diff options
author | Martin Willi <martin@revosec.ch> | 2012-10-10 13:36:16 +0200 |
---|---|---|
committer | Martin Willi <martin@revosec.ch> | 2012-10-24 11:49:37 +0200 |
commit | 7ee16e4b855f26f865ff6f9b500a854b23540aec (patch) | |
tree | fadc9576a1d39d9c58754988037738a27c170b97 /src | |
parent | 60e59b7e7fd0c78ca48513e282f147c8c570add8 (diff) | |
download | strongswan-7ee16e4b855f26f865ff6f9b500a854b23540aec.tar.bz2 strongswan-7ee16e4b855f26f865ff6f9b500a854b23540aec.tar.xz |
Only add an implicit PRF based on the MAC alg if no PRF given in proposal
Diffstat (limited to 'src')
-rw-r--r-- | src/libcharon/config/proposal.c | 76 |
1 files changed, 38 insertions, 38 deletions
diff --git a/src/libcharon/config/proposal.c b/src/libcharon/config/proposal.c index 43b467f46..4738d0563 100644 --- a/src/libcharon/config/proposal.c +++ b/src/libcharon/config/proposal.c @@ -515,6 +515,23 @@ METHOD(proposal_t, clone_, proposal_t*, } /** + * Map integrity algorithms to the PRF functions using the same algorithm. + */ +static const struct { + integrity_algorithm_t integ; + pseudo_random_function_t prf; +} integ_prf_map[] = { + {AUTH_HMAC_SHA1_96, PRF_HMAC_SHA1 }, + {AUTH_HMAC_SHA2_256_128, PRF_HMAC_SHA2_256 }, + {AUTH_HMAC_SHA2_384_192, PRF_HMAC_SHA2_384 }, + {AUTH_HMAC_SHA2_512_256, PRF_HMAC_SHA2_512 }, + {AUTH_HMAC_MD5_96, PRF_HMAC_MD5 }, + {AUTH_AES_XCBC_96, PRF_AES128_XCBC }, + {AUTH_CAMELLIA_XCBC_96, PRF_CAMELLIA128_XCBC }, + {AUTH_AES_CMAC_96, PRF_AES128_CMAC }, +}; + +/** * Checks the proposal read from a string. */ static void check_proposal(private_proposal_t *this) @@ -522,6 +539,27 @@ static void check_proposal(private_proposal_t *this) enumerator_t *e; algorithm_t *alg; bool all_aead = TRUE; + int i; + + if (this->protocol == PROTO_IKE && + this->prf_algos->get_count(this->prf_algos) == 0) + { /* No explicit PRF found. We assume the same algorithm as used + * for integrity checking */ + e = this->integrity_algos->create_enumerator(this->integrity_algos); + while (e->enumerate(e, &alg)) + { + for (i = 0; i < countof(integ_prf_map); i++) + { + if (alg->algorithm == integ_prf_map[i].integ) + { + add_algorithm(this, PSEUDO_RANDOM_FUNCTION, + integ_prf_map[i].prf, 0); + break; + } + } + } + e->destroy(e); + } e = this->encryption_algos->create_enumerator(this->encryption_algos); while (e->enumerate(e, &alg)) @@ -572,44 +610,6 @@ static bool add_string_algo(private_proposal_t *this, const char *alg) add_algorithm(this, token->type, token->algorithm, token->keysize); - if (this->protocol == PROTO_IKE && token->type == INTEGRITY_ALGORITHM) - { - pseudo_random_function_t prf; - - switch (token->algorithm) - { - case AUTH_HMAC_SHA1_96: - prf = PRF_HMAC_SHA1; - break; - case AUTH_HMAC_SHA2_256_128: - prf = PRF_HMAC_SHA2_256; - break; - case AUTH_HMAC_SHA2_384_192: - prf = PRF_HMAC_SHA2_384; - break; - case AUTH_HMAC_SHA2_512_256: - prf = PRF_HMAC_SHA2_512; - break; - case AUTH_HMAC_MD5_96: - prf = PRF_HMAC_MD5; - break; - case AUTH_AES_XCBC_96: - prf = PRF_AES128_XCBC; - break; - case AUTH_CAMELLIA_XCBC_96: - prf = PRF_CAMELLIA128_XCBC; - break; - case AUTH_AES_CMAC_96: - prf = PRF_AES128_CMAC; - break; - default: - prf = PRF_UNDEFINED; - } - if (prf != PRF_UNDEFINED) - { - add_algorithm(this, PSEUDO_RANDOM_FUNCTION, prf, 0); - } - } return TRUE; } |