Set selected proposal on IKEv1 SA, don't pass it separately to Phase 1 helper
This commit is contained in:
parent
6bc6f67b0f
commit
3624b09e21
|
@ -173,9 +173,10 @@ static shared_key_t *lookup_shared_key(private_phase1_t *this,
|
|||
}
|
||||
|
||||
METHOD(phase1_t, create_hasher, bool,
|
||||
private_phase1_t *this, proposal_t *proposal)
|
||||
private_phase1_t *this)
|
||||
{
|
||||
return this->keymat->create_hasher(this->keymat, proposal);
|
||||
return this->keymat->create_hasher(this->keymat,
|
||||
this->ike_sa->get_proposal(this->ike_sa));
|
||||
}
|
||||
|
||||
METHOD(phase1_t, create_dh, bool,
|
||||
|
@ -186,8 +187,7 @@ METHOD(phase1_t, create_dh, bool,
|
|||
}
|
||||
|
||||
METHOD(phase1_t, derive_keys, bool,
|
||||
private_phase1_t *this, peer_cfg_t *peer_cfg, auth_method_t method,
|
||||
proposal_t *proposal)
|
||||
private_phase1_t *this, peer_cfg_t *peer_cfg, auth_method_t method)
|
||||
{
|
||||
shared_key_t *shared_key = NULL;
|
||||
|
||||
|
@ -206,7 +206,8 @@ METHOD(phase1_t, derive_keys, bool,
|
|||
break;
|
||||
}
|
||||
|
||||
if (!this->keymat->derive_ike_keys(this->keymat, proposal,
|
||||
if (!this->keymat->derive_ike_keys(this->keymat,
|
||||
this->ike_sa->get_proposal(this->ike_sa),
|
||||
this->dh, this->dh_value, this->nonce_i, this->nonce_r,
|
||||
this->ike_sa->get_id(this->ike_sa), method, shared_key))
|
||||
{
|
||||
|
|
|
@ -34,10 +34,9 @@ struct phase1_t {
|
|||
/**
|
||||
* Create keymat hasher.
|
||||
*
|
||||
* @param proposal negotiated proposal
|
||||
* @return TRUE if hasher created
|
||||
*/
|
||||
bool (*create_hasher)(phase1_t *this, proposal_t *proposal);
|
||||
bool (*create_hasher)(phase1_t *this);
|
||||
|
||||
/**
|
||||
* Create DH object using SA keymat.
|
||||
|
@ -52,11 +51,10 @@ struct phase1_t {
|
|||
*
|
||||
* @param peer_cfg peer config to look up shared key for, or NULL
|
||||
* @param method negotiated authenticated method
|
||||
* @param proposal selected IKE proposal
|
||||
* @return TRUE if successful
|
||||
*/
|
||||
bool (*derive_keys)(phase1_t *this, peer_cfg_t *peer_cfg,
|
||||
auth_method_t method, proposal_t *proposal);
|
||||
auth_method_t method);
|
||||
/**
|
||||
* Verify a HASH or SIG payload in message.
|
||||
*
|
||||
|
|
|
@ -360,6 +360,7 @@ METHOD(task_t, process_r, status_t,
|
|||
DBG1(DBG_IKE, "no proposal found");
|
||||
return send_notify(this, NO_PROPOSAL_CHOSEN);
|
||||
}
|
||||
this->ike_sa->set_proposal(this->ike_sa, this->proposal);
|
||||
|
||||
this->method = sa_payload->get_auth_method(sa_payload);
|
||||
this->lifetime = sa_payload->get_lifetime(sa_payload);
|
||||
|
@ -469,12 +470,11 @@ METHOD(task_t, build_r, status_t,
|
|||
{
|
||||
return send_notify(this, INVALID_KEY_INFORMATION);
|
||||
}
|
||||
if (!this->ph1->create_hasher(this->ph1, this->proposal))
|
||||
if (!this->ph1->create_hasher(this->ph1))
|
||||
{
|
||||
return send_notify(this, NO_PROPOSAL_CHOSEN);
|
||||
}
|
||||
if (!this->ph1->derive_keys(this->ph1, this->peer_cfg, this->method,
|
||||
this->proposal))
|
||||
if (!this->ph1->derive_keys(this->ph1, this->peer_cfg, this->method))
