hipl-core team mailing list archive
-
hipl-core team
-
Mailing list archive
-
Message #00139
[Branch ~rene-hummen/hipl/ipsec_esp] Rev 4916: modularized esp tokens
------------------------------------------------------------
revno: 4916
committer: Rene Hummen <rene.hummen@xxxxxxxxxxxxxxxxx>
branch nick: ipsec_esp
timestamp: Fri 2010-09-03 13:40:19 +0200
message:
modularized esp tokens
split up of hip parameter processing during bex and fixed interfaces
of esp_tokens to fit requirements of libmod. I needed to add system-
includes for malloc, free and memset in a few files as include chain did
no longer provide includes for these functions.
added:
modules/esp_tokens/
modules/esp_tokens/Makefile.am
modules/esp_tokens/hipd/
modules/esp_tokens/hipd/esp_tokens.c
modules/esp_tokens/hipd/esp_tokens.h
modules/esp_tokens/hipd/esp_tokens_builder.c
modules/esp_tokens/hipd/esp_tokens_builder.h
modules/esp_tokens/hipd/esp_tokens_state.c
modules/esp_tokens/hipd/esp_tokens_state.h
modules/esp_tokens/lib/
modules/esp_tokens/module_info.xml
renamed:
hipd/esp_prot_anchordb.c => modules/esp_tokens/hipd/esp_prot_anchordb.c
hipd/esp_prot_anchordb.h => modules/esp_tokens/hipd/esp_prot_anchordb.h
hipd/esp_prot_hipd_msg.c => modules/esp_tokens/hipd/esp_prot_hipd_msg.c
hipd/esp_prot_hipd_msg.h => modules/esp_tokens/hipd/esp_prot_hipd_msg.h
hipd/esp_prot_light_update.c => modules/esp_tokens/hipd/esp_prot_light_update.c
hipd/esp_prot_light_update.h => modules/esp_tokens/hipd/esp_prot_light_update.h
lib/core/esp_prot_common.c => modules/esp_tokens/lib/esp_prot_common.c
lib/core/esp_prot_common.h => modules/esp_tokens/lib/esp_prot_common.h
modified:
Makefile.am
firewall/dlist.c
firewall/firewall_defines.h
firewall/user_ipsec_sadb.c
firewall/user_ipsec_sadb.h
hipd/configfilereader.c
hipd/hipd.c
hipd/hipd.h
hipd/init.c
hipd/input.c
hipd/maintenance.c
hipd/output.c
hipd/output.h
hipd/user.c
lib/core/builder.c
lib/core/builder.h
lib/core/common.h
lib/core/protodefs.h
lib/core/state.h
lib/core/statistics.c
modules/update/hipd/update.c
modules/user_ipsec/hipd/user_ipsec.h
modules/user_ipsec/hipd/user_ipsec_hipd_msg.c
modules/esp_tokens/hipd/esp_prot_anchordb.c
modules/esp_tokens/hipd/esp_prot_anchordb.h
modules/esp_tokens/hipd/esp_prot_hipd_msg.c
modules/esp_tokens/hipd/esp_prot_hipd_msg.h
modules/esp_tokens/hipd/esp_prot_light_update.c
modules/esp_tokens/hipd/esp_prot_light_update.h
modules/esp_tokens/lib/esp_prot_common.c
modules/esp_tokens/lib/esp_prot_common.h
--
lp:~rene-hummen/hipl/ipsec_esp
https://code.launchpad.net/~rene-hummen/hipl/ipsec_esp
Your team HIPL core team is subscribed to branch lp:~rene-hummen/hipl/ipsec_esp.
To unsubscribe from this branch go to https://code.launchpad.net/~rene-hummen/hipl/ipsec_esp/+edit-subscription
=== modified file 'Makefile.am'
--- Makefile.am 2010-08-25 12:53:17 +0000
+++ Makefile.am 2010-09-03 11:40:19 +0000
@@ -54,9 +54,6 @@
hipd/configfilereader.c \
hipd/cookie.c \
hipd/dh.c \
- hipd/esp_prot_anchordb.c \
- hipd/esp_prot_hipd_msg.c \
- hipd/esp_prot_light_update.c \
hipd/hadb.c \
hipd/hadb_legacy.c \
hipd/hidb.c \
@@ -121,7 +118,6 @@
lib/core/conf.c \
lib/core/crypto.c \
lib/core/debug.c \
- lib/core/esp_prot_common.c \
lib/core/filemanip.c \
lib/core/hashchain.c \
lib/core/hashchain_store.c \
@@ -164,6 +160,7 @@
include modules/heartbeat_update/Makefile.am
include modules/update/Makefile.am
include modules/user_ipsec/Makefile.am
+include modules/esp_tokens/Makefile.am
### library dependencies ###
=== modified file 'firewall/dlist.c'
--- firewall/dlist.c 2010-07-04 17:54:18 +0000
+++ firewall/dlist.c 2010-09-03 11:40:19 +0000
@@ -34,6 +34,8 @@
* @author Essi Vehmersalo
*/
+#include <stdlib.h>
+
#include "lib/core/debug.h"
#include "dlist.h"
=== modified file 'firewall/firewall_defines.h'
--- firewall/firewall_defines.h 2010-07-04 17:54:18 +0000
+++ firewall/firewall_defines.h 2010-09-03 11:40:19 +0000
@@ -40,6 +40,7 @@
#include "lib/core/common.h"
#include "lib/core/linkedlist.h"
#include "lib/core/protodefs.h"
+#include "modules/esp_tokens/lib/esp_prot_common.h"
#include "config.h"
#include "common_types.h"
#include "esp_prot_defines.h"
=== modified file 'firewall/user_ipsec_sadb.c'
--- firewall/user_ipsec_sadb.c 2010-08-19 09:32:20 +0000
+++ firewall/user_ipsec_sadb.c 2010-09-03 11:40:19 +0000
@@ -46,7 +46,6 @@
#include "lib/core/builder.h"
#include "lib/core/common.h"
#include "lib/core/debug.h"
-#include "lib/core/esp_prot_common.h"
#include "lib/core/hashchain.h"
#include "lib/core/hashtable.h"
#include "lib/core/ife.h"
=== modified file 'firewall/user_ipsec_sadb.h'
--- firewall/user_ipsec_sadb.h 2010-08-19 09:32:20 +0000
+++ firewall/user_ipsec_sadb.h 2010-09-03 11:40:19 +0000
@@ -43,7 +43,7 @@
#include <openssl/des.h>
#include <sys/time.h>
-#include "lib/core/esp_prot_common.h"
+#include "modules/esp_tokens/lib/esp_prot_common.h"
#include "lib/core/hashchain.h"
#include "esp_prot_defines.h"
=== modified file 'hipd/configfilereader.c'
--- hipd/configfilereader.c 2010-07-07 16:42:17 +0000
+++ hipd/configfilereader.c 2010-09-03 11:40:19 +0000
@@ -31,6 +31,7 @@
#include <errno.h>
#include <stdio.h>
#include <string.h>
+#include <stdlib.h>
#include "lib/core/debug.h"
#include "configfilereader.h"
=== modified file 'hipd/hipd.c'
--- hipd/hipd.c 2010-08-25 12:53:17 +0000
+++ hipd/hipd.c 2010-09-03 11:40:19 +0000
@@ -45,6 +45,7 @@
#include <sys/un.h>
#include "lib/core/builder.h"
+#include "lib/core/common.h"
#include "lib/core/conf.h"
#include "lib/core/debug.h"
#include "lib/core/filemanip.h"
@@ -144,11 +145,6 @@
int address_change_time_counter = -1;
-int esp_prot_active = 0;
-int esp_prot_num_transforms = 0;
-uint8_t esp_prot_transforms[MAX_NUM_TRANSFORMS];
-long esp_prot_num_parallel_hchains = 0;
-
int hip_shotgun_status = HIP_MSG_SHOTGUN_OFF;
int hip_trigger_update_on_heart_beat_failure = 1;
@@ -182,7 +178,7 @@
* @param msg the message to send
* @return zero on success or negative on error
*/
-int hip_sendto_firewall(const struct hip_common *msg)
+int hip_sendto_firewall(HIPFW const struct hip_common *msg)
{
#ifdef CONFIG_HIP_FIREWALL
int n = 0;
=== modified file 'hipd/hipd.h'
--- hipd/hipd.h 2010-08-25 09:06:43 +0000
+++ hipd/hipd.h 2010-09-03 11:40:19 +0000
@@ -110,10 +110,6 @@
extern hip_transform_suite_t hip_nat_status;
-extern int esp_prot_active;
-extern int esp_prot_num_transforms;
-extern long esp_prot_num_parallel_hchains;
-
extern int hip_trigger_update_on_heart_beat_failure;
extern int hip_locator_status;
@@ -123,8 +119,6 @@
extern int address_count;
extern HIP_HASHTABLE *addresses;
-extern uint8_t esp_prot_transforms[MAX_NUM_TRANSFORMS];
-
int hip_firewall_is_alive(void);
/* Functions for handling incoming packets. */
=== modified file 'hipd/init.c'
--- hipd/init.c 2010-08-25 12:53:17 +0000
+++ hipd/init.c 2010-09-03 11:40:19 +0000
@@ -68,7 +68,6 @@
#include "accessor.h"
#include "close.h"
#include "dh.h"
-#include "esp_prot_light_update.h"
#include "hadb.h"
#include "hidb.h"
#include "hip_socket.h"
@@ -705,7 +704,6 @@
lmod_register_packet_type(HIP_CLOSE_ACK, "HIP_CLOSE_ACK");
lmod_register_packet_type(HIP_PSIG, "HIP_PSIG");
lmod_register_packet_type(HIP_TRIG, "HIP_TRIG");
- lmod_register_packet_type(HIP_LUPDATE, "HIP_LUPDATE");
lmod_register_packet_type(HIP_DATA, "HIP_DATA");
lmod_register_packet_type(HIP_PAYLOAD, "HIP_PAYLOAD");
}
@@ -769,49 +767,97 @@
hip_register_handle_function(HIP_I2, HIP_STATE_UNASSOCIATED, &hip_check_i2, 20000);
hip_register_handle_function(HIP_I2, HIP_STATE_UNASSOCIATED, &hip_handle_i2, 30000);
hip_register_handle_function(HIP_I2, HIP_STATE_UNASSOCIATED, &hip_setup_ipsec_sa_i2, 30500);
- hip_register_handle_function(HIP_I2, HIP_STATE_UNASSOCIATED, &hip_send_r2, 40000);
+ hip_register_handle_function(HIP_I2, HIP_STATE_UNASSOCIATED, &hip_create_r2, 40000);
+ hip_register_handle_function(HIP_I2, HIP_STATE_UNASSOCIATED, &hip_add_rvs_reg_from, 41000);
+ hip_register_handle_function(HIP_I2, HIP_STATE_UNASSOCIATED, &hip_hmac2_and_sign, 42000);
+ hip_register_handle_function(HIP_I2, HIP_STATE_UNASSOCIATED, &hip_add_rvs_relay_to, 43000);
+ hip_register_handle_function(HIP_I2, HIP_STATE_UNASSOCIATED, &hip_send_r2, 50000);
hip_register_handle_function(HIP_I2, HIP_STATE_I1_SENT, &hip_check_i2, 20000);
hip_register_handle_function(HIP_I2, HIP_STATE_I1_SENT, &hip_handle_i2, 30000);
hip_register_handle_function(HIP_I2, HIP_STATE_I1_SENT, &hip_setup_ipsec_sa_i2, 30500);
- hip_register_handle_function(HIP_I2, HIP_STATE_I1_SENT, &hip_send_r2, 40000);
+ hip_register_handle_function(HIP_I2, HIP_STATE_I1_SENT, &hip_create_r2, 40000);
+ hip_register_handle_function(HIP_I2, HIP_STATE_I1_SENT, &hip_add_rvs_reg_from, 41000);
+ hip_register_handle_function(HIP_I2, HIP_STATE_I1_SENT, &hip_hmac2_and_sign, 42000);
+ hip_register_handle_function(HIP_I2, HIP_STATE_I1_SENT, &hip_add_rvs_relay_to, 43000);
+ hip_register_handle_function(HIP_I2, HIP_STATE_I1_SENT, &hip_send_r2, 50000);
hip_register_handle_function(HIP_I2, HIP_STATE_I2_SENT, &hip_check_i2, 20000);
hip_register_handle_function(HIP_I2, HIP_STATE_I2_SENT, &hip_handle_i2_in_i2_sent, 21000);
hip_register_handle_function(HIP_I2, HIP_STATE_I2_SENT, &hip_handle_i2, 30000);
hip_register_handle_function(HIP_I2, HIP_STATE_I2_SENT, &hip_setup_ipsec_sa_i2, 30500);
- hip_register_handle_function(HIP_I2, HIP_STATE_I2_SENT, &hip_send_r2, 40000);
+ hip_register_handle_function(HIP_I2, HIP_STATE_I2_SENT, &hip_create_r2, 40000);
+ hip_register_handle_function(HIP_I2, HIP_STATE_I2_SENT, &hip_add_rvs_reg_from, 41000);
+ hip_register_handle_function(HIP_I2, HIP_STATE_I2_SENT, &hip_hmac2_and_sign, 42000);
+ hip_register_handle_function(HIP_I2, HIP_STATE_I2_SENT, &hip_add_rvs_relay_to, 43000);
+ hip_register_handle_function(HIP_I2, HIP_STATE_I2_SENT, &hip_send_r2, 50000);
hip_register_handle_function(HIP_I2, HIP_STATE_R2_SENT, &hip_check_i2, 20000);
hip_register_handle_function(HIP_I2, HIP_STATE_R2_SENT, &hip_handle_i2, 30000);
hip_register_handle_function(HIP_I2, HIP_STATE_R2_SENT, &hip_setup_ipsec_sa_i2, 30500);
- hip_register_handle_function(HIP_I2, HIP_STATE_R2_SENT, &hip_send_r2, 40000);
+ hip_register_handle_function(HIP_I2, HIP_STATE_R2_SENT, &hip_create_r2, 40000);
+ hip_register_handle_function(HIP_I2, HIP_STATE_R2_SENT, &hip_add_rvs_reg_from, 41000);
+ hip_register_handle_function(HIP_I2, HIP_STATE_R2_SENT, &hip_hmac2_and_sign, 42000);
+ hip_register_handle_function(HIP_I2, HIP_STATE_R2_SENT, &hip_add_rvs_relay_to, 43000);
+ hip_register_handle_function(HIP_I2, HIP_STATE_R2_SENT, &hip_send_r2, 50000);
hip_register_handle_function(HIP_I2, HIP_STATE_ESTABLISHED, &hip_check_i2, 20000);
hip_register_handle_function(HIP_I2, HIP_STATE_ESTABLISHED, &hip_handle_i2, 30000);
hip_register_handle_function(HIP_I2, HIP_STATE_ESTABLISHED, &hip_setup_ipsec_sa_i2, 30500);
- hip_register_handle_function(HIP_I2, HIP_STATE_ESTABLISHED, &hip_send_r2, 40000);
+ hip_register_handle_function(HIP_I2, HIP_STATE_ESTABLISHED, &hip_create_r2, 40000);
+ hip_register_handle_function(HIP_I2, HIP_STATE_ESTABLISHED, &hip_add_rvs_reg_from, 41000);
+ hip_register_handle_function(HIP_I2, HIP_STATE_ESTABLISHED, &hip_hmac2_and_sign, 42000);
+ hip_register_handle_function(HIP_I2, HIP_STATE_ESTABLISHED, &hip_add_rvs_relay_to, 43000);
+ hip_register_handle_function(HIP_I2, HIP_STATE_ESTABLISHED, &hip_send_r2, 50000);
hip_register_handle_function(HIP_I2, HIP_STATE_CLOSING, &hip_check_i2, 20000);
hip_register_handle_function(HIP_I2, HIP_STATE_CLOSING, &hip_handle_i2, 30000);
hip_register_handle_function(HIP_I2, HIP_STATE_CLOSING, &hip_setup_ipsec_sa_i2, 30500);
- hip_register_handle_function(HIP_I2, HIP_STATE_CLOSING, &hip_send_r2, 40000);
+ hip_register_handle_function(HIP_I2, HIP_STATE_CLOSING, &hip_create_r2, 40000);
+ hip_register_handle_function(HIP_I2, HIP_STATE_CLOSING, &hip_add_rvs_reg_from, 41000);
+ hip_register_handle_function(HIP_I2, HIP_STATE_CLOSING, &hip_hmac2_and_sign, 42000);
+ hip_register_handle_function(HIP_I2, HIP_STATE_CLOSING, &hip_add_rvs_relay_to, 43000);
+ hip_register_handle_function(HIP_I2, HIP_STATE_CLOSING, &hip_send_r2, 50000);
hip_register_handle_function(HIP_I2, HIP_STATE_CLOSED, &hip_check_i2, 20000);
hip_register_handle_function(HIP_I2, HIP_STATE_CLOSED, &hip_handle_i2, 30000);
hip_register_handle_function(HIP_I2, HIP_STATE_CLOSED, &hip_setup_ipsec_sa_i2, 30500);
- hip_register_handle_function(HIP_I2, HIP_STATE_CLOSED, &hip_send_r2, 40000);
+ hip_register_handle_function(HIP_I2, HIP_STATE_CLOSED, &hip_create_r2, 40000);
+ hip_register_handle_function(HIP_I2, HIP_STATE_CLOSED, &hip_add_rvs_reg_from, 41000);
+ hip_register_handle_function(HIP_I2, HIP_STATE_CLOSED, &hip_hmac2_and_sign, 42000);
+ hip_register_handle_function(HIP_I2, HIP_STATE_CLOSED, &hip_add_rvs_relay_to, 43000);
+ hip_register_handle_function(HIP_I2, HIP_STATE_CLOSED, &hip_send_r2, 50000);
hip_register_handle_function(HIP_I2, HIP_STATE_NONE, &hip_check_i2, 20000);
hip_register_handle_function(HIP_I2, HIP_STATE_NONE, &hip_handle_i2, 30000);
hip_register_handle_function(HIP_I2, HIP_STATE_NONE, &hip_setup_ipsec_sa_i2, 30500);
- hip_register_handle_function(HIP_I2, HIP_STATE_NONE, &hip_send_r2, 40000);
+ hip_register_handle_function(HIP_I2, HIP_STATE_NONE, &hip_create_r2, 40000);
+ hip_register_handle_function(HIP_I2, HIP_STATE_NONE, &hip_add_rvs_reg_from, 41000);
+ hip_register_handle_function(HIP_I2, HIP_STATE_NONE, &hip_hmac2_and_sign, 42000);
+ hip_register_handle_function(HIP_I2, HIP_STATE_NONE, &hip_add_rvs_relay_to, 43000);
+ hip_register_handle_function(HIP_I2, HIP_STATE_NONE, &hip_send_r2, 50000);
hip_register_handle_function(HIP_R1, HIP_STATE_I1_SENT, &hip_check_r1, 20000);
hip_register_handle_function(HIP_R1, HIP_STATE_I1_SENT, &hip_handle_r1, 30000);
- hip_register_handle_function(HIP_R1, HIP_STATE_I1_SENT, &hip_send_i2, 40000);
+ hip_register_handle_function(HIP_R1, HIP_STATE_I1_SENT, &hip_create_i2, 40000);
+ hip_register_handle_function(HIP_R1, HIP_STATE_I1_SENT, &hip_add_signed_echo_response, 41000);
+ hip_register_handle_function(HIP_R1, HIP_STATE_I1_SENT, &hip_sign_and_mac_packet, 42000);
+ hip_register_handle_function(HIP_R1, HIP_STATE_I1_SENT, &hip_add_unsigned_echo_response, 43000);
+ hip_register_handle_function(HIP_R1, HIP_STATE_I1_SENT, &hip_send_i2, 50000);
hip_register_handle_function(HIP_R1, HIP_STATE_I2_SENT, &hip_check_r1, 20000);
hip_register_handle_function(HIP_R1, HIP_STATE_I2_SENT, &hip_handle_r1, 30000);
- hip_register_handle_function(HIP_R1, HIP_STATE_I2_SENT, &hip_send_i2, 40000);
+ hip_register_handle_function(HIP_R1, HIP_STATE_I2_SENT, &hip_create_i2, 40000);
+ hip_register_handle_function(HIP_R1, HIP_STATE_I2_SENT, &hip_add_signed_echo_response, 41000);
+ hip_register_handle_function(HIP_R1, HIP_STATE_I2_SENT, &hip_sign_and_mac_packet, 42000);
+ hip_register_handle_function(HIP_R1, HIP_STATE_I2_SENT, &hip_add_unsigned_echo_response, 43000);
+ hip_register_handle_function(HIP_R1, HIP_STATE_I2_SENT, &hip_send_i2, 50000);
hip_register_handle_function(HIP_R1, HIP_STATE_CLOSING, &hip_check_r1, 20000);
hip_register_handle_function(HIP_R1, HIP_STATE_CLOSING, &hip_handle_r1, 30000);
- hip_register_handle_function(HIP_R1, HIP_STATE_CLOSING, &hip_send_i2, 40000);
+ hip_register_handle_function(HIP_R1, HIP_STATE_CLOSING, &hip_create_i2, 40000);
+ hip_register_handle_function(HIP_R1, HIP_STATE_CLOSING, &hip_add_signed_echo_response, 41000);
+ hip_register_handle_function(HIP_R1, HIP_STATE_CLOSING, &hip_sign_and_mac_packet, 42000);
+ hip_register_handle_function(HIP_R1, HIP_STATE_CLOSING, &hip_add_unsigned_echo_response, 43000);
+ hip_register_handle_function(HIP_R1, HIP_STATE_CLOSING, &hip_send_i2, 50000);
hip_register_handle_function(HIP_R1, HIP_STATE_CLOSED, &hip_check_r1, 20000);
hip_register_handle_function(HIP_R1, HIP_STATE_CLOSED, &hip_handle_r1, 30000);
- hip_register_handle_function(HIP_R1, HIP_STATE_CLOSED, &hip_send_i2, 40000);
+ hip_register_handle_function(HIP_R1, HIP_STATE_CLOSED, &hip_create_i2, 40000);
+ hip_register_handle_function(HIP_R1, HIP_STATE_CLOSED, &hip_add_signed_echo_response, 41000);
+ hip_register_handle_function(HIP_R1, HIP_STATE_CLOSED, &hip_sign_and_mac_packet, 42000);
+ hip_register_handle_function(HIP_R1, HIP_STATE_CLOSED, &hip_add_unsigned_echo_response, 43000);
+ hip_register_handle_function(HIP_R1, HIP_STATE_CLOSED, &hip_send_i2, 50000);
hip_register_handle_function(HIP_R2, HIP_STATE_I2_SENT, &hip_check_r2, 20000);
hip_register_handle_function(HIP_R2, HIP_STATE_I2_SENT, &hip_handle_r2, 30000);
@@ -844,9 +890,6 @@
hip_register_handle_function(HIP_CLOSE_ACK, HIP_STATE_CLOSED, &hip_close_ack_check_packet, 20000);
hip_register_handle_function(HIP_CLOSE_ACK, HIP_STATE_CLOSED, &hip_close_ack_handle_packet, 30000);
- hip_register_handle_function(HIP_LUPDATE, HIP_STATE_ESTABLISHED, &esp_prot_handle_light_update, 20000);
- hip_register_handle_function(HIP_LUPDATE, HIP_STATE_R2_SENT, &esp_prot_handle_light_update, 20000);
-
return err;
}
=== modified file 'hipd/input.c'
--- hipd/input.c 2010-08-25 12:53:17 +0000
+++ hipd/input.c 2010-09-03 11:40:19 +0000
@@ -68,8 +68,6 @@
#include "config.h"
#include "cookie.h"
#include "dh.h"
-#include "esp_prot_hipd_msg.h"
-#include "esp_prot_light_update.h"
#include "hadb.h"
#include "hadb_legacy.h"
#include "hidb.h"
@@ -963,13 +961,6 @@
-1,
"Building of DH failed.\n");
- /********* ESP protection preferred transforms [OPTIONAL] *********/
- HIP_IFEL(esp_prot_r1_handle_transforms(ctx),
- -1,
- "failed to handle preferred esp protection transforms\n");
-
- /******************************************************************/
-
out_err:
if (ctx->hadb_entry->dh_shared_key) {
free(ctx->hadb_entry->dh_shared_key);
@@ -1114,12 +1105,6 @@
ctx->hadb_entry->peer_udp_port = ctx->msg_ports->src_port;
}
- /********** ESP-PROT anchor [OPTIONAL] **********/
- HIP_IFEL(esp_prot_r2_handle_anchor(ctx->hadb_entry,
- ctx->input_msg),
- -1,
- "failed to handle esp prot anchor\n");
-
/***** LOCATOR PARAMETER *****/
locator = hip_get_param(ctx->input_msg, HIP_PARAM_LOCATOR);
if (locator) {
@@ -1162,7 +1147,6 @@
HIP_MAX_NETWORK_PACKET);
}
-out_err:
if (ctx->hadb_entry->state == HIP_STATE_ESTABLISHED) {
HIP_DEBUG("Send response to firewall.\n");
hip_firewall_set_bex_data(HIP_MSG_FW_BEX_DONE,
@@ -1773,11 +1757,6 @@
}
HIP_DEBUG("retransmission: %s\n", (retransmission ? "yes" : "no"));
- /********** ESP-PROT anchor [OPTIONAL] **********/
- /** @todo Modularize esp_prot_* */
- HIP_IFEL(esp_prot_i2_handle_anchor(ctx), -1,
- "failed to handle esp prot anchor\n");
-
/***** LOCATOR PARAMETER *****/
locator = hip_get_param(ctx->input_msg, HIP_PARAM_LOCATOR);
if (locator) {
=== modified file 'hipd/maintenance.c'
--- hipd/maintenance.c 2010-07-16 18:56:20 +0000
+++ hipd/maintenance.c 2010-09-03 11:40:19 +0000
@@ -106,8 +106,7 @@
if (*now - HIP_RETRANSMIT_WAIT > entry->hip_msg_retrans.last_transmit) {
if ((entry->hip_msg_retrans.count > 0) && entry->hip_msg_retrans.buf &&
((entry->state != HIP_STATE_ESTABLISHED && entry->retrans_state != entry->state) ||
- (entry->update_state != 0 && entry->retrans_state != entry->update_state) ||
- entry->light_update_retrans == 1)) {
+ (entry->update_state != 0 && entry->retrans_state != entry->update_state))) {
HIP_DEBUG("state=%d, retrans_state=%d, update_state=%d\n",
entry->state, entry->retrans_state, entry->update_state, entry->retrans_state);
=== modified file 'hipd/output.c'
--- hipd/output.c 2010-08-25 12:53:17 +0000
+++ hipd/output.c 2010-09-03 11:40:19 +0000
@@ -59,7 +59,6 @@
#include "config.h"
#include "cookie.h"
#include "dh.h"
-#include "esp_prot_hipd_msg.h"
#include "hadb.h"
#include "hidb.h"
#include "hipd.h"
@@ -68,6 +67,7 @@
#include "netdev.h"
#include "pisa.h"
#include "registration.h"
+#include "modules/esp_tokens/hipd/esp_prot_hipd_msg.h"
#include "output.h"
@@ -240,7 +240,112 @@
}
/**
- * @brief Creates an I2 packet and sends it.
+ * @brief Adds a signed echo response to an outbound packet.
+ *
+ * @param packet_type The packet type of the control message (RFC 5201, 5.3.)
+ * @param ha_state The host association state (RFC 5201, 4.4.1.)
+ * @param *ctx Pointer to the packet context, containing all
+ * information for the packet handling
+ * (received message, source and destination address, the
+ * ports and the corresponding entry from the host
+ * association database).
+ *
+ * @return zero on success, non-negative on error.
+ */
+int hip_add_signed_echo_response(UNUSED const uint8_t packet_type,
+ UNUSED const uint32_t ha_state,
+ struct hip_packet_context *ctx)
+{
+ const struct hip_echo_request *ping = NULL;
+ int err = 0;
+
+ ping = hip_get_param(ctx->input_msg, HIP_PARAM_ECHO_REQUEST_SIGN);
+ if (ping) {
+ int ln = hip_get_param_contents_len(ping);
+ HIP_IFEL(hip_build_param_echo(ctx->output_msg, ping + 1, ln, 1, 0), -1,
+ "Error while creating echo reply parameter\n");
+ }
+
+ out_err:
+ return err;
+}
+
+/**
+ * @brief Adds a signature and hmac to an outbound packet.
+ *
+ * @param packet_type The packet type of the control message (RFC 5201, 5.3.)
+ * @param ha_state The host association state (RFC 5201, 4.4.1.)
+ * @param *ctx Pointer to the packet context, containing all
+ * information for the packet handling
+ * (received message, source and destination address, the
+ * ports and the corresponding entry from the host
+ * association database).
+ *
+ * @return zero on success, non-negative on error.
+ */
+int hip_sign_and_mac_packet(UNUSED const uint8_t packet_type,
+ UNUSED const uint32_t ha_state,
+ struct hip_packet_context *ctx)
+{
+ int err = 0;
+
+ HIP_IFEL(hip_build_param_hmac_contents(ctx->output_msg,
+ &ctx->hadb_entry->hip_hmac_out),
+ -1,
+ "Building of HMAC failed\n");
+
+ /* Build a digest of the packet built so far. Signature will
+ * be calculated over the digest. */
+#ifdef CONFIG_HIP_PERFORMANCE
+ HIP_DEBUG("Start PERF_SIGN\n");
+ hip_perf_start_benchmark(perf_set, PERF_SIGN);
+#endif
+ HIP_IFEL(ctx->hadb_entry->sign(ctx->hadb_entry->our_priv_key,
+ ctx->output_msg),
+ -EINVAL,
+ "Could not create signature\n");
+#ifdef CONFIG_HIP_PERFORMANCE
+ HIP_DEBUG("Stop PERF_SIGN\n");
+ hip_perf_stop_benchmark(perf_set, PERF_SIGN);
+#endif
+
+ out_err:
+ return err;
+}
+
+/**
+ * @brief Adds an unsigned echo response to an outbound packet.
+ *
+ * @param packet_type The packet type of the control message (RFC 5201, 5.3.)
+ * @param ha_state The host association state (RFC 5201, 4.4.1.)
+ * @param *ctx Pointer to the packet context, containing all
+ * information for the packet handling
+ * (received message, source and destination address, the
+ * ports and the corresponding entry from the host
+ * association database).
+ *
+ * @return zero on success, non-negative on error.
+ */
+int hip_add_unsigned_echo_response(UNUSED const uint8_t packet_type,
+ UNUSED const uint32_t ha_state,
+ struct hip_packet_context *ctx)
+{
+ const struct hip_echo_request *ping = NULL;
+ int err = 0;
+
+ ping = hip_get_param(ctx->input_msg, HIP_PARAM_ECHO_REQUEST);
+ if (ping) {
+ int ln = hip_get_param_contents_len(ping);
+ HIP_IFEL(hip_build_param_echo(ctx->output_msg, (ping + 1), ln, 0, 0), -1,
+ "Error while creating echo reply parameter\n");
+ }
+
+ out_err:
+ return err;
+}
+
+/**
+ * @brief Creates an I2 packet.
*
* @param packet_type The packet type of the control message (RFC 5201, 5.3.)
* @param ha_state The host association state (RFC 5201, 4.4.1.)
@@ -252,20 +357,17 @@
*
* @return zero on success, non-negative on error.
*/
-int hip_send_i2(UNUSED const uint8_t packet_type,
- UNUSED const uint32_t ha_state,
- struct hip_packet_context *ctx)
+int hip_create_i2(UNUSED const uint8_t packet_type,
+ UNUSED const uint32_t ha_state,
+ struct hip_packet_context *ctx)
{
hip_transform_suite_t transform_hip_suite, transform_esp_suite;
- struct hip_spi_in_item spi_in_data;
- struct in6_addr daddr;
const struct hip_param *param = NULL;
struct hip_esp_info *esp_info = NULL;
struct hip_host_id_entry *host_id_entry = NULL;
char *enc_in_msg = NULL, *host_id_in_enc = NULL;
unsigned char *iv = NULL;
int err = 0, host_id_in_enc_len = 0;
- uint32_t spi_in = 0;
HIP_IFEL(ctx->error,
-1,
@@ -281,8 +383,6 @@
HIP_ASSERT(ctx->hadb_entry);
- spi_in = ctx->hadb_entry->spi_inbound_current;
-
/* TLV sanity checks are are already done by the caller of this
* function. Now, begin to build I2 piece by piece. */
@@ -397,11 +497,7 @@
&transform_esp_suite, 1), -1,
"Building of ESP transform failed\n");
- /********** ESP-PROT anchor [OPTIONAL] **********/
-
- /** @todo Modularize esp_prot_* */
- HIP_IFEL(esp_prot_i2_add_anchor(ctx), -1,
- "failed to add esp protection anchor\n");
+ ctx->hadb_entry->esp_transform = transform_esp_suite;
/************************************************/
@@ -450,7 +546,8 @@
ctx->hadb_entry->hip_transform = transform_hip_suite;
/* XXX: -EAGAIN */
- HIP_DEBUG("set up inbound IPsec SA, SPI=0x%x (host)\n", spi_in);
+ HIP_DEBUG("set up inbound IPsec SA, SPI=0x%x (host)\n",
+ ctx->hadb_entry->spi_inbound_current);
HIP_IFEL(hip_setup_hit_sp_pair(&ctx->input_msg->hits,
&ctx->input_msg->hitr,
@@ -463,73 +560,31 @@
esp_info = hip_get_param_readwrite(ctx->output_msg, HIP_PARAM_ESP_INFO);
HIP_ASSERT(esp_info); /* Builder internal error */
- esp_info->new_spi = htonl(spi_in);
- /* LSI not created, as it is local, and we do not support IPv4 */
-
- /********** ECHO_RESPONSE_SIGN (OPTIONAL) **************/
- /* must reply... */
- {
- const struct hip_echo_request *ping;
-
- ping = hip_get_param(ctx->input_msg, HIP_PARAM_ECHO_REQUEST_SIGN);
- if (ping) {
- int ln = hip_get_param_contents_len(ping);
- HIP_IFEL(hip_build_param_echo(ctx->output_msg, ping + 1, ln, 1, 0), -1,
- "Error while creating echo reply parameter\n");
- }
- }
-
- /************* HMAC ************/
- HIP_IFEL(hip_build_param_hmac_contents(ctx->output_msg,
- &ctx->hadb_entry->hip_hmac_out),
- -1,
- "Building of HMAC failed\n");
-
- /********** Signature **********/
- /* Build a digest of the packet built so far. Signature will
- * be calculated over the digest. */
-#ifdef CONFIG_HIP_PERFORMANCE
- HIP_DEBUG("Start PERF_SIGN\n");
- hip_perf_start_benchmark(perf_set, PERF_SIGN);
-#endif
- HIP_IFEL(ctx->hadb_entry->sign(ctx->hadb_entry->our_priv_key,
- ctx->output_msg),
- -EINVAL,
- "Could not create signature\n");
-#ifdef CONFIG_HIP_PERFORMANCE
- HIP_DEBUG("Stop PERF_SIGN\n");
- hip_perf_stop_benchmark(perf_set, PERF_SIGN);
-#endif
-
- /********** ECHO_RESPONSE (OPTIONAL) ************/
- /* must reply */
- {
- const struct hip_echo_request *ping;
-
- ping = hip_get_param(ctx->input_msg, HIP_PARAM_ECHO_REQUEST);
- if (ping) {
- int ln = hip_get_param_contents_len(ping);
- HIP_IFEL(hip_build_param_echo(ctx->output_msg, (ping + 1), ln, 0, 0), -1,
- "Error while creating echo reply parameter\n");
- }
- }
-
- /********** I2 packet complete **********/
- memset(&spi_in_data, 0, sizeof(struct hip_spi_in_item));
- spi_in_data.spi = spi_in;
- spi_in_data.ifindex = hip_devaddr2ifindex(ctx->dst_addr);
- HIP_LOCK_HA(ctx->hadb_entry);
-
- /* 99999 HIP_IFEB(hip_hadb_add_spi_old(ctx->hadb_entry,
- HIP_SPI_DIRECTION_IN, &spi_in_data),
- -1,
- HIP_UNLOCK_HA(ctx->hadb_entry));
- */
-
- ctx->hadb_entry->esp_transform = transform_esp_suite;
- HIP_DEBUG("Saving base exchange encryption data to hadb_entry \n");
- HIP_DEBUG_HIT("Our HIT: ", &ctx->hadb_entry->hit_our);
- HIP_DEBUG_HIT("Peer HIT: ", &ctx->hadb_entry->hit_peer);
+ esp_info->new_spi = htonl(ctx->hadb_entry->spi_inbound_current);
+
+ out_err:
+ return err;
+}
+
+/**
+ * @brief Final processing and sending of an I2 packet.
+ *
+ * @param packet_type The packet type of the control message (RFC 5201, 5.3.)
+ * @param ha_state The host association state (RFC 5201, 4.4.1.)
+ * @param *ctx Pointer to the packet context, containing all
+ * information for the packet handling
+ * (received message, source and destination address, the
+ * ports and the corresponding entry from the host
+ * association database).
+ *
+ * @return zero on success, non-negative on error.
+ */
+int hip_send_i2(UNUSED const uint8_t packet_type,
+ UNUSED const uint32_t ha_state,
+ struct hip_packet_context *ctx)
+{
+ struct in6_addr daddr;
+ int err = 0;
/** @todo Also store the keys that will be given to ESP later */
HIP_IFE(hip_hadb_get_peer_addr(ctx->hadb_entry, &daddr), -1);
@@ -903,7 +958,118 @@
}
/**
- * Creates and transmits an R2 packet.
+ * Adds an RVS registration_from parameter to outbound packet.
+ *
+ * @param packet_type The packet type of the control message (RFC 5201, 5.3.)
+ * @param ha_state The host association state (RFC 5201, 4.4.1.)
+ * @param *ctx Pointer to the packet context, containing all
+ * information for the packet handling
+ * (received message, source and destination address, the
+ * ports and the corresponding entry from the host
+ * association database).
+ *
+ * @return zero on success, negative otherwise.
+ */
+int hip_add_rvs_reg_from(UNUSED const uint8_t packet_type,
+ UNUSED const uint32_t ha_state,
+ RVS struct hip_packet_context *ctx)
+{
+ int err = 0;
+
+#ifdef CONFIG_HIP_RVS
+ /********** REG_REQUEST **********/
+ /* This part should only be executed at server offering rvs or relay
+ * services.
+ */
+
+ hip_handle_param_reg_request(ctx->hadb_entry,
+ ctx->input_msg, ctx->output_msg);
+ if (hip_relay_get_status() != HIP_RELAY_OFF) {
+ hip_build_param_reg_from(ctx->output_msg,
+ ctx->src_addr, ctx->msg_ports->src_port);
+ }
+#endif
+
+ return err;
+}
+
+/**
+ * Adds an HMAC2 and signature parameters to outbound packet.
+ *
+ * @param packet_type The packet type of the control message (RFC 5201, 5.3.)
+ * @param ha_state The host association state (RFC 5201, 4.4.1.)
+ * @param *ctx Pointer to the packet context, containing all
+ * information for the packet handling
+ * (received message, source and destination address, the
+ * ports and the corresponding entry from the host
+ * association database).
+ *
+ * @return zero on success, negative otherwise.
+ */
+int hip_hmac2_and_sign(UNUSED const uint8_t packet_type,
+ UNUSED const uint32_t ha_state,
+ struct hip_packet_context *ctx)
+{
+ int err = 0;
+
+ /* Create HMAC2 parameter. */
+ if (ctx->hadb_entry->our_pub == NULL) {
+ HIP_DEBUG("ctx->hadb_entry->our_pub is NULL.\n");
+ }
+
+ HIP_IFEL(hip_build_param_hmac2_contents(ctx->output_msg,
+ &ctx->hadb_entry->hip_hmac_out,
+ ctx->hadb_entry->our_pub),
+ -1,
+ "Failed to build parameter HMAC2 contents.\n");
+
+ HIP_IFEL(ctx->hadb_entry->sign(ctx->hadb_entry->our_priv_key,
+ ctx->output_msg),
+ -EINVAL,
+ "Could not sign R2. Failing\n");
+
+ out_err:
+ return err;
+}
+
+/**
+ * Adds an RVS relay_to parameter to outbound packet.
+ *
+ * @param packet_type The packet type of the control message (RFC 5201, 5.3.)
+ * @param ha_state The host association state (RFC 5201, 4.4.1.)
+ * @param *ctx Pointer to the packet context, containing all
+ * information for the packet handling
+ * (received message, source and destination address, the
+ * ports and the corresponding entry from the host
+ * association database).
+ *
+ * @return zero on success, negative otherwise.
+ */
+int hip_add_rvs_relay_to(UNUSED const uint8_t packet_type,
+ UNUSED const uint32_t ha_state,
+ RVS struct hip_packet_context *ctx)
+{
+ int err = 0;
+
+#ifdef CONFIG_HIP_RVS
+ struct in6_addr dst;
+ in_port_t dst_port = 0;
+
+ memset(&dst, 0, sizeof(dst));
+ if ((hip_relay_handle_relay_from(ctx->input_msg,
+ ctx->src_addr,
+ &dst, &dst_port) > 0)
+ && !ipv6_addr_any(&dst)) {
+ HIP_DEBUG("create relay_to parameter in R2\n");
+ hip_build_param_relay_to(ctx->output_msg, &dst, dst_port);
+ }
+#endif
+
+ return err;
+}
+
+/**
+ * Creates an R2 packet.
*
* @param packet_type The packet type of the control message (RFC 5201, 5.3.)
* @param ha_state The host association state (RFC 5201, 4.4.1.)
@@ -915,11 +1081,10 @@
*
* @return zero on success, negative otherwise.
*/
-int hip_send_r2(UNUSED const uint8_t packet_type,
- UNUSED const uint32_t ha_state,
- struct hip_packet_context *ctx)
+int hip_create_r2(UNUSED const uint8_t packet_type,
+ UNUSED const uint32_t ha_state,
+ struct hip_packet_context *ctx)
{
- struct hip_crypto_key hmac;
int err = 0;
uint16_t mask = 0;
@@ -968,62 +1133,28 @@
#endif
- /********** ESP-PROT anchor [OPTIONAL] **********/
- HIP_IFEL(esp_prot_r2_add_anchor(ctx->output_msg, ctx->hadb_entry), -1,
- "failed to add esp protection anchor\n");
- /************************************************/
-
-#ifdef CONFIG_HIP_RVS
- /********** REG_REQUEST **********/
- /* This part should only be executed at server offering rvs or relay
- * services.
- */
-
- hip_handle_param_reg_request(ctx->hadb_entry,
- ctx->input_msg, ctx->output_msg);
- if (hip_relay_get_status() != HIP_RELAY_OFF) {
- hip_build_param_reg_from(ctx->output_msg,
- ctx->src_addr, ctx->msg_ports->src_port);
- }
-#endif
-
-
- /* Create HMAC2 parameter. */
- if (ctx->hadb_entry->our_pub == NULL) {
- HIP_DEBUG("ctx->hadb_entry->our_pub is NULL.\n");
- }
-
- memcpy(&hmac, &ctx->hadb_entry->hip_hmac_out, sizeof(hmac));
- HIP_IFEL(hip_build_param_hmac2_contents(ctx->output_msg,
- &hmac,
- ctx->hadb_entry->our_pub),
- -1,
- "Failed to build parameter HMAC2 contents.\n");
-
- /* Why is err reset to zero? -Lauri 11.06.2008 */
- if (err == 1) {
- err = 0;
- }
-
- HIP_IFEL(ctx->hadb_entry->sign(ctx->hadb_entry->our_priv_key,
- ctx->output_msg),
- -EINVAL,
- "Could not sign R2. Failing\n");
-
-#ifdef CONFIG_HIP_RVS
- {
- struct in6_addr dst;
- in_port_t dst_port = 0;
-
- memset(&dst, 0, sizeof(dst));
- if ((hip_relay_handle_relay_from(ctx->input_msg, ctx->src_addr,
- &dst, &dst_port) > 0) &&
- !ipv6_addr_any(&dst)) {
- HIP_DEBUG("create relay_to parameter in R2\n");
- hip_build_param_relay_to(ctx->output_msg, &dst, dst_port);
- }
- }
-#endif
+ out_err:
+ return err;
+}
+
+/**
+ * Sends an R2 packet.
+ *
+ * @param packet_type The packet type of the control message (RFC 5201, 5.3.)
+ * @param ha_state The host association state (RFC 5201, 4.4.1.)
+ * @param *ctx Pointer to the packet context, containing all
+ * information for the packet handling
+ * (received message, source and destination address, the
+ * ports and the corresponding entry from the host
+ * association database).
+ *
+ * @return zero on success, negative otherwise.
+ */
+int hip_send_r2(UNUSED const uint8_t packet_type,
+ UNUSED const uint32_t ha_state,
+ struct hip_packet_context *ctx)
+{
+ int err = 0;
err = hip_send_pkt(ctx->dst_addr,
ctx->src_addr,
@@ -1033,10 +1164,6 @@
ctx->hadb_entry,
1);
- if (err == 1) {
- err = 0;
- }
-
HIP_IFEL(err, -ECOMM, "Sending R2 packet failed.\n");
out_err:
=== modified file 'hipd/output.h'
--- hipd/output.h 2010-08-19 09:32:20 +0000
+++ hipd/output.h 2010-09-03 11:40:19 +0000
@@ -55,18 +55,44 @@
const uint32_t ha_state,
struct hip_packet_context *ctx);
+int hip_add_rvs_reg_from(const uint8_t packet_type,
+ const uint32_t ha_state,
+ struct hip_packet_context *ctx);
+
+int hip_hmac2_and_sign(const uint8_t packet_type,
+ const uint32_t ha_state,
+ struct hip_packet_context *ctx);
+
+int hip_add_rvs_relay_to(const uint8_t packet_type,
+ const uint32_t ha_state,
+ struct hip_packet_context *ctx);
+
+int hip_create_r2(const uint8_t packet_type,
+ const uint32_t ha_state,
+ struct hip_packet_context *ctx);
+
int hip_send_r2(const uint8_t packet_type,
const uint32_t ha_state,
struct hip_packet_context *ctx);
-int hip_send_r2_response(struct hip_common *r2,
- struct in6_addr *r2_saddr,
- struct in6_addr *r2_daddr,
- hip_ha_t *entry,
- hip_portpair_t *r2_info);
-
int hip_send_i1(hip_hit_t *, const hip_hit_t *, hip_ha_t *);
+int hip_add_signed_echo_response(const uint8_t packet_type,
+ const uint32_t ha_state,
+ struct hip_packet_context *ctx);
+
+int hip_sign_and_mac_packet(const uint8_t packet_type,
+ const uint32_t ha_state,
+ struct hip_packet_context *ctx);
+
+int hip_add_unsigned_echo_response(const uint8_t packet_type,
+ const uint32_t ha_state,
+ struct hip_packet_context *ctx);
+
+int hip_create_i2(const uint8_t packet_type,
+ const uint32_t ha_state,
+ struct hip_packet_context *ctx);
+
int hip_send_i2(const uint8_t packet_type,
const uint32_t ha_state,
struct hip_packet_context *ctx);
=== modified file 'hipd/user.c'
--- hipd/user.c 2010-08-25 12:53:17 +0000
+++ hipd/user.c 2010-09-03 11:40:19 +0000
@@ -72,8 +72,6 @@
#include "cert.h"
#include "close.h"
#include "cookie.h"
-#include "esp_prot_anchordb.h"
-#include "esp_prot_hipd_msg.h"
#include "hadb.h"
#include "hidb.h"
#include "hipd.h"
@@ -717,22 +715,6 @@
set_up_device(HIP_HIT_DEV, 0);
err = set_up_device(HIP_HIT_DEV, 1);
break;
- case HIP_MSG_ESP_PROT_TFM:
- HIP_DUMP_MSG(msg);
- err = esp_prot_set_preferred_transforms(msg);
- break;
- case HIP_MSG_BEX_STORE_UPDATE:
- HIP_DUMP_MSG(msg);
- err = anchor_db_update(msg);
- break;
- case HIP_MSG_TRIGGER_UPDATE:
- HIP_DUMP_MSG(msg);
- err = esp_prot_handle_trigger_update_msg(msg);
- break;
- case HIP_MSG_ANCHOR_CHANGE:
- HIP_DUMP_MSG(msg);
- err = esp_prot_handle_anchor_change_msg(msg);
- break;
case HIP_MSG_GET_LSI_PEER:
while ((param = hip_get_next_param(msg, param))) {
if (hip_get_param_type(param) == HIP_PARAM_HIT) {
=== modified file 'lib/core/builder.c'
--- lib/core/builder.c 2010-08-20 14:34:13 +0000
+++ lib/core/builder.c 2010-09-03 11:40:19 +0000
@@ -391,7 +391,7 @@
* @param tlv_generic pointer to the parameter
* @param type type of the parameter (in host byte order)
*/
-static void hip_set_param_type(struct hip_tlv_common *tlv_generic, hip_tlv_type_t type)
+void hip_set_param_type(struct hip_tlv_common *tlv_generic, hip_tlv_type_t type)
{
tlv_generic->type = htons(type);
}
@@ -1497,10 +1497,10 @@
* @see hip_build_param().
* @see hip_build_param_contents().
*/
-static int hip_build_generic_param(struct hip_common *msg,
- const void *parameter_hdr,
- hip_tlv_len_t param_hdr_size,
- const void *contents)
+int hip_build_generic_param(struct hip_common *msg,
+ const void *parameter_hdr,
+ hip_tlv_len_t param_hdr_size,
+ const void *contents)
{
const struct hip_tlv_common *param = (const struct hip_tlv_common *) parameter_hdr;
const void *src = NULL;
@@ -2905,242 +2905,6 @@
}
/**
- * build and append a ESP PROT transform parameter
- *
- * @param msg the message where the parameter will be appended
- * @param transforms the transforms to be used for the esp extension header
- * @param num_transforms the number of transforms
- * @return 0 on success, otherwise < 0.
- */
-int hip_build_param_esp_prot_transform(struct hip_common *msg,
- int num_transforms,
- uint8_t *transforms)
-{
- struct esp_prot_preferred_tfms prot_transforms;
- int err = 0, i;
-
- hip_set_param_type((struct hip_tlv_common *) &prot_transforms,
- HIP_PARAM_ESP_PROT_TRANSFORMS);
-
- /* note: the length cannot be calculated with calc_param_len() */
- hip_set_param_contents_len((struct hip_tlv_common *) &prot_transforms,
- (num_transforms + 1) * sizeof(uint8_t));
-
- prot_transforms.num_transforms = num_transforms;
- HIP_DEBUG("added num_transforms: %u\n", prot_transforms.num_transforms);
-
- for (i = 0; i < prot_transforms.num_transforms; i++) {
- prot_transforms.transforms[i] = transforms[i];
- HIP_DEBUG("added transform %i: %u\n", i + 1, transforms[i]);
- }
-
- err = hip_build_generic_param(msg,
- &prot_transforms,
- sizeof(struct hip_tlv_common),
- hip_get_param_contents_direct(&prot_transforms));
- return err;
-}
-
-/**
- * build and append am ESP PROT anchor parameter
- *
- * @param msg the message where the parameter will be appended
- * @param transform the esp protection transform used for this anchor,
- * if UNUSED 1 byte of 0 is sent
- * @param active_anchor the anchor for the hchain to be used for extended esp protection,
- * if NULL
- * @param next_anchor the next anchor
- * @param hash_length the length of the hash
- * @param hash_item_length the length of the hash item
- * @return 0 on success, otherwise < 0.
- */
-int hip_build_param_esp_prot_anchor(struct hip_common *msg,
- uint8_t transform,
- unsigned char *active_anchor,
- unsigned char *next_anchor,
- int hash_length,
- int hash_item_length)
-{
- int err = 0;
- struct esp_prot_anchor esp_anchor;
-
- HIP_ASSERT(msg != NULL);
- /* NULL-active_anchor only allowed for UNUSED-transform */
- HIP_ASSERT((!transform && !active_anchor) || (transform && active_anchor));
- /* next_anchor might be NULL */
-
- /* set parameter type */
- hip_set_param_type((struct hip_tlv_common *) &esp_anchor, HIP_PARAM_ESP_PROT_ANCHOR);
-
- /* set parameter values */
- esp_anchor.transform = transform;
- esp_anchor.hash_item_length = htonl(hash_item_length);
-
- /* distinguish UNUSED from any other case */
- if (!transform) {
- /* send 1 byte of 0 per anchor in UNUSED case */
- hash_length = 1;
-
- memset(&esp_anchor.anchors[0], 0, hash_length);
- memset(&esp_anchor.anchors[hash_length], 0, hash_length);
- } else {
- memcpy(&esp_anchor.anchors[0], active_anchor, hash_length);
-
- /* send 0 if next_anchor not present */
- if (next_anchor) {
- memcpy(&esp_anchor.anchors[hash_length], next_anchor, hash_length);
- } else {
- memset(&esp_anchor.anchors[hash_length], 0, hash_length);
- }
- }
-
- hip_set_param_contents_len((struct hip_tlv_common *) &esp_anchor,
- sizeof(uint8_t) + sizeof(uint32_t) + 2
- * hash_length);
-
- err = hip_build_generic_param(msg,
- &esp_anchor,
- sizeof(struct hip_tlv_common),
- hip_get_param_contents_direct(&esp_anchor));
-
- HIP_DEBUG("added esp protection transform: %u\n", transform);
- HIP_DEBUG("added hash item length: %u\n", hash_item_length);
- HIP_HEXDUMP("added esp protection active_anchor: ",
- &esp_anchor.anchors[0],
- hash_length);
- HIP_HEXDUMP("added esp protection next_anchor: ",
- &esp_anchor.anchors[hash_length],
- hash_length);
-
- return err;
-}
-
-/**
- * build a branch parameter for the ESP extensions
- *
- * @param msg the message where the parameter is appended
- * @param anchor_offset anchor offset value
- * @param branch_length the length of the branch
- * @param branch_nodes the contents of the parameter
- * @return zero on success or negative on error
- */
-int hip_build_param_esp_prot_branch(struct hip_common *msg,
- int anchor_offset,
- int branch_length,
- const unsigned char *branch_nodes)
-{
- int err = 0;
- struct esp_prot_branch branch;
-
- HIP_ASSERT(msg != NULL);
- HIP_ASSERT(anchor_offset >= 0);
- HIP_ASSERT(branch_length > 0);
- HIP_ASSERT(branch_nodes != NULL);
-
- /* set parameter type */
- hip_set_param_type((struct hip_tlv_common *) &branch, HIP_PARAM_ESP_PROT_BRANCH);
-
- /* set parameter values */
- branch.anchor_offset = htonl(anchor_offset);
- branch.branch_length = htonl(branch_length);
- memcpy(&branch.branch_nodes[0], branch_nodes, branch_length);
-
- hip_set_param_contents_len((struct hip_tlv_common *) &branch, 2
- * sizeof(uint32_t) + branch_length);
-
- err = hip_build_generic_param(msg,
- &branch,
- sizeof(struct hip_tlv_common),
- hip_get_param_contents_direct(&branch));
-
- HIP_DEBUG("added esp anchor offset: %u\n", branch.anchor_offset);
- HIP_DEBUG("added esp branch length: %u\n", branch.branch_length);
- HIP_HEXDUMP("added esp branch: ", &branch.branch_nodes[0], branch_length);
-
- return err;
-}
-
-/**
- * build a secred parameter for the ESP extensions
- *
- * @param msg the message where the parameter is appended
- * @param secret_length the length of the secret value
- * @param secret the contents of the parameter
- * @return zero on success or negative on error
- */
-int hip_build_param_esp_prot_secret(struct hip_common *msg,
- int secret_length,
- const unsigned char *secret)
-{
- int err = 0;
- struct esp_prot_secret esp_secret;
-
- HIP_ASSERT(msg != NULL);
- HIP_ASSERT(secret_length > 0);
- HIP_ASSERT(secret != NULL);
-
- /* set parameter type */
- hip_set_param_type((struct hip_tlv_common *) &esp_secret, HIP_PARAM_ESP_PROT_SECRET);
-
- /* set parameter values */
- esp_secret.secret_length = secret_length;
- memcpy(&esp_secret.secret[0], secret, secret_length);
-
- hip_set_param_contents_len((struct hip_tlv_common *) &esp_secret,
- sizeof(uint8_t) + secret_length);
-
- err = hip_build_generic_param(msg, &esp_secret,
- sizeof(struct hip_tlv_common),
- hip_get_param_contents_direct(&esp_secret));
-
- HIP_DEBUG("added esp secret length: %u\n", esp_secret.secret_length);
- HIP_HEXDUMP("added esp secret: ", &esp_secret.secret[0], secret_length);
-
- return err;
-}
-
-/**
- * build a root parameter for the ESP extensions
- *
- * @param msg the message where the parameter is appended
- * @param root_length the length of the root value
- * @param root the contents of the parameter
- * @return zero on success or negative on error
- */
-int hip_build_param_esp_prot_root(struct hip_common *msg,
- uint8_t root_length,
- unsigned char *root)
-{
- int err = 0;
- struct esp_prot_root esp_root;
-
- HIP_ASSERT(msg != NULL);
- HIP_ASSERT(root_length > 0);
- HIP_ASSERT(root != NULL);
-
- // set parameter type
- hip_set_param_type((struct hip_tlv_common *) &esp_root,
- HIP_PARAM_ESP_PROT_ROOT);
-
- // set parameter values
- esp_root.root_length = root_length;
- memcpy(&esp_root.root[0], root, root_length);
-
- hip_set_param_contents_len((struct hip_tlv_common *) &esp_root,
- sizeof(uint8_t) + root_length);
-
- err = hip_build_generic_param(msg,
- &esp_root,
- sizeof(struct hip_tlv_common),
- hip_get_param_contents_direct(&esp_root));
-
- HIP_DEBUG("added esp root length: %u\n", esp_root.root_length);
- HIP_HEXDUMP("added esp root: ", &esp_root.root[0], root_length);
-
- return err;
-}
-
-/**
* hip_build_param_esp_info - build esp_info parameter
* \todo Properly comment parameters of hip_build_param_esp_info()
*
=== modified file 'lib/core/builder.h'
--- lib/core/builder.h 2010-08-19 10:43:06 +0000
+++ lib/core/builder.h 2010-09-03 11:40:19 +0000
@@ -178,6 +178,10 @@
int hip_build_user_hdr(struct hip_common *, hip_hdr_type_t, hip_hdr_err_t);
void hip_calc_hdr_len(struct hip_common *);
int hip_check_network_msg(const struct hip_common *);
+int hip_build_generic_param(struct hip_common *msg,
+ const void *parameter_hdr,
+ hip_tlv_len_t param_hdr_size,
+ const void *contents);
int hip_verify_network_header(struct hip_common *hip_common,
struct sockaddr *src,
struct sockaddr *dst,
@@ -214,6 +218,7 @@
hip_tlv_len_t hip_get_param_total_len(const void *);
hip_transform_suite_t hip_get_param_transform_suite_id(const void *);
hip_tlv_type_t hip_get_param_type(const void *);
+void hip_set_param_type(struct hip_tlv_common *tlv_generic, hip_tlv_type_t type);
uint16_t hip_get_msg_checksum(struct hip_common *msg);
const char *hip_message_type_name(const uint8_t);
struct hip_common *hip_msg_alloc(void);
@@ -257,25 +262,6 @@
uint8_t *type_list,
int type_count);
-int hip_build_param_esp_prot_transform(struct hip_common *msg,
- int num_transforms,
- uint8_t *transforms);
-int hip_build_param_esp_prot_anchor(struct hip_common *msg,
- uint8_t transform,
- unsigned char *active_anchor,
- unsigned char *next_anchor,
- int hash_length,
- int hash_item_length);
-int hip_build_param_esp_prot_branch(struct hip_common *msg,
- int anchor_offset,
- int branch_length,
- const unsigned char *branch_nodes);
-int hip_build_param_esp_prot_secret(struct hip_common *msg,
- int secret_length,
- const unsigned char *secret);
-int hip_build_param_esp_prot_root(struct hip_common *msg,
- uint8_t root_length,
- unsigned char *root);
int hip_build_param_reg_from(struct hip_common *msg,
const struct in6_addr *addr,
const in_port_t port);
=== modified file 'lib/core/common.h'
--- lib/core/common.h 2010-07-14 16:01:50 +0000
+++ lib/core/common.h 2010-09-03 11:40:19 +0000
@@ -52,6 +52,13 @@
# define RVS UNUSED
#endif
+/** marking for firewall function parameters */
+#ifdef CONFIG_HIP_FIREWALL
+# define HIPFW
+#else
+# define HIPFW UNUSED
+#endif
+
/** marking for OPPORTUNISTIC-specific function parameters */
#ifdef CONFIG_HIP_OPPORTUNISTIC
# define OPP
=== modified file 'lib/core/protodefs.h'
--- lib/core/protodefs.h 2010-08-17 17:23:18 +0000
+++ lib/core/protodefs.h 2010-09-03 11:40:19 +0000
@@ -37,9 +37,6 @@
#include <sys/socket.h>
#include <sys/types.h>
-#include "lib/core/esp_prot_common.h"
-#include "lib/core/hashchain.h"
-
#ifndef PF_HIP
# define PF_HIP 32
#endif
@@ -639,45 +636,6 @@
void * keymatdst; /**< Pointer to beginning of key material */
};
-struct esp_prot_preferred_tfms {
- hip_tlv_type_t type;
- hip_tlv_len_t length;
- uint8_t num_transforms;
- // this will also contain the UNUSED transform
- uint8_t transforms[MAX_NUM_TRANSFORMS];
-} __attribute__ ((packed));
-
-struct esp_prot_anchor {
- hip_tlv_type_t type;
- hip_tlv_len_t length;
- uint8_t transform;
- uint32_t hash_item_length;
- // contains active and next anchor
- unsigned char anchors[2 * MAX_HASH_LENGTH];
-} __attribute__ ((packed));
-
-struct esp_prot_branch {
- hip_tlv_type_t type;
- hip_tlv_len_t length;
- uint32_t anchor_offset;
- uint32_t branch_length;
- unsigned char branch_nodes[MAX_HTREE_DEPTH * MAX_HASH_LENGTH];
-} __attribute__ ((packed));
-
-struct esp_prot_secret {
- hip_tlv_type_t type;
- hip_tlv_len_t length;
- uint8_t secret_length;
- unsigned char secret[MAX_HASH_LENGTH];
-} __attribute__ ((packed));
-
-struct esp_prot_root {
- hip_tlv_type_t type;
- hip_tlv_len_t length;
- uint8_t root_length;
- unsigned char root[MAX_HASH_LENGTH];
-} __attribute__ ((packed));
-
/**
* Used in executing a unit test case in a test suite in the kernel module.
*/
=== modified file 'lib/core/state.h'
--- lib/core/state.h 2010-07-14 16:01:50 +0000
+++ lib/core/state.h 2010-09-03 11:40:19 +0000
@@ -267,34 +267,6 @@
int esp_transform;
/** HIP transform type */
int hip_transform;
- /** ESP extension protection transform */
- uint8_t esp_prot_transform;
- /** ESP extension protection parameter */
- int esp_prot_param;
- /** ESP extension protection local_anchor */
- unsigned char esp_local_anchors[MAX_NUM_PARALLEL_HCHAINS][MAX_HASH_LENGTH];
- /** another local anchor used for UPDATE messages */
- unsigned char esp_local_update_anchors[MAX_NUM_PARALLEL_HCHAINS][MAX_HASH_LENGTH];
- /** ESP extension protection peer_anchor */
- unsigned char esp_peer_anchors[MAX_NUM_PARALLEL_HCHAINS][MAX_HASH_LENGTH];
- /** another peer anchor used for UPDATE messages */
- unsigned char esp_peer_update_anchors[MAX_NUM_PARALLEL_HCHAINS][MAX_HASH_LENGTH];
- /** needed for offset calculation when using htrees */
- uint32_t esp_local_active_length;
- uint32_t esp_local_update_length;
- uint32_t esp_peer_active_length;
- uint32_t esp_peer_update_length;
- /** root needed in case of hierarchical hchain linking */
- uint8_t esp_root_length;
- unsigned char esp_root[MAX_NUM_PARALLEL_HCHAINS][MAX_HASH_LENGTH];
- int hash_item_length;
- /** parameters needed for soft-updates of hchains */
- /** Stored outgoing UPDATE ID counter. */
- uint32_t light_update_id_out;
- /** Stored incoming UPDATE ID counter. */
- uint32_t light_update_id_in;
- /** retranmission */
- uint8_t light_update_retrans;
/** Something to do with the birthday paradox.
* @todo Please clarify what this field is. */
uint64_t birthday;
=== modified file 'lib/core/statistics.c'
--- lib/core/statistics.c 2010-07-14 15:58:20 +0000
+++ lib/core/statistics.c 2010-09-03 11:40:19 +0000
@@ -29,8 +29,8 @@
*/
#include <math.h>
-#include <stdint.h>
#include <sys/time.h>
+#include <stdlib.h>
#include "debug.h"
#include "ife.h"
=== added directory 'modules/esp_tokens'
=== added file 'modules/esp_tokens/Makefile.am'
--- modules/esp_tokens/Makefile.am 1970-01-01 00:00:00 +0000
+++ modules/esp_tokens/Makefile.am 2010-09-03 11:40:19 +0000
@@ -0,0 +1,16 @@
+lib_LTLIBRARIES += modules/esp_tokens/hipd/libhipesptokens.la \
+ modules/esp_tokens/lib/libhipesptokens_common.la
+
+modules_esp_tokens_hipd_libhipesptokens_la_SOURCES = modules/esp_tokens/hipd/esp_prot_anchordb.c \
+ modules/esp_tokens/hipd/esp_prot_hipd_msg.c \
+ modules/esp_tokens/hipd/esp_prot_light_update.c \
+ modules/esp_tokens/hipd/esp_tokens_state.c \
+ modules/esp_tokens/hipd/esp_tokens_builder.c \
+ modules/esp_tokens/hipd/esp_tokens.c
+
+modules_esp_tokens_lib_libhipesptokens_common_la_SOURCES = modules/esp_tokens/lib/esp_prot_common.c
+
+hipd_hipd_LDADD += modules/esp_tokens/hipd/libhipesptokens.la \
+ modules/esp_tokens/lib/libhipesptokens_common.la
+
+firewall_hipfw_LDADD += modules/esp_tokens/lib/libhipesptokens_common.la
=== added directory 'modules/esp_tokens/hipd'
=== renamed file 'hipd/esp_prot_anchordb.c' => 'modules/esp_tokens/hipd/esp_prot_anchordb.c'
--- hipd/esp_prot_anchordb.c 2010-08-20 14:34:13 +0000
+++ modules/esp_tokens/hipd/esp_prot_anchordb.c 2010-09-03 11:40:19 +0000
@@ -40,12 +40,15 @@
#include <string.h>
#include "lib/core/builder.h"
+#include "lib/core/common.h"
#include "lib/core/debug.h"
-#include "lib/core/esp_prot_common.h"
#include "lib/core/ife.h"
+#include "modules/esp_tokens/lib/esp_prot_common.h"
#include "lib/core/protodefs.h"
-#include "hipd.h"
-#include "init.h"
+#include "hipd/hipd.h"
+#include "hipd/init.h"
+#include "esp_tokens.h"
+#include "esp_tokens_state.h"
#include "esp_prot_anchordb.h"
@@ -104,7 +107,8 @@
* @param msg the user-message sent by fw
* @return 0 if ok, != 0 else
*/
-int anchor_db_update(const struct hip_common *msg)
+int anchor_db_update(struct hip_common *msg,
+ UNUSED struct sockaddr_in6 *src)
{
const struct hip_tlv_common *param = NULL;
const unsigned char *anchor = NULL;
=== renamed file 'hipd/esp_prot_anchordb.h' => 'modules/esp_tokens/hipd/esp_prot_anchordb.h'
--- hipd/esp_prot_anchordb.h 2010-07-07 16:42:17 +0000
+++ modules/esp_tokens/hipd/esp_prot_anchordb.h 2010-09-03 11:40:19 +0000
@@ -44,7 +44,8 @@
void anchor_db_init(void);
void anchor_db_uninit(void);
-int anchor_db_update(const struct hip_common *msg);
+int anchor_db_update(struct hip_common *msg,
+ struct sockaddr_in6 *src);
int anchor_db_get_num_anchors(const uint8_t transform);
unsigned char *anchor_db_get_anchor(const uint8_t transform);
int anchor_db_get_anchor_length(const uint8_t transform);
=== renamed file 'hipd/esp_prot_hipd_msg.c' => 'modules/esp_tokens/hipd/esp_prot_hipd_msg.c'
--- hipd/esp_prot_hipd_msg.c 2010-08-25 12:53:17 +0000
+++ modules/esp_tokens/hipd/esp_prot_hipd_msg.c 2010-09-03 11:40:19 +0000
@@ -39,19 +39,23 @@
#include <arpa/inet.h>
#include "lib/core/builder.h"
+#include "lib/core/common.h"
#include "lib/core/debug.h"
-#include "lib/core/esp_prot_common.h"
#include "lib/core/hip_udp.h"
#include "lib/core/ife.h"
#include "lib/core/protodefs.h"
#include "lib/tool/xfrmapi.h"
-#include "cookie.h"
+#include "modules/esp_tokens/lib/esp_prot_common.h"
+#include "hipd/cookie.h"
#include "esp_prot_anchordb.h"
#include "esp_prot_light_update.h"
-#include "hadb.h"
-#include "hipd.h"
-#include "output.h"
+#include "hipd/hadb.h"
+#include "hipd/hipd.h"
+#include "hipd/output.h"
#include "esp_prot_hipd_msg.h"
+#include "esp_tokens_state.h"
+#include "esp_tokens_builder.h"
+#include "esp_tokens.h"
#include "modules/update/hipd/update.h"
#include "modules/user_ipsec/hipd/user_ipsec.h"
@@ -72,10 +76,10 @@
const struct in6_addr *dst_ip,
const uint32_t spi)
{
- hip_common_t *resp_update = NULL;
- const struct hip_seq *seq = NULL;
- uint16_t mask = 0;
- int err = 0;
+ hip_common_t *resp_update = NULL;
+ const struct hip_seq *seq = NULL;
+ uint16_t mask = 0;
+ int err = 0;
HIP_IFEL(!(seq = hip_get_param(recv_update, HIP_PARAM_SEQ)),
-1,
@@ -170,7 +174,8 @@
* @param msg the user-message sent by the firewall
* @return 0 if ok, != 0 else
*/
-int esp_prot_set_preferred_transforms(const struct hip_common *msg)
+int esp_prot_set_preferred_transforms(struct hip_common *msg,
+ UNUSED struct sockaddr_in6 *src)
{
const struct hip_tlv_common *param = NULL;
int err = 0, i;
@@ -226,7 +231,8 @@
* @param msg the user-message sent by the firewall
* @return 0 if ok, != 0 else
*/
-int esp_prot_handle_trigger_update_msg(const struct hip_common *msg)
+int esp_prot_handle_trigger_update_msg(struct hip_common *msg,
+ UNUSED struct sockaddr_in6 *src)
{
const struct hip_tlv_common *param = NULL;
const hip_hit_t *local_hit = NULL, *peer_hit = NULL;
@@ -242,6 +248,7 @@
const unsigned char *branch_nodes[MAX_NUM_PARALLEL_HCHAINS];
const unsigned char *root[MAX_NUM_PARALLEL_HCHAINS];
hip_ha_t *entry = NULL;
+ struct esp_tokens_state *esp_tokens_state = NULL;
int hash_item_length = 0;
unsigned char cmp_val[MAX_HASH_LENGTH];
int err = 0;
@@ -261,13 +268,17 @@
HIP_IFEL(!(entry = hip_hadb_find_byhits(local_hit, peer_hit)), -1,
"failed to retrieve requested HA entry\n");
+ HIP_IFEL(!(esp_tokens_state = lmod_get_state_item(entry->hip_modular_state,
+ "esp_tokens")),
+ -1, "failed to retrieve state for esp tokens\n");
+
param = hip_get_param(msg, HIP_PARAM_ESP_PROT_TFM);
esp_prot_tfm = *((const uint8_t *)
hip_get_param_contents_direct(param));
HIP_DEBUG("esp_prot_transform: %u\n", esp_prot_tfm);
// check if transforms are matching and add anchor as new local_anchor
- HIP_IFEL(entry->esp_prot_transform != esp_prot_tfm, -1,
+ HIP_IFEL(esp_tokens_state->esp_prot_transform != esp_prot_tfm, -1,
"esp prot transform changed without new BEX\n");
HIP_DEBUG("esp prot transforms match\n");
@@ -277,10 +288,10 @@
HIP_DEBUG("hash_item_length: %i\n", hash_item_length);
// set the hash_item_length of the item used for this update
- entry->hash_item_length = hash_item_length;
+ esp_tokens_state->hash_item_length = hash_item_length;
// we need to know the hash_length for this transform
- hash_length = anchor_db_get_anchor_length(entry->esp_prot_transform);
+ hash_length = anchor_db_get_anchor_length(esp_tokens_state->esp_prot_transform);
param = hip_get_next_param(msg, param);
num_parallel_hchains = *((const long *)
@@ -294,13 +305,15 @@
HIP_HEXDUMP("anchor: ", esp_prot_anchor, hash_length);
// make sure that the update-anchor is not set yet
- HIP_IFEL(memcmp(&entry->esp_local_update_anchors[i][0],
+ HIP_IFEL(memcmp(&esp_tokens_state->esp_local_update_anchors[i][0],
&cmp_val[0], MAX_HASH_LENGTH),
-1,
"next hchain changed in fw, but we still have the last update-anchor set!");
// set the update anchor
- memcpy(&entry->esp_local_update_anchors[i][0], esp_prot_anchor, hash_length);
+ memcpy(&esp_tokens_state->esp_local_update_anchors[i][0],
+ esp_prot_anchor,
+ hash_length);
param = hip_get_next_param(msg, param);
}
@@ -308,16 +321,16 @@
root_length = *((const int *)
hip_get_param_contents_direct(param));
HIP_DEBUG("root_length: %i\n", root_length);
- entry->esp_root_length = root_length;
+ esp_tokens_state->esp_root_length = root_length;
// process all update roots now
if (root_length > 0) {
param = hip_get_param(msg, HIP_PARAM_ROOT);
for (i = 0; i < num_parallel_hchains; i++) {
root[i] = hip_get_param_contents_direct(param);
- memcpy(&entry->esp_root[i][0], root[i], root_length);
+ memcpy(&esp_tokens_state->esp_root[i][0], root[i], root_length);
- HIP_HEXDUMP("root: ", &entry->esp_root[i][0], root_length);
+ HIP_HEXDUMP("root: ", &esp_tokens_state->esp_root[i][0], root_length);
param = hip_get_next_param(msg, param);
}
@@ -380,17 +393,19 @@
* @param msg the user-message sent by the firewall
* @return 0 if ok, != 0 else
*/
-int esp_prot_handle_anchor_change_msg(const struct hip_common *msg)
+int esp_prot_handle_anchor_change_msg(struct hip_common *msg,
+ UNUSED struct sockaddr_in6 *src)
{
- const struct hip_tlv_common *param = NULL;
- const hip_hit_t *local_hit = NULL, *peer_hit = NULL;
- uint8_t esp_prot_tfm = 0;
- int hash_length = 0;
- const unsigned char *esp_prot_anchor = NULL;
- hip_ha_t *entry = NULL;
- int direction = 0;
- long num_parallel_hchains = 0, i;
- int err = 0;
+ const struct hip_tlv_common *param = NULL;
+ const hip_hit_t *local_hit = NULL, *peer_hit = NULL;
+ uint8_t esp_prot_tfm = 0;
+ int hash_length = 0;
+ const unsigned char *esp_prot_anchor = NULL;
+ hip_ha_t *entry = NULL;
+ struct esp_tokens_state *esp_tokens_state = NULL;
+ int direction = 0;
+ long num_parallel_hchains = 0, i;
+ int err = 0;
param = hip_get_param(msg, HIP_PARAM_HIT);
local_hit = hip_get_param_contents_direct(param);
@@ -422,13 +437,17 @@
HIP_IFEL(!(entry = hip_hadb_find_byhits(local_hit, peer_hit)), -1,
"failed to retrieve requested HA entry\n");
+ HIP_IFEL(!(esp_tokens_state = lmod_get_state_item(entry->hip_modular_state,
+ "esp_tokens")),
+ -1, "failed to retrieve state for esp tokens\n");
+
// check if transforms are matching and add anchor as new local_anchor
- HIP_IFEL(entry->esp_prot_transform != esp_prot_tfm, -1,
+ HIP_IFEL(esp_tokens_state->esp_prot_transform != esp_prot_tfm, -1,
"esp prot transform changed without new BEX\n");
HIP_DEBUG("esp prot transforms match\n");
// we need to know the hash_length for this transform
- hash_length = anchor_db_get_anchor_length(entry->esp_prot_transform);
+ hash_length = anchor_db_get_anchor_length(esp_tokens_state->esp_prot_transform);
// only handle outbound direction here
if (direction == HIP_SPI_DIRECTION_OUT) {
@@ -437,12 +456,18 @@
HIP_HEXDUMP("anchor: ", esp_prot_anchor, hash_length);
// make sure that the update-anchor is set
- HIP_IFEL(memcmp(&entry->esp_local_update_anchors[i][0], esp_prot_anchor, hash_length),
+ HIP_IFEL(memcmp(&esp_tokens_state->esp_local_update_anchors[i][0],
+ esp_prot_anchor,
+ hash_length),
-1, "hchain-anchors used for outbound connections NOT in sync\n");
// set update anchor as new active local anchor
- memcpy(&entry->esp_local_anchors[i][0], &entry->esp_local_update_anchors[i][0], hash_length);
- memset(&entry->esp_local_update_anchors[i][0], 0, MAX_HASH_LENGTH);
+ memcpy(&esp_tokens_state->esp_local_anchors[i][0],
+ &esp_tokens_state->esp_local_update_anchors[i][0],
+ hash_length);
+ memset(&esp_tokens_state->esp_local_update_anchors[i][0],
+ 0,
+ MAX_HASH_LENGTH);
HIP_DEBUG("changed update_anchor to local_anchor\n");
@@ -474,44 +499,52 @@
unsigned char (*hchain_anchors)[MAX_HASH_LENGTH] = NULL;
int hash_length = 0;
uint32_t hash_item_length = 0;
+ struct esp_tokens_state *esp_tokens_state = NULL;
int err = 0, i;
+ HIP_IFEL(!(esp_tokens_state = lmod_get_state_item(entry->hip_modular_state,
+ "esp_tokens")),
+ -1, "failed to retrieve state for esp tokens\n");
+
HIP_DEBUG("direction: %i\n", direction);
// we always tell the negotiated transform to the firewall
- HIP_DEBUG("esp protection transform is %u \n", entry->esp_prot_transform);
- HIP_IFEL(hip_build_param_contents(msg, &entry->esp_prot_transform,
- HIP_PARAM_ESP_PROT_TFM, sizeof(uint8_t)), -1,
- "build param contents failed\n");
+ HIP_DEBUG("esp protection transform is %u \n",
+ esp_tokens_state->esp_prot_transform);
+ HIP_IFEL(hip_build_param_contents(msg,
+ &esp_tokens_state->esp_prot_transform,
+ HIP_PARAM_ESP_PROT_TFM,
+ sizeof(uint8_t)),
+ -1, "build param contents failed\n");
// but we only transmit the anchor to the firewall, if the esp extension is used
- if (entry->esp_prot_transform > ESP_PROT_TFM_UNUSED) {
- hash_length = anchor_db_get_anchor_length(entry->esp_prot_transform);
+ if (esp_tokens_state->esp_prot_transform > ESP_PROT_TFM_UNUSED) {
+ hash_length = anchor_db_get_anchor_length(esp_tokens_state->esp_prot_transform);
// choose the anchor depending on the direction and update or add
if (update) {
if (direction == HIP_SPI_DIRECTION_OUT) {
- HIP_IFEL(!(hchain_anchors = entry->esp_local_update_anchors), -1,
+ HIP_IFEL(!(hchain_anchors = esp_tokens_state->esp_local_update_anchors), -1,
"hchain anchor expected, but not present\n");
- hash_item_length = entry->esp_local_update_length;
+ hash_item_length = esp_tokens_state->esp_local_update_length;
} else {
- HIP_IFEL(!(hchain_anchors = entry->esp_peer_update_anchors), -1,
+ HIP_IFEL(!(hchain_anchors = esp_tokens_state->esp_peer_update_anchors), -1,
"hchain anchor expected, but not present\n");
- hash_item_length = entry->esp_peer_update_length;
+ hash_item_length = esp_tokens_state->esp_peer_update_length;
}
} else {
if (direction == HIP_SPI_DIRECTION_OUT) {
- HIP_IFEL(!(hchain_anchors = entry->esp_local_anchors), -1,
