summaryrefslogtreecommitdiff
path: root/src/libcharon/config
diff options
context:
space:
mode:
Diffstat (limited to 'src/libcharon/config')
-rw-r--r--src/libcharon/config/child_cfg.c54
-rw-r--r--src/libcharon/config/child_cfg.h10
-rw-r--r--src/libcharon/config/ike_cfg.c24
-rw-r--r--src/libcharon/config/peer_cfg.c157
-rw-r--r--src/libcharon/config/peer_cfg.h16
-rw-r--r--src/libcharon/config/proposal.c180
6 files changed, 341 insertions, 100 deletions
diff --git a/src/libcharon/config/child_cfg.c b/src/libcharon/config/child_cfg.c
index ed7c0d406..3d3c7419b 100644
--- a/src/libcharon/config/child_cfg.c
+++ b/src/libcharon/config/child_cfg.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2008-2009 Tobias Brunner
+ * Copyright (C) 2008-2015 Tobias Brunner
* Copyright (C) 2005-2007 Martin Willi
* Copyright (C) 2005 Jan Hutter
* Hochschule fuer Technik Rapperswil
@@ -531,6 +531,57 @@ METHOD(child_cfg_t, install_policy, bool,
return this->install_policy;
}
+#define LT_PART_EQUALS(a, b) ({ a.life == b.life && a.rekey == b.rekey && a.jitter == b.jitter; })
+#define LIFETIME_EQUALS(a, b) ({ LT_PART_EQUALS(a.time, b.time) && LT_PART_EQUALS(a.bytes, b.bytes) && LT_PART_EQUALS(a.packets, b.packets); })
+
+METHOD(child_cfg_t, equals, bool,
+ private_child_cfg_t *this, child_cfg_t *other_pub)
+{
+ private_child_cfg_t *other = (private_child_cfg_t*)other_pub;
+
+ if (this == other)
+ {
+ return TRUE;
+ }
+ if (this->public.equals != other->public.equals)
+ {
+ return FALSE;
+ }
+ if (!this->proposals->equals_offset(this->proposals, other->proposals,
+ offsetof(proposal_t, equals)))
+ {
+ return FALSE;
+ }
+ if (!this->my_ts->equals_offset(this->my_ts, other->my_ts,
+ offsetof(traffic_selector_t, equals)))
+ {
+ return FALSE;
+ }
+ if (!this->other_ts->equals_offset(this->other_ts, other->other_ts,
+ offsetof(traffic_selector_t, equals)))
+ {
+ return FALSE;
+ }
+ return this->hostaccess == other->hostaccess &&
+ this->mode == other->mode &&
+ this->start_action == other->start_action &&
+ this->dpd_action == other->dpd_action &&
+ this->close_action == other->close_action &&
+ LIFETIME_EQUALS(this->lifetime, other->lifetime) &&
+ this->use_ipcomp == other->use_ipcomp &&
+ this->inactivity == other->inactivity &&
+ this->reqid == other->reqid &&
+ this->mark_in.value == other->mark_in.value &&
+ this->mark_in.mask == other->mark_in.mask &&
+ this->mark_out.value == other->mark_out.value &&
+ this->mark_out.mask == other->mark_out.mask &&
+ this->tfc == other->tfc &&
+ this->replay_window == other->replay_window &&
+ this->proxy_mode == other->proxy_mode &&
+ this->install_policy == other->install_policy &&
+ streq(this->updown, other->updown);
+}
+
METHOD(child_cfg_t, get_ref, child_cfg_t*,
private_child_cfg_t *this)
{
@@ -593,6 +644,7 @@ child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime,
.set_replay_window = _set_replay_window,
.use_proxy_mode = _use_proxy_mode,
.install_policy = _install_policy,
+ .equals = _equals,
.get_ref = _get_ref,
.destroy = _destroy,
},
diff --git a/src/libcharon/config/child_cfg.h b/src/libcharon/config/child_cfg.h
index 9f7a92b70..22641f77e 100644
--- a/src/libcharon/config/child_cfg.h
+++ b/src/libcharon/config/child_cfg.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2008-2009 Tobias Brunner
+ * Copyright (C) 2008-2015 Tobias Brunner
* Copyright (C) 2005-2007 Martin Willi
* Copyright (C) 2005 Jan Hutter
* Hochschule fuer Technik Rapperswil
@@ -274,6 +274,14 @@ struct child_cfg_t {
bool (*install_policy)(child_cfg_t *this);
/**
+ * Check if two child_cfg objects are equal.
