base64: use the Rust base64 encode implementation

Replace our internal base64 implementation with a ffi wrapper
around the Rust implementation provided by an external crate.

rust/src/ffi/base64.rs

@@ -0,0 +1,62 @@
+/* Copyright (C) 2021 Open Information Security Foundation
+ *
+ * You can copy, redistribute or modify this Program under the terms of
+ * the GNU General Public License version 2 as published by the Free
+ * Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * version 2 along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+use std::os::raw::c_uchar;
+use libc::c_ulong;
+
+#[repr(C)]
+#[allow(non_camel_case_types)]
+pub enum Base64ReturnCode {
+    SC_BASE64_OK = 0,
+    SC_BASE64_INVALID_ARG,
+    SC_BASE64_OVERFLOW,
+}
+
+/// Base64 encode a buffer.
+///
+/// This method exposes the Rust base64 encoder to C and should not be called from
+/// Rust code.
+///
+/// The output parameter must be an allocated buffer of at least the size returned
+/// from Base64EncodeBufferSize for the input_len, and this length must be provided
+/// in the output_len variable.
+#[no_mangle]
+pub unsafe extern "C" fn Base64Encode(
+    input: *const u8, input_len: c_ulong, output: *mut c_uchar, output_len: *mut c_ulong,
+) -> Base64ReturnCode {
+    if input.is_null() || output.is_null() || output_len.is_null() {
+        return Base64ReturnCode::SC_BASE64_INVALID_ARG;
+    }
+    let input = std::slice::from_raw_parts(input, input_len as usize);
+    let encoded = base64::encode(input);
+    if encoded.len() + 1 > *output_len as usize {
+        return Base64ReturnCode::SC_BASE64_OVERFLOW;
+    }
+    let output = std::slice::from_raw_parts_mut(&mut *(output as *mut u8), *output_len as usize);
+    output[0..encoded.len()].copy_from_slice(encoded.as_bytes());
+    output[encoded.len()] = 0;
+    *output_len = encoded.len() as c_ulong;
+    Base64ReturnCode::SC_BASE64_OK
+}
+
+/// Ratio of output bytes to input bytes for Base64 Encoding is 4:3, hence the
+/// required output bytes are 4 * ceil(input_len / 3) and an additional byte for
+/// storing the NULL pointer.
+#[no_mangle]
+pub extern "C" fn Base64EncodeBufferSize(len: c_ulong) -> c_ulong {
+    (4 * ((len) + 2) / 3) + 1
+}

rust/src/ffi/mod.rs

@@ -16,3 +16,4 @@
  */
 
 pub mod hashing;
+pub mod base64;

scripts/dnp3-gen/dnp3-gen.py

@@ -150,8 +150,6 @@ output_json_dnp3_objects_template = """/* Copyright (C) 2015 Open Information Se
 
 #include "suricata-common.h"
 
-#include "util-crypt.h"
-
 #include "app-layer-dnp3.h"
 #include "app-layer-dnp3-objects.h"
 #include "output-json-dnp3-objects.h"

src/Makefile.am

@@ -500,7 +500,6 @@ noinst_HEADERS = \
 	util-config.h \
 	util-coredump-config.h \
 	util-cpu.h \
-	util-crypt.h \
 	util-daemon.h \
 	util-debug-filters.h \
 	util-debug.h \
@@ -1068,7 +1067,6 @@ libsuricata_c_a_SOURCES = \
 	util-conf.c \
 	util-coredump-config.c \
 	util-cpu.c \
-	util-crypt.c \
 	util-daemon.c \
 	util-debug.c \
 	util-debug-filters.c \

src/app-layer-ssl.c

@@ -42,7 +42,6 @@
 #include "decode-events.h"
 #include "conf.h"
 
-#include "util-crypt.h"
 #include "util-spm.h"
 #include "util-unittest.h"
 #include "util-debug.h"

src/datasets-md5.c

@@ -27,7 +27,6 @@
 #include "datasets-md5.h"
 #include "util-thash.h"
 #include "util-print.h"
-#include "util-crypt.h"     // encode base64
 #include "util-base64.h"    // decode base64
 
 int Md5StrSet(void *dst, void *src)

src/datasets-sha256.c

@@ -27,7 +27,6 @@
 #include "datasets-sha256.h"
 #include "util-thash.h"
 #include "util-print.h"
-#include "util-crypt.h"     // encode base64
 #include "util-base64.h"    // decode base64
 
 int Sha256StrSet(void *dst, void *src)

src/datasets-string.c

@@ -27,8 +27,8 @@
 #include "datasets-string.h"
 #include "util-thash.h"
 #include "util-print.h"
-#include "util-crypt.h"     // encode base64
 #include "util-base64.h"    // decode base64
+#include "rust.h"
 
 #if 0
 static int StringAsAscii(const void *s, char *out, size_t out_size)
@@ -47,7 +47,7 @@ int StringAsBase64(const void *s, char *out, size_t out_size)
 {
     const StringType *str = s;
 
-    unsigned long len = BASE64_BUFFER_SIZE(str->len);
+    unsigned long len = Base64EncodeBufferSize(str->len);
     uint8_t encoded_data[len];
     if (Base64Encode((unsigned char *)str->ptr, str->len,
         encoded_data, &len) != SC_BASE64_OK)

src/datasets.c

@@ -30,7 +30,6 @@
 #include "datasets-reputation.h"
 #include "util-thash.h"
 #include "util-print.h"
-#include "util-crypt.h"     // encode base64
 #include "util-base64.h"    // decode base64
 #include "util-byte.h"
 #include "util-misc.h"

src/log-tlslog.c

@@ -50,7 +50,6 @@
 #include "util-buffer.h"
 
 #include "util-logopenfile.h"
-#include "util-crypt.h"
 #include "util-time.h"
 #include "log-cf-common.h"
 

src/log-tlsstore.c

@@ -51,7 +51,6 @@
 #include "util-buffer.h"
 
 #include "util-logopenfile.h"
-#include "util-crypt.h"
 #include "util-time.h"
 
 #define MODULE_NAME "LogTlsStoreLog"
@@ -123,7 +122,7 @@ static void LogTlsLogPem(LogTlsStoreLogThread *aft, const Packet *p, SSLState *s
     }
 
     TAILQ_FOREACH(cert, &state->server_connp.certs, next) {
-        pemlen = BASE64_BUFFER_SIZE(cert->cert_len);
+        pemlen = Base64EncodeBufferSize(cert->cert_len);
         if (pemlen > aft->enc_buf_len) {
             ptmp = (uint8_t*) SCRealloc(aft->enc_buf, sizeof(uint8_t) * pemlen);
             if (ptmp == NULL) {

src/output-json-alert.c

@@ -80,7 +80,6 @@
 #include "util-proto-name.h"
 #include "util-optimize.h"
 #include "util-buffer.h"
-#include "util-crypt.h"
 #include "util-validate.h"
 
 #define MODULE_NAME "JsonAlertLog"

src/output-json-anomaly.c

@@ -55,7 +55,6 @@
 #include "util-proto-name.h"
 #include "util-optimize.h"
 #include "util-buffer.h"
-#include "util-crypt.h"
 #include "util-validate.h"
 
 #define MODULE_NAME "JsonAnomalyLog"

src/output-json-dnp3-objects.c

@@ -24,8 +24,6 @@
 
 #include "suricata-common.h"
 
-#include "util-crypt.h"
-
 #include "app-layer-dnp3.h"
 #include "app-layer-dnp3-objects.h"
 #include "output-json-dnp3-objects.h"

src/output-json-dnp3.c

@@ -28,7 +28,6 @@
 #include "util-print.h"
 #include "util-unittest.h"
 #include "util-buffer.h"
-#include "util-crypt.h"
 #include "util-debug.h"
 
 #include "app-layer.h"

src/output-json-email-common.c

@@ -48,7 +48,6 @@
 #include "util-byte.h"
 
 #include "util-logopenfile.h"
-#include "util-crypt.h"
 
 #include "output-json.h"
 #include "output-json-email-common.h"

src/output-json-http.c

@@ -49,7 +49,6 @@
 #include "util-proto-name.h"
 #include "util-logopenfile.h"
 #include "util-time.h"
-#include "util-crypt.h"
 #include "output-json.h"
 #include "output-json-alert.h"
 #include "output-json-http.h"

src/output-json-http2.c

@@ -45,7 +45,6 @@
 #include "util-buffer.h"
 
 #include "util-logopenfile.h"
-#include "util-crypt.h"
 
 #include "output-json.h"
 #include "output-json-http2.h"

src/output-json-metadata.c

@@ -61,7 +61,6 @@
 #include "util-proto-name.h"
 #include "util-optimize.h"
 #include "util-buffer.h"
-#include "util-crypt.h"
 
 #define MODULE_NAME "JsonMetadataLog"
 

src/output-json-ssh.c

@@ -45,7 +45,6 @@
 #include "util-buffer.h"
 
 #include "util-logopenfile.h"
-#include "util-crypt.h"
 
 #include "output-json.h"
 #include "output-json-ssh.h"

src/output-json-stats.c

@@ -43,7 +43,6 @@
 #include "util-buffer.h"
 
 #include "util-logopenfile.h"
-#include "util-crypt.h"
 
 #include "output-json.h"
 #include "output-json-stats.h"

src/output-json-tls.c

@@ -45,7 +45,6 @@
 #include "util-buffer.h"
 
 #include "util-logopenfile.h"
-#include "util-crypt.h"
 #include "util-ja3.h"
 
 #include "output-json.h"

src/output-json.c

@@ -59,7 +59,6 @@
 #include "util-log-redis.h"
 #include "util-device.h"
 #include "util-validate.h"
-#include "util-crypt.h"
 #include "util-plugin.h"
 
 #include "flow-var.h"

src/util-crypt.c

@@ -1,74 +0,0 @@
-/* Copyright (C) 2007-2012 Open Information Security Foundation
- *
- * You can copy, redistribute or modify this Program under the terms of
- * the GNU General Public License version 2 as published by the Free
- * Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * version 2 along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301, USA.
- */
-
-/**
- * \file
- *
- * \author Roliers Jean-Paul <popof.fpn@gmail.co>
- *
- * Implements cryptographic functions.
- * Based on the libtomcrypt library ( http://libtom.org/?page=features&newsitems=5&whatfile=crypt )
- * 
- * Implementation of function using NSS is not linked with libtomcrypt.
- */
-
-#include "suricata-common.h"
-#include "suricata.h"
-#include "util-crypt.h"
-
-static const char *b64codes = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
-
-int Base64Encode(const unsigned char *in,  unsigned long inlen,
-                        unsigned char *out, unsigned long *outlen)
-{
-   unsigned long i, len2, leven;
-   unsigned char *p;
-   if(in == NULL || out == NULL || outlen == NULL)
-   {
-       return SC_BASE64_INVALID_ARG;
-   }
-   /* valid output size ? */
-   len2 = 4 * ((inlen + 2) / 3);
-   if (*outlen < len2 + 1) {
-      *outlen = len2 + 1;
-      return SC_BASE64_OVERFLOW;
-   }
-   p = out;
-   leven = 3*(inlen / 3);
-   for (i = 0; i < leven; i += 3) {
-       *p++ = b64codes[(in[0] >> 2) & 0x3F];
-       *p++ = b64codes[(((in[0] & 3) << 4) + (in[1] >> 4)) & 0x3F];
-       *p++ = b64codes[(((in[1] & 0xf) << 2) + (in[2] >> 6)) & 0x3F];
-       *p++ = b64codes[in[2] & 0x3F];
-       in += 3;
-   }
-   /* Pad it if necessary...  */
-   if (i < inlen) {
-       unsigned a = in[0];
-       unsigned b = (i+1 < inlen) ? in[1] : 0;
-
-       *p++ = b64codes[(a >> 2) & 0x3F];
-       *p++ = b64codes[(((a & 3) << 4) + (b >> 4)) & 0x3F];
-       *p++ = (i+1 < inlen) ? b64codes[(((b & 0xf) << 2)) & 0x3F] : '=';
-       *p++ = '=';
-   }
-   /* append a NULL byte */
-   *p = '\0';
-   /* return ok */
-   *outlen = p - out;
-   return SC_BASE64_OK;
-}

src/util-crypt.h

@@ -1,47 +0,0 @@
-/* Copyright (C) 2007-2012 Open Information Security Foundation
- *
- * You can copy, redistribute or modify this Program under the terms of
- * the GNU General Public License version 2 as published by the Free
- * Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * version 2 along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301, USA.
- */
-
-/**
- * \file
- *
- * \author Roliers Jean-Paul <popof.fpn@gmail.co>
- *
- * Implements cryptographic functions.
- * Based on the libtomcrypt library ( http://libtom.org/?page=features&newsitems=5&whatfile=crypt )
- */
-
-#ifndef UTIL_CRYPT_H_
-#define UTIL_CRYPT_H_
-
-#include "suricata-common.h"
-
-/* Ratio of output bytes to input bytes for Base64 Encoding is 4:3, hence the
- * required output bytes are 4 * ceil(input_len / 3) and an additional byte
- * for storing the NULL pointer.
- * */
-#define BASE64_BUFFER_SIZE(x)  ((4 * ((x) + 2) / 3) + 1)
-
-typedef enum {
-    SC_BASE64_OK,
-    SC_BASE64_INVALID_ARG,
-    SC_BASE64_OVERFLOW,
-
-} CryptId;
-
-int Base64Encode(const unsigned char *in,  unsigned long inlen, unsigned char *out, unsigned long *outlen);
-
-#endif /* UTIL_CRYPT_H_ */