2 * Copyright (c) 2015 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
16 #include <vlib/vlib.h>
17 #include <vnet/vnet.h>
18 #include <vnet/pg/pg.h>
19 #include <vppinfra/error.h>
20 #include <vnet/ip/udp.h>
21 #include <vnet/ipsec/ipsec.h>
22 #include <vnet/ipsec/ikev2.h>
23 #include <vnet/ipsec/ikev2_priv.h>
25 static int ikev2_delete_tunnel_interface(vnet_main_t * vnm,
27 ikev2_child_sa_t * child);
29 #define ikev2_set_state(sa, v) do { \
31 clib_warning("sa state changed to " #v); \
39 static u8 * format_ikev2_trace (u8 * s, va_list * args)
41 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
42 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
43 ikev2_trace_t * t = va_arg (*args, ikev2_trace_t *);
45 s = format (s, "ikev2: sw_if_index %d, next index %d",
46 t->sw_if_index, t->next_index);
50 static vlib_node_registration_t ikev2_node;
52 #define foreach_ikev2_error \
53 _(PROCESSED, "IKEv2 packets processed") \
54 _(IKE_SA_INIT_RETRANSMIT, "IKE_SA_INIT retransmit ") \
55 _(IKE_SA_INIT_IGNORE, "IKE_SA_INIT ignore (IKE SA already auth)") \
56 _(IKE_REQ_RETRANSMIT, "IKE request retransmit") \
57 _(IKE_REQ_IGNORE, "IKE request ignore (old msgid)") \
58 _(NOT_IKEV2, "Non IKEv2 packets received")
61 #define _(sym,str) IKEV2_ERROR_##sym,
67 static char * ikev2_error_strings[] = {
68 #define _(sym,string) string,
74 IKEV2_NEXT_IP4_LOOKUP,
75 IKEV2_NEXT_ERROR_DROP,
79 static ikev2_sa_transform_t *
80 ikev2_find_transform_data(ikev2_sa_transform_t * t)
82 ikev2_main_t * km = &ikev2_main;
83 ikev2_sa_transform_t * td;
85 vec_foreach(td, km->supported_transforms)
87 if (td->type != t->type)
90 if (td->transform_id != t->transform_id)
93 if (td->type == IKEV2_TRANSFORM_TYPE_ENCR)
95 if (vec_len(t->attrs) != 4 || t->attrs[0] != 0x80 || t->attrs[1] != 14)
98 if (((t->attrs[2] << 8 | t->attrs[3]) / 8) != td->key_len)
106 static ikev2_sa_proposal_t *
107 ikev2_select_proposal(ikev2_sa_proposal_t *proposals, ikev2_protocol_id_t prot_id)
109 ikev2_sa_proposal_t * rv = 0;
110 ikev2_sa_proposal_t * proposal;
111 ikev2_sa_transform_t * transform, * new_t;
112 u8 mandatory_bitmap, optional_bitmap;
114 if (prot_id == IKEV2_PROTOCOL_IKE)
116 mandatory_bitmap = (1 << IKEV2_TRANSFORM_TYPE_ENCR) |
117 (1 << IKEV2_TRANSFORM_TYPE_PRF) |
118 (1 << IKEV2_TRANSFORM_TYPE_INTEG) |
119 (1 << IKEV2_TRANSFORM_TYPE_DH);
120 optional_bitmap = mandatory_bitmap;
122 else if (prot_id == IKEV2_PROTOCOL_ESP)
124 mandatory_bitmap = (1 << IKEV2_TRANSFORM_TYPE_ENCR) |
125 (1 << IKEV2_TRANSFORM_TYPE_ESN);
126 optional_bitmap = mandatory_bitmap |
127 (1 << IKEV2_TRANSFORM_TYPE_INTEG) |
128 (1 << IKEV2_TRANSFORM_TYPE_DH);
130 else if (prot_id == IKEV2_PROTOCOL_AH)
132 mandatory_bitmap = (1 << IKEV2_TRANSFORM_TYPE_INTEG) |
133 (1 << IKEV2_TRANSFORM_TYPE_ESN);
134 optional_bitmap = mandatory_bitmap |
135 (1 << IKEV2_TRANSFORM_TYPE_DH);
140 vec_add2(rv, proposal, 1);
142 vec_foreach(proposal, proposals)
145 if (proposal->protocol_id != prot_id)
148 vec_foreach(transform, proposal->transforms)
150 if ((1 << transform->type) & bitmap)
153 if (ikev2_find_transform_data(transform))
155 bitmap |= 1 << transform->type;
156 vec_add2(rv->transforms, new_t, 1);
157 clib_memcpy(new_t, transform, sizeof(*new_t));
158 new_t->attrs = vec_dup(transform->attrs);
162 clib_warning("bitmap is %x mandatory is %x optional is %x",
163 bitmap, mandatory_bitmap, optional_bitmap);
165 if ((bitmap & mandatory_bitmap) == mandatory_bitmap &&
166 (bitmap & ~optional_bitmap) == 0)
168 rv->proposal_num = proposal->proposal_num;
169 rv->protocol_id = proposal->protocol_id;
170 RAND_bytes((u8 *) &rv->spi, sizeof(rv->spi));
175 vec_free(rv->transforms);
184 ikev2_sa_transform_t *
185 ikev2_sa_get_td_for_type(ikev2_sa_proposal_t * p, ikev2_transform_type_t type)
187 ikev2_sa_transform_t * t;
192 vec_foreach(t, p->transforms)
195 return ikev2_find_transform_data(t);
201 ikev2_sa_get_child(ikev2_sa_t * sa, u32 spi, ikev2_protocol_id_t prot_id)
203 ikev2_child_sa_t * c;
204 vec_foreach(c, sa->childs)
206 if (c->i_proposals[0].spi == spi && c->i_proposals[0].protocol_id == prot_id)
214 ikev2_sa_free_proposal_vector(ikev2_sa_proposal_t ** v)
216 ikev2_sa_proposal_t * p;
217 ikev2_sa_transform_t * t;
223 vec_foreach(t, p->transforms) {
226 vec_free(p->transforms);
232 ikev2_sa_free_all_child_sa(ikev2_child_sa_t ** childs)
234 ikev2_child_sa_t * c;
235 vec_foreach(c, *childs)
237 ikev2_sa_free_proposal_vector(&c->r_proposals);
238 ikev2_sa_free_proposal_vector(&c->i_proposals);
249 ikev2_sa_del_child_sa(ikev2_sa_t * sa, ikev2_child_sa_t * child)
251 ikev2_sa_free_proposal_vector(&child->r_proposals);
252 ikev2_sa_free_proposal_vector(&child->i_proposals);
253 vec_free(child->sk_ai);
254 vec_free(child->sk_ar);
255 vec_free(child->sk_ei);
256 vec_free(child->sk_er);
258 vec_del1(sa->childs, child - sa->childs);
262 ikev2_sa_free_all_vec(ikev2_sa_t *sa)
264 vec_free(sa->i_nonce);
265 vec_free(sa->i_dh_data);
266 vec_free(sa->dh_shared_key);
268 ikev2_sa_free_proposal_vector(&sa->r_proposals);
269 ikev2_sa_free_proposal_vector(&sa->i_proposals);
279 vec_free(sa->i_id.data);
280 vec_free(sa->i_auth.data);
281 vec_free(sa->r_id.data);
282 vec_free(sa->r_auth.data);
284 EVP_PKEY_free(sa->r_auth.key);
288 ikev2_sa_free_all_child_sa(&sa->childs);
292 ikev2_delete_sa(ikev2_sa_t *sa)
294 ikev2_main_t * km = &ikev2_main;
295 u32 cpu_index = os_get_cpu_number();
298 ikev2_sa_free_all_vec(sa);
300 p = hash_get(km->per_thread_data[cpu_index].sa_by_rspi, sa->rspi);
303 hash_unset(km->per_thread_data[cpu_index].sa_by_rspi, sa->rspi);
304 pool_put(km->per_thread_data[cpu_index].sas, sa);
309 ikev2_generate_sa_init_data(ikev2_sa_t *sa)
311 ikev2_sa_transform_t * t = 0, * t2;
312 ikev2_main_t * km = &ikev2_main;
314 if (sa->dh_group == IKEV2_TRANSFORM_DH_TYPE_NONE)
319 /* check if received DH group is on our list of supported groups */
320 vec_foreach(t2, km->supported_transforms)
322 if (t2->type == IKEV2_TRANSFORM_TYPE_DH &&
323 sa->dh_group == t2->dh_type)
332 clib_warning("unknown dh data group %u (data len %u)", sa->dh_group,
333 vec_len(sa->i_dh_data));
334 sa->dh_group = IKEV2_TRANSFORM_DH_TYPE_NONE;
339 RAND_bytes((u8 *) &sa->rspi, 8);
342 sa->r_nonce = vec_new(u8, IKEV2_NONCE_SIZE);
343 RAND_bytes((u8 *) sa->r_nonce, IKEV2_NONCE_SIZE);
345 /* generate dh keys */
346 ikev2_generate_dh(sa, t);
350 ikev2_calc_keys(ikev2_sa_t *sa)
353 /* calculate SKEYSEED = prf(Ni | Nr, g^ir) */
356 ikev2_sa_transform_t * tr_encr, * tr_prf, * tr_integ;
357 tr_encr = ikev2_sa_get_td_for_type(sa->r_proposals, IKEV2_TRANSFORM_TYPE_ENCR);
358 tr_prf = ikev2_sa_get_td_for_type(sa->r_proposals, IKEV2_TRANSFORM_TYPE_PRF);
359 tr_integ = ikev2_sa_get_td_for_type(sa->r_proposals, IKEV2_TRANSFORM_TYPE_INTEG);
361 vec_append(s, sa->i_nonce);
362 vec_append(s, sa->r_nonce);
363 skeyseed = ikev2_calc_prf(tr_prf, s, sa->dh_shared_key);
365 /* Calculate S = Ni | Nr | SPIi | SPIr*/
367 vec_add2(s, tmp, 2 * sizeof(*spi));
369 spi[0] = clib_host_to_net_u64(sa->ispi);
370 spi[1] = clib_host_to_net_u64(sa->rspi);
372 /* calculate PRFplus */
374 int len = tr_prf->key_trunc + /* SK_d */
375 tr_integ->key_len * 2 + /* SK_ai, SK_ar */
376 tr_encr->key_len * 2 + /* SK_ei, SK_er */
377 tr_prf->key_len * 2 ; /* SK_pi, SK_pr */
379 keymat = ikev2_calc_prfplus(tr_prf, skeyseed, s, len);
386 sa->sk_d = vec_new(u8, tr_prf->key_trunc);
387 clib_memcpy(sa->sk_d, keymat + pos, tr_prf->key_trunc);
388 pos += tr_prf->key_trunc;
391 sa->sk_ai = vec_new(u8, tr_integ->key_len);
