Imported Upstream version 5.2.0

author: Yves-Alexis Perez <corsac@debian.org> 2014-07-11 07:23:31 +0200
committer: Yves-Alexis Perez <corsac@debian.org> 2014-07-11 07:23:31 +0200
commit: 81c63b0eed39432878f78727f60a1e7499645199 (patch)
tree: 82387d8fecd1c20788fd8bd784a9b0bde091fb6b /src/libcharon/config/proposal.c
parent: c5ebfc7b9c16551fe825dc1d79c3f7e2f096f6c9 (diff)
download: vyos-strongswan-81c63b0eed39432878f78727f60a1e7499645199.tar.gz
vyos-strongswan-81c63b0eed39432878f78727f60a1e7499645199.zip
1 files changed, 109 insertions, 61 deletions
diff --git a/src/libcharon/config/proposal.c b/src/libcharon/config/proposal.c
index 2ecdb4f2e..4d881cd2f 100644
--- a/src/libcharon/config/proposal.c
+++ b/src/libcharon/config/proposal.c
@@ -627,7 +627,7 @@ proposal_t *proposal_create(protocol_id_t protocol, u_int number)
 /**
  * Add supported IKE algorithms to proposal
  */
-static void proposal_add_supported_ike(private_proposal_t *this)
+static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
 {
 	enumerator_t *enumerator;
 	encryption_algorithm_t encryption;
@@ -636,76 +636,91 @@ static void proposal_add_supported_ike(private_proposal_t *this)
 	diffie_hellman_group_t group;
 	const char *plugin_name;
 
-	enumerator = lib->crypto->create_crypter_enumerator(lib->crypto);
-	while (enumerator->enumerate(enumerator, &encryption, &plugin_name))
+	if (aead)
 	{
-		switch (encryption)
+		enumerator = lib->crypto->create_aead_enumerator(lib->crypto);
+		while (enumerator->enumerate(enumerator, &encryption, &plugin_name))
 		{
-			case ENCR_AES_CBC:
-			case ENCR_AES_CTR:
-			case ENCR_CAMELLIA_CBC:
-			case ENCR_CAMELLIA_CTR:
-				/* we assume that we support all AES/Camellia sizes */
-				add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 128);
-				add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 192);
-				add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 256);
-				break;
-			case ENCR_3DES:
-				add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 0);
-				break;
-			case ENCR_DES:
-				/* no, thanks */
-				break;
-			default:
-				break;
+			switch (encryption)
+			{
+				case ENCR_AES_CCM_ICV8:
+				case ENCR_AES_CCM_ICV12:
+				case ENCR_AES_CCM_ICV16:
+				case ENCR_AES_GCM_ICV8:
+				case ENCR_AES_GCM_ICV12:
+				case ENCR_AES_GCM_ICV16:
+				case ENCR_CAMELLIA_CCM_ICV8:
+				case ENCR_CAMELLIA_CCM_ICV12:
+				case ENCR_CAMELLIA_CCM_ICV16:
+					/* we assume that we support all AES/Camellia sizes */
+					add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 128);
+					add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 192);
+					add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 256);
+					break;
+				default:
+					break;
+			}
 		}
-	}
-	enumerator->destroy(enumerator);
+		enumerator->destroy(enumerator);
 
