src/cipher.cpp

   1 /*
   2  *  anytun
   3  *
   4  *  The secure anycast tunneling protocol (satp) defines a protocol used
   5  *  for communication between any combination of unicast and anycast
   6  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
   7  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
   8  *  ethernet, ip, arp ...). satp directly includes cryptography and
   9  *  message authentication based on the methodes used by SRTP.  It is
  10  *  intended to deliver a generic, scaleable and secure solution for
  11  *  tunneling and relaying of packets of any protocol.
  12  *
  13  *
  14  *  Copyright (C) 2007-2008 Othmar Gsenger, Erwin Nindl,
  15  *                          Christian Pointner <satp@wirdorange.org>
  16  *
  17  *  This file is part of Anytun.
  18  *
  19  *  Anytun is free software: you can redistribute it and/or modify
  20  *  it under the terms of the GNU General Public License version 3 as
  21  *  published by the Free Software Foundation.
  22  *
  23  *  Anytun is distributed in the hope that it will be useful,
  24  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  25  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  26  *  GNU General Public License for more details.
  27  *
  28  *  You should have received a copy of the GNU General Public License
  29  *  along with anytun.  If not, see <http://www.gnu.org/licenses/>.
  30  */
  31
  32 #include <stdexcept>
  33 #include <iostream>
  34 #include <string>
  35 #include <cstdio>
  36 #include <gcrypt.h>
  37
  38 #include "cipher.h"
  39 #include "mpi.h"
  40 #include "log.h"
  41
  42
  43       // TODO: in should be const but does not work with getBuf() :(
  44 void Cipher::encrypt(PlainPacket & in, EncryptedPacket & out, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux)
  45 {
  46         u_int32_t len = cipher(in, in.getLength(), out.getPayload(), out.getPayloadLength(), seq_nr, sender_id, mux);
  47         out.setSenderId(sender_id);
  48         out.setSeqNr(seq_nr);
  49   out.setMux(mux);
  50         out.setPayloadLength(len);
  51 }
  52
  53       // TODO: in should be const but does not work with getBuf() :(
  54 void Cipher::decrypt(EncryptedPacket & in, PlainPacket & out)
  55 {
  56         u_int32_t len = decipher(in.getPayload() , in.getPayloadLength(), out, out.getLength(), in.getSeqNr(), in.getSenderId(), in.getMux());
  57         out.setLength(len);
  58 }
  59
  60
  61 //******* NullCipher *******
  62
  63 u_int32_t NullCipher::cipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux)
  64 {
  65         std::memcpy(out, in, (ilen < olen) ? ilen : olen);
  66   return (ilen < olen) ? ilen : olen;
  67 }
  68
  69 u_int32_t NullCipher::decipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux)
  70 {
  71         std::memcpy(out, in, (ilen < olen) ? ilen : olen);
  72   return (ilen < olen) ? ilen : olen;
  73 }
  74
  75
  76 //****** AesIcmCipher ******
  77
  78 AesIcmCipher::AesIcmCipher() : cipher_(NULL)
  79 {
  80       // TODO: hardcoded keysize
  81   gcry_error_t err = gcry_cipher_open( &cipher_, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR, 0 );
  82   if( err ) {
  83     char buf[STERROR_TEXT_MAX];
  84     buf[0] = 0;
  85     cLog.msg(Log::PRIO_CRIT) << "AesIcmCipher::AesIcmCipher: Failed to open cipher" << gpg_strerror_r(err, buf, STERROR_TEXT_MAX);
  86   }
  87 }
  88
  89
  90 AesIcmCipher::~AesIcmCipher()
  91 {
  92   if(cipher_)
  93     gcry_cipher_close( cipher_ );
  94 }
  95
  96 void AesIcmCipher::setKey(Buffer& key)
  97 {
  98   if(!cipher_)
  99     return;
 100
 101   gcry_error_t err = gcry_cipher_setkey( cipher_, key.getBuf(), key.getLength() );
 102   if( err ) {
 103     char buf[STERROR_TEXT_MAX];
 104     buf[0] = 0;
 105     cLog.msg(Log::PRIO_ERR) << "AesIcmCipher::setKey: Failed to set cipher key: " << gpg_strerror_r(err, buf, STERROR_TEXT_MAX);
 106   }
 107 }
 108
 109 void AesIcmCipher::setSalt(Buffer& salt)
 110 {
 111   salt_ = salt;
 112   if(!salt_[u_int32_t(0)])
 113     salt_[u_int32_t(0)] = 1; // TODO: this is a outstandingly ugly workaround
 114 }
 115
 116 u_int32_t AesIcmCipher::cipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux)
 117 {
 118   calc(in, ilen, out, olen, seq_nr, sender_id, mux);
 119   return (ilen < olen) ? ilen : olen;
 120 }
 121
 122 u_int32_t AesIcmCipher::decipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux)
 123 {
 124   calc(in, ilen, out, olen, seq_nr, sender_id, mux);
 125   return (ilen < olen) ? ilen : olen;
 126 }
 127
 128 void AesIcmCipher::calc(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux)
 129 {
 130   if(!cipher_)
 131     return;
 132
 133   gcry_error_t err = gcry_cipher_reset( cipher_ );
 134   if( err ) {
 135     char buf[STERROR_TEXT_MAX];
 136     buf[0] = 0;
 137     cLog.msg(Log::PRIO_ERR) << "AesIcmCipher: Failed to reset cipher: " << gpg_strerror_r(err, buf, STERROR_TEXT_MAX);
 138     return;
 139   }
 140
 141   // set the IV ( = CTR)
 142   //==========================================================================
 143   //  //  where the 128-bit integer value IV SHALL be defined by the SSRC, the
 144   //  //  SRTP packet index i, and the SRTP session salting key k_s, as below.
 145   //  //
 146   //  //  IV = (k_s * 2^16) XOR (SSRC * 2^64) XOR (i * 2^16)
 147   //  //  sizeof(k_s) = 112 bit, random
 148
 149   Mpi ctr(128);                                                // TODO: hardcoded size
 150   Mpi salt(salt_.getBuf(), salt_.getLength());
 151   Mpi sid_mux(32);
 152   sid_mux = sender_id;
 153   Mpi mux_mpi(32);
 154   mux_mpi = mux;
 155   sid_mux = sid_mux ^ mux_mpi.mul2exp(16);
 156   Mpi seq(32);
 157   seq = seq_nr;
 158
 159   ctr = salt.mul2exp(16) ^ sid_mux.mul2exp(64) ^ seq.mul2exp(16);  // TODO: hardcoded size
 160
 161   size_t written;
 162   u_int8_t *ctr_buf = ctr.getNewBuf(&written);             // TODO: hardcoded size
 163   err = gcry_cipher_setctr( cipher_, ctr_buf, written );        // TODO: hardcoded size
 164   delete[] ctr_buf;
 165   if( err ) {
 166     char buf[STERROR_TEXT_MAX];
 167     buf[0] = 0;
 168     cLog.msg(Log::PRIO_ERR) << "AesIcmCipher: Failed to set cipher CTR: " << gpg_strerror_r(err, buf, STERROR_TEXT_MAX);
 169     return;
 170   }
 171
 172   err = gcry_cipher_encrypt( cipher_, out, olen, in, ilen );
 173   if( err ) {
 174     char buf[STERROR_TEXT_MAX];
 175     buf[0] = 0;
 176     cLog.msg(Log::PRIO_ERR) << "AesIcmCipher: Failed to generate cipher bitstream: " << gpg_strerror_r(err, buf, STERROR_TEXT_MAX);
 177     return;
 178   }
 179 }
 180