SKEYID derivation based on libstrongswan
[strongswan.git] / src / pluto / ike_alg.c
1 /* IKE modular algorithm handling interface
2 * Author: JuanJo Ciarlante <jjo-ipsec@mendoza.gov.ar>
3 *
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License as published by the
6 * Free Software Foundation; either version 2 of the License, or (at your
7 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
8 *
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * for more details.
13 */
14
15 #include <stdio.h>
16 #include <string.h>
17 #include <stdlib.h>
18 #include <errno.h>
19 #include <sys/queue.h>
20
21 #include <freeswan.h>
22 #include <ipsec_policy.h>
23
24 #include "constants.h"
25 #include "defs.h"
26 #include "crypto.h"
27
28 #include "state.h"
29 #include "packet.h"
30 #include "log.h"
31 #include "whack.h"
32 #include "spdb.h"
33 #include "alg_info.h"
34 #include "ike_alg.h"
35 #include "db_ops.h"
36 #include "connections.h"
37 #include "kernel.h"
38
39 #define return_on(var, val) do { var=val;goto return_out; } while(0);
40
41 /*
42 * IKE algorithm list handling - registration and lookup
43 */
44
45 /* Modular IKE algorithm storage structure */
46
47 static struct ike_alg *ike_alg_base[IKE_ALG_MAX+1] = {NULL, NULL};
48
49 /*
50 * return ike_algo object by {type, id}
51 */
52 static struct ike_alg *
53 ike_alg_find(u_int algo_type, u_int algo_id, u_int keysize __attribute__((unused)))
54 {
55 struct ike_alg *e = ike_alg_base[algo_type];
56
57 while (e != NULL && algo_id > e->algo_id)
58 {
59 e = e->algo_next;
60 }
61 return (e != NULL && e->algo_id == algo_id) ? e : NULL;
62 }
63
64 /*
65 * "raw" ike_alg list adding function
66 */
67 int
68 ike_alg_add(struct ike_alg* a)
69 {
70 if (a->algo_type > IKE_ALG_MAX)
71 {
72 plog("ike_alg: Not added, invalid algorithm type");
73 return -EINVAL;
74 }
75
76 if (ike_alg_find(a->algo_type, a->algo_id, 0) != NULL)
77 {
78 plog("ike_alg: Not added, algorithm already exists");
79 return -EEXIST;
80 }
81
82 {
83 struct ike_alg **ep = &ike_alg_base[a->algo_type];
84 struct ike_alg *e = *ep;
85
86 while (e != NULL && a->algo_id > e->algo_id)
87 {
88 ep = &e->algo_next;
89 e = *ep;
90 }
91 *ep = a;
92 a->algo_next = e;
93 return 0;
94 }
95 }
96
97 /*
98 * get IKE hash algorithm
99 */
100 struct hash_desc *ike_alg_get_hasher(u_int alg)
101 {
102 return (struct hash_desc *) ike_alg_find(IKE_ALG_HASH, alg, 0);
103 }
104
105 /*
106 * get IKE encryption algorithm
107 */
108 struct encrypt_desc *ike_alg_get_encrypter(u_int alg)
109 {
110 return (struct encrypt_desc *) ike_alg_find(IKE_ALG_ENCRYPT, alg, 0);
111 }
112
113 /*
114 * check if IKE hash algorithm is present
115 */
116 bool
117 ike_alg_hash_present(u_int halg)
118 {
119 return ike_alg_get_hasher(halg) != NULL;
120 }
121
122 /*
123 * check if IKE encryption algorithm is present
124 */
125 bool
126 ike_alg_enc_present(u_int ealg)
127 {
128 return ike_alg_get_encrypter(ealg) != NULL;
129 }
130
131 /*
132 * Validate and register IKE hash algorithm object
133 */
134 int
135 ike_alg_register_hash(struct hash_desc *hash_desc)
136 {
137 const char *alg_name = NULL;
138 int ret = 0;
139
140 if (hash_desc->algo_id > OAKLEY_HASH_MAX)
141 {
142 plog ("ike_alg: hash alg=%d > max=%d"
143 , hash_desc->algo_id, OAKLEY_HASH_MAX);
144 return_on(ret,-EINVAL);
145 }
146
147 if (hash_desc->hash_ctx_size > sizeof (union hash_ctx))
148 {
149 plog ("ike_alg: hash alg=%d has ctx_size=%d > hash_ctx=%d"
150 , hash_desc->algo_id
151 , (int)hash_desc->hash_ctx_size
152 , (int)sizeof (union hash_ctx));
153 return_on(ret,-EOVERFLOW);
154 }
155
156 if (!(hash_desc->hash_init && hash_desc->hash_update && hash_desc->hash_final))
157 {
158 plog ("ike_alg: hash alg=%d needs hash_init(), hash_update() and hash_final()"
159 , hash_desc->algo_id);
160 return_on(ret,-EINVAL);
161 }
162
163 alg_name = enum_name(&oakley_hash_names, hash_desc->algo_id);
164 if (!alg_name)
165 {
166 plog ("ike_alg: hash alg=%d not found in constants.c:oakley_hash_names"
167 , hash_desc->algo_id);
168 alg_name = "<NULL>";
169 }
170
171 return_out:
172 if (ret == 0)
173 ret = ike_alg_add((struct ike_alg *)hash_desc);
174
175 plog("ike_alg: Activating %s hash: %s"
176 ,alg_name, ret == 0 ? "Ok" : "FAILED");
177
178 return ret;
179 }
180
181 /*
182 * Validate and register IKE encryption algorithm object
183 */
184 int
185 ike_alg_register_enc(struct encrypt_desc *enc_desc)
186 {
187 int ret = ike_alg_add((struct ike_alg *)enc_desc);
188
189 const char *alg_name = enum_name(&oakley_enc_names, enc_desc->algo_id);
190
191 char alg_number[20];
192
193 /* algorithm is not listed in oakley_enc_names */
194 if (alg_name == NULL)
195 {
196 snprintf(alg_number, sizeof(alg_number), "OAKLEY_ID_%d"
197 , enc_desc->algo_id);
198 alg_name = alg_number;
199 }
200
201 plog("ike_alg: Activating %s encryption: %s"
202 , alg_name, ret == 0 ? "Ok" : "FAILED");
203
204 return ret;
205 }
206
207 /*
208 * Get pfsgroup for this connection
209 */
210 const struct oakley_group_desc *
211 ike_alg_pfsgroup(struct connection *c, lset_t policy)
212 {
213 const struct oakley_group_desc * ret = NULL;
214
215 if ((policy & POLICY_PFS)
216 && c->alg_info_esp
217 && c->alg_info_esp->esp_pfsgroup)
218 ret = lookup_group(c->alg_info_esp->esp_pfsgroup);
219 return ret;
220 }
221
222 /*
223 * Create an OAKLEY proposal based on alg_info and policy
224 */
225 struct db_context *
226 ike_alg_db_new(struct alg_info_ike *ai , lset_t policy)
227 {
228 struct db_context *db_ctx = NULL;
229 struct ike_info *ike_info;
230 struct encrypt_desc *enc_desc;
231 u_int ealg, halg, modp, eklen = 0;
232 int i;
233
234 bool is_xauth_server = (policy & POLICY_XAUTH_SERVER) != LEMPTY;
235
236 if (!ai)
237 {
238 whack_log(RC_LOG_SERIOUS, "no IKE algorithms "
239 "for this connection "
240 "(check ike algorithm string)");
241 goto fail;
242 }
243 policy &= POLICY_ID_AUTH_MASK;
244 db_ctx = db_prop_new(PROTO_ISAKMP, 8, 8 * 5);
245
246 /* for each group */
247 ALG_INFO_IKE_FOREACH(ai, ike_info, i)
248 {
249 ealg = ike_info->ike_ealg;
250 halg = ike_info->ike_halg;
251 modp = ike_info->ike_modp;
252 eklen= ike_info->ike_eklen;
253
254 if (!ike_alg_enc_present(ealg))
255 {
