BadVPN – Blame information for rev 1
?pathlinks?
Rev | Author | Line No. | Line |
---|---|---|---|
1 | office | 1 | /** |
2 | * @file SPProtoDecoder.c |
||
3 | * @author Ambroz Bizjak <ambrop7@gmail.com> |
||
4 | * |
||
5 | * @section LICENSE |
||
6 | * |
||
7 | * Redistribution and use in source and binary forms, with or without |
||
8 | * modification, are permitted provided that the following conditions are met: |
||
9 | * 1. Redistributions of source code must retain the above copyright |
||
10 | * notice, this list of conditions and the following disclaimer. |
||
11 | * 2. Redistributions in binary form must reproduce the above copyright |
||
12 | * notice, this list of conditions and the following disclaimer in the |
||
13 | * documentation and/or other materials provided with the distribution. |
||
14 | * 3. Neither the name of the author nor the |
||
15 | * names of its contributors may be used to endorse or promote products |
||
16 | * derived from this software without specific prior written permission. |
||
17 | * |
||
18 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND |
||
19 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
||
20 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE |
||
21 | * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY |
||
22 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES |
||
23 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
||
24 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND |
||
25 | * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
||
26 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS |
||
27 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
||
28 | */ |
||
29 | |||
30 | #include <string.h> |
||
31 | |||
32 | #include <misc/balign.h> |
||
33 | #include <misc/byteorder.h> |
||
34 | #include <security/BHash.h> |
||
35 | |||
36 | #include "SPProtoDecoder.h" |
||
37 | |||
38 | #include <generated/blog_channel_SPProtoDecoder.h> |
||
39 | |||
40 | #define PeerLog(_o, ...) BLog_LogViaFunc((_o)->logfunc, (_o)->user, BLOG_CURRENT_CHANNEL, __VA_ARGS__) |
||
41 | |||
42 | static void decode_work_func (SPProtoDecoder *o) |
||
43 | { |
||
44 | ASSERT(o->in_len >= 0) |
||
45 | ASSERT(o->in_len <= o->input_mtu) |
||
46 | |||
47 | uint8_t *in = o->in; |
||
48 | int in_len = o->in_len; |
||
49 | |||
50 | o->tw_out_len = -1; |
||
51 | |||
52 | uint8_t *plaintext; |
||
53 | int plaintext_len; |
||
54 | |||
55 | // decrypt if needed |
||
56 | if (!SPPROTO_HAVE_ENCRYPTION(o->sp_params)) { |
||
57 | plaintext = in; |
||
58 | plaintext_len = in_len; |
||
59 | } else { |
||
60 | // input must be a multiple of blocks size |
||
61 | if (in_len % o->enc_block_size != 0) { |
||
62 | PeerLog(o, BLOG_WARNING, "packet size not a multiple of block size"); |
||
63 | return; |
||
64 | } |
||
65 | |||
66 | // input must have an IV block |
||
67 | if (in_len < o->enc_block_size) { |
||
68 | PeerLog(o, BLOG_WARNING, "packet does not have an IV"); |
||
69 | return; |
||
70 | } |
||
71 | |||
72 | // check if we have encryption key |
||
73 | if (!o->have_encryption_key) { |
||
74 | PeerLog(o, BLOG_WARNING, "have no encryption key"); |
||
75 | return; |
||
76 | } |
||
77 | |||
78 | // copy IV as BEncryption_Decrypt changes the IV |
||
79 | uint8_t iv[BENCRYPTION_MAX_BLOCK_SIZE]; |
||
80 | memcpy(iv, in, o->enc_block_size); |
||
81 | |||
82 | // decrypt |
||
83 | uint8_t *ciphertext = in + o->enc_block_size; |
||
84 | int ciphertext_len = in_len - o->enc_block_size; |
||
85 | plaintext = o->buf; |
||
86 | BEncryption_Decrypt(&o->encryptor, ciphertext, plaintext, ciphertext_len, iv); |
||
87 | |||
88 | // read padding |
||
89 | if (ciphertext_len < o->enc_block_size) { |
||
90 | PeerLog(o, BLOG_WARNING, "packet does not have a padding block"); |
||
91 | return; |
||
92 | } |
||
93 | int i; |
||
94 | for (i = ciphertext_len - 1; i >= ciphertext_len - o->enc_block_size; i--) { |
||
95 | if (plaintext[i] == 1) { |
||
96 | break; |
||
97 | } |
||
98 | if (plaintext[i] != 0) { |
||
99 | PeerLog(o, BLOG_WARNING, "packet padding wrong (nonzero byte)"); |
||
100 | return; |
||
101 | } |
||
102 | } |
||
103 | if (i < ciphertext_len - o->enc_block_size) { |
||
104 | PeerLog(o, BLOG_WARNING, "packet padding wrong (all zeroes)"); |
||
105 | return; |
||
106 | } |
||
107 | plaintext_len = i; |
||
108 | } |
||
109 | |||
110 | // check for header |
||
111 | if (plaintext_len < SPPROTO_HEADER_LEN(o->sp_params)) { |
||
112 | PeerLog(o, BLOG_WARNING, "packet has no header"); |
||
113 | return; |
||
114 | } |
||
115 | uint8_t *header = plaintext; |
||
116 | |||
117 | // check data length |
||
118 | if (plaintext_len - SPPROTO_HEADER_LEN(o->sp_params) > o->output_mtu) { |
||
119 | PeerLog(o, BLOG_WARNING, "packet too long"); |
||
120 | return; |
||
121 | } |
||
122 | |||
123 | // check OTP |
||
124 | if (SPPROTO_HAVE_OTP(o->sp_params)) { |
||
125 | // remember seed and OTP (can't check from here) |
||
126 | struct spproto_otpdata header_otpd; |
||
127 | memcpy(&header_otpd, header + SPPROTO_HEADER_OTPDATA_OFF(o->sp_params), sizeof(header_otpd)); |
||
128 | o->tw_out_seed_id = ltoh16(header_otpd.seed_id); |
||
129 | o->tw_out_otp = header_otpd.otp; |
||
130 | } |
||
131 | |||
132 | // check hash |
||
133 | if (SPPROTO_HAVE_HASH(o->sp_params)) { |
||
134 | uint8_t *header_hash = header + SPPROTO_HEADER_HASH_OFF(o->sp_params); |
||
135 | // read hash |
||
136 | uint8_t hash[BHASH_MAX_SIZE]; |
||
137 | memcpy(hash, header_hash, o->hash_size); |
||
138 | // zero hash in packet |
||
139 | memset(header_hash, 0, o->hash_size); |
||
140 | // calculate hash |
||
141 | uint8_t hash_calc[BHASH_MAX_SIZE]; |
||
142 | BHash_calculate(o->sp_params.hash_mode, plaintext, plaintext_len, hash_calc); |
||
143 | // set hash field to its original value |
||
144 | memcpy(header_hash, hash, o->hash_size); |
||
145 | // compare hashes |
||
146 | if (memcmp(hash, hash_calc, o->hash_size)) { |
||
147 | PeerLog(o, BLOG_WARNING, "packet has wrong hash"); |
||
148 | return; |
||
149 | } |
||
150 | } |
||
151 | |||
152 | // return packet |
||
153 | o->tw_out = plaintext + SPPROTO_HEADER_LEN(o->sp_params); |
||
154 | o->tw_out_len = plaintext_len - SPPROTO_HEADER_LEN(o->sp_params); |
||
155 | } |
||
156 | |||
157 | static void decode_work_handler (SPProtoDecoder *o) |
||
158 | { |
||
159 | ASSERT(o->in_len >= 0) |
||
160 | ASSERT(o->tw_have) |
||
161 | DebugObject_Access(&o->d_obj); |
||
162 | |||
163 | // free work |
||
164 | BThreadWork_Free(&o->tw); |
||
165 | o->tw_have = 0; |
||
166 | |||
167 | // check OTP |
||
168 | if (SPPROTO_HAVE_OTP(o->sp_params) && o->tw_out_len >= 0) { |
||
169 | if (!OTPChecker_CheckOTP(&o->otpchecker, o->tw_out_seed_id, o->tw_out_otp)) { |
||
170 | PeerLog(o, BLOG_WARNING, "packet has wrong OTP"); |
||
171 | o->tw_out_len = -1; |
||
172 | } |
||
173 | } |
||
174 | |||
175 | if (o->tw_out_len < 0) { |
||
176 | // cannot decode, finish input packet |
||
177 | PacketPassInterface_Done(&o->input); |
||
178 | o->in_len = -1; |
||
179 | } else { |
||
180 | // submit decoded packet to output |
||
181 | PacketPassInterface_Sender_Send(o->output, o->tw_out, o->tw_out_len); |
||
182 | } |
||
183 | } |
||
184 | |||
185 | static void input_handler_send (SPProtoDecoder *o, uint8_t *data, int data_len) |
||
186 | { |
||
187 | ASSERT(data_len >= 0) |
||
188 | ASSERT(data_len <= o->input_mtu) |
||
189 | ASSERT(o->in_len == -1) |
||
190 | ASSERT(!o->tw_have) |
||
191 | DebugObject_Access(&o->d_obj); |
||
192 | |||
193 | // remember input |
||
194 | o->in = data; |
||
195 | o->in_len = data_len; |
||
196 | |||
197 | // start decoding |
||
198 | BThreadWork_Init(&o->tw, o->twd, (BThreadWork_handler_done)decode_work_handler, o, (BThreadWork_work_func)decode_work_func, o); |
||
199 | o->tw_have = 1; |
||
200 | } |
||
201 | |||
202 | static void output_handler_done (SPProtoDecoder *o) |
||
203 | { |
||
204 | ASSERT(o->in_len >= 0) |
||
205 | ASSERT(!o->tw_have) |
||
206 | DebugObject_Access(&o->d_obj); |
||
207 | |||
208 | // finish input packet |
||
209 | PacketPassInterface_Done(&o->input); |
||
210 | o->in_len = -1; |
||
211 | } |
||
212 | |||
213 | static void maybe_stop_work_and_ignore (SPProtoDecoder *o) |
||
214 | { |
||
215 | ASSERT(!(o->tw_have) || o->in_len >= 0) |
||
216 | |||
217 | if (o->tw_have) { |
||
218 | // free work |
||
219 | BThreadWork_Free(&o->tw); |
||
220 | o->tw_have = 0; |
||
221 | |||
222 | // ignore packet, receive next one |
||
223 | PacketPassInterface_Done(&o->input); |
||
224 | o->in_len = -1; |
||
225 | } |
||
226 | } |
||
227 | |||
228 | int SPProtoDecoder_Init (SPProtoDecoder *o, PacketPassInterface *output, struct spproto_security_params sp_params, int num_otp_seeds, BPendingGroup *pg, BThreadWorkDispatcher *twd, void *user, BLog_logfunc logfunc) |
||
229 | { |
||
230 | spproto_assert_security_params(sp_params); |
||
231 | ASSERT(spproto_carrier_mtu_for_payload_mtu(sp_params, PacketPassInterface_GetMTU(output)) >= 0) |
||
232 | ASSERT(!SPPROTO_HAVE_OTP(sp_params) || num_otp_seeds >= 2) |
||
233 | |||
234 | // init arguments |
||
235 | o->output = output; |
||
236 | o->sp_params = sp_params; |
||
237 | o->twd = twd; |
||
238 | o->user = user; |
||
239 | o->logfunc = logfunc; |
||
240 | |||
241 | // init output |
||
242 | PacketPassInterface_Sender_Init(o->output, (PacketPassInterface_handler_done)output_handler_done, o); |
||
243 | |||
244 | // remember output MTU |
||
245 | o->output_mtu = PacketPassInterface_GetMTU(o->output); |
||
246 | |||
247 | // calculate hash size |
||
248 | if (SPPROTO_HAVE_HASH(o->sp_params)) { |
||
249 | o->hash_size = BHash_size(o->sp_params.hash_mode); |
||
250 | } |
||
251 | |||
252 | // calculate encryption block and key sizes |
||
253 | if (SPPROTO_HAVE_ENCRYPTION(o->sp_params)) { |
||
254 | o->enc_block_size = BEncryption_cipher_block_size(o->sp_params.encryption_mode); |
||
255 | o->enc_key_size = BEncryption_cipher_key_size(o->sp_params.encryption_mode); |
||
256 | } |
||
257 | |||
258 | // calculate input MTU |
||
259 | o->input_mtu = spproto_carrier_mtu_for_payload_mtu(o->sp_params, o->output_mtu); |
||
260 | |||
261 | // allocate plaintext buffer |
||
262 | if (SPPROTO_HAVE_ENCRYPTION(o->sp_params)) { |
||
263 | int buf_size = balign_up((SPPROTO_HEADER_LEN(o->sp_params) + o->output_mtu + 1), o->enc_block_size); |
||
264 | if (!(o->buf = (uint8_t *)malloc(buf_size))) { |
||
265 | goto fail0; |
||
266 | } |
||
267 | } |
||
268 | |||
269 | // init input |
||
270 | PacketPassInterface_Init(&o->input, o->input_mtu, (PacketPassInterface_handler_send)input_handler_send, o, pg); |
||
271 | |||
272 | // init OTP checker |
||
273 | if (SPPROTO_HAVE_OTP(o->sp_params)) { |
||
274 | if (!OTPChecker_Init(&o->otpchecker, o->sp_params.otp_num, o->sp_params.otp_mode, num_otp_seeds, o->twd)) { |
||
275 | goto fail1; |
||
276 | } |
||
277 | } |
||
278 | |||
279 | // have no encryption key |
||
280 | if (SPPROTO_HAVE_ENCRYPTION(o->sp_params)) { |
||
281 | o->have_encryption_key = 0; |
||
282 | } |
||
283 | |||
284 | // have no input packet |
||
285 | o->in_len = -1; |
||
286 | |||
287 | // have no work |
||
288 | o->tw_have = 0; |
||
289 | |||
290 | DebugObject_Init(&o->d_obj); |
||
291 | |||
292 | return 1; |
||
293 | |||
294 | fail1: |
||
295 | PacketPassInterface_Free(&o->input); |
||
296 | if (SPPROTO_HAVE_ENCRYPTION(o->sp_params)) { |
||
297 | free(o->buf); |
||
298 | } |
||
299 | fail0: |
||
300 | return 0; |
||
301 | } |
||
302 | |||
303 | void SPProtoDecoder_Free (SPProtoDecoder *o) |
||
304 | { |
||
305 | DebugObject_Free(&o->d_obj); |
||
306 | |||
307 | // free work |
||
308 | if (o->tw_have) { |
||
309 | BThreadWork_Free(&o->tw); |
||
310 | } |
||
311 | |||
312 | // free encryptor |
||
313 | if (SPPROTO_HAVE_ENCRYPTION(o->sp_params) && o->have_encryption_key) { |
||
314 | BEncryption_Free(&o->encryptor); |
||
315 | } |
||
316 | |||
317 | // free OTP checker |
||
318 | if (SPPROTO_HAVE_OTP(o->sp_params)) { |
||
319 | OTPChecker_Free(&o->otpchecker); |
||
320 | } |
||
321 | |||
322 | // free input |
||
323 | PacketPassInterface_Free(&o->input); |
||
324 | |||
325 | // free plaintext buffer |
||
326 | if (SPPROTO_HAVE_ENCRYPTION(o->sp_params)) { |
||
327 | free(o->buf); |
||
328 | } |
||
329 | } |
||
330 | |||
331 | PacketPassInterface * SPProtoDecoder_GetInput (SPProtoDecoder *o) |
||
332 | { |
||
333 | DebugObject_Access(&o->d_obj); |
||
334 | |||
335 | return &o->input; |
||
336 | } |
||
337 | |||
338 | void SPProtoDecoder_SetEncryptionKey (SPProtoDecoder *o, uint8_t *encryption_key) |
||
339 | { |
||
340 | ASSERT(SPPROTO_HAVE_ENCRYPTION(o->sp_params)) |
||
341 | DebugObject_Access(&o->d_obj); |
||
342 | |||
343 | // stop existing work |
||
344 | maybe_stop_work_and_ignore(o); |
||
345 | |||
346 | // free encryptor |
||
347 | if (o->have_encryption_key) { |
||
348 | BEncryption_Free(&o->encryptor); |
||
349 | } |
||
350 | |||
351 | // init encryptor |
||
352 | BEncryption_Init(&o->encryptor, BENCRYPTION_MODE_DECRYPT, o->sp_params.encryption_mode, encryption_key); |
||
353 | |||
354 | // have encryption key |
||
355 | o->have_encryption_key = 1; |
||
356 | } |
||
357 | |||
358 | void SPProtoDecoder_RemoveEncryptionKey (SPProtoDecoder *o) |
||
359 | { |
||
360 | ASSERT(SPPROTO_HAVE_ENCRYPTION(o->sp_params)) |
||
361 | DebugObject_Access(&o->d_obj); |
||
362 | |||
363 | // stop existing work |
||
364 | maybe_stop_work_and_ignore(o); |
||
365 | |||
366 | if (o->have_encryption_key) { |
||
367 | // free encryptor |
||
368 | BEncryption_Free(&o->encryptor); |
||
369 | |||
370 | // have no encryption key |
||
371 | o->have_encryption_key = 0; |
||
372 | } |
||
373 | } |
||
374 | |||
375 | void SPProtoDecoder_AddOTPSeed (SPProtoDecoder *o, uint16_t seed_id, uint8_t *key, uint8_t *iv) |
||
376 | { |
||
377 | ASSERT(SPPROTO_HAVE_OTP(o->sp_params)) |
||
378 | DebugObject_Access(&o->d_obj); |
||
379 | |||
380 | OTPChecker_AddSeed(&o->otpchecker, seed_id, key, iv); |
||
381 | } |
||
382 | |||
383 | void SPProtoDecoder_RemoveOTPSeeds (SPProtoDecoder *o) |
||
384 | { |
||
385 | ASSERT(SPPROTO_HAVE_OTP(o->sp_params)) |
||
386 | DebugObject_Access(&o->d_obj); |
||
387 | |||
388 | OTPChecker_RemoveSeeds(&o->otpchecker); |
||
389 | } |
||
390 | |||
391 | void SPProtoDecoder_SetHandlers (SPProtoDecoder *o, SPProtoDecoder_otp_handler otp_handler, void *user) |
||
392 | { |
||
393 | DebugObject_Access(&o->d_obj); |
||
394 | |||
395 | if (SPPROTO_HAVE_OTP(o->sp_params)) { |
||
396 | OTPChecker_SetHandlers(&o->otpchecker, otp_handler, user); |
||
397 | } |
||
398 | } |