From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 5 Nov 2019 16:03:42 +0000 (+0100)
Subject: proposal: Add helper to check if additional key exchanges are contained
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4f68dd945db0aa244aea9743e326700962b8e059;p=thirdparty%2Fstrongswan.git

proposal: Add helper to check if additional key exchanges are contained
---

diff --git a/src/libstrongswan/crypto/proposal/proposal.c b/src/libstrongswan/crypto/proposal/proposal.c
index b8c74906ea..606aa4ca37 100644
--- a/src/libstrongswan/crypto/proposal/proposal.c
+++ b/src/libstrongswan/crypto/proposal/proposal.c
@@ -1426,3 +1426,27 @@ proposal_t *proposal_select(linked_list_t *configured, linked_list_t *supplied,
 	}
 	return selected;
 }
+
+/*
+ * Described in header
+ */
+bool proposal_has_additional_ke(proposal_t *public)
+{
+	private_proposal_t *this = (private_proposal_t*)public;
+	enumerator_t *enumerator;
+	entry_t *entry;
+	bool found = FALSE;
+
+	enumerator = array_create_enumerator(this->transforms);
+	while (enumerator->enumerate(enumerator, &entry))
+	{
+		if (entry->type != KEY_EXCHANGE_METHOD &&
+			is_ke_transform(entry->type))
+		{
+			found = TRUE;
+			break;
+		}
+	}
+	enumerator->destroy(enumerator);
+	return found;
+}
diff --git a/src/libstrongswan/crypto/proposal/proposal.h b/src/libstrongswan/crypto/proposal/proposal.h
index 29fda8b8b4..802e312b47 100644
--- a/src/libstrongswan/crypto/proposal/proposal.h
+++ b/src/libstrongswan/crypto/proposal/proposal.h
@@ -287,6 +287,14 @@ proposal_t *proposal_create_from_string(protocol_id_t protocol,
 proposal_t *proposal_select(linked_list_t *configured, linked_list_t *supplied,
 							proposal_selection_flag_t flags);
 
+/**
+ * Check whether this proposal algorithms for any additional key exchange
+ * method transform types.
+ *
+ * @return					TRUE if found
+ */
+bool proposal_has_additional_ke(proposal_t *this);
+
 /**
  * printf hook function for proposal_t.
  *
diff --git a/src/libstrongswan/tests/suites/test_proposal.c b/src/libstrongswan/tests/suites/test_proposal.c
index c42f9e4a66..7798bfb24a 100644
--- a/src/libstrongswan/tests/suites/test_proposal.c
+++ b/src/libstrongswan/tests/suites/test_proposal.c
@@ -474,6 +474,20 @@ START_TEST(test_unknown_transform_types_select_success)
 }
 END_TEST
 
+START_TEST(test_proposal_has_additional_ke)
+{
+	proposal_t *proposal;
+
+	proposal = proposal_create_from_string(PROTO_IKE, "aes128-sha256-ecp256");
+	ck_assert(!proposal_has_additional_ke(proposal));
+	proposal->destroy(proposal);
+
+	proposal = proposal_create_from_string(PROTO_IKE, "aes128-sha256-modp3072-ke1_ecp256");
+	ck_assert(proposal_has_additional_ke(proposal));
+	proposal->destroy(proposal);
+}
+END_TEST
+
 START_TEST(test_chacha20_poly1305_key_length)
 {
 	proposal_t *proposal;
@@ -575,6 +589,10 @@ Suite *proposal_suite_create()
 	tcase_add_test(tc, test_unknown_transform_types_select_success);
 	suite_add_tcase(s, tc);
 
+	tc = tcase_create("proposal_has_additional_ke");
+	tcase_add_test(tc, test_proposal_has_additional_ke);
+	suite_add_tcase(s, tc);
+
 	tc = tcase_create("chacha20/poly1305");
 	tcase_add_test(tc, test_chacha20_poly1305_key_length);
 	suite_add_tcase(s, tc);