From: Adrian-Ken Rueegsegger <ken@codelabs.ch>
Date: Wed, 7 Nov 2012 16:54:24 +0000 (+0100)
Subject: Store peer IKE init message
X-Git-Tag: 5.0.3rc1~39^2~39
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=49b1fdb24aa610b9ec9a8af5dbcb14442719b603;p=thirdparty%2Fstrongswan.git

Store peer IKE init message

The IKE init message sent to us by the peer is needed for authentication
in the authorization hook. Store the message as chunk in the keymat and
provide a getter to make it available.
---

diff --git a/src/charon-tkm/src/tkm/tkm_keymat.c b/src/charon-tkm/src/tkm/tkm_keymat.c
index 9beb10430a..2fc5d60ebb 100644
--- a/src/charon-tkm/src/tkm/tkm_keymat.c
+++ b/src/charon-tkm/src/tkm/tkm_keymat.c
@@ -66,6 +66,11 @@ struct private_tkm_keymat_t {
 	 */
 	chunk_t auth_payload;
 
+	/**
+	 * Peer init message chunk.
+	 */
+	chunk_t other_init_msg;
+
 };
 
 /**
@@ -357,6 +362,11 @@ METHOD(keymat_v2_t, get_auth_octets, bool,
 	private_tkm_keymat_t *this, bool verify, chunk_t ike_sa_init,
 	chunk_t nonce, identification_t *id, char reserved[3], chunk_t *octets)
 {
+	if (verify)
+	{
+		/* store peer init message for authentication step */
+		this->other_init_msg = chunk_clone(ike_sa_init);
+	}
 	DBG1(DBG_IKE, "returning auth octets");
 	*octets = chunk_empty;
 	return TRUE;
@@ -432,6 +442,7 @@ METHOD(keymat_t, destroy, void,
 	DESTROY_IF(this->aead_in);
 	DESTROY_IF(this->aead_out);
 	chunk_free(&this->auth_payload);
+	chunk_free(&this->other_init_msg);
 	free(this);
 }
 
@@ -453,6 +464,12 @@ METHOD(tkm_keymat_t, get_auth_payload, chunk_t*,
 	return &this->auth_payload;
 }
 
+METHOD(tkm_keymat_t, get_peer_init_msg, chunk_t*,
+	private_tkm_keymat_t *this)
+{
+	return &this->other_init_msg;
+}
+
 /**
  * See header.
  */
@@ -479,11 +496,13 @@ tkm_keymat_t *tkm_keymat_create(bool initiator)
 			.get_isa_id = _get_isa_id,
 			.set_auth_payload = _set_auth_payload,
 			.get_auth_payload = _get_auth_payload,
+			.get_peer_init_msg = _get_peer_init_msg,
 		},
 		.initiator = initiator,
 		.isa_ctx_id = tkm->idmgr->acquire_id(tkm->idmgr, TKM_CTX_ISA),
 		.ae_ctx_id = 0,
 		.auth_payload = chunk_empty,
+		.other_init_msg = chunk_empty,
 	);
 
 	if (!this->isa_ctx_id)
diff --git a/src/charon-tkm/src/tkm/tkm_keymat.h b/src/charon-tkm/src/tkm/tkm_keymat.h
index 16f2f2a49c..207f9728e4 100644
--- a/src/charon-tkm/src/tkm/tkm_keymat.h
+++ b/src/charon-tkm/src/tkm/tkm_keymat.h
@@ -52,6 +52,13 @@ struct tkm_keymat_t {
 	 */
 	chunk_t* (*get_auth_payload)(tkm_keymat_t * const this);
 
+	/**
+	 * Get IKE init message of peer.
+	 *
+	 * @return				init message if set, chunk_empty otherwise
+	 */
+	chunk_t* (*get_peer_init_msg)(tkm_keymat_t * const this);
+
 };
 
 /**