|
||||
{
|
||||
return send_notify(this, INVALID_KEY_INFORMATION);
|
||||
}
|
||||
|
@ -528,6 +528,7 @@ METHOD(task_t, process_i, status_t,
|
|||
DBG1(DBG_IKE, "no proposal found");
|
||||
return send_notify(this, NO_PROPOSAL_CHOSEN);
|
||||
}
|
||||
this->ike_sa->set_proposal(this->ike_sa, this->proposal);
|
||||
|
||||
lifetime = sa_payload->get_lifetime(sa_payload);
|
||||
if (lifetime != this->lifetime)
|
||||
|
@ -547,12 +548,11 @@ METHOD(task_t, process_i, status_t,
|
|||
{
|
||||
return send_notify(this, INVALID_PAYLOAD_TYPE);
|
||||
}
|
||||
if (!this->ph1->create_hasher(this->ph1, this->proposal))
|
||||
if (!this->ph1->create_hasher(this->ph1))
|
||||
{
|
||||
return send_notify(this, NO_PROPOSAL_CHOSEN);
|
||||
}
|
||||
if (!this->ph1->derive_keys(this->ph1, this->peer_cfg, this->method,
|
||||
this->proposal))
|
||||
if (!this->ph1->derive_keys(this->ph1, this->peer_cfg, this->method))
|
||||
{
|
||||
return send_notify(this, INVALID_KEY_INFORMATION);
|
||||
}
|
||||
|
|
|
@ -262,7 +262,7 @@ METHOD(task_t, build_i, status_t,
|
|||
{
|
||||
u_int16_t group;
|
||||
|
||||
if (!this->ph1->create_hasher(this->ph1, this->proposal))
|
||||
if (!this->ph1->create_hasher(this->ph1))
|
||||
{
|
||||
return send_notify(this, NO_PROPOSAL_CHOSEN);
|
||||
}
|
||||
|
@ -353,6 +353,7 @@ METHOD(task_t, process_r, status_t,
|
|||
DBG1(DBG_IKE, "no proposal found");
|
||||
return send_notify(this, NO_PROPOSAL_CHOSEN);
|
||||
}
|
||||
this->ike_sa->set_proposal(this->ike_sa, this->proposal);
|
||||
|
||||
this->method = sa_payload->get_auth_method(sa_payload);
|
||||
this->lifetime = sa_payload->get_lifetime(sa_payload);
|
||||
|
@ -364,7 +365,7 @@ METHOD(task_t, process_r, status_t,
|
|||
{
|
||||
u_int16_t group;
|
||||
|
||||
if (!this->ph1->create_hasher(this->ph1, this->proposal))
|
||||
if (!this->ph1->create_hasher(this->ph1))
|
||||
{
|
||||
return send_notify(this, INVALID_KEY_INFORMATION);
|
||||
}
|
||||
|
@ -454,8 +455,7 @@ METHOD(task_t, build_r, status_t,
|
|||
{
|
||||
return send_notify(this, INVALID_KEY_INFORMATION);
|
||||
}
|
||||
if (!this->ph1->derive_keys(this->ph1, this->peer_cfg, this->method,
|
||||
this->proposal))
|
||||
if (!this->ph1->derive_keys(this->ph1, this->peer_cfg, this->method))
|
||||
{
|
||||
return send_notify(this, INVALID_KEY_INFORMATION);
|
||||
}
|
||||
|
@ -540,6 +540,7 @@ METHOD(task_t, process_i, status_t,
|
|||
DBG1(DBG_IKE, "no proposal found");
|
||||
return send_notify(this, NO_PROPOSAL_CHOSEN);
|
||||
}
|
||||
this->ike_sa->set_proposal(this->ike_sa, this->proposal);
|
||||
|
||||
lifetime = sa_payload->get_lifetime(sa_payload);
|
||||
if (lifetime != this->lifetime)
|
||||
|
@ -563,8 +564,7 @@ METHOD(task_t, process_i, status_t,
|
|||
{
|
||||
return send_notify(this, INVALID_PAYLOAD_TYPE);
|
||||
}
|
||||
if (!this->ph1->derive_keys(this->ph1, this->peer_cfg,
|
||||
this->method, this->proposal))
|
||||
if (!this->ph1->derive_keys(this->ph1, this->peer_cfg, this->method))
|
||||
{
|
||||
return send_notify(this, INVALID_KEY_INFORMATION);
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue