aboutsummaryrefslogtreecommitdiffstats
path: root/src/charon/sa
diff options
context:
space:
mode:
authorMartin Willi <martin@strongswan.org>2008-11-28 09:51:44 +0000
committerMartin Willi <martin@strongswan.org>2008-11-28 09:51:44 +0000
commitddef45521943034c9c43fe3c39fc3e3fa74e3bf0 (patch)
treea1d21ac049c5a8e8e6ee87736bef27e94e0574c9 /src/charon/sa
parent9a1263c3c13a7d4d911e77d51cb93aae1163cf54 (diff)
downloadstrongswan-ddef45521943034c9c43fe3c39fc3e3fa74e3bf0.tar.bz2
strongswan-ddef45521943034c9c43fe3c39fc3e3fa74e3bf0.tar.xz
pass SKd to derive_ike_keys() to have a more interoperable API
Diffstat (limited to 'src/charon/sa')
-rw-r--r--src/charon/sa/keymat.c49
-rw-r--r--src/charon/sa/keymat.h15
-rw-r--r--src/charon/sa/tasks/ike_init.c67
3 files changed, 93 insertions, 38 deletions
diff --git a/src/charon/sa/keymat.c b/src/charon/sa/keymat.c
index c65bfc3b7..886618163 100644
--- a/src/charon/sa/keymat.c
+++ b/src/charon/sa/keymat.c
@@ -63,6 +63,11 @@ struct private_keymat_t {
prf_t *prf;
/**
+ * Negotiated PRF algorithm
+ */
+ pseudo_random_function_t prf_alg;
+
+ /**
* Key to derive key material from for CHILD_SAs, rekeying
*/
chunk_t skd;
@@ -145,7 +150,8 @@ static diffie_hellman_t* create_dh(private_keymat_t *this,
static bool derive_ike_keys(private_keymat_t *this, proposal_t *proposal,
diffie_hellman_t *dh, chunk_t nonce_i,
chunk_t nonce_r, ike_sa_id_t *id,
- private_keymat_t *rekey)
+ pseudo_random_function_t rekey_function,
+ chunk_t rekey_skd)
{
chunk_t skeyseed, key, secret, full_nonce, fixed_nonce, prf_plus_seed;
chunk_t spi_i, spi_r;
@@ -153,6 +159,7 @@ static bool derive_ike_keys(private_keymat_t *this, proposal_t *proposal,
signer_t *signer_i, *signer_r;
prf_plus_t *prf_plus;
u_int16_t alg, key_size;
+ prf_t *rekey_prf = NULL;
spi_i = chunk_alloca(sizeof(u_int64_t));
spi_r = chunk_alloca(sizeof(u_int64_t));
@@ -169,6 +176,7 @@ static bool derive_ike_keys(private_keymat_t *this, proposal_t *proposal,
transform_type_names, PSEUDO_RANDOM_FUNCTION);
return FALSE;
}
+ this->prf_alg = alg;
this->prf = lib->crypto->create_prf(lib->crypto, alg);
if (this->prf == NULL)
{
@@ -205,7 +213,7 @@ static bool derive_ike_keys(private_keymat_t *this, proposal_t *proposal,
*
* if we are rekeying, SKEYSEED is built on another way
*/
- if (rekey == NULL) /* not rekeying */
+ if (rekey_function == PRF_UNDEFINED) /* not rekeying */
{
/* SKEYSEED = prf(Ni | Nr, g^ir) */
this->prf->set_key(this->prf, fixed_nonce);
@@ -217,11 +225,21 @@ static bool derive_ike_keys(private_keymat_t *this, proposal_t *proposal,
{
/* SKEYSEED = prf(SK_d (old), [g^ir (new)] | Ni | Nr)
* use OLD SAs PRF functions for both prf_plus and prf */
+ rekey_prf = lib->crypto->create_prf(lib->crypto, rekey_function);
+ if (!rekey_prf)
+ {
+ DBG1(DBG_IKE, "PRF of old SA %N not supported!",
+ pseudo_random_function_names, rekey_function);
+ chunk_free(&full_nonce);
+ chunk_free(&fixed_nonce);
+ chunk_clear(&prf_plus_seed);
+ return FALSE;
+ }
secret = chunk_cat("mc", secret, full_nonce);
- rekey->prf->set_key(rekey->prf, rekey->skd);
- rekey->prf->allocate_bytes(rekey->prf, secret, &skeyseed);
- rekey->prf->set_key(rekey->prf, skeyseed);
- prf_plus = prf_plus_create(rekey->prf, prf_plus_seed);
+ rekey_prf->set_key(rekey_prf, rekey_skd);
+ rekey_prf->allocate_bytes(rekey_prf, secret, &skeyseed);
+ rekey_prf->set_key(rekey_prf, skeyseed);
+ prf_plus = prf_plus_create(rekey_prf, prf_plus_seed);
}
DBG4(DBG_IKE, "SKEYSEED %B", &skeyseed);
@@ -243,6 +261,8 @@ static bool derive_ike_keys(private_keymat_t *this, proposal_t *proposal,
{
DBG1(DBG_IKE, "no %N selected",
transform_type_names, INTEGRITY_ALGORITHM);
+ prf_plus->destroy(prf_plus);
+ DESTROY_IF(rekey_prf);
return FALSE;
}
signer_i = lib->crypto->create_signer(lib->crypto, alg);
@@ -253,6 +273,7 @@ static bool derive_ike_keys(private_keymat_t *this, proposal_t *proposal,
transform_type_names, INTEGRITY_ALGORITHM,
integrity_algorithm_names ,alg);
prf_plus->destroy(prf_plus);
+ DESTROY_IF(rekey_prf);
return FALSE;
}
key_size = signer_i->get_key_size(signer_i);
@@ -284,6 +305,7 @@ static bool derive_ike_keys(private_keymat_t *this, proposal_t *proposal,
DBG1(DBG_IKE, "no %N selected",
transform_type_names, ENCRYPTION_ALGORITHM);
prf_plus->destroy(prf_plus);
+ DESTROY_IF(rekey_prf);
return FALSE;
}
crypter_i = lib->crypto->create_crypter(lib->crypto, alg, key_size / 8);
@@ -294,6 +316,7 @@ static bool derive_ike_keys(private_keymat_t *this, proposal_t *proposal,
transform_type_names, ENCRYPTION_ALGORITHM,
encryption_algorithm_names, alg, key_size);
prf_plus->destroy(prf_plus);
+ DESTROY_IF(rekey_prf);
return FALSE;
}
key_size = crypter_i->get_key_size(crypter_i);
@@ -344,6 +367,7 @@ static bool derive_ike_keys(private_keymat_t *this, proposal_t *proposal,
/* all done, prf_plus not needed anymore */
prf_plus->destroy(prf_plus);
+ DESTROY_IF(rekey_prf);
return TRUE;
}
@@ -443,6 +467,15 @@ static bool derive_child_keys(private_keymat_t *this,
}
/**
+ * Implementation of keymat_t.get_skd
+ */
+static pseudo_random_function_t get_skd(private_keymat_t *this, chunk_t *skd)
+{
+ *skd = this->skd;
+ return this->prf_alg;
+}
+
+/**
* Implementation of keymat_t.get_signer
*/
static signer_t* get_signer(private_keymat_t *this, bool in)
