diff options
| author | Adrian-Ken Rueegsegger <ken@codelabs.ch> | 2012-11-07 17:54:24 +0100 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2013-03-19 15:23:49 +0100 |
| commit | 49b1fdb24aa610b9ec9a8af5dbcb14442719b603 (patch) | |
| tree | 6116cb5a0d01eba9215cea1ff5edc9853eaab1c0 /src | |
| parent | 351bd59de26ef94fac418e730329815021cfd062 (diff) | |
| download | strongswan-49b1fdb24aa610b9ec9a8af5dbcb14442719b603.tar.bz2 strongswan-49b1fdb24aa610b9ec9a8af5dbcb14442719b603.tar.xz | |
Store peer IKE init message
The IKE init message sent to us by the peer is needed for authentication
in the authorization hook. Store the message as chunk in the keymat and
provide a getter to make it available.
Diffstat (limited to 'src')
| -rw-r--r-- | src/charon-tkm/src/tkm/tkm_keymat.c | 19 | ||||
| -rw-r--r-- | src/charon-tkm/src/tkm/tkm_keymat.h | 7 |
2 files changed, 26 insertions, 0 deletions
diff --git a/src/charon-tkm/src/tkm/tkm_keymat.c b/src/charon-tkm/src/tkm/tkm_keymat.c index 9beb10430..2fc5d60eb 100644 --- a/src/charon-tkm/src/tkm/tkm_keymat.c +++ b/src/charon-tkm/src/tkm/tkm_keymat.c @@ -66,6 +66,11 @@ struct private_tkm_keymat_t { */ chunk_t auth_payload; + /** + * Peer init message chunk. + */ + chunk_t other_init_msg; + }; /** @@ -357,6 +362,11 @@ METHOD(keymat_v2_t, get_auth_octets, bool, private_tkm_keymat_t *this, bool verify, chunk_t ike_sa_init, chunk_t nonce, identification_t *id, char reserved[3], chunk_t *octets) { + if (verify) + { + /* store peer init message for authentication step */ + this->other_init_msg = chunk_clone(ike_sa_init); + } DBG1(DBG_IKE, "returning auth octets"); *octets = chunk_empty; return TRUE; @@ -432,6 +442,7 @@ METHOD(keymat_t, destroy, void, DESTROY_IF(this->aead_in); DESTROY_IF(this->aead_out); chunk_free(&this->auth_payload); + chunk_free(&this->other_init_msg); free(this); } @@ -453,6 +464,12 @@ METHOD(tkm_keymat_t, get_auth_payload, chunk_t*, return &this->auth_payload; } +METHOD(tkm_keymat_t, get_peer_init_msg, chunk_t*, + private_tkm_keymat_t *this) +{ + return &this->other_init_msg; +} + /** * See header. */ @@ -479,11 +496,13 @@ tkm_keymat_t *tkm_keymat_create(bool initiator) .get_isa_id = _get_isa_id, .set_auth_payload = _set_auth_payload, .get_auth_payload = _get_auth_payload, + .get_peer_init_msg = _get_peer_init_msg, }, .initiator = initiator, .isa_ctx_id = tkm->idmgr->acquire_id(tkm->idmgr, TKM_CTX_ISA), .ae_ctx_id = 0, .auth_payload = chunk_empty, + .other_init_msg = chunk_empty, ); if (!this->isa_ctx_id) diff --git a/src/charon-tkm/src/tkm/tkm_keymat.h b/src/charon-tkm/src/tkm/tkm_keymat.h index 16f2f2a49..207f9728e 100644 --- a/src/charon-tkm/src/tkm/tkm_keymat.h +++ b/src/charon-tkm/src/tkm/tkm_keymat.h @@ -52,6 +52,13 @@ struct tkm_keymat_t { */ chunk_t* (*get_auth_payload)(tkm_keymat_t * const this); + /** + * Get IKE init message of peer. + * + * @return init message if set, chunk_empty otherwise + */ + chunk_t* (*get_peer_init_msg)(tkm_keymat_t * const this); + }; /** |