- fixed gmp initialization bugs
- fixed spi check bug in ike_sa_init_requested
This commit is contained in:
Martin Willi
parent
dab28cedbd
commit
79b8aa1985
|
|
@ -398,11 +398,6 @@ static void compute_secrets(private_ike_sa_t *this,chunk_t dh_shared_secret,chun
|
|||
chunk_t prf_plus_seed;
|
||||
prf_plus_t *prf_plus;
|
||||
|
||||
|
||||
/**
|
||||
* TODO check length fo specific prfs
|
||||
*/
|
||||
|
||||
/* first is initiator */
|
||||
memcpy(concatenated_nonces.ptr,initiator_nonce.ptr,initiator_nonce.len);
|
||||
/* second is responder */
|
||||
|
|
|
|||
|
|
@ -46,7 +46,12 @@ typedef struct ike_sa_t ike_sa_t;
|
|||
|
||||
/**
|
||||
* @brief Class ike_sa_t. An object of this type is managed by an
|
||||
* ike_sa_manager_t object and represents an IKE_SA.
|
||||
* ike_sa_manager_t object and represents an IKE_SA. Message processing
|
||||
* is split up in different states. They will handle all related things
|
||||
* for their state.
|
||||
*
|
||||
* @b Constructors:
|
||||
* - ike_sa_create()
|
||||
*
|
||||
* @ingroup sa
|
||||
*/
|
||||
|
|
@ -66,7 +71,10 @@ struct ike_sa_t {
|
|||
*
|
||||
* @param this calling object
|
||||
* @param name name of the configuration
|
||||
* @return TODO
|
||||
* @return
|
||||
* - SUCCESS if initialization started
|
||||
* - FAILED if in wrong state
|
||||
* - DELETE_ME if initialization faild and SA should be deleted
|
||||
*/
|
||||
status_t (*initialize_connection) (ike_sa_t *this, char *name);
|
||||
|
||||
|
|
@ -105,10 +113,9 @@ struct ike_sa_t {
|
|||
void (*destroy) (ike_sa_t *this);
|
||||
};
|
||||
|
||||
|
||||
typedef struct protected_ike_sa_t protected_ike_sa_t;
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* @brief Protected data of an ike_sa_t object.
|
||||
*
|
||||
|
|
@ -356,7 +363,6 @@ struct protected_ike_sa_t {
|
|||
*/
|
||||
message_t *(*get_last_requested_message) (protected_ike_sa_t *this);
|
||||
|
||||
|
||||
/**
|
||||
* Gets the Shared key SK_pr.
|
||||
*
|
||||
|
|
@ -407,7 +413,7 @@ struct protected_ike_sa_t {
|
|||
* @warning the Content of internal ike_sa_id_t object can change over time
|
||||
* e.g. when a IKE_SA_INIT has been finished.
|
||||
*
|
||||
* @return created ike_sa_t object
|
||||
* @return ike_sa_t object
|
||||
*
|
||||
* @ingroup sa
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -37,7 +37,10 @@ typedef struct ike_sa_manager_t ike_sa_manager_t;
|
|||
* The manager also handles deletion of SAs.
|
||||
*
|
||||
* @todo checking of double-checkouts from the same threads would be nice.
|
||||
* This could be by comparing thread-ids via pthread_self()...
|
||||
* This could be done by comparing thread-ids via pthread_self()...
|
||||
*
|
||||
* @b Constructors:
|
||||
* - ike_sa_manager_create()
|
||||
*
|
||||
* @ingroup sa
|
||||
*/
|
||||
|
|
@ -129,7 +132,7 @@ struct ike_sa_manager_t {
|
|||
/**
|
||||
* @brief Create a manager
|
||||
*
|
||||
* @returns the created manager
|
||||
* @returns ike_sa_manager_t object
|
||||
*
|
||||
* @ingroup sa
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -238,13 +238,14 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t
|
|||
return status;
|
||||
}
|
||||
|
||||
/* because I am original initiator i have to update the responder SPI to the new one */
|
||||
responder_spi = ike_sa_init_reply->get_responder_spi(ike_sa_init_reply);
|
||||
|
||||
if (responder_spi == 0)
|
||||
{
|
||||
this->logger->log(this->logger, ERROR | MORE, "Responder SPI still zero");
|
||||
return FAILED;
|
||||
}
|
||||
/* because I am original initiator i have to update the responder SPI to the new one */
|
||||
responder_spi = ike_sa_init_reply->get_responder_spi(ike_sa_init_reply);
|
||||
ike_sa_id = this->ike_sa->public.get_id(&(this->ike_sa->public));
|
||||
ike_sa_id->set_responder_spi(ike_sa_id,responder_spi);
|
||||
|
||||
|
|
|
|||
|
|
@ -538,11 +538,11 @@ static void destroy(private_diffie_hellman_t *this)
|
|||
mpz_clear(this->modulus);
|
||||
mpz_clear(this->my_prime);
|
||||
mpz_clear(this->my_public_value);
|
||||
mpz_clear(this->other_public_value);
|
||||
|
||||
if (this->shared_secret_is_computed)
|
||||
{
|
||||
/* other public value gets initialized together with shared secret */
|
||||
mpz_clear(this->other_public_value);
|
||||
mpz_clear(this->shared_secret);
|
||||
}
|
||||
allocator_free(this);
|
||||
|
|
@ -569,6 +569,8 @@ diffie_hellman_t *diffie_hellman_create(diffie_hellman_group_t dh_group_number)
|
|||
|
||||
/* private variables */
|
||||
this->dh_group_number = dh_group_number;
|
||||
mpz_init(this->modulus);
|
||||
mpz_init(this->other_public_value);
|
||||
|
||||
/* set this->modulus */
|
||||
if (this->set_modulus(this) != SUCCESS)
|
||||
|
|
|
|||
|
|
@ -279,6 +279,15 @@ static status_t set_key(private_rsa_private_key_t *this, chunk_t key)
|
|||
exp2.ptr = key.ptr + this->k * 6;
|
||||
coeff.ptr = key.ptr + this->k * 7;
|
||||
|
||||
mpz_init(this->n);
|
||||
mpz_init(this->e);
|
||||
mpz_init(this->p);
|
||||
mpz_init(this->q);
|
||||
mpz_init(this->d);
|
||||
mpz_init(this->exp1);
|
||||
mpz_init(this->exp2);
|
||||
mpz_init(this->coeff);
|
||||
|
||||
mpz_import(this->n, this->k, 1, 1, 1, 0, n.ptr);
|
||||
mpz_import(this->e, this->k, 1, 1, 1, 0, e.ptr);
|
||||
mpz_import(this->p, this->k, 1, 1, 1, 0, p.ptr);
|
||||
|
|
|
|||
|
|
@ -285,6 +285,9 @@ static status_t set_key(private_rsa_public_key_t *this, chunk_t key)
|
|||
e.len = n.len;
|
||||
e.ptr = key.ptr + n.len;
|
||||
|
||||
mpz_init(this->n);
|
||||
mpz_init(this->e);
|
||||
|
||||
mpz_import(this->n, n.len, 1, 1, 1, 0, n.ptr);
|
||||
mpz_import(this->e, n.len, 1, 1, 1, 0, e.ptr);
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue