WebSVN – BadVPN – Blame – Rev 1

1

office

1

/**

2

* @file spproto.h

3

* @author Ambroz Bizjak <ambrop7@gmail.com>

*

* @section LICENSE

*

* Redistribution and use in source and binary forms, with or without

8

* modification, are permitted provided that the following conditions are met:

9

* 1. Redistributions of source code must retain the above copyright

10

* notice, this list of conditions and the following disclaimer.

11

* 2. Redistributions in binary form must reproduce the above copyright

12

* notice, this list of conditions and the following disclaimer in the

13

* documentation and/or other materials provided with the distribution.

14

* 3. Neither the name of the author nor the

15

* names of its contributors may be used to endorse or promote products

16

* derived from this software without specific prior written permission.

17

*

18

* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND

19

* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED

20

* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE

21

* DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY

22

* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES

23

* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

24

* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND

25

* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT

26

* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS

27

* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

28

*

29

* @section DESCRIPTION

30

*

31

* Protocol for securing datagram communication.

32

*

33

* Security features implemented:

34

* - Encryption. Encrypts packets with a block cipher.

35

* Protects against a third party from seeing the data

36

* being transmitted.

37

* - Hashes. Adds a hash of the packet into the packet.

38

* Combined with encryption, protects against tampering

39

* with packets and crafting new packets.

40

* - One-time passwords. Adds a password to each packet

41

* for the receiver to recognize. Protects agains replaying

42

* packets and crafting new packets.

43

*

44

* A SPProto plaintext packet contains the following, in order:

45

* - if OTPs are used, a struct {@link spproto_otpdata} which contains

46

* the seed ID and the OTP,

47

* - if hashes are used, the hash,

48

* - payload data.

49

*

50

* If encryption is used:

51

* - the plaintext is padded by appending a 0x01 byte and as many 0x00

52

* bytes as needed to align to block size,

53

* - the padded plaintext is encrypted, and

54

* - the initialization vector (IV) is prepended.

55

*/

56

57

#ifndef BADVPN_PROTOCOL_SPPROTO_H

58

#define BADVPN_PROTOCOL_SPPROTO_H

59

60

#include <stdint.h>

61

#include <limits.h>

62

63

#include <misc/debug.h>

64

#include <misc/balign.h>

65

#include <misc/packed.h>

66

#include <security/BHash.h>

67

#include <security/BEncryption.h>

68

#include <security/OTPCalculator.h>

69

70

#define SPPROTO_HASH_MODE_NONE 0

71

#define SPPROTO_ENCRYPTION_MODE_NONE 0

72

#define SPPROTO_OTP_MODE_NONE 0

73

74

/**

75

* Stores security parameters for SPProto.

76

*/

77

struct spproto_security_params {

78

/**

79

* Hash mode.

80

* Either SPPROTO_HASH_MODE_NONE for no hashes, or a valid bhash

* hash mode.

*/

int hash_mode;

/**

* Encryption mode.

* Either SPPROTO_ENCRYPTION_MODE_NONE for no encryption, or a valid

88

* {@link BEncryption} cipher.

89

*/

90

int encryption_mode;

91

92

/**

93

* One-time password (OTP) mode.

94

* Either SPPROTO_OTP_MODE_NONE for no OTPs, or a valid

95

* {@link BEncryption} cipher.

*/

int otp_mode;

/**

* If OTPs are used (otp_mode != SPPROTO_OTP_MODE_NONE), number of

101

* OTPs generated from a single seed.

