[svn-upgrade] new version strongswan (4.5.0)

1 files changed, 182 insertions, 166 deletions

diff --git a/src/libcharon/sa/keymat.c b/src/libcharon/sa/keymat.c
index 837cbe428..878ad124f 100644
--- a/src/libcharon/sa/keymat.c
+++ b/src/libcharon/sa/keymat.c
@@ -36,24 +36,14 @@ struct private_keymat_t {
 	bool initiator;
 
 	/**
-	 * inbound signer (verify)
+	 * inbound AEAD
 	 */
-	signer_t *signer_in;
+	aead_t *aead_in;
 
 	/**
-	 * outbound signer (sign)
+	 * outbound AEAD
 	 */
-	signer_t *signer_out;
-
-	/**
-	 * inbound crypter (decrypt)
-	 */
-	crypter_t *crypter_in;
-
-	/**
-	 * outbound crypter (encrypt)
-	 */
-	crypter_t *crypter_out;
+	aead_t *aead_out;
 
 	/**
 	 * General purpose PRF
@@ -134,30 +124,135 @@ static int lookup_keylen(keylen_entry_t *list, int algo)
 	return 0;
 }
 
+METHOD(keymat_t, create_dh, diffie_hellman_t*,
+	private_keymat_t *this, diffie_hellman_group_t group)
+{
+	return lib->crypto->create_dh(lib->crypto, group);;
+}
+
 /**
- * Implementation of keymat_t.create_dh
+ * Derive IKE keys for a combined AEAD algorithm
  */
-static diffie_hellman_t* create_dh(private_keymat_t *this,
-								   diffie_hellman_group_t group)
+static bool derive_ike_aead(private_keymat_t *this, u_int16_t alg,
+							u_int16_t key_size, prf_plus_t *prf_plus)
 {
-	return lib->crypto->create_dh(lib->crypto, group);;
+	aead_t *aead_i, *aead_r;
+	chunk_t key;
+
+	/* SK_ei/SK_er used for encryption */
+	aead_i = lib->crypto->create_aead(lib->crypto, alg, key_size / 8);
+	aead_r = lib->crypto->create_aead(lib->crypto, alg, key_size / 8);
+	if (aead_i == NULL || aead_r == NULL)
+	{
+		DBG1(DBG_IKE, "%N %N (key size %d) not supported!",
+			 transform_type_names, ENCRYPTION_ALGORITHM,
+			 encryption_algorithm_names, alg, key_size);
+		return FALSE;
+	}
+	key_size = aead_i->get_key_size(aead_i);
+
+	prf_plus->allocate_bytes(prf_plus, key_size, &key);
+	DBG4(DBG_IKE, "Sk_ei secret %B", &key);
+	aead_i->set_key(aead_i, key);
+	chunk_clear(&key);
+
+	prf_plus->allocate_bytes(prf_plus, key_size, &key);
+	DBG4(DBG_IKE, "Sk_er secret %B", &key);
+	aead_r->set_key(aead_r, key);
+	chunk_clear(&key);
+
+	if (this->initiator)
+	{
+		this->aead_in = aead_r;
+		this->aead_out = aead_i;
+	}
+	else
+	{
+		this->aead_in = aead_i;
+		this->aead_out = aead_r;
+	}
+	return TRUE;
 }
 
 /**
- * Implementation of keymat_t.derive_keys
+ * Derive IKE keys for traditional encryption and MAC algorithms
  */
-static bool derive_ike_keys(private_keymat_t *this, proposal_t *proposal,
-							diffie_hellman_t *dh, chunk_t nonce_i,
-							chunk_t nonce_r, ike_sa_id_t *id,
-							pseudo_random_function_t rekey_function,
-							chunk_t rekey_skd)
+static bool derive_ike_traditional(private_keymat_t *this, u_int16_t enc_alg,
+					u_int16_t enc_size, u_int16_t int_alg, prf_plus_t *prf_plus)
 {
-	chunk_t skeyseed, key, secret, full_nonce, fixed_nonce, prf_plus_seed;
-	chunk_t spi_i, spi_r;
 	crypter_t *crypter_i, *crypter_r;
 	signer_t *signer_i, *signer_r;
+	size_t key_size;
+	chunk_t key;
+
+	/* SK_ai/SK_ar used for integrity protection */
+	signer_i = lib->crypto->create_signer(lib->crypto, int_alg);
+	signer_r = lib->crypto->create_signer(lib->crypto, int_alg);
+	if (signer_i == NULL || signer_r == NULL)
+	{
+		DBG1(DBG_IKE, "%N %N not supported!",
+			 transform_type_names, INTEGRITY_ALGORITHM,
+			 integrity_algorithm_names, int_alg);
+		return FALSE;
+	}
+	key_size = signer_i->get_key_size(signer_i);
+
+	prf_plus->allocate_bytes(prf_plus, key_size, &key);
+	DBG4(DBG_IKE, "Sk_ai secret %B", &key);
+	signer_i->set_key(signer_i, key);
+	chunk_clear(&key);
+
+	prf_plus->allocate_bytes(prf_plus, key_size, &key);
+	DBG4(DBG_IKE, "Sk_ar secret %B", &key);
+	signer_r->set_key(signer_r, key);
+	chunk_clear(&key);
+
+	/* SK_ei/SK_er used for encryption */
+	crypter_i = lib->crypto->create_crypter(lib->crypto, enc_alg, enc_size / 8);
+	crypter_r = lib->crypto->create_crypter(lib->crypto, enc_alg, enc_size / 8);
+	if (crypter_i == NULL || crypter_r == NULL)
+	{
+		DBG1(DBG_IKE, "%N %N (key size %d) not supported!",
+			 transform_type_names, ENCRYPTION_ALGORITHM,
+			 encryption_algorithm_names, enc_alg, key_size);
+		signer_i->destroy(signer_i);
+		signer_r->destroy(signer_r);
+		return FALSE;
+	}
+	key_size = crypter_i->get_key_size(crypter_i);
+
+	prf_plus->allocate_bytes(prf_plus, key_size, &key);
+	DBG4(DBG_IKE, "Sk_ei secret %B", &key);
+	crypter_i->set_key(crypter_i, key);
+	chunk_clear(&key);
+
+	prf_plus->allocate_bytes(prf_plus, key_size, &key);
+	DBG4(DBG_IKE, "Sk_er secret %B", &key);
+	crypter_r->set_key(crypter_r, key);
+	chunk_clear(&key);
+
+	if (this->initiator)
+	{
+		this->aead_in = aead_create(crypter_r, signer_r);
+		this->aead_out = aead_create(crypter_i, signer_i);
+	}
+	else
+	{
+		this->aead_in = aead_create(crypter_i, signer_i);
+		this->aead_out = aead_create(crypter_r, signer_r);
+	}
+	return TRUE;
+}
+
+METHOD(keymat_t, derive_ike_keys, bool,
+	private_keymat_t *this, proposal_t *proposal, diffie_hellman_t *dh,
+	chunk_t nonce_i, chunk_t nonce_r, ike_sa_id_t *id,
+	pseudo_random_function_t rekey_function, chunk_t rekey_skd)
+{
+	chunk_t skeyseed, key, secret, full_nonce, fixed_nonce, prf_plus_seed;
+	chunk_t spi_i, spi_r;
 	prf_plus_t *prf_plus;
-	u_int16_t alg, key_size;
+	u_int16_t alg, key_size, int_alg;
 	prf_t *rekey_prf = NULL;
 
 	spi_i = chunk_alloca(sizeof(u_int64_t));
@@ -195,6 +290,9 @@ static bool derive_ike_keys(private_keymat_t *this, proposal_t *proposal,
 			/* while rfc4434 defines variable keys for AES-XCBC, rfc3664 does
 			 * not and therefore fixed key semantics apply to XCBC for key
 			 * derivation. */
+		case PRF_CAMELLIA128_XCBC:
+			/* draft-kanno-ipsecme-camellia-xcbc refers to rfc 4434, we
+			 * assume fixed key length. */
 			key_size = this->prf->get_key_size(this->prf)/2;
 			nonce_i.len = min(nonce_i.len, key_size);
 			nonce_r.len = min(nonce_r.len, key_size);
@@ -255,50 +353,6 @@ static bool derive_ike_keys(private_keymat_t *this, proposal_t *proposal,
 	prf_plus->allocate_bytes(prf_plus, key_size, &this->skd);
 	DBG4(DBG_IKE, "Sk_d secret %B", &this->skd);
 
-	/* SK_ai/SK_ar used for integrity protection => signer_in/signer_out */
-	if (!proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM, &alg, NULL))
-	{
-		DBG1(DBG_IKE, "no %N selected",
-			 transform_type_names, INTEGRITY_ALGORITHM);
-		prf_plus->destroy(prf_plus);
-		DESTROY_IF(rekey_prf);
-		return FALSE;
-	}
-	signer_i = lib->crypto->create_signer(lib->crypto, alg);
-	signer_r = lib->crypto->create_signer(lib->crypto, alg);
-	if (signer_i == NULL || signer_r == NULL)
-	{
-		DBG1(DBG_IKE, "%N %N not supported!",
-			 transform_type_names, INTEGRITY_ALGORITHM,
-			 integrity_algorithm_names ,alg);
-		prf_plus->destroy(prf_plus);
-		DESTROY_IF(rekey_prf);
-		return FALSE;
-	}
-	key_size = signer_i->get_key_size(signer_i);
-
-	prf_plus->allocate_bytes(prf_plus, key_size, &key);
-	DBG4(DBG_IKE, "Sk_ai secret %B", &key);
-	signer_i->set_key(signer_i, key);
-	chunk_clear(&key);
-
-	prf_plus->allocate_bytes(prf_plus, key_size, &key);
-	DBG4(DBG_IKE, "Sk_ar secret %B", &key);
-	signer_r->set_key(signer_r, key);
-	chunk_clear(&key);
-
-	if (this->initiator)
-	{
-		this->signer_in = signer_r;
-		this->signer_out = signer_i;
-	}
-	else
-	{
-		this->signer_in = signer_i;
-		this->signer_out = signer_r;
-	}
-
-	/* SK_ei/SK_er used for encryption => crypter_in/crypter_out */
 	if (!proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &alg, &key_size))
 	{
 		DBG1(DBG_IKE, "no %N selected",
@@ -307,38 +361,33 @@ static bool derive_ike_keys(private_keymat_t *this, proposal_t *proposal,
 		DESTROY_IF(rekey_prf);
 		return FALSE;
 	}
-	crypter_i = lib->crypto->create_crypter(lib->crypto, alg, key_size / 8);
-	crypter_r = lib->crypto->create_crypter(lib->crypto, alg, key_size / 8);
-	if (crypter_i == NULL || crypter_r == NULL)
-	{
-		DBG1(DBG_IKE, "%N %N (key size %d) not supported!",
-			 transform_type_names, ENCRYPTION_ALGORITHM,
-			 encryption_algorithm_names, alg, key_size);
-		prf_plus->destroy(prf_plus);
-		DESTROY_IF(rekey_prf);
-		return FALSE;
-	}
-	key_size = crypter_i->get_key_size(crypter_i);
 
