status output of 3DES_CBC without key length
[strongswan.git] / src / pluto / ike_alg.c
1 /* IKE modular algorithm handling interface
2 * Author: JuanJo Ciarlante <jjo-ipsec@mendoza.gov.ar>
3 *
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License as published by the
6 * Free Software Foundation; either version 2 of the License, or (at your
7 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
8 *
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * for more details.
13 */
14
15 #include <stdio.h>
16 #include <string.h>
17 #include <stdlib.h>
18 #include <errno.h>
19 #include <sys/queue.h>
20
21 #include <freeswan.h>
22 #include <ipsec_policy.h>
23
24 #include <library.h>
25 #include <debug.h>
26 #include <crypto/hashers/hasher.h>
27 #include <crypto/crypters/crypter.h>
28 #include <crypto/prfs/prf.h>
29
30 #include "constants.h"
31 #include "defs.h"
32 #include "crypto.h"
33
34 #include "state.h"
35 #include "packet.h"
36 #include "log.h"
37 #include "whack.h"
38 #include "spdb.h"
39 #include "alg_info.h"
40 #include "ike_alg.h"
41 #include "db_ops.h"
42 #include "connections.h"
43 #include "kernel.h"
44
45 #define return_on(var, val) do { var=val;goto return_out; } while(0);
46
47 /**
48 * IKE algorithm list handling - registration and lookup
49 */
50
51 /* Modular IKE algorithm storage structure */
52
53 static struct ike_alg *ike_alg_base[IKE_ALG_MAX+1] = {NULL, NULL};
54
55 /**
56 * Return ike_algo object by {type, id}
57 */
58 static struct ike_alg *ike_alg_find(u_int algo_type, u_int algo_id,
59 u_int keysize __attribute__((unused)))
60 {
61 struct ike_alg *e = ike_alg_base[algo_type];
62
63 while (e != NULL && algo_id > e->algo_id)
64 {
65 e = e->algo_next;
66 }
67 return (e != NULL && e->algo_id == algo_id) ? e : NULL;
68 }
69
70 /**
71 * "raw" ike_alg list adding function
72 */
73 int ike_alg_add(struct ike_alg* a)
74 {
75 if (a->algo_type > IKE_ALG_MAX)
76 {
77 plog("ike_alg: Not added, invalid algorithm type");
78 return -EINVAL;
79 }
80
81 if (ike_alg_find(a->algo_type, a->algo_id, 0) != NULL)
82 {
83 plog("ike_alg: Not added, algorithm already exists");
84 return -EEXIST;
85 }
86
87 {
88 struct ike_alg **ep = &ike_alg_base[a->algo_type];
89 struct ike_alg *e = *ep;
90
91 while (e != NULL && a->algo_id > e->algo_id)
92 {
93 ep = &e->algo_next;
94 e = *ep;
95 }
96 *ep = a;
97 a->algo_next = e;
98 return 0;
99 }
100 }
101
102 /**
103 * Get IKE hash algorithm
104 */
105 struct hash_desc *ike_alg_get_hasher(u_int alg)
106 {
107 return (struct hash_desc *) ike_alg_find(IKE_ALG_HASH, alg, 0);
108 }
109
110 /**
111 * Get IKE encryption algorithm
112 */
113 struct encrypt_desc *ike_alg_get_encrypter(u_int alg)
114 {
115 return (struct encrypt_desc *) ike_alg_find(IKE_ALG_ENCRYPT, alg, 0);
116 }
117
118 /**
119 * Check if IKE hash algorithm is present
120 */
121 bool ike_alg_hash_present(u_int halg)
122 {
123 return ike_alg_get_hasher(halg) != NULL;
124 }
125
126 /**
127 * check if IKE encryption algorithm is present
128 */
129 bool ike_alg_enc_present(u_int ealg)
130 {
131 return ike_alg_get_encrypter(ealg) != NULL;
132 }
133
134 /**
135 * Get pfsgroup for this connection
136 */
