/src/wget2/libwget/hpkp.c

Source (jump to first uncovered line)
/*
 * Copyright (c) 2015-2024 Free Software Foundation, Inc.
 *
 * This file is part of libwget.
 *
 * Libwget is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Lesser General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * Libwget is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public License
 * along with libwget.  If not, see <https://www.gnu.org/licenses/>.
 *
 *
 * HTTP Public Key Pinning (HPKP)
 */

#include <config.h>

#include <wget.h>
#include <string.h>
#include <stddef.h>
#include <ctype.h>
#include <sys/stat.h>
#include <limits.h>
#include "private.h"
#include "hpkp.h"

/**
 * \file
 * \brief HTTP Public Key Pinning (RFC 7469) routines
 * \defgroup libwget-hpkp HTTP Public Key Pinning (RFC 7469) routines
 * @{
 *
 * This is an implementation of RFC 7469.
 */

/*
 * Compare function for SPKI hashes. Returns 0 if they're equal.
 */
WGET_GCC_NONNULL_ALL
static int compare_pin(wget_hpkp_pin *p1, wget_hpkp_pin *p2)
{
  int n;

  if ((n = strcmp(p1->hash_type, p2->hash_type)))
    return n;

  if (p1->pinsize < p2->pinsize)
    return -1;

  if (p1->pinsize > p2->pinsize)
    return 1;

  return memcmp(p1->pin, p2->pin, p1->pinsize);
}

static void hpkp_pin_free(void *pin)
{
  wget_hpkp_pin *p = pin;

  if (p) {
    xfree(p->hash_type);
    xfree(p->pin);
    xfree(p->pin_b64);
    xfree(p);
  }
}

/**
 * \param[in] hpkp An HPKP database entry
 * \param[in] pin_type The type of hash supplied, e.g. "sha256"
 * \param[in] pin_b64 The public key hash in base64 format
 *
 * Adds a public key hash to HPKP database entry.
 */
void wget_hpkp_pin_add(wget_hpkp *hpkp, const char *pin_type, const char *pin_b64)
{
  wget_hpkp_pin *pin = wget_calloc(1, sizeof(wget_hpkp_pin));
  if (!pin)
    return;

  size_t len_b64 = strlen(pin_b64);

  pin->hash_type = wget_strdup(pin_type);
  pin->pin_b64 = wget_strdup(pin_b64);
  pin->pin = (unsigned char *) wget_base64_decode_alloc(pin_b64, len_b64, &pin->pinsize);

  if (!hpkp->pins) {
    hpkp->pins = wget_vector_create(5, (wget_vector_compare_fn *) compare_pin);
    wget_vector_set_destructor(hpkp->pins, hpkp_pin_free);
  }

  wget_vector_add(hpkp->pins, pin);
}

/**
 * \param[in] hpkp An HPKP database entry
 *
 * Free hpkp_t instance created by wget_hpkp_new()
 * It can be used as destructor function in vectors and hashmaps.
 * If `hpkp` is NULL this function does nothing.
 */
void wget_hpkp_free(wget_hpkp *hpkp)
{
  if (hpkp) {
    xfree(hpkp->host);
    wget_vector_free(&hpkp->pins);
    xfree(hpkp);
  }
}

/*
 * TODO HPKP: wget_hpkp_new() should get an IRI rather than a string, and check by itself
 * whether it is HTTPS, not an IP literal, etc.
 *
 * This is also applicable to HSTS.
 */
/**
 * \return A newly allocated and initialized HPKP structure
 *
 * Creates a new HPKP structure initialized with the given values.
 */
wget_hpkp *wget_hpkp_new(void)
{
  wget_hpkp *hpkp = wget_calloc(1, sizeof(wget_hpkp));

  if (hpkp)
    hpkp->created = time(NULL);

  return hpkp;
}

/**
 * \param[in] hpkp An HPKP database entry
 * \param[in] host Hostname of the web server
 *
 * Sets the hostname of the web server into given HPKP database entry.
 */
void wget_hpkp_set_host(wget_hpkp *hpkp, const char *host)
{
  xfree(hpkp->host);
  hpkp->host = wget_strdup(host);
}

