void
test_crypto (const struct crypto_options *co, struct frame* frame)
{
int i, j;
struct gc_arena gc = gc_new ();
struct buffer src = alloc_buf_gc (TUN_MTU_SIZE (frame), &gc);
struct buffer work = alloc_buf_gc (BUF_SIZE (frame), &gc);
struct buffer encrypt_workspace = alloc_buf_gc (BUF_SIZE (frame), &gc);
struct buffer decrypt_workspace = alloc_buf_gc (BUF_SIZE (frame), &gc);
struct buffer buf = clear_buf();
/* init work */
ASSERT (buf_init (&work, FRAME_HEADROOM (frame)));
msg (M_INFO, "Entering " PACKAGE_NAME " crypto self-test mode.");
for (i = 1; i <= TUN_MTU_SIZE (frame); ++i)
{
update_time ();
msg (M_INFO, "TESTING ENCRYPT/DECRYPT of packet length=%d", i);
/*
* Load src with random data.
*/
ASSERT (buf_init (&src, 0));
ASSERT (i <= src.capacity);
src.len = i;
ASSERT (rand_bytes (BPTR (&src), BLEN (&src)));
/* copy source to input buf */
buf = work;
memcpy (buf_write_alloc (&buf, BLEN (&src)), BPTR (&src), BLEN (&src));
/* encrypt */
openvpn_encrypt (&buf, encrypt_workspace, co, frame);
/* decrypt */
openvpn_decrypt (&buf, decrypt_workspace, co, frame);
/* compare */
if (buf.len != src.len)
msg (M_FATAL, "SELF TEST FAILED, src.len=%d buf.len=%d", src.len, buf.len);
for (j = 0; j < i; ++j)
{
const uint8_t in = *(BPTR (&src) + j);
const uint8_t out = *(BPTR (&buf) + j);
if (in != out)
msg (M_FATAL, "SELF TEST FAILED, pos=%d in=%d out=%d", j, in, out);
}
}
msg (M_INFO, PACKAGE_NAME " crypto self-test mode SUCCEEDED.");
gc_free (&gc);
}
void
read_incoming_tun (struct context *c)
{
/*
* Setup for read() call on TUN/TAP device.
*/
/*ASSERT (!c->c2.to_link.len);*/
perf_push (PERF_READ_IN_TUN);
c->c2.buf = c->c2.buffers->read_tun_buf;
#ifdef TUN_PASS_BUFFER
read_tun_buffered (c->c1.tuntap, &c->c2.buf, MAX_RW_SIZE_TUN (&c->c2.frame));
#else
ASSERT (buf_init (&c->c2.buf, FRAME_HEADROOM (&c->c2.frame)));
ASSERT (buf_safe (&c->c2.buf, MAX_RW_SIZE_TUN (&c->c2.frame)));
c->c2.buf.len = read_tun (c->c1.tuntap, BPTR (&c->c2.buf), MAX_RW_SIZE_TUN (&c->c2.frame));
#endif
#ifdef PACKET_TRUNCATION_CHECK
ipv4_packet_size_verify (BPTR (&c->c2.buf),
BLEN (&c->c2.buf),
TUNNEL_TYPE (c->c1.tuntap),
"READ_TUN",
&c->c2.n_trunc_tun_read);
#endif
/* Was TUN/TAP interface stopped? */
if (tuntap_stop (c->c2.buf.len))
{
register_signal (c, SIGTERM, "tun-stop");
msg (M_INFO, "TUN/TAP interface has been stopped, exiting");
perf_pop ();
return;
}
/* Was TUN/TAP I/O operation aborted? */
if (tuntap_abort(c->c2.buf.len))
{
register_signal(c, SIGHUP, "tun-abort");
c->persist.restart_sleep_seconds = 10;
msg(M_INFO, "TUN/TAP I/O operation aborted, restarting");
perf_pop();
return;
}
/* Check the status return from read() */
check_status (c->c2.buf.len, "read from TUN/TAP", NULL, c->c1.tuntap);
perf_pop ();
}
static void
lzo_decompress(struct buffer *buf, struct buffer work,
struct compress_context *compctx,
const struct frame *frame)
{
lzo_uint zlen = EXPANDED_SIZE(frame);
int err;
uint8_t c; /* flag indicating whether or not our peer compressed */
if (buf->len <= 0)
{
return;
}
ASSERT(buf_init(&work, FRAME_HEADROOM(frame)));
c = *BPTR(buf);
ASSERT(buf_advance(buf, 1));
if (c == LZO_COMPRESS_BYTE) /* packet was compressed */
{
ASSERT(buf_safe(&work, zlen));
err = LZO_DECOMPRESS(BPTR(buf), BLEN(buf), BPTR(&work), &zlen,
compctx->wu.lzo.wmem);
if (err != LZO_E_OK)
