diff options
Diffstat (limited to 'src/charon-tkm')
-rw-r--r-- | src/charon-tkm/src/tkm/tkm_id_manager.c | 2 | ||||
-rw-r--r-- | src/charon-tkm/src/tkm/tkm_kernel_ipsec.c | 17 | ||||
-rw-r--r-- | src/charon-tkm/src/tkm/tkm_kernel_sad.c | 89 | ||||
-rw-r--r-- | src/charon-tkm/src/tkm/tkm_kernel_sad.h | 21 | ||||
-rw-r--r-- | src/charon-tkm/src/tkm/tkm_keymat.c | 15 | ||||
-rw-r--r-- | src/charon-tkm/src/tkm/tkm_listener.c | 9 | ||||
-rw-r--r-- | src/charon-tkm/src/tkm/tkm_nonceg.c | 53 | ||||
-rw-r--r-- | src/charon-tkm/src/tkm/tkm_nonceg.h | 8 | ||||
-rw-r--r-- | src/charon-tkm/tests/kernel_sad_tests.c | 48 | ||||
-rw-r--r-- | src/charon-tkm/tests/keymat_tests.c | 2 | ||||
-rw-r--r-- | src/charon-tkm/tests/nonceg_tests.c | 1 |
11 files changed, 200 insertions, 65 deletions
diff --git a/src/charon-tkm/src/tkm/tkm_id_manager.c b/src/charon-tkm/src/tkm/tkm_id_manager.c index e6d571b83..d8ff6753f 100644 --- a/src/charon-tkm/src/tkm/tkm_id_manager.c +++ b/src/charon-tkm/src/tkm/tkm_id_manager.c @@ -19,8 +19,6 @@ #include <utils/debug.h> #include <threading/rwlock.h> -#define TKM_LIMIT 100 - ENUM_BEGIN(tkm_context_kind_names, TKM_CTX_NONCE, TKM_CTX_ESA, "NONCE_CONTEXT", "DH_CONTEXT", diff --git a/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c b/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c index 734b1ec55..7a0672aa8 100644 --- a/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c +++ b/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c @@ -132,7 +132,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t, } esa_id = tkm->idmgr->acquire_id(tkm->idmgr, TKM_CTX_ESA); - if (!tkm->sad->insert(tkm->sad, reqid, esa_id, local, peer, spi_rem, + if (!tkm->sad->insert(tkm->sad, esa_id, reqid, local, peer, spi_loc, spi_rem, protocol)) { DBG1(DBG_KNL, "unable to add entry (%llu) to SAD", esa_id); @@ -164,6 +164,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t, DBG1(DBG_KNL, "child SA (%llu, no PFS) creation failed", esa_id); goto failure; } + tkm->chunk_map->remove(tkm->chunk_map, nonce_loc); tkm->idmgr->release_id(tkm->idmgr, TKM_CTX_NONCE, nonce_loc_id); } /* creation of subsequent child SA with PFS: nonce and dh context are set */ @@ -176,6 +177,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t, DBG1(DBG_KNL, "child SA (%llu) creation failed", esa_id); goto failure; } + tkm->chunk_map->remove(tkm->chunk_map, nonce_loc); tkm->idmgr->release_id(tkm->idmgr, TKM_CTX_NONCE, nonce_loc_id); } if (ike_esa_select(esa_id) != TKM_OK) @@ -217,11 +219,22 @@ METHOD(kernel_ipsec_t, del_sa, status_t, private_tkm_kernel_ipsec_t *this, host_t *src, host_t *dst, u_int32_t spi, u_int8_t protocol, u_int16_t cpi, mark_t mark) { - esa_id_type esa_id; + esa_id_type esa_id, other_esa_id; esa_id = tkm->sad->get_esa_id(tkm->sad, src, dst, spi, protocol); if (esa_id) { + other_esa_id = tkm->sad->get_other_esa_id(tkm->sad, esa_id); + if (other_esa_id) + { + DBG1(DBG_KNL, "selecting child SA (esa: %llu)", other_esa_id); + if (ike_esa_select(other_esa_id) != TKM_OK) + { + DBG1(DBG_KNL, "error selecting other child SA (esa: %llu)", + other_esa_id); + } + } + DBG1(DBG_KNL, "deleting child SA (esa: %llu, spi: %x)", esa_id, ntohl(spi)); if (ike_esa_reset(esa_id) != TKM_OK) diff --git a/src/charon-tkm/src/tkm/tkm_kernel_sad.c b/src/charon-tkm/src/tkm/tkm_kernel_sad.c index 3394b58af..2556f6b8b 100644 --- a/src/charon-tkm/src/tkm/tkm_kernel_sad.c +++ b/src/charon-tkm/src/tkm/tkm_kernel_sad.c @@ -72,9 +72,14 @@ struct sad_entry_t { host_t *dst; /** - * SPI of CHILD SA. + * Local SPI of CHILD SA. */ - u_int32_t spi; + u_int32_t spi_loc; + + /** + * Remote SPI of CHILD SA. + */ + u_int32_t spi_rem; /** * Protocol of CHILD SA (ESP/AH). @@ -97,7 +102,7 @@ static void sad_entry_destroy(sad_entry_t *entry) } /** - * Find a list entry with given src, dst, spi and proto values. + * Find a list entry with given src, dst, (remote) spi and proto values. */ static bool sad_entry_match(sad_entry_t * const entry, const host_t * const src, const host_t * const dst, const u_int32_t * const spi, @@ -110,7 +115,7 @@ static bool sad_entry_match(sad_entry_t * const entry, const host_t * const src, return src->ip_equals(entry->src, (host_t *)src) && dst->ip_equals(entry->dst, (host_t *)dst) && - entry->spi == *spi && entry->proto == *proto; + entry->spi_rem == *spi && entry->proto == *proto; } /** @@ -121,9 +126,29 @@ static bool sad_entry_match_dst(sad_entry_t * const entry, const u_int32_t * const spi, const u_int8_t * const proto) { - return entry->reqid == *reqid && - entry->spi == *spi && - entry->proto == *proto; + return entry->reqid == *reqid && + entry->spi_rem == *spi && + entry->proto == *proto; +} + +/** + * Find a list entry with given esa id. + */ +static bool sad_entry_match_esa_id(sad_entry_t * const entry, + const esa_id_type * const esa_id) +{ + return entry->esa_id == *esa_id; +} + +/** + * Find a list entry with given reqid and different esa id. + */ +static bool sad_entry_match_other_esa(sad_entry_t * const entry, + const esa_id_type * const esa_id, + const u_int32_t * const reqid) +{ + return entry->reqid == *reqid && + entry->esa_id != *esa_id; } /** @@ -140,13 +165,15 @@ static bool sad_entry_equal(sad_entry_t * const left, sad_entry_t * const right) left->reqid == right->reqid && left->src->ip_equals(left->src, right->src) && left->dst->ip_equals(left->dst, right->dst) && - left->spi == right->spi && left->proto == right->proto; + left->spi_loc == right->spi_loc && + left->spi_rem == right->spi_rem && + left->proto == right->proto; } METHOD(tkm_kernel_sad_t, insert, bool, private_tkm_kernel_sad_t * const this, const esa_id_type esa_id, const u_int32_t reqid, const host_t * const src, const host_t * const dst, - const u_int32_t spi, const u_int8_t proto) + const u_int32_t spi_loc, const u_int32_t spi_rem, const u_int8_t proto) { status_t result; sad_entry_t *new_entry; @@ -156,7 +183,8 @@ METHOD(tkm_kernel_sad_t, insert, bool, .reqid = reqid, .src = (host_t *)src, .dst = (host_t *)dst, - .spi = spi, + .spi_loc = spi_loc, + .spi_rem = spi_rem, .proto = proto, ); @@ -167,8 +195,8 @@ METHOD(tkm_kernel_sad_t, insert, bool, if (result == NOT_FOUND) { DBG3(DBG_KNL, "inserting SAD entry (esa: %llu, reqid: %u, src: %H, " - "dst: %H, spi: %x, proto: %u)", esa_id, reqid, src, dst, - ntohl(spi), proto); + "dst: %H, spi_loc: %x, spi_rem: %x,proto: %u)", esa_id, reqid, src, + dst, ntohl(spi_loc), ntohl(spi_rem), proto); new_entry->src = src->clone((host_t *)src); new_entry->dst = dst->clone((host_t *)dst); this->data->insert_last(this->data, new_entry); @@ -209,6 +237,42 @@ METHOD(tkm_kernel_sad_t, get_esa_id, esa_id_type, return id; } +METHOD(tkm_kernel_sad_t, get_other_esa_id, esa_id_type, + private_tkm_kernel_sad_t * const this, const esa_id_type esa_id) +{ + esa_id_type id = 0; + sad_entry_t *entry = NULL; + u_int32_t reqid; + status_t res; + + this->mutex->lock(this->mutex); + res = this->data->find_first(this->data, + (linked_list_match_t)sad_entry_match_esa_id, + (void**)&entry, &esa_id); + if (res == SUCCESS && entry) + { + reqid = entry->reqid; + } + else + { + DBG3(DBG_KNL, "no SAD entry found for ESA id %llu", esa_id); + this->mutex->unlock(this->mutex); + return id; + } + + res = this->data->find_first(this->data, + (linked_list_match_t)sad_entry_match_other_esa, + (void**)&entry, &esa_id, &reqid); + if (res == SUCCESS && entry) + { + id = entry->esa_id; + DBG3(DBG_KNL, "returning ESA id %llu of other SAD entry with reqid %u", + id, reqid); + } + this->mutex->unlock(this->mutex); + return id; +} + METHOD(tkm_kernel_sad_t, get_dst_host, host_t *, private_tkm_kernel_sad_t * const this, const u_int32_t reqid, const u_int32_t spi, const u_int8_t proto) @@ -289,6 +353,7 @@ tkm_kernel_sad_t *tkm_kernel_sad_create() .public = { .insert = _insert, .get_esa_id = _get_esa_id, + .get_other_esa_id = _get_other_esa_id, .get_dst_host = _get_dst_host, .remove = __remove, .destroy = _destroy, diff --git a/src/charon-tkm/src/tkm/tkm_kernel_sad.h b/src/charon-tkm/src/tkm/tkm_kernel_sad.h index 38b19dd01..3a84deffc 100644 --- a/src/charon-tkm/src/tkm/tkm_kernel_sad.h +++ b/src/charon-tkm/src/tkm/tkm_kernel_sad.h @@ -40,21 +40,22 @@ struct tkm_kernel_sad_t { * @param reqid reqid of the SA * @param src source address of CHILD SA * @param dst destination address of CHILD SA - * @param spi SPI of CHILD SA + * @param spi_loc Local SPI of CHILD SA + * @param spi_rem Remote SPI of CHILD SA * @param proto protocol of CHILD SA (ESP/AH) * @return TRUE if entry was inserted, FALSE otherwise */ bool (*insert)(tkm_kernel_sad_t * const this, const esa_id_type esa_id, const u_int32_t reqid, const host_t * const src, - const host_t * const dst, const u_int32_t spi, - const u_int8_t proto); + const host_t * const dst, const u_int32_t spi_loc, + const u_int32_t spi_rem, const u_int8_t proto); /** * Get ESA id for entry with given parameters. * * @param src source address of CHILD SA * @param dst destination address of CHILD SA - * @param spi SPI of CHILD SA + * @param spi Remote SPI of CHILD SA * @param proto protocol of CHILD SA (ESP/AH) * @return ESA id of entry if found, 0 otherwise */ @@ -63,10 +64,20 @@ struct tkm_kernel_sad_t { const u_int32_t spi, const u_int8_t proto); /** + * Get ESA id for entry associated with same security policy as the + * specified ESA. + * + * @param esa_id id of ESA identifying the security policy + * @return ESA id of entry if found, 0 otherwise + */ + esa_id_type (*get_other_esa_id)(tkm_kernel_sad_t * const this, + const esa_id_type esa_id); + + /** * Get destination host for entry with given