diff options
author | Thomas Egerer <thomas.egerer@secunet.com> | 2016-02-01 18:15:15 +0100 |
---|---|---|
committer | Tobias Brunner <tobias@strongswan.org> | 2016-03-04 16:19:53 +0100 |
commit | c8a0781334a1ebb43b31c613a0538d3ea364bf4c (patch) | |
tree | dfc44949df8e55e0cdb731345416b47e57d7bcc5 /src/libcharon/sa/ikev2 | |
parent | 6fc6834361f22a720ac269dd70ca2b0860cb7b3e (diff) | |
download | strongswan-c8a0781334a1ebb43b31c613a0538d3ea364bf4c.tar.bz2 strongswan-c8a0781334a1ebb43b31c613a0538d3ea364bf4c.tar.xz |
ikev2: Diversify signature scheme rule
This allows for different signature schemes for IKE authentication and
trustchain verification.
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
Diffstat (limited to 'src/libcharon/sa/ikev2')
-rw-r--r-- | src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c | 5 | ||||
-rw-r--r-- | src/libcharon/sa/ikev2/tasks/ike_init.c | 2 |
2 files changed, 4 insertions, 3 deletions
diff --git a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c index 2929033aa..64cd775ad 100644 --- a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c +++ b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c @@ -130,7 +130,7 @@ static array_t *select_signature_schemes(keymat_v2_t *keymat, enumerator = auth->create_enumerator(auth); while (enumerator->enumerate(enumerator, &rule, &config)) { - if (rule != AUTH_RULE_SIGNATURE_SCHEME) + if (rule != AUTH_RULE_IKE_SIGNATURE_SCHEME) { continue; } @@ -427,7 +427,8 @@ METHOD(authenticator_t, process, status_t, auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY); if (this->store_signature_scheme) { - auth->add(auth, AUTH_RULE_SIGNATURE_SCHEME, (uintptr_t)scheme); + auth->add(auth, AUTH_RULE_IKE_SIGNATURE_SCHEME, + (uintptr_t)scheme); } break; } diff --git a/src/libcharon/sa/ikev2/tasks/ike_init.c b/src/libcharon/sa/ikev2/tasks/ike_init.c index 5cfb51807..78579be95 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_init.c +++ b/src/libcharon/sa/ikev2/tasks/ike_init.c @@ -171,7 +171,7 @@ static void send_supported_hash_algorithms(private_ike_init_t *this, enumerator = auth->create_enumerator(auth); while (enumerator->enumerate(enumerator, &rule, &config)) { - if (rule == AUTH_RULE_SIGNATURE_SCHEME) + if (rule == AUTH_RULE_IKE_SIGNATURE_SCHEME) { hash = hasher_from_signature_scheme(config); if (hasher_algorithm_for_ikev2(hash)) |