Merge branch 'aead-proposal'
Encode default AEAD encryption algorithms to a proposal separate from non-AEAD algorithms. RFC 4306 and 5282 where less explicit, but RFC 5996 requires separate proposals for AEAD and non-AEAD algorithms. As responder we still accept both encoding variants. Fixes #573.
This commit is contained in:
Martin Willi
commit
2145f0c212
|
|
@ -187,6 +187,7 @@ static peer_cfg_t* create_peer_cfg(private_cmd_connection_t *this)
|
|||
else
|
||||
{
|
||||
ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
|
||||
ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE));
|
||||
}
|
||||
peer_cfg = peer_cfg_create("cmd", ike_cfg,
|
||||
CERT_SEND_IF_ASKED, UNIQUE_REPLACE, 1, /* keyingtries */
|
||||
|
|
@ -357,6 +358,8 @@ static child_cfg_t* create_child_cfg(private_cmd_connection_t *this,
|
|||
else
|
||||
{
|
||||
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
|
||||
child_cfg->add_proposal(child_cfg,
|
||||
proposal_create_default_aead(PROTO_ESP));
|
||||
}
|
||||
while (this->local_ts->remove_first(this->local_ts, (void**)&ts) == SUCCESS)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -532,6 +532,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
|
|||
(char*)address, IKEV2_UDP_PORT,
|
||||
FRAGMENTATION_NO, 0);
|
||||
ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
|
||||
ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE));
|
||||
peer_cfg = peer_cfg_create(priv->name, ike_cfg,
|
||||
CERT_SEND_IF_ASKED, UNIQUE_REPLACE, 1, /* keyingtries */
|
||||
36000, 0, /* rekey 10h, reauth none */
|
||||
|
|
@ -565,6 +566,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
|
|||
ACTION_NONE, ACTION_NONE, ACTION_NONE, ipcomp,
|
||||
0, 0, NULL, NULL, 0);
|
||||
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
|
||||
child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP));
|
||||
ts = traffic_selector_create_dynamic(0, 0, 65535);
|
||||
child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
|
||||
ts = traffic_selector_create_from_string(0, TS_IPV4_ADDR_RANGE,
|
||||
|
|
|
|||
|
|
@ -129,6 +129,7 @@ static ike_cfg_t *load_ike_config(private_config_t *this,
|
|||
else
|
||||
{
|
||||
ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
|
||||
ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE));
|
||||
}
|
||||
return ike_cfg;
|
||||
}
|
||||
|
|
@ -180,6 +181,8 @@ static child_cfg_t *load_child_config(private_config_t *this,
|
|||
else
|
||||
{
|
||||
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
|
||||
child_cfg->add_proposal(child_cfg,
|
||||
proposal_create_default_aead(PROTO_ESP));
|
||||
}
|
||||
|
||||
token = settings->get_str(settings, "configs.%s.%s.lts", NULL, config, child);
|
||||
|
|
|
|||
|
|
@ -530,6 +530,7 @@ static job_requeue_t initiate(private_android_service_t *this)
|
|||
this->gateway, IKEV2_UDP_PORT,
|
||||
FRAGMENTATION_NO, 0);
|
||||
ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
|
||||
ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE));
|
||||
|
||||
peer_cfg = peer_cfg_create("android", ike_cfg, CERT_SEND_IF_ASKED,
|
||||
UNIQUE_REPLACE, 0, /* keyingtries */
|
||||
|
|
|
|||
|
|
@ -87,6 +87,7 @@ static peer_cfg_t* create_peer_cfg(char *name, char *host)
|
|||
ike_cfg = ike_cfg_create(IKEV2, FALSE, FALSE, "0.0.0.0", local_port,
|
||||
host, remote_port, FRAGMENTATION_NO, 0);
|
||||
ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
