From: Tobias Brunner <tobias@strongswan.org>
Date: Mon, 14 Mar 2022 15:56:32 +0000 (+0100)
Subject: crypto: Add new KDF type for IKEv2 PRFs
X-Git-Tag: 5.9.6rc1~2^2~7
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=37dbc87960252c905593760652a1915130e524ee;p=thirdparty%2Fstrongswan.git

crypto: Add new KDF type for IKEv2 PRFs
---

diff --git a/src/libstrongswan/crypto/crypto_tester.c b/src/libstrongswan/crypto/crypto_tester.c
index 3aad7773ad..0247ce6f63 100644
--- a/src/libstrongswan/crypto/crypto_tester.c
+++ b/src/libstrongswan/crypto/crypto_tester.c
@@ -1217,6 +1217,7 @@ static kdf_t *create_kdf_vector(kdf_constructor_t create,
 {
 	switch (alg)
 	{
+		case KDF_PRF:
 		case KDF_PRF_PLUS:
 			return create_kdf_args(create, alg, vector->arg.prf);
 		case KDF_UNDEFINED:
@@ -1235,6 +1236,7 @@ static bool kdf_vector_applies(key_derivation_function_t alg,
 
 	switch (alg)
 	{
+		case KDF_PRF:
 		case KDF_PRF_PLUS:
 		{
 			pseudo_random_function_t prf;
diff --git a/src/libstrongswan/crypto/kdfs/kdf.c b/src/libstrongswan/crypto/kdfs/kdf.c
index f597629c67..f218013cb1 100644
--- a/src/libstrongswan/crypto/kdfs/kdf.c
+++ b/src/libstrongswan/crypto/kdfs/kdf.c
@@ -24,6 +24,7 @@
 
 ENUM(key_derivation_function_names, KDF_UNDEFINED, KDF_PRF_PLUS,
 	"KDF_UNDEFINED",
+	"KDF_PRF",
 	"KDF_PRF_PLUS",
 );
 
@@ -34,6 +35,8 @@ bool kdf_has_fixed_output_length(key_derivation_function_t type)
 {
 	switch (type)
 	{
+		case KDF_PRF:
+			return TRUE;
 		case KDF_PRF_PLUS:
 		case KDF_UNDEFINED:
 			break;
diff --git a/src/libstrongswan/crypto/kdfs/kdf.h b/src/libstrongswan/crypto/kdfs/kdf.h
index 2e741153e0..5e06d2a616 100644
--- a/src/libstrongswan/crypto/kdfs/kdf.h
+++ b/src/libstrongswan/crypto/kdfs/kdf.h
@@ -41,9 +41,16 @@ enum key_derivation_function_t {
 
 	KDF_UNDEFINED,
 
+	/**
+	 * RFC 7296 prf, expects a pseudo_random_function_t in the constructor,
+	 * parameters are KEY (DH secret) and SALT (nonces).
+	 * Has a fixed output length.
+	 */
+	KDF_PRF,
+
 	/**
 	 * RFC 7296 prf+, expects a pseudo_random_function_t in the constructor,
-	 * parameters are KEY and SALT.
+	 * parameters are KEY (SKEYSEED/SK_d) and SALT (nonces etc.).
 	 */
 	KDF_PRF_PLUS,
 };