From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 28 Nov 2017 15:23:41 +0000 (+0100)
Subject: Merge branch 'android-proposals'
X-Git-Tag: 5.6.2dr1~4
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=0729be1bfed6fb1d238d7d8a3d4771563df9b5a3;p=thirdparty%2Fstrongswan.git

Merge branch 'android-proposals'

Makes IKE and ESP proposals configurable.
---

0729be1bfed6fb1d238d7d8a3d4771563df9b5a3
diff --cc src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c
index cbf36da0ea,5c4a03842f..986854cdd2
--- a/src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c
+++ b/src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c
@@@ -795,27 -825,34 +825,34 @@@ static job_requeue_t initiate(private_a
  	peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);
  
  	child_cfg = child_cfg_create("android", &child);
- 	/* create ESP proposals with and without DH groups, let responder decide
- 	 * if PFS is used */
- 	child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
- 							"aes128gcm16-aes256gcm16-chacha20poly1305-"
- 							"curve25519-ecp256-modp3072"));
- 	child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
- 							"aes128-sha256-curve25519-ecp256-modp3072"));
- 	child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
- 							"aes256-sha384-ecp521-modp8192"));
- 	child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
- 							"aes128-aes192-aes256-sha1-sha256-sha384-sha512-"
- 							"curve25519-ecp256-ecp384-ecp521-"
- 							"modp2048-modp3072-modp4096"));
- 	child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
- 							"aes128gcm16-aes256gcm16-chacha20poly1305"));
- 	child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
- 							"aes128-sha256"));
- 	child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
- 							"aes256-sha384"));
- 	child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
- 							"aes128-aes192-aes256-sha1-sha256-sha384-sha512"));
+ 	proposal = parse_proposal(this, PROTO_ESP, "connection.esp_proposal");
+ 	if (proposal)
+ 	{
+ 		child_cfg->add_proposal(child_cfg, proposal);
+ 	}
+ 	else
+ 	{	/* create ESP proposals with and without DH groups, let responder decide
+ 		 * if PFS is used */
+ 		child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
+ 								"aes128gcm16-aes256gcm16-chacha20poly1305-"
+ 								"curve25519-ecp256-modp3072"));
+ 		child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
+ 								"aes128-sha256-curve25519-ecp256-modp3072"));
+ 		child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
+ 								"aes256-sha384-ecp521-modp8192"));
+ 		child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
+ 								"aes128-aes192-aes256-sha1-sha256-sha384-sha512-"
+ 								"curve25519-ecp256-ecp384-ecp521-"
 -								"modp2048-modp3072-modp4096-modp1024"));
++								"modp2048-modp3072-modp4096"));
+ 		child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
+ 								"aes128gcm16-aes256gcm16-chacha20poly1305"));
+ 		child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
+ 								"aes128-sha256"));
+ 		child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
+ 								"aes256-sha384"));
+ 		child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
+ 								"aes128-aes192-aes256-sha1-sha256-sha384-sha512"));
+ 	}
  	ts = traffic_selector_create_from_cidr("0.0.0.0/0", 0, 0, 65535);
  	child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
  	ts = traffic_selector_create_from_cidr("0.0.0.0/0", 0, 0, 65535);