child-create: Add an option to set the DH group to be used
authorTobias Brunner <tobias@strongswan.org>
Fri, 2 Feb 2018 09:43:17 +0000 (10:43 +0100)
committerTobias Brunner <tobias@strongswan.org>
Fri, 9 Feb 2018 09:20:05 +0000 (10:20 +0100)
src/libcharon/sa/ikev2/tasks/child_create.c
src/libcharon/sa/ikev2/tasks/child_create.h

index 4d4d72e..17c5573 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2008-2017 Tobias Brunner
+ * Copyright (C) 2008-2018 Tobias Brunner
  * Copyright (C) 2005-2008 Martin Willi
  * Copyright (C) 2005 Jan Hutter
  * HSR Hochschule fuer Technik Rapperswil
@@ -1006,8 +1006,8 @@ METHOD(task_t, build_i, status_t,
                                                                        chunk_empty);
                                return SUCCESS;
                        }
-                       if (!this->retry)
-                       {
+                       if (!this->retry && this->dh_group == MODP_NONE)
+                       {       /* during a rekeying the group might already be set */
                                this->dh_group = this->config->get_dh_group(this->config);
                        }
                        break;
@@ -1615,6 +1615,12 @@ METHOD(child_create_t, use_marks, void,
        this->mark_out = out;
 }
 
+METHOD(child_create_t, use_dh_group, void,
+       private_child_create_t *this, diffie_hellman_group_t dh_group)
+{
+       this->dh_group = dh_group;
+}
+
 METHOD(child_create_t, get_child, child_sa_t*,
        private_child_create_t *this)
 {
@@ -1736,6 +1742,7 @@ child_create_t *child_create_create(ike_sa_t *ike_sa,
                        .get_lower_nonce = _get_lower_nonce,
                        .use_reqid = _use_reqid,
                        .use_marks = _use_marks,
+                       .use_dh_group = _use_dh_group,
                        .task = {
                                .get_type = _get_type,
                                .migrate = _migrate,
index f48d7b0..59fc6d2 100644 (file)
@@ -1,6 +1,7 @@
 /*
+ * Copyright (C) 2018 Tobias Brunner
  * Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -60,6 +61,15 @@ struct child_create_t {
        void (*use_marks)(child_create_t *this, u_int in, u_int out);
 
        /**
+        * Initially propose a specific DH group to override configuration.
+        *
+        * This is used during rekeying to prefer the previously negotiated group.
+        *
+        * @param dh_group      DH group to use
+        */
+       void (*use_dh_group)(child_create_t *this, diffie_hellman_group_t dh_group);
+
+       /**
         * Get the lower of the two nonces, used for rekey collisions.
         *
         * @return                      lower nonce