crypto_format.c 9.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298
  1. /* Copyright (c) 2001, Matej Pfajfar.
  2. * Copyright (c) 2001-2004, Roger Dingledine.
  3. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
  4. * Copyright (c) 2007-2017, The Tor Project, Inc. */
  5. /* See LICENSE for licensing information */
  6. /**
  7. * \file crypto_format.c
  8. *
  9. * \brief Formatting and parsing code for crypto-related data structures.
  10. */
  11. #include "orconfig.h"
  12. #ifdef HAVE_SYS_STAT_H
  13. #include <sys/stat.h>
  14. #endif
  15. #include "container.h"
  16. #include "crypto.h"
  17. #include "crypto_curve25519.h"
  18. #include "crypto_ed25519.h"
  19. #include "crypto_format.h"
  20. #include "util.h"
  21. #include "util_format.h"
  22. #include "torlog.h"
  23. /** Write the <b>datalen</b> bytes from <b>data</b> to the file named
  24. * <b>fname</b> in the tagged-data format. This format contains a
  25. * 32-byte header, followed by the data itself. The header is the
  26. * NUL-padded string "== <b>typestring</b>: <b>tag</b> ==". The length
  27. * of <b>typestring</b> and <b>tag</b> must therefore be no more than
  28. * 24.
  29. **/
  30. int
  31. crypto_write_tagged_contents_to_file(const char *fname,
  32. const char *typestring,
  33. const char *tag,
  34. const uint8_t *data,
  35. size_t datalen)
  36. {
  37. char header[32];
  38. smartlist_t *chunks = smartlist_new();
  39. sized_chunk_t ch0, ch1;
  40. int r = -1;
  41. memset(header, 0, sizeof(header));
  42. if (tor_snprintf(header, sizeof(header),
  43. "== %s: %s ==", typestring, tag) < 0)
  44. goto end;
  45. ch0.bytes = header;
  46. ch0.len = 32;
  47. ch1.bytes = (const char*) data;
  48. ch1.len = datalen;
  49. smartlist_add(chunks, &ch0);
  50. smartlist_add(chunks, &ch1);
  51. r = write_chunks_to_file(fname, chunks, 1, 0);
  52. end:
  53. smartlist_free(chunks);
  54. return r;
  55. }
  56. /** Read a tagged-data file from <b>fname</b> into the
  57. * <b>data_out_len</b>-byte buffer in <b>data_out</b>. Check that the
  58. * typestring matches <b>typestring</b>; store the tag into a newly allocated
  59. * string in <b>tag_out</b>. Return -1 on failure, and the number of bytes of
  60. * data on success. Preserves the errno from reading the file. */
  61. ssize_t
  62. crypto_read_tagged_contents_from_file(const char *fname,
  63. const char *typestring,
  64. char **tag_out,
  65. uint8_t *data_out,
  66. ssize_t data_out_len)
  67. {
  68. char prefix[33];
  69. char *content = NULL;
  70. struct stat st;
  71. ssize_t r = -1;
  72. size_t st_size = 0;
  73. int saved_errno = 0;
  74. *tag_out = NULL;
  75. st.st_size = 0;
  76. content = read_file_to_str(fname, RFTS_BIN|RFTS_IGNORE_MISSING, &st);
  77. if (! content) {
  78. saved_errno = errno;
  79. goto end;
  80. }
  81. if (st.st_size < 32 || st.st_size > 32 + data_out_len) {
  82. saved_errno = EINVAL;
  83. goto end;
  84. }
  85. st_size = (size_t)st.st_size;
  86. memcpy(prefix, content, 32);
  87. prefix[32] = 0;
  88. /* Check type, extract tag. */
  89. if (strcmpstart(prefix, "== ") || strcmpend(prefix, " ==") ||
  90. ! tor_mem_is_zero(prefix+strlen(prefix), 32-strlen(prefix))) {
  91. saved_errno = EINVAL;
  92. goto end;
  93. }
  94. if (strcmpstart(prefix+3, typestring) ||
  95. 3+strlen(typestring) >= 32 ||
  96. strcmpstart(prefix+3+strlen(typestring), ": ")) {
  97. saved_errno = EINVAL;
  98. goto end;
  99. }
  100. *tag_out = tor_strndup(prefix+5+strlen(typestring),
  101. strlen(prefix)-8-strlen(typestring));
  102. memcpy(data_out, content+32, st_size-32);
  103. r = st_size - 32;
  104. end:
  105. if (content)
  106. memwipe(content, 0, st_size);
  107. tor_free(content);
  108. if (saved_errno)
  109. errno = saved_errno;
  110. return r;
  111. }
  112. /** Encode <b>pkey</b> as a base64-encoded string, without trailing "="
  113. * characters, in the buffer <b>output</b>, which must have at least
  114. * CURVE25519_BASE64_PADDED_LEN+1 bytes available. Return 0 on success, -1 on
  115. * failure. */
  116. int
  117. curve25519_public_to_base64(char *output,
  118. const curve25519_public_key_t *pkey)
  119. {
  120. char buf[128];
  121. base64_encode(buf, sizeof(buf),
  122. (const char*)pkey->public_key, CURVE25519_PUBKEY_LEN, 0);
  123. buf[CURVE25519_BASE64_PADDED_LEN] = '\0';
  124. memcpy(output, buf, CURVE25519_BASE64_PADDED_LEN+1);
  125. return 0;
  126. }
  127. /** Try to decode a base64-encoded curve25519 public key from <b>input</b>
  128. * into the object at <b>pkey</b>. Return 0 on success, -1 on failure.
  129. * Accepts keys with or without a trailing "=". */
  130. int
  131. curve25519_public_from_base64(curve25519_public_key_t *pkey,
  132. const char *input)
  133. {
  134. size_t len = strlen(input);
  135. if (len == CURVE25519_BASE64_PADDED_LEN - 1) {
  136. /* not padded */
  137. return digest256_from_base64((char*)pkey->public_key, input);
  138. } else if (len == CURVE25519_BASE64_PADDED_LEN) {
  139. char buf[128];
  140. if (base64_decode(buf, sizeof(buf), input, len) != CURVE25519_PUBKEY_LEN)
  141. return -1;
  142. memcpy(pkey->public_key, buf, CURVE25519_PUBKEY_LEN);
  143. return 0;
  144. } else {
  145. return -1;
  146. }
  147. }
  148. /** For logging convenience: Convert <b>pkey</b> to a statically allocated
  149. * base64 string and return it. Not threadsafe. Format not meant to be
  150. * computer-readable; it may change in the future. Subsequent calls invalidate
  151. * previous returns. */
  152. const char *
  153. ed25519_fmt(const ed25519_public_key_t *pkey)
  154. {
  155. static char formatted[ED25519_BASE64_LEN+1];
  156. if (pkey) {
  157. if (ed25519_public_key_is_zero(pkey)) {
  158. strlcpy(formatted, "<unset>", sizeof(formatted));
  159. } else {
  160. int r = ed25519_public_to_base64(formatted, pkey);
  161. tor_assert(!r);
  162. }
  163. } else {
  164. strlcpy(formatted, "<null>", sizeof(formatted));
  165. }
  166. return formatted;
  167. }
  168. /** Try to decode the string <b>input</b> into an ed25519 public key. On
  169. * success, store the value in <b>pkey</b> and return 0. Otherwise return
  170. * -1. */
  171. int
  172. ed25519_public_from_base64(ed25519_public_key_t *pkey,
  173. const char *input)
  174. {
  175. return digest256_from_base64((char*)pkey->pubkey, input);
  176. }
  177. /** Encode the public key <b>pkey</b> into the buffer at <b>output</b>,
  178. * which must have space for ED25519_BASE64_LEN bytes of encoded key,
  179. * plus one byte for a terminating NUL. Return 0 on success, -1 on failure.
  180. */
  181. int
  182. ed25519_public_to_base64(char *output,
  183. const ed25519_public_key_t *pkey)
  184. {
  185. return digest256_to_base64(output, (const char *)pkey->pubkey);
  186. }
  187. /** Encode the signature <b>sig</b> into the buffer at <b>output</b>,
  188. * which must have space for ED25519_SIG_BASE64_LEN bytes of encoded signature,
  189. * plus one byte for a terminating NUL. Return 0 on success, -1 on failure.
  190. */
  191. int
  192. ed25519_signature_to_base64(char *output,
  193. const ed25519_signature_t *sig)
  194. {
  195. char buf[256];
  196. int n = base64_encode_nopad(buf, sizeof(buf), sig->sig, ED25519_SIG_LEN);
  197. tor_assert(n == ED25519_SIG_BASE64_LEN);
  198. memcpy(output, buf, ED25519_SIG_BASE64_LEN+1);
  199. return 0;
  200. }
  201. /** Try to decode the string <b>input</b> into an ed25519 signature. On
  202. * success, store the value in <b>sig</b> and return 0. Otherwise return
  203. * -1. */
  204. int
  205. ed25519_signature_from_base64(ed25519_signature_t *sig,
  206. const char *input)
  207. {
  208. if (strlen(input) != ED25519_SIG_BASE64_LEN)
  209. return -1;
  210. char buf[ED25519_SIG_BASE64_LEN+3];
  211. memcpy(buf, input, ED25519_SIG_BASE64_LEN);
  212. buf[ED25519_SIG_BASE64_LEN+0] = '=';
  213. buf[ED25519_SIG_BASE64_LEN+1] = '=';
  214. buf[ED25519_SIG_BASE64_LEN+2] = 0;
  215. char decoded[128];
  216. int n = base64_decode(decoded, sizeof(decoded), buf, strlen(buf));
  217. if (n < 0 || n != ED25519_SIG_LEN)
  218. return -1;
  219. memcpy(sig->sig, decoded, ED25519_SIG_LEN);
  220. return 0;
  221. }
  222. /** Base64 encode DIGEST_LINE bytes from <b>digest</b>, remove the trailing =
  223. * characters, and store the nul-terminated result in the first
  224. * BASE64_DIGEST_LEN+1 bytes of <b>d64</b>. */
  225. /* XXXX unify with crypto_format.c code */
  226. int
  227. digest_to_base64(char *d64, const char *digest)
  228. {
  229. char buf[256];
  230. base64_encode(buf, sizeof(buf), digest, DIGEST_LEN, 0);
  231. buf[BASE64_DIGEST_LEN] = '\0';
  232. memcpy(d64, buf, BASE64_DIGEST_LEN+1);
  233. return 0;
  234. }
  235. /** Given a base64 encoded, nul-terminated digest in <b>d64</b> (without
  236. * trailing newline or = characters), decode it and store the result in the
  237. * first DIGEST_LEN bytes at <b>digest</b>. */
  238. /* XXXX unify with crypto_format.c code */
  239. int
  240. digest_from_base64(char *digest, const char *d64)
  241. {
  242. if (base64_decode(digest, DIGEST_LEN, d64, strlen(d64)) == DIGEST_LEN)
  243. return 0;
  244. else
  245. return -1;
  246. }
  247. /** Base64 encode DIGEST256_LINE bytes from <b>digest</b>, remove the
  248. * trailing = characters, and store the nul-terminated result in the first
  249. * BASE64_DIGEST256_LEN+1 bytes of <b>d64</b>. */
  250. /* XXXX unify with crypto_format.c code */
  251. int
  252. digest256_to_base64(char *d64, const char *digest)
  253. {
  254. char buf[256];
  255. base64_encode(buf, sizeof(buf), digest, DIGEST256_LEN, 0);
  256. buf[BASE64_DIGEST256_LEN] = '\0';
  257. memcpy(d64, buf, BASE64_DIGEST256_LEN+1);
  258. return 0;
  259. }
  260. /** Given a base64 encoded, nul-terminated digest in <b>d64</b> (without
  261. * trailing newline or = characters), decode it and store the result in the
  262. * first DIGEST256_LEN bytes at <b>digest</b>. */
  263. /* XXXX unify with crypto_format.c code */
  264. int
  265. digest256_from_base64(char *digest, const char *d64)
  266. {
  267. if (base64_decode(digest, DIGEST256_LEN, d64, strlen(d64)) == DIGEST256_LEN)
  268. return 0;
  269. else
  270. return -1;
  271. }