From patchwork Mon Nov 11 01:59:59 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "flichtenheld (Code Review)" X-Patchwork-Id: 3934 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:41ba:b0:5d9:9f4c:3bc7 with SMTP id a26csp2278198mad; Sun, 10 Nov 2024 18:00:27 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCWdDuzUVhSvMjZTUopMA4qp4rX6FjAodhVK/+1rOi0DGUBvwXwnRf40PyBuAEYgcPBQWH+h1Bk7Ah8=@openvpn.net X-Google-Smtp-Source: AGHT+IHYByN8n0qJbi5czwRKRCTBBVvxeE/o4hPxq5zNhnuQ6PRCQfeJ3PhKuDLqzZNeqD6APnrJ X-Received: by 2002:a05:6808:1922:b0:3e6:61f0:4797 with SMTP id 5614622812f47-3e79477095cmr7354314b6e.40.1731290427590; Sun, 10 Nov 2024 18:00:27 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1731290427; cv=none; d=google.com; s=arc-20240605; b=JQOC14kxouFGS2gGCzNpXkUQEw9q08fBognV9rjhp7XZTERrj1ypG30U3TRQhpq9XK av8pFp1qwJ//E33Kc/o8jvlX3S6HTZgNIa0nCF6+cZmbNvShVWkhOItm8BhcVGcykMHC HfGGcPV2RcHHDJeAqxyJykLHAX0HkJ5XUZK7za3JQDZf4HIeT2Eay6K/EYC6kiY5IUfp a1DkvLH4Rt1m9LMLSdHY2oxBduUAaHHnE8DCY5ErHfgoapNBDosljHiGlTWaD6tnB25R uOJiJtZrRhHWc1PWzED62Q5kadgzuB6FYox8C90E4j/hf/m5MPRsL5B18kVn7U9gunLF yczQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:cc:reply-to:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject:user-agent :mime-version:message-id:references:auto-submitted:to:date:from :dkim-signature:dkim-signature:dkim-signature; bh=L8a5HOD7Spi5hqOwimx/e9csSadpMFa9+9GGB+CbvKg=; fh=lm0MLPW7DntlrDqRECIiC9JlE1uPxhepE0URYHIf+eE=; b=D1X7uy8FePlxQAhdFn6JUXI5KMLubrruDdyHU0Jh72JUtLi+IsTxEiykJQz+bjR9B1 ksmJ0bjP/TAqLrUO/3vMXRp3cxDjs9dd73Q7cLByA3wJUknMGdzc4FjWe12nmzA8L3TH zrNEX7g69W9GxAUGsNLz0luEsq7BC+r+3FkcTJpegDOS30qxq1yI4A4F2bZESc+Zku2g JOjTbFD7UM7m36q3vxyWhgPAIp/8p0TBXkNWPj4RImeO0OWqHVyUx0yt2BF9VlhkDrVA yEz+ihbc0bRduE3KjYhJnEgnaSJCKCOPtauD94I1ITY1V6QdkVMxCnP9aK9vzsb6l6Ks neAg==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=nEIaROy3; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=YFLpVHnF; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=ZdmbWPj8; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 5614622812f47-3e78cc86e10si5715624b6e.40.2024.11.10.18.00.27 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 10 Nov 2024 18:00:27 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=nEIaROy3; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=YFLpVHnF; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=ZdmbWPj8; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1tAJiy-0003UU-L9; Mon, 11 Nov 2024 02:00:16 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tAJix-0003UJ-5d for openvpn-devel@lists.sourceforge.net; Mon, 11 Nov 2024 02:00:15 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version :Message-ID:Reply-To:References:Subject:List-Unsubscribe:List-Id:Cc:To:Date: From:Sender:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help: List-Subscribe:List-Post:List-Owner:List-Archive; bh=KheKpaKROM9959fVflD8i25Ja0B4iPe1esCqD0smDdU=; b=nEIaROy3Er+H1w3AWIsoDzi/z+ mxaSAGEZTt++71aVicQ6HScK6gyBzEDFBJm0t1oqXDUzT3nR0kasZZ2gFQdnIu2gH/s0EuUE1y+jr LRiQ0WY1DsdASqcJZpvQ4vSkq4yHI8VZuyvdzXl9i6dsol+pTjNS2pQ+k1aEI3qaWa6Q=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Reply-To: References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:From:Sender:Content-ID :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To: Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:List-Subscribe:List-Post: List-Owner:List-Archive; bh=KheKpaKROM9959fVflD8i25Ja0B4iPe1esCqD0smDdU=; b=Y FLpVHnFKQ8vpGtbR9iKOeT5TuaRR00YR3n5AQLm9uxvUVHQhfiPvyrX3QoSPO8FB7lgWaVItVYukq Rl+ORiuP3eTQbBsBG+cwcnFB3nJ8HBIaE/CkwGB1+Nq0aUe2AyhlqGDDlZJmZ4yDPbA2j2M0sbo+8 K+1lCR07cyoV9vIQ=; Received: from mail-wm1-f42.google.com ([209.85.128.42]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1tAJiv-0001aX-G9 for openvpn-devel@lists.sourceforge.net; Mon, 11 Nov 2024 02:00:15 +0000 Received: by mail-wm1-f42.google.com with SMTP id 5b1f17b1804b1-4315c1c7392so34906025e9.1 for ; Sun, 10 Nov 2024 18:00:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=openvpn.net; s=google; t=1731290402; x=1731895202; darn=lists.sourceforge.net; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from:from:to:cc :subject:date:message-id:reply-to; bh=KheKpaKROM9959fVflD8i25Ja0B4iPe1esCqD0smDdU=; b=ZdmbWPj8lY6mROK1IZahzeHvBLgjOw4t0eQ7vBOe7dAexdNOdQleOD1mEa0GTvVT1P Fk7RBiZGtcQjyKUOEu5CghcBOACw8SvzybCn/kqPA6ibtjz6IVw3Vxq+BfMCBGHUTRXn Cdrq38DSv6HsWc9F0rzIaTyHuLcrY9W0fQ4UtjA831vrHq7oBbqGYznEeWf9kcOVVQzc 67nWGz5v8dpSkjjfJfYb8A9le6RYtTYsMmDJJtm2R54a5Fj7ZuePEb1bN11IFQNLBag7 Nyit3Id9G0mf2Uv1ddbF7YyX1YxHSFM6b6428W9p8v40J4AVso8tADTpy8qptQJ2yath Ebpg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731290402; x=1731895202; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=KheKpaKROM9959fVflD8i25Ja0B4iPe1esCqD0smDdU=; b=TFyJ9HjCPfsBQNYvMmYl+Nwl7DeRoTSwvhbBLPBboQ/uK6Xac39lhJBFNUgdFXjixM z8lL6O4ibNrWqxQJFQDu6iIRQelsWYZTyn4kG0/CLzJpwlPOpk6VHhGdLs0L66SJ98kt C2RUyp/sKPOJW2Uqs9slAzdANqi6Cv/wT7fuziF4eJpF76n5Vw5/1QYN2Qhw9j83HDA7 NW0upEZcDZg8W3Eyb/rTmEgnvR2NhL970L0zRFHmKdmVhc4fyp8AJ6iERKlUyizsziDI YghpgyxgbZShITuZhots/34zLsIqFnKBoHYo6MIzNvC2BP7DB1V01YP7ELPAgKnT8oZw WhTA== X-Gm-Message-State: AOJu0YxjwQWr/8wMeo+0GrsEJ60j5dR/a8sxSCBEDWQkkdjR8yt+FWAn QQuhdZD9qbFabUbwJDMqBVvcSXeIEICJZ14zJ+rT2erL8WVYuJ/R7rSA/y5mI9G/6RyFmZMkk6L E X-Received: by 2002:a05:600c:4709:b0:426:6f27:379a with SMTP id 5b1f17b1804b1-432b7503496mr89241495e9.13.1731290401513; Sun, 10 Nov 2024 18:00:01 -0800 (PST) Received: from gerrit.openvpn.in (ec2-18-159-0-78.eu-central-1.compute.amazonaws.com. [18.159.0.78]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-381ed970d10sm11447864f8f.20.2024.11.10.17.59.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 10 Nov 2024 18:00:00 -0800 (PST) From: "plaisthos (Code Review)" X-Google-Original-From: "plaisthos (Code Review)" X-Gerrit-PatchSet: 1 Date: Mon, 11 Nov 2024 01:59:59 +0000 To: flichtenheld Auto-Submitted: auto-generated X-Gerrit-MessageType: newchange X-Gerrit-Change-Id: I2a104decdb1e77a460f7a6976bcd0560b67a07b5 X-Gerrit-Change-Number: 803 X-Gerrit-Project: openvpn X-Gerrit-ChangeURL: X-Gerrit-Commit: b39702514700b839e12d8ea51a474be3e635482c References: Message-ID: MIME-Version: 1.0 User-Agent: Gerrit/3.8.2 X-Spam-Score: -0.9 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Attention is currently required from: flichtenheld. Hello flichtenheld, I'd like you to do a code review. Please visit Content analysis details: (-0.9 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.128.42 listed in list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.7 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.128.42 listed in wl.mailspike.net] 0.0 WEIRD_PORT URI: Uses non-standard port number for HTTP 0.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted Colors in HTML X-Headers-End: 1tAJiv-0001aX-G9 Subject: [Openvpn-devel] [M] Change in openvpn[master]: Add methods to read/write packet ids for epoch data X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: arne-openvpn@rfc2549.org, openvpn-devel@lists.sourceforge.net, frank@lichtenheld.com Cc: openvpn-devel Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1815389591557675561?= X-GMAIL-MSGID: =?utf-8?q?1815389591557675561?= X-getmail-filter-classifier: gerrit message type newchange Attention is currently required from: flichtenheld. Hello flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/803?usp=email to review the following change. Change subject: Add methods to read/write packet ids for epoch data ...................................................................... Add methods to read/write packet ids for epoch data Change-Id: I2a104decdb1e77a460f7a6976bcd0560b67a07b5 Signed-off-by: Arne Schwabe --- M src/openvpn/packet_id.c M src/openvpn/packet_id.h M tests/unit_tests/openvpn/test_packet_id.c 3 files changed, 137 insertions(+), 2 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/03/803/1 diff --git a/src/openvpn/packet_id.c b/src/openvpn/packet_id.c index 117c95f..8cde108 100644 --- a/src/openvpn/packet_id.c +++ b/src/openvpn/packet_id.c @@ -343,6 +343,21 @@ return true; } +static bool +packet_id_send_update_epoch(struct packet_id_send *p) +{ + if (!p->time) + { + p->time = now; + } + if (p->id == PACKET_ID_EPOCH_MAX) + { + return false; + } + p->id++; + return true; +} + bool packet_id_write(struct packet_id_send *p, struct buffer *buf, bool long_form, bool prepend) @@ -634,4 +649,46 @@ gc_free(&gc); } +uint16_t +packet_id_read_epoch(struct packet_id_net *pin, struct buffer *buf) +{ + uint64_t packet_id; + + + if (!buf_read(buf, &packet_id, sizeof(packet_id))) + { + return 0; + } + + uint64_t id = ntohll(packet_id); + /* top most 16 bits */ + uint16_t epoch = id >> 48; + + pin->id = id & 0xffffffffffffull; + return epoch; +} + +bool +packet_id_write_epoch(struct packet_id_send *p, uint16_t epoch, struct buffer *buf) +{ + if (!packet_id_send_update_epoch(p)) + { + return false; + } + + /* First 16 bits of packet id is the epoch + * + * Next 48 bits are the per-epoch packet id counter. Since we are + * writing a big endian counter, the last 6 bytes of the 64 bit + * integer contain our counter but the upper two bytes are always 0 */ + + uint64_t net_id = ((uint64_t) epoch) << 48 | p->id; + + /* convert to network order */ + net_id = htonll(net_id); + + return buf_write(buf, &net_id, sizeof(net_id)); +} + + #endif /* ifdef ENABLE_DEBUG */ diff --git a/src/openvpn/packet_id.h b/src/openvpn/packet_id.h index d8a3e1a..79224d2 100644 --- a/src/openvpn/packet_id.h +++ b/src/openvpn/packet_id.h @@ -44,7 +44,8 @@ * These are ephemeral and are never saved to a file. */ typedef uint32_t packet_id_type; -#define PACKET_ID_MAX UINT32_MAX +#define PACKET_ID_MAX UINT32_MAX +#define PACKET_ID_EPOCH_MAX 0x0000ffffffffffffull typedef uint32_t net_time_t; /* @@ -158,7 +159,8 @@ * includes a timestamp as well. * * An epoch packet-id is a 16 bit epoch - * counter plus a 48 per-epoch packet-id + * counter plus a 48 per-epoch packet-id. + * * * Long packet-ids are used as IVs for * CFB/OFB ciphers and for control channel @@ -321,4 +323,25 @@ } } +/** + * Writes the packet ID containing both the epoch and the packet id to the + * buffer specified by buf. + * @param p packed id send structure to use for the packet id + * @param epoch epoch to write to the packet + * @param buf buffer to write the packet id/epcoh to + * @return false if the packet id space is exhausted and cannot be written + */ +bool +packet_id_write_epoch(struct packet_id_send *p, uint16_t