moved ike_alg descriptions to crypto.c
[strongswan.git] / src / pluto / crypto.c
1 /* crypto interfaces
2 * Copyright (C) 1998-2001 D. Hugh Redelmeier
3 * Copyright (C) 2007-2009 Andreas Steffen - Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include <freeswan.h>
17
18 #include "constants.h"
19 #include "defs.h"
20 #include "crypto.h"
21 #include "log.h"
22
23 static struct encrypt_desc encrypt_desc_3des =
24 {
25 algo_type: IKE_ALG_ENCRYPT,
26 algo_id: OAKLEY_3DES_CBC,
27 algo_next: NULL,
28
29 enc_blocksize: DES_BLOCK_SIZE,
30 keydeflen: DES_BLOCK_SIZE * 3 * BITS_PER_BYTE,
31 keyminlen: DES_BLOCK_SIZE * 3 * BITS_PER_BYTE,
32 keymaxlen: DES_BLOCK_SIZE * 3 * BITS_PER_BYTE,
33 };
34
35 #define AES_KEY_MIN_LEN 128
36 #define AES_KEY_DEF_LEN 128
37 #define AES_KEY_MAX_LEN 256
38
39 static struct encrypt_desc encrypt_desc_aes =
40 {
41 algo_type: IKE_ALG_ENCRYPT,
42 algo_id: OAKLEY_AES_CBC,
43 algo_next: NULL,
44
45 enc_blocksize: AES_BLOCK_SIZE,
46 keyminlen: AES_KEY_MIN_LEN,
47 keydeflen: AES_KEY_DEF_LEN,
48 keymaxlen: AES_KEY_MAX_LEN,
49 };
50
51 #define BLOWFISH_KEY_MIN_LEN 128
52 #define BLOWFISH_KEY_MAX_LEN 448
53
54 static struct encrypt_desc encrypt_desc_blowfish =
55 {
56 algo_type: IKE_ALG_ENCRYPT,
57 algo_id: OAKLEY_BLOWFISH_CBC,
58 algo_next: NULL,
59
60 enc_blocksize: BLOWFISH_BLOCK_SIZE,
61 keyminlen: BLOWFISH_KEY_MIN_LEN,
62 keydeflen: BLOWFISH_KEY_MIN_LEN,
63 keymaxlen: BLOWFISH_KEY_MAX_LEN,
64 };
65
66 #define SERPENT_KEY_MIN_LEN 128
67 #define SERPENT_KEY_DEF_LEN 128
68 #define SERPENT_KEY_MAX_LEN 256
69
70 static struct encrypt_desc encrypt_desc_serpent =
71 {
72 algo_type: IKE_ALG_ENCRYPT,
73 algo_id: OAKLEY_SERPENT_CBC,
74 algo_next: NULL,
75
76 enc_blocksize: SERPENT_BLOCK_SIZE,
77 keyminlen: SERPENT_KEY_MIN_LEN,
78 keydeflen: SERPENT_KEY_DEF_LEN,
79 keymaxlen: SERPENT_KEY_MAX_LEN,
80 };
81
82 #define TWOFISH_KEY_MIN_LEN 128
83 #define TWOFISH_KEY_DEF_LEN 128
84 #define TWOFISH_KEY_MAX_LEN 256
85
86 static struct encrypt_desc encrypt_desc_twofish =
87 {
88 algo_type: IKE_ALG_ENCRYPT,
89 algo_id: OAKLEY_TWOFISH_CBC,
90 algo_next: NULL,
91
92 enc_blocksize: TWOFISH_BLOCK_SIZE,
93 keydeflen: TWOFISH_KEY_MIN_LEN,
94 keyminlen: TWOFISH_KEY_DEF_LEN,
95 keymaxlen: TWOFISH_KEY_MAX_LEN,
96 };
97
98 static struct encrypt_desc encrypt_desc_twofish_ssh =
99 {
100 algo_type: IKE_ALG_ENCRYPT,
101 algo_id: OAKLEY_TWOFISH_CBC_SSH,
102 algo_next: NULL,
103
104 enc_blocksize: TWOFISH_BLOCK_SIZE,
105 keydeflen: TWOFISH_KEY_MIN_LEN,
106 keyminlen: TWOFISH_KEY_DEF_LEN,
107 keymaxlen: TWOFISH_KEY_MAX_LEN,
108 };
109
110 static struct hash_desc hash_desc_md5 =
111 {
112 algo_type: IKE_ALG_HASH,
113 algo_id: OAKLEY_MD5,
114 algo_next: NULL,
115 hash_digest_size: HASH_SIZE_MD5,
116 };
117
118 static struct hash_desc hash_desc_sha1 =
119 {
120 algo_type: IKE_ALG_HASH,
121 algo_id: OAKLEY_SHA,
122 algo_next: NULL,
123 hash_digest_size: HASH_SIZE_SHA1,
124 };
125
126 static struct hash_desc hash_desc_sha2_256 = {
127 algo_type: IKE_ALG_HASH,
128 algo_id: OAKLEY_SHA2_256,
129 algo_next: NULL,
130 hash_digest_size: HASH_SIZE_SHA256,
131 };
132
133 static struct hash_desc hash_desc_sha2_384 = {
134 algo_type: IKE_ALG_HASH,
135 algo_id: OAKLEY_SHA2_384,
136 algo_next: NULL,
137 hash_digest_size: HASH_SIZE_SHA384,
138 };
139
140 static struct hash_desc hash_desc_sha2_512 = {
141 algo_type: IKE_ALG_HASH,
142 algo_id: OAKLEY_SHA2_512,
143 algo_next: NULL,
144 hash_digest_size: HASH_SIZE_SHA512,
145 };
146
147 const struct dh_desc unset_group = {
148 algo_type: IKE_ALG_DH_GROUP,
149 algo_id: MODP_NONE,
150 algo_next: NULL,
151 ke_size: 0
152 };
153
154 static struct dh_desc dh_desc_modp_1024 = {
155 algo_type: IKE_ALG_DH_GROUP,
156 algo_id: MODP_1024_BIT,
157 algo_next: NULL,
158 ke_size: 1024 / BITS_PER_BYTE
159 };
160
161 static struct dh_desc dh_desc_modp_1536 = {
162 algo_type: IKE_ALG_DH_GROUP,
163 algo_id: MODP_1536_BIT,
164 algo_next: NULL,
165 ke_size: 1536 / BITS_PER_BYTE
166 };
167
168 static struct dh_desc dh_desc_modp_2048 = {
169 algo_type: IKE_ALG_DH_GROUP,
170 algo_id: MODP_2048_BIT,
171 algo_next: NULL,
172 ke_size: 2048 / BITS_PER_BYTE
173 };
174
175 static struct dh_desc dh_desc_modp_3072 = {
176 algo_type: IKE_ALG_DH_GROUP,
177 algo_id: MODP_3072_BIT,
178 algo_next: NULL,
179 ke_size: 3072 / BITS_PER_BYTE
180 };
181
182 static struct dh_desc dh_desc_modp_4096 = {
183 algo_type: IKE_ALG_DH_GROUP,
184 algo_id: MODP_4096_BIT,
185 algo_next: NULL,
186 ke_size: 4096 / BITS_PER_BYTE
187 };
188
189 static struct dh_desc dh_desc_modp_6144 = {
190 algo_type: IKE_ALG_DH_GROUP,
191 algo_id: MODP_6144_BIT,
192 algo_next: NULL,
193 ke_size: 6144 / BITS_PER_BYTE
194 };
195
196 static struct dh_desc dh_desc_modp_8192 = {
197 algo_type: IKE_ALG_DH_GROUP,
198 algo_id: MODP_8192_BIT,
199 algo_next: NULL,
200 ke_size: 8192 / BITS_PER_BYTE
201 };
202
203 static struct dh_desc dh_desc_ecp_256 = {
204 algo_type: IKE_ALG_DH_GROUP,
205 algo_id: ECP_256_BIT,
206 algo_next: NULL,
207 ke_size: 2*256 / BITS_PER_BYTE
208 };
209
210 static struct dh_desc dh_desc_ecp_384 = {
211 algo_type: IKE_ALG_DH_GROUP,
212 algo_id: ECP_384_BIT,
213 algo_next: NULL,
214 ke_size: 2*384 / BITS_PER_BYTE
215 };
216
217 static struct dh_desc dh_desc_ecp_521 = {
218 algo_type: IKE_ALG_DH_GROUP,
219 algo_id: ECP_521_BIT,
220 algo_next: NULL,
221 ke_size: 2*528 / BITS_PER_BYTE
222 };
223
224 static struct dh_desc dh_desc_ecp_192 = {
225 algo_type: IKE_ALG_DH_GROUP,
226 algo_id: ECP_192_BIT,
227 algo_next: NULL,
228 ke_size: 2*192 / BITS_PER_BYTE
229 };
230
231 static struct dh_desc dh_desc_ecp_224 = {
232 algo_type: IKE_ALG_DH_GROUP,
233 algo_id: ECP_224_BIT,
234 algo_next: NULL,
235 ke_size: 2*224 / BITS_PER_BYTE
236 };
237
238 void init_crypto(void)
239 {
240 enumerator_t *enumerator;
241 encryption_algorithm_t encryption_alg;
242 hash_algorithm_t hash_alg;
243 diffie_hellman_group_t dh_group;
244 bool no_md5 = TRUE;
245 bool no_sha1 = TRUE;
246
247 enumerator = lib->crypto->create_hasher_enumerator(lib->crypto);
248 while (enumerator->enumerate(enumerator, &hash_alg))
249 {
250 const struct hash_desc *desc;
251
252 switch (hash_alg)
253 {
254 case HASH_SHA1:
255 desc = &hash_desc_sha1;
256 no_sha1 = FALSE;
257 break;
258 case HASH_SHA256:
259 desc = &hash_desc_sha2_256;
260 break;
261 case HASH_SHA384:
262 desc = &hash_desc_sha2_384;
263 break;
264 case HASH_SHA512:
265 desc = &hash_desc_sha2_512;
266 break;
267 case HASH_MD5:
268 desc = &hash_desc_md5;
269 no_md5 = FALSE;
270 break;
271 default:
272 continue;
273 }
274 ike_alg_add((struct ike_alg *)desc);
275 }
276 enumerator->destroy(enumerator);
277
278 if (no_sha1)
279 {
280 exit_log("pluto cannot run without a SHA-1 hasher");
281 }
282 if (no_md5)
283 {
284 exit_log("pluto cannot run without an MD5 hasher");
285 }
286
287 enumerator = lib->crypto->create_crypter_enumerator(lib->crypto);
288 while (enumerator->enumerate(enumerator, &encryption_alg))
289 {
290 const struct encrypt_desc *desc;
291
292 switch (encryption_alg)
293 {
294 case ENCR_3DES:
295 desc = &encrypt_desc_3des;
296 break;
297 case ENCR_BLOWFISH:
298 desc = &encrypt_desc_blowfish;
299 break;
300 case ENCR_AES_CBC:
301 desc = &encrypt_desc_aes;
302 break;
303 case ENCR_TWOFISH_CBC:
304 desc = &encrypt_desc_twofish;
305 ike_alg_add((struct ike_alg *)&encrypt_desc_twofish_ssh);
306 break;
307 case ENCR_SERPENT_CBC:
308 desc = &encrypt_desc_serpent;
309 break;
310 default:
311 continue;
312 }
313 ike_alg_add((struct ike_alg *)desc);
314 }
315 enumerator->destroy(enumerator);
316
317 enumerator = lib->crypto->create_dh_enumerator(lib->crypto);
318 while (enumerator->enumerate(enumerator, &dh_group))
319 {
320 const struct dh_desc *desc;
321
322 switch (dh_group)
323 {
324 case MODP_1024_BIT:
325 desc = &dh_desc_modp_1024;
326 break;
327 case MODP_1536_BIT:
328 desc = &dh_desc_modp_1536;
329 break;
330 case MODP_2048_BIT:
331 desc = &dh_desc_modp_2048;
332 break;
333 case MODP_3072_BIT:
334 desc = &dh_desc_modp_3072;
335 break;
336 case MODP_4096_BIT:
337 desc = &dh_desc_modp_4096;
338 break;
339 case MODP_6144_BIT:
340 desc = &dh_desc_modp_6144;
341 break;
342 case MODP_8192_BIT:
343 desc = &dh_desc_modp_8192;
344 break;
345 case ECP_256_BIT:
346 desc = &dh_desc_ecp_256;
347 break;
348 case ECP_384_BIT:
349 desc = &dh_desc_ecp_384;
350 break;
351 case ECP_521_BIT:
352 desc = &dh_desc_ecp_521;
353 break;
354 case ECP_192_BIT:
355 desc = &dh_desc_ecp_192;
356 break;
357 case ECP_224_BIT:
358 desc = &dh_desc_ecp_224;
359 break;
360 default:
361 continue;
362 }
363 ike_alg_add((struct ike_alg *)desc);
364 }
365 enumerator->destroy(enumerator);
366 }
367
368 void free_crypto(void)
369 {
370 /* currently nothing to do */
371 }
372
373 /**
374 * Converts IKEv1 encryption algorithm name to crypter name
375 */
376 encryption_algorithm_t oakley_to_encryption_algorithm(int alg)
377 {
378 switch (alg)
379 {
380 case OAKLEY_DES_CBC:
381 return ENCR_DES;
382 case OAKLEY_IDEA_CBC:
383 return ENCR_IDEA;
384 case OAKLEY_BLOWFISH_CBC:
385 return ENCR_BLOWFISH;
386 case OAKLEY_RC5_R16_B64_CBC:
387 return ENCR_RC5;
388 case OAKLEY_3DES_CBC:
389 return ENCR_3DES;
390 case OAKLEY_CAST_CBC:
391 return ENCR_CAST;
392 case OAKLEY_AES_CBC:
393 return ENCR_AES_CBC;
394 case OAKLEY_SERPENT_CBC:
395 return ENCR_SERPENT_CBC;
396 case OAKLEY_TWOFISH_CBC:
397 case OAKLEY_TWOFISH_CBC_SSH:
398 return ENCR_TWOFISH_CBC;
399 default:
400 return ENCR_UNDEFINED;
401 }
402 }
403
404 /**
405 * Converts IKEv1 hash algorithm name to hasher name
406 */
407 hash_algorithm_t oakley_to_hash_algorithm(int alg)
408 {
409 switch (alg)
410 {
411 case OAKLEY_MD5:
412 return HASH_MD5;
413 case OAKLEY_SHA:
414 return HASH_SHA1;
415 case OAKLEY_SHA2_256:
416 return HASH_SHA256;
417 case OAKLEY_SHA2_384:
418 return HASH_SHA384;
419 case OAKLEY_SHA2_512:
420 return HASH_SHA512;
421 default:
422 return HASH_UNKNOWN;
423 }
424 }
425
426 /**
427 * Converts IKEv1 hash algorithm name to IKEv2 prf name
428 */
429 pseudo_random_function_t oakley_to_prf(int alg)
430 {
431 switch (alg)
432 {
433 case OAKLEY_MD5:
434 return PRF_HMAC_MD5;
435 case OAKLEY_SHA:
436 return PRF_HMAC_SHA1;
437 case OAKLEY_SHA2_256:
438 return PRF_HMAC_SHA2_256;
439 case OAKLEY_SHA2_384:
440 return PRF_HMAC_SHA2_384;
441 case OAKLEY_SHA2_512:
442 return PRF_HMAC_SHA2_512;
443 default:
444 return PRF_UNDEFINED;
445 }
446 }
447
448 /**
449 * Maps IKEv1 authentication method to IKEv2 signature scheme
450 */
451 signature_scheme_t oakley_to_signature_scheme(int method)
452 {
453 switch (method)
454 {
455 case OAKLEY_RSA_SIG:
456 case XAUTHInitRSA:
457 case XAUTHRespRSA:
458 return SIGN_RSA_EMSA_PKCS1_NULL;
459 case OAKLEY_ECDSA_256:
460 case OAKLEY_ECDSA_384:
461 case OAKLEY_ECDSA_521:
462 return SIGN_ECDSA_WITH_NULL;
463 default:
464 return SIGN_UNKNOWN;
465 }
466 }
467
468 /**
469 * Converts IKEv2 encryption to IKEv1 encryption algorithm
470 */
471 int oakley_from_encryption_algorithm(encryption_algorithm_t alg)
472 {
473 switch (alg)
474 {
475 case ENCR_DES:
476 return OAKLEY_DES_CBC;
477 case ENCR_3DES:
478 return OAKLEY_3DES_CBC;
479 case ENCR_RC5:
480 return OAKLEY_RC5_R16_B64_CBC;
481 case ENCR_IDEA:
482 return OAKLEY_IDEA_CBC;
483 case ENCR_CAST:
484 return OAKLEY_CAST_CBC;
485 case ENCR_BLOWFISH:
486 return OAKLEY_BLOWFISH_CBC;
487 case ENCR_AES_CBC:
488 return OAKLEY_AES_CBC;
489 case ENCR_CAMELLIA_CBC:
490 return OAKLEY_CAMELLIA_CBC;
491 case ENCR_SERPENT_CBC:
492 return OAKLEY_SERPENT_CBC;
493 case ENCR_TWOFISH_CBC:
494 return OAKLEY_TWOFISH_CBC;
495 default:
496 return 0;
497 }
498 }
499
500 /**
501 * Converts IKEv2 integrity to IKEv1 hash algorithm
502 */
503 int oakley_from_integrity_algorithm(integrity_algorithm_t alg)
504 {
505 switch (alg)
506 {
507 case AUTH_HMAC_MD5_96:
508 return OAKLEY_MD5;
509 case AUTH_HMAC_SHA1_96:
510 return OAKLEY_SHA;
511 case AUTH_HMAC_SHA2_256_128:
512 return OAKLEY_SHA2_256;
513 case AUTH_HMAC_SHA2_384_192:
514 return OAKLEY_SHA2_384;
515 case AUTH_HMAC_SHA2_512_256:
516 return OAKLEY_SHA2_512;
517 default:
518 return 0;
519 }
520 }
521
522 /**
523 * Converts IKEv2 encryption to IKEv1 ESP encryption algorithm
524 */
525 int esp_from_encryption_algorithm(encryption_algorithm_t alg)
526 {
527 switch (alg)
528 {
529 case ENCR_DES:
530 return ESP_DES;
531 case ENCR_3DES:
532 return ESP_3DES;
533 case ENCR_RC5:
534 return ESP_RC5;
535 case ENCR_IDEA:
536 return ESP_IDEA;
537 case ENCR_CAST:
538 return ESP_CAST;
539 case ENCR_BLOWFISH:
540 return ESP_BLOWFISH;
541 case ENCR_NULL:
542 return ESP_NULL;
543 case ENCR_AES_CBC:
544 return ESP_AES;
545 case ENCR_AES_CTR:
546 return ESP_AES_CTR;
547 case ENCR_AES_CCM_ICV8:
548 return ESP_AES_CCM_8;
549 case ENCR_AES_CCM_ICV12:
550 return ESP_AES_CCM_12;
551 case ENCR_AES_CCM_ICV16:
552 return ESP_AES_CCM_16;
553 case ENCR_AES_GCM_ICV8:
554 return ESP_AES_GCM_8;
555 case ENCR_AES_GCM_ICV12:
556 return ESP_AES_GCM_12;
557 case ENCR_AES_GCM_ICV16:
558 return ESP_AES_GCM_16;
559 case ENCR_CAMELLIA_CBC:
560 return ESP_CAMELLIA;
561 case ENCR_SERPENT_CBC:
562 return ESP_SERPENT;
563 case ENCR_TWOFISH_CBC:
564 return ESP_TWOFISH;
565 default:
566 return 0;
567 }
568 }
569
570 /**
571 * Converts IKEv2 integrity to IKEv1 ESP authentication algorithm
572 */
573 int esp_from_integrity_algorithm(integrity_algorithm_t alg)
574 {
575 switch (alg)
576 {
577 case AUTH_HMAC_MD5_96:
578 return AUTH_ALGORITHM_HMAC_MD5;
579 case AUTH_HMAC_SHA1_96:
580 return AUTH_ALGORITHM_HMAC_SHA1;
581 case AUTH_AES_XCBC_96:
582 return AUTH_ALGORITHM_AES_XCBC_MAC;
583 case AUTH_HMAC_SHA2_256_128:
584 return AUTH_ALGORITHM_HMAC_SHA2_256;
585 case AUTH_HMAC_SHA2_384_192:
586 return AUTH_ALGORITHM_HMAC_SHA2_384;
587 case AUTH_HMAC_SHA2_512_256:
588 return AUTH_ALGORITHM_HMAC_SHA2_512;
589 default:
590 return 0;
591 }
592 }