2 * Copyright (C) 2015 Tobias Brunner
3 * Copyright (C) 2012 Reto Buerki
4 * Copyright (C) 2012 Adrian-Ken Rueegsegger
6 * Copyright (C) secunet Security Networks AG
8 * This program is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the
10 * Free Software Foundation; either version 2 of the License, or (at your
11 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
13 * This program is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
15 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 #include <tkm/constants.h>
21 #include <tkm/client.h>
22 #include <crypto/hashers/hash_algorithm_set.h>
25 #include "tkm_types.h"
26 #include "tkm_utils.h"
27 #include "tkm_diffie_hellman.h"
28 #include "tkm_keymat.h"
31 typedef struct private_tkm_keymat_t private_tkm_keymat_t
;
34 * Private data of a keymat_t object.
36 struct private_tkm_keymat_t
{
39 * Public tkm_keymat_t interface.
44 * IKE_SA Role, initiator or responder.
49 * AEAD implementation.
56 isa_id_type isa_ctx_id
;
69 * Peer init message chunk.
71 chunk_t other_init_msg
;
74 * Set of hash algorithms supported by peer for signature authentication
76 hash_algorithm_set_t
*hash_algorithms
;
79 METHOD(keymat_t
, get_version
, ike_version_t
,
80 private_tkm_keymat_t
*this)
85 METHOD(keymat_t
, create_dh
, diffie_hellman_t
*,
86 private_tkm_keymat_t
*this, diffie_hellman_group_t group
)
88 return lib
->crypto
->create_dh(lib
->crypto
, group
);
91 METHOD(keymat_t
, create_nonce_gen
, nonce_gen_t
*,
92 private_tkm_keymat_t
*this)
94 return lib
->crypto
->create_nonce_gen(lib
->crypto
);
97 METHOD(keymat_v2_t
, derive_ike_keys
, bool,
98 private_tkm_keymat_t
*this, proposal_t
*proposal
, diffie_hellman_t
*dh
,
99 chunk_t nonce_i
, chunk_t nonce_r
, ike_sa_id_t
*id
,
100 pseudo_random_function_t rekey_function
, chunk_t rekey_skd
)
102 uint64_t nc_id
, spi_loc
, spi_rem
;
104 tkm_diffie_hellman_t
*tkm_dh
;
106 nonce_type nonce_rem
;
108 block_len_type block_len
;
109 icv_len_type icv_len
;
112 /* Acquire nonce context id */
113 nonce
= this->initiator
? &nonce_i
: &nonce_r
;
114 nc_id
= tkm
->chunk_map
->get_id(tkm
->chunk_map
, nonce
);
117 DBG1(DBG_IKE
, "unable to acquire context id for nonce");
121 /* Get DH context id */
122 tkm_dh
= (tkm_diffie_hellman_t
*)dh
;
123 dh_id
= tkm_dh
->get_id(tkm_dh
);
127 chunk_to_sequence(&nonce_r
, &nonce_rem
, sizeof(nonce_type
));
128 spi_loc
= id
->get_initiator_spi(id
);
129 spi_rem
= id
->get_responder_spi(id
);
133 chunk_to_sequence(&nonce_i
, &nonce_rem
, sizeof(nonce_type
));
134 spi_loc
= id
->get_responder_spi(id
);
135 spi_rem
= id
->get_initiator_spi(id
);
138 if (rekey_function
== PRF_UNDEFINED
)
140 this->ae_ctx_id
= tkm
->idmgr
->acquire_id(tkm
->idmgr
, TKM_CTX_AE
);
141 if (!this->ae_ctx_id
)
143 DBG1(DBG_IKE
, "unable to acquire ae context id");
146 DBG1(DBG_IKE
, "deriving IKE keys (nc: %llu, dh: %llu, spi_loc: %llx, "
147 "spi_rem: %llx)", nc_id
, dh_id
, spi_loc
, spi_rem
);
148 res
= ike_isa_create(this->isa_ctx_id
, this->ae_ctx_id
, 1, dh_id
, nc_id
,
149 nonce_rem
, this->initiator
, spi_loc
, spi_rem
,
150 &block_len
, &icv_len
, &iv_len
);
156 if (rekey_skd
.ptr
== NULL
|| rekey_skd
.len
!= sizeof(isa_info_t
))
158 DBG1(DBG_IKE
, "unable to retrieve parent isa info");
161 isa_info
= *((isa_info_t
*)(rekey_skd
.ptr
));
162 DBG1(DBG_IKE
, "deriving IKE keys (parent_isa: %llu, ae: %llu, nc: %llu,"
163 " dh: %llu, spi_loc: %llx, spi_rem: %llx)", isa_info
.parent_isa_id
,
164 isa_info
.ae_id
, nc_id
, dh_id
, spi_loc
, spi_rem
);
166 if (!tkm
->idmgr
->acquire_ref(tkm
->idmgr
, TKM_CTX_AE
, isa_info
.ae_id
))
168 DBG1(DBG_IKE
, "unable to acquire reference for ae: %llu",
172 this->ae_ctx_id
= isa_info
.ae_id
;
173 res
= ike_isa_create_child(this->isa_ctx_id
, isa_info
.parent_isa_id
, 1,
174 dh_id
, nc_id
, nonce_rem
, this->initiator
,
175 spi_loc
, spi_rem
, &block_len
, &icv_len
,
177 chunk_free(&rekey_skd
);
182 DBG1(DBG_IKE
, "key derivation failed (isa: %llu)", this->isa_ctx_id
);
186 this->aead
= tkm_aead_create(this->isa_ctx_id
, block_len
, icv_len
, iv_len
);
188 /* TODO: Add failure handler (see keymat_v2.c) */
190 tkm
->chunk_map
->remove(tkm
->chunk_map
, nonce
);
191 if (ike_nc_reset(nc_id
) != TKM_OK
)
193 DBG1(DBG_IKE
, "failed to reset nonce context %llu", nc_id
);
195 tkm
->idmgr
->release_id(tkm
->idmgr
, TKM_CTX_NONCE
, nc_id
);
200 METHOD(keymat_v2_t
, derive_child_keys
, bool,
201 private_tkm_keymat_t
*this, proposal_t
*proposal
, diffie_hellman_t
*dh
,
202 chunk_t nonce_i
, chunk_t nonce_r
, chunk_t
*encr_i
, chunk_t
*integ_i
,
203 chunk_t
*encr_r
, chunk_t
*integ_r
)
205 esa_info_t
*esa_info_i
, *esa_info_r
;
206 dh_id_type dh_id
= 0;
210 dh_id
= ((tkm_diffie_hellman_t
*)dh
)->get_id((tkm_diffie_hellman_t
*)dh
);
214 .isa_id
= this->isa_ctx_id
,
215 .spi_r
= proposal
->get_spi(proposal
),
216 .nonce_i
= chunk_clone(nonce_i
),
217 .nonce_r
= chunk_clone(nonce_r
),
223 .isa_id
= this->isa_ctx_id
,
224 .spi_r
= proposal
->get_spi(proposal
),
225 .nonce_i
= chunk_clone(nonce_i
),
226 .nonce_r
= chunk_clone(nonce_r
),
231 DBG1(DBG_CHD
, "passing on esa info (isa: %llu, spi_r: %x, dh_id: %llu)",
232 esa_info_i
->isa_id
, ntohl(esa_info_i
->spi_r
), esa_info_i
->dh_id
);
234 /* store ESA info in encr_i/r, which is passed to add_sa */
235 *encr_i
= chunk_create((u_char
*)esa_info_i
, sizeof(esa_info_t
));
236 *encr_r
= chunk_create((u_char
*)esa_info_r
, sizeof(esa_info_t
));
237 *integ_i
= chunk_empty
;
238 *integ_r
= chunk_empty
;
243 METHOD(keymat_t
, get_aead
, aead_t
*,
244 private_tkm_keymat_t
*this, bool in
)
249 METHOD(keymat_v2_t
, get_auth_octets
, bool,
250 private_tkm_keymat_t
*this, bool verify
, chunk_t ike_sa_init
,
251 chunk_t nonce
, chunk_t ppk
, identification_t
*id
, char reserved
[3],
252 chunk_t
*octets
, array_t
*schemes
)
258 /* store peer init message for authentication step */
259 this->other_init_msg
= chunk_clone(ike_sa_init
);
260 *octets
= chunk_empty
;
265 .isa_id
= this->isa_ctx_id
,
266 .init_message
= chunk_clone(ike_sa_init
),
270 * store signature info in AUTH octets, which is passed to the private key
273 *octets
= chunk_create((u_char
*)sign
, sizeof(sign_info_t
));
277 METHOD(keymat_v2_t
, get_skd
, pseudo_random_function_t
,
278 private_tkm_keymat_t
*this, chunk_t
*skd
)
280 isa_info_t
*isa_info
;
283 .parent_isa_id
= this->isa_ctx_id
,
284 .ae_id
= this->ae_ctx_id
,
287 *skd
= chunk_create((u_char
*)isa_info
, sizeof(isa_info_t
));
289 return PRF_HMAC_SHA2_512
;
292 METHOD(keymat_v2_t
, get_psk_sig
, bool,
293 private_tkm_keymat_t
*this, bool verify
, chunk_t ike_sa_init
, chunk_t nonce
,
294 chunk_t secret
, chunk_t ppk
, identification_t
*id
, char reserved
[3],
300 METHOD(keymat_v2_t
, hash_algorithm_supported
, bool,
301 private_tkm_keymat_t
*this, hash_algorithm_t hash
)
303 if (!this->hash_algorithms
)
307 return this->hash_algorithms
->contains(this->hash_algorithms
, hash
);
310 METHOD(keymat_v2_t
, add_hash_algorithm
, void,
311 private_tkm_keymat_t
*this, hash_algorithm_t hash
)
313 if (!this->hash_algorithms
)
315 this->hash_algorithms
= hash_algorithm_set_create();
317 this->hash_algorithms
->add(this->hash_algorithms
, hash
);
320 METHOD(keymat_t
, destroy
, void,
321 private_tkm_keymat_t
*this)
323 if (ike_isa_reset(this->isa_ctx_id
) != TKM_OK
)
325 DBG1(DBG_IKE
, "failed to reset ISA context %d", this->isa_ctx_id
);
327 tkm
->idmgr
->release_id(tkm
->idmgr
, TKM_CTX_ISA
, this->isa_ctx_id
);
328 /* only reset ae context if set */
329 if (this->ae_ctx_id
!= 0)
332 count
= tkm
->idmgr
->release_id(tkm
->idmgr
, TKM_CTX_AE
, this->ae_ctx_id
);
333 if (count
== 0 && ike_ae_reset(this->ae_ctx_id
) != TKM_OK
)
335 DBG1(DBG_IKE
, "failed to reset AE context %d", this->ae_ctx_id
);
339 DESTROY_IF(this->hash_algorithms
);
340 DESTROY_IF(this->aead
);
341 chunk_free(&this->auth_payload
);
342 chunk_free(&this->other_init_msg
);
346 METHOD(tkm_keymat_t
, get_isa_id
, isa_id_type
,
347 private_tkm_keymat_t
*this)
349 return this->isa_ctx_id
;
352 METHOD(tkm_keymat_t
, set_auth_payload
, void,
353 private_tkm_keymat_t
*this, const chunk_t
* const payload
)
355 this->auth_payload
= chunk_clone(*payload
);
358 METHOD(tkm_keymat_t
, get_auth_payload
, chunk_t
*,
359 private_tkm_keymat_t
*this)
361 return &this->auth_payload
;
364 METHOD(tkm_keymat_t
, get_peer_init_msg
, chunk_t
*,
365 private_tkm_keymat_t
*this)
367 return &this->other_init_msg
;
373 tkm_keymat_t
*tkm_keymat_create(bool initiator
)
375 private_tkm_keymat_t
*this;
381 .get_version
= _get_version
,
382 .create_dh
= _create_dh
,
383 .create_nonce_gen
= _create_nonce_gen
,
384 .get_aead
= _get_aead
,
387 .derive_ike_keys
= _derive_ike_keys
,
388 .derive_ike_keys_ppk
= (void*)return_false
,
389 .derive_child_keys
= _derive_child_keys
,
391 .get_auth_octets
= _get_auth_octets
,
392 .get_psk_sig
= _get_psk_sig
,
393 .add_hash_algorithm
= _add_hash_algorithm
,
394 .hash_algorithm_supported
= _hash_algorithm_supported
,
396 .get_isa_id
= _get_isa_id
,
397 .set_auth_payload
= _set_auth_payload
,
398 .get_auth_payload
= _get_auth_payload
,
399 .get_peer_init_msg
= _get_peer_init_msg
,
401 .initiator
= initiator
,
402 .isa_ctx_id
= tkm
->idmgr
->acquire_id(tkm
->idmgr
, TKM_CTX_ISA
),
404 .auth_payload
= chunk_empty
,
405 .other_init_msg
= chunk_empty
,
408 if (!this->isa_ctx_id
)
414 return &this->public;