sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-07 00:01:49 -04:00
Code Issues Projects Releases Wiki Activity

psk-authenticator: Handle IntAuth data

Browse Source
This commit is contained in:
Tobias Brunner 2019-08-20 16:36:13 +02:00 committed by Andreas Steffen
parent 425630702e
commit 03d24398f5
1 changed files with 16 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/libcharon/sa/ikev2/authenticators/psk_authenticator.c
View File

@ -48,6 +48,11 @@ struct private_psk_authenticator_t {
*/ */
chunk_t ike_sa_init; chunk_t ike_sa_init;
/**
* IntAuth data to include in AUTH calculation
*/
chunk_t int_auth;
/** /**
* Reserved bytes of ID payload * Reserved bytes of ID payload
*/ */
@ -85,7 +90,7 @@ METHOD(authenticator_t, build, status_t,
return NOT_FOUND; return NOT_FOUND;
} }
if (!keymat->get_psk_sig(keymat, FALSE, this->ike_sa_init, this->nonce, if (!keymat->get_psk_sig(keymat, FALSE, this->ike_sa_init, this->nonce,
chunk_empty, key->get_key(key), this->ppk, this->int_auth, key->get_key(key), this->ppk,
my_id, this->reserved, &auth_data)) my_id, this->reserved, &auth_data))
{ {
key->destroy(key); key->destroy(key);
@ -102,7 +107,7 @@ METHOD(authenticator_t, build, status_t,
if (this->no_ppk_auth) if (this->no_ppk_auth)
{ {
if (!keymat->get_psk_sig(keymat, FALSE, this->ike_sa_init, this->nonce, if (!keymat->get_psk_sig(keymat, FALSE, this->ike_sa_init, this->nonce,
chunk_empty, key->get_key(key), chunk_empty, this->int_auth, key->get_key(key), chunk_empty,
my_id, this->reserved, &auth_data)) my_id, this->reserved, &auth_data))
{ {
DBG1(DBG_IKE, "failed adding NO_PPK_AUTH notify"); DBG1(DBG_IKE, "failed adding NO_PPK_AUTH notify");
@ -159,7 +164,7 @@ METHOD(authenticator_t, process, status_t,
keys_found++; keys_found++;
if (!keymat->get_psk_sig(keymat, TRUE, this->ike_sa_init, this->nonce, if (!keymat->get_psk_sig(keymat, TRUE, this->ike_sa_init, this->nonce,
chunk_empty, key->get_key(key), this->ppk, this->int_auth, key->get_key(key), this->ppk,
other_id, this->reserved, &auth_data)) other_id, this->reserved, &auth_data))
{ {
continue; continue;
@ -198,6 +203,12 @@ METHOD(authenticator_t, use_ppk, void,
this->no_ppk_auth = no_ppk_auth; this->no_ppk_auth = no_ppk_auth;
} }
METHOD(authenticator_t, set_int_auth, void,
private_psk_authenticator_t *this, chunk_t int_auth)
{
this->int_auth = int_auth;
}
METHOD(authenticator_t, destroy, void, METHOD(authenticator_t, destroy, void,
private_psk_authenticator_t *this) private_psk_authenticator_t *this)
{ {
@ -219,6 +230,7 @@ psk_authenticator_t *psk_authenticator_create_builder(ike_sa_t *ike_sa,
.build = _build, .build = _build,
.process = (void*)return_failed, .process = (void*)return_failed,
.use_ppk = _use_ppk, .use_ppk = _use_ppk,
.set_int_auth = _set_int_auth,
.is_mutual = (void*)return_false, .is_mutual = (void*)return_false,
.destroy = _destroy, .destroy = _destroy,
}, },
@ -247,6 +259,7 @@ psk_authenticator_t *psk_authenticator_create_verifier(ike_sa_t *ike_sa,
.build = (void*)return_failed, .build = (void*)return_failed,
.process = _process, .process = _process,
.use_ppk = _use_ppk, .use_ppk = _use_ppk,
.set_int_auth = _set_int_auth,
.is_mutual = (void*)return_false, .is_mutual = (void*)return_false,
.destroy = _destroy, .destroy = _destroy,
}, },