Avoid proxy for bypass_socket, enable_udp_decap
[strongswan.git] / src / charon-tkm / src / tkm / tkm_keymat.c
1 /*
2 * Copyrigth (C) 2012 Reto Buerki
3 * Copyright (C) 2012 Adrian-Ken Rueegsegger
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include <daemon.h>
18 #include <sa/ikev2/keymat_v2.h>
19 #include <tkm/constants.h>
20 #include <tkm/client.h>
21
22 #include "tkm.h"
23 #include "tkm_types.h"
24 #include "tkm_utils.h"
25 #include "tkm_diffie_hellman.h"
26 #include "tkm_keymat.h"
27
28 typedef struct private_tkm_keymat_t private_tkm_keymat_t;
29
30 /**
31 * Private data of a keymat_t object.
32 */
33 struct private_tkm_keymat_t {
34
35 /**
36 * Public tkm_keymat_t interface.
37 */
38 tkm_keymat_t public;
39
40 /**
41 * IKEv2 keymat proxy (will be removed).
42 */
43 keymat_v2_t *proxy;
44
45 /**
46 * IKE_SA Role, initiator or responder.
47 */
48 bool initiator;
49
50 /**
51 * Inbound AEAD.
52 */
53 aead_t *aead_in;
54
55 /**
56 * Outbound AEAD.
57 */
58 aead_t *aead_out;
59
60 /**
61 * ISA context id.
62 */
63 isa_id_type isa_ctx_id;
64
65 /**
66 * AE context id.
67 */
68 ae_id_type ae_ctx_id;
69
70 /**
71 * AUTH payload chunk.
72 */
73 chunk_t auth_payload;
74
75 };
76
77 /**
78 * Create AEAD transforms from given key chunks.
79 *
80 * @param in inbound AEAD transform to allocate, NULL if failed
81 * @param out outbound AEAD transform to allocate, NULL if failed
82 * @param sk_ai SK_ai key chunk
83 * @param sk_ar SK_ar key chunk
84 * @param sk_ei SK_ei key chunk
85 * @param sk_er SK_er key chunk
86 * @param enc_alg encryption algorithm to use
87 * @param int_alg integrity algorithm to use
88 * @param key_size encryption key size in bytes
89 * @param initiator TRUE if initiator
90 */
91 static void aead_create_from_keys(aead_t **in, aead_t **out,
92 const chunk_t * const sk_ai, const chunk_t * const sk_ar,
93 const chunk_t * const sk_ei, const chunk_t * const sk_er,
94 const u_int16_t enc_alg, const u_int16_t int_alg,
95 const u_int16_t key_size, bool initiator)
96 {
97 *in = *out = NULL;
98
99 signer_t * const signer_i = lib->crypto->create_signer(lib->crypto, int_alg);
100 signer_t * const signer_r = lib->crypto->create_signer(lib->crypto, int_alg);
101 if (signer_i == NULL || signer_r == NULL)
102 {
103 DBG1(DBG_IKE, "%N %N not supported!",
104 transform_type_names, INTEGRITY_ALGORITHM,
105 integrity_algorithm_names, int_alg);
106 return;
107 }
108 crypter_t * const crypter_i = lib->crypto->create_crypter(lib->crypto,
109 enc_alg, key_size);
110 crypter_t * const crypter_r = lib->crypto->create_crypter(lib->crypto,
111 enc_alg, key_size);
112 if (crypter_i == NULL || crypter_r == NULL)
113 {
114 signer_i->destroy(signer_i);
115 signer_r->destroy(signer_r);
116 DBG1(DBG_IKE, "%N %N (key size %d) not supported!",
117 transform_type_names, ENCRYPTION_ALGORITHM,
118 encryption_algorithm_names, enc_alg, key_size);
119 return;
120 }
121
122 DBG4(DBG_IKE, "Sk_ai %B", sk_ai);
123 if (!signer_i->set_key(signer_i, *sk_ai))
124 {
125 return;
126 }
127 DBG4(DBG_IKE, "Sk_ar %B", sk_ar);
128 if (!signer_r->set_key(signer_r, *sk_ar))
129 {
130 return;
131 }
132 DBG4(DBG_IKE, "Sk_ei %B", sk_ei);
133 if (!crypter_i->set_key(crypter_i, *sk_ei))
134 {
135 return;
136 }
137 DBG4(DBG_IKE, "Sk_er %B", sk_er);
138 if (!crypter_r->set_key(crypter_r, *sk_er))
139 {
140 return;
141 }
142
143 if (initiator)
144 {
145 *in = aead_create(crypter_r, signer_r);
146 *out = aead_create(crypter_i, signer_i);
147 }
148 else
149 {
150 *in = aead_create(crypter_i, signer_i);
151 *out = aead_create(crypter_r, signer_r);
152 }
153 }
154
155 METHOD(keymat_t, get_version, ike_version_t,
156 private_tkm_keymat_t *this)
157 {
158 return IKEV2;
159 }
160
161 METHOD(keymat_t, create_dh, diffie_hellman_t*,
162 private_tkm_keymat_t *this, diffie_hellman_group_t group)
163 {
164 return lib->crypto->create_dh(lib->crypto, group);
165 }
166
167 METHOD(keymat_t, create_nonce_gen, nonce_gen_t*,
168 private_tkm_keymat_t *this)
169 {
170 return lib->crypto->create_nonce_gen(lib->crypto);
171 }
172
173 METHOD(tkm_keymat_t, derive_ike_keys, bool,
174 private_tkm_keymat_t *this, proposal_t *proposal, diffie_hellman_t *dh,
175 chunk_t nonce_i, chunk_t nonce_r, ike_sa_id_t *id,
176 pseudo_random_function_t rekey_function, chunk_t rekey_skd)
177 {
178 /* Check encryption and integrity algorithms */
179 u_int16_t enc_alg, int_alg, key_size;
180 if (!proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &enc_alg, &key_size))
181 {
182 DBG1(DBG_IKE, "no %N selected", transform_type_names,
183 ENCRYPTION_ALGORITHM);
184 return FALSE;
185 }
186 if (encryption_algorithm_is_aead(enc_alg))
187 {
188 DBG1(DBG_IKE, "AEAD algorithm %N not supported",
189 encryption_algorithm_names, enc_alg);
190 return FALSE;
191 }
192 if (!proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM, &int_alg, NULL))
193 {
194 DBG1(DBG_IKE, "no %N selected", transform_type_names,
195 INTEGRITY_ALGORITHM);
196 return FALSE;
197 }
198 if (!(enc_alg == ENCR_AES_CBC && key_size == 256 &&
199 int_alg == AUTH_HMAC_SHA2_512_256))
200 {
201 DBG1(DBG_IKE, "the TKM only supports aes256-sha512 at the moment, please"
202 " update your configuration");
203 return FALSE;
204 }
205
206 DBG2(DBG_IKE, "using %N for encryption, %N for integrity",
207 encryption_algorithm_names, enc_alg,
208 integrity_algorithm_names, int_alg);
209
210 /* Acquire nonce context id */
211 chunk_t * const nonce = this->initiator ? &nonce_i : &nonce_r;
212 const uint64_t nc_id = tkm->chunk_map->get_id(tkm->chunk_map, nonce);
213 if (!nc_id)
214 {
215 DBG1(DBG_IKE, "unable to acquire context id for nonce");
216 return FALSE;
217 }
218
219 /* Get DH context id */
220 tkm_diffie_hellman_t * const tkm_dh = (tkm_diffie_hellman_t *)dh;
221 const dh_id_type dh_id = tkm_dh->get_id(tkm_dh);
222
223 nonce_type nonce_rem;
224 u_int64_t spi_loc, spi_rem;
225
226 if (this->initiator)
227 {
228 chunk_to_sequence(&nonce_r, &nonce_rem);
229 spi_loc = id->get_initiator_spi(id);