|
||||
ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE));
|
||||
peer_cfg = peer_cfg_create(name, ike_cfg,
|
||||
CERT_SEND_IF_ASKED, UNIQUE_REPLACE, 1, /* keyingtries */
|
||||
36000, 0, /* rekey 10h, reauth none */
|
||||
|
|
@ -140,6 +141,7 @@ static child_cfg_t* create_child_cfg(char *name)
|
|||
"aes128gcm8-aes128gcm12-aes128gcm16-"
|
||||
"aes256gcm8-aes256gcm12-aes256gcm16"));
|
||||
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
|
||||
child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP));
|
||||
ts = traffic_selector_create_dynamic(0, 0, 65535);
|
||||
child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
|
||||
ts = traffic_selector_create_from_string(0, TS_IPV4_ADDR_RANGE,
|
||||
|
|
|
|||
|
|
@ -149,7 +149,10 @@ METHOD(child_cfg_t, get_name, char*,
|
|||
METHOD(child_cfg_t, add_proposal, void,
|
||||
private_child_cfg_t *this, proposal_t *proposal)
|
||||
{
|
||||
this->proposals->insert_last(this->proposals, proposal);
|
||||
if (proposal)
|
||||
{
|
||||
this->proposals->insert_last(this->proposals, proposal);
|
||||
}
|
||||
}
|
||||
|
||||
METHOD(child_cfg_t, get_proposals, linked_list_t*,
|
||||
|
|
|
|||
|
|
@ -73,10 +73,10 @@ struct child_cfg_t {
|
|||
* Add a proposal to the list.
|
||||
*
|
||||
* The proposals are stored by priority, first added
|
||||
* is the most preferred.
|
||||
* After add, proposal is owned by child_cfg.
|
||||
* is the most preferred. It is safe to add NULL as proposal, which has no
|
||||
* effect. After add, proposal is owned by child_cfg.
|
||||
*
|
||||
* @param proposal proposal to add
|
||||
* @param proposal proposal to add, or NULL
|
||||
*/
|
||||
void (*add_proposal) (child_cfg_t *this, proposal_t *proposal);
|
||||
|
||||
|
|
|
|||
|
|
@ -281,7 +281,10 @@ METHOD(ike_cfg_t, get_dscp, u_int8_t,
|
|||
METHOD(ike_cfg_t, add_proposal, void,
|
||||
private_ike_cfg_t *this, proposal_t *proposal)
|
||||
{
|
||||
this->proposals->insert_last(this->proposals, proposal);
|
||||
if (proposal)
|
||||
{
|
||||
this->proposals->insert_last(this->proposals, proposal);
|
||||
}
|
||||
}
|
||||
|
||||
METHOD(ike_cfg_t, get_proposals, linked_list_t*,
|
||||
|
|
|
|||
|
|
@ -148,9 +148,10 @@ struct ike_cfg_t {
|
|||
* Adds a proposal to the list.
|
||||
*
|
||||
* The first added proposal has the highest priority, the last
|
||||
* added the lowest.
|
||||
* added the lowest. It is safe to add NULL as proposal, which has no
|
||||
* effect.
|
||||
*
|
||||
* @param proposal proposal to add
|
||||
* @param proposal proposal to add, or NULL
|
||||
*/
|
||||
void (*add_proposal) (ike_cfg_t *this, proposal_t *proposal);
|
||||
|
||||
|
|
|
|||
|
|
@ -627,7 +627,7 @@ proposal_t *proposal_create(protocol_id_t protocol, u_int number)
|
|||
/**
|
||||
* Add supported IKE algorithms to proposal
|
||||
*/
|
||||
static void proposal_add_supported_ike(private_proposal_t *this)
|
||||
static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
|
||||
{
|
||||
enumerator_t *enumerator;
|
||||
encryption_algorithm_t encryption;
|
||||
|
|
@ -636,76 +636,91 @@ static void proposal_add_supported_ike(private_proposal_t *this)
|
|||
diffie_hellman_group_t group;
|
||||
const char *plugin_name;
|
||||
|
||||
enumerator = lib->crypto->create_crypter_enumerator(lib->crypto);
|
||||
while (enumerator->enumerate(enumerator, &encryption, &plugin_name))
|
