aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/sa/authenticators/psk_authenticator.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/libcharon/sa/authenticators/psk_authenticator.c')
-rw-r--r--src/libcharon/sa/authenticators/psk_authenticator.c21
1 files changed, 16 insertions, 5 deletions
diff --git a/src/libcharon/sa/authenticators/psk_authenticator.c b/src/libcharon/sa/authenticators/psk_authenticator.c
index 54ab533e6..21fc0f9b8 100644
--- a/src/libcharon/sa/authenticators/psk_authenticator.c
+++ b/src/libcharon/sa/authenticators/psk_authenticator.c
@@ -45,6 +45,11 @@ struct private_psk_authenticator_t {
* IKE_SA_INIT message data to include in AUTH calculation
*/
chunk_t ike_sa_init;
+
+ /**
+ * Reserved bytes of ID payload
+ */
+ char reserved[3];
};
METHOD(authenticator_t, build, status_t,
@@ -68,7 +73,7 @@ METHOD(authenticator_t, build, status_t,
return NOT_FOUND;
}
auth_data = keymat->get_psk_sig(keymat, FALSE, this->ike_sa_init,
- this->nonce, key->get_key(key), my_id);
+ this->nonce, key->get_key(key), my_id, this->reserved);
key->destroy(key);
DBG2(DBG_IKE, "successfully created shared key MAC");
auth_payload = auth_payload_create();
@@ -109,7 +114,7 @@ METHOD(authenticator_t, process, status_t,
keys_found++;
auth_data = keymat->get_psk_sig(keymat, TRUE, this->ike_sa_init,
- this->nonce, key->get_key(key), other_id);
+ this->nonce, key->get_key(key), other_id, this->reserved);
if (auth_data.len && chunk_equals(auth_data, recv_auth_data))
{
DBG1(DBG_IKE, "authentication of '%Y' with %N successful",
@@ -147,7 +152,8 @@ METHOD(authenticator_t, destroy, void,
* Described in header.
*/
psk_authenticator_t *psk_authenticator_create_builder(ike_sa_t *ike_sa,
- chunk_t received_nonce, chunk_t sent_init)
+ chunk_t received_nonce, chunk_t sent_init,
+ char reserved[3])
{
private_psk_authenticator_t *this;
@@ -159,11 +165,13 @@ psk_authenticator_t *psk_authenticator_create_builder(ike_sa_t *ike_sa,
.is_mutual = (void*)return_false,
.destroy = _destroy,
},
- }.
+ },
.ike_sa = ike_sa,
.ike_sa_init = sent_init,
.nonce = received_nonce,
);
+ memcpy(this->reserved, reserved, sizeof(this->reserved));
+
return &this->public;
}
@@ -171,7 +179,8 @@ psk_authenticator_t *psk_authenticator_create_builder(ike_sa_t *ike_sa,
* Described in header.
*/
psk_authenticator_t *psk_authenticator_create_verifier(ike_sa_t *ike_sa,
- chunk_t sent_nonce, chunk_t received_init)
+ chunk_t sent_nonce, chunk_t received_init,
+ char reserved[3])
{
private_psk_authenticator_t *this;
@@ -188,6 +197,8 @@ psk_authenticator_t *psk_authenticator_create_verifier(ike_sa_t *ike_sa,
.ike_sa_init = received_init,
.nonce = sent_nonce,
);
+ memcpy(this->reserved, reserved, sizeof(this->reserved));
+
return &this->public;
}