Merge branch 'master' of git.strongswan.org:~/strongswan into HEAD
[strongswan.git] / src / pluto / ike_alg.c
1 /* IKE modular algorithm handling interface
2 * Author: JuanJo Ciarlante <jjo-ipsec@mendoza.gov.ar>
3 *
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License as published by the
6 * Free Software Foundation; either version 2 of the License, or (at your
7 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
8 *
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * for more details.
13 */
14
15 #include <stdio.h>
16 #include <string.h>
17 #include <stdlib.h>
18 #include <errno.h>
19 #include <sys/queue.h>
20
21 #include <freeswan.h>
22 #include <ipsec_policy.h>
23
24 #include <library.h>
25 #include <crypto/hashers/hasher.h>
26 #include <crypto/prfs/prf.h>
27
28 #include "constants.h"
29 #include "defs.h"
30 #include "crypto.h"
31
32 #include "state.h"
33 #include "packet.h"
34 #include "log.h"
35 #include "whack.h"
36 #include "spdb.h"
37 #include "alg_info.h"
38 #include "ike_alg.h"
39 #include "db_ops.h"
40 #include "connections.h"
41 #include "kernel.h"
42
43 #define return_on(var, val) do { var=val;goto return_out; } while(0);
44
45 /*
46 * IKE algorithm list handling - registration and lookup
47 */
48
49 /* Modular IKE algorithm storage structure */
50
51 static struct ike_alg *ike_alg_base[IKE_ALG_MAX+1] = {NULL, NULL};
52
53 /*
54 * return ike_algo object by {type, id}
55 */
56 static struct ike_alg *
57 ike_alg_find(u_int algo_type, u_int algo_id, u_int keysize __attribute__((unused)))
58 {
59 struct ike_alg *e = ike_alg_base[algo_type];
60
61 while (e != NULL && algo_id > e->algo_id)
62 {
63 e = e->algo_next;
64 }
65 return (e != NULL && e->algo_id == algo_id) ? e : NULL;
66 }
67
68 /*
69 * "raw" ike_alg list adding function
70 */
71 int
72 ike_alg_add(struct ike_alg* a)
73 {
74 if (a->algo_type > IKE_ALG_MAX)
75 {
76 plog("ike_alg: Not added, invalid algorithm type");
77 return -EINVAL;
78 }
79
80 if (ike_alg_find(a->algo_type, a->algo_id, 0) != NULL)
81 {
82 plog("ike_alg: Not added, algorithm already exists");
83 return -EEXIST;
84 }
85
86 {
87 struct ike_alg **ep = &ike_alg_base[a->algo_type];
88 struct ike_alg *e = *ep;
89
90 while (e != NULL && a->algo_id > e->algo_id)
91 {
92 ep = &e->algo_next;
93 e = *ep;
94 }
95 *ep = a;
96 a->algo_next = e;
97 return 0;
98 }
99 }
100
101 /*
102 * get IKE hash algorithm
103 */
104 struct hash_desc *ike_alg_get_hasher(u_int alg)
105 {
106 return (struct hash_desc *) ike_alg_find(IKE_ALG_HASH, alg, 0);
107 }
108
109 /*
110 * get IKE encryption algorithm
111 */
112 struct encrypt_desc *ike_alg_get_encrypter(u_int alg)
113 {
114 return (struct encrypt_desc *) ike_alg_find(IKE_ALG_ENCRYPT, alg, 0);
115 }
116
117 /*
118 * check if IKE hash algorithm is present
119 */
120 bool
121 ike_alg_hash_present(u_int halg)
122 {
123 return ike_alg_get_hasher(halg) != NULL;
124 }
125
126 /*
127 * check if IKE encryption algorithm is present
128 */
129 bool
130 ike_alg_enc_present(u_int ealg)
131 {
132 return ike_alg_get_encrypter(ealg) != NULL;
133 }
134
135 /*
136 * Validate and register IKE hash algorithm object
137 */
