From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 9 Apr 2020 09:36:30 +0000 (+0200)
Subject: key-exchange: Add helper to concatenate shared secrets of several key exchanges
X-Git-Tag: 6.0.0rc1~56^2~22
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c36eaf42da92e83e9e190aa960b0431c6c3632f5;p=thirdparty%2Fstrongswan.git

key-exchange: Add helper to concatenate shared secrets of several key exchanges
---

diff --git a/src/libstrongswan/crypto/key_exchange.c b/src/libstrongswan/crypto/key_exchange.c
index d672ec7e8f..5b01139897 100644
--- a/src/libstrongswan/crypto/key_exchange.c
+++ b/src/libstrongswan/crypto/key_exchange.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2010-2019 Tobias Brunner
+ * Copyright (C) 2010-2020 Tobias Brunner
  * Copyright (C) 2005-2010 Martin Willi
  * Copyright (C) 2005 Jan Hutter
  *
@@ -619,3 +619,43 @@ bool key_exchange_verify_pubkey(key_exchange_method_t ke, chunk_t value)
 	}
 	return valid;
 }
+
+/*
+ * Described in header
+ */
+bool key_exchange_concat_secrets(array_t *kes, chunk_t *first,
+								 chunk_t *others)
+{
+	key_exchange_t *ke;
+	chunk_t secret;
+	int i;
+
+	if (!array_count(kes))
+	{
+		return FALSE;
+	}
+	*first = chunk_empty;
+	*others = chunk_empty;
+	for (i = 0; i < array_count(kes); i++)
+	{
+		if (array_get(kes, i, &ke) &&
+			ke->get_shared_secret(ke, &secret))
+		{
+			if (i == 0)
+			{
+				*first = secret;
+			}
+			else
+			{
+				*others = chunk_cat("ss", *others, secret);
+			}
+		}
+		else
+		{
+			chunk_clear(first);
+			chunk_clear(others);
+			return FALSE;
+		}
+	}
+	return TRUE;
+}
diff --git a/src/libstrongswan/crypto/key_exchange.h b/src/libstrongswan/crypto/key_exchange.h
index 70d6d49938..73bf61f06e 100644
--- a/src/libstrongswan/crypto/key_exchange.h
+++ b/src/libstrongswan/crypto/key_exchange.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2010-2019 Tobias Brunner
+ * Copyright (C) 2010-2020 Tobias Brunner
  * Copyright (C) 2005-2007 Martin Willi
  * Copyright (C) 2005 Jan Hutter
  *
@@ -29,6 +29,7 @@ typedef struct key_exchange_t key_exchange_t;
 typedef struct diffie_hellman_params_t diffie_hellman_params_t;
 
 #include <library.h>
+#include <collections/array.h>
 
 /**
  * Key exchange method.
@@ -209,4 +210,16 @@ bool key_exchange_is_ecdh(key_exchange_method_t ke);
  */
 bool key_exchange_verify_pubkey(key_exchange_method_t ke, chunk_t value);
 
+/**
+ * Return the first shared secret plus the concatenated additional shared
+ * secrets of all the key exchange methods in the given array.
+ *
+ * @param kes			array of key_exchange_t*
+ * @param secret		first shared secret (allocated)
+ * @param add_secret	concatenated additional shared secrets (allocated)
+ * @return				TRUE on success
+ */
+bool key_exchange_concat_secrets(array_t *kes, chunk_t *secret,
+								 chunk_t *add_secret);
+
 #endif /** KEY_EXCHANGE_H_ @}*/