From: Jason Ish Date: Fri, 3 Sep 2021 21:04:58 +0000 (-0600) Subject: base64: use the Rust base64 encode implementation X-Git-Tag: suricata-7.0.0-beta1~1084 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6392216f6bc717801d7f92d7d083b94ac9769f54;p=thirdparty%2Fsuricata.git base64: use the Rust base64 encode implementation Replace our internal base64 implementation with a ffi wrapper around the Rust implementation provided by an external crate. --- diff --git a/rust/src/ffi/base64.rs b/rust/src/ffi/base64.rs new file mode 100644 index 0000000000..0019a6ff2b --- /dev/null +++ b/rust/src/ffi/base64.rs @@ -0,0 +1,62 @@ +/* Copyright (C) 2021 Open Information Security Foundation + * + * You can copy, redistribute or modify this Program under the terms of + * the GNU General Public License version 2 as published by the Free + * Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 2 along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + +use std::os::raw::c_uchar; +use libc::c_ulong; + +#[repr(C)] +#[allow(non_camel_case_types)] +pub enum Base64ReturnCode { + SC_BASE64_OK = 0, + SC_BASE64_INVALID_ARG, + SC_BASE64_OVERFLOW, +} + +/// Base64 encode a buffer. +/// +/// This method exposes the Rust base64 encoder to C and should not be called from +/// Rust code. +/// +/// The output parameter must be an allocated buffer of at least the size returned +/// from Base64EncodeBufferSize for the input_len, and this length must be provided +/// in the output_len variable. +#[no_mangle] +pub unsafe extern "C" fn Base64Encode( + input: *const u8, input_len: c_ulong, output: *mut c_uchar, output_len: *mut c_ulong, +) -> Base64ReturnCode { + if input.is_null() || output.is_null() || output_len.is_null() { + return Base64ReturnCode::SC_BASE64_INVALID_ARG; + } + let input = std::slice::from_raw_parts(input, input_len as usize); + let encoded = base64::encode(input); + if encoded.len() + 1 > *output_len as usize { + return Base64ReturnCode::SC_BASE64_OVERFLOW; + } + let output = std::slice::from_raw_parts_mut(&mut *(output as *mut u8), *output_len as usize); + output[0..encoded.len()].copy_from_slice(encoded.as_bytes()); + output[encoded.len()] = 0; + *output_len = encoded.len() as c_ulong; + Base64ReturnCode::SC_BASE64_OK +} + +/// Ratio of output bytes to input bytes for Base64 Encoding is 4:3, hence the +/// required output bytes are 4 * ceil(input_len / 3) and an additional byte for +/// storing the NULL pointer. +#[no_mangle] +pub extern "C" fn Base64EncodeBufferSize(len: c_ulong) -> c_ulong { + (4 * ((len) + 2) / 3) + 1 +} diff --git a/rust/src/ffi/mod.rs b/rust/src/ffi/mod.rs index e7b3492134..c6ba718303 100644 --- a/rust/src/ffi/mod.rs +++ b/rust/src/ffi/mod.rs @@ -16,3 +16,4 @@ */ pub mod hashing; +pub mod base64; diff --git a/scripts/dnp3-gen/dnp3-gen.py b/scripts/dnp3-gen/dnp3-gen.py index 5604237008..6b0f14e3fc 100755 --- a/scripts/dnp3-gen/dnp3-gen.py +++ b/scripts/dnp3-gen/dnp3-gen.py @@ -150,8 +150,6 @@ output_json_dnp3_objects_template = """/* Copyright (C) 2015 Open Information Se #include "suricata-common.h" -#include "util-crypt.h" - #include "app-layer-dnp3.h" #include "app-layer-dnp3-objects.h" #include "output-json-dnp3-objects.h" diff --git a/src/Makefile.am b/src/Makefile.am index e186b5a854..f7edaaa518 100755 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -500,7 +500,6 @@ noinst_HEADERS = \ util-config.h \ util-coredump-config.h \ util-cpu.h \ - util-crypt.h \ util-daemon.h \ util-debug-filters.h \ util-debug.h \ @@ -1068,7 +1067,6 @@ libsuricata_c_a_SOURCES = \ util-conf.c \ util-coredump-config.c \ util-cpu.c \ - util-crypt.c \ util-daemon.c \ util-debug.c \ util-debug-filters.c \ diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c index fbab51ab34..265756ad7e 100644 --- a/src/app-layer-ssl.c +++ b/src/app-layer-ssl.c @@ -42,7 +42,6 @@ #include "decode-events.h" #include "conf.h" -#include "util-crypt.h" #include "util-spm.h" #include "util-unittest.h" #include "util-debug.h" diff --git a/src/datasets-md5.c b/src/datasets-md5.c index 58bdd90b7c..3b1d8f3fc0 100644 --- a/src/datasets-md5.c +++ b/src/datasets-md5.c @@ -27,7 +27,6 @@ #include "datasets-md5.h" #include "util-thash.h" #include "util-print.h" -#include "util-crypt.h" // encode base64 #include "util-base64.h" // decode base64 int Md5StrSet(void *dst, void *src) diff --git a/src/datasets-sha256.c b/src/datasets-sha256.c index 06673bd1db..346397d6d6 100644 --- a/src/datasets-sha256.c +++ b/src/datasets-sha256.c @@ -27,7 +27,6 @@ #include "datasets-sha256.h" #include "util-thash.h" #include "util-print.h" -#include "util-crypt.h" // encode base64 #include "util-base64.h" // decode base64 int Sha256StrSet(void *dst, void *src) diff --git a/src/datasets-string.c b/src/datasets-string.c index 66e5a8713a..4a572898ce 100644 --- a/src/datasets-string.c +++ b/src/datasets-string.c @@ -27,8 +27,8 @@ #include "datasets-string.h" #include "util-thash.h" #include "util-print.h" -#include "util-crypt.h" // encode base64 #include "util-base64.h" // decode base64 +#include "rust.h" #if 0 static int StringAsAscii(const void *s, char *out, size_t out_size) @@ -47,7 +47,7 @@ int StringAsBase64(const void *s, char *out, size_t out_size) { const StringType *str = s; - unsigned long len = BASE64_BUFFER_SIZE(str->len); + unsigned long len = Base64EncodeBufferSize(str->len); uint8_t encoded_data[len]; if (Base64Encode((unsigned char *)str->ptr, str->len, encoded_data, &len) != SC_BASE64_OK) diff --git a/src/datasets.c b/src/datasets.c index 448e0b20cb..3964622d51 100644 --- a/src/datasets.c +++ b/src/datasets.c @@ -30,7 +30,6 @@ #include "datasets-reputation.h" #include "util-thash.h" #include "util-print.h" -#include "util-crypt.h" // encode base64 #include "util-base64.h" // decode base64 #include "util-byte.h" #include "util-misc.h" diff --git a/src/log-tlslog.c b/src/log-tlslog.c index fde1fdbc81..4b41ffbeea 100644 --- a/src/log-tlslog.c +++ b/src/log-tlslog.c @@ -50,7 +50,6 @@ #include "util-buffer.h" #include "util-logopenfile.h" -#include "util-crypt.h" #include "util-time.h" #include "log-cf-common.h" diff --git a/src/log-tlsstore.c b/src/log-tlsstore.c index 3d50f5ca2d..481c7dd7de 100644 --- a/src/log-tlsstore.c +++ b/src/log-tlsstore.c @@ -51,7 +51,6 @@ #include "util-buffer.h" #include "util-logopenfile.h" -#include "util-crypt.h" #include "util-time.h" #define MODULE_NAME "LogTlsStoreLog" @@ -123,7 +122,7 @@ static void LogTlsLogPem(LogTlsStoreLogThread *aft, const Packet *p, SSLState *s } TAILQ_FOREACH(cert, &state->server_connp.certs, next) { - pemlen = BASE64_BUFFER_SIZE(cert->cert_len); + pemlen = Base64EncodeBufferSize(cert->cert_len); if (pemlen > aft->enc_buf_len) { ptmp = (uint8_t*) SCRealloc(aft->enc_buf, sizeof(uint8_t) * pemlen); if (ptmp == NULL) { diff --git a/src/output-json-alert.c b/src/output-json-alert.c index b79128deac..d2373ed0e4 100644 --- a/src/output-json-alert.c +++ b/src/output-json-alert.c @@ -80,7 +80,6 @@ #include "util-proto-name.h" #include "util-optimize.h" #include "util-buffer.h" -#include "util-crypt.h" #include "util-validate.h" #define MODULE_NAME "JsonAlertLog" diff --git a/src/output-json-anomaly.c b/src/output-json-anomaly.c index 172e2eb80e..7864f8fe56 100644 --- a/src/output-json-anomaly.c +++ b/src/output-json-anomaly.c @@ -55,7 +55,6 @@ #include "util-proto-name.h" #include "util-optimize.h" #include "util-buffer.h" -#include "util-crypt.h" #include "util-validate.h" #define MODULE_NAME "JsonAnomalyLog" diff --git a/src/output-json-dnp3-objects.c b/src/output-json-dnp3-objects.c index 377dffe417..65a1a396ed 100644 --- a/src/output-json-dnp3-objects.c +++ b/src/output-json-dnp3-objects.c @@ -24,8 +24,6 @@ #include "suricata-common.h" -#include "util-crypt.h" - #include "app-layer-dnp3.h" #include "app-layer-dnp3-objects.h" #include "output-json-dnp3-objects.h" diff --git a/src/output-json-dnp3.c b/src/output-json-dnp3.c index aead12cfd3..082a37fcbc 100644 --- a/src/output-json-dnp3.c +++ b/src/output-json-dnp3.c @@ -28,7 +28,6 @@ #include "util-print.h" #include "util-unittest.h" #include "util-buffer.h" -#include "util-crypt.h" #include "util-debug.h" #include "app-layer.h" diff --git a/src/output-json-email-common.c b/src/output-json-email-common.c index 250d7d17d7..613421eb80 100644 --- a/src/output-json-email-common.c +++ b/src/output-json-email-common.c @@ -48,7 +48,6 @@ #include "util-byte.h" #include "util-logopenfile.h" -#include "util-crypt.h" #include "output-json.h" #include "output-json-email-common.h" diff --git a/src/output-json-http.c b/src/output-json-http.c index 88c0c8967c..bb6bc06434 100644 --- a/src/output-json-http.c +++ b/src/output-json-http.c @@ -49,7 +49,6 @@ #include "util-proto-name.h" #include "util-logopenfile.h" #include "util-time.h" -#include "util-crypt.h" #include "output-json.h" #include "output-json-alert.h" #include "output-json-http.h" diff --git a/src/output-json-http2.c b/src/output-json-http2.c index 7e57c71936..609ac87879 100644 --- a/src/output-json-http2.c +++ b/src/output-json-http2.c @@ -45,7 +45,6 @@ #include "util-buffer.h" #include "util-logopenfile.h" -#include "util-crypt.h" #include "output-json.h" #include "output-json-http2.h" diff --git a/src/output-json-metadata.c b/src/output-json-metadata.c index a2a8a5f85a..62583dfcdf 100644 --- a/src/output-json-metadata.c +++ b/src/output-json-metadata.c @@ -61,7 +61,6 @@ #include "util-proto-name.h" #include "util-optimize.h" #include "util-buffer.h" -#include "util-crypt.h" #define MODULE_NAME "JsonMetadataLog" diff --git a/src/output-json-ssh.c b/src/output-json-ssh.c index ec649abf4f..e82e4994e4 100644 --- a/src/output-json-ssh.c +++ b/src/output-json-ssh.c @@ -45,7 +45,6 @@ #include "util-buffer.h" #include "util-logopenfile.h" -#include "util-crypt.h" #include "output-json.h" #include "output-json-ssh.h" diff --git a/src/output-json-stats.c b/src/output-json-stats.c index 6e82745eb7..07c4dc1c78 100644 --- a/src/output-json-stats.c +++ b/src/output-json-stats.c @@ -43,7 +43,6 @@ #include "util-buffer.h" #include "util-logopenfile.h" -#include "util-crypt.h" #include "output-json.h" #include "output-json-stats.h" diff --git a/src/output-json-tls.c b/src/output-json-tls.c index 5280483a40..4cc13b4cac 100644 --- a/src/output-json-tls.c +++ b/src/output-json-tls.c @@ -45,7 +45,6 @@ #include "util-buffer.h" #include "util-logopenfile.h" -#include "util-crypt.h" #include "util-ja3.h" #include "output-json.h" diff --git a/src/output-json.c b/src/output-json.c index e9eccf4a79..04bd6ed159 100644 --- a/src/output-json.c +++ b/src/output-json.c @@ -59,7 +59,6 @@ #include "util-log-redis.h" #include "util-device.h" #include "util-validate.h" -#include "util-crypt.h" #include "util-plugin.h" #include "flow-var.h" diff --git a/src/util-crypt.c b/src/util-crypt.c deleted file mode 100644 index eacdf487d0..0000000000 --- a/src/util-crypt.c +++ /dev/null @@ -1,74 +0,0 @@ -/* Copyright (C) 2007-2012 Open Information Security Foundation - * - * You can copy, redistribute or modify this Program under the terms of - * the GNU General Public License version 2 as published by the Free - * Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * version 2 along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA. - */ - -/** - * \file - * - * \author Roliers Jean-Paul - * - * Implements cryptographic functions. - * Based on the libtomcrypt library ( http://libtom.org/?page=features&newsitems=5&whatfile=crypt ) - * - * Implementation of function using NSS is not linked with libtomcrypt. - */ - -#include "suricata-common.h" -#include "suricata.h" -#include "util-crypt.h" - -static const char *b64codes = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; - -int Base64Encode(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen) -{ - unsigned long i, len2, leven; - unsigned char *p; - if(in == NULL || out == NULL || outlen == NULL) - { - return SC_BASE64_INVALID_ARG; - } - /* valid output size ? */ - len2 = 4 * ((inlen + 2) / 3); - if (*outlen < len2 + 1) { - *outlen = len2 + 1; - return SC_BASE64_OVERFLOW; - } - p = out; - leven = 3*(inlen / 3); - for (i = 0; i < leven; i += 3) { - *p++ = b64codes[(in[0] >> 2) & 0x3F]; - *p++ = b64codes[(((in[0] & 3) << 4) + (in[1] >> 4)) & 0x3F]; - *p++ = b64codes[(((in[1] & 0xf) << 2) + (in[2] >> 6)) & 0x3F]; - *p++ = b64codes[in[2] & 0x3F]; - in += 3; - } - /* Pad it if necessary... */ - if (i < inlen) { - unsigned a = in[0]; - unsigned b = (i+1 < inlen) ? in[1] : 0; - - *p++ = b64codes[(a >> 2) & 0x3F]; - *p++ = b64codes[(((a & 3) << 4) + (b >> 4)) & 0x3F]; - *p++ = (i+1 < inlen) ? b64codes[(((b & 0xf) << 2)) & 0x3F] : '='; - *p++ = '='; - } - /* append a NULL byte */ - *p = '\0'; - /* return ok */ - *outlen = p - out; - return SC_BASE64_OK; -} diff --git a/src/util-crypt.h b/src/util-crypt.h deleted file mode 100644 index f36238f162..0000000000 --- a/src/util-crypt.h +++ /dev/null @@ -1,47 +0,0 @@ -/* Copyright (C) 2007-2012 Open Information Security Foundation - * - * You can copy, redistribute or modify this Program under the terms of - * the GNU General Public License version 2 as published by the Free - * Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * version 2 along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA. - */ - -/** - * \file - * - * \author Roliers Jean-Paul - * - * Implements cryptographic functions. - * Based on the libtomcrypt library ( http://libtom.org/?page=features&newsitems=5&whatfile=crypt ) - */ - -#ifndef UTIL_CRYPT_H_ -#define UTIL_CRYPT_H_ - -#include "suricata-common.h" - -/* Ratio of output bytes to input bytes for Base64 Encoding is 4:3, hence the - * required output bytes are 4 * ceil(input_len / 3) and an additional byte - * for storing the NULL pointer. - * */ -#define BASE64_BUFFER_SIZE(x) ((4 * ((x) + 2) / 3) + 1) - -typedef enum { - SC_BASE64_OK, - SC_BASE64_INVALID_ARG, - SC_BASE64_OVERFLOW, - -} CryptId; - -int Base64Encode(const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen); - -#endif /* UTIL_CRYPT_H_ */