2014-07-21 05:22:06 +02:00
|
|
|
// OpenVPN -- An application to securely tunnel IP networks
|
|
|
|
// over a single port, with support for SSL/TLS-based
|
|
|
|
// session authentication and key exchange,
|
|
|
|
// packet encryption, packet authentication, and
|
|
|
|
// packet compression.
|
2012-08-24 23:13:42 +02:00
|
|
|
//
|
2022-09-29 11:41:13 +02:00
|
|
|
// Copyright (C) 2012-2022 OpenVPN Inc.
|
2012-08-24 23:13:42 +02:00
|
|
|
//
|
2014-07-21 05:22:06 +02:00
|
|
|
// This program is free software: you can redistribute it and/or modify
|
2017-12-21 21:42:20 +01:00
|
|
|
// it under the terms of the GNU Affero General Public License Version 3
|
2014-07-21 05:22:06 +02:00
|
|
|
// as published by the Free Software Foundation.
|
2012-08-24 23:13:42 +02:00
|
|
|
//
|
2014-07-21 05:22:06 +02:00
|
|
|
// This program is distributed in the hope that it will be useful,
|
|
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
2017-12-21 21:42:20 +01:00
|
|
|
// GNU Affero General Public License for more details.
|
2014-07-21 05:22:06 +02:00
|
|
|
//
|
2017-12-21 21:42:20 +01:00
|
|
|
// You should have received a copy of the GNU Affero General Public License
|
2014-07-21 05:22:06 +02:00
|
|
|
// along with this program in the COPYING file.
|
|
|
|
// If not, see <http://www.gnu.org/licenses/>.
|
2012-08-24 23:13:42 +02:00
|
|
|
|
2014-10-19 23:19:14 +02:00
|
|
|
// General-purpose OpenVPN protocol decrypt method (CBC/HMAC) that is independent of the underlying CRYPTO_API
|
2012-11-23 07:18:43 +01:00
|
|
|
|
2014-10-19 23:19:14 +02:00
|
|
|
#ifndef OPENVPN_CRYPTO_DECRYPT_CHM_H
|
|
|
|
#define OPENVPN_CRYPTO_DECRYPT_CHM_H
|
2011-10-06 02:18:46 +02:00
|
|
|
|
|
|
|
#include <cstring>
|
|
|
|
|
2015-05-17 21:27:34 +02:00
|
|
|
#include <openvpn/common/size.hpp>
|
2011-10-06 02:18:46 +02:00
|
|
|
#include <openvpn/common/exception.hpp>
|
2014-08-18 06:09:12 +02:00
|
|
|
#include <openvpn/common/memneq.hpp>
|
2011-10-06 02:18:46 +02:00
|
|
|
#include <openvpn/buffer/buffer.hpp>
|
2011-10-25 19:32:26 +02:00
|
|
|
#include <openvpn/frame/frame.hpp>
|
2011-10-06 02:18:46 +02:00
|
|
|
#include <openvpn/crypto/cipher.hpp>
|
2014-10-20 17:16:39 +02:00
|
|
|
#include <openvpn/crypto/ovpnhmac.hpp>
|
2011-10-06 02:18:46 +02:00
|
|
|
#include <openvpn/crypto/static_key.hpp>
|
|
|
|
#include <openvpn/crypto/packet_id.hpp>
|
2012-02-04 11:24:54 +01:00
|
|
|
#include <openvpn/log/sessionstats.hpp>
|
2011-10-06 02:18:46 +02:00
|
|
|
|
|
|
|
namespace openvpn {
|
|
|
|
|
2012-03-12 13:24:40 +01:00
|
|
|
template <typename CRYPTO_API>
|
2014-10-19 23:19:14 +02:00
|
|
|
class DecryptCHM
|
|
|
|
{
|
2011-10-06 02:18:46 +02:00
|
|
|
public:
|
2014-10-19 23:19:14 +02:00
|
|
|
OPENVPN_SIMPLE_EXCEPTION(chm_unsupported_cipher_mode);
|
2011-12-11 09:28:55 +01:00
|
|
|
|
2012-02-04 11:24:54 +01:00
|
|
|
Error::Type decrypt(BufferAllocated &buf, const PacketID::time_t now)
|
2011-10-06 02:18:46 +02:00
|
|
|
{
|
2011-12-14 12:34:33 +01:00
|
|
|
// skip null packets
|
|
|
|
if (!buf.size())
|
2012-02-04 11:24:54 +01:00
|
|
|
return Error::SUCCESS;
|
2023-01-11 20:43:22 +01:00
|
|
|
|
2011-12-14 12:34:33 +01:00
|
|
|
// verify the HMAC
|
|
|
|
if (hmac.defined())
|
|
|
|
{
|
2012-03-12 13:24:40 +01:00
|
|
|
unsigned char local_hmac[CRYPTO_API::HMACContext::MAX_HMAC_SIZE];
|
2011-12-14 12:34:33 +01:00
|
|
|
const size_t hmac_size = hmac.output_size();
|
|
|
|
const unsigned char *packet_hmac = buf.read_alloc(hmac_size);
|
|
|
|
hmac.hmac(local_hmac, hmac_size, buf.c_data(), buf.size());
|
2014-08-18 06:09:12 +02:00
|
|
|
if (crypto::memneq(local_hmac, packet_hmac, hmac_size))
|
2011-12-14 12:34:33 +01:00
|
|
|
{
|
|
|
|
buf.reset_size();
|
2012-02-04 11:24:54 +01:00
|
|
|
return Error::HMAC_ERROR;
|
2011-12-14 12:34:33 +01:00
|
|
|
}
|
|
|
|
}
|
2023-01-11 20:43:22 +01:00
|
|
|
|
2011-12-14 12:34:33 +01:00
|
|
|
// decrypt packet ID + payload
|
|
|
|
if (cipher.defined())
|
|
|
|
{
|
2012-03-12 13:24:40 +01:00
|
|
|
unsigned char iv_buf[CRYPTO_API::CipherContext::MAX_IV_LENGTH];
|
|
|
|
const size_t iv_length = cipher.iv_length();
|
2023-01-11 20:43:22 +01:00
|
|
|
|
2011-12-14 12:34:33 +01:00
|
|
|
// extract IV from head of packet
|
2012-03-12 13:24:40 +01:00
|
|
|
buf.read(iv_buf, iv_length);
|
2023-01-11 20:43:22 +01:00
|
|
|
|
2011-12-14 12:34:33 +01:00
|
|
|
// initialize work buffer
|
|
|
|
frame->prepare(Frame::DECRYPT_WORK, work);
|
2023-01-11 20:43:22 +01:00
|
|
|
|
2011-12-14 12:34:33 +01:00
|
|
|
// decrypt from buf -> work
|
|
|
|
const size_t decrypt_bytes = cipher.decrypt(iv_buf, work.data(), work.max_size(), buf.c_data(), buf.size());
|
|
|
|
if (!decrypt_bytes)
|
|
|
|
{
|
|
|
|
buf.reset_size();
|
2012-02-04 11:24:54 +01:00
|
|
|
return Error::DECRYPT_ERROR;
|
2011-12-14 12:34:33 +01:00
|
|
|
}
|
|
|
|
work.set_size(decrypt_bytes);
|
2023-01-11 20:43:22 +01:00
|
|
|
|
2011-12-14 12:34:33 +01:00
|
|
|
// handle different cipher modes
|
|
|
|
const int cipher_mode = cipher.cipher_mode();
|
2012-03-12 13:24:40 +01:00
|
|
|
if (cipher_mode == CRYPTO_API::CipherContext::CIPH_CBC_MODE)
|
2011-12-14 12:34:33 +01:00
|
|
|
{
|
|
|
|
if (!verify_packet_id(work, now))
|
|
|
|
{
|
|
|
|
buf.reset_size();
|
2012-02-04 11:24:54 +01:00
|
|
|
return Error::REPLAY_ERROR;
|
2011-12-14 12:34:33 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2014-10-19 23:19:14 +02:00
|
|
|
throw chm_unsupported_cipher_mode();
|
2011-12-14 12:34:33 +01:00
|
|
|
}
|
2023-01-11 20:43:22 +01:00
|
|
|
|
2011-12-14 12:34:33 +01:00
|
|
|
// return cleartext result in buf
|
|
|
|
buf.swap(work);
|
|
|
|
}
|
|
|
|
else // no encryption
|
2011-10-06 02:18:46 +02:00
|
|
|
{
|
2011-12-14 12:34:33 +01:00
|
|
|
if (!verify_packet_id(buf, now))
|
|
|
|
{
|
|
|
|
buf.reset_size();
|
2012-02-04 11:24:54 +01:00
|
|
|
return Error::REPLAY_ERROR;
|
2011-12-14 12:34:33 +01:00
|
|
|
}
|
2011-10-06 02:18:46 +02:00
|
|
|
}
|
2012-02-04 11:24:54 +01:00
|
|
|
return Error::SUCCESS;
|
2011-10-06 02:18:46 +02:00
|
|
|
}
|
|
|
|
|
2011-12-11 09:28:55 +01:00
|
|
|
Frame::Ptr frame;
|
2012-03-12 13:24:40 +01:00
|
|
|
CipherContext<CRYPTO_API> cipher;
|
2014-10-20 17:16:39 +02:00
|
|
|
OvpnHMAC<CRYPTO_API> hmac;
|
2011-10-06 02:18:46 +02:00
|
|
|
PacketIDReceive pid_recv;
|
|
|
|
|
|
|
|
private:
|
2011-12-13 05:46:56 +01:00
|
|
|
bool verify_packet_id(BufferAllocated &buf, const PacketID::time_t now)
|
2011-10-06 02:18:46 +02:00
|
|
|
{
|
|
|
|
// ignore packet ID if pid_recv is not initialized
|
|
|
|
if (pid_recv.initialized())
|
|
|
|
{
|
|
|
|
const PacketID pid = pid_recv.read_next(buf);
|
2015-06-18 09:55:52 +02:00
|
|
|
if (!pid_recv.test_add(pid, now, true)) // verify packet ID
|
2011-12-13 05:46:56 +01:00
|
|
|
return false;
|
2011-10-06 02:18:46 +02:00
|
|
|
}
|
2011-12-13 05:46:56 +01:00
|
|
|
return true;
|
2011-10-06 02:18:46 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
BufferAllocated work;
|
|
|
|
};
|
|
|
|
|
|
|
|
} // namespace openvpn
|
|
|
|
|
2012-02-06 21:39:10 +01:00
|
|
|
#endif // OPENVPN_CRYPTO_DECRYPT_H
|