ike: Add an additional but separate AEAD proposal to CHILD config
authorMartin Willi <martin@revosec.ch>
Thu, 24 Apr 2014 12:28:57 +0000 (14:28 +0200)
committerMartin Willi <martin@revosec.ch>
Fri, 16 May 2014 14:51:19 +0000 (16:51 +0200)
This currently has no effect: We don't include AEAD algorithms in the default
ESP proposal, as we don't know if it is supported by the backend. But as we
hopefully get an algorithm query mechanism on kernel interfaces some day, we
add the appropriate functionality nonetheless.

src/charon-cmd/cmd/cmd_connection.c
src/charon-nm/nm/nm_service.c
src/conftest/config.c
src/frontends/osx/charon-xpc/xpc_dispatch.c
src/libcharon/plugins/ha/ha_tunnel.c
src/libcharon/plugins/maemo/maemo_service.c
src/libcharon/plugins/medcli/medcli_config.c
src/libcharon/plugins/sql/sql_config.c
src/libcharon/plugins/stroke/stroke_config.c
src/libcharon/plugins/vici/vici_config.c

index 79df803..2c0b7b9 100644 (file)
@@ -358,6 +358,8 @@ static child_cfg_t* create_child_cfg(private_cmd_connection_t *this,
        else
        {
                child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
+               child_cfg->add_proposal(child_cfg,
+                                                               proposal_create_default_aead(PROTO_ESP));
        }
        while (this->local_ts->remove_first(this->local_ts, (void**)&ts) == SUCCESS)
        {
index 82d212d..fc7e899 100644 (file)
@@ -566,6 +566,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
                                                                 ACTION_NONE, ACTION_NONE, ACTION_NONE, ipcomp,
                                                                 0, 0, NULL, NULL, 0);
        child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
+       child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP));
        ts = traffic_selector_create_dynamic(0, 0, 65535);
        child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
        ts = traffic_selector_create_from_string(0, TS_IPV4_ADDR_RANGE,
index bd63df0..c83db7e 100644 (file)
@@ -181,6 +181,8 @@ static child_cfg_t *load_child_config(private_config_t *this,
        else
        {
                child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
+               child_cfg->add_proposal(child_cfg,
+                                                               proposal_create_default_aead(PROTO_ESP));
        }
 
        token = settings->get_str(settings, "configs.%s.%s.lts", NULL, config, child);
index f20c54b..04aad87 100644 (file)
@@ -141,6 +141,7 @@ static child_cfg_t* create_child_cfg(char *name)
                                                                                "aes128gcm8-aes128gcm12-aes128gcm16-"
                                                                                "aes256gcm8-aes256gcm12-aes256gcm16"));
        child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
+       child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP));
        ts = traffic_selector_create_dynamic(0, 0, 65535);
        child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
        ts = traffic_selector_create_from_string(0, TS_IPV4_ADDR_RANGE,
index 5336900..dd23993 100644 (file)
@@ -236,6 +236,7 @@ static void setup_tunnel(private_ha_tunnel_t *this,
        ts = traffic_selector_create_dynamic(IPPROTO_ICMP, 0, 65535);
        child_cfg->add_traffic_selector(child_cfg, FALSE, ts);
        child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
+       child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP));
        peer_cfg->add_child_cfg(peer_cfg, child_cfg);
 
        this->backend.cfg = peer_cfg;
index 82e9069..2e96f8f 100644 (file)
@@ -352,6 +352,7 @@ static gboolean initiate_connection(private_maemo_service_t *this,
                                                                 TRUE, MODE_TUNNEL, ACTION_NONE, ACTION_NONE,
                                                                 ACTION_NONE, FALSE, 0, 0, NULL, NULL, 0);
        child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
+       child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP));
        ts = traffic_selector_create_dynamic(0, 0, 65535);
        child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
        ts = traffic_selector_create_from_string(0, TS_IPV4_ADDR_RANGE, "0.0.0.0",
index c0b39e4..1fb57b9 100644 (file)
@@ -169,6 +169,7 @@ METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*,
                                                                 ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE,
                                                                 0, 0, NULL, NULL, 0);
        child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
+       child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP));
        child_cfg->add_traffic_selector(child_cfg, TRUE, ts_from_string(local_net));
        child_cfg->add_traffic_selector(child_cfg, FALSE, ts_from_string(remote_net));
        peer_cfg->add_child_cfg(peer_cfg, child_cfg);
@@ -243,6 +244,7 @@ METHOD(enumerator_t, peer_enumerator_enumerate, bool,
                                                                 ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE,
                                                                 0, 0, NULL, NULL, 0);
        child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
+       child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP));
        child_cfg->add_traffic_selector(child_cfg, TRUE, ts_from_string(local_net));
        child_cfg->add_traffic_selector(child_cfg, FALSE, ts_from_string(remote_net));
        this->current->add_child_cfg(this->current, child_cfg);
index 152c4ec..c47c7c0 100644 (file)
@@ -153,6 +153,7 @@ static void add_esp_proposals(private_sql_config_t *this,
        if (use_default)
        {
                child->add_proposal(child, proposal_create_default(PROTO_ESP));
+               child->add_proposal(child, proposal_create_default_aead(PROTO_ESP));
        }
 }
 
index aa6138b..df15a16 100644 (file)
@@ -179,6 +179,7 @@ static void add_proposals(private_stroke_config_t *this, char *string,
        else
        {
                child_cfg->add_proposal(child_cfg, proposal_create_default(proto));
+               child_cfg->add_proposal(child_cfg, proposal_create_default_aead(proto));
        }
 }
 
index 83d2216..3f2fec4 100644 (file)
@@ -1350,8 +1350,16 @@ CALLBACK(children_sn, bool,
        }
        if (child.proposals->get_count(child.proposals) == 0)
        {
-               child.proposals->insert_last(child.proposals,
-                                                                        proposal_create_default(PROTO_ESP));
+               proposal = proposal_create_default(PROTO_ESP);
+               if (proposal)
+               {
+                       child.proposals->insert_last(child.proposals, proposal);
+               }
+               proposal = proposal_create_default_aead(PROTO_ESP);
+               if (proposal)
+               {
+                       child.proposals->insert_last(child.proposals, proposal);
+               }
        }
 
        /* if no hard lifetime specified, add one at soft lifetime + 10% */