BadVPN – Blame information for rev 1

Subversion Repositories:
Rev:
Rev Author Line No. Line
1 office 1 /**
2 * @file SPProtoEncoder.c
3 * @author Ambroz Bizjak <ambrop7@gmail.com>
4 *
5 * @section LICENSE
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 * 3. Neither the name of the author nor the
15 * names of its contributors may be used to endorse or promote products
16 * derived from this software without specific prior written permission.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
22 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
25 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 */
29  
30 #include <string.h>
31 #include <stdlib.h>
32  
33 #include <misc/balign.h>
34 #include <misc/offset.h>
35 #include <misc/byteorder.h>
36 #include <security/BRandom.h>
37 #include <security/BHash.h>
38  
39 #include "SPProtoEncoder.h"
40  
41 static int can_encode (SPProtoEncoder *o);
42 static void encode_packet (SPProtoEncoder *o);
43 static void encode_work_func (SPProtoEncoder *o);
44 static void encode_work_handler (SPProtoEncoder *o);
45 static void maybe_encode (SPProtoEncoder *o);
46 static void output_handler_recv (SPProtoEncoder *o, uint8_t *data);
47 static void input_handler_done (SPProtoEncoder *o, int data_len);
48 static void handler_job_hander (SPProtoEncoder *o);
49 static void otpgenerator_handler (SPProtoEncoder *o);
50 static void maybe_stop_work (SPProtoEncoder *o);
51  
52 static int can_encode (SPProtoEncoder *o)
53 {
54 ASSERT(o->in_len >= 0)
55 ASSERT(o->out_have)
56 ASSERT(!o->tw_have)
57  
58 return (
59 (!SPPROTO_HAVE_OTP(o->sp_params) || OTPGenerator_GetPosition(&o->otpgen) < o->sp_params.otp_num) &&
60 (!SPPROTO_HAVE_ENCRYPTION(o->sp_params) || o->have_encryption_key)
61 );
62 }
63  
64 static void encode_packet (SPProtoEncoder *o)
65 {
66 ASSERT(o->in_len >= 0)
67 ASSERT(o->out_have)
68 ASSERT(!o->tw_have)
69 ASSERT(can_encode(o))
70  
71 // generate OTP, remember seed ID
72 if (SPPROTO_HAVE_OTP(o->sp_params)) {
73 o->tw_seed_id = o->otpgen_seed_id;
74 o->tw_otp = OTPGenerator_GetOTP(&o->otpgen);
75 }
76  
77 // start work
78 BThreadWork_Init(&o->tw, o->twd, (BThreadWork_handler_done)encode_work_handler, o, (BThreadWork_work_func)encode_work_func, o);
79 o->tw_have = 1;
80  
81 // schedule OTP warning handler
82 if (SPPROTO_HAVE_OTP(o->sp_params) && OTPGenerator_GetPosition(&o->otpgen) == o->otp_warning_count) {
83 BPending_Set(&o->handler_job);
84 }
85 }
86  
87 static void encode_work_func (SPProtoEncoder *o)
88 {
89 ASSERT(o->in_len >= 0)
90 ASSERT(o->out_have)
91 ASSERT(!SPPROTO_HAVE_ENCRYPTION(o->sp_params) || o->have_encryption_key)
92  
93 ASSERT(o->in_len <= o->input_mtu)
94  
95 // determine plaintext location
96 uint8_t *plaintext = (SPPROTO_HAVE_ENCRYPTION(o->sp_params) ? o->buf : o->out);
97  
98 // plaintext begins with header
99 uint8_t *header = plaintext;
100  
101 // plaintext is header + payload
102 int plaintext_len = SPPROTO_HEADER_LEN(o->sp_params) + o->in_len;
103  
104 // write OTP
105 if (SPPROTO_HAVE_OTP(o->sp_params)) {
106 struct spproto_otpdata header_otpd;
107 header_otpd.seed_id = htol16(o->tw_seed_id);
108 header_otpd.otp = o->tw_otp;
109 memcpy(header + SPPROTO_HEADER_OTPDATA_OFF(o->sp_params), &header_otpd, sizeof(header_otpd));
110 }
111  
112 // write hash
113 if (SPPROTO_HAVE_HASH(o->sp_params)) {
114 uint8_t *header_hash = header + SPPROTO_HEADER_HASH_OFF(o->sp_params);
115 // zero hash field
116 memset(header_hash, 0, o->hash_size);
117 // calculate hash
118 uint8_t hash[BHASH_MAX_SIZE];
119 BHash_calculate(o->sp_params.hash_mode, plaintext, plaintext_len, hash);
120 // set hash field
121 memcpy(header_hash, hash, o->hash_size);
122 }
123  
124 int out_len;
125  
126 if (SPPROTO_HAVE_ENCRYPTION(o->sp_params)) {
127 // encrypting pad(header + payload)
128 int cyphertext_len = balign_up((plaintext_len + 1), o->enc_block_size);
129  
130 // write padding
131 plaintext[plaintext_len] = 1;
132 for (int i = plaintext_len + 1; i < cyphertext_len; i++) {
133 plaintext[i] = 0;
134 }
135  
136 // generate IV
137 BRandom_randomize(o->out, o->enc_block_size);
138  
139 // copy IV because BEncryption_Encrypt changes the IV
140 uint8_t iv[BENCRYPTION_MAX_BLOCK_SIZE];
141 memcpy(iv, o->out, o->enc_block_size);
142  
143 // encrypt
144 BEncryption_Encrypt(&o->encryptor, plaintext, o->out + o->enc_block_size, cyphertext_len, iv);
145 out_len = o->enc_block_size + cyphertext_len;
146 } else {
147 out_len = plaintext_len;
148 }
149  
150 // remember length
151 o->tw_out_len = out_len;
152 }
153  
154 static void encode_work_handler (SPProtoEncoder *o)
155 {
156 ASSERT(o->in_len >= 0)
157 ASSERT(o->out_have)
158 ASSERT(o->tw_have)
159  
160 // free work
161 BThreadWork_Free(&o->tw);
162 o->tw_have = 0;
163  
164 // finish packet
165 o->in_len = -1;
166 o->out_have = 0;
167 PacketRecvInterface_Done(&o->output, o->tw_out_len);
168 }
169  
170 static void maybe_encode (SPProtoEncoder *o)
171 {
172 if (o->in_len >= 0 && o->out_have && !o->tw_have && can_encode(o)) {
173 encode_packet(o);
174 }
175 }
176  
177 static void output_handler_recv (SPProtoEncoder *o, uint8_t *data)
178 {
179 ASSERT(o->in_len == -1)
180 ASSERT(!o->out_have)
181 ASSERT(!o->tw_have)
182 DebugObject_Access(&o->d_obj);
183  
184 // remember output packet
185 o->out_have = 1;
186 o->out = data;
187  
188 // determine plaintext location
189 uint8_t *plaintext = (SPPROTO_HAVE_ENCRYPTION(o->sp_params) ? o->buf : o->out);
190  
191 // schedule receive
192 PacketRecvInterface_Receiver_Recv(o->input, plaintext + SPPROTO_HEADER_LEN(o->sp_params));
193 }
194  
195 static void input_handler_done (SPProtoEncoder *o, int data_len)
196 {
197 ASSERT(data_len >= 0)
198 ASSERT(data_len <= o->input_mtu)
199 ASSERT(o->in_len == -1)
200 ASSERT(o->out_have)
201 ASSERT(!o->tw_have)
202 DebugObject_Access(&o->d_obj);
203  
204 // remember input packet
205 o->in_len = data_len;
206  
207 // encode if possible
208 if (can_encode(o)) {
209 encode_packet(o);
210 }
211 }
212  
213 static void handler_job_hander (SPProtoEncoder *o)
214 {
215 ASSERT(SPPROTO_HAVE_OTP(o->sp_params))
216 DebugObject_Access(&o->d_obj);
217  
218 if (o->handler) {
219 o->handler(o->user);
220 return;
221 }
222 }
223  
224 static void otpgenerator_handler (SPProtoEncoder *o)
225 {
226 ASSERT(SPPROTO_HAVE_OTP(o->sp_params))
227 DebugObject_Access(&o->d_obj);
228  
229 // remember seed ID
230 o->otpgen_seed_id = o->otpgen_pending_seed_id;
231  
232 // possibly continue I/O
233 maybe_encode(o);
234 }
235  
236 static void maybe_stop_work (SPProtoEncoder *o)
237 {
238 // stop existing work
239 if (o->tw_have) {
240 BThreadWork_Free(&o->tw);
241 o->tw_have = 0;
242 }
243 }
244  
245 int SPProtoEncoder_Init (SPProtoEncoder *o, PacketRecvInterface *input, struct spproto_security_params sp_params, int otp_warning_count, BPendingGroup *pg, BThreadWorkDispatcher *twd)
246 {
247 spproto_assert_security_params(sp_params);
248 ASSERT(spproto_carrier_mtu_for_payload_mtu(sp_params, PacketRecvInterface_GetMTU(input)) >= 0)
249 if (SPPROTO_HAVE_OTP(sp_params)) {
250 ASSERT(otp_warning_count > 0)
251 ASSERT(otp_warning_count <= sp_params.otp_num)
252 }
253  
254 // init arguments
255 o->input = input;
256 o->sp_params = sp_params;
257 o->otp_warning_count = otp_warning_count;
258 o->twd = twd;
259  
260 // set no handlers
261 o->handler = NULL;
262  
263 // calculate hash size
264 if (SPPROTO_HAVE_HASH(o->sp_params)) {
265 o->hash_size = BHash_size(o->sp_params.hash_mode);
266 }
267  
268 // calculate encryption block and key sizes
269 if (SPPROTO_HAVE_ENCRYPTION(o->sp_params)) {
270 o->enc_block_size = BEncryption_cipher_block_size(o->sp_params.encryption_mode);
271 o->enc_key_size = BEncryption_cipher_key_size(o->sp_params.encryption_mode);
272 }
273  
274 // init otp generator
275 if (SPPROTO_HAVE_OTP(o->sp_params)) {
276 if (!OTPGenerator_Init(&o->otpgen, o->sp_params.otp_num, o->sp_params.otp_mode, o->twd, (OTPGenerator_handler)otpgenerator_handler, o)) {
277 goto fail0;
278 }
279 }
280  
281 // have no encryption key
282 if (SPPROTO_HAVE_ENCRYPTION(o->sp_params)) {
283 o->have_encryption_key = 0;
284 }
285  
286 // remember input MTU
287 o->input_mtu = PacketRecvInterface_GetMTU(o->input);
288  
289 // calculate output MTU
290 o->output_mtu = spproto_carrier_mtu_for_payload_mtu(o->sp_params, o->input_mtu);
291  
292 // init input
293 PacketRecvInterface_Receiver_Init(o->input, (PacketRecvInterface_handler_done)input_handler_done, o);
294  
295 // have no input in buffer
296 o->in_len = -1;
297  
298 // init output
299 PacketRecvInterface_Init(&o->output, o->output_mtu, (PacketRecvInterface_handler_recv)output_handler_recv, o, pg);
300  
301 // have no output available
302 o->out_have = 0;
303  
304 // allocate plaintext buffer
305 if (SPPROTO_HAVE_ENCRYPTION(o->sp_params)) {
306 int buf_size = balign_up((SPPROTO_HEADER_LEN(o->sp_params) + o->input_mtu + 1), o->enc_block_size);
307 if (!(o->buf = (uint8_t *)malloc(buf_size))) {
308 goto fail1;
309 }
310 }
311  
312 // init handler job
313 BPending_Init(&o->handler_job, pg, (BPending_handler)handler_job_hander, o);
314  
315 // have no work
316 o->tw_have = 0;
317  
318 DebugObject_Init(&o->d_obj);
319  
320 return 1;
321  
322 fail1:
323 PacketRecvInterface_Free(&o->output);
324 if (SPPROTO_HAVE_OTP(o->sp_params)) {
325 OTPGenerator_Free(&o->otpgen);
326 }
327 fail0:
328 return 0;
329 }
330  
331 void SPProtoEncoder_Free (SPProtoEncoder *o)
332 {
333 DebugObject_Free(&o->d_obj);
334  
335 // free work
336 if (o->tw_have) {
337 BThreadWork_Free(&o->tw);
338 }
339  
340 // free handler job
341 BPending_Free(&o->handler_job);
342  
343 // free plaintext buffer
344 if (SPPROTO_HAVE_ENCRYPTION(o->sp_params)) {
345 free(o->buf);
346 }
347  
348 // free output
349 PacketRecvInterface_Free(&o->output);
350  
351 // free encryptor
352 if (SPPROTO_HAVE_ENCRYPTION(o->sp_params) && o->have_encryption_key) {
353 BEncryption_Free(&o->encryptor);
354 }
355  
356 // free otp generator
357 if (SPPROTO_HAVE_OTP(o->sp_params)) {
358 OTPGenerator_Free(&o->otpgen);
359 }
360 }
361  
362 PacketRecvInterface * SPProtoEncoder_GetOutput (SPProtoEncoder *o)
363 {
364 DebugObject_Access(&o->d_obj);
365  
366 return &o->output;
367 }
368  
369 void SPProtoEncoder_SetEncryptionKey (SPProtoEncoder *o, uint8_t *encryption_key)
370 {
371 ASSERT(SPPROTO_HAVE_ENCRYPTION(o->sp_params))
372 DebugObject_Access(&o->d_obj);
373  
374 // stop existing work
375 maybe_stop_work(o);
376  
377 // free encryptor
378 if (o->have_encryption_key) {
379 BEncryption_Free(&o->encryptor);
380 }
381  
382 // init encryptor
383 BEncryption_Init(&o->encryptor, BENCRYPTION_MODE_ENCRYPT, o->sp_params.encryption_mode, encryption_key);
384  
385 // have encryption key
386 o->have_encryption_key = 1;
387  
388 // possibly continue I/O
389 maybe_encode(o);
390 }
391  
392 void SPProtoEncoder_RemoveEncryptionKey (SPProtoEncoder *o)
393 {
394 ASSERT(SPPROTO_HAVE_ENCRYPTION(o->sp_params))
395 DebugObject_Access(&o->d_obj);
396  
397 // stop existing work
398 maybe_stop_work(o);
399  
400 if (o->have_encryption_key) {
401 // free encryptor
402 BEncryption_Free(&o->encryptor);
403  
404 // have no encryption key
405 o->have_encryption_key = 0;
406 }
407 }
408  
409 void SPProtoEncoder_SetOTPSeed (SPProtoEncoder *o, uint16_t seed_id, uint8_t *key, uint8_t *iv)
410 {
411 ASSERT(SPPROTO_HAVE_OTP(o->sp_params))
412 DebugObject_Access(&o->d_obj);
413  
414 // give seed to OTP generator
415 OTPGenerator_SetSeed(&o->otpgen, key, iv);
416  
417 // remember seed ID
418 o->otpgen_pending_seed_id = seed_id;
419 }
420  
421 void SPProtoEncoder_RemoveOTPSeed (SPProtoEncoder *o)
422 {
423 ASSERT(SPPROTO_HAVE_OTP(o->sp_params))
424 DebugObject_Access(&o->d_obj);
425  
426 // reset OTP generator
427 OTPGenerator_Reset(&o->otpgen);
428 }
429  
430 void SPProtoEncoder_SetHandlers (SPProtoEncoder *o, SPProtoEncoder_handler handler, void *user)
431 {
432 DebugObject_Access(&o->d_obj);
433  
434 o->handler = handler;
435 o->user = user;
436 }