psk-authenticator: Handle IntAuth data

2025-10-04 00:00:14 -04:00 · 2019-08-20 16:36:13 +02:00 · 2019-08-20 16:36:13 +02:00 · c4dac17d8c
commit c4dac17d8c
parent 5c69262ce6
1 changed files with 16 additions and 3 deletions
--- a/src/libcharon/sa/ikev2/authenticators/psk_authenticator.c
+++ b/src/libcharon/sa/ikev2/authenticators/psk_authenticator.c
@ -49,6 +49,11 @@ struct private_psk_authenticator_t {
 	 */
 	chunk_t ike_sa_init;

+	/**
+	 * IntAuth data to include in AUTH calculation
+	 */
+	chunk_t int_auth;
+
 	/**
 	 * Reserved bytes of ID payload
 	 */
@ -86,7 +91,7 @@ METHOD(authenticator_t, build, status_t,
 		return NOT_FOUND;
 	}
 	if (!keymat->get_psk_sig(keymat, FALSE, this->ike_sa_init, this->nonce,
-							 chunk_empty, key->get_key(key), this->ppk,
+							 this->int_auth, key->get_key(key), this->ppk,
 							 my_id, this->reserved, &auth_data))
 	{
 		key->destroy(key);
@ -103,7 +108,7 @@ METHOD(authenticator_t, build, status_t,
 	if (this->no_ppk_auth)
 	{
 		if (!keymat->get_psk_sig(keymat, FALSE, this->ike_sa_init, this->nonce,
-							 chunk_empty, key->get_key(key), chunk_empty,
+							 this->int_auth, key->get_key(key), chunk_empty,
 							 my_id, this->reserved, &auth_data))
 		{
 			DBG1(DBG_IKE, "failed adding NO_PPK_AUTH notify");
@ -160,7 +165,7 @@ METHOD(authenticator_t, process, status_t,
 		keys_found++;

 		if (!keymat->get_psk_sig(keymat, TRUE, this->ike_sa_init, this->nonce,
-								 chunk_empty, key->get_key(key), this->ppk,
+								 this->int_auth, key->get_key(key), this->ppk,
 								 other_id, this->reserved, &auth_data))
 		{
 			continue;
@ -199,6 +204,12 @@ METHOD(authenticator_t, use_ppk, void,
 	this->no_ppk_auth = no_ppk_auth;
 }

+METHOD(authenticator_t, set_int_auth, void,
+	private_psk_authenticator_t *this, chunk_t int_auth)
+{
+	this->int_auth = int_auth;
+}
+
 METHOD(authenticator_t, destroy, void,
 	private_psk_authenticator_t *this)
 {
@ -220,6 +231,7 @@ psk_authenticator_t *psk_authenticator_create_builder(ike_sa_t *ike_sa,
 				.build = _build,
 				.process = (void*)return_failed,
 				.use_ppk = _use_ppk,
+				.set_int_auth = _set_int_auth,
 				.is_mutual = (void*)return_false,
 				.destroy = _destroy,
 			},
@ -248,6 +260,7 @@ psk_authenticator_t *psk_authenticator_create_verifier(ike_sa_t *ike_sa,
 				.build = (void*)return_failed,
 				.process = _process,
 				.use_ppk = _use_ppk,
+				.set_int_auth = _set_int_auth,
 				.is_mutual = (void*)return_false,
 				.destroy = _destroy,
 			},