charon-nm: Set DPD/close action to restart and enable indefinite keying tries
[strongswan.git] / src / libstrongswan / credentials / keys / public_key.c
1 /*
2 * Copyright (C) 2015-2017 Tobias Brunner
3 * Copyright (C) 2014-2016 Andreas Steffen
4 * Copyright (C) 2007 Martin Willi
5 * HSR Hochschule fuer Technik Rapperswil
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 *
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * for more details.
16 */
17
18 #include <asn1/oid.h>
19
20 #include "public_key.h"
21 #include "signature_params.h"
22
23 ENUM(key_type_names, KEY_ANY, KEY_BLISS,
24 "ANY",
25 "RSA",
26 "ECDSA",
27 "DSA",
28 "ED25519",
29 "ED448",
30 "BLISS"
31 );
32
33 ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_BLISS_WITH_SHA3_512,
34 "UNKNOWN",
35 "RSA_EMSA_PKCS1_NULL",
36 "RSA_EMSA_PKCS1_MD5",
37 "RSA_EMSA_PKCS1_SHA1",
38 "RSA_EMSA_PKCS1_SHA2_224",
39 "RSA_EMSA_PKCS1_SHA2_256",
40 "RSA_EMSA_PKCS1_SHA2_384",
41 "RSA_EMSA_PKCS1_SHA2_512",
42 "RSA_EMSA_PKCS1_SHA3_224",
43 "RSA_EMSA_PKCS1_SHA3_256",
44 "RSA_EMSA_PKCS1_SHA3_384",
45 "RSA_EMSA_PKCS1_SHA3_512",
46 "RSA_EMSA_PSS",
47 "ECDSA_WITH_SHA1_DER",
48 "ECDSA_WITH_SHA256_DER",
49 "ECDSA_WITH_SHA384_DER",
50 "ECDSA_WITH_SHA512_DER",
51 "ECDSA_WITH_NULL",
52 "ECDSA-256",
53 "ECDSA-384",
54 "ECDSA-521",
55 "ED25519",
56 "ED448",
57 "BLISS_WITH_SHA2_256",
58 "BLISS_WITH_SHA2_384",
59 "BLISS_WITH_SHA2_512",
60 "BLISS_WITH_SHA3_256",
61 "BLISS_WITH_SHA3_384",
62 "BLISS_WITH_SHA3_512",
63 );
64
65 ENUM(encryption_scheme_names, ENCRYPT_UNKNOWN, ENCRYPT_RSA_OAEP_SHA512,
66 "ENCRYPT_UNKNOWN",
67 "ENCRYPT_RSA_PKCS1",
68 "ENCRYPT_RSA_OAEP_SHA1",
69 "ENCRYPT_RSA_OAEP_SHA224",
70 "ENCRYPT_RSA_OAEP_SHA256",
71 "ENCRYPT_RSA_OAEP_SHA384",
72 "ENCRYPT_RSA_OAEP_SHA512",
73 );
74
75 /**
76 * See header.
77 */
78 bool public_key_equals(public_key_t *this, public_key_t *other)
79 {
80 cred_encoding_type_t type;
81 chunk_t a, b;
82
83 if (this == other)
84 {
85 return TRUE;
86 }
87
88 for (type = 0; type < CRED_ENCODING_MAX; type++)
89 {
90 if (this->get_fingerprint(this, type, &a) &&
91 other->get_fingerprint(other, type, &b))
92 {
93 return chunk_equals(a, b);
94 }
95 }
96 return FALSE;
97 }
98
99 /**
100 * See header.
101 */
102 bool public_key_has_fingerprint(public_key_t *public, chunk_t fingerprint)
103 {
104 cred_encoding_type_t type;
105 chunk_t current;
106
107 for (type = 0; type < KEYID_MAX; type++)
108 {
109 if (public->get_fingerprint(public, type, &current) &&
110 chunk_equals(current, fingerprint))
111 {
112 return TRUE;
113 }
114 }
115 return FALSE;
116 }
117
118 /*
119 * Defined in header.