@@ -544,8 +577,9 @@ keymat_t *keymat_create(bool initiator)
private_keymat_t *this = malloc_thing(private_keymat_t);
this->public.create_dh = (diffie_hellman_t*(*)(keymat_t*, diffie_hellman_group_t group))create_dh;
- this->public.derive_ike_keys = (bool(*)(keymat_t*, proposal_t *proposal, diffie_hellman_t *dh, chunk_t nonce_i, chunk_t nonce_r, ike_sa_id_t *id, keymat_t *rekey))derive_ike_keys;
+ this->public.derive_ike_keys = (bool(*)(keymat_t*, proposal_t *proposal, diffie_hellman_t *dh, chunk_t nonce_i, chunk_t nonce_r, ike_sa_id_t *id, pseudo_random_function_t,chunk_t))derive_ike_keys;
this->public.derive_child_keys = (bool(*)(keymat_t*, proposal_t *proposal, diffie_hellman_t *dh, chunk_t nonce_i, chunk_t nonce_r, chunk_t *encr_i, chunk_t *integ_i, chunk_t *encr_r, chunk_t *integ_r))derive_child_keys;
+ this->public.get_skd = (pseudo_random_function_t(*)(keymat_t*, chunk_t *skd))get_skd;
this->public.get_signer = (signer_t*(*)(keymat_t*, bool in))get_signer;
this->public.get_crypter = (crypter_t*(*)(keymat_t*, bool in))get_crypter;
this->public.get_auth_octets = (chunk_t(*)(keymat_t *, bool verify, chunk_t ike_sa_init, chunk_t nonce, identification_t *id))get_auth_octets;
@@ -559,6 +593,7 @@ keymat_t *keymat_create(bool initiator)
this->crypter_in = NULL;
this->crypter_out = NULL;
this->prf = NULL;
+ this->prf_alg = PRF_UNDEFINED;
this->skd = chunk_empty;
this->skp_verify = chunk_empty;
this->skp_build = chunk_empty;
diff --git a/src/charon/sa/keymat.h b/src/charon/sa/keymat.h
index 3ca25da9e..0d6d08f51 100644
--- a/src/charon/sa/keymat.h
+++ b/src/charon/sa/keymat.h
@@ -61,12 +61,15 @@ struct keymat_t {
* @param nonce_i initiators nonce value
* @param nonce_r responders nonce value
* @param id IKE_SA identifier
- * @param rekey keymat of old SA if we are rekeying
+ * @param rekey_prf PRF of old SA if rekeying, PRF_UNDEFINED otherwise
+ * @param rekey_sdk SKd of old SA if rekeying
* @return TRUE on success
*/
bool (*derive_ike_keys)(keymat_t *this, proposal_t *proposal,
diffie_hellman_t *dh, chunk_t nonce_i,
- chunk_t nonce_r, ike_sa_id_t *id, keymat_t *rekey);
+ chunk_t nonce_r, ike_sa_id_t *id,
+ pseudo_random_function_t rekey_function,
+ chunk_t rekey_skd);
/**
* Derive keys for a CHILD_SA.
*
@@ -91,6 +94,14 @@ struct keymat_t {
chunk_t *encr_i, chunk_t *integ_i,
chunk_t *encr_r, chunk_t *integ_r);
/**
+ * Get SKd to pass to derive_ikey_keys() during rekeying.
+ *
+ * @param skd chunk to write SKd to (internal data)
+ * @return PRF function to derive keymat
+ */
+ pseudo_random_function_t (*get_skd)(keymat_t *this, chunk_t *skd);
+
+ /**
* Get a signer to sign/verify IKE messages.
*
* @param in TRUE for inbound (verify), FALSE for outbound (sign)
diff --git a/src/charon/sa/tasks/ike_init.c b/src/charon/sa/tasks/ike_init.c
index ce440d820..4f28909da 100644
--- a/src/charon/sa/tasks/ike_init.c
+++ b/src/charon/sa/tasks/ike_init.c
@@ -370,13 +370,46 @@ static status_t process_r(private_ike_init_t *this, message_t *message)
}
/**
- * Implementation of task_t.build for responder
+ * Derive the keymat for the IKE_SA
*/
-static status_t build_r(private_ike_init_t *this, message_t *message)
+static bool derive_keys(private_ike_init_t *this,
+ chunk_t nonce_i, chunk_t nonce_r)
{
- keymat_t *old_keymat = NULL;
+ keymat_t *old_keymat;
+ pseudo_random_function_t prf_alg = PRF_UNDEFINED;
+ chunk_t skd = chunk_empty;
ike_sa_id_t *id;
+ id = this->ike_sa->get_id(this->ike_sa);
+ if (this->old_sa)
+ {
+ /* rekeying: Include old SKd, use old PRF, apply SPI */
+ old_keymat = this->old_sa->get_keymat(this->old_sa);
+ prf_alg = old_keymat->get_skd(old_keymat, &skd);
+ if (this->initiator)
+ {
+ id->set_responder_spi(id, this->proposal->get_spi(this->proposal));
+ }
+ else
+ {
+ id->set_initiator_spi(id, this->proposal->get_spi(this->proposal));
+ }
+ }
+ if (!this->keymat->derive_ike_keys(this->keymat, this->proposal, this->dh,
+ nonce_i, nonce_r, id, prf_alg, skd))
+ {
+ return FALSE;
+ }
+ charon->bus->ike_keys(charon->bus, this->ike_sa, this->dh,
+ nonce_i, nonce_r, this->old_sa);
+ return TRUE;
+}
+
+/**
+ * Implementation of task_t.build for responder
+ */
+static status_t build_r(private_ike_init_t *this, message_t *message)
+{
/* check if we have everything we need */
if (this->proposal == NULL ||
this->other_nonce.len == 0 || this->my_nonce.len == 0)
@@ -410,23 +443,12 @@ static status_t build_r(private_ike_init_t *this, message_t *message)
return FAILED;
}
- id = this->ike_sa->get_id(this->ike_sa);
- if (this->old_sa)
- { /* rekeying: Apply SPI, include keymat from old SA in key derivation */
- id->set_initiator_spi(id, this->proposal->get_spi(this->proposal));
- old_keymat = this->old_sa->get_keymat(this->old_sa);
- }
- if (!this->keymat->derive_ike_keys(this->keymat, this->proposal, this->dh,
- this->other_nonce, this->my_nonce, id, old_keymat))
+ if (!derive_keys(this, this->other_nonce, this->my_nonce))
{
DBG1(DBG_IKE, "key derivation failed");
message->add_notify(message, TRUE, NO_PROPOSAL_CHOSEN, chunk_empty);
return FAILED;
}
-
- charon->bus->ike_keys(charon->bus, this->ike_sa, this->dh,
- this->other_nonce, this->my_nonce, this->old_sa);
-
build_payloads(this, message);
return SUCCESS;
}
@@ -436,8 +458,6 @@ static status_t build_r(private_ike_init_t *this, message_t *message)
*/
static status_t process_i(private_ike_init_t *this, message_t *message)
{
- keymat_t *old_keymat = NULL;
- ike_sa_id_t *id;
iterator_t *iterator;
payload_t *payload;
@@ -521,22 +541,11 @@ static status_t process_i(private_ike_init_t *this, message_t *message)
return FAILED;
}
- id = this->ike_sa->get_id(this->ike_sa);
- if (this->old_sa)
- { /* rekeying: Apply SPI, include keymat from old SA in key derivation */
- id->set_responder_spi(id, this->proposal->get_spi(this->proposal));
- old_keymat = this->old_sa->get_keymat(this->old_sa);
- }
- if (!this->keymat->derive_ike_keys(this->keymat, this->proposal, this->dh,
- this->my_nonce, this->other_nonce, id, old_keymat))
+ if (!derive_keys(this, this->my_nonce, this->other_nonce))
{
DBG1(DBG_IKE, "key derivation failed");
return FAILED;
}
-
- charon->bus->ike_keys(charon->bus, this->ike_sa, this->dh,
- this->my_nonce, this->other_nonce, this->old_sa);
-
return SUCCESS;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-11 16:08:00 +0000