+ *
+ * @param other candidate to check for equality against this
+ * @return TRUE if equal
+ */
+ bool (*equals)(child_cfg_t *this, child_cfg_t *other);
+
+ /**
* Increase the reference count.
*
* @return reference to this
diff --git a/src/libcharon/config/ike_cfg.c b/src/libcharon/config/ike_cfg.c
index dee9e4c29..a720e1493 100644
--- a/src/libcharon/config/ike_cfg.c
+++ b/src/libcharon/config/ike_cfg.c
@@ -371,9 +371,6 @@ METHOD(ike_cfg_t, equals, bool,
private_ike_cfg_t *this, ike_cfg_t *other_public)
{
private_ike_cfg_t *other = (private_ike_cfg_t*)other_public;
- enumerator_t *e1, *e2;
- proposal_t *p1, *p2;
- bool eq = TRUE;
if (this == other)
{
@@ -383,25 +380,12 @@ METHOD(ike_cfg_t, equals, bool,
{
return FALSE;
}
- if (this->proposals->get_count(this->proposals) !=
- other->proposals->get_count(other->proposals))
+ if (!this->proposals->equals_offset(this->proposals, other->proposals,
+ offsetof(proposal_t, equals)))
{
return FALSE;
}
- e1 = this->proposals->create_enumerator(this->proposals);
- e2 = other->proposals->create_enumerator(other->proposals);
- while (e1->enumerate(e1, &p1) && e2->enumerate(e2, &p2))
- {
- if (!p1->equals(p1, p2))
- {
- eq = FALSE;
- break;
- }
- }
- e1->destroy(e1);
- e2->destroy(e2);
-
- return (eq &&
+ return
this->version == other->version &&
this->certreq == other->certreq &&
this->force_encap == other->force_encap &&
@@ -409,7 +393,7 @@ METHOD(ike_cfg_t, equals, bool,
streq(this->me, other->me) &&
streq(this->other, other->other) &&
this->my_port == other->my_port &&
- this->other_port == other->other_port);
+ this->other_port == other->other_port;
}
METHOD(ike_cfg_t, get_ref, ike_cfg_t*,
diff --git a/src/libcharon/config/peer_cfg.c b/src/libcharon/config/peer_cfg.c
index aa2a39ce5..d28a79507 100644
--- a/src/libcharon/config/peer_cfg.c
+++ b/src/libcharon/config/peer_cfg.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2007-2008 Tobias Brunner
+ * Copyright (C) 2007-2015 Tobias Brunner
* Copyright (C) 2005-2009 Martin Willi
* Copyright (C) 2005 Jan Hutter
* Hochschule fuer Technik Rapperswil
@@ -200,6 +200,117 @@ METHOD(peer_cfg_t, add_child_cfg, void,
this->mutex->unlock(this->mutex);
}
+typedef struct {
+ enumerator_t public;
+ linked_list_t *removed;
+ linked_list_t *added;
+ enumerator_t *wrapped;
+ bool add;
+} child_cfgs_replace_enumerator_t;
+
+METHOD(enumerator_t, child_cfgs_replace_enumerate, bool,
+ child_cfgs_replace_enumerator_t *this, child_cfg_t **chd, bool *added)
+{
+ child_cfg_t *child_cfg;
+
+ if (!this->wrapped)
+ {
+ this->wrapped = this->removed->create_enumerator(this->removed);
+ }
+ while (TRUE)
+ {
+ if (this->wrapped->enumerate(this->wrapped, &child_cfg))
