charon-tkm: Implement IANA DH Id to TKM Id mapping
authorAdrian-Ken Rueegsegger <ken@codelabs.ch>
Tue, 26 Nov 2013 15:20:24 +0000 (16:20 +0100)
committerReto Buerki <reet@codelabs.ch>
Tue, 3 Dec 2013 10:58:53 +0000 (11:58 +0100)
The TKM Diffie-Hellman plugin now maps IANA DH identifiers to TKM DH
algorithm identifiers. The mapping is specified in the daemon's
'dh_mapping' section in the strongswan.conf file:

dh_mapping {
iana_id1 = tkm_id1
iana_id2 = tkm_id2
iana_id3 = tkm_id3
...
}

Only the mapped IANA IDs are registered as supported DH groups.

src/charon-tkm/src/charon-tkm.c
src/charon-tkm/src/tkm/tkm_diffie_hellman.c
src/charon-tkm/src/tkm/tkm_diffie_hellman.h
src/charon-tkm/tests/diffie_hellman_tests.c
src/charon-tkm/tests/tests.c

index 14a7355..3db0674 100644 (file)
@@ -288,10 +288,6 @@ int main(int argc, char *argv[])
        static plugin_feature_t features[] = {
                PLUGIN_REGISTER(NONCE_GEN, tkm_nonceg_create),
                        PLUGIN_PROVIDE(NONCE_GEN),
-               PLUGIN_REGISTER(DH, tkm_diffie_hellman_create),
-                       PLUGIN_PROVIDE(DH, MODP_2048_BIT),
-                       PLUGIN_PROVIDE(DH, MODP_3072_BIT),
-                       PLUGIN_PROVIDE(DH, MODP_4096_BIT),
                PLUGIN_REGISTER(PUBKEY, tkm_public_key_load, TRUE),
                        PLUGIN_PROVIDE(PUBKEY, KEY_RSA),
                        PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1),
@@ -302,6 +298,12 @@ int main(int argc, char *argv[])
        lib->plugins->add_static_features(lib->plugins, "tkm-backend", features,
                        countof(features), TRUE);
 
+       if (!register_dh_mapping())
+       {
+               DBG1(DBG_DMN, "no DH group mapping defined - aborting %s", dmn_name);
+               goto deinit;
+       }
+
        /* register TKM keymat variant */
        keymat_register_constructor(IKEV2, (keymat_constructor_t)tkm_keymat_create);
 
@@ -380,6 +382,7 @@ int main(int argc, char *argv[])
        lib->encoding->remove_encoder(lib->encoding, tkm_encoder_encode);
 
 deinit:
+       destroy_dh_mapping();
        libcharon_deinit();
        libhydra_deinit();
        library_deinit();
index 19f57de..c30a03f 100644 (file)
 #include "tkm_utils.h"
 #include "tkm_diffie_hellman.h"
 
-#include <utils/debug.h>
+#include <daemon.h>
+#include <collections/hashtable.h>
 
 typedef struct private_tkm_diffie_hellman_t private_tkm_diffie_hellman_t;
 
+static hashtable_t *group_map = NULL;
+
 /**
  * Private data of a tkm_diffie_hellman_t object.
  */
@@ -102,6 +105,95 @@ METHOD(tkm_diffie_hellman_t, get_id, dh_id_type,
        return this->context_id;
 }
 
+static u_int hash(void *key)
+{
+       diffie_hellman_group_t k = *(diffie_hellman_group_t*)key;
+       return chunk_hash(chunk_from_thing(k));
+}
+
+static bool equals(void *key, void *other_key)
+{
+       return *(diffie_hellman_group_t*)key == *(diffie_hellman_group_t*)other_key;
+}
+
+/*
+ * Described in header.
+ */
+int register_dh_mapping()
+{
+       int count, i;
+       char *iana_id_str, *tkm_id_str;
+       diffie_hellman_group_t *iana_id;
+       u_int64_t *tkm_id;
+       hashtable_t *map;
+       enumerator_t *enumerator;
+
+       map = hashtable_create((hashtable_hash_t)hash,
+                                                  (hashtable_equals_t)equals, 16);
+
+       enumerator = lib->settings->create_key_value_enumerator(lib->settings,
+                                                                                                                       "%s.dh_mapping",
+                                                                                                                       charon->name);
+
+       while (enumerator->enumerate(enumerator, &iana_id_str, &tkm_id_str))
+       {
+               iana_id = malloc_thing(diffie_hellman_group_t);
+               *iana_id = settings_value_as_int(iana_id_str, 0);
+               tkm_id = malloc_thing(u_int64_t);
+               *tkm_id = settings_value_as_int(tkm_id_str, 0);
+
+               map->put(map, iana_id, tkm_id);
+       }
+       enumerator->destroy(enumerator);
+
+       count = map->get_count(map);
+       plugin_feature_t f[count + 1];
+       f[0] = PLUGIN_REGISTER(DH, tkm_diffie_hellman_create);
+
+       i = 1;
+       enumerator = map->create_enumerator(map);
+       while (enumerator->enumerate(enumerator, &iana_id, &tkm_id))
+       {
+               f[i] = PLUGIN_PROVIDE(DH, *iana_id);
+               i++;
+       }
+       enumerator->destroy(enumerator);
+
+       lib->plugins->add_static_features(lib->plugins, "tkm-dh", f, countof(f), TRUE);
+
+       if (count > 0)
+       {
+               group_map = map;
+       }
+       else
+       {
+               map->destroy(map);
+       }
+
+       return count;
+}
+
+/*
+ * Described in header.
+ */
+void destroy_dh_mapping()
+{
+       enumerator_t *enumerator;
+       char *key, *value;
+
+       if (group_map)
+       {
+               enumerator = group_map->create_enumerator(group_map);
+               while (enumerator->enumerate(enumerator, &key, &value))
+               {
+                       free(key);
+                       free(value);
+               }
+               enumerator->destroy(enumerator);
+               group_map->destroy(group_map);
+       }
+}
+
 /*
  * Described in header.
  */
@@ -109,6 +201,11 @@ tkm_diffie_hellman_t *tkm_diffie_hellman_create(diffie_hellman_group_t group)
 {
        private_tkm_diffie_hellman_t *this;
 
+       if (!group_map)
+       {
+               return NULL;
+       }
+
        INIT(this,
                .public = {
                        .dh = {
@@ -130,7 +227,14 @@ tkm_diffie_hellman_t *tkm_diffie_hellman_create(diffie_hellman_group_t group)
                return NULL;
        }
 
-       if (ike_dh_create(this->context_id, group, &this->pubvalue) != TKM_OK)
+       u_int64_t *dha_id = group_map->get(group_map, &group);
+       if (!dha_id)
+       {
+               free(this);
+               return NULL;
+       }
+
+       if (ike_dh_create(this->context_id, *dha_id, &this->pubvalue) != TKM_OK)
        {
                free(this);
                return NULL;
index a144303..d38a414 100644 (file)
@@ -47,6 +47,19 @@ struct tkm_diffie_hellman_t {
 };
 
 /**
+ * Loads IANA DH group identifier to TKM id mapping from config and registers
+ * the corresponding DH features.
+ *
+ * @return          number of registered mappings
+ */
+int register_dh_mapping();
+
+/**
+ * Destroy IANA DH group identifier to TKM id mapping.
+ */
+void destroy_dh_mapping();
+
+/**
  * Creates a new tkm_diffie_hellman_t object.
  *
  * @param group                        Diffie Hellman group number to use
index b46f82a..89658a7 100644 (file)
@@ -14,6 +14,7 @@
  * for more details.
  */
 
+#include <daemon.h>
 #include <tests/test_suite.h>
 
 #include "tkm_diffie_hellman.h"
index 189966e..633e3ed 100644 (file)
@@ -60,15 +60,18 @@ static bool test_runner_init(bool init)
                static plugin_feature_t features[] = {
                        PLUGIN_REGISTER(NONCE_GEN, tkm_nonceg_create),
                                PLUGIN_PROVIDE(NONCE_GEN),
-                       PLUGIN_REGISTER(DH, tkm_diffie_hellman_create),
-                               PLUGIN_PROVIDE(DH, MODP_3072_BIT),
-                               PLUGIN_PROVIDE(DH, MODP_4096_BIT),
                        PLUGIN_CALLBACK(kernel_ipsec_register, tkm_kernel_ipsec_create),
                                PLUGIN_PROVIDE(CUSTOM, "kernel-ipsec"),
                };
                lib->plugins->add_static_features(lib->plugins, "tkm-tests", features,
                                                                                  countof(features), TRUE);
 
+               lib->settings->set_int(lib->settings, "%s.dh_mapping.%d", 1,
+                                                          charon->name, MODP_3072_BIT);
+               lib->settings->set_int(lib->settings, "%s.dh_mapping.%d", 2,
+                                                          charon->name, MODP_4096_BIT);
+               register_dh_mapping();
+
                plugin_loader_add_plugindirs(BUILDDIR "/src/libstrongswan/plugins",
                                                                         PLUGINS);
                plugin_loader_add_plugindirs(BUILDDIR "/src/libhydra/plugins",
@@ -90,6 +93,7 @@ static bool test_runner_init(bool init)
                result = FALSE;
        }
 
+       destroy_dh_mapping();
        libcharon_deinit();
        libhydra_deinit();
        return result;