diff options
Diffstat (limited to 'src/libcharon/encoding/payloads')
17 files changed, 179 insertions, 127 deletions
diff --git a/src/libcharon/encoding/payloads/certreq_payload.c b/src/libcharon/encoding/payloads/certreq_payload.c index 8e0836f0e..02015f273 100644 --- a/src/libcharon/encoding/payloads/certreq_payload.c +++ b/src/libcharon/encoding/payloads/certreq_payload.c @@ -111,8 +111,7 @@ METHOD(payload_t, verify, status_t, { if (this->encoding == ENC_X509_SIGNATURE) { - if (this->data.len < HASH_SIZE_SHA1 || - this->data.len % HASH_SIZE_SHA1) + if (this->data.len % HASH_SIZE_SHA1) { DBG1(DBG_ENC, "invalid X509 hash length (%d) in certreq", this->data.len); diff --git a/src/libcharon/encoding/payloads/cp_payload.h b/src/libcharon/encoding/payloads/cp_payload.h index 7dcf58f7e..afae6091a 100644 --- a/src/libcharon/encoding/payloads/cp_payload.h +++ b/src/libcharon/encoding/payloads/cp_payload.h @@ -63,7 +63,7 @@ struct cp_payload_t { payload_t payload_interface; /** - * Creates an iterator of stored configuration_attribute_t objects. + * Creates an enumerator of stored configuration_attribute_t objects. * * @return enumerator over configration_attribute_T */ diff --git a/src/libcharon/encoding/payloads/eap_payload.c b/src/libcharon/encoding/payloads/eap_payload.c index eafb668b6..cacaef222 100644 --- a/src/libcharon/encoding/payloads/eap_payload.c +++ b/src/libcharon/encoding/payloads/eap_payload.c @@ -284,6 +284,18 @@ eap_payload_t *eap_payload_create_data(chunk_t data) /* * Described in header */ +eap_payload_t *eap_payload_create_data_own(chunk_t data) +{ + eap_payload_t *this = eap_payload_create(); + + this->set_data(this, data); + free(data.ptr); + return this; +} + +/* + * Described in header + */ eap_payload_t *eap_payload_create_code(eap_code_t code, u_int8_t identifier) { chunk_t data; diff --git a/src/libcharon/encoding/payloads/eap_payload.h b/src/libcharon/encoding/payloads/eap_payload.h index 0bde4b15e..60d9c99d2 100644 --- a/src/libcharon/encoding/payloads/eap_payload.h +++ b/src/libcharon/encoding/payloads/eap_payload.h @@ -95,18 +95,27 @@ struct eap_payload_t { /** * Creates an empty eap_payload_t object. * - * @return eap_payload_t object + * @return eap_payload_t object */ eap_payload_t *eap_payload_create(void); /** * Creates an eap_payload_t object with data. * - * @return eap_payload_t object + * @param data data, gets cloned + * @return eap_payload_t object */ eap_payload_t *eap_payload_create_data(chunk_t data); /** + * Creates an eap_payload_t object with data, owning the data. + * + * @param data data on heap, gets owned and freed + * @return eap_payload_t object + */ +eap_payload_t *eap_payload_create_data_own(chunk_t data); + +/** * Creates an eap_payload_t object with a code. * * Could should be either EAP_SUCCESS/EAP_FAILURE, use diff --git a/src/libcharon/encoding/payloads/encryption_payload.c b/src/libcharon/encoding/payloads/encryption_payload.c index 3b23ea9fb..e7b8063b7 100644 --- a/src/libcharon/encoding/payloads/encryption_payload.c +++ b/src/libcharon/encoding/payloads/encryption_payload.c @@ -142,7 +142,7 @@ METHOD(payload_t, set_next_type, void, } /** - * Compute the lenght of the whole payload + * Compute the length of the whole payload */ static void compute_length(private_encryption_payload_t *this) { diff --git a/src/libcharon/encoding/payloads/endpoint_notify.c b/src/libcharon/encoding/payloads/endpoint_notify.c index faec1ea71..1ead0a052 100644 --- a/src/libcharon/encoding/payloads/endpoint_notify.c +++ b/src/libcharon/encoding/payloads/endpoint_notify.c @@ -76,6 +76,11 @@ ENUM(me_endpoint_type_names, HOST, RELAYED, ); /** + * Forward declaration + */ +static private_endpoint_notify_t *endpoint_notify_create(); + +/** * Helper functions to parse integer values */ static status_t parse_uint8(u_int8_t **cur, u_int8_t *top, u_int8_t *val) @@ -216,10 +221,8 @@ static chunk_t build_notification_data(private_endpoint_notify_t *this) return data; } -/** - * Implementation of endpoint_notify_t.build_notify - */ -static notify_payload_t *build_notify(private_endpoint_notify_t *this) +METHOD(endpoint_notify_t, build_notify, notify_payload_t*, + private_endpoint_notify_t *this) { chunk_t data; notify_payload_t *notify; @@ -233,64 +236,53 @@ static notify_payload_t *build_notify(private_endpoint_notify_t *this) return notify; } -/** - * Implementation of endpoint_notify_t.get_priority. - */ -static u_int32_t get_priority(private_endpoint_notify_t *this) + +METHOD(endpoint_notify_t, get_priority, u_int32_t, + private_endpoint_notify_t *this) { return this->priority; } -/** - * Implementation of endpoint_notify_t.set_priority. - */ -static void set_priority(private_endpoint_notify_t *this, u_int32_t priority) +METHOD(endpoint_notify_t, set_priority, void, + private_endpoint_notify_t *this, u_int32_t priority) { this->priority = priority; } -/** - * Implementation of endpoint_notify_t.get_type. - */ -static me_endpoint_type_t get_type(private_endpoint_notify_t *this) +METHOD(endpoint_notify_t, get_type, me_endpoint_type_t, + private_endpoint_notify_t *this) { return this->type; } -/** - * Implementation of endpoint_notify_t.get_family. - */ -static me_endpoint_family_t get_family(private_endpoint_notify_t *this) +METHOD(endpoint_notify_t, get_family, me_endpoint_family_t, + private_endpoint_notify_t *this) { return this->family; } -/** - * Implementation of endpoint_notify_t.get_host. - */ -static host_t *get_host(private_endpoint_notify_t *this) +METHOD(endpoint_notify_t, get_host, host_t*, + private_endpoint_notify_t *this) { return this->endpoint; } -/** - * Implementation of endpoint_notify_t.get_base. - */ -static host_t *get_base(private_endpoint_notify_t *this) +METHOD(endpoint_notify_t, get_base, host_t*, + private_endpoint_notify_t *this) { return (!this->base) ? this->endpoint : this->base; } -/** - * Implementation of endpoint_notify_t.clone. - */ -static endpoint_notify_t *_clone(private_endpoint_notify_t *this) +METHOD(endpoint_notify_t, clone_, endpoint_notify_t*, + private_endpoint_notify_t *this) { - private_endpoint_notify_t *clone = (private_endpoint_notify_t*)endpoint_notify_create(); + private_endpoint_notify_t *clone; + clone = endpoint_notify_create(); clone->priority = this->priority; clone->type = this->type; clone->family = this->family; + if (this->endpoint) { clone->endpoint = this->endpoint->clone(this->endpoint); @@ -304,52 +296,47 @@ static endpoint_notify_t *_clone(private_endpoint_notify_t *this) return &clone->public; } -/** - * Implementation of endpoint_notify_t.destroy. - */ -static status_t destroy(private_endpoint_notify_t *this) +METHOD(endpoint_notify_t, destroy, void, + private_endpoint_notify_t *this) { DESTROY_IF(this->endpoint); DESTROY_IF(this->base); free(this); - return SUCCESS; } -/* - * Described in header +/** + * Creates an empty endpoint notify */ -endpoint_notify_t *endpoint_notify_create() +static private_endpoint_notify_t *endpoint_notify_create() { - private_endpoint_notify_t *this = malloc_thing(private_endpoint_notify_t); - - /* public functions */ - this->public.get_priority = (u_int32_t (*) (endpoint_notify_t *)) get_priority; - this->public.set_priority = (void (*) (endpoint_notify_t *, u_int32_t)) set_priority; - this->public.get_type = (me_endpoint_type_t (*) (endpoint_notify_t *)) get_type; - this->public.get_family = (me_endpoint_family_t (*) (endpoint_notify_t *)) get_family; - this->public.get_host = (host_t *(*) (endpoint_notify_t *)) get_host; - this->public.get_base = (host_t *(*) (endpoint_notify_t *)) get_base; - this->public.build_notify = (notify_payload_t *(*) (endpoint_notify_t *)) build_notify; - this->public.clone = (endpoint_notify_t *(*) (endpoint_notify_t *)) _clone; - this->public.destroy = (void (*) (endpoint_notify_t *)) destroy; - - /* set default values of the fields */ - this->priority = 0; - this->family = NO_FAMILY; - this->type = NO_TYPE; - this->endpoint = NULL; - this->base = NULL; - - return &this->public; + private_endpoint_notify_t *this; + + INIT(this, + .public = { + .get_priority = _get_priority, + .set_priority = _set_priority, + .get_type = _get_type, + .get_family = _get_family, + .get_host = _get_host, + .get_base = _get_base, + .build_notify = _build_notify, + .clone = _clone_, + .destroy = _destroy, + }, + .family = NO_FAMILY, + .type = NO_TYPE, + ); + + return this; } /** * Described in header */ -endpoint_notify_t *endpoint_notify_create_from_host(me_endpoint_type_t type, host_t *host, host_t *base) +endpoint_notify_t *endpoint_notify_create_from_host(me_endpoint_type_t type, + host_t *host, host_t *base) { - private_endpoint_notify_t *this = (private_endpoint_notify_t*)endpoint_notify_create(); - + private_endpoint_notify_t *this = endpoint_notify_create(); this->type = type; switch(type) @@ -406,13 +393,17 @@ endpoint_notify_t *endpoint_notify_create_from_host(me_endpoint_type_t type, hos */ endpoint_notify_t *endpoint_notify_create_from_payload(notify_payload_t *notify) { + private_endpoint_notify_t *this; + chunk_t data; + if (notify->get_notify_type(notify) != ME_ENDPOINT) { return NULL; } - private_endpoint_notify_t *this = (private_endpoint_notify_t*)endpoint_notify_create(); - chunk_t data = notify->get_notification_data(notify); + this = endpoint_notify_create(); + data = notify->get_notification_data(notify); + if (parse_notification_data(this, data) != SUCCESS) { destroy(this); diff --git a/src/libcharon/encoding/payloads/endpoint_notify.h b/src/libcharon/encoding/payloads/endpoint_notify.h index 120eef49a..853aadf3d 100644 --- a/src/libcharon/encoding/payloads/endpoint_notify.h +++ b/src/libcharon/encoding/payloads/endpoint_notify.h @@ -125,7 +125,7 @@ struct endpoint_notify_t { /** * Generates a notification payload from this endpoint. * - * @return built notify_payload_t + * @return built notify_payload_t */ notify_payload_t *(*build_notify) (endpoint_notify_t *this); @@ -143,19 +143,12 @@ struct endpoint_notify_t { }; /** - * Creates an empty endpoint_notify_t object. - * - * @return created endpoint_notify_t object - */ -endpoint_notify_t *endpoint_notify_create(void); - - -/** * Creates an endpoint_notify_t object from a host. * * @param type the endpoint type * @param host host to base the notify on (gets cloned) - * @param base base of the endpoint, applies only to reflexive endpoints (gets cloned) + * @param base base of the endpoint, applies only to reflexive + * endpoints (gets cloned) * @return created endpoint_notify_t object */ endpoint_notify_t *endpoint_notify_create_from_host(me_endpoint_type_t type, @@ -166,7 +159,7 @@ endpoint_notify_t *endpoint_notify_create_from_host(me_endpoint_type_t type, * * @param notify the notify payload * @return - created endpoint_notify_t object - * - NULL if invalid payload + * - NULL if invalid payload */ endpoint_notify_t *endpoint_notify_create_from_payload(notify_payload_t *notify); diff --git a/src/libcharon/encoding/payloads/ike_header.c b/src/libcharon/encoding/payloads/ike_header.c index 80dcee0cb..24d22f3a1 100644 --- a/src/libcharon/encoding/payloads/ike_header.c +++ b/src/libcharon/encoding/payloads/ike_header.c @@ -101,17 +101,18 @@ struct private_ike_header_t { ENUM_BEGIN(exchange_type_names, EXCHANGE_TYPE_UNDEFINED, EXCHANGE_TYPE_UNDEFINED, "EXCHANGE_TYPE_UNDEFINED"); -ENUM_NEXT(exchange_type_names, IKE_SA_INIT, INFORMATIONAL, EXCHANGE_TYPE_UNDEFINED, +ENUM_NEXT(exchange_type_names, IKE_SA_INIT, IKE_SESSION_RESUME, EXCHANGE_TYPE_UNDEFINED, "IKE_SA_INIT", "IKE_AUTH", "CREATE_CHILD_SA", - "INFORMATIONAL"); + "INFORMATIONAL", + "IKE_SESSION_RESUME"); #ifdef ME -ENUM_NEXT(exchange_type_names, ME_CONNECT, ME_CONNECT, INFORMATIONAL, +ENUM_NEXT(exchange_type_names, ME_CONNECT, ME_CONNECT, IKE_SESSION_RESUME, "ME_CONNECT"); ENUM_END(exchange_type_names, ME_CONNECT); #else -ENUM_END(exchange_type_names, INFORMATIONAL); +ENUM_END(exchange_type_names, IKE_SESSION_RESUME); #endif /* ME */ /** diff --git a/src/libcharon/encoding/payloads/ike_header.h b/src/libcharon/encoding/payloads/ike_header.h index f52c852c5..5579a4961 100644 --- a/src/libcharon/encoding/payloads/ike_header.h +++ b/src/libcharon/encoding/payloads/ike_header.h @@ -80,6 +80,11 @@ enum exchange_type_t{ * INFORMATIONAL. */ INFORMATIONAL = 37, + + /** + * IKE_SESSION_RESUME (RFC 5723). + */ + IKE_SESSION_RESUME = 38, #ifdef ME /** * ME_CONNECT diff --git a/src/libcharon/encoding/payloads/notify_payload.c b/src/libcharon/encoding/payloads/notify_payload.c index 77f15ec6d..e03d1af67 100644 --- a/src/libcharon/encoding/payloads/notify_payload.c +++ b/src/libcharon/encoding/payloads/notify_payload.c @@ -56,7 +56,9 @@ ENUM_NEXT(notify_type_names, SINGLE_PAIR_REQUIRED, CHILD_SA_NOT_FOUND, AUTHENTIC "CHILD_SA_NOT_FOUND"); ENUM_NEXT(notify_type_names, ME_CONNECT_FAILED, ME_CONNECT_FAILED, CHILD_SA_NOT_FOUND, "ME_CONNECT_FAILED"); -ENUM_NEXT(notify_type_names, INITIAL_CONTACT, EAP_ONLY_AUTHENTICATION, ME_CONNECT_FAILED, +ENUM_NEXT(notify_type_names, MS_NOTIFY_STATUS, MS_NOTIFY_STATUS, ME_CONNECT_FAILED, + "MS_NOTIFY_STATUS"); +ENUM_NEXT(notify_type_names, INITIAL_CONTACT, PSK_CONFIRM, MS_NOTIFY_STATUS, "INITIAL_CONTACT", "SET_WINDOW_SIZE", "ADDITIONAL_TS_POSSIBLE", @@ -90,18 +92,28 @@ ENUM_NEXT(notify_type_names, INITIAL_CONTACT, EAP_ONLY_AUTHENTICATION, ME_CONNEC "LINK_ID", "USE_WESP_MODE", "ROHC_SUPPORTED", - "EAP_ONLY_AUTHENTICATION"); -ENUM_NEXT(notify_type_names, USE_BEET_MODE, USE_BEET_MODE, EAP_ONLY_AUTHENTICATION, + "EAP_ONLY_AUTHENTICATION", + "CHILDLESS_IKEV2_SUPPORTED", + "QUICK_CRASH_DETECTION", + "IKEV2_MESSAGE_ID_SYNC_SUPPORTED", + "IKEV2_REPLAY_COUNTER_SYNC_SUPPORTED", + "IKEV2_MESSAGE_ID_SYNC", + "IPSEC_REPLAY_COUNTER_SYNC", + "SECURE PASSWORD_METHOD", + "PSK_PERSIST", + "PSK_CONFIRM"); +ENUM_NEXT(notify_type_names, USE_BEET_MODE, USE_BEET_MODE, PSK_CONFIRM, "USE_BEET_MODE"); -ENUM_NEXT(notify_type_names, ME_MEDIATION, ME_RESPONSE, USE_BEET_MODE, +ENUM_NEXT(notify_type_names, ME_MEDIATION, RADIUS_ATTRIBUTE, USE_BEET_MODE, "ME_MEDIATION", "ME_ENDPOINT", "ME_CALLBACK", "ME_CONNECTID", "ME_CONNECTKEY", "ME_CONNECTAUTH", - "ME_RESPONSE"); -ENUM_END(notify_type_names, ME_RESPONSE); + "ME_RESPONSE", + "RADIUS_ATTRIBUTE",); +ENUM_END(notify_type_names, RADIUS_ATTRIBUTE); ENUM_BEGIN(notify_type_short_names, UNSUPPORTED_CRITICAL_PAYLOAD, UNSUPPORTED_CRITICAL_PAYLOAD, @@ -135,11 +147,13 @@ ENUM_NEXT(notify_type_short_names, SINGLE_PAIR_REQUIRED, CHILD_SA_NOT_FOUND, AUT "NO_CHILD_SA"); ENUM_NEXT(notify_type_short_names, ME_CONNECT_FAILED, ME_CONNECT_FAILED, CHILD_SA_NOT_FOUND, "ME_CONN_FAIL"); -ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT, EAP_ONLY_AUTHENTICATION, ME_CONNECT_FAILED, +ENUM_NEXT(notify_type_short_names, MS_NOTIFY_STATUS, MS_NOTIFY_STATUS, ME_CONNECT_FAILED, + "MS_STATUS"); +ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT, PSK_CONFIRM, MS_NOTIFY_STATUS, "INIT_CONTACT", "SET_WINSIZE", "ADD_TS_POSS", - "IPCOMP_SUPP", + "IPCOMP_SUP", "NATD_S_IP", "NATD_D_IP", "COOKIE", @@ -169,18 +183,28 @@ ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT, EAP_ONLY_AUTHENTICATION, ME_ "LINK_ID", "WESP_MODE", "ROHC_SUP", - "EAP_ONLY"); -ENUM_NEXT(notify_type_short_names, USE_BEET_MODE, USE_BEET_MODE, EAP_ONLY_AUTHENTICATION, + "EAP_ONLY", + "CHDLESS_SUP", + "CRASH_DET", + "MSG_ID_SYN_SUP", + "RPL_CTR_SYN_SUP", + "MSG_ID_SYN", + "RPL_CTR_SYN", + "SEC_PASSWD", + "PSK_PST", + "PSK_CFM"); +ENUM_NEXT(notify_type_short_names, USE_BEET_MODE, USE_BEET_MODE, PSK_CONFIRM, "BEET_MODE"); -ENUM_NEXT(notify_type_short_names, ME_MEDIATION, ME_RESPONSE, USE_BEET_MODE, +ENUM_NEXT(notify_type_short_names, ME_MEDIATION, RADIUS_ATTRIBUTE, USE_BEET_MODE, "ME_MED", "ME_EP", "ME_CB", "ME_CID", "ME_CKEY", "ME_CAUTH", - "ME_R"); -ENUM_END(notify_type_short_names, ME_RESPONSE); + "ME_R", + "RADIUS"); +ENUM_END(notify_type_short_names, RADIUS_ATTRIBUTE); typedef struct private_notify_payload_t private_notify_payload_t; diff --git a/src/libcharon/encoding/payloads/notify_payload.h b/src/libcharon/encoding/payloads/notify_payload.h index 8abc236e1..ced282700 100644 --- a/src/libcharon/encoding/payloads/notify_payload.h +++ b/src/libcharon/encoding/payloads/notify_payload.h @@ -71,6 +71,9 @@ enum notify_type_t { /* IKE-ME, private use */ ME_CONNECT_FAILED = 8192, + /* Windows error code */ + MS_NOTIFY_STATUS = 12345, + /* notify status messages */ INITIAL_CONTACT = 16384, SET_WINDOW_SIZE = 16385, @@ -115,7 +118,20 @@ enum notify_type_t { ROHC_SUPPORTED = 16416, /* EAP-only authentication, RFC 5998 */ EAP_ONLY_AUTHENTICATION = 16417, - + /* Childless initiation of IKEv2 SA, RFC 6023 */ + CHILDLESS_IKEV2_SUPPORTED = 16418, + /* Quick crash detection for IKE, RFC 6290 */ + QUICK_CRASH_DETECTION = 16419, + /* High availability of IKEv2/IPsec, RFC 6311 */ + IKEV2_MESSAGE_ID_SYNC_SUPPORTED = 16420, + IKEV2_REPLAY_COUNTER_SYNC_SUPPORTED = 16421, + IKEV2_MESSAGE_ID_SYNC = 16422, + IPSEC_REPLAY_COUNTER_SYNC = 16423, + /* Secure password methods, RFC 6467 */ + SECURE_PASSWORD_METHOD = 16424, + /* PACE - draft-kuegler-ipsecme-pace-ikev2 */ + PSK_PERSIST = 16425, + PSK_CONFIRM = 16426, /* BEET mode, not even a draft yet. private use */ USE_BEET_MODE = 40961, /* IKE-ME, private use */ @@ -125,7 +141,9 @@ enum notify_type_t { ME_CONNECTID = 40965, ME_CONNECTKEY = 40966, ME_CONNECTAUTH = 40967, - ME_RESPONSE = 40968 + ME_RESPONSE = 40968, + /* RADIUS attribute received/to send to a AAA backend */ + RADIUS_ATTRIBUTE = 40969, }; /** diff --git a/src/libcharon/encoding/payloads/payload.c b/src/libcharon/encoding/payloads/payload.c index d1e677db7..a2c0a4385 100644 --- a/src/libcharon/encoding/payloads/payload.c +++ b/src/libcharon/encoding/payloads/payload.c @@ -39,7 +39,8 @@ ENUM_BEGIN(payload_type_names, NO_PAYLOAD, NO_PAYLOAD, "NO_PAYLOAD"); -ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION, EXTENSIBLE_AUTHENTICATION, NO_PAYLOAD, +ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION, + GENERIC_SECURE_PASSWORD_METHOD, NO_PAYLOAD, "SECURITY_ASSOCIATION", "KEY_EXCHANGE", "ID_INITIATOR", @@ -55,9 +56,10 @@ ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION, EXTENSIBLE_AUTHENTICATION, N "TRAFFIC_SELECTOR_RESPONDER", "ENCRYPTED", "CONFIGURATION", - "EXTENSIBLE_AUTHENTICATION"); + "EXTENSIBLE_AUTHENTICATION", + "GENERIC_SECURE_PASSWORD_METHOD"); #ifdef ME -ENUM_NEXT(payload_type_names, ID_PEER, ID_PEER, EXTENSIBLE_AUTHENTICATION, +ENUM_NEXT(payload_type_names, ID_PEER, ID_PEER, GENERIC_SECURE_PASSWORD_METHOD, "ID_PEER"); ENUM_NEXT(payload_type_names, HEADER, CONFIGURATION_ATTRIBUTE, ID_PEER, "HEADER", @@ -67,7 +69,8 @@ ENUM_NEXT(payload_type_names, HEADER, CONFIGURATION_ATTRIBUTE, ID_PEER, "TRAFFIC_SELECTOR_SUBSTRUCTURE", "CONFIGURATION_ATTRIBUTE"); #else -ENUM_NEXT(payload_type_names, HEADER, CONFIGURATION_ATTRIBUTE, EXTENSIBLE_AUTHENTICATION, +ENUM_NEXT(payload_type_names, HEADER, CONFIGURATION_ATTRIBUTE, + GENERIC_SECURE_PASSWORD_METHOD, "HEADER", "PROPOSAL_SUBSTRUCTURE", "TRANSFORM_SUBSTRUCTURE", @@ -80,7 +83,8 @@ ENUM_END(payload_type_names, CONFIGURATION_ATTRIBUTE); /* short forms of payload names */ ENUM_BEGIN(payload_type_short_names, NO_PAYLOAD, NO_PAYLOAD, "--"); -ENUM_NEXT(payload_type_short_names, SECURITY_ASSOCIATION, EXTENSIBLE_AUTHENTICATION, NO_PAYLOAD, +ENUM_NEXT(payload_type_short_names, SECURITY_ASSOCIATION, + GENERIC_SECURE_PASSWORD_METHOD, NO_PAYLOAD, "SA", "KE", "IDi", @@ -96,9 +100,11 @@ ENUM_NEXT(payload_type_short_names, SECURITY_ASSOCIATION, EXTENSIBLE_AUTHENTICAT "TSr", "E", "CP", - "EAP"); + "EAP", + "GSPM"); #ifdef ME -ENUM_NEXT(payload_type_short_names, ID_PEER, ID_PEER, EXTENSIBLE_AUTHENTICATION, +ENUM_NEXT(payload_type_short_names, ID_PEER, ID_PEER, + GENERIC_SECURE_PASSWORD_METHOD, "IDp"); ENUM_NEXT(payload_type_short_names, HEADER, CONFIGURATION_ATTRIBUTE, ID_PEER, "HDR", @@ -108,7 +114,8 @@ ENUM_NEXT(payload_type_short_names, HEADER, CONFIGURATION_ATTRIBUTE, ID_PEER, "TSSUB", "CPATTR"); #else -ENUM_NEXT(payload_type_short_names, HEADER, CONFIGURATION_ATTRIBUTE, EXTENSIBLE_AUTHENTICATION, +ENUM_NEXT(payload_type_short_names, HEADER, CONFIGURATION_ATTRIBUTE, + GENERIC_SECURE_PASSWORD_METHOD, "HDR", "PROP", "TRANS", diff --git a/src/libcharon/encoding/payloads/payload.h b/src/libcharon/encoding/payloads/payload.h index 0f407ff42..a9af29b5b 100644 --- a/src/libcharon/encoding/payloads/payload.h +++ b/src/libcharon/encoding/payloads/payload.h @@ -79,7 +79,7 @@ enum payload_type_t{ AUTHENTICATION = 39, /** - * Nonces, for initator and responder (Ni, Nr, N) + * Nonces, for initiator and responder (Ni, Nr, N) */ NONCE = 40, @@ -123,6 +123,11 @@ enum payload_type_t{ */ EXTENSIBLE_AUTHENTICATION = 48, + /** + * Generic Secure Password Method (GSPM). + */ + GENERIC_SECURE_PASSWORD_METHOD = 49, + #ifdef ME /** * Identification payload for peers has a value from diff --git a/src/libcharon/encoding/payloads/proposal_substructure.c b/src/libcharon/encoding/payloads/proposal_substructure.c index f39c3b0e6..4753d574d 100644 --- a/src/libcharon/encoding/payloads/proposal_substructure.c +++ b/src/libcharon/encoding/payloads/proposal_substructure.c @@ -407,7 +407,7 @@ proposal_substructure_t *proposal_substructure_create_from_proposal( this = (private_proposal_substructure_t*)proposal_substructure_create(); - /* encryption algorithm is only availble in ESP */ + /* encryption algorithm is only available in ESP */ enumerator = proposal->create_enumerator(proposal, ENCRYPTION_ALGORITHM); while (enumerator->enumerate(enumerator, &alg, &key_size)) { diff --git a/src/libcharon/encoding/payloads/sa_payload.c b/src/libcharon/encoding/payloads/sa_payload.c index db20d052f..010f63cfd 100644 --- a/src/libcharon/encoding/payloads/sa_payload.c +++ b/src/libcharon/encoding/payloads/sa_payload.c @@ -106,7 +106,6 @@ METHOD(payload_t, verify, status_t, status_t status = SUCCESS; enumerator_t *enumerator; proposal_substructure_t *substruct; - bool first = TRUE; /* check proposal numbering */ enumerator = this->proposals->create_enumerator(this->proposals); @@ -115,16 +114,6 @@ METHOD(payload_t, verify, status_t, current_number = substruct->get_proposal_number(substruct); if (current_number < expected_number) { - if (current_number != expected_number + 1) - { - DBG1(DBG_ENC, "proposal number is %d, expected %d or %d", - current_number, expected_number, expected_number + 1); - status = FAILED; - break; - } - } - else if (current_number < expected_number) - { DBG1(DBG_ENC, "proposal number smaller than previous"); status = FAILED; break; @@ -136,7 +125,6 @@ METHOD(payload_t, verify, status_t, DBG1(DBG_ENC, "PROPOSAL_SUBSTRUCTURE verification failed"); break; } - first = FALSE; expected_number = current_number; } enumerator->destroy(enumerator); diff --git a/src/libcharon/encoding/payloads/transform_substructure.c b/src/libcharon/encoding/payloads/transform_substructure.c index 0428da726..3f04b3539 100644 --- a/src/libcharon/encoding/payloads/transform_substructure.c +++ b/src/libcharon/encoding/payloads/transform_substructure.c @@ -84,7 +84,7 @@ encoding_rule_t transform_substructure_encodings[] = { { U_INT_8, offsetof(private_transform_substructure_t, transform_type) }, /* 1 Reserved Byte */ { RESERVED_BYTE, offsetof(private_transform_substructure_t, reserved[1]) }, - /* tranform ID is a number of 8 bit */ + /* transform ID is a number of 8 bit */ { U_INT_16, offsetof(private_transform_substructure_t, transform_id) }, /* Attributes are stored in a transform attribute, offset points to a linked_list_t pointer */ diff --git a/src/libcharon/encoding/payloads/transform_substructure.h b/src/libcharon/encoding/payloads/transform_substructure.h index c961700a4..102dbb3d3 100644 --- a/src/libcharon/encoding/payloads/transform_substructure.h +++ b/src/libcharon/encoding/payloads/transform_substructure.h @@ -118,7 +118,7 @@ transform_substructure_t *transform_substructure_create(void); * * @param type type of transform to create * @param id transform id specifc for the transform type - * @param key_length key length for key lenght attribute, 0 to omit + * @param key_length key length for key length attribute, 0 to omit * @return transform_substructure_t object */ transform_substructure_t *transform_substructure_create_type( |