*/

int otp_num;

};

#define SPPROTO_HAVE_HASH(_params) ((_params).hash_mode != SPPROTO_HASH_MODE_NONE)

107

#define SPPROTO_HASH_SIZE(_params) ( \

108

SPPROTO_HAVE_HASH(_params) ? \

109

BHash_size((_params).hash_mode) : \

)

#define SPPROTO_HAVE_ENCRYPTION(_params) ((_params).encryption_mode != SPPROTO_ENCRYPTION_MODE_NONE)

114

115

#define SPPROTO_HAVE_OTP(_params) ((_params).otp_mode != SPPROTO_OTP_MODE_NONE)

116

117

B_START_PACKED

118

struct spproto_otpdata {

uint16_t seed_id;

otp_t otp;

} B_PACKED;

B_END_PACKED

#define SPPROTO_HEADER_OTPDATA_OFF(_params) 0

125

#define SPPROTO_HEADER_OTPDATA_LEN(_params) (SPPROTO_HAVE_OTP(_params) ? sizeof(struct spproto_otpdata) : 0)

126

#define SPPROTO_HEADER_HASH_OFF(_params) (SPPROTO_HEADER_OTPDATA_OFF(_params) + SPPROTO_HEADER_OTPDATA_LEN(_params))

127

#define SPPROTO_HEADER_HASH_LEN(_params) SPPROTO_HASH_SIZE(_params)

128

#define SPPROTO_HEADER_LEN(_params) (SPPROTO_HEADER_HASH_OFF(_params) + SPPROTO_HEADER_HASH_LEN(_params))

129

130

/**

131

* Asserts that the given SPProto security parameters are valid.

132

*

133

* @param params security parameters

134

*/

135

static void spproto_assert_security_params (struct spproto_security_params params)

136

{

137

ASSERT(params.hash_mode == SPPROTO_HASH_MODE_NONE || BHash_type_valid(params.hash_mode))

138

ASSERT(params.encryption_mode == SPPROTO_ENCRYPTION_MODE_NONE || BEncryption_cipher_valid(params.encryption_mode))

139

ASSERT(params.otp_mode == SPPROTO_OTP_MODE_NONE || BEncryption_cipher_valid(params.otp_mode))

140

ASSERT(params.otp_mode == SPPROTO_OTP_MODE_NONE || params.otp_num > 0)

}

/**

* Calculates the maximum payload size for SPProto given the

145

* security parameters and the maximum encoded packet size.

146

*

147

* @param params security parameters

148

* @param carrier_mtu maximum encoded packet size. Must be >=0.

149

* @return maximum payload size. Negative means is is impossible

150

* to encode anything.

151

*/

152

static int spproto_payload_mtu_for_carrier_mtu (struct spproto_security_params params, int carrier_mtu)

153

{

154

spproto_assert_security_params(params);

155

ASSERT(carrier_mtu >= 0)

156

157

if (params.encryption_mode == SPPROTO_ENCRYPTION_MODE_NONE) {

158

return (carrier_mtu - SPPROTO_HEADER_LEN(params));

159

} else {

160

int block_size = BEncryption_cipher_block_size(params.encryption_mode);

161

return (balign_down(carrier_mtu, block_size) - block_size - SPPROTO_HEADER_LEN(params) - 1);

}

}

/**

* Calculates the maximum encoded packet size for SPProto given the

167

* security parameters and the maximum payload size.

168

*

169

* @param params security parameters

170

* @param payload_mtu maximum payload size. Must be >=0.

171

* @return maximum encoded packet size, -1 if payload_mtu is too large

172

*/

173

static int spproto_carrier_mtu_for_payload_mtu (struct spproto_security_params params, int payload_mtu)

174

{

175

spproto_assert_security_params(params);

176

ASSERT(payload_mtu >= 0)

177

178

if (params.encryption_mode == SPPROTO_ENCRYPTION_MODE_NONE) {

179

if (payload_mtu > INT_MAX - SPPROTO_HEADER_LEN(params)) {

return -1;

}

return (SPPROTO_HEADER_LEN(params) + payload_mtu);

184

} else {

185

int block_size = BEncryption_cipher_block_size(params.encryption_mode);

186

187

if (payload_mtu > INT_MAX - (block_size + SPPROTO_HEADER_LEN(params) + block_size)) {

return -1;

}

return (block_size + balign_up((SPPROTO_HEADER_LEN(params) + payload_mtu + 1), block_size));

}

}

#endif

BadVPN – Blame information for rev 1