1 files changed, 16 insertions, 5 deletions

diff --git a/src/libcharon/sa/authenticators/psk_authenticator.c b/src/libcharon/sa/authenticators/psk_authenticator.c
index 54ab533e6..21fc0f9b8 100644
--- a/src/libcharon/sa/authenticators/psk_authenticator.c
+++ b/src/libcharon/sa/authenticators/psk_authenticator.c
@@ -45,6 +45,11 @@ struct private_psk_authenticator_t {
 	 * IKE_SA_INIT message data to include in AUTH calculation
 	 */
 	chunk_t ike_sa_init;
+
+	/**
+	 * Reserved bytes of ID payload
+	 */
+	char reserved[3];
 };
 
 METHOD(authenticator_t, build, status_t,
@@ -68,7 +73,7 @@ METHOD(authenticator_t, build, status_t,
 		return NOT_FOUND;
 	}
 	auth_data = keymat->get_psk_sig(keymat, FALSE, this->ike_sa_init,
-									this->nonce, key->get_key(key), my_id);
+						this->nonce, key->get_key(key), my_id, this->reserved);
 	key->destroy(key);
 	DBG2(DBG_IKE, "successfully created shared key MAC");
 	auth_payload = auth_payload_create();
@@ -109,7 +114,7 @@ METHOD(authenticator_t, process, status_t,
 		keys_found++;
 
 		auth_data = keymat->get_psk_sig(keymat, TRUE, this->ike_sa_init,
-									this->nonce, key->get_key(key), other_id);
+				this->nonce, key->get_key(key), other_id, this->reserved);
 		if (auth_data.len && chunk_equals(auth_data, recv_auth_data))
 		{
 			DBG1(DBG_IKE, "authentication of '%Y' with %N successful",
@@ -147,7 +152,8 @@ METHOD(authenticator_t, destroy, void,
  * Described in header.
  */
 psk_authenticator_t *psk_authenticator_create_builder(ike_sa_t *ike_sa,
-									chunk_t received_nonce, chunk_t sent_init)
+									chunk_t received_nonce, chunk_t sent_init,
+									char reserved[3])
 {
 	private_psk_authenticator_t *this;
 
@@ -159,11 +165,13 @@ psk_authenticator_t *psk_authenticator_create_builder(ike_sa_t *ike_sa,
 				.is_mutual = (void*)return_false,
 				.destroy = _destroy,
 			},
-		}.
+		},
 		.ike_sa = ike_sa,
 		.ike_sa_init = sent_init,
 		.nonce = received_nonce,
 	);
+	memcpy(this->reserved, reserved, sizeof(this->reserved));
+
 	return &this->public;
 }
 
@@ -171,7 +179,8 @@ psk_authenticator_t *psk_authenticator_create_builder(ike_sa_t *ike_sa,
  * Described in header.
  */
 psk_authenticator_t *psk_authenticator_create_verifier(ike_sa_t *ike_sa,
-									chunk_t sent_nonce, chunk_t received_init)
+									chunk_t sent_nonce, chunk_t received_init,
+									char reserved[3])
 {
 	private_psk_authenticator_t *this;
 
@@ -188,6 +197,8 @@ psk_authenticator_t *psk_authenticator_create_verifier(ike_sa_t *ike_sa,
 		.ike_sa_init = received_init,
 		.nonce = sent_nonce,
 	);
+	memcpy(this->reserved, reserved, sizeof(this->reserved));
+
 	return &this->public;
 }