wild
/
openhip-reference
mirror of https://bitbucket.org/openhip/openhip/
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'hipv2_orchid_cshake2' into hipv2

This commit is contained in:
Simon Wrede 2020-11-30 15:46:31 +01:00
parent b2411d93b2
commit 199bb65671
8 changed files with 323 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/include/hip/hip_funcs.h
View File

@ -67,19 +67,22 @@
#define LSI_PREFIX ((((struct sockaddr_in *) \
(&HCNF.lsi_prefix))->sin_addr.s_addr))
#define IS_LSI32(a) ((a & htonl(0xFF000000L)) == LSI_PREFIX)
#ifdef __WIN32__
#define IN6_ARE_ADDR_EQUAL IN6_ADDR_EQUAL
#define IS_HIT(x) (((ntohs(((struct in6_addr*)x)->s6_words[0]) & 0xFFFF) \
== ((HIT_PREFIX_32BITS >> 4) & 0xFFFF)) && \
#define IS_HIT_P(x, p) (((ntohs(((struct in6_addr*)x)->s6_words[0]) & 0xFFFF) \
== ((p >> 4) & 0xFFFF)) && \
((ntohs(((struct in6_addr*)x)->s6_words[1]) & 0xFFF0) \
== ((HIT_PREFIX_32BITS & 0xFFFF))))
== ((p & 0xFFFF))))
#elif defined (__MACOSX__)
#define IS_HIT(x) ((ntohl(((struct in6_addr*)x)->__u6_addr.__u6_addr32[0]) \
& 0xFFFFFFF0L) == HIT_PREFIX_32BITS)
#define IS_HIT_P(x, p) ((ntohl(((struct in6_addr*)x)->__u6_addr.__u6_addr32[0]) \
& 0xFFFFFFF0L) == p)
#else /* Linux */
#define IS_HIT(x) ((ntohl(((struct in6_addr*)x)->s6_addr32[0]) & 0xFFFFFFF0L) \
== HIT_PREFIX_32BITS)
#define IS_HIT_P(x, p) ((ntohl(((struct in6_addr*)x)->s6_addr32[0]) & 0xFFFFFFF0L) \
== p)
#endif
#define IS_HIT(x) (IS_HIT_P(x, HIT_PREFIX_32BITS) || IS_HIT_P(x, HHIT_PREFIX_32BITS))
#define SA2IP6(x) (&((struct sockaddr_in6*)x)->sin6_addr)
#define IS_LSI(a) ((((struct sockaddr*)a)->sa_family == AF_INET) ? \

13
src/include/hip/hip_proto.h
View File

@ -3,17 +3,17 @@
/*
* Host Identity Protocol
* Copyright (c) 2002-2012 the Boeing Company
*
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
@ -228,6 +228,11 @@ typedef enum {
HI_ALG_ECDSA_LOW = 9,
HI_ALG_EDDSA = 13,
} HI_ALGORITHMS;
typedef enum {
HI_INFO_EMPTY = 0,
HI_INFO_HHIT = 1
} HI_INFO_TYPES;
#define HI_INFOSTR(a) ((a == HI_INFO_EMPTY) ? "NO_INFO" : (a == HI_INFO_HHIT) ? "HHIT" : "UNKNOWN")
#define HIP_RSA_DFT_EXP RSA_F4 /* 0x10001L = 65537; 3 and 17 are also common */
#define HI_TYPESTR(a) ((a == HI_ALG_DSA) ? "DSA" : \
(a == HI_ALG_RSA) ? "RSA" : \
@ -378,5 +383,3 @@ typedef enum {
} HIP_REGTYPES;
#endif /* !_HIP_PROTO_H_ */

