Annotation of embedaddon/strongswan/src/libcharon/encoding/payloads/encrypted_payload.c, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (C) 2011-2018 Tobias Brunner
! 3: * Copyright (C) 2005-2010 Martin Willi
! 4: * Copyright (C) 2010 revosec AG
! 5: * Copyright (C) 2005 Jan Hutter
! 6: * HSR Hochschule fuer Technik Rapperswil
! 7: *
! 8: * This program is free software; you can redistribute it and/or modify it
! 9: * under the terms of the GNU General Public License as published by the
! 10: * Free Software Foundation; either version 2 of the License, or (at your
! 11: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
! 12: *
! 13: * This program is distributed in the hope that it will be useful, but
! 14: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
! 15: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
! 16: * for more details.
! 17: */
! 18:
! 19: #include <stddef.h>
! 20: #include <string.h>
! 21:
! 22: #include "encrypted_payload.h"
! 23: #include "encrypted_fragment_payload.h"
! 24:
! 25: #include <daemon.h>
! 26: #include <encoding/payloads/encodings.h>
! 27: #include <collections/linked_list.h>
! 28: #include <encoding/parser.h>
! 29:
! 30: typedef struct private_encrypted_payload_t private_encrypted_payload_t;
! 31: typedef struct private_encrypted_fragment_payload_t private_encrypted_fragment_payload_t;
! 32:
! 33: struct private_encrypted_payload_t {
! 34:
! 35: /**
! 36: * Public encrypted_payload_t interface.
! 37: */
! 38: encrypted_payload_t public;
! 39:
! 40: /**
! 41: * There is no next payload for an encrypted payload,
! 42: * since encrypted payload MUST be the last one.
! 43: * next_payload means here the first payload of the
! 44: * contained, encrypted payload.
! 45: */
! 46: uint8_t next_payload;
! 47:
! 48: /**
! 49: * Flags, including reserved bits
! 50: */
! 51: uint8_t flags;
! 52:
! 53: /**
! 54: * Length of this payload
! 55: */
! 56: uint16_t payload_length;
! 57:
! 58: /**
! 59: * Chunk containing the IV, plain, padding and ICV.
! 60: */
! 61: chunk_t encrypted;
! 62:
! 63: /**
! 64: * AEAD transform to use
! 65: */
! 66: aead_t *aead;
! 67:
! 68: /**
! 69: * Contained payloads
! 70: */
! 71: linked_list_t *payloads;
! 72:
! 73: /**
! 74: * Type of payload, PLV2_ENCRYPTED or PLV1_ENCRYPTED
! 75: */
! 76: payload_type_t type;
! 77: };
! 78:
! 79: struct private_encrypted_fragment_payload_t {
! 80:
! 81: /**
! 82: * Public interface.
! 83: */
! 84: encrypted_fragment_payload_t public;
! 85:
! 86: /**
! 87: * The first fragment contains the type of the first payload contained in
! 88: * the original encrypted payload, for all other fragments it MUST be set
! 89: * to zero.
! 90: */
! 91: uint8_t next_payload;
! 92:
! 93: /**
! 94: * Flags, including reserved bits
! 95: */
! 96: uint8_t flags;
! 97:
! 98: /**
! 99: * Length of this payload
! 100: */
! 101: uint16_t payload_length;
! 102:
! 103: /**
! 104: * Chunk containing the IV, plain, padding and ICV.
! 105: */
! 106: chunk_t encrypted;
! 107:
! 108: /**
! 109: * Fragment number
! 110: */
! 111: uint16_t fragment_number;
! 112:
! 113: /**
! 114: * Total fragments
! 115: */
! 116: uint16_t total_fragments;
! 117:
! 118: /**
! 119: * AEAD transform to use
! 120: */
! 121: aead_t *aead;
! 122:
! 123: /**
! 124: * Chunk containing the plain packet data.
! 125: */
! 126: chunk_t plain;
! 127: };
! 128:
! 129: /**
! 130: * Encoding rules to parse or generate a IKEv2-Encrypted Payload.
! 131: *
! 132: * The defined offsets are the positions in a object of type
! 133: * private_encrypted_payload_t.
! 134: */
! 135: static encoding_rule_t encodings_v2[] = {
! 136: /* 1 Byte next payload type, stored in the field next_payload */
! 137: { U_INT_8, offsetof(private_encrypted_payload_t, next_payload) },
! 138: /* Critical and 7 reserved bits, all stored for reconstruction */
! 139: { U_INT_8, offsetof(private_encrypted_payload_t, flags) },
! 140: /* Length of the whole encrypted payload*/
! 141: { PAYLOAD_LENGTH, offsetof(private_encrypted_payload_t, payload_length) },
! 142: /* encrypted data, stored in a chunk. contains iv, data, padding */
! 143: { CHUNK_DATA, offsetof(private_encrypted_payload_t, encrypted) },
! 144: };
! 145:
! 146: /*
! 147: 1 2 3
! 148: 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
! 149: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
! 150: ! Next Payload !C! RESERVED ! Payload Length !
! 151: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
! 152: ! Initialization Vector !
! 153: ! (length is block size for encryption algorithm) !
! 154: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
! 155: ! Encrypted IKE Payloads !
! 156: + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
! 157: ! ! Padding (0-255 octets) !
! 158: +-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
! 159: ! ! Pad Length !
! 160: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
! 161: ~ Integrity Checksum Data ~
! 162: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
! 163: */
! 164:
! 165: /**
! 166: * Encoding rules to parse or generate a complete encrypted IKEv1 message.
! 167: *
! 168: * The defined offsets are the positions in a object of type
! 169: * private_encrypted_payload_t.
! 170: */
! 171: static encoding_rule_t encodings_v1[] = {
! 172: /* encrypted data, stored in a chunk */
! 173: { ENCRYPTED_DATA, offsetof(private_encrypted_payload_t, encrypted) },
! 174: };
! 175:
! 176: /*
! 177: 1 2 3
! 178: 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
! 179: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
! 180: ! Encrypted IKE Payloads !
! 181: + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
! 182: ! ! Padding (0-255 octets) !
! 183: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
! 184: */
! 185:
! 186: /**
! 187: * Encoding rules to parse or generate an IKEv2-Encrypted Fragment Payload.
! 188: *
! 189: * The defined offsets are the positions in a object of type
! 190: * private_encrypted_payload_t.
! 191: */
! 192: static encoding_rule_t encodings_fragment[] = {
! 193: /* 1 Byte next payload type, stored in the field next_payload */
! 194: { U_INT_8, offsetof(private_encrypted_fragment_payload_t, next_payload) },
! 195: /* Critical and 7 reserved bits, all stored for reconstruction */
! 196: { U_INT_8, offsetof(private_encrypted_fragment_payload_t, flags) },
! 197: /* Length of the whole encryption payload*/
! 198: { PAYLOAD_LENGTH, offsetof(private_encrypted_fragment_payload_t, payload_length) },
! 199: /* Fragment number */
! 200: { U_INT_16, offsetof(private_encrypted_fragment_payload_t, fragment_number) },
! 201: /* Total number of fragments */
! 202: { U_INT_16, offsetof(private_encrypted_fragment_payload_t, total_fragments) },
! 203: /* encrypted data, stored in a chunk. contains iv, data, padding */
! 204: { CHUNK_DATA, offsetof(private_encrypted_fragment_payload_t, encrypted) },
! 205: };
! 206:
! 207: /*
! 208: 1 2 3
! 209: 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
! 210: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
! 211: ! Next Payload !C! RESERVED ! Payload Length !
! 212: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
! 213: ! Fragment Number | Total Fragments !
! 214: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
! 215: ! Initialization Vector !
! 216: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
! 217: ! Encrypted IKE Payloads !
! 218: + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
! 219: ! ! Padding (0-255 octets) !
! 220: +-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
! 221: ! ! Pad Length !
! 222: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
! 223: ~ Integrity Checksum Data ~
! 224: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
! 225: */
! 226:
! 227: METHOD(payload_t, verify, status_t,
! 228: private_encrypted_payload_t *this)
! 229: {
! 230: return SUCCESS;
! 231: }
! 232:
! 233: METHOD(payload_t, get_encoding_rules, int,
! 234: private_encrypted_payload_t *this, encoding_rule_t **rules)
! 235: {
! 236: if (this->type == PLV2_ENCRYPTED)
! 237: {
! 238: *rules = encodings_v2;
! 239: return countof(encodings_v2);
! 240: }
! 241: *rules = encodings_v1;
! 242: return countof(encodings_v1);
! 243: }
! 244:
! 245: METHOD(payload_t, get_header_length, int,
! 246: private_encrypted_payload_t *this)
! 247: {
! 248: if (this->type == PLV2_ENCRYPTED)
! 249: {
! 250: return 4;
! 251: }
! 252: return 0;
! 253: }
! 254:
! 255: METHOD(payload_t, get_type, payload_type_t,
! 256: private_encrypted_payload_t *this)
! 257: {
! 258: return this->type;
! 259: }
! 260:
! 261: METHOD(payload_t, get_next_type, payload_type_t,
! 262: private_encrypted_payload_t *this)
! 263: {
! 264: return this->next_payload;
! 265: }
! 266:
! 267: METHOD(payload_t, set_next_type, void,
! 268: private_encrypted_payload_t *this, payload_type_t type)
! 269: {
! 270: /* the next payload is set during add, still allow this for IKEv1 */
! 271: this->next_payload = type;
! 272: }
! 273:
! 274: /**
! 275: * Get length of encryption/integrity overhead for the given plaintext length
! 276: */
! 277: static size_t compute_overhead(aead_t *aead, size_t len)
! 278: {
! 279: size_t bs, overhead;
! 280:
! 281: /* padding */
! 282: bs = aead->get_block_size(aead);
! 283: overhead = bs - (len % bs);
! 284: /* add iv */
! 285: overhead += aead->get_iv_size(aead);
! 286: /* add icv */
! 287: overhead += aead->get_icv_size(aead);
! 288: return overhead;
! 289: }
! 290:
! 291: /**
! 292: * Compute the length of the whole payload
! 293: */
! 294: static void compute_length(private_encrypted_payload_t *this)
! 295: {
! 296: enumerator_t *enumerator;
! 297: payload_t *payload;
! 298: size_t length = 0;
! 299:
! 300: if (this->encrypted.len)
! 301: {
! 302: length = this->encrypted.len;
! 303: }
! 304: else
! 305: {
! 306: enumerator = this->payloads->create_enumerator(this->payloads);
! 307: while (enumerator->enumerate(enumerator, &payload))
! 308: {
! 309: length += payload->get_length(payload);
! 310: }
! 311: enumerator->destroy(enumerator);
! 312:
! 313: if (this->aead)
! 314: {
! 315: length += compute_overhead(this->aead, length);
! 316: }
! 317: }
! 318: length += get_header_length(this);
! 319: this->payload_length = length;
! 320: }
! 321:
! 322: METHOD2(payload_t, encrypted_payload_t, get_length, size_t,
! 323: private_encrypted_payload_t *this)
! 324: {
! 325: compute_length(this);
! 326: return this->payload_length;
! 327: }
! 328:
! 329: METHOD2(payload_t, encrypted_payload_t, get_length_plain, size_t,
! 330: private_encrypted_payload_t *this)
! 331: {
! 332: /* contains only the decrypted payload data, no IV, padding or ICV */
! 333: this->payload_length = this->encrypted.len;
! 334:
! 335: if (this->aead)
! 336: {
! 337: this->payload_length += compute_overhead(this->aead,
! 338: this->payload_length);
! 339: }
! 340: this->payload_length += get_header_length(this);
! 341: return this->payload_length;
! 342: }
! 343:
! 344: METHOD(encrypted_payload_t, add_payload, void,
! 345: private_encrypted_payload_t *this, payload_t *payload)
! 346: {
! 347: payload_t *last_payload;
! 348:
! 349: if (this->payloads->get_count(this->payloads) > 0)
! 350: {
! 351: this->payloads->get_last(this->payloads, (void **)&last_payload);
! 352: last_payload->set_next_type(last_payload, payload->get_type(payload));
! 353: }
! 354: else
! 355: {
! 356: this->next_payload = payload->get_type(payload);
! 357: }
! 358: payload->set_next_type(payload, PL_NONE);
! 359: this->payloads->insert_last(this->payloads, payload);
! 360: compute_length(this);
! 361: }
! 362:
! 363: METHOD(encrypted_payload_t, remove_payload, payload_t *,
! 364: private_encrypted_payload_t *this)
! 365: {
! 366: payload_t *payload;
! 367:
! 368: if (this->payloads->remove_first(this->payloads,
! 369: (void**)&payload) == SUCCESS)
! 370: {
! 371: return payload;
! 372: }
! 373: return NULL;
! 374: }
! 375:
! 376: /**
! 377: * Generate payload before encryption
! 378: */
! 379: static chunk_t generate(private_encrypted_payload_t *this,
! 380: generator_t *generator)
! 381: {
! 382: payload_t *current, *next;
! 383: enumerator_t *enumerator;
! 384: uint32_t *lenpos;
! 385: chunk_t chunk = chunk_empty;
! 386:
! 387: enumerator = this->payloads->create_enumerator(this->payloads);
! 388: if (enumerator->enumerate(enumerator, ¤t))
! 389: {
! 390: this->next_payload = current->get_type(current);
! 391:
! 392: while (enumerator->enumerate(enumerator, &next))
! 393: {
! 394: current->set_next_type(current, next->get_type(next));
! 395: generator->generate_payload(generator, current);
! 396: current = next;
! 397: }
! 398: current->set_next_type(current, PL_NONE);
! 399: generator->generate_payload(generator, current);
! 400:
! 401: chunk = generator->get_chunk(generator, &lenpos);
! 402: DBG2(DBG_ENC, "generated content in encrypted payload");
! 403: }
! 404: enumerator->destroy(enumerator);
! 405: return chunk;
! 406: }
! 407:
! 408: METHOD(encrypted_payload_t, generate_payloads, void,
! 409: private_encrypted_payload_t *this, generator_t *generator)
! 410: {
! 411: generate(this, generator);
! 412: }
! 413:
! 414: /**
! 415: * Append the encrypted payload header to the associated data
! 416: */
! 417: static chunk_t append_header(private_encrypted_payload_t *this, chunk_t assoc)
! 418: {
! 419: struct {
! 420: uint8_t next_payload;
! 421: uint8_t flags;
! 422: uint16_t length;
! 423: } __attribute__((packed)) header = {
! 424: .next_payload = this->next_payload,
! 425: .flags = this->flags,
! 426: .length = htons(get_length(this)),
! 427: };
! 428: return chunk_cat("cc", assoc, chunk_from_thing(header));
! 429: }
! 430:
! 431: /**
! 432: * Encrypts the data in plain and returns it in an allocated chunk.
! 433: */
! 434: static status_t encrypt_content(char *label, aead_t *aead, uint64_t mid,
! 435: chunk_t plain, chunk_t assoc, chunk_t *encrypted)
! 436: {
! 437: chunk_t iv, padding, icv, crypt;
! 438: iv_gen_t *iv_gen;
! 439: rng_t *rng;
! 440: size_t bs;
! 441:
! 442: rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
! 443: if (!rng)
! 444: {
! 445: DBG1(DBG_ENC, "encrypting %s failed, no RNG found", label);
! 446: return NOT_SUPPORTED;
! 447: }
! 448:
! 449: iv_gen = aead->get_iv_gen(aead);
! 450: if (!iv_gen)
! 451: {
! 452: DBG1(DBG_ENC, "encrypting %s failed, no IV generator", label);
! 453: return NOT_SUPPORTED;
! 454: }
! 455:
! 456: bs = aead->get_block_size(aead);
! 457: /* we need at least one byte padding to store the padding length */
! 458: padding.len = bs - (plain.len % bs);
! 459: iv.len = aead->get_iv_size(aead);
! 460: icv.len = aead->get_icv_size(aead);
! 461:
! 462: /* prepare data to authenticate-encrypt:
! 463: * | IV | plain | padding | ICV |
! 464: * \____crypt______/ ^
! 465: * | /
! 466: * v /
! 467: * assoc -> + ------->/
! 468: */
! 469: *encrypted = chunk_alloc(iv.len + plain.len + padding.len + icv.len);
! 470: iv.ptr = encrypted->ptr;
! 471: memcpy(iv.ptr + iv.len, plain.ptr, plain.len);
! 472: plain.ptr = iv.ptr + iv.len;
! 473: padding.ptr = plain.ptr + plain.len;
! 474: icv.ptr = padding.ptr + padding.len;
! 475: crypt = chunk_create(plain.ptr, plain.len + padding.len);
! 476:
! 477: if (!iv_gen->get_iv(iv_gen, mid, iv.len, iv.ptr) ||
! 478: !rng->get_bytes(rng, padding.len - 1, padding.ptr))
! 479: {
! 480: DBG1(DBG_ENC, "encrypting %s failed, no IV or padding", label);
! 481: rng->destroy(rng);
! 482:
! 483: return FAILED;
! 484: }
! 485: padding.ptr[padding.len - 1] = padding.len - 1;
! 486: rng->destroy(rng);
! 487:
! 488: DBG3(DBG_ENC, "%s encryption:", label);
! 489: DBG3(DBG_ENC, "IV %B", &iv);
! 490: DBG3(DBG_ENC, "plain %B", &plain);
! 491: DBG3(DBG_ENC, "padding %B", &padding);
! 492: DBG3(DBG_ENC, "assoc %B", &assoc);
! 493:
! 494: if (!aead->encrypt(aead, crypt, assoc, iv, NULL))
! 495: {
! 496: return FAILED;
! 497: }
! 498: DBG3(DBG_ENC, "encrypted %B", &crypt);
! 499: DBG3(DBG_ENC, "ICV %B", &icv);
! 500: return SUCCESS;
! 501: }
! 502:
! 503: METHOD(encrypted_payload_t, encrypt, status_t,
! 504: private_encrypted_payload_t *this, uint64_t mid, chunk_t assoc)
! 505: {
! 506: generator_t *generator;
! 507: chunk_t plain;
! 508: status_t status;
! 509:
! 510: if (this->aead == NULL)
! 511: {
! 512: DBG1(DBG_ENC, "encrypting encrypted payload failed, transform missing");
! 513: return INVALID_STATE;
! 514: }
! 515:
! 516: free(this->encrypted.ptr);
! 517: generator = generator_create();
! 518: plain = generate(this, generator);
! 519: assoc = append_header(this, assoc);
! 520: /* lower 32-bits are for fragment number, if used */
! 521: mid <<= 32;
! 522: status = encrypt_content("encrypted payload", this->aead, mid, plain, assoc,
! 523: &this->encrypted);
! 524: generator->destroy(generator);
! 525: free(assoc.ptr);
! 526: return status;
! 527: }
! 528:
! 529: METHOD(encrypted_payload_t, encrypt_v1, status_t,
! 530: private_encrypted_payload_t *this, uint64_t mid, chunk_t iv)
! 531: {
! 532: generator_t *generator;
! 533: chunk_t plain, padding;
! 534: size_t bs;
! 535:
! 536: if (this->aead == NULL)
! 537: {
! 538: DBG1(DBG_ENC, "encryption failed, transform missing");
! 539: return INVALID_STATE;
! 540: }
! 541:
! 542: generator = generator_create();
! 543: plain = generate(this, generator);
! 544: bs = this->aead->get_block_size(this->aead);
! 545: padding.len = bs - (plain.len % bs);
! 546:
! 547: /* prepare data to encrypt:
! 548: * | plain | padding | */
! 549: free(this->encrypted.ptr);
! 550: this->encrypted = chunk_alloc(plain.len + padding.len);
! 551: memcpy(this->encrypted.ptr, plain.ptr, plain.len);
! 552: plain.ptr = this->encrypted.ptr;
! 553: padding.ptr = plain.ptr + plain.len;
! 554: memset(padding.ptr, 0, padding.len);
! 555: generator->destroy(generator);
! 556:
! 557: DBG3(DBG_ENC, "encrypting payloads:");
! 558: DBG3(DBG_ENC, "IV %B", &iv);
! 559: DBG3(DBG_ENC, "plain %B", &plain);
! 560: DBG3(DBG_ENC, "padding %B", &padding);
! 561:
! 562: if (!this->aead->encrypt(this->aead, this->encrypted, chunk_empty, iv, NULL))
! 563: {
! 564: return FAILED;
! 565: }
! 566:
! 567: DBG3(DBG_ENC, "encrypted %B", &this->encrypted);
! 568:
! 569: return SUCCESS;
! 570: }
! 571:
! 572: /**
! 573: * Parse the payloads after decryption.
! 574: */
! 575: static status_t parse(private_encrypted_payload_t *this, chunk_t plain)
! 576: {
! 577: parser_t *parser;
! 578: payload_type_t type;
! 579:
! 580: parser = parser_create(plain);
! 581: parser->set_major_version(parser, this->type == PLV1_ENCRYPTED ? 1 : 2);
! 582: type = this->next_payload;
! 583: while (type != PL_NONE)
! 584: {
! 585: payload_t *payload;
! 586:
! 587: if (plain.len < 4 || untoh16(plain.ptr + 2) > plain.len)
! 588: {
! 589: DBG1(DBG_ENC, "invalid %N payload length, decryption failed?",
! 590: payload_type_names, type);
! 591: parser->destroy(parser);
! 592: return PARSE_ERROR;
! 593: }
! 594: if (parser->parse_payload(parser, type, &payload) != SUCCESS)
! 595: {
! 596: parser->destroy(parser);
! 597: return PARSE_ERROR;
! 598: }
! 599: if (payload->verify(payload) != SUCCESS)
! 600: {
! 601: DBG1(DBG_ENC, "%N verification failed",
! 602: payload_type_names, payload->get_type(payload));
! 603: payload->destroy(payload);
! 604: parser->destroy(parser);
! 605: return VERIFY_ERROR;
! 606: }
! 607: type = payload->get_next_type(payload);
! 608: this->payloads->insert_last(this->payloads, payload);
! 609: }
! 610: parser->destroy(parser);
! 611: DBG2(DBG_ENC, "parsed content of encrypted payload");
! 612: return SUCCESS;
! 613: }
! 614:
! 615: /**
! 616: * Decrypts the given data in-place and returns a chunk pointing to the
! 617: * resulting plaintext.
! 618: */
! 619: static status_t decrypt_content(char *label, aead_t *aead, chunk_t encrypted,
! 620: chunk_t assoc, chunk_t *plain)
! 621: {
! 622: chunk_t iv, padding, icv, crypt;
! 623: size_t bs;
! 624:
! 625: /* prepare data to authenticate-decrypt:
! 626: * | IV | plain | padding | ICV |
! 627: * \____crypt______/ ^
! 628: * | /
! 629: * v /
! 630: * assoc -> + ------->/
! 631: */
! 632: bs = aead->get_block_size(aead);
! 633: iv.len = aead->get_iv_size(aead);
! 634: iv.ptr = encrypted.ptr;
! 635: icv.len = aead->get_icv_size(aead);
! 636: icv.ptr = encrypted.ptr + encrypted.len - icv.len;
! 637: crypt.ptr = iv.ptr + iv.len;
! 638: crypt.len = encrypted.len - iv.len;
! 639:
! 640: if (iv.len + icv.len > encrypted.len ||
! 641: (crypt.len - icv.len) % bs)
! 642: {
! 643: DBG1(DBG_ENC, "decrypting %s payload failed, invalid length", label);
! 644: return FAILED;
! 645: }
! 646:
! 647: DBG3(DBG_ENC, "%s decryption:", label);
! 648: DBG3(DBG_ENC, "IV %B", &iv);
! 649: DBG3(DBG_ENC, "encrypted %B", &crypt);
! 650: DBG3(DBG_ENC, "ICV %B", &icv);
! 651: DBG3(DBG_ENC, "assoc %B", &assoc);
! 652:
! 653: if (!aead->decrypt(aead, crypt, assoc, iv, NULL))
! 654: {
! 655: DBG1(DBG_ENC, "verifying %s integrity failed", label);
! 656: return FAILED;
! 657: }
! 658:
! 659: *plain = chunk_create(crypt.ptr, crypt.len - icv.len);
! 660: padding.len = plain->ptr[plain->len - 1] + 1;
! 661: if (padding.len > plain->len)
! 662: {
! 663: DBG1(DBG_ENC, "decrypting %s failed, padding invalid %B", label,
! 664: &crypt);
! 665: return PARSE_ERROR;
! 666: }
! 667: plain->len -= padding.len;
! 668: padding.ptr = plain->ptr + plain->len;
! 669:
! 670: DBG3(DBG_ENC, "plain %B", plain);
! 671: DBG3(DBG_ENC, "padding %B", &padding);
! 672: return SUCCESS;
! 673: }
! 674:
! 675: METHOD(encrypted_payload_t, decrypt, status_t,
! 676: private_encrypted_payload_t *this, chunk_t assoc)
! 677: {
! 678: chunk_t plain;
! 679: status_t status;
! 680:
! 681: if (this->aead == NULL)
! 682: {
! 683: DBG1(DBG_ENC, "decrypting encrypted payload failed, transform missing");
! 684: return INVALID_STATE;
! 685: }
! 686:
! 687: assoc = append_header(this, assoc);
! 688: status = decrypt_content("encrypted payload", this->aead, this->encrypted,
! 689: assoc, &plain);
! 690: free(assoc.ptr);
! 691:
! 692: if (status != SUCCESS)
! 693: {
! 694: return status;
! 695: }
! 696: return parse(this, plain);
! 697: }
! 698:
! 699: METHOD(encrypted_payload_t, decrypt_plain, status_t,
! 700: private_encrypted_payload_t *this, chunk_t assoc)
! 701: {
! 702: if (!this->encrypted.ptr)
! 703: {
! 704: return FAILED;
! 705: }
! 706: return parse(this, this->encrypted);
! 707: }
! 708:
! 709: METHOD(encrypted_payload_t, decrypt_v1, status_t,
! 710: private_encrypted_payload_t *this, chunk_t iv)
! 711: {
! 712: if (this->aead == NULL)
! 713: {
! 714: DBG1(DBG_ENC, "decryption failed, transform missing");
! 715: return INVALID_STATE;
! 716: }
! 717:
! 718: /* data must be a multiple of block size */
! 719: if (iv.len != this->aead->get_block_size(this->aead) ||
! 720: this->encrypted.len < iv.len || this->encrypted.len % iv.len)
! 721: {
! 722: DBG1(DBG_ENC, "decryption failed, invalid length");
! 723: return FAILED;
! 724: }
! 725:
! 726: DBG3(DBG_ENC, "decrypting payloads:");
! 727: DBG3(DBG_ENC, "encrypted %B", &this->encrypted);
! 728:
! 729: if (!this->aead->decrypt(this->aead, this->encrypted, chunk_empty, iv, NULL))
! 730: {
! 731: return FAILED;
! 732: }
! 733:
! 734: DBG3(DBG_ENC, "plain %B", &this->encrypted);
! 735:
! 736: return parse(this, this->encrypted);
! 737: }
! 738:
! 739: METHOD(encrypted_payload_t, set_transform, void,
! 740: private_encrypted_payload_t *this, aead_t* aead)
! 741: {
! 742: this->aead = aead;
! 743: }
! 744:
! 745: METHOD(encrypted_payload_t, get_transform, aead_t*,
! 746: private_encrypted_payload_t *this)
! 747: {
! 748: return this->aead;
! 749: }
! 750:
! 751: METHOD2(payload_t, encrypted_payload_t, destroy, void,
! 752: private_encrypted_payload_t *this)
! 753: {
! 754: this->payloads->destroy_offset(this->payloads, offsetof(payload_t, destroy));
! 755: free(this->encrypted.ptr);
! 756: free(this);
! 757: }
! 758:
! 759: /*
! 760: * Described in header
! 761: */
! 762: encrypted_payload_t *encrypted_payload_create(payload_type_t type)
! 763: {
! 764: private_encrypted_payload_t *this;
! 765:
! 766: INIT(this,
! 767: .public = {
! 768: .payload_interface = {
! 769: .verify = _verify,
! 770: .get_encoding_rules = _get_encoding_rules,
! 771: .get_header_length = _get_header_length,
! 772: .get_length = _get_length,
! 773: .get_next_type = _get_next_type,
! 774: .set_next_type = _set_next_type,
! 775: .get_type = _get_type,
! 776: .destroy = _destroy,
! 777: },
! 778: .get_length = _get_length,
! 779: .add_payload = _add_payload,
! 780: .remove_payload = _remove_payload,
! 781: .generate_payloads = _generate_payloads,
! 782: .set_transform = _set_transform,
! 783: .get_transform = _get_transform,
! 784: .encrypt = _encrypt,
! 785: .decrypt = _decrypt,
! 786: .destroy = _destroy,
! 787: },
! 788: .next_payload = PL_NONE,
! 789: .payloads = linked_list_create(),
! 790: .type = type,
! 791: );
! 792: this->payload_length = get_header_length(this);
! 793:
! 794: if (type == PLV1_ENCRYPTED)
! 795: {
! 796: this->public.encrypt = _encrypt_v1;
! 797: this->public.decrypt = _decrypt_v1;
! 798: }
! 799:
! 800: return &this->public;
! 801: }
! 802:
! 803: /*
! 804: * Described in header
! 805: */
! 806: encrypted_payload_t *encrypted_payload_create_from_plain(payload_type_t next,
! 807: chunk_t plain)
! 808: {
! 809: private_encrypted_payload_t *this;
! 810:
! 811: this = (private_encrypted_payload_t*)encrypted_payload_create(PLV2_ENCRYPTED);
! 812: this->public.payload_interface.get_length = _get_length_plain;
! 813: this->public.get_length = _get_length_plain;
! 814: this->public.decrypt = _decrypt_plain;
! 815: this->next_payload = next;
! 816: this->encrypted = plain;
! 817:
! 818: return &this->public;
! 819: }
! 820:
! 821: METHOD(payload_t, frag_verify, status_t,
! 822: private_encrypted_fragment_payload_t *this)
! 823: {
! 824: if (!this->fragment_number || !this->total_fragments ||
! 825: this->fragment_number > this->total_fragments)
! 826: {
! 827: DBG1(DBG_ENC, "invalid fragment number (%u) or total fragments (%u)",
! 828: this->fragment_number, this->total_fragments);
! 829: return FAILED;
! 830: }
! 831: if (this->fragment_number > 1 && this->next_payload != 0)
! 832: {
! 833: DBG1(DBG_ENC, "invalid next payload (%u) for fragment %u, ignored",
! 834: this->next_payload, this->fragment_number);
! 835: this->next_payload = 0;
! 836: }
! 837: return SUCCESS;
! 838: }
! 839:
! 840: METHOD(payload_t, frag_get_encoding_rules, int,
! 841: private_encrypted_fragment_payload_t *this, encoding_rule_t **rules)
! 842: {
! 843: *rules = encodings_fragment;
! 844: return countof(encodings_fragment);
! 845: }
! 846:
! 847: METHOD(payload_t, frag_get_header_length, int,
! 848: private_encrypted_fragment_payload_t *this)
! 849: {
! 850: return 8;
! 851: }
! 852:
! 853: METHOD(payload_t, frag_get_type, payload_type_t,
! 854: private_encrypted_fragment_payload_t *this)
! 855: {
! 856: return PLV2_FRAGMENT;
! 857: }
! 858:
! 859: METHOD(payload_t, frag_get_next_type, payload_type_t,
! 860: private_encrypted_fragment_payload_t *this)
! 861: {
! 862: return this->next_payload;
! 863: }
! 864:
! 865: METHOD(payload_t, frag_set_next_type, void,
! 866: private_encrypted_fragment_payload_t *this, payload_type_t type)
! 867: {
! 868: if (this->fragment_number == 1 && this->next_payload == PL_NONE)
! 869: {
! 870: this->next_payload = type;
! 871: }
! 872: }
! 873:
! 874: METHOD2(payload_t, encrypted_payload_t, frag_get_length, size_t,
! 875: private_encrypted_fragment_payload_t *this)
! 876: {
! 877: if (this->encrypted.len)
! 878: {
! 879: this->payload_length = this->encrypted.len;
! 880: }
! 881: else
! 882: {
! 883: this->payload_length = this->plain.len;
! 884:
! 885: if (this->aead)
! 886: {
! 887: this->payload_length += compute_overhead(this->aead,
! 888: this->payload_length);
! 889: }
! 890: }
! 891: this->payload_length += frag_get_header_length(this);
! 892: return this->payload_length;
! 893: }
! 894:
! 895: METHOD(encrypted_fragment_payload_t, get_fragment_number, uint16_t,
! 896: private_encrypted_fragment_payload_t *this)
! 897: {
! 898: return this->fragment_number;
! 899: }
! 900:
! 901: METHOD(encrypted_fragment_payload_t, get_total_fragments, uint16_t,
! 902: private_encrypted_fragment_payload_t *this)
! 903: {
! 904: return this->total_fragments;
! 905: }
! 906:
! 907: METHOD(encrypted_fragment_payload_t, frag_get_content, chunk_t,
! 908: private_encrypted_fragment_payload_t *this)
! 909: {
! 910: return this->plain;
! 911: }
! 912:
! 913: METHOD(encrypted_payload_t, frag_add_payload, void,
! 914: private_encrypted_fragment_payload_t *this, payload_t* payload)
! 915: {
! 916: payload->destroy(payload);
! 917: }
! 918:
! 919: METHOD(encrypted_payload_t, frag_set_transform, void,
! 920: private_encrypted_fragment_payload_t *this, aead_t* aead)
! 921: {
! 922: this->aead = aead;
! 923: }
! 924:
! 925: METHOD(encrypted_payload_t, frag_get_transform, aead_t*,
! 926: private_encrypted_fragment_payload_t *this)
! 927: {
! 928: return this->aead;
! 929: }
! 930:
! 931: /**
! 932: * Append the encrypted fragment payload header to the associated data
! 933: */
! 934: static chunk_t append_header_frag(private_encrypted_fragment_payload_t *this,
! 935: chunk_t assoc)
! 936: {
! 937: struct {
! 938: uint8_t next_payload;
! 939: uint8_t flags;
! 940: uint16_t length;
! 941: uint16_t fragment_number;
! 942: uint16_t total_fragments;
! 943: } __attribute__((packed)) header = {
! 944: .next_payload = this->next_payload,
! 945: .flags = this->flags,
! 946: .length = htons(frag_get_length(this)),
! 947: .fragment_number = htons(this->fragment_number),
! 948: .total_fragments = htons(this->total_fragments),
! 949: };
! 950: return chunk_cat("cc", assoc, chunk_from_thing(header));
! 951: }
! 952:
! 953: METHOD(encrypted_payload_t, frag_encrypt, status_t,
! 954: private_encrypted_fragment_payload_t *this, uint64_t mid, chunk_t assoc)
! 955: {
! 956: status_t status;
! 957:
! 958: if (!this->aead)
! 959: {
! 960: DBG1(DBG_ENC, "encrypting encrypted fragment payload failed, "
! 961: "transform missing");
! 962: return INVALID_STATE;
! 963: }
! 964: free(this->encrypted.ptr);
! 965: assoc = append_header_frag(this, assoc);
! 966: /* IKEv2 message IDs are not unique if fragmentation is used, hence include
! 967: * the fragment number to make it unique */
! 968: mid = mid << 32 | this->fragment_number;
! 969: status = encrypt_content("encrypted fragment payload", this->aead, mid,
! 970: this->plain, assoc, &this->encrypted);
! 971: free(assoc.ptr);
! 972: return status;
! 973: }
! 974:
! 975: METHOD(encrypted_payload_t, frag_decrypt, status_t,
! 976: private_encrypted_fragment_payload_t *this, chunk_t assoc)
! 977: {
! 978: status_t status;
! 979:
! 980: if (!this->aead)
! 981: {
! 982: DBG1(DBG_ENC, "decrypting encrypted fragment payload failed, "
! 983: "transform missing");
! 984: return INVALID_STATE;
! 985: }
! 986: free(this->plain.ptr);
! 987: assoc = append_header_frag(this, assoc);
! 988: status = decrypt_content("encrypted fragment payload", this->aead,
! 989: this->encrypted, assoc, &this->plain);
! 990: this->plain = chunk_clone(this->plain);
! 991: free(assoc.ptr);
! 992: return status;
! 993: }
! 994:
! 995: METHOD2(payload_t, encrypted_payload_t, frag_destroy, void,
! 996: private_encrypted_fragment_payload_t *this)
! 997: {
! 998: free(this->encrypted.ptr);
! 999: free(this->plain.ptr);
! 1000: free(this);
! 1001: }
! 1002:
! 1003: /*
! 1004: * Described in header
! 1005: */
! 1006: encrypted_fragment_payload_t *encrypted_fragment_payload_create()
! 1007: {
! 1008: private_encrypted_fragment_payload_t *this;
! 1009:
! 1010: INIT(this,
! 1011: .public = {
! 1012: .encrypted = {
! 1013: .payload_interface = {
! 1014: .verify = _frag_verify,
! 1015: .get_encoding_rules = _frag_get_encoding_rules,
! 1016: .get_header_length = _frag_get_header_length,
! 1017: .get_length = _frag_get_length,
! 1018: .get_next_type = _frag_get_next_type,
! 1019: .set_next_type = _frag_set_next_type,
! 1020: .get_type = _frag_get_type,
! 1021: .destroy = _frag_destroy,
! 1022: },
! 1023: .get_length = _frag_get_length,
! 1024: .add_payload = _frag_add_payload,
! 1025: .remove_payload = (void*)return_null,
! 1026: .generate_payloads = nop,
! 1027: .set_transform = _frag_set_transform,
! 1028: .get_transform = _frag_get_transform,
! 1029: .encrypt = _frag_encrypt,
! 1030: .decrypt = _frag_decrypt,
! 1031: .destroy = _frag_destroy,
! 1032: },
! 1033: .get_fragment_number = _get_fragment_number,
! 1034: .get_total_fragments = _get_total_fragments,
! 1035: .get_content = _frag_get_content,
! 1036: },
! 1037: .next_payload = PL_NONE,
! 1038: );
! 1039: this->payload_length = frag_get_header_length(this);
! 1040:
! 1041: return &this->public;
! 1042: }
! 1043:
! 1044: /*
! 1045: * Described in header
! 1046: */
! 1047: encrypted_fragment_payload_t *encrypted_fragment_payload_create_from_data(
! 1048: uint16_t num, uint16_t total, chunk_t plain)
! 1049: {
! 1050: private_encrypted_fragment_payload_t *this;
! 1051:
! 1052: this = (private_encrypted_fragment_payload_t*)encrypted_fragment_payload_create();
! 1053: this->fragment_number = num;
! 1054: this->total_fragments = total;
! 1055: this->plain = chunk_clone(plain);
! 1056:
! 1057: return &this->public;
! 1058: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to encrypted_payload.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libcharon / encoding / payloads