void Set::from_json( const bp::ptree& ptree )
{
/* TODO: Verify ptree (19/03/2014 20:48, jkotur) */
set_desc = ptree;
params.clear();
name = set_desc.get<std::string>("@name");
auto& pdesc = set_desc.get_child("params");
/** Convert orders to doubles and find maximal order value */
double max_order = 0;
for( auto ic=pdesc.begin() ; ic!=pdesc.end() ; ++ic )
{
auto so = ic->second.get_optional<double>("@order");
if( !so )
continue;
try {
double o = boost::lexical_cast<double>(*so);
ic->second.put("@order",o);
max_order = std::max( max_order , o );
} catch( boost::bad_lexical_cast& e ) {
sz_log(0, "Invalid order in param %s" ,
ic->second.get<std::string>("@name").c_str());
ic->second.erase("@order");
}
}
convert_color_names_to_hex();
/** Put params without order at the end */
int i = 0;
for( auto ic=pdesc.begin() ; ic!=pdesc.end() ; ++ic )
{
auto o = ic->second.get_optional<double>("@order");
if( !o ) ic->second.put("@order",max_order+ ++i);
}
for( auto ic=pdesc.begin() ; ic!=pdesc.end() ; ++ic )
{
bp::ptree pt = ic->second;
pt.erase("@order");
params.insert(
ParamId {
ic->second.get<std::string>("@name") ,
ic->second.get<double>("@order") ,
pt } );
}
set_desc.erase("params");
generate_colors_like_draw3();
update_hash();
}
hashval String::hash_str(const unsigned char *bp, unsigned int sz) {
unsigned char* be = (unsigned char*)bp + sz;
hashval hv = FNVOffsetBasis;
while(bp < be) {
hv = update_hash(hv, *bp++);
}
return finish_hash(hv);
}
hashval String::hash_str(const char *bp) {
hashval hv;
hv = FNVOffsetBasis;
while(*bp) {
hv = update_hash(hv, *bp++);
}
return finish_hash(hv);
}
static int sh_write(const char *path, char *buf, size_t size, off_t offset,
struct fuse_file_info *fi) {
struct user* user = find_user(root, path+1);
char uname[9];
printf("write\n");
if(user != NULL || strcmp(path, "/") == 0)
return -ENOENT;
int i = user_from_path(path, uname);
user = find_user(root, uname);
i+=2;
if(user == NULL)
return -ENOENT;
if(strcmp(path+i, "password-hash") == 0) {
char *hashed;
hashed = hashword(buf);
update_hash(root, uname, hashed);
update_daysSinceChanged(root, uname, shadow_time());
}
else if(strcmp(path+i, "days_since_changed") == 0) {
update_daysSinceChanged(root, uname, atoi(buf));
}
else if(strcmp(path+i, "days_until_can_change") == 0) {
update_daysUntilCanChange(root, uname, atoi(buf));
}
else if(strcmp(path+i, "days_until_must_change") == 0) {
update_daysUntilMustChange(root, uname, atoi(buf));
}
else if(strcmp(path+i, "days_before_warning") == 0) {
update_daysBeforeWarning(root, uname, atoi(buf));
}
else if(strcmp(path+i, "days_until_expiration") == 0) {
update_daysUntilExpiration(root, uname, atoi(buf));
}
else if(strcmp(path+i, "days_since_account_deactivated") == 0) {
update_daysSinceDeactivation(root, uname, atoi(buf));
}
else if(strcmp(path+i, "reserved") == 0) {
update_reserved(root, uname, buf);
}
return size;
}
static int sh_unlink(const char *path) {
struct user* user = find_user(root, path+1);
char uname[9];
printf("unlink\n");
if(user != NULL || strcmp(path, "/") == 0)
return -ENOENT;
int i = user_from_path(path, uname);
user = find_user(root, uname);
i+=2;
if(user == NULL)
return -ENOENT;
if(strcmp(path+i, "password-hash") == 0) {
update_hash(root, uname, "!");
}
else if(strcmp(path+i, "days_since_changed") == 0) {
update_daysSinceChanged(root, uname, shadow_time());
}
else if(strcmp(path+i, "days_until_can_change") == 0) {
update_daysUntilCanChange(root, uname, 0);
}
else if(strcmp(path+i, "days_until_must_change") == 0) {
update_daysUntilMustChange(root, uname, 99999);
}
else if(strcmp(path+i, "days_before_warning") == 0) {
update_daysBeforeWarning(root, uname, 7);
}
else if(strcmp(path+i, "days_until_expiration") == 0) {
update_daysUntilExpiration(root, uname, 0);
}
else if(strcmp(path+i, "days_since_account_deactivated") == 0) {
