diff options
| author | Adrian-Ken Rueegsegger <ken@codelabs.ch> | 2012-05-02 17:49:41 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2012-05-18 08:15:41 +0200 |
| commit | afaf1bdf5ee803f2320d2786a9b64be6deda2181 (patch) | |
| tree | 8e255486eb0c06180b17e4cfcda8c7b1422aa7be /src | |
| parent | 5338fe5e79a6a2fe90691c579b237168c6b0f252 (diff) | |
| download | strongswan-afaf1bdf5ee803f2320d2786a9b64be6deda2181.tar.bz2 strongswan-afaf1bdf5ee803f2320d2786a9b64be6deda2181.tar.xz | |
Use nonce_gen instead of rng to generate nonces
Replace usage of rng plugin with nonce generator to create nonces in
IKE_INIT, CHILD_CREATE and QUICK_MODE tasks and the IKEv1 phase 1 helper.
Diffstat (limited to 'src')
| -rw-r--r-- | src/libcharon/sa/ikev1/phase1.c | 12 | ||||
| -rwxr-xr-x | src/libcharon/sa/ikev1/tasks/quick_mode.c | 12 | ||||
| -rw-r--r-- | src/libcharon/sa/ikev2/tasks/child_create.c | 18 | ||||
| -rw-r--r-- | src/libcharon/sa/ikev2/tasks/ike_init.c | 26 |
4 files changed, 34 insertions, 34 deletions
diff --git a/src/libcharon/sa/ikev1/phase1.c b/src/libcharon/sa/ikev1/phase1.c index c29e5c783..ec55d533d 100644 --- a/src/libcharon/sa/ikev1/phase1.c +++ b/src/libcharon/sa/ikev1/phase1.c @@ -595,20 +595,20 @@ METHOD(phase1_t, add_nonce_ke, bool, { nonce_payload_t *nonce_payload; ke_payload_t *ke_payload; + nonce_gen_t *nonceg; chunk_t nonce; - rng_t *rng; ke_payload = ke_payload_create_from_diffie_hellman(KEY_EXCHANGE_V1, this->dh); message->add_payload(message, &ke_payload->payload_interface); - rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); - if (!rng) + nonceg = this->keymat->keymat.create_nonce_gen(&this->keymat->keymat); + if (!nonceg) { - DBG1(DBG_IKE, "no RNG found to create nonce"); + DBG1(DBG_IKE, "no nonce generator found to create nonce"); return FALSE; } - rng->allocate_bytes(rng, NONCE_SIZE, &nonce); - rng->destroy(rng); + nonceg->allocate_nonce(nonceg, NONCE_SIZE, &nonce); + nonceg->destroy(nonceg); nonce_payload = nonce_payload_create(NONCE_V1); nonce_payload->set_nonce(nonce_payload, nonce); diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.c b/src/libcharon/sa/ikev1/tasks/quick_mode.c index cbde6ac52..f98bfa2b6 100755 --- a/src/libcharon/sa/ikev1/tasks/quick_mode.c +++ b/src/libcharon/sa/ikev1/tasks/quick_mode.c @@ -297,16 +297,16 @@ static bool add_nonce(private_quick_mode_t *this, chunk_t *nonce, message_t *message) { nonce_payload_t *nonce_payload; - rng_t *rng; + nonce_gen_t *nonceg; - rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); - if (!rng) + nonceg = this->keymat->keymat.create_nonce_gen(&this->keymat->keymat); + if (!nonceg) { - DBG1(DBG_IKE, "no RNG found to create nonce"); + DBG1(DBG_IKE, "no nonce generator found to create nonce"); return FALSE; } - rng->allocate_bytes(rng, NONCE_SIZE, nonce); - rng->destroy(rng); + nonceg->allocate_nonce(nonceg, NONCE_SIZE, nonce); + nonceg->destroy(nonceg); nonce_payload = nonce_payload_create(NONCE_V1); nonce_payload->set_nonce(nonce_payload, *nonce); diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c index eeb92099b..ad7324d6f 100644 --- a/src/libcharon/sa/ikev2/tasks/child_create.c +++ b/src/libcharon/sa/ikev2/tasks/child_create.c @@ -192,18 +192,18 @@ static status_t get_nonce(message_t *message, chunk_t *nonce) /** * generate a new nonce to include in