From f5cda8967b9b6103878deddcc10c3583b07a58c0 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 5 Nov 2019 17:03:42 +0100
Subject: [PATCH] proposal: Add helper to check if additional key exchanges are
 contained

---
 src/libstrongswan/crypto/proposal/proposal.c  | 24 +++++++++++++++++++
 src/libstrongswan/crypto/proposal/proposal.h  |  8 +++++++
 .../tests/suites/test_proposal.c              | 18 ++++++++++++++
 3 files changed, 50 insertions(+)

diff --git a/src/libstrongswan/crypto/proposal/proposal.c b/src/libstrongswan/crypto/proposal/proposal.c
index 3e6f44fa2f..d0f17e714b 100644
--- a/src/libstrongswan/crypto/proposal/proposal.c
+++ b/src/libstrongswan/crypto/proposal/proposal.c
@@ -1409,3 +1409,27 @@ proposal_t *proposal_select(linked_list_t *configured, linked_list_t *supplied,
 	}
 	return selected;
 }
+
+/*
+ * Described in header
+ */
+bool proposal_has_additional_ke(proposal_t *public)
+{
+	private_proposal_t *this = (private_proposal_t*)public;
+	enumerator_t *enumerator;
+	entry_t *entry;
+	bool found = FALSE;
+
+	enumerator = array_create_enumerator(this->transforms);
+	while (enumerator->enumerate(enumerator, &entry))
+	{
+		if (entry->type != KEY_EXCHANGE_METHOD &&
+			is_ke_transform(entry->type))
+		{
+			found = TRUE;
+			break;
+		}
+	}
+	enumerator->destroy(enumerator);
+	return found;
+}
diff --git a/src/libstrongswan/crypto/proposal/proposal.h b/src/libstrongswan/crypto/proposal/proposal.h
index 15db8dcaef..cf40ed65e6 100644
--- a/src/libstrongswan/crypto/proposal/proposal.h
+++ b/src/libstrongswan/crypto/proposal/proposal.h
@@ -286,6 +286,14 @@ proposal_t *proposal_create_from_string(protocol_id_t protocol,
 proposal_t *proposal_select(linked_list_t *configured, linked_list_t *supplied,
 							proposal_selection_flag_t flags);
 
+/**
+ * Check whether this proposal algorithms for any additional key exchange
+ * method transform types.
+ *
+ * @return					TRUE if found
+ */
+bool proposal_has_additional_ke(proposal_t *this);
+
 /**
  * printf hook function for proposal_t.
  *
diff --git a/src/libstrongswan/tests/suites/test_proposal.c b/src/libstrongswan/tests/suites/test_proposal.c
index 9c3c4e4bd4..af028c31a7 100644
--- a/src/libstrongswan/tests/suites/test_proposal.c
+++ b/src/libstrongswan/tests/suites/test_proposal.c
@@ -473,6 +473,20 @@ START_TEST(test_unknown_transform_types_select_success)
 }
 END_TEST
 
+START_TEST(test_proposal_has_additional_ke)
+{
+	proposal_t *proposal;
+
+	proposal = proposal_create_from_string(PROTO_IKE, "aes128-sha256-ecp256");
+	ck_assert(!proposal_has_additional_ke(proposal));
+	proposal->destroy(proposal);
+
+	proposal = proposal_create_from_string(PROTO_IKE, "aes128-sha256-modp3072-ke1_ecp256");
+	ck_assert(proposal_has_additional_ke(proposal));
+	proposal->destroy(proposal);
+}
+END_TEST
+
 START_TEST(test_chacha20_poly1305_key_length)
 {
 	proposal_t *proposal;
@@ -574,6 +588,10 @@ Suite *proposal_suite_create()
 	tcase_add_test(tc, test_unknown_transform_types_select_success);
 	suite_add_tcase(s, tc);
 
+	tc = tcase_create("proposal_has_additional_ke");
+	tcase_add_test(tc, test_proposal_has_additional_ke);
+	suite_add_tcase(s, tc);
+
 	tc = tcase_create("chacha20/poly1305");
 	tcase_add_test(tc, test_chacha20_poly1305_key_length);
 	suite_add_tcase(s, tc);