<div dir="ltr">> hmac.c - used to authenticate packets sent across the wire (what else?)<br><div class="gmail_extra"><div class="gmail_quote"><span>
<br></span></div><div class="gmail_quote"><span>Turns out that ikev1_quick.c uses it for one of those PRF+ like calculations :-(<br><br></span></div><div class="gmail_quote"><span>On my branch I've re-implemented hmac.c so that it is just a wrapper around crypt_prf.c.<br><br></span></div><div class="gmail_quote"><span>For reference we've the following hmac.c calls:<br><br>ikev1_main.c: I suspect integrity of a message<br><br></span></div><div class="gmail_quote"><span>ikev1_quick.c: see "5.5 Phase 2 - Quick Mode" a whole pile of crypto material based on prf()<br><br></span></div><div class="gmail_quote"><span>ikev1_xauth.c: I suspect integrity of a message<br></span></div><div class="gmail_quote"><span><br></span></div><div class="gmail_quote"><span>ikev2_parent.c: integrity using prf(key, <data-for-wire>)<br><br></span></div><div class="gmail_quote"><span>ikev2_psk.c: prf(prf(Shared Secret,"Key Pad for IKEv2"), <msg octets>)<br><br></span></div><div class="gmail_quote">It would be nice to eliminate the wrapper, but it just gets really invasive. I think a case-by-case driven by the need to secure more of the keying material would be better.<br></div><div class="gmail_quote"><span></span></div></div></div>