-	enumerator = lib->crypto->create_aead_enumerator(lib->crypto);
-	while (enumerator->enumerate(enumerator, &encryption, &plugin_name))
-	{
-		switch (encryption)
+		if (!array_count(this->transforms))
 		{
-			case ENCR_AES_CCM_ICV8:
-			case ENCR_AES_CCM_ICV12:
-			case ENCR_AES_CCM_ICV16:
-			case ENCR_AES_GCM_ICV8:
-			case ENCR_AES_GCM_ICV12:
-			case ENCR_AES_GCM_ICV16:
-			case ENCR_CAMELLIA_CCM_ICV8:
-			case ENCR_CAMELLIA_CCM_ICV12:
-			case ENCR_CAMELLIA_CCM_ICV16:
-				/* we assume that we support all AES/Camellia sizes */
-				add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 128);
-				add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 192);
-				add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 256);
-				break;
-			default:
-				break;
+			return FALSE;
 		}
 	}
-	enumerator->destroy(enumerator);
-
-	enumerator = lib->crypto->create_signer_enumerator(lib->crypto);
-	while (enumerator->enumerate(enumerator, &integrity, &plugin_name))
+	else
 	{
-		switch (integrity)
+		enumerator = lib->crypto->create_crypter_enumerator(lib->crypto);
+		while (enumerator->enumerate(enumerator, &encryption, &plugin_name))
 		{
-			case AUTH_HMAC_SHA1_96:
-			case AUTH_HMAC_SHA2_256_128:
-			case AUTH_HMAC_SHA2_384_192:
-			case AUTH_HMAC_SHA2_512_256:
-			case AUTH_HMAC_MD5_96:
-			case AUTH_AES_XCBC_96:
-			case AUTH_AES_CMAC_96:
-				add_algorithm(this, INTEGRITY_ALGORITHM, integrity, 0);
-				break;
-			default:
-				break;
+			switch (encryption)
+			{
+				case ENCR_AES_CBC:
+				case ENCR_AES_CTR:
+				case ENCR_CAMELLIA_CBC:
+				case ENCR_CAMELLIA_CTR:
+					/* we assume that we support all AES/Camellia sizes */
+					add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 128);
+					add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 192);
+					add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 256);
+					break;
+				case ENCR_3DES:
+					add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 0);
+					break;
+				case ENCR_DES:
+					/* no, thanks */
+					break;
+				default:
+					break;
+			}
 		}
+		enumerator->destroy(enumerator);
+
+		if (!array_count(this->transforms))
+		{
+			return FALSE;
+		}
+
+		enumerator = lib->crypto->create_signer_enumerator(lib->crypto);
+		while (enumerator->enumerate(enumerator, &integrity, &plugin_name))
+		{
+			switch (integrity)
+			{
+				case AUTH_HMAC_SHA1_96:
+				case AUTH_HMAC_SHA2_256_128:
+				case AUTH_HMAC_SHA2_384_192:
+				case AUTH_HMAC_SHA2_512_256:
+				case AUTH_HMAC_MD5_96:
+				case AUTH_AES_XCBC_96:
+				case AUTH_AES_CMAC_96:
+					add_algorithm(this, INTEGRITY_ALGORITHM, integrity, 0);
+					break;
+				default:
+					break;
+			}
+		}
+		enumerator->destroy(enumerator);
 	}
-	enumerator->destroy(enumerator);
 
 	enumerator = lib->crypto->create_prf_enumerator(lib->crypto);
 	while (enumerator->enumerate(enumerator, &prf, &plugin_name))
@@ -767,6 +782,8 @@ static void proposal_add_supported_ike(private_proposal_t *this)
 		}
 	}
 	enumerator->destroy(enumerator);
+
+	return TRUE;
 }
 
 /*
@@ -779,7 +796,11 @@ proposal_t *proposal_create_default(protocol_id_t protocol)
 	switch (protocol)
 	{
 		case PROTO_IKE:
-			proposal_add_supported_ike(this);
+			if (!proposal_add_supported_ike(this, FALSE))
+			{
+				destroy(this);
+				return NULL;
+			}
 			break;
 		case PROTO_ESP:
 			add_algorithm(this, ENCRYPTION_ALGORITHM,   ENCR_AES_CBC,         128);
@@ -807,6 +828,33 @@ proposal_t *proposal_create_default(protocol_id_t protocol)
 /*
  * Describtion in header-file
  */
+proposal_t *proposal_create_default_aead(protocol_id_t protocol)
+{
+	private_proposal_t *this;
+
+	switch (protocol)
+	{
+		case PROTO_IKE:
+			this = (private_proposal_t*)proposal_create(protocol, 0);
+			if (!proposal_add_supported_ike(this, TRUE))
+			{
+				destroy(this);
+				return NULL;
+			}
+			return &this->public;
+		case PROTO_ESP:
+			/* we currently don't include any AEAD proposal for ESP, as we
+			 * don't know if our kernel backend actually supports it. */
+			return NULL;
+		case PROTO_AH:
+		default:
+			return NULL;
+	}
+}
+
+/*
+ * Describtion in header-file
+ */
 proposal_t *proposal_create_from_string(protocol_id_t protocol, const char *algs)
 {
 	private_proposal_t *this;
author	Yves-Alexis Perez <corsac@debian.org>	2014-07-11 07:23:31 +0200
committer	Yves-Alexis Perez <corsac@debian.org>	2014-07-11 07:23:31 +0200
commit	81c63b0eed39432878f78727f60a1e7499645199 (patch)
tree	82387d8fecd1c20788fd8bd784a9b0bde091fb6b /src/libcharon/config/proposal.c
parent	c5ebfc7b9c16551fe825dc1d79c3f7e2f096f6c9 (diff)
download	vyos-strongswan-81c63b0eed39432878f78727f60a1e7499645199.tar.gz vyos-strongswan-81c63b0eed39432878f78727f60a1e7499645199.zip