- reworked configuration framework completly
[strongswan.git] / Source / charon / sa / authenticator.c
1 /**
2 * @file authenticator.c
3 *
4 * @brief Implementation of authenticator_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2005 Jan Hutter, Martin Willi
10 * Hochschule fuer Technik Rapperswil
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * for more details.
21 */
22
23 #include "authenticator.h"
24
25 #include <utils/allocator.h>
26 #include <daemon.h>
27
28 /**
29 * Key pad for the AUTH method SHARED_KEY_MESSAGE_INTEGRITY_CODE.
30 */
31 #define IKEV2_KEY_PAD "Key Pad for IKEv2"
32
33
34 typedef struct private_authenticator_t private_authenticator_t;
35
36 /**
37 * Private data of an authenticator_t object.
38 */
39 struct private_authenticator_t {
40
41 /**
42 * Public authenticator_t interface.
43 */
44 authenticator_t public;
45
46 /**
47 * Assigned IKE_SA. Needed to get objects of type prf_t and logger_t.
48 */
49 protected_ike_sa_t *ike_sa;
50
51 /**
52 * PRF taken from the IKE_SA.
53 */
54 prf_t *prf;
55
56 /**
57 * A logger for.
58 *
59 * Using logger of IKE_SA.
60 */
61 logger_t *logger;
62
63 /**
64 * @brief Creates the octets which are signed (RSA) or MACed (shared secret) as described in section
65 * 2.15 of RFC.
66 *
67 * @param this calling object
68 * @param last_message the last message to include in created octets
69 * (either binary form of IKE_SA_INIT request or IKE_SA_INIT response)
70 * @param other_nonce Nonce data received from other peer
71 * @param my_id id_payload_t object representing an ID payload
72 * @param initiator Type of peer. TRUE, if it is original initiator, FALSE otherwise
73 * @return octets as described in section 2.15. Memory gets allocated and has to get
74 * destroyed by caller.
75 */
76 chunk_t (*allocate_octets) (private_authenticator_t *this,
77 chunk_t last_message,
78 chunk_t other_nonce,
79 id_payload_t *my_id,
80 bool initiator);
81
82 /**
83 * @brief Creates the AUTH data using auth method SHARED_KEY_MESSAGE_INTEGRITY_CODE.
84 *
85 * @param this calling object
86 * @param last_message the last message
87 * (either binary form of IKE_SA_INIT request or IKE_SA_INIT response)
88 * @param nonce Nonce data to include in auth data compution
89 * @param id_payload id_payload_t object representing an ID payload
90 * @param initiator Type of peer. TRUE, if it is original initiator, FALSE otherwise
91 * @param shared_secret shared secret as chunk_t. If shared secret is a string,
92 * the NULL termination is not included.
93 * @return AUTH data as dscribed in section 2.15 for
94 * AUTH method SHARED_KEY_MESSAGE_INTEGRITY_CODE.
95 * Memory gets allocated and has to get destroyed by caller.
96 */
97 chunk_t (*build_preshared_secret_signature) (private_authenticator_t *this,
98 chunk_t last_message,
99 chunk_t nonce,
100 id_payload_t *id_payload,
101 bool initiator,
102 chunk_t preshared_secret);
103 };
104
105 /**
106 * Implementation of private_authenticator_t.allocate_octets.
107 */
108 static chunk_t allocate_octets(private_authenticator_t *this,
109 chunk_t last_message,
110 chunk_t other_nonce,
111 id_payload_t *my_id,
112 bool initiator)
113 {
114 prf_t *prf;
115 chunk_t id_chunk = my_id->get_data(my_id);
116 u_int8_t id_with_header[4 + id_chunk.len];
117 /*
118 * IKEv2 for linux (http://sf.net/projects/ikev2/)
119 * is not compatible with IKEv2 Draft and so not compatible with this
120 * implementation, cause AUTH data are computed without
121 * ID type and the three reserved bytes.
122 */
123 chunk_t id_with_header_chunk = {ptr:id_with_header, len: sizeof(id_with_header)};
124 u_int8_t *current_pos;
125 chunk_t octets;
126
127 id_with_header[0] = my_id->get_id_type(my_id);
128 /* TODO:
129 * Reserved bytes are not in any case zero.
130 */
131 id_with_header[1] = 0x00;
132 id_with_header[2] = 0x00;
133 id_with_header[3] = 0x00;
134 memcpy(id_with_header + 4,id_chunk.ptr,id_chunk.len);
135
136 if (initiator)
137 {
138 prf = this->ike_sa->get_prf_auth_i(this->ike_sa);
139 }
140 else
141 {
142 prf = this->ike_sa->get_prf_auth_r(this->ike_sa);
143 }
144
145 /* 4 bytes are id type and reserved fields of id payload */
146 octets.len = last_message.len + other_nonce.len + prf->get_block_size(prf);
147 octets.ptr = allocator_alloc(octets.len);
148 current_pos = octets.ptr;
149 memcpy(current_pos,last_message.ptr,last_message.len);
150 current_pos += last_message.len;
151 memcpy(current_pos,other_nonce.ptr,other_nonce.len);
152 current_pos += other_nonce.len;
153 prf->get_bytes(prf, id_with_header_chunk, current_pos);
154
155 this->logger->log_chunk(this->logger,RAW | LEVEL2, "Octets (Mesage + Nonce + prf(Sk_px,Idx)",octets);
156 return octets;
157 }
158
159 /**
160 * Implementation of private_authenticator_t.build_preshared_secret_signature.
161 */
162 static chunk_t build_preshared_secret_signature(private_authenticator_t *this,
163 chunk_t last_message,
164 chunk_t nonce,
165 id_payload_t *id_payload,
166 bool initiator,
167 chunk_t preshared_secret)
168 {
169 chunk_t key_pad = {ptr: IKEV2_KEY_PAD, len:strlen(IKEV2_KEY_PAD)};
170 u_int8_t key_buffer[this->prf->get_block_size(this->prf)];
171 chunk_t key = {ptr: key_buffer, len: sizeof(key_buffer)};
172 chunk_t auth_data;
173
174 chunk_t octets = this->allocate_octets(this,last_message,nonce,id_payload,initiator);
175
176 /* AUTH = prf(prf(Shared Secret,"Key Pad for IKEv2"), <msg octets>) */
177 this->prf->set_key(this->prf, preshared_secret);
178 this->prf->get_bytes(this->prf, key_pad, key_buffer);
179 this->prf->set_key(this->prf, key);
180 this->prf->allocate_bytes(this->prf, octets, &auth_data);
181 allocator_free_chunk(&octets);
182 this->logger->log_chunk(this->logger,RAW | LEVEL2, "Authenticated data",auth_data);
183
184 return auth_data;
185 }
186
187 /**
188 * Implementation of authenticator_t.verify_auth_data.
189 */
190 static status_t verify_auth_data (private_authenticator_t *this,
191 auth_payload_t *auth_payload,
192 chunk_t last_received_packet,
193 chunk_t my_nonce,
194 id_payload_t *other_id_payload,
195 bool initiator)
196 {
197 switch(auth_payload->get_auth_method(auth_payload))
198 {
199 case SHARED_KEY_MESSAGE_INTEGRITY_CODE:
200 {
201 identification_t *other_id = other_id_payload->get_identification(other_id_payload);
202 chunk_t auth_data = auth_payload->get_data(auth_payload);
203 chunk_t preshared_secret;
204 status_t status;
205
206 status = charon->credentials->get_shared_secret(charon->credentials,
207 other_id,
208 &preshared_secret);
209 other_id->destroy(other_id);
210 if (status != SUCCESS)
211 {
212 return status;
213 }
214
215 chunk_t my_auth_data = this->build_preshared_secret_signature(this,
216 last_received_packet,
217 my_nonce,
218 other_id_payload,
219 initiator,
220 preshared_secret);
221
222 if (auth_data.len != my_auth_data.len)
223 {
224 allocator_free_chunk(&my_auth_data);
225 return FAILED;
226 }
227 if (memcmp(auth_data.ptr,my_auth_data.ptr, my_auth_data.len) == 0)
228 {
229 status = SUCCESS;
230 }
231 else
232 {
233 status = FAILED;
234 }
235 allocator_free_chunk(&my_auth_data);
236 return status;
237 }
238 case RSA_DIGITAL_SIGNATURE:
239 {
240 identification_t *other_id = other_id_payload->get_identification(other_id_payload);
241 rsa_public_key_t *public_key;
242 status_t status;
243 chunk_t octets, auth_data;
244
245 auth_data = auth_payload->get_data(auth_payload);
246
247 status = charon->credentials->get_rsa_public_key(charon->credentials,
248 other_id,
249 &public_key);
250 other_id->destroy(other_id);
251 if (status != SUCCESS)
252 {
253 return status;
254 }
255
256 octets = this->allocate_octets(this,last_received_packet, my_nonce,other_id_payload, initiator);
257
258 status = public_key->verify_emsa_pkcs1_signature(public_key, octets, auth_data);
259
260 allocator_free_chunk(&octets);
261 return status;
262 }
263 default:
264 {
265 return NOT_SUPPORTED;
266 }
267 }
268 }
269
270 /**
271 * Implementation of authenticator_t.compute_auth_data.
272 */
273 static status_t compute_auth_data (private_authenticator_t *this,
274 auth_payload_t **auth_payload,
275 chunk_t last_sent_packet,
276 chunk_t other_nonce,
277 id_payload_t *my_id_payload,
278 bool initiator)
279 {
280 connection_t *connection = this->ike_sa->get_connection(this->ike_sa);
281
282 switch(connection->get_auth_method(connection))
283 {
284 case SHARED_KEY_MESSAGE_INTEGRITY_CODE:
285 {
286 identification_t *my_id = my_id_payload->get_identification(my_id_payload);
287 chunk_t preshared_secret;
288 status_t status;
289 chunk_t auth_data;
290
291 status = charon->credentials->get_shared_secret(charon->credentials,
292 my_id,
293 &preshared_secret);
294
295 my_id->destroy(my_id);
296 if (status != SUCCESS)
297 {
298 return status;
299 }
300
301 auth_data = this->build_preshared_secret_signature(this, last_sent_packet, other_nonce,
302 my_id_payload, initiator, preshared_secret);
303 *auth_payload = auth_payload_create();
304 (*auth_payload)->set_auth_method(*auth_payload, SHARED_KEY_MESSAGE_INTEGRITY_CODE);
305 (*auth_payload)->set_data(*auth_payload, auth_data);
306
307 allocator_free_chunk(&auth_data);
308 return SUCCESS;
309 }
310 case RSA_DIGITAL_SIGNATURE:
311 {
312 identification_t *my_id = my_id_payload->get_identification(my_id_payload);
313 rsa_private_key_t *private_key;
314 status_t status;
315 chunk_t octets, auth_data;
316
317 status = charon->credentials->get_rsa_private_key(charon->credentials, my_id, &private_key);
318 my_id->destroy(my_id);
319 if (status != SUCCESS)
320 {
321 return status;
322 }
323
324 octets = this->allocate_octets(this,last_sent_packet,other_nonce,my_id_payload,initiator);
325
326 status = private_key->build_emsa_pkcs1_signature(private_key, HASH_SHA1, octets, &auth_data);
327 allocator_free_chunk(&octets);
328 if (status != SUCCESS)
329 {
330 return status;
331 }
332
333 *auth_payload = auth_payload_create();
334 (*auth_payload)->set_auth_method(*auth_payload, RSA_DIGITAL_SIGNATURE);
335 (*auth_payload)->set_data(*auth_payload, auth_data);
336
337 allocator_free_chunk(&auth_data);
338 return SUCCESS;
339 }
340 default:
341 {
342 return NOT_SUPPORTED;
343 }
344 }
345 }
346
347 /**
348 * Implementation of authenticator_t.destroy.
349 */
350 static void destroy (private_authenticator_t *this)
351 {
352 allocator_free(this);
353 }
354
355 /*
356 * Described in header.
357 */
358 authenticator_t *authenticator_create(protected_ike_sa_t *ike_sa)
359 {
360 private_authenticator_t *this = allocator_alloc_thing(private_authenticator_t);
361
362 /* Public functions */
363 this->public.destroy = (void(*)(authenticator_t*))destroy;
364 this->public.verify_auth_data = (status_t (*) (authenticator_t *,auth_payload_t *, chunk_t ,chunk_t ,id_payload_t *,bool)) verify_auth_data;
365 this->public.compute_auth_data = (status_t (*) (authenticator_t *,auth_payload_t **, chunk_t ,chunk_t ,id_payload_t *,bool)) compute_auth_data;
366
367 /* private functions */
368 this->allocate_octets = allocate_octets;
369 this->build_preshared_secret_signature = build_preshared_secret_signature;
370
371 /* private data */
372 this->ike_sa = ike_sa;
373 this->prf = this->ike_sa->get_prf(this->ike_sa);
374 this->logger = this->ike_sa->get_logger(this->ike_sa);
375
376 return &(this->public);
377 }