Add a return value to simaka_crypto_t.derive_keys_*()
authorMartin Willi <martin@revosec.ch>
Fri, 6 Jul 2012 06:57:18 +0000 (08:57 +0200)
committerMartin Willi <martin@revosec.ch>
Mon, 16 Jul 2012 12:53:33 +0000 (14:53 +0200)
src/libcharon/plugins/eap_aka/eap_aka_peer.c
src/libcharon/plugins/eap_aka/eap_aka_server.c
src/libcharon/plugins/eap_sim/eap_sim_peer.c
src/libcharon/plugins/eap_sim/eap_sim_server.c
src/libsimaka/simaka_crypto.c
src/libsimaka/simaka_crypto.h

index 8a5fbe6..810a19c 100644 (file)
@@ -290,10 +290,13 @@ static status_t process_challenge(private_eap_aka_peer_t *this,
        }
        data = chunk_cata("cc", chunk_create(ik, AKA_IK_LEN),
                                          chunk_create(ck, AKA_CK_LEN));
-       free(this->msk.ptr);
-       this->msk = this->crypto->derive_keys_full(this->crypto, id, data, &mk);
+       chunk_clear(&this->msk);
+       if (!this->crypto->derive_keys_full(this->crypto, id, data, &mk, &this->msk))
+       {
+               return FAILED;
+       }
        memcpy(this->mk, mk.ptr, mk.len);
-       free(mk.ptr);
+       chunk_clear(&mk);
 
        /* Verify AT_MAC attribute and parse() again after key derivation,
         * reading encrypted attributes */
@@ -373,8 +376,11 @@ static status_t process_reauthentication(private_eap_aka_peer_t *this,
                return NEED_MORE;
        }
 
-       this->crypto->derive_keys_reauth(this->crypto,
-                                                                        chunk_create(this->mk, HASH_SIZE_SHA1));
+       if (!this->crypto->derive_keys_reauth(this->crypto,
+                                                               chunk_create(this->mk, HASH_SIZE_SHA1)))
+       {
+               return FAILED;
+       }
 
        /* verify MAC and parse again with decryption key */
        if (!in->verify(in, chunk_empty) || !in->parse(in))
@@ -434,10 +440,14 @@ static status_t process_reauthentication(private_eap_aka_peer_t *this,
        }
        else
        {
-               free(this->msk.ptr);
-               this->msk = this->crypto->derive_keys_reauth_msk(this->crypto,
-                                                                               this->reauth, counter, nonce,
-                                                                               chunk_create(this->mk, HASH_SIZE_SHA1));
+               chunk_clear(&this->msk);
+               if (!this->crypto->derive_keys_reauth_msk(this->crypto,
+                                               this->reauth, counter, nonce,
+                                               chunk_create(this->mk, HASH_SIZE_SHA1), &this->msk))
+               {
+                       message->destroy(message);
+                       return FAILED;
+               }
                if (id.len)
                {
                        identification_t *reauth;
index ac4cd15..5ad077d 100644 (file)
@@ -199,8 +199,11 @@ static status_t challenge(private_eap_aka_server_t *this, eap_payload_t **out)
        }
        data = chunk_cata("cc", chunk_create(ik, AKA_IK_LEN),
                                          chunk_create(ck, AKA_CK_LEN));
-       free(this->msk.ptr);
-       this->msk = this->crypto->derive_keys_full(this->crypto, id, data, &mk);
+       chunk_clear(&this->msk);
+       if (!this->crypto->derive_keys_full(this->crypto, id, data, &mk, &this->msk))
+       {
+               return FAILED;
+       }
        this->rand = chunk_clone(chunk_create(rand, AKA_RAND_LEN));
        this->xres = chunk_clone(chunk_create(xres, xres_len));
 
@@ -252,9 +255,12 @@ static status_t reauthenticate(private_eap_aka_server_t *this,
        counter = htons(counter);
        this->counter = chunk_clone(chunk_create((char*)&counter, sizeof(counter)));
 
