TL;DR: ikev2_calculate_ecdsa_hash, on request, can return a chunk to its caller. No caller makes such a request. Why?
Both ikev2_calculate_ecdsa_hash and ikev2_calculate_rsa_hash compute hashes and then either emit the hash in a payload or return it as a chunk. (This feels like an awkward combination. I separated these two functions of ikev2_create_psk_auth in d7b480e2290cf9cfe6dbca6d62bd1b90062f6a90.) But even odder: no caller of ikev2_calculate_ecdsa_hash asks to return the chunk. Why? There are two calls to ikev2_calculate_rsa_hash that do ask to return the chunk. Both are in ikev2_calc_no_ppk_auth. Should ikev2_calc_no_ppk_auth also call ikev2_calculate_ecdsa_hash? PPK signifies Post-quantum Preshared Keys. It sure would work better for me if it were named PQPSK. <https://datatracker.ietf.org/doc/draft-ietf-ipsecme-qr-ikev2> (PPK was the pistol that James Bond preferred. Walther Polizeipistole Kriminalmodell.) PPK allows for a fallback to non PPK. This is handled by an extra Notification payload with the hash, excluding the actual PQPSK material. Those N payloads are emitted by ikev2_calc_no_ppk_auth by using the chunk result of ikev2_calculate_rsa_hash. This draft says that the PRF must have a key size of 256 bits or larger but it doesn't seem to further constrain it. Informational references include <https://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml#ikev2-parameters-6> I'm guessing that any old IKEv2 auth method ought to work. So ECDSA ought to be included. But maybe I'm wrong. ikev2_calc_no_ppk_auth takes the chunk it gets from ikev2_calculate_rsa_hash, sometimes prepends an ASN.1 blob, and returns the resulting chunk to its caller. If AUTH_PSK is used, it instead generates the chunk by calling ikev2_create_psk_auth. (Something I care about, but isn't the subject of this note: each of these chunks has a small bound on its size and could be stored in an auto buffer instead of the heap. This would be an improvement.) The only use of ikev2_calc_no_ppk_auth is a single call that deposits the chunk in &pst->st_no_ppk_auth. BUG: that call does not check if the result was failure. I'll fix that. PS: it would be nice if comments helped me reverse engineer this code. _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
