1 /* $OpenBSD: extern.h,v 1.116 2022/01/28 15:30:23 claudio Exp $ */ 2 /* 3 * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> 4 * 5 * Permission to use, copy, modify, and distribute this software for any 6 * purpose with or without fee is hereby granted, provided that the above 7 * copyright notice and this permission notice appear in all copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 */ 17 #ifndef EXTERN_H 18 #define EXTERN_H 19 20 #include <sys/queue.h> 21 #include <sys/tree.h> 22 #include <sys/time.h> 23 24 #include <openssl/x509.h> 25 26 enum cert_as_type { 27 CERT_AS_ID, /* single identifier */ 28 CERT_AS_INHERIT, /* inherit from parent */ 29 CERT_AS_RANGE, /* range of identifiers */ 30 }; 31 32 /* 33 * An AS identifier range. 34 * The maximum AS identifier is an unsigned 32 bit integer (RFC 6793). 35 */ 36 struct cert_as_range { 37 uint32_t min; /* minimum non-zero */ 38 uint32_t max; /* maximum */ 39 }; 40 41 /* 42 * An autonomous system (AS) object. 43 * AS identifiers are unsigned 32 bit integers (RFC 6793). 44 */ 45 struct cert_as { 46 enum cert_as_type type; /* type of AS specification */ 47 union { 48 uint32_t id; /* singular identifier */ 49 struct cert_as_range range; /* range */ 50 }; 51 }; 52 53 /* 54 * AFI values are assigned by IANA. 55 * In rpki-client, we only accept the IPV4 and IPV6 AFI values. 56 */ 57 enum afi { 58 AFI_IPV4 = 1, 59 AFI_IPV6 = 2 60 }; 61 62 /* 63 * An IP address as parsed from RFC 3779, section 2.2.3.8. 64 * This is either in a certificate or an ROA. 65 * It may either be IPv4 or IPv6. 66 */ 67 struct ip_addr { 68 unsigned char addr[16]; /* binary address prefix */ 69 unsigned char prefixlen; /* number of valid bits in address */ 70 }; 71 72 /* 73 * An IP address (IPv4 or IPv6) range starting at the minimum and making 74 * its way to the maximum. 75 */ 76 struct ip_addr_range { 77 struct ip_addr min; /* minimum ip */ 78 struct ip_addr max; /* maximum ip */ 79 }; 80 81 enum cert_ip_type { 82 CERT_IP_ADDR, /* IP address range w/shared prefix */ 83 CERT_IP_INHERIT, /* inherited IP address */ 84 CERT_IP_RANGE /* range of IP addresses */ 85 }; 86 87 /* 88 * A single IP address family (AFI, address or range) as defined in RFC 89 * 3779, 2.2.3.2. 90 * The RFC specifies multiple address or ranges per AFI; this structure 91 * encodes both the AFI and a single address or range. 92 */ 93 struct cert_ip { 94 enum afi afi; /* AFI value */ 95 enum cert_ip_type type; /* type of IP entry */ 96 unsigned char min[16]; /* full range minimum */ 97 unsigned char max[16]; /* full range maximum */ 98 union { 99 struct ip_addr ip; /* singular address */ 100 struct ip_addr_range range; /* range */ 101 }; 102 }; 103 104 enum cert_purpose { 105 CERT_PURPOSE_INVALID, 106 CERT_PURPOSE_CA, 107 CERT_PURPOSE_BGPSEC_ROUTER 108 }; 109 110 /* 111 * Parsed components of a validated X509 certificate stipulated by RFC 112 * 6847 and further (within) by RFC 3779. 113 * All AS numbers are guaranteed to be non-overlapping and properly 114 * inheriting. 115 */ 116 struct cert { 117 struct cert_ip *ips; /* list of IP address ranges */ 118 size_t ipsz; /* length of "ips" */ 119 struct cert_as *as; /* list of AS numbers and ranges */ 120 size_t asz; /* length of "asz" */ 121 int talid; /* cert is covered by which TAL */ 122 char *repo; /* CA repository (rsync:// uri) */ 123 char *mft; /* manifest (rsync:// uri) */ 124 char *notify; /* RRDP notify (https:// uri) */ 125 char *crl; /* CRL location (rsync:// or NULL) */ 126 char *aia; /* AIA (or NULL, for trust anchor) */ 127 char *aki; /* AKI (or NULL, for trust anchor) */ 128 char *ski; /* SKI */ 129 enum cert_purpose purpose; /* BGPSec or CA */ 130 char *pubkey; /* Subject Public Key Info */ 131 X509 *x509; /* the cert */ 132 time_t expires; /* do not use after */ 133 }; 134 135 /* 136 * The TAL file conforms to RFC 7730. 137 * It is the top-level structure of RPKI and defines where we can find 138 * certificates for TAs (trust anchors). 139 * It also includes the public key for verifying those trust anchor 140 * certificates. 141 */ 142 struct tal { 143 char **uri; /* well-formed rsync URIs */ 144 size_t urisz; /* number of URIs */ 145 unsigned char *pkey; /* DER-encoded public key */ 146 size_t pkeysz; /* length of pkey */ 147 char *descr; /* basename of tal file */ 148 int id; /* ID of this TAL */ 149 }; 150 151 /* 152 * Resource types specified by the RPKI profiles. 153 * There might be others we don't consider. 154 */ 155 enum rtype { 156 RTYPE_INVALID, 157 RTYPE_TAL, 158 RTYPE_MFT, 159 RTYPE_ROA, 160 RTYPE_CER, 161 RTYPE_CRL, 162 RTYPE_GBR, 163 RTYPE_REPO, 164 RTYPE_FILE, 165 }; 166 167 enum location { 168 DIR_UNKNOWN, 169 DIR_TEMP, 170 DIR_VALID, 171 }; 172 173 /* 174 * Files specified in an MFT have their bodies hashed with SHA256. 175 */ 176 struct mftfile { 177 char *file; /* filename (CER/ROA/CRL, no path) */ 178 enum rtype type; /* file type as determined by extension */ 179 enum location location; /* temporary or valid directory */ 180 unsigned char hash[SHA256_DIGEST_LENGTH]; /* sha256 of body */ 181 }; 182 183 /* 184 * A manifest, RFC 6486. 185 * This consists of a bunch of files found in the same directory as the 186 * manifest file. 187 */ 188 struct mft { 189 char *path; /* relative path to directory of the MFT */ 190 struct mftfile *files; /* file and hash */ 191 char *seqnum; /* manifestNumber */ 192 char *aia; /* AIA */ 193 char *aki; /* AKI */ 194 char *ski; /* SKI */ 195 time_t valid_from; 196 time_t valid_until; 197 size_t filesz; /* number of filenames */ 198 unsigned int repoid; 199 int stale; /* if a stale manifest */ 200 }; 201 202 /* 203 * An IP address prefix for a given ROA. 204 * This encodes the maximum length, AFI (v6/v4), and address. 205 * FIXME: are the min/max necessary or just used in one place? 206 */ 207 struct roa_ip { 208 enum afi afi; /* AFI value */ 209 struct ip_addr addr; /* the address prefix itself */ 210 unsigned char min[16]; /* full range minimum */ 211 unsigned char max[16]; /* full range maximum */ 212 unsigned char maxlength; /* max length or zero */ 213 }; 214 215 /* 216 * An ROA, RFC 6482. 217 * This consists of the concerned ASID and its IP prefixes. 218 */ 219 struct roa { 220 uint32_t asid; /* asID of ROA (if 0, RFC 6483 sec 4) */ 221 struct roa_ip *ips; /* IP prefixes */ 222 size_t ipsz; /* number of IP prefixes */ 223 int talid; /* ROAs are covered by which TAL */ 224 int valid; /* validated resources */ 225 char *aia; /* AIA */ 226 char *aki; /* AKI */ 227 char *ski; /* SKI */ 228 time_t expires; /* do not use after */ 229 }; 230 231 /* 232 * A single Ghostbuster record 233 */ 234 struct gbr { 235 char *vcard; 236 char *aia; /* AIA */ 237 char *aki; /* AKI */ 238 char *ski; /* SKI */ 239 }; 240 241 /* 242 * A single VRP element (including ASID) 243 */ 244 struct vrp { 245 RB_ENTRY(vrp) entry; 246 struct ip_addr addr; 247 int talid; /* covered by which TAL */ 248 uint32_t asid; 249 enum afi afi; 250 unsigned char maxlength; 251 time_t expires; /* transitive expiry moment */ 252 }; 253 /* 254 * Tree of VRP sorted by afi, addr, maxlength and asid 255 */ 256 RB_HEAD(vrp_tree, vrp); 257 RB_PROTOTYPE(vrp_tree, vrp, entry, vrpcmp); 258 259 /* 260 * A single BGPsec Router Key (including ASID) 261 */ 262 struct brk { 263 RB_ENTRY(brk) entry; 264 uint32_t asid; 265 int talid; /* covered by which TAL */ 266 char *ski; /* Subject Key Identifier */ 267 char *pubkey; /* Subject Public Key Info */ 268 time_t expires; /* transitive expiry moment */ 269 }; 270 /* 271 * Tree of BRK sorted by asid 272 */ 273 RB_HEAD(brk_tree, brk); 274 RB_PROTOTYPE(brk_tree, brk, entry, brkcmp); 275 276 /* 277 * A single CRL 278 */ 279 struct crl { 280 RB_ENTRY(crl) entry; 281 char *aki; 282 X509_CRL *x509_crl; 283 time_t expires; /* do not use after */ 284 }; 285 /* 286 * Tree of CRLs sorted by uri 287 */ 288 RB_HEAD(crl_tree, crl); 289 RB_PROTOTYPE(crl_tree, crl, entry, crlcmp); 290 291 /* 292 * An authentication tuple. 293 * This specifies a public key and a subject key identifier used to 294 * verify children nodes in the tree of entities. 295 */ 296 struct auth { 297 RB_ENTRY(auth) entry; 298 struct cert *cert; /* owner information */ 299 struct auth *parent; /* pointer to parent or NULL for TA cert */ 300 }; 301 /* 302 * Tree of auth sorted by ski 303 */ 304 RB_HEAD(auth_tree, auth); 305 RB_PROTOTYPE(auth_tree, auth, entry, authcmp); 306 307 struct auth *auth_find(struct auth_tree *, const char *); 308 void auth_insert(struct auth_tree *, struct cert *, struct auth *); 309 310 enum http_result { 311 HTTP_FAILED, /* anything else */ 312 HTTP_OK, /* 200 OK */ 313 HTTP_NOT_MOD, /* 304 Not Modified */ 314 }; 315 316 /* 317 * Message types for communication with RRDP process. 318 */ 319 enum rrdp_msg { 320 RRDP_START, 321 RRDP_SESSION, 322 RRDP_FILE, 323 RRDP_CLEAR, 324 RRDP_END, 325 RRDP_HTTP_REQ, 326 RRDP_HTTP_INI, 327 RRDP_HTTP_FIN, 328 }; 329 330 /* 331 * RRDP session state, needed to pickup at the right spot on next run. 332 */ 333 struct rrdp_session { 334 char *last_mod; 335 char *session_id; 336 long long serial; 337 }; 338 339 /* 340 * File types used in RRDP_FILE messages. 341 */ 342 enum publish_type { 343 PUB_ADD, 344 PUB_UPD, 345 PUB_DEL, 346 }; 347 348 /* 349 * An entity (MFT, ROA, certificate, etc.) that needs to be downloaded 350 * and parsed. 351 */ 352 struct entity { 353 TAILQ_ENTRY(entity) entries; 354 char *path; /* path relative to repository */ 355 char *file; /* filename or valid repo path */ 356 unsigned char *data; /* optional data blob */ 357 size_t datasz; /* length of optional data blob */ 358 unsigned int repoid; /* repository identifier */ 359 int talid; /* tal identifier */ 360 enum rtype type; /* type of entity (not RTYPE_EOF) */ 361 enum location location; /* which directroy the file lives in */ 362 }; 363 TAILQ_HEAD(entityq, entity); 364 365 struct repo; 366 struct filepath; 367 RB_HEAD(filepath_tree, filepath); 368 369 370 /* 371 * Statistics collected during run-time. 372 */ 373 struct stats { 374 size_t tals; /* total number of locators */ 375 size_t mfts; /* total number of manifests */ 376 size_t mfts_fail; /* failing syntactic parse */ 377 size_t mfts_stale; /* stale manifests */ 378 size_t certs; /* certificates */ 379 size_t certs_fail; /* invalid certificate */ 380 size_t roas; /* route origin authorizations */ 381 size_t roas_fail; /* failing syntactic parse */ 382 size_t roas_invalid; /* invalid resources */ 383 size_t repos; /* repositories */ 384 size_t rsync_repos; /* synced rsync repositories */ 385 size_t rsync_fails; /* failed rsync repositories */ 386 size_t http_repos; /* synced http repositories */ 387 size_t http_fails; /* failed http repositories */ 388 size_t rrdp_repos; /* synced rrdp repositories */ 389 size_t rrdp_fails; /* failed rrdp repositories */ 390 size_t crls; /* revocation lists */ 391 size_t gbrs; /* ghostbuster records */ 392 size_t vrps; /* total number of vrps */ 393 size_t uniqs; /* number of unique vrps */ 394 size_t del_files; /* number of files removed in cleanup */ 395 size_t extra_files; /* number of superfluous files */ 396 size_t del_dirs; /* number of directories removed in cleanup */ 397 size_t brks; /* number of BGPsec Router Key (BRK) certificates */ 398 struct timeval elapsed_time; 399 struct timeval user_time; 400 struct timeval system_time; 401 }; 402 403 struct ibuf; 404 struct msgbuf; 405 406 /* global variables */ 407 extern int verbose; 408 extern int filemode; 409 extern const char *tals[]; 410 extern const char *taldescs[]; 411 extern unsigned int talrepocnt[]; 412 extern size_t talsz; 413 414 /* Routines for RPKI entities. */ 415 416 void tal_buffer(struct ibuf *, const struct tal *); 417 void tal_free(struct tal *); 418 struct tal *tal_parse(const char *, char *, size_t); 419 struct tal *tal_read(struct ibuf *); 420 421 void cert_buffer(struct ibuf *, const struct cert *); 422 void cert_free(struct cert *); 423 struct cert *cert_parse(const char *, const unsigned char *, size_t); 424 struct cert *ta_parse(const char *, const unsigned char *, size_t, 425 const unsigned char *, size_t); 426 struct cert *cert_read(struct ibuf *); 427 void cert_insert_brks(struct brk_tree *, struct cert *); 428 429 enum rtype rtype_from_file_extension(const char *); 430 void mft_buffer(struct ibuf *, const struct mft *); 431 void mft_free(struct mft *); 432 struct mft *mft_parse(X509 **, const char *, const unsigned char *, 433 size_t); 434 struct mft *mft_read(struct ibuf *); 435 int mft_compare(const struct mft *, const struct mft *); 436 437 void roa_buffer(struct ibuf *, const struct roa *); 438 void roa_free(struct roa *); 439 struct roa *roa_parse(X509 **, const char *, const unsigned char *, 440 size_t); 441 struct roa *roa_read(struct ibuf *); 442 void roa_insert_vrps(struct vrp_tree *, struct roa *, size_t *, 443 size_t *); 444 445 void gbr_free(struct gbr *); 446 struct gbr *gbr_parse(X509 **, const char *, const unsigned char *, 447 size_t); 448 449 /* crl.c */ 450 X509_CRL *crl_parse(const char *, const unsigned char *, size_t); 451 void free_crl(struct crl *); 452 453 /* Validation of our objects. */ 454 455 struct auth *valid_ski_aki(const char *, struct auth_tree *, 456 const char *, const char *); 457 int valid_ta(const char *, struct auth_tree *, 458 const struct cert *); 459 int valid_cert(const char *, struct auth *, const struct cert *); 460 int valid_roa(const char *, struct auth *, struct roa *); 461 int valid_filehash(int, const char *, size_t); 462 int valid_uri(const char *, size_t, const char *); 463 int valid_origin(const char *, const char *); 464 465 /* Working with CMS. */ 466 unsigned char *cms_parse_validate(X509 **, const char *, 467 const unsigned char *, size_t, 468 const ASN1_OBJECT *, size_t *); 469 int cms_econtent_version(const char *, const unsigned char **, 470 size_t, long *); 471 /* Helper for ASN1 parsing */ 472 int ASN1_frame(const char *, size_t, 473 const unsigned char **, long *, int *); 474 475 /* Work with RFC 3779 IP addresses, prefixes, ranges. */ 476 477 int ip_addr_afi_parse(const char *, const ASN1_OCTET_STRING *, 478 enum afi *); 479 int ip_addr_parse(const ASN1_BIT_STRING *, 480 enum afi, const char *, struct ip_addr *); 481 void ip_addr_print(const struct ip_addr *, enum afi, char *, 482 size_t); 483 int ip_addr_cmp(const struct ip_addr *, const struct ip_addr *); 484 int ip_addr_check_overlap(const struct cert_ip *, 485 const char *, const struct cert_ip *, size_t); 486 int ip_addr_check_covered(enum afi, const unsigned char *, 487 const unsigned char *, const struct cert_ip *, size_t); 488 int ip_cert_compose_ranges(struct cert_ip *); 489 void ip_roa_compose_ranges(struct roa_ip *); 490 491 /* Work with RFC 3779 AS numbers, ranges. */ 492 493 int as_id_parse(const ASN1_INTEGER *, uint32_t *); 494 int as_check_overlap(const struct cert_as *, const char *, 495 const struct cert_as *, size_t); 496 int as_check_covered(uint32_t, uint32_t, 497 const struct cert_as *, size_t); 498 499 /* Parser-specific */ 500 void entity_free(struct entity *); 501 void entity_read_req(struct ibuf *, struct entity *); 502 void entityq_flush(struct entityq *, struct repo *); 503 void proc_parser(int) __attribute__((noreturn)); 504 505 /* Rsync-specific. */ 506 507 char *rsync_base_uri(const char *); 508 void proc_rsync(char *, char *, int) __attribute__((noreturn)); 509 510 /* HTTP and RRDP processes. */ 511 512 void proc_http(char *, int); 513 void proc_rrdp(int); 514 515 /* Repository handling */ 516 int filepath_add(struct filepath_tree *, char *); 517 void rrdp_clear(unsigned int); 518 void rrdp_save_state(unsigned int, struct rrdp_session *); 519 int rrdp_handle_file(unsigned int, enum publish_type, char *, 520 char *, size_t, char *, size_t); 521 char *repo_basedir(const struct repo *, int); 522 unsigned int repo_id(const struct repo *); 523 const char *repo_uri(const struct repo *); 524 struct repo *ta_lookup(int, struct tal *); 525 struct repo *repo_lookup(int, const char *, const char *); 526 struct repo *repo_byid(unsigned int); 527 int repo_queued(struct repo *, struct entity *); 528 void repo_cleanup(struct filepath_tree *); 529 void repo_free(void); 530 531 void rsync_finish(unsigned int, int); 532 void http_finish(unsigned int, enum http_result, const char *); 533 void rrdp_finish(unsigned int, int); 534 535 void rsync_fetch(unsigned int, const char *, const char *, 536 const char *); 537 void http_fetch(unsigned int, const char *, const char *, int); 538 void rrdp_fetch(unsigned int, const char *, const char *, 539 struct rrdp_session *); 540 void rrdp_http_done(unsigned int, enum http_result, const char *); 541 int repo_check_timeout(int); 542 543 /* Logging (though really used for OpenSSL errors). */ 544 545 void cryptowarnx(const char *, ...) 546 __attribute__((format(printf, 1, 2))); 547 void cryptoerrx(const char *, ...) 548 __attribute__((format(printf, 1, 2))) 549 __attribute__((noreturn)); 550 551 /* Encoding functions for hex and base64. */ 552 553 unsigned char *load_file(const char *, size_t *); 554 int base64_decode_len(size_t, size_t *); 555 int base64_decode(const unsigned char *, size_t, 556 unsigned char **, size_t *); 557 int base64_encode_len(size_t, size_t *); 558 int base64_encode(const unsigned char *, size_t, char **); 559 char *hex_encode(const unsigned char *, size_t); 560 int hex_decode(const char *, char *, size_t); 561 562 563 /* Functions for moving data between processes. */ 564 565 struct ibuf *io_new_buffer(void); 566 void io_simple_buffer(struct ibuf *, const void *, size_t); 567 void io_buf_buffer(struct ibuf *, const void *, size_t); 568 void io_str_buffer(struct ibuf *, const char *); 569 void io_close_buffer(struct msgbuf *, struct ibuf *); 570 void io_read_buf(struct ibuf *, void *, size_t); 571 void io_read_str(struct ibuf *, char **); 572 void io_read_buf_alloc(struct ibuf *, void **, size_t *); 573 struct ibuf *io_buf_read(int, struct ibuf **); 574 struct ibuf *io_buf_recvfd(int, struct ibuf **); 575 576 /* X509 helpers. */ 577 578 void x509_init_oid(void); 579 char *x509_get_aia(X509 *, const char *); 580 char *x509_get_aki(X509 *, int, const char *); 581 char *x509_get_ski(X509 *, const char *); 582 int x509_get_expire(X509 *, const char *, time_t *); 583 char *x509_get_crl(X509 *, const char *); 584 char *x509_crl_get_aki(X509_CRL *, const char *); 585 char *x509_get_pubkey(X509 *, const char *); 586 enum cert_purpose x509_get_purpose(X509 *, const char *); 587 588 /* printers */ 589 void tal_print(const struct tal *); 590 void cert_print(const struct cert *); 591 void mft_print(const struct mft *); 592 void roa_print(const struct roa *); 593 void gbr_print(const struct gbr *); 594 595 /* Output! */ 596 597 extern int outformats; 598 #define FORMAT_OPENBGPD 0x01 599 #define FORMAT_BIRD 0x02 600 #define FORMAT_CSV 0x04 601 #define FORMAT_JSON 0x08 602 603 int outputfiles(struct vrp_tree *v, struct brk_tree *b, 604 struct stats *); 605 int outputheader(FILE *, struct stats *); 606 int output_bgpd(FILE *, struct vrp_tree *, struct brk_tree *, 607 struct stats *); 608 int output_bird1v4(FILE *, struct vrp_tree *, struct brk_tree *, 609 struct stats *); 610 int output_bird1v6(FILE *, struct vrp_tree *, struct brk_tree *, 611 struct stats *); 612 int output_bird2(FILE *, struct vrp_tree *, struct brk_tree *, 613 struct stats *); 614 int output_csv(FILE *, struct vrp_tree *, struct brk_tree *, 615 struct stats *); 616 int output_json(FILE *, struct vrp_tree *, struct brk_tree *, 617 struct stats *); 618 619 void logx(const char *fmt, ...) 620 __attribute__((format(printf, 1, 2))); 621 time_t getmonotime(void); 622 623 int mkpath(const char *); 624 625 #define RPKI_PATH_OUT_DIR "/var/db/rpki-client" 626 #define RPKI_PATH_BASE_DIR "/var/cache/rpki-client" 627 628 /* Maximum number of IP and AS ranges accepted in any single file */ 629 #define MAX_IP_SIZE 200000 630 #define MAX_AS_SIZE 200000 631 632 /* Maximum acceptable URI length */ 633 #define MAX_URI_LENGTH 2048 634 635 /* Maximum acceptable file size */ 636 #define MAX_FILE_SIZE 4000000 637 638 /* Maximum number of FileAndHash entries per manifest. */ 639 #define MAX_MANIFEST_ENTRIES 100000 640 641 /* Maximum depth of the RPKI tree. */ 642 #define MAX_CERT_DEPTH 12 643 644 /* Maximum number of concurrent rsync processes. */ 645 #define MAX_RSYNC_PROCESSES 16 646 647 /* Maximum allowd repositories per tal */ 648 #define MAX_REPO_PER_TAL 1000 649 650 #endif /* ! EXTERN_H */ 651