8
src/include/hip/hip_types.h
View File

@ -223,6 +223,8 @@ typedef enum {
#define HIT_SIZE 16
/* The below prefix applies to the uppermost 28 bits only (RFC 7343) */
#define HIT_PREFIX_32BITS 0x20010020
// TODO: Get real prefix assigned by IANA
#define HHIT_PREFIX_32BITS 0x20010030
/* convert lower 24-bits of HIT to LSI */
#define HIT2LSI(a) (ntohl((((struct sockaddr_in *)(&HCNF.lsi_prefix))->sin_addr.s_addr)) | \
((a[HIT_SIZE - 3] << 16) + \
@ -371,8 +373,8 @@ typedef struct _hip_assoc {
struct rekey_info *peer_rekey; /* peer's REKEY data from UPDATE */
struct _tlv_from *from_via; /* including FROM in I1 or VIA RVS in R1 */
struct multihoming_info *mh; /* state for loss multihoming */
unsigned char locators_hash[MD5_HASH_LENGTH]; /* md5 hash of last sent locatorset,
used to check for update duplicates */
unsigned char locators_hash[MD5_HASH_LENGTH]; /* md5 hash of last sent locatorset,
used to check for update duplicates */
/* Other crypto */
__u16 hip_cipher;
__u16 hip_transform;
@ -506,6 +508,8 @@ typedef struct _hi_node {
char anonymous;
char allow_incoming;
char skip_addrcheck;
char info_id;
char info[4];
char name[MAX_HI_NAMESIZE];
int name_len; /* use this instead of strlen() */
char hit_suite_id;

13
src/protocol/hip_globals.c
View File

@ -3,17 +3,17 @@
/*
* Host Identity Protocol
* Copyright (c) 2002-2012 the Boeing Company
*
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
@ -238,7 +238,7 @@ const unsigned int ECDSA_curve_PARAM_SIZE[ECDSA_MAX] = {
};
const unsigned int ECDSA_low_curve_nid[2] = {
0,
0,
NID_secp160r1
};
@ -248,3 +248,8 @@ const unsigned char khi_context_id[16] = {
0xf0, 0xef, 0xf0, 0x2f, 0xbf, 0xf4, 0x3d, 0x0f,
0xe7, 0x93, 0x0c, 0x3c, 0x6e, 0x61, 0x74, 0xea
};
const unsigned char hhit_context_id[16] = {
0x00, 0xB5, 0xA6, 0x9C, 0x79, 0x5D, 0xF5, 0xD5,
0xF0, 0x08, 0x7F, 0x56, 0x84, 0x3F, 0x2C, 0x40
};

224
src/util/hip_util.c
View File

@ -88,6 +88,8 @@
#include <openssl/pem.h>
#include "XKCP/SimpleFIPS202.h"
#include "XKCP/SP800-185.h"
#ifndef HITGEN
/*
@ -498,7 +500,7 @@ int key_data_to_hi(const __u8 *data, __u8 alg, int hi_length, __u8 di_type,
return(-1);
}
break;
}
}
default:
log_(WARN, "Invalid HI type in RDATA: %u\n", alg);
if (!OPT.permissive)
@ -2256,7 +2258,7 @@ int khi_expand(__u8 *in, __u8 *out, int len)
int khi_encode_n(__u8 *in, int len, __u8 *out, int n)
{
BIGNUM *a;
int m = ((SHA256_DIGEST_LENGTH * 8) - n) / 2;
int m = ((len * 8) - n) / 2;
/*
* take middle n bits of a number:
*
@ -2337,12 +2339,12 @@ int khi_hi_input(hi_node *hi, __u8 *out)
size_t public_key_hex_size = EC_POINT_point2oct(ec_group, ec_point,
POINT_CONVERSION_UNCOMPRESSED,
NULL, 0, bn_ctx);
EC_POINT_point2oct(ec_group, ec_point,
POINT_CONVERSION_UNCOMPRESSED,
&out[location], public_key_hex_size,
bn_ctx);
BN_CTX_free(bn_ctx);
BN_CTX_free(bn_ctx);
break;
}
case HI_ALG_EDDSA:
@ -2365,6 +2367,52 @@ int khi_hi_input(hi_node *hi, __u8 *out)
return(0);
}
void buf_rshift(uint8_t *buf, int size, uint8_t n) {
uint8_t mask = ~(0xFF << n);
uint8_t m = 8 - n;
uint8_t carry = 0;
for (int i = 0; i < size; i++) {
uint8_t next = (buf[i] >> n) | carry;
carry = (buf[i] & mask) << m;
buf[i] = next;
}
}
/*
* Append "n_bits" bits from buffer "src" into buffer "dest" at bit offset
* "bit_offset".
* IMPORTANT: n_bits > 0
*
* Note that the unused bits in the last byte will be zero.
*/
void buf_append_bits(uint8_t *dest, int bit_offset, uint8_t *src, int n_bits) {
dest += bit_offset / 8;
bit_offset %= 8;
if (8 - bit_offset >= n_bits) {
uint8_t byte = *src & ~(0xFF >> n_bits);
byte >>= bit_offset;
dest[0] &= ~(0xFF >> bit_offset);
dest[0] |= byte;
} else {
int extra_bits = n_bits % 8;
int bytes = n_bits / 8;
if (extra_bits != 0) {
bytes++;
}
uint8_t temp[bytes + 1];
memcpy(temp, src, bytes);
temp[bytes] = 0;
if (extra_bits != 0) {
temp[bytes - 1] &= ~(0xFF >> extra_bits);
}
buf_rshift(temp, bytes + 1, bit_offset);
uint8_t byte = *dest & ~(0xFF >> bit_offset);
temp[0] |= byte;
memcpy(dest, temp, bytes + 1);
}
}
/*
* function hi_to_hit()
*
@ -2373,13 +2421,13 @@ int khi_hi_input(hi_node *hi, __u8 *out)
*
* out: Returns 0 if successful, -1 on error.
*
* Converts the Host Identity to a
* Converts the Host Identity to a
* Type 1 SHA-256 HIT.
* Type 2 SHA-384 HIT
* Type 3 SHA-1 HIT
*
*/
int hi_to_hit(hi_node *hi, hip_hit hit, int type)
int hi_to_flat_hit(hi_node *hi, hip_hit hit, int type)
{
//printf("Running hi_to_hit with hit: %s with type = %d", hit, type);
int len, hash_len;
@ -2496,12 +2544,12 @@ int hi_to_hit(hi_node *hi, hip_hit hit, int type)
SHA1_Final(hash, &sha1_ctx);
hash_len = SHA_DIGEST_LENGTH;
break;
case HIT_SUITE_4BIT_EDDSA_CSHAKE128: // TODO: Change this when draft-moskowitz-orchid-cshake-01 is implemented
SHAKE128(hash, SHA256_DIGEST_LENGTH, data, len);
hash_len = SHA256_DIGEST_LENGTH;
case HIT_SUITE_4BIT_EDDSA_CSHAKE128:
hash_len = 96 / 8;
cSHAKE128(data, len*8, hash, hash_len*8, (unsigned char*)"", 8, khi_context_id, sizeof(khi_context_id) * 8);
break;
default:
log_(WARN, "hi_to_hit(): invalid hit_suit (%d)\n",
log_(WARN, "hi_to_hit(): invalid hit_suite (%d)\n",
type);
return(-1);
}
@ -2511,13 +2559,154 @@ int hi_to_hit(hi_node *hi, hip_hit hit, int type)
*/
prefix = htonl(HIT_PREFIX_32BITS);
memcpy(&hit[0], &prefix, 4); /* 28-bit prefix */
khi_encode_n(hash, hash_len, &hit[4], 96 );
khi_encode_n(hash, hash_len, &hit[4], 96);
/* lower 96 bits of HIT */
hit[3] |= (0x0F & type); /* fixup the 4th byte to contain hit_suite_id (also known as OGA-ID) */
free(data);
return(0);
}
int hi_to_hhit(hi_node *hi, hip_hit hit, int type) {
printf("\nGenerating HHIT with info: '%c%c%c%c'\n", hi->info[0], hi->info[1], hi->info[2], hi->info[3]);
int len, hash_len;
int info_len = 32;
__u8 *data = NULL;
SHA_CTX sha1_ctx;
SHA256_CTX sha256_ctx;
SHA512_CTX sha512_ctx;
unsigned char hash[SHA512_DIGEST_LENGTH];
__u32 prefix;
const BIGNUM *rsa_e;
/* calculate lengths and validate HIs */
switch (hi->algorithm_id) {
case HI_ALG_DSA: /* RFC 2536 */
if (!hi->dsa) {
log_(WARN, "hi_to_hit(): NULL dsa\n");
return (-1);
}
len = 1 + DSA_PRIV + (3 * hi->size);
break;
case HI_ALG_RSA: /* RFC 3110 */
if (!hi->rsa) {
log_(WARN, "hi_to_hit(): NULL rsa\n");
return (-1);
}
RSA_get0_key(hi->rsa, NULL, &rsa_e, NULL);
len = BN_num_bytes(rsa_e) + RSA_size(hi->rsa);
if (BN_num_bytes(rsa_e) > 255) {
len += 3;
} else {
len++;
}
break;
case HI_ALG_ECDSA: /* RFC 4754 */
if (!hi->ecdsa) {
log_(WARN, "hi_to_hit(): NULL ecdsa\n");
return (-1);
}
len = 2; // Two bytes for the curv_name
// Get key length and add to len
const EC_GROUP *ec_group = EC_KEY_get0_group(hi->ecdsa);
const EC_POINT *ec_point = EC_KEY_get0_public_key(hi->ecdsa);
len += EC_POINT_point2oct(ec_group, ec_point,
POINT_CONVERSION_UNCOMPRESSED, NULL, 0, 0);
break;
default:
log_(WARN, "hi_to_hit(): invalid algorithm (%d)\n", hi->algorithm_id);
return (-1);
}
len += sizeof(HHIT_PREFIX_32BITS) + 1 + (info_len/8);
/*
* Prepare hash input
* input = Prefix | OGA ID | Additional Information | HOST_ID (pub key)
*/
data = malloc(len);
if (!data) {
log_(WARN, "hi_to_hit(): malloc(%d) error\n", len);
return (-1);
}
prefix = htonl(HHIT_PREFIX_32BITS);
uint8_t type_8 = (uint8_t)type;
memcpy(&data[0], &prefix, sizeof(HHIT_PREFIX_32BITS)); //Insert prefix into data
memcpy(&data[4], &type_8, 1); //Insert ODA ID into data
memcpy(&data[5], hi->info, info_len/8); //Insert additional data into data
khi_hi_input(hi, &data[sizeof(HHIT_PREFIX_32BITS)+ 1 + (info_len/8)]);
/* Compute the hash */
switch (type) {
case HIT_SUITE_4BIT_RSA_DSA_SHA256:
SHA256_Init(&sha256_ctx);
SHA256_Update(&sha256_ctx, data, len);
SHA256_Final(hash, &sha256_ctx);
hash_len = SHA256_DIGEST_LENGTH;
break;
case HIT_SUITE_4BIT_ECDSA_SHA384:
SHA384_Init(&sha512_ctx);
SHA384_Update(&sha512_ctx, data, len);
SHA384_Final(hash, &sha512_ctx);
hash_len = SHA384_DIGEST_LENGTH;
break;
case HIT_SUITE_4BIT_ECDSA_LOW_SHA1:
SHA1_Init(&sha1_ctx);
SHA1_Update(&sha1_ctx, data, len);
SHA1_Final(hash, &sha1_ctx);
hash_len = SHA_DIGEST_LENGTH;
break;
case HIT_SUITE_4BIT_EDDSA_CSHAKE128:
hash_len = (96 - info_len)/8;
cSHAKE128(data, len * 8, hash, hash_len*8, (unsigned char*)"", 8, khi_context_id,
sizeof(khi_context_id) * 8);
break;
default:
SHA256_Init(&sha256_ctx);
SHA256_Update(&sha256_ctx, data, len);
SHA256_Final(hash, &sha256_ctx);
hash_len = SHA256_DIGEST_LENGTH;
}
/* KHI = Prefix | OGA ID | Info(n) | Hash(m) */
prefix = htonl(HHIT_PREFIX_32BITS);
memcpy(&hit[0], &prefix, 4); /* 28-bit prefix */
/* lower 96 bits of HIT */
memcpy(&hit[4], &hi->info, (info_len / 8)); /* Info field */
// Take middle 96 bits
khi_encode_n(hash, hash_len, hash, (96 - info_len));
/* Calculate where to place hash in HIT */
int append_length = 96 - info_len;
if (append_length > 0) {
buf_append_bits(&hit[4], info_len, hash, append_length);
}
hit[3] |= (0x0F & hi->hit_suite_id); /* fixup the 4th byte to contain
hit_suite_id (also known as OGA-ID) */
free(data);
return (0);
}
int hi_to_hit(hi_node *hi, hip_hit hit, int type) {
//printf("Running hi_to_hit with hit: %s with type = %d", hit, type);
if (!hi) {
log_(WARN, "hi_to_hit(): NULL hi\n");
return (-1);
}
switch (hi->info_id){
case HI_INFO_EMPTY:
return(hi_to_flat_hit(hi, hit, type));
case HI_INFO_HHIT:
return(hi_to_hhit(hi, hit, type));
default:
log_(WARN, "hi_to_hit(): invalid info (%d)\n", hi->info);
return(-1);
}
return(0);
}
/*
* function validate_hit()
*
@ -2535,9 +2724,18 @@ int validate_hit(hip_hit hit, hi_node *hi)
return(FALSE);
}
// OGA ID is at bytes 29-32, get bytes 25-32 and mask away the upper 4 bits
unsigned char oga_id = hit[3] & 0x0F;
unsigned int prefix;
memcpy(&prefix, &hit[0], 4);
prefix = ntohl(prefix);
prefix &= ~(0xF); // Set OGA-ID to 0
if(prefix == HHIT_PREFIX_32BITS) {
hi->info_id = 1;
// extract info
memcpy(&hi->info, &hit[4], sizeof(hi->info));
printf("\nValidating HHIT with info: '%c%c%c%c'\n", hi->info[0], hi->info[1], hi->info[2], hi->info[3]);
}
unsigned char oga_id = hit[3] & 0x0F;
if (hi_to_hit(hi, computed_hit, oga_id) < 0)
{
return(FALSE);

43
src/util/hitgen.c
View File

@ -87,6 +87,8 @@ typedef struct _hi_options {
char anon;
char incoming;
char hit_suite_id;
char *info;
char info_id;
__u64 r1count;
char *name;
int curve_id; // If type is ECDSA, ECDSA_low or EdDSA, this sets it curve id.
@ -113,8 +115,8 @@ int generate_HI(xmlNodePtr root_node, hi_options *opts)
EVP_PKEY *eddsa = NULL;
printf("Generating a %d-bit %s key\n",
opts->bitsize, HI_TYPESTR(opts->type));
if (opts->bitsize < 512)
{
printf("Error: bit size too small. ");
@ -245,6 +247,7 @@ int generate_HI(xmlNodePtr root_node, hi_options *opts)
xmlNewProp(hi, BAD_CAST "r1count", BAD_CAST tmp);
}
xmlNewChild(hi, NULL, BAD_CAST "name", BAD_CAST opts->name);
xmlNewChild(hi, NULL, BAD_CAST "info", BAD_CAST HI_INFOSTR(opts->info_id));
const BIGNUM *dsa_p = NULL, *dsa_q = NULL , *dsa_g = NULL, *dsa_pub_key = NULL, *dsa_priv_key = NULL;
const BIGNUM *rsa_n = NULL ,*rsa_e = NULL, *rsa_d = NULL, *rsa_p = NULL, *rsa_q = NULL, *rsa_dmp1 = NULL, *rsa_dmq1 = NULL, *rsa_iqmp = NULL;
@ -277,22 +280,22 @@ int generate_HI(xmlNodePtr root_node, hi_options *opts)
xmlNewChild(hi, NULL, BAD_CAST "iqmp",
BAD_CAST BN_bn2hex(rsa_iqmp));
break;
case HI_ALG_ECDSA:
case HI_ALG_ECDSA:
sprintf(
tmp, "%u",
(unsigned int) opts->curve_id
); // Write curve id to config file.
xmlNewChild(hi, NULL, BAD_CAST "CURVE", BAD_CAST tmp);
xmlNewChild(
hi,
NULL,
BAD_CAST "PRIV",
hi,
NULL,
BAD_CAST "PRIV",
BAD_CAST BN_bn2hex(EC_KEY_get0_private_key(ecdsa))
);
xmlNewChild(
hi,
NULL,
BAD_CAST "PUB",
hi,
NULL,
BAD_CAST "PUB",
BAD_CAST EC_POINT_point2hex(
EC_KEY_get0_group(ecdsa),
EC_KEY_get0_public_key(ecdsa),
@ -349,6 +352,8 @@ int generate_HI(xmlNodePtr root_node, hi_options *opts)
hostid.dsa = dsa;
hostid.ecdsa = ecdsa;
hostid.eddsa = eddsa;
hostid.info_id = opts->info_id;
memcpy(hostid.info, opts->info, sizeof(hostid.info));
hit.ss_family = AF_INET6;
hitp = SA2IP(&hit);
@ -610,6 +615,7 @@ void print_hitgen_usage()
printf("[-noinput] ");
printf("[-file <file>] ");
printf("[-append]\n");
printf("[-hhit <info>]\n");
printf("\t\t[-type DSA|RSA] ");
printf("[-bits|length <NN>] ");
printf("[-anon] ");
@ -624,6 +630,7 @@ void print_hitgen_usage()
printf(" -noinput \t don't ask to seed random number generator\n");
printf(" -file <file> \t write output to the specified file\n");
printf(" -append\t append identity if file already exists\n");
printf(" -hhit <info>\t use hierarchical host identity tags\n");
printf("Host identitiy generation:\n");
printf(" -type \t\t followed by \"DSA\", \"RSA\", \"ECDSA\" or \"EdDSA\" specifying the key type\n");
printf(" -curve \t\t followed by id for the ECDSA/EdDSA curve to be used. Default 1\n");
@ -663,7 +670,7 @@ void print_hitgen_usage()
int main(int argc, char *argv[])
{
char name[255], basename[255], filename[255], confname[255];
char rnd_seed[255], format[16];
char rnd_seed[255], format[16], info[4];
int i, have_filename = 0, do_publish = 0, do_conf = 0, do_noinput = 0;
int do_append = 0;
hi_options opts;
@ -716,6 +723,8 @@ int main(int argc, char *argv[])
opts.r1count = 10;
opts.hit_suite_id = 1;
opts.name = name;
opts.info = info;
opts.info_id = 0;
/*
* Command-line parameters
@ -775,7 +784,7 @@ int main(int argc, char *argv[])
else if (strcmp(*argv, "-suite") == 0)
{
argv++, argc--;
int tmp;
int tmp;
sscanf(*argv, "%d", &tmp);
opts.hit_suite_id = tmp;
argv++, argc--;
@ -848,6 +857,17 @@ int main(int argc, char *argv[])
argv++, argc--;
continue;
}
else if (strcmp(*argv, "-hhit") == 0)
{
opts.info_id = 1;
argv++, argc--;
if (argc > 0)
{
memcpy(info, *argv, sizeof(info));
argv++, argc--;
}
continue;
}
print_hitgen_usage();
exit(1);
@ -1042,4 +1062,3 @@ int main(int argc, char *argv[])
#endif
return(0);
}

14
test/hipnode.py
View File

@ -40,7 +40,7 @@ class HIPNode(CoreNode):
self.cmd(f"ip address add {self.ip}/24 dev eth0")
self.find(rf".*?Address added.*?{self.ip}.*?")
def hitgen(self, public_path: str, ip: str = None):
def hitgen(self, public_path: str, ip: str = None, args: str = "", conf: bool = False):
"""Generate host identities and append to the publicly known host identities"""
self._state_check(State.IDLE, State.READY)
@ -54,9 +54,19 @@ class HIPNode(CoreNode):
self.cmd("touch known_host_identities.xml")
self.cmd(f"mount --bind {public_path} known_host_identities.xml")
self.cmd("hitgen -conf")
self.cmd("hitgen -noinput")
self.cmd(f"hitgen -noinput {args}")
self.cmd("hitgen -publish -file public.xml")
if conf:
path = f"{self.nodedir}/hip.conf"
tree = ElementTree.parse(path)
root = tree.getroot()
suites = root.find("available_hit_suites")[0]
element = ElementTree.SubElement(suites, "suite")
element.text = "5"
suites.insert(0, element)
tree.write(path, encoding="utf-8", xml_declaration=True)
tree = ElementTree.parse(f"{self.nodedir}/public.xml")
root = tree.getroot()
host_identity = copy.deepcopy(root[0])

41
test/test_hip.py → test/test_switch.py
View File

@ -9,9 +9,12 @@ from testcasecore import TestCaseCore
from utils import XML
class TestHIP(TestCaseCore):
class Test(TestCaseCore):
"""Tests between two computers and a switch."""
N1_HITGEN_KWARGS = {}
N2_HITGEN_KWARGS = {}
def setUp(self):
super().setUp()
ip_prefixes = IpPrefixes(ip4_prefix="10.0.0.0/24")
@ -27,19 +30,19 @@ class TestHIP(TestCaseCore):
public = f"{self.session.session_dir}/known_host_identities.xml"
XML.create_file(public, "known_host_identities")
self.n1.hitgen(public)
self.n2.hitgen(public)
self.n1.hitgen(public, **self.N1_HITGEN_KWARGS)
self.n2.hitgen(public, **self.N2_HITGEN_KWARGS)
self.n1.start()
self.n2.start()
def test_basic_connectivity(self):
"""Test that two computers connected by a switch can communicate."""
"""Test that two computers connected by a switch can communicate via HIP."""
self.assertEqual(self.n1.command(f"ping -c 1 -W 5 {self.n2.LSI}", stdout=PIPE).wait(), 0)
self.assertIsNotNone(self.n1.find(r".*?HIP exchange complete.*?"))
self.assertIsNotNone(self.n2.find(r".*?HIP exchange complete.*?"))
def test_address_mobility(self):
"""Test that two computers continue to communicate during address change."""
"""Test that two computers continue to communicate via HIP during address change."""
self.n1.command(f"ping -c 1 -W 5 {self.n2.LSI}", stdout=PIPE).wait()
# make sure that base exchange has already been made
self.n1.clear_queue()
@ -51,5 +54,33 @@ class TestHIP(TestCaseCore):
self.assertIsNotNone(self.n2.find(r".*?Update completed \(rekey\).*?"))
class TestAllHHIT(Test):
"""Tests between two computers and a switch where both are using HHITs."""
N1_HITGEN_KWARGS = {"args": "-hhit _n1_"}
N2_HITGEN_KWARGS = {"args": "-hhit _n2_"}
class TestOneHHIT(Test):
"""Tests between two computers and a switch where one is using HHITs."""
N1_HITGEN_KWARGS = {}
N2_HITGEN_KWARGS = {"args": "-hhit _n2_"}
class TestEdDSA25519(Test):
"""Tests between two computers and a switch where both are using EdDSA Curve25519."""
N1_HITGEN_KWARGS = {"args": "-type EdDSA -suite 5 -curve 1", "conf": True}
N2_HITGEN_KWARGS = {"args": "-type EdDSA -suite 5 -curve 1", "conf": True}
class TestEdDSA448(Test):
"""Tests between two computers and a switch where both are using EdDSA Curve448."""
N1_HITGEN_KWARGS = {"args": "-type EdDSA -suite 5 -curve 3", "conf": True}
N2_HITGEN_KWARGS = {"args": "-type EdDSA -suite 5 -curve 3", "conf": True}
if __name__ == "__main__":
unittest.main(verbosity=2, warnings="ignore")