Pass IKEv1 specific keymat to ike_keys hook

diff --git a/src/libcharon/bus/bus.c b/src/libcharon/bus/bus.c
index bf0ab22..c1b2bd4 100644 (file)
--- a/src/libcharon/bus/bus.c
+++ b/src/libcharon/bus/bus.c
@@ -438,7 +438,8 @@ METHOD(bus_t, message, void,
 
 METHOD(bus_t, ike_keys, void,
        private_bus_t *this, ike_sa_t *ike_sa, diffie_hellman_t *dh,
-       chunk_t nonce_i, chunk_t nonce_r, ike_sa_t *rekey)
+       chunk_t dh_other, chunk_t nonce_i, chunk_t nonce_r,
+       ike_sa_t *rekey, shared_key_t *shared)
 {
        enumerator_t *enumerator;
        entry_t *entry;
@@ -453,8 +454,8 @@ METHOD(bus_t, ike_keys, void,
                        continue;
                }
                entry->calling++;
-               keep = entry->listener->ike_keys(entry->listener, ike_sa, dh,
-                                                                                nonce_i, nonce_r, rekey);
+               keep = entry->listener->ike_keys(entry->listener, ike_sa, dh, dh_other,
+                                                                                nonce_i, nonce_r, rekey, shared);
                entry->calling--;
                if (!keep)
                {

diff --git a/src/libcharon/bus/bus.h b/src/libcharon/bus/bus.h
index 69060d3..07b334f 100644 (file)
--- a/src/libcharon/bus/bus.h
+++ b/src/libcharon/bus/bus.h
@@ -264,12 +264,15 @@ struct bus_t {
         *
         * @param ike_sa        IKE_SA this keymat belongs to
         * @param dh            diffie hellman shared secret
+        * @param dh_other      others DH public value (IKEv1 only)
         * @param nonce_i       initiators nonce
         * @param nonce_r       responders nonce
-        * @param rekey         IKE_SA we are rekeying, if any
+        * @param rekey         IKE_SA we are rekeying, if any (IKEv2 only)
+        * @param shared        shared key used for key derivation (IKEv1-PSK only)
         */
        void (*ike_keys)(bus_t *this, ike_sa_t *ike_sa, diffie_hellman_t *dh,
-                                        chunk_t nonce_i, chunk_t nonce_r, ike_sa_t *rekey);
+                                        chunk_t dh_other, chunk_t nonce_i, chunk_t nonce_r,
+                                        ike_sa_t *rekey, shared_key_t *shared);
        /**
         * CHILD_SA keymat hook.
         *

diff --git a/src/libcharon/bus/listeners/listener.h b/src/libcharon/bus/listeners/listener.h
index 21caed0..efadea8 100644 (file)
--- a/src/libcharon/bus/listeners/listener.h
+++ b/src/libcharon/bus/listeners/listener.h
@@ -97,13 +97,16 @@ struct listener_t {
         *
         * @param ike_sa        IKE_SA this keymat belongs to
         * @param dh            diffie hellman shared secret
+        * @param dh_other      others DH public value (IKEv1 only)
         * @param nonce_i       initiators nonce
         * @param nonce_r       responders nonce
-        * @param rekey         IKE_SA we are rekeying, if any
+        * @param rekey         IKE_SA we are rekeying, if any (IKEv2 only)
+        * @param shared        shared key used for key derivation (IKEv1-PSK only)
         * @return                      TRUE to stay registered, FALSE to unregister
         */
        bool (*ike_keys)(listener_t *this, ike_sa_t *ike_sa, diffie_hellman_t *dh,
-                                        chunk_t nonce_i, chunk_t nonce_r, ike_sa_t *rekey);
+                                        chunk_t dh_other, chunk_t nonce_i, chunk_t nonce_r,
+                                        ike_sa_t *rekey, shared_key_t *shared);
 
        /**
         * Hook called with CHILD_SA key material.

diff --git a/src/libcharon/plugins/ha/ha_ike.c b/src/libcharon/plugins/ha/ha_ike.c
index 7da11b5..bcdd09b 100644 (file)
--- a/src/libcharon/plugins/ha/ha_ike.c
+++ b/src/libcharon/plugins/ha/ha_ike.c
@@ -71,7 +71,8 @@ static ike_extension_t copy_extension(ike_sa_t *ike_sa, ike_extension_t ext)
 
 METHOD(listener_t, ike_keys, bool,
        private_ha_ike_t *this, ike_sa_t *ike_sa, diffie_hellman_t *dh,
-       chunk_t nonce_i, chunk_t nonce_r, ike_sa_t *rekey)
+       chunk_t dh_other, chunk_t nonce_i, chunk_t nonce_r, ike_sa_t *rekey,
+       shared_key_t *shared)
 {
        ha_message_t *m;
        chunk_t secret;

diff --git a/src/libcharon/sa/ikev1/phase1.c b/src/libcharon/sa/ikev1/phase1.c
index a5fa6ea..d36b022 100644 (file)
--- a/src/libcharon/sa/ikev1/phase1.c
+++ b/src/libcharon/sa/ikev1/phase1.c
@@ -215,9 +215,9 @@ METHOD(phase1_t, derive_keys, bool,
                DBG1(DBG_IKE, "key derivation for %N failed", auth_method_names, method);
                return FALSE;
        }
+       charon->bus->ike_keys(charon->bus, this->ike_sa, this->dh, this->dh_value,
+                                                 this->nonce_i, this->nonce_r, NULL, shared_key);
        DESTROY_IF(shared_key);
-       charon->bus->ike_keys(charon->bus, this->ike_sa, this->dh,
-                                                 this->nonce_i, this->nonce_r, NULL);
        return TRUE;
 }
 

diff --git a/src/libcharon/sa/ikev2/tasks/ike_init.c b/src/libcharon/sa/ikev2/tasks/ike_init.c
index ceae484..de68e86 100644 (file)
--- a/src/libcharon/sa/ikev2/tasks/ike_init.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_init.c
@@ -354,8 +354,8 @@ static bool derive_keys(private_ike_init_t *this,
        {
                return FALSE;
        }
-       charon->bus->ike_keys(charon->bus, this->ike_sa, this->dh,
-                                                 nonce_i, nonce_r, this->old_sa);
+       charon->bus->ike_keys(charon->bus, this->ike_sa, this->dh, chunk_empty,
+                                                 nonce_i, nonce_r, this->old_sa, NULL);
        return TRUE;
 }