diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/Makefile | 4 | ||||
| -rw-r--r-- | src/cipher.c | 8 | ||||
| -rw-r--r-- | src/key_derivation.c | 261 | ||||
| -rw-r--r-- | src/key_derivation.h | 70 | ||||
| -rw-r--r-- | src/uanytun.c | 5 |
5 files changed, 345 insertions, 3 deletions
diff --git a/src/Makefile b/src/Makefile index 8372395..975c375 100644 --- a/src/Makefile +++ b/src/Makefile @@ -55,6 +55,7 @@ OBJS = log.o \ encrypted_packet.o \ seq_window.o \ cipher.o \ + key_derivation.o \ uanytun.o EXECUTABLE = uanytun @@ -94,6 +95,9 @@ seq_window.o: seq_window.c seq_window.h cipher.o: cipher.c cipher.h $(CC) $(CCFLAGS) $< -c +key_derivation.o: key_derivation.c key_derivation.h + $(CC) $(CCFLAGS) $< -c + distclean: clean find . -name *.o -exec rm -f {} \; find . -name "*.\~*" -exec rm -rf {} \; diff --git a/src/cipher.c b/src/cipher.c index 3a74641..8c086ee 100644 --- a/src/cipher.c +++ b/src/cipher.c @@ -186,6 +186,9 @@ u_int32_t cipher_null_crypt(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32 int cipher_aesctr_init(cipher_t* c, int key_length) { + if(!c) + return -1; + c->key_length_ = key_length; int algo; @@ -202,6 +205,8 @@ int cipher_aesctr_init(cipher_t* c, int key_length) log_printf(ERR, "failed to open cipher: %s/%s", gcry_strerror(err), gcry_strsource(err)); return -1; } + + return 0; } void cipher_aesctr_close(cipher_t* c) @@ -219,6 +224,9 @@ buffer_t cipher_aesctr_calc_ctr(cipher_t* c, seq_nr_t seq_nr, sender_id_t sender result.buf_ = NULL; result.length_ = 0; + if(!c) + return result; + mpz_t ctr, sid_mux, seq; mpz_init2(ctr, 128); mpz_init2(sid_mux, 96); diff --git a/src/key_derivation.c b/src/key_derivation.c new file mode 100644 index 0000000..5e3f2c5 --- /dev/null +++ b/src/key_derivation.c @@ -0,0 +1,261 @@ +/* + * ľAnytun + * + * ľAnytun is a tiny implementation of SATP. Unlike Anytun which is a full + * featured implementation ľAnytun has no support for multiple connections + * or synchronisation. It is a small single threaded implementation intended + * to act as a client on small platforms. + * The secure anycast tunneling protocol (satp) defines a protocol used + * for communication between any combination of unicast and anycast + * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel + * mode and allows tunneling of every ETHER TYPE protocol (e.g. + * ethernet, ip, arp ...). satp directly includes cryptography and + * message authentication based on the methodes used by SRTP. It is + * intended to deliver a generic, scaleable and secure solution for + * tunneling and relaying of packets of any protocol. + * + * + * Copyright (C) 2007-2008 Christian Pointner <equinox@anytun.org> + * + * This file is part of ľAnytun. + * + * ľAnytun is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 3 as + * published by the Free Software Foundation. + * + * ľAnytun is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with ľAnytun. If not, see <http://www.gnu.org/licenses/>. + */ + +#include "datatypes.h" + +#include "key_derivation.h" + +#include "log.h" + +#include <string.h> + +#include <gmp.h> + + +int key_derivation_init(key_derivation_t* kd, const char* type, u_int8_t* key, u_int32_t key_len, u_int8_t* salt, u_int32_t salt_len) +{ + if(!kd) + return -1; + + kd->type_ = unknown; + if(!strcmp(type, "null")) + kd->type_ = null; + else if(!strcmp(type, "aes-ctr")) + kd->type_ = aes_ctr; + else { + log_printf(ERR, "unknown key derivation type"); + return -1; + } + + kd->ld_kdr_ = -1; + kd->handle_ = 0; + + if(!key) { + kd->master_key_.buf_ = NULL; + kd->master_key_.length_ = 0; + } + else { + kd->master_key_.buf_ = malloc(key_len); + if(!kd->master_key_.buf_) + return -2; + memcpy(kd->master_key_.buf_, key, key_len); + kd->master_key_.length_ = key_len; + } + + if(!salt) { + kd->master_salt_.buf_ = NULL; + kd->master_salt_.length_ = 0; + } + else { + kd->master_salt_.buf_ = malloc(salt_len); + if(!kd->master_salt_.buf_) { + if(kd->master_key_.buf_) + free(kd->master_key_.buf_); + return -2; + } + memcpy(kd->master_salt_.buf_, salt, salt_len); + kd->master_salt_.length_ = salt_len; + } + + int ret = 0; + if(kd->type_ == aes_ctr) + ret = key_derivation_aesctr_init(kd, key, key_len, salt, salt_len); + + return ret; +} + +void key_derivation_close(key_derivation_t* kd) +{ + if(!kd) + return; + + if(kd->type_ == aes_ctr) + key_derivation_aesctr_close(kd); + + if(kd->master_key_.buf_) + free(kd->master_key_.buf_); + if(kd->master_salt_.buf_) + free(kd->master_salt_.buf_); +} + +void key_derivation_generate(key_derivation_t* kd, satp_prf_label_t label, seq_nr_t seq_nr, u_int8_t* key, u_int32_t len) +{ + if(!kd) + return; + + if(kd->type_ == null) + key_derivation_null_generate(key, len); + else if(kd->type_ == aes_ctr) + key_derivation_aesctr_generate(kd, label, seq_nr, key, len); + else { + log_printf(ERR, "unknown cipher type"); + return; + } +} + +/* ---------------- NULL Key Derivation ---------------- */ + +void key_derivation_null_generate(u_int8_t* key, u_int32_t len) +{ + memset(key, 0, len); +} + +/* ---------------- AES-Ctr Key Derivation ---------------- */ + +int key_derivation_aesctr_init(key_derivation_t* kd, u_int8_t* key, u_int32_t key_len, u_int8_t* salt, u_int32_t salt_len) +{ + if(!kd) + return -1; + + gcry_error_t err = gcry_cipher_open(&kd->handle_, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR, 0); + if(err) { + log_printf(ERR, "failed to open cipher: %s/%s", gcry_strerror(err), gcry_strsource(err)); + return -1; + } + + err = gcry_cipher_setkey(kd->handle_, kd->master_key_.buf_, kd->master_key_.length_); + if(err) { + log_printf(ERR, "failed to set cipher key: %s/%s", gcry_strerror(err), gcry_strsource(err)); + return -1; + } + + return 0; +} + +void key_derivation_aesctr_close(key_derivation_t* kd) +{ + if(!kd) + return; + + if(kd->handle_) + gcry_cipher_close(kd->handle_); +} + +buffer_t key_derivation_aesctr_calc_ctr(key_derivation_t* kd, satp_prf_label_t label, seq_nr_t seq_nr) +{ + buffer_t result; + result.buf_ = NULL; + result.length_ = 0; + + if(!kd) + return result; + + // see at: http://tools.ietf.org/html/rfc3711#section-4.3 + // * Let r = index DIV key_derivation_rate (with DIV as defined above). + // * Let key_id = <label> || r. + // * Let x = key_id XOR master_salt, where key_id and master_salt are + // aligned so that their least significant bits agree (right- + // alignment). + // + + mpz_t ctr, key_id, r; + mpz_init2(ctr, 128); + mpz_init2(key_id, 128); + mpz_init2(r, 128); + + int faked_msb = 0; + if(!kd->master_salt_.buf_[0]) + kd->master_salt_.buf_[0] = 1; + + if(kd->ld_kdr_ == -1) + mpz_set_ui(r, 0); + else { + mpz_t seq; + mpz_init2(seq, 32); + mpz_set_ui(seq, seq_nr); + + mpz_set_ui(r, 1); + mpz_mul_2exp(r, r, kd->ld_kdr_); + + mpz_fdiv_q(r, seq, r); + + mpz_clear(seq); + } +/* TODO: generate key only if index % r == 0, except it is the first time */ + + mpz_set_ui(key_id, label); + mpz_mul_2exp(key_id, key_id, 48); + mpz_add(key_id, key_id, r); + + mpz_import(ctr, kd->master_salt_.length_, 1, 1, 0, 0, kd->master_salt_.buf_); + + mpz_xor(ctr, ctr, key_id); + mpz_mul_2exp(ctr, ctr, 16); + + result.buf_ = mpz_export(NULL, (size_t*)&result.length_, 1, 1, 0, 0, ctr); + if(faked_msb) { + kd->master_salt_.buf_[0] = 0; + result.buf_[0] = 0; + } + + mpz_clear(ctr); + mpz_clear(key_id); + mpz_clear(r); + + return result; +} + +void key_derivation_aesctr_generate(key_derivation_t* kd, satp_prf_label_t label, seq_nr_t seq_nr, u_int8_t* key, u_int32_t len) +{ + if(!kd || !kd->master_key_.buf_ || !kd->master_salt_.buf_) { + log_printf(ERR, "cipher not initialized or no key or salt set"); + return; + } + + gcry_error_t err = gcry_cipher_reset(kd->handle_); + if(err) { + log_printf(ERR, "failed to reset cipher: %s/%s", gcry_strerror(err), gcry_strsource(err)); + return; + } + + buffer_t ctr = key_derivation_aesctr_calc_ctr(kd, label, seq_nr); + if(!ctr.buf_) { + log_printf(ERR, "failed to calculate cipher CTR"); + return; + } + err = gcry_cipher_setctr(kd->handle_, ctr.buf_, ctr.length_); + free(ctr.buf_); + + if(err) { + log_printf(ERR, "failed to set cipher CTR: %s/%s", gcry_strerror(err), gcry_strsource(err)); + return; + } + + memset(key, 0, len); + err = gcry_cipher_encrypt(kd->handle_, key, len, NULL, 0); + if(err) { + log_printf(ERR, "failed to generate cipher bitstream: %s/%s", gcry_strerror(err), gcry_strsource(err)); + return; + } +} diff --git a/src/key_derivation.h b/src/key_derivation.h new file mode 100644 index 0000000..6e1a1e3 --- /dev/null +++ b/src/key_derivation.h @@ -0,0 +1,70 @@ +/* + * ľAnytun + * + * ľAnytun is a tiny implementation of SATP. Unlike Anytun which is a full + * featured implementation ľAnytun has no support for multiple connections + * or synchronisation. It is a small single threaded implementation intended + * to act as a client on small platforms. + * The secure anycast tunneling protocol (satp) defines a protocol used + * for communication between any combination of unicast and anycast + * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel + * mode and allows tunneling of every ETHER TYPE protocol (e.g. + * ethernet, ip, arp ...). satp directly includes cryptography and + * message authentication based on the methodes used by SRTP. It is + * intended to deliver a generic, scaleable and secure solution for + * tunneling and relaying of packets of any protocol. + * + * + * Copyright (C) 2007-2008 Christian Pointner <equinox@anytun.org> + * + * This file is part of ľAnytun. + * + * ľAnytun is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 3 as + * published by the Free Software Foundation. + * + * ľAnytun is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with ľAnytun. If not, see <http://www.gnu.org/licenses/>. + */ + +#ifndef _KEY_DERIVATION_H_ +#define _KEY_DERIVATION_H_ + +#include <gcrypt.h> + +enum satp_prf_label_enum { + LABEL_SATP_ENCRYPTION = 0x00, + LABEL_SATP_MSG_AUTH = 0x01, + LABEL_SATP_SALT = 0x02, +}; +typedef enum satp_prf_label_enum satp_prf_label_t; + +enum key_derivation_type_enum { unknown, null, aes_ctr }; +typedef enum key_derivation_type_enum key_derivation_type_t; + +struct key_derivation_struct { + key_derivation_type_t type_; + int8_t ld_kdr_; + buffer_t master_key_; + buffer_t master_salt_; + gcry_cipher_hd_t handle_; +}; +typedef struct key_derivation_struct key_derivation_t; + +int key_derivation_init(key_derivation_t* kd, const char* type, u_int8_t* key, u_int32_t key_len, u_int8_t* salt, u_int32_t salt_len); +void key_derivation_close(key_derivation_t* kd); +void key_derivation_generate(key_derivation_t* kd, satp_prf_label_t label, seq_nr_t seq_nr, u_int8_t* key, u_int32_t len); + +void key_derivation_null_generate(u_int8_t* key, u_int32_t len); + +int key_derivation_aesctr_init(key_derivation_t* kd, u_int8_t* key, u_int32_t key_len, u_int8_t* salt, u_int32_t salt_len); +void key_derivation_aesctr_close(key_derivation_t* kd); +buffer_t key_derivation_aesctr_calc_ctr(key_derivation_t* kd, satp_prf_label_t label, seq_nr_t seq_nr); +void key_derivation_aesctr_generate(key_derivation_t* kd, satp_prf_label_t label, seq_nr_t seq_nr, u_int8_t* key, u_int32_t len); + +#endif diff --git a/src/uanytun.c b/src/uanytun.c index 8725b40..244ffbd 100644 --- a/src/uanytun.c +++ b/src/uanytun.c @@ -70,18 +70,17 @@ int init_libgcrypt() #ifndef NO_SEC_MEM gcry_error_t err = gcry_control(GCRYCTL_INIT_SECMEM, 16384, 0); if(err) { - log_printf(ERR, "failed initialize secure memory: %s/%s", gcry_strerror(err), gcry_strsource(err)); + log_printf(ERR, "failed to initialize secure memory: %s/%s", gcry_strerror(err), gcry_strsource(err)); return -1; } #else gcry_error_t err = gcry_control(GCRYCTL_DISABLE_SECMEM, 0); if(err) { - log_printf(ERR, "failed disable secure memory: %s/%s", gcry_strerror(err), gcry_strsource(err)); + log_printf(ERR, "failed to disable secure memory: %s/%s", gcry_strerror(err), gcry_strsource(err)); return -1; } #endif - // Tell Libgcrypt that initialization has completed. err = gcry_control(GCRYCTL_INITIALIZATION_FINISHED); if(err) { log_printf(ERR, "failed to finish libgcrypt initialization: %s/%s", gcry_strerror(err), gcry_strsource(err)); |