From 26ca0c9f70ed51dbd2d7113209d3e59cda1df3cf Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Fri, 23 Jul 2021 17:25:19 +0200 Subject: [PATCH] pkcs11: Move shared secret calculation to get_shared_secret() --- src/libstrongswan/plugins/pkcs11/pkcs11_dh.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c b/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c index d08ebb33c4..a75cec6746 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c @@ -60,6 +60,11 @@ struct private_pkcs11_dh_t { */ chunk_t pub_key; + /** + * Public value provided by peer + */ + chunk_t other; + /** * Shared secret */ @@ -122,6 +127,7 @@ METHOD(key_exchange_t, set_public_key, bool, return FALSE; } + chunk_clear(&this->other); switch (this->group) { case ECP_192_BIT: @@ -140,13 +146,14 @@ METHOD(key_exchange_t, set_public_key, bool, pubkey.len, pubkey.ptr, }; - value = chunk_from_thing(params); + this->other = chunk_clone(chunk_from_thing(params)); break; } default: + this->other = chunk_clone(value); break; } - return derive_secret(this, value); + return TRUE; } METHOD(key_exchange_t, get_public_key, bool, @@ -159,7 +166,8 @@ METHOD(key_exchange_t, get_public_key, bool, METHOD(key_exchange_t, get_shared_secret, bool, private_pkcs11_dh_t *this, chunk_t *secret) { - if (!this->secret.ptr) + if (!this->secret.ptr && + !derive_secret(this, this->other)) { return FALSE; } @@ -179,6 +187,7 @@ METHOD(key_exchange_t, destroy, void, this->lib->f->C_CloseSession(this->session); chunk_clear(&this->pub_key); chunk_clear(&this->secret); + chunk_clear(&this->other); free(this); } -- 2.47.2