392 clib_memcpy(sa->sk_ai, keymat + pos, tr_integ->key_len);
393 pos += tr_integ->key_len;
396 sa->sk_ar = vec_new(u8, tr_integ->key_len);
397 clib_memcpy(sa->sk_ar, keymat + pos, tr_integ->key_len);
398 pos += tr_integ->key_len;
401 sa->sk_ei = vec_new(u8, tr_encr->key_len);
402 clib_memcpy(sa->sk_ei, keymat + pos, tr_encr->key_len);
403 pos += tr_encr->key_len;
406 sa->sk_er = vec_new(u8, tr_encr->key_len);
407 clib_memcpy(sa->sk_er, keymat + pos, tr_encr->key_len);
408 pos += tr_encr->key_len;
411 sa->sk_pi = vec_new(u8, tr_prf->key_len);
412 clib_memcpy(sa->sk_pi, keymat + pos, tr_prf->key_len);
413 pos += tr_prf->key_len;
416 sa->sk_pr = vec_new(u8, tr_prf->key_len);
417 clib_memcpy(sa->sk_pr, keymat + pos, tr_prf->key_len);
418 pos += tr_prf->key_len;
424 ikev2_calc_child_keys(ikev2_sa_t *sa, ikev2_child_sa_t * child)
427 ikev2_sa_transform_t * tr_prf, * ctr_encr, * ctr_integ;
428 tr_prf = ikev2_sa_get_td_for_type(sa->r_proposals, IKEV2_TRANSFORM_TYPE_PRF);
429 ctr_encr = ikev2_sa_get_td_for_type(child->r_proposals, IKEV2_TRANSFORM_TYPE_ENCR);
430 ctr_integ = ikev2_sa_get_td_for_type(child->r_proposals, IKEV2_TRANSFORM_TYPE_INTEG);
432 vec_append(s, sa->i_nonce);
433 vec_append(s, sa->r_nonce);
434 /* calculate PRFplus */
436 int len = ctr_encr->key_len * 2 + ctr_integ->key_len * 2;
438 keymat = ikev2_calc_prfplus(tr_prf, sa->sk_d, s, len);
443 child->sk_ei = vec_new(u8, ctr_encr->key_len);
444 clib_memcpy(child->sk_ei, keymat + pos, ctr_encr->key_len);
445 pos += ctr_encr->key_len;
448 child->sk_ai = vec_new(u8, ctr_integ->key_len);
449 clib_memcpy(child->sk_ai, keymat + pos, ctr_integ->key_len);
450 pos += ctr_integ->key_len;
453 child->sk_er = vec_new(u8, ctr_encr->key_len);
454 clib_memcpy(child->sk_er, keymat + pos, ctr_encr->key_len);
455 pos += ctr_encr->key_len;
458 child->sk_ar = vec_new(u8, ctr_integ->key_len);
459 clib_memcpy(child->sk_ar, keymat + pos, ctr_integ->key_len);
460 pos += ctr_integ->key_len;
468 ikev2_process_sa_init_req(vlib_main_t * vm, ikev2_sa_t *sa, ike_header_t * ike)
471 u32 len = clib_net_to_host_u32(ike->length);
472 u8 payload = ike->nextpayload;
474 clib_warning("ispi %lx rspi %lx nextpayload %x version %x "
475 "exchange %x flags %x msgid %x length %u",
476 clib_net_to_host_u64(ike->ispi),
477 clib_net_to_host_u64(ike->rspi),
478 payload, ike->version,
479 ike->exchange, ike->flags,
480 clib_net_to_host_u32(ike->msgid),
483 sa->ispi = clib_net_to_host_u64(ike->ispi);
485 /* store whole IKE payload - needed for PSK auth */
486 vec_free(sa->last_sa_init_req_packet_data);
487 vec_add(sa->last_sa_init_req_packet_data, ike, len);
489 while (p < len && payload!= IKEV2_PAYLOAD_NONE) {
490 ike_payload_header_t * ikep = (ike_payload_header_t *) &ike->payload[p];
491 u32 plen = clib_net_to_host_u16(ikep->length);
493 if (plen < sizeof(ike_payload_header_t))
496 if (payload == IKEV2_PAYLOAD_SA)
498 ikev2_sa_free_proposal_vector(&sa->i_proposals);
499 sa->i_proposals = ikev2_parse_sa_payload(ikep);
501 else if (payload == IKEV2_PAYLOAD_KE)
503 ike_ke_payload_header_t * ke = (ike_ke_payload_header_t *) ikep;
504 sa->dh_group = clib_net_to_host_u16(ke->dh_group);
505 vec_free(sa->i_dh_data);
506 vec_add(sa->i_dh_data, ke->payload, plen - sizeof(*ke));
508 else if (payload == IKEV2_PAYLOAD_NONCE)
510 vec_free(sa->i_nonce);
511 vec_add(sa->i_nonce, ikep->payload, plen - sizeof(*ikep));
513 else if (payload == IKEV2_PAYLOAD_NOTIFY)
515 ikev2_notify_t * n = ikev2_parse_notify_payload(ikep);
518 else if (payload == IKEV2_PAYLOAD_VENDOR)
520 ikev2_parse_vendor_payload(ikep);
524 clib_warning("unknown payload %u flags %x length %u", payload, ikep->flags, plen);
525 if (ikep->flags & IKEV2_PAYLOAD_FLAG_CRITICAL) {
526 ikev2_set_state(sa, IKEV2_STATE_NOTIFY_AND_DELETE);
527 sa->unsupported_cp = payload;
532 payload = ikep->nextpayload;
536 ikev2_set_state(sa, IKEV2_STATE_SA_INIT);
540 ikev2_decrypt_sk_payload(ikev2_sa_t * sa, ike_header_t * ike, u8 * payload)
545 u32 len = clib_net_to_host_u32(ike->length);
546 ike_payload_header_t * ikep = 0;
548 ikev2_sa_transform_t * tr_integ;
549 tr_integ = ikev2_sa_get_td_for_type(sa->r_proposals, IKEV2_TRANSFORM_TYPE_INTEG);
552 *payload != IKEV2_PAYLOAD_NONE && last_payload != IKEV2_PAYLOAD_SK)
554 ikep = (ike_payload_header_t *) &ike->payload[p];
555 plen = clib_net_to_host_u16(ikep->length);
557 if (plen < sizeof(*ikep))
560 if (*payload == IKEV2_PAYLOAD_SK)
562 clib_warning("received IKEv2 payload SK, len %u", plen - 4);
563 last_payload = *payload;
567 clib_warning("unknown payload %u flags %x length %u", payload, ikep->flags, plen);
568 if (ikep->flags & IKEV2_PAYLOAD_FLAG_CRITICAL)
570 sa->unsupported_cp = *payload;
575 *payload = ikep->nextpayload;
579 if (last_payload != IKEV2_PAYLOAD_SK) {
580 clib_warning("Last payload must be SK");
584 hmac = ikev2_calc_integr(tr_integ, sa->sk_ai, (u8 *) ike,
585 len - tr_integ->key_trunc);
587 plen = plen - sizeof(*ikep) - tr_integ->key_trunc;
589 if (memcmp(hmac, &ikep->payload[plen], tr_integ->key_trunc))
591 clib_warning("message integrity check failed");
597 return ikev2_decrypt_data(sa, ikep->payload, plen);
601 ikev2_initial_contact_cleanup (ikev2_sa_t * sa)
603 ikev2_main_t * km = &ikev2_main;
606 ikev2_child_sa_t * c;
607 u32 cpu_index = os_get_cpu_number();
609 if (!sa->initial_contact)
612 /* find old IKE SAs with the same authenticated identity */
613 pool_foreach (tmp, km->per_thread_data[cpu_index].sas, ({
614 if (tmp->i_id.type != sa->i_id.type ||
615 vec_len(tmp->i_id.data) != vec_len(sa->i_id.data) ||
616 memcmp(sa->i_id.data, tmp->i_id.data, vec_len(sa->i_id.data)))
619 if (sa->rspi != tmp->rspi)
620 vec_add1(delete, tmp - km->per_thread_data[cpu_index].sas);
623 for (i = 0; i < vec_len(delete); i++)
625 tmp = pool_elt_at_index(km->per_thread_data[cpu_index].sas, delete[i]);
626 vec_foreach(c, tmp->childs)
627 ikev2_delete_tunnel_interface(km->vnet_main, tmp, c);
628 ikev2_delete_sa(tmp);
632 sa->initial_contact = 0;
636 ikev2_process_auth_req(vlib_main_t * vm, ikev2_sa_t *sa, ike_header_t * ike)
638 ikev2_child_sa_t * first_child_sa;
640 u32 len = clib_net_to_host_u32(ike->length);
641 u8 payload = ike->nextpayload;
644 ike_payload_header_t * ikep;
647 clib_warning("ispi %lx rspi %lx nextpayload %x version %x "
648 "exchange %x flags %x msgid %x length %u",
649 clib_net_to_host_u64(ike->ispi),
650 clib_net_to_host_u64(ike->rspi),
651 payload, ike->version,
652 ike->exchange, ike->flags,
653 clib_net_to_host_u32(ike->msgid),
658 plaintext = ikev2_decrypt_sk_payload(sa, ike, &payload);
662 if (sa->unsupported_cp)
663 ikev2_set_state(sa, IKEV2_STATE_NOTIFY_AND_DELETE);
664 goto cleanup_and_exit;
667 /* create 1st child SA */
668 ikev2_sa_free_all_child_sa(&sa->childs);
669 vec_add2(sa->childs, first_child_sa, 1);
672 /* process encrypted payload */
674 while (p < vec_len(plaintext) && payload != IKEV2_PAYLOAD_NONE)
676 ikep = (ike_payload_header_t *) &plaintext[p];
677 plen = clib_net_to_host_u16(ikep->length);
679 if (plen < sizeof(ike_payload_header_t))
680 goto cleanup_and_exit;
682 if (payload == IKEV2_PAYLOAD_SA) /* 33 */
684 clib_warning("received payload SA, len %u", plen - sizeof(*ikep));
685 ikev2_sa_free_proposal_vector(&first_child_sa->i_proposals);
686 first_child_sa->i_proposals = ikev2_parse_sa_payload(ikep);
688 else if (payload == IKEV2_PAYLOAD_IDI) /* 35 */
690 ike_id_payload_header_t * id = (ike_id_payload_header_t *) ikep;
692 sa->i_id.type = id->id_type;
693 vec_free(sa->i_id.data);
694 vec_add(sa->i_id.data, id->payload, plen - sizeof(*id));
696 clib_warning("received payload IDi, len %u id_type %u",
697 plen - sizeof(*id), id->id_type);
699 else if (payload == IKEV2_PAYLOAD_AUTH) /* 39 */
701 ike_auth_payload_header_t * a = (ike_auth_payload_header_t *) ikep;
703 sa->i_auth.method = a->auth_method;
704 vec_free(sa->i_auth.data);
705 vec_add(sa->i_auth.data, a->payload, plen - sizeof(*a));
707 clib_warning("received payload AUTH, len %u auth_type %u",
708 plen - sizeof(*a), a->auth_method);
710 else if (payload == IKEV2_PAYLOAD_NOTIFY) /* 41 */
712 ikev2_notify_t * n = ikev2_parse_notify_payload(ikep);
713 if (n->msg_type == IKEV2_NOTIFY_MSG_INITIAL_CONTACT)
715 sa->initial_contact = 1;
719 else if (payload == IKEV2_PAYLOAD_VENDOR) /* 43 */
721 ikev2_parse_vendor_payload(ikep);
723 else if (payload == IKEV2_PAYLOAD_TSI) /* 44 */
725 clib_warning("received payload TSi, len %u", plen - sizeof(*ikep));
727 vec_free(first_child_sa->tsi);
728 first_child_sa->tsi = ikev2_parse_ts_payload(ikep);
730 else if (payload == IKEV2_PAYLOAD_TSR) /* 45 */
732 clib_warning("received payload TSr, len %u", plen - sizeof(*ikep));
734 vec_free(first_child_sa->tsr);
735 first_child_sa->tsr = ikev2_parse_ts_payload(ikep);
739 clib_warning("unknown payload %u flags %x length %u data %u",
740 payload, ikep->flags, plen - 4,
741 format_hex_bytes, ikep->payload, plen - 4);
743 if (ikep->flags & IKEV2_PAYLOAD_FLAG_CRITICAL) {
744 ikev2_set_state(sa, IKEV2_STATE_NOTIFY_AND_DELETE);
745 sa->unsupported_cp = payload;
750 payload = ikep->nextpayload;
759 ikev2_process_informational_req(vlib_main_t * vm, ikev2_sa_t *sa, ike_header_t * ike)
762 u32 len = clib_net_to_host_u32(ike->length);
763 u8 payload = ike->nextpayload;
766 ike_payload_header_t * ikep;
769 clib_warning("ispi %lx rspi %lx nextpayload %x version %x "
770 "exchange %x flags %x msgid %x length %u",
771 clib_net_to_host_u64(ike->ispi),
772 clib_net_to_host_u64(ike->rspi),
773 payload, ike->version,
774 ike->exchange, ike->flags,
775 clib_net_to_host_u32(ike->msgid),
778 plaintext = ikev2_decrypt_sk_payload(sa, ike, &payload);
781 goto cleanup_and_exit;
783 /* process encrypted payload */
785 while (p < vec_len(plaintext) && payload != IKEV2_PAYLOAD_NONE)
787 ikep = (ike_payload_header_t *) &plaintext[p];
788 plen = clib_net_to_host_u16(ikep->length);
790 if (plen < sizeof(ike_payload_header_t))
791 goto cleanup_and_exit;
793 if (payload == IKEV2_PAYLOAD_NOTIFY) /* 41 */
795 ikev2_notify_t * n = ikev2_parse_notify_payload(ikep);
796 if (n->msg_type == IKEV2_NOTIFY_MSG_AUTHENTICATION_FAILED)
797 ikev2_set_state(sa, IKEV2_STATE_AUTH_FAILED);
800 else if (payload == IKEV2_PAYLOAD_DELETE) /* 42 */
802 sa->del = ikev2_parse_delete_payload(ikep);
804 else if (payload == IKEV2_PAYLOAD_VENDOR) /* 43 */
806 ikev2_parse_vendor_payload(ikep);
810 clib_warning("unknown payload %u flags %x length %u data %u",
811 payload, ikep->flags, plen - 4,
812 format_hex_bytes, ikep->payload, plen - 4);
814 if (ikep->flags & IKEV2_PAYLOAD_FLAG_CRITICAL) {
815 sa->unsupported_cp = payload;
820 payload = ikep->nextpayload;
829 ikev2_process_create_child_sa_req(vlib_main_t * vm, ikev2_sa_t *sa, ike_header_t * ike)
832 u32 len = clib_net_to_host_u32(ike->length);
833 u8 payload = ike->nextpayload;
836 u8 i_nonce[IKEV2_NONCE_SIZE];
838 ike_payload_header_t * ikep;
840 ikev2_notify_t * n = 0;
841 ikev2_ts_t * tsi = 0;
842 ikev2_ts_t * tsr = 0;
843 ikev2_sa_proposal_t * proposal = 0;
844 ikev2_child_sa_t * child_sa;
846 clib_warning("ispi %lx rspi %lx nextpayload %x version %x "
847 "exchange %x flags %x msgid %x length %u",
848 clib_net_to_host_u64(ike->ispi),
849 clib_net_to_host_u64(ike->rspi),
850 payload, ike->version,
851 ike->exchange, ike->flags,
852 clib_net_to_host_u32(ike->msgid),
