From 62b625430eba1ec2b3eb970e32b90ce0c1b956c0 Mon Sep 17 00:00:00 2001 From: Adrian-Ken Rueegsegger Date: Tue, 18 Sep 2012 19:01:38 +0200 Subject: [PATCH] Let tkm_keymat_t extend keymat_v2_t --- src/charon-tkm/src/tkm/tkm_keymat.c | 34 +++++++-------- src/charon-tkm/src/tkm/tkm_keymat.h | 82 ++----------------------------------- src/charon-tkm/tests/keymat_tests.c | 17 ++++---- 3 files changed, 31 insertions(+), 102 deletions(-) diff --git a/src/charon-tkm/src/tkm/tkm_keymat.c b/src/charon-tkm/src/tkm/tkm_keymat.c index 9783724..9f3faf5 100644 --- a/src/charon-tkm/src/tkm/tkm_keymat.c +++ b/src/charon-tkm/src/tkm/tkm_keymat.c @@ -164,7 +164,7 @@ METHOD(keymat_t, create_nonce_gen, nonce_gen_t*, return lib->crypto->create_nonce_gen(lib->crypto); } -METHOD(tkm_keymat_t, derive_ike_keys, bool, +METHOD(keymat_v2_t, derive_ike_keys, bool, private_tkm_keymat_t *this, proposal_t *proposal, diffie_hellman_t *dh, chunk_t nonce_i, chunk_t nonce_r, ike_sa_id_t *id, pseudo_random_function_t rekey_function, chunk_t rekey_skd) @@ -296,7 +296,7 @@ METHOD(tkm_keymat_t, derive_ike_keys, bool, return TRUE; } -METHOD(tkm_keymat_t, derive_child_keys, bool, +METHOD(keymat_v2_t, derive_child_keys, bool, private_tkm_keymat_t *this, proposal_t *proposal, diffie_hellman_t *dh, chunk_t nonce_i, chunk_t nonce_r, chunk_t *encr_i, chunk_t *integ_i, chunk_t *encr_r, chunk_t *integ_r) @@ -345,7 +345,7 @@ METHOD(keymat_t, get_aead, aead_t*, return in ? this->aead_in : this->aead_out; } -METHOD(tkm_keymat_t, get_auth_octets, bool, +METHOD(keymat_v2_t, get_auth_octets, bool, private_tkm_keymat_t *this, bool verify, chunk_t ike_sa_init, chunk_t nonce, identification_t *id, char reserved[3], chunk_t *octets) { @@ -354,14 +354,14 @@ METHOD(tkm_keymat_t, get_auth_octets, bool, return TRUE; } -METHOD(tkm_keymat_t, get_skd, pseudo_random_function_t, +METHOD(keymat_v2_t, get_skd, pseudo_random_function_t, private_tkm_keymat_t *this, chunk_t *skd) { *skd = chunk_clone(chunk_from_thing(this->isa_ctx_id)); return PRF_HMAC_SHA2_512; } -METHOD(tkm_keymat_t, get_psk_sig, bool, +METHOD(keymat_v2_t, get_psk_sig, bool, private_tkm_keymat_t *this, bool verify, chunk_t ike_sa_init, chunk_t nonce, chunk_t secret, identification_t *id, char reserved[3], chunk_t *sig) { @@ -432,18 +432,20 @@ tkm_keymat_t *tkm_keymat_create(bool initiator) INIT(this, .public = { - .keymat = { - .get_version = _get_version, - .create_dh = _create_dh, - .create_nonce_gen = _create_nonce_gen, - .get_aead = _get_aead, - .destroy = _destroy, + .keymat_v2 = { + .keymat = { + .get_version = _get_version, + .create_dh = _create_dh, + .create_nonce_gen = _create_nonce_gen, + .get_aead = _get_aead, + .destroy = _destroy, + }, + .derive_ike_keys = _derive_ike_keys, + .derive_child_keys = _derive_child_keys, + .get_skd = _get_skd, + .get_auth_octets = _get_auth_octets, + .get_psk_sig = _get_psk_sig, }, - .derive_ike_keys = _derive_ike_keys, - .derive_child_keys = _derive_child_keys, - .get_skd = _get_skd, - .get_auth_octets = _get_auth_octets, - .get_psk_sig = _get_psk_sig, .get_isa_id = _get_isa_id, .set_auth_payload = _set_auth_payload, .get_auth_payload = _get_auth_payload, diff --git a/src/charon-tkm/src/tkm/tkm_keymat.h b/src/charon-tkm/src/tkm/tkm_keymat.h index 22da32f..16f2f2a 100644 --- a/src/charon-tkm/src/tkm/tkm_keymat.h +++ b/src/charon-tkm/src/tkm/tkm_keymat.h @@ -17,7 +17,7 @@ #ifndef TKM_KEYMAT_H_ #define TKM_KEYMAT_H_ -#include +#include typedef struct tkm_keymat_t tkm_keymat_t; @@ -27,85 +27,9 @@ typedef struct tkm_keymat_t tkm_keymat_t; struct tkm_keymat_t { /** - * Implements keymat_t. + * Implements keymat_v2_t. */ - keymat_t keymat; - - /** - * Use TKM to derive IKE key material. - * - * @param proposal selected algorithms - * @param dh diffie hellman key allocated by create_dh() - * @param nonce_i initiators nonce value - * @param nonce_r responders nonce value - * @param id IKE_SA identifier - * @param rekey_prf PRF of old SA if rekeying, PRF_UNDEFINED otherwise - * @param rekey_skd SKd of old SA if rekeying - * @return TRUE on success - */ - bool (*derive_ike_keys)(tkm_keymat_t *this, proposal_t *proposal, - diffie_hellman_t *dh, chunk_t nonce_i, - chunk_t nonce_r, ike_sa_id_t *id, - pseudo_random_function_t