static bool test_runner_init(bool init) { bool result = TRUE; if (init) { libhydra_init("test_runner"); libcharon_init("test_runner"); lib->settings->set_int(lib->settings, "test_runner.filelog.stdout.default", 0); charon->load_loggers(charon, NULL, FALSE); /* Register TKM specific plugins */ static plugin_feature_t features[] = { PLUGIN_REGISTER(NONCE_GEN, tkm_nonceg_create), PLUGIN_PROVIDE(NONCE_GEN), PLUGIN_CALLBACK(kernel_ipsec_register, tkm_kernel_ipsec_create), PLUGIN_PROVIDE(CUSTOM, "kernel-ipsec"), }; lib->plugins->add_static_features(lib->plugins, "tkm-tests", features, countof(features), TRUE); lib->settings->set_int(lib->settings, "%s.dh_mapping.%d", 1, charon->name, MODP_3072_BIT); lib->settings->set_int(lib->settings, "%s.dh_mapping.%d", 2, charon->name, MODP_4096_BIT); register_dh_mapping(); plugin_loader_add_plugindirs(BUILDDIR "/src/libstrongswan/plugins", PLUGINS); plugin_loader_add_plugindirs(BUILDDIR "/src/libhydra/plugins", PLUGINS); plugin_loader_add_plugindirs(BUILDDIR "/src/libcharon/plugins", PLUGINS); if (charon->initialize(charon, PLUGINS)) { if (!tkm_initialized) { if (!tkm_init()) { return FALSE; } tkm_initialized = true; } return TRUE; } result = FALSE; } destroy_dh_mapping(); libcharon_deinit(); libhydra_deinit(); return result; }
/** * Initialize library */ static void init() { plugin_feature_t features[] = { PLUGIN_NOOP, PLUGIN_PROVIDE(CUSTOM, "pt-tls-client"), PLUGIN_DEPENDS(CUSTOM, "tnccs-manager"), }; library_init(NULL, "pt-tls-client"); libtnccs_init(); init_log("pt-tls-client"); options = options_create(); lib->plugins->add_static_features(lib->plugins, "pt-tls-client", features, countof(features), TRUE, NULL, NULL); if (!lib->plugins->load(lib->plugins, lib->settings->get_str(lib->settings, "pt-tls-client.load", PLUGINS))) { exit(SS_RC_INITIALIZATION_FAILED); } lib->plugins->status(lib->plugins, LEVEL_CTRL); creds = mem_cred_create(); lib->credmgr->add_set(lib->credmgr, &creds->set); atexit(cleanup); }
/** * Perform a signature verification "good" test having a keypair */ static void test_good_sig(private_key_t *privkey, public_key_t *pubkey) { chunk_t sig, data = chunk_from_chars(0x01,0x02,0x03,0xFD,0xFE,0xFF); int i; for (i = 0; i < countof(schemes); i++) { if (!lib->plugins->has_feature(lib->plugins, PLUGIN_PROVIDE(PUBKEY_VERIFY, schemes[i])) || !lib->plugins->has_feature(lib->plugins, PLUGIN_PROVIDE(PRIVKEY_SIGN, schemes[i]))) { continue; } fail_unless(privkey->sign(privkey, schemes[i], data, &sig), "sign %N", signature_scheme_names, schemes[i]); fail_unless(pubkey->verify(pubkey, schemes[i], data, sig), "verify %N", signature_scheme_names, schemes[i]); free(sig.ptr); } }
/** * Check public key that it properly fails against some crafted sigs */ static void test_bad_sigs(public_key_t *pubkey) { chunk_t data = chunk_from_chars(0x01,0x02,0x03,0xFD,0xFE,0xFF); int s, i; for (s = 0; s < countof(schemes); s++) { if (!lib->plugins->has_feature(lib->plugins, PLUGIN_PROVIDE(PUBKEY_VERIFY, schemes[s]))) { continue; } for (i = 0; i < countof(invalid_sigs); i++) { fail_if( pubkey->verify(pubkey, schemes[s], data, invalid_sigs[i]), "bad %N sig accepted %B", signature_scheme_names, schemes[s], &invalid_sigs[i]); } } }
/** * Main function, starts TKM backend. */ int main(int argc, char *argv[]) { char *dmn_name; if (argc > 0 && strlen(argv[0]) > 0) { dmn_name = basename(argv[0]); } else { dmn_name = "charon-tkm"; } /* TKM credential set */ tkm_cred_t *creds; struct sigaction action; int status = SS_RC_INITIALIZATION_FAILED; /* logging for library during initialization, as we have no bus yet */ dbg = dbg_syslog; /* initialize library */ if (!library_init(NULL, dmn_name)) { library_deinit(); exit(status); } if (!libhydra_init()) { dbg_syslog(DBG_DMN, 1, "initialization failed - aborting %s", dmn_name); libhydra_deinit(); library_deinit(); exit(status); } if (!libcharon_init()) { dbg_syslog(DBG_DMN, 1, "initialization failed - aborting %s", dmn_name); goto deinit; } if (!lookup_uid_gid()) { dbg_syslog(DBG_DMN, 1, "invalid uid/gid - aborting %s", dmn_name); goto deinit; } /* make sure we log to the DAEMON facility by default */ lib->settings->set_int(lib->settings, "%s.syslog.daemon.default", lib->settings->get_int(lib->settings, "%s.syslog.daemon.default", 1, dmn_name), dmn_name); charon->load_loggers(charon, NULL, FALSE); DBG1(DBG_DMN, "Starting charon with TKM backend (strongSwan "VERSION")"); /* register TKM specific plugins */ static plugin_feature_t features[] = { PLUGIN_REGISTER(NONCE_GEN, tkm_nonceg_create), PLUGIN_PROVIDE(NONCE_GEN), PLUGIN_REGISTER(PUBKEY, tkm_public_key_load, TRUE), PLUGIN_PROVIDE(PUBKEY, KEY_RSA), PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1), PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA256), PLUGIN_CALLBACK(kernel_ipsec_register, tkm_kernel_ipsec_create), PLUGIN_PROVIDE(CUSTOM, "kernel-ipsec"), }; lib->plugins->add_static_features(lib->plugins, "tkm-backend", features, countof(features), TRUE); if (!register_dh_mapping()) { DBG1(DBG_DMN, "no DH group mapping defined - aborting %s", dmn_name); goto deinit; } /* register TKM keymat variant */ keymat_register_constructor(IKEV2, (keymat_constructor_t)tkm_keymat_create); /* initialize daemon */ if (!charon->initialize(charon, PLUGINS)) { DBG1(DBG_DMN, "initialization failed - aborting %s", dmn_name); goto deinit; } lib->plugins->status(lib->plugins, LEVEL_CTRL); /* set global pidfile name depending on daemon name */ if (asprintf(&pidfile_name, IPSEC_PIDDIR"/%s.pid", dmn_name) < 0) { DBG1(DBG_DMN, "unable to set pidfile name - aborting %s", dmn_name); goto deinit; }; if (check_pidfile()) { DBG1(DBG_DMN, "%s already running (\"%s\" exists)", dmn_name, pidfile_name); goto deinit; } if (!lib->caps->drop(lib->caps)) { DBG1(DBG_DMN, "capability dropping failed - aborting %s", dmn_name); goto deinit; } /* initialize TKM client */ if (!tkm_init()) { DBG1(DBG_DMN, "init of TKM client failed - aborting %s", dmn_name); goto deinit; } /* register TKM authorization hook */ listener = tkm_listener_create(); charon->bus->add_listener(charon->bus, &listener->listener); /* register TKM credential set */ creds = tkm_cred_create(); lib->credmgr->add_set(lib->credmgr, (credential_set_t*)creds); /* register TKM credential encoder */ lib->encoding->add_encoder(lib->encoding, tkm_encoder_encode); /* add handler for SEGV and ILL, * INT and TERM are handled by sigwait() in run() */ action.sa_handler = segv_handler; action.sa_flags = 0; sigemptyset(&action.sa_mask); sigaddset(&action.sa_mask, SIGINT); sigaddset(&action.sa_mask, SIGTERM); sigaction(SIGSEGV, &action, NULL); sigaction(SIGILL, &action, NULL); sigaction(SIGBUS, &action, NULL); action.sa_handler = SIG_IGN; sigaction(SIGPIPE, &action, NULL); pthread_sigmask(SIG_SETMASK, &action.sa_mask, NULL); /* start daemon (i.e. the threads in the thread-pool) */ charon->start(charon); /* main thread goes to run loop */ run(); unlink_pidfile(); status = 0; charon->bus->remove_listener(charon->bus, &listener->listener); listener->destroy(listener); creds->destroy(creds); lib->encoding->remove_encoder(lib->encoding, tkm_encoder_encode); deinit: destroy_dh_mapping(); libcharon_deinit(); libhydra_deinit(); library_deinit(); tkm_deinit(); return status; }