src/lib/crypt_ops/crypto_format.c

   1 /* Copyright (c) 2001, Matej Pfajfar.
   2  * Copyright (c) 2001-2004, Roger Dingledine.
   3  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
   4  * Copyright (c) 2007-2020, The Tor Project, Inc. */
   5 /* See LICENSE for licensing information */
   6
   7 /**
   8  * \file crypto_format.c
   9  *
  10  * \brief Formatting and parsing code for crypto-related data structures.
  11  */
  12
  13 #include "orconfig.h"
  14 #ifdef HAVE_SYS_STAT_H
  15 #include <sys/stat.h>
  16 #endif
  17 #include "lib/container/smartlist.h"
  18 #include "lib/crypt_ops/crypto_curve25519.h"
  19 #include "lib/crypt_ops/crypto_digest.h"
  20 #include "lib/crypt_ops/crypto_ed25519.h"
  21 #include "lib/crypt_ops/crypto_format.h"
  22 #include "lib/crypt_ops/crypto_util.h"
  23 #include "lib/string/compat_string.h"
  24 #include "lib/string/util_string.h"
  25 #include "lib/string/printf.h"
  26 #include "lib/encoding/binascii.h"
  27 #include "lib/log/log.h"
  28 #include "lib/log/util_bug.h"
  29 #include "lib/fs/files.h"
  30
  31 #include <string.h>
  32 #include <errno.h>
  33
  34 /** Write the <b>datalen</b> bytes from <b>data</b> to the file named
  35  * <b>fname</b> in the tagged-data format.  This format contains a
  36  * 32-byte header, followed by the data itself.  The header is the
  37  * NUL-padded string "== <b>typestring</b>: <b>tag</b> ==".  The length
  38  * of <b>typestring</b> and <b>tag</b> must therefore be no more than
  39  * 24.
  40  **/
  41 int
  42 crypto_write_tagged_contents_to_file(const char *fname,
  43                                      const char *typestring,
  44                                      const char *tag,
  45                                      const uint8_t *data,
  46                                      size_t datalen)
  47 {
  48   char header[32];
  49   smartlist_t *chunks = smartlist_new();
  50   sized_chunk_t ch0, ch1;
  51   int r = -1;
  52
  53   memset(header, 0, sizeof(header));
  54   if (tor_snprintf(header, sizeof(header),
  55                    "== %s: %s ==", typestring, tag) < 0)
  56     goto end;
  57   ch0.bytes = header;
  58   ch0.len = 32;
  59   ch1.bytes = (const char*) data;
  60   ch1.len = datalen;
  61   smartlist_add(chunks, &ch0);
  62   smartlist_add(chunks, &ch1);
  63
  64   r = write_chunks_to_file(fname, chunks, 1, 0);
  65
  66  end:
  67   smartlist_free(chunks);
  68   return r;
  69 }
  70
  71 /** Read a tagged-data file from <b>fname</b> into the
  72  * <b>data_out_len</b>-byte buffer in <b>data_out</b>. Check that the
  73  * typestring matches <b>typestring</b>; store the tag into a newly allocated
  74  * string in <b>tag_out</b>. Return -1 on failure, and the number of bytes of
  75  * data on success.  Preserves the errno from reading the file. */
  76 ssize_t
  77 crypto_read_tagged_contents_from_file(const char *fname,
  78                                       const char *typestring,
  79                                       char **tag_out,
  80                                       uint8_t *data_out,
  81                                       ssize_t data_out_len)
  82 {
  83   char prefix[33];
  84   char *content = NULL;
  85   struct stat st;
  86   ssize_t r = -1;
  87   size_t st_size = 0;
  88   int saved_errno = 0;
  89
  90   *tag_out = NULL;
  91   st.st_size = 0;
  92   content = read_file_to_str(fname, RFTS_BIN|RFTS_IGNORE_MISSING, &st);
  93   if (! content) {
  94     saved_errno = errno;
  95     goto end;
  96   }
  97   if (st.st_size < 32 || st.st_size > 32 + data_out_len) {
  98     saved_errno = EINVAL;
  99     goto end;
 100   }
 101   st_size = (size_t)st.st_size;
 102
 103   memcpy(prefix, content, 32);
 104   prefix[32] = 0;
 105   /* Check type, extract tag. */
 106   if (strcmpstart(prefix, "== ") || strcmpend(prefix, " ==") ||
 107       ! fast_mem_is_zero(prefix+strlen(prefix), 32-strlen(prefix))) {
 108     saved_errno = EINVAL;
 109     goto end;
 110   }
 111
 112   if (strcmpstart(prefix+3, typestring) ||
 113       3+strlen(typestring) >= 32 ||
 114       strcmpstart(prefix+3+strlen(typestring), ": ")) {
 115     saved_errno = EINVAL;
 116     goto end;
 117   }
 118
 119   *tag_out = tor_strndup(prefix+5+strlen(typestring),
 120                          strlen(prefix)-8-strlen(typestring));
 121
 122   memcpy(data_out, content+32, st_size-32);
 123   r = st_size - 32;
 124
 125  end:
 126   if (content)
 127     memwipe(content, 0, st_size);
 128   tor_free(content);
 129   if (saved_errno)
 130     errno = saved_errno;
 131   return r;
 132 }
 133
 134 /** Encode <b>pkey</b> as a base64-encoded string in the buffer <b>output</b>.
 135  * If <b>pad</b> is false do not include trailing "=" characters, otherwise
 136  * include them. <b>output</b> must have at least
 137  * CURVE25519_BASE64_PADDED_LEN+1 bytes available, even if <b>pad</b> is false.
 138  * Can not fail.
 139  *
 140  * Careful! CURVE25519_BASE64_PADDED_LEN is one byte longer than
 141  * ED25519_BASE64_LEN.
 142  */
 143 void
 144 curve25519_public_to_base64(char *output,
 145                             const curve25519_public_key_t *pkey, bool pad)
 146 {
 147   int n, expected_len;
 148   if (pad) {
 149     n = base64_encode(output, CURVE25519_BASE64_PADDED_LEN+1,
 150                       (const char*)pkey->public_key,
 151                       CURVE25519_PUBKEY_LEN, 0);
 152     expected_len = CURVE25519_BASE64_PADDED_LEN;
 153   } else {
 154     n = base64_encode_nopad(output, CURVE25519_BASE64_PADDED_LEN+1,
 155                             (const uint8_t*)pkey->public_key,
 156                             CURVE25519_PUBKEY_LEN);
 157     expected_len = CURVE25519_BASE64_LEN;
 158   }
 159
 160   /* These asserts should always succeed, unless there is a bug in
 161    * base64_encode(). */
 162   tor_assert(n == expected_len);
 163   tor_assert(output[expected_len] == '\0');
 164 }
 165
 166 /** Try to decode a base64-encoded curve25519 public key from <b>input</b>
 167  * into the object at <b>pkey</b>. Return 0 on success, -1 on failure.
 168  * Accepts keys with or without a trailing "=". */
 169 int
 170 curve25519_public_from_base64(curve25519_public_key_t *pkey,
 171                               const char *input)
 172 {
 173   size_t len = strlen(input);
 174   if (len == CURVE25519_BASE64_LEN) {
 175     /* not padded */
 176     return digest256_from_base64((char*)pkey->public_key, input);
 177   } else if (len == CURVE25519_BASE64_PADDED_LEN) {
 178     char buf[CURVE25519_BASE64_PADDED_LEN+1];
 179     if (base64_decode(buf, sizeof(buf), input, len) != CURVE25519_PUBKEY_LEN)
 180       return -1;
 181     memcpy(pkey->public_key, buf, CURVE25519_PUBKEY_LEN);
 182     return 0;
 183   } else {
 184     return -1;
 185   }
 186 }
 187
 188 /** For logging convenience: Convert <b>pkey</b> to a statically allocated
 189  * base64 string and return it. Not threadsafe. Format not meant to be
 190  * computer-readable; it may change in the future. Subsequent calls invalidate
 191  * previous returns. */
 192 const char *
 193 ed25519_fmt(const ed25519_public_key_t *pkey)
 194 {
 195   static char formatted[ED25519_BASE64_LEN+1];
 196   if (pkey) {
 197     if (ed25519_public_key_is_zero(pkey)) {
 198       strlcpy(formatted, "<unset>", sizeof(formatted));
 199     } else {
 200       ed25519_public_to_base64(formatted, pkey);
 201     }
 202   } else {
 203     strlcpy(formatted, "<null>", sizeof(formatted));
 204   }
 205   return formatted;
 206 }
 207
 208 /** Try to decode the string <b>input</b> into an ed25519 public key. On
 209  * success, store the value in <b>pkey</b> and return 0. Otherwise return
 210  * -1. */
 211 int
 212 ed25519_public_from_base64(ed25519_public_key_t *pkey,
 213                            const char *input)
 214 {
 215   return digest256_from_base64((char*)pkey->pubkey, input);
 216 }
 217
 218 /** Encode the public key <b>pkey</b> into the buffer at <b>output</b>,
 219  * which must have space for ED25519_BASE64_LEN bytes of encoded key,
 220  * plus one byte for a terminating NUL.
 221  * Can not fail.
 222  *
 223  * Careful! ED25519_BASE64_LEN is one byte shorter than
 224  * CURVE25519_BASE64_PADDED_LEN.
 225  */
 226 void
 227 ed25519_public_to_base64(char *output,
 228                          const ed25519_public_key_t *pkey)
 229 {
 230   digest256_to_base64(output, (const char *)pkey->pubkey);
 231 }
 232
 233 /** Encode the signature <b>sig</b> into the buffer at <b>output</b>,
 234  * which must have space for ED25519_SIG_BASE64_LEN bytes of encoded signature,
 235  * plus one byte for a terminating NUL.
 236  * Can not fail.
 237  */
 238 void
 239 ed25519_signature_to_base64(char *output,
 240                             const ed25519_signature_t *sig)
 241 {
 242   char buf[256];
 243   int n = base64_encode_nopad(buf, sizeof(buf), sig->sig, ED25519_SIG_LEN);
 244   /* These asserts should always succeed, unless there is a bug in
 245    * base64_encode_nopad(). */
 246   tor_assert(n == ED25519_SIG_BASE64_LEN);
 247   tor_assert(buf[ED25519_SIG_BASE64_LEN] == '\0');
 248   memcpy(output, buf, ED25519_SIG_BASE64_LEN+1);
 249 }
 250
 251 /** Try to decode the string <b>input</b> into an ed25519 signature. On
 252  * success, store the value in <b>sig</b> and return 0. Otherwise return
 253  * -1. */
 254 int
 255 ed25519_signature_from_base64(ed25519_signature_t *sig,
 256                               const char *input)
 257 {
 258   if (strlen(input) != ED25519_SIG_BASE64_LEN)
 259     return -1;
 260   char decoded[128];
 261   int n = base64_decode(decoded, sizeof(decoded), input,
 262                         ED25519_SIG_BASE64_LEN);
 263   if (n < 0 || n != ED25519_SIG_LEN)
 264     return -1;
 265   memcpy(sig->sig, decoded, ED25519_SIG_LEN);
 266
 267   return 0;
 268 }
 269
 270 /** Base64 encode DIGEST_LEN bytes from <b>digest</b>, remove the trailing =
 271  * characters, and store the nul-terminated result in the first
 272  * BASE64_DIGEST_LEN+1 bytes of <b>d64</b>.
 273  * Can not fail. */
 274 void
 275 digest_to_base64(char *d64, const char *digest)
 276 {
 277   char buf[256];
 278   int n = base64_encode_nopad(buf, sizeof(buf),
 279                               (const uint8_t *)digest, DIGEST_LEN);
 280   /* These asserts should always succeed, unless there is a bug in
 281    * base64_encode_nopad(). */
 282   tor_assert(n == BASE64_DIGEST_LEN);
 283   tor_assert(buf[BASE64_DIGEST_LEN] == '\0');
 284   memcpy(d64, buf, BASE64_DIGEST_LEN+1);
 285 }
 286
 287 /** Given a base64 encoded, nul-terminated digest in <b>d64</b> (without
 288  * trailing newline or = characters), decode it and store the result in the
 289  * first DIGEST_LEN bytes at <b>digest</b>. */
 290 int
 291 digest_from_base64(char *digest, const char *d64)
 292 {
 293   if (base64_decode(digest, DIGEST_LEN, d64, strlen(d64)) == DIGEST_LEN)
 294     return 0;
 295   else
 296     return -1;
 297 }
 298
 299 /** Base64 encode DIGEST256_LINE bytes from <b>digest</b>, remove the
 300  * trailing = characters, and store the nul-terminated result in the first
 301  * BASE64_DIGEST256_LEN+1 bytes of <b>d64</b>.
 302  * Can not fail. */
 303 void
 304 digest256_to_base64(char *d64, const char *digest)
 305 {
 306   char buf[256];
 307   int n = base64_encode_nopad(buf, sizeof(buf),
 308                               (const uint8_t *)digest, DIGEST256_LEN);
 309   /* These asserts should always succeed, unless there is a bug in
 310    * base64_encode_nopad(). */
 311   tor_assert(n == BASE64_DIGEST256_LEN);
 312   tor_assert(buf[BASE64_DIGEST256_LEN] == '\0');
 313   memcpy(d64, buf, BASE64_DIGEST256_LEN+1);
 314 }
 315
 316 /** Given a base64 encoded, nul-terminated digest in <b>d64</b> (without
 317  * trailing newline or = characters), decode it and store the result in the
 318  * first DIGEST256_LEN bytes at <b>digest</b>. */
 319 int
 320 digest256_from_base64(char *digest, const char *d64)
 321 {
 322   if (base64_decode(digest, DIGEST256_LEN, d64, strlen(d64)) == DIGEST256_LEN)
 323     return 0;
 324   else
 325     return -1;
 326 }