diff options
| -rw-r--r-- | src/pluto/alg/ike_alg_blowfish.c | 76 | ||||
| -rw-r--r-- | src/pluto/alg/ike_alg_serpent.c | 9 | ||||
| -rw-r--r-- | src/pluto/alg/ike_alg_twofish.c | 7 | ||||
| -rw-r--r-- | src/pluto/crypto.c | 53 | ||||
| -rw-r--r-- | src/pluto/crypto.h | 5 | ||||
| -rw-r--r-- | src/pluto/ike_alg.c | 160 | ||||
| -rw-r--r-- | src/pluto/ike_alg.h | 12 |
7 files changed, 246 insertions, 76 deletions
diff --git a/src/pluto/alg/ike_alg_blowfish.c b/src/pluto/alg/ike_alg_blowfish.c index 2bbef051b..3172cd817 100644 --- a/src/pluto/alg/ike_alg_blowfish.c +++ b/src/pluto/alg/ike_alg_blowfish.c @@ -16,6 +16,81 @@ #define BLOWFISH_KEY_MAX_LEN 448 +/** + * Blowfish CBC encryption test vectors + */ + +/** + * Test vector by Eric Young + */ + +static const u_char bf_test0_key[] = { + 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, + 0xF0, 0xE1, 0xD2, 0xC3, 0xB4, 0xA5, 0x96, 0x87 +}; + +static const u_char bf_test0_iv[] = { + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10 +}; + +static const u_char bf_test0_plain[] = { + /* "7654321 Now is the time for " */ + 0x37, 0x36, 0x35, 0x34, 0x33, 0x32, 0x31, 0x20, + 0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74, + 0x68, 0x65, 0x20, 0x74, 0x69, 0x6D, 0x65, 0x20, + 0x66, 0x6F, 0x72, 0x20, 0x00, 0x00, 0x00, 0x00 +}; + +static const u_char bf_test0_cipher[] = { + 0x6B, 0x77, 0xB4, 0xD6, 0x30, 0x06, 0xDE, 0xE6, + 0x05, 0xB1, 0x56, 0xE2, 0x74, 0x03, 0x97, 0x93, + 0x58, 0xDE, 0xB9, 0xE7, 0x15, 0x46, 0x16, 0xD9, + 0x59, 0xF1, 0x65, 0x2B, 0xD5, 0xFF, 0x92, 0xCC +}; + +/** + * Test vector by Chilkat Software + * (www.chilkatsoft.com/p/php_blowfish.asp) + */ + +static const u_char bf_test1_key[] = { + 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, + 0x39, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, + 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, + 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50 +}; + +static const u_char bf_test1_iv[] = { + 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38 +}; + +static const u_char bf_test1_plain[] = { + /* "The quick brown fox jumped over the lazy dog" */ + 0x54, 0x68, 0x65, 0x20, 0x71, 0x75, 0x69, 0x63, + 0x6b, 0x20, 0x62, 0x72, 0x6f, 0x77, 0x6e, 0x20, + 0x66, 0x6f, 0x78, 0x20, 0x6a, 0x75, 0x6d, 0x70, + 0x65, 0x64, 0x20, 0x6f, 0x76, 0x65, 0x72, 0x20, + 0x74, 0x68, 0x65, 0x20, 0x6c, 0x61, 0x7a, 0x79, + 0x20, 0x64, 0x6f, 0x67, 0x00, 0x00, 0x00, 0x00 +}; + +static const u_char bf_test1_cipher[] = { + 0x27, 0x68, 0x55, 0xca, 0x6c, 0x0d, 0x60, 0xf7, + 0xd9, 0x70, 0x82, 0x10, 0x44, 0x0c, 0x10, 0x72, + 0xe0, 0x5d, 0x07, 0x8e, 0x73, 0x3b, 0x34, 0xb4, + 0x19, 0x8d, 0x60, 0x9d, 0xc2, 0xfc, 0xc2, 0xf0, + 0xc3, 0x09, 0x26, 0xcd, 0xef, 0x3b, 0x6d, 0x52, + 0xba, 0xf6, 0xe3, 0x45, 0xaa, 0x03, 0xf8, 0x3e +}; + +static const enc_testvector_t bf_enc_testvectors[] = { + { sizeof(bf_test0_key), bf_test0_key, bf_test0_iv, + sizeof(bf_test0_plain), bf_test0_plain, bf_test0_cipher }, + { sizeof(bf_test1_key), bf_test1_key, bf_test1_iv, + sizeof(bf_test1_plain), bf_test1_plain, bf_test1_cipher }, + { 0, NULL, NULL, 0, NULL, NULL } +}; + static void do_blowfish(u_int8_t *buf, size_t buf_len, u_int8_t *key, size_t key_size, u_int8_t *iv, bool enc) { @@ -36,6 +111,7 @@ struct encrypt_desc algo_blowfish = keydeflen: BLOWFISH_KEY_MIN_LEN, keymaxlen: BLOWFISH_KEY_MAX_LEN, do_crypt: do_blowfish, + enc_testvectors: bf_enc_testvectors, }; int ike_alg_blowfish_init(void); diff --git a/src/pluto/alg/ike_alg_serpent.c b/src/pluto/alg/ike_alg_serpent.c index fb01caa41..c7b6cfe68 100644 --- a/src/pluto/alg/ike_alg_serpent.c +++ b/src/pluto/alg/ike_alg_serpent.c @@ -50,10 +50,11 @@ struct encrypt_desc encrypt_desc_serpent = algo_next: NULL, enc_ctxsize: sizeof(struct serpent_context), enc_blocksize: SERPENT_CBC_BLOCK_SIZE, - keyminlen: SERPENT_KEY_MIN_LEN, - keydeflen: SERPENT_KEY_DEF_LEN, - keymaxlen: SERPENT_KEY_MAX_LEN, - do_crypt: do_serpent, + keyminlen: SERPENT_KEY_MIN_LEN, + keydeflen: SERPENT_KEY_DEF_LEN, + keymaxlen: SERPENT_KEY_MAX_LEN, + do_crypt: do_serpent, + enc_testvectors: NULL }; int ike_alg_serpent_init(void); diff --git a/src/pluto/alg/ike_alg_twofish.c b/src/pluto/alg/ike_alg_twofish.c index 1788bc394..9d40e3e50 100644 --- a/src/pluto/alg/ike_alg_twofish.c +++ b/src/pluto/alg/ike_alg_twofish.c @@ -48,11 +48,12 @@ struct encrypt_desc encrypt_desc_twofish = algo_id: OAKLEY_TWOFISH_CBC, algo_next: NULL, enc_ctxsize: sizeof(twofish_context), - enc_blocksize: TWOFISH_CBC_BLOCK_SIZE, - keydeflen: TWOFISH_KEY_MIN_LEN, - keyminlen: TWOFISH_KEY_DEF_LEN, + enc_blocksize: TWOFISH_CBC_BLOCK_SIZE, + keydeflen: TWOFISH_KEY_MIN_LEN, + keyminlen: TWOFISH_KEY_DEF_LEN, keymaxlen: TWOFISH_KEY_MAX_LEN, do_crypt: do_twofish, + enc_testvectors: NULL }; struct encrypt_desc encrypt_desc_twofish_ssh = diff --git a/src/pluto/crypto.c b/src/pluto/crypto.c index 579e257f2..52cf0ce7f 100644 --- a/src/pluto/crypto.c +++ b/src/pluto/crypto.c @@ -61,6 +61,7 @@ static struct encrypt_desc crypto_encryptor_3des = keyminlen: DES_CBC_BLOCK_SIZE * 3 * BITS_PER_BYTE, keymaxlen: DES_CBC_BLOCK_SIZE * 3 * BITS_PER_BYTE, do_crypt: do_3des, + enc_testvectors: NULL }; /* MD5 hash test vectors @@ -297,12 +298,12 @@ static const hmac_testvector_t md5_hmac_testvectors[] = { static struct hash_desc crypto_hasher_md5 = { - algo_type: IKE_ALG_HASH, - algo_id: OAKLEY_MD5, - algo_next: NULL, - hash_digest_size: HASH_SIZE_MD5, - hash_testvectors: md5_hash_testvectors, - hmac_testvectors: md5_hmac_testvectors, + algo_type: IKE_ALG_HASH, + algo_id: OAKLEY_MD5, + algo_next: NULL, + hash_digest_size: HASH_SIZE_MD5, + hash_testvectors: md5_hash_testvectors, + hmac_testvectors: md5_hmac_testvectors, }; /* SHA-1 test vectors @@ -433,12 +434,12 @@ static const hmac_testvector_t sha1_hmac_testvectors[] = { static struct hash_desc crypto_hasher_sha1 = { - algo_type: IKE_ALG_HASH, - algo_id: OAKLEY_SHA, - algo_next: NULL, - hash_digest_size: HASH_SIZE_SHA1, - hash_testvectors: sha1_hash_testvectors, - hmac_testvectors: sha1_hmac_testvectors + algo_type: IKE_ALG_HASH, + algo_id: OAKLEY_SHA, + algo_next: NULL, + hash_digest_size: HASH_SIZE_SHA1, + hash_testvectors: sha1_hash_testvectors, + hmac_testvectors: sha1_hmac_testvectors }; void init_crypto(void) @@ -557,6 +558,34 @@ void crypto_cbc_encrypt(const