+ {
+ if (chd)
+ {
+ *chd = child_cfg;
+ }
+ if (added)
+ {
+ *added = this->add;
+ }
+ return TRUE;
+ }
+ if (this->add)
+ {
+ break;
+ }
+ this->wrapped = this->added->create_enumerator(this->added);
+ this->add = TRUE;
+ }
+ return FALSE;
+}
+
+METHOD(enumerator_t, child_cfgs_replace_enumerator_destroy, void,
+ child_cfgs_replace_enumerator_t *this)
+{
+ DESTROY_IF(this->wrapped);
+ this->removed->destroy_offset(this->removed, offsetof(child_cfg_t, destroy));
+ this->added->destroy_offset(this->added, offsetof(child_cfg_t, destroy));
+ free(this);
+}
+
+METHOD(peer_cfg_t, replace_child_cfgs, enumerator_t*,
+ private_peer_cfg_t *this, peer_cfg_t *other_pub)
+{
+ private_peer_cfg_t *other = (private_peer_cfg_t*)other_pub;
+ linked_list_t *removed, *added;
+ enumerator_t *mine, *others;
+ child_cfg_t *my_cfg, *other_cfg;
+ child_cfgs_replace_enumerator_t *enumerator;
+ bool found;
+
+ removed = linked_list_create();
+
+ other->mutex->lock(other->mutex);
+ added = linked_list_create_from_enumerator(
+ other->child_cfgs->create_enumerator(other->child_cfgs));
+ added->invoke_offset(added, offsetof(child_cfg_t, get_ref));
+ other->mutex->unlock(other->mutex);
+
+ this->mutex->lock(this->mutex);
+ others = added->create_enumerator(added);
+ mine = this->child_cfgs->create_enumerator(this->child_cfgs);
+ while (mine->enumerate(mine, &my_cfg))
+ {
+ found = FALSE;
+ while (others->enumerate(others, &other_cfg))
+ {
+ if (my_cfg->equals(my_cfg, other_cfg))
+ {
+ added->remove_at(added, others);
+ other_cfg->destroy(other_cfg);
+ found = TRUE;
+ break;
+ }
+ }
+ added->reset_enumerator(added, others);
+ if (!found)
+ {
+ this->child_cfgs->remove_at(this->child_cfgs, mine);
+ removed->insert_last(removed, my_cfg);
+ }
+ }
+ while (others->enumerate(others, &other_cfg))
+ {
+ this->child_cfgs->insert_last(this->child_cfgs,
+ other_cfg->get_ref(other_cfg));
+ }
+ others->destroy(others);
+ mine->destroy(mine);
+ this->mutex->unlock(this->mutex);
+
+ INIT(enumerator,
+ .public = {
+ .enumerate = (void*)_child_cfgs_replace_enumerate,
+ .destroy = (void*)_child_cfgs_replace_enumerator_destroy,
+ },
+ .removed = removed,
+ .added = added,
+ );
+ return &enumerator->public;
+}
+
/**
* child_cfg enumerator
*/
@@ -538,10 +649,6 @@ static bool auth_cfg_equal(private_peer_cfg_t *this, private_peer_cfg_t *other)
METHOD(peer_cfg_t, equals, bool,
private_peer_cfg_t *this, private_peer_cfg_t *other)
{
- enumerator_t *e1, *e2;
- host_t *vip1, *vip2;
- char *pool1, *pool2;
-
if (this == other)
{
return TRUE;
@@ -550,44 +657,15 @@ METHOD(peer_cfg_t, equals, bool,
{
return FALSE;
}
-
- if (this->vips->get_count(this->vips) != other->vips->get_count(other->vips))
