added XAUTH server and client support
[strongswan.git] / src / pluto / ike_alg.c
1 /* IKE modular algorithm handling interface
2 * Author: JuanJo Ciarlante <jjo-ipsec@mendoza.gov.ar>
3 *
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License as published by the
6 * Free Software Foundation; either version 2 of the License, or (at your
7 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
8 *
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * for more details.
13 *
14 * RCSID $Id: ike_alg.c,v 1.6 2004/09/17 21:29:50 as Exp $
15 */
16
17 #include <stdio.h>
18 #include <string.h>
19 #include <stdlib.h>
20 #include <errno.h>
21 #include <sys/queue.h>
22
23 #include <freeswan.h>
24 #include <ipsec_policy.h>
25
26 #include "constants.h"
27 #include "defs.h"
28 #include "sha1.h"
29 #include "md5.h"
30 #include "crypto.h"
31
32 #include "state.h"
33 #include "packet.h"
34 #include "log.h"
35 #include "whack.h"
36 #include "spdb.h"
37 #include "alg_info.h"
38 #include "ike_alg.h"
39 #include "db_ops.h"
40 #include "connections.h"
41 #include "kernel.h"
42
43 #define return_on(var, val) do { var=val;goto return_out; } while(0);
44
45 /*
46 * IKE algorithm list handling - registration and lookup
47 */
48
49 /* Modular IKE algorithm storage structure */
50
51 static struct ike_alg *ike_alg_base[IKE_ALG_MAX+1] = {NULL, NULL};
52
53 /*
54 * return ike_algo object by {type, id}
55 */
56 static struct ike_alg *
57 ike_alg_find(u_int algo_type, u_int algo_id, u_int keysize __attribute__((unused)))
58 {
59 struct ike_alg *e = ike_alg_base[algo_type];
60
61 while (e != NULL && algo_id > e->algo_id)
62 {
63 e = e->algo_next;
64 }
65 return (e != NULL && e->algo_id == algo_id) ? e : NULL;
66 }
67
68 /*
69 * "raw" ike_alg list adding function
70 */
71 int
72 ike_alg_add(struct ike_alg* a)
73 {
74 if (a->algo_type > IKE_ALG_MAX)
75 {
76 plog("ike_alg: Not added, invalid algorithm type");
77 return -EINVAL;
78 }
79
80 if (ike_alg_find(a->algo_type, a->algo_id, 0) != NULL)
81 {
82 plog("ike_alg: Not added, algorithm already exists");
83 return -EEXIST;
84 }
85
86 {
87 struct ike_alg **ep = &ike_alg_base[a->algo_type];
88 struct ike_alg *e = *ep;
89
90 while (e != NULL && a->algo_id > e->algo_id)
91 {
92 ep = &e->algo_next;
93 e = *ep;
94 }
95 *ep = a;
96 a->algo_next = e;
97 return 0;
98 }
99 }
100
101 /*
102 * get IKE hash algorithm
103 */
104 struct hash_desc *ike_alg_get_hasher(u_int alg)
105 {
106 return (struct hash_desc *) ike_alg_find(IKE_ALG_HASH, alg, 0);
107 }
108
109 /*
110 * get IKE encryption algorithm
111 */
112 struct encrypt_desc *ike_alg_get_encrypter(u_int alg)
113 {
114 return (struct encrypt_desc *) ike_alg_find(IKE_ALG_ENCRYPT, alg, 0);
115 }
116
117 /*
118 * check if IKE hash algorithm is present
119 */
120 bool
121 ike_alg_hash_present(u_int halg)
122 {
123 return ike_alg_get_hasher(halg) != NULL;
124 }
125
126 /*
127 * check if IKE encryption algorithm is present
128 */
129 bool
130 ike_alg_enc_present(u_int ealg)
131 {
132 return ike_alg_get_encrypter(ealg) != NULL;
133 }
134
135 /*
136 * Validate and register IKE hash algorithm object
137 */
138 int
139 ike_alg_register_hash(struct hash_desc *hash_desc)
140 {
