Do not return shared secret in TKM Diffie-Hellman
authorAdrian-Ken Rueegsegger <ken@codelabs.ch>
Tue, 11 Sep 2012 17:13:29 +0000 (19:13 +0200)
committerTobias Brunner <tobias@strongswan.org>
Tue, 19 Mar 2013 14:23:48 +0000 (15:23 +0100)
Since the TKM handles all relevant key material, charon-tkm must not
have access to it anymore. Thus the ike_dh_get_shared_secret operation
is not available anymore.

src/charon-tkm/src/tkm/tkm_diffie_hellman.c

index cef5346..19f57de 100644 (file)
@@ -61,13 +61,7 @@ METHOD(diffie_hellman_t, get_my_public_value, void,
 METHOD(diffie_hellman_t, get_shared_secret, status_t,
        private_tkm_diffie_hellman_t *this, chunk_t *secret)
 {
-       dh_key_type shared_secret;
-       if (ike_dh_get_shared_secret(this->context_id, &shared_secret) != TKM_OK)
-       {
-               return FAILED;
-       }
-
-       sequence_to_chunk(&shared_secret.data[0], shared_secret.size, secret);
+       *secret = chunk_empty;
        return SUCCESS;
 }