2 * Copyright (c) 2015 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
16 #include <vlib/vlib.h>
17 #include <vnet/vnet.h>
18 #include <vnet/pg/pg.h>
19 #include <vppinfra/error.h>
20 #include <vnet/udp/udp.h>
21 #include <vnet/ipsec/ikev2.h>
22 #include <vnet/ipsec/ikev2_priv.h>
23 #include <openssl/obj_mac.h>
24 #include <openssl/ec.h>
25 #include <openssl/x509.h>
26 #include <openssl/pem.h>
27 #include <openssl/bn.h>
30 static const char modp_dh_768_prime[] =
31 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
32 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
33 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
34 "E485B576625E7EC6F44C42E9A63A3620FFFFFFFFFFFFFFFF";
35 static const char modp_dh_768_generator[] = "02";
37 static const char modp_dh_1024_prime[] =
38 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
39 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
40 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
41 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
42 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381" "FFFFFFFFFFFFFFFF";
43 static const char modp_dh_1024_generator[] = "02";
46 static const char modp_dh_1536_prime[] =
47 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
48 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
49 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
50 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
51 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
52 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
53 "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
54 "670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF";
55 static const char modp_dh_1536_generator[] = "02";
57 static const char modp_dh_2048_prime[] =
58 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
59 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
60 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
61 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
62 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
63 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
64 "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
65 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
66 "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
67 "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
68 "15728E5A8AACAA68FFFFFFFFFFFFFFFF";
69 static const char modp_dh_2048_generator[] = "02";
71 static const char modp_dh_3072_prime[] =
72 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
73 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
74 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
75 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
76 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
77 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
78 "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
79 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
80 "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
81 "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
82 "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
83 "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
84 "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
85 "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
86 "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
87 "43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF";
88 static const char modp_dh_3072_generator[] = "02";
90 static const char modp_dh_4096_prime[] =
91 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
92 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
