libhydra: Remove empty unused library
[strongswan.git] / src / charon-tkm / src / charon-tkm.c
index 0782bda..13352e5 100644 (file)
 #include <sys/types.h>
 #include <unistd.h>
 #include <libgen.h>
+#include <errno.h>
 
-#include <hydra.h>
 #include <daemon.h>
-
 #include <library.h>
 #include <utils/backtrace.h>
 #include <threading/thread.h>
 #include <sa/keymat.h>
+#include <credentials/credential_manager.h>
 
 #include "tkm.h"
 #include "tkm_nonceg.h"
 #include "tkm_keymat.h"
 #include "tkm_listener.h"
 #include "tkm_kernel_ipsec.h"
+#include "tkm_public_key.h"
+#include "tkm_cred.h"
+#include "tkm_encoder.h"
+#include "tkm_spi_generator.h"
 
 /**
  * TKM bus listener for IKE authorize events.
@@ -95,12 +99,15 @@ static void run()
        while (TRUE)
        {
                int sig;
-               int error;
 
-               error = sigwait(&set, &sig);
-               if (error)
+               sig = sigwaitinfo(&set, NULL);
+               if (sig == -1)
                {
-                       DBG1(DBG_DMN, "error %d while waiting for a signal", error);
+                       if (errno == EINTR)
+                       {       /* ignore signals we didn't wait for */
+                               continue;
+                       }
+                       DBG1(DBG_DMN, "waiting for signal failed: %s", strerror(errno));
                        return;
                }
                switch (sig)
@@ -117,11 +124,6 @@ static void run()
                                charon->bus->alert(charon->bus, ALERT_SHUTDOWN_SIGNAL, sig);
                                return;
                        }
-                       default:
-                       {
-                               DBG1(DBG_DMN, "unknown signal %d received. Ignored", sig);
-                               break;
-                       }
                }
        }
 }
@@ -148,13 +150,13 @@ static void segv_handler(int signal)
 static bool lookup_uid_gid()
 {
 #ifdef IPSEC_USER
-       if (!charon->caps->resolve_uid(charon->caps, IPSEC_USER))
+       if (!lib->caps->resolve_uid(lib->caps, IPSEC_USER))
        {
                return FALSE;
        }
 #endif
 #ifdef IPSEC_GROUP
-       if (!charon->caps->resolve_gid(charon->caps, IPSEC_GROUP))
+       if (!lib->caps->resolve_gid(lib->caps, IPSEC_GROUP))
        {
                return FALSE;
        }
@@ -198,8 +200,8 @@ static bool check_pidfile()
        if (pidfile)
        {
                ignore_result(fchown(fileno(pidfile),
-                                                        charon->caps->get_uid(charon->caps),
-                                                        charon->caps->get_gid(charon->caps)));
+                                                        lib->caps->get_uid(lib->caps),
+                                                        lib->caps->get_gid(lib->caps)));
                fprintf(pidfile, "%d\n", getpid());
                fflush(pidfile);
        }
@@ -237,6 +239,9 @@ int main(int argc, char *argv[])
                dmn_name = "charon-tkm";
        }
 
+       /* TKM credential set */
+       tkm_cred_t *creds;
+
        struct sigaction action;
        int status = SS_RC_INITIALIZATION_FAILED;
 
@@ -244,21 +249,13 @@ int main(int argc, char *argv[])
        dbg = dbg_syslog;
 
        /* initialize library */
-       if (!library_init(NULL))
-       {
-               library_deinit();
-               exit(status);
-       }
-
-       if (!libhydra_init(dmn_name))
+       if (!library_init(NULL, dmn_name))
        {
-               dbg_syslog(DBG_DMN, 1, "initialization failed - aborting %s", dmn_name);
-               libhydra_deinit();
                library_deinit();
                exit(status);
        }
 
-       if (!libcharon_init(dmn_name))
+       if (!libcharon_init())
        {
                dbg_syslog(DBG_DMN, 1, "initialization failed - aborting %s", dmn_name);
                goto deinit;
@@ -270,6 +267,10 @@ int main(int argc, char *argv[])
                goto deinit;
        }
 
+       /* the authorize hook currently does not support RFC 7427 signature auth */
+       lib->settings->set_bool(lib->settings, "%s.signature_authentication", FALSE,
+                                                       dmn_name);
+
        /* make sure we log to the DAEMON facility by default */
        lib->settings->set_int(lib->settings, "%s.syslog.daemon.default",
                        lib->settings->get_int(lib->settings, "%s.syslog.daemon.default", 1,
@@ -282,14 +283,24 @@ int main(int argc, char *argv[])
        static plugin_feature_t features[] = {
                PLUGIN_REGISTER(NONCE_GEN, tkm_nonceg_create),
                        PLUGIN_PROVIDE(NONCE_GEN),
-               PLUGIN_REGISTER(DH, tkm_diffie_hellman_create),
-                       PLUGIN_PROVIDE(DH, MODP_3072_BIT),
-                       PLUGIN_PROVIDE(DH, MODP_4096_BIT),
+               PLUGIN_REGISTER(PUBKEY, tkm_public_key_load, TRUE),
+                       PLUGIN_PROVIDE(PUBKEY, KEY_RSA),
+                       PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1),
+                       PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA256),
                PLUGIN_CALLBACK(kernel_ipsec_register, tkm_kernel_ipsec_create),
                        PLUGIN_PROVIDE(CUSTOM, "kernel-ipsec"),
+               PLUGIN_CALLBACK(tkm_spi_generator_register, NULL),
+                       PLUGIN_PROVIDE(CUSTOM, "tkm-spi-generator"),
+                               PLUGIN_DEPENDS(CUSTOM, "libcharon-sa-managers"),
        };
        lib->plugins->add_static_features(lib->plugins, "tkm-backend", features,
-                       countof(features), TRUE);
+                       countof(features), TRUE, NULL, NULL);
+
+       if (!register_dh_mapping())
+       {
+               DBG1(DBG_DMN, "no DH group mapping defined - aborting %s", dmn_name);
+               goto deinit;
+       }
 
        /* register TKM keymat variant */
        keymat_register_constructor(IKEV2, (keymat_constructor_t)tkm_keymat_create);
@@ -300,6 +311,7 @@ int main(int argc, char *argv[])
                DBG1(DBG_DMN, "initialization failed - aborting %s", dmn_name);
                goto deinit;
        }
+       lib->plugins->status(lib->plugins, LEVEL_CTRL);
 
        /* set global pidfile name depending on daemon name */
        if (asprintf(&pidfile_name, IPSEC_PIDDIR"/%s.pid", dmn_name) < 0)
@@ -315,7 +327,7 @@ int main(int argc, char *argv[])
                goto deinit;
        }
 
-       if (!charon->caps->drop(charon->caps))
+       if (!lib->caps->drop(lib->caps))
        {
                DBG1(DBG_DMN, "capability dropping failed - aborting %s", dmn_name);
                goto deinit;
@@ -332,8 +344,15 @@ int main(int argc, char *argv[])
        listener = tkm_listener_create();
        charon->bus->add_listener(charon->bus, &listener->listener);
 
+       /* register TKM credential set */
+       creds = tkm_cred_create();
+       lib->credmgr->add_set(lib->credmgr, (credential_set_t*)creds);
+
+       /* register TKM credential encoder */
+       lib->encoding->add_encoder(lib->encoding, tkm_encoder_encode);
+
        /* add handler for SEGV and ILL,
-        * INT and TERM are handled by sigwait() in run() */
+        * INT and TERM are handled by sigwaitinfo() in run() */
        action.sa_handler = segv_handler;
        action.sa_flags = 0;
        sigemptyset(&action.sa_mask);
@@ -357,10 +376,12 @@ int main(int argc, char *argv[])
        status = 0;
        charon->bus->remove_listener(charon->bus, &listener->listener);
        listener->destroy(listener);
+       creds->destroy(creds);
+       lib->encoding->remove_encoder(lib->encoding, tkm_encoder_encode);
 
 deinit:
+       destroy_dh_mapping();
        libcharon_deinit();
-       libhydra_deinit();
        library_deinit();
        tkm_deinit();
        return status;