struct encrypt_desc *e, bool enc, u_int8_t *buf, */ } +encryption_algorithm_t oakley_to_encryption_algorithm(int alg) +{ + switch (alg) + { + case OAKLEY_DES_CBC: + return ENCR_DES; + case OAKLEY_IDEA_CBC: + return ENCR_IDEA; + case OAKLEY_BLOWFISH_CBC: + return ENCR_BLOWFISH; + case OAKLEY_RC5_R16_B64_CBC: + return ENCR_RC5; + case OAKLEY_3DES_CBC: + return ENCR_3DES; + case OAKLEY_CAST_CBC: + return ENCR_CAST; + case OAKLEY_AES_CBC: + return ENCR_AES_CBC; + case OAKLEY_SERPENT_CBC: + return ENCR_SERPENT_CBC; + case OAKLEY_TWOFISH_CBC: + case OAKLEY_TWOFISH_CBC_SSH: + return ENCR_TWOFISH_CBC; + default: + return ENCR_UNDEFINED; + } +} + hash_algorithm_t oakley_to_hash_algorithm(int alg) { switch (alg) diff --git a/src/pluto/crypto.h b/src/pluto/crypto.h index 4fc9b2356..c07f695da 100644 --- a/src/pluto/crypto.h +++ b/src/pluto/crypto.h @@ -12,8 +12,7 @@ * for more details. */ -#include <gmp.h> /* GNU MP library */ - +#include <crypto/hashers/hasher.h> #include <crypto/hashers/hasher.h> #include <crypto/prfs/prf.h> @@ -60,7 +59,7 @@ void crypto_cbc_encrypt(const struct encrypt_desc *e, bool enc, u_int8_t *buf, s /* unification of cryptographic hashing mechanisms */ - +extern encryption_algorithm_t oakley_to_encryption_algorithm(int alg); extern hash_algorithm_t oakley_to_hash_algorithm(int alg); extern pseudo_random_function_t oakley_to_prf(int alg); diff --git a/src/pluto/ike_alg.c b/src/pluto/ike_alg.c index e0c8c97be..5e4a431ec 100644 --- a/src/pluto/ike_alg.c +++ b/src/pluto/ike_alg.c @@ -22,7 +22,9 @@ #include <ipsec_policy.h> #include <library.h> +#include <debug.h> #include <crypto/hashers/hasher.h> +#include <crypto/crypters/crypter.h> #include <crypto/prfs/prf.h> #include "constants.h" @@ -42,7 +44,7 @@ #define return_on(var, val) do { var=val;goto return_out; } while(0); -/* +/** * IKE algorithm list handling - registration and lookup */ @@ -50,11 +52,11 @@ static struct ike_alg *ike_alg_base[IKE_ALG_MAX+1] = {NULL, NULL}; -/* - * return ike_algo object by {type, id} +/** + * Return ike_algo object by {type, id} */ -static struct ike_alg * -ike_alg_find(u_int algo_type, u_int algo_id, u_int keysize __attribute__((unused))) +static struct ike_alg *ike_alg_find(u_int algo_type, u_int algo_id, + u_int keysize __attribute__((unused))) { struct ike_alg *e = ike_alg_base[algo_type]; @@ -65,11 +67,10 @@ ike_alg_find(u_int algo_type, u_int algo_id, u_int keysize __attribute__((unused return (e != NULL && e->algo_id == algo_id) ? e : NULL; } -/* +/** * "raw" ike_alg list adding function */ -int -ike_alg_add(struct ike_alg* a) +int ike_alg_add(struct ike_alg* a) { if (a->algo_type > IKE_ALG_MAX) { @@ -98,45 +99,42 @@ ike_alg_add(struct ike_alg* a) } } -/* - * get IKE hash algorithm +/** + * Get IKE hash algorithm */ struct hash_desc *ike_alg_get_hasher(u_int alg) { return (struct hash_desc *) ike_alg_find(IKE_ALG_HASH, alg, 0); } -/* - * get IKE encryption algorithm +/** + * Get IKE encryption algorithm */ struct encrypt_desc *ike_alg_get_encrypter(u_int alg) { return (struct encrypt_desc *) ike_alg_find(IKE_ALG_ENCRYPT, alg, 0); } -/* - * check if IKE hash algorithm is present +/** + * Check if IKE hash algorithm is present */ -bool -ike_alg_hash_present(u_int halg) +bool ike_alg_hash_present(u_int halg) { return ike_alg_get_hasher(halg) != NULL; } -/* +/** * check if IKE encryption algorithm is present */ -bool -ike_alg_enc_present(u_int ealg) +bool ike_alg_enc_present(u_int ealg) { return ike_alg_get_encrypter(ealg) != NULL; } -/* +/** * Validate and register IKE hash algorithm object */ -int -ike_alg_register_hash(struct hash_desc *hash_desc) +int ike_alg_register_hash(struct hash_desc *hash_desc) { const char *alg_name = NULL; int ret = 0; @@ -166,11 +164,10 @@ return_out: return ret; } -/* +/** * Validate and register IKE encryption algorithm object */ -int -ike_alg_register_enc(struct encrypt_desc *enc_desc) +int ike_alg_register_enc(struct encrypt_desc *enc_desc) { int ret = ike_alg_add((struct ike_alg *)enc_desc); @@ -192,11 +189,10 @@ ike_alg_register_enc(struct encrypt_desc *enc_desc) return ret; } -/* +/** * Get pfsgroup for this connection */ -const struct oakley_group_desc * -ike_alg_pfsgroup(struct connection *c, lset_t policy) +const struct oakley_group_desc *ike_alg_pfsgroup(struct connection *c, lset_t policy) { const struct oakley_group_desc * ret = NULL; @@ -207,11 +203,10 @@ ike_alg_pfsgroup(struct connection *c, lset_t policy) return ret; } -/* +/** * Create an OAKLEY proposal based on alg_info and policy */ -struct db_context * -ike_alg_db_new(struct alg_info_ike *ai , lset_t policy) +struct db_context *ike_alg_db_new(struct alg_info_ike *ai , lset_t policy) { struct db_context *db_ctx = NULL; struct ike_info *ike_info; @@ -318,11 +313,10 @@ fail: return db_ctx; } -/* +/** * Show registered IKE algorithms */ -void -ike_alg_list(void) +void ike_alg_list(void) { u_int i; struct ike_alg *a; @@ -374,14 +368,13 @@ ike_alg_list(void) } } -/* Show IKE algorithms for - * - this connection (result from ike= string) - * - newest SA +/** + * Show IKE algorithms for this connection (result from ike= string) + * and newest SA */ -void -ike_alg_show_connection(struct connection *c, const char *instance) +void ike_alg_show_connection(struct connection *c, const char *instance) { - char buf[256]; + char buf[BUF_LEN]; struct state *st; if (c->alg_info_ike) @@ -420,11 +413,72 @@ ike_alg_show_connection(struct connection *c, const char *instance) ); } -/* +/** + * Apply a suite of testvectors to an encryption algorithm + */ +static bool ike_encrypt_test(const struct encrypt_desc *desc) +{ + bool encrypt_results = TRUE; + + if (desc->enc_testvectors == NULL) + { + plog(" %s encryption self-test not available", + enum_name(&oakley_enc_names, desc->algo_id)); + } + else + { + int i; + encryption_algorithm_t enc_alg; + + enc_alg = oakley_to_encryption_algorithm(desc->algo_id); + + for (i = 0; desc->enc_testvectors[i].key != NULL; i++) + { + bool result; + crypter_t *crypter; + chunk_t key = { (u_char*)desc->enc_testvectors[i].key, + desc->enc_testvectors[i].key_size }; + chunk_t plain = { (u_char*)desc->enc_testvectors[i].plain, + desc->enc_testvectors[i].data_size}; + chunk_t cipher = { (u_char*)desc->enc_testvectors[i].cipher, + desc->enc_testvectors[i].data_size}; + chunk_t