1 /**
2 * Copyright 2017 Florian Forster
3 *
4 * Permission is hereby granted, free of charge, to any person obtaining a copy
5 * of this software and associated documentation files (the "Software"), to deal
6 * in the Software without restriction, including without limitation the rights
7 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
8 * copies of the Software, and to permit persons to whom the Software is
9 * furnished to do so, subject to the following conditions:
10 *
11 * The above copyright notice and this permission notice shall be included in
12 * all copies or substantial portions of the Software.
13 *
14 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
20 * SOFTWARE.
21 *
22 * Authors:
23 * Florian octo Forster <octo at collectd.org>
24 **/
25
26 #include "config.h"
27
28 #if !defined(__GNUC__) || !__GNUC__
29 #define __attribute__(x) /**/
30 #endif
31
32 #include "collectd/lcc_features.h"
33 #include "collectd/network_parse.h"
34 #include "globals.h"
35
36 #include <errno.h>
37 #include <math.h>
38 #include <pthread.h>
39 #include <stdbool.h>
40 #include <stdlib.h>
41 #include <string.h>
42
43 /* for be{16,64}toh */
44 #if HAVE_ENDIAN_H
45 #include <endian.h>
46 #elif HAVE_SYS_ENDIAN_H
47 #include <sys/endian.h>
48 #else /* fallback */
49 #include "collectd/stdendian.h"
50 #endif
51
52 #if HAVE_GCRYPT_H
53 #define GCRYPT_NO_DEPRECATED
54 #include <gcrypt.h>
55 #endif
56
57 #include <stdio.h>
58 #define DEBUG(...) printf(__VA_ARGS__)
59
60 #if HAVE_GCRYPT_H
61 #if GCRYPT_VERSION_NUMBER < 0x010600
62 GCRY_THREAD_OPTION_PTHREAD_IMPL;
63 #endif
64 #endif
65
66 /* forward declaration because parse_sign_sha256()/parse_encrypt_aes256() and
67 * network_parse() need to call each other. */
68 static int network_parse(void *data, size_t data_size, lcc_security_level_t sl,
69 lcc_network_parse_options_t const *opts);
70
71 #if HAVE_GCRYPT_H
init_gcrypt(void)72 static int init_gcrypt(void) {
73 /* http://lists.gnupg.org/pipermail/gcrypt-devel/2003-August/000458.html
74 * Because you can't know in a library whether another library has
75 * already initialized the library */
76 if (gcry_control(GCRYCTL_ANY_INITIALIZATION_P))
77 return (0);
78
79 /* http://www.gnupg.org/documentation/manuals/gcrypt/Multi_002dThreading.html
80 * To ensure thread-safety, it's important to set GCRYCTL_SET_THREAD_CBS
81 * *before* initalizing Libgcrypt with gcry_check_version(), which itself must
82 * be called before any other gcry_* function. GCRYCTL_ANY_INITIALIZATION_P
83 * above doesn't count, as it doesn't implicitly initalize Libgcrypt.
84 *
85 * tl;dr: keep all these gry_* statements in this exact order please. */
86 #if GCRYPT_VERSION_NUMBER < 0x010600
87 if (gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread)) {
88 return -1;
89 }
90 #endif
91
92 gcry_check_version(NULL);
93
94 if (gcry_control(GCRYCTL_INIT_SECMEM, 32768)) {
95 return -1;
96 }
97
98 gcry_control(GCRYCTL_INITIALIZATION_FINISHED);
99 return 0;
100 }
101 #endif
102
103 typedef struct {
104 uint8_t *data;
105 size_t len;
106 } buffer_t;
107
buffer_next(buffer_t * b,void * out,size_t n)108 static int buffer_next(buffer_t *b, void *out, size_t n) {
109 if (b->len < n) {
110 return -1;
111 }
112 memmove(out, b->data, n);
113
114 b->data += n;
115 b->len -= n;
116
117 return 0;
118 }
119
buffer_uint16(buffer_t * b,uint16_t * out)120 static int buffer_uint16(buffer_t *b, uint16_t *out) {
121 uint16_t tmp;
122 if (buffer_next(b, &tmp, sizeof(tmp)) != 0)
123 return -1;
124
125 *out = be16toh(tmp);
126 return 0;
127 }
128
129 #define TYPE_HOST 0x0000
130 #define TYPE_TIME 0x0001
131 #define TYPE_TIME_HR 0x0008
132 #define TYPE_PLUGIN 0x0002
133 #define TYPE_PLUGIN_INSTANCE 0x0003
134 #define TYPE_TYPE 0x0004
135 #define TYPE_TYPE_INSTANCE 0x0005
136 #define TYPE_VALUES 0x0006
137 #define TYPE_INTERVAL 0x0007
138 #define TYPE_INTERVAL_HR 0x0009
139 #define TYPE_SIGN_SHA256 0x0200
140 #define TYPE_ENCR_AES256 0x0210
141
parse_int(void * payload,size_t payload_size,uint64_t * out)142 static int parse_int(void *payload, size_t payload_size, uint64_t *out) {
143 uint64_t tmp;
144
145 if (payload_size != sizeof(tmp))
146 return EINVAL;
147
148 memmove(&tmp, payload, sizeof(tmp));
149 *out = be64toh(tmp);
150 return 0;
151 }
152
parse_string(void * payload,size_t payload_size,char * out,size_t out_size)153 static int parse_string(void *payload, size_t payload_size, char *out,
154 size_t out_size) {
155 char *in = payload;
156
157 if ((payload_size < 1) || (in[payload_size - 1] != '\0') ||
158 (payload_size > out_size))
159 return EINVAL;
160
161 strncpy(out, in, out_size - 1);
162 out[out_size - 1] = '\0';
163 return 0;
164 }
165
parse_identifier(uint16_t type,void * payload,size_t payload_size,lcc_value_list_t * state)166 static int parse_identifier(uint16_t type, void *payload, size_t payload_size,
167 lcc_value_list_t *state) {
168 char buf[LCC_NAME_LEN];
169
170 if (parse_string(payload, payload_size, buf, sizeof(buf)) != 0)
171 return EINVAL;
172
173 switch (type) {
174 case TYPE_HOST:
175 memmove(state->identifier.host, buf, LCC_NAME_LEN);
176 break;
177 case TYPE_PLUGIN:
178 memmove(state->identifier.plugin, buf, LCC_NAME_LEN);
179 break;
180 case TYPE_PLUGIN_INSTANCE:
181 memmove(state->identifier.plugin_instance, buf, LCC_NAME_LEN);
182 break;
183 case TYPE_TYPE:
184 memmove(state->identifier.type, buf, LCC_NAME_LEN);
185 break;
186 case TYPE_TYPE_INSTANCE:
187 memmove(state->identifier.type_instance, buf, LCC_NAME_LEN);
188 break;
189 default:
190 return EINVAL;
191 }
192
193 return 0;
194 }
195
parse_time(uint16_t type,void * payload,size_t payload_size,lcc_value_list_t * state)196 static int parse_time(uint16_t type, void *payload, size_t payload_size,
197 lcc_value_list_t *state) {
198 uint64_t tmp = 0;
199 if (parse_int(payload, payload_size, &tmp))
200 return EINVAL;
201
202 double t = (double)tmp;
203 switch (type) {
204 case TYPE_INTERVAL:
205 state->interval = t;
206 break;
207 case TYPE_INTERVAL_HR:
208 state->interval = t / 1073741824.0;
209 break;
210 case TYPE_TIME:
211 state->time = t;
212 break;
213 case TYPE_TIME_HR:
214 state->time = t / 1073741824.0;
215 break;
216 default:
217 return EINVAL;
218 }
219
220 return 0;
221 }
222
ntohd(double val)223 static double ntohd(double val) /* {{{ */
224 {
225 static int config;
226
227 union {
228 uint8_t byte[8];
229 double floating;
230 } in = {
231 .floating = val,
232 };
233 union {
234 uint8_t byte[8];
235 double floating;
236 } out = {
237 .byte = {0},
238 };
239
240 if (config == 0) {
241 double d = 8.642135e130;
242 uint8_t b[8];
243
244 memcpy(b, &d, sizeof(b));
245
246 if ((b[0] == 0x2f) && (b[1] == 0x25) && (b[2] == 0xc0) && (b[3] == 0xc7) &&
247 (b[4] == 0x43) && (b[5] == 0x2b) && (b[6] == 0x1f) && (b[7] == 0x5b))
248 config = 1; /* need nothing */
249 else if ((b[7] == 0x2f) && (b[6] == 0x25) && (b[5] == 0xc0) &&
250 (b[4] == 0xc7) && (b[3] == 0x43) && (b[2] == 0x2b) &&
251 (b[1] == 0x1f) && (b[0] == 0x5b))
252 config = 2; /* endian flip */
253 else if ((b[4] == 0x2f) && (b[5] == 0x25) && (b[6] == 0xc0) &&
254 (b[7] == 0xc7) && (b[0] == 0x43) && (b[1] == 0x2b) &&
255 (b[2] == 0x1f) && (b[3] == 0x5b))
256 config = 3; /* int swap */
257 else
258 config = 4;
259 }
260
261 if (memcmp((char[]){0, 0, 0, 0, 0, 0, 0xf8, 0x7f}, in.byte, 8) == 0) {
262 return NAN;
263 } else if (config == 1) {
264 return val;
265 } else if (config == 2) {
266 in.floating = val;
267 out.byte[0] = in.byte[7];
268 out.byte[1] = in.byte[6];
269 out.byte[2] = in.byte[5];
270 out.byte[3] = in.byte[4];
271 out.byte[4] = in.byte[3];
272 out.byte[5] = in.byte[2];
273 out.byte[6] = in.byte[1];
274 out.byte[7] = in.byte[0];
275 return (out.floating);
276 } else if (config == 3) {
277 in.floating = val;
278 out.byte[0] = in.byte[4];
279 out.byte[1] = in.byte[5];
280 out.byte[2] = in.byte[6];
281 out.byte[3] = in.byte[7];
282 out.byte[4] = in.byte[0];
283 out.byte[5] = in.byte[1];
284 out.byte[6] = in.byte[2];
285 out.byte[7] = in.byte[3];
286 return out.floating;
287 } else {
288 /* If in doubt, just copy the value back to the caller. */
289 return val;
290 }
291 } /* }}} double ntohd */
292
parse_values(void * payload,size_t payload_size,lcc_value_list_t * state)293 static int parse_values(void *payload, size_t payload_size,
294 lcc_value_list_t *state) {
295 buffer_t *b = &(buffer_t){
296 .data = payload,
297 .len = payload_size,
298 };
299
300 uint16_t n;
301 if (buffer_uint16(b, &n))
302 return EINVAL;
303
304 if (((size_t)n * 9) != b->len)
305 return EINVAL;
306
307 state->values_len = (size_t)n;
308 state->values = calloc(state->values_len, sizeof(*state->values));
309 state->values_types = calloc(state->values_len, sizeof(*state->values_types));
310 if ((state->values == NULL) || (state->values_types == NULL)) {
311 return ENOMEM;
312 }
313
314 for (uint16_t i = 0; i < n; i++) {
315 uint8_t tmp;
316 if (buffer_next(b, &tmp, sizeof(tmp)))
317 return EINVAL;
318 state->values_types[i] = (int)tmp;
319 }
320
321 for (uint16_t i = 0; i < n; i++) {
322 uint64_t tmp;
323 if (buffer_next(b, &tmp, sizeof(tmp)))
324 return EINVAL;
325
326 if (state->values_types[i] == LCC_TYPE_GAUGE) {
327 union {
328 uint64_t i;
329 double d;
330 } conv = {.i = tmp};
331 state->values[i].gauge = ntohd(conv.d);
332 continue;
333 }
334
335 tmp = be64toh(tmp);
336 switch (state->values_types[i]) {
337 case LCC_TYPE_COUNTER:
338 state->values[i].counter = (counter_t)tmp;
339 break;
340 case LCC_TYPE_DERIVE:
341 state->values[i].derive = (derive_t)tmp;
342 break;
343 case LCC_TYPE_ABSOLUTE:
344 state->values[i].absolute = (absolute_t)tmp;
345 break;
346 default:
347 return EINVAL;
348 }
349 }
350
351 return 0;
352 }
353
354 #if HAVE_GCRYPT_H
verify_sha256(void * payload,size_t payload_size,char const * username,char const * password,uint8_t hash_provided[32])355 static int verify_sha256(void *payload, size_t payload_size,
356 char const *username, char const *password,
357 uint8_t hash_provided[32]) {
358 gcry_md_hd_t hd = NULL;
359
360 gcry_error_t err = gcry_md_open(&hd, GCRY_MD_SHA256, GCRY_MD_FLAG_HMAC);
361 if (err != 0) {
362 return (int)err;
363 }
364
365 err = gcry_md_setkey(hd, password, strlen(password));
366 if (err != 0) {
367 gcry_md_close(hd);
368 return (int)err;
369 }
370
371 gcry_md_write(hd, username, strlen(username));
372 gcry_md_write(hd, payload, payload_size);
373
374 unsigned char *hash_calculated = gcry_md_read(hd, GCRY_MD_SHA256);
375 if (!hash_calculated) {
376 gcry_md_close(hd);
377 return -1;
378 }
379
380 int ret = memcmp(hash_provided, hash_calculated, 32);
381
382 gcry_md_close(hd);
383 hash_calculated = NULL;
384
385 return !!ret;
386 }
387 #else /* !HAVE_GCRYPT_H */
verify_sha256(void * payload,size_t payload_size,char const * username,char const * password,uint8_t hash_provided[32])388 static int verify_sha256(void *payload, size_t payload_size,
389 char const *username, char const *password,
390 uint8_t hash_provided[32]) {
391 return ENOTSUP;
392 }
393 #endif
394
parse_sign_sha256(void * signature,size_t signature_len,void * payload,size_t payload_size,lcc_network_parse_options_t const * opts)395 static int parse_sign_sha256(void *signature, size_t signature_len,
396 void *payload, size_t payload_size,
397 lcc_network_parse_options_t const *opts) {
398 if (opts->password_lookup == NULL) {
399 /* The sender signed the packet but we can't verify it. Handle it as if it
400 * were unsigned, i.e. security level NONE. */
401 return network_parse(payload, payload_size, NONE, opts);
402 }
403
404 buffer_t *b = &(buffer_t){
405 .data = signature,
406 .len = signature_len,
407 };
408
409 uint8_t hash[32];
410 if (buffer_next(b, hash, sizeof(hash)))
411 return EINVAL;
412
413 char username[b->len + 1];
414 memset(username, 0, sizeof(username));
415 if (buffer_next(b, username, sizeof(username) - 1)) {
416 return EINVAL;
417 }
418
419 char const *password = opts->password_lookup(username);
420 if (!password)
421 return network_parse(payload, payload_size, NONE, opts);
422
423 int status = verify_sha256(payload, payload_size, username, password, hash);
424 if (status != 0)
425 return status;
426
427 return network_parse(payload, payload_size, SIGN, opts);
428 }
429
430 #if HAVE_GCRYPT_H
decrypt_aes256(buffer_t * b,void * iv,size_t iv_size,char const * password)431 static int decrypt_aes256(buffer_t *b, void *iv, size_t iv_size,
432 char const *password) {
433 gcry_cipher_hd_t cipher = NULL;
434
435 if (gcry_cipher_open(&cipher, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_OFB,
436 /* flags = */ 0))
437 return -1;
438
439 uint8_t pwhash[32] = {0};
440 gcry_md_hash_buffer(GCRY_MD_SHA256, pwhash, password, strlen(password));
441
442 fprintf(stderr, "sizeof(iv) = %" PRIsz "\n", sizeof(iv));
443 if (gcry_cipher_setkey(cipher, pwhash, sizeof(pwhash)) ||
444 gcry_cipher_setiv(cipher, iv, iv_size) ||
445 gcry_cipher_decrypt(cipher, b->data, b->len, /* in = */ NULL,
446 /* in_size = */ 0)) {
447 gcry_cipher_close(cipher);
448 return -1;
449 }
450
451 gcry_cipher_close(cipher);
452 return 0;
453 }
454
parse_encrypt_aes256(void * data,size_t data_size,lcc_network_parse_options_t const * opts)455 static int parse_encrypt_aes256(void *data, size_t data_size,
456 lcc_network_parse_options_t const *opts) {
457 if (opts->password_lookup == NULL) {
458 /* Without a password source it's (hopefully) impossible to decrypt the
459 * network packet. */
460 return ENOENT;
461 }
462
463 buffer_t *b = &(buffer_t){
464 .data = data,
465 .len = data_size,
466 };
467
468 uint16_t username_len;
469 if (buffer_uint16(b, &username_len))
470 return EINVAL;
471 if ((size_t)username_len > data_size)
472 return ENOMEM;
473 char username[((size_t)username_len) + 1];
474 memset(username, 0, sizeof(username));
475 if (buffer_next(b, username, (size_t)username_len))
476 return EINVAL;
477
478 char const *password = opts->password_lookup(username);
479 if (!password)
480 return ENOENT;
481
482 uint8_t iv[16];
483 if (buffer_next(b, iv, sizeof(iv)))
484 return EINVAL;
485
486 int status = decrypt_aes256(b, iv, sizeof(iv), password);
487 if (status != 0)
488 return status;
489
490 uint8_t hash_provided[20];
491 if (buffer_next(b, hash_provided, sizeof(hash_provided))) {
492 return -1;
493 }
494
495 uint8_t hash_calculated[20];
496 gcry_md_hash_buffer(GCRY_MD_SHA1, hash_calculated, b->data, b->len);
497
498 if (memcmp(hash_provided, hash_calculated, sizeof(hash_provided)) != 0) {
499 return -1;
500 }
501
502 return network_parse(b->data, b->len, ENCRYPT, opts);
503 }
504 #else /* !HAVE_GCRYPT_H */
parse_encrypt_aes256(void * data,size_t data_size,lcc_network_parse_options_t const * opts)505 static int parse_encrypt_aes256(void *data, size_t data_size,
506 lcc_network_parse_options_t const *opts) {
507 return ENOTSUP;
508 }
509 #endif
510
network_parse(void * data,size_t data_size,lcc_security_level_t sl,lcc_network_parse_options_t const * opts)511 static int network_parse(void *data, size_t data_size, lcc_security_level_t sl,
512 lcc_network_parse_options_t const *opts) {
513 buffer_t *b = &(buffer_t){
514 .data = data,
515 .len = data_size,
516 };
517
518 lcc_value_list_t state = {0};
519
520 while (b->len > 0) {
521 uint16_t type = 0, sz = 0;
522 if (buffer_uint16(b, &type) || buffer_uint16(b, &sz)) {
523 DEBUG("lcc_network_parse(): reading type and/or length failed.\n");
524 return EINVAL;
525 }
526
527 if ((sz < 5) || (((size_t)sz - 4) > b->len)) {
528 DEBUG("lcc_network_parse(): invalid 'sz' field: sz = %" PRIu16
529 ", b->len = %" PRIsz "\n",
530 sz, b->len);
531 return EINVAL;
532 }
533 sz -= 4;
534
535 uint8_t payload[sz];
536 if (buffer_next(b, payload, sizeof(payload)))
537 return EINVAL;
538
539 switch (type) {
540 case TYPE_HOST:
541 case TYPE_PLUGIN:
542 case TYPE_PLUGIN_INSTANCE:
543 case TYPE_TYPE:
544 case TYPE_TYPE_INSTANCE: {
545 if (parse_identifier(type, payload, sizeof(payload), &state)) {
546 DEBUG("lcc_network_parse(): parse_identifier failed.\n");
547 return EINVAL;
548 }
549 break;
550 }
551
552 case TYPE_INTERVAL:
553 case TYPE_INTERVAL_HR:
554 case TYPE_TIME:
555 case TYPE_TIME_HR: {
556 if (parse_time(type, payload, sizeof(payload), &state)) {
557 DEBUG("lcc_network_parse(): parse_time failed.\n");
558 return EINVAL;
559 }
560 break;
561 }
562
563 case TYPE_VALUES: {
564 lcc_value_list_t vl = state;
565 if (parse_values(payload, sizeof(payload), &vl)) {
566 free(vl.values);
567 free(vl.values_types);
568 DEBUG("lcc_network_parse(): parse_values failed.\n");
569 return EINVAL;
570 }
571
572 int status = 0;
573
574 /* Write metrics if they have the required security level. */
575 if (sl >= opts->security_level)
576 status = opts->writer(&vl);
577
578 free(vl.values);
579 free(vl.values_types);
580
581 if (status != 0)
582 return status;
583 break;
584 }
585
586 case TYPE_SIGN_SHA256: {
587 int status =
588 parse_sign_sha256(payload, sizeof(payload), b->data, b->len, opts);
589 if (status != 0) {
590 DEBUG("lcc_network_parse(): parse_sign_sha256() = %d\n", status);
591 return -1;
592 }
593 /* parse_sign_sha256, if successful, consumes all remaining data. */
594 b->data = NULL;
595 b->len = 0;
596 break;
597 }
598
599 case TYPE_ENCR_AES256: {
600 int status = parse_encrypt_aes256(payload, sizeof(payload), opts);
601 if (status != 0) {
602 DEBUG("lcc_network_parse(): parse_encrypt_aes256() = %d\n", status);
603 return -1;
604 }
605 break;
606 }
607
608 default: {
609 DEBUG("lcc_network_parse(): ignoring unknown type %" PRIu16 "\n", type);
610 return EINVAL;
611 }
612 }
613 }
614
615 return 0;
616 }
617
lcc_network_parse(void * data,size_t data_size,lcc_network_parse_options_t opts)618 int lcc_network_parse(void *data, size_t data_size,
619 lcc_network_parse_options_t opts) {
620 if (opts.password_lookup) {
621 #if HAVE_GCRYPT_H
622 int status;
623 if ((status = init_gcrypt())) {
624 return status;
625 }
626 #else
627 return ENOTSUP;
628 #endif
629 }
630
631 return network_parse(data, data_size, NONE, &opts);
632 }
633