- code cleaned up
[strongswan.git] / Source / charon / sa / authenticator.c
1 /**
2 * @file authenticator.c
3 *
4 * @brief Implementation of authenticator.
5 *
6 */
7
8 /*
9 * Copyright (C) 2005 Jan Hutter, Martin Willi
10 * Hochschule fuer Technik Rapperswil
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * for more details.
21 */
22
23 #include "authenticator.h"
24
25 #include <utils/allocator.h>
26 #include <daemon.h>
27
28 /**
29 * Key pad for the AUTH method SHARED_KEY_MESSAGE_INTEGRITY_CODE.
30 */
31 #define IKE_V2_KEY_PAD "Key Pad for IKEv2"
32
33 /**
34 * Length of key pad in bytes.
35 */
36 #define IKE_V2_KEY_PAD_LEN strlen(IKE_V2_KEY_PAD)
37
38 typedef struct private_authenticator_t private_authenticator_t;
39
40 /**
41 * Private data of an authenticator_t object.
42 */
43 struct private_authenticator_t {
44
45 /**
46 * Public authenticator_t interface.
47 */
48 authenticator_t public;
49
50 /**
51 * Assigned IKE_SA. Needed to get objects of type prf_t, sa_config_t and logger_t.
52 */
53 protected_ike_sa_t *ike_sa;
54
55 /**
56 * PRF taken from the IKE_SA.
57 */
58 prf_t *prf;
59
60 /**
61 * A logger for.
62 *
63 * Using logger of IKE_SA.
64 */
65 logger_t *logger;
66
67 /**
68 * Creates the octets which are signed (RSA) or MACed (shared secret) as described in section
69 * 2.15 of draft.
70 *
71 * @param this calling object
72 * @param last_message the last message to include in created octets
73 * (either binary form of IKE_SA_INIT request or IKE_SA_INIT response)
74 * @param other_nonce Nonce data received from other peer
75 * @param my_id id_payload_t object representing an ID payload
76 * @param initiator Type of peer. TRUE, if it is original initiator, FALSE otherwise
77 * @return octets as described in section 2.15. Memory gets allocated and has to get
78 * destroyed by caller.
79 */
80 chunk_t (*allocate_octets) (private_authenticator_t *this,chunk_t last_message, chunk_t other_nonce,id_payload_t *my_id, bool initiator);
81
82 /**
83 * Creates the AUTH data using auth method SHARED_KEY_MESSAGE_INTEGRITY_CODE.
84 *
85 * @param this calling object
86 * @param last_message the last message
87 * (either binary form of IKE_SA_INIT request or IKE_SA_INIT response)
88 * @param nonce Nonce data to include in auth data compution
89 * @param id_payload id_payload_t object representing an ID payload
90 * @param initiator Type of peer. TRUE, if it is original initiator, FALSE otherwise
91 * @param shared_secret shared secret as chunk_t. If shared secret is a string, the NULL termination is not included.
92 * @return AUTH data as dscribed in section 2.15 for AUTH method SHARED_KEY_MESSAGE_INTEGRITY_CODE.
93 * Memory gets allocated and has to get destroyed by caller.
94 */
95 chunk_t (*allocate_auth_data_with_preshared_secret) (private_authenticator_t *this,chunk_t last_message, chunk_t nonce,id_payload_t *id_payload, bool initiator,chunk_t preshared_secret);
96 };
97
98 /**
99 * Implementation of private_authenticator_t.allocate_octets.
100 */
101 static chunk_t allocate_octets(private_authenticator_t *this,chunk_t last_message, chunk_t other_nonce,id_payload_t *my_id, bool initiator)
102 {
103 chunk_t id_chunk = my_id->get_data(my_id);
104 u_int8_t id_with_header[4 + id_chunk.len];
105 /*
106 * IKEv2 for linux (http://sf.net/projects/ikev2/)
107 * is not compatible with IKEv2 Draft and so not compatible with this
108 * implementation, cause AUTH data are computed without
109 * ID type and the three reserved bytes.
110 */
111 chunk_t id_with_header_chunk = {ptr:id_with_header, len: sizeof(id_with_header)};
112 u_int8_t *current_pos;
113 chunk_t octets;
114
115 id_with_header[0] = my_id->get_id_type(my_id);
116 /* TODO:
117 * Reserved bytes are not in any case zero.
118 */
119 id_with_header[1] = 0x00;
120 id_with_header[2] = 0x00;
121 id_with_header[3] = 0x00;
122 memcpy(id_with_header + 4,id_chunk.ptr,id_chunk.len);
123
124 if (initiator)
125 {
126 this->prf->set_key(this->prf,this->ike_sa->get_key_pi(this->ike_sa));
127 }
128 else
129 {
130 this->prf->set_key(this->prf,this->ike_sa->get_key_pr(this->ike_sa));
131 }
132
133
134 /* 4 bytes are id type and reserved fields of id payload */
135 octets.len = last_message.len + other_nonce.len + this->prf->get_block_size(this->prf);
136 octets.ptr = allocator_alloc(octets.len);
137 current_pos = octets.ptr;
138 memcpy(current_pos,last_message.ptr,last_message.len);
139 current_pos += last_message.len;
140 memcpy(current_pos,other_nonce.ptr,other_nonce.len);
141 current_pos += other_nonce.len;
142 this->prf->get_bytes(this->prf,id_with_header_chunk,current_pos);
143
144 this->logger->log_chunk(this->logger,RAW | LEVEL2, "Octets (Mesage + Nonce + prf(Sk_px,Idx)",&octets);
145 return octets;
146 }
147
148 /**
149 * Implementation of private_authenticator_t.allocate_auth_data_with_preshared_secret.
150 */
151 static chunk_t allocate_auth_data_with_preshared_secret (private_authenticator_t *this,chunk_t last_message, chunk_t nonce,id_payload_t *id_payload, bool initiator,chunk_t preshared_secret)
152 {
153 chunk_t key_pad = {ptr: IKE_V2_KEY_PAD, len:IKE_V2_KEY_PAD_LEN};
154 u_int8_t key_buffer[this->prf->get_block_size(this->prf)];
155 chunk_t key = {ptr: key_buffer, len: sizeof(key_buffer)};
156 chunk_t auth_data;
157
158 chunk_t octets = this->allocate_octets(this,last_message,nonce,id_payload,initiator);
159
160 /*
161 * AUTH = prf(prf(Shared Secret,"Key Pad for IKEv2"), <msg octets>)
162 */
163
164 this->prf->set_key(this->prf,preshared_secret);
165 this->prf->get_bytes(this->prf,key_pad,key_buffer);
166 this->prf->set_key(this->prf,key);
167 this->prf->allocate_bytes(this->prf,octets,&auth_data);
168 allocator_free_chunk(&octets);
169 this->logger->log_chunk(this->logger,RAW | LEVEL2, "Authenticated data",&auth_data);
170
171 return auth_data;
172 }
173
174 /**
175 * Implementation of authenticator_t.verify_auth_data.
176 */
177 static status_t verify_auth_data (private_authenticator_t *this,auth_payload_t *auth_payload, chunk_t last_received_packet,chunk_t my_nonce,id_payload_t *other_id_payload,bool initiator)
178 {
179 switch(auth_payload->get_auth_method(auth_payload))
180 {
181 case SHARED_KEY_MESSAGE_INTEGRITY_CODE:
182 {
183 identification_t *other_id = other_id_payload->get_identification(other_id_payload);
184 chunk_t auth_data = auth_payload->get_data(auth_payload);
185 chunk_t preshared_secret;
186 status_t status;
187
188 status = charon->configuration_manager->get_shared_secret(charon->configuration_manager,other_id,&preshared_secret);
189 other_id->destroy(other_id);
190 if (status != SUCCESS)
191 {
192 return status;
193 }
194
195 chunk_t my_auth_data = this->allocate_auth_data_with_preshared_secret(this,last_received_packet,my_nonce,other_id_payload,initiator,preshared_secret);
196
197 if (auth_data.len != my_auth_data.len)
198 {
199 allocator_free_chunk(&my_auth_data);
200 return FAILED;
201 }
202 if (memcmp(auth_data.ptr,my_auth_data.ptr,my_auth_data.len) == 0)
203 {
204 status = SUCCESS;
205 }
206 else
207 {
208 status = FAILED;
209 }
210 allocator_free_chunk(&my_auth_data);
211 return status;
212 }
213 case RSA_DIGITAL_SIGNATURE:
214 {
215 identification_t *other_id = other_id_payload->get_identification(other_id_payload);
216 rsa_public_key_t *public_key;
217 status_t status;
218 chunk_t octets, auth_data;
219
220 auth_data = auth_payload->get_data(auth_payload);
221
222 status = charon->configuration_manager->get_rsa_public_key(charon->configuration_manager, other_id, &public_key);
223 other_id->destroy(other_id);
224 if (status != SUCCESS)
225 {
226 return status;
227 }
228
229 octets = this->allocate_octets(this,last_received_packet,my_nonce,other_id_payload,initiator);
230
231 status = public_key->verify_emsa_pkcs1_signature(public_key, octets, auth_data);
232
233 allocator_free_chunk(&octets);
234 return status;
235 }
236 default:
237 {
238 return NOT_SUPPORTED;
239 }
240 }
241 }
242
243 /**
244 * Implementation of authenticator_t.compute_auth_data.
245 */
246 static status_t compute_auth_data (private_authenticator_t *this,auth_payload_t **auth_payload, chunk_t last_sent_packet,chunk_t other_nonce,id_payload_t *my_id_payload,bool initiator)
247 {
248 sa_config_t *sa_config = this->ike_sa->get_sa_config(this->ike_sa);
249
250 switch(sa_config->get_auth_method(sa_config))
251 {
252 case SHARED_KEY_MESSAGE_INTEGRITY_CODE:
253 {
254 identification_t *my_id =my_id_payload->get_identification(my_id_payload);
255 chunk_t preshared_secret;
256 status_t status;
257
258 status = charon->configuration_manager->get_shared_secret(charon->configuration_manager,my_id,&preshared_secret);
259
260 my_id->destroy(my_id);
261 if (status != SUCCESS)
262 {
263 return status;
264 }
265
266 chunk_t auth_data = this->allocate_auth_data_with_preshared_secret(this,last_sent_packet,other_nonce,my_id_payload,initiator,preshared_secret);
267
268 *auth_payload = auth_payload_create();
269 (*auth_payload)->set_auth_method((*auth_payload),SHARED_KEY_MESSAGE_INTEGRITY_CODE);
270 (*auth_payload)->set_data((*auth_payload),auth_data);
271
272 allocator_free_chunk(&auth_data);
273 return SUCCESS;
274 }
275 case RSA_DIGITAL_SIGNATURE:
276 {
277 identification_t *my_id = my_id_payload->get_identification(my_id_payload);
278 rsa_private_key_t *private_key;
279 status_t status;
280 chunk_t octets, auth_data;
281
282 status = charon->configuration_manager->get_rsa_private_key(charon->configuration_manager, my_id, &private_key);
283 my_id->destroy(my_id);
284 if (status != SUCCESS)
285 {
286 return status;
287 }
288
289 octets = this->allocate_octets(this,last_sent_packet,other_nonce,my_id_payload,initiator);
290
291 status = private_key->build_emsa_pkcs1_signature(private_key, HASH_SHA1, octets, &auth_data);
292 allocator_free_chunk(&octets);
293 if (status != SUCCESS)
294 {
295 return status;
296 }
297
298 *auth_payload = auth_payload_create();
299 (*auth_payload)->set_auth_method((*auth_payload), RSA_DIGITAL_SIGNATURE);
300 (*auth_payload)->set_data((*auth_payload),auth_data);
301
302 allocator_free_chunk(&auth_data);
303 return SUCCESS;
304 }
305 default:
306 {
307 return NOT_SUPPORTED;
308 }
309 }
310 }
311
312 /**
313 * Implementation of authenticator_t.destroy.
314 */
315 static void destroy (private_authenticator_t *this)
316 {
317 allocator_free(this);
318 }
319
320 /*
321 * Described in header.
322 */
323 authenticator_t *authenticator_create(protected_ike_sa_t *ike_sa)
324 {
325 private_authenticator_t *this = allocator_alloc_thing(private_authenticator_t);
326
327 /* Public functions */
328 this->public.destroy = (void(*)(authenticator_t*))destroy;
329 this->public.verify_auth_data = (status_t (*) (authenticator_t *,auth_payload_t *, chunk_t ,chunk_t ,id_payload_t *,bool)) verify_auth_data;
330 this->public.compute_auth_data = (status_t (*) (authenticator_t *,auth_payload_t **, chunk_t ,chunk_t ,id_payload_t *,bool)) compute_auth_data;
331
332 /* private functions */
333 this->allocate_octets = allocate_octets;
334 this->allocate_auth_data_with_preshared_secret = allocate_auth_data_with_preshared_secret;
335
336 /* private data */
337 this->ike_sa = ike_sa;
338 this->prf = this->ike_sa->get_prf(this->ike_sa);
339 this->logger = this->ike_sa->get_logger(this->ike_sa);
340
341 return &(this->public);
342 }