Merge lp:~diego-biurrun/hipl/unused_code into lp:hipl
- unused_code
- Merge into trunk
Status: | Needs review |
---|---|
Proposed branch: | lp:~diego-biurrun/hipl/unused_code |
Merge into: | lp:hipl |
Diff against target: |
1075 lines (+4/-826) 18 files modified
Makefile.am (+0/-1) hipd/esp_prot_hipd_msg.c (+0/-81) hipd/esp_prot_hipd_msg.h (+0/-2) hipd/pkt_handling.c (+0/-20) hipd/pkt_handling.h (+0/-6) hipd/registration.c (+0/-33) hipd/registration.h (+0/-1) hipd/user_ipsec_hipd_msg.c (+0/-217) hipd/user_ipsec_hipd_msg.h (+0/-17) hipd/user_ipsec_sadb_api.c (+0/-133) hipd/user_ipsec_sadb_api.h (+0/-55) lib/core/builder.c (+0/-62) lib/core/builder.h (+0/-3) lib/core/certtools.c (+0/-133) lib/core/certtools.h (+0/-5) lib/core/modularization.c (+1/-2) lib/tool/xfrmapi.c (+0/-2) test/certteststub.c (+3/-53) |
To merge this branch: | bzr merge lp:~diego-biurrun/hipl/unused_code |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
René Hummen | Disapprove | ||
Miika Komu | Needs Information | ||
Review via email: mp+79595@code.launchpad.net |
Commit message
Description of the change
This is a quick respin of an old branch I had lying around which eliminates some dead code. I would assume that further inspection could reveal even more dead code, but this branch drops 800 lines, which is a considerable amount already.
Diego Biurrun (diego-biurrun) wrote : | # |
On Tue, Oct 18, 2011 at 08:44:25AM +0000, Miika Komu wrote:
> Review: Needs Information
>
> You're killing userspace IPsec and certificate code?
I kill unused code without second thoughts towards its (theoretical) use ;)
Diego
René Hummen (rene-hummen) wrote : | # |
I don't have the time right now to check this merge proposal, but it proposes to remove some esp token and userspace ipsec code. So, I have to disapprove the proposal until I had a closer look at it.
Diego Biurrun (diego-biurrun) wrote : | # |
On Tue, Oct 25, 2011 at 12:32:33PM +0000, René Hummen wrote:
> Review: Disapprove
>
> I don't have the time right now to check this merge proposal, but it
> proposes to remove some esp token and userspace ipsec code. So, I have
> to disapprove the proposal until I had a closer look at it.
Could you have another look and/or be more specific which code must
stay and which can go?
Diego
Henrik Ziegeldorf (henrik-ziegeldorf) wrote : | # |
> You're killing userspace IPsec and certificate code?
Some of the certificate code (the X509 stuff) is used and significantly modified in my PISA branch.
I don't use the SPKI stuff, though. However, I think there's more to remove there than proposed in this merge.
I'd propose the following:
1) You prepare another merge-proposal without the certificate stuff.
2) I'll merge the PISA stuff (after it has been approved)
3) You do a second branch for removing unused certificate functionality (SPKI-related stuff), if nobody has compelling reasons to keep that stuff.
Miika Komu (miika-iki) wrote : | # |
I think the removal of userspace IPsec stuff should be separated as well.
Diego Biurrun (diego-biurrun) wrote : | # |
On Wed, Dec 21, 2011 at 09:32:23AM +0000, Henrik Ziegeldorf wrote:
> > You're killing userspace IPsec and certificate code?
>
> Some of the certificate code (the X509 stuff) is used and significantly modified in my PISA branch.
> I don't use the SPKI stuff, though. However, I think there's more to remove there than proposed in this merge.
>
> I'd propose the following:
> 1) You prepare another merge-proposal without the certificate stuff.
> 2) I'll merge the PISA stuff (after it has been approved)
> 3) You do a second branch for removing unused certificate functionality (SPKI-related stuff), if nobody has compelling reasons to keep that stuff.
I will but it would be simpler if you guys could just approve or disapprove
certain parts directly. I have committed it in several small parts, just
go and look at the Launchpad web frontend for merge request handling.
Updated request coming up in a moment.
Diego
Unmerged revisions
- 5855. By Diego Biurrun
-
Merge current HEAD.
- 5854. By Diego Biurrun
-
Merge current HEAD.
- 5853. By Diego Biurrun
-
Merge current HEAD.
- 5852. By Diego Biurrun
-
Restore no longer unused modularization functions.
- 5851. By Diego Biurrun
-
Merge current HEAD.
- 5850. By Diego Biurrun
-
Merge current HEAD.
- 5849. By Diego Biurrun
-
Remove unused function hip_cert_
spki_send_ to_verification (). - 5848. By Diego Biurrun
-
Remove unused (outside of test programs) x509 code.
- 5847. By Diego Biurrun
-
Remove unused function esp_prot_sa_add().
- 5846. By Diego Biurrun
-
Remove unused function hip_del_
pending_ request( ).
Preview Diff
1 | === modified file 'Makefile.am' |
2 | --- Makefile.am 2011-10-17 18:14:10 +0000 |
3 | +++ Makefile.am 2011-10-17 18:32:42 +0000 |
4 | @@ -121,7 +121,6 @@ |
5 | hipd/registration.c \ |
6 | hipd/user.c \ |
7 | hipd/user_ipsec_hipd_msg.c \ |
8 | - hipd/user_ipsec_sadb_api.c \ |
9 | modules/heartbeat/hipd/heartbeat.c \ |
10 | modules/heartbeat_update/hipd/hb_update.c \ |
11 | modules/midauth/lib/midauth_builder.c \ |
12 | |
13 | === modified file 'hipd/esp_prot_hipd_msg.c' |
14 | --- hipd/esp_prot_hipd_msg.c 2011-10-17 15:22:35 +0000 |
15 | +++ hipd/esp_prot_hipd_msg.c 2011-10-17 18:32:42 +0000 |
16 | @@ -459,87 +459,6 @@ |
17 | return err; |
18 | } |
19 | |
20 | -/** sets the ESP protection extension transform and anchor in user-messages |
21 | - * sent to the firewall in order to add a new SA |
22 | - * |
23 | - * @param entry the host association entry for this connection |
24 | - * @param msg the user-message sent by the firewall |
25 | - * @param direction direction of the entry to be created |
26 | - * @param update this was triggered by an update |
27 | - * @return 0 if ok, != 0 else |
28 | - */ |
29 | -int esp_prot_sa_add(struct hip_hadb_state *entry, struct hip_common *msg, |
30 | - const int direction, const int update) |
31 | -{ |
32 | - unsigned char (*hchain_anchors)[MAX_HASH_LENGTH] = NULL; |
33 | - int hash_length = 0; |
34 | - uint32_t hash_item_length = 0; |
35 | - int err = 0, i; |
36 | - |
37 | - HIP_DEBUG("direction: %i\n", direction); |
38 | - |
39 | - // we always tell the negotiated transform to the firewall |
40 | - HIP_DEBUG("esp protection transform is %u \n", entry->esp_prot_transform); |
41 | - HIP_IFEL(hip_build_param_contents(msg, &entry->esp_prot_transform, |
42 | - HIP_PARAM_ESP_PROT_TFM, sizeof(uint8_t)), -1, |
43 | - "build param contents failed\n"); |
44 | - |
45 | - // but we only transmit the anchor to the firewall, if the esp extension is used |
46 | - if (entry->esp_prot_transform > ESP_PROT_TFM_UNUSED) { |
47 | - hash_length = anchor_db_get_anchor_length(entry->esp_prot_transform); |
48 | - |
49 | - // choose the anchor depending on the direction and update or add |
50 | - if (update) { |
51 | - if (direction == HIP_SPI_DIRECTION_OUT) { |
52 | - HIP_IFEL(!(hchain_anchors = entry->esp_local_update_anchors), -1, |
53 | - "hchain anchor expected, but not present\n"); |
54 | - |
55 | - hash_item_length = entry->esp_local_update_length; |
56 | - } else { |
57 | - HIP_IFEL(!(hchain_anchors = entry->esp_peer_update_anchors), -1, |
58 | - "hchain anchor expected, but not present\n"); |
59 | - |
60 | - hash_item_length = entry->esp_peer_update_length; |
61 | - } |
62 | - } else { |
63 | - if (direction == HIP_SPI_DIRECTION_OUT) { |
64 | - HIP_IFEL(!(hchain_anchors = entry->esp_local_anchors), -1, |
65 | - "hchain anchor expected, but not present\n"); |
66 | - |
67 | - hash_item_length = entry->esp_local_active_length; |
68 | - } else { |
69 | - HIP_IFEL(!(hchain_anchors = entry->esp_peer_anchors), -1, |
70 | - "hchain anchor expected, but not present\n"); |
71 | - |
72 | - hash_item_length = entry->esp_peer_active_length; |
73 | - } |
74 | - } |
75 | - |
76 | - // add parameters to hipfw message |
77 | - HIP_IFEL(hip_build_param_contents(msg, &hash_item_length, |
78 | - HIP_PARAM_ITEM_LENGTH, sizeof(uint32_t)), -1, |
79 | - "build param contents failed\n"); |
80 | - |
81 | - // add parameters to hipfw message |
82 | - HIP_IFEL(hip_build_param_contents(msg, &esp_prot_num_parallel_hchains, |
83 | - HIP_PARAM_UINT, sizeof(uint16_t)), -1, |
84 | - "build param contents failed\n"); |
85 | - |
86 | - for (i = 0; i < esp_prot_num_parallel_hchains; i++) { |
87 | - HIP_HEXDUMP("esp protection anchor is ", &hchain_anchors[i][0], hash_length); |
88 | - |
89 | - HIP_IFEL(hip_build_param_contents(msg, &hchain_anchors[i][0], |
90 | - HIP_PARAM_HCHAIN_ANCHOR, hash_length), -1, |
91 | - "build param contents failed\n"); |
92 | - } |
93 | - } else { |
94 | - HIP_DEBUG("no anchor added, transform UNUSED\n"); |
95 | - } |
96 | - |
97 | -out_err: |
98 | - return err; |
99 | -} |
100 | - |
101 | /********************* BEX parameters *********************/ |
102 | |
103 | /** |
104 | |
105 | === modified file 'hipd/esp_prot_hipd_msg.h' |
106 | --- hipd/esp_prot_hipd_msg.h 2011-10-17 15:22:35 +0000 |
107 | +++ hipd/esp_prot_hipd_msg.h 2011-10-17 18:32:42 +0000 |
108 | @@ -47,8 +47,6 @@ |
109 | int esp_prot_set_preferred_transforms(const struct hip_common *msg); |
110 | int esp_prot_handle_trigger_update_msg(const struct hip_common *msg); |
111 | int esp_prot_handle_anchor_change_msg(const struct hip_common *msg); |
112 | -int esp_prot_sa_add(struct hip_hadb_state *entry, struct hip_common *msg, |
113 | - const int direction, const int update); |
114 | int esp_prot_r1_add_transforms(struct hip_common *msg); |
115 | int esp_prot_r1_handle_transforms(UNUSED const uint8_t packet_type, |
116 | UNUSED const enum hip_state ha_state, |
117 | |
118 | === modified file 'hipd/pkt_handling.c' |
119 | --- hipd/pkt_handling.c 2011-10-17 15:22:35 +0000 |
120 | +++ hipd/pkt_handling.c 2011-10-17 18:32:42 +0000 |
121 | @@ -101,26 +101,6 @@ |
122 | } |
123 | |
124 | /** |
125 | - * Remove a handle function from the list. |
126 | - * |
127 | - * @param packet_type The packet type of the control message (RFC 5201, 5.3.) |
128 | - * @param ha_state The host association state (RFC 5201, 4.4.1.) |
129 | - * @param handle_function Pointer to the function which should be unregistered. |
130 | - * |
131 | - * @return Success = 0 |
132 | - * Error = -1 |
133 | - */ |
134 | -int hip_unregister_handle_function(const uint8_t packet_type, |
135 | - const enum hip_state ha_state, |
136 | - int (*handle_function)(const uint8_t packet_type, |
137 | - const enum hip_state ha_state, |
138 | - struct hip_packet_context *ctx)) |
139 | -{ |
140 | - return lmod_unregister_function(hip_handle_functions[packet_type][ha_state], |
141 | - handle_function); |
142 | -} |
143 | - |
144 | -/** |
145 | * Run all handle functions for specified combination from packet type and host |
146 | * association state. |
147 | * |
148 | |
149 | === modified file 'hipd/pkt_handling.h' |
150 | --- hipd/pkt_handling.h 2011-10-17 15:22:35 +0000 |
151 | +++ hipd/pkt_handling.h 2011-10-17 18:32:42 +0000 |
152 | @@ -38,12 +38,6 @@ |
153 | struct hip_packet_context *ctx), |
154 | const uint16_t priority); |
155 | |
156 | -int hip_unregister_handle_function(const uint8_t packet_type, |
157 | - const enum hip_state ha_state, |
158 | - int (*handle_function)(const uint8_t packet_type, |
159 | - const enum hip_state ha_state, |
160 | - struct hip_packet_context *ctx)); |
161 | - |
162 | int hip_run_handle_functions(const uint8_t packet_type, |
163 | const enum hip_state ha_state, |
164 | struct hip_packet_context *ctx); |
165 | |
166 | === modified file 'hipd/registration.c' |
167 | --- hipd/registration.c 2011-08-15 14:11:56 +0000 |
168 | +++ hipd/registration.c 2011-10-17 18:32:42 +0000 |
169 | @@ -112,7 +112,6 @@ |
170 | const struct hip_ll_node *iter = NULL; |
171 | struct hip_pending_request *request = NULL; |
172 | |
173 | - /* See hip_del_pending_request() for a comment. */ |
174 | while ((iter = hip_ll_iterate(&pending_requests, iter)) != NULL) { |
175 | request = iter->ptr; |
176 | if (now - request->created > HIP_PENDING_REQUEST_LIFETIME) { |
177 | @@ -233,37 +232,6 @@ |
178 | } |
179 | |
180 | /** |
181 | - * Deletes a pending request. Deletes a pending request identified by the host |
182 | - * association @c entry from the linked list @c pending_requests. |
183 | - * |
184 | - * @param entry a pointer to the host association to which the pending request |
185 | - * to be deleted is bound. |
186 | - * @return zero if the pending request was succesfully deleted, -1 |
187 | - * otherwise. |
188 | - */ |
189 | -int hip_del_pending_request(struct hip_hadb_state *entry) |
190 | -{ |
191 | - int idx = 0; |
192 | - const struct hip_ll_node *iter = NULL; |
193 | - |
194 | - /* Iterate through the linked list. The iterator itself can't be used |
195 | - * for deleting nodes from the list. Therefore, we just get the index of |
196 | - * the element to be deleted using the iterator and then call |
197 | - * hip_ll_del() to do the actual deletion. */ |
198 | - while ((iter = hip_ll_iterate(&pending_requests, iter)) != NULL) { |
199 | - if (((struct hip_pending_request *) (iter->ptr))->entry == entry) { |
200 | - HIP_DEBUG("Deleting and freeing a pending request at " \ |
201 | - "index %u.\n", idx); |
202 | - hip_ll_del(&pending_requests, idx, free); |
203 | - return 0; |
204 | - } |
205 | - idx++; |
206 | - } |
207 | - |
208 | - return -1; |
209 | -} |
210 | - |
211 | -/** |
212 | * Deletes a pending request of given type. Deletes a pending request identified |
213 | * by the host association @c entry and matching the given type @c reg_type from |
214 | * the linked list @c pending_requests. |
215 | @@ -281,7 +249,6 @@ |
216 | const struct hip_ll_node *iter = NULL; |
217 | struct hip_pending_request *request = NULL; |
218 | |
219 | - /* See hip_del_pending_request() for a comment. */ |
220 | while ((iter = hip_ll_iterate(&pending_requests, iter)) != NULL) { |
221 | request = iter->ptr; |
222 | if (request->entry == entry && request->reg_type == reg_type) { |
223 | |
224 | === modified file 'hipd/registration.h' |
225 | --- hipd/registration.h 2011-08-15 14:11:56 +0000 |
226 | +++ hipd/registration.h 2011-10-17 18:32:42 +0000 |
227 | @@ -64,7 +64,6 @@ |
228 | int hip_get_active_services(struct hip_srv *active_services, |
229 | unsigned int *active_service_count); |
230 | int hip_add_pending_request(struct hip_pending_request *request); |
231 | -int hip_del_pending_request(struct hip_hadb_state *entry); |
232 | int hip_replace_pending_requests(struct hip_hadb_state *entry_old, |
233 | struct hip_hadb_state *entry_new); |
234 | int hip_handle_param_reg_info(struct hip_hadb_state *entry, |
235 | |
236 | === modified file 'hipd/user_ipsec_hipd_msg.c' |
237 | --- hipd/user_ipsec_hipd_msg.c 2011-08-15 14:11:56 +0000 |
238 | +++ hipd/user_ipsec_hipd_msg.c 2011-10-17 18:32:42 +0000 |
239 | @@ -43,7 +43,6 @@ |
240 | #include "esp_prot_hipd_msg.h" |
241 | #include "hipd.h" |
242 | #include "init.h" |
243 | -#include "user_ipsec_sadb_api.h" |
244 | #include "user_ipsec_hipd_msg.h" |
245 | |
246 | |
247 | @@ -81,219 +80,3 @@ |
248 | |
249 | return err; |
250 | } |
251 | - |
252 | -/** creates a user-message to add a SA to userspace IPsec |
253 | - * |
254 | - * @param saddr outer globally routable source ip address |
255 | - * @param daddr outer globally routable destination ip address |
256 | - * @param src_hit inner source address |
257 | - * @param dst_hit inner destination address |
258 | - * @param spi ipsec spi for demultiplexing |
259 | - * @param ealg crypto transform to be used for the SA |
260 | - * @param enckey raw encryption key |
261 | - * @param authkey raw authentication key |
262 | - * @param retransmission notification if this event is due to retransmission |
263 | - * @param direction represents inbound or outbound direction |
264 | - * @param update notification if this event derives from an update |
265 | - * @param entry host association entry for this connection |
266 | - * @return the msg, NULL if an error occurred |
267 | - */ |
268 | -struct hip_common *create_add_sa_msg(const struct in6_addr *saddr, |
269 | - const struct in6_addr *daddr, |
270 | - const struct in6_addr *src_hit, |
271 | - const struct in6_addr *dst_hit, |
272 | - const uint32_t spi, const int ealg, |
273 | - const struct hip_crypto_key *enckey, |
274 | - const struct hip_crypto_key *authkey, |
275 | - const int retransmission, |
276 | - const int direction, const int update, |
277 | - struct hip_hadb_state *entry) |
278 | -{ |
279 | - struct hip_common *msg = NULL; |
280 | - int err = 0; |
281 | - |
282 | - HIP_IFEL(!(msg = malloc(HIP_MAX_PACKET)), -1, |
283 | - "alloc memory for adding sa entry\n"); |
284 | - |
285 | - hip_msg_init(msg); |
286 | - |
287 | - HIP_IFEL(hip_build_user_hdr(msg, HIP_MSG_IPSEC_ADD_SA, 0), -1, |
288 | - "build hdr failed\n"); |
289 | - |
290 | - HIP_DEBUG_IN6ADDR("Source IP address: ", saddr); |
291 | - HIP_IFEL(hip_build_param_contents(msg, saddr, |
292 | - HIP_PARAM_IPV6_ADDR, |
293 | - sizeof(struct in6_addr)), -1, |
294 | - "build param contents failed\n"); |
295 | - |
296 | - HIP_DEBUG_IN6ADDR("Destination IP address : ", daddr); |
297 | - HIP_IFEL(hip_build_param_contents(msg, daddr, |
298 | - HIP_PARAM_IPV6_ADDR, |
299 | - sizeof(struct in6_addr)), -1, |
300 | - "build param contents failed\n"); |
301 | - |
302 | - HIP_DEBUG_HIT("Source HIT: ", src_hit); |
303 | - HIP_IFEL(hip_build_param_contents(msg, src_hit, HIP_PARAM_HIT, |
304 | - sizeof(struct in6_addr)), -1, |
305 | - "build param contents failed\n"); |
306 | - |
307 | - HIP_DEBUG_HIT("Destination HIT: ", dst_hit); |
308 | - HIP_IFEL(hip_build_param_contents(msg, dst_hit, HIP_PARAM_HIT, |
309 | - sizeof(struct in6_addr)), -1, |
310 | - "build param contents failed\n"); |
311 | - |
312 | - HIP_DEBUG("the spi value is : %x \n", spi); |
313 | - HIP_IFEL(hip_build_param_contents(msg, &spi, HIP_PARAM_UINT, |
314 | - sizeof(uint32_t)), -1, |
315 | - "build param contents failed\n"); |
316 | - |
317 | - HIP_DEBUG("the nat_mode value is %u \n", entry->nat_mode); |
318 | - HIP_IFEL(hip_build_param_contents(msg, &entry->nat_mode, HIP_PARAM_UINT, |
319 | - sizeof(uint8_t)), -1, |
320 | - "build param contents failed\n"); |
321 | - |
322 | - HIP_DEBUG("the local_port value is %u \n", entry->local_udp_port); |
323 | - HIP_IFEL(hip_build_param_contents(msg, &entry->local_udp_port, |
324 | - HIP_PARAM_UINT, sizeof(uint16_t)), -1, "build param contents failed\n"); |
325 | - |
326 | - HIP_DEBUG("the peer_port value is %u \n", entry->peer_udp_port); |
327 | - HIP_IFEL(hip_build_param_contents(msg, &entry->peer_udp_port, |
328 | - HIP_PARAM_UINT, sizeof(uint16_t)), -1, "build param contents failed\n"); |
329 | - |
330 | - // params needed by the esp protection extension |
331 | - HIP_IFEL(esp_prot_sa_add(entry, msg, direction, update), -1, |
332 | - "failed to add esp prot params\n"); |
333 | - |
334 | - HIP_HEXDUMP("crypto key :", enckey, sizeof(struct hip_crypto_key)); |
335 | - HIP_IFEL(hip_build_param_contents(msg, |
336 | - enckey, |
337 | - HIP_PARAM_KEYS, |
338 | - sizeof(struct hip_crypto_key)), -1, |
339 | - "build param contents failed\n"); |
340 | - |
341 | - HIP_HEXDUMP("authen key :", authkey, sizeof(struct hip_crypto_key)); |
342 | - HIP_IFEL(hip_build_param_contents(msg, |
343 | - authkey, |
344 | - HIP_PARAM_KEYS, |
345 | - sizeof(struct hip_crypto_key)), -1, |
346 | - "build param contents failed\n"); |
347 | - |
348 | - HIP_DEBUG("ealg value is %d \n", ealg); |
349 | - HIP_IFEL(hip_build_param_contents(msg, &ealg, HIP_PARAM_INT, |
350 | - sizeof(int)), -1, |
351 | - "build param contents failed\n"); |
352 | - |
353 | - HIP_DEBUG("retransmission value is %d \n", retransmission); |
354 | - HIP_IFEL(hip_build_param_contents(msg, &retransmission, |
355 | - HIP_PARAM_INT, sizeof(int)), -1, |
356 | - "build param contents failed\n"); |
357 | - |
358 | - HIP_DEBUG("the direction value is %d \n", direction); |
359 | - HIP_IFEL(hip_build_param_contents(msg, &direction, |
360 | - HIP_PARAM_INT, |
361 | - sizeof(int)), -1, |
362 | - "build param contents failed\n"); |
363 | - |
364 | - HIP_DEBUG("the update value is %d \n", update); |
365 | - HIP_IFEL(hip_build_param_contents(msg, &update, HIP_PARAM_INT, |
366 | - sizeof(int)), -1, |
367 | - "build param contents failed\n"); |
368 | - |
369 | -out_err: |
370 | - if (err) { |
371 | - free(msg); |
372 | - msg = NULL; |
373 | - } |
374 | - |
375 | - return msg; |
376 | -} |
377 | - |
378 | -/** creates a user-message to delete a SA from userspace IPsec |
379 | - * |
380 | - * @param spi ipsec spi for demultiplexing |
381 | - * @param peer_addr outer globally routable source ip address |
382 | - * @param dst_addr outer globally routable destination ip address |
383 | - * @param family protocol family of above addresses |
384 | - * @param src_port local port for this host association |
385 | - * @param dst_port peer port for this host association |
386 | - * @return the msg, NULL if an error occured |
387 | - */ |
388 | -struct hip_common *create_delete_sa_msg(const uint32_t spi, |
389 | - const struct in6_addr *peer_addr, |
390 | - const struct in6_addr *dst_addr, |
391 | - const int family, |
392 | - const int src_port, |
393 | - const int dst_port) |
394 | -{ |
395 | - struct hip_common *msg = NULL; |
396 | - int err = 0; |
397 | - |
398 | - HIP_IFEL(!(msg = malloc(HIP_MAX_PACKET)), -1, |
399 | - "alloc memory for adding sa entry\n"); |
400 | - |
401 | - hip_msg_init(msg); |
402 | - |
403 | - HIP_IFEL(hip_build_user_hdr(msg, HIP_MSG_IPSEC_DELETE_SA, 0), -1, |
404 | - "build hdr failed\n"); |
405 | - |
406 | - HIP_DEBUG("spi value: %u\n", spi); |
407 | - HIP_IFEL(hip_build_param_contents(msg, &spi, HIP_PARAM_UINT, |
408 | - sizeof(uint32_t)), -1, "build param contents failed\n"); |
409 | - |
410 | - HIP_DEBUG_IN6ADDR("peer address: ", peer_addr); |
411 | - HIP_IFEL(hip_build_param_contents(msg, peer_addr, HIP_PARAM_IPV6_ADDR, |
412 | - sizeof(struct in6_addr)), -1, "build param contents failed\n"); |
413 | - |
414 | - HIP_DEBUG_IN6ADDR("destination address: ", dst_addr); |
415 | - HIP_IFEL(hip_build_param_contents(msg, dst_addr, HIP_PARAM_IPV6_ADDR, |
416 | - sizeof(struct in6_addr)), -1, "build param contents failed\n"); |
417 | - |
418 | - HIP_DEBUG("family: %i\n", family); |
419 | - HIP_IFEL(hip_build_param_contents(msg, &family, HIP_PARAM_INT, |
420 | - sizeof(int)), -1, "build param contents failed\n"); |
421 | - |
422 | - HIP_DEBUG("src_port: %i\n", src_port); |
423 | - HIP_IFEL(hip_build_param_contents(msg, &src_port, HIP_PARAM_INT, |
424 | - sizeof(int)), -1, "build param contents failed\n"); |
425 | - |
426 | - HIP_DEBUG("src_port: %i\n", dst_port); |
427 | - HIP_IFEL(hip_build_param_contents(msg, &dst_port, HIP_PARAM_INT, |
428 | - sizeof(int)), -1, "build param contents failed\n"); |
429 | - |
430 | -out_err: |
431 | - if (err) { |
432 | - free(msg); |
433 | - msg = NULL; |
434 | - } |
435 | - |
436 | - return msg; |
437 | -} |
438 | - |
439 | -/** |
440 | - * create a user-message to flush all SAs from userspace IPsec |
441 | - * |
442 | - * @return the msg, NULL if an error occured |
443 | - */ |
444 | -struct hip_common *create_flush_all_sa_msg(void) |
445 | -{ |
446 | - struct hip_common *msg = NULL; |
447 | - int err = 0; |
448 | - |
449 | - HIP_IFEL(!(msg = malloc(HIP_MAX_PACKET)), -1, |
450 | - "alloc memory for adding sa entry\n"); |
451 | - |
452 | - hip_msg_init(msg); |
453 | - |
454 | - HIP_IFEL(hip_build_user_hdr(msg, HIP_MSG_IPSEC_FLUSH_ALL_SA, 0), -1, |
455 | - "build hdr failed\n"); |
456 | - |
457 | - // this triggers the flushing without specifying any parameters |
458 | - |
459 | -out_err: |
460 | - if (err) { |
461 | - free(msg); |
462 | - msg = NULL; |
463 | - } |
464 | - |
465 | - return msg; |
466 | -} |
467 | |
468 | === modified file 'hipd/user_ipsec_hipd_msg.h' |
469 | --- hipd/user_ipsec_hipd_msg.h 2011-08-15 14:11:56 +0000 |
470 | +++ hipd/user_ipsec_hipd_msg.h 2011-10-17 18:32:42 +0000 |
471 | @@ -39,22 +39,5 @@ |
472 | #include "lib/core/protodefs.h" |
473 | |
474 | int hip_userspace_ipsec_activate(const struct hip_common *msg); |
475 | -struct hip_common *create_add_sa_msg(const struct in6_addr *saddr, |
476 | - const struct in6_addr *daddr, |
477 | - const struct in6_addr *src_hit, |
478 | - const struct in6_addr *dst_hit, |
479 | - const uint32_t spi, const int ealg, |
480 | - const struct hip_crypto_key *enckey, |
481 | - const struct hip_crypto_key *authkey, |
482 | - const int retransmission, |
483 | - const int direction, const int update, |
484 | - struct hip_hadb_state *entry); |
485 | -struct hip_common *create_delete_sa_msg(const uint32_t spi, |
486 | - const struct in6_addr *peer_addr, |
487 | - const struct in6_addr *dst_addr, |
488 | - const int family, |
489 | - const int src_port, |
490 | - const int dst_port); |
491 | -struct hip_common *create_flush_all_sa_msg(void); |
492 | |
493 | #endif /* HIP_HIPD_USER_IPSEC_HIPD_MSG_H */ |
494 | |
495 | === removed file 'hipd/user_ipsec_sadb_api.c' |
496 | --- hipd/user_ipsec_sadb_api.c 2011-08-15 14:11:56 +0000 |
497 | +++ hipd/user_ipsec_sadb_api.c 1970-01-01 00:00:00 +0000 |
498 | @@ -1,133 +0,0 @@ |
499 | -/* |
500 | - * Copyright (c) 2010 Aalto University and RWTH Aachen University. |
501 | - * |
502 | - * Permission is hereby granted, free of charge, to any person |
503 | - * obtaining a copy of this software and associated documentation |
504 | - * files (the "Software"), to deal in the Software without |
505 | - * restriction, including without limitation the rights to use, |
506 | - * copy, modify, merge, publish, distribute, sublicense, and/or sell |
507 | - * copies of the Software, and to permit persons to whom the |
508 | - * Software is furnished to do so, subject to the following |
509 | - * conditions: |
510 | - * |
511 | - * The above copyright notice and this permission notice shall be |
512 | - * included in all copies or substantial portions of the Software. |
513 | - * |
514 | - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, |
515 | - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES |
516 | - * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND |
517 | - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT |
518 | - * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, |
519 | - * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING |
520 | - * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR |
521 | - * OTHER DEALINGS IN THE SOFTWARE. |
522 | - */ |
523 | - |
524 | -/** |
525 | - * @file |
526 | - * Provides the API used by the hipd to set up and maintain the |
527 | - * userspace IPsec state in the hipfw. |
528 | - * |
529 | - * @brief API used by the hipd to set up and maintain userspace IPsec state |
530 | - */ |
531 | - |
532 | -#include <stdint.h> |
533 | -#include <arpa/inet.h> |
534 | -#include <netinet/in.h> |
535 | - |
536 | -#include "lib/core/debug.h" |
537 | -#include "lib/core/icomm.h" |
538 | -#include "lib/core/ife.h" |
539 | -#include "lib/core/prefix.h" |
540 | -#include "lib/core/protodefs.h" |
541 | -#include "lib/core/state.h" |
542 | -#include "user.h" |
543 | -#include "user_ipsec_hipd_msg.h" |
544 | -#include "user_ipsec_sadb_api.h" |
545 | - |
546 | - |
547 | -/** generic send function used to send the below created messages |
548 | - * |
549 | - * @param msg the message to be sent |
550 | - * @return 0, if correct, else != 0 |
551 | - */ |
552 | -static int hip_userspace_ipsec_send_to_fw(const struct hip_common *msg) |
553 | -{ |
554 | - struct sockaddr_in6 hip_fw_addr; |
555 | - struct in6_addr loopback = in6addr_loopback; |
556 | - int err = 0; |
557 | - |
558 | - HIP_ASSERT(msg != NULL); |
559 | - |
560 | - // destination is firewall |
561 | - hip_fw_addr.sin6_family = AF_INET6; |
562 | - hip_fw_addr.sin6_port = htons(HIP_FIREWALL_PORT); |
563 | - ipv6_addr_copy(&hip_fw_addr.sin6_addr, &loopback); |
564 | - |
565 | - err = hip_sendto_user(msg, (struct sockaddr *) &hip_fw_addr); |
566 | - if (err < 0) { |
567 | - HIP_ERROR("sending of message to firewall failed\n"); |
568 | - |
569 | - err = -1; |
570 | - goto out_err; |
571 | - } else { |
572 | - HIP_DEBUG("sending of message to firewall successful\n"); |
573 | - |
574 | - // this is needed if we want to use HIP_IFEL |
575 | - err = 0; |
576 | - } |
577 | - |
578 | -out_err: |
579 | - return err; |
580 | -} |
581 | - |
582 | -/** adds a new SA entry for the specified direction to the sadb in userspace ipsec |
583 | - * @note If you make changes to this function, please change also hip_add_sa() |
584 | - * |
585 | - * @param saddr outer globally routable source ip address |
586 | - * @param daddr outer globally routable destination ip address |
587 | - * @param src_hit inner source address |
588 | - * @param dst_hit inner destination address |
589 | - * @param spi ipsec spi for demultiplexing |
590 | - * @param ealg crypto transform to be used for the SA |
591 | - * @param enckey raw encryption key |
592 | - * @param authkey raw authentication key |
593 | - * @param retransmission notification if this event is due to retransmission |
594 | - * @param direction represents inbound or outbound direction |
595 | - * @param update notification if this event derives from an update |
596 | - * @param entry host association entry for this connection |
597 | - * @return 0, if correct, otherwise -1 |
598 | - */ |
599 | -uint32_t hip_userspace_ipsec_add_sa(const struct in6_addr *saddr, |
600 | - const struct in6_addr *daddr, |
601 | - const struct in6_addr *src_hit, |
602 | - const struct in6_addr *dst_hit, |
603 | - const uint32_t spi, const int ealg, |
604 | - const struct hip_crypto_key *enckey, |
605 | - const struct hip_crypto_key *authkey, |
606 | - const int retransmission, |
607 | - const int direction, const int update, |
608 | - struct hip_hadb_state *entry) |
609 | -{ |
610 | - struct hip_common *msg = NULL; |
611 | - int err = 0; |
612 | - |
613 | - HIP_ASSERT(spi != 0); |
614 | - |
615 | - HIP_IFEL(entry->disable_sas == 1, 0, "SA creation disabled\n"); |
616 | - |
617 | - if (direction == HIP_SPI_DIRECTION_OUT) { |
618 | - entry->outbound_sa_count++; |
619 | - } else { |
620 | - entry->inbound_sa_count++; |
621 | - } |
622 | - |
623 | - HIP_IFEL(!(msg = create_add_sa_msg(saddr, daddr, src_hit, dst_hit, spi, ealg, enckey, |
624 | - authkey, retransmission, direction, update, entry)), -1, |
625 | - "failed to create add_sa message\n"); |
626 | - |
627 | - HIP_IFEL(hip_userspace_ipsec_send_to_fw(msg), -1, "failed to send msg to fw\n"); |
628 | - |
629 | -out_err: |
630 | - return err; |
631 | -} |
632 | |
