int decode_SNM_hdr( snm_hdr_t *hdr,
const uint8_t *base,
size_t *rem,
size_t *idx )
{
int retval = 0;
retval += decode_uint8(&hdr->type, base, rem, idx);
retval += decode_uint8(&hdr->flags, base, rem, idx);
retval += decode_uint16(&hdr->seq_num, base, rem, idx);
return retval;
}
/** The twofish packet format consists of:
*
* - a 8-bit twofish encoding version in clear text
* - a 32-bit SA number in clear text
* - ciphertext encrypted from a 32-bit nonce followed by the payload.
*
* [V|SSSS|nnnnDDDDDDDDDDDDDDDDDDDDD]
* |<------ encrypted ------>|
*/
static int transop_decode_twofish( ntvl_trans_op_t * arg,
uint8_t * outbuf,
size_t out_len,
const uint8_t * inbuf,
size_t in_len ) {
int len=0;
transop_tf_t * priv = (transop_tf_t *)arg->priv;
uint8_t assembly[NTVL_PKT_BUF_SIZE];
if ( ( (in_len - (TRANSOP_TF_VER_SIZE + TRANSOP_TF_SA_SIZE)) <= NTVL_PKT_BUF_SIZE ) /* Cipher text fits in assembly */
&& (in_len >= (TRANSOP_TF_VER_SIZE + TRANSOP_TF_SA_SIZE + TRANSOP_TF_NONCE_SIZE) ) ) { /* Has at least version, SA and nonce */
ntvl_sa_t sa_rx;
ssize_t sa_idx=-1;
size_t rem=in_len;
size_t idx=0;
uint8_t tf_enc_ver=0;
/* Get the encoding version to make sure it is supported */
decode_uint8( &tf_enc_ver, inbuf, &rem, &idx );
if ( NTVL_TWOFISH_TRANSFORM_VERSION == tf_enc_ver ) {
/* Get the SA number and make sure we are decrypting with the right one. */
decode_uint32( &sa_rx, inbuf, &rem, &idx );
sa_idx = twofish_find_sa(priv, sa_rx);
if ( sa_idx >= 0 ) {
sa_twofish_t * sa = &(priv->sa[sa_idx]);
traceEvent( TRACE_DEBUG, "decode_twofish %lu with SA %lu.", in_len, sa_rx, sa->sa_id );
len = TwoFishDecryptRaw( (void *)(inbuf + TRANSOP_TF_VER_SIZE + TRANSOP_TF_SA_SIZE),
assembly, /* destination */
(in_len - (TRANSOP_TF_VER_SIZE + TRANSOP_TF_SA_SIZE)),
sa->dec_tf);
if ( len > 0 ) {
/* Step over 4-byte random nonce value */
len -= TRANSOP_TF_NONCE_SIZE; /* size of ethernet packet */
memcpy( outbuf,
assembly + TRANSOP_TF_NONCE_SIZE,
len );
} else traceEvent( TRACE_ERROR, "decode_twofish decryption failed." );
} else {
/* Wrong security association; drop the packet as it is undecodable. */
traceEvent( TRACE_ERROR, "decode_twofish SA number %lu not found.", sa_rx );
/* REVISIT: should be able to load a new SA at this point to complete the decoding. */
}
} else {
/* Wrong security association; drop the packet as it is undecodable. */
traceEvent( TRACE_ERROR, "decode_twofish unsupported twofish version %u.", tf_enc_ver );
/* REVISIT: should be able to load a new SA at this point to complete the decoding. */
}
} else traceEvent( TRACE_ERROR, "decode_twofish inbuf wrong size (%ul) to decrypt.", in_len );
return len;
}
void decode_str(uint8_t **payload, char *str)
{
int len = decode_uint8(payload);
memcpy(str, (*payload), len);
str[len] = 0;
(*payload) += len;
}
int decode_SNM_comm( snm_comm_name_t *comm_name,
const uint8_t *base,
size_t *rem,
size_t *idx )
{
int retval = 0;
memset(comm_name, 0, N2N_COMMUNITY_SIZE);
retval += decode_uint8(&comm_name->size, base, rem, idx);
retval += decode_buf(comm_name->name, comm_name->size, base, rem, idx);
return retval;
}
