aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorAdrian-Ken Rueegsegger <ken@codelabs.ch>2012-09-14 15:42:17 +0200
committerTobias Brunner <tobias@strongswan.org>2013-03-19 15:23:48 +0100
commitde20230111461e71db1703d376c20f54d726de89 (patch)
treecd289c82dd900621a5e3552414610a037b10240a /src
parent1e13904f457a1d4a97757e695bac7e9cb683b90d (diff)
downloadstrongswan-de20230111461e71db1703d376c20f54d726de89.tar.bz2
strongswan-de20230111461e71db1703d376c20f54d726de89.tar.xz
Use SAD to manage TKM ESA context information
An SAD entry is added after successfull creation of a TKM ESA context in the add_sa() function. The corresponding entry is removed in del_sa() using the SAD, src, dst, spi and protocol parameters.
Diffstat (limited to 'src')
-rw-r--r--src/charon-tkm/src/tkm/tkm_kernel_ipsec.c49
1 files changed, 43 insertions, 6 deletions
diff --git a/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c b/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c
index ce6a26e5b..c97869d9c 100644
--- a/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c
+++ b/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c
@@ -22,8 +22,10 @@
#include <tkm/constants.h>
#include <tkm/client.h>
+#include "tkm.h"
#include "tkm_types.h"
#include "tkm_keymat.h"
+#include "tkm_kernel_sad.h"
#include "tkm_kernel_ipsec.h"
typedef struct private_tkm_kernel_ipsec_t private_tkm_kernel_ipsec_t;
@@ -48,6 +50,11 @@ struct private_tkm_kernel_ipsec_t {
*/
uint32_t esp_spi_loc;
+ /**
+ * CHILD/ESP SA database.
+ */
+ tkm_kernel_sad_t *sad;
+
};
METHOD(kernel_ipsec_t, get_spi, status_t,
@@ -82,12 +89,21 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
return SUCCESS;
}
const esa_info_t esa = *(esa_info_t *)(enc_key.ptr);
- DBG1(DBG_KNL, "adding child SA (isa: %llu, esp_spi_loc: %x, esp_spi_rem:"
- " %x)", esa.isa_id, ntohl(this->esp_spi_loc), ntohl(spi));
- if (ike_esa_create_first (1, esa.isa_id, 1, 1, ntohl(this->esp_spi_loc),
- ntohl(spi)) != TKM_OK)
+ const esa_id_type esa_id = tkm->idmgr->acquire_id(tkm->idmgr, TKM_CTX_ESA);
+ DBG1(DBG_KNL, "adding child SA (esa: %llu, isa: %llu, esp_spi_loc: %x, esp_spi_rem:"
+ " %x)", esa_id, esa.isa_id, ntohl(this->esp_spi_loc), ntohl(spi));
+ if (!this->sad->insert(this->sad, esa_id, src, dst, spi, protocol))
+ {
+ DBG1(DBG_KNL, "unable to add entry (%llu) to SAD", esa_id);
+ tkm->idmgr->release_id(tkm->idmgr, TKM_CTX_ESA, esa_id);
+ return FAILED;
+ }
+ if (ike_esa_create_first(esa_id, esa.isa_id, 1, 1, ntohl(this->esp_spi_loc),
+ ntohl(spi)) != TKM_OK)
{
- DBG1(DBG_KNL, "child SA creation failed");
+ DBG1(DBG_KNL, "child SA (%llu) creation failed", esa_id);
+ this->sad->remove(this->sad, esa_id);
+ tkm->idmgr->release_id(tkm->idmgr, TKM_CTX_ESA, esa_id);
return FAILED;
}
this->esp_spi_loc = 0;
@@ -106,7 +122,20 @@ METHOD(kernel_ipsec_t, del_sa, status_t,
private_tkm_kernel_ipsec_t *this, host_t *src, host_t *dst,
u_int32_t spi, u_int8_t protocol, u_int16_t cpi, mark_t mark)
{
- DBG1(DBG_KNL, "deleting child SA with SPI %.8x", ntohl(spi));
+ const esa_id_type esa_id = this->sad->get_esa_id(this->sad, src, dst, spi,
+ protocol);
+ if (esa_id)
+ {
+ DBG1(DBG_KNL, "deleting child SA (esa: %llu, spi: %x)", esa_id,
+ ntohl(spi));
+ if (ike_esa_reset(esa_id) != TKM_OK)
+ {
+ DBG1(DBG_KNL, "child SA (%llu) deletion failed", esa_id);
+ return FAILED;
+ }
+ this->sad->remove(this->sad, esa_id);
+ tkm->idmgr->release_id(tkm->idmgr, TKM_CTX_ESA, esa_id);
+ }
return SUCCESS;
}
@@ -215,6 +244,7 @@ METHOD(kernel_ipsec_t, destroy, void,
private_tkm_kernel_ipsec_t *this)
{
DESTROY_IF(this->rng);
+ DESTROY_IF(this->sad);
free(this);
}
@@ -246,6 +276,7 @@ tkm_kernel_ipsec_t *tkm_kernel_ipsec_create()
},
.rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK),
.esp_spi_loc = 0,
+ .sad = tkm_kernel_sad_create(),
);
if (!this->rng)
@@ -254,6 +285,12 @@ tkm_kernel_ipsec_t *tkm_kernel_ipsec_create()
destroy(this);
return NULL;
}
+ if (!this->sad)
+ {
+ DBG1(DBG_KNL, "unable to create SAD");
+ destroy(this);
+ return NULL;
+ }
return &this->public;
}