keyDerivation.cpp

   1 /*
   2  *  anytun
   3  *
   4  *  The secure anycast tunneling protocol (satp) defines a protocol used
   5  *  for communication between any combination of unicast and anycast
   6  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
   7  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
   8  *  ethernet, ip, arp ...). satp directly includes cryptography and
   9  *  message authentication based on the methodes used by SRTP.  It is
  10  *  intended to deliver a generic, scaleable and secure solution for
  11  *  tunneling and relaying of packets of any protocol.
  12  *
  13  *
  14  *  Copyright (C) 2007 anytun.org <satp@wirdorange.org>
  15  *
  16  *  This program is free software; you can redistribute it and/or modify
  17  *  it under the terms of the GNU General Public License version 2
  18  *  as published by the Free Software Foundation.
  19  *
  20  *  This program is distributed in the hope that it will be useful,
  21  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  22  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  23  *  GNU General Public License for more details.
  24  *
  25  *  You should have received a copy of the GNU General Public License
  26  *  along with this program (see the file COPYING included with this
  27  *  distribution); if not, write to the Free Software Foundation, Inc.,
  28  *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  29  */
  30
  31
  32 #include "log.h"
  33 #include "keyDerivation.h"
  34 #include "mpi.h"
  35 #include "threadUtils.hpp"
  36
  37 #include <stdexcept>
  38 #include <iostream>
  39 #include <string>
  40
  41 #include <gcrypt.h>
  42
  43
  44 const char* KeyDerivation::MIN_GCRYPT_VERSION = "1.2.3";
  45
  46 void KeyDerivation::init(Buffer key, Buffer salt)
  47 {
  48   Lock lock(mutex_);
  49   gcry_error_t err;
  50
  51   // No other library has already initialized libgcrypt.
  52   if( !gcry_control(GCRYCTL_ANY_INITIALIZATION_P) )
  53   {
  54     if( !gcry_check_version( MIN_GCRYPT_VERSION ) ) {
  55       cLog.msg(Log::PRIO_ERR) << "KeyDerivation::init: Invalid Version of libgcrypt, should be >= " << MIN_GCRYPT_VERSION;
  56       return;
  57     }
  58
  59     // do NOT allocate a pool of secure memory!
  60     // this is NOT thread safe!
  61
  62     //    /* Allocate a pool of 16k secure memory.  This also drops priviliges
  63     //     *      on some systems. */
  64     //    err = gcry_control(GCRYCTL_INIT_SECMEM, 16384, 0);
  65     //    if( err )
  66     //    {
  67     //      std::cerr << "Failed to allocate 16k secure memory: " << gpg_strerror( err ) << std::endl;
  68     //      return;
  69     //    }
  70
  71     /* Tell Libgcrypt that initialization has completed. */
  72     err = gcry_control(GCRYCTL_INITIALIZATION_FINISHED);
  73     if( err ) {
  74       cLog.msg(Log::PRIO_ERR) << "KeyDerivation::init: Failed to finish the initialization of libgcrypt: " << gpg_strerror( err );
  75       return;
  76     } else {
  77       cLog.msg(Log::PRIO_NOTICE) << "KeyDerivation::init: libgcrypt init finished";
  78     }
  79   }
  80
  81   err = gcry_cipher_open( &cipher_, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR, 0 );
  82   if( err ) {
  83     cLog.msg(Log::PRIO_ERR) << "KeyDerivation::init: Failed to open cipher: " << gpg_strerror( err );
  84     return;
  85   }
  86
  87   // FIXXME: hardcoded keysize!
  88   err = gcry_cipher_setkey( cipher_, key.getBuf(), 16 );
  89   if( err )
  90     cLog.msg(Log::PRIO_ERR) << "KeyDerivation::init: Failed to set cipher key: " << gpg_strerror( err );
  91
  92   salt_ = SyncBuffer(salt);
  93 }
  94
  95 void KeyDerivation::setLogKDRate(const uint8_t log_rate)
  96 {
  97   Lock lock(mutex_);
  98   if( log_rate < 49 )
  99     ld_kdr_ = log_rate;
 100 }
 101
 102
 103 void KeyDerivation::generate(satp_prf_label label, seq_nr_t seq_nr, Buffer& key, u_int32_t length)
 104 {
 105   ////Lock lock(mutex_);
 106   gcry_error_t err;
 107
 108   Mpi r;
 109   Mpi key_id(128);
 110   Mpi iv(128);
 111
 112   // see at: http://tools.ietf.org/html/rfc3711#section-4.3
 113   // *  Let r = index DIV key_derivation_rate (with DIV as defined above).
 114   // *  Let key_id = <label> || r.
 115   // *  Let x = key_id XOR master_salt, where key_id and master_salt are
 116   //    aligned so that their least significant bits agree (right-
 117   //    alignment).
 118   //
 119
 120   if( ld_kdr_ == -1 )    // means key_derivation_rate = 0
 121     r = 0;
 122   else
 123     // FIXXME: kdr can be greater than 2^32 (= 2^48)
 124     r = static_cast<long unsigned int>(seq_nr / ( 0x01 << ld_kdr_ ));
 125
 126   r = r.mul2exp(8);
 127   key_id = r + static_cast<long unsigned int>(label);
 128
 129   Mpi salt = Mpi(salt_.getBuf(), salt_.getLength());
 130   iv = key_id ^ salt;
 131
 132   err = gcry_cipher_reset( cipher_ );
 133   if( err )
 134     cLog.msg(Log::PRIO_ERR) << "KeyDerivation::generate: Failed to reset cipher: " << gpg_strerror( err );
 135
 136   u_int8_t *iv_buf = iv.getNewBuf(16);
 137   err = gcry_cipher_setiv( cipher_ , iv_buf, 16);
 138   delete[] iv_buf;
 139   if( err )
 140     cLog.msg(Log::PRIO_ERR) << "KeyDerivation::generate: Failed to set IV: " << gpg_strerror( err );
 141
 142   err = gcry_cipher_encrypt( cipher_, key, length, 0, 0 );
 143
 144   if( err )
 145     cLog.msg(Log::PRIO_ERR) << "KeyDerivation::generate: Failed to generate cipher bitstream: " << gpg_strerror( err );
 146 }
 147
 148
 149 void KeyDerivation::clear()
 150 {
 151   Lock lock(mutex_);
 152   gcry_cipher_close( cipher_ );
 153 }
 154
 155 u_int32_t KeyDerivation::bufferGetLength() const
 156 {
 157         return salt_.getLength();
 158 }