supp.c

   1 /* Algorithm support checks
   2    Copyright (C) 2005 Maurice Massar
   3    Reorganised 2006 by Dan Villiom Podlaski Christiansen
   4
   5    This program is free software; you can redistribute it and/or modify
   6    it under the terms of the GNU General Public License as published by
   7    the Free Software Foundation; either version 2 of the License, or
   8    (at your option) any later version.
   9
  10    This program is distributed in the hope that it will be useful,
  11    but WITHOUT ANY WARRANTY; without even the implied warranty of
  12    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  13    GNU General Public License for more details.
  14
  15    You should have received a copy of the GNU General Public License
  16    along with this program; if not, write to the Free Software
  17    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  18
  19    $Id$
  20 */
  21
  22 #include "supp.h"
  23 #include "math_group.h"
  24 #include "config.h"
  25 #include "isakmp.h"
  26
  27 #include <gcrypt.h>
  28 #include <stdlib.h>
  29
  30 const supported_algo_t supp_dh_group[] = {
  31         {"nopfs", 0, 0, 0, 0},
  32         {"dh1", OAKLEY_GRP_1, IKE_GROUP_MODP_768,  IKE_GROUP_MODP_768,  0},
  33         {"dh2", OAKLEY_GRP_2, IKE_GROUP_MODP_1024, IKE_GROUP_MODP_1024, 0},
  34         {"dh5", OAKLEY_GRP_5, IKE_GROUP_MODP_1536, IKE_GROUP_MODP_1536, 0},
  35         /*{ "dh7", OAKLEY_GRP_7, IKE_GROUP_EC2N_163K, IKE_GROUP_EC2N_163K, 0 } note: code missing */
  36         {NULL, 0, 0, 0, 0}
  37 };
  38
  39 const supported_algo_t supp_hash[] = {
  40         {"md5", GCRY_MD_MD5, IKE_HASH_MD5, IPSEC_AUTH_HMAC_MD5, 0},
  41         {"sha1", GCRY_MD_SHA1, IKE_HASH_SHA, IPSEC_AUTH_HMAC_SHA, 0},
  42         {NULL, 0, 0, 0, 0}
  43 };
  44
  45 const supported_algo_t supp_crypt[] = {
  46         {"null", GCRY_CIPHER_NONE, IKE_ENC_NO_CBC, ISAKMP_IPSEC_ESP_NULL, 0},
  47         {"des", GCRY_CIPHER_DES, IKE_ENC_DES_CBC, ISAKMP_IPSEC_ESP_DES, 0},
  48         {"3des", GCRY_CIPHER_3DES, IKE_ENC_3DES_CBC, ISAKMP_IPSEC_ESP_3DES, 0},
  49         {"aes128", GCRY_CIPHER_AES128, IKE_ENC_AES_CBC, ISAKMP_IPSEC_ESP_AES, 128},
  50         {"aes192", GCRY_CIPHER_AES192, IKE_ENC_AES_CBC, ISAKMP_IPSEC_ESP_AES, 192},
  51         {"aes256", GCRY_CIPHER_AES256, IKE_ENC_AES_CBC, ISAKMP_IPSEC_ESP_AES, 256},
  52         {NULL, 0, 0, 0, 0}
  53 };
  54
  55 const supported_algo_t supp_auth[] = {
  56         {"psk", 0, IKE_AUTH_PRESHARED, 0, 0},
  57         {"psk+xauth", 0, IKE_AUTH_XAUTHInitPreShared, 0, 0},
  58 #if 0
  59         {"cert(dsa)", 0, IKE_AUTH_RSA_SIG, 0, 0},
  60         {"cert(rsasig)", 0, IKE_AUTH_DSS, 0, 0},
  61         {"hybrid(dsa)", 0, IKE_AUTH_DSS, 0, 0},
  62 #endif /* 0 */
  63         {"hybrid(rsa)", 0, IKE_AUTH_HybridInitRSA, 0, 0},
  64         {NULL, 0, 0, 0, 0}
  65 };
  66
  67 const supported_algo_t *get_algo(enum algo_group what, enum supp_algo_key key, int id,
  68         const char *name, int keylen)
  69 {
  70         const supported_algo_t *sa = NULL;
  71         int i = 0, val = 0;
  72         const char *valname = NULL;
  73
  74         switch (what) {
  75         case SUPP_ALGO_DH_GROUP:
  76                 sa = supp_dh_group;
  77                 break;
  78         case SUPP_ALGO_HASH:
  79                 sa = supp_hash;
  80                 break;
  81         case SUPP_ALGO_CRYPT:
  82                 sa = supp_crypt;
  83                 break;
  84         case SUPP_ALGO_AUTH:
  85                 sa = supp_auth;
  86                 break;
  87         default:
  88                 abort();
  89         }
  90
  91         for (i = 0; sa[i].name != NULL; i++) {
  92                 switch (key) {
  93                 case SUPP_ALGO_NAME:
  94                         valname = sa[i].name;
  95                         break;
  96                 case SUPP_ALGO_MY_ID:
  97                         val = sa[i].my_id;
  98                         break;
  99                 case SUPP_ALGO_IKE_SA:
 100                         val = sa[i].ike_sa_id;
 101                         break;
 102                 case SUPP_ALGO_IPSEC_SA:
 103                         val = sa[i].ipsec_sa_id;
 104                         break;
 105                 default:
 106                         abort();
 107                 }
 108                 if ((key == SUPP_ALGO_NAME) ? !strcasecmp(name, valname) : (val == id))
 109                         if (keylen == sa[i].keylen)
 110                                 return sa + i;
 111         }
 112
 113         return NULL;
 114 }
 115
 116 const supported_algo_t *get_dh_group_ike(void)
 117 {
 118         return get_algo(SUPP_ALGO_DH_GROUP, SUPP_ALGO_NAME, 0, config[CONFIG_IKE_DH], 0);
 119 }
 120 const supported_algo_t *get_dh_group_ipsec(int server_setting)
 121 {
 122         const char *pfs_setting = config[CONFIG_IPSEC_PFS];
 123
 124         if (!strcmp(config[CONFIG_IPSEC_PFS], "server")) {
 125                 /* treat server_setting == -1 (unknown) as 0 */
 126                 pfs_setting = (server_setting == 1) ? "dh2" : "nopfs";
 127         }
 128
 129         return get_algo(SUPP_ALGO_DH_GROUP, SUPP_ALGO_NAME, 0, pfs_setting, 0);
 130 }