Implemented IKEv2 keymat derivation for AEAD algorithms

author: Martin Willi <martin@revosec.ch> 2010-08-18 20:18:20 +0200
committer: Martin Willi <martin@revosec.ch> 2010-08-19 19:02:34 +0200
commit: 84eb3aa456016578eceb08fc9d9484bed191c56c (patch)
tree: bcc779a81dc655d4392e4171c90a90ee5c223128 /src
parent: 9d49f79f55c9f95b02dd6b5680b34feba313d312 (diff)
download: strongswan-84eb3aa456016578eceb08fc9d9484bed191c56c.tar.bz2
strongswan-84eb3aa456016578eceb08fc9d9484bed191c56c.tar.xz
1 files changed, 58 insertions, 29 deletions
diff --git a/src/libcharon/sa/keymat.c b/src/libcharon/sa/keymat.c
index 4c391a63d..17077c2bd 100644
--- a/src/libcharon/sa/keymat.c
+++ b/src/libcharon/sa/keymat.c
@@ -133,37 +133,65 @@ METHOD(keymat_t, create_dh, diffie_hellman_t*,
 /**
  * Derive IKE keys for a combined AEAD algorithm
  */
-static bool derive_ike_aead(private_keymat_t *this, proposal_t *proposal,
-							prf_plus_t *prf_plus)
+static bool derive_ike_aead(private_keymat_t *this, u_int16_t alg,
+							u_int16_t key_size, prf_plus_t *prf_plus)
 {
-	return FALSE;
+	aead_t *aead_i, *aead_r;
+	chunk_t key;
+
+	/* SK_ei/SK_er used for encryption */
+	aead_i = lib->crypto->create_aead(lib->crypto, alg, key_size / 8);
+	aead_r = lib->crypto->create_aead(lib->crypto, alg, key_size / 8);
+	if (aead_i == NULL || aead_r == NULL)
+	{
+		DBG1(DBG_IKE, "%N %N (key size %d) not supported!",
+			 transform_type_names, ENCRYPTION_ALGORITHM,
+			 encryption_algorithm_names, alg, key_size);
+		return FALSE;
+	}
+	key_size = aead_i->get_key_size(aead_i);
+
+	prf_plus->allocate_bytes(prf_plus, key_size, &key);
+	DBG4(DBG_IKE, "Sk_ei secret %B", &key);
+	aead_i->set_key(aead_i, key);
+	chunk_clear(&key);
+
+	prf_plus->allocate_bytes(prf_plus, key_size, &key);
+	DBG4(DBG_IKE, "Sk_er secret %B", &key);
+	aead_r->set_key(aead_r, key);
+	chunk_clear(&key);
+
+	if (this->initiator)
+	{
+		this->aead_in = aead_r;
+		this->aead_out = aead_i;
+	}
+	else
+	{
+		this->aead_in = aead_i;
+		this->aead_out = aead_r;
+	}
+	return TRUE;
 }
 
 /**
  * Derive IKE keys for traditional encryption and MAC algorithms
  */
-static bool derive_ike_traditional(private_keymat_t *this, proposal_t *proposal,
-								   prf_plus_t *prf_plus)
+static bool derive_ike_traditional(private_keymat_t *this, u_int16_t enc_alg,
+					u_int16_t key_size, u_int16_t int_alg, prf_plus_t *prf_plus)
 {
 	crypter_t *crypter_i, *crypter_r;
 	signer_t *signer_i, *signer_r;
-	u_int16_t alg, key_size;
 	chunk_t key;
 
 	/* SK_ai/SK_ar used for integrity protection */
-	if (!proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM, &alg, NULL))
-	{
-		DBG1(DBG_IKE, "no %N selected",
-			 transform_type_names, INTEGRITY_ALGORITHM);
-		return FALSE;
-	}
-	signer_i = lib->crypto->create_signer(lib->crypto, alg);
-	signer_r = lib->crypto->create_signer(lib->crypto, alg);
+	signer_i = lib->crypto->create_signer(lib->crypto, int_alg);
+	signer_r = lib->crypto->create_signer(lib->crypto, int_alg);
 	if (signer_i == NULL || signer_r == NULL)
 	{
 		DBG1(DBG_IKE, "%N %N not supported!",
 			 transform_type_names, INTEGRITY_ALGORITHM,
-			 integrity_algorithm_names ,alg);
+			 integrity_algorithm_names, int_alg);
 		return FALSE;
 	}
 	key_size = signer_i->get_key_size(signer_i);
@@ -179,21 +207,13 @@ static bool derive_ike_traditional(private_keymat_t *this, proposal_t *proposal,
 	chunk_clear(&key);
 
 	/* SK_ei/SK_er used for encryption */
-	if (!proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &alg, &key_size))
-	{
-		DBG1(DBG_IKE, "no %N selected",
-			 transform_type_names, ENCRYPTION_ALGORITHM);
-		signer_i->destroy(signer_i);
-		signer_r->destroy(signer_r);
-		return FALSE;
-	}
-	crypter_i = lib->crypto->create_crypter(lib->crypto, alg, key_size / 8);
-	crypter_r = lib->crypto->create_crypter(lib->crypto, alg, key_size / 8);
+	crypter_i = lib->crypto->create_crypter(lib->crypto, enc_alg, key_size / 8);
+	crypter_r = lib->crypto->create_crypter(lib->crypto, enc_alg, key_size / 8);
 	if (crypter_i == NULL || crypter_r == NULL)
 	{
 		DBG1(DBG_IKE, "%N %N (key size %d) not supported!",
 			 transform_type_names, ENCRYPTION_ALGORITHM,
-			 encryption_algorithm_names, alg, key_size);
+			 encryption_algorithm_names, enc_alg, key_size);
 		signer_i->destroy(signer_i);
 		signer_r->destroy(signer_r);
 		return FALSE;
@@ -231,7 +251,7 @@ METHOD(keymat_t, derive_ike_keys, bool,
 	chunk_t skeyseed, key, secret, full_nonce, fixed_nonce, prf_plus_seed;
 	chunk_t spi_i, spi_r;
 	prf_plus_t *prf_plus;
-	u_int16_t alg, key_size;
+	u_int16_t alg, key_size, int_alg;
 	prf_t *rekey_prf = NULL;
 
 	spi_i = chunk_alloca(sizeof(u_int64_t));
@@ -343,7 +363,7 @@ METHOD(keymat_t, derive_ike_keys, bool,
 
 	if (encryption_algorithm_is_aead(alg))
 	{
-		if (!derive_ike_aead(this, proposal, prf_plus))
+		if (!derive_ike_aead(this, alg, key_size, prf_plus))
 		{
 			prf_plus->destroy(prf_plus);
 			DESTROY_IF(rekey_prf);
@@ -352,7 +372,16 @@ METHOD(keymat_t, derive_ike_keys, bool,
 	}
 	else
 	{
-		if (!derive_ike_traditional(this, proposal, prf_plus))
+		if (!proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM,
+									 &int_alg, NULL))
+		{
+			DBG1(DBG_IKE, "no %N selected",
+				 transform_type_names, INTEGRITY_ALGORITHM);
+			prf_plus->destroy(prf_plus);
+			DESTROY_IF(rekey_prf);
+			return FALSE;
+		}
+		if (!derive_ike_traditional(this, alg, key_size, int_alg, prf_plus))
 		{
 			prf_plus->destroy(prf_plus);
 			DESTROY_IF(rekey_prf);
author	Martin Willi <martin@revosec.ch>	2010-08-18 20:18:20 +0200
committer	Martin Willi <martin@revosec.ch>	2010-08-19 19:02:34 +0200
commit	84eb3aa456016578eceb08fc9d9484bed191c56c (patch)
tree	bcc779a81dc655d4392e4171c90a90ee5c223128 /src
parent	9d49f79f55c9f95b02dd6b5680b34feba313d312 (diff)
download	strongswan-84eb3aa456016578eceb08fc9d9484bed191c56c.tar.bz2 strongswan-84eb3aa456016578eceb08fc9d9484bed191c56c.tar.xz