key-exchange: Add helper to concatenate shared secrets of several key exchanges

2025-10-03 00:00:24 -04:00 · 2020-04-09 11:36:30 +02:00 · 2020-04-09 11:36:30 +02:00 · c36eaf42da
commit c36eaf42da
parent ec0ec55070
2 changed files with 55 additions and 2 deletions
--- a/src/libstrongswan/crypto/key_exchange.c
+++ b/src/libstrongswan/crypto/key_exchange.c
@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2010-2019 Tobias Brunner
+ * Copyright (C) 2010-2020 Tobias Brunner
 * Copyright (C) 2005-2010 Martin Willi
 * Copyright (C) 2005 Jan Hutter
 *
@ -619,3 +619,43 @@ bool key_exchange_verify_pubkey(key_exchange_method_t ke, chunk_t value)
 	}
 	return valid;
 }
+
+/*
+ * Described in header
+ */
+bool key_exchange_concat_secrets(array_t *kes, chunk_t *first,
+								 chunk_t *others)
+{
+	key_exchange_t *ke;
+	chunk_t secret;
+	int i;
+
+	if (!array_count(kes))
+	{
+		return FALSE;
+	}
+	*first = chunk_empty;
+	*others = chunk_empty;
+	for (i = 0; i < array_count(kes); i++)
+	{
+		if (array_get(kes, i, &ke) &&
+			ke->get_shared_secret(ke, &secret))
+		{
+			if (i == 0)
+			{
+				*first = secret;
+			}
+			else
+			{
+				*others = chunk_cat("ss", *others, secret);
+			}
+		}
+		else
+		{
+			chunk_clear(first);
+			chunk_clear(others);
+			return FALSE;
+		}
+	}
+	return TRUE;
+}
--- a/src/libstrongswan/crypto/key_exchange.h
+++ b/src/libstrongswan/crypto/key_exchange.h
@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2010-2019 Tobias Brunner
+ * Copyright (C) 2010-2020 Tobias Brunner
 * Copyright (C) 2005-2007 Martin Willi
 * Copyright (C) 2005 Jan Hutter
 *
@ -29,6 +29,7 @@ typedef struct key_exchange_t key_exchange_t;
 typedef struct diffie_hellman_params_t diffie_hellman_params_t;

 #include <library.h>
+#include <collections/array.h>

 /**
 * Key exchange method.
@ -209,4 +210,16 @@ bool key_exchange_is_ecdh(key_exchange_method_t ke);
 */
 bool key_exchange_verify_pubkey(key_exchange_method_t ke, chunk_t value);

+/**
+ * Return the first shared secret plus the concatenated additional shared
+ * secrets of all the key exchange methods in the given array.
+ *
+ * @param kes			array of key_exchange_t*
+ * @param secret		first shared secret (allocated)
+ * @param add_secret	concatenated additional shared secrets (allocated)
+ * @return				TRUE on success
+ */
+bool key_exchange_concat_secrets(array_t *kes, chunk_t *secret,
+								 chunk_t *add_secret);
+
 #endif /** KEY_EXCHANGE_H_ @}*/