struct resource_params {
unsigned char const *ski;
unsigned char const *spk;
- size_t spk_len;
struct resources *resources;
};
return pr_err("BGPsec certificate is not allowed for ASN %lu.",
asn);
- return vhandler_handle_bgpsec(params->ski, asn, params->spk,
- params->spk_len);
+ return vhandler_handle_bgpsec(params->ski, asn, params->spk);
}
int
{
struct resource_params res_params;
X509_PUBKEY *pub_key;
- unsigned char const *cert_spk;
+ unsigned char *cert_spk, *tmp;
int cert_spk_len;
int ok;
if (pub_key == NULL)
return crypto_err("X509_get_X509_PUBKEY() returned NULL at BGPsec");
- ok = X509_PUBKEY_get0_param(NULL, &cert_spk, &cert_spk_len, NULL,
- pub_key);
- if (!ok)
- return crypto_err("X509_PUBKEY_get0_param() returned %d at BGPsec",
- ok);
+ cert_spk = malloc(RK_SPKI_LEN);
+ if (cert_spk == NULL)
+ return pr_enomem();
+
+ /* Use a temporal pointer, since i2d_X509_PUBKEY moves it */
+ tmp = cert_spk;
+ cert_spk_len = i2d_X509_PUBKEY(pub_key, &tmp);
+ if(cert_spk_len < 0)
+ return crypto_err("i2d_X509_PUBKEY() returned error");
res_params.spk = cert_spk;
- res_params.spk_len = cert_spk_len;
res_params.ski = ski;
res_params.resources = resources;
ok = resources_foreach_asn(resources, asn_cb, &res_params);
+ free(cert_spk);
return ok;
}
struct sk_info {
unsigned char *ski;
- /* SKI length its constant (see RK_SKI_LEN) */
+ /* Lengths are constant (see RK_SKI_LEN, RK_SPKI_LEN) */
unsigned char *spk;
- size_t spk_len;
unsigned int references;
};
int
router_key_init(struct router_key *key, unsigned char const *ski,
- uint32_t as, unsigned char const *spk, size_t spk_len)
+ uint32_t as, unsigned char const *spk)
{
struct sk_info *sk;
int error;
return pr_enomem();
}
- error = uchar_create(&sk->spk, spk_len);
+ error = uchar_create(&sk->spk, RK_SPKI_LEN);
if (error) {
free(sk->ski);
free(sk);
memcpy(sk->ski, ski, RK_SKI_LEN);
sk->ski[RK_SKI_LEN] = '\0';
- memcpy(sk->spk, spk, spk_len);
- sk->spk[spk_len] = '\0';
- sk->spk_len = spk_len;
+ memcpy(sk->spk, spk, RK_SPKI_LEN);
+ sk->spk[RK_SPKI_LEN] = '\0';
sk->references = 1;
key->as = as;
{
return sk->spk;
}
-
-size_t
-sk_info_get_spk_len(struct sk_info *sk)
-{
- return sk->spk_len;
-}
*/
#define RK_SKI_LEN 20
+/*
+ * SPKI (subjectPublicKeyInfo) is 91 bytes long (considering TLVs):
+ * SEQUENCE subjectPublicKeyInfo: 2 (Tag & Length) + 89 (Value)
+ * Public key: 2 (TL) + 65 (V)
+ * SEQUENCE Algorithm: 2 (TL) + 19 (V)
+ * Algorithm OID: 2 (TL) + 7 (V) [oid: 1.2.840.10045.2.1]
+ * Algorithm param: 2 (TL) + 8 (V) [oid: 1.2.840.10045.3.1.7]
+ */
+#define RK_SPKI_LEN 91
+
/*
* Subject key info with ref counter, use getters to fetch its data
*/
};
int router_key_init(struct router_key *, unsigned char const *, uint32_t,
- unsigned char const *, size_t);
+ unsigned char const *);
void router_key_cleanup(struct router_key *);
void sk_info_refget(struct sk_info *);
unsigned char *sk_info_get_ski(struct sk_info *);
unsigned char *sk_info_get_spk(struct sk_info *);
-size_t sk_info_get_spk_len(struct sk_info *);
#endif /* SRC_OBJECT_ROUTER_KEY_H_ */
error = print_to_hex(sk_info_get_ski(key->sk), RK_SKI_LEN, &buf1);
if (error)
return error;
- error = print_to_hex(sk_info_get_spk(key->sk),
- sk_info_get_spk_len(key->sk), &buf2);
+ error = print_to_hex(sk_info_get_spk(key->sk),RK_SPKI_LEN, &buf2);
if (error)
return error;
fprintf(out, "AS%u,%s,%s\n", key->as, buf1, buf2);
struct sk_info *sk = new->data.sk;
return rtrhandler_handle_router_key(dst, sk_info_get_ski(sk),
- new->data.as, sk_info_get_spk(sk), sk_info_get_spk_len(sk));
+ new->data.as, sk_info_get_spk(sk));
}
#define MERGE_ITER(table_prop, name, err_var) \
int
rtrhandler_handle_router_key(struct db_table *table,
- unsigned char const *ski, uint32_t as, unsigned char const *spk,
- size_t spk_len)
+ unsigned char const *ski, uint32_t as, unsigned char const *spk)
{
struct hashable_key *key;
int error;
/* Needed by uthash */
memset(key, 0, sizeof(struct hashable_key));
- error = router_key_init(&key->data, ski, as, spk, spk_len);
+ error = router_key_init(&key->data, ski, as, spk);
if (error) {
free(key);
return error;
int rtrhandler_handle_roa_v6(struct db_table *, uint32_t,
struct ipv6_prefix const *, uint8_t);
int rtrhandler_handle_router_key(struct db_table *, unsigned char const *,
- uint32_t, unsigned char const *, size_t);
+ uint32_t, unsigned char const *);
int compute_deltas(struct db_table *, struct db_table *, struct deltas **);
#endif /* SRC_RTR_DB_DB_TABLE_H_ */
int
__handle_bgpsec(unsigned char const *ski, uint32_t as, unsigned char const *spk,
- size_t spk_len, void *arg)
+ void *arg)
{
- return rtrhandler_handle_router_key(arg, ski, as, spk, spk_len);
+ return rtrhandler_handle_router_key(arg, ski, as, spk);
}
static int
pdu.ski_len = RK_SKI_LEN;
pdu.asn = router_key->as;
pdu.spki = sk_info_get_spk(router_key->sk);
- pdu.spki_len = sk_info_get_spk_len(router_key->sk);
+ pdu.spki_len = RK_SPKI_LEN;
pdu.header.length = RTRPDU_HDR_LEN
+ RK_SKI_LEN
+ sizeof(router_key->as)
- + pdu.spki_len;
+ + RK_SPKI_LEN;
sk_info_refget(router_key->sk);
data = malloc(pdu.header.length);
int
vhandler_handle_bgpsec(unsigned char const *ski, uint32_t as,
- unsigned char const *spk, size_t spk_len)
+ unsigned char const *spk)
{
struct validation_handler const *handler;
int error;
return error;
return (handler->handle_bgpsec != NULL)
- ? handler->handle_bgpsec(ski, as, spk, spk_len, handler->arg)
+ ? handler->handle_bgpsec(ski, as, spk, handler->arg)
: 0;
}
void *);
/** Called every time Fort has successfully validated a BGPsec cert */
int (*handle_bgpsec)(unsigned char const *, uint32_t,
- unsigned char const *, size_t, void *);
+ unsigned char const *, void *);
/** Generic user-defined argument for the functions above. */
void *arg;
};
int vhandler_handle_roa_v4(uint32_t, struct ipv4_prefix const *, uint8_t);
int vhandler_handle_roa_v6(uint32_t, struct ipv6_prefix const *, uint8_t);
int vhandler_handle_bgpsec(unsigned char const *, uint32_t,
- unsigned char const *, size_t);
+ unsigned char const *);
#endif /* SRC_VALIDATION_HANDLER_H_ */
projects / thirdparty / FORT-validator.git / commitdiff
