keyDerivation.cpp

   1 /*
   2  *  anytun
   3  *
   4  *  The secure anycast tunneling protocol (satp) defines a protocol used
   5  *  for communication between any combination of unicast and anycast
   6  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
   7  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
   8  *  ethernet, ip, arp ...). satp directly includes cryptography and
   9  *  message authentication based on the methodes used by SRTP.  It is
  10  *  intended to deliver a generic, scaleable and secure solution for
  11  *  tunneling and relaying of packets of any protocol.
  12  *
  13  *
  14  *  Copyright (C) 2007 anytun.org <satp@wirdorange.org>
  15  *
  16  *  This program is free software; you can redistribute it and/or modify
  17  *  it under the terms of the GNU General Public License version 2
  18  *  as published by the Free Software Foundation.
  19  *
  20  *  This program is distributed in the hope that it will be useful,
  21  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  22  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  23  *  GNU General Public License for more details.
  24  *
  25  *  You should have received a copy of the GNU General Public License
  26  *  along with this program (see the file COPYING included with this
  27  *  distribution); if not, write to the Free Software Foundation, Inc.,
  28  *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  29  */
  30
  31
  32 #include "log.h"
  33 #include "keyDerivation.h"
  34 #include "mpi.h"
  35 #include "threadUtils.hpp"
  36
  37 #include <stdexcept>
  38 #include <iostream>
  39 #include <string>
  40
  41 #include <gcrypt.h>
  42
  43
  44 void KeyDerivation::init(Buffer key, Buffer salt)
  45 {
  46   Lock lock(mutex_);
  47   gcry_error_t err;
  48
  49   // TODO: hardcoded cipher-type and keysize??
  50   err = gcry_cipher_open( &cipher_, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR, 0 );
  51   if( err ) {
  52     cLog.msg(Log::PRIO_ERR) << "KeyDerivation::init: Failed to open cipher: " << gpg_strerror( err );
  53     return;
  54   }
  55
  56   master_salt_ = SyncBuffer(salt);
  57   master_key_ = SyncBuffer(key);
  58
  59   updateMasterKey();
  60 }
  61
  62 void KeyDerivation::updateMasterKey()
  63 {
  64   gcry_error_t err;
  65
  66   err = gcry_cipher_setkey( cipher_, master_key_.getBuf(), master_key_.getLength() );
  67   if( err )
  68     cLog.msg(Log::PRIO_ERR) << "KeyDerivation::updateMasterKey: Failed to set cipher key: " << gpg_strerror( err );
  69 }
  70
  71 KeyDerivation::~KeyDerivation()
  72 {
  73   Lock lock(mutex_);
  74   gcry_cipher_close( cipher_ );
  75 }
  76
  77 void KeyDerivation::setLogKDRate(const uint8_t log_rate)
  78 {
  79   Lock lock(mutex_);
  80   if( log_rate < 49 )
  81     ld_kdr_ = log_rate;
  82 }
  83
  84 void KeyDerivation::generate(satp_prf_label label, seq_nr_t seq_nr, Buffer& key)
  85 {
  86   Lock lock(mutex_);
  87
  88   gcry_error_t err = gcry_cipher_reset( cipher_ );
  89   if( err )
  90     cLog.msg(Log::PRIO_ERR) << "KeyDerivation::generate: Failed to reset cipher: " << gpg_strerror( err );
  91
  92   // see at: http://tools.ietf.org/html/rfc3711#section-4.3
  93   // *  Let r = index DIV key_derivation_rate (with DIV as defined above).
  94   // *  Let key_id = <label> || r.
  95   // *  Let x = key_id XOR master_salt, where key_id and master_salt are
  96   //    aligned so that their least significant bits agree (right-
  97   //    alignment).
  98   //
  99
 100   Mpi r(48); // ld(kdr) <= 48
 101   if( ld_kdr_ == -1 )    // means key_derivation_rate = 0
 102     r = 0;  // TODO: no new key should be generated if r == 0, except it is the first time
 103   else
 104   {
 105     Mpi seq(32);
 106     seq = seq_nr;
 107     Mpi rate(48);
 108     rate = 1;
 109     rate = rate.mul2exp(ld_kdr_);
 110     r = seq / rate;
 111   }
 112       // TODO: generate key only if index % r == 0, except it is the first time
 113
 114   Mpi key_id(128);                                                   // TODO: hardcoded size
 115   Mpi l(128);                                                 // TODO: hardcoded size
 116   l = label;
 117   key_id = l.mul2exp(48) + r;
 118
 119   Mpi salt(master_salt_.getBuf(), master_salt_.getLength());
 120   Mpi x(128);                                                        // TODO: hardcoded size
 121   x = key_id ^ salt;
 122
 123   u_int32_t written;
 124   u_int8_t *ctr_buf = x.mul2exp(16).getNewBuf(&written);         // TODO: hardcoded size
 125   err = gcry_cipher_setctr( cipher_ , ctr_buf, written );
 126   delete[] ctr_buf;
 127
 128   if( err )
 129     cLog.msg(Log::PRIO_ERR) << "KeyDerivation::generate: Failed to set CTR: " << gpg_strerror( err );
 130
 131   for(u_int32_t i=0; i < key.getLength(); ++i) key[i] = 0;
 132   err = gcry_cipher_encrypt( cipher_, key, key.getLength(), NULL, 0);
 133   if( err )
 134     cLog.msg(Log::PRIO_ERR) << "KeyDerivation::generate: Failed to generate cipher bitstream: " << gpg_strerror( err );
 135 }