- refactored ike proposal

- uses now proposal_t, wich is also used by child proposals
- ike key derivation refactored
- crypter_t api has get_key_size now
- some other improvements here and there

9 files changed, 141 insertions, 92 deletions

diff --git a/Source/charon/transforms/crypters/aes_cbc_crypter.c b/Source/charon/transforms/crypters/aes_cbc_crypter.c
index 2768c06ee..d5d0f9a60 100644
--- a/Source/charon/transforms/crypters/aes_cbc_crypter.c
+++ b/Source/charon/transforms/crypters/aes_cbc_crypter.c
@@ -41,6 +41,8 @@
 #define AES_KS_LENGTH   120
 #define AES_RC_LENGTH    29
 
+#define AES_BLOCK_SIZE 16
+
 typedef struct private_aes_cbc_crypter_t private_aes_cbc_crypter_t;
 
 /**
@@ -63,47 +65,48 @@ struct private_aes_cbc_crypter_t {
 	/**
 	 * The number of cipher rounds.
 	 */
-    u_int32_t    aes_Nrnd;
-    
-    /**
-     * The encryption key schedule.
-     */
-    u_int32_t    aes_e_key[AES_KS_LENGTH];
-    /**
-     * The decryption key schedule.
-     */
-    u_int32_t    aes_d_key[AES_KS_LENGTH];   
-    
-    /**
-     * The number of columns in the cipher state.
-     */
-    u_int32_t    aes_Ncol;	
-
-    /**
-     * Blocksize of this AES cypher object.
-     */
-    u_int32_t    blocksize;	
-    
-    /**
-     * Decrypts a block.
-     * 
-     * No memory gets allocated.
-     * 
-     * @param this			calling object
-     * @param[in] in_blk	block to decrypt
-     * @param[out] out_blk	decrypted data are written to this location
-     */
- 	void (*decrypt_block) (const private_aes_cbc_crypter_t *this, const unsigned char in_blk[], unsigned char out_blk[]);
- 
-    /**
-     * Encrypts a block.
-     * 
-     * No memory gets allocated.
-     * 
-     * @param this			calling object
-     * @param[in] in_blk	block to encrypt
-     * @param[out] out_blk	encrypted data are written to this location
-     */	
+	u_int32_t    aes_Nrnd;
+	
+	/**
+	* The encryption key schedule.
+	*/
+	u_int32_t    aes_e_key[AES_KS_LENGTH];
+
+	/**
+	* The decryption key schedule.
+	*/
+	u_int32_t    aes_d_key[AES_KS_LENGTH];
+	
+	/**
+	* The number of columns in the cipher state.
+	*/
+	u_int32_t    aes_Ncol;
+	
+	/**
+	* Key size of this AES cypher object.
+	*/
+	u_int32_t    key_size;
+	
+	/**
+	* Decrypts a block.
+	* 
+	* No memory gets allocated.
+	* 
+	* @param this			calling object
+	* @param[in] in_blk	block to decrypt
+	* @param[out] out_blk	decrypted data are written to this location
+	*/
+	void (*decrypt_block) (const private_aes_cbc_crypter_t *this, const unsigned char in_blk[], unsigned char out_blk[]);
+	
+	/**
+	* Encrypts a block.
+	* 
+	* No memory gets allocated.
+	* 
+	* @param this			calling object
+	* @param[in] in_blk	block to encrypt
+	* @param[out] out_blk	encrypted data are written to this location
+	*/
 	void (*encrypt_block) (const private_aes_cbc_crypter_t *this, const unsigned char in_blk[], unsigned char out_blk[]);
 };
 
@@ -1464,7 +1467,15 @@ static status_t encrypt (private_aes_cbc_crypter_t *this, chunk_t data, chunk_t
  */
 static size_t get_block_size (private_aes_cbc_crypter_t *this)
 {
-	return this->blocksize;
+	return AES_BLOCK_SIZE;
+}
+
+/**
+ * Implementation of crypter_t.get_key_size.
+ */
+static size_t get_key_size (private_aes_cbc_crypter_t *this)
+{
+	return this->key_size;
 }
 
 /**
@@ -1475,7 +1486,7 @@ static status_t set_key (private_aes_cbc_crypter_t *this, chunk_t key)
 	u_int32_t    *kf, *kt, rci, f = 0;
 	u_int8_t *in_key = key.ptr;
 	
