sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-15 00:00:16 -04:00
Code Issues Projects Releases Wiki Activity

ike-cert-pre: Support IKE_INTERMEDIATE exchange between IKE_SA_INIT and IKE_AUTH

Browse Source 
The first IKE_AUTH does not have MID 1 if that's the case.
This commit is contained in:
Tobias Brunner 2018-06-25 12:07:50 +02:00 committed by Andreas Steffen
parent 8cf3206979
commit 8372508d32
1 changed files with 23 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
src/libcharon/sa/ikev2/tasks/ike_cert_pre.c
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (C) 2008 Tobias Brunner * Copyright (C) 2008-2018 Tobias Brunner
* Copyright (C) 2006-2009 Martin Willi * Copyright (C) 2006-2009 Martin Willi
* HSR Hochschule fuer Technik Rapperswil * HSR Hochschule fuer Technik Rapperswil
* *
@ -49,11 +49,6 @@ struct private_ike_cert_pre_t {
* Do we accept HTTP certificate lookup requests * Do we accept HTTP certificate lookup requests
*/ */
bool do_http_lookup; bool do_http_lookup;
/**
* whether this is the final authentication round
*/
bool final;
}; };
/** /**
@ -468,24 +463,17 @@ static void build_certreqs(private_ike_cert_pre_t *this, message_t *message)
*/ */
static bool final_auth(message_t *message) static bool final_auth(message_t *message)
{ {
/* we check for an AUTH payload without a ANOTHER_AUTH_FOLLOWS notify */ return message->get_payload(message, PLV2_AUTH) != NULL &&
if (message->get_payload(message, PLV2_AUTH) == NULL) !message->get_notify(message, ANOTHER_AUTH_FOLLOWS);
{
return FALSE;
}
if (message->get_notify(message, ANOTHER_AUTH_FOLLOWS))
{
return FALSE;
}
return TRUE;
} }
METHOD(task_t, build_i, status_t, METHOD(task_t, build_i, status_t,
private_ike_cert_pre_t *this, message_t *message) private_ike_cert_pre_t *this, message_t *message)
{ {
if (message->get_message_id(message) == 1) if (message->get_exchange_type(message) == IKE_AUTH)
{ /* initiator sends CERTREQs in first IKE_AUTH */ { /* initiator sends CERTREQs in first IKE_AUTH */
build_certreqs(this, message); build_certreqs(this, message);
this->public.task.build = (void*)return_need_more;
} }
return NEED_MORE; return NEED_MORE;
} }
@ -493,12 +481,15 @@ METHOD(task_t, build_i, status_t,
METHOD(task_t, process_r, status_t, METHOD(task_t, process_r, status_t,
private_ike_cert_pre_t *this, message_t *message) private_ike_cert_pre_t *this, message_t *message)
{ {
if (message->get_exchange_type(message) != IKE_SA_INIT) if (message->get_exchange_type(message) == IKE_AUTH)
{ /* handle certreqs/certs in any IKE_AUTH, just in case */ { /* handle certreqs/certs in any IKE_AUTH, just in case */
process_certreqs(this, message); process_certreqs(this, message);
process_certs(this, message); process_certs(this, message);
if (final_auth(message))
{
return SUCCESS;
}
} }
this->final = final_auth(message);
return NEED_MORE; return NEED_MORE;
} }
@ -509,26 +500,27 @@ METHOD(task_t, build_r, status_t,
{ {
build_certreqs(this, message); build_certreqs(this, message);
} }
if (this->final)
{
return SUCCESS;
}
return NEED_MORE; return NEED_MORE;
} }
METHOD(task_t, process_i, status_t, METHOD(task_t, process_i, status_t,
private_ike_cert_pre_t *this, message_t *message) private_ike_cert_pre_t *this, message_t *message)
{ {
if (message->get_exchange_type(message) == IKE_SA_INIT) switch (message->get_exchange_type(message))
{ {
case IKE_SA_INIT:
process_certreqs(this, message); process_certreqs(this, message);
} break;
case IKE_AUTH:
process_certs(this, message); process_certs(this, message);
if (final_auth(message)) if (final_auth(message))
{ {
return SUCCESS; return SUCCESS;
} }
break;
default:
break;
}
return NEED_MORE; return NEED_MORE;
} }