92d9e854ba98cdcc3e220e4a7e50bc8a754bdef8
[strongswan.git] / src / pluto / ike_alg.c
1 /* IKE modular algorithm handling interface
2 * Copyright (C) JuanJo Ciarlante <jjo-ipsec@mendoza.gov.ar>
3 * Copyright (C) 2009 Andreas Steffen - Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include <stdio.h>
17 #include <string.h>
18 #include <stdlib.h>
19 #include <errno.h>
20 #include <sys/queue.h>
21
22 #include <freeswan.h>
23
24 #include <library.h>
25 #include <debug.h>
26 #include <crypto/hashers/hasher.h>
27 #include <crypto/crypters/crypter.h>
28 #include <crypto/prfs/prf.h>
29
30 #include "constants.h"
31 #include "defs.h"
32 #include "crypto.h"
33
34 #include "state.h"
35 #include "packet.h"
36 #include "log.h"
37 #include "whack.h"
38 #include "spdb.h"
39 #include "alg_info.h"
40 #include "ike_alg.h"
41 #include "db_ops.h"
42 #include "connections.h"
43 #include "kernel.h"
44
45 #define return_on(var, val) do { var=val;goto return_out; } while(0);
46
47 /**
48 * IKE algorithm list handling - registration and lookup
49 */
50
51 /* Modular IKE algorithm storage structure */
52
53 static struct ike_alg *ike_alg_base[IKE_ALG_MAX+1] = {NULL, NULL};
54
55 /**
56 * Return ike_algo object by {type, id}
57 */
58 static struct ike_alg *ike_alg_find(u_int algo_type, u_int algo_id,
59 u_int keysize __attribute__((unused)))
60 {
61 struct ike_alg *e = ike_alg_base[algo_type];
62
63 while (e != NULL && algo_id > e->algo_id)
64 {
65 e = e->algo_next;
66 }
67 return (e != NULL && e->algo_id == algo_id) ? e : NULL;
68 }
69
70 /**
71 * "raw" ike_alg list adding function
72 */
73 int ike_alg_add(struct ike_alg* a)
74 {
75 if (a->algo_type > IKE_ALG_MAX)
76 {
77 plog("ike_alg: Not added, invalid algorithm type");
78 return -EINVAL;
79 }
80
81 if (ike_alg_find(a->algo_type, a->algo_id, 0) != NULL)
82 {
83 plog("ike_alg: Not added, algorithm already exists");
84 return -EEXIST;
85 }
86
87 {
88 struct ike_alg **ep = &ike_alg_base[a->algo_type];
89 struct ike_alg *e = *ep;
90
91 while (e != NULL && a->algo_id > e->algo_id)
92 {
93 ep = &e->algo_next;
94 e = *ep;
95 }
96 *ep = a;
97 a->algo_next = e;
98 return 0;
99 }
100 }
101
102 /**
103 * Get IKE hash algorithm
104 */
105 struct hash_desc *ike_alg_get_hasher(u_int alg)
106 {
107 return (struct hash_desc *) ike_alg_find(IKE_ALG_HASH, alg, 0);
108 }
109
110 /**
111 * Get IKE encryption algorithm
112 */
113 struct encrypt_desc *ike_alg_get_crypter(u_int alg)
114 {
115 return (struct encrypt_desc *) ike_alg_find(IKE_ALG_ENCRYPT, alg, 0);
116 }
117
118 /**
119 * Get IKE dh group
120 */
121 struct dh_desc *ike_alg_get_dh_group(u_int alg)
122 {
123 return (struct dh_desc *) ike_alg_find(IKE_ALG_DH_GROUP, alg, 0);
124 }
125
126 /**
127 * Get pfsgroup for this connection
128 */
129 const struct dh_desc *ike_alg_pfsgroup(struct connection *c, lset_t policy)
130 {
131 const struct dh_desc *ret = NULL;
132
133 if ((policy & POLICY_PFS) &&
134 c->alg_info_esp && c->alg_info_esp->esp_pfsgroup)
135 {
136 ret = ike_alg_get_dh_group(c->alg_info_esp->esp_pfsgroup);
137 }
138 return ret;
139 }
140
141 /**
142 * Create an OAKLEY proposal based on alg_info and policy
143 */
144 struct db_context *ike_alg_db_new(struct alg_info_ike *ai , lset_t policy)
145 {
146 struct db_context *db_ctx = NULL;
147 struct ike_info *ike_info;
148 struct encrypt_desc *enc_desc;
149 u_int ealg, halg, modp, eklen = 0;
150 int i;
151
152 bool is_xauth_server = (policy & POLICY_XAUTH_SERVER) != LEMPTY;
153
154 if (!ai)
155 {
156 whack_log(RC_LOG_SERIOUS, "no IKE algorithms "
157 "for this connection "
158 "(check ike algorithm string)");
159 goto fail;
160 }
161 policy &= POLICY_ID_AUTH_MASK;
162 db_ctx = db_prop_new(PROTO_ISAKMP, 8, 8 * 5);
163
164 /* for each group */
165 ALG_INFO_IKE_FOREACH(ai, ike_info, i)
166 {
167 ealg = ike_info->ike_ealg;
168 halg = ike_info->ike_halg;
169 modp = ike_info->ike_modp;
170 eklen= ike_info->ike_eklen;
171
172 if (!ike_alg_get_crypter(ealg))
173 {
174 DBG_log("ike_alg: ike crypter %s not present",
175 enum_show(&oakley_enc_names, ealg));
176 continue;
177 }
178 if (!ike_alg_get_hasher(halg))
179 {
180 DBG_log("ike_alg: ike hasher %s not present",
181 enum_show(&oakley_hash_names, halg));
182 continue;
183 }
184 if (!ike_alg_get_dh_group(modp))
185 {
186 DBG_log("ike_alg: ike dh group %s not present",
187 enum_show(&oakley_group_names, modp));
188 continue;
189 }
190 enc_desc = ike_alg_get_crypter(ealg);
191
192 if (policy & POLICY_RSASIG)
193 {
194 db_trans_add(db_ctx, KEY_IKE);
195 db_attr_add_values(db_ctx, OAKLEY_ENCRYPTION_ALGORITHM, ealg);
196 db_attr_add_values(db_ctx, OAKLEY_HASH_ALGORITHM, halg);
197 if (eklen)
198 db_attr_add_values(db_ctx, OAKLEY_KEY_LENGTH, eklen);
199 db_attr_add_values(db_ctx, OAKLEY_AUTHENTICATION_METHOD, OAKLEY_RSA_SIG);
200 db_attr_add_values(db_ctx, OAKLEY_GROUP_DESCRIPTION, modp);
201 }
202
203 if (policy & POLICY_PSK)
204 {
205 db_trans_add(db_ctx, KEY_IKE);
206 db_attr_add_values(db_ctx, OAKLEY_ENCRYPTION_ALGORITHM, ealg);
207 db_attr_add_values(db_ctx, OAKLEY_HASH_ALGORITHM, halg);
208 if (eklen)
209 db_attr_add_values(db_ctx, OAKLEY_KEY_LENGTH, eklen);
210 db_attr_add_values(db_ctx, OAKLEY_AUTHENTICATION_METHOD, OAKLEY_PRESHARED_KEY);
211 db_attr_add_values(db_ctx, OAKLEY_GROUP_DESCRIPTION, modp);
212 }
213
214 if (policy & POLICY_XAUTH_RSASIG)
215 {
216 db_trans_add(db_ctx, KEY_IKE);
217 db_attr_add_values(db_ctx, OAKLEY_ENCRYPTION_ALGORITHM, ealg);
218 db_attr_add_values(db_ctx, OAKLEY_HASH_ALGORITHM, halg);
219 if (eklen)
220 db_attr_add_values(db_ctx, OAKLEY_KEY_LENGTH, eklen);
221 db_attr_add_values(db_ctx, OAKLEY_AUTHENTICATION_METHOD
222 , is_xauth_server ? XAUTHRespRSA : XAUTHInitRSA);
223 db_attr_add_values(db_ctx, OAKLEY_GROUP_DESCRIPTION, modp);
224 }
225
226 if (policy & POLICY_XAUTH_PSK)
227 {
228 db_trans_add(db_ctx, KEY_IKE);
229 db_attr_add_values(db_ctx, OAKLEY_ENCRYPTION_ALGORITHM, ealg);
230 db_attr_add_values(db_ctx, OAKLEY_HASH_ALGORITHM, halg);
231 if (eklen)
232 db_attr_add_values(db_ctx, OAKLEY_KEY_LENGTH, eklen);
233 db_attr_add_values(db_ctx, OAKLEY_AUTHENTICATION_METHOD
