register hash functions instead of prfs
[strongswan.git] / src / pluto / crypto.c
1 /* crypto interfaces
2 * Copyright (C) 1998-2001 D. Hugh Redelmeier
3 * Copyright (C) 2007-2009 Andreas Steffen
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include <gmp.h>
17
18 #include <freeswan.h>
19
20 #include <crypto/crypters/crypter.h>
21 #include <crypto/hashers/hasher.h>
22
23 #include "constants.h"
24 #include "defs.h"
25 #include "crypto.h"
26 #include "ike_alg.h"
27 #include "log.h"
28
29 extern struct encrypt_desc encrypt_desc_3des;
30 extern struct encrypt_desc encrypt_desc_blowfish;
31 extern struct encrypt_desc encrypt_desc_aes;
32 extern struct encrypt_desc encrypt_desc_twofish;
33 extern struct encrypt_desc encrypt_desc_twofish_ssh;
34 extern struct encrypt_desc encrypt_desc_serpent;
35
36 extern struct hash_desc hash_desc_md5;
37 extern struct hash_desc hash_desc_sha1;
38 extern struct hash_desc hash_desc_sha2_256;
39 extern struct hash_desc hash_desc_sha2_384;
40 extern struct hash_desc hash_desc_sha2_512;
41
42 /* moduli and generator. */
43
44 static MP_INT
45 modp1024_modulus,
46 modp1536_modulus,
47 modp2048_modulus,
48 modp3072_modulus,
49 modp4096_modulus,
50 modp6144_modulus,
51 modp8192_modulus;
52
53 MP_INT groupgenerator; /* MODP group generator (2) */
54
55
56
57 void init_crypto(void)
58 {
59 enumerator_t *enumerator;
60 encryption_algorithm_t encryption_alg;
61 hash_algorithm_t hash_alg;
62
63 enumerator = lib->crypto->create_crypter_enumerator(lib->crypto);
64 while (enumerator->enumerate(enumerator, &encryption_alg))
65 {
66 const struct encrypt_desc *desc;
67
68 switch (encryption_alg)
69 {
70 case ENCR_3DES:
71 desc = &encrypt_desc_3des;
72 break;
73 case ENCR_BLOWFISH:
74 desc = &encrypt_desc_blowfish;
75 break;
76 case ENCR_AES_CBC:
77 desc = &encrypt_desc_aes;
78 break;
79 case ENCR_TWOFISH_CBC:
80 desc = &encrypt_desc_twofish;
81 ike_alg_add((struct ike_alg *)&encrypt_desc_twofish_ssh);
82 break;
83 case ENCR_SERPENT_CBC:
84 desc = &encrypt_desc_serpent;
85 break;
86 default:
87 continue;
88 }
89 ike_alg_add((struct ike_alg *)desc);
90 }
91 enumerator->destroy(enumerator);
92
93 enumerator = lib->crypto->create_hasher_enumerator(lib->crypto);
94 while (enumerator->enumerate(enumerator, &hash_alg))
95 {
96 const struct hash_desc *desc;
97
98 switch (hash_alg)
99 {
100 case HASH_SHA1:
101 desc = &hash_desc_sha1;
102 break;
103 case HASH_SHA256:
104 desc = &hash_desc_sha2_256;
105 break;
106 case HASH_SHA384:
107 desc = &hash_desc_sha2_384;
108 break;
109 case HASH_SHA512:
110 desc = &hash_desc_sha2_512;
111 break;
112 case HASH_MD5:
113 desc = &hash_desc_md5;
114 break;
115 default:
116 continue;
117 }
118 ike_alg_add((struct ike_alg *)desc);
119 }
120 enumerator->destroy(enumerator);
121
122 if (mpz_init_set_str(&groupgenerator, MODP_GENERATOR, 10) != 0
123 || mpz_init_set_str(&modp1024_modulus, MODP1024_MODULUS, 16) != 0
124 || mpz_init_set_str(&modp1536_modulus, MODP1536_MODULUS, 16) != 0
125 || mpz_init_set_str(&modp2048_modulus, MODP2048_MODULUS, 16) != 0
126 || mpz_init_set_str(&modp3072_modulus, MODP3072_MODULUS, 16) != 0
127 || mpz_init_set_str(&modp4096_modulus, MODP4096_MODULUS, 16) != 0
128 || mpz_init_set_str(&modp6144_modulus, MODP6144_MODULUS, 16) != 0
129 || mpz_init_set_str(&modp8192_modulus, MODP8192_MODULUS, 16) != 0)
130 {
131 exit_log("mpz_init_set_str() failed in init_crypto()");
132 }
133 #ifdef SELF_TEST
134 ike_alg_test();
135 #endif
136 }
137
138 void free_crypto(void)
139 {
140 mpz_clear(&groupgenerator);
141 mpz_clear(&modp1024_modulus);
142 mpz_clear(&modp1536_modulus);
143 mpz_clear(&modp2048_modulus);
144 mpz_clear(&modp3072_modulus);
145 mpz_clear(&modp4096_modulus);
146 mpz_clear(&modp6144_modulus);
147 mpz_clear(&modp8192_modulus);
148 }
149
150 /* Oakley group description
151 *
152 * See RFC2409 "The Internet key exchange (IKE)" 6.
