ka->len = key_size;
/* Ka = K1 | K2 | ..., K1 = prf(SKEYID_e, 0), K2 = prf(SKEYID_e, K1) ... */
- prf->set_key(prf, skeyid_e);
+ if (!prf->set_key(prf, skeyid_e))
+ {
+ chunk_clear(ka);
+ chunk_clear(&skeyid_e);
+ return FALSE;
+ }
seed = octet_0;
for (i = 0; i < key_size; i += block_size)
{
}
psk = shared_key->get_key(shared_key);
adjust_keylen(alg, &psk);
- this->prf->set_key(this->prf, psk);
- if (!this->prf->allocate_bytes(this->prf, nonces, &skeyid))
+ if (!this->prf->set_key(this->prf, psk) ||
+ !this->prf->allocate_bytes(this->prf, nonces, &skeyid))
{
chunk_clear(&g_xy);
return FALSE;
case AUTH_HYBRID_INIT_RSA:
case AUTH_HYBRID_RESP_RSA:
{
- this->prf->set_key(this->prf, nonces);
- if (!this->prf->allocate_bytes(this->prf, g_xy, &skeyid))
+ if (!this->prf->set_key(this->prf, nonces) ||
+ !this->prf->allocate_bytes(this->prf, g_xy, &skeyid))
{
chunk_clear(&g_xy);
return FALSE;
}
adjust_keylen(alg, &skeyid);
DBG4(DBG_IKE, "SKEYID %B", &skeyid);
- this->prf->set_key(this->prf, skeyid);
/* SKEYID_d = prf(SKEYID, g^xy | CKY-I | CKY-R | 0) */
data = chunk_cat("cccc", g_xy, spi_i, spi_r, octet_0);
- if (!this->prf->allocate_bytes(this->prf, data, &this->skeyid_d))
+ if (!this->prf->set_key(this->prf, skeyid) ||
+ !this->prf->allocate_bytes(this->prf, data, &this->skeyid_d))
{
chunk_clear(&g_xy);
chunk_clear(&data);
chunk_clear(&skeyid);
return FALSE;
}
- this->prf_auth->set_key(this->prf_auth, skeyid);
+ if (!this->prf_auth->set_key(this->prf_auth, skeyid))
+ {
+ chunk_clear(&skeyid);
+ return FALSE;
+ }
chunk_clear(&skeyid);
this->aead = create_aead(proposal, this->prf, skeyid_e);
}
/* KEYMAT = prf+(SKEYID_d, [ g(qm)^xy | ] protocol | SPI | Ni_b | Nr_b) */
- this->prf->set_key(this->prf, this->skeyid_d);
+ if (!this->prf->set_key(this->prf, this->skeyid_d))
+ {
+ return FALSE;
+ }
protocol = proposal->get_protocol(proposal);
if (dh)
{
default:
return FALSE;
}
- this->prf->set_key(this->prf, this->skeyid_a);
+ if (!this->prf->set_key(this->prf, this->skeyid_a))
+ {
+ return FALSE;
+ }
if (add_message)
{
generator_t *generator;
if (rekey_function == PRF_UNDEFINED) /* not rekeying */
{
/* SKEYSEED = prf(Ni | Nr, g^ir) */
- this->prf->set_key(this->prf, fixed_nonce);
- if (this->prf->allocate_bytes(this->prf, secret, &skeyseed))
+ if (this->prf->set_key(this->prf, fixed_nonce) &&
+ this->prf->allocate_bytes(this->prf, secret, &skeyseed) &&
+ this->prf->set_key(this->prf, skeyseed))
{
- this->prf->set_key(this->prf, skeyseed);
prf_plus = prf_plus_create(this->prf, TRUE, prf_plus_seed);
}
}
return FALSE;
}
secret = chunk_cat("mc", secret, full_nonce);
- rekey_prf->set_key(rekey_prf, rekey_skd);
- if (rekey_prf->allocate_bytes(rekey_prf, secret, &skeyseed))
+ if (rekey_prf->set_key(rekey_prf, rekey_skd) &&
+ rekey_prf->allocate_bytes(rekey_prf, secret, &skeyseed) &&
+ rekey_prf->set_key(rekey_prf, skeyseed))
{
- rekey_prf->set_key(rekey_prf, skeyseed);
prf_plus = prf_plus_create(rekey_prf, TRUE, prf_plus_seed);
}
}
int_size /= 8;
}
- this->prf->set_key(this->prf, this->skd);
+ if (!this->prf->set_key(this->prf, this->skd))
+ {
+ return FALSE;
+ }
prf_plus = prf_plus_create(this->prf, TRUE, seed);
if (!prf_plus)
{
DBG3(DBG_IKE, "IDx' %B", &idx);
DBG3(DBG_IKE, "SK_p %B", &skp);
- this->prf->set_key(this->prf, skp);
- if (!this->prf->allocate_bytes(this->prf, idx, &chunk))
+ if (!this->prf->set_key(this->prf, skp) ||
+ !this->prf->allocate_bytes(this->prf, idx, &chunk))
{
return FALSE;
}
}
/* AUTH = prf(prf(Shared Secret,"Key Pad for IKEv2"), <msg octets>) */
key_pad = chunk_create(IKEV2_KEY_PAD, IKEV2_KEY_PAD_LENGTH);
- this->prf->set_key(this->prf, secret);
- if (!this->prf->allocate_bytes(this->prf, key_pad, &key))
+ if (!this->prf->set_key(this->prf, secret) ||
+ !this->prf->allocate_bytes(this->prf, key_pad, &key))
{
chunk_free(&octets);
return FALSE;
}
- this->prf->set_key(this->prf, key);
- if (!this->prf->allocate_bytes(this->prf, octets, sig))
+ if (!this->prf->set_key(this->prf, key) ||
+ !this->prf->allocate_bytes(this->prf, octets, sig))
{
chunk_free(&key);
chunk_free(&octets);
DBG3(DBG_LIB, "MK %B", mk);
/* K_encr | K_auth | MSK | EMSK = prf() | prf() | prf() | prf() */
- this->prf->set_key(this->prf, *mk);
+ if (this->prf->set_key(this->prf, *mk))
+ {
+ return FALSE;
+ }
str = chunk_alloca(this->prf->get_block_size(this->prf) * 3);
for (i = 0; i < 3; i++)
{
int i;
/* K_encr | K_auth = prf() | prf() */
- this->prf->set_key(this->prf, mk);
+ if (!this->prf->set_key(this->prf, mk))
+ {
+ return FALSE;
+ }
str = chunk_alloca(this->prf->get_block_size(this->prf) * 2);
for (i = 0; i < 2; i++)
{
this->hasher->get_hash(this->hasher, mk, xkey);
/* MSK | EMSK = prf() | prf() | prf() | prf() */
- this->prf->set_key(this->prf, chunk_create(xkey, sizeof(xkey)));
+ if (!this->prf->set_key(this->prf, chunk_create(xkey, sizeof(xkey))))
+ {
+ return FALSE;
+ }
str = chunk_alloca(this->prf->get_block_size(this->prf) * 2);
for (i = 0; i < 2; i++)
{
failed = FALSE;
key = chunk_create(vector->key, vector->key_size);
- prf->set_key(prf, key);
+ if (!prf->set_key(prf, key))
+ {
+ failed = TRUE;
+ }
/* allocated bytes */
seed = chunk_create(vector->seed, vector->len);
memset(out.ptr, 0, out.len);
if (vector->stateful)
{
- prf->set_key(prf, key);
+ if (!prf->set_key(prf, key))
+ {
+ failed = TRUE;
+ }
}
if (!prf->get_bytes(prf, seed, out.ptr))
{
memset(out.ptr, 0, out.len);
if (vector->stateful)
{
- prf->set_key(prf, key);
+ if (!prf->set_key(prf, key))
+ {
+ failed = TRUE;
+ }
}
if (!prf->allocate_bytes(prf, chunk_create(seed.ptr, 1), NULL) ||
!prf->get_bytes(prf, chunk_create(seed.ptr + 1, 1), NULL) ||
return this->mac->get_mac_size(this->mac);
}
-METHOD(prf_t, set_key, void,
+METHOD(prf_t, set_key, bool,
private_prf_t *this, chunk_t key)
{
this->mac->set_key(this->mac, key);
+ return TRUE;
}
METHOD(prf_t, destroy, void,
* Set the key for this prf_t object.