-       this->crypto->derive_keys_reauth(this->crypto, mkc);
-       this->msk = this->crypto->derive_keys_reauth_msk(this->crypto,
-                                                               this->reauth, this->counter, this->nonce, mkc);
+       if (!this->crypto->derive_keys_reauth(this->crypto, mkc) ||
+               !this->crypto->derive_keys_reauth_msk(this->crypto,
+                                       this->reauth, this->counter, this->nonce, mkc, &this->msk))
+       {
+               return FAILED;
+       }
 
        message = simaka_message_create(TRUE, this->identifier++, EAP_AKA,
                                                                        AKA_REAUTHENTICATION, this->crypto);
index f0a4825..479fb95 100644 (file)
@@ -344,10 +344,13 @@ static status_t process_challenge(private_eap_sim_peer_t *this,
                id = this->pseudonym;
        }
        data = chunk_cata("cccc", kcs, this->nonce, this->version_list, version);
-       free(this->msk.ptr);
-       this->msk = this->crypto->derive_keys_full(this->crypto, id, data, &mk);
+       chunk_clear(&this->msk);
+       if (!this->crypto->derive_keys_full(this->crypto, id, data, &mk, &this->msk))
+       {
+               return FAILED;
+       }
        memcpy(this->mk, mk.ptr, mk.len);
-       free(mk.ptr);
+       chunk_clear(&mk);
 
        /* Verify AT_MAC attribute, signature is over "EAP packet | NONCE_MT", and
         * parse() again after key derivation, reading encrypted attributes */
@@ -427,8 +430,11 @@ static status_t process_reauthentication(private_eap_sim_peer_t *this,
                return NEED_MORE;
        }
 
-       this->crypto->derive_keys_reauth(this->crypto,
-                                                                        chunk_create(this->mk, HASH_SIZE_SHA1));
+       if (!this->crypto->derive_keys_reauth(this->crypto,
+                                                                       chunk_create(this->mk, HASH_SIZE_SHA1)))
+       {
+               return FAILED;
+       }
 
        /* verify MAC and parse again with decryption key */
        if (!in->verify(in, chunk_empty) || !in->parse(in))
@@ -488,10 +494,14 @@ static status_t process_reauthentication(private_eap_sim_peer_t *this,
        }
        else
        {
-               free(this->msk.ptr);
-               this->msk = this->crypto->derive_keys_reauth_msk(this->crypto,
-                                                                               this->reauth, counter, nonce,
-                                                                               chunk_create(this->mk, HASH_SIZE_SHA1));
+               chunk_clear(&this->msk);
+               if (!this->crypto->derive_keys_reauth_msk(this->crypto,
+                                               this->reauth, counter, nonce,
+                                               chunk_create(this->mk, HASH_SIZE_SHA1), &this->msk))
+               {
+                       message->destroy(message);
+                       return FAILED;
+               }
                if (id.len)
                {
                        identification_t *reauth;
index a88ce57..fd4f4c0 100644 (file)
@@ -180,9 +180,12 @@ static status_t reauthenticate(private_eap_sim_server_t *this,
        counter = htons(counter);
        this->counter = chunk_clone(chunk_create((char*)&counter, sizeof(counter)));
 
-       this->crypto->derive_keys_reauth(this->crypto, mkc);
-       this->msk = this->crypto->derive_keys_reauth_msk(this->crypto,
-                                                               this->reauth, this->counter, this->nonce, mkc);
+       if (!this->crypto->derive_keys_reauth(this->crypto, mkc) ||
+               !this->crypto->derive_keys_reauth_msk(this->crypto,
+                                       this->reauth, this->counter, this->nonce, mkc, &this->msk))
+       {
+               return FAILED;
+       }
 
        message = simaka_message_create(TRUE, this->identifier++, EAP_SIM,
                                                                        SIM_REAUTHENTICATION, this->crypto);
@@ -406,7 +409,10 @@ static status_t process_start(private_eap_sim_server_t *this,
        {
                id = this->pseudonym;
        }
-       this->msk = this->crypto->derive_keys_full(this->crypto, id, data, &mk);
+       if (!this->crypto->derive_keys_full(this->crypto, id, data, &mk, &this->msk))
+       {
+               return FAILED;
+       }
 
        /* build response with AT_MAC, built over "EAP packet | NONCE_MT" */
        message = simaka_message_create(TRUE, this->identifier++, EAP_SIM,
index 4819d1b..f6b177d 100644 (file)
@@ -115,11 +115,11 @@ static void call_hook(private_simaka_crypto_t *this, chunk_t encr, chunk_t auth)
        mgr->key_hook(mgr, encr, auth);
 }
 
-METHOD(simaka_crypto_t, derive_keys_full, chunk_t,
+METHOD(simaka_crypto_t, derive_keys_full, bool,
        private_simaka_crypto_t *this, identification_t *id,
-       chunk_t data, chunk_t *mk)
+       chunk_t data, chunk_t *mk, chunk_t *msk)
 {
-       chunk_t str, msk, k_encr, k_auth;
+       chunk_t str, k_encr, k_auth;
        int i;
 
        /* For SIM: MK = SHA1(Identity|n*Kc|NONCE_MT|Version List|Selected Version)
@@ -138,19 +138,20 @@ METHOD(simaka_crypto_t, derive_keys_full, chunk_t,
 
        k_encr = chunk_create(str.ptr, KENCR_LEN);
        k_auth = chunk_create(str.ptr + KENCR_LEN, KAUTH_LEN);
-       msk = chunk_create(str.ptr + KENCR_LEN + KAUTH_LEN, MSK_LEN);
        DBG3(DBG_LIB, "K_encr %B\nK_auth %B\nMSK %B", &k_encr, &k_auth, &msk);
 
        this->signer->set_key(this->signer, k_auth);
        this->crypter->set_key(this->crypter, k_encr);
 
+       *msk = chunk_create(str.ptr + KENCR_LEN + KAUTH_LEN, MSK_LEN);
+
        call_hook(this, k_encr, k_auth);
 
        this->derived = TRUE;
-       return chunk_clone(msk);
+       return TRUE;
 }
 
-METHOD(simaka_crypto_t, derive_keys_reauth, void,
+METHOD(simaka_crypto_t, derive_keys_reauth, bool,
        private_simaka_crypto_t *this, chunk_t mk)
 {
        chunk_t str, k_encr, k_auth;
@@ -173,14 +174,15 @@ METHOD(simaka_crypto_t, derive_keys_reauth, void,
        call_hook(this, k_encr, k_auth);
 
        this->derived = TRUE;
+       return TRUE;
 }
 
-METHOD(simaka_crypto_t, derive_keys_reauth_msk, chunk_t,
+METHOD(simaka_crypto_t, derive_keys_reauth_msk, bool,
        private_simaka_crypto_t *this, identification_t *id, chunk_t counter,
-       chunk_t nonce_s, chunk_t mk)
+       chunk_t nonce_s, chunk_t mk, chunk_t *msk)
 {
        char xkey[HASH_SIZE_SHA1];
-       chunk_t str, msk;
+       chunk_t str;
        int i;
 
        this->hasher->get_hash(this->hasher, id->get_encoding(id), NULL);
@@ -195,10 +197,10 @@ METHOD(simaka_crypto_t, derive_keys_reauth_msk, chunk_t,
        {
                this->prf->get_bytes(this->prf, chunk_empty, str.ptr + str.len / 2 * i);
        }
-       msk = chunk_create(str.ptr, MSK_LEN);
-       DBG3(DBG_LIB, "MSK %B", &msk);
+       *msk = chunk_create(str.ptr, MSK_LEN);
+       DBG3(DBG_LIB, "MSK %B", msk);
 
-       return chunk_clone(msk);
+       return TRUE;
 }
 
 METHOD(simaka_crypto_t, clear_keys, void,
index d1830e6..c077558 100644 (file)
@@ -62,10 +62,11 @@ struct simaka_crypto_t {
         * @param id    peer identity
         * @param data  method specific data
         * @param mk    chunk receiving allocated master key MK
-        * @return              allocated MSK value
+        * @param msk   chunk receiving allocated MSK
+        * @return              TRUE if keys allocated and derived successfully
         */
-       chunk_t (*derive_keys_full)(simaka_crypto_t *this, identification_t *id,
-                                                               chunk_t data, chunk_t *mk);
+       bool (*derive_keys_full)(simaka_crypto_t *this, identification_t *id,
+                                                        chunk_t data, chunk_t *mk, chunk_t *msk);
 
        /**
         * Derive k_encr/k_auth keys from MK using fast reauthentication.
@@ -74,8 +75,9 @@ struct simaka_crypto_t {
         * internal crypter/signer instances.
         *
         * @param mk    master key
+        * @return              TRUE if keys derived successfully
         */
-       void (*derive_keys_reauth)(simaka_crypto_t *this, chunk_t mk);
+       bool (*derive_keys_reauth)(simaka_crypto_t *this, chunk_t mk);
 
        /**
         * Derive MSK using fast reauthentication.
@@ -84,10 +86,12 @@ struct simaka_crypto_t {
         * @param counter       fast reauthentication counter value, network order
         * @param nonce_s       server generated NONCE_S value
         * @param mk            master key of last full authentication
+        * @param msk           chunk receiving allocated MSK
+        * @return                      TRUE if MSK allocated and derived successfully
         */
-       chunk_t (*derive_keys_reauth_msk)(simaka_crypto_t *this,
-                                                                         identification_t *id, chunk_t counter,
-                                                                         chunk_t nonce_s, chunk_t mk);
+       bool (*derive_keys_reauth_msk)(simaka_crypto_t *this,
+                                                                  identification_t *id, chunk_t counter,
+                                                                  chunk_t nonce_s, chunk_t mk, chunk_t *msk);
 
        /**
         * Clear keys (partially) derived.