ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

Set selected proposal on IKEv1 SA, don't pass it separately to Phase 1 helper

This commit is contained in:
Martin Willi 2012-01-18 17:42:06 +01:00
parent 6bc6f67b0f
commit 3624b09e21
4 changed files with 20 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/libcharon/sa/ikev1/phase1.c
View File

@ -173,9 +173,10 @@ static shared_key_t *lookup_shared_key(private_phase1_t *this,
}
METHOD(phase1_t, create_hasher, bool,
private_phase1_t *this, proposal_t *proposal)
private_phase1_t *this)
{
return this->keymat->create_hasher(this->keymat, proposal);
return this->keymat->create_hasher(this->keymat,
this->ike_sa->get_proposal(this->ike_sa));
}
METHOD(phase1_t, create_dh, bool,
@ -186,8 +187,7 @@ METHOD(phase1_t, create_dh, bool,
}
METHOD(phase1_t, derive_keys, bool,
private_phase1_t *this, peer_cfg_t *peer_cfg, auth_method_t method,
proposal_t *proposal)
private_phase1_t *this, peer_cfg_t *peer_cfg, auth_method_t method)
{
shared_key_t *shared_key = NULL;
@ -206,7 +206,8 @@ METHOD(phase1_t, derive_keys, bool,
break;
}
if (!this->keymat->derive_ike_keys(this->keymat, proposal,
if (!this->keymat->derive_ike_keys(this->keymat,
this->ike_sa->get_proposal(this->ike_sa),
this->dh, this->dh_value, this->nonce_i, this->nonce_r,
this->ike_sa->get_id(this->ike_sa), method, shared_key))
{

6
src/libcharon/sa/ikev1/phase1.h
View File

@ -34,10 +34,9 @@ struct phase1_t {
/**
* Create keymat hasher.
*
* @param proposal negotiated proposal
* @return TRUE if hasher created
*/
bool (*create_hasher)(phase1_t *this, proposal_t *proposal);
bool (*create_hasher)(phase1_t *this);
/**
* Create DH object using SA keymat.
@ -52,11 +51,10 @@ struct phase1_t {
*
* @param peer_cfg peer config to look up shared key for, or NULL
* @param method negotiated authenticated method
* @param proposal selected IKE proposal
* @return TRUE if successful
*/
bool (*derive_keys)(phase1_t *this, peer_cfg_t *peer_cfg,
auth_method_t method, proposal_t *proposal);
auth_method_t method);
/**
* Verify a HASH or SIG payload in message.
*

12
src/libcharon/sa/ikev1/tasks/aggressive_mode.c
View File

@ -360,6 +360,7 @@ METHOD(task_t, process_r, status_t,
DBG1(DBG_IKE, "no proposal found");
return send_notify(this, NO_PROPOSAL_CHOSEN);
}
this->ike_sa->set_proposal(this->ike_sa, this->proposal);
this->method = sa_payload->get_auth_method(sa_payload);
this->lifetime = sa_payload->get_lifetime(sa_payload);
@ -469,12 +470,11 @@ METHOD(task_t, build_r, status_t,
{
return send_notify(this, INVALID_KEY_INFORMATION);
}
if (!this->ph1->create_hasher(this->ph1, this->proposal))
if (!this->ph1->create_hasher(this->ph1))
{
return send_notify(this, NO_PROPOSAL_CHOSEN);
}
if (!this->ph1->derive_keys(this->ph1, this->peer_cfg, this->method,
this->proposal))
if (!this->ph1->derive_keys(this->ph1, this->peer_cfg, this->method))
{
return send_notify(this, INVALID_KEY_INFORMATION);
}
@ -528,6 +528,7 @@ METHOD(task_t, process_i, status_t,
DBG1(DBG_IKE, "no proposal found");
return send_notify(this, NO_PROPOSAL_CHOSEN);
}
this->ike_sa->set_proposal(this->ike_sa, this->proposal);
lifetime = sa_payload->get_lifetime(sa_payload);
if (lifetime != this->lifetime)
@ -547,12 +548,11 @@ METHOD(task_t, process_i, status_t,
{
return send_notify(this, INVALID_PAYLOAD_TYPE);
}
if (!this->ph1->create_hasher(this->ph1, this->proposal))
if (!this->ph1->create_hasher(this->ph1))
{
return send_notify(this, NO_PROPOSAL_CHOSEN);
}
if (!this->ph1->derive_keys(this->ph1, this->peer_cfg, this->method,
this->proposal))
if (!this->ph1->derive_keys(this->ph1, this->peer_cfg, this->method))
{
return send_notify(this, INVALID_KEY_INFORMATION);
}

12
src/libcharon/sa/ikev1/tasks/main_mode.c
View File

@ -262,7 +262,7 @@ METHOD(task_t, build_i, status_t,
{
u_int16_t group;
if (!this->ph1->create_hasher(this->ph1, this->proposal))
if (!this->ph1->create_hasher(this->ph1))
{
return send_notify(this, NO_PROPOSAL_CHOSEN);
}
@ -353,6 +353,7 @@ METHOD(task_t, process_r, status_t,
DBG1(DBG_IKE, "no proposal found");
return send_notify(this, NO_PROPOSAL_CHOSEN);
}
this->ike_sa->set_proposal(this->ike_sa, this->proposal);
this->method = sa_payload->get_auth_method(sa_payload);
this->lifetime = sa_payload->get_lifetime(sa_payload);
@ -364,7 +365,7 @@ METHOD(task_t, process_r, status_t,
{
u_int16_t group;
if (!this->ph1->create_hasher(this->ph1, this->proposal))
if (!this->ph1->create_hasher(this->ph1))
{
return send_notify(this, INVALID_KEY_INFORMATION);
}
@ -454,8 +455,7 @@ METHOD(task_t, build_r, status_t,
{
return send_notify(this, INVALID_KEY_INFORMATION);
}
if (!this->ph1->derive_keys(this->ph1, this->peer_cfg, this->method,
this->proposal))
if (!this->ph1->derive_keys(this->ph1, this->peer_cfg, this->method))
{
return send_notify(this, INVALID_KEY_INFORMATION);
}
@ -540,6 +540,7 @@ METHOD(task_t, process_i, status_t,
DBG1(DBG_IKE, "no proposal found");
return send_notify(this, NO_PROPOSAL_CHOSEN);
}
this->ike_sa->set_proposal(this->ike_sa, this->proposal);
lifetime = sa_payload->get_lifetime(sa_payload);
if (lifetime != this->lifetime)
@ -563,8 +564,7 @@ METHOD(task_t, process_i, status_t,
{
return send_notify(this, INVALID_PAYLOAD_TYPE);
}
if (!this->ph1->derive_keys(this->ph1, this->peer_cfg,
this->method, this->proposal))
if (!this->ph1->derive_keys(this->ph1, this->peer_cfg, this->method))
{
return send_notify(this, INVALID_KEY_INFORMATION);
}