/**
 * \param[in] hpkp An HPKP database entry
 * \param[in] maxage Maximum time the entry is valid (in seconds)
 *
 * Sets the maximum time the HPKP entry is valid.
 * Corresponds to `max-age` directive in `Public-Key-Pins` HTTP response header.
 */
void wget_hpkp_set_maxage(wget_hpkp *hpkp, int64_t maxage)
{
  int64_t now;

  // avoid integer overflow here
  if (maxage <= 0 || maxage >= INT64_MAX / 2 || (now = time(NULL)) < 0 || now >= INT64_MAX / 2) {
    hpkp->maxage = 0;
    hpkp->expires = 0;
  } else {
    hpkp->maxage = maxage;
    hpkp->expires = now + maxage;
  }
}

/**
 * \param[in] hpkp An HPKP database entry
 * \param[in] include_subdomains Nonzero if this entry is also valid for all subdomains, zero otherwise.
 *
 * Sets whether the entry is also valid for all subdomains.
 * Corresponds to the optional `includeSubDomains` directive in `Public-Key-Pins` HTTP response header.
 */
void wget_hpkp_set_include_subdomains(wget_hpkp *hpkp, bool include_subdomains)
{
  hpkp->include_subdomains = include_subdomains;
}

/**
 * \param[in] hpkp An HPKP database entry
 * \return The number of public key hashes added.
 *
 * Gets the number of public key hashes added to the given HPKP database entry.
 */
int wget_hpkp_get_n_pins(wget_hpkp *hpkp)
{
  return wget_vector_size(hpkp->pins);
}

/**
 * \param[in] hpkp An HPKP database entry
 * \param[out] pin_types An array of pointers where hash types will be stored.
 * \param[out] pins_b64 An array of pointers where the public keys in base64 format will be stored
 *
 * Gets all the public key hashes added to the given HPKP database entry.
 *
 * The size of the arrays used must be at least one returned by \ref wget_hpkp_get_n_pins "wget_hpkp_get_n_pins()".
 */
void wget_hpkp_get_pins_b64(wget_hpkp *hpkp, const char **pin_types, const char **pins_b64)
{
  int i, n_pins;

  n_pins = wget_vector_size(hpkp->pins);

  for (i = 0; i < n_pins; i++) {
    wget_hpkp_pin *pin = (wget_hpkp_pin *) wget_vector_get(hpkp->pins, i);
    if (!pin)
      continue;
    pin_types[i] = pin->hash_type;
    pins_b64[i] = pin->pin_b64;
  }
}

/**
 * \param[in] hpkp An HPKP database entry
 * \param[out] pin_types An array of pointers where hash types will be stored.
 * \param[out] sizes An array of sizes where pin sizes will be stored.
 * \param[out] pins An array of pointers where the public keys in binary format will be stored
 *
 * Gets all the public key hashes added to the given HPKP database entry.
 *
 * The size of the arrays used must be at least one returned by \ref wget_hpkp_get_n_pins "wget_hpkp_get_n_pins()".
 */
void wget_hpkp_get_pins(wget_hpkp *hpkp, const char **pin_types, size_t *sizes, const void **pins)
{
  int i, n_pins;

  n_pins = wget_vector_size(hpkp->pins);

  for (i = 0; i < n_pins; i++) {
    wget_hpkp_pin *pin = (wget_hpkp_pin *) wget_vector_get(hpkp->pins, i);
    if (!pin)
      continue;
    pin_types[i] = pin->hash_type;
    sizes[i] = pin->pinsize;
    pins[i] = pin->pin;
  }
}

/**
 * \param[in] hpkp An HPKP database entry
 * \return The hostname this entry is valid for
 *
 * Gets the hostname this entry is valid for, as set by \ref wget_hpkp_set_host "wget_hpkp_set_host()"
 */
const char * wget_hpkp_get_host(wget_hpkp *hpkp)
{
  return hpkp->host;
}

/**
 * \param[in] hpkp An HPKP database entry
 * \return The maximum time (in seconds) the entry is valid
 *
 * Gets the maximum time this entry is valid for, as set by \ref wget_hpkp_set_maxage "wget_hpkp_set_maxage()"
 */
int64_t wget_hpkp_get_maxage(wget_hpkp *hpkp)
{
  return hpkp->maxage;
}

/**
 * \param[in] hpkp An HPKP database entry
 * \return `true` if the HPKP entry is also valid for all subdomains, `false` otherwise
 *
 * Gets whether the HPKP database entry is also valid for the subdomains.
 */
bool wget_hpkp_get_include_subdomains(wget_hpkp *hpkp)
{
  return hpkp->include_subdomains;
}

/**@}*/

Coverage Report

Created: 2025-01-28 06:58

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Copyright (c) 2015-2024 Free Software Foundation, Inc.
3		*
4		* This file is part of libwget.
5		*
6		* Libwget is free software: you can redistribute it and/or modify
7		* it under the terms of the GNU Lesser General Public License as published by
8		* the Free Software Foundation, either version 3 of the License, or
9		* (at your option) any later version.
10		*
11		* Libwget is distributed in the hope that it will be useful,
12		* but WITHOUT ANY WARRANTY; without even the implied warranty of
13		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14		* GNU Lesser General Public License for more details.
15		*
16		* You should have received a copy of the GNU Lesser General Public License
17		* along with libwget. If not, see <https://www.gnu.org/licenses/>.
18		*
19		*
20		* HTTP Public Key Pinning (HPKP)
21		*/
22
23		#include <config.h>
24
25		#include <wget.h>
26		#include <string.h>
27		#include <stddef.h>
28		#include <ctype.h>
29		#include <sys/stat.h>
30		#include <limits.h>
31		#include "private.h"
32		#include "hpkp.h"
33
34		/**
35		* \file
36		* \brief HTTP Public Key Pinning (RFC 7469) routines
37		* \defgroup libwget-hpkp HTTP Public Key Pinning (RFC 7469) routines
38		* @{
39		*
40		* This is an implementation of RFC 7469.
41		*/
42
43		/*
44		* Compare function for SPKI hashes. Returns 0 if they're equal.
45		*/
46		WGET_GCC_NONNULL_ALL
47		static int compare_pin(wget_hpkp_pin p1, wget_hpkp_pin p2)
48	4.41k	{
49	4.41k	int n;
50
51	4.41k	if ((n = strcmp(p1->hash_type, p2->hash_type)))
52	1.45k	return n;
53
54	2.96k	if (p1->pinsize < p2->pinsize)
55	42	return -1;
56
57	2.92k	if (p1->pinsize > p2->pinsize)
58	96	return 1;
59
60	2.82k	return memcmp(p1->pin, p2->pin, p1->pinsize);
61	2.92k	}
62
63		static void hpkp_pin_free(void *pin)
64	6.86k	{
65	6.86k	wget_hpkp_pin *p = pin;
66
67	6.86k	if (p) {
68	6.86k	xfree(p->hash_type);
69	6.86k	xfree(p->pin);
70	6.86k	xfree(p->pin_b64);
71	6.86k	xfree(p);
72	6.86k	}
73	6.86k	}
74
75		/**
76		* \param[in] hpkp An HPKP database entry
77		* \param[in] pin_type The type of hash supplied, e.g. "sha256"
78		* \param[in] pin_b64 The public key hash in base64 format
79		*
80		* Adds a public key hash to HPKP database entry.
81		*/
82		void wget_hpkp_pin_add(wget_hpkp hpkp, const char pin_type, const char *pin_b64)
83	6.86k	{
84	6.86k	wget_hpkp_pin *pin = wget_calloc(1, sizeof(wget_hpkp_pin));
85	6.86k	if (!pin)
86	0	return;
87
88	6.86k	size_t len_b64 = strlen(pin_b64);
89
90	6.86k	pin->hash_type = wget_strdup(pin_type);
91	6.86k	pin->pin_b64 = wget_strdup(pin_b64);
92	6.86k	pin->pin = (unsigned char *) wget_base64_decode_alloc(pin_b64, len_b64, &pin->pinsize);
93
94	6.86k	if (!hpkp->pins) {
95	1.86k	hpkp->pins = wget_vector_create(5, (wget_vector_compare_fn *) compare_pin);
96	1.86k	wget_vector_set_destructor(hpkp->pins, hpkp_pin_free);
97	1.86k	}
98
99	6.86k	wget_vector_add(hpkp->pins, pin);
100	6.86k	}
101
102		/**
103		* \param[in] hpkp An HPKP database entry
104		*
105		* Free hpkp_t instance created by wget_hpkp_new()
106		* It can be used as destructor function in vectors and hashmaps.
107		* If `hpkp` is NULL this function does nothing.
108		*/
109		void wget_hpkp_free(wget_hpkp *hpkp)
110	8.61k	{
111	8.61k	if (hpkp) {
112	3.05k	xfree(hpkp->host);
113	3.05k	wget_vector_free(&hpkp->pins);
114	3.05k	xfree(hpkp);
115	3.05k	}
116	8.61k	}
117
118		/*
119		* TODO HPKP: wget_hpkp_new() should get an IRI rather than a string, and check by itself
120		* whether it is HTTPS, not an IP literal, etc.
121		*
122		* This is also applicable to HSTS.
123		*/
124		/**
125		* \return A newly allocated and initialized HPKP structure
126		*
127		* Creates a new HPKP structure initialized with the given values.
128		*/
129		wget_hpkp *wget_hpkp_new(void)
130	3.05k	{
131	3.05k	wget_hpkp *hpkp = wget_calloc(1, sizeof(wget_hpkp));
132
133	3.05k	if (hpkp)
134	3.05k	hpkp->created = time(NULL);
135
136	3.05k	return hpkp;
137	3.05k	}
138
139		/**
140		* \param[in] hpkp An HPKP database entry
141		* \param[in] host Hostname of the web server
142		*
143		* Sets the hostname of the web server into given HPKP database entry.
144		*/
145		void wget_hpkp_set_host(wget_hpkp hpkp, const char host)
146	0	{
147	0	xfree(hpkp->host);
148	0	hpkp->host = wget_strdup(host);
149	0	}
150
151		/**
152		* \param[in] hpkp An HPKP database entry
153		* \param[in] maxage Maximum time the entry is valid (in seconds)
154		*
155		* Sets the maximum time the HPKP entry is valid.
156		* Corresponds to `max-age` directive in `Public-Key-Pins` HTTP response header.
157		*/
158		void wget_hpkp_set_maxage(wget_hpkp *hpkp, int64_t maxage)
159	783	{
160	783	int64_t now;
161
162		// avoid integer overflow here
163	783	if (maxage <= 0 \|\| maxage >= INT64_MAX / 2 \|\| (now = time(NULL)) < 0 \|\| now >= INT64_MAX / 2) {
164	474	hpkp->maxage = 0;
165	474	hpkp->expires = 0;
166	474	} else {
167	309	hpkp->maxage = maxage;
168	309	hpkp->expires = now + maxage;
169	309	}
170	783	}
171
172		/**
173		* \param[in] hpkp An HPKP database entry
174		* \param[in] include_subdomains Nonzero if this entry is also valid for all subdomains, zero otherwise.
175		*
176		* Sets whether the entry is also valid for all subdomains.
177		* Corresponds to the optional `includeSubDomains` directive in `Public-Key-Pins` HTTP response header.
178		*/
179		void wget_hpkp_set_include_subdomains(wget_hpkp *hpkp, bool include_subdomains)
180	1.35k	{
181	1.35k	hpkp->include_subdomains = include_subdomains;
182	1.35k	}
183
184		/**
185		* \param[in] hpkp An HPKP database entry
186		* \return The number of public key hashes added.
187		*
188		* Gets the number of public key hashes added to the given HPKP database entry.
189		*/
190		int wget_hpkp_get_n_pins(wget_hpkp *hpkp)
191	0	{
192	0	return wget_vector_size(hpkp->pins);
193	0	}
194
195		/**
196		* \param[in] hpkp An HPKP database entry
197		* \param[out] pin_types An array of pointers where hash types will be stored.
198		* \param[out] pins_b64 An array of pointers where the public keys in base64 format will be stored
199		*
200		* Gets all the public key hashes added to the given HPKP database entry.
201		*
202		* The size of the arrays used must be at least one returned by \ref wget_hpkp_get_n_pins "wget_hpkp_get_n_pins()".
203		*/
204		void wget_hpkp_get_pins_b64(wget_hpkp hpkp, const char pin_types, const char *pins_b64)
205	0	{
206	0	int i, n_pins;
207
208	0	n_pins = wget_vector_size(hpkp->pins);
209
210	0	for (i = 0; i < n_pins; i++) {
211	0	wget_hpkp_pin pin = (wget_hpkp_pin ) wget_vector_get(hpkp->pins, i);
212	0	if (!pin)
213	0	continue;
214	0	pin_types[i] = pin->hash_type;
215	0	pins_b64[i] = pin->pin_b64;
216	0	}
217	0	}
218
219		/**
220		* \param[in] hpkp An HPKP database entry
221		* \param[out] pin_types An array of pointers where hash types will be stored.
222		* \param[out] sizes An array of sizes where pin sizes will be stored.
223		* \param[out] pins An array of pointers where the public keys in binary format will be stored
224		*
225		* Gets all the public key hashes added to the given HPKP database entry.
226		*
227		* The size of the arrays used must be at least one returned by \ref wget_hpkp_get_n_pins "wget_hpkp_get_n_pins()".
228		*/
229		void wget_hpkp_get_pins(wget_hpkp hpkp, const char pin_types, size_t sizes, const void **pins)
230	0	{
231	0	int i, n_pins;
232
233	0	n_pins = wget_vector_size(hpkp->pins);
234
235	0	for (i = 0; i < n_pins; i++) {
236	0	wget_hpkp_pin pin = (wget_hpkp_pin ) wget_vector_get(hpkp->pins, i);
237	0	if (!pin)
238	0	continue;
239	0	pin_types[i] = pin->hash_type;
240	0	sizes[i] = pin->pinsize;
241	0	pins[i] = pin->pin;
242	0	}
243	0	}
244
245		/**
246		* \param[in] hpkp An HPKP database entry
247		* \return The hostname this entry is valid for
248		*
249		* Gets the hostname this entry is valid for, as set by \ref wget_hpkp_set_host "wget_hpkp_set_host()"
250		*/
251		const char * wget_hpkp_get_host(wget_hpkp *hpkp)
252	0	{
253	0	return hpkp->host;
254	0	}
255
256		/**
257		* \param[in] hpkp An HPKP database entry
258		* \return The maximum time (in seconds) the entry is valid
259		*
260		* Gets the maximum time this entry is valid for, as set by \ref wget_hpkp_set_maxage "wget_hpkp_set_maxage()"
261		*/
262		int64_t wget_hpkp_get_maxage(wget_hpkp *hpkp)
263	0	{
264	0	return hpkp->maxage;
265	0	}
266
267		/**
268		* \param[in] hpkp An HPKP database entry
269		* \return `true` if the HPKP entry is also valid for all subdomains, `false` otherwise
270		*
271		* Gets whether the HPKP database entry is also valid for the subdomains.
272		*/
273		bool wget_hpkp_get_include_subdomains(wget_hpkp *hpkp)
274	0	{
275	0	return hpkp->include_subdomains;
276	0	}
277
278		/*@}/