@ static void build_certs(private_pretend_auth_t *this, { if (type == AUTH_RULE_IM_CERT) { - payload = cert_payload_create_from_cert(cert); + payload = cert_payload_create_from_cert(CERTIFICATE, cert); if (payload) { DBG1(DBG_IKE, "pretending issuer cert \"%Y\"", @@ -190,7 +191,7 @@ static bool build_auth(private_pretend_auth_t *this, auth_payload_t *auth_payload; auth_method_t auth_method; signature_scheme_t scheme; - keymat_t *keymat; + keymat_v2_t *keymat; auth = auth_cfg_create(); private = lib->credmgr->get_private(lib->credmgr, KEY_ANY, this->id, auth); @@ -235,9 +236,13 @@ static bool build_auth(private_pretend_auth_t *this, key_type_names, private->get_type(private)); return FALSE; } - keymat = ike_sa->get_keymat(ike_sa); - octets = keymat->get_auth_octets(keymat, TRUE, this->ike_init, - this->nonce, this->id, this->reserved); + keymat = (keymat_v2_t*)ike_sa->get_keymat(ike_sa); + if (!keymat->get_auth_octets(keymat, TRUE, this->ike_init, + this->nonce, this->id, this->reserved, &octets)) + { + private->destroy(private); + return FALSE; + } if (!private->sign(private, scheme, octets, &auth_data)) { chunk_free(&octets); @@ -294,7 +299,7 @@ static void process_auth_response(private_pretend_auth_t *this, if (this->proposal) { message->add_payload(message, (payload_t*) - sa_payload_create_from_proposal(this->proposal)); + sa_payload_create_from_proposal_v2(this->proposal)); } if (this->tsi) { @@ -310,35 +315,38 @@ static void process_auth_response(private_pretend_auth_t *this, METHOD(listener_t, message, bool, private_pretend_auth_t *this, ike_sa_t *ike_sa, message_t *message, - bool incoming) + bool incoming, bool plain) { - if (incoming) + if (plain) { - if (!message->get_request(message)) + if (incoming) { - if (message->get_exchange_type(message) == IKE_SA_INIT) - { - process_init_response(this, ike_sa, message); - } - if (message->get_exchange_type(message) == IKE_AUTH && - message->get_message_id(message) == 1) + if (!message->get_request(message)) { - process_auth_response(this, ike_sa, message); + if (message->get_exchange_type(message) == IKE_SA_INIT) + { + process_init_response(this, ike_sa, message); + } + if (message->get_exchange_type(message) == IKE_AUTH && + message->get_message_id(message) == 1) + { + process_auth_response(this, ike_sa, message); + } } } - } - else - { - if (message->get_request(message)) + else { - if (message->get_exchange_type(message) == IKE_SA_INIT) - { - process_init_request(this, ike_sa, message); - } - if (message->get_exchange_type(message) == IKE_AUTH && - message->get_message_id(message) == 1) + if (message->get_request(message)) { - process_auth_request(this, ike_sa, message); + if (message->get_exchange_type(message) == IKE_SA_INIT) + { + process_init_request(this, ike_sa, message); + } + if (message->get_exchange_type(message) == IKE_AUTH && + message->get_message_id(message) == 1) + { + process_auth_request(this, ike_sa, message); + } } } } diff --git a/src/conftest/hooks/rebuild_auth.c b/src/conftest/hooks/rebuild_auth.c index 993c952e0..b7e6f22e7 100644 --- a/src/conftest/hooks/rebuild_auth.c +++ b/src/conftest/hooks/rebuild_auth.c @@ -15,6 +15,7 @@ #include "hook.h" +#include <sa/ikev2/keymat_v2.h> #include <encoding/generator.h> #include <encoding/payloads/nonce_payload.h> #include <encoding/payloads/auth_payload.h> @@ -57,12 +58,11 @@ static bool rebuild_auth(private_rebuild_auth_t *this, ike_sa_t *ike_sa, enumerator_t *enumerator; chunk_t octets, auth_data; private_key_t *private; - auth_cfg_t *auth; payload_t *payload; auth_payload_t *auth_payload; auth_method_t auth_method; signature_scheme_t scheme; - keymat_t *keymat; + keymat_v2_t *keymat; identification_t *id; char reserved[3]; generator_t *generator; @@ -90,10 +90,8 @@ static bool rebuild_auth(private_rebuild_auth_t *this, ike_sa_t *ike_sa, id = identification_create_from_encoding(data.ptr[4], chunk_skip(data, 8)); generator->destroy(generator); - auth = auth_cfg_create(); private = lib->credmgr->get_private(lib->credmgr, KEY_ANY, - this->id ?: id, auth); - auth->destroy(auth); + this->id ?: id, NULL); if (private == NULL) { DBG1(DBG_CFG, "no private key found for '%Y' to rebuild AUTH", @@ -137,9 +135,14 @@ static bool rebuild_auth(private_rebuild_auth_t *this, ike_sa_t *ike_sa, id->destroy(id); return FALSE; } - keymat = ike_sa->get_keymat(ike_sa); - octets = keymat->get_auth_octets(keymat, FALSE, this->ike_init, - this->nonce, id, reserved); + keymat = (keymat_v2_t*)ike_sa->get_keymat(ike_sa); + if (!keymat->get_auth_octets(keymat, FALSE, this->ike_init, + this->nonce, id, reserved, &octets)) + { + private->destroy(private); + id->destroy(id); + return FALSE; + } if (!private->sign(private, scheme, octets, &auth_data)) { chunk_free(&octets); @@ -174,34 +177,37 @@ static bool rebuild_auth(private_rebuild_auth_t *this, ike_sa_t *ike_sa, METHOD(listener_t, message, bool, private_rebuild_auth_t *this, ike_sa_t *ike_sa, message_t *message, - bool incoming) + bool incoming, bool plain) { - if (!incoming && message->get_message_id(message) == 1) - { - rebuild_auth(this, ike_sa, message); - } - if (message->get_exchange_type(message) == IKE_SA_INIT) + if (plain) { - if (incoming) + if (!incoming && message->get_message_id(message) == 1) { - nonce_payload_t *nonce; - - nonce = (nonce_payload_t*)message->get_payload(message, NONCE); - if (nonce) - { - free(this->nonce.ptr); - this->nonce = nonce->get_nonce(nonce); - } + rebuild_auth(this, ike_sa, message); } - else + if (message->get_exchange_type(message) == IKE_SA_INIT) { - packet_t *packet; - - if (message->generate(message, NULL, &packet) == SUCCESS) + if (incoming) + { + nonce_payload_t *nonce; + + nonce = (nonce_payload_t*)message->get_payload(message, NONCE); + if (nonce) + { + free(this->nonce.ptr); + this->nonce = nonce->get_nonce(nonce); + } + } + else { - free(this->ike_init.ptr); - this->ike_init = chunk_clone(packet->get_data(packet)); - packet->destroy(packet); + packet_t *packet; + + if (message->generate(message, NULL, &packet) == SUCCESS) + { + free(this->ike_init.ptr); + this->ike_init = chunk_clone(packet->get_data(packet)); + packet->destroy(packet); + } } } } diff --git a/src/conftest/hooks/reset_seq.c b/src/conftest/hooks/reset_seq.c index ccf8e997d..6fb7a2e4b 100644 --- a/src/conftest/hooks/reset_seq.c +++ b/src/conftest/hooks/reset_seq.c @@ -51,7 +51,6 @@ static job_requeue_t reset_cb(struct xfrm_usersa_id *data) struct nlmsghdr *hdr; struct xfrm_aevent_id *id; struct rtattr *rthdr; - struct xfrm_replay_state *replay; struct sockaddr_nl addr; int s, len; @@ -74,8 +73,6 @@ static job_requeue_t reset_cb(struct xfrm_usersa_id *data) rthdr->rta_len = RTA_LENGTH(sizeof(struct xfrm_replay_state)); hdr->nlmsg_len += rthdr->rta_len; - replay = (struct xfrm_replay_state*)RTA_DATA(rthdr); - s = socket(AF_NETLINK, SOCK_RAW, NETLINK_XFRM); if (s == -1) { diff --git a/src/conftest/hooks/set_critical.c b/src/conftest/hooks/set_critical.c index caf2215c3..8ec84e13d 100644 --- a/src/conftest/hooks/set_critical.c +++ b/src/conftest/hooks/set_critical.c @@ -47,9 +47,9 @@ struct private_set_critical_t { METHOD(listener_t, message, bool, private_set_critical_t *this, ike_sa_t *ike_sa, message_t *message, - bool incoming) + bool incoming, bool plain) { - if (!incoming && + if (!incoming && plain && message->get_request(message) == this->req && message->get_message_id(message) == this->id) { diff --git a/src/conftest/hooks/set_ike_initiator.c b/src/conftest/hooks/set_ike_initiator.c index 6ba43eaca..1674f0a2d 100644 --- a/src/conftest/hooks/set_ike_initiator.c +++ b/src/conftest/hooks/set_ike_initiator.c @@ -42,9 +42,9 @@ struct private_set_ike_initiator_t { METHOD(listener_t, message, bool, private_set_ike_initiator_t *this, ike_sa_t *ike_sa, message_t *message, - bool incoming) + bool incoming, bool plain) { - if (!incoming && + if (!incoming && plain && message->get_request(message) == this->req && message->get_message_id(message) == this->id) { diff --git a/src/conftest/hooks/set_ike_request.c b/src/conftest/hooks/set_ike_request.c index baabea66a..fd5b6de61 100644 --- a/src/conftest/hooks/set_ike_request.c +++ b/src/conftest/hooks/set_ike_request.c @@ -42,9 +42,9 @@ struct private_set_ike_request_t { METHOD(listener_t, message, bool, private_set_ike_request_t *this, ike_sa_t *ike_sa, message_t *message, - bool incoming) + bool incoming, bool plain) { - if (!incoming && + if (!incoming && plain && message->get_request(message) == this->req && message->get_message_id(message) == this->id) { diff --git a/src/conftest/hooks/set_ike_spi.c b/src/conftest/hooks/set_ike_spi.c index 14a0da9cd..bda02580d 100644 --- a/src/conftest/hooks/set_ike_spi.c +++ b/src/conftest/hooks/set_ike_spi.c @@ -52,9 +52,9 @@ struct private_set_ike_spi_t { METHOD(listener_t, message, bool, private_set_ike_spi_t *this, ike_sa_t *ike_sa, message_t *message, - bool incoming) + bool incoming, bool plain) { - if (!incoming && + if (!incoming && plain && message->get_request(message) == this->req && message->get_message_id(message) == this->id) { diff --git a/src/conftest/hooks/set_ike_version.c b/src/conftest/hooks/set_ike_version.c index d2de9dc81..ca52879d1 100644 --- a/src/conftest/hooks/set_ike_version.c +++ b/src/conftest/hooks/set_ike_version.c @@ -57,9 +57,9 @@ struct private_set_ike_version_t { METHOD(listener_t, message, bool, private_set_ike_version_t *this, ike_sa_t *ike_sa, message_t *message, - bool incoming) + bool incoming, bool plain) { - if (!incoming && + if (!incoming && plain && message->get_request(message) == this->req && message->get_message_id(message) == this->id) { diff --git a/src/conftest/hooks/set_length.c b/src/conftest/hooks/set_length.c index 0379dcb7c..c1a867a99 100644 --- a/src/conftest/hooks/set_length.c +++ b/src/conftest/hooks/set_length.c @@ -50,9 +50,9 @@ struct private_set_length_t { METHOD(listener_t, message, bool, private_set_length_t *this, ike_sa_t *ike_sa, message_t *message, - bool incoming) + bool incoming, bool plain) { - if (!incoming && + if (!incoming && plain && message->get_request(message) == this->req && message->get_message_id(message) == this->id) { @@ -76,11 +76,10 @@ METHOD(listener_t, message, bool, if (type == payload->get_type(payload)) { encoding_rule_t *rules; - size_t count; u_int16_t *len; - int i; + int i, count; - payload->get_encoding_rules(payload, &rules, &count); + count = payload->get_encoding_rules(payload, &rules); for (i = 0; i < count; i++) { if (rules[i].type == PAYLOAD_LENGTH) diff --git a/src/conftest/hooks/set_proposal_number.c b/src/conftest/hooks/set_proposal_number.c index a59d96b6d..0cc3cfc63 100644 --- a/src/conftest/hooks/set_proposal_number.c +++ b/src/conftest/hooks/set_proposal_number.c @@ -69,9 +69,9 @@ static void copy_proposal_algs(proposal_t *from, proposal_t *to, METHOD(listener_t, message, bool, private_set_proposal_number_t *this, ike_sa_t *ike_sa, message_t *message, - bool incoming) + bool incoming, bool plain) { - if (!incoming && + if (!incoming && plain && message->get_request(message) == this->req && message->get_message_id(message) == this->id) { @@ -121,7 +121,7 @@ METHOD(listener_t, message, bool, } enumerator->destroy(enumerator); } - sa = sa_payload_create_from_proposal_list(updated); + sa = sa_payload_create_from_proposals_v2(updated); list->destroy_offset(list, offsetof(proposal_t, destroy)); updated->destroy_offset(updated, offsetof(proposal_t, destroy)); message->add_payload(message, (payload_t*)sa); diff --git a/src/conftest/hooks/set_reserved.c b/src/conftest/hooks/set_reserved.c index 77a605d2a..d1a4a977b 100644 --- a/src/conftest/hooks/set_reserved.c +++ b/src/conftest/hooks/set_reserved.c @@ -163,9 +163,9 @@ static void set_byte(private_set_reserved_t *this, message_t *message, METHOD(listener_t, message, bool, private_set_reserved_t *this, ike_sa_t *ike_sa, message_t *message, - bool incoming) + bool incoming, bool plain) { - if (!incoming && + if (!incoming && plain && message->get_request(message) == this->req && message->get_message_id(message) == this->id) { diff --git a/src/conftest/hooks/unencrypted_notify.c b/src/conftest/hooks/unencrypted_notify.c index 80bdc64b7..f4c35725c 100644 --- a/src/conftest/hooks/unencrypted_notify.c +++ b/src/conftest/hooks/unencrypted_notify.c @@ -80,11 +80,11 @@ METHOD(listener_t, ike_updown, bool, data = chunk_skip(chunk_create(this->data, strlen(this->data)), 2); data = chunk_from_hex(data, NULL); } - else if (this->data && strlen(this->data)) + else if (strlen(this->data)) { data = chunk_clone(chunk_create(this->data, strlen(this->data))); } - notify = notify_payload_create_from_protocol_and_type( + notify = notify_payload_create_from_protocol_and_type(NOTIFY, this->esp ? PROTO_ESP : PROTO_IKE, type); notify->set_spi(notify, this->spi); if (data.len) @@ -95,7 +95,7 @@ METHOD(listener_t, ike_updown, bool, DBG1(DBG_CFG, "injecting unencrypted INFORMATIONAL message"); - message = message_create(); + message = message_create(IKEV2_MAJOR_VERSION, IKEV2_MINOR_VERSION); message->set_message_id(message, this->id); message->set_ike_sa_id(message, ike_sa->get_id(ike_sa)); message->set_exchange_type(message, INFORMATIONAL); diff --git a/src/conftest/hooks/unsort_message.c b/src/conftest/hooks/unsort_message.c index b37b261a4..1b2b302af 100644 --- a/src/conftest/hooks/unsort_message.c +++ b/src/conftest/hooks/unsort_message.c @@ -45,9 +45,9 @@ struct private_unsort_message_t { METHOD(listener_t, message, bool, private_unsort_message_t *this, ike_sa_t *ike_sa, message_t *message, - bool incoming) + bool incoming, bool plain) { - if (!incoming && + if (!incoming && plain && message->get_request(message) == this->req && message->get_message_id(message) == this->id) { |