parameters. * * @param reqid reqid of CHILD SA - * @param spi SPI of CHILD SA + * @param spi Remote SPI of CHILD SA * @param proto protocol of CHILD SA (ESP/AH) * @return destination host of entry if found, NULL otherwise */ diff --git a/src/charon-tkm/src/tkm/tkm_keymat.c b/src/charon-tkm/src/tkm/tkm_keymat.c index 80721fafe..1e1fa4f30 100644 --- a/src/charon-tkm/src/tkm/tkm_keymat.c +++ b/src/charon-tkm/src/tkm/tkm_keymat.c @@ -102,6 +102,7 @@ static void aead_create_from_keys(aead_t **in, aead_t **out, *in = *out = NULL; signer_t *signer_i, *signer_r; crypter_t *crypter_i, *crypter_r; + iv_gen_t *ivg_i, *ivg_r; signer_i = lib->crypto->create_signer(lib->crypto, int_alg); signer_r = lib->crypto->create_signer(lib->crypto, int_alg); @@ -145,15 +146,21 @@ static void aead_create_from_keys(aead_t **in, aead_t **out, return; } + ivg_i = iv_gen_create_for_alg(enc_alg); + ivg_r = iv_gen_create_for_alg(enc_alg); + if (!ivg_i || !ivg_r) + { + return; + } if (initiator) { - *in = aead_create(crypter_r, signer_r); - *out = aead_create(crypter_i, signer_i); + *in = aead_create(crypter_r, signer_r, ivg_r); + *out = aead_create(crypter_i, signer_i, ivg_i); } else { - *in = aead_create(crypter_i, signer_i); - *out = aead_create(crypter_r, signer_r); + *in = aead_create(crypter_i, signer_i, ivg_i); + *out = aead_create(crypter_r, signer_r, ivg_r); } } diff --git a/src/charon-tkm/src/tkm/tkm_listener.c b/src/charon-tkm/src/tkm/tkm_listener.c index bb1218266..f57527602 100644 --- a/src/charon-tkm/src/tkm/tkm_listener.c +++ b/src/charon-tkm/src/tkm/tkm_listener.c @@ -14,6 +14,8 @@ * for more details. */ +#include <stdarg.h> + #include <daemon.h> #include <encoding/payloads/auth_payload.h> #include <utils/chunk.h> @@ -209,6 +211,13 @@ METHOD(listener_t, alert, bool, { tkm_keymat_t *keymat; isa_id_type isa_id; + int is_first; + + is_first = va_arg(args, int); + if (!is_first) + { + return TRUE; + } keymat = (tkm_keymat_t*)ike_sa->get_keymat(ike_sa); isa_id = keymat->get_isa_id(keymat); diff --git a/src/charon-tkm/src/tkm/tkm_nonceg.c b/src/charon-tkm/src/tkm/tkm_nonceg.c index a07326798..336f16ecd 100644 --- a/src/charon-tkm/src/tkm/tkm_nonceg.c +++ b/src/charon-tkm/src/tkm/tkm_nonceg.c @@ -33,23 +33,32 @@ struct private_tkm_nonceg_t { tkm_nonceg_t public; /** - * Context id. + * Nonce chunk. */ - nc_id_type context_id; - + chunk_t nonce; }; METHOD(nonce_gen_t, get_nonce, bool, private_tkm_nonceg_t *this, size_t size, u_int8_t *buffer) { nonce_type nonce; + uint64_t nc_id; + + nc_id = tkm->idmgr->acquire_id(tkm->idmgr, TKM_CTX_NONCE); + if (!nc_id) + { + return FALSE; + } - if (ike_nc_create(this->context_id, size, &nonce) != TKM_OK) + if (ike_nc_create(nc_id, size, &nonce) != TKM_OK) { + tkm->idmgr->release_id(tkm->idmgr, TKM_CTX_NONCE, nc_id); return FALSE; } memcpy(buffer, &nonce.data, size); + this->nonce = chunk_clone(chunk_create(buffer, size)); + tkm->chunk_map->insert(tkm->chunk_map, &this->nonce, nc_id); return TRUE; } @@ -57,24 +66,28 @@ METHOD(nonce_gen_t, allocate_nonce, bool, private_tkm_nonceg_t *this, size_t size, chunk_t *chunk) { *chunk = chunk_alloc(size); - if (get_nonce(this, chunk->len, chunk->ptr)) - { - tkm->chunk_map->insert(tkm->chunk_map, chunk, this->context_id); - return