From: Adrian-Ken Rueegsegger <ken@codelabs.ch>
Date: Fri, 1 Sep 2017 16:46:05 +0000 (+0200)
Subject: charon-tkm: Fix AE context life-cycle handling
X-Git-Tag: 5.6.1dr3~23^2~2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=8e823bb8b1ae4b1efcb81bc2cf07717333309120;p=thirdparty%2Fstrongswan.git

charon-tkm: Fix AE context life-cycle handling

Use new reference counting feature of ID manager for AE contexts and
only perform reset if count is zero. Also, do not pass on AE ID as every
IKE SA must decrement AE ID count once it is not used any longer.
---

diff --git a/src/charon-tkm/src/tkm/tkm_keymat.c b/src/charon-tkm/src/tkm/tkm_keymat.c
index eb9f039d74..ed5366c2c3 100644
--- a/src/charon-tkm/src/tkm/tkm_keymat.c
+++ b/src/charon-tkm/src/tkm/tkm_keymat.c
@@ -281,6 +281,13 @@ METHOD(keymat_v2_t, derive_ike_keys, bool,
 		DBG1(DBG_IKE, "deriving IKE keys (parent_isa: %llu, ae: %llu, nc: %llu,"
 			 " dh: %llu, spi_loc: %llx, spi_rem: %llx)", isa_info.parent_isa_id,
 			 isa_info.ae_id, nc_id, dh_id, spi_loc, spi_rem);
+
+		if (!tkm->idmgr->acquire_ref(tkm->idmgr, TKM_CTX_AE, isa_info.ae_id))
+		{
+			DBG1(DBG_IKE, "unable to acquire reference for ae: %llu",
+				 isa_info.ae_id);
+			return FALSE;
+		}
 		this->ae_ctx_id = isa_info.ae_id;
 		res = ike_isa_create_child(this->isa_ctx_id, isa_info.parent_isa_id, 1,
 								   dh_id, nc_id, nonce_rem, this->initiator,
@@ -416,11 +423,6 @@ METHOD(keymat_v2_t, get_skd, pseudo_random_function_t,
 
 	*skd = chunk_create((u_char *)isa_info, sizeof(isa_info_t));
 
-	/*
-	 * remove ae context id, since control has now been handed over to the new
-	 * IKE SA keymat
-	 */
-	this->ae_ctx_id = 0;
 	return PRF_HMAC_SHA2_512;
 }
 
@@ -462,11 +464,12 @@ METHOD(keymat_t, destroy, void,
 	/* only reset ae context if set */
 	if (this->ae_ctx_id != 0)
 	{
-		if (ike_ae_reset(this->ae_ctx_id) != TKM_OK)
+		int count;
+		count = tkm->idmgr->release_id(tkm->idmgr, TKM_CTX_AE, this->ae_ctx_id);
+		if (count == 0 && ike_ae_reset(this->ae_ctx_id) != TKM_OK)
 		{
 			DBG1(DBG_IKE, "failed to reset AE context %d", this->ae_ctx_id);
 		}
-		tkm->idmgr->release_id(tkm->idmgr, TKM_CTX_AE, this->ae_ctx_id);
 	}
 
 	DESTROY_IF(this->hash_algorithms);