src/charon-tkm/src/tkm/tkm_keymat.c

   1 /*
   2  * Copyrigth (C) 2012 Reto Buerki
   3  * Copyright (C) 2012 Adrian-Ken Rueegsegger
   4  * Hochschule fuer Technik Rapperswil
   5  *
   6  * This program is free software; you can redistribute it and/or modify it
   7  * under the terms of the GNU General Public License as published by the
   8  * Free Software Foundation; either version 2 of the License, or (at your
   9  * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
  10  *
  11  * This program is distributed in the hope that it will be useful, but
  12  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  13  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * for more details.
  15  */
  16
  17 #include <daemon.h>
  18 #include <sa/ikev2/keymat_v2.h>
  19
  20 #include "tkm.h"
  21 #include "tkm_keymat.h"
  22
  23 typedef struct private_tkm_keymat_t private_tkm_keymat_t;
  24
  25 /**
  26  * Private data of a keymat_t object.
  27  */
  28 struct private_tkm_keymat_t {
  29
  30         /**
  31          * Public tkm_keymat_t interface.
  32          */
  33         tkm_keymat_t public;
  34
  35         /**
  36          * IKEv2 keymat proxy (will be removed).
  37          */
  38         keymat_v2_t *proxy;
  39
  40         /**
  41          * IKE_SA Role, initiator or responder
  42          */
  43         bool initiator;
  44
  45 };
  46
  47 METHOD(keymat_t, get_version, ike_version_t,
  48         private_tkm_keymat_t *this)
  49 {
  50         return IKEV2;
  51 }
  52
  53 METHOD(keymat_t, create_dh, diffie_hellman_t*,
  54         private_tkm_keymat_t *this, diffie_hellman_group_t group)
  55 {
  56         return lib->crypto->create_dh(lib->crypto, group);
  57 }
  58
  59 METHOD(keymat_t, create_nonce_gen, nonce_gen_t*,
  60         private_tkm_keymat_t *this)
  61 {
  62         return lib->crypto->create_nonce_gen(lib->crypto);
  63 }
  64
  65 METHOD(tkm_keymat_t, derive_ike_keys, bool,
  66         private_tkm_keymat_t *this, proposal_t *proposal, diffie_hellman_t *dh,
  67         chunk_t nonce_i, chunk_t nonce_r, ike_sa_id_t *id,
  68         pseudo_random_function_t rekey_function, chunk_t rekey_skd)
  69 {
  70         DBG1(DBG_IKE, "deriving IKE keys");
  71         chunk_t * const nonce = this->initiator ? &nonce_i : &nonce_r;
  72         const uint64_t nc_id = tkm->chunk_map->get_id(tkm->chunk_map, nonce);
  73         if (!nc_id)
  74         {
  75                 DBG1(DBG_IKE, "unable to acquire context id for nonce");
  76                 return FALSE;
  77         }
  78
  79         if (this->proxy->derive_ike_keys(this->proxy, proposal, dh, nonce_i,
  80                                 nonce_r, id, rekey_function, rekey_skd))
  81         {
  82                 tkm->chunk_map->remove(tkm->chunk_map, nonce);
  83                 return TRUE;
  84         }
  85         return FALSE;
  86 }
  87
  88 METHOD(tkm_keymat_t, derive_child_keys, bool,
  89         private_tkm_keymat_t *this, proposal_t *proposal, diffie_hellman_t *dh,
  90         chunk_t nonce_i, chunk_t nonce_r, chunk_t *encr_i, chunk_t *integ_i,
  91         chunk_t *encr_r, chunk_t *integ_r)
  92 {
  93         DBG1(DBG_CHD, "deriving child keys");
  94         return this->proxy->derive_child_keys(this->proxy, proposal, dh, nonce_i,
  95                         nonce_r, encr_i, integ_i, encr_r, integ_r);
  96 }
  97
  98 METHOD(keymat_t, get_aead, aead_t*,
  99         private_tkm_keymat_t *this, bool in)
 100 {
 101         DBG1(DBG_IKE, "returning aead transform");
 102         return this->proxy->keymat.get_aead(&this->proxy->keymat, in);
 103 }
 104
 105 METHOD(tkm_keymat_t, get_auth_octets, bool,
 106         private_tkm_keymat_t *this, bool verify, chunk_t ike_sa_init,
 107         chunk_t nonce, identification_t *id, char reserved[3], chunk_t *octets)
 108 {
 109         DBG1(DBG_IKE, "returning auth octets");
 110         return this->proxy->get_auth_octets(this->proxy, verify, ike_sa_init, nonce,
 111                         id, reserved, octets);
 112 }
 113
 114 METHOD(tkm_keymat_t, get_skd, pseudo_random_function_t,
 115         private_tkm_keymat_t *this, chunk_t *skd)
 116 {
 117         DBG1(DBG_IKE, "returning skd");
 118         return this->proxy->get_skd(this->proxy, skd);
 119 }
 120
 121 METHOD(tkm_keymat_t, get_psk_sig, bool,
 122         private_tkm_keymat_t *this, bool verify, chunk_t ike_sa_init, chunk_t nonce,
 123         chunk_t secret, identification_t *id, char reserved[3], chunk_t *sig)
 124 {
 125         DBG1(DBG_IKE, "returning PSK signature");
 126         return this->proxy->get_psk_sig(this->proxy, verify, ike_sa_init, nonce,
 127                         secret, id, reserved, sig);
 128 }
 129
 130 METHOD(keymat_t, destroy, void,
 131         private_tkm_keymat_t *this)
 132 {
 133         free(this);
 134 }
 135
 136 /**
 137  * See header.
 138  */
 139 tkm_keymat_t *tkm_keymat_create(bool initiator)
 140 {
 141         private_tkm_keymat_t *this;
 142
 143         INIT(this,
 144                 .public = {
 145                         .keymat = {
 146                                 .get_version = _get_version,
 147                                 .create_dh = _create_dh,
 148                                 .create_nonce_gen = _create_nonce_gen,
 149                                 .get_aead = _get_aead,
 150                                 .destroy = _destroy,
 151                         },
 152                         .derive_ike_keys = _derive_ike_keys,
 153                         .derive_child_keys = _derive_child_keys,
 154                         .get_skd = _get_skd,
 155                         .get_auth_octets = _get_auth_octets,
 156                         .get_psk_sig = _get_psk_sig,
 157                 },
 158                 .initiator = initiator,
 159                 .proxy = keymat_v2_create(initiator),
 160         );
 161
 162         return &this->public;
 163 }