From: Tobias Brunner Date: Fri, 20 Jul 2018 14:02:19 +0000 (+0200) Subject: oqs: Allow different paths to generate/encapsulate the shared secret X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9dbc133bc9d2af2c143d8a29c22ce67349121d97;p=thirdparty%2Fstrongswan.git oqs: Allow different paths to generate/encapsulate the shared secret This way we don't have to generate the QSKE payload before we can query the shared secret. --- diff --git a/src/libstrongswan/plugins/oqs/oqs_qske.c b/src/libstrongswan/plugins/oqs/oqs_qske.c index 725630bcf6..b30239afa7 100644 --- a/src/libstrongswan/plugins/oqs/oqs_qske.c +++ b/src/libstrongswan/plugins/oqs/oqs_qske.c @@ -89,30 +89,39 @@ METHOD(qske_t, get_public_key, bool, return TRUE; } -METHOD(qske_t, get_ciphertext, bool, - private_oqs_qske_t *this, chunk_t *value) +/** + * Generate the shared secret and encrypt it with the configured public key + */ +static bool encaps_shared_secret(private_oqs_qske_t *this) { OQS_STATUS rc; - if (!this->ciphertext) + if (!this->public_key) { - if (!this->public_key) - { - DBG1(DBG_LIB, "no public key available for %N encapsulation", - qske_mechanism_names, this->qske_mechanism); - return FALSE; - } - this->ciphertext = malloc(this->kem->length_ciphertext); - this->shared_secret = malloc(this->kem->length_shared_secret); - memset(this->shared_secret, 0x00, this->kem->length_shared_secret); - rc = OQS_KEM_encaps(this->kem, this->ciphertext, this->shared_secret, - this->public_key); - if (rc != OQS_SUCCESS) - { - DBG1(DBG_LIB, "%N encapsulation failed", - qske_mechanism_names, this->qske_mechanism); - return FALSE; - } + DBG1(DBG_LIB, "no public key available for %N encapsulation", + qske_mechanism_names, this->qske_mechanism); + return FALSE; + } + this->ciphertext = malloc(this->kem->length_ciphertext); + this->shared_secret = malloc(this->kem->length_shared_secret); + memset(this->shared_secret, 0x00, this->kem->length_shared_secret); + rc = OQS_KEM_encaps(this->kem, this->ciphertext, this->shared_secret, + this->public_key); + if (rc != OQS_SUCCESS) + { + DBG1(DBG_LIB, "%N encapsulation failed", + qske_mechanism_names, this->qske_mechanism); + return FALSE; + } + return TRUE; +} + +METHOD(qske_t, get_ciphertext, bool, + private_oqs_qske_t *this, chunk_t *value) +{ + if (!this->ciphertext && !encaps_shared_secret(this)) + { + return FALSE; } *value = chunk_clone(chunk_create(this->ciphertext, this->kem->length_ciphertext)); @@ -122,7 +131,7 @@ METHOD(qske_t, get_ciphertext, bool, METHOD(qske_t, get_shared_secret, bool, private_oqs_qske_t *this, chunk_t *secret) { - if (!this->shared_secret) + if (!this->shared_secret && !encaps_shared_secret(this)) { return FALSE; }