projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
added compatibility names (pluto) for sha2 algorithms (sha2_256, ...)
[strongswan.git] / src / charon / config / proposal.c
1 /**
2 * @file proposal.c
3 *
4 * @brief Implementation of proposal_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2006 Martin Willi
10 * Hochschule fuer Technik Rapperswil
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * for more details.
21 */
22
23 #include <string.h>
24
25 #include "proposal.h"
26
27 #include <daemon.h>
28 #include <utils/linked_list.h>
29 #include <utils/identification.h>
30 #include <utils/lexparser.h>
31 #include <crypto/prfs/prf.h>
32 #include <crypto/crypters/crypter.h>
33 #include <crypto/signers/signer.h>
34
35
36 ENUM(protocol_id_names, PROTO_NONE, PROTO_ESP,
37 "PROTO_NONE",
38 "IKE",
39 "AH",
40 "ESP",
41 );
42
43 ENUM_BEGIN(transform_type_names, UNDEFINED_TRANSFORM_TYPE, UNDEFINED_TRANSFORM_TYPE,
44 "UNDEFINED_TRANSFORM_TYPE");
45 ENUM_NEXT(transform_type_names, ENCRYPTION_ALGORITHM, EXTENDED_SEQUENCE_NUMBERS, UNDEFINED_TRANSFORM_TYPE,
46 "ENCRYPTION_ALGORITHM",
47 "PSEUDO_RANDOM_FUNCTION",
48 "INTEGRITY_ALGORITHM",
49 "DIFFIE_HELLMAN_GROUP",
50 "EXTENDED_SEQUENCE_NUMBERS");
51 ENUM_END(transform_type_names, EXTENDED_SEQUENCE_NUMBERS);
52
53 ENUM(extended_sequence_numbers_names, NO_EXT_SEQ_NUMBERS, EXT_SEQ_NUMBERS,
54 "NO_EXT_SEQ_NUMBERS",
55 "EXT_SEQ_NUMBERS",
56 );
57
58 typedef struct private_proposal_t private_proposal_t;
59
60 /**
61 * Private data of an proposal_t object
62 */
63 struct private_proposal_t {
64
65 /**
66 * Public part
67 */
68 proposal_t public;
69
70 /**
71 * protocol (ESP or AH)
72 */
73 protocol_id_t protocol;
74
75 /**
76 * priority ordered list of encryption algorithms
77 */
78 linked_list_t *encryption_algos;
79
80 /**
81 * priority ordered list of integrity algorithms
82 */
83 linked_list_t *integrity_algos;
84
85 /**
86 * priority ordered list of pseudo random functions
87 */
88 linked_list_t *prf_algos;
89
90 /**
91 * priority ordered list of dh groups
92 */
93 linked_list_t *dh_groups;
94
95 /**
96 * priority ordered list of extended sequence number flags
97 */
98 linked_list_t *esns;
99
100 /**
101 * senders SPI
102 */
103 u_int64_t spi;
104 };
105
106 /**
107 * Add algorithm/keysize to a algorithm list
108 */
109 static void add_algo(linked_list_t *list, u_int16_t algo, size_t key_size)
110 {
111 algorithm_t *algo_key;
112
113 algo_key = malloc_thing(algorithm_t);
114 algo_key->algorithm = algo;
115 algo_key->key_size = key_size;
116 list->insert_last(list, (void*)algo_key);
117 }
118
119 /**
120 * Implements proposal_t.add_algorithm
121 */
122 static void add_algorithm(private_proposal_t *this, transform_type_t type, u_int16_t algo, size_t key_size)
123 {
124 switch (type)
125 {
126 case ENCRYPTION_ALGORITHM:
127 add_algo(this->encryption_algos, algo, key_size);
128 break;
129 case INTEGRITY_ALGORITHM:
130 add_algo(this->integrity_algos, algo, key_size);
131 break;
132 case PSEUDO_RANDOM_FUNCTION:
133 add_algo(this->prf_algos, algo, key_size);
134 break;
135 case DIFFIE_HELLMAN_GROUP:
136 add_algo(this->dh_groups, algo, 0);
137 break;
138 case EXTENDED_SEQUENCE_NUMBERS:
139 add_algo(this->esns, algo, 0);
140 break;
141 default:
142 break;
143 }
144 }
145
146 /**
147 * Implements proposal_t.create_algorithm_iterator.
148 */
149 static iterator_t *create_algorithm_iterator(private_proposal_t *this, transform_type_t type)
150 {
151 switch (type)
152 {
153 case ENCRYPTION_ALGORITHM:
154 return this->encryption_algos->create_iterator(this->encryption_algos, TRUE);
155 case INTEGRITY_ALGORITHM:
156 return this->integrity_algos->create_iterator(this->integrity_algos, TRUE);
157 case PSEUDO_RANDOM_FUNCTION:
158 return this->prf_algos->create_iterator(this->prf_algos, TRUE);
159 case DIFFIE_HELLMAN_GROUP:
160 return this->dh_groups->create_iterator(this->dh_groups, TRUE);
161 case EXTENDED_SEQUENCE_NUMBERS:
162 return this->esns->create_iterator(this->esns, TRUE);
163 default:
164 break;
165 }
166 return NULL;
167 }
168
169 /**
170 * Implements proposal_t.get_algorithm.
171 */
172 static bool get_algorithm(private_proposal_t *this, transform_type_t type, algorithm_t** algo)
173 {
174 iterator_t *iterator = create_algorithm_iterator(this, type);
175 if (iterator->iterate(iterator, (void**)algo))
176 {
177 iterator->destroy(iterator);
178 return TRUE;
179 }
180 iterator->destroy(iterator);
181 return FALSE;
182 }
183
184 /**
185 * Implements proposal_t.has_dh_group
186 */
187 static bool has_dh_group(private_proposal_t *this, diffie_hellman_group_t group)
188 {
189 algorithm_t *current;
190 iterator_t *iterator;
191 bool result = FALSE;
192
193 iterator = this->dh_groups->create_iterator(this->dh_groups, TRUE);
194 if (iterator->get_count(iterator))
195 {
196 while (iterator->iterate(iterator, (void**)&current))
197 {
198 if (current->algorithm == group)
199 {
200 result = TRUE;
201 break;
202 }
203 }
204 }
205 else if (group == MODP_NONE)
206 {
207 result = TRUE;
208 }
209 iterator->destroy(iterator);
210 return result;
211 }
212
213 /**
214 * Find a matching alg/keysize in two linked lists
215 */
216 static bool select_algo(linked_list_t *first, linked_list_t *second, bool *add, u_int16_t *alg, size_t *key_size)
217 {
218 iterator_t *first_iter, *second_iter;
219 algorithm_t *first_alg, *second_alg;
220
221 /* if in both are zero algorithms specified, we HAVE a match */
222 if (first->get_count(first) == 0 && second->get_count(second) == 0)
223 {
224 *add = FALSE;
225 return TRUE;
226 }
227
228 first_iter = first->create_iterator(first, TRUE);
229 second_iter = second->create_iterator(second, TRUE);
230 /* compare algs, order of algs in "first" is preferred */
231 while (first_iter->iterate(first_iter, (void**)&first_alg))
232 {
233 second_iter->reset(second_iter);
234 while (second_iter->iterate(second_iter, (void**)&second_alg))
235 {
236 if (first_alg->algorithm == second_alg->algorithm &&
237 first_alg->key_size == second_alg->key_size)
238 {
239 /* ok, we have an algorithm */
240 *alg = first_alg->algorithm;
241 *key_size = first_alg->key_size;
242 *add = TRUE;
243 first_iter->destroy(first_iter);
244 second_iter->destroy(second_iter);
245 return TRUE;
246 }
247 }
248 }
249 /* no match in all comparisons */
250 first_iter->destroy(first_iter);
251 second_iter->destroy(second_iter);
252 return FALSE;
253 }
254
255 /**
256 * Implements proposal_t.select.
