Use remote PSK signature computed by TKM
[strongswan.git] / src / charon-tkm / src / tkm / tkm_keymat.c
index cdc6800..3b1fd1c 100644 (file)
  */
 
 #include <daemon.h>
+#include <sa/ikev2/keymat_v2.h>
+#include <tkm/constants.h>
+#include <tkm/client.h>
 
+#include "tkm.h"
+#include "tkm_utils.h"
+#include "tkm_diffie_hellman.h"
 #include "tkm_keymat.h"
 
 typedef struct private_tkm_keymat_t private_tkm_keymat_t;
@@ -30,8 +36,106 @@ struct private_tkm_keymat_t {
         */
        tkm_keymat_t public;
 
+       /**
+        * IKEv2 keymat proxy (will be removed).
+        */
+       keymat_v2_t *proxy;
+
+       /**
+        * IKE_SA Role, initiator or responder.
+        */
+       bool initiator;
+
+       /**
+        * Inbound AEAD.
+        */
+       aead_t *aead_in;
+
+       /**
+        * Outbound AEAD.
+        */
+       aead_t *aead_out;
+
 };
 
+/**
+ * Create AEAD transforms from given key chunks.
+ *
+ * @param in                   inbound AEAD transform to allocate, NULL if failed
+ * @param out                  outbound AEAD transform to allocate, NULL if failed
+ * @param sk_ai                        SK_ai key chunk
+ * @param sk_ar                        SK_ar key chunk
+ * @param sk_ei                        SK_ei key chunk
+ * @param sk_er                        SK_er key chunk
+ * @param enc_alg              encryption algorithm to use
+ * @param int_alg              integrity algorithm to use
+ * @param key_size             encryption key size in bytes
+ * @param initiator            TRUE if initiator
+ */
+static void aead_create_from_keys(aead_t **in, aead_t **out,
+          const chunk_t * const sk_ai, const chunk_t * const sk_ar,
+          const chunk_t * const sk_ei, const chunk_t * const sk_er,
+          const u_int16_t enc_alg, const u_int16_t int_alg,
+          const u_int16_t key_size, bool initiator)
+{
+       *in = *out = NULL;
+
+       signer_t * const signer_i = lib->crypto->create_signer(lib->crypto, int_alg);
+       signer_t * const signer_r = lib->crypto->create_signer(lib->crypto, int_alg);
+       if (signer_i == NULL || signer_r == NULL)
+       {
+               DBG1(DBG_IKE, "%N %N not supported!",
+                        transform_type_names, INTEGRITY_ALGORITHM,
+                        integrity_algorithm_names, int_alg);
+               return;
+       }
+       crypter_t * const crypter_i = lib->crypto->create_crypter(lib->crypto,
+                       enc_alg, key_size);
+       crypter_t * const crypter_r = lib->crypto->create_crypter(lib->crypto,
+                       enc_alg, key_size);
+       if (crypter_i == NULL || crypter_r == NULL)
+       {
+               signer_i->destroy(signer_i);
+               signer_r->destroy(signer_r);
+               DBG1(DBG_IKE, "%N %N (key size %d) not supported!",
+                        transform_type_names, ENCRYPTION_ALGORITHM,
+                        encryption_algorithm_names, enc_alg, key_size);
+               return;
+       }
+
+       DBG4(DBG_IKE, "Sk_ai %B", sk_ai);
+       if (!signer_i->set_key(signer_i, *sk_ai))
+       {
+               return;
+       }
+       DBG4(DBG_IKE, "Sk_ar %B", sk_ar);
+       if (!signer_r->set_key(signer_r, *sk_ar))
+       {
+               return;
+       }
+       DBG4(DBG_IKE, "Sk_ei %B", sk_ei);
+       if (!crypter_i->set_key(crypter_i, *sk_ei))
+       {
+               return;
+       }
+       DBG4(DBG_IKE, "Sk_er %B", sk_er);
+       if (!crypter_r->set_key(crypter_r, *sk_er))
+       {
+               return;
+       }
+
+       if (initiator)
+       {
+               *in = aead_create(crypter_r, signer_r);
+               *out = aead_create(crypter_i, signer_i);
+       }
+       else
+       {
+               *in = aead_create(crypter_i, signer_i);
+               *out = aead_create(crypter_r, signer_r);
+       }
+}
+
 METHOD(keymat_t, get_version, ike_version_t,
        private_tkm_keymat_t *this)
 {
@@ -55,7 +159,113 @@ METHOD(tkm_keymat_t, derive_ike_keys, bool,
        chunk_t nonce_i, chunk_t nonce_r, ike_sa_id_t *id,
        pseudo_random_function_t rekey_function, chunk_t rekey_skd)
 {
-       DBG1(DBG_IKE, "deriving IKE keys");
+       /* Check encryption and integrity algorithms */
+       u_int16_t enc_alg, int_alg, key_size;
+       if (!proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &enc_alg, &key_size))
+       {
+               DBG1(DBG_IKE, "no %N selected", transform_type_names,
+                               ENCRYPTION_ALGORITHM);
+               return FALSE;
+       }
+       if (encryption_algorithm_is_aead(enc_alg))
+       {
+               DBG1(DBG_IKE, "AEAD algorithm %N not supported",
+                          encryption_algorithm_names, enc_alg);
+               return FALSE;
+       }
+       if (!proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM, &int_alg, NULL))
+       {
+               DBG1(DBG_IKE, "no %N selected", transform_type_names,
+                               INTEGRITY_ALGORITHM);
+               return FALSE;
+       }
+       if (!(enc_alg == ENCR_AES_CBC && key_size == 256 &&
+                       int_alg == AUTH_HMAC_SHA2_512_256))
+       {
+               DBG1(DBG_IKE, "the TKM only supports aes256-sha512 at the moment, please"
+                               " update your configuration");
+               return FALSE;
+       }
+
+       DBG2(DBG_IKE, "using %N for encryption, %N for integrity",
+                       encryption_algorithm_names, enc_alg,
+                       integrity_algorithm_names, int_alg);
+
+       /* Acquire nonce context id */
+       chunk_t * const nonce = this->initiator ? &nonce_i : &nonce_r;
+       const uint64_t nc_id = tkm->chunk_map->get_id(tkm->chunk_map, nonce);
+       if (!nc_id)
+       {
+               DBG1(DBG_IKE, "unable to acquire context id for nonce");
+               return FALSE;
+       }
+
+       /* Get DH context id */
+       tkm_diffie_hellman_t * const tkm_dh = (tkm_diffie_hellman_t *)dh;
+       const dh_id_type dh_id = tkm_dh->get_id(tkm_dh);
+
+       nonce_type nonce_rem;
+       u_int64_t spi_loc, spi_rem;
+
+       if (this->initiator)
+       {
+               chunk_to_sequence(&nonce_r, &nonce_rem);
+               spi_loc = id->get_initiator_spi(id);
+               spi_rem = id->get_responder_spi(id);
+       }
+       else
+       {
+               chunk_to_sequence(&nonce_i, &nonce_rem);
+               spi_loc = id->get_responder_spi(id);
+               spi_rem = id->get_initiator_spi(id);
+       }
+
+       key_type sk_ai, sk_ar, sk_ei, sk_er;
+       DBG1(DBG_IKE, "deriving IKE keys (nc: %llu, dh: %llu, spi_loc: %llx, "
+                       "spi_rem: %llx)", nc_id, dh_id, spi_loc, spi_rem);
+       /* Fake some data for now */
+       if (ike_isa_create(1, 1, 1, dh_id, nc_id, nonce_rem, 1, spi_loc, spi_rem,
+                               &sk_ai, &sk_ar, &sk_ei, &sk_er) != TKM_OK)
+       {
+               DBG1(DBG_IKE, "key derivation failed");
+               return FALSE;
+       }
+
+       chunk_t c_ai, c_ar, c_ei, c_er;
+       sequence_to_chunk(sk_ai.data, sk_ai.size, &c_ai);
+       sequence_to_chunk(sk_ar.data, sk_ar.size, &c_ar);
+       sequence_to_chunk(sk_ei.data, sk_ei.size, &c_ei);
+       sequence_to_chunk(sk_er.data, sk_er.size, &c_er);
+
+       aead_create_from_keys(&this->aead_in, &this->aead_out,
+                       &c_ai, &c_ar, &c_ei, &c_er,
+                       enc_alg, int_alg, key_size / 8, this->initiator);
+
+       chunk_clear(&c_ai);
+       chunk_clear(&c_ar);
+       chunk_clear(&c_ei);
+       chunk_clear(&c_er);
+
+       if (!this->aead_in || !this->aead_out)
+       {
+               DBG1(DBG_IKE, "could not initialize AEAD transforms");
+               return FALSE;
+       }
+
+       /* TODO: Add failure handler (see keymat_v2.c) */
+
+       if (this->proxy->derive_ike_keys(this->proxy, proposal, dh, nonce_i,
+                               nonce_r, id, rekey_function, rekey_skd))
+       {
+               tkm->chunk_map->remove(tkm->chunk_map, nonce);
+               if (ike_nc_reset(nc_id) != TKM_OK)
+               {
+                       DBG1(DBG_IKE, "failed to reset nonce context %llu", nc_id);
+               }
+               tkm->idmgr->release_id(tkm->idmgr, TKM_CTX_NONCE, nc_id);
+
+               return TRUE;
+       }
        return FALSE;
 }
 
@@ -65,14 +275,14 @@ METHOD(tkm_keymat_t, derive_child_keys, bool,
        chunk_t *encr_r, chunk_t *integ_r)
 {
        DBG1(DBG_CHD, "deriving child keys");
-       return FALSE;
+       return this->proxy->derive_child_keys(this->proxy, proposal, dh, nonce_i,
+                       nonce_r, encr_i, integ_i, encr_r, integ_r);
 }
 
 METHOD(keymat_t, get_aead, aead_t*,
        private_tkm_keymat_t *this, bool in)
 {
-       DBG1(DBG_IKE, "get_aead called");
-       return NULL;
+       return in ? this->aead_in : this->aead_out;
 }
 
 METHOD(tkm_keymat_t, get_auth_octets, bool,
@@ -80,27 +290,51 @@ METHOD(tkm_keymat_t, get_auth_octets, bool,
        chunk_t nonce, identification_t *id, char reserved[3], chunk_t *octets)
 {
        DBG1(DBG_IKE, "returning auth octets");
-       return FALSE;
+       return this->proxy->get_auth_octets(this->proxy, verify, ike_sa_init, nonce,
+                       id, reserved, octets);
 }
 
 METHOD(tkm_keymat_t, get_skd, pseudo_random_function_t,
        private_tkm_keymat_t *this, chunk_t *skd)
 {
        DBG1(DBG_IKE, "returning skd");
-       return PRF_UNDEFINED;
+       return this->proxy->get_skd(this->proxy, skd);
 }
 
 METHOD(tkm_keymat_t, get_psk_sig, bool,
        private_tkm_keymat_t *this, bool verify, chunk_t ike_sa_init, chunk_t nonce,
        chunk_t secret, identification_t *id, char reserved[3], chunk_t *sig)
 {
-       DBG1(DBG_IKE, "returning PSK signature");
-       return FALSE;
+       DBG1(DBG_IKE, "returning %s PSK signature", verify ? "remote" : "local");
+
+       signature_type signature;
+       init_message_type msg;
+       chunk_to_sequence(&ike_sa_init, &msg);
+
+       chunk_t idx_chunk, chunk = chunk_alloca(4);
+       chunk.ptr[0] = id->get_type(id);
+       memcpy(chunk.ptr + 1, reserved, 3);
+       idx_chunk = chunk_cata("cc", chunk, id->get_encoding(id));
+       idx_type idx;
+       chunk_to_sequence(&idx_chunk, &idx);
+
+       if (ike_isa_sign_psk(1, msg, idx, verify == TRUE, &signature) != TKM_OK)
+       {
+               DBG1(DBG_IKE, "get %s PSK signature failed", verify ?
+                               "remote" : "local");
+               return FALSE;
+       }
+
+       sequence_to_chunk(&signature.data[0], signature.size, sig);
+       return TRUE;
 }
 
 METHOD(keymat_t, destroy, void,
        private_tkm_keymat_t *this)
 {
+       DESTROY_IF(this->aead_in);
+       DESTROY_IF(this->aead_out);
+       this->proxy->keymat.destroy(&this->proxy->keymat);
        free(this);
 }
 
@@ -126,6 +360,8 @@ tkm_keymat_t *tkm_keymat_create(bool initiator)
                        .get_auth_octets = _get_auth_octets,
                        .get_psk_sig = _get_psk_sig,
                },
+               .initiator = initiator,
+               .proxy = keymat_v2_create(initiator),
        );
 
        return &this->public;