When logging to the database, the IDs of an IKE SA are initially NULL.
[strongswan.git] / src / libsimaka / simaka_crypto.c
1 /*
2 * Copyright (C) 2009 Martin Willi
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "simaka_crypto.h"
17
18 #include <daemon.h>
19
20 /** length of the k_encr key */
21 #define KENCR_LEN 16
22 /** length of the k_auth key */
23 #define KAUTH_LEN 16
24 /** length of the MSK */
25 #define MSK_LEN 64
26 /** length of the EMSK */
27 #define EMSK_LEN 64
28
29 typedef struct private_simaka_crypto_t private_simaka_crypto_t;
30
31 /**
32 * Private data of an simaka_crypto_t object.
33 */
34 struct private_simaka_crypto_t {
35
36 /**
37 * Public simaka_crypto_t interface.
38 */
39 simaka_crypto_t public;
40
41 /**
42 * signer to create/verify AT_MAC
43 */
44 signer_t *signer;
45
46 /**
47 * crypter to encrypt/decrypt AT_ENCR_DATA
48 */
49 crypter_t *crypter;
50
51 /**
52 * hasher used in key derivation
53 */
54 hasher_t *hasher;
55
56 /**
57 * PRF function used in key derivation
58 */
59 prf_t *prf;
60
61 /**
62 * Random number generator to generate nonces
63 */
64 rng_t *rng;
65
66 /**
67 * Have k_encr/k_auth been derived?
68 */
69 bool derived;
70 };
71
72 /**
73 * Implementation of simaka_crypto_t.get_signer
74 */
75 static signer_t* get_signer(private_simaka_crypto_t *this)
76 {
77 return this->derived ? this->signer : NULL;
78 }
79
80 /**
81 * Implementation of simaka_crypto_t.get_crypter
82 */
83 static crypter_t* get_crypter(private_simaka_crypto_t *this)
84 {
85 return this->derived ? this->crypter : NULL;
86 }
87
88 /**
89 * Implementation of simaka_crypto_t.get_rng
90 */
91 static rng_t* get_rng(private_simaka_crypto_t *this)
92 {
93 return this->rng;
94 }
95
96 /**
97 * Implementation of simaka_crypto_t.derive_keys_full
98 */
99 static chunk_t derive_keys_full(private_simaka_crypto_t *this,
100 identification_t *id, chunk_t data, chunk_t *mk)
101 {
102 chunk_t str, msk, k_encr, k_auth;
103 int i;
104
105 /* For SIM: MK = SHA1(Identity|n*Kc|NONCE_MT|Version List|Selected Version)
106 * For AKA: MK = SHA1(Identity|IK|CK) */
107 this->hasher->get_hash(this->hasher, id->get_encoding(id), NULL);
108 this->hasher->allocate_hash(this->hasher, data, mk);
109 DBG3(DBG_IKE, "MK %B", mk);
110
111 /* K_encr | K_auth | MSK | EMSK = prf() | prf() | prf() | prf() */
112 this->prf->set_key(this->prf, *mk);
113 str = chunk_alloca(this->prf->get_block_size(this->prf) * 3);
114 for (i = 0; i < 3; i++)
115 {
116 this->prf->get_bytes(this->prf, chunk_empty, str.ptr + str.len / 3 * i);
117 }
118
119 k_encr = chunk_create(str.ptr, KENCR_LEN);
120 k_auth = chunk_create(str.ptr + KENCR_LEN, KAUTH_LEN);
121 msk = chunk_create(str.ptr + KENCR_LEN + KAUTH_LEN, MSK_LEN);
122 DBG3(DBG_IKE, "K_encr %B\nK_auth %B\nMSK %B", &k_encr, &k_auth, &msk);
123
124 this->signer->set_key(this->signer, k_auth);
125 this->crypter->set_key(this->crypter, k_encr);
126
127 charon->sim->key_hook(charon->sim, k_encr, k_auth);
128
129 this->derived = TRUE;
130 return chunk_clone(msk);
131 }
132
133 /**
134 * Implementation of simaka_crypto_t.derive_keys_reauth
135 */
136 static void derive_keys_reauth(private_simaka_crypto_t *this, chunk_t mk)
137 {
138 chunk_t str, k_encr, k_auth;
139 int i;
140
141 /* K_encr | K_auth = prf() | prf() */
142 this->prf->set_key(this->prf, mk);
143 str = chunk_alloca(this->prf->get_block_size(this->prf) * 2);
144 for (i = 0; i < 2; i++)
145 {
146 this->prf->get_bytes(this->prf, chunk_empty, str.ptr + str.len / 2 * i);
147 }
148 k_encr = chunk_create(str.ptr, KENCR_LEN);
149 k_auth = chunk_create(str.ptr + KENCR_LEN, KAUTH_LEN);
150 DBG3(DBG_IKE, "K_encr %B\nK_auth %B", &k_encr, &k_auth);
151
152 this->signer->set_key(this->signer, k_auth);
153 this->crypter->set_key(this->crypter, k_encr);
154
155 charon->sim->key_hook(charon->sim, k_encr, k_auth);
156
157 this->derived = TRUE;
158 }
159
160 /**
161 * Implementation of simaka_crypto_t.derive_keys_reauth_msk
162 */
163 static chunk_t derive_keys_reauth_msk(private_simaka_crypto_t *this,
164 identification_t *id, chunk_t counter,
165 chunk_t nonce_s, chunk_t mk)
166 {
167 char xkey[HASH_SIZE_SHA1];
168 chunk_t str, msk;
169 int i;
170
171 this->hasher->get_hash(this->hasher, id->get_encoding(id), NULL);
172 this->hasher->get_hash(this->hasher, counter, NULL);
173 this->hasher->get_hash(this->hasher, nonce_s, NULL);
174 this->hasher->get_hash(this->hasher, mk, xkey);
175
176 /* MSK | EMSK = prf() | prf() | prf() | prf() */
177 this->prf->set_key(this->prf, chunk_create(xkey, sizeof(xkey)));
178 str = chunk_alloca(this->prf->get_block_size(this->prf) * 2);
179 for (i = 0; i < 2; i++)
180 {
181 this->prf->get_bytes(this->prf, chunk_empty, str.ptr + str.len / 2 * i);
182 }
183 msk = chunk_create(str.ptr, MSK_LEN);
184 DBG3(DBG_IKE, "MSK %B", &msk);
185
186 return chunk_clone(msk);
187 }
188
189 /**
190 * Implementation of simaka_crypto_t.clear_keys
191 */
192 static void clear_keys(private_simaka_crypto_t *this)
193 {
194 this->derived = FALSE;
195 }
196
197 /**
198 * Implementation of simaka_crypto_t.destroy.
199 */
200 static void destroy(private_simaka_crypto_t *this)
201 {
202 DESTROY_IF(this->rng);
203 DESTROY_IF(this->hasher);
204 DESTROY_IF(this->prf);
205 DESTROY_IF(this->signer);
206 DESTROY_IF(this->crypter);
207 free(this);
208 }
209
210 /**
211 * See header
212 */
213 simaka_crypto_t *simaka_crypto_create()
214 {
215 private_simaka_crypto_t *this = malloc_thing(private_simaka_crypto_t);
216
217 this->public.get_signer = (signer_t*(*)(simaka_crypto_t*))get_signer;
218 this->public.get_crypter = (crypter_t*(*)(simaka_crypto_t*))get_crypter;
219 this->public.get_rng = (rng_t*(*)(simaka_crypto_t*))get_rng;
220 this->public.derive_keys_full = (chunk_t(*)(simaka_crypto_t*, identification_t *id, chunk_t data, chunk_t *mk))derive_keys_full;
221 this->public.derive_keys_reauth = (void(*)(simaka_crypto_t*, chunk_t mk))derive_keys_reauth;
222 this->public.derive_keys_reauth_msk = (chunk_t(*)(simaka_crypto_t*, identification_t *id, chunk_t counter, chunk_t nonce_s, chunk_t mk))derive_keys_reauth_msk;
223 this->public.clear_keys = (void(*)(simaka_crypto_t*))clear_keys;
224 this->public.destroy = (void(*)(simaka_crypto_t*))destroy;
225
226 this->derived = FALSE;
227 this->rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
228 this->hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
229 this->prf = lib->crypto->create_prf(lib->crypto, PRF_FIPS_SHA1_160);
230 this->signer = lib->crypto->create_signer(lib->crypto, AUTH_HMAC_SHA1_128);
231 this->crypter = lib->crypto->create_crypter(lib->crypto, ENCR_AES_CBC, 16);
232 if (!this->rng || !this->hasher || !this->prf ||
233 !this->signer || !this->crypter)
234 {
235 DBG1(DBG_IKE, "unable to use EAP-SIM, missing algorithms");
236 destroy(this);
237 return NULL;
238 }
239 return &this->public;
240 }
241