charon-cmd: add IKEv1 aggressive mode profiles
authorMartin Willi <martin@revosec.ch>
Thu, 20 Jun 2013 09:01:37 +0000 (11:01 +0200)
committerMartin Willi <martin@revosec.ch>
Thu, 20 Jun 2013 09:01:37 +0000 (11:01 +0200)
src/charon-cmd/cmd/cmd_connection.c
src/charon-cmd/cmd/cmd_options.c
src/charon-cmd/cmd/cmd_options.h

index e48f548..435d943 100644 (file)
@@ -38,19 +38,27 @@ enum profile_t {
        PROF_V2_EAP,
        PROF_V2_PUB_EAP,
        PROF_V1_PUB,
+       PROF_V1_PUB_AM,
        PROF_V1_XAUTH,
+       PROF_V1_XAUTH_AM,
        PROF_V1_XAUTH_PSK,
+       PROF_V1_XAUTH_PSK_AM,
        PROF_V1_HYBRID,
+       PROF_V1_HYBRID_AM,
 };
 
-ENUM(profile_names, PROF_V2_PUB, PROF_V1_HYBRID,
+ENUM(profile_names, PROF_V2_PUB, PROF_V1_HYBRID_AM,
        "ikev2-pub",
        "ikev2-eap",
        "ikev2-pub-eap",
        "ikev1-pub",
+       "ikev1-pub-am",
        "ikev1-xauth",
+       "ikev1-xauth-am",
        "ikev1-xauth-psk",
+       "ikev1-xauth-psk-am",
        "ikev1-hybrid",
+       "ikev1-hybrid-am",
 );
 
 /**
@@ -121,6 +129,7 @@ static peer_cfg_t* create_peer_cfg(private_cmd_connection_t *this)
        peer_cfg_t *peer_cfg;
        u_int16_t local_port, remote_port = IKEV2_UDP_PORT;
        ike_version_t version = IKE_ANY;
+       bool aggressive = FALSE;
 
        switch (this->profile)
        {
@@ -130,6 +139,12 @@ static peer_cfg_t* create_peer_cfg(private_cmd_connection_t *this)
                case PROF_V2_PUB_EAP:
                        version = IKEV2;
                        break;
+               case PROF_V1_PUB_AM:
+               case PROF_V1_XAUTH_AM:
+               case PROF_V1_XAUTH_PSK_AM:
+               case PROF_V1_HYBRID_AM:
+                       aggressive = TRUE;
+                       /* FALL */
                case PROF_V1_PUB:
                case PROF_V1_XAUTH:
                case PROF_V1_XAUTH_PSK:
@@ -150,7 +165,7 @@ static peer_cfg_t* create_peer_cfg(private_cmd_connection_t *this)
                                        CERT_SEND_IF_ASKED, UNIQUE_REPLACE, 1, /* keyingtries */
                                        36000, 0, /* rekey 10h, reauth none */
                                        600, 600, /* jitter, over 10min */
-                                       TRUE, FALSE, /* mobike, aggressive */
+                                       TRUE, aggressive, /* mobike, aggressive */
                                        30, 0, /* DPD delay, timeout */
                                        FALSE, NULL, NULL); /* mediation */
        peer_cfg->add_virtual_ip(peer_cfg, host_create_from_string("0.0.0.0", 0));
@@ -211,6 +226,8 @@ static bool add_auth_cfgs(private_cmd_connection_t *this, peer_cfg_t *peer_cfg)
                case PROF_V2_PUB_EAP:
                case PROF_V1_PUB:
                case PROF_V1_XAUTH:
+               case PROF_V1_PUB_AM:
+               case PROF_V1_XAUTH_AM:
                        if (!this->key_seen)
                        {
                                DBG1(DBG_CFG, "missing private key for profile %N",
@@ -238,20 +255,24 @@ static bool add_auth_cfgs(private_cmd_connection_t *this, peer_cfg_t *peer_cfg)
                        add_auth_cfg(this, peer_cfg, FALSE, AUTH_CLASS_ANY);
                        break;
                case PROF_V1_PUB:
+               case PROF_V1_PUB_AM:
                        add_auth_cfg(this, peer_cfg, TRUE, AUTH_CLASS_PUBKEY);
                        add_auth_cfg(this, peer_cfg, FALSE, AUTH_CLASS_PUBKEY);
                        break;
                case PROF_V1_XAUTH:
+               case PROF_V1_XAUTH_AM:
                        add_auth_cfg(this, peer_cfg, TRUE, AUTH_CLASS_PUBKEY);
                        add_auth_cfg(this, peer_cfg, TRUE, AUTH_CLASS_XAUTH);
                        add_auth_cfg(this, peer_cfg, FALSE, AUTH_CLASS_PUBKEY);
                        break;
                case PROF_V1_XAUTH_PSK:
+               case PROF_V1_XAUTH_PSK_AM:
                        add_auth_cfg(this, peer_cfg, TRUE, AUTH_CLASS_PSK);
                        add_auth_cfg(this, peer_cfg, TRUE, AUTH_CLASS_XAUTH);
                        add_auth_cfg(this, peer_cfg, FALSE, AUTH_CLASS_PSK);
                        break;
                case PROF_V1_HYBRID:
+               case PROF_V1_HYBRID_AM:
                        add_auth_cfg(this, peer_cfg, TRUE, AUTH_CLASS_XAUTH);
                        add_auth_cfg(this, peer_cfg, FALSE, AUTH_CLASS_PUBKEY);
                        break;
index e7dbff7..16b6b65 100644 (file)
@@ -52,12 +52,16 @@ cmd_option_t cmd_options[CMD_OPT_COUNT] = {
          "remote traffic selector to propose for remote side", {}},
        { CMD_OPT_PROFILE, "profile", required_argument, "name",
          "authentication profile to use, where name is one of:", {
-               "ikev2-pub:       IKEv2 with public key client authentication",
-               "ikev2-eap:       IKEv2 with client EAP",
-               "ikev2-pub-eap:   IKEv2 with public key client authentication + client EAP",
-               "ikev1-pub:       IKEv1 public key authentication",
-               "ikev1-xauth:     IKEv1 public key authentication + initiator XAuth",
-               "ikev1-xauth-psk: IKEv1 PSK authentication + initiator XAuth (INSECURE!)",
-               "ikev1-hybrid:    IKEv1 public key responder only + initiator XAuth",
+               "ikev2-pub:          IKEv2 with public key client authentication",
+               "ikev2-eap:          IKEv2 with client EAP",
+               "ikev2-pub-eap:      IKEv2 with public key client authentication + client EAP",
+               "ikev1-pub:          IKEv1 public key authentication",
+               "ikev1-pub-am:             use Aggressive Mode",
+               "ikev1-xauth:        IKEv1 public key authentication + initiator XAuth",
+               "ikev1-xauth-am:           use Aggressive Mode",
+               "ikev1-xauth-psk:    IKEv1 PSK authentication + initiator XAuth (INSECURE!)",
+               "ikev1-xauth-psk-am:       use Aggressive Mode",
+               "ikev1-hybrid:       IKEv1 public key responder only + initiator XAuth",
+               "ikev1-hybrid-am:          use Aggressive Mode",
        }},
 };
index 7a6080f..f0cf32a 100644 (file)
@@ -62,7 +62,7 @@ struct cmd_option_t {
        /** short description to option */
        const char *desc;
        /** additional description lines */
-       const char *lines[8];
+       const char *lines[12];
 };
 
 /**