aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorAdrian-Ken Rueegsegger <ken@codelabs.ch>2012-09-11 19:04:55 +0200
committerTobias Brunner <tobias@strongswan.org>2013-03-19 15:23:47 +0100
commita61ae27d165edadd1e177e60441d11a636fa7d44 (patch)
treed1fd814b14768043241ba371c5c9036d6bdf9387 /src
parent6c237edb9a23d521cd0e32838a6441c73361dd63 (diff)
downloadstrongswan-a61ae27d165edadd1e177e60441d11a636fa7d44.tar.bz2
strongswan-a61ae27d165edadd1e177e60441d11a636fa7d44.tar.xz
Remove keymat proxy from TKM keymat
Since the TKM completely handles key derivation and installation there is no need for the keymat proxy anymore.
Diffstat (limited to 'src')
-rw-r--r--src/charon-tkm/src/tkm/tkm_keymat.c39
-rw-r--r--src/charon-tkm/src/tkm/tkm_types.h1
2 files changed, 11 insertions, 29 deletions
diff --git a/src/charon-tkm/src/tkm/tkm_keymat.c b/src/charon-tkm/src/tkm/tkm_keymat.c
index a2d40a86c..0b9612c85 100644
--- a/src/charon-tkm/src/tkm/tkm_keymat.c
+++ b/src/charon-tkm/src/tkm/tkm_keymat.c
@@ -15,7 +15,6 @@
*/
#include <daemon.h>
-#include <sa/ikev2/keymat_v2.h>
#include <tkm/constants.h>
#include <tkm/client.h>
@@ -38,11 +37,6 @@ struct private_tkm_keymat_t {
tkm_keymat_t public;
/**
- * IKEv2 keymat proxy (will be removed).
- */
- keymat_v2_t *proxy;
-
- /**
* IKE_SA Role, initiator or responder.
*/
bool initiator;
@@ -271,19 +265,14 @@ METHOD(tkm_keymat_t, derive_ike_keys, bool,
/* TODO: Add failure handler (see keymat_v2.c) */
- if (this->proxy->derive_ike_keys(this->proxy, proposal, dh, nonce_i,
- nonce_r, id, rekey_function, rekey_skd))
+ tkm->chunk_map->remove(tkm->chunk_map, nonce);
+ if (ike_nc_reset(nc_id) != TKM_OK)
{
- tkm->chunk_map->remove(tkm->chunk_map, nonce);
- if (ike_nc_reset(nc_id) != TKM_OK)
- {
- DBG1(DBG_IKE, "failed to reset nonce context %llu", nc_id);
- }
- tkm->idmgr->release_id(tkm->idmgr, TKM_CTX_NONCE, nc_id);
-
- return TRUE;
+ DBG1(DBG_IKE, "failed to reset nonce context %llu", nc_id);
}
- return FALSE;
+ tkm->idmgr->release_id(tkm->idmgr, TKM_CTX_NONCE, nc_id);
+
+ return TRUE;
}
METHOD(tkm_keymat_t, derive_child_keys, bool,
@@ -294,12 +283,7 @@ METHOD(tkm_keymat_t, derive_child_keys, bool,
DBG1(DBG_CHD, "deriving child keys");
*encr_i = chunk_alloc(sizeof(esa_info_t));
(*(esa_info_t*)(encr_i->ptr)).isa_id = this->isa_ctx_id;
- const bool result = this->proxy->derive_child_keys(this->proxy, proposal,
- dh, nonce_i, nonce_r,
- &(*(esa_info_t*)(encr_i->ptr)).enc_key,
- integ_i, encr_r,
- integ_r);
- return result;
+ return TRUE;
}
METHOD(keymat_t, get_aead, aead_t*,
@@ -313,15 +297,16 @@ METHOD(tkm_keymat_t, get_auth_octets, bool,
chunk_t nonce, identification_t *id, char reserved[3], chunk_t *octets)
{
DBG1(DBG_IKE, "returning auth octets");
- return this->proxy->get_auth_octets(this->proxy, verify, ike_sa_init, nonce,
- id, reserved, octets);
+ *octets = chunk_empty;
+ return TRUE;
}
METHOD(tkm_keymat_t, get_skd, pseudo_random_function_t,
private_tkm_keymat_t *this, chunk_t *skd)
{
DBG1(DBG_IKE, "returning skd");
- return this->proxy->get_skd(this->proxy, skd);
+ *skd = chunk_empty;
+ return PRF_HMAC_SHA2_512;
}
METHOD(tkm_keymat_t, get_psk_sig, bool,
@@ -365,7 +350,6 @@ METHOD(keymat_t, destroy, void,
DESTROY_IF(this->aead_in);
DESTROY_IF(this->aead_out);
chunk_free(&this->auth_payload);
- this->proxy->keymat.destroy(&this->proxy->keymat);
free(this);
}
@@ -416,7 +400,6 @@ tkm_keymat_t *tkm_keymat_create(bool initiator)
.isa_ctx_id = tkm->idmgr->acquire_id(tkm->idmgr, TKM_CTX_ISA),
.ae_ctx_id = tkm->idmgr->acquire_id(tkm->idmgr, TKM_CTX_AE),
.auth_payload = chunk_empty,
- .proxy = keymat_v2_create(initiator),
);
if (!this->isa_ctx_id || !this->ae_ctx_id)
diff --git a/src/charon-tkm/src/tkm/tkm_types.h b/src/charon-tkm/src/tkm/tkm_types.h
index 8c65348af..a33066444 100644
--- a/src/charon-tkm/src/tkm/tkm_types.h
+++ b/src/charon-tkm/src/tkm/tkm_types.h
@@ -21,7 +21,6 @@ typedef struct esa_info_t esa_info_t;
struct esa_info_t {
isa_id_type isa_id;
- chunk_t enc_key;
};
#endif /** TKM_TYPES_H_ */