Merge authors: Henrik Ziegeldorf (henrik-ziegeldorf) Stefan Götz (stefan.goetz) ------------------------------------------------------------ revno: 5355 [merge] committer: Henrik Ziegeldorf <henrik.ziegeldorf@xxxxxxxxxxxxxx> branch nick: ecc timestamp: Sat 2011-01-15 12:05:10 +0100 message: Merged trunk revision 5522. Refactored function hip_get_ecdsa_public_key to fit new way of memory handling in hip_get_public_key and hip_add_host_id. modified: doc/HACKING firewall/rule_management.c hipd/hidb.c -- lp:~hipl-core/hipl/ecc https://code.launchpad.net/~hipl-core/hipl/ecc Your team HIPL core team is subscribed to branch lp:~hipl-core/hipl/ecc. To unsubscribe from this branch go to https://code.launchpad.net/~hipl-core/hipl/ecc/+edit-subscription
=== modified file 'doc/HACKING' --- doc/HACKING 2011-01-13 09:37:30 +0000 +++ doc/HACKING 2011-01-15 09:14:09 +0000 @@ -147,6 +147,10 @@ [DEFAULT] BZR_EDITOR = nano +NOTE: To support code quality and style, please use the stylecheck pre-commit +hook found in tools/bazaar/plugins/stylecheck.py - this script contains its own +documentation, including how to set it up. See also 'Style Checking'. + TBD: further useful commands bzr conflicts/resolve @@ -450,6 +454,10 @@ C code formatting and style: ---------------------------- +NOTE: As a tool to help with good style, please use the stylecheck pre-commit +hook found in tools/bazaar/plugins/stylecheck.py - this script contains its own +documentation, including how to set it up. See also 'Style Checking'. + This project uses the Kernighan & Ritchie (K&R) coding style in the one true brace style (1TBS) variant. Indentation width is four spaces. @@ -558,6 +566,50 @@ } +Style Checking +-------------- + +As a tool to help with good style, please use the stylecheck pre-commit +hook found in tools/bazaar/plugins/stylecheck.py - this script contains its own +documentation, including how to set it up. + +You are strongly recommended to use this hook based on the code beautification +uncrustify because it gets things right almost all the time. This means that: +1) At the time of this writing, only the syntactically confusing macros in the +unit test code are not handled correctly by uncrustify. So you can and should +throw all code at uncrustify (via the commit hook) to have it checked. +2) uncrustify produces very good results and you can trust them. At the time of +this writing, the only issue is with the alignment of consecutive variable +declarations and initializations (where uncrustify might accidentally align +unrelated code or not align related code). Obviously, it never hurts to check +the uncrustify output. + +If the above style recommendations are unclear about a topic, you should trust +the style decisions that uncrustify takes. + +The style rules used by uncrustify can be found in the .uncrustify*.cfg files in +the top-level directory of a branch. If these rules need to be changed, please +make sure that +0) other developers are okay with the change in code style; +1) the modified rules have no undesirable side-effects across the code base + (always test new rules with the whole code base); +2) all .uncrustify*.cfg files are modified and the rules remain consistent. + +The rationale for introducing and using the uncrustify-based pre-commit hook has +been derived from the HIPL development process. The fundamental problem is that +poor style ties up resources and precious time. How? Well, first of all, it can +be difficult to get code style right manually. Thus, a lot of commits and merge +proposals can contain varying amounts of style violations of varying severity. +Consequently, code reviewers are forced to look out for and comment on style +violations and thus have less time to focus on a meaningful semantic review, +spotting actual bugs or defects. And having to spend this time on these minor, +non-functional issues creates friction both for the reviewers and the original +authors. + +Thus, checking and enforcing style automatically may not always produce the +perfect result but it frees valuable developer time for more important tasks. + + CODING CONVENTIONS ================== === modified file 'firewall/rule_management.c' --- firewall/rule_management.c 2011-01-14 16:59:25 +0000 +++ firewall/rule_management.c 2011-01-15 11:05:10 +0000 @@ -379,7 +379,6 @@ return option; } - /** * Load an RSA public key from a file and convert it into a hip_host_id. * @@ -388,7 +387,7 @@ * * @return 0 on success, negative on error */ -static int load_rsa_file(FILE *fp, struct hip_host_id *hi) +static int load_rsa_file(FILE *fp, struct hip_host_id *const hi) { int err = 0; RSA *rsa = NULL; @@ -422,7 +421,7 @@ * * @return 0 on success, negative on error */ -static int load_dsa_file(FILE *fp, struct hip_host_id *hi) +static int load_dsa_file(FILE *fp, struct hip_host_id *const hi) { int err = 0; DSA *dsa = NULL; @@ -459,10 +458,10 @@ */ static int load_ecdsa_file(FILE *fp, struct hip_host_id *const hi) { - int err = 0; - EC_KEY *ecdsa = NULL; + int err = 0; + EC_KEY *ecdsa = NULL; unsigned char *ecdsa_key_rr = NULL; - int ecdsa_key_rr_len; + int ecdsa_key_rr_len; HIP_IFEL(!hi, -1, "Cannot write return value, because passed hi is NULL\n"); === modified file 'hipd/hidb.c' --- hipd/hidb.c 2011-01-14 16:33:24 +0000 +++ hipd/hidb.c 2011-01-15 11:05:10 +0000 @@ -75,127 +75,124 @@ * @param host_id the host identifier with its private key component * @return An allocated hip_host_id structure. Caller must deallocate. */ -static struct hip_host_id *hip_get_ecdsa_public_key(const struct hip_host_id_priv *const host_id) +static int hip_get_ecdsa_public_key(const struct hip_host_id_priv *const host_id, struct hip_host_id *const ret) { - int err = 0; + int err = 0; struct hip_ecdsa_keylen key_lens; - struct hip_host_id *host_id_pub; HIP_IFEL(hip_get_ecdsa_keylen(host_id, &key_lens), -1, "Failed computing key sizes.\n"); - HIP_IFEL(!(host_id_pub = (struct hip_host_id *) malloc(sizeof(struct hip_host_id))), - -ENOMEM, "Could not allocate memory for hip_host_id\n"); - /* copy the header (header size is the whole struct without the key and the hostname)*/ - memcpy(host_id_pub, host_id, sizeof(struct hip_host_id) - sizeof(host_id_pub->key) - sizeof(host_id_pub->hostname)); + memcpy(ret, host_id, sizeof(struct hip_host_id) - sizeof(ret->key) - sizeof(ret->hostname)); /* copy the key rr * the size of the key rr has the size of the public key + 2 bytes for the curve identifier (see RFC5201-bis 5.2.8.)*/ - memcpy(host_id_pub->key, host_id->key, key_lens.Y_len + HIP_CURVE_ID_LENGTH); + memcpy(ret->key, host_id->key, key_lens.Y_len + HIP_CURVE_ID_LENGTH); /* set the hi length * the hi length is the length of the key rr data + the key rr header */ - host_id_pub->hi_length = htons(key_lens.Y_len + HIP_CURVE_ID_LENGTH + sizeof(struct hip_host_id_key_rdata)); + ret->hi_length = htons(key_lens.Y_len + HIP_CURVE_ID_LENGTH + sizeof(struct hip_host_id_key_rdata)); - hip_set_param_contents_len((struct hip_tlv_common *) host_id_pub, + hip_set_param_contents_len((struct hip_tlv_common *) ret, sizeof(struct hip_host_id) - sizeof(struct hip_tlv_common)); - return host_id_pub; - out_err: - free(host_id_pub); - return NULL; + return err; } - /** * Strips a DSA public key out of a host id with private key component * - * @param hi the host identifier with its private key component - * @return An allocated hip_host_id structure. Caller must deallocate. + * @param hi the host identifier with its private key component + * @param ret a pointer to an allocated host identity struct + * in which the public host identity will be returned + * + * @return 0 on success, negative on error (if the T-value is invalid) */ -static struct hip_host_id *hip_get_dsa_public_key(const struct hip_host_id_priv *const hi) +static int hip_get_dsa_public_key(const struct hip_host_id_priv *const hi, struct hip_host_id *const ret) { int key_len; /* T could easily have been an int, since the compiler will * probably add 3 alignment bytes here anyway. */ - uint8_t T; - uint16_t temp; - struct hip_host_id *ret; + uint8_t T; + uint16_t temp; /* check T, Miika won't like this */ T = *((const uint8_t *) (hi->key)); if (T > 8) { HIP_ERROR("Invalid T-value in DSA key (0x%x)\n", T); - return NULL; + return -1; } if (T != 8) { HIP_DEBUG("T-value in DSA-key not 8 (0x%x)!\n", T); } key_len = 64 + (T * 8); - ret = calloc(1, sizeof(struct hip_host_id)); /* Copy the header and key_rr header */ memcpy(ret, hi, sizeof(struct hip_host_id) - sizeof(ret->key) - sizeof(ret->hostname)); /* the secret component of the DSA key is always 20 bytes */ - temp = ntohs(hi->hi_length) - DSA_PRIV; + temp = ntohs(hi->hi_length) - DSA_PRIV; memcpy(ret->key, hi->key, temp); ret->hi_length = htons(temp); memcpy(ret->hostname, hi->hostname, sizeof(ret->hostname)); ret->length = htons(sizeof(struct hip_host_id)); - return ret; + return 0; } /** * Strips the RSA public key from a Host Identity * - * @param tmp a pointer to a Host Identity. - * @return A pointer to a newly allocated host identity with only the public key. - * Caller deallocates. + * @param hi a pointer to a Host Identity. + * @param ret a pointer to an allocated host identity struct + * in which the public host identity will be returned + * + * @return 0 + * + * @note the function returns an int (always 0) in order to be + * compatible with hip_get_rsa_public_key, resp. hip_get_public_key. */ -static struct hip_host_id *hip_get_rsa_public_key(const struct hip_host_id_priv *const tmp) +static int hip_get_rsa_public_key(const struct hip_host_id_priv *const hi, struct hip_host_id *const ret) { int rsa_pub_len; struct hip_rsa_keylen keylen; - struct hip_host_id *ret; /** @todo check some value in the RSA key? */ - hip_get_rsa_keylen(tmp, &keylen, 1); + hip_get_rsa_keylen(hi, &keylen, 1); rsa_pub_len = keylen.e_len + keylen.e + keylen.n; - ret = malloc(sizeof(struct hip_host_id)); - memcpy(ret, tmp, sizeof(struct hip_host_id) - + memcpy(ret, hi, sizeof(struct hip_host_id) - sizeof(ret->key) - sizeof(ret->hostname)); ret->hi_length = htons(rsa_pub_len + sizeof(struct hip_host_id_key_rdata)); - memcpy(ret->key, tmp->key, rsa_pub_len); - memcpy(ret->hostname, tmp->hostname, sizeof(ret->hostname)); + memcpy(ret->key, hi->key, rsa_pub_len); + memcpy(ret->hostname, hi->hostname, sizeof(ret->hostname)); ret->length = htons(sizeof(struct hip_host_id)); - return ret; + return 0; } /** * Transforms a private/public key pair to a public key, private key is deleted. * * @param hid a pointer to a host identity. - * @return a pointer to a host identity if the transformation was - * successful, NULL otherwise. + * @param ret a pointer to an allocated host identity struct + * in which the public host identity will be returned + * @return 0 on succes, negative on error */ -static struct hip_host_id *hip_get_public_key(const struct hip_host_id_priv *hid) +static int hip_get_public_key(const struct hip_host_id_priv *hid, struct hip_host_id *const ret) { int alg = hip_get_host_id_algo((const struct hip_host_id *) hid); switch (alg) { case HIP_HI_RSA: - return hip_get_rsa_public_key(hid); + return hip_get_rsa_public_key(hid, ret); case HIP_HI_DSA: - return hip_get_dsa_public_key(hid); + return hip_get_dsa_public_key(hid, ret); case HIP_HI_ECDSA: - return hip_get_ecdsa_public_key(hid); + return hip_get_ecdsa_public_key(hid, ret); default: HIP_ERROR("Unsupported HI algorithm (%d)\n", alg); - return NULL; + return -1; } } @@ -545,7 +542,10 @@ HIP_DEBUG("Generating a new R1 set.\n"); HIP_IFEL(!(id_entry->r1 = hip_init_r1()), -ENOMEM, "Unable to allocate R1s.\n"); - id_entry->host_id = hip_get_public_key(host_id); + HIP_IFEL(!(id_entry->host_id = malloc(sizeof(struct hip_host_id))), + -ENOMEM, "Unable to allocate host id\n"); + HIP_IFEL(hip_get_public_key(host_id, id_entry->host_id), + -1, "Unable to get public key from private host id\n"); switch (hip_get_host_id_algo(id_entry->host_id)) { case HIP_HI_RSA: signature_func = hip_rsa_sign;