openvpn3/openvpn/crypto/decrypt.hpp

#ifndef OPENVPN_CRYPTO_DECRYPT_H
#define OPENVPN_CRYPTO_DECRYPT_H

#include <cstring>

#include <openvpn/common/types.hpp>
#include <openvpn/common/exception.hpp>
#include <openvpn/common/memcmp.hpp>
#include <openvpn/buffer/buffer.hpp>
#include <openvpn/random/prng.hpp>
#include <openvpn/frame/frame.hpp>
#include <openvpn/crypto/cipher.hpp>
#include <openvpn/crypto/digest.hpp>
#include <openvpn/crypto/static_key.hpp>
#include <openvpn/crypto/packet_id.hpp>
#include <openvpn/log/sessionstats.hpp>

namespace openvpn {

  class Decrypt {
  public:
    OPENVPN_SIMPLE_EXCEPTION(unsupported_cipher_mode);

    Error::Type decrypt(BufferAllocated& buf, const PacketID::time_t now)
    {
      // skip null packets
      if (!buf.size())
	return Error::SUCCESS;

      // verify the HMAC
      if (hmac.defined())
	{
	  unsigned char local_hmac[HMACContext::MAX_HMAC_SIZE];
	  const size_t hmac_size = hmac.output_size();
	  const unsigned char *packet_hmac = buf.read_alloc(hmac_size);
	  hmac.hmac(local_hmac, hmac_size, buf.c_data(), buf.size());
	  if (memcmp_secure(local_hmac, packet_hmac, hmac_size))
	    {
	      buf.reset_size();
	      return Error::HMAC_ERROR;
	    }
	}

      // decrypt packet ID + payload
      if (cipher.defined())
	{
	  unsigned char iv_buf[CipherContext::MAX_IV_SIZE];
	  const size_t iv_size = cipher.iv_size();

	  // extract IV from head of packet
	  buf.read(iv_buf, iv_size);

	  // initialize work buffer
	  frame->prepare(Frame::DECRYPT_WORK, work);

	  // decrypt from buf -> work
	  const size_t decrypt_bytes = cipher.decrypt(iv_buf, work.data(), work.max_size(), buf.c_data(), buf.size());
	  if (!decrypt_bytes)
	    {
	      buf.reset_size();
	      return Error::DECRYPT_ERROR;
	    }
	  work.set_size(decrypt_bytes);

	  // handle different cipher modes
	  const int cipher_mode = cipher.cipher_mode();
	  if (cipher_mode == CipherContext::CIPH_CBC_MODE)
	    {
	      if (!verify_packet_id(work, now))
		{
		  buf.reset_size();
		  return Error::REPLAY_ERROR;
		}
	    }
	  else
	    {
	      throw unsupported_cipher_mode();
	    }

	  // return cleartext result in buf
	  buf.swap(work);
	}
      else // no encryption
	{
	  if (!verify_packet_id(buf, now))
	    {
	      buf.reset_size();
	      return Error::REPLAY_ERROR;
	    }
	}
      return Error::SUCCESS;
    }

    Frame::Ptr frame;
    CipherContext cipher;
    HMACContext hmac;
    PacketIDReceive pid_recv;

  private:
    bool verify_packet_id(BufferAllocated& buf, const PacketID::time_t now)
    {
      // ignore packet ID if pid_recv is not initialized
      if (pid_recv.initialized())
	{
	  const PacketID pid = pid_recv.read_next(buf);
	  if (pid_recv.test(pid, now)) // verify packet ID
	    pid_recv.add(pid, now);    // remember packet ID
	  else
	    return false;
	}
      return true;
    }

    BufferAllocated work;
  };

} // namespace openvpn

#endif // OPENVPN_CRYPTO_DECRYPT_H
Top-level client refactoring, to move configuration functionality from cli.cpp to ClientOptions in openvpn/client/cliopt.hpp. 2012-02-06 21:39:10 +01:00			`#ifndef OPENVPN_CRYPTO_DECRYPT_H`
			`#define OPENVPN_CRYPTO_DECRYPT_H`
Encrypt and Decrypt classes implemented for OpenVPN data channel protocol. 2011-10-06 02:18:46 +02:00
			`#include <cstring>`

			`#include <openvpn/common/types.hpp>`
			`#include <openvpn/common/exception.hpp>`
Added constant-time memcmp. 2012-01-24 02:54:35 +01:00			`#include <openvpn/common/memcmp.hpp>`
Encrypt and Decrypt classes implemented for OpenVPN data channel protocol. 2011-10-06 02:18:46 +02:00			`#include <openvpn/buffer/buffer.hpp>`
Move crypto random number headers out of openvpn/openssl into openvpn/random. Also move boostrand.hpp into openvpn/random. 2011-11-21 07:11:06 +01:00			`#include <openvpn/random/prng.hpp>`
Started PKI tree for wrapping OpenSSL PKI objects. Started SSL Context class. Implemented dgram & stream buffer queues that can operate as OpenSSL BIOs. Reworked Frame class to make it more flexible. 2011-10-25 19:32:26 +02:00			`#include <openvpn/frame/frame.hpp>`
Encrypt and Decrypt classes implemented for OpenVPN data channel protocol. 2011-10-06 02:18:46 +02:00			`#include <openvpn/crypto/cipher.hpp>`
			`#include <openvpn/crypto/digest.hpp>`
			`#include <openvpn/crypto/static_key.hpp>`
			`#include <openvpn/crypto/packet_id.hpp>`
Start process of moving client logic out of cli.cpp into general-purpose classes. Rename ProtoStats to SessionStats and make it more flexible by using an abstract base class model. Add a client event queue for the beginnings of a client-backend API. Added logic to ProtoContext to invalidate session on certain kinds of errors in TCP that would be normally be okay in UDP such as HMAC_ERROR, DECRYPT_ERROR, etc. Add some alignment adjustment logic for READ_LINK_TCP (3 bytes) and READ_LINK_UDP (1 byte). 2012-02-04 11:24:54 +01:00			`#include <openvpn/log/sessionstats.hpp>`
Encrypt and Decrypt classes implemented for OpenVPN data channel protocol. 2011-10-06 02:18:46 +02:00
			`namespace openvpn {`

			`class Decrypt {`
			`public:`
			`OPENVPN_SIMPLE_EXCEPTION(unsupported_cipher_mode);`
Full-protocol unit test using ProtoContext, w/o soft resets. Test in test/ssl/proto.cpp. 2011-12-11 09:28:55 +01:00
Start process of moving client logic out of cli.cpp into general-purpose classes. Rename ProtoStats to SessionStats and make it more flexible by using an abstract base class model. Add a client event queue for the beginnings of a client-backend API. Added logic to ProtoContext to invalidate session on certain kinds of errors in TCP that would be normally be okay in UDP such as HMAC_ERROR, DECRYPT_ERROR, etc. Add some alignment adjustment logic for READ_LINK_TCP (3 bytes) and READ_LINK_UDP (1 byte). 2012-02-04 11:24:54 +01:00			`Error::Type decrypt(BufferAllocated& buf, const PacketID::time_t now)`
Encrypt and Decrypt classes implemented for OpenVPN data channel protocol. 2011-10-06 02:18:46 +02:00			`{`
Added compression framework. Implemented LZO_STUB compressor. Added methods to generate options and peer info strings. 2011-12-14 12:34:33 +01:00			`// skip null packets`
			`if (!buf.size())`
Start process of moving client logic out of cli.cpp into general-purpose classes. Rename ProtoStats to SessionStats and make it more flexible by using an abstract base class model. Add a client event queue for the beginnings of a client-backend API. Added logic to ProtoContext to invalidate session on certain kinds of errors in TCP that would be normally be okay in UDP such as HMAC_ERROR, DECRYPT_ERROR, etc. Add some alignment adjustment logic for READ_LINK_TCP (3 bytes) and READ_LINK_UDP (1 byte). 2012-02-04 11:24:54 +01:00			`return Error::SUCCESS;`
Added compression framework. Implemented LZO_STUB compressor. Added methods to generate options and peer info strings. 2011-12-14 12:34:33 +01:00
			`// verify the HMAC`
			`if (hmac.defined())`
			`{`
			`unsigned char local_hmac[HMACContext::MAX_HMAC_SIZE];`
			`const size_t hmac_size = hmac.output_size();`
			`const unsigned char *packet_hmac = buf.read_alloc(hmac_size);`
			`hmac.hmac(local_hmac, hmac_size, buf.c_data(), buf.size());`
Added constant-time memcmp. 2012-01-24 02:54:35 +01:00			`if (memcmp_secure(local_hmac, packet_hmac, hmac_size))`
Added compression framework. Implemented LZO_STUB compressor. Added methods to generate options and peer info strings. 2011-12-14 12:34:33 +01:00			`{`
			`buf.reset_size();`
Start process of moving client logic out of cli.cpp into general-purpose classes. Rename ProtoStats to SessionStats and make it more flexible by using an abstract base class model. Add a client event queue for the beginnings of a client-backend API. Added logic to ProtoContext to invalidate session on certain kinds of errors in TCP that would be normally be okay in UDP such as HMAC_ERROR, DECRYPT_ERROR, etc. Add some alignment adjustment logic for READ_LINK_TCP (3 bytes) and READ_LINK_UDP (1 byte). 2012-02-04 11:24:54 +01:00			`return Error::HMAC_ERROR;`
Added compression framework. Implemented LZO_STUB compressor. Added methods to generate options and peer info strings. 2011-12-14 12:34:33 +01:00			`}`
			`}`

			`// decrypt packet ID + payload`
			`if (cipher.defined())`
			`{`
			`unsigned char iv_buf[CipherContext::MAX_IV_SIZE];`
			`const size_t iv_size = cipher.iv_size();`

			`// extract IV from head of packet`
			`buf.read(iv_buf, iv_size);`

			`// initialize work buffer`
			`frame->prepare(Frame::DECRYPT_WORK, work);`

			`// decrypt from buf -> work`
			`const size_t decrypt_bytes = cipher.decrypt(iv_buf, work.data(), work.max_size(), buf.c_data(), buf.size());`
			`if (!decrypt_bytes)`
			`{`
			`buf.reset_size();`
Start process of moving client logic out of cli.cpp into general-purpose classes. Rename ProtoStats to SessionStats and make it more flexible by using an abstract base class model. Add a client event queue for the beginnings of a client-backend API. Added logic to ProtoContext to invalidate session on certain kinds of errors in TCP that would be normally be okay in UDP such as HMAC_ERROR, DECRYPT_ERROR, etc. Add some alignment adjustment logic for READ_LINK_TCP (3 bytes) and READ_LINK_UDP (1 byte). 2012-02-04 11:24:54 +01:00			`return Error::DECRYPT_ERROR;`
Added compression framework. Implemented LZO_STUB compressor. Added methods to generate options and peer info strings. 2011-12-14 12:34:33 +01:00			`}`
			`work.set_size(decrypt_bytes);`

			`// handle different cipher modes`
			`const int cipher_mode = cipher.cipher_mode();`
			`if (cipher_mode == CipherContext::CIPH_CBC_MODE)`
			`{`
			`if (!verify_packet_id(work, now))`
			`{`
			`buf.reset_size();`
Start process of moving client logic out of cli.cpp into general-purpose classes. Rename ProtoStats to SessionStats and make it more flexible by using an abstract base class model. Add a client event queue for the beginnings of a client-backend API. Added logic to ProtoContext to invalidate session on certain kinds of errors in TCP that would be normally be okay in UDP such as HMAC_ERROR, DECRYPT_ERROR, etc. Add some alignment adjustment logic for READ_LINK_TCP (3 bytes) and READ_LINK_UDP (1 byte). 2012-02-04 11:24:54 +01:00			`return Error::REPLAY_ERROR;`
Added compression framework. Implemented LZO_STUB compressor. Added methods to generate options and peer info strings. 2011-12-14 12:34:33 +01:00			`}`
			`}`
			`else`
			`{`
			`throw unsupported_cipher_mode();`
			`}`

			`// return cleartext result in buf`
			`buf.swap(work);`
			`}`
			`else // no encryption`
Encrypt and Decrypt classes implemented for OpenVPN data channel protocol. 2011-10-06 02:18:46 +02:00			`{`
Added compression framework. Implemented LZO_STUB compressor. Added methods to generate options and peer info strings. 2011-12-14 12:34:33 +01:00			`if (!verify_packet_id(buf, now))`
			`{`
			`buf.reset_size();`
Start process of moving client logic out of cli.cpp into general-purpose classes. Rename ProtoStats to SessionStats and make it more flexible by using an abstract base class model. Add a client event queue for the beginnings of a client-backend API. Added logic to ProtoContext to invalidate session on certain kinds of errors in TCP that would be normally be okay in UDP such as HMAC_ERROR, DECRYPT_ERROR, etc. Add some alignment adjustment logic for READ_LINK_TCP (3 bytes) and READ_LINK_UDP (1 byte). 2012-02-04 11:24:54 +01:00			`return Error::REPLAY_ERROR;`
Added compression framework. Implemented LZO_STUB compressor. Added methods to generate options and peer info strings. 2011-12-14 12:34:33 +01:00			`}`
Encrypt and Decrypt classes implemented for OpenVPN data channel protocol. 2011-10-06 02:18:46 +02:00			`}`
Start process of moving client logic out of cli.cpp into general-purpose classes. Rename ProtoStats to SessionStats and make it more flexible by using an abstract base class model. Add a client event queue for the beginnings of a client-backend API. Added logic to ProtoContext to invalidate session on certain kinds of errors in TCP that would be normally be okay in UDP such as HMAC_ERROR, DECRYPT_ERROR, etc. Add some alignment adjustment logic for READ_LINK_TCP (3 bytes) and READ_LINK_UDP (1 byte). 2012-02-04 11:24:54 +01:00			`return Error::SUCCESS;`
Encrypt and Decrypt classes implemented for OpenVPN data channel protocol. 2011-10-06 02:18:46 +02:00			`}`

Full-protocol unit test using ProtoContext, w/o soft resets. Test in test/ssl/proto.cpp. 2011-12-11 09:28:55 +01:00			`Frame::Ptr frame;`
Encrypt and Decrypt classes implemented for OpenVPN data channel protocol. 2011-10-06 02:18:46 +02:00			`CipherContext cipher;`
			`HMACContext hmac;`
			`PacketIDReceive pid_recv;`

			`private:`
Implemented soft reset in proto.hpp. 2011-12-13 05:46:56 +01:00			`bool verify_packet_id(BufferAllocated& buf, const PacketID::time_t now)`
Encrypt and Decrypt classes implemented for OpenVPN data channel protocol. 2011-10-06 02:18:46 +02:00			`{`
			`// ignore packet ID if pid_recv is not initialized`
			`if (pid_recv.initialized())`
			`{`
			`const PacketID pid = pid_recv.read_next(buf);`
Added reltest.cpp for testing ReliableRecv and ReliableSend objects by simulating an unreliable packet stream. Modified packet_id code so that current time (now) is passed via function calls rather than accessed as a global. Added integer random number support via boost::random. 2011-11-09 06:52:52 +01:00			`if (pid_recv.test(pid, now)) // verify packet ID`
			`pid_recv.add(pid, now); // remember packet ID`
Encrypt and Decrypt classes implemented for OpenVPN data channel protocol. 2011-10-06 02:18:46 +02:00			`else`
Implemented soft reset in proto.hpp. 2011-12-13 05:46:56 +01:00			`return false;`
Encrypt and Decrypt classes implemented for OpenVPN data channel protocol. 2011-10-06 02:18:46 +02:00			`}`
Implemented soft reset in proto.hpp. 2011-12-13 05:46:56 +01:00			`return true;`
Encrypt and Decrypt classes implemented for OpenVPN data channel protocol. 2011-10-06 02:18:46 +02:00			`}`

			`BufferAllocated work;`
			`};`

			`} // namespace openvpn`

Top-level client refactoring, to move configuration functionality from cli.cpp to ClientOptions in openvpn/client/cliopt.hpp. 2012-02-06 21:39:10 +01:00			`#endif // OPENVPN_CRYPTO_DECRYPT_H`