keyDerivation.cpp

   1 /*
   2  *  anytun
   3  *
   4  *  The secure anycast tunneling protocol (satp) defines a protocol used
   5  *  for communication between any combination of unicast and anycast
   6  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
   7  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
   8  *  ethernet, ip, arp ...). satp directly includes cryptography and
   9  *  message authentication based on the methodes used by SRTP.  It is
  10  *  intended to deliver a generic, scaleable and secure solution for
  11  *  tunneling and relaying of packets of any protocol.
  12  *
  13  *
  14  *  Copyright (C) 2007 anytun.org <satp@wirdorange.org>
  15  *
  16  *  This program is free software; you can redistribute it and/or modify
  17  *  it under the terms of the GNU General Public License version 2
  18  *  as published by the Free Software Foundation.
  19  *
  20  *  This program is distributed in the hope that it will be useful,
  21  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  22  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  23  *  GNU General Public License for more details.
  24  *
  25  *  You should have received a copy of the GNU General Public License
  26  *  along with this program (see the file COPYING included with this
  27  *  distribution); if not, write to the Free Software Foundation, Inc.,
  28  *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  29  */
  30
  31
  32 #include "log.h"
  33 #include "keyDerivation.h"
  34 #include "mpi.h"
  35 #include "threadUtils.hpp"
  36
  37 #include <stdexcept>
  38 #include <iostream>
  39 #include <string>
  40
  41 #include <gcrypt.h>
  42
  43
  44 void KeyDerivation::init(Buffer key, Buffer salt)
  45 {
  46   Lock lock(mutex_);
  47   gcry_error_t err;
  48
  49   // TODO: hardcoded cipher-type and keysize??
  50   err = gcry_cipher_open( &cipher_, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR, 0 );
  51   if( err ) {
  52     cLog.msg(Log::PRIO_ERR) << "KeyDerivation::init: Failed to open cipher: " << gpg_strerror( err );
  53     return;
  54   }
  55
  56   master_salt_ = SyncBuffer(salt);
  57   master_key_ = SyncBuffer(key);
  58
  59   updateKey();
  60 }
  61
  62 void KeyDerivation::updateKey()
  63 {
  64   gcry_error_t err;
  65
  66   err = gcry_cipher_setkey( cipher_, master_key_.getBuf(), master_key_.getLength() );
  67   if( err )
  68     cLog.msg(Log::PRIO_ERR) << "KeyDerivation::updateKey: Failed to set cipher key: " << gpg_strerror( err );
  69 }
  70
  71 KeyDerivation::~KeyDerivation()
  72 {
  73   Lock lock(mutex_);
  74   gcry_cipher_close( cipher_ );
  75 }
  76
  77 void KeyDerivation::setLogKDRate(const uint8_t log_rate)
  78 {
  79   Lock lock(mutex_);
  80   if( log_rate < 49 )
  81     ld_kdr_ = log_rate;
  82 }
  83
  84 void KeyDerivation::generate(satp_prf_label label, seq_nr_t seq_nr, Buffer& key)
  85 {
  86   ////Lock lock(mutex_);
  87   gcry_error_t err;
  88
  89   Mpi r;
  90   Mpi key_id(128); // TODO: hardcoded keySize!!!!!!!  Q@NINE?
  91   Mpi iv(128); // TODO: hardcoded keySize!!!!!!!       Q@NINE?
  92
  93   // see at: http://tools.ietf.org/html/rfc3711#section-4.3
  94   // *  Let r = index DIV key_derivation_rate (with DIV as defined above).
  95   // *  Let key_id = <label> || r.
  96   // *  Let x = key_id XOR master_salt, where key_id and master_salt are
  97   //    aligned so that their least significant bits agree (right-
  98   //    alignment).
  99   //
 100
 101   if( ld_kdr_ == -1 )    // means key_derivation_rate = 0
 102     r = 0;
 103   else
 104     // TODO: kdr can be greater than 2^32 (= 2^48) ????  Q@NINE?
 105 // Q@NINE? was: r = static_cast<long unsigned int>(seq_nr / ( 0x01 << ld_kdr_ ));
 106     r = static_cast<u_int64_t>(seq_nr / ( 0x01 << ld_kdr_ ));
 107
 108   r = r.mul2exp(8);  // Q@NINE? === r << 8
 109   key_id = r + static_cast<long unsigned int>(label);
 110
 111   Mpi salt = Mpi(master_salt_.getBuf(), master_salt_.getLength());
 112   iv = key_id ^ salt;
 113
 114   err = gcry_cipher_reset( cipher_ );
 115   if( err )
 116     cLog.msg(Log::PRIO_ERR) << "KeyDerivation::generate: Failed to reset cipher: " << gpg_strerror( err );
 117
 118   u_int8_t *iv_buf = iv.getNewBuf(16);
 119   err = gcry_cipher_setiv( cipher_ , iv_buf, 16);
 120   delete[] iv_buf;
 121   if( err )
 122     cLog.msg(Log::PRIO_ERR) << "KeyDerivation::generate: Failed to set IV: " << gpg_strerror( err );
 123
 124   err = gcry_cipher_encrypt( cipher_, key, key.getLength(), 0, 0 );
 125
 126   if( err )
 127     cLog.msg(Log::PRIO_ERR) << "KeyDerivation::generate: Failed to generate cipher bitstream: " << gpg_strerror( err );
 128 }