keymat: Log nonce and DH context ids
[strongswan.git] / src / charon-tkm / src / tkm / tkm_keymat.c
index cdc6800..e3fcfa0 100644 (file)
  */
 
 #include <daemon.h>
+#include <sa/ikev2/keymat_v2.h>
 
+#include "tkm.h"
+#include "tkm_diffie_hellman.h"
 #include "tkm_keymat.h"
 
 typedef struct private_tkm_keymat_t private_tkm_keymat_t;
@@ -30,6 +33,16 @@ struct private_tkm_keymat_t {
         */
        tkm_keymat_t public;
 
+       /**
+        * IKEv2 keymat proxy (will be removed).
+        */
+       keymat_v2_t *proxy;
+
+       /**
+        * IKE_SA Role, initiator or responder
+        */
+       bool initiator;
+
 };
 
 METHOD(keymat_t, get_version, ike_version_t,
@@ -55,7 +68,24 @@ METHOD(tkm_keymat_t, derive_ike_keys, bool,
        chunk_t nonce_i, chunk_t nonce_r, ike_sa_id_t *id,
        pseudo_random_function_t rekey_function, chunk_t rekey_skd)
 {
-       DBG1(DBG_IKE, "deriving IKE keys");
+       tkm_diffie_hellman_t * const tkm_dh = (tkm_diffie_hellman_t *)dh;
+       chunk_t * const nonce = this->initiator ? &nonce_i : &nonce_r;
+
+       const uint64_t nc_id = tkm->chunk_map->get_id(tkm->chunk_map, nonce);
+       if (!nc_id)
+       {
+               DBG1(DBG_IKE, "unable to acquire context id for nonce");
+               return FALSE;
+       }
+
+       DBG1(DBG_IKE, "deriving IKE keys (nc: %llu, dh: %llu)", nc_id,
+                       tkm_dh->get_id(tkm_dh));
+       if (this->proxy->derive_ike_keys(this->proxy, proposal, dh, nonce_i,
+                               nonce_r, id, rekey_function, rekey_skd))
+       {
+               tkm->chunk_map->remove(tkm->chunk_map, nonce);
+               return TRUE;
+       }
        return FALSE;
 }
 
@@ -65,14 +95,15 @@ METHOD(tkm_keymat_t, derive_child_keys, bool,
        chunk_t *encr_r, chunk_t *integ_r)
 {
        DBG1(DBG_CHD, "deriving child keys");
-       return FALSE;
+       return this->proxy->derive_child_keys(this->proxy, proposal, dh, nonce_i,
+                       nonce_r, encr_i, integ_i, encr_r, integ_r);
 }
 
 METHOD(keymat_t, get_aead, aead_t*,
        private_tkm_keymat_t *this, bool in)
 {
-       DBG1(DBG_IKE, "get_aead called");
-       return NULL;
+       DBG1(DBG_IKE, "returning aead transform");
+       return this->proxy->keymat.get_aead(&this->proxy->keymat, in);
 }
 
 METHOD(tkm_keymat_t, get_auth_octets, bool,
@@ -80,14 +111,15 @@ METHOD(tkm_keymat_t, get_auth_octets, bool,
        chunk_t nonce, identification_t *id, char reserved[3], chunk_t *octets)
 {
        DBG1(DBG_IKE, "returning auth octets");
-       return FALSE;
+       return this->proxy->get_auth_octets(this->proxy, verify, ike_sa_init, nonce,
+                       id, reserved, octets);
 }
 
 METHOD(tkm_keymat_t, get_skd, pseudo_random_function_t,
        private_tkm_keymat_t *this, chunk_t *skd)
 {
        DBG1(DBG_IKE, "returning skd");
-       return PRF_UNDEFINED;
+       return this->proxy->get_skd(this->proxy, skd);
 }
 
 METHOD(tkm_keymat_t, get_psk_sig, bool,
@@ -95,7 +127,8 @@ METHOD(tkm_keymat_t, get_psk_sig, bool,
        chunk_t secret, identification_t *id, char reserved[3], chunk_t *sig)
 {
        DBG1(DBG_IKE, "returning PSK signature");
-       return FALSE;
+       return this->proxy->get_psk_sig(this->proxy, verify, ike_sa_init, nonce,
+                       secret, id, reserved, sig);
 }
 
 METHOD(keymat_t, destroy, void,
@@ -126,6 +159,8 @@ tkm_keymat_t *tkm_keymat_create(bool initiator)
                        .get_auth_octets = _get_auth_octets,
                        .get_psk_sig = _get_psk_sig,
                },
+               .initiator = initiator,
+               .proxy = keymat_v2_create(initiator),
        );
 
        return &this->public;