Tree - source-git/libreswan - CentOS Git server

source-git / libreswan

Files

Commit: 03450116bd1c2dd6be89a0c3053b92d490b4387a

Blob Blame History Raw

 /* IKEv1 PRF specific operations, for libreswan
 *
 * Copyright (C) 2019 Andrew Cagney <cagney@gnu.org>
 * Copyright (C) 2020 Yulia Kuzovkova <ukuzovkova@gmail.com>
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2 of the License, or (at your
 * option) any later version.  See <https://www.gnu.org/licenses/gpl2.txt>.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * for more details.
 */
 
#ifndef IKE_ALG_PRF_IKEv2_OPS_H
#define IKE_ALG_PRF_IKEv2_OPS_H
 
#include "chunk.h"
#include "shunk.h"
#include "crypt_mac.h"
 
struct logger;
 
struct prf_ikev2_ops {
	const char *backend;
 
	/*
	 * IKEv2 - RFC4306 2.14 SKEYSEED - calculation.
	 */
	PK11SymKey *(*prfplus)(const struct prf_desc *prf_desc,
			       PK11SymKey *key, PK11SymKey *seed,
			       size_t required_keymat,
			       struct logger *logger);
	/* SKEYSEED = prf(Ni | Nr, g^ir) */
	PK11SymKey *(*ike_sa_skeyseed)(const struct prf_desc *prf_desc,
				       const chunk_t Ni, const chunk_t Nr,
				       PK11SymKey *dh_secret,
				       struct logger *logger);
	/* SKEYSEED = prf(SK_d (old), g^ir (new) | Ni | Nr) */
	PK11SymKey *(*ike_sa_rekey_skeyseed)(const struct prf_desc *prf_desc,
					     PK11SymKey *old_SK_d,
					     PK11SymKey *new_dh_secret,
					     const chunk_t Ni, const chunk_t Nr,
					     struct logger *logger);
	/* KEYMAT = prf+ (SKEYSEED, Ni | Nr | SPIi | SPIr) */
	PK11SymKey *(*ike_sa_keymat)(const struct prf_desc *prf_desc,
				     PK11SymKey *skeyseed,
				     const chunk_t Ni, const chunk_t Nr,
				     const shunk_t SPIi, const shunk_t SPIr,
				     size_t required_bytes,
				     struct logger *logger);
	/* KEYMAT = prf+(SK_d, [ g^ir (new) | ] Ni | Nr) */
	PK11SymKey *(*child_sa_keymat)(const struct prf_desc *prf_desc,
				       PK11SymKey *SK_d,
				       PK11SymKey *new_dh_secret,
				       const chunk_t Ni, const chunk_t Nr,
				       size_t required_bytes,
				       struct logger *logger);
	/* AUTH = prf( prf(Shared Secret, "Key Pad for IKEv2"), <{Initiator,Responder}SignedOctets>) */
	struct crypt_mac (*psk_auth)(const struct prf_desc *prf_desc, chunk_t pss,
				     chunk_t first_packet, chunk_t nonce,
				     const struct crypt_mac *id_hash,
				     struct logger *logger, bool use_intermediate, chunk_t intermediate_packet);
};
 
extern const struct prf_ikev2_ops ike_alg_prf_ikev2_mac_ops;
#ifdef USE_NSS_KDF
extern const struct prf_ikev2_ops ike_alg_prf_ikev2_nss_ops;
#endif
 
#endif

	/* IKEv1 PRF specific operations, for libreswan
	*
	* Copyright (C) 2019 Andrew Cagney <cagney@gnu.org>
	* Copyright (C) 2020 Yulia Kuzovkova <ukuzovkova@gmail.com>
	*
	* This program is free software; you can redistribute it and/or modify it
	* under the terms of the GNU General Public License as published by the
	* Free Software Foundation; either version 2 of the License, or (at your
	* option) any later version. See <https://www.gnu.org/licenses/gpl2.txt>.
	*
	* This program is distributed in the hope that it will be useful, but
	* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
	* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	* for more details.
	*/

	#ifndef IKE_ALG_PRF_IKEv2_OPS_H
	#define IKE_ALG_PRF_IKEv2_OPS_H

	#include "chunk.h"
	#include "shunk.h"
	#include "crypt_mac.h"

	struct logger;

	struct prf_ikev2_ops {
	const char *backend;

	/*
	* IKEv2 - RFC4306 2.14 SKEYSEED - calculation.
	*/
	PK11SymKey (prfplus)(const struct prf_desc *prf_desc,
	PK11SymKey key, PK11SymKey seed,
	size_t required_keymat,
	struct logger *logger);
	/* SKEYSEED = prf(Ni \| Nr, g^ir) */
	PK11SymKey (ike_sa_skeyseed)(const struct prf_desc *prf_desc,
	const chunk_t Ni, const chunk_t Nr,
	PK11SymKey *dh_secret,
	struct logger *logger);
	/* SKEYSEED = prf(SK_d (old), g^ir (new) \| Ni \| Nr) */
	PK11SymKey (ike_sa_rekey_skeyseed)(const struct prf_desc *prf_desc,
	PK11SymKey *old_SK_d,
	PK11SymKey *new_dh_secret,
	const chunk_t Ni, const chunk_t Nr,
	struct logger *logger);
	/* KEYMAT = prf+ (SKEYSEED, Ni \| Nr \| SPIi \| SPIr) */
	PK11SymKey (ike_sa_keymat)(const struct prf_desc *prf_desc,
	PK11SymKey *skeyseed,
	const chunk_t Ni, const chunk_t Nr,
	const shunk_t SPIi, const shunk_t SPIr,
	size_t required_bytes,
	struct logger *logger);
	/* KEYMAT = prf+(SK_d, [ g^ir (new) \| ] Ni \| Nr) */
	PK11SymKey (child_sa_keymat)(const struct prf_desc *prf_desc,
	PK11SymKey *SK_d,
	PK11SymKey *new_dh_secret,
	const chunk_t Ni, const chunk_t Nr,
	size_t required_bytes,
	struct logger *logger);
	/* AUTH = prf( prf(Shared Secret, "Key Pad for IKEv2"), <{Initiator,Responder}SignedOctets>) */
	struct crypt_mac (psk_auth)(const struct prf_desc prf_desc, chunk_t pss,
	chunk_t first_packet, chunk_t nonce,
	const struct crypt_mac *id_hash,
	struct logger *logger, bool use_intermediate, chunk_t intermediate_packet);
	};

	extern const struct prf_ikev2_ops ike_alg_prf_ikev2_mac_ops;
	#ifdef USE_NSS_KDF
	extern const struct prf_ikev2_ops ike_alg_prf_ikev2_nss_ops;
	#endif

	#endif

source-git / libreswan

Source Code

Files