- tested encryption payload
[strongswan.git] / Source / charon / encoding / payloads / encryption_payload.c
index 156f880..4acfa61 100644 (file)
 typedef struct private_encryption_payload_t private_encryption_payload_t;
 
 /**
- * Private data of an encryption_payload_t' Object
+ * Private data of an encryption_payload_t' Object.
  * 
  */
 struct private_encryption_payload_t {
        /**
-        * public encryption_payload_t interface
+        * Public encryption_payload_t interface.
         */
        encryption_payload_t public;
        
@@ -58,7 +58,7 @@ struct private_encryption_payload_t {
        u_int8_t next_payload;
 
        /**
-        * Critical flag
+        * Critical flag.
         */
        bool critical;
        
@@ -68,33 +68,28 @@ struct private_encryption_payload_t {
        u_int16_t payload_length;
        
        /**
-        * initialization vector
-        */
-       chunk_t iv;
-       
-       /**
-        * integrity checksum
-        */
-       chunk_t checksum;
-       
-       /**
-        * chunk containing the iv, data, padding,
-        * and (an eventually not calculated) signature
+        * Chunk containing the iv, data, padding,
+        * and (an eventually not calculated) signature.
         */
        chunk_t encrypted;
        
        /**
-        * chunk containing the data in decrypted (unpadded) form
+        * Chunk containing the data in decrypted (unpadded) form.
         */
        chunk_t decrypted;
        
        /**
-        * signer set by set_signer
+        * Signer set by set_signer.
         */
        signer_t *signer;
        
        /**
-        * Contained payloads of this encrpytion_payload
+        * Crypter, supplied by encrypt/decrypt
+        */
+       crypter_t *crypter;
+       
+       /**
+        * Contained payloads of this encrpytion_payload.
         */
        linked_list_t *payloads;
        
@@ -102,24 +97,20 @@ struct private_encryption_payload_t {
         * @brief Computes the length of this payload.
         *
         * @param this  calling private_encryption_payload_t object
-        * @return              
-        *                              SUCCESS in any case
         */
-       status_t (*compute_length) (private_encryption_payload_t *this);
+       void (*compute_length) (private_encryption_payload_t *this);
        
        /**
         * @brief Generate payloads (unencrypted) in chunk decrypted.
         * 
         * @param this  calling private_encryption_payload_t object
-        * @return              
-        *                              SUCCESS in any case
         */
-       status_t (*generate) (private_encryption_payload_t *this);
+       void (*generate) (private_encryption_payload_t *this);
        status_t (*parse) (private_encryption_payload_t *this);
 };
 
 /**
- * Encoding rules to parse or generate a IKEv2-Encryption Payload
+ * Encoding rules to parse or generate a IKEv2-Encryption Payload.
  * 
  * The defined offsets are the positions in a object of type 
  * private_encryption_payload_t.
@@ -164,8 +155,7 @@ encoding_rule_t encryption_payload_encodings[] = {
 */
 
 /**
- * Implements payload_t's verify function.
- * See #payload_s.verify for description.
+ * Implementation of payload_t.verify.
  */
 static status_t verify(private_encryption_payload_t *this)
 {
@@ -225,44 +215,34 @@ static status_t verify(private_encryption_payload_t *this)
 }
 
 /**
- * implements payload_t.destroy
+ * Implementation of payload_t.destroy.
  */
-static status_t destroy(private_encryption_payload_t *this)
+static void destroy(private_encryption_payload_t *this)
 {
        /* all proposals are getting destroyed */ 
        while (this->payloads->get_count(this->payloads) > 0)
        {
                payload_t *current_payload;
-               if (this->payloads->remove_last(this->payloads,(void **)&current_payload) != SUCCESS)
-               {
-                       break;
-               }
+               this->payloads->remove_last(this->payloads,(void **)&current_payload);
                current_payload->destroy(current_payload);
        }
        this->payloads->destroy(this->payloads);
-               
-       allocator_free(this->iv.ptr);
        allocator_free(this->encrypted.ptr);
        allocator_free(this->decrypted.ptr);
-       allocator_free(this->checksum.ptr);
        allocator_free(this);
-       
-       return SUCCESS;
 }
 
 /**
- * implements payload_t.get_encoding_rules
+ * Implementation of payload_t.get_encoding_rules.
  */
-static status_t get_encoding_rules(private_encryption_payload_t *this, encoding_rule_t **rules, size_t *rule_count)
+static void get_encoding_rules(private_encryption_payload_t *this, encoding_rule_t **rules, size_t *rule_count)
 {
        *rules = encryption_payload_encodings;
        *rule_count = sizeof(encryption_payload_encodings) / sizeof(encoding_rule_t);
-       
-       return SUCCESS;
 }
 
 /**
- * implements payload_t.get_type
+ * Implementation of payload_t.get_type.
  */
 static payload_type_t get_type(private_encryption_payload_t *this)
 {
@@ -270,7 +250,7 @@ static payload_type_t get_type(private_encryption_payload_t *this)
 }
 
 /**
- * implements payload_t.get_next_type
+ * Implementation of payload_t.get_next_type.
  */
 static payload_type_t get_next_type(private_encryption_payload_t *this)
 {
@@ -279,16 +259,16 @@ static payload_type_t get_next_type(private_encryption_payload_t *this)
 }
 
 /**
- * implements payload_t.set_next_type
+ * Implementation of payload_t.set_next_type.
  */
-static status_t set_next_type(private_encryption_payload_t *this, payload_type_t type)
+static void set_next_type(private_encryption_payload_t *this, payload_type_t type)
 {
-       /* set next type is not allowed, since this payload MUST be the last one */
-       return FAILED;
+       /* set next type is not allowed, since this payload MUST be the last one 
+        * and so nothing is done in here*/
 }
 
 /**
- * implements payload_t.get_length
+ * Implementation of payload_t.get_length.
  */
 static size_t get_length(private_encryption_payload_t *this)
 {
@@ -297,150 +277,119 @@ static size_t get_length(private_encryption_payload_t *this)
 }
 
 /**
- * implements encryption_payload_t.create_payload_iterator
+ * Implementation of payload_t.create_payload_iterator.
  */
-static status_t create_payload_iterator (private_encryption_payload_t *this, iterator_t **iterator, bool forward)
+static  iterator_t *create_payload_iterator (private_encryption_payload_t *this, bool forward)
 {
-       return (this->payloads->create_iterator(this->payloads, iterator, forward));
+       return (this->payloads->create_iterator(this->payloads, forward));
 }
 
 /**
- * implements encryption_payload_t.add_payload
+ * Implementation of payload_t.add_payload.
  */
-static status_t add_payload(private_encryption_payload_t *this, payload_t *payload)
+static void add_payload(private_encryption_payload_t *this, payload_t *payload)
 {
        payload_t *last_payload;
-       if ((this->payloads->get_count(this->payloads) > 0) &&
-               (this->payloads->get_last(this->payloads,(void **) &last_payload) != SUCCESS))
+       if (this->payloads->get_count(this->payloads) > 0)
        {
-               return OUT_OF_RES;      
-       }
-       
-       if (this->payloads->insert_last(this->payloads, payload) != SUCCESS)
-       {
-               return OUT_OF_RES;      
-       }
-       if (this->payloads->get_count(this->payloads) == 1)
-       {
-               this->next_payload = payload->get_type(payload);
+               this->payloads->get_last(this->payloads,(void **) &last_payload);
+               last_payload->set_next_type(last_payload, payload->get_type(payload));
        }
        else
        {
-               last_payload->set_next_type(last_payload, payload->get_type(payload));
+               this->next_payload = payload->get_type(payload);
        }
        payload->set_next_type(payload, NO_PAYLOAD);
+       this->payloads->insert_last(this->payloads, (void*)payload);
        this->compute_length(this);
-       return SUCCESS;
 }
 
