Migrated encryption_payload to INIT/METHOD macros
[strongswan.git] / src / libcharon / encoding / payloads / encryption_payload.c
1 /*
2 * Copyright (C) 2005-2006 Martin Willi
3 * Copyright (C) 2005 Jan Hutter
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include <stddef.h>
18 #include <string.h>
19
20 #include "encryption_payload.h"
21
22 #include <daemon.h>
23 #include <encoding/payloads/encodings.h>
24 #include <utils/linked_list.h>
25 #include <encoding/generator.h>
26 #include <encoding/parser.h>
27 #include <utils/iterator.h>
28 #include <crypto/signers/signer.h>
29
30
31 typedef struct private_encryption_payload_t private_encryption_payload_t;
32
33 /**
34 * Private data of an encryption_payload_t' Object.
35 *
36 */
37 struct private_encryption_payload_t {
38
39 /**
40 * Public encryption_payload_t interface.
41 */
42 encryption_payload_t public;
43
44 /**
45 * There is no next payload for an encryption payload,
46 * since encryption payload MUST be the last one.
47 * next_payload means here the first payload of the
48 * contained, encrypted payload.
49 */
50 u_int8_t next_payload;
51
52 /**
53 * Critical flag.
54 */
55 bool critical;
56
57 /**
58 * Length of this payload
59 */
60 u_int16_t payload_length;
61
62 /**
63 * Chunk containing the iv, data, padding,
64 * and (an eventually not calculated) signature.
65 */
66 chunk_t encrypted;
67
68 /**
69 * Chunk containing the data in decrypted (unpadded) form.
70 */
71 chunk_t decrypted;
72
73 /**
74 * Signer set by set_signer.
75 */
76 signer_t *signer;
77
78 /**
79 * Crypter, supplied by encrypt/decrypt
80 */
81 crypter_t *crypter;
82
83 /**
84 * Contained payloads of this encrpytion_payload.
85 */
86 linked_list_t *payloads;
87 };
88
89 /**
90 * Encoding rules to parse or generate a IKEv2-Encryption Payload.
91 *
92 * The defined offsets are the positions in a object of type
93 * private_encryption_payload_t.
94 */
95 encoding_rule_t encryption_payload_encodings[] = {
96 /* 1 Byte next payload type, stored in the field next_payload */
97 { U_INT_8, offsetof(private_encryption_payload_t, next_payload) },
98 /* the critical bit */
99 { FLAG, offsetof(private_encryption_payload_t, critical) },
100 /* 7 Bit reserved bits, nowhere stored */
101 { RESERVED_BIT, 0 },
102 { RESERVED_BIT, 0 },
103 { RESERVED_BIT, 0 },
104 { RESERVED_BIT, 0 },
105 { RESERVED_BIT, 0 },
106 { RESERVED_BIT, 0 },
107 { RESERVED_BIT, 0 },
108 /* Length of the whole encryption payload*/
109 { PAYLOAD_LENGTH, offsetof(private_encryption_payload_t, payload_length) },
110 /* encrypted data, stored in a chunk. contains iv, data, padding */
111 { ENCRYPTED_DATA, offsetof(private_encryption_payload_t, encrypted) },
112 };
113
114 /*
115 1 2 3
116 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
117 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
118 ! Next Payload !C! RESERVED ! Payload Length !
119 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
120 ! Initialization Vector !
121 ! (length is block size for encryption algorithm) !
122 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
123 ! Encrypted IKE Payloads !
124 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
125 ! ! Padding (0-255 octets) !
126 +-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
127 ! ! Pad Length !