138 int
139 ike_alg_register_hash(struct hash_desc *hash_desc)
140 {
141 const char *alg_name = NULL;
142 int ret = 0;
143
144 if (hash_desc->algo_id > OAKLEY_HASH_MAX)
145 {
146 plog ("ike_alg: hash alg=%d > max=%d"
147 , hash_desc->algo_id, OAKLEY_HASH_MAX);
148 return_on(ret,-EINVAL);
149 }
150
151 alg_name = enum_name(&oakley_hash_names, hash_desc->algo_id);
152 if (!alg_name)
153 {
154 plog ("ike_alg: hash alg=%d not found in constants.c:oakley_hash_names"
155 , hash_desc->algo_id);
156 alg_name = "<NULL>";
157 }
158
159 return_out:
160 if (ret == 0)
161 ret = ike_alg_add((struct ike_alg *)hash_desc);
162
163 plog("ike_alg: Activating %s hash: %s"
164 ,alg_name, ret == 0 ? "Ok" : "FAILED");
165
166 return ret;
167 }
168
169 /*
170 * Validate and register IKE encryption algorithm object
171 */
172 int
173 ike_alg_register_enc(struct encrypt_desc *enc_desc)
174 {
175 int ret = ike_alg_add((struct ike_alg *)enc_desc);
176
177 const char *alg_name = enum_name(&oakley_enc_names, enc_desc->algo_id);
178
179 char alg_number[20];
180
181 /* algorithm is not listed in oakley_enc_names */
182 if (alg_name == NULL)
183 {
184 snprintf(alg_number, sizeof(alg_number), "OAKLEY_ID_%d"
185 , enc_desc->algo_id);
186 alg_name = alg_number;
187 }
188
189 plog("ike_alg: Activating %s encryption: %s"
190 , alg_name, ret == 0 ? "Ok" : "FAILED");
191
192 return ret;
193 }
194
195 /*
196 * Get pfsgroup for this connection
197 */
198 const struct oakley_group_desc *
199 ike_alg_pfsgroup(struct connection *c, lset_t policy)
200 {
201 const struct oakley_group_desc * ret = NULL;
202
203 if ((policy & POLICY_PFS)
204 && c->alg_info_esp
205 && c->alg_info_esp->esp_pfsgroup)
206 ret = lookup_group(c->alg_info_esp->esp_pfsgroup);
207 return ret;
208 }
209
210 /*
211 * Create an OAKLEY proposal based on alg_info and policy
212 */
213 struct db_context *
214 ike_alg_db_new(struct alg_info_ike *ai , lset_t policy)
215 {
216 struct db_context *db_ctx = NULL;
217 struct ike_info *ike_info;
218 struct encrypt_desc *enc_desc;
219 u_int ealg, halg, modp, eklen = 0;
220 int i;
221
222 bool is_xauth_server = (policy & POLICY_XAUTH_SERVER) != LEMPTY;
223
224 if (!ai)
225 {
226 whack_log(RC_LOG_SERIOUS, "no IKE algorithms "
227 "for this connection "
228 "(check ike algorithm string)");
229 goto fail;
230 }
231 policy &= POLICY_ID_AUTH_MASK;
232 db_ctx = db_prop_new(PROTO_ISAKMP, 8, 8 * 5);
233
234 /* for each group */
235 ALG_INFO_IKE_FOREACH(ai, ike_info, i)
236 {
237 ealg = ike_info->ike_ealg;
238 halg = ike_info->ike_halg;
239 modp = ike_info->ike_modp;
240 eklen= ike_info->ike_eklen;
241
242 if (!ike_alg_enc_present(ealg))
243 {
244 DBG_log("ike_alg: ike enc ealg=%d not present"
245 , ealg);
246 continue;
247 }
248
249 if (!ike_alg_hash_present(halg))
250 {
251 DBG_log("ike_alg: ike hash halg=%d not present"
252 , halg);
253 continue;
254 }
255
256 enc_desc = ike_alg_get_encrypter(ealg);
257 passert(enc_desc != NULL);
258
259 if (eklen
260 && (eklen < enc_desc->keyminlen || eklen > enc_desc->keymaxlen))
261 {
262 DBG_log("ike_alg: ealg=%d (specified) keylen:%d, not valid min=%d, max=%d"
263 , ealg
264 , eklen
