sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-18 00:00:22 -04:00
Code Issues Projects Releases Wiki Activity

Factor out AEAD transform creation

Browse Source 
Introduce static aead_create_from_keys function to initialize AEAD
transforms from key chunks.
This commit is contained in:
Reto Buerki 2012-08-29 10:38:47 +02:00 committed by Tobias Brunner
parent 4be8471fab
commit e285544be2
1 changed files with 92 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

153
src/charon-tkm/src/tkm/tkm_keymat.c
View File

@ -58,6 +58,84 @@ struct private_tkm_keymat_t {
}; };
/**
* Create AEAD transforms from given key chunks.
*
* @param in inbound AEAD transform to allocate, NULL if failed
* @param out outbound AEAD transform to allocate, NULL if failed
* @param sk_ai SK_ai key chunk
* @param sk_ar SK_ar key chunk
* @param sk_ei SK_ei key chunk
* @param sk_er SK_er key chunk
* @param enc_alg encryption algorithm to use
* @param int_alg integrity algorithm to use
* @param key_size encryption key size in bytes
* @param initiator TRUE if initiator
*/
static void aead_create_from_keys(aead_t **in, aead_t **out,
const chunk_t * const sk_ai, const chunk_t * const sk_ar,
const chunk_t * const sk_ei, const chunk_t * const sk_er,
const u_int16_t enc_alg, const u_int16_t int_alg,
const u_int16_t key_size, bool initiator)
{
*in = *out = NULL;
signer_t * const signer_i = lib->crypto->create_signer(lib->crypto, int_alg);
signer_t * const signer_r = lib->crypto->create_signer(lib->crypto, int_alg);
if (signer_i == NULL || signer_r == NULL)
{
DBG1(DBG_IKE, "%N %N not supported!",
transform_type_names, INTEGRITY_ALGORITHM,
integrity_algorithm_names, int_alg);
return;
}
crypter_t * const crypter_i = lib->crypto->create_crypter(lib->crypto,
enc_alg, key_size);
crypter_t * const crypter_r = lib->crypto->create_crypter(lib->crypto,
enc_alg, key_size);
if (crypter_i == NULL || crypter_r == NULL)
{
signer_i->destroy(signer_i);
signer_r->destroy(signer_r);
DBG1(DBG_IKE, "%N %N (key size %d) not supported!",
transform_type_names, ENCRYPTION_ALGORITHM,
encryption_algorithm_names, enc_alg, key_size);
return;
}
DBG4(DBG_IKE, "Sk_ai %B", sk_ai);
if (!signer_i->set_key(signer_i, *sk_ai))
{
return;
}
DBG4(DBG_IKE, "Sk_ar %B", sk_ar);
if (!signer_r->set_key(signer_r, *sk_ar))
{
return;
}
DBG4(DBG_IKE, "Sk_ei %B", sk_ei);
if (!crypter_i->set_key(crypter_i, *sk_ei))
{
return;
}
DBG4(DBG_IKE, "Sk_er %B", sk_er);
if (!crypter_r->set_key(crypter_r, *sk_er))
{
return;
}
if (initiator)
{
*in = aead_create(crypter_r, signer_r);
*out = aead_create(crypter_i, signer_i);
}
else
{
*in = aead_create(crypter_i, signer_i);
*out = aead_create(crypter_r, signer_r);
}
}
METHOD(keymat_t, get_version, ike_version_t, METHOD(keymat_t, get_version, ike_version_t,
private_tkm_keymat_t *this) private_tkm_keymat_t *this)
{ {
@ -145,73 +223,26 @@ METHOD(tkm_keymat_t, derive_ike_keys, bool,
return FALSE; return FALSE;
} }
/* Initialize AEAD with crypters and signers */ chunk_t c_ai, c_ar, c_ei, c_er;
signer_t * const signer_i = lib->crypto->create_signer(lib->crypto, int_alg); sequence_to_chunk(sk_ai.data, sk_ai.size, &c_ai);
signer_t * const signer_r = lib->crypto->create_signer(lib->crypto, int_alg); sequence_to_chunk(sk_ar.data, sk_ar.size, &c_ar);
if (signer_i == NULL || signer_r == NULL) sequence_to_chunk(sk_ei.data, sk_ei.size, &c_ei);
{ sequence_to_chunk(sk_er.data, sk_er.size, &c_er);
DBG1(DBG_IKE, "%N %N not supported!",
transform_type_names, INTEGRITY_ALGORITHM,
integrity_algorithm_names, int_alg);
return FALSE;
}
crypter_t * const crypter_i = lib->crypto->create_crypter(lib->crypto,
enc_alg, key_size / 8);
crypter_t * const crypter_r = lib->crypto->create_crypter(lib->crypto,
enc_alg, key_size / 8);
if (crypter_i == NULL || crypter_r == NULL)
{
signer_i->destroy(signer_i);
signer_r->destroy(signer_r);
DBG1(DBG_IKE, "%N %N (key size %d) not supported!",
transform_type_names, ENCRYPTION_ALGORITHM,
encryption_algorithm_names, enc_alg, key_size);
return FALSE;
}
chunk_t key; aead_create_from_keys(&this->aead_in, &this->aead_out,
sequence_to_chunk(sk_ai.data, sk_ai.size, &key); &c_ai, &c_ar, &c_ei, &c_er,
DBG4(DBG_IKE, "Sk_ai %B", &key); enc_alg, int_alg, key_size / 8, this->initiator);
if (!signer_i->set_key(signer_i, key))
{
return FALSE;
}
chunk_clear(&key);
sequence_to_chunk(sk_ar.data, sk_ar.size, &key); chunk_clear(&c_ai);
DBG4(DBG_IKE, "Sk_ar %B", &key); chunk_clear(&c_ar);
if (!signer_r->set_key(signer_r, key)) chunk_clear(&c_ei);
{ chunk_clear(&c_er);
return FALSE;
}
chunk_clear(&key);
sequence_to_chunk(sk_ei.data, sk_ei.size, &key); if (!this->aead_in || !this->aead_out)
DBG4(DBG_IKE, "Sk_ei %B", &key);
if (!crypter_i->set_key(crypter_i, key))
{ {
DBG1(DBG_IKE, "could not initialize AEAD transforms");
return FALSE; return FALSE;
} }
chunk_clear(&key);
sequence_to_chunk(sk_er.data, sk_er.size, &key);
DBG4(DBG_IKE, "Sk_er %B", &key);
if (!crypter_r->set_key(crypter_r, key))
{
return FALSE;
}
chunk_clear(&key);
if (this->initiator)
{
this->aead_in = aead_create(crypter_r, signer_r);
this->aead_out = aead_create(crypter_i, signer_i);
}
else
{
this->aead_in = aead_create(crypter_i, signer_i);
this->aead_out = aead_create(crypter_r, signer_r);
}
/* TODO: Add failure handler (see keymat_v2.c) */ /* TODO: Add failure handler (see keymat_v2.c) */