-	if (key.len != this->blocksize)
+	if (key.len != this->key_size)
 	{
 		return INVALID_ARG;
 	}
@@ -1574,37 +1585,38 @@ static void destroy (private_aes_cbc_crypter_t *this)
 /*
  * Described in header
  */
-aes_cbc_crypter_t *aes_cbc_crypter_create(size_t blocksize)
+aes_cbc_crypter_t *aes_cbc_crypter_create(size_t key_size)
 {
 	private_aes_cbc_crypter_t *this = allocator_alloc_thing(private_aes_cbc_crypter_t);
-
+	
 	#if !defined(FIXED_TABLES)
-    if(!tab_gen) { gen_tabs(); tab_gen = 1; }
+	if(!tab_gen) { gen_tabs(); tab_gen = 1; }
 	#endif
-
-    switch(blocksize) {
-    case 32:        /* bytes */
-        this->aes_Ncol = 8;
-        this->aes_Nkey = 8;
-        this->blocksize = blocksize;
-        break;
-    case 24:        /* bytes */
-        this->aes_Ncol = 6;
-        this->aes_Nkey = 6;
-        this->blocksize = blocksize;
-        break;
-    case 16:        /* bytes */
-    default:
-        this->aes_Ncol = 4;
-        this->aes_Nkey = 4;
-        this->blocksize = 16;
-        break;
-    }
-
+	
+	this->key_size = key_size;
+	switch(key_size) {
+	case 32:        /* bytes */
+		this->aes_Ncol = 8;
+		this->aes_Nkey = 8;
+		break;
+	case 24:        /* bytes */
+		this->aes_Ncol = 6;
+		this->aes_Nkey = 6;
+		break;
+	case 16:        /* bytes */
+		this->aes_Ncol = 4;
+		this->aes_Nkey = 4;
+		break;
+	default:
+		allocator_free(this);
+		return NULL;
+	}
+	
 	/* functions of crypter_t interface */	
 	this->public.crypter_interface.encrypt = (status_t (*) (crypter_t *, chunk_t,chunk_t, chunk_t *)) encrypt;
 	this->public.crypter_interface.decrypt = (status_t (*) (crypter_t *, chunk_t , chunk_t, chunk_t *)) decrypt;
 	this->public.crypter_interface.get_block_size = (size_t (*) (crypter_t *)) get_block_size;
+	this->public.crypter_interface.get_key_size = (size_t (*) (crypter_t *)) get_key_size;
 	this->public.crypter_interface.set_key = (status_t (*) (crypter_t *,chunk_t)) set_key;
 	this->public.crypter_interface.destroy = (void (*) (crypter_t *)) destroy;
 	
diff --git a/Source/charon/transforms/crypters/aes_cbc_crypter.h b/Source/charon/transforms/crypters/aes_cbc_crypter.h
index 360f2454d..62cd77af7 100644
--- a/Source/charon/transforms/crypters/aes_cbc_crypter.h
+++ b/Source/charon/transforms/crypters/aes_cbc_crypter.h
@@ -48,14 +48,14 @@ struct aes_cbc_crypter_t {
 /**
  * @brief Constructor to create aes_cbc_crypter_t objects.
  * 
- * If an unvalid blocksize is specified, 16 is selected.
+ * Supported key sizes are: 16, 24 or 32. 
  * 
- * @param blocksize		block size of AES crypter
- * 						(16, 24 or 32 are supported)
- * 						Default size is set to 16.
- * @return				aes_cbc_crypter_t object
+ * @param key_size		key size in bytes
+ * @return				
+ * 						- aes_cbc_crypter_t object
+ * 						- NULL if key size not supported
  */
-aes_cbc_crypter_t *aes_cbc_crypter_create(size_t blocksize);
+aes_cbc_crypter_t *aes_cbc_crypter_create(size_t key_size);
 
