aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/charon/plugins/eap_aka/eap_aka_peer.c6
-rw-r--r--src/charon/plugins/eap_aka/eap_aka_server.c6
-rw-r--r--src/libsimaka/simaka_crypto.c95
-rw-r--r--src/libsimaka/simaka_crypto.h30
-rw-r--r--src/libsimaka/simaka_message.c7
5 files changed, 118 insertions, 26 deletions
diff --git a/src/charon/plugins/eap_aka/eap_aka_peer.c b/src/charon/plugins/eap_aka/eap_aka_peer.c
index b83833bf8..136a774db 100644
--- a/src/charon/plugins/eap_aka/eap_aka_peer.c
+++ b/src/charon/plugins/eap_aka/eap_aka_peer.c
@@ -82,7 +82,7 @@ static status_t process_challenge(private_eap_aka_peer_t *this,
enumerator_t *enumerator;
simaka_attribute_t type;
sim_card_t *card;
- chunk_t data, rand = chunk_empty, autn = chunk_empty;
+ chunk_t data, rand = chunk_empty, autn = chunk_empty, mk;
u_char res[AKA_RES_LEN], ck[AKA_CK_LEN], ik[AKA_IK_LEN], auts[AKA_AUTS_LEN];
status_t status = NOT_FOUND;
@@ -155,7 +155,9 @@ static status_t process_challenge(private_eap_aka_peer_t *this,
data = chunk_cata("cc", chunk_create(ik, AKA_IK_LEN),
chunk_create(ck, AKA_CK_LEN));
free(this->msk.ptr);
- this->msk = this->crypto->derive_keys_full(this->crypto, this->peer, data);
+ this->msk = this->crypto->derive_keys_full(this->crypto, this->peer,
+ data, &mk);
+ free(mk.ptr);
/* verify EAP message MAC AT_MAC */
if (!in->verify(in, chunk_empty))
diff --git a/src/charon/plugins/eap_aka/eap_aka_server.c b/src/charon/plugins/eap_aka/eap_aka_server.c
index 0431feb12..9f6e71ad7 100644
--- a/src/charon/plugins/eap_aka/eap_aka_server.c
+++ b/src/charon/plugins/eap_aka/eap_aka_server.c
@@ -98,7 +98,7 @@ static status_t initiate(private_eap_aka_server_t *this, eap_payload_t **out)
sim_provider_t *provider;
char rand[AKA_RAND_LEN], xres[AKA_RES_LEN];
char ck[AKA_CK_LEN], ik[AKA_IK_LEN], autn[AKA_AUTN_LEN];
- chunk_t data;
+ chunk_t data, mk;
bool found = FALSE;
enumerator = charon->sim->create_provider_enumerator(charon->sim);
@@ -122,7 +122,9 @@ static status_t initiate(private_eap_aka_server_t *this, eap_payload_t **out)
data = chunk_cata("cc", chunk_create(ik, AKA_IK_LEN),
chunk_create(ck, AKA_CK_LEN));
free(this->msk.ptr);
- this->msk = this->crypto->derive_keys_full(this->crypto, this->peer, data);
+ this->msk = this->crypto->derive_keys_full(this->crypto, this->peer,
+ data, &mk);
+ free(mk.ptr);
this->rand = chunk_clone(chunk_create(rand, AKA_RAND_LEN));
this->xres = chunk_clone(chunk_create(xres, AKA_RES_LEN));
diff --git a/src/libsimaka/simaka_crypto.c b/src/libsimaka/simaka_crypto.c
index 4f4e850c7..4afab234b 100644
--- a/src/libsimaka/simaka_crypto.c
+++ b/src/libsimaka/simaka_crypto.c
@@ -97,41 +97,97 @@ static rng_t* get_rng(private_simaka_crypto_t *this)
* Implementation of simaka_crypto_t.derive_keys_full
*/
static chunk_t derive_keys_full(private_simaka_crypto_t *this,
- identification_t *id, chunk_t data)
+ identification_t *id, chunk_t data, chunk_t *mk)
{
-
- char mk[HASH_SIZE_SHA1], k_encr[KENCR_LEN], k_auth[KAUTH_LEN];
- chunk_t str, msk;
+ chunk_t str, msk, k_encr, k_auth;
int i;
/* For SIM: MK = SHA1(Identity|n*Kc|NONCE_MT|Version List|Selected Version)
* For AKA: MK = SHA1(Identity|IK|CK) */
this->hasher->get_hash(this->hasher, id->get_encoding(id), NULL);
- this->hasher->get_hash(this->hasher, data, mk);
- DBG3(DBG_IKE, "MK %b", mk, HASH_SIZE_SHA1);
+ this->hasher->allocate_hash(this->hasher, data, mk);
+ DBG3(DBG_IKE, "MK %B", mk);
/* K_encr | K_auth | MSK | EMSK = prf() | prf() | prf() | prf() */
- this->prf->set_key(this->prf, chunk_create(mk, HASH_SIZE_SHA1));
+ this->prf->set_key(this->prf, *mk);
str = chunk_alloca(this->prf->get_block_size(this->prf) * 3);
for (i = 0; i < 3; i++)
{
this->prf->get_bytes(this->prf, chunk_empty, str.ptr + str.len / 3 * i);
}
- memcpy(k_encr, str.ptr, KENCR_LEN);
- str = chunk_skip(str, KENCR_LEN);
- memcpy(k_auth, str.ptr, KAUTH_LEN);
- str = chunk_skip(str, KAUTH_LEN);
+ k_encr = chunk_create(str.ptr, KENCR_LEN);
+ k_auth = chunk_create(str.ptr + KENCR_LEN, KAUTH_LEN);
+ msk = chunk_create(str.ptr + KENCR_LEN + KAUTH_LEN, MSK_LEN);
+ DBG3(DBG_IKE, "K_encr %B\nK_auth %B\nMSK %B", &k_encr, &k_auth, &msk);
+
+ this->signer->set_key(this->signer, k_auth);
+ this->crypter->set_key(this->crypter, k_encr);
+
+ this->derived = TRUE;
+ return chunk_clone(msk);
+}
+
+/**
+ * Implementation of simaka_crypto_t.derive_keys_reauth
+ */
+static void derive_keys_reauth(private_simaka_crypto_t *this, chunk_t mk)
+{
+ chunk_t str, k_encr, k_auth;
+ int i;
- this->signer->set_key(this->signer, chunk_create(k_auth, KAUTH_LEN));
- this->crypter->set_key(this->crypter, chunk_create(k_encr, KENCR_LEN));
+ /* K_encr | K_auth = prf() | prf() */
+ this->prf->set_key(this->prf, mk);
+ str = chunk_alloca(this->prf->get_block_size(this->prf) * 2);
+ for (i = 0; i < 2; i++)
+ {
+ this->prf->get_bytes(this->prf, chunk_empty, str.ptr + str.len / 2 * i);
+ }
+ k_encr = chunk_create(str.ptr, KENCR_LEN);
+ k_auth = chunk_create(str.ptr + KENCR_LEN, KAUTH_LEN);
+ DBG3(DBG_IKE, "K_encr %B\nK_auth %B", &k_encr, &k_auth);
- msk = chunk_clone(chunk_create(str.ptr, MSK_LEN));
- DBG3(DBG_IKE, "K_encr %b\nK_auth %b\nMSK %B",
- k_encr, KENCR_LEN, k_auth, KAUTH_LEN, &msk);
+ this->signer->set_key(this->signer, k_auth);
+ this->crypter->set_key(this->crypter, k_encr);
this->derived = TRUE;
- return msk;
+}
+
+/**
+ * Implementation of simaka_crypto_t.derive_keys_reauth_msk
+ */
+static chunk_t derive_keys_reauth_msk(private_simaka_crypto_t *this,
+ identification_t *id, chunk_t counter,
+ chunk_t nonce_s, chunk_t mk)
+{
+ char xkey[HASH_SIZE_SHA1];
+ chunk_t str, msk;
+ int i;
+
+ this->hasher->get_hash(this->hasher, id->get_encoding(id), NULL);
+ this->hasher->get_hash(this->hasher, counter, NULL);
+ this->hasher->get_hash(this->hasher, nonce_s, NULL);
+ this->hasher->get_hash(this->hasher, mk, xkey);
+
+ /* MSK | EMSK = prf() | prf() | prf() | prf() */
+ this->prf->set_key(this->prf, chunk_create(xkey, sizeof(xkey)));
+ str = chunk_alloca(this->prf->get_block_size(this->prf) * 2);
+ for (i = 0; i < 2; i++)
+ {
+ this->prf->get_bytes(this->prf, chunk_empty, str.ptr + str.len / 2 * i);
+ }
+ msk = chunk_create(str.ptr, MSK_LEN);
+ DBG3(DBG_IKE, "MSK %B", &msk);
+
+ return chunk_clone(msk);
+}
+
+/**
+ * Implementation of simaka_crypto_t.clear_keys
+ */
+static void clear_keys(private_simaka_crypto_t *this)
+{
