diff options
| -rw-r--r-- | src/libcharon/sa/ikev1/phase1.c | 11 | ||||
| -rw-r--r-- | src/libcharon/sa/ikev1/phase1.h | 6 | ||||
| -rwxr-xr-x | src/libcharon/sa/ikev1/tasks/aggressive_mode.c | 12 | ||||
| -rwxr-xr-x | src/libcharon/sa/ikev1/tasks/main_mode.c | 12 |
4 files changed, 20 insertions, 21 deletions
diff --git a/src/libcharon/sa/ikev1/phase1.c b/src/libcharon/sa/ikev1/phase1.c index ed5fbe5c9..a5fa6ea1b 100644 --- a/src/libcharon/sa/ikev1/phase1.c +++ b/src/libcharon/sa/ikev1/phase1.c @@ -173,9 +173,10 @@ static shared_key_t *lookup_shared_key(private_phase1_t *this, } METHOD(phase1_t, create_hasher, bool, - private_phase1_t *this, proposal_t *proposal) + private_phase1_t *this) { - return this->keymat->create_hasher(this->keymat, proposal); + return this->keymat->create_hasher(this->keymat, + this->ike_sa->get_proposal(this->ike_sa)); } METHOD(phase1_t, create_dh, bool, @@ -186,8 +187,7 @@ METHOD(phase1_t, create_dh, bool, } METHOD(phase1_t, derive_keys, bool, - private_phase1_t *this, peer_cfg_t *peer_cfg, auth_method_t method, - proposal_t *proposal) + private_phase1_t *this, peer_cfg_t *peer_cfg, auth_method_t method) { shared_key_t *shared_key = NULL; @@ -206,7 +206,8 @@ METHOD(phase1_t, derive_keys, bool, break; } - if (!this->keymat->derive_ike_keys(this->keymat, proposal, + if (!this->keymat->derive_ike_keys(this->keymat, + this->ike_sa->get_proposal(this->ike_sa), this->dh, this->dh_value, this->nonce_i, this->nonce_r, this->ike_sa->get_id(this->ike_sa), method, shared_key)) { diff --git a/src/libcharon/sa/ikev1/phase1.h b/src/libcharon/sa/ikev1/phase1.h index 994c85be7..91210c31f 100644 --- a/src/libcharon/sa/ikev1/phase1.h +++ b/src/libcharon/sa/ikev1/phase1.h @@ -34,10 +34,9 @@ struct phase1_t { /** * Create keymat hasher. * - * @param proposal negotiated proposal * @return TRUE if hasher created */ - bool (*create_hasher)(phase1_t *this, proposal_t *proposal); + bool (*create_hasher)(phase1_t *this); /** * Create DH object using SA keymat. @@ -52,11 +51,10 @@ struct phase1_t { * * @param peer_cfg peer config to look up shared key for, or NULL * @param method negotiated authenticated method - * @param proposal selected IKE proposal * @return TRUE if successful */ bool (*derive_keys)(phase1_t *this, peer_cfg_t *peer_cfg, - auth_method_t method, proposal_t *proposal); + auth_method_t method); /** * Verify a HASH or SIG payload in message. * diff --git a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c index b89b71b4c..9621e7099 100755 --- a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c +++ b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c @@ -360,6 +360,7 @@ METHOD(task_t, process_r, status_t, DBG1(DBG_IKE, "no proposal found"); return send_notify(this, NO_PROPOSAL_CHOSEN); } + this->ike_sa->set_proposal(this->ike_sa, this->proposal); this->method = sa_payload->get_auth_method(sa_payload); this->lifetime = sa_payload->get_lifetime(sa_payload); @@ -469,12 +470,11 @@ METHOD(task_t, build_r, status_t, { return send_notify(this, INVALID_KEY_INFORMATION); } - if (!this->ph1->create_hasher(this->ph1, this->proposal)) + if (!this->ph1->create_hasher(this->ph1)) { return send_notify(this, NO_PROPOSAL_CHOSEN); } - if (!this->ph1->derive_keys(this->ph1, this->peer_cfg, this->method, - this->proposal)) + if (!this->ph1->derive_keys(this->ph1, this->peer_cfg, this->method)) { return send_notify(this, INVALID_KEY_INFORMATION); } @@ -528,6 +528,7 @@ METHOD(task_t, process_i, status_t, DBG1(DBG_IKE, "no proposal found"); return send_notify(this, NO_PROPOSAL_CHOSEN); } + this->ike_sa->set_proposal(this->ike_sa, this->proposal); lifetime = sa_payload->get_lifetime(sa_payload); if (lifetime != this->lifetime) @@ -547,12 +548,11 @@ METHOD(task_t, process_i, status_t, { return send_notify(this, INVALID_PAYLOAD_TYPE); } - if (!this->ph1->create_hasher(this->ph1, this->proposal)) + if (!this->ph1->create_hasher(this->ph1)) { return send_notify(this, NO_PROPOSAL_CHOSEN); } - if (!this->ph1->derive_keys(this->ph1, this->peer_cfg, this->method, - this->proposal)) + if (!this->ph1->derive_keys(this->ph1, this->peer_cfg, this->method)) { return send_notify(this, INVALID_KEY_INFORMATION); } diff --git a/src/libcharon/sa/ikev1/tasks/main_mode.c b/src/libcharon/sa/ikev1/tasks/main_mode.c index c1a61cede..a7be22916 100755 --- a/src/libcharon/sa/ikev1/tasks/main_mode.c +++ b/src/libcharon/sa/ikev1/tasks/main_mode.c @@ -262,7 +262,7 @@ METHOD(task_t, build_i, status_t, { u_int16_t group; - if (!this->ph1->create_hasher(this->ph1, this->proposal)) + if (!this->ph1->create_hasher(this->ph1)) { return send_notify(this, NO_PROPOSAL_CHOSEN); } @@ -353,6 +353,7 @@ METHOD(task_t, process_r, status_t, DBG1(DBG_IKE, "no proposal found"); return send_notify(this, NO_PROPOSAL_CHOSEN); } + this->ike_sa->set_proposal(this->ike_sa, this->proposal); this->method = sa_payload->get_auth_method(sa_payload); this->lifetime = sa_payload->get_lifetime(sa_payload); @@ -364,7 +365,7 @@ METHOD(task_t, process_r, status_t, { u_int16_t group; - if (!this->ph1->create_hasher(this->ph1, this->proposal)) + if (!this->ph1->create_hasher(this->ph1)) { return send_notify(this, INVALID_KEY_INFORMATION); } @@ -454,8 +455,7 @@ METHOD(task_t, build_r, status_t, { return send_notify(this, INVALID_KEY_INFORMATION); } - if (!this->ph1->derive_keys(this->ph1, this->peer_cfg, this->method, - this->proposal)) + if (!this->ph1->derive_keys(this->ph1, this->peer_cfg, this->method)) { return send_notify(this, INVALID_KEY_INFORMATION); } @@ -540,6 +540,7 @@ METHOD(task_t, process_i, status_t, DBG1(DBG_IKE, "no proposal found"); return send_notify(this, NO_PROPOSAL_CHOSEN); } + this->ike_sa->set_proposal(this->ike_sa, this->proposal); lifetime = sa_payload->get_lifetime(sa_payload); if (lifetime != this->lifetime) @@ -563,8 +564,7 @@ METHOD(task_t, process_i, status_t, { return send_notify(this, INVALID_PAYLOAD_TYPE); } - if (!this->ph1->derive_keys(this->ph1, this->peer_cfg, - this->method, this->proposal)) + if (!this->ph1->derive_keys(this->ph1, this->peer_cfg, this->method)) { return send_notify(this, INVALID_KEY_INFORMATION); } |