keyDerivation.cpp

   1 /*
   2  *  anytun
   3  *
   4  *  The secure anycast tunneling protocol (satp) defines a protocol used
   5  *  for communication between any combination of unicast and anycast
   6  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
   7  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
   8  *  ethernet, ip, arp ...). satp directly includes cryptography and
   9  *  message authentication based on the methodes used by SRTP.  It is
  10  *  intended to deliver a generic, scaleable and secure solution for
  11  *  tunneling and relaying of packets of any protocol.
  12  *
  13  *
  14  *  Copyright (C) 2007 anytun.org <satp@wirdorange.org>
  15  *
  16  *  This program is free software; you can redistribute it and/or modify
  17  *  it under the terms of the GNU General Public License version 2
  18  *  as published by the Free Software Foundation.
  19  *
  20  *  This program is distributed in the hope that it will be useful,
  21  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  22  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  23  *  GNU General Public License for more details.
  24  *
  25  *  You should have received a copy of the GNU General Public License
  26  *  along with this program (see the file COPYING included with this
  27  *  distribution); if not, write to the Free Software Foundation, Inc.,
  28  *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  29  */
  30
  31
  32 #include "keyDerivation.h"
  33
  34 #include <stdexcept>
  35 #include <iostream>
  36 #include <string>
  37
  38 extern "C" {
  39 #include <gcrypt.h>
  40 }
  41
  42 const char* KeyDerivation::MIN_GCRYPT_VERSION = "1.2.3";
  43
  44 void KeyDerivation::init(Buffer key, Buffer salt)
  45 {
  46   gcry_error_t err;
  47
  48   // No other library has already initialized libgcrypt.
  49   if( !gcry_control(GCRYCTL_ANY_INITIALIZATION_P) )
  50   {
  51     if( !gcry_check_version( MIN_GCRYPT_VERSION ) ) {
  52       std::cerr << "Invalid Version of libgcrypt, should be >= " << MIN_GCRYPT_VERSION << std::endl;
  53       return;
  54     }
  55
  56     /* Allocate a pool of 16k secure memory.  This also drops priviliges
  57      *      on some systems. */
  58     err = gcry_control(GCRYCTL_INIT_SECMEM, 16384, 0);
  59     if( err )
  60     {
  61       std::cerr << "Failed to allocate 16k secure memory: " << gpg_strerror( err ) << std::endl;
  62       return;
  63     }
  64
  65     /* Tell Libgcrypt that initialization has completed. */
  66     err = gcry_control(GCRYCTL_INITIALIZATION_FINISHED);
  67     if( err ) {
  68       std::cerr << "Failed to finish the initialization of libgcrypt" << gpg_strerror( err ) << std::endl;
  69       return;
  70     } else {
  71       std::cout << "KeyDerivation::init: libgcrypt init finished" << std::endl;
  72     }
  73   }
  74
  75   err = gcry_cipher_open( &cipher_, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR, 0 );
  76   if( err )
  77   {
  78     std::cerr << "Failed to open cipher: " << gpg_strerror( err ) << std::endl;
  79     return;
  80   }
  81
  82 }
  83
  84 void KeyDerivation::setLogKDRate(const uint8_t log_rate)
  85 {
  86   if( log_rate < 49 )
  87     ld_kdr_ = log_rate;
  88 }
  89
  90
  91 void KeyDerivation::generate(satp_prf_label label, seq_nr_t seq_nr, Buffer& key, u_int32_t length)
  92 {
  93   gcry_error_t err;
  94   u_int8_t r = 0;
  95   Buffer iv(16);
  96
  97   u_int8_t tmp_key_id[16];
  98
  99   // see at: http://tools.ietf.org/html/rfc3711#section-4.3
 100   // *  Let r = index DIV key_derivation_rate (with DIV as defined above).
 101   // *  Let key_id = <label> || r.
 102   // *  Let x = key_id XOR master_salt, where key_id and master_salt are
 103   //    aligned so that their least significant bits agree (right-
 104   //    alignment).
 105   //
 106
 107   if( ld_kdr_ == -1 )    // means key_derivation_rate = 0
 108     r = 0;
 109   else
 110     // FIXXME: kdr can be greater than 2^32 (= 2^48)
 111     r = seq_nr / ( 0x01 << ld_kdr_ );
 112
 113
 114
 115   // FIXXME: why i cant access key_id via operator []?
 116   for(u_int8_t i=0; i<sizeof(tmp_key_id); i++)
 117     tmp_key_id[i] = 0x00;
 118
 119   tmp_key_id[0] = r;
 120   tmp_key_id[1] = label;
 121
 122   Buffer key_id(tmp_key_id, 16);
 123
 124   iv = key_id ^ salt_;
 125
 126   err = gcry_cipher_reset( cipher_ );
 127   if( err )
 128   {
 129     std::cerr << "Failed to reset cipher: " << gpg_strerror( err ) << std::endl;
 130   }
 131
 132   err = gcry_cipher_encrypt( cipher_, key, key.getLength(), 0, 0 );
 133   if( err )
 134   {
 135     std::cerr << "Failed to generate cipher bitstream: " << gpg_strerror( err ) << std::endl;
 136   }
 137 }
 138
 139
 140 void KeyDerivation::clear()
 141 {
 142   gcry_cipher_close( cipher_ );
 143 }
 144