diff options
28 files changed, 1455 insertions, 100 deletions
diff --git a/src/charon/Makefile.am b/src/charon/Makefile.am index 65d70a21a..7ddd117c3 100644 --- a/src/charon/Makefile.am +++ b/src/charon/Makefile.am @@ -64,7 +64,7 @@ sa/authenticators/eap_authenticator.c sa/authenticators/eap_authenticator.h \ sa/authenticators/eap/eap_method.c sa/authenticators/eap/eap_method.h \ sa/authenticators/eap/eap_manager.c sa/authenticators/eap/eap_manager.h \ sa/authenticators/psk_authenticator.c sa/authenticators/psk_authenticator.h \ -sa/authenticators/rsa_authenticator.c sa/authenticators/rsa_authenticator.h \ +sa/authenticators/pubkey_authenticator.c sa/authenticators/pubkey_authenticator.h \ sa/child_sa.c sa/child_sa.h \ sa/ike_sa.c sa/ike_sa.h \ sa/ike_sa_id.c sa/ike_sa_id.h \ diff --git a/src/charon/config/peer_cfg.c b/src/charon/config/peer_cfg.c index c290c7919..b8fe59b2f 100644 --- a/src/charon/config/peer_cfg.c +++ b/src/charon/config/peer_cfg.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2007 Tobias Brunner + * Copyright (C) 2007-2008 Tobias Brunner * Copyright (C) 2005-2007 Martin Willi * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil @@ -28,7 +28,19 @@ ENUM(cert_policy_names, CERT_ALWAYS_SEND, CERT_NEVER_SEND, "CERT_ALWAYS_SEND", "CERT_SEND_IF_ASKED", - "CERT_NEVER_SEND" + "CERT_NEVER_SEND", +); + +ENUM(unique_policy_names, UNIQUE_NO, UNIQUE_KEEP, + "UNIQUE_NO", + "UNIQUE_REPLACE", + "UNIQUE_KEEP", +); + +ENUM(config_auth_method_names, CONF_AUTH_PUBKEY, CONF_AUTH_EAP, + "CONF_AUTH_PUBKEY", + "CONF_AUTH_PSK", + "CONF_AUTH_EAP", ); typedef struct private_peer_cfg_t private_peer_cfg_t; @@ -96,7 +108,7 @@ struct private_peer_cfg_t { /** * Method to use for own authentication data */ - auth_method_t auth_method; + config_auth_method_t auth_method; /** * EAP type to use for peer authentication @@ -307,15 +319,15 @@ static unique_policy_t get_unique_policy(private_peer_cfg_t *this) } /** - * Implementation of connection_t.auth_method_t. + * Implementation of peer_cfg_t.get_auth_method. */ -static auth_method_t get_auth_method(private_peer_cfg_t *this) +static config_auth_method_t get_auth_method(private_peer_cfg_t *this) { return this->auth_method; } /** - * Implementation of connection_t.get_eap_type. + * Implementation of peer_cfg_t.get_eap_type. */ static eap_type_t get_eap_type(private_peer_cfg_t *this, u_int32_t *vendor) { @@ -324,7 +336,7 @@ static eap_type_t get_eap_type(private_peer_cfg_t *this, u_int32_t *vendor) } /** - * Implementation of connection_t.get_keyingtries. + * Implementation of peer_cfg_t.get_keyingtries. */ static u_int32_t get_keyingtries(private_peer_cfg_t *this) { @@ -521,7 +533,7 @@ static void destroy(private_peer_cfg_t *this) peer_cfg_t *peer_cfg_create(char *name, u_int ike_version, ike_cfg_t *ike_cfg, identification_t *my_id, identification_t *other_id, cert_policy_t cert_policy, unique_policy_t unique, - auth_method_t auth_method, eap_type_t eap_type, + config_auth_method_t auth_method, eap_type_t eap_type, u_int32_t eap_vendor, u_int32_t keyingtries, u_int32_t rekey_time, u_int32_t reauth_time, u_int32_t jitter_time, @@ -544,7 +556,7 @@ peer_cfg_t *peer_cfg_create(char *name, u_int ike_version, ike_cfg_t *ike_cfg, this->public.get_other_id = (identification_t* (*)(peer_cfg_t *))get_other_id; this->public.get_cert_policy = (cert_policy_t (*) (peer_cfg_t *))get_cert_policy; this->public.get_unique_policy = (unique_policy_t (*) (peer_cfg_t *))get_unique_policy; - this->public.get_auth_method = (auth_method_t (*) (peer_cfg_t *))get_auth_method; + this->public.get_auth_method = (config_auth_method_t (*) (peer_cfg_t *))get_auth_method; this->public.get_eap_type = (eap_type_t (*) (peer_cfg_t *,u_int32_t*))get_eap_type; this->public.get_keyingtries = (u_int32_t (*) (peer_cfg_t *))get_keyingtries; this->public.get_rekey_time = (u_int32_t(*)(peer_cfg_t*))get_rekey_time; diff --git a/src/charon/config/peer_cfg.h b/src/charon/config/peer_cfg.h index 795ca1272..d682534ba 100644 --- a/src/charon/config/peer_cfg.h +++ b/src/charon/config/peer_cfg.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2007 Tobias Brunner + * Copyright (C) 2007-2008 Tobias Brunner * Copyright (C) 2005-2007 Martin Willi * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil @@ -27,6 +27,7 @@ typedef enum cert_policy_t cert_policy_t; typedef enum unique_policy_t unique_policy_t; +typedef enum config_auth_method_t config_auth_method_t; typedef struct peer_cfg_t peer_cfg_t; #include <library.h> @@ -81,6 +82,23 @@ enum unique_policy_t { extern enum_name_t *unique_policy_names; /** + * Authentication method for this IKE_SA. + */ +enum config_auth_method_t { + /** authentication using public keys (RSA, ECDSA) */ + CONF_AUTH_PUBKEY = 0, + /** authentication using a pre-shared secret */ + CONF_AUTH_PSK, + /** authentication using EAP */ + CONF_AUTH_EAP, +}; + +/** + * enum strings for config_auth_method_t + */ +extern enum_name_t *config_auth_method_names; + +/** * Configuration of a peer, specified by IDs. * * The peer config defines a connection between two given IDs. It contains @@ -208,7 +226,7 @@ struct peer_cfg_t { * * @return authentication method */ - auth_method_t (*get_auth_method) (peer_cfg_t *this); + config_auth_method_t (*get_auth_method) (peer_cfg_t *this); /** * Get the EAP type to use for peer authentication. @@ -375,7 +393,7 @@ struct peer_cfg_t { peer_cfg_t *peer_cfg_create(char *name, u_int ikev_version, ike_cfg_t *ike_cfg, identification_t *my_id, identification_t *other_id, cert_policy_t cert_policy, unique_policy_t unique, - auth_method_t auth_method, eap_type_t eap_type, + config_auth_method_t auth_method, eap_type_t eap_type, u_int32_t eap_vendor, u_int32_t keyingtries, u_int32_t rekey_time, u_int32_t reauth_time, u_int32_t jitter_time, diff --git a/src/charon/encoding/payloads/auth_payload.c b/src/charon/encoding/payloads/auth_payload.c index 5df9e9023..79a2eed33 100644 --- a/src/charon/encoding/payloads/auth_payload.c +++ b/src/charon/encoding/payloads/auth_payload.c @@ -111,7 +111,8 @@ encoding_rule_t auth_payload_encodings[] = { static status_t verify(private_auth_payload_t *this) { if (this->auth_method == 0 || - (this->auth_method >= 4 && this->auth_method <= 200)) + (this->auth_method >= 4 && this->auth_method <= 8) || + (this->auth_method >= 12 && this->auth_method <= 200)) { /* reserved IDs */ return FAILED; diff --git a/src/charon/plugins/medcli/medcli_config.c b/src/charon/plugins/medcli/medcli_config.c index 8a56bfefe..1bf02e43e 100644 --- a/src/charon/plugins/medcli/medcli_config.c +++ b/src/charon/plugins/medcli/medcli_config.c @@ -120,7 +120,7 @@ static peer_cfg_t *get_peer_cfg_by_name(private_medcli_config_t *this, char *nam "mediation", 2, ike_cfg, identification_create_from_encoding(ID_KEY_ID, me), identification_create_from_encoding(ID_KEY_ID, other), - CERT_NEVER_SEND, UNIQUE_REPLACE, AUTH_RSA, + CERT_NEVER_SEND, UNIQUE_REPLACE, CONF_AUTH_PUBKEY, 0, 0, /* EAP method, vendor */ 1, this->rekey*60, 0, /* keytries, rekey, reauth */ this->rekey*5, this->rekey*3, /* jitter, overtime */ @@ -149,7 +149,7 @@ static peer_cfg_t *get_peer_cfg_by_name(private_medcli_config_t *this, char *nam name, 2, this->ike->get_ref(this->ike), identification_create_from_encoding(ID_KEY_ID, me), identification_create_from_encoding(ID_KEY_ID, other), - CERT_NEVER_SEND, UNIQUE_REPLACE, AUTH_RSA, + CERT_NEVER_SEND, UNIQUE_REPLACE, CONF_AUTH_PUBKEY, 0, 0, /* EAP method, vendor */ 1, this->rekey*60, 0, /* keytries, rekey, reauth */ this->rekey*5, this->rekey*3, /* jitter, overtime */ diff --git a/src/charon/plugins/medsrv/medsrv_config.c b/src/charon/plugins/medsrv/medsrv_config.c index 04cb56930..ff11939d1 100644 --- a/src/charon/plugins/medsrv/medsrv_config.c +++ b/src/charon/plugins/medsrv/medsrv_config.c @@ -99,7 +99,7 @@ static enumerator_t* create_peer_cfg_enumerator(private_medsrv_config_t *this, peer_cfg = peer_cfg_create( name, 2, this->ike->get_ref(this->ike), me->clone(me), other->clone(other), - CERT_NEVER_SEND, UNIQUE_REPLACE, AUTH_RSA, + CERT_NEVER_SEND, UNIQUE_REPLACE, CONF_AUTH_RSA, 0, 0, /* EAP method, vendor */ 1, this->rekey*60, 0, /* keytries, rekey, reauth */ this->rekey*5, this->rekey*3, /* jitter, overtime */ diff --git a/src/charon/plugins/stroke/stroke_cred.c b/src/charon/plugins/stroke/stroke_cred.c index 819b3f024..368aea1cc 100644 --- a/src/charon/plugins/stroke/stroke_cred.c +++ b/src/charon/plugins/stroke/stroke_cred.c @@ -135,10 +135,6 @@ static enumerator_t* create_private_enumerator(private_stroke_cred_t *this, { id_data_t *data; - if (type != KEY_RSA && type != KEY_ANY) - { /* we only have RSA keys */ - return NULL; - } data = malloc_thing(id_data_t); data->this = this; data->id = id; @@ -253,10 +249,6 @@ static enumerator_t* create_cert_enumerator(private_stroke_cred_t *this, { /* we only have X509 certificates. TODO: ACs? */ return NULL; } - if (key != KEY_RSA && key != KEY_ANY) - { /* we only have RSA keys */ - return NULL; - } data = malloc_thing(id_data_t); data->this = this; data->id = id; @@ -741,7 +733,7 @@ static void load_secrets(private_stroke_cred_t *this) DBG1(DBG_CFG, "line %d: missing token", line_nr); goto error; } - if (match("RSA", &token)) + if (match("RSA", &token) || match("EC", &token)) { char path[PATH_MAX]; chunk_t filename; @@ -749,6 +741,7 @@ static void load_secrets(private_stroke_cred_t *this) private_key_t *key; bool pgp = FALSE; chunk_t chunk = chunk_empty; + key_type_t key_type = match("RSA", &token) ? KEY_RSA : KEY_ECDSA; err_t ugh = extract_value(&filename, &line); @@ -787,7 +780,7 @@ static void load_secrets(private_stroke_cred_t *this) if (pem_asn1_load_file(path, &secret, &chunk, &pgp)) { - key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, + key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, key_type, BUILD_BLOB_ASN1_DER, chunk, BUILD_END); if (key) { @@ -861,7 +854,7 @@ static void load_secrets(private_stroke_cred_t *this) else { DBG1(DBG_CFG, "line %d: token must be either " - "RSA, PSK, EAP, or PIN", line_nr); + "RSA, EC, PSK, EAP, or PIN", line_nr); goto error; } } diff --git a/src/charon/sa/authenticators/authenticator.c b/src/charon/sa/authenticators/authenticator.c index fc528ff54..8e246a280 100644 --- a/src/charon/sa/authenticators/authenticator.c +++ b/src/charon/sa/authenticators/authenticator.c @@ -1,4 +1,5 @@ /* + * Copyright (C) 2008 Tobias Brunner * Copyright (C) 2006 Martin Willi * Hochschule fuer Technik Rapperswil * @@ -19,7 +20,7 @@ #include "authenticator.h" -#include <sa/authenticators/rsa_authenticator.h> +#include <sa/authenticators/pubkey_authenticator.h> #include <sa/authenticators/psk_authenticator.h> #include <sa/authenticators/eap_authenticator.h> @@ -28,23 +29,46 @@ ENUM_BEGIN(auth_method_names, AUTH_RSA, AUTH_DSS, "RSA signature", "pre-shared key", "DSS signature"); -ENUM_NEXT(auth_method_names, AUTH_EAP, AUTH_EAP, AUTH_DSS, +ENUM_NEXT(auth_method_names, AUTH_ECDSA_256, AUTH_ECDSA_521, AUTH_DSS, + "ECDSA-256 signature", + "ECDSA-384 signature", + "ECDSA-521 signature"); +ENUM_NEXT(auth_method_names, AUTH_EAP, AUTH_EAP, AUTH_ECDSA_521, "EAP"); ENUM_END(auth_method_names, AUTH_EAP); -/* +/** * Described in header. */ -authenticator_t *authenticator_create(ike_sa_t *ike_sa, auth_method_t auth_method) +authenticator_t *authenticator_create(ike_sa_t *ike_sa, config_auth_method_t auth_method) { switch (auth_method) { + case CONF_AUTH_PUBKEY: + return (authenticator_t*)pubkey_authenticator_create(ike_sa); + case CONF_AUTH_PSK: + return (authenticator_t*)psk_authenticator_create(ike_sa); + case CONF_AUTH_EAP: + return (authenticator_t*)eap_authenticator_create(ike_sa); + default: + return NULL; + } +} + +/** + * Described in header. + */ +authenticator_t *authenticator_create_from_auth_payload(ike_sa_t *ike_sa, auth_payload_t *auth_payload) +{ + switch (auth_payload->get_auth_method(auth_payload)) + { case AUTH_RSA: - return (authenticator_t*)rsa_authenticator_create(ike_sa); + case AUTH_ECDSA_256: + case AUTH_ECDSA_384: + case AUTH_ECDSA_521: + return (authenticator_t*)pubkey_authenticator_create(ike_sa); case AUTH_PSK: return (authenticator_t*)psk_authenticator_create(ike_sa); - case AUTH_EAP: - return (authenticator_t*)eap_authenticator_create(ike_sa); default: return NULL; } diff --git a/src/charon/sa/authenticators/authenticator.h b/src/charon/sa/authenticators/authenticator.h index d0286be3e..54a6b03ad 100644 --- a/src/charon/sa/authenticators/authenticator.h +++ b/src/charon/sa/authenticators/authenticator.h @@ -1,4 +1,5 @@ /* + * Copyright (C) 2008 Tobias Brunner * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil @@ -29,6 +30,7 @@ typedef struct authenticator_t authenticator_t; #include <library.h> #include <sa/ike_sa.h> +#include <config/peer_cfg.h> #include <encoding/payloads/auth_payload.h> /** @@ -55,6 +57,21 @@ enum auth_method_t { AUTH_DSS = 3, /** + * ECDSA with SHA-256 on the P-256 curve as specified in RFC 4754 + */ + AUTH_ECDSA_256 = 9, + + /** + * ECDSA with SHA-384 on the P-384 curve as specified in RFC 4754 + */ + AUTH_ECDSA_384 = 10, + + /** + * ECDSA with SHA-512 on the P-521 curve as specified in RFC 4754 + */ + AUTH_ECDSA_521 = 11, + + /** * EAP authentication. This value is never negotiated and therefore * a value from private use. */ @@ -70,8 +87,9 @@ extern enum_name_t *auth_method_names; * Authenticator interface implemented by the various authenticators. * * Currently the following two AUTH methods are supported: - * - shared key message integrity code (AUTH_PSK) - * - RSA digital signature (AUTH_RSA) + * - shared key message integrity code + * - RSA digital signature + * - ECDSA is supported using OpenSSL */ struct authenticator_t { @@ -112,13 +130,23 @@ struct authenticator_t { }; /** - * Creates an authenticator for the specified auth method. + * Creates an authenticator for the specified auth method (as configured). * * @param ike_sa associated ike_sa * @param auth_method authentication method to use for build()/verify() * * @return authenticator_t object */ -authenticator_t *authenticator_create(ike_sa_t *ike_sa, auth_method_t auth_method); +authenticator_t *authenticator_create(ike_sa_t *ike_sa, config_auth_method_t auth_method); + +/** + * Creates an authenticator from the given auth payload. + * + * @param ike_sa associated ike_sa + * @param auth_payload auth payload + * + * @return authenticator_t object + */ +authenticator_t *authenticator_create_from_auth_payload(ike_sa_t *ike_sa, auth_payload_t *auth_payload); #endif /* AUTHENTICATOR_H_ @} */ diff --git a/src/charon/sa/authenticators/rsa_authenticator.c b/src/charon/sa/authenticators/pubkey_authenticator.c index fff660b3c..15a79e201 100644 --- a/src/charon/sa/authenticators/rsa_authenticator.c +++ b/src/charon/sa/authenticators/pubkey_authenticator.c @@ -1,4 +1,5 @@ /* + * Copyright (C) 2008 Tobias Brunner * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil @@ -18,23 +19,23 @@ #include <string.h> -#include "rsa_authenticator.h" +#include "pubkey_authenticator.h" #include <daemon.h> #include <credentials/auth_info.h> -typedef struct private_rsa_authenticator_t private_rsa_authenticator_t; +typedef struct private_pubkey_authenticator_t private_pubkey_authenticator_t; /** - * Private data of an rsa_authenticator_t object. + * Private data of an pubkey_authenticator_t object. */ -struct private_rsa_authenticator_t { +struct private_pubkey_authenticator_t { /** * Public authenticator_t interface. */ - rsa_authenticator_t public; + pubkey_authenticator_t public; /** * Assigned IKE_SA @@ -51,22 +52,41 @@ extern chunk_t build_tbs_octets(chunk_t ike_sa_init, chunk_t nonce, /** * Implementation of authenticator_t.verify. */ -static status_t verify(private_rsa_authenticator_t *this, chunk_t ike_sa_init, +static status_t verify(private_pubkey_authenticator_t *this, chunk_t ike_sa_init, chunk_t my_nonce, auth_payload_t *auth_payload) { public_key_t *public; + auth_method_t auth_method; chunk_t auth_data, octets; identification_t *other_id; prf_t *prf; auth_info_t *auth, *current_auth; enumerator_t *enumerator; + key_type_t key_type = KEY_ECDSA; + signature_scheme_t scheme; status_t status = FAILED; other_id = this->ike_sa->get_other_id(this->ike_sa); - - if (auth_payload->get_auth_method(auth_payload) != AUTH_RSA) + auth_method = auth_payload->get_auth_method(auth_payload); + switch (auth_method) { - return INVALID_ARG; + case AUTH_RSA: + /* We are currently fixed to SHA1 hashes. + * TODO: allow other hash algorithms and note it in "auth" */ + key_type = KEY_RSA; + scheme = SIGN_RSA_EMSA_PKCS1_SHA1; + break; + case AUTH_ECDSA_256: + scheme = SIGN_ECDSA_256; + break; + case AUTH_ECDSA_384: + scheme = SIGN_ECDSA_384; + break; + case AUTH_ECDSA_521: + scheme = SIGN_ECDSA_521; + break; + default: + return INVALID_ARG; } auth_data = auth_payload->get_data(auth_payload); prf = this->ike_sa->get_prf(this->ike_sa); @@ -75,15 +95,13 @@ static status_t verify(private_rsa_authenticator_t *this, chunk_t ike_sa_init, auth = this->ike_sa->get_other_auth(this->ike_sa); enumerator = charon->credentials->create_public_enumerator( - charon->credentials, KEY_RSA, other_id, auth); + charon->credentials, key_type, other_id, auth); while (enumerator->enumerate(enumerator, &public, ¤t_auth)) { - /* We are currently fixed to SHA1 hashes. - * TODO: allow other hash algorithms and note it in "auth" */ - if (public->verify(public, SIGN_RSA_EMSA_PKCS1_SHA1, octets, auth_data)) + if (public->verify(public, scheme, octets, auth_data)) { DBG1(DBG_IKE, "authentication of '%D' with %N successful", - other_id, auth_method_names, AUTH_RSA); + other_id, auth_method_names, auth_method); status = SUCCESS; auth->merge(auth, current_auth); break; @@ -101,7 +119,7 @@ static status_t verify(private_rsa_authenticator_t *this, chunk_t ike_sa_init, /** * Implementation of authenticator_t.build. */ -static status_t build(private_rsa_authenticator_t *this, chunk_t ike_sa_init, +static status_t build(private_pubkey_authenticator_t *this, chunk_t ike_sa_init, chunk_t other_nonce, auth_payload_t **auth_payload) { chunk_t octets, auth_data; @@ -110,37 +128,73 @@ static status_t build(private_rsa_authenticator_t *this, chunk_t ike_sa_init, identification_t *my_id; prf_t *prf; auth_info_t *auth; + auth_method_t auth_method; + signature_scheme_t scheme; my_id = this->ike_sa->get_my_id(this->ike_sa); - DBG1(DBG_IKE, "authentication of '%D' (myself) with %N", - my_id, auth_method_names, AUTH_RSA); + DBG1(DBG_IKE, "authentication of '%D' (myself) with public key", my_id); auth = this->ike_sa->get_my_auth(this->ike_sa); - private = charon->credentials->get_private(charon->credentials, KEY_RSA, + private = charon->credentials->get_private(charon->credentials, KEY_ANY, my_id, auth); if (private == NULL) { - DBG1(DBG_IKE, "no RSA private key found for '%D'", my_id); + DBG1(DBG_IKE, "no private key found for '%D'", my_id); return NOT_FOUND; } + + switch (private->get_type(private)) + { + case KEY_RSA: + /* we currently use always SHA1 for signatures, + * TODO: support other hashes depending on configuration/auth */ + scheme = SIGN_RSA_EMSA_PKCS1_SHA1; + auth_method = AUTH_RSA; + break; + case KEY_ECDSA: + /* we try to deduct the signature scheme from the keysize */ + switch (private->get_keysize(private)) + { + case 32: + scheme = SIGN_ECDSA_256; + auth_method = AUTH_ECDSA_256; + break; + case 48: + scheme = SIGN_ECDSA_384; + auth_method = AUTH_ECDSA_384; + break; + case 66: + scheme = SIGN_ECDSA_521; + auth_method = AUTH_ECDSA_521; + break; + default: + DBG1(DBG_IKE, "ECDSA not supported by private key"); + return status; + } + break; + default: + DBG1(DBG_IKE, "private key of type %N not supported", + key_type_names, private->get_type(private)); + return status; + } + prf = this->ike_sa->get_prf(this->ike_sa); prf->set_key(prf, this->ike_sa->get_skp_build(this->ike_sa)); octets = build_tbs_octets(ike_sa_init, other_nonce, my_id, prf); - /* we currently use always SHA1 for signatures, - * TODO: support other hashes depending on configuration/auth */ - if (private->sign(private, SIGN_RSA_EMSA_PKCS1_SHA1, octets, &auth_data)) + + if (private->sign(private, scheme, octets, &auth_data)) { auth_payload_t *payload = auth_payload_create(); - payload->set_auth_method(payload, AUTH_RSA); + payload->set_auth_method(payload, auth_method); payload->set_data(payload, auth_data); *auth_payload = payload; chunk_free(&auth_data); status = SUCCESS; - DBG2(DBG_IKE, "successfully signed with RSA private key"); + DBG2(DBG_IKE, "successfully built %N with private key", auth_method_names, auth_method); } else { - DBG1(DBG_IKE, "building RSA signature failed"); + DBG1(DBG_IKE, "building signature failed"); } chunk_free(&octets); private->destroy(private); @@ -151,7 +205,7 @@ static status_t build(private_rsa_authenticator_t *this, chunk_t ike_sa_init, /** * Implementation of authenticator_t.destroy. */ -static void destroy(private_rsa_authenticator_t *this) +static void destroy(private_pubkey_authenticator_t *this) { free(this); } @@ -159,9 +213,9 @@ static void destroy(private_rsa_authenticator_t *this) /* * Described in header. */ -rsa_authenticator_t *rsa_authenticator_create(ike_sa_t *ike_sa) +pubkey_authenticator_t *pubkey_authenticator_create(ike_sa_t *ike_sa) { - private_rsa_authenticator_t *this = malloc_thing(private_rsa_authenticator_t); + private_pubkey_authenticator_t *this = malloc_thing(private_pubkey_authenticator_t); /* public functions */ this->public.authenticator_interface.verify = (status_t(*)(authenticator_t*,chunk_t,chunk_t,auth_payload_t*))verify; diff --git a/src/charon/sa/authenticators/rsa_authenticator.h b/src/charon/sa/authenticators/pubkey_authenticator.h index f5e41a917..de5708c47 100644 --- a/src/charon/sa/authenticators/rsa_authenticator.h +++ b/src/charon/sa/authenticators/pubkey_authenticator.h @@ -1,4 +1,5 @@ /* + * Copyright (C) 2008 Tobias Brunner * Copyright (C) 2006 Martin Willi * Hochschule fuer Technik Rapperswil * @@ -16,21 +17,21 @@ */ /** - * @defgroup rsa_authenticator rsa_authenticator + * @defgroup pubkey_authenticator pubkey_authenticator * @{ @ingroup authenticators */ -#ifndef RSA_AUTHENTICATOR_H_ -#define RSA_AUTHENTICATOR_H_ +#ifndef PUBKEY_AUTHENTICATOR_H_ +#define PUBKEY_AUTHENTICATOR_H_ -typedef struct rsa_authenticator_t rsa_authenticator_t; +typedef struct pubkey_authenticator_t pubkey_authenticator_t; #include <sa/authenticators/authenticator.h> /** - * Implementation of the authenticator_t interface using AUTH_RSA. + * Implementation of the authenticator_t interface using AUTH_PUBKEY. */ -struct rsa_authenticator_t { +struct pubkey_authenticator_t { /** * Implemented authenticator_t interface. @@ -39,11 +40,11 @@ struct rsa_authenticator_t { }; /** - * Creates an authenticator for AUTH_RSA. + * Creates an authenticator for AUTH_PUBKEY. * * @param ike_sa associated ike_sa - * @return rsa_authenticator_t object + * @return pubkey_authenticator_t object */ -rsa_authenticator_t *rsa_authenticator_create(ike_sa_t *ike_sa); +pubkey_authenticator_t *pubkey_authenticator_create(ike_sa_t *ike_sa); -#endif /* RSA_AUTHENTICATOR_H_ @} */ +#endif /* PUBKEY_AUTHENTICATOR_H_ @} */ diff --git a/src/charon/sa/tasks/ike_auth.c b/src/charon/sa/tasks/ike_auth.c index c3a3f3bd4..067d69125 100644 --- a/src/charon/sa/tasks/ike_auth.c +++ b/src/charon/sa/tasks/ike_auth.c @@ -158,7 +158,7 @@ static status_t build_auth(private_ike_auth_t *this, message_t *message) authenticator_t *auth; auth_payload_t *auth_payload; peer_cfg_t *config; - auth_method_t method; + config_auth_method_t method; status_t status; /* create own authenticator and add auth payload */ @@ -174,7 +174,7 @@ static status_t build_auth(private_ike_auth_t *this, message_t *message) if (auth == NULL) { SIG(IKE_UP_FAILED, "configured authentication method %N not supported", - auth_method_names, method); + config_auth_method_names, method); return FAILED; } @@ -243,9 +243,9 @@ static status_t process_auth(private_ike_auth_t *this, message_t *message) /* AUTH payload is missing, client wants to use EAP authentication */ return NOT_FOUND; } - + auth_method = auth_payload->get_auth_method(auth_payload); - auth = authenticator_create(this->ike_sa, auth_method); + auth = authenticator_create_from_auth_payload(this->ike_sa, auth_payload); if (auth == NULL) { @@ -539,7 +539,7 @@ static status_t build_i(private_ike_auth_t *this, message_t *message) } config = this->ike_sa->get_peer_cfg(this->ike_sa); - if (config->get_auth_method(config) == AUTH_EAP) + if (config->get_auth_method(config) == CONF_AUTH_EAP) { this->eap_auth = eap_authenticator_create(this->ike_sa); } diff --git a/src/charon/sa/tasks/ike_cert_post.c b/src/charon/sa/tasks/ike_cert_post.c index 23e19a581..920a0f619 100644 --- a/src/charon/sa/tasks/ike_cert_post.c +++ b/src/charon/sa/tasks/ike_cert_post.c @@ -105,7 +105,7 @@ static void build_certs(private_ike_cert_post_t *this, message_t *message) peer_cfg_t *peer_cfg; peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa); - if (peer_cfg && peer_cfg->get_auth_method(peer_cfg) == AUTH_RSA) + if (peer_cfg && peer_cfg->get_auth_method(peer_cfg) == CONF_AUTH_PUBKEY) { switch (peer_cfg->get_cert_policy(peer_cfg)) { diff --git a/src/libstrongswan/credentials/keys/public_key.c b/src/libstrongswan/credentials/keys/public_key.c index 654b53c16..07d58331f 100644 --- a/src/libstrongswan/credentials/keys/public_key.c +++ b/src/libstrongswan/credentials/keys/public_key.c @@ -17,16 +17,21 @@ #include "public_key.h" -ENUM(key_type_names, KEY_RSA, KEY_RSA, - "RSA" +ENUM(key_type_names, KEY_RSA, KEY_ECDSA, + "RSA", + "ECDSA" ); -ENUM(signature_scheme_names, SIGN_DEFAULT, SIGN_RSA_EMSA_PKCS1_SHA512, +ENUM(signature_scheme_names, SIGN_DEFAULT, SIGN_ECDSA_521, "DEFAULT", "RSA_EMSA_PKCS1_MD5", "RSA_EMSA_PKCS1_SHA1", "RSA_EMSA_PKCS1_SHA256", "RSA_EMSA_PKCS1_SHA384", "RSA_EMSA_PKCS1_SHA512", + "ECDSA_WITH_SHA1", + "ECDSA-256", + "ECDSA-384", + "ECDSA-521", ); diff --git a/src/libstrongswan/credentials/keys/public_key.h b/src/libstrongswan/credentials/keys/public_key.h index 02a4410ff..b96ae9db3 100644 --- a/src/libstrongswan/credentials/keys/public_key.h +++ b/src/libstrongswan/credentials/keys/public_key.h @@ -39,7 +39,9 @@ enum key_type_t { KEY_ANY, /** RSA crypto system as in PKCS#1 */ KEY_RSA, - /** DSS, ElGamal, ECDSA, ... */ + /** ECDSA as in ANSI X9.62 */ + KEY_ECDSA, + /** DSS, ElGamal, ... */ }; /** @@ -61,11 +63,19 @@ enum signature_scheme_t { /** EMSA-PKCS1 signature as in PKCS#1 standard using SHA1 as hash. */ SIGN_RSA_EMSA_PKCS1_SHA1, /** EMSA-PKCS1 signature as in PKCS#1 standard using SHA256 as hash. */ - SIGN_RSA_EMSA_PKCS1_SHA256, + SIGN_RSA_EMSA_PKCS1_SHA256, /** EMSA-PKCS1 signature as in PKCS#1 standard using SHA384 as hash. */ - SIGN_RSA_EMSA_PKCS1_SHA384, + SIGN_RSA_EMSA_PKCS1_SHA384, /** EMSA-PKCS1 signature as in PKCS#1 standard using SHA512 as hash. */ - SIGN_RSA_EMSA_PKCS1_SHA512, + SIGN_RSA_EMSA_PKCS1_SHA512, + /** ECDSA using SHA-1 as hash. */ + SIGN_ECDSA_WITH_SHA1, + /** ECDSA with SHA-256 on the P-256 curve as in RFC 4754 */ + SIGN_ECDSA_256, + /** ECDSA with SHA-384 on the P-384 curve as in RFC 4754 */ + SIGN_ECDSA_384, + /** ECDSA with SHA-512 on the P-521 curve as in RFC 4754 */ + SIGN_ECDSA_521, }; /** diff --git a/src/libstrongswan/plugins/openssl/Makefile.am b/src/libstrongswan/plugins/openssl/Makefile.am index e48057b1f..f331a78eb 100644 --- a/src/libstrongswan/plugins/openssl/Makefile.am +++ b/src/libstrongswan/plugins/openssl/Makefile.am @@ -6,12 +6,15 @@ AM_CFLAGS = -rdynamic plugin_LTLIBRARIES = libstrongswan-openssl.la libstrongswan_openssl_la_SOURCES = openssl_plugin.h openssl_plugin.c \ + openssl_util.c openssl_util.h \ openssl_crypter.c openssl_crypter.h \ openssl_hasher.c openssl_hasher.h \ openssl_diffie_hellman.c openssl_diffie_hellman.h \ openssl_rsa_private_key.c openssl_rsa_private_key.h \ openssl_rsa_public_key.c openssl_rsa_public_key.h \ - openssl_ec_diffie_hellman.c openssl_ec_diffie_hellman.h + openssl_ec_diffie_hellman.c openssl_ec_diffie_hellman.h \ + openssl_ec_private_key.c openssl_ec_private_key.h \ + openssl_ec_public_key.c openssl_ec_public_key.h libstrongswan_openssl_la_LDFLAGS = -module libstrongswan_openssl_la_LIBADD = -lcrypto diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c new file mode 100644 index 000000000..b29440a97 --- /dev/null +++ b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c @@ -0,0 +1,445 @@ +/* + * Copyright (C) 2008 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + * + * $Id$ + */ + +#include "openssl_ec_private_key.h" +#include "openssl_ec_public_key.h" +#include "openssl_util.h" + +#include <debug.h> + +#include <openssl/evp.h> +#include <openssl/ecdsa.h> + +typedef struct private_openssl_ec_private_key_t private_openssl_ec_private_key_t; + +/** + * Private data of a openssl_ec_private_key_t object. + */ +struct private_openssl_ec_private_key_t { + /** + * Public interface for this signer. + */ + openssl_ec_private_key_t public; + + /** + * EC key object + */ + EC_KEY *ec; + + /** + * Keyid formed as a SHA-1 hash of a privateKey object + */ + identification_t* keyid; + + /** + * Keyid formed as a SHA-1 hash of a privateKeyInfo object + */ + identification_t* keyid_info; + + /** + * reference count + */ + refcount_t ref; +}; + +/** + * Mapping from the signature scheme defined in (RFC 4754) to the elliptic + * curve and the hash algorithm + */ +typedef struct { + /** + * Scheme specified in RFC 4754 + */ + int scheme; + + /** + * NID of the hash + */ + int hash; + + /** + * NID of the curve + */ + int curve; +} openssl_ecdsa_scheme_t; + +#define END_OF_LIST -1 + +/** + * Signature schemes + */ +static openssl_ecdsa_scheme_t ecdsa_schemes[] = { + {SIGN_ECDSA_256, NID_sha256, NID_X9_62_prime256v1}, + {SIGN_ECDSA_384, NID_sha384, NID_secp384r1}, + {SIGN_ECDSA_521, NID_sha512, NID_secp521r1}, + {END_OF_LIST, 0, 0}, +}; + +/** + * Look up the hash and curve of a signature scheme + */ +static bool lookup_scheme(int scheme, int *hash, int *curve) +{ + openssl_ecdsa_scheme_t *ecdsa_scheme = ecdsa_schemes; + while (ecdsa_scheme->scheme != END_OF_LIST) + { + if (scheme == ecdsa_scheme->scheme) + { + *hash = ecdsa_scheme->hash; + *curve = ecdsa_scheme->curve; + return TRUE; + } + ecdsa_scheme++; + } + return FALSE; +} + +/** + * shared functions, implemented in openssl_ec_public_key.c + */ +bool openssl_ec_public_key_build_id(EC_KEY *ec, identification_t **keyid, + identification_t **keyid_info); + +openssl_ec_public_key_t *openssl_ec_public_key_create_from_private_key(EC_KEY *ec); + + +/** + * Convert an ECDSA_SIG to a chunk by concatenating r and s. + * This function allocates memory for the chunk. + */ +static bool sig2chunk(const EC_GROUP *group, ECDSA_SIG *sig, chunk_t *chunk) +{ + return openssl_bn_cat(EC_FIELD_ELEMENT_LEN(group), sig->r, sig->s, chunk); +} + +/** + * Build the signature + */ +static bool build_signature(private_openssl_ec_private_key_t *this, + int hash_type, chunk_t data, chunk_t *signature) +{ + chunk_t hash = chunk_empty; + ECDSA_SIG *sig; + bool ret = FALSE; + + if (!openssl_hash_chunk(hash_type, data, &hash)) + { + return FALSE; + } + + sig = ECDSA_do_sign(hash.ptr, hash.len, this->ec); + if (!sig) + { + goto error; + } + + if (!sig2chunk(EC_KEY_get0_group(this->ec), sig, signature)) + { + goto error; + } + + ret = TRUE; +error: + chunk_free(&hash); + if (sig) + { + ECDSA_SIG_free(sig); + } + return ret; +} + +/** + * Implementation of private_key_t.get_type. + */ +static key_type_t get_type(private_openssl_ec_private_key_t *this) +{ + return KEY_ECDSA; +} + +/** + * Implementation of private_key_t.sign. + */ +static bool sign(private_openssl_ec_private_key_t *this, signature_scheme_t scheme, + chunk_t data, chunk_t *signature) +{ + EC_GROUP *req_group; + const EC_GROUP *my_group; + int hash, curve; + + if (!lookup_scheme(scheme, &hash, &curve)) + { + DBG1("signature scheme %N not supported in EC", + signature_scheme_names, scheme); + return FALSE; + } + + req_group = EC_GROUP_new_by_curve_name(curve); + if (!req_group) + { + DBG1("signature scheme %N not supported in EC (required curve not supported)", + signature_scheme_names, scheme); + return FALSE; + } + + my_group = EC_KEY_get0_group(this->ec); + if (EC_GROUP_cmp(my_group, req_group, NULL) != 0) + { + DBG1("signature scheme %N not supported by private key", + signature_scheme_names, scheme); + return FALSE; + } + + EC_GROUP_free(req_group); + + return build_signature(this, hash, data, signature); +} + +/** + * Implementation of private_key_t.destroy. + */ +static bool decrypt(private_openssl_ec_private_key_t *this, + chunk_t crypto, chunk_t *plain) +{ + DBG1("EC private key decryption not implemented"); + return FALSE; +} + +/** + * Implementation of private_key_t.get_keysize. + */ +static size_t get_keysize(private_openssl_ec_private_key_t *this) +{ + return EC_FIELD_ELEMENT_LEN(EC_KEY_get0_group(this->ec)); +} + +/** + * Implementation of private_key_t.get_id. + */ +static identification_t* get_id(private_openssl_ec_private_key_t *this, + id_type_t type) +{ + switch (type) + { + case ID_PUBKEY_INFO_SHA1: + return this->keyid_info; + case ID_PUBKEY_SHA1: + return this->keyid; + default: + return NULL; + } +} + +/** + * Implementation of private_key_t.get_public_key. + */ +static openssl_ec_public_key_t* get_public_key(private_openssl_ec_private_key_t *this) +{ + return openssl_ec_public_key_create_from_private_key(this->ec); +} + +/** + * Implementation of private_key_t.belongs_to. + */ +static bool belongs_to(private_openssl_ec_private_key_t *this, public_key_t *public) +{ + identification_t *keyid; + + if (public->get_type(public) != KEY_ECDSA) + { + return FALSE; + } + keyid = public->get_id(public, ID_PUBKEY_SHA1); + if (keyid && keyid->equals(keyid, this->keyid)) + { + return TRUE; + } + keyid = public->get_id(public, ID_PUBKEY_INFO_SHA1); + if (keyid && keyid->equals(keyid, this->keyid_info)) + { + return TRUE; + } + return FALSE; +} + +/** + * Implementation of private_key_t.get_encoding. + */ +static chunk_t get_encoding(private_openssl_ec_private_key_t *this) +{ + chunk_t enc = chunk_alloc(i2d_ECPrivateKey(this->ec, NULL)); + u_char *p = enc.ptr; + i2d_ECPrivateKey(this->ec, &p); + return enc; +} + +/** + * Implementation of private_key_t.get_ref. + */ +static private_openssl_ec_private_key_t* get_ref(private_openssl_ec_private_key_t *this) +{ + ref_get(&this->ref); + return this; + +} + +/** + * Implementation of private_key_t.destroy. + */ +static void destroy(private_openssl_ec_private_key_t *this) +{ + if (ref_put(&this->ref)) + { + if (this->ec) + { + EC_KEY_free(this->ec); + } + DESTROY_IF(this->keyid); + DESTROY_IF(this->keyid_info); + free(this); + } +} + +/** + * Internal generic constructor + */ +static private_openssl_ec_private_key_t *openssl_ec_private_key_create_empty(void) +{ + private_openssl_ec_private_key_t *this = malloc_thing(private_openssl_ec_private_key_t); + + this->public.interface.get_type = (key_type_t (*)(private_key_t *this))get_type; + this->public.interface.sign = (bool (*)(private_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t *signature))sign; + this->public.interface.decrypt = (bool (*)(private_key_t *this, chunk_t crypto, chunk_t *plain))decrypt; + this->public.interface.get_keysize = (size_t (*) (private_key_t *this))get_keysize; + this->public.interface.get_id = (identification_t* (*) (private_key_t *this,id_type_t))get_id; + this->public.interface.get_public_key = (public_key_t* (*)(private_key_t *this))get_public_key; + this->public.interface.belongs_to = (bool (*) (private_key_t *this, public_key_t *public))belongs_to; + this->public.interface.get_encoding = (chunk_t(*)(private_key_t*))get_encoding; + this->public.interface.get_ref = (private_key_t* (*)(private_key_t *this))get_ref; + this->public.interface.destroy = (void (*)(private_key_t *this))destroy; + + this->ec = NULL; + this->keyid = NULL; + this->keyid_info = NULL; + this->ref = 1; + + return this; +} + +/** + * load private key from an ASN1 encoded blob + */ +static openssl_ec_private_key_t *load(chunk_t blob) +{ + u_char *p = blob.ptr; + private_openssl_ec_private_key_t *this = openssl_ec_private_key_create_empty(); + + this->ec = d2i_ECPrivateKey(NULL, (const u_char**)&p, blob.len); + + chunk_clear(&blob); + + if (!this->ec) + { + destroy(this); + return NULL; + } + + if (!openssl_ec_public_key_build_id(this->ec, &this->keyid, &this->keyid_info)) + { + destroy(this); + return NULL; + } + + if (!EC_KEY_check_key(this->ec)) + { + destroy(this); + return NULL; + } + + return &this->public; +} + +typedef struct private_builder_t private_builder_t; +/** + * Builder implementation for key loading/generation + */ +struct private_builder_t { + /** implements the builder interface */ + builder_t public; + /** loaded/generated private