265 , enc_desc->keyminlen
266 , enc_desc->keymaxlen
267 );
268 continue;
269 }
270
271 if (policy & POLICY_RSASIG)
272 {
273 db_trans_add(db_ctx, KEY_IKE);
274 db_attr_add_values(db_ctx, OAKLEY_ENCRYPTION_ALGORITHM, ealg);
275 db_attr_add_values(db_ctx, OAKLEY_HASH_ALGORITHM, halg);
276 if (eklen)
277 db_attr_add_values(db_ctx, OAKLEY_KEY_LENGTH, eklen);
278 db_attr_add_values(db_ctx, OAKLEY_AUTHENTICATION_METHOD, OAKLEY_RSA_SIG);
279 db_attr_add_values(db_ctx, OAKLEY_GROUP_DESCRIPTION, modp);
280 }
281
282 if (policy & POLICY_PSK)
283 {
284 db_trans_add(db_ctx, KEY_IKE);
285 db_attr_add_values(db_ctx, OAKLEY_ENCRYPTION_ALGORITHM, ealg);
286 db_attr_add_values(db_ctx, OAKLEY_HASH_ALGORITHM, halg);
287 if (eklen)
288 db_attr_add_values(db_ctx, OAKLEY_KEY_LENGTH, eklen);
289 db_attr_add_values(db_ctx, OAKLEY_AUTHENTICATION_METHOD, OAKLEY_PRESHARED_KEY);
290 db_attr_add_values(db_ctx, OAKLEY_GROUP_DESCRIPTION, modp);
291 }
292
293 if (policy & POLICY_XAUTH_RSASIG)
294 {
295 db_trans_add(db_ctx, KEY_IKE);
296 db_attr_add_values(db_ctx, OAKLEY_ENCRYPTION_ALGORITHM, ealg);
297 db_attr_add_values(db_ctx, OAKLEY_HASH_ALGORITHM, halg);
298 if (eklen)
299 db_attr_add_values(db_ctx, OAKLEY_KEY_LENGTH, eklen);
300 db_attr_add_values(db_ctx, OAKLEY_AUTHENTICATION_METHOD
301 , is_xauth_server ? XAUTHRespRSA : XAUTHInitRSA);
302 db_attr_add_values(db_ctx, OAKLEY_GROUP_DESCRIPTION, modp);
303 }
304
305 if (policy & POLICY_XAUTH_PSK)
306 {
307 db_trans_add(db_ctx, KEY_IKE);
308 db_attr_add_values(db_ctx, OAKLEY_ENCRYPTION_ALGORITHM, ealg);
309 db_attr_add_values(db_ctx, OAKLEY_HASH_ALGORITHM, halg);
310 if (eklen)
311 db_attr_add_values(db_ctx, OAKLEY_KEY_LENGTH, eklen);
312 db_attr_add_values(db_ctx, OAKLEY_AUTHENTICATION_METHOD
313 , is_xauth_server ? XAUTHRespPreShared : XAUTHInitPreShared);
314 db_attr_add_values(db_ctx, OAKLEY_GROUP_DESCRIPTION, modp);
315 }
316 }
317 fail:
318 return db_ctx;
319 }
320
321 /*
322 * Show registered IKE algorithms
323 */
324 void
325 ike_alg_list(void)
326 {
327 u_int i;
328 struct ike_alg *a;
329
330 whack_log(RC_COMMENT, " ");
331 whack_log(RC_COMMENT, "List of registered IKE Encryption Algorithms:");
332 whack_log(RC_COMMENT, " ");
333
334 for (a = ike_alg_base[IKE_ALG_ENCRYPT]; a != NULL; a = a->algo_next)
335 {
336 struct encrypt_desc *desc = (struct encrypt_desc*)a;
337
338 whack_log(RC_COMMENT, "#%-5d %s, blocksize: %d, keylen: %d-%d-%d"
339 , a->algo_id
340 , enum_name(&oakley_enc_names, a->algo_id)
341 , (int)desc->enc_blocksize*BITS_PER_BYTE
342 , desc->keyminlen
343 , desc->keydeflen
344 , desc->keymaxlen
345 );
346 }
347
348 whack_log(RC_COMMENT, " ");
349 whack_log(RC_COMMENT, "List of registered IKE Hash Algorithms:");
350 whack_log(RC_COMMENT, " ");
351
352 for (a = ike_alg_base[IKE_ALG_HASH]; a != NULL; a = a->algo_next)
353 {
354 whack_log(RC_COMMENT, "#%-5d %s, hashsize: %d"
355 , a->algo_id
356 , enum_name(&oakley_hash_names, a->algo_id)
357 , (int)((struct hash_desc *)a)->hash_digest_size*BITS_PER_BYTE
358 );
359 }
360
361 whack_log(RC_COMMENT, " ");
362 whack_log(RC_COMMENT, "List of registered IKE DH Groups:");
363 whack_log(RC_COMMENT, " ");
