sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-03 00:00:24 -04:00
Code Issues Projects Releases Wiki Activity

pubkey-authenticator: Handle IntAuth data

Browse Source
This commit is contained in:
Tobias Brunner 2019-08-20 16:38:01 +02:00
parent c4dac17d8c
commit 1212780b32
1 changed files with 16 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
View File

@ -53,6 +53,11 @@ struct private_pubkey_authenticator_t {
*/
chunk_t ike_sa_init;
/**
* IntAuth data to include in AUTH calculation
*/
chunk_t int_auth;
/**
* Reserved bytes of ID payload
*/
@ -325,7 +330,7 @@ static status_t sign_signature_auth(private_pubkey_authenticator_t *this,
}
if (keymat->get_auth_octets(keymat, FALSE, this->ike_sa_init, this->nonce,
chunk_empty, this->ppk, id, this->reserved,
this->int_auth, this->ppk, id, this->reserved,
&octets, schemes))
{
enumerator = array_create_enumerator(schemes);
@ -348,7 +353,7 @@ static status_t sign_signature_auth(private_pubkey_authenticator_t *this,
chunk_free(&octets);
if (keymat->get_auth_octets(keymat, FALSE, this->ike_sa_init,
this->nonce, chunk_empty,
this->nonce, this->int_auth,
chunk_empty, id, this->reserved,
&octets, schemes) &&
private->sign(private, params->scheme, params->params,
@ -414,7 +419,7 @@ static bool get_auth_octets_scheme(private_pubkey_authenticator_t *this,
keymat = (keymat_v2_t*)this->ike_sa->get_keymat(this->ike_sa);
if (keymat->get_auth_octets(keymat, verify, this->ike_sa_init, this->nonce,
chunk_empty, ppk, id, this->reserved, octets,
this->int_auth, ppk, id, this->reserved, octets,
schemes) &&
array_remove(schemes, 0, scheme))
{
@ -698,6 +703,12 @@ METHOD(authenticator_t, use_ppk, void,
this->no_ppk_auth = no_ppk_auth;
}
METHOD(authenticator_t, set_int_auth, void,
private_pubkey_authenticator_t *this, chunk_t int_auth)
{
this->int_auth = int_auth;
}
METHOD(authenticator_t, destroy, void,
private_pubkey_authenticator_t *this)
{
@ -719,6 +730,7 @@ pubkey_authenticator_t *pubkey_authenticator_create_builder(ike_sa_t *ike_sa,
.build = _build,
.process = (void*)return_failed,
.use_ppk = _use_ppk,
.set_int_auth = _set_int_auth,
.is_mutual = (void*)return_false,
.destroy = _destroy,
},
@ -747,6 +759,7 @@ pubkey_authenticator_t *pubkey_authenticator_create_verifier(ike_sa_t *ike_sa,
.build = (void*)return_failed,
.process = _process,
.use_ppk = _use_ppk,
.set_int_auth = _set_int_auth,
.is_mutual = (void*)return_false,
.destroy = _destroy,
},