 
 #endif //_AES_CRYPTER_H_
diff --git a/Source/charon/transforms/crypters/crypter.c b/Source/charon/transforms/crypters/crypter.c
index aebb220cc..37b96304e 100644
--- a/Source/charon/transforms/crypters/crypter.c
+++ b/Source/charon/transforms/crypters/crypter.c
@@ -49,13 +49,13 @@ mapping_t encryption_algorithm_m[] = {
 /* 
  * Described in header.
  */
-crypter_t *crypter_create(encryption_algorithm_t encryption_algorithm,size_t blocksize)
+crypter_t *crypter_create(encryption_algorithm_t encryption_algorithm, size_t key_size)
 {
 	switch (encryption_algorithm)
 	{
 		case ENCR_AES_CBC:
 		{
-			return (crypter_t*)aes_cbc_crypter_create(blocksize);
+			return (crypter_t*)aes_cbc_crypter_create(key_size);
 		}
 		default:
 			return NULL;
diff --git a/Source/charon/transforms/crypters/crypter.h b/Source/charon/transforms/crypters/crypter.h
index 25a27e142..7f371de8a 100644
--- a/Source/charon/transforms/crypters/crypter.h
+++ b/Source/charon/transforms/crypters/crypter.h
@@ -33,11 +33,7 @@ typedef enum encryption_algorithm_t encryption_algorithm_t;
  * Currently only the following algorithms are implemented and therefore supported:
  * - ENCR_AES_CBC
  * 
- * @b Constructors:
- *  - crypter_create()
- *  - aes_cbc_crypter_create()
- * 
- * @todo Implement more enryption algorithm, especially 3DES
+ * @todo Implement more enryption algorithms, such as 3DES
  * 
  * @ingroup crypters
  */
@@ -71,18 +67,14 @@ typedef struct crypter_t crypter_t;
 /**
  * @brief Generic interface for symmetric encryption algorithms.
  * 
- * @todo Distinguish between block_size and key_size, since not all
- * algorithms use key_size == block_size (e.g. 3DES).
- * 
- * @todo Add a getter which says if an algorithm uses fixed key size, needed for
- * tranform_attribute encoding.
+ * @b Constructors:
+ *  - crypter_create()
  * 
  * @ingroup crypters
  */
 struct crypter_t {
 	/**
-	 * @brief Encrypt a chunk of data and allocate space for 
-	 * the encrypted value.
+	 * @brief Encrypt a chunk of data and allocate space for the encrypted value.
 	 * 
 	 * @param this				calling object
 	 * @param data				data to encrypt
@@ -95,8 +87,7 @@ struct crypter_t {
 	status_t (*encrypt) (crypter_t *this, chunk_t data, chunk_t iv, chunk_t *encrypted);
 	
 	/**
-	 * @brief Decrypt a chunk of data and allocate space for 
-	 * the decrypted value.
+	 * @brief Decrypt a chunk of data and allocate space for the decrypted value.
 	 * 
 	 * @param this				calling object
 	 * @param data				data to decrypt
@@ -115,6 +106,14 @@ struct crypter_t {
 	 * @return					block size in bytes
 	 */
 	size_t (*get_block_size) (crypter_t *this);
+
+	/**
+	 * @brief Get the key size of this crypter_t object.
+	 * 
+	 * @param this				calling object
+	 * @return					key size in bytes
+	 */
+	size_t (*get_key_size) (crypter_t *this);
 	
 	/**
 	 * @brief Set the key for this crypter_t object.
@@ -123,7 +122,7 @@ struct crypter_t {
 	 * @param key				key to set
 	 * @return
 	 * 							- SUCCESS
-	 * 							- INVALID_ARG if key size != block size
+	 * 							- INVALID_ARG if key length invalid
 	 */
 	status_t (*set_key) (crypter_t *this, chunk_t key);
 	
@@ -141,12 +140,14 @@ struct crypter_t {
  * Currently only the following algorithms are implemented and therefore supported:
  * - ENCR_AES_CBC
  * 
+ * The key_size is ignored for algorithms with fixed key size.
+ * 
  * @param encryption_algorithm	Algorithm to use for crypter
- * @param blocksize 			block size in bytes
+ * @param key_size 				size of the key in bytes
  * @return
  * 								- crypter_t object
- * 								- NULL if encryption algorithm or blocksize is not supported
+ * 								- NULL if encryption algorithm/key_size is not supported
  */
-crypter_t *crypter_create(encryption_algorithm_t encryption_algorithm, size_t blocksize);
+crypter_t *crypter_create(encryption_algorithm_t encryption_algorithm, size_t key_size);
 
 #endif /*CRYPTER_H_*/
diff --git a/Source/charon/transforms/diffie_hellman.c b/Source/charon/transforms/diffie_hellman.c
index 9c75237cc..88900eb61 100644
--- a/Source/charon/transforms/diffie_hellman.c
+++ b/Source/charon/transforms/diffie_hellman.c
@@ -531,6 +531,14 @@ static status_t get_shared_secret(private_diffie_hellman_t *this,chunk_t *secret
 }
 
