aboutsummaryrefslogtreecommitdiffstats
path: root/Source/charon/sa
diff options
context:
space:
mode:
Diffstat (limited to 'Source/charon/sa')
-rw-r--r--Source/charon/sa/states/ike_auth_requested.c22
-rw-r--r--Source/charon/sa/states/ike_sa_init_requested.c6
-rw-r--r--Source/charon/sa/states/ike_sa_init_responded.c32
3 files changed, 49 insertions, 11 deletions
diff --git a/Source/charon/sa/states/ike_auth_requested.c b/Source/charon/sa/states/ike_auth_requested.c
index ad23fa051..00c691d03 100644
--- a/Source/charon/sa/states/ike_auth_requested.c
+++ b/Source/charon/sa/states/ike_auth_requested.c
@@ -327,8 +327,11 @@ static status_t process_sa_payload(private_ike_auth_requested_t *this, sa_payloa
{
child_proposal_t *proposal;
linked_list_t *proposal_list;
+ protocol_id_t proto;
+
/* TODO fix mem allocation */
/* TODO child sa stuff */
+
/* get selected proposal */
proposal_list = sa_payload->get_child_proposals(sa_payload);
/* check count of proposals */
@@ -353,6 +356,25 @@ static status_t process_sa_payload(private_ike_auth_requested_t *this, sa_payloa
this->logger->log(this->logger, AUDIT, "IKE_AUTH reply contained a not offered proposal. Deleting IKE_SA");
return DELETE_ME;
}
+ this->logger->log(this->logger, CONTROL|LEVEL1, "selected proposals:");
+ for (proto = AH; proto <= ESP; proto++)
+ {
+ transform_type_t types[] = {ENCRYPTION_ALGORITHM, INTEGRITY_ALGORITHM, DIFFIE_HELLMAN_GROUP, EXTENDED_SEQUENCE_NUMBERS};
+ mapping_t *mappings[] = {encryption_algorithm_m, integrity_algorithm_m, diffie_hellman_group_m, extended_sequence_numbers_m};
+ algorithm_t *algo;
+ int i;
+ for (i = 0; i<sizeof(types)/sizeof(transform_type_t); i++)
+ {
+ if (proposal->get_algorithm(proposal, proto, types[i], &algo))
+ {
+ this->logger->log(this->logger, CONTROL|LEVEL1, "%s: using %s %s (keysize: %d)",
+ mapping_find(protocol_id_m, proto),
+ mapping_find(transform_type_m, types[i]),
+ mapping_find(mappings[i], algo->algorithm),
+ algo->key_size);
+ }
+ }
+ }
return SUCCESS;
}
diff --git a/Source/charon/sa/states/ike_sa_init_requested.c b/Source/charon/sa/states/ike_sa_init_requested.c
index 1bbffa1dd..d7fa1f127 100644
--- a/Source/charon/sa/states/ike_sa_init_requested.c
+++ b/Source/charon/sa/states/ike_sa_init_requested.c
@@ -523,11 +523,11 @@ static status_t build_sa_payload (private_ike_sa_init_requested_t *this, message
{
linked_list_t *proposal_list;
sa_payload_t *sa_payload;
- sa_config_t *sa_config;
- POS;
+ sa_config_t *sa_config;
+
sa_config = this->ike_sa->get_sa_config(this->ike_sa);
proposal_list = sa_config->get_proposals(sa_config);
- sa_payload = sa_payload_create_from_child_proposals(proposal_list);
+ sa_payload = sa_payload_create_from_child_proposal_list(proposal_list);
/* TODO: fix mem allocation */
/* TODO child sa stuff */
diff --git a/Source/charon/sa/states/ike_sa_init_responded.c b/Source/charon/sa/states/ike_sa_init_responded.c
index fd9835611..c89458e89 100644
--- a/Source/charon/sa/states/ike_sa_init_responded.c
+++ b/Source/charon/sa/states/ike_sa_init_responded.c
@@ -387,10 +387,10 @@ static status_t build_idr_payload(private_ike_sa_init_responded_t *this, id_payl
static status_t build_sa_payload(private_ike_sa_init_responded_t *this, sa_payload_t *request, message_t *response)
{
child_proposal_t *proposal;
- linked_list_t *proposal_list, *dummy_list;
+ linked_list_t *proposal_list;
sa_payload_t *sa_response;
+ protocol_id_t proto;
- POS;
/* TODO: fix mem */
/* TODO: child sa stuff */
@@ -404,21 +404,37 @@ static status_t build_sa_payload(private_ike_sa_init_responded_t *this, sa_paylo
response->add_payload(response, (payload_t*)sa_response);
return SUCCESS;
}
+
/* now select a proposal */
+ this->logger->log(this->logger, CONTROL|LEVEL1, "Selecting proposals:");
proposal = this->sa_config->select_proposal(this->sa_config, proposal_list);
if (proposal == NULL)
{
- POS;
this->logger->log(this->logger, AUDIT, "IKE_AUTH request did not contain any proposals we accept. Deleting IKE_SA");
this->ike_sa->send_notify(this->ike_sa, IKE_AUTH, NO_PROPOSAL_CHOSEN, CHUNK_INITIALIZER);
return DELETE_ME;
}
+ for (proto = AH; proto <= ESP; proto++)
+ {
+ transform_type_t types[] = {ENCRYPTION_ALGORITHM, INTEGRITY_ALGORITHM, DIFFIE_HELLMAN_GROUP, EXTENDED_SEQUENCE_NUMBERS};
+ mapping_t *mappings[] = {encryption_algorithm_m, integrity_algorithm_m, diffie_hellman_group_m, extended_sequence_numbers_m};
+ algorithm_t *algo;
+ int i;
+ for (i = 0; i<sizeof(types)/sizeof(transform_type_t); i++)
+ {
+ if (proposal->get_algorithm(proposal, proto, types[i], &algo))
+ {
+ this->logger->log(this->logger, CONTROL|LEVEL1, "%s: using %s %s (keysize: %d)",
+ mapping_find(protocol_id_m, proto),
+ mapping_find(transform_type_m, types[i]),
+ mapping_find(mappings[i], algo->algorithm),
+ algo->key_size);
+ }
+ }
+ }
- /* we need a dummy list to build an sa payload from ONE proposal */
- dummy_list = linked_list_create();
- dummy_list->insert_last(dummy_list, (void*)proposal);
- sa_response = sa_payload_create_from_child_proposals(dummy_list);
- dummy_list->destroy(dummy_list);
+ /* create payload with selected propsal */
+ sa_response = sa_payload_create_from_child_proposal(proposal);
response->add_payload(response, (payload_t*)sa_response);
return SUCCESS;
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-23 21:14:24 +0000