Merge branch 'pvanstam-hexkeys' into develop

Author: salcock

src/agency.c

@@ -77,8 +77,9 @@ liagency_t *copy_liagency(liagency_t *lea) {
     if (lea->hi3_ipstr) {
         copy->hi3_ipstr = strdup(lea->hi3_ipstr);
     }
-    if (lea->encryptkey) {
-        copy->encryptkey = strdup(lea->encryptkey);
+    if (lea->encryptkey_len > 0) {
+        // should be covered by the original memcpy, but just to be safe
+        memcpy(copy->encryptkey, lea->encryptkey, lea->encryptkey_len);
     }
     return copy;
 }
@@ -101,9 +102,6 @@ void free_liagency(liagency_t *lea) {
 	}
     if (lea->agencycc) {
         free(lea->agencycc);
-    }
-    if (lea->encryptkey) {
-        free(lea->encryptkey);
     }
 	free(lea);
 }

src/agency.h

@@ -72,7 +72,8 @@ typedef struct liagency {
     uint32_t digest_sign_hashlimit;
 
     payload_encryption_method_t encrypt;
-    char *encryptkey;
+    uint8_t encryptkey[OPENLI_MAX_ENCRYPTKEY_LEN];
+    size_t encryptkey_len;
 } liagency_t;
 
 #define agency_equal(a, b) \
@@ -86,6 +87,7 @@ typedef struct liagency {
      a->handover_retry == b->handover_retry && \
      a->resend_window_kbs == b->resend_window_kbs && \
      a->digest_required == b->digest_required && \
+     a->encryptkey_len == b->encryptkey_len && \
      a->time_fmt == b->time_fmt && \
          ((!a->digest_required) || ( \
              a->digest_hash_timeout == b->digest_hash_timeout && \
@@ -97,16 +99,14 @@ typedef struct liagency {
      ((a->agencycc == NULL && b->agencycc == NULL) || \
         (a->agencycc != NULL && b->agencycc != NULL && \
          strcmp(a->agencycc, b->agencycc) == 0)) && \
-     ((a->encryptkey == NULL && b->encryptkey == NULL) || \
-        (a->encryptkey != NULL && b->encryptkey != NULL && \
-         strcmp(a->encryptkey, b->encryptkey) == 0)) && \
-     a->encrypt == b->encrypt \
+     ((a->encryptkey_len > 0 && b->encryptkey_len > 0) && \
+         memcmp(a->encryptkey, b->encryptkey, a->encryptkey_len) == 0) \
      )
 
-#endif
 
 openli_integrity_hash_method_t map_digest_hash_method_string(char *str);
 void free_liagency(liagency_t *ag);
 liagency_t *copy_liagency(liagency_t *lea);
+#endif
 
 // vim: set sw=4 tabstop=4 softtabstop=4 expandtab :

src/collector/collector.c

@@ -2642,7 +2642,6 @@ int main(int argc, char *argv[]) {
 
         glob->encoders[i].encrypt.byte_counter = 0;
         glob->encoders[i].encrypt.byte_startts = 0;
-        glob->encoders[i].encrypt.evp_ctx = NULL;
         glob->encoders[i].encrypt.saved_encryption_templates = NULL;
         glob->encoders[i].seqtrackers = glob->seqtracker_threads;
         glob->encoders[i].forwarders = glob->forwarding_threads;

src/collector/collector_publish.c

@@ -36,6 +36,7 @@
 #include "collector_publish.h"
 #include "emailiri.h"
 #include "export_buffer.h"
+#include "intercept.h"
 
 int publish_openli_msg(void *pubsock, openli_export_recv_t *msg) {
 
@@ -82,11 +83,20 @@ openli_export_recv_t *create_intercept_details_msg(intercept_common_t *common,
     }
     expmsg->data.cept.xid_count = common->xid_count;
 
-    if (common->encryptkey) {
-        expmsg->data.cept.encryptkey = strdup(common->encryptkey);
-    } else {
+    if (common->encrypt != OPENLI_PAYLOAD_ENCRYPTION_NONE &&
+        common->encryptkey_len > 0) {
+		expmsg->data.cept.encryptkey_len = common->encryptkey_len;
+		expmsg->data.cept.encryptkey =
+			openli_dup_encryptkey_ptr(common->encryptkey, common->encryptkey_len);
+		if (!expmsg->data.cept.encryptkey) {
+			/* treat as no key or bail out; pick one policy */
+			expmsg->data.cept.encryptkey_len = 0;
+		}
+	} else {
         expmsg->data.cept.encryptkey = NULL;
+        expmsg->data.cept.encryptkey_len = 0;
     }
+
     expmsg->data.cept.seqtrackerid = common->seqtrackerid;
 
     // set the optional fields to suitable "null" values
@@ -112,7 +122,9 @@ void free_published_message(openli_export_recv_t *msg) {
             free(msg->data.cept.delivcc);
         }
         if (msg->data.cept.encryptkey) {
-            free(msg->data.cept.encryptkey);
+            openli_free_encryptkey_ptr(&msg->data.cept.encryptkey,
+                                       msg->data.cept.encryptkey_len);
+            msg->data.cept.encryptkey_len = 0;
         }
         if (msg->data.cept.username) {
             free(msg->data.cept.username);

src/collector/collector_publish.h

@@ -210,8 +210,9 @@ typedef struct published_intercept_msg {
     char *delivcc;
     int seqtrackerid;
     payload_encryption_method_t encryptmethod;
-    char *encryptkey;
     openli_timestamp_encoding_fmt_t timefmt;
+    uint8_t *encryptkey;
+    size_t encryptkey_len;
     uuid_t *xids;
     size_t xid_count;
     openli_intercept_types_t cepttype;

src/collector/collector_push_messaging.c

@@ -28,6 +28,7 @@
 #include <assert.h>
 #include <uthash.h>
 #include <arpa/inet.h>
+#include <string.h>
 
 #include "logger.h"
 #include "collector.h"
@@ -54,13 +55,20 @@ static inline void update_intercept_common(intercept_common_t *found,
     found->tomediate = replace->tomediate;
     found->encrypt = replace->encrypt;
 
-    tmp = found->encryptkey;
-    found->encryptkey = replace->encryptkey;
-    replace->encryptkey = tmp;
-
     tmp = found->targetagency;
     found->targetagency = replace->targetagency;
     replace->targetagency = tmp;
+
+    /* copy binary key + set length; clear when encryption is NONE */
+    if (replace->encrypt != OPENLI_PAYLOAD_ENCRYPTION_NONE &&
+        replace->encryptkey_len > 0) {
+        found->encryptkey_len = openli_copy_encryptkey(
+            found->encryptkey, OPENLI_MAX_ENCRYPTKEY_LEN,
+            replace->encryptkey, replace->encryptkey_len);
+    } else {
+        openli_clear_encryptkey(found->encryptkey, OPENLI_MAX_ENCRYPTKEY_LEN,
+                                &found->encryptkey_len);
+    }
 }
 
 static int remove_rtp_stream(colthread_local_t *loc, char *rtpstreamkey) {

src/collector/collector_seqtracker.c

@@ -33,6 +33,7 @@
 #include "logger.h"
 #include "collector_base.h"
 #include "collector_publish.h"
+#include "intercept.h"
 
 static inline void free_intercept_msg(exporter_intercept_msg_t *msg) {
     if (msg->liid) {
@@ -209,6 +210,7 @@ static void track_new_intercept(seqtracker_thread_data_t *seqdata,
         intstate->details.delivcc = strdup(cept->delivcc);
         intstate->details.authcc_len = strlen(cept->authcc);
         intstate->details.delivcc_len = strlen(cept->delivcc);
+
         intstate->details.encryptmethod = cept->encryptmethod;
         intstate->details.timefmt = cept->timefmt;
         intstate->version ++;
@@ -223,8 +225,8 @@ static void track_new_intercept(seqtracker_thread_data_t *seqdata,
         intstate->details.liid_len = strlen(cept->liid);
         intstate->details.authcc_len = strlen(cept->authcc);
         intstate->details.delivcc_len = strlen(cept->delivcc);
-        intstate->details.encryptmethod = cept->encryptmethod;
         intstate->details.timefmt = cept->timefmt;
+        intstate->details.encryptmethod = cept->encryptmethod;
         intstate->cinsequencing = NULL;
         intstate->version = 0;
 
@@ -283,9 +285,8 @@ static int modify_tracked_intercept(seqtracker_thread_data_t *seqdata,
     intstate->details.delivcc = strdup(msg->delivcc);
     intstate->details.delivcc_len = strlen(msg->delivcc);
 
-    intstate->details.encryptmethod = msg->encryptmethod;
     intstate->details.timefmt = msg->timefmt;
-
+    intstate->details.encryptmethod = msg->encryptmethod;
     remove_preencoded(seqdata, intstate);
     preencode_etsi_fields(seqdata, intstate);
     intstate->version ++;
@@ -367,7 +368,6 @@ static int run_encoding_job(seqtracker_thread_data_t *seqdata,
     job.cept_version = intstate->version;
     job.encryptmethod = intstate->details.encryptmethod;
     job.timefmt = intstate->details.timefmt;
-
 	if (recvd->type == OPENLI_EXPORT_IPMMCC ||
 			recvd->type == OPENLI_EXPORT_IPCC ||
             recvd->type == OPENLI_EXPORT_UMTSCC ||

src/collector/email_worker.c

@@ -707,10 +707,18 @@ static void start_email_intercept(openli_email_worker_t *state,
         expmsg->data.cept.delivcc = strdup(em->common.delivcc);
         expmsg->data.cept.seqtrackerid = em->common.seqtrackerid;
         expmsg->data.cept.encryptmethod = em->common.encrypt;
-        if (em->common.encryptkey) {
-            expmsg->data.cept.encryptkey = strdup(em->common.encryptkey);
+        if (em->common.encrypt != OPENLI_PAYLOAD_ENCRYPTION_NONE &&
+            em->common.encryptkey_len > 0) {
+            expmsg->data.cept.encryptkey_len = em->common.encryptkey_len;
+            expmsg->data.cept.encryptkey =
+                openli_dup_encryptkey_ptr(em->common.encryptkey,
+                                          em->common.encryptkey_len);
+            if (!expmsg->data.cept.encryptkey) {
+                expmsg->data.cept.encryptkey_len = 0;  /* OOM -> treat as no key */
+            }
         } else {
             expmsg->data.cept.encryptkey = NULL;
+            expmsg->data.cept.encryptkey_len = 0;
         }
 
         publish_openli_msg(state->zmq_pubsocks[em->common.seqtrackerid],

src/collector/encoder_worker.c

@@ -40,6 +40,7 @@
 #include "logger.h"
 #include "etsili_core.h"
 #include "encoder_worker.h"
+#include "intercept.h"
 
 static int init_worker(openli_encoder_t *enc) {
     int zero = 0, rto = 10;
@@ -231,10 +232,6 @@ void destroy_encoder_worker(openli_encoder_t *enc) {
         zmq_close(enc->zmq_recvjobs[i]);
     }
 
-    if (enc->encrypt.evp_ctx) {
-        EVP_CIPHER_CTX_free(enc->encrypt.evp_ctx);
-    }
-
     if (enc->zmq_control) {
         zmq_close(enc->zmq_control);
     }

src/collector/etsiencoding/encryptcontainer.c

@@ -209,12 +209,11 @@ static encoded_encrypt_template_t *lookup_encrypted_template(
 
 int encrypt_aes_192_cbc(EVP_CIPHER_CTX *ctx, uint8_t *buf, uint16_t buflen,
         uint8_t *dest, uint16_t destlen, uint32_t seqno,
-        char *encryptkey) {
+        const uint8_t *encryptkey) {
 
     uint8_t IV_128[16];
     uint8_t key[24];
     uint32_t swapseqno;
-    size_t keylen = strlen(encryptkey);
     int len, i;
 
     assert(buflen <= destlen);
@@ -226,11 +225,9 @@ int encrypt_aes_192_cbc(EVP_CIPHER_CTX *ctx, uint8_t *buf, uint16_t buflen,
         memcpy(&(IV_128[i]), &swapseqno, sizeof(uint32_t));
     }
 
-    if (keylen > 24) {
-        keylen = 24;
-    }
-    memset(key, 0, 24);
-    memcpy(key, encryptkey, keylen);
+    /* The key is 24 bytes for AES-192.  */
+    memcpy(key, encryptkey, 24);
+
 
     /* Trust that we have correctly pre-padded the data to encrypt */
     EVP_CIPHER_CTX_set_padding(ctx, 0);
@@ -241,6 +238,17 @@ int encrypt_aes_192_cbc(EVP_CIPHER_CTX *ctx, uint8_t *buf, uint16_t buflen,
             return -1;
     }
 
+    /* ETSI-IP.nl uses AES-192-CBC with application-layer padding (if any).
+     * Disable PKCS#7 inside the cipher so ciphertext length == input length. */
+    EVP_CIPHER_CTX_set_padding(ctx, 0);
+
+    /* Sanity: with padding disabled, input MUST be a multiple of 16. */
+    if ((buflen & 0x0F) != 0) {
+        logger(LOG_INFO, "OpenLI: AES-192-CBC called with non-block-aligned input (%u bytes)", buflen);
+        return -1;
+    }
+
+
     if (EVP_EncryptUpdate(ctx, dest, &len, buf, (int)buflen) != 1) {
             logger(LOG_INFO, "OpenLI: unable to perform EVP encryption operation -- openssl error %s", ERR_error_string(ERR_get_error(), NULL));
             return -1;
@@ -251,6 +259,13 @@ int encrypt_aes_192_cbc(EVP_CIPHER_CTX *ctx, uint8_t *buf, uint16_t buflen,
             return -1;
     }
 
+    /* Cleanse local key copy */
+#if defined(__GLIBC__) && defined(_GNU_SOURCE)
+    explicit_bzero(key, sizeof(key));
+#else
+    volatile uint8_t *p = key;
+    for (size_t i = 0; i < sizeof(key); ++i) p[i] = 0;
+#endif
     return 0;
 
 }
@@ -388,7 +403,6 @@ int create_preencrypted_message_body(wandder_encoder_t *encoder,
      * mediator itself.
      */
 
-
     /* Lookup the template for a message of this length and encryption method */
     tplate = lookup_encrypted_template(&(encrypt->saved_encryption_templates),
             enclen, job->encryptmethod, &is_new);