/*
- * Copyright (C) 2015 Tobias Brunner
+ * Copyright (C) 2015-2019 Tobias Brunner
* Copyright (C) 2012 Reto Buerki
* Copyright (C) 2012 Adrian-Ken Rueegsegger
*
return this->aead;
}
+METHOD(keymat_v2_t, get_int_auth, bool,
+ private_tkm_keymat_t *this, bool verify, chunk_t data, chunk_t prev,
+ chunk_t *auth)
+{
+ DBG1(DBG_IKE, "TKM doesn't support IntAuth calculation");
+ return FALSE;
+}
+
METHOD(keymat_v2_t, get_auth_octets, bool,
private_tkm_keymat_t *this, bool verify, chunk_t ike_sa_init,
chunk_t nonce, chunk_t ppk, identification_t *id, char reserved[3],
.derive_ike_keys_ppk = (void*)return_false,
.derive_child_keys = _derive_child_keys,
.get_skd = _get_skd,
+ .get_int_auth = _get_int_auth,
.get_auth_octets = _get_auth_octets,
.get_psk_sig = _get_psk_sig,
.add_hash_algorithm = _add_hash_algorithm,
/*
- * Copyright (C) 2015 Tobias Brunner
+ * Copyright (C) 2015-2019 Tobias Brunner
* Copyright (C) 2008 Martin Willi
*
* Copyright (C) secunet Security Networks AG
return FALSE;
}
this->prf_alg = prf_alg;
+ DESTROY_IF(this->prf);
this->prf = lib->crypto->create_prf(lib->crypto, this->prf_alg);
if (!this->prf)
{
return in ? this->aead_in : this->aead_out;
}
+METHOD(keymat_v2_t, get_int_auth, bool,
+ private_keymat_v2_t *this, bool verify, chunk_t data, chunk_t prev,
+ chunk_t *auth)
+{
+ chunk_t skp;
+
+ skp = verify ? this->skp_verify : this->skp_build;
+
+ DBG3(DBG_IKE, "IntAuth_N-1 %B", &prev);
+ DBG3(DBG_IKE, "IntAuth_A|P %B", &data);
+ DBG4(DBG_IKE, "SK_p %B", &skp);
+ data = chunk_cata("cc", prev, data);
+ if (!this->prf->set_key(this->prf, skp) ||
+ !this->prf->allocate_bytes(this->prf, data, auth))
+ {
+ return FALSE;
+ }
+ DBG3(DBG_IKE, "IntAuth_N = prf(Sk_px, data) %B", auth);
+ return TRUE;
+}
+
METHOD(keymat_v2_t, get_auth_octets, bool,
private_keymat_v2_t *this, bool verify, chunk_t ike_sa_init,
chunk_t nonce, chunk_t ppk, identification_t *id, char reserved[3],
chunk_free(&octets);
chunk_free(&key);
return success;
-
}
METHOD(keymat_v2_t, hash_algorithm_supported, bool,
.derive_ike_keys_ppk = _derive_ike_keys_ppk,
.derive_child_keys = _derive_child_keys,
.get_skd = _get_skd,
+ .get_int_auth = _get_int_auth,
.get_auth_octets = _get_auth_octets,
.get_psk_sig = _get_psk_sig,
.add_hash_algorithm = _add_hash_algorithm,
/*
- * Copyright (C) 2011-2015 Tobias Brunner
+ * Copyright (C) 2011-2019 Tobias Brunner
*
* Copyright (C) secunet Security Networks AG
*
chunk_t nonce_i, chunk_t nonce_r,
chunk_t *encr_i, chunk_t *integ_i,
chunk_t *encr_r, chunk_t *integ_r);
+
/**
* Get SKd to pass to derive_ikey_keys() during rekeying.
*
*/
pseudo_random_function_t (*get_skd)(keymat_v2_t *this, chunk_t *skd);
+ /**
+ * Generate data for signed octets when using IKE_INTEMEDIATE exchanges.
+ *
+ * The supplied chunk must contain the IKE header until the end of the
+ * Encrypted Payload header followed by the plaintext contents of the
+ * latter.
+ *
+ * @param verify TRUE as recipient, FALSE as sender
+ * @param data IKE_INTERMEDIATE packet data
+ * @param prev previous IntAuth value
+ * @param[out] auth IntAuth data to be used later with get_auth_octets()
+ * @return TRUE if octets created successfully
+ */
+ bool (*get_int_auth)(keymat_v2_t *this, bool verify, chunk_t data,
+ chunk_t prev, chunk_t *auth);
+
/**
* Generate octets to use for authentication procedure (RFC4306 2.15).
*
projects / thirdparty / strongswan.git / commitdiff
