diff options
author | Martin Willi <martin@strongswan.org> | 2008-10-14 15:17:44 +0000 |
---|---|---|
committer | Martin Willi <martin@strongswan.org> | 2008-10-14 15:17:44 +0000 |
commit | e517b4b174abae6924f4c5f17a41e1ef39991cbc (patch) | |
tree | 1281bfcc39628fd63f17357cceaaab8844240c67 /src/charon/kernel | |
parent | c25c8dce60f40df4f55b1bbb321ff6ca9c08be2b (diff) | |
download | strongswan-e517b4b174abae6924f4c5f17a41e1ef39991cbc.tar.bz2 strongswan-e517b4b174abae6924f4c5f17a41e1ef39991cbc.tar.xz |
passing chunks, not prf+, to kernel interface
gives us better control of keymat in CHILD_SA
Diffstat (limited to 'src/charon/kernel')
-rw-r--r-- | src/charon/kernel/kernel_interface.c | 13 | ||||
-rw-r--r-- | src/charon/kernel/kernel_interface.h | 12 | ||||
-rw-r--r-- | src/charon/kernel/kernel_ipsec.h | 12 |
3 files changed, 16 insertions, 21 deletions
diff --git a/src/charon/kernel/kernel_interface.c b/src/charon/kernel/kernel_interface.c index e2d508dc1..f71e3c5b0 100644 --- a/src/charon/kernel/kernel_interface.c +++ b/src/charon/kernel/kernel_interface.c @@ -85,14 +85,13 @@ static status_t get_cpi(private_kernel_interface_t *this, host_t *src, host_t *d static status_t add_sa(private_kernel_interface_t *this, host_t *src, host_t *dst, u_int32_t spi, protocol_id_t protocol, u_int32_t reqid, u_int64_t expire_soft, u_int64_t expire_hard, - u_int16_t enc_alg, u_int16_t enc_size, - u_int16_t int_alg, u_int16_t int_size, - prf_plus_t *prf_plus, ipsec_mode_t mode, u_int16_t ipcomp, bool encap, - bool update) + u_int16_t enc_alg, chunk_t enc_key, + u_int16_t int_alg, chunk_t int_key, + ipsec_mode_t mode, u_int16_t ipcomp, bool encap, bool update) { return this->ipsec->add_sa(this->ipsec, src, dst, spi, protocol, reqid, - expire_soft, expire_hard, enc_alg, enc_size, int_alg, int_size, - prf_plus, mode, ipcomp, encap, update); + expire_soft, expire_hard, enc_alg, enc_key, int_alg, int_key, + mode, ipcomp, encap, update); } /** @@ -371,7 +370,7 @@ kernel_interface_t *kernel_interface_create() this->public.get_spi = (status_t(*)(kernel_interface_t*,host_t*,host_t*,protocol_id_t,u_int32_t,u_int32_t*))get_spi; this->public.get_cpi = (status_t(*)(kernel_interface_t*,host_t*,host_t*,u_int32_t,u_int16_t*))get_cpi; - this->public.add_sa = (status_t(*)(kernel_interface_t *,host_t*,host_t*,u_int32_t,protocol_id_t,u_int32_t,u_int64_t,u_int64_t,u_int16_t,u_int16_t,u_int16_t,u_int16_t,prf_plus_t*,ipsec_mode_t,u_int16_t,bool,bool))add_sa; + this->public.add_sa = (status_t(*)(kernel_interface_t *,host_t*,host_t*,u_int32_t,protocol_id_t,u_int32_t,u_int64_t,u_int64_t,u_int16_t,chunk_t,u_int16_t,chunk_t,ipsec_mode_t,u_int16_t,bool,bool))add_sa; this->public.update_sa = (status_t(*)(kernel_interface_t*,u_int32_t,protocol_id_t,host_t*,host_t*,host_t*,host_t*,bool))update_sa; this->public.del_sa = (status_t(*)(kernel_interface_t*,host_t*,u_int32_t,protocol_id_t))del_sa; this->public.add_policy = (status_t(*)(kernel_interface_t*,host_t*,host_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,protocol_id_t,u_int32_t,bool,ipsec_mode_t,u_int16_t))add_policy; diff --git a/src/charon/kernel/kernel_interface.h b/src/charon/kernel/kernel_interface.h index a2a83b608..aec492424 100644 --- a/src/charon/kernel/kernel_interface.h +++ b/src/charon/kernel/kernel_interface.h @@ -101,10 +101,9 @@ struct kernel_interface_t { * @param expire_soft lifetime in seconds before rekeying * @param expire_hard lifetime in seconds before delete * @param enc_alg Algorithm to use for encryption (ESP only) - * @param enc_size key length of encryption algorithm, if dynamic + * @param enc_key key to use for encryption * @param int_alg Algorithm to use for integrity protection - * @param int_size key length of integrity algorithm, if dynamic - * @param prf_plus PRF to derive keys from + * @param int_key key to use for integrity protection * @param mode mode of the SA (tunnel, transport) * @param ipcomp IPComp transform to use * @param encap enable UDP encapsulation for NAT traversal @@ -115,10 +114,9 @@ struct kernel_interface_t { host_t *src, host_t *dst, u_int32_t spi, protocol_id_t protocol, u_int32_t reqid, u_int64_t expire_soft, u_int64_t expire_hard, - u_int16_t enc_alg, u_int16_t enc_size, - u_int16_t int_alg, u_int16_t int_size, - prf_plus_t *prf_plus, ipsec_mode_t mode, - u_int16_t ipcomp, bool encap, + u_int16_t enc_alg, chunk_t enc_key, + u_int16_t int_alg, chunk_t int_key, + ipsec_mode_t mode, u_int16_t ipcomp, bool encap, bool update); /** diff --git a/src/charon/kernel/kernel_ipsec.h b/src/charon/kernel/kernel_ipsec.h index 8fa5fb006..bef496a88 100644 --- a/src/charon/kernel/kernel_ipsec.h +++ b/src/charon/kernel/kernel_ipsec.h @@ -133,10 +133,9 @@ struct kernel_ipsec_t { * @param expire_soft lifetime in seconds before rekeying * @param expire_hard lifetime in seconds before delete * @param enc_alg Algorithm to use for encryption (ESP only) - * @param enc_size key length of encryption algorithm, if dynamic + * @param enc_key key to use for encryption * @param int_alg Algorithm to use for integrity protection - * @param int_size key length of integrity algorithm, if dynamic - * @param prf_plus PRF to derive keys from + * @param int_key key to use for integrity protection * @param mode mode of the SA (tunnel, transport) * @param ipcomp IPComp transform to use * @param encap enable UDP encapsulation for NAT traversal @@ -147,10 +146,9 @@ struct kernel_ipsec_t { host_t *src, host_t *dst, u_int32_t spi, protocol_id_t protocol, u_int32_t reqid, u_int64_t expire_soft, u_int64_t expire_hard, - u_int16_t enc_alg, u_int16_t enc_size, - u_int16_t int_alg, u_int16_t int_size, - prf_plus_t *prf_plus, ipsec_mode_t mode, - u_int16_t ipcomp, bool encap, + u_int16_t enc_alg, chunk_t enc_key, + u_int16_t int_alg, chunk_t int_key, + ipsec_mode_t mode, u_int16_t ipcomp, bool encap, bool update); /** |