256 DBG_log("ike_alg: ike enc ealg=%d not present"
257 , ealg);
258 continue;
259 }
260
261 if (!ike_alg_hash_present(halg))
262 {
263 DBG_log("ike_alg: ike hash halg=%d not present"
264 , halg);
265 continue;
266 }
267
268 enc_desc = ike_alg_get_encrypter(ealg);
269 passert(enc_desc != NULL);
270
271 if (eklen
272 && (eklen < enc_desc->keyminlen || eklen > enc_desc->keymaxlen))
273 {
274 DBG_log("ike_alg: ealg=%d (specified) keylen:%d, not valid min=%d, max=%d"
275 , ealg
276 , eklen
277 , enc_desc->keyminlen
278 , enc_desc->keymaxlen
279 );
280 continue;
281 }
282
283 if (policy & POLICY_RSASIG)
284 {
285 db_trans_add(db_ctx, KEY_IKE);
286 db_attr_add_values(db_ctx, OAKLEY_ENCRYPTION_ALGORITHM, ealg);
287 db_attr_add_values(db_ctx, OAKLEY_HASH_ALGORITHM, halg);
288 if (eklen)
289 db_attr_add_values(db_ctx, OAKLEY_KEY_LENGTH, eklen);
290 db_attr_add_values(db_ctx, OAKLEY_AUTHENTICATION_METHOD, OAKLEY_RSA_SIG);
291 db_attr_add_values(db_ctx, OAKLEY_GROUP_DESCRIPTION, modp);
292 }
293
294 if (policy & POLICY_PSK)
295 {
296 db_trans_add(db_ctx, KEY_IKE);
297 db_attr_add_values(db_ctx, OAKLEY_ENCRYPTION_ALGORITHM, ealg);
298 db_attr_add_values(db_ctx, OAKLEY_HASH_ALGORITHM, halg);
299 if (eklen)
300 db_attr_add_values(db_ctx, OAKLEY_KEY_LENGTH, eklen);
301 db_attr_add_values(db_ctx, OAKLEY_AUTHENTICATION_METHOD, OAKLEY_PRESHARED_KEY);
302 db_attr_add_values(db_ctx, OAKLEY_GROUP_DESCRIPTION, modp);
303 }
304
305 if (policy & POLICY_XAUTH_RSASIG)
306 {
307 db_trans_add(db_ctx, KEY_IKE);
308 db_attr_add_values(db_ctx, OAKLEY_ENCRYPTION_ALGORITHM, ealg);
309 db_attr_add_values(db_ctx, OAKLEY_HASH_ALGORITHM, halg);
310 if (eklen)
311 db_attr_add_values(db_ctx, OAKLEY_KEY_LENGTH, eklen);
312 db_attr_add_values(db_ctx, OAKLEY_AUTHENTICATION_METHOD
313 , is_xauth_server ? XAUTHRespRSA : XAUTHInitRSA);
314 db_attr_add_values(db_ctx, OAKLEY_GROUP_DESCRIPTION, modp);
315 }
316
317 if (policy & POLICY_XAUTH_PSK)
318 {
319 db_trans_add(db_ctx, KEY_IKE);
320 db_attr_add_values(db_ctx, OAKLEY_ENCRYPTION_ALGORITHM, ealg);
321 db_attr_add_values(db_ctx, OAKLEY_HASH_ALGORITHM, halg);
322 if (eklen)
323 db_attr_add_values(db_ctx, OAKLEY_KEY_LENGTH, eklen);
324 db_attr_add_values(db_ctx, OAKLEY_AUTHENTICATION_METHOD
325 , is_xauth_server ? XAUTHRespPreShared : XAUTHInitPreShared);
326 db_attr_add_values(db_ctx, OAKLEY_GROUP_DESCRIPTION, modp);
327 }
328 }
329 fail:
330 return db_ctx;
331 }
332
333 /*
334 * Show registered IKE algorithms
335 */
336 void
337 ike_alg_list(void)
338 {
339 u_int i;
340 struct ike_alg *a;
341
342 whack_log(RC_COMMENT, " ");
343 whack_log(RC_COMMENT, "List of registered IKE Encryption Algorithms:");
344 whack_log(RC_COMMENT, " ");
345
346 for (a = ike_alg_base[IKE_ALG_ENCRYPT]; a != NULL; a = a->algo_next)
347 {
348 struct encrypt_desc *desc = (struct encrypt_desc*)a;
349
350 whack_log(RC_COMMENT, "#%-5d %s, blocksize: %d, keylen: %d-%d-%d"
351 , a->algo_id
352 , enum_name(&oakley_enc_names, a->algo_id)
353 , (int)desc->enc_blocksize*BITS_PER_BYTE
354 , desc->keyminlen
355 , desc->keydeflen
356 , desc->keymaxlen
357 );
358 }
359
