From 345cd4684c0c23f8999164549a6468819246a3d0 Mon Sep 17 00:00:00 2001 From: Codrut Cristian Grosu Date: Fri, 2 Sep 2016 15:06:30 +0300 Subject: [PATCH] save-keys: Add save-keys plugin This plugin will export IKE_SA and CHILD_SA secret keys in the format used by Wireshark. It has to be loaded explicitly. --- conf/Makefile.am | 1 + conf/plugins/save-keys.opt | 2 + configure.ac | 4 + src/libcharon/Makefile.am | 7 ++ src/libcharon/plugins/save_keys/Makefile.am | 18 +++ .../plugins/save_keys/save_keys_listener.c | 60 ++++++++++ .../plugins/save_keys/save_keys_listener.h | 57 ++++++++++ .../plugins/save_keys/save_keys_plugin.c | 107 ++++++++++++++++++ .../plugins/save_keys/save_keys_plugin.h | 50 ++++++++ 9 files changed, 306 insertions(+) create mode 100644 conf/plugins/save-keys.opt create mode 100644 src/libcharon/plugins/save_keys/Makefile.am create mode 100644 src/libcharon/plugins/save_keys/save_keys_listener.c create mode 100644 src/libcharon/plugins/save_keys/save_keys_listener.h create mode 100644 src/libcharon/plugins/save_keys/save_keys_plugin.c create mode 100644 src/libcharon/plugins/save_keys/save_keys_plugin.h diff --git a/conf/Makefile.am b/conf/Makefile.am index 38181db2c2..eb662c2e07 100644 --- a/conf/Makefile.am +++ b/conf/Makefile.am @@ -87,6 +87,7 @@ plugins = \ plugins/random.opt \ plugins/resolve.opt \ plugins/revocation.opt \ + plugins/save-keys.opt \ plugins/socket-default.opt \ plugins/sql.opt \ plugins/stroke.opt \ diff --git a/conf/plugins/save-keys.opt b/conf/plugins/save-keys.opt new file mode 100644 index 0000000000..ef1fb93139 --- /dev/null +++ b/conf/plugins/save-keys.opt @@ -0,0 +1,2 @@ +charon.plugins.save-keys.load := no + Whether to load the plugin. diff --git a/configure.ac b/configure.ac index 5c838c6120..f9a5c54c1c 100644 --- a/configure.ac +++ b/configure.ac @@ -273,6 +273,7 @@ ARG_ENABL_SET([led], [enable plugin to control LEDs on IKEv2 activity ARG_ENABL_SET([load-tester], [enable load testing plugin for IKEv2 daemon.]) ARG_ENABL_SET([lookip], [enable fast virtual IP lookup and notification plugin.]) ARG_ENABL_SET([radattr], [enable plugin to inject and process custom RADIUS attributes as IKEv2 client.]) +ARG_ENABL_SET([save-keys], [enable development/debugging plugin that saves IKE and ESP keys in Wireshark format.]) ARG_ENABL_SET([systime-fix], [enable plugin to handle cert lifetimes with invalid system time gracefully.]) ARG_ENABL_SET([test-vectors], [enable plugin providing crypto test vectors.]) ARG_DISBL_SET([updown], [disable updown firewall script plugin.]) @@ -1435,6 +1436,7 @@ ADD_PLUGIN([kernel-pfkey], [c charon starter nm cmd]) ADD_PLUGIN([kernel-pfroute], [c charon starter nm cmd]) ADD_PLUGIN([kernel-netlink], [c charon starter nm cmd]) ADD_PLUGIN([resolve], [c charon cmd]) +ADD_PLUGIN([save-keys], [c]) ADD_PLUGIN([socket-default], [c charon nm cmd]) ADD_PLUGIN([socket-dynamic], [c charon cmd]) ADD_PLUGIN([socket-win], [c charon]) @@ -1664,6 +1666,7 @@ AM_CONDITIONAL(USE_IMC_SWIMA, test x$imc_swima = xtrue) AM_CONDITIONAL(USE_IMV_SWIMA, test x$imv_swima = xtrue) AM_CONDITIONAL(USE_IMC_HCD, test x$imc_hcd = xtrue) AM_CONDITIONAL(USE_IMV_HCD, test x$imv_hcd = xtrue) +AM_CONDITIONAL(USE_SAVE_KEYS, test x$save_keys = xtrue) AM_CONDITIONAL(USE_SOCKET_DEFAULT, test x$socket_default = xtrue) AM_CONDITIONAL(USE_SOCKET_DYNAMIC, test x$socket_dynamic = xtrue) AM_CONDITIONAL(USE_SOCKET_WIN, test x$socket_win = xtrue) @@ -1928,6 +1931,7 @@ AC_CONFIG_FILES([ src/libcharon/plugins/xauth_noauth/Makefile src/libcharon/plugins/tnc_ifmap/Makefile src/libcharon/plugins/tnc_pdp/Makefile + src/libcharon/plugins/save_keys/Makefile src/libcharon/plugins/socket_default/Makefile src/libcharon/plugins/socket_dynamic/Makefile src/libcharon/plugins/socket_win/Makefile diff --git a/src/libcharon/Makefile.am b/src/libcharon/Makefile.am index fe28f1eadb..25ac7972c1 100644 --- a/src/libcharon/Makefile.am +++ b/src/libcharon/Makefile.am @@ -208,6 +208,13 @@ if MONOLITHIC endif endif +if USE_SAVE_KEYS + SUBDIRS += plugins/save_keys +if MONOLITHIC + libcharon_la_LIBADD += plugins/save_keys/libstrongswan-save-keys.la +endif +endif + if USE_SOCKET_DEFAULT SUBDIRS += plugins/socket_default if MONOLITHIC diff --git a/src/libcharon/plugins/save_keys/Makefile.am b/src/libcharon/plugins/save_keys/Makefile.am new file mode 100644 index 0000000000..a41668bb5b --- /dev/null +++ b/src/libcharon/plugins/save_keys/Makefile.am @@ -0,0 +1,18 @@ +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libcharon + +AM_CFLAGS = \ + $(PLUGIN_CFLAGS) + +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-save-keys.la +else +plugin_LTLIBRARIES = libstrongswan-save-keys.la +endif + +libstrongswan_save_keys_la_SOURCES = \ + save_keys_plugin.h save_keys_plugin.c \ + save_keys_listener.c save_keys_listener.h + +libstrongswan_save_keys_la_LDFLAGS = -module -avoid-version diff --git a/src/libcharon/plugins/save_keys/save_keys_listener.c b/src/libcharon/plugins/save_keys/save_keys_listener.c new file mode 100644 index 0000000000..19205614ba --- /dev/null +++ b/src/libcharon/plugins/save_keys/save_keys_listener.c @@ -0,0 +1,60 @@ +/* + * Copyright (C) 2016 Codrut Cristian Grosu (codrut.cristian.grosu@gmail.com) + * Copyright (C) 2016 IXIA (http://www.ixiacom.com) + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#include "save_keys_listener.h" + +typedef struct private_save_keys_listener_t private_save_keys_listener_t; + +/** + * Private data. + */ +struct private_save_keys_listener_t { + + /** + * Public interface. + */ + save_keys_listener_t public; +}; + +METHOD(save_keys_listener_t, destroy, void, + private_save_keys_listener_t *this) +{ + free(this); +} + +/** + * See header. + */ +save_keys_listener_t *save_keys_listener_create() +{ + private_save_keys_listener_t *this; + + INIT(this, + .public = { + .listener = { + }, + .destroy = _destroy, + }, + ); + return &this->public; +} diff --git a/src/libcharon/plugins/save_keys/save_keys_listener.h b/src/libcharon/plugins/save_keys/save_keys_listener.h new file mode 100644 index 0000000000..c4dc2cf45f --- /dev/null +++ b/src/libcharon/plugins/save_keys/save_keys_listener.h @@ -0,0 +1,57 @@ +/* + * Copyright (C) 2016 Codrut Cristian Grosu (codrut.cristian.grosu@gmail.com) + * Copyright (C) 2016 IXIA (http://www.ixiacom.com) + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +/** + * @defgroup save_keys_listener save_keys_listener + * @{ @ingroup save_keys + */ + +#ifndef SAVE_KEYS_LISTENER_H_ +#define SAVE_KEYS_LISTENER_H_ + +#include + +typedef struct save_keys_listener_t save_keys_listener_t; + +/** + * Listener saving derived IKE and ESP keys. + */ +struct save_keys_listener_t { + + /** + * Implements listener_t interface. + */ + listener_t listener; + + /** + * Destroy this instance. + */ + void (*destroy)(save_keys_listener_t *this); +}; + +/** + * Create a save_keys_listener_t instance. + */ +save_keys_listener_t *save_keys_listener_create(); + +#endif /** SAVE_KEYS_LISTENER_H_ @}*/ diff --git a/src/libcharon/plugins/save_keys/save_keys_plugin.c b/src/libcharon/plugins/save_keys/save_keys_plugin.c new file mode 100644 index 0000000000..93db5bcac1 --- /dev/null +++ b/src/libcharon/plugins/save_keys/save_keys_plugin.c @@ -0,0 +1,107 @@ +/* + * Copyright (C) 2016 Codrut Cristian Grosu (codrut.cristian.grosu@gmail.com) + * Copyright (C) 2016 IXIA (http://www.ixiacom.com) + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#include "save_keys_plugin.h" +#include "save_keys_listener.h" + +#include + +typedef struct private_save_keys_plugin_t private_save_keys_plugin_t; + +/** + * Private data. + */ +struct private_save_keys_plugin_t { + + /** + * Implements plugin interface. + */ + save_keys_plugin_t public; + + /** + * Listener saving keys to file. + */ + save_keys_listener_t *listener; +}; + +METHOD(plugin_t, get_name, char*, + private_save_keys_plugin_t *this) +{ + return "save-keys"; +} + +/** + * Register listener. + */ +static bool plugin_cb(private_save_keys_plugin_t *this, + plugin_feature_t *feature, bool reg, void *cb_data) +{ + if (reg) + { + charon->bus->add_listener(charon->bus, &this->listener->listener); + } + else + { + charon->bus->remove_listener(charon->bus, &this->listener->listener); + } + return TRUE; +} + +METHOD(plugin_t, get_features, int, + private_save_keys_plugin_t *this, plugin_feature_t *features[]) +{ + static plugin_feature_t f[] = { + PLUGIN_CALLBACK((plugin_feature_callback_t)plugin_cb, NULL), + PLUGIN_PROVIDE(CUSTOM, "save-keys"), + }; + *features = f; + return countof(f); +} + +METHOD(plugin_t, destroy, void, + private_save_keys_plugin_t *this) +{ + this->listener->destroy(this->listener); + free(this); +} + +/** + * Plugin constructor. + */ +plugin_t *save_keys_plugin_create() +{ + private_save_keys_plugin_t *this; + + INIT(this, + .public = { + .plugin = { + .get_name = _get_name, + .get_features = _get_features, + .destroy = _destroy, + }, + }, + .listener = save_keys_listener_create(), + ); + + return &this->public.plugin; +} diff --git a/src/libcharon/plugins/save_keys/save_keys_plugin.h b/src/libcharon/plugins/save_keys/save_keys_plugin.h new file mode 100644 index 0000000000..9501b5479e --- /dev/null +++ b/src/libcharon/plugins/save_keys/save_keys_plugin.h @@ -0,0 +1,50 @@ +/* + * Copyright (C) 2016 Codrut Cristian Grosu (codrut.cristian.grosu@gmail.com) + * Copyright (C) 2016 IXIA (http://www.ixiacom.com) + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +/** + * @defgroup save_keys save_keys + * @ingroup cplugins + * + * @defgroup save_keys_plugin save_keys_plugin + * @{ @ingroup save_keys + */ + +#ifndef SAVE_KEYS_PLUGIN_H_ +#define SAVE_KEYS_PLUGIN_H_ + +#include + +typedef struct save_keys_plugin_t save_keys_plugin_t; + +/** + * Plugin that saves derived IKE and ESP keys. + */ +struct save_keys_plugin_t { + + /** + * Implements plugin interface. + */ + plugin_t plugin; +}; + +#endif /** SAVE_KEYS_PLUGIN_H_ @}*/ -- 2.47.2