d676dec08a9abf64787cf440479630d1f3ec8b58
[strongswan.git] / src / libcharon / config / proposal.c
1 /*
2 * Copyright (C) 2008-2016 Tobias Brunner
3 * Copyright (C) 2006-2010 Martin Willi
4 * Copyright (C) 2013-2015 Andreas Steffen
5 * Hochschule fuer Technik Rapperswil
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 *
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * for more details.
16 */
17
18 #include <string.h>
19
20 #include "proposal.h"
21
22 #include <daemon.h>
23 #include <collections/array.h>
24 #include <utils/identification.h>
25
26 #include <crypto/transform.h>
27 #include <crypto/prfs/prf.h>
28 #include <crypto/crypters/crypter.h>
29 #include <crypto/signers/signer.h>
30
31 ENUM(protocol_id_names, PROTO_NONE, PROTO_IPCOMP,
32 "PROTO_NONE",
33 "IKE",
34 "AH",
35 "ESP",
36 "IPCOMP",
37 );
38
39 typedef struct private_proposal_t private_proposal_t;
40
41 /**
42 * Private data of an proposal_t object
43 */
44 struct private_proposal_t {
45
46 /**
47 * Public part
48 */
49 proposal_t public;
50
51 /**
52 * protocol (ESP or AH)
53 */
54 protocol_id_t protocol;
55
56 /**
57 * Priority ordered list of transforms, as entry_t
58 */
59 array_t *transforms;
60
61 /**
62 * senders SPI
63 */
64 uint64_t spi;
65
66 /**
67 * Proposal number
68 */
69 u_int number;
70 };
71
72 /**
73 * Struct used to store different kinds of algorithms.
74 */
75 typedef struct {
76 /** Type of the transform */
77 transform_type_t type;
78 /** algorithm identifier */
79 uint16_t alg;
80 /** key size in bits, or zero if not needed */
81 uint16_t key_size;
82 } entry_t;
83
84 METHOD(proposal_t, add_algorithm, void,
85 private_proposal_t *this, transform_type_t type,
86 uint16_t alg, uint16_t key_size)
87 {
88 entry_t entry = {
89 .type = type,
90 .alg = alg,
91 .key_size = key_size,
92 };
93
94 array_insert(this->transforms, ARRAY_TAIL, &entry);
95 }
96
97 /**
98 * filter function for peer configs
99 */
100 static bool alg_filter(uintptr_t type, entry_t **in, uint16_t *alg,
101 void **unused, uint16_t *key_size)
102 {
103 entry_t *entry = *in;
104
105 if (entry->type != type)
106 {
107 return FALSE;
108 }
109 if (alg)
110 {
111 *alg = entry->alg;
112 }
113 if (key_size)
114 {
115 *key_size = entry->key_size;
116 }
117 return TRUE;
118 }
119
120 METHOD(proposal_t, create_enumerator, enumerator_t*,
121 private_proposal_t *this, transform_type_t type)
122 {
123 return enumerator_create_filter(
124 array_create_enumerator(this->transforms),
125 (void*)alg_filter, (void*)(uintptr_t)type, NULL);
126 }
127
128 METHOD(proposal_t, get_algorithm, bool,
129 private_proposal_t *this, transform_type_t type,
130 uint16_t *alg, uint16_t *key_size)
131 {
132 enumerator_t *enumerator;
133 bool found = FALSE;
134
135 enumerator = create_enumerator(this, type);
136 if (enumerator->enumerate(enumerator, alg, key_size))
137 {
138 found = TRUE;
139 }
140 enumerator->destroy(enumerator);
141
142 return found;
143 }
144
145 METHOD(proposal_t, has_dh_group, bool,
146 private_proposal_t *this, diffie_hellman_group_t group)
147 {
148 bool found = FALSE, any = FALSE;
149 enumerator_t *enumerator;
150 uint16_t current;
151
152 enumerator = create_enumerator(this, DIFFIE_HELLMAN_GROUP);
153 while (enumerator->enumerate(enumerator, &current, NULL))
154 {
155 any = TRUE;
156 if (current == group)
157 {
158 found = TRUE;
159 break;
160 }
161 }
162 enumerator->destroy(enumerator);
163
164 if (!any && group == MODP_NONE)
165 {
166 found = TRUE;
167 }
168 return found;
169 }
170
171 METHOD(proposal_t, strip_dh, void,
172 private_proposal_t *this, diffie_hellman_group_t keep)
173 {
174 enumerator_t *enumerator;
175 entry_t *entry;
176
177 enumerator = array_create_enumerator(this->transforms);
178 while (enumerator->enumerate(enumerator, &entry))
179 {
180 if (entry->type == DIFFIE_HELLMAN_GROUP &&
181 entry->alg != keep)
182 {
183 array_remove_at(this->transforms, enumerator);
184 }
185 }
186 enumerator->destroy(enumerator);
187 }
188
189 /**
190 * Select a matching proposal from this and other, insert into selected.
191 */
192 static bool select_algo(private_proposal_t *this, proposal_t *other,
193 proposal_t *selected, transform_type_t type, bool priv)
194 {
195 enumerator_t *e1, *e2;
196 uint16_t alg1, alg2, ks1, ks2;
197 bool found = FALSE, optional = FALSE;
198
199 if (type == INTEGRITY_ALGORITHM &&
200 selected->get_algorithm(selected, ENCRYPTION_ALGORITHM, &alg1, NULL) &&
201 encryption_algorithm_is_aead(alg1))
202 {
203 /* no integrity algorithm required, we have an AEAD */
204 return TRUE;
205 }
206 if (type == DIFFIE_HELLMAN_GROUP)
207 {
208 optional = this->protocol == PROTO_ESP || this->protocol == PROTO_AH;
209 }
210
211 e1 = create_enumerator(this, type);
212 e2 = other->create_enumerator(other, type);
213 if (!e1->enumerate(e1, &alg1, NULL))
214 {
215 if (!e2->enumerate(e2, &alg2, NULL))
216 {
217 found = TRUE;
218 }
219 else if (optional)
220 {
221 do
222 { /* if NONE is proposed, we accept the proposal */
223 found = !alg2;
224 }
225 while (!found && e2->enumerate(e2, &alg2, NULL));
226 }
227 }
228 else if (!e2->enumerate(e2, NULL, NULL))
229 {
230 if (optional)
231 {
232 do
233 { /* if NONE is proposed, we accept the proposal */
234 found = !alg1;
235 }
236 while (!found && e1->enumerate(e1, &alg1, NULL));
237 }
238 }
239
240 e1->destroy(e1);
241 e1 = create_enumerator(this, type);
242 /* compare algs, order of algs in "first" is preferred */
243 while (!found && e1->enumerate(e1, &alg1, &ks1))
244 {
245 e2->destroy(e2);
246 e2 = other->create_enumerator(other, type);
247 while (e2->enumerate(e2, &alg2, &ks2))
248 {
249 if (alg1 == alg2 && ks1 == ks2)
250 {
251 if (!priv && alg1 >= 1024)
252 {
253 /* accept private use algorithms only if requested */
254 DBG1(DBG_CFG, "an algorithm from private space would match, "
255 "but peer implementation is unknown, skipped");
256 continue;
257 }
258 selected->add_algorithm(selected, type, alg1, ks1);
259 found = TRUE;
260 break;
261 }
262 }
263 }
264 /* no match in all comparisons */
265 e1->destroy(e1);
266 e2->destroy(e2);
267
268 if (!found)
269 {
270 DBG2(DBG_CFG, " no acceptable %N found", transform_type_names, type);
271 }
272 return found;
273 }
274
275 METHOD(proposal_t, select_proposal, proposal_t*,
276 private_proposal_t *this, proposal_t *other, bool private)
277 {
278 proposal_t *selected;
279
280 DBG2(DBG_CFG, "selecting proposal:");
281
282 if (this->protocol != other->get_protocol(other))
283 {
284 DBG2(DBG_CFG, " protocol mismatch, skipping");
285 return NULL;
286 }
287
288 selected = proposal_create(this->protocol, other->get_number(other));
289
290 if (!select_algo(this, other, selected, ENCRYPTION_ALGORITHM, private) ||
291 !select_algo(this, other, selected, PSEUDO_RANDOM_FUNCTION, private) ||
292 !select_algo(this, other, selected, INTEGRITY_ALGORITHM, private) ||
293 !select_algo(this, other, selected, DIFFIE_HELLMAN_GROUP, private) ||
294 !select_algo(this, other, selected, EXTENDED_SEQUENCE_NUMBERS, private))
295 {
296 selected->destroy(selected);
297 return NULL;
298 }
299
300 DBG2(DBG_CFG, " proposal matches");
301 selected->set_spi(selected, other->get_spi(other));
302 return selected;
303 }
304
305 METHOD(proposal_t, get_protocol, protocol_id_t,
306 private_proposal_t *this)
307 {
308 return this->protocol;
309 }
310
311 METHOD(proposal_t, set_spi, void,
312 private_proposal_t *this, uint64_t spi)
313 {
314 this->spi = spi;
315 }
316
317 METHOD(proposal_t, get_spi, uint64_t,
318 private_proposal_t *this)
319 {
320 return this->spi;
321 }
322
323 /**
324 * Check if two proposals have the same algorithms for a given transform type
325 */
326 static bool algo_list_equals(private_proposal_t *this, proposal_t *other,
327 transform_type_t type)
328 {
329 enumerator_t *e1, *e2;
330 uint16_t alg1, alg2, ks1, ks2;
331 bool equals = TRUE;
332
333 e1 = create_enumerator(this, type);
334 e2 = other->create_enumerator(other, type);
335 while (e1->enumerate(e1, &alg1, &ks1))
336 {
337 if (!e2->enumerate(e2, &alg2, &ks2))
338 {
339 /* this has more algs */
340 equals = FALSE;
341 break;
342 }
343 if (alg1 != alg2 || ks1 != ks2)
344 {
345 equals = FALSE;
346 break;
347 }
348 }
349 if (e2->enumerate(e2, &alg2, &ks2))
350 {
351 /* other has more algs */
352 equals = FALSE;
353 }
354 e1->destroy(e1);
355 e2->destroy(e2);
356
357 return equals;
358 }
359
360 METHOD(proposal_t, get_number, u_int,
361 private_proposal_t *this)
362 {
363 return this->number;
364 }
365
366 METHOD(proposal_t, equals, bool,
367 private_proposal_t *this, proposal_t *other)
368 {
369 if (&this->public == other)
370 {
371 return TRUE;
372 }
373 return (
374 algo_list_equals(this, other, ENCRYPTION_ALGORITHM) &&
375 algo_list_equals(this, other, INTEGRITY_ALGORITHM) &&
376 algo_list_equals(this, other, PSEUDO_RANDOM_FUNCTION) &&
377 algo_list_equals(this, other, DIFFIE_HELLMAN_GROUP) &&
378 algo_list_equals(this, other, EXTENDED_SEQUENCE_NUMBERS));
379 }
380
381 METHOD(proposal_t, clone_, proposal_t*,
382 private_proposal_t *this)
383 {
384 private_proposal_t *clone;
385 enumerator_t *enumerator;
386 entry_t *entry;
387
388 clone = (private_proposal_t*)proposal_create(this->protocol, 0);
389
390 enumerator = array_create_enumerator(this->transforms);
391 while (enumerator->enumerate(enumerator, &entry))
392 {
393 array_insert(clone->transforms, ARRAY_TAIL, entry);
394 }
395 enumerator->destroy(enumerator);
396
397 clone->spi = this->spi;
398 clone->number = this->number;
399
400 return &clone->public;
401 }
402
403 /**
404 * Map integrity algorithms to the PRF functions using the same algorithm.
405 */
406 static const struct {
407 integrity_algorithm_t integ;
408 pseudo_random_function_t prf;
409 } integ_prf_map[] = {
410 {AUTH_HMAC_SHA1_96, PRF_HMAC_SHA1 },
411 {AUTH_HMAC_SHA1_160, PRF_HMAC_SHA1 },
412 {AUTH_HMAC_SHA2_256_128, PRF_HMAC_SHA2_256 },
413 {AUTH_HMAC_SHA2_384_192, PRF_HMAC_SHA2_384 },
414 {AUTH_HMAC_SHA2_512_256, PRF_HMAC_SHA2_512 },
415 {AUTH_HMAC_MD5_96, PRF_HMAC_MD5 },
416 {AUTH_HMAC_MD5_128, PRF_HMAC_MD5 },
417 {AUTH_AES_XCBC_96, PRF_AES128_XCBC },
418 {AUTH_CAMELLIA_XCBC_96, PRF_CAMELLIA128_XCBC },
419 {AUTH_AES_CMAC_96, PRF_AES128_CMAC },
420 };
421
422 /**
423 * Checks the proposal read from a string.
424 */
425 static void check_proposal(private_proposal_t *this)
426 {
427 enumerator_t *e;
428 entry_t *entry;
429 uint16_t alg, ks;
430 bool all_aead = TRUE;
431 int i;
432
433 if (this->protocol == PROTO_IKE)
434 {
435 e = create_enumerator(this, PSEUDO_RANDOM_FUNCTION);
436 if (!e->enumerate(e, &alg, &ks))
437 {
438 /* No explicit PRF found. We assume the same algorithm as used
439 * for integrity checking */
440 e->destroy(e);
441 e = create_enumerator(this, INTEGRITY_ALGORITHM);
442 while (e->enumerate(e, &alg, &ks))
443 {
444 for (i = 0; i < countof(integ_prf_map); i++)
445 {
446 if (alg == integ_prf_map[i].integ)
447 {
448 add_algorithm(this, PSEUDO_RANDOM_FUNCTION,
449 integ_prf_map[i].prf, 0);
450 break;
451 }
452 }
453 }
454 }
455 e->destroy(e);
456 }
457
458 if (this->protocol == PROTO_ESP)
459 {
460 e = create_enumerator(this, ENCRYPTION_ALGORITHM);
461 while (e->enumerate(e, &alg, &ks))
462 {
463 if (!encryption_algorithm_is_aead(alg))
464 {
465 all_aead = FALSE;
466 break;
467 }
468 }
469 e->destroy(e);
470
471 if (all_aead)
472 {
473 /* if all encryption algorithms in the proposal are AEADs,
474 * we MUST NOT propose any integrity algorithms */
475 e = array_create_enumerator(this->transforms);
476 while (e->enumerate(e, &entry))
477 {
478 if (entry->type == INTEGRITY_ALGORITHM)
479 {
480 array_remove_at(this->transforms, e);
481 }
482 }
483 e->destroy(e);
484 }
485 }
486
487 if (this->protocol == PROTO_AH || this->protocol == PROTO_ESP)
488 {
489 e = create_enumerator(this, EXTENDED_SEQUENCE_NUMBERS);
490 if (!e->enumerate(e, NULL, NULL))
491 { /* ESN not specified, assume not supported */
492 add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
493 }
494 e->destroy(e);
495 }
496
497 array_compress(this->transforms);
498 }
499
500 /**
501 * add a algorithm identified by a string to the proposal.
502 */
503 static bool add_string_algo(private_proposal_t *this, const char *alg)
504 {
505 const proposal_token_t *token;
506
507 token = lib->proposal->get_token(lib->proposal, alg);
508 if (token == NULL)
509 {
510 DBG1(DBG_CFG, "algorithm '%s' not recognized", alg);
511 return FALSE;
512 }
513
514 add_algorithm(this, token->type, token->algorithm, token->keysize);
515
516 return TRUE;
517 }
518
519 /**
520 * print all algorithms of a kind to buffer
521 */
522 static int print_alg(private_proposal_t *this, printf_hook_data_t *data,
523 u_int kind, void *names, bool *first)
524 {
525 enumerator_t *enumerator;
526 size_t written = 0;
527 uint16_t alg, size;
528
529 enumerator = create_enumerator(this, kind);
530 while (enumerator->enumerate(enumerator, &alg, &size))
531 {
532 if (*first)
533 {
534 written += print_in_hook(data, "%N", names, alg);
535 *first = FALSE;
536 }
537 else
538 {
539 written += print_in_hook(data, "/%N", names, alg);
540 }
541 if (size)
542 {
543 written += print_in_hook(data, "_%u", size);
544 }
545 }
546 enumerator->destroy(enumerator);
547 return written;
548 }
549
550 /**
551 * Described in header.
552 */
553 int proposal_printf_hook(printf_hook_data_t *data, printf_hook_spec_t *spec,
554 const void *const *args)
555 {
556 private_proposal_t *this = *((private_proposal_t**)(args[0]));
557 linked_list_t *list = *((linked_list_t**)(args[0]));
558 enumerator_t *enumerator;
559 size_t written = 0;
560 bool first = TRUE;
561
562 if (this == NULL)
563 {
564 return print_in_hook(data, "(null)");
565 }
566
567 if (spec->hash)
568 {
569 enumerator = list->create_enumerator(list);
570 while (enumerator->enumerate(enumerator, &this))
571 { /* call recursivly */
572 if (first)
573 {
574 written += print_in_hook(data, "%P", this);
575 first = FALSE;
576 }
577 else
578 {
579 written += print_in_hook(data, ", %P", this);
580 }
581 }
582 enumerator->destroy(enumerator);
583 return written;
584 }
585
586 written = print_in_hook(data, "%N:", protocol_id_names, this->protocol);
587 written += print_alg(this, data, ENCRYPTION_ALGORITHM,
588 encryption_algorithm_names, &first);
589 written += print_alg(this, data, INTEGRITY_ALGORITHM,
590 integrity_algorithm_names, &first);
591 written += print_alg(this, data, PSEUDO_RANDOM_FUNCTION,
592 pseudo_random_function_names, &first);
593 written += print_alg(this, data, DIFFIE_HELLMAN_GROUP,
594 diffie_hellman_group_names, &first);
595 written += print_alg(this, data, EXTENDED_SEQUENCE_NUMBERS,
596 extended_sequence_numbers_names, &first);
597 return written;
598 }
599
600 METHOD(proposal_t, destroy, void,
601 private_proposal_t *this)
602 {
603 array_destroy(this->transforms);
604 free(this);
605 }
606
607 /*
608 * Described in header
609 */
610 proposal_t *proposal_create(protocol_id_t protocol, u_int number)
611 {
612 private_proposal_t *this;
613
614 INIT(this,
615 .public = {
616 .add_algorithm = _add_algorithm,
617 .create_enumerator = _create_enumerator,
618 .get_algorithm = _get_algorithm,
619 .has_dh_group = _has_dh_group,
620 .strip_dh = _strip_dh,
621 .select = _select_proposal,
622 .get_protocol = _get_protocol,
623 .set_spi = _set_spi,
624 .get_spi = _get_spi,
625 .get_number = _get_number,
626 .equals = _equals,
627 .clone = _clone_,
628 .destroy = _destroy,
629 },
630 .protocol = protocol,
631 .number = number,
632 .transforms = array_create(sizeof(entry_t), 0),
633 );
634
635 return &this->public;
636 }
637
638 /**
639 * Add supported IKE algorithms to proposal
640 */
641 static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
642 {
643 enumerator_t *enumerator;
644 encryption_algorithm_t encryption;
645 integrity_algorithm_t integrity;
646 pseudo_random_function_t prf;
647 diffie_hellman_group_t group;
648 const char *plugin_name;
649
650 if (aead)
651 {
652 /* Round 1 adds algorithms with at least 128 bit security strength */
653 enumerator = lib->crypto->create_aead_enumerator(lib->crypto);
654 while (enumerator->enumerate(enumerator, &encryption, &plugin_name))
655 {
656 switch (encryption)
657 {
658 case ENCR_AES_GCM_ICV16:
659 case ENCR_AES_CCM_ICV16:
660 case ENCR_CAMELLIA_CCM_ICV16:
661 /* we assume that we support all AES/Camellia sizes */
662 add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 128);
663 add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 192);
664 add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 256);
665 break;
666 case ENCR_CHACHA20_POLY1305:
667 add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 256);
668 break;
669 default:
670 break;
671 }
672 }
673 enumerator->destroy(enumerator);
674
675 /* Round 2 adds algorithms with less than 128 bit security strength */
676 enumerator = lib->crypto->create_aead_enumerator(lib->crypto);
677 while (enumerator->enumerate(enumerator, &encryption, &plugin_name))
678 {
679 switch (encryption)
680 {
681 case ENCR_AES_GCM_ICV12:
682 case ENCR_AES_GCM_ICV8:
683 case ENCR_AES_CCM_ICV12:
684 case ENCR_AES_CCM_ICV8:
685 case ENCR_CAMELLIA_CCM_ICV12:
686 case ENCR_CAMELLIA_CCM_ICV8:
687 /* we assume that we support all AES/Camellia sizes */
688 add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 128);
689 add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 192);
690 add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 256);
691 break;
692 default:
693 break;
694 }
695 }
696 enumerator->destroy(enumerator);
697
698 if (!array_count(this->transforms))
699 {
700 return FALSE;
701 }
702 }
703 else
704 {
705 /* Round 1 adds algorithms with at least 128 bit security strength */
706 enumerator = lib->crypto->create_crypter_enumerator(lib->crypto);
707 while (enumerator->enumerate(enumerator, &encryption, &plugin_name))
708 {
709 switch (encryption)
710 {
711 case ENCR_AES_CBC:
712 case ENCR_AES_CTR:
713 case ENCR_CAMELLIA_CBC:
714 case ENCR_CAMELLIA_CTR:
715 /* we assume that we support all AES/Camellia sizes */
716 add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 128);
717 add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 192);
718 add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 256);
719 break;
720 default:
721 break;
722 }
723 }
724 enumerator->destroy(enumerator);
725
726 /* Round 2 adds algorithms with less than 128 bit security strength */
727 enumerator = lib->crypto->create_crypter_enumerator(lib->crypto);
728 while (enumerator->enumerate(enumerator, &encryption, &plugin_name))
729 {
730 switch (encryption)
731 {
732 case ENCR_3DES:
733 add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 0);
734 break;
735 case ENCR_DES:
736 /* no, thanks */
737 break;
738 default:
739 break;
740 }
741 }
742 enumerator->destroy(enumerator);
743
744 if (!array_count(this->transforms))
745 {
746 return FALSE;
747 }
748
749 /* Round 1 adds algorithms with at least 128 bit security strength */
750 enumerator = lib->crypto->create_signer_enumerator(lib->crypto);
751 while (enumerator->enumerate(enumerator, &integrity, &plugin_name))
752 {
753 switch (integrity)
754 {
755 case AUTH_HMAC_SHA2_256_128:
756 case AUTH_HMAC_SHA2_384_192:
757 case AUTH_HMAC_SHA2_512_256:
758 add_algorithm(this, INTEGRITY_ALGORITHM, integrity, 0);
759 break;
760 default:
761 break;
762 }
763 }
764 enumerator->destroy(enumerator);
765
766 /* Round 2 adds algorithms with less than 128 bit security strength */
767 enumerator = lib->crypto->create_signer_enumerator(lib->crypto);
768 while (enumerator->enumerate(enumerator, &integrity, &plugin_name))
769 {
770 switch (integrity)
771 {
772 case AUTH_AES_XCBC_96:
773 case AUTH_AES_CMAC_96:
774 case AUTH_HMAC_SHA1_96:
775 case AUTH_HMAC_MD5_96:
776 add_algorithm(this, INTEGRITY_ALGORITHM, integrity, 0);
777 break;
778 default:
779 break;
780 }
781 }
782 enumerator->destroy(enumerator);
783 }
784
785 /* Round 1 adds algorithms with at least 128 bit security strength */
786 enumerator = lib->crypto->create_prf_enumerator(lib->crypto);
787 while (enumerator->enumerate(enumerator, &prf, &plugin_name))
788 {
789 switch (prf)
790 {
791 case PRF_HMAC_SHA2_256:
792 case PRF_HMAC_SHA2_384:
793 case PRF_HMAC_SHA2_512:
794 case PRF_AES128_XCBC:
795 case PRF_AES128_CMAC:
796 add_algorithm(this, PSEUDO_RANDOM_FUNCTION, prf, 0);
797 break;
798 default:
799 break;
800 }
801 }
802 enumerator->destroy(enumerator);
803
804 /* Round 2 adds algorithms with less than 128 bit security strength */
805 enumerator = lib->crypto->create_prf_enumerator(lib->crypto);
806 while (enumerator->enumerate(enumerator, &prf, &plugin_name))
807 {
808 switch (prf)
809 {
810 case PRF_HMAC_SHA1:
811 case PRF_HMAC_MD5:
812 add_algorithm(this, PSEUDO_RANDOM_FUNCTION, prf, 0);
813 break;
814 default:
815 break;
816 }
817 }
818 enumerator->destroy(enumerator);
819
820 /* Round 1 adds ECC and NTRU algorithms with at least 128 bit security strength */
821 enumerator = lib->crypto->create_dh_enumerator(lib->crypto);
822 while (enumerator->enumerate(enumerator, &group, &plugin_name))
823 {
824 switch (group)
825 {
826 case ECP_256_BIT:
827 case ECP_384_BIT:
828 case ECP_521_BIT:
829 case ECP_256_BP:
830 case ECP_384_BP:
831 case ECP_512_BP:
832 case NTRU_128_BIT:
833 case NTRU_192_BIT:
834 case NTRU_256_BIT:
835 add_algorithm(this, DIFFIE_HELLMAN_GROUP, group, 0);
836 break;
837 default:
838 break;
839 }
840 }
841 enumerator->destroy(enumerator);
842
843 /* Round 2 adds other algorithms with at least 128 bit security strength */
844 enumerator = lib->crypto->create_dh_enumerator(lib->crypto);
845 while (enumerator->enumerate(enumerator, &group, &plugin_name))
846 {
847 switch (group)
848 {
849 case MODP_3072_BIT:
850 case MODP_4096_BIT:
851 case MODP_8192_BIT:
852 add_algorithm(this, DIFFIE_HELLMAN_GROUP, group, 0);
853 break;
854 default:
855 break;
856 }
857 }
858 enumerator->destroy(enumerator);
859
860 /* Round 3 adds algorithms with less than 128 bit security strength */
861 enumerator = lib->crypto->create_dh_enumerator(lib->crypto);
862 while (enumerator->enumerate(enumerator, &group, &plugin_name))
863 {
864 switch (group)
865 {
866 case MODP_NULL:
867 /* only for testing purposes */
868 break;
869 case MODP_768_BIT:
870 /* weak */
871 break;
872 case MODP_2048_224:
873 case MODP_1536_BIT:
874 case MODP_1024_160:
875 case ECP_224_BIT:
876 case ECP_224_BP:
877 case ECP_192_BIT:
878 case NTRU_112_BIT:
879 /* rarely used */
880 break;
881 case MODP_2048_BIT:
882 case MODP_2048_256:
883 case MODP_1024_BIT:
884 add_algorithm(this, DIFFIE_HELLMAN_GROUP, group, 0);
885 break;
886 default:
887 break;
888 }
889 }
890 enumerator->destroy(enumerator);
891
892 return TRUE;
893 }
894
895 /*
896 * Described in header
897 */
898 proposal_t *proposal_create_default(protocol_id_t protocol)
899 {
900 private_proposal_t *this = (private_proposal_t*)proposal_create(protocol, 0);
901
902 switch (protocol)
903 {
904 case PROTO_IKE:
905 if (!proposal_add_supported_ike(this, FALSE))
906 {
907 destroy(this);
908 return NULL;
909 }
910 break;
911 case PROTO_ESP:
912 add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128);
913 add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192);
914 add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256);
915 add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_3DES, 0);
916 add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256);
917 add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0);
918 add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0);
919 add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0);
920 add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
921 add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0);
922 add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0);
923 add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
924 break;
925 case PROTO_AH:
926 add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0);
927 add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0);
928 add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0);
929 add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
930 add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0);
931 add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0);
932 add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
933 break;
934 default:
935 break;
936 }
937 return &this->public;
938 }
939
940 /*
941 * Described in header
942 */
943 proposal_t *proposal_create_default_aead(protocol_id_t protocol)
944 {
945 private_proposal_t *this;
946
947 switch (protocol)
948 {
949 case PROTO_IKE:
950 this = (private_proposal_t*)proposal_create(protocol, 0);
951 if (!proposal_add_supported_ike(this, TRUE))
952 {
953 destroy(this);
954 return NULL;
955 }
956 return &this->public;
957 case PROTO_ESP:
958 /* we currently don't include any AEAD proposal for ESP, as we
959 * don't know if our kernel backend actually supports it. */
960 return NULL;
961 case PROTO_AH:
962 default:
963 return NULL;
964 }
965 }
966
967 /*
968 * Described in header
969 */
970 proposal_t *proposal_create_from_string(protocol_id_t protocol, const char *algs)
971 {
972 private_proposal_t *this;
973 enumerator_t *enumerator;
974 bool failed = TRUE;
975 char *alg;
976
977 this = (private_proposal_t*)proposal_create(protocol, 0);
978
979 /* get all tokens, separated by '-' */
980 enumerator = enumerator_create_token(algs, "-", " ");
981 while (enumerator->enumerate(enumerator, &alg))
982 {
983 if (!add_string_algo(this, alg))
984 {
985 failed = TRUE;
986 break;
987 }
988 failed = FALSE;
989 }
990 enumerator->destroy(enumerator);
991
992 if (failed)
993 {
994 destroy(this);
995 return NULL;
996 }
997
998 check_proposal(this);
999
1000 return &this->public;
1001 }