pluto: RFC 7427 - Digital Signature Authentication for RSA with SHA1

It provides a new signature authentication mechanism for digital signatures It includes a hash notification algorithm Includes impairments for Interoperability
sahanaprasad07 · Aug 28, 2017 · 81c7cf0 · 81c7cf0
1 parent 7addd3c
commit 81c7cf0
Show file tree

Hide file tree

Showing 9 changed files with 258 additions and 33 deletions.
diff --git a/include/ietf_constants.h b/include/ietf_constants.h
@@ -9,6 +9,7 @@
  * Copyright (C) 2012-2015 Paul Wouters <pwouters@redhat.com>
  * Copyright (C) 2013 Tuomo Soini <tis@foobar.fi>
  * Copyright (C) 2016 Andrew Cagney <cagney@gnu.org>
+ * Copyright (C) 2017 Sahana Prasad <sahana.prasad07@gmail.com>
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -1229,7 +1230,7 @@ enum ikev2_auth_method {
 	IKEv2_AUTH_P521 = 11, /* RFC 4754 */
 	IKEv2_AUTH_GSPM = 12, /* RFC 6467 */
 	IKEv2_AUTH_NULL = 13, /* draft-ietf-ipsecme-ikev2-null-auth */
-	IKEv2_AUTH_SIG = 14, /* RFC 7427 */
+	IKEv2_AUTH_DIGSIG = 14, /* RFC 7427 */
 	/* 15 - 200 unassigned */
 	/* 201 - 255 private use */
 };
@@ -1654,6 +1655,43 @@ enum ipsec_comp_algo {
 	/* 64-255 Unassigned */
 };
 
+/*
+ * RFC 7427 Signature Authentication in the Internet Key Exchange Version 2 (IKEv2)
+ * Section 7 :  IANA Considerations
+ * https://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml#hash-algorithms
+ */
+
+enum notify_payload_hash_algorithms {
+	IKEv2_AUTH_HASH_RESERVED = 0,
+	IKEv2_AUTH_HASH_SHA1     = 1,
+	IKEv2_AUTH_HASH_SHA2_256 = 2,
+	IKEv2_AUTH_HASH_SHA2_384 = 3,
+	IKEv2_AUTH_HASH_SHA2_512 = 4,
+	IKEv2_AUTH_HASH_IDENTITY = 5, /* RFC 4307-bis */
+	/* 6-1023 Unassigned */
+	/* 1024-65535 Reserved for private use */
+	IKEv2_AUTH_HASH_ROOF
+};
+
+/* RFC 7427 Hash Algorithm Identifiers (mentioned in notify_payload_hash_algorithms)
+ * that are sent in the Notify payload of the hash algorithm notification are 2 bytes each.
+ */
+
+#define RFC_7427_HASH_ALGORITHM_VALUE 2
+
+/*
+ * RFC 7427 , section 3 describes the Authentication data format for Digital Signatures.
+ * ASN.1 Length (1 octet) : length of the ASN.1-encoded AlgorithmIdentifier object.
+ * Algorithm Identifier (variable length) - This field contains the AlgorithmIdentifier ASN.1 object.
+ */
+
+#define ASN1_SHA1_RSA_OID_SIZE 15 /* size of algorithm identifier sha1WithRSAEncryption is 15 bytes */
+#define ASN1_LEN_ALGO_IDENTIFIER 1 /* length of ASN.1 Algorithm Identifier(variable length) is 1 byte */
+
+/* 15 byte OID of sha1WithRSAEncryption is specified in RFC 7427 in A.1.1 */
+static const unsigned char sha1_rsa_oid_blob[ASN1_SHA1_RSA_OID_SIZE] = {0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00};
+
+static const uint8_t len_sha1_rsa_oid_blob[ASN1_LEN_ALGO_IDENTIFIER] = {ASN1_SHA1_RSA_OID_SIZE};
 
 /* Limits on size of RSA moduli.
  * The upper bound matches that of DNSSEC (see RFC 2537).

diff --git a/include/pluto_constants.h b/include/pluto_constants.h
@@ -7,6 +7,7 @@
  * Copyright (C) 2013 David McCullough <ucdevel@gmail.com>
  * Copyright (C) 2013 Matt Rogers <mrogers@redhat.com>
  * Copyright (C) 2016, Andrew Cagney <cagney@gnu.org>
+ * Copyright (C) 2017 Sahana Prasad <sahana.prasad07@gmail.com>
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -344,6 +345,9 @@ enum {
 	IMPAIR_SEND_KEY_SIZE_CHECK_IX,		/* causes pluto to omit checking configured ESP key sizes for testing */
 	IMPAIR_SEND_ZERO_GX_IX,			/* causes pluto to send a g^x that is zero, breaking DH calculation */
 	IMPAIR_SEND_BOGUS_DCOOKIE_IX,		/* causes pluto to send a a bogus IKEv2 DCOOKIE */
+	IMPAIR_OMIT_HASH_NOTIFY_REQUEST_IX,	/* causes pluto to omit sending hash notify in IKE_SA_INIT Request */
+	IMPAIR_IGNORE_HASH_NOTIFY_REQUEST_IX,	/* causes pluto to ignore incoming hash notify from IKE_SA_INIT Request */
+	IMPAIR_IGNORE_HASH_NOTIFY_RESPONSE_IX,	/* causes pluto to ignore incoming hash notify from IKE_SA_INIT Response*/
 	IMPAIR_roof_IX	/* first unassigned IMPAIR */
 };
 
