[disorder] / lib / cookies.c

/*
 * This file is part of DisOrder
 * Copyright (C) 2007, 2008 Richard Kettlewell
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 * 
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
/** @file lib/cookies.c
 * @brief Cookie support
 */

#include "common.h"

#include <errno.h>
#include <time.h>
#include <gcrypt.h>
#include <pcre.h>

#include "cookies.h"
#include "hash.h"
#include "mem.h"
#include "log.h"
#include "printf.h"
#include "base64.h"
#include "configuration.h"
#include "kvp.h"
#include "trackdb.h"
#include "syscalls.h"

/** @brief Hash function used in signing HMAC */
#define ALGO GCRY_MD_SHA1

/** @brief Size of key to use */
#define HASHSIZE 20

/** @brief Signing key */
static uint8_t signing_key[HASHSIZE];

/** @brief Previous signing key */
static uint8_t old_signing_key[HASHSIZE];

/** @brief Signing key validity limit or 0 if none */
static time_t signing_key_validity_limit;

/** @brief Hash of revoked cookies */
static hash *revoked;

/** @brief Callback to expire revocation list */
static int revoked_cleanup_callback(const char *key, void *value,
                                    void *u) {
  if(*(time_t *)value < *(time_t *)u)
    hash_remove(revoked, key);
  return 0;
}

/** @brief Generate a new key */
static void newkey(void) {
  time_t now;

  xtime(&now);
  memcpy(old_signing_key, signing_key, HASHSIZE);
  gcry_randomize(signing_key, HASHSIZE, GCRY_STRONG_RANDOM);
  signing_key_validity_limit = now + config->cookie_key_lifetime;
  /* Now is a good time to clean up the revocation list... */
  if(revoked)
    hash_foreach(revoked, revoked_cleanup_callback, &now);
}

/** @brief Base64 mapping table for cookies
 *
 * Stupid Safari cannot cope with quoted cookies, so cookies had better not
 * need quoting.  We use $ to separate the parts of the cookie and +%# to where
 * MIME uses +/=; see @ref base64.c.  See http_separator() for the characters
 * to avoid.
 */
static const char cookie_base64_table[] =
  "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+%#";

/** @brief Sign @p subject with @p key and return the base64 of the result
 * @param key Key to sign with (@ref HASHSIZE bytes)
 * @param subject Subject string
 * @return Base64-encoded signature or NULL
 */
static char *sign(const uint8_t *key,
		  const char *subject) {
  gcry_error_t e;
  gcry_md_hd_t h;
  uint8_t *sig;
  char *sig64;

  if((e = gcry_md_open(&h, ALGO, GCRY_MD_FLAG_HMAC))) {
    disorder_error(0, "gcry_md_open: %s", gcry_strerror(e));
    return 0;
  }
  if((e = gcry_md_setkey(h, key, HASHSIZE))) {
    disorder_error(0, "gcry_md_setkey: %s", gcry_strerror(e));
    gcry_md_close(h);
    return 0;
  }
  gcry_md_write(h, subject, strlen(subject));
  sig = gcry_md_read(h, ALGO);
  sig64 = generic_to_base64(sig, HASHSIZE, cookie_base64_table);
  gcry_md_close(h);
  return sig64;
}

/** @brief Create a login cookie
 * @param user Username
 * @return Cookie or NULL
 */
char *make_cookie(const char *user) {
  const char *password;
  time_t now;
  char *b, *bp, *c, *g;

  /* dollar signs aren't allowed in usernames */
  if(strchr(user, '$')) {
    disorder_error(0, "make_cookie for username with dollar sign");
    return 0;
  }
  /* look up the password */
  password = trackdb_get_password(user);
  if(!password) {
    disorder_error(0, "make_cookie for nonexistent user");
    return 0;
  }
  /* make sure we have a valid signing key */
  xtime(&now);
  if(now >= signing_key_validity_limit)
    newkey();
  /* construct the subject */
  byte_xasprintf(&b, "%jx$%s$", (intmax_t)now + config->cookie_login_lifetime,
		 urlencodestring(user));
  byte_xasprintf(&bp, "%s%s", b, password);
  /* sign it */
  if(!(g = sign(signing_key, bp)))
    return 0;
  /* put together the final cookie */
  byte_xasprintf(&c, "%s%s", b, g);
  return c;
}

/** @brief Verify a cookie
 * @param cookie Cookie to verify
 * @param rights Where to store rights value
 * @return Verified user or NULL
 */
char *verify_cookie(const char *cookie, rights_type *rights) {
  char *c1, *c2;
  intmax_t t;
  time_t now;
  char *user, *bp, *sig;
  const char *password;
  struct kvp *k;

