aboutsummaryrefslogtreecommitdiffstats
path: root/src/eap_server
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2007-12-31 16:46:41 (GMT)
committerJouni Malinen <j@w1.fi>2007-12-31 16:46:41 (GMT)
commit5fc6dea6ae65ede966e1a2f18be77c982464cfe1 (patch)
tree95df950c502768b51623e64025e6a10d5594cf6e /src/eap_server
parent7a4f0de8daabc6eb57f7105fcc1d6c5113542b47 (diff)
downloadhostap-history-5fc6dea6ae65ede966e1a2f18be77c982464cfe1.zip
hostap-history-5fc6dea6ae65ede966e1a2f18be77c982464cfe1.tar.gz
hostap-history-5fc6dea6ae65ede966e1a2f18be77c982464cfe1.tar.bz2
Share the same routine for decrypting payloads in initiator and responder.
Diffstat (limited to 'src/eap_server')
-rw-r--r--src/eap_server/ikev2.c80
1 files changed, 7 insertions, 73 deletions
diff --git a/src/eap_server/ikev2.c b/src/eap_server/ikev2.c
index de411ca..8ef3d3a 100644
--- a/src/eap_server/ikev2.c
+++ b/src/eap_server/ikev2.c
@@ -764,85 +764,19 @@ static int ikev2_process_sa_auth(struct ikev2_initiator_data *data,
const struct ikev2_hdr *hdr,
struct ikev2_payloads *pl)
{
- size_t iv_len;
- const u8 *pos, *end, *iv, *integ;
- u8 hash[IKEV2_MAX_HASH_LEN];
u8 *decrypted;
- size_t decrypted_len, pad_len;
+ size_t decrypted_len;
int ret;
- const struct ikev2_integ_alg *integ_alg;
- const struct ikev2_encr_alg *encr_alg;
-
- if (pl->encrypted == NULL) {
- wpa_printf(MSG_INFO, "IKEV2: No Encrypted payload in SA_AUTH");
- return -1;
- }
-
- encr_alg = ikev2_get_encr(data->proposal.encr);
- if (encr_alg == NULL) {
- wpa_printf(MSG_INFO, "IKEV2: Unsupported encryption type");
- return -1;
- }
- iv_len = encr_alg->block_size;
-
- integ_alg = ikev2_get_integ(data->proposal.integ);
- if (integ_alg == NULL) {
- wpa_printf(MSG_INFO, "IKEV2: Unsupported intergrity type");
- return -1;
- }
-
- if (pl->encrypted_len < iv_len + 1 + integ_alg->hash_len) {
- wpa_printf(MSG_INFO, "IKEV2: No room for IV or Integrity "
- "Checksum");
- return -1;
- }
-
- iv = pl->encrypted;
- pos = iv + iv_len;
- end = pl->encrypted + pl->encrypted_len;
- integ = end - integ_alg->hash_len;
-
- if (data->SK_ar == NULL) {
- wpa_printf(MSG_INFO, "IKEV2: No SK_ar available");
- return -1;
- }
- if (ikev2_integ_hash(data->proposal.integ,
- data->SK_ar, data->SK_integ_len, (const u8 *) hdr,
- integ - (const u8 *) hdr, hash) < 0) {
- wpa_printf(MSG_INFO, "IKEV2: Failed to calculate integrity "
- "hash");
- return -1;
- }
- if (os_memcmp(integ, hash, integ_alg->hash_len) != 0) {
- wpa_printf(MSG_INFO, "IKEV2: Incorrect Integrity Checksum "
- "Data");
- return -1;
- }
- if (data->SK_er == NULL) {
- wpa_printf(MSG_INFO, "IKEV2: No SK_er available");
- return -1;
- }
-
- decrypted_len = integ - pos;
- decrypted = os_malloc(decrypted_len);
+ decrypted = ikev2_decrypt_payload(data->proposal.encr,
+ data->proposal.integ,
+ data->SK_er, data->SK_encr_len,
+ data->SK_ar, data->SK_integ_len,
+ hdr, pl->encrypted,
+ pl->encrypted_len, &decrypted_len);
if (decrypted == NULL)
return -1;
- if (ikev2_encr_decrypt(encr_alg->id, data->SK_er, data->SK_encr_len,
- iv, pos, decrypted, decrypted_len) < 0)
- return -1;
-
- pad_len = decrypted[decrypted_len - 1];
- if (decrypted_len < pad_len + 1) {
- wpa_printf(MSG_INFO, "IKEV2: Invalid padding in encrypted "
- "payload");
- os_free(decrypted);
- return -1;
- }
-
- decrypted_len -= pad_len + 1;
-
ret = ikev2_process_sa_auth_decrypted(data, pl->encr_next_payload,
decrypted, decrypted_len);
os_free(decrypted);