From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 20 Aug 2019 14:38:01 +0000 (+0200)
Subject: pubkey-authenticator: Handle IntAuth data
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3bb5be2fa6022c62268818a3d4c28ecc838ffa7b;p=thirdparty%2Fstrongswan.git

pubkey-authenticator: Handle IntAuth data
---

diff --git a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
index 2e72aa83a1..1570cc5926 100644
--- a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
+++ b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
@@ -53,6 +53,11 @@ struct private_pubkey_authenticator_t {
 	 */
 	chunk_t ike_sa_init;
 
+	/**
+	 * IntAuth data to include in AUTH calculation
+	 */
+	chunk_t int_auth;
+
 	/**
 	 * Reserved bytes of ID payload
 	 */
@@ -325,7 +330,7 @@ static status_t sign_signature_auth(private_pubkey_authenticator_t *this,
 	}
 
 	if (keymat->get_auth_octets(keymat, FALSE, this->ike_sa_init, this->nonce,
-								chunk_empty, this->ppk, id, this->reserved,
+								this->int_auth, this->ppk, id, this->reserved,
 								&octets, schemes))
 	{
 		enumerator = array_create_enumerator(schemes);
@@ -348,7 +353,7 @@ static status_t sign_signature_auth(private_pubkey_authenticator_t *this,
 				chunk_free(&octets);
 
 				if (keymat->get_auth_octets(keymat, FALSE, this->ike_sa_init,
-											this->nonce, chunk_empty,
+											this->nonce, this->int_auth,
 											chunk_empty, id, this->reserved,
 											&octets, schemes) &&
 					private->sign(private, params->scheme, params->params,
@@ -412,7 +417,7 @@ static bool get_auth_octets_scheme(private_pubkey_authenticator_t *this,
 
 	keymat = (keymat_v2_t*)this->ike_sa->get_keymat(this->ike_sa);
 	if (keymat->get_auth_octets(keymat, verify, this->ike_sa_init, this->nonce,
-								chunk_empty, ppk, id, this->reserved, octets,
+								this->int_auth, ppk, id, this->reserved, octets,
 								schemes) &&
 		array_remove(schemes, 0, scheme))
 	{
@@ -694,6 +699,12 @@ METHOD(authenticator_t, use_ppk, void,
 	this->no_ppk_auth = no_ppk_auth;
 }
 
+METHOD(authenticator_t, set_int_auth, void,
+	private_pubkey_authenticator_t *this, chunk_t int_auth)
+{
+	this->int_auth = int_auth;
+}
+
 METHOD(authenticator_t, destroy, void,
 	private_pubkey_authenticator_t *this)
 {
@@ -715,6 +726,7 @@ pubkey_authenticator_t *pubkey_authenticator_create_builder(ike_sa_t *ike_sa,
 				.build = _build,
 				.process = (void*)return_failed,
 				.use_ppk = _use_ppk,
+				.set_int_auth = _set_int_auth,
 				.is_mutual = (void*)return_false,
 				.destroy = _destroy,
 			},
@@ -743,6 +755,7 @@ pubkey_authenticator_t *pubkey_authenticator_create_verifier(ike_sa_t *ike_sa,
 				.build = (void*)return_failed,
 				.process = _process,
 				.use_ppk = _use_ppk,
+				.set_int_auth = _set_int_auth,
 				.is_mutual = (void*)return_false,
 				.destroy = _destroy,
 			},