Add nonce plugin implementation

This nonce generator uses an RNG to generate nonces. The RNG quality is currently set to RNG_WEAK which is the same value used in IKE init. The plugin is enabled and thus built by default.
2012-05-02 17:49:32 +02:00 · 2012-05-02 17:49:32 +02:00 · 04024b5de8
parent e2fc09c186
commit 04024b5de8
7 changed files with 275 additions and 0 deletions
--- a/configure.in
+++ b/configure.in
@ -87,6 +87,7 @@ ARG_DISBL_SET([sha2],           [disable SHA256/SHA384/SHA512 software implement
 ARG_DISBL_SET([fips-prf],       [disable FIPS PRF software implementation plugin.])
 ARG_DISBL_SET([gmp],            [disable GNU MP (libgmp) based crypto implementation plugin.])
 ARG_DISBL_SET([random],         [disable RNG implementation on top of /dev/(u)random.])
+ARG_DISBL_SET([nonce],          [disable nonce generation plugin.])
 ARG_DISBL_SET([x509],           [disable X509 certificate implementation plugin.])
 ARG_DISBL_SET([revocation],     [disable X509 CRL/OCSP revocation check plugin.])
 ARG_DISBL_SET([constraints],    [disable advanced X509 constraint checking plugin.])
@ -822,6 +823,7 @@ ADD_PLUGIN([sha2],                 [s charon pluto openac scepclient pki scripts
 ADD_PLUGIN([md4],                  [s charon openac manager scepclient pki nm])
 ADD_PLUGIN([md5],                  [s charon pluto openac scepclient pki scripts attest nm])
 ADD_PLUGIN([random],               [s charon pluto openac scepclient pki scripts medsrv attest nm])
+ADD_PLUGIN([nonce],                [s charon nm])
 ADD_PLUGIN([x509],                 [s charon pluto openac scepclient pki scripts attest nm])
 ADD_PLUGIN([revocation],           [s charon nm])
 ADD_PLUGIN([constraints],          [s charon nm])
@ -942,6 +944,7 @@ AM_CONDITIONAL(USE_SHA2, test x$sha2 = xtrue)
 AM_CONDITIONAL(USE_FIPS_PRF, test x$fips_prf = xtrue)
 AM_CONDITIONAL(USE_GMP, test x$gmp = xtrue)
 AM_CONDITIONAL(USE_RANDOM, test x$random = xtrue)
+AM_CONDITIONAL(USE_NONCE, test x$nonce = xtrue)
 AM_CONDITIONAL(USE_X509, test x$x509 = xtrue)
 AM_CONDITIONAL(USE_REVOCATION, test x$revocation = xtrue)
 AM_CONDITIONAL(USE_CONSTRAINTS, test x$constraints = xtrue)
@ -1124,6 +1127,7 @@ AC_OUTPUT(
 	src/libstrongswan/plugins/fips_prf/Makefile
 	src/libstrongswan/plugins/gmp/Makefile
 	src/libstrongswan/plugins/random/Makefile
+	src/libstrongswan/plugins/nonce/Makefile
 	src/libstrongswan/plugins/hmac/Makefile
 	src/libstrongswan/plugins/xcbc/Makefile
 	src/libstrongswan/plugins/x509/Makefile
--- a/src/libstrongswan/Makefile.am
+++ b/src/libstrongswan/Makefile.am
@ -210,6 +210,13 @@ if MONOLITHIC
 endif
 endif

+if USE_NONCE
+  SUBDIRS += plugins/nonce
+if MONOLITHIC
+  libstrongswan_la_LIBADD += plugins/nonce/libstrongswan-nonce.la
+endif
+endif
+
 if USE_HMAC
  SUBDIRS += plugins/hmac
 if MONOLITHIC
--- a/src/libstrongswan/plugins/nonce/Makefile.am
+++ b/src/libstrongswan/plugins/nonce/Makefile.am
@ -0,0 +1,16 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-nonce.la
+else
+plugin_LTLIBRARIES = libstrongswan-nonce.la
+endif
+
+libstrongswan_nonce_la_SOURCES = \
+	nonce_plugin.h nonce_plugin.c \
+	nonce_nonceg.c nonce_nonceg.h
+
+libstrongswan_nonce_la_LDFLAGS = -module -avoid-version
--- a/src/libstrongswan/plugins/nonce/nonce_nonceg.c
+++ b/src/libstrongswan/plugins/nonce/nonce_nonceg.c
@ -0,0 +1,84 @@
+/*
+ * Copyright (C) 2012 Adrian-Ken Rueegsegger
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "nonce_nonceg.h"
+
+#include <debug.h>
+
+typedef struct private_nonce_nonceg_t private_nonce_nonceg_t;
+
+/**
+ * Private data of a nonce_nonceg_t object.
+ */
+struct private_nonce_nonceg_t {
+
+	/**
+	 * Public nonce_nonceg_t interface.
+	 */
+	nonce_nonceg_t public;
+
+	/**
+	 * Random number generator
+	 */
+	rng_t* rng;
+};
+
+METHOD(nonce_gen_t, get_nonce, void,
+	private_nonce_nonceg_t *this, size_t size, u_int8_t *buffer)
+{
+	this->rng->get_bytes(this->rng, size, buffer);
+}
+
+METHOD(nonce_gen_t, allocate_nonce, void,
+	private_nonce_nonceg_t *this, size_t size, chunk_t *chunk)
+{
+	this->rng->allocate_bytes(this->rng, size, chunk);
+}
+
+METHOD(nonce_gen_t, destroy, void,
+	private_nonce_nonceg_t *this)
+{
+	DESTROY_IF(this->rng);
+	free(this);
+}
+
+/*
+ * Described in header.
+ */
+nonce_nonceg_t *nonce_nonceg_create()
+{
+	private_nonce_nonceg_t *this;
+
+	INIT(this,
+		.public = {
+			.nonce_gen = {
+				.get_nonce = _get_nonce,
+				.allocate_nonce = _allocate_nonce,
+				.destroy = _destroy,
+			},
+		},
+	);
+
+	this->rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
+	if (!this->rng)
+	{
+		DBG1(DBG_LIB, "no RNG found for quality %N", rng_quality_names,
+			 RNG_WEAK);
+		destroy(this);
+		return NULL;
+	}
+
+	return &this->public;
+}
--- a/src/libstrongswan/plugins/nonce/nonce_nonceg.h
+++ b/src/libstrongswan/plugins/nonce/nonce_nonceg.h
@ -0,0 +1,46 @@
+/*
+ * Copyright (C) 2012 Adrian-Ken Rueegsegger
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup nonce_nonceg nonce_nonceg
+ * @{ @ingroup nonce_p
+ */
+
+#ifndef NONCE_NONCEG_H_
+#define NONCE_NONCEG_H_
+
+typedef struct nonce_nonceg_t nonce_nonceg_t;
+
+#include <library.h>
+
+/**
+ * nonce_gen_t implementation using an rng plugin
+ */
+struct nonce_nonceg_t {
+
+	/**
+	 * Implements nonce_gen_t.
+	 */
+	nonce_gen_t nonce_gen;
+};
+
+/**
+ * Creates an nonce_nonceg_t instance.
+ *
+ * @return			created nonce_nonceg_t
+ */
+nonce_nonceg_t *nonce_nonceg_create();
+
+#endif /** NONCE_NONCEG_H_ @} */
--- a/src/libstrongswan/plugins/nonce/nonce_plugin.c
+++ b/src/libstrongswan/plugins/nonce/nonce_plugin.c
@ -0,0 +1,76 @@
+/*
+ * Copyright (C) 2012 Adrian-Ken Rueegsegger
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "nonce_plugin.h"
+
+#include <library.h>
+#include "nonce_nonceg.h"
+
+typedef struct private_nonce_plugin_t private_nonce_plugin_t;
+
+/**
+ * private data of nonce_plugin
+ */
+struct private_nonce_plugin_t {
+
+	/**
+	 * public functions
+	 */
+	nonce_plugin_t public;
+};
+
+METHOD(plugin_t, get_name, char*,
+	private_nonce_plugin_t *this)
+{
+	return "nonce";
+}
+
+METHOD(plugin_t, get_features, int,
+	private_nonce_plugin_t *this, plugin_feature_t *features[])
+{
+	static plugin_feature_t f[] = {
+		PLUGIN_REGISTER(NONCE_GEN, nonce_nonceg_create),
+			PLUGIN_PROVIDE(NONCE_GEN),
+				PLUGIN_DEPENDS(RNG, RNG_WEAK),
+	};
+	*features = f;
+	return countof(f);
+}
+
+METHOD(plugin_t, destroy, void,
+	private_nonce_plugin_t *this)
+{
+	free(this);
+}
+
+/*
+ * see header file
+ */
+plugin_t *nonce_plugin_create()
+{
+	private_nonce_plugin_t *this;
+
+	INIT(this,
+		.public = {
+			.plugin = {
+				.get_name = _get_name,
+				.get_features = _get_features,
+				.destroy = _destroy,
+			},
+		},
+	);
+
+	return &this->public.plugin;
+}
--- a/src/libstrongswan/plugins/nonce/nonce_plugin.h
+++ b/src/libstrongswan/plugins/nonce/nonce_plugin.h
@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2012 Adrian-Ken Rueegsegger
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup nonce_p nonce
+ * @ingroup plugins
+ *
+ * @defgroup nonce_plugin nonce_plugin
+ * @{ @ingroup nonce_p
+ */
+
+#ifndef NONCE_PLUGIN_H_
+#define NONCE_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct nonce_plugin_t nonce_plugin_t;
+
+/**
+ * Plugin implementing a nonce generator using an RNG.
+ */
+struct nonce_plugin_t {
+
+	/**
+	 * Implements plugin interface
+	 */
+	plugin_t plugin;
+};
+
+#endif /** NONCE_PLUGIN_H_ @}*/