+ HIP_IFEL(!(hchain_anchors = esp_tokens_state->esp_local_anchors), -1,
"hchain anchor expected, but not present\n");
- hash_item_length = entry->esp_local_active_length;
+ hash_item_length = esp_tokens_state->esp_local_active_length;
} else {
- HIP_IFEL(!(hchain_anchors = entry->esp_peer_anchors), -1,
+ HIP_IFEL(!(hchain_anchors = esp_tokens_state->esp_peer_anchors), -1,
"hchain anchor expected, but not present\n");
- hash_item_length = entry->esp_peer_active_length;
+ hash_item_length = esp_tokens_state->esp_peer_active_length;
}
}
@@ -578,11 +611,18 @@
* @param ctx packet context for the received R1 message
* @return always 0
*/
-int esp_prot_r1_handle_transforms(struct hip_packet_context *ctx)
+int esp_prot_r1_handle_transforms(UNUSED const uint8_t packet_type,
+ UNUSED const uint32_t ha_state,
+ struct hip_packet_context *ctx)
{
const struct esp_prot_preferred_tfms *prot_transforms = NULL;
+ struct esp_tokens_state *esp_tokens_state = NULL;
int err = 0;
+ HIP_IFEL(!(esp_tokens_state = lmod_get_state_item(ctx->hadb_entry->hip_modular_state,
+ "esp_tokens")),
+ -1, "failed to retrieve state for esp tokens\n");
+
/* this is only handled if we are using userspace ipsec,
* otherwise we just ignore it */
if (hip_use_userspace_ipsec) {
@@ -596,28 +636,29 @@
HIP_DEBUG("received preferred transforms from peer\n");
// store that we received the param for further processing
- ctx->hadb_entry->esp_prot_param = 1;
+ esp_tokens_state->esp_prot_param = 1;
// select transform and store it for this connection
- ctx->hadb_entry->esp_prot_transform = esp_prot_select_transform(prot_transforms->num_transforms,
- prot_transforms->transforms);
+ esp_tokens_state->esp_prot_transform = esp_prot_select_transform(prot_transforms->num_transforms,
+ prot_transforms->transforms);
} else {
HIP_DEBUG("R1 does not contain preferred ESP protection " \
"transforms, locally setting UNUSED\n");
// store that we didn't received the param
- ctx->hadb_entry->esp_prot_param = 0;
+ esp_tokens_state->esp_prot_param = 0;
// if the other end-host does not want to use the extension, we don't either
- ctx->hadb_entry->esp_prot_transform = ESP_PROT_TFM_UNUSED;
+ esp_tokens_state->esp_prot_transform = ESP_PROT_TFM_UNUSED;
}
} else {
HIP_DEBUG("no userspace IPsec hint for ESP extension, locally setting UNUSED\n");
// make sure we don't add the anchor now and don't add any transform or anchor
- ctx->hadb_entry->esp_prot_transform = ESP_PROT_TFM_UNUSED;
+ esp_tokens_state->esp_prot_transform = ESP_PROT_TFM_UNUSED;
}
+ out_err:
return err;
}
@@ -627,65 +668,72 @@
* @param ctx packet context for the I2 message
* @return 0 on success, -1 in case of an error
*/
-int esp_prot_i2_add_anchor(struct hip_packet_context *ctx)
+int esp_prot_i2_add_anchor(UNUSED const uint8_t packet_type,
+ UNUSED const uint32_t ha_state,
+ struct hip_packet_context *ctx)
{
+ struct esp_tokens_state *esp_tokens_state = NULL;
unsigned char *anchor = NULL;
int hash_length = 0;
int hash_item_length = 0;
int err = 0, i;
+ HIP_IFEL(!(esp_tokens_state = lmod_get_state_item(ctx->hadb_entry->hip_modular_state,
+ "esp_tokens")),
+ -1, "failed to retrieve state for esp tokens\n");
+
/* only add, if extension in use and we agreed on a transform
*
* @note the transform was selected in handle R1 */
- if (ctx->hadb_entry->esp_prot_transform > ESP_PROT_TFM_UNUSED) {
+ if (esp_tokens_state->esp_prot_transform > ESP_PROT_TFM_UNUSED) {
// check for sufficient elements
- if (anchor_db_get_num_anchors(ctx->hadb_entry->esp_prot_transform) >=
+ if (anchor_db_get_num_anchors(esp_tokens_state->esp_prot_transform) >=
esp_prot_num_parallel_hchains) {
- hash_length = anchor_db_get_anchor_length(ctx->hadb_entry->esp_prot_transform);
+ hash_length = anchor_db_get_anchor_length(esp_tokens_state->esp_prot_transform);
HIP_DEBUG("hash_length: %i\n", hash_length);
- hash_item_length = anchor_db_get_hash_item_length(ctx->hadb_entry->esp_prot_transform);
+ hash_item_length = anchor_db_get_hash_item_length(esp_tokens_state->esp_prot_transform);
for (i = 0; i < esp_prot_num_parallel_hchains; i++) {
// add all anchors now
- HIP_IFEL(!(anchor = anchor_db_get_anchor(ctx->hadb_entry->esp_prot_transform)), -1,
+ HIP_IFEL(!(anchor = anchor_db_get_anchor(esp_tokens_state->esp_prot_transform)), -1,
"no anchor elements available, threading?\n");
- HIP_IFEL(hip_build_param_esp_prot_anchor(ctx->output_msg, ctx->hadb_entry->esp_prot_transform,
+ HIP_IFEL(hip_build_param_esp_prot_anchor(ctx->output_msg, esp_tokens_state->esp_prot_transform,
anchor, NULL, hash_length, hash_item_length), -1,
"Building of ESP protection anchor failed\n");
// store local_anchor
- memcpy(&ctx->hadb_entry->esp_local_anchors[i][0], anchor, hash_length);
- HIP_HEXDUMP("stored local anchor: ", &ctx->hadb_entry->esp_local_anchors[i][0], hash_length);
+ memcpy(&esp_tokens_state->esp_local_anchors[i][0], anchor, hash_length);
+ HIP_HEXDUMP("stored local anchor: ", &esp_tokens_state->esp_local_anchors[i][0], hash_length);
- ctx->hadb_entry->esp_local_active_length = hash_item_length;
- HIP_DEBUG("ctx->hadb_entry->esp_local_active_length: %u\n",
- ctx->hadb_entry->esp_local_active_length);
+ esp_tokens_state->esp_local_active_length = hash_item_length;
+ HIP_DEBUG("esp_tokens_state->esp_local_active_length: %u\n",
+ esp_tokens_state->esp_local_active_length);
}
} else {
// fall back
HIP_ERROR("agreed on using esp hchain protection, but not sufficient elements");
- ctx->hadb_entry->esp_prot_transform = ESP_PROT_TFM_UNUSED;
+ esp_tokens_state->esp_prot_transform = ESP_PROT_TFM_UNUSED;
// inform our peer
- HIP_IFEL(hip_build_param_esp_prot_anchor(ctx->output_msg, ctx->hadb_entry->esp_prot_transform,
+ HIP_IFEL(hip_build_param_esp_prot_anchor(ctx->output_msg, esp_tokens_state->esp_prot_transform,
NULL, NULL, 0, 0), -1,
"Building of ESP protection anchor failed\n");
}
} else {
// only reply, if transforms param in R1; send UNUSED param
- if (ctx->hadb_entry->esp_prot_param) {
+ if (esp_tokens_state->esp_prot_param) {
HIP_DEBUG("R1 contained transforms, but agreed not to use the extension\n");
- ctx->hadb_entry->esp_prot_transform = ESP_PROT_TFM_UNUSED;
+ esp_tokens_state->esp_prot_transform = ESP_PROT_TFM_UNUSED;
- HIP_IFEL(hip_build_param_esp_prot_anchor(ctx->output_msg, ctx->hadb_entry->esp_prot_transform,
+ HIP_IFEL(hip_build_param_esp_prot_anchor(ctx->output_msg, esp_tokens_state->esp_prot_transform,
NULL, NULL, 0, 0), -1,
"Building of ESP protection anchor failed\n");
} else {
HIP_DEBUG("peer didn't send transforms in R1, locally setting UNUSED\n");
- ctx->hadb_entry->esp_prot_transform = ESP_PROT_TFM_UNUSED;
+ esp_tokens_state->esp_prot_transform = ESP_PROT_TFM_UNUSED;
}
}
@@ -703,13 +751,20 @@
* @param ctx packet context for the I2 message
* @return 0 on success, -1 in case of an error
*/
-int esp_prot_i2_handle_anchor(struct hip_packet_context *ctx)
+int esp_prot_i2_handle_anchor(UNUSED const uint8_t packet_type,
+ UNUSED const uint32_t ha_state,
+ struct hip_packet_context *ctx)
{
const struct hip_tlv_common *param = NULL;
const struct esp_prot_anchor *prot_anchor = NULL;
+ struct esp_tokens_state *esp_tokens_state = NULL;
int hash_length = 0;
int err = 0, i;
+ HIP_IFEL(!(esp_tokens_state = lmod_get_state_item(ctx->hadb_entry->hip_modular_state,
+ "esp_tokens")),
+ -1, "failed to retrieve state for esp tokens\n");
+
/* only supported in user-mode ipsec and optional there */
if (hip_use_userspace_ipsec && esp_prot_num_transforms > 1) {
HIP_DEBUG("userspace IPsec hint: esp protection extension might be in use\n");
@@ -721,10 +776,10 @@
if (esp_prot_check_transform(esp_prot_num_transforms, esp_prot_transforms,
prot_anchor->transform) >= 0) {
// we know this transform
- ctx->hadb_entry->esp_prot_transform = prot_anchor->transform;
- hash_length = anchor_db_get_anchor_length(ctx->hadb_entry->esp_prot_transform);
+ esp_tokens_state->esp_prot_transform = prot_anchor->transform;
+ hash_length = anchor_db_get_anchor_length(esp_tokens_state->esp_prot_transform);
- if (ctx->hadb_entry->esp_prot_transform == ESP_PROT_TFM_UNUSED) {
+ if (esp_tokens_state->esp_prot_transform == ESP_PROT_TFM_UNUSED) {
HIP_DEBUG("agreed NOT to use esp protection extension\n");
// there should be no other anchors in this case
@@ -732,21 +787,21 @@
}
// store number of elements per hash structure
- ctx->hadb_entry->esp_peer_active_length = ntohl(prot_anchor->hash_item_length);
- HIP_DEBUG("ctx->hadb_entry->esp_peer_active_length: %u\n",
- ctx->hadb_entry->esp_peer_active_length);
+ esp_tokens_state->esp_peer_active_length = ntohl(prot_anchor->hash_item_length);
+ HIP_DEBUG("esp_tokens_state->esp_peer_active_length: %u\n",
+ esp_tokens_state->esp_peer_active_length);
// store all contained anchors
for (i = 0; i < esp_prot_num_parallel_hchains; i++) {
- if (!prot_anchor || prot_anchor->transform != ctx->hadb_entry->esp_prot_transform) {
+ if (!prot_anchor || prot_anchor->transform != esp_tokens_state->esp_prot_transform) {
// we expect an anchor and all anchors should have the same transform
err = -1;
goto out_err;
} else {
// store peer_anchor
- memcpy(&ctx->hadb_entry->esp_peer_anchors[i][0], &prot_anchor->anchors[0],
+ memcpy(&esp_tokens_state->esp_peer_anchors[i][0], &prot_anchor->anchors[0],
hash_length);
- HIP_HEXDUMP("received anchor: ", &ctx->hadb_entry->esp_peer_anchors[i][0],
+ HIP_HEXDUMP("received anchor: ", &esp_tokens_state->esp_peer_anchors[i][0],
hash_length);
}
@@ -757,17 +812,17 @@
} else {
HIP_ERROR("received anchor with unknown transform, falling back\n");
- ctx->hadb_entry->esp_prot_transform = ESP_PROT_TFM_UNUSED;
+ esp_tokens_state->esp_prot_transform = ESP_PROT_TFM_UNUSED;
}
} else {
HIP_DEBUG("NO esp anchor sent, locally setting UNUSED\n");
- ctx->hadb_entry->esp_prot_transform = ESP_PROT_TFM_UNUSED;
+ esp_tokens_state->esp_prot_transform = ESP_PROT_TFM_UNUSED;
}
} else {
HIP_DEBUG("userspace IPsec hint: esp protection extension NOT in use\n");
- ctx->hadb_entry->esp_prot_transform = ESP_PROT_TFM_UNUSED;
+ esp_tokens_state->esp_prot_transform = ESP_PROT_TFM_UNUSED;
}
out_err:
@@ -781,53 +836,61 @@
* @param entry hip association for the connection
* @return 0 on success, -1 in case of an error
*/
-int esp_prot_r2_add_anchor(hip_common_t *r2, hip_ha_t *entry)
+int esp_prot_r2_add_anchor(UNUSED const uint8_t packet_type,
+ UNUSED const uint32_t ha_state,
+ struct hip_packet_context *ctx)
{
- unsigned char *anchor = NULL;
- int hash_length = 0;
- int hash_item_length = 0;
- int err = 0, i;
+ unsigned char *anchor = NULL;
+ struct esp_tokens_state *esp_tokens_state = NULL;
+ int hash_length = 0;
+ int hash_item_length = 0;
+ int err = 0, i;
+
+ HIP_IFEL(!(esp_tokens_state = lmod_get_state_item(ctx->hadb_entry->hip_modular_state,
+ "esp_tokens")),
+ -1, "failed to retrieve state for esp tokens\n");
// only add, if extension in use, we agreed on a transform and no error until now
- if (entry->esp_prot_transform > ESP_PROT_TFM_UNUSED) {
+ if (esp_tokens_state->esp_prot_transform > ESP_PROT_TFM_UNUSED) {
// check for sufficient elements
- if (anchor_db_get_num_anchors(entry->esp_prot_transform) >= esp_prot_num_parallel_hchains) {
- hash_length = anchor_db_get_anchor_length(entry->esp_prot_transform);
+ if (anchor_db_get_num_anchors(esp_tokens_state->esp_prot_transform) >= esp_prot_num_parallel_hchains) {
+ hash_length = anchor_db_get_anchor_length(esp_tokens_state->esp_prot_transform);
HIP_DEBUG("hash_length: %i\n", hash_length);
for (i = 0; i < esp_prot_num_parallel_hchains; i++) {
// add all anchors now
- HIP_IFEL(!(anchor = anchor_db_get_anchor(entry->esp_prot_transform)), -1,
+ HIP_IFEL(!(anchor = anchor_db_get_anchor(esp_tokens_state->esp_prot_transform)), -1,
"no anchor elements available, threading?\n");
- hash_item_length = anchor_db_get_hash_item_length(entry->esp_prot_transform);
- HIP_IFEL(hip_build_param_esp_prot_anchor(r2, entry->esp_prot_transform,
+ hash_item_length = anchor_db_get_hash_item_length(esp_tokens_state->esp_prot_transform);
+ HIP_IFEL(hip_build_param_esp_prot_anchor(ctx->output_msg, esp_tokens_state->esp_prot_transform,
anchor, NULL, hash_length, hash_item_length), -1,
"Building of ESP protection anchor failed\n");
// store local_anchor
- memcpy(&entry->esp_local_anchors[i][0], anchor, hash_length);
- HIP_HEXDUMP("stored local anchor: ", &entry->esp_local_anchors[i][0], hash_length);
+ memcpy(&esp_tokens_state->esp_local_anchors[i][0], anchor, hash_length);
+ HIP_HEXDUMP("stored local anchor: ", &esp_tokens_state->esp_local_anchors[i][0], hash_length);
- entry->esp_local_active_length = anchor_db_get_hash_item_length(
- entry->esp_prot_transform);
- HIP_DEBUG("entry->esp_local_active_length: %u\n",
- entry->esp_local_active_length);
+ esp_tokens_state->esp_local_active_length = anchor_db_get_hash_item_length(
+ esp_tokens_state->esp_prot_transform);
+ HIP_DEBUG("esp_tokens_state->esp_local_active_length: %u\n",
+ esp_tokens_state->esp_local_active_length);
}
} else {
// fall back
HIP_ERROR("agreed on using esp hchain protection, but no elements");
- entry->esp_prot_transform = ESP_PROT_TFM_UNUSED;
+ esp_tokens_state->esp_prot_transform = ESP_PROT_TFM_UNUSED;
// inform our peer about fallback
- HIP_IFEL(hip_build_param_esp_prot_anchor(r2, entry->esp_prot_transform,
+ HIP_IFEL(hip_build_param_esp_prot_anchor(ctx->output_msg,
+ esp_tokens_state->esp_prot_transform,
NULL, NULL, 0, 0), -1,
"Building of ESP protection anchor failed\n");
}
} else {
HIP_DEBUG("esp protection extension NOT in use for this connection\n");
- entry->esp_prot_transform = ESP_PROT_TFM_UNUSED;
+ esp_tokens_state->esp_prot_transform = ESP_PROT_TFM_UNUSED;
}
out_err:
@@ -845,67 +908,74 @@
* @param input_msg the input message
* @return 0 on success, -1 in case of an error
*/
-int esp_prot_r2_handle_anchor(hip_ha_t *entry,
- const struct hip_common *input_msg)
+int esp_prot_r2_handle_anchor(UNUSED const uint8_t packet_type,
+ UNUSED const uint32_t ha_state,
+ struct hip_packet_context *ctx)
+ //hip_ha_t *entry, const struct hip_common *input_msg)
{
const struct hip_tlv_common *param = NULL;
const struct esp_prot_anchor *prot_anchor = NULL;
+ struct esp_tokens_state *esp_tokens_state = NULL;
int hash_length = 0;
int err = 0, i;
+ HIP_IFEL(!(esp_tokens_state = lmod_get_state_item(ctx->hadb_entry->hip_modular_state,
+ "esp_tokens")),
+ -1, "failed to retrieve state for esp tokens\n");
+
// only process anchor, if we agreed on using it before
- if (entry->esp_prot_transform > ESP_PROT_TFM_UNUSED) {
- if ((param = hip_get_param(input_msg, HIP_PARAM_ESP_PROT_ANCHOR))) {
+ if (esp_tokens_state->esp_prot_transform > ESP_PROT_TFM_UNUSED) {
+ if ((param = hip_get_param(ctx->input_msg, HIP_PARAM_ESP_PROT_ANCHOR))) {
prot_anchor = (const struct esp_prot_anchor *) param;
// check if the anchor has got the negotiated transform
- if (prot_anchor->transform == entry->esp_prot_transform) {
- hash_length = anchor_db_get_anchor_length(entry->esp_prot_transform);
+ if (prot_anchor->transform == esp_tokens_state->esp_prot_transform) {
+ hash_length = anchor_db_get_anchor_length(esp_tokens_state->esp_prot_transform);
// store number of elements per hash structure
- entry->esp_peer_active_length = ntohl(prot_anchor->hash_item_length);
- HIP_DEBUG("entry->esp_peer_active_length: %u\n",
- entry->esp_peer_active_length);
+ esp_tokens_state->esp_peer_active_length = ntohl(prot_anchor->hash_item_length);
+ HIP_DEBUG("esp_tokens_state->esp_peer_active_length: %u\n",
+ esp_tokens_state->esp_peer_active_length);
// store all contained anchors
for (i = 0; i < esp_prot_num_parallel_hchains; i++) {
- if (prot_anchor->transform != entry->esp_prot_transform || !prot_anchor) {
+ if (prot_anchor->transform != esp_tokens_state->esp_prot_transform || !prot_anchor) {
// we expect an anchor and all anchors should have the same transform
err = -1;
goto out_err;
} else {
// store peer_anchor
- memcpy(&entry->esp_peer_anchors[i][0], &prot_anchor->anchors[0],
+ memcpy(&esp_tokens_state->esp_peer_anchors[i][0], &prot_anchor->anchors[0],
hash_length);
- HIP_HEXDUMP("received anchor: ", &entry->esp_peer_anchors[i][0],
+ HIP_HEXDUMP("received anchor: ", &esp_tokens_state->esp_peer_anchors[i][0],
hash_length);
}
// get next anchor
- param = hip_get_next_param(input_msg, param);
+ param = hip_get_next_param(ctx->input_msg, param);
prot_anchor = (const struct esp_prot_anchor *) param;
}
} else if (prot_anchor->transform == ESP_PROT_TFM_UNUSED) {
HIP_DEBUG("peer encountered problems and did fallback\n");
// also fallback
- entry->esp_prot_transform = ESP_PROT_TFM_UNUSED;
+ esp_tokens_state->esp_prot_transform = ESP_PROT_TFM_UNUSED;
} else {
HIP_ERROR("received anchor does NOT use negotiated transform, falling back\n");
// fallback
- entry->esp_prot_transform = ESP_PROT_TFM_UNUSED;
+ esp_tokens_state->esp_prot_transform = ESP_PROT_TFM_UNUSED;
}
} else {
HIP_DEBUG("agreed on using esp hchain extension, but no anchor sent or error\n");
// fall back option
- entry->esp_prot_transform = ESP_PROT_TFM_UNUSED;
+ esp_tokens_state->esp_prot_transform = ESP_PROT_TFM_UNUSED;
}
} else {
HIP_DEBUG("NOT using esp protection extension\n");
- entry->esp_prot_transform = ESP_PROT_TFM_UNUSED;
+ esp_tokens_state->esp_prot_transform = ESP_PROT_TFM_UNUSED;
}
out_err:
@@ -1029,12 +1099,17 @@
*/
int esp_prot_update_add_anchor(hip_common_t *update, hip_ha_t *entry)
{
- const struct hip_seq *seq = NULL;
- int hash_length = 0;
- int err = 0, i;
+ const struct hip_seq *seq = NULL;
+ struct esp_tokens_state *esp_tokens_state = NULL;
+ int hash_length = 0;
+ int err = 0, i;
+
+ HIP_IFEL(!(esp_tokens_state = lmod_get_state_item(entry->hip_modular_state,
+ "esp_tokens")),
+ -1, "failed to retrieve state for esp tokens\n");
// only do further processing when extension is in use
- if (entry->esp_prot_transform > ESP_PROT_TFM_UNUSED) {
+ if (esp_tokens_state->esp_prot_transform > ESP_PROT_TFM_UNUSED) {
/* we only want to send anchors in 1. and 2. UPDATE message
*
* @note we can distinguish the 1. and 2. UPDATE message by
@@ -1044,7 +1119,7 @@
if (seq) {
// we need to know the hash_length for this transform
- hash_length = anchor_db_get_anchor_length(entry->esp_prot_transform);
+ hash_length = anchor_db_get_anchor_length(esp_tokens_state->esp_prot_transform);
/* @note update-anchor will be set, if there was a anchor UPDATE before
* or if this is an anchor UPDATE; otherwise update-anchor will
@@ -1055,29 +1130,29 @@
* pure anchor-update */
for (i = 0; i < esp_prot_num_parallel_hchains; i++) {
HIP_IFEL(hip_build_param_esp_prot_anchor(update,
- entry->esp_prot_transform,
- &entry->esp_local_anchors[i][0],
- &entry->esp_local_update_anchors[i][0],
- hash_length, entry->hash_item_length),
+ esp_tokens_state->esp_prot_transform,
+ &esp_tokens_state->esp_local_anchors[i][0],
+ &esp_tokens_state->esp_local_update_anchors[i][0],
+ hash_length, esp_tokens_state->hash_item_length),
-1,
"building of ESP protection ANCHOR failed\n");
}
// only add the root if it is specified
- if (entry->esp_root_length > 0) {
+ if (esp_tokens_state->esp_root_length > 0) {
for (i = 0; i < esp_prot_num_parallel_hchains; i++) {
HIP_IFEL(hip_build_param_esp_prot_root(update,
- entry->esp_root_length,
- &entry->esp_root[i][0]),
+ esp_tokens_state->esp_root_length,
+ &esp_tokens_state->esp_root[i][0]),
-1,
"building of ESP ROOT failed\n");
}
}
- entry->esp_local_update_length = anchor_db_get_hash_item_length(
- entry->esp_prot_transform);
- HIP_DEBUG("entry->esp_local_update_length: %u\n",
- entry->esp_local_update_length);
+ esp_tokens_state->esp_local_update_length = anchor_db_get_hash_item_length(
+ esp_tokens_state->esp_prot_transform);
+ HIP_DEBUG("esp_tokens_state->esp_local_update_length: %u\n",
+ esp_tokens_state->esp_local_update_length);
}
}
@@ -1099,6 +1174,7 @@
{
const struct esp_prot_anchor *prot_anchor = NULL;
const struct hip_tlv_common *param = NULL;
+ struct esp_tokens_state *esp_tokens_state = NULL;
int hash_length = 0;
unsigned char cmp_value[MAX_HASH_LENGTH];
int err = 0, i;
@@ -1114,59 +1190,65 @@
/* XX TODO find matching SA entry in host association for active_anchor
* and _inbound_ direction */
+ HIP_IFEL(!(esp_tokens_state = lmod_get_state_item(entry->hip_modular_state,
+ "esp_tokens")),
+ -1, "failed to retrieve state for esp tokens\n");
+
// we need to know the hash_length for this transform
- hash_length = anchor_db_get_anchor_length(entry->esp_prot_transform);
+ hash_length = anchor_db_get_anchor_length(esp_tokens_state->esp_prot_transform);
// compare peer_update_anchor to 0
memset(cmp_value, 0, MAX_HASH_LENGTH);
/* treat the very first hchain update after the BEX differently
* -> assume properties of first parallal chain same as for others */
- if (!memcmp(&entry->esp_peer_update_anchors[0][0], &cmp_value[0], MAX_HASH_LENGTH)) {
+ if (!memcmp(&esp_tokens_state->esp_peer_update_anchors[0][0], &cmp_value[0], MAX_HASH_LENGTH)) {
for (i = 0; i < esp_prot_num_parallel_hchains; i++) {
// check that we are receiving an anchor matching the negotiated transform
- HIP_IFEL(entry->esp_prot_transform != prot_anchor->transform, -1,
+ HIP_IFEL(esp_tokens_state->esp_prot_transform != prot_anchor->transform, -1,
"esp prot transform changed without new BEX\n");
HIP_DEBUG("esp prot transforms match\n");
// check that we are receiving an anchor matching the active one
- HIP_IFEL(memcmp(&prot_anchor->anchors[0], &entry->esp_peer_anchors[i][0],
+ HIP_IFEL(memcmp(&prot_anchor->anchors[0], &esp_tokens_state->esp_peer_anchors[i][0],
hash_length), -1, "esp prot active peer anchors do NOT match\n");
HIP_DEBUG("esp prot active peer anchors match\n");
// set the update anchor as the peer's update anchor
- memcpy(&entry->esp_peer_update_anchors[i][0], &prot_anchor->anchors[hash_length],
+ memcpy(&esp_tokens_state->esp_peer_update_anchors[i][0], &prot_anchor->anchors[hash_length],
hash_length);
HIP_DEBUG("peer_update_anchor set\n");
- entry->esp_peer_update_length = ntohl(prot_anchor->hash_item_length);
- HIP_DEBUG("entry->esp_peer_update_length: %u\n",
- entry->esp_peer_update_length);
+ esp_tokens_state->esp_peer_update_length = ntohl(prot_anchor->hash_item_length);
+ HIP_DEBUG("esp_tokens_state->esp_peer_update_length: %u\n",
+ esp_tokens_state->esp_peer_update_length);
param = hip_get_next_param(recv_update, param);
prot_anchor = (const struct esp_prot_anchor *) param;
}
- } else if (!memcmp(&entry->esp_peer_update_anchors[0][0], &prot_anchor->anchors[0],
+ } else if (!memcmp(&esp_tokens_state->esp_peer_update_anchors[0][0], &prot_anchor->anchors[0],
hash_length)) {
for (i = 0; i < esp_prot_num_parallel_hchains; i++) {
// check that we are receiving an anchor matching the active one
- HIP_IFEL(memcmp(&prot_anchor->anchors[0], &entry->esp_peer_update_anchors[i][0],
+ HIP_IFEL(memcmp(&prot_anchor->anchors[0],
+ &esp_tokens_state->esp_peer_update_anchors[i][0],
hash_length), -1, "esp prot active peer anchors do NOT match\n");
HIP_DEBUG("last received esp prot update peer anchor and sent one match\n");
// track the anchor updates by moving one anchor forward
- memcpy(&entry->esp_peer_anchors[i][0],
- &entry->esp_peer_update_anchors[i][0],
+ memcpy(&esp_tokens_state->esp_peer_anchors[i][0],
+ &esp_tokens_state->esp_peer_update_anchors[i][0],
hash_length);
// set the update anchor as the peer's update anchor
- memcpy(&entry->esp_peer_update_anchors[i][0], &prot_anchor->anchors[hash_length],
+ memcpy(&esp_tokens_state->esp_peer_update_anchors[i][0],
+ &prot_anchor->anchors[hash_length],
hash_length);
HIP_DEBUG("peer_update_anchor set\n");
- entry->esp_peer_update_length = ntohl(prot_anchor->hash_item_length);
- HIP_DEBUG("entry->esp_peer_update_length: %u\n",
- entry->esp_peer_update_length);
+ esp_tokens_state->esp_peer_update_length = ntohl(prot_anchor->hash_item_length);
+ HIP_DEBUG("esp_tokens_state->esp_peer_update_length: %u\n",
+ esp_tokens_state->esp_peer_update_length);
param = hip_get_next_param(recv_update, param);
prot_anchor = (const struct esp_prot_anchor *) param;
@@ -1175,21 +1257,21 @@
for (i = 0; i < esp_prot_num_parallel_hchains; i++) {
prot_anchor = (const struct esp_prot_anchor *) param;
- HIP_IFEL(memcmp(&prot_anchor->anchors[0], &entry->esp_peer_anchors[i][0],
+ HIP_IFEL(memcmp(&prot_anchor->anchors[0], &esp_tokens_state->esp_peer_anchors[i][0],
hash_length), -1, "received unverifiable anchor\n");
/**** received newer update for active anchor ****/
// set the update anchor as the peer's update anchor
- memcpy(&entry->esp_peer_update_anchors[i][0],
+ memcpy(&esp_tokens_state->esp_peer_update_anchors[i][0],
&prot_anchor->anchors[hash_length],
hash_length);
HIP_DEBUG("peer_update_anchor set\n");
- entry->esp_peer_update_length = ntohl(prot_anchor->hash_item_length);
- HIP_DEBUG("entry->esp_peer_update_length: %u\n",
- entry->esp_peer_update_length);
+ esp_tokens_state->esp_peer_update_length = ntohl(prot_anchor->hash_item_length);
+ HIP_DEBUG("esp_tokens_state->esp_peer_update_length: %u\n",
+ esp_tokens_state->esp_peer_update_length);
}
}
=== renamed file 'hipd/esp_prot_hipd_msg.h' => 'modules/esp_tokens/hipd/esp_prot_hipd_msg.h'
--- hipd/esp_prot_hipd_msg.h 2010-08-17 17:23:18 +0000
+++ modules/esp_tokens/hipd/esp_prot_hipd_msg.h 2010-09-03 11:40:19 +0000
@@ -45,18 +45,32 @@
#define ESP_PROT_FIRST_UPDATE_PACKET 1
#define ESP_PROT_SECOND_UPDATE_PACKET 2
-int esp_prot_set_preferred_transforms(const struct hip_common *msg);
-int esp_prot_handle_trigger_update_msg(const struct hip_common *msg);
-int esp_prot_handle_anchor_change_msg(const struct hip_common *msg);
-int esp_prot_sa_add(hip_ha_t *entry, struct hip_common *msg, const int direction,
+int esp_prot_set_preferred_transforms(struct hip_common *msg,
+ struct sockaddr_in6 *src);
+int esp_prot_handle_trigger_update_msg(struct hip_common *msg,
+ struct sockaddr_in6 *src);
+int esp_prot_handle_anchor_change_msg(struct hip_common *msg,
+ struct sockaddr_in6 *src);
+int esp_prot_sa_add(hip_ha_t *entry,
+ struct hip_common *msg,
+ const int direction,
const int update);
int esp_prot_r1_add_transforms(hip_common_t *msg);
-int esp_prot_r1_handle_transforms(struct hip_packet_context *ctx);
-int esp_prot_i2_add_anchor(struct hip_packet_context *ctx);
-int esp_prot_i2_handle_anchor(struct hip_packet_context *ctx);
-int esp_prot_r2_add_anchor(hip_common_t *r2, hip_ha_t *entry);
-int esp_prot_r2_handle_anchor(hip_ha_t *entry,
- const struct hip_common *input_msg);
+int esp_prot_r1_handle_transforms(const uint8_t packet_type,
+ const uint32_t ha_state,
+ struct hip_packet_context *ctx);
+int esp_prot_i2_add_anchor(const uint8_t packet_type,
+ const uint32_t ha_state,
+ struct hip_packet_context *ctx);
+int esp_prot_i2_handle_anchor(const uint8_t packet_type,
+ const uint32_t ha_state,
+ struct hip_packet_context *ctx);
+int esp_prot_r2_add_anchor(const uint8_t packet_type,
+ const uint32_t ha_state,
+ struct hip_packet_context *ctx);
+int esp_prot_r2_handle_anchor(const uint8_t packet_type,
+ const uint32_t ha_state,
+ struct hip_packet_context *ctx);
int esp_prot_update_type(const hip_common_t *recv_update);
int esp_prot_handle_first_update_packet(const hip_common_t *recv_update,
hip_ha_t *entry,
=== renamed file 'hipd/esp_prot_light_update.c' => 'modules/esp_tokens/hipd/esp_prot_light_update.c'
--- hipd/esp_prot_light_update.c 2010-08-19 09:32:20 +0000
+++ modules/esp_tokens/hipd/esp_prot_light_update.c 2010-09-03 11:40:19 +0000
@@ -43,11 +43,15 @@
#include "lib/core/ife.h"
#include "lib/core/protodefs.h"
#include "lib/tool/xfrmapi.h"
+#include "modules/esp_tokens/lib/esp_prot_common.h"
#include "esp_prot_anchordb.h"
#include "esp_prot_hipd_msg.h"
-#include "hipd.h"
-#include "input.h"
-#include "output.h"
+#include "hipd/hipd.h"
+#include "hipd/input.h"
+#include "hipd/output.h"
+#include "esp_tokens.h"
+#include "esp_tokens_state.h"
+#include "esp_tokens_builder.h"
#include "esp_prot_light_update.h"
@@ -63,9 +67,14 @@
static int esp_prot_send_light_ack(hip_ha_t *entry, const struct in6_addr *src_addr,
const struct in6_addr *dst_addr, const uint32_t spi)
{
- hip_common_t *light_ack = NULL;
- uint16_t mask = 0;
- int err = 0;
+ hip_common_t *light_ack = NULL;
+ struct esp_tokens_state *esp_tokens_state = NULL;
+ uint16_t mask = 0;
+ int err = 0;
+
+ HIP_IFEL(!(esp_tokens_state = lmod_get_state_item(entry->hip_modular_state,
+ "esp_tokens")),
+ -1, "failed to retrieve state for esp tokens\n");
HIP_IFEL(!(light_ack = hip_msg_alloc()), -ENOMEM,
"failed to allocate memory\n");
@@ -81,8 +90,8 @@
spi, spi), -1, "Building of ESP_INFO failed\n");
/* Add ACK */
- HIP_IFEL(hip_build_param_ack(light_ack, entry->light_update_id_in), -1,
- "Building of ACK failed\n");
+ HIP_IFEL(hip_build_param_ack(light_ack, esp_tokens_state->light_update_id_in),
+ -1, "Building of ACK failed\n");
/* Add HMAC */
HIP_IFEL(hip_build_param_hmac_contents(light_ack, &entry->hip_hmac_out), -1,
@@ -120,10 +129,15 @@
const unsigned char *branch_nodes[MAX_NUM_PARALLEL_HCHAINS],