key */ + openssl_ec_private_key_t *key; +}; + +/** + * Implementation of builder_t.build + */ +static openssl_ec_private_key_t *build(private_builder_t *this) +{ + openssl_ec_private_key_t *key = this->key; + + free(this); + return key; +} + +/** + * Implementation of builder_t.add + */ +static void add(private_builder_t *this, builder_part_t part, ...) +{ + va_list args; + + if (this->key) + { + DBG1("ignoring surplus build part %N", builder_part_names, part); + return; + } + + switch (part) + { + case BUILD_BLOB_ASN1_DER: + { + va_start(args, part); + this->key = load(va_arg(args, chunk_t)); + va_end(args); + break; + } + default: + DBG1("ignoring unsupported build part %N", builder_part_names, part); + break; + } +} + +/** + * Builder construction function + */ +builder_t *openssl_ec_private_key_builder(key_type_t type) +{ + private_builder_t *this; + + if (type != KEY_ECDSA) + { + return NULL; + } + + this = malloc_thing(private_builder_t); + + this->key = NULL; + this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add; + this->public.build = (void*(*)(builder_t *this))build; + + return &this->public; +} + diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.h b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.h new file mode 100644 index 000000000..b8fd0c14b --- /dev/null +++ b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.h @@ -0,0 +1,49 @@ +/* + * Copyright (C) 2008 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + * + * $Id$ + */ + +/** + * @defgroup openssl_ec_private_key openssl_ec_private_key + * @{ @ingroup openssl_p + */ + +#ifndef OPENSSL_EC_PRIVATE_KEY_H_ +#define OPENSSL_EC_PRIVATE_KEY_H_ + +#include <credentials/keys/private_key.h> + +typedef struct openssl_ec_private_key_t openssl_ec_private_key_t; + +/** + * private_key_t implementation of ECDSA using OpenSSL. + */ +struct openssl_ec_private_key_t { + + /** + * Implements private_key_t interface + */ + private_key_t interface; +}; + +/** + * Create the builder for a private key. + * + * @param type type of the key, must be KEY_ECDSA + * @return builder instance + */ +builder_t *openssl_ec_private_key_builder(key_type_t type); + +#endif /*OPENSSL_EC_PRIVATE_KEY_H_ @}*/ diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c new file mode 100644 index 000000000..0377023bc --- /dev/null +++ b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c @@ -0,0 +1,447 @@ +/* + * Copyright (C) 2008 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + * + * $Id$ + */ + +#include "openssl_ec_public_key.h" +#include "openssl_util.h" + +#include <debug.h> + +#include <openssl/evp.h> +#include <openssl/ecdsa.h> +#include <openssl/x509.h> + +typedef struct private_openssl_ec_public_key_t private_openssl_ec_public_key_t; + +/** + * Private data structure with signing context. + */ +struct private_openssl_ec_public_key_t { + /** + * Public interface for this signer. + */ + openssl_ec_public_key_t public; + + /** + * EC key object + */ + EC_KEY *ec; + + /** + * Keyid formed as a SHA-1 hash of a publicKeyInfo object + */ + identification_t *keyid_info; + + /** + * Keyid formed as a SHA-1 hash of a publicKey object + */ + identification_t *keyid; + + /** + * reference counter + */ + refcount_t ref; +}; + +/** + * Convert a chunk to an ECDSA_SIG (which must already exist). r and s + * of the signature have to be concatenated in the chunk. + */ +static bool chunk2sig(const EC_GROUP *group, chunk_t chunk, ECDSA_SIG *sig) +{ + return openssl_bn_split(chunk, sig->r, sig->s); +} + +/** + * Verification of a signature as in RFC 4754 + */ +static bool verify_signature(private_openssl_ec_public_key_t *this, + int hash_type, chunk_t data, chunk_t signature) +{ + chunk_t hash = chunk_empty; + ECDSA_SIG *sig; + bool valid = FALSE; + + if (!openssl_hash_chunk(hash_type, data, &hash)) + { + return FALSE; + } + + sig = ECDSA_SIG_new(); + if (!sig) + { + goto error; + } + + if (!chunk2sig(EC_KEY_get0_group(this->ec), signature, sig)) + { + goto error; + } + + valid = (ECDSA_do_verify(hash.ptr, hash.len, sig, this->ec) == 1); + +error: + if (sig) + { + ECDSA_SIG_free(sig); + } + chunk_free(&hash); + return valid; +} + + +/** + * Verification of the default signature using SHA-1 + */ +static bool verify_default_signature(private_openssl_ec_public_key_t *this, + chunk_t data, chunk_t signature) +{ + bool valid = FALSE; + chunk_t hash = chunk_empty; + u_char *p; + ECDSA_SIG *sig; + + /* remove any preceding 0-bytes from signature */ + while (signature.len && *(signature.ptr) == 0x00) + { + signature.len -= 1; + signature.ptr++; + } + + p = signature.ptr; + sig = d2i_ECDSA_SIG(NULL, (const u_char**)&p, signature.len); + if (!sig) + { + return FALSE; + } + + if (!openssl_hash_chunk(NID_sha1, data, &hash)) + { + goto error; + } + + valid = (ECDSA_do_verify(hash.ptr, hash.len, sig, this->ec) == 1); + +error: + if (sig) + { + ECDSA_SIG_free(sig); + } + chunk_free(&hash); + return valid; +} + +/** + * Implementation of public_key_t.get_type. + */ +static key_type_t get_type(private_openssl_ec_public_key_t *this) +{ + return KEY_ECDSA; +} + +/** + * Implementation of public_key_t.verify. + */ +static bool verify(private_openssl_ec_public_key_t *this, signature_scheme_t scheme, + chunk_t data, chunk_t signature) +{ + switch (scheme) + { + case SIGN_ECDSA_WITH_SHA1: + return verify_default_signature(this, data, signature); + case SIGN_ECDSA_256: + return verify_signature(this, NID_sha256, data, signature); + case SIGN_ECDSA_384: + return verify_signature(this, NID_sha384, data, signature); + case SIGN_ECDSA_521: + return verify_signature(this, NID_sha512, data, signature); + default: + DBG1("signature scheme %N not supported in EC", + signature_scheme_names, scheme); + return FALSE; + } +} + +/** + * Implementation of public_key_t.get_keysize. + */ +static bool encrypt(private_openssl_ec_public_key_t *this, chunk_t crypto, chunk_t *plain) +{ + DBG1("EC public key encryption not implemented"); + return FALSE; +} + +/** + * Implementation of public_key_t.get_keysize. + */ +static size_t get_keysize(private_openssl_ec_public_key_t *this) +{ + return EC_FIELD_ELEMENT_LEN(EC_KEY_get0_group(this->ec)); +} + +/** + * Implementation of public_key_t.get_id. + */ +static identification_t *get_id(private_openssl_ec_public_key_t *this, + id_type_t type) +{ + switch (type) + { + case ID_PUBKEY_INFO_SHA1: + return this->keyid_info; + case ID_PUBKEY_SHA1: + return this->keyid; + default: + return NULL; + } +} + +/** + * Encodes the public key + */ +static chunk_t get_encoding_raw(EC_KEY *ec) +{ + /* since the points can be stored in three different forms this may not + * be correct for all cases */ + const EC_GROUP *group = EC_KEY_get0_group(ec); + const EC_POINT *pub = EC_KEY_get0_public_key(ec); + chunk_t enc = chunk_alloc(EC_POINT_point2oct(group, pub, + POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL)); + EC_POINT_point2oct(group, pub, POINT_CONVERSION_UNCOMPRESSED, + enc.ptr, enc.len, NULL); + return enc; +} + +/** + * Encodes the public key info (public key with ec parameters) + */ +static chunk_t get_encoding_full(EC_KEY *ec) +{ + chunk_t enc = chunk_alloc(i2d_EC_PUBKEY(ec, NULL)); + u_char *p = enc.ptr; + i2d_EC_PUBKEY(ec, &p); + return enc; +} + +/* + * Implementation of public_key_t.get_encoding. + */ +static chunk_t get_encoding(private_openssl_ec_public_key_t *this) +{ + return get_encoding_full(this->ec); +} + +/** + * Implementation of public_key_t.get_ref. + */ +static private_openssl_ec_public_key_t* get_ref(private_openssl_ec_public_key_t *this) +{ + ref_get(&this->ref); + return this; +} + +/** + * Implementation of openssl_ec_public_key.destroy. + */ +static void destroy(private_openssl_ec_public_key_t *this) +{ + if (ref_put(&this->ref)) + { + if (this->ec) + { + EC_KEY_free(this->ec); + } + DESTROY_IF(this->keyid); + DESTROY_IF(this->keyid_info); + free(this); + } +} + +/** + * Generic private constructor + */ +static private_openssl_ec_public_key_t *openssl_ec_public_key_create_empty() +{ + private_openssl_ec_public_key_t *this = malloc_thing(private_openssl_ec_public_key_t); + + this->public.interface.get_type = (key_type_t (*)(public_key_t *this))get_type; + this->public.interface.verify = (bool (*)(public_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t signature))verify; + this->public.interface.encrypt = (bool (*)(public_key_t *this, chunk_t crypto, chunk_t *plain))encrypt; + this->public.interface.get_keysize = (size_t (*) (public_key_t *this))get_keysize; + this->public.interface.get_id = (identification_t* (*) (public_key_t *this,id_type_t))get_id; + this->public.interface.get_encoding = (chunk_t(*)(public_key_t*))get_encoding; + this->public.interface.get_ref = (public_key_t* (*)(public_key_t *this))get_ref; + this->public.interface.destroy = (void (*)(public_key_t *this))destroy; + + this->ec = NULL; + this->keyid = NULL; + this->keyid_info = NULL; + this->ref = 1; + + return this; +} + +/** + * Build key identifier from the public key using SHA1 hashed publicKey(Info). + * Also used in openssl_ec_private_key.c. + */ +bool openssl_ec_public_key_build_id(EC_KEY *ec, identification_t **keyid, + identification_t **keyid_info) +{ + chunk_t publicKeyInfo, publicKey, hash; + hasher_t *hasher; + + hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); + if (hasher == NULL) + { + DBG1("SHA1 hash algorithm not supported, unable to use EC"); + return FALSE; + } + + publicKey = get_encoding_raw(ec); + + hasher->allocate_hash(hasher, publicKey, &hash); + *keyid = identification_create_from_encoding(ID_PUBKEY_SHA1, hash); + chunk_free(&hash); + + publicKeyInfo = get_encoding_full(ec); + + hasher->allocate_hash(hasher, publicKeyInfo, &hash); + *keyid_info = identification_create_from_encoding(ID_PUBKEY_INFO_SHA1, hash); + chunk_free(&hash); + + hasher->destroy(hasher); + chunk_free(&publicKeyInfo); + chunk_free(&publicKey); + + return TRUE; +} + +/** + * Create a public key from BIGNUM values, used in openssl_ec_private_key.c + */ +openssl_ec_public_key_t *openssl_ec_public_key_create_from_private_key(EC_KEY *ec) +{ + private_openssl_ec_public_key_t *this = openssl_ec_public_key_create_empty(); + + this->ec = EC_KEY_new(); + EC_KEY_set_public_key(this->ec, EC_KEY_get0_public_key(ec)); + + if (!openssl_ec_public_key_build_id(this->ec, &this->keyid, &this->keyid_info)) + { + destroy(this); + return NULL; + } + return &this->public; +} + +/** + * Load a public key from an ASN1 encoded blob + */ +static openssl_ec_public_key_t *load(chunk_t blob) +{ + u_char *p = blob.ptr; + private_openssl_ec_public_key_t *this = openssl_ec_public_key_create_empty(); + + this->ec = d2i_EC_PUBKEY(NULL, (const u_char**)&p, blob.len); + + chunk_clear(&blob); + + if (!this->ec) + { + destroy(this); + return NULL; + } + + if (!openssl_ec_public_key_build_id(this->ec, &this->keyid, &this->keyid_info)) + { + destroy(this); + return NULL; + } + return &this->public; +} + +typedef struct private_builder_t private_builder_t; +/** + * Builder implementation for key loading + */ +struct private_builder_t { + /** implements the builder interface */ + builder_t public; + /** loaded public key */ + openssl_ec_public_key_t *key; +}; + +/** + * Implementation of builder_t.build + */ +static openssl_ec_public_key_t *build(private_builder_t *this) +{ + openssl_ec_public_key_t *key = this->key; + + free(this); + return key; +} + +/** + * Implementation of builder_t.add + */ +static void add(private_builder_t *this, builder_part_t part, ...) +{ + va_list args; + + if (this->key) + { + DBG1("ignoring surplus build part %N", builder_part_names, part); + return; + } + + switch (part) + { + case BUILD_BLOB_ASN1_DER: + { + va_start(args, part); + this->key = load(va_arg(args, chunk_t)); + va_end(args); + break; + } + default: + DBG1("ignoring unsupported build part %N", builder_part_names, part); + break; + } +} + +/** + * Builder construction function + */ +builder_t *openssl_ec_public_key_builder(key_type_t type) +{ + private_builder_t *this; + + if (type != KEY_ECDSA) + { + return NULL; + } + + this = malloc_thing(private_builder_t); + + this->key = NULL; + this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add; + this->public.build = (void*(*)(builder_t *this))build; + + return &this->public; +} + diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.h b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.h new file mode 100644 index 000000000..a4809f727 --- /dev/null +++ b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.h @@ -0,0 +1,49 @@ +/* + * Copyright (C) 2008 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + * + * $Id$ + */ + +/** + * @defgroup openssl_ec_public_key openssl_ec_public_key + * @{ @ingroup openssl_p + */ + +#ifndef OPENSSL_EC_PUBLIC_KEY_H_ +#define OPENSSL_EC_PUBLIC_KEY_H_ + +typedef struct openssl_ec_public_key_t openssl_ec_public_key_t; + +#include <credentials/keys/public_key.h> + +/** + * public_key_t implementation of ECDSA using OpenSSL. + */ +struct openssl_ec_public_key_t { + + /** + * Implements the public_key_t interface + */ + public_key_t interface; +}; + +/** + * Create the builder for a public key. + * + * @param type type of the key, must be KEY_ECDSA + * @return builder instance + */ +builder_t *openssl_ec_public_key_builder(key_type_t type); + +#endif /*OPENSSL_EC_PUBLIC_KEY_H_ @}*/ diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c index 697a2c986..eaedcc466 100644 --- a/src/libstrongswan/plugins/openssl/openssl_plugin.c +++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c @@ -26,6 +26,8 @@ #include "openssl_ec_diffie_hellman.h" #include "openssl_rsa_private_key.h" #include "openssl_rsa_public_key.h" +#include "openssl_ec_private_key.h" +#include "openssl_ec_public_key.h" typedef struct private_openssl_plugin_t private_openssl_plugin_t; @@ -57,6 +59,10 @@ static void destroy(private_openssl_plugin_t *this) (builder_constructor_t)openssl_rsa_private_key_builder); lib->creds->remove_builder(lib->creds, (builder_constructor_t)openssl_rsa_public_key_builder); + lib->creds->remove_builder(lib->creds, + (builder_constructor_t)openssl_ec_private_key_builder); + lib->creds->remove_builder(lib->creds, + (builder_constructor_t)openssl_ec_public_key_builder); EVP_cleanup(); @@ -142,5 +148,11 @@ plugin_t *plugin_create() lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, (builder_constructor_t)openssl_rsa_public_key_builder); + /* ec */ + lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ECDSA, + (builder_constructor_t)openssl_ec_private_key_builder); + lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ECDSA, + (builder_constructor_t)openssl_ec_public_key_builder); + return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/openssl/openssl_util.c