BadVPN – Blame information for rev 1

Subversion Repositories:
Rev:
Rev Author Line No. Line
1 office 1 /**
2 * @file SPProtoDecoder.c
3 * @author Ambroz Bizjak <ambrop7@gmail.com>
4 *
5 * @section LICENSE
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 * 3. Neither the name of the author nor the
15 * names of its contributors may be used to endorse or promote products
16 * derived from this software without specific prior written permission.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
22 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
25 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 */
29  
30 #include <string.h>
31  
32 #include <misc/balign.h>
33 #include <misc/byteorder.h>
34 #include <security/BHash.h>
35  
36 #include "SPProtoDecoder.h"
37  
38 #include <generated/blog_channel_SPProtoDecoder.h>
39  
40 #define PeerLog(_o, ...) BLog_LogViaFunc((_o)->logfunc, (_o)->user, BLOG_CURRENT_CHANNEL, __VA_ARGS__)
41  
42 static void decode_work_func (SPProtoDecoder *o)
43 {
44 ASSERT(o->in_len >= 0)
45 ASSERT(o->in_len <= o->input_mtu)
46  
47 uint8_t *in = o->in;
48 int in_len = o->in_len;
49  
50 o->tw_out_len = -1;
51  
52 uint8_t *plaintext;
53 int plaintext_len;
54  
55 // decrypt if needed
56 if (!SPPROTO_HAVE_ENCRYPTION(o->sp_params)) {
57 plaintext = in;
58 plaintext_len = in_len;
59 } else {
60 // input must be a multiple of blocks size
61 if (in_len % o->enc_block_size != 0) {
62 PeerLog(o, BLOG_WARNING, "packet size not a multiple of block size");
63 return;
64 }
65  
66 // input must have an IV block
67 if (in_len < o->enc_block_size) {
68 PeerLog(o, BLOG_WARNING, "packet does not have an IV");
69 return;
70 }
71  
72 // check if we have encryption key
73 if (!o->have_encryption_key) {
74 PeerLog(o, BLOG_WARNING, "have no encryption key");
75 return;
76 }
77  
78 // copy IV as BEncryption_Decrypt changes the IV
79 uint8_t iv[BENCRYPTION_MAX_BLOCK_SIZE];
80 memcpy(iv, in, o->enc_block_size);
81  
82 // decrypt
83 uint8_t *ciphertext = in + o->enc_block_size;
84 int ciphertext_len = in_len - o->enc_block_size;
85 plaintext = o->buf;
86 BEncryption_Decrypt(&o->encryptor, ciphertext, plaintext, ciphertext_len, iv);
87  
88 // read padding
89 if (ciphertext_len < o->enc_block_size) {
90 PeerLog(o, BLOG_WARNING, "packet does not have a padding block");
91 return;
92 }
93 int i;
94 for (i = ciphertext_len - 1; i >= ciphertext_len - o->enc_block_size; i--) {
95 if (plaintext[i] == 1) {
96 break;
97 }
98 if (plaintext[i] != 0) {
99 PeerLog(o, BLOG_WARNING, "packet padding wrong (nonzero byte)");
100 return;
101 }
102 }
103 if (i < ciphertext_len - o->enc_block_size) {
104 PeerLog(o, BLOG_WARNING, "packet padding wrong (all zeroes)");
105 return;
106 }
107 plaintext_len = i;
108 }
109  
110 // check for header
111 if (plaintext_len < SPPROTO_HEADER_LEN(o->sp_params)) {
112 PeerLog(o, BLOG_WARNING, "packet has no header");
113 return;
114 }
115 uint8_t *header = plaintext;
116  
117 // check data length
118 if (plaintext_len - SPPROTO_HEADER_LEN(o->sp_params) > o->output_mtu) {
119 PeerLog(o, BLOG_WARNING, "packet too long");
120 return;
121 }
122  
123 // check OTP
124 if (SPPROTO_HAVE_OTP(o->sp_params)) {
125 // remember seed and OTP (can't check from here)
126 struct spproto_otpdata header_otpd;
127 memcpy(&header_otpd, header + SPPROTO_HEADER_OTPDATA_OFF(o->sp_params), sizeof(header_otpd));
128 o->tw_out_seed_id = ltoh16(header_otpd.seed_id);
129 o->tw_out_otp = header_otpd.otp;
130 }
131  
132 // check hash
133 if (SPPROTO_HAVE_HASH(o->sp_params)) {
134 uint8_t *header_hash = header + SPPROTO_HEADER_HASH_OFF(o->sp_params);
135 // read hash
136 uint8_t hash[BHASH_MAX_SIZE];
137 memcpy(hash, header_hash, o->hash_size);
138 // zero hash in packet
139 memset(header_hash, 0, o->hash_size);
140 // calculate hash
141 uint8_t hash_calc[BHASH_MAX_SIZE];
142 BHash_calculate(o->sp_params.hash_mode, plaintext, plaintext_len, hash_calc);
143 // set hash field to its original value
144 memcpy(header_hash, hash, o->hash_size);
145 // compare hashes
146 if (memcmp(hash, hash_calc, o->hash_size)) {
147 PeerLog(o, BLOG_WARNING, "packet has wrong hash");
148 return;
149 }
150 }
151  
152 // return packet
153 o->tw_out = plaintext + SPPROTO_HEADER_LEN(o->sp_params);
154 o->tw_out_len = plaintext_len - SPPROTO_HEADER_LEN(o->sp_params);
155 }
156  
157 static void decode_work_handler (SPProtoDecoder *o)
158 {
159 ASSERT(o->in_len >= 0)
160 ASSERT(o->tw_have)
161 DebugObject_Access(&o->d_obj);
162  
163 // free work
164 BThreadWork_Free(&o->tw);
165 o->tw_have = 0;
166  
167 // check OTP
168 if (SPPROTO_HAVE_OTP(o->sp_params) && o->tw_out_len >= 0) {
169 if (!OTPChecker_CheckOTP(&o->otpchecker, o->tw_out_seed_id, o->tw_out_otp)) {
170 PeerLog(o, BLOG_WARNING, "packet has wrong OTP");
171 o->tw_out_len = -1;
172 }
173 }
174  
175 if (o->tw_out_len < 0) {
176 // cannot decode, finish input packet
177 PacketPassInterface_Done(&o->input);
178 o->in_len = -1;
179 } else {
180 // submit decoded packet to output
181 PacketPassInterface_Sender_Send(o->output, o->tw_out, o->tw_out_len);
182 }
183 }
184  
185 static void input_handler_send (SPProtoDecoder *o, uint8_t *data, int data_len)
186 {
187 ASSERT(data_len >= 0)
188 ASSERT(data_len <= o->input_mtu)
189 ASSERT(o->in_len == -1)
190 ASSERT(!o->tw_have)
191 DebugObject_Access(&o->d_obj);
192  
193 // remember input
194 o->in = data;
195 o->in_len = data_len;
196  
197 // start decoding
198 BThreadWork_Init(&o->tw, o->twd, (BThreadWork_handler_done)decode_work_handler, o, (BThreadWork_work_func)decode_work_func, o);
199 o->tw_have = 1;
200 }
201  
202 static void output_handler_done (SPProtoDecoder *o)
203 {
204 ASSERT(o->in_len >= 0)
205 ASSERT(!o->tw_have)
206 DebugObject_Access(&o->d_obj);
207  
208 // finish input packet
209 PacketPassInterface_Done(&o->input);
210 o->in_len = -1;
211 }
212  
213 static void maybe_stop_work_and_ignore (SPProtoDecoder *o)
214 {
215 ASSERT(!(o->tw_have) || o->in_len >= 0)
216  
217 if (o->tw_have) {
218 // free work
219 BThreadWork_Free(&o->tw);
220 o->tw_have = 0;
221  
222 // ignore packet, receive next one
223 PacketPassInterface_Done(&o->input);
224 o->in_len = -1;
225 }
226 }
227  
228 int SPProtoDecoder_Init (SPProtoDecoder *o, PacketPassInterface *output, struct spproto_security_params sp_params, int num_otp_seeds, BPendingGroup *pg, BThreadWorkDispatcher *twd, void *user, BLog_logfunc logfunc)
229 {
230 spproto_assert_security_params(sp_params);
231 ASSERT(spproto_carrier_mtu_for_payload_mtu(sp_params, PacketPassInterface_GetMTU(output)) >= 0)
232 ASSERT(!SPPROTO_HAVE_OTP(sp_params) || num_otp_seeds >= 2)
233  
234 // init arguments
235 o->output = output;
236 o->sp_params = sp_params;
237 o->twd = twd;
238 o->user = user;
239 o->logfunc = logfunc;
240  
241 // init output
242 PacketPassInterface_Sender_Init(o->output, (PacketPassInterface_handler_done)output_handler_done, o);
243  
244 // remember output MTU
245 o->output_mtu = PacketPassInterface_GetMTU(o->output);
246  
247 // calculate hash size
248 if (SPPROTO_HAVE_HASH(o->sp_params)) {
249 o->hash_size = BHash_size(o->sp_params.hash_mode);
250 }
251  
252 // calculate encryption block and key sizes
253 if (SPPROTO_HAVE_ENCRYPTION(o->sp_params)) {
254 o->enc_block_size = BEncryption_cipher_block_size(o->sp_params.encryption_mode);
255 o->enc_key_size = BEncryption_cipher_key_size(o->sp_params.encryption_mode);
256 }
257  
258 // calculate input MTU
259 o->input_mtu = spproto_carrier_mtu_for_payload_mtu(o->sp_params, o->output_mtu);
260  
261 // allocate plaintext buffer
262 if (SPPROTO_HAVE_ENCRYPTION(o->sp_params)) {
263 int buf_size = balign_up((SPPROTO_HEADER_LEN(o->sp_params) + o->output_mtu + 1), o->enc_block_size);
264 if (!(o->buf = (uint8_t *)malloc(buf_size))) {
265 goto fail0;
266 }
267 }
268  
269 // init input
270 PacketPassInterface_Init(&o->input, o->input_mtu, (PacketPassInterface_handler_send)input_handler_send, o, pg);
271  
272 // init OTP checker
273 if (SPPROTO_HAVE_OTP(o->sp_params)) {
274 if (!OTPChecker_Init(&o->otpchecker, o->sp_params.otp_num, o->sp_params.otp_mode, num_otp_seeds, o->twd)) {
275 goto fail1;
276 }
277 }
278  
279 // have no encryption key
280 if (SPPROTO_HAVE_ENCRYPTION(o->sp_params)) {
281 o->have_encryption_key = 0;
282 }
283  
284 // have no input packet
285 o->in_len = -1;
286  
287 // have no work
288 o->tw_have = 0;
289  
290 DebugObject_Init(&o->d_obj);
291  
292 return 1;
293  
294 fail1:
295 PacketPassInterface_Free(&o->input);
296 if (SPPROTO_HAVE_ENCRYPTION(o->sp_params)) {
297 free(o->buf);
298 }
299 fail0:
300 return 0;
301 }
302  
303 void SPProtoDecoder_Free (SPProtoDecoder *o)
304 {
305 DebugObject_Free(&o->d_obj);
306  
307 // free work
308 if (o->tw_have) {
309 BThreadWork_Free(&o->tw);
310 }
311  
312 // free encryptor
313 if (SPPROTO_HAVE_ENCRYPTION(o->sp_params) && o->have_encryption_key) {
314 BEncryption_Free(&o->encryptor);
315 }
316  
317 // free OTP checker
318 if (SPPROTO_HAVE_OTP(o->sp_params)) {
319 OTPChecker_Free(&o->otpchecker);
320 }
321  
322 // free input
323 PacketPassInterface_Free(&o->input);
324  
325 // free plaintext buffer
326 if (SPPROTO_HAVE_ENCRYPTION(o->sp_params)) {
327 free(o->buf);
328 }
329 }
330  
331 PacketPassInterface * SPProtoDecoder_GetInput (SPProtoDecoder *o)
332 {
333 DebugObject_Access(&o->d_obj);
334  
335 return &o->input;
336 }
337  
338 void SPProtoDecoder_SetEncryptionKey (SPProtoDecoder *o, uint8_t *encryption_key)
339 {
340 ASSERT(SPPROTO_HAVE_ENCRYPTION(o->sp_params))
341 DebugObject_Access(&o->d_obj);
342  
343 // stop existing work
344 maybe_stop_work_and_ignore(o);
345  
346 // free encryptor
347 if (o->have_encryption_key) {
348 BEncryption_Free(&o->encryptor);
349 }
350  
351 // init encryptor
352 BEncryption_Init(&o->encryptor, BENCRYPTION_MODE_DECRYPT, o->sp_params.encryption_mode, encryption_key);
353  
354 // have encryption key
355 o->have_encryption_key = 1;
356 }
357  
358 void SPProtoDecoder_RemoveEncryptionKey (SPProtoDecoder *o)
359 {
360 ASSERT(SPPROTO_HAVE_ENCRYPTION(o->sp_params))
361 DebugObject_Access(&o->d_obj);
362  
363 // stop existing work
364 maybe_stop_work_and_ignore(o);
365  
366 if (o->have_encryption_key) {
367 // free encryptor
368 BEncryption_Free(&o->encryptor);
369  
370 // have no encryption key
371 o->have_encryption_key = 0;
372 }
373 }
374  
375 void SPProtoDecoder_AddOTPSeed (SPProtoDecoder *o, uint16_t seed_id, uint8_t *key, uint8_t *iv)
376 {
377 ASSERT(SPPROTO_HAVE_OTP(o->sp_params))
378 DebugObject_Access(&o->d_obj);
379  
380 OTPChecker_AddSeed(&o->otpchecker, seed_id, key, iv);
381 }
382  
383 void SPProtoDecoder_RemoveOTPSeeds (SPProtoDecoder *o)
384 {
385 ASSERT(SPPROTO_HAVE_OTP(o->sp_params))
386 DebugObject_Access(&o->d_obj);
387  
388 OTPChecker_RemoveSeeds(&o->otpchecker);
389 }
390  
391 void SPProtoDecoder_SetHandlers (SPProtoDecoder *o, SPProtoDecoder_otp_handler otp_handler, void *user)
392 {
393 DebugObject_Access(&o->d_obj);
394  
395 if (SPPROTO_HAVE_OTP(o->sp_params)) {
396 OTPChecker_SetHandlers(&o->otpchecker, otp_handler, user);
397 }
398 }