TRUE; - } - return FALSE; + return get_nonce(this, chunk->len, chunk->ptr); } METHOD(nonce_gen_t, destroy, void, private_tkm_nonceg_t *this) { - free(this); -} + uint64_t nc_id; -METHOD(tkm_nonceg_t, get_id, nc_id_type, - private_tkm_nonceg_t *this) -{ - return this->context_id; + nc_id = tkm->chunk_map->get_id(tkm->chunk_map, &this->nonce); + if (nc_id) + { + DBG1(DBG_IKE, "resetting stale nonce context %llu", nc_id); + + if (ike_nc_reset(nc_id) != TKM_OK) + { + DBG1(DBG_IKE, "failed to reset nonce context %llu", nc_id); + } + tkm->idmgr->release_id(tkm->idmgr, TKM_CTX_NONCE, nc_id); + tkm->chunk_map->remove(tkm->chunk_map, &this->nonce); + } + chunk_free(&this->nonce); + free(this); } /* @@ -91,16 +104,8 @@ tkm_nonceg_t *tkm_nonceg_create() .allocate_nonce = _allocate_nonce, .destroy = _destroy, }, - .get_id = _get_id, }, - .context_id = tkm->idmgr->acquire_id(tkm->idmgr, TKM_CTX_NONCE), ); - if (!this->context_id) - { - free(this); - return NULL; - } - return &this->public; } diff --git a/src/charon-tkm/src/tkm/tkm_nonceg.h b/src/charon-tkm/src/tkm/tkm_nonceg.h index ceadb081f..d158551fe 100644 --- a/src/charon-tkm/src/tkm/tkm_nonceg.h +++ b/src/charon-tkm/src/tkm/tkm_nonceg.h @@ -36,14 +36,6 @@ struct tkm_nonceg_t { * Implements nonce_gen_t. */ nonce_gen_t nonce_gen; - - /** - * Get nonce context id. - * - * @return context id of this nonce generator. - */ - nc_id_type (*get_id)(tkm_nonceg_t * const this); - }; /** diff --git a/src/charon-tkm/tests/kernel_sad_tests.c b/src/charon-tkm/tests/kernel_sad_tests.c index b9ab3cb5e..2a033d237 100644 --- a/src/charon-tkm/tests/kernel_sad_tests.c +++ b/src/charon-tkm/tests/kernel_sad_tests.c @@ -34,7 +34,7 @@ START_TEST(test_insert) host_t *addr = host_create_from_string("127.0.0.1", 1024); tkm_kernel_sad_t *sad = tkm_kernel_sad_create(); - fail_unless(sad->insert(sad, 1, 2, addr, addr, 42, 50), + fail_unless(sad->insert(sad, 1, 2, addr, addr, 27, 42, 50), "Error inserting SAD entry"); sad->destroy(sad); @@ -47,9 +47,9 @@ START_TEST(test_insert_duplicate) host_t *addr = host_create_from_string("127.0.0.1", 1024); tkm_kernel_sad_t *sad = tkm_kernel_sad_create(); - fail_unless(sad->insert(sad, 1, 2, addr, addr, 42, 50), + fail_unless(sad->insert(sad, 1, 2, addr, addr, 27, 42, 50), "Error inserting SAD entry"); - fail_if(sad->insert(sad, 1, 2, addr, addr, 42, 50), + fail_if(sad->insert(sad, 1, 2, addr, addr, 27, 42, 50), "Expected error inserting duplicate entry"); sad->destroy(sad); @@ -61,7 +61,7 @@ START_TEST(test_get_esa_id) { host_t *addr = host_create_from_string("127.0.0.1", 1024); tkm_kernel_sad_t *sad = tkm_kernel_sad_create(); - fail_unless(sad->insert(sad, 23, 54, addr, addr, 42, 50), + fail_unless(sad->insert(sad, 23, 54, addr, addr, 27, 42, 50), "Error inserting SAD entry"); fail_unless(sad->get_esa_id(sad, addr, addr, 42, 50) == 23, "Error getting esa id"); @@ -81,11 +81,42 @@ START_TEST(test_get_esa_id_nonexistent) } END_TEST +START_TEST(test_get_other_esa_id) +{ + host_t *addr = host_create_from_string("127.0.0.1", 1024); + tkm_kernel_sad_t *sad = tkm_kernel_sad_create(); + fail_unless(sad->insert(sad, 23, 54, addr, addr, 27, 42, 