/* $NetBSD: sign.c,v 1.9 2022/11/08 01:03:27 uwe Exp $ */ /*- * Copyright (c) 2008 The NetBSD Foundation, Inc. * All rights reserved. * * This code is derived from software contributed to The NetBSD Foundation * by Martin Schütte. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the NetBSD * Foundation, Inc. and its contributors. * 4. Neither the name of The NetBSD Foundation nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ /* * sign.c * syslog-sign related code for syslogd * * Martin Schütte */ /* * Issues with the current internet draft: * 1. The draft is a bit unclear on the input format for the signature, * so this might have to be changed later. Cf. sign_string_sign() * 2. The draft only defines DSA signatures. I hope it will be extended * to DSS, thus allowing DSA, RSA (ANSI X9.31) and ECDSA (ANSI X9.62) * 3. The draft does not define the data format for public keys in CBs. * This implementation sends public keys in DER encoding. * 4. This current implementation uses high-level OpenSSL API. * I am not sure if these completely implement the FIPS/ANSI standards. * Update after WG discussion in August: * 1. check; next draft will be clearer and specify the format as implemented. * 2. check; definitely only DSA in this version. * 3. remains a problem, so far no statement from authors or WG. * 4. check; used EVP_sha1 method implements FIPS. */ /* * Limitations of this implementation: * - cannot use OpenPGP keys, only PKIX or DSA due to OpenSSL capabilities * - only works for correctly formatted messages, because incorrect messages * are reformatted (e.g. if it receives a message with two spaces between * fields it might even be parsed, but the output will have only one space). */ #include __RCSID("$NetBSD: sign.c,v 1.9 2022/11/08 01:03:27 uwe Exp $"); #ifndef DISABLE_SIGN #include "syslogd.h" #ifndef DISABLE_TLS #include "tls.h" #endif /* !DISABLE_TLS */ #include "sign.h" #include "extern.h" /* * init all SGs for a given algorithm */ bool sign_global_init(struct filed *Files) { DPRINTF((D_CALL|D_SIGN), "sign_global_init()\n"); if (!(GlobalSign.sg == 0 || GlobalSign.sg == 1 || GlobalSign.sg == 2 || GlobalSign.sg == 3)) { logerror("sign_init(): invalid SG %d", GlobalSign.sg); return false; } if (!sign_get_keys()) return false; /* signature algorithm */ /* can probably be merged with the hash algorithm/context but * I leave the optimization for later until the RFC is ready */ GlobalSign.sigctx = EVP_MD_CTX_create(); EVP_MD_CTX_init(GlobalSign.sigctx); /* the signature algorithm depends on the type of key */ switch (EVP_PKEY_base_id(GlobalSign.pubkey)) { case EVP_PKEY_DSA: GlobalSign.sig = EVP_sha1(); GlobalSign.sig_len_b64 = SIGN_B64SIGLEN_DSS; break; #ifdef notyet /* this is the place to add non-DSA key types and algorithms */ case EVP_PKEY_RSA: GlobalSign.sig = EVP_sha1(); GlobalSign.sig_len_b64 = 28; break; #endif default: logerror("key type not supported for syslog-sign"); return false; } assert(GlobalSign.keytype == 'C' || GlobalSign.keytype == 'K'); assert(GlobalSign.pubkey_b64 && GlobalSign.privkey && GlobalSign.pubkey); GlobalSign.gbc = 0; STAILQ_INIT(&GlobalSign.SigGroups); /* hash algorithm */ OpenSSL_add_all_digests(); GlobalSign.mdctx = EVP_MD_CTX_create(); EVP_MD_CTX_init(GlobalSign.mdctx); /* values for SHA-1 */ GlobalSign.md = EVP_sha1(); GlobalSign.md_len_b64 = 28; GlobalSign.ver = "0111"; if (!sign_sg_init(Files)) return false; sign_new_reboot_session(); DPRINTF(D_SIGN, "length values: SIGN_MAX_SD_LENGTH %d, " "SIGN_MAX_FRAG_LENGTH %d, SIGN_MAX_SB_LENGTH %d, " "SIGN_MAX_HASH_NUM %d\n", SIGN_MAX_SD_LENGTH, SIGN_MAX_FRAG_LENGTH, SIGN_MAX_SB_LENGTH, SIGN_MAX_HASH_NUM); /* set just before return, so it indicates initialization */ GlobalSign.rsid = now; return true; } /* * get keys for syslog-sign * either from the X.509 certificate used for TLS * or by generating a new one * * sets the global variables * GlobalSign.keytype, GlobalSign.pubkey_b64, * GlobalSign.privkey, and GlobalSign.pubkey */ bool sign_get_keys(void) { EVP_PKEY *pubkey = NULL, *privkey = NULL; unsigned char *der_pubkey = NULL, *ptr_der_pubkey = NULL; char *pubkey_b64 = NULL; int der_len; /* try PKIX/TLS key first */ #ifndef DISABLE_TLS SSL *ssl; if (tls_opt.global_TLS_CTX && (ssl = SSL_new(tls_opt.global_TLS_CTX))) { X509 *cert; DPRINTF(D_SIGN, "Try to get keys from TLS X.509 cert...\n"); if (!(cert = SSL_get_certificate(ssl))) { logerror("SSL_get_certificate() failed"); FREE_SSL(ssl); return false; } if (!(privkey = SSL_get_privatekey(ssl))) { logerror("SSL_get_privatekey() failed"); FREE_SSL(ssl); return false; } if (!(pubkey = X509_get_pubkey(cert))) { logerror("X509_get_pubkey() failed"); FREE_SSL(ssl); return false; } /* note: * - privkey is just a pointer into SSL_CTX and * must not be changed nor be free()d * - but pubkey has to be freed with EVP_PKEY_free() */ FREE_SSL(ssl); if (EVP_PKEY_DSA != EVP_PKEY_base_id(pubkey)) { DPRINTF(D_SIGN, "X.509 cert has no DSA key\n"); EVP_PKEY_free(pubkey); privkey = NULL; pubkey = NULL; } else { DPRINTF(D_SIGN, "Got public and private key " "from X.509 --> use type PKIX\n"); GlobalSign.keytype = 'C'; GlobalSign.privkey = privkey; GlobalSign.pubkey = pubkey; /* base64 certificate encoding */ der_len = i2d_X509(cert, NULL); if (!(ptr_der_pubkey = der_pubkey = malloc(der_len)) || !(pubkey_b64 = malloc(der_len*2))) { free(der_pubkey); logerror("malloc() failed"); return false; } if (i2d_X509(cert, &ptr_der_pubkey) <= 0) { logerror("i2d_X509() failed"); return false; } b64_ntop(der_pubkey, der_len, pubkey_b64, der_len*2); free(der_pubkey); /* try to resize memory object as needed */ GlobalSign.pubkey_b64 = realloc(pubkey_b64, strlen(pubkey_b64)+1); if (!GlobalSign.pubkey_b64) GlobalSign.pubkey_b64 = pubkey_b64; } } #endif /* !DISABLE_TLS */ if (!(privkey && pubkey)) { /* PKIX not available --> generate key */ DSA *dsa; DPRINTF(D_SIGN, "Unable to get keys from X.509 " "--> use DSA with type 'K'\n"); if (!(privkey = EVP_PKEY_new())) { logerror("EVP_PKEY_new() failed"); return false; } if ((dsa = DSA_new()) == NULL) { logerror("DSA_new() failed"); return false; } if (!DSA_generate_parameters_ex(dsa, SIGN_GENCERT_BITS, NULL, 0, NULL, NULL, NULL)) { logerror("DSA_generate_parameters_ex() failed"); return false; } if (!DSA_generate_key(dsa)) { logerror("DSA_generate_key() failed"); return false; } if (!EVP_PKEY_assign_DSA(privkey, dsa)) { logerror("EVP_PKEY_assign_DSA() failed"); return false; } GlobalSign.keytype = 'K'; /* public/private keys used */ GlobalSign.privkey = privkey; GlobalSign.pubkey = privkey; /* pubkey base64 encoding */ der_len = i2d_DSA_PUBKEY(dsa, NULL); if (!(ptr_der_pubkey = der_pubkey = malloc(der_len)) || !(pubkey_b64 = malloc(der_len*2))) { free(der_pubkey); logerror("malloc() failed"); return false; } if (i2d_DSA_PUBKEY(dsa, &ptr_der_pubkey) <= 0) { logerror("i2d_DSA_PUBKEY() failed"); free(der_pubkey); free(pubkey_b64); return false; } b64_ntop(der_pubkey, der_len, pubkey_b64, der_len*2); free(der_pubkey); /* try to resize memory object as needed */ GlobalSign.pubkey_b64 = realloc(pubkey_b64, strlen(pubkey_b64) + 1); if (!GlobalSign.pubkey_b64) GlobalSign.pubkey_b64 = pubkey_b64; } return true; } /* * init SGs */ bool sign_sg_init(struct filed *Files) { struct signature_group_t *sg, *newsg, *last_sg; struct filed_queue *fq; struct string_queue *sqentry, *last_sqentry; struct filed *f; unsigned int i; /* note on SG 1 and 2: * it is assumed that redundant signature groups * and especially signature groups without an associated * destination are harmless. * this currently holds true because sign_append_hash() * is called from fprintlog(), so only actually used * signature group get hashes and need memory for them */ /* possible optimization for SGs 1 and 2: * use a struct signature_group_t *newsg[IETF_NUM_PRIVALUES] * for direct group lookup */ #define ALLOC_OR_FALSE(x) do { \ if(!((x) = calloc(1, sizeof(*(x))))) { \ logerror("Unable to allocate memory"); \ return false; \ } \ } while (0) #define ALLOC_SG(x) do { \ ALLOC_OR_FALSE(x); \ (x)->last_msg_num = 1; /* cf. section 4.2.5 */ \ STAILQ_INIT(&(x)->hashes); \ STAILQ_INIT(&(x)->files); \ } while (0) /* alloc(fq) and add to SGs file queue */ #define ASSIGN_FQ() do { \ ALLOC_OR_FALSE(fq); \ fq->f = f; \ f->f_sg = newsg; \ DPRINTF(D_SIGN, "SG@%p <--> f@%p\n", newsg, f); \ STAILQ_INSERT_TAIL(&newsg->files, fq, entries); \ } while (0) switch (GlobalSign.sg) { case 0: /* one SG, linked to all files */ ALLOC_SG(newsg); newsg->spri = 0; for (f = Files; f; f = f->f_next) ASSIGN_FQ(); STAILQ_INSERT_TAIL(&GlobalSign.SigGroups, newsg, entries); break; case 1: /* every PRI gets one SG */ for (i = 0; i < IETF_NUM_PRIVALUES; i++) { int fac, prilev; fac = LOG_FAC(i); prilev = LOG_PRI(i); ALLOC_SG(newsg); newsg->spri = i; /* now find all destinations associated with this SG */ for (f = Files; f; f = f->f_next) /* check priorities */ if (MATCH_PRI(f, fac, prilev)) ASSIGN_FQ(); STAILQ_INSERT_TAIL(&GlobalSign.SigGroups, newsg, entries); } break; case 2: /* PRI ranges get one SG, boundaries given by the * SPRI, indicating the largest PRI in the SG * * either GlobalSign.sig2_delims has a list of * user configured delimiters, or we use a default * and set up one SG per facility */ if (STAILQ_EMPTY(&GlobalSign.sig2_delims)) { DPRINTF(D_SIGN, "sign_sg_init(): set default " "values for SG 2\n"); for (i = 0; i < (IETF_NUM_PRIVALUES>>3); i++) { ALLOC_OR_FALSE(sqentry); sqentry->data = NULL; sqentry->key = (i<<3); STAILQ_INSERT_TAIL(&GlobalSign.sig2_delims, sqentry, entries); } } assert(!STAILQ_EMPTY(&GlobalSign.sig2_delims)); /* add one more group at the end */ last_sqentry = STAILQ_LAST(&GlobalSign.sig2_delims, string_queue, entries); if (last_sqentry->key < IETF_NUM_PRIVALUES) { ALLOC_OR_FALSE(sqentry); sqentry->data = NULL; sqentry->key = IETF_NUM_PRIVALUES-1; STAILQ_INSERT_TAIL(&GlobalSign.sig2_delims, sqentry, entries); } STAILQ_FOREACH(sqentry, &GlobalSign.sig2_delims, entries) { unsigned int min_pri = 0; ALLOC_SG(newsg); newsg->spri = sqentry->key; /* check _all_ priorities in SG */ last_sg = STAILQ_LAST(&GlobalSign.SigGroups, signature_group_t, entries); if (last_sg) min_pri = last_sg->spri + 1; DPRINTF(D_SIGN, "sign_sg_init(): add SG@%p: SG=\"2\"," " SPRI=\"%d\" -- for msgs with " "%d <= pri <= %d\n", newsg, newsg->spri, min_pri, newsg->spri); /* now find all destinations associated with this SG */ for (f = Files; f; f = f->f_next) { bool match = false; for (i = min_pri; i <= newsg->spri; i++) { int fac, prilev; fac = LOG_FAC(i); prilev = LOG_PRI(i); if (MATCH_PRI(f, fac, prilev)) { match = true; break; } } if (match) ASSIGN_FQ(); } STAILQ_INSERT_TAIL(&GlobalSign.SigGroups, newsg, entries); } break; case 3: /* every file (with flag) gets one SG */ for (f = Files; f; f = f->f_next) { if (!(f->f_flags & FFLAG_SIGN)) { f->f_sg = NULL; continue; } ALLOC_SG(newsg); newsg->spri = f->f_file; /* not needed but shows SGs */ ASSIGN_FQ(); STAILQ_INSERT_TAIL(&GlobalSign.SigGroups, newsg, entries); } break; } DPRINTF((D_PARSE|D_SIGN), "sign_sg_init() set up these " "Signature Groups:\n"); STAILQ_FOREACH(sg, &GlobalSign.SigGroups, entries) { DPRINTF((D_PARSE|D_SIGN), "SG@%p with SG=\"%d\", SPRI=\"%d\"," " associated files:\n", sg, GlobalSign.sg, sg->spri); STAILQ_FOREACH(fq, &sg->files, entries) { DPRINTF((D_PARSE|D_SIGN), " f@%p with type %d\n", fq->f, fq->f->f_type); } } return true; } /* * free all SGs for a given algorithm */ void sign_global_free(void) { struct signature_group_t *sg, *tmp_sg; struct filed_queue *fq, *tmp_fq; DPRINTF((D_CALL|D_SIGN), "sign_global_free()\n"); STAILQ_FOREACH_SAFE(sg, &GlobalSign.SigGroups, entries, tmp_sg) { if (!STAILQ_EMPTY(&sg->hashes)) { /* send CB and SB twice to get minimal redundancy * for the last few message hashes */ sign_send_certificate_block(sg); sign_send_certificate_block(sg); sign_send_signature_block(sg, true); sign_send_signature_block(sg, true); sign_free_hashes(sg); } fq = STAILQ_FIRST(&sg->files); while (fq != NULL) { tmp_fq = STAILQ_NEXT(fq, entries); free(fq); fq = tmp_fq; } STAILQ_REMOVE(&GlobalSign.SigGroups, sg, signature_group_t, entries); free(sg); } sign_free_string_queue(&GlobalSign.sig2_delims); if (GlobalSign.privkey) { GlobalSign.privkey = NULL; } if (GlobalSign.pubkey) { EVP_PKEY_free(GlobalSign.pubkey); GlobalSign.pubkey = NULL; } if(GlobalSign.mdctx) { EVP_MD_CTX_destroy(GlobalSign.mdctx); GlobalSign.mdctx = NULL; } if(GlobalSign.sigctx) { EVP_MD_CTX_destroy(GlobalSign.sigctx); GlobalSign.sigctx = NULL; } FREEPTR(GlobalSign.pubkey_b64); } /* * create and send certificate block */ bool sign_send_certificate_block(struct signature_group_t *sg) { struct filed_queue *fq; struct buf_msg *buffer; char *tstamp; char payload[SIGN_MAX_PAYLOAD_LENGTH]; char sd[SIGN_MAX_SD_LENGTH]; size_t payload_len, fragment_len; size_t payload_index = 0; /* do nothing if CBs already sent or if there was no message in SG */ if (!sg->resendcount || ((sg->resendcount == SIGN_RESENDCOUNT_CERTBLOCK) && STAILQ_EMPTY(&sg->hashes))) return false; DPRINTF((D_CALL|D_SIGN), "sign_send_certificate_block(%p)\n", sg); tstamp = make_timestamp(NULL, true, (size_t)-1); payload_len = snprintf(payload, sizeof(payload), "%s %c %s", tstamp, GlobalSign.keytype, GlobalSign.pubkey_b64); if (payload_len >= sizeof(payload)) { DPRINTF(D_SIGN, "Buffer too small for syslog-sign setup\n"); return false; } while (payload_index < payload_len) { if (payload_len - payload_index <= SIGN_MAX_FRAG_LENGTH) fragment_len = payload_len - payload_index; else fragment_len = SIGN_MAX_FRAG_LENGTH; /* format SD */ size_t sd_len __diagused; sd_len = snprintf(sd, sizeof(sd), "[ssign-cert " "VER=\"%s\" RSID=\"%" PRIuFAST64 "\" SG=\"%d\" " "SPRI=\"%d\" TBPL=\"%zu\" INDEX=\"%zu\" " "FLEN=\"%zu\" FRAG=\"%.*s\" " "SIGN=\"\"]", GlobalSign.ver, GlobalSign.rsid, GlobalSign.sg, sg->spri, payload_len, payload_index+1, fragment_len, (int)fragment_len, &payload[payload_index]); assert(sd_len < sizeof(sd)); assert(sd[sd_len] == '\0'); assert(sd[sd_len-1] == ']'); assert(sd[sd_len-2] == '"'); if (!sign_msg_sign(&buffer, sd, sizeof(sd))) return 0; DPRINTF((D_CALL|D_SIGN), "sign_send_certificate_block(): " "calling fprintlog()\n"); STAILQ_FOREACH(fq, &sg->files, entries) { /* we have to preserve the f_prevcount */ int tmpcnt; tmpcnt = fq->f->f_prevcount; fprintlog(fq->f, buffer, NULL); fq->f->f_prevcount = tmpcnt; } sign_inc_gbc(); DELREF(buffer); payload_index += fragment_len; } sg->resendcount--; return true; } /* * determine the SG for a message * returns NULL if -sign not configured or no SG for this priority */ struct signature_group_t * sign_get_sg(int pri, struct filed *f) { struct signature_group_t *sg, *rc = NULL; if (GlobalSign.rsid && f) switch (GlobalSign.sg) { case 0: rc = f->f_sg; break; case 1: case 2: STAILQ_FOREACH(sg, &GlobalSign.SigGroups, entries) { if (sg->spri >= (unsigned int)pri) { rc = sg; break; } } break; case 3: if (f->f_flags & FFLAG_SIGN) rc = f->f_sg; else rc = NULL; break; } DPRINTF((D_CALL|D_SIGN), "sign_get_sg(%d, %p) --> %p\n", pri, f, rc); return rc; } /* * create and send signature block * * uses a sliding window for redundancy * if force==true then simply send all available hashes, e.g. on shutdown * * sliding window checks implicitly assume that new hashes are appended * to the SG between two calls. if that is not the case (e.g. with repeated * messages) the queue size will shrink. * this has no negative consequences except generating more and shorter SBs * than expected and confusing the operator because two consecutive SBs will * have same FMNn */ unsigned sign_send_signature_block(struct signature_group_t *sg, bool force) { char sd[SIGN_MAX_SD_LENGTH]; size_t sd_len; size_t sg_num_hashes = 0; /* hashes in SG queue */ size_t hashes_in_sb = 0; /* number of hashes in current SB */ size_t hashes_sent = 0; /* count of hashes sent */ struct string_queue *qentry, *old_qentry; struct buf_msg *buffer; struct filed_queue *fq; size_t i; if (!sg) return 0; DPRINTF((D_CALL|D_SIGN), "sign_send_signature_block(%p, %d)\n", sg, force); STAILQ_FOREACH(qentry, &sg->hashes, entries) sg_num_hashes++; /* only act if a division is full */ if (!sg_num_hashes || (!force && (sg_num_hashes % SIGN_HASH_DIVISION_NUM))) return 0; /* if no CB sent so far then do now, just before first SB */ if (sg->resendcount == SIGN_RESENDCOUNT_CERTBLOCK) sign_send_certificate_block(sg); /* shortly after reboot we have shorter SBs */ hashes_in_sb = MIN(sg_num_hashes, SIGN_HASH_NUM); DPRINTF(D_SIGN, "sign_send_signature_block(): " "sg_num_hashes = %zu, hashes_in_sb = %zu, SIGN_HASH_NUM = %d\n", sg_num_hashes, hashes_in_sb, SIGN_HASH_NUM); if (sg_num_hashes > SIGN_HASH_NUM) { DPRINTF(D_SIGN, "sign_send_signature_block(): sg_num_hashes" " > SIGN_HASH_NUM -- This should not happen!\n"); } /* now the SD */ qentry = STAILQ_FIRST(&sg->hashes); sd_len = snprintf(sd, sizeof(sd), "[ssign " "VER=\"%s\" RSID=\"%" PRIuFAST64 "\" SG=\"%d\" " "SPRI=\"%d\" GBC=\"%" PRIuFAST64 "\" FMN=\"%" PRIuFAST64 "\" " "CNT=\"%zu\" HB=\"", GlobalSign.ver, GlobalSign.rsid, GlobalSign.sg, sg->spri, GlobalSign.gbc, qentry->key, hashes_in_sb); while (hashes_sent < hashes_in_sb) { assert(qentry); sd_len += snprintf(sd+sd_len, sizeof(sd)-sd_len, "%s ", qentry->data); hashes_sent++; qentry = STAILQ_NEXT(qentry, entries); } /* overwrite last space and close SD */ assert(sd_len < sizeof(sd)); assert(sd[sd_len] == '\0'); assert(sd[sd_len-1] == ' '); sd[sd_len-1] = '\0'; sd_len = strlcat(sd, "\" SIGN=\"\"]", sizeof(sd)); if (sign_msg_sign(&buffer, sd, sizeof(sd))) { DPRINTF((D_CALL|D_SIGN), "sign_send_signature_block(): calling" " fprintlog(), sending %zu out of %zu hashes\n", MIN(SIGN_MAX_HASH_NUM, sg_num_hashes), sg_num_hashes); STAILQ_FOREACH(fq, &sg->files, entries) { int tmpcnt; tmpcnt = fq->f->f_prevcount; fprintlog(fq->f, buffer, NULL); fq->f->f_prevcount = tmpcnt; } sign_inc_gbc(); DELREF(buffer); } /* always drop the oldest division of hashes */ if (sg_num_hashes >= SIGN_HASH_NUM) { qentry = STAILQ_FIRST(&sg->hashes); for (i = 0; i < SIGN_HASH_DIVISION_NUM; i++) { old_qentry = qentry; qentry = STAILQ_NEXT(old_qentry, entries); STAILQ_REMOVE(&sg->hashes, old_qentry, string_queue, entries); FREEPTR(old_qentry->data); FREEPTR(old_qentry); } } return hashes_sent; } void sign_free_hashes(struct signature_group_t *sg) { DPRINTF((D_CALL|D_SIGN), "sign_free_hashes(%p)\n", sg); sign_free_string_queue(&sg->hashes); } void sign_free_string_queue(struct string_queue_head *sqhead) { struct string_queue *qentry, *tmp_qentry; DPRINTF((D_CALL|D_SIGN), "sign_free_string_queue(%p)\n", sqhead); STAILQ_FOREACH_SAFE(qentry, sqhead, entries, tmp_qentry) { STAILQ_REMOVE(sqhead, qentry, string_queue, entries); FREEPTR(qentry->data); free(qentry); } assert(STAILQ_EMPTY(sqhead)); } /* * hash one syslog message */ bool sign_msg_hash(char *line, char **hash) { unsigned char md_value[EVP_MAX_MD_SIZE]; unsigned char md_b64[EVP_MAX_MD_SIZE*2]; /* TODO: exact expression for b64 length? */ unsigned md_len = 0; DPRINTF((D_CALL|D_SIGN), "sign_msg_hash('%s')\n", line); SSL_CHECK_ONE(EVP_DigestInit_ex(GlobalSign.mdctx, GlobalSign.md, NULL)); SSL_CHECK_ONE(EVP_DigestUpdate(GlobalSign.mdctx, line, strlen(line))); SSL_CHECK_ONE(EVP_DigestFinal_ex(GlobalSign.mdctx, md_value, &md_len)); b64_ntop(md_value, md_len, (char *)md_b64, EVP_MAX_MD_SIZE*2); *hash = strdup((char *)md_b64); DPRINTF((D_CALL|D_SIGN), "sign_msg_hash() --> \"%s\"\n", *hash); return true; } /* * append hash to SG queue */ bool sign_append_hash(char *hash, struct signature_group_t *sg) { struct string_queue *qentry; /* if one SG is shared by several destinations * prevent duplicate entries */ if ((qentry = STAILQ_LAST(&sg->hashes, string_queue, entries)) && !strcmp(qentry->data, hash)) { DPRINTF((D_CALL|D_SIGN), "sign_append_hash('%s', %p): " "hash already in queue\n", hash, sg); return false; } MALLOC(qentry, sizeof(*qentry)); qentry->key = sign_assign_msg_num(sg); qentry->data = hash; STAILQ_INSERT_TAIL(&sg->hashes, qentry, entries); DPRINTF((D_CALL|D_SIGN), "sign_append_hash('%s', %p): " "#%" PRIdFAST64 "\n", hash, sg, qentry->key); return true; } /* * sign one syslog-sign message * * requires a ssign or ssigt-cert SD element * ending with ' SIGN=""]' in sd * linesize is available memory (= sizeof(sd)) * * function will calculate signature and return a new buffer */ bool sign_msg_sign(struct buf_msg **bufferptr, char *sd, size_t linesize) { char *signature, *line; size_t linelen, tlsprefixlen, endptr, newlinelen; struct buf_msg *buffer; DPRINTF((D_CALL|D_SIGN), "sign_msg_sign()\n"); endptr = strlen(sd); assert(endptr < linesize); assert(sd[endptr] == '\0'); assert(sd[endptr-1] == ']'); assert(sd[endptr-2] == '"'); /* set up buffer */ buffer = buf_msg_new(0); buffer->timestamp = make_timestamp(NULL, !BSDOutputFormat, 0); buffer->prog = appname; buffer->pid = include_pid; buffer->recvhost = buffer->host = LocalFQDN; buffer->pri = 110; buffer->flags = IGN_CONS|SIGN_MSG; buffer->sd = sd; /* SD ready, now format and sign */ if (!format_buffer(buffer, &line, &linelen, NULL, &tlsprefixlen, NULL)) { DPRINTF((D_CALL|D_SIGN), "sign_send_signature_block():" " format_buffer() failed\n"); buffer->sd = NULL; DELREF(buffer); return false; } if (!sign_string_sign(line+tlsprefixlen, &signature)) { DPRINTF((D_CALL|D_SIGN), "sign_send_signature_block():" " sign_string_sign() failed\n"); buffer->sd = NULL; DELREF(buffer); FREEPTR(line); return false; } FREEPTR(line); sd[endptr-2] = '\0'; newlinelen = strlcat(sd, signature, linesize); newlinelen = strlcat(sd, "\"]", linesize); if (newlinelen >= linesize) { DPRINTF(D_SIGN, "sign_send_signature_block(): " "buffer too small\n"); buffer->sd = NULL; DELREF(buffer); return false; } assert(newlinelen < linesize); assert(sd[newlinelen] == '\0'); assert(sd[newlinelen-1] == ']'); assert(sd[newlinelen-2] == '"'); buffer->sd = strdup(sd); *bufferptr = buffer; return true; } /* * sign one string */ bool sign_string_sign(char *line, char **signature) { char buf[SIGN_MAX_LENGTH+1]; unsigned char sig_value[SIGN_B64SIGLEN_DSS]; unsigned char sig_b64[SIGN_B64SIGLEN_DSS]; unsigned sig_len = 0; char *p, *q; /* * The signature is calculated over the completely formatted * syslog-message, including all of the PRI, HEADER, and hashes * in the hash block, excluding spaces between fields, and also * excluding the signature field (SD Parameter Name "SIGN", "=", * and corresponding value). * * -- I am not quite sure which spaces are to be removed. * Only the ones inside the "ssign" element or those between * header fields as well? */ /* removes the string ' SIGN=""' */ for (p = line, q = buf; *p && (q - buf <= SIGN_MAX_LENGTH);) { if (strncmp(p, " SIGN=\"\"", 8) == 0) p += 8; *q++ = *p++; } *q = '\0'; SSL_CHECK_ONE(EVP_SignInit(GlobalSign.sigctx, GlobalSign.sig)); SSL_CHECK_ONE(EVP_SignUpdate(GlobalSign.sigctx, buf, q-buf)); assert(GlobalSign.privkey); SSL_CHECK_ONE(EVP_SignFinal(GlobalSign.sigctx, sig_value, &sig_len, GlobalSign.privkey)); b64_ntop(sig_value, sig_len, (char *)sig_b64, sizeof(sig_b64)); *signature = strdup((char *)sig_b64); DPRINTF((D_CALL|D_SIGN), "sign_string_sign('%s') --> '%s'\n", buf, *signature); return *signature != NULL; } void sign_new_reboot_session(void) { struct signature_group_t *sg; DPRINTF((D_CALL|D_SIGN), "sign_new_reboot_session()\n"); /* global counters */ GlobalSign.gbc = 0; /* might be useful for later analysis: * rebooted session IDs are sequential, * normal IDs are almost always not */ GlobalSign.rsid++; assert(GlobalSign.sg <= 3); /* reset SGs */ STAILQ_FOREACH(sg, &GlobalSign.SigGroups, entries) { sg->resendcount = SIGN_RESENDCOUNT_CERTBLOCK; sg->last_msg_num = 1; } } /* get msg_num, increment counter, check overflow */ uint_fast64_t sign_assign_msg_num(struct signature_group_t *sg) { uint_fast64_t old; old = sg->last_msg_num++; if (sg->last_msg_num > SIGN_MAX_COUNT) sign_new_reboot_session(); return old; } /* increment gbc, check overflow */ void sign_inc_gbc(void) { if (++GlobalSign.gbc > SIGN_MAX_COUNT) sign_new_reboot_session(); } #endif /* !DISABLE_SIGN */