aefd1e941013b185e2f868471b032c08d25180f7
[strongswan.git] / src / charon / sa / authenticator.c
1 /**
2 * @file authenticator.c
3 *
4 * @brief Implementation of authenticator_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2005 Jan Hutter, Martin Willi
10 * Hochschule fuer Technik Rapperswil
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * for more details.
21 */
22
23 #include <string.h>
24
25 #include "authenticator.h"
26
27 #include <daemon.h>
28
29 /**
30 * Key pad for the AUTH method SHARED_KEY_MESSAGE_INTEGRITY_CODE.
31 */
32 #define IKEV2_KEY_PAD "Key Pad for IKEv2"
33
34
35 typedef struct private_authenticator_t private_authenticator_t;
36
37 /**
38 * Private data of an authenticator_t object.
39 */
40 struct private_authenticator_t {
41
42 /**
43 * Public authenticator_t interface.
44 */
45 authenticator_t public;
46
47 /**
48 * Assigned IKE_SA. Needed to get objects of type prf_t and logger_t.
49 */
50 protected_ike_sa_t *ike_sa;
51
52 /**
53 * PRF taken from the IKE_SA.
54 */
55 prf_t *prf;
56
57 /**
58 * A logger for.
59 *
60 * Using logger of IKE_SA.
61 */
62 logger_t *logger;
63
64 /**
65 * @brief Creates the octets which are signed (RSA) or MACed (shared secret) as described in section
66 * 2.15 of RFC.
67 *
68 * @param this calling object
69 * @param last_message the last message to include in created octets
70 * (either binary form of IKE_SA_INIT request or IKE_SA_INIT response)
71 * @param other_nonce Nonce data received from other peer
72 * @param my_id id_payload_t object representing an ID payload
73 * @param initiator Type of peer. TRUE, if it is original initiator, FALSE otherwise
74 * @return octets as described in section 2.15. Memory gets allocated and has to get
75 * destroyed by caller.
76 */
77 chunk_t (*allocate_octets) (private_authenticator_t *this,
78 chunk_t last_message,
79 chunk_t other_nonce,
80 id_payload_t *my_id,
81 bool initiator);
82
83 /**
84 * @brief Creates the AUTH data using auth method SHARED_KEY_MESSAGE_INTEGRITY_CODE.
85 *
86 * @param this calling object
87 * @param last_message the last message
88 * (either binary form of IKE_SA_INIT request or IKE_SA_INIT response)
89 * @param nonce Nonce data to include in auth data compution
90 * @param id_payload id_payload_t object representing an ID payload
91 * @param initiator Type of peer. TRUE, if it is original initiator, FALSE otherwise
92 * @param shared_secret shared secret as chunk_t. If shared secret is a string,
93 * the NULL termination is not included.
94 * @return AUTH data as dscribed in section 2.15 for
95 * AUTH method SHARED_KEY_MESSAGE_INTEGRITY_CODE.
96 * Memory gets allocated and has to get destroyed by caller.
97 */
98 chunk_t (*build_preshared_secret_signature) (private_authenticator_t *this,
99 chunk_t last_message,
100 chunk_t nonce,
101 id_payload_t *id_payload,
102 bool initiator,
103 chunk_t preshared_secret);
104 };
105
106 /**
107 * Implementation of private_authenticator_t.allocate_octets.
108 */
109 static chunk_t allocate_octets(private_authenticator_t *this,
110 chunk_t last_message,
111 chunk_t other_nonce,
112 id_payload_t *my_id,
113 bool initiator)
114 {
115 prf_t *prf;
116 chunk_t id_chunk = my_id->get_data(my_id);
117 u_int8_t id_with_header[4 + id_chunk.len];
118 /*
119 * IKEv2 for linux (http://sf.net/projects/ikev2/)
120 * is not compatible with IKEv2 Draft and so not compatible with this
121 * implementation, cause AUTH data are computed without
122 * ID type and the three reserved bytes.
123 */
124 chunk_t id_with_header_chunk = {ptr:id_with_header, len: sizeof(id_with_header)};
125 u_int8_t *current_pos;
126 chunk_t octets;
127
128 id_with_header[0] = my_id->get_id_type(my_id);
129 id_with_header[1] = 0x00;
130 id_with_header[2] = 0x00;
131 id_with_header[3] = 0x00;
132 memcpy(id_with_header + 4,id_chunk.ptr,id_chunk.len);
133
134 if (initiator)
135 {
136 prf = this->ike_sa->get_prf_auth_i(this->ike_sa);
137 }
138 else
139 {
140 prf = this->ike_sa->get_prf_auth_r(this->ike_sa);
141 }
142
143 /* 4 bytes are id type and reserved fields of id payload */
144 octets.len = last_message.len + other_nonce.len + prf->get_block_size(prf);
145 octets.ptr = malloc(octets.len);
146 current_pos = octets.ptr;
147 memcpy(current_pos,last_message.ptr,last_message.len);
148 current_pos += last_message.len;
149 memcpy(current_pos,other_nonce.ptr,other_nonce.len);
150 current_pos += other_nonce.len;
151 prf->get_bytes(prf, id_with_header_chunk, current_pos);
152
153 this->logger->log_chunk(this->logger,RAW | LEVEL2, "octets (message + nonce + prf(Sk_px,Idx)",octets);
154 return octets;
155 }
156
157 /**
158 * Implementation of private_authenticator_t.build_preshared_secret_signature.
159 */
160 static chunk_t build_preshared_secret_signature(private_authenticator_t *this,
161 chunk_t last_message,
162 chunk_t nonce,
163 id_payload_t *id_payload,
164 bool initiator,
165 chunk_t preshared_secret)
166 {
167 chunk_t key_pad = {ptr: IKEV2_KEY_PAD, len:strlen(IKEV2_KEY_PAD)};
168 u_int8_t key_buffer[this->prf->get_block_size(this->prf)];
169 chunk_t key = {ptr: key_buffer, len: sizeof(key_buffer)};
170 chunk_t auth_data;
171
172 chunk_t octets = this->allocate_octets(this,last_message,nonce,id_payload,initiator);
173
174 /* AUTH = prf(prf(Shared Secret,"Key Pad for IKEv2"), <msg octets>) */
175 this->prf->set_key(this->prf, preshared_secret);
176 this->prf->get_bytes(this->prf, key_pad, key_buffer);
177 this->prf->set_key(this->prf, key);
178 this->prf->allocate_bytes(this->prf, octets, &auth_data);
179 chunk_free(&octets);
180 this->logger->log_chunk(this->logger,RAW | LEVEL2, "authenticated data",auth_data);
181
182 return auth_data;
183 }
184
185 /**
186 * Implementation of authenticator_t.verify_auth_data.
187 */
188 static status_t verify_auth_data (private_authenticator_t *this,
189 auth_payload_t *auth_payload,
190 chunk_t last_received_packet,
191 chunk_t my_nonce,
192 id_payload_t *other_id_payload,
193 bool initiator)
194 {
195 switch(auth_payload->get_auth_method(auth_payload))
196 {
197 case SHARED_KEY_MESSAGE_INTEGRITY_CODE:
198 {
199 identification_t *other_id = other_id_payload->get_identification(other_id_payload);
200 chunk_t auth_data = auth_payload->get_data(auth_payload);
201 chunk_t preshared_secret;
202 status_t status;
203
204 status = charon->credentials->get_shared_secret(charon->credentials,
205 other_id,
206 &preshared_secret);
207 if (status != SUCCESS)
208 {
209 this->logger->log(this->logger, ERROR, "no shared secret found for '%s'",
210 other_id->get_string(other_id));
211 other_id->destroy(other_id);
212 return status;
213 }
214
215 chunk_t my_auth_data = this->build_preshared_secret_signature(this,
216 last_received_packet,
217 my_nonce,
218 other_id_payload,
219 initiator,
220 preshared_secret);
221 chunk_free(&preshared_secret);
222
223 if (auth_data.len != my_auth_data.len)
224 {
225 chunk_free(&my_auth_data);
226 status = FAILED;
227 }
228 else if (memcmp(auth_data.ptr,my_auth_data.ptr, my_auth_data.len) == 0)
229 {
230 this->logger->log(this->logger, CONTROL, "authentication of '%s' with preshared secret successful",
231 other_id->get_string(other_id));
232 status = SUCCESS;
233 }
234 else
235 {
236 this->logger->log(this->logger, ERROR, "authentication of '%s' with preshared secret failed",
237 other_id->get_string(other_id));
238 status = FAILED;
239 }
240 other_id->destroy(other_id);
241 chunk_free(&my_auth_data);
242 return status;
243 }
244 case RSA_DIGITAL_SIGNATURE:
245 {
246 status_t status;
247 chunk_t octets;
248 chunk_t auth_data = auth_payload->get_data(auth_payload);
249 identification_t *other_id = other_id_payload->get_identification(other_id_payload);
250
251 rsa_public_key_t *public_key =
252 charon->credentials->get_trusted_public_key(charon->credentials, other_id);
253
254 if (public_key == NULL)
255 {
256 this->logger->log(this->logger, ERROR, "no public key found for '%s'",
257 other_id->get_string(other_id));
258 other_id->destroy(other_id);
259 return NOT_FOUND;
260 }
261
262 octets = this->allocate_octets(this,last_received_packet, my_nonce,other_id_payload, initiator);
263
264 status = public_key->verify_emsa_pkcs1_signature(public_key, octets, auth_data);
265 if (status == SUCCESS)
266 {
267 this->logger->log(this->logger, CONTROL, "authentication of '%s' with RSA successful",
268 other_id->get_string(other_id));
269 }
270 else
271 {
272 this->logger->log(this->logger, ERROR, "authentication of '%s' with RSA failed",
273 other_id->get_string(other_id));
274 }
275
276 other_id->destroy(other_id);
277 chunk_free(&octets);
278 return status;
279 }
280 default:
281 {
282 return NOT_SUPPORTED;
283 }
284 }
285 }
286
287 /**
288 * Implementation of authenticator_t.compute_auth_data.
289 */
290 static status_t compute_auth_data (private_authenticator_t *this,
291 auth_payload_t **auth_payload,
292 chunk_t last_sent_packet,
293 chunk_t other_nonce,
294 id_payload_t *my_id_payload,
295 bool initiator)
296 {
297 connection_t *connection = this->ike_sa->get_connection(this->ike_sa);
298
299 switch(connection->get_auth_method(connection))
300 {
301 case SHARED_KEY_MESSAGE_INTEGRITY_CODE:
302 {
303 identification_t *my_id = my_id_payload->get_identification(my_id_payload);
304 chunk_t preshared_secret;
305 status_t status;
306 chunk_t auth_data;
307
308 status = charon->credentials->get_shared_secret(charon->credentials,
309 my_id,
310 &preshared_secret);
311
312 if (status != SUCCESS)
313 {
314 this->logger->log(this->logger, ERROR, "no shared secret found for %s",
315 my_id->get_string(my_id));
316 my_id->destroy(my_id);
317 return status;
318 }
319 my_id->destroy(my_id);
320
321 auth_data = this->build_preshared_secret_signature(this, last_sent_packet, other_nonce,
322 my_id_payload, initiator, preshared_secret);
323 chunk_free(&preshared_secret);
324 *auth_payload = auth_payload_create();
325 (*auth_payload)->set_auth_method(*auth_payload, SHARED_KEY_MESSAGE_INTEGRITY_CODE);
326 (*auth_payload)->set_data(*auth_payload, auth_data);
327
328 chunk_free(&auth_data);
329 return SUCCESS;
330 }
331 case RSA_DIGITAL_SIGNATURE:
332 {
333 char buf[BUF_LEN];
334 chunk_t octets, auth_data;
335 status_t status = NOT_FOUND;
336 rsa_public_key_t *my_pubkey;
337 rsa_private_key_t *my_key;
338
339 identification_t *my_id = my_id_payload->get_identification(my_id_payload);
340
341 this->logger->log(this->logger, CONTROL|LEVEL1, "looking for public key belonging to '%s'",
342 my_id->get_string(my_id));
343
344 my_pubkey = charon->credentials->get_rsa_public_key(charon->credentials, my_id);
345 if (my_pubkey == NULL)
346 {
347 this->logger->log(this->logger, ERROR, "no public key found for '%s'",
348 my_id->get_string(my_id));
349 goto end_rsa;
350 }
351 this->logger->log(this->logger, CONTROL|LEVEL2, "matching public key found");
352
353 chunk_to_hex(buf, BUF_LEN, my_pubkey->get_keyid(my_pubkey));
354 this->logger->log(this->logger, CONTROL|LEVEL1, "looking for private key with keyid %s", buf);
355
356 my_key = charon->credentials->get_rsa_private_key(charon->credentials, my_pubkey);
357 if (my_key == NULL)
358 {
359 char buf[BUF_LEN];
360
361 chunk_to_hex(buf, BUF_LEN, my_pubkey->get_keyid(my_pubkey));
362 this->logger->log(this->logger, ERROR, "no private key found with for %s with keyid %s",
363 my_id->get_string(my_id), buf);
364 goto end_rsa;
365 }
366 this->logger->log(this->logger, CONTROL|LEVEL2, "matching private key found");
367
368 octets = this->allocate_octets(this,last_sent_packet,other_nonce,my_id_payload,initiator);
369 status = my_key->build_emsa_pkcs1_signature(my_key, HASH_SHA1, octets, &auth_data);
370 chunk_free(&octets);
371
372 if (status != SUCCESS)
373 {
374 my_key->destroy(my_key);
375 goto end_rsa;
376 }
377
378 *auth_payload = auth_payload_create();
379 (*auth_payload)->set_auth_method(*auth_payload, RSA_DIGITAL_SIGNATURE);
380 (*auth_payload)->set_data(*auth_payload, auth_data);
381
382 my_key->destroy(my_key);
383 chunk_free(&auth_data);
384
385 end_rsa:
386 my_id->destroy(my_id);
387 return status;
388 }
389 default:
390 {
391 return NOT_SUPPORTED;
392 }
393 }
394 }
395
396 /**
397 * Implementation of authenticator_t.destroy.
398 */
399 static void destroy (private_authenticator_t *this)
400 {
401 free(this);
402 }
403
404 /*
405 * Described in header.
406 */
407 authenticator_t *authenticator_create(protected_ike_sa_t *ike_sa)
408 {
409 private_authenticator_t *this = malloc_thing(private_authenticator_t);
410
411 /* Public functions */
412 this->public.destroy = (void(*)(authenticator_t*))destroy;
413 this->public.verify_auth_data = (status_t (*) (authenticator_t *,auth_payload_t *, chunk_t ,chunk_t ,id_payload_t *,bool)) verify_auth_data;
414 this->public.compute_auth_data = (status_t (*) (authenticator_t *,auth_payload_t **, chunk_t ,chunk_t ,id_payload_t *,bool)) compute_auth_data;
415
416 /* private functions */
417 this->allocate_octets = allocate_octets;
418 this->build_preshared_secret_signature = build_preshared_secret_signature;
419
420 /* private data */
421 this->ike_sa = ike_sa;
422 this->prf = this->ike_sa->get_prf(this->ike_sa);
423 this->logger = logger_manager->get_logger(logger_manager, IKE_SA);
424
425 return &(this->public);
426 }