1 /* MIT (BSD) license - see LICENSE file for details */
2 /* Routines to encode / decode a rune */
3 #include <ccan/rune/rune.h>
4 #include <ccan/rune/internal.h>
5 #include <ccan/str/hex/hex.h>
6 #include <ccan/tal/str/str.h>
7 #include <ccan/base64/base64.h>
8 #include <ccan/endian/endian.h>
11 /* From Python base64.urlsafe_b64encode:
13 * The alphabet uses '-' instead of '+' and '_' instead of '/'.
15 static const base64_maps_t base64_maps_urlsafe = {
16 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_",
18 "\xff\xff\xff\xff\xff" /* 0 */
19 "\xff\xff\xff\xff\xff" /* 5 */
20 "\xff\xff\xff\xff\xff" /* 10 */
21 "\xff\xff\xff\xff\xff" /* 15 */
22 "\xff\xff\xff\xff\xff" /* 20 */
23 "\xff\xff\xff\xff\xff" /* 25 */
24 "\xff\xff\xff\xff\xff" /* 30 */
25 "\xff\xff\xff\xff\xff" /* 35 */
26 "\xff\xff\xff\xff\xff" /* 40 */
27 "\x3e\xff\xff\x34\x35" /* 45 */
28 "\x36\x37\x38\x39\x3a" /* 50 */
29 "\x3b\x3c\x3d\xff\xff" /* 55 */
30 "\xff\xff\xff\xff\xff" /* 60 */
31 "\x00\x01\x02\x03\x04" /* 65 A */
32 "\x05\x06\x07\x08\x09" /* 70 */
33 "\x0a\x0b\x0c\x0d\x0e" /* 75 */
34 "\x0f\x10\x11\x12\x13" /* 80 */
35 "\x14\x15\x16\x17\x18" /* 85 */
36 "\x19\xff\xff\xff\xff" /* 90 */
37 "\x3f\xff\x1a\x1b\x1c" /* 95 */
38 "\x1d\x1e\x1f\x20\x21" /* 100 */
39 "\x22\x23\x24\x25\x26" /* 105 */
40 "\x27\x28\x29\x2a\x2b" /* 110 */
41 "\x2c\x2d\x2e\x2f\x30" /* 115 */
42 "\x31\x32\x33\xff\xff" /* 120 */
43 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" /* 125 */
44 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" /* 135 */
45 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" /* 145 */
46 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" /* 155 */
47 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" /* 165 */
48 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" /* 175 */
49 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" /* 185 */
50 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" /* 195 */
51 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" /* 205 */
52 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" /* 215 */
53 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" /* 225 */
54 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" /* 235 */
55 "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" /* 245 */
58 /* For encoding as a string */
64 static void to_wbuf(const char *s, size_t len, void *vwbuf)
66 struct wbuf *wbuf = vwbuf;
68 while (wbuf->off + len > wbuf->len)
69 tal_resize(&wbuf->buf, wbuf->len *= 2);
70 memcpy(wbuf->buf + wbuf->off, s, len);
74 /* For adding to sha256 */
75 static void to_sha256(const char *s, size_t len, void *vshactx)
77 struct sha256_ctx *shactx = vshactx;
78 sha256_update(shactx, s, len);
81 static void rune_altern_encode(const struct rune_altern *altern,
82 void (*cb)(const char *s, size_t len,
86 char cond = altern->condition;
89 cb(altern->fieldname, strlen(altern->fieldname), arg);
94 char esc[2] = { '\\' };
95 size_t len = strcspn(p, "\\|&");
105 static void rune_restr_encode(const struct rune_restr *restr,
106 void (*cb)(const char *s, size_t len,
110 for (size_t i = 0; i < tal_count(restr->alterns); i++) {
113 rune_altern_encode(restr->alterns[i], cb, arg);
117 void rune_sha256_add_restr(struct sha256_ctx *shactx,
118 struct rune_restr *restr)
120 rune_restr_encode(restr, to_sha256, shactx);
121 rune_sha256_endmarker(shactx);
124 const char *rune_is_derived(const struct rune *source, const struct rune *rune)
126 if (!runestr_eq(source->version, rune->version))
127 return "Version mismatch";
129 return rune_is_derived_anyversion(source, rune);
132 const char *rune_is_derived_anyversion(const struct rune *source,
133 const struct rune *rune)
135 struct sha256_ctx shactx;
138 if (tal_count(rune->restrs) < tal_count(source->restrs))
139 return "Fewer restrictions than master";
141 /* If we add the same restrictions to source rune, do we match? */
142 shactx = source->shactx;
143 for (i = 0; i < tal_count(rune->restrs); i++) {
144 /* First restrictions must be identical */
145 if (i < tal_count(source->restrs)) {
146 if (!rune_restr_eq(source->restrs[i], rune->restrs[i]))
147 return "Does not match master restrictions";
149 rune_sha256_add_restr(&shactx, rune->restrs[i]);
152 if (memcmp(shactx.s, rune->shactx.s, sizeof(shactx.s)) != 0)
153 return "Not derived from master";
157 static bool peek_char(const char *data, size_t len, char *c)
165 static void drop_char(const char **data, size_t *len)
171 static void pull_invalid(const char **data, size_t *len)
177 static bool pull_char(const char **data, size_t *len, char *c)
179 if (!peek_char(*data, *len, c)) {
180 pull_invalid(data, len);
183 drop_char(data, len);
187 static bool is_valid_cond(enum rune_condition cond)
190 case RUNE_COND_IF_MISSING:
191 case RUNE_COND_EQUAL:
192 case RUNE_COND_NOT_EQUAL:
193 case RUNE_COND_BEGINS:
195 case RUNE_COND_CONTAINS:
196 case RUNE_COND_INT_LESS:
197 case RUNE_COND_INT_GREATER:
198 case RUNE_COND_LEXO_BEFORE:
199 case RUNE_COND_LEXO_AFTER:
200 case RUNE_COND_COMMENT:
206 /* Sets *more on success: true if another altern follows */
207 static struct rune_altern *rune_altern_decode(const tal_t *ctx,
208 const char **data, size_t *len,
211 struct rune_altern *alt = tal(ctx, struct rune_altern);
212 const char *strstart = *data;
217 /* Swallow field up to conditional */
219 if (!pull_char(data, len, &c))
220 return tal_free(alt);
226 alt->fieldname = tal_strndup(alt, strstart, strlen);
227 if (!is_valid_cond(c)) {
228 pull_invalid(data, len);
229 return tal_free(alt);
233 /* Assign worst case. */
234 value = tal_arr(alt, char, *len + 1);
237 while (*len && pull_char(data, len, &c)) {
245 if (c == '\\' && !pull_char(data, len, &c))
246 return tal_free(alt);
249 value[strlen] = '\0';
250 tal_resize(&value, strlen + 1);
255 static struct rune_restr *rune_restr_decode(const tal_t *ctx,
256 const char **data, size_t *len)
258 struct rune_restr *restr = tal(ctx, struct rune_restr);
262 /* Must have at least one! */
263 restr->alterns = tal_arr(restr, struct rune_altern *, 0);
265 struct rune_altern *alt;
267 alt = rune_altern_decode(restr, data, len, &more);
269 return tal_free(restr);
270 tal_resize(&restr->alterns, num_alts+1);
271 restr->alterns[num_alts++] = alt;
276 static struct rune *from_string(const tal_t *ctx,
280 size_t len = strlen(str);
281 struct rune *rune = tal(ctx, struct rune);
283 /* Now count up how many bytes we should have hashed: secret uses
285 rune->shactx.bytes = 64;
287 rune->restrs = tal_arr(rune, struct rune_restr *, 0);
288 rune->unique_id = NULL;
289 rune->version = NULL;
292 struct rune_restr *restr;
293 restr = rune_restr_decode(rune, &str, &len);
295 return tal_free(rune);
296 if (!rune_add_restr(rune, restr))
297 return tal_free(rune);
300 /* Now we replace with canned hash state */
301 memcpy(rune->shactx.s, hash32, 32);
302 for (size_t i = 0; i < 8; i++)
303 rune->shactx.s[i] = be32_to_cpu(rune->shactx.s[i]);
308 struct rune_restr *rune_restr_from_string(const tal_t *ctx,
312 struct rune_restr *restr;
314 restr = rune_restr_decode(NULL, &str, &len);
315 /* Don't allow trailing chars */
316 if (restr && len != 0)
317 restr = tal_free(restr);
318 return tal_steal(ctx, restr);
321 static void to_string(struct wbuf *wbuf, const struct rune *rune, u8 *hash32)
323 /* Copy hash in big-endian */
324 for (size_t i = 0; i < 8; i++) {
325 be32 v = cpu_to_be32(rune->shactx.s[i]);
326 memcpy(hash32 + i*4, &v, sizeof(v));
329 for (size_t i = 0; i < tal_count(rune->restrs); i++) {
331 to_wbuf("&", 1, wbuf);
332 rune_restr_encode(rune->restrs[i], to_wbuf, wbuf);
334 to_wbuf("", 1, wbuf);
337 struct rune *rune_from_base64n(const tal_t *ctx, const char *str, size_t len)
343 data = tal_arr(NULL, u8, base64_decoded_length(len) + 1);
345 blen = base64_decode_using_maps(&base64_maps_urlsafe,
346 (char *)data, tal_bytelen(data),
355 /* Sanity check that it's a valid string! */
356 if (strlen((char *)data + 32) != blen - 32)
359 rune = from_string(ctx, (const char *)data + 32, data);
368 struct rune *rune_from_base64(const tal_t *ctx, const char *str)
370 return rune_from_base64n(ctx, str, strlen(str));
373 char *rune_to_base64(const tal_t *ctx, const struct rune *rune)
380 /* We're going to prepend hash */
381 wbuf.off = sizeof(hash32);
383 wbuf.buf = tal_arr(NULL, char, wbuf.len);
385 to_string(&wbuf, rune, hash32);
387 memcpy(wbuf.buf, hash32, sizeof(hash32));
389 ret = tal_arr(ctx, char, base64_encoded_length(wbuf.off) + 1);
390 ret_len = base64_encode_using_maps(&base64_maps_urlsafe,
391 ret, tal_bytelen(ret),
392 wbuf.buf, wbuf.off - 1);
398 struct rune *rune_from_string(const tal_t *ctx, const char *str)
401 if (!hex_decode(str, 64, hash, sizeof(hash)))
405 return from_string(ctx, str + 65, hash);
408 char *rune_to_string(const tal_t *ctx, const struct rune *rune)
413 /* We're going to prepend hash (in hex), plus colon */
414 wbuf.off = sizeof(hash32) * 2 + 1;
416 wbuf.buf = tal_arr(ctx, char, wbuf.len);
418 to_string(&wbuf, rune, hash32);
419 hex_encode(hash32, sizeof(hash32), wbuf.buf, sizeof(hash32) * 2 + 1);
420 wbuf.buf[sizeof(hash32) * 2] = ':';