proposal-substructure: Encode additional key exchange methods

This commit is contained in:
Tobias Brunner 2019-10-25 14:55:05 +02:00 committed by Andreas Steffen
parent 55515a5753
commit 473cbd84d0

View File

@ -1442,22 +1442,21 @@ static void set_from_proposal_v1(private_proposal_substructure_t *this,
} }
/** /**
* Add an IKEv2 proposal to the substructure * Encode all transforms of the given type
*/ */
static void set_from_proposal_v2(private_proposal_substructure_t *this, static void encode_transforms_v2(private_proposal_substructure_t *this,
proposal_t *proposal) proposal_t *proposal, transform_type_t type)
{ {
transform_substructure_t *transform; transform_substructure_t *transform;
uint16_t alg, key_size;
enumerator_t *enumerator; enumerator_t *enumerator;
uint16_t alg, key_size;
/* encryption algorithm is only available in ESP */ enumerator = proposal->create_enumerator(proposal, type);
enumerator = proposal->create_enumerator(proposal, ENCRYPTION_ALGORITHM);
while (enumerator->enumerate(enumerator, &alg, &key_size)) while (enumerator->enumerate(enumerator, &alg, &key_size))
{ {
transform = transform_substructure_create_type(PLV2_TRANSFORM_SUBSTRUCTURE, transform = transform_substructure_create_type(
ENCRYPTION_ALGORITHM, alg); PLV2_TRANSFORM_SUBSTRUCTURE, type, alg);
if (key_size) if (type == ENCRYPTION_ALGORITHM && key_size)
{ {
transform->add_transform_attribute(transform, transform->add_transform_attribute(transform,
transform_attribute_create_value(PLV2_TRANSFORM_ATTRIBUTE, transform_attribute_create_value(PLV2_TRANSFORM_ATTRIBUTE,
@ -1466,46 +1465,26 @@ static void set_from_proposal_v2(private_proposal_substructure_t *this,
add_transform_substructure(this, transform); add_transform_substructure(this, transform);
} }
enumerator->destroy(enumerator); enumerator->destroy(enumerator);
}
/* integrity algorithms */ /**
enumerator = proposal->create_enumerator(proposal, INTEGRITY_ALGORITHM); * Add an IKEv2 proposal to the substructure
while (enumerator->enumerate(enumerator, &alg, &key_size)) */
{ static void set_from_proposal_v2(private_proposal_substructure_t *this,
transform = transform_substructure_create_type(PLV2_TRANSFORM_SUBSTRUCTURE, proposal_t *proposal)
INTEGRITY_ALGORITHM, alg); {
add_transform_substructure(this, transform); encode_transforms_v2(this, proposal, ENCRYPTION_ALGORITHM);
} encode_transforms_v2(this, proposal, INTEGRITY_ALGORITHM);
enumerator->destroy(enumerator); encode_transforms_v2(this, proposal, PSEUDO_RANDOM_FUNCTION);
encode_transforms_v2(this, proposal, KEY_EXCHANGE_METHOD);
/* prf algorithms */ encode_transforms_v2(this, proposal, ADDITIONAL_KEY_EXCHANGE_1);
enumerator = proposal->create_enumerator(proposal, PSEUDO_RANDOM_FUNCTION); encode_transforms_v2(this, proposal, ADDITIONAL_KEY_EXCHANGE_2);
while (enumerator->enumerate(enumerator, &alg, &key_size)) encode_transforms_v2(this, proposal, ADDITIONAL_KEY_EXCHANGE_3);
{ encode_transforms_v2(this, proposal, ADDITIONAL_KEY_EXCHANGE_4);
transform = transform_substructure_create_type(PLV2_TRANSFORM_SUBSTRUCTURE, encode_transforms_v2(this, proposal, ADDITIONAL_KEY_EXCHANGE_5);
PSEUDO_RANDOM_FUNCTION, alg); encode_transforms_v2(this, proposal, ADDITIONAL_KEY_EXCHANGE_6);
add_transform_substructure(this, transform); encode_transforms_v2(this, proposal, ADDITIONAL_KEY_EXCHANGE_7);
} encode_transforms_v2(this, proposal, EXTENDED_SEQUENCE_NUMBERS);
enumerator->destroy(enumerator);
/* dh groups */
enumerator = proposal->create_enumerator(proposal, KEY_EXCHANGE_METHOD);
while (enumerator->enumerate(enumerator, &alg, NULL))
{
transform = transform_substructure_create_type(PLV2_TRANSFORM_SUBSTRUCTURE,
KEY_EXCHANGE_METHOD, alg);
add_transform_substructure(this, transform);
}
enumerator->destroy(enumerator);
/* extended sequence numbers */
enumerator = proposal->create_enumerator(proposal, EXTENDED_SEQUENCE_NUMBERS);
while (enumerator->enumerate(enumerator, &alg, NULL))
{
transform = transform_substructure_create_type(PLV2_TRANSFORM_SUBSTRUCTURE,
EXTENDED_SEQUENCE_NUMBERS, alg);
add_transform_substructure(this, transform);
}
enumerator->destroy(enumerator);
} }
/** /**