pkcs11: Move shared secret calculation to get_shared_secret()

diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c b/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c
index d08ebb33c4970560d1e5a84af4685c1d009b689a..a75cec67464efa2a0e1dabb38120f53c89d26b39 100644 (file)
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c
@@ -60,6 +60,11 @@ struct private_pkcs11_dh_t {
         */
        chunk_t pub_key;
 
+       /**
+        * Public value provided by peer
+        */
+       chunk_t other;
+
        /**
         * Shared secret
         */
@@ -122,6 +127,7 @@ METHOD(key_exchange_t, set_public_key, bool,
                return FALSE;
        }
 
+       chunk_clear(&this->other);
        switch (this->group)
        {
                case ECP_192_BIT:
@@ -140,13 +146,14 @@ METHOD(key_exchange_t, set_public_key, bool,
                                pubkey.len,
                                pubkey.ptr,
                        };
-                       value = chunk_from_thing(params);
+                       this->other = chunk_clone(chunk_from_thing(params));
                        break;
                }
                default:
+                       this->other = chunk_clone(value);
                        break;
        }
-       return derive_secret(this, value);
+       return TRUE;
 }
 
 METHOD(key_exchange_t, get_public_key, bool,
@@ -159,7 +166,8 @@ METHOD(key_exchange_t, get_public_key, bool,
 METHOD(key_exchange_t, get_shared_secret, bool,
        private_pkcs11_dh_t *this, chunk_t *secret)
 {
-       if (!this->secret.ptr)
+       if (!this->secret.ptr &&
+               !derive_secret(this, this->other))
        {
                return FALSE;
        }
@@ -179,6 +187,7 @@ METHOD(key_exchange_t, destroy, void,
        this->lib->f->C_CloseSession(this->session);
        chunk_clear(&this->pub_key);
        chunk_clear(&this->secret);
+       chunk_clear(&this->other);
        free(this);
 }