Store BGPsec certs info, print at configured output
-Use struct 'router_key' to represent BGPsec certificates.
-Use reference count of Subject Key data (ID and public key) with 'sk_info' struct.
-Add router certificates info to local DB, as part of the refactor 'roa_table' was renamed to 'db_table'.
-Add configuration parameter 'output.bgpsec', the information is printed in hexadecimal representation (there's a TODO here: maybe encode and print as base64).
-Consider BGPsec keys in deltas.
-Use a constant for SKI length, since always is the same (20 bytes/octets).
Fix 11: validate certificates against its corresponding CRL.
The OpenSSL function 'X509_STORE_CTX_set0_crls' wasn't taking into consideration the CRL stack; the simple way to check revocation was doing it manually.
Pay special attention to manifests, the CRL stack that's received when its EE is validated, is grandparent's CRL; so, in this case, validate manifests on its own CRLDP.
-Prepare structs and functions to send RTRv1 router key PDUs.
-Basic preparation to store router keys, still needs more work.
-Validate BGPsec certificates based on RFCs 8209 and 8608.
-Configure RTRv1 intervals (refresh, retry, expire), more validations and logic are pending.
-Update sorted array to allow iterations on its elements.
libcmscodec's generated code is now git tracked by this repository. This
prevents lots of autotools and Debian package headaches, as well as
allowing us to prune large chunks of steps from the installation
recipes.
One of the reasons why we had the previous arrangement was because we
used to consider asn1c's output generated code, which meant we weren't
supposed to track it. However, the fact of the matter is that we'll
eventually need to tweak it manually, because we need to implement DER
parsing and better error message reporting, as well as improve the
quality of asn1c's code.
pcarana [Tue, 11 Jun 2019 23:08:45 +0000 (18:08 -0500)]
Update manual, unit tests, and add some fixes.
- Uncomment some unit tests and update them.
- Rename server.enabled flag to server.disabled, and update the flows affected by this update.
- Update version references to 0.0.1-beta.
- Update manual (man).
- Include automake as a Debian dependency.
- Validate PDU length received vs real bytes length received.
- Don't die if the PDU reader gets less bytes than what's expected.
- Remove 'crl_set' from rpp.c since the 'crl' is a pointer (the flag isn't necessary).
- Don't set SLURM comments as 'char const *', just as 'char *'.
- Print the ROAs to 'output.roa' after SLURM has been applied, or even when an error stopped validation (only the ROAs fetched to that point are printed).
- Patch `make distclean`.
test/'s distclean was attempting to clean stuff that src/'s
distclean had already removed, so it was aborting.
Fixed by moving needed .c's from test/Makefile.am to each
test .c file.
This prevents the unit tests from polluting src/.
- Simplify inclusion of unit tests during configure.
Rather than purposedly include them with --with-unit-tests,
they are now automatically included if Check is installed.
This also removes a lot of clutter from configure.ac.
pcarana [Wed, 5 Jun 2019 17:00:11 +0000 (12:00 -0500)]
Add server.enabled and output.roa arguments, update server.address docs
Now to perform a standalone validation, the server must be disabled (server.enabled = false).
The ROAs in CSV format can be: printed to console (output.roa = '-'), printed to a file (output.roa = '<file>'), not printed (output.roa isn't configured).
'server.address' docs specify the scenario when no value is set to that argument.
Code was trying to recover from critical/programming errors, but
most of the time they were being handled the same as validation
errors. This yielded often nonsensical results.
Critical errors now terminate the program. This is obviously
undesired, but is probably safer than doing something close to
undefined.
Remove the reset and merge validation handler callbacks
The only certificate that can invalidate the tree is the root one.
This is because other certificates are considered subtrees, and
therefore isolated problems.
RFC 7730 seems to agree:
> If the connection to the preferred URI fails, or the retrieved CA
> certificate public key does not match the TAL public key, the RP
> SHOULD retrieve the CA certificate from the next URI
(Neither of those reasons can be caused by a subtree.)
By the time the first ROA is handled, the root certificate is
already validated. This means that Fort will never find itself
needing to invalidate previously handled ROAs. Hence, there's no
need to "reset" a ROA table nor "merge" it with a global one after
success.
Not having to track both a global and a temporal table also reduces
RAM usage.
pcarana [Sat, 1 Jun 2019 01:01:09 +0000 (20:01 -0500)]
Relocate VRPs override function, and complete unit tests.
- The function that checks and removes VRPs that override eachother (before being sent by RTR), has been placed where VRPs functions are located.
- Fix the impersonator function that returns the minimum client serial.
- Add unit test to:
+ Check that deltas that won't be sent or used anymore, will be forgotten.
+ Check that a range of deltas that'll be sent by RTR, don't contain VRP announcements/withdrawals that override eachother.
+ Chech that a PDU with a wrong session ID is correctly handled.
The two incidences I had planned to include have been resolved as
"wontfix," basically:
1. A re-read of RFC 3370 has revealed that whether the parameters
field is supposed to be absent or NULL is completely ambiguous,
so we'll accept both now.
2. As for rsaEncryption vs sha256WithRSAEncryption for public keys,
the relevant sidr mailing list thread is currently favoring the
former. And the vast majority of the global RPKI does the same,
so there's no error to silence.
pcarana [Tue, 21 May 2019 21:11:40 +0000 (16:11 -0500)]
Add multiple improvements at SLURM, config and vrp, and fix a test bug
- Fix bug at client_test, the module wasn't updated with several changes from other commits.
- Add common function to load data from a file or directory, use this for TAL and SLURM locations (both configurations can have a file path or a dir path).
- Update some config parameters:
+ 'server.slurm.location' renamed to 'slurm' and it can be a file path or a directory path.
+ 'server.queue' renamed to 'server.backlog' with a default value of SOMAXCONN.
+ Delete 'server.rtr-interval.*' (RTRv1 isn't supported yet).
- Create macros to compare VRPs and to compare each of its properties.
- If the SLURM has errors, don't drop the whole ROA tree, just don't apply SLURM on the tree.
pcarana [Mon, 20 May 2019 22:06:50 +0000 (17:06 -0500)]
Attend some TODOs on clients and vrps DB
+Clients:
- Unify thread's DB and clients DB; threads IDs are remembered apart from client FDs, so that the main process can join all threads at the end.
- Remove (now unnecessary) struct rtr_client.
- End clients gracefully when the server is stopped (release memory, close sockets, join threads) and when communication between server-client stops in a regular way (eg. all PDUs were sent and the communication is terminated).
- Add a client to the DB until its own thread has started.
- Init clients DB from rtr.c instead of main.c.
+VRPS:
- Remove min_serial storage, is useless; calculate it instead when requested.
- Purge deltas when needed and don't store them if there are no clients.
- Rename 'current_serial' to 'next_serial'.
- include most TALs for convenience
- patch local repository's `mkdir -p` (just wasn't working at all)
- print status messages on client `accept(2)` failures
I couldn't find a viable way to multithreadedly manage deltas
without reference counters, and sig_atomic_t doesn't look portable
to me. So I decided to use C11 atomic types.
Upgrades the language standard from gnu99 to gnu11.
- Remove the traverse_down() and traverse_up() callbacks, obsolete since
the ROA database refactor.
- Fix warnings reported by ultra-pedantic gcc.
- Add abbreviations file.
- Patch unit tests (broken in the last commit).
- Some TODOs patched or discarded.
It's a configurable means to define the outcome of a validation
error.
At present, it has only been coded to handle the signature
algorithm having parameters error, since it's technically a
profile violation, and yet there's an insurmountable amount of
certificates breaking it at present.
Unrelatedly, the commit also prevents some RTR errors from being
responded to RTR errors.
- Add several validations
- Some error pipelines were missing error responses
- Patch "Erroneous PDU" fields. (The server was writing only headers,
not as much of the offending PDU as possible.)
pcarana [Fri, 10 May 2019 22:44:20 +0000 (17:44 -0500)]
Simplify PDUs sender.
-Remove data_buffer struct since isn't really needed.
-Move BUFFER_SIZE (now MAX_BUFFER_SIZE) to pdu_serializer, and increment to 1024.
-The static sender function (send_response) just sends whatever data it receives, since every other PDU sender function and the serializer are responsible to set the data length to the exact size of the data that'll be sent.
pcarana [Fri, 10 May 2019 18:06:58 +0000 (13:06 -0500)]
Remove some TODOs and re-classify others
-Move directory loading and file filtering to common.h.
-Accept a TALs directory in configuration.
-Don't check for overriden PDUs if there's only 1 delta to send.
-Add roa_table merge function, this allows to merge distinct roa tables so that the VRPs base can have all the data from multiple TALs.
-Remove 'loop' var (isn't necessary) and make 'sigaction act' a global var.
- New typedef: `serial_t`. Because I keep forgetting the serial data
type we're using.
- Remove `enum delta_op` in favor of `FLAG_*`. The latter still should
probably be converted into an enum and renamed though, especially
since its instances are never actually used as bitwise flags.
- Moved `struct vrp`'s `flag` field into `struct delta`, because it's
not always used in `vrp`.
Also, to improve performance a little, we're no longer canceling deltas
on cache responses when there's only one serial, because the ROA hash
table already guarantees their uniqueness.
The cache server MUST ensure that it has told the router client to
have one and only one IPvX PDU for a unique {Prefix, Len, Max-Len,
ASN} at any one point in time. Should the router client receive an
IPvX PDU with a {Prefix, Len, Max-Len, ASN} identical to one it
already has active, it SHOULD raise a Duplicate Announcement Received
error.
Though sometimes we can't do anything meaningful with the errors,
but panicking is probably better than ignoring them and subtly
doing the wrong thing.
The code was underperforming on lookups (which also meant it
was underperforming on adds and removals), and had incorrect
locking.
Also, adds and removes had inconsistent keys (adds used addresses
and removes used file descriptors). This wasn't necessarily
a bug, but added needless complexity.
-Remove slurm_check_interval configuration parameter since is unnecessary.
-Load multiple SLURM files from a configured location (must be a directory).
-Add Router Key PDU (structs, serializer, sender function with pending work to do).
-Set buffers as unsigned char buffers.
-Prepare to send large PDUs (beta).
-Increment default buffer size to 512.
projects / thirdparty / FORT-validator.git / log
