• Robert Relyea's avatar
    Bug 1682071 IKE Quick mode IPSEC give you incorrect keys if you are asking for... · a080484f
    Robert Relyea authored
    Bug 1682071 IKE Quick mode IPSEC give you incorrect keys if you are asking for keys smaller than the hash size.
    
    IKE Appendix B fixes.
    
    This patch fixes 2 problems.
    
        If you run either ike v1 App B or quick mode asking for a key with length
    
    mod macsize = 0, you will generate an extra block that's not used and
    overwrites the end of the buffer.
    
        If you use quick mode, the function incorrectly subsets the existing key
    
    rather than generating a new key. This is correct behavior for Appendix B,
    where appendix B is trying to take a generated key and create a new longer
    key (with no diversification, just transform the key into something that's
    longer), so if you ask for a key less than or equal to, then you want to just
    subset the original key. In quick mode you are taking a base key and creating
    a set of new keys based on additional data, so you want to subset the generated
    data. This patch only subsets the original key if you aren't doing quickmode.
    
    Full test vectors have now been added for all ike modes in this patch as well
    (previously we depended on the FIPS CAVS tests to test ike, which covers
    basic IKEv1, IKEv1_psk, and IKEv2 but not IKEv1 App B and IKE v1 Quick mode).
    
    Differential Revision: https://phabricator.services.mozilla.com/D99569
    a080484f
ike-sha512-vectors.h 7.62 KB