- fixed gmp initialization bugs
- fixed spi check bug in ike_sa_init_requested
This commit is contained in:
parent
dab28cedbd
commit
79b8aa1985
|
@ -398,11 +398,6 @@ static void compute_secrets(private_ike_sa_t *this,chunk_t dh_shared_secret,chun
|
||||||
chunk_t prf_plus_seed;
|
chunk_t prf_plus_seed;
|
||||||
prf_plus_t *prf_plus;
|
prf_plus_t *prf_plus;
|
||||||
|
|
||||||
|
|
||||||
/**
|
|
||||||
* TODO check length fo specific prfs
|
|
||||||
*/
|
|
||||||
|
|
||||||
/* first is initiator */
|
/* first is initiator */
|
||||||
memcpy(concatenated_nonces.ptr,initiator_nonce.ptr,initiator_nonce.len);
|
memcpy(concatenated_nonces.ptr,initiator_nonce.ptr,initiator_nonce.len);
|
||||||
/* second is responder */
|
/* second is responder */
|
||||||
|
|
|
@ -46,7 +46,12 @@ typedef struct ike_sa_t ike_sa_t;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief Class ike_sa_t. An object of this type is managed by an
|
* @brief Class ike_sa_t. An object of this type is managed by an
|
||||||
* ike_sa_manager_t object and represents an IKE_SA.
|
* ike_sa_manager_t object and represents an IKE_SA. Message processing
|
||||||
|
* is split up in different states. They will handle all related things
|
||||||
|
* for their state.
|
||||||
|
*
|
||||||
|
* @b Constructors:
|
||||||
|
* - ike_sa_create()
|
||||||
*
|
*
|
||||||
* @ingroup sa
|
* @ingroup sa
|
||||||
*/
|
*/
|
||||||
|
@ -66,7 +71,10 @@ struct ike_sa_t {
|
||||||
*
|
*
|
||||||
* @param this calling object
|
* @param this calling object
|
||||||
* @param name name of the configuration
|
* @param name name of the configuration
|
||||||
* @return TODO
|
* @return
|
||||||
|
* - SUCCESS if initialization started
|
||||||
|
* - FAILED if in wrong state
|
||||||
|
* - DELETE_ME if initialization faild and SA should be deleted
|
||||||
*/
|
*/
|
||||||
status_t (*initialize_connection) (ike_sa_t *this, char *name);
|
status_t (*initialize_connection) (ike_sa_t *this, char *name);
|
||||||
|
|
||||||
|
@ -105,10 +113,9 @@ struct ike_sa_t {
|
||||||
void (*destroy) (ike_sa_t *this);
|
void (*destroy) (ike_sa_t *this);
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
typedef struct protected_ike_sa_t protected_ike_sa_t;
|
typedef struct protected_ike_sa_t protected_ike_sa_t;
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief Protected data of an ike_sa_t object.
|
* @brief Protected data of an ike_sa_t object.
|
||||||
*
|
*
|
||||||
|
@ -356,7 +363,6 @@ struct protected_ike_sa_t {
|
||||||
*/
|
*/
|
||||||
message_t *(*get_last_requested_message) (protected_ike_sa_t *this);
|
message_t *(*get_last_requested_message) (protected_ike_sa_t *this);
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Gets the Shared key SK_pr.
|
* Gets the Shared key SK_pr.
|
||||||
*
|
*
|
||||||
|
@ -407,7 +413,7 @@ struct protected_ike_sa_t {
|
||||||
* @warning the Content of internal ike_sa_id_t object can change over time
|
* @warning the Content of internal ike_sa_id_t object can change over time
|
||||||
* e.g. when a IKE_SA_INIT has been finished.
|
* e.g. when a IKE_SA_INIT has been finished.
|
||||||
*
|
*
|
||||||
* @return created ike_sa_t object
|
* @return ike_sa_t object
|
||||||
*
|
*
|
||||||
* @ingroup sa
|
* @ingroup sa
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -37,7 +37,10 @@ typedef struct ike_sa_manager_t ike_sa_manager_t;
|
||||||
* The manager also handles deletion of SAs.
|
* The manager also handles deletion of SAs.
|
||||||
*
|
*
|
||||||
* @todo checking of double-checkouts from the same threads would be nice.
|
* @todo checking of double-checkouts from the same threads would be nice.
|
||||||
* This could be by comparing thread-ids via pthread_self()...
|
* This could be done by comparing thread-ids via pthread_self()...
