summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--include/ouroboros/cacep.h29
-rw-r--r--include/ouroboros/cdap.h1
-rw-r--r--include/ouroboros/irm_config.h3
-rw-r--r--src/ipcpd/normal/CMakeLists.txt4
-rw-r--r--src/ipcpd/normal/addr_auth.c44
-rw-r--r--src/ipcpd/normal/addr_auth.h12
-rw-r--r--src/ipcpd/normal/cdap_flow.c150
-rw-r--r--src/ipcpd/normal/cdap_flow.h49
-rw-r--r--src/ipcpd/normal/enroll.c161
-rw-r--r--src/ipcpd/normal/gam.c91
-rw-r--r--src/ipcpd/normal/main.c22
-rw-r--r--src/ipcpd/normal/pol-addr-auth-ops.h34
-rw-r--r--src/ipcpd/normal/pol/flat.c10
-rw-r--r--src/ipcpd/normal/pol/flat.h8
-rw-r--r--src/irmd/main.c44
-rw-r--r--src/lib/CMakeLists.txt16
-rw-r--r--src/lib/cacep.c169
-rw-r--r--src/lib/cdap_req.c32
-rw-r--r--src/lib/pol/cacep_anonymous_auth.c205
-rw-r--r--src/lib/pol/cacep_anonymous_auth.h33
-rw-r--r--src/lib/pol/cacep_anonymous_auth.proto (renamed from src/lib/cacep.proto)15
-rw-r--r--src/lib/pol/cacep_proto.c52
-rw-r--r--src/lib/pol/cacep_proto.h36
-rw-r--r--src/lib/pol/cacep_proto.proto38
-rw-r--r--src/lib/pol/cacep_simple_auth.c183
-rw-r--r--src/lib/pol/cacep_simple_auth.h33
-rw-r--r--src/lib/pol/cacep_simple_auth.proto32
-rw-r--r--src/lib/sha3.c10
28 files changed, 1176 insertions, 340 deletions
diff --git a/include/ouroboros/cacep.h b/include/ouroboros/cacep.h
index ae615e6e..e0737c47 100644
--- a/include/ouroboros/cacep.h
+++ b/include/ouroboros/cacep.h
@@ -24,24 +24,35 @@
#ifndef OUROBOROS_CACEP_H
#define OUROBOROS_CACEP_H
-#include <stdint.h>
-#include <unistd.h>
+#include <ouroboros/irm_config.h>
-struct cacep;
+enum proto_concrete_syntax {
+ PROTO_GPB = 0,
+ PROTO_ASN_1,
+ PROTO_FIXED
+};
struct cacep_info {
+ struct {
+ char * protocol;
+ uint32_t pref_version;
+ enum proto_concrete_syntax pref_syntax;
+ } proto;
char * name;
uint64_t addr;
+ void * data;
};
-struct cacep * cacep_create(int fd,
- const char * name,
- uint64_t address);
+int cacep_info_init(struct cacep_info * info);
-int cacep_destroy(struct cacep * instance);
+void cacep_info_fini(struct cacep_info * info);
-struct cacep_info * cacep_auth(struct cacep * instance);
+struct cacep_info * cacep_auth(int fd,
+ enum pol_cacep pc,
+ const struct cacep_info * info);
-struct cacep_info * cacep_auth_wait(struct cacep * instance);
+struct cacep_info * cacep_auth_wait(int fd,
+ enum pol_cacep pc,
+ const struct cacep_info * info);
#endif /* OUROBOROS_CACEP_H */
diff --git a/include/ouroboros/cdap.h b/include/ouroboros/cdap.h
index 9f6e2654..cc04cf27 100644
--- a/include/ouroboros/cdap.h
+++ b/include/ouroboros/cdap.h
@@ -31,6 +31,7 @@
#define F_SYNC 0x0001
#define INVALID_CDAP_KEY -1
+#define CDAP_PROTO "CDAP"
enum cdap_opcode {
CDAP_READ = 0,
diff --git a/include/ouroboros/irm_config.h b/include/ouroboros/irm_config.h
index 3cc59e20..9a05a434 100644
--- a/include/ouroboros/irm_config.h
+++ b/include/ouroboros/irm_config.h
@@ -48,7 +48,8 @@ enum pol_gam {
};
enum pol_cacep {
- NO_AUTH = 0
+ ANONYMOUS_AUTH = 0,
+ SIMPLE_AUTH
};
struct dif_config {
diff --git a/src/ipcpd/normal/CMakeLists.txt b/src/ipcpd/normal/CMakeLists.txt
index f2e48cbc..7e10cc0d 100644
--- a/src/ipcpd/normal/CMakeLists.txt
+++ b/src/ipcpd/normal/CMakeLists.txt
@@ -14,12 +14,12 @@ include_directories(${CMAKE_BINARY_DIR}/include)
set(IPCP_NORMAL_TARGET ipcpd-normal CACHE STRING "IPCP_NORMAL_TARGET")
-protobuf_generate_c(FLOW_ALLOC_SRCS FLOW_ALLOC_HDRS
- flow_alloc.proto)
+protobuf_generate_c(FLOW_ALLOC_SRCS FLOW_ALLOC_HDRS flow_alloc.proto)
set(SOURCE_FILES
# Add source files here
addr_auth.c
+ cdap_flow.c
dir.c
enroll.c
fmgr.c
diff --git a/src/ipcpd/normal/addr_auth.c b/src/ipcpd/normal/addr_auth.c
index 210744af..8469e95e 100644
--- a/src/ipcpd/normal/addr_auth.c
+++ b/src/ipcpd/normal/addr_auth.c
@@ -3,7 +3,8 @@
*
* Address authority
*
- * Sander Vrijders <[email protected]>
+ * Sander Vrijders <[email protected]>
+ * Dimitri Staessens <[email protected]>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
@@ -25,47 +26,36 @@
#include <ouroboros/logs.h>
#include "addr_auth.h"
+#include "pol-addr-auth-ops.h"
#include "pol/flat.h"
#include <stdlib.h>
#include <assert.h>
-struct addr_auth * addr_auth_create(enum pol_addr_auth type)
-{
- struct addr_auth * tmp;
-
- tmp = malloc(sizeof(*tmp));
- if (tmp == NULL) {
- log_err("Failed to malloc addr auth.");
- return NULL;
- }
+struct addr_auth {
+ struct pol_addr_auth_ops * ops;
+} addr_auth;
+int addr_auth_init(enum pol_addr_auth type)
+{
switch (type) {
case FLAT_RANDOM:
- tmp->address = flat_address;
- tmp->type = type;
+ addr_auth.ops = &flat_ops;
break;
default:
log_err("Unknown address authority type.");
- free(tmp);
- return NULL;
+ return -1;
}
- return tmp;
+ return addr_auth.ops->init();
}
-int addr_auth_destroy(struct addr_auth * instance)
+uint64_t addr_auth_address(void)
{
- assert(instance);
-
- switch (instance->type) {
- case FLAT_RANDOM:
- break;
- default:
- log_err("Unknown address authority type.");
- }
-
- free(instance);
+ return addr_auth.ops->address();
+}
- return 0;
+int addr_auth_fini(void)
+{
+ return addr_auth.ops->fini();
}
diff --git a/src/ipcpd/normal/addr_auth.h b/src/ipcpd/normal/addr_auth.h
index 8d67bc66..b389fa90 100644
--- a/src/ipcpd/normal/addr_auth.h
+++ b/src/ipcpd/normal/addr_auth.h
@@ -3,7 +3,8 @@
*
* Address authority
*
- * Sander Vrijders <[email protected]>
+ * Sander Vrijders <[email protected]>
+ * Dimitri Staessens <[email protected]>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
@@ -26,13 +27,10 @@
#include <stdint.h>
-struct addr_auth {
- enum pol_addr_auth type;
- uint64_t (* address)(void);
-};
+int addr_auth_init(enum pol_addr_auth type);
-struct addr_auth * addr_auth_create(enum pol_addr_auth type);
+int addr_auth_fini(void);
-int addr_auth_destroy(struct addr_auth * instance);
+uint64_t addr_auth_address(void);
#endif /* OUROBOROS_IPCPD_NORMAL_ADDR_AUTH_H */
diff --git a/src/ipcpd/normal/cdap_flow.c b/src/ipcpd/normal/cdap_flow.c
new file mode 100644
index 00000000..a94627c2
--- /dev/null
+++ b/src/ipcpd/normal/cdap_flow.c
@@ -0,0 +1,150 @@
+/*
+ * Ouroboros - Copyright (C) 2016 - 2017
+ *
+ * Normal IPC Process - Authenticated CDAP Flow Allocator
+ *
+ * Sander Vrijders <[email protected]>
+ * Dimitri Staessens <[email protected]>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#define OUROBOROS_PREFIX "cdap-flow"
+
+#include <ouroboros/config.h>
+#include <ouroboros/dev.h>
+#include <ouroboros/logs.h>
+
+#include "cdap_flow.h"
+
+#include <stdlib.h>
+#include <assert.h>
+
+static void cdap_flow_destroy(struct cdap_flow * flow)
+{
+ assert(flow);
+
+ if (flow->ci != NULL)
+ cdap_destroy(flow->ci);
+ if (flow->info != NULL) {
+ cacep_info_fini(flow->info);
+ free(flow->info);
+ }
+
+ free(flow);
+}
+
+struct cdap_flow * cdap_flow_arr(int fd,
+ int resp,
+ enum pol_cacep pc,
+ const struct cacep_info * info)
+{
+ struct cdap_flow * flow;
+
+ if (flow_alloc_resp(fd, resp) < 0) {
+ log_err("Could not respond to new flow.");
+ return NULL;
+ }
+
+ if (resp)
+ return NULL;
+
+ flow = malloc(sizeof(*flow));
+ if (flow == NULL) {
+ log_err("Failed to malloc.");
+ return NULL;
+ }
+
+ flow->fd = fd;
+ flow->ci = NULL;
+
+ flow->info = cacep_auth_wait(fd, pc, info);
+ if (flow->info == NULL) {
+ log_err("Other side failed to authenticate.");
+ cdap_flow_destroy(flow);
+ return NULL;
+ }
+
+ flow->ci = cdap_create(fd);
+ if (flow->ci == NULL) {
+ log_err("Failed to create CDAP instance.");
+ cdap_flow_destroy(flow);
+ return NULL;
+ }
+
+ return flow;
+}
+
+struct cdap_flow * cdap_flow_alloc(const char * dst_name,
+ const char * ae_name,
+ qosspec_t * qs,
+ enum pol_cacep pc,
+ const struct cacep_info * info)
+{
+ struct cdap_flow * flow;
+ int fd;
+
+ log_dbg("Allocating flow to %s.", dst_name);
+
+ if (dst_name == NULL || ae_name == NULL) {
+ log_err("Not enough info to establish flow.");
+ return NULL;
+ }
+
+ fd = flow_alloc(dst_name, ae_name, qs);
+ if (fd < 0) {
+ log_err("Failed to allocate flow to %s.", dst_name);
+ return NULL;
+ }
+
+ if (flow_alloc_res(fd)) {
+ log_err("Flow allocation to %s failed.", dst_name);
+ return NULL;
+ }
+
+ flow = malloc(sizeof(*flow));
+ if (flow == NULL) {
+ log_err("Failed to malloc.");
+ flow_dealloc(fd);
+ return NULL;
+ }
+
+ flow->fd = fd;
+ flow->ci = NULL;
+
+ flow->info = cacep_auth(fd, pc, info);
+ if (flow->info == NULL) {
+ log_err("Failed to authenticate.");
+ cdap_flow_dealloc(flow);
+ return NULL;
+ }
+
+ flow->ci = cdap_create(fd);
+ if (flow->ci == NULL) {
+ log_err("Failed to create CDAP instance.");
+ cdap_flow_dealloc(flow);
+ return NULL;
+ }
+
+ return flow;
+}
+
+void cdap_flow_dealloc(struct cdap_flow * flow)
+{
+ int fd = flow->fd;
+
+ cdap_flow_destroy(flow);
+
+ flow_dealloc(fd);
+}
diff --git a/src/ipcpd/normal/cdap_flow.h b/src/ipcpd/normal/cdap_flow.h
new file mode 100644
index 00000000..c5ca2ab4
--- /dev/null
+++ b/src/ipcpd/normal/cdap_flow.h
@@ -0,0 +1,49 @@
+/*
+ * Ouroboros - Copyright (C) 2016 - 2017
+ *
+ * Normal IPC Process - Authenticated CDAP Flow Allocator
+ *
+ * Sander Vrijders <[email protected]>
+ * Dimitri Staessens <[email protected]>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#ifndef OUROBOROS_IPCPD_NORMAL_CDAP_FLOW_H
+#define OUROBOROS_IPCPD_NORMAL_CDAP_FLOW_H
+
+#include <ouroboros/cacep.h>
+#include <ouroboros/cdap.h>
+#include <ouroboros/qos.h>
+
+struct cdap_flow {
+ int fd;
+ struct cdap * ci;
+ struct cacep_info * info;
+};
+
+struct cdap_flow * cdap_flow_arr(int fd,
+ int resp,
+ enum pol_cacep pc,
+ const struct cacep_info * info);
+
+struct cdap_flow * cdap_flow_alloc(const char * dst_name,
+ const char * ae_name,
+ qosspec_t * qs,
+ enum pol_cacep pc,
+ const struct cacep_info * info);
+
+void cdap_flow_dealloc(struct cdap_flow * flow);
+
+#endif /* OUROBOROS_IPCPD_NORMAL_CDAP_FLOW_H */
diff --git a/src/ipcpd/normal/enroll.c b/src/ipcpd/normal/enroll.c
index bc5d2a20..ce6768fb 100644
--- a/src/ipcpd/normal/enroll.c
+++ b/src/ipcpd/normal/enroll.c
@@ -23,12 +23,13 @@
#include <ouroboros/config.h>
#include <ouroboros/endian.h>
#include <ouroboros/time_utils.h>
-#include <ouroboros/cdap.h>
#include <ouroboros/dev.h>
#include <ouroboros/logs.h>
#include <ouroboros/rib.h>
+#include <ouroboros/errno.h>
#include "ae.h"
+#include "cdap_flow.h"
#include "ribconfig.h"
#include <assert.h>
@@ -42,14 +43,15 @@
int enroll_handle(int fd)
{
- struct cdap * ci;
- cdap_key_t key;
- enum cdap_opcode oc;
- char * name;
- uint8_t * buf;
- uint8_t * data;
- ssize_t len;
- uint32_t flags;
+ struct cdap_flow * flow;
+ struct cacep_info info;
+ cdap_key_t key;
+ enum cdap_opcode oc;
+ char * name;
+ uint8_t * buf;
+ uint8_t * data;
+ ssize_t len;
+ uint32_t flags;
bool boot_r = false;
bool members_r = false;
@@ -59,21 +61,29 @@ int enroll_handle(int fd)
char * members_ro = MEMBERS_PATH;
char * dif_ro = DIF_PATH;
- if (flow_alloc_resp(fd, 0) < 0) {
- flow_dealloc(fd);
- log_err("Could not respond to request.");
- return -1;
+ cacep_info_init(&info);
+
+ info.proto.protocol = strdup(CDAP_PROTO);
+ if (info.proto.protocol == NULL) {
+ cacep_info_fini(&info);
+ return -ENOMEM;
}
- ci = cdap_create(fd);
- if (ci == NULL) {
+ info.proto.pref_version = 1;
+ info.proto.pref_syntax = PROTO_GPB;
+
+ flow = cdap_flow_arr(fd, 0, ANONYMOUS_AUTH, &info);
+ if (flow == NULL) {
+ log_err("Failed to auth enrollment request.");
+ cacep_info_fini(&info);
flow_dealloc(fd);
- log_err("Failed to create CDAP instance.");
return -1;
}
+ cacep_info_fini(&info);
+
while (!(boot_r && members_r && dif_name_r)) {
- key = cdap_request_wait(ci, &oc, &name, &data,
+ key = cdap_request_wait(flow->ci, &oc, &name, &data,
(size_t *) &len , &flags);
assert(key >= 0);
assert(name);
@@ -85,9 +95,8 @@ int enroll_handle(int fd)
if (oc != CDAP_READ) {
log_warn("Invalid request.");
- cdap_reply_send(ci, key, -1, NULL, 0);
- cdap_destroy(ci);
- flow_dealloc(fd);
+ cdap_reply_send(flow->ci, key, -1, NULL, 0);
+ cdap_flow_dealloc(flow);
free(name);
return -1;
}
@@ -104,14 +113,13 @@ int enroll_handle(int fd)
clock_gettime(CLOCK_REALTIME, &t);
buf[0] = hton64(t.tv_sec);
buf[1] = hton64(t.tv_nsec);
- cdap_reply_send(ci, key, 0, buf, sizeof(buf));
+ cdap_reply_send(flow->ci, key, 0, buf, sizeof(buf));
free(name);
continue;
} else {
log_warn("Illegal read: %s.", name);
- cdap_reply_send(ci, key, -1, NULL, 0);
- cdap_destroy(ci);
- flow_dealloc(fd);
+ cdap_reply_send(flow->ci, key, -1, NULL, 0);
+ cdap_flow_dealloc(flow);
free(name);
return -1;
}
@@ -119,9 +127,8 @@ int enroll_handle(int fd)
len = rib_pack(name, &buf, PACK_HASH_ROOT);
if (len < 0) {
log_err("Failed to pack %s.", name);
- cdap_reply_send(ci, key, -1, NULL, 0);
- cdap_destroy(ci);
- flow_dealloc(fd);
+ cdap_reply_send(flow->ci, key, -1, NULL, 0);
+ cdap_flow_dealloc(flow);
free(name);
return -1;
}
@@ -130,10 +137,9 @@ int enroll_handle(int fd)
free(name);
- if (cdap_reply_send(ci, key, 0, buf, len)) {
+ if (cdap_reply_send(flow->ci, key, 0, buf, len)) {
log_err("Failed to send CDAP reply.");
- cdap_destroy(ci);
- flow_dealloc(fd);
+ cdap_flow_dealloc(flow);
return -1;
}
@@ -142,20 +148,18 @@ int enroll_handle(int fd)
log_dbg("Sent boot info to new member.");
- cdap_destroy(ci);
-
- flow_dealloc(fd);
+ cdap_flow_dealloc(flow);
return 0;
}
int enroll_boot(char * dst_name)
{
- struct cdap * ci;
- cdap_key_t key;
- uint8_t * data;
- size_t len;
- int fd;
+ struct cdap_flow * flow;
+ struct cacep_info info;
+ cdap_key_t key;
+ uint8_t * data;
+ size_t len;
struct timespec t0;
struct timespec rtt;
@@ -166,41 +170,41 @@ int enroll_boot(char * dst_name)
char * members_ro = MEMBERS_PATH;
char * dif_ro = DIF_PATH;
- fd = flow_alloc(dst_name, ENROLL_AE, NULL);
- if (fd < 0) {
- log_err("Failed to allocate flow.");
- return -1;
- }
+ cacep_info_init(&info);
- if (flow_alloc_res(fd)) {
- log_err("Flow allocation failed.");
- flow_dealloc(fd);
- return -1;
+ info.proto.protocol = strdup(CDAP_PROTO);
+ if (info.proto.protocol == NULL) {
+ cacep_info_fini(&info);
+ return -ENOMEM;
}
- ci = cdap_create(fd);
- if (ci == NULL) {
- log_err("Failed to create CDAP instance.");
- flow_dealloc(fd);
+ info.proto.pref_version = 1;
+ info.proto.pref_syntax = PROTO_GPB;
+
+ flow = cdap_flow_alloc(dst_name, ENROLL_AE, NULL, ANONYMOUS_AUTH,
+ &info);
+ if (flow == NULL) {
+ log_err("Failed to allocate flow for enrollment request.");
+ cacep_info_fini(&info);
return -1;
}
+ cacep_info_fini(&info);
+
log_dbg("Getting boot information from %s.", dst_name);
clock_gettime(CLOCK_REALTIME, &t0);
- key = cdap_request_send(ci, CDAP_READ, TIME_PATH, NULL, 0, 0);
+ key = cdap_request_send(flow->ci, CDAP_READ, TIME_PATH, NULL, 0, 0);
if (key < 0) {
log_err("Failed to send CDAP request.");
- cdap_destroy(ci);
- flow_dealloc(fd);
+ cdap_flow_dealloc(flow);
return -1;
}
- if (cdap_reply_wait(ci, key, &data, &len)) {
+ if (cdap_reply_wait(flow->ci, key, &data, &len)) {
log_err("Failed to get CDAP reply.");
- cdap_destroy(ci);
- flow_dealloc(fd);
+ cdap_flow_dealloc(flow);
return -1;
}
@@ -218,18 +222,16 @@ int enroll_boot(char * dst_name)
free(data);
- key = cdap_request_send(ci, CDAP_READ, boot_ro, NULL, 0, 0);
+ key = cdap_request_send(flow->ci, CDAP_READ, boot_ro, NULL, 0, 0);
if (key < 0) {
log_err("Failed to send CDAP request.");
- cdap_destroy(ci);
- flow_dealloc(fd);
+ cdap_flow_dealloc(flow);
return -1;
}
- if (cdap_reply_wait(ci, key, &data, &len)) {
+ if (cdap_reply_wait(flow->ci, key, &data, &len)) {
log_err("Failed to get CDAP reply.");
- cdap_destroy(ci);
- flow_dealloc(fd);
+ cdap_flow_dealloc(flow);
return -1;
}
@@ -239,25 +241,22 @@ int enroll_boot(char * dst_name)
log_warn("Error unpacking RIB data.");
rib_del(boot_ro);
free(data);
- cdap_destroy(ci);
- flow_dealloc(fd);
+ cdap_flow_dealloc(flow);
return -1;
}
log_dbg("Packed information inserted into RIB.");
- key = cdap_request_send(ci, CDAP_READ, members_ro, NULL, 0, 0);
+ key = cdap_request_send(flow->ci, CDAP_READ, members_ro, NULL, 0, 0);
if (key < 0) {
log_err("Failed to send CDAP request.");
- cdap_destroy(ci);
- flow_dealloc(fd);
+ cdap_flow_dealloc(flow);
return -1;
}
- if (cdap_reply_wait(ci, key, &data, &len)) {
+ if (cdap_reply_wait(flow->ci, key, &data, &len)) {
log_err("Failed to get CDAP reply.");
- cdap_destroy(ci);
- flow_dealloc(fd);
+ cdap_flow_dealloc(flow);
return -1;
}
@@ -267,25 +266,22 @@ int enroll_boot(char * dst_name)
log_warn("Error unpacking RIB data.");
rib_del(boot_ro);
free(data);
- cdap_destroy(ci);
- flow_dealloc(fd);
+ cdap_flow_dealloc(flow);
return -1;
}
log_dbg("Packed information inserted into RIB.");
- key = cdap_request_send(ci, CDAP_READ, dif_ro, NULL, 0, 0);
+ key = cdap_request_send(flow->ci, CDAP_READ, dif_ro, NULL, 0, 0);
if (key < 0) {
log_err("Failed to send CDAP request.");
- cdap_destroy(ci);
- flow_dealloc(fd);
+ cdap_flow_dealloc(flow);
return -1;
}
- if (cdap_reply_wait(ci, key, &data, &len)) {
+ if (cdap_reply_wait(flow->ci, key, &data, &len)) {
log_err("Failed to get CDAP reply.");
- cdap_destroy(ci);
- flow_dealloc(fd);
+ cdap_flow_dealloc(flow);
return -1;
}
@@ -295,16 +291,13 @@ int enroll_boot(char * dst_name)
log_warn("Error unpacking RIB data.");
rib_del(boot_ro);
free(data);
- cdap_destroy(ci);
- flow_dealloc(fd);
+ cdap_flow_dealloc(flow);
return -1;
}
log_dbg("Packed information inserted into RIB.");
- cdap_destroy(ci);
-
- flow_dealloc(fd);
+ cdap_flow_dealloc(flow);
return 0;
}
diff --git a/src/ipcpd/normal/gam.c b/src/ipcpd/normal/gam.c
index 9ee55261..791cf34e 100644
--- a/src/ipcpd/normal/gam.c
+++ b/src/ipcpd/normal/gam.c
@@ -23,6 +23,7 @@
#define OUROBOROS_PREFIX "graph-adjacency-manager"
#include <ouroboros/config.h>
+#include <ouroboros/cdap.h>
#include <ouroboros/dev.h>
#include <ouroboros/logs.h>
#include <ouroboros/list.h>
@@ -178,8 +179,8 @@ int gam_flow_arr(struct gam * instance,
int fd,
qosspec_t qs)
{
- struct cacep * cacep;
- struct cacep_info * info;
+ struct cacep_info * rcv_info;
+ struct cacep_info snd_info;
if (flow_alloc_resp(fd, instance->ops->accept_new_flow(instance->ops_o))
< 0) {
@@ -187,32 +188,43 @@ int gam_flow_arr(struct gam * instance,
return -1;
}
- cacep = cacep_create(fd, ipcpi.name, ipcpi.address);
- if (cacep == NULL) {
- log_err("Failed to create CACEP instance.");
- return -1;
+ cacep_info_init(&snd_info);
+ snd_info.proto.protocol = strdup(CDAP_PROTO);
+ if (snd_info.proto.protocol == NULL) {
+ cacep_info_fini(&snd_info);
+ return -ENOMEM;
+ }
+
+ snd_info.proto.pref_version = 1;
+ snd_info.proto.pref_syntax = PROTO_GPB;
+ snd_info.addr = ipcpi.address;
+ snd_info.name = strdup(ipcpi.name);
+ if (snd_info.name == NULL) {
+ cacep_info_fini(&snd_info);
+ return -ENOMEM;
}
- info = cacep_auth_wait(cacep);
- if (info == NULL) {
+ rcv_info = cacep_auth_wait(fd, SIMPLE_AUTH, &snd_info);
+ if (rcv_info == NULL) {
log_err("Other side failed to authenticate.");
- cacep_destroy(cacep);
+ cacep_info_fini(&snd_info);
return -1;
}
- cacep_destroy(cacep);
+ cacep_info_fini(&snd_info);
- if (instance->ops->accept_flow(instance->ops_o, qs, info)) {
+ if (instance->ops->accept_flow(instance->ops_o, qs, rcv_info)) {
flow_dealloc(fd);
- free(info->name);
- free(info);
+ cacep_info_fini(rcv_info);
+ free(rcv_info);
return 0;
}
- if (add_ga(instance, fd, qs, info)) {
+ if (add_ga(instance, fd, qs, rcv_info)) {
log_err("Failed to add ga to graph adjacency manager list.");
- free(info->name);
- free(info);
+ flow_dealloc(fd);
+ cacep_info_fini(rcv_info);
+ free(rcv_info);
return -1;
}
@@ -223,10 +235,12 @@ int gam_flow_alloc(struct gam * instance,
char * dst_name,
qosspec_t qs)
{
- struct cacep * cacep;
- struct cacep_info * info;
+ struct cacep_info * rcv_info;
+ struct cacep_info snd_info;
int fd;
+ log_dbg("Allocating flow to %s.", dst_name);
+
fd = flow_alloc(dst_name, instance->ae_name, NULL);
if (fd < 0) {
log_err("Failed to allocate flow to %s.", dst_name);
@@ -239,32 +253,43 @@ int gam_flow_alloc(struct gam * instance,
return -1;
}
- cacep = cacep_create(fd, ipcpi.name, ipcpi.address);
- if (cacep == NULL) {
- log_err("Failed to create CACEP instance.");
- return -1;
+ cacep_info_init(&snd_info);
+ snd_info.proto.protocol = strdup(CDAP_PROTO);
+ if (snd_info.proto.protocol == NULL) {
+ cacep_info_fini(&snd_info);
+ return -ENOMEM;
+ }
+
+ snd_info.proto.pref_version = 1;
+ snd_info.proto.pref_syntax = PROTO_GPB;
+ snd_info.addr = ipcpi.address;
+ snd_info.name = strdup(ipcpi.name);
+ if (snd_info.name == NULL) {
+ cacep_info_fini(&snd_info);
+ return -ENOMEM;
}
- info = cacep_auth(cacep);
- if (info == NULL) {
- log_err("Failed to authenticate.");
- cacep_destroy(cacep);
+ rcv_info = cacep_auth(fd, SIMPLE_AUTH, &snd_info);
+ if (rcv_info == NULL) {
+ log_err("Other side failed to authenticate.");
+ cacep_info_fini(&snd_info);
return -1;
}
- cacep_destroy(cacep);
+ cacep_info_fini(&snd_info);
- if (instance->ops->accept_flow(instance->ops_o, qs, info)) {
+ if (instance->ops->accept_flow(instance->ops_o, qs, rcv_info)) {
flow_dealloc(fd);
- free(info->name);
- free(info);
+ cacep_info_fini(rcv_info);
+ free(rcv_info);
return 0;
}
- if (add_ga(instance, fd, qs, info)) {
+ if (add_ga(instance, fd, qs, rcv_info)) {
log_err("Failed to add GA to graph adjacency manager list.");
- free(info->name);
- free(info);
+ flow_dealloc(fd);
+ cacep_info_fini(rcv_info);
+ free(rcv_info);
return -1;
}
diff --git a/src/ipcpd/normal/main.c b/src/ipcpd/normal/main.c
index c41b6187..522daa3b 100644
--- a/src/ipcpd/normal/main.c
+++ b/src/ipcpd/normal/main.c
@@ -54,7 +54,6 @@
struct {
pthread_t acceptor;
- struct addr_auth * auth;
} normal;
void ipcp_sig_handler(int sig,
@@ -167,16 +166,15 @@ static int boot_components(void)
return -1;
}
- normal.auth = addr_auth_create(pa);
- if (normal.auth == NULL) {
+ if (addr_auth_init(pa)) {
log_err("Failed to init address authority.");
return -1;
}
- ipcpi.address = normal.auth->address();
+ ipcpi.address = addr_auth_address();
if (ipcpi.address == 0) {
log_err("Failed to get a valid address.");
- addr_auth_destroy(normal.auth);
+ addr_auth_fini();
return -1;
}
@@ -186,14 +184,14 @@ static int boot_components(void)
if (ribmgr_init()) {
log_err("Failed to initialize RIB manager.");
- addr_auth_destroy(normal.auth);
+ addr_auth_fini();
return -1;
}
if (dir_init()) {
log_err("Failed to initialize directory.");
ribmgr_fini();
- addr_auth_destroy(normal.auth);
+ addr_auth_fini();
return -1;
}
@@ -202,7 +200,7 @@ static int boot_components(void)
if (fmgr_init()) {
dir_fini();
ribmgr_fini();
- addr_auth_destroy(normal.auth);
+ addr_auth_fini();
log_err("Failed to start flow manager.");
return -1;
}
@@ -211,7 +209,7 @@ static int boot_components(void)
fmgr_fini();
dir_fini();
ribmgr_fini();
- addr_auth_destroy(normal.auth);
+ addr_auth_fini();
log_err("Failed to initialize FRCT.");
return -1;
}
@@ -223,7 +221,7 @@ static int boot_components(void)
fmgr_fini();
dir_fini();
ribmgr_fini();
- addr_auth_destroy(normal.auth);
+ addr_auth_fini();
log_err("Failed to create acceptor thread.");
return -1;
}
@@ -244,7 +242,7 @@ void shutdown_components(void)
ribmgr_fini();
- addr_auth_destroy(normal.auth);
+ addr_auth_fini();
}
static int normal_ipcp_enroll(char * dst_name)
@@ -340,7 +338,7 @@ int normal_rib_init(void)
static int normal_ipcp_bootstrap(struct dif_config * conf)
{
/* FIXME: get CACEP policies from conf */
- enum pol_cacep pol = NO_AUTH;
+ enum pol_cacep pol = SIMPLE_AUTH;
(void) pol;
diff --git a/src/ipcpd/normal/pol-addr-auth-ops.h b/src/ipcpd/normal/pol-addr-auth-ops.h
new file mode 100644
index 00000000..25952636
--- /dev/null
+++ b/src/ipcpd/normal/pol-addr-auth-ops.h
@@ -0,0 +1,34 @@
+/*
+ * Ouroboros - Copyright (C) 2016 - 2017
+ *
+ * Address authority policy ops
+ *
+ * Dimitri Staessens <[email protected]>
+ * Sander Vrijders <[email protected]>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#ifndef OUROBOROS_IPCPD_NORMAL_POL_ADDR_AUTH_OPS_H
+#define OUROBOROS_IPCPD_NORMAL_POL_ADDR_AUTH_OPS_H
+
+struct pol_addr_auth_ops {
+ int (* init)(void);
+
+ int (* fini)(void);
+
+ uint64_t (* address)(void);
+};
+
+#endif /* OUROBOROS_IPCPD_NORMAL_POL_ADDR_AUTH_OPS_H */
diff --git a/src/ipcpd/normal/pol/flat.c b/src/ipcpd/normal/pol/flat.c
index d982f5ac..aa0f6c7c 100644
--- a/src/ipcpd/normal/pol/flat.c
+++ b/src/ipcpd/normal/pol/flat.c
@@ -80,6 +80,16 @@ static int addr_taken(char * name,
#define INVALID_ADDRESS 0
+int flat_init(void)
+{
+ return 0;
+}
+
+int flat_fini(void)
+{
+ return 0;
+}
+
uint64_t flat_address(void)
{
struct timespec t;
diff --git a/src/ipcpd/normal/pol/flat.h b/src/ipcpd/normal/pol/flat.h
index 73d7de8b..85fe9281 100644
--- a/src/ipcpd/normal/pol/flat.h
+++ b/src/ipcpd/normal/pol/flat.h
@@ -22,8 +22,16 @@
#ifndef OUROBOROS_IPCPD_NORMAL_FLAT_H
#define OUROBOROS_IPCPD_NORMAL_FLAT_H
+#include "pol-addr-auth-ops.h"
+
int flat_init(void);
int flat_fini(void);
uint64_t flat_address(void);
+struct pol_addr_auth_ops flat_ops = {
+ .init = flat_init,
+ .fini = flat_fini,
+ .address = flat_address
+};
+
#endif /* OUROBOROS_IPCPD_NORMAL_FLAT_H */
diff --git a/src/irmd/main.c b/src/irmd/main.c
index cc13ccea..ad55256a 100644
--- a/src/irmd/main.c
+++ b/src/irmd/main.c
@@ -2077,6 +2077,28 @@ static int irm_create(void)
return -ENOMEM;
}
+ if ((irmd->lf = lockfile_create()) == NULL) {
+ if ((irmd->lf = lockfile_open()) == NULL) {
+ log_err("Lockfile error.");
+ irm_destroy();
+ return -1;
+ }
+
+ if (kill(lockfile_owner(irmd->lf), 0) < 0) {
+ log_info("IRMd didn't properly shut down last time.");
+ shm_rdrbuff_destroy(shm_rdrbuff_open());
+ log_info("Stale resources cleaned.");
+ lockfile_destroy(irmd->lf);
+ irmd->lf = lockfile_create();
+ } else {
+ log_info("IRMd already running (%d), exiting.",
+ lockfile_owner(irmd->lf));
+ lockfile_close(irmd->lf);
+ free(irmd);
+ return -1;
+ }
+ }
+
if (stat(SOCK_PATH, &st) == -1) {
if (mkdir(SOCK_PATH, 0777)) {
log_err("Failed to create sockets directory.");
@@ -2104,28 +2126,6 @@ static int irm_create(void)
return -1;
}
- if ((irmd->lf = lockfile_create()) == NULL) {
- if ((irmd->lf = lockfile_open()) == NULL) {
- log_err("Lockfile error.");
- irm_destroy();
- return -1;
- }
-
- if (kill(lockfile_owner(irmd->lf), 0) < 0) {
- log_info("IRMd didn't properly shut down last time.");
- shm_rdrbuff_destroy(shm_rdrbuff_open());
- log_info("Stale resources cleaned.");
- lockfile_destroy(irmd->lf);
- irmd->lf = lockfile_create();
- } else {
- log_info("IRMd already running (%d), exiting.",
- lockfile_owner(irmd->lf));
- lockfile_close(irmd->lf);
- free(irmd);
- return -1;
- }
- }
-
if (irmd->lf == NULL) {
irm_destroy();
return -1;
diff --git a/src/lib/CMakeLists.txt b/src/lib/CMakeLists.txt
index 6af50782..fcea0fb2 100644
--- a/src/lib/CMakeLists.txt
+++ b/src/lib/CMakeLists.txt
@@ -9,8 +9,13 @@ protobuf_generate_c(IPCP_PROTO_SRCS IPCP_PROTO_HDRS ipcpd_messages.proto)
protobuf_generate_c(DIF_CONFIG_PROTO_SRCS DIF_CONFIG_PROTO_HDRS
dif_config.proto)
protobuf_generate_c(CDAP_PROTO_SRCS CDAP_PROTO_HDRS cdap.proto)
-protobuf_generate_c(CACEP_PROTO_SRCS CACEP_PROTO_HDRS cacep.proto)
protobuf_generate_c(RO_PROTO_SRCS RO_PROTO_HDRS ro.proto)
+protobuf_generate_c(CACEP_PROTO_PROTO_SRCS CACEP_CDAP_PROTO_HDRS
+ pol/cacep_proto.proto)
+protobuf_generate_c(CACEP_ANONYMOUS_AUTH_PROTO_SRCS
+ CACEP_ANONYMOUS_AUTH_PROTO_HDRS pol/cacep_anonymous_auth.proto)
+protobuf_generate_c(CACEP_SIMPLE_AUTH_PROTO_SRCS CACEP_SIMPLE_AUTH_PROTO_HDRS
+ pol/cacep_simple_auth.proto)
if(NOT APPLE)
find_library(LIBRT_LIBRARIES rt)
@@ -49,11 +54,16 @@ set(SOURCE_FILES
sockets.c
time_utils.c
utils.c
+ # Add policies last
+ pol/cacep_proto.c
+ pol/cacep_anonymous_auth.c
+ pol/cacep_simple_auth.c
)
add_library(ouroboros SHARED ${SOURCE_FILES} ${IRM_PROTO_SRCS}
- ${IPCP_PROTO_SRCS} ${DIF_CONFIG_PROTO_SRCS}
- ${CDAP_PROTO_SRCS} ${CACEP_PROTO_SRCS} ${RO_PROTO_SRCS})
+ ${IPCP_PROTO_SRCS} ${DIF_CONFIG_PROTO_SRCS} ${CDAP_PROTO_SRCS}
+ ${CACEP_PROTO_PROTO_SRCS} ${CACEP_ANONYMOUS_AUTH_PROTO_SRCS}
+ ${CACEP_SIMPLE_AUTH_PROTO_SRCS} ${RO_PROTO_SRCS})
target_link_libraries(ouroboros ${LIBRT_LIBRARIES}
${LIBPTHREAD_LIBRARIES} ${PROTOBUF_C_LIBRARY})
diff --git a/src/lib/cacep.c b/src/lib/cacep.c
index 00557444..92c028af 100644
--- a/src/lib/cacep.c
+++ b/src/lib/cacep.c
@@ -20,152 +20,87 @@
* 02110-1301 USA
*/
+#define OUROBOROS_PREFIX "cacep"
+
#include <ouroboros/config.h>
#include <ouroboros/cacep.h>
#include <ouroboros/dev.h>
#include <ouroboros/errno.h>
+#include <ouroboros/logs.h>
+
+#include <pol/cacep_anonymous_auth.h>
+#include <pol/cacep_simple_auth.h>
#include <stdlib.h>
#include <string.h>
-#include "cacep.pb-c.h"
-typedef Cacep cacep_t;
-
#define BUF_SIZE 2048
-struct cacep {
- int fd;
- char * name;
- uint64_t address;
-};
-
-struct cacep * cacep_create(int fd,
- const char * name,
- uint64_t address)
+int cacep_info_init(struct cacep_info * info)
{
- struct cacep * tmp;
+ if (info == NULL)
+ return -EINVAL;
- tmp = malloc(sizeof(*tmp));
- if (tmp == NULL)
- return NULL;
+ info->proto.protocol = NULL;
+ info->name = NULL;
+ info->data = NULL;
- tmp->fd = fd;
- tmp->address = address;
- tmp->name = strdup(name);
- if (tmp->name == NULL) {
- free(tmp);
- return NULL;
- }
-
- return tmp;
+ return 0;
}
-int cacep_destroy(struct cacep * instance)
+void cacep_info_fini(struct cacep_info * info)
{
- if (instance == NULL)
- return 0;
-
- free(instance->name);
- free(instance);
-
- return 0;
+ if (info->proto.protocol != NULL)
+ free(info->proto.protocol);
+ if (info->name != NULL)
+ free(info->name);
+ if (info->data != NULL)
+ free(info->data);
+
+ info->name = NULL;
+ info->data = NULL;
}
-static struct cacep_info * read_msg(struct cacep * instance)
+struct cacep_info * cacep_auth(int fd,
+ enum pol_cacep pc,
+ const struct cacep_info * info)
{
- struct cacep_info * tmp;
- uint8_t buf[BUF_SIZE];
- cacep_t * msg;
- ssize_t len;
-
- len = flow_read(instance->fd, buf, BUF_SIZE);
- if (len < 0)
- return NULL;
-
- msg = cacep__unpack(NULL, len, buf);
- if (msg == NULL)
- return NULL;
-
- tmp = malloc(sizeof(*tmp));
- if (tmp == NULL) {
- cacep__free_unpacked(msg, NULL);
+ if (info == NULL) {
+ log_err("No info provided.");
return NULL;
}
- tmp->addr = msg->address;
- tmp->name = strdup(msg->name);
- if (tmp->name == NULL) {
- free(tmp);
- cacep__free_unpacked(msg, NULL);
+ switch (pc) {
+ case ANONYMOUS_AUTH:
+ return cacep_anonymous_auth(fd, info);
+ case SIMPLE_AUTH:
+ if (info == NULL)
+ return NULL;
+ return cacep_simple_auth_auth(fd, info);