855 plaintext = ikev2_decrypt_sk_payload(sa, ike, &payload);
858 goto cleanup_and_exit;
860 /* process encrypted payload */
862 while (p < vec_len(plaintext) && payload != IKEV2_PAYLOAD_NONE)
864 ikep = (ike_payload_header_t *) &plaintext[p];
865 plen = clib_net_to_host_u16(ikep->length);
867 if (plen < sizeof(ike_payload_header_t))
868 goto cleanup_and_exit;
870 else if (payload == IKEV2_PAYLOAD_SA)
872 proposal = ikev2_parse_sa_payload(ikep);
874 else if (payload == IKEV2_PAYLOAD_NOTIFY)
876 n = ikev2_parse_notify_payload(ikep);
877 if (n->msg_type == IKEV2_NOTIFY_MSG_REKEY_SA)
882 else if (payload == IKEV2_PAYLOAD_DELETE)
884 sa->del = ikev2_parse_delete_payload(ikep);
886 else if (payload == IKEV2_PAYLOAD_VENDOR)
888 ikev2_parse_vendor_payload(ikep);
890 else if (payload == IKEV2_PAYLOAD_NONCE)
892 clib_memcpy(i_nonce, ikep->payload, plen - sizeof(*ikep));
894 else if (payload == IKEV2_PAYLOAD_TSI)
896 tsi = ikev2_parse_ts_payload(ikep);
898 else if (payload == IKEV2_PAYLOAD_TSR)
900 tsr = ikev2_parse_ts_payload(ikep);
904 clib_warning("unknown payload %u flags %x length %u data %u",
905 payload, ikep->flags, plen - 4,
906 format_hex_bytes, ikep->payload, plen - 4);
908 if (ikep->flags & IKEV2_PAYLOAD_FLAG_CRITICAL) {
909 sa->unsupported_cp = payload;
914 payload = ikep->nextpayload;
920 ikev2_rekey_t * rekey;
921 child_sa = ikev2_sa_get_child(sa, n->spi, n->protocol_id);
924 clib_warning("child SA spi %lx not found", n->spi);
925 goto cleanup_and_exit;
927 vec_add2(sa->rekey, rekey, 1);
928 rekey->protocol_id = n->protocol_id;
930 rekey->i_proposal = proposal;
931 rekey->r_proposal = ikev2_select_proposal(proposal, IKEV2_PROTOCOL_ESP);
935 vec_free(sa->i_nonce);
936 vec_add(sa->i_nonce, i_nonce, IKEV2_NONCE_SIZE);
937 /* generate new Nr */
938 vec_free(sa->r_nonce);
939 sa->r_nonce = vec_new(u8, IKEV2_NONCE_SIZE);
940 RAND_bytes((u8 *) sa->r_nonce, IKEV2_NONCE_SIZE);
949 ikev2_sa_generate_authmsg(ikev2_sa_t *sa, int is_responder)
957 ikev2_sa_transform_t * tr_prf;
959 tr_prf = ikev2_sa_get_td_for_type(sa->r_proposals, IKEV2_TRANSFORM_TYPE_PRF);
966 packet_data = sa->last_sa_init_res_packet_data;
973 packet_data = sa->last_sa_init_req_packet_data;
976 data = vec_new(u8, 4);
978 vec_append(data, id->data);
980 u8 * id_hash = ikev2_calc_prf(tr_prf, key, data);
981 vec_append(authmsg, packet_data);
982 vec_append(authmsg, nonce);
983 vec_append(authmsg, id_hash);
991 ikev2_ts_cmp(ikev2_ts_t * ts1, ikev2_ts_t * ts2)
993 if (ts1->ts_type == ts2->ts_type && ts1->protocol_id == ts2->protocol_id &&
994 ts1->start_port == ts2->start_port && ts1->end_port == ts2->end_port &&
995 ts1->start_addr.as_u32 == ts2->start_addr.as_u32 &&
996 ts1->end_addr.as_u32 == ts2->end_addr.as_u32)
1003 ikev2_sa_match_ts(ikev2_sa_t *sa)
1005 ikev2_main_t * km = &ikev2_main;
1006 ikev2_profile_t * p;
1007 ikev2_ts_t * ts, * tsi = 0, * tsr = 0;
1009 pool_foreach (p, km->profiles, ({
1012 if (p->rem_id.type != sa->i_id.type ||
1013 vec_len(p->rem_id.data) != vec_len(sa->i_id.data) ||
1014 memcmp(p->rem_id.data, sa->i_id.data, vec_len(p->rem_id.data)))
1017 vec_foreach(ts, sa->childs[0].tsi)
1019 if (ikev2_ts_cmp(&p->rem_ts, ts))
1026 vec_foreach(ts, sa->childs[0].tsr)
1028 if (ikev2_ts_cmp(&p->loc_ts, ts))
1040 vec_free(sa->childs[0].tsi);
1041 vec_free(sa->childs[0].tsr);
1042 sa->childs[0].tsi = tsi;
1043 sa->childs[0].tsr = tsr;
1049 ikev2_set_state(sa, IKEV2_STATE_TS_UNACCEPTABLE);
1054 ikev2_sa_auth(ikev2_sa_t *sa)
1056 ikev2_main_t * km = &ikev2_main;
1057 ikev2_profile_t * p, * sel_p = 0;
1058 u8 * authmsg, * key_pad, * psk = 0, * auth = 0;
1059 ikev2_sa_transform_t * tr_prf;
1061 tr_prf = ikev2_sa_get_td_for_type(sa->r_proposals, IKEV2_TRANSFORM_TYPE_PRF);
1063 /* only shared key and rsa signature */
1064 if (!(sa->i_auth.method == IKEV2_AUTH_METHOD_SHARED_KEY_MIC ||
1065 sa->i_auth.method == IKEV2_AUTH_METHOD_RSA_SIG))
1067 clib_warning("unsupported authentication method %u", sa->i_auth.method);
1068 ikev2_set_state(sa, IKEV2_STATE_AUTH_FAILED);
1072 key_pad = format(0, "%s", IKEV2_KEY_PAD);
1073 authmsg = ikev2_sa_generate_authmsg(sa, 0);
1075 pool_foreach (p, km->profiles, ({
1078 if (p->rem_id.type != sa->i_id.type ||
1079 vec_len(p->rem_id.data) != vec_len(sa->i_id.data) ||
1080 memcmp(p->rem_id.data, sa->i_id.data, vec_len(p->rem_id.data)))
1083 if (sa->i_auth.method == IKEV2_AUTH_METHOD_SHARED_KEY_MIC)
1085 if (!p->auth.data ||
1086 p->auth.method != IKEV2_AUTH_METHOD_SHARED_KEY_MIC)
1089 psk = ikev2_calc_prf(tr_prf, p->auth.data, key_pad);
1090 auth = ikev2_calc_prf(tr_prf, psk, authmsg);
1092 if (!memcmp(auth, sa->i_auth.data, vec_len(sa->i_auth.data)))
1094 ikev2_set_state(sa, IKEV2_STATE_AUTHENTICATED);
1101 else if (sa->i_auth.method == IKEV2_AUTH_METHOD_RSA_SIG)
1103 if (p->auth.method != IKEV2_AUTH_METHOD_RSA_SIG)
1106 if (ikev2_verify_sign(p->auth.key, sa->i_auth.data, authmsg) == 1)
1108 ikev2_set_state(sa, IKEV2_STATE_AUTHENTICATED);
1120 if (sa->state == IKEV2_STATE_AUTHENTICATED)
1122 vec_free(sa->r_id.data);
1123 sa->r_id.data = vec_dup(sel_p->loc_id.data);
1124 sa->r_id.type = sel_p->loc_id.type;
1126 /* generate our auth data */
1127 authmsg = ikev2_sa_generate_authmsg(sa, 1);
1128 if (sel_p->auth.method == IKEV2_AUTH_METHOD_SHARED_KEY_MIC)
1130 sa->r_auth.data = ikev2_calc_prf(tr_prf, psk, authmsg);
1131 sa->r_auth.method = IKEV2_AUTH_METHOD_SHARED_KEY_MIC;
1133 else if (sel_p->auth.method == IKEV2_AUTH_METHOD_RSA_SIG)
1135 sa->r_auth.data = ikev2_calc_sign(km->pkey, authmsg);
1136 sa->r_auth.method = IKEV2_AUTH_METHOD_RSA_SIG;
1140 /* select transforms for 1st child sa */
1141 ikev2_sa_free_proposal_vector(&sa->childs[0].r_proposals);
1142 sa->childs[0].r_proposals = ikev2_select_proposal(sa->childs[0].i_proposals,
1143 IKEV2_PROTOCOL_ESP);
1147 ikev2_set_state(sa, IKEV2_STATE_AUTH_FAILED);
1154 ikev2_create_tunnel_interface(vnet_main_t * vnm, ikev2_sa_t *sa, ikev2_child_sa_t * child)
1156 ipsec_add_del_tunnel_args_t a;
1157 ikev2_sa_transform_t * tr;
1160 if (!child->r_proposals)
1162 ikev2_set_state(sa, IKEV2_STATE_NO_PROPOSAL_CHOSEN);
1166 memset(&a, 0, sizeof(a));
1168 a.local_ip.as_u32 = sa->raddr.as_u32;
1169 a.remote_ip.as_u32 = sa->iaddr.as_u32;
1170 a.local_spi = child->i_proposals[0].spi;
1171 a.remote_spi = child->r_proposals[0].spi;
1174 tr = ikev2_sa_get_td_for_type(child->r_proposals, IKEV2_TRANSFORM_TYPE_ESN);
1176 a.esn = tr->esn_type;
1180 tr = ikev2_sa_get_td_for_type(child->r_proposals, IKEV2_TRANSFORM_TYPE_ENCR);
1183 if (tr->encr_type == IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC && tr->key_len)
1185 switch (tr->key_len)
1188 encr_type = IPSEC_CRYPTO_ALG_AES_CBC_128;
1191 encr_type = IPSEC_CRYPTO_ALG_AES_CBC_192;
1194 encr_type = IPSEC_CRYPTO_ALG_AES_CBC_256;
1197 ikev2_set_state(sa, IKEV2_STATE_NO_PROPOSAL_CHOSEN);
1204 ikev2_set_state(sa, IKEV2_STATE_NO_PROPOSAL_CHOSEN);
1210 ikev2_set_state(sa, IKEV2_STATE_NO_PROPOSAL_CHOSEN);
1214 tr = ikev2_sa_get_td_for_type(child->r_proposals, IKEV2_TRANSFORM_TYPE_INTEG);
1217 if (tr->integ_type != IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA1_96)
1219 ikev2_set_state(sa, IKEV2_STATE_NO_PROPOSAL_CHOSEN);
1225 ikev2_set_state(sa, IKEV2_STATE_NO_PROPOSAL_CHOSEN);
1229 ikev2_calc_child_keys(sa, child);
1231 a.integ_alg = IPSEC_INTEG_ALG_SHA1_96;
1232 a.local_integ_key_len = vec_len(child->sk_ar);
1233 clib_memcpy(a.local_integ_key, child->sk_ar, a.local_integ_key_len);
1234 a.remote_integ_key_len = vec_len(child->sk_ai);
