updated copyright information
[strongswan.git] / src / charon / sa / authenticator.c
1 /**
2 * @file authenticator.c
3 *
4 * @brief Implementation of authenticator_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2005-2006 Martin Willi
10 * Copyright (C) 2005 Jan Hutter
11 * Hochschule fuer Technik Rapperswil
12 *
13 * This program is free software; you can redistribute it and/or modify it
14 * under the terms of the GNU General Public License as published by the
15 * Free Software Foundation; either version 2 of the License, or (at your
16 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
17 *
18 * This program is distributed in the hope that it will be useful, but
19 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
20 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
21 * for more details.
22 */
23
24 #include <string.h>
25
26 #include "authenticator.h"
27
28 #include <daemon.h>
29
30 /**
31 * Key pad for the AUTH method SHARED_KEY_MESSAGE_INTEGRITY_CODE.
32 */
33 #define IKEV2_KEY_PAD "Key Pad for IKEv2"
34
35
36 typedef struct private_authenticator_t private_authenticator_t;
37
38 /**
39 * Private data of an authenticator_t object.
40 */
41 struct private_authenticator_t {
42
43 /**
44 * Public authenticator_t interface.
45 */
46 authenticator_t public;
47
48 /**
49 * Assigned IKE_SA. Needed to get objects of type prf_t and logger_t.
50 */
51 ike_sa_t *ike_sa;
52
53 /**
54 * PRF taken from the IKE_SA.
55 */
56 prf_t *prf;
57
58 /**
59 * A logger for.
60 *
61 * Using logger of IKE_SA.
62 */
63 logger_t *logger;
64
65 /**
66 * @brief Creates the octets which are signed (RSA) or MACed (shared secret) as described in section
67 * 2.15 of RFC.
68 *
69 * @param this calling object
70 * @param last_message the last message to include in created octets
71 * (either binary form of IKE_SA_INIT request or IKE_SA_INIT response)
72 * @param other_nonce Nonce data received from other peer
73 * @param my_id id_payload_t object representing an ID payload
74 * @param initiator Type of peer. TRUE, if it is original initiator, FALSE otherwise
75 * @return octets as described in section 2.15. Memory gets allocated and has to get
76 * destroyed by caller.
77 */
78 chunk_t (*allocate_octets) (private_authenticator_t *this,
79 chunk_t last_message,
80 chunk_t other_nonce,
81 id_payload_t *my_id,
82 bool initiator);
83
84 /**
85 * @brief Creates the AUTH data using auth method SHARED_KEY_MESSAGE_INTEGRITY_CODE.
86 *
87 * @param this calling object
88 * @param last_message the last message
89 * (either binary form of IKE_SA_INIT request or IKE_SA_INIT response)
90 * @param nonce Nonce data to include in auth data compution
91 * @param id_payload id_payload_t object representing an ID payload
92 * @param initiator Type of peer. TRUE, if it is original initiator, FALSE otherwise
93 * @param shared_secret shared secret as chunk_t. If shared secret is a string,
94 * the NULL termination is not included.
95 * @return AUTH data as dscribed in section 2.15 for
96 * AUTH method SHARED_KEY_MESSAGE_INTEGRITY_CODE.
97 * Memory gets allocated and has to get destroyed by caller.
98 */
99 chunk_t (*build_preshared_secret_signature) (private_authenticator_t *this,
100 chunk_t last_message,
101 chunk_t nonce,
102 id_payload_t *id_payload,
103 bool initiator,
104 chunk_t preshared_secret);
105 };
106
107 /**
108 * Implementation of private_authenticator_t.allocate_octets.
109 */
110 static chunk_t allocate_octets(private_authenticator_t *this,
111 chunk_t last_message,
112 chunk_t other_nonce,
113 id_payload_t *my_id,
114 bool initiator)
115 {
116 prf_t *prf;
117 chunk_t id_chunk = my_id->get_data(my_id);
118 u_int8_t id_with_header[4 + id_chunk.len];
119 /*
120 * IKEv2 for linux (http://sf.net/projects/ikev2/)
121 * is not compatible with IKEv2 Draft and so not compatible with this
122 * implementation, cause AUTH data are computed without
123 * ID type and the three reserved bytes.
124 */
125 chunk_t id_with_header_chunk = {ptr:id_with_header, len: sizeof(id_with_header)};
126 u_int8_t *current_pos;
127 chunk_t octets;
128
129 id_with_header[0] = my_id->get_id_type(my_id);
130 id_with_header[1] = 0x00;
131 id_with_header[2] = 0x00;
132 id_with_header[3] = 0x00;
133 memcpy(id_with_header + 4,id_chunk.ptr,id_chunk.len);
134
135 if (initiator)
136 {
137 prf = this->ike_sa->get_prf_auth_i(this->ike_sa);
138 }
139 else
140 {
141 prf = this->ike_sa->get_prf_auth_r(this->ike_sa);
142 }
143
144 /* 4 bytes are id type and reserved fields of id payload */
145 octets.len = last_message.len + other_nonce.len + prf->get_block_size(prf);
146 octets.ptr = malloc(octets.len);
147 current_pos = octets.ptr;
148 memcpy(current_pos,last_message.ptr,last_message.len);
149 current_pos += last_message.len;
150 memcpy(current_pos,other_nonce.ptr,other_nonce.len);
151 current_pos += other_nonce.len;
152 prf->get_bytes(prf, id_with_header_chunk, current_pos);
153
154 this->logger->log_chunk(this->logger,RAW | LEVEL2, "octets (message + nonce + prf(Sk_px,Idx)",octets);
155 return octets;
156 }
157
158 /**
159 * Implementation of private_authenticator_t.build_preshared_secret_signature.
160 */
161 static chunk_t build_preshared_secret_signature(private_authenticator_t *this,
162 chunk_t last_message,
163 chunk_t nonce,
164 id_payload_t *id_payload,
165 bool initiator,
166 chunk_t preshared_secret)
167 {
168 chunk_t key_pad = {ptr: IKEV2_KEY_PAD, len:strlen(IKEV2_KEY_PAD)};
169 u_int8_t key_buffer[this->prf->get_block_size(this->prf)];
170 chunk_t key = {ptr: key_buffer, len: sizeof(key_buffer)};
171 chunk_t auth_data;
172
173 chunk_t octets = this->allocate_octets(this,last_message,nonce,id_payload,initiator);
174
175 /* AUTH = prf(prf(Shared Secret,"Key Pad for IKEv2"), <msg octets>) */
176 this->prf->set_key(this->prf, preshared_secret);
177 this->prf->get_bytes(this->prf, key_pad, key_buffer);
178 this->prf->set_key(this->prf, key);
179 this->prf->allocate_bytes(this->prf, octets, &auth_data);
180 chunk_free(&octets);
181 this->logger->log_chunk(this->logger,RAW | LEVEL2, "authenticated data",auth_data);
182
183 return auth_data;
184 }
185
186 /**
187 * Implementation of authenticator_t.verify_auth_data.
188 */
189 static status_t verify_auth_data (private_authenticator_t *this,
190 auth_payload_t *auth_payload,
191 chunk_t last_received_packet,
192 chunk_t my_nonce,
193 id_payload_t *other_id_payload,
194 bool initiator)
195 {
196 switch(auth_payload->get_auth_method(auth_payload))
197 {
198 case SHARED_KEY_MESSAGE_INTEGRITY_CODE:
199 {
200 identification_t *other_id = other_id_payload->get_identification(other_id_payload);
201 chunk_t auth_data = auth_payload->get_data(auth_payload);
202 chunk_t preshared_secret;
203 status_t status;
204
205 status = charon->credentials->get_shared_secret(charon->credentials,
206 other_id,
207 &preshared_secret);
208 if (status != SUCCESS)
209 {
210 this->logger->log(this->logger, ERROR, "no shared secret found for '%s'",
211 other_id->get_string(other_id));
212 other_id->destroy(other_id);
213 return status;
214 }
215
216 chunk_t my_auth_data = this->build_preshared_secret_signature(this,
217 last_received_packet,
218 my_nonce,
219 other_id_payload,
220 initiator,
221 preshared_secret);
222 chunk_free(&preshared_secret);
223
224 if (auth_data.len != my_auth_data.len)
225 {
226 chunk_free(&my_auth_data);
227 status = FAILED;
228 }
229 else if (memcmp(auth_data.ptr,my_auth_data.ptr, my_auth_data.len) == 0)
230 {
231 this->logger->log(this->logger, CONTROL, "authentication of '%s' with preshared secret successful",
232 other_id->get_string(other_id));
233 status = SUCCESS;
234 }
235 else
236 {
237 this->logger->log(this->logger, ERROR, "authentication of '%s' with preshared secret failed",
238 other_id->get_string(other_id));
239 status = FAILED;
240 }
241 other_id->destroy(other_id);
242 chunk_free(&my_auth_data);
243 return status;
244 }
245 case RSA_DIGITAL_SIGNATURE:
246 {
247 status_t status;
248 chunk_t octets;
249 chunk_t auth_data = auth_payload->get_data(auth_payload);
250 identification_t *other_id = other_id_payload->get_identification(other_id_payload);
251
252 rsa_public_key_t *public_key =
253 charon->credentials->get_trusted_public_key(charon->credentials, other_id);
254
255 if (public_key == NULL)
256 {
257 this->logger->log(this->logger, ERROR, "no public key found for '%s'",
258 other_id->get_string(other_id));
259 other_id->destroy(other_id);
260 return NOT_FOUND;
261 }
262
263 octets = this->allocate_octets(this,last_received_packet, my_nonce,other_id_payload, initiator);
264
265 status = public_key->verify_emsa_pkcs1_signature(public_key, octets, auth_data);
266 if (status == SUCCESS)
267 {
268 this->logger->log(this->logger, CONTROL, "authentication of '%s' with RSA successful",
269 other_id->get_string(other_id));
270 }
271 else
272 {
273 this->logger->log(this->logger, ERROR, "authentication of '%s' with RSA failed",
274 other_id->get_string(other_id));
275 }
276
277 other_id->destroy(other_id);
278 chunk_free(&octets);
279 return status;
280 }
281 default:
282 {
283 return NOT_SUPPORTED;
284 }
285 }
286 }
287
288 /**
289 * Implementation of authenticator_t.compute_auth_data.
290 */
291 static status_t compute_auth_data (private_authenticator_t *this,
292 auth_payload_t **auth_payload,
293 chunk_t last_sent_packet,
294 chunk_t other_nonce,
295 id_payload_t *my_id_payload,
296 bool initiator)
297 {
298 connection_t *connection = this->ike_sa->get_connection(this->ike_sa);
299
300 switch(connection->get_auth_method(connection))
301 {
302 case SHARED_KEY_MESSAGE_INTEGRITY_CODE:
303 {
304 identification_t *my_id = my_id_payload->get_identification(my_id_payload);
305 chunk_t preshared_secret;
306 status_t status;
307 chunk_t auth_data;
308
309 status = charon->credentials->get_shared_secret(charon->credentials,
310 my_id,
311 &preshared_secret);
312
313 if (status != SUCCESS)
314 {
315 this->logger->log(this->logger, ERROR, "no shared secret found for %s",
316 my_id->get_string(my_id));
317 my_id->destroy(my_id);
318 return status;
319 }
320 my_id->destroy(my_id);
321
322 auth_data = this->build_preshared_secret_signature(this, last_sent_packet, other_nonce,
323 my_id_payload, initiator, preshared_secret);
324 chunk_free(&preshared_secret);
325 *auth_payload = auth_payload_create();
326 (*auth_payload)->set_auth_method(*auth_payload, SHARED_KEY_MESSAGE_INTEGRITY_CODE);
327 (*auth_payload)->set_data(*auth_payload, auth_data);
328
329 chunk_free(&auth_data);
330 return SUCCESS;
331 }
332 case RSA_DIGITAL_SIGNATURE:
333 {
334 char buf[BUF_LEN];
335 chunk_t octets, auth_data;
336 status_t status = NOT_FOUND;
337 rsa_public_key_t *my_pubkey;
338 rsa_private_key_t *my_key;
339
340 identification_t *my_id = my_id_payload->get_identification(my_id_payload);
341
342 this->logger->log(this->logger, CONTROL|LEVEL1, "looking for public key belonging to '%s'",
343 my_id->get_string(my_id));
344
345 my_pubkey = charon->credentials->get_rsa_public_key(charon->credentials, my_id);
346 if (my_pubkey == NULL)
347 {
348 this->logger->log(this->logger, ERROR, "no public key found for '%s'",
349 my_id->get_string(my_id));
350 goto end_rsa;
351 }
352 this->logger->log(this->logger, CONTROL|LEVEL2, "matching public key found");
353
354 chunk_to_hex(buf, BUF_LEN, my_pubkey->get_keyid(my_pubkey));
355 this->logger->log(this->logger, CONTROL|LEVEL1, "looking for private key with keyid %s", buf);
356
357 my_key = charon->credentials->get_rsa_private_key(charon->credentials, my_pubkey);
358 if (my_key == NULL)
359 {
360 char buf[BUF_LEN];
361
362 chunk_to_hex(buf, BUF_LEN, my_pubkey->get_keyid(my_pubkey));
363 this->logger->log(this->logger, ERROR, "no private key found with for %s with keyid %s",
364 my_id->get_string(my_id), buf);
365 goto end_rsa;
366 }
367 this->logger->log(this->logger, CONTROL|LEVEL2, "matching private key found");
368
369 octets = this->allocate_octets(this,last_sent_packet,other_nonce,my_id_payload,initiator);
370 status = my_key->build_emsa_pkcs1_signature(my_key, HASH_SHA1, octets, &auth_data);
371 chunk_free(&octets);
372
373 if (status != SUCCESS)
374 {
375 my_key->destroy(my_key);
376 goto end_rsa;
377 }
378
379 *auth_payload = auth_payload_create();
380 (*auth_payload)->set_auth_method(*auth_payload, RSA_DIGITAL_SIGNATURE);
381 (*auth_payload)->set_data(*auth_payload, auth_data);
382
383 my_key->destroy(my_key);
384 chunk_free(&auth_data);
385
386 end_rsa:
387 my_id->destroy(my_id);
388 return status;
389 }
390 default:
391 {
392 return NOT_SUPPORTED;
393 }
394 }
395 }
396
397 /**
398 * Implementation of authenticator_t.destroy.
399 */
400 static void destroy (private_authenticator_t *this)
401 {
402 free(this);
403 }
404
405 /*
406 * Described in header.
407 */
408 authenticator_t *authenticator_create(ike_sa_t *ike_sa)
409 {
410 private_authenticator_t *this = malloc_thing(private_authenticator_t);
411
412 /* Public functions */
413 this->public.destroy = (void(*)(authenticator_t*))destroy;
414 this->public.verify_auth_data = (status_t (*) (authenticator_t *,auth_payload_t *, chunk_t ,chunk_t ,id_payload_t *,bool)) verify_auth_data;
415 this->public.compute_auth_data = (status_t (*) (authenticator_t *,auth_payload_t **, chunk_t ,chunk_t ,id_payload_t *,bool)) compute_auth_data;
416
417 /* private functions */
418 this->allocate_octets = allocate_octets;
419 this->build_preshared_secret_signature = build_preshared_secret_signature;
420
421 /* private data */
422 this->ike_sa = ike_sa;
423 this->prf = this->ike_sa->get_prf(this->ike_sa);
424 this->logger = logger_manager->get_logger(logger_manager, IKE_SA);
425
426 return &(this->public);
427 }