From: Seongsik Kim Date: Wed, 19 Aug 2020 05:46:31 +0000 (+0900) Subject: Hide the orGin session key value. X-Git-Tag: MMI-RSA31.Q1-48-36-11~13 X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=3c46495d50f6c633797f4b2e241123b0f4dbeb46;p=GitHub%2FMotorolaMobilityLLC%2Fexternal-strongswan.git Hide the orGin session key value. [Problem]: There is a security risk due to the oriGinal session key code displayed through the debug message. [Solution]: Encrypted the oriGinal session key by using a public key. Change-Id: I2ff5557fa751bf5b5c067a57f45a87759a599390 Signed-off-by: Seongsik Kim --- diff --git a/src/libcharon/sa/ikev2/keymat_v2.c b/src/libcharon/sa/ikev2/keymat_v2.c index 07af4a7..c0a13d1 100755 --- a/src/libcharon/sa/ikev2/keymat_v2.c +++ b/src/libcharon/sa/ikev2/keymat_v2.c @@ -20,6 +20,16 @@ #include #include +#ifdef VOWIFI_CFG + +#define REKEY_MAX_BYTE 256 +#define HEX_STR_LEN 4 + +#define E_NUM 7 +#define N_NUM 407 + +#endif + typedef struct private_keymat_v2_t private_keymat_v2_t; /** @@ -96,6 +106,39 @@ METHOD(keymat_t, create_nonce_gen, nonce_gen_t*, return lib->crypto->create_nonce_gen(lib->crypto); } + +#ifdef VOWIFI_CFG +/** + * Computes a^b mod c + */ +int powmod(long long a, long long b, int c) { + int res = 1; + while(b > 0) { + if(b & 1) { + res = (res * a) % c; + } + b = b >> 1; + a = (a * a) % c; + } + return res; +} + +/** + * Print Encrypt original secret codes + */ +void rekey_secret_code(chunk_t *ori_chunk, char *sk_name) { + char rekey_str[REKEY_MAX_BYTE] = {0}; + char val[HEX_STR_LEN]; + + for(int i = 0; i < ori_chunk->len ; i++) { + sprintf(val,"%03d", powmod(ori_chunk->ptr[i], E_NUM, N_NUM) ); + strncat(rekey_str, val, 3); + } + + DBG1(DBG_IKE, "%s : %s", sk_name, rekey_str); +} +#endif + /** * Derive IKE keys for a combined AEAD algorithm */ @@ -151,7 +194,7 @@ static bool derive_ike_aead(private_keymat_v2_t *this, uint16_t alg, goto failure; } #ifdef VOWIFI_CFG - DBG1(DBG_IKE, "Sk_ei secret %B", &sk_ei); + rekey_secret_code(&sk_ei, "Sk_ei"); #else DBG4(DBG_IKE, "Sk_ei secret %B", &sk_ei); #endif @@ -165,7 +208,7 @@ static bool derive_ike_aead(private_keymat_v2_t *this, uint16_t alg, goto failure; } #ifdef VOWIFI_CFG - DBG1(DBG_IKE, "Sk_er secret %B", &sk_er); + rekey_secret_code(&sk_er, "Sk_er"); #else DBG4(DBG_IKE, "Sk_er secret %B", &sk_er); #endif @@ -236,7 +279,7 @@ static bool derive_ike_traditional(private_keymat_v2_t *this, uint16_t enc_alg, goto failure; } #ifdef VOWIFI_CFG - DBG1(DBG_IKE, "Sk_ai secret %B", &sk_ai); + rekey_secret_code(&sk_ai, "Sk_ai"); #else DBG4(DBG_IKE, "Sk_ai secret %B", &sk_ai); #endif @@ -250,7 +293,7 @@ static bool derive_ike_traditional(private_keymat_v2_t *this, uint16_t enc_alg, goto failure; } #ifdef VOWIFI_CFG - DBG1(DBG_IKE, "Sk_ar secret %B", &sk_ar); + rekey_secret_code(&sk_ar, "Sk_ar"); #else DBG4(DBG_IKE, "Sk_ar secret %B", &sk_ar); #endif @@ -267,7 +310,7 @@ static bool derive_ike_traditional(private_keymat_v2_t *this, uint16_t enc_alg, goto failure; } #ifdef VOWIFI_CFG - DBG1(DBG_IKE, "Sk_ei secret %B", &sk_ei); + rekey_secret_code(&sk_ei, "Sk_ei"); #else DBG4(DBG_IKE, "Sk_ei secret %B", &sk_ei); #endif @@ -281,7 +324,7 @@ static bool derive_ike_traditional(private_keymat_v2_t *this, uint16_t enc_alg, goto failure; } #ifdef VOWIFI_CFG - DBG1(DBG_IKE, "Sk_er secret %B", &sk_er); + rekey_secret_code(&sk_er, "Sk_er"); #else DBG4(DBG_IKE, "Sk_er secret %B", &sk_er); #endif @@ -448,7 +491,7 @@ METHOD(keymat_v2_t, derive_ike_keys, bool, goto failure; } #ifdef VOWIFI_CFG - DBG1(DBG_IKE, "Sk_d secret %B", &this->skd); + rekey_secret_code(&this->skd, "Sk_d"); #else DBG4(DBG_IKE, "Sk_d secret %B", &this->skd); #endif @@ -489,7 +532,7 @@ METHOD(keymat_v2_t, derive_ike_keys, bool, goto failure; } #ifdef VOWIFI_CFG - DBG1(DBG_IKE, "Sk_pi secret %B", &key); + rekey_secret_code(&key, "Sk_pi"); #else DBG4(DBG_IKE, "Sk_pi secret %B", &key); #endif @@ -506,7 +549,7 @@ METHOD(keymat_v2_t, derive_ike_keys, bool, goto failure; } #ifdef VOWIFI_CFG - DBG1(DBG_IKE, "Sk_pr secret %B", &key); + rekey_secret_code(&key, "Sk_pr"); #else DBG4(DBG_IKE, "Sk_pr secret %B", &key); #endif