crypto_format.c 8.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266
  1. /* Copyright (c) 2001, Matej Pfajfar.
  2. * Copyright (c) 2001-2004, Roger Dingledine.
  3. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
  4. * Copyright (c) 2007-2015, The Tor Project, Inc. */
  5. /* See LICENSE for licensing information */
  6. /* Formatting and parsing code for crypto-related data structures. */
  7. #include "orconfig.h"
  8. #ifdef HAVE_SYS_STAT_H
  9. #include <sys/stat.h>
  10. #endif
  11. #include "container.h"
  12. #include "crypto.h"
  13. #include "crypto_curve25519.h"
  14. #include "crypto_ed25519.h"
  15. #include "crypto_format.h"
  16. #include "util.h"
  17. #include "util_format.h"
  18. #include "torlog.h"
  19. /** Write the <b>datalen</b> bytes from <b>data</b> to the file named
  20. * <b>fname</b> in the tagged-data format. This format contains a
  21. * 32-byte header, followed by the data itself. The header is the
  22. * NUL-padded string "== <b>typestring</b>: <b>tag</b> ==". The length
  23. * of <b>typestring</b> and <b>tag</b> must therefore be no more than
  24. * 24.
  25. **/
  26. int
  27. crypto_write_tagged_contents_to_file(const char *fname,
  28. const char *typestring,
  29. const char *tag,
  30. const uint8_t *data,
  31. size_t datalen)
  32. {
  33. char header[32];
  34. smartlist_t *chunks = smartlist_new();
  35. sized_chunk_t ch0, ch1;
  36. int r = -1;
  37. memset(header, 0, sizeof(header));
  38. if (tor_snprintf(header, sizeof(header),
  39. "== %s: %s ==", typestring, tag) < 0)
  40. goto end;
  41. ch0.bytes = header;
  42. ch0.len = 32;
  43. ch1.bytes = (const char*) data;
  44. ch1.len = datalen;
  45. smartlist_add(chunks, &ch0);
  46. smartlist_add(chunks, &ch1);
  47. r = write_chunks_to_file(fname, chunks, 1, 0);
  48. end:
  49. smartlist_free(chunks);
  50. return r;
  51. }
  52. /** Read a tagged-data file from <b>fname</b> into the
  53. * <b>data_out_len</b>-byte buffer in <b>data_out</b>. Check that the
  54. * typestring matches <b>typestring</b>; store the tag into a newly allocated
  55. * string in <b>tag_out</b>. Return -1 on failure, and the number of bytes of
  56. * data on success. Preserves the errno from reading the file. */
  57. ssize_t
  58. crypto_read_tagged_contents_from_file(const char *fname,
  59. const char *typestring,
  60. char **tag_out,
  61. uint8_t *data_out,
  62. ssize_t data_out_len)
  63. {
  64. char prefix[33];
  65. char *content = NULL;
  66. struct stat st;
  67. ssize_t r = -1;
  68. size_t st_size = 0;
  69. int saved_errno = 0;
  70. *tag_out = NULL;
  71. st.st_size = 0;
  72. content = read_file_to_str(fname, RFTS_BIN|RFTS_IGNORE_MISSING, &st);
  73. if (! content) {
  74. saved_errno = errno;
  75. goto end;
  76. }
  77. if (st.st_size < 32 || st.st_size > 32 + data_out_len) {
  78. saved_errno = EINVAL;
  79. goto end;
  80. }
  81. st_size = (size_t)st.st_size;
  82. memcpy(prefix, content, 32);
  83. prefix[32] = 0;
  84. /* Check type, extract tag. */
  85. if (strcmpstart(prefix, "== ") || strcmpend(prefix, " ==") ||
  86. ! tor_mem_is_zero(prefix+strlen(prefix), 32-strlen(prefix))) {
  87. saved_errno = EINVAL;
  88. goto end;
  89. }
  90. if (strcmpstart(prefix+3, typestring) ||
  91. 3+strlen(typestring) >= 32 ||
  92. strcmpstart(prefix+3+strlen(typestring), ": ")) {
  93. saved_errno = EINVAL;
  94. goto end;
  95. }
  96. *tag_out = tor_strndup(prefix+5+strlen(typestring),
  97. strlen(prefix)-8-strlen(typestring));
  98. memcpy(data_out, content+32, st_size-32);
  99. r = st_size - 32;
  100. end:
  101. if (content)
  102. memwipe(content, 0, st_size);
  103. tor_free(content);
  104. if (saved_errno)
  105. errno = saved_errno;
  106. return r;
  107. }
  108. int
  109. curve25519_public_to_base64(char *output,
  110. const curve25519_public_key_t *pkey)
  111. {
  112. char buf[128];
  113. base64_encode(buf, sizeof(buf),
  114. (const char*)pkey->public_key, CURVE25519_PUBKEY_LEN, 0);
  115. buf[CURVE25519_BASE64_PADDED_LEN] = '\0';
  116. memcpy(output, buf, CURVE25519_BASE64_PADDED_LEN+1);
  117. return 0;
  118. }
  119. int
  120. curve25519_public_from_base64(curve25519_public_key_t *pkey,
  121. const char *input)
  122. {
  123. size_t len = strlen(input);
  124. if (len == CURVE25519_BASE64_PADDED_LEN - 1) {
  125. /* not padded */
  126. return digest256_from_base64((char*)pkey->public_key, input);
  127. } else if (len == CURVE25519_BASE64_PADDED_LEN) {
  128. char buf[128];
  129. if (base64_decode(buf, sizeof(buf), input, len) != CURVE25519_PUBKEY_LEN)
  130. return -1;
  131. memcpy(pkey->public_key, buf, CURVE25519_PUBKEY_LEN);
  132. return 0;
  133. } else {
  134. return -1;
  135. }
  136. }
  137. /** Try to decode the string <b>input</b> into an ed25519 public key. On
  138. * success, store the value in <b>pkey</b> and return 0. Otherwise return
  139. * -1. */
  140. int
  141. ed25519_public_from_base64(ed25519_public_key_t *pkey,
  142. const char *input)
  143. {
  144. return digest256_from_base64((char*)pkey->pubkey, input);
  145. }
  146. /** Encode the public key <b>pkey</b> into the buffer at <b>output</b>,
  147. * which must have space for ED25519_BASE64_LEN bytes of encoded key,
  148. * plus one byte for a terminating NUL. Return 0 on success, -1 on failure.
  149. */
  150. int
  151. ed25519_public_to_base64(char *output,
  152. const ed25519_public_key_t *pkey)
  153. {
  154. return digest256_to_base64(output, (const char *)pkey->pubkey);
  155. }
  156. /** Encode the signature <b>sig</b> into the buffer at <b>output</b>,
  157. * which must have space for ED25519_SIG_BASE64_LEN bytes of encoded signature,
  158. * plus one byte for a terminating NUL. Return 0 on success, -1 on failure.
  159. */
  160. int
  161. ed25519_signature_to_base64(char *output,
  162. const ed25519_signature_t *sig)
  163. {
  164. char buf[256];
  165. int n = base64_encode_nopad(buf, sizeof(buf), sig->sig, ED25519_SIG_LEN);
  166. tor_assert(n == ED25519_SIG_BASE64_LEN);
  167. memcpy(output, buf, ED25519_SIG_BASE64_LEN+1);
  168. return 0;
  169. }
  170. /** Try to decode the string <b>input</b> into an ed25519 signature. On
  171. * success, store the value in <b>sig</b> and return 0. Otherwise return
  172. * -1. */
  173. int
  174. ed25519_signature_from_base64(ed25519_signature_t *sig,
  175. const char *input)
  176. {
  177. if (strlen(input) != ED25519_SIG_BASE64_LEN)
  178. return -1;
  179. char buf[ED25519_SIG_BASE64_LEN+3];
  180. memcpy(buf, input, ED25519_SIG_BASE64_LEN);
  181. buf[ED25519_SIG_BASE64_LEN+0] = '=';
  182. buf[ED25519_SIG_BASE64_LEN+1] = '=';
  183. buf[ED25519_SIG_BASE64_LEN+2] = 0;
  184. char decoded[128];
  185. int n = base64_decode(decoded, sizeof(decoded), buf, strlen(buf));
  186. if (n < 0 || n != ED25519_SIG_LEN)
  187. return -1;
  188. memcpy(sig->sig, decoded, ED25519_SIG_LEN);
  189. return 0;
  190. }
  191. /** Base64 encode DIGEST_LINE bytes from <b>digest</b>, remove the trailing =
  192. * characters, and store the nul-terminated result in the first
  193. * BASE64_DIGEST_LEN+1 bytes of <b>d64</b>. */
  194. /* XXXX unify with crypto_format.c code */
  195. int
  196. digest_to_base64(char *d64, const char *digest)
  197. {
  198. char buf[256];
  199. base64_encode(buf, sizeof(buf), digest, DIGEST_LEN, 0);
  200. buf[BASE64_DIGEST_LEN] = '\0';
  201. memcpy(d64, buf, BASE64_DIGEST_LEN+1);
  202. return 0;
  203. }
  204. /** Given a base64 encoded, nul-terminated digest in <b>d64</b> (without
  205. * trailing newline or = characters), decode it and store the result in the
  206. * first DIGEST_LEN bytes at <b>digest</b>. */
  207. /* XXXX unify with crypto_format.c code */
  208. int
  209. digest_from_base64(char *digest, const char *d64)
  210. {
  211. if (base64_decode(digest, DIGEST_LEN, d64, strlen(d64)) == DIGEST_LEN)
  212. return 0;
  213. else
  214. return -1;
  215. }
  216. /** Base64 encode DIGEST256_LINE bytes from <b>digest</b>, remove the
  217. * trailing = characters, and store the nul-terminated result in the first
  218. * BASE64_DIGEST256_LEN+1 bytes of <b>d64</b>. */
  219. /* XXXX unify with crypto_format.c code */
  220. int
  221. digest256_to_base64(char *d64, const char *digest)
  222. {
  223. char buf[256];
  224. base64_encode(buf, sizeof(buf), digest, DIGEST256_LEN, 0);
  225. buf[BASE64_DIGEST256_LEN] = '\0';
  226. memcpy(d64, buf, BASE64_DIGEST256_LEN+1);
  227. return 0;
  228. }
  229. /** Given a base64 encoded, nul-terminated digest in <b>d64</b> (without
  230. * trailing newline or = characters), decode it and store the result in the
  231. * first DIGEST256_LEN bytes at <b>digest</b>. */
  232. /* XXXX unify with crypto_format.c code */
  233. int
  234. digest256_from_base64(char *digest, const char *d64)
  235. {
  236. if (base64_decode(digest, DIGEST256_LEN, d64, strlen(d64)) == DIGEST256_LEN)
  237. return 0;
  238. else
  239. return -1;
  240. }