9094077e4e0f1e88d5c40e31aba93dd0bd7759c1
[strongswan.git] / src / charon / sa / authenticators / psk_authenticator.c
1 /*
2 * Copyright (C) 2005-2006 Martin Willi
3 * Copyright (C) 2005 Jan Hutter
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 *
16 * $Id$
17 */
18
19 #include <string.h>
20
21 #include "psk_authenticator.h"
22
23 #include <daemon.h>
24 #include <credentials/auth_info.h>
25
26 /**
27 * Key pad for the AUTH method SHARED_KEY_MESSAGE_INTEGRITY_CODE.
28 */
29 #define IKEV2_KEY_PAD "Key Pad for IKEv2"
30 #define IKEV2_KEY_PAD_LENGTH 17
31
32
33 typedef struct private_psk_authenticator_t private_psk_authenticator_t;
34
35 /**
36 * Private data of an psk_authenticator_t object.
37 */
38 struct private_psk_authenticator_t {
39
40 /**
41 * Public authenticator_t interface.
42 */
43 psk_authenticator_t public;
44
45 /**
46 * Assigned IKE_SA
47 */
48 ike_sa_t *ike_sa;
49 };
50
51 /**
52 * Builds the octets to be signed as described in section 2.15 of RFC 4306
53 */
54 chunk_t build_tbs_octets(chunk_t ike_sa_init, chunk_t nonce,
55 identification_t *id, prf_t *prf)
56 {
57 u_int8_t id_header_buf[] = {0x00, 0x00, 0x00, 0x00};
58 chunk_t id_header = chunk_from_buf(id_header_buf);
59 chunk_t id_with_header, id_prfd, id_encoding;
60
61 id_header_buf[0] = id->get_type(id);
62 id_encoding = id->get_encoding(id);
63
64 id_with_header = chunk_cat("cc", id_header, id_encoding);
65 prf->allocate_bytes(prf, id_with_header, &id_prfd);
66 chunk_free(&id_with_header);
67
68 return chunk_cat("ccm", ike_sa_init, nonce, id_prfd);
69 }
70
71 /**
72 * Creates the AUTH data using auth method SHARED_KEY_MESSAGE_INTEGRITY_CODE.
73 */
74 chunk_t build_shared_key_signature(chunk_t ike_sa_init, chunk_t nonce,
75 chunk_t secret, identification_t *id,
76 chunk_t skp, prf_t *prf)
77 {
78 chunk_t key_pad, key, auth_data, octets;
79
80 prf->set_key(prf, skp);
81 octets = build_tbs_octets(ike_sa_init, nonce, id, prf);
82 /* AUTH = prf(prf(Shared Secret,"Key Pad for IKEv2"), <msg octets>) */
83 key_pad.ptr = IKEV2_KEY_PAD;
84 key_pad.len = IKEV2_KEY_PAD_LENGTH;
85 prf->set_key(prf, secret);
86 prf->allocate_bytes(prf, key_pad, &key);
87 prf->set_key(prf, key);
88 prf->allocate_bytes(prf, octets, &auth_data);
89 DBG3(DBG_IKE, "octets = message + nonce + prf(Sk_px, IDx') %B", &octets);
90 DBG3(DBG_IKE, "secret %B", &secret);
91 DBG3(DBG_IKE, "keypad %B", &key_pad);
92 DBG3(DBG_IKE, "prf(secret, keypad) %B", &key);
93 DBG3(DBG_IKE, "AUTH = prf(prf(secret, keypad), octets) %B", &auth_data);
94 chunk_free(&octets);
95 chunk_free(&key);
96
97 return auth_data;
98 }
99
100 /**
101 * Implementation of authenticator_t.verify.
102 */
103 static status_t verify(private_psk_authenticator_t *this, chunk_t ike_sa_init,
104 chunk_t my_nonce, auth_payload_t *auth_payload)
105 {
106 chunk_t auth_data, recv_auth_data;
107 identification_t *my_id, *other_id;
108 shared_key_t *shared_key;
109 enumerator_t *enumerator;
110 bool authenticated = FALSE;
111 int keys_found = 0;
112
113 my_id = this->ike_sa->get_my_id(this->ike_sa);
114 other_id = this->ike_sa->get_other_id(this->ike_sa);
115 enumerator = charon->credentials->create_shared_enumerator(
116 charon->credentials, SHARED_IKE, my_id, other_id);
117 while (!authenticated && enumerator->enumerate(enumerator, &shared_key, NULL, NULL))
118 {
119 keys_found++;
120 auth_data = build_shared_key_signature(ike_sa_init, my_nonce,
121 shared_key->get_key(shared_key), other_id,
122 this->ike_sa->get_skp_verify(this->ike_sa),
123 this->ike_sa->get_prf(this->ike_sa));
124 recv_auth_data = auth_payload->get_data(auth_payload);
125 if (auth_data.len == recv_auth_data.len &&
126 memeq(auth_data.ptr, recv_auth_data.ptr, auth_data.len))
127 {
128 DBG1(DBG_IKE, "authentication of '%D' with %N successful",
129 other_id, auth_method_names, AUTH_PSK);
130 authenticated = TRUE;
131 }
132 chunk_free(&auth_data);
133 }
134 enumerator->destroy(enumerator);
135
136 if (!authenticated)
137 {
138 if (keys_found == 0)
139 {
140 DBG1(DBG_IKE, "no shared key found for '%D' - '%D'", my_id, other_id);
141 return NOT_FOUND;
142 }
143 DBG1(DBG_IKE, "tried %d shared key%s for '%D' - '%D', but MAC mismatched",
144 keys_found, keys_found == 1 ? "" : "s", my_id, other_id);
145 return FAILED;
146 }
147 return SUCCESS;
148 }
149
150 /**
151 * Implementation of authenticator_t.build.
152 */
153 static status_t build(private_psk_authenticator_t *this, chunk_t ike_sa_init,
154 chunk_t other_nonce, auth_payload_t **auth_payload)
155 {
156 shared_key_t *shared_key;
157 chunk_t auth_data;
158 identification_t *my_id, *other_id;
159
160 my_id = this->ike_sa->get_my_id(this->ike_sa);
161 other_id = this->ike_sa->get_other_id(this->ike_sa);
162 DBG1(DBG_IKE, "authentication of '%D' (myself) with %N",
163 my_id, auth_method_names, AUTH_PSK);
164 shared_key = charon->credentials->get_shared(charon->credentials, SHARED_IKE,
165 my_id, other_id);
166 if (shared_key == NULL)
167 {
168 DBG1(DBG_IKE, "no shared key found for '%D' - '%D'", my_id, other_id);
169 return NOT_FOUND;
170 }
171 auth_data = build_shared_key_signature(ike_sa_init, other_nonce,
172 shared_key->get_key(shared_key), my_id,
173 this->ike_sa->get_skp_build(this->ike_sa),
174 this->ike_sa->get_prf(this->ike_sa));
175 shared_key->destroy(shared_key);
176 DBG2(DBG_IKE, "successfully created shared key MAC");
177 *auth_payload = auth_payload_create();
178 (*auth_payload)->set_auth_method(*auth_payload, AUTH_PSK);
179 (*auth_payload)->set_data(*auth_payload, auth_data);
180
181 chunk_free(&auth_data);
182 return SUCCESS;
183 }
184
185 /**
186 * Implementation of authenticator_t.destroy.
187 */
188 static void destroy(private_psk_authenticator_t *this)
189 {
190 free(this);
191 }
192
193 /*
194 * Described in header.
195 */
196 psk_authenticator_t *psk_authenticator_create(ike_sa_t *ike_sa)
197 {
198 private_psk_authenticator_t *this = malloc_thing(private_psk_authenticator_t);
199
200 /* public functions */
201 this->public.authenticator_interface.verify = (status_t(*)(authenticator_t*,chunk_t,chunk_t,auth_payload_t*))verify;
202 this->public.authenticator_interface.build = (status_t(*)(authenticator_t*,chunk_t,chunk_t,auth_payload_t**))build;
203 this->public.authenticator_interface.destroy = (void(*)(authenticator_t*))destroy;
204
205 /* private data */
206 this->ike_sa = ike_sa;
207
208 return &this->public;
209 }