diff options
| author | Martin Willi <martin@revosec.ch> | 2012-07-06 08:57:18 +0200 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2012-07-16 14:53:33 +0200 |
| commit | 86d2cdc1edd26598ddc990b4e081db0ab828d461 (patch) | |
| tree | ac9912601ecfa4d53b6d594edc59f4b5fdb16ed2 /src/libcharon/plugins/eap_sim | |
| parent | 2e96de60a8e943a9c0d08e14428aa881789dc7c4 (diff) | |
| download | strongswan-86d2cdc1edd26598ddc990b4e081db0ab828d461.tar.bz2 strongswan-86d2cdc1edd26598ddc990b4e081db0ab828d461.tar.xz | |
Add a return value to simaka_crypto_t.derive_keys_*()
Diffstat (limited to 'src/libcharon/plugins/eap_sim')
| -rw-r--r-- | src/libcharon/plugins/eap_sim/eap_sim_peer.c | 28 | ||||
| -rw-r--r-- | src/libcharon/plugins/eap_sim/eap_sim_server.c | 14 |
2 files changed, 29 insertions, 13 deletions
diff --git a/src/libcharon/plugins/eap_sim/eap_sim_peer.c b/src/libcharon/plugins/eap_sim/eap_sim_peer.c index f0a48255d..479fb95fc 100644 --- a/src/libcharon/plugins/eap_sim/eap_sim_peer.c +++ b/src/libcharon/plugins/eap_sim/eap_sim_peer.c @@ -344,10 +344,13 @@ static status_t process_challenge(private_eap_sim_peer_t *this, id = this->pseudonym; } data = chunk_cata("cccc", kcs, this->nonce, this->version_list, version); - free(this->msk.ptr); - this->msk = this->crypto->derive_keys_full(this->crypto, id, data, &mk); + chunk_clear(&this->msk); + if (!this->crypto->derive_keys_full(this->crypto, id, data, &mk, &this->msk)) + { + return FAILED; + } memcpy(this->mk, mk.ptr, mk.len); - free(mk.ptr); + chunk_clear(&mk); /* Verify AT_MAC attribute, signature is over "EAP packet | NONCE_MT", and * parse() again after key derivation, reading encrypted attributes */ @@ -427,8 +430,11 @@ static status_t process_reauthentication(private_eap_sim_peer_t *this, return NEED_MORE; } - this->crypto->derive_keys_reauth(this->crypto, - chunk_create(this->mk, HASH_SIZE_SHA1)); + if (!this->crypto->derive_keys_reauth(this->crypto, + chunk_create(this->mk, HASH_SIZE_SHA1))) + { + return FAILED; + } /* verify MAC and parse again with decryption key */ if (!in->verify(in, chunk_empty) || !in->parse(in)) @@ -488,10 +494,14 @@ static status_t process_reauthentication(private_eap_sim_peer_t *this, } else { - free(this->msk.ptr); - this->msk = this->crypto->derive_keys_reauth_msk(this->crypto, - this->reauth, counter, nonce, - chunk_create(this->mk, HASH_SIZE_SHA1)); + chunk_clear(&this->msk); + if (!this->crypto->derive_keys_reauth_msk(this->crypto, + this->reauth, counter, nonce, + chunk_create(this->mk, HASH_SIZE_SHA1), &this->msk)) + { + message->destroy(message); + return FAILED; + } if (id.len) { identification_t *reauth; diff --git a/src/libcharon/plugins/eap_sim/eap_sim_server.c b/src/libcharon/plugins/eap_sim/eap_sim_server.c index a88ce5706..fd4f4c02b 100644 --- a/src/libcharon/plugins/eap_sim/eap_sim_server.c +++ b/src/libcharon/plugins/eap_sim/eap_sim_server.c @@ -180,9 +180,12 @@ static status_t reauthenticate(private_eap_sim_server_t *this, counter = htons(counter); this->counter = chunk_clone(chunk_create((char*)&counter, sizeof(counter))); - this->crypto->derive_keys_reauth(this->crypto, mkc); - this->msk = this->crypto->derive_keys_reauth_msk(this->crypto, - this->reauth, this->counter, this->nonce, mkc); + if (!this->crypto->derive_keys_reauth(this->crypto, mkc) || + !this->crypto->derive_keys_reauth_msk(this->crypto, + this->reauth, this->counter, this->nonce, mkc, &this->msk)) + { + return FAILED; + } message = simaka_message_create(TRUE, this->identifier++, EAP_SIM, SIM_REAUTHENTICATION, this->crypto); @@ -406,7 +409,10 @@ static status_t process_start(private_eap_sim_server_t *this, { id = this->pseudonym; } - this->msk = this->crypto->derive_keys_full(this->crypto, id, data, &mk); + if (!this->crypto->derive_keys_full(this->crypto, id, data, &mk, &this->msk)) + { + return FAILED; + } /* build response with AT_MAC, built over "EAP packet | NONCE_MT" */ message = simaka_message_create(TRUE, this->identifier++, EAP_SIM, |