Use nonce_gen instead of rng to generate nonces
Replace usage of rng plugin with nonce generator to create nonces in IKE_INIT, CHILD_CREATE and QUICK_MODE tasks and the IKEv1 phase 1 helper.
This commit is contained in:
parent
5338fe5e79
commit
afaf1bdf5e
|
@ -595,20 +595,20 @@ METHOD(phase1_t, add_nonce_ke, bool,
|
|||
{
|
||||
nonce_payload_t *nonce_payload;
|
||||
ke_payload_t *ke_payload;
|
||||
nonce_gen_t *nonceg;
|
||||
chunk_t nonce;
|
||||
rng_t *rng;
|
||||
|
||||
ke_payload = ke_payload_create_from_diffie_hellman(KEY_EXCHANGE_V1, this->dh);
|
||||
message->add_payload(message, &ke_payload->payload_interface);
|
||||
|
||||
rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
|
||||
if (!rng)
|
||||
nonceg = this->keymat->keymat.create_nonce_gen(&this->keymat->keymat);
|
||||
if (!nonceg)
|
||||
{
|
||||
DBG1(DBG_IKE, "no RNG found to create nonce");
|
||||
DBG1(DBG_IKE, "no nonce generator found to create nonce");
|
||||
return FALSE;
|
||||
}
|
||||
rng->allocate_bytes(rng, NONCE_SIZE, &nonce);
|
||||
rng->destroy(rng);
|
||||
nonceg->allocate_nonce(nonceg, NONCE_SIZE, &nonce);
|
||||
nonceg->destroy(nonceg);
|
||||
|
||||
nonce_payload = nonce_payload_create(NONCE_V1);
|
||||
nonce_payload->set_nonce(nonce_payload, nonce);
|
||||
|
|
|
@ -297,16 +297,16 @@ static bool add_nonce(private_quick_mode_t *this, chunk_t *nonce,
|
|||
message_t *message)
|
||||
{
|
||||
nonce_payload_t *nonce_payload;
|
||||
rng_t *rng;
|
||||
nonce_gen_t *nonceg;
|
||||
|
||||
rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
|
||||
if (!rng)
|
||||
nonceg = this->keymat->keymat.create_nonce_gen(&this->keymat->keymat);
|
||||
if (!nonceg)
|
||||
{
|
||||
DBG1(DBG_IKE, "no RNG found to create nonce");
|
||||
DBG1(DBG_IKE, "no nonce generator found to create nonce");
|
||||
return FALSE;
|
||||
}
|
||||
rng->allocate_bytes(rng, NONCE_SIZE, nonce);
|
||||
rng->destroy(rng);
|
||||
nonceg->allocate_nonce(nonceg, NONCE_SIZE, nonce);
|
||||
nonceg->destroy(nonceg);
|
||||
|
||||
nonce_payload = nonce_payload_create(NONCE_V1);
|
||||
nonce_payload->set_nonce(nonce_payload, *nonce);
|
||||
|
|
|
@ -192,18 +192,18 @@ static status_t get_nonce(message_t *message, chunk_t *nonce)
|
|||
/**
|
||||
* generate a new nonce to include in a CREATE_CHILD_SA message
|
||||
*/
|
||||
static status_t generate_nonce(chunk_t *nonce)
|
||||
static status_t generate_nonce(private_child_create_t *this)
|
||||
{
|
||||
rng_t *rng;
|
||||
nonce_gen_t *nonceg;
|
||||
|
||||
rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
|
||||
if (!rng)
|
||||
nonceg = this->keymat->keymat.create_nonce_gen(&this->keymat->keymat);
|
||||
if (!nonceg)
|
||||
{
|
||||
DBG1(DBG_IKE, "error generating nonce value, no RNG found");
|
||||
DBG1(DBG_IKE, "no nonce generator found to create nonce");
|
||||
return FAILED;
|
||||
}
|
||||
rng->allocate_bytes(rng, NONCE_SIZE, nonce);
|
||||
rng->destroy(rng);
|
||||
nonceg->allocate_nonce(nonceg, NONCE_SIZE, &this->my_nonce);
|
||||
