support of ESP AES_XCBC_96
[strongswan.git] / src / pluto / crypto.c
1 /* crypto interfaces
2 * Copyright (C) 1998-2001 D. Hugh Redelmeier
3 * Copyright (C) 2007-2009 Andreas Steffen
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include <gmp.h>
17
18 #include <freeswan.h>
19 #include <ipsec_policy.h>
20
21 #include "constants.h"
22 #include "defs.h"
23 #include "crypto.h"
24 #include "ike_alg.h"
25 #include "log.h"
26
27 extern struct encrypt_desc encrypt_desc_3des;
28 extern struct encrypt_desc encrypt_desc_blowfish;
29 extern struct encrypt_desc encrypt_desc_aes;
30 extern struct encrypt_desc encrypt_desc_twofish;
31 extern struct encrypt_desc encrypt_desc_twofish_ssh;
32 extern struct encrypt_desc encrypt_desc_serpent;
33
34 extern struct hash_desc hash_desc_md5;
35 extern struct hash_desc hash_desc_sha1;
36 extern struct hash_desc hash_desc_sha2_256;
37 extern struct hash_desc hash_desc_sha2_384;
38 extern struct hash_desc hash_desc_sha2_512;
39
40 /* moduli and generator. */
41
42 static MP_INT
43 modp1024_modulus,
44 modp1536_modulus,
45 modp2048_modulus,
46 modp3072_modulus,
47 modp4096_modulus,
48 modp6144_modulus,
49 modp8192_modulus;
50
51 MP_INT groupgenerator; /* MODP group generator (2) */
52
53
54
55 void init_crypto(void)
56 {
57 enumerator_t *enumerator;
58 encryption_algorithm_t encryption_alg;
59 hash_algorithm_t hash_alg;
60 bool no_md5 = TRUE;
61 bool no_sha1 = TRUE;
62
63 enumerator = lib->crypto->create_hasher_enumerator(lib->crypto);
64 while (enumerator->enumerate(enumerator, &hash_alg))
65 {
66 const struct hash_desc *desc;
67
68 switch (hash_alg)
69 {
70 case HASH_SHA1:
71 desc = &hash_desc_sha1;
72 no_sha1 = FALSE;
73 break;
74 case HASH_SHA256:
75 desc = &hash_desc_sha2_256;
76 break;
77 case HASH_SHA384:
78 desc = &hash_desc_sha2_384;
79 break;
80 case HASH_SHA512:
81 desc = &hash_desc_sha2_512;
82 break;
83 case HASH_MD5:
84 desc = &hash_desc_md5;
85 no_md5 = FALSE;
86 break;
87 default:
88 continue;
89 }
90 ike_alg_add((struct ike_alg *)desc);
91 }
92 enumerator->destroy(enumerator);
93
94 if (no_sha1)
95 {
96 exit_log("pluto cannot run without a SHA-1 hasher");
97 }
98 if (no_md5)
99 {
100 exit_log("pluto cannot run without an MD5 hasher");
101 }
102
103 enumerator = lib->crypto->create_crypter_enumerator(lib->crypto);
104 while (enumerator->enumerate(enumerator, &encryption_alg))
105 {
106 const struct encrypt_desc *desc;
107
108 switch (encryption_alg)
109 {
110 case ENCR_3DES:
111 desc = &encrypt_desc_3des;
112 break;
113 case ENCR_BLOWFISH:
114 desc = &encrypt_desc_blowfish;
115 break;
116 case ENCR_AES_CBC:
117 desc = &encrypt_desc_aes;
118 break;
119 case ENCR_TWOFISH_CBC:
120 desc = &encrypt_desc_twofish;
121 ike_alg_add((struct ike_alg *)&encrypt_desc_twofish_ssh);
122 break;
123 case ENCR_SERPENT_CBC:
124 desc = &encrypt_desc_serpent;
125 break;
126 default:
127 continue;
128 }
129 ike_alg_add((struct ike_alg *)desc);
130 }
131 enumerator->destroy(enumerator);
132
133 if (mpz_init_set_str(&groupgenerator, MODP_GENERATOR, 10) != 0
134 || mpz_init_set_str(&modp1024_modulus, MODP1024_MODULUS, 16) != 0
135 || mpz_init_set_str(&modp1536_modulus, MODP1536_MODULUS, 16) != 0
136 || mpz_init_set_str(&modp2048_modulus, MODP2048_MODULUS, 16) != 0
137 || mpz_init_set_str(&modp3072_modulus, MODP3072_MODULUS, 16) != 0
138 || mpz_init_set_str(&modp4096_modulus, MODP4096_MODULUS, 16) != 0
139 || mpz_init_set_str(&modp6144_modulus, MODP6144_MODULUS, 16) != 0
140 || mpz_init_set_str(&modp8192_modulus, MODP8192_MODULUS, 16) != 0)
141 {
142 exit_log("mpz_init_set_str() failed in init_crypto()");
143 }
144 #ifdef SELF_TEST
145 if (!ike_alg_test())
146 {
147 exit_log("pluto cannot run due to failed crypto self-test");
148 }
149 #endif
150 }
151
152 void free_crypto(void)
153 {
154 mpz_clear(&groupgenerator);
155 mpz_clear(&modp1024_modulus);
156 mpz_clear(&modp1536_modulus);
157 mpz_clear(&modp2048_modulus);
158 mpz_clear(&modp3072_modulus);
159 mpz_clear(&modp4096_modulus);
160 mpz_clear(&modp6144_modulus);
161 mpz_clear(&modp8192_modulus);
162 }
163
164 /* Oakley group description
165 *
166 * See RFC2409 "The Internet key exchange (IKE)" 6.
167 */
168
169 const struct oakley_group_desc unset_group = {0, NULL, 0}; /* magic signifier */
170
171 const struct oakley_group_desc oakley_group[OAKLEY_GROUP_SIZE] = {
172 # define BYTES(bits) (((bits) + BITS_PER_BYTE - 1) / BITS_PER_BYTE)
173 { OAKLEY_GROUP_MODP1024, &modp1024_modulus, BYTES(1024) },
174 { OAKLEY_GROUP_MODP1536, &modp1536_modulus, BYTES(1536) },
175 { OAKLEY_GROUP_MODP2048, &modp2048_modulus, BYTES(2048) },
176 { OAKLEY_GROUP_MODP3072, &modp3072_modulus, BYTES(3072) },
177 { OAKLEY_GROUP_MODP4096, &modp4096_modulus, BYTES(4096) },
178 { OAKLEY_GROUP_MODP6144, &modp6144_modulus, BYTES(6144) },
179 { OAKLEY_GROUP_MODP8192, &modp8192_modulus, BYTES(8192) },
180 # undef BYTES
181 };
182
183 const struct oakley_group_desc *lookup_group(u_int16_t group)
184 {
185 int i;
186
187 for (i = 0; i != countof(oakley_group); i++)
188 if (group == oakley_group[i].group)
189 return &oakley_group[i];
190 return NULL;
191 }
192
193 /**
194 * Converts IKEv1 encryption algorithm name to crypter name
195 */
196 encryption_algorithm_t oakley_to_encryption_algorithm(int alg)
197 {
198 switch (alg)
199 {
200 case OAKLEY_DES_CBC:
201 return ENCR_DES;
202 case OAKLEY_IDEA_CBC:
203 return ENCR_IDEA;
204 case OAKLEY_BLOWFISH_CBC:
205 return ENCR_BLOWFISH;
206 case OAKLEY_RC5_R16_B64_CBC:
207 return ENCR_RC5;
208 case OAKLEY_3DES_CBC:
209 return ENCR_3DES;
210 case OAKLEY_CAST_CBC:
211 return ENCR_CAST;
212 case OAKLEY_AES_CBC:
213 return ENCR_AES_CBC;
214 case OAKLEY_SERPENT_CBC:
215 return ENCR_SERPENT_CBC;
216 case OAKLEY_TWOFISH_CBC:
217 case OAKLEY_TWOFISH_CBC_SSH:
218 return ENCR_TWOFISH_CBC;
219 default:
220 return ENCR_UNDEFINED;
221 }
222 }
223
224 /**
225 * Converts IKEv1 hash algorithm name to hasher name
226 */
227 hash_algorithm_t oakley_to_hash_algorithm(int alg)
228 {
229 switch (alg)
230 {
231 case OAKLEY_MD5:
232 return HASH_MD5;
233 case OAKLEY_SHA:
234 return HASH_SHA1;
235 case OAKLEY_SHA2_256:
236 return HASH_SHA256;
237 case OAKLEY_SHA2_384:
238 return HASH_SHA384;
239 case OAKLEY_SHA2_512:
240 return HASH_SHA512;
241 default:
242 return HASH_UNKNOWN;
243 }
244 }
245
246 /**
247 * Converts IKEv1 hash algorithm name to IKEv2 prf name
248 */
249 pseudo_random_function_t oakley_to_prf(int alg)
250 {
251 switch (alg)
252 {
253 case OAKLEY_MD5:
254 return PRF_HMAC_MD5;
255 case OAKLEY_SHA:
256 return PRF_HMAC_SHA1;
257 case OAKLEY_SHA2_256:
258 return PRF_HMAC_SHA2_256;
259 case OAKLEY_SHA2_384:
260 return PRF_HMAC_SHA2_384;
261 case OAKLEY_SHA2_512:
262 return PRF_HMAC_SHA2_512;
263 default:
264 return PRF_UNDEFINED;
265 }
266 }
267
268 /**
269 * Converts IKEv2 encryption to IKEv1 encryption algorithm
270 */
271 int oakley_from_encryption_algorithm(encryption_algorithm_t alg)
272 {
273 switch (alg)
