diff options
-rw-r--r-- | Makefile | 4 | ||||
-rw-r--r-- | authAlgo.cpp | 30 | ||||
-rw-r--r-- | authAlgo.h | 8 | ||||
-rw-r--r-- | cypher.cpp | 25 | ||||
-rw-r--r-- | cypher.h | 3 | ||||
-rw-r--r-- | keyDerivation.cpp | 105 | ||||
-rw-r--r-- | keyDerivation.h | 66 |
7 files changed, 225 insertions, 16 deletions
@@ -36,6 +36,7 @@ OBJS = anytun.o \ packet.o \ cypher.o \ authAlgo.o \ + keyDerivation.o \ PracticalSocket.o \ signalController.o \ log.o \ @@ -68,6 +69,9 @@ cypher.o: cypher.cpp cypher.h buffer.h authAlgo.o: authAlgo.cpp authAlgo.h buffer.h $(C++) $(CCFLAGS) $< -c +keyDerivation.o: keyDerivation.cpp keyDerivation.h + $(C++) $(CCFLAGS) $< -c + signalController.o: signalController.cpp signalController.h $(C++) $(CCFLAGS) $< -c diff --git a/authAlgo.cpp b/authAlgo.cpp index 57c9ee6..206d335 100644 --- a/authAlgo.cpp +++ b/authAlgo.cpp @@ -30,7 +30,37 @@ #include "authAlgo.h" +extern "C" { +#include <srtp/crypto_kernel.h> +} + + auth_tag_t NullAuthAlgo::calc(const Buffer& buf) { return 0; } + + +// HMAC_SHA1 +auth_tag_t HmacAuthAlgo::calc(const Buffer& buf) +{ + extern auth_type_t hmac; + err_status_t status = err_status_ok; + auth_t *auth = NULL; + + uint8_t key[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13 + }; + + // auth_type_alloc(auth_type, auth, key_len, out_len) + status = auth_type_alloc(&hmac, &auth, 94, 4); + status = auth_init(auth, key); + + status = auth_dealloc(auth); + + return 0; +} + + @@ -49,4 +49,12 @@ public: auth_tag_t calc(const Buffer& buf); }; + +// HMAC_SHA1 +class HmacAuthAlgo : public AuthAlgo +{ +public: + auth_tag_t calc(const Buffer& buf); +}; + #endif @@ -31,8 +31,6 @@ #include <stdexcept> #include <vector> -//#include "datatypes.h" - #include "cypher.h" extern "C" { @@ -63,17 +61,15 @@ Buffer NullCypher::getBitStream(u_int32_t length, seq_nr_t seq_nr, sender_id_t s return buf; } -void AesIcmCypher::cypher(Buffer& buf, seq_nr_t seq_nr, sender_id_t sender_id) -{ -} -Buffer AesIcmCypher::getBitStream(u_int32_t length, seq_nr_t seq_nr, sender_id_t sender_id) +void AesIcmCypher::cypher(Buffer& buf, seq_nr_t seq_nr, sender_id_t sender_id) { - Buffer buf(length); extern cipher_type_t aes_icm; - err_status_t status; + err_status_t status = err_status_ok; cipher_t* cipher = NULL; - uint8_t key[20] = { + uint32_t length = 0; + + uint8_t key[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13 @@ -84,13 +80,9 @@ Buffer AesIcmCypher::getBitStream(u_int32_t length, seq_nr_t seq_nr, sender_id_t // allocate cipher status = cipher_type_alloc(&aes_icm, &cipher, 30); - if(status) - return buf; // init cipher status = cipher_init(cipher, key, direction_any); - if(status) - return buf; //set iv // where the 128-bit integer value IV SHALL be defined by the SSRC, the @@ -100,17 +92,18 @@ Buffer AesIcmCypher::getBitStream(u_int32_t length, seq_nr_t seq_nr, sender_id_t // sizeof(k_s) = 112, random - iv.v32[0] ^= 0; iv.v32[1] ^= sender_id; iv.v32[2] ^= (seq_nr >> 16); iv.v32[3] ^= (seq_nr << 16); + status = cipher_set_iv(cipher, &iv); + + length = buf.getLength(); - status = cipher_output(cipher, buf, length); + status = cipher_encrypt(cipher, buf, &length); status = cipher_dealloc(cipher); - return buf; } @@ -61,6 +61,9 @@ public: protected: Buffer getBitStream(u_int32_t length, seq_nr_t seq_nr, sender_id_t sender_id); + +private: + }; #endif diff --git a/keyDerivation.cpp b/keyDerivation.cpp new file mode 100644 index 0000000..5663ac1 --- /dev/null +++ b/keyDerivation.cpp @@ -0,0 +1,105 @@ +/* + * anytun + * + * The secure anycast tunneling protocol (satp) defines a protocol used + * for communication between any combination of unicast and anycast + * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel + * mode and allows tunneling of every ETHER TYPE protocol (e.g. + * ethernet, ip, arp ...). satp directly includes cryptography and + * message authentication based on the methodes used by SRTP. It is + * intended to deliver a generic, scaleable and secure solution for + * tunneling and relaying of packets of any protocol. + * + * + * Copyright (C) 2007 anytun.org <satp@wirdorange.org> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program (see the file COPYING included with this + * distribution); if not, write to the Free Software Foundation, Inc., + * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#include "keyDerivation.h" + +extern "C" { +#include <srtp/crypto_kernel.h> +} + +err_status_t KeyDerivation::init(const uint8_t key[30], const uint8_t salt[14]) +{ + aes_icm_context_init(&kdf_, key); + + for(uint8_t i = 0; i < 14; i++) + salt_[i] = salt[i]; + + return err_status_ok; +} + +err_status_t KeyDerivation::setLogKDRate(const uint8_t log_rate) +{ + if( log_rate < 49 ) + { + ld_kdr_ = log_rate; + return err_status_ok; + } + return err_status_bad_param; +} + + +err_status_t KeyDerivation::generate(satp_prf_label label, seq_nr_t seq_nr, uint8_t *key, int length) +{ + v128_t iv, salt, key_id; + uint8_t r = 0; + + v128_set_to_zero(&iv); + v128_set_to_zero(&salt); + v128_set_to_zero(&key_id); + + // look at: http://tools.ietf.org/html/rfc3711#section-4.3 + if( ld_kdr_ == -1 ) // means key_derivation_rate = 0 + r = 0; + else + // FIXXME: kdr can be greater than 2^32 (= 2^48) + r = seq_nr / ( 0x01 << ld_kdr_ ); + + key_id.v32[0] = (label << 8); + key_id.v32[0] += r; + + v128_copy_octet_string(&salt, salt_); + v128_xor(&iv, &salt, &key_id); + + aes_icm_set_iv(&kdf_, &iv); + + /* generate keystream output */ + aes_icm_output(&kdf_, key, length); + + return err_status_ok; +} + + +err_status_t KeyDerivation::clear() +{ + /* zeroize aes context */ + + v128_set_to_zero(&kdf_.counter); + v128_set_to_zero(&kdf_.offset); + v128_set_to_zero(&kdf_.keystream_buffer); + for(uint8_t i = 0; i < 11; i++) + { + v128_set_to_zero(&kdf_.expanded_key[i]); + } + kdf_.bytes_in_buffer = 0; + + return err_status_ok; +} + diff --git a/keyDerivation.h b/keyDerivation.h new file mode 100644 index 0000000..a625342 --- /dev/null +++ b/keyDerivation.h @@ -0,0 +1,66 @@ +/* + * anytun + * + * The secure anycast tunneling protocol (satp) defines a protocol used + * for communication between any combination of unicast and anycast + * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel + * mode and allows tunneling of every ETHER TYPE protocol (e.g. + * ethernet, ip, arp ...). satp directly includes cryptography and + * message authentication based on the methodes used by SRTP. It is + * intended to deliver a generic, scaleable and secure solution for + * tunneling and relaying of packets of any protocol. + * + * + * Copyright (C) 2007 anytun.org <satp@wirdorange.org> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program (see the file COPYING included with this + * distribution); if not, write to the Free Software Foundation, Inc., + * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#ifndef _KEYDERIVATION_H_ +#define _KEYDERIVATION_H_ + +#include "datatypes.h" +#include "buffer.h" + + +extern "C" { + #include <srtp/crypto_kernel.h> +} + + +typedef enum { + label_satp_encryption = 0x00, + label_satp_msg_auth = 0x01, + label_satp_salt = 0x02, +} satp_prf_label; + +class KeyDerivation +{ +public: + KeyDerivation() : ld_kdr_(-1) {}; + virtual ~KeyDerivation() {}; + + err_status_t init(const uint8_t key[30], const uint8_t salt[14]); + err_status_t setLogKDRate(const uint8_t ld_rate); + err_status_t generate(satp_prf_label label, seq_nr_t seq_nr, uint8_t *key, int length); + err_status_t clear(); + +protected: + aes_icm_ctx_t kdf_; + int8_t ld_kdr_; // ld(key_derivation_rate) + uint8_t salt_[14]; +}; + +#endif |