sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-04 00:00:14 -04:00
Code Issues Projects Releases Wiki Activity

eap-authenticator: Handle IntAuth data

Browse Source
This commit is contained in:
Tobias Brunner 2019-08-20 16:32:17 +02:00
parent 4a4cd569e5
commit 6ed497c4f5
1 changed files with 20 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
src/libcharon/sa/ikev2/authenticators/eap_authenticator.c
View File

@ -59,6 +59,11 @@ struct private_eap_authenticator_t {
*/
chunk_t sent_init;
/**
* IntAuth data to include in AUTH calculation
*/
chunk_t int_auth;
/**
* Reserved bytes of ID payload
*/
@ -493,8 +498,9 @@ static bool verify_auth(private_eap_authenticator_t *this, message_t *message,
other_id = this->ike_sa->get_other_id(this->ike_sa);
keymat = (keymat_v2_t*)this->ike_sa->get_keymat(this->ike_sa);
if (!keymat->get_psk_sig(keymat, TRUE, init, nonce, chunk_empty, this->msk,
this->ppk, other_id, this->reserved, &auth_data))
if (!keymat->get_psk_sig(keymat, TRUE, init, nonce, this->int_auth,
this->msk, this->ppk, other_id, this->reserved,
&auth_data))
{
return FALSE;
}
@ -539,8 +545,9 @@ static bool build_auth(private_eap_authenticator_t *this, message_t *message,
DBG1(DBG_IKE, "authentication of '%Y' (myself) with %N",
my_id, auth_class_names, AUTH_CLASS_EAP);
if (!keymat->get_psk_sig(keymat, FALSE, init, nonce, chunk_empty, this->msk,
this->ppk, my_id, this->reserved, &auth_data))
if (!keymat->get_psk_sig(keymat, FALSE, init, nonce, this->int_auth,
this->msk, this->ppk, my_id, this->reserved,
&auth_data))
{
return FALSE;
}
@ -552,7 +559,7 @@ static bool build_auth(private_eap_authenticator_t *this, message_t *message,
if (this->no_ppk_auth)
{
if (!keymat->get_psk_sig(keymat, FALSE, init, nonce, chunk_empty,
if (!keymat->get_psk_sig(keymat, FALSE, init, nonce, this->int_auth,
this->msk, chunk_empty, my_id, this->reserved,
&auth_data))
{
@ -765,6 +772,12 @@ METHOD(authenticator_t, use_ppk, void,
this->no_ppk_auth = no_ppk_auth;
}
METHOD(authenticator_t, set_int_auth, void,
private_eap_authenticator_t *this, chunk_t int_auth)
{
this->int_auth = int_auth;
}
METHOD(authenticator_t, destroy, void,
private_eap_authenticator_t *this)
{
@ -791,6 +804,7 @@ eap_authenticator_t *eap_authenticator_create_builder(ike_sa_t *ike_sa,
.build = _build_client,
.process = _process_client,
.use_ppk = _use_ppk,
.set_int_auth = _set_int_auth,
.is_mutual = _is_mutual,
.destroy = _destroy,
},
@ -822,6 +836,7 @@ eap_authenticator_t *eap_authenticator_create_verifier(ike_sa_t *ike_sa,
.build = _build_server,
.process = _process_server,
.use_ppk = _use_ppk,
.set_int_auth = _set_int_auth,
.is_mutual = _is_mutual,
.destroy = _destroy,
},