a CREATE_CHILD_SA message */ -static status_t generate_nonce(chunk_t *nonce) +static status_t generate_nonce(private_child_create_t *this) { - rng_t *rng; + nonce_gen_t *nonceg; - rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); - if (!rng) + nonceg = this->keymat->keymat.create_nonce_gen(&this->keymat->keymat); + if (!nonceg) { - DBG1(DBG_IKE, "error generating nonce value, no RNG found"); + DBG1(DBG_IKE, "no nonce generator found to create nonce"); return FAILED; } - rng->allocate_bytes(rng, NONCE_SIZE, nonce); - rng->destroy(rng); + nonceg->allocate_nonce(nonceg, NONCE_SIZE, &this->my_nonce); + nonceg->destroy(nonceg); return SUCCESS; } @@ -720,7 +720,7 @@ METHOD(task_t, build_i, status_t, case IKE_SA_INIT: return get_nonce(message, &this->my_nonce); case CREATE_CHILD_SA: - if (generate_nonce(&this->my_nonce) != SUCCESS) + if (generate_nonce(this) != SUCCESS) { message->add_notify(message, FALSE, NO_PROPOSAL_CHOSEN, chunk_empty); return SUCCESS; @@ -909,7 +909,7 @@ METHOD(task_t, build_r, status_t, case IKE_SA_INIT: return get_nonce(message, &this->my_nonce); case CREATE_CHILD_SA: - if (generate_nonce(&this->my_nonce) != SUCCESS) + if (generate_nonce(this) != SUCCESS) { message->add_notify(message, FALSE, NO_PROPOSAL_CHOSEN, chunk_empty); diff --git a/src/libcharon/sa/ikev2/tasks/ike_init.c b/src/libcharon/sa/ikev2/tasks/ike_init.c index 3fbbcfd2a..bd1846e29 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_init.c +++ b/src/libcharon/sa/ikev2/tasks/ike_init.c @@ -225,8 +225,6 @@ static void process_payloads(private_ike_init_t *this, message_t *message) METHOD(task_t, build_i, status_t, private_ike_init_t *this, message_t *message) { - rng_t *rng; - this->config = this->ike_sa->get_ike_cfg(this->ike_sa); DBG0(DBG_IKE, "initiating IKE_SA %s[%d] to %H", this->ike_sa->get_name(this->ike_sa), @@ -257,14 +255,16 @@ METHOD(task_t, build_i, status_t, /* generate nonce only when we are trying the first time */ if (this->my_nonce.ptr == NULL) { - rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); - if (!rng) + nonce_gen_t *nonceg; + + nonceg = this->keymat->keymat.create_nonce_gen(&this->keymat->keymat); + if (!nonceg) { - DBG1(DBG_IKE, "error generating nonce"); + DBG1(DBG_IKE, "no nonce generator found to create nonce"); return FAILED; } - rng->allocate_bytes(rng, NONCE_SIZE, &this->my_nonce); - rng->destroy(rng); + nonceg->allocate_nonce(nonceg, NONCE_SIZE, &this->my_nonce); + nonceg->destroy(nonceg); } if (this->cookie.ptr) @@ -290,20 +290,20 @@ METHOD(task_t, build_i, status_t, METHOD(task_t, process_r, status_t, private_ike_init_t *this, message_t *message) { - rng_t *rng; + nonce_gen_t *nonceg; this->config = this->ike_sa->get_ike_cfg(this->ike_sa); DBG0(DBG_IKE, "%H is initiating an IKE_SA", message->get_source(message)); this->ike_sa->set_state(this->ike_sa, IKE_CONNECTING); - rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); - if (!rng) + nonceg = this->keymat->keymat.create_nonce_gen(&this->keymat->keymat); + if (!nonceg) { - DBG1(DBG_IKE, "error generating nonce"); + DBG1(DBG_IKE, "no nonce generator found to create nonce"); return FAILED; } - rng->allocate_bytes(rng, NONCE_SIZE, &this->my_nonce); - rng->destroy(rng); + nonceg->allocate_nonce(nonceg, NONCE_SIZE, &this->my_nonce); + nonceg->destroy(nonceg); #ifdef ME { |