364
365 for (i = 0; i < countof(oakley_group); i++)
366 {
367 const struct oakley_group_desc *gdesc=oakley_group + i;
368
369 whack_log(RC_COMMENT, "#%-5d %s, groupsize: %d"
370 , gdesc->group
371 , enum_name(&oakley_group_names, gdesc->group)
372 , (int)gdesc->bytes*BITS_PER_BYTE
373 );
374 }
375 }
376
377 /* Show IKE algorithms for
378 * - this connection (result from ike= string)
379 * - newest SA
380 */
381 void
382 ike_alg_show_connection(struct connection *c, const char *instance)
383 {
384 char buf[256];
385 struct state *st;
386
387 if (c->alg_info_ike)
388 {
389 alg_info_snprint(buf, sizeof(buf)-1, (struct alg_info *)c->alg_info_ike);
390 whack_log(RC_COMMENT
391 , "\"%s\"%s: IKE algorithms wanted: %s"
392 , c->name
393 , instance
394 , buf
395 );
396
397 alg_info_snprint_ike(buf, sizeof(buf)-1, c->alg_info_ike);
398 whack_log(RC_COMMENT
399 , "\"%s\"%s: IKE algorithms found: %s"
400 , c->name
401 , instance
402 , buf
403 );
404 }
405
406 st = state_with_serialno(c->newest_isakmp_sa);
407 if (st)
408 whack_log(RC_COMMENT
409 , "\"%s\"%s: IKE algorithm newest: %s_%d-%s-%s"
410 , c->name
411 , instance
412 , enum_show(&oakley_enc_names, st->st_oakley.encrypt)
413 +7 /* strlen("OAKLEY_") */
414 /* , st->st_oakley.encrypter->keydeflen */
415 , st->st_oakley.enckeylen
416 , enum_show(&oakley_hash_names, st->st_oakley.hash)
417 +7 /* strlen("OAKLEY_") */
418 , enum_show(&oakley_group_names, st->st_oakley.group->group)
419 +13 /* strlen("OAKLEY_GROUP_") */
420 );
421 }
422
423 /*
424 * Apply a suite of testvectors to a hash algorithm
425 */
426 static bool
427 ike_hash_test(const struct hash_desc *desc)
428 {
429 bool hash_results = TRUE;
430 bool hmac_results = TRUE;
431
432 if (desc->hash_testvectors == NULL)
433 {
434 plog(" %s hash self-test not available",
435 enum_name(&oakley_hash_names, desc->algo_id));
436 }
437 else
438 {
439 int i;
440 hash_algorithm_t hash_alg;
441 hasher_t *hasher;
442
443 hash_alg = oakley_to_hash_algorithm(desc->algo_id);
444 hasher = lib->crypto->create_hasher(lib->crypto, hash_alg);
445 if (hasher == NULL)
446 {
447 plog(" %s hash function not available",
448 enum_name(&oakley_hash_names, desc->algo_id));
449 return FALSE;
450 }
451
452 for (i = 0; desc->hash_testvectors[i].msg_digest != NULL; i++)
453 {
454 u_char digest[MAX_DIGEST_LEN];
455 chunk_t msg = { desc->hash_testvectors[i].msg,
456 desc->hash_testvectors[i].msg_size };
457 bool result;
458
459 hasher->get_hash(hasher, msg, digest);
460 result = memeq(digest, desc->hash_testvectors[i].msg_digest
461 , desc->hash_digest_size);
462 DBG(DBG_CRYPT,
463 DBG_log(" hash testvector %d: %s", i, result ? "ok":"failed")
464 )
465 hash_results &= result;
466 }
467 hasher->destroy(hasher);
468 plog(" %s hash self-test %s", enum_name(&oakley_hash_names, desc->algo_id),
469 hash_results ? "passed":"failed");
470 }
471
472 if (desc->hmac_testvectors == NULL)
473 {
474 plog(" %s hmac self-test not available", enum_name(&oakley_hash_names, desc->algo_id));
475 }
476 else
477 {
478 int i;
479 pseudo_random_function_t prf_alg;
480
481 prf_alg = oakley_to_prf(desc->algo_id);
482
