4 * The secure anycast tunneling protocol (satp) defines a protocol used
5 * for communication between any combination of unicast and anycast
6 * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel
7 * mode and allows tunneling of every ETHER TYPE protocol (e.g.
8 * ethernet, ip, arp ...). satp directly includes cryptography and
9 * message authentication based on the methodes used by SRTP. It is
10 * intended to deliver a generic, scaleable and secure solution for
11 * tunneling and relaying of packets of any protocol.
14 * Copyright (C) 2007-2008 Othmar Gsenger, Erwin Nindl,
15 * Christian Pointner <satp@wirdorange.org>
17 * This file is part of Anytun.
19 * Anytun is free software: you can redistribute it and/or modify
20 * it under the terms of the GNU General Public License version 3 as
21 * published by the Free Software Foundation.
23 * Anytun is distributed in the hope that it will be useful,
24 * but WITHOUT ANY WARRANTY; without even the implied warranty of
25 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
26 * GNU General Public License for more details.
28 * You should have received a copy of the GNU General Public License
29 * along with anytun. If not, see <http://www.gnu.org/licenses/>.
34 #include "keyDerivation.h"
35 #include "threadUtils.hpp"
36 #include "datatypes.h"
47 void KeyDerivation::setLogKDRate(const u_int8_t log_rate
)
54 //****** NullKeyDerivation ******
56 void NullKeyDerivation::generate(satp_prf_label label
, seq_nr_t seq_nr
, Buffer
& key
)
58 for(u_int32_t i
=0; i
< key
.getLength(); ++i
) key
[i
] = 0;
62 //****** AesIcmKeyDerivation ******
64 AesIcmKeyDerivation::~AesIcmKeyDerivation()
68 gcry_cipher_close( cipher_
);
71 void AesIcmKeyDerivation::updateMasterKey()
76 gcry_error_t err
= gcry_cipher_setkey( cipher_
, master_key_
.getBuf(), master_key_
.getLength() );
78 char buf
[STERROR_TEXT_MAX
];
80 cLog
.msg(Log::PRIO_ERR
) << "KeyDerivation::updateMasterKey: Failed to set cipher key: " << gpg_strerror_r(err
, buf
, STERROR_TEXT_MAX
);
84 void AesIcmKeyDerivation::init(Buffer key
, Buffer salt
)
88 gcry_cipher_close( cipher_
);
90 // TODO: hardcoded size
91 gcry_error_t err
= gcry_cipher_open( &cipher_
, GCRY_CIPHER_AES128
, GCRY_CIPHER_MODE_CTR
, 0 );
93 char buf
[STERROR_TEXT_MAX
];
95 cLog
.msg(Log::PRIO_ERR
) << "KeyDerivation::init: Failed to open cipher: " << gpg_strerror_r(err
, buf
, STERROR_TEXT_MAX
);
99 master_salt_
= SyncBuffer(salt
);
100 master_key_
= SyncBuffer(key
);
105 void AesIcmKeyDerivation::generate(satp_prf_label label
, seq_nr_t seq_nr
, Buffer
& key
)
110 cLog
.msg(Log::PRIO_ERR
) << "KeyDerivation::generate: cipher not opened";
114 gcry_error_t err
= gcry_cipher_reset( cipher_
);
116 char buf
[STERROR_TEXT_MAX
];
118 cLog
.msg(Log::PRIO_ERR
) << "KeyDerivation::generate: Failed to reset cipher: " << gpg_strerror_r(err
, buf
, STERROR_TEXT_MAX
);
121 // see at: http://tools.ietf.org/html/rfc3711#section-4.3
122 // * Let r = index DIV key_derivation_rate (with DIV as defined above).
123 // * Let key_id = <label> || r.
124 // * Let x = key_id XOR master_salt, where key_id and master_salt are
125 // aligned so that their least significant bits agree (right-
129 Mpi
r(48); // ld(kdr) <= 48
130 if( ld_kdr_
== -1 ) // means key_derivation_rate = 0
131 r
= 0; // TODO: no new key should be generated if r == 0, except it is the first time
138 rate
= rate
.mul2exp(ld_kdr_
);
141 // TODO: generate key only if index % r == 0, except it is the first time
143 Mpi
key_id(128); // TODO: hardcoded size
144 Mpi
l(128); // TODO: hardcoded size
146 key_id
= l
.mul2exp(48) + r
;
148 Mpi
salt(master_salt_
.getBuf(), master_salt_
.getLength());
149 Mpi
x(128); // TODO: hardcoded size
153 u_int8_t
*ctr_buf
= x
.mul2exp(16).getNewBuf(&written
); // TODO: hardcoded size
154 err
= gcry_cipher_setctr( cipher_
, ctr_buf
, written
);
158 char buf
[STERROR_TEXT_MAX
];
160 cLog
.msg(Log::PRIO_ERR
) << "KeyDerivation::generate: Failed to set CTR: " << gpg_strerror_r(err
, buf
, STERROR_TEXT_MAX
);
163 for(u_int32_t i
=0; i
< key
.getLength(); ++i
) key
[i
] = 0;
164 err
= gcry_cipher_encrypt( cipher_
, key
, key
.getLength(), NULL
, 0);
166 char buf
[STERROR_TEXT_MAX
];
168 cLog
.msg(Log::PRIO_ERR
) << "KeyDerivation::generate: Failed to generate cipher bitstream: " << gpg_strerror_r(err
, buf
, STERROR_TEXT_MAX
);