/** * Helper function to decrypt, check auth and CRC32 * @param security_opts either socket_opts or conn_opts * @param interface pointer to incoming interface * @param packet pointer to packet * @return -1 Missing feature, -2 XTEA error, -3 CRC error, -4 HMAC error, 0 = OK. */ static int csp_route_security_check(uint32_t security_opts, csp_iface_t * interface, csp_packet_t * packet) { /* XTEA encrypted packet */ if (packet->id.flags & CSP_FXTEA) { #ifdef CSP_USE_XTEA /* Read nonce */ uint32_t nonce; memcpy(&nonce, &packet->data[packet->length - sizeof(nonce)], sizeof(nonce)); nonce = csp_ntoh32(nonce); packet->length -= sizeof(nonce); /* Create initialization vector */ uint32_t iv[2] = {nonce, 1}; /* Decrypt data */ if (csp_xtea_decrypt(packet->data, packet->length, iv) != 0) { /* Decryption failed */ csp_log_error("Decryption failed! Discarding packet\r\n"); interface->autherr++; return CSP_ERR_XTEA; } } else if (security_opts & CSP_SO_XTEAREQ) { csp_log_warn("Received packet without XTEA encryption. Discarding packet\r\n"); interface->autherr++; return CSP_ERR_XTEA; #else csp_log_error("Received XTEA encrypted packet, but CSP was compiled without XTEA support. Discarding packet\r\n"); interface->autherr++; return CSP_ERR_NOTSUP; #endif } /* CRC32 verified packet */ if (packet->id.flags & CSP_FCRC32) { #ifdef CSP_USE_CRC32 /* Verify CRC32 */ if (csp_crc32_verify(packet) != 0) { /* Checksum failed */ csp_log_error("CRC32 verification error! Discarding packet\r\n"); interface->rx_error++; return CSP_ERR_CRC32; } } else if (security_opts & CSP_SO_CRC32REQ) { csp_log_warn("Received packet without CRC32. Accepting packet\r\n"); packet->length -= sizeof(uint32_t); #else /* Strip CRC32 field and accept the packet */ csp_log_warn("Received packet with CRC32, but CSP was compiled without CRC32 support. Accepting packet\r\n"); packet->length -= sizeof(uint32_t); #endif } /* HMAC authenticated packet */ if (packet->id.flags & CSP_FHMAC) { #ifdef CSP_USE_HMAC /* Verify HMAC */ if (csp_hmac_verify(packet) != 0) { /* HMAC failed */ csp_log_error("HMAC verification error! Discarding packet\r\n"); interface->autherr++; return CSP_ERR_HMAC; } } else if (security_opts & CSP_SO_HMACREQ) { csp_log_warn("Received packet without HMAC. Discarding packet\r\n"); interface->autherr++; return CSP_ERR_HMAC; #else csp_log_error("Received packet with HMAC, but CSP was compiled without HMAC support. Discarding packet\r\n"); interface->autherr++; return CSP_ERR_NOTSUP; #endif } /*SEQNR enabled packet */ if(packet->id.flags & CSP_SEQNR) { #ifdef CSP_USE_SEQNR if(csp_seqnr_verify(packet) != 0) { /*Fail*/ csp_log_error("SEQNR verification failed \r\n"); interface->autherr++; return CSP_ERR_SEQNR; } } else if (security_opts & CSP_SO_SEQNR) { csp_log_warn("SEQNR enabled but received packet without SEQNR. Discarding packet \r\n"); interface->autherr++; return CSP_ERR_SEQNR; #else csp_log_error("Received packet with SEQNR, but CSP was compiled without SEQNR support. Discarding packet \r\n"); interface->autherr++; return CSP_ERR_NOTSUP; #endif } return CSP_ERR_NONE; }
/** * Helper function to decrypt, check auth and CRC32 * @param security_opts either socket_opts or conn_opts * @param interface pointer to incoming interface * @param packet pointer to packet * @return -1 Missing feature, -2 XTEA error, -3 CRC error, -4 HMAC error, 0 = OK. */ static int csp_route_security_check(uint32_t security_opts, csp_iface_t * interface, csp_packet_t * packet) { #ifdef CSP_USE_XTEA /* XTEA encrypted packet */ if (packet->id.flags & CSP_FXTEA) { /* Read nonce */ uint32_t nonce; memcpy(&nonce, &packet->data[packet->length - sizeof(nonce)], sizeof(nonce)); nonce = csp_ntoh32(nonce); packet->length -= sizeof(nonce); /* Create initialization vector */ uint32_t iv[2] = {nonce, 1}; /* Decrypt data */ if (csp_xtea_decrypt(packet->data, packet->length, iv) != 0) { /* Decryption failed */ csp_log_error("Decryption failed! Discarding packet"); interface->autherr++; return CSP_ERR_XTEA; } } else if (security_opts & CSP_SO_XTEAREQ) { csp_log_warn("Received packet without XTEA encryption. Discarding packet"); interface->autherr++; return CSP_ERR_XTEA; } #endif /* CRC32 verified packet */ if (packet->id.flags & CSP_FCRC32) { #ifdef CSP_USE_CRC32 if (packet->length < 4) csp_log_error("Too short packet for CRC32, %u", packet->length); /* Verify CRC32 (does not include header for backwards compatability with csp1.x) */ if (csp_crc32_verify(packet, false) != 0) { /* Checksum failed */ csp_log_error("CRC32 verification error! Discarding packet"); interface->rx_error++; return CSP_ERR_CRC32; } } else if (security_opts & CSP_SO_CRC32REQ) { csp_log_warn("Received packet without CRC32. Accepting packet"); #else /* Strip CRC32 field and accept the packet */ csp_log_warn("Received packet with CRC32, but CSP was compiled without CRC32 support. Accepting packet"); packet->length -= sizeof(uint32_t); #endif } #ifdef CSP_USE_HMAC /* HMAC authenticated packet */ if (packet->id.flags & CSP_FHMAC) { /* Verify HMAC (does not include header for backwards compatability with csp1.x) */ if (csp_hmac_verify(packet, false) != 0) { /* HMAC failed */ csp_log_error("HMAC verification error! Discarding packet"); interface->autherr++; return CSP_ERR_HMAC; } } else if (security_opts & CSP_SO_HMACREQ) { csp_log_warn("Received packet without HMAC. Discarding packet"); interface->autherr++; return CSP_ERR_HMAC; } #endif #ifdef CSP_USE_RDP /* RDP packet */ if (!(packet->id.flags & CSP_FRDP)) { if (security_opts & CSP_SO_RDPREQ) { csp_log_warn("Received packet without RDP header. Discarding packet"); interface->rx_error++; return CSP_ERR_INVAL; } } #endif return CSP_ERR_NONE; }
/** * Helper function to decrypt, check auth and CRC32 * @param security_opts either socket_opts or conn_opts * @param interface pointer to incoming interface * @param packet pointer to packet * @return -1 Missing feature, -2 XTEA error, -3 CRC error, -4 HMAC error, 0 = OK. */ static int csp_route_security_check(uint32_t security_opts, csp_iface_t * interface, csp_packet_t * packet) { /* XTEA encrypted packet */ if (packet->id.flags & CSP_FXTEA) { if (security_opts & CSP_SO_XTEAPROHIB) { csp_log_error("Received packet with XTEA encryption, but XTEA encryption prohibited on socket"); return CSP_ERR_XTEA; } #ifdef CSP_USE_XTEA /* Read nonce */ uint32_t nonce; memcpy(&nonce, &packet->data[packet->length - sizeof(nonce)], sizeof(nonce)); nonce = csp_ntoh32(nonce); packet->length -= sizeof(nonce); /* Create initialization vector */ uint32_t iv[2] = {nonce, 1}; /* Decrypt data */ if (csp_xtea_decrypt(packet->data, packet->length, iv) != 0) { /* Decryption failed */ csp_log_error("Decryption failed! Discarding packet\r\n"); interface->autherr++; return CSP_ERR_XTEA; } } else if (security_opts & CSP_SO_XTEAREQ) { csp_log_warn("Received packet without XTEA encryption from %u. Discarding packet\r\n", packet->id.src); interface->autherr++; return CSP_ERR_XTEA; #else csp_log_error("Received XTEA encrypted packet, but CSP was compiled without XTEA support. Discarding packet\r\n"); interface->autherr++; return CSP_ERR_NOTSUP; #endif } /* CRC32 verified packet */ if (packet->id.flags & CSP_FCRC32) { #ifdef CSP_USE_CRC32 if (packet->length < 4) csp_log_error("Too short packet for CRC32, %u", packet->length); /* Verify CRC32 */ if (csp_crc32_verify(packet) != 0) { /* Checksum failed */ csp_log_error("CRC32 verification error! Discarding packet\r\n"); interface->rx_error++; return CSP_ERR_CRC32; } } else if (security_opts & CSP_SO_CRC32REQ) { csp_log_warn("Received packet without CRC32 from %u. Accepting packet\r\n", packet->id.src); #else /* Strip CRC32 field and accept the packet */ csp_log_warn("Received packet with CRC32, but CSP was compiled without CRC32 support. Accepting packet\r\n"); packet->length -= sizeof(uint32_t); #endif } /* HMAC authenticated packet */ if (packet->id.flags & CSP_FHMAC) { if (security_opts & CSP_SO_HMACPROHIB) { csp_log_error("Received packet with HMAC, but HMAC prohibited on socket"); return CSP_ERR_HMAC; } #ifdef CSP_USE_HMAC /* Verify HMAC */ if (csp_hmac_verify(packet) != 0) { /* HMAC failed */ csp_log_error("HMAC verification error! Discarding packet (src: %u, dest: %u)\r\n", packet->id.src, packet->id.dst); interface->autherr++; return CSP_ERR_HMAC; } } else if (security_opts & CSP_SO_HMACREQ) { csp_log_warn("Received packet without HMAC from %u. Discarding packet\r\n", packet->id.src); interface->autherr++; return CSP_ERR_HMAC; #else csp_log_error("Received packet with HMAC, but CSP was compiled without HMAC support. Discarding packet\r\n"); interface->autherr++; return CSP_ERR_NOTSUP; #endif } return CSP_ERR_NONE; }