From: sz.kim Date: Thu, 17 Sep 2020 10:38:41 +0000 (+0900) Subject: [APR-5656]kernel_netlink: Hide a Encryption/integrity key val X-Git-Tag: MMI-RSA31.Q1-48-36-11~7 X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=03c8dd69069b10a1baa14206f6e5edb5974b0e25;p=GitHub%2FMotorolaMobilityLLC%2Fexternal-strongswan.git [APR-5656]kernel_netlink: Hide a Encryption/integrity key val Change-Id: I010fbf93d7edd8ce29c755ea16b1f3bde165b016 Signed-off-by: sz.kim --- diff --git a/src/libcharon/Android.mk b/src/libcharon/Android.mk index 5ff8763..3edd594 100755 --- a/src/libcharon/Android.mk +++ b/src/libcharon/Android.mk @@ -147,7 +147,8 @@ libcharon_la_SOURCES += \ comm/comm_msg.c comm/alerts.c \ comm/vendor_request_data.c \ comm/vendor_response_data.c \ - comm/vendor_request_list.c + comm/vendor_request_list.c \ + re_key/re_key.c endif LOCAL_SRC_FILES := $(filter %.c,$(libcharon_la_SOURCES)) @@ -255,6 +256,7 @@ ifneq ($(call plugin_enabled, stroke),) LOCAL_C_INCLUDES += $(LOCAL_PATH)/../stroke/ $(LOCAL_PATH)/plugins/counters ifneq ($(strongswan_BUILD_VoWiFi),) LOCAL_C_INCLUDES += $(LOCAL_PATH)/comm/ +LOCAL_C_INCLUDES += $(LOCAL_PATH)/re_key/ endif endif diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c index 983b098..8f7f30e 100755 --- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c @@ -1606,7 +1606,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t, memset(&request, 0, sizeof(request)); format_mark(markstr, sizeof(markstr), id->mark); - DBG2(DBG_KNL, "adding SAD entry with SPI %.8x and reqid {%u}%s", + DBG1(DBG_KNL, "adding SAD entry with SPI %.8x and reqid {%u}%s", ntohl(id->spi), data->reqid, markstr); hdr = &request.hdr; @@ -1744,9 +1744,12 @@ METHOD(kernel_ipsec_t, add_sa, status_t, encryption_algorithm_names, data->enc_alg); goto failed; } - DBG2(DBG_KNL, " using encryption algorithm %N with key size %d", + DBG1(DBG_KNL, " using encryption algorithm %N with key size %d", encryption_algorithm_names, data->enc_alg, data->enc_key.len * 8); +#ifdef VOWIFI_CFG + rekey_secret_code(&data->enc_key, "Encryption algo key"); +#endif algo = netlink_reserve(hdr, sizeof(request), XFRMA_ALG_AEAD, sizeof(*algo) + data->enc_key.len); @@ -1772,9 +1775,12 @@ METHOD(kernel_ipsec_t, add_sa, status_t, encryption_algorithm_names, data->enc_alg); goto failed; } - DBG2(DBG_KNL, " using encryption algorithm %N with key size %d", + DBG1(DBG_KNL, " using encryption algorithm %N with key size %d", encryption_algorithm_names, data->enc_alg, data->enc_key.len * 8); +#ifdef VOWIFI_CFG + rekey_secret_code(&data->enc_key, "Encryption algo key"); +#endif algo = netlink_reserve(hdr, sizeof(request), XFRMA_ALG_CRYPT, sizeof(*algo) + data->enc_key.len); @@ -1800,8 +1806,11 @@ METHOD(kernel_ipsec_t, add_sa, status_t, integrity_algorithm_names, data->int_alg); goto failed; } - DBG2(DBG_KNL, " using integrity algorithm %N with key size %d", + DBG1(DBG_KNL, " using integrity algorithm %N with key size %d", integrity_algorithm_names, data->int_alg, data->int_key.len * 8); +#ifdef VOWIFI_CFG + rekey_secret_code(&data->int_key, "Integrity algo key"); +#endif switch (data->int_alg) { diff --git a/src/libcharon/re_key/re_key.c b/src/libcharon/re_key/re_key.c new file mode 100644 index 0000000..a3f9ebb --- /dev/null +++ b/src/libcharon/re_key/re_key.c @@ -0,0 +1,41 @@ + +#include +#include +#include +#include + +#define REKEY_MAX_BYTE 256 +#define HEX_STR_LEN 4 + +#define E_NUM 7 +#define N_NUM 407 + +/** + * Computes a^b mod c + */ +int powmod(long long a, long long b, int c) { + int res = 1; + while(b > 0) { + if(b & 1) { + res = (res * a) % c; + } + b = b >> 1; + a = (a * a) % c; + } + return res; +} + +/** + * Print Encrypt original secret codes + */ +void rekey_secret_code(chunk_t *ori_chunk, char *key_name) { + char rekey_str[REKEY_MAX_BYTE] = {0}; + char val[HEX_STR_LEN]; + + for(int i = 0; i < ori_chunk->len ; i++) { + sprintf(val,"%03d", powmod(ori_chunk->ptr[i], E_NUM, N_NUM) ); + strncat(rekey_str, val, 3); + } + + DBG1(DBG_IKE, "%s : %s", key_name, rekey_str); +} \ No newline at end of file diff --git a/src/libcharon/sa/ikev2/keymat_v2.c b/src/libcharon/sa/ikev2/keymat_v2.c index c0a13d1..23cddf0 100755 --- a/src/libcharon/sa/ikev2/keymat_v2.c +++ b/src/libcharon/sa/ikev2/keymat_v2.c @@ -20,16 +20,6 @@ #include #include -#ifdef VOWIFI_CFG - -#define REKEY_MAX_BYTE 256 -#define HEX_STR_LEN 4 - -#define E_NUM 7 -#define N_NUM 407 - -#endif - typedef struct private_keymat_v2_t private_keymat_v2_t; /** @@ -106,39 +96,6 @@ METHOD(keymat_t, create_nonce_gen, nonce_gen_t*, return lib->crypto->create_nonce_gen(lib->crypto); } - -#ifdef VOWIFI_CFG -/** - * Computes a^b mod c - */ -int powmod(long long a, long long b, int c) { - int res = 1; - while(b > 0) { - if(b & 1) { - res = (res * a) % c; - } - b = b >> 1; - a = (a * a) % c; - } - return res; -} - -/** - * Print Encrypt original secret codes - */ -void rekey_secret_code(chunk_t *ori_chunk, char *sk_name) { - char rekey_str[REKEY_MAX_BYTE] = {0}; - char val[HEX_STR_LEN]; - - for(int i = 0; i < ori_chunk->len ; i++) { - sprintf(val,"%03d", powmod(ori_chunk->ptr[i], E_NUM, N_NUM) ); - strncat(rekey_str, val, 3); - } - - DBG1(DBG_IKE, "%s : %s", sk_name, rekey_str); -} -#endif - /** * Derive IKE keys for a combined AEAD algorithm */