 /**
- * implements encryption_payload_t.encrypt
+ * Implementation of encryption_payload_t.encrypt.
  */
-static status_t encrypt(private_encryption_payload_t *this, crypter_t *crypter)
+static status_t encrypt(private_encryption_payload_t *this)
 {
-       chunk_t iv, padding, concatenated;
+       chunk_t iv, padding, to_crypt, result;
        randomizer_t *randomizer;
        status_t status;
+       size_t block_size;
        
-       if (this->signer == NULL)
+       if (this->signer == NULL || this->crypter == NULL)
        {
                return INVALID_STATE;
        }
        
        /* for random data in iv and padding */
        randomizer = randomizer_create();
-       if (randomizer == NULL)
-       {
-               return OUT_OF_RES;
-       }
 
        /* build payload chunk */
-       status = this->generate(this);
-       if (status != SUCCESS)
-       {
-               randomizer->destroy(randomizer);
-               return status;
-       }
+       this->generate(this);
        
        /* build padding */
-       padding.len = (this->decrypted.len + 1) % crypter->get_block_size(crypter);
-       status = randomizer->allocate_pseudo_random_bytes(randomizer, padding.len, &padding);
-       if (status != SUCCESS)
-       {
-               randomizer->destroy(randomizer);
-               return status;
-       }
+       block_size = this->crypter->get_block_size(this->crypter);
+       padding.len = block_size - ((this->decrypted.len + 1) %  block_size);
+       randomizer->allocate_pseudo_random_bytes(randomizer, padding.len, &padding);
        
        /* concatenate payload data, padding, padding len */
-       concatenated.len = this->decrypted.len + padding.len + 1;
-       concatenated.ptr = allocator_alloc(concatenated.len);
-       if (concatenated.ptr == NULL)
-       {
-               randomizer->destroy(randomizer);
-               allocator_free(padding.ptr);
-               return OUT_OF_RES;
-       }
-       memcpy(concatenated.ptr, this->decrypted.ptr, this->decrypted.len);
-       memcpy(concatenated.ptr + this->decrypted.len, padding.ptr, padding.len);
-       *(concatenated.ptr + concatenated.len - 1) = padding.len;
+       to_crypt.len = this->decrypted.len + padding.len + 1;
+       to_crypt.ptr = allocator_alloc(to_crypt.len);
 
+       memcpy(to_crypt.ptr, this->decrypted.ptr, this->decrypted.len);
+       memcpy(to_crypt.ptr + this->decrypted.len, padding.ptr, padding.len);
+       *(to_crypt.ptr + to_crypt.len - 1) = padding.len;
                
        /* build iv */
-       iv.len = crypter->get_block_size(crypter);
-       status = randomizer->allocate_pseudo_random_bytes(randomizer, iv.len, &iv);
+       iv.len = block_size;
+       randomizer->allocate_pseudo_random_bytes(randomizer, iv.len, &iv);
        randomizer->destroy(randomizer);
-       if (status != SUCCESS)
-       {
-               allocator_free(padding.ptr);
-               allocator_free(concatenated.ptr);
-               return status;
-       }
-               
                
-       /* encrypt concatenated chunk */
+       /* encrypt to_crypt chunk */
        allocator_free(this->encrypted.ptr);
-       status = crypter->encrypt(crypter, iv, concatenated, &(this->encrypted));
+       status = this->crypter->encrypt(this->crypter, to_crypt, iv, &result);
        allocator_free(padding.ptr);
-       allocator_free(concatenated.ptr);
-       allocator_free(iv.ptr);
+       allocator_free(to_crypt.ptr);
        if (status != SUCCESS)
        {
+               allocator_free(iv.ptr);
                return status;
        }
        
-       /* append an empty signature */
-       this->encrypted.len += this->signer->get_block_size(this->signer);
-       allocator_realloc(this->encrypted.ptr, this->encrypted.len);
-       if (this->encrypted.ptr == NULL)
-       {
-               return OUT_OF_RES;
-       }
+       /* build encrypted result with iv and signature */
+       this->encrypted.len = iv.len + result.len + this->signer->get_block_size(this->signer);
+       allocator_free(this->encrypted.ptr);
+       this->encrypted.ptr = allocator_alloc(this->encrypted.len);
        
+       /* fill in result, signature is left out */
+       memcpy(this->encrypted.ptr, iv.ptr, iv.len);
+       memcpy(this->encrypted.ptr + iv.len, result.ptr, result.len);
+       
+       allocator_free(result.ptr);
+       allocator_free(iv.ptr);
        return SUCCESS;
 }
 
 /**
- * implements encryption_payload_t.decrypt
+ * Implementation of encryption_payload_t.encrypt.
  */
-static status_t decrypt(private_encryption_payload_t *this, crypter_t *crypter)
+static status_t decrypt(private_encryption_payload_t *this)
 {
        chunk_t iv, concatenated;
        u_int8_t padding_length;
        status_t status;
        
-       if (this->signer == NULL)
+       if (this->signer == NULL || this->crypter == NULL)
        {
                return INVALID_STATE;
        }
-       
+               
        /* get IV */
-       iv.len = crypter->get_block_size(crypter);
+       iv.len = this->crypter->get_block_size(this->crypter);
        iv.ptr = this->encrypted.ptr;
        
        /* point concatenated to data + padding + padding_length*/
        concatenated.ptr = this->encrypted.ptr + iv.len;
        concatenated.len = this->encrypted.len - iv.len - this->signer->get_block_size(this->signer);
-       
+               
        /* check the size of input:
         * concatenated  must be at least on block_size of crypter
         */
@@ -452,7 +401,7 @@ static status_t decrypt(private_encryption_payload_t *this, crypter_t *crypter)
        /* free previus data, if any */
        allocator_free(this->decrypted.ptr);
        
-       status = crypter->decrypt(crypter, iv, concatenated, &(this->decrypted));
+       status = this->crypter->decrypt(this->crypter, concatenated, iv, &(this->decrypted));
        if (status != SUCCESS)
        {
                return FAILED;
@@ -460,6 +409,8 @@ static status_t decrypt(private_encryption_payload_t *this, crypter_t *crypter)
        
        /* get padding length, sits just bevore signature */
        padding_length = *(this->decrypted.ptr + this->decrypted.len - 1);
+       /* add one byte to the padding length, since the padding_length field is not included */
+       padding_length++;
        this->decrypted.len -= padding_length;
        
        /* check size again */
@@ -471,25 +422,23 @@ static status_t decrypt(private_encryption_payload_t *this, crypter_t *crypter)
        
        /* free padding */
        this->decrypted.ptr = allocator_realloc(this->decrypted.ptr, this->decrypted.len);
-       if (this->decrypted.ptr == NULL)
-       {
-               return OUT_OF_RES;
-       }
+       
+       this->parse(this);
        
        return SUCCESS;
 }
 
 /**
- * implements encryption_payload_t.set_signer
+ * Implementation of encryption_payload_t.set_transforms.
  */
-static status_t set_signer(private_encryption_payload_t *this, signer_t* signer)
+static void set_transforms(private_encryption_payload_t *this, crypter_t* crypter, signer_t* signer)
 {
        this->signer = signer;
-       return SUCCESS;
+       this->crypter = crypter;
 }
 
 /**
- * implements encryption_payload_t.build_signature
+ * Implementation of encryption_payload_t.build_signature.
  */
 static status_t build_signature(private_encryption_payload_t *this, chunk_t data)
 {
@@ -509,7 +458,7 @@ static status_t build_signature(private_encryption_payload_t *this, chunk_t data
 }
 
 /**
- * implements encryption_payload_t.verify_signature
+ * Implementation of encryption_payload_t.verify_signature.
  */
 static status_t verify_signature(private_encryption_payload_t *this, chunk_t data)
 {
@@ -542,21 +491,19 @@ static status_t verify_signature(private_encryption_payload_t *this, chunk_t dat
 }
 
 /**
- * implements private_encryption_payload_t.generate
+ * Implementation of private_encryption_payload_t.generate.
  */
-static status_t generate(private_encryption_payload_t *this)
+static void generate(private_encryption_payload_t *this)
 {
-       status_t status;
        payload_t *current_payload, *next_payload;
        generator_t *generator;
        iterator_t *iterator;
        
+       /* recalculate length before generating */
+       this->compute_length(this);
+       
        /* create iterator */
-       status = this->payloads->create_iterator(this->payloads, &iterator, TRUE);
-       if (status != SUCCESS)
-       {
-               return status;
-       }
+       iterator = this->payloads->create_iterator(this->payloads, TRUE);
        
        /* get first payload */
        if (iterator->has_next(iterator))
@@ -570,50 +517,35 @@ static status_t generate(private_encryption_payload_t *this)
                allocator_free(this->decrypted.ptr);
                this->decrypted = CHUNK_INITIALIZER;
                iterator->destroy(iterator);
-               return SUCCESS;
+               return;
        }
        
        generator = generator_create();
-       if (generator == NULL)
-       {
-               iterator->destroy(iterator);
-               return OUT_OF_RES;
-       }
        
        /* build all payload, except last */
        while(iterator->has_next(iterator))
        {
                iterator->current(iterator, (void**)&next_payload);
                current_payload->set_next_type(current_payload, next_payload->get_type(next_payload));
-               
-               status = generator->generate_payload(generator, current_payload);
-               if (status != SUCCESS)
-               {
-                       generator->destroy(generator);
-                       iterator->destroy(iterator);
-                       return status;
-               }
+               generator->generate_payload(generator, current_payload);
                current_payload = next_payload;
        }
        iterator->destroy(iterator);
        
        /* build last payload */
        current_payload->set_next_type(current_payload, NO_PAYLOAD);
-       status = generator->generate_payload(generator, current_payload);
-       if (status != SUCCESS)
-       {
-               generator->destroy(generator);
-               return status;
-       }
+       generator->generate_payload(generator, current_payload);
        
        /* free already generated data */
        allocator_free(this->decrypted.ptr);
        
-       status = generator->write_to_chunk(generator, &(this->decrypted));
+       generator->write_to_chunk(generator, &(this->decrypted));
        generator->destroy(generator);
-       return status;
 }
 
+/**
+ * Implementation of private_encryption_payload_t.parse.
+ */
 static status_t parse(private_encryption_payload_t *this)
 {
        parser_t *parser;
@@ -628,11 +560,6 @@ static status_t parse(private_encryption_payload_t *this)
        
        /* build a parser on the decrypted data */
        parser = parser_create(this->decrypted);
-       if (parser == NULL)
-       {
-               return OUT_OF_RES;
-       }
-       
        
        current_payload_type = this->next_payload;
        /* parse all payloads */
@@ -643,40 +570,36 @@ static status_t parse(private_encryption_payload_t *this)
                status = parser->parse_payload(parser, current_payload_type, (payload_t**)&current_payload);
                if (status != SUCCESS)
                {
+                       parser->destroy(parser);
                        return PARSE_ERROR;
                }
                
                status = current_payload->verify(current_payload);
                if (status != SUCCESS)
                {
+                       parser->destroy(parser);
                        return VERIFY_ERROR;
                }
 
                /* get next payload type */
                current_payload_type = current_payload->get_next_type(current_payload);
                
-               status = this->payloads->insert_last(this->payloads,current_payload);
-               if (status != SUCCESS)
-               {
-                       return OUT_OF_RES;      
-               }
+               this->payloads->insert_last(this->payloads,current_payload);
        }
+       parser->destroy(parser);
        return SUCCESS;
 }
 
 /**
- * implements private_encryption_payload_t.compute_length
+ * Implementation of private_encryption_payload_t.compute_length.
  */
-static status_t compute_length(private_encryption_payload_t *this)
+static void compute_length(private_encryption_payload_t *this)
 {
        iterator_t *iterator;
-       status_t status;
-       size_t length = ENCRYPTION_PAYLOAD_HEADER_LENGTH;
-       status = this->payloads->create_iterator(this->payloads, &iterator, TRUE);
-       if (status != SUCCESS)
-       {
-               return status;
-       }
+       size_t block_size, length = 0;
+       iterator = this->payloads->create_iterator(this->payloads, TRUE);
+
+       /* count payload length */
        while (iterator->has_next(iterator))
        {
                payload_t *current_payload;
@@ -685,9 +608,20 @@ static status_t compute_length(private_encryption_payload_t *this)
        }
        iterator->destroy(iterator);
        
+       if (this->crypter && this->signer)
+       {
+               /* append one byte for padding length */
+               length++;
+               /* append padding */
+               block_size = this->crypter->get_block_size(this->crypter);
+               length += block_size - length % block_size;
+               /* add iv */
+               length += block_size;
+               /* add signature */
+               length += this->signer->get_block_size(this->signer);
+       }
+       length += ENCRYPTION_PAYLOAD_HEADER_LENGTH;
        this->payload_length = length;
-               
-       return SUCCESS;
 }
 
 /*
@@ -696,29 +630,25 @@ static status_t compute_length(private_encryption_payload_t *this)
 encryption_payload_t *encryption_payload_create()
 {
        private_encryption_payload_t *this = allocator_alloc_thing(private_encryption_payload_t);
-       if (this == NULL)
-       {
-               return NULL;    
-       }       
        
        /* payload_t interface functions */
        this->public.payload_interface.verify = (status_t (*) (payload_t *))verify;
-       this->public.payload_interface.get_encoding_rules = (status_t (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules;
+       this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules;
        this->public.payload_interface.get_length = (size_t (*) (payload_t *)) get_length;
        this->public.payload_interface.get_next_type = (payload_type_t (*) (payload_t *)) get_next_type;
-       this->public.payload_interface.set_next_type = (status_t (*) (payload_t *,payload_type_t)) set_next_type;
+       this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type;
        this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_type;
-       this->public.payload_interface.destroy = (status_t (*) (payload_t *))destroy;
+       this->public.payload_interface.destroy = (void (*) (payload_t *))destroy;
        
        /* public functions */
-       this->public.create_payload_iterator = (status_t (*) (encryption_payload_t *,iterator_t **,bool)) create_payload_iterator;
-       this->public.add_payload = (status_t (*) (encryption_payload_t *,payload_t *)) add_payload;
-       this->public.encrypt = (status_t (*) (encryption_payload_t *, crypter_t*)) encrypt;
-       this->public.decrypt = (status_t (*) (encryption_payload_t *, crypter_t*)) decrypt;
-       this->public.set_signer = (status_t (*) (encryption_payload_t *,signer_t*)) set_signer;
+       this->public.create_payload_iterator = (iterator_t * (*) (encryption_payload_t *,bool)) create_payload_iterator;
+       this->public.add_payload = (void (*) (encryption_payload_t *,payload_t *)) add_payload;
+       this->public.encrypt = (status_t (*) (encryption_payload_t *)) encrypt;
+       this->public.decrypt = (status_t (*) (encryption_payload_t *)) decrypt;
+       this->public.set_transforms = (void (*) (encryption_payload_t*,crypter_t*,signer_t*)) set_transforms;
        this->public.build_signature = (status_t (*) (encryption_payload_t*, chunk_t)) build_signature;
        this->public.verify_signature = (status_t (*) (encryption_payload_t*, chunk_t)) verify_signature;
-       this->public.destroy = (status_t (*) (encryption_payload_t *)) destroy;
+       this->public.destroy = (void (*) (encryption_payload_t *)) destroy;
        
        /* private functions */
        this->compute_length = compute_length;
@@ -729,19 +659,12 @@ encryption_payload_t *encryption_payload_create()
        this->critical = TRUE;
        this->next_payload = NO_PAYLOAD;
        this->payload_length = ENCRYPTION_PAYLOAD_HEADER_LENGTH;
-       this->iv = CHUNK_INITIALIZER;
        this->encrypted = CHUNK_INITIALIZER;
        this->decrypted = CHUNK_INITIALIZER;
-       this->checksum = CHUNK_INITIALIZER;
        this->signer = NULL;
-
+       this->crypter = NULL;
        this->payloads = linked_list_create();
        
-       if (this->payloads == NULL)
-       {
-               allocator_free(this);
-               return NULL;
-       }
        return (&(this->public));
 }