+ default:
+ log_err("Unsupported CACEP policy.");
return NULL;
}
-
- cacep__free_unpacked(msg, NULL);
-
- return tmp;
-}
-
-static int send_msg(struct cacep * instance)
-{
- cacep_t msg = CACEP__INIT;
- int ret = 0;
- uint8_t * data = NULL;
- size_t len = 0;
-
- msg.name = instance->name;
- msg.address = instance->address;
-
- len = cacep__get_packed_size(&msg);
- if (len == 0)
- return -1;
-
- data = malloc(len);
- if (data == NULL)
- return -ENOMEM;
-
- cacep__pack(&msg, data);
-
- if (flow_write(instance->fd, data, len) < 0)
- ret = -1;
-
- free(data);
-
- return ret;
-}
-
-struct cacep_info * cacep_auth(struct cacep * instance)
-{
- struct cacep_info * tmp;
-
- if (instance == NULL)
- return NULL;
-
- if (send_msg(instance))
- return NULL;
-
- tmp = read_msg(instance);
- if (tmp == NULL)
- return NULL;
-
- return tmp;
}
-struct cacep_info * cacep_auth_wait(struct cacep * instance)
+struct cacep_info * cacep_auth_wait(int fd,
+ enum pol_cacep pc,
+ const struct cacep_info * info)
{
- struct cacep_info * tmp;
-
- if (instance == NULL)
- return NULL;
-
- tmp = read_msg(instance);
- if (tmp == NULL)
+ if (info == NULL) {
+ log_err("No info provided.");
return NULL;
+ }
- if (send_msg(instance)) {
- free(tmp->name);
- free(tmp);
+ switch (pc) {
+ case ANONYMOUS_AUTH:
+ return cacep_anonymous_auth_wait(fd, info);
+ case SIMPLE_AUTH:
+ if (info == NULL)
+ return NULL;
+ return cacep_simple_auth_auth_wait(fd, info);
+ default:
+ log_err("Unsupported CACEP policy.");
return NULL;
}
-
- return tmp;
}
diff --git a/src/lib/cdap_req.c b/src/lib/cdap_req.c
index 2f55b107..810ec9bf 100644
--- a/src/lib/cdap_req.c
+++ b/src/lib/cdap_req.c
@@ -65,17 +65,21 @@ void cdap_req_destroy(struct cdap_req * creq)
pthread_mutex_lock(&creq->lock);
- if (creq->state == REQ_DESTROY) {
+ switch(creq->state) {
+ case REQ_DESTROY:
pthread_mutex_unlock(&creq->lock);
return;
- }
-
- if (creq->state == REQ_INIT)
+ case REQ_INIT:
creq->state = REQ_NULL;
-
- if (creq->state == REQ_PENDING) {
+ pthread_cond_broadcast(&creq->cond);
+ break;
+ case REQ_PENDING:
+ case REQ_RESPONSE:
creq->state = REQ_DESTROY;
pthread_cond_broadcast(&creq->cond);
+ break;
+ default:
+ break;
}
while (creq->state != REQ_NULL)
@@ -110,21 +114,25 @@ int cdap_req_wait(struct cdap_req * creq)
creq->state = REQ_PENDING;
pthread_cond_broadcast(&creq->cond);
- while (creq->state == REQ_PENDING) {
+ while (creq->state == REQ_PENDING && ret != -ETIMEDOUT)
ret = -pthread_cond_timedwait(&creq->cond,
&creq->lock,
&abstime);
- if (ret == -ETIMEDOUT)
- break;
- }
- if (creq->state == REQ_DESTROY) {
+ switch(creq->state) {
+ case REQ_DESTROY:
ret = -1;
+ case REQ_PENDING:
creq->state = REQ_NULL;
pthread_cond_broadcast(&creq->cond);
- } else {
+ break;
+ case REQ_RESPONSE:
creq->state = REQ_DONE;
pthread_cond_broadcast(&creq->cond);
+ break;
+ default:
+ assert(false);
+ break;
}
pthread_mutex_unlock(&creq->lock);
diff --git a/src/lib/pol/cacep_anonymous_auth.c b/src/lib/pol/cacep_anonymous_auth.c
new file mode 100644
index 00000000..1fcc730a
--- /dev/null
+++ b/src/lib/pol/cacep_anonymous_auth.c
@@ -0,0 +1,205 @@
+/*
+ * Ouroboros - Copyright (C) 2016 - 2017
+ *
+ * Anonymous policy for CACEP
+ *
+ * Dimitri Staessens <[email protected]>
+ * Sander Vrijders <[email protected]>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * version 2.1 as published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301 USA
+ */
+
+#include <ouroboros/config.h>
+#include <ouroboros/cacep.h>
+#include <ouroboros/time_utils.h>
+#include <ouroboros/dev.h>
+#include <ouroboros/errno.h>
+
+#include "cacep_proto.h"
+#include "cacep_anonymous_auth.h"
+
+#include <stdlib.h>
+#include <math.h>
+#include <string.h>
+#include <stdio.h>
+
+#include "cacep_anonymous_auth.pb-c.h"
+typedef CacepAnonymousAuthMsg cacep_anonymous_auth_msg_t;
+typedef CacepProtoMsg cacep_proto_msg_t;
+
+#define BUF_SIZE 2048
+#define NAME_LEN 8
+
+/* this policy generates a hex string */
+static struct cacep_info * anonymous_info(void)
+{
+ struct cacep_info * info;
+ struct timespec t;
+
+ info = malloc(sizeof(*info));
+ if (info == NULL)
+ return NULL;
+
+ cacep_info_init(info);
+
+ info->name = malloc(NAME_LEN + 1);
+ if (info->name == NULL) {
+ free(info);
+ return NULL;
+ }
+
+ clock_gettime(CLOCK_REALTIME, &t);
+ srand(t.tv_nsec);
+
+ sprintf(info->name, "%8x",
+ (uint32_t)((rand() % RAND_MAX) & 0xFFFFFFFF));
+
+ info->addr = 0;
+
+ return info;
+}
+
+static struct cacep_info * read_msg(int fd)
+{
+ struct cacep_info * tmp;
+ uint8_t buf[BUF_SIZE];
+ cacep_anonymous_auth_msg_t * msg;
+ ssize_t len;
+
+ len = flow_read(fd, buf, BUF_SIZE);
+ if (len < 0)
+ return NULL;
+
+ msg = cacep_anonymous_auth_msg__unpack(NULL, len, buf);
+ if (msg == NULL)
+ return NULL;
+
+ tmp = anonymous_info();
+ if (tmp == NULL) {
+ cacep_anonymous_auth_msg__free_unpacked(msg, NULL);
+ return NULL;
+ }
+
+ tmp->proto.protocol = strdup(msg->proto->protocol);
+ if (tmp->proto.protocol == NULL) {
+ free(tmp);
+ cacep_anonymous_auth_msg__free_unpacked(msg, NULL);
+ return NULL;
+ }
+
+ tmp->proto.pref_version = msg->proto->pref_version;
+ tmp->proto.pref_syntax = code_to_syntax(msg->proto->pref_syntax);
+ if (tmp->proto.pref_syntax < 0) {
+ free(tmp->proto.protocol);
+ free(tmp);
+ cacep_anonymous_auth_msg__free_unpacked(msg, NULL);
+ return NULL;
+ }
+
+ cacep_anonymous_auth_msg__free_unpacked(msg, NULL);
+
+ return tmp;
+}
+
+static int send_msg(int fd,
+ const struct cacep_info * info)
+{
+ cacep_anonymous_auth_msg_t msg = CACEP_ANONYMOUS_AUTH_MSG__INIT;
+ cacep_proto_msg_t cmsg = CACEP_PROTO_MSG__INIT;
+ int ret = 0;
+ uint8_t * data = NULL;
+ size_t len = 0;
+
+ cmsg.protocol = info->proto.protocol;
+ cmsg.pref_version = info->proto.pref_version;
+ cmsg.pref_syntax = syntax_to_code(info->proto.pref_syntax);
+ if (cmsg.pref_syntax < 0)
+ return -1;
+
+ msg.proto = &cmsg;
+
+ len = cacep_anonymous_auth_msg__get_packed_size(&msg);
+ if (len == 0)
+ return -1;
+
+ data = malloc(len);
+ if (data == NULL)
+ return -ENOMEM;
+
+ cacep_anonymous_auth_msg__pack(&msg, data);
+
+ if (flow_write(fd, data, len) < 0)
+ ret = -1;
+
+ free(data);
+
+ return ret;
+}
+
+struct cacep_info * cacep_anonymous_auth(int fd,
+ const struct cacep_info * info)
+{
+ struct cacep_info * tmp;
+
+ assert(info);
+
+ if (send_msg(fd, info))
+ return NULL;
+
+ tmp = read_msg(fd);
+ if (tmp == NULL)
+ return NULL;
+
+ if (strcmp(info->proto.protocol, tmp->proto.protocol) ||
+ info->proto.pref_version != tmp->proto.pref_version ||
+ info->proto.pref_syntax != tmp->proto.pref_syntax) {
+ cacep_info_fini(tmp);
+ free(tmp);
+ return NULL;
+ }
+
+ tmp->data = NULL;
+
+ return tmp;
+}
+
+
+struct cacep_info * cacep_anonymous_auth_wait(int fd,
+ const struct cacep_info * info)
+{
+ struct cacep_info * tmp;
+
+ assert(info);
+
+ tmp = read_msg(fd);
+ if (tmp == NULL)
+ return NULL;
+
+ if (send_msg(fd, info)) {
+ cacep_info_fini(tmp);
+ free(tmp);
+ return NULL;
+ }
+
+ if (strcmp(info->proto.protocol, tmp->proto.protocol) ||
+ info->proto.pref_version != tmp->proto.pref_version ||
+ info->proto.pref_syntax != tmp->proto.pref_syntax) {
+ cacep_info_fini(tmp);
+ free(tmp);
+ return NULL;
+ }
+
+ return tmp;
+}
diff --git a/src/lib/pol/cacep_anonymous_auth.h b/src/lib/pol/cacep_anonymous_auth.h
new file mode 100644
index 00000000..d0229b05
--- /dev/null
+++ b/src/lib/pol/cacep_anonymous_auth.h
@@ -0,0 +1,33 @@
+/*
+ * Ouroboros - Copyright (C) 2016 - 2017
+ *
+ * Anonymous policy for CACEP
+ *
+ * Dimitri Staessens <[email protected]>
+ * Sander Vrijders <[email protected]>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * version 2.1 as published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301 USA
+ */
+
+#ifndef OUROBOROS_LIB_CACEP_ANONYMOUS_AUTH_H
+#define OUROBOROS_LIB_CACEP_ANONYMOUS_AUTH_H
+
+struct cacep_info * cacep_anonymous_auth(int fd,
+ const struct cacep_info * info);
+
+struct cacep_info * cacep_anonymous_auth_wait(int fd,
+ const struct cacep_info * info);
+
+#endif /* OUROBOROS_LIB_CACEP_ANONYMOUS_AUTH_H */
diff --git a/src/lib/cacep.proto b/src/lib/pol/cacep_anonymous_auth.proto
index 603b095d..79734e28 100644
--- a/src/lib/cacep.proto
+++ b/src/lib/pol/cacep_anonymous_auth.proto
@@ -1,10 +1,10 @@
/*
* Ouroboros - Copyright (C) 2016 - 2017
*
- * CACEP message
+ * Message for no authentication CACEP policy
*
- * Dimitri Staessens <[email protected]>
- * Sander Vrijders <[email protected]>
+ * Dimitri Staessens <[email protected]>
+ * Sander Vrijders <[email protected]>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public License
@@ -23,7 +23,8 @@
syntax = "proto2";
-message cacep {
- required string name = 1;
- required uint64 address = 2;
-}
+import "cacep_proto.proto";
+
+message cacep_anonymous_auth_msg {
+ required cacep_proto_msg proto = 1;
+} \ No newline at end of file
diff --git a/src/lib/pol/cacep_proto.c b/src/lib/pol/cacep_proto.c
new file mode 100644
index 00000000..9990a05a
--- /dev/null
+++ b/src/lib/pol/cacep_proto.c
@@ -0,0 +1,52 @@
+/*
+ * Ouroboros - Copyright (C) 2016 - 2017
+ *
+ * CACEP - Read/Write Protocol info
+ *
+ * Sander Vrijders <[email protected]>
+ * Dimitri Staessens <[email protected]>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * version 2.1 as published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301 USA
+ */
+
+#include "cacep_proto.h"
+
+enum proto_concrete_syntax code_to_syntax(int code)
+{
+ switch(code) {
+ case PROTO_CONCRETE_SYNTAX_CODE__GPB:
+ return PROTO_GPB;
+ case PROTO_CONCRETE_SYNTAX_CODE__ASN_1:
+ return PROTO_ASN_1;
+ case PROTO_CONCRETE_SYNTAX_CODE__FIXED:
+ return PROTO_FIXED;
+ default:
+ return -1;
+ }
+}
+
+int syntax_to_code(enum proto_concrete_syntax stx)
+{
+ switch(stx) {
+ case PROTO_GPB:
+ return PROTO_CONCRETE_SYNTAX_CODE__GPB;
+ case PROTO_ASN_1:
+ return PROTO_CONCRETE_SYNTAX_CODE__ASN_1;
+ case PROTO_FIXED:
+ return PROTO_CONCRETE_SYNTAX_CODE__FIXED;
+ default:
+ return -1;
+ }
+}
diff --git a/src/lib/pol/cacep_proto.h b/src/lib/pol/cacep_proto.h
new file mode 100644
index 00000000..bfb1b247
--- /dev/null
+++ b/src/lib/pol/cacep_proto.h
@@ -0,0 +1,36 @@
+/*
+ * Ouroboros - Copyright (C) 2016 - 2017
+ *
+ * CACEP - Convert syntax to msg code and back
+ *
+ * Sander Vrijders <[email protected]>
+ * Dimitri Staessens <[email protected]>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * version 2.1 as published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301 USA
+ */
+
+#ifndef OUROBOROS_LIB_CACEP_CDAP_H
+#define OUROBOROS_LIB_CACEP_CDAP_H
+
+#include <ouroboros/cacep.h>
+#include <ouroboros/irm_config.h>
+
+#include "cacep_proto.pb-c.h"
+
+enum proto_concrete_syntax code_to_syntax(int code);
+
+int syntax_to_code(enum proto_concrete_syntax stx);
+
+#endif /* OUROBOROS_LIB_CACEP_CDAP_H */
diff --git a/src/lib/pol/cacep_proto.proto b/src/lib/pol/cacep_proto.proto
new file mode 100644
index 00000000..f313bfc1
--- /dev/null
+++ b/src/lib/pol/cacep_proto.proto
@@ -0,0 +1,38 @@
+/*
+ * Ouroboros - Copyright (C) 2016 - 2017
+ *
+ * Message for setting Protocol information in CACEP
+ *
+ * Dimitri Staessens <[email protected]>
+ * Sander Vrijders <[email protected]>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * version 2.1 as published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301 USA
+ */
+
+syntax = "proto2";
+
+enum proto_concrete_syntax_code {
+ GPB = 1;
+ ASN_1 = 2;
+ FIXED = 3;
+}
+
+message cacep_proto_msg {
+ required string protocol = 1;
+ required int32 pref_version = 2;
+ repeated int32 supp_version = 3;
+ required proto_concrete_syntax_code pref_syntax = 4;
+ repeated proto_concrete_syntax_code supp_syntax = 5;
+}
diff --git a/src/lib/pol/cacep_simple_auth.c b/src/lib/pol/cacep_simple_auth.c
new file mode 100644
index 00000000..65c510a2
--- /dev/null
+++ b/src/lib/pol/cacep_simple_auth.c
@@ -0,0 +1,183 @@
+/*
+ * Ouroboros - Copyright (C) 2016 - 2017
+ *
+ * Simple authentication policy for CACEP
+ *
+ * Dimitri Staessens <[email protected]>
+ * Sander Vrijders <[email protected]>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * version 2.1 as published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301 USA
+ */
+
+#include <ouroboros/config.h>
+#include <ouroboros/cacep.h>
+#include <ouroboros/dev.h>
+#include <ouroboros/errno.h>
+
+#include "cacep_proto.h"
+#include "cacep_simple_auth.h"
+
+#include <stdlib.h>
+#include <string.h>
+
+#include "cacep_simple_auth.pb-c.h"
+typedef CacepSimpleAuthMsg cacep_simple_auth_msg_t;
+typedef CacepProtoMsg cacep_proto_msg_t;
+
+#define BUF_SIZE 2048
+
+static struct cacep_info * read_msg(int fd)
+{
+ struct cacep_info * tmp;
+ uint8_t buf[BUF_SIZE];
+ cacep_simple_auth_msg_t * msg;
+ ssize_t len;
+
+ len = flow_read(fd, buf, BUF_SIZE);
+ if (len < 0)
+ return NULL;
+
+ msg = cacep_simple_auth_msg__unpack(NULL, len, buf);
+ if (msg == NULL)
+ return NULL;
+
+ tmp = malloc(sizeof(*tmp));
+ if (tmp == NULL) {
+ cacep_simple_auth_msg__free_unpacked(msg, NULL);
+ return NULL;
+ }
+
+ cacep_info_init(tmp);
+
+ tmp->addr = msg->addr;
+ tmp->name = strdup(msg->name);
+ if (tmp->name == NULL) {
+ free(tmp);
+ cacep_simple_auth_msg__free_unpacked(msg, NULL);
+ return NULL;
+ }
+
+ tmp->proto.protocol = strdup(msg->proto->protocol);
+ if (tmp->proto.protocol == NULL) {
+ free(tmp->name);
+ free(tmp);
+ cacep_simple_auth_msg__free_unpacked(msg, NULL);
+ return NULL;
+ }
+
+ tmp->proto.pref_version = msg->proto->pref_version;
+ tmp->proto.pref_syntax = code_to_syntax(msg->proto->pref_syntax);
+ if (tmp->proto.pref_syntax < 0) {
+ cacep_info_fini(tmp);
+ free(tmp);
+ cacep_simple_auth_msg__free_unpacked(msg, NULL);
+ return NULL;
+ }
+
+ cacep_simple_auth_msg__free_unpacked(msg, NULL);
+
+ return tmp;
+}
+
+static int send_msg(int fd,
+ const struct cacep_info * info)
+{
+ cacep_simple_auth_msg_t msg = CACEP_SIMPLE_AUTH_MSG__INIT;
+ cacep_proto_msg_t cmsg = CACEP_PROTO_MSG__INIT;
+ int ret = 0;
+ uint8_t * data = NULL;
+ size_t len = 0;
+
+ cmsg.protocol = info->proto.protocol;
+ cmsg.pref_version = info->proto.pref_version;
+ cmsg.pref_syntax = syntax_to_code(info->proto.pref_syntax);
+ if (cmsg.pref_syntax < 0)
+ return -1;
+
+ msg.proto = &cmsg;
+ msg.name = info->name;
+ msg.addr = info->addr;
+
+ len = cacep_simple_auth_msg__get_packed_size(&msg);
+ if (len == 0)
+ return -1;
+
+ data = malloc(len);
+ if (data == NULL)
+ return -ENOMEM;
+
+ cacep_simple_auth_msg__pack(&msg, data);
+
+ if (flow_write(fd, data, len) < 0)
+ ret = -1;
+
+ free(data);
+
+ return ret;
+}
+
+struct cacep_info * cacep_simple_auth_auth(int fd,
+ const struct cacep_info * info)
+{
+ struct cacep_info * tmp;
+
+ assert(info);
+
+ if (send_msg(fd, info))
+ return NULL;
+
+ tmp = read_msg(fd);
+ if (tmp == NULL)
+ return NULL;
+
+ if (strcmp(info->proto.protocol, tmp->proto.protocol) ||
+ info->proto.pref_version != tmp->proto.pref_version ||
+ info->proto.pref_syntax != tmp->proto.pref_syntax) {
+ cacep_info_fini(tmp);
+ free(tmp);
+ return NULL;
+ }
+
+ return tmp;
+}
+
+
+struct cacep_info * cacep_simple_auth_auth_wait(int fd,
+ const struct cacep_info * info)
+{
+ struct cacep_info * tmp;
+
+ assert(info);
+
+ tmp = read_msg(fd);
+ if (tmp == NULL)
+ return NULL;
+
+ if (send_msg(fd, info)) {
+ cacep_info_fini(tmp);
+ free(tmp);
+ return NULL;
+ }
+
+ if (strcmp(info->proto.protocol, tmp->proto.protocol) ||
+ info->proto.pref_version != tmp->proto.pref_version ||
+ info->proto.pref_syntax != tmp->proto.pref_syntax) {
+ cacep_info_fini(tmp);
+ free(tmp);
+ return NULL;
+ }
+
+ return tmp;
+}
diff --git a/src/lib/pol/cacep_simple_auth.h b/src/lib/pol/cacep_simple_auth.h
new file mode 100644
index 00000000..bbdbe9b9
--- /dev/null
+++ b/src/lib/pol/cacep_simple_auth.h
@@ -0,0 +1,33 @@
+/*
+ * Ouroboros - Copyright (C) 2016 - 2017
+ *
+ * Simple authentication policy for CACEP
+ *
+ * Dimitri Staessens <[email protected]>
+ * Sander Vrijders <[email protected]>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * version 2.1 as published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301 USA
+ */
+
+#ifndef OUROBOROS_LIB_CACEP_SIMPLE_AUTH_H
+#define OUROBOROS_LIB_CACEP_SIMPLE_AUTH_H
+
+struct cacep_info * cacep_simple_auth_auth(int fd,
+ const struct cacep_info * info);
+
+struct cacep_info * cacep_simple_auth_auth_wait(int fd,
+ const struct cacep_info * info);
+
+#endif /* OUROBOROS_LIB_CACEP_SIMPLE_AUTH_H */
diff --git a/src/lib/pol/cacep_simple_auth.proto b/src/lib/pol/cacep_simple_auth.proto
new file mode 100644
index 00000000..1a1e7ea8
--- /dev/null
+++ b/src/lib/pol/cacep_simple_auth.proto
@@ -0,0 +1,32 @@
+/*
+ * Ouroboros - Copyright (C) 2016 - 2017
+ *
+ * Message for no authentication CACEP policy
+ *
+ * Dimitri Staessens <[email protected]>
+ * Sander Vrijders <[email protected]>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * version 2.1 as published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301 USA
+ */
+
+syntax = "proto2";
+
+import "cacep_proto.proto";
+
+message cacep_simple_auth_msg {
+ required cacep_proto_msg proto = 1;
+ required string name = 2;
+ required uint64 addr = 3;
+}
diff --git a/src/lib/sha3.c b/src/lib/sha3.c
index b2f9de57..212f645a 100644
--- a/src/lib/sha3.c
+++ b/src/lib/sha3.c
@@ -47,7 +47,8 @@
#include "sha3.h"
-#define IS_ALIGNED_64(p) (0 == (7 & ((const char*) (p) - (const char*) 0)))
+#define IS_ALIGNED_64(p) (0 == (7 & ((const uint8_t *) (p) \
+ - (const uint8_t *) 0)))
#define I64(x) x##LL
#define ROTL64(qword, n) ((qword) << (n) ^ ((qword) >> (64 - (n))))
@@ -307,8 +308,9 @@ void rhash_sha3_final(struct sha3_ctx * ctx,
uint8_t * res)
{
size_t digest_length = 100 - ctx->block_size / 2;
- const size_t block_size = ctx->block_size;
- unsigned int i = 0;
+ size_t digest_words = digest_length / sizeof(uint64_t);
+ const size_t block_size = ctx->block_size;
+ size_t i = 0;
if (!(ctx->rest & SHA3_FINALIZED)) {
/* clear the rest of the data queue */
@@ -325,7 +327,7 @@ void rhash_sha3_final(struct sha3_ctx * ctx,
assert(block_size > digest_length);
if (res != NULL) {
- for (i = 0; i < digest_length; i++)
+ for (i = 0; i < digest_words; i++)
ctx->hash[i] = htole64(ctx->hash[i]);
memcpy(res, ctx->hash, digest_length);