vici: List additional key exchanges

Co-authored-by: Tobias Brunner <tobias@strongswan.org>
2025-10-04 00:00:14 -04:00 · 2019-11-19 20:44:39 +01:00 · 2019-11-19 20:44:39 +01:00 · 355f917532
commit 355f917532
parent c5a6938b9e
2 changed files with 47 additions and 3 deletions
--- a/src/libcharon/plugins/vici/vici_query.c
+++ b/src/libcharon/plugins/vici/vici_query.c
@ -1,6 +1,6 @@
 /*
 * Copyright (C) 2015-2020 Tobias Brunner
- * Copyright (C) 2015-2018 Andreas Steffen
+ * Copyright (C) 2015-2019 Andreas Steffen
 * Copyright (C) 2014 Martin Willi
 *
 * Copyright (C) secunet Security Networks AG
@ -172,6 +172,27 @@ static void list_label(vici_builder_t *b, child_sa_t *child, child_cfg_t *cfg)
 	}
 }

+/**
+ * List additional key exchanges
+ */
+static void list_ake(vici_builder_t *b, proposal_t *proposal)
+{
+	transform_type_t transform;
+	char ake_str[5];
+	uint16_t alg;
+	int ake;
+
+	for (ake = 1; ake <= 7; ake++)
+	{
+		transform = ADDITIONAL_KEY_EXCHANGE_1 + ake - 1;
+		if (proposal->get_algorithm(proposal, transform, &alg, NULL))
+		{
+			sprintf(ake_str, "ake%d", ake);
+			b->add_kv(b, ake_str, "%N", key_exchange_method_names, alg);
+		}
+	}
+}
+
 /**
 * List IPsec-related details about a CHILD_SA
 */
@ -235,6 +256,7 @@ static void list_child_ipsec(vici_builder_t *b, child_sa_t *child)
 		{
 			b->add_kv(b, "dh-group", "%N", key_exchange_method_names, alg);
 		}
+		list_ake(b, proposal);
 		if (proposal->get_algorithm(proposal, EXTENDED_SEQUENCE_NUMBERS,
 									&alg, NULL) && alg == EXT_SEQ_NUMBERS)
 		{
@ -493,6 +515,7 @@ static void list_ike(private_vici_query_t *this, vici_builder_t *b,
 		{
 			b->add_kv(b, "dh-group", "%N", key_exchange_method_names, alg);
 		}
+		list_ake(b, proposal);
 	}
 	add_condition(b, ike_sa, "ppk", COND_PPK);

@ -1382,7 +1405,7 @@ CALLBACK(get_algorithms, vici_message_t*,
 	enumerator->destroy(enumerator);
 	b->end_section(b);

-	b->begin_section(b, "dh");
+	b->begin_section(b, "ke");
 	enumerator = lib->crypto->create_ke_enumerator(lib->crypto);
 	while (enumerator->enumerate(enumerator, &group, &plugin_name))
 	{
--- a/src/swanctl/commands/list_sas.c
+++ b/src/swanctl/commands/list_sas.c
@ -1,6 +1,7 @@
 /*
+ * Copyright (C) 2016-2019 Andreas Steffen
+ * Copyright (C) 2015-2020 Tobias Brunner
 * Copyright (C) 2014 Martin Willi
- * Copyright (C) 2016 Andreas Steffen
 *
 * Copyright (C) secunet Security Networks AG
 *
@ -100,6 +101,24 @@ CALLBACK(sa_list, int,
 	return 0;
 }

+/**
+ * Print additional key exchanges
+ */
+static void print_ake(hashtable_t *sa)
+{
+	char ake_str[5];
+	int ake;
+
+	for (ake = 1; ake <= 7; ake++)
+	{
+		sprintf(ake_str, "ake%d", ake);
+		if (sa->get(sa, ake_str))
+		{
+			printf("/KE%d_%s", ake, sa->get(sa, ake_str));
+		}
+	}
+}
+
 CALLBACK(child_sas, int,
 	hashtable_t *ike, vici_res_t *res, char *name)
 {
@ -145,6 +164,7 @@ CALLBACK(child_sas, int,
 		{
 			printf("/%s", child->get(child, "dh-group"));
 		}
+		print_ake(child);
 		if (child->get(child, "esn"))
 		{
 			printf("/ESN");
@ -290,6 +310,7 @@ CALLBACK(ike_sa, int,
 			}
 			printf("/%s", ike->get(ike, "prf-alg"));
 			printf("/%s", ike->get(ike, "dh-group"));
+			print_ake(ike);
 			if (streq(ike->get(ike, "ppk"), "yes"))
 			{
 				printf("/PPK");