[hipl-commit] [trunk] Rev 4417: Restore disabled PISA code that was removed.

From: Diego Biurrun <diego@xxxxxxxxxx>
To: hipl-commit@xxxxxxxxxxxxx
Date: Mon, 26 Apr 2010 22:48:31 +0300

Committer: Diego Biurrun <diego@xxxxxxxxxx>
Date: 26/04/2010 at 22:48:31
Revision: 4417
Revision-id: diego@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Branch nick: trunk

Log:
  Restore disabled PISA code that was removed.
  
  According to Thomas Jansen this code will be used in the future.

Modified:
  M  firewall/pisa.c

=== modified file 'firewall/pisa.c'
--- firewall/pisa.c     2010-04-15 23:29:49 +0000
+++ firewall/pisa.c     2010-04-26 19:43:52 +0000
@@ -210,6 +210,41 @@
 }
 
 /**
+ * Check the signature of the packet.
+ *
+ * @param ctx context of the packet with the signature to check
+ * @return success (0) or failure
+ */
+/* This function is not used */
+#if 0
+static int pisa_check_signature(hip_fw_context_t *ctx)
+{
+    struct hip_common *hip = ctx->transport_hdr.hip;
+    int err                = -1;
+    struct hip_host_id *host_id;
+
+    host_id = hip_get_param(hip, HIP_PARAM_HOST_ID);
+    HIP_IFEL(host_id == 0, -1, "Cannot check signature: No HOST_ID found.\n");
+
+    if (hip_get_host_id_algo(host_id) == HIP_HI_RSA) {
+        RSA *rsa;
+        rsa = hip_key_rr_to_rsa(host_id, 0);
+        err = hip_rsa_verify(rsa, hip);
+        RSA_free(rsa);
+    } else {
+        DSA *dsa;
+        dsa = hip_key_rr_to_dsa(host_id, 0);
+        err = hip_dsa_verify(dsa, hip);
+        DSA_free(dsa);
+    }
+
+out_err:
+    return err;
+}
+
+#endif /* 0 */
+
+/**
  * Check the certificate of the packet.
  *
  * @param ctx context of the packet with the certificate to check
@@ -257,6 +292,10 @@
 
     HIP_IFEL(ipv6_addr_cmp(&pc.hit_issuer, &community_operator_hit) != 0,
              -1, "Certificate not issued by the community operator.\n");
+#if 0
+    HIP_IFEL(ipv6_addr_cmp(&pc.hit_subject, &hip->hits) != 0, -1,
+             "Certificate does not belong to subject.\n");
+#endif
 
     HIP_INFO("Certificate successfully verified.\n");
 
@@ -400,6 +439,8 @@
 #endif
 
     solution = pisa_check_challenge_response(ctx);
+    // Done in conntrack.c
+    //sig = pisa_check_signature(ctx);
     cert     = pisa_check_certificate(ctx);
 
     if (solution == NULL || sig != 0 || cert != 0) {
@@ -452,6 +493,8 @@
     struct hip_challenge_response *solution = NULL;
 
     solution = pisa_check_challenge_response(ctx);
+    // Done in conntrack.c
+    //sig = pisa_check_signature(ctx);
     cert = pisa_check_certificate(ctx);
 
     if (solution == NULL || sig != 0 || cert != 0) {

[hipl-commit] [trunk] Rev 4417: Restore disabled PISA code that was removed.

Other related posts: