int decode_SNM_hdr( snm_hdr_t *hdr, const uint8_t *base, size_t *rem, size_t *idx ) { int retval = 0; retval += decode_uint8(&hdr->type, base, rem, idx); retval += decode_uint8(&hdr->flags, base, rem, idx); retval += decode_uint16(&hdr->seq_num, base, rem, idx); return retval; }
/** The twofish packet format consists of: * * - a 8-bit twofish encoding version in clear text * - a 32-bit SA number in clear text * - ciphertext encrypted from a 32-bit nonce followed by the payload. * * [V|SSSS|nnnnDDDDDDDDDDDDDDDDDDDDD] * |<------ encrypted ------>| */ static int transop_decode_twofish( ntvl_trans_op_t * arg, uint8_t * outbuf, size_t out_len, const uint8_t * inbuf, size_t in_len ) { int len=0; transop_tf_t * priv = (transop_tf_t *)arg->priv; uint8_t assembly[NTVL_PKT_BUF_SIZE]; if ( ( (in_len - (TRANSOP_TF_VER_SIZE + TRANSOP_TF_SA_SIZE)) <= NTVL_PKT_BUF_SIZE ) /* Cipher text fits in assembly */ && (in_len >= (TRANSOP_TF_VER_SIZE + TRANSOP_TF_SA_SIZE + TRANSOP_TF_NONCE_SIZE) ) ) { /* Has at least version, SA and nonce */ ntvl_sa_t sa_rx; ssize_t sa_idx=-1; size_t rem=in_len; size_t idx=0; uint8_t tf_enc_ver=0; /* Get the encoding version to make sure it is supported */ decode_uint8( &tf_enc_ver, inbuf, &rem, &idx ); if ( NTVL_TWOFISH_TRANSFORM_VERSION == tf_enc_ver ) { /* Get the SA number and make sure we are decrypting with the right one. */ decode_uint32( &sa_rx, inbuf, &rem, &idx ); sa_idx = twofish_find_sa(priv, sa_rx); if ( sa_idx >= 0 ) { sa_twofish_t * sa = &(priv->sa[sa_idx]); traceEvent( TRACE_DEBUG, "decode_twofish %lu with SA %lu.", in_len, sa_rx, sa->sa_id ); len = TwoFishDecryptRaw( (void *)(inbuf + TRANSOP_TF_VER_SIZE + TRANSOP_TF_SA_SIZE), assembly, /* destination */ (in_len - (TRANSOP_TF_VER_SIZE + TRANSOP_TF_SA_SIZE)), sa->dec_tf); if ( len > 0 ) { /* Step over 4-byte random nonce value */ len -= TRANSOP_TF_NONCE_SIZE; /* size of ethernet packet */ memcpy( outbuf, assembly + TRANSOP_TF_NONCE_SIZE, len ); } else traceEvent( TRACE_ERROR, "decode_twofish decryption failed." ); } else { /* Wrong security association; drop the packet as it is undecodable. */ traceEvent( TRACE_ERROR, "decode_twofish SA number %lu not found.", sa_rx ); /* REVISIT: should be able to load a new SA at this point to complete the decoding. */ } } else { /* Wrong security association; drop the packet as it is undecodable. */ traceEvent( TRACE_ERROR, "decode_twofish unsupported twofish version %u.", tf_enc_ver ); /* REVISIT: should be able to load a new SA at this point to complete the decoding. */ } } else traceEvent( TRACE_ERROR, "decode_twofish inbuf wrong size (%ul) to decrypt.", in_len ); return len; }
void decode_str(uint8_t **payload, char *str) { int len = decode_uint8(payload); memcpy(str, (*payload), len); str[len] = 0; (*payload) += len; }
int decode_SNM_comm( snm_comm_name_t *comm_name, const uint8_t *base, size_t *rem, size_t *idx ) { int retval = 0; memset(comm_name, 0, N2N_COMMUNITY_SIZE); retval += decode_uint8(&comm_name->size, base, rem, idx); retval += decode_buf(comm_name->name, comm_name->size, base, rem, idx); return retval; }