proposal-substructure: Encode transform number of selected IKEv1 proposal
authorTobias Brunner <tobias@strongswan.org>
Thu, 6 Feb 2020 14:46:27 +0000 (15:46 +0100)
committerTobias Brunner <tobias@strongswan.org>
Fri, 6 Mar 2020 09:31:30 +0000 (10:31 +0100)
src/libcharon/encoding/payloads/proposal_substructure.c
src/libcharon/encoding/payloads/proposal_substructure.h

index 4cf0340..802adac 100644 (file)
@@ -1552,11 +1552,11 @@ proposal_substructure_t *proposal_substructure_create_from_proposal_v2(
 }
 
 /**
- * See header.
+ * Creates an IKEv1 proposal_substructure_t from a proposal_t.
  */
-proposal_substructure_t *proposal_substructure_create_from_proposal_v1(
+static proposal_substructure_t *proposal_substructure_create_from_proposal_v1(
                        proposal_t *proposal, uint32_t lifetime, uint64_t lifebytes,
-                       auth_method_t auth, ipsec_mode_t mode, encap_t udp)
+                       auth_method_t auth, ipsec_mode_t mode, encap_t udp, uint8_t number)
 {
        private_proposal_substructure_t *this;
 
@@ -1565,12 +1565,12 @@ proposal_substructure_t *proposal_substructure_create_from_proposal_v1(
        switch (proposal->get_protocol(proposal))
        {
                case PROTO_IKE:
-                       set_from_proposal_v1_ike(this, proposal, lifetime, auth, 1);
+                       set_from_proposal_v1_ike(this, proposal, lifetime, auth, number);
                        break;
                case PROTO_ESP:
                case PROTO_AH:
                        set_from_proposal_v1(this, proposal, lifetime,
-                                                                lifebytes, mode, udp, 1);
+                                                                lifebytes, mode, udp, number);
                        break;
                default:
                        break;
@@ -1590,17 +1590,18 @@ proposal_substructure_t *proposal_substructure_create_from_proposals_v1(
        private_proposal_substructure_t *this = NULL;
        enumerator_t *enumerator;
        proposal_t *proposal;
-       int number = 0;
+       int number = 1;
 
        enumerator = proposals->create_enumerator(proposals);
        while (enumerator->enumerate(enumerator, &proposal))
        {
                if (!this)
-               {
+               {       /* as responder the transform number is set and we only have a
+                        * single proposal, start with 1 otherwise */
                        this = (private_proposal_substructure_t*)
                                                proposal_substructure_create_from_proposal_v1(
-                                                               proposal, lifetime, lifebytes, auth, mode, udp);
-                       ++number;
+                                                       proposal, lifetime, lifebytes, auth, mode, udp,
+                                                       proposal->get_transform_number(proposal) ?: number);
                }
                else
                {
index 8101d9f..0395ac8 100644 (file)
@@ -181,20 +181,6 @@ proposal_substructure_t *proposal_substructure_create(payload_type_t type);
  */
 proposal_substructure_t *proposal_substructure_create_from_proposal_v2(
                                                                                                                proposal_t *proposal);
-/**
- * Creates an IKEv1 proposal_substructure_t from a proposal_t.
- *
- * @param proposal     proposal to build a substruct out of it
- * @param lifetime     lifetime in seconds
- * @param lifebytes    lifebytes, in bytes
- * @param auth         authentication method to use, or AUTH_NONE
- * @param mode         IPsec encapsulation mode, TRANSPORT or TUNNEL
- * @param udp          ENCAP_UDP to use UDP encapsulation
- * @return                     proposal_substructure_t object PLV1_PROPOSAL_SUBSTRUCTURE
- */
-proposal_substructure_t *proposal_substructure_create_from_proposal_v1(
-                       proposal_t *proposal,  uint32_t lifetime, uint64_t lifebytes,
-                       auth_method_t auth, ipsec_mode_t mode, encap_t udp);
 
 /**
  * Creates an IKEv1 proposal_substructure_t from a list of proposal_t.