From: Adrian-Ken Rueegsegger Date: Wed, 22 Aug 2012 09:05:44 +0000 (+0200) Subject: keymat: Get context id of local nonce X-Git-Tag: 5.0.3rc1~39^2~86 X-Git-Url: https://git.strongswan.org/?p=strongswan.git;a=commitdiff_plain;h=ba0d7d9a76ec8dd8f53e92c8dd4b6bed794e6bf9;ds=sidebyside keymat: Get context id of local nonce To derive IKE keys using TKM the nonce context id of the local nonce is needed. Get the id for a given chunk using the chunk map. --- diff --git a/src/charon-tkm/src/tkm/tkm_keymat.c b/src/charon-tkm/src/tkm/tkm_keymat.c index 186f67b..644e42d 100644 --- a/src/charon-tkm/src/tkm/tkm_keymat.c +++ b/src/charon-tkm/src/tkm/tkm_keymat.c @@ -17,6 +17,7 @@ #include #include +#include "tkm.h" #include "tkm_keymat.h" typedef struct private_tkm_keymat_t private_tkm_keymat_t; @@ -36,6 +37,11 @@ struct private_tkm_keymat_t { */ keymat_v2_t *proxy; + /** + * IKE_SA Role, initiator or responder + */ + bool initiator; + }; METHOD(keymat_t, get_version, ike_version_t, @@ -62,8 +68,21 @@ METHOD(tkm_keymat_t, derive_ike_keys, bool, pseudo_random_function_t rekey_function, chunk_t rekey_skd) { DBG1(DBG_IKE, "deriving IKE keys"); - return this->proxy->derive_ike_keys(this->proxy, proposal, dh, nonce_i, - nonce_r, id, rekey_function, rekey_skd); + chunk_t * const nonce = this->initiator ? &nonce_i : &nonce_r; + const uint64_t nc_id = tkm->chunk_map->get_id(tkm->chunk_map, nonce); + if (!nc_id) + { + DBG1(DBG_IKE, "unable to acquire context id for nonce"); + return FALSE; + } + + if (this->proxy->derive_ike_keys(this->proxy, proposal, dh, nonce_i, + nonce_r, id, rekey_function, rekey_skd)) + { + tkm->chunk_map->remove(tkm->chunk_map, nonce); + return TRUE; + } + return FALSE; } METHOD(tkm_keymat_t, derive_child_keys, bool, @@ -136,6 +155,7 @@ tkm_keymat_t *tkm_keymat_create(bool initiator) .get_auth_octets = _get_auth_octets, .get_psk_sig = _get_psk_sig, }, + .initiator = initiator, .proxy = keymat_v2_create(initiator), );