aboutsummaryrefslogtreecommitdiffstats
path: root/Source/charon/config
diff options
context:
space:
mode:
Diffstat (limited to 'Source/charon/config')
-rw-r--r--Source/charon/config/configuration_manager.c37
-rw-r--r--Source/charon/config/proposal.c19
2 files changed, 35 insertions, 21 deletions
diff --git a/Source/charon/config/configuration_manager.c b/Source/charon/config/configuration_manager.c
index adbd0ddee..07eaf53e2 100644
--- a/Source/charon/config/configuration_manager.c
+++ b/Source/charon/config/configuration_manager.c
@@ -285,10 +285,8 @@ static void load_default_config (private_configuration_manager_t *this)
/* IKE proposals for alice */
proposal = proposal_create(1);
proposal->add_algorithm(proposal, IKE, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
- POS;
- proposal->add_algorithm(proposal, IKE, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 16);
- POS;
- proposal->add_algorithm(proposal, IKE, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 16);
+ proposal->add_algorithm(proposal, IKE, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0);
+ proposal->add_algorithm(proposal, IKE, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 0);
proposal->add_algorithm(proposal, IKE, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
proposal->add_algorithm(proposal, IKE, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0);
init_config_a->add_proposal(init_config_a, proposal);
@@ -296,8 +294,8 @@ static void load_default_config (private_configuration_manager_t *this)
/* IKE proposals for bob */
proposal = proposal_create(1);
proposal->add_algorithm(proposal, IKE, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
- proposal->add_algorithm(proposal, IKE, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 16);
- proposal->add_algorithm(proposal, IKE, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 16);
+ proposal->add_algorithm(proposal, IKE, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0);
+ proposal->add_algorithm(proposal, IKE, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 0);
proposal->add_algorithm(proposal, IKE, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0);
init_config_b->add_proposal(init_config_b, proposal);
@@ -322,16 +320,17 @@ static void load_default_config (private_configuration_manager_t *this)
/* child proposal for alice */
proposal = proposal_create(1);
- proposal->add_algorithm(proposal, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
- proposal->add_algorithm(proposal, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20);
- proposal->add_algorithm(proposal, AH, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
- proposal->add_algorithm(proposal, AH, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0);
- proposal->add_algorithm(proposal, AH, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
+// proposal->add_algorithm(proposal, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
+// proposal->add_algorithm(proposal, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0);
+// proposal->add_algorithm(proposal, AH, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
+// proposal->add_algorithm(proposal, AH, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0);
+// proposal->add_algorithm(proposal, AH, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
proposal->add_algorithm(proposal, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
- proposal->add_algorithm(proposal, ESP, ENCRYPTION_ALGORITHM, ENCR_3DES, 32);
- proposal->add_algorithm(proposal, ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20);
- proposal->add_algorithm(proposal, ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
+ proposal->add_algorithm(proposal, ESP, ENCRYPTION_ALGORITHM, ENCR_3DES, 0);
+ proposal->add_algorithm(proposal, ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
+ proposal->add_algorithm(proposal, ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0);
+ proposal->add_algorithm(proposal, ESP, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0);
proposal->add_algorithm(proposal, ESP, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
proposal->add_algorithm(proposal, ESP, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
@@ -340,12 +339,14 @@ static void load_default_config (private_configuration_manager_t *this)
/* child proposal for bob */
proposal = proposal_create(1);
- proposal->add_algorithm(proposal, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
- proposal->add_algorithm(proposal, AH, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
- proposal->add_algorithm(proposal, AH, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
+// proposal->add_algorithm(proposal, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
+// proposal->add_algorithm(proposal, AH, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0);
+// proposal->add_algorithm(proposal, AH, INTEGRITY_ALGORITHM, AUTH_DES_MAC, 0);
+// proposal->add_algorithm(proposal, AH, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
+// proposal->add_algorithm(proposal, AH, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
proposal->add_algorithm(proposal, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
- proposal->add_algorithm(proposal, ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20);
+ proposal->add_algorithm(proposal, ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0);
proposal->add_algorithm(proposal, ESP, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
proposal->add_algorithm(proposal, ESP, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
diff --git a/Source/charon/config/proposal.c b/Source/charon/config/proposal.c
index 528cf9808..a547583d9 100644
--- a/Source/charon/config/proposal.c
+++ b/Source/charon/config/proposal.c
@@ -339,6 +339,7 @@ static proposal_t *select_proposal(private_proposal_t *this, private_proposal_t
protocol_proposal_t *this_prop, *other_prop;
protocol_id_t proto;
bool add;
+ u_int64_t spi;
/* empty proposal? no match */
if (this->protocol_proposals->get_count(this->protocol_proposals) == 0 ||
@@ -443,6 +444,19 @@ static proposal_t *select_proposal(private_proposal_t *this, private_proposal_t
}
}
iterator->destroy(iterator);
+
+ /* apply spis from "other" */
+ spi = other->public.get_spi(&(other->public), AH);
+ if (spi)
+ {
+ selected->set_spi(selected, AH, spi);
+ }
+ spi = other->public.get_spi(&(other->public), ESP);
+ if (spi)
+ {
+ selected->set_spi(selected, ESP, spi);
+ }
+
/* everything matched, return new proposal */
return selected;
}
@@ -487,7 +501,7 @@ static void set_spi(private_proposal_t *this, protocol_id_t proto, u_int64_t spi
protocol_proposal_t *proto_proposal = get_protocol_proposal(this, proto, FALSE);
if (proto_proposal)
{
- if (proto == IKE)
+ if (proto == AH || proto == ESP)
{
*((u_int32_t*)proto_proposal->spi.ptr) = (u_int32_t)spi;
}
@@ -495,7 +509,6 @@ static void set_spi(private_proposal_t *this, protocol_id_t proto, u_int64_t spi
{
*((u_int64_t*)proto_proposal->spi.ptr) = spi;
}
-
}
}
@@ -507,7 +520,7 @@ static u_int64_t get_spi(private_proposal_t *this, protocol_id_t proto)
protocol_proposal_t *proto_proposal = get_protocol_proposal(this, proto, FALSE);
if (proto_proposal)
{
- if (proto == IKE)
+ if (proto == AH || proto == ESP)
{
return (u_int64_t)*((u_int32_t*)proto_proposal->spi.ptr);
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-21 09:44:35 +0000