From 8d74ec9e803805f259a2388d8f8e0d636a7d72f3 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Thu, 24 Apr 2014 14:28:57 +0200 Subject: [PATCH] ike: Add an additional but separate AEAD proposal to CHILD config This currently has no effect: We don't include AEAD algorithms in the default ESP proposal, as we don't know if it is supported by the backend. But as we hopefully get an algorithm query mechanism on kernel interfaces some day, we add the appropriate functionality nonetheless. --- src/charon-cmd/cmd/cmd_connection.c | 2 ++ src/charon-nm/nm/nm_service.c | 1 + src/conftest/config.c | 2 ++ src/frontends/osx/charon-xpc/xpc_dispatch.c | 1 + src/libcharon/plugins/ha/ha_tunnel.c | 1 + src/libcharon/plugins/maemo/maemo_service.c | 1 + src/libcharon/plugins/medcli/medcli_config.c | 2 ++ src/libcharon/plugins/sql/sql_config.c | 1 + src/libcharon/plugins/stroke/stroke_config.c | 1 + src/libcharon/plugins/vici/vici_config.c | 12 ++++++++++-- 10 files changed, 22 insertions(+), 2 deletions(-) diff --git a/src/charon-cmd/cmd/cmd_connection.c b/src/charon-cmd/cmd/cmd_connection.c index 79df8037b..2c0b7b9d5 100644 --- a/src/charon-cmd/cmd/cmd_connection.c +++ b/src/charon-cmd/cmd/cmd_connection.c @@ -358,6 +358,8 @@ static child_cfg_t* create_child_cfg(private_cmd_connection_t *this, else { child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); + child_cfg->add_proposal(child_cfg, + proposal_create_default_aead(PROTO_ESP)); } while (this->local_ts->remove_first(this->local_ts, (void**)&ts) == SUCCESS) { diff --git a/src/charon-nm/nm/nm_service.c b/src/charon-nm/nm/nm_service.c index 82d212d20..fc7e89958 100644 --- a/src/charon-nm/nm/nm_service.c +++ b/src/charon-nm/nm/nm_service.c @@ -566,6 +566,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, ACTION_NONE, ACTION_NONE, ACTION_NONE, ipcomp, 0, 0, NULL, NULL, 0); child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); + child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP)); ts = traffic_selector_create_dynamic(0, 0, 65535); child_cfg->add_traffic_selector(child_cfg, TRUE, ts); ts = traffic_selector_create_from_string(0, TS_IPV4_ADDR_RANGE, diff --git a/src/conftest/config.c b/src/conftest/config.c index bd63df02a..c83db7ecd 100644 --- a/src/conftest/config.c +++ b/src/conftest/config.c @@ -181,6 +181,8 @@ static child_cfg_t *load_child_config(private_config_t *this, else { child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); + child_cfg->add_proposal(child_cfg, + proposal_create_default_aead(PROTO_ESP)); } token = settings->get_str(settings, "configs.%s.%s.lts", NULL, config, child); diff --git a/src/frontends/osx/charon-xpc/xpc_dispatch.c b/src/frontends/osx/charon-xpc/xpc_dispatch.c index f20c54bce..04aad8735 100644 --- a/src/frontends/osx/charon-xpc/xpc_dispatch.c +++ b/src/frontends/osx/charon-xpc/xpc_dispatch.c @@ -141,6 +141,7 @@ static child_cfg_t* create_child_cfg(char *name) "aes128gcm8-aes128gcm12-aes128gcm16-" "aes256gcm8-aes256gcm12-aes256gcm16")); child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); + child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP)); ts = traffic_selector_create_dynamic(0, 0, 65535); child_cfg->add_traffic_selector(child_cfg, TRUE, ts); ts = traffic_selector_create_from_string(0, TS_IPV4_ADDR_RANGE, diff --git a/src/libcharon/plugins/ha/ha_tunnel.c b/src/libcharon/plugins/ha/ha_tunnel.c index 53369008b..dd2399366 100644 --- a/src/libcharon/plugins/ha/ha_tunnel.c +++ b/src/libcharon/plugins/ha/ha_tunnel.c @@ -236,6 +236,7 @@ static void setup_tunnel(private_ha_tunnel_t *this, ts = traffic_selector_create_dynamic(IPPROTO_ICMP, 0, 65535); child_cfg->add_traffic_selector(child_cfg, FALSE, ts); child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); + child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP)); peer_cfg->add_child_cfg(peer_cfg, child_cfg); this->backend.cfg = peer_cfg; diff --git a/src/libcharon/plugins/maemo/maemo_service.c b/src/libcharon/plugins/maemo/maemo_service.c index 82e90694b..2e96f8fb4 100644 --- a/src/libcharon/plugins/maemo/maemo_service.c +++ b/src/libcharon/plugins/maemo/maemo_service.c @@ -352,6 +352,7 @@ static gboolean initiate_connection(private_maemo_service_t *this, TRUE, MODE_TUNNEL, ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE, 0, 0, NULL, NULL, 0); child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); + child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP)); ts = traffic_selector_create_dynamic(0, 0, 65535); child_cfg->add_traffic_selector(child_cfg, TRUE, ts); ts = traffic_selector_create_from_string(0, TS_IPV4_ADDR_RANGE, "0.0.0.0", diff --git a/src/libcharon/plugins/medcli/medcli_config.c b/src/libcharon/plugins/medcli/medcli_config.c index c0b39e415..1fb57b928 100644 --- a/src/libcharon/plugins/medcli/medcli_config.c +++ b/src/libcharon/plugins/medcli/medcli_config.c @@ -169,6 +169,7 @@ METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*, ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE, 0, 0, NULL, NULL, 0); child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); + child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP)); child_cfg->add_traffic_selector(child_cfg, TRUE, ts_from_string(local_net)); child_cfg->add_traffic_selector(child_cfg, FALSE, ts_from_string(remote_net)); peer_cfg->add_child_cfg(peer_cfg, child_cfg); @@ -243,6 +244,7 @@ METHOD(enumerator_t, peer_enumerator_enumerate, bool, ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE, 0, 0, NULL, NULL, 0); child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); + child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP)); child_cfg->add_traffic_selector(child_cfg, TRUE, ts_from_string(local_net)); child_cfg->add_traffic_selector(child_cfg, FALSE, ts_from_string(remote_net)); this->current->add_child_cfg(this->current, child_cfg); diff --git a/src/libcharon/plugins/sql/sql_config.c b/src/libcharon/plugins/sql/sql_config.c index 152c4ec52..c47c7c0f8 100644 --- a/src/libcharon/plugins/sql/sql_config.c +++ b/src/libcharon/plugins/sql/sql_config.c @@ -153,6 +153,7 @@ static void add_esp_proposals(private_sql_config_t *this, if (use_default) { child->add_proposal(child, proposal_create_default(PROTO_ESP)); + child->add_proposal(child, proposal_create_default_aead(PROTO_ESP)); } } diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c index aa6138bcf..df15a1608 100644 --- a/src/libcharon/plugins/stroke/stroke_config.c +++ b/src/libcharon/plugins/stroke/stroke_config.c @@ -179,6 +179,7 @@ static void add_proposals(private_stroke_config_t *this, char *string, else { child_cfg->add_proposal(child_cfg, proposal_create_default(proto)); + child_cfg->add_proposal(child_cfg, proposal_create_default_aead(proto)); } } diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c index 83d221653..3f2fec444 100644 --- a/src/libcharon/plugins/vici/vici_config.c +++ b/src/libcharon/plugins/vici/vici_config.c @@ -1350,8 +1350,16 @@ CALLBACK(children_sn, bool, } if (child.proposals->get_count(child.proposals) == 0) { - child.proposals->insert_last(child.proposals, - proposal_create_default(PROTO_ESP)); + proposal = proposal_create_default(PROTO_ESP); + if (proposal) + { + child.proposals->insert_last(child.proposals, proposal); + } + proposal = proposal_create_default_aead(PROTO_ESP); + if (proposal) + { + child.proposals->insert_last(child.proposals, proposal); + } } /* if no hard lifetime specified, add one at soft lifetime + 10% */