Factor out AEAD transform creation

author Reto Buerki <reet@codelabs.ch>

Wed, 29 Aug 2012 08:38:47 +0000 (10:38 +0200)

committer Tobias Brunner <tobias@strongswan.org>

Tue, 19 Mar 2013 14:23:46 +0000 (15:23 +0100)
author Reto Buerki <reet@codelabs.ch>
Wed, 29 Aug 2012 08:38:47 +0000 (10:38 +0200)
committer Tobias Brunner <tobias@strongswan.org>
Tue, 19 Mar 2013 14:23:46 +0000 (15:23 +0100)
diff --git a/src/charon-tkm/src/tkm/tkm_keymat.c b/src/charon-tkm/src/tkm/tkm_keymat.c

index ab78994ec180e5d944f128bc8c44ff0c5a71de1c..36067eae8ff0ddcff73794c50a6204f797b103c2 100644 (file)
--- a/src/charon-tkm/src/tkm/tkm_keymat.c
+++ b/src/charon-tkm/src/tkm/tkm_keymat.c
@@ -58,6 +58,84 @@ struct private_tkm_keymat_t {
  
  };
  
+/**
+ * Create AEAD transforms from given key chunks.
+ *
+ * @param in                   inbound AEAD transform to allocate, NULL if failed
+ * @param out                  outbound AEAD transform to allocate, NULL if failed
+ * @param sk_ai                        SK_ai key chunk
+ * @param sk_ar                        SK_ar key chunk
+ * @param sk_ei                        SK_ei key chunk
+ * @param sk_er                        SK_er key chunk
+ * @param enc_alg              encryption algorithm to use
+ * @param int_alg              integrity algorithm to use
+ * @param key_size             encryption key size in bytes
+ * @param initiator            TRUE if initiator
+ */
+static void aead_create_from_keys(aead_t **in, aead_t **out,
+          const chunk_t * const sk_ai, const chunk_t * const sk_ar,
+          const chunk_t * const sk_ei, const chunk_t * const sk_er,
+          const u_int16_t enc_alg, const u_int16_t int_alg,
+          const u_int16_t key_size, bool initiator)
+{
+       *in = *out = NULL;
+
+       signer_t * const signer_i = lib->crypto->create_signer(lib->crypto, int_alg);
+       signer_t * const signer_r = lib->crypto->create_signer(lib->crypto, int_alg);
+       if (signer_i == NULL || signer_r == NULL)
+       {
+               DBG1(DBG_IKE, "%N %N not supported!",
+                        transform_type_names, INTEGRITY_ALGORITHM,
+                        integrity_algorithm_names, int_alg);
+               return;
+       }
+       crypter_t * const crypter_i = lib->crypto->create_crypter(lib->crypto,
+                       enc_alg, key_size);
+       crypter_t * const crypter_r = lib->crypto->create_crypter(lib->crypto,
+                       enc_alg, key_size);
+       if (crypter_i == NULL || crypter_r == NULL)
+       {
+               signer_i->destroy(signer_i);
+               signer_r->destroy(signer_r);
+               DBG1(DBG_IKE, "%N %N (key size %d) not supported!",
+                        transform_type_names, ENCRYPTION_ALGORITHM,
+                        encryption_algorithm_names, enc_alg, key_size);
+               return;
+       }
+
+       DBG4(DBG_IKE, "Sk_ai %B", sk_ai);
+       if (!signer_i->set_key(signer_i, *sk_ai))
+       {
+               return;
+       }
+       DBG4(DBG_IKE, "Sk_ar %B", sk_ar);
+       if (!signer_r->set_key(signer_r, *sk_ar))
+       {
+               return;
+       }
+       DBG4(DBG_IKE, "Sk_ei %B", sk_ei);
+       if (!crypter_i->set_key(crypter_i, *sk_ei))
+       {
+               return;
+       }
+       DBG4(DBG_IKE, "Sk_er %B", sk_er);
+       if (!crypter_r->set_key(crypter_r, *sk_er))
+       {
+               return;
+       }
+
+       if (initiator)
+       {
+               *in = aead_create(crypter_r, signer_r);
+               *out = aead_create(crypter_i, signer_i);
+       }
+       else
+       {
+               *in = aead_create(crypter_i, signer_i);
+               *out = aead_create(crypter_r, signer_r);
+       }
+}
+
  METHOD(keymat_t, get_version, ike_version_t,
         private_tkm_keymat_t *this)
  {
@@ -145,73 +223,26 @@ METHOD(tkm_keymat_t, derive_ike_keys, bool,
                 return FALSE;
         }
  
