diff options
Diffstat (limited to 'src/methods')
-rw-r--r-- | src/methods/cipher_test/cipher_test.c | 8 | ||||
-rw-r--r-- | src/methods/common.c | 16 | ||||
-rw-r--r-- | src/methods/common.h | 2 | ||||
-rw-r--r-- | src/methods/composed_gmac/composed_gmac.c | 8 | ||||
-rw-r--r-- | src/methods/composed_umac/composed_umac.c | 8 | ||||
-rw-r--r-- | src/methods/generic_gmac/generic_gmac.c | 8 | ||||
-rw-r--r-- | src/methods/generic_poly1305/generic_poly1305.c | 8 | ||||
-rw-r--r-- | src/methods/generic_umac/generic_umac.c | 8 | ||||
-rw-r--r-- | src/methods/null/null.c | 12 | ||||
-rw-r--r-- | src/methods/xsalsa20_poly1305/xsalsa20_poly1305.c | 8 |
10 files changed, 63 insertions, 23 deletions
diff --git a/src/methods/cipher_test/cipher_test.c b/src/methods/cipher_test/cipher_test.c index 056aaea..34f0f13 100644 --- a/src/methods/cipher_test/cipher_test.c +++ b/src/methods/cipher_test/cipher_test.c @@ -163,7 +163,7 @@ static bool method_encrypt(UNUSED fastd_peer_t *peer, fastd_method_session_state } /** Decrypts a packet */ -static bool method_decrypt(fastd_peer_t *peer, fastd_method_session_state_t *session, fastd_buffer_t *out, fastd_buffer_t in) { +static bool method_decrypt(fastd_peer_t *peer, fastd_method_session_state_t *session, fastd_buffer_t *out, fastd_buffer_t in, bool *reordered) { if (in.len < COMMON_HEADBYTES) return false; @@ -197,7 +197,11 @@ static bool method_decrypt(fastd_peer_t *peer, fastd_method_session_state_t *ses return false; } - if (!fastd_method_reorder_check(peer, &session->common, in_nonce, age)) { + fastd_tristate_t reorder_check = fastd_method_reorder_check(peer, &session->common, in_nonce, age); + if (reorder_check.set) { + *reordered = reorder_check.state; + } + else { fastd_buffer_free(*out); *out = fastd_buffer_alloc(0, 0, 0); } diff --git a/src/methods/common.c b/src/methods/common.c index 51cd6e8..f4f1f9c 100644 --- a/src/methods/common.c +++ b/src/methods/common.c @@ -75,8 +75,14 @@ bool fastd_method_is_nonce_valid(const fastd_method_common_t *session, const uin return true; } -/** Checks if a possibly reordered packet should be accepted */ -bool fastd_method_reorder_check(fastd_peer_t *peer, fastd_method_common_t *session, const uint8_t nonce[COMMON_NONCEBYTES], int64_t age) { +/** + Checks if a possibly reordered packet should be accepted + + Returns a tristate: undef if it should not be accepted (duplicate or too old), + false if the packet is okay and not reordered and true + if it is reordered. +*/ +fastd_tristate_t fastd_method_reorder_check(fastd_peer_t *peer, fastd_method_common_t *session, const uint8_t nonce[COMMON_NONCEBYTES], int64_t age) { if (age < 0) { size_t shift = age < (-64) ? 64 : ((size_t)-age); @@ -90,15 +96,15 @@ bool fastd_method_reorder_check(fastd_peer_t *peer, fastd_method_common_t *sessi memcpy(session->receive_nonce, nonce, COMMON_NONCEBYTES); session->reorder_timeout = ctx.now + REORDER_TIME; - return true; + return fastd_tristate_false; } else if (age == 0 || session->receive_reorder_seen & (1 << (age-1))) { pr_debug("dropping duplicate packet from %P (age %u)", peer, (unsigned)age); - return false; + return fastd_tristate_undef; } else { pr_debug2("accepting reordered packet from %P (age %u)", peer, (unsigned)age); session->receive_reorder_seen |= (1 << (age-1)); - return true; + return fastd_tristate_true; } } diff --git a/src/methods/common.h b/src/methods/common.h index d200931..3f6223f 100644 --- a/src/methods/common.h +++ b/src/methods/common.h @@ -59,7 +59,7 @@ typedef struct fastd_method_common { void fastd_method_common_init(fastd_method_common_t *session, bool initiator); bool fastd_method_is_nonce_valid(const fastd_method_common_t *session, const uint8_t nonce[COMMON_NONCEBYTES], int64_t *age); -bool fastd_method_reorder_check(fastd_peer_t *peer, fastd_method_common_t *session, const uint8_t nonce[COMMON_NONCEBYTES], int64_t age); +fastd_tristate_t fastd_method_reorder_check(fastd_peer_t *peer, fastd_method_common_t *session, const uint8_t nonce[COMMON_NONCEBYTES], int64_t age); /** diff --git a/src/methods/composed_gmac/composed_gmac.c b/src/methods/composed_gmac/composed_gmac.c index cac24d6..b6506dd 100644 --- a/src/methods/composed_gmac/composed_gmac.c +++ b/src/methods/composed_gmac/composed_gmac.c @@ -256,7 +256,7 @@ static bool method_encrypt(UNUSED fastd_peer_t *peer, fastd_method_session_state } /** Verifies and decrypts a packet */ -static bool method_decrypt(fastd_peer_t *peer, fastd_method_session_state_t *session, fastd_buffer_t *out, fastd_buffer_t in) { +static bool method_decrypt(fastd_peer_t *peer, fastd_method_session_state_t *session, fastd_buffer_t *out, fastd_buffer_t in, bool *reordered) { if (in.len < COMMON_HEADBYTES+sizeof(fastd_block128_t)) return false; @@ -308,7 +308,11 @@ static bool method_decrypt(fastd_peer_t *peer, fastd_method_session_state_t *ses fastd_buffer_push_head(out, sizeof(fastd_block128_t)); - if (!fastd_method_reorder_check(peer, &session->common, in_nonce, age)) { + fastd_tristate_t reorder_check = fastd_method_reorder_check(peer, &session->common, in_nonce, age); + if (reorder_check.set) { + *reordered = reorder_check.state; + } + else { fastd_buffer_free(*out); *out = fastd_buffer_alloc(0, 0, 0); } diff --git a/src/methods/composed_umac/composed_umac.c b/src/methods/composed_umac/composed_umac.c index ed8225f..bca52fb 100644 --- a/src/methods/composed_umac/composed_umac.c +++ b/src/methods/composed_umac/composed_umac.c @@ -221,7 +221,7 @@ static bool method_encrypt(UNUSED fastd_peer_t *peer, fastd_method_session_state } /** Verifies and decrypts a packet */ -static bool method_decrypt(fastd_peer_t *peer, fastd_method_session_state_t *session, fastd_buffer_t *out, fastd_buffer_t in) { +static bool method_decrypt(fastd_peer_t *peer, fastd_method_session_state_t *session, fastd_buffer_t *out, fastd_buffer_t in, bool *reordered) { if (in.len < COMMON_HEADBYTES+sizeof(fastd_block128_t)) return false; @@ -272,7 +272,11 @@ static bool method_decrypt(fastd_peer_t *peer, fastd_method_session_state_t *ses fastd_buffer_push_head(out, sizeof(fastd_block128_t)); - if (!fastd_method_reorder_check(peer, &session->common, in_nonce, age)) { + fastd_tristate_t reorder_check = fastd_method_reorder_check(peer, &session->common, in_nonce, age); + if (reorder_check.set) { + *reordered = reorder_check.state; + } + else { fastd_buffer_free(*out); *out = fastd_buffer_alloc(0, 0, 0); } diff --git a/src/methods/generic_gmac/generic_gmac.c b/src/methods/generic_gmac/generic_gmac.c index 0e68f7e..c780e94 100644 --- a/src/methods/generic_gmac/generic_gmac.c +++ b/src/methods/generic_gmac/generic_gmac.c @@ -222,7 +222,7 @@ static bool method_encrypt(UNUSED fastd_peer_t *peer, fastd_method_session_state } /** Verifies and decrypts a packet */ -static bool method_decrypt(fastd_peer_t *peer, fastd_method_session_state_t *session, fastd_buffer_t *out, fastd_buffer_t in) { +static bool method_decrypt(fastd_peer_t *peer, fastd_method_session_state_t *session, fastd_buffer_t *out, fastd_buffer_t in, bool *reordered) { if (in.len < COMMON_HEADBYTES+sizeof(fastd_block128_t)) return false; @@ -270,7 +270,11 @@ static bool method_decrypt(fastd_peer_t *peer, fastd_method_session_state_t *ses fastd_buffer_push_head(out, sizeof(fastd_block128_t)); - if (!fastd_method_reorder_check(peer, &session->common, in_nonce, age)) { + fastd_tristate_t reorder_check = fastd_method_reorder_check(peer, &session->common, in_nonce, age); + if (reorder_check.set) { + *reordered = reorder_check.state; + } + else { fastd_buffer_free(*out); *out = fastd_buffer_alloc(0, 0, 0); } diff --git a/src/methods/generic_poly1305/generic_poly1305.c b/src/methods/generic_poly1305/generic_poly1305.c index 881ec7f..a12881b 100644 --- a/src/methods/generic_poly1305/generic_poly1305.c +++ b/src/methods/generic_poly1305/generic_poly1305.c @@ -181,7 +181,7 @@ static bool method_encrypt(UNUSED fastd_peer_t *peer, fastd_method_session_state } /** Verifies and decrypts a packet */ -static bool method_decrypt(fastd_peer_t *peer, fastd_method_session_state_t *session, fastd_buffer_t *out, fastd_buffer_t in) { +static bool method_decrypt(fastd_peer_t *peer, fastd_method_session_state_t *session, fastd_buffer_t *out, fastd_buffer_t in, bool *reordered) { if (in.len < COMMON_HEADBYTES+TAGBYTES) return false; @@ -235,7 +235,11 @@ static bool method_decrypt(fastd_peer_t *peer, fastd_method_session_state_t *ses fastd_buffer_push_head(out, KEYBYTES); - if (!fastd_method_reorder_check(peer, &session->common, in_nonce, age)) { + fastd_tristate_t reorder_check = fastd_method_reorder_check(peer, &session->common, in_nonce, age); + if (reorder_check.set) { + *reordered = reorder_check.state; + } + else { fastd_buffer_free(*out); *out = fastd_buffer_alloc(0, 0, 0); } diff --git a/src/methods/generic_umac/generic_umac.c b/src/methods/generic_umac/generic_umac.c index 3355fdb..fe7aade 100644 --- a/src/methods/generic_umac/generic_umac.c +++ b/src/methods/generic_umac/generic_umac.c @@ -187,7 +187,7 @@ static bool method_encrypt(UNUSED fastd_peer_t *peer, fastd_method_session_state } /** Verifies and decrypts a packet */ -static bool method_decrypt(fastd_peer_t *peer, fastd_method_session_state_t *session, fastd_buffer_t *out, fastd_buffer_t in) { +static bool method_decrypt(fastd_peer_t *peer, fastd_method_session_state_t *session, fastd_buffer_t *out, fastd_buffer_t in, bool *reordered) { if (in.len < COMMON_HEADBYTES+sizeof(fastd_block128_t)) return false; @@ -233,7 +233,11 @@ static bool method_decrypt(fastd_peer_t *peer, fastd_method_session_state_t *ses fastd_buffer_push_head(out, sizeof(fastd_block128_t)); - if (!fastd_method_reorder_check(peer, &session->common, in_nonce, age)) { + fastd_tristate_t reorder_check = fastd_method_reorder_check(peer, &session->common, in_nonce, age); + if (reorder_check.set) { + *reordered = reorder_check.state; + } + else { fastd_buffer_free(*out); *out = fastd_buffer_alloc(0, 0, 0); } diff --git a/src/methods/null/null.c b/src/methods/null/null.c index f84cf6c..4897ec2 100644 --- a/src/methods/null/null.c +++ b/src/methods/null/null.c @@ -99,7 +99,13 @@ static void method_session_free(fastd_method_session_state_t *session) { } /** Just returns the input buffer as the output */ -static bool method_passthrough(UNUSED fastd_peer_t *peer, UNUSED fastd_method_session_state_t *session, fastd_buffer_t *out, fastd_buffer_t in) { +static bool method_encrypt(UNUSED fastd_peer_t *peer, UNUSED fastd_method_session_state_t *session, fastd_buffer_t *out, fastd_buffer_t in) { + *out = in; + return true; +} + +/** Just returns the input buffer as the output */ +static bool method_decrypt(UNUSED fastd_peer_t *peer, UNUSED fastd_method_session_state_t *session, fastd_buffer_t *out, fastd_buffer_t in, UNUSED bool *reordered) { *out = in; return true; } @@ -126,6 +132,6 @@ const fastd_method_provider_t fastd_method_null = { .session_superseded = method_session_superseded, .session_free = method_session_free, - .encrypt = method_passthrough, - .decrypt = method_passthrough, + .encrypt = method_encrypt, + .decrypt = method_decrypt, }; diff --git a/src/methods/xsalsa20_poly1305/xsalsa20_poly1305.c b/src/methods/xsalsa20_poly1305/xsalsa20_poly1305.c index ee44200..670d09f 100644 --- a/src/methods/xsalsa20_poly1305/xsalsa20_poly1305.c +++ b/src/methods/xsalsa20_poly1305/xsalsa20_poly1305.c @@ -167,7 +167,7 @@ static bool method_encrypt(UNUSED fastd_peer_t *peer, fastd_method_session_state } /** Performs validation and decryption of a packet */ -static bool method_decrypt(fastd_peer_t *peer, fastd_method_session_state_t *session, fastd_buffer_t *out, fastd_buffer_t in) { +static bool method_decrypt(fastd_peer_t *peer, fastd_method_session_state_t *session, fastd_buffer_t *out, fastd_buffer_t in, bool *reordered) { if (in.len < COMMON_HEADBYTES) return false; @@ -201,7 +201,11 @@ static bool method_decrypt(fastd_peer_t *peer, fastd_method_session_state_t *ses fastd_buffer_free(in); - if (!fastd_method_reorder_check(peer, &session->common, in_nonce, age)) { + fastd_tristate_t reorder_check = fastd_method_reorder_check(peer, &session->common, in_nonce, age); + if (reorder_check.set) { + *reordered = reorder_check.state; + } + else { fastd_buffer_free(*out); *out = fastd_buffer_alloc(crypto_secretbox_xsalsa20poly1305_ZEROBYTES, 0, 0); } |