Added hybrid authentication support to Main Mode

diff --git a/src/libcharon/sa/keymat_v1.c b/src/libcharon/sa/keymat_v1.c
index 8d384143c608c35577f1ebfdb1471077b1c5f6ab..100c9526a98e41463ab903efdfaf633cb4c06efd 100755 (executable)
--- a/src/libcharon/sa/keymat_v1.c
+++ b/src/libcharon/sa/keymat_v1.c
@@ -429,6 +429,8 @@ METHOD(keymat_v1_t, derive_ike_keys, bool,
                case AUTH_RSA:
                case AUTH_XAUTH_INIT_RSA:
                case AUTH_XAUTH_RESP_RSA:
+               case AUTH_HYBRID_INIT_RSA:
+               case AUTH_HYBRID_RESP_RSA:
                {
                        this->prf->set_key(this->prf, nonces);
                        this->prf->allocate_bytes(this->prf, g_xy, &this->skeyid);

diff --git a/src/libcharon/sa/tasks/main_mode.c b/src/libcharon/sa/tasks/main_mode.c
index 0e936209f1e136166ac85e59814642c91d504fcc..f60bda768a2ed452ad3977642eb5b5bdda1ea83b 100755 (executable)
--- a/src/libcharon/sa/tasks/main_mode.c
+++ b/src/libcharon/sa/tasks/main_mode.c
@@ -327,7 +327,11 @@ static auth_method_t get_auth_method(private_main_mode_t *this,
                        return AUTH_XAUTH_RESP_PSK;
                }
        }
-       /* TODO-IKEv1: Hybrid methods? */
+       if (i1 == AUTH_CLASS_XAUTH && r1 == AUTH_CLASS_PUBKEY &&
+               i2 == AUTH_CLASS_ANY && r2 == AUTH_CLASS_ANY)
+       {
+               return AUTH_HYBRID_INIT_RSA;
+       }
        return AUTH_NONE;;
 }
 
@@ -883,11 +887,13 @@ METHOD(task_t, build_r, status_t,
                        {
                                case AUTH_XAUTH_INIT_PSK:
                                case AUTH_XAUTH_INIT_RSA:
+                               case AUTH_HYBRID_INIT_RSA:
                                        this->ike_sa->queue_task(this->ike_sa,
                                                                        (task_t*)xauth_create(this->ike_sa, TRUE));
                                        return SUCCESS;
                                case AUTH_XAUTH_RESP_PSK:
                                case AUTH_XAUTH_RESP_RSA:
+                               case AUTH_HYBRID_RESP_RSA:
                                        /* TODO-IKEv1: not yet supported */
                                        return FAILED;
                                default:
@@ -992,10 +998,12 @@ METHOD(task_t, process_i, status_t,
                        {
                                case AUTH_XAUTH_INIT_PSK:
                                case AUTH_XAUTH_INIT_RSA:
+                               case AUTH_HYBRID_INIT_RSA:
                                        /* wait for XAUTH request */
                                        return SUCCESS;
                                case AUTH_XAUTH_RESP_PSK:
                                case AUTH_XAUTH_RESP_RSA:
+                               case AUTH_HYBRID_RESP_RSA:
                                        /* TODO-IKEv1: not yet */
                                        return FAILED;
                                default: