summaryrefslogtreecommitdiff
path: root/src/lib
diff options
context:
space:
mode:
authorDimitri Staessens <[email protected]>2022-02-25 18:44:12 +0100
committerSander Vrijders <[email protected]>2022-03-03 12:00:54 +0100
commitf535637a394eecca1af182fb09b175b53e9fbf1f (patch)
treef0598166eeac5ff9f1c197c7ee3103703ddc1fd5 /src/lib
parentf5d642a06f9c1a58197313b32f6b213a152e446f (diff)
downloadouroboros-f535637a394eecca1af182fb09b175b53e9fbf1f.tar.gz
ouroboros-f535637a394eecca1af182fb09b175b53e9fbf1f.zip
lib: Encrypt bare FRCP messages on encrypted flows
Bare FRCP messages (ACKs without data, Rendez-vous packets) were not encrypted on encrypted flows, causing the receiver to fail decryption. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/crypt.c23
-rw-r--r--src/lib/dev.c3
-rw-r--r--src/lib/frct.c47
3 files changed, 29 insertions, 44 deletions
diff --git a/src/lib/crypt.c b/src/lib/crypt.c
index 043eae13..e19981bc 100644
--- a/src/lib/crypt.c
+++ b/src/lib/crypt.c
@@ -217,8 +217,7 @@ static int openssl_encrypt(struct flow * f,
in = shm_du_buff_head(sdb);
in_sz = shm_du_buff_tail(sdb) - in;
- if (in_sz == 0)
- return 0;
+ assert(in_sz > 0);
if (random_buffer(iv, IVSZ) < 0)
goto fail_iv;
@@ -229,11 +228,7 @@ static int openssl_encrypt(struct flow * f,
EVP_CIPHER_CTX_reset(f->ctx);
- ret = EVP_EncryptInit_ex(f->ctx,
- EVP_aes_256_cbc(),
- NULL,
- f->key,
- iv);
+ ret = EVP_EncryptInit_ex(f->ctx, EVP_aes_256_cbc(), NULL, f->key, iv);
if (ret != 1)
goto fail_encrypt_init;
@@ -287,13 +282,17 @@ static int openssl_decrypt(struct flow * f,
int in_sz;
int tmp_sz;
+ in = shm_du_buff_head(sdb);
+ in_sz = shm_du_buff_tail(sdb) - in;
+ if (in_sz < IVSZ)
+ return -ECRYPT;
+
in = shm_du_buff_head_release(sdb, IVSZ);
memcpy(iv, in, IVSZ);
in = shm_du_buff_head(sdb);
-
- in_sz = shm_du_buff_tail(sdb) - shm_du_buff_head(sdb);
+ in_sz = shm_du_buff_tail(sdb) - in;
out = malloc(in_sz);
if (out == NULL)
@@ -301,11 +300,7 @@ static int openssl_decrypt(struct flow * f,
EVP_CIPHER_CTX_reset(f->ctx);
- ret = EVP_DecryptInit_ex(f->ctx,
- EVP_aes_256_cbc(),
- NULL,
- f->key,
- iv);
+ ret = EVP_DecryptInit_ex(f->ctx, EVP_aes_256_cbc(), NULL, f->key, iv);
if (ret != 1)
goto fail_decrypt_init;
diff --git a/src/lib/dev.c b/src/lib/dev.c
index 5c57a538..ab02a783 100644
--- a/src/lib/dev.c
+++ b/src/lib/dev.c
@@ -153,8 +153,6 @@ struct {
pthread_rwlock_t lock;
} ai;
-#include "frct.c"
-
static void port_destroy(struct port * p)
{
pthread_mutex_lock(&p->state_lock);
@@ -265,6 +263,7 @@ static void flow_clear(int fd)
}
#include "crypt.c"
+#include "frct.c"
static void flow_fini(int fd)
{
diff --git a/src/lib/frct.c b/src/lib/frct.c
index e9741aaf..2793f3c4 100644
--- a/src/lib/frct.c
+++ b/src/lib/frct.c
@@ -232,16 +232,29 @@ static void __send_frct_pkt(int fd,
pci->ackno = hton32(ackno);
f = &ai.flows[fd];
+
+ pthread_rwlock_rdlock(&ai.lock);
+
+ if (f->qs.cypher_s > 0 && crypt_encrypt(f, sdb) < 0)
+ goto fail;
+
#ifdef RXM_BLOCKING
- if (shm_rbuff_write_b(f->tx_rb, idx, NULL)) {
+ if (shm_rbuff_write_b(f->tx_rb, idx, NULL))
#else
- if (shm_rbuff_write(f->tx_rb, idx)) {
+ if (shm_rbuff_write(f->tx_rb, idx))
#endif
- ipcp_sdb_release(sdb);
- return;
- }
+ goto fail;
shm_flow_set_notify(f->set, f->flow_id, FLOW_PKT);
+
+ pthread_rwlock_unlock(&ai.lock);
+
+ return;
+
+ fail:
+ pthread_rwlock_unlock(&ai.lock);
+ ipcp_sdb_release(sdb);
+ return;
}
static void send_frct_pkt(struct frcti * frcti)
@@ -287,29 +300,7 @@ static void send_frct_pkt(struct frcti * frcti)
static void __send_rdv(int fd)
{
- struct shm_du_buff * sdb;
- struct frct_pci * pci;
- ssize_t idx;
- struct flow * f;
-
- /* Raw calls needed to bypass frcti. */
- idx = shm_rdrbuff_alloc_b(ai.rdrb, sizeof(*pci), NULL, &sdb, NULL);
- if (idx < 0)
- return;
-
- pci = (struct frct_pci *) shm_du_buff_head(sdb);
- memset(pci, 0, sizeof(*pci));
-
- pci->flags = FRCT_RDVS;
-
- f = &ai.flows[fd];
-
- if (shm_rbuff_write_b(f->tx_rb, idx, NULL)) {
- ipcp_sdb_release(sdb);
- return;
- }
-
- shm_flow_set_notify(f->set, f->flow_id, FLOW_PKT);
+ __send_frct_pkt(fd, FRCT_RDVS, 0, 0);
}
static struct frcti * frcti_create(int fd)