this->crypto->derive_keys_reauth(this->crypto,
chunk_create(this->mk, HASH_SIZE_SHA1));
- /* parse again with decryption key */
- if (!in->parse(in))
+ /* verify MAC and parse again with decryption key */
+ if (!in->verify(in, chunk_empty) || !in->parse(in))
{
*out = create_client_error(this, in->get_identifier(in));
return NEED_MORE;
*out = create_client_error(this, in->get_identifier(in));
return NEED_MORE;
}
- if (!in->verify(in, chunk_empty))
- {
- *out = create_client_error(this, in->get_identifier(in));
- return NEED_MORE;
- }
message = simaka_message_create(FALSE, in->get_identifier(in), EAP_AKA,
AKA_REAUTHENTICATION, this->crypto);
simaka_subtype_names, AKA_CHALLENGE);
return FAILED;
}
+ /* verify MAC of EAP message, AT_MAC */
+ if (!in->verify(in, chunk_empty))
+ {
+ return FAILED;
+ }
enumerator = in->create_attribute_enumerator(in);
while (enumerator->enumerate(enumerator, &type, &data))
{
}
enumerator->destroy(enumerator);
- /* verify MAC of EAP message, AT_MAC */
- if (!in->verify(in, chunk_empty))
- {
- DBG1(DBG_IKE, "AT_MAC verification failed");
- return FAILED;
- }
/* compare received RES against stored XRES */
if (!chunk_equals(res, this->xres))
{
simaka_subtype_names, AKA_REAUTHENTICATION);
return FAILED;
}
+ /* verify AT_MAC attribute, signature is over "EAP packet | NONCE_S" */
+ if (!in->verify(in, this->nonce))
+ {
+ return FAILED;
+ }
enumerator = in->create_attribute_enumerator(in);
while (enumerator->enumerate(enumerator, &type, &data))
}
enumerator->destroy(enumerator);
- /* verify AT_MAC attribute, signature is over "EAP packet | NONCE_S" */
- if (!in->verify(in, this->nonce))
- {
- return FAILED;
- }
if (too_small)
{
DBG1(DBG_IKE, "received %N, initiating full authentication",
this->crypto->derive_keys_reauth(this->crypto,
chunk_create(this->mk, HASH_SIZE_SHA1));
- /* parse again with decryption key */
- if (!in->parse(in))
+ /* verify MAC and parse again with decryption key */
+ if (!in->verify(in, chunk_empty) || !in->parse(in))
{
*out = create_client_error(this, in->get_identifier(in),
SIM_UNABLE_TO_PROCESS);
SIM_UNABLE_TO_PROCESS);
return NEED_MORE;
}
- if (!in->verify(in, chunk_empty))
- {
- *out = create_client_error(this, in->get_identifier(in),
- SIM_UNABLE_TO_PROCESS);
- return NEED_MORE;
- }
message = simaka_message_create(FALSE, in->get_identifier(in), EAP_SIM,
SIM_REAUTHENTICATION, this->crypto);
simaka_subtype_names, SIM_REAUTHENTICATION);
return FAILED;
}
+ /* verify AT_MAC attribute, signature is over "EAP packet | NONCE_S" */
+ if (!in->verify(in, this->nonce))
+ {
+ return FAILED;
+ }
enumerator = in->create_attribute_enumerator(in);
while (enumerator->enumerate(enumerator, &type, &data))
}
enumerator->destroy(enumerator);
- /* verify AT_MAC attribute, signature is over "EAP packet | NONCE_S" */
- if (!in->verify(in, this->nonce))
- {
- return FAILED;
- }
if (too_small)
{
DBG1(DBG_IKE, "received %N, initiating full authentication",
simaka_subtype_names, SIM_CHALLENGE);
return FAILED;
}
+ /* verify AT_MAC attribute, signature is over "EAP packet | n*SRES" */
+ if (!in->verify(in, this->sreses))
+ {
+ return FAILED;
+ }
enumerator = in->create_attribute_enumerator(in);
while (enumerator->enumerate(enumerator, &type, &data))
}
enumerator->destroy(enumerator);
- /* verify AT_MAC attribute, signature is over "EAP packet | n*SRES" */
- if (!in->verify(in, this->sreses))
- {
- return FAILED;
- }
return SUCCESS;
}
projects / strongswan.git / commitdiff