ike_sa_t *ike_sa = NULL, *old_sa = NULL;
ike_version_t version = IKEV2;
u_int16_t encr = 0, len = 0, integ = 0, prf = 0, old_prf = PRF_UNDEFINED;
+ u_int16_t dh_grp = 0;
chunk_t nonce_i = chunk_empty, nonce_r = chunk_empty;
chunk_t secret = chunk_empty, old_skd = chunk_empty;
chunk_t dh_local = chunk_empty, dh_remote = chunk_empty, psk = chunk_empty;
case HA_ALG_OLD_PRF:
old_prf = value.u16;
break;
+ case HA_ALG_DH:
+ dh_grp = value.u16;
+ break;
default:
break;
}
{
proposal->add_algorithm(proposal, PSEUDO_RANDOM_FUNCTION, prf, 0);
}
+ if (dh_grp)
+ {
+ proposal->add_algorithm(proposal, DIFFIE_HELLMAN_GROUP, dh_grp, 0);
+ }
charon->bus->set_sa(charon->bus, ike_sa);
dh = ha_diffie_hellman_create(secret, dh_local);
if (ike_sa->get_version(ike_sa) == IKEV2)
{
m->add_attribute(m, HA_ALG_PRF, alg);
}
+ if (proposal->get_algorithm(proposal, DIFFIE_HELLMAN_GROUP, &alg, NULL))
+ {
+ m->add_attribute(m, HA_ALG_DH, alg);
+ }
m->add_attribute(m, HA_NONCE_I, nonce_i);
m->add_attribute(m, HA_NONCE_R, nonce_r);
m->add_attribute(m, HA_SECRET, secret);
HA_ALG_ENCR_LEN,
/** u_int16_t, integrity protection algorithm */
HA_ALG_INTEG,
+ /** u_int16_t, DH group */
+ HA_ALG_DH,
/** u_int8_t, IPsec mode, TUNNEL|TRANSPORT|... */
HA_IPSEC_MODE,
/** u_int8_t, IPComp protocol */
projects / strongswan.git / commitdiff