||||
if (aead)
|
||||
{
|
||||
switch (encryption)
|
||||
enumerator = lib->crypto->create_aead_enumerator(lib->crypto);
|
||||
while (enumerator->enumerate(enumerator, &encryption, &plugin_name))
|
||||
{
|
||||
case ENCR_AES_CBC:
|
||||
case ENCR_AES_CTR:
|
||||
case ENCR_CAMELLIA_CBC:
|
||||
case ENCR_CAMELLIA_CTR:
|
||||
/* we assume that we support all AES/Camellia sizes */
|
||||
add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 128);
|
||||
add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 192);
|
||||
add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 256);
|
||||
break;
|
||||
case ENCR_3DES:
|
||||
add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 0);
|
||||
break;
|
||||
case ENCR_DES:
|
||||
/* no, thanks */
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
switch (encryption)
|
||||
{
|
||||
case ENCR_AES_CCM_ICV8:
|
||||
case ENCR_AES_CCM_ICV12:
|
||||
case ENCR_AES_CCM_ICV16:
|
||||
case ENCR_AES_GCM_ICV8:
|
||||
case ENCR_AES_GCM_ICV12:
|
||||
case ENCR_AES_GCM_ICV16:
|
||||
case ENCR_CAMELLIA_CCM_ICV8:
|
||||
case ENCR_CAMELLIA_CCM_ICV12:
|
||||
case ENCR_CAMELLIA_CCM_ICV16:
|
||||
/* we assume that we support all AES/Camellia sizes */
|
||||
add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 128);
|
||||
add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 192);
|
||||
add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 256);
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
enumerator->destroy(enumerator);
|
||||
enumerator->destroy(enumerator);
|
||||
|
||||
enumerator = lib->crypto->create_aead_enumerator(lib->crypto);
|
||||
while (enumerator->enumerate(enumerator, &encryption, &plugin_name))
|
||||
{
|
||||
switch (encryption)
|
||||
if (!array_count(this->transforms))
|
||||
{
|
||||
case ENCR_AES_CCM_ICV8:
|
||||
case ENCR_AES_CCM_ICV12:
|
||||
case ENCR_AES_CCM_ICV16:
|
||||
case ENCR_AES_GCM_ICV8:
|
||||
case ENCR_AES_GCM_ICV12:
|
||||
case ENCR_AES_GCM_ICV16:
|
||||
case ENCR_CAMELLIA_CCM_ICV8:
|
||||
case ENCR_CAMELLIA_CCM_ICV12:
|
||||
case ENCR_CAMELLIA_CCM_ICV16:
|
||||
/* we assume that we support all AES/Camellia sizes */
|
||||
add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 128);
|
||||
add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 192);
|
||||
add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 256);
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
return FALSE;
|
||||
}
|
||||
}
|
||||
enumerator->destroy(enumerator);
|
||||
else
|
||||
{
|
||||
enumerator = lib->crypto->create_crypter_enumerator(lib->crypto);
|
||||
while (enumerator->enumerate(enumerator, &encryption, &plugin_name))
|
||||
{
|
||||
switch (encryption)
|
||||
{
|
||||
case ENCR_AES_CBC:
|
||||
case ENCR_AES_CTR:
|
||||
case ENCR_CAMELLIA_CBC:
|
||||
case ENCR_CAMELLIA_CTR:
|
||||
/* we assume that we support all AES/Camellia sizes */
|
||||
add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 128);
|
||||
add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 192);
|
||||
add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 256);
|
||||
break;
|
||||
case ENCR_3DES:
|
||||
add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 0);
|
||||
break;
|
||||
case ENCR_DES:
|
||||
/* no, thanks */
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
}
|
||||
enumerator->destroy(enumerator);
|
||||
|
||||
