From d9c648068859f17271d0880100d1845206cbd4ab Mon Sep 17 00:00:00 2001
From: Adrian-Ken Rueegsegger <ken@codelabs.ch>
Date: Wed, 19 Sep 2012 17:55:28 +0200
Subject: [PATCH] Conditionally reset AE context in keymat destroy

The responsibility to reset an authenticated endpoint context is passed
from a parent IKE SA keymat to the new keymat by including it in the ISA
info data contained in the skd chunk. The last IKE SA to be destroyed
will also reset the associated AE context.
---
 src/charon-tkm/src/tkm/tkm_keymat.c | 54 ++++++++++++++++++++++++++++---------
 src/charon-tkm/src/tkm/tkm_types.h  | 24 +++++++++++++++++
 2 files changed, 66 insertions(+), 12 deletions(-)

diff --git a/src/charon-tkm/src/tkm/tkm_keymat.c b/src/charon-tkm/src/tkm/tkm_keymat.c
index 9f3faf5..c310d22 100644
--- a/src/charon-tkm/src/tkm/tkm_keymat.c
+++ b/src/charon-tkm/src/tkm/tkm_keymat.c
@@ -234,6 +234,12 @@ METHOD(keymat_v2_t, derive_ike_keys, bool,
 	key_type sk_ai, sk_ar, sk_ei, sk_er;
 	if (rekey_function == PRF_UNDEFINED)
 	{
+		this->ae_ctx_id = tkm->idmgr->acquire_id(tkm->idmgr, TKM_CTX_AE);
+		if (!this->ae_ctx_id)
+		{
+			DBG1(DBG_IKE, "unable to acquire ae context id");
+			return FALSE;
+		}
 		DBG1(DBG_IKE, "deriving IKE keys (nc: %llu, dh: %llu, spi_loc: %llx, "
 			 "spi_rem: %llx)", nc_id, dh_id, spi_loc, spi_rem);
 		res = ike_isa_create(this->isa_ctx_id, this->ae_ctx_id, 1, dh_id, nc_id,
@@ -242,18 +248,20 @@ METHOD(keymat_v2_t, derive_ike_keys, bool,
 	}
 	else
 	{
-		if (rekey_skd.ptr == NULL || rekey_skd.len != sizeof(isa_id_type))
+		if (rekey_skd.ptr == NULL || rekey_skd.len != sizeof(isa_info_t))
 		{
-			DBG1(DBG_IKE, "unable to retrieve parent isa context id");
+			DBG1(DBG_IKE, "unable to retrieve parent isa info");
 			return FALSE;
 		}
-		const isa_id_type parent_isa_id = *((isa_id_type *)(rekey_skd.ptr));
-		DBG1(DBG_IKE, "deriving IKE keys (parent_isa: %llu, nc: %llu, dh: %llu,"
-			 "spi_loc: %llx, spi_rem: %llx)", parent_isa_id, nc_id, dh_id,
-			 spi_loc, spi_rem);
-		res = ike_isa_create_child(this->isa_ctx_id, parent_isa_id, 1, dh_id,
-								   nc_id, nonce_rem, this->initiator, spi_loc,
-								   spi_rem, &sk_ai, &sk_ar, &sk_ei, &sk_er);
+		const isa_info_t isa_info = *((isa_info_t *)(rekey_skd.ptr));
+		DBG1(DBG_IKE, "deriving IKE keys (parent_isa: %llu, ae: %llu, nc: %llu,"
+			 "dh: %llu, spi_loc: %llx, spi_rem: %llx)", isa_info.parent_isa_id,
+			 isa_info.ae_id, nc_id, dh_id, spi_loc, spi_rem);
+		this->ae_ctx_id = isa_info.ae_id;
+		res = ike_isa_create_child(this->isa_ctx_id, isa_info.parent_isa_id, 1,
+								   dh_id, nc_id, nonce_rem, this->initiator,
+								   spi_loc, spi_rem, &sk_ai, &sk_ar, &sk_ei,
+								   &sk_er);
 		chunk_free(&rekey_skd);
 	}
 
@@ -357,7 +365,20 @@ METHOD(keymat_v2_t, get_auth_octets, bool,
 METHOD(keymat_v2_t, get_skd, pseudo_random_function_t,
 	private_tkm_keymat_t *this, chunk_t *skd)
 {
-	*skd = chunk_clone(chunk_from_thing(this->isa_ctx_id));
+	isa_info_t *isa_info;
+
+	INIT(isa_info,
+		 .parent_isa_id = this->isa_ctx_id,
+		 .ae_id = this->ae_ctx_id,
+	);
+
+	*skd = chunk_create((u_char *)isa_info, sizeof(isa_info_t));
+
+	/*
+	 * remove ae context id, since control has now been handed over to the new
+	 * IKE SA keymat
+	 */
+	this->ae_ctx_id = 0;
 	return PRF_HMAC_SHA2_512;
 }
 
@@ -398,6 +419,15 @@ METHOD(keymat_t, destroy, void,
 		DBG1(DBG_IKE, "failed to reset ISA context %d", this->isa_ctx_id);
 	}
 	tkm->idmgr->release_id(tkm->idmgr, TKM_CTX_ISA, this->isa_ctx_id);
+	/* only reset ae context if set */
+	if (this->ae_ctx_id != 0)
+	{
+		if (ike_ae_reset(this->ae_ctx_id) != TKM_OK)
+		{
+			DBG1(DBG_IKE, "failed to reset AE context %d", this->ae_ctx_id);
+		}
+		tkm->idmgr->release_id(tkm->idmgr, TKM_CTX_AE, this->ae_ctx_id);
+	}
 
 	DESTROY_IF(this->aead_in);
 	DESTROY_IF(this->aead_out);
@@ -452,11 +482,11 @@ tkm_keymat_t *tkm_keymat_create(bool initiator)
 		},
 		.initiator = initiator,
 		.isa_ctx_id = tkm->idmgr->acquire_id(tkm->idmgr, TKM_CTX_ISA),
-		.ae_ctx_id = tkm->idmgr->acquire_id(tkm->idmgr, TKM_CTX_AE),
+		.ae_ctx_id = 0,
 		.auth_payload = chunk_empty,
 	);
 
-	if (!this->isa_ctx_id || !this->ae_ctx_id)
+	if (!this->isa_ctx_id)
 	{
 		free(this);
 		return NULL;
diff --git a/src/charon-tkm/src/tkm/tkm_types.h b/src/charon-tkm/src/tkm/tkm_types.h
index 65f45cf..28c4d99 100644
--- a/src/charon-tkm/src/tkm/tkm_types.h
+++ b/src/charon-tkm/src/tkm/tkm_types.h
@@ -70,4 +70,28 @@ struct esa_info_t {
 
 };
 
+typedef struct isa_info_t isa_info_t;
+
+/**
+ * IKE SA info data structure.
+ * This type is used to transfer ISA information from the keymat of the parent
+ * SA to the keymat of the new IKE SA. For this purpose the skd data chunk is
+ * (ab)used. This is possible since the sk_d chunk is treated as an opaque value
+ * and handed to the derive_ike_keys procedure of the new keymat as-is without
+ * any processing.
+ */
+struct isa_info_t {
+
+	/**
+	 * Parent isa context id.
+	 */
+	isa_id_type parent_isa_id;
+
+	/**
+	 * Authenticated endpoint context id.
+	 */
+	ae_id_type ae_id;
+
+};
+
 #endif /** TKM_TYPES_H_ */
-- 
2.7.4