update_daysSinceDeactivation(root, uname, 0);
}
else if(strcmp(path+i, "reserved") == 0) {
update_reserved(root, uname, NULL);
}
return 0;
}
void Set::from_xml( const bp::ptree& ptree )
{
set_desc = ptree;
fold_xmlattr( set_desc );
name = set_desc.get<std::string>("@name");
/**
* Convert obsolete color format to new one
*/
convert_colour( set_desc , "@background_color" );
convert_colour( set_desc , "@background_text_color" );
convert_colour( set_desc , "@text_color" );
convert_float( set_desc , "@spacing_vertical" );
convert_float( set_desc , "@spacing_horizontal" );
params.clear();
for( auto& c : set_desc )
if( c.first == "param" ) {
auto name = c.second.get<std::string>("@name");
auto pt = c.second;
upgrade_option( pt , "@bg_color" , "@background_color" );
upgrade_option( pt , "@color" , "@graph_color" );
convert_colour( pt , "@background_color" );
convert_colour( pt , "@graph_color" );
pt.erase("@order");
params.insert(
ParamId { name , c.second.get<double>("@order") , pt } );
}
set_desc.erase( "param" );
update_hash();
}
void
handle_packet(const u_char *packet, int length) {
static int n = 0;
static unsigned char initial_hello[] = {
0x16, 0xfe, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
uint8 *data;
size_t data_length, rlen;
int i, res;
#if DTLS_VERSION == 0xfeff
#ifndef SHA1_DIGEST_LENGTH
#define SHA1_DIGEST_LENGTH 20
#endif
uint8 hash_buf[16 + SHA1_DIGEST_LENGTH];
#elif DTLS_VERSION == 0xfefd
uint8 hash_buf[DTLS_SHA256_DIGEST_LENGTH];
#endif
#define verify_data_length 12
int is_client;
n++;
SKIP_ETH_HEADER(packet, length);
SKIP_IP_HEADER(packet, length);
/* determine from port if this is a client */
is_client = dtls_uint16_to_int(packet) != 20220;
SKIP_UDP_HEADER(packet, length);
while (length) {
rlen = dtls_uint16_to_int(packet + 11) + sizeof(dtls_record_header_t);
if (!rlen) {
fprintf(stderr, "invalid length!\n");
return;
}
/* skip packet if it is from a different epoch */
if (dtls_uint16_to_int(packet + 3) != epoch[is_client])
goto next;
res = decrypt_verify(is_client, packet, rlen,
&data, &data_length);
if (res <= 0)
goto next;
printf("packet %d (from %s):\n", n, is_client ? "client" : "server");
hexdump(packet, sizeof(dtls_record_header_t));
printf("\n");
hexdump(data, data_length);
printf("\n");
if (packet[0] == 22 && data[0] == 1) { /* ClientHello */
if (memcmp(packet, initial_hello, sizeof(initial_hello)) == 0)
goto next;
memcpy(dtls_kb_client_iv(OTHER_CONFIG), data + 14, 32);
clear_hash();
#if DTLS_VERSION == 0xfeff
hs_hash[0] = dtls_new_hash(HASH_MD5);
hs_hash[1] = dtls_new_hash(HASH_SHA1);
hs_hash[0]->init(hs_hash[0]->data);
hs_hash[1]->init(hs_hash[1]->data);
#elif DTLS_VERSION == 0xfefd
dtls_hash_init(hs_hash[0]);
#endif
}
if (packet[0] == 22 && data[0] == 2) { /* ServerHello */
memcpy(dtls_kb_server_iv(OTHER_CONFIG), data + 14, 32);
/* FIXME: search in ciphers */
OTHER_CONFIG->cipher = TLS_PSK_WITH_AES_128_CCM_8;
}
if (packet[0] == 20 && data[0] == 1) { /* ChangeCipherSpec */
printf("client random: ");
dump(dtls_kb_client_iv(OTHER_CONFIG), 32);
printf("\nserver random: ");
dump(dtls_kb_server_iv(OTHER_CONFIG), 32);
printf("\n");
master_secret_len =
dtls_prf(pre_master_secret, pre_master_len,
(unsigned char *)"master secret", 13,
dtls_kb_client_iv(OTHER_CONFIG), 32,
dtls_kb_server_iv(OTHER_CONFIG), 32,
master_secret, DTLS_MASTER_SECRET_LENGTH);
printf("master_secret:\n ");
for(i = 0; i < master_secret_len; i++)
printf("%02x", master_secret[i]);
printf("\n");
/* create key_block from master_secret
* key_block = PRF(master_secret,
"key expansion" + server_random + client_random) */
dtls_prf(master_secret, master_secret_len,
(unsigned char *)"key expansion", 13,
dtls_kb_server_iv(OTHER_CONFIG), 32,
dtls_kb_client_iv(OTHER_CONFIG), 32,
OTHER_CONFIG->key_block,
dtls_kb_size(OTHER_CONFIG));
OTHER_CONFIG->read_cipher =
dtls_cipher_new(OTHER_CONFIG->cipher,
dtls_kb_client_write_key(OTHER_CONFIG),
dtls_kb_key_size(OTHER_CONFIG));
if (!OTHER_CONFIG->read_cipher) {
warn("cannot create read cipher\n");
} else {
dtls_cipher_set_iv(OTHER_CONFIG->read_cipher,
dtls_kb_client_iv(OTHER_CONFIG),
dtls_kb_iv_size(OTHER_CONFIG));
}
OTHER_CONFIG->write_cipher =
dtls_cipher_new(OTHER_CONFIG->cipher,
dtls_kb_server_write_key(OTHER_CONFIG),
dtls_kb_key_size(OTHER_CONFIG));
if (!OTHER_CONFIG->write_cipher) {
warn("cannot create write cipher\n");
} else {
dtls_cipher_set_iv(OTHER_CONFIG->write_cipher,
dtls_kb_server_iv(OTHER_CONFIG),
dtls_kb_iv_size(OTHER_CONFIG));
}
/* if (is_client) */
SWITCH_CONFIG;
epoch[is_client]++;
printf("key_block:\n");
printf(" client_MAC_secret:\t");
dump(dtls_kb_client_mac_secret(CURRENT_CONFIG),
dtls_kb_mac_secret_size(CURRENT_CONFIG));
printf("\n");
printf(" server_MAC_secret:\t");
dump(dtls_kb_server_mac_secret(CURRENT_CONFIG),
dtls_kb_mac_secret_size(CURRENT_CONFIG));
printf("\n");
printf(" client_write_key:\t");
dump(dtls_kb_client_write_key(CURRENT_CONFIG),
dtls_kb_key_size(CURRENT_CONFIG));
printf("\n");
printf(" server_write_key:\t");
dump(dtls_kb_server_write_key(CURRENT_CONFIG),
dtls_kb_key_size(CURRENT_CONFIG));
printf("\n");
printf(" client_IV:\t\t");
dump(dtls_kb_client_iv(CURRENT_CONFIG),
dtls_kb_iv_size(CURRENT_CONFIG));
printf("\n");
printf(" server_IV:\t\t");
dump(dtls_kb_server_iv(CURRENT_CONFIG),
dtls_kb_iv_size(CURRENT_CONFIG));
printf("\n");
}
if (packet[0] == 22) {
if (data[0] == 20) { /* Finished */
finalize_hash(hash_buf);
/* clear_hash(); */
update_hash((unsigned char *)packet, sizeof(dtls_record_header_t),
data, data_length);
dtls_prf(master_secret, master_secret_len,
is_client
? (unsigned char *)"client finished"
: (unsigned char *)"server finished"
, 15,
hash_buf, sizeof(hash_buf),
NULL, 0,
data + sizeof(dtls_handshake_header_t),
verify_data_length);
printf("verify_data:\n");
dump(data, data_length);
printf("\n");
} else {
update_hash((unsigned char *)packet, sizeof(dtls_record_header_t),
data, data_length);
}
}
if (packet[0] == 23) { /* Application Data */
printf("Application Data:\n");
dump(data, data_length);
printf("\n");
}
next:
length -= rlen;
packet += rlen;
}
}
/*---------------------------------------------------------------------------*
* NAME: fuzz_engine
* DESC: fetch and parse each ad instructions
*---------------------------------------------------------------------------*/
unsigned int fuzz_engine(config *conf) {
int result;
int error_occured = 0;
/* debug */
debug(1, "<-----------------------[enter]\n");
/* if mode file, open the debugger file */
if (conf->type == 2) {
if(create_debugger_file(conf)) return -1;
}
do {
/* parse all the file */
while (conf->adc->offset < conf->adc->size) {
/* fetch the instruction */
if (fetch_instruction(conf)) return -200;
}
/* compute the lengths */
update_length(conf);
/* compute the hash values */
update_hash(conf);
/* send the start message to the debugger. i.e. the fuzzer cannot speak
with the debugger anymore, only the debugger send messages to the fuzzer */
if ((conf->dbg_mode) && (!conf->ring_zero))
if (dbg_send_msg(conf, INET_START_A_MSG, 0 , NULL, 0)) return -1;
/* start the fuzzing */
result = start_fuzz(conf);
if (result == -1)
error_occured = 1;
/* free the (big) fuzz buffer */
if (conf->buf_fuzz) {
free(conf->buf_fuzz);
conf->buf_fuzz = NULL;
}
/* free the blocks */
free_block(conf);
/* free the lengths */
free_length(conf);
/* free the hashes */
free_hash(conf);
/* free the chronos */
free_chrono(conf);
/* reset the offset */
conf->adc->offset = conf->adc->start;
/* add a value to the fuzz counter */
conf->fuzz_file_id++;
/* we close the debugger file */
if ((conf->type == 2) && (!conf->ring_zero)) {
if(fclose(conf->fuzz_file_dbg)) {
error_("error closing the debugger file.\n");
perror("");
error_("QUITTING!\n");
return -1;
}
}
/* we are no more in the ring zero mode */
conf->ring_zero = 1;
} while (!fuzz_finished(conf) && (error_occured == 0));
/* free the fuzz */
if (conf->fuzz) {
struct struct_fuzz *fuzz;
struct struct_fuzz *fuzz_to_free;
fuzz = conf->fuzz;
while (fuzz) {
fuzz_to_free = fuzz;
fuzz = fuzz->next;
/* before freeing fuzz, free source */
if (fuzz_to_free->source) {
struct struct_source *source;
struct struct_source *source_to_free;
source = fuzz_to_free->source;
/* free the filename first */
while(source) {
source_to_free = source;
source = source->next;
debug(3, "free source: %d filename: \"%s\"\n", source_to_free->id, source_to_free->filename);
if (source_to_free->filename) free(source_to_free->filename);
free(source_to_free);
}
}
debug(3, "free fuzz[%d]\n", fuzz_to_free->id);
free(fuzz_to_free);
}
conf->fuzz = NULL;
}
/* debug */
debug(1, "<-----------------------[quit]\n");
/* return value */
return 0;
}
void GarbledCct::evl_next_gate(const Gate ¤t_gate)
{
__m128i current_key, a;
Bytes::const_iterator it;
static Bytes tmp;
if (current_gate.m_tag == Circuit::GEN_INP)
{
uint8_t bit = m_gen_inp_mask.get_ith_bit(m_gen_inp_ix);
Bytes::iterator it = m_i_bufr_ix + bit*Env::key_size_in_bytes();
tmp = m_M[m_gen_inp_ix].to_bytes().hash(Env::k());
tmp.resize(16, 0);
current_key = _mm_loadu_si128(reinterpret_cast<__m128i*>(&tmp[0]));
tmp.assign(it, it+Env::key_size_in_bytes());
tmp.resize(16, 0);
a = _mm_loadu_si128(reinterpret_cast<__m128i*>(&tmp[0]));
m_i_bufr_ix += Env::key_size_in_bytes()*2;
current_key = _mm_xor_si128(current_key, a);
m_gen_inp_ix++;
}
else if (current_gate.m_tag == Circuit::EVL_INP)
{
uint8_t bit = m_evl_inp.get_ith_bit(m_evl_inp_ix);
Bytes::iterator it = m_i_bufr_ix + bit*Env::key_size_in_bytes();
tmp = (*m_ot_keys)[m_evl_inp_ix];
tmp.resize(16, 0);
current_key = _mm_loadu_si128(reinterpret_cast<__m128i*>(&tmp[0]));
tmp.assign(it, it+Env::key_size_in_bytes());
tmp.resize(16, 0);
a = _mm_loadu_si128(reinterpret_cast<__m128i*>(&tmp[0]));
m_i_bufr_ix += Env::key_size_in_bytes()*2;
current_key = _mm_xor_si128(current_key, a);
m_evl_inp_ix++;
}
else
{
const vector<uint64_t> &inputs = current_gate.m_input_idx;
#ifdef FREE_XOR
if (is_xor(current_gate))
{
current_key = inputs.size() == 2?
_mm_xor_si128(m_w[inputs[0]], m_w[inputs[1]]) : _mm_load_si128(m_w+inputs[0]);
}
else
#endif
if (inputs.size() == 2) // 2-arity gates
{
__m128i aes_key[2], aes_plaintext, aes_ciphertext;
aes_plaintext = _mm_set1_epi64x(m_gate_ix);
aes_key[0] = _mm_load_si128(m_w+inputs[0]);
aes_key[1] = _mm_load_si128(m_w+inputs[1]);
const uint8_t perm_x = _mm_extract_epi8(aes_key[0], 0) & 0x01;
const uint8_t perm_y = _mm_extract_epi8(aes_key[1], 0) & 0x01;
KDF256((uint8_t*)&aes_plaintext, (uint8_t*)&aes_ciphertext, (uint8_t*)aes_key);
aes_ciphertext = _mm_and_si128(aes_ciphertext, m_clear_mask);
uint8_t garbled_ix = (perm_y<<1) | (perm_x<<0);
#ifdef GRR
if (garbled_ix == 0)
{
current_key = _mm_load_si128(&aes_ciphertext);
}
else
{
it = m_i_bufr_ix+(garbled_ix-1)*Env::key_size_in_bytes();
tmp.assign(it, it+Env::key_size_in_bytes());
tmp.resize(16, 0);
a = _mm_loadu_si128(reinterpret_cast<__m128i*>(&tmp[0]));
current_key = _mm_xor_si128(aes_ciphertext, a);
}
m_i_bufr_ix += 3*Env::key_size_in_bytes();
#else
it = m_i_bufr_ix + garbled_ix*Env::key_size_in_bytes();
tmp.assign(it, it+Env::key_size_in_bytes());
tmp.resize(16, 0);
current_key = _mm_loadu_si128(reinterpret_cast<__m128i*>(&tmp[0]));
current_key = _mm_xor_si128(current_key, aes_ciphertext);
m_i_bufr_ix += 4*Env::key_size_in_bytes();
#endif
}
else // 1-arity gates
{
__m128i aes_key, aes_plaintext, aes_ciphertext;
aes_plaintext = _mm_set1_epi64x(m_gate_ix);
aes_key = _mm_load_si128(m_w+inputs[0]);
KDF128((uint8_t*)&aes_plaintext, (uint8_t*)&aes_ciphertext, (uint8_t*)&aes_key);
aes_ciphertext = _mm_and_si128(aes_ciphertext, m_clear_mask);
const uint8_t perm_x = _mm_extract_epi8(aes_key, 0) & 0x01;
#ifdef GRR
if (perm_x == 0)
{
current_key = _mm_load_si128(&aes_ciphertext);
}
else
{
tmp.assign(m_i_bufr_ix, m_i_bufr_ix+Env::key_size_in_bytes());
tmp.resize(16, 0);
a = _mm_loadu_si128(reinterpret_cast<__m128i*>(&tmp[0]));
current_key = _mm_xor_si128(aes_ciphertext, a);
}
m_i_bufr_ix += Env::key_size_in_bytes();
#else
it = m_i_bufr_ix + garbled_ix*Env::key_size_in_bytes();
tmp.assign(it, it+Env::key_size_in_bytes());
tmp.resize(16, 0);
current_key = _mm_loadu_si128(reinterpret_cast<__m128i*>(&tmp[0]));
current_key = _mm_xor_si128(current_key, aes_ciphertext);
m_i_bufr_ix += 2*Env::key_size_in_bytes();
#endif
}
if (current_gate.m_tag == Circuit::EVL_OUT)
{
uint8_t out_bit = _mm_extract_epi8(current_key, 0) & 0x01;
out_bit ^= *m_i_bufr_ix;
m_evl_out.set_ith_bit(m_evl_out_ix, out_bit);
m_i_bufr_ix++;
m_evl_out_ix++;
}
else if (current_gate.m_tag == Circuit::GEN_OUT)
{
// TODO: Ki08 implementation
uint8_t out_bit = _mm_extract_epi8(current_key, 0) & 0x01;
out_bit ^= *m_i_bufr_ix;
m_gen_out.set_ith_bit(m_gen_out_ix, out_bit);
m_i_bufr_ix++;
// m_C[2*m_gen_out_ix+0] = Bytes(m_i_bufr_ix, m_i_bufr_ix+Env::key_size_in_bytes());
// m_i_bufr_ix += Env::key_size_in_bytes();
//
// m_C[2*m_gen_out_ix+1] = Bytes(m_i_bufr_ix, m_i_bufr_ix+Env::key_size_in_bytes());
// m_i_bufr_ix += Env::key_size_in_bytes();
m_gen_out_ix++;
}
}
_mm_store_si128(m_w+current_gate.m_idx, current_key);
update_hash(m_i_bufr);
m_gate_ix++;
}
void GarbledCct::com_next_gate(const Gate ¤t_gate)
{
gen_next_gate(current_gate);
update_hash(m_o_bufr);
m_o_bufr.clear(); // flush the output buffer
}
int
do_integrity_check (void)
{
int i,rows, err;
unsigned long start_addr = 0;
unsigned long end_addr = 0;
unsigned char runtime_hmac[32];
struct hash_desc desc;
const char * builtime_hmac = 0;
unsigned int size = 0;
err = init_hash (&desc);
if (err)
{
printk (KERN_ERR "FIPS(%s): init_hash failed", __FUNCTION__);
return -1;
}
rows = (unsigned int) sizeof (symtab) / sizeof (symtab[0]);
for (i = 0; i < rows; i++)
{
err = query_symbol_addresses (symtab[i][1], symtab[i][2], &start_addr, &end_addr);
if (err)
{
printk (KERN_ERR "FIPS(%s): Error to get start / end addresses", __FUNCTION__);
crypto_free_hash (desc.tfm);
return -1;
}
#ifdef FIPS_DEBUG
dump_bytes(symtab[i][0], symtab[i][1], symtab[i][2]);
#endif
size = end_addr - start_addr;
err = update_hash (&desc, (unsigned char *)start_addr, size);
if (err)
{
printk (KERN_ERR "FIPS(%s): Error to update hash", __FUNCTION__);
crypto_free_hash (desc.tfm);
return -1;
}
}
err = finalize_hash (&desc, runtime_hmac, sizeof(runtime_hmac));
crypto_free_hash (desc.tfm);
if (err)
{
printk (KERN_ERR "FIPS(%s): Error in finalize", __FUNCTION__);
return -1;
}
builtime_hmac = get_builtime_crypto_hmac();
if (!builtime_hmac)
{
printk (KERN_ERR "FIPS(%s): Unable to retrieve builtime_hmac", __FUNCTION__);
return -1;
}
#ifdef FIPS_DEBUG
print_hex_dump_bytes ("FIPS CRYPTO RUNTIME : runtime hmac = ",DUMP_PREFIX_NONE, runtime_hmac, sizeof(runtime_hmac));
print_hex_dump_bytes ("FIPS CRYPTO RUNTIME : builtime_hmac = ",DUMP_PREFIX_NONE, builtime_hmac , sizeof(runtime_hmac));
#endif
if (!memcmp (builtime_hmac, runtime_hmac, sizeof(runtime_hmac)))
{
printk (KERN_INFO "FIPS: Integrity Check Passed");
return 0;
}
else
{
printk (KERN_ERR "FIPS(%s): Integrity Check Failed", __FUNCTION__);
set_in_fips_err();
return -1;
}
return -1;
}
void Block::from_buffer (unsigned char *buffer, int block_size)
{
size = block_size;
this->buffer = buffer;
update_hash ();
}
/**
* Parse attribute data based on attribute type
*
* \details
* Parses the attribute data based on the passed attribute type.
* Parsed_data will be updated based on the attribute data parsed.
*
* \param [in] attr_type Attribute type
* \param [in] attr_len Length of the attribute data
* \param [in] data Pointer to the attribute data
* \param [out] parsed_update Reference to parsed_update; will be updated with all parsed data
*/
void parseBgpLib::parseAttrData(u_char attr_type, uint16_t attr_len, u_char *data, parsed_update &update, MD5 &hash) {
u_char ipv4_raw[4];
char ipv4_char[16];
uint32_t value32bit;
uint16_t value16bit;
if (p_info)
hash.update((unsigned char *) p_info->peer_hash_str.c_str(), p_info->peer_hash_str.length());
/*
* Parse based on attribute type
*/
switch (attr_type) {
case ATTR_TYPE_ORIGIN : // Origin
update.attrs[LIB_ATTR_ORIGIN].official_type = ATTR_TYPE_ORIGIN;
update.attrs[LIB_ATTR_ORIGIN].name = parse_bgp_lib::parse_bgp_lib_attr_names[LIB_ATTR_ORIGIN];
switch (data[0]) {
case 0 :
update.attrs[LIB_ATTR_ORIGIN].value.push_back(std::string("igp"));
break;
case 1 :
update.attrs[LIB_ATTR_ORIGIN].value.push_back(std::string("egp"));
break;
case 2 :
update.attrs[LIB_ATTR_ORIGIN].value.push_back(std::string("incomplete"));
break;
}
update_hash(&update.attrs[LIB_ATTR_ORIGIN].value, &hash);
break;
case ATTR_TYPE_AS_PATH : // AS_PATH
parseAttrDataAsPath(attr_len, data, update);
update_hash(&update.attrs[LIB_ATTR_AS_PATH].value, &hash);
break;
case ATTR_TYPE_NEXT_HOP : // Next hop v4
memcpy(ipv4_raw, data, 4);
inet_ntop(AF_INET, ipv4_raw, ipv4_char, sizeof(ipv4_char));
update.attrs[LIB_ATTR_NEXT_HOP].official_type = ATTR_TYPE_NEXT_HOP;
update.attrs[LIB_ATTR_NEXT_HOP].name = parse_bgp_lib::parse_bgp_lib_attr_names[LIB_ATTR_NEXT_HOP];
update.attrs[LIB_ATTR_NEXT_HOP].value.push_back(std::string(ipv4_char));
update_hash(&update.attrs[LIB_ATTR_NEXT_HOP].value, &hash);
break;
case ATTR_TYPE_MED : // MED value
{
memcpy(&value32bit, data, 4);
parse_bgp_lib::SWAP_BYTES(&value32bit);
std::ostringstream numString;
numString << value32bit;
update.attrs[LIB_ATTR_MED].official_type = ATTR_TYPE_MED;
update.attrs[LIB_ATTR_MED].name = parse_bgp_lib::parse_bgp_lib_attr_names[LIB_ATTR_MED];
update.attrs[LIB_ATTR_MED].value.push_back(numString.str());
update_hash(&update.attrs[LIB_ATTR_MED].value, &hash);
break;
}
case ATTR_TYPE_LOCAL_PREF : // local pref value
{
memcpy(&value32bit, data, 4);
parse_bgp_lib::SWAP_BYTES(&value32bit);
std::ostringstream numString;
numString << value32bit;
char numstring[100] = {0};
update.attrs[LIB_ATTR_LOCAL_PREF].official_type = ATTR_TYPE_LOCAL_PREF;
update.attrs[LIB_ATTR_LOCAL_PREF].name = parse_bgp_lib::parse_bgp_lib_attr_names[LIB_ATTR_LOCAL_PREF];
update.attrs[LIB_ATTR_LOCAL_PREF].value.push_back(numString.str());
update_hash(&update.attrs[LIB_ATTR_LOCAL_PREF].value, &hash);
break;
}
case ATTR_TYPE_ATOMIC_AGGREGATE : // Atomic aggregate
update.attrs[LIB_ATTR_ATOMIC_AGGREGATE].official_type = ATTR_TYPE_ATOMIC_AGGREGATE;
update.attrs[LIB_ATTR_ATOMIC_AGGREGATE].name = parse_bgp_lib::parse_bgp_lib_attr_names[LIB_ATTR_ATOMIC_AGGREGATE];
update.attrs[LIB_ATTR_ATOMIC_AGGREGATE].value.push_back(std::string("1"));
break;
case ATTR_TYPE_AGGREGATOR : // Aggregator
parseAttrDataAggregator(attr_len, data, update);
update_hash(&update.attrs[LIB_ATTR_AGGREGATOR].value, &hash);
break;
case ATTR_TYPE_ORIGINATOR_ID : // Originator ID
memcpy(ipv4_raw, data, 4);
inet_ntop(AF_INET, ipv4_raw, ipv4_char, sizeof(ipv4_char));
update.attrs[LIB_ATTR_ORIGINATOR_ID].official_type = ATTR_TYPE_ORIGINATOR_ID;
update.attrs[LIB_ATTR_ORIGINATOR_ID].name = parse_bgp_lib::parse_bgp_lib_attr_names[LIB_ATTR_ORIGINATOR_ID];
update.attrs[LIB_ATTR_ORIGINATOR_ID].value.push_back(std::string(ipv4_char));
break;
case ATTR_TYPE_CLUSTER_LIST : // Cluster List (RFC 4456)
// According to RFC 4456, the value is a sequence of cluster id's
update.attrs[LIB_ATTR_CLUSTER_LIST].official_type = ATTR_TYPE_CLUSTER_LIST;
update.attrs[LIB_ATTR_CLUSTER_LIST].name = parse_bgp_lib::parse_bgp_lib_attr_names[LIB_ATTR_CLUSTER_LIST];
for (int i = 0; i < attr_len; i += 4) {
memcpy(ipv4_raw, data, 4);
data += 4;
inet_ntop(AF_INET, ipv4_raw, ipv4_char, sizeof(ipv4_char));
update.attrs[LIB_ATTR_CLUSTER_LIST].value.push_back(std::string(ipv4_char));
}
break;
case ATTR_TYPE_COMMUNITIES : // Community list
{
update.attrs[LIB_ATTR_COMMUNITIES].official_type = ATTR_TYPE_COMMUNITIES;
update.attrs[LIB_ATTR_COMMUNITIES].name = parse_bgp_lib::parse_bgp_lib_attr_names[LIB_ATTR_COMMUNITIES];
for (int i = 0; i < attr_len; i += 4) {
std::ostringstream numString;
// Add entry
memcpy(&value16bit, data, 2);
data += 2;
parse_bgp_lib::SWAP_BYTES(&value16bit);
numString << value16bit;
numString << ":";
memcpy(&value16bit, data, 2);
data += 2;
parse_bgp_lib::SWAP_BYTES(&value16bit);
numString << value16bit;
update.attrs[LIB_ATTR_COMMUNITIES].value.push_back(numString.str());
}
update_hash(&update.attrs[LIB_ATTR_COMMUNITIES].value, &hash);
break;
}
case ATTR_TYPE_EXT_COMMUNITY : // extended community list (RFC 4360)
{
update.attrs[LIB_ATTR_EXT_COMMUNITY].official_type = ATTR_TYPE_EXT_COMMUNITY;
update.attrs[LIB_ATTR_EXT_COMMUNITY].name = parse_bgp_lib::parse_bgp_lib_attr_names[LIB_ATTR_EXT_COMMUNITY];
parse_bgp_lib::ExtCommunity ec(this, logger, debug);
ec.parseExtCommunities(attr_len, data, update);
update_hash(&update.attrs[LIB_ATTR_EXT_COMMUNITY].value, &hash);
break;
}
case ATTR_TYPE_IPV6_EXT_COMMUNITY : // IPv6 specific extended community list (RFC 5701)
{
update.attrs[LIB_ATTR_IPV6_EXT_COMMUNITY].official_type = ATTR_TYPE_IPV6_EXT_COMMUNITY;
update.attrs[LIB_ATTR_IPV6_EXT_COMMUNITY].name = parse_bgp_lib::parse_bgp_lib_attr_names[LIB_ATTR_IPV6_EXT_COMMUNITY];
parse_bgp_lib::ExtCommunity ec6(this, logger, debug);
ec6.parsev6ExtCommunities(attr_len, data, update);
break;
}
case ATTR_TYPE_MP_REACH_NLRI : // RFC4760
{
parse_bgp_lib::MPReachAttr mp(this, logger, debug);
mp.parseReachNlriAttr(attr_len, data, update);
break;
}
case ATTR_TYPE_MP_UNREACH_NLRI : // RFC4760
{
parse_bgp_lib::MPUnReachAttr mp(this, logger, debug);
mp.parseUnReachNlriAttr(attr_len, data, update);
break;
}
case ATTR_TYPE_AS_PATHLIMIT : // deprecated
{
break;
}
case ATTR_TYPE_BGP_LS: {
MPLinkStateAttr ls(this, logger, &update, debug);
ls.parseAttrLinkState(attr_len, data);
break;
}
case ATTR_TYPE_AS4_PATH: {
SELF_DEBUG("%sAttribute type AS4_PATH is not yet implemented, skipping for now.", debug_prepend_string.c_str());
break;
}
case ATTR_TYPE_AS4_AGGREGATOR: {
SELF_DEBUG("%sAttribute type AS4_AGGREGATOR is not yet implemented, skipping for now.", debug_prepend_string.c_str());
break;
}
default:
LOG_INFO("%sAttribute type %d is not yet implemented or intentionally ignored, skipping for now.",
debug_prepend_string.c_str(), attr_type);
break;
} // END OF SWITCH ATTR TYPE
}
/**
* Parses the BGP prefixes (advertised and withdrawn) in the update
*
* \details
* Parses all attributes. Decoded values are updated in 'parsed_data'
*
* \param [in] data Pointer to the start of the prefixes to be parsed
* \param [in] len Length of the data in bytes to be read
* \param [in] nlri_list Reference to parsed_update_data nlri list;
*/
void parseBgpLib::parseBgpNlri_v4(u_char *data, uint16_t len, std::list<parse_bgp_lib_nlri> &nlri_list) {
u_char ipv4_raw[4];
char ipv4_char[16];
u_char addr_bytes;
uint32_t path_id;
u_char prefix_len;
std::ostringstream numString;
if (len <= 0 or data == NULL)
return;
// Loop through all prefixes
for (size_t read_size = 0; read_size < len; read_size++) {
parse_bgp_lib_nlri nlri;
nlri.afi = parse_bgp_lib::BGP_AFI_IPV4;
nlri.safi = parse_bgp_lib::BGP_SAFI_UNICAST;
nlri.type = parse_bgp_lib::LIB_NLRI_TYPE_NONE;
// Generate the hash
MD5 hash;
bzero(ipv4_raw, sizeof(ipv4_raw));
// Parse add-paths if enabled
bool peer_info_addpath = p_info and p_info->add_path_capability.isAddPathEnabled(bgp::BGP_AFI_IPV4, bgp::BGP_SAFI_UNICAST);
if ((peer_info_addpath or addPathCap[BGP_AFI_IPV4_INTERNAL][BGP_SAFI_UNICAST_INTERNAL])
and (len - read_size) >= 4) {
memcpy(&path_id, data, 4);
parse_bgp_lib::SWAP_BYTES(&path_id);
data += 4;
read_size += 4;
} else
path_id = 0;
numString.str(std::string());
numString << path_id;
nlri.nlri[LIB_NLRI_PATH_ID].name = parse_bgp_lib::parse_bgp_lib_nlri_names[LIB_NLRI_PATH_ID];
nlri.nlri[LIB_NLRI_PATH_ID].value.push_back(numString.str());
if (path_id > 0)
update_hash(&nlri.nlri[LIB_NLRI_PATH_ID].value, &hash);
// set the address in bits length
prefix_len = *data++;
numString.str(std::string());
numString << static_cast<unsigned>(prefix_len);
nlri.nlri[LIB_NLRI_PREFIX_LENGTH].name = parse_bgp_lib::parse_bgp_lib_nlri_names[LIB_NLRI_PREFIX_LENGTH];
nlri.nlri[LIB_NLRI_PREFIX_LENGTH].value.push_back(numString.str());
update_hash(&nlri.nlri[LIB_NLRI_PREFIX_LENGTH].value, &hash);
// Figure out how many bytes the bits requires
addr_bytes = prefix_len / 8;
if (prefix_len % 8)
++addr_bytes;
SELF_DEBUG("%sReading NLRI data prefix bits=%d bytes=%d", debug_prepend_string.c_str(), prefix_len, addr_bytes);
if (addr_bytes <= 4) {
memcpy(ipv4_raw, data, addr_bytes);
read_size += addr_bytes;
data += addr_bytes;
// Convert the IP to string printed format
inet_ntop(AF_INET, ipv4_raw, ipv4_char, sizeof(ipv4_char));
nlri.nlri[LIB_NLRI_PREFIX].name = parse_bgp_lib::parse_bgp_lib_nlri_names[LIB_NLRI_PREFIX];
nlri.nlri[LIB_NLRI_PREFIX].value.push_back(ipv4_char);
update_hash(&nlri.nlri[LIB_NLRI_PREFIX].value, &hash);
SELF_DEBUG("%sAdding prefix %s len %d", debug_prepend_string.c_str(), ipv4_char, prefix_len);
// set the raw/binary address
nlri.nlri[LIB_NLRI_PREFIX_BIN].name = parse_bgp_lib::parse_bgp_lib_nlri_names[LIB_NLRI_PREFIX_BIN];
nlri.nlri[LIB_NLRI_PREFIX_BIN].value.push_back(std::string(ipv4_raw, ipv4_raw + 4));
//Update hash to include peer hash id
if (p_info)
hash.update((unsigned char *) p_info->peer_hash_str.c_str(), p_info->peer_hash_str.length());
hash.finalize();
// Save the hash
unsigned char *hash_raw = hash.raw_digest();
nlri.nlri[LIB_NLRI_HASH].name = parse_bgp_lib::parse_bgp_lib_nlri_names[LIB_NLRI_HASH];
nlri.nlri[LIB_NLRI_HASH].value.push_back(parse_bgp_lib::hash_toStr(hash_raw));
delete[] hash_raw;
nlri.nlri[LIB_NLRI_IS_IPV4].name =parse_bgp_lib_nlri_names[LIB_NLRI_IS_IPV4];
nlri.nlri[LIB_NLRI_IS_IPV4].value.push_back(string("1"));
// Add tuple to prefix list
nlri_list.push_back(nlri);
} else if (addr_bytes > 4) {
LOG_NOTICE("%sNRLI v4 address is larger than 4 bytes bytes=%d len=%d", debug_prepend_string.c_str(), addr_bytes, prefix_len);
}
}
}
void Trie::UpdateHash(){
root_hash_ = update_hash(root_).hash();
}
protocol::Child Trie::update_hash(NodeFrm::POINTER node){
int branch_count = 0;
int onlybranch = -1;
int64_t children_count = 0;
//////////////////////////////////////////////////////////////
if (!node->leaf_deleted_){
if (node->leaf_ != nullptr){
protocol::Child* this_child = node->info_.mutable_children(16);
#ifdef COUNT
this_child->set_count(1);
#endif
this_child->set_sublocation(node->location_);
this_child->set_hash(HashCrypto(*(node->leaf_)));
this_child->set_childtype(protocol::LEAF);
StorageSaveLeaf(node);
}
}
else{
protocol::Child* ch = node->info_.mutable_children(16);
ch->Clear();
StorageDeleteLeaf(node);
}
if (node->info_.children(16).childtype() != protocol::CHILDTYPE::NONE){
branch_count++;
onlybranch = 16;
children_count++;
}
for (int i = 0; i < 16; i++){
NodeFrm::POINTER child = node->children_[i];
if ((child != nullptr) && (child->modified_)){
protocol::Child childresult = update_hash(child);
node->info_.mutable_children(i)->CopyFrom(childresult);
}
if (node->info_.children(i).childtype() != protocol::CHILDTYPE::NONE){
branch_count++;
onlybranch = i;
#ifdef COUNT
if (node->info_.children(i).count() == 0){
printf("fatel error");
}
children_count += node->info_.children(i).count();
#endif
}
}
protocol::Child result;
#ifdef COUNT
result.set_count(children_count);
#endif
if (branch_count == 0 && node->location_ != rootl){
StorageDeleteNode(node);
//node->indb_ = false;
}
else if (branch_count == 1 && node->location_ != rootl){
StorageDeleteNode(node);
//node->indb_ = false;
result.CopyFrom(node->info_.children(onlybranch));
}
else {
StorageSaveNode(node);
result.set_hash(HashCrypto(node->info_.SerializeAsString()));
result.set_sublocation(node->location_);
result.set_childtype(protocol::CHILDTYPE::INNER);
#ifdef COUNT
result.set_count(children_count);
#endif
}
node->modified_ = false;
return result;
}
