From 742134c112d9d4b6d8675f41990ed19c36d6ed7b Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Mon, 14 Feb 2022 15:48:17 +0100
Subject: [PATCH] keymat_v2: Refactor CHILD_SA key derivation so it only needs
 one prf+ call

---
 src/libcharon/sa/ikev2/keymat_v2.c | 19 ++++++++-----------
 1 file changed, 8 insertions(+), 11 deletions(-)

diff --git a/src/libcharon/sa/ikev2/keymat_v2.c b/src/libcharon/sa/ikev2/keymat_v2.c
index 4a62a2d299..4a3994740d 100644
--- a/src/libcharon/sa/ikev2/keymat_v2.c
+++ b/src/libcharon/sa/ikev2/keymat_v2.c
@@ -527,7 +527,7 @@ METHOD(keymat_v2_t, derive_child_keys, bool,
 	chunk_t *encr_r, chunk_t *integ_r)
 {
 	uint16_t enc_alg, int_alg, enc_size = 0, int_size = 0;
-	chunk_t seed, secret = chunk_empty;
+	chunk_t seed, secret = chunk_empty, keymat = chunk_empty;
 	prf_plus_t *prf_plus;
 
 	if (proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM,
@@ -619,21 +619,18 @@ METHOD(keymat_v2_t, derive_child_keys, bool,
 	}
 
 	*encr_i = *integ_i = *encr_r = *integ_r = chunk_empty;
-	if (!prf_plus->allocate_bytes(prf_plus, enc_size, encr_i) ||
-		!prf_plus->allocate_bytes(prf_plus, int_size, integ_i) ||
-		!prf_plus->allocate_bytes(prf_plus, enc_size, encr_r) ||
-		!prf_plus->allocate_bytes(prf_plus, int_size, integ_r))
-	{
-		chunk_free(encr_i);
-		chunk_free(integ_i);
-		chunk_free(encr_r);
-		chunk_free(integ_r);
+	keymat.len = 2 * enc_size + 2 * int_size;
+	if (!prf_plus->allocate_bytes(prf_plus, keymat.len, &keymat))
+	{
 		prf_plus->destroy(prf_plus);
 		return FALSE;
 	}
-
 	prf_plus->destroy(prf_plus);
 
+	chunk_split(keymat, "aaaa", enc_size, encr_i, int_size, integ_i,
+				enc_size, encr_r, int_size, integ_r);
+	chunk_clear(&keymat);
+
 	if (enc_size)
 	{
 		DBG4(DBG_CHD, "encryption initiator key %B", encr_i);
-- 
2.47.2