From 37dbc87960252c905593760652a1915130e524ee Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Mon, 14 Mar 2022 16:56:32 +0100 Subject: [PATCH] crypto: Add new KDF type for IKEv2 PRFs --- src/libstrongswan/crypto/crypto_tester.c | 2 ++ src/libstrongswan/crypto/kdfs/kdf.c | 3 +++ src/libstrongswan/crypto/kdfs/kdf.h | 9 ++++++++- 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/src/libstrongswan/crypto/crypto_tester.c b/src/libstrongswan/crypto/crypto_tester.c index 3aad7773ad..0247ce6f63 100644 --- a/src/libstrongswan/crypto/crypto_tester.c +++ b/src/libstrongswan/crypto/crypto_tester.c @@ -1217,6 +1217,7 @@ static kdf_t *create_kdf_vector(kdf_constructor_t create, { switch (alg) { + case KDF_PRF: case KDF_PRF_PLUS: return create_kdf_args(create, alg, vector->arg.prf); case KDF_UNDEFINED: @@ -1235,6 +1236,7 @@ static bool kdf_vector_applies(key_derivation_function_t alg, switch (alg) { + case KDF_PRF: case KDF_PRF_PLUS: { pseudo_random_function_t prf; diff --git a/src/libstrongswan/crypto/kdfs/kdf.c b/src/libstrongswan/crypto/kdfs/kdf.c index f597629c67..f218013cb1 100644 --- a/src/libstrongswan/crypto/kdfs/kdf.c +++ b/src/libstrongswan/crypto/kdfs/kdf.c @@ -24,6 +24,7 @@ ENUM(key_derivation_function_names, KDF_UNDEFINED, KDF_PRF_PLUS, "KDF_UNDEFINED", + "KDF_PRF", "KDF_PRF_PLUS", ); @@ -34,6 +35,8 @@ bool kdf_has_fixed_output_length(key_derivation_function_t type) { switch (type) { + case KDF_PRF: + return TRUE; case KDF_PRF_PLUS: case KDF_UNDEFINED: break; diff --git a/src/libstrongswan/crypto/kdfs/kdf.h b/src/libstrongswan/crypto/kdfs/kdf.h index 2e741153e0..5e06d2a616 100644 --- a/src/libstrongswan/crypto/kdfs/kdf.h +++ b/src/libstrongswan/crypto/kdfs/kdf.h @@ -41,9 +41,16 @@ enum key_derivation_function_t { KDF_UNDEFINED, + /** + * RFC 7296 prf, expects a pseudo_random_function_t in the constructor, + * parameters are KEY (DH secret) and SALT (nonces). + * Has a fixed output length. + */ + KDF_PRF, + /** * RFC 7296 prf+, expects a pseudo_random_function_t in the constructor, - * parameters are KEY and SALT. + * parameters are KEY (SKEYSEED/SK_d) and SALT (nonces etc.). */ KDF_PRF_PLUS, }; -- 2.47.2