diff options
| author | Jan Hutter <jhutter@hsr.ch> | 2005-12-03 16:02:06 +0000 |
|---|---|---|
| committer | Jan Hutter <jhutter@hsr.ch> | 2005-12-03 16:02:06 +0000 |
| commit | aebb38a093d034e44d5ecf9773ff2903ed4a1d1e (patch) | |
| tree | 5b2fb87b38f2862ec3021f0b4fb2078176a14f36 /Source/charon | |
| parent | 8d68033e5cf37ea91eb160e7b8e1c2d171a356f7 (diff) | |
| download | strongswan-aebb38a093d034e44d5ecf9773ff2903ed4a1d1e.tar.bz2 strongswan-aebb38a093d034e44d5ecf9773ff2903ed4a1d1e.tar.xz | |
- preshared secrets are now retrieved over configuration_manager
Diffstat (limited to 'Source/charon')
| -rw-r--r-- | Source/charon/config/configuration_manager.c | 97 | ||||
| -rw-r--r-- | Source/charon/config/configuration_manager.h | 17 | ||||
| -rw-r--r-- | Source/charon/sa/authenticator.c | 142 | ||||
| -rw-r--r-- | Source/charon/sa/authenticator.h | 4 | ||||
| -rw-r--r-- | Source/charon/sa/ike_sa.c | 10 | ||||
| -rw-r--r-- | Source/charon/sa/ike_sa.h | 10 | ||||
| -rw-r--r-- | Source/charon/sa/states/ike_auth_requested.c | 2 | ||||
| -rw-r--r-- | Source/charon/sa/states/ike_sa_init_requested.c | 2 | ||||
| -rw-r--r-- | Source/charon/sa/states/ike_sa_init_responded.c | 4 | ||||
| -rw-r--r-- | Source/charon/utils/logger_manager.c | 10 |
10 files changed, 230 insertions, 68 deletions
diff --git a/Source/charon/config/configuration_manager.c b/Source/charon/config/configuration_manager.c index 3669facb2..725d53450 100644 --- a/Source/charon/config/configuration_manager.c +++ b/Source/charon/config/configuration_manager.c @@ -30,6 +30,26 @@ #include <daemon.h> #include <utils/allocator.h> + +typedef struct preshared_secret_entry_t preshared_secret_entry_t; + +/** + * An preshared secret entry combines an identifier with a + * preshared secret. + */ +struct preshared_secret_entry_t { + + /** + * Identification. + */ + identification_t *identification; + + /** + * Preshared secret as chunk + */ + chunk_t preshared_secret; +}; + typedef struct configuration_entry_t configuration_entry_t; /* A configuration entry combines a configuration name with a init and sa @@ -117,7 +137,11 @@ struct private_configuration_manager_t { * Holding all init_configs. */ linked_list_t *sa_configs; - + + /** + * Holding all preshared secrets. + */ + linked_list_t *preshared_secrets; /** * Assigned logger object. @@ -136,7 +160,7 @@ struct private_configuration_manager_t { u_int32_t first_retransmit_timeout; /** - * Load default configuration + * Adds a new IKE_SA configuration * * * @param this calling object @@ -147,6 +171,17 @@ struct private_configuration_manager_t { void (*add_new_configuration) (private_configuration_manager_t *this, char *name, init_config_t *init_config, sa_config_t *sa_config); /** + * Adds a new IKE_SA configuration + * + * + * @param this calling object + * @param type type of identification + * @param id_string identification as string + * @param preshared_secret preshared secret as string + */ + void (*add_new_preshared_secret) (private_configuration_manager_t *this,id_type_t type, char *id_string, char *preshared_secret); + + /** * Load default configuration * * @@ -242,6 +277,9 @@ static void load_default_config (private_configuration_manager_t *this) this->add_new_configuration(this,"pinflb30",init_config2,sa_config2); this->add_new_configuration(this,"localhost",init_config3,sa_config3); + this->add_new_preshared_secret(this,ID_IPV4_ADDR, "152.96.193.130","das ist ein sicheres wort"); + this->add_new_preshared_secret(this,ID_IPV4_ADDR, "152.96.193.131","das ist ein sicheres