proposal: Remove RFC 5114 MODP DH groups from default proposal
[strongswan.git] / src / libcharon / config / proposal.c
1 /*
2 * Copyright (C) 2008-2016 Tobias Brunner
3 * Copyright (C) 2006-2010 Martin Willi
4 * Copyright (C) 2013-2015 Andreas Steffen
5 * Hochschule fuer Technik Rapperswil
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 *
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * for more details.
16 */
17
18 #include <string.h>
19
20 #include "proposal.h"
21
22 #include <daemon.h>
23 #include <collections/array.h>
24 #include <utils/identification.h>
25
26 #include <crypto/transform.h>
27 #include <crypto/prfs/prf.h>
28 #include <crypto/crypters/crypter.h>
29 #include <crypto/signers/signer.h>
30
31 ENUM(protocol_id_names, PROTO_NONE, PROTO_IPCOMP,
32 "PROTO_NONE",
33 "IKE",
34 "AH",
35 "ESP",
36 "IPCOMP",
37 );
38
39 typedef struct private_proposal_t private_proposal_t;
40
41 /**
42 * Private data of an proposal_t object
43 */
44 struct private_proposal_t {
45
46 /**
47 * Public part
48 */
49 proposal_t public;
50
51 /**
52 * protocol (ESP or AH)
53 */
54 protocol_id_t protocol;
55
56 /**
57 * Priority ordered list of transforms, as entry_t
58 */
59 array_t *transforms;
60
61 /**
62 * senders SPI
63 */
64 uint64_t spi;
65
66 /**
67 * Proposal number
68 */
69 u_int number;
70 };
71
72 /**
73 * Struct used to store different kinds of algorithms.
74 */
75 typedef struct {
76 /** Type of the transform */
77 transform_type_t type;
78 /** algorithm identifier */
79 uint16_t alg;
80 /** key size in bits, or zero if not needed */
81 uint16_t key_size;
82 } entry_t;
83
84 METHOD(proposal_t, add_algorithm, void,
85 private_proposal_t *this, transform_type_t type,
86 uint16_t alg, uint16_t key_size)
87 {
88 entry_t entry = {
89 .type = type,
90 .alg = alg,
91 .key_size = key_size,
92 };
93
94 array_insert(this->transforms, ARRAY_TAIL, &entry);
95 }
96
97 /**
98 * filter function for peer configs
99 */
100 static bool alg_filter(uintptr_t type, entry_t **in, uint16_t *alg,
101 void **unused, uint16_t *key_size)
102 {
103 entry_t *entry = *in;
104
105 if (entry->type != type)
106 {
107 return FALSE;
108 }
109 if (alg)
110 {
111 *alg = entry->alg;
112 }
113 if (key_size)
114 {
115 *key_size = entry->key_size;
116 }
117 return TRUE;
118 }
119
120 METHOD(proposal_t, create_enumerator, enumerator_t*,
121 private_proposal_t *this, transform_type_t type)
122 {
123 return enumerator_create_filter(
124 array_create_enumerator(this->transforms),
125 (void*)alg_filter, (void*)(uintptr_t)type, NULL);
126 }
127
128 METHOD(proposal_t, get_algorithm, bool,
129 private_proposal_t *this, transform_type_t type,
130 uint16_t *alg, uint16_t *key_size)
131 {
132 enumerator_t *enumerator;
133 bool found = FALSE;
134
135 enumerator = create_enumerator(this, type);
136 if (enumerator->enumerate(enumerator, alg, key_size))
137 {
138 found = TRUE;
139 }
140 enumerator->destroy(enumerator);
141
142 return found;
143 }
144
145 METHOD(proposal_t, has_dh_group, bool,
146 private_proposal_t *this, diffie_hellman_group_t group)
147 {
148 bool found = FALSE, any = FALSE;
149 enumerator_t *enumerator;
150 uint16_t current;
151
152 enumerator = create_enumerator(this, DIFFIE_HELLMAN_GROUP);
153 while (enumerator->enumerate(enumerator, &current, NULL))
154 {
155 any = TRUE;
156 if (current == group)
157 {
158 found = TRUE;
159 break;
160 }
161 }
162 enumerator->destroy(enumerator);
163
164 if (!any && group == MODP_NONE)
165 {
166 found = TRUE;
167 }
168 return found;
169 }
170
171 METHOD(proposal_t, strip_dh, void,
172 private_proposal_t *this, diffie_hellman_group_t keep)
173 {
174 enumerator_t *enumerator;
175 entry_t *entry;
176
177 enumerator = array_create_enumerator(this->transforms);
178 while (enumerator->enumerate(enumerator, &entry))
179 {
180 if (entry->type == DIFFIE_HELLMAN_GROUP &&
181 entry->alg != keep)
182 {
183 array_remove_at(this->transforms, enumerator);
184 }
185 }
186 enumerator->destroy(enumerator);
187 }
188
189 /**
190 * Select a matching proposal from this and other, insert into selected.
