sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-11-13 00:00:38 -05:00
Code Issues Projects Releases Wiki Activity

charon-tkm: Implement IANA DH Id to TKM Id mapping

Browse Source 
The TKM Diffie-Hellman plugin now maps IANA DH identifiers to TKM DH
algorithm identifiers. The mapping is specified in the daemon's
'dh_mapping' section in the strongswan.conf file:

dh_mapping {
	iana_id1 = tkm_id1
	iana_id2 = tkm_id2
	iana_id3 = tkm_id3
	...
}

Only the mapped IANA IDs are registered as supported DH groups.
This commit is contained in:
Adrian-Ken Rueegsegger 2013-11-26 16:20:24 +01:00 committed by Reto Buerki
parent 9e8a52003a
commit 6db7feacf6
5 changed files with 134 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/charon-tkm/src/charon-tkm.c
View File

@ -288,10 +288,6 @@ int main(int argc, char *argv[])
static plugin_feature_t features[] = { static plugin_feature_t features[] = {
PLUGIN_REGISTER(NONCE_GEN, tkm_nonceg_create), PLUGIN_REGISTER(NONCE_GEN, tkm_nonceg_create),
PLUGIN_PROVIDE(NONCE_GEN), PLUGIN_PROVIDE(NONCE_GEN),
PLUGIN_REGISTER(DH, tkm_diffie_hellman_create),
PLUGIN_PROVIDE(DH, MODP_2048_BIT),
PLUGIN_PROVIDE(DH, MODP_3072_BIT),
PLUGIN_PROVIDE(DH, MODP_4096_BIT),
PLUGIN_REGISTER(PUBKEY, tkm_public_key_load, TRUE), PLUGIN_REGISTER(PUBKEY, tkm_public_key_load, TRUE),
PLUGIN_PROVIDE(PUBKEY, KEY_RSA), PLUGIN_PROVIDE(PUBKEY, KEY_RSA),
PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1), PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1),
@ -302,6 +298,12 @@ int main(int argc, char *argv[])
lib->plugins->add_static_features(lib->plugins, "tkm-backend", features, lib->plugins->add_static_features(lib->plugins, "tkm-backend", features,
countof(features), TRUE); countof(features), TRUE);
if (!register_dh_mapping())
{
DBG1(DBG_DMN, "no DH group mapping defined - aborting %s", dmn_name);
goto deinit;
}
/* register TKM keymat variant */ /* register TKM keymat variant */
keymat_register_constructor(IKEV2, (keymat_constructor_t)tkm_keymat_create); keymat_register_constructor(IKEV2, (keymat_constructor_t)tkm_keymat_create);
@ -380,6 +382,7 @@ int main(int argc, char *argv[])
lib->encoding->remove_encoder(lib->encoding, tkm_encoder_encode); lib->encoding->remove_encoder(lib->encoding, tkm_encoder_encode);
deinit: deinit:
destroy_dh_mapping();
libcharon_deinit(); libcharon_deinit();
libhydra_deinit(); libhydra_deinit();
library_deinit(); library_deinit();

108
src/charon-tkm/src/tkm/tkm_diffie_hellman.c
View File

@ -21,10 +21,13 @@
#include "tkm_utils.h" #include "tkm_utils.h"
#include "tkm_diffie_hellman.h" #include "tkm_diffie_hellman.h"
#include <utils/debug.h> #include <daemon.h>
#include <collections/hashtable.h>
typedef struct private_tkm_diffie_hellman_t private_tkm_diffie_hellman_t; typedef struct private_tkm_diffie_hellman_t private_tkm_diffie_hellman_t;
static hashtable_t *group_map = NULL;
/** /**
* Private data of a tkm_diffie_hellman_t object. * Private data of a tkm_diffie_hellman_t object.
*/ */
@ -102,6 +105,95 @@ METHOD(tkm_diffie_hellman_t, get_id, dh_id_type,
return this->context_id; return this->context_id;
} }
static u_int hash(void *key)
{
diffie_hellman_group_t k = *(diffie_hellman_group_t*)key;
return chunk_hash(chunk_from_thing(k));
}
static bool equals(void *key, void *other_key)
{
return *(diffie_hellman_group_t*)key == *(diffie_hellman_group_t*)other_key;
}
/*
* Described in header.
*/
int register_dh_mapping()
{
int count, i;
char *iana_id_str, *tkm_id_str;
diffie_hellman_group_t *iana_id;
u_int64_t *tkm_id;
hashtable_t *map;
enumerator_t *enumerator;
map = hashtable_create((hashtable_hash_t)hash,
(hashtable_equals_t)equals, 16);
enumerator = lib->settings->create_key_value_enumerator(lib->settings,
"%s.dh_mapping",
charon->name);
while (enumerator->enumerate(enumerator, &iana_id_str, &tkm_id_str))
{
iana_id = malloc_thing(diffie_hellman_group_t);
*iana_id = settings_value_as_int(iana_id_str, 0);
tkm_id = malloc_thing(u_int64_t);
*tkm_id = settings_value_as_int(tkm_id_str, 0);
map->put(map, iana_id, tkm_id);
}
enumerator->destroy(enumerator);
count = map->get_count(map);
plugin_feature_t f[count + 1];
f[0] = PLUGIN_REGISTER(DH, tkm_diffie_hellman_create);
i = 1;
enumerator = map->create_enumerator(map);
while (enumerator->enumerate(enumerator, &iana_id, &tkm_id))
{
f[i] = PLUGIN_PROVIDE(DH, *iana_id);
i++;
}
enumerator->destroy(enumerator);
lib->plugins->add_static_features(lib->plugins, "tkm-dh", f, countof(f), TRUE);
if (count > 0)
{
group_map = map;
}
else
{
map->destroy(map);
}
return count;
}
/*
* Described in header.
*/
void destroy_dh_mapping()
{
enumerator_t *enumerator;
char *key, *value;
if (group_map)
{
enumerator = group_map->create_enumerator(group_map);
while (enumerator->enumerate(enumerator, &key, &value))
{
free(key);
free(value);
}
enumerator->destroy(enumerator);
group_map->destroy(group_map);
}
}
/* /*
* Described in header. * Described in header.
*/ */
@ -109,6 +201,11 @@ tkm_diffie_hellman_t *tkm_diffie_hellman_create(diffie_hellman_group_t group)
{ {
private_tkm_diffie_hellman_t *this; private_tkm_diffie_hellman_t *this;
if (!group_map)
{
return NULL;
}
INIT(this, INIT(this,
.public = { .public = {
.dh = { .dh = {
@ -130,7 +227,14 @@ tkm_diffie_hellman_t *tkm_diffie_hellman_create(diffie_hellman_group_t group)
return NULL; return NULL;
} }
if (ike_dh_create(this->context_id, group, &this->pubvalue) != TKM_OK) u_int64_t *dha_id = group_map->get(group_map, &group);
if (!dha_id)
{
free(this);
return NULL;
}
if (ike_dh_create(this->context_id, *dha_id, &this->pubvalue) != TKM_OK)
{ {
free(this); free(this);
return NULL; return NULL;

13
src/charon-tkm/src/tkm/tkm_diffie_hellman.h
View File

@ -46,6 +46,19 @@ struct tkm_diffie_hellman_t {
}; };
/**
* Loads IANA DH group identifier to TKM id mapping from config and registers
* the corresponding DH features.
*
* @return number of registered mappings
*/
int register_dh_mapping();
/**
* Destroy IANA DH group identifier to TKM id mapping.
*/
void destroy_dh_mapping();
/** /**
* Creates a new tkm_diffie_hellman_t object. * Creates a new tkm_diffie_hellman_t object.
* *

1
src/charon-tkm/tests/diffie_hellman_tests.c
View File

@ -14,6 +14,7 @@
* for more details. * for more details.
*/ */
#include <daemon.h>
#include <tests/test_suite.h> #include <tests/test_suite.h>
#include "tkm_diffie_hellman.h" #include "tkm_diffie_hellman.h"

10
src/charon-tkm/tests/tests.c
View File

@ -60,15 +60,18 @@ static bool test_runner_init(bool init)
static plugin_feature_t features[] = { static plugin_feature_t features[] = {
PLUGIN_REGISTER(NONCE_GEN, tkm_nonceg_create), PLUGIN_REGISTER(NONCE_GEN, tkm_nonceg_create),
PLUGIN_PROVIDE(NONCE_GEN), PLUGIN_PROVIDE(NONCE_GEN),
PLUGIN_REGISTER(DH, tkm_diffie_hellman_create),
PLUGIN_PROVIDE(DH, MODP_3072_BIT),
PLUGIN_PROVIDE(DH, MODP_4096_BIT),
PLUGIN_CALLBACK(kernel_ipsec_register, tkm_kernel_ipsec_create), PLUGIN_CALLBACK(kernel_ipsec_register, tkm_kernel_ipsec_create),
PLUGIN_PROVIDE(CUSTOM, "kernel-ipsec"), PLUGIN_PROVIDE(CUSTOM, "kernel-ipsec"),
}; };
lib->plugins->add_static_features(lib->plugins, "tkm-tests", features, lib->plugins->add_static_features(lib->plugins, "tkm-tests", features,
countof(features), TRUE); countof(features), TRUE);
lib->settings->set_int(lib->settings, "%s.dh_mapping.%d", 1,
charon->name, MODP_3072_BIT);
lib->settings->set_int(lib->settings, "%s.dh_mapping.%d", 2,
charon->name, MODP_4096_BIT);
register_dh_mapping();
plugin_loader_add_plugindirs(BUILDDIR "/src/libstrongswan/plugins", plugin_loader_add_plugindirs(BUILDDIR "/src/libstrongswan/plugins",
PLUGINS); PLUGINS);
plugin_loader_add_plugindirs(BUILDDIR "/src/libhydra/plugins", plugin_loader_add_plugindirs(BUILDDIR "/src/libhydra/plugins",
@ -90,6 +93,7 @@ static bool test_runner_init(bool init)
result = FALSE; result = FALSE;
} }
destroy_dh_mapping();
libcharon_deinit(); libcharon_deinit();
libhydra_deinit(); libhydra_deinit();
return result; return result;