write_bytes_to_buffer(this, value->ptr, value->len);
}
-METHOD(generator_t, write_to_chunk, void,
- private_generator_t *this, chunk_t *data)
+METHOD(generator_t, get_chunk, chunk_t,
+ private_generator_t *this, u_int32_t **lenpos)
{
- u_int32_t len, val;
+ chunk_t data;
- len = get_length(this);
-
- /* write length into header length field */
- if (this->header_length_position_offset > 0)
- {
- val = htonl(len);
- write_bytes_to_buffer_at_offset(this, &val, sizeof(u_int32_t),
- this->header_length_position_offset);
- }
- *data = chunk_alloc(len);
- memcpy(data->ptr, this->buffer, len);
-
- DBG3(DBG_ENC, "generated data of this generator %B", data);
+ *lenpos = (u_int32_t*)(this->buffer + this->header_length_position_offset);
+ data = chunk_create(this->buffer, get_length(this));
+ DBG3(DBG_ENC, "generated data of this generator %B", &data);
+ return data;
}
METHOD(generator_t, generate_payload, void,
INIT(this,
.public = {
- .write_to_chunk = _write_to_chunk,
+ .get_chunk = _get_chunk,
.generate_payload = _generate_payload,
.destroy = _destroy,
},
/**
* Generates a specific payload from given payload object.
*
- * Remember: Header and substructures are also handled as payloads.
- *
* @param payload interface payload_t implementing object
*/
void (*generate_payload) (generator_t *this,payload_t *payload);
/**
- * Writes all generated data of the generator to a chunk.
+ * Return a chunk for the currently generated data.
+ *
+ * The returned length pointer must be filled in with the length of
+ * the generated chunk (in network order).
*
- * @param data chunk to write the data to
+ * @param lenpos receives a pointer to fill in length value
+ * @param return chunk to internal buffer.
*/
- void (*write_to_chunk) (generator_t *this,chunk_t *data);
+ chunk_t (*get_chunk) (generator_t *this, u_int32_t **lenpos);
/**
* Destroys a generator_t object.
/*
* Copyright (C) 2006-2007 Tobias Brunner
- * Copyright (C) 2005-2009 Martin Willi
+ * Copyright (C) 2005-2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
* Copyright (C) 2006 Daniel Roethlisberger
* Copyright (C) 2005 Jan Hutter
* Hochschule fuer Technik Rapperswil
*/
#define MAX_DELETE_PAYLOADS 20
-
-typedef struct payload_rule_t payload_rule_t;
-
/**
* A payload rule defines the rules for a payload
* in a specific message rule. It defines if and how
* many times a payload must/can occur in a message
* and if it must be encrypted.
*/
-struct payload_rule_t {
- /**
- * Payload type.
- */
- payload_type_t payload_type;
-
- /**
- * Minimal occurence of this payload.
- */
- size_t min_occurence;
-
- /**
- * Max occurence of this payload.
- */
- size_t max_occurence;
-
- /**
- * TRUE if payload must be encrypted
- */
- bool encrypted;
-
- /**
- * If this payload occurs, the message rule is
- * fullfilled in any case. This applies e.g. to
- * notify_payloads.
- */
- bool sufficient;
-};
-
-typedef struct payload_order_t payload_order_t;
+typedef struct {
+ /* Payload type */
+ payload_type_t type;
+ /* Minimal occurence of this payload. */
+ size_t min_occurence;
+ /* Max occurence of this payload. */
+ size_t max_occurence;
+ /* TRUE if payload must be encrypted */
+ bool encrypted;
+ /* If payload occurs, the message rule is fullfilled */
+ bool sufficient;
+} payload_rule_t;
/**
* payload ordering structure allows us to reorder payloads according to RFC.
*/
-struct payload_order_t {
-
- /**
- * payload type
- */
+typedef struct {
+ /** payload type */
payload_type_t type;
-
- /**
- * notify type, if payload == NOTIFY
- */
+ /** notify type, if payload == NOTIFY */
notify_type_t notify;
-};
-
-
-typedef struct message_rule_t message_rule_t;
+} payload_order_t;
/**
* A message rule defines the kind of a message,
* if it has encrypted contents and a list
* of payload ordering rules and payload parsing rules.
*/
-struct message_rule_t {
- /**
- * Type of message.
- */
+typedef struct {
+ /** Type of message. */
exchange_type_t exchange_type;
-
- /**
- * Is message a request or response.
- */
+ /** Is message a request or response. */
bool is_request;
-
- /**
- * Message contains encrypted content.
- */
- bool encrypted_content;
-
- /**
- * Number of payload rules which will follow
- */
- int payload_rule_count;
-
- /**
- * Pointer to first payload rule
- */
- payload_rule_t *payload_rules;
-
- /**
- * Number of payload order rules
- */
- int payload_order_count;
-
- /**
- * payload ordering rules
- */
- payload_order_t *payload_order;
-};
+ /** Message contains encrypted payloads. */
+ bool encrypted;
+ /** Number of payload rules which will follow */
+ int rule_count;
+ /** Pointer to first payload rule */
+ payload_rule_t *rules;
+ /** Number of payload order rules */
+ int order_count;
+ /** payload ordering rules */
+ payload_order_t *order;
+} message_rule_t;
/**
* Message rule for IKE_SA_INIT from initiator.
*/
-static payload_rule_t ike_sa_init_i_payload_rules[] = {
+static payload_rule_t ike_sa_init_i_rules[] = {
/* payload type min max encr suff */
{NOTIFY, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE},
{SECURITY_ASSOCIATION, 1, 1, FALSE, FALSE},
/**
* payload order for IKE_SA_INIT initiator
*/
-static payload_order_t ike_sa_init_i_payload_order[] = {
+static payload_order_t ike_sa_init_i_order[] = {
/* payload type notify type */
{NOTIFY, COOKIE},
{SECURITY_ASSOCIATION, 0},
/**
* Message rule for IKE_SA_INIT from responder.
*/
-static payload_rule_t ike_sa_init_r_payload_rules[] = {
+static payload_rule_t ike_sa_init_r_rules[] = {
/* payload type min max encr suff */
{NOTIFY, 0, MAX_NOTIFY_PAYLOADS, FALSE, TRUE},
{SECURITY_ASSOCIATION, 1, 1, FALSE, FALSE},
/**
* payload order for IKE_SA_INIT responder
*/
-static payload_order_t ike_sa_init_r_payload_order[] = {
+static payload_order_t ike_sa_init_r_order[] = {
/* payload type notify type */
{SECURITY_ASSOCIATION, 0},
{KEY_EXCHANGE, 0},
/**
* Message rule for IKE_AUTH from initiator.
*/
-static payload_rule_t ike_auth_i_payload_rules[] = {
+static payload_rule_t ike_auth_i_rules[] = {
/* payload type min max encr suff */
{NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE},
{EXTENSIBLE_AUTHENTICATION, 0, 1, TRUE, TRUE},
/**
* payload order for IKE_AUTH initiator
*/
-static payload_order_t ike_auth_i_payload_order[] = {
+static payload_order_t ike_auth_i_order[] = {
/* payload type notify type */
{ID_INITIATOR, 0},
{CERTIFICATE, 0},
/**
* Message rule for IKE_AUTH from responder.
*/
-static payload_rule_t ike_auth_r_payload_rules[] = {
+static payload_rule_t ike_auth_r_rules[] = {
/* payload type min max encr suff */
{NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, TRUE},
{EXTENSIBLE_AUTHENTICATION, 0, 1, TRUE, TRUE},
/**
* payload order for IKE_AUTH responder
*/
-static payload_order_t ike_auth_r_payload_order[] = {
+static payload_order_t ike_auth_r_order[] = {
/* payload type notify type */
{ID_RESPONDER, 0},
{CERTIFICATE, 0},
/**
* Message rule for INFORMATIONAL from initiator.
*/
-static payload_rule_t informational_i_payload_rules[] = {
+static payload_rule_t informational_i_rules[] = {
/* payload type min max encr suff */
{NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE},
{CONFIGURATION, 0, 1, TRUE, FALSE},
/**
* payload order for INFORMATIONAL initiator
*/
-static payload_order_t informational_i_payload_order[] = {
+static payload_order_t informational_i_order[] = {
/* payload type notify type */
{NOTIFY, UPDATE_SA_ADDRESSES},
{NOTIFY, NAT_DETECTION_SOURCE_IP},
/**
* Message rule for INFORMATIONAL from responder.
*/
-static payload_rule_t informational_r_payload_rules[] = {
+static payload_rule_t informational_r_rules[] = {
/* payload type min max encr suff */
{NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE},
{CONFIGURATION, 0, 1, TRUE, FALSE},
/**
* payload order for INFORMATIONAL responder
*/
-static payload_order_t informational_r_payload_order[] = {
+static payload_order_t informational_r_order[] = {
/* payload type notify type */
{NOTIFY, UPDATE_SA_ADDRESSES},
{NOTIFY, NAT_DETECTION_SOURCE_IP},
/**
* Message rule for CREATE_CHILD_SA from initiator.
*/
-static payload_rule_t create_child_sa_i_payload_rules[] = {
+static payload_rule_t create_child_sa_i_rules[] = {
/* payload type min max encr suff */
{NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE},
{SECURITY_ASSOCIATION, 1, 1, TRUE, FALSE},
/**
* payload order for CREATE_CHILD_SA from initiator.
*/
-static payload_order_t create_child_sa_i_payload_order[] = {
+static payload_order_t create_child_sa_i_order[] = {
/* payload type notify type */
{NOTIFY, REKEY_SA},
{NOTIFY, IPCOMP_SUPPORTED},
/**
* Message rule for CREATE_CHILD_SA from responder.
*/
-static payload_rule_t create_child_sa_r_payload_rules[] = {
+static payload_rule_t create_child_sa_r_rules[] = {
/* payload type min max encr suff */
{NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, TRUE},
{SECURITY_ASSOCIATION, 1, 1, TRUE, FALSE},
/**
* payload order for CREATE_CHILD_SA from responder.
*/
-static payload_order_t create_child_sa_r_payload_order[] = {
+static payload_order_t create_child_sa_r_order[] = {
/* payload type notify type */
{NOTIFY, IPCOMP_SUPPORTED},
{NOTIFY, USE_TRANSPORT_MODE},
/**
* Message rule for ME_CONNECT from initiator.
*/
-static payload_rule_t me_connect_i_payload_rules[] = {
+static payload_rule_t me_connect_i_rules[] = {
/* payload type min max encr suff */
{NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, TRUE},
{ID_PEER, 1, 1, TRUE, FALSE},
/**
* payload order for ME_CONNECT from initiator.
*/
-static payload_order_t me_connect_i_payload_order[] = {
+static payload_order_t me_connect_i_order[] = {
/* payload type notify type */
{NOTIFY, 0},
{ID_PEER, 0},
/**
* Message rule for ME_CONNECT from responder.
*/
-static payload_rule_t me_connect_r_payload_rules[] = {
+static payload_rule_t me_connect_r_rules[] = {
/* payload type min max encr suff */
{NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, TRUE},
{VENDOR_ID, 0, 10, TRUE, FALSE}
/**
* payload order for ME_CONNECT from responder.
*/
-static payload_order_t me_connect_r_payload_order[] = {
+static payload_order_t me_connect_r_order[] = {
/* payload type notify type */
{NOTIFY, 0},
{VENDOR_ID, 0},
*/
static message_rule_t message_rules[] = {
{IKE_SA_INIT, TRUE, FALSE,
- (sizeof(ike_sa_init_i_payload_rules)/sizeof(payload_rule_t)),
- ike_sa_init_i_payload_rules,
- (sizeof(ike_sa_init_i_payload_order)/sizeof(payload_order_t)),
- ike_sa_init_i_payload_order,
+ countof(ike_sa_init_i_rules), ike_sa_init_i_rules,
+ countof(ike_sa_init_i_order), ike_sa_init_i_order,
},
{IKE_SA_INIT, FALSE, FALSE,
- (sizeof(ike_sa_init_r_payload_rules)/sizeof(payload_rule_t)),
- ike_sa_init_r_payload_rules,
- (sizeof(ike_sa_init_r_payload_order)/sizeof(payload_order_t)),
- ike_sa_init_r_payload_order,
+ countof(ike_sa_init_r_rules), ike_sa_init_r_rules,
+ countof(ike_sa_init_r_order), ike_sa_init_r_order,
},
{IKE_AUTH, TRUE, TRUE,
- (sizeof(ike_auth_i_payload_rules)/sizeof(payload_rule_t)),
- ike_auth_i_payload_rules,
- (sizeof(ike_auth_i_payload_order)/sizeof(payload_order_t)),
- ike_auth_i_payload_order,
+ countof(ike_auth_i_rules), ike_auth_i_rules,
+ countof(ike_auth_i_order), ike_auth_i_order,
},
{IKE_AUTH, FALSE, TRUE,
- (sizeof(ike_auth_r_payload_rules)/sizeof(payload_rule_t)),
- ike_auth_r_payload_rules,
- (sizeof(ike_auth_r_payload_order)/sizeof(payload_order_t)),
- ike_auth_r_payload_order,
+ countof(ike_auth_r_rules), ike_auth_r_rules,
+ countof(ike_auth_r_order), ike_auth_r_order,
},
{INFORMATIONAL, TRUE, TRUE,
- (sizeof(informational_i_payload_rules)/sizeof(payload_rule_t)),
- informational_i_payload_rules,
- (sizeof(informational_i_payload_order)/sizeof(payload_order_t)),
- informational_i_payload_order,
+ countof(informational_i_rules), informational_i_rules,
+ countof(informational_i_order), informational_i_order,
},
{INFORMATIONAL, FALSE, TRUE,
- (sizeof(informational_r_payload_rules)/sizeof(payload_rule_t)),
- informational_r_payload_rules,
- (sizeof(informational_r_payload_order)/sizeof(payload_order_t)),
- informational_r_payload_order,
+ countof(informational_r_rules), informational_r_rules,
+ countof(informational_r_order), informational_r_order,
},
{CREATE_CHILD_SA, TRUE, TRUE,
- (sizeof(create_child_sa_i_payload_rules)/sizeof(payload_rule_t)),
- create_child_sa_i_payload_rules,
- (sizeof(create_child_sa_i_payload_order)/sizeof(payload_order_t)),
- create_child_sa_i_payload_order,
+ countof(create_child_sa_i_rules), create_child_sa_i_rules,
+ countof(create_child_sa_i_order), create_child_sa_i_order,
},
{CREATE_CHILD_SA, FALSE, TRUE,
- (sizeof(create_child_sa_r_payload_rules)/sizeof(payload_rule_t)),
- create_child_sa_r_payload_rules,
- (sizeof(create_child_sa_r_payload_order)/sizeof(payload_order_t)),
- create_child_sa_r_payload_order,
+ countof(create_child_sa_r_rules), create_child_sa_r_rules,
+ countof(create_child_sa_r_order), create_child_sa_r_order,
},
#ifdef ME
{ME_CONNECT, TRUE, TRUE,
- (sizeof(me_connect_i_payload_rules)/sizeof(payload_rule_t)),
- me_connect_i_payload_rules,
- (sizeof(me_connect_i_payload_order)/sizeof(payload_order_t)),
- me_connect_i_payload_order,
+ countof(me_connect_i_rules), me_connect_i_rules,
+ countof(me_connect_i_order), me_connect_i_order,
},
{ME_CONNECT, FALSE, TRUE,
- (sizeof(me_connect_r_payload_rules)/sizeof(payload_rule_t)),
- me_connect_r_payload_rules,
- (sizeof(me_connect_r_payload_order)/sizeof(payload_order_t)),
- me_connect_r_payload_order,
+ countof(me_connect_r_rules), me_connect_r_rules,
+ countof(me_connect_r_order), me_connect_r_order,
},
#endif /* ME */
};
/**
* The message rule for this message instance
*/
- message_rule_t *message_rule;
+ message_rule_t *rule;
};
/**
- * Set the message rule that applies to this message
+ * Get the message rule that applies to this message
*/
-static status_t set_message_rule(private_message_t *this)
+static message_rule_t* get_message_rule(private_message_t *this)
{
int i;
- for (i = 0; i < (sizeof(message_rules) / sizeof(message_rule_t)); i++)
+ for (i = 0; i < countof(message_rules); i++)
{
if ((this->exchange_type == message_rules[i].exchange_type) &&
(this->is_request == message_rules[i].is_request))
{
- /* found rule for given exchange_type*/
- this->message_rule = &(message_rules[i]);
- return SUCCESS;
+ return &message_rules[i];
}
}
- this->message_rule = NULL;
- return NOT_FOUND;
+ return NULL;
}
/**
* Look up a payload rule
*/
-static status_t get_payload_rule(private_message_t *this,
- payload_type_t payload_type, payload_rule_t **payload_rule)
+static payload_rule_t* get_payload_rule(private_message_t *this,
+ payload_type_t type)
{
int i;
- for (i = 0; i < this->message_rule->payload_rule_count;i++)
+ for (i = 0; i < this->rule->rule_count;i++)
{
- if (this->message_rule->payload_rules[i].payload_type == payload_type)
+ if (this->rule->rules[i].type == type)
{
- *payload_rule = &(this->message_rule->payload_rules[i]);
- return SUCCESS;
+ return &this->rule->rules[i];
}
}
-
- *payload_rule = NULL;
- return NOT_FOUND;
+ return NULL;
}
METHOD(message_t, set_ike_sa_id, void,
list->insert_first(list, payload);
}
/* for each rule, ... */
- for (i = 0; i < this->message_rule->payload_order_count; i++)
+ for (i = 0; i < this->rule->order_count; i++)
{
enumerator_t *enumerator;
notify_payload_t *notify;
- payload_order_t order = this->message_rule->payload_order[i];
+ payload_order_t order;
+
+ order = this->rule->order[i];
/* ... find all payload ... */
enumerator = list->create_enumerator(list);
{
DBG1(DBG_ENC, "payload %N has no ordering rule in %N %s",
payload_type_names, payload->get_type(payload),
- exchange_type_names, this->message_rule->exchange_type,
- this->message_rule->is_request ? "request" : "response");
+ exchange_type_names, this->rule->exchange_type,
+ this->rule->is_request ? "request" : "response");
}
add_payload(this, payload);
}
}
/**
- * Encrypt payload to an encryption payload
+ * Wrap payloads in a encryption payload, if required
*/
-static status_t encrypt_payloads(private_message_t *this,
- crypter_t *crypter, signer_t* signer)
+static encryption_payload_t* wrap_payloads(private_message_t *this)
{
encryption_payload_t *encryption;
linked_list_t *payloads;
payload_t *current;
- status_t status;
-
- if (!this->message_rule->encrypted_content)
- {
- DBG2(DBG_ENC, "message doesn't have to be encrypted");
- /* message contains no content to encrypt */
- return SUCCESS;
- }
- if (!crypter || !signer)
+ if (!this->rule->encrypted)
{
- DBG2(DBG_ENC, "no crypter or signer specified, do not encrypt message");
- /* message contains no content to encrypt */
- return SUCCESS;
+ DBG2(DBG_ENC, "not encrypting payloads");
+ return NULL;
}
- DBG2(DBG_ENC, "copy all payloads to a temporary list");
+ /* copy all payloads in a temporary list */
payloads = linked_list_create();
-
- /* first copy all payloads in a temporary list */
- while (this->payloads->get_count(this->payloads) > 0)
+ while (this->payloads->remove_first(this->payloads,
+ (void**)¤t) == SUCCESS)
{
- this->payloads->remove_first(this->payloads, (void**)¤t);
payloads->insert_last(payloads, current);
}
encryption = encryption_payload_create();
-
- DBG2(DBG_ENC, "check each payloads if they have to get encrypted");
- while (payloads->get_count(payloads) > 0)
+ while (payloads->remove_first(payloads, (void**)¤t) == SUCCESS)
{
payload_rule_t *rule;
payload_type_t type;
- bool to_encrypt = TRUE;
-
- payloads->remove_first(payloads, (void**)¤t);
+ bool encrypt = TRUE;
type = current->get_type(current);
- if (get_payload_rule(this, type, &rule) == SUCCESS)
+ rule = get_payload_rule(this, type);
+ if (rule)
{
- to_encrypt = rule->encrypted;
+ encrypt = rule->encrypted;
}
- if (to_encrypt)
+ if (encrypt)
{
DBG2(DBG_ENC, "insert payload %N to encryption payload",
- payload_type_names, current->get_type(current));
+ payload_type_names, type);
encryption->add_payload(encryption, current);
}
else
{
DBG2(DBG_ENC, "insert payload %N unencrypted",
- payload_type_names, current->get_type(current));
- add_payload(this, (payload_t*)current);
+ payload_type_names, type);
+ add_payload(this, current);
}
}
-
- DBG2(DBG_ENC, "encrypting encryption payload");
- encryption->set_transforms(encryption, crypter, signer);
- status = encryption->encrypt(encryption);
- DBG2(DBG_ENC, "add encrypted payload to payload list");
- add_payload(this, (payload_t*)encryption);
-
payloads->destroy(payloads);
- return status;
+ return encryption;
}
METHOD(message_t, generate, status_t,
- private_message_t *this, crypter_t *crypter, signer_t* signer,
- packet_t **packet)
+ private_message_t *this, aead_t *aead, packet_t **packet)
{
generator_t *generator;
ike_header_t *ike_header;
- payload_t *payload, *next_payload;
+ payload_t *payload, *next;
+ encryption_payload_t *encryption;
enumerator_t *enumerator;
- status_t status;
- chunk_t packet_data;
+ chunk_t chunk;
char str[256];
+ u_int32_t *lenpos;
if (is_encoded(this))
- {
- /* already generated, return a new packet clone */
+ { /* already generated, return a new packet clone */
*packet = this->packet->clone(this->packet);
return SUCCESS;
}
if (this->packet->get_source(this->packet) == NULL ||
this->packet->get_destination(this->packet) == NULL)
{
- DBG1(DBG_ENC, "%s not defined",
- !this->packet->get_source(this->packet) ? "source" : "destination");
+ DBG1(DBG_ENC, "source/destination not defined");
return INVALID_STATE;
}
- /* set the rules for this messge */
- status = set_message_rule(this);
- if (status != SUCCESS)
+ this->rule = get_message_rule(this);
+ if (!this->rule)
{
DBG1(DBG_ENC, "no message rules specified for this message type");
return NOT_SUPPORTED;
DBG1(DBG_ENC, "generating %s", get_string(this, str, sizeof(str)));
- /* going to encrypt all content which have to be encrypted */
- status = encrypt_payloads(this, crypter, signer);
- if (status != SUCCESS)
- {
- DBG1(DBG_ENC, "payload encryption failed");
- return status;
- }
+ encryption = wrap_payloads(this);
- /* build ike header */
ike_header = ike_header_create();
-
ike_header->set_exchange_type(ike_header, this->exchange_type);
ike_header->set_message_id(ike_header, this->message_id);
ike_header->set_response_flag(ike_header, !this->is_request);
generator = generator_create();
+ /* generate all payloads with proper next type */
payload = (payload_t*)ike_header;
-
- /* generate every payload expect last one, this is done later*/
enumerator = create_payload_enumerator(this);
- while (enumerator->enumerate(enumerator, &next_payload))
+ while (enumerator->enumerate(enumerator, &next))
{
- payload->set_next_type(payload, next_payload->get_type(next_payload));
+ payload->set_next_type(payload, next->get_type(next));
generator->generate_payload(generator, payload);
- payload = next_payload;
+ payload = next;
}
enumerator->destroy(enumerator);
-
- /* last payload has no next payload*/
- payload->set_next_type(payload, NO_PAYLOAD);
-
+ payload->set_next_type(payload, encryption ? ENCRYPTED : NO_PAYLOAD);
generator->generate_payload(generator, payload);
-
ike_header->destroy(ike_header);
- /* build packet */
- generator->write_to_chunk(generator, &packet_data);
- generator->destroy(generator);
-
- /* if last payload is of type encrypted, integrity checksum if necessary */
- if (payload->get_type(payload) == ENCRYPTED)
+ if (encryption)
{
- DBG2(DBG_ENC, "build signature on whole message");
- encryption_payload_t *encryption_payload = (encryption_payload_t*)payload;
- status = encryption_payload->build_signature(encryption_payload, packet_data);
- if (status != SUCCESS)
+ u_int32_t *lenpos;
+
+ /* build associated data (without header of encryption payload) */
+ chunk = generator->get_chunk(generator, &lenpos);
+ encryption->set_transform(encryption, aead);
+ /* fill in length, including encryption payload */
+ htoun32(lenpos, chunk.len + encryption->get_length(encryption));
+
+ this->payloads->insert_last(this->payloads, encryption);
+ if (!encryption->encrypt(encryption, chunk))
{
- return status;
+ generator->destroy(generator);
+ return INVALID_STATE;
}
+ generator->generate_payload(generator, &encryption->payload_interface);
}
+ chunk = generator->get_chunk(generator, &lenpos);
+ htoun32(lenpos, chunk.len);
+ this->packet->set_data(this->packet, chunk_clone(chunk));
+ generator->destroy(generator);
- this->packet->set_data(this->packet, packet_data);
-
- /* clone packet for caller */
*packet = this->packet->clone(this->packet);
-
- DBG2(DBG_ENC, "message generated successfully");
return SUCCESS;
}
}
- /* verify payload */
status = ike_header->payload_interface.verify(
&ike_header->payload_interface);
if (status != SUCCESS)
return status;
}
- if (this->ike_sa_id != NULL)
- {
- this->ike_sa_id->destroy(this->ike_sa_id);
- }
-
+ DESTROY_IF(this->ike_sa_id);
this->ike_sa_id = ike_sa_id_create(ike_header->get_initiator_spi(ike_header),
ike_header->get_responder_spi(ike_header),
ike_header->get_initiator_flag(ike_header));
this->exchange_type = ike_header->get_exchange_type(ike_header);
this->message_id = ike_header->get_message_id(ike_header);
- this->is_request = (!(ike_header->get_response_flag(ike_header)));
+ this->is_request = !ike_header->get_response_flag(ike_header);
this->major_version = ike_header->get_maj_version(ike_header);
this->minor_version = ike_header->get_min_version(ike_header);
this->first_payload = ike_header->payload_interface.get_next_type(
ike_header->destroy(ike_header);
- /* get the rules for this messge */
- status = set_message_rule(this);
- if (status != SUCCESS)
+ this->rule = get_message_rule(this);
+ if (!this->rule)
{
DBG1(DBG_ENC, "no message rules specified for a %N %s",
exchange_type_names, this->exchange_type,
this->is_request ? "request" : "response");
}
-
return status;
}
/**
* Decrypt payload from the encryption payload
*/
-static status_t decrypt_payloads(private_message_t *this,
- crypter_t *crypter, signer_t* signer)
+static status_t decrypt_payloads(private_message_t *this, aead_t *aead)
{
- bool current_payload_was_encrypted = FALSE;
- payload_t *previous_payload = NULL;
- int payload_number = 1;
- iterator_t *iterator;
- payload_t *current_payload;
- status_t status;
-
- iterator = this->payloads->create_iterator(this->payloads,TRUE);
+ bool was_encrypted = FALSE;
+ payload_t *payload, *previous = NULL;
+ enumerator_t *enumerator;
+ payload_rule_t *rule;
+ payload_type_t type;
+ status_t status = SUCCESS;
- /* process each payload and decrypt a encryption payload */
- while(iterator->iterate(iterator, (void**)¤t_payload))
+ enumerator = this->payloads->create_enumerator(this->payloads);
+ while (enumerator->enumerate(enumerator, &payload))
{
- payload_rule_t *payload_rule;
- payload_type_t current_payload_type;
+ type = payload->get_type(payload);
- /* needed to check */
- current_payload_type = current_payload->get_type(current_payload);
+ DBG2(DBG_ENC, "process payload of type %N", payload_type_names, type);
- DBG2(DBG_ENC, "process payload of type %N",
- payload_type_names, current_payload_type);
-
- if (current_payload_type == ENCRYPTED)
+ if (type == ENCRYPTED)
{
- encryption_payload_t *encryption_payload;
- payload_t *current_encrypted_payload;
+ encryption_payload_t *encryption;
+ payload_t *encrypted;
+ chunk_t chunk;
- encryption_payload = (encryption_payload_t*)current_payload;
+ encryption = (encryption_payload_t*)payload;
DBG2(DBG_ENC, "found an encryption payload");
- if (payload_number != this->payloads->get_count(this->payloads))
+ if (enumerator->enumerate(enumerator, &payload))
{
- /* encrypted payload is not last one */
DBG1(DBG_ENC, "encrypted payload is not last payload");
- iterator->destroy(iterator);
- return VERIFY_ERROR;
- }
- /* decrypt */
- encryption_payload->set_transforms(encryption_payload,
- crypter, signer);
- DBG2(DBG_ENC, "verify signature of encryption payload");
- status = encryption_payload->verify_signature(encryption_payload,
- this->packet->get_data(this->packet));
- if (status != SUCCESS)
- {
- DBG1(DBG_ENC, "encryption payload signature invalid");
- iterator->destroy(iterator);
- return FAILED;
- }
- DBG2(DBG_ENC, "decrypting content of encryption payload");
- status = encryption_payload->decrypt(encryption_payload);
- if (status != SUCCESS)
- {
- DBG1(DBG_ENC, "encrypted payload could not be decrypted and parsed");
- iterator->destroy(iterator);
- return PARSE_ERROR;
+ status = VERIFY_ERROR;
+ break;
}
-
- /* needed later to find out if a payload was encrypted */
- current_payload_was_encrypted = TRUE;
-
- /* check if there are payloads contained in the encryption payload */
- if (encryption_payload->get_payload_count(encryption_payload) == 0)
+ encryption->set_transform(encryption, aead);
+ chunk = this->packet->get_data(this->packet);
+ if (chunk.len < encryption->get_length(encryption))
{
- DBG2(DBG_ENC, "encrypted payload is empty");
- /* remove the encryption payload, is not needed anymore */
- iterator->remove(iterator);
- /* encrypted payload contains no other payload */
- current_payload_type = NO_PAYLOAD;
+ DBG1(DBG_ENC, "invalid payload length");
+ status = VERIFY_ERROR;
+ break;
}
- else
+ chunk.len -= encryption->get_length(encryption);
+ if (!encryption->decrypt(encryption, chunk))
{
- /* encryption_payload is replaced with first payload contained
- * in encryption_payload */
- encryption_payload->remove_first_payload(encryption_payload,
- ¤t_encrypted_payload);
- iterator->replace(iterator, NULL,
- (void *)current_encrypted_payload);
- current_payload_type = current_encrypted_payload->get_type(
- current_encrypted_payload);
+ status = VERIFY_ERROR;
+ break;
}
- /* is the current paylad the first in the message? */
- if (previous_payload == NULL)
- {
- /* yes, set the first payload type of the message to the
- * current type */
- this->first_payload = current_payload_type;
- }
- else
- {
- /* no, set the next_type of the previous payload to the
- * current type */
- previous_payload->set_next_type(previous_payload,
- current_payload_type);
- }
+ was_encrypted = TRUE;
+ this->payloads->remove_at(this->payloads, enumerator);
- /* all encrypted payloads are added to the payload list */
- while (encryption_payload->get_payload_count(encryption_payload) > 0)
+ while ((encrypted = encryption->remove_payload(encryption)))
{
- encryption_payload->remove_first_payload(encryption_payload,
- ¤t_encrypted_payload);
- DBG2(DBG_ENC, "insert unencrypted payload of type "
- "%N at end of list", payload_type_names,
- current_encrypted_payload->get_type(
- current_encrypted_payload));
- this->payloads->insert_last(this->payloads,
- current_encrypted_payload);
+ type = encrypted->get_type(encrypted);
+ if (previous)
+ {
+ previous->set_next_type(previous, type);
+ }
+ else
+ {
+ this->first_payload = type;
+ }
+ DBG2(DBG_ENC, "insert decrypted payload of type "
+ "%N at end of list", payload_type_names, type);
+ this->payloads->insert_last(this->payloads, encrypted);
+ previous = encrypted;
}
-
- /* encryption payload is processed, payloads are moved. Destroy it. */
- encryption_payload->destroy(encryption_payload);
+ encryption->destroy(encryption);
}
-
- /* we allow unknown payloads of any type and don't bother if it was
- * encrypted. Not our problem. */
- if (current_payload_type != UNKNOWN_PAYLOAD &&
- current_payload_type != NO_PAYLOAD)
+ if (type != UNKNOWN_PAYLOAD && !was_encrypted)
{
- /* get the ruleset for found payload */
- status = get_payload_rule(this, current_payload_type, &payload_rule);
- if (status != SUCCESS)
+ rule = get_payload_rule(this, type);
+ if (!rule || rule->encrypted)
{
- /* payload is not allowed */
- DBG1(DBG_ENC, "payload type %N not allowed",
- payload_type_names, current_payload_type);
- iterator->destroy(iterator);
- return VERIFY_ERROR;
- }
-
- /* check if the payload was encrypted, and if it should been have
- * encrypted */
- if (payload_rule->encrypted != current_payload_was_encrypted)
- {
- /* payload was not encrypted, but should have been.
- * or vice-versa */
- DBG1(DBG_ENC, "payload type %N should be %s!",
- payload_type_names, current_payload_type,
- (payload_rule->encrypted) ? "encrypted" : "not encrypted");
- iterator->destroy(iterator);
- return VERIFY_ERROR;
+ DBG1(DBG_ENC, "payload type %N was not encrypted",
+ payload_type_names, type);
+ status = VERIFY_ERROR;
+ break;
}
}
- /* advance to the next payload */
- payload_number++;
- /* is stored to set next payload in case of found encryption payload */
- previous_payload = current_payload;
+ previous = payload;
}
- iterator->destroy(iterator);
- return SUCCESS;
+ enumerator->destroy(enumerator);
+ return status;
}
/**
static status_t verify(private_message_t *this)
{
int i;
- enumerator_t *enumerator;
- payload_t *current_payload;
- size_t total_found_payloads = 0;
DBG2(DBG_ENC, "verifying message structure");
/* check for payloads with wrong count*/
- for (i = 0; i < this->message_rule->payload_rule_count; i++)
+ for (i = 0; i < this->rule->rule_count; i++)
{
- size_t found_payloads = 0;
+ enumerator_t *enumerator;
+ payload_t *payload;
payload_rule_t *rule;
+ int found = 0;
- rule = &this->message_rule->payload_rules[i];
+ rule = &this->rule->rules[i];
enumerator = create_payload_enumerator(this);
-
- /* check all payloads for specific rule */
- while (enumerator->enumerate(enumerator, ¤t_payload))
+ while (enumerator->enumerate(enumerator, &payload))
{
- payload_type_t current_payload_type;
- unknown_payload_t *unknown_payload;
+ payload_type_t type;
+ unknown_payload_t *unknown;
- current_payload_type = current_payload->get_type(current_payload);
- if (current_payload_type == UNKNOWN_PAYLOAD)
+ type = payload->get_type(payload);
+ if (type == UNKNOWN_PAYLOAD)
{
- /* unknown payloads are ignored, IF they are not critical */
- unknown_payload = (unknown_payload_t*)current_payload;
- if (unknown_payload->is_critical(unknown_payload))
+ /* unknown payloads are ignored if they are not critical */
+ unknown = (unknown_payload_t*)payload;
+ if (unknown->is_critical(unknown))
{
DBG1(DBG_ENC, "%N is not supported, but its critical!",
- payload_type_names, current_payload_type);
+ payload_type_names, type);
enumerator->destroy(enumerator);
return NOT_SUPPORTED;
}
}
- else if (current_payload_type == rule->payload_type)
+ else if (type == rule->type)
{
- found_payloads++;
- total_found_payloads++;
- DBG2(DBG_ENC, "found payload of type %N", payload_type_names,
- rule->payload_type);
-
- /* as soon as ohe payload occures more then specified,
- * the verification fails */
- if (found_payloads >
- rule->max_occurence)
+ found++;
+ DBG2(DBG_ENC, "found payload of type %N",
+ payload_type_names, type);
+ if (found > rule->max_occurence)
{
DBG1(DBG_ENC, "payload of type %N more than %d times (%d) "
"occured in current message", payload_type_names,
- current_payload_type, rule->max_occurence,
- found_payloads);
+ type, rule->max_occurence, found);
enumerator->destroy(enumerator);
return VERIFY_ERROR;
}
}
enumerator->destroy(enumerator);
- if (found_payloads < rule->min_occurence)
+ if (found < rule->min_occurence)
{
DBG1(DBG_ENC, "payload of type %N not occured %d times (%d)",
- payload_type_names, rule->payload_type, rule->min_occurence,
- found_payloads);
+ payload_type_names, rule->type, rule->min_occurence, found);
return VERIFY_ERROR;
}
if (rule->sufficient)
}
METHOD(message_t, parse_body, status_t,
- private_message_t *this, crypter_t *crypter, signer_t *signer)
+ private_message_t *this, aead_t *aead)
{
status_t status = SUCCESS;
- payload_type_t current_payload_type;
+ payload_t *payload;
+ payload_type_t type;
char str[256];
- current_payload_type = this->first_payload;
+ type = this->first_payload;
DBG2(DBG_ENC, "parsing body of message, first payload is %N",
- payload_type_names, current_payload_type);
+ payload_type_names, type);
- /* parse payload for payload, while there are more available */
- while ((current_payload_type != NO_PAYLOAD))
+ while (type != NO_PAYLOAD)
{
- payload_t *current_payload;
-
DBG2(DBG_ENC, "starting parsing a %N payload",
- payload_type_names, current_payload_type);
+ payload_type_names, type);
- /* parse current payload */
- status = this->parser->parse_payload(this->parser, current_payload_type,
- (payload_t**)¤t_payload);
+ status = this->parser->parse_payload(this->parser, type, &payload);
if (status != SUCCESS)
{
DBG1(DBG_ENC, "payload type %N could not be parsed",
- payload_type_names, current_payload_type);
+ payload_type_names, type);
return PARSE_ERROR;
}
- DBG2(DBG_ENC, "verifying payload of type %N",
- payload_type_names, current_payload_type);
-
- /* verify it, stop parsig if its invalid */
- status = current_payload->verify(current_payload);
+ DBG2(DBG_ENC, "verifying payload of type %N", payload_type_names, type);
+ status = payload->verify(payload);
if (status != SUCCESS)
{
DBG1(DBG_ENC, "%N payload verification failed",
- payload_type_names, current_payload_type);
- current_payload->destroy(current_payload);
+ payload_type_names, type);
+ payload->destroy(payload);
return VERIFY_ERROR;
}
DBG2(DBG_ENC, "%N payload verified. Adding to payload list",
- payload_type_names, current_payload_type);
- this->payloads->insert_last(this->payloads,current_payload);
+ payload_type_names, type);
+ this->payloads->insert_last(this->payloads, payload);
/* an encryption payload is the last one, so STOP here. decryption is
* done later */
- if (current_payload_type == ENCRYPTED)
+ if (type == ENCRYPTED)
{
DBG2(DBG_ENC, "%N payload found. Stop parsing",
- payload_type_names, current_payload_type);
+ payload_type_names, type);
break;
}
-
- /* get next payload type */
- current_payload_type = current_payload->get_next_type(current_payload);
+ type = payload->get_next_type(payload);
}
- if (current_payload_type == ENCRYPTED)
+ if (type == ENCRYPTED)
{
- status = decrypt_payloads(this,crypter,signer);
+ status = decrypt_payloads(this, aead);
if (status != SUCCESS)
{
DBG1(DBG_ENC, "could not decrypt payloads");
#include <encoding/payloads/ike_header.h>
#include <encoding/payloads/notify_payload.h>
#include <utils/linked_list.h>
-#include <crypto/crypters/crypter.h>
-#include <crypto/signers/signer.h>
+#include <crypto/aead.h>
/**
* This class is used to represent an IKEv2-Message.
* The body gets not only parsed, but rather it gets verified.
* All payloads are verified if they are allowed to exist in the message
* of this type and if their own structure is ok.
- * If there are encrypted payloads, they get decrypted via the supplied
- * crypter. Also the message integrity gets verified with the supplied
- * signer.
- * Crypter/signer can be omitted (by passing NULL) when no encryption
- * payload is expected.
- *
- * @param crypter crypter to decrypt encryption payloads
- * @param signer signer to verifiy a message with an encryption payload
+ * If there are encrypted payloads, they get decrypted and verified using
+ * the given aead transform (if given).
+ *
+ * @param aead aead transform to verify/decrypt message
* @return
* - SUCCESS if parsing successful
* - NOT_SUPPORTED if ciritcal unknown payloads found
* - PARSE_ERROR if message parsing failed
* - VERIFY_ERROR if message verification failed (bad syntax)
* - FAILED if integrity check failed
- * - INVALID_STATE if crypter/signer not supplied, but needed
+ * - INVALID_STATE if aead not supplied, but needed
*/
- status_t (*parse_body) (message_t *this, crypter_t *crypter, signer_t *signer);
+ status_t (*parse_body) (message_t *this, aead_t *aead);
/**
* Generates the UDP packet of specific message.
*
* Payloads which must be encrypted are generated first and added to
- * an encryption payload. This encryption payload will get encrypted via
- * the supplied crypter. Then all other payloads and the header get generated.
- * After that, the checksum is added to the encryption payload over the full
- * message.
- * Crypter/signer can be omitted (by passing NULL) when no encryption
- * payload is expected.
- * Generation is only done once, multiple calls will just return a packet copy.
- *
- * @param crypter crypter to use when a payload must be encrypted
- * @param signer signer to build a mac
+ * an encryption payload. This encryption payload will get encrypted and
+ * signed via the supplied aead transform (if given).
+ * Generation is only done once, multiple calls will just return a copy
+ * of the packet.
+ *
+ * @param aead aead transform to encrypt/sign message
* @param packet copy of generated packet
* @return
* - SUCCESS if packet could be generated
* - INVALID_STATE if exchange type is currently not set
* - NOT_FOUND if no rules found for message generation
- * - INVALID_STATE if crypter/signer not supplied but needed.
+ * - INVALID_STATE if aead not supplied but needed.
*/
- status_t (*generate) (message_t *this, crypter_t *crypter, signer_t *signer, packet_t **packet);
+ status_t (*generate) (message_t *this, aead_t *aead, packet_t **packet);
/**
* Gets the source host informations.
/**
* Creates an message_t object from a incoming UDP Packet.
*
- * @warning the given packet_t object is not copied and gets
- * destroyed in message_t's destroy call.
- *
- * - exchange_type is set to NOT_SET
- * - original_initiator is set to TRUE
- * - is_request is set to TRUE
- * Call message_t.parse_header afterwards.
+ * The given packet gets owned by the message. The message is uninitialized,
+ * call parse_header() to populate header fields.
*
* @param packet packet_t object which is assigned to message
* @return message_t object
/*
- * Copyright (C) 2005-2006 Martin Willi
+ * Copyright (C) 2005-2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
* Copyright (C) 2005 Jan Hutter
* Hochschule fuer Technik Rapperswil
*
#include <utils/linked_list.h>
#include <encoding/generator.h>
#include <encoding/parser.h>
-#include <utils/iterator.h>
-#include <crypto/signers/signer.h>
-
typedef struct private_encryption_payload_t private_encryption_payload_t;
u_int8_t next_payload;
/**
- * Critical flag.
+ * Flags, including reserved bits
*/
- bool critical;
+ u_int8_t flags;
/**
* Length of this payload
u_int16_t payload_length;
/**
- * Chunk containing the iv, data, padding,
- * and (an eventually not calculated) signature.
+ * Chunk containing the IV, plain, padding and ICV.
*/
chunk_t encrypted;
/**
- * Chunk containing the data in decrypted (unpadded) form.
- */
- chunk_t decrypted;
-
- /**
- * Signer set by set_signer.
- */
- signer_t *signer;
-
- /**
- * Crypter, supplied by encrypt/decrypt
+ * AEAD transform to use
*/
- crypter_t *crypter;
+ aead_t *aead;
/**
- * Contained payloads of this encrpytion_payload.
+ * Contained payloads
*/
linked_list_t *payloads;
};
encoding_rule_t encryption_payload_encodings[] = {
/* 1 Byte next payload type, stored in the field next_payload */
{ U_INT_8, offsetof(private_encryption_payload_t, next_payload) },
- /* the critical bit */
- { FLAG, offsetof(private_encryption_payload_t, critical) },
- /* 7 Bit reserved bits, nowhere stored */
- { RESERVED_BIT, 0 },
- { RESERVED_BIT, 0 },
- { RESERVED_BIT, 0 },
- { RESERVED_BIT, 0 },
- { RESERVED_BIT, 0 },
- { RESERVED_BIT, 0 },
- { RESERVED_BIT, 0 },
+ /* Critical and 7 reserved bits, all stored for reconstruction */
+ { U_INT_8, offsetof(private_encryption_payload_t, flags) },
/* Length of the whole encryption payload*/
{ PAYLOAD_LENGTH, offsetof(private_encryption_payload_t, payload_length) },
/* encrypted data, stored in a chunk. contains iv, data, padding */
{
enumerator_t *enumerator;
payload_t *payload;
- size_t block_size, length = 0;
+ size_t bs, length = 0;
- enumerator = this->payloads->create_enumerator(this->payloads);
- while (enumerator->enumerate(enumerator, &payload))
+ if (this->encrypted.len)
{
- length += payload->get_length(payload);
+ length = this->encrypted.len;
}
- enumerator->destroy(enumerator);
-
- if (this->crypter && this->signer)
+ else
{
- /* append one byte for padding length */
- length++;
- /* append padding */
- block_size = this->crypter->get_block_size(this->crypter);
- length += block_size - length % block_size;
- /* add iv */
- length += this->crypter->get_iv_size(this->crypter);
- /* add signature */
- length += this->signer->get_block_size(this->signer);
+ enumerator = this->payloads->create_enumerator(this->payloads);
+ while (enumerator->enumerate(enumerator, &payload))
+ {
+ length += payload->get_length(payload);
+ }
+ enumerator->destroy(enumerator);
+
+ if (this->aead)
+ {
+ /* append padding */
+ bs = this->aead->get_block_size(this->aead);
+ length += bs - (length % bs);
+ /* add iv */
+ length += this->aead->get_iv_size(this->aead);
+ /* add icv */
+ length += this->aead->get_icv_size(this->aead);
+ }
}
length += ENCRYPTION_PAYLOAD_HEADER_LENGTH;
this->payload_length = length;
}
-METHOD(payload_t, get_length, size_t,
+METHOD2(payload_t, encryption_payload_t, get_length, size_t,
private_encryption_payload_t *this)
{
compute_length(this);
return this->payload_length;
}
-METHOD(encryption_payload_t, create_payload_iterator, iterator_t*,
- private_encryption_payload_t *this, bool forward)
-{
- return this->payloads->create_iterator(this->payloads, forward);
-}
-
METHOD(encryption_payload_t, add_payload, void,
private_encryption_payload_t *this, payload_t *payload)
{
compute_length(this);
}
-METHOD(encryption_payload_t, remove_first_payload, status_t,
- private_encryption_payload_t *this, payload_t **payload)
-{
- return this->payloads->remove_first(this->payloads, (void**)payload);
-}
-
-METHOD(encryption_payload_t, get_payload_count, size_t,
+METHOD(encryption_payload_t, remove_payload, payload_t *,
private_encryption_payload_t *this)
{
- return this->payloads->get_count(this->payloads);
+ payload_t *payload;
+
+ if (this->payloads->remove_first(this->payloads,
+ (void**)&payload) == SUCCESS)
+ {
+ return payload;
+ }
+ return NULL;
}
/**
- * Generate payload before encryption.
+ * Generate payload before encryption
*/
-static void generate(private_encryption_payload_t *this)
+static chunk_t generate(private_encryption_payload_t *this,
+ generator_t *generator)
{
payload_t *current, *next;
- generator_t *generator;
enumerator_t *enumerator;
-
- compute_length(this);
- chunk_free(&this->decrypted);
+ u_int32_t *lenpos;
+ chunk_t chunk = chunk_empty;
enumerator = this->payloads->create_enumerator(this->payloads);
if (enumerator->enumerate(enumerator, ¤t))
{
this->next_payload = current->get_type(current);
- generator = generator_create();
while (enumerator->enumerate(enumerator, &next))
{
current->set_next_type(current, next->get_type(next));
generator->generate_payload(generator, current);
current = next;
}
- enumerator->destroy(enumerator);
current->set_next_type(current, NO_PAYLOAD);
generator->generate_payload(generator, current);
- generator->write_to_chunk(generator, &this->decrypted);
- generator->destroy(generator);
+ chunk = generator->get_chunk(generator, &lenpos);
DBG2(DBG_ENC, "generated content in encryption payload");
}
- else
- {
- DBG2(DBG_ENC, "generating contained payloads, but none available");
- }
enumerator->destroy(enumerator);
+ return chunk;
}
-METHOD(encryption_payload_t, encrypt, status_t,
- private_encryption_payload_t *this)
+/**
+ * Append the encryption payload header to the associated data
+ */
+static chunk_t append_header(private_encryption_payload_t *this, chunk_t assoc)
+{
+ struct {
+ u_int8_t next_payload;
+ u_int8_t flags;
+ u_int16_t length;
+ } __attribute__((packed)) header = {
+ .next_payload = this->next_payload,
+ .flags = this->flags,
+ .length = htons(get_length(this)),
+ };
+ return chunk_cat("cc", assoc, chunk_from_thing(header));
+}
+
+METHOD(encryption_payload_t, encrypt, bool,
+ private_encryption_payload_t *this, chunk_t assoc)
{
- chunk_t iv, padding, to_crypt, result;
+ chunk_t iv, plain, padding, icv, crypt;
+ generator_t *generator;
rng_t *rng;
- size_t block_size;
+ size_t bs;
- if (this->signer == NULL || this->crypter == NULL)
+ if (this->aead == NULL)
{
- DBG1(DBG_ENC, "could not encrypt, signer/crypter not set");
- return INVALID_STATE;
+ DBG1(DBG_ENC, "encrypting encryption payload failed, transform missing");
+ return FALSE;
}
- /* for random data in iv and padding */
rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
if (!rng)
{
- DBG1(DBG_ENC, "could not encrypt, no RNG found");
- return FAILED;
+ DBG1(DBG_ENC, "encrypting encryption payload failed, no RNG found");
+ return FALSE;
}
- /* build payload chunk */
- generate(this);
-
- DBG2(DBG_ENC, "encrypting payloads");
- DBG3(DBG_ENC, "data to encrypt %B", &this->decrypted);
-
- /* build padding */
- block_size = this->crypter->get_block_size(this->crypter);
- padding.len = block_size - ((this->decrypted.len + 1) % block_size);
- rng->allocate_bytes(rng, padding.len, &padding);
-
- /* concatenate payload data, padding, padding len */
- to_crypt.len = this->decrypted.len + padding.len + 1;
- to_crypt.ptr = malloc(to_crypt.len);
-
- memcpy(to_crypt.ptr, this->decrypted.ptr, this->decrypted.len);
- memcpy(to_crypt.ptr + this->decrypted.len, padding.ptr, padding.len);
- *(to_crypt.ptr + to_crypt.len - 1) = padding.len;
- /* build iv */
- iv.len = this->crypter->get_iv_size(this->crypter);
- rng->allocate_bytes(rng, iv.len, &iv);
- rng->destroy(rng);
-
- DBG3(DBG_ENC, "data before encryption with padding %B", &to_crypt);
-
- /* encrypt to_crypt chunk */
+ assoc = append_header(this, assoc);
+
+ generator = generator_create();
+ plain = generate(this, generator);
+ bs = this->aead->get_block_size(this->aead);
+ /* we need at least one byte padding to store the padding length */
+ padding.len = bs - (plain.len % bs);
+ iv.len = this->aead->get_iv_size(this->aead);
+ icv.len = this->aead->get_icv_size(this->aead);
+
+ /* prepare data to authenticate-encrypt:
+ * | IV | plain | padding | ICV |
+ * \____crypt______/ ^
+ * | /
+ * v /
+ * assoc -> + ------->/
+ */
free(this->encrypted.ptr);
- this->crypter->encrypt(this->crypter, to_crypt, iv, &result);
- free(padding.ptr);
- free(to_crypt.ptr);
+ this->encrypted = chunk_alloc(iv.len + plain.len + padding.len + icv.len);
+ iv.ptr = this->encrypted.ptr;
+ memcpy(iv.ptr + iv.len, plain.ptr, plain.len);
+ plain.ptr = iv.ptr + iv.len;
+ padding.ptr = plain.ptr + plain.len;
+ icv.ptr = padding.ptr + padding.len;
+ crypt = chunk_create(plain.ptr, plain.len + padding.len);
+ generator->destroy(generator);
+
+ rng->get_bytes(rng, iv.len, iv.ptr);
+ rng->get_bytes(rng, padding.len - 1, padding.ptr);
+ padding.ptr[padding.len - 1] = padding.len - 1;
+ rng->destroy(rng);
- DBG3(DBG_ENC, "data after encryption %B", &result);
+ DBG3(DBG_ENC, "encryption payload encryption:");
+ DBG3(DBG_ENC, "IV %B", &iv);
+ DBG3(DBG_ENC, "plain %B", &plain);
+ DBG3(DBG_ENC, "padding %B", &padding);
+ DBG3(DBG_ENC, "assoc %B", &assoc);
- /* build encrypted result with iv and signature */
- this->encrypted.len = iv.len + result.len + this->signer->get_block_size(this->signer);
- free(this->encrypted.ptr);
- this->encrypted.ptr = malloc(this->encrypted.len);
+ this->aead->encrypt(this->aead, crypt, assoc, iv, NULL);
- /* fill in result, signature is left out */
- memcpy(this->encrypted.ptr, iv.ptr, iv.len);
- memcpy(this->encrypted.ptr + iv.len, result.ptr, result.len);
+ DBG3(DBG_ENC, "encrypted %B", &crypt);
+ DBG3(DBG_ENC, "ICV %B", &icv);
- free(result.ptr);
- free(iv.ptr);
- DBG3(DBG_ENC, "data after encryption with IV and (invalid) signature %B",
- &this->encrypted);
+ free(assoc.ptr);
- return SUCCESS;
+ return TRUE;
}
/**
* Parse the payloads after decryption.
*/
-static status_t parse(private_encryption_payload_t *this)
+static status_t parse(private_encryption_payload_t *this, chunk_t plain)
{
parser_t *parser;
- status_t status;
payload_type_t type;
- parser = parser_create(this->decrypted);
+ parser = parser_create(plain);
type = this->next_payload;
while (type != NO_PAYLOAD)
{
payload_t *payload;
- status = parser->parse_payload(parser, type, &payload);
- if (status != SUCCESS)
+ if (parser->parse_payload(parser, type, &payload) != SUCCESS)
{
parser->destroy(parser);
- return PARSE_ERROR;
+ return FALSE;
}
- status = payload->verify(payload);
- if (status != SUCCESS)
+ if (payload->verify(payload) != SUCCESS)
{
DBG1(DBG_ENC, "%N verification failed",
payload_type_names, payload->get_type(payload));
payload->destroy(payload);
parser->destroy(parser);
- return VERIFY_ERROR;
+ return FALSE;
}
type = payload->get_next_type(payload);
this->payloads->insert_last(this->payloads, payload);
}
parser->destroy(parser);
DBG2(DBG_ENC, "parsed content of encryption payload");
- return SUCCESS;
+ return TRUE;
}
-METHOD(encryption_payload_t, decrypt, status_t,
- private_encryption_payload_t *this)
+METHOD(encryption_payload_t, decrypt, bool,
+ private_encryption_payload_t *this, chunk_t assoc)
{
- chunk_t iv, concatenated;
- u_int8_t padding_length;
-
- DBG2(DBG_ENC, "decrypting encryption payload");
- DBG3(DBG_ENC, "data before decryption with IV and (invalid) signature %B",
- &this->encrypted);
+ chunk_t iv, plain, padding, icv, crypt;
+ size_t bs;
- if (this->signer == NULL || this->crypter == NULL)
+ if (this->aead == NULL)
{
- DBG1(DBG_ENC, "could not decrypt, no crypter/signer set");
- return INVALID_STATE;
+ DBG1(DBG_ENC, "decrypting encryption payload failed, transform missing");
+ return FALSE;
}
- /* get IV */
- iv.len = this->crypter->get_iv_size(this->crypter);
- if (iv.len > this->encrypted.len)
- {
- DBG1(DBG_ENC, "could not decrypt, input too short");
- return FAILED;
- }
- iv.ptr = this->encrypted.ptr;
-
- /* point concatenated to data + padding + padding_length */
- concatenated.ptr = this->encrypted.ptr + iv.len;
- concatenated.len = this->encrypted.len - iv.len -
- this->signer->get_block_size(this->signer);
-
- /* concatenated must be a multiple of block_size of crypter */
- if (concatenated.len < iv.len ||
- concatenated.len % this->crypter->get_block_size(this->crypter))
- {
- DBG1(DBG_ENC, "could not decrypt, invalid input");
- return FAILED;
- }
-
- /* free previus data, if any */
- free(this->decrypted.ptr);
-
- DBG3(DBG_ENC, "data before decryption %B", &concatenated);
-
- this->crypter->decrypt(this->crypter, concatenated, iv, &this->decrypted);
-
- DBG3(DBG_ENC, "data after decryption with padding %B", &this->decrypted);
+ /* prepare data to authenticate-decrypt:
+ * | IV | plain | padding | ICV |
+ * \____crypt______/ ^
+ * | /
+ * v /
+ * assoc -> + ------->/
+ */
- /* get padding length, sits just bevore signature */
- padding_length = *(this->decrypted.ptr + this->decrypted.len - 1);
- /* add one byte to the padding length, since the padding_length field is
- * not included */
- padding_length++;
+ bs = this->aead->get_block_size(this->aead);
+ iv.len = this->aead->get_iv_size(this->aead);
+ iv.ptr = this->encrypted.ptr;
+ icv.len = this->aead->get_icv_size(this->aead);
+ icv.ptr = this->encrypted.ptr + this->encrypted.len - icv.len;
+ crypt.ptr = iv.ptr + iv.len;
+ crypt.len = this->encrypted.len - iv.len;
- /* check size again */
- if (padding_length > concatenated.len || padding_length > this->decrypted.len)
+ if (iv.len + icv.len > this->encrypted.len ||
+ (crypt.len - icv.len) % bs)
{
- DBG1(DBG_ENC, "decryption failed, invalid padding length found. Invalid key?");
- /* decryption failed :-/ */
- return FAILED;
+ DBG1(DBG_ENC, "decrypting encryption payload failed, invalid length");
+ return FALSE;
}
- this->decrypted.len -= padding_length;
- /* free padding */
- this->decrypted.ptr = realloc(this->decrypted.ptr, this->decrypted.len);
- DBG3(DBG_ENC, "data after decryption without padding %B", &this->decrypted);
- DBG2(DBG_ENC, "decryption successful, trying to parse content");
- return parse(this);
-}
+ assoc = append_header(this, assoc);
-METHOD(encryption_payload_t, set_transforms, void,
- private_encryption_payload_t *this, crypter_t* crypter, signer_t* signer)
-{
- this->signer = signer;
- this->crypter = crypter;
-}
-
-METHOD(encryption_payload_t, build_signature, status_t,
- private_encryption_payload_t *this, chunk_t data)
-{
- chunk_t data_without_sig = data;
- chunk_t sig;
+ DBG3(DBG_ENC, "encryption payload decryption:");
+ DBG3(DBG_ENC, "IV %B", &iv);
+ DBG3(DBG_ENC, "encrypted %B", &crypt);
+ DBG3(DBG_ENC, "ICV %B", &icv);
+ DBG3(DBG_ENC, "assoc %B", &assoc);
- if (this->signer == NULL)
+ if (!this->aead->decrypt(this->aead, crypt, assoc, iv, NULL))
{
- DBG1(DBG_ENC, "unable to build signature, no signer set");
- return INVALID_STATE;
+ DBG1(DBG_ENC, "verifying encryption payload integrity failed");
+ free(assoc.ptr);
+ return FALSE;
}
+ free(assoc.ptr);
- sig.len = this->signer->get_block_size(this->signer);
- data_without_sig.len -= sig.len;
- sig.ptr = data.ptr + data_without_sig.len;
- DBG2(DBG_ENC, "building signature");
- this->signer->get_signature(this->signer, data_without_sig, sig.ptr);
- return SUCCESS;
-}
-
-METHOD(encryption_payload_t, verify_signature, status_t,
- private_encryption_payload_t *this, chunk_t data)
-{
- chunk_t sig, data_without_sig;
- bool valid;
-
- if (this->signer == NULL)
+ plain = chunk_create(crypt.ptr, crypt.len - icv.len);
+ padding.len = plain.ptr[plain.len - 1] + 1;
+ if (padding.len >= plain.len)
{
- DBG1(DBG_ENC, "unable to verify signature, no signer set");
- return INVALID_STATE;
- }
- /* find signature in data chunk */
- sig.len = this->signer->get_block_size(this->signer);
- if (data.len <= sig.len)
- {
- DBG1(DBG_ENC, "unable to verify signature, invalid input");
+ DBG1(DBG_ENC, "decrypting encryption payload failed, "
+ "padding invalid %B", &crypt);
return FAILED;
}
- sig.ptr = data.ptr + data.len - sig.len;
+ plain.len -= padding.len;
+ padding.ptr = plain.ptr + plain.len;
- /* verify it */
- data_without_sig.len = data.len - sig.len;
- data_without_sig.ptr = data.ptr;
- valid = this->signer->verify_signature(this->signer, data_without_sig, sig);
+ DBG3(DBG_ENC, "plain %B", &plain);
+ DBG3(DBG_ENC, "padding %B", &padding);
- if (!valid)
- {
- DBG1(DBG_ENC, "signature verification failed");
- return FAILED;
- }
+ return parse(this, plain);
+}
- DBG2(DBG_ENC, "signature verification successful");
- return SUCCESS;
+METHOD(encryption_payload_t, set_transform, void,
+ private_encryption_payload_t *this, aead_t* aead)
+{
+ this->aead = aead;
}
METHOD2(payload_t, encryption_payload_t, destroy, void,
{
this->payloads->destroy_offset(this->payloads, offsetof(payload_t, destroy));
free(this->encrypted.ptr);
- free(this->decrypted.ptr);
free(this);
}
.get_type = _get_type,
.destroy = _destroy,
},
- .create_payload_iterator = _create_payload_iterator,
+ .get_length = _get_length,
.add_payload = _add_payload,
- .remove_first_payload = _remove_first_payload,
- .get_payload_count = _get_payload_count,
+ .remove_payload = _remove_payload,
+ .set_transform = _set_transform,
.encrypt = _encrypt,
.decrypt = _decrypt,
- .set_transforms = _set_transforms,
- .build_signature = _build_signature,
- .verify_signature = _verify_signature,
.destroy = _destroy,
},
.next_payload = NO_PAYLOAD,
/*
- * Copyright (C) 2005-2006 Martin Willi
+ * Copyright (C) 2005-2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
* Copyright (C) 2005 Jan Hutter
* Hochschule fuer Technik Rapperswil
*
typedef struct encryption_payload_t encryption_payload_t;
#include <library.h>
-#include <crypto/crypters/crypter.h>
-#include <crypto/signers/signer.h>
+#include <crypto/aead.h>
#include <encoding/payloads/payload.h>
-#include <utils/linked_list.h>
/**
* Encrpytion payload length in bytes without IV and following data.
*/
#define ENCRYPTION_PAYLOAD_HEADER_LENGTH 4
-
/**
* The encryption payload as described in RFC section 3.14.
- *
- * Before any crypt/decrypt/sign/verify operation can occur,
- * the transforms must be set. After that, a parsed encryption payload
- * can be decrypted, which also will parse the contained payloads.
- * Encryption is done the same way, added payloads will get generated
- * and then encrypted.
- * For signature building, there is the FULL packet needed. Meaning it
- * must be builded after generation of all payloads and the encryption
- * of the encryption payload.
- * Signature verificatin is done before decryption.
*/
struct encryption_payload_t {
+
/**
* Implements payload_t interface.
*/
payload_t payload_interface;
/**
- * Creates an iterator for all contained payloads.
+ * Get the payload length.
*
- * iterator_t object has to get destroyed by the caller.
- *
- * @param forward iterator direction (TRUE: front to end)
- * return created iterator_t object
+ * @return (expected) payload length
*/
- iterator_t *(*create_payload_iterator) (encryption_payload_t *this, bool forward);
+ size_t (*get_length)(encryption_payload_t *this);
/**
* Adds a payload to this encryption payload.
void (*add_payload) (encryption_payload_t *this, payload_t *payload);
/**
- * Reove the last payload in the contained payload list.
+ * Remove the first payload in the list
*
* @param payload removed payload
- * @return
- * - SUCCESS, or
- * - NOT_FOUND if list empty
- */
- status_t (*remove_first_payload) (encryption_payload_t *this, payload_t **payload);
-
- /**
- * Get the number of payloads.
- *
- * @return number of contained payloads
- */
- size_t (*get_payload_count) (encryption_payload_t *this);
-
- /**
- * Set transforms to use.
- *
- * To decryption, encryption, signature building and verifying,
- * the payload needs a crypter and a signer object.
- *
- * @warning Do NOT call this function again after encryption, since
- * the signer must be the same while encrypting and signature building!
- *
- * @param crypter crypter_t to use for data de-/encryption
- * @param signer signer_t to use for data signing/verifying
+ * @return payload, NULL if none left
*/
- void (*set_transforms) (encryption_payload_t *this, crypter_t *crypter, signer_t *signer);
+ payload_t* (*remove_payload)(encryption_payload_t *this);
/**
- * Generate and encrypt contained payloads.
+ * Set the AEAD transform to use.
*
- * This function generates the content for added payloads
- * and encrypts them. Signature is not built, since we need
- * additional data (the full message).
- *
- * @return SUCCESS, or INVALID_STATE if transforms not set
+ * @param aead aead transform to use
*/
- status_t (*encrypt) (encryption_payload_t *this);
+ void (*set_transform) (encryption_payload_t *this, aead_t *aead);
/**
- * Decrypt and parse contained payloads.
- *
- * This function decrypts the contained data. After,
- * the payloads are parsed internally and are accessible
- * via the iterator.
+ * Generate, encrypt and sign contained payloads.
*
- * @return
- * - SUCCESS, or
- * - INVALID_STATE if transforms not set, or
- * - FAILED if data is invalid
+ * @param assoc associated data
+ * @return TRUE if encrypted
*/
- status_t (*decrypt) (encryption_payload_t *this);
+ bool (*encrypt) (encryption_payload_t *this, chunk_t assoc);
/**
- * Build the signature.
- *
- * The signature is built over the FULL message, so the header
- * and every payload (inclusive this one) must already be generated.
- * The generated message is supplied via the data paramater.
- *
- * @param data chunk contains the already generated message
- * @return
- * - SUCCESS, or
- * - INVALID_STATE if transforms not set
- */
- status_t (*build_signature) (encryption_payload_t *this, chunk_t data);
-
- /**
- * Verify the signature.
- *
- * Since the signature is built over the full message, we need
- * this data to do the verification. The message data
- * is supplied via the data argument.
+ * Decrypt, verify and parse contained payloads.
*
- * @param data chunk contains the message
- * @return
- * - SUCCESS, or
- * - FAILED if signature invalid, or
- * - INVALID_STATE if transforms not set
+ * @param assoc associated data
+ * @return TRUE if decrypted and verified successfully
*/
- status_t (*verify_signature) (encryption_payload_t *this, chunk_t data);
+ bool (*decrypt) (encryption_payload_t *this, chunk_t assoc);
/**
* Destroys an encryption_payload_t object.
/**
* Creates an empty encryption_payload_t object.
