Imported Upstream version 5.0.1

5 files changed, 110 insertions, 49 deletions

diff --git a/src/libsimaka/Makefile.in b/src/libsimaka/Makefile.in
index 59919e559..cdc7799ae 100644
--- a/src/libsimaka/Makefile.in
+++ b/src/libsimaka/Makefile.in
@@ -49,6 +49,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
 CONFIG_CLEAN_VPATH_FILES =
 am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
@@ -78,7 +79,7 @@ libsimaka_la_LIBADD =
 am_libsimaka_la_OBJECTS = simaka_message.lo simaka_crypto.lo \
 	simaka_manager.lo
 libsimaka_la_OBJECTS = $(am_libsimaka_la_OBJECTS)
-DEFAULT_INCLUDES = -I.@am__isrc@
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
 am__mv = mv -f
@@ -104,6 +105,7 @@ AUTOCONF = @AUTOCONF@
 AUTOHEADER = @AUTOHEADER@
 AUTOMAKE = @AUTOMAKE@
 AWK = @AWK@
+BFDLIB = @BFDLIB@
 BTLIB = @BTLIB@
 CC = @CC@
 CCDEPMODE = @CCDEPMODE@
@@ -198,11 +200,14 @@ build_os = @build_os@
 build_vendor = @build_vendor@
 builddir = @builddir@
 c_plugins = @c_plugins@
+charon_natt_port = @charon_natt_port@
+charon_plugins = @charon_plugins@
+charon_udp_port = @charon_udp_port@
 clearsilver_LIBS = @clearsilver_LIBS@
 datadir = @datadir@
 datarootdir = @datarootdir@
 dbusservicedir = @dbusservicedir@
-default_pkcs11 = @default_pkcs11@
+dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
 exec_prefix = @exec_prefix@
@@ -219,11 +224,12 @@ imcvdir = @imcvdir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
+ipsec_script = @ipsec_script@
+ipsec_script_upper = @ipsec_script_upper@
 ipsecdir = @ipsecdir@
 ipsecgroup = @ipsecgroup@
 ipseclibdir = @ipseclibdir@
 ipsecuser = @ipsecuser@
-libcharon_plugins = @libcharon_plugins@
 libdir = @libdir@
 libexecdir = @libexecdir@
 linux_headers = @linux_headers@
@@ -239,6 +245,7 @@ mkdir_p = @mkdir_p@
 nm_CFLAGS = @nm_CFLAGS@
 nm_LIBS = @nm_LIBS@
 nm_ca_dir = @nm_ca_dir@
+nm_plugins = @nm_plugins@
 oldincludedir = @oldincludedir@
 openac_plugins = @openac_plugins@
 p_plugins = @p_plugins@
@@ -248,7 +255,6 @@ pdfdir = @pdfdir@
 piddir = @piddir@
 pki_plugins = @pki_plugins@
 plugindir = @plugindir@
-pluto_plugins = @pluto_plugins@
 pool_plugins = @pool_plugins@
 prefix = @prefix@
 program_transform_name = @program_transform_name@
diff --git a/src/libsimaka/simaka_crypto.c b/src/libsimaka/simaka_crypto.c
index 4819d1b99..92db19317 100644
--- a/src/libsimaka/simaka_crypto.c
+++ b/src/libsimaka/simaka_crypto.c
@@ -115,90 +115,128 @@ static void call_hook(private_simaka_crypto_t *this, chunk_t encr, chunk_t auth)
 	mgr->key_hook(mgr, encr, auth);
 }
 
-METHOD(simaka_crypto_t, derive_keys_full, chunk_t,
+METHOD(simaka_crypto_t, derive_keys_full, bool,
 	private_simaka_crypto_t *this, identification_t *id,
-	chunk_t data, chunk_t *mk)
+	chunk_t data, chunk_t *mk, chunk_t *msk)
 {
-	chunk_t str, msk, k_encr, k_auth;
+	chunk_t str, k_encr, k_auth;
 	int i;
 
 	/* For SIM: MK = SHA1(Identity|n*Kc|NONCE_MT|Version List|Selected Version)
 	 * For AKA: MK = SHA1(Identity|IK|CK) */
-	this->hasher->get_hash(this->hasher, id->get_encoding(id), NULL);
-	this->hasher->allocate_hash(this->hasher, data, mk);
+	if (!this->hasher->get_hash(this->hasher, id->get_encoding(id), NULL) ||
+		!this->hasher->allocate_hash(this->hasher, data, mk))
+	{
+		return FALSE;
+	}
 	DBG3(DBG_LIB, "MK %B", mk);
 
 	/* K_encr | K_auth | MSK | EMSK = prf() | prf() | prf() | prf() */
-	this->prf->set_key(this->prf, *mk);
+	if (!this->prf->set_key(this->prf, *mk))
+	{
+		chunk_clear(mk);
+		return FALSE;
+	}
 	str = chunk_alloca(this->prf->get_block_size(this->prf) * 3);
 	for (i = 0; i < 3; i++)
 	{
-		this->prf->get_bytes(this->prf, chunk_empty, str.ptr + str.len / 3 * i);
+		if (!this->prf->get_bytes(this->prf, chunk_empty,
+								  str.ptr + str.len / 3 * i))
+		{
+			chunk_clear(mk);
+			return FALSE;
+		}
 	}
 
 	k_encr = chunk_create(str.ptr, KENCR_LEN);
 	k_auth = chunk_create(str.ptr + KENCR_LEN, KAUTH_LEN);
-	msk = chunk_create(str.ptr + KENCR_LEN + KAUTH_LEN, MSK_LEN);
 	DBG3(DBG_LIB, "K_encr %B\nK_auth %B\nMSK %B", &k_encr, &k_auth, &msk);
 
-	this->signer->set_key(this->signer, k_auth);
-	this->crypter->set_key(this->crypter, k_encr);
+	if (!this->signer->set_key(this->signer, k_auth) ||
+		!this->crypter->set_key(this->crypter, k_encr))
+	{
+		chunk_clear(mk);
+		return FALSE;
+	}
+
+	*msk = chunk_clone(chunk_create(str.ptr + KENCR_LEN + KAUTH_LEN, MSK_LEN));
 
 	call_hook(this, k_encr, k_auth);
 
 	this->derived = TRUE;
-	return chunk_clone(msk);
+	return TRUE;
 }
 
-METHOD(simaka_crypto_t, derive_keys_reauth, void,
+METHOD(simaka_crypto_t, derive_keys_reauth, bool,
 	private_simaka_crypto_t *this, chunk_t mk)
 {
 	chunk_t str, k_encr, k_auth;
 	int i;
 
 	/* K_encr | K_auth = prf() | prf() */
-	this->prf->set_key(this->prf, mk);
+	if (!this->prf->set_key(this->prf, mk))
+	{
+		return FALSE;
+	}
 	str = chunk_alloca(this->prf->get_block_size(this->prf) * 2);
 	for (i = 0; i < 2; i++)
 	{
-		this->prf->get_bytes(this->prf, chunk_empty, str.ptr + str.len / 2 * i);
+		if (!this->prf->get_bytes(this->prf, chunk_empty,
+								  str.ptr + str.len / 2 * i))
+		{
+			return FALSE;
+		}
 	}
 	k_encr = chunk_create(str.ptr, KENCR_LEN);
 	k_auth = chunk_create(str.ptr + KENCR_LEN, KAUTH_LEN);
 	DBG3(DBG_LIB, "K_encr %B\nK_auth %B", &k_encr, &k_auth);
 
-	this->signer->set_key(this->signer, k_auth);
-	this->crypter->set_key(this->crypter, k_encr);
+	if (!this->signer->set_key(this->signer, k_auth) ||
+		!this->crypter->set_key(this->crypter, k_encr))
+	{
+		return FALSE;
+	}
 
 	call_hook(this, k_encr, k_auth);
 
 	this->derived = TRUE;
+	return TRUE;
 }
 
-METHOD(simaka_crypto_t, derive_keys_reauth_msk, chunk_t,
+METHOD(simaka_crypto_t, derive_keys_reauth_msk, bool,
 	private_simaka_crypto_t *this, identification_t *id, chunk_t counter,
-	chunk_t nonce_s, chunk_t mk)
+	chunk_t nonce_s, chunk_t mk, chunk_t *msk)
 {
 	char xkey[HASH_SIZE_SHA1];
-	chunk_t str, msk;
+	chunk_t str;
 	int i;
 
-	this->hasher->get_hash(this->hasher, id->get_encoding(id), NULL);
-	this->hasher->get_hash(this->hasher, counter, NULL);
-	this->hasher->get_hash(this->hasher, nonce_s, NULL);
-	this->hasher->get_hash(this->hasher, mk, xkey);
+	if (!this->hasher->get_hash(this->hasher, id->get_encoding(id), NULL) ||
+		!this->hasher->get_hash(this->hasher, counter, NULL) ||
+		!this->hasher->get_hash(this->hasher, nonce_s, NULL) ||
+		!this->hasher->get_hash(this->hasher, mk, xkey))
+	{
+		return FALSE;
+	}
 
 	/* MSK | EMSK = prf() | prf() | prf() | prf() */
-	this->prf->set_key(this->prf, chunk_create(xkey, sizeof(xkey)));
+	if (!this->prf->set_key(this->prf, chunk_create(xkey, sizeof(xkey))))
+	{
+		return FALSE;
+	}
 	str = chunk_alloca(this->prf->get_block_size(this->prf) * 2);
 	for (i = 0; i < 2; i++)
 	{
-		this->prf->get_bytes(this->prf, chunk_empty, str.ptr + str.len / 2 * i);
+		if (!this->prf->get_bytes(this->prf, chunk_empty,
+								  str.ptr + str.len / 2 * i))
+		{
+			return FALSE;
+		}
 	}
-	msk = chunk_create(str.ptr, MSK_LEN);
-	DBG3(DBG_LIB, "MSK %B", &msk);
+	*msk = chunk_clone(chunk_create(str.ptr, MSK_LEN));
+	DBG3(DBG_LIB, "MSK %B", msk);
 
-	return chunk_clone(msk);
+	return TRUE;
 }
 
 METHOD(simaka_crypto_t, clear_keys, void,
diff --git a/src/libsimaka/simaka_crypto.h b/src/libsimaka/simaka_crypto.h
index d1830e658..c07755865 100644
--- a/src/libsimaka/simaka_crypto.h
+++ b/src/libsimaka/simaka_crypto.h
@@ -62,10 +62,11 @@ struct simaka_crypto_t {
 	 * @param id	peer identity
 	 * @param data	method specific data
 	 * @param mk	chunk receiving allocated master key MK
-	 * @return		allocated MSK value
+	 * @param msk	chunk receiving allocated MSK
+	 * @return		TRUE if keys allocated and derived successfully
 	 */
-	chunk_t (*derive_keys_full)(simaka_crypto_t *this, identification_t *id,
-								chunk_t data, chunk_t *mk);
+	bool (*derive_keys_full)(simaka_crypto_t *this, identification_t *id,
+							 chunk_t data, chunk_t *mk, chunk_t *msk);
 
 	/**
 	 * Derive k_encr/k_auth keys from MK using fast reauthentication.
@@ -74,8 +75,9 @@ struct simaka_crypto_t {
 	 * internal crypter/signer instances.
 	 *
 	 * @param mk	master key
+	 * @return		TRUE if keys derived successfully
 	 */
-	void (*derive_keys_reauth)(simaka_crypto_t *this, chunk_t mk);
+	bool (*derive_keys_reauth)(simaka_crypto_t *this, chunk_t mk);
 
 	/**
 	 * Derive MSK using fast reauthentication.
@@ -84,10 +86,12 @@ struct simaka_crypto_t {
 	 * @param counter	fast reauthentication counter value, network order
 	 * @param nonce_s	server generated NONCE_S value
 	 * @param mk		master key of last full authentication
+	 * @param msk		chunk receiving allocated MSK
+	 * @return			TRUE if MSK allocated and derived successfully
 	 */
-	chunk_t (*derive_keys_reauth_msk)(simaka_crypto_t *this,
-									  identification_t *id, chunk_t counter,
-									  chunk_t nonce_s, chunk_t mk);
+	bool (*derive_keys_reauth_msk)(simaka_crypto_t *this,
+								   identification_t *id, chunk_t counter,
+								   chunk_t nonce_s, chunk_t mk, chunk_t *msk);
 
 	/**
 	 * Clear keys (partially) derived.
diff --git a/src/libsimaka/simaka_message.c b/src/libsimaka/simaka_message.c
index a5754b985..aa36a0974 100644
--- a/src/libsimaka/simaka_message.c
+++ b/src/libsimaka/simaka_message.c
@@ -499,8 +499,10 @@ static bool decrypt(private_simaka_message_t *this)
 			 eap_type_names, this->hdr->type);
 		return FALSE;
 	}
-
-	crypter->decrypt(crypter, this->encr, this->iv, &plain);
+	if (!crypter->decrypt(crypter, this->encr, this->iv, &plain))
+	{
+		return FALSE;
+	}
 
 	this->encrypted = TRUE;
 	success = parse_attributes(this, plain);
@@ -599,8 +601,8 @@ METHOD(simaka_message_t, verify, bool,
 	return TRUE;
 }
 
-METHOD(simaka_message_t, generate, chunk_t,
-	private_simaka_message_t *this, chunk_t sigdata)
+METHOD(simaka_message_t, generate, bool,
+	private_simaka_message_t *this, chunk_t sigdata, chunk_t *gen)
 {
 	/* buffers large enough for messages we generate */
 	char out_buf[1024], encr_buf[512];
@@ -771,13 +773,19 @@ METHOD(simaka_message_t, generate, chunk_t,
 		out = chunk_skip(out, 4);
 
 		rng = this->crypto->get_rng(this->crypto);
-		rng->get_bytes(rng, iv.len, out.ptr);
+		if (!rng->get_bytes(rng, iv.len, out.ptr))
+		{
+			return FALSE;
+		}
 
 		iv = chunk_clonea(chunk_create(out.ptr, iv.len));
 		out = chunk_skip(out, iv.len);
 
 		/* inline encryption */
-		crypter->encrypt(crypter, encr, iv, NULL);
+		if (!crypter->encrypt(crypter, encr, iv, NULL))
+		{
+			return FALSE;
+		}
 
 		/* add ENCR_DATA attribute */
 		hdr = (attr_hdr_t*)out.ptr;
@@ -822,12 +830,16 @@ METHOD(simaka_message_t, generate, chunk_t,
 	if (mac.len)
 	{
 		data = chunk_cata("cc", out, sigdata);
-		signer->get_signature(signer, data, mac.ptr);
+		if (!signer->get_signature(signer, data, mac.ptr))
+		{
+			return FALSE;
+		}
 	}
 
 	call_hook(this, FALSE, FALSE);
 
-	return chunk_clone(out);
+	*gen = chunk_clone(out);
+	return TRUE;
 }
 
 METHOD(simaka_message_t, destroy, void,
diff --git a/src/libsimaka/simaka_message.h b/src/libsimaka/simaka_message.h
index 28fe21823..209067c70 100644
--- a/src/libsimaka/simaka_message.h
+++ b/src/libsimaka/simaka_message.h
@@ -236,9 +236,10 @@ struct simaka_message_t {
 	 * Generate a message, optionally encrypt attributes and create a MAC.
 	 *
 	 * @param sigdata	additional data to include in signature, if any
-	 * @return			allocated data of generated message
+	 * @param gen		allocated generated data, if successful
+	 * @return			TRUE if successful
 	 */
-	chunk_t (*generate)(simaka_message_t *this, chunk_t sigdata);
+	bool (*generate)(simaka_message_t *this, chunk_t sigdata, chunk_t *gen);
 
 	/**
 	 * Destroy a simaka_message_t.