{
struct SignerInfo *sinfo;
OCTET_STRING_t *sid = NULL;
+ unsigned long version;
int error;
/* rfc6488#section-2.1 */
/* rfc6488#section-2.1.1 */
/* rfc6488#section-3.1.b */
- if (sdata->version != 3) {
- return pr_err("The SignedData version is only allowed to be 3. (Was %ld.)",
- sdata->version);
+ error = asn_INTEGER2ulong(&sdata->version, &version);
+ if (error) {
+ if (errno)
+ pr_errno(errno, "Error converting SignedData version: ");
+ return pr_err("The SignedData version isn't a valid unsigned long");
+ }
+ if (version != 3) {
+ return pr_err("The SignedData version is only allowed to be 3. (Was %lu.)",
+ version);
}
/* rfc6488#section-2.1.2 */
sinfo = sdata->signerInfos.list.array[0];
if (sinfo == NULL)
return pr_err("The SignerInfo object is NULL.");
- if (sinfo->version != 3) {
- return pr_err("The SignerInfo version is only allowed to be 3. (Was %ld.)",
- sinfo->version);
+
+ error = asn_INTEGER2ulong(&sinfo->version, &version);
+ if (error) {
+ if (errno)
+ pr_errno(errno, "Error converting SignerInfo version: ");
+ return pr_err("The SignerInfo version isn't a valid unsigned long");
+ }
+ if (version != 3) {
+ return pr_err("The SignerInfo version is only allowed to be 3. (Was %lu.)",
+ version);
}
/* rfc6488#section-2.1.6.2 */
static int
validate_manifest(struct Manifest *manifest)
{
+ long version;
bool is_sha256;
int error;
*/
/* rfc6486#section-4.4.2 */
- if (manifest->version != 0)
- return -EINVAL;
-
+ if (manifest->version != NULL) {
+ error = asn_INTEGER2long(manifest->version, &version);
+ if (error) {
+ if (errno)
+ pr_errno(errno, "Error casting manifest version: ");
+ return pr_err("The manifest version isn't a valid long");
+ }
+ if (version != 0)
+ return -EINVAL;
+ }
/*
* TODO "Manifest verifiers MUST be able to handle number values up to
* 20 octets."
return error;
if (roa_addr->maxLength != NULL) {
- max_length = *roa_addr->maxLength;
+ error = asn_INTEGER2long(roa_addr->maxLength, &max_length);
+ if (error) {
+ if (errno)
+ pr_errno(errno, "Error casting ROA's IPv4 maxLength: ");
+ return pr_err("The ROA's IPv4 maxLength isn't a valid long");
+ }
if (max_length < 0 || 32 < max_length) {
return pr_err("maxLength (%ld) is out of bounds (0-32).",
return error;
if (roa_addr->maxLength != NULL) {
- max_length = *roa_addr->maxLength;
+ error = asn_INTEGER2long(roa_addr->maxLength, &max_length);
+ if (error) {
+ if (errno)
+ pr_errno(errno, "Error casting ROA's IPv6 maxLength: ");
+ return pr_err("The ROA's IPv6 maxLength isn't a valid long");
+ }
if (max_length < 0 || 128 < max_length) {
return pr_err("maxLength (%ld) is out of bounds (0-128).",
__handle_roa(struct RouteOriginAttestation *roa, struct resources *parent)
{
struct ROAIPAddressFamily *block;
+ unsigned long as_id;
+ long version;
int b;
int a;
int error;
- /* rfc6482#section-3.1 */
- if (roa->version != 0)
- return pr_err("ROA's version (%ld) is nonzero.", roa->version);
+ if (roa->version != NULL) {
+ error = asn_INTEGER2long(roa->version, &version);
+ if (error) {
+ if (errno)
+ pr_errno(errno, "Error casting ROA's version: ");
+ return pr_err("The ROA's version isn't a valid long");
+ }
+ /* rfc6482#section-3.1 */
+ if (version != 0)
+ return pr_err("ROA's version (%ld) is nonzero.", version);
+ }
+ error = asn_INTEGER2ulong(&roa->asID, &as_id);
+ if (error) {
+ if (errno)
+ pr_errno(errno, "Error casting ROA's AS ID value: ");
+ return pr_err("ROA's AS ID couldn't be parsed as unsigned long");
+ }
/* rfc6482#section-3.2 (more or less.) */
- if (!resources_contains_asn(parent, roa->asID)) {
+ if (!resources_contains_asn(parent, as_id)) {
return pr_err("ROA is not allowed to attest for AS %d",
- roa->asID);
+ as_id);
}
/* rfc6482#section-3.3 */
if (block->addresses.list.array == NULL)
return pr_err("ROA's address list array is NULL.");
for (a = 0; a < block->addresses.list.count; a++) {
- error = print_addr(parent, roa->asID,
+ error = asn_INTEGER2ulong(&roa->asID, &as_id);
+ if (error) {
+ if (errno)
+ pr_errno(errno, "Error casting AS ID at address list: ");
+ return error;
+ }
+ error = print_addr(parent, as_id,
block->addressFamily.buf[1],
block->addresses.list.array[a]);
if (error)
add_asn(struct resources *resources, ASId_t min, ASId_t max,
struct resources *parent)
{
+ unsigned long asn_min, asn_max;
int error;
- if (parent && !rasn_contains(parent->asns, min, max))
+ error = asn_INTEGER2ulong(&min, &asn_min);
+ if (error) {
+ if (errno)
+ pr_errno(errno, "Error converting ASN min value: ");
+ return pr_err("Added ASN min value isn't a valid unsigned long");
+ }
+ error = asn_INTEGER2ulong(&max, &asn_max);
+ if (error) {
+ if (errno)
+ pr_errno(errno, "Error converting ASN max value: ");
+ return pr_err("Added ASN max value isn't a valid unsigned long");
+ }
+ if (parent && !rasn_contains(parent->asns, asn_min, asn_max))
return pr_err("Parent certificate doesn't own child's ASN resource.");
if (resources->asns == NULL) {
return error;
}
- if (min == max)
- pr_debug("ASN: %ld", min);
+ if (asn_min == asn_max)
+ pr_debug("ASN: %lu", asn_min);
else
- pr_debug("ASN: %ld-%ld", min, max);
+ pr_debug("ASN: %lu-%lu", asn_min, asn_max);
return 0;
}
}
bool
-resources_contains_asn(struct resources *res, ASId_t asn)
+resources_contains_asn(struct resources *res, long asn)
{
return rasn_contains(res->asns, asn, asn);
}
int resources_add_asn(struct resources *, struct ASIdentifiers *);
bool resources_empty(struct resources *);
-bool resources_contains_asn(struct resources *, ASId_t);
+bool resources_contains_asn(struct resources *, long);
bool resources_contains_ipv4(struct resources *, struct ipv4_prefix *);
bool resources_contains_ipv6(struct resources *, struct ipv6_prefix *);
#include "asn.h"
+#include <errno.h>
+
+#include "log.h"
#include "sorted_array.h"
struct asn_node {
- ASId_t min;
- ASId_t max;
+ long min;
+ long max;
};
static enum sarray_comparison
asn_cmp(void *arg1, void *arg2)
{
- ASId_t n1min = ((struct asn_node *) arg1)->min;
- ASId_t n2min = ((struct asn_node *) arg2)->min;
- ASId_t n1max = ((struct asn_node *) arg1)->max;
- ASId_t n2max = ((struct asn_node *) arg2)->max;
+ long n1min = ((struct asn_node *) arg1)->min;
+ long n1max = ((struct asn_node *) arg1)->max;
+ long n2min = ((struct asn_node *) arg2)->min;
+ long n2max = ((struct asn_node *) arg2)->max;
if (n1min == n2min && n1max == n2max)
return SACMP_EQUAL;
int
rasn_add(struct resources_asn *asns, ASId_t min, ASId_t max)
{
- struct asn_node n = { min, max };
+ unsigned long l_min;
+ unsigned long l_max;
+ int error;
+
+ error = asn_INTEGER2ulong(&min, &l_min);
+ if (error) {
+ if (errno)
+ pr_errno(errno, "ASN min value: ");
+ return pr_err("ASN min value isn't a valid unsigned long");
+ }
+ error = asn_INTEGER2ulong(&max, &l_max);
+ if (error) {
+ if (errno)
+ pr_errno(errno, "ASN max value: ");
+ return pr_err("ASN max value isn't a valid unsigned long");
+ }
+ struct asn_node n = { l_min, l_max };
return sarray_add((struct sorted_array *) asns, &n);
}
}
bool
-rasn_contains(struct resources_asn *asns, ASId_t min, ASId_t max)
+rasn_contains(struct resources_asn *asns, long min, long max)
{
struct asn_node n = { min, max };
return sarray_contains((struct sorted_array *) asns, &n);
int rasn_add(struct resources_asn *, ASId_t, ASId_t);
bool rasn_empty(struct resources_asn *);
-bool rasn_contains(struct resources_asn *, ASId_t, ASId_t);
+bool rasn_contains(struct resources_asn *, long, long);
#endif /* SRC_RESOURCE_ASN_H_ */
projects / thirdparty / FORT-validator.git / commitdiff
