keymat: Get context id of local nonce
authorAdrian-Ken Rueegsegger <ken@codelabs.ch>
Wed, 22 Aug 2012 09:05:44 +0000 (11:05 +0200)
committerTobias Brunner <tobias@strongswan.org>
Tue, 19 Mar 2013 14:23:46 +0000 (15:23 +0100)
To derive IKE keys using TKM the nonce context id of the local nonce is needed.
Get the id for a given chunk using the chunk map.

src/charon-tkm/src/tkm/tkm_keymat.c

index 186f67b..644e42d 100644 (file)
@@ -17,6 +17,7 @@
 #include <daemon.h>
 #include <sa/ikev2/keymat_v2.h>
 
+#include "tkm.h"
 #include "tkm_keymat.h"
 
 typedef struct private_tkm_keymat_t private_tkm_keymat_t;
@@ -36,6 +37,11 @@ struct private_tkm_keymat_t {
         */
        keymat_v2_t *proxy;
 
+       /**
+        * IKE_SA Role, initiator or responder
+        */
+       bool initiator;
+
 };
 
 METHOD(keymat_t, get_version, ike_version_t,
@@ -62,8 +68,21 @@ METHOD(tkm_keymat_t, derive_ike_keys, bool,
        pseudo_random_function_t rekey_function, chunk_t rekey_skd)
 {
        DBG1(DBG_IKE, "deriving IKE keys");
-       return this->proxy->derive_ike_keys(this->proxy, proposal, dh, nonce_i,
-                       nonce_r, id, rekey_function, rekey_skd);
+       chunk_t * const nonce = this->initiator ? &nonce_i : &nonce_r;
+       const uint64_t nc_id = tkm->chunk_map->get_id(tkm->chunk_map, nonce);
+       if (!nc_id)
+       {
+               DBG1(DBG_IKE, "unable to acquire context id for nonce");
+               return FALSE;
+       }
+
+       if (this->proxy->derive_ike_keys(this->proxy, proposal, dh, nonce_i,
+                               nonce_r, id, rekey_function, rekey_skd))
+       {
+               tkm->chunk_map->remove(tkm->chunk_map, nonce);
+               return TRUE;
+       }
+       return FALSE;
 }
 
 METHOD(tkm_keymat_t, derive_child_keys, bool,
@@ -136,6 +155,7 @@ tkm_keymat_t *tkm_keymat_create(bool initiator)
                        .get_auth_octets = _get_auth_octets,
                        .get_psk_sig = _get_psk_sig,
                },
+               .initiator = initiator,
                .proxy = keymat_v2_create(initiator),
        );