50), + "Error inserting SAD entry"); + fail_unless(sad->insert(sad, 24, 54, addr, addr, 27, 42, 50), + "Error inserting SAD entry"); + fail_unless(sad->get_other_esa_id(sad, 23) == 24, + "Error getting other esa id"); + sad->destroy(sad); + addr->destroy(addr); +} +END_TEST + +START_TEST(test_get_other_esa_id_nonexistent) +{ + host_t *addr = host_create_from_string("127.0.0.1", 1024); + tkm_kernel_sad_t *sad = tkm_kernel_sad_create(); + fail_unless(sad->get_other_esa_id(sad, 1) == 0, + "Got other esa id for nonexistent SAD entry"); + fail_unless(sad->insert(sad, 23, 54, addr, addr, 27, 42, 50), + "Error inserting SAD entry"); + fail_unless(sad->get_other_esa_id(sad, 23) == 0, + "Got own esa id"); + + sad->destroy(sad); + addr->destroy(addr); +} +END_TEST + START_TEST(test_get_dst_host) { host_t *addr = host_create_from_string("127.0.0.1", 1024); tkm_kernel_sad_t *sad = tkm_kernel_sad_create(); - fail_unless(sad->insert(sad, 23, 54, addr, addr, 42, 50), + fail_unless(sad->insert(sad, 23, 54, addr, addr, 27, 42, 50), "Error inserting SAD entry"); host_t *dst = sad->get_dst_host(sad, 54, 42, 50); @@ -108,7 +139,7 @@ START_TEST(test_remove) { host_t *addr = host_create_from_string("127.0.0.1", 1024); tkm_kernel_sad_t *sad = tkm_kernel_sad_create(); - fail_unless(sad->insert(sad, 23, 54, addr, addr, 42, 50), + fail_unless(sad->insert(sad, 23, 54, addr, addr, 27, 42, 50), "Error inserting SAD entry"); fail_unless(sad->get_esa_id(sad, addr, addr, 42, 50) == 23, "Error getting esa id"); @@ -151,6 +182,11 @@ Suite *make_kernel_sad_tests() tcase_add_test(tc, test_get_esa_id_nonexistent); suite_add_tcase(s, tc); + tc = tcase_create("get_other_esa_id"); + tcase_add_test(tc, test_get_other_esa_id); + tcase_add_test(tc, test_get_other_esa_id_nonexistent); + suite_add_tcase(s, tc); + tc = tcase_create("get_dst_host"); tcase_add_test(tc, test_get_dst_host); tcase_add_test(tc, test_get_dst_host_nonexistent); diff --git a/src/charon-tkm/tests/keymat_tests.c b/src/charon-tkm/tests/keymat_tests.c index 889965a78..d087bee3f 100644 --- a/src/charon-tkm/tests/keymat_tests.c +++ b/src/charon-tkm/tests/keymat_tests.c @@ -46,7 +46,6 @@ START_TEST(test_derive_ike_keys) fail_if(!ng, "Unable to create nonce generator"); fail_unless(ng->nonce_gen.allocate_nonce(&ng->nonce_gen, 32, &nonce), "Unable to allocate nonce"); - ng->nonce_gen.destroy(&ng->nonce_gen); tkm_diffie_hellman_t *dh = tkm_diffie_hellman_create(MODP_4096_BIT); fail_if(!dh, "Unable to create DH"); @@ -69,6 +68,7 @@ START_TEST(test_derive_ike_keys) fail_if(aead->get_block_size(aead) != 16, "Block size mismatch %d", aead->get_block_size(aead)); + ng->nonce_gen.destroy(&ng->nonce_gen); proposal->destroy(proposal); dh->dh.destroy(&dh->dh); ike_sa_id->destroy(ike_sa_id); diff --git a/src/charon-tkm/tests/nonceg_tests.c b/src/charon-tkm/tests/nonceg_tests.c index 6f524cb22..d150891eb 100644 --- a/src/charon-tkm/tests/nonceg_tests.c +++ b/src/charon-tkm/tests/nonceg_tests.c @@ -27,7 +27,6 @@ START_TEST(test_nonceg_creation) ng = tkm_nonceg_create(); fail_if(ng == NULL, "Error creating tkm nonce generator"); - fail_if(ng->get_id(ng) == 0, "Invalid context id (0)"); ng->nonce_gen.destroy(&ng->nonce_gen); } |