aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/sa/authenticators/pubkey_authenticator.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/libcharon/sa/authenticators/pubkey_authenticator.c')
-rw-r--r--src/libcharon/sa/authenticators/pubkey_authenticator.c19
1 files changed, 15 insertions, 4 deletions
diff --git a/src/libcharon/sa/authenticators/pubkey_authenticator.c b/src/libcharon/sa/authenticators/pubkey_authenticator.c
index 1d01abf50..247891670 100644
--- a/src/libcharon/sa/authenticators/pubkey_authenticator.c
+++ b/src/libcharon/sa/authenticators/pubkey_authenticator.c
@@ -46,6 +46,11 @@ struct private_pubkey_authenticator_t {
* IKE_SA_INIT message data to include in AUTH calculation
*/
chunk_t ike_sa_init;
+
+ /**
+ * Reserved bytes of ID payload
+ */
+ char reserved[3];
};
METHOD(authenticator_t, build, status_t,
@@ -107,7 +112,7 @@ METHOD(authenticator_t, build, status_t,
}
keymat = this->ike_sa->get_keymat(this->ike_sa);
octets = keymat->get_auth_octets(keymat, FALSE, this->ike_sa_init,
- this->nonce, id);
+ this->nonce, id, this->reserved);
if (private->sign(private, scheme, octets, &auth_data))
{
auth_payload = auth_payload_create();
@@ -171,7 +176,7 @@ METHOD(authenticator_t, process, status_t,
id = this->ike_sa->get_other_id(this->ike_sa);
keymat = this->ike_sa->get_keymat(this->ike_sa);
octets = keymat->get_auth_octets(keymat, TRUE, this->ike_sa_init,
- this->nonce, id);
+ this->nonce, id, this->reserved);
auth = this->ike_sa->get_auth_cfg(this->ike_sa, FALSE);
enumerator = lib->credmgr->create_public_enumerator(lib->credmgr,
key_type, id, auth);
@@ -212,7 +217,8 @@ METHOD(authenticator_t, destroy, void,
* Described in header.
*/
pubkey_authenticator_t *pubkey_authenticator_create_builder(ike_sa_t *ike_sa,
- chunk_t received_nonce, chunk_t sent_init)
+ chunk_t received_nonce, chunk_t sent_init,
+ char reserved[3])
{
private_pubkey_authenticator_t *this;
@@ -229,6 +235,8 @@ pubkey_authenticator_t *pubkey_authenticator_create_builder(ike_sa_t *ike_sa,
.ike_sa_init = sent_init,
.nonce = received_nonce,
);
+ memcpy(this->reserved, reserved, sizeof(this->reserved));
+
return &this->public;
}
@@ -236,7 +244,8 @@ pubkey_authenticator_t *pubkey_authenticator_create_builder(ike_sa_t *ike_sa,
* Described in header.
*/
pubkey_authenticator_t *pubkey_authenticator_create_verifier(ike_sa_t *ike_sa,
- chunk_t sent_nonce, chunk_t received_init)
+ chunk_t sent_nonce, chunk_t received_init,
+ char reserved[3])
{
private_pubkey_authenticator_t *this;
@@ -253,5 +262,7 @@ pubkey_authenticator_t *pubkey_authenticator_create_verifier(ike_sa_t *ike_sa,
.ike_sa_init = received_init,
.nonce = sent_nonce,
);
+ memcpy(this->reserved, reserved, sizeof(this->reserved));
+
return &this->public;
}