fixed all pluto compiler warnings
[strongswan.git] / src / pluto / ike_alg.c
1 /* IKE modular algorithm handling interface
2 * Author: JuanJo Ciarlante <jjo-ipsec@mendoza.gov.ar>
3 *
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License as published by the
6 * Free Software Foundation; either version 2 of the License, or (at your
7 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
8 *
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * for more details.
13 *
14 * RCSID $Id$
15 */
16
17 #include <stdio.h>
18 #include <string.h>
19 #include <stdlib.h>
20 #include <errno.h>
21 #include <sys/queue.h>
22
23 #include <freeswan.h>
24 #include <ipsec_policy.h>
25
26 #include "constants.h"
27 #include "defs.h"
28 #include "sha1.h"
29 #include "md5.h"
30 #include "crypto.h"
31
32 #include "state.h"
33 #include "packet.h"
34 #include "log.h"
35 #include "whack.h"
36 #include "spdb.h"
37 #include "alg_info.h"
38 #include "ike_alg.h"
39 #include "db_ops.h"
40 #include "connections.h"
41 #include "kernel.h"
42
43 #define return_on(var, val) do { var=val;goto return_out; } while(0);
44
45 /*
46 * IKE algorithm list handling - registration and lookup
47 */
48
49 /* Modular IKE algorithm storage structure */
50
51 static struct ike_alg *ike_alg_base[IKE_ALG_MAX+1] = {NULL, NULL};
52
53 /*
54 * return ike_algo object by {type, id}
55 */
56 static struct ike_alg *
57 ike_alg_find(u_int algo_type, u_int algo_id, u_int keysize __attribute__((unused)))
58 {
59 struct ike_alg *e = ike_alg_base[algo_type];
60
61 while (e != NULL && algo_id > e->algo_id)
62 {
63 e = e->algo_next;
64 }
65 return (e != NULL && e->algo_id == algo_id) ? e : NULL;
66 }
67
68 /*
69 * "raw" ike_alg list adding function
70 */
71 int
72 ike_alg_add(struct ike_alg* a)
73 {
74 if (a->algo_type > IKE_ALG_MAX)
75 {
76 plog("ike_alg: Not added, invalid algorithm type");
77 return -EINVAL;
78 }
79
80 if (ike_alg_find(a->algo_type, a->algo_id, 0) != NULL)
81 {
82 plog("ike_alg: Not added, algorithm already exists");
83 return -EEXIST;
84 }
85
86 {
87 struct ike_alg **ep = &ike_alg_base[a->algo_type];
88 struct ike_alg *e = *ep;
89
90 while (e != NULL && a->algo_id > e->algo_id)
91 {
92 ep = &e->algo_next;
93 e = *ep;
94 }
95 *ep = a;
96 a->algo_next = e;
97 return 0;
98 }
99 }
100
101 /*
102 * get IKE hash algorithm
103 */
104 struct hash_desc *ike_alg_get_hasher(u_int alg)
105 {
106 return (struct hash_desc *) ike_alg_find(IKE_ALG_HASH, alg, 0);
107 }
108
109 /*
110 * get IKE encryption algorithm
111 */
112 struct encrypt_desc *ike_alg_get_encrypter(u_int alg)
113 {
114 return (struct encrypt_desc *) ike_alg_find(IKE_ALG_ENCRYPT, alg, 0);
115 }
116
117 /*
118 * check if IKE hash algorithm is present
119 */
120 bool
121 ike_alg_hash_present(u_int halg)
122 {
123 return ike_alg_get_hasher(halg) != NULL;
124 }
125
126 /*
127 * check if IKE encryption algorithm is present
128 */
129 bool
130 ike_alg_enc_present(u_int ealg)
131 {
132 return ike_alg_get_encrypter(ealg) != NULL;
133 }
134
135 /*
136 * Validate and register IKE hash algorithm object
137 */
138 int
