static bool test_runner_init(bool init)
{
bool result = TRUE;
if (init)
{
libhydra_init("test_runner");
libcharon_init("test_runner");
lib->settings->set_int(lib->settings,
"test_runner.filelog.stdout.default", 0);
charon->load_loggers(charon, NULL, FALSE);
/* Register TKM specific plugins */
static plugin_feature_t features[] = {
PLUGIN_REGISTER(NONCE_GEN, tkm_nonceg_create),
PLUGIN_PROVIDE(NONCE_GEN),
PLUGIN_CALLBACK(kernel_ipsec_register, tkm_kernel_ipsec_create),
PLUGIN_PROVIDE(CUSTOM, "kernel-ipsec"),
};
lib->plugins->add_static_features(lib->plugins, "tkm-tests", features,
countof(features), TRUE);
lib->settings->set_int(lib->settings, "%s.dh_mapping.%d", 1,
charon->name, MODP_3072_BIT);
lib->settings->set_int(lib->settings, "%s.dh_mapping.%d", 2,
charon->name, MODP_4096_BIT);
register_dh_mapping();
plugin_loader_add_plugindirs(BUILDDIR "/src/libstrongswan/plugins",
PLUGINS);
plugin_loader_add_plugindirs(BUILDDIR "/src/libhydra/plugins",
PLUGINS);
plugin_loader_add_plugindirs(BUILDDIR "/src/libcharon/plugins",
PLUGINS);
if (charon->initialize(charon, PLUGINS))
{
if (!tkm_initialized)
{
if (!tkm_init())
{
return FALSE;
}
tkm_initialized = true;
}
return TRUE;
}
result = FALSE;
}
destroy_dh_mapping();
libcharon_deinit();
libhydra_deinit();
return result;
}
/**
* Initialize library
*/
static void init()
{
plugin_feature_t features[] = {
PLUGIN_NOOP,
PLUGIN_PROVIDE(CUSTOM, "pt-tls-client"),
PLUGIN_DEPENDS(CUSTOM, "tnccs-manager"),
};
library_init(NULL, "pt-tls-client");
libtnccs_init();
init_log("pt-tls-client");
options = options_create();
lib->plugins->add_static_features(lib->plugins, "pt-tls-client", features,
countof(features), TRUE, NULL, NULL);
if (!lib->plugins->load(lib->plugins,
lib->settings->get_str(lib->settings, "pt-tls-client.load", PLUGINS)))
{
exit(SS_RC_INITIALIZATION_FAILED);
}
lib->plugins->status(lib->plugins, LEVEL_CTRL);
creds = mem_cred_create();
lib->credmgr->add_set(lib->credmgr, &creds->set);
atexit(cleanup);
}
/**
* Perform a signature verification "good" test having a keypair
*/
static void test_good_sig(private_key_t *privkey, public_key_t *pubkey)
{
chunk_t sig, data = chunk_from_chars(0x01,0x02,0x03,0xFD,0xFE,0xFF);
int i;
for (i = 0; i < countof(schemes); i++)
{
if (!lib->plugins->has_feature(lib->plugins,
PLUGIN_PROVIDE(PUBKEY_VERIFY, schemes[i])) ||
!lib->plugins->has_feature(lib->plugins,
PLUGIN_PROVIDE(PRIVKEY_SIGN, schemes[i])))
{
continue;
}
fail_unless(privkey->sign(privkey, schemes[i], data, &sig),
"sign %N", signature_scheme_names, schemes[i]);
fail_unless(pubkey->verify(pubkey, schemes[i], data, sig),
"verify %N", signature_scheme_names, schemes[i]);
free(sig.ptr);
}
}
/**
* Check public key that it properly fails against some crafted sigs
*/
static void test_bad_sigs(public_key_t *pubkey)
{
chunk_t data = chunk_from_chars(0x01,0x02,0x03,0xFD,0xFE,0xFF);
int s, i;
for (s = 0; s < countof(schemes); s++)
{
if (!lib->plugins->has_feature(lib->plugins,
PLUGIN_PROVIDE(PUBKEY_VERIFY, schemes[s])))
{
continue;
}
for (i = 0; i < countof(invalid_sigs); i++)
{
fail_if(
pubkey->verify(pubkey, schemes[s], data, invalid_sigs[i]),
"bad %N sig accepted %B", signature_scheme_names, schemes[s],
&invalid_sigs[i]);
}
}
}
/**
* Main function, starts TKM backend.
*/
int main(int argc, char *argv[])
{
char *dmn_name;
if (argc > 0 && strlen(argv[0]) > 0)
{
dmn_name = basename(argv[0]);
}
else
{
dmn_name = "charon-tkm";
}
/* TKM credential set */
tkm_cred_t *creds;
struct sigaction action;
int status = SS_RC_INITIALIZATION_FAILED;
/* logging for library during initialization, as we have no bus yet */
dbg = dbg_syslog;
/* initialize library */
if (!library_init(NULL, dmn_name))
{
library_deinit();
exit(status);
}
if (!libhydra_init())
{
dbg_syslog(DBG_DMN, 1, "initialization failed - aborting %s", dmn_name);
libhydra_deinit();
library_deinit();
exit(status);
}
if (!libcharon_init())
{
dbg_syslog(DBG_DMN, 1, "initialization failed - aborting %s", dmn_name);
goto deinit;
}
if (!lookup_uid_gid())
{
dbg_syslog(DBG_DMN, 1, "invalid uid/gid - aborting %s", dmn_name);
goto deinit;
}
/* make sure we log to the DAEMON facility by default */
lib->settings->set_int(lib->settings, "%s.syslog.daemon.default",
lib->settings->get_int(lib->settings, "%s.syslog.daemon.default", 1,
dmn_name), dmn_name);
charon->load_loggers(charon, NULL, FALSE);
DBG1(DBG_DMN, "Starting charon with TKM backend (strongSwan "VERSION")");
/* register TKM specific plugins */
static plugin_feature_t features[] = {
PLUGIN_REGISTER(NONCE_GEN, tkm_nonceg_create),
PLUGIN_PROVIDE(NONCE_GEN),
PLUGIN_REGISTER(PUBKEY, tkm_public_key_load, TRUE),
PLUGIN_PROVIDE(PUBKEY, KEY_RSA),
PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1),
PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA256),
PLUGIN_CALLBACK(kernel_ipsec_register, tkm_kernel_ipsec_create),
PLUGIN_PROVIDE(CUSTOM, "kernel-ipsec"),
};
lib->plugins->add_static_features(lib->plugins, "tkm-backend", features,
countof(features), TRUE);
if (!register_dh_mapping())
{
DBG1(DBG_DMN, "no DH group mapping defined - aborting %s", dmn_name);
goto deinit;
}
/* register TKM keymat variant */
keymat_register_constructor(IKEV2, (keymat_constructor_t)tkm_keymat_create);
/* initialize daemon */
if (!charon->initialize(charon, PLUGINS))
{
DBG1(DBG_DMN, "initialization failed - aborting %s", dmn_name);
goto deinit;
}
lib->plugins->status(lib->plugins, LEVEL_CTRL);
/* set global pidfile name depending on daemon name */
if (asprintf(&pidfile_name, IPSEC_PIDDIR"/%s.pid", dmn_name) < 0)
{
DBG1(DBG_DMN, "unable to set pidfile name - aborting %s", dmn_name);
goto deinit;
};
if (check_pidfile())
{
DBG1(DBG_DMN, "%s already running (\"%s\" exists)", dmn_name,
pidfile_name);
goto deinit;
}
if (!lib->caps->drop(lib->caps))
{
DBG1(DBG_DMN, "capability dropping failed - aborting %s", dmn_name);
goto deinit;
}
/* initialize TKM client */
if (!tkm_init())
{
DBG1(DBG_DMN, "init of TKM client failed - aborting %s", dmn_name);
goto deinit;
}
/* register TKM authorization hook */
listener = tkm_listener_create();
charon->bus->add_listener(charon->bus, &listener->listener);
/* register TKM credential set */
creds = tkm_cred_create();
lib->credmgr->add_set(lib->credmgr, (credential_set_t*)creds);
/* register TKM credential encoder */
lib->encoding->add_encoder(lib->encoding, tkm_encoder_encode);
/* add handler for SEGV and ILL,
* INT and TERM are handled by sigwait() in run() */
action.sa_handler = segv_handler;
action.sa_flags = 0;
sigemptyset(&action.sa_mask);
sigaddset(&action.sa_mask, SIGINT);
sigaddset(&action.sa_mask, SIGTERM);
sigaction(SIGSEGV, &action, NULL);
sigaction(SIGILL, &action, NULL);
sigaction(SIGBUS, &action, NULL);
action.sa_handler = SIG_IGN;
sigaction(SIGPIPE, &action, NULL);
pthread_sigmask(SIG_SETMASK, &action.sa_mask, NULL);
/* start daemon (i.e. the threads in the thread-pool) */
charon->start(charon);
/* main thread goes to run loop */
run();
unlink_pidfile();
status = 0;
charon->bus->remove_listener(charon->bus, &listener->listener);
listener->destroy(listener);
creds->destroy(creds);
lib->encoding->remove_encoder(lib->encoding, tkm_encoder_encode);
deinit:
destroy_dh_mapping();
libcharon_deinit();
libhydra_deinit();
library_deinit();
tkm_deinit();
return status;
}