enumerator = lib->crypto->create_signer_enumerator(lib->crypto);
|
||||
while (enumerator->enumerate(enumerator, &integrity, &plugin_name))
|
||||
{
|
||||
switch (integrity)
|
||||
if (!array_count(this->transforms))
|
||||
{
|
||||
case AUTH_HMAC_SHA1_96:
|
||||
case AUTH_HMAC_SHA2_256_128:
|
||||
case AUTH_HMAC_SHA2_384_192:
|
||||
case AUTH_HMAC_SHA2_512_256:
|
||||
case AUTH_HMAC_MD5_96:
|
||||
case AUTH_AES_XCBC_96:
|
||||
case AUTH_AES_CMAC_96:
|
||||
add_algorithm(this, INTEGRITY_ALGORITHM, integrity, 0);
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
enumerator = lib->crypto->create_signer_enumerator(lib->crypto);
|
||||
while (enumerator->enumerate(enumerator, &integrity, &plugin_name))
|
||||
{
|
||||
switch (integrity)
|
||||
{
|
||||
case AUTH_HMAC_SHA1_96:
|
||||
case AUTH_HMAC_SHA2_256_128:
|
||||
case AUTH_HMAC_SHA2_384_192:
|
||||
case AUTH_HMAC_SHA2_512_256:
|
||||
case AUTH_HMAC_MD5_96:
|
||||
case AUTH_AES_XCBC_96:
|
||||
case AUTH_AES_CMAC_96:
|
||||
add_algorithm(this, INTEGRITY_ALGORITHM, integrity, 0);
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
}
|
||||
enumerator->destroy(enumerator);
|
||||
}
|
||||
enumerator->destroy(enumerator);
|
||||
|
||||
enumerator = lib->crypto->create_prf_enumerator(lib->crypto);
|
||||
while (enumerator->enumerate(enumerator, &prf, &plugin_name))
|
||||
|
|
@ -767,6 +782,8 @@ static void proposal_add_supported_ike(private_proposal_t *this)
|
|||
}
|
||||
}
|
||||
enumerator->destroy(enumerator);
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
@ -779,7 +796,11 @@ proposal_t *proposal_create_default(protocol_id_t protocol)
|
|||
switch (protocol)
|
||||
{
|
||||
case PROTO_IKE:
|
||||
proposal_add_supported_ike(this);
|
||||
if (!proposal_add_supported_ike(this, FALSE))
|
||||
{
|
||||
destroy(this);
|
||||
return NULL;
|
||||
}
|
||||
break;
|
||||
case PROTO_ESP:
|
||||
add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128);
|
||||
|
|
@ -804,6 +825,33 @@ proposal_t *proposal_create_default(protocol_id_t protocol)
|
|||
return &this->public;
|
||||
}
|
||||
|
||||
/*
|
||||
* Describtion in header-file
|
||||
*/
|
||||
proposal_t *proposal_create_default_aead(protocol_id_t protocol)
|
||||
{
|
||||
private_proposal_t *this;
|
||||
|
||||
switch (protocol)
|
||||
{
|
||||
case PROTO_IKE:
|
||||
this = (private_proposal_t*)proposal_create(protocol, 0);
|
||||
if (!proposal_add_supported_ike(this, TRUE))
|
||||
{
|
||||
destroy(this);
|
||||
return NULL;
|
||||
}
|
||||
return &this->public;
|
||||
case PROTO_ESP:
|
||||
/* we currently don't include any AEAD proposal for ESP, as we
|
||||
* don't know if our kernel backend actually supports it. */
|
||||
return NULL;
|
||||
case PROTO_AH:
|
||||
default:
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Describtion in header-file
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -195,6 +195,14 @@ proposal_t *proposal_create(protocol_id_t protocol, u_int number);
|
|||
*/
|
||||
proposal_t *proposal_create_default(protocol_id_t protocol);
|
||||
|
||||
/**
|
||||
* Create a default proposal for supported AEAD algorithms
|
||||
*
|
||||
* @param protocol protocol, such as PROTO_ESP
|
||||
* @return proposal_t object, NULL if none supported
|
||||
*/
|
||||
proposal_t *proposal_create_default_aead(protocol_id_t protocol);
|
||||
|
||||
/**
|
||||
* Create a proposal from a string identifying the algorithms.
