Use nonce_gen instead of rng to generate nonces
authorAdrian-Ken Rueegsegger <ken@codelabs.ch>
Wed, 2 May 2012 15:49:41 +0000 (17:49 +0200)
committerTobias Brunner <tobias@strongswan.org>
Fri, 18 May 2012 06:15:41 +0000 (08:15 +0200)
Replace usage of rng plugin with nonce generator to create nonces in
IKE_INIT, CHILD_CREATE and QUICK_MODE tasks and the IKEv1 phase 1 helper.

src/libcharon/sa/ikev1/phase1.c
src/libcharon/sa/ikev1/tasks/quick_mode.c
src/libcharon/sa/ikev2/tasks/child_create.c
src/libcharon/sa/ikev2/tasks/ike_init.c

index c29e5c7..ec55d53 100644 (file)
@@ -595,20 +595,20 @@ METHOD(phase1_t, add_nonce_ke, bool,
 {
        nonce_payload_t *nonce_payload;
        ke_payload_t *ke_payload;
+       nonce_gen_t *nonceg;
        chunk_t nonce;
-       rng_t *rng;
 
        ke_payload = ke_payload_create_from_diffie_hellman(KEY_EXCHANGE_V1, this->dh);
        message->add_payload(message, &ke_payload->payload_interface);
 
-       rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
-       if (!rng)
+       nonceg = this->keymat->keymat.create_nonce_gen(&this->keymat->keymat);
+       if (!nonceg)
        {
-               DBG1(DBG_IKE, "no RNG found to create nonce");
+               DBG1(DBG_IKE, "no nonce generator found to create nonce");
                return FALSE;
        }
-       rng->allocate_bytes(rng, NONCE_SIZE, &nonce);
-       rng->destroy(rng);
+       nonceg->allocate_nonce(nonceg, NONCE_SIZE, &nonce);
+       nonceg->destroy(nonceg);
 
        nonce_payload = nonce_payload_create(NONCE_V1);
        nonce_payload->set_nonce(nonce_payload, nonce);
index cbde6ac..f98bfa2 100755 (executable)
@@ -297,16 +297,16 @@ static bool add_nonce(private_quick_mode_t *this, chunk_t *nonce,
                                          message_t *message)
 {
        nonce_payload_t *nonce_payload;
-       rng_t *rng;
+       nonce_gen_t *nonceg;
 
-       rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
-       if (!rng)
+       nonceg = this->keymat->keymat.create_nonce_gen(&this->keymat->keymat);
+       if (!nonceg)
        {
-               DBG1(DBG_IKE, "no RNG found to create nonce");
+               DBG1(DBG_IKE, "no nonce generator found to create nonce");
                return FALSE;
        }
-       rng->allocate_bytes(rng, NONCE_SIZE, nonce);
-       rng->destroy(rng);
+       nonceg->allocate_nonce(nonceg, NONCE_SIZE, nonce);
+       nonceg->destroy(nonceg);
 
        nonce_payload = nonce_payload_create(NONCE_V1);
        nonce_payload->set_nonce(nonce_payload, *nonce);
index eeb9209..ad7324d 100644 (file)
@@ -192,18 +192,18 @@ static status_t get_nonce(message_t *message, chunk_t *nonce)
 /**
  * generate a new nonce to include in a CREATE_CHILD_SA message
  */
-static status_t generate_nonce(chunk_t *nonce)
+static status_t generate_nonce(private_child_create_t *this)
 {
-       rng_t *rng;
+       nonce_gen_t *nonceg;
 
-       rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
-       if (!rng)
+       nonceg = this->keymat->keymat.create_nonce_gen(&this->keymat->keymat);
+       if (!nonceg)
        {
-               DBG1(DBG_IKE, "error generating nonce value, no RNG found");
+               DBG1(DBG_IKE, "no nonce generator found to create nonce");
                return FAILED;
        }
-       rng->allocate_bytes(rng, NONCE_SIZE, nonce);
-       rng->destroy(rng);
+       nonceg->allocate_nonce(nonceg, NONCE_SIZE, &this->my_nonce);
+       nonceg->destroy(nonceg);
        return SUCCESS;
 }
 
@@ -720,7 +720,7 @@ METHOD(task_t, build_i, status_t,
                case IKE_SA_INIT:
                        return get_nonce(message, &this->my_nonce);
                case CREATE_CHILD_SA:
-                       if (generate_nonce(&this->my_nonce) != SUCCESS)
+                       if (generate_nonce(this) != SUCCESS)
                        {
                                message->add_notify(message, FALSE, NO_PROPOSAL_CHOSEN, chunk_empty);
                                return SUCCESS;
@@ -909,7 +909,7 @@ METHOD(task_t, build_r, status_t,
                case IKE_SA_INIT:
                        return get_nonce(message, &this->my_nonce);
                case CREATE_CHILD_SA:
-                       if (generate_nonce(&this->my_nonce) != SUCCESS)
+                       if (generate_nonce(this) != SUCCESS)
                        {
                                message->add_notify(message, FALSE, NO_PROPOSAL_CHOSEN,
                                                                        chunk_empty);
index 3fbbcfd..bd1846e 100644 (file)
@@ -225,8 +225,6 @@ static void process_payloads(private_ike_init_t *this, message_t *message)
 METHOD(task_t, build_i, status_t,
        private_ike_init_t *this, message_t *message)
 {
-       rng_t *rng;
-
        this->config = this->ike_sa->get_ike_cfg(this->ike_sa);
        DBG0(DBG_IKE, "initiating IKE_SA %s[%d] to %H",
                 this->ike_sa->get_name(this->ike_sa),
@@ -257,14 +255,16 @@ METHOD(task_t, build_i, status_t,
        /* generate nonce only when we are trying the first time */
        if (this->my_nonce.ptr == NULL)
        {
-               rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
-               if (!rng)
+               nonce_gen_t *nonceg;
+
+               nonceg = this->keymat->keymat.create_nonce_gen(&this->keymat->keymat);
+               if (!nonceg)
                {
-                       DBG1(DBG_IKE, "error generating nonce");
+                       DBG1(DBG_IKE, "no nonce generator found to create nonce");
                        return FAILED;
                }
-               rng->allocate_bytes(rng, NONCE_SIZE, &this->my_nonce);
-               rng->destroy(rng);
+               nonceg->allocate_nonce(nonceg, NONCE_SIZE, &this->my_nonce);
+               nonceg->destroy(nonceg);
        }
 
        if (this->cookie.ptr)
@@ -290,20 +290,20 @@ METHOD(task_t, build_i, status_t,
 METHOD(task_t, process_r,  status_t,
        private_ike_init_t *this, message_t *message)
 {
-       rng_t *rng;
+       nonce_gen_t *nonceg;
 
        this->config = this->ike_sa->get_ike_cfg(this->ike_sa);
        DBG0(DBG_IKE, "%H is initiating an IKE_SA", message->get_source(message));
        this->ike_sa->set_state(this->ike_sa, IKE_CONNECTING);
 
-       rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
-       if (!rng)
+       nonceg = this->keymat->keymat.create_nonce_gen(&this->keymat->keymat);
+       if (!nonceg)
        {
-               DBG1(DBG_IKE, "error generating nonce");
+               DBG1(DBG_IKE, "no nonce generator found to create nonce");
                return FAILED;
        }
-       rng->allocate_bytes(rng, NONCE_SIZE, &this->my_nonce);
-       rng->destroy(rng);
+       nonceg->allocate_nonce(nonceg, NONCE_SIZE, &this->my_nonce);
+       nonceg->destroy(nonceg);
 
 #ifdef ME
        {