| /* Copyright 2016 The Roughtime Authors. |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. */ |
| |
| #include "protocol.h" |
| |
| #if defined(__APPLE__) |
| #include <machine/endian.h> |
| #else |
| #include <endian.h> |
| #endif |
| |
| #include <stdlib.h> |
| #include <string.h> |
| |
| #include <openssl/sha.h> |
| #include <openssl/curve25519.h> |
| |
| #include "logging.h" |
| |
| namespace roughtime { |
| |
| static_assert(BYTE_ORDER == LITTLE_ENDIAN, |
| "This code assumes little-endian processors"); |
| |
| // The OpenSSL constants are kept out of the headers to allow consumers to |
| // avoid needing OpenSSL's at build time, but the values should still match. |
| static_assert(kPrivateKeyLength == ED25519_PRIVATE_KEY_LEN, |
| "Private key length mismatch"); |
| static_assert(kPublicKeyLength == ED25519_PUBLIC_KEY_LEN, |
| "Public key length mismatch"); |
| static_assert(kSignatureLength == ED25519_SIGNATURE_LEN, |
| "Signature length mismatch"); |
| |
| static void advance(const uint8_t **ptr, size_t *len, size_t bytes) { |
| *ptr += bytes; |
| *len -= bytes; |
| } |
| |
| Parser::Parser(const uint8_t *req, size_t len) { |
| if (len < sizeof(uint32_t)) { |
| return; |
| } |
| |
| // Read number of tags. |
| uint32_t num_tags_32; |
| memcpy(&num_tags_32, req, sizeof(uint32_t)); |
| num_tags_ = num_tags_32; |
| advance(&req, &len, sizeof(uint32_t)); |
| |
| if (0xffff < num_tags_) { // Avoids any subsequent overflows. |
| return; |
| } |
| |
| // Validate table of offsets. |
| const size_t num_offsets = NumMessageOffsets(num_tags_); |
| if (len < num_offsets * sizeof(uint32_t)) { |
| return; |
| } |
| offsets_ = req; |
| advance(&req, &len, num_offsets * sizeof(uint32_t)); |
| |
| uint32_t previous_offset = 0; |
| for (size_t i = 0; i < num_offsets; i++) { |
| // A tag may have no data. Hence, subsequent offsets may be equal. |
| uint32_t offset; |
| memcpy(&offset, offsets_ + sizeof(uint32_t)*i, sizeof(uint32_t)); |
| |
| if (offset < previous_offset || |
| offset % 4 != 0) { |
| return; |
| } |
| previous_offset = offset; |
| } |
| uint32_t last_offset = previous_offset; |
| |
| // Validate list of tags. Tags must be in increasing order. |
| if (len < num_tags_ * sizeof(tag_t)) { |
| return; |
| } |
| tags_ = req; |
| advance(&req, &len, num_tags_ * sizeof(tag_t)); |
| |
| tag_t previous_tag = 0; |
| for (size_t i = 0; i < num_tags_; i++) { |
| tag_t tag; |
| memcpy(&tag, tags_ + sizeof(tag_t) * i, sizeof(tag_t)); |
| if (i > 0 && tag <= previous_tag) { |
| return; |
| } |
| previous_tag = tag; |
| } |
| |
| // Make sure the offset table doesn't point past the end of the data. |
| if (len < last_offset) { |
| return; |
| } |
| |
| data_ = req; |
| len_ = len; |
| is_valid_ = true; |
| } |
| |
| static int tag_cmp(const void *keyp, const void *memberp) { |
| tag_t key, member; |
| memcpy(&key, keyp, sizeof(tag_t)); |
| memcpy(&member, memberp, sizeof(uint32_t)); |
| |
| if (key == member) { |
| return 0; |
| } |
| return key < member ? -1 : 1; |
| } |
| |
| bool Parser::GetTag(const uint8_t **out_data, size_t *out_len, |
| tag_t tag) const { |
| uint8_t *tagp = reinterpret_cast<uint8_t *>( |
| bsearch(&tag, tags_, num_tags_, sizeof(tag_t), tag_cmp)); |
| if (tagp == nullptr) { |
| return false; |
| } |
| size_t tag_number = (tagp - tags_) / sizeof(uint32_t); |
| |
| uint32_t offset = 0; |
| if (tag_number != 0) { |
| memcpy(&offset, offsets_ + sizeof(uint32_t) * (tag_number - 1), |
| sizeof(uint32_t)); |
| } |
| |
| *out_data = data_ + offset; |
| if (tag_number == num_tags_ - 1) { |
| *out_len = len_ - offset; |
| } else { |
| uint32_t next_offset; |
| memcpy(&next_offset, offsets_ + sizeof(uint32_t) * tag_number, |
| sizeof(uint32_t)); |
| *out_len = next_offset - offset; |
| } |
| return true; |
| } |
| |
| bool Parser::GetFixedLen(const uint8_t **out_data, tag_t tag, |
| size_t expected_len) const { |
| size_t len; |
| return GetTag(out_data, &len, tag) && len == expected_len; |
| } |
| |
| template <typename T> |
| bool Parser::Get(T *out_value, tag_t tag) const { |
| const uint8_t *data; |
| size_t len; |
| if (!GetTag(&data, &len, tag) || |
| len != sizeof(T)) { |
| return false; |
| } |
| memcpy(out_value, data, sizeof(T)); |
| return true; |
| } |
| |
| template bool Parser::Get(uint32_t *, tag_t) const; |
| template bool Parser::Get(uint64_t *, tag_t) const; |
| |
| Builder::Builder(uint8_t *out, size_t out_len, size_t num_tags) |
| : num_tags_(num_tags), |
| header_len_(MessageHeaderLen(num_tags)), |
| offsets_(out + sizeof(uint32_t)), |
| tags_(out + sizeof(uint32_t) * (1 + NumMessageOffsets(num_tags))) { |
| if (out_len < sizeof(uint32_t) || |
| out_len < header_len_ || |
| 0xffff < num_tags) { |
| return; |
| } |
| |
| const uint32_t num_tags_32 = num_tags; |
| memcpy(out, &num_tags_32, sizeof(uint32_t)); |
| |
| data_ = out + header_len_; |
| len_ = out_len - header_len_; |
| valid_ = true; |
| } |
| |
| bool Builder::AddTag(uint8_t **out_data, tag_t tag, size_t len) { |
| if (!valid_ || |
| len%4 != 0 || |
| len_ < len || |
| tag_i_ >= num_tags_ || |
| (have_previous_tag_ && tag <= previous_tag_)) { |
| return false; |
| } |
| |
| memcpy(tags_ + sizeof(uint32_t)*tag_i_, &tag, sizeof(tag_t)); |
| if (tag_i_ > 0) { |
| const uint32_t offset_32 = offset_; |
| memcpy(offsets_ + sizeof(uint32_t) * (tag_i_ - 1), &offset_32, |
| sizeof(uint32_t)); |
| } |
| tag_i_++; |
| previous_tag_ = tag; |
| have_previous_tag_ = true; |
| |
| *out_data = data_; |
| |
| offset_ += len; |
| len_ -= len; |
| data_ += len; |
| |
| return true; |
| } |
| |
| bool Builder::AddTagData(tag_t tag, const uint8_t *data, size_t len) { |
| uint8_t *out; |
| if (!AddTag(&out, tag, len)) { |
| return false; |
| } |
| memcpy(out, data, len); |
| return true; |
| } |
| |
| bool Builder::Finish(size_t *out_len) { |
| if (!valid_ || tag_i_ != num_tags_) { |
| return false; |
| } |
| *out_len = header_len_ + offset_; |
| valid_ = false; |
| return true; |
| } |
| |
| constexpr uint8_t kHashLeafTweak[] = {0x00}; |
| constexpr uint8_t kHashNodeTweak[] = {0x01}; |
| |
| void HashLeaf(uint8_t *out, const uint8_t *in) { |
| SHA512_CTX ctx; |
| SHA512_Init(&ctx); |
| SHA512_Update(&ctx, kHashLeafTweak, 1); |
| SHA512_Update(&ctx, in, kNonceLength); |
| SHA512_Final(out, &ctx); |
| } |
| |
| void HashNode(uint8_t *out, const uint8_t *left, const uint8_t *right) { |
| SHA512_CTX ctx; |
| SHA512_Init(&ctx); |
| SHA512_Update(&ctx, kHashNodeTweak, 1); |
| SHA512_Update(&ctx, left, SHA512_DIGEST_LENGTH); |
| SHA512_Update(&ctx, right, SHA512_DIGEST_LENGTH); |
| SHA512_Final(out, &ctx); |
| } |
| |
| } // namespace roughtime |
