Added hybrid authentication support to Main Mode
authorMartin Willi <martin@revosec.ch>
Wed, 14 Dec 2011 08:44:39 +0000 (09:44 +0100)
committerMartin Willi <martin@revosec.ch>
Tue, 20 Mar 2012 16:31:21 +0000 (17:31 +0100)
src/libcharon/sa/keymat_v1.c
src/libcharon/sa/tasks/main_mode.c

index 8d38414..100c952 100755 (executable)
@@ -429,6 +429,8 @@ METHOD(keymat_v1_t, derive_ike_keys, bool,
                case AUTH_RSA:
                case AUTH_XAUTH_INIT_RSA:
                case AUTH_XAUTH_RESP_RSA:
+               case AUTH_HYBRID_INIT_RSA:
+               case AUTH_HYBRID_RESP_RSA:
                {
                        this->prf->set_key(this->prf, nonces);
                        this->prf->allocate_bytes(this->prf, g_xy, &this->skeyid);
index 0e93620..f60bda7 100755 (executable)
@@ -327,7 +327,11 @@ static auth_method_t get_auth_method(private_main_mode_t *this,
                        return AUTH_XAUTH_RESP_PSK;
                }
        }
-       /* TODO-IKEv1: Hybrid methods? */
+       if (i1 == AUTH_CLASS_XAUTH && r1 == AUTH_CLASS_PUBKEY &&
+               i2 == AUTH_CLASS_ANY && r2 == AUTH_CLASS_ANY)
+       {
+               return AUTH_HYBRID_INIT_RSA;
+       }
        return AUTH_NONE;;
 }
 
@@ -883,11 +887,13 @@ METHOD(task_t, build_r, status_t,
                        {
                                case AUTH_XAUTH_INIT_PSK:
                                case AUTH_XAUTH_INIT_RSA:
+                               case AUTH_HYBRID_INIT_RSA:
                                        this->ike_sa->queue_task(this->ike_sa,
                                                                        (task_t*)xauth_create(this->ike_sa, TRUE));
                                        return SUCCESS;
                                case AUTH_XAUTH_RESP_PSK:
                                case AUTH_XAUTH_RESP_RSA:
+                               case AUTH_HYBRID_RESP_RSA:
                                        /* TODO-IKEv1: not yet supported */
                                        return FAILED;
                                default:
@@ -992,10 +998,12 @@ METHOD(task_t, process_i, status_t,
                        {
                                case AUTH_XAUTH_INIT_PSK:
                                case AUTH_XAUTH_INIT_RSA:
+                               case AUTH_HYBRID_INIT_RSA:
                                        /* wait for XAUTH request */
                                        return SUCCESS;
                                case AUTH_XAUTH_RESP_PSK:
                                case AUTH_XAUTH_RESP_RSA:
+                               case AUTH_HYBRID_RESP_RSA:
                                        /* TODO-IKEv1: not yet */
                                        return FAILED;
                                default: