Created by Stefan Götz on 2011-05-05 and last modified on 2011-07-08

Unified crypto interface.

The goal of this branch is a common interface for the different cryptographic algorithms and operations (currently RSA and DSA, but EC is in the works). Also, data structures shall be introduced which represent common cryptographic data (such as a key) and are easy to use.

This is intended to go beyond the EVP wrappers of OpenSSL. It is not supposed to wrap plain OpenSSL calls but to wrap the HIPL functions that depend on algorithm-specific functionality (such as (de-)serializing keys to HIP messages). EVP may well be used to implement this branch more easily.

The resulting API might offer the opportunity to centralize the use of OpenSSL and make much more HIPL code independent of OpenSSL.

This is a prototyping branch. Merge proposals shall be based on derived cherry-picking branches.

Get this branch:
bzr branch lp:~stefan.goetz-deactivatedaccount/hipl/keys
Only Stefan Götz can upload to this branch. If you are Stefan Götz please log in for upload directions.

Branch merges

Related bugs

Related blueprints

Branch information

Stefan Götz

Recent revisions

5948. By Stefan Götz on 2011-05-28

Add algorithm-independent key interface

5947. By Stefan Götz on 2011-05-28

Fix the file encoding comment so it correctly states that the file is in UTF-8

5946. By René Hummen on 2011-05-27

add script enabling building of HIPL on remote host

Detailed setup information can be found within the script itself.

5945. By David Martin on 2011-05-27

Do not print errors in killall call of hipd and hipfw init scripts.

When hipd or hipfw is not running and killall is called it usually prints
a notice that no process was killed. As the killall implementation on the
routers has no quiet option redirect stderr to /dev/null instead.

5944. By Miika Komu on 2011-05-26

Updated ubuntu-specific instructions on compilation.

Added debhelper as a dependency.

5943. By Diego Biurrun on 2011-05-25

Eliminate some unnecessary HIP_IFEL instances from lib/core/conf.c.

5942. By Diego Biurrun on 2011-05-19

Replace HIP_IFEL instances without condition check by HIP_OUT_ERR.

HIP_OUT_ERR is the preferred way to print a message and exit.
This also fixes the inverted condition that was never triggered.

5941. By David Martin on 2011-05-25

Add restart action to hipfw openwrt init-script.

By default the openwrt call stops and starts hipfw when 'restart' is called.
As hipfw gets started with the -k option by default it is not exited gracefully.
Define the 'restart' call in the init script and sleep for 2 seconds after
calling killall on hipfw. This should be sufficient to clear the firewall rules
and free any states.

5940. By David Martin on 2011-05-25

Allow hipd to exit gracefully in openwrt init-script.

When issuing a restart command and hipd is running, sleep for 5 seconds before
calling hipd again to allow it to exit gracefully. This simulates the behaviour
from the debian init scripts where start-stop-daemon does this automatically.
The latter is not available on the routers so we use this workaround.

5939. By Stefan Götz on 2011-05-24

Store commit message in file so it can be retrieved later instead of being
lost on a closed terminal. This feature was requested by Diego.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.


No subscribers.