2 * collectd - src/libcollectdclient/network_buffer.c
3 * Copyright (C) 2010-2015 Florian octo Forster
5 * Permission is hereby granted, free of charge, to any person obtaining a
6 * copy of this software and associated documentation files (the "Software"),
7 * to deal in the Software without restriction, including without limitation
8 * the rights to use, copy, modify, merge, publish, distribute, sublicense,
9 * and/or sell copies of the Software, and to permit persons to whom the
10 * Software is furnished to do so, subject to the following conditions:
12 * The above copyright notice and this permission notice shall be included in
13 * all copies or substantial portions of the Software.
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
20 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
21 * DEALINGS IN THE SOFTWARE.
24 * Florian octo Forster <octo at collectd.org>
34 #include <arpa/inet.h> /* htons */
40 # if defined __APPLE__
41 /* default xcode compiler throws warnings even when deprecated functionality
42 * is not used. -Werror breaks the build because of erroneous warnings.
43 * http://stackoverflow.com/questions/10556299/compiler-warnings-with-libgcrypt-v1-5-0/12830209#12830209
45 # pragma GCC diagnostic ignored "-Wdeprecated-declarations"
47 /* FreeBSD's copy of libgcrypt extends the existing GCRYPT_NO_DEPRECATED
48 * to properly hide all deprecated functionality.
49 * http://svnweb.freebsd.org/ports/head/security/libgcrypt/files/patch-src__gcrypt.h.in
51 # define GCRYPT_NO_DEPRECATED
53 # if defined __APPLE__
54 /* Re enable deprecation warnings */
55 # pragma GCC diagnostic warning "-Wdeprecated-declarations"
57 # if GCRYPT_VERSION_NUMBER < 0x010600
58 GCRY_THREAD_OPTION_PTHREAD_IMPL;
62 #include "collectd/network_buffer.h"
64 #define TYPE_HOST 0x0000
65 #define TYPE_TIME 0x0001
66 #define TYPE_TIME_HR 0x0008
67 #define TYPE_PLUGIN 0x0002
68 #define TYPE_PLUGIN_INSTANCE 0x0003
69 #define TYPE_TYPE 0x0004
70 #define TYPE_TYPE_INSTANCE 0x0005
71 #define TYPE_VALUES 0x0006
72 #define TYPE_INTERVAL 0x0007
73 #define TYPE_INTERVAL_HR 0x0009
75 /* Types to transmit notifications */
76 #define TYPE_MESSAGE 0x0100
77 #define TYPE_SEVERITY 0x0101
79 #define TYPE_SIGN_SHA256 0x0200
80 #define TYPE_ENCR_AES256 0x0210
82 #define PART_SIGNATURE_SHA256_SIZE 36
83 #define PART_ENCRYPTION_AES256_SIZE 42
85 #define ADD_GENERIC(nb,srcptr,size) do { \
86 assert ((size) <= (nb)->free); \
87 memcpy ((nb)->ptr, (srcptr), (size)); \
88 (nb)->ptr += (size); \
89 (nb)->free -= (size); \
92 #define ADD_STATIC(nb,var) \
93 ADD_GENERIC(nb,&(var),sizeof(var));
98 struct lcc_network_buffer_s
103 lcc_value_list_t state;
107 lcc_security_level_t seclevel;
112 gcry_cipher_hd_t encr_cypher;
113 size_t encr_header_len;
118 #define SSTRNCPY(dst,src,sz) do { \
119 strncpy ((dst), (src), (sz)); \
120 (dst)[(sz) - 1] = 0; \
126 static _Bool have_gcrypt (void) /* {{{ */
128 static _Bool result = 0;
129 static _Bool need_init = 1;
136 # if GCRYPT_VERSION_NUMBER < 0x010600
137 gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
140 if (!gcry_check_version (GCRYPT_VERSION))
143 gcry_control (GCRYCTL_INIT_SECMEM, 32768, 0);
144 gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
151 } /* }}} _Bool have_gcrypt */
154 static uint64_t htonll (uint64_t val) /* {{{ */
156 static int config = 0;
164 uint16_t n = htons (h);
175 hi = (uint32_t) (val >> 32);
176 lo = (uint32_t) (val & 0x00000000FFFFFFFF);
181 return ((((uint64_t) lo) << 32) | ((uint64_t) hi));
182 } /* }}} uint64_t htonll */
185 static double htond (double val) /* {{{ */
187 static int config = 0;
189 union { uint8_t byte[8]; double floating; } in;
190 union { uint8_t byte[8]; double floating; } out;
194 double d = 8.642135e130;
199 if ((c[0] == 0x2f) && (c[1] == 0x25)
200 && (c[2] == 0xc0) && (c[3] == 0xc7)
201 && (c[4] == 0x43) && (c[5] == 0x2b)
202 && (c[6] == 0x1f) && (c[7] == 0x5b))
203 config = 1; /* need nothing */
204 else if ((c[7] == 0x2f) && (c[6] == 0x25)
205 && (c[5] == 0xc0) && (c[4] == 0xc7)
206 && (c[3] == 0x43) && (c[2] == 0x2b)
207 && (c[1] == 0x1f) && (c[0] == 0x5b))
208 config = 2; /* endian flip */
209 else if ((c[4] == 0x2f) && (c[5] == 0x25)
210 && (c[6] == 0xc0) && (c[7] == 0xc7)
211 && (c[0] == 0x43) && (c[1] == 0x2b)
212 && (c[2] == 0x1f) && (c[3] == 0x5b))
213 config = 3; /* int swap */
220 out.byte[0] = out.byte[1] = out.byte[2] = out.byte[3] = 0x00;
221 out.byte[4] = out.byte[5] = 0x00;
224 return (out.floating);
226 else if (config == 1)
228 else if (config == 2)
231 out.byte[0] = in.byte[7];
232 out.byte[1] = in.byte[6];
233 out.byte[2] = in.byte[5];
234 out.byte[3] = in.byte[4];
235 out.byte[4] = in.byte[3];
236 out.byte[5] = in.byte[2];
237 out.byte[6] = in.byte[1];
238 out.byte[7] = in.byte[0];
239 return (out.floating);
241 else if (config == 3)
244 out.byte[0] = in.byte[4];
245 out.byte[1] = in.byte[5];
246 out.byte[2] = in.byte[6];
247 out.byte[3] = in.byte[7];
248 out.byte[4] = in.byte[0];
249 out.byte[5] = in.byte[1];
250 out.byte[6] = in.byte[2];
251 out.byte[7] = in.byte[3];
252 return (out.floating);
256 /* If in doubt, just copy the value back to the caller. */
259 } /* }}} double htond */
261 static int nb_add_values (char **ret_buffer, /* {{{ */
262 size_t *ret_buffer_len,
263 const lcc_value_list_t *vl)
270 uint16_t pkg_num_values;
271 uint8_t pkg_values_types[vl->values_len];
272 value_t pkg_values[vl->values_len];
277 packet_len = sizeof (pkg_type) + sizeof (pkg_length)
278 + sizeof (pkg_num_values)
279 + sizeof (pkg_values_types)
280 + sizeof (pkg_values);
282 if (*ret_buffer_len < packet_len)
285 pkg_type = htons (TYPE_VALUES);
286 pkg_length = htons ((uint16_t) packet_len);
287 pkg_num_values = htons ((uint16_t) vl->values_len);
289 for (i = 0; i < vl->values_len; i++)
291 pkg_values_types[i] = (uint8_t) vl->values_types[i];
292 switch (vl->values_types[i])
294 case LCC_TYPE_COUNTER:
295 pkg_values[i].counter = (counter_t) htonll (vl->values[i].counter);
299 pkg_values[i].gauge = (gauge_t) htond (vl->values[i].gauge);
302 case LCC_TYPE_DERIVE:
303 pkg_values[i].derive = (derive_t) htonll (vl->values[i].derive);
306 case LCC_TYPE_ABSOLUTE:
307 pkg_values[i].absolute = (absolute_t) htonll (vl->values[i].absolute);
312 } /* switch (vl->values_types[i]) */
313 } /* for (vl->values_len) */
316 * Use `memcpy' to write everything to the buffer, because the pointer
317 * may be unaligned and some architectures, such as SPARC, can't handle
320 packet_ptr = *ret_buffer;
322 memcpy (packet_ptr + offset, &pkg_type, sizeof (pkg_type));
323 offset += sizeof (pkg_type);
324 memcpy (packet_ptr + offset, &pkg_length, sizeof (pkg_length));
325 offset += sizeof (pkg_length);
326 memcpy (packet_ptr + offset, &pkg_num_values, sizeof (pkg_num_values));
327 offset += sizeof (pkg_num_values);
328 memcpy (packet_ptr + offset, pkg_values_types, sizeof (pkg_values_types));
329 offset += sizeof (pkg_values_types);
330 memcpy (packet_ptr + offset, pkg_values, sizeof (pkg_values));
331 offset += sizeof (pkg_values);
333 assert (offset == packet_len);
335 *ret_buffer = packet_ptr + packet_len;
336 *ret_buffer_len -= packet_len;
338 } /* }}} int nb_add_values */
340 static int nb_add_number (char **ret_buffer, /* {{{ */
341 size_t *ret_buffer_len,
342 uint16_t type, uint64_t value)
353 packet_len = sizeof (pkg_type)
354 + sizeof (pkg_length)
355 + sizeof (pkg_value);
357 if (*ret_buffer_len < packet_len)
360 pkg_type = htons (type);
361 pkg_length = htons ((uint16_t) packet_len);
362 pkg_value = htonll (value);
364 packet_ptr = *ret_buffer;
366 memcpy (packet_ptr + offset, &pkg_type, sizeof (pkg_type));
367 offset += sizeof (pkg_type);
368 memcpy (packet_ptr + offset, &pkg_length, sizeof (pkg_length));
369 offset += sizeof (pkg_length);
370 memcpy (packet_ptr + offset, &pkg_value, sizeof (pkg_value));
371 offset += sizeof (pkg_value);
373 assert (offset == packet_len);
375 *ret_buffer = packet_ptr + packet_len;
376 *ret_buffer_len -= packet_len;
378 } /* }}} int nb_add_number */
380 static int nb_add_time (char **ret_buffer, /* {{{ */
381 size_t *ret_buffer_len,
382 uint16_t type, double value)
384 /* Convert to collectd's "cdtime" representation. */
385 uint64_t cdtime_value = (uint64_t) (value * 1073741824.0);
386 return (nb_add_number (ret_buffer, ret_buffer_len, type, cdtime_value));
387 } /* }}} int nb_add_time */
389 static int nb_add_string (char **ret_buffer, /* {{{ */
390 size_t *ret_buffer_len,
391 uint16_t type, const char *str, size_t str_len)
401 packet_len = sizeof (pkg_type)
402 + sizeof (pkg_length)
404 if (*ret_buffer_len < packet_len)
407 pkg_type = htons (type);
408 pkg_length = htons ((uint16_t) packet_len);
410 packet_ptr = *ret_buffer;
412 memcpy (packet_ptr + offset, &pkg_type, sizeof (pkg_type));
413 offset += sizeof (pkg_type);
414 memcpy (packet_ptr + offset, &pkg_length, sizeof (pkg_length));
415 offset += sizeof (pkg_length);
416 memcpy (packet_ptr + offset, str, str_len);
418 memset (packet_ptr + offset, 0, 1);
421 assert (offset == packet_len);
423 *ret_buffer = packet_ptr + packet_len;
424 *ret_buffer_len -= packet_len;
426 } /* }}} int nb_add_string */
428 static int nb_add_value_list (lcc_network_buffer_t *nb, /* {{{ */
429 const lcc_value_list_t *vl)
431 char *buffer = nb->ptr;
432 size_t buffer_size = nb->free;
434 const lcc_identifier_t *ident_src;
435 lcc_identifier_t *ident_dst;
437 ident_src = &vl->identifier;
438 ident_dst = &nb->state.identifier;
440 if (strcmp (ident_dst->host, ident_src->host) != 0)
442 if (nb_add_string (&buffer, &buffer_size, TYPE_HOST,
443 ident_src->host, strlen (ident_src->host)) != 0)
445 SSTRNCPY (ident_dst->host, ident_src->host, sizeof (ident_dst->host));
448 if (strcmp (ident_dst->plugin, ident_src->plugin) != 0)
450 if (nb_add_string (&buffer, &buffer_size, TYPE_PLUGIN,
451 ident_src->plugin, strlen (ident_src->plugin)) != 0)
453 SSTRNCPY (ident_dst->plugin, ident_src->plugin,
454 sizeof (ident_dst->plugin));
457 if (strcmp (ident_dst->plugin_instance,
458 ident_src->plugin_instance) != 0)
460 if (nb_add_string (&buffer, &buffer_size, TYPE_PLUGIN_INSTANCE,
461 ident_src->plugin_instance,
462 strlen (ident_src->plugin_instance)) != 0)
464 SSTRNCPY (ident_dst->plugin_instance, ident_src->plugin_instance,
465 sizeof (ident_dst->plugin_instance));
468 if (strcmp (ident_dst->type, ident_src->type) != 0)
470 if (nb_add_string (&buffer, &buffer_size, TYPE_TYPE,
471 ident_src->type, strlen (ident_src->type)) != 0)
473 SSTRNCPY (ident_dst->type, ident_src->type, sizeof (ident_dst->type));
476 if (strcmp (ident_dst->type_instance,
477 ident_src->type_instance) != 0)
479 if (nb_add_string (&buffer, &buffer_size, TYPE_TYPE_INSTANCE,
