Let tkm_keymat_t extend keymat_v2_t
authorAdrian-Ken Rueegsegger <ken@codelabs.ch>
Tue, 18 Sep 2012 17:01:38 +0000 (19:01 +0200)
committerTobias Brunner <tobias@strongswan.org>
Tue, 19 Mar 2013 14:23:48 +0000 (15:23 +0100)
src/charon-tkm/src/tkm/tkm_keymat.c
src/charon-tkm/src/tkm/tkm_keymat.h
src/charon-tkm/tests/keymat_tests.c

index 9783724..9f3faf5 100644 (file)
@@ -164,7 +164,7 @@ METHOD(keymat_t, create_nonce_gen, nonce_gen_t*,
        return lib->crypto->create_nonce_gen(lib->crypto);
 }
 
-METHOD(tkm_keymat_t, derive_ike_keys, bool,
+METHOD(keymat_v2_t, derive_ike_keys, bool,
        private_tkm_keymat_t *this, proposal_t *proposal, diffie_hellman_t *dh,
        chunk_t nonce_i, chunk_t nonce_r, ike_sa_id_t *id,
        pseudo_random_function_t rekey_function, chunk_t rekey_skd)
@@ -296,7 +296,7 @@ METHOD(tkm_keymat_t, derive_ike_keys, bool,
        return TRUE;
 }
 
-METHOD(tkm_keymat_t, derive_child_keys, bool,
+METHOD(keymat_v2_t, derive_child_keys, bool,
        private_tkm_keymat_t *this, proposal_t *proposal, diffie_hellman_t *dh,
        chunk_t nonce_i, chunk_t nonce_r, chunk_t *encr_i, chunk_t *integ_i,
        chunk_t *encr_r, chunk_t *integ_r)
@@ -345,7 +345,7 @@ METHOD(keymat_t, get_aead, aead_t*,
        return in ? this->aead_in : this->aead_out;
 }
 
-METHOD(tkm_keymat_t, get_auth_octets, bool,
+METHOD(keymat_v2_t, get_auth_octets, bool,
        private_tkm_keymat_t *this, bool verify, chunk_t ike_sa_init,
        chunk_t nonce, identification_t *id, char reserved[3], chunk_t *octets)
 {
@@ -354,14 +354,14 @@ METHOD(tkm_keymat_t, get_auth_octets, bool,
        return TRUE;
 }
 
-METHOD(tkm_keymat_t, get_skd, pseudo_random_function_t,
+METHOD(keymat_v2_t, get_skd, pseudo_random_function_t,
        private_tkm_keymat_t *this, chunk_t *skd)
 {
        *skd = chunk_clone(chunk_from_thing(this->isa_ctx_id));
        return PRF_HMAC_SHA2_512;
 }
 
-METHOD(tkm_keymat_t, get_psk_sig, bool,
+METHOD(keymat_v2_t, get_psk_sig, bool,
        private_tkm_keymat_t *this, bool verify, chunk_t ike_sa_init, chunk_t nonce,
        chunk_t secret, identification_t *id, char reserved[3], chunk_t *sig)
 {
@@ -432,18 +432,20 @@ tkm_keymat_t *tkm_keymat_create(bool initiator)
 
        INIT(this,
                .public = {
-                       .keymat = {
-                               .get_version = _get_version,
-                               .create_dh = _create_dh,
-                               .create_nonce_gen = _create_nonce_gen,
-                               .get_aead = _get_aead,
-                               .destroy = _destroy,
+                       .keymat_v2 = {
+                               .keymat = {
+                                       .get_version = _get_version,
+                                       .create_dh = _create_dh,
+                                       .create_nonce_gen = _create_nonce_gen,
+                                       .get_aead = _get_aead,
+                                       .destroy = _destroy,
+                               },
+                               .derive_ike_keys = _derive_ike_keys,
+                               .derive_child_keys = _derive_child_keys,
+                               .get_skd = _get_skd,
+                               .get_auth_octets = _get_auth_octets,
+                               .get_psk_sig = _get_psk_sig,
                        },
-                       .derive_ike_keys = _derive_ike_keys,
-                       .derive_child_keys = _derive_child_keys,
-                       .get_skd = _get_skd,
-                       .get_auth_octets = _get_auth_octets,
-                       .get_psk_sig = _get_psk_sig,
                        .get_isa_id = _get_isa_id,
                        .set_auth_payload = _set_auth_payload,
                        .get_auth_payload = _get_auth_payload,
index 22da32f..16f2f2a 100644 (file)
@@ -17,7 +17,7 @@
 #ifndef TKM_KEYMAT_H_
 #define TKM_KEYMAT_H_
 
-#include <sa/keymat.h>
+#include <sa/ikev2/keymat_v2.h>
 
 typedef struct tkm_keymat_t tkm_keymat_t;
 
@@ -27,85 +27,9 @@ typedef struct tkm_keymat_t tkm_keymat_t;
 struct tkm_keymat_t {
 
        /**
-        * Implements keymat_t.
+        * Implements keymat_v2_t.
         */
-       keymat_t keymat;
-
-       /**
-        * Use TKM to derive IKE key material.
-        *
-        * @param proposal      selected algorithms
-        * @param dh            diffie hellman key allocated by create_dh()
-        * @param nonce_i       initiators nonce value
-        * @param nonce_r       responders nonce value
-        * @param id            IKE_SA identifier
-        * @param rekey_prf     PRF of old SA if rekeying, PRF_UNDEFINED otherwise
-        * @param rekey_skd     SKd of old SA if rekeying
-        * @return                      TRUE on success
-        */
-       bool (*derive_ike_keys)(tkm_keymat_t *this, proposal_t *proposal,
-                                                       diffie_hellman_t *dh, chunk_t nonce_i,
-                                                       chunk_t nonce_r, ike_sa_id_t *id,
-                                                       pseudo_random_function_t rekey_function,
-                                                       chunk_t rekey_skd);
-
-       /**
-        * Use TKM to derive child key material.
-        *
-        * @param proposal      selected algorithms
-        * @param dh            diffie hellman key allocated by create_dh(), or NULL
-        * @param nonce_i       initiators nonce value
-        * @param nonce_r       responders nonce value
-        * @param encr_i        handle to initiators encryption key
-        * @param integ_i       handle to initiators integrity key
-        * @param encr_r        handle to responders encryption key
-        * @param integ_r       handle to responders integrity key
-        * @return                      TRUE on success
-        */
-       bool (*derive_child_keys)(tkm_keymat_t *this,
-                                                         proposal_t *proposal, diffie_hellman_t *dh,
-                                                         chunk_t nonce_i, chunk_t nonce_r,
-                                                         chunk_t *encr_i, chunk_t *integ_i,
-                                                         chunk_t *encr_r, chunk_t *integ_r);
-
-       /**
-        * Use TKM to generate auth octets.
-        *
-        * @param verify                TRUE to create for verfification, FALSE to sign
-        * @param ike_sa_init   encoded ike_sa_init message
-        * @param nonce                 nonce value
-        * @param id                    identity
-        * @param reserved              reserved bytes of id_payload
-        * @param octests               chunk receiving allocated auth octets
-        * @return                              TRUE if octets created successfully
-        */
-       bool (*get_auth_octets)(tkm_keymat_t *this, bool verify, chunk_t ike_sa_init,
-                                                       chunk_t nonce, identification_t *id,
-                                                       char reserved[3], chunk_t *octets);
-
-       /**
-        * Get SKd and PRF to derive keymat.
-        *
-        * @param skd   chunk to write SKd to (internal data)
-        * @return              PRF function to derive keymat
-        */
-       pseudo_random_function_t (*get_skd)(tkm_keymat_t *this, chunk_t *skd);
-
-       /**
-        * Build the shared secret signature used for PSK and EAP authentication.
-        *
-        * @param verify                TRUE to create for verfification, FALSE to sign
-        * @param ike_sa_init   encoded ike_sa_init message
-        * @param nonce                 nonce value
-        * @param secret                optional secret to include into signature
-        * @param id                    identity
-        * @param reserved              reserved bytes of id_payload
-        * @param sign                  chunk receiving allocated signature octets
-        * @return                              TRUE if signature created successfully
-        */
-       bool (*get_psk_sig)(tkm_keymat_t *this, bool verify, chunk_t ike_sa_init,
-                                               chunk_t nonce, chunk_t secret,
-                                               identification_t *id, char reserved[3], chunk_t *sig);
+       keymat_v2_t keymat_v2;
 
        /**
         * Get ISA context id.
index 3e01e99..e4c59fa 100644 (file)
@@ -79,11 +79,12 @@ START_TEST(test_derive_ike_keys)
        dh->dh.get_my_public_value(&dh->dh, &pubvalue);
        dh->dh.set_other_public_value(&dh->dh, pubvalue);
 
-       fail_unless(keymat->derive_ike_keys(keymat, proposal, &dh->dh, nonce, nonce,
-                               ike_sa_id, PRF_UNDEFINED, chunk_empty), "Key derivation failed");
+       fail_unless(keymat->keymat_v2.derive_ike_keys(&keymat->keymat_v2, proposal,
+                               &dh->dh, nonce, nonce, ike_sa_id, PRF_UNDEFINED, chunk_empty),
+                               "Key derivation failed");
        chunk_free(&nonce);
 
-       aead_t * const aead = keymat->keymat.get_aead(&keymat->keymat, TRUE);
+       aead_t * const aead = keymat->keymat_v2.keymat.get_aead(&keymat->keymat_v2.keymat, TRUE);
        fail_if(!aead, "AEAD is NULL");
 
        fail_if(aead->get_key_size(aead) != 96, "Key size mismatch %d",
@@ -94,7 +95,7 @@ START_TEST(test_derive_ike_keys)
        proposal->destroy(proposal);
        dh->dh.destroy(&dh->dh);
        ike_sa_id->destroy(ike_sa_id);
-       keymat->keymat.destroy(&keymat->keymat);
+       keymat->keymat_v2.keymat.destroy(&keymat->keymat_v2.keymat);
        chunk_free(&pubvalue);
 
        libcharon_deinit();
@@ -140,8 +141,10 @@ START_TEST(test_derive_child_keys)
        chunk_t encr_i, encr_r, integ_i, integ_r;
        chunk_t nonce = chunk_from_chars("test chunk");
 
-       fail_unless(keymat->derive_child_keys(keymat, proposal, (diffie_hellman_t *)dh, nonce, nonce,
-                                                                                 &encr_i, &integ_i, &encr_r, &integ_r),
+       fail_unless(keymat->keymat_v2.derive_child_keys(&keymat->keymat_v2, proposal,
+                                                                                                       (diffie_hellman_t *)dh,
+                                                                                                       nonce, nonce, &encr_i,
+                                                                                                       &integ_i, &encr_r, &integ_r),
                                "Child key derivation failed");
 
        esa_info_t *info = (esa_info_t *)encr_i.ptr;
@@ -180,7 +183,7 @@ START_TEST(test_derive_child_keys)
 
        proposal->destroy(proposal);
        dh->dh.destroy(&dh->dh);
-       keymat->keymat.destroy(&keymat->keymat);
+       keymat->keymat_v2.keymat.destroy(&keymat->keymat_v2.keymat);
        chunk_free(&encr_i);
        chunk_free(&encr_r);