257 */
258 static proposal_t *select_proposal(private_proposal_t *this, private_proposal_t *other)
259 {
260 proposal_t *selected;
261 u_int16_t algo;
262 size_t key_size;
263 bool add;
264
265 DBG2(DBG_CFG, "selecting proposal:");
266
267 /* check protocol */
268 if (this->protocol != other->protocol)
269 {
270 DBG2(DBG_CFG, " protocol mismatch, skipping");
271 return NULL;
272 }
273
274 selected = proposal_create(this->protocol);
275
276 /* select encryption algorithm */
277 if (select_algo(this->encryption_algos, other->encryption_algos, &add, &algo, &key_size))
278 {
279 if (add)
280 {
281 selected->add_algorithm(selected, ENCRYPTION_ALGORITHM, algo, key_size);
282 }
283 }
284 else
285 {
286 selected->destroy(selected);
287 DBG2(DBG_CFG, " no acceptable ENCRYPTION_ALGORITHM found, skipping");
288 return NULL;
289 }
290 /* select integrity algorithm */
291 if (select_algo(this->integrity_algos, other->integrity_algos, &add, &algo, &key_size))
292 {
293 if (add)
294 {
295 selected->add_algorithm(selected, INTEGRITY_ALGORITHM, algo, key_size);
296 }
297 }
298 else
299 {
300 selected->destroy(selected);
301 DBG2(DBG_CFG, " no acceptable INTEGRITY_ALGORITHM found, skipping");
302 return NULL;
303 }
304 /* select prf algorithm */
305 if (select_algo(this->prf_algos, other->prf_algos, &add, &algo, &key_size))
306 {
307 if (add)
308 {
309 selected->add_algorithm(selected, PSEUDO_RANDOM_FUNCTION, algo, key_size);
310 }
311 }
312 else
313 {
314 selected->destroy(selected);
315 DBG2(DBG_CFG, " no acceptable PSEUDO_RANDOM_FUNCTION found, skipping");
316 return NULL;
317 }
318 /* select a DH-group */
319 if (select_algo(this->dh_groups, other->dh_groups, &add, &algo, &key_size))
320 {
321 if (add)
322 {
323 selected->add_algorithm(selected, DIFFIE_HELLMAN_GROUP, algo, 0);
324 }
325 }
326 else
327 {
328 selected->destroy(selected);
329 DBG2(DBG_CFG, " no acceptable DIFFIE_HELLMAN_GROUP found, skipping");
330 return NULL;
331 }
332 /* select if we use ESNs */
333 if (select_algo(this->esns, other->esns, &add, &algo, &key_size))
334 {
335 if (add)
336 {
337 selected->add_algorithm(selected, EXTENDED_SEQUENCE_NUMBERS, algo, 0);
338 }
339 }
340 else
341 {
342 selected->destroy(selected);
343 DBG2(DBG_CFG, " no acceptable EXTENDED_SEQUENCE_NUMBERS found, skipping");
344 return NULL;
345 }
346 DBG2(DBG_CFG, " proposal matches");
347
348 /* apply SPI from "other" */
349 selected->set_spi(selected, other->spi);
350
351 /* everything matched, return new proposal */
352 return selected;
353 }
354
355 /**
356 * Implements proposal_t.get_protocols.
357 */
358 static protocol_id_t get_protocol(private_proposal_t *this)
359 {
360 return this->protocol;
361 }
362
363 /**
364 * Implements proposal_t.set_spi.
365 */
366 static void set_spi(private_proposal_t *this, u_int64_t spi)
367 {
368 this->spi = spi;
369 }
370
371 /**
372 * Implements proposal_t.get_spi.
373 */
374 static u_int64_t get_spi(private_proposal_t *this)
375 {
376 return this->spi;
377 }
378
379 /**
380 * Clone a algorithm list
381 */
382 static void clone_algo_list(linked_list_t *list, linked_list_t *clone_list)
383 {
384 algorithm_t *algo, *clone_algo;
385 iterator_t *iterator = list->create_iterator(list, TRUE);
386 while (iterator->iterate(iterator, (void**)&algo))
387 {
388 clone_algo = malloc_thing(algorithm_t);
389 memcpy(clone_algo, algo, sizeof(algorithm_t));
390 clone_list->insert_last(clone_list, (void*)clone_algo);
391 }
392 iterator->destroy(iterator);
393 }
394
395 /**
396 * Implements proposal_t.clone
397 */
398 static proposal_t *clone_(private_proposal_t *this)
399 {
400 private_proposal_t *clone = (private_proposal_t*)proposal_create(this->protocol);
401
402 clone_algo_list(this->encryption_algos, clone->encryption_algos);
403 clone_algo_list(this->integrity_algos, clone->integrity_algos);
404 clone_algo_list(this->prf_algos, clone->prf_algos);
405 clone_algo_list(this->dh_groups, clone->dh_groups);
406 clone_algo_list(this->esns, clone->esns);
407
408 clone->spi = this->spi;
409
410 return &clone->public;
411 }
412
413 /**
414 * add a algorithm identified by a string to the proposal.
415 * TODO: we could use gperf here.
416 */
417 static status_t add_string_algo(private_proposal_t *this, chunk_t alg)
418 {
419 if (strncmp(alg.ptr, "null", alg.len) == 0)
420 {
421 add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_NULL, 0);
422 }
423 else if (strncmp(alg.ptr, "aes128", alg.len) == 0)
424 {
425 add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128);
426 }
427 else if (strncmp(alg.ptr, "aes192", alg.len) == 0)
428 {
429 add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192);
430 }
431 else if (strncmp(alg.ptr, "aes256", alg.len) == 0)
432 {
433 add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256);
434 }
435 else if (strncmp(alg.ptr, "3des", alg.len) == 0)
436 {
437 add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_3DES, 0);
438 }
439 /* blowfish only uses some predefined key sizes yet */
440 else if (strncmp(alg.ptr, "blowfish128", alg.len) == 0)
441 {
442 add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128);
443 }
444 else if (strncmp(alg.ptr, "blowfish192", alg.len) == 0)
445 {
446 add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 192);
447 }
448 else if (strncmp(alg.ptr, "blowfish256", alg.len) == 0)
449 {
450 add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256);
451 }
452 else if (strncmp(alg.ptr, "sha", alg.len) == 0 ||
453 strncmp(alg.ptr, "sha1", alg.len) == 0)
454 {
455 /* sha means we use SHA for both, PRF and AUTH */
456 add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
457 if (this->protocol == PROTO_IKE)
458 {
459 add_algorithm(this, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA1, 0);
460 }
461 }
462 else if (strncmp(alg.ptr, "sha256", alg.len) == 0 ||
463 strncmp(alg.ptr, "sha2_256", alg.len) == 0)
464 {
465 add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0);
466 if (this->protocol == PROTO_IKE)
467 {
468 add_algorithm(this, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_256, 0);
469 }
470 }
471 else if (strncmp(alg.ptr, "sha384", alg.len) == 0 ||
472 strncmp(alg.ptr, "sha2_384", alg.len) == 0)
473 {
474 add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0);
475 if (this->protocol == PROTO_IKE)
476 {
477 add_algorithm(this, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_384, 0);
478 }
479 }
480 else if (strncmp(alg.ptr, "sha512", alg.len) == 0 ||
481 strncmp(alg.ptr, "sha2_512", alg.len) == 0)
482 {
483 add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0);
484 if (this->protocol == PROTO_IKE)
485 {
486 add_algorithm(this, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_512, 0);
487 }
488 }
489 else if (strncmp(alg.ptr, "md5", alg.len) == 0)
490 {
491 add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0);
492 if (this->protocol == PROTO_IKE)
493 {
494 add_algorithm(this, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 0);
495 }
496 }
497 else if (strncmp(alg.ptr, "aesxcbc", alg.len) == 0)
498 {
499 add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0);
500 if (this->protocol == PROTO_IKE)
501 {
502 add_algorithm(this, PSEUDO_RANDOM_FUNCTION, AUTH_AES_XCBC_96, 0);
503 }
504 }
505 else if (strncmp(alg.ptr, "modp768", alg.len) == 0)
506 {
507 add_algorithm(this, DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0);
508 }
509 else if (strncmp(alg.ptr, "modp1024", alg.len) == 0)
510 {
511 add_algorithm(this, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
512 }
513 else if (strncmp(alg.ptr, "modp1536", alg.len) == 0)
514 {
515 add_algorithm(this, DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0);
516 }
517 else if (strncmp(alg.ptr, "modp2048", alg.len) == 0)
518 {
519 add_algorithm(this, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0);
520 }
521 else if (strncmp(alg.ptr, "modp4096", alg.len) == 0)
522 {
523 add_algorithm(this, DIFFIE_HELLMAN_GROUP, MODP_4096_BIT, 0);
524 }
525 else if (strncmp(alg.ptr, "modp8192", alg.len) == 0)
526 {
527 add_algorithm(this, DIFFIE_HELLMAN_GROUP, MODP_8192_BIT, 0);
528 }
529 else
530 {
531 return FAILED;
532 }
533 return SUCCESS;
534 }
535
536 /**
537 * Implements proposal_t.destroy.