-	prf_plus->allocate_bytes(prf_plus, key_size, &key);
-	DBG4(DBG_IKE, "Sk_ei secret %B", &key);
-	crypter_i->set_key(crypter_i, key);
-	chunk_clear(&key);
-
-	prf_plus->allocate_bytes(prf_plus, key_size, &key);
-	DBG4(DBG_IKE, "Sk_er secret %B", &key);
-	crypter_r->set_key(crypter_r, key);
-	chunk_clear(&key);
-
-	if (this->initiator)
+	if (encryption_algorithm_is_aead(alg))
 	{
-		this->crypter_in = crypter_r;
-		this->crypter_out = crypter_i;
+		if (!derive_ike_aead(this, alg, key_size, prf_plus))
+		{
+			prf_plus->destroy(prf_plus);
+			DESTROY_IF(rekey_prf);
+			return FALSE;
+		}
 	}
 	else
 	{
-		this->crypter_in = crypter_i;
-		this->crypter_out = crypter_r;
+		if (!proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM,
+									 &int_alg, NULL))
+		{
+			DBG1(DBG_IKE, "no %N selected",
+				 transform_type_names, INTEGRITY_ALGORITHM);
+			prf_plus->destroy(prf_plus);
+			DESTROY_IF(rekey_prf);
+			return FALSE;
+		}
+		if (!derive_ike_traditional(this, alg, key_size, int_alg, prf_plus))
+		{
+			prf_plus->destroy(prf_plus);
+			DESTROY_IF(rekey_prf);
+			return FALSE;
+		}
 	}
 
 	/* SK_pi/SK_pr used for authentication => stored for later */
@@ -371,14 +420,10 @@ static bool derive_ike_keys(private_keymat_t *this, proposal_t *proposal,
 	return TRUE;
 }
 
-/**
- * Implementation of keymat_t.derive_child_keys
- */
-static bool derive_child_keys(private_keymat_t *this,
-							  proposal_t *proposal, diffie_hellman_t *dh,
-							  chunk_t nonce_i, chunk_t nonce_r,
-							  chunk_t *encr_i, chunk_t *integ_i,
-							  chunk_t *encr_r, chunk_t *integ_r)
+METHOD(keymat_t, derive_child_keys, bool,
+	private_keymat_t *this, proposal_t *proposal, diffie_hellman_t *dh,
+	chunk_t nonce_i, chunk_t nonce_r, chunk_t *encr_i, chunk_t *integ_i,
+	chunk_t *encr_r, chunk_t *integ_r)
 {
 	u_int16_t enc_alg, int_alg, enc_size = 0, int_size = 0;
 	chunk_t seed, secret = chunk_empty;
@@ -480,37 +525,22 @@ static bool derive_child_keys(private_keymat_t *this,
 	return TRUE;
 }
 
-/**
- * Implementation of keymat_t.get_skd
- */
-static pseudo_random_function_t get_skd(private_keymat_t *this, chunk_t *skd)
+METHOD(keymat_t, get_skd, pseudo_random_function_t,
+	private_keymat_t *this, chunk_t *skd)
 {
 	*skd = this->skd;
 	return this->prf_alg;
 }
 
-/**
- * Implementation of keymat_t.get_signer
- */
-static signer_t* get_signer(private_keymat_t *this, bool in)
-{
-	return in ? this->signer_in : this->signer_out;
-}
-
-/**
- * Implementation of keymat_t.get_crypter
- */
-static crypter_t* get_crypter(private_keymat_t *this, bool in)
+METHOD(keymat_t, get_aead, aead_t*,
+	private_keymat_t *this, bool in)
 {
-	return in ? this->crypter_in : this->crypter_out;
+	return in ? this->aead_in : this->aead_out;
 }
 
-/**
- * Implementation of keymat_t.get_auth_octets
- */
-static chunk_t get_auth_octets(private_keymat_t *this, bool verify,
-							   chunk_t ike_sa_init, chunk_t nonce,
-							   identification_t *id)
+METHOD(keymat_t, get_auth_octets, chunk_t,
+	private_keymat_t *this, bool verify, chunk_t ike_sa_init,
+	chunk_t nonce, identification_t *id)
 {
 	chunk_t chunk, idx, octets;
 	chunk_t skp;
@@ -538,12 +568,9 @@ static chunk_t get_auth_octets(private_keymat_t *this, bool verify,
 #define IKEV2_KEY_PAD "Key Pad for IKEv2"
 #define IKEV2_KEY_PAD_LENGTH 17
 
-/**
- * Implementation of keymat_t.get_psk_sig
- */
-static chunk_t get_psk_sig(private_keymat_t *this, bool verify,
-						   chunk_t ike_sa_init, chunk_t nonce, chunk_t secret,
-						   identification_t *id)
+METHOD(keymat_t, get_psk_sig, chunk_t,
+	private_keymat_t *this, bool verify, chunk_t ike_sa_init,
+	chunk_t nonce, chunk_t secret, identification_t *id)
 {
 	chunk_t key_pad, key, sig, octets;
 
@@ -567,15 +594,11 @@ static chunk_t get_psk_sig(private_keymat_t *this, bool verify,
 	return sig;
 }
 
-/**
- * Implementation of keymat_t.destroy.
- */
-static void destroy(private_keymat_t *this)
+METHOD(keymat_t, destroy, void,
+	private_keymat_t *this)
 {
-	DESTROY_IF(this->signer_in);
-	DESTROY_IF(this->signer_out);
-	DESTROY_IF(this->crypter_in);
-	DESTROY_IF(this->crypter_out);
+	DESTROY_IF(this->aead_in);
+	DESTROY_IF(this->aead_out);
 	DESTROY_IF(this->prf);
 	chunk_clear(&this->skd);
 	chunk_clear(&this->skp_verify);
@@ -588,29 +611,22 @@ static void destroy(private_keymat_t *this)
  */
 keymat_t *keymat_create(bool initiator)
 {
-	private_keymat_t *this = malloc_thing(private_keymat_t);
-
-	this->public.create_dh = (diffie_hellman_t*(*)(keymat_t*, diffie_hellman_group_t group))create_dh;
-	this->public.derive_ike_keys = (bool(*)(keymat_t*, proposal_t *proposal, diffie_hellman_t *dh, chunk_t nonce_i, chunk_t nonce_r, ike_sa_id_t *id, pseudo_random_function_t,chunk_t))derive_ike_keys;
-	this->public.derive_child_keys = (bool(*)(keymat_t*, proposal_t *proposal, diffie_hellman_t *dh, chunk_t nonce_i, chunk_t nonce_r, chunk_t *encr_i, chunk_t *integ_i, chunk_t *encr_r, chunk_t *integ_r))derive_child_keys;
-	this->public.get_skd = (pseudo_random_function_t(*)(keymat_t*, chunk_t *skd))get_skd;
-	this->public.get_signer = (signer_t*(*)(keymat_t*, bool in))get_signer;
-	this->public.get_crypter = (crypter_t*(*)(keymat_t*, bool in))get_crypter;
-	this->public.get_auth_octets = (chunk_t(*)(keymat_t *, bool verify, chunk_t ike_sa_init, chunk_t nonce, identification_t *id))get_auth_octets;
-	this->public.get_psk_sig = (chunk_t(*)(keymat_t*, bool verify, chunk_t ike_sa_init, chunk_t nonce, chunk_t secret, identification_t *id))get_psk_sig;
-	this->public.destroy = (void(*)(keymat_t*))destroy;
-
-	this->initiator = initiator;
-
-	this->signer_in = NULL;
-	this->signer_out = NULL;
-	this->crypter_in = NULL;
-	this->crypter_out = NULL;
-	this->prf = NULL;
-	this->prf_alg = PRF_UNDEFINED;
-	this->skd = chunk_empty;
-	this->skp_verify = chunk_empty;
-	this->skp_build = chunk_empty;
+	private_keymat_t *this;
+
+	INIT(this,
+		.public = {
+			.create_dh = _create_dh,
+			.derive_ike_keys = _derive_ike_keys,
+			.derive_child_keys = _derive_child_keys,
+			.get_skd = _get_skd,
+			.get_aead = _get_aead,
+			.get_auth_octets = _get_auth_octets,
+			.get_psk_sig = _get_psk_sig,
+			.destroy = _destroy,
+		},
+		.initiator = initiator,
+		.prf_alg = PRF_UNDEFINED,
+	);
 
 	return &this->public;
 }