BadVPN – Blame information for rev 1
?pathlinks?
Rev | Author | Line No. | Line |
---|---|---|---|
1 | office | 1 | /** |
2 | * @file spproto.h |
||
3 | * @author Ambroz Bizjak <ambrop7@gmail.com> |
||
4 | * |
||
5 | * @section LICENSE |
||
6 | * |
||
7 | * Redistribution and use in source and binary forms, with or without |
||
8 | * modification, are permitted provided that the following conditions are met: |
||
9 | * 1. Redistributions of source code must retain the above copyright |
||
10 | * notice, this list of conditions and the following disclaimer. |
||
11 | * 2. Redistributions in binary form must reproduce the above copyright |
||
12 | * notice, this list of conditions and the following disclaimer in the |
||
13 | * documentation and/or other materials provided with the distribution. |
||
14 | * 3. Neither the name of the author nor the |
||
15 | * names of its contributors may be used to endorse or promote products |
||
16 | * derived from this software without specific prior written permission. |
||
17 | * |
||
18 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND |
||
19 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
||
20 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE |
||
21 | * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY |
||
22 | * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES |
||
23 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
||
24 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND |
||
25 | * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
||
26 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS |
||
27 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
||
28 | * |
||
29 | * @section DESCRIPTION |
||
30 | * |
||
31 | * Protocol for securing datagram communication. |
||
32 | * |
||
33 | * Security features implemented: |
||
34 | * - Encryption. Encrypts packets with a block cipher. |
||
35 | * Protects against a third party from seeing the data |
||
36 | * being transmitted. |
||
37 | * - Hashes. Adds a hash of the packet into the packet. |
||
38 | * Combined with encryption, protects against tampering |
||
39 | * with packets and crafting new packets. |
||
40 | * - One-time passwords. Adds a password to each packet |
||
41 | * for the receiver to recognize. Protects agains replaying |
||
42 | * packets and crafting new packets. |
||
43 | * |
||
44 | * A SPProto plaintext packet contains the following, in order: |
||
45 | * - if OTPs are used, a struct {@link spproto_otpdata} which contains |
||
46 | * the seed ID and the OTP, |
||
47 | * - if hashes are used, the hash, |
||
48 | * - payload data. |
||
49 | * |
||
50 | * If encryption is used: |
||
51 | * - the plaintext is padded by appending a 0x01 byte and as many 0x00 |
||
52 | * bytes as needed to align to block size, |
||
53 | * - the padded plaintext is encrypted, and |
||
54 | * - the initialization vector (IV) is prepended. |
||
55 | */ |
||
56 | |||
57 | #ifndef BADVPN_PROTOCOL_SPPROTO_H |
||
58 | #define BADVPN_PROTOCOL_SPPROTO_H |
||
59 | |||
60 | #include <stdint.h> |
||
61 | #include <limits.h> |
||
62 | |||
63 | #include <misc/debug.h> |
||
64 | #include <misc/balign.h> |
||
65 | #include <misc/packed.h> |
||
66 | #include <security/BHash.h> |
||
67 | #include <security/BEncryption.h> |
||
68 | #include <security/OTPCalculator.h> |
||
69 | |||
70 | #define SPPROTO_HASH_MODE_NONE 0 |
||
71 | #define SPPROTO_ENCRYPTION_MODE_NONE 0 |
||
72 | #define SPPROTO_OTP_MODE_NONE 0 |
||
73 | |||
74 | /** |
||
75 | * Stores security parameters for SPProto. |
||
76 | */ |
||
77 | struct spproto_security_params { |
||
78 | /** |
||
79 | * Hash mode. |
||
80 | * Either SPPROTO_HASH_MODE_NONE for no hashes, or a valid bhash |
||
81 | * hash mode. |
||
82 | */ |
||
83 | int hash_mode; |
||
84 | |||
85 | /** |
||
86 | * Encryption mode. |
||
87 | * Either SPPROTO_ENCRYPTION_MODE_NONE for no encryption, or a valid |
||
88 | * {@link BEncryption} cipher. |
||
89 | */ |
||
90 | int encryption_mode; |
||
91 | |||
92 | /** |
||
93 | * One-time password (OTP) mode. |
||
94 | * Either SPPROTO_OTP_MODE_NONE for no OTPs, or a valid |
||
95 | * {@link BEncryption} cipher. |
||
96 | */ |
||
97 | int otp_mode; |
||
98 | |||
99 | /** |
||
100 | * If OTPs are used (otp_mode != SPPROTO_OTP_MODE_NONE), number of |
||
101 | * OTPs generated from a single seed. |
||
102 | */ |
||
103 | int otp_num; |
||
104 | }; |
||
105 | |||
106 | #define SPPROTO_HAVE_HASH(_params) ((_params).hash_mode != SPPROTO_HASH_MODE_NONE) |
||
107 | #define SPPROTO_HASH_SIZE(_params) ( \ |
||
108 | SPPROTO_HAVE_HASH(_params) ? \ |
||
109 | BHash_size((_params).hash_mode) : \ |
||
110 | |||
111 | ) |
||
112 | |||
113 | #define SPPROTO_HAVE_ENCRYPTION(_params) ((_params).encryption_mode != SPPROTO_ENCRYPTION_MODE_NONE) |
||
114 | |||
115 | #define SPPROTO_HAVE_OTP(_params) ((_params).otp_mode != SPPROTO_OTP_MODE_NONE) |
||
116 | |||
117 | B_START_PACKED |
||
118 | struct spproto_otpdata { |
||
119 | uint16_t seed_id; |
||
120 | otp_t otp; |
||
121 | } B_PACKED; |
||
122 | B_END_PACKED |
||
123 | |||
124 | #define SPPROTO_HEADER_OTPDATA_OFF(_params) 0 |
||
125 | #define SPPROTO_HEADER_OTPDATA_LEN(_params) (SPPROTO_HAVE_OTP(_params) ? sizeof(struct spproto_otpdata) : 0) |
||
126 | #define SPPROTO_HEADER_HASH_OFF(_params) (SPPROTO_HEADER_OTPDATA_OFF(_params) + SPPROTO_HEADER_OTPDATA_LEN(_params)) |
||
127 | #define SPPROTO_HEADER_HASH_LEN(_params) SPPROTO_HASH_SIZE(_params) |
||
128 | #define SPPROTO_HEADER_LEN(_params) (SPPROTO_HEADER_HASH_OFF(_params) + SPPROTO_HEADER_HASH_LEN(_params)) |
||
129 | |||
130 | /** |
||
131 | * Asserts that the given SPProto security parameters are valid. |
||
132 | * |
||
133 | * @param params security parameters |
||
134 | */ |
||
135 | static void spproto_assert_security_params (struct spproto_security_params params) |
||
136 | { |
||
137 | ASSERT(params.hash_mode == SPPROTO_HASH_MODE_NONE || BHash_type_valid(params.hash_mode)) |
||
138 | ASSERT(params.encryption_mode == SPPROTO_ENCRYPTION_MODE_NONE || BEncryption_cipher_valid(params.encryption_mode)) |
||
139 | ASSERT(params.otp_mode == SPPROTO_OTP_MODE_NONE || BEncryption_cipher_valid(params.otp_mode)) |
||
140 | ASSERT(params.otp_mode == SPPROTO_OTP_MODE_NONE || params.otp_num > 0) |
||
141 | } |
||
142 | |||
143 | /** |
||
144 | * Calculates the maximum payload size for SPProto given the |
||
145 | * security parameters and the maximum encoded packet size. |
||
146 | * |
||
147 | * @param params security parameters |
||
148 | * @param carrier_mtu maximum encoded packet size. Must be >=0. |
||
149 | * @return maximum payload size. Negative means is is impossible |
||
150 | * to encode anything. |
||
151 | */ |
||
152 | static int spproto_payload_mtu_for_carrier_mtu (struct spproto_security_params params, int carrier_mtu) |
||
153 | { |
||
154 | spproto_assert_security_params(params); |
||
155 | ASSERT(carrier_mtu >= 0) |
||
156 | |||
157 | if (params.encryption_mode == SPPROTO_ENCRYPTION_MODE_NONE) { |
||
158 | return (carrier_mtu - SPPROTO_HEADER_LEN(params)); |
||
159 | } else { |
||
160 | int block_size = BEncryption_cipher_block_size(params.encryption_mode); |
||
161 | return (balign_down(carrier_mtu, block_size) - block_size - SPPROTO_HEADER_LEN(params) - 1); |
||
162 | } |
||
163 | } |
||
164 | |||
165 | /** |
||
166 | * Calculates the maximum encoded packet size for SPProto given the |
||
167 | * security parameters and the maximum payload size. |
||
168 | * |
||
169 | * @param params security parameters |
||
170 | * @param payload_mtu maximum payload size. Must be >=0. |
||
171 | * @return maximum encoded packet size, -1 if payload_mtu is too large |
||
172 | */ |
||
173 | static int spproto_carrier_mtu_for_payload_mtu (struct spproto_security_params params, int payload_mtu) |
||
174 | { |
||
175 | spproto_assert_security_params(params); |
||
176 | ASSERT(payload_mtu >= 0) |
||
177 | |||
178 | if (params.encryption_mode == SPPROTO_ENCRYPTION_MODE_NONE) { |
||
179 | if (payload_mtu > INT_MAX - SPPROTO_HEADER_LEN(params)) { |
||
180 | return -1; |
||
181 | } |
||
182 | |||
183 | return (SPPROTO_HEADER_LEN(params) + payload_mtu); |
||
184 | } else { |
||
185 | int block_size = BEncryption_cipher_block_size(params.encryption_mode); |
||
186 | |||
187 | if (payload_mtu > INT_MAX - (block_size + SPPROTO_HEADER_LEN(params) + block_size)) { |
||
188 | return -1; |
||
189 | } |
||
190 | |||
191 | return (block_size + balign_up((SPPROTO_HEADER_LEN(params) + payload_mtu + 1), block_size)); |
||
192 | } |
||
193 | } |
||
194 | |||
195 | #endif |