From: Tobias Brunner Date: Fri, 23 Jul 2021 12:53:15 +0000 (+0200) Subject: botan: Move shared secret calculation to get_shared_secret() X-Git-Tag: 5.9.7dr2~1^2~6 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=31f467d70b6f7adf9f8d92d1ba94b306e8f6e84b;p=thirdparty%2Fstrongswan.git botan: Move shared secret calculation to get_shared_secret() --- diff --git a/src/libstrongswan/plugins/botan/botan_diffie_hellman.c b/src/libstrongswan/plugins/botan/botan_diffie_hellman.c index 4b54175858..cacc220d65 100644 --- a/src/libstrongswan/plugins/botan/botan_diffie_hellman.c +++ b/src/libstrongswan/plugins/botan/botan_diffie_hellman.c @@ -54,7 +54,12 @@ struct private_botan_diffie_hellman_t { /** * Private key */ - botan_privkey_t dh_key; + botan_privkey_t key; + + /** + * Public key value provided by peer + */ + chunk_t pubkey; /** * Diffie hellman shared secret @@ -84,8 +89,8 @@ bool load_private_key(private_botan_diffie_hellman_t *this, chunk_t value) return FALSE; } - if (botan_privkey_destroy(this->dh_key) || - botan_privkey_load_dh(&this->dh_key, this->p, this->g, xa)) + if (botan_privkey_destroy(this->key) || + botan_privkey_load_dh(&this->key, this->p, this->g, xa)) { botan_mp_destroy(xa); return FALSE; @@ -102,9 +107,9 @@ METHOD(key_exchange_t, set_public_key, bool, return FALSE; } - chunk_clear(&this->shared_secret); - - return botan_dh_key_derivation(this->dh_key, value, &this->shared_secret); + chunk_clear(&this->pubkey); + this->pubkey = chunk_clone(value); + return TRUE; } METHOD(key_exchange_t, get_public_key, bool, @@ -113,14 +118,14 @@ METHOD(key_exchange_t, get_public_key, bool, *value = chunk_empty; /* get key size of public key first */ - if (botan_pk_op_key_agreement_export_public(this->dh_key, NULL, &value->len) + if (botan_pk_op_key_agreement_export_public(this->key, NULL, &value->len) != BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE) { return FALSE; } *value = chunk_alloc(value->len); - if (botan_pk_op_key_agreement_export_public(this->dh_key, value->ptr, + if (botan_pk_op_key_agreement_export_public(this->key, value->ptr, &value->len)) { chunk_clear(value); @@ -139,7 +144,8 @@ METHOD(key_exchange_t, set_private_key, bool, METHOD(key_exchange_t, get_shared_secret, bool, private_botan_diffie_hellman_t *this, chunk_t *secret) { - if (!this->shared_secret.len) + if (!this->shared_secret.len && + !botan_dh_key_derivation(this->key, this->pubkey, &this->shared_secret)) { return FALSE; } @@ -158,8 +164,9 @@ METHOD(key_exchange_t, destroy, void, { botan_mp_destroy(this->p); botan_mp_destroy(this->g); - botan_privkey_destroy(this->dh_key); + botan_privkey_destroy(this->key); chunk_clear(&this->shared_secret); + chunk_clear(&this->pubkey); free(this); } diff --git a/src/libstrongswan/plugins/botan/botan_ec_diffie_hellman.c b/src/libstrongswan/plugins/botan/botan_ec_diffie_hellman.c index 871e58c565..5ebaca4c44 100644 --- a/src/libstrongswan/plugins/botan/botan_ec_diffie_hellman.c +++ b/src/libstrongswan/plugins/botan/botan_ec_diffie_hellman.c @@ -60,6 +60,11 @@ struct private_botan_ec_diffie_hellman_t { */ botan_privkey_t key; + /** + * Public key value provided by peer + */ + chunk_t pubkey; + /** * Shared secret */ @@ -74,12 +79,10 @@ METHOD(key_exchange_t, set_public_key, bool, return FALSE; } - chunk_clear(&this->shared_secret); - + chunk_clear(&this->pubkey); /* prepend 0x04 to indicate uncompressed point format */ - value = chunk_cata("cc", chunk_from_chars(0x04), value); - - return botan_dh_key_derivation(this->key, value, &this->shared_secret); + this->pubkey = chunk_cat("cc", chunk_from_chars(0x04), value); + return TRUE; } METHOD(key_exchange_t, get_public_key, bool, @@ -135,7 +138,8 @@ METHOD(key_exchange_t, set_private_key, bool, METHOD(key_exchange_t, get_shared_secret, bool, private_botan_ec_diffie_hellman_t *this, chunk_t *secret) { - if (!this->shared_secret.len) + if (!this->shared_secret.len && + !botan_dh_key_derivation(this->key, this->pubkey, &this->shared_secret)) { return FALSE; } @@ -154,6 +158,7 @@ METHOD(key_exchange_t, destroy, void, { botan_privkey_destroy(this->key); chunk_clear(&this->shared_secret); + chunk_clear(&this->pubkey); free(this); } diff --git a/src/libstrongswan/plugins/botan/botan_x25519.c b/src/libstrongswan/plugins/botan/botan_x25519.c index 184ce2e8da..8323e555dc 100644 --- a/src/libstrongswan/plugins/botan/botan_x25519.c +++ b/src/libstrongswan/plugins/botan/botan_x25519.c @@ -49,6 +49,11 @@ struct private_diffie_hellman_t { */ botan_privkey_t key; + /** + * Public key value provided by peer + */ + chunk_t pubkey; + /** * Shared secret */ @@ -63,9 +68,9 @@ METHOD(key_exchange_t, set_public_key, bool, return FALSE; } - chunk_clear(&this->shared_secret); - - return botan_dh_key_derivation(this->key, value, &this->shared_secret); + chunk_clear(&this->pubkey); + this->pubkey = chunk_clone(value); + return TRUE; } METHOD(key_exchange_t, get_public_key, bool, @@ -113,7 +118,8 @@ METHOD(key_exchange_t, set_private_key, bool, METHOD(key_exchange_t, get_shared_secret, bool, private_diffie_hellman_t *this, chunk_t *secret) { - if (!this->shared_secret.len) + if (!this->shared_secret.len && + !botan_dh_key_derivation(this->key, this->pubkey, &this->shared_secret)) { return FALSE; } @@ -132,6 +138,7 @@ METHOD(key_exchange_t, destroy, void, { botan_privkey_destroy(this->key); chunk_clear(&this->shared_secret); + chunk_clear(&this->pubkey); free(this); }