wort"); + this->add_new_preshared_secret(this,ID_IPV4_ADDR, "127.0.0.1","das ist ein sicheres wort"); } /** @@ -474,6 +512,48 @@ static void add_new_configuration (private_configuration_manager_t *this, char * this->configurations->insert_first(this->configurations,configuration_entry_create(name,init_config,sa_config)); } +/** + * Implementation of private_configuration_manager_t.add_new_preshared_secret. + */ +static void add_new_preshared_secret (private_configuration_manager_t *this,id_type_t type, char *id_string, char *preshared_secret) +{ + preshared_secret_entry_t *entry = allocator_alloc_thing(preshared_secret_entry_t); + + entry->identification = identification_create_from_string(type,id_string); + entry->preshared_secret.len = strlen(preshared_secret); + entry->preshared_secret.ptr = allocator_alloc(entry->preshared_secret.len); + memcpy(entry->preshared_secret.ptr,preshared_secret,entry->preshared_secret.len); + + this->preshared_secrets->insert_last(this->preshared_secrets,entry); +} + + +/** + * Implementation of configuration_manager_t.get_shared_secret. + */ +static status_t get_shared_secret(private_configuration_manager_t *this, identification_t *identification, chunk_t *preshared_secret) +{ + iterator_t *iterator; + + iterator = this->preshared_secrets->create_iterator(this->preshared_secrets,TRUE); + while (iterator->has_next(iterator)) + { + preshared_secret_entry_t *entry; + iterator->current(iterator,(void **) &entry); + if (entry->identification->equals(entry->identification,identification)) + { + *preshared_secret = entry->preshared_secret; + iterator->destroy(iterator); + return SUCCESS; + } + } + iterator->destroy(iterator); + return NOT_FOUND; +} + +/** + * Implementation of configuration_manager_t.destroy. + */ static status_t get_retransmit_timeout (private_configuration_manager_t *this, u_int32_t retransmit_count, u_int32_t *timeout) { if ((retransmit_count > this->max_retransmit_count) && (this->max_retransmit_count != 0)) @@ -523,6 +603,16 @@ static void destroy(private_configuration_manager_t *this) } this->init_configs->destroy(this->init_configs); + while (this->preshared_secrets->get_count(this->preshared_secrets) > 0) + { + preshared_secret_entry_t *entry; + this->preshared_secrets->remove_first(this->preshared_secrets,(void **) &entry); + entry->identification->destroy(entry->identification); + allocator_free_chunk(&(entry->preshared_secret)); + allocator_free(entry); + } + this->preshared_secrets->destroy(this->preshared_secrets); + this->logger->log(this->logger,CONTROL | MOST, "Destroy assigned logger"); charon->logger_manager->destroy_logger(charon->logger_manager,this->logger); allocator_free(this); @@ -542,16 +632,19 @@ configuration_manager_t *configuration_manager_create(u_int32_t first_retransmit this->public.get_sa_config_for_name =(status_t (*) (configuration_manager_t *, char *, sa_config_t **)) get_sa_config_for_name; this->public.get_sa_config_for_init_config_and_id =(status_t (*) (configuration_manager_t *, init_config_t *, identification_t *, identification_t *,sa_config_t **)) get_sa_config_for_init_config_and_id; this->public.get_retransmit_timeout = (status_t (*) (configuration_manager_t *, u_int32_t retransmit_count, u_int32_t *timeout))get_retransmit_timeout; + this->public.get_shared_secret = (status_t (*) (configuration_manager_t *, identification_t *, chunk_t *))get_shared_secret; /* private functions */ this->load_default_config = load_default_config; this->add_new_configuration = add_new_configuration; + this->add_new_preshared_secret = add_new_preshared_secret; /* private variables */ this->logger = charon->logger_manager->create_logger(charon->logger_manager,CONFIGURATION_MANAGER,NULL); this->configurations = linked_list_create(); this->sa_configs = linked_list_create(); this->init_configs = linked_list_create(); + this->preshared_secrets = linked_list_create(); this->max_retransmit_count = max_retransmit_count; this->first_retransmit_timeout = first_retransmit_timeout; diff --git a/Source/charon/config/configuration_manager.h b/Source/charon/config/configuration_manager.h index bc6c6e81f..fe01615a2 100644 --- a/Source/charon/config/configuration_manager.h +++ b/Source/charon/config/configuration_manager.h @@ -114,10 +114,25 @@ struct configuration_manager_t { * @param[out] timeout the new retransmit timeout in milliseconds * * @return - * - FAILED if the message should not be resent again + * - FAILED, if the message should not be resent again * - SUCCESS */ status_t (*get_retransmit_timeout) (configuration_manager_t *this, u_int32_t retransmit_count, u_int32_t *timeout); + + /** + * Get the preshared secret of a specific ID. + * + * The preshared secret gets not cloned. + * + * @param this calling object + * @param identification identification_t object identifiying the ID. + * @param[out] preshared_secret the preshared secret will be written there + * + * @return + * - NOT_FOUND if no preshared secrets is configured for specific id + * - SUCCESS + */ + status_t (*get_shared_secret) (configuration_manager_t *this, identification_t *identification, chunk_t *preshared_secret); /** * Destroys configuration manager diff --git a/Source/charon/sa/authenticator.c b/Source/charon/sa/authenticator.c index 978106b1f..8efbb70d4 100644 --- a/Source/charon/sa/authenticator.c +++ b/Source/charon/sa/authenticator.c @@ -23,6 +23,17 @@ #include "authenticator.h" #include <utils/allocator.h> +#include <daemon.h> + +/** + * Key pad for the AUTH method SHARED_KEY_MESSAGE_INTEGRITY_CODE. + */ +#define IKE_V2_KEY_PAD "Key Pad for IKEv2" + +/** + * Length of key pad in bytes. + */ +#define IKE_V2_KEY_PAD_LEN 17 typedef struct private_authenticator_t private_authenticator_t; @@ -37,9 +48,14 @@ struct private_authenticator_t { authenticator_t public; /** - * IKE_SA. + * Assigned IKE_SA. Needed to get prf function. */ protected_ike_sa_t *ike_sa; + + /** + * PRF function. Taken from the IKE_SA. + */ + prf_t *prf; /** * A logger for. @@ -51,45 +67,49 @@ struct private_authenticator_t { /** * TODO */ - chunk_t (*allocate_octets) (private_authenticator_t *this,chunk_t last_message, chunk_t other_nonce,id_payload_t *my_id); + chunk_t (*allocate_octets) (private_authenticator_t *this,chunk_t last_message, chunk_t other_nonce,id_payload_t *my_id, bool initiator); - chunk_t (*allocate_auth_data_with_preshared_secret) (private_authenticator_t *this,chunk_t octets,chunk_t preshared_secret); + chunk_t (*allocate_auth_data_with_preshared_secret) (private_authenticator_t *this,chunk_t last_message, chunk_t nonce,id_payload_t *id_payload, bool initiator,chunk_t preshared_secret); }; /** * Implementation of authenticator_t.private_authenticator_t. */ -static chunk_t allocate_octets(private_authenticator_t *this,chunk_t last_message, chunk_t other_nonce,id_payload_t *my_id) +static chunk_t allocate_octets(private_authenticator_t *this,chunk_t last_message, chunk_t other_nonce,id_payload_t *my_id, bool initiator) { chunk_t id_chunk = my_id->get_data(my_id); u_int8_t id_with_header[4 + id_chunk.len]; - chunk_t id_with_header_chunk; - chunk_t octets; + chunk_t id_with_header_chunk = {ptr:id_with_header, len: sizeof(id_with_header) }; u_int8_t *current_pos; - prf_t *prf; + chunk_t octets; id_with_header[0] = my_id->get_id_type(my_id); + /* TODO + * Reserved bytes are not in any case zero + */ id_with_header[1] = 0x00; id_with_header[2] = 0x00; id_with_header[3] = 0x00; memcpy(id_with_header + 4,id_chunk.ptr,id_chunk.len); - id_with_header_chunk.ptr = id_with_header; - id_with_header_chunk.len = sizeof(id_with_header); - - prf = this->ike_sa->get_prf(this->ike_sa); - - prf->set_key(prf,this->ike_sa->get_key_pr(this->ike_sa)); + if (initiator) + { + this->prf->set_key(this->prf,this->ike_sa->get_key_pi(this->ike_sa)); + } + else + { + this->prf->set_key(this->prf,this->ike_sa->get_key_pr(this->ike_sa)); + } /* 4 bytes are id type and reserved fields of id payload */ - octets.len = last_message.len + other_nonce.len + prf->get_block_size(prf); + octets.len = last_message.len + other_nonce.len + this->prf->get_block_size(this->prf); octets.ptr = allocator_alloc(octets.len); current_pos = octets.ptr; memcpy(current_pos,last_message.ptr,last_message.len); current_pos += last_message.len; memcpy(current_pos,other_nonce.ptr,other_nonce.len); current_pos += other_nonce.len; - prf->get_bytes(prf,id_with_header_chunk,current_pos); + this->prf->get_bytes(this->prf,id_with_header_chunk,current_pos); this->logger->log_chunk(this->logger,RAW | MOST, "Octets (Mesage + Nonce + prf(Sk_px,Idx)",&octets); return octets; @@ -98,46 +118,53 @@ static chunk_t allocate_octets(private_authenticator_t *this,chunk_t last_messag /** * Implementation of authenticator_t.allocate_auth_data_with_preshared_secret. */ -static chunk_t allocate_auth_data_with_preshared_secret (private_authenticator_t *this,chunk_t octets,chunk_t preshared_secret) +static chunk_t allocate_auth_data_with_preshared_secret (private_authenticator_t *this,chunk_t last_message, chunk_t nonce,id_payload_t *id_payload, bool initiator,chunk_t preshared_secret) { - prf_t *prf = this->ike_sa->get_prf(this->ike_sa); - chunk_t auth_data; - chunk_t key_pad; - chunk_t key; + chunk_t key_pad = {ptr: IKE_V2_KEY_PAD, len:IKE_V2_KEY_PAD_LEN}; + u_int8_t key_buffer[this->prf->get_block_size(this->prf)]; + chunk_t key = {ptr: key_buffer, len: sizeof(key_buffer)}; + chunk_t auth_data; + + chunk_t octets = this->allocate_octets(this,last_message,nonce,id_payload,initiator); - key_pad.ptr = "Key Pad for IKEv2"; - key_pad.len = strlen(key_pad.ptr); - - prf->set_key(prf,preshared_secret); - prf->allocate_bytes(prf,key_pad,&key); - prf->set_key(prf,key); - allocator_free_chunk(&key); - prf->allocate_bytes(prf,octets,&auth_data); - this->logger->log_chunk(this->logger,RAW | MORE, "Authenticated data",&auth_data); - + /* + * AUTH = prf(prf(Shared Secret,"Key Pad for IKEv2"), <msg octets>) + */ + + this->prf->set_key(this->prf,preshared_secret); + this->prf->get_bytes(this->prf,key_pad,key_buffer); + this->prf->set_key(this->prf,key); + this->prf->allocate_bytes(this->prf,octets,&auth_data); + allocator_free_chunk(&octets); + this->logger->log_chunk(this->logger,RAW | MOST, "Authenticated data",&auth_data); + return auth_data; } - /** * Implementation of authenticator_t.private_authenticator_t. */ -static status_t verify_auth_data (private_authenticator_t *this,auth_payload_t *auth_payload, chunk_t last_received_packet,chunk_t my_nonce,id_payload_t *other_id_payload,bool *verified) +static status_t verify_auth_data (private_authenticator_t *this,auth_payload_t *auth_payload, chunk_t last_received_packet,chunk_t my_nonce,id_payload_t *other_id_payload,bool initiator,bool *verified) { switch(auth_payload->get_auth_method(auth_payload)) { case SHARED_KEY_MESSAGE_INTEGRITY_CODE: { - chunk_t preshared_secret; - chunk_t auth_data = auth_payload->get_data(auth_payload); - preshared_secret.ptr = "secret"; - preshared_secret.len = strlen(preshared_secret.ptr); + identification_t *other_id =other_id_payload->get_identification(other_id_payload); + chunk_t auth_data = auth_payload->get_data(auth_payload); + chunk_t preshared_secret; + status_t status; + + status = charon->configuration_manager->get_shared_secret(charon->configuration_manager,other_id,&preshared_secret); + other_id->destroy(other_id); + if (status != SUCCESS) + { + return status; + } - chunk_t octets = this->allocate_octets(this,last_received_packet,my_nonce,other_id_payload); - chunk_t my_auth_data = this->allocate_auth_data_with_preshared_secret(this,octets,preshared_secret); - allocator_free_chunk(&octets); + chunk_t my_auth_data = this->allocate_auth_data_with_preshared_secret(this,last_received_packet,my_nonce,other_id_payload,initiator,preshared_secret); if (auth_data.len != my_auth_data.len) { @@ -166,38 +193,42 @@ static status_t verify_auth_data (private_authenticator_t *this,auth_payload_t * /** * Implementation of authenticator_t.compute_auth_data. */ -static status_t compute_auth_data (private_authenticator_t *this,auth_payload_t **auth_payload, chunk_t last_sent_packet,chunk_t other_nonce,id_payload_t *my_id_payload) +static status_t compute_auth_data (private_authenticator_t *this,auth_payload_t **auth_payload, chunk_t last_sent_packet,chunk_t other_nonce,id_payload_t *my_id_payload,bool initiator) { + sa_config_t *sa_config = this->ike_sa->get_sa_config(this->ike_sa); + -/* switch(auth_method) + switch(sa_config->get_auth_method(sa_config)) { case SHARED_KEY_MESSAGE_INTEGRITY_CODE: - {*/ - + { + identification_t *my_id =my_id_payload->get_identification(my_id_payload); chunk_t preshared_secret; + status_t status; - preshared_secret.ptr = "secret"; - preshared_secret.len = strlen(preshared_secret.ptr); - - chunk_t octets = this->allocate_octets(this,last_sent_packet,other_nonce,my_id_payload); - chunk_t auth_data = this->allocate_auth_data_with_preshared_secret(this,octets,preshared_secret); - allocator_free_chunk(&octets); + status = charon->configuration_manager->get_shared_secret(charon->configuration_manager,my_id,&preshared_secret); + + my_id->destroy(my_id); + if (status != SUCCESS) + { + return status; + } + + chunk_t auth_data = this->allocate_auth_data_with_preshared_secret(this,last_sent_packet,other_nonce,my_id_payload,initiator,preshared_secret); *auth_payload = auth_payload_create(); (*auth_payload)->set_auth_method((*auth_payload),SHARED_KEY_MESSAGE_INTEGRITY_CODE); (*auth_payload)->set_data((*auth_payload),auth_data); allocator_free_chunk(&auth_data); - allocator_free_chunk(&octets); - return SUCCESS; -/* } + } default: { return NOT_SUPPORTED; } - }*/ + } } /** @@ -217,8 +248,8 @@ authenticator_t *authenticator_create(protected_ike_sa_t *ike_sa) /* Public functions */ this->public.destroy = (void(*)(authenticator_t*))destroy; - this->public.verify_auth_data = (status_t (*) (authenticator_t *,auth_payload_t *, chunk_t ,chunk_t ,id_payload_t *,bool *)) verify_auth_data; - this->public.compute_auth_data = (status_t (*) (authenticator_t *,auth_payload_t **, chunk_t ,chunk_t ,id_payload_t *)) compute_auth_data; + this->public.verify_auth_data = (status_t (*) (authenticator_t *,auth_payload_t *, chunk_t ,chunk_t ,id_payload_t *,bool,bool *)) verify_auth_data; + this->public.compute_auth_data = (status_t (*) (authenticator_t *,auth_payload_t **, chunk_t ,chunk_t ,id_payload_t *,bool)) compute_auth_data; /* private functions */ this->allocate_octets = allocate_octets; @@ -226,6 +257,7 @@ authenticator_t *authenticator_create(protected_ike_sa_t *ike_sa) /* private data */ this->ike_sa = ike_sa; + this->prf = this->ike_sa->get_prf(this->ike_sa); this->logger = this->ike_sa->get_logger(this->ike_sa); return &(this->public); diff --git a/Source/charon/sa/authenticator.h b/Source/charon/sa/authenticator.h index 06cb96d2d..28b9db136 100644 --- a/Source/charon/sa/authenticator.h +++ b/Source/charon/sa/authenticator.h @@ -52,7 +52,7 @@ struct authenticator_t { * @return * - NOT_SUPPORTED if auth_method is not supported */ - status_t (*verify_auth_data) (authenticator_t *this,auth_payload_t *auth_payload, chunk_t last_received_packet,chunk_t my_nonce,id_payload_t *other_id_payload,bool *verified); + status_t (*verify_auth_data) (authenticator_t *this,auth_payload_t *auth_payload, chunk_t last_received_packet,chunk_t my_nonce,id_payload_t *other_id_payload, bool initiator,bool *verified); /** * @brief Verifying of given authentication data. @@ -62,7 +62,7 @@ struct authenticator_t { * @return * - NOT_SUPPORTED if auth_method is not supported */ - status_t (*compute_auth_data) (authenticator_t *this,auth_payload_t **auth_payload, chunk_t last_sent_packet,chunk_t other_nonce,id_payload_t *my_id_payload); + status_t (*compute_auth_data) (authenticator_t *this,auth_payload_t **auth_payload, chunk_t last_sent_packet,chunk_t other_nonce,id_payload_t *my_id_payload, bool initiator); /** * @brief Destroys a authenticator_t object. * diff --git a/Source/charon/sa/ike_sa.c b/Source/charon/sa/ike_sa.c index 1c18e3c74..2c45e5be0 100644 --- a/Source/charon/sa/ike_sa.c +++ b/Source/charon/sa/ike_sa.c @@ -567,6 +567,15 @@ static chunk_t get_key_pr (private_ike_sa_t *this) return this->secrets.pr_key; } + +/** + * Implementation of protected_ike_sa_t.get_key_pi. + */ +static chunk_t get_key_pi (private_ike_sa_t *this) +{ + return this->secrets.pi_key; +} + /** * Implementation of protected_ike_sa_t.set_prf. */ @@ -940,6 +949,7 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id) this->protected.compute_secrets = (void (*) (protected_ike_sa_t *,chunk_t ,chunk_t , chunk_t )) compute_secrets; this->protected.get_prf = (prf_t *(*) (protected_ike_sa_t *)) get_prf; this->protected.get_key_pr = (chunk_t (*) (protected_ike_sa_t *)) get_key_pr; + this->protected.get_key_pi = (chunk_t (*) (protected_ike_sa_t *)) get_key_pi; this->protected.get_logger = (logger_t *(*) (protected_ike_sa_t *)) get_logger; this->protected.set_init_config = (void (*) (protected_ike_sa_t *,init_config_t *)) set_init_config; this->protected.get_init_config = (init_config_t *(*) (protected_ike_sa_t *)) get_init_config; diff --git a/Source/charon/sa/ike_sa.h b/Source/charon/sa/ike_sa.h index 9402bf1d2..ffc9bd2f4 100644 --- a/Source/charon/sa/ike_sa.h +++ b/Source/charon/sa/ike_sa.h @@ -358,6 +358,16 @@ struct protected_ike_sa_t { * @return SK_pr key */ chunk_t (*get_key_pr) (protected_ike_sa_t *this); + + /** + * Gets the Shared key SK_pi. + * + * Returned value is not cloned! + * + * @param this calling object + * @return SK_pr key + */ + chunk_t (*get_key_pi) (protected_ike_sa_t *this); /** * Resets message id counters and does destroy stored received and sent messages. diff --git a/Source/charon/sa/states/ike_auth_requested.c b/Source/charon/sa/states/ike_auth_requested.c index 33c050e41..041185ca2 100644 --- a/Source/charon/sa/states/ike_auth_requested.c +++ b/Source/charon/sa/states/ike_auth_requested.c @@ -353,7 +353,7 @@ static status_t process_auth_payload(private_ike_auth_requested_t *this, auth_pa /* TODO VERIFY auth here */ authenticator = authenticator_create(this->ike_sa); - status = authenticator->verify_auth_data(authenticator,auth_payload,this->ike_sa_init_reply_data,this->sent_nonce,other_id_payload,&verified); + status = authenticator->verify_auth_data(authenticator,auth_payload,this->ike_sa_init_reply_data,this->sent_nonce,other_id_payload,FALSE,&verified); authenticator->destroy(authenticator); if (status != SUCCESS) { diff --git a/Source/charon/sa/states/ike_sa_init_requested.c b/Source/charon/sa/states/ike_sa_init_requested.c index 1013eaedc..967aebb2b 100644 --- a/Source/charon/sa/states/ike_sa_init_requested.c +++ b/Source/charon/sa/states/ike_sa_init_requested.c @@ -506,7 +506,7 @@ static status_t build_auth_payload (private_ike_sa_init_requested_t *this, paylo status_t status; authenticator = authenticator_create(this->ike_sa); - status = authenticator->compute_auth_data(authenticator,&auth_payload,this->ike_sa_init_request_data,this->received_nonce,my_id_payload); + status = authenticator->compute_auth_data(authenticator,&auth_payload,this->ike_sa_init_request_data,this->received_nonce,my_id_payload,TRUE); authenticator->destroy(authenticator); if (status != SUCCESS) diff --git a/Source/charon/sa/states/ike_sa_init_responded.c b/Source/charon/sa/states/ike_sa_init_responded.c index 31d41cbf4..1dd16f669 100644 --- a/Source/charon/sa/states/ike_sa_init_responded.c +++ b/Source/charon/sa/states/ike_sa_init_responded.c @@ -356,7 +356,7 @@ static status_t build_auth_payload(private_ike_sa_init_responded_t *this, auth_p authenticator = authenticator_create(this->ike_sa); - status = authenticator->verify_auth_data(authenticator,auth_request, this->ike_sa_init_request_data,this->sent_nonce,other_id_payload,&verified); + status = authenticator->verify_auth_data(authenticator,auth_request, this->ike_sa_init_request_data,this->sent_nonce,other_id_payload,TRUE,&verified); if (status != SUCCESS) { @@ -371,7 +371,7 @@ static status_t build_auth_payload(private_ike_sa_init_responded_t *this, auth_p return FAILED; } - status = authenticator->compute_auth_data(authenticator,&auth_reply, this->ike_sa_init_response_data,this->received_nonce,my_id_payload); + status = authenticator->compute_auth_data(authenticator,&auth_reply, this->ike_sa_init_response_data,this->received_nonce,my_id_payload,FALSE); authenticator->destroy(authenticator); if (status != SUCCESS) { diff --git a/Source/charon/utils/logger_manager.c b/Source/charon/utils/logger_manager.c index 631f8f112..91f83a7f4 100644 --- a/Source/charon/utils/logger_manager.c +++ b/Source/charon/utils/logger_manager.c @@ -148,12 +148,12 @@ static logger_t *create_logger(private_logger_manager_t *this, logger_context_t case IKE_SA: logger_level |= FULL; case IKE_SA_MANAGER: - case MESSAGE: - case ENCRYPTION_PAYLOAD: case WORKER: case CONFIGURATION_MANAGER: logger_level |= ALL; - case PARSER: + case MESSAGE: + case ENCRYPTION_PAYLOAD: + case GENERATOR: case THREAD_POOL: case SCHEDULER: @@ -161,8 +161,10 @@ static logger_t *create_logger(private_logger_manager_t *this, logger_context_t case RECEIVER: case SOCKET: case DAEMON: + logger_level |= CONTROL; + case PARSER: log_thread_ids = FALSE; - logger_level |= ERROR|CONTROL; + logger_level |= ERROR; break; } |