summaryrefslogtreecommitdiff
path: root/src/libcharon/encoding/payloads
diff options
context:
space:
mode:
Diffstat (limited to 'src/libcharon/encoding/payloads')
-rw-r--r--src/libcharon/encoding/payloads/certreq_payload.c3
-rw-r--r--src/libcharon/encoding/payloads/cp_payload.h2
-rw-r--r--src/libcharon/encoding/payloads/eap_payload.c12
-rw-r--r--src/libcharon/encoding/payloads/eap_payload.h13
-rw-r--r--src/libcharon/encoding/payloads/encryption_payload.c2
-rw-r--r--src/libcharon/encoding/payloads/endpoint_notify.c125
-rw-r--r--src/libcharon/encoding/payloads/endpoint_notify.h15
-rw-r--r--src/libcharon/encoding/payloads/ike_header.c9
-rw-r--r--src/libcharon/encoding/payloads/ike_header.h5
-rw-r--r--src/libcharon/encoding/payloads/notify_payload.c50
-rw-r--r--src/libcharon/encoding/payloads/notify_payload.h22
-rw-r--r--src/libcharon/encoding/payloads/payload.c23
-rw-r--r--src/libcharon/encoding/payloads/payload.h7
-rw-r--r--src/libcharon/encoding/payloads/proposal_substructure.c2
-rw-r--r--src/libcharon/encoding/payloads/sa_payload.c12
-rw-r--r--src/libcharon/encoding/payloads/transform_substructure.c2
-rw-r--r--src/libcharon/encoding/payloads/transform_substructure.h2
17 files changed, 179 insertions, 127 deletions
diff --git a/src/libcharon/encoding/payloads/certreq_payload.c b/src/libcharon/encoding/payloads/certreq_payload.c
index 8e0836f0e..02015f273 100644
--- a/src/libcharon/encoding/payloads/certreq_payload.c
+++ b/src/libcharon/encoding/payloads/certreq_payload.c
@@ -111,8 +111,7 @@ METHOD(payload_t, verify, status_t,
{
if (this->encoding == ENC_X509_SIGNATURE)
{
- if (this->data.len < HASH_SIZE_SHA1 ||
- this->data.len % HASH_SIZE_SHA1)
+ if (this->data.len % HASH_SIZE_SHA1)
{
DBG1(DBG_ENC, "invalid X509 hash length (%d) in certreq",
this->data.len);
diff --git a/src/libcharon/encoding/payloads/cp_payload.h b/src/libcharon/encoding/payloads/cp_payload.h
index 7dcf58f7e..afae6091a 100644
--- a/src/libcharon/encoding/payloads/cp_payload.h
+++ b/src/libcharon/encoding/payloads/cp_payload.h
@@ -63,7 +63,7 @@ struct cp_payload_t {
payload_t payload_interface;
/**
- * Creates an iterator of stored configuration_attribute_t objects.
+ * Creates an enumerator of stored configuration_attribute_t objects.
*
* @return enumerator over configration_attribute_T
*/
diff --git a/src/libcharon/encoding/payloads/eap_payload.c b/src/libcharon/encoding/payloads/eap_payload.c
index eafb668b6..cacaef222 100644
--- a/src/libcharon/encoding/payloads/eap_payload.c
+++ b/src/libcharon/encoding/payloads/eap_payload.c
@@ -284,6 +284,18 @@ eap_payload_t *eap_payload_create_data(chunk_t data)
/*
* Described in header
*/
+eap_payload_t *eap_payload_create_data_own(chunk_t data)
+{
+ eap_payload_t *this = eap_payload_create();
+
+ this->set_data(this, data);
+ free(data.ptr);
+ return this;
+}
+
+/*
+ * Described in header
+ */
eap_payload_t *eap_payload_create_code(eap_code_t code, u_int8_t identifier)
{
chunk_t data;
diff --git a/src/libcharon/encoding/payloads/eap_payload.h b/src/libcharon/encoding/payloads/eap_payload.h
index 0bde4b15e..60d9c99d2 100644
--- a/src/libcharon/encoding/payloads/eap_payload.h
+++ b/src/libcharon/encoding/payloads/eap_payload.h
@@ -95,18 +95,27 @@ struct eap_payload_t {
/**
* Creates an empty eap_payload_t object.
*
- * @return eap_payload_t object
+ * @return eap_payload_t object
*/
eap_payload_t *eap_payload_create(void);
/**
* Creates an eap_payload_t object with data.
*
- * @return eap_payload_t object
+ * @param data data, gets cloned
+ * @return eap_payload_t object
*/
eap_payload_t *eap_payload_create_data(chunk_t data);
/**
+ * Creates an eap_payload_t object with data, owning the data.
+ *
+ * @param data data on heap, gets owned and freed
+ * @return eap_payload_t object
+ */
+eap_payload_t *eap_payload_create_data_own(chunk_t data);
+
+/**
* Creates an eap_payload_t object with a code.
*
* Could should be either EAP_SUCCESS/EAP_FAILURE, use
diff --git a/src/libcharon/encoding/payloads/encryption_payload.c b/src/libcharon/encoding/payloads/encryption_payload.c
index 3b23ea9fb..e7b8063b7 100644
--- a/src/libcharon/encoding/payloads/encryption_payload.c
+++ b/src/libcharon/encoding/payloads/encryption_payload.c
@@ -142,7 +142,7 @@ METHOD(payload_t, set_next_type, void,
}
/**
- * Compute the lenght of the whole payload
+ * Compute the length of the whole payload
*/
static void compute_length(private_encryption_payload_t *this)
{
diff --git a/src/libcharon/encoding/payloads/endpoint_notify.c b/src/libcharon/encoding/payloads/endpoint_notify.c
index faec1ea71..1ead0a052 100644
--- a/src/libcharon/encoding/payloads/endpoint_notify.c
+++ b/src/libcharon/encoding/payloads/endpoint_notify.c
@@ -76,6 +76,11 @@ ENUM(me_endpoint_type_names, HOST, RELAYED,
);
/**
+ * Forward declaration
+ */
+static private_endpoint_notify_t *endpoint_notify_create();
+
+/**
* Helper functions to parse integer values
*/
static status_t parse_uint8(u_int8_t **cur, u_int8_t *top, u_int8_t *val)
@@ -216,10 +221,8 @@ static chunk_t build_notification_data(private_endpoint_notify_t *this)
return data;
}
-/**
- * Implementation of endpoint_notify_t.build_notify
- */
-static notify_payload_t *build_notify(private_endpoint_notify_t *this)
+METHOD(endpoint_notify_t, build_notify, notify_payload_t*,
+ private_endpoint_notify_t *this)
{
chunk_t data;
notify_payload_t *notify;
@@ -233,64 +236,53 @@ static notify_payload_t *build_notify(private_endpoint_notify_t *this)
return notify;
}
-/**
- * Implementation of endpoint_notify_t.get_priority.
- */
-static u_int32_t get_priority(private_endpoint_notify_t *this)
+
+METHOD(endpoint_notify_t, get_priority, u_int32_t,
+ private_endpoint_notify_t *this)
{
return this->priority;
}
-/**
- * Implementation of endpoint_notify_t.set_priority.
- */
-static void set_priority(private_endpoint_notify_t *this, u_int32_t priority)
+METHOD(endpoint_notify_t, set_priority, void,
+ private_endpoint_notify_t *this, u_int32_t priority)
{
this->priority = priority;
}
-/**
- * Implementation of endpoint_notify_t.get_type.
- */
-static me_endpoint_type_t get_type(private_endpoint_notify_t *this)
+METHOD(endpoint_notify_t, get_type, me_endpoint_type_t,
+ private_endpoint_notify_t *this)
{
return this->type;
}
-/**
- * Implementation of endpoint_notify_t.get_family.
- */
-static me_endpoint_family_t get_family(private_endpoint_notify_t *this)
+METHOD(endpoint_notify_t, get_family, me_endpoint_family_t,
+ private_endpoint_notify_t *this)
{
return this->family;
}
-/**
- * Implementation of endpoint_notify_t.get_host.
- */
-static host_t *get_host(private_endpoint_notify_t *this)
+METHOD(endpoint_notify_t, get_host, host_t*,
+ private_endpoint_notify_t *this)
{
return this->endpoint;
}
-/**
- * Implementation of endpoint_notify_t.get_base.
- */
-static host_t *get_base(private_endpoint_notify_t *this)
+METHOD(endpoint_notify_t, get_base, host_t*,
+ private_endpoint_notify_t *this)
{
return (!this->base) ? this->endpoint : this->base;
}
-/**
- * Implementation of endpoint_notify_t.clone.
- */
-static endpoint_notify_t *_clone(private_endpoint_notify_t *this)
+METHOD(endpoint_notify_t, clone_, endpoint_notify_t*,
+ private_endpoint_notify_t *this)
{
- private_endpoint_notify_t *clone = (private_endpoint_notify_t*)endpoint_notify_create();
+ private_endpoint_notify_t *clone;
+ clone = endpoint_notify_create();
clone->priority = this->priority;
clone->type = this->type;
clone->family = this->family;
+
if (this->endpoint)
{
clone->endpoint = this->endpoint->clone(this->endpoint);
@@ -304,52 +296,47 @@ static endpoint_notify_t *_clone(private_endpoint_notify_t *this)
return &clone->public;
}
-/**
- * Implementation of endpoint_notify_t.destroy.
- */
-static status_t destroy(private_endpoint_notify_t *this)
+METHOD(endpoint_notify_t, destroy, void,
+ private_endpoint_notify_t *this)
{
DESTROY_IF(this->endpoint);
DESTROY_IF(this->base);
free(this);
- return SUCCESS;
}
-/*
- * Described in header
+/**
+ * Creates an empty endpoint notify
*/
-endpoint_notify_t *endpoint_notify_create()
+static private_endpoint_notify_t *endpoint_notify_create()
{
- private_endpoint_notify_t *this = malloc_thing(private_endpoint_notify_t);
-
- /* public functions */
- this->public.get_priority = (u_int32_t (*) (endpoint_notify_t *)) get_priority;
- this->public.set_priority = (void (*) (endpoint_notify_t *, u_int32_t)) set_priority;
- this->public.get_type = (me_endpoint_type_t (*) (endpoint_notify_t *)) get_type;
- this->public.get_family = (me_endpoint_family_t (*) (endpoint_notify_t *)) get_family;
- this->public.get_host = (host_t *(*) (endpoint_notify_t *)) get_host;
- this->public.get_base = (host_t *(*) (endpoint_notify_t *)) get_base;
- this->public.build_notify = (notify_payload_t *(*) (endpoint_notify_t *)) build_notify;
- this->public.clone = (endpoint_notify_t *(*) (endpoint_notify_t *)) _clone;
- this->public.destroy = (void (*) (endpoint_notify_t *)) destroy;
-
- /* set default values of the fields */
- this->priority = 0;
- this->family = NO_FAMILY;
- this->type = NO_TYPE;
- this->endpoint = NULL;
- this->base = NULL;
-
- return &this->public;
+ private_endpoint_notify_t *this;
+
+ INIT(this,
+ .public = {
+ .get_priority = _get_priority,
+ .set_priority = _set_priority,
+ .get_type = _get_type,
+ .get_family = _get_family,
+ .get_host = _get_host,
+ .get_base = _get_base,
+ .build_notify = _build_notify,
+ .clone = _clone_,
+ .destroy = _destroy,
+ },
+ .family = NO_FAMILY,
+ .type = NO_TYPE,
+ );
+
+ return this;
}
/**
* Described in header
*/
-endpoint_notify_t *endpoint_notify_create_from_host(me_endpoint_type_t type, host_t *host, host_t *base)
+endpoint_notify_t *endpoint_notify_create_from_host(me_endpoint_type_t type,
+ host_t *host, host_t *base)
{
- private_endpoint_notify_t *this = (private_endpoint_notify_t*)endpoint_notify_create();
-
+ private_endpoint_notify_t *this = endpoint_notify_create();
this->type = type;
switch(type)
@@ -406,13 +393,17 @@ endpoint_notify_t *endpoint_notify_create_from_host(me_endpoint_type_t type, hos
*/
endpoint_notify_t *endpoint_notify_create_from_payload(notify_payload_t *notify)
{
+ private_endpoint_notify_t *this;
+ chunk_t data;
+
if (notify->get_notify_type(notify) != ME_ENDPOINT)
{
return NULL;
}
- private_endpoint_notify_t *this = (private_endpoint_notify_t*)endpoint_notify_create();
- chunk_t data = notify->get_notification_data(notify);
+ this = endpoint_notify_create();
+ data = notify->get_notification_data(notify);
+
if (parse_notification_data(this, data) != SUCCESS)
{
destroy(this);
diff --git a/src/libcharon/encoding/payloads/endpoint_notify.h b/src/libcharon/encoding/payloads/endpoint_notify.h
index 120eef49a..853aadf3d 100644
--- a/src/libcharon/encoding/payloads/endpoint_notify.h
+++ b/src/libcharon/encoding/payloads/endpoint_notify.h
@@ -125,7 +125,7 @@ struct endpoint_notify_t {
/**
* Generates a notification payload from this endpoint.
