/**
* Helper function to decrypt, check auth and CRC32
* @param security_opts either socket_opts or conn_opts
* @param interface pointer to incoming interface
* @param packet pointer to packet
* @return -1 Missing feature, -2 XTEA error, -3 CRC error, -4 HMAC error, 0 = OK.
*/
static int csp_route_security_check(uint32_t security_opts, csp_iface_t * interface, csp_packet_t * packet) {
/* XTEA encrypted packet */
if (packet->id.flags & CSP_FXTEA) {
#ifdef CSP_USE_XTEA
/* Read nonce */
uint32_t nonce;
memcpy(&nonce, &packet->data[packet->length - sizeof(nonce)], sizeof(nonce));
nonce = csp_ntoh32(nonce);
packet->length -= sizeof(nonce);
/* Create initialization vector */
uint32_t iv[2] = {nonce, 1};
/* Decrypt data */
if (csp_xtea_decrypt(packet->data, packet->length, iv) != 0) {
/* Decryption failed */
csp_log_error("Decryption failed! Discarding packet\r\n");
interface->autherr++;
return CSP_ERR_XTEA;
}
} else if (security_opts & CSP_SO_XTEAREQ) {
csp_log_warn("Received packet without XTEA encryption. Discarding packet\r\n");
interface->autherr++;
return CSP_ERR_XTEA;
#else
csp_log_error("Received XTEA encrypted packet, but CSP was compiled without XTEA support. Discarding packet\r\n");
interface->autherr++;
return CSP_ERR_NOTSUP;
#endif
}
/* CRC32 verified packet */
if (packet->id.flags & CSP_FCRC32) {
#ifdef CSP_USE_CRC32
/* Verify CRC32 */
if (csp_crc32_verify(packet) != 0) {
/* Checksum failed */
csp_log_error("CRC32 verification error! Discarding packet\r\n");
interface->rx_error++;
return CSP_ERR_CRC32;
}
} else if (security_opts & CSP_SO_CRC32REQ) {
csp_log_warn("Received packet without CRC32. Accepting packet\r\n");
packet->length -= sizeof(uint32_t);
#else
/* Strip CRC32 field and accept the packet */
csp_log_warn("Received packet with CRC32, but CSP was compiled without CRC32 support. Accepting packet\r\n");
packet->length -= sizeof(uint32_t);
#endif
}
/* HMAC authenticated packet */
if (packet->id.flags & CSP_FHMAC) {
#ifdef CSP_USE_HMAC
/* Verify HMAC */
if (csp_hmac_verify(packet) != 0) {
/* HMAC failed */
csp_log_error("HMAC verification error! Discarding packet\r\n");
interface->autherr++;
return CSP_ERR_HMAC;
}
} else if (security_opts & CSP_SO_HMACREQ) {
csp_log_warn("Received packet without HMAC. Discarding packet\r\n");
interface->autherr++;
return CSP_ERR_HMAC;
#else
csp_log_error("Received packet with HMAC, but CSP was compiled without HMAC support. Discarding packet\r\n");
interface->autherr++;
return CSP_ERR_NOTSUP;
#endif
}
/*SEQNR enabled packet */
if(packet->id.flags & CSP_SEQNR) {
#ifdef CSP_USE_SEQNR
if(csp_seqnr_verify(packet) != 0) {
/*Fail*/
csp_log_error("SEQNR verification failed \r\n");
interface->autherr++;
return CSP_ERR_SEQNR;
}
} else if (security_opts & CSP_SO_SEQNR) {
csp_log_warn("SEQNR enabled but received packet without SEQNR. Discarding packet \r\n");
interface->autherr++;
return CSP_ERR_SEQNR;
#else
csp_log_error("Received packet with SEQNR, but CSP was compiled without SEQNR support. Discarding packet \r\n");
interface->autherr++;
return CSP_ERR_NOTSUP;
#endif
}
return CSP_ERR_NONE;
}
/**
* Helper function to decrypt, check auth and CRC32
* @param security_opts either socket_opts or conn_opts
* @param interface pointer to incoming interface
* @param packet pointer to packet
* @return -1 Missing feature, -2 XTEA error, -3 CRC error, -4 HMAC error, 0 = OK.
*/
static int csp_route_security_check(uint32_t security_opts, csp_iface_t * interface, csp_packet_t * packet) {
#ifdef CSP_USE_XTEA
/* XTEA encrypted packet */
if (packet->id.flags & CSP_FXTEA) {
/* Read nonce */
uint32_t nonce;
memcpy(&nonce, &packet->data[packet->length - sizeof(nonce)], sizeof(nonce));
nonce = csp_ntoh32(nonce);
packet->length -= sizeof(nonce);
/* Create initialization vector */
uint32_t iv[2] = {nonce, 1};
/* Decrypt data */
if (csp_xtea_decrypt(packet->data, packet->length, iv) != 0) {
/* Decryption failed */
csp_log_error("Decryption failed! Discarding packet");
interface->autherr++;
return CSP_ERR_XTEA;
}
} else if (security_opts & CSP_SO_XTEAREQ) {
csp_log_warn("Received packet without XTEA encryption. Discarding packet");
interface->autherr++;
return CSP_ERR_XTEA;
}
#endif
/* CRC32 verified packet */
if (packet->id.flags & CSP_FCRC32) {
#ifdef CSP_USE_CRC32
if (packet->length < 4)
csp_log_error("Too short packet for CRC32, %u", packet->length);
/* Verify CRC32 (does not include header for backwards compatability with csp1.x) */
if (csp_crc32_verify(packet, false) != 0) {
/* Checksum failed */
csp_log_error("CRC32 verification error! Discarding packet");
interface->rx_error++;
return CSP_ERR_CRC32;
}
} else if (security_opts & CSP_SO_CRC32REQ) {
csp_log_warn("Received packet without CRC32. Accepting packet");
#else
/* Strip CRC32 field and accept the packet */
csp_log_warn("Received packet with CRC32, but CSP was compiled without CRC32 support. Accepting packet");
packet->length -= sizeof(uint32_t);
#endif
}
#ifdef CSP_USE_HMAC
/* HMAC authenticated packet */
if (packet->id.flags & CSP_FHMAC) {
/* Verify HMAC (does not include header for backwards compatability with csp1.x) */
if (csp_hmac_verify(packet, false) != 0) {
/* HMAC failed */
csp_log_error("HMAC verification error! Discarding packet");
interface->autherr++;
return CSP_ERR_HMAC;
}
} else if (security_opts & CSP_SO_HMACREQ) {
csp_log_warn("Received packet without HMAC. Discarding packet");
interface->autherr++;
return CSP_ERR_HMAC;
}
#endif
#ifdef CSP_USE_RDP
/* RDP packet */
if (!(packet->id.flags & CSP_FRDP)) {
if (security_opts & CSP_SO_RDPREQ) {
csp_log_warn("Received packet without RDP header. Discarding packet");
interface->rx_error++;
return CSP_ERR_INVAL;
}
}
#endif
return CSP_ERR_NONE;
}
/**
* Helper function to decrypt, check auth and CRC32
* @param security_opts either socket_opts or conn_opts
* @param interface pointer to incoming interface
* @param packet pointer to packet
* @return -1 Missing feature, -2 XTEA error, -3 CRC error, -4 HMAC error, 0 = OK.
*/
static int csp_route_security_check(uint32_t security_opts, csp_iface_t * interface, csp_packet_t * packet) {
/* XTEA encrypted packet */
if (packet->id.flags & CSP_FXTEA) {
if (security_opts & CSP_SO_XTEAPROHIB) {
csp_log_error("Received packet with XTEA encryption, but XTEA encryption prohibited on socket");
return CSP_ERR_XTEA;
}
#ifdef CSP_USE_XTEA
/* Read nonce */
uint32_t nonce;
memcpy(&nonce, &packet->data[packet->length - sizeof(nonce)], sizeof(nonce));
nonce = csp_ntoh32(nonce);
packet->length -= sizeof(nonce);
/* Create initialization vector */
uint32_t iv[2] = {nonce, 1};
/* Decrypt data */
if (csp_xtea_decrypt(packet->data, packet->length, iv) != 0) {
/* Decryption failed */
csp_log_error("Decryption failed! Discarding packet\r\n");
interface->autherr++;
return CSP_ERR_XTEA;
}
} else if (security_opts & CSP_SO_XTEAREQ) {
csp_log_warn("Received packet without XTEA encryption from %u. Discarding packet\r\n", packet->id.src);
interface->autherr++;
return CSP_ERR_XTEA;
#else
csp_log_error("Received XTEA encrypted packet, but CSP was compiled without XTEA support. Discarding packet\r\n");
interface->autherr++;
return CSP_ERR_NOTSUP;
#endif
}
/* CRC32 verified packet */
if (packet->id.flags & CSP_FCRC32) {
#ifdef CSP_USE_CRC32
if (packet->length < 4)
csp_log_error("Too short packet for CRC32, %u", packet->length);
/* Verify CRC32 */
if (csp_crc32_verify(packet) != 0) {
/* Checksum failed */
csp_log_error("CRC32 verification error! Discarding packet\r\n");
interface->rx_error++;
return CSP_ERR_CRC32;
}
} else if (security_opts & CSP_SO_CRC32REQ) {
csp_log_warn("Received packet without CRC32 from %u. Accepting packet\r\n", packet->id.src);
#else
/* Strip CRC32 field and accept the packet */
csp_log_warn("Received packet with CRC32, but CSP was compiled without CRC32 support. Accepting packet\r\n");
packet->length -= sizeof(uint32_t);
#endif
}
/* HMAC authenticated packet */
if (packet->id.flags & CSP_FHMAC) {
if (security_opts & CSP_SO_HMACPROHIB) {
csp_log_error("Received packet with HMAC, but HMAC prohibited on socket");
return CSP_ERR_HMAC;
}
#ifdef CSP_USE_HMAC
/* Verify HMAC */
if (csp_hmac_verify(packet) != 0) {
/* HMAC failed */
csp_log_error("HMAC verification error! Discarding packet (src: %u, dest: %u)\r\n", packet->id.src, packet->id.dst);
interface->autherr++;
return CSP_ERR_HMAC;
}
} else if (security_opts & CSP_SO_HMACREQ) {
csp_log_warn("Received packet without HMAC from %u. Discarding packet\r\n", packet->id.src);
interface->autherr++;
return CSP_ERR_HMAC;
#else
csp_log_error("Received packet with HMAC, but CSP was compiled without HMAC support. Discarding packet\r\n");
interface->autherr++;
return CSP_ERR_NOTSUP;
#endif
}
return CSP_ERR_NONE;
}