483 for (i = 0; desc->hmac_testvectors[i].hmac != NULL; i++)
484 {
485 u_char digest[MAX_DIGEST_LEN];
486 chunk_t key = { desc->hmac_testvectors[i].key,
487 desc->hmac_testvectors[i].key_size };
488 chunk_t msg = { desc->hmac_testvectors[i].msg,
489 desc->hmac_testvectors[i].msg_size };
490 prf_t *prf;
491 bool result;
492
493 prf = lib->crypto->create_prf(lib->crypto, prf_alg);
494 if (prf == NULL)
495 {
496 plog(" %s hmac function not available",
497 enum_name(&oakley_hash_names, desc->algo_id));
498 return FALSE;
499 }
500 prf->set_key(prf, key);
501 prf->get_bytes(prf, msg, digest);
502 prf->destroy(prf);
503 result = memeq(digest, desc->hmac_testvectors[i].hmac,
504 desc->hash_digest_size);
505 DBG(DBG_CRYPT,
506 DBG_log(" hmac testvector %d: %s", i, result ? "ok":"failed")
507 )
508 hmac_results &= result;
509 }
510 plog(" %s hmac self-test %s", enum_name(&oakley_hash_names, desc->algo_id)
511 , hmac_results ? "passed":"failed");
512 }
513 return hash_results && hmac_results;
514 }
515
516 /*
517 * Apply test vectors to registered encryption and hash algorithms
518 */
519 bool
520 ike_alg_test(void)
521 {
522 bool all_results = TRUE;
523 struct ike_alg *a;
524
525 plog("Testing registered IKE encryption algorithms:");
526
527 for (a = ike_alg_base[IKE_ALG_ENCRYPT]; a != NULL; a = a->algo_next)
528 {
529 plog(" %s self-test not available", enum_name(&oakley_enc_names, a->algo_id));
530 }
531
532 plog("Testing registered IKE hash algorithms:");
533
534 for (a = ike_alg_base[IKE_ALG_HASH]; a != NULL; a = a->algo_next)
535 {
536 struct hash_desc *desc = (struct hash_desc*)a;
537
538 all_results &= ike_hash_test(desc);
539 }
540
541 if (all_results)
542 plog("All crypto self-tests passed");
543 else
544 plog("Some crypto self-tests failed");
545 return all_results;
546 }
547
548 /*
549 * ML: make F_STRICT logic consider enc,hash/auth,modp algorithms
550 */
551 bool
552 ike_alg_ok_final(u_int ealg, u_int key_len, u_int aalg, u_int group
553 , struct alg_info_ike *alg_info_ike)
554 {
555 /*
556 * simple test to discard low key_len, will accept it only
557 * if specified in "esp" string
558 */
559 bool ealg_insecure = (key_len < 128);
560
561 if (ealg_insecure
562 || (alg_info_ike && alg_info_ike->alg_info_flags & ALG_INFO_F_STRICT))
563 {
564 int i;
565 struct ike_info *ike_info;
566
567 if (alg_info_ike)
568 {
569 ALG_INFO_IKE_FOREACH(alg_info_ike, ike_info, i)
570 {
571 if (ike_info->ike_ealg == ealg
572 && (ike_info->ike_eklen == 0 || key_len == 0 || ike_info->ike_eklen == key_len)
573 && ike_info->ike_halg == aalg
574 && ike_info->ike_modp == group)
575 {
576 if (ealg_insecure)
577 loglog(RC_LOG_SERIOUS, "You should NOT use insecure IKE algorithms (%s)!"
578 , enum_name(&oakley_enc_names, ealg));
579 return TRUE;
580 }
581 }
582 }
583 plog("Oakley Transform [%s (%d), %s, %s] refused due to %s"
584 , enum_name(&oakley_enc_names, ealg), key_len
585 , enum_name(&oakley_hash_names, aalg)
586 , enum_name(&oakley_group_names, group)
587 , ealg_insecure ?
588 "insecure key_len and enc. alg. not listed in \"ike\" string" : "strict flag"
589 );
590 return FALSE;
591 }
592 return TRUE;
593 }
594