hipl-core team mailing list archive
-
hipl-core team
-
Mailing list archive
-
Message #00140
Re: [Branch ~rene-hummen/hipl/ipsec_esp] Rev 4916: modularized esp tokens
When reviewing this commit, you only need to consider changes in hipd/*, firewall/* and lib/*/*. In these files, code was mostly moved to esp_tokens specific files or factored out into a separate function in the same file. I would appreciate if someone could have a look at the changes.
Generally, a lot of code has just been moved from one file to another or function parameters needed to be changed to reflect the required parameters of libmod. Due to the high interdependency of changes in different files, I didn't see a good way to split up the commit in a feasible amount of time. Starting from now, you shouldn't see any large-scale changes on this branch any more.
Thanks,
René
On Sep 3, 2010, at 1:46 PM, noreply@xxxxxxxxxxxxx wrote:
> ------------------------------------------------------------
> revno: 4916
> committer: Rene Hummen <rene.hummen@xxxxxxxxxxxxxxxxx>
> branch nick: ipsec_esp
> timestamp: Fri 2010-09-03 13:40:19 +0200
> message:
> modularized esp tokens
>
> split up of hip parameter processing during bex and fixed interfaces
> of esp_tokens to fit requirements of libmod. I needed to add system-
> includes for malloc, free and memset in a few files as include chain did
> no longer provide includes for these functions.
> added:
> modules/esp_tokens/
> modules/esp_tokens/Makefile.am
> modules/esp_tokens/hipd/
> modules/esp_tokens/hipd/esp_tokens.c
> modules/esp_tokens/hipd/esp_tokens.h
> modules/esp_tokens/hipd/esp_tokens_builder.c
> modules/esp_tokens/hipd/esp_tokens_builder.h
> modules/esp_tokens/hipd/esp_tokens_state.c
> modules/esp_tokens/hipd/esp_tokens_state.h
> modules/esp_tokens/lib/
> modules/esp_tokens/module_info.xml
> renamed:
> hipd/esp_prot_anchordb.c => modules/esp_tokens/hipd/esp_prot_anchordb.c
> hipd/esp_prot_anchordb.h => modules/esp_tokens/hipd/esp_prot_anchordb.h
> hipd/esp_prot_hipd_msg.c => modules/esp_tokens/hipd/esp_prot_hipd_msg.c
> hipd/esp_prot_hipd_msg.h => modules/esp_tokens/hipd/esp_prot_hipd_msg.h
> hipd/esp_prot_light_update.c => modules/esp_tokens/hipd/esp_prot_light_update.c
> hipd/esp_prot_light_update.h => modules/esp_tokens/hipd/esp_prot_light_update.h
> lib/core/esp_prot_common.c => modules/esp_tokens/lib/esp_prot_common.c
> lib/core/esp_prot_common.h => modules/esp_tokens/lib/esp_prot_common.h
> modified:
> Makefile.am
> firewall/dlist.c
> firewall/firewall_defines.h
> firewall/user_ipsec_sadb.c
> firewall/user_ipsec_sadb.h
> hipd/configfilereader.c
> hipd/hipd.c
> hipd/hipd.h
> hipd/init.c
> hipd/input.c
> hipd/maintenance.c
> hipd/output.c
> hipd/output.h
> hipd/user.c
> lib/core/builder.c
> lib/core/builder.h
> lib/core/common.h
> lib/core/protodefs.h
> lib/core/state.h
> lib/core/statistics.c
> modules/update/hipd/update.c
> modules/user_ipsec/hipd/user_ipsec.h
> modules/user_ipsec/hipd/user_ipsec_hipd_msg.c
> modules/esp_tokens/hipd/esp_prot_anchordb.c
> modules/esp_tokens/hipd/esp_prot_anchordb.h
> modules/esp_tokens/hipd/esp_prot_hipd_msg.c
> modules/esp_tokens/hipd/esp_prot_hipd_msg.h
> modules/esp_tokens/hipd/esp_prot_light_update.c
> modules/esp_tokens/hipd/esp_prot_light_update.h
> modules/esp_tokens/lib/esp_prot_common.c
> modules/esp_tokens/lib/esp_prot_common.h
>
>
> --
> lp:~rene-hummen/hipl/ipsec_esp
> https://code.launchpad.net/~rene-hummen/hipl/ipsec_esp
>
> Your team HIPL core team is subscribed to branch lp:~rene-hummen/hipl/ipsec_esp.
> To unsubscribe from this branch go to https://code.launchpad.net/~rene-hummen/hipl/ipsec_esp/+edit-subscription
> === modified file 'Makefile.am'
> --- Makefile.am 2010-08-25 12:53:17 +0000
> +++ Makefile.am 2010-09-03 11:40:19 +0000
> @@ -54,9 +54,6 @@
> hipd/configfilereader.c \
> hipd/cookie.c \
> hipd/dh.c \
> - hipd/esp_prot_anchordb.c \
> - hipd/esp_prot_hipd_msg.c \
> - hipd/esp_prot_light_update.c \
> hipd/hadb.c \
> hipd/hadb_legacy.c \
> hipd/hidb.c \
> @@ -121,7 +118,6 @@
> lib/core/conf.c \
> lib/core/crypto.c \
> lib/core/debug.c \
> - lib/core/esp_prot_common.c \
> lib/core/filemanip.c \
> lib/core/hashchain.c \
> lib/core/hashchain_store.c \
> @@ -164,6 +160,7 @@
> include modules/heartbeat_update/Makefile.am
> include modules/update/Makefile.am
> include modules/user_ipsec/Makefile.am
> +include modules/esp_tokens/Makefile.am
>
> ### library dependencies ###
>
>
> === modified file 'firewall/dlist.c'
> --- firewall/dlist.c 2010-07-04 17:54:18 +0000
> +++ firewall/dlist.c 2010-09-03 11:40:19 +0000
> @@ -34,6 +34,8 @@
> * @author Essi Vehmersalo
> */
>
> +#include <stdlib.h>
> +
> #include "lib/core/debug.h"
> #include "dlist.h"
>
>
> === modified file 'firewall/firewall_defines.h'
> --- firewall/firewall_defines.h 2010-07-04 17:54:18 +0000
> +++ firewall/firewall_defines.h 2010-09-03 11:40:19 +0000
> @@ -40,6 +40,7 @@
> #include "lib/core/common.h"
> #include "lib/core/linkedlist.h"
> #include "lib/core/protodefs.h"
> +#include "modules/esp_tokens/lib/esp_prot_common.h"
> #include "config.h"
> #include "common_types.h"
> #include "esp_prot_defines.h"
>
> === modified file 'firewall/user_ipsec_sadb.c'
> --- firewall/user_ipsec_sadb.c 2010-08-19 09:32:20 +0000
> +++ firewall/user_ipsec_sadb.c 2010-09-03 11:40:19 +0000
> @@ -46,7 +46,6 @@
> #include "lib/core/builder.h"
> #include "lib/core/common.h"
> #include "lib/core/debug.h"
> -#include "lib/core/esp_prot_common.h"
> #include "lib/core/hashchain.h"
> #include "lib/core/hashtable.h"
> #include "lib/core/ife.h"
>
> === modified file 'firewall/user_ipsec_sadb.h'
> --- firewall/user_ipsec_sadb.h 2010-08-19 09:32:20 +0000
> +++ firewall/user_ipsec_sadb.h 2010-09-03 11:40:19 +0000
> @@ -43,7 +43,7 @@
> #include <openssl/des.h>
> #include <sys/time.h>
>
> -#include "lib/core/esp_prot_common.h"
> +#include "modules/esp_tokens/lib/esp_prot_common.h"
> #include "lib/core/hashchain.h"
> #include "esp_prot_defines.h"
>
>
> === modified file 'hipd/configfilereader.c'
> --- hipd/configfilereader.c 2010-07-07 16:42:17 +0000
> +++ hipd/configfilereader.c 2010-09-03 11:40:19 +0000
> @@ -31,6 +31,7 @@
> #include <errno.h>
> #include <stdio.h>
> #include <string.h>
> +#include <stdlib.h>
>
> #include "lib/core/debug.h"
> #include "configfilereader.h"
>
> === modified file 'hipd/hipd.c'
> --- hipd/hipd.c 2010-08-25 12:53:17 +0000
> +++ hipd/hipd.c 2010-09-03 11:40:19 +0000
> @@ -45,6 +45,7 @@
> #include <sys/un.h>
>
> #include "lib/core/builder.h"
> +#include "lib/core/common.h"
> #include "lib/core/conf.h"
> #include "lib/core/debug.h"
> #include "lib/core/filemanip.h"
> @@ -144,11 +145,6 @@
>
> int address_change_time_counter = -1;
>
> -int esp_prot_active = 0;
> -int esp_prot_num_transforms = 0;
> -uint8_t esp_prot_transforms[MAX_NUM_TRANSFORMS];
> -long esp_prot_num_parallel_hchains = 0;
> -
> int hip_shotgun_status = HIP_MSG_SHOTGUN_OFF;
>
> int hip_trigger_update_on_heart_beat_failure = 1;
> @@ -182,7 +178,7 @@
> * @param msg the message to send
> * @return zero on success or negative on error
> */
> -int hip_sendto_firewall(const struct hip_common *msg)
> +int hip_sendto_firewall(HIPFW const struct hip_common *msg)
> {
> #ifdef CONFIG_HIP_FIREWALL
> int n = 0;
>
> === modified file 'hipd/hipd.h'
> --- hipd/hipd.h 2010-08-25 09:06:43 +0000
> +++ hipd/hipd.h 2010-09-03 11:40:19 +0000
> @@ -110,10 +110,6 @@
>
> extern hip_transform_suite_t hip_nat_status;
>
> -extern int esp_prot_active;
> -extern int esp_prot_num_transforms;
> -extern long esp_prot_num_parallel_hchains;
> -
> extern int hip_trigger_update_on_heart_beat_failure;
>
> extern int hip_locator_status;
> @@ -123,8 +119,6 @@
> extern int address_count;
> extern HIP_HASHTABLE *addresses;
>
> -extern uint8_t esp_prot_transforms[MAX_NUM_TRANSFORMS];
> -
> int hip_firewall_is_alive(void);
>
> /* Functions for handling incoming packets. */
>
> === modified file 'hipd/init.c'
> --- hipd/init.c 2010-08-25 12:53:17 +0000
> +++ hipd/init.c 2010-09-03 11:40:19 +0000
> @@ -68,7 +68,6 @@
> #include "accessor.h"
> #include "close.h"
> #include "dh.h"
> -#include "esp_prot_light_update.h"
> #include "hadb.h"
> #include "hidb.h"
> #include "hip_socket.h"
> @@ -705,7 +704,6 @@
> lmod_register_packet_type(HIP_CLOSE_ACK, "HIP_CLOSE_ACK");
> lmod_register_packet_type(HIP_PSIG, "HIP_PSIG");
> lmod_register_packet_type(HIP_TRIG, "HIP_TRIG");
> - lmod_register_packet_type(HIP_LUPDATE, "HIP_LUPDATE");
> lmod_register_packet_type(HIP_DATA, "HIP_DATA");
> lmod_register_packet_type(HIP_PAYLOAD, "HIP_PAYLOAD");
> }
> @@ -769,49 +767,97 @@
> hip_register_handle_function(HIP_I2, HIP_STATE_UNASSOCIATED, &hip_check_i2, 20000);
> hip_register_handle_function(HIP_I2, HIP_STATE_UNASSOCIATED, &hip_handle_i2, 30000);
> hip_register_handle_function(HIP_I2, HIP_STATE_UNASSOCIATED, &hip_setup_ipsec_sa_i2, 30500);
> - hip_register_handle_function(HIP_I2, HIP_STATE_UNASSOCIATED, &hip_send_r2, 40000);
> + hip_register_handle_function(HIP_I2, HIP_STATE_UNASSOCIATED, &hip_create_r2, 40000);
> + hip_register_handle_function(HIP_I2, HIP_STATE_UNASSOCIATED, &hip_add_rvs_reg_from, 41000);
> + hip_register_handle_function(HIP_I2, HIP_STATE_UNASSOCIATED, &hip_hmac2_and_sign, 42000);
> + hip_register_handle_function(HIP_I2, HIP_STATE_UNASSOCIATED, &hip_add_rvs_relay_to, 43000);
> + hip_register_handle_function(HIP_I2, HIP_STATE_UNASSOCIATED, &hip_send_r2, 50000);
> hip_register_handle_function(HIP_I2, HIP_STATE_I1_SENT, &hip_check_i2, 20000);
> hip_register_handle_function(HIP_I2, HIP_STATE_I1_SENT, &hip_handle_i2, 30000);
> hip_register_handle_function(HIP_I2, HIP_STATE_I1_SENT, &hip_setup_ipsec_sa_i2, 30500);
> - hip_register_handle_function(HIP_I2, HIP_STATE_I1_SENT, &hip_send_r2, 40000);
> + hip_register_handle_function(HIP_I2, HIP_STATE_I1_SENT, &hip_create_r2, 40000);
> + hip_register_handle_function(HIP_I2, HIP_STATE_I1_SENT, &hip_add_rvs_reg_from, 41000);
> + hip_register_handle_function(HIP_I2, HIP_STATE_I1_SENT, &hip_hmac2_and_sign, 42000);
> + hip_register_handle_function(HIP_I2, HIP_STATE_I1_SENT, &hip_add_rvs_relay_to, 43000);
> + hip_register_handle_function(HIP_I2, HIP_STATE_I1_SENT, &hip_send_r2, 50000);
> hip_register_handle_function(HIP_I2, HIP_STATE_I2_SENT, &hip_check_i2, 20000);
> hip_register_handle_function(HIP_I2, HIP_STATE_I2_SENT, &hip_handle_i2_in_i2_sent, 21000);
> hip_register_handle_function(HIP_I2, HIP_STATE_I2_SENT, &hip_handle_i2, 30000);
> hip_register_handle_function(HIP_I2, HIP_STATE_I2_SENT, &hip_setup_ipsec_sa_i2, 30500);
> - hip_register_handle_function(HIP_I2, HIP_STATE_I2_SENT, &hip_send_r2, 40000);
> + hip_register_handle_function(HIP_I2, HIP_STATE_I2_SENT, &hip_create_r2, 40000);
> + hip_register_handle_function(HIP_I2, HIP_STATE_I2_SENT, &hip_add_rvs_reg_from, 41000);
> + hip_register_handle_function(HIP_I2, HIP_STATE_I2_SENT, &hip_hmac2_and_sign, 42000);
> + hip_register_handle_function(HIP_I2, HIP_STATE_I2_SENT, &hip_add_rvs_relay_to, 43000);
> + hip_register_handle_function(HIP_I2, HIP_STATE_I2_SENT, &hip_send_r2, 50000);
> hip_register_handle_function(HIP_I2, HIP_STATE_R2_SENT, &hip_check_i2, 20000);
> hip_register_handle_function(HIP_I2, HIP_STATE_R2_SENT, &hip_handle_i2, 30000);
> hip_register_handle_function(HIP_I2, HIP_STATE_R2_SENT, &hip_setup_ipsec_sa_i2, 30500);
> - hip_register_handle_function(HIP_I2, HIP_STATE_R2_SENT, &hip_send_r2, 40000);
> + hip_register_handle_function(HIP_I2, HIP_STATE_R2_SENT, &hip_create_r2, 40000);
> + hip_register_handle_function(HIP_I2, HIP_STATE_R2_SENT, &hip_add_rvs_reg_from, 41000);
> + hip_register_handle_function(HIP_I2, HIP_STATE_R2_SENT, &hip_hmac2_and_sign, 42000);
> + hip_register_handle_function(HIP_I2, HIP_STATE_R2_SENT, &hip_add_rvs_relay_to, 43000);
> + hip_register_handle_function(HIP_I2, HIP_STATE_R2_SENT, &hip_send_r2, 50000);
> hip_register_handle_function(HIP_I2, HIP_STATE_ESTABLISHED, &hip_check_i2, 20000);
> hip_register_handle_function(HIP_I2, HIP_STATE_ESTABLISHED, &hip_handle_i2, 30000);
> hip_register_handle_function(HIP_I2, HIP_STATE_ESTABLISHED, &hip_setup_ipsec_sa_i2, 30500);
> - hip_register_handle_function(HIP_I2, HIP_STATE_ESTABLISHED, &hip_send_r2, 40000);
> + hip_register_handle_function(HIP_I2, HIP_STATE_ESTABLISHED, &hip_create_r2, 40000);
> + hip_register_handle_function(HIP_I2, HIP_STATE_ESTABLISHED, &hip_add_rvs_reg_from, 41000);
> + hip_register_handle_function(HIP_I2, HIP_STATE_ESTABLISHED, &hip_hmac2_and_sign, 42000);
> + hip_register_handle_function(HIP_I2, HIP_STATE_ESTABLISHED, &hip_add_rvs_relay_to, 43000);
> + hip_register_handle_function(HIP_I2, HIP_STATE_ESTABLISHED, &hip_send_r2, 50000);
> hip_register_handle_function(HIP_I2, HIP_STATE_CLOSING, &hip_check_i2, 20000);
> hip_register_handle_function(HIP_I2, HIP_STATE_CLOSING, &hip_handle_i2, 30000);
> hip_register_handle_function(HIP_I2, HIP_STATE_CLOSING, &hip_setup_ipsec_sa_i2, 30500);
> - hip_register_handle_function(HIP_I2, HIP_STATE_CLOSING, &hip_send_r2, 40000);
> + hip_register_handle_function(HIP_I2, HIP_STATE_CLOSING, &hip_create_r2, 40000);
> + hip_register_handle_function(HIP_I2, HIP_STATE_CLOSING, &hip_add_rvs_reg_from, 41000);
> + hip_register_handle_function(HIP_I2, HIP_STATE_CLOSING, &hip_hmac2_and_sign, 42000);
> + hip_register_handle_function(HIP_I2, HIP_STATE_CLOSING, &hip_add_rvs_relay_to, 43000);
> + hip_register_handle_function(HIP_I2, HIP_STATE_CLOSING, &hip_send_r2, 50000);
> hip_register_handle_function(HIP_I2, HIP_STATE_CLOSED, &hip_check_i2, 20000);
> hip_register_handle_function(HIP_I2, HIP_STATE_CLOSED, &hip_handle_i2, 30000);
> hip_register_handle_function(HIP_I2, HIP_STATE_CLOSED, &hip_setup_ipsec_sa_i2, 30500);
> - hip_register_handle_function(HIP_I2, HIP_STATE_CLOSED, &hip_send_r2, 40000);
> + hip_register_handle_function(HIP_I2, HIP_STATE_CLOSED, &hip_create_r2, 40000);
> + hip_register_handle_function(HIP_I2, HIP_STATE_CLOSED, &hip_add_rvs_reg_from, 41000);
> + hip_register_handle_function(HIP_I2, HIP_STATE_CLOSED, &hip_hmac2_and_sign, 42000);
> + hip_register_handle_function(HIP_I2, HIP_STATE_CLOSED, &hip_add_rvs_relay_to, 43000);
> + hip_register_handle_function(HIP_I2, HIP_STATE_CLOSED, &hip_send_r2, 50000);
> hip_register_handle_function(HIP_I2, HIP_STATE_NONE, &hip_check_i2, 20000);
> hip_register_handle_function(HIP_I2, HIP_STATE_NONE, &hip_handle_i2, 30000);
> hip_register_handle_function(HIP_I2, HIP_STATE_NONE, &hip_setup_ipsec_sa_i2, 30500);
> - hip_register_handle_function(HIP_I2, HIP_STATE_NONE, &hip_send_r2, 40000);
> + hip_register_handle_function(HIP_I2, HIP_STATE_NONE, &hip_create_r2, 40000);
> + hip_register_handle_function(HIP_I2, HIP_STATE_NONE, &hip_add_rvs_reg_from, 41000);
> + hip_register_handle_function(HIP_I2, HIP_STATE_NONE, &hip_hmac2_and_sign, 42000);
> + hip_register_handle_function(HIP_I2, HIP_STATE_NONE, &hip_add_rvs_relay_to, 43000);
> + hip_register_handle_function(HIP_I2, HIP_STATE_NONE, &hip_send_r2, 50000);
>
> hip_register_handle_function(HIP_R1, HIP_STATE_I1_SENT, &hip_check_r1, 20000);
> hip_register_handle_function(HIP_R1, HIP_STATE_I1_SENT, &hip_handle_r1, 30000);
> - hip_register_handle_function(HIP_R1, HIP_STATE_I1_SENT, &hip_send_i2, 40000);
> + hip_register_handle_function(HIP_R1, HIP_STATE_I1_SENT, &hip_create_i2, 40000);
> + hip_register_handle_function(HIP_R1, HIP_STATE_I1_SENT, &hip_add_signed_echo_response, 41000);
> + hip_register_handle_function(HIP_R1, HIP_STATE_I1_SENT, &hip_sign_and_mac_packet, 42000);
> + hip_register_handle_function(HIP_R1, HIP_STATE_I1_SENT, &hip_add_unsigned_echo_response, 43000);
> + hip_register_handle_function(HIP_R1, HIP_STATE_I1_SENT, &hip_send_i2, 50000);
> hip_register_handle_function(HIP_R1, HIP_STATE_I2_SENT, &hip_check_r1, 20000);
> hip_register_handle_function(HIP_R1, HIP_STATE_I2_SENT, &hip_handle_r1, 30000);
> - hip_register_handle_function(HIP_R1, HIP_STATE_I2_SENT, &hip_send_i2, 40000);
> + hip_register_handle_function(HIP_R1, HIP_STATE_I2_SENT, &hip_create_i2, 40000);
> + hip_register_handle_function(HIP_R1, HIP_STATE_I2_SENT, &hip_add_signed_echo_response, 41000);
