use a nonce for a PA-TNC message identifier
authorAndreas Steffen <andreas.steffen@strongswan.org>
Mon, 16 Jul 2012 16:08:49 +0000 (18:08 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Mon, 16 Jul 2012 16:08:49 +0000 (18:08 +0200)
src/libimcv/imc/imc_agent.c
src/libimcv/imv/imv_agent.c
src/libimcv/pa_tnc/pa_tnc_msg.c
src/libimcv/pa_tnc/pa_tnc_msg.h

index 661c3c7..8d1e707 100644 (file)
@@ -525,7 +525,11 @@ METHOD(imc_agent_t, send_message, TNC_Result,
                enumerator->destroy(enumerator);
 
                /* build and send the PA-TNC message via the IF-IMC interface */
-               pa_tnc_msg->build(pa_tnc_msg);
+               if (!pa_tnc_msg->build(pa_tnc_msg))
+               {
+                       pa_tnc_msg->destroy(pa_tnc_msg);
+                       return TNC_RESULT_FATAL;
+               }
                msg = pa_tnc_msg->get_encoding(pa_tnc_msg);
 
                if (state->has_long(state) && this->send_message_long)
index 784e031..0935caa 100644 (file)
@@ -547,7 +547,11 @@ METHOD(imv_agent_t, send_message, TNC_Result,
                enumerator->destroy(enumerator);
 
                /* build and send the PA-TNC message via the IF-IMV interface */
-               pa_tnc_msg->build(pa_tnc_msg);
+               if (!pa_tnc_msg->build(pa_tnc_msg))
+               {
+                       pa_tnc_msg->destroy(pa_tnc_msg);
+                       return TNC_RESULT_FATAL;
+               }
                msg = pa_tnc_msg->get_encoding(pa_tnc_msg);
 
                if (state->has_long(state) && this->send_message_long)
index 8f7617d..ca75543 100644 (file)
@@ -131,7 +131,7 @@ METHOD(pa_tnc_msg_t, add_attribute, bool,
        return TRUE;
 }
 
-METHOD(pa_tnc_msg_t, build, void,
+METHOD(pa_tnc_msg_t, build, bool,
        private_pa_tnc_msg_t *this)
 {
        bio_writer_t *writer;
@@ -142,12 +142,17 @@ METHOD(pa_tnc_msg_t, build, void,
        u_int32_t type;
        u_int8_t flags;
        chunk_t value;
-       rng_t *rng;
+       nonce_gen_t *ng;
 
-       /* create a random message identifier */
-       rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
-       rng->get_bytes(rng, sizeof(this->identifier), (u_int8_t*)&this->identifier);
-       rng->destroy(rng);
+       /* generate a nonce as a message identifier */
+       ng = lib->crypto->create_nonce_gen(lib->crypto);
+       if (!ng || !ng->get_nonce(ng, 4, (u_int8_t*)&this->identifier))
+       {
+               DBG1(DBG_TNC, "failed to generate random PA-TNC message identifier");
+               DESTROY_IF(ng);
+               return FALSE;
+       }
+       ng->destroy(ng);
        DBG2(DBG_TNC, "creating PA-TNC message with ID 0x%08x", this->identifier);
 
        /* build message header */
@@ -193,6 +198,8 @@ METHOD(pa_tnc_msg_t, build, void,
        free(this->encoding.ptr);
        this->encoding = chunk_clone(writer->get_buf(writer));
        writer->destroy(writer);
+
+       return TRUE;
 }
 
 METHOD(pa_tnc_msg_t, process, status_t,
index 64d434c..80016fe 100644 (file)
@@ -52,8 +52,10 @@ struct pa_tnc_msg_t {
 
        /**
         * Build the PA-TNC message
+        *
+        * @return                                      TRUE if PA-TNC message was built successfully
         */
-       void (*build)(pa_tnc_msg_t *this);
+       bool (*build)(pa_tnc_msg_t *this);
 
        /**
         * Process the PA-TNC message