diff -urNp openswan-2.6.32-patched/programs/pluto/crypt_dh.c openswan-2.6.32-current/programs/pluto/crypt_dh.c --- openswan-2.6.32-patched/programs/pluto/crypt_dh.c 2012-01-31 13:03:14.082405478 -0500 +++ openswan-2.6.32-current/programs/pluto/crypt_dh.c 2012-01-31 13:09:57.119602991 -0500 @@ -123,6 +123,7 @@ calc_dh_shared(chunk_t *shared, const ch PK11SymKey *dhshared; PRArenaPool *arena; SECStatus status; + unsigned int dhshared_len; memcpy(&local_pubk,pubk.ptr,pubk.len); memcpy(&privk,secret.ptr,secret.len); @@ -161,6 +162,31 @@ calc_dh_shared(chunk_t *shared, const ch , CKA_DERIVE, group->bytes , osw_return_nss_password_file_info()); PR_ASSERT(dhshared!=NULL); + + dhshared_len = PK11_GetKeyLength(dhshared); + if( group->bytes > dhshared_len ) { + DBG(DBG_CRYPT, DBG_log("Dropped %d leading zeros", group->bytes-dhshared_len)); + chunk_t zeros; + PK11SymKey *newdhshared = NULL; + CK_KEY_DERIVATION_STRING_DATA string_params; + SECItem params; + + zeros = hmac_pads(0x00, group->bytes-dhshared_len); + params.data = (unsigned char *)&string_params; + params.len = sizeof(string_params); + string_params.pData = zeros.ptr; + string_params.ulLen = zeros.len; + + newdhshared = PK11_Derive(dhshared, CKM_CONCATENATE_DATA_AND_BASE, ¶ms, CKM_CONCATENATE_DATA_AND_BASE, CKA_DERIVE, 0); + PR_ASSERT(newdhshared!=NULL); + PK11_FreeSymKey(dhshared); + dhshared = newdhshared; + freeanychunk(zeros); + } else { + DBG(DBG_CRYPT, DBG_log("Dropped no leading zeros %d", dhshared_len)); + } + + //nss_symkey_log(dhshared, "dhshared"); shared->len=sizeof(PK11SymKey *); shared->ptr = alloc_bytes(shared->len, "calculated shared secret"); @@ -495,6 +521,7 @@ calc_skeyids_iv(struct pcr_skeyid_q *skq #ifdef HAVE_LIBNSS memcpy(&shared,shared_chunk.ptr, shared_chunk.len); + //nss_symkey_log(shared, "dhshared2"); #endif /* Generate the SKEYID */ @@ -529,6 +556,7 @@ calc_skeyids_iv(struct pcr_skeyid_q *skq #ifdef HAVE_LIBNSS memcpy(&skeyid, skeyid_chunk->ptr, skeyid_chunk->len); + //nss_symkey_log(skeyid, "skeyid"); /* generate SKEYID_* from SKEYID */ { @@ -563,7 +591,8 @@ calc_skeyids_iv(struct pcr_skeyid_q *skq keyhandle=PK11_GetSymKeyHandle(shared); param.data=(unsigned char *) &keyhandle; param.len=sizeof(keyhandle); - + //DBG(DBG_CRYPT, DBG_log("NSS: dh shared param len=%d\n",param.len)); + PK11SymKey *tkey3 = PK11_Derive_osw(tkey2, CKM_CONCATENATE_BASE_AND_KEY, ¶m, CKM_CONCATENATE_BASE_AND_DATA, CKA_DERIVE, 0); PR_ASSERT(tkey3!=NULL); @@ -598,7 +627,7 @@ calc_skeyids_iv(struct pcr_skeyid_q *skq skeyid_d = PK11_Derive_osw(tkey9, nss_key_derivation_mech(hasher), NULL, CKM_CONCATENATE_BASE_AND_DATA, CKA_DERIVE, 0); PR_ASSERT(skeyid_d!=NULL); - nss_symkey_log(skeyid_d, "skeyid_d"); + //nss_symkey_log(skeyid_d, "skeyid_d"); /*****End of SKEYID_d derivation***************************************/ @@ -641,7 +670,7 @@ calc_skeyids_iv(struct pcr_skeyid_q *skq skeyid_a = PK11_Derive_osw(tkey16, nss_key_derivation_mech(hasher), NULL, CKM_CONCATENATE_BASE_AND_DATA, CKA_DERIVE, 0); PR_ASSERT(skeyid_a!=NULL); - nss_symkey_log(skeyid_a, "skeyid_a"); + //nss_symkey_log(skeyid_a, "skeyid_a"); /*****End of SKEYID_a derivation***************************************/ @@ -696,13 +725,13 @@ calc_skeyids_iv(struct pcr_skeyid_q *skq if(keysize <= hasher->hash_digest_len){ skeyid_e = PK11_Derive_osw(tkey23, nss_key_derivation_mech(hasher), NULL, CKM_EXTRACT_KEY_FROM_KEY, CKA_DERIVE, 0); PR_ASSERT(skeyid_e!=NULL); - - + //nss_symkey_log(skeyid_e, "skeyid_e"); + enc_key = PK11_DeriveWithFlags(skeyid_e, CKM_EXTRACT_KEY_FROM_KEY, ¶m1 , nss_encryption_mech(encrypter), CKA_FLAGS_ONLY, keysize, CKF_ENCRYPT|CKF_DECRYPT); PR_ASSERT(enc_key!=NULL); - nss_symkey_log(enc_key, "enc_key"); + //nss_symkey_log(enc_key, "enc_key"); } else { @@ -712,6 +741,7 @@ calc_skeyids_iv(struct pcr_skeyid_q *skq skeyid_e = PK11_Derive_osw(tkey23, nss_key_derivation_mech(hasher), NULL, CKM_CONCATENATE_BASE_AND_DATA, CKA_DERIVE, 0); PR_ASSERT(skeyid_e!=NULL); + //nss_symkey_log(skeyid_e, "skeyid_e"); PK11SymKey *tkey25 = pk11_derive_wrapper_osw(skeyid_e, CKM_CONCATENATE_BASE_AND_DATA , hmac_pad,CKM_XOR_BASE_AND_DATA, CKA_DERIVE, HMAC_BUFSIZE); @@ -797,7 +827,7 @@ calc_skeyids_iv(struct pcr_skeyid_q *skq enc_key = PK11_DeriveWithFlags(tkey39, CKM_EXTRACT_KEY_FROM_KEY, ¶m1 , nss_encryption_mech(encrypter), CKA_FLAGS_ONLY, /*0*/ keysize, CKF_ENCRYPT|CKF_DECRYPT); - nss_symkey_log(enc_key, "enc_key"); + //nss_symkey_log(enc_key, "enc_key"); PR_ASSERT(enc_key!=NULL); PK11_FreeSymKey(tkey25); diff -urNp openswan-2.6.32-patched/programs/pluto/crypt_ke.c openswan-2.6.32-current/programs/pluto/crypt_ke.c --- openswan-2.6.32-patched/programs/pluto/crypt_ke.c 2012-01-31 13:03:14.083405479 -0500 +++ openswan-2.6.32-current/programs/pluto/crypt_ke.c 2012-01-31 13:10:39.664623691 -0500 @@ -125,6 +125,9 @@ void calc_ke(struct pluto_crypto_req *r) #endif prime = mpz_to_n2(group->modulus); + DBG(DBG_CRYPT,DBG_dump_chunk("NSS: Value of Prime:\n", prime)); + DBG(DBG_CRYPT,DBG_dump_chunk("NSS: Value of base:\n", base)); + dhp.prime.data=prime.ptr; dhp.prime.len=prime.len; dhp.base.data=base.ptr; @@ -136,11 +139,23 @@ void calc_ke(struct pluto_crypto_req *r) } PR_ASSERT(slot!=NULL); + while(1) { privk = PK11_GenerateKeyPair(slot, CKM_DH_PKCS_KEY_PAIR_GEN, &dhp, &pubk, PR_FALSE, PR_TRUE, osw_return_nss_password_file_info()); if(!privk) { loglog(RC_LOG_SERIOUS, "NSS: DH private key creation failed"); } PR_ASSERT(privk!=NULL); + + if( group-> bytes == pubk->u.dh.publicValue.len ) { + DBG(DBG_CRYPT, DBG_log("NSS: generated dh priv and pub keys: %d\n", pubk->u.dh.publicValue.len)); + break; + } else { + DBG(DBG_CRYPT, DBG_log("NSS: generating dh priv and pub keys")); + if (privk){SECKEY_DestroyPrivateKey(privk);} + if (pubk){SECKEY_DestroyPublicKey(pubk);} + } + } + pluto_crypto_allocchunk(&kn->thespace, &kn->secret, sizeof(SECKEYPrivateKey*)); { char *gip = wire_chunk_ptr(kn, &(kn->secret));