}
data = chunk_cata("cc", chunk_create(ik, AKA_IK_LEN),
chunk_create(ck, AKA_CK_LEN));
- free(this->msk.ptr);
- this->msk = this->crypto->derive_keys_full(this->crypto, id, data, &mk);
+ chunk_clear(&this->msk);
+ if (!this->crypto->derive_keys_full(this->crypto, id, data, &mk, &this->msk))
+ {
+ return FAILED;
+ }
memcpy(this->mk, mk.ptr, mk.len);
- free(mk.ptr);
+ chunk_clear(&mk);
/* Verify AT_MAC attribute and parse() again after key derivation,
* reading encrypted attributes */
return NEED_MORE;
}
- this->crypto->derive_keys_reauth(this->crypto,
- chunk_create(this->mk, HASH_SIZE_SHA1));
+ if (!this->crypto->derive_keys_reauth(this->crypto,
+ chunk_create(this->mk, HASH_SIZE_SHA1)))
+ {
+ return FAILED;
+ }
/* verify MAC and parse again with decryption key */
if (!in->verify(in, chunk_empty) || !in->parse(in))
}
else
{
- free(this->msk.ptr);
- this->msk = this->crypto->derive_keys_reauth_msk(this->crypto,
- this->reauth, counter, nonce,
- chunk_create(this->mk, HASH_SIZE_SHA1));
+ chunk_clear(&this->msk);
+ if (!this->crypto->derive_keys_reauth_msk(this->crypto,
+ this->reauth, counter, nonce,
+ chunk_create(this->mk, HASH_SIZE_SHA1), &this->msk))
+ {
+ message->destroy(message);
+ return FAILED;
+ }
if (id.len)
{
identification_t *reauth;
}
data = chunk_cata("cc", chunk_create(ik, AKA_IK_LEN),
chunk_create(ck, AKA_CK_LEN));
- free(this->msk.ptr);
- this->msk = this->crypto->derive_keys_full(this->crypto, id, data, &mk);
+ chunk_clear(&this->msk);
+ if (!this->crypto->derive_keys_full(this->crypto, id, data, &mk, &this->msk))
+ {
+ return FAILED;
+ }
this->rand = chunk_clone(chunk_create(rand, AKA_RAND_LEN));
this->xres = chunk_clone(chunk_create(xres, xres_len));
counter = htons(counter);
this->counter = chunk_clone(chunk_create((char*)&counter, sizeof(counter)));
- this->crypto->derive_keys_reauth(this->crypto, mkc);
- this->msk = this->crypto->derive_keys_reauth_msk(this->crypto,
- this->reauth, this->counter, this->nonce, mkc);
+ if (!this->crypto->derive_keys_reauth(this->crypto, mkc) ||
+ !this->crypto->derive_keys_reauth_msk(this->crypto,
+ this->reauth, this->counter, this->nonce, mkc, &this->msk))
+ {
+ return FAILED;
+ }
message = simaka_message_create(TRUE, this->identifier++, EAP_AKA,
AKA_REAUTHENTICATION, this->crypto);
id = this->pseudonym;
}
data = chunk_cata("cccc", kcs, this->nonce, this->version_list, version);
- free(this->msk.ptr);
- this->msk = this->crypto->derive_keys_full(this->crypto, id, data, &mk);
+ chunk_clear(&this->msk);
+ if (!this->crypto->derive_keys_full(this->crypto, id, data, &mk, &this->msk))
+ {
+ return FAILED;
+ }
memcpy(this->mk, mk.ptr, mk.len);
- free(mk.ptr);
+ chunk_clear(&mk);
/* Verify AT_MAC attribute, signature is over "EAP packet | NONCE_MT", and
* parse() again after key derivation, reading encrypted attributes */
return NEED_MORE;
}
- this->crypto->derive_keys_reauth(this->crypto,
- chunk_create(this->mk, HASH_SIZE_SHA1));
+ if (!this->crypto->derive_keys_reauth(this->crypto,
+ chunk_create(this->mk, HASH_SIZE_SHA1)))
+ {
+ return FAILED;
+ }
/* verify MAC and parse again with decryption key */
if (!in->verify(in, chunk_empty) || !in->parse(in))
}
else
{
- free(this->msk.ptr);
- this->msk = this->crypto->derive_keys_reauth_msk(this->crypto,
- this->reauth, counter, nonce,
- chunk_create(this->mk, HASH_SIZE_SHA1));
+ chunk_clear(&this->msk);
+ if (!this->crypto->derive_keys_reauth_msk(this->crypto,
+ this->reauth, counter, nonce,
+ chunk_create(this->mk, HASH_SIZE_SHA1), &this->msk))
+ {
+ message->destroy(message);
+ return FAILED;
+ }
if (id.len)
{
identification_t *reauth;
counter = htons(counter);
this->counter = chunk_clone(chunk_create((char*)&counter, sizeof(counter)));
- this->crypto->derive_keys_reauth(this->crypto, mkc);
- this->msk = this->crypto->derive_keys_reauth_msk(this->crypto,
- this->reauth, this->counter, this->nonce, mkc);
+ if (!this->crypto->derive_keys_reauth(this->crypto, mkc) ||
+ !this->crypto->derive_keys_reauth_msk(this->crypto,
+ this->reauth, this->counter, this->nonce, mkc, &this->msk))
+ {
+ return FAILED;
+ }
message = simaka_message_create(TRUE, this->identifier++, EAP_SIM,
SIM_REAUTHENTICATION, this->crypto);
{
id = this->pseudonym;
}
- this->msk = this->crypto->derive_keys_full(this->crypto, id, data, &mk);
+ if (!this->crypto->derive_keys_full(this->crypto, id, data, &mk, &this->msk))
+ {
+ return FAILED;
+ }
/* build response with AT_MAC, built over "EAP packet | NONCE_MT" */
message = simaka_message_create(TRUE, this->identifier++, EAP_SIM,
mgr->key_hook(mgr, encr, auth);
}
-METHOD(simaka_crypto_t, derive_keys_full, chunk_t,
+METHOD(simaka_crypto_t, derive_keys_full, bool,
private_simaka_crypto_t *this, identification_t *id,
- chunk_t data, chunk_t *mk)
+ chunk_t data, chunk_t *mk, chunk_t *msk)
{
- chunk_t str, msk, k_encr, k_auth;
+ chunk_t str, k_encr, k_auth;
int i;
/* For SIM: MK = SHA1(Identity|n*Kc|NONCE_MT|Version List|Selected Version)
k_encr = chunk_create(str.ptr, KENCR_LEN);
k_auth = chunk_create(str.ptr + KENCR_LEN, KAUTH_LEN);
- msk = chunk_create(str.ptr + KENCR_LEN + KAUTH_LEN, MSK_LEN);
DBG3(DBG_LIB, "K_encr %B\nK_auth %B\nMSK %B", &k_encr, &k_auth, &msk);
this->signer->set_key(this->signer, k_auth);
this->crypter->set_key(this->crypter, k_encr);
+ *msk = chunk_create(str.ptr + KENCR_LEN + KAUTH_LEN, MSK_LEN);
+
call_hook(this, k_encr, k_auth);
this->derived = TRUE;
- return chunk_clone(msk);
+ return TRUE;
}
-METHOD(simaka_crypto_t, derive_keys_reauth, void,
+METHOD(simaka_crypto_t, derive_keys_reauth, bool,
private_simaka_crypto_t *this, chunk_t mk)
{
chunk_t str, k_encr, k_auth;
call_hook(this, k_encr, k_auth);
this->derived = TRUE;
+ return TRUE;
}
-METHOD(simaka_crypto_t, derive_keys_reauth_msk, chunk_t,
+METHOD(simaka_crypto_t, derive_keys_reauth_msk, bool,
private_simaka_crypto_t *this, identification_t *id, chunk_t counter,
- chunk_t nonce_s, chunk_t mk)
+ chunk_t nonce_s, chunk_t mk, chunk_t *msk)
{
char xkey[HASH_SIZE_SHA1];
- chunk_t str, msk;
+ chunk_t str;
int i;
this->hasher->get_hash(this->hasher, id->get_encoding(id), NULL);
{
this->prf->get_bytes(this->prf, chunk_empty, str.ptr + str.len / 2 * i);
}
- msk = chunk_create(str.ptr, MSK_LEN);
- DBG3(DBG_LIB, "MSK %B", &msk);
+ *msk = chunk_create(str.ptr, MSK_LEN);
+ DBG3(DBG_LIB, "MSK %B", msk);
- return chunk_clone(msk);
+ return TRUE;
}
METHOD(simaka_crypto_t, clear_keys, void,
* @param id peer identity
* @param data method specific data
* @param mk chunk receiving allocated master key MK
- * @return allocated MSK value
+ * @param msk chunk receiving allocated MSK
+ * @return TRUE if keys allocated and derived successfully
*/
- chunk_t (*derive_keys_full)(simaka_crypto_t *this, identification_t *id,
- chunk_t data, chunk_t *mk);
+ bool (*derive_keys_full)(simaka_crypto_t *this, identification_t *id,
+ chunk_t data, chunk_t *mk, chunk_t *msk);
/**
* Derive k_encr/k_auth keys from MK using fast reauthentication.
* internal crypter/signer instances.
*
* @param mk master key
+ * @return TRUE if keys derived successfully
*/
- void (*derive_keys_reauth)(simaka_crypto_t *this, chunk_t mk);
+ bool (*derive_keys_reauth)(simaka_crypto_t *this, chunk_t mk);
/**
* Derive MSK using fast reauthentication.
* @param counter fast reauthentication counter value, network order
* @param nonce_s server generated NONCE_S value
* @param mk master key of last full authentication
+ * @param msk chunk receiving allocated MSK
+ * @return TRUE if MSK allocated and derived successfully
*/
- chunk_t (*derive_keys_reauth_msk)(simaka_crypto_t *this,
- identification_t *id, chunk_t counter,
- chunk_t nonce_s, chunk_t mk);
+ bool (*derive_keys_reauth_msk)(simaka_crypto_t *this,
+ identification_t *id, chunk_t counter,
+ chunk_t nonce_s, chunk_t mk, chunk_t *msk);
/**
* Clear keys (partially) derived.
projects / thirdparty / strongswan.git / commitdiff
