Merge lp:~diego-biurrun/hipl/unused_code into lp:hipl
- unused_code
- Merge into trunk
Status: | Needs review |
---|---|
Proposed branch: | lp:~diego-biurrun/hipl/unused_code |
Merge into: | lp:hipl |
Diff against target: |
1075 lines (+4/-826) 18 files modified
Makefile.am (+0/-1) hipd/esp_prot_hipd_msg.c (+0/-81) hipd/esp_prot_hipd_msg.h (+0/-2) hipd/pkt_handling.c (+0/-20) hipd/pkt_handling.h (+0/-6) hipd/registration.c (+0/-33) hipd/registration.h (+0/-1) hipd/user_ipsec_hipd_msg.c (+0/-217) hipd/user_ipsec_hipd_msg.h (+0/-17) hipd/user_ipsec_sadb_api.c (+0/-133) hipd/user_ipsec_sadb_api.h (+0/-55) lib/core/builder.c (+0/-62) lib/core/builder.h (+0/-3) lib/core/certtools.c (+0/-133) lib/core/certtools.h (+0/-5) lib/core/modularization.c (+1/-2) lib/tool/xfrmapi.c (+0/-2) test/certteststub.c (+3/-53) |
To merge this branch: | bzr merge lp:~diego-biurrun/hipl/unused_code |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
René Hummen | Disapprove | ||
Miika Komu | Needs Information | ||
Review via email: mp+79595@code.launchpad.net |
Commit message
Description of the change
This is a quick respin of an old branch I had lying around which eliminates some dead code. I would assume that further inspection could reveal even more dead code, but this branch drops 800 lines, which is a considerable amount already.
Diego Biurrun (diego-biurrun) wrote : | # |
On Tue, Oct 18, 2011 at 08:44:25AM +0000, Miika Komu wrote:
> Review: Needs Information
>
> You're killing userspace IPsec and certificate code?
I kill unused code without second thoughts towards its (theoretical) use ;)
Diego
René Hummen (rene-hummen) wrote : | # |
I don't have the time right now to check this merge proposal, but it proposes to remove some esp token and userspace ipsec code. So, I have to disapprove the proposal until I had a closer look at it.
Diego Biurrun (diego-biurrun) wrote : | # |
On Tue, Oct 25, 2011 at 12:32:33PM +0000, René Hummen wrote:
> Review: Disapprove
>
> I don't have the time right now to check this merge proposal, but it
> proposes to remove some esp token and userspace ipsec code. So, I have
> to disapprove the proposal until I had a closer look at it.
Could you have another look and/or be more specific which code must
stay and which can go?
Diego
Henrik Ziegeldorf (henrik-ziegeldorf) wrote : | # |
> You're killing userspace IPsec and certificate code?
Some of the certificate code (the X509 stuff) is used and significantly modified in my PISA branch.
I don't use the SPKI stuff, though. However, I think there's more to remove there than proposed in this merge.
I'd propose the following:
1) You prepare another merge-proposal without the certificate stuff.
2) I'll merge the PISA stuff (after it has been approved)
3) You do a second branch for removing unused certificate functionality (SPKI-related stuff), if nobody has compelling reasons to keep that stuff.
Miika Komu (miika-iki) wrote : | # |
I think the removal of userspace IPsec stuff should be separated as well.
Diego Biurrun (diego-biurrun) wrote : | # |
On Wed, Dec 21, 2011 at 09:32:23AM +0000, Henrik Ziegeldorf wrote:
> > You're killing userspace IPsec and certificate code?
>
> Some of the certificate code (the X509 stuff) is used and significantly modified in my PISA branch.
> I don't use the SPKI stuff, though. However, I think there's more to remove there than proposed in this merge.
>
> I'd propose the following:
> 1) You prepare another merge-proposal without the certificate stuff.
> 2) I'll merge the PISA stuff (after it has been approved)
> 3) You do a second branch for removing unused certificate functionality (SPKI-related stuff), if nobody has compelling reasons to keep that stuff.
I will but it would be simpler if you guys could just approve or disapprove
certain parts directly. I have committed it in several small parts, just
go and look at the Launchpad web frontend for merge request handling.
Updated request coming up in a moment.
Diego
Unmerged revisions
- 5855. By Diego Biurrun
-
Merge current HEAD.
- 5854. By Diego Biurrun
-
Merge current HEAD.
- 5853. By Diego Biurrun
-
Merge current HEAD.
- 5852. By Diego Biurrun
-
Restore no longer unused modularization functions.
- 5851. By Diego Biurrun
-
Merge current HEAD.
- 5850. By Diego Biurrun
-
Merge current HEAD.
- 5849. By Diego Biurrun
-
Remove unused function hip_cert_
spki_send_ to_verification (). - 5848. By Diego Biurrun
-
Remove unused (outside of test programs) x509 code.
- 5847. By Diego Biurrun
-
Remove unused function esp_prot_sa_add().
- 5846. By Diego Biurrun
-
Remove unused function hip_del_
pending_ request( ).
Preview Diff
1 | === modified file 'Makefile.am' | |||
2 | --- Makefile.am 2011-10-17 18:14:10 +0000 | |||
3 | +++ Makefile.am 2011-10-17 18:32:42 +0000 | |||
4 | @@ -121,7 +121,6 @@ | |||
5 | 121 | hipd/registration.c \ | 121 | hipd/registration.c \ |
6 | 122 | hipd/user.c \ | 122 | hipd/user.c \ |
7 | 123 | hipd/user_ipsec_hipd_msg.c \ | 123 | hipd/user_ipsec_hipd_msg.c \ |
8 | 124 | hipd/user_ipsec_sadb_api.c \ | ||
9 | 125 | modules/heartbeat/hipd/heartbeat.c \ | 124 | modules/heartbeat/hipd/heartbeat.c \ |
10 | 126 | modules/heartbeat_update/hipd/hb_update.c \ | 125 | modules/heartbeat_update/hipd/hb_update.c \ |
11 | 127 | modules/midauth/lib/midauth_builder.c \ | 126 | modules/midauth/lib/midauth_builder.c \ |
12 | 128 | 127 | ||
13 | === modified file 'hipd/esp_prot_hipd_msg.c' | |||
14 | --- hipd/esp_prot_hipd_msg.c 2011-10-17 15:22:35 +0000 | |||
15 | +++ hipd/esp_prot_hipd_msg.c 2011-10-17 18:32:42 +0000 | |||
16 | @@ -459,87 +459,6 @@ | |||
17 | 459 | return err; | 459 | return err; |
18 | 460 | } | 460 | } |
19 | 461 | 461 | ||
20 | 462 | /** sets the ESP protection extension transform and anchor in user-messages | ||
21 | 463 | * sent to the firewall in order to add a new SA | ||
22 | 464 | * | ||
23 | 465 | * @param entry the host association entry for this connection | ||
24 | 466 | * @param msg the user-message sent by the firewall | ||
25 | 467 | * @param direction direction of the entry to be created | ||
26 | 468 | * @param update this was triggered by an update | ||
27 | 469 | * @return 0 if ok, != 0 else | ||
28 | 470 | */ | ||
29 | 471 | int esp_prot_sa_add(struct hip_hadb_state *entry, struct hip_common *msg, | ||
30 | 472 | const int direction, const int update) | ||
31 | 473 | { | ||
32 | 474 | unsigned char (*hchain_anchors)[MAX_HASH_LENGTH] = NULL; | ||
33 | 475 | int hash_length = 0; | ||
34 | 476 | uint32_t hash_item_length = 0; | ||
35 | 477 | int err = 0, i; | ||
36 | 478 | |||
37 | 479 | HIP_DEBUG("direction: %i\n", direction); | ||
38 | 480 | |||
39 | 481 | // we always tell the negotiated transform to the firewall | ||
40 | 482 | HIP_DEBUG("esp protection transform is %u \n", entry->esp_prot_transform); | ||
41 | 483 | HIP_IFEL(hip_build_param_contents(msg, &entry->esp_prot_transform, | ||
42 | 484 | HIP_PARAM_ESP_PROT_TFM, sizeof(uint8_t)), -1, | ||
43 | 485 | "build param contents failed\n"); | ||
44 | 486 | |||
45 | 487 | // but we only transmit the anchor to the firewall, if the esp extension is used | ||
46 | 488 | if (entry->esp_prot_transform > ESP_PROT_TFM_UNUSED) { | ||
47 | 489 | hash_length = anchor_db_get_anchor_length(entry->esp_prot_transform); | ||
48 | 490 | |||
49 | 491 | // choose the anchor depending on the direction and update or add | ||
50 | 492 | if (update) { | ||
51 | 493 | if (direction == HIP_SPI_DIRECTION_OUT) { | ||
52 | 494 | HIP_IFEL(!(hchain_anchors = entry->esp_local_update_anchors), -1, | ||
53 | 495 | "hchain anchor expected, but not present\n"); | ||
54 | 496 | |||
55 | 497 | hash_item_length = entry->esp_local_update_length; | ||
56 | 498 | } else { | ||
57 | 499 | HIP_IFEL(!(hchain_anchors = entry->esp_peer_update_anchors), -1, | ||
58 | 500 | "hchain anchor expected, but not present\n"); | ||
59 | 501 | |||
60 | 502 | hash_item_length = entry->esp_peer_update_length; | ||
61 | 503 | } | ||
62 | 504 | } else { | ||
63 | 505 | if (direction == HIP_SPI_DIRECTION_OUT) { | ||
64 | 506 | HIP_IFEL(!(hchain_anchors = entry->esp_local_anchors), -1, | ||
65 | 507 | "hchain anchor expected, but not present\n"); | ||
66 | 508 | |||
67 | 509 | hash_item_length = entry->esp_local_active_length; | ||
68 | 510 | } else { | ||
69 | 511 | HIP_IFEL(!(hchain_anchors = entry->esp_peer_anchors), -1, | ||
70 | 512 | "hchain anchor expected, but not present\n"); | ||
71 | 513 | |||
72 | 514 | hash_item_length = entry->esp_peer_active_length; | ||
73 | 515 | } | ||
74 | 516 | } | ||
75 | 517 | |||
76 | 518 | // add parameters to hipfw message | ||
77 | 519 | HIP_IFEL(hip_build_param_contents(msg, &hash_item_length, | ||
78 | 520 | HIP_PARAM_ITEM_LENGTH, sizeof(uint32_t)), -1, | ||
79 | 521 | "build param contents failed\n"); | ||
80 | 522 | |||
81 | 523 | // add parameters to hipfw message | ||
82 | 524 | HIP_IFEL(hip_build_param_contents(msg, &esp_prot_num_parallel_hchains, | ||
83 | 525 | HIP_PARAM_UINT, sizeof(uint16_t)), -1, | ||
84 | 526 | "build param contents failed\n"); | ||
85 | 527 | |||
86 | 528 | for (i = 0; i < esp_prot_num_parallel_hchains; i++) { | ||
87 | 529 | HIP_HEXDUMP("esp protection anchor is ", &hchain_anchors[i][0], hash_length); | ||
88 | 530 | |||
89 | 531 | HIP_IFEL(hip_build_param_contents(msg, &hchain_anchors[i][0], | ||
90 | 532 | HIP_PARAM_HCHAIN_ANCHOR, hash_length), -1, | ||
91 | 533 | "build param contents failed\n"); | ||
92 | 534 | } | ||
93 | 535 | } else { | ||
94 | 536 | HIP_DEBUG("no anchor added, transform UNUSED\n"); | ||
95 | 537 | } | ||
96 | 538 | |||
97 | 539 | out_err: | ||
98 | 540 | return err; | ||
99 | 541 | } | ||
100 | 542 | |||
101 | 543 | /********************* BEX parameters *********************/ | 462 | /********************* BEX parameters *********************/ |
102 | 544 | 463 | ||
103 | 545 | /** | 464 | /** |
104 | 546 | 465 | ||
105 | === modified file 'hipd/esp_prot_hipd_msg.h' | |||
106 | --- hipd/esp_prot_hipd_msg.h 2011-10-17 15:22:35 +0000 | |||
107 | +++ hipd/esp_prot_hipd_msg.h 2011-10-17 18:32:42 +0000 | |||
108 | @@ -47,8 +47,6 @@ | |||
109 | 47 | int esp_prot_set_preferred_transforms(const struct hip_common *msg); | 47 | int esp_prot_set_preferred_transforms(const struct hip_common *msg); |
110 | 48 | int esp_prot_handle_trigger_update_msg(const struct hip_common *msg); | 48 | int esp_prot_handle_trigger_update_msg(const struct hip_common *msg); |
111 | 49 | int esp_prot_handle_anchor_change_msg(const struct hip_common *msg); | 49 | int esp_prot_handle_anchor_change_msg(const struct hip_common *msg); |
112 | 50 | int esp_prot_sa_add(struct hip_hadb_state *entry, struct hip_common *msg, | ||
113 | 51 | const int direction, const int update); | ||
114 | 52 | int esp_prot_r1_add_transforms(struct hip_common *msg); | 50 | int esp_prot_r1_add_transforms(struct hip_common *msg); |
115 | 53 | int esp_prot_r1_handle_transforms(UNUSED const uint8_t packet_type, | 51 | int esp_prot_r1_handle_transforms(UNUSED const uint8_t packet_type, |
116 | 54 | UNUSED const enum hip_state ha_state, | 52 | UNUSED const enum hip_state ha_state, |
117 | 55 | 53 | ||
118 | === modified file 'hipd/pkt_handling.c' | |||
119 | --- hipd/pkt_handling.c 2011-10-17 15:22:35 +0000 | |||
120 | +++ hipd/pkt_handling.c 2011-10-17 18:32:42 +0000 | |||
121 | @@ -101,26 +101,6 @@ | |||
122 | 101 | } | 101 | } |
123 | 102 | 102 | ||
124 | 103 | /** | 103 | /** |
125 | 104 | * Remove a handle function from the list. | ||
126 | 105 | * | ||
127 | 106 | * @param packet_type The packet type of the control message (RFC 5201, 5.3.) | ||
128 | 107 | * @param ha_state The host association state (RFC 5201, 4.4.1.) | ||
129 | 108 | * @param handle_function Pointer to the function which should be unregistered. | ||
130 | 109 | * | ||
131 | 110 | * @return Success = 0 | ||
132 | 111 | * Error = -1 | ||
133 | 112 | */ | ||
134 | 113 | int hip_unregister_handle_function(const uint8_t packet_type, | ||
135 | 114 | const enum hip_state ha_state, | ||
136 | 115 | int (*handle_function)(const uint8_t packet_type, | ||
137 | 116 | const enum hip_state ha_state, | ||
138 | 117 | struct hip_packet_context *ctx)) | ||
139 | 118 | { | ||
140 | 119 | return lmod_unregister_function(hip_handle_functions[packet_type][ha_state], | ||
141 | 120 | handle_function); | ||
142 | 121 | } | ||
143 | 122 | |||
144 | 123 | /** | ||
145 | 124 | * Run all handle functions for specified combination from packet type and host | 104 | * Run all handle functions for specified combination from packet type and host |
146 | 125 | * association state. | 105 | * association state. |
147 | 126 | * | 106 | * |
148 | 127 | 107 | ||
149 | === modified file 'hipd/pkt_handling.h' | |||
150 | --- hipd/pkt_handling.h 2011-10-17 15:22:35 +0000 | |||
151 | +++ hipd/pkt_handling.h 2011-10-17 18:32:42 +0000 | |||
152 | @@ -38,12 +38,6 @@ | |||
153 | 38 | struct hip_packet_context *ctx), | 38 | struct hip_packet_context *ctx), |
154 | 39 | const uint16_t priority); | 39 | const uint16_t priority); |
155 | 40 | 40 | ||
156 | 41 | int hip_unregister_handle_function(const uint8_t packet_type, | ||
157 | 42 | const enum hip_state ha_state, | ||
158 | 43 | int (*handle_function)(const uint8_t packet_type, | ||
159 | 44 | const enum hip_state ha_state, | ||
160 | 45 | struct hip_packet_context *ctx)); | ||
161 | 46 | |||
162 | 47 | int hip_run_handle_functions(const uint8_t packet_type, | 41 | int hip_run_handle_functions(const uint8_t packet_type, |
163 | 48 | const enum hip_state ha_state, | 42 | const enum hip_state ha_state, |
164 | 49 | struct hip_packet_context *ctx); | 43 | struct hip_packet_context *ctx); |
165 | 50 | 44 | ||
166 | === modified file 'hipd/registration.c' | |||
167 | --- hipd/registration.c 2011-08-15 14:11:56 +0000 | |||
168 | +++ hipd/registration.c 2011-10-17 18:32:42 +0000 | |||
169 | @@ -112,7 +112,6 @@ | |||
170 | 112 | const struct hip_ll_node *iter = NULL; | 112 | const struct hip_ll_node *iter = NULL; |
171 | 113 | struct hip_pending_request *request = NULL; | 113 | struct hip_pending_request *request = NULL; |
172 | 114 | 114 | ||
173 | 115 | /* See hip_del_pending_request() for a comment. */ | ||
174 | 116 | while ((iter = hip_ll_iterate(&pending_requests, iter)) != NULL) { | 115 | while ((iter = hip_ll_iterate(&pending_requests, iter)) != NULL) { |
175 | 117 | request = iter->ptr; | 116 | request = iter->ptr; |
176 | 118 | if (now - request->created > HIP_PENDING_REQUEST_LIFETIME) { | 117 | if (now - request->created > HIP_PENDING_REQUEST_LIFETIME) { |
177 | @@ -233,37 +232,6 @@ | |||
178 | 233 | } | 232 | } |
179 | 234 | 233 | ||
180 | 235 | /** | 234 | /** |
181 | 236 | * Deletes a pending request. Deletes a pending request identified by the host | ||
182 | 237 | * association @c entry from the linked list @c pending_requests. | ||
183 | 238 | * | ||
184 | 239 | * @param entry a pointer to the host association to which the pending request | ||
185 | 240 | * to be deleted is bound. | ||
186 | 241 | * @return zero if the pending request was succesfully deleted, -1 | ||
187 | 242 | * otherwise. | ||
188 | 243 | */ | ||
189 | 244 | int hip_del_pending_request(struct hip_hadb_state *entry) | ||
190 | 245 | { | ||
191 | 246 | int idx = 0; | ||
192 | 247 | const struct hip_ll_node *iter = NULL; | ||
193 | 248 | |||
194 | 249 | /* Iterate through the linked list. The iterator itself can't be used | ||
195 | 250 | * for deleting nodes from the list. Therefore, we just get the index of | ||
196 | 251 | * the element to be deleted using the iterator and then call | ||
197 | 252 | * hip_ll_del() to do the actual deletion. */ | ||
198 | 253 | while ((iter = hip_ll_iterate(&pending_requests, iter)) != NULL) { | ||
199 | 254 | if (((struct hip_pending_request *) (iter->ptr))->entry == entry) { | ||
200 | 255 | HIP_DEBUG("Deleting and freeing a pending request at " \ | ||
201 | 256 | "index %u.\n", idx); | ||
202 | 257 | hip_ll_del(&pending_requests, idx, free); | ||
203 | 258 | return 0; | ||
204 | 259 | } | ||
205 | 260 | idx++; | ||
206 | 261 | } | ||
207 | 262 | |||
208 | 263 | return -1; | ||
209 | 264 | } | ||
210 | 265 | |||
211 | 266 | /** | ||
212 | 267 | * Deletes a pending request of given type. Deletes a pending request identified | 235 | * Deletes a pending request of given type. Deletes a pending request identified |
213 | 268 | * by the host association @c entry and matching the given type @c reg_type from | 236 | * by the host association @c entry and matching the given type @c reg_type from |
214 | 269 | * the linked list @c pending_requests. | 237 | * the linked list @c pending_requests. |
215 | @@ -281,7 +249,6 @@ | |||
216 | 281 | const struct hip_ll_node *iter = NULL; | 249 | const struct hip_ll_node *iter = NULL; |
217 | 282 | struct hip_pending_request *request = NULL; | 250 | struct hip_pending_request *request = NULL; |
218 | 283 | 251 | ||
219 | 284 | /* See hip_del_pending_request() for a comment. */ | ||
220 | 285 | while ((iter = hip_ll_iterate(&pending_requests, iter)) != NULL) { | 252 | while ((iter = hip_ll_iterate(&pending_requests, iter)) != NULL) { |
221 | 286 | request = iter->ptr; | 253 | request = iter->ptr; |
222 | 287 | if (request->entry == entry && request->reg_type == reg_type) { | 254 | if (request->entry == entry && request->reg_type == reg_type) { |
223 | 288 | 255 | ||
224 | === modified file 'hipd/registration.h' | |||
225 | --- hipd/registration.h 2011-08-15 14:11:56 +0000 | |||
226 | +++ hipd/registration.h 2011-10-17 18:32:42 +0000 | |||
227 | @@ -64,7 +64,6 @@ | |||
228 | 64 | int hip_get_active_services(struct hip_srv *active_services, | 64 | int hip_get_active_services(struct hip_srv *active_services, |
229 | 65 | unsigned int *active_service_count); | 65 | unsigned int *active_service_count); |
230 | 66 | int hip_add_pending_request(struct hip_pending_request *request); | 66 | int hip_add_pending_request(struct hip_pending_request *request); |
231 | 67 | int hip_del_pending_request(struct hip_hadb_state *entry); | ||
232 | 68 | int hip_replace_pending_requests(struct hip_hadb_state *entry_old, | 67 | int hip_replace_pending_requests(struct hip_hadb_state *entry_old, |
233 | 69 | struct hip_hadb_state *entry_new); | 68 | struct hip_hadb_state *entry_new); |
234 | 70 | int hip_handle_param_reg_info(struct hip_hadb_state *entry, | 69 | int hip_handle_param_reg_info(struct hip_hadb_state *entry, |
235 | 71 | 70 | ||
236 | === modified file 'hipd/user_ipsec_hipd_msg.c' | |||
237 | --- hipd/user_ipsec_hipd_msg.c 2011-08-15 14:11:56 +0000 | |||
238 | +++ hipd/user_ipsec_hipd_msg.c 2011-10-17 18:32:42 +0000 | |||
239 | @@ -43,7 +43,6 @@ | |||
240 | 43 | #include "esp_prot_hipd_msg.h" | 43 | #include "esp_prot_hipd_msg.h" |
241 | 44 | #include "hipd.h" | 44 | #include "hipd.h" |
242 | 45 | #include "init.h" | 45 | #include "init.h" |
243 | 46 | #include "user_ipsec_sadb_api.h" | ||
244 | 47 | #include "user_ipsec_hipd_msg.h" | 46 | #include "user_ipsec_hipd_msg.h" |
245 | 48 | 47 | ||
246 | 49 | 48 | ||
247 | @@ -81,219 +80,3 @@ | |||
248 | 81 | 80 | ||
249 | 82 | return err; | 81 | return err; |
250 | 83 | } | 82 | } |
251 | 84 | |||
252 | 85 | /** creates a user-message to add a SA to userspace IPsec | ||
253 | 86 | * | ||
254 | 87 | * @param saddr outer globally routable source ip address | ||
255 | 88 | * @param daddr outer globally routable destination ip address | ||
256 | 89 | * @param src_hit inner source address | ||
257 | 90 | * @param dst_hit inner destination address | ||
258 | 91 | * @param spi ipsec spi for demultiplexing | ||
259 | 92 | * @param ealg crypto transform to be used for the SA | ||
260 | 93 | * @param enckey raw encryption key | ||
261 | 94 | * @param authkey raw authentication key | ||
262 | 95 | * @param retransmission notification if this event is due to retransmission | ||
263 | 96 | * @param direction represents inbound or outbound direction | ||
264 | 97 | * @param update notification if this event derives from an update | ||
265 | 98 | * @param entry host association entry for this connection | ||
266 | 99 | * @return the msg, NULL if an error occurred | ||
267 | 100 | */ | ||
268 | 101 | struct hip_common *create_add_sa_msg(const struct in6_addr *saddr, | ||
269 | 102 | const struct in6_addr *daddr, | ||
270 | 103 | const struct in6_addr *src_hit, | ||
271 | 104 | const struct in6_addr *dst_hit, | ||
272 | 105 | const uint32_t spi, const int ealg, | ||
273 | 106 | const struct hip_crypto_key *enckey, | ||
274 | 107 | const struct hip_crypto_key *authkey, | ||
275 | 108 | const int retransmission, | ||
276 | 109 | const int direction, const int update, | ||
277 | 110 | struct hip_hadb_state *entry) | ||
278 | 111 | { | ||
279 | 112 | struct hip_common *msg = NULL; | ||
280 | 113 | int err = 0; | ||
281 | 114 | |||
282 | 115 | HIP_IFEL(!(msg = malloc(HIP_MAX_PACKET)), -1, | ||
283 | 116 | "alloc memory for adding sa entry\n"); | ||
284 | 117 | |||
285 | 118 | hip_msg_init(msg); | ||
286 | 119 | |||
287 | 120 | HIP_IFEL(hip_build_user_hdr(msg, HIP_MSG_IPSEC_ADD_SA, 0), -1, | ||
288 | 121 | "build hdr failed\n"); | ||
289 | 122 | |||
290 | 123 | HIP_DEBUG_IN6ADDR("Source IP address: ", saddr); | ||
291 | 124 | HIP_IFEL(hip_build_param_contents(msg, saddr, | ||
292 | 125 | HIP_PARAM_IPV6_ADDR, | ||
293 | 126 | sizeof(struct in6_addr)), -1, | ||
294 | 127 | "build param contents failed\n"); | ||
295 | 128 | |||
296 | 129 | HIP_DEBUG_IN6ADDR("Destination IP address : ", daddr); | ||
297 | 130 | HIP_IFEL(hip_build_param_contents(msg, daddr, | ||
298 | 131 | HIP_PARAM_IPV6_ADDR, | ||
299 | 132 | sizeof(struct in6_addr)), -1, | ||
300 | 133 | "build param contents failed\n"); | ||
301 | 134 | |||
302 | 135 | HIP_DEBUG_HIT("Source HIT: ", src_hit); | ||
303 | 136 | HIP_IFEL(hip_build_param_contents(msg, src_hit, HIP_PARAM_HIT, | ||
304 | 137 | sizeof(struct in6_addr)), -1, | ||
305 | 138 | "build param contents failed\n"); | ||
306 | 139 | |||
307 | 140 | HIP_DEBUG_HIT("Destination HIT: ", dst_hit); | ||
308 | 141 | HIP_IFEL(hip_build_param_contents(msg, dst_hit, HIP_PARAM_HIT, | ||
309 | 142 | sizeof(struct in6_addr)), -1, | ||
310 | 143 | "build param contents failed\n"); | ||
311 | 144 | |||
312 | 145 | HIP_DEBUG("the spi value is : %x \n", spi); | ||
313 | 146 | HIP_IFEL(hip_build_param_contents(msg, &spi, HIP_PARAM_UINT, | ||
314 | 147 | sizeof(uint32_t)), -1, | ||
315 | 148 | "build param contents failed\n"); | ||
316 | 149 | |||
317 | 150 | HIP_DEBUG("the nat_mode value is %u \n", entry->nat_mode); | ||
318 | 151 | HIP_IFEL(hip_build_param_contents(msg, &entry->nat_mode, HIP_PARAM_UINT, | ||
319 | 152 | sizeof(uint8_t)), -1, | ||
320 | 153 | "build param contents failed\n"); | ||
321 | 154 | |||
322 | 155 | HIP_DEBUG("the local_port value is %u \n", entry->local_udp_port); | ||
323 | 156 | HIP_IFEL(hip_build_param_contents(msg, &entry->local_udp_port, | ||
324 | 157 | HIP_PARAM_UINT, sizeof(uint16_t)), -1, "build param contents failed\n"); | ||
325 | 158 | |||
326 | 159 | HIP_DEBUG("the peer_port value is %u \n", entry->peer_udp_port); | ||
327 | 160 | HIP_IFEL(hip_build_param_contents(msg, &entry->peer_udp_port, | ||
328 | 161 | HIP_PARAM_UINT, sizeof(uint16_t)), -1, "build param contents failed\n"); | ||
329 | 162 | |||
330 | 163 | // params needed by the esp protection extension | ||
331 | 164 | HIP_IFEL(esp_prot_sa_add(entry, msg, direction, update), -1, | ||
332 | 165 | "failed to add esp prot params\n"); | ||
333 | 166 | |||
334 | 167 | HIP_HEXDUMP("crypto key :", enckey, sizeof(struct hip_crypto_key)); | ||
335 | 168 | HIP_IFEL(hip_build_param_contents(msg, | ||
336 | 169 | enckey, | ||
337 | 170 | HIP_PARAM_KEYS, | ||
338 | 171 | sizeof(struct hip_crypto_key)), -1, | ||
339 | 172 | "build param contents failed\n"); | ||
340 | 173 | |||
341 | 174 | HIP_HEXDUMP("authen key :", authkey, sizeof(struct hip_crypto_key)); | ||
342 | 175 | HIP_IFEL(hip_build_param_contents(msg, | ||
343 | 176 | authkey, | ||
344 | 177 | HIP_PARAM_KEYS, | ||
345 | 178 | sizeof(struct hip_crypto_key)), -1, | ||
346 | 179 | "build param contents failed\n"); | ||
347 | 180 | |||
348 | 181 | HIP_DEBUG("ealg value is %d \n", ealg); | ||
349 | 182 | HIP_IFEL(hip_build_param_contents(msg, &ealg, HIP_PARAM_INT, | ||
350 | 183 | sizeof(int)), -1, | ||
351 | 184 | "build param contents failed\n"); | ||
352 | 185 | |||
353 | 186 | HIP_DEBUG("retransmission value is %d \n", retransmission); | ||
354 | 187 | HIP_IFEL(hip_build_param_contents(msg, &retransmission, | ||
355 | 188 | HIP_PARAM_INT, sizeof(int)), -1, | ||
356 | 189 | "build param contents failed\n"); | ||
357 | 190 | |||
358 | 191 | HIP_DEBUG("the direction value is %d \n", direction); | ||
359 | 192 | HIP_IFEL(hip_build_param_contents(msg, &direction, | ||
360 | 193 | HIP_PARAM_INT, | ||
361 | 194 | sizeof(int)), -1, | ||
362 | 195 | "build param contents failed\n"); | ||
363 | 196 | |||
364 | 197 | HIP_DEBUG("the update value is %d \n", update); | ||
365 | 198 | HIP_IFEL(hip_build_param_contents(msg, &update, HIP_PARAM_INT, | ||
366 | 199 | sizeof(int)), -1, | ||
367 | 200 | "build param contents failed\n"); | ||
368 | 201 | |||
369 | 202 | out_err: | ||
370 | 203 | if (err) { | ||
371 | 204 | free(msg); | ||
372 | 205 | msg = NULL; | ||
373 | 206 | } | ||
374 | 207 | |||
375 | 208 | return msg; | ||
376 | 209 | } | ||
377 | 210 | |||
378 | 211 | /** creates a user-message to delete a SA from userspace IPsec | ||
379 | 212 | * | ||
380 | 213 | * @param spi ipsec spi for demultiplexing | ||
381 | 214 | * @param peer_addr outer globally routable source ip address | ||
382 | 215 | * @param dst_addr outer globally routable destination ip address | ||
383 | 216 | * @param family protocol family of above addresses | ||
384 | 217 | * @param src_port local port for this host association | ||
385 | 218 | * @param dst_port peer port for this host association | ||
386 | 219 | * @return the msg, NULL if an error occured | ||
387 | 220 | */ | ||
388 | 221 | struct hip_common *create_delete_sa_msg(const uint32_t spi, | ||
389 | 222 | const struct in6_addr *peer_addr, | ||
390 | 223 | const struct in6_addr *dst_addr, | ||
391 | 224 | const int family, | ||
392 | 225 | const int src_port, | ||
393 | 226 | const int dst_port) | ||
394 | 227 | { | ||
395 | 228 | struct hip_common *msg = NULL; | ||
396 | 229 | int err = 0; | ||
397 | 230 | |||
398 | 231 | HIP_IFEL(!(msg = malloc(HIP_MAX_PACKET)), -1, | ||
399 | 232 | "alloc memory for adding sa entry\n"); | ||
400 | 233 | |||
401 | 234 | hip_msg_init(msg); | ||
402 | 235 | |||
403 | 236 | HIP_IFEL(hip_build_user_hdr(msg, HIP_MSG_IPSEC_DELETE_SA, 0), -1, | ||
404 | 237 | "build hdr failed\n"); | ||
405 | 238 | |||
406 | 239 | HIP_DEBUG("spi value: %u\n", spi); | ||
407 | 240 | HIP_IFEL(hip_build_param_contents(msg, &spi, HIP_PARAM_UINT, | ||
408 | 241 | sizeof(uint32_t)), -1, "build param contents failed\n"); | ||
409 | 242 | |||
410 | 243 | HIP_DEBUG_IN6ADDR("peer address: ", peer_addr); | ||
411 | 244 | HIP_IFEL(hip_build_param_contents(msg, peer_addr, HIP_PARAM_IPV6_ADDR, | ||
412 | 245 | sizeof(struct in6_addr)), -1, "build param contents failed\n"); | ||
413 | 246 | |||
414 | 247 | HIP_DEBUG_IN6ADDR("destination address: ", dst_addr); | ||
415 | 248 | HIP_IFEL(hip_build_param_contents(msg, dst_addr, HIP_PARAM_IPV6_ADDR, | ||
416 | 249 | sizeof(struct in6_addr)), -1, "build param contents failed\n"); | ||
417 | 250 | |||
418 | 251 | HIP_DEBUG("family: %i\n", family); | ||
419 | 252 | HIP_IFEL(hip_build_param_contents(msg, &family, HIP_PARAM_INT, | ||
420 | 253 | sizeof(int)), -1, "build param contents failed\n"); | ||
421 | 254 | |||
422 | 255 | HIP_DEBUG("src_port: %i\n", src_port); | ||
423 | 256 | HIP_IFEL(hip_build_param_contents(msg, &src_port, HIP_PARAM_INT, | ||
424 | 257 | sizeof(int)), -1, "build param contents failed\n"); | ||
425 | 258 | |||
426 | 259 | HIP_DEBUG("src_port: %i\n", dst_port); | ||
427 | 260 | HIP_IFEL(hip_build_param_contents(msg, &dst_port, HIP_PARAM_INT, | ||
428 | 261 | sizeof(int)), -1, "build param contents failed\n"); | ||
429 | 262 | |||
430 | 263 | out_err: | ||
431 | 264 | if (err) { | ||
432 | 265 | free(msg); | ||
433 | 266 | msg = NULL; | ||
434 | 267 | } | ||
435 | 268 | |||
436 | 269 | return msg; | ||
437 | 270 | } | ||
438 | 271 | |||
439 | 272 | /** | ||
440 | 273 | * create a user-message to flush all SAs from userspace IPsec | ||
441 | 274 | * | ||
442 | 275 | * @return the msg, NULL if an error occured | ||
443 | 276 | */ | ||
444 | 277 | struct hip_common *create_flush_all_sa_msg(void) | ||
445 | 278 | { | ||
446 | 279 | struct hip_common *msg = NULL; | ||
447 | 280 | int err = 0; | ||
448 | 281 | |||
449 | 282 | HIP_IFEL(!(msg = malloc(HIP_MAX_PACKET)), -1, | ||
450 | 283 | "alloc memory for adding sa entry\n"); | ||
451 | 284 | |||
452 | 285 | hip_msg_init(msg); | ||
453 | 286 | |||
454 | 287 | HIP_IFEL(hip_build_user_hdr(msg, HIP_MSG_IPSEC_FLUSH_ALL_SA, 0), -1, | ||
455 | 288 | "build hdr failed\n"); | ||
456 | 289 | |||
457 | 290 | // this triggers the flushing without specifying any parameters | ||
458 | 291 | |||
459 | 292 | out_err: | ||
460 | 293 | if (err) { | ||
461 | 294 | free(msg); | ||
462 | 295 | msg = NULL; | ||
463 | 296 | } | ||
464 | 297 | |||
465 | 298 | return msg; | ||
466 | 299 | } | ||
467 | 300 | 83 | ||
468 | === modified file 'hipd/user_ipsec_hipd_msg.h' | |||
469 | --- hipd/user_ipsec_hipd_msg.h 2011-08-15 14:11:56 +0000 | |||
470 | +++ hipd/user_ipsec_hipd_msg.h 2011-10-17 18:32:42 +0000 | |||
471 | @@ -39,22 +39,5 @@ | |||
472 | 39 | #include "lib/core/protodefs.h" | 39 | #include "lib/core/protodefs.h" |
473 | 40 | 40 | ||
474 | 41 | int hip_userspace_ipsec_activate(const struct hip_common *msg); | 41 | int hip_userspace_ipsec_activate(const struct hip_common *msg); |
475 | 42 | struct hip_common *create_add_sa_msg(const struct in6_addr *saddr, | ||
476 | 43 | const struct in6_addr *daddr, | ||
477 | 44 | const struct in6_addr *src_hit, | ||
478 | 45 | const struct in6_addr *dst_hit, | ||
479 | 46 | const uint32_t spi, const int ealg, | ||
480 | 47 | const struct hip_crypto_key *enckey, | ||
481 | 48 | const struct hip_crypto_key *authkey, | ||
482 | 49 | const int retransmission, | ||
483 | 50 | const int direction, const int update, | ||
484 | 51 | struct hip_hadb_state *entry); | ||
485 | 52 | struct hip_common *create_delete_sa_msg(const uint32_t spi, | ||
486 | 53 | const struct in6_addr *peer_addr, | ||
487 | 54 | const struct in6_addr *dst_addr, | ||
488 | 55 | const int family, | ||
489 | 56 | const int src_port, | ||
490 | 57 | const int dst_port); | ||
491 | 58 | struct hip_common *create_flush_all_sa_msg(void); | ||
492 | 59 | 42 | ||
493 | 60 | #endif /* HIP_HIPD_USER_IPSEC_HIPD_MSG_H */ | 43 | #endif /* HIP_HIPD_USER_IPSEC_HIPD_MSG_H */ |
494 | 61 | 44 | ||
495 | === removed file 'hipd/user_ipsec_sadb_api.c' | |||
496 | --- hipd/user_ipsec_sadb_api.c 2011-08-15 14:11:56 +0000 | |||
497 | +++ hipd/user_ipsec_sadb_api.c 1970-01-01 00:00:00 +0000 | |||
498 | @@ -1,133 +0,0 @@ | |||
499 | 1 | /* | ||
500 | 2 | * Copyright (c) 2010 Aalto University and RWTH Aachen University. | ||
501 | 3 | * | ||
502 | 4 | * Permission is hereby granted, free of charge, to any person | ||
503 | 5 | * obtaining a copy of this software and associated documentation | ||
504 | 6 | * files (the "Software"), to deal in the Software without | ||
505 | 7 | * restriction, including without limitation the rights to use, | ||
506 | 8 | * copy, modify, merge, publish, distribute, sublicense, and/or sell | ||
507 | 9 | * copies of the Software, and to permit persons to whom the | ||
508 | 10 | * Software is furnished to do so, subject to the following | ||
509 | 11 | * conditions: | ||
510 | 12 | * | ||
511 | 13 | * The above copyright notice and this permission notice shall be | ||
512 | 14 | * included in all copies or substantial portions of the Software. | ||
513 | 15 | * | ||
514 | 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, | ||
515 | 17 | * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES | ||
516 | 18 | * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND | ||
517 | 19 | * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT | ||
518 | 20 | * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, | ||
519 | 21 | * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING | ||
520 | 22 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR | ||
521 | 23 | * OTHER DEALINGS IN THE SOFTWARE. | ||
522 | 24 | */ | ||
523 | 25 | |||
524 | 26 | /** | ||
525 | 27 | * @file | ||
526 | 28 | * Provides the API used by the hipd to set up and maintain the | ||
527 | 29 | * userspace IPsec state in the hipfw. | ||
528 | 30 | * | ||
529 | 31 | * @brief API used by the hipd to set up and maintain userspace IPsec state | ||
530 | 32 | */ | ||
531 | 33 | |||
532 | 34 | #include <stdint.h> | ||
533 | 35 | #include <arpa/inet.h> | ||
534 | 36 | #include <netinet/in.h> | ||
535 | 37 | |||
536 | 38 | #include "lib/core/debug.h" | ||
537 | 39 | #include "lib/core/icomm.h" | ||
538 | 40 | #include "lib/core/ife.h" | ||
539 | 41 | #include "lib/core/prefix.h" | ||
540 | 42 | #include "lib/core/protodefs.h" | ||
541 | 43 | #include "lib/core/state.h" | ||
542 | 44 | #include "user.h" | ||
543 | 45 | #include "user_ipsec_hipd_msg.h" | ||
544 | 46 | #include "user_ipsec_sadb_api.h" | ||
545 | 47 | |||
546 | 48 | |||
547 | 49 | /** generic send function used to send the below created messages | ||
548 | 50 | * | ||
549 | 51 | * @param msg the message to be sent | ||
550 | 52 | * @return 0, if correct, else != 0 | ||
551 | 53 | */ | ||
552 | 54 | static int hip_userspace_ipsec_send_to_fw(const struct hip_common *msg) | ||
553 | 55 | { | ||
554 | 56 | struct sockaddr_in6 hip_fw_addr; | ||
555 | 57 | struct in6_addr loopback = in6addr_loopback; | ||
556 | 58 | int err = 0; | ||
557 | 59 | |||
558 | 60 | HIP_ASSERT(msg != NULL); | ||
559 | 61 | |||
560 | 62 | // destination is firewall | ||
561 | 63 | hip_fw_addr.sin6_family = AF_INET6; | ||
562 | 64 | hip_fw_addr.sin6_port = htons(HIP_FIREWALL_PORT); | ||
563 | 65 | ipv6_addr_copy(&hip_fw_addr.sin6_addr, &loopback); | ||
564 | 66 | |||
565 | 67 | err = hip_sendto_user(msg, (struct sockaddr *) &hip_fw_addr); | ||
566 | 68 | if (err < 0) { | ||
567 | 69 | HIP_ERROR("sending of message to firewall failed\n"); | ||
568 | 70 | |||
569 | 71 | err = -1; | ||
570 | 72 | goto out_err; | ||
571 | 73 | } else { | ||
572 | 74 | HIP_DEBUG("sending of message to firewall successful\n"); | ||
573 | 75 | |||
574 | 76 | // this is needed if we want to use HIP_IFEL | ||
575 | 77 | err = 0; | ||
576 | 78 | } | ||
577 | 79 | |||
578 | 80 | out_err: | ||
579 | 81 | return err; | ||
580 | 82 | } | ||
581 | 83 | |||
582 | 84 | /** adds a new SA entry for the specified direction to the sadb in userspace ipsec | ||
583 | 85 | * @note If you make changes to this function, please change also hip_add_sa() | ||
584 | 86 | * | ||
585 | 87 | * @param saddr outer globally routable source ip address | ||
586 | 88 | * @param daddr outer globally routable destination ip address | ||
587 | 89 | * @param src_hit inner source address | ||
588 | 90 | * @param dst_hit inner destination address | ||
589 | 91 | * @param spi ipsec spi for demultiplexing | ||
590 | 92 | * @param ealg crypto transform to be used for the SA | ||
591 | 93 | * @param enckey raw encryption key | ||
592 | 94 | * @param authkey raw authentication key | ||
593 | 95 | * @param retransmission notification if this event is due to retransmission | ||
594 | 96 | * @param direction represents inbound or outbound direction | ||
595 | 97 | * @param update notification if this event derives from an update | ||
596 | 98 | * @param entry host association entry for this connection | ||
597 | 99 | * @return 0, if correct, otherwise -1 | ||
598 | 100 | */ | ||
599 | 101 | uint32_t hip_userspace_ipsec_add_sa(const struct in6_addr *saddr, | ||
600 | 102 | const struct in6_addr *daddr, | ||
601 | 103 | const struct in6_addr *src_hit, | ||
602 | 104 | const struct in6_addr *dst_hit, | ||
603 | 105 | const uint32_t spi, const int ealg, | ||
604 | 106 | const struct hip_crypto_key *enckey, | ||
605 | 107 | const struct hip_crypto_key *authkey, | ||
606 | 108 | const int retransmission, | ||
607 | 109 | const int direction, const int update, | ||
608 | 110 | struct hip_hadb_state *entry) | ||
609 | 111 | { | ||
610 | 112 | struct hip_common *msg = NULL; | ||
611 | 113 | int err = 0; | ||
612 | 114 | |||
613 | 115 | HIP_ASSERT(spi != 0); | ||
614 | 116 | |||
615 | 117 | HIP_IFEL(entry->disable_sas == 1, 0, "SA creation disabled\n"); | ||
616 | 118 | |||
617 | 119 | if (direction == HIP_SPI_DIRECTION_OUT) { | ||
618 | 120 | entry->outbound_sa_count++; | ||
619 | 121 | } else { | ||
620 | 122 | entry->inbound_sa_count++; | ||
621 | 123 | } | ||
622 | 124 | |||
623 | 125 | HIP_IFEL(!(msg = create_add_sa_msg(saddr, daddr, src_hit, dst_hit, spi, ealg, enckey, | ||
624 | 126 | authkey, retransmission, direction, update, entry)), -1, | ||
625 | 127 | "failed to create add_sa message\n"); | ||
626 | 128 | |||
627 | 129 | HIP_IFEL(hip_userspace_ipsec_send_to_fw(msg), -1, "failed to send msg to fw\n"); | ||
628 | 130 | |||
629 | 131 | out_err: | ||
630 | 132 | return err; | ||
631 | 133 | } | ||
632 | 134 | 0 | ||
633 | === removed file 'hipd/user_ipsec_sadb_api.h' | |||
634 | --- hipd/user_ipsec_sadb_api.h 2011-08-15 14:11:56 +0000 | |||
635 | +++ hipd/user_ipsec_sadb_api.h 1970-01-01 00:00:00 +0000 | |||
636 | @@ -1,55 +0,0 @@ | |||
637 | 1 | /* | ||
638 | 2 | * Copyright (c) 2010 Aalto University and RWTH Aachen University. | ||
639 | 3 | * | ||
640 | 4 | * Permission is hereby granted, free of charge, to any person | ||
641 | 5 | * obtaining a copy of this software and associated documentation | ||
642 | 6 | * files (the "Software"), to deal in the Software without | ||
643 | 7 | * restriction, including without limitation the rights to use, | ||
644 | 8 | * copy, modify, merge, publish, distribute, sublicense, and/or sell | ||
645 | 9 | * copies of the Software, and to permit persons to whom the | ||
646 | 10 | * Software is furnished to do so, subject to the following | ||
647 | 11 | * conditions: | ||
648 | 12 | * | ||
649 | 13 | * The above copyright notice and this permission notice shall be | ||
650 | 14 | * included in all copies or substantial portions of the Software. | ||
651 | 15 | * | ||
652 | 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, | ||
653 | 17 | * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES | ||
654 | 18 | * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND | ||
655 | 19 | * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT | ||
656 | 20 | * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, | ||
657 | 21 | * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING | ||
658 | 22 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR | ||
659 | 23 | * OTHER DEALINGS IN THE SOFTWARE. | ||
660 | 24 | */ | ||
661 | 25 | |||
662 | 26 | /** | ||
663 | 27 | * @file | ||
664 | 28 | * Provides the API used by the hipd to set up and maintain the | ||
665 | 29 | * userspace IPsec state in the hipfw. | ||
666 | 30 | * | ||
667 | 31 | * @brief API used by the hipd to set up and maintain userspace IPsec state | ||
668 | 32 | */ | ||
669 | 33 | |||
670 | 34 | #ifndef HIP_HIPD_USER_IPSEC_SADB_API_H | ||
671 | 35 | #define HIP_HIPD_USER_IPSEC_SADB_API_H | ||
672 | 36 | |||
673 | 37 | #include <stdint.h> | ||
674 | 38 | #include <netinet/in.h> | ||
675 | 39 | |||
676 | 40 | #include "lib/core/protodefs.h" | ||
677 | 41 | |||
678 | 42 | uint32_t hip_userspace_ipsec_add_sa(const struct in6_addr *saddr, | ||
679 | 43 | const struct in6_addr *daddr, | ||
680 | 44 | const struct in6_addr *src_hit, | ||
681 | 45 | const struct in6_addr *dst_hit, | ||
682 | 46 | const uint32_t spi, const int ealg, | ||
683 | 47 | const struct hip_crypto_key *enckey, | ||
684 | 48 | const struct hip_crypto_key *authkey, | ||
685 | 49 | const int retransmission, | ||
686 | 50 | const int direction, const int update, | ||
687 | 51 | struct hip_hadb_state *entry); | ||
688 | 52 | |||
689 | 53 | int hip_userspace_ipsec_setup_default_sp_prefix_pair(void); | ||
690 | 54 | |||
691 | 55 | #endif /* HIP_HIPD_USER_IPSEC_SADB_API_H */ | ||
692 | 56 | 0 | ||
693 | === modified file 'lib/core/builder.c' | |||
694 | --- lib/core/builder.c 2011-08-15 14:11:56 +0000 | |||
695 | +++ lib/core/builder.c 2011-10-17 18:32:42 +0000 | |||
696 | @@ -918,18 +918,6 @@ | |||
697 | 918 | * @return pointer to the contents of the tlv_common (just after the | 918 | * @return pointer to the contents of the tlv_common (just after the |
698 | 919 | * the type and length fields) | 919 | * the type and length fields) |
699 | 920 | */ | 920 | */ |
700 | 921 | void *hip_get_param_contents_direct_readwrite(void *tlv_common) | ||
701 | 922 | { | ||
702 | 923 | return ((uint8_t *) tlv_common) + sizeof(struct hip_tlv_common); | ||
703 | 924 | } | ||
704 | 925 | |||
705 | 926 | /** | ||
706 | 927 | * hip_get_param_contents_direct - get parameter contents direct from TLV | ||
707 | 928 | * | ||
708 | 929 | * @param tlv_common pointer to a parameter | ||
709 | 930 | * @return pointer to the contents of the tlv_common (just after the | ||
710 | 931 | * the type and length fields) | ||
711 | 932 | */ | ||
712 | 933 | const void *hip_get_param_contents_direct(const void *tlv_common) | 921 | const void *hip_get_param_contents_direct(const void *tlv_common) |
713 | 934 | { | 922 | { |
714 | 935 | return ((const uint8_t *) tlv_common) + sizeof(struct hip_tlv_common); | 923 | return ((const uint8_t *) tlv_common) + sizeof(struct hip_tlv_common); |
715 | @@ -3373,56 +3361,6 @@ | |||
716 | 3373 | } | 3361 | } |
717 | 3374 | 3362 | ||
718 | 3375 | /** | 3363 | /** |
719 | 3376 | * Build and append a X509 certiticate request parameter into a HIP control | ||
720 | 3377 | * message (on-the-wire) | ||
721 | 3378 | * | ||
722 | 3379 | * @param msg a pointer to the message where the parameter will be | ||
723 | 3380 | * appended | ||
724 | 3381 | * @param addr the subject for the certificate | ||
725 | 3382 | * @return zero on success, or negative on failure | ||
726 | 3383 | * @see <a href="http://tools.ietf.org/html/draft-ietf-hip-cert">draft-ietf-hip-cert</a> | ||
727 | 3384 | * | ||
728 | 3385 | */ | ||
729 | 3386 | int hip_build_param_cert_x509_req(struct hip_common *msg, struct in6_addr *addr) | ||
730 | 3387 | { | ||
731 | 3388 | struct hip_cert_x509_req subj; | ||
732 | 3389 | |||
733 | 3390 | hip_set_param_type((struct hip_tlv_common *) &subj, HIP_PARAM_CERT_X509_REQ); | ||
734 | 3391 | hip_calc_param_len((struct hip_tlv_common *) &subj, | ||
735 | 3392 | sizeof(struct hip_cert_x509_req) | ||
736 | 3393 | - sizeof(struct hip_tlv_common)); | ||
737 | 3394 | ipv6_addr_copy(&subj.addr, addr); | ||
738 | 3395 | |||
739 | 3396 | return hip_build_param(msg, &subj); | ||
740 | 3397 | } | ||
741 | 3398 | |||
742 | 3399 | /** | ||
743 | 3400 | * build and append a X509 certificate verification parameter into a | ||
744 | 3401 | * HIP control message (on-the-wire) | ||
745 | 3402 | * | ||
746 | 3403 | * @param msg a pointer to the message where the parameter will be | ||
747 | 3404 | * appended | ||
748 | 3405 | * @param der der field | ||
749 | 3406 | * @param len length of the der field in bytes | ||
750 | 3407 | * @return zero on success, or negative on failure | ||
751 | 3408 | * @see <a href="http://tools.ietf.org/html/draft-ietf-hip-cert">draft-ietf-hip-cert</a> | ||
752 | 3409 | * | ||
753 | 3410 | */ | ||
754 | 3411 | int hip_build_param_cert_x509_ver(struct hip_common *msg, char *der, int len) | ||
755 | 3412 | { | ||
756 | 3413 | struct hip_cert_x509_resp subj; | ||
757 | 3414 | |||
758 | 3415 | hip_set_param_type((struct hip_tlv_common *) &subj, HIP_PARAM_CERT_X509_REQ); | ||
759 | 3416 | hip_calc_param_len((struct hip_tlv_common *) &subj, | ||
760 | 3417 | sizeof(struct hip_cert_x509_resp) | ||
761 | 3418 | - sizeof(struct hip_tlv_common)); | ||
762 | 3419 | memcpy(&subj.der, der, len); | ||
763 | 3420 | subj.der_len = len; | ||
764 | 3421 | |||
765 | 3422 | return hip_build_param(msg, &subj); | ||
766 | 3423 | } | ||
767 | 3424 | |||
768 | 3425 | /** | ||
769 | 3426 | * build and append a X509 certificate response into a HIP control message | 3364 | * build and append a X509 certificate response into a HIP control message |
770 | 3427 | * (on-the-wire) | 3365 | * (on-the-wire) |
771 | 3428 | * | 3366 | * |
772 | 3429 | 3367 | ||
773 | === modified file 'lib/core/builder.h' | |||
774 | --- lib/core/builder.h 2011-08-15 14:11:56 +0000 | |||
775 | +++ lib/core/builder.h 2011-10-17 18:32:42 +0000 | |||
776 | @@ -155,9 +155,7 @@ | |||
777 | 155 | const struct in6_addr rvs_addresses[]); | 155 | const struct in6_addr rvs_addresses[]); |
778 | 156 | int hip_build_param_cert_spki_info(struct hip_common *msg, | 156 | int hip_build_param_cert_spki_info(struct hip_common *msg, |
779 | 157 | struct hip_cert_spki_info *cert_info); | 157 | struct hip_cert_spki_info *cert_info); |
780 | 158 | int hip_build_param_cert_x509_req(struct hip_common *, struct in6_addr *); | ||
781 | 159 | int hip_build_param_cert_x509_resp(struct hip_common *, char *, int); | 158 | int hip_build_param_cert_x509_resp(struct hip_common *, char *, int); |
782 | 160 | int hip_build_param_cert_x509_ver(struct hip_common *, char *, int); | ||
783 | 161 | 159 | ||
784 | 162 | int hip_build_param_hit_to_ip_set(struct hip_common *, const char *); | 160 | int hip_build_param_hit_to_ip_set(struct hip_common *, const char *); |
785 | 163 | int hip_build_user_hdr(struct hip_common *, hip_hdr, hip_hdr_err); | 161 | int hip_build_user_hdr(struct hip_common *, hip_hdr, hip_hdr_err); |
786 | @@ -187,7 +185,6 @@ | |||
787 | 187 | void *hip_get_param_readwrite(struct hip_common *, hip_tlv); | 185 | void *hip_get_param_readwrite(struct hip_common *, hip_tlv); |
788 | 188 | const void *hip_get_param_contents(const struct hip_common *, hip_tlv); | 186 | const void *hip_get_param_contents(const struct hip_common *, hip_tlv); |
789 | 189 | const void *hip_get_param_contents_direct(const void *); | 187 | const void *hip_get_param_contents_direct(const void *); |
790 | 190 | void *hip_get_param_contents_direct_readwrite(void *); | ||
791 | 191 | hip_tlv_len hip_get_param_contents_len(const void *); | 188 | hip_tlv_len hip_get_param_contents_len(const void *); |
792 | 192 | int hip_get_param_host_id_di_type_len(const struct hip_host_id *, | 189 | int hip_get_param_host_id_di_type_len(const struct hip_host_id *, |
793 | 193 | const char **, int *); | 190 | const char **, int *); |
794 | 194 | 191 | ||
795 | === modified file 'lib/core/certtools.c' | |||
796 | --- lib/core/certtools.c 2011-08-15 14:11:56 +0000 | |||
797 | +++ lib/core/certtools.c 2011-10-17 18:32:42 +0000 | |||
798 | @@ -624,139 +624,6 @@ | |||
799 | 624 | return err; | 624 | return err; |
800 | 625 | } | 625 | } |
801 | 626 | 626 | ||
802 | 627 | /** | ||
803 | 628 | * Function that sends the given hip_cert_spki_info to the daemon to | ||
804 | 629 | * verification | ||
805 | 630 | * | ||
806 | 631 | * @param to_verification is the cert to be verified | ||
807 | 632 | * | ||
808 | 633 | * @return 0 if ok and negative if error or unsuccesfull. | ||
809 | 634 | * | ||
810 | 635 | * @note use hip_cert_spki_char2certinfo to build the hip_cert_spki_info | ||
811 | 636 | */ | ||
812 | 637 | int hip_cert_spki_send_to_verification(struct hip_cert_spki_info *to_verification) | ||
813 | 638 | { | ||
814 | 639 | int err = 0; | ||
815 | 640 | struct hip_common *msg; | ||
816 | 641 | const struct hip_cert_spki_info *returned; | ||
817 | 642 | |||
818 | 643 | HIP_IFEL(!(msg = malloc(HIP_MAX_PACKET)), -1, | ||
819 | 644 | "Malloc for msg failed\n"); | ||
820 | 645 | hip_msg_init(msg); | ||
821 | 646 | /* build the msg to be sent to the daemon */ | ||
822 | 647 | HIP_IFEL(hip_build_user_hdr(msg, HIP_MSG_CERT_SPKI_VERIFY, 0), -1, | ||
823 | 648 | "Failed to build user header\n"); | ||
824 | 649 | HIP_IFEL(hip_build_param_cert_spki_info(msg, to_verification), -1, | ||
825 | 650 | "Failed to build cert_info\n"); | ||
826 | 651 | |||
827 | 652 | /* send and wait */ | ||
828 | 653 | HIP_DEBUG("Sending request to verify SPKI cert to " | ||
829 | 654 | "daemon and waiting for answer\n"); | ||
830 | 655 | hip_send_recv_daemon_info(msg, 0, 0); | ||
831 | 656 | |||
832 | 657 | HIP_IFEL(!(returned = hip_get_param(msg, HIP_PARAM_CERT_SPKI_INFO)), | ||
833 | 658 | -1, "No hip_cert_spki_info struct found from daemons msg\n"); | ||
834 | 659 | |||
835 | 660 | memcpy(to_verification, returned, sizeof(struct hip_cert_spki_info)); | ||
836 | 661 | |||
837 | 662 | out_err: | ||
838 | 663 | free(msg); | ||
839 | 664 | return err; | ||
840 | 665 | } | ||
841 | 666 | |||
842 | 667 | /****************************************************************************** | ||
843 | 668 | * FUNCTIONS FOR x509v3 * | ||
844 | 669 | ******************************************************************************/ | ||
845 | 670 | |||
846 | 671 | /** | ||
847 | 672 | * Function that requests for a certificate from daemon and gives it back. | ||
848 | 673 | * | ||
849 | 674 | * @param subject is the subjects HIT | ||
850 | 675 | * | ||
851 | 676 | * @param certificate is pointer to a buffer to which this function writes the completed cert | ||
852 | 677 | * | ||
853 | 678 | * @return positive on success negative otherwise | ||
854 | 679 | * | ||
855 | 680 | * @note The certificate is given in DER encoding | ||
856 | 681 | */ | ||
857 | 682 | int hip_cert_x509v3_request_certificate(struct in6_addr *subject, | ||
858 | 683 | unsigned char *certificate) | ||
859 | 684 | { | ||
860 | 685 | int err = 0; | ||
861 | 686 | struct hip_common *msg; | ||
862 | 687 | const struct hip_cert_x509_resp *p; | ||
863 | 688 | |||
864 | 689 | HIP_IFEL(!(msg = malloc(HIP_MAX_PACKET)), -1, | ||
865 | 690 | "Malloc for msg failed\n"); | ||
866 | 691 | hip_msg_init(msg); | ||
867 | 692 | /* build the msg to be sent to the daemon */ | ||
868 | 693 | |||
869 | 694 | HIP_IFEL(hip_build_user_hdr(msg, HIP_MSG_CERT_X509V3_SIGN, 0), -1, | ||
870 | 695 | "Failed to build user header\n"); | ||
871 | 696 | HIP_IFEL(hip_build_param_cert_x509_req(msg, subject), -1, | ||
872 | 697 | "Failed to build cert_info\n"); | ||
873 | 698 | /* send and wait */ | ||
874 | 699 | HIP_DEBUG("Sending request to sign x509 cert to " | ||
875 | 700 | "daemon and waiting for answer\n"); | ||
876 | 701 | hip_send_recv_daemon_info(msg, 0, 0); | ||
877 | 702 | /* get the struct from the message sent back by the daemon */ | ||
878 | 703 | HIP_IFEL(!(p = hip_get_param(msg, HIP_PARAM_CERT_X509_RESP)), -1, | ||
879 | 704 | "No name x509 struct found\n"); | ||
880 | 705 | memcpy(certificate, p->der, p->der_len); | ||
881 | 706 | err = p->der_len; | ||
882 | 707 | |||
883 | 708 | out_err: | ||
884 | 709 | free(msg); | ||
885 | 710 | return err; | ||
886 | 711 | } | ||
887 | 712 | |||
888 | 713 | /** | ||
889 | 714 | * Function that requests for a verification of a certificate from | ||
890 | 715 | * daemon and tells the result. | ||
891 | 716 | * | ||
892 | 717 | * @param certificate is pointer to a certificate to be verified | ||
893 | 718 | * @param len is the length of the cert in certificate parameter in bytes | ||
894 | 719 | * | ||
895 | 720 | * @return 0 on success negative otherwise | ||
896 | 721 | * | ||
897 | 722 | * @note give the certificate in PEM encoding | ||
898 | 723 | */ | ||
899 | 724 | int hip_cert_x509v3_request_verification(unsigned char *certificate, int len) | ||
900 | 725 | { | ||
901 | 726 | int err = 0; | ||
902 | 727 | struct hip_common *msg; | ||
903 | 728 | const struct hip_cert_x509_resp *received; | ||
904 | 729 | |||
905 | 730 | HIP_IFEL(!(msg = malloc(HIP_MAX_PACKET)), -1, | ||
906 | 731 | "Malloc for msg failed\n"); | ||
907 | 732 | hip_msg_init(msg); | ||
908 | 733 | |||
909 | 734 | /* build the msg to be sent to the daemon */ | ||
910 | 735 | HIP_IFEL(hip_build_user_hdr(msg, HIP_MSG_CERT_X509V3_VERIFY, 0), -1, | ||
911 | 736 | "Failed to build user header\n"); | ||
912 | 737 | HIP_IFEL(hip_build_param_cert_x509_ver(msg, (char *) certificate, len), -1, | ||
913 | 738 | "Failed to build cert_info\n"); | ||
914 | 739 | |||
915 | 740 | /* send and wait */ | ||
916 | 741 | HIP_DEBUG("Sending request to verify x509 cert to " | ||
917 | 742 | "daemon and waiting for answer\n"); | ||
918 | 743 | hip_send_recv_daemon_info(msg, 0, 0); | ||
919 | 744 | |||
920 | 745 | /* get the struct from the message sent back by the daemon */ | ||
921 | 746 | HIP_IFEL(!(received = hip_get_param(msg, HIP_PARAM_CERT_X509_RESP)), -1, | ||
922 | 747 | "No x509 struct found\n"); | ||
923 | 748 | err = hip_get_msg_err(msg); | ||
924 | 749 | if (err == 0) { | ||
925 | 750 | HIP_DEBUG("Verified successfully\n"); | ||
926 | 751 | } else { | ||
927 | 752 | HIP_DEBUG("Verification failed\n"); | ||
928 | 753 | } | ||
929 | 754 | |||
930 | 755 | out_err: | ||
931 | 756 | free(msg); | ||
932 | 757 | return err; | ||
933 | 758 | } | ||
934 | 759 | |||
935 | 760 | /******************************************************************************* | 627 | /******************************************************************************* |
936 | 761 | * UTILITARY FUNCTIONS * | 628 | * UTILITARY FUNCTIONS * |
937 | 762 | *******************************************************************************/ | 629 | *******************************************************************************/ |
938 | 763 | 630 | ||
939 | === modified file 'lib/core/certtools.h' | |||
940 | --- lib/core/certtools.h 2011-08-15 14:11:56 +0000 | |||
941 | +++ lib/core/certtools.h 2011-10-17 18:32:42 +0000 | |||
942 | @@ -64,11 +64,6 @@ | |||
943 | 64 | const char *, struct in6_addr *, | 64 | const char *, struct in6_addr *, |
944 | 65 | time_t *, time_t *); | 65 | time_t *, time_t *); |
945 | 66 | int hip_cert_spki_char2certinfo(char *, struct hip_cert_spki_info *); | 66 | int hip_cert_spki_char2certinfo(char *, struct hip_cert_spki_info *); |
946 | 67 | int hip_cert_spki_send_to_verification(struct hip_cert_spki_info *); | ||
947 | 68 | |||
948 | 69 | /* x509v3 cert related functions */ | ||
949 | 70 | int hip_cert_x509v3_request_certificate(struct in6_addr *, unsigned char *); | ||
950 | 71 | int hip_cert_x509v3_request_verification(unsigned char *, int); | ||
951 | 72 | 67 | ||
952 | 73 | /** Utilitary functions */ | 68 | /** Utilitary functions */ |
953 | 74 | STACK_OF(CONF_VALUE) * hip_cert_read_conf_section(const char *, CONF *); | 69 | STACK_OF(CONF_VALUE) * hip_cert_read_conf_section(const char *, CONF *); |
954 | 75 | 70 | ||
955 | === modified file 'lib/core/modularization.c' | |||
956 | --- lib/core/modularization.c 2011-10-12 09:20:36 +0000 | |||
957 | +++ lib/core/modularization.c 2011-10-17 18:32:42 +0000 | |||
958 | @@ -95,8 +95,7 @@ | |||
959 | 95 | /** | 95 | /** |
960 | 96 | * List of parameter types. | 96 | * List of parameter types. |
961 | 97 | * | 97 | * |
964 | 98 | * Used to track all registered parameter types. Each module which defines a new | 98 | * Used to track all registered parameter types. |
963 | 99 | * parameter type must register it using lmod_register_parameter_type. | ||
965 | 100 | */ | 99 | */ |
966 | 101 | static struct hip_ll parameter_types; | 100 | static struct hip_ll parameter_types; |
967 | 102 | 101 | ||
968 | 103 | 102 | ||
969 | === modified file 'lib/tool/xfrmapi.c' | |||
970 | --- lib/tool/xfrmapi.c 2011-08-15 14:11:56 +0000 | |||
971 | +++ lib/tool/xfrmapi.c 2011-10-17 18:32:42 +0000 | |||
972 | @@ -701,8 +701,6 @@ | |||
973 | 701 | * @param entry corresponding host association | 701 | * @param entry corresponding host association |
974 | 702 | * @return zero on success and non-zero on error | 702 | * @return zero on success and non-zero on error |
975 | 703 | * @note IPv4 addresses in IPv6 mapped format | 703 | * @note IPv4 addresses in IPv6 mapped format |
976 | 704 | * @note If you make changes to this function, please change also | ||
977 | 705 | * hipd/user_ipsec_sadb_api.c:hip_userspace_ipsec_add_sa(). | ||
978 | 706 | */ | 704 | */ |
979 | 707 | uint32_t hip_add_sa(const struct in6_addr *saddr, | 705 | uint32_t hip_add_sa(const struct in6_addr *saddr, |
980 | 708 | const struct in6_addr *daddr, | 706 | const struct in6_addr *daddr, |
981 | 709 | 707 | ||
982 | === modified file 'test/certteststub.c' | |||
983 | --- test/certteststub.c 2011-08-15 14:11:56 +0000 | |||
984 | +++ test/certteststub.c 2011-10-17 18:32:42 +0000 | |||
985 | @@ -48,25 +48,18 @@ | |||
986 | 48 | #include "lib/core/protodefs.h" | 48 | #include "lib/core/protodefs.h" |
987 | 49 | 49 | ||
988 | 50 | 50 | ||
990 | 51 | int main(int argc, char *argv[]) | 51 | int main(void) |
991 | 52 | { | 52 | { |
993 | 53 | int err = 0, i = 0, len; | 53 | int err = 0, i = 0; |
994 | 54 | struct hip_cert_spki_info *cert = NULL; | 54 | struct hip_cert_spki_info *cert = NULL; |
995 | 55 | struct hip_cert_spki_info *to_verification = NULL; | 55 | struct hip_cert_spki_info *to_verification = NULL; |
996 | 56 | time_t not_before = 0, not_after = 0; | 56 | time_t not_before = 0, not_after = 0; |
997 | 57 | struct hip_common *msg; | 57 | struct hip_common *msg; |
998 | 58 | struct in6_addr *defhit; | 58 | struct in6_addr *defhit; |
999 | 59 | char certificate[1024]; | 59 | char certificate[1024]; |
1000 | 60 | unsigned char der_cert[1024]; | ||
1001 | 61 | CONF *conf; | 60 | CONF *conf; |
1002 | 62 | CONF_VALUE *item; | 61 | CONF_VALUE *item; |
1010 | 63 | STACK_OF(CONF_VALUE) * sec = NULL; | 62 | STACK_OF(CONF_VALUE) * sec = NULL; |
1004 | 64 | STACK_OF(CONF_VALUE) * sec_name = NULL; | ||
1005 | 65 | |||
1006 | 66 | if (argc != 2) { | ||
1007 | 67 | printf("Usage: %s spki|x509\n", argv[0]); | ||
1008 | 68 | exit(EXIT_SUCCESS); | ||
1009 | 69 | } | ||
1011 | 70 | 63 | ||
1012 | 71 | HIP_DEBUG("- This test tool has to be run as root otherwise this will fail!\n"); | 64 | HIP_DEBUG("- This test tool has to be run as root otherwise this will fail!\n"); |
1013 | 72 | HIP_DEBUG("- Hipd has to run otherwise this will hang!\n"); | 65 | HIP_DEBUG("- Hipd has to run otherwise this will hang!\n"); |
1014 | @@ -78,10 +71,6 @@ | |||
1015 | 78 | goto out_err; | 71 | goto out_err; |
1016 | 79 | } | 72 | } |
1017 | 80 | 73 | ||
1018 | 81 | if (strcmp(argv[1], "spki")) { | ||
1019 | 82 | goto skip_spki; | ||
1020 | 83 | } | ||
1021 | 84 | |||
1022 | 85 | HIP_DEBUG("Starting to test SPKI certficate tools\n"); | 74 | HIP_DEBUG("Starting to test SPKI certficate tools\n"); |
1023 | 86 | 75 | ||
1024 | 87 | cert = malloc(sizeof(struct hip_cert_spki_info)); | 76 | cert = malloc(sizeof(struct hip_cert_spki_info)); |
1025 | @@ -142,51 +131,12 @@ | |||
1026 | 142 | HIP_IFEL(hip_cert_spki_char2certinfo(certificate, to_verification), -1, | 131 | HIP_IFEL(hip_cert_spki_char2certinfo(certificate, to_verification), -1, |
1027 | 143 | "Failed to construct the hip_cert_spki_info from certificate\n"); | 132 | "Failed to construct the hip_cert_spki_info from certificate\n"); |
1028 | 144 | 133 | ||
1029 | 145 | /* | ||
1030 | 146 | * below, commented out, is the daemons version of the verification | ||
1031 | 147 | * and below that is the lib version of the verification | ||
1032 | 148 | */ | ||
1033 | 149 | /* | ||
1034 | 150 | * HIP_DEBUG("Sending the certificate to daemon for verification\n"); | ||
1035 | 151 | * | ||
1036 | 152 | * HIP_IFEL(hip_cert_spki_send_to_verification(to_verification), -1, | ||
1037 | 153 | * "Failed in sending to verification\n"); | ||
1038 | 154 | * HIP_IFEL(to_verification->success, -1, | ||
1039 | 155 | * "Verification was not successfull\n"); | ||
1040 | 156 | * HIP_DEBUG("Verification was successfull (return value %d)\n", | ||
1041 | 157 | * to_verification->success); | ||
1042 | 158 | */ | ||
1043 | 159 | /* Lets do the verification in library */ | 134 | /* Lets do the verification in library */ |
1044 | 160 | HIP_IFEL(hip_cert_spki_lib_verify(to_verification), -1, | 135 | HIP_IFEL(hip_cert_spki_lib_verify(to_verification), -1, |
1045 | 161 | "Verification was not succesfull\n"); | 136 | "Verification was not succesfull\n"); |
1046 | 162 | HIP_DEBUG("Verification was successfull (return value %d)\n", | 137 | HIP_DEBUG("Verification was successfull (return value %d)\n", |
1047 | 163 | to_verification->success); | 138 | to_verification->success); |
1048 | 164 | 139 | ||
1049 | 165 | goto out_err; | ||
1050 | 166 | |||
1051 | 167 | skip_spki: | ||
1052 | 168 | HIP_DEBUG("Starting to test x509v3 support\n"); | ||
1053 | 169 | |||
1054 | 170 | conf = hip_cert_open_conf(); | ||
1055 | 171 | sec_name = hip_cert_read_conf_section("hip_x509v3_name", conf); | ||
1056 | 172 | |||
1057 | 173 | for (i = 0; i < sk_CONF_VALUE_num(sec_name); i++) { | ||
1058 | 174 | item = sk_CONF_VALUE_value(sec_name, i); | ||
1059 | 175 | if (!strcmp(item->name, "issuerhit")) { | ||
1060 | 176 | err = inet_pton(AF_INET6, item->value, defhit); | ||
1061 | 177 | if (err < 1) { | ||
1062 | 178 | err = -1; | ||
1063 | 179 | goto out_err; | ||
1064 | 180 | } | ||
1065 | 181 | } | ||
1066 | 182 | } | ||
1067 | 183 | NCONF_free(conf); | ||
1068 | 184 | len = hip_cert_x509v3_request_certificate(defhit, der_cert); | ||
1069 | 185 | |||
1070 | 186 | /** Now send it back for the verification */ | ||
1071 | 187 | HIP_IFEL((err = hip_cert_x509v3_request_verification(der_cert, len) < 0), | ||
1072 | 188 | -1, "Failed to verify a certificate\n"); | ||
1073 | 189 | |||
1074 | 190 | out_err: | 140 | out_err: |
1075 | 191 | HIP_DEBUG("If there was no errors above, \"everything\" is OK\n"); | 141 | HIP_DEBUG("If there was no errors above, \"everything\" is OK\n"); |
1076 | 192 | 142 |
You're killing userspace IPsec and certificate code?