Merge lp:~diego-biurrun/hipl/unused_code into lp:hipl

Proposed by Diego Biurrun on 2011-10-17
Status: Needs review
Proposed branch: lp:~diego-biurrun/hipl/unused_code
Merge into: lp:hipl
Diff against target: 1075 lines (+4/-826)
18 files modified
Makefile.am (+0/-1)
hipd/esp_prot_hipd_msg.c (+0/-81)
hipd/esp_prot_hipd_msg.h (+0/-2)
hipd/pkt_handling.c (+0/-20)
hipd/pkt_handling.h (+0/-6)
hipd/registration.c (+0/-33)
hipd/registration.h (+0/-1)
hipd/user_ipsec_hipd_msg.c (+0/-217)
hipd/user_ipsec_hipd_msg.h (+0/-17)
hipd/user_ipsec_sadb_api.c (+0/-133)
hipd/user_ipsec_sadb_api.h (+0/-55)
lib/core/builder.c (+0/-62)
lib/core/builder.h (+0/-3)
lib/core/certtools.c (+0/-133)
lib/core/certtools.h (+0/-5)
lib/core/modularization.c (+1/-2)
lib/tool/xfrmapi.c (+0/-2)
test/certteststub.c (+3/-53)
To merge this branch: bzr merge lp:~diego-biurrun/hipl/unused_code
Reviewer Review Type Date Requested Status
René Hummen Disapprove on 2011-10-25
Miika Komu 2011-10-17 Needs Information on 2011-10-18
Review via email: mp+79595@code.launchpad.net

Description of the change

This is a quick respin of an old branch I had lying around which eliminates some dead code. I would assume that further inspection could reveal even more dead code, but this branch drops 800 lines, which is a considerable amount already.

To post a comment you must log in.
Miika Komu (miika-iki) wrote :

You're killing userspace IPsec and certificate code?

review: Needs Information
Diego Biurrun (diego-biurrun) wrote :

On Tue, Oct 18, 2011 at 08:44:25AM +0000, Miika Komu wrote:
> Review: Needs Information
>
> You're killing userspace IPsec and certificate code?

I kill unused code without second thoughts towards its (theoretical) use ;)

Diego

René Hummen (rene-hummen) wrote :

I don't have the time right now to check this merge proposal, but it proposes to remove some esp token and userspace ipsec code. So, I have to disapprove the proposal until I had a closer look at it.

review: Disapprove
Diego Biurrun (diego-biurrun) wrote :

On Tue, Oct 25, 2011 at 12:32:33PM +0000, René Hummen wrote:
> Review: Disapprove
>
> I don't have the time right now to check this merge proposal, but it
> proposes to remove some esp token and userspace ipsec code. So, I have
> to disapprove the proposal until I had a closer look at it.

Could you have another look and/or be more specific which code must
stay and which can go?

Diego

> You're killing userspace IPsec and certificate code?

Some of the certificate code (the X509 stuff) is used and significantly modified in my PISA branch.
I don't use the SPKI stuff, though. However, I think there's more to remove there than proposed in this merge.

I'd propose the following:
1) You prepare another merge-proposal without the certificate stuff.
2) I'll merge the PISA stuff (after it has been approved)
3) You do a second branch for removing unused certificate functionality (SPKI-related stuff), if nobody has compelling reasons to keep that stuff.

Miika Komu (miika-iki) wrote :

I think the removal of userspace IPsec stuff should be separated as well.

Diego Biurrun (diego-biurrun) wrote :

On Wed, Dec 21, 2011 at 09:32:23AM +0000, Henrik Ziegeldorf wrote:
> > You're killing userspace IPsec and certificate code?
>
> Some of the certificate code (the X509 stuff) is used and significantly modified in my PISA branch.
> I don't use the SPKI stuff, though. However, I think there's more to remove there than proposed in this merge.
>
> I'd propose the following:
> 1) You prepare another merge-proposal without the certificate stuff.
> 2) I'll merge the PISA stuff (after it has been approved)
> 3) You do a second branch for removing unused certificate functionality (SPKI-related stuff), if nobody has compelling reasons to keep that stuff.

I will but it would be simpler if you guys could just approve or disapprove
certain parts directly. I have committed it in several small parts, just
go and look at the Launchpad web frontend for merge request handling.

Updated request coming up in a moment.

Diego

Unmerged revisions

5855. By Diego Biurrun on 2011-10-17

Merge current HEAD.

5854. By Diego Biurrun on 2011-10-17

Merge current HEAD.

5853. By Diego Biurrun on 2011-04-14

Merge current HEAD.

5852. By Diego Biurrun on 2011-04-14

Restore no longer unused modularization functions.

5851. By Diego Biurrun on 2011-04-14

Merge current HEAD.

5850. By Diego Biurrun on 2011-04-14

Merge current HEAD.

5849. By Diego Biurrun on 2011-04-05

Remove unused function hip_cert_spki_send_to_verification().

5848. By Diego Biurrun on 2011-04-05

Remove unused (outside of test programs) x509 code.

5847. By Diego Biurrun on 2011-04-05

Remove unused function esp_prot_sa_add().

5846. By Diego Biurrun on 2011-04-04

Remove unused function hip_del_pending_request().

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'Makefile.am'
--- Makefile.am 2011-10-17 18:14:10 +0000
+++ Makefile.am 2011-10-17 18:32:42 +0000
@@ -121,7 +121,6 @@
121 hipd/registration.c \121 hipd/registration.c \
122 hipd/user.c \122 hipd/user.c \
123 hipd/user_ipsec_hipd_msg.c \123 hipd/user_ipsec_hipd_msg.c \
124 hipd/user_ipsec_sadb_api.c \
125 modules/heartbeat/hipd/heartbeat.c \124 modules/heartbeat/hipd/heartbeat.c \
126 modules/heartbeat_update/hipd/hb_update.c \125 modules/heartbeat_update/hipd/hb_update.c \
127 modules/midauth/lib/midauth_builder.c \126 modules/midauth/lib/midauth_builder.c \
128127
=== modified file 'hipd/esp_prot_hipd_msg.c'
--- hipd/esp_prot_hipd_msg.c 2011-10-17 15:22:35 +0000
+++ hipd/esp_prot_hipd_msg.c 2011-10-17 18:32:42 +0000
@@ -459,87 +459,6 @@
459 return err;459 return err;
460}460}
461461
462/** sets the ESP protection extension transform and anchor in user-messages
463 * sent to the firewall in order to add a new SA
464 *
465 * @param entry the host association entry for this connection
466 * @param msg the user-message sent by the firewall
467 * @param direction direction of the entry to be created
468 * @param update this was triggered by an update
469 * @return 0 if ok, != 0 else
470 */
471int esp_prot_sa_add(struct hip_hadb_state *entry, struct hip_common *msg,
472 const int direction, const int update)
473{
474 unsigned char (*hchain_anchors)[MAX_HASH_LENGTH] = NULL;
475 int hash_length = 0;
476 uint32_t hash_item_length = 0;
477 int err = 0, i;
478
479 HIP_DEBUG("direction: %i\n", direction);
480
481 // we always tell the negotiated transform to the firewall
482 HIP_DEBUG("esp protection transform is %u \n", entry->esp_prot_transform);
483 HIP_IFEL(hip_build_param_contents(msg, &entry->esp_prot_transform,
484 HIP_PARAM_ESP_PROT_TFM, sizeof(uint8_t)), -1,
485 "build param contents failed\n");
486
487 // but we only transmit the anchor to the firewall, if the esp extension is used
488 if (entry->esp_prot_transform > ESP_PROT_TFM_UNUSED) {
489 hash_length = anchor_db_get_anchor_length(entry->esp_prot_transform);
490
491 // choose the anchor depending on the direction and update or add
492 if (update) {
493 if (direction == HIP_SPI_DIRECTION_OUT) {
494 HIP_IFEL(!(hchain_anchors = entry->esp_local_update_anchors), -1,
495 "hchain anchor expected, but not present\n");
496
497 hash_item_length = entry->esp_local_update_length;
498 } else {
499 HIP_IFEL(!(hchain_anchors = entry->esp_peer_update_anchors), -1,
500 "hchain anchor expected, but not present\n");
501
502 hash_item_length = entry->esp_peer_update_length;
503 }
504 } else {
505 if (direction == HIP_SPI_DIRECTION_OUT) {
506 HIP_IFEL(!(hchain_anchors = entry->esp_local_anchors), -1,
507 "hchain anchor expected, but not present\n");
508
509 hash_item_length = entry->esp_local_active_length;
510 } else {
511 HIP_IFEL(!(hchain_anchors = entry->esp_peer_anchors), -1,
512 "hchain anchor expected, but not present\n");
513
514 hash_item_length = entry->esp_peer_active_length;
515 }
516 }
517
518 // add parameters to hipfw message
519 HIP_IFEL(hip_build_param_contents(msg, &hash_item_length,
520 HIP_PARAM_ITEM_LENGTH, sizeof(uint32_t)), -1,
521 "build param contents failed\n");
522
523 // add parameters to hipfw message
524 HIP_IFEL(hip_build_param_contents(msg, &esp_prot_num_parallel_hchains,
525 HIP_PARAM_UINT, sizeof(uint16_t)), -1,
526 "build param contents failed\n");
527
528 for (i = 0; i < esp_prot_num_parallel_hchains; i++) {
529 HIP_HEXDUMP("esp protection anchor is ", &hchain_anchors[i][0], hash_length);
530
531 HIP_IFEL(hip_build_param_contents(msg, &hchain_anchors[i][0],
532 HIP_PARAM_HCHAIN_ANCHOR, hash_length), -1,
533 "build param contents failed\n");
534 }
535 } else {
536 HIP_DEBUG("no anchor added, transform UNUSED\n");
537 }
538
539out_err:
540 return err;
541}
542
543/********************* BEX parameters *********************/462/********************* BEX parameters *********************/
544463
545/**464/**
546465
=== modified file 'hipd/esp_prot_hipd_msg.h'
--- hipd/esp_prot_hipd_msg.h 2011-10-17 15:22:35 +0000
+++ hipd/esp_prot_hipd_msg.h 2011-10-17 18:32:42 +0000
@@ -47,8 +47,6 @@
47int esp_prot_set_preferred_transforms(const struct hip_common *msg);47int esp_prot_set_preferred_transforms(const struct hip_common *msg);
48int esp_prot_handle_trigger_update_msg(const struct hip_common *msg);48int esp_prot_handle_trigger_update_msg(const struct hip_common *msg);
49int esp_prot_handle_anchor_change_msg(const struct hip_common *msg);49int esp_prot_handle_anchor_change_msg(const struct hip_common *msg);
50int esp_prot_sa_add(struct hip_hadb_state *entry, struct hip_common *msg,
51 const int direction, const int update);
52int esp_prot_r1_add_transforms(struct hip_common *msg);50int esp_prot_r1_add_transforms(struct hip_common *msg);
53int esp_prot_r1_handle_transforms(UNUSED const uint8_t packet_type,51int esp_prot_r1_handle_transforms(UNUSED const uint8_t packet_type,
54 UNUSED const enum hip_state ha_state,52 UNUSED const enum hip_state ha_state,
5553
=== modified file 'hipd/pkt_handling.c'
--- hipd/pkt_handling.c 2011-10-17 15:22:35 +0000
+++ hipd/pkt_handling.c 2011-10-17 18:32:42 +0000
@@ -101,26 +101,6 @@
101}101}
102102
103/**103/**
104 * Remove a handle function from the list.
105 *
106 * @param packet_type The packet type of the control message (RFC 5201, 5.3.)
107 * @param ha_state The host association state (RFC 5201, 4.4.1.)
108 * @param handle_function Pointer to the function which should be unregistered.
109 *
110 * @return Success = 0
111 * Error = -1
112 */
113int hip_unregister_handle_function(const uint8_t packet_type,
114 const enum hip_state ha_state,
115 int (*handle_function)(const uint8_t packet_type,
116 const enum hip_state ha_state,
117 struct hip_packet_context *ctx))
118{
119 return lmod_unregister_function(hip_handle_functions[packet_type][ha_state],
120 handle_function);
121}
122
123/**
124 * Run all handle functions for specified combination from packet type and host104 * Run all handle functions for specified combination from packet type and host
125 * association state.105 * association state.
126 *106 *
127107
=== modified file 'hipd/pkt_handling.h'
--- hipd/pkt_handling.h 2011-10-17 15:22:35 +0000
+++ hipd/pkt_handling.h 2011-10-17 18:32:42 +0000
@@ -38,12 +38,6 @@
38 struct hip_packet_context *ctx),38 struct hip_packet_context *ctx),
39 const uint16_t priority);39 const uint16_t priority);
4040
41int hip_unregister_handle_function(const uint8_t packet_type,
42 const enum hip_state ha_state,
43 int (*handle_function)(const uint8_t packet_type,
44 const enum hip_state ha_state,
45 struct hip_packet_context *ctx));
46
47int hip_run_handle_functions(const uint8_t packet_type,41int hip_run_handle_functions(const uint8_t packet_type,
48 const enum hip_state ha_state,42 const enum hip_state ha_state,
49 struct hip_packet_context *ctx);43 struct hip_packet_context *ctx);
5044
=== modified file 'hipd/registration.c'
--- hipd/registration.c 2011-08-15 14:11:56 +0000
+++ hipd/registration.c 2011-10-17 18:32:42 +0000
@@ -112,7 +112,6 @@
112 const struct hip_ll_node *iter = NULL;112 const struct hip_ll_node *iter = NULL;
113 struct hip_pending_request *request = NULL;113 struct hip_pending_request *request = NULL;
114114
115 /* See hip_del_pending_request() for a comment. */
116 while ((iter = hip_ll_iterate(&pending_requests, iter)) != NULL) {115 while ((iter = hip_ll_iterate(&pending_requests, iter)) != NULL) {
117 request = iter->ptr;116 request = iter->ptr;
118 if (now - request->created > HIP_PENDING_REQUEST_LIFETIME) {117 if (now - request->created > HIP_PENDING_REQUEST_LIFETIME) {
@@ -233,37 +232,6 @@
233}232}
234233
235/**234/**
236 * Deletes a pending request. Deletes a pending request identified by the host
237 * association @c entry from the linked list @c pending_requests.
238 *
239 * @param entry a pointer to the host association to which the pending request
240 * to be deleted is bound.
241 * @return zero if the pending request was succesfully deleted, -1
242 * otherwise.
243 */
244int hip_del_pending_request(struct hip_hadb_state *entry)
245{
246 int idx = 0;
247 const struct hip_ll_node *iter = NULL;
248
249 /* Iterate through the linked list. The iterator itself can't be used
250 * for deleting nodes from the list. Therefore, we just get the index of
251 * the element to be deleted using the iterator and then call
252 * hip_ll_del() to do the actual deletion. */
253 while ((iter = hip_ll_iterate(&pending_requests, iter)) != NULL) {
254 if (((struct hip_pending_request *) (iter->ptr))->entry == entry) {
255 HIP_DEBUG("Deleting and freeing a pending request at " \
256 "index %u.\n", idx);
257 hip_ll_del(&pending_requests, idx, free);
258 return 0;
259 }
260 idx++;
261 }
262
263 return -1;
264}
265
266/**
267 * Deletes a pending request of given type. Deletes a pending request identified235 * Deletes a pending request of given type. Deletes a pending request identified
268 * by the host association @c entry and matching the given type @c reg_type from236 * by the host association @c entry and matching the given type @c reg_type from
269 * the linked list @c pending_requests.237 * the linked list @c pending_requests.
@@ -281,7 +249,6 @@
281 const struct hip_ll_node *iter = NULL;249 const struct hip_ll_node *iter = NULL;
282 struct hip_pending_request *request = NULL;250 struct hip_pending_request *request = NULL;
283251
284 /* See hip_del_pending_request() for a comment. */
285 while ((iter = hip_ll_iterate(&pending_requests, iter)) != NULL) {252 while ((iter = hip_ll_iterate(&pending_requests, iter)) != NULL) {
286 request = iter->ptr;253 request = iter->ptr;
287 if (request->entry == entry && request->reg_type == reg_type) {254 if (request->entry == entry && request->reg_type == reg_type) {
288255
=== modified file 'hipd/registration.h'
--- hipd/registration.h 2011-08-15 14:11:56 +0000
+++ hipd/registration.h 2011-10-17 18:32:42 +0000
@@ -64,7 +64,6 @@
64int hip_get_active_services(struct hip_srv *active_services,64int hip_get_active_services(struct hip_srv *active_services,
65 unsigned int *active_service_count);65 unsigned int *active_service_count);
66int hip_add_pending_request(struct hip_pending_request *request);66int hip_add_pending_request(struct hip_pending_request *request);
67int hip_del_pending_request(struct hip_hadb_state *entry);
68int hip_replace_pending_requests(struct hip_hadb_state *entry_old,67int hip_replace_pending_requests(struct hip_hadb_state *entry_old,
69 struct hip_hadb_state *entry_new);68 struct hip_hadb_state *entry_new);
70int hip_handle_param_reg_info(struct hip_hadb_state *entry,69int hip_handle_param_reg_info(struct hip_hadb_state *entry,
7170
=== modified file 'hipd/user_ipsec_hipd_msg.c'
--- hipd/user_ipsec_hipd_msg.c 2011-08-15 14:11:56 +0000
+++ hipd/user_ipsec_hipd_msg.c 2011-10-17 18:32:42 +0000
@@ -43,7 +43,6 @@
43#include "esp_prot_hipd_msg.h"43#include "esp_prot_hipd_msg.h"
44#include "hipd.h"44#include "hipd.h"
45#include "init.h"45#include "init.h"
46#include "user_ipsec_sadb_api.h"
47#include "user_ipsec_hipd_msg.h"46#include "user_ipsec_hipd_msg.h"
4847
4948
@@ -81,219 +80,3 @@
8180
82 return err;81 return err;
83}82}
84
85/** creates a user-message to add a SA to userspace IPsec
86 *
87 * @param saddr outer globally routable source ip address
88 * @param daddr outer globally routable destination ip address
89 * @param src_hit inner source address
90 * @param dst_hit inner destination address
91 * @param spi ipsec spi for demultiplexing
92 * @param ealg crypto transform to be used for the SA
93 * @param enckey raw encryption key
94 * @param authkey raw authentication key
95 * @param retransmission notification if this event is due to retransmission
96 * @param direction represents inbound or outbound direction
97 * @param update notification if this event derives from an update
98 * @param entry host association entry for this connection
99 * @return the msg, NULL if an error occurred
100 */
101struct hip_common *create_add_sa_msg(const struct in6_addr *saddr,
102 const struct in6_addr *daddr,
103 const struct in6_addr *src_hit,
104 const struct in6_addr *dst_hit,
105 const uint32_t spi, const int ealg,
106 const struct hip_crypto_key *enckey,
107 const struct hip_crypto_key *authkey,
108 const int retransmission,
109 const int direction, const int update,
110 struct hip_hadb_state *entry)
111{
112 struct hip_common *msg = NULL;
113 int err = 0;
114
115 HIP_IFEL(!(msg = malloc(HIP_MAX_PACKET)), -1,
116 "alloc memory for adding sa entry\n");
117
118 hip_msg_init(msg);
119
120 HIP_IFEL(hip_build_user_hdr(msg, HIP_MSG_IPSEC_ADD_SA, 0), -1,
121 "build hdr failed\n");
122
123 HIP_DEBUG_IN6ADDR("Source IP address: ", saddr);
124 HIP_IFEL(hip_build_param_contents(msg, saddr,
125 HIP_PARAM_IPV6_ADDR,
126 sizeof(struct in6_addr)), -1,
127 "build param contents failed\n");
128
129 HIP_DEBUG_IN6ADDR("Destination IP address : ", daddr);
130 HIP_IFEL(hip_build_param_contents(msg, daddr,
131 HIP_PARAM_IPV6_ADDR,
132 sizeof(struct in6_addr)), -1,
133 "build param contents failed\n");
134
135 HIP_DEBUG_HIT("Source HIT: ", src_hit);
136 HIP_IFEL(hip_build_param_contents(msg, src_hit, HIP_PARAM_HIT,
137 sizeof(struct in6_addr)), -1,
138 "build param contents failed\n");
139
140 HIP_DEBUG_HIT("Destination HIT: ", dst_hit);
141 HIP_IFEL(hip_build_param_contents(msg, dst_hit, HIP_PARAM_HIT,
142 sizeof(struct in6_addr)), -1,
143 "build param contents failed\n");
144
145 HIP_DEBUG("the spi value is : %x \n", spi);
146 HIP_IFEL(hip_build_param_contents(msg, &spi, HIP_PARAM_UINT,
147 sizeof(uint32_t)), -1,
148 "build param contents failed\n");
149
150 HIP_DEBUG("the nat_mode value is %u \n", entry->nat_mode);
151 HIP_IFEL(hip_build_param_contents(msg, &entry->nat_mode, HIP_PARAM_UINT,
152 sizeof(uint8_t)), -1,
153 "build param contents failed\n");
154
155 HIP_DEBUG("the local_port value is %u \n", entry->local_udp_port);
156 HIP_IFEL(hip_build_param_contents(msg, &entry->local_udp_port,
157 HIP_PARAM_UINT, sizeof(uint16_t)), -1, "build param contents failed\n");
158
159 HIP_DEBUG("the peer_port value is %u \n", entry->peer_udp_port);
160 HIP_IFEL(hip_build_param_contents(msg, &entry->peer_udp_port,
161 HIP_PARAM_UINT, sizeof(uint16_t)), -1, "build param contents failed\n");
162
163 // params needed by the esp protection extension
164 HIP_IFEL(esp_prot_sa_add(entry, msg, direction, update), -1,
165 "failed to add esp prot params\n");
166
167 HIP_HEXDUMP("crypto key :", enckey, sizeof(struct hip_crypto_key));
168 HIP_IFEL(hip_build_param_contents(msg,
169 enckey,
170 HIP_PARAM_KEYS,
171 sizeof(struct hip_crypto_key)), -1,
172 "build param contents failed\n");
173
174 HIP_HEXDUMP("authen key :", authkey, sizeof(struct hip_crypto_key));
175 HIP_IFEL(hip_build_param_contents(msg,
176 authkey,
177 HIP_PARAM_KEYS,
178 sizeof(struct hip_crypto_key)), -1,
179 "build param contents failed\n");
180
181 HIP_DEBUG("ealg value is %d \n", ealg);
182 HIP_IFEL(hip_build_param_contents(msg, &ealg, HIP_PARAM_INT,
183 sizeof(int)), -1,
184 "build param contents failed\n");
185
186 HIP_DEBUG("retransmission value is %d \n", retransmission);
187 HIP_IFEL(hip_build_param_contents(msg, &retransmission,
188 HIP_PARAM_INT, sizeof(int)), -1,
189 "build param contents failed\n");
190
191 HIP_DEBUG("the direction value is %d \n", direction);
192 HIP_IFEL(hip_build_param_contents(msg, &direction,
193 HIP_PARAM_INT,
194 sizeof(int)), -1,
195 "build param contents failed\n");
196
197 HIP_DEBUG("the update value is %d \n", update);
198 HIP_IFEL(hip_build_param_contents(msg, &update, HIP_PARAM_INT,
199 sizeof(int)), -1,
200 "build param contents failed\n");
201
202out_err:
203 if (err) {
204 free(msg);
205 msg = NULL;
206 }
207
208 return msg;
209}
210
211/** creates a user-message to delete a SA from userspace IPsec
212 *
213 * @param spi ipsec spi for demultiplexing
214 * @param peer_addr outer globally routable source ip address
215 * @param dst_addr outer globally routable destination ip address
216 * @param family protocol family of above addresses
217 * @param src_port local port for this host association
218 * @param dst_port peer port for this host association
219 * @return the msg, NULL if an error occured
220 */
221struct hip_common *create_delete_sa_msg(const uint32_t spi,
222 const struct in6_addr *peer_addr,
223 const struct in6_addr *dst_addr,
224 const int family,
225 const int src_port,
226 const int dst_port)
227{
228 struct hip_common *msg = NULL;
229 int err = 0;
230
231 HIP_IFEL(!(msg = malloc(HIP_MAX_PACKET)), -1,
232 "alloc memory for adding sa entry\n");
233
234 hip_msg_init(msg);
235
236 HIP_IFEL(hip_build_user_hdr(msg, HIP_MSG_IPSEC_DELETE_SA, 0), -1,
237 "build hdr failed\n");
238
239 HIP_DEBUG("spi value: %u\n", spi);
240 HIP_IFEL(hip_build_param_contents(msg, &spi, HIP_PARAM_UINT,
241 sizeof(uint32_t)), -1, "build param contents failed\n");
242
243 HIP_DEBUG_IN6ADDR("peer address: ", peer_addr);
244 HIP_IFEL(hip_build_param_contents(msg, peer_addr, HIP_PARAM_IPV6_ADDR,
245 sizeof(struct in6_addr)), -1, "build param contents failed\n");
246
247 HIP_DEBUG_IN6ADDR("destination address: ", dst_addr);
248 HIP_IFEL(hip_build_param_contents(msg, dst_addr, HIP_PARAM_IPV6_ADDR,
249 sizeof(struct in6_addr)), -1, "build param contents failed\n");
250
251 HIP_DEBUG("family: %i\n", family);
252 HIP_IFEL(hip_build_param_contents(msg, &family, HIP_PARAM_INT,
253 sizeof(int)), -1, "build param contents failed\n");
254
255 HIP_DEBUG("src_port: %i\n", src_port);
256 HIP_IFEL(hip_build_param_contents(msg, &src_port, HIP_PARAM_INT,
257 sizeof(int)), -1, "build param contents failed\n");
258
259 HIP_DEBUG("src_port: %i\n", dst_port);
260 HIP_IFEL(hip_build_param_contents(msg, &dst_port, HIP_PARAM_INT,
261 sizeof(int)), -1, "build param contents failed\n");
262
263out_err:
264 if (err) {
265 free(msg);
266 msg = NULL;
267 }
268
269 return msg;
270}
271
272/**
273 * create a user-message to flush all SAs from userspace IPsec
274 *
275 * @return the msg, NULL if an error occured
276 */
277struct hip_common *create_flush_all_sa_msg(void)
278{
279 struct hip_common *msg = NULL;
280 int err = 0;
281
282 HIP_IFEL(!(msg = malloc(HIP_MAX_PACKET)), -1,
283 "alloc memory for adding sa entry\n");
284
285 hip_msg_init(msg);
286
287 HIP_IFEL(hip_build_user_hdr(msg, HIP_MSG_IPSEC_FLUSH_ALL_SA, 0), -1,
288 "build hdr failed\n");
289
290 // this triggers the flushing without specifying any parameters
291
292out_err:
293 if (err) {
294 free(msg);
295 msg = NULL;
296 }
297
298 return msg;
299}
30083
=== modified file 'hipd/user_ipsec_hipd_msg.h'
--- hipd/user_ipsec_hipd_msg.h 2011-08-15 14:11:56 +0000
+++ hipd/user_ipsec_hipd_msg.h 2011-10-17 18:32:42 +0000
@@ -39,22 +39,5 @@
39#include "lib/core/protodefs.h"39#include "lib/core/protodefs.h"
4040
41int hip_userspace_ipsec_activate(const struct hip_common *msg);41int hip_userspace_ipsec_activate(const struct hip_common *msg);
42struct hip_common *create_add_sa_msg(const struct in6_addr *saddr,
43 const struct in6_addr *daddr,
44 const struct in6_addr *src_hit,
45 const struct in6_addr *dst_hit,
46 const uint32_t spi, const int ealg,
47 const struct hip_crypto_key *enckey,
48 const struct hip_crypto_key *authkey,
49 const int retransmission,
50 const int direction, const int update,
51 struct hip_hadb_state *entry);
52struct hip_common *create_delete_sa_msg(const uint32_t spi,
53 const struct in6_addr *peer_addr,
54 const struct in6_addr *dst_addr,
55 const int family,
56 const int src_port,
57 const int dst_port);
58struct hip_common *create_flush_all_sa_msg(void);
5942
60#endif /* HIP_HIPD_USER_IPSEC_HIPD_MSG_H */43#endif /* HIP_HIPD_USER_IPSEC_HIPD_MSG_H */
6144
=== removed file 'hipd/user_ipsec_sadb_api.c'
--- hipd/user_ipsec_sadb_api.c 2011-08-15 14:11:56 +0000
+++ hipd/user_ipsec_sadb_api.c 1970-01-01 00:00:00 +0000
@@ -1,133 +0,0 @@
1/*
2 * Copyright (c) 2010 Aalto University and RWTH Aachen University.
3 *
4 * Permission is hereby granted, free of charge, to any person
5 * obtaining a copy of this software and associated documentation
6 * files (the "Software"), to deal in the Software without
7 * restriction, including without limitation the rights to use,
8 * copy, modify, merge, publish, distribute, sublicense, and/or sell
9 * copies of the Software, and to permit persons to whom the
10 * Software is furnished to do so, subject to the following
11 * conditions:
12 *
13 * The above copyright notice and this permission notice shall be
14 * included in all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
18 * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
19 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
20 * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
21 * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
22 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
23 * OTHER DEALINGS IN THE SOFTWARE.
24 */
25
26/**
27 * @file
28 * Provides the API used by the hipd to set up and maintain the
29 * userspace IPsec state in the hipfw.
30 *
31 * @brief API used by the hipd to set up and maintain userspace IPsec state
32 */
33
34#include <stdint.h>
35#include <arpa/inet.h>
36#include <netinet/in.h>
37
38#include "lib/core/debug.h"
39#include "lib/core/icomm.h"
40#include "lib/core/ife.h"
41#include "lib/core/prefix.h"
42#include "lib/core/protodefs.h"
43#include "lib/core/state.h"
44#include "user.h"
45#include "user_ipsec_hipd_msg.h"
46#include "user_ipsec_sadb_api.h"
47
48
49/** generic send function used to send the below created messages
50 *
51 * @param msg the message to be sent
52 * @return 0, if correct, else != 0
53 */
54static int hip_userspace_ipsec_send_to_fw(const struct hip_common *msg)
55{
56 struct sockaddr_in6 hip_fw_addr;
57 struct in6_addr loopback = in6addr_loopback;
58 int err = 0;
59
60 HIP_ASSERT(msg != NULL);
61
62 // destination is firewall
63 hip_fw_addr.sin6_family = AF_INET6;
64 hip_fw_addr.sin6_port = htons(HIP_FIREWALL_PORT);
65 ipv6_addr_copy(&hip_fw_addr.sin6_addr, &loopback);
66
67 err = hip_sendto_user(msg, (struct sockaddr *) &hip_fw_addr);
68 if (err < 0) {
69 HIP_ERROR("sending of message to firewall failed\n");
70
71 err = -1;
72 goto out_err;
73 } else {
74 HIP_DEBUG("sending of message to firewall successful\n");
75
76 // this is needed if we want to use HIP_IFEL
77 err = 0;
78 }
79
80out_err:
81 return err;
82}
83
84/** adds a new SA entry for the specified direction to the sadb in userspace ipsec
85 * @note If you make changes to this function, please change also hip_add_sa()
86 *
87 * @param saddr outer globally routable source ip address
88 * @param daddr outer globally routable destination ip address
89 * @param src_hit inner source address
90 * @param dst_hit inner destination address
91 * @param spi ipsec spi for demultiplexing
92 * @param ealg crypto transform to be used for the SA
93 * @param enckey raw encryption key
94 * @param authkey raw authentication key
95 * @param retransmission notification if this event is due to retransmission
96 * @param direction represents inbound or outbound direction
97 * @param update notification if this event derives from an update
98 * @param entry host association entry for this connection
99 * @return 0, if correct, otherwise -1
100 */
101uint32_t hip_userspace_ipsec_add_sa(const struct in6_addr *saddr,
102 const struct in6_addr *daddr,
103 const struct in6_addr *src_hit,
104 const struct in6_addr *dst_hit,
105 const uint32_t spi, const int ealg,
106 const struct hip_crypto_key *enckey,
107 const struct hip_crypto_key *authkey,
108 const int retransmission,
109 const int direction, const int update,
110 struct hip_hadb_state *entry)
111{
112 struct hip_common *msg = NULL;
113 int err = 0;
114
115 HIP_ASSERT(spi != 0);
116
117 HIP_IFEL(entry->disable_sas == 1, 0, "SA creation disabled\n");
118
119 if (direction == HIP_SPI_DIRECTION_OUT) {
120 entry->outbound_sa_count++;
121 } else {
122 entry->inbound_sa_count++;
123 }
124
125 HIP_IFEL(!(msg = create_add_sa_msg(saddr, daddr, src_hit, dst_hit, spi, ealg, enckey,
126 authkey, retransmission, direction, update, entry)), -1,
127 "failed to create add_sa message\n");
128
129 HIP_IFEL(hip_userspace_ipsec_send_to_fw(msg), -1, "failed to send msg to fw\n");
130
131out_err:
132 return err;
133}
1340
=== removed file 'hipd/user_ipsec_sadb_api.h'
--- hipd/user_ipsec_sadb_api.h 2011-08-15 14:11:56 +0000
+++ hipd/user_ipsec_sadb_api.h 1970-01-01 00:00:00 +0000
@@ -1,55 +0,0 @@
1/*
2 * Copyright (c) 2010 Aalto University and RWTH Aachen University.
3 *
4 * Permission is hereby granted, free of charge, to any person
5 * obtaining a copy of this software and associated documentation
6 * files (the "Software"), to deal in the Software without
7 * restriction, including without limitation the rights to use,
8 * copy, modify, merge, publish, distribute, sublicense, and/or sell
9 * copies of the Software, and to permit persons to whom the
10 * Software is furnished to do so, subject to the following
11 * conditions:
12 *
13 * The above copyright notice and this permission notice shall be
14 * included in all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
18 * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
19 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
20 * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
21 * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
22 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
23 * OTHER DEALINGS IN THE SOFTWARE.
24 */
25
26/**
27 * @file
28 * Provides the API used by the hipd to set up and maintain the
29 * userspace IPsec state in the hipfw.
30 *
31 * @brief API used by the hipd to set up and maintain userspace IPsec state
32 */
33
34#ifndef HIP_HIPD_USER_IPSEC_SADB_API_H
35#define HIP_HIPD_USER_IPSEC_SADB_API_H
36
37#include <stdint.h>
38#include <netinet/in.h>
39
40#include "lib/core/protodefs.h"
41
42uint32_t hip_userspace_ipsec_add_sa(const struct in6_addr *saddr,
43 const struct in6_addr *daddr,
44 const struct in6_addr *src_hit,
45 const struct in6_addr *dst_hit,
46 const uint32_t spi, const int ealg,
47 const struct hip_crypto_key *enckey,
48 const struct hip_crypto_key *authkey,
49 const int retransmission,
50 const int direction, const int update,
51 struct hip_hadb_state *entry);
52
53int hip_userspace_ipsec_setup_default_sp_prefix_pair(void);
54
55#endif /* HIP_HIPD_USER_IPSEC_SADB_API_H */
560
=== modified file 'lib/core/builder.c'
--- lib/core/builder.c 2011-08-15 14:11:56 +0000
+++ lib/core/builder.c 2011-10-17 18:32:42 +0000
@@ -918,18 +918,6 @@
918 * @return pointer to the contents of the tlv_common (just after the918 * @return pointer to the contents of the tlv_common (just after the
919 * the type and length fields)919 * the type and length fields)
920 */920 */
921void *hip_get_param_contents_direct_readwrite(void *tlv_common)
922{
923 return ((uint8_t *) tlv_common) + sizeof(struct hip_tlv_common);
924}
925
926/**
927 * hip_get_param_contents_direct - get parameter contents direct from TLV
928 *
929 * @param tlv_common pointer to a parameter
930 * @return pointer to the contents of the tlv_common (just after the
931 * the type and length fields)
932 */
933const void *hip_get_param_contents_direct(const void *tlv_common)921const void *hip_get_param_contents_direct(const void *tlv_common)
934{922{
935 return ((const uint8_t *) tlv_common) + sizeof(struct hip_tlv_common);923 return ((const uint8_t *) tlv_common) + sizeof(struct hip_tlv_common);
@@ -3373,56 +3361,6 @@
3373}3361}
33743362
3375/**3363/**
3376 * Build and append a X509 certiticate request parameter into a HIP control
3377 * message (on-the-wire)
3378 *
3379 * @param msg a pointer to the message where the parameter will be
3380 * appended
3381 * @param addr the subject for the certificate
3382 * @return zero on success, or negative on failure
3383 * @see <a href="http://tools.ietf.org/html/draft-ietf-hip-cert">draft-ietf-hip-cert</a>
3384 *
3385 */
3386int hip_build_param_cert_x509_req(struct hip_common *msg, struct in6_addr *addr)
3387{
3388 struct hip_cert_x509_req subj;
3389
3390 hip_set_param_type((struct hip_tlv_common *) &subj, HIP_PARAM_CERT_X509_REQ);
3391 hip_calc_param_len((struct hip_tlv_common *) &subj,
3392 sizeof(struct hip_cert_x509_req)
3393 - sizeof(struct hip_tlv_common));
3394 ipv6_addr_copy(&subj.addr, addr);
3395
3396 return hip_build_param(msg, &subj);
3397}
3398
3399/**
3400 * build and append a X509 certificate verification parameter into a
3401 * HIP control message (on-the-wire)
3402 *
3403 * @param msg a pointer to the message where the parameter will be
3404 * appended
3405 * @param der der field
3406 * @param len length of the der field in bytes
3407 * @return zero on success, or negative on failure
3408 * @see <a href="http://tools.ietf.org/html/draft-ietf-hip-cert">draft-ietf-hip-cert</a>
3409 *
3410 */
3411int hip_build_param_cert_x509_ver(struct hip_common *msg, char *der, int len)
3412{
3413 struct hip_cert_x509_resp subj;
3414
3415 hip_set_param_type((struct hip_tlv_common *) &subj, HIP_PARAM_CERT_X509_REQ);
3416 hip_calc_param_len((struct hip_tlv_common *) &subj,
3417 sizeof(struct hip_cert_x509_resp)
3418 - sizeof(struct hip_tlv_common));
3419 memcpy(&subj.der, der, len);
3420 subj.der_len = len;
3421
3422 return hip_build_param(msg, &subj);
3423}
3424
3425/**
3426 * build and append a X509 certificate response into a HIP control message3364 * build and append a X509 certificate response into a HIP control message
3427 * (on-the-wire)3365 * (on-the-wire)
3428 *3366 *
34293367
=== modified file 'lib/core/builder.h'
--- lib/core/builder.h 2011-08-15 14:11:56 +0000
+++ lib/core/builder.h 2011-10-17 18:32:42 +0000
@@ -155,9 +155,7 @@
155 const struct in6_addr rvs_addresses[]);155 const struct in6_addr rvs_addresses[]);
156int hip_build_param_cert_spki_info(struct hip_common *msg,156int hip_build_param_cert_spki_info(struct hip_common *msg,
157 struct hip_cert_spki_info *cert_info);157 struct hip_cert_spki_info *cert_info);
158int hip_build_param_cert_x509_req(struct hip_common *, struct in6_addr *);
159int hip_build_param_cert_x509_resp(struct hip_common *, char *, int);158int hip_build_param_cert_x509_resp(struct hip_common *, char *, int);
160int hip_build_param_cert_x509_ver(struct hip_common *, char *, int);
161159
162int hip_build_param_hit_to_ip_set(struct hip_common *, const char *);160int hip_build_param_hit_to_ip_set(struct hip_common *, const char *);
163int hip_build_user_hdr(struct hip_common *, hip_hdr, hip_hdr_err);161int hip_build_user_hdr(struct hip_common *, hip_hdr, hip_hdr_err);
@@ -187,7 +185,6 @@
187void *hip_get_param_readwrite(struct hip_common *, hip_tlv);185void *hip_get_param_readwrite(struct hip_common *, hip_tlv);
188const void *hip_get_param_contents(const struct hip_common *, hip_tlv);186const void *hip_get_param_contents(const struct hip_common *, hip_tlv);
189const void *hip_get_param_contents_direct(const void *);187const void *hip_get_param_contents_direct(const void *);
190void *hip_get_param_contents_direct_readwrite(void *);
191hip_tlv_len hip_get_param_contents_len(const void *);188hip_tlv_len hip_get_param_contents_len(const void *);
192int hip_get_param_host_id_di_type_len(const struct hip_host_id *,189int hip_get_param_host_id_di_type_len(const struct hip_host_id *,
193 const char **, int *);190 const char **, int *);
194191
=== modified file 'lib/core/certtools.c'
--- lib/core/certtools.c 2011-08-15 14:11:56 +0000
+++ lib/core/certtools.c 2011-10-17 18:32:42 +0000
@@ -624,139 +624,6 @@
624 return err;624 return err;
625}625}
626626
627/**
628 * Function that sends the given hip_cert_spki_info to the daemon to
629 * verification
630 *
631 * @param to_verification is the cert to be verified
632 *
633 * @return 0 if ok and negative if error or unsuccesfull.
634 *
635 * @note use hip_cert_spki_char2certinfo to build the hip_cert_spki_info
636 */
637int hip_cert_spki_send_to_verification(struct hip_cert_spki_info *to_verification)
638{
639 int err = 0;
640 struct hip_common *msg;
641 const struct hip_cert_spki_info *returned;
642
643 HIP_IFEL(!(msg = malloc(HIP_MAX_PACKET)), -1,
644 "Malloc for msg failed\n");
645 hip_msg_init(msg);
646 /* build the msg to be sent to the daemon */
647 HIP_IFEL(hip_build_user_hdr(msg, HIP_MSG_CERT_SPKI_VERIFY, 0), -1,
648 "Failed to build user header\n");
649 HIP_IFEL(hip_build_param_cert_spki_info(msg, to_verification), -1,
650 "Failed to build cert_info\n");
651
652 /* send and wait */
653 HIP_DEBUG("Sending request to verify SPKI cert to "
654 "daemon and waiting for answer\n");
655 hip_send_recv_daemon_info(msg, 0, 0);
656
657 HIP_IFEL(!(returned = hip_get_param(msg, HIP_PARAM_CERT_SPKI_INFO)),
658 -1, "No hip_cert_spki_info struct found from daemons msg\n");
659
660 memcpy(to_verification, returned, sizeof(struct hip_cert_spki_info));
661
662out_err:
663 free(msg);
664 return err;
665}
666
667/******************************************************************************
668 * FUNCTIONS FOR x509v3 *
669 ******************************************************************************/
670
671/**
672 * Function that requests for a certificate from daemon and gives it back.
673 *
674 * @param subject is the subjects HIT
675 *
676 * @param certificate is pointer to a buffer to which this function writes the completed cert
677 *
678 * @return positive on success negative otherwise
679 *
680 * @note The certificate is given in DER encoding
681 */
682int hip_cert_x509v3_request_certificate(struct in6_addr *subject,
683 unsigned char *certificate)
684{
685 int err = 0;
686 struct hip_common *msg;
687 const struct hip_cert_x509_resp *p;
688
689 HIP_IFEL(!(msg = malloc(HIP_MAX_PACKET)), -1,
690 "Malloc for msg failed\n");
691 hip_msg_init(msg);
692 /* build the msg to be sent to the daemon */
693
694 HIP_IFEL(hip_build_user_hdr(msg, HIP_MSG_CERT_X509V3_SIGN, 0), -1,
695 "Failed to build user header\n");
696 HIP_IFEL(hip_build_param_cert_x509_req(msg, subject), -1,
697 "Failed to build cert_info\n");
698 /* send and wait */
699 HIP_DEBUG("Sending request to sign x509 cert to "
700 "daemon and waiting for answer\n");
701 hip_send_recv_daemon_info(msg, 0, 0);
702 /* get the struct from the message sent back by the daemon */
703 HIP_IFEL(!(p = hip_get_param(msg, HIP_PARAM_CERT_X509_RESP)), -1,
704 "No name x509 struct found\n");
705 memcpy(certificate, p->der, p->der_len);
706 err = p->der_len;
707
708out_err:
709 free(msg);
710 return err;
711}
712
713/**
714 * Function that requests for a verification of a certificate from
715 * daemon and tells the result.
716 *
717 * @param certificate is pointer to a certificate to be verified
718 * @param len is the length of the cert in certificate parameter in bytes
719 *
720 * @return 0 on success negative otherwise
721 *
722 * @note give the certificate in PEM encoding
723 */
724int hip_cert_x509v3_request_verification(unsigned char *certificate, int len)
725{
726 int err = 0;
727 struct hip_common *msg;
728 const struct hip_cert_x509_resp *received;
729
730 HIP_IFEL(!(msg = malloc(HIP_MAX_PACKET)), -1,
731 "Malloc for msg failed\n");
732 hip_msg_init(msg);
733
734 /* build the msg to be sent to the daemon */
735 HIP_IFEL(hip_build_user_hdr(msg, HIP_MSG_CERT_X509V3_VERIFY, 0), -1,
736 "Failed to build user header\n");
737 HIP_IFEL(hip_build_param_cert_x509_ver(msg, (char *) certificate, len), -1,
738 "Failed to build cert_info\n");
739
740 /* send and wait */
741 HIP_DEBUG("Sending request to verify x509 cert to "
742 "daemon and waiting for answer\n");
743 hip_send_recv_daemon_info(msg, 0, 0);
744
745 /* get the struct from the message sent back by the daemon */
746 HIP_IFEL(!(received = hip_get_param(msg, HIP_PARAM_CERT_X509_RESP)), -1,
747 "No x509 struct found\n");
748 err = hip_get_msg_err(msg);
749 if (err == 0) {
750 HIP_DEBUG("Verified successfully\n");
751 } else {
752 HIP_DEBUG("Verification failed\n");
753 }
754
755out_err:
756 free(msg);
757 return err;
758}
759
760/*******************************************************************************627/*******************************************************************************
761 * UTILITARY FUNCTIONS *628 * UTILITARY FUNCTIONS *
762 *******************************************************************************/629 *******************************************************************************/
763630
=== modified file 'lib/core/certtools.h'
--- lib/core/certtools.h 2011-08-15 14:11:56 +0000
+++ lib/core/certtools.h 2011-10-17 18:32:42 +0000
@@ -64,11 +64,6 @@
64 const char *, struct in6_addr *,64 const char *, struct in6_addr *,
65 time_t *, time_t *);65 time_t *, time_t *);
66int hip_cert_spki_char2certinfo(char *, struct hip_cert_spki_info *);66int hip_cert_spki_char2certinfo(char *, struct hip_cert_spki_info *);
67int hip_cert_spki_send_to_verification(struct hip_cert_spki_info *);
68
69/* x509v3 cert related functions */
70int hip_cert_x509v3_request_certificate(struct in6_addr *, unsigned char *);
71int hip_cert_x509v3_request_verification(unsigned char *, int);
7267
73/** Utilitary functions */68/** Utilitary functions */
74STACK_OF(CONF_VALUE) * hip_cert_read_conf_section(const char *, CONF *);69STACK_OF(CONF_VALUE) * hip_cert_read_conf_section(const char *, CONF *);
7570
=== modified file 'lib/core/modularization.c'
--- lib/core/modularization.c 2011-10-12 09:20:36 +0000
+++ lib/core/modularization.c 2011-10-17 18:32:42 +0000
@@ -95,8 +95,7 @@
95/**95/**
96 * List of parameter types.96 * List of parameter types.
97 *97 *
98 * Used to track all registered parameter types. Each module which defines a new98 * Used to track all registered parameter types.
99 * parameter type must register it using lmod_register_parameter_type.
100 */99 */
101static struct hip_ll parameter_types;100static struct hip_ll parameter_types;
102101
103102
=== modified file 'lib/tool/xfrmapi.c'
--- lib/tool/xfrmapi.c 2011-08-15 14:11:56 +0000
+++ lib/tool/xfrmapi.c 2011-10-17 18:32:42 +0000
@@ -701,8 +701,6 @@
701 * @param entry corresponding host association701 * @param entry corresponding host association
702 * @return zero on success and non-zero on error702 * @return zero on success and non-zero on error
703 * @note IPv4 addresses in IPv6 mapped format703 * @note IPv4 addresses in IPv6 mapped format
704 * @note If you make changes to this function, please change also
705 * hipd/user_ipsec_sadb_api.c:hip_userspace_ipsec_add_sa().
706 */704 */
707uint32_t hip_add_sa(const struct in6_addr *saddr,705uint32_t hip_add_sa(const struct in6_addr *saddr,
708 const struct in6_addr *daddr,706 const struct in6_addr *daddr,
709707
=== modified file 'test/certteststub.c'
--- test/certteststub.c 2011-08-15 14:11:56 +0000
+++ test/certteststub.c 2011-10-17 18:32:42 +0000
@@ -48,25 +48,18 @@
48#include "lib/core/protodefs.h"48#include "lib/core/protodefs.h"
4949
5050
51int main(int argc, char *argv[])51int main(void)
52{52{
53 int err = 0, i = 0, len;53 int err = 0, i = 0;
54 struct hip_cert_spki_info *cert = NULL;54 struct hip_cert_spki_info *cert = NULL;
55 struct hip_cert_spki_info *to_verification = NULL;55 struct hip_cert_spki_info *to_verification = NULL;
56 time_t not_before = 0, not_after = 0;56 time_t not_before = 0, not_after = 0;
57 struct hip_common *msg;57 struct hip_common *msg;
58 struct in6_addr *defhit;58 struct in6_addr *defhit;
59 char certificate[1024];59 char certificate[1024];
60 unsigned char der_cert[1024];
61 CONF *conf;60 CONF *conf;
62 CONF_VALUE *item;61 CONF_VALUE *item;
63 STACK_OF(CONF_VALUE) * sec = NULL;62 STACK_OF(CONF_VALUE) * sec = NULL;
64 STACK_OF(CONF_VALUE) * sec_name = NULL;
65
66 if (argc != 2) {
67 printf("Usage: %s spki|x509\n", argv[0]);
68 exit(EXIT_SUCCESS);
69 }
7063
71 HIP_DEBUG("- This test tool has to be run as root otherwise this will fail!\n");64 HIP_DEBUG("- This test tool has to be run as root otherwise this will fail!\n");
72 HIP_DEBUG("- Hipd has to run otherwise this will hang!\n");65 HIP_DEBUG("- Hipd has to run otherwise this will hang!\n");
@@ -78,10 +71,6 @@
78 goto out_err;71 goto out_err;
79 }72 }
8073
81 if (strcmp(argv[1], "spki")) {
82 goto skip_spki;
83 }
84
85 HIP_DEBUG("Starting to test SPKI certficate tools\n");74 HIP_DEBUG("Starting to test SPKI certficate tools\n");
8675
87 cert = malloc(sizeof(struct hip_cert_spki_info));76 cert = malloc(sizeof(struct hip_cert_spki_info));
@@ -142,51 +131,12 @@
142 HIP_IFEL(hip_cert_spki_char2certinfo(certificate, to_verification), -1,131 HIP_IFEL(hip_cert_spki_char2certinfo(certificate, to_verification), -1,
143 "Failed to construct the hip_cert_spki_info from certificate\n");132 "Failed to construct the hip_cert_spki_info from certificate\n");
144133
145 /*
146 * below, commented out, is the daemons version of the verification
147 * and below that is the lib version of the verification
148 */
149 /*
150 * HIP_DEBUG("Sending the certificate to daemon for verification\n");
151 *
152 * HIP_IFEL(hip_cert_spki_send_to_verification(to_verification), -1,
153 * "Failed in sending to verification\n");
154 * HIP_IFEL(to_verification->success, -1,
155 * "Verification was not successfull\n");
156 * HIP_DEBUG("Verification was successfull (return value %d)\n",
157 * to_verification->success);
158 */
159 /* Lets do the verification in library */134 /* Lets do the verification in library */
160 HIP_IFEL(hip_cert_spki_lib_verify(to_verification), -1,135 HIP_IFEL(hip_cert_spki_lib_verify(to_verification), -1,
161 "Verification was not succesfull\n");136 "Verification was not succesfull\n");
162 HIP_DEBUG("Verification was successfull (return value %d)\n",137 HIP_DEBUG("Verification was successfull (return value %d)\n",
163 to_verification->success);138 to_verification->success);
164139
165 goto out_err;
166
167skip_spki:
168 HIP_DEBUG("Starting to test x509v3 support\n");
169
170 conf = hip_cert_open_conf();
171 sec_name = hip_cert_read_conf_section("hip_x509v3_name", conf);
172
173 for (i = 0; i < sk_CONF_VALUE_num(sec_name); i++) {
174 item = sk_CONF_VALUE_value(sec_name, i);
175 if (!strcmp(item->name, "issuerhit")) {
176 err = inet_pton(AF_INET6, item->value, defhit);
177 if (err < 1) {
178 err = -1;
179 goto out_err;
180 }
181 }
182 }
183 NCONF_free(conf);
184 len = hip_cert_x509v3_request_certificate(defhit, der_cert);
185
186 /** Now send it back for the verification */
187 HIP_IFEL((err = hip_cert_x509v3_request_verification(der_cert, len) < 0),
188 -1, "Failed to verify a certificate\n");
189
190out_err:140out_err:
191 HIP_DEBUG("If there was no errors above, \"everything\" is OK\n");141 HIP_DEBUG("If there was no errors above, \"everything\" is OK\n");
192142

Subscribers

People subscribed via source and target branches

to all changes: