4 * uAnytun is a tiny implementation of SATP. Unlike Anytun which is a full
5 * featured implementation uAnytun has no support for multiple connections
6 * or synchronisation. It is a small single threaded implementation intended
7 * to act as a client on small platforms.
8 * The secure anycast tunneling protocol (satp) defines a protocol used
9 * for communication between any combination of unicast and anycast
10 * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel
11 * mode and allows tunneling of every ETHER TYPE protocol (e.g.
12 * ethernet, ip, arp ...). satp directly includes cryptography and
13 * message authentication based on the methods used by SRTP. It is
14 * intended to deliver a generic, scaleable and secure solution for
15 * tunneling and relaying of packets of any protocol.
18 * Copyright (C) 2007-2014 Christian Pointner <equinox@anytun.org>
20 * This file is part of uAnytun.
22 * uAnytun is free software: you can redistribute it and/or modify
23 * it under the terms of the GNU General Public License as published by
24 * the Free Software Foundation, either version 3 of the License, or
27 * uAnytun is distributed in the hope that it will be useful,
28 * but WITHOUT ANY WARRANTY; without even the implied warranty of
29 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
30 * GNU General Public License for more details.
32 * You should have received a copy of the GNU General Public License
33 * along with uAnytun. If not, see <http://www.gnu.org/licenses/>.
35 * In addition, as a special exception, the copyright holders give
36 * permission to link the code of portions of this program with the
37 * OpenSSL library under certain conditions as described in each
38 * individual source file, and distribute linked combinations
40 * You must obey the GNU General Public License in all respects
41 * for all of the code used other than OpenSSL. If you modify
42 * file(s) with this exception, you may extend this exception to your
43 * version of the file(s), but you are not obligated to do so. If you
44 * do not wish to do so, delete this exception statement from your
45 * version. If you delete this exception statement from all source
46 * files in the program, then also delete it here.
49 #ifndef UANYTUN_key_derivation_h_INCLUDED
50 #define UANYTUN_key_derivation_h_INCLUDED
52 #if defined(USE_SSL_CRYPTO)
53 #include <openssl/aes.h>
54 #elif defined(USE_NETTLE)
55 #include <nettle/aes.h>
56 #else // USE_GCRYPT is the default
67 #define LABEL_LEFT_ENC 0x356A192B
68 #define LABEL_RIGHT_ENC 0xDA4B9237
69 #define LABEL_LEFT_SALT 0x77DE68DA
70 #define LABEL_RIGHT_SALT 0x1B645389
71 #define LABEL_LEFT_AUTH 0xAC3478D6
72 #define LABEL_RIGHT_AUTH 0xC1DFD96E
74 enum key_derivation_type_enum { kd_unknown, kd_null, kd_aes_ctr };
75 typedef enum key_derivation_type_enum key_derivation_type_t;
76 enum key_derivation_dir_enum { kd_inbound, kd_outbound };
77 typedef enum key_derivation_dir_enum key_derivation_dir_t;
79 struct key_derivation_struct {
80 key_derivation_type_t type_;
81 u_int16_t key_length_;
84 buffer_t master_salt_;
87 typedef struct key_derivation_struct key_derivation_t;
89 int key_derivation_init(key_derivation_t* kd, const char* type, role_t role, const char* passphrase, u_int8_t* key, u_int32_t key_len, u_int8_t* salt, u_int32_t salt_len);
91 int key_derivation_generate_master_key(key_derivation_t* kd, const char* passphrase, u_int16_t key_length);
92 int key_derivation_generate_master_salt(key_derivation_t* kd, const char* passphrase, u_int16_t salt_length);
94 void key_derivation_close(key_derivation_t* kd);
95 int key_derivation_generate(key_derivation_t* kd, key_derivation_dir_t dir, satp_prf_label_t label, seq_nr_t seq_nr, u_int8_t* key, u_int32_t len);
96 satp_prf_label_t convert_label(role_t role, key_derivation_dir_t dir, satp_prf_label_t label);
98 int key_derivation_null_generate(u_int8_t* key, u_int32_t len);
101 #define KD_AESCTR_DEFAULT_KEY_LENGTH 128
102 #define KD_AESCTR_CTR_LENGTH 16
103 #define KD_AESCTR_SALT_LENGTH 14
105 union __attribute__((__packed__)) key_derivation_aesctr_ctr_union {
106 u_int8_t buf_[KD_AESCTR_CTR_LENGTH];
107 struct __attribute__ ((__packed__)) {
108 u_int8_t buf_[KD_AESCTR_SALT_LENGTH];
111 struct __attribute__((__packed__)) {
112 u_int8_t fill_[KD_AESCTR_SALT_LENGTH - sizeof(satp_prf_label_t) - sizeof(seq_nr_t)];
113 satp_prf_label_t label_;
118 typedef union key_derivation_aesctr_ctr_union key_derivation_aesctr_ctr_t;
120 struct key_derivation_aesctr_param_struct {
121 #if defined(USE_SSL_CRYPTO)
123 u_int8_t ecount_buf_[AES_BLOCK_SIZE];
124 #elif defined(USE_NETTLE)
126 #else // USE_GCRYPT is the default
127 gcry_cipher_hd_t handle_;
129 key_derivation_aesctr_ctr_t ctr_;
131 typedef struct key_derivation_aesctr_param_struct key_derivation_aesctr_param_t;
133 int key_derivation_aesctr_init(key_derivation_t* kd, const char* passphrase);
134 void key_derivation_aesctr_close(key_derivation_t* kd);
135 int key_derivation_aesctr_calc_ctr(key_derivation_t* kd, key_derivation_dir_t dir, satp_prf_label_t label, seq_nr_t seq_nr);
136 int key_derivation_aesctr_generate(key_derivation_t* kd, key_derivation_dir_t dir, satp_prf_label_t label, seq_nr_t seq_nr, u_int8_t* key, u_int32_t len);