sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-05 00:00:45 -04:00
Code Issues Projects Releases Wiki Activity

psk-authenticator: Handle IntAuth data

Browse Source
This commit is contained in:
Tobias Brunner 2019-08-20 16:36:13 +02:00 committed by Andreas Steffen
parent d82bd5e4fb
commit ddb77b9f75
1 changed files with 16 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/libcharon/sa/ikev2/authenticators/psk_authenticator.c
View File

@ -48,6 +48,11 @@ struct private_psk_authenticator_t {
*/
chunk_t ike_sa_init;
/**
* IntAuth data to include in AUTH calculation
*/
chunk_t int_auth;
/**
* Reserved bytes of ID payload
*/
@ -85,7 +90,7 @@ METHOD(authenticator_t, build, status_t,
return NOT_FOUND;
}
if (!keymat->get_psk_sig(keymat, FALSE, this->ike_sa_init, this->nonce,
chunk_empty, key->get_key(key), this->ppk,
this->int_auth, key->get_key(key), this->ppk,
my_id, this->reserved, &auth_data))
{
key->destroy(key);
@ -102,7 +107,7 @@ METHOD(authenticator_t, build, status_t,
if (this->no_ppk_auth)
{
if (!keymat->get_psk_sig(keymat, FALSE, this->ike_sa_init, this->nonce,
chunk_empty, key->get_key(key), chunk_empty,
this->int_auth, key->get_key(key), chunk_empty,
my_id, this->reserved, &auth_data))
{
DBG1(DBG_IKE, "failed adding NO_PPK_AUTH notify");
@ -159,7 +164,7 @@ METHOD(authenticator_t, process, status_t,
keys_found++;
if (!keymat->get_psk_sig(keymat, TRUE, this->ike_sa_init, this->nonce,
chunk_empty, key->get_key(key), this->ppk,
this->int_auth, key->get_key(key), this->ppk,
other_id, this->reserved, &auth_data))
{
continue;
@ -198,6 +203,12 @@ METHOD(authenticator_t, use_ppk, void,
this->no_ppk_auth = no_ppk_auth;
}
METHOD(authenticator_t, set_int_auth, void,
private_psk_authenticator_t *this, chunk_t int_auth)
{
this->int_auth = int_auth;
}
METHOD(authenticator_t, destroy, void,
private_psk_authenticator_t *this)
{
@ -219,6 +230,7 @@ psk_authenticator_t *psk_authenticator_create_builder(ike_sa_t *ike_sa,
.build = _build,
.process = (void*)return_failed,
.use_ppk = _use_ppk,
.set_int_auth = _set_int_auth,
.is_mutual = (void*)return_false,
.destroy = _destroy,
},
@ -247,6 +259,7 @@ psk_authenticator_t *psk_authenticator_create_verifier(ike_sa_t *ike_sa,
.build = (void*)return_failed,
.process = _process,
.use_ppk = _use_ppk,
.set_int_auth = _set_int_auth,
.is_mutual = (void*)return_false,
.destroy = _destroy,
},