From: Martin Willi Date: Wed, 14 Dec 2011 08:44:39 +0000 (+0100) Subject: Added hybrid authentication support to Main Mode X-Git-Tag: 5.0.0~338^2~9^2~217 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d548435a02f26cb7d3624349107f8b062d48556e;p=thirdparty%2Fstrongswan.git Added hybrid authentication support to Main Mode --- diff --git a/src/libcharon/sa/keymat_v1.c b/src/libcharon/sa/keymat_v1.c index 8d384143c6..100c9526a9 100755 --- a/src/libcharon/sa/keymat_v1.c +++ b/src/libcharon/sa/keymat_v1.c @@ -429,6 +429,8 @@ METHOD(keymat_v1_t, derive_ike_keys, bool, case AUTH_RSA: case AUTH_XAUTH_INIT_RSA: case AUTH_XAUTH_RESP_RSA: + case AUTH_HYBRID_INIT_RSA: + case AUTH_HYBRID_RESP_RSA: { this->prf->set_key(this->prf, nonces); this->prf->allocate_bytes(this->prf, g_xy, &this->skeyid); diff --git a/src/libcharon/sa/tasks/main_mode.c b/src/libcharon/sa/tasks/main_mode.c index 0e936209f1..f60bda768a 100755 --- a/src/libcharon/sa/tasks/main_mode.c +++ b/src/libcharon/sa/tasks/main_mode.c @@ -327,7 +327,11 @@ static auth_method_t get_auth_method(private_main_mode_t *this, return AUTH_XAUTH_RESP_PSK; } } - /* TODO-IKEv1: Hybrid methods? */ + if (i1 == AUTH_CLASS_XAUTH && r1 == AUTH_CLASS_PUBKEY && + i2 == AUTH_CLASS_ANY && r2 == AUTH_CLASS_ANY) + { + return AUTH_HYBRID_INIT_RSA; + } return AUTH_NONE;; } @@ -883,11 +887,13 @@ METHOD(task_t, build_r, status_t, { case AUTH_XAUTH_INIT_PSK: case AUTH_XAUTH_INIT_RSA: + case AUTH_HYBRID_INIT_RSA: this->ike_sa->queue_task(this->ike_sa, (task_t*)xauth_create(this->ike_sa, TRUE)); return SUCCESS; case AUTH_XAUTH_RESP_PSK: case AUTH_XAUTH_RESP_RSA: + case AUTH_HYBRID_RESP_RSA: /* TODO-IKEv1: not yet supported */ return FAILED; default: @@ -992,10 +998,12 @@ METHOD(task_t, process_i, status_t, { case AUTH_XAUTH_INIT_PSK: case AUTH_XAUTH_INIT_RSA: + case AUTH_HYBRID_INIT_RSA: /* wait for XAUTH request */ return SUCCESS; case AUTH_XAUTH_RESP_PSK: case AUTH_XAUTH_RESP_RSA: + case AUTH_HYBRID_RESP_RSA: /* TODO-IKEv1: not yet */ return FAILED; default: