4 * The secure anycast tunneling protocol (satp) defines a protocol used
5 * for communication between any combination of unicast and anycast
6 * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel
7 * mode and allows tunneling of every ETHER TYPE protocol (e.g.
8 * ethernet, ip, arp ...). satp directly includes cryptography and
9 * message authentication based on the methods used by SRTP. It is
10 * intended to deliver a generic, scaleable and secure solution for
11 * tunneling and relaying of packets of any protocol.
14 * Copyright (C) 2007-2014 Markus Grüneis, Othmar Gsenger, Erwin Nindl,
15 * Christian Pointner <satp@wirdorange.org>
17 * This file is part of Anytun.
19 * Anytun is free software: you can redistribute it and/or modify
20 * it under the terms of the GNU General Public License as published by
21 * the Free Software Foundation, either version 3 of the License, or
24 * Anytun is distributed in the hope that it will be useful,
25 * but WITHOUT ANY WARRANTY; without even the implied warranty of
26 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
27 * GNU General Public License for more details.
29 * You should have received a copy of the GNU General Public License
30 * along with Anytun. If not, see <http://www.gnu.org/licenses/>.
32 * In addition, as a special exception, the copyright holders give
33 * permission to link the code of portions of this program with the
34 * OpenSSL library under certain conditions as described in each
35 * individual source file, and distribute linked combinations
37 * You must obey the GNU General Public License in all respects
38 * for all of the code used other than OpenSSL. If you modify
39 * file(s) with this exception, you may extend this exception to your
40 * version of the file(s), but you are not obligated to do so. If you
41 * do not wish to do so, delete this exception statement from your
42 * version. If you delete this exception statement from all source
43 * files in the program, then also delete it here.
46 #ifndef ANYTUN_keyDerivation_h_INCLUDED
47 #define ANYTUN_keyDerivation_h_INCLUDED
49 #include "datatypes.h"
51 #include "threadUtils.hpp"
52 #include "syncBuffer.h"
57 #if defined(USE_SSL_CRYPTO)
58 #include <openssl/aes.h>
59 #elif defined(USE_NETTLE)
60 #include <nettle/aes.h>
61 #else // USE_GCRYPT is the default
66 #include <boost/archive/text_oarchive.hpp>
67 #include <boost/archive/text_iarchive.hpp>
68 #include <boost/version.hpp>
74 #define LABEL_LEFT_ENC 0x356A192B
75 #define LABEL_RIGHT_ENC 0xDA4B9237
76 #define LABEL_LEFT_SALT 0x77DE68DA
77 #define LABEL_RIGHT_SALT 0x1B645389
78 #define LABEL_LEFT_AUTH 0xAC3478D6
79 #define LABEL_RIGHT_AUTH 0xC1DFD96E
81 typedef enum { KD_INBOUND, KD_OUTBOUND } kd_dir_t;
86 KeyDerivation() : is_initialized_(false), role_(ROLE_LEFT), key_length_(0), master_salt_(0), master_key_(0) {};
87 KeyDerivation(uint16_t key_length) : is_initialized_(false), role_(ROLE_LEFT), key_length_(key_length), master_salt_(0), master_key_(0) {};
88 virtual ~KeyDerivation() {};
90 void setRole(const role_t role);
92 virtual void init(Buffer key, Buffer salt, std::string passphrase = "") = 0;
93 virtual bool generate(kd_dir_t dir, satp_prf_label_t label, seq_nr_t seq_nr, Buffer& key) = 0;
95 virtual std::string printType() { return "GenericKeyDerivation"; };
97 satp_prf_label_t convertLabel(kd_dir_t dir, satp_prf_label_t label);
100 virtual void updateMasterKey() = 0;
102 #ifndef NO_PASSPHRASE
103 void calcMasterKey(std::string passphrase, uint16_t length);
104 void calcMasterSalt(std::string passphrase, uint16_t length);
107 KeyDerivation(const KeyDerivation& src);
108 friend class boost::serialization::access;
109 template<class Archive>
110 void serialize(Archive& ar, const unsigned int version) {
111 WritersLock lock(mutex_);
119 bool is_initialized_;
121 uint16_t key_length_;
122 SyncBuffer master_salt_;
123 SyncBuffer master_key_;
128 #if BOOST_VERSION <= 103500
129 BOOST_IS_ABSTRACT(KeyDerivation);
131 BOOST_SERIALIZATION_ASSUME_ABSTRACT(KeyDerivation);
134 //****** NullKeyDerivation ******
136 class NullKeyDerivation : public KeyDerivation
139 NullKeyDerivation() {};
140 ~NullKeyDerivation() {};
142 void init(Buffer key, Buffer salt, std::string passphrase = "") {};
143 bool generate(kd_dir_t dir, satp_prf_label_t label, seq_nr_t seq_nr, Buffer& key);
145 std::string printType() { return "NullKeyDerivation"; };
148 void updateMasterKey() {};
150 friend class boost::serialization::access;
151 template<class Archive>
152 void serialize(Archive& ar, const unsigned int version) {
153 ar& boost::serialization::base_object<KeyDerivation>(*this);
159 //****** AesIcmKeyDerivation ******
161 class AesIcmKeyDerivation : public KeyDerivation
164 AesIcmKeyDerivation();
165 AesIcmKeyDerivation(uint16_t key_length);
166 ~AesIcmKeyDerivation();
168 static const uint16_t DEFAULT_KEY_LENGTH = 128;
169 static const uint16_t CTR_LENGTH = 16;
170 static const uint16_t SALT_LENGTH = 14;
172 void init(Buffer key, Buffer salt, std::string passphrase = "");
173 bool generate(kd_dir_t dir, satp_prf_label_t label, seq_nr_t seq_nr, Buffer& key);
175 std::string printType();
178 void updateMasterKey();
180 bool calcCtr(kd_dir_t dir, satp_prf_label_t label, seq_nr_t seq_nr);
182 friend class boost::serialization::access;
183 template<class Archive>
184 void serialize(Archive& ar, const unsigned int version) {
185 ar& boost::serialization::base_object<KeyDerivation>(*this);
188 #if defined(USE_SSL_CRYPTO)
190 uint8_t ecount_buf_[2][AES_BLOCK_SIZE];
191 #elif defined(USE_NETTLE)
192 struct aes_ctx ctx_[2];
193 #else // USE_GCRYPT is the default
194 gcry_cipher_hd_t handle_[2];
198 #pragma pack(push, 1)
200 union ATTR_PACKED key_derivation_aesctr_ctr_union {
201 uint8_t buf_[CTR_LENGTH];
203 uint8_t buf_[SALT_LENGTH];
207 uint8_t fill_[SALT_LENGTH - sizeof(satp_prf_label_t) - sizeof(seq_nr_t)];
208 satp_prf_label_t label_;