From 70a2674977ab6ac0cb2a74fbc4d154964b1c028d Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Mon, 27 Jan 2014 04:34:43 +0000 Subject: Pull from trunk. svn path=/branches/tk671/; revision=5648 --- utils/find_roa/find_roa.c | 2 +- utils/hashdir/hashdir.c | 2 +- utils/scan_roas/scan_roas.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) (limited to 'utils') diff --git a/utils/find_roa/find_roa.c b/utils/find_roa/find_roa.c index cc6325ea..a14242c8 100644 --- a/utils/find_roa/find_roa.c +++ b/utils/find_roa/find_roa.c @@ -302,7 +302,7 @@ int main (int argc, char *argv[]) char *s = NULL, *p = NULL; int i, len, ret = 1; - if (argc == 2 && (strcmp(argv[1], "-h") || strcmp(argv[1], "--help"))) + if (argc == 2 && (!strcmp(argv[1], "-h") || !strcmp(argv[1], "--help"))) usage(argv[0], 0); if (argc < 3) diff --git a/utils/hashdir/hashdir.c b/utils/hashdir/hashdir.c index bd9d06a8..6de778b5 100644 --- a/utils/hashdir/hashdir.c +++ b/utils/hashdir/hashdir.c @@ -206,7 +206,7 @@ static void usage (const char *jane, const int code) int main(int argc, char *argv[]) { - if (argc == 2 && (strcmp(argv[1], "-h") || strcmp(argv[1], "--help"))) + if (argc == 2 && (!strcmp(argv[1], "-h") || !strcmp(argv[1], "--help"))) usage(argv[0], 0); if (argc != 3) diff --git a/utils/scan_roas/scan_roas.c b/utils/scan_roas/scan_roas.c index 5bc19063..fc883bf6 100644 --- a/utils/scan_roas/scan_roas.c +++ b/utils/scan_roas/scan_roas.c @@ -288,7 +288,7 @@ int main (int argc, char *argv[]) { int i, ok = 1; - if (argc == 2 && (strcmp(argv[1], "-h") || strcmp(argv[1], "--help"))) + if (argc == 2 && (!strcmp(argv[1], "-h") || !strcmp(argv[1], "--help"))) usage(argv[0], 0); if (argc < 2) -- cgit v1.2.3 From f1a28725aedc066d35b2acf4cf6fb0cc2591ea61 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Thu, 27 Feb 2014 18:56:28 +0000 Subject: Pull from trunk. svn path=/branches/tk671/; revision=5691 --- utils/print_rpki_manifest/print_rpki_manifest.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'utils') diff --git a/utils/print_rpki_manifest/print_rpki_manifest.c b/utils/print_rpki_manifest/print_rpki_manifest.c index 4bdea2b6..ac26c801 100644 --- a/utils/print_rpki_manifest/print_rpki_manifest.c +++ b/utils/print_rpki_manifest/print_rpki_manifest.c @@ -182,7 +182,7 @@ static int usage (const char *jane, const int code) FILE *out = code ? stderr : stdout; int i; - fprintf(out, "usage: %s [options] ROA [ROA...]\n", jane); + fprintf(out, "usage: %s [options] manifest [manifest...]\n", jane); fprintf(out, "options:\n"); for (i = 0; longopts[i].name != NULL; i++) fprintf(out, " -%c --%s\n", longopts[i].val, longopts[i].name); -- cgit v1.2.3 From 7332a3d614b606b91ea2cf75c19cf169f09ef73e Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Thu, 27 Feb 2014 21:48:50 +0000 Subject: Pull from trunk. svn path=/branches/tk671/; revision=5694 --- utils/print_roa/print_roa.c | 13 +++++++++++-- utils/print_rpki_manifest/print_rpki_manifest.c | 12 +++++++++++- 2 files changed, 22 insertions(+), 3 deletions(-) (limited to 'utils') diff --git a/utils/print_roa/print_roa.c b/utils/print_roa/print_roa.c index a1088958..cb186251 100644 --- a/utils/print_roa/print_roa.c +++ b/utils/print_roa/print_roa.c @@ -33,6 +33,7 @@ #include #include +#include #include #include #include @@ -137,6 +138,8 @@ static ROA *read_roa(const char *filename, unsigned char addr[ADDR_RAW_BUF_LEN]; CMS_ContentInfo *cms = NULL; const ASN1_OBJECT *oid = NULL; + char *asID = NULL; + BIGNUM *bn = NULL; ROA *r = NULL; char buf[512]; BIO *b = NULL; @@ -199,6 +202,9 @@ static ROA *read_roa(const char *filename, if (print_roa) { + bn = ASN1_INTEGER_to_BN(r->asID, NULL); + asID = BN_bn2dec(bn); + if (print_brief) { if (print_signingtime) { @@ -208,7 +214,7 @@ static ROA *read_roa(const char *filename, printf("%s ", buffer); } - printf("%ld", ASN1_INTEGER_get(r->asID)); + fputs(asID, stdout); } else { @@ -221,7 +227,7 @@ static ROA *read_roa(const char *filename, printf("version: %ld\n", ASN1_INTEGER_get(r->version)); else printf("version: 0 [Defaulted]\n"); - printf("asID: %ld\n", ASN1_INTEGER_get(r->asID)); + printf("asID: %s\n", asID); } for (i = 0; i < sk_ROAIPAddressFamily_num(r->ipAddrBlocks); i++) { @@ -303,6 +309,9 @@ static ROA *read_roa(const char *filename, if (ERR_peek_error()) ERR_print_errors_fp(stderr); BIO_free(b); + BN_free(bn); + if (asID) + OPENSSL_free(asID); CMS_ContentInfo_free(cms); return r; } diff --git a/utils/print_rpki_manifest/print_rpki_manifest.c b/utils/print_rpki_manifest/print_rpki_manifest.c index ac26c801..f55f9916 100644 --- a/utils/print_rpki_manifest/print_rpki_manifest.c +++ b/utils/print_rpki_manifest/print_rpki_manifest.c @@ -31,6 +31,7 @@ #include #include +#include #include #include #include @@ -61,6 +62,8 @@ static const Manifest *read_manifest(const char *filename, CMS_ContentInfo *cms = NULL; const ASN1_OBJECT *oid = NULL; const Manifest *m = NULL; + char *mftnum = NULL; + BIGNUM *bn = NULL; char buf[512]; BIO *b = NULL; int i, j; @@ -131,7 +134,11 @@ static const Manifest *read_manifest(const char *filename, printf("version: %ld\n", ASN1_INTEGER_get(m->version)); else printf("version: 0 [Defaulted]\n"); - printf("manifestNumber: %ld\n", ASN1_INTEGER_get(m->manifestNumber)); + + bn = ASN1_INTEGER_to_BN(m->manifestNumber, NULL); + mftnum = BN_bn2dec(bn); + printf("manifestNumber: %s\n", mftnum); + printf("thisUpdate: %s\n", m->thisUpdate->data); printf("nextUpdate: %s\n", m->nextUpdate->data); OBJ_obj2txt(buf, sizeof(buf), m->fileHashAlg, 0); @@ -165,6 +172,9 @@ static const Manifest *read_manifest(const char *filename, if (ERR_peek_error()) ERR_print_errors_fp(stderr); BIO_free(b); + BN_free(bn); + if (mftnum) + OPENSSL_free(mftnum); CMS_ContentInfo_free(cms); return m; } -- cgit v1.2.3 From 8270de20f38869dc9c0dec082f7bc59b30f2db97 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Sun, 16 Mar 2014 17:51:29 +0000 Subject: Pull from trunk. svn path=/branches/tk671/; revision=5705 --- utils/hashdir/hashdir.c | 1 + utils/print_roa/print_roa.c | 4 ++-- utils/scan_roas/scan_roas.c | 5 +++-- 3 files changed, 6 insertions(+), 4 deletions(-) (limited to 'utils') diff --git a/utils/hashdir/hashdir.c b/utils/hashdir/hashdir.c index 6de778b5..1b5b0f46 100644 --- a/utils/hashdir/hashdir.c +++ b/utils/hashdir/hashdir.c @@ -36,6 +36,7 @@ #include #include #include +#include #ifndef FILENAME_MAX #define FILENAME_MAX 1024 diff --git a/utils/print_roa/print_roa.c b/utils/print_roa/print_roa.c index cb186251..c88fc092 100644 --- a/utils/print_roa/print_roa.c +++ b/utils/print_roa/print_roa.c @@ -86,9 +86,9 @@ extract_signingTime(CMS_ContentInfo *cms, char *buffer, size_t buflen) switch (so->type) { case V_ASN1_UTCTIME: strcpy(buffer, (so->value.utctime->data[0] >= '5') ? "19" : "20"); - return strncpy(buffer + 2, so->value.utctime->data, buflen - 3); + return strncpy(buffer + 2, (const char *) so->value.utctime->data, buflen - 3); case V_ASN1_GENERALIZEDTIME: - return strncpy(buffer, so->value.generalizedtime->data, buflen - 1); + return strncpy(buffer, (const char *) so->value.generalizedtime->data, buflen - 1); default: return NULL; } diff --git a/utils/scan_roas/scan_roas.c b/utils/scan_roas/scan_roas.c index fc883bf6..f32e3827 100644 --- a/utils/scan_roas/scan_roas.c +++ b/utils/scan_roas/scan_roas.c @@ -90,9 +90,9 @@ extract_signingTime(CMS_ContentInfo *cms, char *buffer, size_t buflen) switch (so->type) { case V_ASN1_UTCTIME: strcpy(buffer, (so->value.utctime->data[0] >= '5') ? "19" : "20"); - return strncpy(buffer + 2, so->value.utctime->data, buflen - 3); + return strncpy(buffer + 2, (const char *) so->value.utctime->data, buflen - 3); case V_ASN1_GENERALIZEDTIME: - return strncpy(buffer, so->value.generalizedtime->data, buflen - 1); + return strncpy(buffer, (const char *) so->value.generalizedtime->data, buflen - 1); default: return NULL; } @@ -271,6 +271,7 @@ static int walk(const char *name) done: closedir(dir); + return ok; } -- cgit v1.2.3 From 93c19411c96317fc20d1272e62ab0760328ad53b Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Fri, 4 Apr 2014 23:13:37 +0000 Subject: Initial rpki-rtr support for router certificates. Runs, but not yet tested beyond `smoketest.1.yaml` and `--client loopback`. svn path=/branches/tk671/; revision=5750 --- utils/Makefile.in | 2 +- utils/scan_roas/Makefile.in | 2 +- utils/scan_routercerts/Makefile.in | 41 ++++++++++++++++++++ utils/scan_routercerts/scan_routercerts | 69 +++++++++++++++++++++++++++++++++ 4 files changed, 112 insertions(+), 2 deletions(-) create mode 100644 utils/scan_routercerts/Makefile.in create mode 100755 utils/scan_routercerts/scan_routercerts (limited to 'utils') diff --git a/utils/Makefile.in b/utils/Makefile.in index 11c8d17b..c89fdff5 100644 --- a/utils/Makefile.in +++ b/utils/Makefile.in @@ -1,6 +1,6 @@ # $Id$ -SUBDIRS = uri print_rpki_manifest print_roa hashdir find_roa scan_roas +SUBDIRS = uri print_rpki_manifest print_roa hashdir find_roa scan_roas scan_routercerts all clean test distclean install deinstall uninstall:: @for i in ${SUBDIRS}; do echo "Making $@ in $$i"; (cd $$i && ${MAKE} $@); done diff --git a/utils/scan_roas/Makefile.in b/utils/scan_roas/Makefile.in index 3d86532d..7707969c 100644 --- a/utils/scan_roas/Makefile.in +++ b/utils/scan_roas/Makefile.in @@ -39,7 +39,7 @@ ROA_DIR = ${abs_top_builddir}/rpkid/tests/smoketest.dir/publication test: all -date -u +'now: %Y%m%d%H%M%SZ' - if test -d ${ROA_DIR}; then find ${ROA_DIR} -type f -name '*.roa' -print -exec ./${BIN} {} \; ; else :; fi + if test -d ${ROA_DIR}; then ./${BIN} ${ROA_DIR} ; else :; fi install: all if test -d ${DESTDIR}${bindir} ; then :; else ${INSTALL} -d ${DESTDIR}${bindir}; fi diff --git a/utils/scan_routercerts/Makefile.in b/utils/scan_routercerts/Makefile.in new file mode 100644 index 00000000..715d1325 --- /dev/null +++ b/utils/scan_routercerts/Makefile.in @@ -0,0 +1,41 @@ +# $Id$ + +NAME = scan_routercerts + +BIN = ${NAME} + +INSTALL = @INSTALL@ -m 555 + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +datarootdir = @datarootdir@ +datadir = @datadir@ +localstatedir = @localstatedir@ +sharedstatedir = @sharedstatedir@ +sysconfdir = @sysconfdir@ +bindir = @bindir@ +sbindir = @sbindir@ +libexecdir = @libexecdir@ +libdir = @libdir@ + +abs_top_srcdir = @abs_top_srcdir@ +abs_top_builddir = @abs_top_builddir@ + +all clean: + @true + +ROUTERCERT_DIR = ${abs_top_builddir}/rpkid/tests/smoketest.dir/publication + +test: all + -date -u +'now: %Y%m%d%H%M%SZ' + if test -d ${ROUTERCERT_DIR}; then ./${BIN} ; else :; fi + +install: all + if test -d ${DESTDIR}${bindir} ; then :; else ${INSTALL} -d ${DESTDIR}${bindir}; fi + ${INSTALL} ${BIN} ${DESTDIR}${bindir} + +deinstall uninstall: + rm -f ${DESTDIR}${bindir}/${BIN} + +distclean: clean + rm -f Makefile diff --git a/utils/scan_routercerts/scan_routercerts b/utils/scan_routercerts/scan_routercerts new file mode 100755 index 00000000..342fa272 --- /dev/null +++ b/utils/scan_routercerts/scan_routercerts @@ -0,0 +1,69 @@ +#!/usr/bin/env python +# $Id$ +# +# Copyright (C) 2014 Dragon Research Labs ("DRL") +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND DRL DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL DRL BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + +""" +Scan rcynic validated output looking for router certificates, print +out stuff that the rpki-rtr code cares about. +""" + +# This program represents a weird temporary state, mostly to avoid +# diving into a recursive yak shaving exercise. +# +# Under the old scheme, anything used by the RP code should be either +# C code or pure Python code using just the standard libraries. This +# has gotten silly, but we haven't yet refactored the current packaged +# builds from two packages into three (adding a -libs package). +# +# So, by rights, this program should be a C monstrosity written using +# the OpenSSL C API. I started coding it that way, but it was just +# too painful for something we're probably going to rewrite as a few +# lines of Python once we refactor, but by the same token I didn't +# want to delay router certificate support until the refactoring. +# +# So this program anticipates the new scheme of things, but makes one +# concession to current reality: if it has a problem importing the +# RPKI-specific libraries, it just quietly exits as if everything were +# fine and there simply are no router certificates to report. This +# isn't the right answer in the long run, but will suffice to avoid +# further bald yaks. + +import os +import sys +import base64 + +try: + import rpki.POW + import rpki.oids +except ImportError: + sys.exit(0) + +rcynic_dir = sys.argv[1] + +for root, dirs, files in os.walk(rcynic_dir): + for fn in files: + if not fn.endswith(".cer"): + continue + x = rpki.POW.X509.derReadFile(os.path.join(root, fn)) + + if rpki.oids.id_kp_bgpsec_router not in (x.getEKU() or ()): + continue + + sys.stdout.write(base64.urlsafe_b64encode(x.getSKI()).rstrip("=")) + for min_asn, max_asn in x.getRFC3779()[0]: + for asn in xrange(min_asn, max_asn + 1): + sys.stdout.write(" %s" % asn) + sys.stdout.write(" %s\n" % base64.b64encode(x.getPublicKey().derWritePublic())) -- cgit v1.2.3