+ this->derived = FALSE;
}
/**
@@ -157,7 +213,10 @@ simaka_crypto_t *simaka_crypto_create()
this->public.get_signer = (signer_t*(*)(simaka_crypto_t*))get_signer;
this->public.get_crypter = (crypter_t*(*)(simaka_crypto_t*))get_crypter;
this->public.get_rng = (rng_t*(*)(simaka_crypto_t*))get_rng;
- this->public.derive_keys_full = (chunk_t(*)(simaka_crypto_t*, identification_t *id, chunk_t data))derive_keys_full;
+ this->public.derive_keys_full = (chunk_t(*)(simaka_crypto_t*, identification_t *id, chunk_t data, chunk_t *mk))derive_keys_full;
+ this->public.derive_keys_reauth = (void(*)(simaka_crypto_t*, chunk_t mk))derive_keys_reauth;
+ this->public.derive_keys_reauth_msk = (chunk_t(*)(simaka_crypto_t*, identification_t *id, chunk_t counter, chunk_t nonce_s, chunk_t mk))derive_keys_reauth_msk;
+ this->public.clear_keys = (void(*)(simaka_crypto_t*))clear_keys;
this->public.destroy = (void(*)(simaka_crypto_t*))destroy;
this->derived = FALSE;
diff --git a/src/libsimaka/simaka_crypto.h b/src/libsimaka/simaka_crypto.h
index 4c12f97d3..d1830e658 100644
--- a/src/libsimaka/simaka_crypto.h
+++ b/src/libsimaka/simaka_crypto.h
@@ -61,10 +61,38 @@ struct simaka_crypto_t {
*
* @param id peer identity
* @param data method specific data
+ * @param mk chunk receiving allocated master key MK
* @return allocated MSK value
*/
chunk_t (*derive_keys_full)(simaka_crypto_t *this, identification_t *id,
- chunk_t data);
+ chunk_t data, chunk_t *mk);
+
+ /**
+ * Derive k_encr/k_auth keys from MK using fast reauthentication.
+ *
+ * This methods derives the k_encr/k_auth keys and loads them into the
+ * internal crypter/signer instances.
+ *
+ * @param mk master key
+ */
+ void (*derive_keys_reauth)(simaka_crypto_t *this, chunk_t mk);
+
+ /**
+ * Derive MSK using fast reauthentication.
+ *
+ * @param id fast reauthentication identity
+ * @param counter fast reauthentication counter value, network order
+ * @param nonce_s server generated NONCE_S value
+ * @param mk master key of last full authentication
+ */
+ chunk_t (*derive_keys_reauth_msk)(simaka_crypto_t *this,
+ identification_t *id, chunk_t counter,
+ chunk_t nonce_s, chunk_t mk);
+
+ /**
+ * Clear keys (partially) derived.
+ */
+ void (*clear_keys)(simaka_crypto_t *this);
/**
* Destroy a simaka_crypto_t.
diff --git a/src/libsimaka/simaka_message.c b/src/libsimaka/simaka_message.c
index 9d85d1fbc..b64ff1b9a 100644
--- a/src/libsimaka/simaka_message.c
+++ b/src/libsimaka/simaka_message.c
@@ -469,6 +469,7 @@ static bool decrypt(private_simaka_message_t *this)
{
bool success;
crypter_t *crypter;
+ chunk_t plain;
crypter = this->crypto->get_crypter(this->crypto);
if (!crypter || !this->iv.len || !this->encr.len || this->encrypted)
@@ -482,12 +483,12 @@ static bool decrypt(private_simaka_message_t *this)
return FALSE;
}
- /* decrypt inline */
- crypter->decrypt(crypter, this->encr, this->iv, NULL);
+ crypter->decrypt(crypter, this->encr, this->iv, &plain);
this->encrypted = TRUE;
- success = parse_attributes(this, this->encr);
+ success = parse_attributes(this, plain);
this->encrypted = FALSE;
+ free(plain.ptr);
return success;
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-02-26 18:01:20 +0000