aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorAdrian-Ken Rueegsegger <ken@codelabs.ch>2012-11-07 17:54:24 +0100
committerTobias Brunner <tobias@strongswan.org>2013-03-19 15:23:49 +0100
commit49b1fdb24aa610b9ec9a8af5dbcb14442719b603 (patch)
tree6116cb5a0d01eba9215cea1ff5edc9853eaab1c0 /src
parent351bd59de26ef94fac418e730329815021cfd062 (diff)
downloadstrongswan-49b1fdb24aa610b9ec9a8af5dbcb14442719b603.tar.bz2
strongswan-49b1fdb24aa610b9ec9a8af5dbcb14442719b603.tar.xz
Store peer IKE init message
The IKE init message sent to us by the peer is needed for authentication in the authorization hook. Store the message as chunk in the keymat and provide a getter to make it available.
Diffstat (limited to 'src')
-rw-r--r--src/charon-tkm/src/tkm/tkm_keymat.c19
-rw-r--r--src/charon-tkm/src/tkm/tkm_keymat.h7
2 files changed, 26 insertions, 0 deletions
diff --git a/src/charon-tkm/src/tkm/tkm_keymat.c b/src/charon-tkm/src/tkm/tkm_keymat.c
index 9beb10430..2fc5d60eb 100644
--- a/src/charon-tkm/src/tkm/tkm_keymat.c
+++ b/src/charon-tkm/src/tkm/tkm_keymat.c
@@ -66,6 +66,11 @@ struct private_tkm_keymat_t {
*/
chunk_t auth_payload;
+ /**
+ * Peer init message chunk.
+ */
+ chunk_t other_init_msg;
+
};
/**
@@ -357,6 +362,11 @@ METHOD(keymat_v2_t, get_auth_octets, bool,
private_tkm_keymat_t *this, bool verify, chunk_t ike_sa_init,
chunk_t nonce, identification_t *id, char reserved[3], chunk_t *octets)
{
+ if (verify)
+ {
+ /* store peer init message for authentication step */
+ this->other_init_msg = chunk_clone(ike_sa_init);
+ }
DBG1(DBG_IKE, "returning auth octets");
*octets = chunk_empty;
return TRUE;
@@ -432,6 +442,7 @@ METHOD(keymat_t, destroy, void,
DESTROY_IF(this->aead_in);
DESTROY_IF(this->aead_out);
chunk_free(&this->auth_payload);
+ chunk_free(&this->other_init_msg);
free(this);
}
@@ -453,6 +464,12 @@ METHOD(tkm_keymat_t, get_auth_payload, chunk_t*,
return &this->auth_payload;
}
+METHOD(tkm_keymat_t, get_peer_init_msg, chunk_t*,
+ private_tkm_keymat_t *this)
+{
+ return &this->other_init_msg;
+}
+
/**
* See header.
*/
@@ -479,11 +496,13 @@ tkm_keymat_t *tkm_keymat_create(bool initiator)
.get_isa_id = _get_isa_id,
.set_auth_payload = _set_auth_payload,
.get_auth_payload = _get_auth_payload,
+ .get_peer_init_msg = _get_peer_init_msg,
},
.initiator = initiator,
.isa_ctx_id = tkm->idmgr->acquire_id(tkm->idmgr, TKM_CTX_ISA),
.ae_ctx_id = 0,
.auth_payload = chunk_empty,
+ .other_init_msg = chunk_empty,
);
if (!this->isa_ctx_id)
diff --git a/src/charon-tkm/src/tkm/tkm_keymat.h b/src/charon-tkm/src/tkm/tkm_keymat.h
index 16f2f2a49..207f9728e 100644
--- a/src/charon-tkm/src/tkm/tkm_keymat.h
+++ b/src/charon-tkm/src/tkm/tkm_keymat.h
@@ -52,6 +52,13 @@ struct tkm_keymat_t {
*/
chunk_t* (*get_auth_payload)(tkm_keymat_t * const this);
+ /**
+ * Get IKE init message of peer.
+ *
+ * @return init message if set, chunk_empty otherwise
+ */
+ chunk_t* (*get_peer_init_msg)(tkm_keymat_t * const this);
+
};
/**