From 62975e30f03d263c13d071db721007bb3883d926 Mon Sep 17 00:00:00 2001 From: Andreas Steffen Date: Thu, 7 May 2009 22:42:35 +0200 Subject: fixed generation of IKEv1 key material --- src/pluto/ipsec_doi.c | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) (limited to 'src/pluto/ipsec_doi.c') diff --git a/src/pluto/ipsec_doi.c b/src/pluto/ipsec_doi.c index 9d4b30cbc..8bc1eb280 100644 --- a/src/pluto/ipsec_doi.c +++ b/src/pluto/ipsec_doi.c @@ -33,7 +33,6 @@ #include #include #include -#include #include #include "constants.h" @@ -1332,31 +1331,42 @@ static bool generate_skeyids_iv(struct state *st) */ { size_t keysize = st->st_oakley.enckeylen/BITS_PER_BYTE; - + /* free any existing key */ free(st->st_enc_key.ptr); if (keysize > st->st_skeyid_e.len) { + u_char keytemp[MAX_OAKLEY_KEY_LEN + MAX_DIGEST_LEN]; char seed_buf[] = { 0x00 }; chunk_t seed = chunk_from_buf(seed_buf); + size_t prf_block_size, i; pseudo_random_function_t prf_alg; - prf_plus_t *prf_plus; prf_t *prf; prf_alg = oakley_to_prf(st->st_oakley.hasher->algo_id); prf = lib->crypto->create_prf(lib->crypto, prf_alg); prf->set_key(prf, st->st_skeyid_e); - prf_plus = prf_plus_create(prf, seed); - prf_plus->allocate_bytes(prf_plus, keysize, &st->st_enc_key); - prf_plus->destroy(prf_plus); + prf_block_size = prf->get_block_size(prf); + + for (i = 0;;) + { + prf->get_bytes(prf, seed, &keytemp[i]); + i += prf_block_size; + if (i >= keysize) + { + break; + } + seed = chunk_create(&keytemp[i-prf_block_size], prf_block_size); + } prf->destroy(prf); + st->st_enc_key = chunk_create(keytemp, keysize); } else { st->st_enc_key = chunk_create(st->st_skeyid_e.ptr, keysize); - st->st_enc_key = chunk_clone(st->st_enc_key); } + st->st_enc_key = chunk_clone(st->st_enc_key); } DBG(DBG_CRYPT, -- cgit v1.2.3