nonceg->destroy(nonceg);
|
||||
return SUCCESS;
|
||||
}
|
||||
|
||||
|
@ -720,7 +720,7 @@ METHOD(task_t, build_i, status_t,
|
|||
case IKE_SA_INIT:
|
||||
return get_nonce(message, &this->my_nonce);
|
||||
case CREATE_CHILD_SA:
|
||||
if (generate_nonce(&this->my_nonce) != SUCCESS)
|
||||
if (generate_nonce(this) != SUCCESS)
|
||||
{
|
||||
message->add_notify(message, FALSE, NO_PROPOSAL_CHOSEN, chunk_empty);
|
||||
return SUCCESS;
|
||||
|
@ -909,7 +909,7 @@ METHOD(task_t, build_r, status_t,
|
|||
case IKE_SA_INIT:
|
||||
return get_nonce(message, &this->my_nonce);
|
||||
case CREATE_CHILD_SA:
|
||||
if (generate_nonce(&this->my_nonce) != SUCCESS)
|
||||
if (generate_nonce(this) != SUCCESS)
|
||||
{
|
||||
message->add_notify(message, FALSE, NO_PROPOSAL_CHOSEN,
|
||||
chunk_empty);
|
||||
|
|
|
@ -225,8 +225,6 @@ static void process_payloads(private_ike_init_t *this, message_t *message)
|
|||
METHOD(task_t, build_i, status_t,
|
||||
private_ike_init_t *this, message_t *message)
|
||||
{
|
||||
rng_t *rng;
|
||||
|
||||
this->config = this->ike_sa->get_ike_cfg(this->ike_sa);
|
||||
DBG0(DBG_IKE, "initiating IKE_SA %s[%d] to %H",
|
||||
this->ike_sa->get_name(this->ike_sa),
|
||||
|
@ -257,14 +255,16 @@ METHOD(task_t, build_i, status_t,
|
|||
/* generate nonce only when we are trying the first time */
|
||||
if (this->my_nonce.ptr == NULL)
|
||||
{
|
||||
rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
|
||||
if (!rng)
|
||||
nonce_gen_t *nonceg;
|
||||
|
||||
nonceg = this->keymat->keymat.create_nonce_gen(&this->keymat->keymat);
|
||||
if (!nonceg)
|
||||
{
|
||||
DBG1(DBG_IKE, "error generating nonce");
|
||||
DBG1(DBG_IKE, "no nonce generator found to create nonce");
|
||||
return FAILED;
|
||||
}
|
||||
rng->allocate_bytes(rng, NONCE_SIZE, &this->my_nonce);
|
||||
rng->destroy(rng);
|
||||
nonceg->allocate_nonce(nonceg, NONCE_SIZE, &this->my_nonce);
|
||||
nonceg->destroy(nonceg);
|
||||
}
|
||||
|
||||
if (this->cookie.ptr)
|
||||
|
@ -290,20 +290,20 @@ METHOD(task_t, build_i, status_t,
|
|||
METHOD(task_t, process_r, status_t,
|
||||
private_ike_init_t *this, message_t *message)
|
||||
{
|
||||
rng_t *rng;
|
||||
nonce_gen_t *nonceg;
|
||||
|
||||
this->config = this->ike_sa->get_ike_cfg(this->ike_sa);
|
||||
DBG0(DBG_IKE, "%H is initiating an IKE_SA", message->get_source(message));
|
||||
this->ike_sa->set_state(this->ike_sa, IKE_CONNECTING);
|
||||
|
||||
rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
|
||||
if (!rng)
|
||||
nonceg = this->keymat->keymat.create_nonce_gen(&this->keymat->keymat);
|
||||
if (!nonceg)
|
||||
{
|
||||
DBG1(DBG_IKE, "error generating nonce");
|
||||
DBG1(DBG_IKE, "no nonce generator found to create nonce");
|
||||
return FAILED;
|
||||
}
|
||||
rng->allocate_bytes(rng, NONCE_SIZE, &this->my_nonce);
|
||||
rng->destroy(rng);
|
||||
nonceg->allocate_nonce(nonceg, NONCE_SIZE, &this->my_nonce);
|
||||
nonceg->destroy(nonceg);
|
||||
|
||||
#ifdef ME
|
||||
{
|
||||
|
|
Loading…
Reference in New Issue