93 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
94 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
95 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
96 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
97 "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
98 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
99 "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
100 "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
101 "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
102 "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
103 "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
104 "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
105 "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
106 "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7"
107 "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA"
108 "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6"
109 "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED"
110 "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9"
111 "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199" "FFFFFFFFFFFFFFFF";
112 static const char modp_dh_4096_generator[] = "02";
114 static const char modp_dh_6144_prime[] =
115 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E08"
116 "8A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B"
117 "302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9"
118 "A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE6"
119 "49286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8"
120 "FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D"
121 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C"
122 "180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF695581718"
123 "3995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D"
124 "04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7D"
125 "B3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D226"
126 "1AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
127 "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFC"
128 "E0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B26"
129 "99C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB"
130 "04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2"
131 "233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127"
132 "D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492"
133 "36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406"
134 "AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918"
135 "DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B33205151"
136 "2BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03"
137 "F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97F"
138 "BEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA"
139 "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58B"
140 "B7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632"
141 "387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E"
142 "6DCC4024FFFFFFFFFFFFFFFF";
143 static const char modp_dh_6144_generator[] = "02";
145 static const char modp_dh_8192_prime[] =
146 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
147 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
148 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
149 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
150 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
151 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
152 "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
153 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
154 "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
155 "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
156 "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
157 "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
158 "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
159 "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
160 "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
161 "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7"
162 "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA"
163 "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6"
164 "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED"
165 "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9"
166 "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492"
167 "36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BD"
168 "F8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831"
169 "179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1B"
170 "DB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF"
171 "5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6"
172 "D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F3"
173 "23A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA"
174 "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE328"
175 "06A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55C"
176 "DA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE"
177 "12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E4"
178 "38777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300"
179 "741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F568"
180 "3423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD9"
181 "22222E04A4037C0713EB57A81A23F0C73473FC646CEA306B"
182 "4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A"
183 "062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A36"
184 "4597E899A0255DC164F31CC50846851DF9AB48195DED7EA1"
185 "B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F92"
186 "4009438B481C6CD7889A002ED5EE382BC9190DA6FC026E47"
187 "9558E4475677E9AA9E3050E2765694DFC81F56E880B96E71"
188 "60C980DD98EDD3DFFFFFFFFFFFFFFFFF";
189 static const char modp_dh_8192_generator[] = "02";
192 static const char modp_dh_1024_160_prime[] =
193 "B10B8F96A080E01DDE92DE5EAE5D54EC52C99FBCFB06A3C6"
194 "9A6A9DCA52D23B616073E28675A23D189838EF1E2EE652C0"
195 "13ECB4AEA906112324975C3CD49B83BFACCBDD7D90C4BD70"
196 "98488E9C219A73724EFFD6FAE5644738FAA31A4FF55BCCC0"
197 "A151AF5F0DC8B4BD45BF37DF365C1A65E68CFDA76D4DA708" "DF1FB2BC2E4A4371";
198 static const char modp_dh_1024_160_generator[] =
199 "A4D1CBD5C3FD34126765A442EFB99905F8104DD258AC507F"
200 "D6406CFF14266D31266FEA1E5C41564B777E690F5504F213"
201 "160217B4B01B886A5E91547F9E2749F4D7FBD7D3B9A92EE1"
202 "909D0D2263F80A76A6A24C087A091F531DBF0A0169B6A28A"
203 "D662A4D18E73AFA32D779D5918D08BC8858F4DCEF97C2A24" "855E6EEB22B3B2E5";
205 static const char modp_dh_2048_224_prime[] =
206 "AD107E1E9123A9D0D660FAA79559C51FA20D64E5683B9FD1"
207 "B54B1597B61D0A75E6FA141DF95A56DBAF9A3C407BA1DF15"
208 "EB3D688A309C180E1DE6B85A1274A0A66D3F8152AD6AC212"
209 "9037C9EDEFDA4DF8D91E8FEF55B7394B7AD5B7D0B6C12207"
210 "C9F98D11ED34DBF6C6BA0B2C8BBC27BE6A00E0A0B9C49708"
211 "B3BF8A317091883681286130BC8985DB1602E714415D9330"
212 "278273C7DE31EFDC7310F7121FD5A07415987D9ADC0A486D"
213 "CDF93ACC44328387315D75E198C641A480CD86A1B9E587E8"
214 "BE60E69CC928B2B9C52172E413042E9B23F10B0E16E79763"
215 "C9B53DCF4BA80A29E3FB73C16B8E75B97EF363E2FFA31F71"
216 "CF9DE5384E71B81C0AC4DFFE0C10E64F";
217 static const char modp_dh_2048_224_generator[] =
218 "AC4032EF4F2D9AE39DF30B5C8FFDAC506CDEBE7B89998CAF"
219 "74866A08CFE4FFE3A6824A4E10B9A6F0DD921F01A70C4AFA"
220 "AB739D7700C29F52C57DB17C620A8652BE5E9001A8D66AD7"
221 "C17669101999024AF4D027275AC1348BB8A762D0521BC98A"
222 "E247150422EA1ED409939D54DA7460CDB5F6C6B250717CBE"
223 "F180EB34118E98D119529A45D6F834566E3025E316A330EF"
224 "BB77A86F0C1AB15B051AE3D428C8F8ACB70A8137150B8EEB"
225 "10E183EDD19963DDD9E263E4770589EF6AA21E7F5F2FF381"
226 "B539CCE3409D13CD566AFBB48D6C019181E1BCFE94B30269"
227 "EDFE72FE9B6AA4BD7B5A0F1C71CFFF4C19C418E1F6EC0179"
228 "81BC087F2A7065B384B890D3191F2BFA";
230 static const char modp_dh_2048_256_prime[] =
231 "87A8E61DB4B6663CFFBBD19C651959998CEEF608660DD0F2"
232 "5D2CEED4435E3B00E00DF8F1D61957D4FAF7DF4561B2AA30"
233 "16C3D91134096FAA3BF4296D830E9A7C209E0C6497517ABD"
234 "5A8A9D306BCF67ED91F9E6725B4758C022E0B1EF4275BF7B"
235 "6C5BFC11D45F9088B941F54EB1E59BB8BC39A0BF12307F5C"
236 "4FDB70C581B23F76B63ACAE1CAA6B7902D52526735488A0E"
237 "F13C6D9A51BFA4AB3AD8347796524D8EF6A167B5A41825D9"
238 "67E144E5140564251CCACB83E6B486F6B3CA3F7971506026"
239 "C0B857F689962856DED4010ABD0BE621C3A3960A54E710C3"
240 "75F26375D7014103A4B54330C198AF126116D2276E11715F"
241 "693877FAD7EF09CADB094AE91E1A1597";
242 static const char modp_dh_2048_256_generator[] =
243 "3FB32C9B73134D0B2E77506660EDBD484CA7B18F21EF2054"
244 "07F4793A1A0BA12510DBC15077BE463FFF4FED4AAC0BB555"
245 "BE3A6C1B0C6B47B1BC3773BF7E8C6F62901228F8C28CBB18"
246 "A55AE31341000A650196F931C77A57F2DDF463E5E9EC144B"
247 "777DE62AAAB8A8628AC376D282D6ED3864E67982428EBC83"
248 "1D14348F6F2F9193B5045AF2767164E1DFC967C1FB3F2E55"
249 "A4BD1BFFE83B9C80D052B985D182EA0ADB2A3B7313D3FE14"
250 "C8484B1E052588B9B7D2BBD2DF016199ECD06E1557CD0915"
251 "B3353BBB64E0EC377FD028370DF92B52C7891428CDC67EB6"
252 "184B523D1DB246C32F63078490F00EF8D647D148D4795451"
253 "5E2327CFEF98C582664B4C0F6CC41659";
256 ikev2_calc_prf (ikev2_sa_transform_t * tr, v8 * key, v8 * data)
260 unsigned int len = 0;
262 prf = vec_new (u8, tr->key_trunc);
263 HMAC_CTX_init (&ctx);
264 HMAC_Init_ex (&ctx, key, vec_len (key), tr->md, NULL);
265 HMAC_Update (&ctx, data, vec_len (data));
266 HMAC_Final (&ctx, prf, &len);
267 HMAC_CTX_cleanup (&ctx);
269 ASSERT (len == tr->key_trunc);
275 ikev2_calc_prfplus (ikev2_sa_transform_t * tr, u8 * key, u8 * seed, int len)
277 v8 *t = 0, *s = 0, *tmp = 0, *ret = 0;
280 /* prf+ (K,S) = T1 | T2 | T3 | T4 | ...
283 T1 = prf (K, S | 0x01)
284 T2 = prf (K, T1 | S | 0x02)
285 T3 = prf (K, T2 | S | 0x03)
286 T4 = prf (K, T3 | S | 0x04)
289 while (vec_len (ret) < len && x < 255)
297 vec_append (s, seed);
298 vec_add2 (s, tmp, 1);
300 t = ikev2_calc_prf (tr, key, s);
317 ikev2_calc_integr (ikev2_sa_transform_t * tr, v8 * key, u8 * data, int len)
323 ASSERT (tr->type == IKEV2_TRANSFORM_TYPE_INTEG);
325 r = vec_new (u8, tr->key_len);
327 /* verify integrity of data */
328 HMAC_CTX_init (&hctx);
329 HMAC_Init (&hctx, key, vec_len (key), tr->md);
330 HMAC_Update (&hctx, (const u8 *) data, len);
331 HMAC_Final (&hctx, r, &l);
332 HMAC_CTX_cleanup (&hctx);
334 ASSERT (l == tr->key_len);
340 ikev2_decrypt_data (ikev2_sa_t * sa, u8 * data, int len)
344 int out_len = 0, block_size;
345 ikev2_sa_transform_t *tr_encr;
346 u8 *key = sa->is_initiator ? sa->sk_er : sa->sk_ei;
349 ikev2_sa_get_td_for_type (sa->r_proposals, IKEV2_TRANSFORM_TYPE_ENCR);
350 block_size = tr_encr->block_size;
352 /* check if data is multiplier of cipher block size */
353 if (len % block_size)
355 clib_warning ("wrong data length");
359 EVP_CIPHER_CTX_init (&ctx);
360 r = vec_new (u8, len - block_size);
361 EVP_DecryptInit_ex (&ctx, tr_encr->cipher, NULL, key, data);
362 EVP_DecryptUpdate (&ctx, r, &out_len, data + block_size, len - block_size);
363 EVP_DecryptFinal_ex (&ctx, r + out_len, &out_len);
366 _vec_len (r) -= r[vec_len (r) - 1] + 1;
368 EVP_CIPHER_CTX_cleanup (&ctx);
373 ikev2_encrypt_data (ikev2_sa_t * sa, v8 * src, u8 * dst)
378 ikev2_sa_transform_t *tr_encr;
379 u8 *key = sa->is_initiator ? sa->sk_ei : sa->sk_er;
382 ikev2_sa_get_td_for_type (sa->r_proposals, IKEV2_TRANSFORM_TYPE_ENCR);
383 bs = tr_encr->block_size;
386 RAND_bytes (dst, bs);
388 EVP_CIPHER_CTX_init (&ctx);
390 EVP_EncryptInit_ex (&ctx, tr_encr->cipher, NULL, key, dst /* dst */ );
391 EVP_EncryptUpdate (&ctx, dst + bs, &out_len, src, vec_len (src));
393 EVP_CIPHER_CTX_cleanup (&ctx);
395 ASSERT (vec_len (src) == out_len);
401 ikev2_generate_dh (ikev2_sa_t * sa, ikev2_sa_transform_t * t)
405 if (t->dh_group == IKEV2_DH_GROUP_MODP)
408 BN_hex2bn (&dh->p, t->dh_p);
409 BN_hex2bn (&dh->g, t->dh_g);
410 DH_generate_key (dh);
412 if (sa->is_initiator)
414 sa->i_dh_data = vec_new (u8, t->key_len);
415 r = BN_bn2bin (dh->pub_key, sa->i_dh_data);
416 ASSERT (r == t->key_len);
418 sa->dh_private_key = vec_new (u8, t->key_len);
419 r = BN_bn2bin (dh->priv_key, sa->dh_private_key);
420 ASSERT (r == t->key_len);
425 sa->r_dh_data = vec_new (u8, t->key_len);
426 r = BN_bn2bin (dh->pub_key, sa->r_dh_data);
427 ASSERT (r == t->key_len);
429 sa->dh_shared_key = vec_new (u8, t->key_len);
430 ex = BN_bin2bn (sa->i_dh_data, vec_len (sa->i_dh_data), NULL);
431 r = DH_compute_key (sa->dh_shared_key, ex, dh);
432 ASSERT (r == t->key_len);
437 else if (t->dh_group == IKEV2_DH_GROUP_ECP)
439 EC_KEY *ec = EC_KEY_new_by_curve_name (t->nid);
442 EC_KEY_generate_key (ec);
444 const EC_POINT *r_point = EC_KEY_get0_public_key (ec);
445 const EC_GROUP *group = EC_KEY_get0_group (ec);
446 BIGNUM *x = NULL, *y = NULL;
447 BN_CTX *bn_ctx = BN_CTX_new ();
448 u16 x_off, y_off, len;
449 EC_POINT *i_point = EC_POINT_new (group);
450 EC_POINT *shared_point = EC_POINT_new (group);
454 len = t->key_len / 2;
456 EC_POINT_get_affine_coordinates_GFp (group, r_point, x, y, bn_ctx);
458 if (sa->is_initiator)
460 sa->i_dh_data = vec_new (u8, t->key_len);
461 x_off = len - BN_num_bytes (x);
462 memset (sa->i_dh_data, 0, x_off);
463 BN_bn2bin (x, sa->i_dh_data + x_off);
464 y_off = t->key_len - BN_num_bytes (y);
465 memset (sa->i_dh_data + len, 0, y_off - len);
466 BN_bn2bin (y, sa->i_dh_data + y_off);
468 const BIGNUM *prv = EC_KEY_get0_private_key (ec);
469 sa->dh_private_key = vec_new (u8, BN_num_bytes (prv));
470 r = BN_bn2bin (prv, sa->dh_private_key);
471 ASSERT (r == BN_num_bytes (prv));
475 sa->r_dh_data = vec_new (u8, t->key_len);
476 x_off = len - BN_num_bytes (x);
477 memset (sa->r_dh_data, 0, x_off);
478 BN_bn2bin (x, sa->r_dh_data + x_off);
479 y_off = t->key_len - BN_num_bytes (y);
480 memset (sa->r_dh_data + len, 0, y_off - len);
481 BN_bn2bin (y, sa->r_dh_data + y_off);
483 x = BN_bin2bn (sa->i_dh_data, len, x);
484 y = BN_bin2bn (sa->i_dh_data + len, len, y);
485 EC_POINT_set_affine_coordinates_GFp (group, i_point, x, y, bn_ctx);
486 sa->dh_shared_key = vec_new (u8, t->key_len);
487 EC_POINT_mul (group, shared_point, NULL, i_point,
488 EC_KEY_get0_private_key (ec), NULL);
489 EC_POINT_get_affine_coordinates_GFp (group, shared_point, x, y,
491 x_off = len - BN_num_bytes (x);
492 memset (sa->dh_shared_key, 0, x_off);
493 BN_bn2bin (x, sa->dh_shared_key + x_off);
494 y_off = t->key_len - BN_num_bytes (y);
495 memset (sa->dh_shared_key + len, 0, y_off - len);
496 BN_bn2bin (y, sa->dh_shared_key + y_off);
502 BN_CTX_free (bn_ctx);
503 EC_POINT_free (i_point);
