diff options
| author | Andreas Steffen <andreas.steffen@strongswan.org> | 2012-07-16 18:08:49 +0200 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2012-07-16 18:08:49 +0200 |
| commit | e51c527e68bc59d5df249236ba3ee1b462d5a3e9 (patch) | |
| tree | ac52dfe658643d9093d4f25632193f3303dae64a /src/libimcv | |
| parent | 358dbe483515981579b25b1bf6503cc84c7907f0 (diff) | |
| download | strongswan-e51c527e68bc59d5df249236ba3ee1b462d5a3e9.tar.bz2 strongswan-e51c527e68bc59d5df249236ba3ee1b462d5a3e9.tar.xz | |
use a nonce for a PA-TNC message identifier
Diffstat (limited to 'src/libimcv')
| -rw-r--r-- | src/libimcv/imc/imc_agent.c | 6 | ||||
| -rw-r--r-- | src/libimcv/imv/imv_agent.c | 6 | ||||
| -rw-r--r-- | src/libimcv/pa_tnc/pa_tnc_msg.c | 19 | ||||
| -rw-r--r-- | src/libimcv/pa_tnc/pa_tnc_msg.h | 4 |
4 files changed, 26 insertions, 9 deletions
diff --git a/src/libimcv/imc/imc_agent.c b/src/libimcv/imc/imc_agent.c index 661c3c77f..8d1e70716 100644 --- a/src/libimcv/imc/imc_agent.c +++ b/src/libimcv/imc/imc_agent.c @@ -525,7 +525,11 @@ METHOD(imc_agent_t, send_message, TNC_Result, enumerator->destroy(enumerator); /* build and send the PA-TNC message via the IF-IMC interface */ - pa_tnc_msg->build(pa_tnc_msg); + if (!pa_tnc_msg->build(pa_tnc_msg)) + { + pa_tnc_msg->destroy(pa_tnc_msg); + return TNC_RESULT_FATAL; + } msg = pa_tnc_msg->get_encoding(pa_tnc_msg); if (state->has_long(state) && this->send_message_long) diff --git a/src/libimcv/imv/imv_agent.c b/src/libimcv/imv/imv_agent.c index 784e0316a..0935caad9 100644 --- a/src/libimcv/imv/imv_agent.c +++ b/src/libimcv/imv/imv_agent.c @@ -547,7 +547,11 @@ METHOD(imv_agent_t, send_message, TNC_Result, enumerator->destroy(enumerator); /* build and send the PA-TNC message via the IF-IMV interface */ - pa_tnc_msg->build(pa_tnc_msg); + if (!pa_tnc_msg->build(pa_tnc_msg)) + { + pa_tnc_msg->destroy(pa_tnc_msg); + return TNC_RESULT_FATAL; + } msg = pa_tnc_msg->get_encoding(pa_tnc_msg); if (state->has_long(state) && this->send_message_long) diff --git a/src/libimcv/pa_tnc/pa_tnc_msg.c b/src/libimcv/pa_tnc/pa_tnc_msg.c index 8f7617dc1..ca755439c 100644 --- a/src/libimcv/pa_tnc/pa_tnc_msg.c +++ b/src/libimcv/pa_tnc/pa_tnc_msg.c @@ -131,7 +131,7 @@ METHOD(pa_tnc_msg_t, add_attribute, bool, return TRUE; } -METHOD(pa_tnc_msg_t, build, void, +METHOD(pa_tnc_msg_t, build, bool, private_pa_tnc_msg_t *this) { bio_writer_t *writer; @@ -142,12 +142,17 @@ METHOD(pa_tnc_msg_t, build, void, u_int32_t type; u_int8_t flags; chunk_t value; - rng_t *rng; + nonce_gen_t *ng; - /* create a random message identifier */ - rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); - rng->get_bytes(rng, sizeof(this->identifier), (u_int8_t*)&this->identifier); - rng->destroy(rng); + /* generate a nonce as a message identifier */ + ng = lib->crypto->create_nonce_gen(lib->crypto); + if (!ng || !ng->get_nonce(ng, 4, (u_int8_t*)&this->identifier)) + { + DBG1(DBG_TNC, "failed to generate random PA-TNC message identifier"); + DESTROY_IF(ng); + return FALSE; + } + ng->destroy(ng); DBG2(DBG_TNC, "creating PA-TNC message with ID 0x%08x", this->identifier); /* build message header */ @@ -193,6 +198,8 @@ METHOD(pa_tnc_msg_t, build, void, free(this->encoding.ptr); this->encoding = chunk_clone(writer->get_buf(writer)); writer->destroy(writer); + + return TRUE; } METHOD(pa_tnc_msg_t, process, status_t, diff --git a/src/libimcv/pa_tnc/pa_tnc_msg.h b/src/libimcv/pa_tnc/pa_tnc_msg.h index 64d434ca8..80016fecd 100644 --- a/src/libimcv/pa_tnc/pa_tnc_msg.h +++ b/src/libimcv/pa_tnc/pa_tnc_msg.h @@ -52,8 +52,10 @@ struct pa_tnc_msg_t { /** * Build the PA-TNC message + * + * @return TRUE if PA-TNC message was built successfully */ - void (*build)(pa_tnc_msg_t *this); + bool (*build)(pa_tnc_msg_t *this); /** * Process the PA-TNC message |