const int branch_length[])
{
- hip_common_t *light_update = NULL;
- int hash_length = 0;
- uint16_t mask = 0;
- int err = 0, i;
+ hip_common_t *light_update = NULL;
+ struct esp_tokens_state *esp_tokens_state = NULL;
+ int hash_length = 0;
+ uint16_t mask = 0;
+ int err = 0, i;
+
+ HIP_IFEL(!(esp_tokens_state = lmod_get_state_item(entry->hip_modular_state,
+ "esp_tokens")),
+ -1, "failed to retrieve state for esp tokens\n");
HIP_IFEL(!(light_update = hip_msg_alloc()), -ENOMEM,
"failed to allocate memory\n");
@@ -136,20 +150,23 @@
/********************* add SEQ *********************/
- entry->light_update_id_out++;
- HIP_DEBUG("outgoing light UPDATE ID=%u\n", entry->light_update_id_out);
+ esp_tokens_state->light_update_id_out++;
+ HIP_DEBUG("outgoing light UPDATE ID=%u\n", esp_tokens_state->light_update_id_out);
- HIP_IFEL(hip_build_param_seq(light_update, entry->light_update_id_out), -1,
+ HIP_IFEL(hip_build_param_seq(light_update, esp_tokens_state->light_update_id_out), -1,
"building of SEQ param failed\n");
/********** add ESP-PROT anchor, branch, secret, root **********/
- hash_length = anchor_db_get_anchor_length(entry->esp_prot_transform);
+ hash_length = anchor_db_get_anchor_length(esp_tokens_state->esp_prot_transform);
for (i = 0; i < esp_prot_num_parallel_hchains; i++) {
HIP_IFEL(hip_build_param_esp_prot_anchor(light_update,
- entry->esp_prot_transform, &entry->esp_local_anchors[i][0],
- &entry->esp_local_update_anchors[i][0], hash_length, entry->hash_item_length),
+ esp_tokens_state->esp_prot_transform,
+ &esp_tokens_state->esp_local_anchors[i][0],
+ &esp_tokens_state->esp_local_update_anchors[i][0],
+ hash_length,
+ esp_tokens_state->hash_item_length),
-1, "building of ESP protection ANCHOR failed\n");
}
@@ -166,10 +183,10 @@
for (i = 0; i < esp_prot_num_parallel_hchains; i++) {
// only send root if the update hchain has got a link_tree
- if (entry->esp_root_length > 0) {
+ if (esp_tokens_state->esp_root_length > 0) {
HIP_IFEL(hip_build_param_esp_prot_root(light_update,
- entry->esp_root_length,
- entry->esp_root[i]),
+ esp_tokens_state->esp_root_length,
+ esp_tokens_state->esp_root[i]),
-1,
"building of ESP ROOT failed\n");
}
@@ -180,7 +197,7 @@
"building of HMAC failed\n");
/* send the packet with retransmission enabled */
- entry->light_update_retrans = 1;
+ esp_tokens_state->light_update_retrans = 1;
HIP_IFEL(hip_send_pkt(&entry->our_addr,
&entry->peer_addr,
@@ -188,13 +205,13 @@
entry->peer_udp_port,
light_update,
entry,
- entry->light_update_retrans),
+ esp_tokens_state->light_update_retrans),
-1,
"failed to send light anchor update\n");
out_err:
if (err) {
- entry->light_update_retrans = 1;
+ esp_tokens_state->light_update_retrans = 1;
}
if (light_update) {
@@ -218,17 +235,22 @@
UNUSED const uint32_t ha_state,
struct hip_packet_context *ctx)
{
- const struct hip_seq *seq = NULL;
- const struct hip_ack *ack = NULL;
- uint32_t seq_no = 0;
- uint32_t ack_no = 0;
- uint32_t spi = 0;
- int err = 0;
+ const struct hip_seq *seq = NULL;
+ const struct hip_ack *ack = NULL;
+ struct esp_tokens_state *esp_tokens_state = NULL;
+ uint32_t seq_no = 0;
+ uint32_t ack_no = 0;
+ uint32_t spi = 0;
+ int err = 0;
HIP_IFEL(!ctx->hadb_entry, -1,
"No entry in host association database when receiving " \
" HIP_LUPDATE. Dropping.\n");
+ HIP_IFEL(!(esp_tokens_state = lmod_get_state_item(ctx->hadb_entry->hip_modular_state,
+ "esp_tokens")),
+ -1, "failed to retrieve state for esp tokens\n");
+
HIP_IFEL(hip_verify_packet_hmac(ctx->input_msg,
&(ctx->hadb_entry)->hip_hmac_in),
-1,
@@ -243,18 +265,18 @@
HIP_DEBUG("SEQ parameter found with update ID: %u\n", seq_no);
HIP_DEBUG("previous incoming update id=%u\n",
- ctx->hadb_entry->light_update_id_in);
+ esp_tokens_state->light_update_id_in);
- if (seq_no < ctx->hadb_entry->light_update_id_in) {
+ if (seq_no < esp_tokens_state->light_update_id_in) {
HIP_DEBUG("old SEQ, dropping...\n");
err = -EINVAL;
goto out_err;
- } else if (seq_no == ctx->hadb_entry->light_update_id_in) {
+ } else if (seq_no == esp_tokens_state->light_update_id_in) {
HIP_DEBUG("retransmitted UPDATE packet (?), continuing\n");
} else {
HIP_DEBUG("new SEQ, storing...\n");
- ctx->hadb_entry->light_update_id_in = seq_no;
+ esp_tokens_state->light_update_id_in = seq_no;
}
/********** ANCHOR ***********/
@@ -274,11 +296,11 @@
HIP_DEBUG("ACK found with peer update ID: %u\n", ack_no);
- HIP_IFEL(ack_no != ctx->hadb_entry->light_update_id_out, -1,
+ HIP_IFEL(ack_no != esp_tokens_state->light_update_id_out, -1,
"received non-matching ACK\n");
// stop retransmission
- ctx->hadb_entry->light_update_retrans = 0;
+ esp_tokens_state->light_update_retrans = 0;
// notify sadb about next anchor
HIP_IFEL(hip_add_sa(ctx->dst_addr,
=== renamed file 'hipd/esp_prot_light_update.h' => 'modules/esp_tokens/hipd/esp_prot_light_update.h'
--- hipd/esp_prot_light_update.h 2010-08-19 09:32:20 +0000
+++ modules/esp_tokens/hipd/esp_prot_light_update.h 2010-09-03 11:40:19 +0000
@@ -38,6 +38,7 @@
#include "lib/core/protodefs.h"
#include "lib/modularization/lmod.h"
+#include "modules/esp_tokens/lib/esp_prot_common.h"
int esp_prot_send_light_update(hip_ha_t *entry,
const int anchor_offset[],
=== added file 'modules/esp_tokens/hipd/esp_tokens.c'
--- modules/esp_tokens/hipd/esp_tokens.c 1970-01-01 00:00:00 +0000
+++ modules/esp_tokens/hipd/esp_tokens.c 2010-09-03 11:40:19 +0000
@@ -0,0 +1,117 @@
+/**
+ * @file
+ *
+ * Copyright (c) 2010 Aalto University) and RWTH Aachen University.
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use,
+ * copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following
+ * conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+ * OTHER DEALINGS IN THE SOFTWARE.
+ *
+ * Implements hooking of the esp authentication token extension into the hipd.
+ *
+ * @brief hooks extension into hipd
+ *
+ * @author Rene Hummen <rene.hummen@xxxxxxxxxxxxxx>
+ */
+
+#include "lib/modularization/lmod.h"
+#include "lib/core/state.h"
+#include "hipd/pkt_handling.h"
+#include "hipd/user.h"
+#include "esp_prot_hipd_msg.h"
+#include "esp_prot_light_update.h"
+#include "esp_prot_anchordb.h"
+#include "esp_tokens_state.h"
+#include "esp_tokens.h"
+
+
+// lightweight update packet type - used for hierarchical hash structure updates
+#define HIP_LUPDATE 23
+
+#define INBOUND_HANDLE_FN_PRIO 31000
+#define OUTBOUND_I2_HANDLE_FN_PRIO 40500
+#define OUTBOUND_R2_HANDLE_FN_PRIO 41500
+#define PACKET_HANDLE_FN_PRIO 20000
+
+#define HIP_MSG_ESP_PROT_TFM 146
+#define HIP_MSG_BEX_STORE_UPDATE 147
+#define HIP_MSG_TRIGGER_UPDATE 149
+#define HIP_MSG_ANCHOR_CHANGE 155
+
+
+int hip_esp_tokens_init(void)
+{
+ int err = 0;
+
+ // register light-weight update packet type
+ lmod_register_packet_type(HIP_LUPDATE, "HIP_LUPDATE");
+
+ // register initialization function for esp token state in hadb
+ lmod_register_state_init_function(&hip_esp_tokens_init_state);
+
+ // TODO add retransmission handling as part of maintenance for light-updates (maintenance.c:hip_handle_retransmission)
+
+ // registration of esp_prot_r1_handle_transforms
+ hip_register_handle_function(HIP_R1, HIP_STATE_I1_SENT, &esp_prot_r1_handle_transforms, INBOUND_HANDLE_FN_PRIO);
+ hip_register_handle_function(HIP_R1, HIP_STATE_I2_SENT, &esp_prot_r1_handle_transforms, INBOUND_HANDLE_FN_PRIO);
+ hip_register_handle_function(HIP_R1, HIP_STATE_CLOSING, &esp_prot_r1_handle_transforms, INBOUND_HANDLE_FN_PRIO);
+ hip_register_handle_function(HIP_R1, HIP_STATE_CLOSED, &esp_prot_r1_handle_transforms, INBOUND_HANDLE_FN_PRIO);
+
+ // registration of esp_prot_i2_add_anchor
+ hip_register_handle_function(HIP_R1, HIP_STATE_I1_SENT, &esp_prot_i2_add_anchor, OUTBOUND_I2_HANDLE_FN_PRIO);
+ hip_register_handle_function(HIP_R1, HIP_STATE_I2_SENT, &esp_prot_i2_add_anchor, OUTBOUND_I2_HANDLE_FN_PRIO);
+ hip_register_handle_function(HIP_R1, HIP_STATE_CLOSING, &esp_prot_i2_add_anchor, OUTBOUND_I2_HANDLE_FN_PRIO);
+ hip_register_handle_function(HIP_R1, HIP_STATE_CLOSED, &esp_prot_i2_add_anchor, OUTBOUND_I2_HANDLE_FN_PRIO);
+
+ // registration of esp_prot_i2_handle_anchor
+ hip_register_handle_function(HIP_I2, HIP_STATE_UNASSOCIATED, &esp_prot_i2_handle_anchor,INBOUND_HANDLE_FN_PRIO);
+ hip_register_handle_function(HIP_I2, HIP_STATE_I1_SENT, &esp_prot_i2_handle_anchor, INBOUND_HANDLE_FN_PRIO);
+ hip_register_handle_function(HIP_I2, HIP_STATE_I2_SENT, &esp_prot_i2_handle_anchor, INBOUND_HANDLE_FN_PRIO);
+ hip_register_handle_function(HIP_I2, HIP_STATE_R2_SENT, &esp_prot_i2_handle_anchor, INBOUND_HANDLE_FN_PRIO);
+ hip_register_handle_function(HIP_I2, HIP_STATE_ESTABLISHED, &esp_prot_i2_handle_anchor, INBOUND_HANDLE_FN_PRIO);
+ hip_register_handle_function(HIP_I2, HIP_STATE_CLOSING, &esp_prot_i2_handle_anchor, INBOUND_HANDLE_FN_PRIO);
+ hip_register_handle_function(HIP_I2, HIP_STATE_CLOSED, &esp_prot_i2_handle_anchor, INBOUND_HANDLE_FN_PRIO);
+ hip_register_handle_function(HIP_I2, HIP_STATE_NONE, &esp_prot_i2_handle_anchor, INBOUND_HANDLE_FN_PRIO);
+
+ // registration of esp_prot_r2_add_anchor
+ hip_register_handle_function(HIP_I2, HIP_STATE_UNASSOCIATED, &esp_prot_r2_add_anchor, OUTBOUND_R2_HANDLE_FN_PRIO);
+ hip_register_handle_function(HIP_I2, HIP_STATE_I1_SENT, &esp_prot_r2_add_anchor, OUTBOUND_R2_HANDLE_FN_PRIO);
+ hip_register_handle_function(HIP_I2, HIP_STATE_I2_SENT, &esp_prot_r2_add_anchor, OUTBOUND_R2_HANDLE_FN_PRIO);
+ hip_register_handle_function(HIP_I2, HIP_STATE_R2_SENT, &esp_prot_r2_add_anchor, OUTBOUND_R2_HANDLE_FN_PRIO);
+ hip_register_handle_function(HIP_I2, HIP_STATE_ESTABLISHED, &esp_prot_r2_add_anchor, OUTBOUND_R2_HANDLE_FN_PRIO);
+ hip_register_handle_function(HIP_I2, HIP_STATE_CLOSING, &esp_prot_r2_add_anchor, OUTBOUND_R2_HANDLE_FN_PRIO);
+ hip_register_handle_function(HIP_I2, HIP_STATE_CLOSED, &esp_prot_r2_add_anchor, OUTBOUND_R2_HANDLE_FN_PRIO);
+ hip_register_handle_function(HIP_I2, HIP_STATE_NONE, &esp_prot_r2_add_anchor, OUTBOUND_R2_HANDLE_FN_PRIO);
+
+ // registration of esp_prot_r2_handle_anchor
+ hip_register_handle_function(HIP_R2, HIP_STATE_I2_SENT, &esp_prot_r2_handle_anchor, INBOUND_HANDLE_FN_PRIO);
+
+ // registration of esp_prot_handle_light_update
+ hip_register_handle_function(HIP_LUPDATE, HIP_STATE_ESTABLISHED, &esp_prot_handle_light_update, PACKET_HANDLE_FN_PRIO);
+ hip_register_handle_function(HIP_LUPDATE, HIP_STATE_R2_SENT, &esp_prot_handle_light_update, PACKET_HANDLE_FN_PRIO);
+
+ // registration of userspace messages
+ hip_user_register_handle(HIP_MSG_ESP_PROT_TFM, &esp_prot_set_preferred_transforms, PACKET_HANDLE_FN_PRIO);
+ hip_user_register_handle(HIP_MSG_BEX_STORE_UPDATE, &anchor_db_update, PACKET_HANDLE_FN_PRIO);
+ hip_user_register_handle(HIP_MSG_TRIGGER_UPDATE, &esp_prot_handle_trigger_update_msg, PACKET_HANDLE_FN_PRIO);
+ hip_user_register_handle(HIP_MSG_ANCHOR_CHANGE, &esp_prot_handle_anchor_change_msg, PACKET_HANDLE_FN_PRIO);
+
+ return err;
+}
=== added file 'modules/esp_tokens/hipd/esp_tokens.h'
--- modules/esp_tokens/hipd/esp_tokens.h 1970-01-01 00:00:00 +0000
+++ modules/esp_tokens/hipd/esp_tokens.h 2010-09-03 11:40:19 +0000
@@ -0,0 +1,39 @@
+/**
+ * @file
+ *
+ * Copyright (c) 2010 Aalto University) and RWTH Aachen University.
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use,
+ * copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following
+ * conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+ * OTHER DEALINGS IN THE SOFTWARE.
+ *
+ * Implements hooking of the esp authentication token extension into the hipd.
+ *
+ * @brief hooks extension into hipd
+ *
+ * @author Rene Hummen <rene.hummen@xxxxxxxxxxxxxx>
+ */
+
+#ifndef MODULES_ESP_TOKENS_HIPD_ESP_TOKENS_H_
+#define MODULES_ESP_TOKENS_HIPD_ESP_TOKENS_H_
+
+int hip_esp_tokens_init(void);
+
+#endif /* MODULES_ESP_TOKENS_HIPD_ESP_TOKENS_H_ */
=== added file 'modules/esp_tokens/hipd/esp_tokens_builder.c'
--- modules/esp_tokens/hipd/esp_tokens_builder.c 1970-01-01 00:00:00 +0000
+++ modules/esp_tokens/hipd/esp_tokens_builder.c 2010-09-03 11:40:19 +0000
@@ -0,0 +1,277 @@
+/**
+ * @file
+ *
+ * Copyright (c) 2010 Aalto University) and RWTH Aachen University.
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use,
+ * copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following
+ * conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+ * OTHER DEALINGS IN THE SOFTWARE.
+ *
+ * @brief adds parameters according to the defined parameter structure to a
+ * packet
+ *
+ * @author Rene Hummen <rene.hummen@xxxxxxxxxxxxxx>
+ *
+ */
+
+#include <string.h>
+
+#include "modules/esp_tokens/lib/esp_prot_common.h"
+#include "lib/core/hashchain.h"
+#include "lib/core/debug.h"
+#include "lib/core/builder.h"
+#include "esp_tokens_builder.h"
+
+
+/**
+ * build and append a ESP PROT transform parameter
+ *
+ * @param msg the message where the parameter will be appended
+ * @param transforms the transforms to be used for the esp extension header
+ * @param num_transforms the number of transforms
+ * @return 0 on success, otherwise < 0.
+ */
+int hip_build_param_esp_prot_transform(struct hip_common *msg,
+ int num_transforms,
+ uint8_t *transforms)
+{
+ struct esp_prot_preferred_tfms prot_transforms;
+ int err = 0, i;
+
+ hip_set_param_type((struct hip_tlv_common *) &prot_transforms,
+ HIP_PARAM_ESP_PROT_TRANSFORMS);
+
+ /* note: the length cannot be calculated with calc_param_len() */
+ hip_set_param_contents_len((struct hip_tlv_common *) &prot_transforms,
+ (num_transforms + 1) * sizeof(uint8_t));
+
+ prot_transforms.num_transforms = num_transforms;
+ HIP_DEBUG("added num_transforms: %u\n", prot_transforms.num_transforms);
+
+ for (i = 0; i < prot_transforms.num_transforms; i++) {
+ prot_transforms.transforms[i] = transforms[i];
+ HIP_DEBUG("added transform %i: %u\n", i + 1, transforms[i]);
+ }
+
+ err = hip_build_generic_param(msg,
+ &prot_transforms,
+ sizeof(struct hip_tlv_common),
+ hip_get_param_contents_direct(&prot_transforms));
+ return err;
+}
+
+/**
+ * build and append am ESP PROT anchor parameter
+ *
+ * @param msg the message where the parameter will be appended
+ * @param transform the esp protection transform used for this anchor,
+ * if UNUSED 1 byte of 0 is sent
+ * @param active_anchor the anchor for the hchain to be used for extended esp protection,
+ * if NULL
+ * @param next_anchor the next anchor
+ * @param hash_length the length of the hash
+ * @param hash_item_length the length of the hash item
+ * @return 0 on success, otherwise < 0.
