[Swan-dev] And then there were two (PRF implementations)

Andrew Cagney andrew.cagney at gmail.com
Tue Apr 28 19:40:56 EEST 2015

> hmac.c - used to authenticate packets sent across the wire (what else?)

Turns out that ikev1_quick.c uses it for one of those PRF+ like
calculations :-(

On my branch I've re-implemented hmac.c so that it is just a wrapper around

For reference we've the following hmac.c calls:

ikev1_main.c: I suspect integrity of a message

ikev1_quick.c: see "5.5 Phase 2 - Quick Mode" a whole pile of crypto
material based on prf()

ikev1_xauth.c: I suspect integrity of a message

ikev2_parent.c: integrity using prf(key, <data-for-wire>)

ikev2_psk.c: prf(prf(Shared Secret,"Key Pad for IKEv2"), <msg octets>)

It would be nice to eliminate the wrapper, but it just gets really
invasive.  I think a case-by-case driven by the need to secure more of the
keying material would be better.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan-dev/attachments/20150428/4b00f76a/attachment.html>

More information about the Swan-dev mailing list