proposal: Make sure non-AEAD IKE proposals contain integrity algorithms

2018-03-08 18:26:19 +01:00 · 2018-03-08 18:26:19 +01:00 · ee019ab321
parent 42a6b187f7
commit ee019ab321
2 changed files with 10 additions and 0 deletions
--- a/src/libstrongswan/crypto/proposal/proposal.c
+++ b/src/libstrongswan/crypto/proposal/proposal.c
@ -710,6 +710,14 @@ static bool check_proposal(private_proposal_t *this)
 			 * we MUST NOT propose any integrity algorithms */
 			remove_transform(this, INTEGRITY_ALGORITHM);
 		}
+		else if (this->protocol == PROTO_IKE &&
+				 !get_algorithm(this, INTEGRITY_ALGORITHM, NULL, NULL))
+		{
+			DBG1(DBG_CFG, "an integrity algorithm is mandatory in %N proposals "
+				 "with classic (non-AEAD) encryption algorithms",
+				 protocol_id_names, this->protocol);
+			return FALSE;
+		}
 	}
 	else
 	{	/* AES-GMAC is parsed as encryption algorithm, so we map that to the
--- a/src/libstrongswan/tests/suites/test_proposal.c
+++ b/src/libstrongswan/tests/suites/test_proposal.c
@ -29,6 +29,8 @@ static struct {
 	{ PROTO_IKE, "aes128", NULL },
 	{ PROTO_IKE, "aes128-sha256", NULL },
 	{ PROTO_IKE, "aes128-sha256-modpnone", NULL },
+	{ PROTO_IKE, "aes128-prfsha256", NULL },
+	{ PROTO_IKE, "aes128-prfsha256-modp2048", NULL },
 	{ PROTO_IKE, "aes128-sha256-modp3072", "IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072" },
 	{ PROTO_IKE, "aes128-sha256-prfsha384-modp3072", "IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_384/MODP_3072" },
 	{ PROTO_IKE, "aes128gcm16-modp3072", NULL },