From c597afc9f59af4d4596068d042f467127311bfed Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sun, 24 Feb 2008 19:10:34 +0000 Subject: added NullKeyDerivation added KeyDerivationFactory --- Makefile | 4 +++ anytun.cpp | 10 +++----- cipher.cpp | 1 + connectionList.cpp | 3 ++- keyDerivation.cpp | 64 ++++++++++++++++++++++++++++++------------------ keyDerivation.h | 71 +++++++++++++++++++++++++++++++++++++++++++----------- plainPacket.cpp | 5 +++- 7 files changed, 113 insertions(+), 45 deletions(-) diff --git a/Makefile b/Makefile index 4552c17..7cd8d5b 100644 --- a/Makefile +++ b/Makefile @@ -59,6 +59,7 @@ OBJS = anytun.o \ mpi.o \ cipherFactory.o \ authAlgoFactory.o \ + keyDerivationFactory.o \ connectionList.o \ connectionParam.o \ networkAddress.o \ @@ -123,6 +124,9 @@ cipherFactory.o: cipherFactory.cpp cipherFactory.h cipher.h authAlgoFactory.o: authAlgoFactory.cpp authAlgoFactory.h authAlgo.h $(C++) $(CCFLAGS) $< -c +keyDerivationFactory.o: keyDerivationFactory.cpp keyDerivationFactory.h keyDerivation.h + $(C++) $(CCFLAGS) $< -c + routingTable.o: routingTable.cpp routingTable.h $(C++) $(CCFLAGS) $< -c diff --git a/anytun.cpp b/anytun.cpp index 69ea165..f560428 100644 --- a/anytun.cpp +++ b/anytun.cpp @@ -46,6 +46,7 @@ #include "authTag.h" #include "cipherFactory.h" #include "authAlgoFactory.h" +#include "keyDerivationFactory.h" #include "signalController.h" #include "packetSource.h" #include "tunDevice.h" @@ -53,9 +54,6 @@ #include "seqWindow.h" #include "connectionList.h" -#include "mpi.h" // TODO: remove after debug - - #include "syncQueue.h" #include "syncSocketHandler.h" #include "syncListenSocket.h" @@ -77,6 +75,7 @@ void createConnection(const std::string & remote_host, u_int16_t remote_port, ConnectionList & cl, u_int16_t seqSize, SyncQueue & queue) { + // TODO: use key exchange for master key/salt uint8_t key[] = { 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p' @@ -89,7 +88,7 @@ void createConnection(const std::string & remote_host, u_int16_t remote_port, Co SeqWindow * seq= new SeqWindow(seqSize); seq_nr_t seq_nr_=0; - KeyDerivation * kd = new KeyDerivation; + KeyDerivation * kd = KeyDerivationFactory::create("aes-ctr"); // TODO: get value from options kd->init(Buffer(key, sizeof(key)), Buffer(salt, sizeof(salt))); cLog.msg(Log::PRIO_NOTICE) << "added connection remote host " << remote_host << ":" << remote_port; ConnectionParam connparam ( (*kd), (*seq), seq_nr_, remote_host, remote_port); @@ -312,7 +311,6 @@ void* receiver(void* p) } #define MIN_GCRYPT_VERSION "1.2.3" -//#define GCRYPT_SEC_MEM 32768 // 32k secure memory // make libgcrypt thread safe extern "C" { GCRY_THREAD_OPTION_PTHREAD_IMPL; @@ -341,7 +339,7 @@ bool initLibGCrypt() cLog.msg(Log::PRIO_NOTICE) << "initLibGCrypt: libgcrypt init finished"; return true; } - + int main(int argc, char* argv[]) { std::cout << "anytun - secure anycast tunneling protocol" << std::endl; diff --git a/cipher.cpp b/cipher.cpp index 07a9117..579d96c 100644 --- a/cipher.cpp +++ b/cipher.cpp @@ -70,6 +70,7 @@ u_int32_t NullCipher::decipher(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_in return (ilen < olen) ? ilen : olen; } + //****** AesIcmCipher ****** AesIcmCipher::AesIcmCipher() diff --git a/connectionList.cpp b/connectionList.cpp index 93a23b9..713009b 100644 --- a/connectionList.cpp +++ b/connectionList.cpp @@ -30,6 +30,7 @@ #include "threadUtils.hpp" #include "datatypes.h" +#include "keyDerivationFactory.h" #include "connectionList.h" @@ -91,7 +92,7 @@ ConnectionParam & ConnectionList::getOrNewConnectionUnlocked(u_int16_t mux) SeqWindow * seq= new SeqWindow(0); seq_nr_t seq_nr_=0; - KeyDerivation * kd = new KeyDerivation; + KeyDerivation * kd = KeyDerivationFactory::create("aes-ctr"); // TODO: get value from options kd->init(Buffer(key, sizeof(key)), Buffer(salt, sizeof(salt))); ConnectionParam conn ( (*kd), (*seq), seq_nr_, "", 0); connections_.insert(ConnectionMap::value_type(mux, conn)); diff --git a/keyDerivation.cpp b/keyDerivation.cpp index cfd70d4..79086b2 100644 --- a/keyDerivation.cpp +++ b/keyDerivation.cpp @@ -41,49 +41,66 @@ #include -void KeyDerivation::init(Buffer key, Buffer salt) +void KeyDerivation::setLogKDRate(const uint8_t log_rate) { Lock lock(mutex_); - gcry_error_t err; + if( log_rate < 49 ) + ld_kdr_ = log_rate; +} - // TODO: hardcoded cipher-type and keysize?? - err = gcry_cipher_open( &cipher_, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR, 0 ); - if( err ) { - cLog.msg(Log::PRIO_ERR) << "KeyDerivation::init: Failed to open cipher: " << gpg_strerror( err ); - return; - } +//****** NullKeyDerivation ****** - master_salt_ = SyncBuffer(salt); - master_key_ = SyncBuffer(key); +void NullKeyDerivation::generate(satp_prf_label label, seq_nr_t seq_nr, Buffer& key) +{ + for(u_int32_t i=0; i < key.getLength(); ++i) key[i] = 0; +} - updateMasterKey(); +//****** AesIcmKeyDerivation ****** + +AesIcmKeyDerivation::~AesIcmKeyDerivation() +{ + Lock lock(mutex_); + if(cipher_) + gcry_cipher_close( cipher_ ); } -void KeyDerivation::updateMasterKey() +void AesIcmKeyDerivation::updateMasterKey() { - gcry_error_t err; + if(!cipher_) + return; - err = gcry_cipher_setkey( cipher_, master_key_.getBuf(), master_key_.getLength() ); + gcry_error_t err = gcry_cipher_setkey( cipher_, master_key_.getBuf(), master_key_.getLength() ); if( err ) cLog.msg(Log::PRIO_ERR) << "KeyDerivation::updateMasterKey: Failed to set cipher key: " << gpg_strerror( err ); } -KeyDerivation::~KeyDerivation() +void AesIcmKeyDerivation::init(Buffer key, Buffer salt) { Lock lock(mutex_); - gcry_cipher_close( cipher_ ); -} + if(cipher_) + gcry_cipher_close( cipher_ ); -void KeyDerivation::setLogKDRate(const uint8_t log_rate) -{ - Lock lock(mutex_); - if( log_rate < 49 ) - ld_kdr_ = log_rate; + // TODO: hardcoded cipher-type and keysize?? + gcry_error_t err = gcry_cipher_open( &cipher_, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR, 0 ); + if( err ) { + cLog.msg(Log::PRIO_ERR) << "KeyDerivation::init: Failed to open cipher: " << gpg_strerror( err ); + return; + } + + master_salt_ = SyncBuffer(salt); + master_key_ = SyncBuffer(key); + + updateMasterKey(); } -void KeyDerivation::generate(satp_prf_label label, seq_nr_t seq_nr, Buffer& key) +void AesIcmKeyDerivation::generate(satp_prf_label label, seq_nr_t seq_nr, Buffer& key) { Lock lock(mutex_); + if(!cipher_) + { + cLog.msg(Log::PRIO_ERR) << "KeyDerivation::generate: cipher not opened"; + return; + } gcry_error_t err = gcry_cipher_reset( cipher_ ); if( err ) @@ -133,3 +150,4 @@ void KeyDerivation::generate(satp_prf_label label, seq_nr_t seq_nr, Buffer& key) if( err ) cLog.msg(Log::PRIO_ERR) << "KeyDerivation::generate: Failed to generate cipher bitstream: " << gpg_strerror( err ); } + diff --git a/keyDerivation.h b/keyDerivation.h index 6f52099..9057a6a 100644 --- a/keyDerivation.h +++ b/keyDerivation.h @@ -51,46 +51,89 @@ typedef enum { class KeyDerivation { public: - KeyDerivation() : ld_kdr_(0), master_salt_(0), master_key_(0), cipher_(NULL) {}; - virtual ~KeyDerivation(); + KeyDerivation() : ld_kdr_(0), master_salt_(0), master_key_(0) {}; + virtual ~KeyDerivation() {}; - void init(Buffer key, Buffer salt); void setLogKDRate(const u_int8_t ld_rate); - void generate(satp_prf_label label, seq_nr_t seq_nr, Buffer& key); -private: - void updateMasterKey(); + virtual void init(Buffer key, Buffer salt) = 0; + virtual void generate(satp_prf_label label, seq_nr_t seq_nr, Buffer& key) = 0; + + virtual std::string printType() { return "KeyDerivation"; }; + +protected: + virtual void updateMasterKey() = 0; KeyDerivation(const KeyDerivation & src); friend class boost::serialization::access; template void serialize(Archive & ar, const unsigned int version) { - Lock lock(mutex_); - ar & ld_kdr_; - ar & master_salt_; + Lock lock(mutex_); + ar & ld_kdr_; + ar & master_salt_; ar & master_key_; updateMasterKey(); } -protected: - int8_t ld_kdr_; // ld(key_derivation_rate) + int8_t ld_kdr_; // ld(key_derivation_rate) SyncBuffer master_salt_; SyncBuffer master_key_; - gcry_cipher_hd_t cipher_; Mutex mutex_; }; +BOOST_IS_ABSTRACT(KeyDerivation) + +//****** NullKeyDerivation ****** -class NullKeyDerivation +class NullKeyDerivation : public KeyDerivation { +public: + NullKeyDerivation() {}; + ~NullKeyDerivation() {}; + + void init(Buffer key, Buffer salt) {}; + void generate(satp_prf_label label, seq_nr_t seq_nr, Buffer& key); + + std::string printType() { return "NullKeyDerivation"; }; + +private: + void updateMasterKey() {}; + + friend class boost::serialization::access; + template + void serialize(Archive & ar, const unsigned int version) + { + ar & boost::serialization::base_object(*this); + } }; -class AesIcmKeyDerivation +//****** AesIcmKeyDerivation ****** + +class AesIcmKeyDerivation : public KeyDerivation { +public: + AesIcmKeyDerivation() : cipher_(NULL) {}; + ~AesIcmKeyDerivation(); + void init(Buffer key, Buffer salt); + void generate(satp_prf_label label, seq_nr_t seq_nr, Buffer& key); + + std::string printType() { return "AesIcmKeyDerivation"; }; + +private: + void updateMasterKey(); + + friend class boost::serialization::access; + template + void serialize(Archive & ar, const unsigned int version) + { + ar & boost::serialization::base_object(*this); + } + + gcry_cipher_hd_t cipher_; }; #endif diff --git a/plainPacket.cpp b/plainPacket.cpp index 0906fa2..d6f2e5f 100644 --- a/plainPacket.cpp +++ b/plainPacket.cpp @@ -45,7 +45,10 @@ PlainPacket::PlainPacket(u_int32_t payload_length, bool allow_realloc) : Buffer( payload_type_t PlainPacket::getPayloadType() const { - return PAYLOAD_TYPE_T_NTOH(*payload_type_); + if(payload_type_) + return PAYLOAD_TYPE_T_NTOH(*payload_type_); + + return 0; } void PlainPacket::setPayloadType(payload_type_t payload_type) -- cgit v1.2.3