static int ikev2_derive_keys(struct ikev2_responder_data *data) { u8 *buf, *pos, *pad, skeyseed[IKEV2_MAX_HASH_LEN]; size_t buf_len, pad_len; struct wpabuf *shared; const struct ikev2_integ_alg *integ; const struct ikev2_prf_alg *prf; const struct ikev2_encr_alg *encr; int ret; const u8 *addr[2]; size_t len[2]; /* RFC 4306, Sect. 2.14 */ integ = ikev2_get_integ(data->proposal.integ); prf = ikev2_get_prf(data->proposal.prf); encr = ikev2_get_encr(data->proposal.encr); if (integ == NULL || prf == NULL || encr == NULL) { wpa_printf(MSG_INFO, "IKEV2: Unsupported proposal"); return -1; } shared = dh_derive_shared(data->i_dh_public, data->r_dh_private, data->dh); if (shared == NULL) return -1; /* Construct Ni | Nr | SPIi | SPIr */ buf_len = data->i_nonce_len + data->r_nonce_len + 2 * IKEV2_SPI_LEN; buf = os_malloc(buf_len); if (buf == NULL) { wpabuf_free(shared); return -1; } pos = buf; os_memcpy(pos, data->i_nonce, data->i_nonce_len); pos += data->i_nonce_len; os_memcpy(pos, data->r_nonce, data->r_nonce_len); pos += data->r_nonce_len; os_memcpy(pos, data->i_spi, IKEV2_SPI_LEN); pos += IKEV2_SPI_LEN; os_memcpy(pos, data->r_spi, IKEV2_SPI_LEN); #ifdef CCNS_PL #if __BYTE_ORDER == __LITTLE_ENDIAN { int i; u8 *tmp = pos - IKEV2_SPI_LEN; /* Incorrect byte re-ordering on little endian hosts.. */ for (i = 0; i < IKEV2_SPI_LEN; i++) *tmp++ = data->i_spi[IKEV2_SPI_LEN - 1 - i]; for (i = 0; i < IKEV2_SPI_LEN; i++) *tmp++ = data->r_spi[IKEV2_SPI_LEN - 1 - i]; } #endif #endif /* CCNS_PL */ /* SKEYSEED = prf(Ni | Nr, g^ir) */ /* Use zero-padding per RFC 4306, Sect. 2.14 */ pad_len = data->dh->prime_len - wpabuf_len(shared); #ifdef CCNS_PL /* Shared secret is not zero-padded correctly */ pad_len = 0; #endif /* CCNS_PL */ pad = os_zalloc(pad_len ? pad_len : 1); if (pad == NULL) { wpabuf_free(shared); os_free(buf); return -1; } addr[0] = pad; len[0] = pad_len; addr[1] = wpabuf_head(shared); len[1] = wpabuf_len(shared); if (ikev2_prf_hash(prf->id, buf, data->i_nonce_len + data->r_nonce_len, 2, addr, len, skeyseed) < 0) { wpabuf_free(shared); os_free(buf); os_free(pad); return -1; } os_free(pad); wpabuf_free(shared); /* DH parameters are not needed anymore, so free them */ wpabuf_free(data->i_dh_public); data->i_dh_public = NULL; wpabuf_free(data->r_dh_private); data->r_dh_private = NULL; wpa_hexdump_key(MSG_DEBUG, "IKEV2: SKEYSEED", skeyseed, prf->hash_len); ret = ikev2_derive_sk_keys(prf, integ, encr, skeyseed, buf, buf_len, &data->keys); os_free(buf); return ret; }
static int ikev2_derive_keys(struct ikev2_initiator_data *data) { u8 *buf, *pos, *pad, skeyseed[IKEV2_MAX_HASH_LEN]; size_t buf_len, pad_len; struct wpabuf *shared; const struct ikev2_integ_alg *integ; const struct ikev2_prf_alg *prf; const struct ikev2_encr_alg *encr; int ret; const u8 *addr[2]; size_t len[2]; /* RFC 4306, Sect. 2.14 */ integ = ikev2_get_integ(data->proposal.integ); prf = ikev2_get_prf(data->proposal.prf); encr = ikev2_get_encr(data->proposal.encr); if (integ == NULL || prf == NULL || encr == NULL) { asd_printf(ASD_DEFAULT,MSG_DEBUG, "IKEV2: Unsupported proposal"); return -1; } shared = dh_derive_shared(data->r_dh_public, data->i_dh_private, data->dh); if (shared == NULL) return -1; /* Construct Ni | Nr | SPIi | SPIr */ buf_len = data->i_nonce_len + data->r_nonce_len + 2 * IKEV2_SPI_LEN; buf = os_zalloc(buf_len); if (buf == NULL) { wpabuf_free(shared); return -1; } pos = buf; os_memcpy(pos, data->i_nonce, data->i_nonce_len); pos += data->i_nonce_len; os_memcpy(pos, data->r_nonce, data->r_nonce_len); pos += data->r_nonce_len; os_memcpy(pos, data->i_spi, IKEV2_SPI_LEN); pos += IKEV2_SPI_LEN; os_memcpy(pos, data->r_spi, IKEV2_SPI_LEN); /* SKEYSEED = prf(Ni | Nr, g^ir) */ /* Use zero-padding per RFC 4306, Sect. 2.14 */ pad_len = data->dh->prime_len - wpabuf_len(shared); pad = os_zalloc(pad_len ? pad_len : 1); if (pad == NULL) { wpabuf_free(shared); os_free(buf); return -1; } addr[0] = pad; len[0] = pad_len; addr[1] = wpabuf_head(shared); len[1] = wpabuf_len(shared); if (ikev2_prf_hash(prf->id, buf, data->i_nonce_len + data->r_nonce_len, 2, addr, len, skeyseed) < 0) { wpabuf_free(shared); os_free(buf); os_free(pad); return -1; } os_free(pad); wpabuf_free(shared); /* DH parameters are not needed anymore, so free them */ wpabuf_free(data->r_dh_public); data->r_dh_public = NULL; wpabuf_free(data->i_dh_private); data->i_dh_private = NULL; wpa_hexdump_key(MSG_DEBUG, "IKEV2: SKEYSEED", skeyseed, prf->hash_len); ret = ikev2_derive_sk_keys(prf, integ, encr, skeyseed, buf, buf_len, &data->keys); os_free(buf); return ret; }