1105 lines
26 KiB
C
1105 lines
26 KiB
C
/*
|
|
* Copyright (C) 2008-2016 Tobias Brunner
|
|
* Copyright (C) 2006-2010 Martin Willi
|
|
* Copyright (C) 2013-2015 Andreas Steffen
|
|
* Hochschule fuer Technik Rapperswil
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify it
|
|
* under the terms of the GNU General Public License as published by the
|
|
* Free Software Foundation; either version 2 of the License, or (at your
|
|
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
|
*
|
|
* This program is distributed in the hope that it will be useful, but
|
|
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
|
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
* for more details.
|
|
*/
|
|
|
|
#include <string.h>
|
|
|
|
#include "proposal.h"
|
|
|
|
#include <daemon.h>
|
|
#include <collections/array.h>
|
|
#include <utils/identification.h>
|
|
|
|
#include <crypto/transform.h>
|
|
#include <crypto/prfs/prf.h>
|
|
#include <crypto/crypters/crypter.h>
|
|
#include <crypto/signers/signer.h>
|
|
|
|
ENUM(protocol_id_names, PROTO_NONE, PROTO_IPCOMP,
|
|
"PROTO_NONE",
|
|
"IKE",
|
|
"AH",
|
|
"ESP",
|
|
"IPCOMP",
|
|
);
|
|
|
|
typedef struct private_proposal_t private_proposal_t;
|
|
|
|
/**
|
|
* Private data of an proposal_t object
|
|
*/
|
|
struct private_proposal_t {
|
|
|
|
/**
|
|
* Public part
|
|
*/
|
|
proposal_t public;
|
|
|
|
/**
|
|
* protocol (ESP or AH)
|
|
*/
|
|
protocol_id_t protocol;
|
|
|
|
/**
|
|
* Priority ordered list of transforms, as entry_t
|
|
*/
|
|
array_t *transforms;
|
|
|
|
/**
|
|
* senders SPI
|
|
*/
|
|
uint64_t spi;
|
|
|
|
/**
|
|
* Proposal number
|
|
*/
|
|
u_int number;
|
|
};
|
|
|
|
/**
|
|
* Struct used to store different kinds of algorithms.
|
|
*/
|
|
typedef struct {
|
|
/** Type of the transform */
|
|
transform_type_t type;
|
|
/** algorithm identifier */
|
|
uint16_t alg;
|
|
/** key size in bits, or zero if not needed */
|
|
uint16_t key_size;
|
|
} entry_t;
|
|
|
|
METHOD(proposal_t, add_algorithm, void,
|
|
private_proposal_t *this, transform_type_t type,
|
|
uint16_t alg, uint16_t key_size)
|
|
{
|
|
entry_t entry = {
|
|
.type = type,
|
|
.alg = alg,
|
|
.key_size = key_size,
|
|
};
|
|
|
|
array_insert(this->transforms, ARRAY_TAIL, &entry);
|
|
}
|
|
|
|
CALLBACK(alg_filter, bool,
|
|
uintptr_t type, enumerator_t *orig, va_list args)
|
|
{
|
|
entry_t *entry;
|
|
uint16_t *alg, *key_size;
|
|
|
|
VA_ARGS_VGET(args, alg, key_size);
|
|
|
|
while (orig->enumerate(orig, &entry))
|
|
{
|
|
if (entry->type != type)
|
|
{
|
|
continue;
|
|
}
|
|
if (alg)
|
|
{
|
|
*alg = entry->alg;
|
|
}
|
|
if (key_size)
|
|
{
|
|
*key_size = entry->key_size;
|
|
}
|
|
return TRUE;
|
|
}
|
|
return FALSE;
|
|
}
|
|
|
|
METHOD(proposal_t, create_enumerator, enumerator_t*,
|
|
private_proposal_t *this, transform_type_t type)
|
|
{
|
|
return enumerator_create_filter(
|
|
array_create_enumerator(this->transforms),
|
|
alg_filter, (void*)(uintptr_t)type, NULL);
|
|
}
|
|
|
|
METHOD(proposal_t, get_algorithm, bool,
|
|
private_proposal_t *this, transform_type_t type,
|
|
uint16_t *alg, uint16_t *key_size)
|
|
{
|
|
enumerator_t *enumerator;
|
|
bool found = FALSE;
|
|
|
|
enumerator = create_enumerator(this, type);
|
|
if (enumerator->enumerate(enumerator, alg, key_size))
|
|
{
|
|
found = TRUE;
|
|
}
|
|
enumerator->destroy(enumerator);
|
|
|
|
return found;
|
|
}
|
|
|
|
METHOD(proposal_t, has_dh_group, bool,
|
|
private_proposal_t *this, diffie_hellman_group_t group)
|
|
{
|
|
bool found = FALSE, any = FALSE;
|
|
enumerator_t *enumerator;
|
|
uint16_t current;
|
|
|
|
enumerator = create_enumerator(this, DIFFIE_HELLMAN_GROUP);
|
|
while (enumerator->enumerate(enumerator, ¤t, NULL))
|
|
{
|
|
any = TRUE;
|
|
if (current == group)
|
|
{
|
|
found = TRUE;
|
|
break;
|
|
}
|
|
}
|
|
enumerator->destroy(enumerator);
|
|
|
|
if (!any && group == MODP_NONE)
|
|
{
|
|
found = TRUE;
|
|
}
|
|
return found;
|
|
}
|
|
|
|
METHOD(proposal_t, strip_dh, void,
|
|
private_proposal_t *this, diffie_hellman_group_t keep)
|
|
{
|
|
enumerator_t *enumerator;
|
|
entry_t *entry;
|
|
|
|
enumerator = array_create_enumerator(this->transforms);
|
|
while (enumerator->enumerate(enumerator, &entry))
|
|
{
|
|
if (entry->type == DIFFIE_HELLMAN_GROUP &&
|
|
entry->alg != keep)
|
|
{
|
|
array_remove_at(this->transforms, enumerator);
|
|
}
|
|
}
|
|
enumerator->destroy(enumerator);
|
|
}
|
|
|
|
/**
|
|
* Select a matching proposal from this and other, insert into selected.
|
|
*/
|
|
static bool select_algo(private_proposal_t *this, proposal_t *other,
|
|
proposal_t *selected, transform_type_t type, bool priv)
|
|
{
|
|
enumerator_t *e1, *e2;
|
|
uint16_t alg1, alg2, ks1, ks2;
|
|
bool found = FALSE, optional = FALSE;
|
|
|
|
if (type == INTEGRITY_ALGORITHM &&
|
|
selected->get_algorithm(selected, ENCRYPTION_ALGORITHM, &alg1, NULL) &&
|
|
encryption_algorithm_is_aead(alg1))
|
|
{
|
|
/* no integrity algorithm required, we have an AEAD */
|
|
return TRUE;
|
|
}
|
|
if (type == DIFFIE_HELLMAN_GROUP)
|
|
{
|
|
optional = this->protocol == PROTO_ESP || this->protocol == PROTO_AH;
|
|
}
|
|
|
|
e1 = create_enumerator(this, type);
|
|
e2 = other->create_enumerator(other, type);
|
|
if (!e1->enumerate(e1, &alg1, NULL))
|
|
{
|
|
if (!e2->enumerate(e2, &alg2, NULL))
|
|
{
|
|
found = TRUE;
|
|
}
|
|
else if (optional)
|
|
{
|
|
do
|
|
{ /* if NONE is proposed, we accept the proposal */
|
|
found = !alg2;
|
|
}
|
|
while (!found && e2->enumerate(e2, &alg2, NULL));
|
|
}
|
|
}
|
|
else if (!e2->enumerate(e2, NULL, NULL))
|
|
{
|
|
if (optional)
|
|
{
|
|
do
|
|
{ /* if NONE is proposed, we accept the proposal */
|
|
found = !alg1;
|
|
}
|
|
while (!found && e1->enumerate(e1, &alg1, NULL));
|
|
}
|
|
}
|
|
|
|
e1->destroy(e1);
|
|
e1 = create_enumerator(this, type);
|
|
/* compare algs, order of algs in "first" is preferred */
|
|
while (!found && e1->enumerate(e1, &alg1, &ks1))
|
|
{
|
|
e2->destroy(e2);
|
|
e2 = other->create_enumerator(other, type);
|
|
while (e2->enumerate(e2, &alg2, &ks2))
|
|
{
|
|
if (alg1 == alg2 && ks1 == ks2)
|
|
{
|
|
if (!priv && alg1 >= 1024)
|
|
{
|
|
/* accept private use algorithms only if requested */
|
|
DBG1(DBG_CFG, "an algorithm from private space would match, "
|
|
"but peer implementation is unknown, skipped");
|
|
continue;
|
|
}
|
|
selected->add_algorithm(selected, type, alg1, ks1);
|
|
found = TRUE;
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
/* no match in all comparisons */
|
|
e1->destroy(e1);
|
|
e2->destroy(e2);
|
|
|
|
if (!found)
|
|
{
|
|
DBG2(DBG_CFG, " no acceptable %N found", transform_type_names, type);
|
|
}
|
|
return found;
|
|
}
|
|
|
|
METHOD(proposal_t, select_proposal, proposal_t*,
|
|
private_proposal_t *this, proposal_t *other, bool other_remote,
|
|
bool private)
|
|
{
|
|
proposal_t *selected;
|
|
|
|
DBG2(DBG_CFG, "selecting proposal:");
|
|
|
|
if (this->protocol != other->get_protocol(other))
|
|
{
|
|
DBG2(DBG_CFG, " protocol mismatch, skipping");
|
|
return NULL;
|
|
}
|
|
|
|
if (other_remote)
|
|
{
|
|
selected = proposal_create(this->protocol, other->get_number(other));
|
|
selected->set_spi(selected, other->get_spi(other));
|
|
}
|
|
else
|
|
{
|
|
selected = proposal_create(this->protocol, this->number);
|
|
selected->set_spi(selected, this->spi);
|
|
|
|
}
|
|
|
|
if (!select_algo(this, other, selected, ENCRYPTION_ALGORITHM, private) ||
|
|
!select_algo(this, other, selected, PSEUDO_RANDOM_FUNCTION, private) ||
|
|
!select_algo(this, other, selected, INTEGRITY_ALGORITHM, private) ||
|
|
!select_algo(this, other, selected, DIFFIE_HELLMAN_GROUP, private) ||
|
|
!select_algo(this, other, selected, EXTENDED_SEQUENCE_NUMBERS, private))
|
|
{
|
|
selected->destroy(selected);
|
|
return NULL;
|
|
}
|
|
|
|
DBG2(DBG_CFG, " proposal matches");
|
|
return selected;
|
|
}
|
|
|
|
METHOD(proposal_t, get_protocol, protocol_id_t,
|
|
private_proposal_t *this)
|
|
{
|
|
return this->protocol;
|
|
}
|
|
|
|
METHOD(proposal_t, set_spi, void,
|
|
private_proposal_t *this, uint64_t spi)
|
|
{
|
|
this->spi = spi;
|
|
}
|
|
|
|
METHOD(proposal_t, get_spi, uint64_t,
|
|
private_proposal_t *this)
|
|
{
|
|
return this->spi;
|
|
}
|
|
|
|
/**
|
|
* Check if two proposals have the same algorithms for a given transform type
|
|
*/
|
|
static bool algo_list_equals(private_proposal_t *this, proposal_t *other,
|
|
transform_type_t type)
|
|
{
|
|
enumerator_t *e1, *e2;
|
|
uint16_t alg1, alg2, ks1, ks2;
|
|
bool equals = TRUE;
|
|
|
|
e1 = create_enumerator(this, type);
|
|
e2 = other->create_enumerator(other, type);
|
|
while (e1->enumerate(e1, &alg1, &ks1))
|
|
{
|
|
if (!e2->enumerate(e2, &alg2, &ks2))
|
|
{
|
|
/* this has more algs */
|
|
equals = FALSE;
|
|
break;
|
|
}
|
|
if (alg1 != alg2 || ks1 != ks2)
|
|
{
|
|
equals = FALSE;
|
|
break;
|
|
}
|
|
}
|
|
if (e2->enumerate(e2, &alg2, &ks2))
|
|
{
|
|
/* other has more algs */
|
|
equals = FALSE;
|
|
}
|
|
e1->destroy(e1);
|
|
e2->destroy(e2);
|
|
|
|
return equals;
|
|
}
|
|
|
|
METHOD(proposal_t, get_number, u_int,
|
|
private_proposal_t *this)
|
|
{
|
|
return this->number;
|
|
}
|
|
|
|
METHOD(proposal_t, equals, bool,
|
|
private_proposal_t *this, proposal_t *other)
|
|
{
|
|
if (&this->public == other)
|
|
{
|
|
return TRUE;
|
|
}
|
|
return (
|
|
algo_list_equals(this, other, ENCRYPTION_ALGORITHM) &&
|
|
algo_list_equals(this, other, INTEGRITY_ALGORITHM) &&
|
|
algo_list_equals(this, other, PSEUDO_RANDOM_FUNCTION) &&
|
|
algo_list_equals(this, other, DIFFIE_HELLMAN_GROUP) &&
|
|
algo_list_equals(this, other, EXTENDED_SEQUENCE_NUMBERS));
|
|
}
|
|
|
|
METHOD(proposal_t, clone_, proposal_t*,
|
|
private_proposal_t *this)
|
|
{
|
|
private_proposal_t *clone;
|
|
enumerator_t *enumerator;
|
|
entry_t *entry;
|
|
|
|
clone = (private_proposal_t*)proposal_create(this->protocol, 0);
|
|
|
|
enumerator = array_create_enumerator(this->transforms);
|
|
while (enumerator->enumerate(enumerator, &entry))
|
|
{
|
|
array_insert(clone->transforms, ARRAY_TAIL, entry);
|
|
}
|
|
enumerator->destroy(enumerator);
|
|
|
|
clone->spi = this->spi;
|
|
clone->number = this->number;
|
|
|
|
return &clone->public;
|
|
}
|
|
|
|
/**
|
|
* Map integrity algorithms to the PRF functions using the same algorithm.
|
|
*/
|
|
static const struct {
|
|
integrity_algorithm_t integ;
|
|
pseudo_random_function_t prf;
|
|
} integ_prf_map[] = {
|
|
{AUTH_HMAC_SHA1_96, PRF_HMAC_SHA1 },
|
|
{AUTH_HMAC_SHA1_160, PRF_HMAC_SHA1 },
|
|
{AUTH_HMAC_SHA2_256_128, PRF_HMAC_SHA2_256 },
|
|
{AUTH_HMAC_SHA2_384_192, PRF_HMAC_SHA2_384 },
|
|
{AUTH_HMAC_SHA2_512_256, PRF_HMAC_SHA2_512 },
|
|
{AUTH_HMAC_MD5_96, PRF_HMAC_MD5 },
|
|
{AUTH_HMAC_MD5_128, PRF_HMAC_MD5 },
|
|
{AUTH_AES_XCBC_96, PRF_AES128_XCBC },
|
|
{AUTH_CAMELLIA_XCBC_96, PRF_CAMELLIA128_XCBC },
|
|
{AUTH_AES_CMAC_96, PRF_AES128_CMAC },
|
|
};
|
|
|
|
/**
|
|
* Remove all entries of the given transform type
|
|
*/
|
|
static void remove_transform(private_proposal_t *this, transform_type_t type)
|
|
{
|
|
enumerator_t *e;
|
|
entry_t *entry;
|
|
|
|
e = array_create_enumerator(this->transforms);
|
|
while (e->enumerate(e, &entry))
|
|
{
|
|
if (entry->type == type)
|
|
{
|
|
array_remove_at(this->transforms, e);
|
|
}
|
|
}
|
|
e->destroy(e);
|
|
}
|
|
|
|
/**
|
|
* Checks the proposal read from a string.
|
|
*/
|
|
static bool check_proposal(private_proposal_t *this)
|
|
{
|
|
enumerator_t *e;
|
|
entry_t *entry;
|
|
uint16_t alg, ks;
|
|
bool all_aead = TRUE, any_aead = FALSE, any_enc = FALSE;
|
|
int i;
|
|
|
|
if (this->protocol == PROTO_IKE)
|
|
{
|
|
if (!get_algorithm(this, PSEUDO_RANDOM_FUNCTION, NULL, NULL))
|
|
{ /* No explicit PRF found. We assume the same algorithm as used
|
|
* for integrity checking. */
|
|
e = create_enumerator(this, INTEGRITY_ALGORITHM);
|
|
while (e->enumerate(e, &alg, &ks))
|
|
{
|
|
for (i = 0; i < countof(integ_prf_map); i++)
|
|
{
|
|
if (alg == integ_prf_map[i].integ)
|
|
{
|
|
add_algorithm(this, PSEUDO_RANDOM_FUNCTION,
|
|
integ_prf_map[i].prf, 0);
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
e->destroy(e);
|
|
}
|
|
if (!get_algorithm(this, PSEUDO_RANDOM_FUNCTION, NULL, NULL))
|
|
{
|
|
DBG1(DBG_CFG, "a PRF algorithm is mandatory in IKE proposals");
|
|
return FALSE;
|
|
}
|
|
/* remove MODP_NONE from IKE proposal */
|
|
e = array_create_enumerator(this->transforms);
|
|
while (e->enumerate(e, &entry))
|
|
{
|
|
if (entry->type == DIFFIE_HELLMAN_GROUP && !entry->alg)
|
|
{
|
|
array_remove_at(this->transforms, e);
|
|
}
|
|
}
|
|
e->destroy(e);
|
|
if (!get_algorithm(this, DIFFIE_HELLMAN_GROUP, NULL, NULL))
|
|
{
|
|
DBG1(DBG_CFG, "a DH group is mandatory in IKE proposals");
|
|
return FALSE;
|
|
}
|
|
}
|
|
else
|
|
{ /* remove PRFs from ESP/AH proposals */
|
|
remove_transform(this, PSEUDO_RANDOM_FUNCTION);
|
|
}
|
|
|
|
if (this->protocol == PROTO_IKE || this->protocol == PROTO_ESP)
|
|
{
|
|
e = create_enumerator(this, ENCRYPTION_ALGORITHM);
|
|
while (e->enumerate(e, &alg, &ks))
|
|
{
|
|
any_enc = TRUE;
|
|
if (encryption_algorithm_is_aead(alg))
|
|
{
|
|
any_aead = TRUE;
|
|
continue;
|
|
}
|
|
all_aead = FALSE;
|
|
}
|
|
e->destroy(e);
|
|
|
|
if (!any_enc)
|
|
{
|
|
DBG1(DBG_CFG, "an encryption algorithm is mandatory in %N proposals",
|
|
protocol_id_names, this->protocol);
|
|
return FALSE;
|
|
}
|
|
else if (any_aead && !all_aead)
|
|
{
|
|
DBG1(DBG_CFG, "classic and combined-mode (AEAD) encryption "
|
|
"algorithms can't be contained in the same %N proposal",
|
|
protocol_id_names, this->protocol);
|
|
return FALSE;
|
|
}
|
|
else if (all_aead)
|
|
{ /* if all encryption algorithms in the proposal are AEADs,
|
|
* we MUST NOT propose any integrity algorithms */
|
|
remove_transform(this, INTEGRITY_ALGORITHM);
|
|
}
|
|
}
|
|
else
|
|
{ /* AES-GMAC is parsed as encryption algorithm, so we map that to the
|
|
* proper integrity algorithm */
|
|
e = array_create_enumerator(this->transforms);
|
|
while (e->enumerate(e, &entry))
|
|
{
|
|
if (entry->type == ENCRYPTION_ALGORITHM)
|
|
{
|
|
if (entry->alg == ENCR_NULL_AUTH_AES_GMAC)
|
|
{
|
|
entry->type = INTEGRITY_ALGORITHM;
|
|
ks = entry->key_size;
|
|
entry->key_size = 0;
|
|
switch (ks)
|
|
{
|
|
case 128:
|
|
entry->alg = AUTH_AES_128_GMAC;
|
|
continue;
|
|
case 192:
|
|
entry->alg = AUTH_AES_192_GMAC;
|
|
continue;
|
|
case 256:
|
|
entry->alg = AUTH_AES_256_GMAC;
|
|
continue;
|
|
default:
|
|
break;
|
|
}
|
|
}
|
|
/* remove all other encryption algorithms */
|
|
array_remove_at(this->transforms, e);
|
|
}
|
|
}
|
|
e->destroy(e);
|
|
|
|
if (!get_algorithm(this, INTEGRITY_ALGORITHM, NULL, NULL))
|
|
{
|
|
DBG1(DBG_CFG, "an integrity algorithm is mandatory in AH "
|
|
"proposals");
|
|
return FALSE;
|
|
}
|
|
}
|
|
|
|
if (this->protocol == PROTO_AH || this->protocol == PROTO_ESP)
|
|
{
|
|
if (!get_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NULL, NULL))
|
|
{ /* ESN not specified, assume not supported */
|
|
add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
|
|
}
|
|
}
|
|
|
|
array_compress(this->transforms);
|
|
return TRUE;
|
|
}
|
|
|
|
/**
|
|
* add a algorithm identified by a string to the proposal.
|
|
*/
|
|
static bool add_string_algo(private_proposal_t *this, const char *alg)
|
|
{
|
|
const proposal_token_t *token;
|
|
|
|
token = lib->proposal->get_token(lib->proposal, alg);
|
|
if (token == NULL)
|
|
{
|
|
DBG1(DBG_CFG, "algorithm '%s' not recognized", alg);
|
|
return FALSE;
|
|
}
|
|
|
|
add_algorithm(this, token->type, token->algorithm, token->keysize);
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
/**
|
|
* print all algorithms of a kind to buffer
|
|
*/
|
|
static int print_alg(private_proposal_t *this, printf_hook_data_t *data,
|
|
u_int kind, void *names, bool *first)
|
|
{
|
|
enumerator_t *enumerator;
|
|
size_t written = 0;
|
|
uint16_t alg, size;
|
|
|
|
enumerator = create_enumerator(this, kind);
|
|
while (enumerator->enumerate(enumerator, &alg, &size))
|
|
{
|
|
if (*first)
|
|
{
|
|
written += print_in_hook(data, "%N", names, alg);
|
|
*first = FALSE;
|
|
}
|
|
else
|
|
{
|
|
written += print_in_hook(data, "/%N", names, alg);
|
|
}
|
|
if (size)
|
|
{
|
|
written += print_in_hook(data, "_%u", size);
|
|
}
|
|
}
|
|
enumerator->destroy(enumerator);
|
|
return written;
|
|
}
|
|
|
|
/**
|
|
* Described in header.
|
|
*/
|
|
int proposal_printf_hook(printf_hook_data_t *data, printf_hook_spec_t *spec,
|
|
const void *const *args)
|
|
{
|
|
private_proposal_t *this = *((private_proposal_t**)(args[0]));
|
|
linked_list_t *list = *((linked_list_t**)(args[0]));
|
|
enumerator_t *enumerator;
|
|
size_t written = 0;
|
|
bool first = TRUE;
|
|
|
|
if (this == NULL)
|
|
{
|
|
return print_in_hook(data, "(null)");
|
|
}
|
|
|
|
if (spec->hash)
|
|
{
|
|
enumerator = list->create_enumerator(list);
|
|
while (enumerator->enumerate(enumerator, &this))
|
|
{ /* call recursivly */
|
|
if (first)
|
|
{
|
|
written += print_in_hook(data, "%P", this);
|
|
first = FALSE;
|
|
}
|
|
else
|
|
{
|
|
written += print_in_hook(data, ", %P", this);
|
|
}
|
|
}
|
|
enumerator->destroy(enumerator);
|
|
return written;
|
|
}
|
|
|
|
written = print_in_hook(data, "%N:", protocol_id_names, this->protocol);
|
|
written += print_alg(this, data, ENCRYPTION_ALGORITHM,
|
|
encryption_algorithm_names, &first);
|
|
written += print_alg(this, data, INTEGRITY_ALGORITHM,
|
|
integrity_algorithm_names, &first);
|
|
written += print_alg(this, data, PSEUDO_RANDOM_FUNCTION,
|
|
pseudo_random_function_names, &first);
|
|
written += print_alg(this, data, DIFFIE_HELLMAN_GROUP,
|
|
diffie_hellman_group_names, &first);
|
|
written += print_alg(this, data, EXTENDED_SEQUENCE_NUMBERS,
|
|
extended_sequence_numbers_names, &first);
|
|
return written;
|
|
}
|
|
|
|
METHOD(proposal_t, destroy, void,
|
|
private_proposal_t *this)
|
|
{
|
|
array_destroy(this->transforms);
|
|
free(this);
|
|
}
|
|
|
|
/*
|
|
* Described in header
|
|
*/
|
|
proposal_t *proposal_create(protocol_id_t protocol, u_int number)
|
|
{
|
|
private_proposal_t *this;
|
|
|
|
INIT(this,
|
|
.public = {
|
|
.add_algorithm = _add_algorithm,
|
|
.create_enumerator = _create_enumerator,
|
|
.get_algorithm = _get_algorithm,
|
|
.has_dh_group = _has_dh_group,
|
|
.strip_dh = _strip_dh,
|
|
.select = _select_proposal,
|
|
.get_protocol = _get_protocol,
|
|
.set_spi = _set_spi,
|
|
.get_spi = _get_spi,
|
|
.get_number = _get_number,
|
|
.equals = _equals,
|
|
.clone = _clone_,
|
|
.destroy = _destroy,
|
|
},
|
|
.protocol = protocol,
|
|
.number = number,
|
|
.transforms = array_create(sizeof(entry_t), 0),
|
|
);
|
|
|
|
return &this->public;
|
|
}
|
|
|
|
/**
|
|
* Add supported IKE algorithms to proposal
|
|
*/
|
|
static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
|
|
{
|
|
enumerator_t *enumerator;
|
|
encryption_algorithm_t encryption;
|
|
integrity_algorithm_t integrity;
|
|
pseudo_random_function_t prf;
|
|
diffie_hellman_group_t group;
|
|
const char *plugin_name;
|
|
|
|
if (aead)
|
|
{
|
|
/* Round 1 adds algorithms with at least 128 bit security strength */
|
|
enumerator = lib->crypto->create_aead_enumerator(lib->crypto);
|
|
while (enumerator->enumerate(enumerator, &encryption, &plugin_name))
|
|
{
|
|
switch (encryption)
|
|
{
|
|
case ENCR_AES_GCM_ICV16:
|
|
case ENCR_AES_CCM_ICV16:
|
|
case ENCR_CAMELLIA_CCM_ICV16:
|
|
/* we assume that we support all AES/Camellia sizes */
|
|
add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 128);
|
|
add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 192);
|
|
add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 256);
|
|
break;
|
|
case ENCR_CHACHA20_POLY1305:
|
|
add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 256);
|
|
break;
|
|
default:
|
|
break;
|
|
}
|
|
}
|
|
enumerator->destroy(enumerator);
|
|
|
|
/* Round 2 adds algorithms with less than 128 bit security strength */
|
|
enumerator = lib->crypto->create_aead_enumerator(lib->crypto);
|
|
while (enumerator->enumerate(enumerator, &encryption, &plugin_name))
|
|
{
|
|
switch (encryption)
|
|
{
|
|
case ENCR_AES_GCM_ICV12:
|
|
case ENCR_AES_GCM_ICV8:
|
|
case ENCR_AES_CCM_ICV12:
|
|
case ENCR_AES_CCM_ICV8:
|
|
case ENCR_CAMELLIA_CCM_ICV12:
|
|
case ENCR_CAMELLIA_CCM_ICV8:
|
|
/* we assume that we support all AES/Camellia sizes */
|
|
add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 128);
|
|
add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 192);
|
|
add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 256);
|
|
break;
|
|
default:
|
|
break;
|
|
}
|
|
}
|
|
enumerator->destroy(enumerator);
|
|
|
|
if (!array_count(this->transforms))
|
|
{
|
|
return FALSE;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
/* Round 1 adds algorithms with at least 128 bit security strength */
|
|
enumerator = lib->crypto->create_crypter_enumerator(lib->crypto);
|
|
while (enumerator->enumerate(enumerator, &encryption, &plugin_name))
|
|
{
|
|
switch (encryption)
|
|
{
|
|
case ENCR_AES_CBC:
|
|
case ENCR_AES_CTR:
|
|
case ENCR_CAMELLIA_CBC:
|
|
case ENCR_CAMELLIA_CTR:
|
|
/* we assume that we support all AES/Camellia sizes */
|
|
add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 128);
|
|
add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 192);
|
|
add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 256);
|
|
break;
|
|
default:
|
|
break;
|
|
}
|
|
}
|
|
enumerator->destroy(enumerator);
|
|
|
|
/* Round 2 adds algorithms with less than 128 bit security strength */
|
|
enumerator = lib->crypto->create_crypter_enumerator(lib->crypto);
|
|
while (enumerator->enumerate(enumerator, &encryption, &plugin_name))
|
|
{
|
|
switch (encryption)
|
|
{
|
|
case ENCR_3DES:
|
|
add_algorithm(this, ENCRYPTION_ALGORITHM, encryption, 0);
|
|
break;
|
|
case ENCR_DES:
|
|
/* no, thanks */
|
|
break;
|
|
default:
|
|
break;
|
|
}
|
|
}
|
|
enumerator->destroy(enumerator);
|
|
|
|
if (!array_count(this->transforms))
|
|
{
|
|
return FALSE;
|
|
}
|
|
|
|
/* Round 1 adds algorithms with at least 128 bit security strength */
|
|
enumerator = lib->crypto->create_signer_enumerator(lib->crypto);
|
|
while (enumerator->enumerate(enumerator, &integrity, &plugin_name))
|
|
{
|
|
switch (integrity)
|
|
{
|
|
case AUTH_HMAC_SHA2_256_128:
|
|
case AUTH_HMAC_SHA2_384_192:
|
|
case AUTH_HMAC_SHA2_512_256:
|
|
add_algorithm(this, INTEGRITY_ALGORITHM, integrity, 0);
|
|
break;
|
|
default:
|
|
break;
|
|
}
|
|
}
|
|
enumerator->destroy(enumerator);
|
|
|
|
/* Round 2 adds algorithms with less than 128 bit security strength */
|
|
enumerator = lib->crypto->create_signer_enumerator(lib->crypto);
|
|
while (enumerator->enumerate(enumerator, &integrity, &plugin_name))
|
|
{
|
|
switch (integrity)
|
|
{
|
|
case AUTH_AES_XCBC_96:
|
|
case AUTH_AES_CMAC_96:
|
|
case AUTH_HMAC_SHA1_96:
|
|
case AUTH_HMAC_MD5_96:
|
|
add_algorithm(this, INTEGRITY_ALGORITHM, integrity, 0);
|
|
break;
|
|
default:
|
|
break;
|
|
}
|
|
}
|
|
enumerator->destroy(enumerator);
|
|
}
|
|
|
|
/* Round 1 adds algorithms with at least 128 bit security strength */
|
|
enumerator = lib->crypto->create_prf_enumerator(lib->crypto);
|
|
while (enumerator->enumerate(enumerator, &prf, &plugin_name))
|
|
{
|
|
switch (prf)
|
|
{
|
|
case PRF_HMAC_SHA2_256:
|
|
case PRF_HMAC_SHA2_384:
|
|
case PRF_HMAC_SHA2_512:
|
|
case PRF_AES128_XCBC:
|
|
case PRF_AES128_CMAC:
|
|
add_algorithm(this, PSEUDO_RANDOM_FUNCTION, prf, 0);
|
|
break;
|
|
default:
|
|
break;
|
|
}
|
|
}
|
|
enumerator->destroy(enumerator);
|
|
|
|
/* Round 2 adds algorithms with less than 128 bit security strength */
|
|
enumerator = lib->crypto->create_prf_enumerator(lib->crypto);
|
|
while (enumerator->enumerate(enumerator, &prf, &plugin_name))
|
|
{
|
|
switch (prf)
|
|
{
|
|
case PRF_HMAC_SHA1:
|
|
case PRF_HMAC_MD5:
|
|
add_algorithm(this, PSEUDO_RANDOM_FUNCTION, prf, 0);
|
|
break;
|
|
default:
|
|
break;
|
|
}
|
|
}
|
|
enumerator->destroy(enumerator);
|
|
|
|
/* Round 1 adds ECC and NTRU algorithms with at least 128 bit security strength */
|
|
enumerator = lib->crypto->create_dh_enumerator(lib->crypto);
|
|
while (enumerator->enumerate(enumerator, &group, &plugin_name))
|
|
{
|
|
switch (group)
|
|
{
|
|
case ECP_256_BIT:
|
|
case ECP_384_BIT:
|
|
case ECP_521_BIT:
|
|
case ECP_256_BP:
|
|
case ECP_384_BP:
|
|
case ECP_512_BP:
|
|
case CURVE_25519:
|
|
case CURVE_448:
|
|
case NTRU_128_BIT:
|
|
case NTRU_192_BIT:
|
|
case NTRU_256_BIT:
|
|
case NH_128_BIT:
|
|
add_algorithm(this, DIFFIE_HELLMAN_GROUP, group, 0);
|
|
break;
|
|
default:
|
|
break;
|
|
}
|
|
}
|
|
enumerator->destroy(enumerator);
|
|
|
|
/* Round 2 adds other algorithms with at least 128 bit security strength */
|
|
enumerator = lib->crypto->create_dh_enumerator(lib->crypto);
|
|
while (enumerator->enumerate(enumerator, &group, &plugin_name))
|
|
{
|
|
switch (group)
|
|
{
|
|
case MODP_3072_BIT:
|
|
case MODP_4096_BIT:
|
|
case MODP_8192_BIT:
|
|
add_algorithm(this, DIFFIE_HELLMAN_GROUP, group, 0);
|
|
break;
|
|
default:
|
|
break;
|
|
}
|
|
}
|
|
enumerator->destroy(enumerator);
|
|
|
|
/* Round 3 adds algorithms with less than 128 bit security strength */
|
|
enumerator = lib->crypto->create_dh_enumerator(lib->crypto);
|
|
while (enumerator->enumerate(enumerator, &group, &plugin_name))
|
|
{
|
|
switch (group)
|
|
{
|
|
case MODP_NULL:
|
|
/* only for testing purposes */
|
|
break;
|
|
case MODP_768_BIT:
|
|
/* weak */
|
|
break;
|
|
case MODP_1024_160:
|
|
case MODP_2048_224:
|
|
case MODP_2048_256:
|
|
/* RFC 5114 primes are of questionable source */
|
|
break;
|
|
case MODP_1536_BIT:
|
|
case ECP_224_BIT:
|
|
case ECP_224_BP:
|
|
case ECP_192_BIT:
|
|
case NTRU_112_BIT:
|
|
/* rarely used */
|
|
break;
|
|
case MODP_2048_BIT:
|
|
case MODP_1024_BIT:
|
|
add_algorithm(this, DIFFIE_HELLMAN_GROUP, group, 0);
|
|
break;
|
|
default:
|
|
break;
|
|
}
|
|
}
|
|
enumerator->destroy(enumerator);
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
/*
|
|
* Described in header
|
|
*/
|
|
proposal_t *proposal_create_default(protocol_id_t protocol)
|
|
{
|
|
private_proposal_t *this = (private_proposal_t*)proposal_create(protocol, 0);
|
|
|
|
switch (protocol)
|
|
{
|
|
case PROTO_IKE:
|
|
if (!proposal_add_supported_ike(this, FALSE))
|
|
{
|
|
destroy(this);
|
|
return NULL;
|
|
}
|
|
break;
|
|
case PROTO_ESP:
|
|
add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128);
|
|
add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192);
|
|
add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256);
|
|
add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_3DES, 0);
|
|
add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256);
|
|
add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0);
|
|
add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0);
|
|
add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0);
|
|
add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
|
|
add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0);
|
|
add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0);
|
|
add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
|
|
break;
|
|
case PROTO_AH:
|
|
add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0);
|
|
add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0);
|
|
add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0);
|
|
add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
|
|
add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0);
|
|
add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0);
|
|
add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
|
|
break;
|
|
default:
|
|
break;
|
|
}
|
|
return &this->public;
|
|
}
|
|
|
|
/*
|
|
* Described in header
|
|
*/
|
|
proposal_t *proposal_create_default_aead(protocol_id_t protocol)
|
|
{
|
|
private_proposal_t *this;
|
|
|
|
switch (protocol)
|
|
{
|
|
case PROTO_IKE:
|
|
this = (private_proposal_t*)proposal_create(protocol, 0);
|
|
if (!proposal_add_supported_ike(this, TRUE))
|
|
{
|
|
destroy(this);
|
|
return NULL;
|
|
}
|
|
return &this->public;
|
|
case PROTO_ESP:
|
|
/* we currently don't include any AEAD proposal for ESP, as we
|
|
* don't know if our kernel backend actually supports it. */
|
|
return NULL;
|
|
case PROTO_AH:
|
|
default:
|
|
return NULL;
|
|
}
|
|
}
|
|
|
|
/*
|
|
* Described in header
|
|
*/
|
|
proposal_t *proposal_create_from_string(protocol_id_t protocol, const char *algs)
|
|
{
|
|
private_proposal_t *this;
|
|
enumerator_t *enumerator;
|
|
bool failed = TRUE;
|
|
char *alg;
|
|
|
|
this = (private_proposal_t*)proposal_create(protocol, 0);
|
|
|
|
/* get all tokens, separated by '-' */
|
|
enumerator = enumerator_create_token(algs, "-", " ");
|
|
while (enumerator->enumerate(enumerator, &alg))
|
|
{
|
|
if (!add_string_algo(this, alg))
|
|
{
|
|
failed = TRUE;
|
|
break;
|
|
}
|
|
failed = FALSE;
|
|
}
|
|
enumerator->destroy(enumerator);
|
|
|
|
if (failed || !check_proposal(this))
|
|
{
|
|
destroy(this);
|
|
return NULL;
|
|
}
|
|
|
|
return &this->public;
|
|
}
|