diff --git a/src/libstrongswan/plugins/botan/botan_diffie_hellman.c b/src/libstrongswan/plugins/botan/botan_diffie_hellman.c index 008e15fbd..a55711d1b 100644 --- a/src/libstrongswan/plugins/botan/botan_diffie_hellman.c +++ b/src/libstrongswan/plugins/botan/botan_diffie_hellman.c @@ -97,37 +97,14 @@ bool load_private_key(private_botan_diffie_hellman_t *this, chunk_t value) METHOD(diffie_hellman_t, set_other_public_value, bool, private_botan_diffie_hellman_t *this, chunk_t value) { - botan_pk_op_ka_t op; - if (!diffie_hellman_verify_value(this->group, value)) { return FALSE; } - if (botan_pk_op_key_agreement_create(&op, this->dh_key, "Raw", 0)) - { - return FALSE; - } - chunk_clear(&this->shared_secret); - if (botan_pk_op_key_agreement_size(op, &this->shared_secret.len)) - { - botan_pk_op_key_agreement_destroy(op); - return FALSE; - } - - this->shared_secret = chunk_alloc(this->shared_secret.len); - if (botan_pk_op_key_agreement(op, this->shared_secret.ptr, - &this->shared_secret.len, value.ptr, - value.len, NULL, 0)) - { - chunk_clear(&this->shared_secret); - botan_pk_op_key_agreement_destroy(op); - return FALSE; - } - botan_pk_op_key_agreement_destroy(op); - return TRUE; + return botan_dh_key_derivation(this->dh_key, value, &this->shared_secret); } METHOD(diffie_hellman_t, get_my_public_value, bool, diff --git a/src/libstrongswan/plugins/botan/botan_ec_diffie_hellman.c b/src/libstrongswan/plugins/botan/botan_ec_diffie_hellman.c index a482bc028..ed28b4639 100644 --- a/src/libstrongswan/plugins/botan/botan_ec_diffie_hellman.c +++ b/src/libstrongswan/plugins/botan/botan_ec_diffie_hellman.c @@ -69,40 +69,17 @@ struct private_botan_ec_diffie_hellman_t { METHOD(diffie_hellman_t, set_other_public_value, bool, private_botan_ec_diffie_hellman_t *this, chunk_t value) { - botan_pk_op_ka_t ka; - if (!diffie_hellman_verify_value(this->group, value)) { return FALSE; } - if (botan_pk_op_key_agreement_create(&ka, this->key, "Raw", 0)) - { - return FALSE; - } - chunk_clear(&this->shared_secret); - if (botan_pk_op_key_agreement_size(ka, &this->shared_secret.len)) - { - botan_pk_op_key_agreement_destroy(ka); - return FALSE; - } - /* prepend 0x04 to indicate uncompressed point format */ value = chunk_cata("cc", chunk_from_chars(0x04), value); - this->shared_secret = chunk_alloc(this->shared_secret.len); - if (botan_pk_op_key_agreement(ka, this->shared_secret.ptr, - &this->shared_secret.len, value.ptr, - value.len, NULL, 0)) - { - chunk_clear(&this->shared_secret); - botan_pk_op_key_agreement_destroy(ka); - return FALSE; - } - botan_pk_op_key_agreement_destroy(ka); - return TRUE; + return botan_dh_key_derivation(this->key, value, &this->shared_secret); } METHOD(diffie_hellman_t, get_my_public_value, bool, diff --git a/src/libstrongswan/plugins/botan/botan_util.c b/src/libstrongswan/plugins/botan/botan_util.c index 860d376c3..a1d352950 100644 --- a/src/libstrongswan/plugins/botan/botan_util.c +++ b/src/libstrongswan/plugins/botan/botan_util.c @@ -259,3 +259,33 @@ bool botan_get_signature(botan_privkey_t key, const char *scheme, botan_pk_op_sign_destroy(sign_op); return TRUE; } + +/* + * Described in header + */ +bool botan_dh_key_derivation(botan_privkey_t key, chunk_t pub, chunk_t *secret) +{ + botan_pk_op_ka_t ka; + + if (botan_pk_op_key_agreement_create(&ka, key, "Raw", 0)) + { + return FALSE; + } + + if (botan_pk_op_key_agreement_size(ka, &secret->len)) + { + botan_pk_op_key_agreement_destroy(ka); + return FALSE; + } + + *secret = chunk_alloc(secret->len); + if (botan_pk_op_key_agreement(ka, secret->ptr, &secret->len, pub.ptr, + pub.len, NULL, 0)) + { + chunk_clear(secret); + botan_pk_op_key_agreement_destroy(ka); + return FALSE; + } + botan_pk_op_key_agreement_destroy(ka); + return TRUE; +} diff --git a/src/libstrongswan/plugins/botan/botan_util.h b/src/libstrongswan/plugins/botan/botan_util.h index 2c6b1f816..08830356e 100644 --- a/src/libstrongswan/plugins/botan/botan_util.h +++ b/src/libstrongswan/plugins/botan/botan_util.h @@ -100,4 +100,17 @@ bool botan_get_fingerprint(botan_pubkey_t pubkey, void *cache, bool botan_get_signature(botan_privkey_t key, const char *scheme, chunk_t data, chunk_t *signature); +/** + * Do the Diffie-Hellman key derivation using the given private key and public + * value. + * + * Note that the public value is not verified in this function. + * + * @param key DH private key + * @param pub other's public value + * @param secret the derived secret (allocated on success) + * @return TRUE if derivation was successful + */ +bool botan_dh_key_derivation(botan_privkey_t key, chunk_t pub, chunk_t *secret); + #endif /** BOTAN_UTIL_H_ @}*/