METHOD(bus_t, ike_keys, void,
private_bus_t *this, ike_sa_t *ike_sa, diffie_hellman_t *dh,
chunk_t dh_other, chunk_t nonce_i, chunk_t nonce_r,
- ike_sa_t *rekey, shared_key_t *shared)
+ ike_sa_t *rekey, shared_key_t *shared, auth_method_t method)
{
enumerator_t *enumerator;
entry_t *entry;
}
entry->calling++;
keep = entry->listener->ike_keys(entry->listener, ike_sa, dh, dh_other,
- nonce_i, nonce_r, rekey, shared);
+ nonce_i, nonce_r, rekey, shared,
+ method);
entry->calling--;
if (!keep)
{
* @param nonce_r responder's nonce
* @param rekey IKE_SA we are rekeying, if any (IKEv2 only)
* @param shared shared key used for key derivation (IKEv1-PSK only)
+ * @param method auth method for key derivation (IKEv1-non-PSK only)
*/
void (*ike_keys)(bus_t *this, ike_sa_t *ike_sa, diffie_hellman_t *dh,
chunk_t dh_other, chunk_t nonce_i, chunk_t nonce_r,
- ike_sa_t *rekey, shared_key_t *shared);
+ ike_sa_t *rekey, shared_key_t *shared,
+ auth_method_t method);
/**
* IKE_SA derived keys hook.
* @param nonce_r responder's nonce
* @param rekey IKE_SA we are rekeying, if any (IKEv2 only)
* @param shared shared key used for key derivation (IKEv1-PSK only)
+ * @param method auth method for key derivation (IKEv1-non-PSK only)
* @return TRUE to stay registered, FALSE to unregister
*/
bool (*ike_keys)(listener_t *this, ike_sa_t *ike_sa, diffie_hellman_t *dh,
chunk_t dh_other, chunk_t nonce_i, chunk_t nonce_r,
- ike_sa_t *rekey, shared_key_t *shared);
+ ike_sa_t *rekey, shared_key_t *shared,
+ auth_method_t method);
/**
* Hook called with derived IKE_SA keys.
chunk_t dh_local = chunk_empty, dh_remote = chunk_empty, psk = chunk_empty;
host_t *other = NULL;
bool ok = FALSE;
+ auth_method_t method = AUTH_RSA;
enumerator = message->create_attribute_enumerator(message);
while (enumerator->enumerate(enumerator, &attribute, &value))
case HA_ALG_DH:
dh_grp = value.u16;
break;
+ case HA_AUTH_METHOD:
+ method = value.u16;
default:
break;
}
{
keymat_v1_t *keymat_v1 = (keymat_v1_t*)ike_sa->get_keymat(ike_sa);
shared_key_t *shared = NULL;
- auth_method_t method = AUTH_RSA;
if (psk.len)
{
METHOD(listener_t, ike_keys, bool,
private_ha_ike_t *this, ike_sa_t *ike_sa, diffie_hellman_t *dh,
chunk_t dh_other, chunk_t nonce_i, chunk_t nonce_r, ike_sa_t *rekey,
- shared_key_t *shared)
+ shared_key_t *shared, auth_method_t method)
{
ha_message_t *m;
chunk_t secret;
{
m->add_attribute(m, HA_PSK, shared->get_key(shared));
}
+ else
+ {
+ m->add_attribute(m, HA_AUTH_METHOD, method);
+ }
}
m->add_attribute(m, HA_REMOTE_ADDR, ike_sa->get_other_host(ike_sa));
case HA_OUTBOUND_CPI:
case HA_SEGMENT:
case HA_ESN:
+ case HA_AUTH_METHOD:
{
uint16_t val;
case HA_OUTBOUND_CPI:
case HA_SEGMENT:
case HA_ESN:
+ case HA_AUTH_METHOD:
{
if (this->buf.len < sizeof(uint16_t))
{
HA_PSK,
/** chunk_t, IV for next IKEv1 message */
HA_IV,
+ /** uint16_t, auth_method_t for IKEv1 key derivation */
+ HA_AUTH_METHOD,
};
/**
return FALSE;
}
charon->bus->ike_keys(charon->bus, this->ike_sa, this->dh, this->dh_value,
- this->nonce_i, this->nonce_r, NULL, shared_key);
+ this->nonce_i, this->nonce_r, NULL, shared_key,
+ method);
DESTROY_IF(shared_key);
return TRUE;
}
return FALSE;
}
charon->bus->ike_keys(charon->bus, this->ike_sa, this->dh, chunk_empty,
- nonce_i, nonce_r, this->old_sa, NULL);
+ nonce_i, nonce_r, this->old_sa, NULL, AUTH_NONE);
return TRUE;
}
projects / thirdparty / strongswan.git / commitdiff
