4 * The secure anycast tunneling protocol (satp) defines a protocol used
5 * for communication between any combination of unicast and anycast
6 * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel
7 * mode and allows tunneling of every ETHER TYPE protocol (e.g.
8 * ethernet, ip, arp ...). satp directly includes cryptography and
9 * message authentication based on the methodes used by SRTP. It is
10 * intended to deliver a generic, scaleable and secure solution for
11 * tunneling and relaying of packets of any protocol.
14 * Copyright (C) 2007-2008 Othmar Gsenger, Erwin Nindl,
15 * Christian Pointner <satp@wirdorange.org>
17 * This file is part of Anytun.
19 * Anytun is free software: you can redistribute it and/or modify
20 * it under the terms of the GNU General Public License version 3 as
21 * published by the Free Software Foundation.
23 * Anytun is distributed in the hope that it will be useful,
24 * but WITHOUT ANY WARRANTY; without even the implied warranty of
25 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
26 * GNU General Public License for more details.
28 * You should have received a copy of the GNU General Public License
29 * along with anytun. If not, see <http://www.gnu.org/licenses/>.
32 #ifndef _KEYDERIVATION_H_
33 #define _KEYDERIVATION_H_
35 #include "datatypes.h"
37 #include "threadUtils.hpp"
38 #include "syncBuffer.h"
41 #ifndef USE_SSL_CRYPTO
44 #include <openssl/aes.h>
47 #include <boost/archive/text_oarchive.hpp>
48 #include <boost/archive/text_iarchive.hpp>
52 LABEL_SATP_ENCRYPTION
= 0x00,
53 LABEL_SATP_MSG_AUTH
= 0x01,
54 LABEL_SATP_SALT
= 0x02,
65 KeyDerivation() : ld_kdr_(0), key_length_(0), master_salt_(0), master_key_(0) {};
66 KeyDerivation(u_int16_t key_length
) : ld_kdr_(0), key_length_(key_length
), master_salt_(0), master_key_(0) {};
67 virtual ~KeyDerivation() {};
69 void setLogKDRate(const int8_t ld_rate
);
71 virtual void init(Buffer key
, Buffer salt
) = 0;
72 virtual bool generate(kd_dir dir
, satp_prf_label label
, seq_nr_t seq_nr
, Buffer
& key
) = 0;
74 virtual std::string
printType() { return "GenericKeyDerivation"; };
77 virtual void updateMasterKey() = 0;
79 KeyDerivation(const KeyDerivation
& src
);
80 friend class boost::serialization::access
;
81 template<class Archive
>
82 void serialize(Archive
& ar
, const unsigned int version
)
84 WritersLock
lock(mutex_
);
92 int8_t ld_kdr_
; // ld(key_derivation_rate)
93 u_int16_t key_length_
;
94 SyncBuffer master_salt_
;
95 SyncBuffer master_key_
;
100 BOOST_IS_ABSTRACT(KeyDerivation
)
102 //****** NullKeyDerivation ******
104 class NullKeyDerivation
: public KeyDerivation
107 NullKeyDerivation() {};
108 ~NullKeyDerivation() {};
110 void init(Buffer key
, Buffer salt
) {};
111 bool generate(kd_dir dir
, satp_prf_label label
, seq_nr_t seq_nr
, Buffer
& key
);
113 std::string
printType() { return "NullKeyDerivation"; };
116 void updateMasterKey() {};
118 friend class boost::serialization::access
;
119 template<class Archive
>
120 void serialize(Archive
& ar
, const unsigned int version
)
122 ar
& boost::serialization::base_object
<KeyDerivation
>(*this);
128 //****** AesIcmKeyDerivation ******
130 class AesIcmKeyDerivation
: public KeyDerivation
133 AesIcmKeyDerivation();
134 AesIcmKeyDerivation(u_int16_t key_length
);
135 ~AesIcmKeyDerivation();
137 static const u_int16_t DEFAULT_KEY_LENGTH
= 128;
138 static const u_int16_t CTR_LENGTH
= 16;
139 static const u_int16_t SALT_LENGTH
= 14;
141 void init(Buffer key
, Buffer salt
);
142 bool generate(kd_dir dir
, satp_prf_label label
, seq_nr_t seq_nr
, Buffer
& key
);
144 std::string
printType();
147 void updateMasterKey();
149 bool calcCtr(kd_dir dir
, seq_nr_t
* r
, satp_prf_label label
, seq_nr_t seq_nr
);
151 friend class boost::serialization::access
;
152 template<class Archive
>
153 void serialize(Archive
& ar
, const unsigned int version
)
155 ar
& boost::serialization::base_object
<KeyDerivation
>(*this);
158 #ifndef USE_SSL_CRYPTO
159 gcry_cipher_hd_t handle_
;
162 u_int8_t ecount_buf_
[AES_BLOCK_SIZE
];
165 union __attribute__((__packed__
)) key_derivation_aesctr_ctr_union
{
166 u_int8_t buf_
[CTR_LENGTH
];
167 struct __attribute__ ((__packed__
)) {
168 u_int8_t buf_
[SALT_LENGTH
];
171 #ifndef ANYTUN_02_COMPAT
172 struct __attribute__((__packed__
)) {
173 u_int8_t fill_
[SALT_LENGTH
- sizeof(u_int8_t
) - sizeof(seq_nr_t
)];
179 struct __attribute__((__packed__
)) {
180 u_int8_t fill_
[SALT_LENGTH
- sizeof(u_int8_t
) - 2 - sizeof(seq_nr_t
)];