rekey_function, - chunk_t rekey_skd); - - /** - * Use TKM to derive child key material. - * - * @param proposal selected algorithms - * @param dh diffie hellman key allocated by create_dh(), or NULL - * @param nonce_i initiators nonce value - * @param nonce_r responders nonce value - * @param encr_i handle to initiators encryption key - * @param integ_i handle to initiators integrity key - * @param encr_r handle to responders encryption key - * @param integ_r handle to responders integrity key - * @return TRUE on success - */ - bool (*derive_child_keys)(tkm_keymat_t *this, - proposal_t *proposal, diffie_hellman_t *dh, - chunk_t nonce_i, chunk_t nonce_r, - chunk_t *encr_i, chunk_t *integ_i, - chunk_t *encr_r, chunk_t *integ_r); - - /** - * Use TKM to generate auth octets. - * - * @param verify TRUE to create for verfification, FALSE to sign - * @param ike_sa_init encoded ike_sa_init message - * @param nonce nonce value - * @param id identity - * @param reserved reserved bytes of id_payload - * @param octests chunk receiving allocated auth octets - * @return TRUE if octets created successfully - */ - bool (*get_auth_octets)(tkm_keymat_t *this, bool verify, chunk_t ike_sa_init, - chunk_t nonce, identification_t *id, - char reserved[3], chunk_t *octets); - - /** - * Get SKd and PRF to derive keymat. - * - * @param skd chunk to write SKd to (internal data) - * @return PRF function to derive keymat - */ - pseudo_random_function_t (*get_skd)(tkm_keymat_t *this, chunk_t *skd); - - /** - * Build the shared secret signature used for PSK and EAP authentication. - * - * @param verify TRUE to create for verfification, FALSE to sign - * @param ike_sa_init encoded ike_sa_init message - * @param nonce nonce value - * @param secret optional secret to include into signature - * @param id identity - * @param reserved reserved bytes of id_payload - * @param sign chunk receiving allocated signature octets - * @return TRUE if signature created successfully - */ - bool (*get_psk_sig)(tkm_keymat_t *this, bool verify, chunk_t ike_sa_init, - chunk_t nonce, chunk_t secret, - identification_t *id, char reserved[3], chunk_t *sig); + keymat_v2_t keymat_v2; /** * Get ISA context id. diff --git a/src/charon-tkm/tests/keymat_tests.c b/src/charon-tkm/tests/keymat_tests.c index 3e01e99..e4c59fa 100644 --- a/src/charon-tkm/tests/keymat_tests.c +++ b/src/charon-tkm/tests/keymat_tests.c @@ -79,11 +79,12 @@ START_TEST(test_derive_ike_keys) dh->dh.get_my_public_value(&dh->dh, &pubvalue); dh->dh.set_other_public_value(&dh->dh, pubvalue); - fail_unless(keymat->derive_ike_keys(keymat, proposal, &dh->dh, nonce, nonce, - ike_sa_id, PRF_UNDEFINED, chunk_empty), "Key derivation failed"); + fail_unless(keymat->keymat_v2.derive_ike_keys(&keymat->keymat_v2, proposal, + &dh->dh, nonce, nonce, ike_sa_id, PRF_UNDEFINED, chunk_empty), + "Key derivation failed"); chunk_free(&nonce); - aead_t * const aead = keymat->keymat.get_aead(&keymat->keymat, TRUE); + aead_t * const aead = keymat->keymat_v2.keymat.get_aead(&keymat->keymat_v2.keymat, TRUE); fail_if(!aead, "AEAD is NULL"); fail_if(aead->get_key_size(aead) != 96, "Key size mismatch %d", @@ -94,7 +95,7 @@ START_TEST(test_derive_ike_keys) proposal->destroy(proposal); dh->dh.destroy(&dh->dh); ike_sa_id->destroy(ike_sa_id); - keymat->keymat.destroy(&keymat->keymat); + keymat->keymat_v2.keymat.destroy(&keymat->keymat_v2.keymat); chunk_free(&pubvalue); libcharon_deinit(); @@ -140,8 +141,10 @@ START_TEST(test_derive_child_keys) chunk_t encr_i, encr_r, integ_i, integ_r; chunk_t nonce = chunk_from_chars("test chunk"); - fail_unless(keymat->derive_child_keys(keymat, proposal, (diffie_hellman_t *)dh, nonce, nonce, - &encr_i, &integ_i, &encr_r, &integ_r), + fail_unless(keymat->keymat_v2.derive_child_keys(&keymat->keymat_v2, proposal, + (diffie_hellman_t *)dh, + nonce, nonce, &encr_i, + &integ_i, &encr_r, &integ_r), "Child key derivation failed"); esa_info_t *info = (esa_info_t *)encr_i.ptr; @@ -180,7 +183,7 @@ START_TEST(test_derive_child_keys) proposal->destroy(proposal); dh->dh.destroy(&dh->dh); - keymat->keymat.destroy(&keymat->keymat); + keymat->keymat_v2.keymat.destroy(&keymat->keymat_v2.keymat); chunk_free(&encr_i); chunk_free(&encr_r); -- 2.7.4