*
- * @return built notify_payload_t
+ * @return built notify_payload_t
*/
notify_payload_t *(*build_notify) (endpoint_notify_t *this);
@@ -143,19 +143,12 @@ struct endpoint_notify_t {
};
/**
- * Creates an empty endpoint_notify_t object.
- *
- * @return created endpoint_notify_t object
- */
-endpoint_notify_t *endpoint_notify_create(void);
-
-
-/**
* Creates an endpoint_notify_t object from a host.
*
* @param type the endpoint type
* @param host host to base the notify on (gets cloned)
- * @param base base of the endpoint, applies only to reflexive endpoints (gets cloned)
+ * @param base base of the endpoint, applies only to reflexive
+ * endpoints (gets cloned)
* @return created endpoint_notify_t object
*/
endpoint_notify_t *endpoint_notify_create_from_host(me_endpoint_type_t type,
@@ -166,7 +159,7 @@ endpoint_notify_t *endpoint_notify_create_from_host(me_endpoint_type_t type,
*
* @param notify the notify payload
* @return - created endpoint_notify_t object
- * - NULL if invalid payload
+ * - NULL if invalid payload
*/
endpoint_notify_t *endpoint_notify_create_from_payload(notify_payload_t *notify);
diff --git a/src/libcharon/encoding/payloads/ike_header.c b/src/libcharon/encoding/payloads/ike_header.c
index 80dcee0cb..24d22f3a1 100644
--- a/src/libcharon/encoding/payloads/ike_header.c
+++ b/src/libcharon/encoding/payloads/ike_header.c
@@ -101,17 +101,18 @@ struct private_ike_header_t {
ENUM_BEGIN(exchange_type_names, EXCHANGE_TYPE_UNDEFINED, EXCHANGE_TYPE_UNDEFINED,
"EXCHANGE_TYPE_UNDEFINED");
-ENUM_NEXT(exchange_type_names, IKE_SA_INIT, INFORMATIONAL, EXCHANGE_TYPE_UNDEFINED,
+ENUM_NEXT(exchange_type_names, IKE_SA_INIT, IKE_SESSION_RESUME, EXCHANGE_TYPE_UNDEFINED,
"IKE_SA_INIT",
"IKE_AUTH",
"CREATE_CHILD_SA",
- "INFORMATIONAL");
+ "INFORMATIONAL",
+ "IKE_SESSION_RESUME");
#ifdef ME
-ENUM_NEXT(exchange_type_names, ME_CONNECT, ME_CONNECT, INFORMATIONAL,
+ENUM_NEXT(exchange_type_names, ME_CONNECT, ME_CONNECT, IKE_SESSION_RESUME,
"ME_CONNECT");
ENUM_END(exchange_type_names, ME_CONNECT);
#else
-ENUM_END(exchange_type_names, INFORMATIONAL);
+ENUM_END(exchange_type_names, IKE_SESSION_RESUME);
#endif /* ME */
/**
diff --git a/src/libcharon/encoding/payloads/ike_header.h b/src/libcharon/encoding/payloads/ike_header.h
index f52c852c5..5579a4961 100644
--- a/src/libcharon/encoding/payloads/ike_header.h
+++ b/src/libcharon/encoding/payloads/ike_header.h
@@ -80,6 +80,11 @@ enum exchange_type_t{
* INFORMATIONAL.
*/
INFORMATIONAL = 37,
+
+ /**
+ * IKE_SESSION_RESUME (RFC 5723).