  /* check the revocation list */
  if(revoked && hash_find(revoked, cookie)) {
    disorder_error(0, "attempt to log in with revoked cookie");
    return 0;
  }
  /* parse the cookie */
  errno = 0;
  t = strtoimax(cookie, &c1, 16);
  if(errno) {
    disorder_error(errno, "error parsing cookie timestamp");
    return 0;
  }
  if(*c1 != '$') {
    disorder_error(0, "invalid cookie timestamp");
    return 0;
  }
  /* There'd better be two dollar signs */
  c2 = strchr(c1 + 1, '$');
  if(c2 == 0) {
    disorder_error(0, "invalid cookie syntax");
    return 0;
  }
  /* Extract the username */
  user = xstrndup(c1 + 1, c2 - (c1 + 1));
  /* check expiry */
  xtime(&now);
  if(now >= t) {
    disorder_error(0, "cookie has expired");
    return 0;
  }
  /* look up the password */
  k = trackdb_getuserinfo(user);
  if(!k) {
    disorder_error(0, "verify_cookie for nonexistent user");
    return 0;
  }
  password = kvp_get(k, "password");
  if(!password) password = "";
  if(parse_rights(kvp_get(k, "rights"), rights, 1))
    return 0;
  /* construct the expected subject.  We re-encode the timestamp and the
   * password. */
  byte_xasprintf(&bp, "%jx$%s$%s", t, urlencodestring(user), password);
  /* Compute the expected signature.  NB we base64 the expected signature and
   * compare that rather than exposing our base64 parser to the cookie. */
  if(!(sig = sign(signing_key, bp)))
    return 0;
  if(!strcmp(sig, c2 + 1))
    return user;
  /* that didn't match, try the old key */
  if(!(sig = sign(old_signing_key, bp)))
    return 0;
  if(!strcmp(sig, c2 + 1))
    return user;
  /* that didn't match either */
  disorder_error(0, "cookie signature does not match");
  return 0;
}

/** @brief Revoke a cookie
 * @param cookie Cookie to revoke
 *
 * Further attempts to log in with @p cookie will fail.
 */
void revoke_cookie(const char *cookie) {
  time_t when;
  char *ptr;

  /* find the cookie's expiry time */
  errno = 0;
  when = (time_t)strtoimax(cookie, &ptr, 16);
  /* reject bogus cookies */
  if(errno)
    return;
  if(*ptr != '$')
    return;
  /* make sure the revocation list exists */
  if(!revoked)
    revoked = hash_new(sizeof(time_t));
  /* add the cookie to it; its value is the expiry time */
  hash_add(revoked, cookie, &when, HASH_INSERT);
}