191 */
192 static bool select_algo(private_proposal_t *this, proposal_t *other,
193 proposal_t *selected, transform_type_t type, bool priv)
194 {
195 enumerator_t *e1, *e2;
196 uint16_t alg1, alg2, ks1, ks2;
197 bool found = FALSE, optional = FALSE;
198
199 if (type == INTEGRITY_ALGORITHM &&
200 selected->get_algorithm(selected, ENCRYPTION_ALGORITHM, &alg1, NULL) &&
201 encryption_algorithm_is_aead(alg1))
202 {
203 /* no integrity algorithm required, we have an AEAD */
204 return TRUE;
205 }
206 if (type == DIFFIE_HELLMAN_GROUP)
207 {
208 optional = this->protocol == PROTO_ESP || this->protocol == PROTO_AH;
209 }
210
211 e1 = create_enumerator(this, type);
212 e2 = other->create_enumerator(other, type);
213 if (!e1->enumerate(e1, &alg1, NULL))
214 {
215 if (!e2->enumerate(e2, &alg2, NULL))
216 {
217 found = TRUE;
218 }
219 else if (optional)
220 {
221 do
222 { /* if NONE is proposed, we accept the proposal */
223 found = !alg2;
224 }
225 while (!found && e2->enumerate(e2, &alg2, NULL));
226 }
227 }
228 else if (!e2->enumerate(e2, NULL, NULL))
229 {
230 if (optional)
231 {
232 do
233 { /* if NONE is proposed, we accept the proposal */
234 found = !alg1;
235 }
236 while (!found && e1->enumerate(e1, &alg1, NULL));
237 }
238 }
239
240 e1->destroy(e1);
241 e1 = create_enumerator(this, type);
242 /* compare algs, order of algs in "first" is preferred */
243 while (!found && e1->enumerate(e1, &alg1, &ks1))
244 {
245 e2->destroy(e2);
246 e2 = other->create_enumerator(other, type);
247 while (e2->enumerate(e2, &alg2, &ks2))
248 {
249 if (alg1 == alg2 && ks1 == ks2)
250 {
251 if (!priv && alg1 >= 1024)
252 {
253 /* accept private use algorithms only if requested */
254 DBG1(DBG_CFG, "an algorithm from private space would match, "
255 "but peer implementation is unknown, skipped");
256 continue;
257 }
258 selected->add_algorithm(selected, type, alg1, ks1);
259 found = TRUE;
260 break;
261 }
262 }
263 }
264 /* no match in all comparisons */
265 e1->destroy(e1);
266 e2->destroy(e2);
267
268 if (!found)
269 {
270 DBG2(DBG_CFG, " no acceptable %N found", transform_type_names, type);
271 }
272 return found;
273 }
274
275 METHOD(proposal_t, select_proposal, proposal_t*,
276 private_proposal_t *this, proposal_t *other, bool private)
277 {
278 proposal_t *selected;
279
280 DBG2(DBG_CFG, "selecting proposal:");
281
282 if (this->protocol != other->get_protocol(other))
283 {
284 DBG2(DBG_CFG, " protocol mismatch, skipping");
285 return NULL;
286 }
287
288 selected = proposal_create(this->protocol, other->get_number(other));
289
290 if (!select_algo(this, other, selected, ENCRYPTION_ALGORITHM, private) ||
291 !select_algo(this, other, selected, PSEUDO_RANDOM_FUNCTION, private) ||
292 !select_algo(this, other, selected, INTEGRITY_ALGORITHM, private) ||
293 !select_algo(this, other, selected, DIFFIE_HELLMAN_GROUP, private) ||
294 !select_algo(this, other, selected, EXTENDED_SEQUENCE_NUMBERS, private))
295 {
296 selected->destroy(selected);
297 return NULL;
298 }
299
300 DBG2(DBG_CFG, " proposal matches");
301 selected->set_spi(selected, other->get_spi(other));
302 return selected;
303 }
304
305 METHOD(proposal_t, get_protocol, protocol_id_t,
306 private_proposal_t *this)
307 {
308 return this->protocol;
309 }
310
311 METHOD(proposal_t, set_spi, void,
312 private_proposal_t *this, uint64_t spi)
313 {
314 this->spi = spi;
315 }
316
317 METHOD(proposal_t, get_spi, uint64_t,
318 private_proposal_t *this)
319 {
320 return this->spi;
321 }
322
323 /**
324 * Check if two proposals have the same algorithms for a given transform type
325 */
326 static bool algo_list_equals(private_proposal_t *this, proposal_t *other,
327 transform_type_t type)
328 {
329 enumerator_t *e1, *e2;
330 uint16_t alg1, alg2, ks1, ks2;
331 bool equals = TRUE;
332
333 e1 = create_enumerator(this, type);
334 e2 = other->create_enumerator(other, type);
335 while (e1->enumerate(e1, &alg1, &ks1))
336 {
337 if (!e2->enumerate(e2, &alg2, &ks2))
338 {
339 /* this has more algs */
340 equals = FALSE;
341 break;
342 }
343 if (alg1 != alg2 || ks1 != ks2)
344 {
345 equals = FALSE;
346 break;
347 }
348 }
349 if (e2->enumerate(e2, &alg2, &ks2))
350 {
351 /* other has more algs */
352 equals = FALSE;
353 }
354 e1->destroy(e1);
355 e2->destroy(e2);
356
357 return equals;
358 }
359
360 METHOD(proposal_t, get_number, u_int,
361 private_proposal_t *this)
362 {
363 return this->number;
364 }
365
366 METHOD(proposal_t, equals, bool,
367 private_proposal_t *this, proposal_t *other)
368 {
369 if (&this->public == other)
370 {
371 return TRUE;
372 }
373 return (
374 algo_list_equals(this, other, ENCRYPTION_ALGORITHM) &&
375 algo_list_equals(this, other, INTEGRITY_ALGORITHM) &&
376 algo_list_equals(this, other, PSEUDO_RANDOM_FUNCTION) &&
377 algo_list_equals(this, other, DIFFIE_HELLMAN_GROUP) &&
378 algo_list_equals(this, other, EXTENDED_SEQUENCE_NUMBERS));
379 }
380
381 METHOD(proposal_t, clone_, proposal_t*,
382 private_proposal_t *this)
383 {
384 private_proposal_t *clone;
385 enumerator_t *enumerator;
386 entry_t *entry;
387
388 clone = (private_proposal_t*)proposal_create(this->protocol, 0);
389
390 enumerator = array_create_enumerator(this->transforms);
391 while (enumerator->enumerate(enumerator, &entry))
392 {
393 array_insert(clone->transforms, ARRAY_TAIL, entry);
394 }
395 enumerator->destroy(enumerator);
396
397 clone->spi = this->spi;
398 clone->number = this->number;
399
400 return &clone->public;
401 }
402
403 /**
404 * Map integrity algorithms to the PRF functions using the same algorithm.
405 */
406 static const struct {
407 integrity_algorithm_t integ;
408 pseudo_random_function_t prf;
409 } integ_prf_map[] = {
410 {AUTH_HMAC_SHA1_96, PRF_HMAC_SHA1 },
411 {AUTH_HMAC_SHA1_160, PRF_HMAC_SHA1 },
412 {AUTH_HMAC_SHA2_256_128, PRF_HMAC_SHA2_256 },
413 {AUTH_HMAC_SHA2_384_192, PRF_HMAC_SHA2_384 },
414 {AUTH_HMAC_SHA2_512_256, PRF_HMAC_SHA2_512 },
415 {AUTH_HMAC_MD5_96, PRF_HMAC_MD5 },
416 {AUTH_HMAC_MD5_128, PRF_HMAC_MD5 },
417 {AUTH_AES_XCBC_96, PRF_AES128_XCBC },
418 {AUTH_CAMELLIA_XCBC_96, PRF_CAMELLIA128_XCBC },
419 {AUTH_AES_CMAC_96, PRF_AES128_CMAC },
420 };
421
422 /**
423 * Remove all entries of the given transform type
424 */
425 static void remove_transform(private_proposal_t *this, transform_type_t type)
426 {
427 enumerator_t *e;
428 entry_t *entry;
429
430 e = array_create_enumerator(this->transforms);
431 while (e->enumerate(e, &entry))
432 {
433 if (entry->type == type)
434 {
435 array_remove_at(this->transforms, e);
436 }
437 }
438 e->destroy(e);
439 }
440
441 /**
442 * Checks the proposal read from a string.
443 */
444 static bool check_proposal(private_proposal_t *this)
445 {
446 enumerator_t *e;
447 entry_t *entry;
448 uint16_t alg, ks;
449 bool all_aead = TRUE, any_aead = FALSE, any_enc = FALSE;
450 int i;
451
452 if (this->protocol == PROTO_IKE)
453 {
454 if (!get_algorithm(this, PSEUDO_RANDOM_FUNCTION, NULL, NULL))
455 { /* No explicit PRF found. We assume the same algorithm as used
456 * for integrity checking. */
457 e = create_enumerator(this, INTEGRITY_ALGORITHM);
458 while (e->enumerate(e, &alg, &ks))
459 {
460 for (i = 0; i < countof(integ_prf_map); i++)
461 {
462 if (alg == integ_prf_map[i].integ)
463 {
464 add_algorithm(this, PSEUDO_RANDOM_FUNCTION,
465 integ_prf_map[i].prf, 0);
466 break;
467 }
468 }
469 }
470 e->destroy(e);
471 }
472 if (!get_algorithm(this, PSEUDO_RANDOM_FUNCTION, NULL, NULL))
473 {
474 DBG1(DBG_CFG, "a PRF algorithm is mandatory in IKE proposals");
475 return FALSE;
476 }
477 /* remove MODP_NONE from IKE proposal */
478 e = array_create_enumerator(this->transforms);
479 while (e->enumerate(e, &entry))
480 {
481 if (entry->type == DIFFIE_HELLMAN_GROUP && !entry->alg)
482 {
483 array_remove_at(this->transforms, e);
484 }
485 }
486 e->destroy(e);
487 if (!get_algorithm(this, DIFFIE_HELLMAN_GROUP, NULL, NULL))
488 {
489 DBG1(DBG_CFG, "a DH group is mandatory in IKE proposals");
490 return FALSE;
491 }
492 }
493 else
494 { /* remove PRFs from ESP/AH proposals */
495 remove_transform(this, PSEUDO_RANDOM_FUNCTION);
496 }
497
498 if (this->protocol == PROTO_IKE || this->protocol == PROTO_ESP)
499 {
500 e = create_enumerator(this, ENCRYPTION_ALGORITHM);
501 while (e->enumerate(e, &alg, &ks))
502 {
503 any_enc = TRUE;
504 if (encryption_algorithm_is_aead(alg))
505 {
506 any_aead = TRUE;
507 continue;
508 }
509 all_aead = FALSE;
510 }
511 e->destroy(e);
512
513 if (!any_enc)
514 {
515 DBG1(DBG_CFG, "an encryption algorithm is mandatory in %N proposals",
516 protocol_id_names, this->protocol);
517 return FALSE;
518 }
519 else if (any_aead && !all_aead)
520 {
521 DBG1(DBG_CFG, "classic and combined-mode (AEAD) encryption "
522 "algorithms can't be contained in the same %N proposal",
523 protocol_id_names, this->protocol);
524 return FALSE;
525 }
526 else if (all_aead)
527 { /* if all encryption algorithms in the proposal are AEADs,
528 * we MUST NOT propose any integrity algorithms */
529 remove_transform(this, INTEGRITY_ALGORITHM);
530 }
531 }
532 else
533 { /* AES-GMAC is parsed as encryption algorithm, so we map that to the
534 * proper integrity algorithm */
535 e = array_create_enumerator(this->transforms);
536 while (e->enumerate(e, &entry))
537 {
538 if (entry->type == ENCRYPTION_ALGORITHM)
539 {
540 if (entry->alg == ENCR_NULL_AUTH_AES_GMAC)
541 {
542 entry->type = INTEGRITY_ALGORITHM;
543 ks = entry->key_size;
544 entry->key_size = 0;
545 switch (ks)
546 {
547 case 128:
548 entry->alg = AUTH_AES_128_GMAC;
549 continue;
550 case 192:
551 entry->alg = AUTH_AES_192_GMAC;
552 continue;
553 case 256:
554 entry->alg = AUTH_AES_256_GMAC;
555 continue;
556 default:
557 break;
558 }
559 }
560 /* remove all other encryption algorithms */
561 array_remove_at(this->transforms, e);
562 }
563 }
564 e->destroy(e);
565
566 if (!get_algorithm(this, INTEGRITY_ALGORITHM, NULL, NULL))
567 {
568 DBG1(DBG_CFG, "an integrity algorithm is mandatory in AH "
569 "proposals");
570 return FALSE;
571 }
572 }
573
574 if (this->protocol == PROTO_AH || this->protocol == PROTO_ESP)
575 {
576 if (!get_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NULL, NULL))
577 { /* ESN not specified, assume not supported */
578 add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
579 }
580 }
581
582 array_compress(this->transforms);
583 return TRUE;
584 }
585
586 /**
587 * add a algorithm identified by a string to the proposal.
588 */
589 static bool add_string_algo(private_proposal_t *this, const char *alg)
590 {
591 const proposal_token_t *token;
592
593 token = lib->proposal->get_token(lib->proposal, alg);
594 if (token == NULL)
595 {
596 DBG1(DBG_CFG, "algorithm '%s' not recognized", alg);
597 return FALSE;
598 }
599
600 add_algorithm(this, token->type, token->algorithm, token->keysize);
601
602 return TRUE;
603 }
604
605 /**
606 * print all algorithms of a kind to buffer
607 */
608 static int print_alg(private_proposal_t *this, printf_hook_data_t *data,
609 u_int kind, void *names, bool *first)
610 {
611 enumerator_t *enumerator;
612 size_t written = 0;
613 uint16_t alg, size;
614
615 enumerator = create_enumerator(this, kind);
616 while (enumerator->enumerate(enumerator, &alg, &size))
617 {
618 if (*first)
619 {
620 written += print_in_hook(data, "%N", names, alg);
621 *first = FALSE;
622 }
623 else
624 {
625 written += print_in_hook(data, "/%N", names, alg);
626 }
627 if (size)
628 {
629 written += print_in_hook(data, "_%u", size);
630 }
631 }
632 enumerator->destroy(enumerator);
633 return written;
634 }
635
636 /**
637 * Described in header.
638 */
639 int proposal_printf_hook(printf_hook_data_t *data, printf_hook_spec_t *spec,
640 const void *const *args)
641 {
642 private_proposal_t *this = *((private_proposal_t**)(args[0]));
643 linked_list_t *list = *((linked_list_t**)(args[0]));
644 enumerator_t *enumerator;
645 size_t written = 0;
646 bool first = TRUE;
647
648 if (this == NULL)
649 {
650 return print_in_hook(data, "(null)");
651 }
652
653 if (spec->hash)
654 {
655 enumerator = list->create_enumerator(list);
656 while (enumerator->enumerate(enumerator, &this))
657 { /* call recursivly */
658 if (first)
659 {
660 written += print_in_hook(data, "%P", this);
661 first = FALSE;
662 }
663 else
664 {
665 written += print_in_hook(data, ", %P", this);
666 }
667 }
668 enumerator->destroy(enumerator);
669 return written;
670 }
671
672 written = print_in_hook(data, "%N:", protocol_id_names, this->protocol);
673 written += print_alg(this, data, ENCRYPTION_ALGORITHM,
674 encryption_algorithm_names, &first);
675 written += print_alg(this, data, INTEGRITY_ALGORITHM,
676 integrity_algorithm_names, &first);
677 written += print_alg(this, data, PSEUDO_RANDOM_FUNCTION,
678 pseudo_random_function_names, &first);
679 written += print_alg(this, data, DIFFIE_HELLMAN_GROUP,
680 diffie_hellman_group_names, &first);
681 written += print_alg(this, data, EXTENDED_SEQUENCE_NUMBERS,
682 extended_sequence_numbers_names, &first);
683 return written;
684 }
685
686 METHOD(proposal_t, destroy, void,
687 private_proposal_t *this)
688 {
689 array_destroy(this->transforms);
690 free(this);
691 }
692
693 /*
694 * Described in header
695 */
696 proposal_t *proposal_create(protocol_id_t protocol, u_int number)
697 {
698 private_proposal_t *this;
699
700 INIT(this,
701 .public = {
702 .add_algorithm = _add_algorithm,
703 .create_enumerator = _create_enumerator,
704 .get_algorithm = _get_algorithm,
705 .has_dh_group = _has_dh_group,
706 .strip_dh = _strip_dh,
707 .select = _select_proposal,
708 .get_protocol = _get_protocol,
709 .set_spi = _set_spi,
710 .get_spi = _get_spi,
711 .get_number = _get_number,
712 .equals = _equals,
713 .clone = _clone_,
714 .destroy = _destroy,
715 },
716 .protocol = protocol,
717 .number = number,
718 .transforms = array_create(sizeof(entry_t), 0),
719 );
720
721 return &this->public;
722 }
723
724 /**
725 * Add supported IKE algorithms to proposal
726 */
727 static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
728 {
729 enumerator_t *enumerator;
730 encryption_algorithm_t encryption;
731 integrity_algorithm_t integrity;
732 pseudo_random_function_t prf;
733 diffie_hellman_group_t group;
734 const char *plugin_name;
735
736 if (aead)
737 {
738 /* Round 1 adds algorithms with at least 128 bit security strength */
739 enumerator = lib->crypto->create_aead_enumerator(lib->crypto);
740 while (enumerator->enumerate(enumerator, &encryption, &plugin_name))
741 {
742 switch (encryption)
743 {
744 case ENCR_AES_GCM_ICV16:
745 case ENCR_AES_CCM_ICV16:
746 case ENCR_CAMELLIA_CCM_ICV16:
747 /* we assume that we support all AES/Camellia sizes */
748 add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 128);
749 add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 192);
750 add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 256);
751 break;
752 case ENCR_CHACHA20_POLY1305:
753 add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 256);
754 break;
755 default:
756 break;
757 }
758 }
759 enumerator->destroy(enumerator);
760
761 /* Round 2 adds algorithms with less than 128 bit security strength */
762 enumerator = lib->crypto->create_aead_enumerator(lib->crypto);
763 while (enumerator->enumerate(enumerator, &encryption, &plugin_name))
764 {
765 switch (encryption)
766 {
767 case ENCR_AES_GCM_ICV12:
768 case ENCR_AES_GCM_ICV8:
769 case ENCR_AES_CCM_ICV12:
770 case ENCR_AES_CCM_ICV8:
771 case ENCR_CAMELLIA_CCM_ICV12:
772 case ENCR_CAMELLIA_CCM_ICV8:
773 /* we assume that we support all AES/Camellia sizes */
774 add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 128);
775 add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 192);
776 add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 256);
777 break;
778 default:
779 break;
780 }
781 }
782 enumerator->destroy(enumerator);
783
784 if (!array_count(this->transforms))
785 {
786 return FALSE;
787 }
788 }
789 else
790 {
791 /* Round 1 adds algorithms with at least 128 bit security strength */
792 enumerator = lib->crypto->create_crypter_enumerator(lib->crypto);
793 while (enumerator->enumerate(enumerator, &encryption, &plugin_name))
794 {
795 switch (encryption)
796 {
797 case ENCR_AES_CBC:
798 case ENCR_AES_CTR:
799 case ENCR_CAMELLIA_CBC:
800 case ENCR_CAMELLIA_CTR:
801 /* we assume that we support all AES/Camellia sizes */
802 add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 128);
803 add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 192);
804 add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 256);
805 break;
806 default:
807 break;
808 }
809 }
810 enumerator->destroy(enumerator);
811
812 /* Round 2 adds algorithms with less than 128 bit security strength */
813 enumerator = lib->crypto->create_crypter_enumerator(lib->crypto);
814 while (enumerator->enumerate(enumerator, &encryption, &plugin_name))
815 {
816 switch (encryption)
817 {
818 case ENCR_3DES:
819 add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 0);
820 break;
821 case ENCR_DES:
822 /* no, thanks */
823 break;
824 default:
825 break;
826 }
827 }
828 enumerator->destroy(enumerator);
829
830 if (!array_count(this->transforms))
831 {
832 return FALSE;
833 }
834
835 /* Round 1 adds algorithms with at least 128 bit security strength */
836 enumerator = lib->crypto->create_signer_enumerator(lib->crypto);
837 while (enumerator->enumerate(enumerator, &integrity, &plugin_name))
838 {
839 switch (integrity)
840 {
841 case AUTH_HMAC_SHA2_256_128:
842 case AUTH_HMAC_SHA2_384_192:
843 case AUTH_HMAC_SHA2_512_256:
844 add_algorithm(this, INTEGRITY_ALGORITHM, integrity, 0);
845 break;
846 default:
847 break;
848 }
849 }
850 enumerator->destroy(enumerator);
851
852 /* Round 2 adds algorithms with less than 128 bit security strength */
853 enumerator = lib->crypto->create_signer_enumerator(lib->crypto);
854 while (enumerator->enumerate(enumerator, &integrity, &plugin_name))
855 {
856 switch (integrity)
857 {
858 case AUTH_AES_XCBC_96:
859 case AUTH_AES_CMAC_96:
860 case AUTH_HMAC_SHA1_96:
861 case AUTH_HMAC_MD5_96:
862 add_algorithm(this, INTEGRITY_ALGORITHM, integrity, 0);
863 break;
864 default:
865 break;
866 }
867 }
868 enumerator->destroy(enumerator);
869 }
870
871 /* Round 1 adds algorithms with at least 128 bit security strength */
872 enumerator = lib->crypto->create_prf_enumerator(lib->crypto);
873 while (enumerator->enumerate(enumerator, &prf, &plugin_name))
874 {
875 switch (prf)
876 {
877 case PRF_HMAC_SHA2_256:
878 case PRF_HMAC_SHA2_384:
879 case PRF_HMAC_SHA2_512:
880 case PRF_AES128_XCBC:
881 case PRF_AES128_CMAC:
882 add_algorithm(this, PSEUDO_RANDOM_FUNCTION, prf, 0);
883 break;
884 default:
885 break;
886 }
887 }
888 enumerator->destroy(enumerator);
889
890 /* Round 2 adds algorithms with less than 128 bit security strength */
891 enumerator = lib->crypto->create_prf_enumerator(lib->crypto);
892 while (enumerator->enumerate(enumerator, &prf, &plugin_name))
893 {
894 switch (prf)
895 {
896 case PRF_HMAC_SHA1:
897 case PRF_HMAC_MD5:
898 add_algorithm(this, PSEUDO_RANDOM_FUNCTION, prf, 0);
899 break;
900 default:
901 break;
902 }
903 }
904 enumerator->destroy(enumerator);
905
906 /* Round 1 adds ECC and NTRU algorithms with at least 128 bit security strength */
907 enumerator = lib->crypto->create_dh_enumerator(lib->crypto);
908 while (enumerator->enumerate(enumerator, &group, &plugin_name))
909 {
910 switch (group)
911 {
912 case ECP_256_BIT:
913 case ECP_384_BIT:
914 case ECP_521_BIT:
915 case ECP_256_BP:
916 case ECP_384_BP:
917 case ECP_512_BP:
918 case CURVE_25519:
919 case CURVE_448:
920 case NTRU_128_BIT:
921 case NTRU_192_BIT:
922 case NTRU_256_BIT:
923 case NH_128_BIT:
924 add_algorithm(this, DIFFIE_HELLMAN_GROUP, group, 0);
925 break;
926 default:
927 break;
928 }
929 }
930 enumerator->destroy(enumerator);
931
932 /* Round 2 adds other algorithms with at least 128 bit security strength */
933 enumerator = lib->crypto->create_dh_enumerator(lib->crypto);
934 while (enumerator->enumerate(enumerator, &group, &plugin_name))
935 {
936 switch (group)
937 {
938 case MODP_3072_BIT:
939 case MODP_4096_BIT:
940 case MODP_8192_BIT:
941 add_algorithm(this, DIFFIE_HELLMAN_GROUP, group, 0);
942 break;
943 default:
944 break;
945 }
946 }
947 enumerator->destroy(enumerator);
948
949 /* Round 3 adds algorithms with less than 128 bit security strength */
950 enumerator = lib->crypto->create_dh_enumerator(lib->crypto);
951 while (enumerator->enumerate(enumerator, &group, &plugin_name))
952 {
953 switch (group)
954 {
955 case MODP_NULL:
956 /* only for testing purposes */
957 break;
958 case MODP_768_BIT:
959 /* weak */
960 break;
961 case MODP_1024_160:
962 case MODP_2048_224:
963 case MODP_2048_256:
964 /* RFC 5114 primes are of questionable source */
965 break;
966 case MODP_1536_BIT:
967 case ECP_224_BIT:
968 case ECP_224_BP:
969 case ECP_192_BIT:
970 case NTRU_112_BIT:
971 /* rarely used */
972 break;
973 case MODP_2048_BIT:
974 case MODP_1024_BIT:
975 add_algorithm(this, DIFFIE_HELLMAN_GROUP, group, 0);
976 break;
977 default:
978 break;
979 }
980 }
981 enumerator->destroy(enumerator);
982
983 return TRUE;
984 }
985
986 /*
987 * Described in header
988 */
989 proposal_t *proposal_create_default(protocol_id_t protocol)
990 {
991 private_proposal_t *this = (private_proposal_t*)proposal_create(protocol, 0);
992
993 switch (protocol)
994 {
995 case PROTO_IKE:
996 if (!proposal_add_supported_ike(this, FALSE))
997 {
998 destroy(this);
999 return NULL;
1000 }
1001 break;
1002 case PROTO_ESP:
1003 add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128);
1004 add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192);
1005 add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256);
1006 add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_3DES, 0);
1007 add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256);
1008 add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0);
1009 add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0);
1010 add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0);
1011 add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
1012 add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0);
1013 add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0);
1014 add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
1015 break;
1016 case PROTO_AH:
1017 add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0);
1018 add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0);
1019 add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0);
1020 add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
1021 add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0);
1022 add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0);
1023 add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
1024 break;
1025 default:
1026 break;
1027 }
1028 return &this->public;
1029 }
1030
1031 /*
1032 * Described in header
1033 */
1034 proposal_t *proposal_create_default_aead(protocol_id_t protocol)
1035 {
1036 private_proposal_t *this;
1037
1038 switch (protocol)
1039 {
1040 case PROTO_IKE:
1041 this = (private_proposal_t*)proposal_create(protocol, 0);
1042 if (!proposal_add_supported_ike(this, TRUE))
1043 {
1044 destroy(this);
1045 return NULL;
1046 }
1047 return &this->public;
1048 case PROTO_ESP:
1049 /* we currently don't include any AEAD proposal for ESP, as we
1050 * don't know if our kernel backend actually supports it. */
1051 return NULL;
1052 case PROTO_AH:
1053 default:
1054 return NULL;
1055 }
1056 }
1057
1058 /*
1059 * Described in header
1060 */
1061 proposal_t *proposal_create_from_string(protocol_id_t protocol, const char *algs)
1062 {
1063 private_proposal_t *this;
1064 enumerator_t *enumerator;
1065 bool failed = TRUE;
1066 char *alg;
1067
1068 this = (private_proposal_t*)proposal_create(protocol, 0);
1069
1070 /* get all tokens, separated by '-' */
1071 enumerator = enumerator_create_token(algs, "-", " ");
1072 while (enumerator->enumerate(enumerator, &alg))
1073 {
1074 if (!add_string_algo(this, alg))
1075 {
1076 failed = TRUE;
1077 break;
1078 }
1079 failed = FALSE;
1080 }
1081 enumerator->destroy(enumerator);
1082
1083 if (failed || !check_proposal(this))
1084 {
1085 destroy(this);
1086 return NULL;
1087 }
1088
1089 return &this->public;
1090 }