#include <library.h>
#include <daemon.h>
-#include <sa/ike_sa_id.h>
#include <encoding/generator.h>
#include <encoding/parser.h>
-#include <utils/linked_list.h>
#include <encoding/payloads/encodings.h>
#include <encoding/payloads/payload.h>
#include <encoding/payloads/encryption_payload.h>
}
METHOD(message_t, generate, status_t,
- private_message_t *this, aead_t *aead, packet_t **packet)
+ private_message_t *this, keymat_t *keymat, packet_t **packet)
{
generator_t *generator;
ike_header_t *ike_header;
payload_t *payload, *next;
encryption_payload_t *encryption = NULL;
enumerator_t *enumerator;
+ aead_t *aead;
chunk_t chunk;
char str[BUF_LEN];
u_int32_t *lenpos;
DBG1(DBG_ENC, "generating %s", get_string(this, str, sizeof(str)));
+ aead = keymat->get_aead(keymat, FALSE);
if (aead && this->rule->encrypted)
{
encryption = wrap_payloads(this);
/**
* Decrypt payload from the encryption payload
*/
-static status_t decrypt_payloads(private_message_t *this, aead_t *aead)
+static status_t decrypt_payloads(private_message_t *this, keymat_t *keymat)
{
bool was_encrypted = FALSE;
payload_t *payload, *previous = NULL;
enumerator_t *enumerator;
payload_rule_t *rule;
payload_type_t type;
+ aead_t *aead;
status_t status = SUCCESS;
enumerator = this->payloads->create_enumerator(this->payloads);
status = VERIFY_ERROR;
break;
}
+ aead = keymat->get_aead(keymat, TRUE);
encryption->set_transform(encryption, aead);
chunk = this->packet->get_data(this->packet);
if (chunk.len < encryption->get_length(encryption))
}
METHOD(message_t, parse_body, status_t,
- private_message_t *this, aead_t *aead)
+ private_message_t *this, keymat_t *keymat)
{
status_t status = SUCCESS;
char str[BUF_LEN];
return status;
}
- status = decrypt_payloads(this, aead);
+ status = decrypt_payloads(this, keymat);
if (status != SUCCESS)
{
DBG1(DBG_ENC, "could not decrypt payloads");
return this;
}
-
typedef struct message_t message_t;
#include <library.h>
-#include <sa/ike_sa_id.h>
#include <network/packet.h>
#include <encoding/payloads/ike_header.h>
#include <encoding/payloads/notify_payload.h>
+#include <sa/keymat.h>
+#include <sa/ike_sa_id.h>
#include <utils/linked_list.h>
-#include <crypto/aead.h>
/**
- * This class is used to represent an IKEv2-Message.
+ * This class is used to represent an IKE-Message.
*
* The message handles parsing and generation of payloads
* via parser_t/generator_t. Encryption is done transparently
* If there are encrypted payloads, they get decrypted and verified using
* the given aead transform (if given).
*
- * @param aead aead transform to verify/decrypt message
+ * @param keymat keymat to verify/decrypt message
* @return
* - SUCCESS if parsing successful
* - PARSE_ERROR if message parsing failed
* - FAILED if integrity check failed
* - INVALID_STATE if aead not supplied, but needed
*/
- status_t (*parse_body) (message_t *this, aead_t *aead);
+ status_t (*parse_body) (message_t *this, keymat_t *keymat);
/**
* Generates the UDP packet of specific message.
* Generation is only done once, multiple calls will just return a copy
* of the packet.
*
- * @param aead aead transform to encrypt/sign message
+ * @param keymat keymat to encrypt/sign message
* @param packet copy of generated packet
* @return
* - SUCCESS if packet could be generated
* - NOT_FOUND if no rules found for message generation
* - INVALID_STATE if aead not supplied but needed.
*/
- status_t (*generate) (message_t *this, aead_t *aead, packet_t **packet);
+ status_t (*generate) (message_t *this, keymat_t *keymat, packet_t **packet);
/**
* Check if the message has already been encoded using generate().
this->stats[STAT_OUTBOUND] = time_monotonic(NULL);
message->set_ike_sa_id(message, this->ike_sa_id);
charon->bus->message(charon->bus, message, FALSE);
- return message->generate(message,
- this->keymat->get_aead(this->keymat, FALSE), packet);
+ return message->generate(message, this->keymat, packet);
}
/**
is_request = message->get_request(message);
- status = message->parse_body(message,
- this->keymat->get_aead(this->keymat, TRUE));
+ status = message->parse_body(message, this->keymat);
if (status == SUCCESS)
{ /* check for unsupported critical payloads */
enumerator_t *enumerator;
projects / thirdparty / strongswan.git / commitdiff
