diff options
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/crypt.c | 2 | ||||
| -rw-r--r-- | src/lib/crypt/openssl.c | 4 | ||||
| -rw-r--r-- | src/lib/irm.c | 26 | ||||
| -rw-r--r-- | src/lib/pb/irm.proto | 25 | ||||
| -rw-r--r-- | src/lib/pb/model.proto | 8 | ||||
| -rw-r--r-- | src/lib/protobuf.c | 60 | ||||
| -rw-r--r-- | src/lib/tests/auth_test.c | 75 |
7 files changed, 167 insertions, 33 deletions
diff --git a/src/lib/crypt.c b/src/lib/crypt.c index e8c4d5ab..b39a4a73 100644 --- a/src/lib/crypt.c +++ b/src/lib/crypt.c @@ -393,7 +393,7 @@ int auth_add_crt_to_store(struct auth_ctx * ctx, (void) ctx; (void) crt; - return -1; + return 0; #endif } diff --git a/src/lib/crypt/openssl.c b/src/lib/crypt/openssl.c index 1824d879..03662914 100644 --- a/src/lib/crypt/openssl.c +++ b/src/lib/crypt/openssl.c @@ -29,8 +29,6 @@ #include <ouroboros/random.h> #include <ouroboros/utils.h> -#include <assert.h> - #include <openssl/evp.h> #include <openssl/bio.h> #include <openssl/ec.h> @@ -39,6 +37,8 @@ #include <openssl/x509v3.h> #include <openssl/x509_vfy.h> +#include <assert.h> + /* * Derive the common secret from * - your public key pair (kp) diff --git a/src/lib/irm.c b/src/lib/irm.c index d25101f3..8333d0d3 100644 --- a/src/lib/irm.c +++ b/src/lib/irm.c @@ -523,32 +523,23 @@ int irm_unbind_process(pid_t pid, return ret; } -int irm_create_name(const char * name, - enum pol_balance pol) +int irm_create_name(struct name_info * info) { irm_msg_t msg = IRM_MSG__INIT; - name_info_msg_t ni_msg = NAME_INFO_MSG__INIT; irm_msg_t * recv_msg; int ret; - if (name == NULL) + if (info == NULL) return -EINVAL; - msg.code = IRM_MSG_CODE__IRM_CREATE_NAME; - ni_msg.name = (char *) name; - ni_msg.pol_lb = pol; - msg.n_names = 1; - - msg.names = malloc(sizeof(*msg.names)); - if (msg.names == NULL) { - return -ENOMEM; - } - - msg.names[0] = &ni_msg; + msg.code = IRM_MSG_CODE__IRM_CREATE_NAME; + msg.name_info = name_info_s_to_msg(info); + if (msg.name_info == NULL) + goto fail_info_msg; recv_msg = send_recv_irm_msg(&msg); - free(msg.names); + name_info_msg__free_unpacked(msg.name_info, NULL); if (recv_msg == NULL) return -EIRMD; @@ -562,6 +553,9 @@ int irm_create_name(const char * name, irm_msg__free_unpacked(recv_msg, NULL); return ret; + + fail_info_msg: + return -ENOMEM; } int irm_destroy_name(const char * name) diff --git a/src/lib/pb/irm.proto b/src/lib/pb/irm.proto index da3bd982..75f5f350 100644 --- a/src/lib/pb/irm.proto +++ b/src/lib/pb/irm.proto @@ -75,18 +75,19 @@ message irm_msg { optional string name = 4; optional flow_info_msg flow_info = 5; optional ipcp_info_msg ipcp_info = 6; - optional string layer = 7; - repeated string exec = 8; - optional sint32 response = 9; - optional string dst = 10; - optional bytes hash = 11; - optional sint32 flow_id = 12; - optional qosspec_msg qosspec = 13; - optional ipcp_config_msg conf = 14; - optional uint32 opts = 15; - repeated ipcp_list_msg ipcps = 16; - repeated name_info_msg names = 17; - optional timespec_msg timeo = 18; + optional name_info_msg name_info = 7; + optional string layer = 8; + repeated string exec = 9; + optional sint32 response = 10; + optional string dst = 11; + optional bytes hash = 12; + optional sint32 flow_id = 13; + optional qosspec_msg qosspec = 14; + optional ipcp_config_msg conf = 15; + optional uint32 opts = 16; + repeated ipcp_list_msg ipcps = 17; + repeated name_info_msg names = 18; + optional timespec_msg timeo = 19; optional sint32 mpl = 20; optional string comp = 21; optional bytes pk = 22; /* piggyback */ diff --git a/src/lib/pb/model.proto b/src/lib/pb/model.proto index f1e401f9..56337b5b 100644 --- a/src/lib/pb/model.proto +++ b/src/lib/pb/model.proto @@ -44,8 +44,12 @@ message flow_info_msg { } message name_info_msg { - required string name = 1; - required uint32 pol_lb = 2; + required string name = 1; + required uint32 pol_lb = 2; + required string skey = 3; + required string scrt = 4; + required string ckey = 5; + required string ccrt = 6; } message layer_info_msg { diff --git a/src/lib/protobuf.c b/src/lib/protobuf.c index 43ef6ac6..b2a0cb3b 100644 --- a/src/lib/protobuf.c +++ b/src/lib/protobuf.c @@ -106,6 +106,66 @@ struct flow_info flow_info_msg_to_s(const flow_info_msg_t * msg) return s; } +name_info_msg_t * name_info_s_to_msg(const struct name_info * info) +{ + name_info_msg_t * msg; + + assert(info != NULL); + + msg = malloc(sizeof(*msg)); + if (msg == NULL) + goto fail_malloc; + + name_info_msg__init(msg); + + msg->name = strdup(info->name); + if (msg->name == NULL) + goto fail_msg; + + msg->skey = strdup(info->s.key); + if (msg->skey == NULL) + goto fail_msg; + + msg->scrt = strdup(info->s.crt); + if (msg->scrt == NULL) + goto fail_msg; + + msg->ckey = strdup(info->c.key); + if (msg->skey == NULL) + goto fail_msg; + + msg->ccrt = strdup(info->c.crt); + if (msg->ccrt == NULL) + goto fail_msg; + + msg->pol_lb = info->pol_lb; + + return msg; + + fail_msg: + name_info_msg__free_unpacked(msg, NULL); + fail_malloc: + return NULL; +} + +struct name_info name_info_msg_to_s(const name_info_msg_t * msg) +{ + struct name_info s; + + assert(msg != NULL); + assert(strlen(msg->name) <= NAME_SIZE); + + strcpy(s.name, msg->name); + strcpy(s.s.key, msg->skey); + strcpy(s.s.crt, msg->scrt); + strcpy(s.c.key, msg->ckey); + strcpy(s.c.crt, msg->ccrt); + + s.pol_lb = msg->pol_lb; + + return s; +} + layer_info_msg_t * layer_info_s_to_msg(const struct layer_info * s) { layer_info_msg_t * msg; diff --git a/src/lib/tests/auth_test.c b/src/lib/tests/auth_test.c index a5bf931d..ede294b8 100644 --- a/src/lib/tests/auth_test.c +++ b/src/lib/tests/auth_test.c @@ -323,6 +323,45 @@ static int test_crypt_check_pubkey_crt(void) return TEST_RC_FAIL; } +static int test_store_add(void) +{ + struct auth_ctx * ctx; + void * _root_ca_crt; + + TEST_START(); + + ctx = auth_create_ctx(); + if (ctx == NULL) { + printf("Failed to create auth context.\n"); + goto fail_create; + } + + if (crypt_load_crt_str(root_ca_crt, &_root_ca_crt) < 0) { + printf("Failed to load root crt from string.\n"); + goto fail_load; + } + + if (auth_add_crt_to_store(ctx, _root_ca_crt) < 0) { + printf("Failed to add root crt to auth store.\n"); + goto fail_add; + } + + crypt_free_crt(_root_ca_crt); + auth_destroy_ctx(ctx); + + TEST_SUCCESS(); + + return TEST_RC_SUCCESS; + + fail_add: + crypt_free_crt(_root_ca_crt); + fail_load: + crypt_free_crt(_root_ca_crt); + fail_create: + TEST_FAIL(); + return TEST_RC_FAIL; +} + static int test_verify_crt(void) { struct auth_ctx * auth; @@ -532,6 +571,38 @@ int test_auth_bad_signature(void) return TEST_RC_FAIL; } +int test_crt_str(void) +{ + char str[2295]; + void * crt; + + TEST_START(); + + if (crypt_load_crt_str(signed_server_crt, &crt) < 0) { + printf("Failed to load certificate from string.\n"); + goto fail_load; + } + + if (crypt_crt_str(crt, str) < 0) { + printf("Failed to convert certificate to string.\n"); + goto fail_to_str; + } + + printf("Certificate string:\n%s\n", str); + + crypt_free_crt(crt); + + TEST_SUCCESS(); + + return TEST_RC_SUCCESS; + + fail_to_str: + crypt_free_crt(crt); + fail_load: + TEST_FAIL(); + return TEST_RC_FAIL; +} + int auth_test(int argc, char ** argv) { @@ -548,9 +619,11 @@ int auth_test(int argc, ret |= test_load_free_privkey(); ret |= test_load_free_pubkey(); ret |= test_crypt_check_pubkey_crt(); + ret |= test_store_add(); ret |= test_verify_crt(); ret |= test_auth_sign(); ret |= test_auth_bad_signature(); + ret |= test_crt_str(); #else (void) test_load_free_crt; (void) test_check_crt_name; @@ -558,9 +631,11 @@ int auth_test(int argc, (void) test_load_free_privkey; (void) test_load_free_pubkey; (void) test_crypt_check_pubkey_crt; + (void) test_store_add; (void) test_verify_crt; (void) test_auth_sign; (void) test_auth_bad_signature; + (void) test_crt_str; ret = TEST_RC_SKIP; #endif |