ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

libipsec: Wrap traditional algorithms in AEAD wrapper

This commit is contained in:
Tobias Brunner 2013-04-18 17:02:41 +02:00
parent 61fb3267b2
commit 24a8d1253f
3 changed files with 105 additions and 124 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

144
src/libipsec/esp_context.c
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (C) 2012 Tobias Brunner * Copyright (C) 2012-2013 Tobias Brunner
* Copyright (C) 2012 Giuliano Grassi * Copyright (C) 2012 Giuliano Grassi
* Copyright (C) 2012 Ralf Sager * Copyright (C) 2012 Ralf Sager
* Hochschule fuer Technik Rapperswil * Hochschule fuer Technik Rapperswil
@ -22,8 +22,6 @@
#include <library.h> #include <library.h>
#include <utils/debug.h> #include <utils/debug.h>
#include <crypto/crypters/crypter.h>
#include <crypto/signers/signer.h>
/** /**
* Should be a multiple of 8 * Should be a multiple of 8
@ -43,14 +41,9 @@ struct private_esp_context_t {
esp_context_t public; esp_context_t public;
/** /**
* Crypter used to encrypt/decrypt ESP packets * AEAD wrapper or method to encrypt/decrypt/authenticate ESP packets
*/ */
crypter_t *crypter; aead_t *aead;
/**
* Signer to authenticate ESP packets
*/
signer_t *signer;
/** /**
* The highest sequence number that was successfully verified * The highest sequence number that was successfully verified
@ -197,27 +190,83 @@ METHOD(esp_context_t, next_seqno, bool,
return TRUE; return TRUE;
} }
METHOD(esp_context_t, get_signer, signer_t *, METHOD(esp_context_t, get_aead, aead_t*,
private_esp_context_t *this) private_esp_context_t *this)
{ {
return this->signer; return this->aead;
}
METHOD(esp_context_t, get_crypter, crypter_t *,
private_esp_context_t *this)
{
return this->crypter;
} }
METHOD(esp_context_t, destroy, void, METHOD(esp_context_t, destroy, void,
private_esp_context_t *this) private_esp_context_t *this)
{ {
chunk_free(&this->window); chunk_free(&this->window);
DESTROY_IF(this->crypter); DESTROY_IF(this->aead);
DESTROY_IF(this->signer);
free(this); free(this);
} }
/**
* Create AEAD wrapper around traditional encryption/integrity algorithms
*/
static bool create_traditional(private_esp_context_t *this, int enc_alg,
chunk_t enc_key, int int_alg, chunk_t int_key)
{
crypter_t *crypter = NULL;
signer_t *signer = NULL;
switch (enc_alg)
{
case ENCR_AES_CBC:
crypter = lib->crypto->create_crypter(lib->crypto, enc_alg,
enc_key.len);
break;
default:
break;
}
if (!crypter)
{
DBG1(DBG_ESP, "failed to create ESP context: unsupported encryption "
"algorithm");
goto failed;
}
if (!crypter->set_key(crypter, enc_key))
{
DBG1(DBG_ESP, "failed to create ESP context: setting encryption key "
"failed");
goto failed;
}
switch (int_alg)
{
case AUTH_HMAC_SHA1_96:
case AUTH_HMAC_SHA2_256_128:
case AUTH_HMAC_SHA2_384_192:
case AUTH_HMAC_SHA2_512_256:
signer = lib->crypto->create_signer(lib->crypto, int_alg);
break;
default:
break;
}
if (!signer)
{
DBG1(DBG_ESP, "failed to create ESP context: unsupported integrity "
"algorithm");
goto failed;
}
if (!signer->set_key(signer, int_key))
{
DBG1(DBG_ESP, "failed to create ESP context: setting signature key "
"failed");
goto failed;
}
this->aead = aead_create(crypter, signer);
return TRUE;
failed:
DESTROY_IF(crypter);
DESTROY_IF(signer);
return FALSE;
}
/** /**
* Described in header. * Described in header.
*/ */
@ -228,8 +277,7 @@ esp_context_t *esp_context_create(int enc_alg, chunk_t enc_key,
INIT(this, INIT(this,
.public = { .public = {
.get_crypter = _get_crypter, .get_aead = _get_aead,
.get_signer = _get_signer,
.get_seqno = _get_seqno, .get_seqno = _get_seqno,
.next_seqno = _next_seqno, .next_seqno = _next_seqno,
.verify_seqno = _verify_seqno, .verify_seqno = _verify_seqno,
@ -240,52 +288,8 @@ esp_context_t *esp_context_create(int enc_alg, chunk_t enc_key,
.window_size = ESP_DEFAULT_WINDOW_SIZE, .window_size = ESP_DEFAULT_WINDOW_SIZE,
); );
switch(enc_alg) if (!create_traditional(this, enc_alg, enc_key, int_alg, int_key))
{ {
case ENCR_AES_CBC:
this->crypter = lib->crypto->create_crypter(lib->crypto, enc_alg,
enc_key.len);
break;
default:
break;
}
if (!this->crypter)
{
DBG1(DBG_ESP, "failed to create ESP context: unsupported encryption "
"algorithm");
destroy(this);
return NULL;
}
if (!this->crypter->set_key(this->crypter, enc_key))
{
DBG1(DBG_ESP, "failed to create ESP context: setting encryption key "
"failed");
destroy(this);
return NULL;
}
switch(int_alg)
{
case AUTH_HMAC_SHA1_96:
case AUTH_HMAC_SHA2_256_128:
case AUTH_HMAC_SHA2_384_192:
case AUTH_HMAC_SHA2_512_256:
this->signer = lib->crypto->create_signer(lib->crypto, int_alg);
break;
default:
break;
}
if (!this->signer)
{
DBG1(DBG_ESP, "failed to create ESP context: unsupported integrity "
"algorithm");
destroy(this);
return NULL;
}
if (!this->signer->set_key(this->signer, int_key))
{
DBG1(DBG_ESP, "failed to create ESP context: setting signature key "
"failed");
destroy(this); destroy(this);
return NULL; return NULL;
} }
@ -297,5 +301,3 @@ esp_context_t *esp_context_create(int enc_alg, chunk_t enc_key,
} }
return &this->public; return &this->public;
} }

18
src/libipsec/esp_context.h
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (C) 2012 Tobias Brunner * Copyright (C) 2012-2013 Tobias Brunner
* Copyright (C) 2012 Giuliano Grassi * Copyright (C) 2012 Giuliano Grassi
* Copyright (C) 2012 Ralf Sager * Copyright (C) 2012 Ralf Sager
* Hochschule fuer Technik Rapperswil * Hochschule fuer Technik Rapperswil
@ -24,8 +24,7 @@
#define ESP_CONTEXT_H_ #define ESP_CONTEXT_H_
#include <library.h> #include <library.h>
#include <crypto/crypters/crypter.h> #include <crypto/aead.h>
#include <crypto/signers/signer.h>
typedef struct esp_context_t esp_context_t; typedef struct esp_context_t esp_context_t;
@ -35,18 +34,11 @@ typedef struct esp_context_t esp_context_t;
struct esp_context_t { struct esp_context_t {
/** /**
* Get the crypter. * Get AEAD wrapper or method to encrypt/decrypt/authenticate ESP packets.
* *
* @return crypter * @return AEAD wrapper of method
*/ */
crypter_t *(*get_crypter)(esp_context_t *this); aead_t *(*get_aead)(esp_context_t *this);
/**
* Get the signer.
*
* @return signer
*/
signer_t *(*get_signer)(esp_context_t *this);
/** /**
* Get the current outbound ESP sequence number or the highest authenticated * Get the current outbound ESP sequence number or the highest authenticated

