Merge branch 'master' of git://anonscm.debian.org/collab-maint/rsyslog

Conflicts:
	debian/changelog
	debian/patches/series
	debian/rules

1 files changed, 322 insertions, 32 deletions

diff --git a/runtime/libgcry.c b/runtime/libgcry.c
index 51c10af..9dabf5f 100644
--- a/runtime/libgcry.c
+++ b/runtime/libgcry.c
@@ -49,8 +49,12 @@
 #include <errno.h>
 
 #include "rsyslog.h"
+#include "srUtils.h"
 #include "libgcry.h"
 
+#define READBUF_SIZE 4096	/* size of the read buffer */
+
+static rsRetVal rsgcryBlkBegin(gcryfile gf);
 
 static rsRetVal
 eiWriteRec(gcryfile gf, char *recHdr, size_t lenRecHdr, char *buf, size_t lenBuf)
@@ -90,20 +94,67 @@ finalize_it:
 	RETiRet;
 }
 
+static rsRetVal
+eiRead(gcryfile gf)
+{
+	ssize_t nRead;
+	DEFiRet;
+
+	if(gf->readBuf == NULL) {
+		CHKmalloc(gf->readBuf = malloc(READBUF_SIZE));
+	}
+
+	nRead = read(gf->fd, gf->readBuf, READBUF_SIZE);
+	if(nRead <= 0) { /* TODO: provide specific EOF case? */
+		ABORT_FINALIZE(RS_RET_ERR);
+	}
+	gf->readBufMaxIdx = (int16_t) nRead;
+	gf->readBufIdx = 0;
+
+finalize_it:
+	RETiRet;
+}
+
+
+/* returns EOF on any kind of error */
+static int
+eiReadChar(gcryfile gf)
+{
+	int c;
+
+	if(gf->readBufIdx >= gf->readBufMaxIdx) {
+		if(eiRead(gf) != RS_RET_OK) {
+			c = EOF;
+			goto finalize_it;
+		}
+	}
+	c = gf->readBuf[gf->readBufIdx++];
+finalize_it:
+	return c;
+}
+
 
 static rsRetVal
 eiCheckFiletype(gcryfile gf)
 {
 	char hdrBuf[128];
 	size_t toRead, didRead;
+	sbool bNeedClose = 0;
 	DEFiRet;
 
-	CHKiRet(eiOpenRead(gf));
+	if(gf->fd == -1) {
+		bNeedClose = 1;
+		CHKiRet(eiOpenRead(gf));
+	}
+
 	if(Debug) memset(hdrBuf, 0, sizeof(hdrBuf)); /* for dbgprintf below! */
 	toRead = sizeof("FILETYPE:")-1 + sizeof(RSGCRY_FILETYPE_NAME)-1 + 1;
 	didRead = read(gf->fd, hdrBuf, toRead);
-	close(gf->fd);
-	DBGPRINTF("eiCheckFiletype read %d bytes: '%s'\n", didRead, hdrBuf);
+	if(bNeedClose) {
+		close(gf->fd);
+		gf->fd = -1;
+	}
+	DBGPRINTF("eiCheckFiletype read %zd bytes: '%s'\n", didRead, hdrBuf);
 	if(   didRead != toRead
 	   || strncmp(hdrBuf, "FILETYPE:" RSGCRY_FILETYPE_NAME "\n", toRead))
 		iRet = RS_RET_EI_INVLD_FILE;
@@ -111,6 +162,98 @@ finalize_it:
 	RETiRet;
 }
 
+/* rectype/value must be EIF_MAX_*_LEN+1 long!
+ * returns 0 on success or something else on error/EOF
+ */
+static rsRetVal
+eiGetRecord(gcryfile gf, char *rectype, char *value)
+{
+	unsigned short i, j;
+	int c;
+	DEFiRet;
+
+	c = eiReadChar(gf);
+	if(c == EOF) { ABORT_FINALIZE(RS_RET_NO_DATA); }
+	for(i = 0 ; i < EIF_MAX_RECTYPE_LEN ; ++i) {
+		if(c == ':' || c == EOF)
+			break;
+		rectype[i] = c;
+		c = eiReadChar(gf);
+	}
+	if(c != ':') { ABORT_FINALIZE(RS_RET_ERR); }
+	rectype[i] = '\0';
+	j = 0;
+	for(++i ; i < EIF_MAX_VALUE_LEN ; ++i, ++j) {
+		c = eiReadChar(gf);
+		if(c == '\n' || c == EOF)
+			break;
+		value[j] = c;
+	}
+	if(c != '\n') { ABORT_FINALIZE(RS_RET_ERR); }
+	value[j] = '\0';
+finalize_it:
+	RETiRet;
+}
+
+static rsRetVal
+eiGetIV(gcryfile gf, uchar *iv, size_t leniv)
+{
+	char rectype[EIF_MAX_RECTYPE_LEN+1];
+	char value[EIF_MAX_VALUE_LEN+1];
+	size_t valueLen;
+	unsigned short i, j;
+	unsigned char nibble;
+	DEFiRet;
+
+	CHKiRet(eiGetRecord(gf, rectype, value));
+	if(strcmp(rectype, "IV")) {
+		DBGPRINTF("no IV record found when expected, record type "
+			"seen is '%s'\n", rectype);
+		ABORT_FINALIZE(RS_RET_ERR);
+	}
+	valueLen = strlen(value);
+	if(valueLen/2 != leniv) {
+		DBGPRINTF("length of IV is %zd, expected %zd\n",
+			valueLen/2, leniv);
+		ABORT_FINALIZE(RS_RET_ERR);
+	}
+
+	for(i = j = 0 ; i < valueLen ; ++i) {
+		if(value[i] >= '0' && value[i] <= '9')
+			nibble = value[i] - '0';
+		else if(value[i] >= 'a' && value[i] <= 'f')
+			nibble = value[i] - 'a' + 10;
+		else {
+			DBGPRINTF("invalid IV '%s'\n", value);
+			ABORT_FINALIZE(RS_RET_ERR);
+		}
+		if(i % 2 == 0)
+			iv[j] = nibble << 4;
+		else
+			iv[j++] |= nibble;
+	}
+finalize_it:
+	RETiRet;
+}
+
+static rsRetVal
+eiGetEND(gcryfile gf, off64_t *offs)
+{
+	char rectype[EIF_MAX_RECTYPE_LEN+1];
+	char value[EIF_MAX_VALUE_LEN+1];
+	DEFiRet;
+
+	CHKiRet(eiGetRecord(gf, rectype, value));
+	if(strcmp(rectype, "END")) {
+		DBGPRINTF("no END record found when expected, record type "
+			  "seen is '%s'\n", rectype);
+		ABORT_FINALIZE(RS_RET_ERR);
+	}
+	*offs = atoll(value);
+finalize_it:
+	RETiRet;
+}
+
 static rsRetVal
 eiOpenAppend(gcryfile gf)
 {
@@ -177,13 +320,55 @@ eiClose(gcryfile gf, off64_t offsLogfile)
 	size_t len;
 	if(gf->fd == -1)
 		return;
-	/* 2^64 is 20 digits, so the snprintf buffer is large enough */
-	len = snprintf(offs, sizeof(offs), "%lld", offsLogfile);
-	eiWriteRec(gf, "END:", 4, offs, len);
+	if(gf->openMode == 'w') {
+		/* 2^64 is 20 digits, so the snprintf buffer is large enough */
+		len = snprintf(offs, sizeof(offs), "%lld", (long long) offsLogfile);
+		eiWriteRec(gf, "END:", 4, offs, len);
+	}
+	gcry_cipher_close(gf->chd);
+	free(gf->readBuf);
 	close(gf->fd);
+	gf->fd = -1;
 	DBGPRINTF("encryption info file %s: closed\n", gf->eiName);
 }
 
+/* this returns the number of bytes left inside the block or -1, if the block
+ * size is unbounded. The function automatically handles end-of-block and begins
+ * to read the next block in this case.
+ */
+rsRetVal
+gcryfileGetBytesLeftInBlock(gcryfile gf, ssize_t *left)
+{
+	DEFiRet;
+	if(gf->bytesToBlkEnd == 0) {
+		DBGPRINTF("libgcry: end of current crypto block\n");
+		gcry_cipher_close(gf->chd);
+		CHKiRet(rsgcryBlkBegin(gf));
+	}
+	*left = gf->bytesToBlkEnd;
+finalize_it:
+	// TODO: remove once this code is sufficiently well-proven
+	DBGPRINTF("gcryfileGetBytesLeftInBlock returns %lld, iRet %d\n", (long long) *left, iRet);
+	RETiRet;
+}
+
+/* this is a special functon for use by the rsyslog disk queue subsystem. It
+ * needs to have the capability to delete state when a queue file is rolled
+ * over. This simply generates the file name and deletes it. It must take care
+ * of "all" state files, which currently happens to be a single one.
+ */
+rsRetVal
+gcryfileDeleteState(uchar *logfn)
+{
+	char fn[MAXFNAME+1];
+	DEFiRet;
+	snprintf(fn, sizeof(fn), "%s%s", logfn, ENCINFO_SUFFIX);
+	fn[MAXFNAME] = '\0'; /* be on save side */
+	DBGPRINTF("crypto provider deletes state file '%s' on request\n", fn);
+	unlink(fn);
+	RETiRet;
+}
+
 static rsRetVal
 gcryfileConstruct(gcryctx ctx, gcryfile *pgf, uchar *logfn)
 {
@@ -193,6 +378,7 @@ gcryfileConstruct(gcryctx ctx, gcryfile *pgf, uchar *logfn)
 
 	CHKmalloc(gf = calloc(1, sizeof(struct gcryfile_s)));
 	gf->ctx = ctx;
+	gf->fd = -1;
 	snprintf(fn, sizeof(fn), "%s%s", logfn, ENCINFO_SUFFIX);
 	fn[MAXFNAME] = '\0'; /* be on save side */
 	gf->eiName = (uchar*) strdup(fn);
@@ -219,7 +405,12 @@ gcryfileDestruct(gcryfile gf, off64_t offsLogfile)
 	if(gf == NULL)
 		goto done;
 
+	DBGPRINTF("libgcry: close file %s\n", gf->eiName);
 	eiClose(gf, offsLogfile);
+	if(gf->bDeleteOnClose) {
+		DBGPRINTF("unlink file '%s' due to bDeleteOnClose set\n", gf->eiName);
+		unlink((char*)gf->eiName);
+	}
 	free(gf->eiName);
 	free(gf);
 done:	return r;
@@ -238,7 +429,7 @@ addPadding(gcryfile pF, uchar *buf, size_t *plen)
 	unsigned i;
 	size_t nPad;
 	nPad = (pF->blkLength - *plen % pF->blkLength) % pF->blkLength;
-	DBGPRINTF("libgcry: addPadding %d chars, blkLength %d, mod %d, pad %d\n",
+	DBGPRINTF("libgcry: addPadding %zd chars, blkLength %zd, mod %zd, pad %zd\n",
 		  *plen, pF->blkLength, *plen % pF->blkLength, nPad);
 	for(i = 0 ; i < nPad ; ++i)
 		buf[(*plen)+i] = 0x00;
@@ -246,13 +437,13 @@ addPadding(gcryfile pF, uchar *buf, size_t *plen)
 }
 
 static inline void
-removePadding(char *buf, size_t *plen)
+removePadding(uchar *buf, size_t *plen)
 {
 	unsigned len = (unsigned) *plen;
 	unsigned iSrc, iDst;
-	char *frstNUL;
+	uchar *frstNUL;
 
-	frstNUL = strchr(buf, 0x00);
+	frstNUL = (uchar*)strchr((char*)buf, 0x00);
 	if(frstNUL == NULL)
 		goto done;
 	iDst = iSrc = frstNUL - buf;
@@ -343,53 +534,123 @@ seedIV(gcryfile gf, uchar **iv)
 	}
 }
 
-rsRetVal
-rsgcryInitCrypt(gcryctx ctx, gcryfile *pgf, uchar *fname)
+static inline rsRetVal
+readIV(gcryfile gf, uchar **iv)
 {
-	gcry_error_t gcryError;
-	gcryfile gf = NULL;
-	uchar *iv = NULL;
+	rsRetVal localRet;
 	DEFiRet;
 
-	CHKiRet(gcryfileConstruct(ctx, &gf, fname));
+	if(gf->fd == -1) {
+		while(gf->fd == -1) {
+			localRet = eiOpenRead(gf);
+			if(localRet == RS_RET_EI_NO_EXISTS) {
+				/* wait until it is created */
+				srSleep(0, 10000);
+			} else {
+				CHKiRet(localRet);
+			}
+		}
+		CHKiRet(eiCheckFiletype(gf));
+	}
+	*iv = malloc(gf->blkLength); /* do NOT zero-out! */
+	CHKiRet(eiGetIV(gf, *iv, (size_t) gf->blkLength));
+finalize_it:
+	RETiRet;
+}
+
+/* this tries to read the END record. HOWEVER, no such record may be
+ * present, which is the case if we handle a currently-written to queue
+ * file. On the other hand, the queue file may contain multiple blocks. So
+ * what we do is try to see if there is a block end or not - and set the
+ * status accordingly. Note that once we found no end-of-block, we will never
+ * retry. This is because that case can never happen under current queue
+ * implementations. -- gerhards, 2013-05-16
+ */
+static inline rsRetVal
+readBlkEnd(gcryfile gf)
+{
+	off64_t blkEnd;
+	DEFiRet;
+
+	iRet = eiGetEND(gf, &blkEnd);
+	if(iRet == RS_RET_OK) {
+		gf->bytesToBlkEnd = (ssize_t) blkEnd;
+	} else if(iRet == RS_RET_NO_DATA) {
+		gf->bytesToBlkEnd = -1;
+	} else {
+		FINALIZE;
+	}
+		
+finalize_it:
+	RETiRet;
+}
 
-	gf->blkLength = gcry_cipher_get_algo_blklen(ctx->algo);
 
-	gcryError = gcry_cipher_open(&gf->chd, ctx->algo, ctx->mode, 0);
+/* Read the block begin metadata and set our state variables accordingly. Can also
+ * be used to init the first block in write case.
+ */
+static rsRetVal
+rsgcryBlkBegin(gcryfile gf)
+{
+	gcry_error_t gcryError;
+	uchar *iv = NULL;
+	DEFiRet;
+
+	gcryError = gcry_cipher_open(&gf->chd, gf->ctx->algo, gf->ctx->mode, 0);
 	if (gcryError) {
-		dbgprintf("gcry_cipher_open failed:  %s/%s\n",
-			gcry_strsource(gcryError),
-			gcry_strerror(gcryError));
+		DBGPRINTF("gcry_cipher_open failed:  %s/%s\n",
+			gcry_strsource(gcryError), gcry_strerror(gcryError));
 		ABORT_FINALIZE(RS_RET_ERR);
 	}
 
 	gcryError = gcry_cipher_setkey(gf->chd, gf->ctx->key, gf->ctx->keyLen);
 	if (gcryError) {
-		dbgprintf("gcry_cipher_setkey failed:  %s/%s\n",
-			gcry_strsource(gcryError),
-			gcry_strerror(gcryError));
+		DBGPRINTF("gcry_cipher_setkey failed:  %s/%s\n",
+			gcry_strsource(gcryError), gcry_strerror(gcryError));
 		ABORT_FINALIZE(RS_RET_ERR);
 	}
 
-	seedIV(gf, &iv);
+	if(gf->openMode == 'r') {
+		readIV(gf, &iv);
+		readBlkEnd(gf);
+	} else {
+		seedIV(gf, &iv);
+	}
+
 	gcryError = gcry_cipher_setiv(gf->chd, iv, gf->blkLength);
 	if (gcryError) {
-		dbgprintf("gcry_cipher_setiv failed:  %s/%s\n",
-			gcry_strsource(gcryError),
-			gcry_strerror(gcryError));
+		DBGPRINTF("gcry_cipher_setiv failed:  %s/%s\n",
+			gcry_strsource(gcryError), gcry_strerror(gcryError));
 		ABORT_FINALIZE(RS_RET_ERR);
 	}
-	CHKiRet(eiOpenAppend(gf));
-	CHKiRet(eiWriteIV(gf, iv));
-	*pgf = gf;
+
+	if(gf->openMode == 'w') {
+		CHKiRet(eiOpenAppend(gf));
+		CHKiRet(eiWriteIV(gf, iv));
+	}
 finalize_it:
 	free(iv);
+	RETiRet;
+}
+
+rsRetVal
+rsgcryInitCrypt(gcryctx ctx, gcryfile *pgf, uchar *fname, char openMode)
+{
+	gcryfile gf = NULL;
+	DEFiRet;
+
+	CHKiRet(gcryfileConstruct(ctx, &gf, fname));
+	gf->openMode = openMode;
+	gf->blkLength = gcry_cipher_get_algo_blklen(ctx->algo);
+	CHKiRet(rsgcryBlkBegin(gf));
+	*pgf = gf;
+finalize_it:
 	if(iRet != RS_RET_OK && gf != NULL)
 		gcryfileDestruct(gf, -1);
 	RETiRet;
 }
 
-int
+rsRetVal
 rsgcryEncrypt(gcryfile pF, uchar *buf, size_t *len)
 {
 	int gcryError;
@@ -410,6 +671,35 @@ finalize_it:
 	RETiRet;
 }
 
+/* TODO: handle multiple blocks
+ * test-read END record; if present, store offset, else unbounded (current active block)
+ * when decrypting, check if bound is reached. If yes, split into two blocks, get new IV for
+ * second one.
+ */
+rsRetVal
+rsgcryDecrypt(gcryfile pF, uchar *buf, size_t *len)
+{
+	gcry_error_t gcryError;
+	DEFiRet;
+	
+	if(pF->bytesToBlkEnd != -1)
+		pF->bytesToBlkEnd -= *len;
+	gcryError = gcry_cipher_decrypt(pF->chd, buf, *len, NULL, 0);
+	if(gcryError) {
+		DBGPRINTF("gcry_cipher_decrypt failed:  %s/%s\n",
+			gcry_strsource(gcryError),
+			gcry_strerror(gcryError));
+		ABORT_FINALIZE(RS_RET_ERR);
+	}
+	removePadding(buf, len);
+	// TODO: remove dbgprintf once things are sufficently stable -- rgerhards, 2013-05-16
+	dbgprintf("libgcry: decrypted, bytesToBlkEnd %lld, buffer is now '%50.50s'\n", (long long) pF->bytesToBlkEnd, buf);
+
+finalize_it:
+	RETiRet;
+}
+
+
 
 /* module-init dummy for potential later use */
 int