Include the used reserved bytes from ID payloads in AUTH calculation

author: Martin Willi <martin@revosec.ch> 2010-11-25 11:35:43 +0100
committer: Martin Willi <martin@revosec.ch> 2011-01-05 16:45:53 +0100
commit: 5f15faebc81682a9814bb8e5ae46001de69d4717 (patch)
tree: 32e2bc495da23400cef5c4776b93e19c5b16bdd8 /src/conftest/hooks/pretend_auth.c
parent: 502edf425fa0538a73c46965844ad5b713b6054f (diff)
download: strongswan-5f15faebc81682a9814bb8e5ae46001de69d4717.tar.bz2
strongswan-5f15faebc81682a9814bb8e5ae46001de69d4717.tar.xz
1 files changed, 6 insertions, 1 deletions
diff --git a/src/conftest/hooks/pretend_auth.c b/src/conftest/hooks/pretend_auth.c
index 451c414bd..4b7168cac 100644
--- a/src/conftest/hooks/pretend_auth.c
+++ b/src/conftest/hooks/pretend_auth.c
@@ -40,6 +40,11 @@ struct private_pretend_auth_t {
 	identification_t *id;
 
 	/**
+	 * reserved bytes of ID payload
+	 */
+	char reserved[3];
+
+	/**
 	 * IKE_SA_INIT data for signature
 	 */
 	chunk_t ike_init;
@@ -232,7 +237,7 @@ static bool build_auth(private_pretend_auth_t *this,
 	}
 	keymat = ike_sa->get_keymat(ike_sa);
 	octets = keymat->get_auth_octets(keymat, TRUE, this->ike_init,
-									 this->nonce, this->id);
+									 this->nonce, this->id, this->reserved);
 	if (!private->sign(private, scheme, octets, &auth_data))
 	{
 		chunk_free(&octets);
author	Martin Willi <martin@revosec.ch>	2010-11-25 11:35:43 +0100
committer	Martin Willi <martin@revosec.ch>	2011-01-05 16:45:53 +0100
commit	5f15faebc81682a9814bb8e5ae46001de69d4717 (patch)
tree	32e2bc495da23400cef5c4776b93e19c5b16bdd8 /src/conftest/hooks/pretend_auth.c
parent	502edf425fa0538a73c46965844ad5b713b6054f (diff)
download	strongswan-5f15faebc81682a9814bb8e5ae46001de69d4717.tar.bz2 strongswan-5f15faebc81682a9814bb8e5ae46001de69d4717.tar.xz