From: Reto Buerki <reet@codelabs.ch>
Date: Thu, 6 Sep 2012 16:17:26 +0000 (+0200)
Subject: Call ike_isa_auth_psk in listener authorize hook
X-Git-Tag: 5.0.3rc1~39^2~64
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=39727696904fafbda04fbc02ccd058b12ec2a99a;p=thirdparty%2Fstrongswan.git

Call ike_isa_auth_psk in listener authorize hook

This exchange initiates the AUTH verification in the TKM.
---

diff --git a/src/charon-tkm/src/tkm/tkm_listener.c b/src/charon-tkm/src/tkm/tkm_listener.c
index 536ba78b2b..557b276b8b 100644
--- a/src/charon-tkm/src/tkm/tkm_listener.c
+++ b/src/charon-tkm/src/tkm/tkm_listener.c
@@ -18,9 +18,12 @@
 #include <encoding/payloads/auth_payload.h>
 #include <utils/chunk.h>
 #include <tkm/types.h>
+#include <tkm/constants.h>
+#include <tkm/client.h>
 
 #include "tkm_listener.h"
 #include "tkm_keymat.h"
+#include "tkm_utils.h"
 
 typedef struct private_tkm_listener_t private_tkm_listener_t;
 
@@ -56,9 +59,21 @@ METHOD(listener_t, authorize, bool,
 		*success = FALSE;
 	}
 
-	DBG1(DBG_IKE, "TKM based authentication successful"
-		   " for ISA context %llu", isa_id);
-	*success = TRUE;
+	signature_type signature;
+	chunk_to_sequence(auth, &signature);
+	if (ike_isa_auth_psk(isa_id, signature) != TKM_OK)
+	{
+		DBG1(DBG_IKE, "TKM based authentication failed"
+			 " for ISA context %llu", isa_id);
+		*success = FALSE;
+	}
+	else
+	{
+		DBG1(DBG_IKE, "TKM based authentication successful"
+			 " for ISA context %llu", isa_id);
+		*success = TRUE;
+	}
+
 	return TRUE;
 }