bus: Extend and reorder arguments of ike_derived_keys() hook
This now includes all key material derived for IKE_SAs in the order
defined in the RFC:
{SK_d | SK_ai | SK_ar | SK_ei | SK_er | SK_pi | SK_pr}
= prf+ (SKEYSEED, Ni | Nr | SPIi | SPIr)
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
This commit is contained in:
Thomas Egerer
Tobias Brunner
parent
9c85a52956
commit
4e29d6fac1
|
|
@ -604,8 +604,8 @@ METHOD(bus_t, ike_keys, void,
|
|||
}
|
||||
|
||||
METHOD(bus_t, ike_derived_keys, void,
|
||||
private_bus_t *this, chunk_t sk_ei, chunk_t sk_er, chunk_t sk_ai,
|
||||
chunk_t sk_ar)
|
||||
private_bus_t *this, chunk_t sk_d, chunk_t sk_ai, chunk_t sk_ar,
|
||||
chunk_t sk_ei, chunk_t sk_er, chunk_t sk_pi, chunk_t sk_pr)
|
||||
{
|
||||
enumerator_t *enumerator;
|
||||
ike_sa_t *ike_sa;
|
||||
|
|
@ -623,8 +623,9 @@ METHOD(bus_t, ike_derived_keys, void,
|
|||
continue;
|
||||
}
|
||||
entry->calling++;
|
||||
keep = entry->listener->ike_derived_keys(entry->listener, ike_sa, sk_ei,
|
||||
sk_er, sk_ai, sk_ar);
|
||||
keep = entry->listener->ike_derived_keys(entry->listener, ike_sa, sk_d,
|
||||
sk_ai, sk_ar, sk_ei, sk_er,
|
||||
sk_pi, sk_pr);
|
||||
entry->calling--;
|
||||
if (!keep)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -363,13 +363,17 @@ struct bus_t {
|
|||
/**
|
||||
* IKE_SA derived keys hook.
|
||||
*
|
||||
* @param sk_ei SK_ei, or Ka for IKEv1
|
||||
* @param sk_er SK_er
|
||||
* @param sk_d SK_d, or SKEYID_d for IKEv1
|
||||
* @param sk_ai SK_ai, or SKEYID_a for IKEv1
|
||||
* @param sk_ar SK_ar
|
||||
* @param sk_ei SK_ei, or Ka for IKEv1
|
||||
* @param sk_er SK_er
|
||||
* @param sk_pi SK_pi
|
||||
* @param sk_pr SK_pr
|
||||
*/
|
||||
void (*ike_derived_keys)(bus_t *this, chunk_t sk_ei, chunk_t sk_er,
|
||||
chunk_t sk_ai, chunk_t sk_ar);
|
||||
void (*ike_derived_keys)(bus_t *this, chunk_t sk_d, chunk_t sk_ai,
|
||||
chunk_t sk_ar, chunk_t sk_ei, chunk_t sk_er,
|
||||
chunk_t sk_pi, chunk_t sk_pr);
|
||||
|
||||
/**
|
||||
* CHILD_SA keymat hook.
|
||||
|
|
|
|||
|
|
@ -100,13 +100,17 @@ struct listener_t {
|
|||
* Hook called with derived IKE_SA keys.
|
||||
*
|
||||
* @param ike_sa IKE_SA these keys belong to
|
||||
* @param sk_ei SK_ei, or Ka for IKEv1
|
||||
* @param sk_er SK_er
|
||||
* @param sk_d SK_d, or SKEYID_d for IKEv1
|
||||
* @param sk_ai SK_ai, or SKEYID_a for IKEv1
|
||||
* @param sk_ar SK_ar
|
||||
* @param sk_ei SK_ei, or Ka for IKEv1
|
||||
* @param sk_er SK_er
|
||||
* @param sk_pi SK_pi
|
||||
* @param sk_pr SK_pr
|
||||
*/
|
||||
bool (*ike_derived_keys)(listener_t *this, ike_sa_t *ike_sa, chunk_t sk_ei,
|
||||
chunk_t sk_er, chunk_t sk_ai, chunk_t sk_ar);
|
||||
bool (*ike_derived_keys)(listener_t *this, ike_sa_t *ike_sa, chunk_t sk_d,
|
||||
chunk_t sk_ai, chunk_t sk_ar, chunk_t sk_ei,
|
||||
chunk_t sk_er, chunk_t sk_pi, chunk_t sk_pr);
|
||||
|
||||
/**
|
||||
* Hook called with CHILD_SA key material.
