[Swan-dev] And then there were two (PRF implementations)
Paul Wouters
paul at nohats.ca
Wed Apr 29 02:31:29 EEST 2015
On Tue, 28 Apr 2015, Andrew Cagney wrote:
> > hmac.c - used to authenticate packets sent across the wire (what else?)
>
> Turns out that ikev1_quick.c uses it for one of those PRF+ like calculations :-(
>
> On my branch I've re-implemented hmac.c so that it is just a wrapper around crypt_prf.c.
I've tested it and the backport of it. Looks good. And it interops with Cisco :)
> For reference we've the following hmac.c calls:
>
> ikev1_main.c: I suspect integrity of a message
>
> ikev1_quick.c: see "5.5 Phase 2 - Quick Mode" a whole pile of crypto material based on prf()
>
> ikev1_xauth.c: I suspect integrity of a message
>
> ikev2_parent.c: integrity using prf(key, <data-for-wire>)
>
> ikev2_psk.c: prf(prf(Shared Secret,"Key Pad for IKEv2"), <msg octets>)
>
> It would be nice to eliminate the wrapper, but it just gets really invasive. I think a case-by-case driven by
> the need to secure more of the keying material would be better.
I think the wrapper is fine for now, and looks like less code
duplication compared to getting rid of it.
Thanks,
Paul
More information about the Swan-dev
mailing list