this->dh->get_my_public_value(this->dh, &dh);
keymat = (keymat_v1_t*)this->ike_sa->get_keymat(this->ike_sa);
- hash = keymat->get_hash(keymat, this->initiator, dh, this->dh_value,
+ if (!keymat->get_hash(keymat, this->initiator, dh, this->dh_value,
this->ike_sa->get_id(this->ike_sa), this->sa_payload,
- this->id_payload);
+ this->id_payload, &hash))
+ {
+ free(dh.ptr);
+ return FAILED;
+ }
free(dh.ptr);
hash_payload = hash_payload_create(HASH_V1);
this->dh->get_my_public_value(this->dh, &dh);
keymat = (keymat_v1_t*)this->ike_sa->get_keymat(this->ike_sa);
- hash = keymat->get_hash(keymat, !this->initiator, this->dh_value, dh,
+ if (!keymat->get_hash(keymat, !this->initiator, this->dh_value, dh,
this->ike_sa->get_id(this->ike_sa), this->sa_payload,
- this->id_payload);
+ this->id_payload, &hash))
+ {
+ free(dh.ptr);
+ return FAILED;
+ }
free(dh.ptr);
if (chunk_equals(hash, hash_payload->get_hash(hash_payload)))
{
this->dh->get_my_public_value(this->dh, &dh);
keymat = (keymat_v1_t*)this->ike_sa->get_keymat(this->ike_sa);
- hash = keymat->get_hash(keymat, this->initiator, dh, this->dh_value,
+ if (!keymat->get_hash(keymat, this->initiator, dh, this->dh_value,
this->ike_sa->get_id(this->ike_sa), this->sa_payload,
- this->id_payload);
+ this->id_payload, &hash))
+ {
+ private->destroy(private);
+ free(dh.ptr);
+ return FAILED;
+ }
free(dh.ptr);
if (private->sign(private, scheme, hash, &sig))
id = this->ike_sa->get_other_id(this->ike_sa);
this->dh->get_my_public_value(this->dh, &dh);
keymat = (keymat_v1_t*)this->ike_sa->get_keymat(this->ike_sa);
- hash = keymat->get_hash(keymat, !this->initiator, this->dh_value, dh,
+ if (!keymat->get_hash(keymat, !this->initiator, this->dh_value, dh,
this->ike_sa->get_id(this->ike_sa), this->sa_payload,
- this->id_payload);
+ this->id_payload, &hash))
+ {
+ free(dh.ptr);
+ return FAILED;
+ }
free(dh.ptr);
sig = sig_payload->get_hash(sig_payload);
return this->hasher;
}
-METHOD(keymat_v1_t, get_hash, chunk_t,
+METHOD(keymat_v1_t, get_hash, bool,
private_keymat_v1_t *this, bool initiator, chunk_t dh, chunk_t dh_other,
- ike_sa_id_t *ike_sa_id, chunk_t sa_i, chunk_t id)
+ ike_sa_id_t *ike_sa_id, chunk_t sa_i, chunk_t id, chunk_t *hash)
{
- chunk_t hash, data;
+ chunk_t data;
u_int64_t spi, spi_other;
/* HASH_I = prf(SKEYID, g^xi | g^xr | CKY-I | CKY-R | SAi_b | IDii_b )
DBG3(DBG_IKE, "HASH_%c data %B", initiator ? 'I' : 'R', &data);
- this->prf_auth->allocate_bytes(this->prf_auth, data, &hash);
+ this->prf_auth->allocate_bytes(this->prf_auth, data, hash);
- DBG3(DBG_IKE, "HASH_%c %B", initiator ? 'I' : 'R', &hash);
+ DBG3(DBG_IKE, "HASH_%c %B", initiator ? 'I' : 'R', hash);
free(data.ptr);
- return hash;
+ return TRUE;
}
/**
* @param ike_sa_id IKE_SA identifier
* @param sa_i encoded SA payload of initiator
* @param id encoded IDii payload for HASH_I (IDir for HASH_R)
- * @return allocated HASH data
+ * @param hash chunk receiving allocated HASH data
+ * @return TRUE if hash allocated successfully
*/
- chunk_t (*get_hash)(keymat_v1_t *this, bool initiator,
+ bool (*get_hash)(keymat_v1_t *this, bool initiator,
chunk_t dh, chunk_t dh_other, ike_sa_id_t *ike_sa_id,
- chunk_t sa_i, chunk_t id);
+ chunk_t sa_i, chunk_t id, chunk_t *hash);
/**
* Get HASH data for integrity/authentication in Phase 2 exchanges.
projects / thirdparty / strongswan.git / commitdiff