+ */
+ IKE_SESSION_RESUME = 38,
#ifdef ME
/**
* ME_CONNECT
diff --git a/src/libcharon/encoding/payloads/notify_payload.c b/src/libcharon/encoding/payloads/notify_payload.c
index 77f15ec6d..e03d1af67 100644
--- a/src/libcharon/encoding/payloads/notify_payload.c
+++ b/src/libcharon/encoding/payloads/notify_payload.c
@@ -56,7 +56,9 @@ ENUM_NEXT(notify_type_names, SINGLE_PAIR_REQUIRED, CHILD_SA_NOT_FOUND, AUTHENTIC
"CHILD_SA_NOT_FOUND");
ENUM_NEXT(notify_type_names, ME_CONNECT_FAILED, ME_CONNECT_FAILED, CHILD_SA_NOT_FOUND,
"ME_CONNECT_FAILED");
-ENUM_NEXT(notify_type_names, INITIAL_CONTACT, EAP_ONLY_AUTHENTICATION, ME_CONNECT_FAILED,
+ENUM_NEXT(notify_type_names, MS_NOTIFY_STATUS, MS_NOTIFY_STATUS, ME_CONNECT_FAILED,
+ "MS_NOTIFY_STATUS");
+ENUM_NEXT(notify_type_names, INITIAL_CONTACT, PSK_CONFIRM, MS_NOTIFY_STATUS,
"INITIAL_CONTACT",
"SET_WINDOW_SIZE",
"ADDITIONAL_TS_POSSIBLE",
@@ -90,18 +92,28 @@ ENUM_NEXT(notify_type_names, INITIAL_CONTACT, EAP_ONLY_AUTHENTICATION, ME_CONNEC
"LINK_ID",
"USE_WESP_MODE",
"ROHC_SUPPORTED",
- "EAP_ONLY_AUTHENTICATION");
-ENUM_NEXT(notify_type_names, USE_BEET_MODE, USE_BEET_MODE, EAP_ONLY_AUTHENTICATION,
+ "EAP_ONLY_AUTHENTICATION",
+ "CHILDLESS_IKEV2_SUPPORTED",
+ "QUICK_CRASH_DETECTION",
+ "IKEV2_MESSAGE_ID_SYNC_SUPPORTED",
+ "IKEV2_REPLAY_COUNTER_SYNC_SUPPORTED",
+ "IKEV2_MESSAGE_ID_SYNC",
+ "IPSEC_REPLAY_COUNTER_SYNC",
+ "SECURE PASSWORD_METHOD",
+ "PSK_PERSIST",
+ "PSK_CONFIRM");
+ENUM_NEXT(notify_type_names, USE_BEET_MODE, USE_BEET_MODE, PSK_CONFIRM,
"USE_BEET_MODE");
-ENUM_NEXT(notify_type_names, ME_MEDIATION, ME_RESPONSE, USE_BEET_MODE,
+ENUM_NEXT(notify_type_names, ME_MEDIATION, RADIUS_ATTRIBUTE, USE_BEET_MODE,
"ME_MEDIATION",
"ME_ENDPOINT",
"ME_CALLBACK",
"ME_CONNECTID",
"ME_CONNECTKEY",
"ME_CONNECTAUTH",
- "ME_RESPONSE");
-ENUM_END(notify_type_names, ME_RESPONSE);
+ "ME_RESPONSE",
+ "RADIUS_ATTRIBUTE",);
+ENUM_END(notify_type_names, RADIUS_ATTRIBUTE);
ENUM_BEGIN(notify_type_short_names, UNSUPPORTED_CRITICAL_PAYLOAD, UNSUPPORTED_CRITICAL_PAYLOAD,
@@ -135,11 +147,13 @@ ENUM_NEXT(notify_type_short_names, SINGLE_PAIR_REQUIRED, CHILD_SA_NOT_FOUND, AUT
"NO_CHILD_SA");
ENUM_NEXT(notify_type_short_names, ME_CONNECT_FAILED, ME_CONNECT_FAILED, CHILD_SA_NOT_FOUND,
"ME_CONN_FAIL");
-ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT, EAP_ONLY_AUTHENTICATION, ME_CONNECT_FAILED,
+ENUM_NEXT(notify_type_short_names, MS_NOTIFY_STATUS, MS_NOTIFY_STATUS, ME_CONNECT_FAILED,
+ "MS_STATUS");
+ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT, PSK_CONFIRM, MS_NOTIFY_STATUS,
"INIT_CONTACT",
"SET_WINSIZE",
"ADD_TS_POSS",
- "IPCOMP_SUPP",
+ "IPCOMP_SUP",
"NATD_S_IP",
"NATD_D_IP",
"COOKIE",
@@ -169,18 +183,28 @@ ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT, EAP_ONLY_AUTHENTICATION, ME_
"LINK_ID",
"WESP_MODE",
"ROHC_SUP",
- "EAP_ONLY");
-ENUM_NEXT(notify_type_short_names, USE_BEET_MODE, USE_BEET_MODE, EAP_ONLY_AUTHENTICATION,
+ "EAP_ONLY",
+ "CHDLESS_SUP",
+ "CRASH_DET",
+ "MSG_ID_SYN_SUP",
+ "RPL_CTR_SYN_SUP",
+ "MSG_ID_SYN",
+ "RPL_CTR_SYN",
+ "SEC_PASSWD",
+ "PSK_PST",
+ "PSK_CFM");
+ENUM_NEXT(notify_type_short_names, USE_BEET_MODE, USE_BEET_MODE, PSK_CONFIRM,
"BEET_MODE");
-ENUM_NEXT(notify_type_short_names, ME_MEDIATION, ME_RESPONSE, USE_BEET_MODE,
+ENUM_NEXT(notify_type_short_names, ME_MEDIATION, RADIUS_ATTRIBUTE, USE_BEET_MODE,
"ME_MED",
"ME_EP",
"ME_CB",
"ME_CID",
"ME_CKEY",
"ME_CAUTH",
- "ME_R");
-ENUM_END(notify_type_short_names, ME_RESPONSE);
+ "ME_R",
+ "RADIUS");
+ENUM_END(notify_type_short_names, RADIUS_ATTRIBUTE);
typedef struct private_notify_payload_t private_notify_payload_t;
diff --git a/src/libcharon/encoding/payloads/notify_payload.h b/src/libcharon/encoding/payloads/notify_payload.h
index 8abc236e1..ced282700 100644
--- a/src/libcharon/encoding/payloads/notify_payload.h
+++ b/src/libcharon/encoding/payloads/notify_payload.h
@@ -71,6 +71,9 @@ enum notify_type_t {
/* IKE-ME, private use */
ME_CONNECT_FAILED = 8192,
+ /* Windows error code */
+ MS_NOTIFY_STATUS = 12345,
+
/* notify status messages */
INITIAL_CONTACT = 16384,
SET_WINDOW_SIZE = 16385,
@@ -115,7 +118,20 @@ enum notify_type_t {
ROHC_SUPPORTED = 16416,
/* EAP-only authentication, RFC 5998 */
EAP_ONLY_AUTHENTICATION = 16417,
-
+ /* Childless initiation of IKEv2 SA, RFC 6023 */
+ CHILDLESS_IKEV2_SUPPORTED = 16418,
+ /* Quick crash detection for IKE, RFC 6290 */
+ QUICK_CRASH_DETECTION = 16419,
+ /* High availability of IKEv2/IPsec, RFC 6311 */
+ IKEV2_MESSAGE_ID_SYNC_SUPPORTED = 16420,
+ IKEV2_REPLAY_COUNTER_SYNC_SUPPORTED = 16421,
+ IKEV2_MESSAGE_ID_SYNC = 16422,
+ IPSEC_REPLAY_COUNTER_SYNC = 16423,
+ /* Secure password methods, RFC 6467 */
+ SECURE_PASSWORD_METHOD = 16424,
+ /* PACE - draft-kuegler-ipsecme-pace-ikev2 */
+ PSK_PERSIST = 16425,
+ PSK_CONFIRM = 16426,
/* BEET mode, not even a draft yet. private use */
USE_BEET_MODE = 40961,
/* IKE-ME, private use */
@@ -125,7 +141,9 @@ enum notify_type_t {
ME_CONNECTID = 40965,
ME_CONNECTKEY = 40966,
ME_CONNECTAUTH = 40967,
- ME_RESPONSE = 40968
+ ME_RESPONSE = 40968,
+ /* RADIUS attribute received/to send to a AAA backend */
+ RADIUS_ATTRIBUTE = 40969,
};
/**
diff --git a/src/libcharon/encoding/payloads/payload.c b/src/libcharon/encoding/payloads/payload.c
index d1e677db7..a2c0a4385 100644
--- a/src/libcharon/encoding/payloads/payload.c
+++ b/src/libcharon/encoding/payloads/payload.c
@@ -39,7 +39,8 @@
ENUM_BEGIN(payload_type_names, NO_PAYLOAD, NO_PAYLOAD,
"NO_PAYLOAD");
-ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION, EXTENSIBLE_AUTHENTICATION, NO_PAYLOAD,
+ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION,
+ GENERIC_SECURE_PASSWORD_METHOD, NO_PAYLOAD,
"SECURITY_ASSOCIATION",
"KEY_EXCHANGE",
"ID_INITIATOR",
@@ -55,9 +56,10 @@ ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION, EXTENSIBLE_AUTHENTICATION, N
"TRAFFIC_SELECTOR_RESPONDER",
"ENCRYPTED",
"CONFIGURATION",
- "EXTENSIBLE_AUTHENTICATION");
+ "EXTENSIBLE_AUTHENTICATION",
+ "GENERIC_SECURE_PASSWORD_METHOD");
#ifdef ME
-ENUM_NEXT(payload_type_names, ID_PEER, ID_PEER, EXTENSIBLE_AUTHENTICATION,
+ENUM_NEXT(payload_type_names, ID_PEER, ID_PEER, GENERIC_SECURE_PASSWORD_METHOD,
"ID_PEER");
ENUM_NEXT(payload_type_names, HEADER, CONFIGURATION_ATTRIBUTE, ID_PEER,
"HEADER",
@@ -67,7 +69,8 @@ ENUM_NEXT(payload_type_names, HEADER, CONFIGURATION_ATTRIBUTE, ID_PEER,
"TRAFFIC_SELECTOR_SUBSTRUCTURE",
"CONFIGURATION_ATTRIBUTE");
#else
-ENUM_NEXT(payload_type_names, HEADER, CONFIGURATION_ATTRIBUTE, EXTENSIBLE_AUTHENTICATION,
+ENUM_NEXT(payload_type_names, HEADER, CONFIGURATION_ATTRIBUTE,
+ GENERIC_SECURE_PASSWORD_METHOD,
"HEADER",
"PROPOSAL_SUBSTRUCTURE",
"TRANSFORM_SUBSTRUCTURE",
@@ -80,7 +83,8 @@ ENUM_END(payload_type_names, CONFIGURATION_ATTRIBUTE);
/* short forms of payload names */
ENUM_BEGIN(payload_type_short_names, NO_PAYLOAD, NO_PAYLOAD,
"--");
-ENUM_NEXT(payload_type_short_names, SECURITY_ASSOCIATION, EXTENSIBLE_AUTHENTICATION, NO_PAYLOAD,
+ENUM_NEXT(payload_type_short_names, SECURITY_ASSOCIATION,
+ GENERIC_SECURE_PASSWORD_METHOD, NO_PAYLOAD,
"SA",
"KE",
"IDi",
@@ -96,9 +100,11 @@ ENUM_NEXT(payload_type_short_names, SECURITY_ASSOCIATION, EXTENSIBLE_AUTHENTICAT
"TSr",
"E",
"CP",
- "EAP");
+ "EAP",
+ "GSPM");
#ifdef ME
-ENUM_NEXT(payload_type_short_names, ID_PEER, ID_PEER, EXTENSIBLE_AUTHENTICATION,
+ENUM_NEXT(payload_type_short_names, ID_PEER, ID_PEER,
+ GENERIC_SECURE_PASSWORD_METHOD,
"IDp");
ENUM_NEXT(payload_type_short_names, HEADER, CONFIGURATION_ATTRIBUTE, ID_PEER,
"HDR",
@@ -108,7 +114,8 @@ ENUM_NEXT(payload_type_short_names, HEADER, CONFIGURATION_ATTRIBUTE, ID_PEER,
"TSSUB",
"CPATTR");
#else
-ENUM_NEXT(payload_type_short_names, HEADER, CONFIGURATION_ATTRIBUTE, EXTENSIBLE_AUTHENTICATION,
+ENUM_NEXT(payload_type_short_names, HEADER, CONFIGURATION_ATTRIBUTE,
+ GENERIC_SECURE_PASSWORD_METHOD,
"HDR",
"PROP",
"TRANS",
diff --git a/src/libcharon/encoding/payloads/payload.h b/src/libcharon/encoding/payloads/payload.h
index 0f407ff42..a9af29b5b 100644
--- a/src/libcharon/encoding/payloads/payload.h
+++ b/src/libcharon/encoding/payloads/payload.h
@@ -79,7 +79,7 @@ enum payload_type_t{
AUTHENTICATION = 39,
/**
- * Nonces, for initator and responder (Ni, Nr, N)
+ * Nonces, for initiator and responder (Ni, Nr, N)
*/
NONCE = 40,
@@ -123,6 +123,11 @@ enum payload_type_t{
*/
EXTENSIBLE_AUTHENTICATION = 48,
+ /**
+ * Generic Secure Password Method (GSPM).
+ */
+ GENERIC_SECURE_PASSWORD_METHOD = 49,
+
#ifdef ME
/**
* Identification payload for peers has a value from
diff --git a/src/libcharon/encoding/payloads/proposal_substructure.c b/src/libcharon/encoding/payloads/proposal_substructure.c
index f39c3b0e6..4753d574d 100644
--- a/src/libcharon/encoding/payloads/proposal_substructure.c
+++ b/src/libcharon/encoding/payloads/proposal_substructure.c
@@ -407,7 +407,7 @@ proposal_substructure_t *proposal_substructure_create_from_proposal(
this = (private_proposal_substructure_t*)proposal_substructure_create();
- /* encryption algorithm is only availble in ESP */
+ /* encryption algorithm is only available in ESP */
enumerator = proposal->create_enumerator(proposal, ENCRYPTION_ALGORITHM);
while (enumerator->enumerate(enumerator, &alg, &key_size))
{
diff --git a/src/libcharon/encoding/payloads/sa_payload.c b/src/libcharon/encoding/payloads/sa_payload.c
index db20d052f..010f63cfd 100644
--- a/src/libcharon/encoding/payloads/sa_payload.c
+++ b/src/libcharon/encoding/payloads/sa_payload.c
@@ -106,7 +106,6 @@ METHOD(payload_t, verify, status_t,
status_t status = SUCCESS;
enumerator_t *enumerator;
proposal_substructure_t *substruct;
- bool first = TRUE;
/* check proposal numbering */
enumerator = this->proposals->create_enumerator(this->proposals);
@@ -115,16 +114,6 @@ METHOD(payload_t, verify, status_t,
current_number = substruct->get_proposal_number(substruct);
if (current_number < expected_number)
{
- if (current_number != expected_number + 1)
- {
- DBG1(DBG_ENC, "proposal number is %d, expected %d or %d",
- current_number, expected_number, expected_number + 1);
- status = FAILED;
- break;
- }
- }
- else if (current_number < expected_number)
- {
DBG1(DBG_ENC, "proposal number smaller than previous");
status = FAILED;
break;
@@ -136,7 +125,6 @@ METHOD(payload_t, verify, status_t,
DBG1(DBG_ENC, "PROPOSAL_SUBSTRUCTURE verification failed");
break;
}
- first = FALSE;
expected_number = current_number;
}
enumerator->destroy(enumerator);
diff --git a/src/libcharon/encoding/payloads/transform_substructure.c b/src/libcharon/encoding/payloads/transform_substructure.c
index 0428da726..3f04b3539 100644
--- a/src/libcharon/encoding/payloads/transform_substructure.c
+++ b/src/libcharon/encoding/payloads/transform_substructure.c
@@ -84,7 +84,7 @@ encoding_rule_t transform_substructure_encodings[] = {
{ U_INT_8, offsetof(private_transform_substructure_t, transform_type) },
/* 1 Reserved Byte */
{ RESERVED_BYTE, offsetof(private_transform_substructure_t, reserved[1]) },
- /* tranform ID is a number of 8 bit */
+ /* transform ID is a number of 8 bit */
{ U_INT_16, offsetof(private_transform_substructure_t, transform_id) },
/* Attributes are stored in a transform attribute,
offset points to a linked_list_t pointer */
diff --git a/src/libcharon/encoding/payloads/transform_substructure.h b/src/libcharon/encoding/payloads/transform_substructure.h
index c961700a4..102dbb3d3 100644
--- a/src/libcharon/encoding/payloads/transform_substructure.h
+++ b/src/libcharon/encoding/payloads/transform_substructure.h
@@ -118,7 +118,7 @@ transform_substructure_t *transform_substructure_create(void);
*
* @param type type of transform to create
* @param id transform id specifc for the transform type
- * @param key_length key length for key lenght attribute, 0 to omit
+ * @param key_length key length for key length attribute, 0 to omit
* @return transform_substructure_t object
*/
transform_substructure_t *transform_substructure_create_type(