120 */
121 signature_scheme_t signature_scheme_from_oid(int oid)
122 {
123 switch (oid)
124 {
125 case OID_MD5_WITH_RSA:
126 case OID_MD5:
127 return SIGN_RSA_EMSA_PKCS1_MD5;
128 case OID_SHA1_WITH_RSA:
129 case OID_SHA1:
130 return SIGN_RSA_EMSA_PKCS1_SHA1;
131 case OID_SHA224_WITH_RSA:
132 case OID_SHA224:
133 return SIGN_RSA_EMSA_PKCS1_SHA2_224;
134 case OID_SHA256_WITH_RSA:
135 case OID_SHA256:
136 return SIGN_RSA_EMSA_PKCS1_SHA2_256;
137 case OID_SHA384_WITH_RSA:
138 case OID_SHA384:
139 return SIGN_RSA_EMSA_PKCS1_SHA2_384;
140 case OID_SHA512_WITH_RSA:
141 case OID_SHA512:
142 return SIGN_RSA_EMSA_PKCS1_SHA2_512;
143 case OID_RSASSA_PKCS1V15_WITH_SHA3_224:
144 return SIGN_RSA_EMSA_PKCS1_SHA3_224;
145 case OID_RSASSA_PKCS1V15_WITH_SHA3_256:
146 return SIGN_RSA_EMSA_PKCS1_SHA3_256;
147 case OID_RSASSA_PKCS1V15_WITH_SHA3_384:
148 return SIGN_RSA_EMSA_PKCS1_SHA3_384;
149 case OID_RSASSA_PKCS1V15_WITH_SHA3_512:
150 return SIGN_RSA_EMSA_PKCS1_SHA3_512;
151 case OID_RSASSA_PSS:
152 return SIGN_RSA_EMSA_PSS;
153 case OID_ECDSA_WITH_SHA1:
154 case OID_EC_PUBLICKEY:
155 return SIGN_ECDSA_WITH_SHA1_DER;
156 case OID_ECDSA_WITH_SHA256:
157 return SIGN_ECDSA_WITH_SHA256_DER;
158 case OID_ECDSA_WITH_SHA384:
159 return SIGN_ECDSA_WITH_SHA384_DER;
160 case OID_ECDSA_WITH_SHA512:
161 return SIGN_ECDSA_WITH_SHA512_DER;
162 case OID_ED25519:
163 return SIGN_ED25519;
164 case OID_ED448:
165 return SIGN_ED448;
166 case OID_BLISS_PUBLICKEY:
167 case OID_BLISS_WITH_SHA2_512:
168 return SIGN_BLISS_WITH_SHA2_512;
169 case OID_BLISS_WITH_SHA2_384:
170 return SIGN_BLISS_WITH_SHA2_384;
171 case OID_BLISS_WITH_SHA2_256:
172 return SIGN_BLISS_WITH_SHA2_256;
173 case OID_BLISS_WITH_SHA3_512:
174 return SIGN_BLISS_WITH_SHA3_512;
175 case OID_BLISS_WITH_SHA3_384:
176 return SIGN_BLISS_WITH_SHA3_384;
177 case OID_BLISS_WITH_SHA3_256:
178 return SIGN_BLISS_WITH_SHA3_256;
179 }
180 return SIGN_UNKNOWN;
181 }
182
183 /*
184 * Defined in header.
185 */
186 int signature_scheme_to_oid(signature_scheme_t scheme)
187 {
188 switch (scheme)
189 {
190 case SIGN_UNKNOWN:
191 case SIGN_RSA_EMSA_PKCS1_NULL:
192 case SIGN_ECDSA_WITH_NULL:
193 case SIGN_ECDSA_256:
194 case SIGN_ECDSA_384:
195 case SIGN_ECDSA_521:
196 break;
197 case SIGN_RSA_EMSA_PKCS1_MD5:
198 return OID_MD5_WITH_RSA;
199 case SIGN_RSA_EMSA_PKCS1_SHA1:
200 return OID_SHA1_WITH_RSA;
201 case SIGN_RSA_EMSA_PKCS1_SHA2_224:
202 return OID_SHA224_WITH_RSA;
203 case SIGN_RSA_EMSA_PKCS1_SHA2_256:
204 return OID_SHA256_WITH_RSA;
205 case SIGN_RSA_EMSA_PKCS1_SHA2_384:
206 return OID_SHA384_WITH_RSA;
207 case SIGN_RSA_EMSA_PKCS1_SHA2_512:
208 return OID_SHA512_WITH_RSA;
209 case SIGN_RSA_EMSA_PKCS1_SHA3_224:
210 return OID_RSASSA_PKCS1V15_WITH_SHA3_224;
211 case SIGN_RSA_EMSA_PKCS1_SHA3_256:
212 return OID_RSASSA_PKCS1V15_WITH_SHA3_256;
213 case SIGN_RSA_EMSA_PKCS1_SHA3_384:
214 return OID_RSASSA_PKCS1V15_WITH_SHA3_384;
215 case SIGN_RSA_EMSA_PKCS1_SHA3_512:
216 return OID_RSASSA_PKCS1V15_WITH_SHA3_384;
217 case SIGN_RSA_EMSA_PSS:
218 return OID_RSASSA_PSS;
219 case SIGN_ECDSA_WITH_SHA1_DER:
220 return OID_ECDSA_WITH_SHA1;
221 case SIGN_ECDSA_WITH_SHA256_DER:
222 return OID_ECDSA_WITH_SHA256;
223 case SIGN_ECDSA_WITH_SHA384_DER:
224 return OID_ECDSA_WITH_SHA384;
225 case SIGN_ECDSA_WITH_SHA512_DER:
226 return OID_ECDSA_WITH_SHA512;
227 case SIGN_ED25519:
228 return OID_ED25519;
229 case SIGN_ED448:
230 return OID_ED448;
231 case SIGN_BLISS_WITH_SHA2_256:
232 return OID_BLISS_WITH_SHA2_256;
233 case SIGN_BLISS_WITH_SHA2_384:
234 return OID_BLISS_WITH_SHA2_384;
235 case SIGN_BLISS_WITH_SHA2_512:
236 return OID_BLISS_WITH_SHA2_512;
237 case SIGN_BLISS_WITH_SHA3_256:
238 return OID_BLISS_WITH_SHA3_256;
239 case SIGN_BLISS_WITH_SHA3_384:
240 return OID_BLISS_WITH_SHA3_384;
241 case SIGN_BLISS_WITH_SHA3_512:
242 return OID_BLISS_WITH_SHA3_512;
243 }
244 return OID_UNKNOWN;
245 }
246
247 /**
248 * Parameters for RSA/PSS signature schemes
249 */
250 #define PSS_PARAMS(bits) static rsa_pss_params_t pss_params_sha##bits = { \
251 .hash = HASH_SHA##bits, \
252 .mgf1_hash = HASH_SHA##bits, \
253 .salt_len = HASH_SIZE_SHA##bits, \
254 }
255
256 PSS_PARAMS(256);
257 PSS_PARAMS(384);
258 PSS_PARAMS(512);
259
260 /**
261 * Map for signature schemes to the key type and maximum key size allowed.
262 * We only cover schemes with hash algorithms supported by IKEv2 signature
263 * authentication.
264 */
265 static struct {
266 key_type_t type;
267 int max_keysize;
268 signature_params_t params;
269 } scheme_map[] = {
270 { KEY_RSA, 3072, { .scheme = SIGN_RSA_EMSA_PSS, .params = &pss_params_sha256, }},
271 { KEY_RSA, 7680, { .scheme = SIGN_RSA_EMSA_PSS, .params = &pss_params_sha384, }},
272 { KEY_RSA, 0, { .scheme = SIGN_RSA_EMSA_PSS, .params = &pss_params_sha512, }},
273 { KEY_RSA, 3072, { .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256 }},
274 { KEY_RSA, 7680, { .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_384 }},
275 { KEY_RSA, 0, { .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512 }},
276 { KEY_ECDSA, 256, { .scheme = SIGN_ECDSA_WITH_SHA256_DER }},
277 { KEY_ECDSA, 384, { .scheme = SIGN_ECDSA_WITH_SHA384_DER }},
278 { KEY_ECDSA, 0, { .scheme = SIGN_ECDSA_WITH_SHA512_DER }},
279 { KEY_ED25519, 0, { .scheme = SIGN_ED25519 }},
280 { KEY_ED448, 0, { .scheme = SIGN_ED448 }},
281 { KEY_BLISS, 128, { .scheme = SIGN_BLISS_WITH_SHA2_256 }},
282 { KEY_BLISS, 192, { .scheme = SIGN_BLISS_WITH_SHA2_384 }},
283 { KEY_BLISS, 0, { .scheme = SIGN_BLISS_WITH_SHA2_512 }},
284 };
285
286 /**
287 * Private data for signature scheme enumerator
288 */
289 typedef struct {
290 enumerator_t public;
291 int index;
292 key_type_t type;
293 int size;
294 } private_enumerator_t;
295
296 METHOD(enumerator_t, signature_schemes_enumerate, bool,
297 private_enumerator_t *this, va_list args)
298 {
299 signature_params_t **params;
300
301 VA_ARGS_VGET(args, params);
302
303 while (++this->index < countof(scheme_map))
304 {
305 if (this->type == scheme_map[this->index].type &&
306 (this->size <= scheme_map[this->index].max_keysize ||
307 !scheme_map[this->index].max_keysize))
308 {
309 *params = &scheme_map[this->index].params;
310 return TRUE;
311 }
312 }
313 return FALSE;
314 }
315
316 /*
317 * Defined in header.
318 */
319 enumerator_t *signature_schemes_for_key(key_type_t type, int size)
320 {
321 private_enumerator_t *this;
322
323 INIT(this,
324 .public = {
325 .enumerate = enumerator_enumerate_default,
326 .venumerate = _signature_schemes_enumerate,
327 .destroy = (void*)free,
328 },
329 .index = -1,
330 .type = type,
331 .size = size,
332 );
333
334 return &this->public;
335 }
336
337 /*
338 * Defined in header.
339 */
340 key_type_t key_type_from_signature_scheme(signature_scheme_t scheme)
341 {
342 switch (scheme)
343 {
344 case SIGN_UNKNOWN:
345 break;
346 case SIGN_RSA_EMSA_PKCS1_NULL:
347 case SIGN_RSA_EMSA_PKCS1_MD5:
348 case SIGN_RSA_EMSA_PKCS1_SHA1:
349 case SIGN_RSA_EMSA_PKCS1_SHA2_224:
350 case SIGN_RSA_EMSA_PKCS1_SHA2_256:
351 case SIGN_RSA_EMSA_PKCS1_SHA2_384:
352 case SIGN_RSA_EMSA_PKCS1_SHA2_512:
353 case SIGN_RSA_EMSA_PKCS1_SHA3_224:
354 case SIGN_RSA_EMSA_PKCS1_SHA3_256:
355 case SIGN_RSA_EMSA_PKCS1_SHA3_384:
356 case SIGN_RSA_EMSA_PKCS1_SHA3_512:
357 case SIGN_RSA_EMSA_PSS:
358 return KEY_RSA;
359 case SIGN_ECDSA_WITH_SHA1_DER:
360 case SIGN_ECDSA_WITH_SHA256_DER:
361 case SIGN_ECDSA_WITH_SHA384_DER:
362 case SIGN_ECDSA_WITH_SHA512_DER:
363 case SIGN_ECDSA_WITH_NULL:
364 case SIGN_ECDSA_256:
365 case SIGN_ECDSA_384:
366 case SIGN_ECDSA_521:
367 return KEY_ECDSA;
368 case SIGN_ED25519:
369 return KEY_ED25519;
370 case SIGN_ED448:
371 return KEY_ED448;
372 case SIGN_BLISS_WITH_SHA2_256:
373 case SIGN_BLISS_WITH_SHA2_384:
374 case SIGN_BLISS_WITH_SHA2_512:
375 case SIGN_BLISS_WITH_SHA3_256:
376 case SIGN_BLISS_WITH_SHA3_384:
377 case SIGN_BLISS_WITH_SHA3_512:
378 return KEY_BLISS;
379 }
380 return KEY_ANY;
381 }