RTRlib
Loading...
Searching...
No Matches
bgpsec_utils_private.h
Go to the documentation of this file.
1/*
2 * This file is part of RTRlib.
3 *
4 * This file is subject to the terms and conditions of the MIT license.
5 * See the file LICENSE in the top level directory for more details.
6 *
7 * Website: http://rtrlib.realmv6.org/
8 */
9
10#ifndef RTR_BGPSEC_UTILS_PRIVATE_H
11#define RTR_BGPSEC_UTILS_PRIVATE_H
12
17
18#include <arpa/inet.h>
19#include <openssl/x509.h>
20#include <string.h>
21
22#define BGPSEC_DBG(fmt, ...) lrtr_dbg("BGPSEC: " fmt, ##__VA_ARGS__)
23#define BGPSEC_DBG1(a) lrtr_dbg("BGPSEC: " a)
24
28#define SECURE_PATH_SEG_SIZE 6
29
31#define SKI_STR_LEN 61
32
34#define PRIVATE_KEY_LENGTH 121L
35
42
43/* Forward declaration of stream to make it opaque. */
44struct stream;
45
46/* Initialize and return a stream of size bytes or NULL if the memory allocation failed */
47struct stream *init_stream(uint16_t size);
48
49/* Copy a stream s and return the copy or NULL if the memory allocation failed */
50struct stream *copy_stream(struct stream *s);
51
52/* Free stream s */
53void free_stream(struct stream *s);
54
55/* Write len bytes from data to stream s */
56void write_stream(struct stream *s, void *data, uint16_t len);
57
58/* Get the start position pointer of stream s */
59uint8_t *get_stream_start(struct stream *s);
60
61/* Get the size of the storable data of stream s */
62size_t get_stream_size(struct stream *s);
63
64/* Read one byte from stream s */
65uint8_t read_stream(struct stream *s);
66
67/* Read len bytes from stream s and write them to buff */
68void read_n_bytes_stream(uint8_t *buff, struct stream *s, uint16_t len);
69
70/* Read len bytes from stream s, starting from position start and write
71 * the result to buff.
72 */
73void read_stream_at(uint8_t *buff, struct stream *s, uint16_t start, uint16_t len);
74
75/* Calculate the reqired size for a stream, so that all information from data
76 * fit into it. type controls, if it is for validation or signing purposes.
77 */
78size_t req_stream_size(const struct rtr_bgpsec *data, enum align_type type);
79
80/* Get the length in bytes for a all signature segments */
81int get_sig_seg_size(const struct rtr_signature_seg *sig_segs, enum align_type type);
82
83/* Check, if there is at least one router key for each SKI from sig_segs. */
84int check_router_keys(const struct rtr_signature_seg *sig_segs, struct spki_table *table);
85
86/* Store the string representation of a BGPsec_PATH segment in buffer. */
87int bgpsec_segment_to_str(char *buffer, struct rtr_signature_seg *sig_seg, struct rtr_secure_path_seg *sec_path);
88
89/* Store the hex-string representation of a byte sequence in buffer. */
90int byte_sequence_to_str(char *buffer, uint8_t *bytes, unsigned int bytes_len, unsigned int tabstops);
91
92/* Takes a binary encoded SKI and stores it in ski_str as a human readable
93 * hex string.
94 */
95void ski_to_char(char *ski_str, uint8_t *ski);
96
97/* Align the BGPsec data as a byte sequence and store it in stream s. type
98 * controls, if the alignment is for validation or signing.
99 */
100int align_byte_sequence(const struct rtr_bgpsec *data, struct stream *s, enum align_type type);
101
102/* Hash a byte sequence and store it in result_buffer. */
103int hash_byte_sequence(uint8_t *bytes, size_t bytes_len, uint8_t alg_suite_id, unsigned char **result_buffer);
104
105/* Validate a signature sig. */
106int validate_signature(const unsigned char *hash, const struct rtr_signature_seg *sig, struct spki_record *record);
107
108/* Load a binary private key bytes_key and store it in the openssl EC_KEY
109 * priv_key.
110 */
111int load_private_key(EC_KEY **priv_key, uint8_t *bytes_key);
112
113/* Load a binary public key spki and store it in the openssl EC_KEY
114 * pub_key.
115 */
116int load_public_key(EC_KEY **pub_key, uint8_t *spki);
117
118/* Sign a byte sequence, depending on the algorithm suite. The signature and
119 * its length are stored in new_signature.
120 */
121int sign_byte_sequence(uint8_t *hash_result, EC_KEY *priv_key, uint8_t alg, struct rtr_signature_seg *new_signature);
122
123/* Check, if all elements of a SKI are 0. */
124int ski_is_empty(uint8_t *ski);
125
126#endif
void read_stream_at(uint8_t *buff, struct stream *s, uint16_t start, uint16_t len)
int align_byte_sequence(const struct rtr_bgpsec *data, struct stream *s, enum align_type type)
int check_router_keys(const struct rtr_signature_seg *sig_segs, struct spki_table *table)
struct stream * init_stream(uint16_t size)
int ski_is_empty(uint8_t *ski)
int sign_byte_sequence(uint8_t *hash_result, EC_KEY *priv_key, uint8_t alg, struct rtr_signature_seg *new_signature)
uint8_t * get_stream_start(struct stream *s)
int validate_signature(const unsigned char *hash, const struct rtr_signature_seg *sig, struct spki_record *record)
void free_stream(struct stream *s)
struct stream * copy_stream(struct stream *s)
int hash_byte_sequence(uint8_t *bytes, size_t bytes_len, uint8_t alg_suite_id, unsigned char **result_buffer)
uint8_t read_stream(struct stream *s)
int load_public_key(EC_KEY **pub_key, uint8_t *spki)
void ski_to_char(char *ski_str, uint8_t *ski)
size_t req_stream_size(const struct rtr_bgpsec *data, enum align_type type)
int byte_sequence_to_str(char *buffer, uint8_t *bytes, unsigned int bytes_len, unsigned int tabstops)
align_type
Control flag, validation and signing procedures for aligning data differs.
Definition bgpsec_utils_private.h:38
@ SIGNING
Definition bgpsec_utils_private.h:40
@ VALIDATION
Definition bgpsec_utils_private.h:39
int load_private_key(EC_KEY **priv_key, uint8_t *bytes_key)
size_t get_stream_size(struct stream *s)
void read_n_bytes_stream(uint8_t *buff, struct stream *s, uint16_t len)
int bgpsec_segment_to_str(char *buffer, struct rtr_signature_seg *sig_seg, struct rtr_secure_path_seg *sec_path)
int get_sig_seg_size(const struct rtr_signature_seg *sig_segs, enum align_type type)
void write_stream(struct stream *s, void *data, uint16_t len)
uint8_t ski[SKI_SIZE]
Definition rtr_pdus.h:5
uint8_t type
Definition rtr_pdus.h:1
uint8_t spki[SPKI_SIZE]
Definition rtr_pdus.h:7
uint32_t len
Definition rtr_pdus.h:4
The data that is passed to the rtr_mgr_bgpsec_validate_as_path function.
Definition bgpsec.h:125
A single Secure Path Segment.
Definition bgpsec.h:73
A single Signature Segment.
Definition bgpsec.h:88
spki_record.
Definition spkitable.h:38
spki_table.
Definition ht-spkitable_private.h:27