274 {
275 case ENCR_DES:
276 return OAKLEY_DES_CBC;
277 case ENCR_3DES:
278 return OAKLEY_3DES_CBC;
279 case ENCR_RC5:
280 return OAKLEY_RC5_R16_B64_CBC;
281 case ENCR_IDEA:
282 return OAKLEY_IDEA_CBC;
283 case ENCR_CAST:
284 return OAKLEY_CAST_CBC;
285 case ENCR_BLOWFISH:
286 return OAKLEY_BLOWFISH_CBC;
287 case ENCR_AES_CBC:
288 return OAKLEY_AES_CBC;
289 case ENCR_CAMELLIA_CBC:
290 return OAKLEY_CAMELLIA_CBC;
291 case ENCR_SERPENT_CBC:
292 return OAKLEY_SERPENT_CBC;
293 case ENCR_TWOFISH_CBC:
294 return OAKLEY_TWOFISH_CBC;
295 default:
296 return 0;
297 }
298 }
299
300 /**
301 * Converts IKEv2 integrity to IKEv1 hash algorithm
302 */
303 int oakley_from_integrity_algorithm(integrity_algorithm_t alg)
304 {
305 switch (alg)
306 {
307 case AUTH_HMAC_MD5_96:
308 return OAKLEY_MD5;
309 case AUTH_HMAC_SHA1_96:
310 return OAKLEY_SHA;
311 case AUTH_HMAC_SHA2_256_128:
312 return OAKLEY_SHA2_256;
313 case AUTH_HMAC_SHA2_384_192:
314 return OAKLEY_SHA2_384;
315 case AUTH_HMAC_SHA2_512_256:
316 return OAKLEY_SHA2_512;
317 default:
318 return 0;
319 }
320 }
321
322 /**
323 * Converts IKEv2 encryption to IKEv1 ESP encryption algorithm
324 */
325 int esp_from_encryption_algorithm(encryption_algorithm_t alg)
326 {
327 switch (alg)
328 {
329 case ENCR_DES:
330 return ESP_DES;
331 case ENCR_3DES:
332 return ESP_3DES;
333 case ENCR_RC5:
334 return ESP_RC5;
335 case ENCR_IDEA:
336 return ESP_IDEA;
337 case ENCR_CAST:
338 return ESP_CAST;
339 case ENCR_BLOWFISH:
340 return ESP_BLOWFISH;
341 case ENCR_AES_CBC:
342 return ESP_AES;
343 case ENCR_AES_CTR:
344 return ESP_AES_CTR;
345 case ENCR_AES_CCM_ICV8:
346 return ESP_AES_CCM_8;
347 case ENCR_AES_CCM_ICV12:
348 return ESP_AES_CCM_12;
349 case ENCR_AES_CCM_ICV16:
350 return ESP_AES_CCM_16;
351 case ENCR_AES_GCM_ICV8:
352 return ESP_AES_GCM_8;
353 case ENCR_AES_GCM_ICV12:
354 return ESP_AES_GCM_12;
355 case ENCR_AES_GCM_ICV16:
356 return ESP_AES_GCM_16;
357 case ENCR_CAMELLIA_CBC:
358 return ESP_CAMELLIA;
359 case ENCR_SERPENT_CBC:
360 return ESP_SERPENT;
361 case ENCR_TWOFISH_CBC:
362 return ESP_TWOFISH;
363 default:
364 return 0;
365 }
366 }
367
368 /**
369 * Converts IKEv2 integrity to IKEv1 ESP authentication algorithm
370 */
371 int esp_from_integrity_algorithm(integrity_algorithm_t alg)
372 {
373 switch (alg)
374 {
375 case AUTH_HMAC_MD5_96:
376 return AUTH_ALGORITHM_HMAC_MD5;
377 case AUTH_HMAC_SHA1_96:
378 return AUTH_ALGORITHM_HMAC_SHA1;
379 case AUTH_AES_XCBC_96:
380 return AUTH_ALGORITHM_AES_XCBC_MAC;
381 case AUTH_HMAC_SHA2_256_128:
382 return AUTH_ALGORITHM_HMAC_SHA2_256;
383 case AUTH_HMAC_SHA2_384_192:
384 return AUTH_ALGORITHM_HMAC_SHA2_384;
385 case AUTH_HMAC_SHA2_512_256:
386 return AUTH_ALGORITHM_HMAC_SHA2_512;
387 default:
388 return 0;
389 }
390 }