504 EC_POINT_free (shared_point);
509 ikev2_complete_dh (ikev2_sa_t * sa, ikev2_sa_transform_t * t)
513 if (t->dh_group == IKEV2_DH_GROUP_MODP)
516 BN_hex2bn (&dh->p, t->dh_p);
517 BN_hex2bn (&dh->g, t->dh_g);
519 BN_bin2bn (sa->dh_private_key, vec_len (sa->dh_private_key), NULL);
522 sa->dh_shared_key = vec_new (u8, t->key_len);
523 ex = BN_bin2bn (sa->r_dh_data, vec_len (sa->r_dh_data), NULL);
524 r = DH_compute_key (sa->dh_shared_key, ex, dh);
525 ASSERT (r == t->key_len);
529 else if (t->dh_group == IKEV2_DH_GROUP_ECP)
531 EC_KEY *ec = EC_KEY_new_by_curve_name (t->nid);
534 const EC_GROUP *group = EC_KEY_get0_group (ec);
535 BIGNUM *x = NULL, *y = NULL;
536 BN_CTX *bn_ctx = BN_CTX_new ();
537 u16 x_off, y_off, len;
541 BN_bin2bn (sa->dh_private_key, vec_len (sa->dh_private_key), NULL);
542 EC_KEY_set_private_key (ec, prv);
546 len = t->key_len / 2;
548 x = BN_bin2bn (sa->r_dh_data, len, x);
549 y = BN_bin2bn (sa->r_dh_data + len, len, y);
550 EC_POINT *r_point = EC_POINT_new (group);
551 EC_POINT_set_affine_coordinates_GFp (group, r_point, x, y, bn_ctx);
552 EC_KEY_set_public_key (ec, r_point);
554 EC_POINT *i_point = EC_POINT_new (group);
555 EC_POINT *shared_point = EC_POINT_new (group);
557 x = BN_bin2bn (sa->i_dh_data, len, x);
558 y = BN_bin2bn (sa->i_dh_data + len, len, y);
559 EC_POINT_set_affine_coordinates_GFp (group, i_point, x, y, bn_ctx);
560 EC_POINT_mul (group, shared_point, NULL, r_point,
561 EC_KEY_get0_private_key (ec), NULL);
562 EC_POINT_get_affine_coordinates_GFp (group, shared_point, x, y, bn_ctx);
563 sa->dh_shared_key = vec_new (u8, t->key_len);
564 x_off = len - BN_num_bytes (x);
565 memset (sa->dh_shared_key, 0, x_off);
566 BN_bn2bin (x, sa->dh_shared_key + x_off);
567 y_off = t->key_len - BN_num_bytes (y);
568 memset (sa->dh_shared_key + len, 0, y_off - len);
569 BN_bn2bin (y, sa->dh_shared_key + y_off);
575 BN_CTX_free (bn_ctx);
576 EC_POINT_free (i_point);
577 EC_POINT_free (r_point);
578 EC_POINT_free (shared_point);
583 ikev2_verify_sign (EVP_PKEY * pkey, u8 * sigbuf, u8 * data)
587 EVP_VerifyInit (&md_ctx, EVP_sha1 ());
588 EVP_VerifyUpdate (&md_ctx, data, vec_len (data));
590 return EVP_VerifyFinal (&md_ctx, sigbuf, vec_len (sigbuf), pkey);
594 ikev2_calc_sign (EVP_PKEY * pkey, u8 * data)
597 unsigned int sig_len = 0;
600 EVP_SignInit (&md_ctx, EVP_sha1 ());
601 EVP_SignUpdate (&md_ctx, data, vec_len (data));
603 EVP_SignFinal (&md_ctx, NULL, &sig_len, pkey);
604 sign = vec_new (u8, sig_len);
606 EVP_SignFinal (&md_ctx, sign, &sig_len, pkey);
612 ikev2_load_cert_file (u8 * file)
616 EVP_PKEY *pkey = NULL;
618 fp = fopen ((char *) file, "r");
621 clib_warning ("open %s failed", file);
625 x509 = PEM_read_X509 (fp, NULL, NULL, NULL);
629 clib_warning ("read cert %s failed", file);
633 pkey = X509_get_pubkey (x509);
635 clib_warning ("get pubkey %s failed", file);
642 ikev2_load_key_file (u8 * file)
645 EVP_PKEY *pkey = NULL;
647 fp = fopen ((char *) file, "r");
650 clib_warning ("open %s failed", file);
654 pkey = PEM_read_PrivateKey (fp, NULL, NULL, NULL);
657 clib_warning ("read %s failed", file);
664 ikev2_crypto_init (ikev2_main_t * km)
666 ikev2_sa_transform_t *tr;
668 /* vector of supported transforms - in order of preference */
669 vec_add2 (km->supported_transforms, tr, 1);
670 tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
671 tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
672 tr->key_len = 256 / 8;
673 tr->block_size = 128 / 8;
674 tr->cipher = EVP_aes_256_cbc ();
676 vec_add2 (km->supported_transforms, tr, 1);
677 tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
678 tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
679 tr->key_len = 192 / 8;
680 tr->block_size = 128 / 8;
681 tr->cipher = EVP_aes_192_cbc ();
683 vec_add2 (km->supported_transforms, tr, 1);
684 tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
685 tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
686 tr->key_len = 128 / 8;
687 tr->block_size = 128 / 8;
688 tr->cipher = EVP_aes_128_cbc ();
690 vec_add2 (km->supported_transforms, tr, 1);
691 tr->type = IKEV2_TRANSFORM_TYPE_PRF;
692 tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA1;
693 tr->key_len = 160 / 8;
694 tr->key_trunc = 160 / 8;
695 tr->md = EVP_sha1 ();
697 vec_add2 (km->supported_transforms, tr, 1);
698 tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
699 tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA1_96;
700 tr->key_len = 160 / 8;
701 tr->key_trunc = 96 / 8;
702 tr->md = EVP_sha1 ();
704 #if defined(OPENSSL_NO_CISCO_FECDH)
705 vec_add2 (km->supported_transforms, tr, 1);
706 tr->type = IKEV2_TRANSFORM_TYPE_DH;
707 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_512;
708 tr->key_len = (512 * 2) / 8;
709 tr->nid = NID_brainpoolP512r1;
710 tr->dh_group = IKEV2_DH_GROUP_ECP;
712 vec_add2 (km->supported_transforms, tr, 1);
713 tr->type = IKEV2_TRANSFORM_TYPE_DH;
714 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_384;
715 tr->key_len = (384 * 2) / 8;
716 tr->nid = NID_brainpoolP384r1;
717 tr->dh_group = IKEV2_DH_GROUP_ECP;
719 vec_add2 (km->supported_transforms, tr, 1);
720 tr->type = IKEV2_TRANSFORM_TYPE_DH;
721 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_256;
722 tr->key_len = (256 * 2) / 8;
723 tr->nid = NID_brainpoolP256r1;
724 tr->dh_group = IKEV2_DH_GROUP_ECP;
726 vec_add2 (km->supported_transforms, tr, 1);
727 tr->type = IKEV2_TRANSFORM_TYPE_DH;
728 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_224;
729 tr->key_len = (224 * 2) / 8;
730 tr->nid = NID_brainpoolP224r1;
731 tr->dh_group = IKEV2_DH_GROUP_ECP;
733 vec_add2 (km->supported_transforms, tr, 1);
734 tr->type = IKEV2_TRANSFORM_TYPE_DH;
735 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_224;
736 tr->key_len = (224 * 2) / 8;
737 tr->nid = NID_secp224r1;
738 tr->dh_group = IKEV2_DH_GROUP_ECP;
741 vec_add2 (km->supported_transforms, tr, 1);
742 tr->type = IKEV2_TRANSFORM_TYPE_DH;
743 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_521;
744 tr->key_len = (528 * 2) / 8;
745 tr->nid = NID_secp521r1;
746 tr->dh_group = IKEV2_DH_GROUP_ECP;
748 vec_add2 (km->supported_transforms, tr, 1);
749 tr->type = IKEV2_TRANSFORM_TYPE_DH;
750 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_384;
751 tr->key_len = (384 * 2) / 8;
752 tr->nid = NID_secp384r1;
753 tr->dh_group = IKEV2_DH_GROUP_ECP;
755 vec_add2 (km->supported_transforms, tr, 1);
756 tr->type = IKEV2_TRANSFORM_TYPE_DH;
757 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_256;
758 tr->key_len = (256 * 2) / 8;
759 tr->nid = NID_X9_62_prime256v1;
760 tr->dh_group = IKEV2_DH_GROUP_ECP;
762 vec_add2 (km->supported_transforms, tr, 1);
763 tr->type = IKEV2_TRANSFORM_TYPE_DH;
764 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_192;
765 tr->key_len = (192 * 2) / 8;
766 tr->nid = NID_X9_62_prime192v1;
767 tr->dh_group = IKEV2_DH_GROUP_ECP;
769 vec_add2 (km->supported_transforms, tr, 1);
770 tr->type = IKEV2_TRANSFORM_TYPE_DH;
771 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048_256;
772 tr->key_len = 2048 / 8;
773 tr->dh_p = (const char *) &modp_dh_2048_256_prime;
774 tr->dh_g = (const char *) &modp_dh_2048_256_generator;
775 tr->dh_group = IKEV2_DH_GROUP_MODP;
777 vec_add2 (km->supported_transforms, tr, 1);