*
- * @return encryption_payload_t object
+ * @return encryption_payload_t object
*/
encryption_payload_t *encryption_payload_create(void);
ike_sa_id->switch_initiator(ike_sa_id);
response->set_ike_sa_id(response, ike_sa_id);
response->add_notify(response, FALSE, type, data);
- if (response->generate(response, NULL, NULL, &packet) == SUCCESS)
+ if (response->generate(response, NULL, &packet) == SUCCESS)
{
charon->sender->send(charon->sender, packet);
response->destroy(response);
DBG2(DBG_IKE, "send ME_CONNECTAUTH %#B", &check->auth);
packet_t *packet;
- if (message->generate(message, NULL, NULL, &packet) == SUCCESS)
+ if (message->generate(message, NULL, &packet) == SUCCESS)
{
charon->sender->send(charon->sender, packet->clone(packet));
this->stats[STAT_OUTBOUND] = time_monotonic(NULL);
message->set_ike_sa_id(message, this->ike_sa_id);
return message->generate(message,
- this->keymat->get_crypter(this->keymat, FALSE),
- this->keymat->get_signer(this->keymat, FALSE), packet);
+ this->keymat->get_aead(this->keymat, FALSE), packet);
}
/**
is_request = message->get_request(message);
status = message->parse_body(message,
- this->keymat->get_crypter(this->keymat, TRUE),
- this->keymat->get_signer(this->keymat, TRUE));
+ this->keymat->get_aead(this->keymat, TRUE));
if (status != SUCCESS)
{
bool initiator;
/**
- * inbound signer (verify)
+ * inbound AEAD
*/
- signer_t *signer_in;
+ aead_t *aead_in;
/**
- * outbound signer (sign)
+ * outbound AEAD
*/
- signer_t *signer_out;
-
- /**
- * inbound crypter (decrypt)
- */
- crypter_t *crypter_in;
-
- /**
- * outbound crypter (encrypt)
- */
- crypter_t *crypter_out;
+ aead_t *aead_out;
/**
* General purpose PRF
return lib->crypto->create_dh(lib->crypto, group);;
}
+/**
+ * Derive IKE keys for a combined AEAD algorithm
+ */
+static bool derive_ike_aead(private_keymat_t *this, proposal_t *proposal,
+ prf_plus_t *prf_plus)
+{
+ return FALSE;
+}
+
+/**
+ * Derive IKE keys for traditional encryption and MAC algorithms
+ */
+static bool derive_ike_traditional(private_keymat_t *this, proposal_t *proposal,
+ prf_plus_t *prf_plus)
+{
+ crypter_t *crypter_i, *crypter_r;
+ signer_t *signer_i, *signer_r;
+ u_int16_t alg, key_size;
+ chunk_t key;
+
+ /* SK_ai/SK_ar used for integrity protection */
+ if (!proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM, &alg, NULL))
+ {
+ DBG1(DBG_IKE, "no %N selected",
+ transform_type_names, INTEGRITY_ALGORITHM);
+ return FALSE;
+ }
+ signer_i = lib->crypto->create_signer(lib->crypto, alg);
+ signer_r = lib->crypto->create_signer(lib->crypto, alg);
+ if (signer_i == NULL || signer_r == NULL)
+ {
+ DBG1(DBG_IKE, "%N %N not supported!",
+ transform_type_names, INTEGRITY_ALGORITHM,
+ integrity_algorithm_names ,alg);
+ return FALSE;
+ }
+ key_size = signer_i->get_key_size(signer_i);
+
+ prf_plus->allocate_bytes(prf_plus, key_size, &key);
+ DBG4(DBG_IKE, "Sk_ai secret %B", &key);
+ signer_i->set_key(signer_i, key);
+ chunk_clear(&key);
+
+ prf_plus->allocate_bytes(prf_plus, key_size, &key);
+ DBG4(DBG_IKE, "Sk_ar secret %B", &key);
+ signer_r->set_key(signer_r, key);
+ chunk_clear(&key);
+
+ /* SK_ei/SK_er used for encryption */
+ if (!proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &alg, &key_size))
+ {
+ DBG1(DBG_IKE, "no %N selected",
+ transform_type_names, ENCRYPTION_ALGORITHM);
+ signer_i->destroy(signer_i);
+ signer_r->destroy(signer_r);
+ return FALSE;
+ }
+ crypter_i = lib->crypto->create_crypter(lib->crypto, alg, key_size / 8);
+ crypter_r = lib->crypto->create_crypter(lib->crypto, alg, key_size / 8);
+ if (crypter_i == NULL || crypter_r == NULL)
+ {
+ DBG1(DBG_IKE, "%N %N (key size %d) not supported!",
+ transform_type_names, ENCRYPTION_ALGORITHM,
+ encryption_algorithm_names, alg, key_size);
+ signer_i->destroy(signer_i);
+ signer_r->destroy(signer_r);
+ return FALSE;
+ }
+ key_size = crypter_i->get_key_size(crypter_i);
+
+ prf_plus->allocate_bytes(prf_plus, key_size, &key);
+ DBG4(DBG_IKE, "Sk_ei secret %B", &key);
+ crypter_i->set_key(crypter_i, key);
+ chunk_clear(&key);
+
+ prf_plus->allocate_bytes(prf_plus, key_size, &key);
+ DBG4(DBG_IKE, "Sk_er secret %B", &key);
+ crypter_r->set_key(crypter_r, key);
+ chunk_clear(&key);
+
+ if (this->initiator)
+ {
+ this->aead_in = aead_create(crypter_r, signer_r);
+ this->aead_out = aead_create(crypter_i, signer_i);
+ }
+ else
+ {
+ this->aead_in = aead_create(crypter_i, signer_i);
+ this->aead_out = aead_create(crypter_r, signer_r);
+ }
+ return TRUE;
+}
+
METHOD(keymat_t, derive_ike_keys, bool,
private_keymat_t *this, proposal_t *proposal, diffie_hellman_t *dh,
chunk_t nonce_i, chunk_t nonce_r, ike_sa_id_t *id,
{
chunk_t skeyseed, key, secret, full_nonce, fixed_nonce, prf_plus_seed;
chunk_t spi_i, spi_r;
- crypter_t *crypter_i, *crypter_r;
- signer_t *signer_i, *signer_r;
prf_plus_t *prf_plus;
u_int16_t alg, key_size;
prf_t *rekey_prf = NULL;
prf_plus->allocate_bytes(prf_plus, key_size, &this->skd);
DBG4(DBG_IKE, "Sk_d secret %B", &this->skd);
- /* SK_ai/SK_ar used for integrity protection => signer_in/signer_out */
- if (!proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM, &alg, NULL))
- {
- DBG1(DBG_IKE, "no %N selected",
- transform_type_names, INTEGRITY_ALGORITHM);
- prf_plus->destroy(prf_plus);
- DESTROY_IF(rekey_prf);
- return FALSE;
- }
- signer_i = lib->crypto->create_signer(lib->crypto, alg);
- signer_r = lib->crypto->create_signer(lib->crypto, alg);
- if (signer_i == NULL || signer_r == NULL)
- {
- DBG1(DBG_IKE, "%N %N not supported!",
- transform_type_names, INTEGRITY_ALGORITHM,
- integrity_algorithm_names ,alg);
- prf_plus->destroy(prf_plus);
- DESTROY_IF(rekey_prf);
- return FALSE;
- }
- key_size = signer_i->get_key_size(signer_i);
-
- prf_plus->allocate_bytes(prf_plus, key_size, &key);
- DBG4(DBG_IKE, "Sk_ai secret %B", &key);
- signer_i->set_key(signer_i, key);
- chunk_clear(&key);
-
- prf_plus->allocate_bytes(prf_plus, key_size, &key);
- DBG4(DBG_IKE, "Sk_ar secret %B", &key);
- signer_r->set_key(signer_r, key);
- chunk_clear(&key);
-
- if (this->initiator)
- {
- this->signer_in = signer_r;
- this->signer_out = signer_i;
- }
- else
- {
- this->signer_in = signer_i;
- this->signer_out = signer_r;
- }
-
- /* SK_ei/SK_er used for encryption => crypter_in/crypter_out */
if (!proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &alg, &key_size))
{
DBG1(DBG_IKE, "no %N selected",
DESTROY_IF(rekey_prf);
return FALSE;
}
- crypter_i = lib->crypto->create_crypter(lib->crypto, alg, key_size / 8);
- crypter_r = lib->crypto->create_crypter(lib->crypto, alg, key_size / 8);
- if (crypter_i == NULL || crypter_r == NULL)
- {
- DBG1(DBG_IKE, "%N %N (key size %d) not supported!",
- transform_type_names, ENCRYPTION_ALGORITHM,
- encryption_algorithm_names, alg, key_size);
- prf_plus->destroy(prf_plus);
- DESTROY_IF(rekey_prf);
- return FALSE;
- }
- key_size = crypter_i->get_key_size(crypter_i);
-
- prf_plus->allocate_bytes(prf_plus, key_size, &key);
- DBG4(DBG_IKE, "Sk_ei secret %B", &key);
- crypter_i->set_key(crypter_i, key);
- chunk_clear(&key);
-
- prf_plus->allocate_bytes(prf_plus, key_size, &key);
- DBG4(DBG_IKE, "Sk_er secret %B", &key);
- crypter_r->set_key(crypter_r, key);
- chunk_clear(&key);
- if (this->initiator)
+ if (encryption_algorithm_is_aead(alg))
{
- this->crypter_in = crypter_r;
- this->crypter_out = crypter_i;
+ if (!derive_ike_aead(this, proposal, prf_plus))
+ {
+ prf_plus->destroy(prf_plus);
+ DESTROY_IF(rekey_prf);
+ return FALSE;
+ }
}
else
{
- this->crypter_in = crypter_i;
- this->crypter_out = crypter_r;
+ if (!derive_ike_traditional(this, proposal, prf_plus))
+ {
+ prf_plus->destroy(prf_plus);
+ DESTROY_IF(rekey_prf);
+ return FALSE;
+ }
}
/* SK_pi/SK_pr used for authentication => stored for later */
return this->prf_alg;
}
-METHOD(keymat_t, get_signer, signer_t*,
- private_keymat_t *this, bool in)
-{
- return in ? this->signer_in : this->signer_out;
-}
-
-METHOD(keymat_t, get_crypter, crypter_t*,
+METHOD(keymat_t, get_aead, aead_t*,
private_keymat_t *this, bool in)
{
- return in ? this->crypter_in : this->crypter_out;
+ return in ? this->aead_in : this->aead_out;
}
METHOD(keymat_t, get_auth_octets, chunk_t,
METHOD(keymat_t, destroy, void,
private_keymat_t *this)
{
- DESTROY_IF(this->signer_in);
- DESTROY_IF(this->signer_out);
- DESTROY_IF(this->crypter_in);
- DESTROY_IF(this->crypter_out);
+ DESTROY_IF(this->aead_in);
+ DESTROY_IF(this->aead_out);
DESTROY_IF(this->prf);
chunk_clear(&this->skd);
chunk_clear(&this->skp_verify);
.derive_ike_keys = _derive_ike_keys,
.derive_child_keys = _derive_child_keys,
.get_skd = _get_skd,
- .get_signer = _get_signer,
- .get_crypter = _get_crypter,
+ .get_aead = _get_aead,
.get_auth_octets = _get_auth_octets,
.get_psk_sig = _get_psk_sig,
.destroy = _destroy,
#include <library.h>
#include <utils/identification.h>
#include <crypto/prfs/prf.h>
-#include <crypto/crypters/crypter.h>
-#include <crypto/signers/signer.h>
+#include <crypto/aead.h>
#include <config/proposal.h>
#include <sa/ike_sa_id.h>
*/
pseudo_random_function_t (*get_skd)(keymat_t *this, chunk_t *skd);
- /**
- * Get a signer to sign/verify IKE messages.
- *
- * @param in TRUE for inbound (verify), FALSE for outbound (sign)
- * @return signer
- */
- signer_t* (*get_signer)(keymat_t *this, bool in);
-
/*
- * Get a crypter to en-/decrypt IKE messages.
+ * Get a AEAD transform to en-/decrypt and sign/verify IKE messages.
*
* @param in TRUE for inbound (decrypt), FALSE for outbound (encrypt)
* @return crypter
*/
- crypter_t* (*get_crypter)(keymat_t *this, bool in);
+ aead_t* (*get_aead)(keymat_t *this, bool in);
/**
* Generate octets to use for authentication procedure (RFC4306 2.15).