From: Andreas Steffen <andreas.steffen@strongswan.org>
Date: Tue, 19 Nov 2019 19:44:39 +0000 (+0100)
Subject: vici: List additional key exchanges
X-Git-Tag: 6.0.0rc1~56^2~12
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=355f917532e7c581b9dee28a1b88aebef002832f;p=thirdparty%2Fstrongswan.git

vici: List additional key exchanges

Co-authored-by: Tobias Brunner <tobias@strongswan.org>
---

diff --git a/src/libcharon/plugins/vici/vici_query.c b/src/libcharon/plugins/vici/vici_query.c
index bacb7b101e..8ba614fb6b 100644
--- a/src/libcharon/plugins/vici/vici_query.c
+++ b/src/libcharon/plugins/vici/vici_query.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2015-2020 Tobias Brunner
- * Copyright (C) 2015-2018 Andreas Steffen
+ * Copyright (C) 2015-2019 Andreas Steffen
  * Copyright (C) 2014 Martin Willi
  *
  * Copyright (C) secunet Security Networks AG
@@ -172,6 +172,27 @@ static void list_label(vici_builder_t *b, child_sa_t *child, child_cfg_t *cfg)
 	}
 }
 
+/**
+ * List additional key exchanges
+ */
+static void list_ake(vici_builder_t *b, proposal_t *proposal)
+{
+	transform_type_t transform;
+	char ake_str[5];
+	uint16_t alg;
+	int ake;
+
+	for (ake = 1; ake <= 7; ake++)
+	{
+		transform = ADDITIONAL_KEY_EXCHANGE_1 + ake - 1;
+		if (proposal->get_algorithm(proposal, transform, &alg, NULL))
+		{
+			sprintf(ake_str, "ake%d", ake);
+			b->add_kv(b, ake_str, "%N", key_exchange_method_names, alg);
+		}
+	}
+}
+
 /**
  * List IPsec-related details about a CHILD_SA
  */
@@ -235,6 +256,7 @@ static void list_child_ipsec(vici_builder_t *b, child_sa_t *child)
 		{
 			b->add_kv(b, "dh-group", "%N", key_exchange_method_names, alg);
 		}
+		list_ake(b, proposal);
 		if (proposal->get_algorithm(proposal, EXTENDED_SEQUENCE_NUMBERS,
 									&alg, NULL) && alg == EXT_SEQ_NUMBERS)
 		{
@@ -493,6 +515,7 @@ static void list_ike(private_vici_query_t *this, vici_builder_t *b,
 		{
 			b->add_kv(b, "dh-group", "%N", key_exchange_method_names, alg);
 		}
+		list_ake(b, proposal);
 	}
 	add_condition(b, ike_sa, "ppk", COND_PPK);
 
@@ -1382,7 +1405,7 @@ CALLBACK(get_algorithms, vici_message_t*,
 	enumerator->destroy(enumerator);
 	b->end_section(b);
 
-	b->begin_section(b, "dh");
+	b->begin_section(b, "ke");
 	enumerator = lib->crypto->create_ke_enumerator(lib->crypto);
 	while (enumerator->enumerate(enumerator, &group, &plugin_name))
 	{
diff --git a/src/swanctl/commands/list_sas.c b/src/swanctl/commands/list_sas.c
index a4d794c3f5..321bd044dd 100755
--- a/src/swanctl/commands/list_sas.c
+++ b/src/swanctl/commands/list_sas.c
@@ -1,6 +1,7 @@
 /*
+ * Copyright (C) 2016-2019 Andreas Steffen
+ * Copyright (C) 2015-2020 Tobias Brunner
  * Copyright (C) 2014 Martin Willi
- * Copyright (C) 2016 Andreas Steffen
  *
  * Copyright (C) secunet Security Networks AG
  *
@@ -100,6 +101,24 @@ CALLBACK(sa_list, int,
 	return 0;
 }
 
+/**
+ * Print additional key exchanges
+ */
+static void print_ake(hashtable_t *sa)
+{
+	char ake_str[5];
+	int ake;
+
+	for (ake = 1; ake <= 7; ake++)
+	{
+		sprintf(ake_str, "ake%d", ake);
+		if (sa->get(sa, ake_str))
+		{
+			printf("/KE%d_%s", ake, sa->get(sa, ake_str));
+		}
+	}
+}
+
 CALLBACK(child_sas, int,
 	hashtable_t *ike, vici_res_t *res, char *name)
 {
@@ -145,6 +164,7 @@ CALLBACK(child_sas, int,
 		{
 			printf("/%s", child->get(child, "dh-group"));
 		}
+		print_ake(child);
 		if (child->get(child, "esn"))
 		{
 			printf("/ESN");
@@ -290,6 +310,7 @@ CALLBACK(ike_sa, int,
 			}
 			printf("/%s", ike->get(ike, "prf-alg"));
 			printf("/%s", ike->get(ike, "dh-group"));
+			print_ake(ike);
 			if (streq(ike->get(ike, "ppk"), "yes"))
 			{
 				printf("/PPK");