summaryrefslogtreecommitdiff
path: root/src/libcharon/plugins/eap_aka/eap_aka_server.c
diff options
context:
space:
mode:
authorYves-Alexis Perez <corsac@debian.org>2013-01-02 14:18:20 +0100
committerYves-Alexis Perez <corsac@debian.org>2013-01-02 14:18:20 +0100
commit2ea5b8ab2fa64487af984af2162039596a06015a (patch)
tree58f9a4372d6007b33b1fca63ab18b53aa34b090d /src/libcharon/plugins/eap_aka/eap_aka_server.c
parent4e331141b8693e5214b82fdd6c3c6f4fa65eafca (diff)
parentc1343b3278cdf99533b7902744d15969f9d6fdc1 (diff)
downloadvyos-strongswan-2ea5b8ab2fa64487af984af2162039596a06015a.tar.gz
vyos-strongswan-2ea5b8ab2fa64487af984af2162039596a06015a.zip
Merge tag 'upstream/5.0.1'
Upstream version 5.0.1
Diffstat (limited to 'src/libcharon/plugins/eap_aka/eap_aka_server.c')
-rw-r--r--src/libcharon/plugins/eap_aka/eap_aka_server.c64
1 files changed, 47 insertions, 17 deletions
diff --git a/src/libcharon/plugins/eap_aka/eap_aka_server.c b/src/libcharon/plugins/eap_aka/eap_aka_server.c
index d8e85ceef..b7608382d 100644
--- a/src/libcharon/plugins/eap_aka/eap_aka_server.c
+++ b/src/libcharon/plugins/eap_aka/eap_aka_server.c
@@ -119,6 +119,24 @@ struct private_eap_aka_server_t {
};
/**
+ * Generate a payload from a message, destroy message
+ */
+static bool generate_payload(simaka_message_t *message, chunk_t data,
+ eap_payload_t **out)
+{
+ chunk_t chunk;
+ bool ok;
+
+ ok = message->generate(message, data, &chunk);
+ if (ok)
+ {
+ *out = eap_payload_create_data_own(chunk);
+ }
+ message->destroy(message);
+ return ok;
+}
+
+/**
* Create EAP-AKA/Request/Identity message
*/
static status_t identity(private_eap_aka_server_t *this, eap_payload_t **out)
@@ -139,9 +157,10 @@ static status_t identity(private_eap_aka_server_t *this, eap_payload_t **out)
{
message->add_attribute(message, AT_PERMANENT_ID_REQ, chunk_empty);
}
- *out = eap_payload_create_data_own(message->generate(message, chunk_empty));
- message->destroy(message);
-
+ if (!generate_payload(message, chunk_empty, out))
+ {
+ return FAILED;
+ }
this->pending = AKA_IDENTITY;
return NEED_MORE;
}
@@ -180,8 +199,11 @@ static status_t challenge(private_eap_aka_server_t *this, eap_payload_t **out)
}
data = chunk_cata("cc", chunk_create(ik, AKA_IK_LEN),
chunk_create(ck, AKA_CK_LEN));
- free(this->msk.ptr);
- this->msk = this->crypto->derive_keys_full(this->crypto, id, data, &mk);
+ chunk_clear(&this->msk);
+ if (!this->crypto->derive_keys_full(this->crypto, id, data, &mk, &this->msk))
+ {
+ return FAILED;
+ }
this->rand = chunk_clone(chunk_create(rand, AKA_RAND_LEN));
this->xres = chunk_clone(chunk_create(xres, xres_len));
@@ -190,6 +212,7 @@ static status_t challenge(private_eap_aka_server_t *this, eap_payload_t **out)
message->add_attribute(message, AT_RAND, this->rand);
message->add_attribute(message, AT_AUTN, chunk_create(autn, AKA_AUTN_LEN));
id = this->mgr->provider_gen_reauth(this->mgr, this->permanent, mk.ptr);
+ free(mk.ptr);
if (id)
{
message->add_attribute(message, AT_NEXT_REAUTH_ID,
@@ -203,10 +226,10 @@ static status_t challenge(private_eap_aka_server_t *this, eap_payload_t **out)
id->get_encoding(id));
id->destroy(id);
}
- *out = eap_payload_create_data_own(message->generate(message, chunk_empty));
- message->destroy(message);
-
- free(mk.ptr);
+ if (!generate_payload(message, chunk_empty, out))
+ {
+ return FAILED;
+ }
this->pending = AKA_CHALLENGE;
return NEED_MORE;
}
@@ -226,15 +249,21 @@ static status_t reauthenticate(private_eap_aka_server_t *this,
DBG1(DBG_IKE, "initiating EAP-AKA reauthentication");
rng = this->crypto->get_rng(this->crypto);
- rng->allocate_bytes(rng, NONCE_LEN, &this->nonce);
+ if (!rng->allocate_bytes(rng, NONCE_LEN, &this->nonce))
+ {
+ return FAILED;
+ }
mkc = chunk_create(mk, HASH_SIZE_SHA1);
counter = htons(counter);
this->counter = chunk_clone(chunk_create((char*)&counter, sizeof(counter)));
- this->crypto->derive_keys_reauth(this->crypto, mkc);
- this->msk = this->crypto->derive_keys_reauth_msk(this->crypto,
- this->reauth, this->counter, this->nonce, mkc);
+ if (!this->crypto->derive_keys_reauth(this->crypto, mkc) ||
+ !this->crypto->derive_keys_reauth_msk(this->crypto,
+ this->reauth, this->counter, this->nonce, mkc, &this->msk))
+ {
+ return FAILED;
+ }
message = simaka_message_create(TRUE, this->identifier++, EAP_AKA,
AKA_REAUTHENTICATION, this->crypto);
@@ -247,9 +276,10 @@ static status_t reauthenticate(private_eap_aka_server_t *this,
next->get_encoding(next));
next->destroy(next);
}
- *out = eap_payload_create_data_own(message->generate(message, chunk_empty));
- message->destroy(message);
-
+ if (!generate_payload(message, chunk_empty, out))
+ {
+ return FAILED;
+ }
this->pending = SIM_REAUTHENTICATION;
return NEED_MORE;
}
@@ -691,7 +721,7 @@ eap_aka_server_t *eap_aka_server_create(identification_t *server,
this->permanent = peer->clone(peer);
this->use_reauth = this->use_pseudonym = this->use_permanent =
lib->settings->get_bool(lib->settings,
- "charon.plugins.eap-aka.request_identity", TRUE);
+ "%s.plugins.eap-aka.request_identity", TRUE, charon->name);
/* generate a non-zero identifier */
do {