{
dmsg(D_COMP_ERRORS, "LZO decompression error: %d", err);
buf->len = 0;
return;
}
ASSERT(buf_safe(&work, zlen));
work.len = zlen;
dmsg(D_COMP, "LZO decompress %d -> %d", buf->len, work.len);
compctx->pre_decompress += buf->len;
compctx->post_decompress += work.len;
*buf = work;
}
else if (c == NO_COMPRESS_BYTE) /* packet was not compressed */
{
}
else
{
dmsg(D_COMP_ERRORS, "Bad LZO decompression header byte: %d", c);
buf->len = 0;
}
}
static void
lz4v2_decompress(struct buffer *buf, struct buffer work,
struct compress_context *compctx,
const struct frame *frame)
{
size_t zlen_max = EXPANDED_SIZE(frame);
uint8_t c; /* flag indicating whether or not our peer compressed */
if (buf->len <= 0)
{
return;
}
ASSERT(buf_init(&work, FRAME_HEADROOM(frame)));
/* do unframing/swap (assumes buf->len > 0) */
uint8_t *head = BPTR(buf);
c = *head;
/* Not compressed */
if (c != COMP_ALGV2_INDICATOR_BYTE)
{
return;
}
/* Packet to short to make sense */
if (buf->len <= 1)
{
buf->len = 0;
return;
}
c = head[1];
if (c == COMP_ALGV2_LZ4_BYTE) /* packet was compressed */
{
buf_advance(buf,2);
do_lz4_decompress(zlen_max, &work, buf, compctx);
}
else if (c == COMP_ALGV2_UNCOMPRESSED_BYTE)
{
buf_advance(buf,2);
}
else
{
dmsg(D_COMP_ERRORS, "Bad LZ4v2 decompression header byte: %d", c);
buf->len = 0;
}
}
static bool
do_lz4_compress(struct buffer *buf,
struct buffer *work,
struct compress_context *compctx,
const struct frame *frame)
{
/*
* In order to attempt compression, length must be at least COMPRESS_THRESHOLD.
*/
if (buf->len >= COMPRESS_THRESHOLD)
{
const size_t ps = PAYLOAD_SIZE(frame);
int zlen_max = ps + COMP_EXTRA_BUFFER(ps);
int zlen;
ASSERT(buf_init(work, FRAME_HEADROOM(frame)));
ASSERT(buf_safe(work, zlen_max));
if (buf->len > ps)
{
dmsg(D_COMP_ERRORS, "LZ4 compression buffer overflow");
buf->len = 0;
return false;
}
zlen = LZ4_compress_limitedOutput((const char *)BPTR(buf), (char *)BPTR(work), BLEN(buf), zlen_max );
if (zlen <= 0)
{
dmsg(D_COMP_ERRORS, "LZ4 compression error");
buf->len = 0;
return false;
}
ASSERT(buf_safe(work, zlen));
work->len = zlen;
dmsg(D_COMP, "LZ4 compress %d -> %d", buf->len, work->len);
compctx->pre_compress += buf->len;
compctx->post_compress += work->len;
return true;
}
return false;
}
static void
lz4_decompress(struct buffer *buf, struct buffer work,
struct compress_context *compctx,
const struct frame *frame)
{
size_t zlen_max = EXPANDED_SIZE(frame);
uint8_t c; /* flag indicating whether or not our peer compressed */
if (buf->len <= 0)
{
return;
}
ASSERT(buf_init(&work, FRAME_HEADROOM(frame)));
/* do unframing/swap (assumes buf->len > 0) */
{
uint8_t *head = BPTR(buf);
c = *head;
--buf->len;
*head = *BEND(buf);
}
if (c == LZ4_COMPRESS_BYTE) /* packet was compressed */
{
do_lz4_decompress(zlen_max, &work, buf, compctx);
}
else if (c == NO_COMPRESS_BYTE_SWAP) /* packet was not compressed */
{
}
else
{
dmsg(D_COMP_ERRORS, "Bad LZ4 decompression header byte: %d", c);
buf->len = 0;
}
}
static void
lzo_compress(struct buffer *buf, struct buffer work,
struct compress_context *compctx,
const struct frame *frame)
{
lzo_uint zlen = 0;
int err;
bool compressed = false;
if (buf->len <= 0)
{
return;
}
/*
* In order to attempt compression, length must be at least COMPRESS_THRESHOLD,
* and our adaptive level must give the OK.
*/
if (buf->len >= COMPRESS_THRESHOLD && lzo_compression_enabled(compctx))
{
const size_t ps = PAYLOAD_SIZE(frame);
ASSERT(buf_init(&work, FRAME_HEADROOM(frame)));
ASSERT(buf_safe(&work, ps + COMP_EXTRA_BUFFER(ps)));
if (buf->len > ps)
{
dmsg(D_COMP_ERRORS, "LZO compression buffer overflow");
buf->len = 0;
return;
}
err = LZO_COMPRESS(BPTR(buf), BLEN(buf), BPTR(&work), &zlen, compctx->wu.lzo.wmem);
if (err != LZO_E_OK)
{
dmsg(D_COMP_ERRORS, "LZO compression error: %d", err);
buf->len = 0;
return;
}
ASSERT(buf_safe(&work, zlen));
work.len = zlen;
compressed = true;
dmsg(D_COMP, "LZO compress %d -> %d", buf->len, work.len);
compctx->pre_compress += buf->len;
compctx->post_compress += work.len;
/* tell adaptive level about our success or lack thereof in getting any size reduction */
if (compctx->flags & COMP_F_ADAPTIVE)
{
lzo_adaptive_compress_data(&compctx->wu.lzo.ac, buf->len, work.len);
}
}
/* did compression save us anything ? */
if (compressed && work.len < buf->len)
{
uint8_t *header = buf_prepend(&work, 1);
*header = LZO_COMPRESS_BYTE;
*buf = work;
}
else
{
uint8_t *header = buf_prepend(buf, 1);
*header = NO_COMPRESS_BYTE;
}
}
void
openvpn_encrypt (struct buffer *buf, struct buffer work,
const struct crypto_options *opt,
const struct frame* frame)
{
struct gc_arena gc;
gc_init (&gc);
if (buf->len > 0 && opt->key_ctx_bi)
{
struct key_ctx *ctx = &opt->key_ctx_bi->encrypt;
/* Do Encrypt from buf -> work */
if (ctx->cipher)
{
uint8_t iv_buf[OPENVPN_MAX_IV_LENGTH];
const int iv_size = cipher_ctx_iv_length (ctx->cipher);
const cipher_kt_t *cipher_kt = cipher_ctx_get_cipher_kt (ctx->cipher);
int outlen;
if (cipher_kt_mode_cbc(cipher_kt))
{
CLEAR (iv_buf);
/* generate pseudo-random IV */
if (opt->flags & CO_USE_IV)
prng_bytes (iv_buf, iv_size);
/* Put packet ID in plaintext buffer or IV, depending on cipher mode */
if (opt->packet_id)
{
struct packet_id_net pin;
packet_id_alloc_outgoing (&opt->packet_id->send, &pin, BOOL_CAST (opt->flags & CO_PACKET_ID_LONG_FORM));
ASSERT (packet_id_write (&pin, buf, BOOL_CAST (opt->flags & CO_PACKET_ID_LONG_FORM), true));
}
}
else if (cipher_kt_mode_ofb_cfb(cipher_kt))
{
struct packet_id_net pin;
struct buffer b;
ASSERT (opt->flags & CO_USE_IV); /* IV and packet-ID required */
ASSERT (opt->packet_id); /* for this mode. */
packet_id_alloc_outgoing (&opt->packet_id->send, &pin, true);
memset (iv_buf, 0, iv_size);
buf_set_write (&b, iv_buf, iv_size);
ASSERT (packet_id_write (&pin, &b, true, false));
}
