mirror of
https://github.com/strongswan/strongswan.git
synced 2025-11-04 00:00:51 -05:00
charon-tkm: Implement IANA DH Id to TKM Id mapping
The TKM Diffie-Hellman plugin now maps IANA DH identifiers to TKM DH
algorithm identifiers. The mapping is specified in the daemon's
'dh_mapping' section in the strongswan.conf file:
dh_mapping {
iana_id1 = tkm_id1
iana_id2 = tkm_id2
iana_id3 = tkm_id3
...
}
Only the mapped IANA IDs are registered as supported DH groups.
This commit is contained in:
Adrian-Ken Rueegsegger
Reto Buerki
parent
9e8a52003a
commit
6db7feacf6
@ -288,10 +288,6 @@ int main(int argc, char *argv[])
|
||||
static plugin_feature_t features[] = {
|
||||
PLUGIN_REGISTER(NONCE_GEN, tkm_nonceg_create),
|
||||
PLUGIN_PROVIDE(NONCE_GEN),
|
||||
PLUGIN_REGISTER(DH, tkm_diffie_hellman_create),
|
||||
PLUGIN_PROVIDE(DH, MODP_2048_BIT),
|
||||
PLUGIN_PROVIDE(DH, MODP_3072_BIT),
|
||||
PLUGIN_PROVIDE(DH, MODP_4096_BIT),
|
||||
PLUGIN_REGISTER(PUBKEY, tkm_public_key_load, TRUE),
|
||||
PLUGIN_PROVIDE(PUBKEY, KEY_RSA),
|
||||
PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1),
|
||||
@ -302,6 +298,12 @@ int main(int argc, char *argv[])
|
||||
lib->plugins->add_static_features(lib->plugins, "tkm-backend", features,
|
||||
countof(features), TRUE);
|
||||
|
||||
if (!register_dh_mapping())
|
||||
{
|
||||
DBG1(DBG_DMN, "no DH group mapping defined - aborting %s", dmn_name);
|
||||
goto deinit;
|
||||
}
|
||||
|
||||
/* register TKM keymat variant */
|
||||
keymat_register_constructor(IKEV2, (keymat_constructor_t)tkm_keymat_create);
|
||||
|
||||
@ -380,6 +382,7 @@ int main(int argc, char *argv[])
|
||||
lib->encoding->remove_encoder(lib->encoding, tkm_encoder_encode);
|
||||
|
||||
deinit:
|
||||
destroy_dh_mapping();
|
||||
libcharon_deinit();
|
||||
libhydra_deinit();
|
||||
library_deinit();
|
||||
|
||||
@ -21,10 +21,13 @@
|
||||
#include "tkm_utils.h"
|
||||
#include "tkm_diffie_hellman.h"
|
||||
|
||||
#include <utils/debug.h>
|
||||
#include <daemon.h>
|
||||
#include <collections/hashtable.h>
|
||||
|
||||
typedef struct private_tkm_diffie_hellman_t private_tkm_diffie_hellman_t;
|
||||
|
||||
static hashtable_t *group_map = NULL;
|
||||
|
||||
/**
|
||||
* Private data of a tkm_diffie_hellman_t object.
|
||||
*/
|
||||
@ -102,6 +105,95 @@ METHOD(tkm_diffie_hellman_t, get_id, dh_id_type,
|
||||
return this->context_id;
|
||||
}
|
||||
|
||||
static u_int hash(void *key)
|
||||
{
|
||||
diffie_hellman_group_t k = *(diffie_hellman_group_t*)key;
|
||||
return chunk_hash(chunk_from_thing(k));
|
||||
}
|
||||
|
||||
static bool equals(void *key, void *other_key)
|
||||
{
|
||||
return *(diffie_hellman_group_t*)key == *(diffie_hellman_group_t*)other_key;
|
||||
}
|
||||
|
||||
/*
|
||||
* Described in header.
|
||||
*/
|
||||
int register_dh_mapping()
|
||||
{
|
||||
int count, i;
|
||||
char *iana_id_str, *tkm_id_str;
|
||||
diffie_hellman_group_t *iana_id;
|
||||
u_int64_t *tkm_id;
|
||||
hashtable_t *map;
|
||||
enumerator_t *enumerator;
|
||||
|
||||
map = hashtable_create((hashtable_hash_t)hash,
|
||||
(hashtable_equals_t)equals, 16);
|
||||
|
||||
enumerator = lib->settings->create_key_value_enumerator(lib->settings,
|
||||
"%s.dh_mapping",
|
||||
charon->name);
|
||||
|
||||
while (enumerator->enumerate(enumerator, &iana_id_str, &tkm_id_str))
|
||||
{
|
||||
iana_id = malloc_thing(diffie_hellman_group_t);
|
||||
*iana_id = settings_value_as_int(iana_id_str, 0);
|
||||
tkm_id = malloc_thing(u_int64_t);
|
||||
*tkm_id = settings_value_as_int(tkm_id_str, 0);
|
||||
|
||||
map->put(map, iana_id, tkm_id);
|
||||
}
|
||||
enumerator->destroy(enumerator);
|
||||
|
||||
count = map->get_count(map);
|
||||
plugin_feature_t f[count + 1];
|
||||
f[0] = PLUGIN_REGISTER(DH, tkm_diffie_hellman_create);
|
||||
|
||||
i = 1;
|
||||
enumerator = map->create_enumerator(map);
|
||||
while (enumerator->enumerate(enumerator, &iana_id, &tkm_id))
|
||||
{
|
||||
f[i] = PLUGIN_PROVIDE(DH, *iana_id);
|
||||
i++;
|
||||
}
|
||||
enumerator->destroy(enumerator);
|
||||
|
||||
lib->plugins->add_static_features(lib->plugins, "tkm-dh", f, countof(f), TRUE);
|
||||
|
||||
if (count > 0)
|
||||
{
|
||||
group_map = map;
|
||||
}
|
||||
else
|
||||
{
|
||||
map->destroy(map);
|
||||
}
|
||||
|
||||
return count;
|
||||
}
|
||||
|
||||
/*
|
||||
* Described in header.
|
||||
*/
|
||||
void destroy_dh_mapping()
|
||||
{
|
||||
enumerator_t *enumerator;
|
||||
char *key, *value;
|
||||
|
||||
if (group_map)
|
||||
{
|
||||
enumerator = group_map->create_enumerator(group_map);
|
||||
while (enumerator->enumerate(enumerator, &key, &value))
|
||||
{
|
||||
free(key);
|
||||
free(value);
|
||||
}
|
||||
enumerator->destroy(enumerator);
|
||||
group_map->destroy(group_map);
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Described in header.
|
||||
*/
|
||||
@ -109,6 +201,11 @@ tkm_diffie_hellman_t *tkm_diffie_hellman_create(diffie_hellman_group_t group)
|
||||
{
|
||||
private_tkm_diffie_hellman_t *this;
|
||||
|
||||
if (!group_map)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
||||
INIT(this,
|
||||
.public = {
|
||||
.dh = {
|
||||
@ -130,7 +227,14 @@ tkm_diffie_hellman_t *tkm_diffie_hellman_create(diffie_hellman_group_t group)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (ike_dh_create(this->context_id, group, &this->pubvalue) != TKM_OK)
|
||||
u_int64_t *dha_id = group_map->get(group_map, &group);
|
||||
if (!dha_id)
|
||||
{
|
||||
free(this);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (ike_dh_create(this->context_id, *dha_id, &this->pubvalue) != TKM_OK)
|
||||
{
|
||||
free(this);
|
||||
return NULL;
|
||||
|
||||
@ -46,6 +46,19 @@ struct tkm_diffie_hellman_t {
|
||||
|
||||
};
|
||||
|
||||
/**
|
||||
* Loads IANA DH group identifier to TKM id mapping from config and registers
|
||||
* the corresponding DH features.
|
||||
*
|
||||
* @return number of registered mappings
|
||||
*/
|
||||
int register_dh_mapping();
|
||||
|
||||
/**
|
||||
* Destroy IANA DH group identifier to TKM id mapping.
|
||||
*/
|
||||
void destroy_dh_mapping();
|
||||
|
||||
/**
|
||||
* Creates a new tkm_diffie_hellman_t object.
|
||||
*
|
||||
|
||||
@ -14,6 +14,7 @@
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
#include <daemon.h>
|
||||
#include <tests/test_suite.h>
|
||||
|
||||
#include "tkm_diffie_hellman.h"
|
||||
|
||||
@ -60,15 +60,18 @@ static bool test_runner_init(bool init)
|
||||
static plugin_feature_t features[] = {
|
||||
PLUGIN_REGISTER(NONCE_GEN, tkm_nonceg_create),
|
||||
PLUGIN_PROVIDE(NONCE_GEN),
|
||||
PLUGIN_REGISTER(DH, tkm_diffie_hellman_create),
|
||||
PLUGIN_PROVIDE(DH, MODP_3072_BIT),
|
||||
PLUGIN_PROVIDE(DH, MODP_4096_BIT),
|
||||
PLUGIN_CALLBACK(kernel_ipsec_register, tkm_kernel_ipsec_create),
|
||||
PLUGIN_PROVIDE(CUSTOM, "kernel-ipsec"),
|
||||
};
|
||||
lib->plugins->add_static_features(lib->plugins, "tkm-tests", features,
|
||||
countof(features), TRUE);
|
||||
|
||||
lib->settings->set_int(lib->settings, "%s.dh_mapping.%d", 1,
|
||||
charon->name, MODP_3072_BIT);
|
||||
lib->settings->set_int(lib->settings, "%s.dh_mapping.%d", 2,
|
||||
charon->name, MODP_4096_BIT);
|
||||
register_dh_mapping();
|
||||
|
||||
plugin_loader_add_plugindirs(BUILDDIR "/src/libstrongswan/plugins",
|
||||
PLUGINS);
|
||||
plugin_loader_add_plugindirs(BUILDDIR "/src/libhydra/plugins",
|
||||
@ -90,6 +93,7 @@ static bool test_runner_init(bool init)
|
||||
result = FALSE;
|
||||
}
|
||||
|
||||
destroy_dh_mapping();
|
||||
libcharon_deinit();
|
||||
libhydra_deinit();
|
||||
return result;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user