summaryrefslogtreecommitdiff
path: root/keyDerivation.cpp
blob: 893825ca4e3e424f034d6fc129e88504c831e05c (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
/*
 *  anytun
 *
 *  The secure anycast tunneling protocol (satp) defines a protocol used
 *  for communication between any combination of unicast and anycast
 *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
 *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
 *  ethernet, ip, arp ...). satp directly includes cryptography and
 *  message authentication based on the methodes used by SRTP.  It is
 *  intended to deliver a generic, scaleable and secure solution for
 *  tunneling and relaying of packets of any protocol.
 *
 *
 *  Copyright (C) 2007 anytun.org <satp@wirdorange.org>
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License version 2
 *  as published by the Free Software Foundation.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program (see the file COPYING included with this
 *  distribution); if not, write to the Free Software Foundation, Inc.,
 *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 */


#include "log.h"
#include "keyDerivation.h"
#include "mpi.h"
#include "threadUtils.hpp"

#include <stdexcept>
#include <iostream>
#include <string>

#include <gcrypt.h>


void KeyDerivation::init(Buffer key, Buffer salt)
{
  Lock lock(mutex_);
  gcry_error_t err;

  // TODO: hardcoded keysize!
  err = gcry_cipher_open( &cipher_, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR, 0 );
  if( err ) {
    cLog.msg(Log::PRIO_ERR) << "KeyDerivation::init: Failed to open cipher: " << gpg_strerror( err );
    return;
  }

  salt_ = SyncBuffer(salt);
  key_ = SyncBuffer(key);

  updateKey();
}

void KeyDerivation::updateKey()
{
  gcry_error_t err;

  err = gcry_cipher_setkey( cipher_, key_.getBuf(), key_.getLength() );
  if( err )
    cLog.msg(Log::PRIO_ERR) << "KeyDerivation::init: Failed to set cipher key: " << gpg_strerror( err );
}

KeyDerivation::~KeyDerivation()
{
  Lock lock(mutex_);
  gcry_cipher_close( cipher_ );
}

void KeyDerivation::setLogKDRate(const uint8_t log_rate)
{
  Lock lock(mutex_);
  if( log_rate < 49 )
    ld_kdr_ = log_rate;
}

void KeyDerivation::generate(satp_prf_label label, seq_nr_t seq_nr, Buffer& key, u_int32_t length) 
{
  ////Lock lock(mutex_);
  gcry_error_t err;

  Mpi r;
  Mpi key_id(128);
  Mpi iv(128);

  // see at: http://tools.ietf.org/html/rfc3711#section-4.3
  // *  Let r = index DIV key_derivation_rate (with DIV as defined above).
  // *  Let key_id = <label> || r.
  // *  Let x = key_id XOR master_salt, where key_id and master_salt are
  //    aligned so that their least significant bits agree (right-
  //    alignment).
  //

  if( ld_kdr_ == -1 )    // means key_derivation_rate = 0
    r = 0;
  else
    // TODO: kdr can be greater than 2^32 (= 2^48)
    r = static_cast<long unsigned int>(seq_nr / ( 0x01 << ld_kdr_ ));

  r = r.mul2exp(8);
  key_id = r + static_cast<long unsigned int>(label);

  Mpi salt = Mpi(salt_.getBuf(), salt_.getLength());
  iv = key_id ^ salt;

  err = gcry_cipher_reset( cipher_ );
  if( err ) 
    cLog.msg(Log::PRIO_ERR) << "KeyDerivation::generate: Failed to reset cipher: " << gpg_strerror( err );

  u_int8_t *iv_buf = iv.getNewBuf(16);
  err = gcry_cipher_setiv( cipher_ , iv_buf, 16);
  delete[] iv_buf;
  if( err )
    cLog.msg(Log::PRIO_ERR) << "KeyDerivation::generate: Failed to set IV: " << gpg_strerror( err );

  err = gcry_cipher_encrypt( cipher_, key, length, 0, 0 );
 
  if( err ) 
    cLog.msg(Log::PRIO_ERR) << "KeyDerivation::generate: Failed to generate cipher bitstream: " << gpg_strerror( err );
}