aboutsummaryrefslogtreecommitdiffstats
path: root/Source/charon/config/sa_config.c
diff options
context:
space:
mode:
authorMartin Willi <martin@strongswan.org>2005-12-02 12:38:55 +0000
committerMartin Willi <martin@strongswan.org>2005-12-02 12:38:55 +0000
commitccf783d29dba58e8e6aef211b8d050670b1d55ac (patch)
treea252d58ead4e682c0bb915dc09bc12c9f21565d6 /Source/charon/config/sa_config.c
parentae3012a0ea0e06e29212f1967b5b71e90460fb43 (diff)
downloadstrongswan-ccf783d29dba58e8e6aef211b8d050670b1d55ac.tar.bz2
strongswan-ccf783d29dba58e8e6aef211b8d050670b1d55ac.tar.xz
- state ike_sa_init_responded implemented (has some memleaks)
Diffstat (limited to 'Source/charon/config/sa_config.c')
-rw-r--r--Source/charon/config/sa_config.c71
1 files changed, 57 insertions, 14 deletions
diff --git a/Source/charon/config/sa_config.c b/Source/charon/config/sa_config.c
index 2d91f7bbe..623f8be87 100644
--- a/Source/charon/config/sa_config.c
+++ b/Source/charon/config/sa_config.c
@@ -260,31 +260,74 @@ static child_proposal_t *select_proposal(private_sa_config_t *this, u_int8_t ah_
*/
static bool proposal_equals(private_sa_config_t *this, child_proposal_t *first, child_proposal_t *second)
{
+ /*
+ * Proto ? Mandatory ? Optional
+ * -----------------------------------
+ * ESP ? ENCR ? INTEG, D-H, ESN
+ * AH ? INTEG ? D-H, ESN
+ */
+
+ /* equality defaults to false, so return is FALSE if ah and esp not set */
bool equal = FALSE;
+ /* check ah, if set */
if (first->ah.is_set && second->ah.is_set)
{
- if ((first->ah.integrity_algorithm != second->ah.integrity_algorithm) ||
- (first->ah.integrity_algorithm_key_size != second->ah.integrity_algorithm_key_size) ||
- (first->ah.diffie_hellman_group != second->ah.diffie_hellman_group) ||
- (first->ah.extended_sequence_numbers != second->ah.extended_sequence_numbers))
+ /* integrity alg is mandatory, with key size */
+ if ((first->ah.integrity_algorithm == second->ah.integrity_algorithm) &&
+ (first->ah.integrity_algorithm_key_size == second->ah.integrity_algorithm_key_size))
{
- return FALSE;
+ /* dh group is optional, but must be NOT_SET when not set */
+ if (first->ah.diffie_hellman_group != second->ah.diffie_hellman_group)
+ {
+ return FALSE;
+ }
+ /* sequence numbers is optional, but must be NOT_SET when not set */
+ if (first->ah.extended_sequence_numbers != second->ah.extended_sequence_numbers)
+ {
+ return FALSE;
+ }
+ /* all checked, ah seems ok */
+ equal = TRUE;
+ }
+ else
+ {
+ return FALSE;
}
- equal = TRUE;
}
+ /* check esp, if set */
if (first->esp.is_set && second->esp.is_set)
{
- if ((first->esp.encryption_algorithm != second->esp.encryption_algorithm) ||
- (first->esp.encryption_algorithm_key_size != second->esp.encryption_algorithm_key_size) ||
- (first->esp.integrity_algorithm != second->esp.integrity_algorithm) ||
- (first->esp.integrity_algorithm_key_size != second->esp.integrity_algorithm_key_size) ||
- (first->esp.diffie_hellman_group != second->esp.diffie_hellman_group) ||
- (first->esp.extended_sequence_numbers != second->esp.extended_sequence_numbers))
+ /* encryption alg is mandatory, with key size */
+ if ((first->esp.encryption_algorithm == second->esp.encryption_algorithm) &&
+ (first->esp.encryption_algorithm_key_size == second->esp.encryption_algorithm_key_size))
+ {
+ /* int alg is optional, check key only when not NOT_SET */
+ if (first->esp.integrity_algorithm != second->esp.integrity_algorithm)
+ {
+ return FALSE;
+ }
+ if ((first->esp.integrity_algorithm != AUTH_UNDEFINED) &&
+ (first->esp.integrity_algorithm_key_size != second->esp.integrity_algorithm_key_size))
+ {
+ return FALSE;
+ }
+ /* dh group is optional, but must be NOT_SET when not set */
+ if (first->esp.diffie_hellman_group != second->esp.diffie_hellman_group)
+ {
+ return FALSE;
+ }
+ if (first->esp.extended_sequence_numbers != second->esp.extended_sequence_numbers)
+ {
+ return FALSE;
+ }
+ /* all checked, esp seems ok */
+ equal = TRUE;
+ }
+ else
{
- return FALSE;
+ return FALSE;
}
- equal = TRUE;
}
return equal;
}