1 /* $OpenBSD: ip.c,v 1.13 2020/09/12 15:46:48 claudio Exp $ */ 2 /* 3 * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> 4 * 5 * Permission to use, copy, modify, and distribute this software for any 6 * purpose with or without fee is hereby granted, provided that the above 7 * copyright notice and this permission notice appear in all copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 */ 17 18 #include <sys/socket.h> 19 #include <arpa/inet.h> 20 21 #include <assert.h> 22 #include <err.h> 23 #include <stdarg.h> 24 #include <stdlib.h> 25 #include <string.h> 26 #include <unistd.h> 27 28 #include "extern.h" 29 30 #define PREFIX_SIZE(x) (((x) + 7) / 8) 31 32 /* 33 * Parse an IP address family. 34 * This is defined in different places in the ROA/X509 standards, but 35 * it's the same thing. 36 * We prohibit all but IPv4 and IPv6, without SAFI. 37 * Return zero on failure, non-zero on success. 38 */ 39 int 40 ip_addr_afi_parse(const char *fn, const ASN1_OCTET_STRING *p, enum afi *afi) 41 { 42 uint16_t v; 43 44 if (p->length == 0 || p->length > 3) { 45 warnx("%s: invalid field length, want 1--3, have %d", 46 fn, p->length); 47 return 0; 48 } 49 50 memcpy(&v, p->data, sizeof(v)); 51 v = ntohs(v); 52 53 /* Only accept IPv4 and IPv6 AFIs. */ 54 55 if (v != AFI_IPV4 && v != AFI_IPV6) { 56 warnx("%s: only AFI for IPV4 (1) and IPV6 (2) allowed: " 57 "have %hd", fn, v); 58 return 0; 59 } 60 61 /* Disallow the optional SAFI. */ 62 63 if (p->length == 3) { 64 warnx("%s: SAFI not allowed", fn); 65 return 0; 66 } 67 68 *afi = v; 69 return 1; 70 } 71 72 /* 73 * See if a given IP prefix is covered by the IP prefixes or ranges 74 * specified in the "ips" array. 75 * This means that the IP prefix must be strictly within the ranges or 76 * singletons given in the array. 77 * Return 0 if we're inheriting from the parent, >0 if we're covered, 78 * or <0 if we're not covered. 79 */ 80 int 81 ip_addr_check_covered(enum afi afi, 82 const unsigned char *min, const unsigned char *max, 83 const struct cert_ip *ips, size_t ipsz) 84 { 85 size_t i, sz = AFI_IPV4 == afi ? 4 : 16; 86 87 for (i = 0; i < ipsz; i++) { 88 if (ips[i].afi != afi) 89 continue; 90 if (ips[i].type == CERT_IP_INHERIT) 91 return 0; 92 if (memcmp(ips[i].min, min, sz) <= 0 && 93 memcmp(ips[i].max, max, sz) >= 0) 94 return 1; 95 } 96 97 return -1; 98 } 99 100 /* 101 * Given a newly-parsed IP address or range "ip", make sure that "ip" 102 * does not overlap with any addresses or ranges in the "ips" array. 103 * This is defined by RFC 3779 section 2.2.3.6. 104 * Returns zero on failure, non-zero on success. 105 */ 106 int 107 ip_addr_check_overlap(const struct cert_ip *ip, const char *fn, 108 const struct cert_ip *ips, size_t ipsz) 109 { 110 size_t i, sz = ip->afi == AFI_IPV4 ? 4 : 16; 111 int inherit_v4 = 0, inherit_v6 = 0; 112 int has_v4 = 0, has_v6 = 0, socktype; 113 char buf[64]; 114 115 /* 116 * FIXME: cache this by having a flag on the cert_ip, else we're 117 * going to need to do a lot of scanning for big allocations. 118 */ 119 120 for (i = 0; i < ipsz; i++) 121 if (ips[i].type == CERT_IP_INHERIT) { 122 if (ips[i].afi == AFI_IPV4) 123 inherit_v4 = 1; 124 else 125 inherit_v6 = 1; 126 } else { 127 if (ips[i].afi == AFI_IPV4) 128 has_v4 = 1; 129 else 130 has_v6 = 1; 131 } 132 133 /* Disallow multiple inheritence per type. */ 134 135 if ((inherit_v4 && ip->afi == AFI_IPV4) || 136 (inherit_v6 && ip->afi == AFI_IPV6) || 137 (has_v4 && ip->afi == AFI_IPV4 && 138 ip->type == CERT_IP_INHERIT) || 139 (has_v6 && ip->afi == AFI_IPV6 && 140 ip->type == CERT_IP_INHERIT)) { 141 warnx("%s: RFC 3779 section 2.2.3.5: " 142 "cannot have multiple inheritence or inheritence and " 143 "addresses of the same class", fn); 144 return 0; 145 } 146 147 /* Check our ranges. */ 148 149 for (i = 0; i < ipsz; i++) { 150 if (ips[i].afi != ip->afi) 151 continue; 152 if (memcmp(ips[i].max, ip->min, sz) <= 0 || 153 memcmp(ips[i].min, ip->max, sz) >= 0) 154 continue; 155 socktype = (ips[i].afi == AFI_IPV4) ? AF_INET : AF_INET6, 156 warnx("%s: RFC 3779 section 2.2.3.5: " 157 "cannot have overlapping IP addresses", fn); 158 ip_addr_print(&ip->ip, ip->afi, buf, sizeof(buf)); 159 warnx("%s: certificate IP: %s", fn, buf); 160 inet_ntop(socktype, ip->min, buf, sizeof(buf)); 161 warnx("%s: certificate IP minimum: %s", fn, buf); 162 inet_ntop(socktype, ip->max, buf, sizeof(buf)); 163 warnx("%s: certificate IP maximum: %s", fn, buf); 164 inet_ntop(socktype, ips[i].min, buf, sizeof(buf)); 165 warnx("%s: offending IP minimum: %s", fn, buf); 166 inet_ntop(socktype, ips[i].max, buf, sizeof(buf)); 167 warnx("%s: offending IP maximum: %s", fn, buf); 168 return 0; 169 } 170 171 return 1; 172 } 173 174 /* 175 * Parse an IP address, RFC 3779, 2.2.3.8. 176 * Return zero on failure, non-zero on success. 177 */ 178 int 179 ip_addr_parse(const ASN1_BIT_STRING *p, 180 enum afi afi, const char *fn, struct ip_addr *addr) 181 { 182 long unused = 0; 183 184 /* Weird OpenSSL-ism to get unused bit count. */ 185 186 if ((p->flags & ASN1_STRING_FLAG_BITS_LEFT)) 187 unused = p->flags & ~ASN1_STRING_FLAG_BITS_LEFT; 188 189 if (unused < 0) { 190 warnx("%s: RFC 3779 section 2.2.3.8: " 191 "unused bit count must be non-negative", fn); 192 return 0; 193 } else if (unused >= 8) { 194 warnx("%s: RFC 3779 section 2.2.3.8: " 195 "unused bit count must mask an unsigned char", fn); 196 return 0; 197 } else if (p->length == 0 && unused != 0) { 198 warnx("%s: RFC 3779 section 2.2.3.8: " 199 "unused bit count must be zero if length is zero", fn); 200 return 0; 201 } 202 203 /* 204 * Check that the unused bits are set to zero. 205 * If we don't do this, stray bits will corrupt our composition 206 * of the [minimum] address ranges. 207 */ 208 209 if (p->length != 0 && 210 (p->data[p->length - 1] & ((1 << unused) - 1))) { 211 warnx("%s: RFC 3779 section 2.2.3.8: " 212 "unused bits must be set to zero", fn); 213 return 0; 214 } 215 216 /* Limit possible sizes of addresses. */ 217 218 if ((afi == AFI_IPV4 && p->length > 4) || 219 (afi == AFI_IPV6 && p->length > 16)) { 220 warnx("%s: RFC 3779 section 2.2.3.8: " 221 "IP address too long", fn); 222 return 0; 223 } 224 225 memset (addr, 0, sizeof(struct ip_addr)); 226 addr->prefixlen = p->length * 8 - unused; 227 memcpy(addr->addr, p->data, p->length); 228 return 1; 229 } 230 231 /* 232 * Convert the IPv4 address into CIDR notation conforming to RFC 4632. 233 * Buffer should be able to hold xxx.yyy.zzz.www/nn. 234 */ 235 static void 236 ip4_addr2str(const struct ip_addr *addr, char *b, size_t bsz) 237 { 238 char buf[16]; 239 240 snprintf(b, bsz, "%s/%hhu", inet_ntop(AF_INET, addr->addr, buf, 241 sizeof(buf)), addr->prefixlen); 242 } 243 244 /* 245 * Convert the IPv6 address into CIDR notation conforming to RFC 4291. 246 * See also RFC 5952. 247 * Must hold 0000:0000:0000:0000:0000:0000:0000:0000/nn. 248 */ 249 static void 250 ip6_addr2str(const struct ip_addr *addr, char *b, size_t bsz) 251 { 252 char buf[44]; 253 254 snprintf(b, bsz, "%s/%hhu", inet_ntop(AF_INET6, addr->addr, buf, 255 sizeof(buf)), addr->prefixlen); 256 } 257 258 /* 259 * Convert a ip_addr into a NUL-terminated CIDR notation string 260 * conforming to RFC 4632 or 4291. 261 * The size of the buffer must be at least 64 (inclusive). 262 */ 263 void 264 ip_addr_print(const struct ip_addr *addr, 265 enum afi afi, char *buf, size_t bufsz) 266 { 267 268 if (afi == AFI_IPV4) 269 ip4_addr2str(addr, buf, bufsz); 270 else 271 ip6_addr2str(addr, buf, bufsz); 272 } 273 274 /* 275 * Serialise an ip_addr for sending over the wire. 276 * Matched with ip_addr_read(). 277 */ 278 void 279 ip_addr_buffer(char **b, size_t *bsz, size_t *bmax, const struct ip_addr *p) 280 { 281 size_t sz = PREFIX_SIZE(p->prefixlen); 282 283 assert(sz <= 16); 284 io_simple_buffer(b, bsz, bmax, &p->prefixlen, sizeof(unsigned char)); 285 io_simple_buffer(b, bsz, bmax, p->addr, sz); 286 } 287 288 /* 289 * Serialise an ip_addr_range for sending over the wire. 290 * Matched with ip_addr_range_read(). 291 */ 292 void 293 ip_addr_range_buffer(char **b, size_t *bsz, size_t *bmax, 294 const struct ip_addr_range *p) 295 { 296 297 ip_addr_buffer(b, bsz, bmax, &p->min); 298 ip_addr_buffer(b, bsz, bmax, &p->max); 299 } 300 301 /* 302 * Read an ip_addr from the wire. 303 * Matched with ip_addr_buffer(). 304 */ 305 void 306 ip_addr_read(int fd, struct ip_addr *p) 307 { 308 size_t sz; 309 310 io_simple_read(fd, &p->prefixlen, sizeof(unsigned char)); 311 sz = PREFIX_SIZE(p->prefixlen); 312 assert(sz <= 16); 313 io_simple_read(fd, p->addr, sz); 314 } 315 316 /* 317 * Read an ip_addr_range from the wire. 318 * Matched with ip_addr_range_buffer(). 319 */ 320 void 321 ip_addr_range_read(int fd, struct ip_addr_range *p) 322 { 323 324 ip_addr_read(fd, &p->min); 325 ip_addr_read(fd, &p->max); 326 } 327 328 /* 329 * Given the addresses (range or IP) in cert_ip, fill in the "min" and 330 * "max" fields with the minimum and maximum possible IP addresses given 331 * those ranges (or singleton prefixed range). 332 * This does nothing if CERT_IP_INHERIT. 333 * Returns zero on failure (misordered ranges), non-zero on success. 334 */ 335 int 336 ip_cert_compose_ranges(struct cert_ip *p) 337 { 338 size_t sz; 339 340 switch (p->type) { 341 case CERT_IP_ADDR: 342 sz = PREFIX_SIZE(p->ip.prefixlen); 343 memset(p->min, 0x0, sizeof(p->min)); 344 memcpy(p->min, p->ip.addr, sz); 345 memset(p->max, 0xff, sizeof(p->max)); 346 memcpy(p->max, p->ip.addr, sz); 347 if (sz > 0 && p->ip.prefixlen % 8 != 0) 348 p->max[sz - 1] |= (1 << (8 - p->ip.prefixlen % 8)) - 1; 349 break; 350 case CERT_IP_RANGE: 351 memset(p->min, 0x0, sizeof(p->min)); 352 sz = PREFIX_SIZE(p->range.min.prefixlen); 353 memcpy(p->min, p->range.min.addr, sz); 354 memset(p->max, 0xff, sizeof(p->max)); 355 sz = PREFIX_SIZE(p->range.max.prefixlen); 356 memcpy(p->max, p->range.max.addr, sz); 357 if (sz > 0 && p->range.max.prefixlen % 8 != 0) 358 p->max[sz - 1] |= 359 (1 << (8 - p->range.max.prefixlen % 8)) - 1; 360 break; 361 default: 362 return 1; 363 } 364 365 sz = AFI_IPV4 == p->afi ? 4 : 16; 366 return memcmp(p->min, p->max, sz) <= 0; 367 } 368 369 /* 370 * Given the ROA's acceptable prefix, compute the minimum and maximum 371 * address accepted by the prefix. 372 */ 373 void 374 ip_roa_compose_ranges(struct roa_ip *p) 375 { 376 size_t sz = PREFIX_SIZE(p->addr.prefixlen); 377 378 memset(p->min, 0x0, sizeof(p->min)); 379 memcpy(p->min, p->addr.addr, sz); 380 memset(p->max, 0xff, sizeof(p->max)); 381 memcpy(p->max, p->addr.addr, sz); 382 if (sz > 0 && p->addr.prefixlen % 8 != 0) 383 p->max[sz - 1] |= (1 << (8 - p->addr.prefixlen % 8)) - 1; 384 } 385