1: /* ssl/d1_enc.c */ 2: /* 3: * DTLS implementation written by Nagendra Modadugu 4: * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 5: */ 6: /* ==================================================================== 7: * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. 8: * 9: * Redistribution and use in source and binary forms, with or without 10: * modification, are permitted provided that the following conditions 11: * are met: 12: * 13: * 1. Redistributions of source code must retain the above copyright 14: * notice, this list of conditions and the following disclaimer. 15: * 16: * 2. Redistributions in binary form must reproduce the above copyright 17: * notice, this list of conditions and the following disclaimer in 18: * the documentation and/or other materials provided with the 19: * distribution. 20: * 21: * 3. All advertising materials mentioning features or use of this 22: * software must display the following acknowledgment: 23: * "This product includes software developed by the OpenSSL Project 24: * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 25: * 26: * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 27: * endorse or promote products derived from this software without 28: * prior written permission. For written permission, please contact 29: * openssl-core@openssl.org. 30: * 31: * 5. Products derived from this software may not be called "OpenSSL" 32: * nor may "OpenSSL" appear in their names without prior written 33: * permission of the OpenSSL Project. 34: * 35: * 6. Redistributions of any form whatsoever must retain the following 36: * acknowledgment: 37: * "This product includes software developed by the OpenSSL Project 38: * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 39: * 40: * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 41: * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 43: * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 44: * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 45: * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 46: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 47: * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 49: * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 50: * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 51: * OF THE POSSIBILITY OF SUCH DAMAGE. 52: * ==================================================================== 53: * 54: * This product includes cryptographic software written by Eric Young 55: * (eay@cryptsoft.com). This product includes software written by Tim 56: * Hudson (tjh@cryptsoft.com). 57: * 58: */ 59: /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 60: * All rights reserved. 61: * 62: * This package is an SSL implementation written 63: * by Eric Young (eay@cryptsoft.com). 64: * The implementation was written so as to conform with Netscapes SSL. 65: * 66: * This library is free for commercial and non-commercial use as long as 67: * the following conditions are aheared to. The following conditions 68: * apply to all code found in this distribution, be it the RC4, RSA, 69: * lhash, DES, etc., code; not just the SSL code. The SSL documentation 70: * included with this distribution is covered by the same copyright terms 71: * except that the holder is Tim Hudson (tjh@cryptsoft.com). 72: * 73: * Copyright remains Eric Young's, and as such any Copyright notices in 74: * the code are not to be removed. 75: * If this package is used in a product, Eric Young should be given attribution 76: * as the author of the parts of the library used. 77: * This can be in the form of a textual message at program startup or 78: * in documentation (online or textual) provided with the package. 79: * 80: * Redistribution and use in source and binary forms, with or without 81: * modification, are permitted provided that the following conditions 82: * are met: 83: * 1. Redistributions of source code must retain the copyright 84: * notice, this list of conditions and the following disclaimer. 85: * 2. Redistributions in binary form must reproduce the above copyright 86: * notice, this list of conditions and the following disclaimer in the 87: * documentation and/or other materials provided with the distribution. 88: * 3. All advertising materials mentioning features or use of this software 89: * must display the following acknowledgement: 90: * "This product includes cryptographic software written by 91: * Eric Young (eay@cryptsoft.com)" 92: * The word 'cryptographic' can be left out if the rouines from the library 93: * being used are not cryptographic related :-). 94: * 4. If you include any Windows specific code (or a derivative thereof) from 95: * the apps directory (application code) you must include an acknowledgement: 96: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 97: * 98: * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 99: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 100: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 101: * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 102: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 103: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 104: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 105: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 106: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 107: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 108: * SUCH DAMAGE. 109: * 110: * The licence and distribution terms for any publically available version or 111: * derivative of this code cannot be changed. i.e. this code cannot simply be 112: * copied and put under another distribution licence 113: * [including the GNU Public Licence.] 114: */ 115: 116: #include <stdio.h> 117: #include "ssl_locl.h" 118: #include <openssl/comp.h> 119: #include <openssl/evp.h> 120: #include <openssl/hmac.h> 121: #include <openssl/md5.h> 122: #include <openssl/rand.h> 123: 124: 125: int dtls1_enc(SSL *s, int send) 126: { 127: SSL3_RECORD *rec; 128: EVP_CIPHER_CTX *ds; 129: unsigned long l; 130: int bs,i,ii,j,k,n=0; 131: const EVP_CIPHER *enc; 132: 133: if (send) 134: { 135: if (s->write_hash != NULL) 136: n=EVP_MD_size(s->write_hash); 137: ds=s->enc_write_ctx; 138: rec= &(s->s3->wrec); 139: if (s->enc_write_ctx == NULL) 140: enc=NULL; 141: else 142: { 143: enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx); 144: if ( rec->data != rec->input) 145: /* we can't write into the input stream */ 146: fprintf(stderr, "%s:%d: rec->data != rec->input\n", 147: __FILE__, __LINE__); 148: else if ( EVP_CIPHER_block_size(ds->cipher) > 1) 149: { 150: if (!RAND_bytes(rec->input, EVP_CIPHER_block_size(ds->cipher))) 151: return -1; 152: } 153: } 154: } 155: else 156: { 157: if (s->read_hash != NULL) 158: n=EVP_MD_size(s->read_hash); 159: ds=s->enc_read_ctx; 160: rec= &(s->s3->rrec); 161: if (s->enc_read_ctx == NULL) 162: enc=NULL; 163: else 164: enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx); 165: } 166: 167: #ifdef KSSL_DEBUG 168: printf("dtls1_enc(%d)\n", send); 169: #endif /* KSSL_DEBUG */ 170: 171: if ((s->session == NULL) || (ds == NULL) || 172: (enc == NULL)) 173: { 174: memmove(rec->data,rec->input,rec->length); 175: rec->input=rec->data; 176: } 177: else 178: { 179: l=rec->length; 180: bs=EVP_CIPHER_block_size(ds->cipher); 181: 182: if ((bs != 1) && send) 183: { 184: i=bs-((int)l%bs); 185: 186: /* Add weird padding of upto 256 bytes */ 187: 188: /* we need to add 'i' padding bytes of value j */ 189: j=i-1; 190: if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) 191: { 192: if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) 193: j++; 194: } 195: for (k=(int)l; k<(int)(l+i); k++) 196: rec->input[k]=j; 197: l+=i; 198: rec->length+=i; 199: } 200: 201: #ifdef KSSL_DEBUG 202: { 203: unsigned long ui; 204: printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n", 205: ds,rec->data,rec->input,l); 206: printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n", 207: ds->buf_len, ds->cipher->key_len, 208: DES_KEY_SZ, DES_SCHEDULE_SZ, 209: ds->cipher->iv_len); 210: printf("\t\tIV: "); 211: for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]); 212: printf("\n"); 213: printf("\trec->input="); 214: for (ui=0; ui<l; ui++) printf(" %02x", rec->input[ui]); 215: printf("\n"); 216: } 217: #endif /* KSSL_DEBUG */ 218: 219: if (!send) 220: { 221: if (l == 0 || l%bs != 0) 222: { 223: SSLerr(SSL_F_DTLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); 224: ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED); 225: return 0; 226: } 227: } 228: 229: EVP_Cipher(ds,rec->data,rec->input,l); 230: 231: #ifdef KSSL_DEBUG 232: { 233: unsigned long i; 234: printf("\trec->data="); 235: for (i=0; i<l; i++) 236: printf(" %02x", rec->data[i]); printf("\n"); 237: } 238: #endif /* KSSL_DEBUG */ 239: 240: if ((bs != 1) && !send) 241: { 242: ii=i=rec->data[l-1]; /* padding_length */ 243: i++; 244: if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) 245: { 246: /* First packet is even in size, so check */ 247: if ((memcmp(s->s3->read_sequence, 248: "\0\0\0\0\0\0\0\0",8) == 0) && !(ii & 1)) 249: s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG; 250: if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) 251: i--; 252: } 253: /* TLS 1.0 does not bound the number of padding bytes by the block size. 254: * All of them must have value 'padding_length'. */ 255: if (i > (int)rec->length) 256: { 257: /* Incorrect padding. SSLerr() and ssl3_alert are done 258: * by caller: we don't want to reveal whether this is 259: * a decryption error or a MAC verification failure 260: * (see http://www.openssl.org/~bodo/tls-cbc.txt) 261: */ 262: return -1; 263: } 264: for (j=(int)(l-i); j<(int)l; j++) 265: { 266: if (rec->data[j] != ii) 267: { 268: /* Incorrect padding */ 269: return -1; 270: } 271: } 272: rec->length-=i; 273: 274: rec->data += bs; /* skip the implicit IV */ 275: rec->input += bs; 276: rec->length -= bs; 277: } 278: } 279: return(1); 280: } 281: