android: Add DH groups to ESP proposals
authorTobias Brunner <tobias@strongswan.org>
Mon, 11 Aug 2014 16:17:00 +0000 (18:17 +0200)
committerTobias Brunner <tobias@strongswan.org>
Fri, 12 Sep 2014 08:21:49 +0000 (10:21 +0200)
src/frontends/android/jni/libandroidbridge/backend/android_service.c

index 1a6a920..0bab31d 100644 (file)
@@ -726,8 +726,18 @@ static job_requeue_t initiate(private_android_service_t *this)
        child_cfg = child_cfg_create("android", &lifetime, NULL, TRUE, MODE_TUNNEL,
                                                                 ACTION_NONE, ACTION_RESTART, ACTION_RESTART,
                                                                 FALSE, 0, 0, NULL, NULL, 0);
-       /* create an ESP proposal with the algorithms currently supported by
-        * libipsec, no PFS for now */
+       /* create ESP proposals with and without DH groups, let responder decide
+        * if PFS is used */
+       child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
+                                                       "aes128gcm16-aes256gcm16-ecp256"));
+       child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
+                                                       "aes128-sha256-ecp256-modp3072"));
+       child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
+                                                       "aes256-sha384-ecp521-modp8192"));
+       child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
+                                                       "aes128-aes192-aes256-sha1-sha256-sha384-sha512-"
+                                                       "ecp256-ecp384-ecp521-"
+                                                       "modp2048-modp3072-modp4096-modp1024"));
        child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
                                                        "aes128gcm16-aes256gcm16"));
        child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,