diff options
| author | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2007-10-26 14:24:26 +0000 |
|---|---|---|
| committer | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2007-10-26 14:24:26 +0000 |
| commit | 3168dc628f034e03bb4fab16e8a00da59a5c86e1 (patch) | |
| tree | 663da4d1badc1373ec59d9bdc39f893af0cc8a75 /src/charon/sa/authenticators | |
| parent | 1a144d57c8f2f08513b747078d185db688637859 (diff) | |
| download | vyos-strongswan-3168dc628f034e03bb4fab16e8a00da59a5c86e1.tar.gz vyos-strongswan-3168dc628f034e03bb4fab16e8a00da59a5c86e1.zip | |
- Import new upstream release 4.1.8.
Diffstat (limited to 'src/charon/sa/authenticators')
| -rw-r--r-- | src/charon/sa/authenticators/eap_authenticator.h | 2 | ||||
| -rw-r--r-- | src/charon/sa/authenticators/psk_authenticator.c | 4 | ||||
| -rw-r--r-- | src/charon/sa/authenticators/rsa_authenticator.c | 27 |
3 files changed, 9 insertions, 24 deletions
diff --git a/src/charon/sa/authenticators/eap_authenticator.h b/src/charon/sa/authenticators/eap_authenticator.h index ffa162343..64a3267d7 100644 --- a/src/charon/sa/authenticators/eap_authenticator.h +++ b/src/charon/sa/authenticators/eap_authenticator.h @@ -121,7 +121,7 @@ struct eap_authenticator_t { * After receiving an EAP message "in", the peer/server processes * the payload and creates a reply/subsequent request. * The server side always returns NEED_MORE if another EAP message - * is excepted from the client, SUCCESS if EAP exchange completed and + * is expected from the client, SUCCESS if EAP exchange completed and * "out" is EAP_SUCCES, or FAILED if the EAP exchange failed with * a EAP_FAILURE payload in "out". Anyway, a payload in "out" is always * created. diff --git a/src/charon/sa/authenticators/psk_authenticator.c b/src/charon/sa/authenticators/psk_authenticator.c index 37465d029..6b76088bb 100644 --- a/src/charon/sa/authenticators/psk_authenticator.c +++ b/src/charon/sa/authenticators/psk_authenticator.c @@ -124,7 +124,7 @@ static status_t verify(private_psk_authenticator_t *this, chunk_t ike_sa_init, auth_data = build_shared_key_signature(ike_sa_init, my_nonce, shared_key, other_id, this->ike_sa->get_skp_verify(this->ike_sa), this->ike_sa->get_prf(this->ike_sa)); - chunk_free(&shared_key); + chunk_free_randomized(&shared_key); recv_auth_data = auth_payload->get_data(auth_payload); if (auth_data.len != recv_auth_data.len || @@ -168,7 +168,7 @@ static status_t build(private_psk_authenticator_t *this, chunk_t ike_sa_init, my_id, this->ike_sa->get_skp_build(this->ike_sa), this->ike_sa->get_prf(this->ike_sa)); DBG2(DBG_IKE, "successfully created shared key MAC"); - chunk_free(&shared_key); + chunk_free_randomized(&shared_key); *auth_payload = auth_payload_create(); (*auth_payload)->set_auth_method(*auth_payload, AUTH_PSK); (*auth_payload)->set_data(*auth_payload, auth_data); diff --git a/src/charon/sa/authenticators/rsa_authenticator.c b/src/charon/sa/authenticators/rsa_authenticator.c index e5c5cd60e..ba0fad1e3 100644 --- a/src/charon/sa/authenticators/rsa_authenticator.c +++ b/src/charon/sa/authenticators/rsa_authenticator.c @@ -93,19 +93,16 @@ static status_t verify(private_rsa_authenticator_t *this, chunk_t ike_sa_init, static status_t build(private_rsa_authenticator_t *this, chunk_t ike_sa_init, chunk_t other_nonce, auth_payload_t **auth_payload) { - chunk_t chunk; - chunk_t octets; - chunk_t auth_data; + chunk_t octets, auth_data; status_t status; rsa_public_key_t *my_pubkey; - rsa_private_key_t *my_key; identification_t *my_id; prf_t *prf; my_id = this->ike_sa->get_my_id(this->ike_sa); DBG1(DBG_IKE, "authentication of '%D' (myself) with %N", my_id, auth_method_names, AUTH_RSA); - DBG2(DBG_IKE, "looking for RSA public key belonging to '%D'", my_id); + DBG2(DBG_IKE, "looking for RSA public key belonging to '%D'...", my_id); my_pubkey = charon->credentials->get_rsa_public_key(charon->credentials, my_id); if (my_pubkey == NULL) @@ -113,28 +110,18 @@ static status_t build(private_rsa_authenticator_t *this, chunk_t ike_sa_init, DBG1(DBG_IKE, "no RSA public key found for '%D'", my_id); return NOT_FOUND; } - DBG2(DBG_IKE, "matching RSA public key found"); - chunk = my_pubkey->get_keyid(my_pubkey); - DBG2(DBG_IKE, "looking for RSA private key with keyid %#B", &chunk); - my_key = charon->credentials->get_rsa_private_key(charon->credentials, my_pubkey); - if (my_key == NULL) - { - DBG1(DBG_IKE, "no RSA private key found with for %D with keyid %#B", - my_id, &chunk); - return NOT_FOUND; - } - DBG2(DBG_IKE, "matching RSA private key found"); + DBG2(DBG_IKE, " matching RSA public key found"); prf = this->ike_sa->get_prf(this->ike_sa); prf->set_key(prf, this->ike_sa->get_skp_build(this->ike_sa)); octets = build_tbs_octets(ike_sa_init, other_nonce, my_id, prf); - status = my_key->build_emsa_pkcs1_signature(my_key, HASH_SHA1, octets, &auth_data); + status = charon->credentials->rsa_signature(charon->credentials, + my_pubkey, HASH_SHA1, octets, &auth_data); chunk_free(&octets); if (status != SUCCESS) { - my_key->destroy(my_key); - DBG1(DBG_IKE, "build signature of SHA1 hash failed"); + DBG1(DBG_IKE, "building RSA signature with SHA-1 hash failed"); return status; } DBG2(DBG_IKE, "successfully signed with RSA private key"); @@ -142,8 +129,6 @@ static status_t build(private_rsa_authenticator_t *this, chunk_t ike_sa_init, *auth_payload = auth_payload_create(); (*auth_payload)->set_auth_method(*auth_payload, AUTH_RSA); (*auth_payload)->set_data(*auth_payload, auth_data); - - my_key->destroy(my_key); chunk_free(&auth_data); return SUCCESS; } |