passing chunks, not prf+, to kernel interface

gives us better control of keymat in CHILD_SA

3 files changed, 16 insertions, 21 deletions

diff --git a/src/charon/kernel/kernel_interface.c b/src/charon/kernel/kernel_interface.c
index e2d508dc1..f71e3c5b0 100644
--- a/src/charon/kernel/kernel_interface.c
+++ b/src/charon/kernel/kernel_interface.c
@@ -85,14 +85,13 @@ static status_t get_cpi(private_kernel_interface_t *this, host_t *src, host_t *d
 static status_t add_sa(private_kernel_interface_t *this, host_t *src, host_t *dst,
 				u_int32_t spi, protocol_id_t protocol, u_int32_t reqid,
 				u_int64_t expire_soft, u_int64_t expire_hard,
-				u_int16_t enc_alg, u_int16_t enc_size,
-				u_int16_t int_alg, u_int16_t int_size,
-				prf_plus_t *prf_plus, ipsec_mode_t mode, u_int16_t ipcomp, bool encap,
-				bool update)
+				u_int16_t enc_alg, chunk_t enc_key,
+				u_int16_t int_alg, chunk_t int_key,
+				ipsec_mode_t mode, u_int16_t ipcomp, bool encap, bool update)
 {
 	return this->ipsec->add_sa(this->ipsec, src, dst, spi, protocol, reqid,
-			expire_soft, expire_hard, enc_alg, enc_size, int_alg, int_size,
-			prf_plus, mode, ipcomp, encap, update);
+			expire_soft, expire_hard, enc_alg, enc_key, int_alg, int_key,
+			mode, ipcomp, encap, update);
 }
 
 /**
@@ -371,7 +370,7 @@ kernel_interface_t *kernel_interface_create()
 	
 	this->public.get_spi = (status_t(*)(kernel_interface_t*,host_t*,host_t*,protocol_id_t,u_int32_t,u_int32_t*))get_spi;
 	this->public.get_cpi = (status_t(*)(kernel_interface_t*,host_t*,host_t*,u_int32_t,u_int16_t*))get_cpi;
-	this->public.add_sa  = (status_t(*)(kernel_interface_t *,host_t*,host_t*,u_int32_t,protocol_id_t,u_int32_t,u_int64_t,u_int64_t,u_int16_t,u_int16_t,u_int16_t,u_int16_t,prf_plus_t*,ipsec_mode_t,u_int16_t,bool,bool))add_sa;
+	this->public.add_sa  = (status_t(*)(kernel_interface_t *,host_t*,host_t*,u_int32_t,protocol_id_t,u_int32_t,u_int64_t,u_int64_t,u_int16_t,chunk_t,u_int16_t,chunk_t,ipsec_mode_t,u_int16_t,bool,bool))add_sa;
 	this->public.update_sa = (status_t(*)(kernel_interface_t*,u_int32_t,protocol_id_t,host_t*,host_t*,host_t*,host_t*,bool))update_sa;
 	this->public.del_sa = (status_t(*)(kernel_interface_t*,host_t*,u_int32_t,protocol_id_t))del_sa;
 	this->public.add_policy = (status_t(*)(kernel_interface_t*,host_t*,host_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,protocol_id_t,u_int32_t,bool,ipsec_mode_t,u_int16_t))add_policy;
diff --git a/src/charon/kernel/kernel_interface.h b/src/charon/kernel/kernel_interface.h
index a2a83b608..aec492424 100644
--- a/src/charon/kernel/kernel_interface.h
+++ b/src/charon/kernel/kernel_interface.h
@@ -101,10 +101,9 @@ struct kernel_interface_t {
 	 * @param expire_soft	lifetime in seconds before rekeying
 	 * @param expire_hard	lifetime in seconds before delete
 	 * @param enc_alg		Algorithm to use for encryption (ESP only)
-	 * @param enc_size		key length of encryption algorithm, if dynamic
+	 * @param enc_key		key to use for encryption
 	 * @param int_alg		Algorithm to use for integrity protection
-	 * @param int_size		key length of integrity algorithm, if dynamic
-	 * @param prf_plus		PRF to derive keys from
+	 * @param int_key		key to use for integrity protection
 	 * @param mode			mode of the SA (tunnel, transport)
 	 * @param ipcomp		IPComp transform to use
 	 * @param encap			enable UDP encapsulation for NAT traversal
@@ -115,10 +114,9 @@ struct kernel_interface_t {
 						host_t *src, host_t *dst, u_int32_t spi,
 						protocol_id_t protocol, u_int32_t reqid,
 						u_int64_t expire_soft, u_int64_t expire_hard,
-					    u_int16_t enc_alg, u_int16_t enc_size,
-					    u_int16_t int_alg, u_int16_t int_size,
-						prf_plus_t *prf_plus, ipsec_mode_t mode,
-						u_int16_t ipcomp, bool encap,
+					    u_int16_t enc_alg, chunk_t enc_key,
+					    u_int16_t int_alg, chunk_t int_key,
+						ipsec_mode_t mode, u_int16_t ipcomp, bool encap,
 						bool update);
 	
 	/**
diff --git a/src/charon/kernel/kernel_ipsec.h b/src/charon/kernel/kernel_ipsec.h
index 8fa5fb006..bef496a88 100644
--- a/src/charon/kernel/kernel_ipsec.h
+++ b/src/charon/kernel/kernel_ipsec.h
@@ -133,10 +133,9 @@ struct kernel_ipsec_t {
 	 * @param expire_soft	lifetime in seconds before rekeying
 	 * @param expire_hard	lifetime in seconds before delete
 	 * @param enc_alg		Algorithm to use for encryption (ESP only)
-	 * @param enc_size		key length of encryption algorithm, if dynamic
+	 * @param enc_key		key to use for encryption
 	 * @param int_alg		Algorithm to use for integrity protection
-	 * @param int_size		key length of integrity algorithm, if dynamic
-	 * @param prf_plus		PRF to derive keys from
+	 * @param int_key		key to use for integrity protection
 	 * @param mode			mode of the SA (tunnel, transport)
 	 * @param ipcomp		IPComp transform to use
 	 * @param encap			enable UDP encapsulation for NAT traversal
@@ -147,10 +146,9 @@ struct kernel_ipsec_t {
 						host_t *src, host_t *dst, u_int32_t spi,
 						protocol_id_t protocol, u_int32_t reqid,
 						u_int64_t expire_soft, u_int64_t expire_hard,
-					    u_int16_t enc_alg, u_int16_t enc_size,
-					    u_int16_t int_alg, u_int16_t int_size,
-						prf_plus_t *prf_plus, ipsec_mode_t mode,
-						u_int16_t ipcomp, bool encap,
+					    u_int16_t enc_alg, chunk_t enc_key,
+					    u_int16_t int_alg, chunk_t int_key,
+						ipsec_mode_t mode, u_int16_t ipcomp, bool encap,
 						bool update);
 	
 	/**