/**
* Queue a task sending a notify in an INFORMATIONAL exchange
*/
-static status_t send_notify(private_main_mode_t *this,
- notify_type_t type, chunk_t data)
+static status_t send_notify(private_main_mode_t *this, notify_type_t type)
{
notify_payload_t *notify;
ike_sa_id_t *ike_sa_id;
notify = notify_payload_create_from_protocol_and_type(NOTIFY_V1,
PROTO_IKE, type);
- notify->set_notification_data(notify, data);
ike_sa_id = this->ike_sa->get_id(this->ike_sa);
spi_i = ike_sa_id->get_initiator_spi(ike_sa_id);
spi_r = ike_sa_id->get_responder_spi(ike_sa_id);
if (!this->keymat->create_hasher(this->keymat, this->proposal))
{
- return FAILED;
+ return send_notify(this, NO_PROPOSAL_CHOSEN);
}
if (!this->proposal->get_algorithm(this->proposal,
DIFFIE_HELLMAN_GROUP, &group, NULL))
{
DBG1(DBG_IKE, "DH group selection failed");
- return FAILED;
+ return send_notify(this, NO_PROPOSAL_CHOSEN);
}
this->dh = this->keymat->keymat.create_dh(&this->keymat->keymat,
group);
if (!this->dh)
{
DBG1(DBG_IKE, "negotiated DH group not supported");
- return FAILED;
+ return send_notify(this, INVALID_KEY_INFORMATION);
}
if (!add_nonce_ke(this, &this->nonce_i, message))
{
- return FAILED;
+ return send_notify(this, INVALID_KEY_INFORMATION);
}
this->state = MM_KE;
return NEED_MORE;
if (!id)
{
DBG1(DBG_CFG, "own identity not known");
- return FAILED;
+ return send_notify(this, INVALID_ID_INFORMATION);
}
this->ike_sa->set_my_id(this->ike_sa, id->clone(id));
message) != SUCCESS)
{
DESTROY_IF(authenticator);
- return FAILED;
+ return send_notify(this, AUTHENTICATION_FAILED);
}
authenticator->destroy(authenticator);
save_auth_cfg(this, TRUE);
if (!sa_payload || !save_sa_payload(this, message))
{
DBG1(DBG_IKE, "SA payload missing or invalid");
- return FAILED;
+ return send_notify(this, INVALID_PAYLOAD_TYPE);
}
list = sa_payload->get_proposals(sa_payload);
if (!this->proposal)
{
DBG1(DBG_IKE, "no proposal found");
- return send_notify(this, NO_PROPOSAL_CHOSEN, chunk_empty);
+ return send_notify(this, NO_PROPOSAL_CHOSEN);
}
this->auth_method = sa_payload->get_auth_method(sa_payload);
if (!this->keymat->create_hasher(this->keymat, this->proposal))
{
- return FAILED;
+ return send_notify(this, INVALID_KEY_INFORMATION);
}
if (!this->proposal->get_algorithm(this->proposal,
DIFFIE_HELLMAN_GROUP, &group, NULL))
{
DBG1(DBG_IKE, "DH group selection failed");
- return FAILED;
+ return send_notify(this, INVALID_KEY_INFORMATION);
}
this->dh = lib->crypto->create_dh(lib->crypto, group);
if (!this->dh)
{
DBG1(DBG_IKE, "negotiated DH group not supported");
- return FAILED;
+ return send_notify(this, INVALID_KEY_INFORMATION);
}
if (!get_nonce_ke(this, &this->nonce_i, message))
{
- return FAILED;
+ return send_notify(this, INVALID_PAYLOAD_TYPE);
}
this->state = MM_KE;
return NEED_MORE;
if (!id_payload)
{
DBG1(DBG_IKE, "IDii payload missing");
- return FAILED;
+ return send_notify(this, INVALID_PAYLOAD_TYPE);
}
id = id_payload->get_identification(id_payload);
if (!this->peer_cfg)
{
DBG1(DBG_IKE, "no peer config found");
- return send_notify(this, AUTHENTICATION_FAILED, chunk_empty);
+ return send_notify(this, AUTHENTICATION_FAILED);
}
this->ike_sa->set_peer_cfg(this->ike_sa, this->peer_cfg);
if (!this->my_auth || !this->other_auth)
{
DBG1(DBG_IKE, "auth config missing");
- return send_notify(this, AUTHENTICATION_FAILED, chunk_empty);
+ return send_notify(this, AUTHENTICATION_FAILED);
}
authenticator = create_authenticator(this, id_payload);
message) != SUCCESS)
{
DESTROY_IF(authenticator);
- return send_notify(this, AUTHENTICATION_FAILED, chunk_empty);
+ return send_notify(this, AUTHENTICATION_FAILED);
}
authenticator->destroy(authenticator);
if (!check_constraints(this))
{
- return FAILED;
+ return send_notify(this, AUTHENTICATION_FAILED);
}
save_auth_cfg(this, FALSE);
{
if (!add_nonce_ke(this, &this->nonce_r, message))
{
- return FAILED;
+ return send_notify(this, INVALID_KEY_INFORMATION);
}
if (!derive_keys(this, this->nonce_i, this->nonce_r))
{
- return FAILED;
+ return send_notify(this, INVALID_KEY_INFORMATION);
}
return NEED_MORE;
}
if (!id)
{
DBG1(DBG_CFG, "own identity not known");
- return FAILED;
+ return send_notify(this, INVALID_ID_INFORMATION);
}
-
this->ike_sa->set_my_id(this->ike_sa, id->clone(id));
id_payload = id_payload_create_from_identification(ID_V1, id);
message) != SUCCESS)
{
DESTROY_IF(authenticator);
- return FAILED;
+ return send_notify(this, AUTHENTICATION_FAILED);
}
authenticator->destroy(authenticator);
save_auth_cfg(this, TRUE);
if (!sa_payload)
{
DBG1(DBG_IKE, "SA payload missing");
- return FAILED;
+ return send_notify(this, INVALID_PAYLOAD_TYPE);
}
list = sa_payload->get_proposals(sa_payload);
this->proposal = this->ike_cfg->select_proposal(this->ike_cfg,
if (!this->proposal)
{
DBG1(DBG_IKE, "no proposal found");
- return FAILED;
+ return send_notify(this, NO_PROPOSAL_CHOSEN);
}
lifetime = sa_payload->get_lifetime(sa_payload);
{
if (!get_nonce_ke(this, &this->nonce_r, message))
{
- return FAILED;
+ return send_notify(this, INVALID_PAYLOAD_TYPE);
}
if (!derive_keys(this, this->nonce_i, this->nonce_r))
{
- return FAILED;
+ return send_notify(this, INVALID_KEY_INFORMATION);
}
return NEED_MORE;
}
if (!id_payload)
{
DBG1(DBG_IKE, "IDir payload missing");
- return FAILED;
+ return send_notify(this, INVALID_PAYLOAD_TYPE);
}
id = id_payload->get_identification(id_payload);
if (!id->matches(id, this->other_auth->get(this->other_auth,
{
DBG1(DBG_IKE, "IDir does not match");
id->destroy(id);
- return FAILED;
+ return send_notify(this, INVALID_ID_INFORMATION);
}
this->ike_sa->set_other_id(this->ike_sa, id);
message) != SUCCESS)
{
DESTROY_IF(authenticator);
- return FAILED;
+ return send_notify(this, AUTHENTICATION_FAILED);
}
authenticator->destroy(authenticator);
if (!check_constraints(this))
{
- return FAILED;
+ return send_notify(this, AUTHENTICATION_FAILED);
}
save_auth_cfg(this, FALSE);
projects / thirdparty / strongswan.git / commitdiff