epoch, struct buffer *buf); + +/** + * Reads the packet ID containing both the epoch and the per-epoch counter + * from the buf. Will return 0 as epoch id if there is any error. + * @param p packet_id struct to popupulate with the on-wire counter + * @param buf buffer to read the packet id from. + * @return 0 for an error/invalid id, epoch otherwise + */ +uint16_t +packet_id_read_epoch(struct packet_id_net *p, struct buffer *buf); + #endif /* PACKET_ID_H */ diff --git a/tests/unit_tests/openvpn/test_packet_id.c b/tests/unit_tests/openvpn/test_packet_id.c index d918985..a24580b 100644 --- a/tests/unit_tests/openvpn/test_packet_id.c +++ b/tests/unit_tests/openvpn/test_packet_id.c @@ -44,6 +44,7 @@ } test_buf_data; struct buffer test_buf; struct packet_id_send pis; + struct gc_arena gc; }; static int @@ -59,6 +60,7 @@ data->test_buf.data = (void *) &data->test_buf_data; data->test_buf.capacity = sizeof(data->test_buf_data); + data->gc = gc_new(); *state = data; return 0; @@ -67,6 +69,8 @@ static int test_packet_id_write_teardown(void **state) { + struct test_packet_id_write_data *data = *state; + gc_free(&data->gc); free(*state); return 0; } @@ -209,6 +213,53 @@ reliable_free(rel); } +static void +test_packet_id_write_epoch(void **state) +{ + struct test_packet_id_write_data *data = *state; + + struct buffer buf = alloc_buf_gc(128, &data->gc); + + /* test normal writing of packet id to the buffer */ + assert_true(packet_id_write_epoch(&data->pis, 0x23, &buf)); + + assert_int_equal(buf.len, 8); + uint8_t expected_header[8] = { 0x00, 0x23, 0, 0, 0, 0, 0, 1}; + assert_memory_equal(BPTR(&buf), expected_header, 8); + + /* too small buffer should error out */ + struct buffer buf_short = alloc_buf_gc(5, &data->gc); + assert_false(packet_id_write_epoch(&data->pis, 0xabde, &buf_short)); + + /* test a true 48 bit packet id */ + data->pis.id = 0xfa079ab9d2e8; + struct buffer buf_48 = alloc_buf_gc(128, &data->gc); + assert_true(packet_id_write_epoch(&data->pis, 0xfffe, &buf_48)); + uint8_t expected_header_48[8] = { 0xff, 0xfe, 0xfa, 0x07, 0x9a, 0xb9, 0xd2, 0xe9}; + assert_memory_equal(BPTR(&buf_48), expected_header_48, 8); + + /* test writing/checking the 48 bit overflow */ + data->pis.id = 0xfffffffffffe; + struct buffer buf_of = alloc_buf_gc(128, &data->gc); + assert_true(packet_id_write_epoch(&data->pis, 0xf00f, &buf_of)); + uint8_t expected_header_of[8] = { 0xf0, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; + assert_memory_equal(BPTR(&buf_of), expected_header_of, 8); + + /* This is go over 2^48 - 1 and should error out. */ + assert_false(packet_id_write_epoch(&data->pis, 0xf00f, &buf_of)); + + /* Now read back the packet ids and check if they are the same as what we + * have written */ + struct packet_id_net pin; + assert_int_equal(packet_id_read_epoch(&pin, &buf), 0x23); + assert_int_equal(pin.id, 1); + + assert_int_equal(packet_id_read_epoch(&pin, &buf_48), 0xfffe); + assert_int_equal(pin.id, 0xfa079ab9d2e9); + + assert_int_equal(packet_id_read_epoch(&pin, &buf_of), 0xf00f); + assert_int_equal(pin.id, 0xffffffffffff); +} static void test_copy_acks_to_lru(void **state) @@ -296,6 +347,10 @@ cmocka_unit_test_setup_teardown(test_packet_id_write_long_wrap, test_packet_id_write_setup, test_packet_id_write_teardown), + cmocka_unit_test_setup_teardown(test_packet_id_write_epoch, + test_packet_id_write_setup, + test_packet_id_write_teardown), + cmocka_unit_test(test_get_num_output_sequenced_available), cmocka_unit_test(test_copy_acks_to_lru)