BadVPN – Blame information for rev 1
?pathlinks?
Rev | Author | Line No. | Line |
---|---|---|---|
1 | office | 1 | /** |
2 | * @file SPProtoEncoder.c |
||
3 | * @author Ambroz Bizjak <ambrop7@gmail.com> |
||
4 | * |
||
5 | * @section LICENSE |
||
6 | * |
||
7 | * Redistribution and use in source and binary forms, with or without |
||
8 | * modification, are permitted provided that the following conditions are met: |
||
9 | * 1. Redistributions of source code must retain the above copyright |
||
10 | * notice, this list of conditions and the following disclaimer. |
||
11 | * 2. Redistributions in binary form must reproduce the above copyright |
||
12 | * notice, this list of conditions and the following disclaimer in the |
||
13 | * documentation and/or other materials provided with the distribution. |
||
14 | * 3. Neither the name of the author nor the |
||
15 | * names of its contributors may be used to endorse or promote products |
||
16 | * derived from this software without specific prior written permission. |
||
17 | * |
||
18 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND |
||
19 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
||
20 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE |
||
21 | * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY |
||
22 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES |
||
23 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
||
24 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND |
||
25 | * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
||
26 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS |
||
27 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
||
28 | */ |
||
29 | |||
30 | #include <string.h> |
||
31 | #include <stdlib.h> |
||
32 | |||
33 | #include <misc/balign.h> |
||
34 | #include <misc/offset.h> |
||
35 | #include <misc/byteorder.h> |
||
36 | #include <security/BRandom.h> |
||
37 | #include <security/BHash.h> |
||
38 | |||
39 | #include "SPProtoEncoder.h" |
||
40 | |||
41 | static int can_encode (SPProtoEncoder *o); |
||
42 | static void encode_packet (SPProtoEncoder *o); |
||
43 | static void encode_work_func (SPProtoEncoder *o); |
||
44 | static void encode_work_handler (SPProtoEncoder *o); |
||
45 | static void maybe_encode (SPProtoEncoder *o); |
||
46 | static void output_handler_recv (SPProtoEncoder *o, uint8_t *data); |
||
47 | static void input_handler_done (SPProtoEncoder *o, int data_len); |
||
48 | static void handler_job_hander (SPProtoEncoder *o); |
||
49 | static void otpgenerator_handler (SPProtoEncoder *o); |
||
50 | static void maybe_stop_work (SPProtoEncoder *o); |
||
51 | |||
52 | static int can_encode (SPProtoEncoder *o) |
||
53 | { |
||
54 | ASSERT(o->in_len >= 0) |
||
55 | ASSERT(o->out_have) |
||
56 | ASSERT(!o->tw_have) |
||
57 | |||
58 | return ( |
||
59 | (!SPPROTO_HAVE_OTP(o->sp_params) || OTPGenerator_GetPosition(&o->otpgen) < o->sp_params.otp_num) && |
||
60 | (!SPPROTO_HAVE_ENCRYPTION(o->sp_params) || o->have_encryption_key) |
||
61 | ); |
||
62 | } |
||
63 | |||
64 | static void encode_packet (SPProtoEncoder *o) |
||
65 | { |
||
66 | ASSERT(o->in_len >= 0) |
||
67 | ASSERT(o->out_have) |
||
68 | ASSERT(!o->tw_have) |
||
69 | ASSERT(can_encode(o)) |
||
70 | |||
71 | // generate OTP, remember seed ID |
||
72 | if (SPPROTO_HAVE_OTP(o->sp_params)) { |
||
73 | o->tw_seed_id = o->otpgen_seed_id; |
||
74 | o->tw_otp = OTPGenerator_GetOTP(&o->otpgen); |
||
75 | } |
||
76 | |||
77 | // start work |
||
78 | BThreadWork_Init(&o->tw, o->twd, (BThreadWork_handler_done)encode_work_handler, o, (BThreadWork_work_func)encode_work_func, o); |
||
79 | o->tw_have = 1; |
||
80 | |||
81 | // schedule OTP warning handler |
||
82 | if (SPPROTO_HAVE_OTP(o->sp_params) && OTPGenerator_GetPosition(&o->otpgen) == o->otp_warning_count) { |
||
83 | BPending_Set(&o->handler_job); |
||
84 | } |
||
85 | } |
||
86 | |||
87 | static void encode_work_func (SPProtoEncoder *o) |
||
88 | { |
||
89 | ASSERT(o->in_len >= 0) |
||
90 | ASSERT(o->out_have) |
||
91 | ASSERT(!SPPROTO_HAVE_ENCRYPTION(o->sp_params) || o->have_encryption_key) |
||
92 | |||
93 | ASSERT(o->in_len <= o->input_mtu) |
||
94 | |||
95 | // determine plaintext location |
||
96 | uint8_t *plaintext = (SPPROTO_HAVE_ENCRYPTION(o->sp_params) ? o->buf : o->out); |
||
97 | |||
98 | // plaintext begins with header |
||
99 | uint8_t *header = plaintext; |
||
100 | |||
101 | // plaintext is header + payload |
||
102 | int plaintext_len = SPPROTO_HEADER_LEN(o->sp_params) + o->in_len; |
||
103 | |||
104 | // write OTP |
||
105 | if (SPPROTO_HAVE_OTP(o->sp_params)) { |
||
106 | struct spproto_otpdata header_otpd; |
||
107 | header_otpd.seed_id = htol16(o->tw_seed_id); |
||
108 | header_otpd.otp = o->tw_otp; |
||
109 | memcpy(header + SPPROTO_HEADER_OTPDATA_OFF(o->sp_params), &header_otpd, sizeof(header_otpd)); |
||
110 | } |
||
111 | |||
112 | // write hash |
||
113 | if (SPPROTO_HAVE_HASH(o->sp_params)) { |
||
114 | uint8_t *header_hash = header + SPPROTO_HEADER_HASH_OFF(o->sp_params); |
||
115 | // zero hash field |
||
116 | memset(header_hash, 0, o->hash_size); |
||
117 | // calculate hash |
||
118 | uint8_t hash[BHASH_MAX_SIZE]; |
||
119 | BHash_calculate(o->sp_params.hash_mode, plaintext, plaintext_len, hash); |
||
120 | // set hash field |
||
121 | memcpy(header_hash, hash, o->hash_size); |
||
122 | } |
||
123 | |||
124 | int out_len; |
||
125 | |||
126 | if (SPPROTO_HAVE_ENCRYPTION(o->sp_params)) { |
||
127 | // encrypting pad(header + payload) |
||
128 | int cyphertext_len = balign_up((plaintext_len + 1), o->enc_block_size); |
||
129 | |||
130 | // write padding |
||
131 | plaintext[plaintext_len] = 1; |
||
132 | for (int i = plaintext_len + 1; i < cyphertext_len; i++) { |
||
133 | plaintext[i] = 0; |
||
134 | } |
||
135 | |||
136 | // generate IV |
||
137 | BRandom_randomize(o->out, o->enc_block_size); |
||
138 | |||
139 | // copy IV because BEncryption_Encrypt changes the IV |
||
140 | uint8_t iv[BENCRYPTION_MAX_BLOCK_SIZE]; |
||
141 | memcpy(iv, o->out, o->enc_block_size); |
||
142 | |||
143 | // encrypt |
||
144 | BEncryption_Encrypt(&o->encryptor, plaintext, o->out + o->enc_block_size, cyphertext_len, iv); |
||
145 | out_len = o->enc_block_size + cyphertext_len; |
||
146 | } else { |
||
147 | out_len = plaintext_len; |
||
148 | } |
||
149 | |||
150 | // remember length |
||
151 | o->tw_out_len = out_len; |
||
152 | } |
||
153 | |||
154 | static void encode_work_handler (SPProtoEncoder *o) |
||
155 | { |
||
156 | ASSERT(o->in_len >= 0) |
||
157 | ASSERT(o->out_have) |
||
158 | ASSERT(o->tw_have) |
||
159 | |||
160 | // free work |
||
161 | BThreadWork_Free(&o->tw); |
||
162 | o->tw_have = 0; |
||
163 | |||
164 | // finish packet |
||
165 | o->in_len = -1; |
||
166 | o->out_have = 0; |
||
167 | PacketRecvInterface_Done(&o->output, o->tw_out_len); |
||
168 | } |
||
169 | |||
170 | static void maybe_encode (SPProtoEncoder *o) |
||
171 | { |
||
172 | if (o->in_len >= 0 && o->out_have && !o->tw_have && can_encode(o)) { |
||
173 | encode_packet(o); |
||
174 | } |
||
175 | } |
||
176 | |||
177 | static void output_handler_recv (SPProtoEncoder *o, uint8_t *data) |
||
178 | { |
||
179 | ASSERT(o->in_len == -1) |
||
180 | ASSERT(!o->out_have) |
||
181 | ASSERT(!o->tw_have) |
||
182 | DebugObject_Access(&o->d_obj); |
||
183 | |||
184 | // remember output packet |
||
185 | o->out_have = 1; |
||
186 | o->out = data; |
||
187 | |||
188 | // determine plaintext location |
||
189 | uint8_t *plaintext = (SPPROTO_HAVE_ENCRYPTION(o->sp_params) ? o->buf : o->out); |
||
190 | |||
191 | // schedule receive |
||
192 | PacketRecvInterface_Receiver_Recv(o->input, plaintext + SPPROTO_HEADER_LEN(o->sp_params)); |
||
193 | } |
||
194 | |||
195 | static void input_handler_done (SPProtoEncoder *o, int data_len) |
||
196 | { |
||
197 | ASSERT(data_len >= 0) |
||
198 | ASSERT(data_len <= o->input_mtu) |
||
199 | ASSERT(o->in_len == -1) |
||
200 | ASSERT(o->out_have) |
||
201 | ASSERT(!o->tw_have) |
||
202 | DebugObject_Access(&o->d_obj); |
||
203 | |||
204 | // remember input packet |
||
205 | o->in_len = data_len; |
||
206 | |||
207 | // encode if possible |
||
208 | if (can_encode(o)) { |
||
209 | encode_packet(o); |
||
210 | } |
||
211 | } |
||
212 | |||
213 | static void handler_job_hander (SPProtoEncoder *o) |
||
214 | { |
||
215 | ASSERT(SPPROTO_HAVE_OTP(o->sp_params)) |
||
216 | DebugObject_Access(&o->d_obj); |
||
217 | |||
218 | if (o->handler) { |
||
219 | o->handler(o->user); |
||
220 | return; |
||
221 | } |
||
222 | } |
||
223 | |||
224 | static void otpgenerator_handler (SPProtoEncoder *o) |
||
225 | { |
||
226 | ASSERT(SPPROTO_HAVE_OTP(o->sp_params)) |
||
227 | DebugObject_Access(&o->d_obj); |
||
228 | |||
229 | // remember seed ID |
||
230 | o->otpgen_seed_id = o->otpgen_pending_seed_id; |
||
231 | |||
232 | // possibly continue I/O |
||
233 | maybe_encode(o); |
||
234 | } |
||
235 | |||
236 | static void maybe_stop_work (SPProtoEncoder *o) |
||
237 | { |
||
238 | // stop existing work |
||
239 | if (o->tw_have) { |
||
240 | BThreadWork_Free(&o->tw); |
||
241 | o->tw_have = 0; |
||
242 | } |
||
243 | } |
||
244 | |||
245 | int SPProtoEncoder_Init (SPProtoEncoder *o, PacketRecvInterface *input, struct spproto_security_params sp_params, int otp_warning_count, BPendingGroup *pg, BThreadWorkDispatcher *twd) |
||
246 | { |
||
247 | spproto_assert_security_params(sp_params); |
||
248 | ASSERT(spproto_carrier_mtu_for_payload_mtu(sp_params, PacketRecvInterface_GetMTU(input)) >= 0) |
||
249 | if (SPPROTO_HAVE_OTP(sp_params)) { |
||
250 | ASSERT(otp_warning_count > 0) |
||
251 | ASSERT(otp_warning_count <= sp_params.otp_num) |
||
252 | } |
||
253 | |||
254 | // init arguments |
||
255 | o->input = input; |
||
256 | o->sp_params = sp_params; |
||
257 | o->otp_warning_count = otp_warning_count; |
||
258 | o->twd = twd; |
||
259 | |||
260 | // set no handlers |
||
261 | o->handler = NULL; |
||
262 | |||
263 | // calculate hash size |
||
264 | if (SPPROTO_HAVE_HASH(o->sp_params)) { |
||
265 | o->hash_size = BHash_size(o->sp_params.hash_mode); |
||
266 | } |
||
267 | |||
268 | // calculate encryption block and key sizes |
||
269 | if (SPPROTO_HAVE_ENCRYPTION(o->sp_params)) { |
||
270 | o->enc_block_size = BEncryption_cipher_block_size(o->sp_params.encryption_mode); |
||
271 | o->enc_key_size = BEncryption_cipher_key_size(o->sp_params.encryption_mode); |
||
272 | } |
||
273 | |||
274 | // init otp generator |
||
275 | if (SPPROTO_HAVE_OTP(o->sp_params)) { |
||
276 | if (!OTPGenerator_Init(&o->otpgen, o->sp_params.otp_num, o->sp_params.otp_mode, o->twd, (OTPGenerator_handler)otpgenerator_handler, o)) { |
||
277 | goto fail0; |
||
278 | } |
||
279 | } |
||
280 | |||
281 | // have no encryption key |
||
282 | if (SPPROTO_HAVE_ENCRYPTION(o->sp_params)) { |
||
283 | o->have_encryption_key = 0; |
||
284 | } |
||
285 | |||
286 | // remember input MTU |
||
287 | o->input_mtu = PacketRecvInterface_GetMTU(o->input); |
||
288 | |||
289 | // calculate output MTU |
||
290 | o->output_mtu = spproto_carrier_mtu_for_payload_mtu(o->sp_params, o->input_mtu); |
||
291 | |||
292 | // init input |
||
293 | PacketRecvInterface_Receiver_Init(o->input, (PacketRecvInterface_handler_done)input_handler_done, o); |
||
294 | |||
295 | // have no input in buffer |
||
296 | o->in_len = -1; |
||
297 | |||
298 | // init output |
||
299 | PacketRecvInterface_Init(&o->output, o->output_mtu, (PacketRecvInterface_handler_recv)output_handler_recv, o, pg); |
||
300 | |||
301 | // have no output available |
||
302 | o->out_have = 0; |
||
303 | |||
304 | // allocate plaintext buffer |
||
305 | if (SPPROTO_HAVE_ENCRYPTION(o->sp_params)) { |
||
306 | int buf_size = balign_up((SPPROTO_HEADER_LEN(o->sp_params) + o->input_mtu + 1), o->enc_block_size); |
||
307 | if (!(o->buf = (uint8_t *)malloc(buf_size))) { |
||
308 | goto fail1; |
||
309 | } |
||
310 | } |
||
311 | |||
312 | // init handler job |
||
313 | BPending_Init(&o->handler_job, pg, (BPending_handler)handler_job_hander, o); |
||
314 | |||
315 | // have no work |
||
316 | o->tw_have = 0; |
||
317 | |||
318 | DebugObject_Init(&o->d_obj); |
||
319 | |||
320 | return 1; |
||
321 | |||
322 | fail1: |
||
323 | PacketRecvInterface_Free(&o->output); |
||
324 | if (SPPROTO_HAVE_OTP(o->sp_params)) { |
||
325 | OTPGenerator_Free(&o->otpgen); |
||
326 | } |
||
327 | fail0: |
||
328 | return 0; |
||
329 | } |
||
330 | |||
331 | void SPProtoEncoder_Free (SPProtoEncoder *o) |
||
332 | { |
||
333 | DebugObject_Free(&o->d_obj); |
||
334 | |||
335 | // free work |
||
