Use ikev2 keymat proxy
[strongswan.git] / src / charon-tkm / src / tkm / tkm_keymat.c
1 /*
2 * Copyrigth (C) 2012 Reto Buerki
3 * Copyright (C) 2012 Adrian-Ken Rueegsegger
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include <daemon.h>
18 #include <sa/ikev2/keymat_v2.h>
19
20 #include "tkm_keymat.h"
21
22 typedef struct private_tkm_keymat_t private_tkm_keymat_t;
23
24 /**
25 * Private data of a keymat_t object.
26 */
27 struct private_tkm_keymat_t {
28
29 /**
30 * Public tkm_keymat_t interface.
31 */
32 tkm_keymat_t public;
33
34 /**
35 * IKEv2 keymat proxy (will be removed).
36 */
37 keymat_v2_t *proxy;
38
39 };
40
41 METHOD(keymat_t, get_version, ike_version_t,
42 private_tkm_keymat_t *this)
43 {
44 return IKEV2;
45 }
46
47 METHOD(keymat_t, create_dh, diffie_hellman_t*,
48 private_tkm_keymat_t *this, diffie_hellman_group_t group)
49 {
50 return lib->crypto->create_dh(lib->crypto, group);
51 }
52
53 METHOD(keymat_t, create_nonce_gen, nonce_gen_t*,
54 private_tkm_keymat_t *this)
55 {
56 return lib->crypto->create_nonce_gen(lib->crypto);
57 }
58
59 METHOD(tkm_keymat_t, derive_ike_keys, bool,
60 private_tkm_keymat_t *this, proposal_t *proposal, diffie_hellman_t *dh,
61 chunk_t nonce_i, chunk_t nonce_r, ike_sa_id_t *id,
62 pseudo_random_function_t rekey_function, chunk_t rekey_skd)
63 {
64 DBG1(DBG_IKE, "deriving IKE keys");
65 return this->proxy->derive_ike_keys(this->proxy, proposal, dh, nonce_i,
66 nonce_r, id, rekey_function, rekey_skd);
67 }
68
69 METHOD(tkm_keymat_t, derive_child_keys, bool,
70 private_tkm_keymat_t *this, proposal_t *proposal, diffie_hellman_t *dh,
71 chunk_t nonce_i, chunk_t nonce_r, chunk_t *encr_i, chunk_t *integ_i,
72 chunk_t *encr_r, chunk_t *integ_r)
73 {
74 DBG1(DBG_CHD, "deriving child keys");
75 return this->proxy->derive_child_keys(this->proxy, proposal, dh, nonce_i,
76 nonce_r, encr_i, integ_i, encr_r, integ_r);
77 }
78
79 METHOD(keymat_t, get_aead, aead_t*,
80 private_tkm_keymat_t *this, bool in)
81 {
82 DBG1(DBG_IKE, "returning aead transform");
83 return this->proxy->keymat.get_aead(&this->proxy->keymat, in);
84 }
85
86 METHOD(tkm_keymat_t, get_auth_octets, bool,
87 private_tkm_keymat_t *this, bool verify, chunk_t ike_sa_init,
88 chunk_t nonce, identification_t *id, char reserved[3], chunk_t *octets)
89 {
90 DBG1(DBG_IKE, "returning auth octets");
91 return this->proxy->get_auth_octets(this->proxy, verify, ike_sa_init, nonce,
92 id, reserved, octets);
93 }
94
95 METHOD(tkm_keymat_t, get_skd, pseudo_random_function_t,
96 private_tkm_keymat_t *this, chunk_t *skd)
97 {
98 DBG1(DBG_IKE, "returning skd");
99 return this->proxy->get_skd(this->proxy, skd);
100 }
101
102 METHOD(tkm_keymat_t, get_psk_sig, bool,
103 private_tkm_keymat_t *this, bool verify, chunk_t ike_sa_init, chunk_t nonce,
104 chunk_t secret, identification_t *id, char reserved[3], chunk_t *sig)
105 {
106 DBG1(DBG_IKE, "returning PSK signature");
107 return this->proxy->get_psk_sig(this->proxy, verify, ike_sa_init, nonce,
108 secret, id, reserved, sig);
109 }
110
111 METHOD(keymat_t, destroy, void,
112 private_tkm_keymat_t *this)
113 {
114 free(this);
115 }
116
117 /**
118 * See header.
119 */
120 tkm_keymat_t *tkm_keymat_create(bool initiator)
121 {
122 private_tkm_keymat_t *this;
123
124 INIT(this,
125 .public = {
126 .keymat = {
127 .get_version = _get_version,
128 .create_dh = _create_dh,
129 .create_nonce_gen = _create_nonce_gen,
130 .get_aead = _get_aead,
131 .destroy = _destroy,
132 },
133 .derive_ike_keys = _derive_ike_keys,
134 .derive_child_keys = _derive_child_keys,
135 .get_skd = _get_skd,
136 .get_auth_octets = _get_auth_octets,
137 .get_psk_sig = _get_psk_sig,
138 },
139 .proxy = keymat_v2_create(initiator),
140 );
141
142 return &this->public;
143 }