/*
Local Variables:
c-basic-offset:2
comment-column:40
fill-column:79
indent-tabs-mode:nil
End:
*/
Commit	Line	Data
b12be54a RK	1	/*
b12be54a RK	2	* This file is part of DisOrder
5aff007d	3	* Copyright (C) 2007, 2008 Richard Kettlewell
b12be54a	4	*
e7eb3a27	5	* This program is free software: you can redistribute it and/or modify
b12be54a	6	* it under the terms of the GNU General Public License as published by
e7eb3a27	7	* the Free Software Foundation, either version 3 of the License, or
b12be54a	8	* (at your option) any later version.
e7eb3a27 RK	9	*
	10	* This program is distributed in the hope that it will be useful,
	11	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	12	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	13	* GNU General Public License for more details.
	14	*
b12be54a	15	* You should have received a copy of the GNU General Public License
e7eb3a27	16	* along with this program. If not, see <http://www.gnu.org/licenses/>.
b12be54a RK	17	*/
	18	/** @file lib/cookies.c
	19	* @brief Cookie support
	20	*/
	21
05b75f8d	22	#include "common.h"
b12be54a	23
b12be54a RK	24	#include <errno.h>
	25	#include <time.h>
	26	#include <gcrypt.h>
f0feb22e	27	#include <pcre.h>
b12be54a RK	28
	29	#include "cookies.h"
	30	#include "hash.h"
	31	#include "mem.h"
	32	#include "log.h"
	33	#include "printf.h"
fce810c2	34	#include "base64.h"
b12be54a RK	35	#include "configuration.h"
b12be54a RK	36	#include "kvp.h"
f0feb22e	37	#include "trackdb.h"
4265e5d3	38	#include "syscalls.h"
b12be54a RK	39
	40	/** @brief Hash function used in signing HMAC */
	41	#define ALGO GCRY_MD_SHA1
	42
	43	/** @brief Size of key to use */
	44	#define HASHSIZE 20
	45
	46	/** @brief Signing key */
	47	static uint8_t signing_key[HASHSIZE];
	48
	49	/** @brief Previous signing key */
	50	static uint8_t old_signing_key[HASHSIZE];
	51
	52	/** @brief Signing key validity limit or 0 if none */
	53	static time_t signing_key_validity_limit;
	54
	55	/** @brief Hash of revoked cookies */
	56	static hash *revoked;
	57
	58	/** @brief Callback to expire revocation list */
	59	static int revoked_cleanup_callback(const char key, void value,
	60	void *u) {
	61	if((time_t )value < (time_t )u)
	62	hash_remove(revoked, key);
	63	return 0;
	64	}
	65
	66	/** @brief Generate a new key */
	67	static void newkey(void) {
	68	time_t now;
	69
4265e5d3	70	xtime(&now);
b12be54a RK	71	memcpy(old_signing_key, signing_key, HASHSIZE);
	72	gcry_randomize(signing_key, HASHSIZE, GCRY_STRONG_RANDOM);
	73	signing_key_validity_limit = now + config->cookie_key_lifetime;
	74	/* Now is a good time to clean up the revocation list... */
	75	if(revoked)
	76	hash_foreach(revoked, revoked_cleanup_callback, &now);
	77	}
	78
82c01b31	79	/** @brief Base64 mapping table for cookies
	80	*
	81	* Stupid Safari cannot cope with quoted cookies, so cookies had better not
	82	* need quoting. We use $ to separate the parts of the cookie and +%# to where
	83	* MIME uses +/=; see @ref base64.c. See http_separator() for the characters
	84	* to avoid.
	85	*/
	86	static const char cookie_base64_table[] =
	87	"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+%#";
	88
b12be54a RK	89	/** @brief Sign @p subject with @p key and return the base64 of the result
	90	* @param key Key to sign with (@ref HASHSIZE bytes)
	91	* @param subject Subject string
	92	* @return Base64-encoded signature or NULL
	93	*/
	94	static char sign(const uint8_t key,
	95	const char *subject) {
	96	gcry_error_t e;
	97	gcry_md_hd_t h;
	98	uint8_t *sig;
	99	char *sig64;
	100
	101	if((e = gcry_md_open(&h, ALGO, GCRY_MD_FLAG_HMAC))) {
2e9ba080	102	disorder_error(0, "gcry_md_open: %s", gcry_strerror(e));
b12be54a RK	103	return 0;
	104	}
	105	if((e = gcry_md_setkey(h, key, HASHSIZE))) {
2e9ba080	106	disorder_error(0, "gcry_md_setkey: %s", gcry_strerror(e));
b12be54a RK	107	gcry_md_close(h);
	108	return 0;
	109	}
	110	gcry_md_write(h, subject, strlen(subject));
	111	sig = gcry_md_read(h, ALGO);
82c01b31	112	sig64 = generic_to_base64(sig, HASHSIZE, cookie_base64_table);
b12be54a RK	113	gcry_md_close(h);
	114	return sig64;
	115	}
	116
	117	/** @brief Create a login cookie
	118	* @param user Username
	119	* @return Cookie or NULL
	120	*/
	121	char make_cookie(const char user) {
f0feb22e	122	const char *password;
b12be54a RK	123	time_t now;
b12be54a RK	124	char b, bp, c, g;
b12be54a	125
82c01b31	126	/* dollar signs aren't allowed in usernames */
82c01b31	127	if(strchr(user, '$')) {
2e9ba080	128	disorder_error(0, "make_cookie for username with dollar sign");
b12be54a RK	129	return 0;
	130	}
	131	/* look up the password */
f0feb22e RK	132	password = trackdb_get_password(user);
f0feb22e RK	133	if(!password) {
2e9ba080	134	disorder_error(0, "make_cookie for nonexistent user");
b12be54a RK	135	return 0;
b12be54a RK	136	}
b12be54a	137	/* make sure we have a valid signing key */
4265e5d3	138	xtime(&now);
b12be54a RK	139	if(now >= signing_key_validity_limit)
	140	newkey();
	141	/* construct the subject */
82c01b31	142	byte_xasprintf(&b, "%jx$%s$", (intmax_t)now + config->cookie_login_lifetime,
b12be54a RK	143	urlencodestring(user));
	144	byte_xasprintf(&bp, "%s%s", b, password);
	145	/* sign it */
	146	if(!(g = sign(signing_key, bp)))
	147	return 0;
	148	/* put together the final cookie */
	149	byte_xasprintf(&c, "%s%s", b, g);
	150	return c;
	151	}
	152
	153	/** @brief Verify a cookie
	154	* @param cookie Cookie to verify
eb5dc014	155	* @param rights Where to store rights value
b12be54a RK	156	* @return Verified user or NULL
b12be54a RK	157	*/
eb5dc014	158	char verify_cookie(const char cookie, rights_type *rights) {
b12be54a RK	159	char c1, c2;
	160	intmax_t t;
	161	time_t now;
f0feb22e RK	162	char user, bp, *sig;
f0feb22e RK	163	const char *password;
eb5dc014	164	struct kvp *k;
b12be54a RK	165
	166	/* check the revocation list */
	167	if(revoked && hash_find(revoked, cookie)) {
2e9ba080	168	disorder_error(0, "attempt to log in with revoked cookie");
b12be54a RK	169	return 0;
	170	}
	171	/* parse the cookie */
	172	errno = 0;
	173	t = strtoimax(cookie, &c1, 16);
	174	if(errno) {
2e9ba080	175	disorder_error(errno, "error parsing cookie timestamp");
b12be54a RK	176	return 0;
b12be54a RK	177	}
82c01b31	178	if(*c1 != '$') {
2e9ba080	179	disorder_error(0, "invalid cookie timestamp");
b12be54a RK	180	return 0;
b12be54a RK	181	}
82c01b31	182	/* There'd better be two dollar signs */
82c01b31	183	c2 = strchr(c1 + 1, '$');
b12be54a	184	if(c2 == 0) {
2e9ba080	185	disorder_error(0, "invalid cookie syntax");
b12be54a RK	186	return 0;
	187	}
	188	/* Extract the username */
	189	user = xstrndup(c1 + 1, c2 - (c1 + 1));
	190	/* check expiry */
4265e5d3	191	xtime(&now);
b12be54a	192	if(now >= t) {
2e9ba080	193	disorder_error(0, "cookie has expired");
b12be54a RK	194	return 0;
	195	}
	196	/* look up the password */
eb5dc014 RK	197	k = trackdb_getuserinfo(user);
eb5dc014 RK	198	if(!k) {
2e9ba080	199	disorder_error(0, "verify_cookie for nonexistent user");
b12be54a RK	200	return 0;
b12be54a RK	201	}
eb5dc014 RK	202	password = kvp_get(k, "password");
eb5dc014 RK	203	if(!password) password = "";
0f55e905	204	if(parse_rights(kvp_get(k, "rights"), rights, 1))
eb5dc014	205	return 0;
b12be54a RK	206	/* construct the expected subject. We re-encode the timestamp and the
b12be54a RK	207	* password. */
82c01b31	208	byte_xasprintf(&bp, "%jx$%s$%s", t, urlencodestring(user), password);
b12be54a RK	209	/* Compute the expected signature. NB we base64 the expected signature and
	210	* compare that rather than exposing our base64 parser to the cookie. */
	211	if(!(sig = sign(signing_key, bp)))
	212	return 0;
	213	if(!strcmp(sig, c2 + 1))
	214	return user;
	215	/* that didn't match, try the old key */
	216	if(!(sig = sign(old_signing_key, bp)))
	217	return 0;
	218	if(!strcmp(sig, c2 + 1))
	219	return user;
	220	/* that didn't match either */
2e9ba080	221	disorder_error(0, "cookie signature does not match");
b12be54a RK	222	return 0;
	223	}
	224
	225	/** @brief Revoke a cookie
	226	* @param cookie Cookie to revoke
	227	*
	228	* Further attempts to log in with @p cookie will fail.
	229	*/
	230	void revoke_cookie(const char *cookie) {
	231	time_t when;
	232	char *ptr;
	233
	234	/* find the cookie's expiry time */
	235	errno = 0;
	236	when = (time_t)strtoimax(cookie, &ptr, 16);
	237	/* reject bogus cookies */
	238	if(errno)
	239	return;
82c01b31	240	if(*ptr != '$')
b12be54a RK	241	return;
	242	/* make sure the revocation list exists */
	243	if(!revoked)
	244	revoked = hash_new(sizeof(time_t));
	245	/* add the cookie to it; its value is the expiry time */
	246	hash_add(revoked, cookie, &when, HASH_INSERT);
	247	}
	248
	249	/*
	250	Local Variables:
	251	c-basic-offset:2
	252	comment-column:40
	253	fill-column:79
	254	indent-tabs-mode:nil
	255	End:
	256	*/