141 const char *alg_name = NULL;
142 int ret = 0;
143
144 if (hash_desc->algo_id > OAKLEY_HASH_MAX)
145 {
146 plog ("ike_alg: hash alg=%d > max=%d"
147 , hash_desc->algo_id, OAKLEY_HASH_MAX);
148 return_on(ret,-EINVAL);
149 }
150
151 if (hash_desc->hash_ctx_size > sizeof (union hash_ctx))
152 {
153 plog ("ike_alg: hash alg=%d has ctx_size=%d > hash_ctx=%d"
154 , hash_desc->algo_id
155 , (int)hash_desc->hash_ctx_size
156 , (int)sizeof (union hash_ctx));
157 return_on(ret,-EOVERFLOW);
158 }
159
160 if (!(hash_desc->hash_init && hash_desc->hash_update && hash_desc->hash_final))
161 {
162 plog ("ike_alg: hash alg=%d needs hash_init(), hash_update() and hash_final()"
163 , hash_desc->algo_id);
164 return_on(ret,-EINVAL);
165 }
166
167 alg_name = enum_name(&oakley_hash_names, hash_desc->algo_id);
168 if (!alg_name)
169 {
170 plog ("ike_alg: hash alg=%d not found in constants.c:oakley_hash_names"
171 , hash_desc->algo_id);
172 alg_name = "<NULL>";
173 }
174
175 return_out:
176 if (ret == 0)
177 ret = ike_alg_add((struct ike_alg *)hash_desc);
178
179 plog("ike_alg: Activating %s hash: %s"
180 ,alg_name, ret == 0 ? "Ok" : "FAILED");
181
182 return ret;
183 }
184
185 /*
186 * Validate and register IKE encryption algorithm object
187 */
188 int
189 ike_alg_register_enc(struct encrypt_desc *enc_desc)
190 {
191 int ret = ike_alg_add((struct ike_alg *)enc_desc);
192
193 const char *alg_name = enum_name(&oakley_enc_names, enc_desc->algo_id);
194
195 char alg_number[20];
196
197 /* algorithm is not listed in oakley_enc_names */
198 if (alg_name == NULL)
199 {
200 snprintf(alg_number, sizeof(alg_number), "OAKLEY_ID_%d"
201 , enc_desc->algo_id);
202 alg_name = alg_number;
203 }
204
205 plog("ike_alg: Activating %s encryption: %s"
206 , alg_name, ret == 0 ? "Ok" : "FAILED");
207
208 return ret;
209 }
210
211 /*
212 * Get pfsgroup for this connection
213 */
214 const struct oakley_group_desc *
215 ike_alg_pfsgroup(struct connection *c, lset_t policy)
216 {
217 const struct oakley_group_desc * ret = NULL;
218
219 if ((policy & POLICY_PFS)
220 && c->alg_info_esp
221 && c->alg_info_esp->esp_pfsgroup)
222 ret = lookup_group(c->alg_info_esp->esp_pfsgroup);
223 return ret;
224 }
225
226 /*
227 * Create an OAKLEY proposal based on alg_info and policy
228 */
229 struct db_context *
230 ike_alg_db_new(struct alg_info_ike *ai , lset_t policy)
231 {
232 struct db_context *db_ctx = NULL;
233 struct ike_info *ike_info;
234 u_int ealg, halg, modp, eklen = 0;
235 struct encrypt_desc *enc_desc;
236 bool is_xauth_server;
237 int i;
238
239 if (!ai)
240 {
241 whack_log(RC_LOG_SERIOUS, "no IKE algorithms "
242 "for this connection "
243 "(check ike algorithm string)");
244 goto fail;
245 }
246 policy &= POLICY_ID_AUTH_MASK;
247 db_ctx = db_prop_new(PROTO_ISAKMP, 8, 8 * 5);
248
249 /* for each group */
250 ALG_INFO_IKE_FOREACH(ai, ike_info, i)
251 {
252 ealg = ike_info->ike_ealg;
253 halg = ike_info->ike_halg;
254 modp = ike_info->ike_modp;
255 eklen= ike_info->ike_eklen;
256
257 if (!ike_alg_enc_present(ealg))
258 {
259 DBG_log("ike_alg: ike enc ealg=%d not present"
260 , ealg);
261 continue;
262 }
263
264 if (!ike_alg_hash_present(halg))
265 {
266 DBG_log("ike_alg: ike hash halg=%d not present"