137 const struct oakley_group_desc *ike_alg_pfsgroup(struct connection *c, lset_t policy)
138 {
139 const struct oakley_group_desc * ret = NULL;
140
141 if ((policy & POLICY_PFS)
142 && c->alg_info_esp
143 && c->alg_info_esp->esp_pfsgroup)
144 ret = lookup_group(c->alg_info_esp->esp_pfsgroup);
145 return ret;
146 }
147
148 /**
149 * Create an OAKLEY proposal based on alg_info and policy
150 */
151 struct db_context *ike_alg_db_new(struct alg_info_ike *ai , lset_t policy)
152 {
153 struct db_context *db_ctx = NULL;
154 struct ike_info *ike_info;
155 struct encrypt_desc *enc_desc;
156 u_int ealg, halg, modp, eklen = 0;
157 int i;
158
159 bool is_xauth_server = (policy & POLICY_XAUTH_SERVER) != LEMPTY;
160
161 if (!ai)
162 {
163 whack_log(RC_LOG_SERIOUS, "no IKE algorithms "
164 "for this connection "
165 "(check ike algorithm string)");
166 goto fail;
167 }
168 policy &= POLICY_ID_AUTH_MASK;
169 db_ctx = db_prop_new(PROTO_ISAKMP, 8, 8 * 5);
170
171 /* for each group */
172 ALG_INFO_IKE_FOREACH(ai, ike_info, i)
173 {
174 ealg = ike_info->ike_ealg;
175 halg = ike_info->ike_halg;
176 modp = ike_info->ike_modp;
177 eklen= ike_info->ike_eklen;
178
179 if (!ike_alg_enc_present(ealg))
180 {
181 DBG_log("ike_alg: ike enc ealg=%d not present"
182 , ealg);
183 continue;
184 }
185
186 if (!ike_alg_hash_present(halg))
187 {
188 DBG_log("ike_alg: ike hash halg=%d not present"
189 , halg);
190 continue;
191 }
192
193 enc_desc = ike_alg_get_encrypter(ealg);
194 passert(enc_desc != NULL);
195
196 if (eklen
197 && (eklen < enc_desc->keyminlen || eklen > enc_desc->keymaxlen))
198 {
199 DBG_log("ike_alg: ealg=%d (specified) keylen:%d, not valid min=%d, max=%d"
200 , ealg
201 , eklen
202 , enc_desc->keyminlen
203 , enc_desc->keymaxlen
204 );
205 continue;
206 }
207
208 if (policy & POLICY_RSASIG)
209 {
210 db_trans_add(db_ctx, KEY_IKE);
211 db_attr_add_values(db_ctx, OAKLEY_ENCRYPTION_ALGORITHM, ealg);
212 db_attr_add_values(db_ctx, OAKLEY_HASH_ALGORITHM, halg);
213 if (eklen)
214 db_attr_add_values(db_ctx, OAKLEY_KEY_LENGTH, eklen);
215 db_attr_add_values(db_ctx, OAKLEY_AUTHENTICATION_METHOD, OAKLEY_RSA_SIG);
216 db_attr_add_values(db_ctx, OAKLEY_GROUP_DESCRIPTION, modp);
217 }
218
219 if (policy & POLICY_PSK)
220 {
221 db_trans_add(db_ctx, KEY_IKE);
222 db_attr_add_values(db_ctx, OAKLEY_ENCRYPTION_ALGORITHM, ealg);
223 db_attr_add_values(db_ctx, OAKLEY_HASH_ALGORITHM, halg);
224 if (eklen)
225 db_attr_add_values(db_ctx, OAKLEY_KEY_LENGTH, eklen);
226 db_attr_add_values(db_ctx, OAKLEY_AUTHENTICATION_METHOD, OAKLEY_PRESHARED_KEY);
227 db_attr_add_values(db_ctx, OAKLEY_GROUP_DESCRIPTION, modp);
228 }
229
230 if (policy & POLICY_XAUTH_RSASIG)
231 {
232 db_trans_add(db_ctx, KEY_IKE);
233 db_attr_add_values(db_ctx, OAKLEY_ENCRYPTION_ALGORITHM, ealg);
234 db_attr_add_values(db_ctx, OAKLEY_HASH_ALGORITHM, halg);
235 if (eklen)
236 db_attr_add_values(db_ctx, OAKLEY_KEY_LENGTH, eklen);
237 db_attr_add_values(db_ctx, OAKLEY_AUTHENTICATION_METHOD
238 , is_xauth_server ? XAUTHRespRSA : XAUTHInitRSA);
239 db_attr_add_values(db_ctx, OAKLEY_GROUP_DESCRIPTION, modp);
240 }
241
242 if (policy & POLICY_XAUTH_PSK)
243 {
244 db_trans_add(db_ctx, KEY_IKE);