b/src/libstrongswan/plugins/openssl/openssl_util.c new file mode 100644 index 000000000..9a5e74a5c --- /dev/null +++ b/src/libstrongswan/plugins/openssl/openssl_util.c @@ -0,0 +1,120 @@ +/* + * Copyright (C) 2008 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + * + * $Id$ + */ + +#include "openssl_util.h" + +#include <debug.h> + +#include <openssl/evp.h> + +/** + * Described in header. + */ +bool openssl_hash_chunk(int hash_type, chunk_t data, chunk_t *hash) +{ + EVP_MD_CTX *ctx; + bool ret = FALSE; + const EVP_MD *hasher = EVP_get_digestbynid(hash_type); + if (!hasher) + { + return FALSE; + } + + ctx = EVP_MD_CTX_create(); + if (!ctx) + { + goto error; + } + + if (!EVP_DigestInit_ex(ctx, hasher, NULL)) + { + goto error; + } + + if (!EVP_DigestUpdate(ctx, data.ptr, data.len)) + { + goto error; + } + + *hash = chunk_alloc(hasher->md_size); + if (!EVP_DigestFinal_ex(ctx, hash->ptr, NULL)) + { + chunk_free(hash); + goto error; + } + + ret = TRUE; +error: + if (ctx) + { + EVP_MD_CTX_destroy(ctx); + } + return ret; +} + +/** + * Described in header. + */ +bool openssl_bn_cat(int len, BIGNUM *a, BIGNUM *b, chunk_t *chunk) +{ + int offset; + + chunk->len = len * 2; + chunk->ptr = malloc(chunk->len); + memset(chunk->ptr, 0, chunk->len); + + offset = len - BN_num_bytes(a); + if (!BN_bn2bin(a, chunk->ptr + offset)) + { + goto error; + } + + offset = len - BN_num_bytes(b); + if (!BN_bn2bin(b, chunk->ptr + len + offset)) + { + goto error; + } + + return TRUE; +error: + chunk_free(chunk); + return FALSE; +} + + +/** + * Described in header. + */ +bool openssl_bn_split(chunk_t chunk, BIGNUM *a, BIGNUM *b) +{ + int len; + + if ((chunk.len % 2) != 0) + { + return FALSE; + } + + len = chunk.len / 2; + + if (!BN_bin2bn(chunk.ptr, len, a) || + !BN_bin2bn(chunk.ptr + len, len, b)) + { + return FALSE; + } + + return TRUE; +} diff --git a/src/libstrongswan/plugins/openssl/openssl_util.h b/src/libstrongswan/plugins/openssl/openssl_util.h new file mode 100644 index 000000000..fda4eda5b --- /dev/null +++ b/src/libstrongswan/plugins/openssl/openssl_util.h @@ -0,0 +1,70 @@ +/* + * Copyright (C) 2008 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + * + * $Id$ + */ + +/** + * @defgroup openssl_util openssl_util + * @{ @ingroup openssl_p + */ + +#ifndef OPENSSL_UTIL_H_ +#define OPENSSL_UTIL_H_ + +#include <library.h> +#include <openssl/bn.h> + +/** + * Returns the length in bytes of a field element + */ +#define EC_FIELD_ELEMENT_LEN(group) ((EC_GROUP_get_degree(group) + 7) / 8) + +/** + * Creates a hash of a given type of a chunk of data. + * + * Note: this function allocates memory for the hash + * + * @param hash_type NID of the hash + * @param data the chunk of data to hash + * @param hash chunk that contains the hash + * @return TRUE on success, FALSE otherwise + */ +bool openssl_hash_chunk(int hash_type, chunk_t data, chunk_t *hash); + +/** + * Concatenates two bignums into a chunk, thereby enfocing the length of + * a single BIGNUM, if necessary, by pre-pending it with zeros. + * + * Note: this function allocates memory for the chunk + * + * @param len the length of a single BIGNUM + * @param a first BIGNUM + * @param b second BIGNUM + * @param chunk resulting chunk + * @return TRUE on success, FALSE otherwise + */ +bool openssl_bn_cat(int len, BIGNUM *a, BIGNUM *b, chunk_t *chunk); + +/** + * Splits a chunk into two bignums of equal binary length. + * + * @param chunk a chunk that contains the two BIGNUMs + * @param a first BIGNUM + * @param b second BIGNUM + * @return TRUE on success, FALSE otherwise + */ +bool openssl_bn_split(chunk_t chunk, BIGNUM *a, BIGNUM *b); + +#endif /*OPENSSL_UTIL_H_ @}*/ diff --git a/src/libstrongswan/plugins/pubkey/pubkey_public_key.c b/src/libstrongswan/plugins/pubkey/pubkey_public_key.c index c4805aa98..1291b6ede 100644 --- a/src/libstrongswan/plugins/pubkey/pubkey_public_key.c +++ b/src/libstrongswan/plugins/pubkey/pubkey_public_key.c @@ -1,4 +1,5 @@ /* + * Copyright (C) 2008 Tobias Brunner * Copyright (C) 2008 Martin Willi * Copyright (C) 2000-2008 Andreas Steffen * Hochschule fuer Technik Rapperswil @@ -62,6 +63,14 @@ static public_key_t *load(chunk_t blob) { type = KEY_RSA; } + else if (oid == OID_EC_PUBLICKEY) + { + /* we need the whole subjectPublicKeyInfo for EC public keys */ + key = lib->creds->create(lib->creds, + CRED_PUBLIC_KEY, KEY_ECDSA, BUILD_BLOB_ASN1_DER, + chunk_clone(blob), BUILD_END); + goto end; + } else { /* key type not supported */ diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c index 06b7510c5..d604b5ef9 100644 --- a/src/libstrongswan/plugins/x509/x509_cert.c +++ b/src/libstrongswan/plugins/x509/x509_cert.c @@ -923,6 +923,9 @@ static bool issued_by(private_x509_cert_t *this, certificate_t *issuer) case OID_SHA512_WITH_RSA: scheme = SIGN_RSA_EMSA_PKCS1_SHA512; break; + case OID_ECDSA_WITH_SHA1: + scheme = SIGN_ECDSA_WITH_SHA1; + break; default: return FALSE; } diff --git a/src/pluto/constants.h b/src/pluto/constants.h index 7511e8427..989faeea3 100644 --- a/src/pluto/constants.h +++ b/src/pluto/constants.h @@ -877,6 +877,7 @@ extern const char *prettypolicy(lset_t policy); #define POLICY_BEET LELEM(22) /* bound end2end tunnel, IKEv2 */ #define POLICY_MOBIKE LELEM(23) /* enable MOBIKE for IKEv2 */ #define POLICY_FORCE_ENCAP LELEM(24) /* force UDP encapsulation (IKEv2) */ +#define POLICY_ECDSASIG LELEM(25) /* ecdsa signature (IKEv2) */ /* Any IPsec policy? If not, a connection description * is only for ISAKMP SA, not IPSEC SA. (A pun, I admit.) diff --git a/src/starter/confread.c b/src/starter/confread.c index d1777cd61..3794992e7 100644 --- a/src/starter/confread.c +++ b/src/starter/confread.c @@ -535,10 +535,12 @@ load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg) /* also handles the cases secret|rsasig and rsasig|secret */ for (;;) { - if (streq(value, "rsasig")) + if (streq(value, "rsa") || streq(value, "rsasig")) conn->policy |= POLICY_RSASIG | POLICY_ENCRYPT; else if (streq(value, "secret") || streq(value, "psk")) conn->policy |= POLICY_PSK | POLICY_ENCRYPT; + else if (streq(value, "ecdsa") || streq(value, "ecdsasig")) + conn->policy |= POLICY_ECDSASIG | POLICY_ENCRYPT; else if (streq(value, "xauthrsasig")) conn->policy |= POLICY_XAUTH_RSASIG | POLICY_ENCRYPT; else if (streq(value, "xauthpsk")) diff --git a/src/starter/starterstroke.c b/src/starter/starterstroke.c index b3b08817c..0183c26c7 100644 --- a/src/starter/starterstroke.c +++ b/src/starter/starterstroke.c @@ -38,13 +38,12 @@ #include "files.h" /** - * Authentication mehtods, must be the same values as in charon + * Authentication mehtods, must be the same as in charon */ enum auth_method_t { - AUTH_RSA = 1, - AUTH_PSK = 2, - AUTH_DSS = 3, - AUTH_EAP = 201, + AUTH_PUBKEY = 0, + AUTH_PSK, + AUTH_EAP, }; static char* push_string(stroke_msg_t *msg, char *string) @@ -213,10 +212,10 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn) msg.add_conn.ikev2 = conn->keyexchange == KEY_EXCHANGE_IKEV2; msg.add_conn.name = push_string(&msg, connection_name(conn)); - /* RSA is preferred before PSK and EAP */ - if (conn->policy & POLICY_RSASIG) + /* PUBKEY is preferred to PSK and EAP */ + if (conn->policy & POLICY_RSASIG || conn->policy & POLICY_ECDSASIG) { - msg.add_conn.auth_method = AUTH_RSA; + msg.add_conn.auth_method = AUTH_PUBKEY; } else if (conn->policy & POLICY_PSK) { |