/*
- * Copyright (C) 2010-2016 Tobias Brunner
+ * Copyright (C) 2010-2017 Tobias Brunner
* Copyright (C) 2012 Giuliano Grassi
* Copyright (C) 2012 Ralf Sager
* HSR Hochschule fuer Technik Rapperswil
return TRUE;
}
+static proposal_t *parse_proposal(private_android_service_t *this,
+ protocol_id_t proto, char *opt)
+{
+ proposal_t *proposal = NULL;
+ char *prop;
+
+ prop = this->settings->get_str(this->settings, opt, NULL);
+ if (!prop || !strlen(prop))
+ {
+ return NULL;
+ }
+
+ proposal = proposal_create_from_string(proto, prop);
+ if (!proposal)
+ {
+ DBG1(DBG_CFG, "invalid %N proposal '%s', falling back to defaults",
+ protocol_id_names, proto, prop);
+ }
+ return proposal;
+}
+
static job_requeue_t initiate(private_android_service_t *this)
{
identification_t *gateway = NULL;
peer_cfg_t *peer_cfg;
child_cfg_t *child_cfg;
traffic_selector_t *ts;
+ proposal_t *proposal;
ike_sa_t *ike_sa;
auth_cfg_t *auth;
peer_cfg_create_t peer = {
ike_cfg = ike_cfg_create(IKEV2, certreq, TRUE, "0.0.0.0",
charon->socket->get_port(charon->socket, FALSE),
server, port, FRAGMENTATION_YES, 0);
- ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
- ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE));
+ proposal = parse_proposal(this, PROTO_IKE, "connection.ike_proposal");
+ if (proposal)
+ {
+ ike_cfg->add_proposal(ike_cfg, proposal);
+ }
+ else
+ {
+ ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
+ ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE));
+ }
peer_cfg = peer_cfg_create("android", ike_cfg, &peer);
peer_cfg->add_virtual_ip(peer_cfg, host_create_any(AF_INET));
peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);
child_cfg = child_cfg_create("android", &child);
- /* create ESP proposals with and without DH groups, let responder decide
- * if PFS is used */
- child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
- "aes128gcm16-aes256gcm16-chacha20poly1305-"
- "curve25519-ecp256-modp3072"));
- child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
- "aes128-sha256-curve25519-ecp256-modp3072"));
- child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
- "aes256-sha384-ecp521-modp8192"));
- child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
- "aes128-aes192-aes256-sha1-sha256-sha384-sha512-"
- "curve25519-ecp256-ecp384-ecp521-"
- "modp2048-modp3072-modp4096-modp1024"));
- child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
- "aes128gcm16-aes256gcm16-chacha20poly1305"));
- child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
- "aes128-sha256"));
- child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
- "aes256-sha384"));
- child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
- "aes128-aes192-aes256-sha1-sha256-sha384-sha512"));
+ proposal = parse_proposal(this, PROTO_ESP, "connection.esp_proposal");
+ if (proposal)
+ {
+ child_cfg->add_proposal(child_cfg, proposal);
+ }
+ else
+ { /* create ESP proposals with and without DH groups, let responder decide
+ * if PFS is used */
+ child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
+ "aes128gcm16-aes256gcm16-chacha20poly1305-"
+ "curve25519-ecp256-modp3072"));
+ child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
+ "aes128-sha256-curve25519-ecp256-modp3072"));
+ child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
+ "aes256-sha384-ecp521-modp8192"));
+ child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
+ "aes128-aes192-aes256-sha1-sha256-sha384-sha512-"
+ "curve25519-ecp256-ecp384-ecp521-"
+ "modp2048-modp3072-modp4096-modp1024"));
+ child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
+ "aes128gcm16-aes256gcm16-chacha20poly1305"));
+ child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
+ "aes128-sha256"));
+ child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
+ "aes256-sha384"));
+ child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
+ "aes128-aes192-aes256-sha1-sha256-sha384-sha512"));
+ }
ts = traffic_selector_create_from_cidr("0.0.0.0/0", 0, 0, 65535);
child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
ts = traffic_selector_create_from_cidr("0.0.0.0/0", 0, 0, 65535);
projects / thirdparty / strongswan.git / commitdiff