230 spi_rem = id->get_responder_spi(id);
231 }
232 else
233 {
234 chunk_to_sequence(&nonce_i, &nonce_rem);
235 spi_loc = id->get_responder_spi(id);
236 spi_rem = id->get_initiator_spi(id);
237 }
238
239 key_type sk_ai, sk_ar, sk_ei, sk_er;
240 DBG1(DBG_IKE, "deriving IKE keys (nc: %llu, dh: %llu, spi_loc: %llx, "
241 "spi_rem: %llx)", nc_id, dh_id, spi_loc, spi_rem);
242 /* Fake some data for now */
243 if (ike_isa_create(this->isa_ctx_id, this->ae_ctx_id, 1, dh_id, nc_id,
244 nonce_rem, 1, spi_loc, spi_rem,
245 &sk_ai, &sk_ar, &sk_ei, &sk_er) != TKM_OK)
246 {
247 DBG1(DBG_IKE, "key derivation failed");
248 return FALSE;
249 }
250
251 chunk_t c_ai, c_ar, c_ei, c_er;
252 sequence_to_chunk(sk_ai.data, sk_ai.size, &c_ai);
253 sequence_to_chunk(sk_ar.data, sk_ar.size, &c_ar);
254 sequence_to_chunk(sk_ei.data, sk_ei.size, &c_ei);
255 sequence_to_chunk(sk_er.data, sk_er.size, &c_er);
256
257 aead_create_from_keys(&this->aead_in, &this->aead_out,
258 &c_ai, &c_ar, &c_ei, &c_er,
259 enc_alg, int_alg, key_size / 8, this->initiator);
260
261 chunk_clear(&c_ai);
262 chunk_clear(&c_ar);
263 chunk_clear(&c_ei);
264 chunk_clear(&c_er);
265
266 if (!this->aead_in || !this->aead_out)
267 {
268 DBG1(DBG_IKE, "could not initialize AEAD transforms");
269 return FALSE;
270 }
271
272 /* TODO: Add failure handler (see keymat_v2.c) */
273
274 if (this->proxy->derive_ike_keys(this->proxy, proposal, dh, nonce_i,
275 nonce_r, id, rekey_function, rekey_skd))
276 {
277 tkm->chunk_map->remove(tkm->chunk_map, nonce);
278 if (ike_nc_reset(nc_id) != TKM_OK)
279 {
280 DBG1(DBG_IKE, "failed to reset nonce context %llu", nc_id);
281 }
282 tkm->idmgr->release_id(tkm->idmgr, TKM_CTX_NONCE, nc_id);
283
284 return TRUE;
285 }
286 return FALSE;
287 }
288
289 METHOD(tkm_keymat_t, derive_child_keys, bool,
290 private_tkm_keymat_t *this, proposal_t *proposal, diffie_hellman_t *dh,
291 chunk_t nonce_i, chunk_t nonce_r, chunk_t *encr_i, chunk_t *integ_i,
292 chunk_t *encr_r, chunk_t *integ_r)
293 {
294 DBG1(DBG_CHD, "deriving child keys");
295 *encr_i = chunk_alloc(sizeof(esa_info_t));
296 (*(esa_info_t*)(encr_i->ptr)).isa_id = this->isa_ctx_id;
297 const bool result = this->proxy->derive_child_keys(this->proxy, proposal,
298 dh, nonce_i, nonce_r,
299 &(*(esa_info_t*)(encr_i->ptr)).enc_key,
300 integ_i, encr_r,
301 integ_r);
302 return result;
303 }
304
305 METHOD(keymat_t, get_aead, aead_t*,
306 private_tkm_keymat_t *this, bool in)
307 {
308 return in ? this->aead_in : this->aead_out;
309 }
310
311 METHOD(tkm_keymat_t, get_auth_octets, bool,
312 private_tkm_keymat_t *this, bool verify, chunk_t ike_sa_init,
313 chunk_t nonce, identification_t *id, char reserved[3], chunk_t *octets)
314 {
315 DBG1(DBG_IKE, "returning auth octets");
316 return this->proxy->get_auth_octets(this->proxy, verify, ike_sa_init, nonce,
317 id, reserved, octets);
318 }
319
320 METHOD(tkm_keymat_t, get_skd, pseudo_random_function_t,
321 private_tkm_keymat_t *this, chunk_t *skd)
322 {
323 DBG1(DBG_IKE, "returning skd");
324 return this->proxy->get_skd(this->proxy, skd);
325 }
326
327 METHOD(tkm_keymat_t, get_psk_sig, bool,
328 private_tkm_keymat_t *this, bool verify, chunk_t ike_sa_init, chunk_t nonce,
329 chunk_t secret, identification_t *id, char reserved[3], chunk_t *sig)
330 {
331 DBG1(DBG_IKE, "returning %s PSK signature", verify ? "remote" : "local");
332
333 signature_type signature;
334 init_message_type msg;
335 chunk_to_sequence(&ike_sa_init, &msg);
336
337 chunk_t idx_chunk, chunk = chunk_alloca(4);
338 chunk.ptr[0] = id->get_type(id);
339 memcpy(chunk.ptr + 1, reserved, 3);
340 idx_chunk = chunk_cata("cc", chunk, id->get_encoding(id));
341 idx_type idx;
342 chunk_to_sequence(&idx_chunk, &idx);
343
344 if (ike_isa_sign_psk(this->isa_ctx_id, msg, idx, verify == TRUE, &signature)
345 != TKM_OK)
346 {
347 DBG1(DBG_IKE, "get %s PSK signature failed", verify ?
348 "remote" : "local");
349 return FALSE;
350 }
351
352 sequence_to_chunk(&signature.data[0], signature.size, sig);
353 return TRUE;
354 }
355
356 METHOD(keymat_t, destroy, void,
357 private_tkm_keymat_t *this)
358 {
359 if (ike_isa_reset(this->isa_ctx_id) != TKM_OK)
360 {
361 DBG1(DBG_IKE, "failed to reset ISA context %d", this->isa_ctx_id);
362 }
363 tkm->idmgr->release_id(tkm->idmgr, TKM_CTX_ISA, this->isa_ctx_id);
364
365 DESTROY_IF(this->aead_in);
366 DESTROY_IF(this->aead_out);
367 chunk_free(&this->auth_payload);
368 this->proxy->keymat.destroy(&this->proxy->keymat);
369 free(this);
370 }
371
372 METHOD(tkm_keymat_t, get_isa_id, isa_id_type,
373 private_tkm_keymat_t *this)
374 {
375 return this->isa_ctx_id;
376 }
377
378 METHOD(tkm_keymat_t, set_auth_payload, void,
379 private_tkm_keymat_t *this, const chunk_t * const payload)
380 {
381 this->auth_payload = chunk_clone(*payload);
382 }
383
384 METHOD(tkm_keymat_t, get_auth_payload, chunk_t*,
385 private_tkm_keymat_t *this)
386 {
387 return &this->auth_payload;
388 }
389
390 /**
391 * See header.
392 */
393 tkm_keymat_t *tkm_keymat_create(bool initiator)
394 {
395 private_tkm_keymat_t *this;
396
397 INIT(this,
398 .public = {
399 .keymat = {
400 .get_version = _get_version,
401 .create_dh = _create_dh,
402 .create_nonce_gen = _create_nonce_gen,
403 .get_aead = _get_aead,
404 .destroy = _destroy,
405 },
406 .derive_ike_keys = _derive_ike_keys,
407 .derive_child_keys = _derive_child_keys,
408 .get_skd = _get_skd,
409 .get_auth_octets = _get_auth_octets,
410 .get_psk_sig = _get_psk_sig,
411 .get_isa_id = _get_isa_id,
412 .set_auth_payload = _set_auth_payload,
413 .get_auth_payload = _get_auth_payload,
414 },
415 .initiator = initiator,
416 .isa_ctx_id = tkm->idmgr->acquire_id(tkm->idmgr, TKM_CTX_ISA),
417 .ae_ctx_id = tkm->idmgr->acquire_id(tkm->idmgr, TKM_CTX_AE),
418 .auth_payload = chunk_empty,
419 .proxy = keymat_v2_create(initiator),
420 );
421
422 if (!this->isa_ctx_id || !this->ae_ctx_id)
423 {
424 free(this);
425 return NULL;
426 }
427
428 return &this->public;
429 }