diff options
Diffstat (limited to 'src/libcharon/sa/authenticators/psk_authenticator.c')
-rw-r--r-- | src/libcharon/sa/authenticators/psk_authenticator.c | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/src/libcharon/sa/authenticators/psk_authenticator.c b/src/libcharon/sa/authenticators/psk_authenticator.c index 54ab533e6..21fc0f9b8 100644 --- a/src/libcharon/sa/authenticators/psk_authenticator.c +++ b/src/libcharon/sa/authenticators/psk_authenticator.c @@ -45,6 +45,11 @@ struct private_psk_authenticator_t { * IKE_SA_INIT message data to include in AUTH calculation */ chunk_t ike_sa_init; + + /** + * Reserved bytes of ID payload + */ + char reserved[3]; }; METHOD(authenticator_t, build, status_t, @@ -68,7 +73,7 @@ METHOD(authenticator_t, build, status_t, return NOT_FOUND; } auth_data = keymat->get_psk_sig(keymat, FALSE, this->ike_sa_init, - this->nonce, key->get_key(key), my_id); + this->nonce, key->get_key(key), my_id, this->reserved); key->destroy(key); DBG2(DBG_IKE, "successfully created shared key MAC"); auth_payload = auth_payload_create(); @@ -109,7 +114,7 @@ METHOD(authenticator_t, process, status_t, keys_found++; auth_data = keymat->get_psk_sig(keymat, TRUE, this->ike_sa_init, - this->nonce, key->get_key(key), other_id); + this->nonce, key->get_key(key), other_id, this->reserved); if (auth_data.len && chunk_equals(auth_data, recv_auth_data)) { DBG1(DBG_IKE, "authentication of '%Y' with %N successful", @@ -147,7 +152,8 @@ METHOD(authenticator_t, destroy, void, * Described in header. */ psk_authenticator_t *psk_authenticator_create_builder(ike_sa_t *ike_sa, - chunk_t received_nonce, chunk_t sent_init) + chunk_t received_nonce, chunk_t sent_init, + char reserved[3]) { private_psk_authenticator_t *this; @@ -159,11 +165,13 @@ psk_authenticator_t *psk_authenticator_create_builder(ike_sa_t *ike_sa, .is_mutual = (void*)return_false, .destroy = _destroy, }, - }. + }, .ike_sa = ike_sa, .ike_sa_init = sent_init, .nonce = received_nonce, ); + memcpy(this->reserved, reserved, sizeof(this->reserved)); + return &this->public; } @@ -171,7 +179,8 @@ psk_authenticator_t *psk_authenticator_create_builder(ike_sa_t *ike_sa, * Described in header. */ psk_authenticator_t *psk_authenticator_create_verifier(ike_sa_t *ike_sa, - chunk_t sent_nonce, chunk_t received_init) + chunk_t sent_nonce, chunk_t received_init, + char reserved[3]) { private_psk_authenticator_t *this; @@ -188,6 +197,8 @@ psk_authenticator_t *psk_authenticator_create_verifier(ike_sa_t *ike_sa, .ike_sa_init = received_init, .nonce = sent_nonce, ); + memcpy(this->reserved, reserved, sizeof(this->reserved)); + return &this->public; } |