diff options
Diffstat (limited to 'src/libcharon/encoding')
| -rw-r--r-- | src/libcharon/encoding/message.c | 33 | ||||
| -rw-r--r-- | src/libcharon/encoding/payloads/encrypted_payload.c | 34 | ||||
| -rw-r--r-- | src/libcharon/encoding/payloads/encrypted_payload.h | 13 | ||||
| -rw-r--r-- | src/libcharon/encoding/payloads/notify_payload.c | 14 | ||||
| -rw-r--r-- | src/libcharon/encoding/payloads/notify_payload.h | 8 |
5 files changed, 85 insertions, 17 deletions
diff --git a/src/libcharon/encoding/message.c b/src/libcharon/encoding/message.c index 1b8cd76f4..b72a2bf2d 100644 --- a/src/libcharon/encoding/message.c +++ b/src/libcharon/encoding/message.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2006-2014 Tobias Brunner + * Copyright (C) 2006-2018 Tobias Brunner * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2010 revosec AG * Copyright (C) 2006 Daniel Roethlisberger @@ -2095,8 +2095,8 @@ METHOD(message_t, fragment, status_t, count = data.len / frag_len + (data.len % frag_len ? 1 : 0); this->fragments = array_create(0, count); - DBG1(DBG_ENC, "splitting IKE message with length of %zu bytes into " - "%hu fragments", len, count); + DBG1(DBG_ENC, "splitting IKE message (%zu bytes) into %hu fragments", len, + count); for (num = 1; num <= count; num++) { len = min(data.len, frag_len); @@ -2821,11 +2821,11 @@ METHOD(message_t, add_fragment_v1, status_t, return NEED_MORE; } - DBG1(DBG_ENC, "received fragment #%hhu, reassembling fragmented IKE " - "message", num); - data = merge_fragments(this, message); this->packet->set_data(this->packet, data); + DBG1(DBG_ENC, "received fragment #%hhu, reassembled fragmented IKE " + "message (%zu bytes)", num, data.len); + this->parser = parser_create(data); if (parse_header(this) != SUCCESS) @@ -2842,9 +2842,11 @@ METHOD(message_t, add_fragment_v2, status_t, encrypted_fragment_payload_t *encrypted_fragment; encrypted_payload_t *encrypted; payload_t *payload; + aead_t *aead; enumerator_t *enumerator; chunk_t data; uint16_t total, num; + size_t len; status_t status; if (!this->frag) @@ -2904,15 +2906,30 @@ METHOD(message_t, add_fragment_v2, status_t, return NEED_MORE; } - DBG1(DBG_ENC, "received fragment #%hu of %hu, reassembling fragmented IKE " - "message", num, total); + encrypted = (encrypted_payload_t*)encrypted_fragment; + aead = encrypted->get_transform(encrypted); data = merge_fragments(this, message); + encrypted = encrypted_payload_create_from_plain(this->first_payload, data); + encrypted->set_transform(encrypted, aead); this->payloads->insert_last(this->payloads, encrypted); /* update next payload type (could be an unencrypted payload) */ this->payloads->get_first(this->payloads, (void**)&payload); this->first_payload = payload->get_type(payload); + + /* we report the length of the complete IKE message when splitting, do the + * same here, so add the IKEv2 header len to the reassembled payload data */ + len = 28; + enumerator = create_payload_enumerator(this); + while (enumerator->enumerate(enumerator, &payload)) + { + len += payload->get_length(payload); + } + enumerator->destroy(enumerator); + + DBG1(DBG_ENC, "received fragment #%hu of %hu, reassembled fragmented IKE " + "message (%zu bytes)", num, total, len); return SUCCESS; } diff --git a/src/libcharon/encoding/payloads/encrypted_payload.c b/src/libcharon/encoding/payloads/encrypted_payload.c index 4f4b1d1d6..ba56ace55 100644 --- a/src/libcharon/encoding/payloads/encrypted_payload.c +++ b/src/libcharon/encoding/payloads/encrypted_payload.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011-2014 Tobias Brunner + * Copyright (C) 2011-2018 Tobias Brunner * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2010 revosec AG * Copyright (C) 2005 Jan Hutter @@ -326,6 +326,21 @@ METHOD2(payload_t, encrypted_payload_t, get_length, size_t, return this->payload_length; } +METHOD2(payload_t, encrypted_payload_t, get_length_plain, size_t, + private_encrypted_payload_t *this) +{ + /* contains only the decrypted payload data, no IV, padding or ICV */ + this->payload_length = this->encrypted.len; + + if (this->aead) + { + this->payload_length += compute_overhead(this->aead, + this->payload_length); + } + this->payload_length += get_header_length(this); + return this->payload_length; +} + METHOD(encrypted_payload_t, add_payload, void, private_encrypted_payload_t *this, payload_t *payload) { @@ -727,6 +742,12 @@ METHOD(encrypted_payload_t, set_transform, void, this->aead = aead; } +METHOD(encrypted_payload_t, get_transform, aead_t*, + private_encrypted_payload_t *this) +{ + return this->aead; +} + METHOD2(payload_t, encrypted_payload_t, destroy, void, private_encrypted_payload_t *this) { @@ -759,6 +780,7 @@ encrypted_payload_t *encrypted_payload_create(payload_type_t type) .remove_payload = _remove_payload, .generate_payloads = _generate_payloads, .set_transform = _set_transform, + .get_transform = _get_transform, .encrypt = _encrypt, .decrypt = _decrypt, .destroy = _destroy, @@ -787,10 +809,11 @@ encrypted_payload_t *encrypted_payload_create_from_plain(payload_type_t next, private_encrypted_payload_t *this; this = (private_encrypted_payload_t*)encrypted_payload_create(PLV2_ENCRYPTED); + this->public.payload_interface.get_length = _get_length_plain; + this->public.get_length = _get_length_plain; this->public.decrypt = _decrypt_plain; this->next_payload = next; this->encrypted = plain; - compute_length(this); return &this->public; } @@ -899,6 +922,12 @@ METHOD(encrypted_payload_t, frag_set_transform, void, this->aead = aead; } +METHOD(encrypted_payload_t, frag_get_transform, aead_t*, + private_encrypted_fragment_payload_t *this) +{ + return this->aead; +} + /** * Append the encrypted fragment payload header to the associated data */ @@ -996,6 +1025,7 @@ encrypted_fragment_payload_t *encrypted_fragment_payload_create() .remove_payload = (void*)return_null, .generate_payloads = nop, .set_transform = _frag_set_transform, + .get_transform = _frag_get_transform, .encrypt = _frag_encrypt, .decrypt = _frag_decrypt, .destroy = _frag_destroy, diff --git a/src/libcharon/encoding/payloads/encrypted_payload.h b/src/libcharon/encoding/payloads/encrypted_payload.h index 72a256553..be7a24f43 100644 --- a/src/libcharon/encoding/payloads/encrypted_payload.h +++ b/src/libcharon/encoding/payloads/encrypted_payload.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2014 Tobias Brunner + * Copyright (C) 2014-2018 Tobias Brunner * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2010 revosec AG * Copyright (C) 2005 Jan Hutter @@ -74,9 +74,16 @@ struct encrypted_payload_t { /** * Set the AEAD transform to use. * - * @param aead aead transform to use + * @param aead aead transform to use */ - void (*set_transform) (encrypted_payload_t *this, aead_t *aead); + void (*set_transform)(encrypted_payload_t *this, aead_t *aead); + + /** + * Get the AEAD transform that to use (or was used). + * + * @param aead aead transform to use (or was used) + */ + aead_t *(*get_transform)(encrypted_payload_t *this); /** * Generate, encrypt and sign contained payloads. diff --git a/src/libcharon/encoding/payloads/notify_payload.c b/src/libcharon/encoding/payloads/notify_payload.c index 0c6f010b5..a69db9357 100644 --- a/src/libcharon/encoding/payloads/notify_payload.c +++ b/src/libcharon/encoding/payloads/notify_payload.c @@ -1,7 +1,7 @@ /* + * Copyright (C) 2006-2018 Tobias Brunner * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2010 revosec AG - * Copyright (C) 2006-2008 Tobias Brunner * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005 Jan Hutter * HSR Hochschule fuer Technik Rapperswil @@ -114,7 +114,11 @@ ENUM_NEXT(notify_type_names, INITIAL_CONTACT, SIGNATURE_HASH_ALGORITHMS, MS_NOTI "SENDER_REQUEST_ID", "FRAGMENTATION_SUPPORTED", "SIGNATURE_HASH_ALGORITHMS"); -ENUM_NEXT(notify_type_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, SIGNATURE_HASH_ALGORITHMS, +ENUM_NEXT(notify_type_names, USE_PPK, NO_PPK_AUTH, SIGNATURE_HASH_ALGORITHMS, + "USE_PPK", + "PPK_IDENTITY", + "NO_PPK_AUTH"); +ENUM_NEXT(notify_type_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, NO_PPK_AUTH, "INITIAL_CONTACT"); ENUM_NEXT(notify_type_names, DPD_R_U_THERE, DPD_R_U_THERE_ACK, INITIAL_CONTACT_IKEV1, "DPD_R_U_THERE", @@ -224,7 +228,11 @@ ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT, SIGNATURE_HASH_ALGORITHMS, M "SENDER_REQ_ID", "FRAG_SUP", "HASH_ALG"); -ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, SIGNATURE_HASH_ALGORITHMS, +ENUM_NEXT(notify_type_short_names, USE_PPK, NO_PPK_AUTH, SIGNATURE_HASH_ALGORITHMS, + "USE_PPK", + "PPK_ID", + "NO_PPK"); +ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, NO_PPK_AUTH, "INITIAL_CONTACT"); ENUM_NEXT(notify_type_short_names, DPD_R_U_THERE, DPD_R_U_THERE_ACK, INITIAL_CONTACT_IKEV1, "DPD", diff --git a/src/libcharon/encoding/payloads/notify_payload.h b/src/libcharon/encoding/payloads/notify_payload.h index 39e4c915b..b0cf69d02 100644 --- a/src/libcharon/encoding/payloads/notify_payload.h +++ b/src/libcharon/encoding/payloads/notify_payload.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2006-2008 Tobias Brunner + * Copyright (C) 2006-2018 Tobias Brunner * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -153,6 +153,12 @@ enum notify_type_t { FRAGMENTATION_SUPPORTED = 16430, /* Signature Hash Algorithms, RFC 7427 */ SIGNATURE_HASH_ALGORITHMS = 16431, + /* Use Postquantum Preshared Key (draft-ietf-ipsecme-qr-ikev2) */ + USE_PPK = 16435, + /* Postquantum Preshared Key Identity (draft-ietf-ipsecme-qr-ikev2) */ + PPK_IDENTITY = 16436, + /* No Postquantum Preshared Key Auth (draft-ietf-ipsecme-qr-ikev2) */ + NO_PPK_AUTH = 16437, /* IKEv1 initial contact */ INITIAL_CONTACT_IKEV1 = 24578, /* IKEv1 DPD */ |