encrypted = chunk_empty; + chunk_t decrypted = chunk_empty; + chunk_t iv; + + crypter = lib->crypto->create_crypter(lib->crypto, enc_alg, key.len); + if (crypter == NULL) + { + plog(" %s encryption function not available", + enum_name(&oakley_enc_names, desc->algo_id)); + return FALSE; + } + iv = chunk_create((u_char*)desc->enc_testvectors[i].iv, + crypter->get_block_size(crypter)); + crypter->set_key(crypter, key); + crypter->decrypt(crypter, cipher, iv, &decrypted); + result = chunk_equals(decrypted, plain); + crypter->encrypt(crypter, plain, iv, &encrypted); + result &= chunk_equals(encrypted, cipher); + DBG(DBG_CRYPT, + DBG_log(" enc testvector %d: %s", i, result ? "ok":"failed") + ) + encrypt_results &= result; + crypter->destroy(crypter); + free(encrypted.ptr); + free(decrypted.ptr); + } + plog(" %s encryption self-test %s", + enum_name(&oakley_enc_names, desc->algo_id), + encrypt_results ? "passed":"failed"); + } + return encrypt_results; +} + +/** * Apply a suite of testvectors to a hash algorithm */ -static bool -ike_hash_test(const struct hash_desc *desc) +static bool ike_hash_test(const struct hash_desc *desc) { bool hash_results = TRUE; bool hmac_results = TRUE; @@ -513,23 +567,22 @@ ike_hash_test(const struct hash_desc *desc) return hash_results && hmac_results; } -/* +/** * Apply test vectors to registered encryption and hash algorithms */ -bool -ike_alg_test(void) +bool ike_alg_test(void) { bool all_results = TRUE; struct ike_alg *a; - + plog("Testing registered IKE encryption algorithms:"); for (a = ike_alg_base[IKE_ALG_ENCRYPT]; a != NULL; a = a->algo_next) { - plog(" %s self-test not available", enum_name(&oakley_enc_names, a->algo_id)); - } + struct encrypt_desc *desc = (struct encrypt_desc*)a; - plog("Testing registered IKE hash algorithms:"); + all_results &= ike_encrypt_test(desc); + } for (a = ike_alg_base[IKE_ALG_HASH]; a != NULL; a = a->algo_next) { @@ -545,12 +598,11 @@ ike_alg_test(void) return all_results; } -/* +/** * ML: make F_STRICT logic consider enc,hash/auth,modp algorithms */ -bool -ike_alg_ok_final(u_int ealg, u_int key_len, u_int aalg, u_int group -, struct alg_info_ike *alg_info_ike) +bool ike_alg_ok_final(u_int ealg, u_int key_len, u_int aalg, u_int group, + struct alg_info_ike *alg_info_ike) { /* * simple test to discard low key_len, will accept it only diff --git a/src/pluto/ike_alg.h b/src/pluto/ike_alg.h index 3bf93b9f6..4bc1f90d4 100644 --- a/src/pluto/ike_alg.h +++ b/src/pluto/ike_alg.h @@ -23,6 +23,17 @@ struct ike_alg { struct ike_alg *algo_next; }; +typedef struct enc_testvector enc_testvector_t; + +struct enc_testvector { + const size_t key_size; + const u_char *key; + const u_char *iv; + const size_t data_size; + const u_char *plain; + const u_char *cipher; +}; + struct encrypt_desc { u_int16_t algo_type; u_int16_t algo_id; @@ -34,6 +45,7 @@ struct encrypt_desc { u_int keymaxlen; u_int keyminlen; void (*do_crypt)(u_int8_t *dat, size_t datasize, u_int8_t *key, size_t key_size, u_int8_t *iv, bool enc); + const enc_testvector_t *enc_testvectors; }; typedef struct hash_testvector hash_testvector_t; |