#include <hydra.h>
#include <daemon.h>
#include <plugins/kernel_netlink/kernel_netlink_net.h>
-
#include <library.h>
#include <utils/backtrace.h>
#include <threading/thread.h>
PLUGIN_PROVIDE(DH, MODP_4096_BIT),
PLUGIN_CALLBACK(kernel_ipsec_register, tkm_kernel_ipsec_create),
PLUGIN_PROVIDE(CUSTOM, "kernel-ipsec"),
+ PLUGIN_DEPENDS(RNG, RNG_WEAK),
PLUGIN_CALLBACK(kernel_net_register, kernel_netlink_net_create),
PLUGIN_PROVIDE(CUSTOM, "kernel-net"),
tkm_kernel_ipsec_t public;
/**
+ * RNG used for SPI generation.
+ */
+ rng_t *rng;
+
+ /**
* Local CHILD SA SPI.
*/
uint32_t esp_spi_loc;
u_int8_t protocol, u_int32_t reqid, u_int32_t *spi)
{
DBG1(DBG_KNL, "getting SPI for reqid {%u}", reqid);
- /* fake SPI for now */
- *spi = 92726226;
- return SUCCESS;
+ const bool result = this->rng->get_bytes(this->rng, sizeof(u_int32_t),
+ (u_int8_t *)spi);
+ return result ? SUCCESS : FAILED;
}
METHOD(kernel_ipsec_t, get_cpi, status_t,
METHOD(kernel_ipsec_t, destroy, void,
private_tkm_kernel_ipsec_t *this)
{
+ DESTROY_IF(this->rng);
free(this);
}
.destroy = _destroy,
},
},
+ .rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK),
.esp_spi_loc = 0,
);
+ if (!this->rng)
+ {
+ DBG1(DBG_KNL, "unable to create RNG");
+ destroy(this);
+ return NULL;
+ }
+
return &this->public;
}
PLUGIN_PROVIDE(DH, MODP_4096_BIT),
PLUGIN_CALLBACK(kernel_ipsec_register, tkm_kernel_ipsec_create),
PLUGIN_PROVIDE(CUSTOM, "kernel-ipsec"),
+ PLUGIN_DEPENDS(RNG, RNG_WEAK),
PLUGIN_CALLBACK(kernel_net_register, kernel_netlink_net_create),
PLUGIN_PROVIDE(CUSTOM, "kernel-net"),
};