From 551a2f02277b791921d2b398dd72bf5324d5d8df Mon Sep 17 00:00:00 2001 From: fj-blanco Date: Tue, 10 Dec 2024 18:28:27 +0100 Subject: [PATCH] fix --- src/libstrongswan/plugins/qkd-kem/qkd_kem.c | 42 +++++++++++++++++---- 1 file changed, 34 insertions(+), 8 deletions(-) diff --git a/src/libstrongswan/plugins/qkd-kem/qkd_kem.c b/src/libstrongswan/plugins/qkd-kem/qkd_kem.c index 2ae00c7b2d..a3b5d73148 100644 --- a/src/libstrongswan/plugins/qkd-kem/qkd_kem.c +++ b/src/libstrongswan/plugins/qkd-kem/qkd_kem.c @@ -167,24 +167,40 @@ METHOD(key_exchange_t, get_public_key, bool, METHOD(key_exchange_t, set_public_key, bool, private_qkd_kem_t *this, chunk_t value) { - DBG1(DBG_LIB, "QKD-KEM plugin: setting public key"); + DBG1(DBG_LIB, "QKD-KEM plugin: setting public key (size: %d bytes)", value.len); + + // Initiator (Alice) - has her own key pair, receives ciphertext from Bob if (this->key) { + DBG1(DBG_LIB, "QKD-KEM plugin: Initiator (Alice) processing ciphertext"); + if (!this->shared_secret) { this->shared_secret = OPENSSL_malloc(this->shared_secret_len); } - if (!EVP_PKEY_decapsulate_init(this->ctx, NULL) || - !EVP_PKEY_decapsulate(this->ctx, this->shared_secret, - &this->shared_secret_len, value.ptr, value.len)) { + + if (!EVP_PKEY_decapsulate_init(this->ctx, NULL)) { + DBG1(DBG_LIB, "QKD-KEM plugin: Initiator decapsulate init failed"); + return FALSE; + } + + if (!EVP_PKEY_decapsulate(this->ctx, this->shared_secret, + &this->shared_secret_len, value.ptr, value.len)) { + DBG1(DBG_LIB, "QKD-KEM plugin: Initiator decapsulation failed"); return FALSE; } + + DBG1(DBG_LIB, "QKD-KEM plugin: Initiator decapsulation successful"); return TRUE; } - EVP_PKEY_CTX *tmp_ctx = EVP_PKEY_CTX_new_from_name(this->libctx, - get_kem_name(this->method), NULL); + // Responder (Bob) - receives Alice's public key and generates ciphertext + DBG1(DBG_LIB, "QKD-KEM plugin: Responder (Bob) processing public key"); + + const char* kem_name = get_kem_name(this->method); + EVP_PKEY_CTX *tmp_ctx = EVP_PKEY_CTX_new_from_name(this->libctx, kem_name, NULL); EVP_PKEY *peer_key = NULL; if (!tmp_ctx || !EVP_PKEY_fromdata_init(tmp_ctx)) { + DBG1(DBG_LIB, "QKD-KEM plugin: Responder context initialization failed"); EVP_PKEY_CTX_free(tmp_ctx); return FALSE; } @@ -195,6 +211,7 @@ METHOD(key_exchange_t, set_public_key, bool, }; if (!EVP_PKEY_fromdata(tmp_ctx, &peer_key, EVP_PKEY_PUBLIC_KEY, params)) { + DBG1(DBG_LIB, "QKD-KEM plugin: Responder public key import failed"); EVP_PKEY_CTX_free(tmp_ctx); return FALSE; } @@ -208,8 +225,15 @@ METHOD(key_exchange_t, set_public_key, bool, return FALSE; } - if (!EVP_PKEY_encapsulate_init(this->ctx, NULL) || - !EVP_PKEY_encapsulate(this->ctx, NULL, &this->ciphertext_len, + // Encapsulate the shared secret + if (!EVP_PKEY_encapsulate_init(this->ctx, NULL)) { + DBG1(DBG_LIB, "QKD-KEM plugin: Responder encapsulate init failed"); + EVP_PKEY_free(peer_key); + return FALSE; + } + + // Get buffer sizes first + if (!EVP_PKEY_encapsulate(this->ctx, NULL, &this->ciphertext_len, NULL, &this->shared_secret_len)) { EVP_PKEY_free(peer_key); return FALSE; @@ -224,10 +248,12 @@ METHOD(key_exchange_t, set_public_key, bool, if (!EVP_PKEY_encapsulate(this->ctx, this->ciphertext, &this->ciphertext_len, this->shared_secret, &this->shared_secret_len)) { + DBG1(DBG_LIB, "QKD-KEM plugin: Responder encapsulation failed"); EVP_PKEY_free(peer_key); return FALSE; } + DBG1(DBG_LIB, "QKD-KEM plugin: Responder encapsulation successful"); EVP_PKEY_free(peer_key); return TRUE; }