 /**
+ * Implementation of diffie_hellman_t.get_dh_group.
+ */
+static diffie_hellman_group_t get_dh_group(private_diffie_hellman_t *this)
+{
+	return this->dh_group_number;
+}
+
+/**
  * Implementation of diffie_hellman_t.destroy.
  */
 static void destroy(private_diffie_hellman_t *this)
@@ -562,6 +570,7 @@ diffie_hellman_t *diffie_hellman_create(diffie_hellman_group_t dh_group_number)
 	this->public.set_other_public_value = (void (*)(diffie_hellman_t *, chunk_t )) set_other_public_value;
 	this->public.get_other_public_value = (status_t (*)(diffie_hellman_t *, chunk_t *)) get_other_public_value;
 	this->public.get_my_public_value = (void (*)(diffie_hellman_t *, chunk_t *)) get_my_public_value;
+	this->public.get_dh_group = (diffie_hellman_group_t (*)(diffie_hellman_t *)) get_dh_group;
 	this->public.destroy = (void (*)(diffie_hellman_t *)) destroy;
 	
 	/* private functions */
diff --git a/Source/charon/transforms/diffie_hellman.h b/Source/charon/transforms/diffie_hellman.h
index 2c0f948e1..d4f956325 100644
--- a/Source/charon/transforms/diffie_hellman.h
+++ b/Source/charon/transforms/diffie_hellman.h
@@ -117,6 +117,14 @@ struct diffie_hellman_t {
 	 * @param[out] 				public_value public value of caller is stored at this location
 	 */
 	void (*get_my_public_value) (diffie_hellman_t *this, chunk_t *public_value);
+	
+	/**
+	 * @brief Get the DH group used.
+	 * 
+	 * @param this 				calling diffie_hellman_t object
+	 * @return					DH group set in construction
+	 */
+	diffie_hellman_group_t (*get_dh_group) (diffie_hellman_t *this);
 
 	/**
 	 * @brief Destroys an diffie_hellman_t object.
diff --git a/Source/charon/transforms/prfs/hmac_prf.c b/Source/charon/transforms/prfs/hmac_prf.c
index af307a4d0..ce4330090 100644
--- a/Source/charon/transforms/prfs/hmac_prf.c
+++ b/Source/charon/transforms/prfs/hmac_prf.c
@@ -68,6 +68,15 @@ static size_t get_block_size(private_hmac_prf_t *this)
 }
 
 /**
+ * Implementation of prf_t.get_block_size.
+ */
+static size_t get_key_size(private_hmac_prf_t *this)
+{
+	/* for HMAC prfs, IKEv2 uses block size as key size */
+	return this->hmac->get_block_size(this->hmac);
+}
+
+/**
  * Implementation of prf_t.set_key.
  */
 static void set_key(private_hmac_prf_t *this, chunk_t key)
@@ -94,6 +103,7 @@ hmac_prf_t *hmac_prf_create(hash_algorithm_t hash_algorithm)
 	this->public.prf_interface.get_bytes = (void (*) (prf_t *,chunk_t,u_int8_t*))get_bytes;
 	this->public.prf_interface.allocate_bytes = (void (*) (prf_t*,chunk_t,chunk_t*))allocate_bytes;
 	this->public.prf_interface.get_block_size = (size_t (*) (prf_t*))get_block_size;
+	this->public.prf_interface.get_key_size = (size_t (*) (prf_t*))get_key_size;
 	this->public.prf_interface.set_key = (void (*) (prf_t *,chunk_t))set_key;
 	this->public.prf_interface.destroy = (void (*) (prf_t *))destroy;
 	
diff --git a/Source/charon/transforms/prfs/prf.h b/Source/charon/transforms/prfs/prf.h
index d96fc66ae..17b1110b2 100644
--- a/Source/charon/transforms/prfs/prf.h
+++ b/Source/charon/transforms/prfs/prf.h
@@ -98,6 +98,14 @@ struct prf_t {
 	size_t (*get_block_size) (prf_t *this);
 	
 	/**
+	 * @brief Get the key size of this prf_t object.
+	 * 
+	 * @param this			calling object
+	 * @return				key size in bytes
+	 */
+	size_t (*get_key_size) (prf_t *this);
+	
+	/**
 	 * @brief Set the key for this prf_t object.
 	 * 
 	 * @param this			calling object
diff --git a/Source/charon/transforms/signers/hmac_signer.c b/Source/charon/transforms/signers/hmac_signer.c
index ed17b23a6..ee029011f 100644
--- a/Source/charon/transforms/signers/hmac_signer.c
+++ b/Source/charon/transforms/signers/hmac_signer.c
@@ -109,6 +109,7 @@ static bool verify_signature (private_hmac_signer_t *this, chunk_t data, chunk_t
  */
 static size_t get_key_size (private_hmac_signer_t *this)
 {
+	/* for HMAC signer, IKEv2 uses block size as key size */
 	return this->hmac_prf->get_block_size(this->hmac_prf);
 }