]> git.ipfire.org Git - thirdparty/strongswan.git/blob - src/charon-tkm/src/tkm/tkm_keymat.c
projects / thirdparty / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Update copyright headers after acquisition by secunet
[thirdparty/strongswan.git] / src / charon-tkm / src / tkm / tkm_keymat.c
1 /*
2 * Copyright (C) 2015 Tobias Brunner
3 * Copyright (C) 2012 Reto Buerki
4 * Copyright (C) 2012 Adrian-Ken Rueegsegger
5 *
6 * Copyright (C) secunet Security Networks AG
7 *
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the
10 * Free Software Foundation; either version 2 of the License, or (at your
11 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
12 *
13 * This program is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
15 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
16 * for more details.
17 */
18
19 #include <daemon.h>
20 #include <tkm/constants.h>
21 #include <tkm/client.h>
22 #include <crypto/hashers/hash_algorithm_set.h>
23
24 #include "tkm.h"
25 #include "tkm_types.h"
26 #include "tkm_utils.h"
27 #include "tkm_diffie_hellman.h"
28 #include "tkm_keymat.h"
29 #include "tkm_aead.h"
30
31 typedef struct private_tkm_keymat_t private_tkm_keymat_t;
32
33 /**
34 * Private data of a keymat_t object.
35 */
36 struct private_tkm_keymat_t {
37
38 /**
39 * Public tkm_keymat_t interface.
40 */
41 tkm_keymat_t public;
42
43 /**
44 * IKE_SA Role, initiator or responder.
45 */
46 bool initiator;
47
48 /**
49 * AEAD implementation.
50 */
51 aead_t *aead;
52
53 /**
54 * ISA context id.
55 */
56 isa_id_type isa_ctx_id;
57
58 /**
59 * AE context id.
60 */
61 ae_id_type ae_ctx_id;
62
63 /**
64 * AUTH payload chunk.
65 */
66 chunk_t auth_payload;
67
68 /**
69 * Peer init message chunk.
70 */
71 chunk_t other_init_msg;
72
73 /**
74 * Set of hash algorithms supported by peer for signature authentication
75 */
76 hash_algorithm_set_t *hash_algorithms;
77 };
78
79 METHOD(keymat_t, get_version, ike_version_t,
80 private_tkm_keymat_t *this)
81 {
82 return IKEV2;
83 }
84
85 METHOD(keymat_t, create_dh, diffie_hellman_t*,
86 private_tkm_keymat_t *this, diffie_hellman_group_t group)
87 {
88 return lib->crypto->create_dh(lib->crypto, group);
89 }
90
91 METHOD(keymat_t, create_nonce_gen, nonce_gen_t*,
92 private_tkm_keymat_t *this)
93 {
94 return lib->crypto->create_nonce_gen(lib->crypto);
95 }
96
97 METHOD(keymat_v2_t, derive_ike_keys, bool,
98 private_tkm_keymat_t *this, proposal_t *proposal, diffie_hellman_t *dh,
99 chunk_t nonce_i, chunk_t nonce_r, ike_sa_id_t *id,
100 pseudo_random_function_t rekey_function, chunk_t rekey_skd)
101 {
102 uint64_t nc_id, spi_loc, spi_rem;
103 chunk_t *nonce;
104 tkm_diffie_hellman_t *tkm_dh;
105 dh_id_type dh_id;
106 nonce_type nonce_rem;
107 result_type res;
108 block_len_type block_len;
109 icv_len_type icv_len;
110 iv_len_type iv_len;
111
112 /* Acquire nonce context id */
113 nonce = this->initiator ? &nonce_i : &nonce_r;
114 nc_id = tkm->chunk_map->get_id(tkm->chunk_map, nonce);
115 if (!nc_id)
116 {
117 DBG1(DBG_IKE, "unable to acquire context id for nonce");
118 return FALSE;
119 }
120
121 /* Get DH context id */
122 tkm_dh = (tkm_diffie_hellman_t *)dh;
123 dh_id = tkm_dh->get_id(tkm_dh);
124
125 if (this->initiator)
126 {
127 chunk_to_sequence(&nonce_r, &nonce_rem, sizeof(nonce_type));
128 spi_loc = id->get_initiator_spi(id);
129 spi_rem = id->get_responder_spi(id);
130 }
131 else
132 {
133 chunk_to_sequence(&nonce_i, &nonce_rem, sizeof(nonce_type));
134 spi_loc = id->get_responder_spi(id);
135 spi_rem = id->get_initiator_spi(id);
136 }
137
138 if (rekey_function == PRF_UNDEFINED)
139 {
140 this->ae_ctx_id = tkm->idmgr->acquire_id(tkm->idmgr, TKM_CTX_AE);
141 if (!this->ae_ctx_id)
142 {
143 DBG1(DBG_IKE, "unable to acquire ae context id");
144 return FALSE;
145 }
146 DBG1(DBG_IKE, "deriving IKE keys (nc: %llu, dh: %llu, spi_loc: %llx, "
147 "spi_rem: %llx)", nc_id, dh_id, spi_loc, spi_rem);
148 res = ike_isa_create(this->isa_ctx_id, this->ae_ctx_id, 1, dh_id, nc_id,
149 nonce_rem, this->initiator, spi_loc, spi_rem,
150 &block_len, &icv_len, &iv_len);
151 }
152 else
153 {
154 isa_info_t isa_info;
155
156 if (rekey_skd.ptr == NULL || rekey_skd.len != sizeof(isa_info_t))
157 {
158 DBG1(DBG_IKE, "unable to retrieve parent isa info");
159 return FALSE;
160 }
161 isa_info = *((isa_info_t *)(rekey_skd.ptr));
162 DBG1(DBG_IKE, "deriving IKE keys (parent_isa: %llu, ae: %llu, nc: %llu,"
163 " dh: %llu, spi_loc: %llx, spi_rem: %llx)", isa_info.parent_isa_id,
164 isa_info.ae_id, nc_id, dh_id, spi_loc, spi_rem);
165
166 if (!tkm->idmgr->acquire_ref(tkm->idmgr, TKM_CTX_AE, isa_info.ae_id))
167 {
168 DBG1(DBG_IKE, "unable to acquire reference for ae: %llu",
169 isa_info.ae_id);
170 return FALSE;
171 }
172 this->ae_ctx_id = isa_info.ae_id;
173 res = ike_isa_create_child(this->isa_ctx_id, isa_info.parent_isa_id, 1,
174 dh_id, nc_id, nonce_rem, this->initiator,
175 spi_loc, spi_rem, &block_len, &icv_len,
176 &iv_len);
177 chunk_free(&rekey_skd);
178 }
179
180 if (res != TKM_OK)
181 {
182 DBG1(DBG_IKE, "key derivation failed (isa: %llu)", this->isa_ctx_id);
183 return FALSE;
184 }
185
186 this->aead = tkm_aead_create(this->isa_ctx_id, block_len, icv_len, iv_len);
187
188 /* TODO: Add failure handler (see keymat_v2.c) */
189
190 tkm->chunk_map->remove(tkm->chunk_map, nonce);
191 if (ike_nc_reset(nc_id) != TKM_OK)
192 {
193 DBG1(DBG_IKE, "failed to reset nonce context %llu", nc_id);
194 }
195 tkm->idmgr->release_id(tkm->idmgr, TKM_CTX_NONCE, nc_id);
196
197 return TRUE;
198 }
199
200 METHOD(keymat_v2_t, derive_child_keys, bool,
201 private_tkm_keymat_t *this, proposal_t *proposal, diffie_hellman_t *dh,
202 chunk_t nonce_i, chunk_t nonce_r, chunk_t *encr_i, chunk_t *integ_i,
203 chunk_t *encr_r, chunk_t *integ_r)
204 {
205 esa_info_t *esa_info_i, *esa_info_r;
206 dh_id_type dh_id = 0;
207
208 if (dh)
209 {
210 dh_id = ((tkm_diffie_hellman_t *)dh)->get_id((tkm_diffie_hellman_t *)dh);
211 }
212
213 INIT(esa_info_i,
214 .isa_id = this->isa_ctx_id,
215 .spi_r = proposal->get_spi(proposal),
216 .nonce_i = chunk_clone(nonce_i),
217 .nonce_r = chunk_clone(nonce_r),
218 .is_encr_r = FALSE,
219 .dh_id = dh_id,
220 );
221
222 INIT(esa_info_r,
223 .isa_id = this->isa_ctx_id,
224 .spi_r = proposal->get_spi(proposal),
225 .nonce_i = chunk_clone(nonce_i),
226 .nonce_r = chunk_clone(nonce_r),
227 .is_encr_r = TRUE,
228 .dh_id = dh_id,
229 );
230
231 DBG1(DBG_CHD, "passing on esa info (isa: %llu, spi_r: %x, dh_id: %llu)",
232 esa_info_i->isa_id, ntohl(esa_info_i->spi_r), esa_info_i->dh_id);
233
234 /* store ESA info in encr_i/r, which is passed to add_sa */
235 *encr_i = chunk_create((u_char *)esa_info_i, sizeof(esa_info_t));
236 *encr_r = chunk_create((u_char *)esa_info_r, sizeof(esa_info_t));
237 *integ_i = chunk_empty;
238 *integ_r = chunk_empty;
239
240 return TRUE;
241 }
242
243 METHOD(keymat_t, get_aead, aead_t*,
244 private_tkm_keymat_t *this, bool in)
245 {
246 return this->aead;
247 }
248
249 METHOD(keymat_v2_t, get_auth_octets, bool,
250 private_tkm_keymat_t *this, bool verify, chunk_t ike_sa_init,
251 chunk_t nonce, chunk_t ppk, identification_t *id, char reserved[3],
252 chunk_t *octets, array_t *schemes)
253 {
254 sign_info_t *sign;
255
256 if (verify)
257 {
258 /* store peer init message for authentication step */
259 this->other_init_msg = chunk_clone(ike_sa_init);
260 *octets = chunk_empty;
261 return TRUE;
262 }
263
264 INIT(sign,
265 .isa_id = this->isa_ctx_id,
266 .init_message = chunk_clone(ike_sa_init),
267 );
268
269 /*
270 * store signature info in AUTH octets, which is passed to the private key
271 * sign() operation
272 */
273 *octets = chunk_create((u_char *)sign, sizeof(sign_info_t));
274 return TRUE;
275 }
276
277 METHOD(keymat_v2_t, get_skd, pseudo_random_function_t,
278 private_tkm_keymat_t *this, chunk_t *skd)
279 {
280 isa_info_t *isa_info;
281
282 INIT(isa_info,
283 .parent_isa_id = this->isa_ctx_id,
284 .ae_id = this->ae_ctx_id,
285 );
286
287 *skd = chunk_create((u_char *)isa_info, sizeof(isa_info_t));
288
289 return PRF_HMAC_SHA2_512;
290 }
291
292 METHOD(keymat_v2_t, get_psk_sig, bool,
293 private_tkm_keymat_t *this, bool verify, chunk_t ike_sa_init, chunk_t nonce,
294 chunk_t secret, chunk_t ppk, identification_t *id, char reserved[3],
295 chunk_t *sig)
296 {
297 return FALSE;
298 }
299
300 METHOD(keymat_v2_t, hash_algorithm_supported, bool,
301 private_tkm_keymat_t *this, hash_algorithm_t hash)
302 {
303 if (!this->hash_algorithms)
304 {
305 return FALSE;
306 }
307 return this->hash_algorithms->contains(this->hash_algorithms, hash);
308 }
309
310 METHOD(keymat_v2_t, add_hash_algorithm, void,
311 private_tkm_keymat_t *this, hash_algorithm_t hash)
312 {
313 if (!this->hash_algorithms)
314 {
315 this->hash_algorithms = hash_algorithm_set_create();
316 }
317 this->hash_algorithms->add(this->hash_algorithms, hash);
318 }
319
320 METHOD(keymat_t, destroy, void,
321 private_tkm_keymat_t *this)
322 {
323 if (ike_isa_reset(this->isa_ctx_id) != TKM_OK)
324 {
325 DBG1(DBG_IKE, "failed to reset ISA context %d", this->isa_ctx_id);
326 }
327 tkm->idmgr->release_id(tkm->idmgr, TKM_CTX_ISA, this->isa_ctx_id);
328 /* only reset ae context if set */
329 if (this->ae_ctx_id != 0)
330 {
331 int count;
332 count = tkm->idmgr->release_id(tkm->idmgr, TKM_CTX_AE, this->ae_ctx_id);
333 if (count == 0 && ike_ae_reset(this->ae_ctx_id) != TKM_OK)
334 {
335 DBG1(DBG_IKE, "failed to reset AE context %d", this->ae_ctx_id);
336 }
337 }
338
339 DESTROY_IF(this->hash_algorithms);
340 DESTROY_IF(this->aead);
341 chunk_free(&this->auth_payload);
342 chunk_free(&this->other_init_msg);
343 free(this);
344 }
345
346 METHOD(tkm_keymat_t, get_isa_id, isa_id_type,
347 private_tkm_keymat_t *this)
348 {
349 return this->isa_ctx_id;
350 }
351
352 METHOD(tkm_keymat_t, set_auth_payload, void,
353 private_tkm_keymat_t *this, const chunk_t * const payload)
354 {
355 this->auth_payload = chunk_clone(*payload);
356 }
357
358 METHOD(tkm_keymat_t, get_auth_payload, chunk_t*,
359 private_tkm_keymat_t *this)
360 {
361 return &this->auth_payload;
362 }
363
364 METHOD(tkm_keymat_t, get_peer_init_msg, chunk_t*,
365 private_tkm_keymat_t *this)
366 {
367 return &this->other_init_msg;
368 }
369
370 /**
371 * See header.
372 */
373 tkm_keymat_t *tkm_keymat_create(bool initiator)
374 {
375 private_tkm_keymat_t *this;
376
377 INIT(this,
378 .public = {
379 .keymat_v2 = {
380 .keymat = {
381 .get_version = _get_version,
382 .create_dh = _create_dh,
383 .create_nonce_gen = _create_nonce_gen,
384 .get_aead = _get_aead,
385 .destroy = _destroy,
386 },
387 .derive_ike_keys = _derive_ike_keys,
388 .derive_ike_keys_ppk = (void*)return_false,
389 .derive_child_keys = _derive_child_keys,
390 .get_skd = _get_skd,
391 .get_auth_octets = _get_auth_octets,
392 .get_psk_sig = _get_psk_sig,
393 .add_hash_algorithm = _add_hash_algorithm,
394 .hash_algorithm_supported = _hash_algorithm_supported,
395 },
396 .get_isa_id = _get_isa_id,
397 .set_auth_payload = _set_auth_payload,
398 .get_auth_payload = _get_auth_payload,
399 .get_peer_init_msg = _get_peer_init_msg,
400 },
401 .initiator = initiator,
402 .isa_ctx_id = tkm->idmgr->acquire_id(tkm->idmgr, TKM_CTX_ISA),
403 .ae_ctx_id = 0,
404 .auth_payload = chunk_empty,
405 .other_init_msg = chunk_empty,
406 );
407
408 if (!this->isa_ctx_id)
409 {
410 free(this);
411 return NULL;
412 }
413
414 return &this->public;
415 }
Unnamed repository; edit this file 'description' to name the repository.