summaryrefslogtreecommitdiffstats
path: root/src/methods
diff options
context:
space:
mode:
Diffstat (limited to 'src/methods')
-rw-r--r--src/methods/cipher_test/cipher_test.c8
-rw-r--r--src/methods/common.c16
-rw-r--r--src/methods/common.h2
-rw-r--r--src/methods/composed_gmac/composed_gmac.c8
-rw-r--r--src/methods/composed_umac/composed_umac.c8
-rw-r--r--src/methods/generic_gmac/generic_gmac.c8
-rw-r--r--src/methods/generic_poly1305/generic_poly1305.c8
-rw-r--r--src/methods/generic_umac/generic_umac.c8
-rw-r--r--src/methods/null/null.c12
-rw-r--r--src/methods/xsalsa20_poly1305/xsalsa20_poly1305.c8
10 files changed, 63 insertions, 23 deletions
diff --git a/src/methods/cipher_test/cipher_test.c b/src/methods/cipher_test/cipher_test.c
index 056aaea..34f0f13 100644
--- a/src/methods/cipher_test/cipher_test.c
+++ b/src/methods/cipher_test/cipher_test.c
@@ -163,7 +163,7 @@ static bool method_encrypt(UNUSED fastd_peer_t *peer, fastd_method_session_state
}
/** Decrypts a packet */
-static bool method_decrypt(fastd_peer_t *peer, fastd_method_session_state_t *session, fastd_buffer_t *out, fastd_buffer_t in) {
+static bool method_decrypt(fastd_peer_t *peer, fastd_method_session_state_t *session, fastd_buffer_t *out, fastd_buffer_t in, bool *reordered) {
if (in.len < COMMON_HEADBYTES)
return false;
@@ -197,7 +197,11 @@ static bool method_decrypt(fastd_peer_t *peer, fastd_method_session_state_t *ses
return false;
}
- if (!fastd_method_reorder_check(peer, &session->common, in_nonce, age)) {
+ fastd_tristate_t reorder_check = fastd_method_reorder_check(peer, &session->common, in_nonce, age);
+ if (reorder_check.set) {
+ *reordered = reorder_check.state;
+ }
+ else {
fastd_buffer_free(*out);
*out = fastd_buffer_alloc(0, 0, 0);
}
diff --git a/src/methods/common.c b/src/methods/common.c
index 51cd6e8..f4f1f9c 100644
--- a/src/methods/common.c
+++ b/src/methods/common.c
@@ -75,8 +75,14 @@ bool fastd_method_is_nonce_valid(const fastd_method_common_t *session, const uin
return true;
}
-/** Checks if a possibly reordered packet should be accepted */
-bool fastd_method_reorder_check(fastd_peer_t *peer, fastd_method_common_t *session, const uint8_t nonce[COMMON_NONCEBYTES], int64_t age) {
+/**
+ Checks if a possibly reordered packet should be accepted
+
+ Returns a tristate: undef if it should not be accepted (duplicate or too old),
+ false if the packet is okay and not reordered and true
+ if it is reordered.
+*/
+fastd_tristate_t fastd_method_reorder_check(fastd_peer_t *peer, fastd_method_common_t *session, const uint8_t nonce[COMMON_NONCEBYTES], int64_t age) {
if (age < 0) {
size_t shift = age < (-64) ? 64 : ((size_t)-age);
@@ -90,15 +96,15 @@ bool fastd_method_reorder_check(fastd_peer_t *peer, fastd_method_common_t *sessi
memcpy(session->receive_nonce, nonce, COMMON_NONCEBYTES);
session->reorder_timeout = ctx.now + REORDER_TIME;
- return true;
+ return fastd_tristate_false;
}
else if (age == 0 || session->receive_reorder_seen & (1 << (age-1))) {
pr_debug("dropping duplicate packet from %P (age %u)", peer, (unsigned)age);
- return false;
+ return fastd_tristate_undef;
}
else {
pr_debug2("accepting reordered packet from %P (age %u)", peer, (unsigned)age);
session->receive_reorder_seen |= (1 << (age-1));
- return true;
+ return fastd_tristate_true;
}
}
diff --git a/src/methods/common.h b/src/methods/common.h
index d200931..3f6223f 100644
--- a/src/methods/common.h
+++ b/src/methods/common.h
@@ -59,7 +59,7 @@ typedef struct fastd_method_common {
void fastd_method_common_init(fastd_method_common_t *session, bool initiator);
bool fastd_method_is_nonce_valid(const fastd_method_common_t *session, const uint8_t nonce[COMMON_NONCEBYTES], int64_t *age);
-bool fastd_method_reorder_check(fastd_peer_t *peer, fastd_method_common_t *session, const uint8_t nonce[COMMON_NONCEBYTES], int64_t age);
+fastd_tristate_t fastd_method_reorder_check(fastd_peer_t *peer, fastd_method_common_t *session, const uint8_t nonce[COMMON_NONCEBYTES], int64_t age);
/**
diff --git a/src/methods/composed_gmac/composed_gmac.c b/src/methods/composed_gmac/composed_gmac.c
index cac24d6..b6506dd 100644
--- a/src/methods/composed_gmac/composed_gmac.c
+++ b/src/methods/composed_gmac/composed_gmac.c
@@ -256,7 +256,7 @@ static bool method_encrypt(UNUSED fastd_peer_t *peer, fastd_method_session_state
}
/** Verifies and decrypts a packet */
-static bool method_decrypt(fastd_peer_t *peer, fastd_method_session_state_t *session, fastd_buffer_t *out, fastd_buffer_t in) {
+static bool method_decrypt(fastd_peer_t *peer, fastd_method_session_state_t *session, fastd_buffer_t *out, fastd_buffer_t in, bool *reordered) {
if (in.len < COMMON_HEADBYTES+sizeof(fastd_block128_t))
return false;
@@ -308,7 +308,11 @@ static bool method_decrypt(fastd_peer_t *peer, fastd_method_session_state_t *ses
fastd_buffer_push_head(out, sizeof(fastd_block128_t));
- if (!fastd_method_reorder_check(peer, &session->common, in_nonce, age)) {
+ fastd_tristate_t reorder_check = fastd_method_reorder_check(peer, &session->common, in_nonce, age);
+ if (reorder_check.set) {
+ *reordered = reorder_check.state;
+ }
+ else {
fastd_buffer_free(*out);
*out = fastd_buffer_alloc(0, 0, 0);
}
diff --git a/src/methods/composed_umac/composed_umac.c b/src/methods/composed_umac/composed_umac.c
index ed8225f..bca52fb 100644
--- a/src/methods/composed_umac/composed_umac.c
+++ b/src/methods/composed_umac/composed_umac.c
@@ -221,7 +221,7 @@ static bool method_encrypt(UNUSED fastd_peer_t *peer, fastd_method_session_state
}
/** Verifies and decrypts a packet */
-static bool method_decrypt(fastd_peer_t *peer, fastd_method_session_state_t *session, fastd_buffer_t *out, fastd_buffer_t in) {
+static bool method_decrypt(fastd_peer_t *peer, fastd_method_session_state_t *session, fastd_buffer_t *out, fastd_buffer_t in, bool *reordered) {
if (in.len < COMMON_HEADBYTES+sizeof(fastd_block128_t))
return false;
@@ -272,7 +272,11 @@ static bool method_decrypt(fastd_peer_t *peer, fastd_method_session_state_t *ses
fastd_buffer_push_head(out, sizeof(fastd_block128_t));
- if (!fastd_method_reorder_check(peer, &session->common, in_nonce, age)) {
+ fastd_tristate_t reorder_check = fastd_method_reorder_check(peer, &session->common, in_nonce, age);
+ if (reorder_check.set) {
+ *reordered = reorder_check.state;
+ }
+ else {
fastd_buffer_free(*out);
*out = fastd_buffer_alloc(0, 0, 0);
}
diff --git a/src/methods/generic_gmac/generic_gmac.c b/src/methods/generic_gmac/generic_gmac.c
index 0e68f7e..c780e94 100644
--- a/src/methods/generic_gmac/generic_gmac.c
+++ b/src/methods/generic_gmac/generic_gmac.c
@@ -222,7 +222,7 @@ static bool method_encrypt(UNUSED fastd_peer_t *peer, fastd_method_session_state
}
/** Verifies and decrypts a packet */
-static bool method_decrypt(fastd_peer_t *peer, fastd_method_session_state_t *session, fastd_buffer_t *out, fastd_buffer_t in) {
+static bool method_decrypt(fastd_peer_t *peer, fastd_method_session_state_t *session, fastd_buffer_t *out, fastd_buffer_t in, bool *reordered) {
if (in.len < COMMON_HEADBYTES+sizeof(fastd_block128_t))
return false;
@@ -270,7 +270,11 @@ static bool method_decrypt(fastd_peer_t *peer, fastd_method_session_state_t *ses
fastd_buffer_push_head(out, sizeof(fastd_block128_t));
- if (!fastd_method_reorder_check(peer, &session->common, in_nonce, age)) {
+ fastd_tristate_t reorder_check = fastd_method_reorder_check(peer, &session->common, in_nonce, age);
+ if (reorder_check.set) {
+ *reordered = reorder_check.state;
+ }
+ else {
fastd_buffer_free(*out);
*out = fastd_buffer_alloc(0, 0, 0);
}
diff --git a/src/methods/generic_poly1305/generic_poly1305.c b/src/methods/generic_poly1305/generic_poly1305.c
index 881ec7f..a12881b 100644
--- a/src/methods/generic_poly1305/generic_poly1305.c
+++ b/src/methods/generic_poly1305/generic_poly1305.c
@@ -181,7 +181,7 @@ static bool method_encrypt(UNUSED fastd_peer_t *peer, fastd_method_session_state
}
/** Verifies and decrypts a packet */
-static bool method_decrypt(fastd_peer_t *peer, fastd_method_session_state_t *session, fastd_buffer_t *out, fastd_buffer_t in) {
+static bool method_decrypt(fastd_peer_t *peer, fastd_method_session_state_t *session, fastd_buffer_t *out, fastd_buffer_t in, bool *reordered) {
if (in.len < COMMON_HEADBYTES+TAGBYTES)
return false;
@@ -235,7 +235,11 @@ static bool method_decrypt(fastd_peer_t *peer, fastd_method_session_state_t *ses
fastd_buffer_push_head(out, KEYBYTES);
- if (!fastd_method_reorder_check(peer, &session->common, in_nonce, age)) {
+ fastd_tristate_t reorder_check = fastd_method_reorder_check(peer, &session->common, in_nonce, age);
+ if (reorder_check.set) {
+ *reordered = reorder_check.state;
+ }
+ else {
fastd_buffer_free(*out);
*out = fastd_buffer_alloc(0, 0, 0);
}
diff --git a/src/methods/generic_umac/generic_umac.c b/src/methods/generic_umac/generic_umac.c
index 3355fdb..fe7aade 100644
--- a/src/methods/generic_umac/generic_umac.c
+++ b/src/methods/generic_umac/generic_umac.c
@@ -187,7 +187,7 @@ static bool method_encrypt(UNUSED fastd_peer_t *peer, fastd_method_session_state
}
/** Verifies and decrypts a packet */
-static bool method_decrypt(fastd_peer_t *peer, fastd_method_session_state_t *session, fastd_buffer_t *out, fastd_buffer_t in) {
+static bool method_decrypt(fastd_peer_t *peer, fastd_method_session_state_t *session, fastd_buffer_t *out, fastd_buffer_t in, bool *reordered) {
if (in.len < COMMON_HEADBYTES+sizeof(fastd_block128_t))
return false;
@@ -233,7 +233,11 @@ static bool method_decrypt(fastd_peer_t *peer, fastd_method_session_state_t *ses
fastd_buffer_push_head(out, sizeof(fastd_block128_t));
- if (!fastd_method_reorder_check(peer, &session->common, in_nonce, age)) {
+ fastd_tristate_t reorder_check = fastd_method_reorder_check(peer, &session->common, in_nonce, age);
+ if (reorder_check.set) {
+ *reordered = reorder_check.state;
+ }
+ else {
fastd_buffer_free(*out);
*out = fastd_buffer_alloc(0, 0, 0);
}
diff --git a/src/methods/null/null.c b/src/methods/null/null.c
index f84cf6c..4897ec2 100644
--- a/src/methods/null/null.c
+++ b/src/methods/null/null.c
@@ -99,7 +99,13 @@ static void method_session_free(fastd_method_session_state_t *session) {
}
/** Just returns the input buffer as the output */
-static bool method_passthrough(UNUSED fastd_peer_t *peer, UNUSED fastd_method_session_state_t *session, fastd_buffer_t *out, fastd_buffer_t in) {
+static bool method_encrypt(UNUSED fastd_peer_t *peer, UNUSED fastd_method_session_state_t *session, fastd_buffer_t *out, fastd_buffer_t in) {
+ *out = in;
+ return true;
+}
+
+/** Just returns the input buffer as the output */
+static bool method_decrypt(UNUSED fastd_peer_t *peer, UNUSED fastd_method_session_state_t *session, fastd_buffer_t *out, fastd_buffer_t in, UNUSED bool *reordered) {
*out = in;
return true;
}
@@ -126,6 +132,6 @@ const fastd_method_provider_t fastd_method_null = {
.session_superseded = method_session_superseded,
.session_free = method_session_free,
- .encrypt = method_passthrough,
- .decrypt = method_passthrough,
+ .encrypt = method_encrypt,
+ .decrypt = method_decrypt,
};
diff --git a/src/methods/xsalsa20_poly1305/xsalsa20_poly1305.c b/src/methods/xsalsa20_poly1305/xsalsa20_poly1305.c
index ee44200..670d09f 100644
--- a/src/methods/xsalsa20_poly1305/xsalsa20_poly1305.c
+++ b/src/methods/xsalsa20_poly1305/xsalsa20_poly1305.c
@@ -167,7 +167,7 @@ static bool method_encrypt(UNUSED fastd_peer_t *peer, fastd_method_session_state
}
/** Performs validation and decryption of a packet */
-static bool method_decrypt(fastd_peer_t *peer, fastd_method_session_state_t *session, fastd_buffer_t *out, fastd_buffer_t in) {
+static bool method_decrypt(fastd_peer_t *peer, fastd_method_session_state_t *session, fastd_buffer_t *out, fastd_buffer_t in, bool *reordered) {
if (in.len < COMMON_HEADBYTES)
return false;
@@ -201,7 +201,11 @@ static bool method_decrypt(fastd_peer_t *peer, fastd_method_session_state_t *ses
fastd_buffer_free(in);
- if (!fastd_method_reorder_check(peer, &session->common, in_nonce, age)) {
+ fastd_tristate_t reorder_check = fastd_method_reorder_check(peer, &session->common, in_nonce, age);
+ if (reorder_check.set) {
+ *reordered = reorder_check.state;
+ }
+ else {
fastd_buffer_free(*out);
*out = fastd_buffer_alloc(crypto_secretbox_xsalsa20poly1305_ZEROBYTES, 0, 0);
}