support of multiple certificates with same peer id
[strongswan.git] / src / charon / sa / authenticators / psk_authenticator.c
1 /**
2 * @file psk_authenticator.c
3 *
4 * @brief Implementation of psk_authenticator_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2005-2006 Martin Willi
10 * Copyright (C) 2005 Jan Hutter
11 * Hochschule fuer Technik Rapperswil
12 *
13 * This program is free software; you can redistribute it and/or modify it
14 * under the terms of the GNU General Public License as published by the
15 * Free Software Foundation; either version 2 of the License, or (at your
16 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
17 *
18 * This program is distributed in the hope that it will be useful, but
19 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
20 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
21 * for more details.
22 */
23
24 #include <string.h>
25
26 #include "psk_authenticator.h"
27
28 #include <daemon.h>
29
30 /**
31 * Key pad for the AUTH method SHARED_KEY_MESSAGE_INTEGRITY_CODE.
32 */
33 #define IKEV2_KEY_PAD "Key Pad for IKEv2"
34 #define IKEV2_KEY_PAD_LENGTH 17
35
36
37 typedef struct private_psk_authenticator_t private_psk_authenticator_t;
38
39 /**
40 * Private data of an psk_authenticator_t object.
41 */
42 struct private_psk_authenticator_t {
43
44 /**
45 * Public authenticator_t interface.
46 */
47 psk_authenticator_t public;
48
49 /**
50 * Assigned IKE_SA
51 */
52 ike_sa_t *ike_sa;
53 };
54
55 /**
56 * Builds the octets to be signed as described in section 2.15 of RFC 4306
57 */
58 chunk_t build_tbs_octets(chunk_t ike_sa_init, chunk_t nonce,
59 identification_t *id, prf_t *prf)
60 {
61 u_int8_t id_header_buf[] = {0x00, 0x00, 0x00, 0x00};
62 chunk_t id_header = chunk_from_buf(id_header_buf);
63 chunk_t id_with_header, id_prfd, id_encoding;
64
65 id_header_buf[0] = id->get_type(id);
66 id_encoding = id->get_encoding(id);
67
68 id_with_header = chunk_cat("cc", id_header, id_encoding);
69 prf->allocate_bytes(prf, id_with_header, &id_prfd);
70 chunk_free(&id_with_header);
71
72 return chunk_cat("ccm", ike_sa_init, nonce, id_prfd);
73 }
74
75 /**
76 * Creates the AUTH data using auth method SHARED_KEY_MESSAGE_INTEGRITY_CODE.
77 */
78 chunk_t build_shared_key_signature(chunk_t ike_sa_init, chunk_t nonce,
79 chunk_t secret, identification_t *id,
80 chunk_t skp, prf_t *prf)
81 {
82 chunk_t key_pad, key, auth_data, octets;
83
84 prf->set_key(prf, skp);
85 octets = build_tbs_octets(ike_sa_init, nonce, id, prf);
86 /* AUTH = prf(prf(Shared Secret,"Key Pad for IKEv2"), <msg octets>) */
87 key_pad.ptr = IKEV2_KEY_PAD;
88 key_pad.len = IKEV2_KEY_PAD_LENGTH;
89 prf->set_key(prf, secret);
90 prf->allocate_bytes(prf, key_pad, &key);
91 prf->set_key(prf, key);
92 prf->allocate_bytes(prf, octets, &auth_data);
93 DBG3(DBG_IKE, "octets = message + nonce + prf(Sk_px, IDx') %B", &octets);
94 DBG3(DBG_IKE, "secret %B", &secret);
95 DBG3(DBG_IKE, "keypad %B", &key_pad);
96 DBG3(DBG_IKE, "prf(secret, keypad) %B", &key);
97 DBG3(DBG_IKE, "AUTH = prf(prf(secret, keypad), octets) %B", &auth_data);
98 chunk_free(&octets);
99 chunk_free(&key);
100
101 return auth_data;
102 }
103
104 /**
105 * Implementation of authenticator_t.verify.
106 */
107 static status_t verify(private_psk_authenticator_t *this, chunk_t ike_sa_init,
108 chunk_t my_nonce, auth_payload_t *auth_payload)
109 {
110 status_t status;
111 chunk_t auth_data, recv_auth_data, shared_key;
112 identification_t *my_id, *other_id;
113
114 my_id = this->ike_sa->get_my_id(this->ike_sa);
115 other_id = this->ike_sa->get_other_id(this->ike_sa);
116 status = charon->credentials->get_shared_key(charon->credentials, my_id,
117 other_id, &shared_key);
118 if (status != SUCCESS)
119 {
120 DBG1(DBG_IKE, "no shared key found for '%D' - '%D'", my_id, other_id);
121 return status;
122 }
123
124 auth_data = build_shared_key_signature(ike_sa_init, my_nonce, shared_key,
125 other_id, this->ike_sa->get_skp_verify(this->ike_sa),
126 this->ike_sa->get_prf(this->ike_sa));
127 chunk_free(&shared_key);
128
129 recv_auth_data = auth_payload->get_data(auth_payload);
130 if (auth_data.len != recv_auth_data.len ||
131 !memeq(auth_data.ptr, recv_auth_data.ptr, auth_data.len))
132 {
133 DBG1(DBG_IKE, "PSK MAC verification failed");
134 chunk_free(&auth_data);
135 return FAILED;
136 }
137 chunk_free(&auth_data);
138
139 DBG1(DBG_IKE, "authentication of '%D' with %N successful",
140 other_id, auth_method_names, AUTH_PSK);
141 return SUCCESS;
142 }
143
144 /**
145 * Implementation of authenticator_t.build.
146 */
147 static status_t build(private_psk_authenticator_t *this, chunk_t ike_sa_init,
148 chunk_t other_nonce, auth_payload_t **auth_payload)
149 {
150 chunk_t shared_key;
151 chunk_t auth_data;
152 status_t status;
153 identification_t *my_id, *other_id;
154
155 my_id = this->ike_sa->get_my_id(this->ike_sa);
156 other_id = this->ike_sa->get_other_id(this->ike_sa);
157 DBG1(DBG_IKE, "authentication of '%D' (myself) with %N",
158 my_id, auth_method_names, AUTH_PSK);
159 status = charon->credentials->get_shared_key(charon->credentials, my_id,
160 other_id, &shared_key);
161 if (status != SUCCESS)
162 {
163 DBG1(DBG_IKE, "no shared key found for '%D' - '%D'", my_id, other_id);
164 return status;
165 }
166
167 auth_data = build_shared_key_signature(ike_sa_init, other_nonce, shared_key,
168 my_id, this->ike_sa->get_skp_build(this->ike_sa),
169 this->ike_sa->get_prf(this->ike_sa));
170 DBG2(DBG_IKE, "successfully created shared key MAC");
171 chunk_free(&shared_key);
172 *auth_payload = auth_payload_create();
173 (*auth_payload)->set_auth_method(*auth_payload, AUTH_PSK);
174 (*auth_payload)->set_data(*auth_payload, auth_data);
175
176 chunk_free(&auth_data);
177 return SUCCESS;
178 }
179
180 /**
181 * Implementation of authenticator_t.destroy.
182 */
183 static void destroy(private_psk_authenticator_t *this)
184 {
185 free(this);
186 }
187
188 /*
189 * Described in header.
190 */
191 psk_authenticator_t *psk_authenticator_create(ike_sa_t *ike_sa)
192 {
193 private_psk_authenticator_t *this = malloc_thing(private_psk_authenticator_t);
194
195 /* public functions */
196 this->public.authenticator_interface.verify = (status_t(*)(authenticator_t*,chunk_t,chunk_t,auth_payload_t*))verify;
197 this->public.authenticator_interface.build = (status_t(*)(authenticator_t*,chunk_t,chunk_t,auth_payload_t**))build;
198 this->public.authenticator_interface.destroy = (void(*)(authenticator_t*))destroy;
199
200 /* private data */
201 this->ike_sa = ike_sa;
202
203 return &this->public;
204 }