360 whack_log(RC_COMMENT, " ");
361 whack_log(RC_COMMENT, "List of registered IKE Hash Algorithms:");
362 whack_log(RC_COMMENT, " ");
363
364 for (a = ike_alg_base[IKE_ALG_HASH]; a != NULL; a = a->algo_next)
365 {
366 whack_log(RC_COMMENT, "#%-5d %s, hashsize: %d"
367 , a->algo_id
368 , enum_name(&oakley_hash_names, a->algo_id)
369 , (int)((struct hash_desc *)a)->hash_digest_size*BITS_PER_BYTE
370 );
371 }
372
373 whack_log(RC_COMMENT, " ");
374 whack_log(RC_COMMENT, "List of registered IKE DH Groups:");
375 whack_log(RC_COMMENT, " ");
376
377 for (i = 0; i < countof(oakley_group); i++)
378 {
379 const struct oakley_group_desc *gdesc=oakley_group + i;
380
381 whack_log(RC_COMMENT, "#%-5d %s, groupsize: %d"
382 , gdesc->group
383 , enum_name(&oakley_group_names, gdesc->group)
384 , (int)gdesc->bytes*BITS_PER_BYTE
385 );
386 }
387 }
388
389 /* Show IKE algorithms for
390 * - this connection (result from ike= string)
391 * - newest SA
392 */
393 void
394 ike_alg_show_connection(struct connection *c, const char *instance)
395 {
396 char buf[256];
397 struct state *st;
398
399 if (c->alg_info_ike)
400 {
401 alg_info_snprint(buf, sizeof(buf)-1, (struct alg_info *)c->alg_info_ike);
402 whack_log(RC_COMMENT
403 , "\"%s\"%s: IKE algorithms wanted: %s"
404 , c->name
405 , instance
406 , buf
407 );
408
409 alg_info_snprint_ike(buf, sizeof(buf)-1, c->alg_info_ike);
410 whack_log(RC_COMMENT
411 , "\"%s\"%s: IKE algorithms found: %s"
412 , c->name
413 , instance
414 , buf
415 );
416 }
417
418 st = state_with_serialno(c->newest_isakmp_sa);
419 if (st)
420 whack_log(RC_COMMENT
421 , "\"%s\"%s: IKE algorithm newest: %s_%d-%s-%s"
422 , c->name
423 , instance
424 , enum_show(&oakley_enc_names, st->st_oakley.encrypt)
425 +7 /* strlen("OAKLEY_") */
426 /* , st->st_oakley.encrypter->keydeflen */
427 , st->st_oakley.enckeylen
428 , enum_show(&oakley_hash_names, st->st_oakley.hash)
429 +7 /* strlen("OAKLEY_") */
430 , enum_show(&oakley_group_names, st->st_oakley.group->group)
431 +13 /* strlen("OAKLEY_GROUP_") */
432 );
433 }
434
435 /*
436 * Apply a suite of testvectors to a hash algorithm
437 */
438 static bool
439 ike_hash_test(const struct hash_desc *desc)
440 {
441 bool hash_results = TRUE;
442 bool hmac_results = TRUE;
443
444 if (desc->hash_testvectors == NULL)
445 {
446 plog(" %s hash self-test not available", enum_name(&oakley_hash_names, desc->algo_id));
447 }
448 else
449 {
450 int i;
451
452 for (i = 0; desc->hash_testvectors[i].msg_digest != NULL; i++)
453 {
454 u_char digest[MAX_DIGEST_LEN];
455 bool result;
456
457 union hash_ctx ctx;
458
459 desc->hash_init(&ctx);
460 desc->hash_update(&ctx, desc->hash_testvectors[i].msg
461 ,desc->hash_testvectors[i].msg_size);
462 desc->hash_final(digest, &ctx);
463 result = memeq(digest, desc->hash_testvectors[i].msg_digest
464 , desc->hash_digest_size);
465 DBG(DBG_CRYPT,
466 DBG_log(" hash testvector %d: %s", i, result ? "ok":"failed")
467 )
468 hash_results &= result;
469 }
470 plog(" %s hash self-test %s", enum_name(&oakley_hash_names, desc->algo_id)
471 , hash_results ? "passed":"failed");
472 }
473
474 if (desc->hmac_testvectors == NULL)
475 {
476 plog(" %s hmac self-test not available", enum_name(&oakley_hash_names, desc->algo_id));
477 }
478 else
479 {
480 int i;
481
482 for (i = 0; desc->hmac_testvectors[i].hmac != NULL; i++)
483 {
484 u_char digest[MAX_DIGEST_LEN];
485 bool result;
486
487 struct hmac_ctx ctx;
488
489 hmac_init(&ctx, desc, desc->hmac_testvectors[i].key
490 , desc->hmac_testvectors[i].key_size);
491 hmac_update(&ctx, desc->hmac_testvectors[i].msg
492 ,desc->hmac_testvectors[i].msg_size);
493 hmac_final(digest, &ctx);
494 result = memeq(digest, desc->hmac_testvectors[i].hmac
495 , desc->hash_digest_size);
496 DBG(DBG_CRYPT,
497 DBG_log(" hmac testvector %d: %s", i, result ? "ok":"failed")
498 )
499 hmac_results &= result;
500 }
501 plog(" %s hmac self-test %s", enum_name(&oakley_hash_names, desc->algo_id)
502 , hmac_results ? "passed":"failed");
503 }
504 return hash_results && hmac_results;
505 }
506
507 /*
508 * Apply test vectors to registered encryption and hash algorithms
509 */
510 bool
511 ike_alg_test(void)
512 {
513 bool all_results = TRUE;
514 struct ike_alg *a;
515
516 plog("Testing registered IKE encryption algorithms:");
517
518 for (a = ike_alg_base[IKE_ALG_ENCRYPT]; a != NULL; a = a->algo_next)
519 {
520 plog(" %s self-test not available", enum_name(&oakley_enc_names, a->algo_id));
521 }
522
523 plog("Testing registered IKE hash algorithms:");
524
525 for (a = ike_alg_base[IKE_ALG_HASH]; a != NULL; a = a->algo_next)
526 {
527 struct hash_desc *desc = (struct hash_desc*)a;
528
529 all_results &= ike_hash_test(desc);
530 }
531
532 if (all_results)
533 plog("All crypto self-tests passed");
534 else
535 plog("Some crypto self-tests failed");
536 return all_results;
537 }
538
539 /*
540 * ML: make F_STRICT logic consider enc,hash/auth,modp algorithms
541 */
542 bool
543 ike_alg_ok_final(u_int ealg, u_int key_len, u_int aalg, u_int group
544 , struct alg_info_ike *alg_info_ike)
545 {
546 /*
547 * simple test to discard low key_len, will accept it only
548 * if specified in "esp" string
549 */
550 bool ealg_insecure = (key_len < 128);
551
552 if (ealg_insecure
553 || (alg_info_ike && alg_info_ike->alg_info_flags & ALG_INFO_F_STRICT))
554 {
555 int i;
556 struct ike_info *ike_info;
557
558 if (alg_info_ike)
559 {
560 ALG_INFO_IKE_FOREACH(alg_info_ike, ike_info, i)
561 {
562 if (ike_info->ike_ealg == ealg
563 && (ike_info->ike_eklen == 0 || key_len == 0 || ike_info->ike_eklen == key_len)
564 && ike_info->ike_halg == aalg
565 && ike_info->ike_modp == group)
566 {
567 if (ealg_insecure)
568 loglog(RC_LOG_SERIOUS, "You should NOT use insecure IKE algorithms (%s)!"
569 , enum_name(&oakley_enc_names, ealg));
570 return TRUE;
571 }
572 }
573 }
574 plog("Oakley Transform [%s (%d), %s, %s] refused due to %s"
575 , enum_name(&oakley_enc_names, ealg), key_len
576 , enum_name(&oakley_hash_names, aalg)
577 , enum_name(&oakley_group_names, group)
578 , ealg_insecure ?
579 "insecure key_len and enc. alg. not listed in \"ike\" string" : "strict flag"
580 );
581 return FALSE;
582 }
583 return TRUE;
584 }
585