diff options
28 files changed, 1176 insertions, 340 deletions
diff --git a/include/ouroboros/cacep.h b/include/ouroboros/cacep.h index ae615e6e..e0737c47 100644 --- a/include/ouroboros/cacep.h +++ b/include/ouroboros/cacep.h @@ -24,24 +24,35 @@ #ifndef OUROBOROS_CACEP_H #define OUROBOROS_CACEP_H -#include <stdint.h> -#include <unistd.h> +#include <ouroboros/irm_config.h> -struct cacep; +enum proto_concrete_syntax { + PROTO_GPB = 0, + PROTO_ASN_1, + PROTO_FIXED +}; struct cacep_info { + struct { + char * protocol; + uint32_t pref_version; + enum proto_concrete_syntax pref_syntax; + } proto; char * name; uint64_t addr; + void * data; }; -struct cacep * cacep_create(int fd, - const char * name, - uint64_t address); +int cacep_info_init(struct cacep_info * info); -int cacep_destroy(struct cacep * instance); +void cacep_info_fini(struct cacep_info * info); -struct cacep_info * cacep_auth(struct cacep * instance); +struct cacep_info * cacep_auth(int fd, + enum pol_cacep pc, + const struct cacep_info * info); -struct cacep_info * cacep_auth_wait(struct cacep * instance); +struct cacep_info * cacep_auth_wait(int fd, + enum pol_cacep pc, + const struct cacep_info * info); #endif /* OUROBOROS_CACEP_H */ diff --git a/include/ouroboros/cdap.h b/include/ouroboros/cdap.h index 9f6e2654..cc04cf27 100644 --- a/include/ouroboros/cdap.h +++ b/include/ouroboros/cdap.h @@ -31,6 +31,7 @@ #define F_SYNC 0x0001 #define INVALID_CDAP_KEY -1 +#define CDAP_PROTO "CDAP" enum cdap_opcode { CDAP_READ = 0, diff --git a/include/ouroboros/irm_config.h b/include/ouroboros/irm_config.h index 3cc59e20..9a05a434 100644 --- a/include/ouroboros/irm_config.h +++ b/include/ouroboros/irm_config.h @@ -48,7 +48,8 @@ enum pol_gam { }; enum pol_cacep { - NO_AUTH = 0 + ANONYMOUS_AUTH = 0, + SIMPLE_AUTH }; struct dif_config { diff --git a/src/ipcpd/normal/CMakeLists.txt b/src/ipcpd/normal/CMakeLists.txt index f2e48cbc..7e10cc0d 100644 --- a/src/ipcpd/normal/CMakeLists.txt +++ b/src/ipcpd/normal/CMakeLists.txt @@ -14,12 +14,12 @@ include_directories(${CMAKE_BINARY_DIR}/include) set(IPCP_NORMAL_TARGET ipcpd-normal CACHE STRING "IPCP_NORMAL_TARGET") -protobuf_generate_c(FLOW_ALLOC_SRCS FLOW_ALLOC_HDRS - flow_alloc.proto) +protobuf_generate_c(FLOW_ALLOC_SRCS FLOW_ALLOC_HDRS flow_alloc.proto) set(SOURCE_FILES # Add source files here addr_auth.c + cdap_flow.c dir.c enroll.c fmgr.c diff --git a/src/ipcpd/normal/addr_auth.c b/src/ipcpd/normal/addr_auth.c index 210744af..8469e95e 100644 --- a/src/ipcpd/normal/addr_auth.c +++ b/src/ipcpd/normal/addr_auth.c @@ -3,7 +3,8 @@ * * Address authority * - * Sander Vrijders <[email protected]> + * Sander Vrijders <[email protected]> + * Dimitri Staessens <[email protected]> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 as @@ -25,47 +26,36 @@ #include <ouroboros/logs.h> #include "addr_auth.h" +#include "pol-addr-auth-ops.h" #include "pol/flat.h" #include <stdlib.h> #include <assert.h> -struct addr_auth * addr_auth_create(enum pol_addr_auth type) -{ - struct addr_auth * tmp; - - tmp = malloc(sizeof(*tmp)); - if (tmp == NULL) { - log_err("Failed to malloc addr auth."); - return NULL; - } +struct addr_auth { + struct pol_addr_auth_ops * ops; +} addr_auth; +int addr_auth_init(enum pol_addr_auth type) +{ switch (type) { case FLAT_RANDOM: - tmp->address = flat_address; - tmp->type = type; + addr_auth.ops = &flat_ops; break; default: log_err("Unknown address authority type."); - free(tmp); - return NULL; + return -1; } - return tmp; + return addr_auth.ops->init(); } -int addr_auth_destroy(struct addr_auth * instance) +uint64_t addr_auth_address(void) { - assert(instance); - - switch (instance->type) { - case FLAT_RANDOM: - break; - default: - log_err("Unknown address authority type."); - } - - free(instance); + return addr_auth.ops->address(); +} - return 0; +int addr_auth_fini(void) +{ + return addr_auth.ops->fini(); } diff --git a/src/ipcpd/normal/addr_auth.h b/src/ipcpd/normal/addr_auth.h index 8d67bc66..b389fa90 100644 --- a/src/ipcpd/normal/addr_auth.h +++ b/src/ipcpd/normal/addr_auth.h @@ -3,7 +3,8 @@ * * Address authority * - * Sander Vrijders <[email protected]> + * Sander Vrijders <[email protected]> + * Dimitri Staessens <[email protected]> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 as @@ -26,13 +27,10 @@ #include <stdint.h> -struct addr_auth { - enum pol_addr_auth type; - uint64_t (* address)(void); -}; +int addr_auth_init(enum pol_addr_auth type); -struct addr_auth * addr_auth_create(enum pol_addr_auth type); +int addr_auth_fini(void); -int addr_auth_destroy(struct addr_auth * instance); +uint64_t addr_auth_address(void); #endif /* OUROBOROS_IPCPD_NORMAL_ADDR_AUTH_H */ diff --git a/src/ipcpd/normal/cdap_flow.c b/src/ipcpd/normal/cdap_flow.c new file mode 100644 index 00000000..a94627c2 --- /dev/null +++ b/src/ipcpd/normal/cdap_flow.c @@ -0,0 +1,150 @@ +/* + * Ouroboros - Copyright (C) 2016 - 2017 + * + * Normal IPC Process - Authenticated CDAP Flow Allocator + * + * Sander Vrijders <[email protected]> + * Dimitri Staessens <[email protected]> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#define OUROBOROS_PREFIX "cdap-flow" + +#include <ouroboros/config.h> +#include <ouroboros/dev.h> +#include <ouroboros/logs.h> + +#include "cdap_flow.h" + +#include <stdlib.h> +#include <assert.h> + +static void cdap_flow_destroy(struct cdap_flow * flow) +{ + assert(flow); + + if (flow->ci != NULL) + cdap_destroy(flow->ci); + if (flow->info != NULL) { + cacep_info_fini(flow->info); + free(flow->info); + } + + free(flow); +} + +struct cdap_flow * cdap_flow_arr(int fd, + int resp, + enum pol_cacep pc, + const struct cacep_info * info) +{ + struct cdap_flow * flow; + + if (flow_alloc_resp(fd, resp) < 0) { + log_err("Could not respond to new flow."); + return NULL; + } + + if (resp) + return NULL; + + flow = malloc(sizeof(*flow)); + if (flow == NULL) { + log_err("Failed to malloc."); + return NULL; + } + + flow->fd = fd; + flow->ci = NULL; + + flow->info = cacep_auth_wait(fd, pc, info); + if (flow->info == NULL) { + log_err("Other side failed to authenticate."); + cdap_flow_destroy(flow); + return NULL; + } + + flow->ci = cdap_create(fd); + if (flow->ci == NULL) { + log_err("Failed to create CDAP instance."); + cdap_flow_destroy(flow); + return NULL; + } + + return flow; +} + +struct cdap_flow * cdap_flow_alloc(const char * dst_name, + const char * ae_name, + qosspec_t * qs, + enum pol_cacep pc, + const struct cacep_info * info) +{ + struct cdap_flow * flow; + int fd; + + log_dbg("Allocating flow to %s.", dst_name); + + if (dst_name == NULL || ae_name == NULL) { + log_err("Not enough info to establish flow."); + return NULL; + } + + fd = flow_alloc(dst_name, ae_name, qs); + if (fd < 0) { + log_err("Failed to allocate flow to %s.", dst_name); + return NULL; + } + + if (flow_alloc_res(fd)) { + log_err("Flow allocation to %s failed.", dst_name); + return NULL; + } + + flow = malloc(sizeof(*flow)); + if (flow == NULL) { + log_err("Failed to malloc."); + flow_dealloc(fd); + return NULL; + } + + flow->fd = fd; + flow->ci = NULL; + + flow->info = cacep_auth(fd, pc, info); + if (flow->info == NULL) { + log_err("Failed to authenticate."); + cdap_flow_dealloc(flow); + return NULL; + } + + flow->ci = cdap_create(fd); + if (flow->ci == NULL) { + log_err("Failed to create CDAP instance."); + cdap_flow_dealloc(flow); + return NULL; + } + + return flow; +} + +void cdap_flow_dealloc(struct cdap_flow * flow) +{ + int fd = flow->fd; + + cdap_flow_destroy(flow); + + flow_dealloc(fd); +} diff --git a/src/ipcpd/normal/cdap_flow.h b/src/ipcpd/normal/cdap_flow.h new file mode 100644 index 00000000..c5ca2ab4 --- /dev/null +++ b/src/ipcpd/normal/cdap_flow.h @@ -0,0 +1,49 @@ +/* + * Ouroboros - Copyright (C) 2016 - 2017 + * + * Normal IPC Process - Authenticated CDAP Flow Allocator + * + * Sander Vrijders <[email protected]> + * Dimitri Staessens <[email protected]> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#ifndef OUROBOROS_IPCPD_NORMAL_CDAP_FLOW_H +#define OUROBOROS_IPCPD_NORMAL_CDAP_FLOW_H + +#include <ouroboros/cacep.h> +#include <ouroboros/cdap.h> +#include <ouroboros/qos.h> + +struct cdap_flow { + int fd; + struct cdap * ci; + struct cacep_info * info; +}; + +struct cdap_flow * cdap_flow_arr(int fd, + int resp, + enum pol_cacep pc, + const struct cacep_info * info); + +struct cdap_flow * cdap_flow_alloc(const char * dst_name, + const char * ae_name, + qosspec_t * qs, + enum pol_cacep pc, + const struct cacep_info * info); + +void cdap_flow_dealloc(struct cdap_flow * flow); + +#endif /* OUROBOROS_IPCPD_NORMAL_CDAP_FLOW_H */ diff --git a/src/ipcpd/normal/enroll.c b/src/ipcpd/normal/enroll.c index bc5d2a20..ce6768fb 100644 --- a/src/ipcpd/normal/enroll.c +++ b/src/ipcpd/normal/enroll.c @@ -23,12 +23,13 @@ #include <ouroboros/config.h> #include <ouroboros/endian.h> #include <ouroboros/time_utils.h> -#include <ouroboros/cdap.h> #include <ouroboros/dev.h> #include <ouroboros/logs.h> #include <ouroboros/rib.h> +#include <ouroboros/errno.h> #include "ae.h" +#include "cdap_flow.h" #include "ribconfig.h" #include <assert.h> @@ -42,14 +43,15 @@ int enroll_handle(int fd) { - struct cdap * ci; - cdap_key_t key; - enum cdap_opcode oc; - char * name; - uint8_t * buf; - uint8_t * data; - ssize_t len; - uint32_t flags; + struct cdap_flow * flow; + struct cacep_info info; + cdap_key_t key; + enum cdap_opcode oc; + char * name; + uint8_t * buf; + uint8_t * data; + ssize_t len; + uint32_t flags; bool boot_r = false; bool members_r = false; @@ -59,21 +61,29 @@ int enroll_handle(int fd) char * members_ro = MEMBERS_PATH; char * dif_ro = DIF_PATH; - if (flow_alloc_resp(fd, 0) < 0) { - flow_dealloc(fd); - log_err("Could not respond to request."); - return -1; + cacep_info_init(&info); + + info.proto.protocol = strdup(CDAP_PROTO); + if (info.proto.protocol == NULL) { + cacep_info_fini(&info); + return -ENOMEM; } - ci = cdap_create(fd); - if (ci == NULL) { + info.proto.pref_version = 1; + info.proto.pref_syntax = PROTO_GPB; + + flow = cdap_flow_arr(fd, 0, ANONYMOUS_AUTH, &info); + if (flow == NULL) { + log_err("Failed to auth enrollment request."); + cacep_info_fini(&info); flow_dealloc(fd); - log_err("Failed to create CDAP instance."); return -1; } + cacep_info_fini(&info); + while (!(boot_r && members_r && dif_name_r)) { - key = cdap_request_wait(ci, &oc, &name, &data, + key = cdap_request_wait(flow->ci, &oc, &name, &data, (size_t *) &len , &flags); assert(key >= 0); assert(name); @@ -85,9 +95,8 @@ int enroll_handle(int fd) if (oc != CDAP_READ) { log_warn("Invalid request."); - cdap_reply_send(ci, key, -1, NULL, 0); - cdap_destroy(ci); - flow_dealloc(fd); + cdap_reply_send(flow->ci, key, -1, NULL, 0); + cdap_flow_dealloc(flow); free(name); return -1; } @@ -104,14 +113,13 @@ int enroll_handle(int fd) clock_gettime(CLOCK_REALTIME, &t); buf[0] = hton64(t.tv_sec); buf[1] = hton64(t.tv_nsec); - cdap_reply_send(ci, key, 0, buf, sizeof(buf)); + cdap_reply_send(flow->ci, key, 0, buf, sizeof(buf)); free(name); continue; } else { log_warn("Illegal read: %s.", name); - cdap_reply_send(ci, key, -1, NULL, 0); - cdap_destroy(ci); - flow_dealloc(fd); + cdap_reply_send(flow->ci, key, -1, NULL, 0); + cdap_flow_dealloc(flow); free(name); return -1; } @@ -119,9 +127,8 @@ int enroll_handle(int fd) len = rib_pack(name, &buf, PACK_HASH_ROOT); if (len < 0) { log_err("Failed to pack %s.", name); - cdap_reply_send(ci, key, -1, NULL, 0); - cdap_destroy(ci); - flow_dealloc(fd); + cdap_reply_send(flow->ci, key, -1, NULL, 0); + cdap_flow_dealloc(flow); free(name); return -1; } @@ -130,10 +137,9 @@ int enroll_handle(int fd) free(name); - if (cdap_reply_send(ci, key, 0, buf, len)) { + if (cdap_reply_send(flow->ci, key, 0, buf, len)) { log_err("Failed to send CDAP reply."); - cdap_destroy(ci); - flow_dealloc(fd); + cdap_flow_dealloc(flow); return -1; } @@ -142,20 +148,18 @@ int enroll_handle(int fd) log_dbg("Sent boot info to new member."); - cdap_destroy(ci); - - flow_dealloc(fd); + cdap_flow_dealloc(flow); return 0; } int enroll_boot(char * dst_name) { - struct cdap * ci; - cdap_key_t key; - uint8_t * data; - size_t len; - int fd; + struct cdap_flow * flow; + struct cacep_info info; + cdap_key_t key; + uint8_t * data; + size_t len; struct timespec t0; struct timespec rtt; @@ -166,41 +170,41 @@ int enroll_boot(char * dst_name) char * members_ro = MEMBERS_PATH; char * dif_ro = DIF_PATH; - fd = flow_alloc(dst_name, ENROLL_AE, NULL); - if (fd < 0) { - log_err("Failed to allocate flow."); - return -1; - } + cacep_info_init(&info); - if (flow_alloc_res(fd)) { - log_err("Flow allocation failed."); - flow_dealloc(fd); - return -1; + info.proto.protocol = strdup(CDAP_PROTO); + if (info.proto.protocol == NULL) { + cacep_info_fini(&info); + return -ENOMEM; } - ci = cdap_create(fd); - if (ci == NULL) { - log_err("Failed to create CDAP instance."); - flow_dealloc(fd); + info.proto.pref_version = 1; + info.proto.pref_syntax = PROTO_GPB; + + flow = cdap_flow_alloc(dst_name, ENROLL_AE, NULL, ANONYMOUS_AUTH, + &info); + if (flow == NULL) { + log_err("Failed to allocate flow for enrollment request."); + cacep_info_fini(&info); return -1; } + cacep_info_fini(&info); + log_dbg("Getting boot information from %s.", dst_name); clock_gettime(CLOCK_REALTIME, &t0); - key = cdap_request_send(ci, CDAP_READ, TIME_PATH, NULL, 0, 0); + key = cdap_request_send(flow->ci, CDAP_READ, TIME_PATH, NULL, 0, 0); if (key < 0) { log_err("Failed to send CDAP request."); - cdap_destroy(ci); - flow_dealloc(fd); + cdap_flow_dealloc(flow); return -1; } - if (cdap_reply_wait(ci, key, &data, &len)) { + if (cdap_reply_wait(flow->ci, key, &data, &len)) { log_err("Failed to get CDAP reply."); - cdap_destroy(ci); - flow_dealloc(fd); + cdap_flow_dealloc(flow); return -1; } @@ -218,18 +222,16 @@ int enroll_boot(char * dst_name) free(data); - key = cdap_request_send(ci, CDAP_READ, boot_ro, NULL, 0, 0); + key = cdap_request_send(flow->ci, CDAP_READ, boot_ro, NULL, 0, 0); if (key < 0) { log_err("Failed to send CDAP request."); - cdap_destroy(ci); - flow_dealloc(fd); + cdap_flow_dealloc(flow); return -1; } - if (cdap_reply_wait(ci, key, &data, &len)) { + if (cdap_reply_wait(flow->ci, key, &data, &len)) { log_err("Failed to get CDAP reply."); - cdap_destroy(ci); - flow_dealloc(fd); + cdap_flow_dealloc(flow); return -1; } @@ -239,25 +241,22 @@ int enroll_boot(char * dst_name) log_warn("Error unpacking RIB data."); rib_del(boot_ro); free(data); - cdap_destroy(ci); - flow_dealloc(fd); + cdap_flow_dealloc(flow); return -1; } log_dbg("Packed information inserted into RIB."); - key = cdap_request_send(ci, CDAP_READ, members_ro, NULL, 0, 0); + key = cdap_request_send(flow->ci, CDAP_READ, members_ro, NULL, 0, 0); if (key < 0) { log_err("Failed to send CDAP request."); - cdap_destroy(ci); - flow_dealloc(fd); + cdap_flow_dealloc(flow); return -1; } - if (cdap_reply_wait(ci, key, &data, &len)) { + if (cdap_reply_wait(flow->ci, key, &data, &len)) { log_err("Failed to get CDAP reply."); - cdap_destroy(ci); - flow_dealloc(fd); + cdap_flow_dealloc(flow); return -1; } @@ -267,25 +266,22 @@ int enroll_boot(char * dst_name) log_warn("Error unpacking RIB data."); rib_del(boot_ro); free(data); - cdap_destroy(ci); - flow_dealloc(fd); + cdap_flow_dealloc(flow); return -1; } log_dbg("Packed information inserted into RIB."); - key = cdap_request_send(ci, CDAP_READ, dif_ro, NULL, 0, 0); + key = cdap_request_send(flow->ci, CDAP_READ, dif_ro, NULL, 0, 0); if (key < 0) { log_err("Failed to send CDAP request."); - cdap_destroy(ci); - flow_dealloc(fd); + cdap_flow_dealloc(flow); return -1; } - if (cdap_reply_wait(ci, key, &data, &len)) { + if (cdap_reply_wait(flow->ci, key, &data, &len)) { log_err("Failed to get CDAP reply."); - cdap_destroy(ci); - flow_dealloc(fd); + cdap_flow_dealloc(flow); return -1; } @@ -295,16 +291,13 @@ int enroll_boot(char * dst_name) log_warn("Error unpacking RIB data."); rib_del(boot_ro); free(data); - cdap_destroy(ci); - flow_dealloc(fd); + cdap_flow_dealloc(flow); return -1; } log_dbg("Packed information inserted into RIB."); - cdap_destroy(ci); - - flow_dealloc(fd); + cdap_flow_dealloc(flow); return 0; } diff --git a/src/ipcpd/normal/gam.c b/src/ipcpd/normal/gam.c index 9ee55261..791cf34e 100644 --- a/src/ipcpd/normal/gam.c +++ b/src/ipcpd/normal/gam.c @@ -23,6 +23,7 @@ #define OUROBOROS_PREFIX "graph-adjacency-manager" #include <ouroboros/config.h> +#include <ouroboros/cdap.h> #include <ouroboros/dev.h> #include <ouroboros/logs.h> #include <ouroboros/list.h> @@ -178,8 +179,8 @@ int gam_flow_arr(struct gam * instance, int fd, qosspec_t qs) { - struct cacep * cacep; - struct cacep_info * info; + struct cacep_info * rcv_info; + struct cacep_info snd_info; if (flow_alloc_resp(fd, instance->ops->accept_new_flow(instance->ops_o)) < 0) { @@ -187,32 +188,43 @@ int gam_flow_arr(struct gam * instance, return -1; } - cacep = cacep_create(fd, ipcpi.name, ipcpi.address); - if (cacep == NULL) { - log_err("Failed to create CACEP instance."); - return -1; + cacep_info_init(&snd_info); + snd_info.proto.protocol = strdup(CDAP_PROTO); + if (snd_info.proto.protocol == NULL) { + cacep_info_fini(&snd_info); + return -ENOMEM; + } + + snd_info.proto.pref_version = 1; + snd_info.proto.pref_syntax = PROTO_GPB; + snd_info.addr = ipcpi.address; + snd_info.name = strdup(ipcpi.name); + if (snd_info.name == NULL) { + cacep_info_fini(&snd_info); + return -ENOMEM; } - info = cacep_auth_wait(cacep); - if (info == NULL) { + rcv_info = cacep_auth_wait(fd, SIMPLE_AUTH, &snd_info); + if (rcv_info == NULL) { log_err("Other side failed to authenticate."); - cacep_destroy(cacep); + cacep_info_fini(&snd_info); return -1; } - cacep_destroy(cacep); + cacep_info_fini(&snd_info); - if (instance->ops->accept_flow(instance->ops_o, qs, info)) { + if (instance->ops->accept_flow(instance->ops_o, qs, rcv_info)) { flow_dealloc(fd); - free(info->name); - free(info); + cacep_info_fini(rcv_info); + free(rcv_info); return 0; } - if (add_ga(instance, fd, qs, info)) { + if (add_ga(instance, fd, qs, rcv_info)) { log_err("Failed to add ga to graph adjacency manager list."); - free(info->name); - free(info); + flow_dealloc(fd); + cacep_info_fini(rcv_info); + free(rcv_info); return -1; } @@ -223,10 +235,12 @@ int gam_flow_alloc(struct gam * instance, char * dst_name, qosspec_t qs) { - struct cacep * cacep; - struct cacep_info * info; + struct cacep_info * rcv_info; + struct cacep_info snd_info; int fd; + log_dbg("Allocating flow to %s.", dst_name); + fd = flow_alloc(dst_name, instance->ae_name, NULL); if (fd < 0) { log_err("Failed to allocate flow to %s.", dst_name); @@ -239,32 +253,43 @@ int gam_flow_alloc(struct gam * instance, return -1; } - cacep = cacep_create(fd, ipcpi.name, ipcpi.address); - if (cacep == NULL) { - log_err("Failed to create CACEP instance."); - return -1; + cacep_info_init(&snd_info); + snd_info.proto.protocol = strdup(CDAP_PROTO); + if (snd_info.proto.protocol == NULL) { + cacep_info_fini(&snd_info); + return -ENOMEM; + } + + snd_info.proto.pref_version = 1; + snd_info.proto.pref_syntax = PROTO_GPB; + snd_info.addr = ipcpi.address; + snd_info.name = strdup(ipcpi.name); + if (snd_info.name == NULL) { + cacep_info_fini(&snd_info); + return -ENOMEM; } - info = cacep_auth(cacep); - if (info == NULL) { - log_err("Failed to authenticate."); - cacep_destroy(cacep); + rcv_info = cacep_auth(fd, SIMPLE_AUTH, &snd_info); + if (rcv_info == NULL) { + log_err("Other side failed to authenticate."); + cacep_info_fini(&snd_info); return -1; } - cacep_destroy(cacep); + cacep_info_fini(&snd_info); - if (instance->ops->accept_flow(instance->ops_o, qs, info)) { + if (instance->ops->accept_flow(instance->ops_o, qs, rcv_info)) { flow_dealloc(fd); - free(info->name); - free(info); + cacep_info_fini(rcv_info); + free(rcv_info); return 0; } - if (add_ga(instance, fd, qs, info)) { + if (add_ga(instance, fd, qs, rcv_info)) { log_err("Failed to add GA to graph adjacency manager list."); - free(info->name); - free(info); + flow_dealloc(fd); + cacep_info_fini(rcv_info); + free(rcv_info); return -1; } diff --git a/src/ipcpd/normal/main.c b/src/ipcpd/normal/main.c index c41b6187..522daa3b 100644 --- a/src/ipcpd/normal/main.c +++ b/src/ipcpd/normal/main.c @@ -54,7 +54,6 @@ struct { pthread_t acceptor; - struct addr_auth * auth; } normal; void ipcp_sig_handler(int sig, @@ -167,16 +166,15 @@ static int boot_components(void) return -1; } - normal.auth = addr_auth_create(pa); - if (normal.auth == NULL) { + if (addr_auth_init(pa)) { log_err("Failed to init address authority."); return -1; } - ipcpi.address = normal.auth->address(); + ipcpi.address = addr_auth_address(); if (ipcpi.address == 0) { log_err("Failed to get a valid address."); - addr_auth_destroy(normal.auth); + addr_auth_fini(); return -1; } @@ -186,14 +184,14 @@ static int boot_components(void) if (ribmgr_init()) { log_err("Failed to initialize RIB manager."); - addr_auth_destroy(normal.auth); + addr_auth_fini(); return -1; } if (dir_init()) { log_err("Failed to initialize directory."); ribmgr_fini(); - addr_auth_destroy(normal.auth); + addr_auth_fini(); return -1; } @@ -202,7 +200,7 @@ static int boot_components(void) if (fmgr_init()) { dir_fini(); ribmgr_fini(); - addr_auth_destroy(normal.auth); + addr_auth_fini(); log_err("Failed to start flow manager."); return -1; } @@ -211,7 +209,7 @@ static int boot_components(void) fmgr_fini(); dir_fini(); ribmgr_fini(); - addr_auth_destroy(normal.auth); + addr_auth_fini(); log_err("Failed to initialize FRCT."); return -1; } @@ -223,7 +221,7 @@ static int boot_components(void) fmgr_fini(); dir_fini(); ribmgr_fini(); - addr_auth_destroy(normal.auth); + addr_auth_fini(); log_err("Failed to create acceptor thread."); return -1; } @@ -244,7 +242,7 @@ void shutdown_components(void) ribmgr_fini(); - addr_auth_destroy(normal.auth); + addr_auth_fini(); } static int normal_ipcp_enroll(char * dst_name) @@ -340,7 +338,7 @@ int normal_rib_init(void) static int normal_ipcp_bootstrap(struct dif_config * conf) { /* FIXME: get CACEP policies from conf */ - enum pol_cacep pol = NO_AUTH; + enum pol_cacep pol = SIMPLE_AUTH; (void) pol; diff --git a/src/ipcpd/normal/pol-addr-auth-ops.h b/src/ipcpd/normal/pol-addr-auth-ops.h new file mode 100644 index 00000000..25952636 --- /dev/null +++ b/src/ipcpd/normal/pol-addr-auth-ops.h @@ -0,0 +1,34 @@ +/* + * Ouroboros - Copyright (C) 2016 - 2017 + * + * Address authority policy ops + * + * Dimitri Staessens <[email protected]> + * Sander Vrijders <[email protected]> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#ifndef OUROBOROS_IPCPD_NORMAL_POL_ADDR_AUTH_OPS_H +#define OUROBOROS_IPCPD_NORMAL_POL_ADDR_AUTH_OPS_H + +struct pol_addr_auth_ops { + int (* init)(void); + + int (* fini)(void); + + uint64_t (* address)(void); +}; + +#endif /* OUROBOROS_IPCPD_NORMAL_POL_ADDR_AUTH_OPS_H */ diff --git a/src/ipcpd/normal/pol/flat.c b/src/ipcpd/normal/pol/flat.c index d982f5ac..aa0f6c7c 100644 --- a/src/ipcpd/normal/pol/flat.c +++ b/src/ipcpd/normal/pol/flat.c @@ -80,6 +80,16 @@ static int addr_taken(char * name, #define INVALID_ADDRESS 0 +int flat_init(void) +{ + return 0; +} + +int flat_fini(void) +{ + return 0; +} + uint64_t flat_address(void) { struct timespec t; diff --git a/src/ipcpd/normal/pol/flat.h b/src/ipcpd/normal/pol/flat.h index 73d7de8b..85fe9281 100644 --- a/src/ipcpd/normal/pol/flat.h +++ b/src/ipcpd/normal/pol/flat.h @@ -22,8 +22,16 @@ #ifndef OUROBOROS_IPCPD_NORMAL_FLAT_H #define OUROBOROS_IPCPD_NORMAL_FLAT_H +#include "pol-addr-auth-ops.h" + int flat_init(void); int flat_fini(void); uint64_t flat_address(void); +struct pol_addr_auth_ops flat_ops = { + .init = flat_init, + .fini = flat_fini, + .address = flat_address +}; + #endif /* OUROBOROS_IPCPD_NORMAL_FLAT_H */ diff --git a/src/irmd/main.c b/src/irmd/main.c index f6328979..8e8d2db4 100644 --- a/src/irmd/main.c +++ b/src/irmd/main.c @@ -2077,6 +2077,28 @@ static int irm_create(void) return -ENOMEM; } + if ((irmd->lf = lockfile_create()) == NULL) { + if ((irmd->lf = lockfile_open()) == NULL) { + log_err("Lockfile error."); + irm_destroy(); + return -1; + } + + if (kill(lockfile_owner(irmd->lf), 0) < 0) { + log_info("IRMd didn't properly shut down last time."); + shm_rdrbuff_destroy(shm_rdrbuff_open()); + log_info("Stale resources cleaned."); + lockfile_destroy(irmd->lf); + irmd->lf = lockfile_create(); + } else { + log_info("IRMd already running (%d), exiting.", + lockfile_owner(irmd->lf)); + lockfile_close(irmd->lf); + free(irmd); + return -1; + } + } + if (stat(SOCK_PATH, &st) == -1) { if (mkdir(SOCK_PATH, 0777)) { log_err("Failed to create sockets directory."); @@ -2104,28 +2126,6 @@ static int irm_create(void) return -1; } - if ((irmd->lf = lockfile_create()) == NULL) { - if ((irmd->lf = lockfile_open()) == NULL) { - log_err("Lockfile error."); - irm_destroy(); - return -1; - } - - if (kill(lockfile_owner(irmd->lf), 0) < 0) { - log_info("IRMd didn't properly shut down last time."); - shm_rdrbuff_destroy(shm_rdrbuff_open()); - log_info("Stale resources cleaned."); - lockfile_destroy(irmd->lf); - irmd->lf = lockfile_create(); - } else { - log_info("IRMd already running (%d), exiting.", - lockfile_owner(irmd->lf)); - lockfile_close(irmd->lf); - free(irmd); - return -1; - } - } - if (irmd->lf == NULL) { irm_destroy(); return -1; diff --git a/src/lib/CMakeLists.txt b/src/lib/CMakeLists.txt index 6af50782..fcea0fb2 100644 --- a/src/lib/CMakeLists.txt +++ b/src/lib/CMakeLists.txt @@ -9,8 +9,13 @@ protobuf_generate_c(IPCP_PROTO_SRCS IPCP_PROTO_HDRS ipcpd_messages.proto) protobuf_generate_c(DIF_CONFIG_PROTO_SRCS DIF_CONFIG_PROTO_HDRS dif_config.proto) protobuf_generate_c(CDAP_PROTO_SRCS CDAP_PROTO_HDRS cdap.proto) -protobuf_generate_c(CACEP_PROTO_SRCS CACEP_PROTO_HDRS cacep.proto) protobuf_generate_c(RO_PROTO_SRCS RO_PROTO_HDRS ro.proto) +protobuf_generate_c(CACEP_PROTO_PROTO_SRCS CACEP_CDAP_PROTO_HDRS + pol/cacep_proto.proto) +protobuf_generate_c(CACEP_ANONYMOUS_AUTH_PROTO_SRCS + CACEP_ANONYMOUS_AUTH_PROTO_HDRS pol/cacep_anonymous_auth.proto) +protobuf_generate_c(CACEP_SIMPLE_AUTH_PROTO_SRCS CACEP_SIMPLE_AUTH_PROTO_HDRS + pol/cacep_simple_auth.proto) if(NOT APPLE) find_library(LIBRT_LIBRARIES rt) @@ -49,11 +54,16 @@ set(SOURCE_FILES sockets.c time_utils.c utils.c + # Add policies last + pol/cacep_proto.c + pol/cacep_anonymous_auth.c + pol/cacep_simple_auth.c ) add_library(ouroboros SHARED ${SOURCE_FILES} ${IRM_PROTO_SRCS} - ${IPCP_PROTO_SRCS} ${DIF_CONFIG_PROTO_SRCS} - ${CDAP_PROTO_SRCS} ${CACEP_PROTO_SRCS} ${RO_PROTO_SRCS}) + ${IPCP_PROTO_SRCS} ${DIF_CONFIG_PROTO_SRCS} ${CDAP_PROTO_SRCS} + ${CACEP_PROTO_PROTO_SRCS} ${CACEP_ANONYMOUS_AUTH_PROTO_SRCS} + ${CACEP_SIMPLE_AUTH_PROTO_SRCS} ${RO_PROTO_SRCS}) target_link_libraries(ouroboros ${LIBRT_LIBRARIES} ${LIBPTHREAD_LIBRARIES} ${PROTOBUF_C_LIBRARY}) diff --git a/src/lib/cacep.c b/src/lib/cacep.c index 00557444..92c028af 100644 --- a/src/lib/cacep.c +++ b/src/lib/cacep.c @@ -20,152 +20,87 @@ * 02110-1301 USA */ +#define OUROBOROS_PREFIX "cacep" + #include <ouroboros/config.h> #include <ouroboros/cacep.h> #include <ouroboros/dev.h> #include <ouroboros/errno.h> +#include <ouroboros/logs.h> + +#include <pol/cacep_anonymous_auth.h> +#include <pol/cacep_simple_auth.h> #include <stdlib.h> #include <string.h> -#include "cacep.pb-c.h" -typedef Cacep cacep_t; - #define BUF_SIZE 2048 -struct cacep { - int fd; - char * name; - uint64_t address; -}; - -struct cacep * cacep_create(int fd, - const char * name, - uint64_t address) +int cacep_info_init(struct cacep_info * info) { - struct cacep * tmp; + if (info == NULL) + return -EINVAL; - tmp = malloc(sizeof(*tmp)); - if (tmp == NULL) - return NULL; + info->proto.protocol = NULL; + info->name = NULL; + info->data = NULL; - tmp->fd = fd; - tmp->address = address; - tmp->name = strdup(name); - if (tmp->name == NULL) { - free(tmp); - return NULL; - } - - return tmp; + return 0; } -int cacep_destroy(struct cacep * instance) +void cacep_info_fini(struct cacep_info * info) { - if (instance == NULL) - return 0; - - free(instance->name); - free(instance); - - return 0; + if (info->proto.protocol != NULL) + free(info->proto.protocol); + if (info->name != NULL) + free(info->name); + if (info->data != NULL) + free(info->data); + + info->name = NULL; + info->data = NULL; } -static struct cacep_info * read_msg(struct cacep * instance) +struct cacep_info * cacep_auth(int fd, + enum pol_cacep pc, + const struct cacep_info * info) { - struct cacep_info * tmp; - uint8_t buf[BUF_SIZE]; - cacep_t * msg; - ssize_t len; - - len = flow_read(instance->fd, buf, BUF_SIZE); - if (len < 0) - return NULL; - - msg = cacep__unpack(NULL, len, buf); - if (msg == NULL) - return NULL; - - tmp = malloc(sizeof(*tmp)); - if (tmp == NULL) { - cacep__free_unpacked(msg, NULL); + if (info == NULL) { + log_err("No info provided."); return NULL; } - tmp->addr = msg->address; - tmp->name = strdup(msg->name); - if (tmp->name == NULL) { - free(tmp); - cacep__free_unpacked(msg, NULL); + switch (pc) { + case ANONYMOUS_AUTH: + return cacep_anonymous_auth(fd, info); + case SIMPLE_AUTH: + if (info == NULL) + return NULL; + return cacep_simple_auth_auth(fd, info); + default: + log_err("Unsupported CACEP policy."); return NULL; } - - cacep__free_unpacked(msg, NULL); - - return tmp; -} - -static int send_msg(struct cacep * instance) -{ - cacep_t msg = CACEP__INIT; - int ret = 0; - uint8_t * data = NULL; - size_t len = 0; - - msg.name = instance->name; - msg.address = instance->address; - - len = cacep__get_packed_size(&msg); - if (len == 0) - return -1; - - data = malloc(len); - if (data == NULL) - return -ENOMEM; - - cacep__pack(&msg, data); - - if (flow_write(instance->fd, data, len) < 0) - ret = -1; - - free(data); - - return ret; -} - -struct cacep_info * cacep_auth(struct cacep * instance) -{ - struct cacep_info * tmp; - - if (instance == NULL) - return NULL; - - if (send_msg(instance)) - return NULL; - - tmp = read_msg(instance); - if (tmp == NULL) - return NULL; - - return tmp; } -struct cacep_info * cacep_auth_wait(struct cacep * instance) +struct cacep_info * cacep_auth_wait(int fd, + enum pol_cacep pc, + const struct cacep_info * info) { - struct cacep_info * tmp; - - if (instance == NULL) - return NULL; - - tmp = read_msg(instance); - if (tmp == NULL) + if (info == NULL) { + log_err("No info provided."); return NULL; + } - if (send_msg(instance)) { - free(tmp->name); - free(tmp); + switch (pc) { + case ANONYMOUS_AUTH: + return cacep_anonymous_auth_wait(fd, info); + case SIMPLE_AUTH: + if (info == NULL) + return NULL; + return cacep_simple_auth_auth_wait(fd, info); + default: + log_err("Unsupported CACEP policy."); return NULL; } - - return tmp; } diff --git a/src/lib/cdap_req.c b/src/lib/cdap_req.c index 2f55b107..810ec9bf 100644 --- a/src/lib/cdap_req.c +++ b/src/lib/cdap_req.c @@ -65,17 +65,21 @@ void cdap_req_destroy(struct cdap_req * creq) pthread_mutex_lock(&creq->lock); - if (creq->state == REQ_DESTROY) { + switch(creq->state) { + case REQ_DESTROY: pthread_mutex_unlock(&creq->lock); return; - } - - if (creq->state == REQ_INIT) + case REQ_INIT: creq->state = REQ_NULL; - - if (creq->state == REQ_PENDING) { + pthread_cond_broadcast(&creq->cond); + break; + case REQ_PENDING: + case REQ_RESPONSE: creq->state = REQ_DESTROY; pthread_cond_broadcast(&creq->cond); + break; + default: + break; } while (creq->state != REQ_NULL) @@ -110,21 +114,25 @@ int cdap_req_wait(struct cdap_req * creq) creq->state = REQ_PENDING; pthread_cond_broadcast(&creq->cond); - while (creq->state == REQ_PENDING) { + while (creq->state == REQ_PENDING && ret != -ETIMEDOUT) ret = -pthread_cond_timedwait(&creq->cond, &creq->lock, &abstime); - if (ret == -ETIMEDOUT) - break; - } - if (creq->state == REQ_DESTROY) { + switch(creq->state) { + case REQ_DESTROY: ret = -1; + case REQ_PENDING: creq->state = REQ_NULL; pthread_cond_broadcast(&creq->cond); - } else { + break; + case REQ_RESPONSE: creq->state = REQ_DONE; pthread_cond_broadcast(&creq->cond); + break; + default: + assert(false); + break; } pthread_mutex_unlock(&creq->lock); diff --git a/src/lib/pol/cacep_anonymous_auth.c b/src/lib/pol/cacep_anonymous_auth.c new file mode 100644 index 00000000..1fcc730a --- /dev/null +++ b/src/lib/pol/cacep_anonymous_auth.c @@ -0,0 +1,205 @@ +/* + * Ouroboros - Copyright (C) 2016 - 2017 + * + * Anonymous policy for CACEP + * + * Dimitri Staessens <[email protected]> + * Sander Vrijders <[email protected]> + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * version 2.1 as published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301 USA + */ + +#include <ouroboros/config.h> +#include <ouroboros/cacep.h> +#include <ouroboros/time_utils.h> +#include <ouroboros/dev.h> +#include <ouroboros/errno.h> + +#include "cacep_proto.h" +#include "cacep_anonymous_auth.h" + +#include <stdlib.h> +#include <math.h> +#include <string.h> +#include <stdio.h> + +#include "cacep_anonymous_auth.pb-c.h" +typedef CacepAnonymousAuthMsg cacep_anonymous_auth_msg_t; +typedef CacepProtoMsg cacep_proto_msg_t; + +#define BUF_SIZE 2048 +#define NAME_LEN 8 + +/* this policy generates a hex string */ +static struct cacep_info * anonymous_info(void) +{ + struct cacep_info * info; + struct timespec t; + + info = malloc(sizeof(*info)); + if (info == NULL) + return NULL; + + cacep_info_init(info); + + info->name = malloc(NAME_LEN + 1); + if (info->name == NULL) { + free(info); + return NULL; + } + + clock_gettime(CLOCK_REALTIME, &t); + srand(t.tv_nsec); + + sprintf(info->name, "%8x", + (uint32_t)((rand() % RAND_MAX) & 0xFFFFFFFF)); + + info->addr = 0; + + return info; +} + +static struct cacep_info * read_msg(int fd) +{ + struct cacep_info * tmp; + uint8_t buf[BUF_SIZE]; + cacep_anonymous_auth_msg_t * msg; + ssize_t len; + + len = flow_read(fd, buf, BUF_SIZE); + if (len < 0) + return NULL; + + msg = cacep_anonymous_auth_msg__unpack(NULL, len, buf); + if (msg == NULL) + return NULL; + + tmp = anonymous_info(); + if (tmp == NULL) { + cacep_anonymous_auth_msg__free_unpacked(msg, NULL); + return NULL; + } + + tmp->proto.protocol = strdup(msg->proto->protocol); + if (tmp->proto.protocol == NULL) { + free(tmp); + cacep_anonymous_auth_msg__free_unpacked(msg, NULL); + return NULL; + } + + tmp->proto.pref_version = msg->proto->pref_version; + tmp->proto.pref_syntax = code_to_syntax(msg->proto->pref_syntax); + if (tmp->proto.pref_syntax < 0) { + free(tmp->proto.protocol); + free(tmp); + cacep_anonymous_auth_msg__free_unpacked(msg, NULL); + return NULL; + } + + cacep_anonymous_auth_msg__free_unpacked(msg, NULL); + + return tmp; +} + +static int send_msg(int fd, + const struct cacep_info * info) +{ + cacep_anonymous_auth_msg_t msg = CACEP_ANONYMOUS_AUTH_MSG__INIT; + cacep_proto_msg_t cmsg = CACEP_PROTO_MSG__INIT; + int ret = 0; + uint8_t * data = NULL; + size_t len = 0; + + cmsg.protocol = info->proto.protocol; + cmsg.pref_version = info->proto.pref_version; + cmsg.pref_syntax = syntax_to_code(info->proto.pref_syntax); + if (cmsg.pref_syntax < 0) + return -1; + + msg.proto = &cmsg; + + len = cacep_anonymous_auth_msg__get_packed_size(&msg); + if (len == 0) + return -1; + + data = malloc(len); + if (data == NULL) + return -ENOMEM; + + cacep_anonymous_auth_msg__pack(&msg, data); + + if (flow_write(fd, data, len) < 0) + ret = -1; + + free(data); + + return ret; +} + +struct cacep_info * cacep_anonymous_auth(int fd, + const struct cacep_info * info) +{ + struct cacep_info * tmp; + + assert(info); + + if (send_msg(fd, info)) + return NULL; + + tmp = read_msg(fd); + if (tmp == NULL) + return NULL; + + if (strcmp(info->proto.protocol, tmp->proto.protocol) || + info->proto.pref_version != tmp->proto.pref_version || + info->proto.pref_syntax != tmp->proto.pref_syntax) { + cacep_info_fini(tmp); + free(tmp); + return NULL; + } + + tmp->data = NULL; + + return tmp; +} + + +struct cacep_info * cacep_anonymous_auth_wait(int fd, + const struct cacep_info * info) +{ + struct cacep_info * tmp; + + assert(info); + + tmp = read_msg(fd); + if (tmp == NULL) + return NULL; + + if (send_msg(fd, info)) { + cacep_info_fini(tmp); + free(tmp); + return NULL; + } + + if (strcmp(info->proto.protocol, tmp->proto.protocol) || + info->proto.pref_version != tmp->proto.pref_version || + info->proto.pref_syntax != tmp->proto.pref_syntax) { + cacep_info_fini(tmp); + free(tmp); + return NULL; + } + + return tmp; +} diff --git a/src/lib/pol/cacep_anonymous_auth.h b/src/lib/pol/cacep_anonymous_auth.h new file mode 100644 index 00000000..d0229b05 --- /dev/null +++ b/src/lib/pol/cacep_anonymous_auth.h @@ -0,0 +1,33 @@ +/* + * Ouroboros - Copyright (C) 2016 - 2017 + * + * Anonymous policy for CACEP + * + * Dimitri Staessens <[email protected]> + * Sander Vrijders <[email protected]> + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * version 2.1 as published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301 USA + */ + +#ifndef OUROBOROS_LIB_CACEP_ANONYMOUS_AUTH_H +#define OUROBOROS_LIB_CACEP_ANONYMOUS_AUTH_H + +struct cacep_info * cacep_anonymous_auth(int fd, + const struct cacep_info * info); + +struct cacep_info * cacep_anonymous_auth_wait(int fd, + const struct cacep_info * info); + +#endif /* OUROBOROS_LIB_CACEP_ANONYMOUS_AUTH_H */ diff --git a/src/lib/cacep.proto b/src/lib/pol/cacep_anonymous_auth.proto index 603b095d..79734e28 100644 --- a/src/lib/cacep.proto +++ b/src/lib/pol/cacep_anonymous_auth.proto @@ -1,10 +1,10 @@ /* * Ouroboros - Copyright (C) 2016 - 2017 * - * CACEP message + * Message for no authentication CACEP policy * - * Dimitri Staessens <[email protected]> - * Sander Vrijders <[email protected]> + * Dimitri Staessens <[email protected]> + * Sander Vrijders <[email protected]> * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public License @@ -23,7 +23,8 @@ syntax = "proto2"; -message cacep { - required string name = 1; - required uint64 address = 2; -} +import "cacep_proto.proto"; + +message cacep_anonymous_auth_msg { + required cacep_proto_msg proto = 1; +}
\ No newline at end of file diff --git a/src/lib/pol/cacep_proto.c b/src/lib/pol/cacep_proto.c new file mode 100644 index 00000000..9990a05a --- /dev/null +++ b/src/lib/pol/cacep_proto.c @@ -0,0 +1,52 @@ +/* + * Ouroboros - Copyright (C) 2016 - 2017 + * + * CACEP - Read/Write Protocol info + * + * Sander Vrijders <[email protected]> + * Dimitri Staessens <[email protected]> + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * version 2.1 as published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301 USA + */ + +#include "cacep_proto.h" + +enum proto_concrete_syntax code_to_syntax(int code) +{ + switch(code) { + case PROTO_CONCRETE_SYNTAX_CODE__GPB: + return PROTO_GPB; + case PROTO_CONCRETE_SYNTAX_CODE__ASN_1: + return PROTO_ASN_1; + case PROTO_CONCRETE_SYNTAX_CODE__FIXED: + return PROTO_FIXED; + default: + return -1; + } +} + +int syntax_to_code(enum proto_concrete_syntax stx) +{ + switch(stx) { + case PROTO_GPB: + return PROTO_CONCRETE_SYNTAX_CODE__GPB; + case PROTO_ASN_1: + return PROTO_CONCRETE_SYNTAX_CODE__ASN_1; + case PROTO_FIXED: + return PROTO_CONCRETE_SYNTAX_CODE__FIXED; + default: + return -1; + } +} diff --git a/src/lib/pol/cacep_proto.h b/src/lib/pol/cacep_proto.h new file mode 100644 index 00000000..bfb1b247 --- /dev/null +++ b/src/lib/pol/cacep_proto.h @@ -0,0 +1,36 @@ +/* + * Ouroboros - Copyright (C) 2016 - 2017 + * + * CACEP - Convert syntax to msg code and back + * + * Sander Vrijders <[email protected]> + * Dimitri Staessens <[email protected]> + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * version 2.1 as published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301 USA + */ + +#ifndef OUROBOROS_LIB_CACEP_CDAP_H +#define OUROBOROS_LIB_CACEP_CDAP_H + +#include <ouroboros/cacep.h> +#include <ouroboros/irm_config.h> + +#include "cacep_proto.pb-c.h" + +enum proto_concrete_syntax code_to_syntax(int code); + +int syntax_to_code(enum proto_concrete_syntax stx); + +#endif /* OUROBOROS_LIB_CACEP_CDAP_H */ diff --git a/src/lib/pol/cacep_proto.proto b/src/lib/pol/cacep_proto.proto new file mode 100644 index 00000000..f313bfc1 --- /dev/null +++ b/src/lib/pol/cacep_proto.proto @@ -0,0 +1,38 @@ +/* + * Ouroboros - Copyright (C) 2016 - 2017 + * + * Message for setting Protocol information in CACEP + * + * Dimitri Staessens <[email protected]> + * Sander Vrijders <[email protected]> + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * version 2.1 as published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301 USA + */ + +syntax = "proto2"; + +enum proto_concrete_syntax_code { + GPB = 1; + ASN_1 = 2; + FIXED = 3; +} + +message cacep_proto_msg { + required string protocol = 1; + required int32 pref_version = 2; + repeated int32 supp_version = 3; + required proto_concrete_syntax_code pref_syntax = 4; + repeated proto_concrete_syntax_code supp_syntax = 5; +} diff --git a/src/lib/pol/cacep_simple_auth.c b/src/lib/pol/cacep_simple_auth.c new file mode 100644 index 00000000..65c510a2 --- /dev/null +++ b/src/lib/pol/cacep_simple_auth.c @@ -0,0 +1,183 @@ +/* + * Ouroboros - Copyright (C) 2016 - 2017 + * + * Simple authentication policy for CACEP + * + * Dimitri Staessens <[email protected]> + * Sander Vrijders <[email protected]> + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * version 2.1 as published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301 USA + */ + +#include <ouroboros/config.h> +#include <ouroboros/cacep.h> +#include <ouroboros/dev.h> +#include <ouroboros/errno.h> + +#include "cacep_proto.h" +#include "cacep_simple_auth.h" + +#include <stdlib.h> +#include <string.h> + +#include "cacep_simple_auth.pb-c.h" +typedef CacepSimpleAuthMsg cacep_simple_auth_msg_t; +typedef CacepProtoMsg cacep_proto_msg_t; + +#define BUF_SIZE 2048 + +static struct cacep_info * read_msg(int fd) +{ + struct cacep_info * tmp; + uint8_t buf[BUF_SIZE]; + cacep_simple_auth_msg_t * msg; + ssize_t len; + + len = flow_read(fd, buf, BUF_SIZE); + if (len < 0) + return NULL; + + msg = cacep_simple_auth_msg__unpack(NULL, len, buf); + if (msg == NULL) + return NULL; + + tmp = malloc(sizeof(*tmp)); + if (tmp == NULL) { + cacep_simple_auth_msg__free_unpacked(msg, NULL); + return NULL; + } + + cacep_info_init(tmp); + + tmp->addr = msg->addr; + tmp->name = strdup(msg->name); + if (tmp->name == NULL) { + free(tmp); + cacep_simple_auth_msg__free_unpacked(msg, NULL); + return NULL; + } + + tmp->proto.protocol = strdup(msg->proto->protocol); + if (tmp->proto.protocol == NULL) { + free(tmp->name); + free(tmp); + cacep_simple_auth_msg__free_unpacked(msg, NULL); + return NULL; + } + + tmp->proto.pref_version = msg->proto->pref_version; + tmp->proto.pref_syntax = code_to_syntax(msg->proto->pref_syntax); + if (tmp->proto.pref_syntax < 0) { + cacep_info_fini(tmp); + free(tmp); + cacep_simple_auth_msg__free_unpacked(msg, NULL); + return NULL; + } + + cacep_simple_auth_msg__free_unpacked(msg, NULL); + + return tmp; +} + +static int send_msg(int fd, + const struct cacep_info * info) +{ + cacep_simple_auth_msg_t msg = CACEP_SIMPLE_AUTH_MSG__INIT; + cacep_proto_msg_t cmsg = CACEP_PROTO_MSG__INIT; + int ret = 0; + uint8_t * data = NULL; + size_t len = 0; + + cmsg.protocol = info->proto.protocol; + cmsg.pref_version = info->proto.pref_version; + cmsg.pref_syntax = syntax_to_code(info->proto.pref_syntax); + if (cmsg.pref_syntax < 0) + return -1; + + msg.proto = &cmsg; + msg.name = info->name; + msg.addr = info->addr; + + len = cacep_simple_auth_msg__get_packed_size(&msg); + if (len == 0) + return -1; + + data = malloc(len); + if (data == NULL) + return -ENOMEM; + + cacep_simple_auth_msg__pack(&msg, data); + + if (flow_write(fd, data, len) < 0) + ret = -1; + + free(data); + + return ret; +} + +struct cacep_info * cacep_simple_auth_auth(int fd, + const struct cacep_info * info) +{ + struct cacep_info * tmp; + + assert(info); + + if (send_msg(fd, info)) + return NULL; + + tmp = read_msg(fd); + if (tmp == NULL) + return NULL; + + if (strcmp(info->proto.protocol, tmp->proto.protocol) || + info->proto.pref_version != tmp->proto.pref_version || + info->proto.pref_syntax != tmp->proto.pref_syntax) { + cacep_info_fini(tmp); + free(tmp); + return NULL; + } + + return tmp; +} + + +struct cacep_info * cacep_simple_auth_auth_wait(int fd, + const struct cacep_info * info) +{ + struct cacep_info * tmp; + + assert(info); + + tmp = read_msg(fd); + if (tmp == NULL) + return NULL; + + if (send_msg(fd, info)) { + cacep_info_fini(tmp); + free(tmp); + return NULL; + } + + if (strcmp(info->proto.protocol, tmp->proto.protocol) || + info->proto.pref_version != tmp->proto.pref_version || + info->proto.pref_syntax != tmp->proto.pref_syntax) { + cacep_info_fini(tmp); + free(tmp); + return NULL; + } + + return tmp; +} diff --git a/src/lib/pol/cacep_simple_auth.h b/src/lib/pol/cacep_simple_auth.h new file mode 100644 index 00000000..bbdbe9b9 --- /dev/null +++ b/src/lib/pol/cacep_simple_auth.h @@ -0,0 +1,33 @@ +/* + * Ouroboros - Copyright (C) 2016 - 2017 + * + * Simple authentication policy for CACEP + * + * Dimitri Staessens <[email protected]> + * Sander Vrijders <[email protected]> + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * version 2.1 as published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301 USA + */ + +#ifndef OUROBOROS_LIB_CACEP_SIMPLE_AUTH_H +#define OUROBOROS_LIB_CACEP_SIMPLE_AUTH_H + +struct cacep_info * cacep_simple_auth_auth(int fd, + const struct cacep_info * info); + +struct cacep_info * cacep_simple_auth_auth_wait(int fd, + const struct cacep_info * info); + +#endif /* OUROBOROS_LIB_CACEP_SIMPLE_AUTH_H */ diff --git a/src/lib/pol/cacep_simple_auth.proto b/src/lib/pol/cacep_simple_auth.proto new file mode 100644 index 00000000..1a1e7ea8 --- /dev/null +++ b/src/lib/pol/cacep_simple_auth.proto @@ -0,0 +1,32 @@ +/* + * Ouroboros - Copyright (C) 2016 - 2017 + * + * Message for no authentication CACEP policy + * + * Dimitri Staessens <[email protected]> + * Sander Vrijders <[email protected]> + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * version 2.1 as published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301 USA + */ + +syntax = "proto2"; + +import "cacep_proto.proto"; + +message cacep_simple_auth_msg { + required cacep_proto_msg proto = 1; + required string name = 2; + required uint64 addr = 3; +} diff --git a/src/lib/sha3.c b/src/lib/sha3.c index b2f9de57..212f645a 100644 --- a/src/lib/sha3.c +++ b/src/lib/sha3.c @@ -47,7 +47,8 @@ #include "sha3.h" -#define IS_ALIGNED_64(p) (0 == (7 & ((const char*) (p) - (const char*) 0))) +#define IS_ALIGNED_64(p) (0 == (7 & ((const uint8_t *) (p) \ + - (const uint8_t *) 0))) #define I64(x) x##LL #define ROTL64(qword, n) ((qword) << (n) ^ ((qword) >> (64 - (n)))) @@ -307,8 +308,9 @@ void rhash_sha3_final(struct sha3_ctx * ctx, uint8_t * res) { size_t digest_length = 100 - ctx->block_size / 2; - const size_t block_size = ctx->block_size; - unsigned int i = 0; + size_t digest_words = digest_length / sizeof(uint64_t); + const size_t block_size = ctx->block_size; + size_t i = 0; if (!(ctx->rest & SHA3_FINALIZED)) { /* clear the rest of the data queue */ @@ -325,7 +327,7 @@ void rhash_sha3_final(struct sha3_ctx * ctx, assert(block_size > digest_length); if (res != NULL) { - for (i = 0; i < digest_length; i++) + for (i = 0; i < digest_words; i++) ctx->hash[i] = htole64(ctx->hash[i]); memcpy(res, ctx->hash, digest_length); |