psk-authenticator: Handle IntAuth data

diff --git a/src/libcharon/sa/ikev2/authenticators/psk_authenticator.c b/src/libcharon/sa/ikev2/authenticators/psk_authenticator.c
index 5e1cbb7122be4527cbbf91b75dbd7e1c94361658..19acc0f954f71adecff2244d85ae37ef3fc8a156 100644 (file)
--- a/src/libcharon/sa/ikev2/authenticators/psk_authenticator.c
+++ b/src/libcharon/sa/ikev2/authenticators/psk_authenticator.c
@@ -49,6 +49,11 @@ struct private_psk_authenticator_t {
         */
        chunk_t ike_sa_init;
 
+       /**
+        * IntAuth data to include in AUTH calculation
+        */
+       chunk_t int_auth;
+
        /**
         * Reserved bytes of ID payload
         */
@@ -86,7 +91,7 @@ METHOD(authenticator_t, build, status_t,
                return NOT_FOUND;
        }
        if (!keymat->get_psk_sig(keymat, FALSE, this->ike_sa_init, this->nonce,
-                                                        chunk_empty, key->get_key(key), this->ppk,
+                                                        this->int_auth, key->get_key(key), this->ppk,
                                                         my_id, this->reserved, &auth_data))
        {
                key->destroy(key);
@@ -103,7 +108,7 @@ METHOD(authenticator_t, build, status_t,
        if (this->no_ppk_auth)
        {
                if (!keymat->get_psk_sig(keymat, FALSE, this->ike_sa_init, this->nonce,
-                                                        chunk_empty, key->get_key(key), chunk_empty,
+                                                        this->int_auth, key->get_key(key), chunk_empty,
                                                         my_id, this->reserved, &auth_data))
                {
                        DBG1(DBG_IKE, "failed adding NO_PPK_AUTH notify");
@@ -160,7 +165,7 @@ METHOD(authenticator_t, process, status_t,
                keys_found++;
 
                if (!keymat->get_psk_sig(keymat, TRUE, this->ike_sa_init, this->nonce,
-                                                                chunk_empty, key->get_key(key), this->ppk,
+                                                                this->int_auth, key->get_key(key), this->ppk,
                                                                 other_id, this->reserved, &auth_data))
                {
                        continue;
@@ -199,6 +204,12 @@ METHOD(authenticator_t, use_ppk, void,
        this->no_ppk_auth = no_ppk_auth;
 }
 
+METHOD(authenticator_t, set_int_auth, void,
+       private_psk_authenticator_t *this, chunk_t int_auth)
+{
+       this->int_auth = int_auth;
+}
+
 METHOD(authenticator_t, destroy, void,
        private_psk_authenticator_t *this)
 {
@@ -220,6 +231,7 @@ psk_authenticator_t *psk_authenticator_create_builder(ike_sa_t *ike_sa,
                                .build = _build,
                                .process = (void*)return_failed,
                                .use_ppk = _use_ppk,
+                               .set_int_auth = _set_int_auth,
                                .is_mutual = (void*)return_false,
                                .destroy = _destroy,
                        },
@@ -248,6 +260,7 @@ psk_authenticator_t *psk_authenticator_create_verifier(ike_sa_t *ike_sa,
                                .build = (void*)return_failed,
                                .process = _process,
                                .use_ppk = _use_ppk,
+                               .set_int_auth = _set_int_auth,
                                .is_mutual = (void*)return_false,
                                .destroy = _destroy,
                        },