> + hip_register_handle_function(HIP_R1, HIP_STATE_I2_SENT, &hip_sign_and_mac_packet, 42000);
> + hip_register_handle_function(HIP_R1, HIP_STATE_I2_SENT, &hip_add_unsigned_echo_response, 43000);
> + hip_register_handle_function(HIP_R1, HIP_STATE_I2_SENT, &hip_send_i2, 50000);
> hip_register_handle_function(HIP_R1, HIP_STATE_CLOSING, &hip_check_r1, 20000);
> hip_register_handle_function(HIP_R1, HIP_STATE_CLOSING, &hip_handle_r1, 30000);
> - hip_register_handle_function(HIP_R1, HIP_STATE_CLOSING, &hip_send_i2, 40000);
> + hip_register_handle_function(HIP_R1, HIP_STATE_CLOSING, &hip_create_i2, 40000);
> + hip_register_handle_function(HIP_R1, HIP_STATE_CLOSING, &hip_add_signed_echo_response, 41000);
> + hip_register_handle_function(HIP_R1, HIP_STATE_CLOSING, &hip_sign_and_mac_packet, 42000);
> + hip_register_handle_function(HIP_R1, HIP_STATE_CLOSING, &hip_add_unsigned_echo_response, 43000);
> + hip_register_handle_function(HIP_R1, HIP_STATE_CLOSING, &hip_send_i2, 50000);
> hip_register_handle_function(HIP_R1, HIP_STATE_CLOSED, &hip_check_r1, 20000);
> hip_register_handle_function(HIP_R1, HIP_STATE_CLOSED, &hip_handle_r1, 30000);
> - hip_register_handle_function(HIP_R1, HIP_STATE_CLOSED, &hip_send_i2, 40000);
> + hip_register_handle_function(HIP_R1, HIP_STATE_CLOSED, &hip_create_i2, 40000);
> + hip_register_handle_function(HIP_R1, HIP_STATE_CLOSED, &hip_add_signed_echo_response, 41000);
> + hip_register_handle_function(HIP_R1, HIP_STATE_CLOSED, &hip_sign_and_mac_packet, 42000);
> + hip_register_handle_function(HIP_R1, HIP_STATE_CLOSED, &hip_add_unsigned_echo_response, 43000);
> + hip_register_handle_function(HIP_R1, HIP_STATE_CLOSED, &hip_send_i2, 50000);
>
> hip_register_handle_function(HIP_R2, HIP_STATE_I2_SENT, &hip_check_r2, 20000);
> hip_register_handle_function(HIP_R2, HIP_STATE_I2_SENT, &hip_handle_r2, 30000);
> @@ -844,9 +890,6 @@
> hip_register_handle_function(HIP_CLOSE_ACK, HIP_STATE_CLOSED, &hip_close_ack_check_packet, 20000);
> hip_register_handle_function(HIP_CLOSE_ACK, HIP_STATE_CLOSED, &hip_close_ack_handle_packet, 30000);
>
> - hip_register_handle_function(HIP_LUPDATE, HIP_STATE_ESTABLISHED, &esp_prot_handle_light_update, 20000);
> - hip_register_handle_function(HIP_LUPDATE, HIP_STATE_R2_SENT, &esp_prot_handle_light_update, 20000);
> -
> return err;
> }
>
>
> === modified file 'hipd/input.c'
> --- hipd/input.c 2010-08-25 12:53:17 +0000
> +++ hipd/input.c 2010-09-03 11:40:19 +0000
> @@ -68,8 +68,6 @@
> #include "config.h"
> #include "cookie.h"
> #include "dh.h"
> -#include "esp_prot_hipd_msg.h"
> -#include "esp_prot_light_update.h"
> #include "hadb.h"
> #include "hadb_legacy.h"
> #include "hidb.h"
> @@ -963,13 +961,6 @@
> -1,
> "Building of DH failed.\n");
>
> - /********* ESP protection preferred transforms [OPTIONAL] *********/
> - HIP_IFEL(esp_prot_r1_handle_transforms(ctx),
> - -1,
> - "failed to handle preferred esp protection transforms\n");
> -
> - /******************************************************************/
> -
> out_err:
> if (ctx->hadb_entry->dh_shared_key) {
> free(ctx->hadb_entry->dh_shared_key);
> @@ -1114,12 +1105,6 @@
> ctx->hadb_entry->peer_udp_port = ctx->msg_ports->src_port;
> }
>
> - /********** ESP-PROT anchor [OPTIONAL] **********/
> - HIP_IFEL(esp_prot_r2_handle_anchor(ctx->hadb_entry,
> - ctx->input_msg),
> - -1,
> - "failed to handle esp prot anchor\n");
> -
> /***** LOCATOR PARAMETER *****/
> locator = hip_get_param(ctx->input_msg, HIP_PARAM_LOCATOR);
> if (locator) {
> @@ -1162,7 +1147,6 @@
> HIP_MAX_NETWORK_PACKET);
> }
>
> -out_err:
> if (ctx->hadb_entry->state == HIP_STATE_ESTABLISHED) {
> HIP_DEBUG("Send response to firewall.\n");
> hip_firewall_set_bex_data(HIP_MSG_FW_BEX_DONE,
> @@ -1773,11 +1757,6 @@
> }
> HIP_DEBUG("retransmission: %s\n", (retransmission ? "yes" : "no"));
>
> - /********** ESP-PROT anchor [OPTIONAL] **********/
> - /** @todo Modularize esp_prot_* */
> - HIP_IFEL(esp_prot_i2_handle_anchor(ctx), -1,
> - "failed to handle esp prot anchor\n");
> -
> /***** LOCATOR PARAMETER *****/
> locator = hip_get_param(ctx->input_msg, HIP_PARAM_LOCATOR);
> if (locator) {
>
> === modified file 'hipd/maintenance.c'
> --- hipd/maintenance.c 2010-07-16 18:56:20 +0000
> +++ hipd/maintenance.c 2010-09-03 11:40:19 +0000
> @@ -106,8 +106,7 @@
> if (*now - HIP_RETRANSMIT_WAIT > entry->hip_msg_retrans.last_transmit) {
> if ((entry->hip_msg_retrans.count > 0) && entry->hip_msg_retrans.buf &&
> ((entry->state != HIP_STATE_ESTABLISHED && entry->retrans_state != entry->state) ||
> - (entry->update_state != 0 && entry->retrans_state != entry->update_state) ||
> - entry->light_update_retrans == 1)) {
> + (entry->update_state != 0 && entry->retrans_state != entry->update_state))) {
> HIP_DEBUG("state=%d, retrans_state=%d, update_state=%d\n",
> entry->state, entry->retrans_state, entry->update_state, entry->retrans_state);
>
>
> === modified file 'hipd/output.c'
> --- hipd/output.c 2010-08-25 12:53:17 +0000
> +++ hipd/output.c 2010-09-03 11:40:19 +0000
> @@ -59,7 +59,6 @@
> #include "config.h"
> #include "cookie.h"
> #include "dh.h"
> -#include "esp_prot_hipd_msg.h"
> #include "hadb.h"
> #include "hidb.h"
> #include "hipd.h"
> @@ -68,6 +67,7 @@
> #include "netdev.h"
> #include "pisa.h"
> #include "registration.h"
> +#include "modules/esp_tokens/hipd/esp_prot_hipd_msg.h"
> #include "output.h"
>
>
> @@ -240,7 +240,112 @@
> }
>
> /**
> - * @brief Creates an I2 packet and sends it.
> + * @brief Adds a signed echo response to an outbound packet.
> + *
> + * @param packet_type The packet type of the control message (RFC 5201, 5.3.)
> + * @param ha_state The host association state (RFC 5201, 4.4.1.)
> + * @param *ctx Pointer to the packet context, containing all
> + * information for the packet handling
> + * (received message, source and destination address, the
> + * ports and the corresponding entry from the host
> + * association database).
> + *
> + * @return zero on success, non-negative on error.
> + */
> +int hip_add_signed_echo_response(UNUSED const uint8_t packet_type,
> + UNUSED const uint32_t ha_state,
> + struct hip_packet_context *ctx)
> +{
> + const struct hip_echo_request *ping = NULL;
> + int err = 0;
> +
> + ping = hip_get_param(ctx->input_msg, HIP_PARAM_ECHO_REQUEST_SIGN);
> + if (ping) {
> + int ln = hip_get_param_contents_len(ping);
> + HIP_IFEL(hip_build_param_echo(ctx->output_msg, ping + 1, ln, 1, 0), -1,
> + "Error while creating echo reply parameter\n");
> + }
> +
> + out_err:
> + return err;
> +}
> +
> +/**
> + * @brief Adds a signature and hmac to an outbound packet.
> + *
> + * @param packet_type The packet type of the control message (RFC 5201, 5.3.)
> + * @param ha_state The host association state (RFC 5201, 4.4.1.)
> + * @param *ctx Pointer to the packet context, containing all
> + * information for the packet handling
> + * (received message, source and destination address, the
> + * ports and the corresponding entry from the host
> + * association database).
> + *
> + * @return zero on success, non-negative on error.
> + */
> +int hip_sign_and_mac_packet(UNUSED const uint8_t packet_type,
> + UNUSED const uint32_t ha_state,
> + struct hip_packet_context *ctx)
> +{
> + int err = 0;
> +
> + HIP_IFEL(hip_build_param_hmac_contents(ctx->output_msg,
> + &ctx->hadb_entry->hip_hmac_out),
> + -1,
> + "Building of HMAC failed\n");
> +
> + /* Build a digest of the packet built so far. Signature will
> + * be calculated over the digest. */
> +#ifdef CONFIG_HIP_PERFORMANCE
> + HIP_DEBUG("Start PERF_SIGN\n");
> + hip_perf_start_benchmark(perf_set, PERF_SIGN);
> +#endif
> + HIP_IFEL(ctx->hadb_entry->sign(ctx->hadb_entry->our_priv_key,
> + ctx->output_msg),
> + -EINVAL,
> + "Could not create signature\n");
> +#ifdef CONFIG_HIP_PERFORMANCE
> + HIP_DEBUG("Stop PERF_SIGN\n");
> + hip_perf_stop_benchmark(perf_set, PERF_SIGN);
> +#endif
> +
> + out_err:
> + return err;
> +}
> +
> +/**
> + * @brief Adds an unsigned echo response to an outbound packet.
> + *
> + * @param packet_type The packet type of the control message (RFC 5201, 5.3.)
> + * @param ha_state The host association state (RFC 5201, 4.4.1.)
> + * @param *ctx Pointer to the packet context, containing all
> + * information for the packet handling
> + * (received message, source and destination address, the
> + * ports and the corresponding entry from the host
> + * association database).
> + *
> + * @return zero on success, non-negative on error.
> + */
> +int hip_add_unsigned_echo_response(UNUSED const uint8_t packet_type,
> + UNUSED const uint32_t ha_state,
> + struct hip_packet_context *ctx)
> +{
> + const struct hip_echo_request *ping = NULL;
> + int err = 0;
> +
> + ping = hip_get_param(ctx->input_msg, HIP_PARAM_ECHO_REQUEST);
> + if (ping) {
> + int ln = hip_get_param_contents_len(ping);
> + HIP_IFEL(hip_build_param_echo(ctx->output_msg, (ping + 1), ln, 0, 0), -1,
> + "Error while creating echo reply parameter\n");
> + }
> +
> + out_err:
> + return err;
> +}
> +
> +/**
> + * @brief Creates an I2 packet.
> *
> * @param packet_type The packet type of the control message (RFC 5201, 5.3.)
> * @param ha_state The host association state (RFC 5201, 4.4.1.)
> @@ -252,20 +357,17 @@
> *
> * @return zero on success, non-negative on error.
> */
> -int hip_send_i2(UNUSED const uint8_t packet_type,
> - UNUSED const uint32_t ha_state,
> - struct hip_packet_context *ctx)
> +int hip_create_i2(UNUSED const uint8_t packet_type,
> + UNUSED const uint32_t ha_state,
> + struct hip_packet_context *ctx)
> {
> hip_transform_suite_t transform_hip_suite, transform_esp_suite;
> - struct hip_spi_in_item spi_in_data;
> - struct in6_addr daddr;
> const struct hip_param *param = NULL;
> struct hip_esp_info *esp_info = NULL;
> struct hip_host_id_entry *host_id_entry = NULL;
> char *enc_in_msg = NULL, *host_id_in_enc = NULL;
> unsigned char *iv = NULL;
> int err = 0, host_id_in_enc_len = 0;
> - uint32_t spi_in = 0;
>
> HIP_IFEL(ctx->error,
> -1,
> @@ -281,8 +383,6 @@
>
> HIP_ASSERT(ctx->hadb_entry);
>
> - spi_in = ctx->hadb_entry->spi_inbound_current;
> -
> /* TLV sanity checks are are already done by the caller of this
> * function. Now, begin to build I2 piece by piece. */
>
> @@ -397,11 +497,7 @@
> &transform_esp_suite, 1), -1,
> "Building of ESP transform failed\n");
>
> - /********** ESP-PROT anchor [OPTIONAL] **********/
> -
> - /** @todo Modularize esp_prot_* */
> - HIP_IFEL(esp_prot_i2_add_anchor(ctx), -1,
> - "failed to add esp protection anchor\n");
> + ctx->hadb_entry->esp_transform = transform_esp_suite;
>
> /************************************************/
>
> @@ -450,7 +546,8 @@
> ctx->hadb_entry->hip_transform = transform_hip_suite;
>
> /* XXX: -EAGAIN */
> - HIP_DEBUG("set up inbound IPsec SA, SPI=0x%x (host)\n", spi_in);
> + HIP_DEBUG("set up inbound IPsec SA, SPI=0x%x (host)\n",
> + ctx->hadb_entry->spi_inbound_current);
>
> HIP_IFEL(hip_setup_hit_sp_pair(&ctx->input_msg->hits,
> &ctx->input_msg->hitr,
> @@ -463,73 +560,31 @@
>
> esp_info = hip_get_param_readwrite(ctx->output_msg, HIP_PARAM_ESP_INFO);
> HIP_ASSERT(esp_info); /* Builder internal error */
> - esp_info->new_spi = htonl(spi_in);
> - /* LSI not created, as it is local, and we do not support IPv4 */
> -
> - /********** ECHO_RESPONSE_SIGN (OPTIONAL) **************/
> - /* must reply... */
> - {
> - const struct hip_echo_request *ping;
> -
> - ping = hip_get_param(ctx->input_msg, HIP_PARAM_ECHO_REQUEST_SIGN);
> - if (ping) {
> - int ln = hip_get_param_contents_len(ping);
> - HIP_IFEL(hip_build_param_echo(ctx->output_msg, ping + 1, ln, 1, 0), -1,
> - "Error while creating echo reply parameter\n");
> - }
> - }
> -
> - /************* HMAC ************/
> - HIP_IFEL(hip_build_param_hmac_contents(ctx->output_msg,
> - &ctx->hadb_entry->hip_hmac_out),
> - -1,
> - "Building of HMAC failed\n");
> -
> - /********** Signature **********/
> - /* Build a digest of the packet built so far. Signature will
> - * be calculated over the digest. */
> -#ifdef CONFIG_HIP_PERFORMANCE
> - HIP_DEBUG("Start PERF_SIGN\n");
> - hip_perf_start_benchmark(perf_set, PERF_SIGN);
> -#endif
> - HIP_IFEL(ctx->hadb_entry->sign(ctx->hadb_entry->our_priv_key,
> - ctx->output_msg),
> - -EINVAL,
> - "Could not create signature\n");
> -#ifdef CONFIG_HIP_PERFORMANCE
> - HIP_DEBUG("Stop PERF_SIGN\n");
> - hip_perf_stop_benchmark(perf_set, PERF_SIGN);
> -#endif
> -
> - /********** ECHO_RESPONSE (OPTIONAL) ************/
> - /* must reply */
> - {
> - const struct hip_echo_request *ping;
> -
> - ping = hip_get_param(ctx->input_msg, HIP_PARAM_ECHO_REQUEST);
> - if (ping) {
> - int ln = hip_get_param_contents_len(ping);
> - HIP_IFEL(hip_build_param_echo(ctx->output_msg, (ping + 1), ln, 0, 0), -1,
> - "Error while creating echo reply parameter\n");
> - }
> - }
> -
> - /********** I2 packet complete **********/
> - memset(&spi_in_data, 0, sizeof(struct hip_spi_in_item));
> - spi_in_data.spi = spi_in;
> - spi_in_data.ifindex = hip_devaddr2ifindex(ctx->dst_addr);
> - HIP_LOCK_HA(ctx->hadb_entry);
> -
> - /* 99999 HIP_IFEB(hip_hadb_add_spi_old(ctx->hadb_entry,
> - HIP_SPI_DIRECTION_IN, &spi_in_data),
> - -1,
> - HIP_UNLOCK_HA(ctx->hadb_entry));
> - */
> -
> - ctx->hadb_entry->esp_transform = transform_esp_suite;
> - HIP_DEBUG("Saving base exchange encryption data to hadb_entry \n");
> - HIP_DEBUG_HIT("Our HIT: ", &ctx->hadb_entry->hit_our);
> - HIP_DEBUG_HIT("Peer HIT: ", &ctx->hadb_entry->hit_peer);
> + esp_info->new_spi = htonl(ctx->hadb_entry->spi_inbound_current);
> +
> + out_err:
> + return err;
> +}
> +
> +/**
> + * @brief Final processing and sending of an I2 packet.
> + *
> + * @param packet_type The packet type of the control message (RFC 5201, 5.3.)
> + * @param ha_state The host association state (RFC 5201, 4.4.1.)
> + * @param *ctx Pointer to the packet context, containing all
> + * information for the packet handling
> + * (received message, source and destination address, the
> + * ports and the corresponding entry from the host
> + * association database).
> + *
> + * @return zero on success, non-negative on error.
> + */
> +int hip_send_i2(UNUSED const uint8_t packet_type,
> + UNUSED const uint32_t ha_state,
> + struct hip_packet_context *ctx)
> +{
> + struct in6_addr daddr;
> + int err = 0;
>
> /** @todo Also store the keys that will be given to ESP later */
> HIP_IFE(hip_hadb_get_peer_addr(ctx->hadb_entry, &daddr), -1);
> @@ -903,7 +958,118 @@
> }
>
> /**
> - * Creates and transmits an R2 packet.
> + * Adds an RVS registration_from parameter to outbound packet.
> + *
> + * @param packet_type The packet type of the control message (RFC 5201, 5.3.)
> + * @param ha_state The host association state (RFC 5201, 4.4.1.)
> + * @param *ctx Pointer to the packet context, containing all
> + * information for the packet handling
> + * (received message, source and destination address, the
> + * ports and the corresponding entry from the host
> + * association database).
> + *
> + * @return zero on success, negative otherwise.
> + */
> +int hip_add_rvs_reg_from(UNUSED const uint8_t packet_type,
> + UNUSED const uint32_t ha_state,
> + RVS struct hip_packet_context *ctx)
> +{
> + int err = 0;
> +
> +#ifdef CONFIG_HIP_RVS
> + /********** REG_REQUEST **********/
> + /* This part should only be executed at server offering rvs or relay
> + * services.
> + */
> +
> + hip_handle_param_reg_request(ctx->hadb_entry,
> + ctx->input_msg, ctx->output_msg);
> + if (hip_relay_get_status() != HIP_RELAY_OFF) {
> + hip_build_param_reg_from(ctx->output_msg,
> + ctx->src_addr, ctx->msg_ports->src_port);
> + }
> +#endif
> +
> + return err;
> +}
> +
> +/**
> + * Adds an HMAC2 and signature parameters to outbound packet.
> + *
> + * @param packet_type The packet type of the control message (RFC 5201, 5.3.)
> + * @param ha_state The host association state (RFC 5201, 4.4.1.)
> + * @param *ctx Pointer to the packet context, containing all
> + * information for the packet handling
> + * (received message, source and destination address, the
> + * ports and the corresponding entry from the host
> + * association database).
> + *
> + * @return zero on success, negative otherwise.
> + */
> +int hip_hmac2_and_sign(UNUSED const uint8_t packet_type,
> + UNUSED const uint32_t ha_state,
> + struct hip_packet_context *ctx)
> +{
> + int err = 0;
> +
> + /* Create HMAC2 parameter. */
> + if (ctx->hadb_entry->our_pub == NULL) {
> + HIP_DEBUG("ctx->hadb_entry->our_pub is NULL.\n");
> + }
> +
> + HIP_IFEL(hip_build_param_hmac2_contents(ctx->output_msg,
> + &ctx->hadb_entry->hip_hmac_out,
> + ctx->hadb_entry->our_pub),
> + -1,
> + "Failed to build parameter HMAC2 contents.\n");
> +
> + HIP_IFEL(ctx->hadb_entry->sign(ctx->hadb_entry->our_priv_key,
> + ctx->output_msg),
> + -EINVAL,
> + "Could not sign R2. Failing\n");
> +
> + out_err:
> + return err;
> +}
> +
> +/**
> + * Adds an RVS relay_to parameter to outbound packet.
> + *
> + * @param packet_type The packet type of the control message (RFC 5201, 5.3.)
> + * @param ha_state The host association state (RFC 5201, 4.4.1.)
> + * @param *ctx Pointer to the packet context, containing all
> + * information for the packet handling
> + * (received message, source and destination address, the
> + * ports and the corresponding entry from the host
> + * association database).
> + *
> + * @return zero on success, negative otherwise.
> + */
> +int hip_add_rvs_relay_to(UNUSED const uint8_t packet_type,
> + UNUSED const uint32_t ha_state,
> + RVS struct hip_packet_context *ctx)
> +{
> + int err = 0;
> +
> +#ifdef CONFIG_HIP_RVS
> + struct in6_addr dst;
> + in_port_t dst_port = 0;
> +
> + memset(&dst, 0, sizeof(dst));
> + if ((hip_relay_handle_relay_from(ctx->input_msg,
> + ctx->src_addr,
> + &dst, &dst_port) > 0)
> + && !ipv6_addr_any(&dst)) {
> + HIP_DEBUG("create relay_to parameter in R2\n");
> + hip_build_param_relay_to(ctx->output_msg, &dst, dst_port);
> + }
> +#endif
> +
> + return err;
> +}
> +
> +/**
> + * Creates an R2 packet.
> *
> * @param packet_type The packet type of the control message (RFC 5201, 5.3.)
> * @param ha_state The host association state (RFC 5201, 4.4.1.)
> @@ -915,11 +1081,10 @@
> *
> * @return zero on success, negative otherwise.
> */
> -int hip_send_r2(UNUSED const uint8_t packet_type,
> - UNUSED const uint32_t ha_state,
> - struct hip_packet_context *ctx)
> +int hip_create_r2(UNUSED const uint8_t packet_type,
> + UNUSED const uint32_t ha_state,
> + struct hip_packet_context *ctx)
> {
> - struct hip_crypto_key hmac;
> int err = 0;
> uint16_t mask = 0;
>
> @@ -968,62 +1133,28 @@
>
> #endif
>
> - /********** ESP-PROT anchor [OPTIONAL] **********/
> - HIP_IFEL(esp_prot_r2_add_anchor(ctx->output_msg, ctx->hadb_entry), -1,
> - "failed to add esp protection anchor\n");
> - /************************************************/
> -
> -#ifdef CONFIG_HIP_RVS
> - /********** REG_REQUEST **********/
> - /* This part should only be executed at server offering rvs or relay
> - * services.
> - */
> -
> - hip_handle_param_reg_request(ctx->hadb_entry,
> - ctx->input_msg, ctx->output_msg);
> - if (hip_relay_get_status() != HIP_RELAY_OFF) {
> - hip_build_param_reg_from(ctx->output_msg,
> - ctx->src_addr, ctx->msg_ports->src_port);
> - }
> -#endif
> -
> -
> - /* Create HMAC2 parameter. */
> - if (ctx->hadb_entry->our_pub == NULL) {
> - HIP_DEBUG("ctx->hadb_entry->our_pub is NULL.\n");
> - }
> -
> - memcpy(&hmac, &ctx->hadb_entry->hip_hmac_out, sizeof(hmac));
> - HIP_IFEL(hip_build_param_hmac2_contents(ctx->output_msg,
> - &hmac,
> - ctx->hadb_entry->our_pub),
> - -1,
> - "Failed to build parameter HMAC2 contents.\n");
> -
> - /* Why is err reset to zero? -Lauri 11.06.2008 */
> - if (err == 1) {
> - err = 0;
> - }
> -
> - HIP_IFEL(ctx->hadb_entry->sign(ctx->hadb_entry->our_priv_key,
> - ctx->output_msg),
> - -EINVAL,
> - "Could not sign R2. Failing\n");
> -
> -#ifdef CONFIG_HIP_RVS
> - {
> - struct in6_addr dst;
> - in_port_t dst_port = 0;
> -
> - memset(&dst, 0, sizeof(dst));
> - if ((hip_relay_handle_relay_from(ctx->input_msg, ctx->src_addr,
> - &dst, &dst_port) > 0) &&
> - !ipv6_addr_any(&dst)) {
> - HIP_DEBUG("create relay_to parameter in R2\n");
> - hip_build_param_relay_to(ctx->output_msg, &dst, dst_port);
> - }
> - }
> -#endif
> + out_err:
> + return err;
> +}
> +
> +/**
> + * Sends an R2 packet.
> + *
> + * @param packet_type The packet type of the control message (RFC 5201, 5.3.)
> + * @param ha_state The host association state (RFC 5201, 4.4.1.)
> + * @param *ctx Pointer to the packet context, containing all
> + * information for the packet handling
> + * (received message, source and destination address, the
> + * ports and the corresponding entry from the host
> + * association database).
> + *
> + * @return zero on success, negative otherwise.
> + */
> +int hip_send_r2(UNUSED const uint8_t packet_type,
> + UNUSED const uint32_t ha_state,
> + struct hip_packet_context *ctx)
> +{
> + int err = 0;
>
> err = hip_send_pkt(ctx->dst_addr,
> ctx->src_addr,
> @@ -1033,10 +1164,6 @@
> ctx->hadb_entry,
> 1);
>
> - if (err == 1) {
> - err = 0;
> - }
> -
> HIP_IFEL(err, -ECOMM, "Sending R2 packet failed.\n");
>
> out_err:
>
> === modified file 'hipd/output.h'
> --- hipd/output.h 2010-08-19 09:32:20 +0000
> +++ hipd/output.h 2010-09-03 11:40:19 +0000
> @@ -55,18 +55,44 @@
> const uint32_t ha_state,
> struct hip_packet_context *ctx);
>
> +int hip_add_rvs_reg_from(const uint8_t packet_type,
> + const uint32_t ha_state,
> + struct hip_packet_context *ctx);
> +
> +int hip_hmac2_and_sign(const uint8_t packet_type,
> + const uint32_t ha_state,
> + struct hip_packet_context *ctx);
> +
> +int hip_add_rvs_relay_to(const uint8_t packet_type,
> + const uint32_t ha_state,
> + struct hip_packet_context *ctx);
> +
> +int hip_create_r2(const uint8_t packet_type,
> + const uint32_t ha_state,
> + struct hip_packet_context *ctx);
> +
> int hip_send_r2(const uint8_t packet_type,
> const uint32_t ha_state,
> struct hip_packet_context *ctx);
>
> -int hip_send_r2_response(struct hip_common *r2,
> - struct in6_addr *r2_saddr,
> - struct in6_addr *r2_daddr,
> - hip_ha_t *entry,
> - hip_portpair_t *r2_info);
> -
> int hip_send_i1(hip_hit_t *, const hip_hit_t *, hip_ha_t *);
>
> +int hip_add_signed_echo_response(const uint8_t packet_type,
> + const uint32_t ha_state,
> + struct hip_packet_context *ctx);
> +
> +int hip_sign_and_mac_packet(const uint8_t packet_type,
> + const uint32_t ha_state,
> + struct hip_packet_context *ctx);
> +
> +int hip_add_unsigned_echo_response(const uint8_t packet_type,
> + const uint32_t ha_state,
> + struct hip_packet_context *ctx);
> +
> +int hip_create_i2(const uint8_t packet_type,
> + const uint32_t ha_state,
> + struct hip_packet_context *ctx);
> +
> int hip_send_i2(const uint8_t packet_type,
> const uint32_t ha_state,
> struct hip_packet_context *ctx);
>
> === modified file 'hipd/user.c'
> --- hipd/user.c 2010-08-25 12:53:17 +0000
> +++ hipd/user.c 2010-09-03 11:40:19 +0000
> @@ -72,8 +72,6 @@
> #include "cert.h"
> #include "close.h"
> #include "cookie.h"
> -#include "esp_prot_anchordb.h"
> -#include "esp_prot_hipd_msg.h"
> #include "hadb.h"
> #include "hidb.h"
> #include "hipd.h"
> @@ -717,22 +715,6 @@
> set_up_device(HIP_HIT_DEV, 0);
> err = set_up_device(HIP_HIT_DEV, 1);
> break;
> - case HIP_MSG_ESP_PROT_TFM:
> - HIP_DUMP_MSG(msg);
> - err = esp_prot_set_preferred_transforms(msg);
> - break;
> - case HIP_MSG_BEX_STORE_UPDATE:
> - HIP_DUMP_MSG(msg);
> - err = anchor_db_update(msg);
> - break;
> - case HIP_MSG_TRIGGER_UPDATE:
> - HIP_DUMP_MSG(msg);
> - err = esp_prot_handle_trigger_update_msg(msg);
> - break;
> - case HIP_MSG_ANCHOR_CHANGE:
> - HIP_DUMP_MSG(msg);
> - err = esp_prot_handle_anchor_change_msg(msg);
> - break;
> case HIP_MSG_GET_LSI_PEER:
> while ((param = hip_get_next_param(msg, param))) {
> if (hip_get_param_type(param) == HIP_PARAM_HIT) {
>
> === modified file 'lib/core/builder.c'
> --- lib/core/builder.c 2010-08-20 14:34:13 +0000
> +++ lib/core/builder.c 2010-09-03 11:40:19 +0000
> @@ -391,7 +391,7 @@
> * @param tlv_generic pointer to the parameter
> * @param type type of the parameter (in host byte order)
> */
> -static void hip_set_param_type(struct hip_tlv_common *tlv_generic, hip_tlv_type_t type)
> +void hip_set_param_type(struct hip_tlv_common *tlv_generic, hip_tlv_type_t type)
> {
> tlv_generic->type = htons(type);
> }
> @@ -1497,10 +1497,10 @@
> * @see hip_build_param().
> * @see hip_build_param_contents().
> */
> -static int hip_build_generic_param(struct hip_common *msg,
> - const void *parameter_hdr,
> - hip_tlv_len_t param_hdr_size,
> - const void *contents)
> +int hip_build_generic_param(struct hip_common *msg,
> + const void *parameter_hdr,
> + hip_tlv_len_t param_hdr_size,
> + const void *contents)
> {
> const struct hip_tlv_common *param = (const struct hip_tlv_common *) parameter_hdr;
> const void *src = NULL;
> @@ -2905,242 +2905,6 @@
> }
>
> /**
> - * build and append a ESP PROT transform parameter
> - *
> - * @param msg the message where the parameter will be appended
> - * @param transforms the transforms to be used for the esp extension header
> - * @param num_transforms the number of transforms
> - * @return 0 on success, otherwise < 0.
> - */
> -int hip_build_param_esp_prot_transform(struct hip_common *msg,
> - int num_transforms,
> - uint8_t *transforms)
> -{
> - struct esp_prot_preferred_tfms prot_transforms;
> - int err = 0, i;
> -
> - hip_set_param_type((struct hip_tlv_common *) &prot_transforms,
> - HIP_PARAM_ESP_PROT_TRANSFORMS);
> -
> - /* note: the length cannot be calculated with calc_param_len() */
> - hip_set_param_contents_len((struct hip_tlv_common *) &prot_transforms,
> - (num_transforms + 1) * sizeof(uint8_t));
> -
> - prot_transforms.num_transforms = num_transforms;
> - HIP_DEBUG("added num_transforms: %u\n", prot_transforms.num_transforms);
> -
> - for (i = 0; i < prot_transforms.num_transforms; i++) {
> - prot_transforms.transforms[i] = transforms[i];
> - HIP_DEBUG("added transform %i: %u\n", i + 1, transforms[i]);
> - }
> -
> - err = hip_build_generic_param(msg,
> - &prot_transforms,
> - sizeof(struct hip_tlv_common),
> - hip_get_param_contents_direct(&prot_transforms));
> - return err;
> -}
> -
> -/**
> - * build and append am ESP PROT anchor parameter
> - *
> - * @param msg the message where the parameter will be appended
> - * @param transform the esp protection transform used for this anchor,
> - * if UNUSED 1 byte of 0 is sent
> - * @param active_anchor the anchor for the hchain to be used for extended esp protection,
> - * if NULL
> - * @param next_anchor the next anchor
> - * @param hash_length the length of the hash
> - * @param hash_item_length the length of the hash item
> - * @return 0 on success, otherwise < 0.
> - */
> -int hip_build_param_esp_prot_anchor(struct hip_common *msg,
> - uint8_t transform,
> - unsigned char *active_anchor,
> - unsigned char *next_anchor,
> - int hash_length,
> - int hash_item_length)
> -{
> - int err = 0;
> - struct esp_prot_anchor esp_anchor;
> -
> - HIP_ASSERT(msg != NULL);
> - /* NULL-active_anchor only allowed for UNUSED-transform */
> - HIP_ASSERT((!transform && !active_anchor) || (transform && active_anchor));
> - /* next_anchor might be NULL */
> -
> - /* set parameter type */
> - hip_set_param_type((struct hip_tlv_common *) &esp_anchor, HIP_PARAM_ESP_PROT_ANCHOR);
> -
> - /* set parameter values */
> - esp_anchor.transform = transform;
> - esp_anchor.hash_item_length = htonl(hash_item_length);
> -
> - /* distinguish UNUSED from any other case */
> - if (!transform) {
> - /* send 1 byte of 0 per anchor in UNUSED case */
> - hash_length = 1;
> -
> - memset(&esp_anchor.anchors[0], 0, hash_length);
> - memset(&esp_anchor.anchors[hash_length], 0, hash_length);
> - } else {
> - memcpy(&esp_anchor.anchors[0], active_anchor, hash_length);
> -
> - /* send 0 if next_anchor not present */
> - if (next_anchor) {
> - memcpy(&esp_anchor.anchors[hash_length], next_anchor, hash_length);
> - } else {
> - memset(&esp_anchor.anchors[hash_length], 0, hash_length);
> - }
> - }
> -
> - hip_set_param_contents_len((struct hip_tlv_common *) &esp_anchor,
> - sizeof(uint8_t) + sizeof(uint32_t) + 2
> - * hash_length);
> -
> - err = hip_build_generic_param(msg,
> - &esp_anchor,
> - sizeof(struct hip_tlv_common),
> - hip_get_param_contents_direct(&esp_anchor));
> -
> - HIP_DEBUG("added esp protection transform: %u\n", transform);
> - HIP_DEBUG("added hash item length: %u\n", hash_item_length);
> - HIP_HEXDUMP("added esp protection active_anchor: ",
> - &esp_anchor.anchors[0],
> - hash_length);
> - HIP_HEXDUMP("added esp protection next_anchor: ",
> - &esp_anchor.anchors[hash_length],
> - hash_length);
> -
> - return err;
> -}
> -
> -/**
> - * build a branch parameter for the ESP extensions
> - *
> - * @param msg the message where the parameter is appended
> - * @param anchor_offset anchor offset value
> - * @param branch_length the length of the branch
> - * @param branch_nodes the contents of the parameter
> - * @return zero on success or negative on error
> - */
> -int hip_build_param_esp_prot_branch(struct hip_common *msg,
> - int anchor_offset,
> - int branch_length,
> - const unsigned char *branch_nodes)
> -{
> - int err = 0;
> - struct esp_prot_branch branch;
> -
> - HIP_ASSERT(msg != NULL);
> - HIP_ASSERT(anchor_offset >= 0);
> - HIP_ASSERT(branch_length > 0);
> - HIP_ASSERT(branch_nodes != NULL);
> -
> - /* set parameter type */
> - hip_set_param_type((struct hip_tlv_common *) &branch, HIP_PARAM_ESP_PROT_BRANCH);
> -
> - /* set parameter values */
> - branch.anchor_offset = htonl(anchor_offset);
> - branch.branch_length = htonl(branch_length);
> - memcpy(&branch.branch_nodes[0], branch_nodes, branch_length);
> -
> - hip_set_param_contents_len((struct hip_tlv_common *) &branch, 2
> - * sizeof(uint32_t) + branch_length);
> -
> - err = hip_build_generic_param(msg,
> - &branch,
> - sizeof(struct hip_tlv_common),
> - hip_get_param_contents_direct(&branch));
> -
> - HIP_DEBUG("added esp anchor offset: %u\n", branch.anchor_offset);
> - HIP_DEBUG("added esp branch length: %u\n", branch.branch_length);
> - HIP_HEXDUMP("added esp branch: ", &branch.branch_nodes[0], branch_length);
> -
> - return err;
> -}
> -
> -/**
> - * build a secred parameter for the ESP extensions
> - *
> - * @param msg the message where the parameter is appended
> - * @param secret_length the length of the secret value
> - * @param secret the contents of the parameter
> - * @return zero on success or negative on error
> - */
> -int hip_build_param_esp_prot_secret(struct hip_common *msg,
> - int secret_length,
> - const unsigned char *secret)
> -{
> - int err = 0;
> - struct esp_prot_secret esp_secret;
> -
> - HIP_ASSERT(msg != NULL);
> - HIP_ASSERT(secret_length > 0);
> - HIP_ASSERT(secret != NULL);
> -
> - /* set parameter type */
> - hip_set_param_type((struct hip_tlv_common *) &esp_secret, HIP_PARAM_ESP_PROT_SECRET);
> -
> - /* set parameter values */
> - esp_secret.secret_length = secret_length;
> - memcpy(&esp_secret.secret[0], secret, secret_length);
> -
> - hip_set_param_contents_len((struct hip_tlv_common *) &esp_secret,
> - sizeof(uint8_t) + secret_length);
> -
> - err = hip_build_generic_param(msg, &esp_secret,
> - sizeof(struct hip_tlv_common),
> - hip_get_param_contents_direct(&esp_secret));
> -
> - HIP_DEBUG("added esp secret length: %u\n", esp_secret.secret_length);
> - HIP_HEXDUMP("added esp secret: ", &esp_secret.secret[0], secret_length);
> -
> - return err;
> -}
> -
> -/**
> - * build a root parameter for the ESP extensions
> - *
> - * @param msg the message where the parameter is appended
> - * @param root_length the length of the root value
> - * @param root the contents of the parameter
> - * @return zero on success or negative on error
> - */
> -int hip_build_param_esp_prot_root(struct hip_common *msg,
> - uint8_t root_length,
> - unsigned char *root)
> -{
> - int err = 0;
> - struct esp_prot_root esp_root;
> -
> - HIP_ASSERT(msg != NULL);
> - HIP_ASSERT(root_length > 0);
> - HIP_ASSERT(root != NULL);
> -
> - // set parameter type
> - hip_set_param_type((struct hip_tlv_common *) &esp_root,
> - HIP_PARAM_ESP_PROT_ROOT);
> -
> - // set parameter values
> - esp_root.root_length = root_length;
> - memcpy(&esp_root.root[0], root, root_length);
> -
> - hip_set_param_contents_len((struct hip_tlv_common *) &esp_root,
> - sizeof(uint8_t) + root_length);
> -
> - err = hip_build_generic_param(msg,
> - &esp_root,
> - sizeof(struct hip_tlv_common),
> - hip_get_param_contents_direct(&esp_root));
> -
> - HIP_DEBUG("added esp root length: %u\n", esp_root.root_length);
> - HIP_HEXDUMP("added esp root: ", &esp_root.root[0], root_length);
> -
> - return err;
> -}
> -
> -/**
> * hip_build_param_esp_info - build esp_info parameter
> * \todo Properly comment parameters of hip_build_param_esp_info()
> *
>
> === modified file 'lib/core/builder.h'
> --- lib/core/builder.h 2010-08-19 10:43:06 +0000
> +++ lib/core/builder.h 2010-09-03 11:40:19 +0000
> @@ -178,6 +178,10 @@
> int hip_build_user_hdr(struct hip_common *, hip_hdr_type_t, hip_hdr_err_t);
> void hip_calc_hdr_len(struct hip_common *);
> int hip_check_network_msg(const struct hip_common *);
> +int hip_build_generic_param(struct hip_common *msg,
> + const void *parameter_hdr,
> + hip_tlv_len_t param_hdr_size,
> + const void *contents);
> int hip_verify_network_header(struct hip_common *hip_common,
> struct sockaddr *src,
> struct sockaddr *dst,
> @@ -214,6 +218,7 @@
> hip_tlv_len_t hip_get_param_total_len(const void *);
> hip_transform_suite_t hip_get_param_transform_suite_id(const void *);
> hip_tlv_type_t hip_get_param_type(const void *);
> +void hip_set_param_type(struct hip_tlv_common *tlv_generic, hip_tlv_type_t type);
> uint16_t hip_get_msg_checksum(struct hip_common *msg);
> const char *hip_message_type_name(const uint8_t);
> struct hip_common *hip_msg_alloc(void);
> @@ -257,25 +262,6 @@
> uint8_t *type_list,
> int type_count);
>
> -int hip_build_param_esp_prot_transform(struct hip_common *msg,
> - int num_transforms,
> - uint8_t *transforms);
> -int hip_build_param_esp_prot_anchor(struct hip_common *msg,
> - uint8_t transform,
> - unsigned char *active_anchor,
> - unsigned char *next_anchor,
> - int hash_length,
> - int hash_item_length);
> -int hip_build_param_esp_prot_branch(struct hip_common *msg,
> - int anchor_offset,
> - int branch_length,
> - const unsigned char *branch_nodes);
> -int hip_build_param_esp_prot_secret(struct hip_common *msg,
> - int secret_length,
> - const unsigned char *secret);
> -int hip_build_param_esp_prot_root(struct hip_common *msg,
> - uint8_t root_length,
> - unsigned char *root);
> int hip_build_param_reg_from(struct hip_common *msg,
> const struct in6_addr *addr,
> const in_port_t port);
>
> === modified file 'lib/core/common.h'
> --- lib/core/common.h 2010-07-14 16:01:50 +0000
> +++ lib/core/common.h 2010-09-03 11:40:19 +0000
> @@ -52,6 +52,13 @@
> # define RVS UNUSED
> #endif
>
> +/** marking for firewall function parameters */
> +#ifdef CONFIG_HIP_FIREWALL
> +# define HIPFW
> +#else
> +# define HIPFW UNUSED
> +#endif
> +
> /** marking for OPPORTUNISTIC-specific function parameters */
> #ifdef CONFIG_HIP_OPPORTUNISTIC
> # define OPP
>
> === modified file 'lib/core/protodefs.h'
> --- lib/core/protodefs.h 2010-08-17 17:23:18 +0000
> +++ lib/core/protodefs.h 2010-09-03 11:40:19 +0000
> @@ -37,9 +37,6 @@
> #include <sys/socket.h>
> #include <sys/types.h>
>
> -#include "lib/core/esp_prot_common.h"
> -#include "lib/core/hashchain.h"
> -
> #ifndef PF_HIP
> # define PF_HIP 32
> #endif
> @@ -639,45 +636,6 @@
> void * keymatdst; /**< Pointer to beginning of key material */
> };
>
> -struct esp_prot_preferred_tfms {
> - hip_tlv_type_t type;
> - hip_tlv_len_t length;
> - uint8_t num_transforms;
> - // this will also contain the UNUSED transform
> - uint8_t transforms[MAX_NUM_TRANSFORMS];
> -} __attribute__ ((packed));
> -
> -struct esp_prot_anchor {
> - hip_tlv_type_t type;
> - hip_tlv_len_t length;
> - uint8_t transform;
> - uint32_t hash_item_length;
> - // contains active and next anchor
> - unsigned char anchors[2 * MAX_HASH_LENGTH];
> -} __attribute__ ((packed));
> -
> -struct esp_prot_branch {
> - hip_tlv_type_t type;
> - hip_tlv_len_t length;
> - uint32_t anchor_offset;
> - uint32_t branch_length;
> - unsigned char branch_nodes[MAX_HTREE_DEPTH * MAX_HASH_LENGTH];
> -} __attribute__ ((packed));
> -
> -struct esp_prot_secret {
> - hip_tlv_type_t type;
> - hip_tlv_len_t length;
> - uint8_t secret_length;
> - unsigned char secret[MAX_HASH_LENGTH];
> -} __attribute__ ((packed));
> -
> -struct esp_prot_root {
> - hip_tlv_type_t type;
> - hip_tlv_len_t length;
> - uint8_t root_length;
> - unsigned char root[MAX_HASH_LENGTH];
> -} __attribute__ ((packed));
> -
> /**
> * Used in executing a unit test case in a test suite in the kernel module.