-       /* Initialize AEAD with crypters and signers */
-       signer_t * const signer_i = lib->crypto->create_signer(lib->crypto, int_alg);
-       signer_t * const signer_r = lib->crypto->create_signer(lib->crypto, int_alg);
-       if (signer_i == NULL || signer_r == NULL)
-       {
-               DBG1(DBG_IKE, "%N %N not supported!",
-                        transform_type_names, INTEGRITY_ALGORITHM,
-                        integrity_algorithm_names, int_alg);
-               return FALSE;
-       }
-       crypter_t * const crypter_i = lib->crypto->create_crypter(lib->crypto,
-                       enc_alg, key_size / 8);
-       crypter_t * const crypter_r = lib->crypto->create_crypter(lib->crypto,
-                       enc_alg, key_size / 8);
-       if (crypter_i == NULL || crypter_r == NULL)
-       {
-               signer_i->destroy(signer_i);
-               signer_r->destroy(signer_r);
-               DBG1(DBG_IKE, "%N %N (key size %d) not supported!",
-                        transform_type_names, ENCRYPTION_ALGORITHM,
-                        encryption_algorithm_names, enc_alg, key_size);
-               return FALSE;
-       }
-
-       chunk_t key;
-       sequence_to_chunk(sk_ai.data, sk_ai.size, &key);
-       DBG4(DBG_IKE, "Sk_ai %B", &key);
-       if (!signer_i->set_key(signer_i, key))
-       {
-               return FALSE;
-       }
-       chunk_clear(&key);
+       chunk_t c_ai, c_ar, c_ei, c_er;
+       sequence_to_chunk(sk_ai.data, sk_ai.size, &c_ai);
+       sequence_to_chunk(sk_ar.data, sk_ar.size, &c_ar);
+       sequence_to_chunk(sk_ei.data, sk_ei.size, &c_ei);
+       sequence_to_chunk(sk_er.data, sk_er.size, &c_er);
  
-       sequence_to_chunk(sk_ar.data, sk_ar.size, &key);
-       DBG4(DBG_IKE, "Sk_ar %B", &key);
-       if (!signer_r->set_key(signer_r, key))
-       {
-               return FALSE;
-       }
-       chunk_clear(&key);
+       aead_create_from_keys(&this->aead_in, &this->aead_out,
+                       &c_ai, &c_ar, &c_ei, &c_er,
+                       enc_alg, int_alg, key_size / 8, this->initiator);
  
-       sequence_to_chunk(sk_ei.data, sk_ei.size, &key);
-       DBG4(DBG_IKE, "Sk_ei %B", &key);
-       if (!crypter_i->set_key(crypter_i, key))
-       {
-               return FALSE;
-       }
-       chunk_clear(&key);
+       chunk_clear(&c_ai);
+       chunk_clear(&c_ar);
+       chunk_clear(&c_ei);
+       chunk_clear(&c_er);
  
-       sequence_to_chunk(sk_er.data, sk_er.size, &key);
-       DBG4(DBG_IKE, "Sk_er %B", &key);
-       if (!crypter_r->set_key(crypter_r, key))
+       if (!this->aead_in || !this->aead_out)
         {
+               DBG1(DBG_IKE, "could not initialize AEAD transforms");
                 return FALSE;
         }
-       chunk_clear(&key);
-
-       if (this->initiator)
-       {
-               this->aead_in = aead_create(crypter_r, signer_r);
-               this->aead_out = aead_create(crypter_i, signer_i);
-       }
-       else
-       {
-               this->aead_in = aead_create(crypter_i, signer_i);
-               this->aead_out = aead_create(crypter_r, signer_r);
-       }
  
         /* TODO: Add failure handler (see keymat_v2.c) */
author	Reto Buerki <reet@codelabs.ch>
	Wed, 29 Aug 2012 08:38:47 +0000 (10:38 +0200)
committer	Tobias Brunner <tobias@strongswan.org>
	Tue, 19 Mar 2013 14:23:46 +0000 (15:23 +0100)