Provide keymat_t to message_t to encrypt/decrypt data.
authorTobias Brunner <tobias@strongswan.org>
Mon, 21 Nov 2011 10:18:08 +0000 (11:18 +0100)
committerTobias Brunner <tobias@strongswan.org>
Tue, 20 Mar 2012 16:30:45 +0000 (17:30 +0100)
src/libcharon/encoding/message.c
src/libcharon/encoding/message.h
src/libcharon/sa/ike_sa.c

index 2bd52ec..79cc86e 100644 (file)
 
 #include <library.h>
 #include <daemon.h>
-#include <sa/ike_sa_id.h>
 #include <encoding/generator.h>
 #include <encoding/parser.h>
-#include <utils/linked_list.h>
 #include <encoding/payloads/encodings.h>
 #include <encoding/payloads/payload.h>
 #include <encoding/payloads/encryption_payload.h>
@@ -1334,13 +1332,14 @@ METHOD(message_t, disable_sort, void,
 }
 
 METHOD(message_t, generate, status_t,
-       private_message_t *this, aead_t *aead, packet_t **packet)
+       private_message_t *this, keymat_t *keymat, packet_t **packet)
 {
        generator_t *generator;
        ike_header_t *ike_header;
        payload_t *payload, *next;
        encryption_payload_t *encryption = NULL;
        enumerator_t *enumerator;
+       aead_t *aead;
        chunk_t chunk;
        char str[BUF_LEN];
        u_int32_t *lenpos;
@@ -1374,6 +1373,7 @@ METHOD(message_t, generate, status_t,
 
        DBG1(DBG_ENC, "generating %s", get_string(this, str, sizeof(str)));
 
+       aead = keymat->get_aead(keymat, FALSE);
        if (aead && this->rule->encrypted)
        {
                encryption = wrap_payloads(this);
@@ -1609,13 +1609,14 @@ static status_t parse_payloads(private_message_t *this)
 /**
  * Decrypt payload from the encryption payload
  */
-static status_t decrypt_payloads(private_message_t *this, aead_t *aead)
+static status_t decrypt_payloads(private_message_t *this, keymat_t *keymat)
 {
        bool was_encrypted = FALSE;
        payload_t *payload, *previous = NULL;
        enumerator_t *enumerator;
        payload_rule_t *rule;
        payload_type_t type;
+       aead_t *aead;
        status_t status = SUCCESS;
 
        enumerator = this->payloads->create_enumerator(this->payloads);
@@ -1641,6 +1642,7 @@ static status_t decrypt_payloads(private_message_t *this, aead_t *aead)
                                status = VERIFY_ERROR;
                                break;
                        }
+                       aead = keymat->get_aead(keymat, TRUE);
                        encryption->set_transform(encryption, aead);
                        chunk = this->packet->get_data(this->packet);
                        if (chunk.len < encryption->get_length(encryption))
@@ -1752,7 +1754,7 @@ static status_t verify(private_message_t *this)
 }
 
 METHOD(message_t, parse_body, status_t,
-       private_message_t *this, aead_t *aead)
+       private_message_t *this, keymat_t *keymat)
 {
        status_t status = SUCCESS;
        char str[BUF_LEN];
@@ -1775,7 +1777,7 @@ METHOD(message_t, parse_body, status_t,
                return status;
        }
 
-       status = decrypt_payloads(this, aead);
+       status = decrypt_payloads(this, keymat);
        if (status != SUCCESS)
        {
                DBG1(DBG_ENC, "could not decrypt payloads");
@@ -1872,4 +1874,3 @@ message_t *message_create(int major, int minor)
 
        return this;
 }
-
index dd18b4b..6f3c796 100644 (file)
 typedef struct message_t message_t;
 
 #include <library.h>
-#include <sa/ike_sa_id.h>
 #include <network/packet.h>
 #include <encoding/payloads/ike_header.h>
 #include <encoding/payloads/notify_payload.h>
+#include <sa/keymat.h>
+#include <sa/ike_sa_id.h>
 #include <utils/linked_list.h>
-#include <crypto/aead.h>
 
 /**
- * This class is used to represent an IKEv2-Message.
+ * This class is used to represent an IKE-Message.
  *
  * The message handles parsing and generation of payloads
  * via parser_t/generator_t. Encryption is done transparently
@@ -228,7 +228,7 @@ struct message_t {
         * If there are encrypted payloads, they get decrypted and verified using
         * the given aead transform (if given).
         *
-        * @param aead          aead transform to verify/decrypt message
+        * @param keymat        keymat to verify/decrypt message
         * @return
         *                                      - SUCCESS if parsing successful
         *                                      - PARSE_ERROR if message parsing failed
@@ -236,7 +236,7 @@ struct message_t {
         *                                      - FAILED if integrity check failed
         *                                      - INVALID_STATE if aead not supplied, but needed
         */
-       status_t (*parse_body) (message_t *this, aead_t *aead);
+       status_t (*parse_body) (message_t *this, keymat_t *keymat);
 
        /**
         * Generates the UDP packet of specific message.
@@ -247,7 +247,7 @@ struct message_t {
         * Generation is only done once, multiple calls will just return a copy
         * of the packet.
         *
-        * @param aead          aead transform to encrypt/sign message
+        * @param keymat        keymat to encrypt/sign message
         * @param packet        copy of generated packet
         * @return
         *                                      - SUCCESS if packet could be generated
@@ -255,7 +255,7 @@ struct message_t {
         *                                      - NOT_FOUND if no rules found for message generation
         *                                      - INVALID_STATE if aead not supplied but needed.
         */
-       status_t (*generate) (message_t *this, aead_t *aead, packet_t **packet);
+       status_t (*generate) (message_t *this, keymat_t *keymat, packet_t **packet);
 
        /**
         * Check if the message has already been encoded using generate().
index 1f87998..b9b2bb8 100644 (file)
@@ -920,8 +920,7 @@ METHOD(ike_sa_t, generate_message, status_t,
        this->stats[STAT_OUTBOUND] = time_monotonic(NULL);
        message->set_ike_sa_id(message, this->ike_sa_id);
        charon->bus->message(charon->bus, message, FALSE);
-       return message->generate(message,
-                               this->keymat->get_aead(this->keymat, FALSE), packet);
+       return message->generate(message, this->keymat, packet);
 }
 
 /**
@@ -1227,8 +1226,7 @@ METHOD(ike_sa_t, process_message, status_t,
 
        is_request = message->get_request(message);
 
-       status = message->parse_body(message,
-                                                                this->keymat->get_aead(this->keymat, TRUE));
+       status = message->parse_body(message, this->keymat);
        if (status == SUCCESS)
        {       /* check for unsupported critical payloads */
                enumerator_t *enumerator;