pcarana [Fri, 13 Dec 2019 17:50:46 +0000 (11:50 -0600)]
Refactor RRDP URIs storage, implement session ID update.
+Delete dir daemon: detach thread, renames the directory that's going to be deleted.
+Update logic (structs and relations) to remember RRDP URIs: each TAL thread will hold its own RRDP URIs, and each URI (update notification URI) will have its own visited uris struct; the main thread holds each TALs information, so that it can be accesed during every validation run. This way we know who owns what, and in case of a session ID update it's easier to remove the whole file system directory tree related to an RRDP URI.
+Rename 'visited_uris' of rsync to 'rsync_visited_uris', in validation state struct.
+Assure that update notification files are requested only once per cycle (in case they're found as the prefered access method).
+Implement session ID update, remove all files related to the previous session ID.
pcarana [Wed, 11 Dec 2019 00:30:53 +0000 (18:30 -0600)]
Remember which manifests where fetched using RRDP, remove rrdp_handler.
+Remember all manifests URIs that were processed from a snapshot or delta file, this will aid to avoid unnecessary rsync's on child CAs.
+Create 'visited_uris' struct and methods to remember URIs from RRDP snapshot/delta file(s). This should be updated to use another struct more efficient than an SLIST.
+Remove 'rrdp_handler' and do its calls directly where needed.
+Add warning message whenever an access method fails and the secondary access method is utilized.
+Assure that RRDP Update Notification URIs are visited only once per validation run.
+In case there's a manifest error, don't retry the repository download if the accessMethod to get the manifest was RRDP.
pcarana [Tue, 10 Dec 2019 21:03:31 +0000 (15:03 -0600)]
Parse XML docs using a reader, don't load the whole DOM at memory.
+Use 'libxml/xmlreader.h' functions to validate and parse XML documents, this decreases the use of memory that was being allocated using other functions.
+Update the logic at 'rrdp_parser.c' to parse a document element by element, using an 'xmlTextReader'.
+Update unit test to use the XML text reader.
pcarana [Thu, 5 Dec 2019 23:57:19 +0000 (17:57 -0600)]
Validate list of deltas at update notification file.
+Assure that the list of deltas is ordered to facilitate the validation of contiguous serials, and the processing of only the required deltas (only if there's a delta update).
+Change enum 'rrdp_uri_cmp_result' to a type 'rrdp_uri_cmp_result_t'.
+Process the snapshot if there's an error processing deltas.
+Make 'delta_head' attributes public, global and doc data init methods are now void.
+Remove 'SLIST' usage at 'deltas_head' struct, use instead an array list implementation, ready to store a defined amount of elements.
pcarana [Wed, 4 Dec 2019 16:05:55 +0000 (10:05 -0600)]
Send 'If-Modified-Since' header on update notification requests.
+The last update is stored along with the RRDP URIs DB, this date is updated once the file processing (snapshot or deltas) is successfully terminated.
+Be ready in case the server responds an HTTP 304 status code.
+Use CURL option 'CURLOPT_FAILONERROR' to treat HTTP status code > 400 as errors.
pcarana [Mon, 2 Dec 2019 22:39:31 +0000 (16:39 -0600)]
Validate hashes and some missing things.
+Add validations of: hash, namespace, version, session ID, and serial of files.
+Validate that only one serial is listed at the update notification file.
+Quick validation of delta elements listed at the notification file (needs a better algorithm to check that all are part of a contiguous sequence).
+Remove unnecessary struct 'xml_source', initially meant to calculate the hash, but it's needed at all.
+Fix a bug: the hash wasn't being set at 'delta_head' new element(s).
pcarana [Fri, 29 Nov 2019 21:54:33 +0000 (15:54 -0600)]
Process delta files, create rrdp_loader to centralize rrdp processing.
+Parse and process delta files, includes file deleting due to a withdraw as well as the parent dir deletion if the dir is empty.
+Consider that 'publish' elements have an optional 'hash' in some cases.
+Calculate the deltas necessary to process from a notification file, based on the current loaded serial and the last downloaded serial.
+Add handler function to get the last downloaded serial.
+The RRDP loader gets the notification file and takes the decission to process such file (no changes, serial update, session update, or new uri). Its code was at certificate.c, but was rellocated here.
+Remove SLIST from rrdp_objects, as well as some other properties that aren't necessary (lists at delta and at snapshot structs).
+Prepare 'deltas_head' to be referenced from distinct parts.
+Fix serial validation when parsing a 'son' object (e.g. validating a delta that was listed at the update notification file).
+No need to return parsed snapshot and delta, since they are processed asap and no further actions are required with the allocated structs.
pcarana [Wed, 27 Nov 2019 21:49:39 +0000 (15:49 -0600)]
Parse and process snapshot, remember RRDP URIs (session ID and serial).
+Create struct and method to store RRDP URIs data.
+Create handler so that multiple threads can access RRDP URIs data.
+Rename 'gdata' property to 'global_data' at update_notification struct.
+Use prefered access method according to the order specified at the CAs.
+Implement RRDP URIs comparison, considers: URI, session ID and serial so that the caller can determine what to do (process snapshot, deltas, etc.)
+Document rrdp_objects.h structs.
+Add content length to 'publish' structure.
+Add functions to parse 'publish' elements.
+Validate that a new RRDP object parsed matches session ID and serial of the parent.
+Whenever a snapshot file is parsed (and validated), all of its 'publish' elements are parsed as well and created at the local repository.
+Use 'fnstack' to log whenever an RRDP file is being processed.
+Update 'uri.h' to explicitly create either rsync or https URIs.
+Use rrdp_handler at the validation state of each thread (or each TAL, it's the same thing).
+Fix wrong return value on error at __do_file_validation, it should return a 'no memory' error instead of 'invalid value'.
+Fix macro ARRAYLIST_FOREACH, one argument wasn't being utilized.
+Update unit tests, add reference to new header 'db_rrdp.h'.
pcarana [Thu, 21 Nov 2019 17:12:30 +0000 (11:12 -0600)]
Add XML parsing structs and methods.
+Validate and parse an Update Notification file whenever is found at a certificate. Currently this does nothing else, is merely to download and validate the file; rsync is still utilized to fetch the repository data.
+Add libxml2 dependency, utilized to validate XML files using relaxNG schema.
+Initialize and cleanup XML parser on main thread.
+Currently libxml2 doesn't seems to support Relax NG compact form, but due to its license, it's the best option to use. The RRDP schema was transformed to Relax NG schema with the tool rnc2rng.
+Add basic unit test to parse an RRDP XML file.
pcarana [Wed, 13 Nov 2019 23:47:58 +0000 (17:47 -0600)]
Support RFC8630, TALs can have comments and HTTPS URIs.
-Remove all references to RFC 7730 (docs and source comments), now obsolete.
-Indicate full RFC 8630 compliance at docs.
-Implement full validation of AIA (RFC 6487 section 4.8.7), since HTTPS URIs loaded from a TAL can cause the current validation to fail.
-The AIA validation function is now exposed, so that CAs and EEs can do it when the current certificate is being validated (and already loaded at heap).
-Allow to create uris that start with 'https://', let uri.c ready to validate https and/or rsync uris.
-Parse comments and https URIs from a tal file, comments are ignored. Whenever and https URI is found and utilized, the file is downloaded using the previously commited HTTP module.
pcarana [Tue, 12 Nov 2019 23:42:29 +0000 (17:42 -0600)]
Add module to support HTTPS requests.
-New program arguments to configure http requests:
+http.user-agent
+http.connect-timeout
+http.transfer-timeout
+http.ca-path
-Relocate functions that create a local directory structure from a local URI, so that can be utilized by rsync.c and http.c.
-Expose a function to download a file from an HTTPS URL, the function is expected to write the bytes from the response into a file using a callback (defined by the caller).
-Add libcurl dependency at makefile and docs (still needs an update for the distinct OSs installation).
-Add unit test for the http module.
-Update man and docs with new configuration properties.
-Update configuration example with new configuration properties.
pcarana [Tue, 29 Oct 2019 20:57:41 +0000 (14:57 -0600)]
Fix unit tests, create common function to print IP addresses.
-Add missing getters at configuration impersonator.
-Create a common function to print IPv4 and IPv6 addresses, the function already existed but it was created multiple times at distinct sources.
pcarana [Thu, 24 Oct 2019 15:46:26 +0000 (10:46 -0500)]
Validate SignedObject DER encoding using incidences schema.
-asn1c doesn't have a DER decoder, but it has DER encoders. Once the data is BER decoded, encode it again as DER and compare against the original data, the difference (if there's one) will be at ASN1 TLVs.
-Create new incidence 'incid-obj-not-der-encoded' to handle such error.
-Update docs: RFC 6488 100% compliance, new incidence description.
-Add new incidence to configuration example (examples/config.json).
pcarana [Fri, 18 Oct 2019 19:39:34 +0000 (14:39 -0500)]
Create setup script, add examples directory (includes tal dir).
-The script invites to agree ARIN RPA and downloads ARIN's TAL. Additionally, downloads the rest of the TALS, creates a local repository directory, and an example configuration file.
-Create 'examples' directory to include examples of: configuration file, SLURM, TALs.
-Move 'tal' directory to 'examples/tal'.
-Update docs, add the usage of the setup script at Installation module.
pcarana [Tue, 15 Oct 2019 20:04:32 +0000 (15:04 -0500)]
Log additional information on start/end of validation cycle.
+The information is printed at INFO level:
- When a client starts/ends a connection, or when the connection is killed (print its address and an internal ID).
- When a new validation cycle is started and finished (includes number of valid ROAs and Router Keys, current/new serial number, and real execution time).
+Update function 'log_debug_enabled' and add 'log_info_enabled' function.
+Add functions to get total ROAs and Router Keys from db_table struct.
pcarana [Fri, 11 Oct 2019 22:30:12 +0000 (17:30 -0500)]
Remember last valid SLURM in case of syntax error with newer SLURM(s).
-Remove 'comment' member from slurm structs, there's no need to store its value.
-Rename 'slurm/slurm_db.*' to 'slurm/db_slurm.*'.
-Allocate SLURM data, so that the last valid SLURM can be used if needed; so, now the SLURM lives on the heap and is 'remembered' as part of the VRPs state. Also remember the date and time when the last valid SLURM was loaded.
-Move 'slurm_bgpsec' and 'slurm_prefix' structs, and SLURM data flags to 'db_slurm.h'.
-Update 'slurm_parser' to return a specific error in case of a syntax error, so that further actions can be taken (ignore slurm, use last valid version, or store as the last valid version).
-In case a previous valid version of SLURM is utilized, log a WARNING indicating that such action is being taken, and log SLURM content at INFO level.
-Fix bug at common function 'process_file', there was an issue before releasing temporal pointers.
Update docs structure and content, merge with master.
-Bring the last updates from master (from commit 298c8f9ab0147159e70e47fb7f0766a5bc1b8b31).
-Fix background of some images (use white instead of none).
-Remove the 'doc' dir and move all its content to root folder, so that the whole documentation can be consulted from the root directory.
-Update the documentation index.
-Update docs layout references to match the new directory structure.
Fix bug, complete some unit tests, downgrade NID info logging.
-Bug fixed: Router Key PDUs overriding each others weren't removed due to a bad 'memcmp' use.
-Complete unit tests where Router Keys data can be tested.
-Downgrade NID registering log from info to debug on initialization.
+Each TAL will validate its own repositories without waiting for the others to terminate.
+Remove a TODO on configure.ac
+Update unit tests.
+Fix warning at base64 sanitizer, replace the function 'strchr' with a local one since the read buffer isn't necessarily a string.
pcarana [Wed, 21 Aug 2019 17:24:49 +0000 (12:24 -0500)]
Fix SLURM issues, and compile warning.
-SLURM filters weren't correctly applied when the filter had a prefix and an asn, only the asn was taken into account.
-Another error at filters, if a prefix X covered ROA prefix Y, the ROA prefix wasn't filtered; so apply the filter as specified in RFC 8416.
-Remove compile warning '_BSD_SOURCE and _SVID_SOURCE are deprecated', and set '_DEFAULT_SOURCE' at generated code by asn1c 'GeneralizedTime.c'.
pcarana [Wed, 14 Aug 2019 22:10:25 +0000 (17:10 -0500)]
Fix #14, remove SIGINT handler and adequate rsync return status.
-The SIGINT handler wasn't terminating the process as it should be, so let the signal be handled as default (like SIGTERM).
-Update the rsync (do_rsync) function to read the returned pid status and know how did the process was terminated; in case of interruption, use the returned value to terminate the validation cycle as well.
pcarana [Tue, 6 Aug 2019 16:28:24 +0000 (11:28 -0500)]
Assign ID to incidence, validate RTR port, fix slurm bug.
-Use an ID for the registered incidence.
-When loading multiple SLURM files, the validation from RFC 8416 section 4.2 wasn't considered. A context is used to perform such validation, since every prefix or asn (for bgpsec) must be validated according to its own context/file.
-Remove dead code (structs) from SLURM.
-Validate RTR port range since this isn't validated by getaddrinfo.
pcarana [Fri, 2 Aug 2019 16:51:11 +0000 (11:51 -0500)]
Fix minor issues and add some enhancements.
-Display a warning when a directory doesn't have files with the desired extension (used at TAL and SLURM configuration).
-Set the minimum allowed value of 'maximum-certificate-depth' to 5 to allow a normal operation.
-Validate ROA output file path at initialization instead of doing it when the whole validation process has terminated.
-Add a note to indicate 64-bit OS support.
-Print the real address where the RTR server will be bounded to.
-If there's an error loading the SLURM data, show the element that has the error.
-Fix X509_VERIFY_PARAM memory leak.
-Update doc reference to UINT_MAX definition.
-Fix bug: when a TAL couldn't be loaded its references where trying to be released, but such references didn't existed.
I was uncomfortable with the previous solution for two reasons:
- It wasn't deferring certificate revocation validation to libcrypto.
I am not sure if our implementation of it was sufficient, but
regardless, this operation should not be performed by Fort itself.
- It induced redundant CRL loading, which was a little unnecessarily
slow.
The root of the problem was that Fort was (originally) trying to
validate manifests' certificates using their grandparents' CRL (rather
than the parents'), which was incorrect and now fixed.
Fix some BGPsec issues and complete output printing.
-The SLURM BGPsec arrays were loading only 1 element, and the AS wasn't set when filtering router keys (programmer errors ¬¬).
-Validate SLURM routerPublicKey as a SubjectPublicKeyInfo struct, including the expected algorithms for BGPsec certificates.
-Print router key info as base64url encoded strings, and update headers.
Rename *bgpsec to *router_key, change SK data types, fix ERROR_PDU bug
-Use 'router_key' naming instead of bgpsec once the certificates had been validated and are stored at base or deltas.
-Use char arrays instead of pointers at SK (subject key) info, the DB hash table was detecting every validation run as an update for BGPsec certificates (pointers to sk_info's were always distinct).
-Remove structure 'sk_info' and its related functions, now its data is set at 'router_key' struct.
-Allow to receive larger error pdu messages. The maximum allowed length for PDUs received is 512 bytes, but the error messages couldn't be larger than 40 bytes (aprox).
-Add Router Key PDU constant length.
-Avoid needless comparisons at SLURM filters.
-Add functions to apply SLURM BGPsec filters and assertions.
-Remove length variables of SKI and SPKI on SLURM BGPsec structs.
-Send Router Key PDUs of base data (only PDUs from deltas were sent).
-Update outdated unit tests (bad calls, missing calls, impersonate functions).
-Complete filtering functions for BGPsec data.
Store BGPsec certs info, print at configured output
-Use struct 'router_key' to represent BGPsec certificates.
-Use reference count of Subject Key data (ID and public key) with 'sk_info' struct.
-Add router certificates info to local DB, as part of the refactor 'roa_table' was renamed to 'db_table'.
-Add configuration parameter 'output.bgpsec', the information is printed in hexadecimal representation (there's a TODO here: maybe encode and print as base64).
-Consider BGPsec keys in deltas.
-Use a constant for SKI length, since always is the same (20 bytes/octets).
Fix 11: validate certificates against its corresponding CRL.
The OpenSSL function 'X509_STORE_CTX_set0_crls' wasn't taking into consideration the CRL stack; the simple way to check revocation was doing it manually.
Pay special attention to manifests, the CRL stack that's received when its EE is validated, is grandparent's CRL; so, in this case, validate manifests on its own CRLDP.
-Prepare structs and functions to send RTRv1 router key PDUs.
-Basic preparation to store router keys, still needs more work.
-Validate BGPsec certificates based on RFCs 8209 and 8608.
-Configure RTRv1 intervals (refresh, retry, expire), more validations and logic are pending.
-Update sorted array to allow iterations on its elements.
projects / thirdparty / FORT-validator.git / log
