crypto_format.c 8.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270
  1. /* Copyright (c) 2001, Matej Pfajfar.
  2. * Copyright (c) 2001-2004, Roger Dingledine.
  3. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
  4. * Copyright (c) 2007-2016, The Tor Project, Inc. */
  5. /* See LICENSE for licensing information */
  6. /**
  7. * \file crypto_format.c
  8. *
  9. * \brief Formatting and parsing code for crypto-related data structures.
  10. */
  11. #include "orconfig.h"
  12. #ifdef HAVE_SYS_STAT_H
  13. #include <sys/stat.h>
  14. #endif
  15. #include "container.h"
  16. #include "crypto.h"
  17. #include "crypto_curve25519.h"
  18. #include "crypto_ed25519.h"
  19. #include "crypto_format.h"
  20. #include "util.h"
  21. #include "util_format.h"
  22. #include "torlog.h"
  23. /** Write the <b>datalen</b> bytes from <b>data</b> to the file named
  24. * <b>fname</b> in the tagged-data format. This format contains a
  25. * 32-byte header, followed by the data itself. The header is the
  26. * NUL-padded string "== <b>typestring</b>: <b>tag</b> ==". The length
  27. * of <b>typestring</b> and <b>tag</b> must therefore be no more than
  28. * 24.
  29. **/
  30. int
  31. crypto_write_tagged_contents_to_file(const char *fname,
  32. const char *typestring,
  33. const char *tag,
  34. const uint8_t *data,
  35. size_t datalen)
  36. {
  37. char header[32];
  38. smartlist_t *chunks = smartlist_new();
  39. sized_chunk_t ch0, ch1;
  40. int r = -1;
  41. memset(header, 0, sizeof(header));
  42. if (tor_snprintf(header, sizeof(header),
  43. "== %s: %s ==", typestring, tag) < 0)
  44. goto end;
  45. ch0.bytes = header;
  46. ch0.len = 32;
  47. ch1.bytes = (const char*) data;
  48. ch1.len = datalen;
  49. smartlist_add(chunks, &ch0);
  50. smartlist_add(chunks, &ch1);
  51. r = write_chunks_to_file(fname, chunks, 1, 0);
  52. end:
  53. smartlist_free(chunks);
  54. return r;
  55. }
  56. /** Read a tagged-data file from <b>fname</b> into the
  57. * <b>data_out_len</b>-byte buffer in <b>data_out</b>. Check that the
  58. * typestring matches <b>typestring</b>; store the tag into a newly allocated
  59. * string in <b>tag_out</b>. Return -1 on failure, and the number of bytes of
  60. * data on success. Preserves the errno from reading the file. */
  61. ssize_t
  62. crypto_read_tagged_contents_from_file(const char *fname,
  63. const char *typestring,
  64. char **tag_out,
  65. uint8_t *data_out,
  66. ssize_t data_out_len)
  67. {
  68. char prefix[33];
  69. char *content = NULL;
  70. struct stat st;
  71. ssize_t r = -1;
  72. size_t st_size = 0;
  73. int saved_errno = 0;
  74. *tag_out = NULL;
  75. st.st_size = 0;
  76. content = read_file_to_str(fname, RFTS_BIN|RFTS_IGNORE_MISSING, &st);
  77. if (! content) {
  78. saved_errno = errno;
  79. goto end;
  80. }
  81. if (st.st_size < 32 || st.st_size > 32 + data_out_len) {
  82. saved_errno = EINVAL;
  83. goto end;
  84. }
  85. st_size = (size_t)st.st_size;
  86. memcpy(prefix, content, 32);
  87. prefix[32] = 0;
  88. /* Check type, extract tag. */
  89. if (strcmpstart(prefix, "== ") || strcmpend(prefix, " ==") ||
  90. ! tor_mem_is_zero(prefix+strlen(prefix), 32-strlen(prefix))) {
  91. saved_errno = EINVAL;
  92. goto end;
  93. }
  94. if (strcmpstart(prefix+3, typestring) ||
  95. 3+strlen(typestring) >= 32 ||
  96. strcmpstart(prefix+3+strlen(typestring), ": ")) {
  97. saved_errno = EINVAL;
  98. goto end;
  99. }
  100. *tag_out = tor_strndup(prefix+5+strlen(typestring),
  101. strlen(prefix)-8-strlen(typestring));
  102. memcpy(data_out, content+32, st_size-32);
  103. r = st_size - 32;
  104. end:
  105. if (content)
  106. memwipe(content, 0, st_size);
  107. tor_free(content);
  108. if (saved_errno)
  109. errno = saved_errno;
  110. return r;
  111. }
  112. int
  113. curve25519_public_to_base64(char *output,
  114. const curve25519_public_key_t *pkey)
  115. {
  116. char buf[128];
  117. base64_encode(buf, sizeof(buf),
  118. (const char*)pkey->public_key, CURVE25519_PUBKEY_LEN, 0);
  119. buf[CURVE25519_BASE64_PADDED_LEN] = '\0';
  120. memcpy(output, buf, CURVE25519_BASE64_PADDED_LEN+1);
  121. return 0;
  122. }
  123. int
  124. curve25519_public_from_base64(curve25519_public_key_t *pkey,
  125. const char *input)
  126. {
  127. size_t len = strlen(input);
  128. if (len == CURVE25519_BASE64_PADDED_LEN - 1) {
  129. /* not padded */
  130. return digest256_from_base64((char*)pkey->public_key, input);
  131. } else if (len == CURVE25519_BASE64_PADDED_LEN) {
  132. char buf[128];
  133. if (base64_decode(buf, sizeof(buf), input, len) != CURVE25519_PUBKEY_LEN)
  134. return -1;
  135. memcpy(pkey->public_key, buf, CURVE25519_PUBKEY_LEN);
  136. return 0;
  137. } else {
  138. return -1;
  139. }
  140. }
  141. /** Try to decode the string <b>input</b> into an ed25519 public key. On
  142. * success, store the value in <b>pkey</b> and return 0. Otherwise return
  143. * -1. */
  144. int
  145. ed25519_public_from_base64(ed25519_public_key_t *pkey,
  146. const char *input)
  147. {
  148. return digest256_from_base64((char*)pkey->pubkey, input);
  149. }
  150. /** Encode the public key <b>pkey</b> into the buffer at <b>output</b>,
  151. * which must have space for ED25519_BASE64_LEN bytes of encoded key,
  152. * plus one byte for a terminating NUL. Return 0 on success, -1 on failure.
  153. */
  154. int
  155. ed25519_public_to_base64(char *output,
  156. const ed25519_public_key_t *pkey)
  157. {
  158. return digest256_to_base64(output, (const char *)pkey->pubkey);
  159. }
  160. /** Encode the signature <b>sig</b> into the buffer at <b>output</b>,
  161. * which must have space for ED25519_SIG_BASE64_LEN bytes of encoded signature,
  162. * plus one byte for a terminating NUL. Return 0 on success, -1 on failure.
  163. */
  164. int
  165. ed25519_signature_to_base64(char *output,
  166. const ed25519_signature_t *sig)
  167. {
  168. char buf[256];
  169. int n = base64_encode_nopad(buf, sizeof(buf), sig->sig, ED25519_SIG_LEN);
  170. tor_assert(n == ED25519_SIG_BASE64_LEN);
  171. memcpy(output, buf, ED25519_SIG_BASE64_LEN+1);
  172. return 0;
  173. }
  174. /** Try to decode the string <b>input</b> into an ed25519 signature. On
  175. * success, store the value in <b>sig</b> and return 0. Otherwise return
  176. * -1. */
  177. int
  178. ed25519_signature_from_base64(ed25519_signature_t *sig,
  179. const char *input)
  180. {
  181. if (strlen(input) != ED25519_SIG_BASE64_LEN)
  182. return -1;
  183. char buf[ED25519_SIG_BASE64_LEN+3];
  184. memcpy(buf, input, ED25519_SIG_BASE64_LEN);
  185. buf[ED25519_SIG_BASE64_LEN+0] = '=';
  186. buf[ED25519_SIG_BASE64_LEN+1] = '=';
  187. buf[ED25519_SIG_BASE64_LEN+2] = 0;
  188. char decoded[128];
  189. int n = base64_decode(decoded, sizeof(decoded), buf, strlen(buf));
  190. if (n < 0 || n != ED25519_SIG_LEN)
  191. return -1;
  192. memcpy(sig->sig, decoded, ED25519_SIG_LEN);
  193. return 0;
  194. }
  195. /** Base64 encode DIGEST_LINE bytes from <b>digest</b>, remove the trailing =
  196. * characters, and store the nul-terminated result in the first
  197. * BASE64_DIGEST_LEN+1 bytes of <b>d64</b>. */
  198. /* XXXX unify with crypto_format.c code */
  199. int
  200. digest_to_base64(char *d64, const char *digest)
  201. {
  202. char buf[256];
  203. base64_encode(buf, sizeof(buf), digest, DIGEST_LEN, 0);
  204. buf[BASE64_DIGEST_LEN] = '\0';
  205. memcpy(d64, buf, BASE64_DIGEST_LEN+1);
  206. return 0;
  207. }
  208. /** Given a base64 encoded, nul-terminated digest in <b>d64</b> (without
  209. * trailing newline or = characters), decode it and store the result in the
  210. * first DIGEST_LEN bytes at <b>digest</b>. */
  211. /* XXXX unify with crypto_format.c code */
  212. int
  213. digest_from_base64(char *digest, const char *d64)
  214. {
  215. if (base64_decode(digest, DIGEST_LEN, d64, strlen(d64)) == DIGEST_LEN)
  216. return 0;
  217. else
  218. return -1;
  219. }
  220. /** Base64 encode DIGEST256_LINE bytes from <b>digest</b>, remove the
  221. * trailing = characters, and store the nul-terminated result in the first
  222. * BASE64_DIGEST256_LEN+1 bytes of <b>d64</b>. */
  223. /* XXXX unify with crypto_format.c code */
  224. int
  225. digest256_to_base64(char *d64, const char *digest)
  226. {
  227. char buf[256];
  228. base64_encode(buf, sizeof(buf), digest, DIGEST256_LEN, 0);
  229. buf[BASE64_DIGEST256_LEN] = '\0';
  230. memcpy(d64, buf, BASE64_DIGEST256_LEN+1);
  231. return 0;
  232. }
  233. /** Given a base64 encoded, nul-terminated digest in <b>d64</b> (without
  234. * trailing newline or = characters), decode it and store the result in the
  235. * first DIGEST256_LEN bytes at <b>digest</b>. */
  236. /* XXXX unify with crypto_format.c code */
  237. int
  238. digest256_from_base64(char *digest, const char *d64)
  239. {
  240. if (base64_decode(digest, DIGEST256_LEN, d64, strlen(d64)) == DIGEST256_LEN)
  241. return 0;
  242. else
  243. return -1;
  244. }