diff options
Diffstat (limited to 'src/libcharon/config')
| -rw-r--r-- | src/libcharon/config/backend_manager.c | 8 | ||||
| -rw-r--r-- | src/libcharon/config/child_cfg.h | 4 | ||||
| -rw-r--r-- | src/libcharon/config/ike_cfg.c | 20 | ||||
| -rw-r--r-- | src/libcharon/config/peer_cfg.c | 288 | ||||
| -rw-r--r-- | src/libcharon/config/peer_cfg.h | 15 | ||||
| -rw-r--r-- | src/libcharon/config/proposal.c | 5 | ||||
| -rw-r--r-- | src/libcharon/config/proposal.h | 8 |
7 files changed, 155 insertions, 193 deletions
diff --git a/src/libcharon/config/backend_manager.c b/src/libcharon/config/backend_manager.c index e78cb702d..a93457ea4 100644 --- a/src/libcharon/config/backend_manager.c +++ b/src/libcharon/config/backend_manager.c @@ -351,10 +351,18 @@ METHOD(backend_manager_t, create_peer_cfg_enumerator, enumerator_t*, id_match_t match_peer_me, match_peer_other; ike_cfg_match_t match_ike; match_entry_t *entry; + chunk_t data; match_peer_me = get_peer_match(my_id, cfg, TRUE); + data = my_id->get_encoding(my_id); + DBG3(DBG_CFG, "match_peer_me: %d (%N -> %#B)", match_peer_me, + id_type_names, my_id->get_type(my_id), &data); match_peer_other = get_peer_match(other_id, cfg, FALSE); + data = other_id->get_encoding(other_id); + DBG3(DBG_CFG, "match_peer_other: %d (%N -> %#B)", match_peer_other, + id_type_names, other_id->get_type(other_id), &data); match_ike = get_ike_match(cfg->get_ike_cfg(cfg), me, other); + DBG3(DBG_CFG, "match_ike: %d (%H %H)", match_ike, me, other); if (match_peer_me && match_peer_other && match_ike) { diff --git a/src/libcharon/config/child_cfg.h b/src/libcharon/config/child_cfg.h index 175ced76c..370ff9d58 100644 --- a/src/libcharon/config/child_cfg.h +++ b/src/libcharon/config/child_cfg.h @@ -73,7 +73,7 @@ struct child_cfg_t { * Add a proposal to the list. * * The proposals are stored by priority, first added - * is the most prefered. + * is the most preferred. * After add, proposal is owned by child_cfg. * * @param proposal proposal to add @@ -95,7 +95,7 @@ struct child_cfg_t { * * Returned propsal is newly created and must be destroyed after usage. * - * @param proposals list from from wich proposals are selected + * @param proposals list from which proposals are selected * @param strip_dh TRUE strip out diffie hellman groups * @param private accept algorithms from a private range * @return selected proposal, or NULL if nothing matches diff --git a/src/libcharon/config/ike_cfg.c b/src/libcharon/config/ike_cfg.c index 89dcd8022..342b9ddbe 100644 --- a/src/libcharon/config/ike_cfg.c +++ b/src/libcharon/config/ike_cfg.c @@ -138,26 +138,26 @@ METHOD(ike_cfg_t, get_proposals, linked_list_t*, METHOD(ike_cfg_t, select_proposal, proposal_t*, private_ike_cfg_t *this, linked_list_t *proposals, bool private) { - iterator_t *stored_iter, *supplied_iter; + enumerator_t *stored_enum, *supplied_enum; proposal_t *stored, *supplied, *selected; - stored_iter = this->proposals->create_iterator(this->proposals, TRUE); - supplied_iter = proposals->create_iterator(proposals, TRUE); + stored_enum = this->proposals->create_enumerator(this->proposals); + supplied_enum = proposals->create_enumerator(proposals); /* compare all stored proposals with all supplied. Stored ones are preferred.*/ - while (stored_iter->iterate(stored_iter, (void**)&stored)) + while (stored_enum->enumerate(stored_enum, (void**)&stored)) { - supplied_iter->reset(supplied_iter); + proposals->reset_enumerator(proposals, supplied_enum); - while (supplied_iter->iterate(supplied_iter, (void**)&supplied)) + while (supplied_enum->enumerate(supplied_enum, (void**)&supplied)) { selected = stored->select(stored, supplied, private); if (selected) { /* they match, return */ - stored_iter->destroy(stored_iter); - supplied_iter->destroy(supplied_iter); + stored_enum->destroy(stored_enum); + supplied_enum->destroy(supplied_enum); DBG2(DBG_CFG, "received proposals: %#P", proposals); DBG2(DBG_CFG, "configured proposals: %#P", this->proposals); DBG2(DBG_CFG, "selected proposal: %P", selected); @@ -166,8 +166,8 @@ METHOD(ike_cfg_t, select_proposal, proposal_t*, } } /* no proposal match :-(, will result in a NO_PROPOSAL_CHOSEN... */ - stored_iter->destroy(stored_iter); - supplied_iter->destroy(supplied_iter); + stored_enum->destroy(stored_enum); + supplied_enum->destroy(supplied_enum); DBG1(DBG_CFG, "received proposals: %#P", proposals); DBG1(DBG_CFG, "configured proposals: %#P", this->proposals); diff --git a/src/libcharon/config/peer_cfg.c b/src/libcharon/config/peer_cfg.c index 6f0c87279..c623cbc9b 100644 --- a/src/libcharon/config/peer_cfg.c +++ b/src/libcharon/config/peer_cfg.c @@ -110,7 +110,7 @@ struct private_peer_cfg_t { u_int32_t reauth_time; /** - * Time, which specifies the range of a random value substracted from above. + * Time, which specifies the range of a random value subtracted from above. */ u_int32_t jitter_time; @@ -163,34 +163,26 @@ struct private_peer_cfg_t { #endif /* ME */ }; -/** - * Implementation of peer_cfg_t.get_name - */ -static char *get_name(private_peer_cfg_t *this) +METHOD(peer_cfg_t, get_name, char*, + private_peer_cfg_t *this) { return this->name; } -/** - * Implementation of peer_cfg_t.get_ike_version - */ -static u_int get_ike_version(private_peer_cfg_t *this) +METHOD(peer_cfg_t, get_ike_version, u_int, + private_peer_cfg_t *this) { return this->ike_version; } -/** - * Implementation of peer_cfg_t.get_ike_cfg - */ -static ike_cfg_t* get_ike_cfg(private_peer_cfg_t *this) +METHOD(peer_cfg_t, get_ike_cfg, ike_cfg_t*, + private_peer_cfg_t *this) { return this->ike_cfg; } -/** - * Implementation of peer_cfg_t.add_child_cfg. - */ -static void add_child_cfg(private_peer_cfg_t *this, child_cfg_t *child_cfg) +METHOD(peer_cfg_t, add_child_cfg, void, + private_peer_cfg_t *this, child_cfg_t *child_cfg) { this->mutex->lock(this->mutex); this->child_cfgs->insert_last(this->child_cfgs, child_cfg); @@ -206,44 +198,39 @@ typedef struct { mutex_t *mutex; } child_cfg_enumerator_t; -/** - * Implementation of peer_cfg_t.remove_child_cfg. - */ -static void remove_child_cfg(private_peer_cfg_t *this, - child_cfg_enumerator_t *enumerator) +METHOD(peer_cfg_t, remove_child_cfg, void, + private_peer_cfg_t *this, child_cfg_enumerator_t *enumerator) { this->child_cfgs->remove_at(this->child_cfgs, enumerator->wrapped); } -/** - * Implementation of child_cfg_enumerator_t.destroy - */ -static void child_cfg_enumerator_destroy(child_cfg_enumerator_t *this) +METHOD(enumerator_t, child_cfg_enumerator_destroy, void, + child_cfg_enumerator_t *this) { this->mutex->unlock(this->mutex); this->wrapped->destroy(this->wrapped); free(this); } -/** - * Implementation of child_cfg_enumerator_t.enumerate - */ -static bool child_cfg_enumerate(child_cfg_enumerator_t *this, child_cfg_t **chd) +METHOD(enumerator_t, child_cfg_enumerate, bool, + child_cfg_enumerator_t *this, child_cfg_t **chd) { return this->wrapped->enumerate(this->wrapped, chd); } -/** - * Implementation of peer_cfg_t.create_child_cfg_enumerator. - */ -static enumerator_t* create_child_cfg_enumerator(private_peer_cfg_t *this) +METHOD(peer_cfg_t, create_child_cfg_enumerator, enumerator_t*, + private_peer_cfg_t *this) { - child_cfg_enumerator_t *enumerator = malloc_thing(child_cfg_enumerator_t); + child_cfg_enumerator_t *enumerator; - enumerator->public.enumerate = (void*)child_cfg_enumerate; - enumerator->public.destroy = (void*)child_cfg_enumerator_destroy; - enumerator->mutex = this->mutex; - enumerator->wrapped = this->child_cfgs->create_enumerator(this->child_cfgs); + INIT(enumerator, + .public = { + .enumerate = (void*)_child_cfg_enumerate, + .destroy = (void*)_child_cfg_enumerator_destroy, + }, + .mutex = this->mutex, + .wrapped = this->child_cfgs->create_enumerator(this->child_cfgs), + ); this->mutex->lock(this->mutex); return &enumerator->public; @@ -292,13 +279,9 @@ static int get_ts_match(child_cfg_t *cfg, bool local, return match; } -/** - * Implementation of peer_cfg_t.select_child_cfg - */ -static child_cfg_t* select_child_cfg(private_peer_cfg_t *this, - linked_list_t *my_ts, - linked_list_t *other_ts, - host_t *my_host, host_t *other_host) +METHOD(peer_cfg_t, select_child_cfg, child_cfg_t*, + private_peer_cfg_t *this, linked_list_t *my_ts, linked_list_t *other_ts, + host_t *my_host, host_t *other_host) { child_cfg_t *current, *found = NULL; enumerator_t *enumerator; @@ -334,34 +317,26 @@ static child_cfg_t* select_child_cfg(private_peer_cfg_t *this, return found; } -/** - * Implementation of peer_cfg_t.get_cert_policy. - */ -static cert_policy_t get_cert_policy(private_peer_cfg_t *this) +METHOD(peer_cfg_t, get_cert_policy, cert_policy_t, + private_peer_cfg_t *this) { return this->cert_policy; } -/** - * Implementation of peer_cfg_t.get_unique_policy. - */ -static unique_policy_t get_unique_policy(private_peer_cfg_t *this) +METHOD(peer_cfg_t, get_unique_policy, unique_policy_t, + private_peer_cfg_t *this) { return this->unique; } -/** - * Implementation of peer_cfg_t.get_keyingtries. - */ -static u_int32_t get_keyingtries(private_peer_cfg_t *this) +METHOD(peer_cfg_t, get_keyingtries, u_int32_t, + private_peer_cfg_t *this) { return this->keyingtries; } -/** - * Implementation of peer_cfg_t.get_rekey_time. - */ -static u_int32_t get_rekey_time(private_peer_cfg_t *this) +METHOD(peer_cfg_t, get_rekey_time, u_int32_t, + private_peer_cfg_t *this) { if (this->rekey_time == 0) { @@ -374,10 +349,8 @@ static u_int32_t get_rekey_time(private_peer_cfg_t *this) return this->rekey_time - (random() % this->jitter_time); } -/** - * Implementation of peer_cfg_t.get_reauth_time. - */ -static u_int32_t get_reauth_time(private_peer_cfg_t *this) +METHOD(peer_cfg_t, get_reauth_time, u_int32_t, + private_peer_cfg_t *this) { if (this->reauth_time == 0) { @@ -390,51 +363,38 @@ static u_int32_t get_reauth_time(private_peer_cfg_t *this) return this->reauth_time - (random() % this->jitter_time); } -/** - * Implementation of