From 9dbc133bc9d2af2c143d8a29c22ce67349121d97 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Fri, 20 Jul 2018 16:02:19 +0200 Subject: [PATCH] oqs: Allow different paths to generate/encapsulate the shared secret This way we don't have to generate the QSKE payload before we can query the shared secret. --- src/libstrongswan/plugins/oqs/oqs_qske.c | 51 ++++++++++++++---------- 1 file changed, 30 insertions(+), 21 deletions(-) diff --git a/src/libstrongswan/plugins/oqs/oqs_qske.c b/src/libstrongswan/plugins/oqs/oqs_qske.c index 725630bcf6..b30239afa7 100644 --- a/src/libstrongswan/plugins/oqs/oqs_qske.c +++ b/src/libstrongswan/plugins/oqs/oqs_qske.c @@ -89,30 +89,39 @@ METHOD(qske_t, get_public_key, bool, return TRUE; } -METHOD(qske_t, get_ciphertext, bool, - private_oqs_qske_t *this, chunk_t *value) +/** + * Generate the shared secret and encrypt it with the configured public key + */ +static bool encaps_shared_secret(private_oqs_qske_t *this) { OQS_STATUS rc; - if (!this->ciphertext) + if (!this->public_key) { - if (!this->public_key) - { - DBG1(DBG_LIB, "no public key available for %N encapsulation", - qske_mechanism_names, this->qske_mechanism); - return FALSE; - } - this->ciphertext = malloc(this->kem->length_ciphertext); - this->shared_secret = malloc(this->kem->length_shared_secret); - memset(this->shared_secret, 0x00, this->kem->length_shared_secret); - rc = OQS_KEM_encaps(this->kem, this->ciphertext, this->shared_secret, - this->public_key); - if (rc != OQS_SUCCESS) - { - DBG1(DBG_LIB, "%N encapsulation failed", - qske_mechanism_names, this->qske_mechanism); - return FALSE; - } + DBG1(DBG_LIB, "no public key available for %N encapsulation", + qske_mechanism_names, this->qske_mechanism); + return FALSE; + } + this->ciphertext = malloc(this->kem->length_ciphertext); + this->shared_secret = malloc(this->kem->length_shared_secret); + memset(this->shared_secret, 0x00, this->kem->length_shared_secret); + rc = OQS_KEM_encaps(this->kem, this->ciphertext, this->shared_secret, + this->public_key); + if (rc != OQS_SUCCESS) + { + DBG1(DBG_LIB, "%N encapsulation failed", + qske_mechanism_names, this->qske_mechanism); + return FALSE; + } + return TRUE; +} + +METHOD(qske_t, get_ciphertext, bool, + private_oqs_qske_t *this, chunk_t *value) +{ + if (!this->ciphertext && !encaps_shared_secret(this)) + { + return FALSE; } *value = chunk_clone(chunk_create(this->ciphertext, this->kem->length_ciphertext)); @@ -122,7 +131,7 @@ METHOD(qske_t, get_ciphertext, bool, METHOD(qske_t, get_shared_secret, bool, private_oqs_qske_t *this, chunk_t *secret) { - if (!this->shared_secret) + if (!this->shared_secret && !encaps_shared_secret(this)) { return FALSE; } -- 2.47.2