Provide keymat_t to message_t to encrypt/decrypt data.

3 files changed, 17 insertions, 18 deletions

diff --git a/src/libcharon/encoding/message.c b/src/libcharon/encoding/message.c
index 2bd52ec4c..79cc86ed4 100644
--- a/src/libcharon/encoding/message.c
+++ b/src/libcharon/encoding/message.c
@@ -24,10 +24,8 @@
 
 #include <library.h>
 #include <daemon.h>
-#include <sa/ike_sa_id.h>
 #include <encoding/generator.h>
 #include <encoding/parser.h>
-#include <utils/linked_list.h>
 #include <encoding/payloads/encodings.h>
 #include <encoding/payloads/payload.h>
 #include <encoding/payloads/encryption_payload.h>
@@ -1334,13 +1332,14 @@ METHOD(message_t, disable_sort, void,
 }
 
 METHOD(message_t, generate, status_t,
-	private_message_t *this, aead_t *aead, packet_t **packet)
+	private_message_t *this, keymat_t *keymat, packet_t **packet)
 {
 	generator_t *generator;
 	ike_header_t *ike_header;
 	payload_t *payload, *next;
 	encryption_payload_t *encryption = NULL;
 	enumerator_t *enumerator;
+	aead_t *aead;
 	chunk_t chunk;
 	char str[BUF_LEN];
 	u_int32_t *lenpos;
@@ -1374,6 +1373,7 @@ METHOD(message_t, generate, status_t,
 
 	DBG1(DBG_ENC, "generating %s", get_string(this, str, sizeof(str)));
 
+	aead = keymat->get_aead(keymat, FALSE);
 	if (aead && this->rule->encrypted)
 	{
 		encryption = wrap_payloads(this);
@@ -1609,13 +1609,14 @@ static status_t parse_payloads(private_message_t *this)
 /**
  * Decrypt payload from the encryption payload
  */
-static status_t decrypt_payloads(private_message_t *this, aead_t *aead)
+static status_t decrypt_payloads(private_message_t *this, keymat_t *keymat)
 {
 	bool was_encrypted = FALSE;
 	payload_t *payload, *previous = NULL;
 	enumerator_t *enumerator;
 	payload_rule_t *rule;
 	payload_type_t type;
+	aead_t *aead;
 	status_t status = SUCCESS;
 
 	enumerator = this->payloads->create_enumerator(this->payloads);
@@ -1641,6 +1642,7 @@ static status_t decrypt_payloads(private_message_t *this, aead_t *aead)
 				status = VERIFY_ERROR;
 				break;
 			}
+			aead = keymat->get_aead(keymat, TRUE);
 			encryption->set_transform(encryption, aead);
 			chunk = this->packet->get_data(this->packet);
 			if (chunk.len < encryption->get_length(encryption))
@@ -1752,7 +1754,7 @@ static status_t verify(private_message_t *this)
 }
 
 METHOD(message_t, parse_body, status_t,
-	private_message_t *this, aead_t *aead)
+	private_message_t *this, keymat_t *keymat)
 {
 	status_t status = SUCCESS;
 	char str[BUF_LEN];
@@ -1775,7 +1777,7 @@ METHOD(message_t, parse_body, status_t,
 		return status;
 	}
 
-	status = decrypt_payloads(this, aead);
+	status = decrypt_payloads(this, keymat);
 	if (status != SUCCESS)
 	{
 		DBG1(DBG_ENC, "could not decrypt payloads");
@@ -1872,4 +1874,3 @@ message_t *message_create(int major, int minor)
 
 	return this;
 }
-
diff --git a/src/libcharon/encoding/message.h b/src/libcharon/encoding/message.h
index dd18b4bd9..6f3c7967f 100644
--- a/src/libcharon/encoding/message.h
+++ b/src/libcharon/encoding/message.h
@@ -27,15 +27,15 @@
 typedef struct message_t message_t;
 
 #include <library.h>
-#include <sa/ike_sa_id.h>
 #include <network/packet.h>
 #include <encoding/payloads/ike_header.h>
 #include <encoding/payloads/notify_payload.h>
+#include <sa/keymat.h>
+#include <sa/ike_sa_id.h>
 #include <utils/linked_list.h>
-#include <crypto/aead.h>
 
 /**
- * This class is used to represent an IKEv2-Message.
+ * This class is used to represent an IKE-Message.
  *
  * The message handles parsing and generation of payloads
  * via parser_t/generator_t. Encryption is done transparently
@@ -228,7 +228,7 @@ struct message_t {
 	 * If there are encrypted payloads, they get decrypted and verified using
 	 * the given aead transform (if given).
 	 *
-	 * @param aead		aead transform to verify/decrypt message
+	 * @param keymat	keymat to verify/decrypt message
 	 * @return
 	 *					- SUCCESS if parsing successful
 	 *					- PARSE_ERROR if message parsing failed
@@ -236,7 +236,7 @@ struct message_t {
 	 *					- FAILED if integrity check failed
 	 *					- INVALID_STATE if aead not supplied, but needed
 	 */
-	status_t (*parse_body) (message_t *this, aead_t *aead);
+	status_t (*parse_body) (message_t *this, keymat_t *keymat);
 
 	/**
 	 * Generates the UDP packet of specific message.
@@ -247,7 +247,7 @@ struct message_t {
 	 * Generation is only done once, multiple calls will just return a copy
 	 * of the packet.
 	 *
-	 * @param aead		aead transform to encrypt/sign message
+	 * @param keymat	keymat to encrypt/sign message
 	 * @param packet	copy of generated packet
 	 * @return
 	 *					- SUCCESS if packet could be generated
@@ -255,7 +255,7 @@ struct message_t {
 	 *					- NOT_FOUND if no rules found for message generation
 	 *					- INVALID_STATE if aead not supplied but needed.
 	 */
-	status_t (*generate) (message_t *this, aead_t *aead, packet_t **packet);
+	status_t (*generate) (message_t *this, keymat_t *keymat, packet_t **packet);
 
 	/**
 	 * Check if the message has already been encoded using generate().
diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
index 1f8799890..b9b2bb82e 100644
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -920,8 +920,7 @@ METHOD(ike_sa_t, generate_message, status_t,
 	this->stats[STAT_OUTBOUND] = time_monotonic(NULL);
 	message->set_ike_sa_id(message, this->ike_sa_id);
 	charon->bus->message(charon->bus, message, FALSE);
-	return message->generate(message,
-				this->keymat->get_aead(this->keymat, FALSE), packet);
+	return message->generate(message, this->keymat, packet);
 }
 
 /**
@@ -1227,8 +1226,7 @@ METHOD(ike_sa_t, process_message, status_t,
 
 	is_request = message->get_request(message);
 
-	status = message->parse_body(message,
-								 this->keymat->get_aead(this->keymat, TRUE));
+	status = message->parse_body(message, this->keymat);
 	if (status == SUCCESS)
 	{	/* check for unsupported critical payloads */
 		enumerator_t *enumerator;