*
* @param key key to set
+ * @return TRUE if key set successfully
*/
- void (*set_key) (prf_t *this, chunk_t key);
+ __attribute__((warn_unused_result))
+ bool (*set_key) (prf_t *this, chunk_t key);
/**
* Destroys a prf object.
return this->block_size;
}
-METHOD(prf_t, set_key, void,
+METHOD(prf_t, set_key, bool,
private_af_alg_prf_t *this, chunk_t key)
{
char buf[this->block_size];
}
}
this->ops->set_key(this->ops, key);
+ return TRUE;
}
METHOD(prf_t, destroy, void,
return this->b;
}
-METHOD(prf_t, set_key, void,
+METHOD(prf_t, set_key, bool,
private_fips_prf_t *this, chunk_t key)
{
/* save key as "key mod 2^b" */
chunk_mod(this->b, key, this->key);
+ return TRUE;
}
/**
}
/* use the keyed hasher, but use an empty key to use SHA1 IV */
- this->keyed_prf->set_key(this->keyed_prf, chunk_empty);
- if (!this->keyed_prf->get_bytes(this->keyed_prf, c, res))
+ if (!this->keyed_prf->set_key(this->keyed_prf, chunk_empty) ||
+ !this->keyed_prf->get_bytes(this->keyed_prf, c, res))
{
return FALSE;
}
return HASH_SIZE_SHA1;
}
-METHOD(prf_t, set_key, void,
+METHOD(prf_t, set_key, bool,
private_openssl_sha1_prf_t *this, chunk_t key)
{
SHA1_Init(&this->ctx);
+ if (key.len % 4)
+ {
+ return FALSE;
+ }
if (key.len >= 4)
{
this->ctx.h0 ^= untoh32(key.ptr);
{
this->ctx.h4 ^= untoh32(key.ptr + 16);
}
+ return TRUE;
}
METHOD(prf_t, destroy, void,
size_t blocks;
u_int32_t i = 0, *ni;
- prf->set_key(prf, password);
+ if (!prf->set_key(prf, password))
+ {
+ return FALSE;
+ }
block.len = prf->get_block_size(prf);
blocks = (key.len - 1) / block.len + 1;
return sizeof(this->hasher->state);
}
-METHOD(prf_t, set_key, void,
+METHOD(prf_t, set_key, bool,
private_sha1_prf_t *this, chunk_t key)
{
int i, rounds;
{
this->hasher->state[i] ^= htonl(iv[i]);
}
+ return TRUE;
}
METHOD(prf_t, destroy, void,
METHOD(tls_prf_t, set_key12, bool,
private_tls_prf12_t *this, chunk_t key)
{
- this->prf->set_key(this->prf, key);
- return TRUE;
+ return this->prf->set_key(this->prf, key);
}
/**
{
size_t len = key.len / 2 + key.len % 2;
- this->md5->set_key(this->md5, chunk_create(key.ptr, len));
- this->sha1->set_key(this->sha1, chunk_create(key.ptr + key.len - len, len));
- return TRUE;
+ return this->md5->set_key(this->md5, chunk_create(key.ptr, len)) &&
+ this->sha1->set_key(this->sha1, chunk_create(key.ptr + key.len - len,
+ len));
}
METHOD(tls_prf_t, get_bytes10, bool,