245 db_attr_add_values(db_ctx, OAKLEY_ENCRYPTION_ALGORITHM, ealg);
246 db_attr_add_values(db_ctx, OAKLEY_HASH_ALGORITHM, halg);
247 if (eklen)
248 db_attr_add_values(db_ctx, OAKLEY_KEY_LENGTH, eklen);
249 db_attr_add_values(db_ctx, OAKLEY_AUTHENTICATION_METHOD
250 , is_xauth_server ? XAUTHRespPreShared : XAUTHInitPreShared);
251 db_attr_add_values(db_ctx, OAKLEY_GROUP_DESCRIPTION, modp);
252 }
253 }
254 fail:
255 return db_ctx;
256 }
257
258 /**
259 * Show registered IKE algorithms
260 */
261 void ike_alg_list(void)
262 {
263 u_int i;
264 struct ike_alg *a;
265
266 whack_log(RC_COMMENT, " ");
267 whack_log(RC_COMMENT, "List of registered IKE Encryption Algorithms:");
268 whack_log(RC_COMMENT, " ");
269
270 for (a = ike_alg_base[IKE_ALG_ENCRYPT]; a != NULL; a = a->algo_next)
271 {
272 struct encrypt_desc *desc = (struct encrypt_desc*)a;
273
274 whack_log(RC_COMMENT, "#%-5d %s, blocksize: %d, keylen: %d-%d-%d"
275 , a->algo_id
276 , enum_name(&oakley_enc_names, a->algo_id)
277 , (int)desc->enc_blocksize*BITS_PER_BYTE
278 , desc->keyminlen
279 , desc->keydeflen
280 , desc->keymaxlen
281 );
282 }
283
284 whack_log(RC_COMMENT, " ");
285 whack_log(RC_COMMENT, "List of registered IKE Hash Algorithms:");
286 whack_log(RC_COMMENT, " ");
287
288 for (a = ike_alg_base[IKE_ALG_HASH]; a != NULL; a = a->algo_next)
289 {
290 whack_log(RC_COMMENT, "#%-5d %s, hashsize: %d"
291 , a->algo_id
292 , enum_name(&oakley_hash_names, a->algo_id)
293 , (int)((struct hash_desc *)a)->hash_digest_size*BITS_PER_BYTE
294 );
295 }
296
297 whack_log(RC_COMMENT, " ");
298 whack_log(RC_COMMENT, "List of registered IKE DH Groups:");
299 whack_log(RC_COMMENT, " ");
300
301 for (i = 0; i < countof(oakley_group); i++)
302 {
303 const struct oakley_group_desc *gdesc=oakley_group + i;
304
305 whack_log(RC_COMMENT, "#%-5d %s, groupsize: %d"
306 , gdesc->group
307 , enum_name(&oakley_group_names, gdesc->group)
308 , (int)gdesc->bytes*BITS_PER_BYTE
309 );
310 }
311 }
312
313 /**
314 * Show IKE algorithms for this connection (result from ike= string)
315 * and newest SA
316 */
317 void ike_alg_show_connection(struct connection *c, const char *instance)
318 {
319 struct state *st = state_with_serialno(c->newest_isakmp_sa);
320
321 if (st)
322 {
323 if (st->st_oakley.encrypt == OAKLEY_3DES_CBC)
324 {
325 whack_log(RC_COMMENT,
326 "\"%s\"%s: IKE proposal: %s/%s/%s",
327 c->name, instance,
328 enum_show(&oakley_enc_names, st->st_oakley.encrypt),
329 enum_show(&oakley_hash_names, st->st_oakley.hash),
330 enum_show(&oakley_group_names, st->st_oakley.group->group)
331 );
332 }
333 else
334 {
335 whack_log(RC_COMMENT,
336 "\"%s\"%s: IKE proposal: %s_%u/%s/%s",
337 c->name, instance,
338 enum_show(&oakley_enc_names, st->st_oakley.encrypt),
339 st->st_oakley.enckeylen,
340 enum_show(&oakley_hash_names, st->st_oakley.hash),
341 enum_show(&oakley_group_names, st->st_oakley.group->group)
342 );
343 }
344 }
345 }
346
347 /**
348 * Apply a suite of testvectors to an encryption algorithm
349 */
350 static bool ike_encrypt_test(const struct encrypt_desc *desc)
351 {
352 bool encrypt_results = TRUE;
353
354 if (desc->enc_testvectors == NULL)
355 {
356 plog(" %s encryption self-test not available",
357 enum_name(&oakley_enc_names, desc->algo_id));
358 }
359 else
360 {
361 int i;
362 encryption_algorithm_t enc_alg;
363
364 enc_alg = oakley_to_encryption_algorithm(desc->algo_id);
365
366 for (i = 0; desc->enc_testvectors[i].key != NULL; i++)
367 {
368 bool result;
369 crypter_t *crypter;
370 chunk_t key = { (u_char*)desc->enc_testvectors[i].key,
371 desc->enc_testvectors[i].key_size };
372 chunk_t plain = { (u_char*)desc->enc_testvectors[i].plain,
373 desc->enc_testvectors[i].data_size};
374 chunk_t cipher = { (u_char*)desc->enc_testvectors[i].cipher,
375 desc->enc_testvectors[i].data_size};
376 chunk_t encrypted = chunk_empty;
377 chunk_t decrypted = chunk_empty;
378 chunk_t iv;
379
380 crypter = lib->crypto->create_crypter(lib->crypto, enc_alg, key.len);
381 if (crypter == NULL)
382 {
383 plog(" %s encryption function not available",
384 enum_name(&oakley_enc_names, desc->algo_id));
385 return FALSE;
386 }
387 iv = chunk_create((u_char*)desc->enc_testvectors[i].iv,
388 crypter->get_block_size(crypter));
389 crypter->set_key(crypter, key);
390 crypter->decrypt(crypter, cipher, iv, &decrypted);
391 result = chunk_equals(decrypted, plain);
392 crypter->encrypt(crypter, plain, iv, &encrypted);
393 result &= chunk_equals(encrypted, cipher);
394 DBG(DBG_CRYPT,
395 DBG_log(" enc testvector %d: %s", i, result ? "ok":"failed")
396 )
397 encrypt_results &= result;
398 crypter->destroy(crypter);
399 free(encrypted.ptr);
400 free(decrypted.ptr);
401 }
402 plog(" %s encryption self-test %s",
403 enum_name(&oakley_enc_names, desc->algo_id),
404 encrypt_results ? "passed":"failed");
405 }
406 return encrypt_results;
407 }
408
409 /**
410 * Apply a suite of testvectors to a hash algorithm
411 */
412 static bool ike_hash_test(const struct hash_desc *desc)
413 {
414 bool hash_results = TRUE;
415 bool hmac_results = TRUE;
416
417 if (desc->hash_testvectors == NULL)
418 {
419 plog(" %s hash self-test not available",
420 enum_name(&oakley_hash_names, desc->algo_id));
421 }
422 else
423 {
424 int i;
425 hash_algorithm_t hash_alg;
426 hasher_t *hasher;
427
428 hash_alg = oakley_to_hash_algorithm(desc->algo_id);
429 hasher = lib->crypto->create_hasher(lib->crypto, hash_alg);
430 if (hasher == NULL)
431 {
432 plog(" %s hash function not available",
433 enum_name(&oakley_hash_names, desc->algo_id));
434 return FALSE;
435 }
436
437 for (i = 0; desc->hash_testvectors[i].msg_digest != NULL; i++)
438 {
439 u_char digest[MAX_DIGEST_LEN];
440 chunk_t msg = { (u_char*)desc->hash_testvectors[i].msg,
441 desc->hash_testvectors[i].msg_size };
442 bool result;
443
444 hasher->get_hash(hasher, msg, digest);
445 result = memeq(digest, desc->hash_testvectors[i].msg_digest
446 , desc->hash_digest_size);
447 DBG(DBG_CRYPT,
448 DBG_log(" hash testvector %d: %s", i, result ? "ok":"failed")
449 )
450 hash_results &= result;
451 }
452 hasher->destroy(hasher);
453 plog(" %s hash self-test %s", enum_name(&oakley_hash_names, desc->algo_id),
454 hash_results ? "passed":"failed");
455 }
456
457 if (desc->hmac_testvectors == NULL)
458 {
459 plog(" %s hmac self-test not available", enum_name(&oakley_hash_names, desc->algo_id));
460 }
461 else
462 {
463 int i;
464 pseudo_random_function_t prf_alg;
465
466 prf_alg = oakley_to_prf(desc->algo_id);
467
468 for (i = 0; desc->hmac_testvectors[i].hmac != NULL; i++)
469 {
470 u_char digest[MAX_DIGEST_LEN];
471 chunk_t key = { (u_char*)desc->hmac_testvectors[i].key,
472 desc->hmac_testvectors[i].key_size };
473 chunk_t msg = { (u_char*)desc->hmac_testvectors[i].msg,
474 desc->hmac_testvectors[i].msg_size };
475 prf_t *prf;
476 bool result;
477
478 prf = lib->crypto->create_prf(lib->crypto, prf_alg);
479 if (prf == NULL)
480 {
481 plog(" %s hmac function not available",
482 enum_name(&oakley_hash_names, desc->algo_id));
483 return FALSE;
484 }
485 prf->set_key(prf, key);
486 prf->get_bytes(prf, msg, digest);
487 prf->destroy(prf);
488 result = memeq(digest, desc->hmac_testvectors[i].hmac,
489 desc->hash_digest_size);
490 DBG(DBG_CRYPT,
491 DBG_log(" hmac testvector %d: %s", i, result ? "ok":"failed")
492 )
493 hmac_results &= result;
494 }
495 plog(" %s hmac self-test %s", enum_name(&oakley_hash_names, desc->algo_id)
496 , hmac_results ? "passed":"failed");
497 }
498 return hash_results && hmac_results;
499 }
500
501 /**
502 * Apply test vectors to registered encryption and hash algorithms
503 */
504 bool ike_alg_test(void)
505 {
506 bool all_results = TRUE;
507 struct ike_alg *a;
508
509 plog("Testing registered IKE crypto algorithms:");
510
511 for (a = ike_alg_base[IKE_ALG_ENCRYPT]; a != NULL; a = a->algo_next)
512 {
513 struct encrypt_desc *desc = (struct encrypt_desc*)a;
514
515 all_results &= ike_encrypt_test(desc);
516 }
517
518 for (a = ike_alg_base[IKE_ALG_HASH]; a != NULL; a = a->algo_next)
519 {
520 struct hash_desc *desc = (struct hash_desc*)a;
521
522 all_results &= ike_hash_test(desc);
523 }
524
525 if (all_results)
526 plog("All crypto self-tests passed");
527 else
528 plog("Some crypto self-tests failed");
529 return all_results;
530 }
531
532 /**
533 * ML: make F_STRICT logic consider enc,hash/auth,modp algorithms
534 */
535 bool ike_alg_ok_final(u_int ealg, u_int key_len, u_int aalg, u_int group,
536 struct alg_info_ike *alg_info_ike)
537 {
538 /*
539 * simple test to discard low key_len, will accept it only
540 * if specified in "esp" string
541 */
542 bool ealg_insecure = (key_len < 128);
543
544 if (ealg_insecure
545 || (alg_info_ike && alg_info_ike->alg_info_flags & ALG_INFO_F_STRICT))
546 {
547 int i;
548 struct ike_info *ike_info;
549
550 if (alg_info_ike)
551 {
552 ALG_INFO_IKE_FOREACH(alg_info_ike, ike_info, i)
553 {
554 if (ike_info->ike_ealg == ealg
555 && (ike_info->ike_eklen == 0 || key_len == 0 || ike_info->ike_eklen == key_len)
556 && ike_info->ike_halg == aalg
557 && ike_info->ike_modp == group)
558 {
559 if (ealg_insecure)
560 loglog(RC_LOG_SERIOUS, "You should NOT use insecure IKE algorithms (%s)!"
561 , enum_name(&oakley_enc_names, ealg));
562 return TRUE;
563 }
564 }
565 }
566 plog("Oakley Transform [%s (%d), %s, %s] refused due to %s"
567 , enum_name(&oakley_enc_names, ealg), key_len
568 , enum_name(&oakley_hash_names, aalg)
569 , enum_name(&oakley_group_names, group)
570 , ealg_insecure ?
571 "insecure key_len and enc. alg. not listed in \"ike\" string" : "strict flag"
572 );
573 return FALSE;
574 }
575 return TRUE;
576 }
577