|
||||
|
|
|
|||
|
|
@ -276,8 +276,9 @@ static inline void esp_names(proposal_t *proposal, const char **enc,
|
|||
}
|
||||
|
||||
METHOD(listener_t, ike_derived_keys, bool,
|
||||
private_save_keys_listener_t *this, ike_sa_t *ike_sa, chunk_t sk_ei,
|
||||
chunk_t sk_er, chunk_t sk_ai, chunk_t sk_ar)
|
||||
private_save_keys_listener_t *this, ike_sa_t *ike_sa, chunk_t sk_d,
|
||||
chunk_t sk_ai, chunk_t sk_ar, chunk_t sk_ei, chunk_t sk_er, chunk_t sk_pi,
|
||||
chunk_t sk_pr)
|
||||
{
|
||||
ike_version_t version;
|
||||
ike_sa_id_t *id;
|
||||
|
|
|
|||
|
|
@ -484,7 +484,8 @@ METHOD(keymat_v1_t, derive_ike_keys, bool,
|
|||
{
|
||||
return FALSE;
|
||||
}
|
||||
charon->bus->ike_derived_keys(charon->bus, ka, chunk_empty, this->skeyid_a,
|
||||
charon->bus->ike_derived_keys(charon->bus, this->skeyid_d, this->skeyid_a,
|
||||
chunk_empty, ka, chunk_empty, chunk_empty,
|
||||
chunk_empty);
|
||||
chunk_clear(&ka);
|
||||
if (!this->hasher && !this->public.create_hasher(&this->public, proposal))
|
||||
|
|
|
|||
|
|
@ -100,10 +100,10 @@ METHOD(keymat_t, create_nonce_gen, nonce_gen_t*,
|
|||
* Derive IKE keys for a combined AEAD algorithm
|
||||
*/
|
||||
static bool derive_ike_aead(private_keymat_v2_t *this, uint16_t alg,
|
||||
uint16_t key_size, prf_plus_t *prf_plus)
|
||||
uint16_t key_size, prf_plus_t *prf_plus,
|
||||
chunk_t *sk_ei, chunk_t *sk_er)
|
||||
{
|
||||
aead_t *aead_i, *aead_r;
|
||||
chunk_t sk_ei = chunk_empty, sk_er = chunk_empty;
|
||||
u_int salt_size;
|
||||
|
||||
switch (alg)
|
||||
|
|
@ -146,22 +146,22 @@ static bool derive_ike_aead(private_keymat_v2_t *this, uint16_t alg,
|
|||
{
|
||||
goto failure;
|
||||
}
|
||||
if (!prf_plus->allocate_bytes(prf_plus, key_size, &sk_ei))
|
||||
if (!prf_plus->allocate_bytes(prf_plus, key_size, sk_ei))
|
||||
{
|
||||
goto failure;
|
||||
}
|
||||
DBG4(DBG_IKE, "Sk_ei secret %B", &sk_ei);
|
||||
if (!aead_i->set_key(aead_i, sk_ei))
|
||||
DBG4(DBG_IKE, "Sk_ei secret %B", sk_ei);
|
||||
if (!aead_i->set_key(aead_i, *sk_ei))
|
||||
{
|
||||
goto failure;
|
||||
}
|
||||
|
||||
if (!prf_plus->allocate_bytes(prf_plus, key_size, &sk_er))
|
||||
if (!prf_plus->allocate_bytes(prf_plus, key_size, sk_er))
|
||||
{
|
||||
goto failure;
|
||||
}
|
||||
DBG4(DBG_IKE, "Sk_er secret %B", &sk_er);
|
||||
if (!aead_r->set_key(aead_r, sk_er))
|
||||
DBG4(DBG_IKE, "Sk_er secret %B", sk_er);
|
||||
if (!aead_r->set_key(aead_r, *sk_er))
|
||||
{
|
||||
goto failure;
|
||||
}
|
||||
|
|
@ -177,14 +177,10 @@ static bool derive_ike_aead(private_keymat_v2_t *this, uint16_t alg,
|
|||
this->aead_out = aead_r;
|
||||
}
|
||||
aead_i = aead_r = NULL;
|
||||
charon->bus->ike_derived_keys(charon->bus, sk_ei, sk_er, chunk_empty,
|
||||
chunk_empty);
|
||||
|
||||
failure:
|
||||
DESTROY_IF(aead_i);
|
||||
DESTROY_IF(aead_r);
|
||||
chunk_clear(&sk_ei);
|
||||
chunk_clear(&sk_er);
|
||||
return this->aead_in && this->aead_out;
|
||||
}
|
||||
|
||||
|
|
@ -192,14 +188,14 @@ failure:
|
|||
* Derive IKE keys for traditional encryption and MAC algorithms
|
||||
*/
|
||||
static bool derive_ike_traditional(private_keymat_v2_t *this, uint16_t enc_alg,
|
||||
uint16_t enc_size, uint16_t int_alg, prf_plus_t *prf_plus)
|
||||
uint16_t enc_size, uint16_t int_alg, prf_plus_t *prf_plus,
|
||||
chunk_t *sk_ai, chunk_t *sk_ar, chunk_t *sk_ei,
|
||||
chunk_t *sk_er)
|
||||
{
|
||||
crypter_t *crypter_i = NULL, *crypter_r = NULL;
|
||||
signer_t *signer_i, *signer_r;
|
||||
iv_gen_t *ivg_i, *ivg_r;
|
||||
size_t key_size;
|
||||
chunk_t sk_ei = chunk_empty, sk_er = chunk_empty,
|
||||
sk_ai = chunk_empty, sk_ar = chunk_empty;
|
||||
|
||||
signer_i = lib->crypto->create_signer(lib->crypto, int_alg);
|
||||
signer_r = lib->crypto->create_signer(lib->crypto, int_alg);
|
||||
|
|
@ -223,22 +219,22 @@ static bool derive_ike_traditional(private_keymat_v2_t *this, uint16_t enc_alg,
|
|||
/* SK_ai/SK_ar used for integrity protection */
|
||||
key_size = signer_i->get_key_size(signer_i);
|
||||
|
||||
if (!prf_plus->allocate_bytes(prf_plus, key_size, &sk_ai))
|
||||
if (!prf_plus->allocate_bytes(prf_plus, key_size, sk_ai))
|
||||
{
|
||||
goto failure;
|
||||
}
|
||||
DBG4(DBG_IKE, "Sk_ai secret %B", &sk_ai);
|
||||
if (!signer_i->set_key(signer_i, sk_ai))
|
||||
DBG4(DBG_IKE, "Sk_ai secret %B", sk_ai);
|
||||
if (!signer_i->set_key(signer_i, *sk_ai))
|
||||
{
|
||||
goto failure;
|
||||
}
|
||||
|
||||
if (!prf_plus->allocate_bytes(prf_plus, key_size, &sk_ar))
|
||||
if (!prf_plus->allocate_bytes(prf_plus, key_size, sk_ar))
|
||||
{
|
||||
goto failure;
|
||||
}
|
||||
DBG4(DBG_IKE, "Sk_ar secret %B", &sk_ar);
|
||||
if (!signer_r->set_key(signer_r, sk_ar))
|
||||
DBG4(DBG_IKE, "Sk_ar secret %B", sk_ar);
|
||||
if (!signer_r->set_key(signer_r, *sk_ar))
|
||||
{
|
||||
goto failure;
|
||||
}
|
||||
|
|
@ -246,22 +242,22 @@ static bool derive_ike_traditional(private_keymat_v2_t *this, uint16_t enc_alg,
|
|||
/* SK_ei/SK_er used for encryption */
|
||||
key_size = crypter_i->get_key_size(crypter_i);
|
||||
|
||||
if (!prf_plus->allocate_bytes(prf_plus, key_size, &sk_ei))
|
||||
if (!prf_plus->allocate_bytes(prf_plus, key_size, sk_ei))
|
||||
{
|
||||
goto failure;
|
||||
}
|
||||
DBG4(DBG_IKE, "Sk_ei secret %B", &sk_ei);
|
||||
if (!crypter_i->set_key(crypter_i, sk_ei))
|
||||
DBG4(DBG_IKE, "Sk_ei secret %B", sk_ei);
|
||||
if (!crypter_i->set_key(crypter_i, *sk_ei))
|
||||
{
|
||||
goto failure;
|
||||
}
|
||||
|
||||
if (!prf_plus->allocate_bytes(prf_plus, key_size, &sk_er))
|
||||
if (!prf_plus->allocate_bytes(prf_plus, key_size, sk_er))
|
||||
{
|
||||
goto failure;
|
||||
}
|
||||
DBG4(DBG_IKE, "Sk_er secret %B", &sk_er);
|
||||
if (!crypter_r->set_key(crypter_r, sk_er))
|
||||
DBG4(DBG_IKE, "Sk_er secret %B", sk_er);
|
||||
if (!crypter_r->set_key(crypter_r, *sk_er))
|
||||
{
|
||||
goto failure;
|
||||
}
|
||||
|
|
@ -284,13 +280,8 @@ static bool derive_ike_traditional(private_keymat_v2_t *this, uint16_t enc_alg,
|
|||
}
|
||||
signer_i = signer_r = NULL;
|
||||
crypter_i = crypter_r = NULL;
|
||||
charon->bus->ike_derived_keys(charon->bus, sk_ei, sk_er, sk_ai, sk_ar);
|
||||
|
||||
failure:
|
||||
chunk_clear(&sk_ai);
|
||||
chunk_clear(&sk_ar);
|
||||
chunk_clear(&sk_ei);
|
||||
chunk_clear(&sk_er);
|
||||
DESTROY_IF(signer_i);
|
||||
DESTROY_IF(signer_r);
|
||||
DESTROY_IF(crypter_i);
|
||||
|
|
@ -303,8 +294,10 @@ METHOD(keymat_v2_t, derive_ike_keys, bool,
|
|||
chunk_t nonce_i, chunk_t nonce_r, ike_sa_id_t *id,
|
||||
pseudo_random_function_t rekey_function, chunk_t rekey_skd)
|
||||
{
|
||||
chunk_t skeyseed = chunk_empty, key, secret, full_nonce, fixed_nonce;
|
||||
chunk_t skeyseed = chunk_empty, secret, full_nonce, fixed_nonce;
|
||||
chunk_t prf_plus_seed, spi_i, spi_r;
|
||||
chunk_t sk_ei = chunk_empty, sk_er = chunk_empty;
|
||||
chunk_t sk_ai = chunk_empty, sk_ar = chunk_empty, sk_pi, sk_pr;
|
||||
prf_plus_t *prf_plus = NULL;
|
||||
uint16_t alg, key_size, int_alg;
|
||||
prf_t *rekey_prf = NULL;
|
||||
|
|
@ -434,7 +427,7 @@ METHOD(keymat_v2_t, derive_ike_keys, bool,
|
|||
|
||||
if (encryption_algorithm_is_aead(alg))
|
||||
{
|
||||
if (!derive_ike_aead(this, alg, key_size, prf_plus))
|
||||
if (!derive_ike_aead(this, alg, key_size, prf_plus, &sk_ei, &sk_er))
|
||||
{
|
||||
goto failure;
|
||||
}
|
||||
|
|
@ -448,7 +441,8 @@ METHOD(keymat_v2_t, derive_ike_keys, bool,
|
|||
transform_type_names, INTEGRITY_ALGORITHM);
|
||||
goto failure;
|
||||
}
|
||||
if (!derive_ike_traditional(this, alg, key_size, int_alg, prf_plus))
|
||||
if (!derive_ike_traditional(this, alg, key_size, int_alg, prf_plus,
|
||||
&sk_ai, &sk_ar, &sk_ei, &sk_er))
|
||||
{
|
||||
goto failure;
|
||||
}
|
||||
|
|
@ -456,35 +450,40 @@ METHOD(keymat_v2_t, derive_ike_keys, bool,
|
|||
|
||||
/* SK_pi/SK_pr used for authentication => stored for later */
|
||||
key_size = this->prf->get_key_size(this->prf);
|
||||
if (!prf_plus->allocate_bytes(prf_plus, key_size, &key))
|
||||
if (!prf_plus->allocate_bytes(prf_plus, key_size, &sk_pi))
|
||||
{
|
||||
goto failure;
|
||||
}
|
||||
DBG4(DBG_IKE, "Sk_pi secret %B", &key);
|
||||
DBG4(DBG_IKE, "Sk_pi secret %B", &sk_pi);
|
||||
if (this->initiator)
|
||||
{
|
||||
this->skp_build = key;
|
||||
this->skp_build = sk_pi;
|
||||
}
|
||||
else
|
||||
{
|
||||
this->skp_verify = key;
|
||||
this->skp_verify = sk_pi;
|
||||
}
|
||||
if (!prf_plus->allocate_bytes(prf_plus, key_size, &key))
|
||||
if (!prf_plus->allocate_bytes(prf_plus, key_size, &sk_pr))
|
||||
{
|
||||
goto failure;
|
||||
}
|
||||
DBG4(DBG_IKE, "Sk_pr secret %B", &key);
|
||||
DBG4(DBG_IKE, "Sk_pr secret %B", &sk_pr);
|
||||
if (this->initiator)
|
||||
{
|
||||
this->skp_verify = key;
|
||||
this->skp_verify = sk_pr;
|
||||
}
|
||||
else
|
||||
{
|
||||
this->skp_build = key;
|
||||
this->skp_build = sk_pr;
|
||||
}
|
||||
charon->bus->ike_derived_keys(charon->bus,this->skd, sk_ai, sk_ar, sk_ei,
|
||||
sk_er, sk_pi, sk_pr);
|
||||
|
||||
/* all done, prf_plus not needed anymore */
|
||||
failure:
|
||||
chunk_clear(&sk_ai);
|
||||
chunk_clear(&sk_ar);
|
||||
chunk_clear(&sk_ei);
|
||||
chunk_clear(&sk_er);
|
||||
DESTROY_IF(prf_plus);
|
||||
DESTROY_IF(rekey_prf);
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue