HIPL

Merge lp:~diego-biurrun/hipl/unused_code into lp:hipl

  1. unused_code
  2. Merge into trunk
Proposed by Diego Biurrun
Status: Needs review
Proposed branch: lp:~diego-biurrun/hipl/unused_code
Merge into: lp:hipl
Diff against target: 1075 lines (+4/-826)
18 files modified
Makefile.am (+0/-1)
hipd/esp_prot_hipd_msg.c (+0/-81)
hipd/esp_prot_hipd_msg.h (+0/-2)
hipd/pkt_handling.c (+0/-20)
hipd/pkt_handling.h (+0/-6)
hipd/registration.c (+0/-33)
hipd/registration.h (+0/-1)
hipd/user_ipsec_hipd_msg.c (+0/-217)
hipd/user_ipsec_hipd_msg.h (+0/-17)
hipd/user_ipsec_sadb_api.c (+0/-133)
hipd/user_ipsec_sadb_api.h (+0/-55)
lib/core/builder.c (+0/-62)
lib/core/builder.h (+0/-3)
lib/core/certtools.c (+0/-133)
lib/core/certtools.h (+0/-5)
lib/core/modularization.c (+1/-2)
lib/tool/xfrmapi.c (+0/-2)
test/certteststub.c (+3/-53)
To merge this branch: bzr merge lp:~diego-biurrun/hipl/unused_code
Reviewer Review Type Date Requested Status
René Hummen Disapprove
Miika Komu Needs Information
Review via email: mp+79595@code.launchpad.net

Description of the change

This is a quick respin of an old branch I had lying around which eliminates some dead code. I would assume that further inspection could reveal even more dead code, but this branch drops 800 lines, which is a considerable amount already.

To post a comment you must log in.
Revision history for this message
Miika Komu (miika-iki) wrote :

You're killing userspace IPsec and certificate code?

review: Needs Information
Reply
Revision history for this message
Diego Biurrun (diego-biurrun) wrote :

On Tue, Oct 18, 2011 at 08:44:25AM +0000, Miika Komu wrote:
> Review: Needs Information
>
> You're killing userspace IPsec and certificate code?

I kill unused code without second thoughts towards its (theoretical) use ;)

Diego

Reply
Revision history for this message
René Hummen (rene-hummen) wrote :

I don't have the time right now to check this merge proposal, but it proposes to remove some esp token and userspace ipsec code. So, I have to disapprove the proposal until I had a closer look at it.

review: Disapprove
Reply
Revision history for this message
Diego Biurrun (diego-biurrun) wrote :

On Tue, Oct 25, 2011 at 12:32:33PM +0000, René Hummen wrote:
> Review: Disapprove
>
> I don't have the time right now to check this merge proposal, but it
> proposes to remove some esp token and userspace ipsec code. So, I have
> to disapprove the proposal until I had a closer look at it.

Could you have another look and/or be more specific which code must
stay and which can go?

Diego

Reply
Revision history for this message
Henrik Ziegeldorf (henrik-ziegeldorf) wrote :

> You're killing userspace IPsec and certificate code?

Some of the certificate code (the X509 stuff) is used and significantly modified in my PISA branch.
I don't use the SPKI stuff, though. However, I think there's more to remove there than proposed in this merge.

I'd propose the following:
1) You prepare another merge-proposal without the certificate stuff.
2) I'll merge the PISA stuff (after it has been approved)
3) You do a second branch for removing unused certificate functionality (SPKI-related stuff), if nobody has compelling reasons to keep that stuff.

Reply
Revision history for this message
Miika Komu (miika-iki) wrote :

I think the removal of userspace IPsec stuff should be separated as well.

Reply
Revision history for this message
Diego Biurrun (diego-biurrun) wrote :

On Wed, Dec 21, 2011 at 09:32:23AM +0000, Henrik Ziegeldorf wrote:
> > You're killing userspace IPsec and certificate code?
>
> Some of the certificate code (the X509 stuff) is used and significantly modified in my PISA branch.
> I don't use the SPKI stuff, though. However, I think there's more to remove there than proposed in this merge.
>
> I'd propose the following:
> 1) You prepare another merge-proposal without the certificate stuff.
> 2) I'll merge the PISA stuff (after it has been approved)
> 3) You do a second branch for removing unused certificate functionality (SPKI-related stuff), if nobody has compelling reasons to keep that stuff.

I will but it would be simpler if you guys could just approve or disapprove
certain parts directly. I have committed it in several small parts, just
go and look at the Launchpad web frontend for merge request handling.

Updated request coming up in a moment.

Diego

Reply

Unmerged revisions

5855. By Diego Biurrun

Merge current HEAD.

5854. By Diego Biurrun

Merge current HEAD.

5853. By Diego Biurrun

Merge current HEAD.

5852. By Diego Biurrun

Restore no longer unused modularization functions.

5851. By Diego Biurrun

Merge current HEAD.

5850. By Diego Biurrun

Merge current HEAD.

5849. By Diego Biurrun

Remove unused function hip_cert_spki_send_to_verification().

5848. By Diego Biurrun

Remove unused (outside of test programs) x509 code.

5847. By Diego Biurrun

Remove unused function esp_prot_sa_add().

5846. By Diego Biurrun

Remove unused function hip_del_pending_request().

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'Makefile.am'
--- Makefile.am 2011-10-17 18:14:10 +0000
+++ Makefile.am 2011-10-17 18:32:42 +0000
@@ -121,7 +121,6 @@
121 hipd/registration.c \121 hipd/registration.c \
122 hipd/user.c \122 hipd/user.c \
123 hipd/user_ipsec_hipd_msg.c \123 hipd/user_ipsec_hipd_msg.c \
124 hipd/user_ipsec_sadb_api.c \
125 modules/heartbeat/hipd/heartbeat.c \124 modules/heartbeat/hipd/heartbeat.c \
126 modules/heartbeat_update/hipd/hb_update.c \125 modules/heartbeat_update/hipd/hb_update.c \
127 modules/midauth/lib/midauth_builder.c \126 modules/midauth/lib/midauth_builder.c \
128127
=== modified file 'hipd/esp_prot_hipd_msg.c'
--- hipd/esp_prot_hipd_msg.c 2011-10-17 15:22:35 +0000
+++ hipd/esp_prot_hipd_msg.c 2011-10-17 18:32:42 +0000
@@ -459,87 +459,6 @@
459 return err;459 return err;
460}460}
461461
462/** sets the ESP protection extension transform and anchor in user-messages
463 * sent to the firewall in order to add a new SA
464 *
465 * @param entry the host association entry for this connection
466 * @param msg the user-message sent by the firewall
467 * @param direction direction of the entry to be created
468 * @param update this was triggered by an update
469 * @return 0 if ok, != 0 else
470 */
471int esp_prot_sa_add(struct hip_hadb_state *entry, struct hip_common *msg,
472 const int direction, const int update)
473{
474 unsigned char (*hchain_anchors)[MAX_HASH_LENGTH] = NULL;
475 int hash_length = 0;
476 uint32_t hash_item_length = 0;
477 int err = 0, i;
478
479 HIP_DEBUG("direction: %i\n", direction);
480
481 // we always tell the negotiated transform to the firewall
482 HIP_DEBUG("esp protection transform is %u \n", entry->esp_prot_transform);
483 HIP_IFEL(hip_build_param_contents(msg, &entry->esp_prot_transform,
484 HIP_PARAM_ESP_PROT_TFM, sizeof(uint8_t)), -1,
485 "build param contents failed\n");
486
487 // but we only transmit the anchor to the firewall, if the esp extension is used
488 if (entry->esp_prot_transform > ESP_PROT_TFM_UNUSED) {
489 hash_length = anchor_db_get_anchor_length(entry->esp_prot_transform);
490
491 // choose the anchor depending on the direction and update or add
492 if (update) {
493 if (direction == HIP_SPI_DIRECTION_OUT) {
494 HIP_IFEL(!(hchain_anchors = entry->esp_local_update_anchors), -1,
495 "hchain anchor expected, but not present\n");
496
497 hash_item_length = entry->esp_local_update_length;
498 } else {
499 HIP_IFEL(!(hchain_anchors = entry->esp_peer_update_anchors), -1,
500 "hchain anchor expected, but not present\n");
501
502 hash_item_length = entry->esp_peer_update_length;
503 }
504 } else {
505 if (direction == HIP_SPI_DIRECTION_OUT) {
506 HIP_IFEL(!(hchain_anchors = entry->esp_local_anchors), -1,
507 "hchain anchor expected, but not present\n");
508
509 hash_item_length = entry->esp_local_active_length;
510 } else {
511 HIP_IFEL(!(hchain_anchors = entry->esp_peer_anchors), -1,
512 "hchain anchor expected, but not present\n");
513
514 hash_item_length = entry->esp_peer_active_length;
515 }
516 }
517
518 // add parameters to hipfw message
519 HIP_IFEL(hip_build_param_contents(msg, &hash_item_length,
520 HIP_PARAM_ITEM_LENGTH, sizeof(uint32_t)), -1,
521 "build param contents failed\n");
522
523 // add parameters to hipfw message
524 HIP_IFEL(hip_build_param_contents(msg, &esp_prot_num_parallel_hchains,
525 HIP_PARAM_UINT, sizeof(uint16_t)), -1,
526 "build param contents failed\n");
527
528 for (i = 0; i < esp_prot_num_parallel_hchains; i++) {
529 HIP_HEXDUMP("esp protection anchor is ", &hchain_anchors[i][0], hash_length);
530
531 HIP_IFEL(hip_build_param_contents(msg, &hchain_anchors[i][0],
532 HIP_PARAM_HCHAIN_ANCHOR, hash_length), -1,
533 "build param contents failed\n");
534 }
535 } else {
536 HIP_DEBUG("no anchor added, transform UNUSED\n");
537 }
538
539out_err:
540 return err;
541}
542
543/********************* BEX parameters *********************/462/********************* BEX parameters *********************/
544463
545/**464/**
546465
=== modified file 'hipd/esp_prot_hipd_msg.h'
--- hipd/esp_prot_hipd_msg.h 2011-10-17 15:22:35 +0000
+++ hipd/esp_prot_hipd_msg.h 2011-10-17 18:32:42 +0000
@@ -47,8 +47,6 @@
47int esp_prot_set_preferred_transforms(const struct hip_common *msg);47int esp_prot_set_preferred_transforms(const struct hip_common *msg);
48int esp_prot_handle_trigger_update_msg(const struct hip_common *msg);48int esp_prot_handle_trigger_update_msg(const struct hip_common *msg);
49int esp_prot_handle_anchor_change_msg(const struct hip_common *msg);49int esp_prot_handle_anchor_change_msg(const struct hip_common *msg);
50int esp_prot_sa_add(struct hip_hadb_state *entry, struct hip_common *msg,
51 const int direction, const int update);
52int esp_prot_r1_add_transforms(struct hip_common *msg);50int esp_prot_r1_add_transforms(struct hip_common *msg);
53int esp_prot_r1_handle_transforms(UNUSED const uint8_t packet_type,51int esp_prot_r1_handle_transforms(UNUSED const uint8_t packet_type,
54 UNUSED const enum hip_state ha_state,52 UNUSED const enum hip_state ha_state,
5553
=== modified file 'hipd/pkt_handling.c'
--- hipd/pkt_handling.c 2011-10-17 15:22:35 +0000
+++ hipd/pkt_handling.c 2011-10-17 18:32:42 +0000
@@ -101,26 +101,6 @@
101}101}
102102
103/**103/**
104 * Remove a handle function from the list.
105 *
106 * @param packet_type The packet type of the control message (RFC 5201, 5.3.)
107 * @param ha_state The host association state (RFC 5201, 4.4.1.)
108 * @param handle_function Pointer to the function which should be unregistered.
109 *
110 * @return Success = 0
111 * Error = -1
112 */
113int hip_unregister_handle_function(const uint8_t packet_type,
114 const enum hip_state ha_state,
115 int (*handle_function)(const uint8_t packet_type,
116 const enum hip_state ha_state,
117 struct hip_packet_context *ctx))
118{
119 return lmod_unregister_function(hip_handle_functions[packet_type][ha_state],
120 handle_function);
121}
122
123/**
124 * Run all handle functions for specified combination from packet type and host104 * Run all handle functions for specified combination from packet type and host
125 * association state.105 * association state.
126 *106 *
127107
=== modified file 'hipd/pkt_handling.h'
--- hipd/pkt_handling.h 2011-10-17 15:22:35 +0000
+++ hipd/pkt_handling.h 2011-10-17 18:32:42 +0000
@@ -38,12 +38,6 @@
38 struct hip_packet_context *ctx),38 struct hip_packet_context *ctx),
39 const uint16_t priority);39 const uint16_t priority);
4040
41int hip_unregister_handle_function(const uint8_t packet_type,
42 const enum hip_state ha_state,
43 int (*handle_function)(const uint8_t packet_type,
44 const enum hip_state ha_state,
45 struct hip_packet_context *ctx));
46
47int hip_run_handle_functions(const uint8_t packet_type,41int hip_run_handle_functions(const uint8_t packet_type,
48 const enum hip_state ha_state,42 const enum hip_state ha_state,
49 struct hip_packet_context *ctx);43 struct hip_packet_context *ctx);
5044
=== modified file 'hipd/registration.c'
--- hipd/registration.c 2011-08-15 14:11:56 +0000
+++ hipd/registration.c 2011-10-17 18:32:42 +0000
@@ -112,7 +112,6 @@
112 const struct hip_ll_node *iter = NULL;112 const struct hip_ll_node *iter = NULL;
113 struct hip_pending_request *request = NULL;113 struct hip_pending_request *request = NULL;
114114
115 /* See hip_del_pending_request() for a comment. */
116 while ((iter = hip_ll_iterate(&pending_requests, iter)) != NULL) {115 while ((iter = hip_ll_iterate(&pending_requests, iter)) != NULL) {
117 request = iter->ptr;116 request = iter->ptr;
118 if (now - request->created > HIP_PENDING_REQUEST_LIFETIME) {117 if (now - request->created > HIP_PENDING_REQUEST_LIFETIME) {
@@ -233,37 +232,6 @@
233}232}
234233
235/**234/**
236 * Deletes a pending request. Deletes a pending request identified by the host
237 * association @c entry from the linked list @c pending_requests.
238 *
239 * @param entry a pointer to the host association to which the pending request
240 * to be deleted is bound.
241 * @return zero if the pending request was succesfully deleted, -1
242 * otherwise.
243 */
244int hip_del_pending_request(struct hip_hadb_state *entry)
245{
246 int idx = 0;
247 const struct hip_ll_node *iter = NULL;
248
249 /* Iterate through the linked list. The iterator itself can't be used
250 * for deleting nodes from the list. Therefore, we just get the index of
251 * the element to be deleted using the iterator and then call
252 * hip_ll_del() to do the actual deletion. */
253 while ((iter = hip_ll_iterate(&pending_requests, iter)) != NULL) {
254 if (((struct hip_pending_request *) (iter->ptr))->entry == entry) {
255 HIP_DEBUG("Deleting and freeing a pending request at " \
256 "index %u.\n", idx);
257 hip_ll_del(&pending_requests, idx, free);
258 return 0;
259 }
260 idx++;
261 }
262
263 return -1;
264}
265
266/**
267 * Deletes a pending request of given type. Deletes a pending request identified235 * Deletes a pending request of given type. Deletes a pending request identified
268 * by the host association @c entry and matching the given type @c reg_type from236 * by the host association @c entry and matching the given type @c reg_type from
269 * the linked list @c pending_requests.237 * the linked list @c pending_requests.
@@ -281,7 +249,6 @@
281 const struct hip_ll_node *iter = NULL;249 const struct hip_ll_node *iter = NULL;
282 struct hip_pending_request *request = NULL;250 struct hip_pending_request *request = NULL;
283251
284 /* See hip_del_pending_request() for a comment. */
285 while ((iter = hip_ll_iterate(&pending_requests, iter)) != NULL) {252 while ((iter = hip_ll_iterate(&pending_requests, iter)) != NULL) {
286 request = iter->ptr;253 request = iter->ptr;
287 if (request->entry == entry && request->reg_type == reg_type) {254 if (request->entry == entry && request->reg_type == reg_type) {
288255
=== modified file 'hipd/registration.h'
--- hipd/registration.h 2011-08-15 14:11:56 +0000
+++ hipd/registration.h 2011-10-17 18:32:42 +0000
@@ -64,7 +64,6 @@
64int hip_get_active_services(struct hip_srv *active_services,64int hip_get_active_services(struct hip_srv *active_services,
65 unsigned int *active_service_count);65 unsigned int *active_service_count);
66int hip_add_pending_request(struct hip_pending_request *request);66int hip_add_pending_request(struct hip_pending_request *request);
67int hip_del_pending_request(struct hip_hadb_state *entry);
68int hip_replace_pending_requests(struct hip_hadb_state *entry_old,67int hip_replace_pending_requests(struct hip_hadb_state *entry_old,
69 struct hip_hadb_state *entry_new);68 struct hip_hadb_state *entry_new);
70int hip_handle_param_reg_info(struct hip_hadb_state *entry,69int hip_handle_param_reg_info(struct hip_hadb_state *entry,
7170
=== modified file 'hipd/user_ipsec_hipd_msg.c'
--- hipd/user_ipsec_hipd_msg.c 2011-08-15 14:11:56 +0000
+++ hipd/user_ipsec_hipd_msg.c 2011-10-17 18:32:42 +0000
@@ -43,7 +43,6 @@
43#include "esp_prot_hipd_msg.h"43#include "esp_prot_hipd_msg.h"
44#include "hipd.h"44#include "hipd.h"
45#include "init.h"45#include "init.h"
46#include "user_ipsec_sadb_api.h"
47#include "user_ipsec_hipd_msg.h"46#include "user_ipsec_hipd_msg.h"
4847
4948
@@ -81,219 +80,3 @@
8180
82 return err;81 return err;
83}82}
84
85/** creates a user-message to add a SA to userspace IPsec
86 *
87 * @param saddr outer globally routable source ip address
88 * @param daddr outer globally routable destination ip address
89 * @param src_hit inner source address
90 * @param dst_hit inner destination address
91 * @param spi ipsec spi for demultiplexing
92 * @param ealg crypto transform to be used for the SA
93 * @param enckey raw encryption key
94 * @param authkey raw authentication key
95 * @param retransmission notification if this event is due to retransmission
96 * @param direction represents inbound or outbound direction
97 * @param update notification if this event derives from an update
98 * @param entry host association entry for this connection
99 * @return the msg, NULL if an error occurred
100 */
101struct hip_common *create_add_sa_msg(const struct in6_addr *saddr,
102 const struct in6_addr *daddr,
103 const struct in6_addr *src_hit,
104 const struct in6_addr *dst_hit,
105 const uint32_t spi, const int ealg,
106 const struct hip_crypto_key *enckey,
107 const struct hip_crypto_key *authkey,
108 const int retransmission,
109 const int direction, const int update,
110 struct hip_hadb_state *entry)
111{
112 struct hip_common *msg = NULL;
113 int err = 0;
114
115 HIP_IFEL(!(msg = malloc(HIP_MAX_PACKET)), -1,
116 "alloc memory for adding sa entry\n");
117
118 hip_msg_init(msg);
119
120 HIP_IFEL(hip_build_user_hdr(msg, HIP_MSG_IPSEC_ADD_SA, 0), -1,
121 "build hdr failed\n");
122
123 HIP_DEBUG_IN6ADDR("Source IP address: ", saddr);
124 HIP_IFEL(hip_build_param_contents(msg, saddr,
125 HIP_PARAM_IPV6_ADDR,
126 sizeof(struct in6_addr)), -1,
127 "build param contents failed\n");
128
129 HIP_DEBUG_IN6ADDR("Destination IP address : ", daddr);
130 HIP_IFEL(hip_build_param_contents(msg, daddr,
131 HIP_PARAM_IPV6_ADDR,
132 sizeof(struct in6_addr)), -1,
133 "build param contents failed\n");
134
135 HIP_DEBUG_HIT("Source HIT: ", src_hit);
136 HIP_IFEL(hip_build_param_contents(msg, src_hit, HIP_PARAM_HIT,
137 sizeof(struct in6_addr)), -1,
138 "build param contents failed\n");
139
140 HIP_DEBUG_HIT("Destination HIT: ", dst_hit);
141 HIP_IFEL(hip_build_param_contents(msg, dst_hit, HIP_PARAM_HIT,
142 sizeof(struct in6_addr)), -1,
143 "build param contents failed\n");
144
145 HIP_DEBUG("the spi value is : %x \n", spi);
146 HIP_IFEL(hip_build_param_contents(msg, &spi, HIP_PARAM_UINT,
147 sizeof(uint32_t)), -1,
148 "build param contents failed\n");
149
150 HIP_DEBUG("the nat_mode value is %u \n", entry->nat_mode);
151 HIP_IFEL(hip_build_param_contents(msg, &entry->nat_mode, HIP_PARAM_UINT,
152 sizeof(uint8_t)), -1,
153 "build param contents failed\n");
154
155 HIP_DEBUG("the local_port value is %u \n", entry->local_udp_port);
156 HIP_IFEL(hip_build_param_contents(msg, &entry->local_udp_port,
157 HIP_PARAM_UINT, sizeof(uint16_t)), -1, "build param contents failed\n");
158
159 HIP_DEBUG("the peer_port value is %u \n", entry->peer_udp_port);
160 HIP_IFEL(hip_build_param_contents(msg, &entry->peer_udp_port,
161 HIP_PARAM_UINT, sizeof(uint16_t)), -1, "build param contents failed\n");
162
163 // params needed by the esp protection extension
164 HIP_IFEL(esp_prot_sa_add(entry, msg, direction, update), -1,
165 "failed to add esp prot params\n");
166
167 HIP_HEXDUMP("crypto key :", enckey, sizeof(struct hip_crypto_key));
168 HIP_IFEL(hip_build_param_contents(msg,
169 enckey,
170 HIP_PARAM_KEYS,
171 sizeof(struct hip_crypto_key)), -1,
172 "build param contents failed\n");
173
174 HIP_HEXDUMP("authen key :", authkey, sizeof(struct hip_crypto_key));
175 HIP_IFEL(hip_build_param_contents(msg,
176 authkey,
177 HIP_PARAM_KEYS,
178 sizeof(struct hip_crypto_key)), -1,
179 "build param contents failed\n");
180
181 HIP_DEBUG("ealg value is %d \n", ealg);
182 HIP_IFEL(hip_build_param_contents(msg, &ealg, HIP_PARAM_INT,
183 sizeof(int)), -1,
184 "build param contents failed\n");
185
186 HIP_DEBUG("retransmission value is %d \n", retransmission);
187 HIP_IFEL(hip_build_param_contents(msg, &retransmission,
188 HIP_PARAM_INT, sizeof(int)), -1,
189 "build param contents failed\n");
190
191 HIP_DEBUG("the direction value is %d \n", direction);
192 HIP_IFEL(hip_build_param_contents(msg, &direction,
193 HIP_PARAM_INT,
194 sizeof(int)), -1,
195 "build param contents failed\n");
196
197 HIP_DEBUG("the update value is %d \n", update);
198 HIP_IFEL(hip_build_param_contents(msg, &update, HIP_PARAM_INT,
199 sizeof(int)), -1,
200 "build param contents failed\n");
201
202out_err:
203 if (err) {
204 free(msg);
205 msg = NULL;
206 }
207
208 return msg;
209}
210
211/** creates a user-message to delete a SA from userspace IPsec
212 *
213 * @param spi ipsec spi for demultiplexing
214 * @param peer_addr outer globally routable source ip address
215 * @param dst_addr outer globally routable destination ip address
216 * @param family protocol family of above addresses
217 * @param src_port local port for this host association
218 * @param dst_port peer port for this host association
219 * @return the msg, NULL if an error occured
220 */
221struct hip_common *create_delete_sa_msg(const uint32_t spi,
222 const struct in6_addr *peer_addr,
223 const struct in6_addr *dst_addr,
224 const int family,
225 const int src_port,
226 const int dst_port)
227{
228 struct hip_common *msg = NULL;
229 int err = 0;
230
231 HIP_IFEL(!(msg = malloc(HIP_MAX_PACKET)), -1,
232 "alloc memory for adding sa entry\n");
233
234 hip_msg_init(msg);
235
236 HIP_IFEL(hip_build_user_hdr(msg, HIP_MSG_IPSEC_DELETE_SA, 0), -1,
237 "build hdr failed\n");
238
239 HIP_DEBUG("spi value: %u\n", spi);
240 HIP_IFEL(hip_build_param_contents(msg, &spi, HIP_PARAM_UINT,
241 sizeof(uint32_t)), -1, "build param contents failed\n");
242
243 HIP_DEBUG_IN6ADDR("peer address: ", peer_addr);
244 HIP_IFEL(hip_build_param_contents(msg, peer_addr, HIP_PARAM_IPV6_ADDR,
245 sizeof(struct in6_addr)), -1, "build param contents failed\n");
246
247 HIP_DEBUG_IN6ADDR("destination address: ", dst_addr);
248 HIP_IFEL(hip_build_param_contents(msg, dst_addr, HIP_PARAM_IPV6_ADDR,
249 sizeof(struct in6_addr)), -1, "build param contents failed\n");
250
251 HIP_DEBUG("family: %i\n", family);
252 HIP_IFEL(hip_build_param_contents(msg, &family, HIP_PARAM_INT,
253 sizeof(int)), -1, "build param contents failed\n");
254
255 HIP_DEBUG("src_port: %i\n", src_port);
256 HIP_IFEL(hip_build_param_contents(msg, &src_port, HIP_PARAM_INT,
257 sizeof(int)), -1, "build param contents failed\n");
258
259 HIP_DEBUG("src_port: %i\n", dst_port);
260 HIP_IFEL(hip_build_param_contents(msg, &dst_port, HIP_PARAM_INT,
261 sizeof(int)), -1, "build param contents failed\n");
262
263out_err:
264 if (err) {
265 free(msg);
266 msg = NULL;
267 }
268
269 return msg;
270}
271
272/**
273 * create a user-message to flush all SAs from userspace IPsec
274 *
275 * @return the msg, NULL if an error occured
276 */
277struct hip_common *create_flush_all_sa_msg(void)
278{
279 struct hip_common *msg = NULL;
280 int err = 0;
281
282 HIP_IFEL(!(msg = malloc(HIP_MAX_PACKET)), -1,
283 "alloc memory for adding sa entry\n");
284
285 hip_msg_init(msg);
286
287 HIP_IFEL(hip_build_user_hdr(msg, HIP_MSG_IPSEC_FLUSH_ALL_SA, 0), -1,
288 "build hdr failed\n");
289
290 // this triggers the flushing without specifying any parameters
291
292out_err:
293 if (err) {
294 free(msg);
295 msg = NULL;
296 }
297
298 return msg;
299}
30083
=== modified file 'hipd/user_ipsec_hipd_msg.h'
--- hipd/user_ipsec_hipd_msg.h 2011-08-15 14:11:56 +0000
+++ hipd/user_ipsec_hipd_msg.h 2011-10-17 18:32:42 +0000
@@ -39,22 +39,5 @@
39#include "lib/core/protodefs.h"39#include "lib/core/protodefs.h"
4040
41int hip_userspace_ipsec_activate(const struct hip_common *msg);41int hip_userspace_ipsec_activate(const struct hip_common *msg);
42struct hip_common *create_add_sa_msg(const struct in6_addr *saddr,
43 const struct in6_addr *daddr,
44 const struct in6_addr *src_hit,
45 const struct in6_addr *dst_hit,
46 const uint32_t spi, const int ealg,
47 const struct hip_crypto_key *enckey,
48 const struct hip_crypto_key *authkey,
49 const int retransmission,
50 const int direction, const int update,
51 struct hip_hadb_state *entry);
52struct hip_common *create_delete_sa_msg(const uint32_t spi,
53 const struct in6_addr *peer_addr,
54 const struct in6_addr *dst_addr,
55 const int family,
56 const int src_port,
57 const int dst_port);
58struct hip_common *create_flush_all_sa_msg(void);
5942
60#endif /* HIP_HIPD_USER_IPSEC_HIPD_MSG_H */43#endif /* HIP_HIPD_USER_IPSEC_HIPD_MSG_H */
6144
=== removed file 'hipd/user_ipsec_sadb_api.c'
--- hipd/user_ipsec_sadb_api.c 2011-08-15 14:11:56 +0000
+++ hipd/user_ipsec_sadb_api.c 1970-01-01 00:00:00 +0000
@@ -1,133 +0,0 @@
1/*
2 * Copyright (c) 2010 Aalto University and RWTH Aachen University.
3 *
4 * Permission is hereby granted, free of charge, to any person
5 * obtaining a copy of this software and associated documentation
6 * files (the "Software"), to deal in the Software without
7 * restriction, including without limitation the rights to use,
8 * copy, modify, merge, publish, distribute, sublicense, and/or sell
9 * copies of the Software, and to permit persons to whom the
10 * Software is furnished to do so, subject to the following
11 * conditions:
12 *
13 * The above copyright notice and this permission notice shall be
14 * included in all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
18 * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
19 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
20 * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
21 * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
22 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
23 * OTHER DEALINGS IN THE SOFTWARE.
24 */
25
26/**
27 * @file
28 * Provides the API used by the hipd to set up and maintain the
29 * userspace IPsec state in the hipfw.
30 *
31 * @brief API used by the hipd to set up and maintain userspace IPsec state
32 */
33
34#include <stdint.h>
35#include <arpa/inet.h>
36#include <netinet/in.h>
37
38#include "lib/core/debug.h"
39#include "lib/core/icomm.h"
40#include "lib/core/ife.h"
41#include "lib/core/prefix.h"
42#include "lib/core/protodefs.h"
43#include "lib/core/state.h"
44#include "user.h"
45#include "user_ipsec_hipd_msg.h"
46#include "user_ipsec_sadb_api.h"
47
48
49/** generic send function used to send the below created messages
50 *
51 * @param msg the message to be sent
52 * @return 0, if correct, else != 0
53 */
54static int hip_userspace_ipsec_send_to_fw(const struct hip_common *msg)
55{
56 struct sockaddr_in6 hip_fw_addr;
57 struct in6_addr loopback = in6addr_loopback;
58 int err = 0;
59
60 HIP_ASSERT(msg != NULL);
61
62 // destination is firewall
63 hip_fw_addr.sin6_family = AF_INET6;
64 hip_fw_addr.sin6_port = htons(HIP_FIREWALL_PORT);
65 ipv6_addr_copy(&hip_fw_addr.sin6_addr, &loopback);
66
67 err = hip_sendto_user(msg, (struct sockaddr *) &hip_fw_addr);
68 if (err < 0) {
69 HIP_ERROR("sending of message to firewall failed\n");
70
71 err = -1;
72 goto out_err;
73 } else {
74 HIP_DEBUG("sending of message to firewall successful\n");
75
76 // this is needed if we want to use HIP_IFEL
77 err = 0;
78 }
79
80out_err:
81 return err;
82}
83
84/** adds a new SA entry for the specified direction to the sadb in userspace ipsec
85 * @note If you make changes to this function, please change also hip_add_sa()
86 *
87 * @param saddr outer globally routable source ip address
88 * @param daddr outer globally routable destination ip address
89 * @param src_hit inner source address
90 * @param dst_hit inner destination address
91 * @param spi ipsec spi for demultiplexing
92 * @param ealg crypto transform to be used for the SA
93 * @param enckey raw encryption key
94 * @param authkey raw authentication key
95 * @param retransmission notification if this event is due to retransmission
96 * @param direction represents inbound or outbound direction
97 * @param update notification if this event derives from an update
98 * @param entry host association entry for this connection
99 * @return 0, if correct, otherwise -1
100 */
101uint32_t hip_userspace_ipsec_add_sa(const struct in6_addr *saddr,
102 const struct in6_addr *daddr,
103 const struct in6_addr *src_hit,
104 const struct in6_addr *dst_hit,
105 const uint32_t spi, const int ealg,
106 const struct hip_crypto_key *enckey,
107 const struct hip_crypto_key *authkey,
108 const int retransmission,
109 const int direction, const int update,
110 struct hip_hadb_state *entry)
111{
112 struct hip_common *msg = NULL;
113 int err = 0;
114
115 HIP_ASSERT(spi != 0);
116
117 HIP_IFEL(entry->disable_sas == 1, 0, "SA creation disabled\n");
118
119 if (direction == HIP_SPI_DIRECTION_OUT) {
120 entry->outbound_sa_count++;
121 } else {
122 entry->inbound_sa_count++;
123 }
124
125 HIP_IFEL(!(msg = create_add_sa_msg(saddr, daddr, src_hit, dst_hit, spi, ealg, enckey,
126 authkey, retransmission, direction, update, entry)), -1,
127 "failed to create add_sa message\n");
128
129 HIP_IFEL(hip_userspace_ipsec_send_to_fw(msg), -1, "failed to send msg to fw\n");
130
131out_err:
132 return err;
133}
1340
=== removed file 'hipd/user_ipsec_sadb_api.h'
--- hipd/user_ipsec_sadb_api.h 2011-08-15 14:11:56 +0000
+++ hipd/user_ipsec_sadb_api.h 1970-01-01 00:00:00 +0000
@@ -1,55 +0,0 @@
1/*
2 * Copyright (c) 2010 Aalto University and RWTH Aachen University.
3 *
4 * Permission is hereby granted, free of charge, to any person
5 * obtaining a copy of this software and associated documentation
6 * files (the "Software"), to deal in the Software without
7 * restriction, including without limitation the rights to use,
8 * copy, modify, merge, publish, distribute, sublicense, and/or sell
9 * copies of the Software, and to permit persons to whom the
10 * Software is furnished to do so, subject to the following
11 * conditions:
12 *
13 * The above copyright notice and this permission notice shall be
14 * included in all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
18 * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
19 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
20 * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
21 * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
22 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
23 * OTHER DEALINGS IN THE SOFTWARE.
24 */
25
26/**
27 * @file
28 * Provides the API used by the hipd to set up and maintain the
29 * userspace IPsec state in the hipfw.
30 *
31 * @brief API used by the hipd to set up and maintain userspace IPsec state
32 */
33
34#ifndef HIP_HIPD_USER_IPSEC_SADB_API_H
35#define HIP_HIPD_USER_IPSEC_SADB_API_H
36
37#include <stdint.h>
38#include <netinet/in.h>
39
40#include "lib/core/protodefs.h"
41
42uint32_t hip_userspace_ipsec_add_sa(const struct in6_addr *saddr,
43 const struct in6_addr *daddr,
44 const struct in6_addr *src_hit,
45 const struct in6_addr *dst_hit,
46 const uint32_t spi, const int ealg,
47 const struct hip_crypto_key *enckey,
48 const struct hip_crypto_key *authkey,
49 const int retransmission,
50 const int direction, const int update,
51 struct hip_hadb_state *entry);
52
53int hip_userspace_ipsec_setup_default_sp_prefix_pair(void);
54
55#endif /* HIP_HIPD_USER_IPSEC_SADB_API_H */
560
=== modified file 'lib/core/builder.c'
--- lib/core/builder.c 2011-08-15 14:11:56 +0000
+++ lib/core/builder.c 2011-10-17 18:32:42 +0000
@@ -918,18 +918,6 @@
918 * @return pointer to the contents of the tlv_common (just after the918 * @return pointer to the contents of the tlv_common (just after the
919 * the type and length fields)919 * the type and length fields)
920 */920 */
921void *hip_get_param_contents_direct_readwrite(void *tlv_common)
922{
923 return ((uint8_t *) tlv_common) + sizeof(struct hip_tlv_common);
924}
925
926/**
927 * hip_get_param_contents_direct - get parameter contents direct from TLV
928 *
929 * @param tlv_common pointer to a parameter
930 * @return pointer to the contents of the tlv_common (just after the
931 * the type and length fields)
932 */
933const void *hip_get_param_contents_direct(const void *tlv_common)921const void *hip_get_param_contents_direct(const void *tlv_common)
934{922{
935 return ((const uint8_t *) tlv_common) + sizeof(struct hip_tlv_common);923 return ((const uint8_t *) tlv_common) + sizeof(struct hip_tlv_common);
@@ -3373,56 +3361,6 @@
3373}3361}
33743362
3375/**3363/**
3376 * Build and append a X509 certiticate request parameter into a HIP control
3377 * message (on-the-wire)
3378 *
3379 * @param msg a pointer to the message where the parameter will be
3380 * appended
3381 * @param addr the subject for the certificate
3382 * @return zero on success, or negative on failure
3383 * @see <a href="http://tools.ietf.org/html/draft-ietf-hip-cert">draft-ietf-hip-cert</a>
3384 *
3385 */
3386int hip_build_param_cert_x509_req(struct hip_common *msg, struct in6_addr *addr)
3387{
3388 struct hip_cert_x509_req subj;
3389
3390 hip_set_param_type((struct hip_tlv_common *) &subj, HIP_PARAM_CERT_X509_REQ);
3391 hip_calc_param_len((struct hip_tlv_common *) &subj,
3392 sizeof(struct hip_cert_x509_req)
3393 - sizeof(struct hip_tlv_common));
3394 ipv6_addr_copy(&subj.addr, addr);
3395
3396 return hip_build_param(msg, &subj);
3397}
3398
3399/**
3400 * build and append a X509 certificate verification parameter into a
3401 * HIP control message (on-the-wire)
3402 *
3403 * @param msg a pointer to the message where the parameter will be
3404 * appended
3405 * @param der der field
3406 * @param len length of the der field in bytes
3407 * @return zero on success, or negative on failure
3408 * @see <a href="http://tools.ietf.org/html/draft-ietf-hip-cert">draft-ietf-hip-cert</a>
3409 *
3410 */
3411int hip_build_param_cert_x509_ver(struct hip_common *msg, char *der, int len)
3412{
3413 struct hip_cert_x509_resp subj;
3414
3415 hip_set_param_type((struct hip_tlv_common *) &subj, HIP_PARAM_CERT_X509_REQ);
3416 hip_calc_param_len((struct hip_tlv_common *) &subj,
3417 sizeof(struct hip_cert_x509_resp)
3418 - sizeof(struct hip_tlv_common));
3419 memcpy(&subj.der, der, len);
3420 subj.der_len = len;
3421
3422 return hip_build_param(msg, &subj);
3423}
3424
3425/**
3426 * build and append a X509 certificate response into a HIP control message3364 * build and append a X509 certificate response into a HIP control message
3427 * (on-the-wire)3365 * (on-the-wire)
3428 *3366 *
34293367
=== modified file 'lib/core/builder.h'
--- lib/core/builder.h 2011-08-15 14:11:56 +0000
+++ lib/core/builder.h 2011-10-17 18:32:42 +0000
@@ -155,9 +155,7 @@
155 const struct in6_addr rvs_addresses[]);155 const struct in6_addr rvs_addresses[]);
156int hip_build_param_cert_spki_info(struct hip_common *msg,156int hip_build_param_cert_spki_info(struct hip_common *msg,
157 struct hip_cert_spki_info *cert_info);157 struct hip_cert_spki_info *cert_info);
158int hip_build_param_cert_x509_req(struct hip_common *, struct in6_addr *);
159int hip_build_param_cert_x509_resp(struct hip_common *, char *, int);158int hip_build_param_cert_x509_resp(struct hip_common *, char *, int);
160int hip_build_param_cert_x509_ver(struct hip_common *, char *, int);
161159
162int hip_build_param_hit_to_ip_set(struct hip_common *, const char *);160int hip_build_param_hit_to_ip_set(struct hip_common *, const char *);
163int hip_build_user_hdr(struct hip_common *, hip_hdr, hip_hdr_err);161int hip_build_user_hdr(struct hip_common *, hip_hdr, hip_hdr_err);
@@ -187,7 +185,6 @@
187void *hip_get_param_readwrite(struct hip_common *, hip_tlv);185void *hip_get_param_readwrite(struct hip_common *, hip_tlv);
188const void *hip_get_param_contents(const struct hip_common *, hip_tlv);186const void *hip_get_param_contents(const struct hip_common *, hip_tlv);
189const void *hip_get_param_contents_direct(const void *);187const void *hip_get_param_contents_direct(const void *);
190void *hip_get_param_contents_direct_readwrite(void *);
191hip_tlv_len hip_get_param_contents_len(const void *);188hip_tlv_len hip_get_param_contents_len(const void *);
192int hip_get_param_host_id_di_type_len(const struct hip_host_id *,189int hip_get_param_host_id_di_type_len(const struct hip_host_id *,
193 const char **, int *);190 const char **, int *);
194191
=== modified file 'lib/core/certtools.c'
--- lib/core/certtools.c 2011-08-15 14:11:56 +0000
+++ lib/core/certtools.c 2011-10-17 18:32:42 +0000
@@ -624,139 +624,6 @@
624 return err;624 return err;
625}625}
626626
627/**
628 * Function that sends the given hip_cert_spki_info to the daemon to
629 * verification
630 *
631 * @param to_verification is the cert to be verified
632 *
633 * @return 0 if ok and negative if error or unsuccesfull.
634 *
635 * @note use hip_cert_spki_char2certinfo to build the hip_cert_spki_info
636 */
637int hip_cert_spki_send_to_verification(struct hip_cert_spki_info *to_verification)
638{
639 int err = 0;
640 struct hip_common *msg;
641 const struct hip_cert_spki_info *returned;
642
643 HIP_IFEL(!(msg = malloc(HIP_MAX_PACKET)), -1,
644 "Malloc for msg failed\n");
645 hip_msg_init(msg);
646 /* build the msg to be sent to the daemon */
647 HIP_IFEL(hip_build_user_hdr(msg, HIP_MSG_CERT_SPKI_VERIFY, 0), -1,
648 "Failed to build user header\n");
649 HIP_IFEL(hip_build_param_cert_spki_info(msg, to_verification), -1,
650 "Failed to build cert_info\n");
651
652 /* send and wait */
653 HIP_DEBUG("Sending request to verify SPKI cert to "
654 "daemon and waiting for answer\n");
655 hip_send_recv_daemon_info(msg, 0, 0);
656
657 HIP_IFEL(!(returned = hip_get_param(msg, HIP_PARAM_CERT_SPKI_INFO)),
658 -1, "No hip_cert_spki_info struct found from daemons msg\n");
659
660 memcpy(to_verification, returned, sizeof(struct hip_cert_spki_info));
661
662out_err:
663 free(msg);
664 return err;
665}
666
667/******************************************************************************
668 * FUNCTIONS FOR x509v3 *
669 ******************************************************************************/
670
671/**
672 * Function that requests for a certificate from daemon and gives it back.
673 *
674 * @param subject is the subjects HIT
675 *
676 * @param certificate is pointer to a buffer to which this function writes the completed cert
677 *
678 * @return positive on success negative otherwise
679 *
680 * @note The certificate is given in DER encoding
681 */
682int hip_cert_x509v3_request_certificate(struct in6_addr *subject,
683 unsigned char *certificate)
684{
685 int err = 0;
686 struct hip_common *msg;
687 const struct hip_cert_x509_resp *p;
688
689 HIP_IFEL(!(msg = malloc(HIP_MAX_PACKET)), -1,
690 "Malloc for msg failed\n");
691 hip_msg_init(msg);
692 /* build the msg to be sent to the daemon */
693
694 HIP_IFEL(hip_build_user_hdr(msg, HIP_MSG_CERT_X509V3_SIGN, 0), -1,
695 "Failed to build user header\n");
696 HIP_IFEL(hip_build_param_cert_x509_req(msg, subject), -1,
697 "Failed to build cert_info\n");
698 /* send and wait */
699 HIP_DEBUG("Sending request to sign x509 cert to "
700 "daemon and waiting for answer\n");
701 hip_send_recv_daemon_info(msg, 0, 0);
702 /* get the struct from the message sent back by the daemon */
703 HIP_IFEL(!(p = hip_get_param(msg, HIP_PARAM_CERT_X509_RESP)), -1,
704 "No name x509 struct found\n");
705 memcpy(certificate, p->der, p->der_len);
706 err = p->der_len;
707
708out_err:
709 free(msg);
710 return err;
711}
712
713/**
714 * Function that requests for a verification of a certificate from
715 * daemon and tells the result.
716 *
717 * @param certificate is pointer to a certificate to be verified
718 * @param len is the length of the cert in certificate parameter in bytes
719 *
720 * @return 0 on success negative otherwise
721 *
722 * @note give the certificate in PEM encoding
723 */
724int hip_cert_x509v3_request_verification(unsigned char *certificate, int len)
725{
726 int err = 0;
727 struct hip_common *msg;
728 const struct hip_cert_x509_resp *received;
729
730 HIP_IFEL(!(msg = malloc(HIP_MAX_PACKET)), -1,
731 "Malloc for msg failed\n");
732 hip_msg_init(msg);
733
734 /* build the msg to be sent to the daemon */
735 HIP_IFEL(hip_build_user_hdr(msg, HIP_MSG_CERT_X509V3_VERIFY, 0), -1,
736 "Failed to build user header\n");
737 HIP_IFEL(hip_build_param_cert_x509_ver(msg, (char *) certificate, len), -1,
738 "Failed to build cert_info\n");
739
740 /* send and wait */
741 HIP_DEBUG("Sending request to verify x509 cert to "
742 "daemon and waiting for answer\n");
743 hip_send_recv_daemon_info(msg, 0, 0);
744
745 /* get the struct from the message sent back by the daemon */
746 HIP_IFEL(!(received = hip_get_param(msg, HIP_PARAM_CERT_X509_RESP)), -1,
747 "No x509 struct found\n");
748 err = hip_get_msg_err(msg);
749 if (err == 0) {
750 HIP_DEBUG("Verified successfully\n");
751 } else {
752 HIP_DEBUG("Verification failed\n");
753 }
754
755out_err:
756 free(msg);
757 return err;
758}
759
760/*******************************************************************************627/*******************************************************************************
761 * UTILITARY FUNCTIONS *628 * UTILITARY FUNCTIONS *
762 *******************************************************************************/629 *******************************************************************************/
763630
=== modified file 'lib/core/certtools.h'
--- lib/core/certtools.h 2011-08-15 14:11:56 +0000
+++ lib/core/certtools.h 2011-10-17 18:32:42 +0000
@@ -64,11 +64,6 @@
64 const char *, struct in6_addr *,64 const char *, struct in6_addr *,
65 time_t *, time_t *);65 time_t *, time_t *);
66int hip_cert_spki_char2certinfo(char *, struct hip_cert_spki_info *);66int hip_cert_spki_char2certinfo(char *, struct hip_cert_spki_info *);
67int hip_cert_spki_send_to_verification(struct hip_cert_spki_info *);
68
69/* x509v3 cert related functions */
70int hip_cert_x509v3_request_certificate(struct in6_addr *, unsigned char *);
71int hip_cert_x509v3_request_verification(unsigned char *, int);
7267
73/** Utilitary functions */68/** Utilitary functions */
74STACK_OF(CONF_VALUE) * hip_cert_read_conf_section(const char *, CONF *);69STACK_OF(CONF_VALUE) * hip_cert_read_conf_section(const char *, CONF *);
7570
=== modified file 'lib/core/modularization.c'
--- lib/core/modularization.c 2011-10-12 09:20:36 +0000
+++ lib/core/modularization.c 2011-10-17 18:32:42 +0000
@@ -95,8 +95,7 @@
95/**95/**
96 * List of parameter types.96 * List of parameter types.
97 *97 *
98 * Used to track all registered parameter types. Each module which defines a new98 * Used to track all registered parameter types.
99 * parameter type must register it using lmod_register_parameter_type.
100 */99 */
101static struct hip_ll parameter_types;100static struct hip_ll parameter_types;
102101
103102
=== modified file 'lib/tool/xfrmapi.c'
--- lib/tool/xfrmapi.c 2011-08-15 14:11:56 +0000
+++ lib/tool/xfrmapi.c 2011-10-17 18:32:42 +0000
@@ -701,8 +701,6 @@
701 * @param entry corresponding host association701 * @param entry corresponding host association
702 * @return zero on success and non-zero on error702 * @return zero on success and non-zero on error
703 * @note IPv4 addresses in IPv6 mapped format703 * @note IPv4 addresses in IPv6 mapped format
704 * @note If you make changes to this function, please change also
705 * hipd/user_ipsec_sadb_api.c:hip_userspace_ipsec_add_sa().
706 */704 */
707uint32_t hip_add_sa(const struct in6_addr *saddr,705uint32_t hip_add_sa(const struct in6_addr *saddr,
708 const struct in6_addr *daddr,706 const struct in6_addr *daddr,
709707
=== modified file 'test/certteststub.c'
--- test/certteststub.c 2011-08-15 14:11:56 +0000
+++ test/certteststub.c 2011-10-17 18:32:42 +0000
@@ -48,25 +48,18 @@
48#include "lib/core/protodefs.h"48#include "lib/core/protodefs.h"
4949
5050
51int main(int argc, char *argv[])51int main(void)
52{52{
53 int err = 0, i = 0, len;53 int err = 0, i = 0;
54 struct hip_cert_spki_info *cert = NULL;54 struct hip_cert_spki_info *cert = NULL;
55 struct hip_cert_spki_info *to_verification = NULL;55 struct hip_cert_spki_info *to_verification = NULL;
56 time_t not_before = 0, not_after = 0;56 time_t not_before = 0, not_after = 0;
57 struct hip_common *msg;57 struct hip_common *msg;
58 struct in6_addr *defhit;58 struct in6_addr *defhit;
59 char certificate[1024];59 char certificate[1024];
60 unsigned char der_cert[1024];
61 CONF *conf;60 CONF *conf;
62 CONF_VALUE *item;61 CONF_VALUE *item;
63 STACK_OF(CONF_VALUE) * sec = NULL;62 STACK_OF(CONF_VALUE) * sec = NULL;
64 STACK_OF(CONF_VALUE) * sec_name = NULL;
65
66 if (argc != 2) {
67 printf("Usage: %s spki|x509\n", argv[0]);
68 exit(EXIT_SUCCESS);
69 }
7063
71 HIP_DEBUG("- This test tool has to be run as root otherwise this will fail!\n");64 HIP_DEBUG("- This test tool has to be run as root otherwise this will fail!\n");
72 HIP_DEBUG("- Hipd has to run otherwise this will hang!\n");65 HIP_DEBUG("- Hipd has to run otherwise this will hang!\n");
@@ -78,10 +71,6 @@
78 goto out_err;71 goto out_err;
79 }72 }
8073
81 if (strcmp(argv[1], "spki")) {
82 goto skip_spki;
83 }
84
85 HIP_DEBUG("Starting to test SPKI certficate tools\n");74 HIP_DEBUG("Starting to test SPKI certficate tools\n");
8675
87 cert = malloc(sizeof(struct hip_cert_spki_info));76 cert = malloc(sizeof(struct hip_cert_spki_info));
@@ -142,51 +131,12 @@
142 HIP_IFEL(hip_cert_spki_char2certinfo(certificate, to_verification), -1,131 HIP_IFEL(hip_cert_spki_char2certinfo(certificate, to_verification), -1,
143 "Failed to construct the hip_cert_spki_info from certificate\n");132 "Failed to construct the hip_cert_spki_info from certificate\n");
144133
145 /*
146 * below, commented out, is the daemons version of the verification
147 * and below that is the lib version of the verification
148 */
149 /*
150 * HIP_DEBUG("Sending the certificate to daemon for verification\n");
151 *
152 * HIP_IFEL(hip_cert_spki_send_to_verification(to_verification), -1,
153 * "Failed in sending to verification\n");
154 * HIP_IFEL(to_verification->success, -1,
155 * "Verification was not successfull\n");
156 * HIP_DEBUG("Verification was successfull (return value %d)\n",
157 * to_verification->success);
158 */
159 /* Lets do the verification in library */134 /* Lets do the verification in library */
160 HIP_IFEL(hip_cert_spki_lib_verify(to_verification), -1,135 HIP_IFEL(hip_cert_spki_lib_verify(to_verification), -1,
161 "Verification was not succesfull\n");136 "Verification was not succesfull\n");
162 HIP_DEBUG("Verification was successfull (return value %d)\n",137 HIP_DEBUG("Verification was successfull (return value %d)\n",
163 to_verification->success);138 to_verification->success);
164139
165 goto out_err;
166
167skip_spki:
168 HIP_DEBUG("Starting to test x509v3 support\n");
169
170 conf = hip_cert_open_conf();
171 sec_name = hip_cert_read_conf_section("hip_x509v3_name", conf);
172
173 for (i = 0; i < sk_CONF_VALUE_num(sec_name); i++) {
174 item = sk_CONF_VALUE_value(sec_name, i);
175 if (!strcmp(item->name, "issuerhit")) {
176 err = inet_pton(AF_INET6, item->value, defhit);
177 if (err < 1) {
178 err = -1;
179 goto out_err;
180 }
181 }
182 }
183 NCONF_free(conf);
184 len = hip_cert_x509v3_request_certificate(defhit, der_cert);
185
186 /** Now send it back for the verification */
187 HIP_IFEL((err = hip_cert_x509v3_request_verification(der_cert, len) < 0),
188 -1, "Failed to verify a certificate\n");
189
190out_err:140out_err:
191 HIP_DEBUG("If there was no errors above, \"everything\" is OK\n");141 HIP_DEBUG("If there was no errors above, \"everything\" is OK\n");
192142

Subscribers

People subscribed via source and target branches

to all changes: