From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 20 Aug 2019 14:18:05 +0000 (+0200)
Subject: keymat_v2: Include optional IntAuth in signed octets
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=b8e29954f52e2cb55f7504d358853e14198fe3a5;p=thirdparty%2Fstrongswan.git

keymat_v2: Include optional IntAuth in signed octets
---

diff --git a/src/charon-tkm/src/tkm/tkm_keymat.c b/src/charon-tkm/src/tkm/tkm_keymat.c
index adb060327b..4a74d2a0c0 100644
--- a/src/charon-tkm/src/tkm/tkm_keymat.c
+++ b/src/charon-tkm/src/tkm/tkm_keymat.c
@@ -392,8 +392,8 @@ METHOD(keymat_v2_t, get_int_auth, bool,
 
 METHOD(keymat_v2_t, get_auth_octets, bool,
 	private_tkm_keymat_t *this, bool verify, chunk_t ike_sa_init,
-	chunk_t nonce, chunk_t ppk, identification_t *id, char reserved[3],
-	chunk_t *octets, array_t *schemes)
+	chunk_t nonce, chunk_t int_auth, chunk_t ppk, identification_t *id,
+	char reserved[3], chunk_t *octets, array_t *schemes)
 {
 	sign_info_t *sign;
 
@@ -435,8 +435,8 @@ METHOD(keymat_v2_t, get_skd, pseudo_random_function_t,
 
 METHOD(keymat_v2_t, get_psk_sig, bool,
 	private_tkm_keymat_t *this, bool verify, chunk_t ike_sa_init, chunk_t nonce,
-	chunk_t secret, chunk_t ppk, identification_t *id, char reserved[3],
-	chunk_t *sig)
+	chunk_t int_auth, chunk_t secret, chunk_t ppk, identification_t *id,
+	char reserved[3], chunk_t *sig)
 {
 	return FALSE;
 }
diff --git a/src/conftest/hooks/pretend_auth.c b/src/conftest/hooks/pretend_auth.c
index 5a86c53926..cc360f2217 100644
--- a/src/conftest/hooks/pretend_auth.c
+++ b/src/conftest/hooks/pretend_auth.c
@@ -238,8 +238,8 @@ static bool build_auth(private_pretend_auth_t *this,
 	}
 	keymat = (keymat_v2_t*)ike_sa->get_keymat(ike_sa);
 	if (!keymat->get_auth_octets(keymat, TRUE, this->ike_init, this->nonce,
-								 chunk_empty, this->id, this->reserved,
-								 &octets, NULL))
+								 chunk_empty, chunk_empty, this->id,
+								 this->reserved, &octets, NULL))
 	{
 		private->destroy(private);
 		return FALSE;
diff --git a/src/conftest/hooks/rebuild_auth.c b/src/conftest/hooks/rebuild_auth.c
index 5676e307bf..bd9c0983bc 100644
--- a/src/conftest/hooks/rebuild_auth.c
+++ b/src/conftest/hooks/rebuild_auth.c
@@ -137,7 +137,8 @@ static bool rebuild_auth(private_rebuild_auth_t *this, ike_sa_t *ike_sa,
 	}
 	keymat = (keymat_v2_t*)ike_sa->get_keymat(ike_sa);
 	if (!keymat->get_auth_octets(keymat, FALSE, this->ike_init, this->nonce,
-								 chunk_empty, id, reserved, &octets, NULL))
+								 chunk_empty, chunk_empty, id, reserved,
+								 &octets, NULL))
 	{
 		private->destroy(private);
 		id->destroy(id);
diff --git a/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c b/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c
index e1e6cd7ee6..7d4c095466 100644
--- a/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c
+++ b/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c
@@ -484,8 +484,8 @@ static bool verify_auth(private_eap_authenticator_t *this, message_t *message,
 
 	other_id = this->ike_sa->get_other_id(this->ike_sa);
 	keymat = (keymat_v2_t*)this->ike_sa->get_keymat(this->ike_sa);
-	if (!keymat->get_psk_sig(keymat, TRUE, init, nonce, this->msk, this->ppk,
-							 other_id, this->reserved, &auth_data))
+	if (!keymat->get_psk_sig(keymat, TRUE, init, nonce, chunk_empty, this->msk,
+							 this->ppk, other_id, this->reserved, &auth_data))
 	{
 		return FALSE;
 	}
@@ -530,8 +530,8 @@ static bool build_auth(private_eap_authenticator_t *this, message_t *message,
 	DBG1(DBG_IKE, "authentication of '%Y' (myself) with %N",
 		 my_id, auth_class_names, AUTH_CLASS_EAP);
 
-	if (!keymat->get_psk_sig(keymat, FALSE, init, nonce, this->msk, this->ppk,
-							 my_id, this->reserved, &auth_data))
+	if (!keymat->get_psk_sig(keymat, FALSE, init, nonce, chunk_empty, this->msk,
+							 this->ppk, my_id, this->reserved, &auth_data))
 	{
 		return FALSE;
 	}
@@ -543,8 +543,9 @@ static bool build_auth(private_eap_authenticator_t *this, message_t *message,
 
 	if (this->no_ppk_auth)
 	{
-		if (!keymat->get_psk_sig(keymat, FALSE, init, nonce, this->msk,
-							chunk_empty, my_id, this->reserved, &auth_data))
+		if (!keymat->get_psk_sig(keymat, FALSE, init, nonce, chunk_empty,
+								 this->msk, chunk_empty, my_id, this->reserved,
+								 &auth_data))
 		{
 			DBG1(DBG_IKE, "failed adding NO_PPK_AUTH notify");
 			return FALSE;
diff --git a/src/libcharon/sa/ikev2/authenticators/psk_authenticator.c b/src/libcharon/sa/ikev2/authenticators/psk_authenticator.c
index 76571e7028..87e9a76e18 100644
--- a/src/libcharon/sa/ikev2/authenticators/psk_authenticator.c
+++ b/src/libcharon/sa/ikev2/authenticators/psk_authenticator.c
@@ -85,8 +85,8 @@ METHOD(authenticator_t, build, status_t,
 		return NOT_FOUND;
 	}
 	if (!keymat->get_psk_sig(keymat, FALSE, this->ike_sa_init, this->nonce,
-							 key->get_key(key), this->ppk, my_id,
-							 this->reserved, &auth_data))
+							 chunk_empty, key->get_key(key), this->ppk,
+							 my_id, this->reserved, &auth_data))
 	{
 		key->destroy(key);
 		return FAILED;
@@ -102,8 +102,8 @@ METHOD(authenticator_t, build, status_t,
 	if (this->no_ppk_auth)
 	{
 		if (!keymat->get_psk_sig(keymat, FALSE, this->ike_sa_init, this->nonce,
-							 key->get_key(key), chunk_empty, my_id,
-							 this->reserved, &auth_data))
+							 chunk_empty, key->get_key(key), chunk_empty,
+							 my_id, this->reserved, &auth_data))
 		{
 			DBG1(DBG_IKE, "failed adding NO_PPK_AUTH notify");
 			key->destroy(key);
@@ -159,8 +159,8 @@ METHOD(authenticator_t, process, status_t,
 		keys_found++;
 
 		if (!keymat->get_psk_sig(keymat, TRUE, this->ike_sa_init, this->nonce,
-								 key->get_key(key), this->ppk, other_id,
-								 this->reserved, &auth_data))
+								 chunk_empty, key->get_key(key), this->ppk,
+								 other_id, this->reserved, &auth_data))
 		{
 			continue;
 		}
diff --git a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
index 97d33a89ef..9ceb9c075a 100644
--- a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
+++ b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
@@ -324,7 +324,8 @@ static status_t sign_signature_auth(private_pubkey_authenticator_t *this,
 	}
 
 	if (keymat->get_auth_octets(keymat, FALSE, this->ike_sa_init, this->nonce,
-							this->ppk, id, this->reserved, &octets, schemes))
+								chunk_empty, this->ppk, id, this->reserved,
+								&octets, schemes))
 	{
 		enumerator = array_create_enumerator(schemes);
 		while (enumerator->enumerate(enumerator, &params))
@@ -346,8 +347,9 @@ static status_t sign_signature_auth(private_pubkey_authenticator_t *this,
 				chunk_free(&octets);
 
 				if (keymat->get_auth_octets(keymat, FALSE, this->ike_sa_init,
-											this->nonce, chunk_empty, id,
-											this->reserved, &octets, schemes) &&
+											this->nonce, chunk_empty,
+											chunk_empty, id, this->reserved,
+											&octets, schemes) &&
 					private->sign(private, params->scheme, params->params,
 								  octets, &auth_data) &&
 					build_signature_auth_data(&auth_data, params))
@@ -409,7 +411,7 @@ static bool get_auth_octets_scheme(private_pubkey_authenticator_t *this,
 
 	keymat = (keymat_v2_t*)this->ike_sa->get_keymat(this->ike_sa);
 	if (keymat->get_auth_octets(keymat, verify, this->ike_sa_init, this->nonce,
-								ppk, id, this->reserved, octets,
+								chunk_empty, ppk, id, this->reserved, octets,
 								schemes) &&
 		array_remove(schemes, 0, scheme))
 	{
diff --git a/src/libcharon/sa/ikev2/keymat_v2.c b/src/libcharon/sa/ikev2/keymat_v2.c
index fb09145eb6..318838e3fd 100644
--- a/src/libcharon/sa/ikev2/keymat_v2.c
+++ b/src/libcharon/sa/ikev2/keymat_v2.c
@@ -738,8 +738,8 @@ METHOD(keymat_v2_t, get_int_auth, bool,
 
 METHOD(keymat_v2_t, get_auth_octets, bool,
 	private_keymat_v2_t *this, bool verify, chunk_t ike_sa_init,
-	chunk_t nonce, chunk_t ppk, identification_t *id, char reserved[3],
-	chunk_t *octets, array_t *schemes)
+	chunk_t nonce, chunk_t int_auth, chunk_t ppk, identification_t *id,
+	char reserved[3], chunk_t *octets, array_t *schemes)
 {
 	chunk_t chunk, idx;
 	chunk_t skp_ppk = chunk_empty;
@@ -770,8 +770,9 @@ METHOD(keymat_v2_t, get_auth_octets, bool,
 		return FALSE;
 	}
 	chunk_clear(&skp_ppk);
-	*octets = chunk_cat("ccm", ike_sa_init, nonce, chunk);
-	DBG3(DBG_IKE, "octets = message + nonce + prf(Sk_px, IDx') %B", octets);
+	*octets = chunk_cat("ccmc", ike_sa_init, nonce, chunk, int_auth);
+	DBG3(DBG_IKE, "octets = message + nonce + prf(Sk_px, IDx') + IntAuth %B",
+		 octets);
 	return TRUE;
 }
 
@@ -782,9 +783,9 @@ METHOD(keymat_v2_t, get_auth_octets, bool,
 #define IKEV2_KEY_PAD_LENGTH 17
 
 METHOD(keymat_v2_t, get_psk_sig, bool,
-	private_keymat_v2_t *this, bool verify, chunk_t ike_sa_init, chunk_t nonce,
-	chunk_t secret, chunk_t ppk, identification_t *id, char reserved[3],
-	chunk_t *sig)
+	private_keymat_v2_t *this, bool verify, chunk_t ike_sa_init,
+	chunk_t nonce, chunk_t int_auth, chunk_t secret, chunk_t ppk,
+	identification_t *id, char reserved[3], chunk_t *sig)
 {
 	chunk_t skp_ppk = chunk_empty, key = chunk_empty, octets = chunk_empty;
 	chunk_t key_pad;
@@ -802,8 +803,8 @@ METHOD(keymat_v2_t, get_psk_sig, bool,
 			secret = skp_ppk;
 		}
 	}
-	if (!get_auth_octets(this, verify, ike_sa_init, nonce, ppk, id, reserved,
-						 &octets, NULL))
+	if (!get_auth_octets(this, verify, ike_sa_init, nonce, int_auth, ppk, id,
+						 reserved, &octets, NULL))
 	{
 		goto failure;
 	}
diff --git a/src/libcharon/sa/ikev2/keymat_v2.h b/src/libcharon/sa/ikev2/keymat_v2.h
index 1ebffda0ba..f7aec4b697 100644
--- a/src/libcharon/sa/ikev2/keymat_v2.h
+++ b/src/libcharon/sa/ikev2/keymat_v2.h
@@ -122,21 +122,23 @@ struct keymat_v2_t {
 	 * the get_psk_sig() method instead.
 	 *
 	 * @param verify		TRUE to create for verification, FALSE to sign
-	 * @param ike_sa_init	encoded ike_sa_init message
+	 * @param ike_sa_init	encoded IKE_SA_INIT message
 	 * @param nonce			nonce value
+	 * @param int_auth		concatenated data of IKE_INTERMEDIATE exchanges
 	 * @param ppk			optional postquantum preshared key
 	 * @param id			identity
 	 * @param reserved		reserved bytes of id_payload
-	 * @param octests		chunk receiving allocated auth octets
+	 * @param octets		chunk receiving allocated auth octets
 	 * @param schemes		array containing signature schemes
 	 * 						(signature_params_t*) in case they need to be
 	 *						modified by the keymat implementation
 	 * @return				TRUE if octets created successfully
 	 */
 	bool (*get_auth_octets)(keymat_v2_t *this, bool verify, chunk_t ike_sa_init,
-							chunk_t nonce, chunk_t ppk, identification_t *id,
-							char reserved[3], chunk_t *octets,
-							array_t *schemes);
+							chunk_t nonce, chunk_t int_auth, chunk_t ppk,
+							identification_t *id, char reserved[3],
+							chunk_t *octets, array_t *schemes);
+
 	/**
 	 * Build the shared secret signature used for PSK and EAP authentication.
 	 *
@@ -145,8 +147,9 @@ struct keymat_v2_t {
 	 * used as secret (used for EAP methods without MSK).
 	 *
 	 * @param verify		TRUE to create for verification, FALSE to sign
-	 * @param ike_sa_init	encoded ike_sa_init message
+	 * @param ike_sa_init	encoded IKE_SA_INIT message
 	 * @param nonce			nonce value
+	 * @param int_auth		concatenated data of IKE_INTERMEDIATE exchanges
 	 * @param secret		optional secret to include into signature
 	 * @param ppk			optional postquantum preshared key
 	 * @param id			identity
@@ -155,8 +158,9 @@ struct keymat_v2_t {
 	 * @return				TRUE if signature created successfully
 	 */
 	bool (*get_psk_sig)(keymat_v2_t *this, bool verify, chunk_t ike_sa_init,
-						chunk_t nonce, chunk_t secret, chunk_t ppk,
-						identification_t *id, char reserved[3], chunk_t *sig);
+						chunk_t nonce, chunk_t int_auth, chunk_t secret,
+						chunk_t ppk, identification_t *id, char reserved[3],
+						chunk_t *sig);
 
 	/**
 	 * Add a hash algorithm supported by the peer for signature authentication.