+ if (!this->vips->equals_offset(this->vips, other->vips,
+ offsetof(host_t, ip_equals)))
{
return FALSE;
}
- e1 = create_virtual_ip_enumerator(this);
- e2 = create_virtual_ip_enumerator(other);
- if (e1->enumerate(e1, &vip1) && e2->enumerate(e2, &vip2))
- {
- if (!vip1->ip_equals(vip1, vip2))
- {
- e1->destroy(e1);
- e2->destroy(e2);
- return FALSE;
- }
- }
- e1->destroy(e1);
- e2->destroy(e2);
-
- if (this->pools->get_count(this->pools) !=
- other->pools->get_count(other->pools))
+ if (!this->pools->equals_function(this->pools, other->pools, (void*)streq))
{
return FALSE;
}
- e1 = create_pool_enumerator(this);
- e2 = create_pool_enumerator(other);
- if (e1->enumerate(e1, &pool1) && e2->enumerate(e2, &pool2))
- {
- if (!streq(pool1, pool2))
- {
- e1->destroy(e1);
- e2->destroy(e2);
- return FALSE;
- }
- }
- e1->destroy(e1);
- e2->destroy(e2);
-
return (
get_ike_version(this) == get_ike_version(other) &&
this->cert_policy == other->cert_policy &&
@@ -666,6 +744,10 @@ peer_cfg_t *peer_cfg_create(char *name,
{
jitter_time = reauth_time;
}
+ if (dpd && dpd_timeout && dpd > dpd_timeout)
+ {
+ dpd_timeout = dpd;
+ }
INIT(this,
.public = {
@@ -674,6 +756,7 @@ peer_cfg_t *peer_cfg_create(char *name,
.get_ike_cfg = _get_ike_cfg,
.add_child_cfg = _add_child_cfg,
.remove_child_cfg = (void*)_remove_child_cfg,
+ .replace_child_cfgs = _replace_child_cfgs,
.create_child_cfg_enumerator = _create_child_cfg_enumerator,
.select_child_cfg = _select_child_cfg,
.get_cert_policy = _get_cert_policy,
diff --git a/src/libcharon/config/peer_cfg.h b/src/libcharon/config/peer_cfg.h
index 3e780394a..b612a2ef1 100644
--- a/src/libcharon/config/peer_cfg.h
+++ b/src/libcharon/config/peer_cfg.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2007-2008 Tobias Brunner
+ * Copyright (C) 2007-2015 Tobias Brunner
* Copyright (C) 2005-2009 Martin Willi
* Copyright (C) 2005 Jan Hutter
* Hochschule fuer Technik Rapperswil
@@ -154,6 +154,20 @@ struct peer_cfg_t {
void (*remove_child_cfg)(peer_cfg_t *this, enumerator_t *enumerator);
/**
+ * Replace the CHILD configs with those in the given PEER config.
+ *
+ * Configs that are equal are not replaced.
+ *
+ * The enumerator enumerates the removed and added CHILD configs
+ * (child_cfg_t*, bool), where the flag is FALSE for removed configs and
+ * TRUE for added configs.
+ *
+ * @param other other config to get CHILD configs from
+ * @return an enumerator over removed/added CHILD configs
+ */
+ enumerator_t* (*replace_child_cfgs)(peer_cfg_t *this, peer_cfg_t *other);
+
+ /**
* Create an enumerator for all attached CHILD configs.
*
* @return an enumerator over all CHILD configs.
diff --git a/src/libcharon/config/proposal.c b/src/libcharon/config/proposal.c
index e59dcd9ec..95b6a00ea 100644
--- a/src/libcharon/config/proposal.c
+++ b/src/libcharon/config/proposal.c
@@ -1,6 +1,7 @@
/*
* Copyright (C) 2008-2014 Tobias Brunner
* Copyright (C) 2006-2010 Martin Willi
+ * Copyright (C) 2013-2015 Andreas Steffen
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -640,20 +641,41 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
if (aead)
{
+ /* Round 1 adds algorithms with at least 128 bit security strength */
enumerator = lib->crypto->create_aead_enumerator(lib->crypto);
while (enumerator->enumerate(enumerator, &encryption, &plugin_name))
{
switch (encryption)
{
- case ENCR_AES_CCM_ICV8:
- case ENCR_AES_CCM_ICV12:
+ case ENCR_AES_GCM_ICV16:
case ENCR_AES_CCM_ICV16:
- case ENCR_AES_GCM_ICV8:
+ case ENCR_CAMELLIA_CCM_ICV16:
+ /* we assume that we support all AES/Camellia sizes */
+ add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 128);
+ add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 192);
+ add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 256);
+ break;
+ case ENCR_CHACHA20_POLY1305:
+ add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 256);
+ break;
+ default:
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ /* Round 2 adds algorithms with less than 128 bit security strength */
+ enumerator = lib->crypto->create_aead_enumerator(lib->crypto);
+ while (enumerator->enumerate(enumerator, &encryption, &plugin_name))
+ {
+ switch (encryption)
+ {
case ENCR_AES_GCM_ICV12:
- case ENCR_AES_GCM_ICV16:
- case ENCR_CAMELLIA_CCM_ICV8:
+ case ENCR_AES_GCM_ICV8:
+ case ENCR_AES_CCM_ICV12:
+ case ENCR_AES_CCM_ICV8:
case ENCR_CAMELLIA_CCM_ICV12:
- case ENCR_CAMELLIA_CCM_ICV16:
+ case ENCR_CAMELLIA_CCM_ICV8:
/* we assume that we support all AES/Camellia sizes */
add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 128);
add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 192);
@@ -672,6 +694,7 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
}
else
{
+ /* Round 1 adds algorithms with at least 128 bit security strength */
enumerator = lib->crypto->create_crypter_enumerator(lib->crypto);
while (enumerator->enumerate(enumerator, &encryption, &plugin_name))
{
@@ -686,6 +709,18 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 192);
add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 256);
break;
+ default:
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ /* Round 2 adds algorithms with less than 128 bit security strength */
+ enumerator = lib->crypto->create_crypter_enumerator(lib->crypto);
+ while (enumerator->enumerate(enumerator, &encryption, &plugin_name))
+ {
+ switch (encryption)
+ {
case ENCR_3DES:
add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 0);
break;
@@ -703,18 +738,33 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
return FALSE;
}
+ /* Round 1 adds algorithms with at least 128 bit security strength */
enumerator = lib->crypto->create_signer_enumerator(lib->crypto);
while (enumerator->enumerate(enumerator, &integrity, &plugin_name))
{
switch (integrity)
{
- case AUTH_HMAC_SHA1_96:
case AUTH_HMAC_SHA2_256_128:
case AUTH_HMAC_SHA2_384_192:
case AUTH_HMAC_SHA2_512_256:
- case AUTH_HMAC_MD5_96:
+ add_algorithm(this, INTEGRITY_ALGORITHM, integrity, 0);
+ break;
+ default:
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ /* Round 2 adds algorithms with less than 128 bit security strength */
+ enumerator = lib->crypto->create_signer_enumerator(lib->crypto);
+ while (enumerator->enumerate(enumerator, &integrity, &plugin_name))
+ {
+ switch (integrity)
+ {
case AUTH_AES_XCBC_96:
case AUTH_AES_CMAC_96:
+ case AUTH_HMAC_SHA1_96:
+ case AUTH_HMAC_MD5_96:
add_algorithm(this, INTEGRITY_ALGORITHM, integrity, 0);
break;
default:
@@ -724,16 +774,15 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
enumerator->destroy(enumerator);
}
+ /* Round 1 adds algorithms with at least 128 bit security strength */
enumerator = lib->crypto->create_prf_enumerator(lib->crypto);
while (enumerator->enumerate(enumerator, &prf, &plugin_name))
{
switch (prf)
{
- case PRF_HMAC_SHA1:
case PRF_HMAC_SHA2_256:
case PRF_HMAC_SHA2_384:
case PRF_HMAC_SHA2_512:
- case PRF_HMAC_MD5:
case PRF_AES128_XCBC:
case PRF_AES128_CMAC:
add_algorithm(this, PSEUDO_RANDOM_FUNCTION, prf, 0);
@@ -744,6 +793,63 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
}
enumerator->destroy(enumerator);
+ /* Round 2 adds algorithms with less than 128 bit security strength */
+ enumerator = lib->crypto->create_prf_enumerator(lib->crypto);
+ while (enumerator->enumerate(enumerator, &prf, &plugin_name))
+ {
+ switch (prf)
+ {
+ case PRF_HMAC_SHA1:
+ case PRF_HMAC_MD5:
+ add_algorithm(this, PSEUDO_RANDOM_FUNCTION, prf, 0);
+ break;
+ default:
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ /* Round 1 adds ECC and NTRU algorithms with at least 128 bit security strength */
+ enumerator = lib->crypto->create_dh_enumerator(lib->crypto);
+ while (enumerator->enumerate(enumerator, &group, &plugin_name))
+ {
+ switch (group)
+ {
+ case ECP_256_BIT:
+ case ECP_384_BIT:
+ case ECP_521_BIT:
+ case ECP_256_BP:
+ case ECP_384_BP:
+ case ECP_512_BP:
+ case NTRU_128_BIT:
+ case NTRU_192_BIT:
+ case NTRU_256_BIT:
+ add_algorithm(this, DIFFIE_HELLMAN_GROUP, group, 0);
+ break;
+ default:
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ /* Round 2 adds other algorithms with at least 128 bit security strength */
+ enumerator = lib->crypto->create_dh_enumerator(lib->crypto);
+ while (enumerator->enumerate(enumerator, &group, &plugin_name))
+ {
+ switch (group)
+ {
+ case MODP_3072_BIT:
+ case MODP_4096_BIT:
+ case MODP_8192_BIT:
+ add_algorithm(this, DIFFIE_HELLMAN_GROUP, group, 0);
+ break;
+ default:
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ /* Round 3 adds algorithms with less than 128 bit security strength */
enumerator = lib->crypto->create_dh_enumerator(lib->crypto);
while (enumerator->enumerate(enumerator, &group, &plugin_name))
{
@@ -755,28 +861,16 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
case MODP_768_BIT:
/* weak */
break;
- case MODP_1024_BIT:
- case MODP_1536_BIT:
case MODP_2048_BIT:
- case MODP_3072_BIT:
- case MODP_4096_BIT:
- case MODP_8192_BIT:
- case ECP_256_BIT:
- case ECP_384_BIT:
- case ECP_521_BIT:
- case MODP_1024_160:
- case MODP_2048_224:
case MODP_2048_256:
- case ECP_192_BIT:
+ case MODP_2048_224:
+ case MODP_1536_BIT:
+ case MODP_1024_BIT:
+ case MODP_1024_160:
case ECP_224_BIT:
case ECP_224_BP:
- case ECP_256_BP:
- case ECP_384_BP:
- case ECP_512_BP:
+ case ECP_192_BIT:
case NTRU_112_BIT:
- case NTRU_128_BIT:
- case NTRU_192_BIT:
- case NTRU_256_BIT:
add_algorithm(this, DIFFIE_HELLMAN_GROUP, group, 0);
break;
default:
@@ -805,21 +899,27 @@ proposal_t *proposal_create_default(protocol_id_t protocol)
}
break;
case PROTO_ESP:
- add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128);
- add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192);
- add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256);
- add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_3DES, 0);
- add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256);
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0);
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0);
- add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
+ add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128);
+ add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192);
+ add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256);
+ add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_3DES, 0);
+ add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256);
+ add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0);
+ add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0);
+ add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0);
+ add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
+ add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0);
+ add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0);
+ add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
break;
case PROTO_AH:
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0);
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0);
- add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
+ add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0);
+ add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0);
+ add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0);
+ add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
+ add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0);
+ add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0);
+ add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
break;
default:
break;