diff options
| author | Martin Willi <martin@strongswan.org> | 2008-10-30 09:18:52 +0000 |
|---|---|---|
| committer | Martin Willi <martin@strongswan.org> | 2008-10-30 09:18:52 +0000 |
| commit | 5a76bb7f7a93ef1a3347db6b1c7e9ee58ed803f0 (patch) | |
| tree | 782328149f29f39351d37ba8129f0862ee7d6711 | |
| parent | fdaed5289a7c4a97c8f4052a138d6f108fd22bf0 (diff) | |
| download | strongswan-5a76bb7f7a93ef1a3347db6b1c7e9ee58ed803f0.tar.bz2 strongswan-5a76bb7f7a93ef1a3347db6b1c7e9ee58ed803f0.tar.xz | |
store plain skd, not the prf
| -rw-r--r-- | src/charon/sa/keymat.c | 41 | ||||
| -rw-r--r-- | src/charon/sa/tasks/child_create.c | 1 |
2 files changed, 19 insertions, 23 deletions
diff --git a/src/charon/sa/keymat.c b/src/charon/sa/keymat.c index 08bf55cff..055768888 100644 --- a/src/charon/sa/keymat.c +++ b/src/charon/sa/keymat.c @@ -63,9 +63,9 @@ struct private_keymat_t { prf_t *prf; /** - * PRF for CHILD_SA keymat + * Key to derive key material from for CHILD_SAs, rekeying */ - prf_t *child_prf; + chunk_t skd; /** * Key to build outging authentication data (SKp) @@ -193,8 +193,9 @@ static bool derive_ike_keys(private_keymat_t *this, proposal_t *proposal, /* while rfc4434 defines variable keys for AES-XCBC, rfc3664 does * not and therefore fixed key semantics apply to XCBC for key * derivation. */ - nonce_i.len = min(nonce_i.len, this->prf->get_key_size(this->prf)/2); - nonce_r.len = min(nonce_r.len, this->prf->get_key_size(this->prf)/2); + key_size = this->prf->get_key_size(this->prf)/2; + nonce_i.len = min(nonce_i.len, key_size); + nonce_r.len = min(nonce_r.len, key_size); break; default: /* all other algorithms use variable key length, full nonce */ @@ -214,10 +215,7 @@ static bool derive_ike_keys(private_keymat_t *this, proposal_t *proposal, /* SKEYSEED = prf(Ni | Nr, g^ir) */ this->prf->set_key(this->prf, fixed_nonce); this->prf->allocate_bytes(this->prf, secret, &skeyseed); - DBG4(DBG_IKE, "SKEYSEED %B", &skeyseed); this->prf->set_key(this->prf, skeyseed); - chunk_clear(&skeyseed); - chunk_clear(&secret); prf_plus = prf_plus_create(this->prf, prf_plus_seed); } else @@ -225,27 +223,25 @@ static bool derive_ike_keys(private_keymat_t *this, proposal_t *proposal, /* SKEYSEED = prf(SK_d (old), [g^ir (new)] | Ni | Nr) * use OLD SAs PRF functions for both prf_plus and prf */ secret = chunk_cat("mc", secret, full_nonce); - rekey->child_prf->allocate_bytes(rekey->child_prf, secret, &skeyseed); - DBG4(DBG_IKE, "SKEYSEED %B", &skeyseed); + rekey->prf->set_key(rekey->prf, rekey->skd); + rekey->prf->allocate_bytes(rekey->prf, secret, &skeyseed); rekey->prf->set_key(rekey->prf, skeyseed); - chunk_clear(&skeyseed); - chunk_clear(&secret); prf_plus = prf_plus_create(rekey->prf, prf_plus_seed); } + DBG4(DBG_IKE, "SKEYSEED %B", &skeyseed); + + chunk_clear(&skeyseed); + chunk_clear(&secret); chunk_free(&full_nonce); chunk_free(&fixed_nonce); chunk_clear(&prf_plus_seed); /* KEYMAT = SK_d | SK_ai | SK_ar | SK_ei | SK_er | SK_pi | SK_pr */ - /* SK_d is used for generating CHILD_SA key mat => child_prf */ - proposal->get_algorithm(proposal, PSEUDO_RANDOM_FUNCTION, &alg, NULL); - this->child_prf = lib->crypto->create_prf(lib->crypto, alg); - key_size = this->child_prf->get_key_size(this->child_prf); - prf_plus->allocate_bytes(prf_plus, key_size, &key); - DBG4(DBG_IKE, "Sk_d secret %B", &key); - this->child_prf->set_key(this->child_prf, key); - chunk_clear(&key); + /* SK_d is used for generating CHILD_SA key mat => store for later use */ + key_size = this->prf->get_key_size(this->prf); + prf_plus->allocate_bytes(prf_plus, key_size, &this->skd); + DBG4(DBG_IKE, "Sk_d secret %B", &this->skd); /* SK_ai/SK_ar used for integrity protection => signer_in/signer_out */ if (!proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM, &alg, NULL)) @@ -441,7 +437,8 @@ static bool derive_child_keys(private_keymat_t *this, int_size /= 8; } - prf_plus = prf_plus_create(this->child_prf, seed); + this->prf->set_key(this->prf, this->skd); + prf_plus = prf_plus_create(this->prf, seed); prf_plus->allocate_bytes(prf_plus, enc_size, encr_i); prf_plus->allocate_bytes(prf_plus, int_size, integ_i); @@ -549,8 +546,8 @@ static void destroy(private_keymat_t *this) DESTROY_IF(this->crypter_in); DESTROY_IF(this->crypter_out); DESTROY_IF(this->prf); - DESTROY_IF(this->child_prf); DESTROY_IF(this->proposal); + chunk_clear(&this->skd); chunk_clear(&this->skp_verify); chunk_clear(&this->skp_build); free(this); @@ -580,8 +577,8 @@ keymat_t *keymat_create(bool initiator) this->crypter_in = NULL; this->crypter_out = NULL; this->prf = NULL; - this->child_prf = NULL; this->proposal = NULL; + this->skd = chunk_empty; this->skp_verify = chunk_empty; this->skp_build = chunk_empty; diff --git a/src/charon/sa/tasks/child_create.c b/src/charon/sa/tasks/child_create.c index 0f1a47bfe..541cf97c8 100644 --- a/src/charon/sa/tasks/child_create.c +++ b/src/charon/sa/tasks/child_create.c @@ -356,7 +356,6 @@ static status_t select_and_install(private_child_create_t *this, bool no_dh) this->mode, integ_i, integ_r, encr_i, encr_r); } } - /* TODO: invoke bus method with key mat */ chunk_clear(&integ_i); chunk_clear(&integ_r); chunk_clear(&encr_i); |