778 tr->type = IKEV2_TRANSFORM_TYPE_DH;
779 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048_224;
780 tr->key_len = 2048 / 8;
781 tr->dh_p = (const char *) &modp_dh_2048_224_prime;
782 tr->dh_g = (const char *) &modp_dh_2048_224_generator;
783 tr->dh_group = IKEV2_DH_GROUP_MODP;
785 vec_add2 (km->supported_transforms, tr, 1);
786 tr->type = IKEV2_TRANSFORM_TYPE_DH;
787 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1024_160;
788 tr->key_len = 1024 / 8;
789 tr->dh_p = (const char *) &modp_dh_1024_160_prime;
790 tr->dh_g = (const char *) &modp_dh_1024_160_generator;
791 tr->dh_group = IKEV2_DH_GROUP_MODP;
793 vec_add2 (km->supported_transforms, tr, 1);
794 tr->type = IKEV2_TRANSFORM_TYPE_DH;
795 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_8192;
796 tr->key_len = 8192 / 8;
797 tr->dh_p = (const char *) &modp_dh_8192_prime;
798 tr->dh_g = (const char *) &modp_dh_8192_generator;
799 tr->dh_group = IKEV2_DH_GROUP_MODP;
801 vec_add2 (km->supported_transforms, tr, 1);
802 tr->type = IKEV2_TRANSFORM_TYPE_DH;
803 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_6144;
804 tr->key_len = 6144 / 8;
805 tr->dh_p = (const char *) &modp_dh_6144_prime;
806 tr->dh_g = (const char *) &modp_dh_6144_generator;
807 tr->dh_group = IKEV2_DH_GROUP_MODP;
809 vec_add2 (km->supported_transforms, tr, 1);
810 tr->type = IKEV2_TRANSFORM_TYPE_DH;
811 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_4096;
812 tr->key_len = 4096 / 8;
813 tr->dh_p = (const char *) &modp_dh_4096_prime;
814 tr->dh_g = (const char *) &modp_dh_4096_generator;
815 tr->dh_group = IKEV2_DH_GROUP_MODP;
817 vec_add2 (km->supported_transforms, tr, 1);
818 tr->type = IKEV2_TRANSFORM_TYPE_DH;
819 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_3072;
820 tr->key_len = 3072 / 8;
821 tr->dh_p = (const char *) &modp_dh_3072_prime;
822 tr->dh_g = (const char *) &modp_dh_3072_generator;
823 tr->dh_group = IKEV2_DH_GROUP_MODP;
825 vec_add2 (km->supported_transforms, tr, 1);
826 tr->type = IKEV2_TRANSFORM_TYPE_DH;
827 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048;
828 tr->key_len = 2048 / 8;
829 tr->dh_p = (const char *) &modp_dh_2048_prime;
830 tr->dh_g = (const char *) &modp_dh_2048_generator;
831 tr->dh_group = IKEV2_DH_GROUP_MODP;
833 vec_add2 (km->supported_transforms, tr, 1);
834 tr->type = IKEV2_TRANSFORM_TYPE_DH;
835 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1536;
836 tr->key_len = 1536 / 8;
837 tr->dh_p = (const char *) &modp_dh_1536_prime;
838 tr->dh_g = (const char *) &modp_dh_1536_generator;
839 tr->dh_group = IKEV2_DH_GROUP_MODP;
841 vec_add2 (km->supported_transforms, tr, 1);
842 tr->type = IKEV2_TRANSFORM_TYPE_DH;
843 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1024;
844 tr->key_len = 1024 / 8;
845 tr->dh_p = (const char *) &modp_dh_1024_prime;
846 tr->dh_g = (const char *) &modp_dh_1024_generator;
847 tr->dh_group = IKEV2_DH_GROUP_MODP;
849 vec_add2 (km->supported_transforms, tr, 1);
850 tr->type = IKEV2_TRANSFORM_TYPE_DH;
851 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_768;
852 tr->key_len = 768 / 8;
853 tr->dh_p = (const char *) &modp_dh_768_prime;
854 tr->dh_g = (const char *) &modp_dh_768_generator;
855 tr->dh_group = IKEV2_DH_GROUP_MODP;
857 vec_add2 (km->supported_transforms, tr, 1);
858 tr->type = IKEV2_TRANSFORM_TYPE_ESN;
859 tr->esn_type = IKEV2_TRANSFORM_ESN_TYPE_ESN;
861 vec_add2 (km->supported_transforms, tr, 1);
862 tr->type = IKEV2_TRANSFORM_TYPE_ESN;
863 tr->esn_type = IKEV2_TRANSFORM_ESN_TYPE_NO_ESN;
869 * fd.io coding-style-patch-verification: ON
872 * eval: (c-set-style "gnu")