128 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
129 ~ Integrity Checksum Data ~
130 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
131 */
132
133 METHOD(payload_t, verify, status_t,
134 private_encryption_payload_t *this)
135 {
136 return SUCCESS;
137 }
138
139 METHOD(payload_t, get_encoding_rules, void,
140 private_encryption_payload_t *this, encoding_rule_t **rules,
141 size_t *count)
142 {
143 *rules = encryption_payload_encodings;
144 *count = countof(encryption_payload_encodings);
145 }
146
147 METHOD(payload_t, get_type, payload_type_t,
148 private_encryption_payload_t *this)
149 {
150 return ENCRYPTED;
151 }
152
153 METHOD(payload_t, get_next_type, payload_type_t,
154 private_encryption_payload_t *this)
155 {
156 return this->next_payload;
157 }
158
159 METHOD(payload_t, set_next_type, void,
160 private_encryption_payload_t *this, payload_type_t type)
161 {
162 /* the next payload is set during add */
163 }
164
165 /**
166 * Compute the lenght of the whole payload
167 */
168 static void compute_length(private_encryption_payload_t *this)
169 {
170 enumerator_t *enumerator;
171 payload_t *payload;
172 size_t block_size, length = 0;
173
174 enumerator = this->payloads->create_enumerator(this->payloads);
175 while (enumerator->enumerate(enumerator, &payload))
176 {
177 length += payload->get_length(payload);
178 }
179 enumerator->destroy(enumerator);
180
181 if (this->crypter && this->signer)
182 {
183 /* append one byte for padding length */
184 length++;
185 /* append padding */
186 block_size = this->crypter->get_block_size(this->crypter);
187 length += block_size - length % block_size;
188 /* add iv */
189 length += this->crypter->get_iv_size(this->crypter);
190 /* add signature */
191 length += this->signer->get_block_size(this->signer);
192 }
193 length += ENCRYPTION_PAYLOAD_HEADER_LENGTH;
194 this->payload_length = length;
195 }
196
197 METHOD(payload_t, get_length, size_t,
198 private_encryption_payload_t *this)
199 {
200 compute_length(this);
201 return this->payload_length;
202 }
203
204 METHOD(encryption_payload_t, create_payload_iterator, iterator_t*,
205 private_encryption_payload_t *this, bool forward)
206 {
207 return this->payloads->create_iterator(this->payloads, forward);
208 }
209
210 METHOD(encryption_payload_t, add_payload, void,
211 private_encryption_payload_t *this, payload_t *payload)
212 {
213 payload_t *last_payload;
214
215 if (this->payloads->get_count(this->payloads) > 0)
216 {
217 this->payloads->get_last(this->payloads, (void **)&last_payload);
218 last_payload->set_next_type(last_payload, payload->get_type(payload));
219 }
220 else
221 {
222 this->next_payload = payload->get_type(payload);
223 }
224 payload->set_next_type(payload, NO_PAYLOAD);
225 this->payloads->insert_last(this->payloads, payload);
226 compute_length(this);
227 }
228
229 METHOD(encryption_payload_t, remove_first_payload, status_t,
230 private_encryption_payload_t *this, payload_t **payload)
231 {
232 return this->payloads->remove_first(this->payloads, (void**)payload);
233 }
234
235 METHOD(encryption_payload_t, get_payload_count, size_t,
236 private_encryption_payload_t *this)
237 {
238 return this->payloads->get_count(this->payloads);
239 }
240
241 /**
242 * Generate payload before encryption.
243 */
244 static void generate(private_encryption_payload_t *this)
245 {
246 payload_t *current, *next;
247 generator_t *generator;
248 enumerator_t *enumerator;
249
250 compute_length(this);
251 chunk_free(&this->decrypted);
252
253 enumerator = this->payloads->create_enumerator(this->payloads);
254 if (enumerator->enumerate(enumerator, &current))
255 {
256 this->next_payload = current->get_type(current);
257
258 generator = generator_create();
259 while (enumerator->enumerate(enumerator, &next))
260 {
261 current->set_next_type(current, next->get_type(next));
262 generator->generate_payload(generator, current);
263 current = next;
264 }
265 enumerator->destroy(enumerator);
266 current->set_next_type(current, NO_PAYLOAD);
267 generator->generate_payload(generator, current);
268
269 generator->write_to_chunk(generator, &this->decrypted);
270 generator->destroy(generator);
271 DBG2(DBG_ENC, "generated content in encryption payload");
272 }
273 else
274 {
275 DBG2(DBG_ENC, "generating contained payloads, but none available");
276 }
277 enumerator->destroy(enumerator);
278 }
279
280 METHOD(encryption_payload_t, encrypt, status_t,
281 private_encryption_payload_t *this)
282 {
283 chunk_t iv, padding, to_crypt, result;
284 rng_t *rng;
285 size_t block_size;
286
287 if (this->signer == NULL || this->crypter == NULL)
288 {
289 DBG1(DBG_ENC, "could not encrypt, signer/crypter not set");
290 return INVALID_STATE;
291 }
292
293 /* for random data in iv and padding */
294 rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
295 if (!rng)
296 {
297 DBG1(DBG_ENC, "could not encrypt, no RNG found");
298 return FAILED;
299 }
300 /* build payload chunk */
301 generate(this);
302
303 DBG2(DBG_ENC, "encrypting payloads");
304 DBG3(DBG_ENC, "data to encrypt %B", &this->decrypted);
305
306 /* build padding */
307 block_size = this->crypter->get_block_size(this->crypter);
308 padding.len = block_size - ((this->decrypted.len + 1) % block_size);
309 rng->allocate_bytes(rng, padding.len, &padding);
310
311 /* concatenate payload data, padding, padding len */
312 to_crypt.len = this->decrypted.len + padding.len + 1;
313 to_crypt.ptr = malloc(to_crypt.len);
314
315 memcpy(to_crypt.ptr, this->decrypted.ptr, this->decrypted.len);
316 memcpy(to_crypt.ptr + this->decrypted.len, padding.ptr, padding.len);
317 *(to_crypt.ptr + to_crypt.len - 1) = padding.len;
318
319 /* build iv */
320 iv.len = this->crypter->get_iv_size(this->crypter);
321 rng->allocate_bytes(rng, iv.len, &iv);
322 rng->destroy(rng);
323
324 DBG3(DBG_ENC, "data before encryption with padding %B", &to_crypt);
325
326 /* encrypt to_crypt chunk */
327 free(this->encrypted.ptr);
328 this->crypter->encrypt(this->crypter, to_crypt, iv, &result);
329 free(padding.ptr);
330 free(to_crypt.ptr);
331
332 DBG3(DBG_ENC, "data after encryption %B", &result);
333
334 /* build encrypted result with iv and signature */
335 this->encrypted.len = iv.len + result.len + this->signer->get_block_size(this->signer);
336 free(this->encrypted.ptr);
337 this->encrypted.ptr = malloc(this->encrypted.len);
338
339 /* fill in result, signature is left out */
340 memcpy(this->encrypted.ptr, iv.ptr, iv.len);
341 memcpy(this->encrypted.ptr + iv.len, result.ptr, result.len);
342
343 free(result.ptr);
344 free(iv.ptr);
345 DBG3(DBG_ENC, "data after encryption with IV and (invalid) signature %B",
346 &this->encrypted);
347
348 return SUCCESS;
349 }
350
351 /**
352 * Parse the payloads after decryption.
353 */
354 static status_t parse(private_encryption_payload_t *this)
355 {
356 parser_t *parser;
357 status_t status;
358 payload_type_t type;
359
360 parser = parser_create(this->decrypted);
361 type = this->next_payload;
362 while (type != NO_PAYLOAD)
363 {
364 payload_t *payload;
365
366 status = parser->parse_payload(parser, type, &payload);
367 if (status != SUCCESS)
368 {
369 parser->destroy(parser);
370 return PARSE_ERROR;
371 }
372 status = payload->verify(payload);
373 if (status != SUCCESS)
374 {
375 DBG1(DBG_ENC, "%N verification failed",
376 payload_type_names, payload->get_type(payload));
377 payload->destroy(payload);
378 parser->destroy(parser);
379 return VERIFY_ERROR;
380 }
381 type = payload->get_next_type(payload);
382 this->payloads->insert_last(this->payloads, payload);
383 }
384 parser->destroy(parser);
385 DBG2(DBG_ENC, "parsed content of encryption payload");
386 return SUCCESS;
387 }
388
389 METHOD(encryption_payload_t, decrypt, status_t,
390 private_encryption_payload_t *this)
391 {
392 chunk_t iv, concatenated;
393 u_int8_t padding_length;
394
395 DBG2(DBG_ENC, "decrypting encryption payload");
396 DBG3(DBG_ENC, "data before decryption with IV and (invalid) signature %B",
397 &this->encrypted);
398
399 if (this->signer == NULL || this->crypter == NULL)
400 {
401 DBG1(DBG_ENC, "could not decrypt, no crypter/signer set");
402 return INVALID_STATE;
403 }
404
405 /* get IV */
406 iv.len = this->crypter->get_iv_size(this->crypter);
407 if (iv.len > this->encrypted.len)
408 {
409 DBG1(DBG_ENC, "could not decrypt, input too short");
410 return FAILED;
411 }
412 iv.ptr = this->encrypted.ptr;
413
414 /* point concatenated to data + padding + padding_length */
415 concatenated.ptr = this->encrypted.ptr + iv.len;
416 concatenated.len = this->encrypted.len - iv.len -
417 this->signer->get_block_size(this->signer);
418
419 /* concatenated must be a multiple of block_size of crypter */
420 if (concatenated.len < iv.len ||
421 concatenated.len % this->crypter->get_block_size(this->crypter))
422 {
423 DBG1(DBG_ENC, "could not decrypt, invalid input");
424 return FAILED;
425 }
426
427 /* free previus data, if any */
428 free(this->decrypted.ptr);
429
430 DBG3(DBG_ENC, "data before decryption %B", &concatenated);
431
432 this->crypter->decrypt(this->crypter, concatenated, iv, &this->decrypted);
433
434 DBG3(DBG_ENC, "data after decryption with padding %B", &this->decrypted);
435
436 /* get padding length, sits just bevore signature */
437 padding_length = *(this->decrypted.ptr + this->decrypted.len - 1);
438 /* add one byte to the padding length, since the padding_length field is
439 * not included */
440 padding_length++;
441
442 /* check size again */
443 if (padding_length > concatenated.len || padding_length > this->decrypted.len)
444 {
445 DBG1(DBG_ENC, "decryption failed, invalid padding length found. Invalid key?");
446 /* decryption failed :-/ */
447 return FAILED;
448 }
449 this->decrypted.len -= padding_length;
450
451 /* free padding */
452 this->decrypted.ptr = realloc(this->decrypted.ptr, this->decrypted.len);
453 DBG3(DBG_ENC, "data after decryption without padding %B", &this->decrypted);
454 DBG2(DBG_ENC, "decryption successful, trying to parse content");
455 return parse(this);
456 }
457
458 METHOD(encryption_payload_t, set_transforms, void,
459 private_encryption_payload_t *this, crypter_t* crypter, signer_t* signer)
460 {
461 this->signer = signer;
462 this->crypter = crypter;
463 }
464
465 METHOD(encryption_payload_t, build_signature, status_t,
466 private_encryption_payload_t *this, chunk_t data)
467 {
468 chunk_t data_without_sig = data;
469 chunk_t sig;
470
471 if (this->signer == NULL)
472 {
473 DBG1(DBG_ENC, "unable to build signature, no signer set");
474 return INVALID_STATE;
475 }
476
477 sig.len = this->signer->get_block_size(this->signer);
478 data_without_sig.len -= sig.len;
479 sig.ptr = data.ptr + data_without_sig.len;
480 DBG2(DBG_ENC, "building signature");
481 this->signer->get_signature(this->signer, data_without_sig, sig.ptr);
482 return SUCCESS;
483 }
484
485 METHOD(encryption_payload_t, verify_signature, status_t,
486 private_encryption_payload_t *this, chunk_t data)
487 {
488 chunk_t sig, data_without_sig;
489 bool valid;
490
491 if (this->signer == NULL)
492 {
493 DBG1(DBG_ENC, "unable to verify signature, no signer set");
494 return INVALID_STATE;
495 }
496 /* find signature in data chunk */
497 sig.len = this->signer->get_block_size(this->signer);
498 if (data.len <= sig.len)
499 {
500 DBG1(DBG_ENC, "unable to verify signature, invalid input");
501 return FAILED;
502 }
503 sig.ptr = data.ptr + data.len - sig.len;
504
505 /* verify it */
506 data_without_sig.len = data.len - sig.len;
507 data_without_sig.ptr = data.ptr;
508 valid = this->signer->verify_signature(this->signer, data_without_sig, sig);
509
510 if (!valid)
511 {
512 DBG1(DBG_ENC, "signature verification failed");
513 return FAILED;
514 }
515
516 DBG2(DBG_ENC, "signature verification successful");
517 return SUCCESS;
518 }
519
520 METHOD2(payload_t, encryption_payload_t, destroy, void,
521 private_encryption_payload_t *this)
522 {
523 this->payloads->destroy_offset(this->payloads, offsetof(payload_t, destroy));
524 free(this->encrypted.ptr);
525 free(this->decrypted.ptr);
526 free(this);
527 }
528
529 /*
530 * Described in header
531 */
532 encryption_payload_t *encryption_payload_create()
533 {
534 private_encryption_payload_t *this;
535
536 INIT(this,
537 .public = {
538 .payload_interface = {
539 .verify = _verify,
540 .get_encoding_rules = _get_encoding_rules,
541 .get_length = _get_length,
542 .get_next_type = _get_next_type,
543 .set_next_type = _set_next_type,
544 .get_type = _get_type,
545 .destroy = _destroy,
546 },
547 .create_payload_iterator = _create_payload_iterator,
548 .add_payload = _add_payload,
549 .remove_first_payload = _remove_first_payload,
550 .get_payload_count = _get_payload_count,
551 .encrypt = _encrypt,
552 .decrypt = _decrypt,
553 .set_transforms = _set_transforms,
554 .build_signature = _build_signature,
555 .verify_signature = _verify_signature,
556 .destroy = _destroy,
557 },
558 .next_payload = NO_PAYLOAD,
559 .payload_length = ENCRYPTION_PAYLOAD_HEADER_LENGTH,
560 .payloads = linked_list_create(),
561 );
562
563 return &this->public;
564 }