Hi Gerald, > 14[IKE] key derivation for XAuthRespPSK failed
While we have some basic support to authenticate the responder with XAuth, it seems that the XAuthRespPSK case got lost somehow in key derivation. I haven't tried it at all, but the attached patch might fix the issue. Regards Martin
>From 8737c848c40c7b1abd2fcbb2b65c03574adf413c Mon Sep 17 00:00:00 2001 From: Martin Willi <[email protected]> Date: Fri, 8 Mar 2013 15:21:36 +0100 Subject: [PATCH] Add missing XAuthRespPSK switch case to IKEv1 key derivation --- src/libcharon/sa/ikev1/keymat_v1.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/libcharon/sa/ikev1/keymat_v1.c b/src/libcharon/sa/ikev1/keymat_v1.c index eb64210..39e4cad 100644 --- a/src/libcharon/sa/ikev1/keymat_v1.c +++ b/src/libcharon/sa/ikev1/keymat_v1.c @@ -431,6 +431,7 @@ METHOD(keymat_v1_t, derive_ike_keys, bool, { case AUTH_PSK: case AUTH_XAUTH_INIT_PSK: + case AUTH_XAUTH_RESP_PSK: { /* SKEYID = prf(pre-shared-key, Ni_b | Nr_b) */ chunk_t psk; if (!shared_key) -- 1.7.10.4
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
