diff options
author | Reto Buerki <reet@codelabs.ch> | 2012-08-29 10:38:47 +0200 |
---|---|---|
committer | Tobias Brunner <tobias@strongswan.org> | 2013-03-19 15:23:46 +0100 |
commit | e285544be2a8c561b3d84bf43523c761526879c6 (patch) | |
tree | 9af93d8d978088f2ca076dbfb197d89c3294663d /src | |
parent | 4be8471fab1bccd078d7ee2fccba77e97f76b52b (diff) | |
download | strongswan-e285544be2a8c561b3d84bf43523c761526879c6.tar.bz2 strongswan-e285544be2a8c561b3d84bf43523c761526879c6.tar.xz |
Factor out AEAD transform creation
Introduce static aead_create_from_keys function to initialize AEAD
transforms from key chunks.
Diffstat (limited to 'src')
-rw-r--r-- | src/charon-tkm/src/tkm/tkm_keymat.c | 153 |
1 files changed, 92 insertions, 61 deletions
diff --git a/src/charon-tkm/src/tkm/tkm_keymat.c b/src/charon-tkm/src/tkm/tkm_keymat.c index ab78994ec..36067eae8 100644 --- a/src/charon-tkm/src/tkm/tkm_keymat.c +++ b/src/charon-tkm/src/tkm/tkm_keymat.c @@ -58,6 +58,84 @@ struct private_tkm_keymat_t { }; +/** + * Create AEAD transforms from given key chunks. + * + * @param in inbound AEAD transform to allocate, NULL if failed + * @param out outbound AEAD transform to allocate, NULL if failed + * @param sk_ai SK_ai key chunk + * @param sk_ar SK_ar key chunk + * @param sk_ei SK_ei key chunk + * @param sk_er SK_er key chunk + * @param enc_alg encryption algorithm to use + * @param int_alg integrity algorithm to use + * @param key_size encryption key size in bytes + * @param initiator TRUE if initiator + */ +static void aead_create_from_keys(aead_t **in, aead_t **out, + const chunk_t * const sk_ai, const chunk_t * const sk_ar, + const chunk_t * const sk_ei, const chunk_t * const sk_er, + const u_int16_t enc_alg, const u_int16_t int_alg, + const u_int16_t key_size, bool initiator) +{ + *in = *out = NULL; + + signer_t * const signer_i = lib->crypto->create_signer(lib->crypto, int_alg); + signer_t * const signer_r = lib->crypto->create_signer(lib->crypto, int_alg); + if (signer_i == NULL || signer_r == NULL) + { + DBG1(DBG_IKE, "%N %N not supported!", + transform_type_names, INTEGRITY_ALGORITHM, + integrity_algorithm_names, int_alg); + return; + } + crypter_t * const crypter_i = lib->crypto->create_crypter(lib->crypto, + enc_alg, key_size); + crypter_t * const crypter_r = lib->crypto->create_crypter(lib->crypto, + enc_alg, key_size); + if (crypter_i == NULL || crypter_r == NULL) + { + signer_i->destroy(signer_i); + signer_r->destroy(signer_r); + DBG1(DBG_IKE, "%N %N (key size %d) not supported!", + transform_type_names, ENCRYPTION_ALGORITHM, + encryption_algorithm_names, enc_alg, key_size); + return; + } + + DBG4(DBG_IKE, "Sk_ai %B", sk_ai); + if (!signer_i->set_key(signer_i, *sk_ai)) + { + return; + } + DBG4(DBG_IKE, "Sk_ar %B", sk_ar); + if (!signer_r->set_key(signer_r, *sk_ar)) + { + return; + } + DBG4(DBG_IKE, "Sk_ei %B", sk_ei); + if (!crypter_i->set_key(crypter_i, *sk_ei)) + { + return; + } + DBG4(DBG_IKE, "Sk_er %B", sk_er); + if (!crypter_r->set_key(crypter_r, *sk_er)) + { + return; + } + + if (initiator) + { + *in = aead_create(crypter_r, signer_r); + *out = aead_create(crypter_i, signer_i); + } + else + { + *in = aead_create(crypter_i, signer_i); + *out = aead_create(crypter_r, signer_r); + } +} + METHOD(keymat_t, get_version, ike_version_t, private_tkm_keymat_t *this) { @@ -145,73 +223,26 @@ METHOD(tkm_keymat_t, derive_ike_keys, bool, return FALSE; } - /* Initialize AEAD with crypters and signers */ - signer_t * const signer_i = lib->crypto->create_signer(lib->crypto, int_alg); - signer_t * const signer_r = lib->crypto->create_signer(lib->crypto, int_alg); - if (signer_i == NULL || signer_r == NULL) - { - DBG1(DBG_IKE, "%N %N not supported!", - transform_type_names, INTEGRITY_ALGORITHM, - integrity_algorithm_names, int_alg); - return FALSE; - } - crypter_t * const crypter_i = lib->crypto->create_crypter(lib->crypto, - enc_alg, key_size / 8); - crypter_t * const crypter_r = lib->crypto->create_crypter(lib->crypto, - enc_alg, key_size / 8); - if (crypter_i == NULL || crypter_r == NULL) - { - signer_i->destroy(signer_i); - signer_r->destroy(signer_r); - DBG1(DBG_IKE, "%N %N (key size %d) not supported!", - transform_type_names, ENCRYPTION_ALGORITHM, - encryption_algorithm_names, enc_alg, key_size); - return FALSE; - } - - chunk_t key; - sequence_to_chunk(sk_ai.data, sk_ai.size, &key); - DBG4(DBG_IKE, "Sk_ai %B", &key); - if (!signer_i->set_key(signer_i, key)) - { - return FALSE; - } - chunk_clear(&key); + chunk_t c_ai, c_ar, c_ei, c_er; + sequence_to_chunk(sk_ai.data, sk_ai.size, &c_ai); + sequence_to_chunk(sk_ar.data, sk_ar.size, &c_ar); + sequence_to_chunk(sk_ei.data, sk_ei.size, &c_ei); + sequence_to_chunk(sk_er.data, sk_er.size, &c_er); - sequence_to_chunk(sk_ar.data, sk_ar.size, &key); - DBG4(DBG_IKE, "Sk_ar %B", &key); - if (!signer_r->set_key(signer_r, key)) - { - return FALSE; - } - chunk_clear(&key); + aead_create_from_keys(&this->aead_in, &this->aead_out, + &c_ai, &c_ar, &c_ei, &c_er, + enc_alg, int_alg, key_size / 8, this->initiator); - sequence_to_chunk(sk_ei.data, sk_ei.size, &key); - DBG4(DBG_IKE, "Sk_ei %B", &key); - if (!crypter_i->set_key(crypter_i, key)) - { - return FALSE; - } - chunk_clear(&key); + chunk_clear(&c_ai); + chunk_clear(&c_ar); + chunk_clear(&c_ei); + chunk_clear(&c_er); - sequence_to_chunk(sk_er.data, sk_er.size, &key); - DBG4(DBG_IKE, "Sk_er %B", &key); - if (!crypter_r->set_key(crypter_r, key)) + if (!this->aead_in || !this->aead_out) { + DBG1(DBG_IKE, "could not initialize AEAD transforms"); return FALSE; } - chunk_clear(&key); - - if (this->initiator) - { - this->aead_in = aead_create(crypter_r, signer_r); - this->aead_out = aead_create(crypter_i, signer_i); - } - else - { - this->aead_in = aead_create(crypter_i, signer_i); - this->aead_out = aead_create(crypter_r, signer_r); - } /* TODO: Add failure handler (see keymat_v2.c) */ |