234 , is_xauth_server ? XAUTHRespPreShared : XAUTHInitPreShared);
235 db_attr_add_values(db_ctx, OAKLEY_GROUP_DESCRIPTION, modp);
236 }
237 }
238 fail:
239 return db_ctx;
240 }
241
242 /**
243 * Show registered IKE algorithms
244 */
245 void ike_alg_list(void)
246 {
247 char buf[BUF_LEN];
248 char *pos;
249 int n, len;
250 struct ike_alg *a;
251
252 whack_log(RC_COMMENT, " ");
253 whack_log(RC_COMMENT, "List of registered IKEv1 Algorithms:");
254 whack_log(RC_COMMENT, " ");
255
256 pos = buf;
257 *pos = '\0';
258 len = BUF_LEN;
259 for (a = ike_alg_base[IKE_ALG_ENCRYPT]; a != NULL; a = a->algo_next)
260 {
261 n = snprintf(pos, len, " %s", enum_name(&oakley_enc_names, a->algo_id));
262 pos += n;
263 len -= n;
264 if (len <= 0)
265 {
266 break;
267 }
268 }
269 whack_log(RC_COMMENT, " encryption:%s", buf);
270
271 pos = buf;
272 *pos = '\0';
273 len = BUF_LEN;
274 for (a = ike_alg_base[IKE_ALG_HASH]; a != NULL; a = a->algo_next)
275 {
276 n = snprintf(pos, len, " %s", enum_name(&oakley_hash_names, a->algo_id));
277 pos += n;
278 len -= n;
279 if (len <= 0)
280 {
281 break;
282 }
283 }
284 whack_log(RC_COMMENT, " hasher: %s", buf);
285
286 pos = buf;
287 *pos = '\0';
288 len = BUF_LEN;
289 for (a = ike_alg_base[IKE_ALG_DH_GROUP]; a != NULL; a = a->algo_next)
290 {
291 n = snprintf(pos, len, " %s", enum_name(&oakley_group_names, a->algo_id));
292 pos += n;
293 len -= n;
294 if (len <= 0)
295 {
296 break;
297 }
298 }
299 whack_log(RC_COMMENT, " dh-group: %s", buf);
300 }
301
302 /**
303 * Show IKE algorithms for this connection (result from ike= string)
304 * and newest SA
305 */
306 void ike_alg_show_connection(struct connection *c, const char *instance)
307 {
308 struct state *st = state_with_serialno(c->newest_isakmp_sa);
309
310 if (st)
311 {
312 if (st->st_oakley.encrypt == OAKLEY_3DES_CBC)
313 {
314 whack_log(RC_COMMENT,
315 "\"%s\"%s: IKE proposal: %s/%s/%s",
316 c->name, instance,
317 enum_show(&oakley_enc_names, st->st_oakley.encrypt),
318 enum_show(&oakley_hash_names, st->st_oakley.hash),
319 enum_show(&oakley_group_names, st->st_oakley.group->algo_id)
320 );
321 }
322 else
323 {
324 whack_log(RC_COMMENT,
325 "\"%s\"%s: IKE proposal: %s_%u/%s/%s",
326 c->name, instance,
327 enum_show(&oakley_enc_names, st->st_oakley.encrypt),
328 st->st_oakley.enckeylen,
329 enum_show(&oakley_hash_names, st->st_oakley.hash),
330 enum_show(&oakley_group_names, st->st_oakley.group->algo_id)
331 );
332 }
333 }
334 }
335
336 /**
337 * Apply a suite of testvectors to an encryption algorithm
338 */
339 static bool ike_encrypt_test(const struct encrypt_desc *desc)
340 {
341 bool encrypt_results = TRUE;
342
343 if (desc->enc_testvectors == NULL)
344 {
345 plog(" %s encryption self-test not available",
346 enum_name(&oakley_enc_names, desc->algo_id));
347 }
348 else
349 {
350 int i;
351 encryption_algorithm_t enc_alg;
352
353 enc_alg = oakley_to_encryption_algorithm(desc->algo_id);
354
355 for (i = 0; desc->enc_testvectors[i].key != NULL; i++)
356 {
357 bool result;
358 crypter_t *crypter;
359 chunk_t key = { (u_char*)desc->enc_testvectors[i].key,
360 desc->enc_testvectors[i].key_size };
361 chunk_t plain = { (u_char*)desc->enc_testvectors[i].plain,
362 desc->enc_testvectors[i].data_size};
363 chunk_t cipher = { (u_char*)desc->enc_testvectors[i].cipher,
364 desc->enc_testvectors[i].data_size};
365 chunk_t encrypted = chunk_empty;
366 chunk_t decrypted = chunk_empty;
367 chunk_t iv;
368
369 crypter = lib->crypto->create_crypter(lib->crypto, enc_alg, key.len);
370 if (crypter == NULL)
371 {
372 plog(" %s encryption function not available",
373 enum_name(&oakley_enc_names, desc->algo_id));
374 return FALSE;
375 }
376 iv = chunk_create((u_char*)desc->enc_testvectors[i].iv,
377 crypter->get_block_size(crypter));
378 crypter->set_key(crypter, key);
379 crypter->decrypt(crypter, cipher, iv, &decrypted);
380 result = chunk_equals(decrypted, plain);
381 crypter->encrypt(crypter, plain, iv, &encrypted);
382 result &= chunk_equals(encrypted, cipher);
383 DBG(DBG_CRYPT,
384 DBG_log(" enc testvector %d: %s", i, result ? "ok":"failed")
385 )
386 encrypt_results &= result;
387 crypter->destroy(crypter);
388 free(encrypted.ptr);
389 free(decrypted.ptr);
390 }
391 plog(" %s encryption self-test %s",
392 enum_name(&oakley_enc_names, desc->algo_id),
393 encrypt_results ? "passed":"failed");
394 }
395 return encrypt_results;
396 }
397
398 /**
399 * Apply a suite of testvectors to a hash algorithm
400 */
401 static bool ike_hash_test(const struct hash_desc *desc)
402 {
403 bool hash_results = TRUE;
404 bool hmac_results = TRUE;
405
406 if (desc->hash_testvectors == NULL)
407 {
408 plog(" %s hash self-test not available",
409 enum_name(&oakley_hash_names, desc->algo_id));
410 }
411 else
412 {
413 int i;
414 hash_algorithm_t hash_alg;
415 hasher_t *hasher;
416
417 hash_alg = oakley_to_hash_algorithm(desc->algo_id);
418 hasher = lib->crypto->create_hasher(lib->crypto, hash_alg);
419 if (hasher == NULL)
420 {
421 plog(" %s hash function not available",
422 enum_name(&oakley_hash_names, desc->algo_id));
423 return FALSE;
424 }
425
426 for (i = 0; desc->hash_testvectors[i].msg_digest != NULL; i++)
427 {
428 u_char digest[MAX_DIGEST_LEN];
429 chunk_t msg = { (u_char*)desc->hash_testvectors[i].msg,
430 desc->hash_testvectors[i].msg_size };
431 bool result;
432
433 hasher->get_hash(hasher, msg, digest);
434 result = memeq(digest, desc->hash_testvectors[i].msg_digest
435 , desc->hash_digest_size);
436 DBG(DBG_CRYPT,
437 DBG_log(" hash testvector %d: %s", i, result ? "ok":"failed")
438 )
439 hash_results &= result;
440 }
441 hasher->destroy(hasher);
442 plog(" %s hash self-test %s", enum_name(&oakley_hash_names, desc->algo_id),
443 hash_results ? "passed":"failed");
444 }
445
446 if (desc->hmac_testvectors == NULL)
447 {
448 plog(" %s hmac self-test not available", enum_name(&oakley_hash_names, desc->algo_id));
449 }
450 else
451 {
452 int i;
453 pseudo_random_function_t prf_alg;
454
455 prf_alg = oakley_to_prf(desc->algo_id);
456
457 for (i = 0; desc->hmac_testvectors[i].hmac != NULL; i++)
458 {
459 u_char digest[MAX_DIGEST_LEN];
460 chunk_t key = { (u_char*)desc->hmac_testvectors[i].key,
461 desc->hmac_testvectors[i].key_size };
462 chunk_t msg = { (u_char*)desc->hmac_testvectors[i].msg,
463 desc->hmac_testvectors[i].msg_size };
464 prf_t *prf;
465 bool result;
466
467 prf = lib->crypto->create_prf(lib->crypto, prf_alg);
468 if (prf == NULL)
469 {
470 plog(" %s hmac function not available",
471 enum_name(&oakley_hash_names, desc->algo_id));
472 return FALSE;
473 }
474 prf->set_key(prf, key);
475 prf->get_bytes(prf, msg, digest);
476 prf->destroy(prf);
477 result = memeq(digest, desc->hmac_testvectors[i].hmac,
478 desc->hash_digest_size);
479 DBG(DBG_CRYPT,
480 DBG_log(" hmac testvector %d: %s", i, result ? "ok":"failed")
481 )
482 hmac_results &= result;
483 }
484 plog(" %s hmac self-test %s", enum_name(&oakley_hash_names, desc->algo_id)
485 , hmac_results ? "passed":"failed");
486 }
487 return hash_results && hmac_results;
488 }
489
490 /**
491 * Apply test vectors to registered encryption and hash algorithms
492 */
493 bool ike_alg_test(void)
494 {
495 bool all_results = TRUE;
496 struct ike_alg *a;
497
498 plog("Testing registered IKE crypto algorithms:");
499
500 for (a = ike_alg_base[IKE_ALG_ENCRYPT]; a != NULL; a = a->algo_next)
501 {
502 struct encrypt_desc *desc = (struct encrypt_desc*)a;
503
504 all_results &= ike_encrypt_test(desc);
505 }
506
507 for (a = ike_alg_base[IKE_ALG_HASH]; a != NULL; a = a->algo_next)
508 {
509 struct hash_desc *desc = (struct hash_desc*)a;
510
511 all_results &= ike_hash_test(desc);
512 }
513
514 if (all_results)
515 plog("All crypto self-tests passed");
516 else
517 plog("Some crypto self-tests failed");
518 return all_results;
519 }
520
521 /**
522 * ML: make F_STRICT logic consider enc,hash/auth,modp algorithms
523 */
524 bool ike_alg_ok_final(u_int ealg, u_int key_len, u_int aalg, u_int group,
525 struct alg_info_ike *alg_info_ike)
526 {
527 /*
528 * simple test to discard low key_len, will accept it only
529 * if specified in "esp" string
530 */
531 bool ealg_insecure = (key_len < 128);
532
533 if (ealg_insecure
534 || (alg_info_ike && alg_info_ike->alg_info_flags & ALG_INFO_F_STRICT))
535 {
536 int i;
537 struct ike_info *ike_info;
538
539 if (alg_info_ike)
540 {
541 ALG_INFO_IKE_FOREACH(alg_info_ike, ike_info, i)
542 {
543 if (ike_info->ike_ealg == ealg
544 && (ike_info->ike_eklen == 0 || key_len == 0 || ike_info->ike_eklen == key_len)
545 && ike_info->ike_halg == aalg
546 && ike_info->ike_modp == group)
547 {
548 if (ealg_insecure)
549 loglog(RC_LOG_SERIOUS, "You should NOT use insecure IKE algorithms (%s)!"
550 , enum_name(&oakley_enc_names, ealg));
551 return TRUE;
552 }
553 }
554 }
555 plog("Oakley Transform [%s (%d), %s, %s] refused due to %s"
556 , enum_name(&oakley_enc_names, ealg), key_len
557 , enum_name(&oakley_hash_names, aalg)
558 , enum_name(&oakley_group_names, group)
559 , ealg_insecure ?
560 "insecure key_len and enc. alg. not listed in \"ike\" string" : "strict flag"
561 );
562 return FALSE;
563 }
564 return TRUE;
565 }
566