> */
>
> === modified file 'lib/core/state.h'
> --- lib/core/state.h 2010-07-14 16:01:50 +0000
> +++ lib/core/state.h 2010-09-03 11:40:19 +0000
> @@ -267,34 +267,6 @@
> int esp_transform;
> /** HIP transform type */
> int hip_transform;
> - /** ESP extension protection transform */
> - uint8_t esp_prot_transform;
> - /** ESP extension protection parameter */
> - int esp_prot_param;
> - /** ESP extension protection local_anchor */
> - unsigned char esp_local_anchors[MAX_NUM_PARALLEL_HCHAINS][MAX_HASH_LENGTH];
> - /** another local anchor used for UPDATE messages */
> - unsigned char esp_local_update_anchors[MAX_NUM_PARALLEL_HCHAINS][MAX_HASH_LENGTH];
> - /** ESP extension protection peer_anchor */
> - unsigned char esp_peer_anchors[MAX_NUM_PARALLEL_HCHAINS][MAX_HASH_LENGTH];
> - /** another peer anchor used for UPDATE messages */
> - unsigned char esp_peer_update_anchors[MAX_NUM_PARALLEL_HCHAINS][MAX_HASH_LENGTH];
> - /** needed for offset calculation when using htrees */
> - uint32_t esp_local_active_length;
> - uint32_t esp_local_update_length;
> - uint32_t esp_peer_active_length;
> - uint32_t esp_peer_update_length;
> - /** root needed in case of hierarchical hchain linking */
> - uint8_t esp_root_length;
> - unsigned char esp_root[MAX_NUM_PARALLEL_HCHAINS][MAX_HASH_LENGTH];
> - int hash_item_length;
> - /** parameters needed for soft-updates of hchains */
> - /** Stored outgoing UPDATE ID counter. */
> - uint32_t light_update_id_out;
> - /** Stored incoming UPDATE ID counter. */
> - uint32_t light_update_id_in;
> - /** retranmission */
> - uint8_t light_update_retrans;
> /** Something to do with the birthday paradox.
> * @todo Please clarify what this field is. */
> uint64_t birthday;
>
> === modified file 'lib/core/statistics.c'
> --- lib/core/statistics.c 2010-07-14 15:58:20 +0000
> +++ lib/core/statistics.c 2010-09-03 11:40:19 +0000
> @@ -29,8 +29,8 @@
> */
>
> #include <math.h>
> -#include <stdint.h>
> #include <sys/time.h>
> +#include <stdlib.h>
>
> #include "debug.h"
> #include "ife.h"
>
> === added directory 'modules/esp_tokens'
> === added file 'modules/esp_tokens/Makefile.am'
> --- modules/esp_tokens/Makefile.am 1970-01-01 00:00:00 +0000
> +++ modules/esp_tokens/Makefile.am 2010-09-03 11:40:19 +0000
> @@ -0,0 +1,16 @@
> +lib_LTLIBRARIES += modules/esp_tokens/hipd/libhipesptokens.la \
> + modules/esp_tokens/lib/libhipesptokens_common.la
> +
> +modules_esp_tokens_hipd_libhipesptokens_la_SOURCES = modules/esp_tokens/hipd/esp_prot_anchordb.c \
> + modules/esp_tokens/hipd/esp_prot_hipd_msg.c \
> + modules/esp_tokens/hipd/esp_prot_light_update.c \
> + modules/esp_tokens/hipd/esp_tokens_state.c \
> + modules/esp_tokens/hipd/esp_tokens_builder.c \
> + modules/esp_tokens/hipd/esp_tokens.c
> +
> +modules_esp_tokens_lib_libhipesptokens_common_la_SOURCES = modules/esp_tokens/lib/esp_prot_common.c
> +
> +hipd_hipd_LDADD += modules/esp_tokens/hipd/libhipesptokens.la \
> + modules/esp_tokens/lib/libhipesptokens_common.la
> +
> +firewall_hipfw_LDADD += modules/esp_tokens/lib/libhipesptokens_common.la
>
> === added directory 'modules/esp_tokens/hipd'
> === renamed file 'hipd/esp_prot_anchordb.c' => 'modules/esp_tokens/hipd/esp_prot_anchordb.c'
> --- hipd/esp_prot_anchordb.c 2010-08-20 14:34:13 +0000
> +++ modules/esp_tokens/hipd/esp_prot_anchordb.c 2010-09-03 11:40:19 +0000
> @@ -40,12 +40,15 @@
> #include <string.h>
>
> #include "lib/core/builder.h"
> +#include "lib/core/common.h"
> #include "lib/core/debug.h"
> -#include "lib/core/esp_prot_common.h"
> #include "lib/core/ife.h"
> +#include "modules/esp_tokens/lib/esp_prot_common.h"
> #include "lib/core/protodefs.h"
> -#include "hipd.h"
> -#include "init.h"
> +#include "hipd/hipd.h"
> +#include "hipd/init.h"
> +#include "esp_tokens.h"
> +#include "esp_tokens_state.h"
> #include "esp_prot_anchordb.h"
>
>
> @@ -104,7 +107,8 @@
> * @param msg the user-message sent by fw
> * @return 0 if ok, != 0 else
> */
> -int anchor_db_update(const struct hip_common *msg)
> +int anchor_db_update(struct hip_common *msg,
> + UNUSED struct sockaddr_in6 *src)
> {
> const struct hip_tlv_common *param = NULL;
> const unsigned char *anchor = NULL;
>
> === renamed file 'hipd/esp_prot_anchordb.h' => 'modules/esp_tokens/hipd/esp_prot_anchordb.h'
> --- hipd/esp_prot_anchordb.h 2010-07-07 16:42:17 +0000
> +++ modules/esp_tokens/hipd/esp_prot_anchordb.h 2010-09-03 11:40:19 +0000
> @@ -44,7 +44,8 @@
>
> void anchor_db_init(void);
> void anchor_db_uninit(void);
> -int anchor_db_update(const struct hip_common *msg);
> +int anchor_db_update(struct hip_common *msg,
> + struct sockaddr_in6 *src);
> int anchor_db_get_num_anchors(const uint8_t transform);
> unsigned char *anchor_db_get_anchor(const uint8_t transform);
> int anchor_db_get_anchor_length(const uint8_t transform);
>
> === renamed file 'hipd/esp_prot_hipd_msg.c' => 'modules/esp_tokens/hipd/esp_prot_hipd_msg.c'
> --- hipd/esp_prot_hipd_msg.c 2010-08-25 12:53:17 +0000
> +++ modules/esp_tokens/hipd/esp_prot_hipd_msg.c 2010-09-03 11:40:19 +0000
> @@ -39,19 +39,23 @@
> #include <arpa/inet.h>
>
> #include "lib/core/builder.h"
> +#include "lib/core/common.h"
> #include "lib/core/debug.h"
> -#include "lib/core/esp_prot_common.h"
> #include "lib/core/hip_udp.h"
> #include "lib/core/ife.h"
> #include "lib/core/protodefs.h"
> #include "lib/tool/xfrmapi.h"
> -#include "cookie.h"
> +#include "modules/esp_tokens/lib/esp_prot_common.h"
> +#include "hipd/cookie.h"
> #include "esp_prot_anchordb.h"
> #include "esp_prot_light_update.h"
> -#include "hadb.h"
> -#include "hipd.h"
> -#include "output.h"
> +#include "hipd/hadb.h"
> +#include "hipd/hipd.h"
> +#include "hipd/output.h"
> #include "esp_prot_hipd_msg.h"
> +#include "esp_tokens_state.h"
> +#include "esp_tokens_builder.h"
> +#include "esp_tokens.h"
>
> #include "modules/update/hipd/update.h"
> #include "modules/user_ipsec/hipd/user_ipsec.h"
> @@ -72,10 +76,10 @@
> const struct in6_addr *dst_ip,
> const uint32_t spi)
> {
> - hip_common_t *resp_update = NULL;
> - const struct hip_seq *seq = NULL;
> - uint16_t mask = 0;
> - int err = 0;
> + hip_common_t *resp_update = NULL;
> + const struct hip_seq *seq = NULL;
> + uint16_t mask = 0;
> + int err = 0;
>
> HIP_IFEL(!(seq = hip_get_param(recv_update, HIP_PARAM_SEQ)),
> -1,
> @@ -170,7 +174,8 @@
> * @param msg the user-message sent by the firewall
> * @return 0 if ok, != 0 else
> */
> -int esp_prot_set_preferred_transforms(const struct hip_common *msg)
> +int esp_prot_set_preferred_transforms(struct hip_common *msg,
> + UNUSED struct sockaddr_in6 *src)
> {
> const struct hip_tlv_common *param = NULL;
> int err = 0, i;
> @@ -226,7 +231,8 @@
> * @param msg the user-message sent by the firewall
> * @return 0 if ok, != 0 else
> */
> -int esp_prot_handle_trigger_update_msg(const struct hip_common *msg)
> +int esp_prot_handle_trigger_update_msg(struct hip_common *msg,
> + UNUSED struct sockaddr_in6 *src)
> {
> const struct hip_tlv_common *param = NULL;
> const hip_hit_t *local_hit = NULL, *peer_hit = NULL;
> @@ -242,6 +248,7 @@
> const unsigned char *branch_nodes[MAX_NUM_PARALLEL_HCHAINS];
> const unsigned char *root[MAX_NUM_PARALLEL_HCHAINS];
> hip_ha_t *entry = NULL;
> + struct esp_tokens_state *esp_tokens_state = NULL;
> int hash_item_length = 0;
> unsigned char cmp_val[MAX_HASH_LENGTH];
> int err = 0;
> @@ -261,13 +268,17 @@
> HIP_IFEL(!(entry = hip_hadb_find_byhits(local_hit, peer_hit)), -1,
> "failed to retrieve requested HA entry\n");
>
> + HIP_IFEL(!(esp_tokens_state = lmod_get_state_item(entry->hip_modular_state,
> + "esp_tokens")),
> + -1, "failed to retrieve state for esp tokens\n");
> +
> param = hip_get_param(msg, HIP_PARAM_ESP_PROT_TFM);
> esp_prot_tfm = *((const uint8_t *)
> hip_get_param_contents_direct(param));
> HIP_DEBUG("esp_prot_transform: %u\n", esp_prot_tfm);
>
> // check if transforms are matching and add anchor as new local_anchor
> - HIP_IFEL(entry->esp_prot_transform != esp_prot_tfm, -1,
> + HIP_IFEL(esp_tokens_state->esp_prot_transform != esp_prot_tfm, -1,
> "esp prot transform changed without new BEX\n");
> HIP_DEBUG("esp prot transforms match\n");
>
> @@ -277,10 +288,10 @@
> HIP_DEBUG("hash_item_length: %i\n", hash_item_length);
>
> // set the hash_item_length of the item used for this update
> - entry->hash_item_length = hash_item_length;
> + esp_tokens_state->hash_item_length = hash_item_length;
>
> // we need to know the hash_length for this transform
> - hash_length = anchor_db_get_anchor_length(entry->esp_prot_transform);
> + hash_length = anchor_db_get_anchor_length(esp_tokens_state->esp_prot_transform);
>
> param = hip_get_next_param(msg, param);
> num_parallel_hchains = *((const long *)
> @@ -294,13 +305,15 @@
> HIP_HEXDUMP("anchor: ", esp_prot_anchor, hash_length);
>
> // make sure that the update-anchor is not set yet
> - HIP_IFEL(memcmp(&entry->esp_local_update_anchors[i][0],
> + HIP_IFEL(memcmp(&esp_tokens_state->esp_local_update_anchors[i][0],
> &cmp_val[0], MAX_HASH_LENGTH),
> -1,
> "next hchain changed in fw, but we still have the last update-anchor set!");
>
> // set the update anchor
> - memcpy(&entry->esp_local_update_anchors[i][0], esp_prot_anchor, hash_length);
> + memcpy(&esp_tokens_state->esp_local_update_anchors[i][0],
> + esp_prot_anchor,
> + hash_length);
>
> param = hip_get_next_param(msg, param);
> }
> @@ -308,16 +321,16 @@
> root_length = *((const int *)
> hip_get_param_contents_direct(param));
> HIP_DEBUG("root_length: %i\n", root_length);
> - entry->esp_root_length = root_length;
> + esp_tokens_state->esp_root_length = root_length;
>
> // process all update roots now
> if (root_length > 0) {
> param = hip_get_param(msg, HIP_PARAM_ROOT);
> for (i = 0; i < num_parallel_hchains; i++) {
> root[i] = hip_get_param_contents_direct(param);
> - memcpy(&entry->esp_root[i][0], root[i], root_length);
> + memcpy(&esp_tokens_state->esp_root[i][0], root[i], root_length);
>
> - HIP_HEXDUMP("root: ", &entry->esp_root[i][0], root_length);
> + HIP_HEXDUMP("root: ", &esp_tokens_state->esp_root[i][0], root_length);
>
> param = hip_get_next_param(msg, param);
> }
> @@ -380,17 +393,19 @@
> * @param msg the user-message sent by the firewall
> * @return 0 if ok, != 0 else
> */
> -int esp_prot_handle_anchor_change_msg(const struct hip_common *msg)
> +int esp_prot_handle_anchor_change_msg(struct hip_common *msg,
> + UNUSED struct sockaddr_in6 *src)
> {
> - const struct hip_tlv_common *param = NULL;
> - const hip_hit_t *local_hit = NULL, *peer_hit = NULL;
> - uint8_t esp_prot_tfm = 0;
> - int hash_length = 0;
> - const unsigned char *esp_prot_anchor = NULL;
> - hip_ha_t *entry = NULL;
> - int direction = 0;
> - long num_parallel_hchains = 0, i;
> - int err = 0;
> + const struct hip_tlv_common *param = NULL;
> + const hip_hit_t *local_hit = NULL, *peer_hit = NULL;
> + uint8_t esp_prot_tfm = 0;
> + int hash_length = 0;
> + const unsigned char *esp_prot_anchor = NULL;
> + hip_ha_t *entry = NULL;
> + struct esp_tokens_state *esp_tokens_state = NULL;
> + int direction = 0;
> + long num_parallel_hchains = 0, i;
> + int err = 0;
>
> param = hip_get_param(msg, HIP_PARAM_HIT);
> local_hit = hip_get_param_contents_direct(param);
> @@ -422,13 +437,17 @@
> HIP_IFEL(!(entry = hip_hadb_find_byhits(local_hit, peer_hit)), -1,
> "failed to retrieve requested HA entry\n");
>
> + HIP_IFEL(!(esp_tokens_state = lmod_get_state_item(entry->hip_modular_state,
> + "esp_tokens")),
> + -1, "failed to retrieve state for esp tokens\n");
> +
> // check if transforms are matching and add anchor as new local_anchor
> - HIP_IFEL(entry->esp_prot_transform != esp_prot_tfm, -1,
> + HIP_IFEL(esp_tokens_state->esp_prot_transform != esp_prot_tfm, -1,
> "esp prot transform changed without new BEX\n");
> HIP_DEBUG("esp prot transforms match\n");
>
> // we need to know the hash_length for this transform
> - hash_length = anchor_db_get_anchor_length(entry->esp_prot_transform);
> + hash_length = anchor_db_get_anchor_length(esp_tokens_state->esp_prot_transform);
>
> // only handle outbound direction here
> if (direction == HIP_SPI_DIRECTION_OUT) {
> @@ -437,12 +456,18 @@
> HIP_HEXDUMP("anchor: ", esp_prot_anchor, hash_length);
>
> // make sure that the update-anchor is set
> - HIP_IFEL(memcmp(&entry->esp_local_update_anchors[i][0], esp_prot_anchor, hash_length),
> + HIP_IFEL(memcmp(&esp_tokens_state->esp_local_update_anchors[i][0],
> + esp_prot_anchor,
> + hash_length),
> -1, "hchain-anchors used for outbound connections NOT in sync\n");
>
> // set update anchor as new active local anchor
> - memcpy(&entry->esp_local_anchors[i][0], &entry->esp_local_update_anchors[i][0], hash_length);
> - memset(&entry->esp_local_update_anchors[i][0], 0, MAX_HASH_LENGTH);
> + memcpy(&esp_tokens_state->esp_local_anchors[i][0],
> + &esp_tokens_state->esp_local_update_anchors[i][0],
> + hash_length);
> + memset(&esp_tokens_state->esp_local_update_anchors[i][0],
> + 0,
> + MAX_HASH_LENGTH);
>
> HIP_DEBUG("changed update_anchor to local_anchor\n");
>
> @@ -474,44 +499,52 @@
> unsigned char (*hchain_anchors)[MAX_HASH_LENGTH] = NULL;
> int hash_length = 0;
> uint32_t hash_item_length = 0;
> + struct esp_tokens_state *esp_tokens_state = NULL;
> int err = 0, i;
>
> + HIP_IFEL(!(esp_tokens_state = lmod_get_state_item(entry->hip_modular_state,
> + "esp_tokens")),
> + -1, "failed to retrieve state for esp tokens\n");
> +
> HIP_DEBUG("direction: %i\n", direction);
>
> // we always tell the negotiated transform to the firewall
> - HIP_DEBUG("esp protection transform is %u \n", entry->esp_prot_transform);
> - HIP_IFEL(hip_build_param_contents(msg, &entry->esp_prot_transform,
> - HIP_PARAM_ESP_PROT_TFM, sizeof(uint8_t)), -1,
> - "build param contents failed\n");
> + HIP_DEBUG("esp protection transform is %u \n",
> + esp_tokens_state->esp_prot_transform);
> + HIP_IFEL(hip_build_param_contents(msg,
> + &esp_tokens_state->esp_prot_transform,
> + HIP_PARAM_ESP_PROT_TFM,
> + sizeof(uint8_t)),
> + -1, "build param contents failed\n");
>
> // but we only transmit the anchor to the firewall, if the esp extension is used
> - if (entry->esp_prot_transform > ESP_PROT_TFM_UNUSED) {
> - hash_length = anchor_db_get_anchor_length(entry->esp_prot_transform);
> + if (esp_tokens_state->esp_prot_transform > ESP_PROT_TFM_UNUSED) {
> + hash_length = anchor_db_get_anchor_length(esp_tokens_state->esp_prot_transform);
>
> // choose the anchor depending on the direction and update or add
> if (update) {
> if (direction == HIP_SPI_DIRECTION_OUT) {
> - HIP_IFEL(!(hchain_anchors = entry->esp_local_update_anchors), -1,
> + HIP_IFEL(!(hchain_anchors = esp_tokens_state->esp_local_update_anchors), -1,
> "hchain anchor expected, but not present\n");
>
> - hash_item_length = entry->esp_local_update_length;
> + hash_item_length = esp_tokens_state->esp_local_update_length;
> } else {
> - HIP_IFEL(!(hchain_anchors = entry->esp_peer_update_anchors), -1,
> + HIP_IFEL(!(hchain_anchors = esp_tokens_state->esp_peer_update_anchors), -1,
> "hchain anchor expected, but not present\n");
>
> - hash_item_length = entry->esp_peer_update_length;
> + hash_item_length = esp_tokens_state->esp_peer_update_length;
> }
> } else {
> if (direction == HIP_SPI_DIRECTION_OUT) {
> - HIP_IFEL(!(hchain_anchors = entry->esp_local_anchors), -1,
> + HIP_IFEL(!(hchain_anchors = esp_tokens_state->esp_local_anchors), -1,
> "hchain anchor expected, but not present\n");
>
> - hash_item_length = entry->esp_local_active_length;
> + hash_item_length = esp_tokens_state->esp_local_active_length;
> } else {
> - HIP_IFEL(!(hchain_anchors = entry->esp_peer_anchors), -1,
> + HIP_IFEL(!(hchain_anchors = esp_tokens_state->esp_peer_anchors), -1,
> "hchain anchor expected, but not present\n");
>
> - hash_item_length = entry->esp_peer_active_length;
> + hash_item_length = esp_tokens_state->esp_peer_active_length;
> }
> }
>
> @@ -578,11 +611,18 @@
> * @param ctx packet context for the received R1 message
> * @return always 0
> */
> -int esp_prot_r1_handle_transforms(struct hip_packet_context *ctx)
> +int esp_prot_r1_handle_transforms(UNUSED const uint8_t packet_type,
> + UNUSED const uint32_t ha_state,
> + struct hip_packet_context *ctx)
> {
> const struct esp_prot_preferred_tfms *prot_transforms = NULL;
> + struct esp_tokens_state *esp_tokens_state = NULL;
> int err = 0;
>
> + HIP_IFEL(!(esp_tokens_state = lmod_get_state_item(ctx->hadb_entry->hip_modular_state,
> + "esp_tokens")),
> + -1, "failed to retrieve state for esp tokens\n");
> +
> /* this is only handled if we are using userspace ipsec,
> * otherwise we just ignore it */
> if (hip_use_userspace_ipsec) {
> @@ -596,28 +636,29 @@
> HIP_DEBUG("received preferred transforms from peer\n");
>
> // store that we received the param for further processing
> - ctx->hadb_entry->esp_prot_param = 1;
> + esp_tokens_state->esp_prot_param = 1;
>
> // select transform and store it for this connection
> - ctx->hadb_entry->esp_prot_transform = esp_prot_select_transform(prot_transforms->num_transforms,
> - prot_transforms->transforms);
> + esp_tokens_state->esp_prot_transform = esp_prot_select_transform(prot_transforms->num_transforms,
> + prot_transforms->transforms);
> } else {
> HIP_DEBUG("R1 does not contain preferred ESP protection " \
> "transforms, locally setting UNUSED\n");
>
> // store that we didn't received the param
> - ctx->hadb_entry->esp_prot_param = 0;
> + esp_tokens_state->esp_prot_param = 0;
>
> // if the other end-host does not want to use the extension, we don't either
> - ctx->hadb_entry->esp_prot_transform = ESP_PROT_TFM_UNUSED;
> + esp_tokens_state->esp_prot_transform = ESP_PROT_TFM_UNUSED;
> }
> } else {
> HIP_DEBUG("no userspace IPsec hint for ESP extension, locally setting UNUSED\n");
>
> // make sure we don't add the anchor now and don't add any transform or anchor
> - ctx->hadb_entry->esp_prot_transform = ESP_PROT_TFM_UNUSED;
> + esp_tokens_state->esp_prot_transform = ESP_PROT_TFM_UNUSED;
> }
>
> + out_err:
> return err;
> }
>
> @@ -627,65 +668,72 @@
> * @param ctx packet context for the I2 message
> * @return 0 on success, -1 in case of an error
> */
> -int esp_prot_i2_add_anchor(struct hip_packet_context *ctx)
> +int esp_prot_i2_add_anchor(UNUSED const uint8_t packet_type,
> + UNUSED const uint32_t ha_state,
> + struct hip_packet_context *ctx)
> {
> + struct esp_tokens_state *esp_tokens_state = NULL;
> unsigned char *anchor = NULL;
> int hash_length = 0;
> int hash_item_length = 0;
> int err = 0, i;
>
> + HIP_IFEL(!(esp_tokens_state = lmod_get_state_item(ctx->hadb_entry->hip_modular_state,
> + "esp_tokens")),
> + -1, "failed to retrieve state for esp tokens\n");
> +
> /* only add, if extension in use and we agreed on a transform
> *
> * @note the transform was selected in handle R1 */
> - if (ctx->hadb_entry->esp_prot_transform > ESP_PROT_TFM_UNUSED) {
> + if (esp_tokens_state->esp_prot_transform > ESP_PROT_TFM_UNUSED) {
> // check for sufficient elements
> - if (anchor_db_get_num_anchors(ctx->hadb_entry->esp_prot_transform) >=
> + if (anchor_db_get_num_anchors(esp_tokens_state->esp_prot_transform) >=
> esp_prot_num_parallel_hchains) {
> - hash_length = anchor_db_get_anchor_length(ctx->hadb_entry->esp_prot_transform);
> + hash_length = anchor_db_get_anchor_length(esp_tokens_state->esp_prot_transform);
> HIP_DEBUG("hash_length: %i\n", hash_length);
> - hash_item_length = anchor_db_get_hash_item_length(ctx->hadb_entry->esp_prot_transform);
> + hash_item_length = anchor_db_get_hash_item_length(esp_tokens_state->esp_prot_transform);
>
> for (i = 0; i < esp_prot_num_parallel_hchains; i++) {
> // add all anchors now
> - HIP_IFEL(!(anchor = anchor_db_get_anchor(ctx->hadb_entry->esp_prot_transform)), -1,
> + HIP_IFEL(!(anchor = anchor_db_get_anchor(esp_tokens_state->esp_prot_transform)), -1,
> "no anchor elements available, threading?\n");
> - HIP_IFEL(hip_build_param_esp_prot_anchor(ctx->output_msg, ctx->hadb_entry->esp_prot_transform,
> + HIP_IFEL(hip_build_param_esp_prot_anchor(ctx->output_msg, esp_tokens_state->esp_prot_transform,
> anchor, NULL, hash_length, hash_item_length), -1,
> "Building of ESP protection anchor failed\n");
>
> // store local_anchor
> - memcpy(&ctx->hadb_entry->esp_local_anchors[i][0], anchor, hash_length);
> - HIP_HEXDUMP("stored local anchor: ", &ctx->hadb_entry->esp_local_anchors[i][0], hash_length);
> + memcpy(&esp_tokens_state->esp_local_anchors[i][0], anchor, hash_length);
> + HIP_HEXDUMP("stored local anchor: ", &esp_tokens_state->esp_local_anchors[i][0], hash_length);
>
> - ctx->hadb_entry->esp_local_active_length = hash_item_length;
> - HIP_DEBUG("ctx->hadb_entry->esp_local_active_length: %u\n",
> - ctx->hadb_entry->esp_local_active_length);
> + esp_tokens_state->esp_local_active_length = hash_item_length;
> + HIP_DEBUG("esp_tokens_state->esp_local_active_length: %u\n",
> + esp_tokens_state->esp_local_active_length);
> }
> } else {
> // fall back
> HIP_ERROR("agreed on using esp hchain protection, but not sufficient elements");
>
> - ctx->hadb_entry->esp_prot_transform = ESP_PROT_TFM_UNUSED;
> + esp_tokens_state->esp_prot_transform = ESP_PROT_TFM_UNUSED;
>
> // inform our peer
> - HIP_IFEL(hip_build_param_esp_prot_anchor(ctx->output_msg, ctx->hadb_entry->esp_prot_transform,
> + HIP_IFEL(hip_build_param_esp_prot_anchor(ctx->output_msg, esp_tokens_state->esp_prot_transform,
> NULL, NULL, 0, 0), -1,
> "Building of ESP protection anchor failed\n");
> }
> } else {
> // only reply, if transforms param in R1; send UNUSED param
> - if (ctx->hadb_entry->esp_prot_param) {
> + if (esp_tokens_state->esp_prot_param) {
> HIP_DEBUG("R1 contained transforms, but agreed not to use the extension\n");
>
> - ctx->hadb_entry->esp_prot_transform = ESP_PROT_TFM_UNUSED;
> + esp_tokens_state->esp_prot_transform = ESP_PROT_TFM_UNUSED;
>
> - HIP_IFEL(hip_build_param_esp_prot_anchor(ctx->output_msg, ctx->hadb_entry->esp_prot_transform,
> + HIP_IFEL(hip_build_param_esp_prot_anchor(ctx->output_msg, esp_tokens_state->esp_prot_transform,
> NULL, NULL, 0, 0), -1,
> "Building of ESP protection anchor failed\n");
> } else {
> HIP_DEBUG("peer didn't send transforms in R1, locally setting UNUSED\n");
>
> - ctx->hadb_entry->esp_prot_transform = ESP_PROT_TFM_UNUSED;
> + esp_tokens_state->esp_prot_transform = ESP_PROT_TFM_UNUSED;
> }
> }
>
> @@ -703,13 +751,20 @@
> * @param ctx packet context for the I2 message
> * @return 0 on success, -1 in case of an error
> */
> -int esp_prot_i2_handle_anchor(struct hip_packet_context *ctx)
> +int esp_prot_i2_handle_anchor(UNUSED const uint8_t packet_type,
> + UNUSED const uint32_t ha_state,
> + struct hip_packet_context *ctx)
> {
> const struct hip_tlv_common *param = NULL;
> const struct esp_prot_anchor *prot_anchor = NULL;
> + struct esp_tokens_state *esp_tokens_state = NULL;
> int hash_length = 0;
> int err = 0, i;
>
> + HIP_IFEL(!(esp_tokens_state = lmod_get_state_item(ctx->hadb_entry->hip_modular_state,
> + "esp_tokens")),
> + -1, "failed to retrieve state for esp tokens\n");
> +
> /* only supported in user-mode ipsec and optional there */
> if (hip_use_userspace_ipsec && esp_prot_num_transforms > 1) {
> HIP_DEBUG("userspace IPsec hint: esp protection extension might be in use\n");
> @@ -721,10 +776,10 @@
> if (esp_prot_check_transform(esp_prot_num_transforms, esp_prot_transforms,
> prot_anchor->transform) >= 0) {
> // we know this transform
> - ctx->hadb_entry->esp_prot_transform = prot_anchor->transform;
> - hash_length = anchor_db_get_anchor_length(ctx->hadb_entry->esp_prot_transform);
> + esp_tokens_state->esp_prot_transform = prot_anchor->transform;
> + hash_length = anchor_db_get_anchor_length(esp_tokens_state->esp_prot_transform);
>
> - if (ctx->hadb_entry->esp_prot_transform == ESP_PROT_TFM_UNUSED) {
> + if (esp_tokens_state->esp_prot_transform == ESP_PROT_TFM_UNUSED) {
> HIP_DEBUG("agreed NOT to use esp protection extension\n");
>
> // there should be no other anchors in this case
> @@ -732,21 +787,21 @@
> }
>
> // store number of elements per hash structure
> - ctx->hadb_entry->esp_peer_active_length = ntohl(prot_anchor->hash_item_length);
> - HIP_DEBUG("ctx->hadb_entry->esp_peer_active_length: %u\n",
> - ctx->hadb_entry->esp_peer_active_length);
> + esp_tokens_state->esp_peer_active_length = ntohl(prot_anchor->hash_item_length);
> + HIP_DEBUG("esp_tokens_state->esp_peer_active_length: %u\n",
> + esp_tokens_state->esp_peer_active_length);
>
> // store all contained anchors
> for (i = 0; i < esp_prot_num_parallel_hchains; i++) {
> - if (!prot_anchor || prot_anchor->transform != ctx->hadb_entry->esp_prot_transform) {
> + if (!prot_anchor || prot_anchor->transform != esp_tokens_state->esp_prot_transform) {
> // we expect an anchor and all anchors should have the same transform
> err = -1;
> goto out_err;
> } else {
> // store peer_anchor
> - memcpy(&ctx->hadb_entry->esp_peer_anchors[i][0], &prot_anchor->anchors[0],
> + memcpy(&esp_tokens_state->esp_peer_anchors[i][0], &prot_anchor->anchors[0],
> hash_length);
> - HIP_HEXDUMP("received anchor: ", &ctx->hadb_entry->esp_peer_anchors[i][0],
> + HIP_HEXDUMP("received anchor: ", &esp_tokens_state->esp_peer_anchors[i][0],
> hash_length);
> }
>
> @@ -757,17 +812,17 @@
> } else {
> HIP_ERROR("received anchor with unknown transform, falling back\n");
>
> - ctx->hadb_entry->esp_prot_transform = ESP_PROT_TFM_UNUSED;
> + esp_tokens_state->esp_prot_transform = ESP_PROT_TFM_UNUSED;
> }
> } else {
> HIP_DEBUG("NO esp anchor sent, locally setting UNUSED\n");
>
> - ctx->hadb_entry->esp_prot_transform = ESP_PROT_TFM_UNUSED;
> + esp_tokens_state->esp_prot_transform = ESP_PROT_TFM_UNUSED;
> }
> } else {
> HIP_DEBUG("userspace IPsec hint: esp protection extension NOT in use\n");
>
> - ctx->hadb_entry->esp_prot_transform = ESP_PROT_TFM_UNUSED;
> + esp_tokens_state->esp_prot_transform = ESP_PROT_TFM_UNUSED;
> }
>
> out_err:
> @@ -781,53 +836,61 @@
> * @param entry hip association for the connection
> * @return 0 on success, -1 in case of an error
> */
> -int esp_prot_r2_add_anchor(hip_common_t *r2, hip_ha_t *entry)
> +int esp_prot_r2_add_anchor(UNUSED const uint8_t packet_type,
> + UNUSED const uint32_t ha_state,
> + struct hip_packet_context *ctx)
> {
> - unsigned char *anchor = NULL;
> - int hash_length = 0;
> - int hash_item_length = 0;
> - int err = 0, i;
> + unsigned char *anchor = NULL;
> + struct esp_tokens_state *esp_tokens_state = NULL;
> + int hash_length = 0;
> + int hash_item_length = 0;
> + int err = 0, i;
> +
> + HIP_IFEL(!(esp_tokens_state = lmod_get_state_item(ctx->hadb_entry->hip_modular_state,
> + "esp_tokens")),
> + -1, "failed to retrieve state for esp tokens\n");
>
> // only add, if extension in use, we agreed on a transform and no error until now
> - if (entry->esp_prot_transform > ESP_PROT_TFM_UNUSED) {
> + if (esp_tokens_state->esp_prot_transform > ESP_PROT_TFM_UNUSED) {
> // check for sufficient elements
> - if (anchor_db_get_num_anchors(entry->esp_prot_transform) >= esp_prot_num_parallel_hchains) {
> - hash_length = anchor_db_get_anchor_length(entry->esp_prot_transform);
> + if (anchor_db_get_num_anchors(esp_tokens_state->esp_prot_transform) >= esp_prot_num_parallel_hchains) {
> + hash_length = anchor_db_get_anchor_length(esp_tokens_state->esp_prot_transform);
> HIP_DEBUG("hash_length: %i\n", hash_length);
>
> for (i = 0; i < esp_prot_num_parallel_hchains; i++) {
> // add all anchors now
> - HIP_IFEL(!(anchor = anchor_db_get_anchor(entry->esp_prot_transform)), -1,
> + HIP_IFEL(!(anchor = anchor_db_get_anchor(esp_tokens_state->esp_prot_transform)), -1,
> "no anchor elements available, threading?\n");
> - hash_item_length = anchor_db_get_hash_item_length(entry->esp_prot_transform);
> - HIP_IFEL(hip_build_param_esp_prot_anchor(r2, entry->esp_prot_transform,
> + hash_item_length = anchor_db_get_hash_item_length(esp_tokens_state->esp_prot_transform);
> + HIP_IFEL(hip_build_param_esp_prot_anchor(ctx->output_msg, esp_tokens_state->esp_prot_transform,
> anchor, NULL, hash_length, hash_item_length), -1,
> "Building of ESP protection anchor failed\n");
>
> // store local_anchor
> - memcpy(&entry->esp_local_anchors[i][0], anchor, hash_length);
> - HIP_HEXDUMP("stored local anchor: ", &entry->esp_local_anchors[i][0], hash_length);
> + memcpy(&esp_tokens_state->esp_local_anchors[i][0], anchor, hash_length);
> + HIP_HEXDUMP("stored local anchor: ", &esp_tokens_state->esp_local_anchors[i][0], hash_length);
>
> - entry->esp_local_active_length = anchor_db_get_hash_item_length(
> - entry->esp_prot_transform);
> - HIP_DEBUG("entry->esp_local_active_length: %u\n",
> - entry->esp_local_active_length);
> + esp_tokens_state->esp_local_active_length = anchor_db_get_hash_item_length(
> + esp_tokens_state->esp_prot_transform);
> + HIP_DEBUG("esp_tokens_state->esp_local_active_length: %u\n",
> + esp_tokens_state->esp_local_active_length);
> }
> } else {
> // fall back
> HIP_ERROR("agreed on using esp hchain protection, but no elements");
>
> - entry->esp_prot_transform = ESP_PROT_TFM_UNUSED;
> + esp_tokens_state->esp_prot_transform = ESP_PROT_TFM_UNUSED;
>
> // inform our peer about fallback
> - HIP_IFEL(hip_build_param_esp_prot_anchor(r2, entry->esp_prot_transform,
> + HIP_IFEL(hip_build_param_esp_prot_anchor(ctx->output_msg,
> + esp_tokens_state->esp_prot_transform,
> NULL, NULL, 0, 0), -1,
> "Building of ESP protection anchor failed\n");
> }
> } else {
> HIP_DEBUG("esp protection extension NOT in use for this connection\n");
>
> - entry->esp_prot_transform = ESP_PROT_TFM_UNUSED;
> + esp_tokens_state->esp_prot_transform = ESP_PROT_TFM_UNUSED;
> }
>
> out_err:
> @@ -845,67 +908,74 @@
> * @param input_msg the input message
> * @return 0 on success, -1 in case of an error
> */
> -int esp_prot_r2_handle_anchor(hip_ha_t *entry,
> - const struct hip_common *input_msg)
> +int esp_prot_r2_handle_anchor(UNUSED const uint8_t packet_type,
> + UNUSED const uint32_t ha_state,
> + struct hip_packet_context *ctx)
> + //hip_ha_t *entry, const struct hip_common *input_msg)
> {
> const struct hip_tlv_common *param = NULL;
> const struct esp_prot_anchor *prot_anchor = NULL;
> + struct esp_tokens_state *esp_tokens_state = NULL;
> int hash_length = 0;
> int err = 0, i;
>
> + HIP_IFEL(!(esp_tokens_state = lmod_get_state_item(ctx->hadb_entry->hip_modular_state,
> + "esp_tokens")),
> + -1, "failed to retrieve state for esp tokens\n");
> +
> // only process anchor, if we agreed on using it before
> - if (entry->esp_prot_transform > ESP_PROT_TFM_UNUSED) {
> - if ((param = hip_get_param(input_msg, HIP_PARAM_ESP_PROT_ANCHOR))) {
> + if (esp_tokens_state->esp_prot_transform > ESP_PROT_TFM_UNUSED) {
> + if ((param = hip_get_param(ctx->input_msg, HIP_PARAM_ESP_PROT_ANCHOR))) {
> prot_anchor = (const struct esp_prot_anchor *) param;
>
> // check if the anchor has got the negotiated transform
> - if (prot_anchor->transform == entry->esp_prot_transform) {
> - hash_length = anchor_db_get_anchor_length(entry->esp_prot_transform);
> + if (prot_anchor->transform == esp_tokens_state->esp_prot_transform) {
> + hash_length = anchor_db_get_anchor_length(esp_tokens_state->esp_prot_transform);
>
> // store number of elements per hash structure
> - entry->esp_peer_active_length = ntohl(prot_anchor->hash_item_length);
> - HIP_DEBUG("entry->esp_peer_active_length: %u\n",
> - entry->esp_peer_active_length);
> + esp_tokens_state->esp_peer_active_length = ntohl(prot_anchor->hash_item_length);
> + HIP_DEBUG("esp_tokens_state->esp_peer_active_length: %u\n",
> + esp_tokens_state->esp_peer_active_length);
>
> // store all contained anchors
> for (i = 0; i < esp_prot_num_parallel_hchains; i++) {
> - if (prot_anchor->transform != entry->esp_prot_transform || !prot_anchor) {
> + if (prot_anchor->transform != esp_tokens_state->esp_prot_transform || !prot_anchor) {
> // we expect an anchor and all anchors should have the same transform
> err = -1;
> goto out_err;
> } else {
> // store peer_anchor
> - memcpy(&entry->esp_peer_anchors[i][0], &prot_anchor->anchors[0],
> + memcpy(&esp_tokens_state->esp_peer_anchors[i][0], &prot_anchor->anchors[0],
> hash_length);
> - HIP_HEXDUMP("received anchor: ", &entry->esp_peer_anchors[i][0],
> + HIP_HEXDUMP("received anchor: ", &esp_tokens_state->esp_peer_anchors[i][0],
> hash_length);
> }
>
> // get next anchor
> - param = hip_get_next_param(input_msg, param);
> + param = hip_get_next_param(ctx->input_msg, param);
> prot_anchor = (const struct esp_prot_anchor *) param;
> }
> } else if (prot_anchor->transform == ESP_PROT_TFM_UNUSED) {
> HIP_DEBUG("peer encountered problems and did fallback\n");
>
> // also fallback
> - entry->esp_prot_transform = ESP_PROT_TFM_UNUSED;
> + esp_tokens_state->esp_prot_transform = ESP_PROT_TFM_UNUSED;
> } else {
> HIP_ERROR("received anchor does NOT use negotiated transform, falling back\n");
>
> // fallback
> - entry->esp_prot_transform = ESP_PROT_TFM_UNUSED;
> + esp_tokens_state->esp_prot_transform = ESP_PROT_TFM_UNUSED;
> }
> } else {
> HIP_DEBUG("agreed on using esp hchain extension, but no anchor sent or error\n");
>
> // fall back option
> - entry->esp_prot_transform = ESP_PROT_TFM_UNUSED;
> + esp_tokens_state->esp_prot_transform = ESP_PROT_TFM_UNUSED;
> }
> } else {
> HIP_DEBUG("NOT using esp protection extension\n");
>
> - entry->esp_prot_transform = ESP_PROT_TFM_UNUSED;
> + esp_tokens_state->esp_prot_transform = ESP_PROT_TFM_UNUSED;
> }
>
> out_err:
> @@ -1029,12 +1099,17 @@
> */
> int esp_prot_update_add_anchor(hip_common_t *update, hip_ha_t *entry)
> {
> - const struct hip_seq *seq = NULL;
> - int hash_length = 0;
> - int err = 0, i;
> + const struct hip_seq *seq = NULL;
> + struct esp_tokens_state *esp_tokens_state = NULL;
> + int hash_length = 0;
> + int err = 0, i;
> +
> + HIP_IFEL(!(esp_tokens_state = lmod_get_state_item(entry->hip_modular_state,
> + "esp_tokens")),
> + -1, "failed to retrieve state for esp tokens\n");
>
> // only do further processing when extension is in use
> - if (entry->esp_prot_transform > ESP_PROT_TFM_UNUSED) {
> + if (esp_tokens_state->esp_prot_transform > ESP_PROT_TFM_UNUSED) {
> /* we only want to send anchors in 1. and 2. UPDATE message
> *
> * @note we can distinguish the 1. and 2. UPDATE message by
> @@ -1044,7 +1119,7 @@
>
> if (seq) {
> // we need to know the hash_length for this transform
> - hash_length = anchor_db_get_anchor_length(entry->esp_prot_transform);
> + hash_length = anchor_db_get_anchor_length(esp_tokens_state->esp_prot_transform);
>
> /* @note update-anchor will be set, if there was a anchor UPDATE before
> * or if this is an anchor UPDATE; otherwise update-anchor will
> @@ -1055,29 +1130,29 @@
> * pure anchor-update */
> for (i = 0; i < esp_prot_num_parallel_hchains; i++) {
> HIP_IFEL(hip_build_param_esp_prot_anchor(update,
> - entry->esp_prot_transform,
> - &entry->esp_local_anchors[i][0],
> - &entry->esp_local_update_anchors[i][0],
> - hash_length, entry->hash_item_length),
> + esp_tokens_state->esp_prot_transform,
> + &esp_tokens_state->esp_local_anchors[i][0],
> + &esp_tokens_state->esp_local_update_anchors[i][0],
> + hash_length, esp_tokens_state->hash_item_length),
> -1,
> "building of ESP protection ANCHOR failed\n");
> }
>
> // only add the root if it is specified
> - if (entry->esp_root_length > 0) {
> + if (esp_tokens_state->esp_root_length > 0) {
> for (i = 0; i < esp_prot_num_parallel_hchains; i++) {
> HIP_IFEL(hip_build_param_esp_prot_root(update,
> - entry->esp_root_length,
> - &entry->esp_root[i][0]),
> + esp_tokens_state->esp_root_length,
> + &esp_tokens_state->esp_root[i][0]),
> -1,
> "building of ESP ROOT failed\n");
> }
> }
>
> - entry->esp_local_update_length = anchor_db_get_hash_item_length(
> - entry->esp_prot_transform);
> - HIP_DEBUG("entry->esp_local_update_length: %u\n",
> - entry->esp_local_update_length);
> + esp_tokens_state->esp_local_update_length = anchor_db_get_hash_item_length(
> + esp_tokens_state->esp_prot_transform);
> + HIP_DEBUG("esp_tokens_state->esp_local_update_length: %u\n",
> + esp_tokens_state->esp_local_update_length);
> }
> }
>
> @@ -1099,6 +1174,7 @@
> {
> const struct esp_prot_anchor *prot_anchor = NULL;
> const struct hip_tlv_common *param = NULL;
> + struct esp_tokens_state *esp_tokens_state = NULL;
> int hash_length = 0;
> unsigned char cmp_value[MAX_HASH_LENGTH];
> int err = 0, i;
> @@ -1114,59 +1190,65 @@
> /* XX TODO find matching SA entry in host association for active_anchor
> * and _inbound_ direction */
>
> + HIP_IFEL(!(esp_tokens_state = lmod_get_state_item(entry->hip_modular_state,
> + "esp_tokens")),
> + -1, "failed to retrieve state for esp tokens\n");
> +
> // we need to know the hash_length for this transform
> - hash_length = anchor_db_get_anchor_length(entry->esp_prot_transform);
> + hash_length = anchor_db_get_anchor_length(esp_tokens_state->esp_prot_transform);
>
> // compare peer_update_anchor to 0
> memset(cmp_value, 0, MAX_HASH_LENGTH);
>
> /* treat the very first hchain update after the BEX differently
> * -> assume properties of first parallal chain same as for others */
> - if (!memcmp(&entry->esp_peer_update_anchors[0][0], &cmp_value[0], MAX_HASH_LENGTH)) {
> + if (!memcmp(&esp_tokens_state->esp_peer_update_anchors[0][0], &cmp_value[0], MAX_HASH_LENGTH)) {
> for (i = 0; i < esp_prot_num_parallel_hchains; i++) {
> // check that we are receiving an anchor matching the negotiated transform
> - HIP_IFEL(entry->esp_prot_transform != prot_anchor->transform, -1,
> + HIP_IFEL(esp_tokens_state->esp_prot_transform != prot_anchor->transform, -1,
> "esp prot transform changed without new BEX\n");
> HIP_DEBUG("esp prot transforms match\n");
>
> // check that we are receiving an anchor matching the active one
> - HIP_IFEL(memcmp(&prot_anchor->anchors[0], &entry->esp_peer_anchors[i][0],
> + HIP_IFEL(memcmp(&prot_anchor->anchors[0], &esp_tokens_state->esp_peer_anchors[i][0],
> hash_length), -1, "esp prot active peer anchors do NOT match\n");
> HIP_DEBUG("esp prot active peer anchors match\n");
>
> // set the update anchor as the peer's update anchor
> - memcpy(&entry->esp_peer_update_anchors[i][0], &prot_anchor->anchors[hash_length],
> + memcpy(&esp_tokens_state->esp_peer_update_anchors[i][0], &prot_anchor->anchors[hash_length],
> hash_length);
> HIP_DEBUG("peer_update_anchor set\n");
>
> - entry->esp_peer_update_length = ntohl(prot_anchor->hash_item_length);
> - HIP_DEBUG("entry->esp_peer_update_length: %u\n",
> - entry->esp_peer_update_length);
> + esp_tokens_state->esp_peer_update_length = ntohl(prot_anchor->hash_item_length);
> + HIP_DEBUG("esp_tokens_state->esp_peer_update_length: %u\n",
> + esp_tokens_state->esp_peer_update_length);
>
> param = hip_get_next_param(recv_update, param);
> prot_anchor = (const struct esp_prot_anchor *) param;
> }
> - } else if (!memcmp(&entry->esp_peer_update_anchors[0][0], &prot_anchor->anchors[0],
> + } else if (!memcmp(&esp_tokens_state->esp_peer_update_anchors[0][0], &prot_anchor->anchors[0],
> hash_length)) {
> for (i = 0; i < esp_prot_num_parallel_hchains; i++) {
> // check that we are receiving an anchor matching the active one
> - HIP_IFEL(memcmp(&prot_anchor->anchors[0], &entry->esp_peer_update_anchors[i][0],
> + HIP_IFEL(memcmp(&prot_anchor->anchors[0],
> + &esp_tokens_state->esp_peer_update_anchors[i][0],
> hash_length), -1, "esp prot active peer anchors do NOT match\n");
> HIP_DEBUG("last received esp prot update peer anchor and sent one match\n");
>
> // track the anchor updates by moving one anchor forward
> - memcpy(&entry->esp_peer_anchors[i][0],
> - &entry->esp_peer_update_anchors[i][0],
> + memcpy(&esp_tokens_state->esp_peer_anchors[i][0],
> + &esp_tokens_state->esp_peer_update_anchors[i][0],
> hash_length);
>
> // set the update anchor as the peer's update anchor
> - memcpy(&entry->esp_peer_update_anchors[i][0], &prot_anchor->anchors[hash_length],
> + memcpy(&esp_tokens_state->esp_peer_update_anchors[i][0],
> + &prot_anchor->anchors[hash_length],
> hash_length);
> HIP_DEBUG("peer_update_anchor set\n");
>
> - entry->esp_peer_update_length = ntohl(prot_anchor->hash_item_length);
> - HIP_DEBUG("entry->esp_peer_update_length: %u\n",
> - entry->esp_peer_update_length);
> + esp_tokens_state->esp_peer_update_length = ntohl(prot_anchor->hash_item_length);
> + HIP_DEBUG("esp_tokens_state->esp_peer_update_length: %u\n",
> + esp_tokens_state->esp_peer_update_length);
>
> param = hip_get_next_param(recv_update, param);
> prot_anchor = (const struct esp_prot_anchor *) param;
> @@ -1175,21 +1257,21 @@
> for (i = 0; i < esp_prot_num_parallel_hchains; i++) {
> prot_anchor = (const struct esp_prot_anchor *) param;
>
> - HIP_IFEL(memcmp(&prot_anchor->anchors[0], &entry->esp_peer_anchors[i][0],
> + HIP_IFEL(memcmp(&prot_anchor->anchors[0], &esp_tokens_state->esp_peer_anchors[i][0],
> hash_length), -1, "received unverifiable anchor\n");
>
> /**** received newer update for active anchor ****/
>
> // set the update anchor as the peer's update anchor
> - memcpy(&entry->esp_peer_update_anchors[i][0],
> + memcpy(&esp_tokens_state->esp_peer_update_anchors[i][0],
> &prot_anchor->anchors[hash_length],
> hash_length);
>
> HIP_DEBUG("peer_update_anchor set\n");
>
> - entry->esp_peer_update_length = ntohl(prot_anchor->hash_item_length);
> - HIP_DEBUG("entry->esp_peer_update_length: %u\n",
> - entry->esp_peer_update_length);
> + esp_tokens_state->esp_peer_update_length = ntohl(prot_anchor->hash_item_length);
> + HIP_DEBUG("esp_tokens_state->esp_peer_update_length: %u\n",
> + esp_tokens_state->esp_peer_update_length);
> }
> }
>
>
> === renamed file 'hipd/esp_prot_hipd_msg.h' => 'modules/esp_tokens/hipd/esp_prot_hipd_msg.h'
> --- hipd/esp_prot_hipd_msg.h 2010-08-17 17:23:18 +0000
> +++ modules/esp_tokens/hipd/esp_prot_hipd_msg.h 2010-09-03 11:40:19 +0000
> @@ -45,18 +45,32 @@
> #define ESP_PROT_FIRST_UPDATE_PACKET 1
> #define ESP_PROT_SECOND_UPDATE_PACKET 2
>
> -int esp_prot_set_preferred_transforms(const struct hip_common *msg);
> -int esp_prot_handle_trigger_update_msg(const struct hip_common *msg);
> -int esp_prot_handle_anchor_change_msg(const struct hip_common *msg);
> -int esp_prot_sa_add(hip_ha_t *entry, struct hip_common *msg, const int direction,
> +int esp_prot_set_preferred_transforms(struct hip_common *msg,
> + struct sockaddr_in6 *src);
> +int esp_prot_handle_trigger_update_msg(struct hip_common *msg,
> + struct sockaddr_in6 *src);
> +int esp_prot_handle_anchor_change_msg(struct hip_common *msg,
> + struct sockaddr_in6 *src);
> +int esp_prot_sa_add(hip_ha_t *entry,
> + struct hip_common *msg,
> + const int direction,
> const int update);
> int esp_prot_r1_add_transforms(hip_common_t *msg);
> -int esp_prot_r1_handle_transforms(struct hip_packet_context *ctx);
> -int esp_prot_i2_add_anchor(struct hip_packet_context *ctx);
> -int esp_prot_i2_handle_anchor(struct hip_packet_context *ctx);
> -int esp_prot_r2_add_anchor(hip_common_t *r2, hip_ha_t *entry);
> -int esp_prot_r2_handle_anchor(hip_ha_t *entry,
> - const struct hip_common *input_msg);
> +int esp_prot_r1_handle_transforms(const uint8_t packet_type,
> + const uint32_t ha_state,
> + struct hip_packet_context *ctx);
> +int esp_prot_i2_add_anchor(const uint8_t packet_type,
> + const uint32_t ha_state,
> + struct hip_packet_context *ctx);
> +int esp_prot_i2_handle_anchor(const uint8_t packet_type,
> + const uint32_t ha_state,
> + struct hip_packet_context *ctx);
> +int esp_prot_r2_add_anchor(const uint8_t packet_type,
> + const uint32_t ha_state,
> + struct hip_packet_context *ctx);
> +int esp_prot_r2_handle_anchor(const uint8_t packet_type,
> + const uint32_t ha_state,
> + struct hip_packet_context *ctx);
> int esp_prot_update_type(const hip_common_t *recv_update);
> int esp_prot_handle_first_update_packet(const hip_common_t *recv_update,
> hip_ha_t *entry,
>
> === renamed file 'hipd/esp_prot_light_update.c' => 'modules/esp_tokens/hipd/esp_prot_light_update.c'
> --- hipd/esp_prot_light_update.c 2010-08-19 09:32:20 +0000
> +++ modules/esp_tokens/hipd/esp_prot_light_update.c 2010-09-03 11:40:19 +0000
> @@ -43,11 +43,15 @@
> #include "lib/core/ife.h"
> #include "lib/core/protodefs.h"
> #include "lib/tool/xfrmapi.h"
> +#include "modules/esp_tokens/lib/esp_prot_common.h"
> #include "esp_prot_anchordb.h"
> #include "esp_prot_hipd_msg.h"
> -#include "hipd.h"
> -#include "input.h"
> -#include "output.h"
> +#include "hipd/hipd.h"
> +#include "hipd/input.h"
> +#include "hipd/output.h"
> +#include "esp_tokens.h"
> +#include "esp_tokens_state.h"
> +#include "esp_tokens_builder.h"
> #include "esp_prot_light_update.h"
>
>
> @@ -63,9 +67,14 @@
> static int esp_prot_send_light_ack(hip_ha_t *entry, const struct in6_addr *src_addr,
> const struct in6_addr *dst_addr, const uint32_t spi)
> {
> - hip_common_t *light_ack = NULL;
> - uint16_t mask = 0;
> - int err = 0;
> + hip_common_t *light_ack = NULL;
> + struct esp_tokens_state *esp_tokens_state = NULL;
> + uint16_t mask = 0;
> + int err = 0;
> +
> + HIP_IFEL(!(esp_tokens_state = lmod_get_state_item(entry->hip_modular_state,
> + "esp_tokens")),
> + -1, "failed to retrieve state for esp tokens\n");
>
> HIP_IFEL(!(light_ack = hip_msg_alloc()), -ENOMEM,
> "failed to allocate memory\n");
> @@ -81,8 +90,8 @@
> spi, spi), -1, "Building of ESP_INFO failed\n");
>
> /* Add ACK */
> - HIP_IFEL(hip_build_param_ack(light_ack, entry->light_update_id_in), -1,
> - "Building of ACK failed\n");
> + HIP_IFEL(hip_build_param_ack(light_ack, esp_tokens_state->light_update_id_in),
> + -1, "Building of ACK failed\n");
>
> /* Add HMAC */
> HIP_IFEL(hip_build_param_hmac_contents(light_ack, &entry->hip_hmac_out), -1,
> @@ -120,10 +129,15 @@
> const unsigned char *branch_nodes[MAX_NUM_PARALLEL_HCHAINS],
> const int branch_length[])
> {
> - hip_common_t *light_update = NULL;
> - int hash_length = 0;
> - uint16_t mask = 0;
> - int err = 0, i;
> + hip_common_t *light_update = NULL;
> + struct esp_tokens_state *esp_tokens_state = NULL;
> + int hash_length = 0;
> + uint16_t mask = 0;
> + int err = 0, i;
> +
> + HIP_IFEL(!(esp_tokens_state = lmod_get_state_item(entry->hip_modular_state,
> + "esp_tokens")),
> + -1, "failed to retrieve state for esp tokens\n");
>
> HIP_IFEL(!(light_update = hip_msg_alloc()), -ENOMEM,
> "failed to allocate memory\n");
> @@ -136,20 +150,23 @@
>
> /********************* add SEQ *********************/
>
> - entry->light_update_id_out++;
> - HIP_DEBUG("outgoing light UPDATE ID=%u\n", entry->light_update_id_out);
> + esp_tokens_state->light_update_id_out++;
> + HIP_DEBUG("outgoing light UPDATE ID=%u\n", esp_tokens_state->light_update_id_out);
>
> - HIP_IFEL(hip_build_param_seq(light_update, entry->light_update_id_out), -1,
> + HIP_IFEL(hip_build_param_seq(light_update, esp_tokens_state->light_update_id_out), -1,
> "building of SEQ param failed\n");
>
> /********** add ESP-PROT anchor, branch, secret, root **********/
>
> - hash_length = anchor_db_get_anchor_length(entry->esp_prot_transform);
> + hash_length = anchor_db_get_anchor_length(esp_tokens_state->esp_prot_transform);
>
> for (i = 0; i < esp_prot_num_parallel_hchains; i++) {
> HIP_IFEL(hip_build_param_esp_prot_anchor(light_update,
> - entry->esp_prot_transform, &entry->esp_local_anchors[i][0],
> - &entry->esp_local_update_anchors[i][0], hash_length, entry->hash_item_length),
> + esp_tokens_state->esp_prot_transform,
> + &esp_tokens_state->esp_local_anchors[i][0],
> + &esp_tokens_state->esp_local_update_anchors[i][0],
> + hash_length,
> + esp_tokens_state->hash_item_length),
> -1, "building of ESP protection ANCHOR failed\n");
> }
>
> @@ -166,10 +183,10 @@
>
> for (i = 0; i < esp_prot_num_parallel_hchains; i++) {
> // only send root if the update hchain has got a link_tree
> - if (entry->esp_root_length > 0) {
> + if (esp_tokens_state->esp_root_length > 0) {
> HIP_IFEL(hip_build_param_esp_prot_root(light_update,
> - entry->esp_root_length,
> - entry->esp_root[i]),
> + esp_tokens_state->esp_root_length,
> + esp_tokens_state->esp_root[i]),
> -1,
> "building of ESP ROOT failed\n");
> }
> @@ -180,7 +197,7 @@
> "building of HMAC failed\n");
>
> /* send the packet with retransmission enabled */
> - entry->light_update_retrans = 1;
> + esp_tokens_state->light_update_retrans = 1;
>
> HIP_IFEL(hip_send_pkt(&entry->our_addr,
> &entry->peer_addr,
> @@ -188,13 +205,13 @@
> entry->peer_udp_port,
> light_update,
> entry,
> - entry->light_update_retrans),
> + esp_tokens_state->light_update_retrans),
> -1,
> "failed to send light anchor update\n");
>
> out_err:
> if (err) {
> - entry->light_update_retrans = 1;
> + esp_tokens_state->light_update_retrans = 1;
> }
>
> if (light_update) {
> @@ -218,17 +235,22 @@
> UNUSED const uint32_t ha_state,
> struct hip_packet_context *ctx)
> {
> - const struct hip_seq *seq = NULL;
> - const struct hip_ack *ack = NULL;
> - uint32_t seq_no = 0;
> - uint32_t ack_no = 0;
> - uint32_t spi = 0;
> - int err = 0;
> + const struct hip_seq *seq = NULL;
> + const struct hip_ack *ack = NULL;
> + struct esp_tokens_state *esp_tokens_state = NULL;
> + uint32_t seq_no = 0;
> + uint32_t ack_no = 0;
> + uint32_t spi = 0;
> + int err = 0;
>
> HIP_IFEL(!ctx->hadb_entry, -1,
> "No entry in host association database when receiving " \
> " HIP_LUPDATE. Dropping.\n");
>
> + HIP_IFEL(!(esp_tokens_state = lmod_get_state_item(ctx->hadb_entry->hip_modular_state,
> + "esp_tokens")),
> + -1, "failed to retrieve state for esp tokens\n");
> +
> HIP_IFEL(hip_verify_packet_hmac(ctx->input_msg,
> &(ctx->hadb_entry)->hip_hmac_in),
> -1,
> @@ -243,18 +265,18 @@
>
> HIP_DEBUG("SEQ parameter found with update ID: %u\n", seq_no);
> HIP_DEBUG("previous incoming update id=%u\n",
> - ctx->hadb_entry->light_update_id_in);
> + esp_tokens_state->light_update_id_in);
>
> - if (seq_no < ctx->hadb_entry->light_update_id_in) {
> + if (seq_no < esp_tokens_state->light_update_id_in) {
> HIP_DEBUG("old SEQ, dropping...\n");
>
> err = -EINVAL;
> goto out_err;
> - } else if (seq_no == ctx->hadb_entry->light_update_id_in) {
> + } else if (seq_no == esp_tokens_state->light_update_id_in) {
> HIP_DEBUG("retransmitted UPDATE packet (?), continuing\n");
> } else {
> HIP_DEBUG("new SEQ, storing...\n");
> - ctx->hadb_entry->light_update_id_in = seq_no;
> + esp_tokens_state->light_update_id_in = seq_no;
> }
>
> /********** ANCHOR ***********/
> @@ -274,11 +296,11 @@
>
> HIP_DEBUG("ACK found with peer update ID: %u\n", ack_no);
>
> - HIP_IFEL(ack_no != ctx->hadb_entry->light_update_id_out, -1,
> + HIP_IFEL(ack_no != esp_tokens_state->light_update_id_out, -1,
> "received non-matching ACK\n");
>
> // stop retransmission
> - ctx->hadb_entry->light_update_retrans = 0;
> + esp_tokens_state->light_update_retrans = 0;
>
> // notify sadb about next anchor
> HIP_IFEL(hip_add_sa(ctx->dst_addr,
>
> === renamed file 'hipd/esp_prot_light_update.h' => 'modules/esp_tokens/hipd/esp_prot_light_update.h'
> --- hipd/esp_prot_light_update.h 2010-08-19 09:32:20 +0000
> +++ modules/esp_tokens/hipd/esp_prot_light_update.h 2010-09-03 11:40:19 +0000
> @@ -38,6 +38,7 @@
>
> #include "lib/core/protodefs.h"
> #include "lib/modularization/lmod.h"
> +#include "modules/esp_tokens/lib/esp_prot_common.h"
>
> int esp_prot_send_light_update(hip_ha_t *entry,
> const int anchor_offset[],
>
> === added file 'modules/esp_tokens/hipd/esp_tokens.c'
> --- modules/esp_tokens/hipd/esp_tokens.c 1970-01-01 00:00:00 +0000
> +++ modules/esp_tokens/hipd/esp_tokens.c 2010-09-03 11:40:19 +0000
> @@ -0,0 +1,117 @@
> +/**
> + * @file
> + *
> + * Copyright (c) 2010 Aalto University) and RWTH Aachen University.
> + *
> + * Permission is hereby granted, free of charge, to any person
> + * obtaining a copy of this software and associated documentation
> + * files (the "Software"), to deal in the Software without
> + * restriction, including without limitation the rights to use,
> + * copy, modify, merge, publish, distribute, sublicense, and/or sell
> + * copies of the Software, and to permit persons to whom the
> + * Software is furnished to do so, subject to the following
> + * conditions:
> + *
> + * The above copyright notice and this permission notice shall be
> + * included in all copies or substantial portions of the Software.
> + *
> + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
> + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
> + * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
> + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
> + * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
> + * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
> + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
> + * OTHER DEALINGS IN THE SOFTWARE.
> + *
> + * Implements hooking of the esp authentication token extension into the hipd.
> + *
> + * @brief hooks extension into hipd
> + *
> + * @author Rene Hummen <rene.hummen@xxxxxxxxxxxxxx>
> + */
> +
> +#include "lib/modularization/lmod.h"
> +#include "lib/core/state.h"
> +#include "hipd/pkt_handling.h"
> +#include "hipd/user.h"
> +#include "esp_prot_hipd_msg.h"
> +#include "esp_prot_light_update.h"
> +#include "esp_prot_anchordb.h"
> +#include "esp_tokens_state.h"
> +#include "esp_tokens.h"
> +
> +
> +// lightweight update packet type - used for hierarchical hash structure updates
> +#define HIP_LUPDATE 23
> +
> +#define INBOUND_HANDLE_FN_PRIO 31000
> +#define OUTBOUND_I2_HANDLE_FN_PRIO 40500
> +#define OUTBOUND_R2_HANDLE_FN_PRIO 41500
> +#define PACKET_HANDLE_FN_PRIO 20000
> +
> +#define HIP_MSG_ESP_PROT_TFM 146
> +#define HIP_MSG_BEX_STORE_UPDATE 147
> +#define HIP_MSG_TRIGGER_UPDATE 149
> +#define HIP_MSG_ANCHOR_CHANGE 155
> +
> +
> +int hip_esp_tokens_init(void)
> +{
> + int err = 0;
> +
> + // register light-weight update packet type
> + lmod_register_packet_type(HIP_LUPDATE, "HIP_LUPDATE");
> +
> + // register initialization function for esp token state in hadb
> + lmod_register_state_init_function(&hip_esp_tokens_init_state);
> +
> + // TODO add retransmission handling as part of maintenance for light-updates (maintenance.c:hip_handle_retransmission)
> +
> + // registration of esp_prot_r1_handle_transforms
> + hip_register_handle_function(HIP_R1, HIP_STATE_I1_SENT, &esp_prot_r1_handle_transforms, INBOUND_HANDLE_FN_PRIO);
> + hip_register_handle_function(HIP_R1, HIP_STATE_I2_SENT, &esp_prot_r1_handle_transforms, INBOUND_HANDLE_FN_PRIO);
> + hip_register_handle_function(HIP_R1, HIP_STATE_CLOSING, &esp_prot_r1_handle_transforms, INBOUND_HANDLE_FN_PRIO);
> + hip_register_handle_function(HIP_R1, HIP_STATE_CLOSED, &esp_prot_r1_handle_transforms, INBOUND_HANDLE_FN_PRIO);
> +
> + // registration of esp_prot_i2_add_anchor
> + hip_register_handle_function(HIP_R1, HIP_STATE_I1_SENT, &esp_prot_i2_add_anchor, OUTBOUND_I2_HANDLE_FN_PRIO);
> + hip_register_handle_function(HIP_R1, HIP_STATE_I2_SENT, &esp_prot_i2_add_anchor, OUTBOUND_I2_HANDLE_FN_PRIO);
> + hip_register_handle_function(HIP_R1, HIP_STATE_CLOSING, &esp_prot_i2_add_anchor, OUTBOUND_I2_HANDLE_FN_PRIO);
> + hip_register_handle_function(HIP_R1, HIP_STATE_CLOSED, &esp_prot_i2_add_anchor, OUTBOUND_I2_HANDLE_FN_PRIO);
> +
> + // registration of esp_prot_i2_handle_anchor
> + hip_register_handle_function(HIP_I2, HIP_STATE_UNASSOCIATED, &esp_prot_i2_handle_anchor,INBOUND_HANDLE_FN_PRIO);
> + hip_register_handle_function(HIP_I2, HIP_STATE_I1_SENT, &esp_prot_i2_handle_anchor, INBOUND_HANDLE_FN_PRIO);
> + hip_register_handle_function(HIP_I2, HIP_STATE_I2_SENT, &esp_prot_i2_handle_anchor, INBOUND_HANDLE_FN_PRIO);
> + hip_register_handle_function(HIP_I2, HIP_STATE_R2_SENT, &esp_prot_i2_handle_anchor, INBOUND_HANDLE_FN_PRIO);
> + hip_register_handle_function(HIP_I2, HIP_STATE_ESTABLISHED, &esp_prot_i2_handle_anchor, INBOUND_HANDLE_FN_PRIO);
> + hip_register_handle_function(HIP_I2, HIP_STATE_CLOSING, &esp_prot_i2_handle_anchor, INBOUND_HANDLE_FN_PRIO);
> + hip_register_handle_function(HIP_I2, HIP_STATE_CLOSED, &esp_prot_i2_handle_anchor, INBOUND_HANDLE_FN_PRIO);
> + hip_register_handle_function(HIP_I2, HIP_STATE_NONE, &esp_prot_i2_handle_anchor, INBOUND_HANDLE_FN_PRIO);
> +
> + // registration of esp_prot_r2_add_anchor
> + hip_register_handle_function(HIP_I2, HIP_STATE_UNASSOCIATED, &esp_prot_r2_add_anchor, OUTBOUND_R2_HANDLE_FN_PRIO);
> + hip_register_handle_function(HIP_I2, HIP_STATE_I1_SENT, &esp_prot_r2_add_anchor, OUTBOUND_R2_HANDLE_FN_PRIO);
> + hip_register_handle_function(HIP_I2, HIP_STATE_I2_SENT, &esp_prot_r2_add_anchor, OUTBOUND_R2_HANDLE_FN_PRIO);
> + hip_register_handle_function(HIP_I2, HIP_STATE_R2_SENT, &esp_prot_r2_add_anchor, OUTBOUND_R2_HANDLE_FN_PRIO);
> + hip_register_handle_function(HIP_I2, HIP_STATE_ESTABLISHED, &esp_prot_r2_add_anchor, OUTBOUND_R2_HANDLE_FN_PRIO);
> + hip_register_handle_function(HIP_I2, HIP_STATE_CLOSING, &esp_prot_r2_add_anchor, OUTBOUND_R2_HANDLE_FN_PRIO);
> + hip_register_handle_function(HIP_I2, HIP_STATE_CLOSED, &esp_prot_r2_add_anchor, OUTBOUND_R2_HANDLE_FN_PRIO);
> + hip_register_handle_function(HIP_I2, HIP_STATE_NONE, &esp_prot_r2_add_anchor, OUTBOUND_R2_HANDLE_FN_PRIO);
> +
> + // registration of esp_prot_r2_handle_anchor
> + hip_register_handle_function(HIP_R2, HIP_STATE_I2_SENT, &esp_prot_r2_handle_anchor, INBOUND_HANDLE_FN_PRIO);
> +
> + // registration of esp_prot_handle_light_update
> + hip_register_handle_function(HIP_LUPDATE, HIP_STATE_ESTABLISHED, &esp_prot_handle_light_update, PACKET_HANDLE_FN_PRIO);
> + hip_register_handle_function(HIP_LUPDATE, HIP_STATE_R2_SENT, &esp_prot_handle_light_update, PACKET_HANDLE_FN_PRIO);
> +
> + // registration of userspace messages
> + hip_user_register_handle(HIP_MSG_ESP_PROT_TFM, &esp_prot_set_preferred_transforms, PACKET_HANDLE_FN_PRIO);
> + hip_user_register_handle(HIP_MSG_BEX_STORE_UPDATE, &anchor_db_update, PACKET_HANDLE_FN_PRIO);
> + hip_user_register_handle(HIP_MSG_TRIGGER_UPDATE, &esp_prot_handle_trigger_update_msg, PACKET_HANDLE_FN_PRIO);
> + hip_user_register_handle(HIP_MSG_ANCHOR_CHANGE, &esp_prot_handle_anchor_change_msg, PACKET_HANDLE_FN_PRIO);
> +
> + return err;
> +}
>
> === added file 'modules/esp_tokens/hipd/esp_tokens.h'
> --- modules/esp_tokens/hipd/esp_tokens.h 1970-01-01 00:00:00 +0000
> +++ modules/esp_tokens/hipd/esp_tokens.h 2010-09-03 11:40:19 +0000
> @@ -0,0 +1,39 @@
> +/**
> + * @file
> + *
> + * Copyright (c) 2010 Aalto University) and RWTH Aachen University.
> + *
> + * Permission is hereby granted, free of charge, to any person
> + * obtaining a copy of this software and associated documentation
> + * files (the "Software"), to deal in the Software without
> + * restriction, including without limitation the rights to use,
> + * copy, modify, merge, publish, distribute, sublicense, and/or sell
> + * copies of the Software, and to permit persons to whom the
> + * Software is furnished to do so, subject to the following
> + * conditions:
> + *
> + * The above copyright notice and this permission notice shall be
> + * included in all copies or substantial portions of the Software.
> + *
> + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
> + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
> + * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
> + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
> + * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
> + * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
> + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
> + * OTHER DEALINGS IN THE SOFTWARE.
> + *
> + * Implements hooking of the esp authentication token extension into the hipd.
> + *
> + * @brief hooks extension into hipd
> + *
> + * @author Rene Hummen <rene.hummen@xxxxxxxxxxxxxx>
> + */
> +
> +#ifndef MODULES_ESP_TOKENS_HIPD_ESP_TOKENS_H_
> +#define MODULES_ESP_TOKENS_HIPD_ESP_TOKENS_H_
> +
> +int hip_esp_tokens_init(void);
> +
> +#endif /* MODULES_ESP_TOKENS_HIPD_ESP_TOKENS_H_ */
>
> === added file 'modules/esp_tokens/hipd/esp_tokens_builder.c'
> --- modules/esp_tokens/hipd/esp_tokens_builder.c 1970-01-01 00:00:00 +0000
> +++ modules/esp_tokens/hipd/esp_tokens_builder.c 2010-09-03 11:40:19 +0000
> @@ -0,0 +1,277 @@
> +/**
> + * @file
> + *
> + * Copyright (c) 2010 Aalto University) and RWTH Aachen University.
> + *
> + * Permission is hereby granted, free of charge, to any person
> + * obtaining a copy of this software and associated documentation
> + * files (the "Software"), to deal in the Software without
> + * restriction, including without limitation the rights to use,
> + * copy, modify, merge, publish, distribute, sublicense, and/or sell
> + * copies of the Software, and to permit persons to whom the
> + * Software is furnished to do so, subject to the following
> + * conditions:
> + *
> + * The above copyright notice and this permission notice shall be
> + * included in all copies or substantial portions of the Software.
> + *
> + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
> + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
> + * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
> + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
> + * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
> + * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
> + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
> + * OTHER DEALINGS IN THE SOFTWARE.
> + *
> + * @brief adds parameters according to the defined parameter structure to a
> + * packet
> + *
> + * @author Rene Hummen <rene.hummen@xxxxxxxxxxxxxx>
> + *
> + */
> +
> +#include <string.h>
> +
> +#include "modules/esp_tokens/lib/esp_prot_common.h"
> +#include "lib/core/hashchain.h"
> +#include "lib/core/debug.h"
> +#include "lib/core/builder.h"
> +#include "esp_tokens_builder.h"
> +
> +
> +/**
> + * build and append a ESP PROT transform parameter
> + *
> + * @param msg the message where the parameter will be appended
> + * @param transforms the transforms to be used for the esp extension header
> + * @param num_transforms the number of transforms
> + * @return 0 on success, otherwise < 0.
> + */
> +int hip_build_param_esp_prot_transform(struct hip_common *msg,
> + int num_transforms,
> + uint8_t *transforms)
> +{
> + struct esp_prot_preferred_tfms prot_transforms;
> + int err = 0, i;
> +
> + hip_set_param_type((struct hip_tlv_common *) &prot_transforms,
> + HIP_PARAM_ESP_PROT_TRANSFORMS);
> +
> + /* note: the length cannot be calculated with calc_param_len() */
> + hip_set_param_contents_len((struct hip_tlv_common *) &prot_transforms,
> + (num_transforms + 1) * sizeof(uint8_t));
> +
> + prot_transforms.num_transforms = num_transforms;
> + HIP_DEBUG("added num_transforms: %u\n", prot_transforms.num_transforms);
> +
> + for (i = 0; i < prot_transforms.num_transforms; i++) {
> + prot_transforms.transforms[i] = transforms[i];
> + HIP_DEBUG("added transform %i: %u\n", i + 1, transforms[i]);
> + }
> +
> + err = hip_build_generic_param(msg,
> + &prot_transforms,
> + sizeof(struct hip_tlv_common),
> + hip_get_param_contents_direct(&prot_transforms));
> + return err;
> +}
> +
> +/**
> + * build and append am ESP PROT anchor parameter
> + *
> + * @param msg the message where the parameter will be appended
> + * @param transform the esp protection transform used for this anchor,
> + * if UNUSED 1 byte of 0 is sent
> + * @param active_anchor the anchor for the hchain to be used for extended esp protection,
> + * if NULL
> + * @param next_anchor the next anchor
> + * @param hash_length the length of the hash
> + * @param hash_item_length the length of the hash item
> + * @return 0 on success, otherwise < 0.
> + */
> +int hip_build_param_esp_prot_anchor(struct hip_common *msg,
> + uint8_t transform,
> + unsigned char *active_anchor,
> + unsigned char *next_anchor,
> + int hash_length,
> + int hash_item_length)
> +{
> + int err = 0;
> + struct esp_prot_anchor esp_anchor;
> +
> + HIP_ASSERT(msg != NULL);
> + /* NULL-active_anchor only allowed for UNUSED-transform */
> + HIP_ASSERT((!transform && !active_anchor) || (transform && active_anchor));
> + /* next_anchor might be NULL */
> +
> + /* set parameter type */
> + hip_set_param_type((struct hip_tlv_common *) &esp_anchor, HIP_PARAM_ESP_PROT_ANCHOR);
> +
> + /* set parameter values */
> + esp_anchor.transform = transform;
> + esp_anchor.hash_item_length = htonl(hash_item_length);
> +
> + /* distinguish UNUSED from any other case */
> + if (!transform) {
> + /* send 1 byte of 0 per anchor in UNUSED case */
> + hash_length = 1;
> +
> + memset(&esp_anchor.anchors[0], 0, hash_length);
> + memset(&esp_anchor.anchors[hash_length], 0, hash_length);
> + } else {
> + memcpy(&esp_anchor.anchors[0], active_anchor, hash_length);
> +
> + /* send 0 if next_anchor not present */
> + if (next_anchor) {
> + memcpy(&esp_anchor.anchors[hash_length], next_anchor, hash_length);
> + } else {
> + memset(&esp_anchor.anchors[hash_length], 0, hash_length);
> + }
> + }
> +
> + hip_set_param_contents_len((struct hip_tlv_common *) &esp_anchor,
> + sizeof(uint8_t) + sizeof(uint32_t) + 2
> + * hash_length);
> +
> + err = hip_build_generic_param(msg,
> + &esp_anchor,
> + sizeof(struct hip_tlv_common),
> + hip_get_param_contents_direct(&esp_anchor));
> +
> + HIP_DEBUG("added esp protection transform: %u\n", transform);
> + HIP_DEBUG("added hash item length: %u\n", hash_item_length);
> + HIP_HEXDUMP("added esp protection active_anchor: ",
> + &esp_anchor.anchors[0],
> + hash_length);
> + HIP_HEXDUMP("added esp protection next_anchor: ",
> + &esp_anchor.anchors[hash_length],
> + hash_length);
> +
> + return err;
> +}
> +
> +/**
> + * build a branch parameter for the ESP extensions
> + *
> + * @param msg the message where the parameter is appended
> + * @param anchor_offset anchor offset value
> + * @param branch_length the length of the branch
> + * @param branch_nodes the contents of the parameter
> + * @return zero on success or negative on error
> + */
> +int hip_build_param_esp_prot_branch(struct hip_common *msg,
> + int anchor_offset,
> + int branch_length,
> + const unsigned char *branch_nodes)
> +{
> + int err = 0;
> + struct esp_prot_branch branch;
> +
> + HIP_ASSERT(msg != NULL);
> + HIP_ASSERT(anchor_offset >= 0);
> + HIP_ASSERT(branch_length > 0);
> + HIP_ASSERT(branch_nodes != NULL);
> +
> + /* set parameter type */
> + hip_set_param_type((struct hip_tlv_common *) &branch, HIP_PARAM_ESP_PROT_BRANCH);
> +
> + /* set parameter values */
> + branch.anchor_offset = htonl(anchor_offset);
> + branch.branch_length = htonl(branch_length);
> + memcpy(&branch.branch_nodes[0], branch_nodes, branch_length);
> +
> + hip_set_param_contents_len((struct hip_tlv_common *) &branch, 2
> + * sizeof(uint32_t) + branch_length);
> +
> + err = hip_build_generic_param(msg,
> + &branch,
> + sizeof(struct hip_tlv_common),
> + hip_get_param_contents_direct(&branch));
> +
> + HIP_DEBUG("added esp anchor offset: %u\n", branch.anchor_offset);
> + HIP_DEBUG("added esp branch length: %u\n", branch.branch_length);
> + HIP_HEXDUMP("added esp branch: ", &branch.branch_nodes[0], branch_length);
> +
> + return err;
> +}
> +
> +/**
> + * build a secred parameter for the ESP extensions
> + *
> + * @param msg the message where the parameter is appended
> + * @param secret_length the length of the secret value
> + * @param secret the contents of the parameter
> + * @return zero on success or negative on error
> + */
> +int hip_build_param_esp_prot_secret(struct hip_common *msg,
> + int secret_length,
> + const unsigned char *secret)
> +{
> + int err = 0;
> + struct esp_prot_secret esp_secret;
> +
> + HIP_ASSERT(msg != NULL);
> + HIP_ASSERT(secret_length > 0);
> + HIP_ASSERT(secret != NULL);
> +
> + /* set parameter type */
> + hip_set_param_type((struct hip_tlv_common *) &esp_secret, HIP_PARAM_ESP_PROT_SECRET);
> +
> + /* set parameter values */
> + esp_secret.secret_length = secret_length;
> + memcpy(&esp_secret.secret[0], secret, secret_length);
> +
> + hip_set_param_contents_len((struct hip_tlv_common *) &esp_secret,
> + sizeof(uint8_t) + secret_length);
> +
> + err = hip_build_generic_param(msg, &esp_secret,
> + sizeof(struct hip_tlv_common),
> + hip_get_param_contents_direct(&esp_secret));
> +
> + HIP_DEBUG("added esp secret length: %u\n", esp_secret.secret_length);
> + HIP_HEXDUMP("added esp secret: ", &esp_secret.secret[0], secret_length);
> +
> + return err;
> +}
> +
> +/**
> + * build a root parameter for the ESP extensions
> + *
> + * @param msg the message where the parameter is appended
> + * @param root_length the length of the root value
> + * @param root the contents of the parameter
> + * @return zero on success or negative on error
> + */
> +int hip_build_param_esp_prot_root(struct hip_common *msg,
> + uint8_t root_length,
> + unsigned char *root)
> +{
> + int err = 0;
> + struct esp_prot_root esp_root;
> +
> + HIP_ASSERT(msg != NULL);
> + HIP_ASSERT(root_length > 0);
> + HIP_ASSERT(root != NULL);
> +
> + // set parameter type
> + hip_set_param_type((struct hip_tlv_common *) &esp_root,
> + HIP_PARAM_ESP_PROT_ROOT);
> +
> + // set parameter values
> + esp_root.root_length = root_length;
> + memcpy(&esp_root.root[0], root, root_length);
> +
> + hip_set_param_contents_len((struct hip_tlv_common *) &esp_root,
> + sizeof(uint8_t) + root_length);
> +
> + err = hip_build_generic_param(msg,
> + &esp_root,
> + sizeof(struct hip_tlv_common),
> + hip_get_param_contents_direct(&esp_root));
> +
> + HIP_DEBUG("added esp root length: %u\n", esp_root.root_length);
> + HIP_HEXDUMP("added esp root: ", &esp_root.root[0], root_length);
> +
> + return err;
> +}
>
> === added file 'modules/esp_tokens/hipd/esp_tokens_builder.h'
> --- modules/esp_tokens/hipd/esp_tokens_builder.h 1970-01-01 00:00:00 +0000
> +++ modules/esp_tokens/hipd/esp_tokens_builder.h 2010-09-03 11:40:19 +0000
> @@ -0,0 +1,61 @@
> +/**
> + * @file
> + *
> + * Copyright (c) 2010 Aalto University) and RWTH Aachen University.
> + *
> + * Permission is hereby granted, free of charge, to any person
> + * obtaining a copy of this software and associated documentation
> + * files (the "Software"), to deal in the Software without
> + * restriction, including without limitation the rights to use,
> + * copy, modify, merge, publish, distribute, sublicense, and/or sell
> + * copies of the Software, and to permit persons to whom the
> + * Software is furnished to do so, subject to the following
> + * conditions:
> + *
> + * The above copyright notice and this permission notice shall be
> + * included in all copies or substantial portions of the Software.
> + *
> + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
> + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
> + * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
> + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
> + * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
> + * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
> + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
> + * OTHER DEALINGS IN THE SOFTWARE.
> + *
> + * @brief adds parameters according to the defined parameter structure to a
> + * packet
> + *
> + * @author Rene Hummen <rene.hummen@xxxxxxxxxxxxxx>
> + *
> + */
> +
> +#ifndef MODULES_ESP_TOKENS_HIPD_ESP_TOKENS_BUILDER_H_
> +#define MODULES_ESP_TOKENS_HIPD_ESP_TOKENS_BUILDER_H_
> +
> +int hip_build_param_esp_prot_transform(struct hip_common *msg,
> + int num_transforms,
> + uint8_t *transforms);
> +
> +int hip_build_param_esp_prot_anchor(struct hip_common *msg,
> + uint8_t transform,
> + unsigned char *active_anchor,
> + unsigned char *next_anchor,
> + int hash_length,
> + int hash_item_length);
> +
> +int hip_build_param_esp_prot_branch(struct hip_common *msg,
> + int anchor_offset,
> + int branch_length,
> + const unsigned char *branch_nodes);
> +
> +int hip_build_param_esp_prot_secret(struct hip_common *msg,
> + int secret_length,
> + const unsigned char *secret);
> +
> +int hip_build_param_esp_prot_root(struct hip_common *msg,
> + uint8_t root_length,
> + unsigned char *root);
> +
> +#endif /* MODULES_ESP_TOKENS_HIPD_ESP_TOKENS_BUILDER_H_ */
>
> === added file 'modules/esp_tokens/hipd/esp_tokens_state.c'
> --- modules/esp_tokens/hipd/esp_tokens_state.c 1970-01-01 00:00:00 +0000
> +++ modules/esp_tokens/hipd/esp_tokens_state.c 2010-09-03 11:40:19 +0000
> @@ -0,0 +1,67 @@
> +/**
> + * @file
> + *
> + * Copyright (c) 2010 Aalto University) and RWTH Aachen University.
> + *
> + * Permission is hereby granted, free of charge, to any person
> + * obtaining a copy of this software and associated documentation
> + * files (the "Software"), to deal in the Software without
> + * restriction, including without limitation the rights to use,
> + * copy, modify, merge, publish, distribute, sublicense, and/or sell
> + * copies of the Software, and to permit persons to whom the
> + * Software is furnished to do so, subject to the following
> + * conditions:
> + *
> + * The above copyright notice and this permission notice shall be
> + * included in all copies or substantial portions of the Software.
> + *
> + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
> + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
> + * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
> + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
> + * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
> + * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
> + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
> + * OTHER DEALINGS IN THE SOFTWARE.
> + *
> + * @brief holds the global and maintains the per-association state
> + * of the esp token extension
> + *
> + * @author Rene Hummen <rene.hummen@xxxxxxxxxxxxxx>
> + *
> + */
> +
> +#include <string.h>
> +
> +#include "lib/core/ife.h"
> +#include "esp_tokens_state.h"
> +
> +int esp_prot_active = 0;
> +int esp_prot_num_transforms = 0;
> +uint8_t esp_prot_transforms[MAX_NUM_TRANSFORMS];
> +long esp_prot_num_parallel_hchains = 0;
> +
> +/**
> + * Initialize an esp_tokens_state instance.
> + *
> + * Allocates the required memory and sets the members to the start values.
> + *
> + * @return Success = Index of the update state item in the global state. (>0)
> + * Error = -1
> + */
> +int hip_esp_tokens_init_state(struct modular_state *state)
> +{
> + int err = 0;
> + struct esp_tokens_state *esp_tokens_state = NULL;
> +
> + HIP_IFEL(!(esp_tokens_state = malloc(sizeof(struct esp_tokens_state))),
> + -1,
> + "Error on allocating memory for a esp_tokens_state instance.\n");
> +
> + memset(esp_tokens_state, 0, sizeof(struct esp_tokens_state));
> +
> + err = lmod_add_state_item(state, esp_tokens_state, "esp_tokens");
> +
> +out_err:
> + return err;
> +}
>
> === added file 'modules/esp_tokens/hipd/esp_tokens_state.h'
> --- modules/esp_tokens/hipd/esp_tokens_state.h 1970-01-01 00:00:00 +0000
> +++ modules/esp_tokens/hipd/esp_tokens_state.h 2010-09-03 11:40:19 +0000
> @@ -0,0 +1,79 @@
> +/**
> + * @file
> + *
> + * Copyright (c) 2010 Aalto University) and RWTH Aachen University.
> + *
> + * Permission is hereby granted, free of charge, to any person
> + * obtaining a copy of this software and associated documentation
> + * files (the "Software"), to deal in the Software without
> + * restriction, including without limitation the rights to use,
> + * copy, modify, merge, publish, distribute, sublicense, and/or sell
> + * copies of the Software, and to permit persons to whom the
> + * Software is furnished to do so, subject to the following
> + * conditions:
> + *
> + * The above copyright notice and this permission notice shall be
> + * included in all copies or substantial portions of the Software.
> + *
> + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
> + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
> + * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
> + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
> + * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
> + * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
> + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
> + * OTHER DEALINGS IN THE SOFTWARE.
> + *
> + * @brief holds the global and maintains the per-association state
> + * of the esp token extension
> + *
> + * @author Rene Hummen <rene.hummen@xxxxxxxxxxxxxx>
> + *
> + */
> +
> +#ifndef MODULES_ESP_TOKENS_HIPD_ESP_TOKENS_STATE_H_
> +#define MODULES_ESP_TOKENS_HIPD_ESP_TOKENS_STATE_H_
> +
> +#include "modules/esp_tokens/lib/esp_prot_common.h"
> +#include "lib/core/hashchain.h"
> +#include "lib/modularization/lmod.h"
> +
> +struct esp_tokens_state {
> + /** ESP extension protection transform */
> + uint8_t esp_prot_transform;
> + /** ESP extension protection parameter */
> + int esp_prot_param;
> + /** ESP extension protection local_anchor */
> + unsigned char esp_local_anchors[MAX_NUM_PARALLEL_HCHAINS][MAX_HASH_LENGTH];
> + /** another local anchor used for UPDATE messages */
> + unsigned char esp_local_update_anchors[MAX_NUM_PARALLEL_HCHAINS][MAX_HASH_LENGTH];
> + /** ESP extension protection peer_anchor */
> + unsigned char esp_peer_anchors[MAX_NUM_PARALLEL_HCHAINS][MAX_HASH_LENGTH];
> + /** another peer anchor used for UPDATE messages */
> + unsigned char esp_peer_update_anchors[MAX_NUM_PARALLEL_HCHAINS][MAX_HASH_LENGTH];
> + /** needed for offset calculation when using htrees */
> + uint32_t esp_local_active_length;
> + uint32_t esp_local_update_length;
> + uint32_t esp_peer_active_length;
> + uint32_t esp_peer_update_length;
> + /** root needed in case of hierarchical hchain linking */
> + uint8_t esp_root_length;
> + unsigned char esp_root[MAX_NUM_PARALLEL_HCHAINS][MAX_HASH_LENGTH];
> + int hash_item_length;
> + /** parameters needed for soft-updates of hchains */
> + /** Stored outgoing UPDATE ID counter. */
> + uint32_t light_update_id_out;
> + /** Stored incoming UPDATE ID counter. */
> + uint32_t light_update_id_in;
> + /** retranmission */
> + uint8_t light_update_retrans;
> +};
> +
> +extern int esp_prot_active;
> +extern int esp_prot_num_transforms;
> +extern long esp_prot_num_parallel_hchains;
> +extern uint8_t esp_prot_transforms[MAX_NUM_TRANSFORMS];
> +
> +int hip_esp_tokens_init_state(struct modular_state *state);
> +
> +#endif /* MODULES_ESP_TOKENS_HIPD_ESP_TOKENS_STATE_H_ */
>
> === added directory 'modules/esp_tokens/lib'
> === renamed file 'lib/core/esp_prot_common.c' => 'modules/esp_tokens/lib/esp_prot_common.c'
> --- lib/core/esp_prot_common.c 2010-07-04 17:54:18 +0000
> +++ modules/esp_tokens/lib/esp_prot_common.c 2010-09-03 11:40:19 +0000
> @@ -35,7 +35,7 @@
> */
>
> #include "esp_prot_common.h"
> -#include "debug.h"
> +#include "lib/core/debug.h"
>
> /**
> * Checks if the passed transform is one of our locally preferred transforms
>
> === renamed file 'lib/core/esp_prot_common.h' => 'modules/esp_tokens/lib/esp_prot_common.h'
> --- lib/core/esp_prot_common.h 2010-07-14 16:01:50 +0000
> +++ modules/esp_tokens/lib/esp_prot_common.h 2010-09-03 11:40:19 +0000
> @@ -39,6 +39,9 @@
>
> #include <stdint.h>
>
> +#include "lib/core/protodefs.h"
> +#include "lib/core/hashchain.h"
> +
> /* the maximum numbers for arrays used for the different modes */
> #define MAX_NUM_TRANSFORMS 10
> #define MAX_NUM_PARALLEL_HCHAINS 10
> @@ -55,6 +58,47 @@
> #define ESP_PROT_TFM_TREE 5
> #define ESP_PROT_TFM_TREE_CHAIN 6
>
> +/* parameter definitions for HIP packets */
> +struct esp_prot_preferred_tfms {
> + hip_tlv_type_t type;
> + hip_tlv_len_t length;
> + uint8_t num_transforms;
> + // this will also contain the UNUSED transform
> + uint8_t transforms[MAX_NUM_TRANSFORMS];
> +} __attribute__ ((packed));
> +
> +struct esp_prot_anchor {
> + hip_tlv_type_t type;
> + hip_tlv_len_t length;
> + uint8_t transform;
> + uint32_t hash_item_length;
> + // contains active and next anchor
> + unsigned char anchors[2 * MAX_HASH_LENGTH];
> +} __attribute__ ((packed));
> +
> +struct esp_prot_branch {
> + hip_tlv_type_t type;
> + hip_tlv_len_t length;
> + uint32_t anchor_offset;
> + uint32_t branch_length;
> + unsigned char branch_nodes[MAX_HTREE_DEPTH * MAX_HASH_LENGTH];
> +} __attribute__ ((packed));
> +
> +struct esp_prot_secret {
> + hip_tlv_type_t type;
> + hip_tlv_len_t length;
> + uint8_t secret_length;
> + unsigned char secret[MAX_HASH_LENGTH];
> +} __attribute__ ((packed));
> +
> +struct esp_prot_root {
> + hip_tlv_type_t type;
> + hip_tlv_len_t length;
> + uint8_t root_length;
> + unsigned char root[MAX_HASH_LENGTH];
> +} __attribute__ ((packed));
> +
> +
> int esp_prot_check_transform(const int num_transforms,
> const uint8_t *preferred_transforms,
> const uint8_t transform);
>
> === added file 'modules/esp_tokens/module_info.xml'
> --- modules/esp_tokens/module_info.xml 1970-01-01 00:00:00 +0000
> +++ modules/esp_tokens/module_info.xml 2010-09-03 11:40:19 +0000
> @@ -0,0 +1,23 @@
> +<?xml version="1.0" encoding="UTF-8"?>
> +
> +<!-- Mandatory: name, version -->
> +<module
> + name="esp_tokens"
> + version="0.0.1"
> + description="ESP authentication token functionality for the hip daemon."
> + developer=""
> + bugaddress="hipl-users@xxxxxxxxxxxxx"
> + webpage="http://infrahip.hiit.fi/";>
> +
> + <requires>
> + <module name="user_ipsec" minversion="0.0.1" />
> + <module name="update" minversion="0.0.1" />
> + </requires>
> +
> + <!-- Mandatory: name, header_file, init_function -->
> + <application
> + name="hipd"
> + header_file="modules/esp_tokens/hipd/esp_tokens.h"
> + init_function="hip_esp_tokens_init" />
> +</module>
> +
>
> === modified file 'modules/update/hipd/update.c'
> --- modules/update/hipd/update.c 2010-08-20 16:38:55 +0000
> +++ modules/update/hipd/update.c 2010-09-03 11:40:19 +0000
> @@ -38,7 +38,7 @@
>
> #include "config.h"
> #include "hipd/cookie.h"
> -#include "hipd/esp_prot_hipd_msg.h"
> +#include "modules/esp_tokens/hipd/esp_prot_hipd_msg.h"
> #include "hipd/hadb.h"
> #include "hipd/hipd.h"
> #include "hipd/input.h"
>
> === modified file 'modules/user_ipsec/hipd/user_ipsec.h'
> --- modules/user_ipsec/hipd/user_ipsec.h 2010-08-25 12:53:17 +0000
> +++ modules/user_ipsec/hipd/user_ipsec.h 2010-09-03 11:40:19 +0000
> @@ -31,6 +31,11 @@
> * @author Rene Hummen <rene.hummen@xxxxxxxxxxxxxx>
> */
>
> +#ifndef MODULES_USER_IPSEC_HIPD_USER_IPSEC_H_
> +#define MODULES_USER_IPSEC_HIPD_USER_IPSEC_H_
> +
> extern int hip_use_userspace_ipsec;
>
> int user_ipsec_init(void);
> +
> +#endif /* MODULES_USER_IPSEC_HIPD_USER_IPSEC_H_ */
>
> === modified file 'modules/user_ipsec/hipd/user_ipsec_hipd_msg.c'
> --- modules/user_ipsec/hipd/user_ipsec_hipd_msg.c 2010-08-25 12:53:17 +0000
> +++ modules/user_ipsec/hipd/user_ipsec_hipd_msg.c 2010-09-03 11:40:19 +0000
> @@ -40,7 +40,7 @@
> #include "lib/core/ife.h"
> #include "lib/core/protodefs.h"
> #include "lib/tool/xfrmapi.h"
> -#include "hipd/esp_prot_hipd_msg.h"
> +#include "modules/esp_tokens/hipd/esp_prot_hipd_msg.h"
> #include "hipd/hadb.h"
> #include "hipd/hipd.h"
> #include "hipd/init.h"
>
> _______________________________________________
> Mailing list: https://launchpad.net/~hipl-core
> Post to : hipl-core@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~hipl-core
> More help : https://help.launchpad.net/ListHelp
--
Dipl.-Inform. Rene Hummen, Ph.D. Student
Distributed Systems Group
RWTH Aachen University, Germany
tel: +49 241 80 20772
web: http://ds.rwth-aachen.de/members/hummen
References
