Merge branch 'android-proposals'
authorTobias Brunner <tobias@strongswan.org>
Tue, 28 Nov 2017 15:23:41 +0000 (16:23 +0100)
committerTobias Brunner <tobias@strongswan.org>
Tue, 28 Nov 2017 15:23:41 +0000 (16:23 +0100)
Makes IKE and ESP proposals configurable.

1  2 
src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c

@@@ -795,27 -825,34 +825,34 @@@ static job_requeue_t initiate(private_a
        peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);
  
        child_cfg = child_cfg_create("android", &child);
-       /* create ESP proposals with and without DH groups, let responder decide
-        * if PFS is used */
-       child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
-                                                       "aes128gcm16-aes256gcm16-chacha20poly1305-"
-                                                       "curve25519-ecp256-modp3072"));
-       child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
-                                                       "aes128-sha256-curve25519-ecp256-modp3072"));
-       child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
-                                                       "aes256-sha384-ecp521-modp8192"));
-       child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
-                                                       "aes128-aes192-aes256-sha1-sha256-sha384-sha512-"
-                                                       "curve25519-ecp256-ecp384-ecp521-"
-                                                       "modp2048-modp3072-modp4096"));
-       child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
-                                                       "aes128gcm16-aes256gcm16-chacha20poly1305"));
-       child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
-                                                       "aes128-sha256"));
-       child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
-                                                       "aes256-sha384"));
-       child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
-                                                       "aes128-aes192-aes256-sha1-sha256-sha384-sha512"));
+       proposal = parse_proposal(this, PROTO_ESP, "connection.esp_proposal");
+       if (proposal)
+       {
+               child_cfg->add_proposal(child_cfg, proposal);
+       }
+       else
+       {       /* create ESP proposals with and without DH groups, let responder decide
+                * if PFS is used */
+               child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
+                                                               "aes128gcm16-aes256gcm16-chacha20poly1305-"
+                                                               "curve25519-ecp256-modp3072"));
+               child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
+                                                               "aes128-sha256-curve25519-ecp256-modp3072"));
+               child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
+                                                               "aes256-sha384-ecp521-modp8192"));
+               child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
+                                                               "aes128-aes192-aes256-sha1-sha256-sha384-sha512-"
+                                                               "curve25519-ecp256-ecp384-ecp521-"
 -                                                              "modp2048-modp3072-modp4096-modp1024"));
++                                                              "modp2048-modp3072-modp4096"));
+               child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
+                                                               "aes128gcm16-aes256gcm16-chacha20poly1305"));
+               child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
+                                                               "aes128-sha256"));
+               child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
+                                                               "aes256-sha384"));
+               child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
+                                                               "aes128-aes192-aes256-sha1-sha256-sha384-sha512"));
+       }
        ts = traffic_selector_create_from_cidr("0.0.0.0/0", 0, 0, 65535);
        child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
        ts = traffic_selector_create_from_cidr("0.0.0.0/0", 0, 0, 65535);