|
||||||
|
*
|
||||||
|
* @b Constructors:
|
||||||
|
* - ike_sa_manager_create()
|
||||||
*
|
*
|
||||||
* @ingroup sa
|
* @ingroup sa
|
||||||
*/
|
*/
|
||||||
|
@ -129,7 +132,7 @@ struct ike_sa_manager_t {
|
||||||
/**
|
/**
|
||||||
* @brief Create a manager
|
* @brief Create a manager
|
||||||
*
|
*
|
||||||
* @returns the created manager
|
* @returns ike_sa_manager_t object
|
||||||
*
|
*
|
||||||
* @ingroup sa
|
* @ingroup sa
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -238,13 +238,14 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t
|
||||||
return status;
|
return status;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* because I am original initiator i have to update the responder SPI to the new one */
|
||||||
|
responder_spi = ike_sa_init_reply->get_responder_spi(ike_sa_init_reply);
|
||||||
|
|
||||||
if (responder_spi == 0)
|
if (responder_spi == 0)
|
||||||
{
|
{
|
||||||
this->logger->log(this->logger, ERROR | MORE, "Responder SPI still zero");
|
this->logger->log(this->logger, ERROR | MORE, "Responder SPI still zero");
|
||||||
return FAILED;
|
return FAILED;
|
||||||
}
|
}
|
||||||
/* because I am original initiator i have to update the responder SPI to the new one */
|
|
||||||
responder_spi = ike_sa_init_reply->get_responder_spi(ike_sa_init_reply);
|
|
||||||
ike_sa_id = this->ike_sa->public.get_id(&(this->ike_sa->public));
|
ike_sa_id = this->ike_sa->public.get_id(&(this->ike_sa->public));
|
||||||
ike_sa_id->set_responder_spi(ike_sa_id,responder_spi);
|
ike_sa_id->set_responder_spi(ike_sa_id,responder_spi);
|
||||||
|
|
||||||
|
|
|
@ -538,11 +538,11 @@ static void destroy(private_diffie_hellman_t *this)
|
||||||
mpz_clear(this->modulus);
|
mpz_clear(this->modulus);
|
||||||
mpz_clear(this->my_prime);
|
mpz_clear(this->my_prime);
|
||||||
mpz_clear(this->my_public_value);
|
mpz_clear(this->my_public_value);
|
||||||
|
mpz_clear(this->other_public_value);
|
||||||
|
|
||||||
if (this->shared_secret_is_computed)
|
if (this->shared_secret_is_computed)
|
||||||
{
|
{
|
||||||
/* other public value gets initialized together with shared secret */
|
/* other public value gets initialized together with shared secret */
|
||||||
mpz_clear(this->other_public_value);
|
|
||||||
mpz_clear(this->shared_secret);
|
mpz_clear(this->shared_secret);
|
||||||
}
|
}
|
||||||
allocator_free(this);
|
allocator_free(this);
|
||||||
|
@ -569,6 +569,8 @@ diffie_hellman_t *diffie_hellman_create(diffie_hellman_group_t dh_group_number)
|
||||||
|
|
||||||
/* private variables */
|
/* private variables */
|
||||||
this->dh_group_number = dh_group_number;
|
this->dh_group_number = dh_group_number;
|
||||||
|
mpz_init(this->modulus);
|
||||||
|
mpz_init(this->other_public_value);
|
||||||
|
|
||||||
/* set this->modulus */
|
/* set this->modulus */
|
||||||
if (this->set_modulus(this) != SUCCESS)
|
if (this->set_modulus(this) != SUCCESS)
|
||||||
|
|
|
@ -279,6 +279,15 @@ static status_t set_key(private_rsa_private_key_t *this, chunk_t key)
|
||||||
exp2.ptr = key.ptr + this->k * 6;
|
exp2.ptr = key.ptr + this->k * 6;
|
||||||
coeff.ptr = key.ptr + this->k * 7;
|
coeff.ptr = key.ptr + this->k * 7;
|
||||||
|
|
||||||
|
mpz_init(this->n);
|
||||||
|
mpz_init(this->e);
|
||||||
|
mpz_init(this->p);
|
||||||
|
mpz_init(this->q);
|
||||||
|
mpz_init(this->d);
|
||||||
|
mpz_init(this->exp1);
|
||||||
|
mpz_init(this->exp2);
|
||||||
|
mpz_init(this->coeff);
|
||||||
|
|
||||||
mpz_import(this->n, this->k, 1, 1, 1, 0, n.ptr);
|
mpz_import(this->n, this->k, 1, 1, 1, 0, n.ptr);
|
||||||
mpz_import(this->e, this->k, 1, 1, 1, 0, e.ptr);
|
mpz_import(this->e, this->k, 1, 1, 1, 0, e.ptr);
|
||||||
mpz_import(this->p, this->k, 1, 1, 1, 0, p.ptr);
|
mpz_import(this->p, this->k, 1, 1, 1, 0, p.ptr);
|
||||||
|
|
|
@ -285,6 +285,9 @@ static status_t set_key(private_rsa_public_key_t *this, chunk_t key)
|
||||||
e.len = n.len;
|
e.len = n.len;
|
||||||
e.ptr = key.ptr + n.len;
|
e.ptr = key.ptr + n.len;
|
||||||
|
|
||||||
|
mpz_init(this->n);
|
||||||
|
mpz_init(this->e);
|
||||||
|
|
||||||
mpz_import(this->n, n.len, 1, 1, 1, 0, n.ptr);
|
mpz_import(this->n, n.len, 1, 1, 1, 0, n.ptr);
|
||||||
mpz_import(this->e, n.len, 1, 1, 1, 0, e.ptr);
|
mpz_import(this->e, n.len, 1, 1, 1, 0, e.ptr);
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue