[disorder] / lib / cookies.c

/*
 * This file is part of DisOrder
 * Copyright (C) 2007 Richard Kettlewell
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
 * USA
 */
/** @file lib/cookies.c
 * @brief Cookie support
 */

#include <config.h>
#include "types.h"

#include <stdlib.h>
#include <string.h>
#include <stdio.h>
#include <errno.h>
#include <time.h>
#include <gcrypt.h>
#include <pcre.h>

#include "cookies.h"
#include "hash.h"
#include "mem.h"
#include "log.h"
#include "printf.h"
#include "mime.h"
#include "configuration.h"
#include "kvp.h"
#include "rights.h"
#include "trackdb.h"

/** @brief Hash function used in signing HMAC */
#define ALGO GCRY_MD_SHA1

/** @brief Size of key to use */
#define HASHSIZE 20

/** @brief Signing key */
static uint8_t signing_key[HASHSIZE];

/** @brief Previous signing key */
static uint8_t old_signing_key[HASHSIZE];

/** @brief Signing key validity limit or 0 if none */
static time_t signing_key_validity_limit;

/** @brief Hash of revoked cookies */
static hash *revoked;

/** @brief Callback to expire revocation list */
static int revoked_cleanup_callback(const char *key, void *value,
                                    void *u) {
  if(*(time_t *)value < *(time_t *)u)
    hash_remove(revoked, key);
  return 0;
}

/** @brief Generate a new key */
static void newkey(void) {
  time_t now;

  time(&now);
  memcpy(old_signing_key, signing_key, HASHSIZE);
  gcry_randomize(signing_key, HASHSIZE, GCRY_STRONG_RANDOM);
  signing_key_validity_limit = now + config->cookie_key_lifetime;
  /* Now is a good time to clean up the revocation list... */
  if(revoked)
    hash_foreach(revoked, revoked_cleanup_callback, &now);
}

/** @brief Sign @p subject with @p key and return the base64 of the result
 * @param key Key to sign with (@ref HASHSIZE bytes)
 * @param subject Subject string
 * @return Base64-encoded signature or NULL
 */
static char *sign(const uint8_t *key,
		  const char *subject) {
  gcry_error_t e;
  gcry_md_hd_t h;
  uint8_t *sig;
  char *sig64;

  if((e = gcry_md_open(&h, ALGO, GCRY_MD_FLAG_HMAC))) {
    error(0, "gcry_md_open: %s", gcry_strerror(e));
    return 0;
  }
  if((e = gcry_md_setkey(h, key, HASHSIZE))) {
    error(0, "gcry_md_setkey: %s", gcry_strerror(e));
    gcry_md_close(h);
    return 0;
  }
  gcry_md_write(h, subject, strlen(subject));
  sig = gcry_md_read(h, ALGO);
  sig64 = mime_to_base64(sig, HASHSIZE);
  gcry_md_close(h);
  return sig64;
}

/** @brief Create a login cookie
 * @param user Username
 * @return Cookie or NULL
 */
char *make_cookie(const char *user) {
  const char *password;
  time_t now;
  char *b, *bp, *c, *g;

  /* semicolons aren't allowed in usernames */
  if(strchr(user, ';')) {
    error(0, "make_cookie for username with semicolon");
    return 0;
  }
  /* look up the password */
  password = trackdb_get_password(user);
  if(!password) {
    error(0, "make_cookie for nonexistent user");
    return 0;
  }
  /* make sure we have a valid signing key */
  time(&now);
  if(now >= signing_key_validity_limit)
    newkey();
  /* construct the subject */
  byte_xasprintf(&b, "%jx;%s;", (intmax_t)now + config->cookie_login_lifetime,
		 urlencodestring(user));
  byte_xasprintf(&bp, "%s%s", b, password);
  /* sign it */
  if(!(g = sign(signing_key, bp)))
    return 0;
  /* put together the final cookie */
  byte_xasprintf(&c, "%s%s", b, g);
  return c;
}

/** @brief Verify a cookie
 * @param cookie Cookie to verify
 * @return Verified user or NULL
 */
char *verify_cookie(const char *cookie) {
  char *c1, *c2;
  intmax_t t;
  time_t now;
  char *user, *bp, *sig;
  const char *password;

  /* check the revocation list */
  if(revoked && hash_find(revoked, cookie)) {
    error(0, "attempt to log in with revoked cookie");
    return 0;
  }
  /* parse the cookie */
  errno = 0;
  t = strtoimax(cookie, &c1, 16);
  if(errno) {
    error(errno, "error parsing cookie timestamp");
    return 0;
  }
  if(*c1 != ';') {
    error(0, "invalid cookie timestamp");
    return 0;
  }
  /* There'd better be two semicolons */
  c2 = strchr(c1 + 1, ';');
  if(c2 == 0) {
    error(0, "invalid cookie syntax");
    return 0;
  }
  /* Extract the username */
  user = xstrndup(c1 + 1, c2 - (c1 + 1));
  /* check expiry */
  time(&now);
  if(now >= t) {
    error(0, "cookie has expired");
    return 0;
  }
  /* look up the password */
  password = trackdb_get_password(user);
  if(!password) {
    error(0, "verify_cookie for nonexistent user");
    return 0;
  }
  /* construct the expected subject.  We re-encode the timestamp and the
   * password. */
  byte_xasprintf(&bp, "%jx;%s;%s", t, urlencodestring(user), password);
  /* Compute the expected signature.  NB we base64 the expected signature and
   * compare that rather than exposing our base64 parser to the cookie. */
  if(!(sig = sign(signing_key, bp)))
    return 0;
  if(!strcmp(sig, c2 + 1))
    return user;
  /* that didn't match, try the old key */
  if(!(sig = sign(old_signing_key, bp)))
    return 0;
  if(!strcmp(sig, c2 + 1))
    return user;
  /* that didn't match either */
  error(0, "cookie signature does not match");
  return 0;
}

/** @brief Revoke a cookie
 * @param cookie Cookie to revoke
 *
 * Further attempts to log in with @p cookie will fail.
 */
void revoke_cookie(const char *cookie) {
  time_t when;
  char *ptr;

  /* find the cookie's expiry time */
  errno = 0;
  when = (time_t)strtoimax(cookie, &ptr, 16);
  /* reject bogus cookies */
  if(errno)
    return;
  if(*ptr != ';')
    return;
  /* make sure the revocation list exists */
  if(!revoked)
    revoked = hash_new(sizeof(time_t));
  /* add the cookie to it; its value is the expiry time */
  hash_add(revoked, cookie, &when, HASH_INSERT);
}

/*
Local Variables:
c-basic-offset:2
comment-column:40
fill-column:79
indent-tabs-mode:nil
End:
*/
Commit	Line	Data
b12be54a RK	1	/*
	2	* This file is part of DisOrder
	3	* Copyright (C) 2007 Richard Kettlewell
	4	*
	5	* This program is free software; you can redistribute it and/or modify
	6	* it under the terms of the GNU General Public License as published by
	7	* the Free Software Foundation; either version 2 of the License, or
	8	* (at your option) any later version.
	9	*
	10	* This program is distributed in the hope that it will be useful, but
	11	* WITHOUT ANY WARRANTY; without even the implied warranty of
	12	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	13	* General Public License for more details.
	14	*
	15	* You should have received a copy of the GNU General Public License
	16	* along with this program; if not, write to the Free Software
	17	* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
	18	* USA
	19	*/
	20	/** @file lib/cookies.c
	21	* @brief Cookie support
	22	*/
	23
	24	#include <config.h>
	25	#include "types.h"
	26
	27	#include <stdlib.h>
	28	#include <string.h>
	29	#include <stdio.h>
	30	#include <errno.h>
	31	#include <time.h>
	32	#include <gcrypt.h>
f0feb22e	33	#include <pcre.h>
b12be54a RK	34
	35	#include "cookies.h"
	36	#include "hash.h"
	37	#include "mem.h"
	38	#include "log.h"
	39	#include "printf.h"
	40	#include "mime.h"
	41	#include "configuration.h"
	42	#include "kvp.h"
5df73aeb	43	#include "rights.h"
f0feb22e	44	#include "trackdb.h"
b12be54a RK	45
	46	/** @brief Hash function used in signing HMAC */
	47	#define ALGO GCRY_MD_SHA1
	48
	49	/** @brief Size of key to use */
	50	#define HASHSIZE 20
	51
	52	/** @brief Signing key */
	53	static uint8_t signing_key[HASHSIZE];
	54
	55	/** @brief Previous signing key */
	56	static uint8_t old_signing_key[HASHSIZE];
	57
	58	/** @brief Signing key validity limit or 0 if none */
	59	static time_t signing_key_validity_limit;
	60
	61	/** @brief Hash of revoked cookies */
	62	static hash *revoked;
	63
	64	/** @brief Callback to expire revocation list */
	65	static int revoked_cleanup_callback(const char key, void value,
	66	void *u) {
	67	if((time_t )value < (time_t )u)
	68	hash_remove(revoked, key);
	69	return 0;
	70	}
	71
	72	/** @brief Generate a new key */
	73	static void newkey(void) {
	74	time_t now;
	75
	76	time(&now);
	77	memcpy(old_signing_key, signing_key, HASHSIZE);
	78	gcry_randomize(signing_key, HASHSIZE, GCRY_STRONG_RANDOM);
	79	signing_key_validity_limit = now + config->cookie_key_lifetime;
	80	/* Now is a good time to clean up the revocation list... */
	81	if(revoked)
	82	hash_foreach(revoked, revoked_cleanup_callback, &now);
	83	}
	84
	85	/** @brief Sign @p subject with @p key and return the base64 of the result
	86	* @param key Key to sign with (@ref HASHSIZE bytes)
	87	* @param subject Subject string
	88	* @return Base64-encoded signature or NULL
	89	*/
	90	static char sign(const uint8_t key,
	91	const char *subject) {
	92	gcry_error_t e;
	93	gcry_md_hd_t h;
	94	uint8_t *sig;
	95	char *sig64;
	96
	97	if((e = gcry_md_open(&h, ALGO, GCRY_MD_FLAG_HMAC))) {
	98	error(0, "gcry_md_open: %s", gcry_strerror(e));
	99	return 0;
	100	}
	101	if((e = gcry_md_setkey(h, key, HASHSIZE))) {
	102	error(0, "gcry_md_setkey: %s", gcry_strerror(e));
	103	gcry_md_close(h);
	104	return 0;
	105	}
	106	gcry_md_write(h, subject, strlen(subject));
	107	sig = gcry_md_read(h, ALGO);
	108	sig64 = mime_to_base64(sig, HASHSIZE);
109	gcry_md_close(h);
110	return sig64;
111	}
112
113	/** @brief Create a login cookie
114	* @param user Username
115	* @return Cookie or NULL
116	*/
117	char make_cookie(const char user) {
f0feb22e	118	const char *password;
b12be54a RK	119	time_t now;
b12be54a RK	120	char b, bp, c, g;
b12be54a RK	121
	122	/* semicolons aren't allowed in usernames */
	123	if(strchr(user, ';')) {
	124	error(0, "make_cookie for username with semicolon");
	125	return 0;
	126	}
	127	/* look up the password */
f0feb22e RK	128	password = trackdb_get_password(user);
f0feb22e RK	129	if(!password) {
b12be54a RK	130	error(0, "make_cookie for nonexistent user");
	131	return 0;
	132	}
b12be54a RK	133	/* make sure we have a valid signing key */
	134	time(&now);
	135	if(now >= signing_key_validity_limit)
	136	newkey();
	137	/* construct the subject */
	138	byte_xasprintf(&b, "%jx;%s;", (intmax_t)now + config->cookie_login_lifetime,
	139	urlencodestring(user));
	140	byte_xasprintf(&bp, "%s%s", b, password);
	141	/* sign it */
	142	if(!(g = sign(signing_key, bp)))
	143	return 0;
	144	/* put together the final cookie */
	145	byte_xasprintf(&c, "%s%s", b, g);
	146	return c;
	147	}
	148
	149	/** @brief Verify a cookie
	150	* @param cookie Cookie to verify
	151	* @return Verified user or NULL
	152	*/
	153	char verify_cookie(const char cookie) {
	154	char c1, c2;
	155	intmax_t t;
	156	time_t now;
f0feb22e RK	157	char user, bp, *sig;
f0feb22e RK	158	const char *password;
b12be54a RK	159
	160	/* check the revocation list */
	161	if(revoked && hash_find(revoked, cookie)) {
	162	error(0, "attempt to log in with revoked cookie");
	163	return 0;
	164	}
	165	/* parse the cookie */
	166	errno = 0;
	167	t = strtoimax(cookie, &c1, 16);
	168	if(errno) {
	169	error(errno, "error parsing cookie timestamp");
	170	return 0;
	171	}
	172	if(*c1 != ';') {
	173	error(0, "invalid cookie timestamp");
	174	return 0;
	175	}
	176	/* There'd better be two semicolons */
	177	c2 = strchr(c1 + 1, ';');
	178	if(c2 == 0) {
	179	error(0, "invalid cookie syntax");
	180	return 0;
	181	}
	182	/* Extract the username */
	183	user = xstrndup(c1 + 1, c2 - (c1 + 1));
	184	/* check expiry */
	185	time(&now);
	186	if(now >= t) {
	187	error(0, "cookie has expired");
	188	return 0;
	189	}
	190	/* look up the password */
f0feb22e RK	191	password = trackdb_get_password(user);
f0feb22e RK	192	if(!password) {
b12be54a RK	193	error(0, "verify_cookie for nonexistent user");
	194	return 0;
	195	}
b12be54a RK	196	/* construct the expected subject. We re-encode the timestamp and the
	197	* password. */
	198	byte_xasprintf(&bp, "%jx;%s;%s", t, urlencodestring(user), password);
	199	/* Compute the expected signature. NB we base64 the expected signature and
	200	* compare that rather than exposing our base64 parser to the cookie. */
	201	if(!(sig = sign(signing_key, bp)))
	202	return 0;
	203	if(!strcmp(sig, c2 + 1))
	204	return user;
	205	/* that didn't match, try the old key */
	206	if(!(sig = sign(old_signing_key, bp)))
	207	return 0;
	208	if(!strcmp(sig, c2 + 1))
	209	return user;
	210	/* that didn't match either */
	211	error(0, "cookie signature does not match");
	212	return 0;
	213	}
	214
	215	/** @brief Revoke a cookie
	216	* @param cookie Cookie to revoke
	217	*
	218	* Further attempts to log in with @p cookie will fail.
	219	*/
	220	void revoke_cookie(const char *cookie) {
	221	time_t when;
	222	char *ptr;
	223
	224	/* find the cookie's expiry time */
	225	errno = 0;
	226	when = (time_t)strtoimax(cookie, &ptr, 16);
	227	/* reject bogus cookies */
	228	if(errno)
	229	return;
	230	if(*ptr != ';')
	231	return;
	232	/* make sure the revocation list exists */
	233	if(!revoked)
	234	revoked = hash_new(sizeof(time_t));
	235	/* add the cookie to it; its value is the expiry time */
	236	hash_add(revoked, cookie, &when, HASH_INSERT);
	237	}
	238
	239	/*
	240	Local Variables:
	241	c-basic-offset:2
	242	comment-column:40
	243	fill-column:79
	244	indent-tabs-mode:nil
	245	End:
	246	*/