2 * collectd - src/libcollectdclient/network_buffer.c
3 * Copyright (C) 2010 Florian octo Forster
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU Lesser General Public License as published by
7 * the Free Software Foundation; only version 2.1 of the License is
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
15 * You should have received a copy of the GNU Lesser General Public License
16 * along with this program; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
20 * Florian octo Forster <octo at verplant.org>
30 #include <arpa/inet.h> /* htons */
36 GCRY_THREAD_OPTION_PTHREAD_IMPL;
39 #include "collectd/network_buffer.h"
41 #define TYPE_HOST 0x0000
42 #define TYPE_TIME 0x0001
43 #define TYPE_PLUGIN 0x0002
44 #define TYPE_PLUGIN_INSTANCE 0x0003
45 #define TYPE_TYPE 0x0004
46 #define TYPE_TYPE_INSTANCE 0x0005
47 #define TYPE_VALUES 0x0006
48 #define TYPE_INTERVAL 0x0007
50 /* Types to transmit notifications */
51 #define TYPE_MESSAGE 0x0100
52 #define TYPE_SEVERITY 0x0101
54 #define TYPE_SIGN_SHA256 0x0200
55 #define TYPE_ENCR_AES256 0x0210
57 #define PART_SIGNATURE_SHA256_SIZE 36
58 #define PART_ENCRYPTION_AES256_SIZE 42
60 #define ADD_GENERIC(nb,srcptr,size) do { \
61 assert ((size) <= (nb)->free); \
62 memcpy ((nb)->ptr, (srcptr), (size)); \
63 (nb)->ptr += (size); \
64 (nb)->free -= (size); \
67 #define ADD_STATIC(nb,var) \
68 ADD_GENERIC(nb,&(var),sizeof(var));
73 struct lcc_network_buffer_s
78 lcc_value_list_t state;
82 lcc_security_level_t seclevel;
86 gcry_cipher_hd_t encr_cypher;
87 size_t encr_header_len;
91 #define SSTRNCPY(dst,src,sz) do { \
92 strncpy ((dst), (src), (sz)); \
93 (dst)[(sz) - 1] = 0; \
99 static _Bool have_gcrypt (void) /* {{{ */
101 static _Bool result = 0;
102 static _Bool need_init = 1;
108 gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
110 if (!gcry_check_version (GCRYPT_VERSION))
113 gcry_control (GCRYCTL_INIT_SECMEM, 32768, 0);
114 gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
118 } /* }}} _Bool have_gcrypt */
120 static uint64_t htonll (uint64_t val) /* {{{ */
122 static int config = 0;
130 uint16_t n = htons (h);
141 hi = (uint32_t) (val >> 32);
142 lo = (uint32_t) (val & 0x00000000FFFFFFFF);
147 return ((((uint64_t) lo) << 32) | ((uint64_t) hi));
148 } /* }}} uint64_t htonll */
150 static double htond (double val) /* {{{ */
152 static int config = 0;
154 union { uint8_t byte[8]; double floating; } in;
155 union { uint8_t byte[8]; double floating; } out;
159 double d = 8.642135e130;
164 if ((c[0] == 0x2f) && (c[1] == 0x25)
165 && (c[2] == 0xc0) && (c[3] == 0xc7)
166 && (c[4] == 0x43) && (c[5] == 0x2b)
167 && (c[6] == 0x1f) && (c[7] == 0x5b))
168 config = 1; /* need nothing */
169 else if ((c[7] == 0x2f) && (c[6] == 0x25)
170 && (c[5] == 0xc0) && (c[4] == 0xc7)
171 && (c[3] == 0x43) && (c[2] == 0x2b)
172 && (c[1] == 0x1f) && (c[0] == 0x5b))
173 config = 2; /* endian flip */
174 else if ((c[4] == 0x2f) && (c[5] == 0x25)
175 && (c[6] == 0xc0) && (c[7] == 0xc7)
176 && (c[0] == 0x43) && (c[1] == 0x2b)
177 && (c[2] == 0x1f) && (c[3] == 0x5b))
178 config = 3; /* int swap */
185 out.byte[0] = out.byte[1] = out.byte[2] = out.byte[3] = 0x00;
186 out.byte[4] = out.byte[5] = 0x00;
189 return (out.floating);
191 else if (config == 1)
193 else if (config == 2)
196 out.byte[0] = in.byte[7];
197 out.byte[1] = in.byte[6];
198 out.byte[2] = in.byte[5];
199 out.byte[3] = in.byte[4];
200 out.byte[4] = in.byte[3];
201 out.byte[5] = in.byte[2];
202 out.byte[6] = in.byte[1];
203 out.byte[7] = in.byte[0];
204 return (out.floating);
206 else if (config == 3)
209 out.byte[0] = in.byte[4];
210 out.byte[1] = in.byte[5];
211 out.byte[2] = in.byte[6];
212 out.byte[3] = in.byte[7];
213 out.byte[4] = in.byte[0];
214 out.byte[5] = in.byte[1];
215 out.byte[6] = in.byte[2];
216 out.byte[7] = in.byte[3];
217 return (out.floating);
221 /* If in doubt, just copy the value back to the caller. */
224 } /* }}} double htond */
226 static int nb_add_values (char **ret_buffer, /* {{{ */
227 size_t *ret_buffer_len,
228 const lcc_value_list_t *vl)
235 uint16_t pkg_num_values;
236 uint8_t pkg_values_types[vl->values_len];
237 value_t pkg_values[vl->values_len];
242 packet_len = sizeof (pkg_type) + sizeof (pkg_length)
243 + sizeof (pkg_num_values)
244 + sizeof (pkg_values_types)
245 + sizeof (pkg_values);
247 if (*ret_buffer_len < packet_len)
250 pkg_type = htons (TYPE_VALUES);
251 pkg_length = htons ((uint16_t) packet_len);
252 pkg_num_values = htons ((uint16_t) vl->values_len);
254 for (i = 0; i < vl->values_len; i++)
256 pkg_values_types[i] = (uint8_t) vl->values_types[i];
257 switch (vl->values_types[i])
259 case LCC_TYPE_COUNTER:
260 pkg_values[i].counter = (counter_t) htonll (vl->values[i].counter);
264 pkg_values[i].gauge = (gauge_t) htond (vl->values[i].gauge);
267 case LCC_TYPE_DERIVE:
268 pkg_values[i].derive = (derive_t) htonll (vl->values[i].derive);
271 case LCC_TYPE_ABSOLUTE:
272 pkg_values[i].absolute = (absolute_t) htonll (vl->values[i].absolute);
277 } /* switch (vl->values_types[i]) */
278 } /* for (vl->values_len) */
281 * Use `memcpy' to write everything to the buffer, because the pointer
282 * may be unaligned and some architectures, such as SPARC, can't handle
285 packet_ptr = *ret_buffer;
287 memcpy (packet_ptr + offset, &pkg_type, sizeof (pkg_type));
288 offset += sizeof (pkg_type);
289 memcpy (packet_ptr + offset, &pkg_length, sizeof (pkg_length));
290 offset += sizeof (pkg_length);
291 memcpy (packet_ptr + offset, &pkg_num_values, sizeof (pkg_num_values));
292 offset += sizeof (pkg_num_values);
293 memcpy (packet_ptr + offset, pkg_values_types, sizeof (pkg_values_types));
294 offset += sizeof (pkg_values_types);
295 memcpy (packet_ptr + offset, pkg_values, sizeof (pkg_values));
296 offset += sizeof (pkg_values);
298 assert (offset == packet_len);
300 *ret_buffer = packet_ptr + packet_len;
301 *ret_buffer_len -= packet_len;
303 } /* }}} int nb_add_values */
305 static int nb_add_number (char **ret_buffer, /* {{{ */
306 size_t *ret_buffer_len,
307 uint16_t type, uint64_t value)
318 packet_len = sizeof (pkg_type)
319 + sizeof (pkg_length)
320 + sizeof (pkg_value);
322 if (*ret_buffer_len < packet_len)
325 pkg_type = htons (type);
326 pkg_length = htons ((uint16_t) packet_len);
327 pkg_value = htonll (value);
329 packet_ptr = *ret_buffer;
331 memcpy (packet_ptr + offset, &pkg_type, sizeof (pkg_type));
332 offset += sizeof (pkg_type);
333 memcpy (packet_ptr + offset, &pkg_length, sizeof (pkg_length));
334 offset += sizeof (pkg_length);
335 memcpy (packet_ptr + offset, &pkg_value, sizeof (pkg_value));
336 offset += sizeof (pkg_value);
338 assert (offset == packet_len);
340 *ret_buffer = packet_ptr + packet_len;
341 *ret_buffer_len -= packet_len;
343 } /* }}} int nb_add_number */
345 static int nb_add_string (char **ret_buffer, /* {{{ */
346 size_t *ret_buffer_len,
347 uint16_t type, const char *str, size_t str_len)
357 packet_len = sizeof (pkg_type)
358 + sizeof (pkg_length)
360 if (*ret_buffer_len < packet_len)
363 pkg_type = htons (type);
364 pkg_length = htons ((uint16_t) packet_len);
366 packet_ptr = *ret_buffer;
368 memcpy (packet_ptr + offset, &pkg_type, sizeof (pkg_type));
369 offset += sizeof (pkg_type);
370 memcpy (packet_ptr + offset, &pkg_length, sizeof (pkg_length));
371 offset += sizeof (pkg_length);
372 memcpy (packet_ptr + offset, str, str_len);
374 memset (packet_ptr + offset, 0, 1);
377 assert (offset == packet_len);
379 *ret_buffer = packet_ptr + packet_len;
380 *ret_buffer_len -= packet_len;
382 } /* }}} int nb_add_string */
384 static int nb_add_value_list (lcc_network_buffer_t *nb, /* {{{ */
385 const lcc_value_list_t *vl)
387 char *buffer = nb->ptr;
388 size_t buffer_size = nb->free;
390 const lcc_identifier_t *ident_src;
391 lcc_identifier_t *ident_dst;
393 ident_src = &vl->identifier;
394 ident_dst = &nb->state.identifier;
396 if (strcmp (ident_dst->host, ident_src->host) != 0)
398 if (nb_add_string (&buffer, &buffer_size, TYPE_HOST,
399 ident_src->host, strlen (ident_src->host)) != 0)
401 SSTRNCPY (ident_dst->host, ident_src->host, sizeof (ident_dst->host));
404 if (strcmp (ident_dst->plugin, ident_src->plugin) != 0)
406 if (nb_add_string (&buffer, &buffer_size, TYPE_PLUGIN,
407 ident_src->plugin, strlen (ident_src->plugin)) != 0)
409 SSTRNCPY (ident_dst->plugin, ident_src->plugin,
410 sizeof (ident_dst->plugin));
413 if (strcmp (ident_dst->plugin_instance,
414 ident_src->plugin_instance) != 0)
416 if (nb_add_string (&buffer, &buffer_size, TYPE_PLUGIN_INSTANCE,
417 ident_src->plugin_instance,
418 strlen (ident_src->plugin_instance)) != 0)
420 SSTRNCPY (ident_dst->plugin_instance, ident_src->plugin_instance,
421 sizeof (ident_dst->plugin_instance));
424 if (strcmp (ident_dst->type, ident_src->type) != 0)
426 if (nb_add_string (&buffer, &buffer_size, TYPE_TYPE,
427 ident_src->type, strlen (ident_src->type)) != 0)
429 SSTRNCPY (ident_dst->type, ident_src->type, sizeof (ident_dst->type));
432 if (strcmp (ident_dst->type_instance,
433 ident_src->type_instance) != 0)
435 if (nb_add_string (&buffer, &buffer_size, TYPE_TYPE_INSTANCE,
436 ident_src->type_instance,
437 strlen (ident_src->type_instance)) != 0)
439 SSTRNCPY (ident_dst->type_instance, ident_src->type_instance,
440 sizeof (ident_dst->type_instance));
443 if (nb->state.time != vl->time)
445 if (nb_add_number (&buffer, &buffer_size, TYPE_TIME,
446 (uint64_t) vl->time))
448 nb->state.time = vl->time;
451 if (nb->state.interval != vl->interval)
453 if (nb_add_number (&buffer, &buffer_size, TYPE_INTERVAL,
454 (uint64_t) vl->interval))
456 nb->state.interval = vl->interval;
459 if (nb_add_values (&buffer, &buffer_size, vl) != 0)
463 nb->free = buffer_size;
465 } /* }}} int nb_add_value_list */
467 static int nb_add_signature (lcc_network_buffer_t *nb) /* {{{ */
475 const size_t hash_length = 32;
477 /* The type, length and username have already been filled in by
478 * "lcc_network_buffer_initialize". All we do here is calculate the hash over
479 * the username and the data and add the hash value to the buffer. */
481 buffer = nb->buffer + PART_SIGNATURE_SHA256_SIZE;
482 assert (nb->size >= (nb->free + PART_SIGNATURE_SHA256_SIZE));
483 buffer_size = nb->size - (nb->free + PART_SIGNATURE_SHA256_SIZE);
486 err = gcry_md_open (&hd, GCRY_MD_SHA256, GCRY_MD_FLAG_HMAC);
490 assert (nb->password != NULL);
491 err = gcry_md_setkey (hd, nb->password, strlen (nb->password));
498 gcry_md_write (hd, buffer, buffer_size);
499 hash = gcry_md_read (hd, GCRY_MD_SHA256);
506 assert (((2 * sizeof (uint16_t)) + hash_length) == PART_SIGNATURE_SHA256_SIZE);
507 memcpy (nb->buffer + (2 * sizeof (uint16_t)), hash, hash_length);
511 } /* }}} int nb_add_signature */
513 static int nb_add_encryption (lcc_network_buffer_t *nb) /* {{{ */
515 size_t package_length;
516 char *encr_ptr; /* pointer to data being encrypted */
519 char *hash_ptr; /* pointer to data being hashed */
526 /* Fill in the package length */
527 package_length = nb->size - nb->free;
528 pkg_length = htons ((uint16_t) package_length);
529 memcpy (nb->buffer + 2, &pkg_length, sizeof (pkg_length));
531 /* Calculate what to hash */
532 hash_ptr = nb->buffer + PART_ENCRYPTION_AES256_SIZE;
533 hash_size = package_length - nb->encr_header_len;
535 /* Calculate what to encrypt */
536 encr_ptr = hash_ptr - sizeof (hash);
537 encr_size = hash_size + sizeof (hash);
539 /* Calculate the SHA-1 hash */
540 gcry_md_hash_buffer (GCRY_MD_SHA1, hash, hash_ptr, hash_size);
541 memcpy (encr_ptr, hash, sizeof (hash));
543 if (nb->encr_cypher == NULL)
545 unsigned char password_hash[32];
547 err = gcry_cipher_open (&nb->encr_cypher,
548 GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_OFB, /* flags = */ 0);
552 /* Calculate our 256bit key used for AES */
553 gcry_md_hash_buffer (GCRY_MD_SHA256, password_hash,
554 nb->password, strlen (nb->password));
556 err = gcry_cipher_setkey (nb->encr_cypher,
557 password_hash, sizeof (password_hash));
560 gcry_cipher_close (nb->encr_cypher);
561 nb->encr_cypher = NULL;
565 else /* if (nb->encr_cypher != NULL) */
567 gcry_cipher_reset (nb->encr_cypher);
570 /* Set the initialization vector */
571 err = gcry_cipher_setiv (nb->encr_cypher,
572 nb->encr_iv, sizeof (nb->encr_iv));
575 gcry_cipher_close (nb->encr_cypher);
576 nb->encr_cypher = NULL;
580 /* Encrypt the buffer in-place */
581 err = gcry_cipher_encrypt (nb->encr_cypher,
583 /* in = */ NULL, /* in len = */ 0);
586 gcry_cipher_close (nb->encr_cypher);
587 nb->encr_cypher = NULL;
592 } /* }}} int nb_add_encryption */
597 lcc_network_buffer_t *lcc_network_buffer_create (size_t size) /* {{{ */
599 lcc_network_buffer_t *nb;
602 size = LCC_NETWORK_BUFFER_SIZE_DEFAULT;
610 nb = malloc (sizeof (*nb));
613 memset (nb, 0, sizeof (*nb));
616 nb->buffer = malloc (nb->size);
617 if (nb->buffer == NULL)
622 memset (nb->buffer, 0, nb->size);
624 nb->ptr = nb->buffer;
632 } /* }}} lcc_network_buffer_t *lcc_network_buffer_create */
634 void lcc_network_buffer_destroy (lcc_network_buffer_t *nb) /* {{{ */
641 } /* }}} void lcc_network_buffer_destroy */
643 int lcc_network_buffer_set_security_level (lcc_network_buffer_t *nb, /* {{{ */
644 lcc_security_level_t level,
645 const char *username, const char *password)
657 lcc_network_buffer_initialize (nb);
664 username_copy = strdup (username);
665 password_copy = strdup (password);
666 if ((username_copy == NULL) || (password_copy == NULL))
668 free (username_copy);
669 free (password_copy);
675 nb->username = username_copy;
676 nb->password = password_copy;
677 nb->seclevel = level;
679 lcc_network_buffer_initialize (nb);
681 } /* }}} int lcc_network_buffer_set_security_level */
683 int lcc_network_buffer_initialize (lcc_network_buffer_t *nb) /* {{{ */
688 memset (nb->buffer, 0, nb->size);
689 memset (&nb->state, 0, sizeof (nb->state));
690 nb->ptr = nb->buffer;
693 if (nb->seclevel == SIGN)
696 uint16_t pkg_type = htons (TYPE_SIGN_SHA256);
697 uint16_t pkg_length = PART_SIGNATURE_SHA256_SIZE;
699 assert (nb->username != NULL);
700 username_len = strlen (nb->username);
701 pkg_length = htons (pkg_length + ((uint16_t) username_len));
703 /* Fill in everything but the hash value here. */
704 memcpy (nb->ptr, &pkg_type, sizeof (pkg_type));
705 memcpy (nb->ptr + sizeof (pkg_type), &pkg_length, sizeof (pkg_length));
706 nb->ptr += PART_SIGNATURE_SHA256_SIZE;
707 nb->free -= PART_SIGNATURE_SHA256_SIZE;
709 memcpy (nb->ptr, nb->username, username_len);
710 nb->ptr += username_len;
711 nb->free -= username_len;
713 else if (nb->seclevel == ENCRYPT)
715 size_t username_length = strlen (nb->username);
716 uint16_t pkg_type = htons (TYPE_ENCR_AES256);
717 uint16_t pkg_length = 0; /* Filled in in finalize. */
718 uint16_t pkg_user_len = htons ((uint16_t) username_length);
721 nb->encr_header_len = username_length;
722 nb->encr_header_len += PART_ENCRYPTION_AES256_SIZE;
724 gcry_randomize ((void *) &nb->encr_iv, sizeof (nb->encr_iv),
727 /* Filled in in finalize. */
728 memset (hash, 0, sizeof (hash));
730 ADD_STATIC (nb, pkg_type);
731 ADD_STATIC (nb, pkg_length);
732 ADD_STATIC (nb, pkg_user_len);
733 ADD_GENERIC (nb, nb->username, username_length);
734 ADD_GENERIC (nb, nb->encr_iv, sizeof (nb->encr_iv));
735 ADD_GENERIC (nb, hash, sizeof (hash));
736 assert ((nb->encr_header_len + nb->free) == nb->size);
740 } /* }}} int lcc_network_buffer_initialize */
742 int lcc_network_buffer_finalize (lcc_network_buffer_t *nb) /* {{{ */
747 if (nb->seclevel == SIGN)
748 nb_add_signature (nb);
749 else if (nb->seclevel == ENCRYPT)
750 nb_add_encryption (nb);
753 } /* }}} int lcc_network_buffer_finalize */
755 int lcc_network_buffer_add_value (lcc_network_buffer_t *nb, /* {{{ */
756 const lcc_value_list_t *vl)
760 if ((nb == NULL) || (vl == NULL))
763 status = nb_add_value_list (nb, vl);
765 } /* }}} int lcc_network_buffer_add_value */
767 int lcc_network_buffer_get (lcc_network_buffer_t *nb, /* {{{ */
768 void *buffer, size_t *buffer_size)
773 if ((nb == NULL) || (buffer_size == NULL))
776 assert (nb->size >= nb->free);
777 sz_required = nb->size - nb->free;
778 sz_available = *buffer_size;
780 *buffer_size = sz_required;
782 memcpy (buffer, nb->buffer,
783 (sz_available < sz_required) ? sz_available : sz_required);
786 } /* }}} int lcc_network_buffer_get */
788 /* vim: set sw=2 sts=2 et fdm=marker : */