153 */
154
155 const struct oakley_group_desc unset_group = {0, NULL, 0}; /* magic signifier */
156
157 const struct oakley_group_desc oakley_group[OAKLEY_GROUP_SIZE] = {
158 # define BYTES(bits) (((bits) + BITS_PER_BYTE - 1) / BITS_PER_BYTE)
159 { OAKLEY_GROUP_MODP1024, &modp1024_modulus, BYTES(1024) },
160 { OAKLEY_GROUP_MODP1536, &modp1536_modulus, BYTES(1536) },
161 { OAKLEY_GROUP_MODP2048, &modp2048_modulus, BYTES(2048) },
162 { OAKLEY_GROUP_MODP3072, &modp3072_modulus, BYTES(3072) },
163 { OAKLEY_GROUP_MODP4096, &modp4096_modulus, BYTES(4096) },
164 { OAKLEY_GROUP_MODP6144, &modp6144_modulus, BYTES(6144) },
165 { OAKLEY_GROUP_MODP8192, &modp8192_modulus, BYTES(8192) },
166 # undef BYTES
167 };
168
169 const struct oakley_group_desc *lookup_group(u_int16_t group)
170 {
171 int i;
172
173 for (i = 0; i != countof(oakley_group); i++)
174 if (group == oakley_group[i].group)
175 return &oakley_group[i];
176 return NULL;
177 }
178
179 /* Encryption Routines
180 *
181 * Each uses and updates the state object's st_new_iv.
182 * This must already be initialized.
183 */
184
185 encryption_algorithm_t oakley_to_encryption_algorithm(int alg)
186 {
187 switch (alg)
188 {
189 case OAKLEY_DES_CBC:
190 return ENCR_DES;
191 case OAKLEY_IDEA_CBC:
192 return ENCR_IDEA;
193 case OAKLEY_BLOWFISH_CBC:
194 return ENCR_BLOWFISH;
195 case OAKLEY_RC5_R16_B64_CBC:
196 return ENCR_RC5;
197 case OAKLEY_3DES_CBC:
198 return ENCR_3DES;
199 case OAKLEY_CAST_CBC:
200 return ENCR_CAST;
201 case OAKLEY_AES_CBC:
202 return ENCR_AES_CBC;
203 case OAKLEY_SERPENT_CBC:
204 return ENCR_SERPENT_CBC;
205 case OAKLEY_TWOFISH_CBC:
206 case OAKLEY_TWOFISH_CBC_SSH:
207 return ENCR_TWOFISH_CBC;
208 default:
209 return ENCR_UNDEFINED;
210 }
211 }
212
213 hash_algorithm_t oakley_to_hash_algorithm(int alg)
214 {
215 switch (alg)
216 {
217 case OAKLEY_MD5:
218 return HASH_MD5;
219 case OAKLEY_SHA:
220 return HASH_SHA1;
221 case OAKLEY_SHA2_256:
222 return HASH_SHA256;
223 case OAKLEY_SHA2_384:
224 return HASH_SHA384;
225 case OAKLEY_SHA2_512:
226 return HASH_SHA512;
227 default:
228 return HASH_UNKNOWN;
229 }
230 }
231
232 pseudo_random_function_t oakley_to_prf(int alg)
233 {
234 switch (alg)
235 {
236 case OAKLEY_MD5:
237 return PRF_HMAC_MD5;
238 case OAKLEY_SHA:
239 return PRF_HMAC_SHA1;
240 case OAKLEY_SHA2_256:
241 return PRF_HMAC_SHA2_256;
242 case OAKLEY_SHA2_384:
243 return PRF_HMAC_SHA2_384;
244 case OAKLEY_SHA2_512:
245 return PRF_HMAC_SHA2_512;
246 default:
247 return PRF_UNDEFINED;
248 }
249 }