167 lines
5.0 KiB
C++
167 lines
5.0 KiB
C++
/*
|
|
* Host Identity Protocol
|
|
* Copyright (c) 2008-2012 the Boeing Company
|
|
*
|
|
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
* of this software and associated documentation files (the "Software"), to deal
|
|
* in the Software without restriction, including without limitation the rights
|
|
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
* copies of the Software, and to permit persons to whom the Software is
|
|
* furnished to do so, subject to the following conditions:
|
|
*
|
|
* The above copyright notice and this permission notice shall be included in
|
|
* all copies or substantial portions of the Software.
|
|
*
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
|
* THE SOFTWARE.
|
|
*
|
|
* \file hip_cfg.h
|
|
*
|
|
* \authors Jin Fang <jin.fang@boeing.com>
|
|
*
|
|
* \brief Common configuration API class definitions.
|
|
*
|
|
*/
|
|
|
|
#ifndef _HIP_CFG_H_
|
|
#define _HIP_CFG_H_
|
|
#include <netinet/in.h>
|
|
#include <netinet/ether.h>
|
|
#include <map>
|
|
#include <set>
|
|
#include <string>
|
|
#include <list>
|
|
#include <openssl/ssl.h>
|
|
#include <openssl/engine.h>
|
|
#include "hip_types.h"
|
|
|
|
extern pthread_mutex_t hipcfgmap_mutex;
|
|
|
|
using namespace std;
|
|
|
|
class certInfo
|
|
{
|
|
public:
|
|
certInfo(char *hit)
|
|
{
|
|
_hit = hit; time(&_ts);
|
|
};
|
|
~certInfo();
|
|
time_t getTs()
|
|
{
|
|
return(_ts);
|
|
};
|
|
const char *getHit()
|
|
{
|
|
return(_hit.c_str());
|
|
};
|
|
certInfo()
|
|
{
|
|
};
|
|
|
|
private:
|
|
string _hit;
|
|
time_t _ts;
|
|
};
|
|
|
|
class hitPair
|
|
{
|
|
public:
|
|
hitPair(const hip_hit hit1, const hip_hit hit2);
|
|
void print() const;
|
|
bool operator<(const hitPair & hp) const;
|
|
|
|
public:
|
|
hip_hit _hit1;
|
|
hip_hit _hit2;
|
|
};
|
|
|
|
struct hp_compare
|
|
{
|
|
bool operator ()(const hitPair & hp1, const hitPair & hp2)
|
|
{
|
|
return(hp1 < hp2);
|
|
}
|
|
|
|
};
|
|
|
|
|
|
class hipCfg {
|
|
public:
|
|
hipCfg();
|
|
virtual ~hipCfg()
|
|
{
|
|
};
|
|
int hit_peer_allowed(const hip_hit hit1, const hip_hit hit2);
|
|
int peers_allowed(hip_hit *hits1, hip_hit *hits2, int max_cnt);
|
|
|
|
/* called by hipcfg_setUnderlayIpAddress */
|
|
virtual int setUnderlayIpAddress(const char *ip) = 0;
|
|
|
|
int legacyNodeToEndbox(const struct sockaddr *host, struct sockaddr *eb);
|
|
int endbox2Llip(const struct sockaddr *eb, struct sockaddr *llip);
|
|
int getLegacyNodesByEndbox(const struct sockaddr *eb,
|
|
struct sockaddr_storage *hosts, int size);
|
|
int getLocalCertUrl(char *url, unsigned int size);
|
|
int getPeerNodes(struct peer_node *peerNodes, unsigned int max_count);
|
|
hi_node *getMyHostId()
|
|
{
|
|
return(_hostid);
|
|
};
|
|
virtual int verifyCert(const char *url, const hip_hit hit) = 0;
|
|
virtual int postLocalCert(const char *hit) = 0;
|
|
virtual int loadCfg(struct hip_conf *hc) = 0;
|
|
virtual int closeCfg() = 0;
|
|
static int hit2hitstr(char *hit_str, const hip_hit hit);
|
|
static int hitstr2lsistr(char *lsi_str, const char *hit_str);
|
|
static int addr_to_str(const struct sockaddr *addr, char *data, int len);
|
|
static int hitstr2hit(hip_hit hit, const char *hit_str);
|
|
static int hex_to_bin(const char *src, char *dst, int dst_len);
|
|
static int str_to_addr(const char *data, struct sockaddr *addr);
|
|
|
|
protected:
|
|
int verify_certificate(X509 *cert);
|
|
static int callb(int rc, X509_STORE_CTX *ctx);
|
|
int hi_to_hit(hi_node *hi, hip_hit hit);
|
|
int khi_hi_input(hi_node *hi, __u8 *out);
|
|
int bn2bin_safe(const BIGNUM *a, unsigned char *to, int len);
|
|
int khi_encode_n(__u8 *in, int len, __u8 *out, int n);
|
|
int mkHIfromSc();
|
|
int mkHIfromPkey(RSA *rsa, DSA *dsa, hi_node *hostid);
|
|
int getEndboxMapsFromLocalFile();
|
|
int locate_config_file(char *filename,
|
|
int filename_size,
|
|
const char *default_name);
|
|
sockaddr_list *add_address_to_list(sockaddr_list **list,
|
|
struct sockaddr *addr,
|
|
int ifi);
|
|
|
|
protected:
|
|
map <string, string> _legacyNode2EndboxMap;
|
|
map <string, string> _endbox2LlipMap; /* endbox (LSI) to Llip mapping */
|
|
string _localCertUrl;
|
|
map <string, certInfo> _certs; /* cached certificates data indexed by
|
|
*cert url*/
|
|
set <hitPair, hp_compare> _allowed_peers; /* pairs of hits allowed to
|
|
*start HIP base exchange */
|
|
struct hip_conf *_hcfg;
|
|
map <string, struct peer_node *> _hit_to_peers; /* configured peers
|
|
* *indexed by hit
|
|
* string
|
|
**/
|
|
string _scPrivKeyID;
|
|
string _scCert;
|
|
hi_node *_hostid;
|
|
SSL *_ssl;
|
|
X509_STORE *_store;
|
|
RSA *_rsa;
|
|
DSA *_dsa;
|
|
};
|
|
|
|
#endif
|