Imported Upstream version 5.3.4

author: Yves-Alexis Perez <corsac@debian.org> 2015-11-18 14:49:27 +0100
committer: Yves-Alexis Perez <corsac@debian.org> 2015-11-18 14:49:27 +0100
commit: 1e980d6be0ef0e243c6fe82b5e855454b97e24a4 (patch)
tree: 0d59eec2ce2ed332434ae80fc78a44db9ad293c5 /src/charon-tkm
parent: 5dca9ea0e2931f0e2a056c7964d311bcc30a01b8 (diff)
download: vyos-strongswan-1e980d6be0ef0e243c6fe82b5e855454b97e24a4.tar.gz
vyos-strongswan-1e980d6be0ef0e243c6fe82b5e855454b97e24a4.zip
4 files changed, 147 insertions, 8 deletions
diff --git a/src/charon-tkm/src/charon-tkm.c b/src/charon-tkm/src/charon-tkm.c
index 7c60f0ca8..52d82f3ad 100644
--- a/src/charon-tkm/src/charon-tkm.c
+++ b/src/charon-tkm/src/charon-tkm.c
@@ -24,6 +24,7 @@
 #include <sys/types.h>
 #include <unistd.h>
 #include <libgen.h>
+#include <errno.h>
 
 #include <hydra.h>
 #include <daemon.h>
@@ -42,6 +43,7 @@
 #include "tkm_public_key.h"
 #include "tkm_cred.h"
 #include "tkm_encoder.h"
+#include "tkm_spi_generator.h"
 
 /**
  * TKM bus listener for IKE authorize events.
@@ -98,12 +100,11 @@ static void run()
 	while (TRUE)
 	{
 		int sig;
-		int error;
 
-		error = sigwait(&set, &sig);
-		if (error)
+		sig = sigwaitinfo(&set, NULL);
+		if (sig == -1)
 		{
-			DBG1(DBG_DMN, "error %d while waiting for a signal", error);
+			DBG1(DBG_DMN, "waiting for signal failed: %s", strerror(errno));
 			return;
 		}
 		switch (sig)
@@ -298,6 +299,9 @@ int main(int argc, char *argv[])
 			PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA256),
 		PLUGIN_CALLBACK(kernel_ipsec_register, tkm_kernel_ipsec_create),
 			PLUGIN_PROVIDE(CUSTOM, "kernel-ipsec"),
+		PLUGIN_CALLBACK(tkm_spi_generator_register, NULL),
+			PLUGIN_PROVIDE(CUSTOM, "tkm-spi-generator"),
+				PLUGIN_DEPENDS(CUSTOM, "libcharon-sa-managers"),
 	};
 	lib->plugins->add_static_features(lib->plugins, "tkm-backend", features,
 			countof(features), TRUE, NULL, NULL);
@@ -358,7 +362,7 @@ int main(int argc, char *argv[])
 	lib->encoding->add_encoder(lib->encoding, tkm_encoder_encode);
 
 	/* add handler for SEGV and ILL,
-	 * INT and TERM are handled by sigwait() in run() */
+	 * INT and TERM are handled by sigwaitinfo() in run() */
 	action.sa_handler = segv_handler;
 	action.sa_flags = 0;
 	sigemptyset(&action.sa_mask);
diff --git a/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c b/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c
index 7a0672aa8..2d22fbdc3 100644
--- a/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c
+++ b/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c
@@ -281,9 +281,10 @@ METHOD(kernel_ipsec_t, query_policy, status_t,
 }
 
 METHOD(kernel_ipsec_t, del_policy, status_t,
-	private_tkm_kernel_ipsec_t *this, traffic_selector_t *src_ts,
-	traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t reqid,
-	mark_t mark, policy_priority_t prio)
+	private_tkm_kernel_ipsec_t *this, host_t *src, host_t *dst,
+	traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
+	policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa,
+	mark_t mark, policy_priority_t priority)
 {
 	return SUCCESS;
 }
diff --git a/src/charon-tkm/src/tkm/tkm_spi_generator.c b/src/charon-tkm/src/tkm/tkm_spi_generator.c
new file mode 100644
index 000000000..eff0ca91e
--- /dev/null
+++ b/src/charon-tkm/src/tkm/tkm_spi_generator.c
@@ -0,0 +1,98 @@
+/*
+ * Copyright (C) 2015 Reto Buerki
+ * Copyright (C) 2015 Adrian-Ken Rueegsegger
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include <inttypes.h>
+#include <library.h>
+#include <daemon.h>
+
+#include "tkm_spi_generator.h"
+
+/**
+ * Get SPI callback arguments
+ */
+typedef struct {
+	rng_t *rng;
+	u_int64_t spi_mask;
+	u_int64_t spi_label;
+} get_spi_args_t;
+
+static get_spi_args_t *spi_args;
+
+/**
+ * Callback called to generate an IKE SPI.
+ *
+ * @param this			Callback args containing rng_t and spi mask & label
+ * @return				labeled SPI
+ */
+CALLBACK(tkm_get_spi, u_int64_t,
+	const get_spi_args_t const *this)
+{
+	u_int64_t spi;
+
+	if (!this->rng->get_bytes(this->rng, sizeof(spi), (u_int8_t*)&spi))
+	{
+		return 0;
+	}
+
+	return (spi & ~this->spi_mask) | this->spi_label;
+}
+
+bool tkm_spi_generator_register(plugin_t *plugin,
+                                plugin_feature_t *feature,
+                                bool reg, void *cb_data)
+{
+	u_int64_t spi_mask, spi_label;
+	char *spi_val;
+	rng_t *rng;
+
+	if (reg)
+	{
+		rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
+		if (!rng)
+		{
+			return FALSE;
+		}
+
+		spi_val = lib->settings->get_str(lib->settings, "%s.spi_mask", NULL,
+										 lib->ns);
+		spi_mask = settings_value_as_uint64(spi_val, 0);
+
+		spi_val = lib->settings->get_str(lib->settings, "%s.spi_label", NULL,
+										 lib->ns);
+		spi_label = settings_value_as_uint64(spi_val, 0);
+
+		INIT(spi_args,
+			.rng = rng,
+			.spi_mask = spi_mask,
+			.spi_label = spi_label,
+		);
+
+		charon->ike_sa_manager->set_spi_cb(charon->ike_sa_manager,
+				tkm_get_spi, spi_args);
+		DBG1(DBG_IKE, "using SPI label 0x%.16"PRIx64" and mask 0x%.16"PRIx64,
+			 spi_label, spi_mask);
+	}
+	else
+	{
+		if (spi_args)
+		{
+			DESTROY_IF(spi_args->rng);
+			free(spi_args);
+		}
+	}
+
+	return TRUE;
+}
diff --git a/src/charon-tkm/src/tkm/tkm_spi_generator.h b/src/charon-tkm/src/tkm/tkm_spi_generator.h
new file mode 100644
index 000000000..5f9ff03c6
--- /dev/null
+++ b/src/charon-tkm/src/tkm/tkm_spi_generator.h
@@ -0,0 +1,36 @@
+/*
+ * Copyright (C) 2015 Reto Buerki
+ * Copyright (C) 2015 Adrian-Ken Rueegsegger
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup tkm-spi-generator spi generator
+ * @{ @ingroup tkm
+ */
+
+#ifndef TKM_SPI_GENERATOR_H_
+#define TKM_SPI_GENERATOR_H_
+
+#include <plugins/plugin.h>
+
+/**
+ * Register the TKM SPI generator callback.
+ *
+ * @return			TRUE on success
+ */
+bool tkm_spi_generator_register(plugin_t *plugin,
+                                plugin_feature_t *feature,
+                                bool reg, void *cb_data);
+
+#endif /** TKM_SPI_GENERATOR_H_ @}*/
author	Yves-Alexis Perez <corsac@debian.org>	2015-11-18 14:49:27 +0100
committer	Yves-Alexis Perez <corsac@debian.org>	2015-11-18 14:49:27 +0100
commit	1e980d6be0ef0e243c6fe82b5e855454b97e24a4 (patch)
tree	0d59eec2ce2ed332434ae80fc78a44db9ad293c5 /src/charon-tkm
parent	5dca9ea0e2931f0e2a056c7964d311bcc30a01b8 (diff)
download	vyos-strongswan-1e980d6be0ef0e243c6fe82b5e855454b97e24a4.tar.gz vyos-strongswan-1e980d6be0ef0e243c6fe82b5e855454b97e24a4.zip