67
src/libipsec/esp_packet.c
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (C) 2012 Tobias Brunner * Copyright (C) 2012-2013 Tobias Brunner
* Copyright (C) 2012 Giuliano Grassi * Copyright (C) 2012 Giuliano Grassi
* Copyright (C) 2012 Ralf Sager * Copyright (C) 2012 Ralf Sager
* Hochschule fuer Technik Rapperswil * Hochschule fuer Technik Rapperswil
@ -212,28 +212,27 @@ METHOD(esp_packet_t, decrypt, status_t,
{ {
bio_reader_t *reader; bio_reader_t *reader;
u_int32_t spi, seq; u_int32_t spi, seq;
chunk_t data, iv, icv, ciphertext, plaintext; chunk_t data, iv, icv, aad, ciphertext, plaintext;
crypter_t *crypter; aead_t *aead;
signer_t *signer;
DESTROY_IF(this->payload); DESTROY_IF(this->payload);
this->payload = NULL; this->payload = NULL;
data = this->packet->get_data(this->packet); data = this->packet->get_data(this->packet);
crypter = esp_context->get_crypter(esp_context); aead = esp_context->get_aead(esp_context);
signer = esp_context->get_signer(esp_context);
reader = bio_reader_create(data); reader = bio_reader_create(data);
if (!reader->read_uint32(reader, &spi) || if (!reader->read_uint32(reader, &spi) ||
!reader->read_uint32(reader, &seq) || !reader->read_uint32(reader, &seq) ||
!reader->read_data(reader, crypter->get_iv_size(crypter), &iv) || !reader->read_data(reader, aead->get_iv_size(aead), &iv) ||
!reader->read_data_end(reader, signer->get_block_size(signer), &icv) || !reader->read_data_end(reader, aead->get_icv_size(aead), &icv) ||
reader->remaining(reader) % crypter->get_block_size(crypter)) reader->remaining(reader) % aead->get_block_size(aead))
{ {
DBG1(DBG_ESP, "ESP decryption failed: invalid length"); DBG1(DBG_ESP, "ESP decryption failed: invalid length");
return PARSE_ERROR; return PARSE_ERROR;
} }
ciphertext = reader->peek(reader); ciphertext = reader->peek(reader);
ciphertext.len += icv.len;
reader->destroy(reader); reader->destroy(reader);
if (!esp_context->verify_seqno(esp_context, seq)) if (!esp_context->verify_seqno(esp_context, seq))
@ -246,21 +245,16 @@ METHOD(esp_packet_t, decrypt, status_t,
DBG3(DBG_ESP, "ESP decryption:\n SPI %.8x [seq %u]\n IV %B\n " DBG3(DBG_ESP, "ESP decryption:\n SPI %.8x [seq %u]\n IV %B\n "
"encrypted %B\n ICV %B", spi, seq, &iv, &ciphertext, &icv); "encrypted %B\n ICV %B", spi, seq, &iv, &ciphertext, &icv);
if (!signer->get_signature(signer, chunk_create(data.ptr, 8), NULL) || /* aad = spi + seq */
!signer->get_signature(signer, iv, NULL) || aad = chunk_create(data.ptr, 8);
!signer->verify_signature(signer, ciphertext, icv))
if (!aead->decrypt(aead, ciphertext, aad, iv, &plaintext))
{ {
DBG1(DBG_ESP, "ICV verification failed!"); DBG1(DBG_ESP, "ESP decryption or ICV verification failed");
return FAILED; return FAILED;
} }
esp_context->set_authenticated_seqno(esp_context, seq); esp_context->set_authenticated_seqno(esp_context, seq);
if (!crypter->decrypt(crypter, ciphertext, iv, &plaintext))
{
DBG1(DBG_ESP, "ESP decryption failed");
return FAILED;
}
if (!remove_padding(this, plaintext)) if (!remove_padding(this, plaintext))
{ {
return PARSE_ERROR; return PARSE_ERROR;
@ -284,12 +278,11 @@ static void generate_padding(chunk_t padding)
METHOD(esp_packet_t, encrypt, status_t, METHOD(esp_packet_t, encrypt, status_t,
private_esp_packet_t *this, esp_context_t *esp_context, u_int32_t spi) private_esp_packet_t *this, esp_context_t *esp_context, u_int32_t spi)
{ {
chunk_t iv, icv, padding, payload, ciphertext, auth_data; chunk_t iv, icv, aad, padding, payload, ciphertext;
bio_writer_t *writer; bio_writer_t *writer;
u_int32_t next_seqno; u_int32_t next_seqno;
size_t blocksize, plainlen; size_t blocksize, plainlen;
crypter_t *crypter; aead_t *aead;
signer_t *signer;
rng_t *rng; rng_t *rng;
this->packet->set_data(this->packet, chunk_empty); this->packet->set_data(this->packet, chunk_empty);
@ -306,12 +299,11 @@ METHOD(esp_packet_t, encrypt, status_t,
DBG1(DBG_ESP, "ESP encryption failed: could not find RNG"); DBG1(DBG_ESP, "ESP encryption failed: could not find RNG");
return NOT_FOUND; return NOT_FOUND;
} }
crypter = esp_context->get_crypter(esp_context); aead = esp_context->get_aead(esp_context);
signer = esp_context->get_signer(esp_context);
blocksize = crypter->get_block_size(crypter); blocksize = aead->get_block_size(aead);
iv.len = crypter->get_iv_size(crypter); iv.len = aead->get_iv_size(aead);
icv.len = signer->get_block_size(signer); icv.len = aead->get_icv_size(aead);
/* plaintext = payload, padding, pad_length, next_header */ /* plaintext = payload, padding, pad_length, next_header */
payload = this->payload ? this->payload->get_encoding(this->payload) payload = this->payload ? this->payload->get_encoding(this->payload)
@ -349,24 +341,19 @@ METHOD(esp_packet_t, encrypt, status_t,
writer->write_uint8(writer, padding.len); writer->write_uint8(writer, padding.len);
writer->write_uint8(writer, this->next_header); writer->write_uint8(writer, this->next_header);
/* aad = spi + seq */
aad = writer->get_buf(writer);
aad.len = 8;
icv = writer->skip(writer, icv.len);
DBG3(DBG_ESP, "ESP before encryption:\n payload = %B\n padding = %B\n " DBG3(DBG_ESP, "ESP before encryption:\n payload = %B\n padding = %B\n "
"padding length = %hhu, next header = %hhu", &payload, &padding, "padding length = %hhu, next header = %hhu", &payload, &padding,
(u_int8_t)padding.len, this->next_header); (u_int8_t)padding.len, this->next_header);
/* encrypt the content inline */ /* encrypt/authenticate the content inline */
if (!crypter->encrypt(crypter, ciphertext, iv, NULL)) if (!aead->encrypt(aead, ciphertext, aad, iv, NULL))
{ {
DBG1(DBG_ESP, "ESP encryption failed"); DBG1(DBG_ESP, "ESP encryption or ICV generation failed");
writer->destroy(writer);
return FAILED;
}
/* calculate signature */
auth_data = writer->get_buf(writer);
icv = writer->skip(writer, icv.len);
if (!signer->get_signature(signer, auth_data, icv.ptr))
{
DBG1(DBG_ESP, "ESP encryption failed: signature generation failed");
writer->destroy(writer); writer->destroy(writer);
return FAILED; return FAILED;
} }