From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 15 Nov 2011 17:21:28 +0000 (+0100)
Subject: Message rules for IKEv1 AGGRESSIVE exchange added.
X-Git-Tag: 5.0.0~338^2~9^2~515
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=130c9a54c2c9c5586d685bf98b3bf004f7465d8f;p=thirdparty%2Fstrongswan.git

Message rules for IKEv1 AGGRESSIVE exchange added.

These are basically the same as for ID_PROT but no payloads are expected
to be encrypted (at least if using PSK or signatures for authentication).
---

diff --git a/src/libcharon/encoding/message.c b/src/libcharon/encoding/message.c
index eab3427a15..5386d4984c 100644
--- a/src/libcharon/encoding/message.c
+++ b/src/libcharon/encoding/message.c
@@ -478,6 +478,70 @@ static payload_order_t id_prot_r_order[] = {
 	{NOTIFICATION_V1,			0},
 	{VENDOR_ID_V1,				0},
 };
+
+/**
+ * Message rule for AGGRESSIVE from initiator.
+ */
+static payload_rule_t aggressive_i_rules[] = {
+/*	payload type				min	max						encr	suff */
+	{NOTIFICATION_V1,			0,	MAX_NOTIFY_PAYLOADS,	FALSE,	FALSE},
+	{SECURITY_ASSOCIATION_V1,	0,	1,						FALSE,	FALSE},
+	{KEY_EXCHANGE_V1,			0,	1,						FALSE,	FALSE},
+	{NONCE_V1,					0,	1,						FALSE,	FALSE},
+	{VENDOR_ID_V1,				0,	MAX_VID_PAYLOADS,		FALSE,	FALSE},
+	{ID_V1,						0,	1,						FALSE,	FALSE},
+	{CERTIFICATE_V1,			0,	1,						FALSE,	FALSE},
+	{SIGNATURE_V1,				0,	1,						FALSE,	FALSE},
+	{HASH_V1,					0,	1,						FALSE,	FALSE},
+};
+
+/**
+ * payload order for AGGRESSIVE from initiator.
+ */
+static payload_order_t aggressive_i_order[] = {
+/*	payload type				notify type */
+	{SECURITY_ASSOCIATION_V1,	0},
+	{KEY_EXCHANGE_V1,			0},
+	{NONCE_V1,					0},
+	{ID_V1,						0},
+	{CERTIFICATE_V1,			0},
+	{SIGNATURE_V1,				0},
+	{HASH_V1,					0},
+	{NOTIFICATION_V1,			0},
+	{VENDOR_ID_V1,				0},
+};
+
+/**
+ * Message rule for AGGRESSIVE from responder.
+ */
+static payload_rule_t aggressive_r_rules[] = {
+/*	payload type				min	max						encr	suff */
+	{NOTIFICATION_V1,			0,	MAX_NOTIFY_PAYLOADS,	FALSE,	FALSE},
+	{SECURITY_ASSOCIATION_V1,	0,	1,						FALSE,	FALSE},
+	{KEY_EXCHANGE_V1,			0,	1,						FALSE,	FALSE},
+	{NONCE_V1,					0,	1,						FALSE,	FALSE},
+	{VENDOR_ID_V1,				0,	MAX_VID_PAYLOADS,		FALSE,	FALSE},
+	{ID_V1,						0,	1,						FALSE,	FALSE},
+	{CERTIFICATE_V1,			0,	1,						FALSE,	FALSE},
+	{SIGNATURE_V1,				0,	1,						FALSE,	FALSE},
+	{HASH_V1,					0,	1,						FALSE,	FALSE},
+};
+
+/**
+ * payload order for AGGRESSIVE from responder.
+ */
+static payload_order_t aggressive_r_order[] = {
+/*	payload type				notify type */
+	{SECURITY_ASSOCIATION_V1,	0},
+	{KEY_EXCHANGE_V1,			0},
+	{NONCE_V1,					0},
+	{ID_V1,						0},
+	{CERTIFICATE_V1,			0},
+	{SIGNATURE_V1,				0},
+	{HASH_V1,					0},
+	{NOTIFICATION_V1,			0},
+	{VENDOR_ID_V1,				0},
+};
 #endif /* USE_IKEV1 */
 
 /**
@@ -535,6 +599,14 @@ static message_rule_t message_rules[] = {
 		countof(id_prot_r_rules), id_prot_r_rules,
 		countof(id_prot_r_order), id_prot_r_order,
 	},
+	{AGGRESSIVE,		TRUE,	FALSE,
+		countof(aggressive_i_rules), aggressive_i_rules,
+		countof(aggressive_i_order), aggressive_i_order,
+	},
+	{AGGRESSIVE,		FALSE,	FALSE,
+		countof(aggressive_r_rules), aggressive_r_rules,
+		countof(aggressive_r_order), aggressive_r_order,
+	},
 	/* TODO-IKEv1: define rules for other exchanges */
 #endif /* USE_IKEV1 */
 };