diff options
Diffstat (limited to 'src/libcharon/sa/authenticators/psk_authenticator.c')
-rw-r--r-- | src/libcharon/sa/authenticators/psk_authenticator.c | 94 |
1 files changed, 49 insertions, 45 deletions
diff --git a/src/libcharon/sa/authenticators/psk_authenticator.c b/src/libcharon/sa/authenticators/psk_authenticator.c index e69f30dcf..21fc0f9b8 100644 --- a/src/libcharon/sa/authenticators/psk_authenticator.c +++ b/src/libcharon/sa/authenticators/psk_authenticator.c @@ -45,12 +45,15 @@ struct private_psk_authenticator_t { * IKE_SA_INIT message data to include in AUTH calculation */ chunk_t ike_sa_init; + + /** + * Reserved bytes of ID payload + */ + char reserved[3]; }; -/* - * Implementation of authenticator_t.build for builder - */ -static status_t build(private_psk_authenticator_t *this, message_t *message) +METHOD(authenticator_t, build, status_t, + private_psk_authenticator_t *this, message_t *message) { identification_t *my_id, *other_id; auth_payload_t *auth_payload; @@ -70,7 +73,7 @@ static status_t build(private_psk_authenticator_t *this, message_t *message) return NOT_FOUND; } auth_data = keymat->get_psk_sig(keymat, FALSE, this->ike_sa_init, - this->nonce, key->get_key(key), my_id); + this->nonce, key->get_key(key), my_id, this->reserved); key->destroy(key); DBG2(DBG_IKE, "successfully created shared key MAC"); auth_payload = auth_payload_create(); @@ -82,10 +85,8 @@ static status_t build(private_psk_authenticator_t *this, message_t *message) return SUCCESS; } -/** - * Implementation of authenticator_t.process for verifier - */ -static status_t process(private_psk_authenticator_t *this, message_t *message) +METHOD(authenticator_t, process, status_t, + private_psk_authenticator_t *this, message_t *message) { chunk_t auth_data, recv_auth_data; identification_t *my_id, *other_id; @@ -113,7 +114,7 @@ static status_t process(private_psk_authenticator_t *this, message_t *message) keys_found++; auth_data = keymat->get_psk_sig(keymat, TRUE, this->ike_sa_init, - this->nonce, key->get_key(key), other_id); + this->nonce, key->get_key(key), other_id, this->reserved); if (auth_data.len && chunk_equals(auth_data, recv_auth_data)) { DBG1(DBG_IKE, "authentication of '%Y' with %N successful", @@ -141,19 +142,8 @@ static status_t process(private_psk_authenticator_t *this, message_t *message) return SUCCESS; } -/** - * Implementation of authenticator_t.process for builder - * Implementation of authenticator_t.build for verifier - */ -static status_t return_failed() -{ - return FAILED; -} - -/** - * Implementation of authenticator_t.destroy. - */ -static void destroy(private_psk_authenticator_t *this) +METHOD(authenticator_t, destroy, void, + private_psk_authenticator_t *this) { free(this); } @@ -162,18 +152,25 @@ static void destroy(private_psk_authenticator_t *this) * Described in header. */ psk_authenticator_t *psk_authenticator_create_builder(ike_sa_t *ike_sa, - chunk_t received_nonce, chunk_t sent_init) + chunk_t received_nonce, chunk_t sent_init, + char reserved[3]) { - private_psk_authenticator_t *this = malloc_thing(private_psk_authenticator_t); - - this->public.authenticator.build = (status_t(*)(authenticator_t*, message_t *message))build; - this->public.authenticator.process = (status_t(*)(authenticator_t*, message_t *message))return_failed; - this->public.authenticator.is_mutual = (bool(*)(authenticator_t*))return_false; - this->public.authenticator.destroy = (void(*)(authenticator_t*))destroy; - - this->ike_sa = ike_sa; - this->ike_sa_init = sent_init; - this->nonce = received_nonce; + private_psk_authenticator_t *this; + + INIT(this, + .public = { + .authenticator = { + .build = _build, + .process = (void*)return_failed, + .is_mutual = (void*)return_false, + .destroy = _destroy, + }, + }, + .ike_sa = ike_sa, + .ike_sa_init = sent_init, + .nonce = received_nonce, + ); + memcpy(this->reserved, reserved, sizeof(this->reserved)); return &this->public; } @@ -182,18 +179,25 @@ psk_authenticator_t *psk_authenticator_create_builder(ike_sa_t *ike_sa, * Described in header. */ psk_authenticator_t *psk_authenticator_create_verifier(ike_sa_t *ike_sa, - chunk_t sent_nonce, chunk_t received_init) + chunk_t sent_nonce, chunk_t received_init, + char reserved[3]) { - private_psk_authenticator_t *this = malloc_thing(private_psk_authenticator_t); - - this->public.authenticator.build = (status_t(*)(authenticator_t*, message_t *messageh))return_failed; - this->public.authenticator.process = (status_t(*)(authenticator_t*, message_t *message))process; - this->public.authenticator.is_mutual = (bool(*)(authenticator_t*))return_false; - this->public.authenticator.destroy = (void(*)(authenticator_t*))destroy; - - this->ike_sa = ike_sa; - this->ike_sa_init = received_init; - this->nonce = sent_nonce; + private_psk_authenticator_t *this; + + INIT(this, + .public = { + .authenticator = { + .build = (void*)return_failed, + .process = _process, + .is_mutual = (void*)return_false, + .destroy = _destroy, + }, + }, + .ike_sa = ike_sa, + .ike_sa_init = received_init, + .nonce = sent_nonce, + ); + memcpy(this->reserved, reserved, sizeof(this->reserved)); return &this->public; } |