Pass concrete auth_method to key derivation, as we have that as a responder
authorMartin Willi <martin@revosec.ch>
Thu, 24 Nov 2011 15:11:05 +0000 (16:11 +0100)
committerMartin Willi <martin@revosec.ch>
Tue, 20 Mar 2012 16:30:53 +0000 (17:30 +0100)
src/libcharon/sa/keymat_v1.c
src/libcharon/sa/keymat_v1.h
src/libcharon/sa/tasks/main_mode.c

index 97a21e0..3920323 100644 (file)
@@ -363,7 +363,7 @@ static void adjust_keylen(u_int16_t alg, chunk_t *key)
 METHOD(keymat_v1_t, derive_ike_keys, bool,
        private_keymat_v1_t *this, proposal_t *proposal, diffie_hellman_t *dh,
        chunk_t dh_other, chunk_t nonce_i, chunk_t nonce_r, ike_sa_id_t *id,
 METHOD(keymat_v1_t, derive_ike_keys, bool,
        private_keymat_v1_t *this, proposal_t *proposal, diffie_hellman_t *dh,
        chunk_t dh_other, chunk_t nonce_i, chunk_t nonce_r, ike_sa_id_t *id,
-       auth_class_t auth, shared_key_t *shared_key)
+       auth_method_t auth, shared_key_t *shared_key)
 {
        chunk_t g_xy, g_xi, g_xr, dh_me, spi_i, spi_r, nonces, data, skeyid_e;
        u_int16_t alg;
 {
        chunk_t g_xy, g_xi, g_xr, dh_me, spi_i, spi_r, nonces, data, skeyid_e;
        u_int16_t alg;
@@ -411,7 +411,8 @@ METHOD(keymat_v1_t, derive_ike_keys, bool,
 
        switch (auth)
        {
 
        switch (auth)
        {
-               case AUTH_CLASS_PSK:
+               case AUTH_PSK:
+               case AUTH_XAUTH_INIT_PSK:
                {       /* SKEYID = prf(pre-shared-key, Ni_b | Nr_b) */
                        chunk_t psk;
                        if (!shared_key)
                {       /* SKEYID = prf(pre-shared-key, Ni_b | Nr_b) */
                        chunk_t psk;
                        if (!shared_key)
@@ -425,7 +426,8 @@ METHOD(keymat_v1_t, derive_ike_keys, bool,
                        this->prf->allocate_bytes(this->prf, nonces, &this->skeyid);
                        break;
                }
                        this->prf->allocate_bytes(this->prf, nonces, &this->skeyid);
                        break;
                }
-               case AUTH_CLASS_PUBKEY:
+               case AUTH_RSA:
+               case AUTH_XAUTH_INIT_RSA:
                {
                        /* signatures : SKEYID = prf(Ni_b | Nr_b, g^xy)
                         * pubkey encr: SKEYID = prf(hash(Ni_b | Nr_b), CKY-I | CKY-R) */
                {
                        /* signatures : SKEYID = prf(Ni_b | Nr_b, g^xy)
                         * pubkey encr: SKEYID = prf(hash(Ni_b | Nr_b), CKY-I | CKY-R) */
index eb07e3a..28b9c19 100644 (file)
@@ -54,7 +54,7 @@ struct keymat_v1_t {
        bool (*derive_ike_keys)(keymat_v1_t *this, proposal_t *proposal,
                                                        diffie_hellman_t *dh, chunk_t dh_other,
                                                        chunk_t nonce_i, chunk_t nonce_r, ike_sa_id_t *id,
        bool (*derive_ike_keys)(keymat_v1_t *this, proposal_t *proposal,
                                                        diffie_hellman_t *dh, chunk_t dh_other,
                                                        chunk_t nonce_i, chunk_t nonce_r, ike_sa_id_t *id,
-                                                       auth_class_t auth, shared_key_t *shared_key);
+                                                       auth_method_t auth, shared_key_t *shared_key);
 
        /**
         * Derive keys for the CHILD_SA.
 
        /**
         * Derive keys for the CHILD_SA.
index 8a1ac6c..133a7f0 100644 (file)
@@ -583,11 +583,8 @@ static bool derive_keys(private_main_mode_t *this, chunk_t nonce_i,
 {
        ike_sa_id_t *id = this->ike_sa->get_id(this->ike_sa);
        shared_key_t *shared_key = NULL;
 {
        ike_sa_id_t *id = this->ike_sa->get_id(this->ike_sa);
        shared_key_t *shared_key = NULL;
-       auth_class_t auth;
 
 
-       /* TODO-IKEv1: support other authentication classes */
-       auth = AUTH_CLASS_PSK;
-       switch (auth)
+       switch (this->auth_method)
        {
                case AUTH_CLASS_PSK:
                case AUTH_CLASS_XAUTH_PSK:
        {
                case AUTH_CLASS_PSK:
                case AUTH_CLASS_XAUTH_PSK:
@@ -597,7 +594,7 @@ static bool derive_keys(private_main_mode_t *this, chunk_t nonce_i,
                        break;
        }
        if (!this->keymat->derive_ike_keys(this->keymat, this->proposal, this->dh,
                        break;
        }
        if (!this->keymat->derive_ike_keys(this->keymat, this->proposal, this->dh,
-                                               this->dh_value, nonce_i, nonce_r, id, auth, shared_key))
+                       this->dh_value, nonce_i, nonce_r, id, this->auth_method, shared_key))
        {
                DESTROY_IF(shared_key);
                return FALSE;
        {
                DESTROY_IF(shared_key);
                return FALSE;