From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 20 Aug 2019 14:36:13 +0000 (+0200)
Subject: psk-authenticator: Handle IntAuth data
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cc87762cb83b5590ed362a822b8894e1a7275a12;p=thirdparty%2Fstrongswan.git

psk-authenticator: Handle IntAuth data
---

diff --git a/src/libcharon/sa/ikev2/authenticators/psk_authenticator.c b/src/libcharon/sa/ikev2/authenticators/psk_authenticator.c
index 5e1cbb7122..19acc0f954 100644
--- a/src/libcharon/sa/ikev2/authenticators/psk_authenticator.c
+++ b/src/libcharon/sa/ikev2/authenticators/psk_authenticator.c
@@ -49,6 +49,11 @@ struct private_psk_authenticator_t {
 	 */
 	chunk_t ike_sa_init;
 
+	/**
+	 * IntAuth data to include in AUTH calculation
+	 */
+	chunk_t int_auth;
+
 	/**
 	 * Reserved bytes of ID payload
 	 */
@@ -86,7 +91,7 @@ METHOD(authenticator_t, build, status_t,
 		return NOT_FOUND;
 	}
 	if (!keymat->get_psk_sig(keymat, FALSE, this->ike_sa_init, this->nonce,
-							 chunk_empty, key->get_key(key), this->ppk,
+							 this->int_auth, key->get_key(key), this->ppk,
 							 my_id, this->reserved, &auth_data))
 	{
 		key->destroy(key);
@@ -103,7 +108,7 @@ METHOD(authenticator_t, build, status_t,
 	if (this->no_ppk_auth)
 	{
 		if (!keymat->get_psk_sig(keymat, FALSE, this->ike_sa_init, this->nonce,
-							 chunk_empty, key->get_key(key), chunk_empty,
+							 this->int_auth, key->get_key(key), chunk_empty,
 							 my_id, this->reserved, &auth_data))
 		{
 			DBG1(DBG_IKE, "failed adding NO_PPK_AUTH notify");
@@ -160,7 +165,7 @@ METHOD(authenticator_t, process, status_t,
 		keys_found++;
 
 		if (!keymat->get_psk_sig(keymat, TRUE, this->ike_sa_init, this->nonce,
-								 chunk_empty, key->get_key(key), this->ppk,
+								 this->int_auth, key->get_key(key), this->ppk,
 								 other_id, this->reserved, &auth_data))
 		{
 			continue;
@@ -199,6 +204,12 @@ METHOD(authenticator_t, use_ppk, void,
 	this->no_ppk_auth = no_ppk_auth;
 }
 
+METHOD(authenticator_t, set_int_auth, void,
+	private_psk_authenticator_t *this, chunk_t int_auth)
+{
+	this->int_auth = int_auth;
+}
+
 METHOD(authenticator_t, destroy, void,
 	private_psk_authenticator_t *this)
 {
@@ -220,6 +231,7 @@ psk_authenticator_t *psk_authenticator_create_builder(ike_sa_t *ike_sa,
 				.build = _build,
 				.process = (void*)return_failed,
 				.use_ppk = _use_ppk,
+				.set_int_auth = _set_int_auth,
 				.is_mutual = (void*)return_false,
 				.destroy = _destroy,
 			},
@@ -248,6 +260,7 @@ psk_authenticator_t *psk_authenticator_create_verifier(ike_sa_t *ike_sa,
 				.build = (void*)return_failed,
 				.process = _process,
 				.use_ppk = _use_ppk,
+				.set_int_auth = _set_int_auth,
 				.is_mutual = (void*)return_false,
 				.destroy = _destroy,
 			},