X-Git-Url: http://git.silcnet.org/gitweb/?a=blobdiff_plain;f=lib%2Fsilcske%2Fpayload.c;h=ad45ea8d74a1d14410310a722affb97e80a36506;hb=40f8443d8d3a6577336ee66d18e04d9ac4d956bb;hp=ce14c9faca8312f7d5e7decaa426563745d6c09d;hpb=622dbba14878964ca76301bdf9c8f59f3312fbc7;p=silc.git diff --git a/lib/silcske/payload.c b/lib/silcske/payload.c index ce14c9fa..ad45ea8d 100644 --- a/lib/silcske/payload.c +++ b/lib/silcske/payload.c @@ -2,15 +2,14 @@ payload.c - Author: Pekka Riikonen + Author: Pekka Riikonen - Copyright (C) 2000 - 2001 Pekka Riikonen + Copyright (C) 2000 - 2005 Pekka Riikonen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - + the Free Software Foundation; version 2 of the License. + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the @@ -19,14 +18,14 @@ */ /* $Id$ */ -#include "silcincludes.h" -#include "payload_internal.h" +#include "silc.h" +#include "silcske_i.h" /* Encodes Key Exchange Start Payload into a SILC Buffer to be sent to the other end. */ SilcSKEStatus silc_ske_payload_start_encode(SilcSKE ske, - SilcSKEStartPayload *payload, + SilcSKEStartPayload payload, SilcBuffer *return_buffer) { SilcBuffer buf; @@ -37,18 +36,19 @@ SilcSKEStatus silc_ske_payload_start_encode(SilcSKE ske, if (!payload) return SILC_SKE_STATUS_ERROR; - buf = silc_buffer_alloc(payload->len); - silc_buffer_pull_tail(buf, SILC_BUFFER_END(buf)); + buf = silc_buffer_alloc_size(payload->len); + if (!buf) + return SILC_SKE_STATUS_OUT_OF_MEMORY; /* Encode the payload */ ret = silc_buffer_format(buf, SILC_STR_UI_CHAR(0), /* RESERVED field */ SILC_STR_UI_CHAR(payload->flags), SILC_STR_UI_SHORT(payload->len), - SILC_STR_UI_XNSTRING(payload->cookie, + SILC_STR_UI_XNSTRING(payload->cookie, payload->cookie_len), SILC_STR_UI_SHORT(payload->version_len), - SILC_STR_UI_XNSTRING(payload->version, + SILC_STR_UI_XNSTRING(payload->version, payload->version_len), SILC_STR_UI_SHORT(payload->ke_grp_len), SILC_STR_UI_XNSTRING(payload->ke_grp_list, @@ -77,7 +77,7 @@ SilcSKEStatus silc_ske_payload_start_encode(SilcSKE ske, /* Return the encoded buffer */ *return_buffer = buf; - SILC_LOG_HEXDUMP(("KE Start Payload"), buf->data, buf->len); + SILC_LOG_HEXDUMP(("KE Start Payload"), buf->data, silc_buffer_len(buf)); return SILC_SKE_STATUS_OK; } @@ -85,30 +85,33 @@ SilcSKEStatus silc_ske_payload_start_encode(SilcSKE ske, /* Parses the Key Exchange Start Payload. Parsed data is returned to allocated payload structure. */ -SilcSKEStatus +SilcSKEStatus silc_ske_payload_start_decode(SilcSKE ske, SilcBuffer buffer, - SilcSKEStartPayload **return_payload) + SilcSKEStartPayload *return_payload) { - SilcSKEStartPayload *payload; + SilcSKEStartPayload payload; SilcSKEStatus status = SILC_SKE_STATUS_ERROR; unsigned char tmp; int ret; SILC_LOG_DEBUG(("Decoding Key Exchange Start Payload")); - SILC_LOG_HEXDUMP(("KE Start Payload"), buffer->data, buffer->len); + SILC_LOG_HEXDUMP(("KE Start Payload"), buffer->data, + silc_buffer_len(buffer)); payload = silc_calloc(1, sizeof(*payload)); + if (!payload) + return SILC_SKE_STATUS_OUT_OF_MEMORY; payload->cookie_len = SILC_SKE_COOKIE_LEN; /* Parse start of the payload */ - ret = + ret = silc_buffer_unformat(buffer, SILC_STR_UI_CHAR(&tmp), /* RESERVED Field */ SILC_STR_UI_CHAR(&payload->flags), SILC_STR_UI_SHORT(&payload->len), - SILC_STR_UI_XNSTRING_ALLOC(&payload->cookie, + SILC_STR_UI_XNSTRING_ALLOC(&payload->cookie, payload->cookie_len), SILC_STR_UI16_NSTRING_ALLOC(&payload->version, &payload->version_len), @@ -126,22 +129,33 @@ silc_ske_payload_start_decode(SilcSKE ske, &payload->comp_alg_len), SILC_STR_END); if (ret == -1) { - status = SILC_SKE_STATUS_ERROR; + SILC_LOG_ERROR(("Malformed KE Start Payload")); + status = SILC_SKE_STATUS_BAD_PAYLOAD; goto err; } if (tmp != 0) { - SILC_LOG_DEBUG(("Bad reserved field")); + SILC_LOG_ERROR(("Bad RESERVED field in KE Start Payload")); status = SILC_SKE_STATUS_BAD_RESERVED_FIELD; goto err; } - if (payload->len != buffer->len) { - SILC_LOG_DEBUG(("Bad payload length")); + if (payload->len != silc_buffer_len(buffer)) { + SILC_LOG_ERROR(("Garbage after KE Start Payload")); status = SILC_SKE_STATUS_BAD_PAYLOAD_LENGTH; goto err; } + /* Check for mandatory fields */ + if (!payload->cookie || !payload->version_len || + !payload->ke_grp_len || !payload->pkcs_alg_len || + !payload->enc_alg_len || !payload->hash_alg_len || + !payload->hmac_alg_len) { + SILC_LOG_ERROR(("KE Start Payload is missing mandatory fields")); + status = SILC_SKE_STATUS_BAD_PAYLOAD; + goto err; + } + /* Return the payload */ *return_payload = payload; @@ -156,25 +170,17 @@ silc_ske_payload_start_decode(SilcSKE ske, /* Free's Start Payload */ -void silc_ske_payload_start_free(SilcSKEStartPayload *payload) +void silc_ske_payload_start_free(SilcSKEStartPayload payload) { if (payload) { - if (payload->cookie) - silc_free(payload->cookie); - if (payload->version) - silc_free(payload->version); - if (payload->ke_grp_list) - silc_free(payload->ke_grp_list); - if (payload->pkcs_alg_list) - silc_free(payload->pkcs_alg_list); - if (payload->enc_alg_list) - silc_free(payload->enc_alg_list); - if (payload->hash_alg_list) - silc_free(payload->hash_alg_list); - if (payload->hmac_alg_list) - silc_free(payload->hmac_alg_list); - if (payload->comp_alg_list) - silc_free(payload->comp_alg_list); + silc_free(payload->cookie); + silc_free(payload->version); + silc_free(payload->ke_grp_list); + silc_free(payload->pkcs_alg_list); + silc_free(payload->enc_alg_list); + silc_free(payload->hash_alg_list); + silc_free(payload->hmac_alg_list); + silc_free(payload->comp_alg_list); silc_free(payload); } } @@ -183,12 +189,12 @@ void silc_ske_payload_start_free(SilcSKEStartPayload *payload) end. */ SilcSKEStatus silc_ske_payload_ke_encode(SilcSKE ske, - SilcSKEKEPayload *payload, + SilcSKEKEPayload payload, SilcBuffer *return_buffer) { SilcBuffer buf; unsigned char *x_str; - unsigned int x_len; + SilcUInt32 x_len; int ret; SILC_LOG_DEBUG(("Encoding KE Payload")); @@ -196,7 +202,8 @@ SilcSKEStatus silc_ske_payload_ke_encode(SilcSKE ske, if (!payload) return SILC_SKE_STATUS_ERROR; - if (ske->start_payload->flags & SILC_SKE_SP_FLAG_MUTUAL && + if (ske->start_payload && + ske->start_payload->flags & SILC_SKE_SP_FLAG_MUTUAL && !payload->sign_data) { SILC_LOG_DEBUG(("Signature data is missing")); return SILC_SKE_STATUS_ERROR; @@ -207,20 +214,21 @@ SilcSKEStatus silc_ske_payload_ke_encode(SilcSKE ske, /* Allocate channel payload buffer. The length of the buffer is 4 + public key + 2 + x + 2 + signature. */ - buf = silc_buffer_alloc(4 + payload->pk_len + 2 + x_len + - 2 + payload->sign_len); - silc_buffer_pull_tail(buf, SILC_BUFFER_END(buf)); + buf = silc_buffer_alloc_size(4 + payload->pk_len + 2 + x_len + + 2 + payload->sign_len); + if (!buf) + return SILC_SKE_STATUS_OUT_OF_MEMORY; /* Encode the payload */ - ret = silc_buffer_format(buf, + ret = silc_buffer_format(buf, SILC_STR_UI_SHORT(payload->pk_len), SILC_STR_UI_SHORT(payload->pk_type), - SILC_STR_UI_XNSTRING(payload->pk_data, + SILC_STR_UI_XNSTRING(payload->pk_data, payload->pk_len), SILC_STR_UI_SHORT(x_len), SILC_STR_UI_XNSTRING(x_str, x_len), SILC_STR_UI_SHORT(payload->sign_len), - SILC_STR_UI_XNSTRING(payload->sign_data, + SILC_STR_UI_XNSTRING(payload->sign_data, payload->sign_len), SILC_STR_END); if (ret == -1) { @@ -233,7 +241,7 @@ SilcSKEStatus silc_ske_payload_ke_encode(SilcSKE ske, /* Return encoded buffer */ *return_buffer = buf; - SILC_LOG_HEXDUMP(("KE Payload"), buf->data, buf->len); + SILC_LOG_HEXDUMP(("KE Payload"), buf->data, silc_buffer_len(buf)); memset(x_str, 'F', x_len); silc_free(x_str); @@ -246,22 +254,24 @@ SilcSKEStatus silc_ske_payload_ke_encode(SilcSKE ske, SilcSKEStatus silc_ske_payload_ke_decode(SilcSKE ske, SilcBuffer buffer, - SilcSKEKEPayload **return_payload) + SilcSKEKEPayload *return_payload) { SilcSKEStatus status = SILC_SKE_STATUS_ERROR; - SilcSKEKEPayload *payload; + SilcSKEKEPayload payload; unsigned char *x = NULL; - unsigned short x_len; - unsigned int tot_len = 0, len2; + SilcUInt16 x_len; + SilcUInt32 tot_len = 0, len2; int ret; SILC_LOG_DEBUG(("Decoding Key Exchange Payload")); - SILC_LOG_HEXDUMP(("KE Payload"), buffer->data, buffer->len); + SILC_LOG_HEXDUMP(("KE Payload"), buffer->data, silc_buffer_len(buffer)); payload = silc_calloc(1, sizeof(*payload)); + if (!payload) + return SILC_SKE_STATUS_OUT_OF_MEMORY; - len2 = buffer->len; + len2 = silc_buffer_len(buffer); /* Parse start of the payload */ ret = silc_buffer_unformat(buffer, @@ -269,11 +279,15 @@ SilcSKEStatus silc_ske_payload_ke_decode(SilcSKE ske, SILC_STR_UI_SHORT(&payload->pk_type), SILC_STR_END); if (ret == -1) { - status = SILC_SKE_STATUS_ERROR; + SILC_LOG_ERROR(("Cannot decode public key from KE payload")); + status = SILC_SKE_STATUS_BAD_PAYLOAD; goto err; } - if (payload->pk_len < 5) { + if (ske->start_payload && + ((payload->pk_type < SILC_SKE_PK_TYPE_SILC || + payload->pk_type > SILC_SKE_PK_TYPE_SPKI) || !payload->pk_len)) { + SILC_LOG_ERROR(("Malformed public key in KE payload")); status = SILC_SKE_STATUS_BAD_PAYLOAD; goto err; } @@ -286,35 +300,39 @@ SilcSKEStatus silc_ske_payload_ke_decode(SilcSKE ske, SILC_STR_UI_XNSTRING_ALLOC(&payload->pk_data, payload->pk_len), SILC_STR_UI16_NSTRING_ALLOC(&x, &x_len), - SILC_STR_UI16_NSTRING_ALLOC(&payload->sign_data, + SILC_STR_UI16_NSTRING_ALLOC(&payload->sign_data, &payload->sign_len), SILC_STR_END); if (ret == -1) { - status = SILC_SKE_STATUS_ERROR; + SILC_LOG_ERROR(("Malformed KE Payload")); + status = SILC_SKE_STATUS_BAD_PAYLOAD; goto err; } tot_len += x_len + 2; tot_len += payload->sign_len + 2; - if (x_len < 3) { + if (x_len < 16) { + SILC_LOG_ERROR(("Too short DH value in KE Payload")); status = SILC_SKE_STATUS_BAD_PAYLOAD; goto err; } - if ((ske->start_payload->flags & SILC_SKE_SP_FLAG_MUTUAL) && + if (ske->start_payload && + (ske->start_payload->flags & SILC_SKE_SP_FLAG_MUTUAL) && (payload->sign_len < 3 || !payload->sign_data)) { - SILC_LOG_DEBUG(("The signature data is missing - both parties are " + SILC_LOG_ERROR(("The signature data is missing - both parties are " "required to do authentication")); status = SILC_SKE_STATUS_BAD_PAYLOAD; goto err; } if (tot_len != len2) { - status = SILC_SKE_STATUS_BAD_PAYLOAD; + SILC_LOG_ERROR(("Garbage after KE payload")); + status = SILC_SKE_STATUS_BAD_PAYLOAD_LENGTH; goto err; } - + /* Decode the binary data to integer */ silc_mp_init(&payload->x); silc_mp_bin2mp(x, x_len, &payload->x); @@ -327,12 +345,9 @@ SilcSKEStatus silc_ske_payload_ke_decode(SilcSKE ske, return SILC_SKE_STATUS_OK; err: - if (payload->pk_data) - silc_free(payload->pk_data); - if (payload->sign_data) - silc_free(payload->sign_data); - if (x) - silc_free(x); + silc_free(payload->pk_data); + silc_free(payload->sign_data); + silc_free(x); silc_free(payload); ske->status = status; return status; @@ -340,14 +355,12 @@ SilcSKEStatus silc_ske_payload_ke_decode(SilcSKE ske, /* Free's KE Payload */ -void silc_ske_payload_ke_free(SilcSKEKEPayload *payload) +void silc_ske_payload_ke_free(SilcSKEKEPayload payload) { if (payload) { - if (payload->pk_data) - silc_free(payload->pk_data); - silc_mp_clear(&payload->x); - if (payload->sign_data) - silc_free(payload->sign_data); + silc_free(payload->pk_data); + silc_mp_uninit(&payload->x); + silc_free(payload->sign_data); silc_free(payload); } }