tor-android/external/badvpn_dns/protocol/spproto.h

196 lines
7.0 KiB
C

/**
* @file spproto.h
* @author Ambroz Bizjak <ambrop7@gmail.com>
*
* @section LICENSE
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the author nor the
* names of its contributors may be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* @section DESCRIPTION
*
* Protocol for securing datagram communication.
*
* Security features implemented:
* - Encryption. Encrypts packets with a block cipher.
* Protects against a third party from seeing the data
* being transmitted.
* - Hashes. Adds a hash of the packet into the packet.
* Combined with encryption, protects against tampering
* with packets and crafting new packets.
* - One-time passwords. Adds a password to each packet
* for the receiver to recognize. Protects agains replaying
* packets and crafting new packets.
*
* A SPProto plaintext packet contains the following, in order:
* - if OTPs are used, a struct {@link spproto_otpdata} which contains
* the seed ID and the OTP,
* - if hashes are used, the hash,
* - payload data.
*
* If encryption is used:
* - the plaintext is padded by appending a 0x01 byte and as many 0x00
* bytes as needed to align to block size,
* - the padded plaintext is encrypted, and
* - the initialization vector (IV) is prepended.
*/
#ifndef BADVPN_PROTOCOL_SPPROTO_H
#define BADVPN_PROTOCOL_SPPROTO_H
#include <stdint.h>
#include <limits.h>
#include <misc/debug.h>
#include <misc/balign.h>
#include <misc/packed.h>
#include <security/BHash.h>
#include <security/BEncryption.h>
#include <security/OTPCalculator.h>
#define SPPROTO_HASH_MODE_NONE 0
#define SPPROTO_ENCRYPTION_MODE_NONE 0
#define SPPROTO_OTP_MODE_NONE 0
/**
* Stores security parameters for SPProto.
*/
struct spproto_security_params {
/**
* Hash mode.
* Either SPPROTO_HASH_MODE_NONE for no hashes, or a valid bhash
* hash mode.
*/
int hash_mode;
/**
* Encryption mode.
* Either SPPROTO_ENCRYPTION_MODE_NONE for no encryption, or a valid
* {@link BEncryption} cipher.
*/
int encryption_mode;
/**
* One-time password (OTP) mode.
* Either SPPROTO_OTP_MODE_NONE for no OTPs, or a valid
* {@link BEncryption} cipher.
*/
int otp_mode;
/**
* If OTPs are used (otp_mode != SPPROTO_OTP_MODE_NONE), number of
* OTPs generated from a single seed.
*/
int otp_num;
};
#define SPPROTO_HAVE_HASH(_params) ((_params).hash_mode != SPPROTO_HASH_MODE_NONE)
#define SPPROTO_HASH_SIZE(_params) ( \
SPPROTO_HAVE_HASH(_params) ? \
BHash_size((_params).hash_mode) : \
0 \
)
#define SPPROTO_HAVE_ENCRYPTION(_params) ((_params).encryption_mode != SPPROTO_ENCRYPTION_MODE_NONE)
#define SPPROTO_HAVE_OTP(_params) ((_params).otp_mode != SPPROTO_OTP_MODE_NONE)
B_START_PACKED
struct spproto_otpdata {
uint16_t seed_id;
otp_t otp;
} B_PACKED;
B_END_PACKED
#define SPPROTO_HEADER_OTPDATA_OFF(_params) 0
#define SPPROTO_HEADER_OTPDATA_LEN(_params) (SPPROTO_HAVE_OTP(_params) ? sizeof(struct spproto_otpdata) : 0)
#define SPPROTO_HEADER_HASH_OFF(_params) (SPPROTO_HEADER_OTPDATA_OFF(_params) + SPPROTO_HEADER_OTPDATA_LEN(_params))
#define SPPROTO_HEADER_HASH_LEN(_params) SPPROTO_HASH_SIZE(_params)
#define SPPROTO_HEADER_LEN(_params) (SPPROTO_HEADER_HASH_OFF(_params) + SPPROTO_HEADER_HASH_LEN(_params))
/**
* Asserts that the given SPProto security parameters are valid.
*
* @param params security parameters
*/
static void spproto_assert_security_params (struct spproto_security_params params)
{
ASSERT(params.hash_mode == SPPROTO_HASH_MODE_NONE || BHash_type_valid(params.hash_mode))
ASSERT(params.encryption_mode == SPPROTO_ENCRYPTION_MODE_NONE || BEncryption_cipher_valid(params.encryption_mode))
ASSERT(params.otp_mode == SPPROTO_OTP_MODE_NONE || BEncryption_cipher_valid(params.otp_mode))
ASSERT(params.otp_mode == SPPROTO_OTP_MODE_NONE || params.otp_num > 0)
}
/**
* Calculates the maximum payload size for SPProto given the
* security parameters and the maximum encoded packet size.
*
* @param params security parameters
* @param carrier_mtu maximum encoded packet size. Must be >=0.
* @return maximum payload size. Negative means is is impossible
* to encode anything.
*/
static int spproto_payload_mtu_for_carrier_mtu (struct spproto_security_params params, int carrier_mtu)
{
spproto_assert_security_params(params);
ASSERT(carrier_mtu >= 0)
if (params.encryption_mode == SPPROTO_ENCRYPTION_MODE_NONE) {
return (carrier_mtu - SPPROTO_HEADER_LEN(params));
} else {
int block_size = BEncryption_cipher_block_size(params.encryption_mode);
return (balign_down(carrier_mtu, block_size) - block_size - SPPROTO_HEADER_LEN(params) - 1);
}
}
/**
* Calculates the maximum encoded packet size for SPProto given the
* security parameters and the maximum payload size.
*
* @param params security parameters
* @param payload_mtu maximum payload size. Must be >=0.
* @return maximum encoded packet size, -1 if payload_mtu is too large
*/
static int spproto_carrier_mtu_for_payload_mtu (struct spproto_security_params params, int payload_mtu)
{
spproto_assert_security_params(params);
ASSERT(payload_mtu >= 0)
if (params.encryption_mode == SPPROTO_ENCRYPTION_MODE_NONE) {
if (payload_mtu > INT_MAX - SPPROTO_HEADER_LEN(params)) {
return -1;
}
return (SPPROTO_HEADER_LEN(params) + payload_mtu);
} else {
int block_size = BEncryption_cipher_block_size(params.encryption_mode);
if (payload_mtu > INT_MAX - (block_size + SPPROTO_HEADER_LEN(params) + block_size)) {
return -1;
}
return (block_size + balign_up((SPPROTO_HEADER_LEN(params) + payload_mtu + 1), block_size));
}
}
#endif