480 ident_src->type_instance,
481 strlen (ident_src->type_instance)) != 0)
483 SSTRNCPY (ident_dst->type_instance, ident_src->type_instance,
484 sizeof (ident_dst->type_instance));
487 if (nb->state.time != vl->time)
489 if (nb_add_time (&buffer, &buffer_size, TYPE_TIME_HR, vl->time))
491 nb->state.time = vl->time;
494 if (nb->state.interval != vl->interval)
496 if (nb_add_time (&buffer, &buffer_size, TYPE_INTERVAL_HR, vl->interval))
498 nb->state.interval = vl->interval;
501 if (nb_add_values (&buffer, &buffer_size, vl) != 0)
505 nb->free = buffer_size;
507 } /* }}} int nb_add_value_list */
510 static int nb_add_signature (lcc_network_buffer_t *nb) /* {{{ */
518 const size_t hash_length = 32;
520 /* The type, length and username have already been filled in by
521 * "lcc_network_buffer_initialize". All we do here is calculate the hash over
522 * the username and the data and add the hash value to the buffer. */
524 buffer = nb->buffer + PART_SIGNATURE_SHA256_SIZE;
525 assert (nb->size >= (nb->free + PART_SIGNATURE_SHA256_SIZE));
526 buffer_size = nb->size - (nb->free + PART_SIGNATURE_SHA256_SIZE);
529 err = gcry_md_open (&hd, GCRY_MD_SHA256, GCRY_MD_FLAG_HMAC);
533 assert (nb->password != NULL);
534 err = gcry_md_setkey (hd, nb->password, strlen (nb->password));
541 gcry_md_write (hd, buffer, buffer_size);
542 hash = gcry_md_read (hd, GCRY_MD_SHA256);
549 assert (((2 * sizeof (uint16_t)) + hash_length) == PART_SIGNATURE_SHA256_SIZE);
550 memcpy (nb->buffer + (2 * sizeof (uint16_t)), hash, hash_length);
554 } /* }}} int nb_add_signature */
556 static int nb_add_encryption (lcc_network_buffer_t *nb) /* {{{ */
558 size_t package_length;
559 char *encr_ptr; /* pointer to data being encrypted */
562 char *hash_ptr; /* pointer to data being hashed */
569 /* Fill in the package length */
570 package_length = nb->size - nb->free;
571 pkg_length = htons ((uint16_t) package_length);
572 memcpy (nb->buffer + 2, &pkg_length, sizeof (pkg_length));
574 /* Calculate what to hash */
575 hash_ptr = nb->buffer + PART_ENCRYPTION_AES256_SIZE;
576 hash_size = package_length - nb->encr_header_len;
578 /* Calculate what to encrypt */
579 encr_ptr = hash_ptr - sizeof (hash);
580 encr_size = hash_size + sizeof (hash);
582 /* Calculate the SHA-1 hash */
583 gcry_md_hash_buffer (GCRY_MD_SHA1, hash, hash_ptr, hash_size);
584 memcpy (encr_ptr, hash, sizeof (hash));
586 if (nb->encr_cypher == NULL)
588 unsigned char password_hash[32];
590 err = gcry_cipher_open (&nb->encr_cypher,
591 GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_OFB, /* flags = */ 0);
595 /* Calculate our 256bit key used for AES */
596 gcry_md_hash_buffer (GCRY_MD_SHA256, password_hash,
597 nb->password, strlen (nb->password));
599 err = gcry_cipher_setkey (nb->encr_cypher,
600 password_hash, sizeof (password_hash));
603 gcry_cipher_close (nb->encr_cypher);
604 nb->encr_cypher = NULL;
608 else /* if (nb->encr_cypher != NULL) */
610 gcry_cipher_reset (nb->encr_cypher);
613 /* Set the initialization vector */
614 err = gcry_cipher_setiv (nb->encr_cypher,
615 nb->encr_iv, sizeof (nb->encr_iv));
618 gcry_cipher_close (nb->encr_cypher);
619 nb->encr_cypher = NULL;
623 /* Encrypt the buffer in-place */
624 err = gcry_cipher_encrypt (nb->encr_cypher,
626 /* in = */ NULL, /* in len = */ 0);
629 gcry_cipher_close (nb->encr_cypher);
630 nb->encr_cypher = NULL;
635 } /* }}} int nb_add_encryption */
641 lcc_network_buffer_t *lcc_network_buffer_create (size_t size) /* {{{ */
643 lcc_network_buffer_t *nb;
646 size = LCC_NETWORK_BUFFER_SIZE_DEFAULT;
654 nb = calloc (1, sizeof (*nb));
659 nb->buffer = calloc (1, nb->size);
660 if (nb->buffer == NULL)
666 nb->ptr = nb->buffer;
674 } /* }}} lcc_network_buffer_t *lcc_network_buffer_create */
676 void lcc_network_buffer_destroy (lcc_network_buffer_t *nb) /* {{{ */
683 } /* }}} void lcc_network_buffer_destroy */
685 int lcc_network_buffer_set_security_level (lcc_network_buffer_t *nb, /* {{{ */
686 lcc_security_level_t level,
687 const char *username, const char *password)
699 lcc_network_buffer_initialize (nb);
706 username_copy = strdup (username);
707 password_copy = strdup (password);
708 if ((username_copy == NULL) || (password_copy == NULL))
710 free (username_copy);
711 free (password_copy);
717 nb->username = username_copy;
718 nb->password = password_copy;
719 nb->seclevel = level;
721 lcc_network_buffer_initialize (nb);
723 } /* }}} int lcc_network_buffer_set_security_level */
725 int lcc_network_buffer_initialize (lcc_network_buffer_t *nb) /* {{{ */
730 memset (nb->buffer, 0, nb->size);
731 memset (&nb->state, 0, sizeof (nb->state));
732 nb->ptr = nb->buffer;
736 if (nb->seclevel == SIGN)
739 uint16_t pkg_type = htons (TYPE_SIGN_SHA256);
740 uint16_t pkg_length = PART_SIGNATURE_SHA256_SIZE;
742 assert (nb->username != NULL);
743 username_len = strlen (nb->username);
744 pkg_length = htons (pkg_length + ((uint16_t) username_len));
746 /* Fill in everything but the hash value here. */
747 memcpy (nb->ptr, &pkg_type, sizeof (pkg_type));
748 memcpy (nb->ptr + sizeof (pkg_type), &pkg_length, sizeof (pkg_length));
749 nb->ptr += PART_SIGNATURE_SHA256_SIZE;
750 nb->free -= PART_SIGNATURE_SHA256_SIZE;
752 memcpy (nb->ptr, nb->username, username_len);
753 nb->ptr += username_len;
754 nb->free -= username_len;
756 else if (nb->seclevel == ENCRYPT)
758 size_t username_length = strlen (nb->username);
759 uint16_t pkg_type = htons (TYPE_ENCR_AES256);
760 uint16_t pkg_length = 0; /* Filled in in finalize. */
761 uint16_t pkg_user_len = htons ((uint16_t) username_length);
764 nb->encr_header_len = username_length;
765 nb->encr_header_len += PART_ENCRYPTION_AES256_SIZE;
767 gcry_randomize ((void *) &nb->encr_iv, sizeof (nb->encr_iv),
770 /* Filled in in finalize. */
771 memset (hash, 0, sizeof (hash));
773 ADD_STATIC (nb, pkg_type);
774 ADD_STATIC (nb, pkg_length);
775 ADD_STATIC (nb, pkg_user_len);
776 ADD_GENERIC (nb, nb->username, username_length);
777 ADD_GENERIC (nb, nb->encr_iv, sizeof (nb->encr_iv));
778 ADD_GENERIC (nb, hash, sizeof (hash));
779 assert ((nb->encr_header_len + nb->free) == nb->size);
784 } /* }}} int lcc_network_buffer_initialize */
786 int lcc_network_buffer_finalize (lcc_network_buffer_t *nb) /* {{{ */
792 if (nb->seclevel == SIGN)
793 return nb_add_signature (nb);
794 else if (nb->seclevel == ENCRYPT)
795 return nb_add_encryption (nb);
799 } /* }}} int lcc_network_buffer_finalize */
801 int lcc_network_buffer_add_value (lcc_network_buffer_t *nb, /* {{{ */
802 const lcc_value_list_t *vl)
806 if ((nb == NULL) || (vl == NULL))
809 status = nb_add_value_list (nb, vl);
811 } /* }}} int lcc_network_buffer_add_value */
813 int lcc_network_buffer_get (lcc_network_buffer_t *nb, /* {{{ */
814 void *buffer, size_t *buffer_size)
819 if ((nb == NULL) || (buffer_size == NULL))
822 assert (nb->size >= nb->free);
823 sz_required = nb->size - nb->free;
824 sz_available = *buffer_size;
826 *buffer_size = sz_required;
828 memcpy (buffer, nb->buffer,
829 (sz_available < sz_required) ? sz_available : sz_required);
832 } /* }}} int lcc_network_buffer_get */
834 /* vim: set sw=2 sts=2 et fdm=marker : */