diff options
| author | Adrian-Ken Rueegsegger <ken@codelabs.ch> | 2013-11-26 16:20:24 +0100 |
|---|---|---|
| committer | Reto Buerki <reet@codelabs.ch> | 2013-12-03 11:58:53 +0100 |
| commit | 6db7feacf6edef39d1b0837ca4ff5839221c1b7e (patch) | |
| tree | 34a61737c0f836ab58325dd5222ebce5518ad98e | |
| parent | 9e8a52003af23820061bd37244baa28c2106aace (diff) | |
| download | strongswan-6db7feacf6edef39d1b0837ca4ff5839221c1b7e.tar.bz2 strongswan-6db7feacf6edef39d1b0837ca4ff5839221c1b7e.tar.xz | |
charon-tkm: Implement IANA DH Id to TKM Id mapping
The TKM Diffie-Hellman plugin now maps IANA DH identifiers to TKM DH
algorithm identifiers. The mapping is specified in the daemon's
'dh_mapping' section in the strongswan.conf file:
dh_mapping {
iana_id1 = tkm_id1
iana_id2 = tkm_id2
iana_id3 = tkm_id3
...
}
Only the mapped IANA IDs are registered as supported DH groups.
| -rw-r--r-- | src/charon-tkm/src/charon-tkm.c | 11 | ||||
| -rw-r--r-- | src/charon-tkm/src/tkm/tkm_diffie_hellman.c | 108 | ||||
| -rw-r--r-- | src/charon-tkm/src/tkm/tkm_diffie_hellman.h | 13 | ||||
| -rw-r--r-- | src/charon-tkm/tests/diffie_hellman_tests.c | 1 | ||||
| -rw-r--r-- | src/charon-tkm/tests/tests.c | 10 |
5 files changed, 134 insertions, 9 deletions
diff --git a/src/charon-tkm/src/charon-tkm.c b/src/charon-tkm/src/charon-tkm.c index 14a735590..3db06743d 100644 --- a/src/charon-tkm/src/charon-tkm.c +++ b/src/charon-tkm/src/charon-tkm.c @@ -288,10 +288,6 @@ int main(int argc, char *argv[]) static plugin_feature_t features[] = { PLUGIN_REGISTER(NONCE_GEN, tkm_nonceg_create), PLUGIN_PROVIDE(NONCE_GEN), - PLUGIN_REGISTER(DH, tkm_diffie_hellman_create), - PLUGIN_PROVIDE(DH, MODP_2048_BIT), - PLUGIN_PROVIDE(DH, MODP_3072_BIT), - PLUGIN_PROVIDE(DH, MODP_4096_BIT), PLUGIN_REGISTER(PUBKEY, tkm_public_key_load, TRUE), PLUGIN_PROVIDE(PUBKEY, KEY_RSA), PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1), @@ -302,6 +298,12 @@ int main(int argc, char *argv[]) lib->plugins->add_static_features(lib->plugins, "tkm-backend", features, countof(features), TRUE); + if (!register_dh_mapping()) + { + DBG1(DBG_DMN, "no DH group mapping defined - aborting %s", dmn_name); + goto deinit; + } + /* register TKM keymat variant */ keymat_register_constructor(IKEV2, (keymat_constructor_t)tkm_keymat_create); @@ -380,6 +382,7 @@ int main(int argc, char *argv[]) lib->encoding->remove_encoder(lib->encoding, tkm_encoder_encode); deinit: + destroy_dh_mapping(); libcharon_deinit(); libhydra_deinit(); library_deinit(); diff --git a/src/charon-tkm/src/tkm/tkm_diffie_hellman.c b/src/charon-tkm/src/tkm/tkm_diffie_hellman.c index 19f57de01..c30a03f39 100644 --- a/src/charon-tkm/src/tkm/tkm_diffie_hellman.c +++ b/src/charon-tkm/src/tkm/tkm_diffie_hellman.c @@ -21,10 +21,13 @@ #include "tkm_utils.h" #include "tkm_diffie_hellman.h" -#include <utils/debug.h> +#include <daemon.h> +#include <collections/hashtable.h> typedef struct private_tkm_diffie_hellman_t private_tkm_diffie_hellman_t; +static hashtable_t *group_map = NULL; + /** * Private data of a tkm_diffie_hellman_t object. */ @@ -102,6 +105,95 @@ METHOD(tkm_diffie_hellman_t, get_id, dh_id_type, return this->context_id; } +static u_int hash(void *key) +{ + diffie_hellman_group_t k = *(diffie_hellman_group_t*)key; + return chunk_hash(chunk_from_thing(k)); +} + +static bool equals(void *key, void *other_key) +{ + return *(diffie_hellman_group_t*)key == *(diffie_hellman_group_t*)other_key; +} + +/* + * Described in header. + */ +int register_dh_mapping() +{ + int count, i; + char *iana_id_str, *tkm_id_str; + diffie_hellman_group_t *iana_id; + u_int64_t *tkm_id; + hashtable_t *map; + enumerator_t *enumerator; + + map = hashtable_create((hashtable_hash_t)hash, + (hashtable_equals_t)equals, 16); + + enumerator = lib->settings->create_key_value_enumerator(lib->settings, + "%s.dh_mapping", + charon->name); + + while (enumerator->enumerate(enumerator, &iana_id_str, &tkm_id_str)) + { + iana_id = malloc_thing(diffie_hellman_group_t); + *iana_id = settings_value_as_int(iana_id_str, 0); + tkm_id = malloc_thing(u_int64_t); + *tkm_id = settings_value_as_int(tkm_id_str, 0); + + map->put(map, iana_id, tkm_id); + } + enumerator->destroy(enumerator); + + count = map->get_count(map); + plugin_feature_t f[count + 1]; + f[0] = PLUGIN_REGISTER(DH, tkm_diffie_hellman_create); + + i = 1; + enumerator = map->create_enumerator(map); + while (enumerator->enumerate(enumerator, &iana_id, &tkm_id)) + { + f[i] = PLUGIN_PROVIDE(DH, *iana_id); + i++; + } + enumerator->destroy(enumerator); + + lib->plugins->add_static_features(lib->plugins, "tkm-dh", f, countof(f), TRUE); + + if (count > 0) + { + group_map = map; + } + else + { + map->destroy(map); + } + + return count; +} + +/* + * Described in header. + */ +void destroy_dh_mapping() +{ + enumerator_t *enumerator; + char *key, *value; + + if (group_map) + { + enumerator = group_map->create_enumerator(group_map); + while (enumerator->enumerate(enumerator, &key, &value)) + { + free(key); + free(value); + } + enumerator->destroy(enumerator); + group_map->destroy(group_map); + } +} + /* * Described in header. */ @@ -109,6 +201,11 @@ tkm_diffie_hellman_t *tkm_diffie_hellman_create(diffie_hellman_group_t group) { private_tkm_diffie_hellman_t *this; + if (!group_map) + { + return NULL; + } + INIT(this, .public = { .dh = { @@ -130,7 +227,14 @@ tkm_diffie_hellman_t *tkm_diffie_hellman_create(diffie_hellman_group_t group) return NULL; } - if (ike_dh_create(this->context_id, group, &this->pubvalue) != TKM_OK) + u_int64_t *dha_id = group_map->get(group_map, &group); + if (!dha_id) + { + free(this); + return NULL; + } + + if (ike_dh_create(this->context_id, *dha_id, &this->pubvalue) != TKM_OK) { free(this); return NULL; diff --git a/src/charon-tkm/src/tkm/tkm_diffie_hellman.h b/src/charon-tkm/src/tkm/tkm_diffie_hellman.h index a144303fa..d38a414d8 100644 --- a/src/charon-tkm/src/tkm/tkm_diffie_hellman.h +++ b/src/charon-tkm/src/tkm/tkm_diffie_hellman.h @@ -47,6 +47,19 @@ struct tkm_diffie_hellman_t { }; /** + * Loads IANA DH group identifier to TKM id mapping from config and registers + * the corresponding DH features. + * + * @return number of registered mappings + */ +int register_dh_mapping(); + +/** + * Destroy IANA DH group identifier to TKM id mapping. + */ +void destroy_dh_mapping(); + +/** * Creates a new tkm_diffie_hellman_t object. * * @param group Diffie Hellman group number to use diff --git a/src/charon-tkm/tests/diffie_hellman_tests.c b/src/charon-tkm/tests/diffie_hellman_tests.c index b46f82a7e..89658a770 100644 --- a/src/charon-tkm/tests/diffie_hellman_tests.c +++ b/src/charon-tkm/tests/diffie_hellman_tests.c @@ -14,6 +14,7 @@ * for more details. */ +#include <daemon.h> #include <tests/test_suite.h> #include "tkm_diffie_hellman.h" diff --git a/src/charon-tkm/tests/tests.c b/src/charon-tkm/tests/tests.c index 189966eae..633e3ed16 100644 --- a/src/charon-tkm/tests/tests.c +++ b/src/charon-tkm/tests/tests.c @@ -60,15 +60,18 @@ static bool test_runner_init(bool init) static plugin_feature_t features[] = { PLUGIN_REGISTER(NONCE_GEN, tkm_nonceg_create), PLUGIN_PROVIDE(NONCE_GEN), - PLUGIN_REGISTER(DH, tkm_diffie_hellman_create), - PLUGIN_PROVIDE(DH, MODP_3072_BIT), - PLUGIN_PROVIDE(DH, MODP_4096_BIT), PLUGIN_CALLBACK(kernel_ipsec_register, tkm_kernel_ipsec_create), PLUGIN_PROVIDE(CUSTOM, "kernel-ipsec"), }; lib->plugins->add_static_features(lib->plugins, "tkm-tests", features, countof(features), TRUE); + lib->settings->set_int(lib->settings, "%s.dh_mapping.%d", 1, + charon->name, MODP_3072_BIT); + lib->settings->set_int(lib->settings, "%s.dh_mapping.%d", 2, + charon->name, MODP_4096_BIT); + register_dh_mapping(); + plugin_loader_add_plugindirs(BUILDDIR "/src/libstrongswan/plugins", PLUGINS); plugin_loader_add_plugindirs(BUILDDIR "/src/libhydra/plugins", @@ -90,6 +93,7 @@ static bool test_runner_init(bool init) result = FALSE; } + destroy_dh_mapping(); libcharon_deinit(); libhydra_deinit(); return result; |