diff options
| author | Martin Willi <martin@revosec.ch> | 2012-07-06 11:07:39 +0200 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2012-07-16 14:53:34 +0200 |
| commit | e4c5c1d03e44b246677b467b0f4abf9bfb377dfc (patch) | |
| tree | cc39ed02ed7d7b0437a6df20f6f445a3ed17bc01 | |
| parent | bb1e0c59e1e2195d46542ca9e9194486b913a0dd (diff) | |
| download | strongswan-e4c5c1d03e44b246677b467b0f4abf9bfb377dfc.tar.bz2 strongswan-e4c5c1d03e44b246677b467b0f4abf9bfb377dfc.tar.xz | |
Add a return value to keymat_v1_t.get_hash()
| -rw-r--r-- | src/libcharon/sa/ikev1/authenticators/psk_v1_authenticator.c | 16 | ||||
| -rw-r--r-- | src/libcharon/sa/ikev1/authenticators/pubkey_v1_authenticator.c | 17 | ||||
| -rw-r--r-- | src/libcharon/sa/ikev1/keymat_v1.c | 12 | ||||
| -rw-r--r-- | src/libcharon/sa/ikev1/keymat_v1.h | 7 |
4 files changed, 35 insertions, 17 deletions
diff --git a/src/libcharon/sa/ikev1/authenticators/psk_v1_authenticator.c b/src/libcharon/sa/ikev1/authenticators/psk_v1_authenticator.c index 769c0dad3..ee15408c7 100644 --- a/src/libcharon/sa/ikev1/authenticators/psk_v1_authenticator.c +++ b/src/libcharon/sa/ikev1/authenticators/psk_v1_authenticator.c @@ -76,9 +76,13 @@ METHOD(authenticator_t, build, status_t, this->dh->get_my_public_value(this->dh, &dh); keymat = (keymat_v1_t*)this->ike_sa->get_keymat(this->ike_sa); - hash = keymat->get_hash(keymat, this->initiator, dh, this->dh_value, + if (!keymat->get_hash(keymat, this->initiator, dh, this->dh_value, this->ike_sa->get_id(this->ike_sa), this->sa_payload, - this->id_payload); + this->id_payload, &hash)) + { + free(dh.ptr); + return FAILED; + } free(dh.ptr); hash_payload = hash_payload_create(HASH_V1); @@ -106,9 +110,13 @@ METHOD(authenticator_t, process, status_t, this->dh->get_my_public_value(this->dh, &dh); keymat = (keymat_v1_t*)this->ike_sa->get_keymat(this->ike_sa); - hash = keymat->get_hash(keymat, !this->initiator, this->dh_value, dh, + if (!keymat->get_hash(keymat, !this->initiator, this->dh_value, dh, this->ike_sa->get_id(this->ike_sa), this->sa_payload, - this->id_payload); + this->id_payload, &hash)) + { + free(dh.ptr); + return FAILED; + } free(dh.ptr); if (chunk_equals(hash, hash_payload->get_hash(hash_payload))) { diff --git a/src/libcharon/sa/ikev1/authenticators/pubkey_v1_authenticator.c b/src/libcharon/sa/ikev1/authenticators/pubkey_v1_authenticator.c index 8d3f21c49..d81c77f0d 100644 --- a/src/libcharon/sa/ikev1/authenticators/pubkey_v1_authenticator.c +++ b/src/libcharon/sa/ikev1/authenticators/pubkey_v1_authenticator.c @@ -96,9 +96,14 @@ METHOD(authenticator_t, build, status_t, this->dh->get_my_public_value(this->dh, &dh); keymat = (keymat_v1_t*)this->ike_sa->get_keymat(this->ike_sa); - hash = keymat->get_hash(keymat, this->initiator, dh, this->dh_value, + if (!keymat->get_hash(keymat, this->initiator, dh, this->dh_value, this->ike_sa->get_id(this->ike_sa), this->sa_payload, - this->id_payload); + this->id_payload, &hash)) + { + private->destroy(private); + free(dh.ptr); + return FAILED; + } free(dh.ptr); if (private->sign(private, scheme, hash, &sig)) @@ -149,9 +154,13 @@ METHOD(authenticator_t, process, status_t, id = this->ike_sa->get_other_id(this->ike_sa); this->dh->get_my_public_value(this->dh, &dh); keymat = (keymat_v1_t*)this->ike_sa->get_keymat(this->ike_sa); - hash = keymat->get_hash(keymat, !this->initiator, this->dh_value, dh, + if (!keymat->get_hash(keymat, !this->initiator, this->dh_value, dh, this->ike_sa->get_id(this->ike_sa), this->sa_payload, - this->id_payload); + this->id_payload, &hash)) + { + free(dh.ptr); + return FAILED; + } free(dh.ptr); sig = sig_payload->get_hash(sig_payload); diff --git a/src/libcharon/sa/ikev1/keymat_v1.c b/src/libcharon/sa/ikev1/keymat_v1.c index 2b22b14f8..f543a0356 100644 --- a/src/libcharon/sa/ikev1/keymat_v1.c +++ b/src/libcharon/sa/ikev1/keymat_v1.c @@ -698,11 +698,11 @@ METHOD(keymat_v1_t, get_hasher, hasher_t*, return this->hasher; } -METHOD(keymat_v1_t, get_hash, chunk_t, +METHOD(keymat_v1_t, get_hash, bool, private_keymat_v1_t *this, bool initiator, chunk_t dh, chunk_t dh_other, - ike_sa_id_t *ike_sa_id, chunk_t sa_i, chunk_t id) + ike_sa_id_t *ike_sa_id, chunk_t sa_i, chunk_t id, chunk_t *hash) { - chunk_t hash, data; + chunk_t data; u_int64_t spi, spi_other; /* HASH_I = prf(SKEYID, g^xi | g^xr | CKY-I | CKY-R | SAi_b | IDii_b ) @@ -724,12 +724,12 @@ METHOD(keymat_v1_t, get_hash, chunk_t, DBG3(DBG_IKE, "HASH_%c data %B", initiator ? 'I' : 'R', &data); - this->prf_auth->allocate_bytes(this->prf_auth, data, &hash); + this->prf_auth->allocate_bytes(this->prf_auth, data, hash); - DBG3(DBG_IKE, "HASH_%c %B", initiator ? 'I' : 'R', &hash); + DBG3(DBG_IKE, "HASH_%c %B", initiator ? 'I' : 'R', hash); free(data.ptr); - return hash; + return TRUE; } /** diff --git a/src/libcharon/sa/ikev1/keymat_v1.h b/src/libcharon/sa/ikev1/keymat_v1.h index e003ed708..77aff88ec 100644 --- a/src/libcharon/sa/ikev1/keymat_v1.h +++ b/src/libcharon/sa/ikev1/keymat_v1.h @@ -101,11 +101,12 @@ struct keymat_v1_t { * @param ike_sa_id IKE_SA identifier * @param sa_i encoded SA payload of initiator * @param id encoded IDii payload for HASH_I (IDir for HASH_R) - * @return allocated HASH data + * @param hash chunk receiving allocated HASH data + * @return TRUE if hash allocated successfully */ - chunk_t (*get_hash)(keymat_v1_t *this, bool initiator, + bool (*get_hash)(keymat_v1_t *this, bool initiator, chunk_t dh, chunk_t dh_other, ike_sa_id_t *ike_sa_id, - chunk_t sa_i, chunk_t id); + chunk_t sa_i, chunk_t id, chunk_t *hash); /** * Get HASH data for integrity/authentication in Phase 2 exchanges. |