*/
chunk_t sent_init;
+ /**
+ * IntAuth data to include in AUTH calculation
+ */
+ chunk_t int_auth;
+
/**
* Reserved bytes of ID payload
*/
other_id = this->ike_sa->get_other_id(this->ike_sa);
keymat = (keymat_v2_t*)this->ike_sa->get_keymat(this->ike_sa);
- if (!keymat->get_psk_sig(keymat, TRUE, init, nonce, chunk_empty, this->msk,
- this->ppk, other_id, this->reserved, &auth_data))
+ if (!keymat->get_psk_sig(keymat, TRUE, init, nonce, this->int_auth,
+ this->msk, this->ppk, other_id, this->reserved,
+ &auth_data))
{
return FALSE;
}
DBG1(DBG_IKE, "authentication of '%Y' (myself) with %N",
my_id, auth_class_names, AUTH_CLASS_EAP);
- if (!keymat->get_psk_sig(keymat, FALSE, init, nonce, chunk_empty, this->msk,
- this->ppk, my_id, this->reserved, &auth_data))
+ if (!keymat->get_psk_sig(keymat, FALSE, init, nonce, this->int_auth,
+ this->msk, this->ppk, my_id, this->reserved,
+ &auth_data))
{
return FALSE;
}
if (this->no_ppk_auth)
{
- if (!keymat->get_psk_sig(keymat, FALSE, init, nonce, chunk_empty,
+ if (!keymat->get_psk_sig(keymat, FALSE, init, nonce, this->int_auth,
this->msk, chunk_empty, my_id, this->reserved,
&auth_data))
{
this->no_ppk_auth = no_ppk_auth;
}
+METHOD(authenticator_t, set_int_auth, void,
+ private_eap_authenticator_t *this, chunk_t int_auth)
+{
+ this->int_auth = int_auth;
+}
+
METHOD(authenticator_t, destroy, void,
private_eap_authenticator_t *this)
{
.build = _build_client,
.process = _process_client,
.use_ppk = _use_ppk,
+ .set_int_auth = _set_int_auth,
.is_mutual = _is_mutual,
.destroy = _destroy,
},
.build = _build_server,
.process = _process_server,
.use_ppk = _use_ppk,
+ .set_int_auth = _set_int_auth,
.is_mutual = _is_mutual,
.destroy = _destroy,
},