diff options
author | Adrian-Ken Rueegsegger <ken@codelabs.ch> | 2012-09-11 19:04:55 +0200 |
---|---|---|
committer | Tobias Brunner <tobias@strongswan.org> | 2013-03-19 15:23:47 +0100 |
commit | a61ae27d165edadd1e177e60441d11a636fa7d44 (patch) | |
tree | d1fd814b14768043241ba371c5c9036d6bdf9387 /src | |
parent | 6c237edb9a23d521cd0e32838a6441c73361dd63 (diff) | |
download | strongswan-a61ae27d165edadd1e177e60441d11a636fa7d44.tar.bz2 strongswan-a61ae27d165edadd1e177e60441d11a636fa7d44.tar.xz |
Remove keymat proxy from TKM keymat
Since the TKM completely handles key derivation and installation there
is no need for the keymat proxy anymore.
Diffstat (limited to 'src')
-rw-r--r-- | src/charon-tkm/src/tkm/tkm_keymat.c | 39 | ||||
-rw-r--r-- | src/charon-tkm/src/tkm/tkm_types.h | 1 |
2 files changed, 11 insertions, 29 deletions
diff --git a/src/charon-tkm/src/tkm/tkm_keymat.c b/src/charon-tkm/src/tkm/tkm_keymat.c index a2d40a86c..0b9612c85 100644 --- a/src/charon-tkm/src/tkm/tkm_keymat.c +++ b/src/charon-tkm/src/tkm/tkm_keymat.c @@ -15,7 +15,6 @@ */ #include <daemon.h> -#include <sa/ikev2/keymat_v2.h> #include <tkm/constants.h> #include <tkm/client.h> @@ -38,11 +37,6 @@ struct private_tkm_keymat_t { tkm_keymat_t public; /** - * IKEv2 keymat proxy (will be removed). - */ - keymat_v2_t *proxy; - - /** * IKE_SA Role, initiator or responder. */ bool initiator; @@ -271,19 +265,14 @@ METHOD(tkm_keymat_t, derive_ike_keys, bool, /* TODO: Add failure handler (see keymat_v2.c) */ - if (this->proxy->derive_ike_keys(this->proxy, proposal, dh, nonce_i, - nonce_r, id, rekey_function, rekey_skd)) + tkm->chunk_map->remove(tkm->chunk_map, nonce); + if (ike_nc_reset(nc_id) != TKM_OK) { - tkm->chunk_map->remove(tkm->chunk_map, nonce); - if (ike_nc_reset(nc_id) != TKM_OK) - { - DBG1(DBG_IKE, "failed to reset nonce context %llu", nc_id); - } - tkm->idmgr->release_id(tkm->idmgr, TKM_CTX_NONCE, nc_id); - - return TRUE; + DBG1(DBG_IKE, "failed to reset nonce context %llu", nc_id); } - return FALSE; + tkm->idmgr->release_id(tkm->idmgr, TKM_CTX_NONCE, nc_id); + + return TRUE; } METHOD(tkm_keymat_t, derive_child_keys, bool, @@ -294,12 +283,7 @@ METHOD(tkm_keymat_t, derive_child_keys, bool, DBG1(DBG_CHD, "deriving child keys"); *encr_i = chunk_alloc(sizeof(esa_info_t)); (*(esa_info_t*)(encr_i->ptr)).isa_id = this->isa_ctx_id; - const bool result = this->proxy->derive_child_keys(this->proxy, proposal, - dh, nonce_i, nonce_r, - &(*(esa_info_t*)(encr_i->ptr)).enc_key, - integ_i, encr_r, - integ_r); - return result; + return TRUE; } METHOD(keymat_t, get_aead, aead_t*, @@ -313,15 +297,16 @@ METHOD(tkm_keymat_t, get_auth_octets, bool, chunk_t nonce, identification_t *id, char reserved[3], chunk_t *octets) { DBG1(DBG_IKE, "returning auth octets"); - return this->proxy->get_auth_octets(this->proxy, verify, ike_sa_init, nonce, - id, reserved, octets); + *octets = chunk_empty; + return TRUE; } METHOD(tkm_keymat_t, get_skd, pseudo_random_function_t, private_tkm_keymat_t *this, chunk_t *skd) { DBG1(DBG_IKE, "returning skd"); - return this->proxy->get_skd(this->proxy, skd); + *skd = chunk_empty; + return PRF_HMAC_SHA2_512; } METHOD(tkm_keymat_t, get_psk_sig, bool, @@ -365,7 +350,6 @@ METHOD(keymat_t, destroy, void, DESTROY_IF(this->aead_in); DESTROY_IF(this->aead_out); chunk_free(&this->auth_payload); - this->proxy->keymat.destroy(&this->proxy->keymat); free(this); } @@ -416,7 +400,6 @@ tkm_keymat_t *tkm_keymat_create(bool initiator) .isa_ctx_id = tkm->idmgr->acquire_id(tkm->idmgr, TKM_CTX_ISA), .ae_ctx_id = tkm->idmgr->acquire_id(tkm->idmgr, TKM_CTX_AE), .auth_payload = chunk_empty, - .proxy = keymat_v2_create(initiator), ); if (!this->isa_ctx_id || !this->ae_ctx_id) diff --git a/src/charon-tkm/src/tkm/tkm_types.h b/src/charon-tkm/src/tkm/tkm_types.h index 8c65348af..a33066444 100644 --- a/src/charon-tkm/src/tkm/tkm_types.h +++ b/src/charon-tkm/src/tkm/tkm_types.h @@ -21,7 +21,6 @@ typedef struct esa_info_t esa_info_t; struct esa_info_t { isa_id_type isa_id; - chunk_t enc_key; }; #endif /** TKM_TYPES_H_ */ |