This avoids having to call strip_dh() in child_cfg_t::get_proposals().
It also inverts the ALLOW_PRIVATE flag (i.e. makes it SKIP_PRIVATE) so
nothing has to be supplied to clone complete proposals.
{
enumerator_t *enumerator;
proposal_t *current;
+ proposal_selection_flag_t flags = 0;
linked_list_t *proposals = linked_list_create();
+ if (strip_dh)
+ {
+ flags |= PROPOSAL_SKIP_DH;
+ }
+
enumerator = this->proposals->create_enumerator(this->proposals);
while (enumerator->enumerate(enumerator, ¤t))
{
- current = current->clone(current);
- if (strip_dh)
- {
- current->strip_dh(current, MODP_NONE);
- }
+ current = current->clone(current, flags);
if (proposals->find_first(proposals, match_proposal, NULL, current))
{
current->destroy(current);
enumerator = this->proposals->create_enumerator(this->proposals);
while (enumerator->enumerate(enumerator, ¤t))
{
- current = current->clone(current);
+ current = current->clone(current, 0);
proposals->insert_last(proposals, current);
}
enumerator->destroy(enumerator);
while (enumerator->enumerate(enumerator, &proposal))
{
if (proposal->matches(proposal, match,
- private ? PROPOSAL_ALLOW_PRIVATE : 0))
+ private ? 0 : PROPOSAL_SKIP_PRIVATE))
{
enumerator->destroy(enumerator);
return TRUE;
ike.local_port = charon->socket->get_port(charon->socket, FALSE);
}
ike_cfg = ike_cfg_create(&ike);
- ike_cfg->add_proposal(ike_cfg, this->proposal->clone(this->proposal));
+ ike_cfg->add_proposal(ike_cfg, this->proposal->clone(this->proposal, 0));
peer_cfg = peer_cfg_create("load-test", ike_cfg, &peer);
if (this->vip)
}
child_cfg = child_cfg_create("load-test", &child);
- child_cfg->add_proposal(child_cfg, this->esp->clone(this->esp));
+ child_cfg->add_proposal(child_cfg, this->esp->clone(this->esp, 0));
if (num)
{ /* initiator */
METHOD(child_sa_t, set_proposal, void,
private_child_sa_t *this, proposal_t *proposal)
{
- this->proposal = proposal->clone(proposal);
+ this->proposal = proposal->clone(proposal, 0);
}
METHOD(child_sa_t, create_ts_enumerator, enumerator_t*,
private_ike_sa_t *this, proposal_t *proposal)
{
DESTROY_IF(this->proposal);
- this->proposal = proposal->clone(proposal);
+ this->proposal = proposal->clone(proposal, 0);
}
METHOD(ike_sa_t, set_message_id, void,
id_payload_t *id_payload;
identification_t *id;
linked_list_t *list;
- proposal_selection_flag_t flags = 0;
+ proposal_selection_flag_t flags = PROPOSAL_SKIP_PRIVATE;
uint16_t group;
this->ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa);
}
list = sa_payload->get_proposals(sa_payload);
- if (this->ike_sa->supports_extension(this->ike_sa , EXT_STRONGSWAN))
+ if (!this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN))
{
- flags |= PROPOSAL_ALLOW_PRIVATE;
+ flags |= PROPOSAL_SKIP_PRIVATE;
}
if (!lib->settings->get_bool(lib->settings,
"%s.prefer_configured_proposals", TRUE, lib->ns))
return send_notify(this, INVALID_PAYLOAD_TYPE);
}
list = sa_payload->get_proposals(sa_payload);
- if (this->ike_sa->supports_extension(this->ike_sa , EXT_STRONGSWAN))
+ if (!this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN))
{
- flags |= PROPOSAL_ALLOW_PRIVATE;
+ flags |= PROPOSAL_SKIP_PRIVATE;
}
this->proposal = this->ike_cfg->select_proposal(this->ike_cfg,
list, flags);
DESTROY_IF(list);
list = sa_payload->get_proposals(sa_payload);
}
- if (this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN))
+ if (!this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN))
{
- flags |= PROPOSAL_ALLOW_PRIVATE;
+ flags |= PROPOSAL_SKIP_PRIVATE;
}
if (!lib->settings->get_bool(lib->settings,
"%s.prefer_configured_proposals", TRUE, lib->ns))
DESTROY_IF(list);
list = sa_payload->get_proposals(sa_payload);
}
- if (this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN))
+ if (!this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN))
{
- flags |= PROPOSAL_ALLOW_PRIVATE;
+ flags |= PROPOSAL_SKIP_PRIVATE;
}
this->proposal = this->config->select_proposal(this->config, list,
flags);
{
flags |= PROPOSAL_SKIP_DH;
}
- if (this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN))
+ if (!this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN))
{
- flags |= PROPOSAL_ALLOW_PRIVATE;
+ flags |= PROPOSAL_SKIP_PRIVATE;
}
if (!lib->settings->get_bool(lib->settings,
"%s.prefer_configured_proposals", TRUE, lib->ns))
ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa);
proposal_list = sa_payload->get_proposals(sa_payload);
- if (this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN))
+ if (!this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN))
{
- flags |= PROPOSAL_ALLOW_PRIVATE;
+ flags |= PROPOSAL_SKIP_PRIVATE;
}
if (!lib->settings->get_bool(lib->settings,
"%s.prefer_configured_proposals", TRUE, lib->ns))
{
if (alg1 == alg2 && ks1 == ks2)
{
- if (!(flags & PROPOSAL_ALLOW_PRIVATE) && alg1 >= 1024)
+ if ((flags & PROPOSAL_SKIP_PRIVATE) && alg1 >= 1024)
{
if (log)
{
}
METHOD(proposal_t, clone_, proposal_t*,
- private_proposal_t *this)
+ private_proposal_t *this, proposal_selection_flag_t flags)
{
private_proposal_t *clone;
enumerator_t *enumerator;
entry_t *entry;
- transform_type_t *type;
clone = (private_proposal_t*)proposal_create(this->protocol, 0);
enumerator = array_create_enumerator(this->transforms);
while (enumerator->enumerate(enumerator, &entry))
{
+ if (entry->alg >= 1024 && (flags & PROPOSAL_SKIP_PRIVATE))
+ {
+ continue;
+ }
+ if (entry->type == DIFFIE_HELLMAN_GROUP && (flags & PROPOSAL_SKIP_DH))
+ {
+ continue;
+ }
array_insert(clone->transforms, ARRAY_TAIL, entry);
- }
- enumerator->destroy(enumerator);
- enumerator = array_create_enumerator(this->types);
- while (enumerator->enumerate(enumerator, &type))
- {
- array_insert(clone->types, ARRAY_TAIL, type);
+ add_type(clone->types, entry->type);
}
enumerator->destroy(enumerator);
* Flags for selecting proposals
*/
enum proposal_selection_flag_t {
- /** Accept algorithms from a private range. */
- PROPOSAL_ALLOW_PRIVATE = (1<<0),
/** Whether to prefer configured (default) or supplied proposals. */
- PROPOSAL_PREFER_SUPPLIED = (1<<1),
+ PROPOSAL_PREFER_SUPPLIED = (1<<0),
+ /** Whether to skip and ignore algorithms from a private range. */
+ PROPOSAL_SKIP_PRIVATE = (1<<1),
/** Whether to skip and ignore diffie hellman groups. */
PROPOSAL_SKIP_DH = (1<<2),
};
/**
* Clone a proposal.
*
+ * @param flags flags to consider during cloning
* @return clone of proposal
*/
- proposal_t *(*clone) (proposal_t *this);
+ proposal_t *(*clone)(proposal_t *this, proposal_selection_flag_t flags);
/**
* Destroys the proposal object.
}
END_TEST
+static struct {
+ protocol_id_t proto;
+ char *orig;
+ char *expected;
+ proposal_selection_flag_t flags;
+} clone_data[] = {
+ { PROTO_ESP, "aes128", "aes128" },
+ { PROTO_ESP, "aes128-serpent", "aes128-serpent" },
+ { PROTO_ESP, "aes128-serpent", "aes128", PROPOSAL_SKIP_PRIVATE },
+ { PROTO_ESP, "aes128-sha256-modp3072", "aes128-sha256-modp3072" },
+ { PROTO_ESP, "aes128-sha256-modp3072", "aes128-sha256", PROPOSAL_SKIP_DH },
+ { PROTO_ESP, "aes128-serpent-modp3072", "aes128-serpent",
+ PROPOSAL_SKIP_DH },
+ { PROTO_ESP, "aes128-serpent-modp3072", "aes128",
+ PROPOSAL_SKIP_PRIVATE | PROPOSAL_SKIP_DH },
+};
+
+START_TEST(test_clone)
+{
+ proposal_t *orig, *result, *expected;
+
+ orig = proposal_create_from_string(clone_data[_i].proto,
+ clone_data[_i].orig);
+ orig->set_spi(orig, 0x12345678);
+
+ result = orig->clone(orig, clone_data[_i].flags);
+
+ expected = proposal_create_from_string(clone_data[_i].proto,
+ clone_data[_i].expected);
+ ck_assert_msg(expected->equals(expected, result), "proposal %P does "
+ "not match expected %P", result, expected);
+ ck_assert_int_eq(orig->get_spi(orig), result->get_spi(result));
+
+ expected->destroy(expected);
+ result->destroy(result);
+ orig->destroy(orig);
+}
+END_TEST
Suite *proposal_suite_create()
{
tcase_add_test(tc, test_chacha20_poly1305_key_length);
suite_add_tcase(s, tc);
+ tc = tcase_create("clone");
+ tcase_add_loop_test(tc, test_clone, 0, countof(clone_data));
+ suite_add_tcase(s, tc);
+
return s;
}
projects / thirdparty / strongswan.git / commitdiff