139 ike_alg_register_hash(struct hash_desc *hash_desc)
140 {
141 const char *alg_name = NULL;
142 int ret = 0;
143
144 if (hash_desc->algo_id > OAKLEY_HASH_MAX)
145 {
146 plog ("ike_alg: hash alg=%d > max=%d"
147 , hash_desc->algo_id, OAKLEY_HASH_MAX);
148 return_on(ret,-EINVAL);
149 }
150
151 if (hash_desc->hash_ctx_size > sizeof (union hash_ctx))
152 {
153 plog ("ike_alg: hash alg=%d has ctx_size=%d > hash_ctx=%d"
154 , hash_desc->algo_id
155 , (int)hash_desc->hash_ctx_size
156 , (int)sizeof (union hash_ctx));
157 return_on(ret,-EOVERFLOW);
158 }
159
160 if (!(hash_desc->hash_init && hash_desc->hash_update && hash_desc->hash_final))
161 {
162 plog ("ike_alg: hash alg=%d needs hash_init(), hash_update() and hash_final()"
163 , hash_desc->algo_id);
164 return_on(ret,-EINVAL);
165 }
166
167 alg_name = enum_name(&oakley_hash_names, hash_desc->algo_id);
168 if (!alg_name)
169 {
170 plog ("ike_alg: hash alg=%d not found in constants.c:oakley_hash_names"
171 , hash_desc->algo_id);
172 alg_name = "<NULL>";
173 }
174
175 return_out:
176 if (ret == 0)
177 ret = ike_alg_add((struct ike_alg *)hash_desc);
178
179 plog("ike_alg: Activating %s hash: %s"
180 ,alg_name, ret == 0 ? "Ok" : "FAILED");
181
182 return ret;
183 }
184
185 /*
186 * Validate and register IKE encryption algorithm object
187 */
188 int
189 ike_alg_register_enc(struct encrypt_desc *enc_desc)
190 {
191 int ret = ike_alg_add((struct ike_alg *)enc_desc);
192
193 const char *alg_name = enum_name(&oakley_enc_names, enc_desc->algo_id);
194
195 char alg_number[20];
196
197 /* algorithm is not listed in oakley_enc_names */
198 if (alg_name == NULL)
199 {
200 snprintf(alg_number, sizeof(alg_number), "OAKLEY_ID_%d"
201 , enc_desc->algo_id);
202 alg_name = alg_number;
203 }
204
205 plog("ike_alg: Activating %s encryption: %s"
206 , alg_name, ret == 0 ? "Ok" : "FAILED");
207
208 return ret;
209 }
210
211 /*
212 * Get pfsgroup for this connection
213 */
214 const struct oakley_group_desc *
215 ike_alg_pfsgroup(struct connection *c, lset_t policy)
216 {
217 const struct oakley_group_desc * ret = NULL;
218
219 if ((policy & POLICY_PFS)
220 && c->alg_info_esp
221 && c->alg_info_esp->esp_pfsgroup)
222 ret = lookup_group(c->alg_info_esp->esp_pfsgroup);
223 return ret;
224 }
225
226 /*
227 * Create an OAKLEY proposal based on alg_info and policy
228 */
229 struct db_context *
230 ike_alg_db_new(struct alg_info_ike *ai , lset_t policy)
231 {
232 struct db_context *db_ctx = NULL;
233 struct ike_info *ike_info;
234 struct encrypt_desc *enc_desc;
235 u_int ealg, halg, modp, eklen = 0;
236 int i;
237
238 bool is_xauth_server = (policy & POLICY_XAUTH_SERVER) != LEMPTY;
239
240 if (!ai)
241 {
242 whack_log(RC_LOG_SERIOUS, "no IKE algorithms "
243 "for this connection "
244 "(check ike algorithm string)");
245 goto fail;
246 }
247 policy &= POLICY_ID_AUTH_MASK;
248 db_ctx = db_prop_new(PROTO_ISAKMP, 8, 8 * 5);
249
250 /* for each group */
251 ALG_INFO_IKE_FOREACH(ai, ike_info, i)
252 {
253 ealg = ike_info->ike_ealg;
254 halg = ike_info->ike_halg;
255 modp = ike_info->ike_modp;
256 eklen= ike_info->ike_eklen;
257
258 if (!ike_alg_enc_present(ealg))
259 {
260 DBG_log("ike_alg: ike enc ealg=%d not present"
261 , ealg);
262 continue;
263 }
264
265 if (!ike_alg_hash_present(halg))
266 {
267 DBG_log("ike_alg: ike hash halg=%d not present"
268 , halg);
269 continue;
270 }
271
272 enc_desc = ike_alg_get_encrypter(ealg);
273 passert(enc_desc != NULL);
274
275 if (eklen
276 && (eklen < enc_desc->keyminlen || eklen > enc_desc->keymaxlen))
277 {
278 DBG_log("ike_alg: ealg=%d (specified) keylen:%d, not valid min=%d, max=%d"
279 , ealg
280 , eklen
281 , enc_desc->keyminlen
282 , enc_desc->keymaxlen
283 );
284 continue;
285 }
286
287 if (policy & POLICY_RSASIG)
288 {
289 db_trans_add(db_ctx, KEY_IKE);
290 db_attr_add_values(db_ctx, OAKLEY_ENCRYPTION_ALGORITHM, ealg);
291 db_attr_add_values(db_ctx, OAKLEY_HASH_ALGORITHM, halg);
292 if (eklen)
293 db_attr_add_values(db_ctx, OAKLEY_KEY_LENGTH, eklen);
294 db_attr_add_values(db_ctx, OAKLEY_AUTHENTICATION_METHOD, OAKLEY_RSA_SIG);
295 db_attr_add_values(db_ctx, OAKLEY_GROUP_DESCRIPTION, modp);
296 }
297
298 if (policy & POLICY_PSK)
299 {
300 db_trans_add(db_ctx, KEY_IKE);
301 db_attr_add_values(db_ctx, OAKLEY_ENCRYPTION_ALGORITHM, ealg);
302 db_attr_add_values(db_ctx, OAKLEY_HASH_ALGORITHM, halg);
303 if (eklen)
304 db_attr_add_values(db_ctx, OAKLEY_KEY_LENGTH, eklen);
305 db_attr_add_values(db_ctx, OAKLEY_AUTHENTICATION_METHOD, OAKLEY_PRESHARED_KEY);
306 db_attr_add_values(db_ctx, OAKLEY_GROUP_DESCRIPTION, modp);
307 }
308
309 if (policy & POLICY_XAUTH_RSASIG)
310 {
311 db_trans_add(db_ctx, KEY_IKE);
312 db_attr_add_values(db_ctx, OAKLEY_ENCRYPTION_ALGORITHM, ealg);
313 db_attr_add_values(db_ctx, OAKLEY_HASH_ALGORITHM, halg);
314 if (eklen)
315 db_attr_add_values(db_ctx, OAKLEY_KEY_LENGTH, eklen);
316 db_attr_add_values(db_ctx, OAKLEY_AUTHENTICATION_METHOD
317 , is_xauth_server ? XAUTHRespRSA : XAUTHInitRSA);
318 db_attr_add_values(db_ctx, OAKLEY_GROUP_DESCRIPTION, modp);
319 }
320
321 if (policy & POLICY_XAUTH_PSK)
322 {
323 db_trans_add(db_ctx, KEY_IKE);
324 db_attr_add_values(db_ctx, OAKLEY_ENCRYPTION_ALGORITHM, ealg);
325 db_attr_add_values(db_ctx, OAKLEY_HASH_ALGORITHM, halg);
326 if (eklen)
327 db_attr_add_values(db_ctx, OAKLEY_KEY_LENGTH, eklen);
328 db_attr_add_values(db_ctx, OAKLEY_AUTHENTICATION_METHOD
329 , is_xauth_server ? XAUTHRespPreShared : XAUTHInitPreShared);
330 db_attr_add_values(db_ctx, OAKLEY_GROUP_DESCRIPTION, modp);
331 }
332 }
333 fail:
334 return db_ctx;
335 }
336
337 /*
338 * Show registered IKE algorithms
339 */
340 void
341 ike_alg_list(void)
342 {
343 u_int i;
344 struct ike_alg *a;
345
346 whack_log(RC_COMMENT, " ");
347 whack_log(RC_COMMENT, "List of registered IKE Encryption Algorithms:");
348 whack_log(RC_COMMENT, " ");
349
350 for (a = ike_alg_base[IKE_ALG_ENCRYPT]; a != NULL; a = a->algo_next)
351 {
352 struct encrypt_desc *desc = (struct encrypt_desc*)a;
353
354 whack_log(RC_COMMENT, "#%-5d %s, blocksize: %d, keylen: %d-%d-%d"
355 , a->algo_id
356 , enum_name(&oakley_enc_names, a->algo_id)
357 , (int)desc->enc_blocksize*BITS_PER_BYTE
358 , desc->keyminlen
359 , desc->keydeflen
360 , desc->keymaxlen
361 );
362 }
363
364 whack_log(RC_COMMENT, " ");
365 whack_log(RC_COMMENT, "List of registered IKE Hash Algorithms:");
366 whack_log(RC_COMMENT, " ");
367
368 for (a = ike_alg_base[IKE_ALG_HASH]; a != NULL; a = a->algo_next)
369 {
370 whack_log(RC_COMMENT, "#%-5d %s, hashsize: %d"
371 , a->algo_id
372 , enum_name(&oakley_hash_names, a->algo_id)
373 , (int)((struct hash_desc *)a)->hash_digest_size*BITS_PER_BYTE
374 );
375 }
376
377 whack_log(RC_COMMENT, " ");
378 whack_log(RC_COMMENT, "List of registered IKE DH Groups:");
379 whack_log(RC_COMMENT, " ");
380
381 for (i = 0; i < elemsof(oakley_group); i++)
382 {
383 const struct oakley_group_desc *gdesc=oakley_group + i;
384
385 whack_log(RC_COMMENT, "#%-5d %s, groupsize: %d"
386 , gdesc->group
387 , enum_name(&oakley_group_names, gdesc->group)
388 , (int)gdesc->bytes*BITS_PER_BYTE
389 );
390 }
391 }
392
393 /* Show IKE algorithms for
394 * - this connection (result from ike= string)
395 * - newest SA
396 */
397 void
398 ike_alg_show_connection(struct connection *c, const char *instance)
399 {
400 char buf[256];
401 struct state *st;
402
403 if (c->alg_info_ike)
404 {
405 alg_info_snprint(buf, sizeof(buf)-1, (struct alg_info *)c->alg_info_ike);
406 whack_log(RC_COMMENT
407 , "\"%s\"%s: IKE algorithms wanted: %s"
408 , c->name
409 , instance
410 , buf
411 );
412
413 alg_info_snprint_ike(buf, sizeof(buf)-1, c->alg_info_ike);
414 whack_log(RC_COMMENT
415 , "\"%s\"%s: IKE algorithms found: %s"
416 , c->name
417 , instance
418 , buf
419 );
420 }
421
422 st = state_with_serialno(c->newest_isakmp_sa);
423 if (st)
424 whack_log(RC_COMMENT
425 , "\"%s\"%s: IKE algorithm newest: %s_%d-%s-%s"
426 , c->name
427 , instance
428 , enum_show(&oakley_enc_names, st->st_oakley.encrypt)
429 +7 /* strlen("OAKLEY_") */
430 /* , st->st_oakley.encrypter->keydeflen */
431 , st->st_oakley.enckeylen
432 , enum_show(&oakley_hash_names, st->st_oakley.hash)
433 +7 /* strlen("OAKLEY_") */
434 , enum_show(&oakley_group_names, st->st_oakley.group->group)
435 +13 /* strlen("OAKLEY_GROUP_") */
436 );
437 }
438
439 /*
440 * Apply a suite of testvectors to a hash algorithm
441 */
442 static bool
443 ike_hash_test(const struct hash_desc *desc)
444 {
445 bool hash_results = TRUE;
446 bool hmac_results = TRUE;
447
448 if (desc->hash_testvectors == NULL)
449 {
450 plog(" %s hash self-test not available", enum_name(&oakley_hash_names, desc->algo_id));
451 }
452 else
453 {
454 int i;
455
456 for (i = 0; desc->hash_testvectors[i].msg_digest != NULL; i++)
457 {
458 u_char digest[MAX_DIGEST_LEN];
459 bool result;
460
461 union hash_ctx ctx;
462
463 desc->hash_init(&ctx);
464 desc->hash_update(&ctx, desc->hash_testvectors[i].msg
465 ,desc->hash_testvectors[i].msg_size);
466 desc->hash_final(digest, &ctx);
467 result = memcmp(digest, desc->hash_testvectors[i].msg_digest
468 , desc->hash_digest_size) == 0;
469 DBG(DBG_CRYPT,
470 DBG_log(" hash testvector %d: %s", i, result ? "ok":"failed")
471 )
472 hash_results &= result;
473 }
474 plog(" %s hash self-test %s", enum_name(&oakley_hash_names, desc->algo_id)
475 , hash_results ? "passed":"failed");
476 }
477
478 if (desc->hmac_testvectors == NULL)
479 {
480 plog(" %s hmac self-test not available", enum_name(&oakley_hash_names, desc->algo_id));
481 }
482 else
483 {
484 int i;
485
486 for (i = 0; desc->hmac_testvectors[i].hmac != NULL; i++)
487 {
488 u_char digest[MAX_DIGEST_LEN];
489 bool result;
490
491 struct hmac_ctx ctx;
492
493 hmac_init(&ctx, desc, desc->hmac_testvectors[i].key
494 , desc->hmac_testvectors[i].key_size);
495 hmac_update(&ctx, desc->hmac_testvectors[i].msg
496 ,desc->hmac_testvectors[i].msg_size);
497 hmac_final(digest, &ctx);
498 result = memcmp(digest, desc->hmac_testvectors[i].hmac
499 , desc->hash_digest_size) == 0;
500 DBG(DBG_CRYPT,
501 DBG_log(" hmac testvector %d: %s", i, result ? "ok":"failed")
502 )
503 hmac_results &= result;
504 }
505 plog(" %s hmac self-test %s", enum_name(&oakley_hash_names, desc->algo_id)
506 , hmac_results ? "passed":"failed");
507 }
508 return hash_results && hmac_results;
509 }
510
511 /*
512 * Apply test vectors to registered encryption and hash algorithms
513 */
514 bool
515 ike_alg_test(void)
516 {
517 bool all_results = TRUE;
518 struct ike_alg *a;
519
520 plog("Testing registered IKE encryption algorithms:");
521
522 for (a = ike_alg_base[IKE_ALG_ENCRYPT]; a != NULL; a = a->algo_next)
523 {
524 plog(" %s self-test not available", enum_name(&oakley_enc_names, a->algo_id));
525 }
526
527 plog("Testing registered IKE hash algorithms:");
528
529 for (a = ike_alg_base[IKE_ALG_HASH]; a != NULL; a = a->algo_next)
530 {
531 struct hash_desc *desc = (struct hash_desc*)a;
532
533 all_results &= ike_hash_test(desc);
534 }
535
536 if (all_results)
537 plog("All crypto self-tests passed");
538 else
539 plog("Some crypto self-tests failed");
540 return all_results;
541 }
542
543 /*
544 * ML: make F_STRICT logic consider enc,hash/auth,modp algorithms
545 */
546 bool
547 ike_alg_ok_final(u_int ealg, u_int key_len, u_int aalg, u_int group
548 , struct alg_info_ike *alg_info_ike)
549 {
550 /*
551 * simple test to discard low key_len, will accept it only
552 * if specified in "esp" string
553 */
554 bool ealg_insecure = (key_len < 128);
555
556 if (ealg_insecure
557 || (alg_info_ike && alg_info_ike->alg_info_flags & ALG_INFO_F_STRICT))
558 {
559 int i;
560 struct ike_info *ike_info;
561
562 if (alg_info_ike)
563 {
564 ALG_INFO_IKE_FOREACH(alg_info_ike, ike_info, i)
565 {
566 if (ike_info->ike_ealg == ealg
567 && (ike_info->ike_eklen == 0 || key_len == 0 || ike_info->ike_eklen == key_len)
568 && ike_info->ike_halg == aalg
569 && ike_info->ike_modp == group)
570 {
571 if (ealg_insecure)
572 loglog(RC_LOG_SERIOUS, "You should NOT use insecure IKE algorithms (%s)!"
573 , enum_name(&oakley_enc_names, ealg));
574 return TRUE;
575 }
576 }
577 }
578 plog("Oakley Transform [%s (%d), %s, %s] refused due to %s"
579 , enum_name(&oakley_enc_names, ealg), key_len
580 , enum_name(&oakley_hash_names, aalg)
581 , enum_name(&oakley_group_names, group)
582 , ealg_insecure ?
583 "insecure key_len and enc. alg. not listed in \"ike\" string" : "strict flag"
584 );
585 return FALSE;
586 }
587 return TRUE;
588 }
589