search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
doing replay protection before learning remote host
[anytun.git] / src / encryptedPacket.cpp
blob692d2217f5797d29bfdb1da1ec6262e4f385fcd0
1 /*
2 * anytun
3 *
4 * The secure anycast tunneling protocol (satp) defines a protocol used
5 * for communication between any combination of unicast and anycast
6 * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel
7 * mode and allows tunneling of every ETHER TYPE protocol (e.g.
8 * ethernet, ip, arp ...). satp directly includes cryptography and
9 * message authentication based on the methodes used by SRTP. It is
10 * intended to deliver a generic, scaleable and secure solution for
11 * tunneling and relaying of packets of any protocol.
12 *
13 *
14 * Copyright (C) 2007-2008 Othmar Gsenger, Erwin Nindl,
15 * Christian Pointner <satp@wirdorange.org>
16 *
17 * This file is part of Anytun.
18 *
19 * Anytun is free software: you can redistribute it and/or modify
20 * it under the terms of the GNU General Public License version 3 as
21 * published by the Free Software Foundation.
22 *
23 * Anytun is distributed in the hope that it will be useful,
24 * but WITHOUT ANY WARRANTY; without even the implied warranty of
25 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
26 * GNU General Public License for more details.
27 *
28 * You should have received a copy of the GNU General Public License
29 * along with anytun. If not, see <http://www.gnu.org/licenses/>.
30 */
31
32 #include <stdexcept>
33 #include <iostream>
34 #include <cstdio> // for std::memcpy
35
36 #include "encryptedPacket.h"
37 #include "endian.h"
38 #include "datatypes.h"
39 #include "log.h"
40
41 EncryptedPacket::EncryptedPacket(u_int32_t payload_length, bool allow_realloc)
42 : Buffer(payload_length + sizeof(struct HeaderStruct), allow_realloc)
43 {
44 header_ = reinterpret_cast<struct HeaderStruct*>(buf_);
45 payload_ = buf_ + sizeof(struct HeaderStruct);
46 auth_tag_ = NULL;
47 if(header_)
48 {
49 header_->seq_nr = 0;
50 header_->sender_id = 0;
51 header_->mux = 0;
52 }
53 }
54
55 u_int32_t EncryptedPacket::getHeaderLength()
56 {
57 return sizeof(struct HeaderStruct);
58 }
59
60 seq_nr_t EncryptedPacket::getSeqNr() const
61 {
62 if(header_)
63 return SEQ_NR_T_NTOH(header_->seq_nr);
64
65 return 0;
66 }
67
68 sender_id_t EncryptedPacket::getSenderId() const
69 {
70 if(header_)
71 return SENDER_ID_T_NTOH(header_->sender_id);
72
73 return 0;
74 }
75
76 mux_t EncryptedPacket::getMux() const
77 {
78 if(header_)
79 return MUX_T_NTOH(header_->mux);
80
81 return 0;
82 }
83
84 void EncryptedPacket::setSeqNr(seq_nr_t seq_nr)
85 {
86 if(header_)
87 header_->seq_nr = SEQ_NR_T_HTON(seq_nr);
88 }
89
90 void EncryptedPacket::setSenderId(sender_id_t sender_id)
91 {
92 if(header_)
93 header_->sender_id = SENDER_ID_T_HTON(sender_id);
94 }
95
96 void EncryptedPacket::setMux(mux_t mux)
97 {
98 if(header_)
99 header_->mux = MUX_T_HTON(mux);
100 }
101
102 void EncryptedPacket::setHeader(seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux)
103 {
104 if(!header_)
105 return;
106
107 header_->seq_nr = SEQ_NR_T_HTON(seq_nr);
108 header_->sender_id = SENDER_ID_T_HTON(sender_id);
109 header_->mux = MUX_T_HTON(mux);
110 }
111
112 u_int32_t EncryptedPacket::getPayloadLength() const
113 {
114 if(!payload_)
115 return 0;
116
117 if(!auth_tag_)
118 return (length_ > sizeof(struct HeaderStruct)) ? (length_ - sizeof(struct HeaderStruct)) : 0;
119
120 return (length_ > (sizeof(struct HeaderStruct) + AUTHTAG_SIZE)) ? (length_ - sizeof(struct HeaderStruct) - AUTHTAG_SIZE) : 0;
121 }
122
123 void EncryptedPacket::setPayloadLength(u_int32_t payload_length)
124 {
125 Buffer::setLength(payload_length + sizeof(struct HeaderStruct));
126 // depending on allow_realloc buf_ may point to another address
127 // therefore in this case reinit() gets called by Buffer::setLength()
128 }
129
130 void EncryptedPacket::reinit()
131 {
132 header_ = reinterpret_cast<struct HeaderStruct*>(buf_);
133 payload_ = buf_ + sizeof(struct HeaderStruct);
134
135 if(length_ <= (sizeof(struct HeaderStruct)))
136 payload_ = NULL;
137
138 if(length_ < (sizeof(struct HeaderStruct))) {
139 header_ = NULL;
140 throw std::runtime_error("packet can't be initialized, buffer is too small");
141 }
142
143 if(auth_tag_)
144 {
145 if(length_ < (sizeof(struct HeaderStruct) + AUTHTAG_SIZE)) {
146 auth_tag_ = NULL;
147 throw std::runtime_error("auth-tag can't be enabled, buffer is too small");
148 }
149 auth_tag_ = buf_ + length_ - AUTHTAG_SIZE;
150 }
151 }
152
153 u_int8_t* EncryptedPacket::getPayload()
154 {
155 return payload_;
156 }
157
158 u_int8_t* EncryptedPacket::getAuthenticatedPortion()
159 {
160 return buf_;
161 }
162
163 u_int32_t EncryptedPacket::getAuthenticatedPortionLength()
164 {
165 if(!buf_)
166 return 0;
167
168 if(!auth_tag_)
169 return length_;
170
171 return (length_ > AUTHTAG_SIZE) ? (length_ - AUTHTAG_SIZE) : 0;
172 }
173
174 void EncryptedPacket::withAuthTag(bool b)
175 {
176 if((b && auth_tag_) || (!b && !auth_tag_))
177 return;
178
179 if(b)
180 {
181 if(length_ < (sizeof(struct HeaderStruct) + AUTHTAG_SIZE))
182 throw std::runtime_error("auth-tag can't be enabled, buffer is too small");
183
184 auth_tag_ = buf_ + length_ - AUTHTAG_SIZE;
185 }
186 else
187 auth_tag_ = NULL;
188 }
189
190 void EncryptedPacket::addAuthTag()
191 {
192 if(auth_tag_)
193 return;
194
195 auth_tag_ = buf_; // will be set to the correct value @ reinit
196 setLength(length_ + AUTHTAG_SIZE);
197 if(auth_tag_ == buf_) // reinit was not called by setLength
198 reinit();
199 }
200
201 void EncryptedPacket::removeAuthTag()
202 {
203 if(!auth_tag_)
204 return;
205
206 auth_tag_ = NULL;
207 setLength(length_ - AUTHTAG_SIZE);
208 }
209
210 u_int8_t* EncryptedPacket::getAuthTag()
211 {
212 return auth_tag_;
213 }
214
215 u_int32_t EncryptedPacket::getAuthTagLength()
216 {
217 if(auth_tag_)
218 return AUTHTAG_SIZE;
219
220 return 0;
221 }
Implementation of SATP