2013-08-04 03:07:20 +01:00
|
|
|
#ifndef _RLOCS_H_
|
|
|
|
|
#define _RLOCS_H_
|
|
|
|
|
|
2013-08-08 00:48:02 +01:00
|
|
|
#include "util.h"
|
|
|
|
|
|
2013-08-04 03:07:20 +01:00
|
|
|
#include <json/json_object.h>
|
|
|
|
|
#include <netinet/in.h>
|
|
|
|
|
|
2013-08-08 00:48:02 +01:00
|
|
|
#include <openssl/evp.h>
|
|
|
|
|
#include <openssl/sha.h>
|
2013-08-04 03:07:20 +01:00
|
|
|
|
|
|
|
|
// For now. We can dynamically allocate later.
|
|
|
|
|
#define MAX_RLOCS 64
|
|
|
|
|
#define MAX_EID_MAPPINGS 256
|
|
|
|
|
|
2013-08-08 00:48:02 +01:00
|
|
|
|
|
|
|
|
struct key_context {
|
|
|
|
|
int in_use;
|
|
|
|
|
char secret[SHA256_DIGEST_LENGTH];
|
|
|
|
|
EVP_CIPHER_CTX ctx;
|
|
|
|
|
|
|
|
|
|
/* Probably don't need these
|
|
|
|
|
struct rloc *rloc_x;
|
|
|
|
|
struct rloc *rloc_y;
|
|
|
|
|
*/
|
|
|
|
|
};
|
|
|
|
|
|
2013-08-04 03:07:20 +01:00
|
|
|
struct rloc {
|
|
|
|
|
short family;
|
|
|
|
|
union {
|
|
|
|
|
struct in_addr ip4;
|
|
|
|
|
struct in6_addr ip6;
|
|
|
|
|
} addr;
|
|
|
|
|
|
2013-08-08 00:48:02 +01:00
|
|
|
EVP_PKEY *key;
|
|
|
|
|
// We use this to index our rloc for shared keys
|
|
|
|
|
int context_id;
|
2013-08-04 03:07:20 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
struct ip4_eid_map_entry {
|
|
|
|
|
struct in_addr network;
|
|
|
|
|
struct in_addr broadcast;
|
|
|
|
|
unsigned int mask;
|
|
|
|
|
struct rloc *rloc;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct ip6_eid_map_entry {
|
|
|
|
|
struct in6_addr network;
|
|
|
|
|
struct in6_addr broadcast;
|
|
|
|
|
unsigned int mask;
|
|
|
|
|
struct rloc *rloc;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct rlocs {
|
2013-08-08 00:48:02 +01:00
|
|
|
json_object *config;
|
2013-08-04 03:07:20 +01:00
|
|
|
|
|
|
|
|
size_t num_entries;
|
|
|
|
|
struct rloc entries[MAX_RLOCS];
|
|
|
|
|
|
|
|
|
|
size_t num_ip4_map_entries;
|
|
|
|
|
struct ip4_eid_map_entry ip4_mappings[MAX_EID_MAPPINGS];
|
|
|
|
|
|
|
|
|
|
size_t num_ip6_map_entries;
|
|
|
|
|
struct ip6_eid_map_entry ip6_mappings[MAX_EID_MAPPINGS];
|
2013-08-08 00:48:02 +01:00
|
|
|
|
|
|
|
|
/* Don't do this, kids.
|
|
|
|
|
* 2D array - [wrapping_rloc->id][unwrapping_rloc->id]
|
|
|
|
|
* Obviously, half of the contexts would be identical. So some rules:
|
|
|
|
|
* - if you're wrapping a packet, you are x. they are y
|
|
|
|
|
* - if you're unwrapping a packet, you are y. they are x.
|
|
|
|
|
* Half of the allocated memory goes unused, but we can worry about dynamic
|
|
|
|
|
* allocation at the same time as MAX_RLOCS and MAX_EID_MAPPINGS
|
|
|
|
|
*/
|
|
|
|
|
struct key_context key_contexts[MAX_RLOCS][MAX_RLOCS];
|
2013-08-04 03:07:20 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
void rlocs_init(void);
|
|
|
|
|
|
|
|
|
|
struct rlocs *rlocs_new( char *filename );
|
|
|
|
|
|
|
|
|
|
struct rloc *rloc_find_for_ipv4( struct rlocs *reg, struct in_addr *eid );
|
|
|
|
|
struct rloc *rloc_find_for_ipv6( struct rlocs *reg, struct in6_addr *eid );
|
|
|
|
|
struct rloc *rloc_find_by_address( struct rlocs *reg, struct in_addr *ipv4, struct in6_addr *ipv6 );
|
|
|
|
|
|
2013-08-06 18:44:13 +01:00
|
|
|
int rloc_add_private_key( struct rloc *rloc, char *filename );
|
|
|
|
|
|
2013-08-06 14:25:31 +01:00
|
|
|
void rlocs_debug_output( struct rlocs *reg );
|
|
|
|
|
|
2013-08-04 03:07:20 +01:00
|
|
|
/* Returns -1 on error, or number of bytes written */
|
2013-08-08 00:48:02 +01:00
|
|
|
ssize_t rlocs_encrypt( struct rlocs *reg, struct rloc *x, struct rloc *y, unsigned char *data, size_t data_len, unsigned char *dest, size_t dest_len );
|
|
|
|
|
ssize_t rlocs_decrypt( struct rlocs *reg, struct rloc *x, struct rloc *y, unsigned char *data, size_t data_len, unsigned char *dest, size_t dest_len );
|
2013-08-04 03:07:20 +01:00
|
|
|
|
|
|
|
|
void rlocs_free( struct rlocs *registry );
|
|
|
|
|
|
|
|
|
|
#endif
|