267 , halg);
268 continue;
269 }
270
271 enc_desc = ike_alg_get_encrypter(ealg);
272 passert(enc_desc != NULL);
273
274 if (eklen
275 && (eklen < enc_desc->keyminlen || eklen > enc_desc->keymaxlen))
276 {
277 DBG_log("ike_alg: ealg=%d (specified) keylen:%d, not valid min=%d, max=%d"
278 , ealg
279 , eklen
280 , enc_desc->keyminlen
281 , enc_desc->keymaxlen
282 );
283 continue;
284 }
285
286 if (policy & POLICY_RSASIG)
287 {
288 db_trans_add(db_ctx, KEY_IKE);
289 db_attr_add_values(db_ctx, OAKLEY_ENCRYPTION_ALGORITHM, ealg);
290 db_attr_add_values(db_ctx, OAKLEY_HASH_ALGORITHM, halg);
291 if (eklen)
292 db_attr_add_values(db_ctx, OAKLEY_KEY_LENGTH, eklen);
293 db_attr_add_values(db_ctx, OAKLEY_AUTHENTICATION_METHOD, OAKLEY_RSA_SIG);
294 db_attr_add_values(db_ctx, OAKLEY_GROUP_DESCRIPTION, modp);
295 }
296
297 if (policy & POLICY_PSK)
298 {
299 db_trans_add(db_ctx, KEY_IKE);
300 db_attr_add_values(db_ctx, OAKLEY_ENCRYPTION_ALGORITHM, ealg);
301 db_attr_add_values(db_ctx, OAKLEY_HASH_ALGORITHM, halg);
302 if (eklen)
303 db_attr_add_values(db_ctx, OAKLEY_KEY_LENGTH, eklen);
304 db_attr_add_values(db_ctx, OAKLEY_AUTHENTICATION_METHOD, OAKLEY_PRESHARED_KEY);
305 db_attr_add_values(db_ctx, OAKLEY_GROUP_DESCRIPTION, modp);
306 }
307
308 is_xauth_server = (policy & POLICY_XAUTH_SERVER) != LEMPTY;
309
310 if (policy & POLICY_XAUTH_RSASIG)
311 {
312 db_trans_add(db_ctx, KEY_IKE);
313 db_attr_add_values(db_ctx, OAKLEY_ENCRYPTION_ALGORITHM, ealg);
314 db_attr_add_values(db_ctx, OAKLEY_HASH_ALGORITHM, halg);
315 if (eklen)
316 db_attr_add_values(db_ctx, OAKLEY_KEY_LENGTH, eklen);
317 db_attr_add_values(db_ctx, OAKLEY_AUTHENTICATION_METHOD
318 , is_xauth_server ? XAUTHRespRSA : XAUTHInitRSA);
319 db_attr_add_values(db_ctx, OAKLEY_GROUP_DESCRIPTION, modp);
320 }
321
322 if (policy & POLICY_XAUTH_PSK)
323 {
324 db_trans_add(db_ctx, KEY_IKE);
325 db_attr_add_values(db_ctx, OAKLEY_ENCRYPTION_ALGORITHM, ealg);
326 db_attr_add_values(db_ctx, OAKLEY_HASH_ALGORITHM, halg);
327 if (eklen)
328 db_attr_add_values(db_ctx, OAKLEY_KEY_LENGTH, eklen);
329 db_attr_add_values(db_ctx, OAKLEY_AUTHENTICATION_METHOD
330 , is_xauth_server ? XAUTHRespPreShared : XAUTHInitPreShared);
331 db_attr_add_values(db_ctx, OAKLEY_GROUP_DESCRIPTION, modp);
332 }
333 }
334 fail:
335 return db_ctx;
336 }
337
338 /*
339 * Show registered IKE algorithms
340 */
341 void
342 ike_alg_list(void)
343 {
344 u_int i;
345 struct ike_alg *a;
346
347 whack_log(RC_COMMENT, " ");
348 whack_log(RC_COMMENT, "List of registered IKE Encryption Algorithms:");
349 whack_log(RC_COMMENT, " ");
350
351 for (a = ike_alg_base[IKE_ALG_ENCRYPT]; a != NULL; a = a->algo_next)
352 {
353 struct encrypt_desc *desc = (struct encrypt_desc*)a;
354
355 whack_log(RC_COMMENT, "#%-5d %s, blocksize: %d, keylen: %d-%d-%d"
356 , a->algo_id
357 , enum_name(&oakley_enc_names, a->algo_id)
358 , (int)desc->enc_blocksize*BITS_PER_BYTE
359 , desc->keyminlen
360 , desc->keydeflen
361 , desc->keymaxlen
362 );
363 }
364
365 whack_log(RC_COMMENT, " ");
366 whack_log(RC_COMMENT, "List of registered IKE Hash Algorithms:");
367 whack_log(RC_COMMENT, " ");
368
369 for (a = ike_alg_base[IKE_ALG_HASH]; a != NULL; a = a->algo_next)
370 {
371 whack_log(RC_COMMENT, "#%-5d %s, hashsize: %d"
372 , a->algo_id
373 , enum_name(&oakley_hash_names, a->algo_id)
374 , (int)((struct hash_desc *)a)->hash_digest_size*BITS_PER_BYTE
375 );
376 }
377
378 whack_log(RC_COMMENT, " ");
379 whack_log(RC_COMMENT, "List of registered IKE DH Groups:");
380 whack_log(RC_COMMENT, " ");
381
382 for (i = 0; i < elemsof(oakley_group); i++)
383 {
384 const struct oakley_group_desc *gdesc=oakley_group + i;
385
386 whack_log(RC_COMMENT, "#%-5d %s, groupsize: %d"
387 , gdesc->group
388 , enum_name(&oakley_group_names, gdesc->group)
389 , (int)gdesc->bytes*BITS_PER_BYTE
390 );
391 }
392 }
393
394 /* Show IKE algorithms for
395 * - this connection (result from ike= string)
396 * - newest SA
397 */
398 void
399 ike_alg_show_connection(struct connection *c, const char *instance)
400 {
401 char buf[256];
402 struct state *st;
403
404 if (c->alg_info_ike)
405 {
406 alg_info_snprint(buf, sizeof(buf)-1, (struct alg_info *)c->alg_info_ike);
407 whack_log(RC_COMMENT
408 , "\"%s\"%s: IKE algorithms wanted: %s"
409 , c->name
410 , instance
411 , buf
412 );
413
414 alg_info_snprint_ike(buf, sizeof(buf)-1, c->alg_info_ike);
415 whack_log(RC_COMMENT
416 , "\"%s\"%s: IKE algorithms found: %s"
417 , c->name
418 , instance
419 , buf
420 );
421 }
422
423 st = state_with_serialno(c->newest_isakmp_sa);
424 if (st)
425 whack_log(RC_COMMENT
426 , "\"%s\"%s: IKE algorithm newest: %s_%d-%s-%s"
427 , c->name
428 , instance
429 , enum_show(&oakley_enc_names, st->st_oakley.encrypt)
430 +7 /* strlen("OAKLEY_") */
431 /* , st->st_oakley.encrypter->keydeflen */
432 , st->st_oakley.enckeylen
433 , enum_show(&oakley_hash_names, st->st_oakley.hash)
434 +7 /* strlen("OAKLEY_") */
435 , enum_show(&oakley_group_names, st->st_oakley.group->group)
436 +13 /* strlen("OAKLEY_GROUP_") */
437 );
438 }
439
440 /*
441 * ML: make F_STRICT logic consider enc,hash/auth,modp algorithms
442 */
443 bool
444 ike_alg_ok_final(u_int ealg, u_int key_len, u_int aalg, u_int group
445 , struct alg_info_ike *alg_info_ike)
446 {
447 /*
448 * simple test to discard low key_len, will accept it only
449 * if specified in "esp" string
450 */
451 bool ealg_insecure = (key_len < 128);
452
453 if (ealg_insecure
454 || (alg_info_ike && alg_info_ike->alg_info_flags & ALG_INFO_F_STRICT))
455 {
456 int i;
457 struct ike_info *ike_info;
458
459 if (alg_info_ike)
460 {
461 ALG_INFO_IKE_FOREACH(alg_info_ike, ike_info, i)
462 {
463 if (ike_info->ike_ealg == ealg
464 && (ike_info->ike_eklen == 0 || key_len == 0 || ike_info->ike_eklen == key_len)
465 && ike_info->ike_halg == aalg
466 && ike_info->ike_modp == group)
467 {
468 if (ealg_insecure)
469 loglog(RC_LOG_SERIOUS, "You should NOT use insecure IKE algorithms (%s)!"
470 , enum_name(&oakley_enc_names, ealg));
471 return TRUE;
472 }
473 }
474 }
475 plog("Oakley Transform [%s (%d), %s, %s] refused due to %s"
476 , enum_name(&oakley_enc_names, ealg), key_len
477 , enum_name(&oakley_hash_names, aalg)
478 , enum_name(&oakley_group_names, group)
479 , ealg_insecure ?
480 "insecure key_len and enc. alg. not listed in \"ike\" string" : "strict flag"
481 );
482 return FALSE;
483 }
484 return TRUE;
485 }
486