@@ -389,6 +393,10 @@ enum {
 #define IMPAIR_SEND_KEY_SIZE_CHECK	LELEM(IMPAIR_SEND_KEY_SIZE_CHECK_IX)
 #define IMPAIR_SEND_ZERO_GX	LELEM(IMPAIR_SEND_ZERO_GX_IX)
 #define IMPAIR_SEND_BOGUS_DCOOKIE	LELEM(IMPAIR_SEND_BOGUS_DCOOKIE_IX)
+#define IMPAIR_OMIT_HASH_NOTIFY_REQUEST		LELEM(IMPAIR_OMIT_HASH_NOTIFY_REQUEST_IX)
+#define IMPAIR_IGNORE_HASH_NOTIFY_REQUEST	LELEM(IMPAIR_IGNORE_HASH_NOTIFY_REQUEST_IX)
+#define IMPAIR_IGNORE_HASH_NOTIFY_RESPONSE	LELEM(IMPAIR_IGNORE_HASH_NOTIFY_RESPONSE_IX)
+
 
 /* State of exchanges
  *
@@ -896,6 +904,12 @@ enum sa_policy_bits {
 #define POLICY_ESN_NO		LELEM(POLICY_ESN_NO_IX)	/* accept or request ESNno */
 #define POLICY_ESN_YES		LELEM(POLICY_ESN_YES_IX)	/* accept or request ESNyes */
 
+#define NEGOTIATE_AUTH_HASH_SHA1		LELEM(IKEv2_AUTH_HASH_SHA1)	/* rfc7427 does responder support SHA1? */
+#define NEGOTIATE_AUTH_HASH_SHA2_256		LELEM(IKEv2_AUTH_HASH_SHA2_256)	/* rfc7427 does responder support SHA2-256?  */
+#define NEGOTIATE_AUTH_HASH_SHA2_384		LELEM(IKEv2_AUTH_HASH_SHA2_384)	/* rfc7427 does responder support SHA2-384? */
+#define NEGOTIATE_AUTH_HASH_SHA2_512		LELEM(IKEv2_AUTH_HASH_SHA2_512)	/* rfc7427 does responder support SHA2-512? */
+#define NEGOTIATE_AUTH_HASH_IDENTITY		LELEM(IKEv2_AUTH_HASH_IDENTITY)	/* rfc4307-bis does responder support IDENTITY? */
+
 /* Default policy for now is using RSA - this might change to ECC */
 #define POLICY_DEFAULT POLICY_RSASIG
 

diff --git a/include/whack.h b/include/whack.h
@@ -46,7 +46,7 @@
  */
 
 #define WHACK_BASIC_MAGIC (((((('w' << 8) + 'h') << 8) + 'k') << 8) + 25)
-#define WHACK_MAGIC (((((('o' << 8) + 'h') << 8) + 'k') << 8) + 43)
+#define WHACK_MAGIC (((((('o' << 8) + 'h') << 8) + 'k') << 8) + 44)
 
 /*
  * Where, if any, is the pubkey coming from.

diff --git a/lib/libswan/constants.c b/lib/libswan/constants.c
@@ -1445,11 +1445,12 @@ static const char *const ikev2_auth_name[] = {
 	"IKEv2_AUTH_ECDSA_P521",
 	"IKEv2_AUTH_GSPM", /* 12 - RFC 6467 */
 	"IKEv2_AUTH_NULL",
+	"IKEv2_AUTH_DIGSIG", /* 14 - RFC 7427 */
 };
 
 enum_names ikev2_auth_names = {
 	IKEv2_AUTH_RESERVED,
-	IKEv2_AUTH_NULL,
+	IKEv2_AUTH_DIGSIG,
 	ARRAY_REF(ikev2_auth_name),
 	NULL, /* prefix */
 	NULL

diff --git a/programs/pluto/ikev2.c b/programs/pluto/ikev2.c
@@ -13,6 +13,7 @@
  * Copyright (C) 2013 Matt Rogers <mrogers@redhat.com>
  * Copyright (C) 2015-2017 Andrew Cagney
  * Copyright (C) 2016-2017 Antony Antony <appu@phenome.org>
+ * Copyright (C) 2017 Sahana Prasad <sahana.prasad07@gmail.com>
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -1484,6 +1485,12 @@ bool ikev2_decode_peer_id_and_certs(struct msg_digest *md)
 		case IKEv2_AUTH_NULL:
 			authby = AUTH_NULL;
 			break;
+		case IKEv2_AUTH_DIGSIG:
+			if (c->policy & POLICY_RSASIG) {
+				authby = AUTH_RSASIG;
+				break;
+			}
+			/* FALL THROUGH */
 		case IKEv2_AUTH_NONE:
 		default:
 			DBG(DBG_CONTROL, DBG_log("ikev2 skipping refine_host_connection due to unknown policy"));