Let tkm_keymat_t extend keymat_v2_t

3 files changed, 31 insertions, 102 deletions

diff --git a/src/charon-tkm/src/tkm/tkm_keymat.c b/src/charon-tkm/src/tkm/tkm_keymat.c
index 9783724e2..9f3faf536 100644
--- a/src/charon-tkm/src/tkm/tkm_keymat.c
+++ b/src/charon-tkm/src/tkm/tkm_keymat.c
@@ -164,7 +164,7 @@ METHOD(keymat_t, create_nonce_gen, nonce_gen_t*,
 	return lib->crypto->create_nonce_gen(lib->crypto);
 }
 
-METHOD(tkm_keymat_t, derive_ike_keys, bool,
+METHOD(keymat_v2_t, derive_ike_keys, bool,
 	private_tkm_keymat_t *this, proposal_t *proposal, diffie_hellman_t *dh,
 	chunk_t nonce_i, chunk_t nonce_r, ike_sa_id_t *id,
 	pseudo_random_function_t rekey_function, chunk_t rekey_skd)
@@ -296,7 +296,7 @@ METHOD(tkm_keymat_t, derive_ike_keys, bool,
 	return TRUE;
 }
 
-METHOD(tkm_keymat_t, derive_child_keys, bool,
+METHOD(keymat_v2_t, derive_child_keys, bool,
 	private_tkm_keymat_t *this, proposal_t *proposal, diffie_hellman_t *dh,
 	chunk_t nonce_i, chunk_t nonce_r, chunk_t *encr_i, chunk_t *integ_i,
 	chunk_t *encr_r, chunk_t *integ_r)
@@ -345,7 +345,7 @@ METHOD(keymat_t, get_aead, aead_t*,
 	return in ? this->aead_in : this->aead_out;
 }
 
-METHOD(tkm_keymat_t, get_auth_octets, bool,
+METHOD(keymat_v2_t, get_auth_octets, bool,
 	private_tkm_keymat_t *this, bool verify, chunk_t ike_sa_init,
 	chunk_t nonce, identification_t *id, char reserved[3], chunk_t *octets)
 {
@@ -354,14 +354,14 @@ METHOD(tkm_keymat_t, get_auth_octets, bool,
 	return TRUE;
 }
 
-METHOD(tkm_keymat_t, get_skd, pseudo_random_function_t,
+METHOD(keymat_v2_t, get_skd, pseudo_random_function_t,
 	private_tkm_keymat_t *this, chunk_t *skd)
 {
 	*skd = chunk_clone(chunk_from_thing(this->isa_ctx_id));
 	return PRF_HMAC_SHA2_512;
 }
 
-METHOD(tkm_keymat_t, get_psk_sig, bool,
+METHOD(keymat_v2_t, get_psk_sig, bool,
 	private_tkm_keymat_t *this, bool verify, chunk_t ike_sa_init, chunk_t nonce,
 	chunk_t secret, identification_t *id, char reserved[3], chunk_t *sig)
 {
@@ -432,18 +432,20 @@ tkm_keymat_t *tkm_keymat_create(bool initiator)
 
 	INIT(this,
 		.public = {
-			.keymat = {
-				.get_version = _get_version,
-				.create_dh = _create_dh,
-				.create_nonce_gen = _create_nonce_gen,
-				.get_aead = _get_aead,
-				.destroy = _destroy,
+			.keymat_v2 = {
+				.keymat = {
+					.get_version = _get_version,
+					.create_dh = _create_dh,
+					.create_nonce_gen = _create_nonce_gen,
+					.get_aead = _get_aead,
+					.destroy = _destroy,
+				},
+				.derive_ike_keys = _derive_ike_keys,
+				.derive_child_keys = _derive_child_keys,
+				.get_skd = _get_skd,
+				.get_auth_octets = _get_auth_octets,
+				.get_psk_sig = _get_psk_sig,
 			},
-			.derive_ike_keys = _derive_ike_keys,
-			.derive_child_keys = _derive_child_keys,
-			.get_skd = _get_skd,
-			.get_auth_octets = _get_auth_octets,
-			.get_psk_sig = _get_psk_sig,
 			.get_isa_id = _get_isa_id,
 			.set_auth_payload = _set_auth_payload,
 			.get_auth_payload = _get_auth_payload,
diff --git a/src/charon-tkm/src/tkm/tkm_keymat.h b/src/charon-tkm/src/tkm/tkm_keymat.h
index 22da32f4e..16f2f2a49 100644
--- a/src/charon-tkm/src/tkm/tkm_keymat.h
+++ b/src/charon-tkm/src/tkm/tkm_keymat.h
@@ -17,7 +17,7 @@
 #ifndef TKM_KEYMAT_H_
 #define TKM_KEYMAT_H_
 
-#include <sa/keymat.h>
+#include <sa/ikev2/keymat_v2.h>
 
 typedef struct tkm_keymat_t tkm_keymat_t;
 
@@ -27,85 +27,9 @@ typedef struct tkm_keymat_t tkm_keymat_t;
 struct tkm_keymat_t {
 
 	/**
-	 * Implements keymat_t.
+	 * Implements keymat_v2_t.
 	 */
-	keymat_t keymat;
-
-	/**
-	 * Use TKM to derive IKE key material.
-	 *
-	 * @param proposal	selected algorithms
-	 * @param dh		diffie hellman key allocated by create_dh()
-	 * @param nonce_i	initiators nonce value
-	 * @param nonce_r	responders nonce value
-	 * @param id		IKE_SA identifier
-	 * @param rekey_prf	PRF of old SA if rekeying, PRF_UNDEFINED otherwise
-	 * @param rekey_skd	SKd of old SA if rekeying
-	 * @return			TRUE on success
-	 */
-	bool (*derive_ike_keys)(tkm_keymat_t *this, proposal_t *proposal,
-							diffie_hellman_t *dh, chunk_t nonce_i,
-							chunk_t nonce_r, ike_sa_id_t *id,
-							pseudo_random_function_t rekey_function,
-							chunk_t rekey_skd);
-
-	/**
-	 * Use TKM to derive child key material.
-	 *
-	 * @param proposal	selected algorithms
-	 * @param dh		diffie hellman key allocated by create_dh(), or NULL
-	 * @param nonce_i	initiators nonce value
-	 * @param nonce_r	responders nonce value
-	 * @param encr_i	handle to initiators encryption key
-	 * @param integ_i	handle to initiators integrity key
-	 * @param encr_r	handle to responders encryption key
-	 * @param integ_r	handle to responders integrity key
-	 * @return			TRUE on success
-	 */
-	bool (*derive_child_keys)(tkm_keymat_t *this,
-							  proposal_t *proposal, diffie_hellman_t *dh,
-							  chunk_t nonce_i, chunk_t nonce_r,
-							  chunk_t *encr_i, chunk_t *integ_i,
-							  chunk_t *encr_r, chunk_t *integ_r);
-
-	/**
-	 * Use TKM to generate auth octets.
-	 *
-	 * @param verify		TRUE to create for verfification, FALSE to sign
-	 * @param ike_sa_init	encoded ike_sa_init message
-	 * @param nonce			nonce value
-	 * @param id			identity
-	 * @param reserved		reserved bytes of id_payload
-	 * @param octests		chunk receiving allocated auth octets
-	 * @return				TRUE if octets created successfully
-	 */
-	bool (*get_auth_octets)(tkm_keymat_t *this, bool verify, chunk_t ike_sa_init,
-							chunk_t nonce, identification_t *id,
-							char reserved[3], chunk_t *octets);
-
-	/**
-	 * Get SKd and PRF to derive keymat.
-	 *
-	 * @param skd	chunk to write SKd to (internal data)
-	 * @return		PRF function to derive keymat
-	 */
-	pseudo_random_function_t (*get_skd)(tkm_keymat_t *this, chunk_t *skd);
-
-	/**
-	 * Build the shared secret signature used for PSK and EAP authentication.
-	 *
-	 * @param verify		TRUE to create for verfification, FALSE to sign
-	 * @param ike_sa_init	encoded ike_sa_init message
-	 * @param nonce			nonce value
-	 * @param secret		optional secret to include into signature
-	 * @param id			identity
-	 * @param reserved		reserved bytes of id_payload
-	 * @param sign			chunk receiving allocated signature octets
-	 * @return				TRUE if signature created successfully
-	 */
-	bool (*get_psk_sig)(tkm_keymat_t *this, bool verify, chunk_t ike_sa_init,
-						chunk_t nonce, chunk_t secret,
-						identification_t *id, char reserved[3], chunk_t *sig);
+	keymat_v2_t keymat_v2;
 
 	/**
 	 * Get ISA context id.
diff --git a/src/charon-tkm/tests/keymat_tests.c b/src/charon-tkm/tests/keymat_tests.c
index 3e01e99f1..e4c59fa64 100644
--- a/src/charon-tkm/tests/keymat_tests.c
+++ b/src/charon-tkm/tests/keymat_tests.c
@@ -79,11 +79,12 @@ START_TEST(test_derive_ike_keys)
 	dh->dh.get_my_public_value(&dh->dh, &pubvalue);
 	dh->dh.set_other_public_value(&dh->dh, pubvalue);
 
-	fail_unless(keymat->derive_ike_keys(keymat, proposal, &dh->dh, nonce, nonce,
-				ike_sa_id, PRF_UNDEFINED, chunk_empty), "Key derivation failed");
+	fail_unless(keymat->keymat_v2.derive_ike_keys(&keymat->keymat_v2, proposal,
+				&dh->dh, nonce, nonce, ike_sa_id, PRF_UNDEFINED, chunk_empty),
+				"Key derivation failed");
 	chunk_free(&nonce);
 
-	aead_t * const aead = keymat->keymat.get_aead(&keymat->keymat, TRUE);
+	aead_t * const aead = keymat->keymat_v2.keymat.get_aead(&keymat->keymat_v2.keymat, TRUE);
 	fail_if(!aead, "AEAD is NULL");
 
 	fail_if(aead->get_key_size(aead) != 96, "Key size mismatch %d",
@@ -94,7 +95,7 @@ START_TEST(test_derive_ike_keys)
 	proposal->destroy(proposal);
 	dh->dh.destroy(&dh->dh);
 	ike_sa_id->destroy(ike_sa_id);
-	keymat->keymat.destroy(&keymat->keymat);
+	keymat->keymat_v2.keymat.destroy(&keymat->keymat_v2.keymat);
 	chunk_free(&pubvalue);
 
 	libcharon_deinit();
@@ -140,8 +141,10 @@ START_TEST(test_derive_child_keys)
 	chunk_t encr_i, encr_r, integ_i, integ_r;
 	chunk_t nonce = chunk_from_chars("test chunk");
 
-	fail_unless(keymat->derive_child_keys(keymat, proposal, (diffie_hellman_t *)dh, nonce, nonce,
-										  &encr_i, &integ_i, &encr_r, &integ_r),
+	fail_unless(keymat->keymat_v2.derive_child_keys(&keymat->keymat_v2, proposal,
+													(diffie_hellman_t *)dh,
+													nonce, nonce, &encr_i,
+													&integ_i, &encr_r, &integ_r),
 				"Child key derivation failed");
 
 	esa_info_t *info = (esa_info_t *)encr_i.ptr;
@@ -180,7 +183,7 @@ START_TEST(test_derive_child_keys)
 
 	proposal->destroy(proposal);
 	dh->dh.destroy(&dh->dh);
-	keymat->keymat.destroy(&keymat->keymat);
+	keymat->keymat_v2.keymat.destroy(&keymat->keymat_v2.keymat);
 	chunk_free(&encr_i);
 	chunk_free(&encr_r);