ike: Add an additional but separate AEAD proposal to IKE config, if supported
authorMartin Willi <martin@revosec.ch>
Thu, 24 Apr 2014 12:24:43 +0000 (14:24 +0200)
committerMartin Willi <martin@revosec.ch>
Fri, 16 May 2014 14:51:19 +0000 (16:51 +0200)
12 files changed:
src/charon-cmd/cmd/cmd_connection.c
src/charon-nm/nm/nm_service.c
src/conftest/config.c
src/frontends/android/jni/libandroidbridge/backend/android_service.c
src/frontends/osx/charon-xpc/xpc_dispatch.c
src/libcharon/plugins/ha/ha_tunnel.c
src/libcharon/plugins/maemo/maemo_service.c
src/libcharon/plugins/medcli/medcli_config.c
src/libcharon/plugins/medsrv/medsrv_config.c
src/libcharon/plugins/sql/sql_config.c
src/libcharon/plugins/stroke/stroke_config.c
src/libcharon/plugins/vici/vici_config.c

index c4c8a2a..79df803 100644 (file)
@@ -187,6 +187,7 @@ static peer_cfg_t* create_peer_cfg(private_cmd_connection_t *this)
        else
        {
                ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
+               ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE));
        }
        peer_cfg = peer_cfg_create("cmd", ike_cfg,
                                        CERT_SEND_IF_ASKED, UNIQUE_REPLACE, 1, /* keyingtries */
index 67366a0..82d212d 100644 (file)
@@ -532,6 +532,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
                                                        (char*)address, IKEV2_UDP_PORT,
                                                         FRAGMENTATION_NO, 0);
        ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
+       ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE));
        peer_cfg = peer_cfg_create(priv->name, ike_cfg,
                                        CERT_SEND_IF_ASKED, UNIQUE_REPLACE, 1, /* keyingtries */
                                        36000, 0, /* rekey 10h, reauth none */
index 5aa742d..bd63df0 100644 (file)
@@ -129,6 +129,7 @@ static ike_cfg_t *load_ike_config(private_config_t *this,
        else
        {
                ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
+               ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE));
        }
        return ike_cfg;
 }
index ccf5ce8..db9bebc 100644 (file)
@@ -530,6 +530,7 @@ static job_requeue_t initiate(private_android_service_t *this)
                                                         this->gateway, IKEV2_UDP_PORT,
                                                         FRAGMENTATION_NO, 0);
        ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
+       ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE));
 
        peer_cfg = peer_cfg_create("android", ike_cfg, CERT_SEND_IF_ASKED,
                                                           UNIQUE_REPLACE, 0, /* keyingtries */
index 564fd6e..f20c54b 100644 (file)
@@ -87,6 +87,7 @@ static peer_cfg_t* create_peer_cfg(char *name, char *host)
        ike_cfg = ike_cfg_create(IKEV2, FALSE, FALSE, "0.0.0.0", local_port,
                                                         host, remote_port, FRAGMENTATION_NO, 0);
        ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
+       ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE));
        peer_cfg = peer_cfg_create(name, ike_cfg,
                                                           CERT_SEND_IF_ASKED, UNIQUE_REPLACE, 1, /* keyingtries */
                                                           36000, 0, /* rekey 10h, reauth none */
index 74147e5..5336900 100644 (file)
@@ -207,6 +207,7 @@ static void setup_tunnel(private_ha_tunnel_t *this,
                                                         charon->socket->get_port(charon->socket, FALSE),
                                                         remote, IKEV2_UDP_PORT, FRAGMENTATION_NO, 0);
        ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
+       ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE));
        peer_cfg = peer_cfg_create("ha", ike_cfg, CERT_NEVER_SEND,
                                                UNIQUE_KEEP, 0, 86400, 0, 7200, 3600, FALSE, FALSE,
                                                TRUE, 30, 0, FALSE, NULL, NULL);
index f0f3105..82e9069 100644 (file)
@@ -327,6 +327,7 @@ static gboolean initiate_connection(private_maemo_service_t *this,
                                                         charon->socket->get_port(charon->socket, FALSE),
                                                         hostname, IKEV2_UDP_PORT, FRAGMENTATION_NO, 0);
        ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
+       ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE));
 
        peer_cfg = peer_cfg_create(this->current, ike_cfg,
                                                           CERT_SEND_IF_ASKED,
index d048b00..c0b39e4 100644 (file)
@@ -106,6 +106,7 @@ METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*,
                                                         charon->socket->get_port(charon->socket, FALSE),
                                                         address, IKEV2_UDP_PORT, FRAGMENTATION_NO, 0);
        ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
+       ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE));
        med_cfg = peer_cfg_create(
                "mediation", ike_cfg,
                CERT_NEVER_SEND, UNIQUE_REPLACE,
@@ -382,6 +383,7 @@ medcli_config_t *medcli_config_create(database_t *db)
                                                          FRAGMENTATION_NO, 0),
        );
        this->ike->add_proposal(this->ike, proposal_create_default(PROTO_IKE));
+       this->ike->add_proposal(this->ike, proposal_create_default_aead(PROTO_IKE));
 
        schedule_autoinit(this);
 
index ac6076a..02d805e 100644 (file)
@@ -145,6 +145,7 @@ medsrv_config_t *medsrv_config_create(database_t *db)
                                                          FRAGMENTATION_NO, 0),
        );
        this->ike->add_proposal(this->ike, proposal_create_default(PROTO_IKE));
+       this->ike->add_proposal(this->ike, proposal_create_default_aead(PROTO_IKE));
 
        return &this->public;
 }
index a8d34f2..152c4ec 100644 (file)
@@ -242,6 +242,7 @@ static void add_ike_proposals(private_sql_config_t *this,
        if (use_default)
        {
                ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
+               ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE));
        }
 }
 
index e5e6d92..aa6138b 100644 (file)
@@ -174,6 +174,7 @@ static void add_proposals(private_stroke_config_t *this, char *string,
        if (ike_cfg)
        {
                ike_cfg->add_proposal(ike_cfg, proposal_create_default(proto));
+               ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(proto));
        }
        else
        {
index 52a3dba..83d2216 100644 (file)
@@ -442,17 +442,24 @@ static bool parse_proposal(linked_list_t *list, protocol_id_t proto, chunk_t v)
        if (strcaseeq("default", buf))
        {
                proposal = proposal_create_default(proto);
+               if (proposal)
+               {
+                       list->insert_last(list, proposal);
+               }
+               proposal = proposal_create_default_aead(proto);
+               if (proposal)
+               {
+                       list->insert_last(list, proposal);
+               }
+               return TRUE;
        }
-       else
-       {
-               proposal = proposal_create_from_string(proto, buf);
-       }
-       if (!proposal)
+       proposal = proposal_create_from_string(proto, buf);
+       if (proposal)
        {
-               return FALSE;
+               list->insert_last(list, proposal);
+               return TRUE;
        }
-       list->insert_last(list, proposal);
-       return TRUE;
+       return FALSE;
 }
 
 /**
@@ -1755,8 +1762,16 @@ CALLBACK(config_sn, bool,
        }
        if (peer.proposals->get_count(peer.proposals) == 0)
        {
-               peer.proposals->insert_last(peer.proposals,
-                                                                       proposal_create_default(PROTO_IKE));
+               proposal = proposal_create_default(PROTO_IKE);
+               if (proposal)
+               {
+                       peer.proposals->insert_last(peer.proposals, proposal);
+               }
+               proposal = proposal_create_default_aead(PROTO_IKE);
+               if (proposal)
+               {
+                       peer.proposals->insert_last(peer.proposals, proposal);
+               }
        }
        if (!peer.local_addrs)
        {