0
0
mirror of https://gitlab.nic.cz/labs/bird.git synced 2025-01-15 13:31:54 +00:00
bird/proto/rpki/tcp_transport.c
Job Snijders 8dc2a36ae5 RPKI: Add TCP-MD5 authentication option
RPKI-To-Router (RTR) sessions seem to be similar security-sensitivity as
IBGP sessions. BIRD already offered a choice of either "plain TCP" (meh)
or "SSH" (secure, albeit a bit more hassle to set up than TCP-MD5).
The patch adds TCP-MD5 as another option. TCP-MD5 for RTR is specified
through RFC 6810 section 7.3 and RFC 8210 section 9.3.

Minor changes by committer.
2024-10-03 16:25:29 +02:00

71 lines
1.6 KiB
C

/*
* BIRD -- An implementation of the TCP protocol for the RPKI protocol transport
*
* (c) 2015 CZ.NIC
* (c) 2015 Pavel Tvrdik <pawel.tvrdik@gmail.com>
*
* This file was a part of RTRlib: http://rpki.realmv6.org/
*
* Can be freely distributed and used under the terms of the GNU GPL.
*/
#include <errno.h>
#include <netdb.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <unistd.h>
#include "rpki.h"
#include "sysdep/unix/unix.h"
static int
rpki_tr_tcp_open(struct rpki_tr_sock *tr)
{
struct rpki_cache *cache = tr->cache;
struct rpki_config *cf = (void *) cache->p->p.cf;
struct rpki_tr_tcp_config *tcp_cf = (void *) cf->tr_config.spec;
sock *sk = tr->sk;
sk->type = SK_TCP_ACTIVE;
if (tcp_cf->auth_type == RPKI_TCP_AUTH_MD5)
sk->password = tcp_cf->password;
if (sk_open(sk) != 0)
return RPKI_TR_ERROR;
return RPKI_TR_SUCCESS;
}
static const char *
rpki_tr_tcp_ident(struct rpki_tr_sock *tr)
{
struct rpki_cache *cache = tr->cache;
struct rpki_config *cf = (void *) cache->p->p.cf;
if (tr->ident != NULL)
return tr->ident;
/* Length: <host> + ':' + <port> + '\0' */
size_t len = strlen(cf->hostname) + 1 + 5 + 1;
char *ident = mb_alloc(cache->pool, len);
bsnprintf(ident, len, "%s:%u", cf->hostname, cf->port);
tr->ident = ident;
return tr->ident;
}
/**
* rpki_tr_tcp_init - initializes the RPKI transport structure for a TCP connection
* @tr: allocated RPKI transport structure
*/
void
rpki_tr_tcp_init(struct rpki_tr_sock *tr)
{
tr->open_fp = &rpki_tr_tcp_open;
tr->ident_fp = &rpki_tr_tcp_ident;
}