void ikev2_responder_deinit(struct ikev2_responder_data *data) { ikev2_free_keys(&data->keys); wpabuf_free(data->i_dh_public); wpabuf_free(data->r_dh_private); os_free(data->IDi); os_free(data->IDr); os_free(data->shared_secret); wpabuf_free(data->i_sign_msg); wpabuf_free(data->r_sign_msg); os_free(data->key_pad); }
int ikev2_derive_sk_keys(const struct ikev2_prf_alg *prf, const struct ikev2_integ_alg *integ, const struct ikev2_encr_alg *encr, const u8 *skeyseed, const u8 *data, size_t data_len, struct ikev2_keys *keys) { u8 *keybuf, *pos; size_t keybuf_len; /* * {SK_d | SK_ai | SK_ar | SK_ei | SK_er | SK_pi | SK_pr } = * prf+(SKEYSEED, Ni | Nr | SPIi | SPIr ) */ ikev2_free_keys(keys); keys->SK_d_len = prf->key_len; keys->SK_integ_len = integ->key_len; keys->SK_encr_len = encr->key_len; keys->SK_prf_len = prf->key_len; keybuf_len = keys->SK_d_len + 2 * keys->SK_integ_len + 2 * keys->SK_encr_len + 2 * keys->SK_prf_len; keybuf = os_malloc(keybuf_len); if (keybuf == NULL) return -1; if (ikev2_prf_plus(prf->id, skeyseed, prf->hash_len, data, data_len, keybuf, keybuf_len)) { os_free(keybuf); return -1; } pos = keybuf; keys->SK_d = os_malloc(keys->SK_d_len); if (keys->SK_d) { os_memcpy(keys->SK_d, pos, keys->SK_d_len); wpa_hexdump_key(MSG_DEBUG, "IKEV2: SK_d", keys->SK_d, keys->SK_d_len); } pos += keys->SK_d_len; keys->SK_ai = os_malloc(keys->SK_integ_len); if (keys->SK_ai) { os_memcpy(keys->SK_ai, pos, keys->SK_integ_len); wpa_hexdump_key(MSG_DEBUG, "IKEV2: SK_ai", keys->SK_ai, keys->SK_integ_len); } pos += keys->SK_integ_len; keys->SK_ar = os_malloc(keys->SK_integ_len); if (keys->SK_ar) { os_memcpy(keys->SK_ar, pos, keys->SK_integ_len); wpa_hexdump_key(MSG_DEBUG, "IKEV2: SK_ar", keys->SK_ar, keys->SK_integ_len); } pos += keys->SK_integ_len; keys->SK_ei = os_malloc(keys->SK_encr_len); if (keys->SK_ei) { os_memcpy(keys->SK_ei, pos, keys->SK_encr_len); wpa_hexdump_key(MSG_DEBUG, "IKEV2: SK_ei", keys->SK_ei, keys->SK_encr_len); } pos += keys->SK_encr_len; keys->SK_er = os_malloc(keys->SK_encr_len); if (keys->SK_er) { os_memcpy(keys->SK_er, pos, keys->SK_encr_len); wpa_hexdump_key(MSG_DEBUG, "IKEV2: SK_er", keys->SK_er, keys->SK_encr_len); } pos += keys->SK_encr_len; keys->SK_pi = os_malloc(keys->SK_prf_len); if (keys->SK_pi) { os_memcpy(keys->SK_pi, pos, keys->SK_prf_len); wpa_hexdump_key(MSG_DEBUG, "IKEV2: SK_pi", keys->SK_pi, keys->SK_prf_len); } pos += keys->SK_prf_len; keys->SK_pr = os_malloc(keys->SK_prf_len); if (keys->SK_pr) { os_memcpy(keys->SK_pr, pos, keys->SK_prf_len); wpa_hexdump_key(MSG_DEBUG, "IKEV2: SK_pr", keys->SK_pr, keys->SK_prf_len); } os_free(keybuf); if (!ikev2_keys_set(keys)) { ikev2_free_keys(keys); return -1; } return 0; }