static struct wpabuf * ikev2_build_sa_auth(struct ikev2_responder_data *data)
{
struct wpabuf *msg, *plain;
/* build IKE_SA_AUTH: HDR, SK {IDr, [CERT,] AUTH} */
msg = wpabuf_alloc(sizeof(struct ikev2_hdr) + data->IDr_len + 1000);
if (msg == NULL)
return NULL;
ikev2_build_hdr(data, msg, IKE_SA_AUTH, IKEV2_PAYLOAD_ENCRYPTED, 1);
plain = wpabuf_alloc(data->IDr_len + 1000);
if (plain == NULL) {
wpabuf_free(msg);
return NULL;
}
if (ikev2_build_idr(data, plain, IKEV2_PAYLOAD_AUTHENTICATION) ||
ikev2_build_auth(data, plain, IKEV2_PAYLOAD_NO_NEXT_PAYLOAD) ||
ikev2_build_encrypted(data->proposal.encr, data->proposal.integ,
&data->keys, 0, msg, plain,
IKEV2_PAYLOAD_IDr)) {
wpabuf_free(plain);
wpabuf_free(msg);
return NULL;
}
wpabuf_free(plain);
wpa_hexdump_buf(MSG_MSGDUMP, "IKEV2: Sending message (SA_AUTH)", msg);
data->state = IKEV2_DONE;
return msg;
}
static struct wpabuf * ikev2_build_sa_auth(struct ikev2_initiator_data *data)
{
struct wpabuf *msg, *plain;
const u8 *secret;
size_t secret_len;
secret = data->get_shared_secret(data->cb_ctx, data->IDr,
data->IDr_len, &secret_len);
if (secret == NULL) {
asd_printf(ASD_DEFAULT,MSG_DEBUG, "IKEV2: Could not get shared secret - "
"use fake value");
/* RFC 5106, Sect. 7:
* Use a random key to fake AUTH generation in order to prevent
* probing of user identities.
*/
data->unknown_user = 1;
os_free(data->shared_secret);
data->shared_secret = os_zalloc(16);
if (data->shared_secret == NULL)
return NULL;
data->shared_secret_len = 16;
if (os_get_random(data->shared_secret, 16))
return NULL;
} else {
os_free(data->shared_secret);
data->shared_secret = os_zalloc(secret_len);
if (data->shared_secret == NULL)
return NULL;
os_memcpy(data->shared_secret, secret, secret_len);
data->shared_secret_len = secret_len;
}
/* build IKE_SA_AUTH: HDR, SK {IDi, [CERT,] [CERTREQ,] AUTH} */
msg = wpabuf_alloc(sizeof(struct ikev2_hdr) + data->IDr_len + 1000);
if (msg == NULL)
return NULL;
ikev2_build_hdr(data, msg, IKE_SA_AUTH, IKEV2_PAYLOAD_ENCRYPTED, 1);
plain = wpabuf_alloc(data->IDr_len + 1000);
if (plain == NULL) {
wpabuf_free(msg);
return NULL;
}
if (ikev2_build_idi(data, plain, IKEV2_PAYLOAD_AUTHENTICATION) ||
ikev2_build_auth(data, plain, IKEV2_PAYLOAD_NO_NEXT_PAYLOAD) ||
ikev2_build_encrypted(data->proposal.encr, data->proposal.integ,
&data->keys, 1, msg, plain,
IKEV2_PAYLOAD_IDi)) {
wpabuf_free(plain);
wpabuf_free(msg);
return NULL;
}
wpabuf_free(plain);
wpa_hexdump_buf(MSG_MSGDUMP, "IKEV2: Sending message (SA_AUTH)", msg);
return msg;
}