633 | === removed file 'hipd/user_ipsec_sadb_api.h' |
634 | --- hipd/user_ipsec_sadb_api.h 2011-08-15 14:11:56 +0000 |
635 | +++ hipd/user_ipsec_sadb_api.h 1970-01-01 00:00:00 +0000 |
636 | @@ -1,55 +0,0 @@ |
637 | -/* |
638 | - * Copyright (c) 2010 Aalto University and RWTH Aachen University. |
639 | - * |
640 | - * Permission is hereby granted, free of charge, to any person |
641 | - * obtaining a copy of this software and associated documentation |
642 | - * files (the "Software"), to deal in the Software without |
643 | - * restriction, including without limitation the rights to use, |
644 | - * copy, modify, merge, publish, distribute, sublicense, and/or sell |
645 | - * copies of the Software, and to permit persons to whom the |
646 | - * Software is furnished to do so, subject to the following |
647 | - * conditions: |
648 | - * |
649 | - * The above copyright notice and this permission notice shall be |
650 | - * included in all copies or substantial portions of the Software. |
651 | - * |
652 | - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, |
653 | - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES |
654 | - * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND |
655 | - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT |
656 | - * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, |
657 | - * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING |
658 | - * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR |
659 | - * OTHER DEALINGS IN THE SOFTWARE. |
660 | - */ |
661 | - |
662 | -/** |
663 | - * @file |
664 | - * Provides the API used by the hipd to set up and maintain the |
665 | - * userspace IPsec state in the hipfw. |
666 | - * |
667 | - * @brief API used by the hipd to set up and maintain userspace IPsec state |
668 | - */ |
669 | - |
670 | -#ifndef HIP_HIPD_USER_IPSEC_SADB_API_H |
671 | -#define HIP_HIPD_USER_IPSEC_SADB_API_H |
672 | - |
673 | -#include <stdint.h> |
674 | -#include <netinet/in.h> |
675 | - |
676 | -#include "lib/core/protodefs.h" |
677 | - |
678 | -uint32_t hip_userspace_ipsec_add_sa(const struct in6_addr *saddr, |
679 | - const struct in6_addr *daddr, |
680 | - const struct in6_addr *src_hit, |
681 | - const struct in6_addr *dst_hit, |
682 | - const uint32_t spi, const int ealg, |
683 | - const struct hip_crypto_key *enckey, |
684 | - const struct hip_crypto_key *authkey, |
685 | - const int retransmission, |
686 | - const int direction, const int update, |
687 | - struct hip_hadb_state *entry); |
688 | - |
689 | -int hip_userspace_ipsec_setup_default_sp_prefix_pair(void); |
690 | - |
691 | -#endif /* HIP_HIPD_USER_IPSEC_SADB_API_H */ |
692 | |
693 | === modified file 'lib/core/builder.c' |
694 | --- lib/core/builder.c 2011-08-15 14:11:56 +0000 |
695 | +++ lib/core/builder.c 2011-10-17 18:32:42 +0000 |
696 | @@ -918,18 +918,6 @@ |
697 | * @return pointer to the contents of the tlv_common (just after the |
698 | * the type and length fields) |
699 | */ |
700 | -void *hip_get_param_contents_direct_readwrite(void *tlv_common) |
701 | -{ |
702 | - return ((uint8_t *) tlv_common) + sizeof(struct hip_tlv_common); |
703 | -} |
704 | - |
705 | -/** |
706 | - * hip_get_param_contents_direct - get parameter contents direct from TLV |
707 | - * |
708 | - * @param tlv_common pointer to a parameter |
709 | - * @return pointer to the contents of the tlv_common (just after the |
710 | - * the type and length fields) |
711 | - */ |
712 | const void *hip_get_param_contents_direct(const void *tlv_common) |
713 | { |
714 | return ((const uint8_t *) tlv_common) + sizeof(struct hip_tlv_common); |
715 | @@ -3373,56 +3361,6 @@ |
716 | } |
717 | |
718 | /** |
719 | - * Build and append a X509 certiticate request parameter into a HIP control |
720 | - * message (on-the-wire) |
721 | - * |
722 | - * @param msg a pointer to the message where the parameter will be |
723 | - * appended |
724 | - * @param addr the subject for the certificate |
725 | - * @return zero on success, or negative on failure |
726 | - * @see <a href="http://tools.ietf.org/html/draft-ietf-hip-cert">draft-ietf-hip-cert</a> |
727 | - * |
728 | - */ |
729 | -int hip_build_param_cert_x509_req(struct hip_common *msg, struct in6_addr *addr) |
730 | -{ |
731 | - struct hip_cert_x509_req subj; |
732 | - |
733 | - hip_set_param_type((struct hip_tlv_common *) &subj, HIP_PARAM_CERT_X509_REQ); |
734 | - hip_calc_param_len((struct hip_tlv_common *) &subj, |
735 | - sizeof(struct hip_cert_x509_req) |
736 | - - sizeof(struct hip_tlv_common)); |
737 | - ipv6_addr_copy(&subj.addr, addr); |
738 | - |
739 | - return hip_build_param(msg, &subj); |
740 | -} |
741 | - |
742 | -/** |
743 | - * build and append a X509 certificate verification parameter into a |
744 | - * HIP control message (on-the-wire) |
745 | - * |
746 | - * @param msg a pointer to the message where the parameter will be |
747 | - * appended |
748 | - * @param der der field |
749 | - * @param len length of the der field in bytes |
750 | - * @return zero on success, or negative on failure |
751 | - * @see <a href="http://tools.ietf.org/html/draft-ietf-hip-cert">draft-ietf-hip-cert</a> |
752 | - * |
753 | - */ |
754 | -int hip_build_param_cert_x509_ver(struct hip_common *msg, char *der, int len) |
755 | -{ |
756 | - struct hip_cert_x509_resp subj; |
757 | - |
758 | - hip_set_param_type((struct hip_tlv_common *) &subj, HIP_PARAM_CERT_X509_REQ); |
759 | - hip_calc_param_len((struct hip_tlv_common *) &subj, |
760 | - sizeof(struct hip_cert_x509_resp) |
761 | - - sizeof(struct hip_tlv_common)); |
762 | - memcpy(&subj.der, der, len); |
763 | - subj.der_len = len; |
764 | - |
765 | - return hip_build_param(msg, &subj); |
766 | -} |
767 | - |
768 | -/** |
769 | * build and append a X509 certificate response into a HIP control message |
770 | * (on-the-wire) |
771 | * |
772 | |
773 | === modified file 'lib/core/builder.h' |
774 | --- lib/core/builder.h 2011-08-15 14:11:56 +0000 |
775 | +++ lib/core/builder.h 2011-10-17 18:32:42 +0000 |
776 | @@ -155,9 +155,7 @@ |
777 | const struct in6_addr rvs_addresses[]); |
