METHOD(bus_t, ike_keys, void,
private_bus_t *this, ike_sa_t *ike_sa, diffie_hellman_t *dh,
- chunk_t nonce_i, chunk_t nonce_r, ike_sa_t *rekey)
+ chunk_t dh_other, chunk_t nonce_i, chunk_t nonce_r,
+ ike_sa_t *rekey, shared_key_t *shared)
{
enumerator_t *enumerator;
entry_t *entry;
continue;
}
entry->calling++;
- keep = entry->listener->ike_keys(entry->listener, ike_sa, dh,
- nonce_i, nonce_r, rekey);
+ keep = entry->listener->ike_keys(entry->listener, ike_sa, dh, dh_other,
+ nonce_i, nonce_r, rekey, shared);
entry->calling--;
if (!keep)
{
*
* @param ike_sa IKE_SA this keymat belongs to
* @param dh diffie hellman shared secret
+ * @param dh_other others DH public value (IKEv1 only)
* @param nonce_i initiators nonce
* @param nonce_r responders nonce
- * @param rekey IKE_SA we are rekeying, if any
+ * @param rekey IKE_SA we are rekeying, if any (IKEv2 only)
+ * @param shared shared key used for key derivation (IKEv1-PSK only)
*/
void (*ike_keys)(bus_t *this, ike_sa_t *ike_sa, diffie_hellman_t *dh,
- chunk_t nonce_i, chunk_t nonce_r, ike_sa_t *rekey);
+ chunk_t dh_other, chunk_t nonce_i, chunk_t nonce_r,
+ ike_sa_t *rekey, shared_key_t *shared);
/**
* CHILD_SA keymat hook.
*
*
* @param ike_sa IKE_SA this keymat belongs to
* @param dh diffie hellman shared secret
+ * @param dh_other others DH public value (IKEv1 only)
* @param nonce_i initiators nonce
* @param nonce_r responders nonce
- * @param rekey IKE_SA we are rekeying, if any
+ * @param rekey IKE_SA we are rekeying, if any (IKEv2 only)
+ * @param shared shared key used for key derivation (IKEv1-PSK only)
* @return TRUE to stay registered, FALSE to unregister
*/
bool (*ike_keys)(listener_t *this, ike_sa_t *ike_sa, diffie_hellman_t *dh,
- chunk_t nonce_i, chunk_t nonce_r, ike_sa_t *rekey);
+ chunk_t dh_other, chunk_t nonce_i, chunk_t nonce_r,
+ ike_sa_t *rekey, shared_key_t *shared);
/**
* Hook called with CHILD_SA key material.
METHOD(listener_t, ike_keys, bool,
private_ha_ike_t *this, ike_sa_t *ike_sa, diffie_hellman_t *dh,
- chunk_t nonce_i, chunk_t nonce_r, ike_sa_t *rekey)
+ chunk_t dh_other, chunk_t nonce_i, chunk_t nonce_r, ike_sa_t *rekey,
+ shared_key_t *shared)
{
ha_message_t *m;
chunk_t secret;
DBG1(DBG_IKE, "key derivation for %N failed", auth_method_names, method);
return FALSE;
}
+ charon->bus->ike_keys(charon->bus, this->ike_sa, this->dh, this->dh_value,
+ this->nonce_i, this->nonce_r, NULL, shared_key);
DESTROY_IF(shared_key);
- charon->bus->ike_keys(charon->bus, this->ike_sa, this->dh,
- this->nonce_i, this->nonce_r, NULL);
return TRUE;
}
{
return FALSE;
}
- charon->bus->ike_keys(charon->bus, this->ike_sa, this->dh,
- nonce_i, nonce_r, this->old_sa);
+ charon->bus->ike_keys(charon->bus, this->ike_sa, this->dh, chunk_empty,
+ nonce_i, nonce_r, this->old_sa, NULL);
return TRUE;
}