diff options
author | Adrian-Ken Rueegsegger <ken@codelabs.ch> | 2012-09-12 11:52:08 +0200 |
---|---|---|
committer | Tobias Brunner <tobias@strongswan.org> | 2013-03-19 15:23:48 +0100 |
commit | d0ab667c99a7ac4ecfe6cb0f941843a6751a600e (patch) | |
tree | 9dbd251a7d22819aea88e6f70c4e20fc9fd659fd /src/charon-tkm | |
parent | 6ed5c3bb1e5229e23d4810ca45bdf5ec833bb187 (diff) | |
download | strongswan-d0ab667c99a7ac4ecfe6cb0f941843a6751a600e.tar.bz2 strongswan-d0ab667c99a7ac4ecfe6cb0f941843a6751a600e.tar.xz |
Use rng to generate local ESP SPIs
Diffstat (limited to 'src/charon-tkm')
-rw-r--r-- | src/charon-tkm/src/charon-tkm.c | 2 | ||||
-rw-r--r-- | src/charon-tkm/src/tkm/tkm_kernel_ipsec.c | 20 | ||||
-rw-r--r-- | src/charon-tkm/tests/keymat_tests.c | 1 |
3 files changed, 19 insertions, 4 deletions
diff --git a/src/charon-tkm/src/charon-tkm.c b/src/charon-tkm/src/charon-tkm.c index 1d21e7daf..f7b59008c 100644 --- a/src/charon-tkm/src/charon-tkm.c +++ b/src/charon-tkm/src/charon-tkm.c @@ -28,7 +28,6 @@ #include <hydra.h> #include <daemon.h> #include <plugins/kernel_netlink/kernel_netlink_net.h> - #include <library.h> #include <utils/backtrace.h> #include <threading/thread.h> @@ -288,6 +287,7 @@ int main(int argc, char *argv[]) PLUGIN_PROVIDE(DH, MODP_4096_BIT), PLUGIN_CALLBACK(kernel_ipsec_register, tkm_kernel_ipsec_create), PLUGIN_PROVIDE(CUSTOM, "kernel-ipsec"), + PLUGIN_DEPENDS(RNG, RNG_WEAK), PLUGIN_CALLBACK(kernel_net_register, kernel_netlink_net_create), PLUGIN_PROVIDE(CUSTOM, "kernel-net"), diff --git a/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c b/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c index 3a58e23fe..ce6a26e5b 100644 --- a/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c +++ b/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c @@ -39,6 +39,11 @@ struct private_tkm_kernel_ipsec_t { tkm_kernel_ipsec_t public; /** + * RNG used for SPI generation. + */ + rng_t *rng; + + /** * Local CHILD SA SPI. */ uint32_t esp_spi_loc; @@ -50,9 +55,9 @@ METHOD(kernel_ipsec_t, get_spi, status_t, u_int8_t protocol, u_int32_t reqid, u_int32_t *spi) { DBG1(DBG_KNL, "getting SPI for reqid {%u}", reqid); - /* fake SPI for now */ - *spi = 92726226; - return SUCCESS; + const bool result = this->rng->get_bytes(this->rng, sizeof(u_int32_t), + (u_int8_t *)spi); + return result ? SUCCESS : FAILED; } METHOD(kernel_ipsec_t, get_cpi, status_t, @@ -209,6 +214,7 @@ METHOD(kernel_ipsec_t, enable_udp_decap, bool, METHOD(kernel_ipsec_t, destroy, void, private_tkm_kernel_ipsec_t *this) { + DESTROY_IF(this->rng); free(this); } @@ -238,8 +244,16 @@ tkm_kernel_ipsec_t *tkm_kernel_ipsec_create() .destroy = _destroy, }, }, + .rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK), .esp_spi_loc = 0, ); + if (!this->rng) + { + DBG1(DBG_KNL, "unable to create RNG"); + destroy(this); + return NULL; + } + return &this->public; } diff --git a/src/charon-tkm/tests/keymat_tests.c b/src/charon-tkm/tests/keymat_tests.c index 0d74ad55c..82ecf1ce3 100644 --- a/src/charon-tkm/tests/keymat_tests.c +++ b/src/charon-tkm/tests/keymat_tests.c @@ -43,6 +43,7 @@ START_TEST(test_derive_ike_keys) PLUGIN_PROVIDE(DH, MODP_4096_BIT), PLUGIN_CALLBACK(kernel_ipsec_register, tkm_kernel_ipsec_create), PLUGIN_PROVIDE(CUSTOM, "kernel-ipsec"), + PLUGIN_DEPENDS(RNG, RNG_WEAK), PLUGIN_CALLBACK(kernel_net_register, kernel_netlink_net_create), PLUGIN_PROVIDE(CUSTOM, "kernel-net"), }; |