From: Andreas Steffen <andreas.steffen@strongswan.org>
Date: Mon, 16 Jul 2012 16:08:49 +0000 (+0200)
Subject: use a nonce for a PA-TNC message identifier
X-Git-Tag: 5.0.1~297
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e51c527e68bc59d5df249236ba3ee1b462d5a3e9;p=thirdparty%2Fstrongswan.git

use a nonce for a PA-TNC message identifier
---

diff --git a/src/libimcv/imc/imc_agent.c b/src/libimcv/imc/imc_agent.c
index 661c3c77f0..8d1e70716e 100644
--- a/src/libimcv/imc/imc_agent.c
+++ b/src/libimcv/imc/imc_agent.c
@@ -525,7 +525,11 @@ METHOD(imc_agent_t, send_message, TNC_Result,
 		enumerator->destroy(enumerator);
 
 		/* build and send the PA-TNC message via the IF-IMC interface */
-		pa_tnc_msg->build(pa_tnc_msg);
+		if (!pa_tnc_msg->build(pa_tnc_msg))
+		{
+			pa_tnc_msg->destroy(pa_tnc_msg);
+			return TNC_RESULT_FATAL;
+		}
 		msg = pa_tnc_msg->get_encoding(pa_tnc_msg);
 
 		if (state->has_long(state) && this->send_message_long)
diff --git a/src/libimcv/imv/imv_agent.c b/src/libimcv/imv/imv_agent.c
index 784e0316a0..0935caad9a 100644
--- a/src/libimcv/imv/imv_agent.c
+++ b/src/libimcv/imv/imv_agent.c
@@ -547,7 +547,11 @@ METHOD(imv_agent_t, send_message, TNC_Result,
 		enumerator->destroy(enumerator);
 
 		/* build and send the PA-TNC message via the IF-IMV interface */
-		pa_tnc_msg->build(pa_tnc_msg);
+		if (!pa_tnc_msg->build(pa_tnc_msg))
+		{
+			pa_tnc_msg->destroy(pa_tnc_msg);
+			return TNC_RESULT_FATAL;
+		}
 		msg = pa_tnc_msg->get_encoding(pa_tnc_msg);
 
 		if (state->has_long(state) && this->send_message_long)
diff --git a/src/libimcv/pa_tnc/pa_tnc_msg.c b/src/libimcv/pa_tnc/pa_tnc_msg.c
index 8f7617dc1d..ca755439c7 100644
--- a/src/libimcv/pa_tnc/pa_tnc_msg.c
+++ b/src/libimcv/pa_tnc/pa_tnc_msg.c
@@ -131,7 +131,7 @@ METHOD(pa_tnc_msg_t, add_attribute, bool,
 	return TRUE;
 }
 
-METHOD(pa_tnc_msg_t, build, void,
+METHOD(pa_tnc_msg_t, build, bool,
 	private_pa_tnc_msg_t *this)
 {
 	bio_writer_t *writer;
@@ -142,12 +142,17 @@ METHOD(pa_tnc_msg_t, build, void,
 	u_int32_t type;
 	u_int8_t flags;
 	chunk_t value;
-	rng_t *rng;
+	nonce_gen_t *ng;
 
-	/* create a random message identifier */
-	rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
-	rng->get_bytes(rng, sizeof(this->identifier), (u_int8_t*)&this->identifier);
-	rng->destroy(rng);
+	/* generate a nonce as a message identifier */
+	ng = lib->crypto->create_nonce_gen(lib->crypto);
+	if (!ng || !ng->get_nonce(ng, 4, (u_int8_t*)&this->identifier))
+	{
+		DBG1(DBG_TNC, "failed to generate random PA-TNC message identifier");
+		DESTROY_IF(ng);
+		return FALSE;
+	}
+	ng->destroy(ng);
 	DBG2(DBG_TNC, "creating PA-TNC message with ID 0x%08x", this->identifier);
 
 	/* build message header */
@@ -193,6 +198,8 @@ METHOD(pa_tnc_msg_t, build, void,
 	free(this->encoding.ptr);
 	this->encoding = chunk_clone(writer->get_buf(writer));
 	writer->destroy(writer);
+
+	return TRUE;
 }
 
 METHOD(pa_tnc_msg_t, process, status_t,
diff --git a/src/libimcv/pa_tnc/pa_tnc_msg.h b/src/libimcv/pa_tnc/pa_tnc_msg.h
index 64d434ca81..80016fecd1 100644
--- a/src/libimcv/pa_tnc/pa_tnc_msg.h
+++ b/src/libimcv/pa_tnc/pa_tnc_msg.h
@@ -52,8 +52,10 @@ struct pa_tnc_msg_t {
 
 	/**
 	 * Build the PA-TNC message
+	 *
+	 * @return					TRUE if PA-TNC message was built successfully
 	 */
-	void (*build)(pa_tnc_msg_t *this);
+	bool (*build)(pa_tnc_msg_t *this);
 
 	/**
 	 * Process the PA-TNC message