|
||||
*
|
||||
|
|
|
|||
|
|
@ -207,6 +207,7 @@ static void setup_tunnel(private_ha_tunnel_t *this,
|
|||
charon->socket->get_port(charon->socket, FALSE),
|
||||
remote, IKEV2_UDP_PORT, FRAGMENTATION_NO, 0);
|
||||
ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
|
||||
ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE));
|
||||
peer_cfg = peer_cfg_create("ha", ike_cfg, CERT_NEVER_SEND,
|
||||
UNIQUE_KEEP, 0, 86400, 0, 7200, 3600, FALSE, FALSE,
|
||||
TRUE, 30, 0, FALSE, NULL, NULL);
|
||||
|
|
@ -235,6 +236,7 @@ static void setup_tunnel(private_ha_tunnel_t *this,
|
|||
ts = traffic_selector_create_dynamic(IPPROTO_ICMP, 0, 65535);
|
||||
child_cfg->add_traffic_selector(child_cfg, FALSE, ts);
|
||||
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
|
||||
child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP));
|
||||
peer_cfg->add_child_cfg(peer_cfg, child_cfg);
|
||||
|
||||
this->backend.cfg = peer_cfg;
|
||||
|
|
|
|||
|
|
@ -327,6 +327,7 @@ static gboolean initiate_connection(private_maemo_service_t *this,
|
|||
charon->socket->get_port(charon->socket, FALSE),
|
||||
hostname, IKEV2_UDP_PORT, FRAGMENTATION_NO, 0);
|
||||
ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
|
||||
ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE));
|
||||
|
||||
peer_cfg = peer_cfg_create(this->current, ike_cfg,
|
||||
CERT_SEND_IF_ASKED,
|
||||
|
|
@ -351,6 +352,7 @@ static gboolean initiate_connection(private_maemo_service_t *this,
|
|||
TRUE, MODE_TUNNEL, ACTION_NONE, ACTION_NONE,
|
||||
ACTION_NONE, FALSE, 0, 0, NULL, NULL, 0);
|
||||
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
|
||||
child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP));
|
||||
ts = traffic_selector_create_dynamic(0, 0, 65535);
|
||||
child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
|
||||
ts = traffic_selector_create_from_string(0, TS_IPV4_ADDR_RANGE, "0.0.0.0",
|
||||
|
|
|
|||
|
|
@ -106,6 +106,7 @@ METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*,
|
|||
charon->socket->get_port(charon->socket, FALSE),
|
||||
address, IKEV2_UDP_PORT, FRAGMENTATION_NO, 0);
|
||||
ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
|
||||
ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE));
|
||||
med_cfg = peer_cfg_create(
|
||||
"mediation", ike_cfg,
|
||||
CERT_NEVER_SEND, UNIQUE_REPLACE,
|
||||
|
|
@ -168,6 +169,7 @@ METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*,
|
|||
ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE,
|
||||
0, 0, NULL, NULL, 0);
|
||||
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
|
||||
child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP));
|
||||
child_cfg->add_traffic_selector(child_cfg, TRUE, ts_from_string(local_net));
|
||||
child_cfg->add_traffic_selector(child_cfg, FALSE, ts_from_string(remote_net));
|
||||
peer_cfg->add_child_cfg(peer_cfg, child_cfg);
|
||||
|
|
@ -242,6 +244,7 @@ METHOD(enumerator_t, peer_enumerator_enumerate, bool,
|
|||
ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE,
|
||||
0, 0, NULL, NULL, 0);
|
||||
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
|
||||
child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP));
|
||||
child_cfg->add_traffic_selector(child_cfg, TRUE, ts_from_string(local_net));
|
||||
child_cfg->add_traffic_selector(child_cfg, FALSE, ts_from_string(remote_net));
|
||||
this->current->add_child_cfg(this->current, child_cfg);
|
||||
|
|
@ -382,6 +385,7 @@ medcli_config_t *medcli_config_create(database_t *db)
|
|||
FRAGMENTATION_NO, 0),
|
||||
);
|
||||
this->ike->add_proposal(this->ike, proposal_create_default(PROTO_IKE));
|
||||
this->ike->add_proposal(this->ike, proposal_create_default_aead(PROTO_IKE));
|
||||
|
||||
schedule_autoinit(this);
|
||||
|
||||
|
|
|
|||
|
|
@ -145,6 +145,7 @@ medsrv_config_t *medsrv_config_create(database_t *db)
|
|||
FRAGMENTATION_NO, 0),
|
||||
);
|
||||
this->ike->add_proposal(this->ike, proposal_create_default(PROTO_IKE));
|
||||
this->ike->add_proposal(this->ike, proposal_create_default_aead(PROTO_IKE));
|
||||
|
||||
return &this->public;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -153,6 +153,7 @@ static void add_esp_proposals(private_sql_config_t *this,
|
|||
if (use_default)
|
||||
{
|
||||
child->add_proposal(child, proposal_create_default(PROTO_ESP));
|
||||
child->add_proposal(child, proposal_create_default_aead(PROTO_ESP));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -242,6 +243,7 @@ static void add_ike_proposals(private_sql_config_t *this,
|
|||
if (use_default)
|
||||
{
|
||||
ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
|
||||
ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -174,10 +174,12 @@ static void add_proposals(private_stroke_config_t *this, char *string,
|
|||
if (ike_cfg)
|
||||
{
|
||||
ike_cfg->add_proposal(ike_cfg, proposal_create_default(proto));
|
||||
ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(proto));
|
||||
}
|
||||
else
|
||||
{
|
||||
child_cfg->add_proposal(child_cfg, proposal_create_default(proto));
|
||||
child_cfg->add_proposal(child_cfg, proposal_create_default_aead(proto));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -442,17 +442,24 @@ static bool parse_proposal(linked_list_t *list, protocol_id_t proto, chunk_t v)
|
|||
if (strcaseeq("default", buf))
|
||||
{
|
||||
proposal = proposal_create_default(proto);
|
||||
if (proposal)
|
||||
{
|
||||
list->insert_last(list, proposal);
|
||||
}
|
||||
proposal = proposal_create_default_aead(proto);
|
||||
if (proposal)
|
||||
{
|
||||
list->insert_last(list, proposal);
|
||||
}
|
||||
return TRUE;
|
||||
}
|
||||
else
|
||||
proposal = proposal_create_from_string(proto, buf);
|
||||
if (proposal)
|
||||
{
|
||||
proposal = proposal_create_from_string(proto, buf);
|
||||
list->insert_last(list, proposal);
|
||||
return TRUE;
|
||||
}
|
||||
if (!proposal)
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
list->insert_last(list, proposal);
|
||||
return TRUE;
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -1343,8 +1350,16 @@ CALLBACK(children_sn, bool,
|
|||
}
|
||||
if (child.proposals->get_count(child.proposals) == 0)
|
||||
{
|
||||
child.proposals->insert_last(child.proposals,
|
||||
proposal_create_default(PROTO_ESP));
|
||||
proposal = proposal_create_default(PROTO_ESP);
|
||||
if (proposal)
|
||||
{
|
||||
child.proposals->insert_last(child.proposals, proposal);
|
||||
}
|
||||
proposal = proposal_create_default_aead(PROTO_ESP);
|
||||
if (proposal)
|
||||
{
|
||||
child.proposals->insert_last(child.proposals, proposal);
|
||||
}
|
||||
}
|
||||
|
||||
/* if no hard lifetime specified, add one at soft lifetime + 10% */
|
||||
|
|
@ -1755,8 +1770,16 @@ CALLBACK(config_sn, bool,
|
|||
}
|
||||
if (peer.proposals->get_count(peer.proposals) == 0)
|
||||
{
|
||||
peer.proposals->insert_last(peer.proposals,
|
||||
proposal_create_default(PROTO_IKE));
|
||||
proposal = proposal_create_default(PROTO_IKE);
|
||||
if (proposal)
|
||||
{
|
||||
peer.proposals->insert_last(peer.proposals, proposal);
|
||||
}
|
||||
proposal = proposal_create_default_aead(PROTO_IKE);
|
||||
if (proposal)
|
||||
{
|
||||
peer.proposals->insert_last(peer.proposals, proposal);
|
||||
}
|
||||
}
|
||||
if (!peer.local_addrs)
|
||||
{
|
||||
|
|
|
|||
Loading…
Reference in New Issue