else /* We only support CBC, CFB, or OFB modes right now */
{
ASSERT (0);
}
/* initialize work buffer with FRAME_HEADROOM bytes of prepend capacity */
ASSERT (buf_init (&work, FRAME_HEADROOM (frame)));
/* set the IV pseudo-randomly */
if (opt->flags & CO_USE_IV)
dmsg (D_PACKET_CONTENT, "ENCRYPT IV: %s", format_hex (iv_buf, iv_size, 0, &gc));
dmsg (D_PACKET_CONTENT, "ENCRYPT FROM: %s",
format_hex (BPTR (buf), BLEN (buf), 80, &gc));
/* cipher_ctx was already initialized with key & keylen */
ASSERT (cipher_ctx_reset(ctx->cipher, iv_buf));
/* Buffer overflow check */
if (!buf_safe (&work, buf->len + cipher_ctx_block_size(ctx->cipher)))
{
msg (D_CRYPT_ERRORS, "ENCRYPT: buffer size error, bc=%d bo=%d bl=%d wc=%d wo=%d wl=%d cbs=%d",
buf->capacity,
buf->offset,
buf->len,
work.capacity,
work.offset,
work.len,
cipher_ctx_block_size (ctx->cipher));
goto err;
}
/* Encrypt packet ID, payload */
ASSERT (cipher_ctx_update (ctx->cipher, BPTR (&work), &outlen, BPTR (buf), BLEN (buf)));
ASSERT (buf_inc_len(&work, outlen));
/* Flush the encryption buffer */
ASSERT (cipher_ctx_final(ctx->cipher, BPTR (&work) + outlen, &outlen));
ASSERT (buf_inc_len(&work, outlen));
/* For all CBC mode ciphers, check the last block is complete */
ASSERT (cipher_kt_mode (cipher_kt) != OPENVPN_MODE_CBC ||
outlen == iv_size);
/* prepend the IV to the ciphertext */
if (opt->flags & CO_USE_IV)
{
uint8_t *output = buf_prepend (&work, iv_size);
ASSERT (output);
memcpy (output, iv_buf, iv_size);
}
dmsg (D_PACKET_CONTENT, "ENCRYPT TO: %s",
format_hex (BPTR (&work), BLEN (&work), 80, &gc));
}
else /* No Encryption */
{
if (opt->packet_id)
{
struct packet_id_net pin;
packet_id_alloc_outgoing (&opt->packet_id->send, &pin, BOOL_CAST (opt->flags & CO_PACKET_ID_LONG_FORM));
ASSERT (packet_id_write (&pin, buf, BOOL_CAST (opt->flags & CO_PACKET_ID_LONG_FORM), true));
}
work = *buf;
}
/* HMAC the ciphertext (or plaintext if !cipher) */
if (ctx->hmac)
{
uint8_t *output = NULL;
hmac_ctx_reset (ctx->hmac);
hmac_ctx_update (ctx->hmac, BPTR(&work), BLEN(&work));
output = buf_prepend (&work, hmac_ctx_size(ctx->hmac));
ASSERT (output);
hmac_ctx_final (ctx->hmac, output);
}
*buf = work;
}
gc_free (&gc);
return;
err:
crypto_clear_error();
buf->len = 0;
gc_free (&gc);
return;
}
void
check_send_occ_msg_dowork (struct context *c)
{
bool doit = false;
c->c2.buf = c->c2.buffers->aux_buf;
ASSERT (buf_init (&c->c2.buf, FRAME_HEADROOM (&c->c2.frame)));
ASSERT (buf_safe (&c->c2.buf, MAX_RW_SIZE_TUN (&c->c2.frame)));
ASSERT (buf_write (&c->c2.buf, occ_magic, OCC_STRING_SIZE));
switch (c->c2.occ_op)
{
case OCC_REQUEST:
if (!buf_write_u8 (&c->c2.buf, OCC_REQUEST))
break;
dmsg (D_PACKET_CONTENT, "SENT OCC_REQUEST");
doit = true;
break;
case OCC_REPLY:
if (!c->c2.options_string_local)
break;
if (!buf_write_u8 (&c->c2.buf, OCC_REPLY))
break;
if (!buf_write (&c->c2.buf, c->c2.options_string_local,
strlen (c->c2.options_string_local) + 1))
break;
dmsg (D_PACKET_CONTENT, "SENT OCC_REPLY");
doit = true;
break;
case OCC_MTU_REQUEST:
if (!buf_write_u8 (&c->c2.buf, OCC_MTU_REQUEST))
break;
dmsg (D_PACKET_CONTENT, "SENT OCC_MTU_REQUEST");
doit = true;
break;
case OCC_MTU_REPLY:
if (!buf_write_u8 (&c->c2.buf, OCC_MTU_REPLY))
break;
if (!buf_write_u16 (&c->c2.buf, c->c2.max_recv_size_local))
break;
if (!buf_write_u16 (&c->c2.buf, c->c2.max_send_size_local))
break;
dmsg (D_PACKET_CONTENT, "SENT OCC_MTU_REPLY");
doit = true;
break;
case OCC_MTU_LOAD_REQUEST:
if (!buf_write_u8 (&c->c2.buf, OCC_MTU_LOAD_REQUEST))
break;
if (!buf_write_u16 (&c->c2.buf, c->c2.occ_mtu_load_size))
break;
dmsg (D_PACKET_CONTENT, "SENT OCC_MTU_LOAD_REQUEST");
doit = true;
break;
case OCC_MTU_LOAD:
{
int need_to_add;
if (!buf_write_u8 (&c->c2.buf, OCC_MTU_LOAD))
break;
need_to_add = min_int (c->c2.occ_mtu_load_size, EXPANDED_SIZE (&c->c2.frame))
- OCC_STRING_SIZE
- sizeof (uint8_t)
- EXTRA_FRAME (&c->c2.frame);
while (need_to_add > 0)
{
/*
* Fill the load test packet with pseudo-random bytes.
*/
if (!buf_write_u8 (&c->c2.buf, get_random () & 0xFF))
break;
--need_to_add;
}
dmsg (D_PACKET_CONTENT, "SENT OCC_MTU_LOAD min_int(%d-%d-%d-%d,%d) size=%d",
c->c2.occ_mtu_load_size,
OCC_STRING_SIZE,
(int) sizeof (uint8_t),
EXTRA_FRAME (&c->c2.frame),
MAX_RW_SIZE_TUN (&c->c2.frame),
BLEN (&c->c2.buf));
doit = true;
}
break;
case OCC_EXIT:
if (!buf_write_u8 (&c->c2.buf, OCC_EXIT))
break;
dmsg (D_PACKET_CONTENT, "SENT OCC_EXIT");
doit = true;
break;
}
if (doit)
{
/*
* We will treat the packet like any other outgoing packet,
* compress, encrypt, sign, etc.
*/
encrypt_sign (c, true);
}
c->c2.occ_op = -1;
}
/*
* Should we ping the remote?
*/
void
check_ping_send_dowork (struct context *c)
{
c->c2.buf = c->c2.buffers->aux_buf;
ASSERT (buf_init (&c->c2.buf, FRAME_HEADROOM (&c->c2.frame)));
ASSERT (buf_safe (&c->c2.buf, MAX_RW_SIZE_TUN (&c->c2.frame)));
ASSERT (buf_write (&c->c2.buf, ping_string, sizeof (ping_string)));
/*
* We will treat the ping like any other outgoing packet,
* encrypt, sign, etc.
*/
encrypt_sign (c, true);
dmsg (D_PING, "SENT PING");
}
