ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

Use keymat_t as common interface, renamed current implementation to _v2.

This commit is contained in:
Tobias Brunner 2011-11-17 16:19:47 +01:00
parent f62a7c7c71
commit 6ab936f046
5 changed files with 79 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/libcharon/Makefile.am
View File

@ -68,7 +68,8 @@ sa/ike_sa.c sa/ike_sa.h \
sa/ike_sa_id.c sa/ike_sa_id.h \
sa/ike_sa_manager.c sa/ike_sa_manager.h \
sa/task_manager.h sa/task_manager_v2.c sa/task_manager_v2.h \
sa/task_manager_v1.c sa/task_manager_v1.h sa/keymat.c sa/keymat.h \
sa/task_manager_v1.c sa/task_manager_v1.h \
sa/keymat.h sa/keymat_v2.c sa/keymat_v2.h \
sa/shunt_manager.c sa/shunt_manager.h \
sa/trap_manager.c sa/trap_manager.h \
sa/tasks/child_create.c sa/tasks/child_create.h \

5
src/libcharon/sa/ike_sa.c
View File

@ -28,6 +28,7 @@
#include <daemon.h>
#include <utils/linked_list.h>
#include <utils/lexparser.h>
#include <sa/keymat_v2.h>
#include <sa/task_manager_v2.h>
#include <sa/tasks/ike_init.h>
#include <sa/tasks/ike_natd.h>
@ -713,7 +714,7 @@ METHOD(ike_sa_t, reset, void,
flush_auth_cfgs(this);
this->keymat->destroy(this->keymat);
this->keymat = keymat_create(this->ike_sa_id->is_initiator(this->ike_sa_id));
this->keymat = &(keymat_v2_create(this->ike_sa_id->is_initiator(this->ike_sa_id))->keymat);
this->task_manager->reset(this->task_manager, 0, 0);
}
@ -2195,7 +2196,6 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
.other_host = host_create_any(AF_INET),
.my_id = identification_create_from_encoding(ID_ANY, chunk_empty),
.other_id = identification_create_from_encoding(ID_ANY, chunk_empty),
.keymat = keymat_create(ike_sa_id->is_initiator(ike_sa_id)),
.state = IKE_CREATED,
.stats[STAT_INBOUND] = time_monotonic(NULL),
.stats[STAT_OUTBOUND] = time_monotonic(NULL),
@ -2209,6 +2209,7 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
.keepalive_interval = lib->settings->get_time(lib->settings,
"charon.keep_alive", KEEPALIVE_INTERVAL),
);
this->keymat = &(keymat_v2_create(ike_sa_id->is_initiator(ike_sa_id))->keymat);
this->task_manager = &(task_manager_v2_create(&this->public)->task_manager);
this->my_host->set_port(this->my_host, IKEV2_UDP_PORT);

8
src/libcharon/sa/keymat.h
View File

@ -147,12 +147,4 @@ struct keymat_t {
void (*destroy)(keymat_t *this);
};
/**
* Create a keymat instance.
*
* @param initiator TRUE if we are the initiator
* @return keymat instance
*/
keymat_t *keymat_create(bool initiator);
#endif /** KEYMAT_H_ @}*/

53
src/libcharon/sa/keymat.c → src/libcharon/sa/keymat_v2.c
View File

@ -13,22 +13,22 @@
* for more details.
*/
#include "keymat.h"
#include "keymat_v2.h"
#include <daemon.h>
#include <crypto/prf_plus.h>
typedef struct private_keymat_t private_keymat_t;
typedef struct private_keymat_v2_t private_keymat_v2_t;
/**
* Private data of an keymat_t object.
*/
struct private_keymat_t {
struct private_keymat_v2_t {
/**
* Public keymat_t interface.
* Public keymat_v2_t interface.
*/
keymat_t public;
keymat_v2_t public;
/**
* IKE_SA Role, initiator or responder
@ -125,7 +125,7 @@ static int lookup_keylen(keylen_entry_t *list, int algo)
}
METHOD(keymat_t, create_dh, diffie_hellman_t*,
private_keymat_t *this, diffie_hellman_group_t group)
private_keymat_v2_t *this, diffie_hellman_group_t group)
{
return lib->crypto->create_dh(lib->crypto, group);;
}
@ -133,7 +133,7 @@ METHOD(keymat_t, create_dh, diffie_hellman_t*,
/**
* Derive IKE keys for a combined AEAD algorithm
*/
static bool derive_ike_aead(private_keymat_t *this, u_int16_t alg,
static bool derive_ike_aead(private_keymat_v2_t *this, u_int16_t alg,
u_int16_t key_size, prf_plus_t *prf_plus)
{
aead_t *aead_i, *aead_r;
@ -177,7 +177,7 @@ static bool derive_ike_aead(private_keymat_t *this, u_int16_t alg,
/**
* Derive IKE keys for traditional encryption and MAC algorithms
*/
static bool derive_ike_traditional(private_keymat_t *this, u_int16_t enc_alg,
static bool derive_ike_traditional(private_keymat_v2_t *this, u_int16_t enc_alg,
u_int16_t enc_size, u_int16_t int_alg, prf_plus_t *prf_plus)
{
crypter_t *crypter_i, *crypter_r;
@ -245,7 +245,7 @@ static bool derive_ike_traditional(private_keymat_t *this, u_int16_t enc_alg,
}
METHOD(keymat_t, derive_ike_keys, bool,
private_keymat_t *this, proposal_t *proposal, diffie_hellman_t *dh,
private_keymat_v2_t *this, proposal_t *proposal, diffie_hellman_t *dh,
chunk_t nonce_i, chunk_t nonce_r, ike_sa_id_t *id,
pseudo_random_function_t rekey_function, chunk_t rekey_skd)
{
@ -421,7 +421,7 @@ METHOD(keymat_t, derive_ike_keys, bool,
}
METHOD(keymat_t, derive_child_keys, bool,
private_keymat_t *this, proposal_t *proposal, diffie_hellman_t *dh,
private_keymat_v2_t *this, proposal_t *proposal, diffie_hellman_t *dh,
chunk_t nonce_i, chunk_t nonce_r, chunk_t *encr_i, chunk_t *integ_i,
chunk_t *encr_r, chunk_t *integ_r)
{
@ -526,20 +526,20 @@ METHOD(keymat_t, derive_child_keys, bool,
}
METHOD(keymat_t, get_skd, pseudo_random_function_t,
private_keymat_t *this, chunk_t *skd)
private_keymat_v2_t *this, chunk_t *skd)
{
*skd = this->skd;
return this->prf_alg;
}
METHOD(keymat_t, get_aead, aead_t*,
private_keymat_t *this, bool in)
private_keymat_v2_t *this, bool in)
{
return in ? this->aead_in : this->aead_out;
}
METHOD(keymat_t, get_auth_octets, chunk_t,
private_keymat_t *this, bool verify, chunk_t ike_sa_init,
private_keymat_v2_t *this, bool verify, chunk_t ike_sa_init,
chunk_t nonce, identification_t *id, char reserved[3])
{
chunk_t chunk, idx, octets;
@ -569,7 +569,7 @@ METHOD(keymat_t, get_auth_octets, chunk_t,
#define IKEV2_KEY_PAD_LENGTH 17
METHOD(keymat_t, get_psk_sig, chunk_t,
private_keymat_t *this, bool verify, chunk_t ike_sa_init,
private_keymat_v2_t *this, bool verify, chunk_t ike_sa_init,
chunk_t nonce, chunk_t secret, identification_t *id, char reserved[3])
{
chunk_t key_pad, key, sig, octets;
@ -595,7 +595,7 @@ METHOD(keymat_t, get_psk_sig, chunk_t,
}
METHOD(keymat_t, destroy, void,
private_keymat_t *this)
private_keymat_v2_t *this)
{
DESTROY_IF(this->aead_in);
DESTROY_IF(this->aead_out);
@ -609,20 +609,22 @@ METHOD(keymat_t, destroy, void,
/**
* See header
*/
keymat_t *keymat_create(bool initiator)
keymat_v2_t *keymat_v2_create(bool initiator)
{
private_keymat_t *this;
private_keymat_v2_t *this;
INIT(this,
.public = {
.create_dh = _create_dh,
.derive_ike_keys = _derive_ike_keys,
.derive_child_keys = _derive_child_keys,
.get_skd = _get_skd,
.get_aead = _get_aead,
.get_auth_octets = _get_auth_octets,
.get_psk_sig = _get_psk_sig,
.destroy = _destroy,
.keymat = {
.create_dh = _create_dh,
.derive_ike_keys = _derive_ike_keys,
.derive_child_keys = _derive_child_keys,
.get_skd = _get_skd,
.get_aead = _get_aead,
.get_auth_octets = _get_auth_octets,
.get_psk_sig = _get_psk_sig,
.destroy = _destroy,
},
},
.initiator = initiator,
.prf_alg = PRF_UNDEFINED,
@ -630,4 +632,3 @@ keymat_t *keymat_create(bool initiator)
return &this->public;
}

47
src/libcharon/sa/keymat_v2.h Normal file
View File

@ -0,0 +1,47 @@
/*
* Copyright (C) 2011 Tobias Brunner
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
/**
* @defgroup keymat_v2 keymat_v2
* @{ @ingroup sa
*/
#ifndef KEYMAT_V2_H_
#define KEYMAT_V2_H_
#include <sa/keymat.h>
typedef struct keymat_v2_t keymat_v2_t;
/**
* Derivation and management of sensitive keying material, IKEv2 variant.
*/
struct keymat_v2_t {
/**
* Implements keymat_t.
*/
keymat_t keymat;
};
/**
* Create a keymat instance.
*
* @param initiator TRUE if we are the initiator
* @return keymat instance
*/
keymat_v2_t *keymat_v2_create(bool initiator);
#endif /** KEYMAT_V2_H_ @}*/