778 | int hip_build_param_cert_spki_info(struct hip_common *msg, |
779 | struct hip_cert_spki_info *cert_info); |
780 | -int hip_build_param_cert_x509_req(struct hip_common *, struct in6_addr *); |
781 | int hip_build_param_cert_x509_resp(struct hip_common *, char *, int); |
782 | -int hip_build_param_cert_x509_ver(struct hip_common *, char *, int); |
783 | |
784 | int hip_build_param_hit_to_ip_set(struct hip_common *, const char *); |
785 | int hip_build_user_hdr(struct hip_common *, hip_hdr, hip_hdr_err); |
786 | @@ -187,7 +185,6 @@ |
787 | void *hip_get_param_readwrite(struct hip_common *, hip_tlv); |
788 | const void *hip_get_param_contents(const struct hip_common *, hip_tlv); |
789 | const void *hip_get_param_contents_direct(const void *); |
790 | -void *hip_get_param_contents_direct_readwrite(void *); |
791 | hip_tlv_len hip_get_param_contents_len(const void *); |
792 | int hip_get_param_host_id_di_type_len(const struct hip_host_id *, |
793 | const char **, int *); |
794 | |
795 | === modified file 'lib/core/certtools.c' |
796 | --- lib/core/certtools.c 2011-08-15 14:11:56 +0000 |
797 | +++ lib/core/certtools.c 2011-10-17 18:32:42 +0000 |
798 | @@ -624,139 +624,6 @@ |
799 | return err; |
800 | } |
801 | |
802 | -/** |
803 | - * Function that sends the given hip_cert_spki_info to the daemon to |
804 | - * verification |
805 | - * |
806 | - * @param to_verification is the cert to be verified |
807 | - * |
808 | - * @return 0 if ok and negative if error or unsuccesfull. |
809 | - * |
810 | - * @note use hip_cert_spki_char2certinfo to build the hip_cert_spki_info |
811 | - */ |
812 | -int hip_cert_spki_send_to_verification(struct hip_cert_spki_info *to_verification) |
813 | -{ |
814 | - int err = 0; |
815 | - struct hip_common *msg; |
816 | - const struct hip_cert_spki_info *returned; |
817 | - |
818 | - HIP_IFEL(!(msg = malloc(HIP_MAX_PACKET)), -1, |
819 | - "Malloc for msg failed\n"); |
820 | - hip_msg_init(msg); |
821 | - /* build the msg to be sent to the daemon */ |
822 | - HIP_IFEL(hip_build_user_hdr(msg, HIP_MSG_CERT_SPKI_VERIFY, 0), -1, |
823 | - "Failed to build user header\n"); |
824 | - HIP_IFEL(hip_build_param_cert_spki_info(msg, to_verification), -1, |
825 | - "Failed to build cert_info\n"); |
826 | - |
827 | - /* send and wait */ |
828 | - HIP_DEBUG("Sending request to verify SPKI cert to " |
829 | - "daemon and waiting for answer\n"); |
830 | - hip_send_recv_daemon_info(msg, 0, 0); |
831 | - |
832 | - HIP_IFEL(!(returned = hip_get_param(msg, HIP_PARAM_CERT_SPKI_INFO)), |
833 | - -1, "No hip_cert_spki_info struct found from daemons msg\n"); |
834 | - |
835 | - memcpy(to_verification, returned, sizeof(struct hip_cert_spki_info)); |
836 | - |
837 | -out_err: |
838 | - free(msg); |
839 | - return err; |
840 | -} |
841 | - |
842 | -/****************************************************************************** |
843 | - * FUNCTIONS FOR x509v3 * |
844 | - ******************************************************************************/ |
845 | - |
846 | -/** |
847 | - * Function that requests for a certificate from daemon and gives it back. |
848 | - * |
849 | - * @param subject is the subjects HIT |
850 | - * |
851 | - * @param certificate is pointer to a buffer to which this function writes the completed cert |
852 | - * |
853 | - * @return positive on success negative otherwise |
854 | - * |
855 | - * @note The certificate is given in DER encoding |
856 | - */ |
857 | -int hip_cert_x509v3_request_certificate(struct in6_addr *subject, |
858 | - unsigned char *certificate) |
859 | -{ |
860 | - int err = 0; |
861 | - struct hip_common *msg; |
862 | - const struct hip_cert_x509_resp *p; |
863 | - |
864 | - HIP_IFEL(!(msg = malloc(HIP_MAX_PACKET)), -1, |
865 | - "Malloc for msg failed\n"); |
866 | - hip_msg_init(msg); |
867 | - /* build the msg to be sent to the daemon */ |
868 | - |
869 | - HIP_IFEL(hip_build_user_hdr(msg, HIP_MSG_CERT_X509V3_SIGN, 0), -1, |
870 | - "Failed to build user header\n"); |
871 | - HIP_IFEL(hip_build_param_cert_x509_req(msg, subject), -1, |
872 | - "Failed to build cert_info\n"); |
873 | - /* send and wait */ |
874 | - HIP_DEBUG("Sending request to sign x509 cert to " |
875 | - "daemon and waiting for answer\n"); |
876 | - hip_send_recv_daemon_info(msg, 0, 0); |
877 | - /* get the struct from the message sent back by the daemon */ |
878 | - HIP_IFEL(!(p = hip_get_param(msg, HIP_PARAM_CERT_X509_RESP)), -1, |
879 | - "No name x509 struct found\n"); |
880 | - memcpy(certificate, p->der, p->der_len); |
881 | - err = p->der_len; |
882 | - |
883 | -out_err: |
884 | - free(msg); |
885 | - return err; |
886 | -} |
887 | - |
888 | -/** |
889 | - * Function that requests for a verification of a certificate from |
890 | - * daemon and tells the result. |
891 | - * |
892 | - * @param certificate is pointer to a certificate to be verified |
893 | - * @param len is the length of the cert in certificate parameter in bytes |
894 | - * |
895 | - * @return 0 on success negative otherwise |
896 | - * |
897 | - * @note give the certificate in PEM encoding |
898 | - */ |
899 | -int hip_cert_x509v3_request_verification(unsigned char *certificate, int len) |
900 | -{ |
901 | - int err = 0; |
902 | - struct hip_common *msg; |
903 | - const struct hip_cert_x509_resp *received; |
904 | - |
905 | - HIP_IFEL(!(msg = malloc(HIP_MAX_PACKET)), -1, |
906 | - "Malloc for msg failed\n"); |
907 | - hip_msg_init(msg); |
908 | - |
909 | - /* build the msg to be sent to the daemon */ |
910 | - HIP_IFEL(hip_build_user_hdr(msg, HIP_MSG_CERT_X509V3_VERIFY, 0), -1, |
911 | - "Failed to build user header\n"); |
912 | - HIP_IFEL(hip_build_param_cert_x509_ver(msg, (char *) certificate, len), -1, |
913 | - "Failed to build cert_info\n"); |
914 | - |
915 | - /* send and wait */ |
916 | - HIP_DEBUG("Sending request to verify x509 cert to " |
917 | - "daemon and waiting for answer\n"); |
918 | - hip_send_recv_daemon_info(msg, 0, 0); |
919 | - |
920 | - /* get the struct from the message sent back by the daemon */ |
921 | - HIP_IFEL(!(received = hip_get_param(msg, HIP_PARAM_CERT_X509_RESP)), -1, |
922 | - "No x509 struct found\n"); |
923 | - err = hip_get_msg_err(msg); |
924 | - if (err == 0) { |
925 | - HIP_DEBUG("Verified successfully\n"); |
926 | - } else { |
927 | - HIP_DEBUG("Verification failed\n"); |
928 | - } |
929 | - |
930 | -out_err: |
931 | - free(msg); |
932 | - return err; |
933 | -} |
934 | - |
935 | /******************************************************************************* |
936 | * UTILITARY FUNCTIONS * |
937 | *******************************************************************************/ |
938 | |
939 | === modified file 'lib/core/certtools.h' |
940 | --- lib/core/certtools.h 2011-08-15 14:11:56 +0000 |
941 | +++ lib/core/certtools.h 2011-10-17 18:32:42 +0000 |
942 | @@ -64,11 +64,6 @@ |
943 | const char *, struct in6_addr *, |
944 | time_t *, time_t *); |
945 | int hip_cert_spki_char2certinfo(char *, struct hip_cert_spki_info *); |
946 | -int hip_cert_spki_send_to_verification(struct hip_cert_spki_info *); |
947 | - |
948 | -/* x509v3 cert related functions */ |
949 | -int hip_cert_x509v3_request_certificate(struct in6_addr *, unsigned char *); |
950 | -int hip_cert_x509v3_request_verification(unsigned char *, int); |
951 | |
952 | /** Utilitary functions */ |
953 | STACK_OF(CONF_VALUE) * hip_cert_read_conf_section(const char *, CONF *); |
954 | |
955 | === modified file 'lib/core/modularization.c' |
956 | --- lib/core/modularization.c 2011-10-12 09:20:36 +0000 |
957 | +++ lib/core/modularization.c 2011-10-17 18:32:42 +0000 |
958 | @@ -95,8 +95,7 @@ |
959 | /** |
960 | * List of parameter types. |
961 | * |
962 | - * Used to track all registered parameter types. Each module which defines a new |
963 | - * parameter type must register it using lmod_register_parameter_type. |
964 | + * Used to track all registered parameter types. |
965 | */ |
966 | static struct hip_ll parameter_types; |
967 | |
968 | |
969 | === modified file 'lib/tool/xfrmapi.c' |
970 | --- lib/tool/xfrmapi.c 2011-08-15 14:11:56 +0000 |
971 | +++ lib/tool/xfrmapi.c 2011-10-17 18:32:42 +0000 |
972 | @@ -701,8 +701,6 @@ |
973 | * @param entry corresponding host association |
974 | * @return zero on success and non-zero on error |
975 | * @note IPv4 addresses in IPv6 mapped format |
976 | - * @note If you make changes to this function, please change also |
977 | - * hipd/user_ipsec_sadb_api.c:hip_userspace_ipsec_add_sa(). |
978 | */ |
979 | uint32_t hip_add_sa(const struct in6_addr *saddr, |
980 | const struct in6_addr *daddr, |
981 | |
982 | === modified file 'test/certteststub.c' |
983 | --- test/certteststub.c 2011-08-15 14:11:56 +0000 |
984 | +++ test/certteststub.c 2011-10-17 18:32:42 +0000 |
985 | @@ -48,25 +48,18 @@ |
986 | #include "lib/core/protodefs.h" |
987 | |
988 | |
989 | -int main(int argc, char *argv[]) |
990 | +int main(void) |
991 | { |
992 | - int err = 0, i = 0, len; |
993 | + int err = 0, i = 0; |
994 | struct hip_cert_spki_info *cert = NULL; |
995 | struct hip_cert_spki_info *to_verification = NULL; |
996 | time_t not_before = 0, not_after = 0; |
997 | struct hip_common *msg; |
998 | struct in6_addr *defhit; |
999 | char certificate[1024]; |
1000 | - unsigned char der_cert[1024]; |
1001 | CONF *conf; |
1002 | CONF_VALUE *item; |
1003 | - STACK_OF(CONF_VALUE) * sec = NULL; |
1004 | - STACK_OF(CONF_VALUE) * sec_name = NULL; |
1005 | - |
1006 | - if (argc != 2) { |
1007 | - printf("Usage: %s spki|x509\n", argv[0]); |
1008 | - exit(EXIT_SUCCESS); |
1009 | - } |
1010 | + STACK_OF(CONF_VALUE) * sec = NULL; |
1011 | |
1012 | HIP_DEBUG("- This test tool has to be run as root otherwise this will fail!\n"); |
1013 | HIP_DEBUG("- Hipd has to run otherwise this will hang!\n"); |
1014 | @@ -78,10 +71,6 @@ |
1015 | goto out_err; |
1016 | } |
1017 | |
1018 | - if (strcmp(argv[1], "spki")) { |
1019 | - goto skip_spki; |
1020 | - } |
1021 | - |
1022 | HIP_DEBUG("Starting to test SPKI certficate tools\n"); |
1023 | |
1024 | cert = malloc(sizeof(struct hip_cert_spki_info)); |
1025 | @@ -142,51 +131,12 @@ |
1026 | HIP_IFEL(hip_cert_spki_char2certinfo(certificate, to_verification), -1, |
1027 | "Failed to construct the hip_cert_spki_info from certificate\n"); |
1028 | |
1029 | - /* |
1030 | - * below, commented out, is the daemons version of the verification |
1031 | - * and below that is the lib version of the verification |
1032 | - */ |
1033 | - /* |
1034 | - * HIP_DEBUG("Sending the certificate to daemon for verification\n"); |
1035 | - * |
1036 | - * HIP_IFEL(hip_cert_spki_send_to_verification(to_verification), -1, |
1037 | - * "Failed in sending to verification\n"); |
1038 | - * HIP_IFEL(to_verification->success, -1, |
1039 | - * "Verification was not successfull\n"); |
1040 | - * HIP_DEBUG("Verification was successfull (return value %d)\n", |
1041 | - * to_verification->success); |
1042 | - */ |
1043 | /* Lets do the verification in library */ |
1044 | HIP_IFEL(hip_cert_spki_lib_verify(to_verification), -1, |
1045 | "Verification was not succesfull\n"); |
1046 | HIP_DEBUG("Verification was successfull (return value %d)\n", |
1047 | to_verification->success); |
1048 | |
1049 | - goto out_err; |
1050 | - |
1051 | -skip_spki: |
1052 | - HIP_DEBUG("Starting to test x509v3 support\n"); |
1053 | - |
1054 | - conf = hip_cert_open_conf(); |
1055 | - sec_name = hip_cert_read_conf_section("hip_x509v3_name", conf); |
1056 | - |
1057 | - for (i = 0; i < sk_CONF_VALUE_num(sec_name); i++) { |
1058 | - item = sk_CONF_VALUE_value(sec_name, i); |
1059 | - if (!strcmp(item->name, "issuerhit")) { |
1060 | - err = inet_pton(AF_INET6, item->value, defhit); |
1061 | - if (err < 1) { |
1062 | - err = -1; |
1063 | - goto out_err; |
1064 | - } |
1065 | - } |
1066 | - } |
1067 | - NCONF_free(conf); |
1068 | - len = hip_cert_x509v3_request_certificate(defhit, der_cert); |
1069 | - |
1070 | - /** Now send it back for the verification */ |
1071 | - HIP_IFEL((err = hip_cert_x509v3_request_verification(der_cert, len) < 0), |
1072 | - -1, "Failed to verify a certificate\n"); |
1073 | - |
1074 | out_err: |
1075 | HIP_DEBUG("If there was no errors above, \"everything\" is OK\n"); |
1076 |
You're killing userspace IPsec and certificate code?