introduced refcounting on policy and connections
[strongswan.git] / src / charon / sa / authenticator.c
1 /**
2 * @file authenticator.c
3 *
4 * @brief Implementation of authenticator_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2005-2006 Martin Willi
10 * Copyright (C) 2005 Jan Hutter
11 * Hochschule fuer Technik Rapperswil
12 *
13 * This program is free software; you can redistribute it and/or modify it
14 * under the terms of the GNU General Public License as published by the
15 * Free Software Foundation; either version 2 of the License, or (at your
16 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
17 *
18 * This program is distributed in the hope that it will be useful, but
19 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
20 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
21 * for more details.
22 */
23
24 #include <string.h>
25
26 #include "authenticator.h"
27
28 #include <daemon.h>
29
30 /**
31 * Key pad for the AUTH method SHARED_KEY_MESSAGE_INTEGRITY_CODE.
32 */
33 #define IKEV2_KEY_PAD "Key Pad for IKEv2"
34
35
36 typedef struct private_authenticator_t private_authenticator_t;
37
38 /**
39 * Private data of an authenticator_t object.
40 */
41 struct private_authenticator_t {
42
43 /**
44 * Public authenticator_t interface.
45 */
46 authenticator_t public;
47
48 /**
49 * Assigned IKE_SA. Needed to get objects of type prf_t and logger_t.
50 */
51 ike_sa_t *ike_sa;
52
53 /**
54 * auth_method to create own signature/mac/whatever..
55 */
56 auth_method_t auth_method;
57
58 /**
59 * PRF taken from the IKE_SA.
60 */
61 prf_t *prf;
62
63 /**
64 * A logger for.
65 *
66 * Using logger of IKE_SA.
67 */
68 logger_t *logger;
69
70 /**
71 * @brief Creates the octets which are signed (RSA) or MACed (shared secret) as described in section
72 * 2.15 of RFC.
73 *
74 * @param this calling object
75 * @param last_message the last message to include in created octets
76 * (either binary form of IKE_SA_INIT request or IKE_SA_INIT response)
77 * @param other_nonce Nonce data received from other peer
78 * @param my_id id_payload_t object representing an ID payload
79 * @param initiator Type of peer. TRUE, if it is original initiator, FALSE otherwise
80 * @return octets as described in section 2.15. Memory gets allocated and has to get
81 * destroyed by caller.
82 */
83 chunk_t (*allocate_octets) (private_authenticator_t *this,
84 chunk_t last_message,
85 chunk_t other_nonce,
86 id_payload_t *my_id,
87 bool initiator);
88
89 /**
90 * @brief Creates the AUTH data using auth method SHARED_KEY_MESSAGE_INTEGRITY_CODE.
91 *
92 * @param this calling object
93 * @param last_message the last message
94 * (either binary form of IKE_SA_INIT request or IKE_SA_INIT response)
95 * @param nonce Nonce data to include in auth data compution
96 * @param id_payload id_payload_t object representing an ID payload
97 * @param initiator Type of peer. TRUE, if it is original initiator, FALSE otherwise
98 * @param shared_secret shared secret as chunk_t. If shared secret is a string,
99 * the NULL termination is not included.
100 * @return AUTH data as dscribed in section 2.15 for
101 * AUTH method SHARED_KEY_MESSAGE_INTEGRITY_CODE.
102 * Memory gets allocated and has to get destroyed by caller.
103 */
104 chunk_t (*build_preshared_secret_signature) (private_authenticator_t *this,
105 chunk_t last_message,
106 chunk_t nonce,
107 id_payload_t *id_payload,
108 bool initiator,
109 chunk_t preshared_secret);
110 };
111
112 /**
113 * Implementation of private_authenticator_t.allocate_octets.
114 */
115 static chunk_t allocate_octets(private_authenticator_t *this,
116 chunk_t last_message,
117 chunk_t other_nonce,
118 id_payload_t *my_id,
119 bool initiator)
120 {
121 prf_t *prf;
122 chunk_t id_chunk = my_id->get_data(my_id);
123 u_int8_t id_with_header[4 + id_chunk.len];
124 /*
125 * IKEv2 for linux (http://sf.net/projects/ikev2/)
126 * is not compatible with IKEv2 Draft and so not compatible with this
127 * implementation, cause AUTH data are computed without
128 * ID type and the three reserved bytes.
129 */
130 chunk_t id_with_header_chunk = {ptr:id_with_header, len: sizeof(id_with_header)};
131 u_int8_t *current_pos;
132 chunk_t octets;
133
134 id_with_header[0] = my_id->get_id_type(my_id);
135 id_with_header[1] = 0x00;
136 id_with_header[2] = 0x00;
137 id_with_header[3] = 0x00;
138 memcpy(id_with_header + 4,id_chunk.ptr,id_chunk.len);
139
140 if (initiator)
141 {
142 prf = this->ike_sa->get_prf_auth_i(this->ike_sa);
143 }
144 else
145 {
146 prf = this->ike_sa->get_prf_auth_r(this->ike_sa);
147 }
148
149 /* 4 bytes are id type and reserved fields of id payload */
150 octets.len = last_message.len + other_nonce.len + prf->get_block_size(prf);
151 octets.ptr = malloc(octets.len);
152 current_pos = octets.ptr;
153 memcpy(current_pos,last_message.ptr,last_message.len);
154 current_pos += last_message.len;
155 memcpy(current_pos,other_nonce.ptr,other_nonce.len);
156 current_pos += other_nonce.len;
157 prf->get_bytes(prf, id_with_header_chunk, current_pos);
158
159 this->logger->log_chunk(this->logger,RAW | LEVEL2, "octets (message + nonce + prf(Sk_px,Idx)",octets);
160 return octets;
161 }
162
163 /**
164 * Implementation of private_authenticator_t.build_preshared_secret_signature.
165 */
166 static chunk_t build_preshared_secret_signature(private_authenticator_t *this,
167 chunk_t last_message,
168 chunk_t nonce,
169 id_payload_t *id_payload,
170 bool initiator,
171 chunk_t preshared_secret)
172 {
173 chunk_t key_pad = {ptr: IKEV2_KEY_PAD, len:strlen(IKEV2_KEY_PAD)};
174 u_int8_t key_buffer[this->prf->get_block_size(this->prf)];
175 chunk_t key = {ptr: key_buffer, len: sizeof(key_buffer)};
176 chunk_t auth_data;
177
178 chunk_t octets = this->allocate_octets(this,last_message,nonce,id_payload,initiator);
179
180 /* AUTH = prf(prf(Shared Secret,"Key Pad for IKEv2"), <msg octets>) */
181 this->prf->set_key(this->prf, preshared_secret);
182 this->prf->get_bytes(this->prf, key_pad, key_buffer);
183 this->prf->set_key(this->prf, key);
184 this->prf->allocate_bytes(this->prf, octets, &auth_data);
185 chunk_free(&octets);
186 this->logger->log_chunk(this->logger,RAW | LEVEL2, "authenticated data",auth_data);
187
188 return auth_data;
189 }
190
191 /**
192 * Implementation of authenticator_t.verify_auth_data.
193 */
194 static status_t verify_auth_data (private_authenticator_t *this,
195 auth_payload_t *auth_payload,
196 chunk_t last_received_packet,
197 chunk_t my_nonce,
198 id_payload_t *other_id_payload,
199 bool initiator)
200 {
201 switch(auth_payload->get_auth_method(auth_payload))
202 {
203 case SHARED_KEY_MESSAGE_INTEGRITY_CODE:
204 {
205 identification_t *other_id = other_id_payload->get_identification(other_id_payload);
206 chunk_t auth_data = auth_payload->get_data(auth_payload);
207 chunk_t preshared_secret;
208 status_t status;
209
210 status = charon->credentials->get_shared_secret(charon->credentials,
211 other_id,
212 &preshared_secret);
213 if (status != SUCCESS)
214 {
215 this->logger->log(this->logger, ERROR, "no shared secret found for '%s'",
216 other_id->get_string(other_id));
217 other_id->destroy(other_id);
218 return status;
219 }
220
221 chunk_t my_auth_data = this->build_preshared_secret_signature(this,
222 last_received_packet,
223 my_nonce,
224 other_id_payload,
225 initiator,
226 preshared_secret);
227 chunk_free(&preshared_secret);
228
229 if (auth_data.len != my_auth_data.len)
230 {
231 chunk_free(&my_auth_data);
232 status = FAILED;
233 }
234 else if (memcmp(auth_data.ptr,my_auth_data.ptr, my_auth_data.len) == 0)
235 {
236 this->logger->log(this->logger, CONTROL, "authentication of '%s' with preshared secret successful",
237 other_id->get_string(other_id));
238 status = SUCCESS;
239 }
240 else
241 {
242 this->logger->log(this->logger, ERROR, "authentication of '%s' with preshared secret failed",
243 other_id->get_string(other_id));
244 status = FAILED;
245 }
246 other_id->destroy(other_id);
247 chunk_free(&my_auth_data);
248 return status;
249 }
250 case RSA_DIGITAL_SIGNATURE:
251 {
252 status_t status;
253 chunk_t octets;
254 chunk_t auth_data = auth_payload->get_data(auth_payload);
255 identification_t *other_id = other_id_payload->get_identification(other_id_payload);
256
257 rsa_public_key_t *public_key =
258 charon->credentials->get_trusted_public_key(charon->credentials, other_id);
259
260 if (public_key == NULL)
261 {
262 this->logger->log(this->logger, ERROR, "no public key found for '%s'",
263 other_id->get_string(other_id));
264 other_id->destroy(other_id);
265 return NOT_FOUND;
266 }
267
268 octets = this->allocate_octets(this,last_received_packet, my_nonce,other_id_payload, initiator);
269
270 status = public_key->verify_emsa_pkcs1_signature(public_key, octets, auth_data);
271 if (status == SUCCESS)
272 {
273 this->logger->log(this->logger, CONTROL, "authentication of '%s' with RSA successful",
274 other_id->get_string(other_id));
275 }
276 else
277 {
278 this->logger->log(this->logger, ERROR, "authentication of '%s' with RSA failed",
279 other_id->get_string(other_id));
280 }
281
282 other_id->destroy(other_id);
283 chunk_free(&octets);
284 return status;
285 }
286 default:
287 {
288 return NOT_SUPPORTED;
289 }
290 }
291 }
292
293 /**
294 * Implementation of authenticator_t.compute_auth_data.
295 */
296 static status_t compute_auth_data (private_authenticator_t *this,
297 auth_payload_t **auth_payload,
298 chunk_t last_sent_packet,
299 chunk_t other_nonce,
300 id_payload_t *my_id_payload,
301 bool initiator)
302 {
303 switch(this->auth_method)
304 {
305 case SHARED_KEY_MESSAGE_INTEGRITY_CODE:
306 {
307 identification_t *my_id = my_id_payload->get_identification(my_id_payload);
308 chunk_t preshared_secret;
309 status_t status;
310 chunk_t auth_data;
311
312 status = charon->credentials->get_shared_secret(charon->credentials,
313 my_id,
314 &preshared_secret);
315
316 if (status != SUCCESS)
317 {
318 this->logger->log(this->logger, ERROR, "no shared secret found for %s",
319 my_id->get_string(my_id));
320 my_id->destroy(my_id);
321 return status;
322 }
323 my_id->destroy(my_id);
324
325 auth_data = this->build_preshared_secret_signature(this, last_sent_packet, other_nonce,
326 my_id_payload, initiator, preshared_secret);
327 chunk_free(&preshared_secret);
328 *auth_payload = auth_payload_create();
329 (*auth_payload)->set_auth_method(*auth_payload, SHARED_KEY_MESSAGE_INTEGRITY_CODE);
330 (*auth_payload)->set_data(*auth_payload, auth_data);
331
332 chunk_free(&auth_data);
333 return SUCCESS;
334 }
335 case RSA_DIGITAL_SIGNATURE:
336 {
337 char buf[BUF_LEN];
338 chunk_t octets, auth_data;
339 status_t status = NOT_FOUND;
340 rsa_public_key_t *my_pubkey;
341 rsa_private_key_t *my_key;
342
343 identification_t *my_id = my_id_payload->get_identification(my_id_payload);
344
345 this->logger->log(this->logger, CONTROL|LEVEL1, "looking for public key belonging to '%s'",
346 my_id->get_string(my_id));
347
348 my_pubkey = charon->credentials->get_rsa_public_key(charon->credentials, my_id);
349 if (my_pubkey == NULL)
350 {
351 this->logger->log(this->logger, ERROR, "no public key found for '%s'",
352 my_id->get_string(my_id));
353 goto end_rsa;
354 }
355 this->logger->log(this->logger, CONTROL|LEVEL2, "matching public key found");
356
357 chunk_to_hex(buf, BUF_LEN, my_pubkey->get_keyid(my_pubkey));
358 this->logger->log(this->logger, CONTROL|LEVEL1, "looking for private key with keyid %s", buf);
359
360 my_key = charon->credentials->get_rsa_private_key(charon->credentials, my_pubkey);
361 if (my_key == NULL)
362 {
363 char buf[BUF_LEN];
364
365 chunk_to_hex(buf, BUF_LEN, my_pubkey->get_keyid(my_pubkey));
366 this->logger->log(this->logger, ERROR, "no private key found with for %s with keyid %s",
367 my_id->get_string(my_id), buf);
368 goto end_rsa;
369 }
370 this->logger->log(this->logger, CONTROL|LEVEL2, "matching private key found");
371
372 octets = this->allocate_octets(this,last_sent_packet,other_nonce,my_id_payload,initiator);
373 status = my_key->build_emsa_pkcs1_signature(my_key, HASH_SHA1, octets, &auth_data);
374 chunk_free(&octets);
375
376 if (status != SUCCESS)
377 {
378 my_key->destroy(my_key);
379 goto end_rsa;
380 }
381
382 *auth_payload = auth_payload_create();
383 (*auth_payload)->set_auth_method(*auth_payload, RSA_DIGITAL_SIGNATURE);
384 (*auth_payload)->set_data(*auth_payload, auth_data);
385
386 my_key->destroy(my_key);
387 chunk_free(&auth_data);
388
389 end_rsa:
390 my_id->destroy(my_id);
391 return status;
392 }
393 default:
394 {
395 return NOT_SUPPORTED;
396 }
397 }
398 }
399
400 /**
401 * Implementation of authenticator_t.destroy.
402 */
403 static void destroy (private_authenticator_t *this)
404 {
405 free(this);
406 }
407
408 /*
409 * Described in header.
410 */
411 authenticator_t *authenticator_create(ike_sa_t *ike_sa, auth_method_t auth_method)
412 {
413 private_authenticator_t *this = malloc_thing(private_authenticator_t);
414
415 /* Public functions */
416 this->public.destroy = (void(*)(authenticator_t*))destroy;
417 this->public.verify_auth_data = (status_t (*) (authenticator_t *,auth_payload_t *, chunk_t ,chunk_t ,id_payload_t *,bool)) verify_auth_data;
418 this->public.compute_auth_data = (status_t (*) (authenticator_t *,auth_payload_t **, chunk_t ,chunk_t ,id_payload_t *,bool)) compute_auth_data;
419
420 /* private functions */
421 this->allocate_octets = allocate_octets;
422 this->build_preshared_secret_signature = build_preshared_secret_signature;
423
424 /* private data */
425 this->ike_sa = ike_sa;
426 this->auth_method = auth_method;
427 this->prf = this->ike_sa->get_prf(this->ike_sa);
428 this->logger = logger_manager->get_logger(logger_manager, IKE_SA);
429
430 return &(this->public);
431 }