+ */
+int hip_build_param_esp_prot_anchor(struct hip_common *msg,
+ uint8_t transform,
+ unsigned char *active_anchor,
+ unsigned char *next_anchor,
+ int hash_length,
+ int hash_item_length)
+{
+ int err = 0;
+ struct esp_prot_anchor esp_anchor;
+
+ HIP_ASSERT(msg != NULL);
+ /* NULL-active_anchor only allowed for UNUSED-transform */
+ HIP_ASSERT((!transform && !active_anchor) || (transform && active_anchor));
+ /* next_anchor might be NULL */
+
+ /* set parameter type */
+ hip_set_param_type((struct hip_tlv_common *) &esp_anchor, HIP_PARAM_ESP_PROT_ANCHOR);
+
+ /* set parameter values */
+ esp_anchor.transform = transform;
+ esp_anchor.hash_item_length = htonl(hash_item_length);
+
+ /* distinguish UNUSED from any other case */
+ if (!transform) {
+ /* send 1 byte of 0 per anchor in UNUSED case */
+ hash_length = 1;
+
+ memset(&esp_anchor.anchors[0], 0, hash_length);
+ memset(&esp_anchor.anchors[hash_length], 0, hash_length);
+ } else {
+ memcpy(&esp_anchor.anchors[0], active_anchor, hash_length);
+
+ /* send 0 if next_anchor not present */
+ if (next_anchor) {
+ memcpy(&esp_anchor.anchors[hash_length], next_anchor, hash_length);
+ } else {
+ memset(&esp_anchor.anchors[hash_length], 0, hash_length);
+ }
+ }
+
+ hip_set_param_contents_len((struct hip_tlv_common *) &esp_anchor,
+ sizeof(uint8_t) + sizeof(uint32_t) + 2
+ * hash_length);
+
+ err = hip_build_generic_param(msg,
+ &esp_anchor,
+ sizeof(struct hip_tlv_common),
+ hip_get_param_contents_direct(&esp_anchor));
+
+ HIP_DEBUG("added esp protection transform: %u\n", transform);
+ HIP_DEBUG("added hash item length: %u\n", hash_item_length);
+ HIP_HEXDUMP("added esp protection active_anchor: ",
+ &esp_anchor.anchors[0],
+ hash_length);
+ HIP_HEXDUMP("added esp protection next_anchor: ",
+ &esp_anchor.anchors[hash_length],
+ hash_length);
+
+ return err;
+}
+
+/**
+ * build a branch parameter for the ESP extensions
+ *
+ * @param msg the message where the parameter is appended
+ * @param anchor_offset anchor offset value
+ * @param branch_length the length of the branch
+ * @param branch_nodes the contents of the parameter
+ * @return zero on success or negative on error
+ */
+int hip_build_param_esp_prot_branch(struct hip_common *msg,
+ int anchor_offset,
+ int branch_length,
+ const unsigned char *branch_nodes)
+{
+ int err = 0;
+ struct esp_prot_branch branch;
+
+ HIP_ASSERT(msg != NULL);
+ HIP_ASSERT(anchor_offset >= 0);
+ HIP_ASSERT(branch_length > 0);
+ HIP_ASSERT(branch_nodes != NULL);
+
+ /* set parameter type */
+ hip_set_param_type((struct hip_tlv_common *) &branch, HIP_PARAM_ESP_PROT_BRANCH);
+
+ /* set parameter values */
+ branch.anchor_offset = htonl(anchor_offset);
+ branch.branch_length = htonl(branch_length);
+ memcpy(&branch.branch_nodes[0], branch_nodes, branch_length);
+
+ hip_set_param_contents_len((struct hip_tlv_common *) &branch, 2
+ * sizeof(uint32_t) + branch_length);
+
+ err = hip_build_generic_param(msg,
+ &branch,
+ sizeof(struct hip_tlv_common),
+ hip_get_param_contents_direct(&branch));
+
+ HIP_DEBUG("added esp anchor offset: %u\n", branch.anchor_offset);
+ HIP_DEBUG("added esp branch length: %u\n", branch.branch_length);
+ HIP_HEXDUMP("added esp branch: ", &branch.branch_nodes[0], branch_length);
+
+ return err;
+}
+
+/**
+ * build a secred parameter for the ESP extensions
+ *
+ * @param msg the message where the parameter is appended
+ * @param secret_length the length of the secret value
+ * @param secret the contents of the parameter
+ * @return zero on success or negative on error
+ */
+int hip_build_param_esp_prot_secret(struct hip_common *msg,
+ int secret_length,
+ const unsigned char *secret)
+{
+ int err = 0;
+ struct esp_prot_secret esp_secret;
+
+ HIP_ASSERT(msg != NULL);
+ HIP_ASSERT(secret_length > 0);
+ HIP_ASSERT(secret != NULL);
+
+ /* set parameter type */
+ hip_set_param_type((struct hip_tlv_common *) &esp_secret, HIP_PARAM_ESP_PROT_SECRET);
+
+ /* set parameter values */
+ esp_secret.secret_length = secret_length;
+ memcpy(&esp_secret.secret[0], secret, secret_length);
+
+ hip_set_param_contents_len((struct hip_tlv_common *) &esp_secret,
+ sizeof(uint8_t) + secret_length);
+
+ err = hip_build_generic_param(msg, &esp_secret,
+ sizeof(struct hip_tlv_common),
+ hip_get_param_contents_direct(&esp_secret));
+
+ HIP_DEBUG("added esp secret length: %u\n", esp_secret.secret_length);
+ HIP_HEXDUMP("added esp secret: ", &esp_secret.secret[0], secret_length);
+
+ return err;
+}
+
+/**
+ * build a root parameter for the ESP extensions
+ *
+ * @param msg the message where the parameter is appended
+ * @param root_length the length of the root value
+ * @param root the contents of the parameter
+ * @return zero on success or negative on error
+ */
+int hip_build_param_esp_prot_root(struct hip_common *msg,
+ uint8_t root_length,
+ unsigned char *root)
+{
+ int err = 0;
+ struct esp_prot_root esp_root;
+
+ HIP_ASSERT(msg != NULL);
+ HIP_ASSERT(root_length > 0);
+ HIP_ASSERT(root != NULL);
+
+ // set parameter type
+ hip_set_param_type((struct hip_tlv_common *) &esp_root,
+ HIP_PARAM_ESP_PROT_ROOT);
+
+ // set parameter values
+ esp_root.root_length = root_length;
+ memcpy(&esp_root.root[0], root, root_length);
+
+ hip_set_param_contents_len((struct hip_tlv_common *) &esp_root,
+ sizeof(uint8_t) + root_length);
+
+ err = hip_build_generic_param(msg,
+ &esp_root,
+ sizeof(struct hip_tlv_common),
+ hip_get_param_contents_direct(&esp_root));
+
+ HIP_DEBUG("added esp root length: %u\n", esp_root.root_length);
+ HIP_HEXDUMP("added esp root: ", &esp_root.root[0], root_length);
+
+ return err;
+}
=== added file 'modules/esp_tokens/hipd/esp_tokens_builder.h'
--- modules/esp_tokens/hipd/esp_tokens_builder.h 1970-01-01 00:00:00 +0000
+++ modules/esp_tokens/hipd/esp_tokens_builder.h 2010-09-03 11:40:19 +0000
@@ -0,0 +1,61 @@
+/**
+ * @file
+ *
+ * Copyright (c) 2010 Aalto University) and RWTH Aachen University.
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use,
+ * copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following
+ * conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+ * OTHER DEALINGS IN THE SOFTWARE.
+ *
+ * @brief adds parameters according to the defined parameter structure to a
+ * packet
+ *
+ * @author Rene Hummen <rene.hummen@xxxxxxxxxxxxxx>
+ *
+ */
+
+#ifndef MODULES_ESP_TOKENS_HIPD_ESP_TOKENS_BUILDER_H_
+#define MODULES_ESP_TOKENS_HIPD_ESP_TOKENS_BUILDER_H_
+
+int hip_build_param_esp_prot_transform(struct hip_common *msg,
+ int num_transforms,
+ uint8_t *transforms);
+
+int hip_build_param_esp_prot_anchor(struct hip_common *msg,
+ uint8_t transform,
+ unsigned char *active_anchor,
+ unsigned char *next_anchor,
+ int hash_length,
+ int hash_item_length);
+
+int hip_build_param_esp_prot_branch(struct hip_common *msg,
+ int anchor_offset,
+ int branch_length,
+ const unsigned char *branch_nodes);
+
+int hip_build_param_esp_prot_secret(struct hip_common *msg,
+ int secret_length,
+ const unsigned char *secret);
+
+int hip_build_param_esp_prot_root(struct hip_common *msg,
+ uint8_t root_length,
+ unsigned char *root);
+
+#endif /* MODULES_ESP_TOKENS_HIPD_ESP_TOKENS_BUILDER_H_ */
=== added file 'modules/esp_tokens/hipd/esp_tokens_state.c'
--- modules/esp_tokens/hipd/esp_tokens_state.c 1970-01-01 00:00:00 +0000
+++ modules/esp_tokens/hipd/esp_tokens_state.c 2010-09-03 11:40:19 +0000
@@ -0,0 +1,67 @@
+/**
+ * @file
+ *
+ * Copyright (c) 2010 Aalto University) and RWTH Aachen University.
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use,
+ * copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following
+ * conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+ * OTHER DEALINGS IN THE SOFTWARE.
+ *
+ * @brief holds the global and maintains the per-association state
+ * of the esp token extension
+ *
+ * @author Rene Hummen <rene.hummen@xxxxxxxxxxxxxx>
+ *
+ */
+
+#include <string.h>
+
+#include "lib/core/ife.h"
+#include "esp_tokens_state.h"
+
+int esp_prot_active = 0;
+int esp_prot_num_transforms = 0;
+uint8_t esp_prot_transforms[MAX_NUM_TRANSFORMS];
+long esp_prot_num_parallel_hchains = 0;
+
+/**
+ * Initialize an esp_tokens_state instance.
+ *
+ * Allocates the required memory and sets the members to the start values.
+ *
+ * @return Success = Index of the update state item in the global state. (>0)
+ * Error = -1
+ */
+int hip_esp_tokens_init_state(struct modular_state *state)
+{
+ int err = 0;
+ struct esp_tokens_state *esp_tokens_state = NULL;
+
+ HIP_IFEL(!(esp_tokens_state = malloc(sizeof(struct esp_tokens_state))),
+ -1,
+ "Error on allocating memory for a esp_tokens_state instance.\n");
+
+ memset(esp_tokens_state, 0, sizeof(struct esp_tokens_state));
+
+ err = lmod_add_state_item(state, esp_tokens_state, "esp_tokens");
+
+out_err:
+ return err;
+}
=== added file 'modules/esp_tokens/hipd/esp_tokens_state.h'
--- modules/esp_tokens/hipd/esp_tokens_state.h 1970-01-01 00:00:00 +0000
+++ modules/esp_tokens/hipd/esp_tokens_state.h 2010-09-03 11:40:19 +0000
@@ -0,0 +1,79 @@
+/**
+ * @file
+ *
+ * Copyright (c) 2010 Aalto University) and RWTH Aachen University.
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use,
+ * copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following
+ * conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+ * OTHER DEALINGS IN THE SOFTWARE.
+ *
+ * @brief holds the global and maintains the per-association state
+ * of the esp token extension
+ *
+ * @author Rene Hummen <rene.hummen@xxxxxxxxxxxxxx>
+ *
+ */
+
+#ifndef MODULES_ESP_TOKENS_HIPD_ESP_TOKENS_STATE_H_
+#define MODULES_ESP_TOKENS_HIPD_ESP_TOKENS_STATE_H_
+
+#include "modules/esp_tokens/lib/esp_prot_common.h"
+#include "lib/core/hashchain.h"
+#include "lib/modularization/lmod.h"
+
+struct esp_tokens_state {
+ /** ESP extension protection transform */
+ uint8_t esp_prot_transform;
+ /** ESP extension protection parameter */
+ int esp_prot_param;
+ /** ESP extension protection local_anchor */
+ unsigned char esp_local_anchors[MAX_NUM_PARALLEL_HCHAINS][MAX_HASH_LENGTH];
+ /** another local anchor used for UPDATE messages */
+ unsigned char esp_local_update_anchors[MAX_NUM_PARALLEL_HCHAINS][MAX_HASH_LENGTH];
+ /** ESP extension protection peer_anchor */
+ unsigned char esp_peer_anchors[MAX_NUM_PARALLEL_HCHAINS][MAX_HASH_LENGTH];
+ /** another peer anchor used for UPDATE messages */
+ unsigned char esp_peer_update_anchors[MAX_NUM_PARALLEL_HCHAINS][MAX_HASH_LENGTH];
+ /** needed for offset calculation when using htrees */
+ uint32_t esp_local_active_length;
+ uint32_t esp_local_update_length;
+ uint32_t esp_peer_active_length;
+ uint32_t esp_peer_update_length;
+ /** root needed in case of hierarchical hchain linking */
+ uint8_t esp_root_length;
+ unsigned char esp_root[MAX_NUM_PARALLEL_HCHAINS][MAX_HASH_LENGTH];
+ int hash_item_length;
+ /** parameters needed for soft-updates of hchains */
+ /** Stored outgoing UPDATE ID counter. */
+ uint32_t light_update_id_out;
+ /** Stored incoming UPDATE ID counter. */
+ uint32_t light_update_id_in;
+ /** retranmission */
+ uint8_t light_update_retrans;
+};
+
+extern int esp_prot_active;
+extern int esp_prot_num_transforms;
+extern long esp_prot_num_parallel_hchains;
+extern uint8_t esp_prot_transforms[MAX_NUM_TRANSFORMS];
+
+int hip_esp_tokens_init_state(struct modular_state *state);
+
+#endif /* MODULES_ESP_TOKENS_HIPD_ESP_TOKENS_STATE_H_ */
=== added directory 'modules/esp_tokens/lib'
=== renamed file 'lib/core/esp_prot_common.c' => 'modules/esp_tokens/lib/esp_prot_common.c'
--- lib/core/esp_prot_common.c 2010-07-04 17:54:18 +0000
+++ modules/esp_tokens/lib/esp_prot_common.c 2010-09-03 11:40:19 +0000
@@ -35,7 +35,7 @@
*/
#include "esp_prot_common.h"
-#include "debug.h"
+#include "lib/core/debug.h"
/**
* Checks if the passed transform is one of our locally preferred transforms
=== renamed file 'lib/core/esp_prot_common.h' => 'modules/esp_tokens/lib/esp_prot_common.h'
--- lib/core/esp_prot_common.h 2010-07-14 16:01:50 +0000
+++ modules/esp_tokens/lib/esp_prot_common.h 2010-09-03 11:40:19 +0000
@@ -39,6 +39,9 @@
#include <stdint.h>
+#include "lib/core/protodefs.h"
+#include "lib/core/hashchain.h"
+
/* the maximum numbers for arrays used for the different modes */
#define MAX_NUM_TRANSFORMS 10
#define MAX_NUM_PARALLEL_HCHAINS 10
@@ -55,6 +58,47 @@
#define ESP_PROT_TFM_TREE 5
#define ESP_PROT_TFM_TREE_CHAIN 6
+/* parameter definitions for HIP packets */
+struct esp_prot_preferred_tfms {
+ hip_tlv_type_t type;
+ hip_tlv_len_t length;
+ uint8_t num_transforms;
+ // this will also contain the UNUSED transform
+ uint8_t transforms[MAX_NUM_TRANSFORMS];
+} __attribute__ ((packed));
+
+struct esp_prot_anchor {
+ hip_tlv_type_t type;
+ hip_tlv_len_t length;
+ uint8_t transform;
+ uint32_t hash_item_length;
+ // contains active and next anchor
+ unsigned char anchors[2 * MAX_HASH_LENGTH];
+} __attribute__ ((packed));
+
+struct esp_prot_branch {
+ hip_tlv_type_t type;
+ hip_tlv_len_t length;
+ uint32_t anchor_offset;
+ uint32_t branch_length;
+ unsigned char branch_nodes[MAX_HTREE_DEPTH * MAX_HASH_LENGTH];
+} __attribute__ ((packed));
+
+struct esp_prot_secret {
+ hip_tlv_type_t type;
+ hip_tlv_len_t length;
+ uint8_t secret_length;
+ unsigned char secret[MAX_HASH_LENGTH];
+} __attribute__ ((packed));
+
+struct esp_prot_root {
+ hip_tlv_type_t type;
+ hip_tlv_len_t length;
+ uint8_t root_length;
+ unsigned char root[MAX_HASH_LENGTH];
+} __attribute__ ((packed));
+
+
int esp_prot_check_transform(const int num_transforms,
const uint8_t *preferred_transforms,
const uint8_t transform);
=== added file 'modules/esp_tokens/module_info.xml'
--- modules/esp_tokens/module_info.xml 1970-01-01 00:00:00 +0000
+++ modules/esp_tokens/module_info.xml 2010-09-03 11:40:19 +0000
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!-- Mandatory: name, version -->
+<module
+ name="esp_tokens"
+ version="0.0.1"
+ description="ESP authentication token functionality for the hip daemon."
+ developer=""
+ bugaddress="hipl-users@xxxxxxxxxxxxx"
+ webpage="http://infrahip.hiit.fi/">
+
+ <requires>
+ <module name="user_ipsec" minversion="0.0.1" />
+ <module name="update" minversion="0.0.1" />
+ </requires>
+
+ <!-- Mandatory: name, header_file, init_function -->
+ <application
+ name="hipd"
+ header_file="modules/esp_tokens/hipd/esp_tokens.h"
+ init_function="hip_esp_tokens_init" />
+</module>
+
=== modified file 'modules/update/hipd/update.c'
--- modules/update/hipd/update.c 2010-08-20 16:38:55 +0000
+++ modules/update/hipd/update.c 2010-09-03 11:40:19 +0000
@@ -38,7 +38,7 @@
#include "config.h"
#include "hipd/cookie.h"
-#include "hipd/esp_prot_hipd_msg.h"
+#include "modules/esp_tokens/hipd/esp_prot_hipd_msg.h"
#include "hipd/hadb.h"
#include "hipd/hipd.h"
#include "hipd/input.h"
=== modified file 'modules/user_ipsec/hipd/user_ipsec.h'
--- modules/user_ipsec/hipd/user_ipsec.h 2010-08-25 12:53:17 +0000
+++ modules/user_ipsec/hipd/user_ipsec.h 2010-09-03 11:40:19 +0000
@@ -31,6 +31,11 @@
* @author Rene Hummen <rene.hummen@xxxxxxxxxxxxxx>
*/
+#ifndef MODULES_USER_IPSEC_HIPD_USER_IPSEC_H_
+#define MODULES_USER_IPSEC_HIPD_USER_IPSEC_H_
+
extern int hip_use_userspace_ipsec;
int user_ipsec_init(void);
+
+#endif /* MODULES_USER_IPSEC_HIPD_USER_IPSEC_H_ */
=== modified file 'modules/user_ipsec/hipd/user_ipsec_hipd_msg.c'
--- modules/user_ipsec/hipd/user_ipsec_hipd_msg.c 2010-08-25 12:53:17 +0000
+++ modules/user_ipsec/hipd/user_ipsec_hipd_msg.c 2010-09-03 11:40:19 +0000
@@ -40,7 +40,7 @@
#include "lib/core/ife.h"
#include "lib/core/protodefs.h"
#include "lib/tool/xfrmapi.h"
-#include "hipd/esp_prot_hipd_msg.h"
+#include "modules/esp_tokens/hipd/esp_prot_hipd_msg.h"
#include "hipd/hadb.h"
#include "hipd/hipd.h"
#include "hipd/init.h"
Follow ups