- preshared secrets are now retrieved over configuration_manager
authorJan Hutter <jhutter@hsr.ch>
Sat, 3 Dec 2005 16:02:06 +0000 (16:02 -0000)
committerJan Hutter <jhutter@hsr.ch>
Sat, 3 Dec 2005 16:02:06 +0000 (16:02 -0000)
Source/charon/config/configuration_manager.c
Source/charon/config/configuration_manager.h
Source/charon/sa/authenticator.c
Source/charon/sa/authenticator.h
Source/charon/sa/ike_sa.c
Source/charon/sa/ike_sa.h
Source/charon/sa/states/ike_auth_requested.c
Source/charon/sa/states/ike_sa_init_requested.c
Source/charon/sa/states/ike_sa_init_responded.c
Source/charon/utils/logger_manager.c

index 3669fac..725d534 100644 (file)
 #include <daemon.h>
 #include <utils/allocator.h>
 
+
+typedef struct preshared_secret_entry_t preshared_secret_entry_t;
+
+/**
+ * An preshared secret entry combines an identifier with a 
+ * preshared secret.
+ */
+struct preshared_secret_entry_t {
+
+       /**
+        * Identification.
+        */
+       identification_t *identification;
+       
+       /**
+        * Preshared secret as chunk
+        */     
+       chunk_t preshared_secret;
+};
+
 typedef struct configuration_entry_t configuration_entry_t;
 
 /* A configuration entry combines a configuration name with a init and sa 
@@ -117,7 +137,11 @@ struct private_configuration_manager_t {
         * Holding all init_configs.
         */
        linked_list_t *sa_configs;
-
+       
+       /**
+        * Holding all preshared secrets.
+        */
+       linked_list_t *preshared_secrets;
 
        /**
         * Assigned logger object.
@@ -136,7 +160,7 @@ struct private_configuration_manager_t {
        u_int32_t first_retransmit_timeout;
 
        /**
-        * Load default configuration
+        * Adds a new IKE_SA configuration
         * 
         * 
         * @param this                          calling object
@@ -147,6 +171,17 @@ struct private_configuration_manager_t {
        void (*add_new_configuration) (private_configuration_manager_t *this, char *name, init_config_t *init_config, sa_config_t *sa_config);
        
        /**
+        * Adds a new IKE_SA configuration
+        * 
+        * 
+        * @param this                          calling object
+        * @param type                          type of identification
+        * @param id_string                     identification as string
+        * @param preshared_secret      preshared secret as string
+        */
+       void (*add_new_preshared_secret) (private_configuration_manager_t *this,id_type_t type, char *id_string, char *preshared_secret);
+       
+       /**
         * Load default configuration
         * 
         * 
@@ -242,6 +277,9 @@ static void load_default_config (private_configuration_manager_t *this)
        this->add_new_configuration(this,"pinflb30",init_config2,sa_config2);
        this->add_new_configuration(this,"localhost",init_config3,sa_config3);
 
+       this->add_new_preshared_secret(this,ID_IPV4_ADDR, "152.96.193.130","das ist ein sicheres wort");
+       this->add_new_preshared_secret(this,ID_IPV4_ADDR, "152.96.193.131","das ist ein sicheres wort");
+       this->add_new_preshared_secret(this,ID_IPV4_ADDR, "127.0.0.1","das ist ein sicheres wort");
 }
 
 /**
@@ -474,6 +512,48 @@ static void add_new_configuration (private_configuration_manager_t *this, char *
        this->configurations->insert_first(this->configurations,configuration_entry_create(name,init_config,sa_config));
 }
 
+/**
+ * Implementation of private_configuration_manager_t.add_new_preshared_secret.
+ */
+static void add_new_preshared_secret (private_configuration_manager_t *this,id_type_t type, char *id_string, char *preshared_secret)
+{
+       preshared_secret_entry_t *entry = allocator_alloc_thing(preshared_secret_entry_t);
+       
+       entry->identification = identification_create_from_string(type,id_string);
+       entry->preshared_secret.len = strlen(preshared_secret);
+       entry->preshared_secret.ptr = allocator_alloc(entry->preshared_secret.len);
+       memcpy(entry->preshared_secret.ptr,preshared_secret,entry->preshared_secret.len);
+       
+       this->preshared_secrets->insert_last(this->preshared_secrets,entry);
+}
+
+
+/**
+ * Implementation of configuration_manager_t.get_shared_secret.
+ */
+static status_t get_shared_secret(private_configuration_manager_t *this, identification_t *identification, chunk_t *preshared_secret)
+{
+       iterator_t *iterator;
+       
+       iterator = this->preshared_secrets->create_iterator(this->preshared_secrets,TRUE);
+       while (iterator->has_next(iterator))
+       {
+               preshared_secret_entry_t *entry;
+               iterator->current(iterator,(void **) &entry);
+               if (entry->identification->equals(entry->identification,identification))
+               {
+                       *preshared_secret = entry->preshared_secret;
+                       iterator->destroy(iterator);
+                       return SUCCESS;
+               }
+       }
+       iterator->destroy(iterator);
+       return NOT_FOUND;
+}
+
+/**
+ * Implementation of configuration_manager_t.destroy.
+ */
 static status_t get_retransmit_timeout (private_configuration_manager_t *this, u_int32_t retransmit_count, u_int32_t *timeout)
 {
        if ((retransmit_count > this->max_retransmit_count) && (this->max_retransmit_count != 0))
@@ -523,6 +603,16 @@ static void destroy(private_configuration_manager_t *this)
        }
        this->init_configs->destroy(this->init_configs);
        
+       while (this->preshared_secrets->get_count(this->preshared_secrets) > 0)
+       {
+               preshared_secret_entry_t *entry;
+               this->preshared_secrets->remove_first(this->preshared_secrets,(void **) &entry);
+               entry->identification->destroy(entry->identification);
+               allocator_free_chunk(&(entry->preshared_secret));
+               allocator_free(entry);
+       }
+       this->preshared_secrets->destroy(this->preshared_secrets);
+               
        this->logger->log(this->logger,CONTROL | MOST, "Destroy assigned logger");
        charon->logger_manager->destroy_logger(charon->logger_manager,this->logger);
        allocator_free(this);
@@ -542,16 +632,19 @@ configuration_manager_t *configuration_manager_create(u_int32_t first_retransmit
        this->public.get_sa_config_for_name =(status_t (*) (configuration_manager_t *, char *, sa_config_t **)) get_sa_config_for_name;
        this->public.get_sa_config_for_init_config_and_id =(status_t (*) (configuration_manager_t *, init_config_t *, identification_t *, identification_t *,sa_config_t **)) get_sa_config_for_init_config_and_id;
        this->public.get_retransmit_timeout = (status_t (*) (configuration_manager_t *, u_int32_t retransmit_count, u_int32_t *timeout))get_retransmit_timeout;
+       this->public.get_shared_secret = (status_t (*) (configuration_manager_t *, identification_t *, chunk_t *))get_shared_secret;
        
        /* private functions */
        this->load_default_config = load_default_config;
        this->add_new_configuration = add_new_configuration;
+       this->add_new_preshared_secret = add_new_preshared_secret;
        
        /* private variables */
        this->logger = charon->logger_manager->create_logger(charon->logger_manager,CONFIGURATION_MANAGER,NULL);
        this->configurations = linked_list_create();
        this->sa_configs = linked_list_create();
        this->init_configs = linked_list_create();
+       this->preshared_secrets = linked_list_create();
        this->max_retransmit_count = max_retransmit_count;
        this->first_retransmit_timeout = first_retransmit_timeout;
        
index bc6c6e8..fe01615 100644 (file)
@@ -114,10 +114,25 @@ struct configuration_manager_t {
         * @param[out] timeout          the new retransmit timeout in milliseconds
         * 
         * @return              
-        *                              - FAILED        if the message should not be resent again
+        *                              - FAILED, if the message should not be resent again
         *                              - SUCCESS
         */
        status_t (*get_retransmit_timeout) (configuration_manager_t *this, u_int32_t retransmit_count, u_int32_t *timeout);
+       
+       /**
+        * Get the preshared secret of a specific ID.
+        * 
+        * The preshared secret gets not cloned.
+        * 
+        * @param this                                          calling object
+        * @param identification                        identification_t object identifiying the ID.
+        * @param[out] preshared_secret         the preshared secret will be written there
+        * 
+        * @return              
+        *                              - NOT_FOUND                     if no preshared secrets is configured for specific id
+        *                              - SUCCESS
+        */     
+       status_t (*get_shared_secret) (configuration_manager_t *this, identification_t *identification, chunk_t *preshared_secret);
 
        /**
         * Destroys configuration manager
index 978106b..8efbb70 100644 (file)
 #include "authenticator.h"
 
 #include <utils/allocator.h>
+#include <daemon.h>
+
+/**
+ * Key pad for the AUTH method SHARED_KEY_MESSAGE_INTEGRITY_CODE.
+ */
+#define IKE_V2_KEY_PAD "Key Pad for IKEv2"
+
+/**
+ * Length of key pad in bytes.
+ */
+#define IKE_V2_KEY_PAD_LEN 17
 
 typedef struct private_authenticator_t private_authenticator_t;
 
@@ -37,9 +48,14 @@ struct private_authenticator_t {
        authenticator_t public;
 
        /**
-        * IKE_SA.
+        * Assigned IKE_SA. Needed to get prf function.
         */
        protected_ike_sa_t *ike_sa;
+       
+       /**
+        * PRF function. Taken from the IKE_SA.
+        */
+       prf_t *prf;
 
        /**
         * A logger for.
@@ -51,45 +67,49 @@ struct private_authenticator_t {
        /**
         * TODO
         */
-       chunk_t (*allocate_octets) (private_authenticator_t *this,chunk_t last_message, chunk_t other_nonce,id_payload_t *my_id);
+       chunk_t (*allocate_octets) (private_authenticator_t *this,chunk_t last_message, chunk_t other_nonce,id_payload_t *my_id, bool initiator);
        
-       chunk_t (*allocate_auth_data_with_preshared_secret) (private_authenticator_t *this,chunk_t octets,chunk_t preshared_secret);
+       chunk_t (*allocate_auth_data_with_preshared_secret) (private_authenticator_t *this,chunk_t last_message, chunk_t nonce,id_payload_t *id_payload, bool initiator,chunk_t preshared_secret);
 };
 
 /**
  * Implementation of authenticator_t.private_authenticator_t.
  */
-static chunk_t allocate_octets(private_authenticator_t *this,chunk_t last_message, chunk_t other_nonce,id_payload_t *my_id)
+static chunk_t allocate_octets(private_authenticator_t *this,chunk_t last_message, chunk_t other_nonce,id_payload_t *my_id, bool initiator)
 {
        chunk_t id_chunk = my_id->get_data(my_id);
        u_int8_t id_with_header[4 + id_chunk.len];
-       chunk_t id_with_header_chunk;
-       chunk_t octets;
+       chunk_t id_with_header_chunk = {ptr:id_with_header, len: sizeof(id_with_header) };
        u_int8_t *current_pos;
-       prf_t *prf;
+       chunk_t octets;
        
        id_with_header[0] = my_id->get_id_type(my_id);
+       /* TODO
+        * Reserved bytes are not in any case zero
+        */
        id_with_header[1] = 0x00;
        id_with_header[2] = 0x00;
        id_with_header[3] = 0x00;
        memcpy(id_with_header + 4,id_chunk.ptr,id_chunk.len);
-       id_with_header_chunk.ptr = id_with_header;
-       id_with_header_chunk.len = sizeof(id_with_header);
-       
-       prf = this->ike_sa->get_prf(this->ike_sa);
-       
-       prf->set_key(prf,this->ike_sa->get_key_pr(this->ike_sa));
        
+       if (initiator)
+       {
+               this->prf->set_key(this->prf,this->ike_sa->get_key_pi(this->ike_sa));
+       }
+       else
+       {
+               this->prf->set_key(this->prf,this->ike_sa->get_key_pr(this->ike_sa));
+       }
        
        /* 4 bytes are id type and reserved fields of id payload */
-       octets.len = last_message.len + other_nonce.len + prf->get_block_size(prf);
+       octets.len = last_message.len + other_nonce.len + this->prf->get_block_size(this->prf);
        octets.ptr = allocator_alloc(octets.len);
        current_pos = octets.ptr;
        memcpy(current_pos,last_message.ptr,last_message.len);
        current_pos += last_message.len;
        memcpy(current_pos,other_nonce.ptr,other_nonce.len);
        current_pos += other_nonce.len;
-       prf->get_bytes(prf,id_with_header_chunk,current_pos);
+       this->prf->get_bytes(this->prf,id_with_header_chunk,current_pos);
        
        this->logger->log_chunk(this->logger,RAW | MOST, "Octets (Mesage + Nonce + prf(Sk_px,Idx)",&octets);
        return octets;
@@ -98,46 +118,53 @@ static chunk_t allocate_octets(private_authenticator_t *this,chunk_t last_messag
 /**
  * Implementation of authenticator_t.allocate_auth_data_with_preshared_secret.
  */
-static chunk_t allocate_auth_data_with_preshared_secret (private_authenticator_t *this,chunk_t octets,chunk_t preshared_secret)
+static chunk_t allocate_auth_data_with_preshared_secret (private_authenticator_t *this,chunk_t last_message, chunk_t nonce,id_payload_t *id_payload, bool initiator,chunk_t preshared_secret)
 {
-       prf_t *prf = this->ike_sa->get_prf(this->ike_sa);
-       chunk_t auth_data;      
-       chunk_t key_pad;
-       chunk_t key;
+       chunk_t key_pad = {ptr: IKE_V2_KEY_PAD, len:IKE_V2_KEY_PAD_LEN};
+       u_int8_t key_buffer[this->prf->get_block_size(this->prf)];
+       chunk_t key = {ptr: key_buffer, len: sizeof(key_buffer)};
+       chunk_t auth_data;
+
+       chunk_t octets = this->allocate_octets(this,last_message,nonce,id_payload,initiator);
        
-       key_pad.ptr = "Key Pad for IKEv2";
-       key_pad.len = strlen(key_pad.ptr);
-
-       prf->set_key(prf,preshared_secret);
-       prf->allocate_bytes(prf,key_pad,&key);
-       prf->set_key(prf,key);
-       allocator_free_chunk(&key);
-       prf->allocate_bytes(prf,octets,&auth_data);
-       this->logger->log_chunk(this->logger,RAW | MORE, "Authenticated data",&auth_data);
-                       
+       /*
+        * AUTH = prf(prf(Shared Secret,"Key Pad for IKEv2"), <msg octets>) 
+        */
+
+       this->prf->set_key(this->prf,preshared_secret);
+       this->prf->get_bytes(this->prf,key_pad,key_buffer);
+       this->prf->set_key(this->prf,key);
+       this->prf->allocate_bytes(this->prf,octets,&auth_data);
+       allocator_free_chunk(&octets);
+       this->logger->log_chunk(this->logger,RAW | MOST, "Authenticated data",&auth_data);
+
        return auth_data;
 }
 
-
 /**
  * Implementation of authenticator_t.private_authenticator_t.
  */
 
-static status_t verify_auth_data (private_authenticator_t *this,auth_payload_t *auth_payload, chunk_t last_received_packet,chunk_t my_nonce,id_payload_t *other_id_payload,bool *verified)
+static status_t verify_auth_data (private_authenticator_t *this,auth_payload_t *auth_payload, chunk_t last_received_packet,chunk_t my_nonce,id_payload_t *other_id_payload,bool initiator,bool *verified)
 {
        switch(auth_payload->get_auth_method(auth_payload))
        {
                case SHARED_KEY_MESSAGE_INTEGRITY_CODE:
                {
-                       chunk_t preshared_secret;
-                       chunk_t auth_data = auth_payload->get_data(auth_payload);
                        
-                       preshared_secret.ptr = "secret";
-                       preshared_secret.len = strlen(preshared_secret.ptr);
+                       identification_t *other_id =other_id_payload->get_identification(other_id_payload);
+                       chunk_t auth_data = auth_payload->get_data(auth_payload);
+                       chunk_t preshared_secret;
+                       status_t status;
+                                               
+                       status = charon->configuration_manager->get_shared_secret(charon->configuration_manager,other_id,&preshared_secret);
+                       other_id->destroy(other_id);
+                       if (status != SUCCESS)
+                       {
+                               return status;  
+                       }
                        
-                       chunk_t octets = this->allocate_octets(this,last_received_packet,my_nonce,other_id_payload);
-                       chunk_t my_auth_data = this->allocate_auth_data_with_preshared_secret(this,octets,preshared_secret);
-                       allocator_free_chunk(&octets);
+                       chunk_t my_auth_data = this->allocate_auth_data_with_preshared_secret(this,last_received_packet,my_nonce,other_id_payload,initiator,preshared_secret);
                        
                        if (auth_data.len != my_auth_data.len)
                        {
@@ -166,38 +193,42 @@ static status_t verify_auth_data (private_authenticator_t *this,auth_payload_t *
 /**
  * Implementation of authenticator_t.compute_auth_data.
  */
-static status_t compute_auth_data (private_authenticator_t *this,auth_payload_t **auth_payload, chunk_t last_sent_packet,chunk_t other_nonce,id_payload_t *my_id_payload)
+static status_t compute_auth_data (private_authenticator_t *this,auth_payload_t **auth_payload, chunk_t last_sent_packet,chunk_t other_nonce,id_payload_t *my_id_payload,bool initiator)
 {
+       sa_config_t *sa_config = this->ike_sa->get_sa_config(this->ike_sa);
+       
        
-/*     switch(auth_method)
+       switch(sa_config->get_auth_method(sa_config))
        {
                case SHARED_KEY_MESSAGE_INTEGRITY_CODE:
-               {*/
-
+               {
+                       identification_t *my_id =my_id_payload->get_identification(my_id_payload);
                        chunk_t preshared_secret;
+                       status_t status;
                        
-                       preshared_secret.ptr = "secret";
-                       preshared_secret.len = strlen(preshared_secret.ptr);
-                       
-                       chunk_t octets = this->allocate_octets(this,last_sent_packet,other_nonce,my_id_payload);
-                       chunk_t auth_data = this->allocate_auth_data_with_preshared_secret(this,octets,preshared_secret);
 
-                       allocator_free_chunk(&octets);
+                       status = charon->configuration_manager->get_shared_secret(charon->configuration_manager,my_id,&preshared_secret);
+
+                       my_id->destroy(my_id);
+                       if (status != SUCCESS)
+                       {
+                               return status;  
+                       }
+                       
+                       chunk_t auth_data = this->allocate_auth_data_with_preshared_secret(this,last_sent_packet,other_nonce,my_id_payload,initiator,preshared_secret);
 
                        *auth_payload = auth_payload_create();
                        (*auth_payload)->set_auth_method((*auth_payload),SHARED_KEY_MESSAGE_INTEGRITY_CODE);
                        (*auth_payload)->set_data((*auth_payload),auth_data);
 
                        allocator_free_chunk(&auth_data);
-                       allocator_free_chunk(&octets);
-                       
                        return SUCCESS;
-/*             }
+               }
                default:
                {
                        return NOT_SUPPORTED;
                }
-       }*/
+       }
 }
 
 /**
@@ -217,8 +248,8 @@ authenticator_t *authenticator_create(protected_ike_sa_t *ike_sa)
 
        /* Public functions */
        this->public.destroy = (void(*)(authenticator_t*))destroy;
-       this->public.verify_auth_data = (status_t (*) (authenticator_t *,auth_payload_t *, chunk_t ,chunk_t ,id_payload_t *,bool *)) verify_auth_data;
-       this->public.compute_auth_data = (status_t (*) (authenticator_t *,auth_payload_t **, chunk_t ,chunk_t ,id_payload_t *)) compute_auth_data;
+       this->public.verify_auth_data = (status_t (*) (authenticator_t *,auth_payload_t *, chunk_t ,chunk_t ,id_payload_t *,bool,bool *)) verify_auth_data;
+       this->public.compute_auth_data = (status_t (*) (authenticator_t *,auth_payload_t **, chunk_t ,chunk_t ,id_payload_t *,bool)) compute_auth_data;
        
        /* private functions */
        this->allocate_octets = allocate_octets;
@@ -226,6 +257,7 @@ authenticator_t *authenticator_create(protected_ike_sa_t *ike_sa)
        
        /* private data */
        this->ike_sa = ike_sa;
+       this->prf = this->ike_sa->get_prf(this->ike_sa);
        this->logger = this->ike_sa->get_logger(this->ike_sa);
        
        return  &(this->public);
index 06cb96d..28b9db1 100644 (file)
@@ -52,7 +52,7 @@ struct authenticator_t {
         * @return
         *                                              - NOT_SUPPORTED if auth_method is not supported
         */
-       status_t (*verify_auth_data) (authenticator_t *this,auth_payload_t *auth_payload, chunk_t last_received_packet,chunk_t my_nonce,id_payload_t *other_id_payload,bool *verified);
+       status_t (*verify_auth_data) (authenticator_t *this,auth_payload_t *auth_payload, chunk_t last_received_packet,chunk_t my_nonce,id_payload_t *other_id_payload, bool initiator,bool *verified);
 
        /**
         * @brief Verifying of given authentication data.
@@ -62,7 +62,7 @@ struct authenticator_t {
         * @return
         *                                              - NOT_SUPPORTED if auth_method is not supported
         */
-       status_t (*compute_auth_data) (authenticator_t *this,auth_payload_t **auth_payload, chunk_t last_sent_packet,chunk_t other_nonce,id_payload_t *my_id_payload);
+       status_t (*compute_auth_data) (authenticator_t *this,auth_payload_t **auth_payload, chunk_t last_sent_packet,chunk_t other_nonce,id_payload_t *my_id_payload, bool initiator);
        /**
         * @brief Destroys a authenticator_t object.
         *
index 1c18e3c..2c45e5b 100644 (file)
@@ -567,6 +567,15 @@ static chunk_t get_key_pr (private_ike_sa_t *this)
        return this->secrets.pr_key;
 }
 
+
+/**
+ * Implementation of protected_ike_sa_t.get_key_pi.
+ */
+static chunk_t get_key_pi (private_ike_sa_t *this)
+{
+       return this->secrets.pi_key;
+}
+
 /**
  * Implementation of protected_ike_sa_t.set_prf.
  */
@@ -940,6 +949,7 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
        this->protected.compute_secrets = (void (*) (protected_ike_sa_t *,chunk_t ,chunk_t , chunk_t )) compute_secrets;
        this->protected.get_prf = (prf_t *(*) (protected_ike_sa_t *)) get_prf;  
        this->protected.get_key_pr = (chunk_t (*) (protected_ike_sa_t *)) get_key_pr;   
+       this->protected.get_key_pi = (chunk_t (*) (protected_ike_sa_t *)) get_key_pi;   
        this->protected.get_logger = (logger_t *(*) (protected_ike_sa_t *)) get_logger;         
        this->protected.set_init_config = (void (*) (protected_ike_sa_t *,init_config_t *)) set_init_config;
        this->protected.get_init_config = (init_config_t *(*) (protected_ike_sa_t *)) get_init_config;
index 9402bf1..ffc9bd2 100644 (file)
@@ -358,6 +358,16 @@ struct protected_ike_sa_t {
         * @return                                      SK_pr key
         */
        chunk_t (*get_key_pr) (protected_ike_sa_t *this);
+       
+       /**
+        * Gets the Shared key SK_pi.
+        * 
+        * Returned value is not cloned!
+        * 
+        * @param this                          calling object
+        * @return                                      SK_pr key
+        */
+       chunk_t (*get_key_pi) (protected_ike_sa_t *this);
 
        /**
         * Resets message id counters and does destroy stored received and sent messages.
index 33c050e..041185c 100644 (file)
@@ -353,7 +353,7 @@ static status_t process_auth_payload(private_ike_auth_requested_t *this, auth_pa
        /* TODO VERIFY auth here */
        authenticator = authenticator_create(this->ike_sa);
 
-       status = authenticator->verify_auth_data(authenticator,auth_payload,this->ike_sa_init_reply_data,this->sent_nonce,other_id_payload,&verified);
+       status = authenticator->verify_auth_data(authenticator,auth_payload,this->ike_sa_init_reply_data,this->sent_nonce,other_id_payload,FALSE,&verified);
        authenticator->destroy(authenticator);
        if (status != SUCCESS)
        {
index 1013eae..967aebb 100644 (file)
@@ -506,7 +506,7 @@ static status_t build_auth_payload (private_ike_sa_init_requested_t *this, paylo
        status_t status;
        
        authenticator = authenticator_create(this->ike_sa);
-       status = authenticator->compute_auth_data(authenticator,&auth_payload,this->ike_sa_init_request_data,this->received_nonce,my_id_payload);       
+       status = authenticator->compute_auth_data(authenticator,&auth_payload,this->ike_sa_init_request_data,this->received_nonce,my_id_payload,TRUE);  
        authenticator->destroy(authenticator);
        
        if (status != SUCCESS)
index 31d41cb..1dd16f6 100644 (file)
@@ -356,7 +356,7 @@ static status_t build_auth_payload(private_ike_sa_init_responded_t *this, auth_p
        authenticator = authenticator_create(this->ike_sa);
 
 
-       status =  authenticator->verify_auth_data(authenticator,auth_request, this->ike_sa_init_request_data,this->sent_nonce,other_id_payload,&verified);
+       status =  authenticator->verify_auth_data(authenticator,auth_request, this->ike_sa_init_request_data,this->sent_nonce,other_id_payload,TRUE,&verified);
 
        if (status != SUCCESS)
        {
@@ -371,7 +371,7 @@ static status_t build_auth_payload(private_ike_sa_init_responded_t *this, auth_p
                return FAILED;
        }
 
-       status = authenticator->compute_auth_data(authenticator,&auth_reply, this->ike_sa_init_response_data,this->received_nonce,my_id_payload);
+       status = authenticator->compute_auth_data(authenticator,&auth_reply, this->ike_sa_init_response_data,this->received_nonce,my_id_payload,FALSE);
        authenticator->destroy(authenticator);
        if (status != SUCCESS)
        {
index 631f8f1..91f83a7 100644 (file)
@@ -148,12 +148,12 @@ static logger_t *create_logger(private_logger_manager_t *this, logger_context_t
                case IKE_SA:
                        logger_level |= FULL;
                case IKE_SA_MANAGER:
-               case MESSAGE:
-               case ENCRYPTION_PAYLOAD:
                case WORKER:
                case CONFIGURATION_MANAGER:
                        logger_level |= ALL;
-               case PARSER:
+               case MESSAGE:
+               case ENCRYPTION_PAYLOAD:
+
                case GENERATOR:
                case THREAD_POOL:
                case SCHEDULER:
@@ -161,8 +161,10 @@ static logger_t *create_logger(private_logger_manager_t *this, logger_context_t
                case RECEIVER:
                case SOCKET:
                case DAEMON:
+                       logger_level |= CONTROL;
+               case PARSER:
                        log_thread_ids = FALSE;
-                       logger_level |= ERROR|CONTROL;
+                       logger_level |= ERROR;
                        break;
        }