Let tkm_keymat_t extend keymat_v2_t
[strongswan.git] / src / charon-tkm / src / tkm / tkm_keymat.h
index 22da32f..16f2f2a 100644 (file)
@@ -17,7 +17,7 @@
 #ifndef TKM_KEYMAT_H_
 #define TKM_KEYMAT_H_
 
-#include <sa/keymat.h>
+#include <sa/ikev2/keymat_v2.h>
 
 typedef struct tkm_keymat_t tkm_keymat_t;
 
@@ -27,85 +27,9 @@ typedef struct tkm_keymat_t tkm_keymat_t;
 struct tkm_keymat_t {
 
        /**
-        * Implements keymat_t.
+        * Implements keymat_v2_t.
         */
-       keymat_t keymat;
-
-       /**
-        * Use TKM to derive IKE key material.
-        *
-        * @param proposal      selected algorithms
-        * @param dh            diffie hellman key allocated by create_dh()
-        * @param nonce_i       initiators nonce value
-        * @param nonce_r       responders nonce value
-        * @param id            IKE_SA identifier
-        * @param rekey_prf     PRF of old SA if rekeying, PRF_UNDEFINED otherwise
-        * @param rekey_skd     SKd of old SA if rekeying
-        * @return                      TRUE on success
-        */
-       bool (*derive_ike_keys)(tkm_keymat_t *this, proposal_t *proposal,
-                                                       diffie_hellman_t *dh, chunk_t nonce_i,
-                                                       chunk_t nonce_r, ike_sa_id_t *id,
-                                                       pseudo_random_function_t rekey_function,
-                                                       chunk_t rekey_skd);
-
-       /**
-        * Use TKM to derive child key material.
-        *
-        * @param proposal      selected algorithms
-        * @param dh            diffie hellman key allocated by create_dh(), or NULL
-        * @param nonce_i       initiators nonce value
-        * @param nonce_r       responders nonce value
-        * @param encr_i        handle to initiators encryption key
-        * @param integ_i       handle to initiators integrity key
-        * @param encr_r        handle to responders encryption key
-        * @param integ_r       handle to responders integrity key
-        * @return                      TRUE on success
-        */
-       bool (*derive_child_keys)(tkm_keymat_t *this,
-                                                         proposal_t *proposal, diffie_hellman_t *dh,
-                                                         chunk_t nonce_i, chunk_t nonce_r,
-                                                         chunk_t *encr_i, chunk_t *integ_i,
-                                                         chunk_t *encr_r, chunk_t *integ_r);
-
-       /**
-        * Use TKM to generate auth octets.
-        *
-        * @param verify                TRUE to create for verfification, FALSE to sign
-        * @param ike_sa_init   encoded ike_sa_init message
-        * @param nonce                 nonce value
-        * @param id                    identity
-        * @param reserved              reserved bytes of id_payload
-        * @param octests               chunk receiving allocated auth octets
-        * @return                              TRUE if octets created successfully
-        */
-       bool (*get_auth_octets)(tkm_keymat_t *this, bool verify, chunk_t ike_sa_init,
-                                                       chunk_t nonce, identification_t *id,
-                                                       char reserved[3], chunk_t *octets);
-
-       /**
-        * Get SKd and PRF to derive keymat.
-        *
-        * @param skd   chunk to write SKd to (internal data)
-        * @return              PRF function to derive keymat
-        */
-       pseudo_random_function_t (*get_skd)(tkm_keymat_t *this, chunk_t *skd);
-
-       /**
-        * Build the shared secret signature used for PSK and EAP authentication.
-        *
-        * @param verify                TRUE to create for verfification, FALSE to sign
-        * @param ike_sa_init   encoded ike_sa_init message
-        * @param nonce                 nonce value
-        * @param secret                optional secret to include into signature
-        * @param id                    identity
-        * @param reserved              reserved bytes of id_payload
-        * @param sign                  chunk receiving allocated signature octets
-        * @return                              TRUE if signature created successfully
-        */
-       bool (*get_psk_sig)(tkm_keymat_t *this, bool verify, chunk_t ike_sa_init,
-                                               chunk_t nonce, chunk_t secret,
-                                               identification_t *id, char reserved[3], chunk_t *sig);
+       keymat_v2_t keymat_v2;
 
        /**
         * Get ISA context id.