[Swan-dev] pluto: IKEv2: create functions for boilerplate for starting and ending SK/SKF payloads; Was: [Swan-commit] Changes to ref refs/heads/master

[D. Hugh Redelmeier]

| From: Andrew Cagney <andrew.cagney at gmail.com>

| Er, don't we already have functions to boilerplate at least SK payloads?

Yes, but I hadn't noticed.  Unfortunate.

I was fixing five copies of code in ikev2_parent.c.  I didn't change
the code much, I just factored it out.

These previously existing functions are used four times in
ikev2_send.c.  Why were they not used in ikev2_parent.c too?

The ikev2_send.c version looks a bit nicer.  They should replace the
functions I wrote.

It would be good if close_v2sk_payload could handle fragmenting (I
said that about end_encrypted_payload in the commit).

Current oddity: the payload size is padded before fragmentation and
after.  I imagine that only after is correct.

Another oddity: currently not all messages can be fragmented by our
code.  If that were handled in close_v2sk_payload, we could fragment
any encrypted packet.

start_encrypted_payload and end_encrypted_payload support SK and SKF
payloads.  It would be good if open_v2sk_payload and
close_v2sk_payload could too.

If start_encrypted_payload and end_encrypted_payload are replaced,
move_pbs_previous_np and ikev2_padup_pre_encrypt become unused and should 
be deleted.