peer_cfg_t.get_over_time. - */ -static u_int32_t get_over_time(private_peer_cfg_t *this) +METHOD(peer_cfg_t, get_over_time, u_int32_t, + private_peer_cfg_t *this) { return this->over_time; } -/** - * Implementation of peer_cfg_t.use_mobike. - */ -static bool use_mobike(private_peer_cfg_t *this) +METHOD(peer_cfg_t, use_mobike, bool, + private_peer_cfg_t *this) { return this->use_mobike; } -/** - * Implements peer_cfg_t.get_dpd - */ -static u_int32_t get_dpd(private_peer_cfg_t *this) +METHOD(peer_cfg_t, get_dpd, u_int32_t, + private_peer_cfg_t *this) { return this->dpd; } -/** - * Implementation of peer_cfg_t.get_virtual_ip. - */ -static host_t* get_virtual_ip(private_peer_cfg_t *this) +METHOD(peer_cfg_t, get_virtual_ip, host_t*, + private_peer_cfg_t *this) { return this->virtual_ip; } -/** - * Implementation of peer_cfg_t.get_pool. - */ -static char* get_pool(private_peer_cfg_t *this) +METHOD(peer_cfg_t, get_pool, char*, + private_peer_cfg_t *this) { return this->pool; } -/** - * Implementation of peer_cfg_t.add_auth_cfg - */ -static void add_auth_cfg(private_peer_cfg_t *this, - auth_cfg_t *cfg, bool local) +METHOD(peer_cfg_t, add_auth_cfg, void, + private_peer_cfg_t *this, auth_cfg_t *cfg, bool local) { if (local) { @@ -446,11 +406,8 @@ static void add_auth_cfg(private_peer_cfg_t *this, } } -/** - * Implementation of peer_cfg_t.create_auth_cfg_enumerator - */ -static enumerator_t* create_auth_cfg_enumerator(private_peer_cfg_t *this, - bool local) +METHOD(peer_cfg_t, create_auth_cfg_enumerator, enumerator_t*, + private_peer_cfg_t *this, bool local) { if (local) { @@ -460,26 +417,20 @@ static enumerator_t* create_auth_cfg_enumerator(private_peer_cfg_t *this, } #ifdef ME -/** - * Implementation of peer_cfg_t.is_mediation. - */ -static bool is_mediation(private_peer_cfg_t *this) +METHOD(peer_cfg_t, is_mediation, bool, + private_peer_cfg_t *this) { return this->mediation; } -/** - * Implementation of peer_cfg_t.get_mediated_by. - */ -static peer_cfg_t* get_mediated_by(private_peer_cfg_t *this) +METHOD(peer_cfg_t, get_mediated_by, peer_cfg_t*, + private_peer_cfg_t *this) { return this->mediated_by; } -/** - * Implementation of peer_cfg_t.get_peer_id. - */ -static identification_t* get_peer_id(private_peer_cfg_t *this) +METHOD(peer_cfg_t, get_peer_id, identification_t*, + private_peer_cfg_t *this) { return this->peer_id; } @@ -539,10 +490,8 @@ static bool auth_cfg_equal(private_peer_cfg_t *this, private_peer_cfg_t *other) return equal; } -/** - * Implementation of peer_cfg_t.equals. - */ -static bool equals(private_peer_cfg_t *this, private_peer_cfg_t *other) +METHOD(peer_cfg_t, equals, bool, + private_peer_cfg_t *this, private_peer_cfg_t *other) { if (this == other) { @@ -580,19 +529,15 @@ static bool equals(private_peer_cfg_t *this, private_peer_cfg_t *other) ); } -/** - * Implements peer_cfg_t.get_ref. - */ -static peer_cfg_t* get_ref(private_peer_cfg_t *this) +METHOD(peer_cfg_t, get_ref, peer_cfg_t*, + private_peer_cfg_t *this) { ref_get(&this->refcount); return &this->public; } -/** - * Implements peer_cfg_t.destroy. - */ -static void destroy(private_peer_cfg_t *this) +METHOD(peer_cfg_t, destroy, void, + private_peer_cfg_t *this) { if (ref_put(&this->refcount)) { @@ -627,48 +572,8 @@ peer_cfg_t *peer_cfg_create(char *name, u_int ike_version, ike_cfg_t *ike_cfg, bool mediation, peer_cfg_t *mediated_by, identification_t *peer_id) { - private_peer_cfg_t *this = malloc_thing(private_peer_cfg_t); - - /* public functions */ - this->public.get_name = (char* (*) (peer_cfg_t *))get_name; - this->public.get_ike_version = (u_int(*) (peer_cfg_t *))get_ike_version; - this->public.get_ike_cfg = (ike_cfg_t* (*) (peer_cfg_t *))get_ike_cfg; - this->public.add_child_cfg = (void (*) (peer_cfg_t *, child_cfg_t*))add_child_cfg; - this->public.remove_child_cfg = (void(*)(peer_cfg_t*, enumerator_t*))remove_child_cfg; - this->public.create_child_cfg_enumerator = (enumerator_t* (*) (peer_cfg_t *))create_child_cfg_enumerator; - this->public.select_child_cfg = (child_cfg_t* (*) (peer_cfg_t *,linked_list_t*,linked_list_t*,host_t*,host_t*))select_child_cfg; - this->public.get_cert_policy = (cert_policy_t (*) (peer_cfg_t *))get_cert_policy; - this->public.get_unique_policy = (unique_policy_t (*) (peer_cfg_t *))get_unique_policy; - this->public.get_keyingtries = (u_int32_t (*) (peer_cfg_t *))get_keyingtries; - this->public.get_rekey_time = (u_int32_t(*)(peer_cfg_t*))get_rekey_time; - this->public.get_reauth_time = (u_int32_t(*)(peer_cfg_t*))get_reauth_time; - this->public.get_over_time = (u_int32_t(*)(peer_cfg_t*))get_over_time; - this->public.use_mobike = (bool (*) (peer_cfg_t *))use_mobike; - this->public.get_dpd = (u_int32_t (*) (peer_cfg_t *))get_dpd; - this->public.get_virtual_ip = (host_t* (*) (peer_cfg_t *))get_virtual_ip; - this->public.get_pool = (char*(*)(peer_cfg_t*))get_pool; - this->public.add_auth_cfg = (void(*)(peer_cfg_t*, auth_cfg_t *cfg, bool local))add_auth_cfg; - this->public.create_auth_cfg_enumerator = (enumerator_t*(*)(peer_cfg_t*, bool local))create_auth_cfg_enumerator; - this->public.equals = (bool(*)(peer_cfg_t*, peer_cfg_t *other))equals; - this->public.get_ref = (peer_cfg_t*(*)(peer_cfg_t *))get_ref; - this->public.destroy = (void(*)(peer_cfg_t *))destroy; -#ifdef ME - this->public.is_mediation = (bool (*) (peer_cfg_t *))is_mediation; - this->public.get_mediated_by = (peer_cfg_t* (*) (peer_cfg_t *))get_mediated_by; - this->public.get_peer_id = (identification_t* (*) (peer_cfg_t *))get_peer_id; -#endif /* ME */ + private_peer_cfg_t *this; - /* apply init values */ - this->name = strdup(name); - this->ike_version = ike_version; - this->ike_cfg = ike_cfg; - this->child_cfgs = linked_list_create(); - this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); - this->cert_policy = cert_policy; - this->unique = unique; - this->keyingtries = keyingtries; - this->rekey_time = rekey_time; - this->reauth_time = reauth_time; if (rekey_time && jitter_time > rekey_time) { jitter_time = rekey_time; @@ -677,15 +582,58 @@ peer_cfg_t *peer_cfg_create(char *name, u_int ike_version, ike_cfg_t *ike_cfg, { jitter_time = reauth_time; } - this->jitter_time = jitter_time; - this->over_time = over_time; - this->use_mobike = mobike; - this->dpd = dpd; - this->virtual_ip = virtual_ip; - this->pool = strdupnull(pool); - this->local_auth = linked_list_create(); - this->remote_auth = linked_list_create(); - this->refcount = 1; + + INIT(this, + .public = { + .get_name = _get_name, + .get_ike_version = _get_ike_version, + .get_ike_cfg = _get_ike_cfg, + .add_child_cfg = _add_child_cfg, + .remove_child_cfg = (void*)_remove_child_cfg, + .create_child_cfg_enumerator = _create_child_cfg_enumerator, + .select_child_cfg = _select_child_cfg, + .get_cert_policy = _get_cert_policy, + .get_unique_policy = _get_unique_policy, + .get_keyingtries = _get_keyingtries, + .get_rekey_time = _get_rekey_time, + .get_reauth_time = _get_reauth_time, + .get_over_time = _get_over_time, + .use_mobike = _use_mobike, + .get_dpd = _get_dpd, + .get_virtual_ip = _get_virtual_ip, + .get_pool = _get_pool, + .add_auth_cfg = _add_auth_cfg, + .create_auth_cfg_enumerator = _create_auth_cfg_enumerator, + .equals = (void*)_equals, + .get_ref = _get_ref, + .destroy = _destroy, +#ifdef ME + .is_mediation = _is_mediation, + .get_mediated_by = _get_mediated_by, + .get_peer_id = _get_peer_id, +#endif /* ME */ + }, + .name = strdup(name), + .ike_version = ike_version, + .ike_cfg = ike_cfg, + .child_cfgs = linked_list_create(), + .mutex = mutex_create(MUTEX_TYPE_DEFAULT), + .cert_policy = cert_policy, + .unique = unique, + .keyingtries = keyingtries, + .rekey_time = rekey_time, + .reauth_time = reauth_time, + .jitter_time = jitter_time, + .over_time = over_time, + .use_mobike = mobike, + .dpd = dpd, + .virtual_ip = virtual_ip, + .pool = strdupnull(pool), + .local_auth = linked_list_create(), + .remote_auth = linked_list_create(), + .refcount = 1, + ); + #ifdef ME this->mediation = mediation; this->mediated_by = mediated_by; diff --git a/src/libcharon/config/peer_cfg.h b/src/libcharon/config/peer_cfg.h index 723435cbb..f644fb547 100644 --- a/src/libcharon/config/peer_cfg.h +++ b/src/libcharon/config/peer_cfg.h @@ -82,8 +82,9 @@ extern enum_name_t *unique_policy_names; * Configuration of a peer, specified by IDs. * * The peer config defines a connection between two given IDs. It contains - * exactly one ike_cfg_t, which is use for initiation. Additionally, it contains - * multiple child_cfg_t defining which CHILD_SAs are allowed for this peer. + * exactly one ike_cfg_t, which is used for initiation. Additionally, it + * contains multiple child_cfg_t defining which CHILD_SAs are allowed for this + * peer. * @verbatim +-------------------+ +---------------+ +---------------+ | peer_cfg | +---------------+ | @@ -110,7 +111,7 @@ extern enum_name_t *unique_policy_names; * peer. Each config is enforced using the multiple authentication extension * (RFC4739). * The remote authentication configs are handled as constraints. The peer has - * to fullfill each of these rules (using multiple authentication, in any order) + * to fulfill each of these rules (using multiple authentication, in any order) * to gain access to the configuration. */ struct peer_cfg_t { @@ -127,7 +128,7 @@ struct peer_cfg_t { /** * Get the IKE version to use for initiating. * - * @return IKE major version + * @return IKE major version */ u_int (*get_ike_version)(peer_cfg_t *this); @@ -328,14 +329,14 @@ struct peer_cfg_t { * (rekeylifetime - random(0, jitter)). * * @param name name of the peer_cfg - * @param ike_version which IKE version we sould use for this peer + * @param ike_version which IKE version we should use for this peer * @param ike_cfg IKE config to use when acting as initiator * @param cert_policy should we send a certificate payload? * @param unique uniqueness of an IKE_SA * @param keyingtries how many keying tries should be done before giving up * @param rekey_time timeout before starting rekeying * @param reauth_time timeout before starting reauthentication - * @param jitter_time timerange to randomly substract from rekey/reauth time + * @param jitter_time timerange to randomly subtract from rekey/reauth time * @param over_time maximum overtime before closing a rekeying/reauth SA * @param mobike use MOBIKE (RFC4555) if peer supports it * @param dpd DPD check interval, 0 to disable @@ -344,7 +345,7 @@ struct peer_cfg_t { * @param mediation TRUE if this is a mediation connection * @param mediated_by peer_cfg_t of the mediation connection to mediate through * @param peer_id ID that identifies our peer at the mediation server - * @return peer_cfg_t object + * @return peer_cfg_t object */ peer_cfg_t *peer_cfg_create(char *name, u_int ike_version, ike_cfg_t *ike_cfg, cert_policy_t cert_policy, unique_policy_t unique, diff --git a/src/libcharon/config/proposal.c b/src/libcharon/config/proposal.c index 2251b82dd..d3c60a469 100644 --- a/src/libcharon/config/proposal.c +++ b/src/libcharon/config/proposal.c @@ -598,6 +598,9 @@ static status_t add_string_algo(private_proposal_t *this, chunk_t alg) case AUTH_CAMELLIA_XCBC_96: prf = PRF_CAMELLIA128_XCBC; break; + case AUTH_AES_CMAC_96: + prf = PRF_AES128_CMAC; + break; default: prf = PRF_UNDEFINED; } @@ -794,6 +797,7 @@ static void proposal_add_supported_ike(private_proposal_t *this) case AUTH_HMAC_SHA2_512_256: case AUTH_HMAC_MD5_96: case AUTH_AES_XCBC_96: + case AUTH_AES_CMAC_96: add_algorithm(this, INTEGRITY_ALGORITHM, integrity, 0); break; default: @@ -813,6 +817,7 @@ static void proposal_add_supported_ike(private_proposal_t *this) case PRF_HMAC_SHA2_512: case PRF_HMAC_MD5: case PRF_AES128_XCBC: + case PRF_AES128_CMAC: add_algorithm(this, PSEUDO_RANDOM_FUNCTION, prf, 0); break; default: diff --git a/src/libcharon/config/proposal.h b/src/libcharon/config/proposal.h index 9337518bf..8f54d7e6e 100644 --- a/src/libcharon/config/proposal.h +++ b/src/libcharon/config/proposal.h @@ -120,7 +120,7 @@ struct proposal_t { * compared. If they have at least one algorithm of each type * in common, a resulting proposal of this kind is created. * - * @param other proposal to compair agains + * @param other proposal to compare against * @param private accepts algorithms allocated in a private range * @return selected proposal, NULL if proposals don't match */ @@ -180,7 +180,7 @@ struct proposal_t { * * @param protocol protocol, such as PROTO_ESP * @param number proposal number, as encoded in SA payload - * @return proposal_t object + * @return proposal_t object */ proposal_t *proposal_create(protocol_id_t protocol, u_int number); @@ -188,7 +188,7 @@ proposal_t *proposal_create(protocol_id_t protocol, u_int number); * Create a default proposal if nothing further specified. * * @param protocol protocol, such as PROTO_ESP - * @return proposal_t object + * @return proposal_t object */ proposal_t *proposal_create_default(protocol_id_t protocol); @@ -203,7 +203,7 @@ proposal_t *proposal_create_default(protocol_id_t protocol); * * @param protocol protocol, such as PROTO_ESP * @param algs algorithms as string - * @return proposal_t object + * @return proposal_t object */ proposal_t *proposal_create_from_string(protocol_id_t protocol, const char *algs); |