336 | if (o->tw_have) { |
||
337 | BThreadWork_Free(&o->tw); |
||
338 | } |
||
339 | |||
340 | // free handler job |
||
341 | BPending_Free(&o->handler_job); |
||
342 | |||
343 | // free plaintext buffer |
||
344 | if (SPPROTO_HAVE_ENCRYPTION(o->sp_params)) { |
||
345 | free(o->buf); |
||
346 | } |
||
347 | |||
348 | // free output |
||
349 | PacketRecvInterface_Free(&o->output); |
||
350 | |||
351 | // free encryptor |
||
352 | if (SPPROTO_HAVE_ENCRYPTION(o->sp_params) && o->have_encryption_key) { |
||
353 | BEncryption_Free(&o->encryptor); |
||
354 | } |
||
355 | |||
356 | // free otp generator |
||
357 | if (SPPROTO_HAVE_OTP(o->sp_params)) { |
||
358 | OTPGenerator_Free(&o->otpgen); |
||
359 | } |
||
360 | } |
||
361 | |||
362 | PacketRecvInterface * SPProtoEncoder_GetOutput (SPProtoEncoder *o) |
||
363 | { |
||
364 | DebugObject_Access(&o->d_obj); |
||
365 | |||
366 | return &o->output; |
||
367 | } |
||
368 | |||
369 | void SPProtoEncoder_SetEncryptionKey (SPProtoEncoder *o, uint8_t *encryption_key) |
||
370 | { |
||
371 | ASSERT(SPPROTO_HAVE_ENCRYPTION(o->sp_params)) |
||
372 | DebugObject_Access(&o->d_obj); |
||
373 | |||
374 | // stop existing work |
||
375 | maybe_stop_work(o); |
||
376 | |||
377 | // free encryptor |
||
378 | if (o->have_encryption_key) { |
||
379 | BEncryption_Free(&o->encryptor); |
||
380 | } |
||
381 | |||
382 | // init encryptor |
||
383 | BEncryption_Init(&o->encryptor, BENCRYPTION_MODE_ENCRYPT, o->sp_params.encryption_mode, encryption_key); |
||
384 | |||
385 | // have encryption key |
||
386 | o->have_encryption_key = 1; |
||
387 | |||
388 | // possibly continue I/O |
||
389 | maybe_encode(o); |
||
390 | } |
||
391 | |||
392 | void SPProtoEncoder_RemoveEncryptionKey (SPProtoEncoder *o) |
||
393 | { |
||
394 | ASSERT(SPPROTO_HAVE_ENCRYPTION(o->sp_params)) |
||
395 | DebugObject_Access(&o->d_obj); |
||
396 | |||
397 | // stop existing work |
||
398 | maybe_stop_work(o); |
||
399 | |||
400 | if (o->have_encryption_key) { |
||
401 | // free encryptor |
||
402 | BEncryption_Free(&o->encryptor); |
||
403 | |||
404 | // have no encryption key |
||
405 | o->have_encryption_key = 0; |
||
406 | } |
||
407 | } |
||
408 | |||
409 | void SPProtoEncoder_SetOTPSeed (SPProtoEncoder *o, uint16_t seed_id, uint8_t *key, uint8_t *iv) |
||
410 | { |
||
411 | ASSERT(SPPROTO_HAVE_OTP(o->sp_params)) |
||
412 | DebugObject_Access(&o->d_obj); |
||
413 | |||
414 | // give seed to OTP generator |
||
415 | OTPGenerator_SetSeed(&o->otpgen, key, iv); |
||
416 | |||
417 | // remember seed ID |
||
418 | o->otpgen_pending_seed_id = seed_id; |
||
419 | } |
||
420 | |||
421 | void SPProtoEncoder_RemoveOTPSeed (SPProtoEncoder *o) |
||
422 | { |
||
423 | ASSERT(SPPROTO_HAVE_OTP(o->sp_params)) |
||
424 | DebugObject_Access(&o->d_obj); |
||
425 | |||
426 | // reset OTP generator |
||
427 | OTPGenerator_Reset(&o->otpgen); |
||
428 | } |
||
429 | |||
430 | void SPProtoEncoder_SetHandlers (SPProtoEncoder *o, SPProtoEncoder_handler handler, void *user) |
||
431 | { |
||
432 | DebugObject_Access(&o->d_obj); |
||
433 | |||
434 | o->handler = handler; |
||
435 | o->user = user; |
||
436 | } |