4 * The secure anycast tunneling protocol (satp) defines a protocol used
5 * for communication between any combination of unicast and anycast
6 * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel
7 * mode and allows tunneling of every ETHER TYPE protocol (e.g.
8 * ethernet, ip, arp ...). satp directly includes cryptography and
9 * message authentication based on the methods used by SRTP. It is
10 * intended to deliver a generic, scaleable and secure solution for
11 * tunneling and relaying of packets of any protocol.
14 * Copyright (C) 2007-2014 Markus Grüneis, Othmar Gsenger, Erwin Nindl,
15 * Christian Pointner <satp@wirdorange.org>
17 * This file is part of Anytun.
19 * Anytun is free software: you can redistribute it and/or modify
20 * it under the terms of the GNU General Public License as published by
21 * the Free Software Foundation, either version 3 of the License, or
24 * Anytun is distributed in the hope that it will be useful,
25 * but WITHOUT ANY WARRANTY; without even the implied warranty of
26 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
27 * GNU General Public License for more details.
29 * You should have received a copy of the GNU General Public License
30 * along with Anytun. If not, see <http://www.gnu.org/licenses/>.
32 * In addition, as a special exception, the copyright holders give
33 * permission to link the code of portions of this program with the
34 * OpenSSL library under certain conditions as described in each
35 * individual source file, and distribute linked combinations
37 * You must obey the GNU General Public License in all respects
38 * for all of the code used other than OpenSSL. If you modify
39 * file(s) with this exception, you may extend this exception to your
40 * version of the file(s), but you are not obligated to do so. If you
41 * do not wish to do so, delete this exception statement from your
42 * version. If you delete this exception statement from all source
43 * files in the program, then also delete it here.
55 #if defined(USE_NETTLE)
56 #include <nettle/ctr.h>
60 #include "anytunError.h"
62 void Cipher::encrypt(KeyDerivation& kd, PlainPacket& in, EncryptedPacket& out, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux)
64 uint32_t len = cipher(kd, in, in.getLength(), out.getPayload(), out.getPayloadLength(), seq_nr, sender_id, mux);
65 out.setSenderId(sender_id);
68 out.setPayloadLength(len);
71 void Cipher::decrypt(KeyDerivation& kd, EncryptedPacket& in, PlainPacket& out)
73 uint32_t len = decipher(kd, in.getPayload() , in.getPayloadLength(), out, out.getLength(), in.getSeqNr(), in.getSenderId(), in.getMux());
78 //******* NullCipher *******
80 uint32_t NullCipher::cipher(KeyDerivation& kd, uint8_t* in, uint32_t ilen, uint8_t* out, uint32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux)
82 std::memcpy(out, in, (ilen < olen) ? ilen : olen);
83 return (ilen < olen) ? ilen : olen;
86 uint32_t NullCipher::decipher(KeyDerivation& kd, uint8_t* in, uint32_t ilen, uint8_t* out, uint32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux)
88 std::memcpy(out, in, (ilen < olen) ? ilen : olen);
89 return (ilen < olen) ? ilen : olen;
93 //****** AesIcmCipher ******
95 AesIcmCipher::AesIcmCipher(kd_dir_t d) : Cipher(d), key_(uint32_t(DEFAULT_KEY_LENGTH/8)), salt_(uint32_t(SALT_LENGTH))
100 AesIcmCipher::AesIcmCipher(kd_dir_t d, uint16_t key_length) : Cipher(d), key_(uint32_t(key_length/8)), salt_(uint32_t(SALT_LENGTH))
105 void AesIcmCipher::init(uint16_t key_length)
107 #if defined(USE_SSL_CRYPTO)
109 #elif defined(USE_NETTLE)
111 #else // USE_GCRYPT is the default
116 algo = GCRY_CIPHER_AES128;
119 algo = GCRY_CIPHER_AES192;
122 algo = GCRY_CIPHER_AES256;
125 cLog.msg(Log::PRIO_ERROR) << "AesIcmCipher::AesIcmCipher: cipher key length of " << key_length << " Bits is not supported";
130 gcry_error_t err = gcry_cipher_open(&handle_, algo, GCRY_CIPHER_MODE_CTR, 0);
132 cLog.msg(Log::PRIO_ERROR) << "AesIcmCipher::AesIcmCipher: Failed to open cipher" << AnytunGpgError(err);
138 AesIcmCipher::~AesIcmCipher()
140 #if defined(USE_SSL_CRYPTO)
142 #elif defined(USE_NETTLE)
144 #else // USE_GCRYPT is the default
146 gcry_cipher_close(handle_);
151 uint32_t AesIcmCipher::cipher(KeyDerivation& kd, uint8_t* in, uint32_t ilen, uint8_t* out, uint32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux)
153 calc(kd, in, ilen, out, olen, seq_nr, sender_id, mux);
154 return (ilen < olen) ? ilen : olen;
157 uint32_t AesIcmCipher::decipher(KeyDerivation& kd, uint8_t* in, uint32_t ilen, uint8_t* out, uint32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux)
159 calc(kd, in, ilen, out, olen, seq_nr, sender_id, mux);
160 return (ilen < olen) ? ilen : olen;
163 void AesIcmCipher::calcCtr(KeyDerivation& kd, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux)
165 kd.generate(dir_, LABEL_SALT, seq_nr, salt_);
167 std::memcpy(ctr_.salt_.buf_, salt_.getBuf(), SALT_LENGTH);
168 ctr_.salt_.zero_ = 0;
169 ctr_.params_.mux_ ^= MUX_T_HTON(mux);
170 ctr_.params_.sender_id_ ^= SENDER_ID_T_HTON(sender_id);
171 ctr_.params_.seq_nr_ ^= SEQ_NR_T_HTON(seq_nr);
176 void AesIcmCipher::calc(KeyDerivation& kd, uint8_t* in, uint32_t ilen, uint8_t* out, uint32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux)
178 #if defined(USE_GCRYPT)
184 kd.generate(dir_, LABEL_ENC, seq_nr, key_);
185 #if defined(USE_SSL_CRYPTO)
186 int ret = AES_set_encrypt_key(key_.getBuf(), key_.getLength()*8, &aes_key_);
188 cLog.msg(Log::PRIO_ERROR) << "AesIcmCipher: Failed to set cipher ssl key (code: " << ret << ")";
191 #elif defined(USE_NETTLE)
192 aes_set_encrypt_key(&ctx_, key_.getLength(), key_.getBuf());
193 #else // USE_GCRYPT is the default
194 gcry_error_t err = gcry_cipher_setkey(handle_, key_.getBuf(), key_.getLength());
196 cLog.msg(Log::PRIO_ERROR) << "AesIcmCipher: Failed to set cipher key: " << AnytunGpgError(err);
201 calcCtr(kd, seq_nr, sender_id, mux);
203 #if defined(USE_SSL_CRYPTO)
204 if(CTR_LENGTH != AES_BLOCK_SIZE) {
205 cLog.msg(Log::PRIO_ERROR) << "AesIcmCipher: Failed to set cipher CTR: size doesn't fit";
208 unsigned int num = 0;
209 std::memset(ecount_buf_, 0, AES_BLOCK_SIZE);
210 AES_ctr128_encrypt(in, out, (ilen < olen) ? ilen : olen, &aes_key_, ctr_.buf_, ecount_buf_, &num);
211 #elif defined(USE_NETTLE)
212 if(CTR_LENGTH != AES_BLOCK_SIZE) {
213 cLog.msg(Log::PRIO_ERROR) << "AesIcmCipher: Failed to set cipher CTR: size doesn't fit";
216 ctr_crypt(&ctx_, (nettle_crypt_func *)(aes_encrypt), AES_BLOCK_SIZE, ctr_.buf_, (ilen < olen) ? ilen : olen, out, in);
217 #else // USE_GCRYPT is the default
218 err = gcry_cipher_setctr(handle_, ctr_.buf_, CTR_LENGTH);
220 cLog.msg(Log::PRIO_ERROR) << "AesIcmCipher: Failed to set cipher CTR: " << AnytunGpgError(err);
224 err = gcry_cipher_encrypt(handle_, out, olen, in, ilen);
226 cLog.msg(Log::PRIO_ERROR) << "AesIcmCipher: Failed to de/encrypt packet: " << AnytunGpgError(err);