538 */
539 static void destroy(private_proposal_t *this)
540 {
541 this->encryption_algos->destroy_function(this->encryption_algos, free);
542 this->integrity_algos->destroy_function(this->integrity_algos, free);
543 this->prf_algos->destroy_function(this->prf_algos, free);
544 this->dh_groups->destroy_function(this->dh_groups, free);
545 this->esns->destroy_function(this->esns, free);
546 free(this);
547 }
548
549 /*
550 * Describtion in header-file
551 */
552 proposal_t *proposal_create(protocol_id_t protocol)
553 {
554 private_proposal_t *this = malloc_thing(private_proposal_t);
555
556 this->public.add_algorithm = (void (*)(proposal_t*,transform_type_t,u_int16_t,size_t))add_algorithm;
557 this->public.create_algorithm_iterator = (iterator_t* (*)(proposal_t*,transform_type_t))create_algorithm_iterator;
558 this->public.get_algorithm = (bool (*)(proposal_t*,transform_type_t,algorithm_t**))get_algorithm;
559 this->public.has_dh_group = (bool (*)(proposal_t*,diffie_hellman_group_t))has_dh_group;
560 this->public.select = (proposal_t* (*)(proposal_t*,proposal_t*))select_proposal;
561 this->public.get_protocol = (protocol_id_t(*)(proposal_t*))get_protocol;
562 this->public.set_spi = (void(*)(proposal_t*,u_int64_t))set_spi;
563 this->public.get_spi = (u_int64_t(*)(proposal_t*))get_spi;
564 this->public.clone = (proposal_t*(*)(proposal_t*))clone_;
565 this->public.destroy = (void(*)(proposal_t*))destroy;
566
567 this->spi = 0;
568 this->protocol = protocol;
569
570 this->encryption_algos = linked_list_create();
571 this->integrity_algos = linked_list_create();
572 this->prf_algos = linked_list_create();
573 this->dh_groups = linked_list_create();
574 this->esns = linked_list_create();
575
576 return &this->public;
577 }
578
579 /*
580 * Describtion in header-file
581 */
582 proposal_t *proposal_create_default(protocol_id_t protocol)
583 {
584 private_proposal_t *this = (private_proposal_t*)proposal_create(protocol);
585
586 switch (protocol)
587 {
588 case PROTO_IKE:
589 add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128);
590 add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192);
591 add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256);
592 add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_3DES, 0);
593 add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0);
594 add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
595 add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0);
596 add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0);
597 add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0);
598 add_algorithm(this, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_256, 0);
599 add_algorithm(this, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA1, 0);
600 add_algorithm(this, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 0);
601 add_algorithm(this, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_384, 0);
602 add_algorithm(this, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_512, 0);
603 add_algorithm(this, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0);
604 add_algorithm(this, DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0);
605 add_algorithm(this, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
606 add_algorithm(this, DIFFIE_HELLMAN_GROUP, MODP_4096_BIT, 0);
607 add_algorithm(this, DIFFIE_HELLMAN_GROUP, MODP_8192_BIT, 0);
608 break;
609 case PROTO_ESP:
610 add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128);
611 add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192);
612 add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256);
613 add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_3DES, 0);
614 add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256);
615 add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
616 add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0);
617 add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0);
618 add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
619 break;
620 case PROTO_AH:
621 add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
622 add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0);
623 add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0);
624 add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
625 break;
626 default:
627 break;
628 }
629
630 return &this->public;
631 }
632
633 /*
634 * Describtion in header-file
635 */
636 proposal_t *proposal_create_from_string(protocol_id_t protocol, const char *algs)
637 {
638 private_proposal_t *this = (private_proposal_t*)proposal_create(protocol);
639 chunk_t string = {(void*)algs, strlen(algs)};
640 chunk_t alg;
641 status_t status = SUCCESS;
642
643 eat_whitespace(&string);
644 if (string.len < 1)
645 {
646 destroy(this);
647 return NULL;
648 }
649
650 /* get all tokens, separated by '-' */
651 while (extract_token(&alg, '-', &string))
652 {
653 status |= add_string_algo(this, alg);
654 }
655 if (string.len)
656 {
657 status |= add_string_algo(this, string);
658 }
659 if (status != SUCCESS)
660 {
661 destroy(this);
662 return NULL;
663 }
664
665 if (protocol == PROTO_AH || protocol == PROTO_ESP)
666 {
667 add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
668 }
669 return &this->public;
670 }
strongSwan - IPsec VPN