1235 clib_memcpy(a.remote_integ_key, child->sk_ai, a.remote_integ_key_len);
1237 a.crypto_alg = encr_type;
1238 a.local_crypto_key_len = vec_len(child->sk_er);
1239 clib_memcpy(a.local_crypto_key, child->sk_er, a.local_crypto_key_len);
1240 a.remote_crypto_key_len = vec_len(child->sk_ei);
1241 clib_memcpy(a.remote_crypto_key, child->sk_ei, a.remote_crypto_key_len);
1243 ipsec_add_del_tunnel_if(&a);
1249 ikev2_delete_tunnel_interface(vnet_main_t * vnm, ikev2_sa_t *sa, ikev2_child_sa_t * child)
1251 ipsec_add_del_tunnel_args_t a;
1253 if (!vec_len(child->r_proposals))
1257 a.local_ip.as_u32 = sa->raddr.as_u32;
1258 a.remote_ip.as_u32 = sa->iaddr.as_u32;
1259 a.local_spi = child->i_proposals[0].spi;
1260 a.remote_spi = child->r_proposals[0].spi;
1262 ipsec_add_del_tunnel_if(&a);
1267 ikev2_generate_resp(ikev2_sa_t *sa, ike_header_t * ike)
1270 ike_payload_header_t * ph;
1274 ikev2_sa_transform_t * tr_encr, *tr_integ;
1275 tr_encr = ikev2_sa_get_td_for_type(sa->r_proposals, IKEV2_TRANSFORM_TYPE_ENCR);
1276 tr_integ = ikev2_sa_get_td_for_type(sa->r_proposals, IKEV2_TRANSFORM_TYPE_INTEG);
1278 ikev2_payload_chain_t * chain = 0;
1279 ikev2_payload_new_chain(chain);
1281 if (ike->exchange == IKEV2_EXCHANGE_SA_INIT)
1283 if (sa->r_proposals == 0)
1285 ikev2_payload_add_notify(chain, IKEV2_NOTIFY_MSG_NO_PROPOSAL_CHOSEN, 0);
1286 ikev2_set_state(sa, IKEV2_STATE_NOTIFY_AND_DELETE);
1288 else if (sa->dh_group == IKEV2_TRANSFORM_DH_TYPE_NONE)
1290 u8 * data = vec_new(u8, 2);
1291 ikev2_sa_transform_t * tr_dh;
1292 tr_dh = ikev2_sa_get_td_for_type(sa->r_proposals, IKEV2_TRANSFORM_TYPE_DH);
1293 ASSERT(tr_dh && tr_dh->dh_type);
1295 data[0] = (tr_dh->dh_type >> 8) & 0xff;
1296 data[1] = (tr_dh->dh_type) & 0xff;
1298 ikev2_payload_add_notify(chain, IKEV2_NOTIFY_MSG_INVALID_KE_PAYLOAD, data);
1300 ikev2_set_state(sa, IKEV2_STATE_NOTIFY_AND_DELETE);
1302 else if (sa->state == IKEV2_STATE_NOTIFY_AND_DELETE)
1304 u8 * data = vec_new(u8, 1);
1306 data[0] = sa->unsupported_cp;
1307 ikev2_payload_add_notify(chain,
1308 IKEV2_NOTIFY_MSG_UNSUPPORTED_CRITICAL_PAYLOAD,
1314 ike->rspi = clib_host_to_net_u64(sa->rspi);
1315 ikev2_payload_add_sa(chain, sa->r_proposals);
1316 ikev2_payload_add_ke(chain, sa->dh_group, sa->r_dh_data);
1317 ikev2_payload_add_nonce(chain, sa->r_nonce);
1320 else if (ike->exchange == IKEV2_EXCHANGE_IKE_AUTH)
1322 if (sa->state == IKEV2_STATE_AUTHENTICATED)
1324 ikev2_payload_add_id(chain, &sa->r_id, IKEV2_PAYLOAD_IDR);
1325 ikev2_payload_add_auth(chain, &sa->r_auth);
1326 ikev2_payload_add_sa(chain, sa->childs[0].r_proposals);
1327 ikev2_payload_add_ts(chain, sa->childs[0].tsi, IKEV2_PAYLOAD_TSI);
1328 ikev2_payload_add_ts(chain, sa->childs[0].tsr, IKEV2_PAYLOAD_TSR);
1330 else if (sa->state == IKEV2_STATE_AUTH_FAILED)
1332 ikev2_payload_add_notify(chain, IKEV2_NOTIFY_MSG_AUTHENTICATION_FAILED, 0);
1333 ikev2_set_state(sa, IKEV2_STATE_NOTIFY_AND_DELETE);
1335 else if (sa->state == IKEV2_STATE_TS_UNACCEPTABLE)
1337 ikev2_payload_add_notify(chain, IKEV2_NOTIFY_MSG_TS_UNACCEPTABLE, 0);
1338 ikev2_payload_add_id(chain, &sa->r_id, IKEV2_PAYLOAD_IDR);
1339 ikev2_payload_add_auth(chain, &sa->r_auth);
1341 else if (sa->state == IKEV2_STATE_NO_PROPOSAL_CHOSEN)
1343 ikev2_payload_add_notify(chain, IKEV2_NOTIFY_MSG_NO_PROPOSAL_CHOSEN, 0);
1344 ikev2_payload_add_id(chain, &sa->r_id, IKEV2_PAYLOAD_IDR);
1345 ikev2_payload_add_auth(chain, &sa->r_auth);
1346 ikev2_payload_add_ts(chain, sa->childs[0].tsi, IKEV2_PAYLOAD_TSI);
1347 ikev2_payload_add_ts(chain, sa->childs[0].tsr, IKEV2_PAYLOAD_TSR);
1349 else if (sa->state == IKEV2_STATE_NOTIFY_AND_DELETE)
1351 u8 * data = vec_new(u8, 1);
1353 data[0] = sa->unsupported_cp;
1354 ikev2_payload_add_notify(chain,
1355 IKEV2_NOTIFY_MSG_UNSUPPORTED_CRITICAL_PAYLOAD,
1361 ikev2_set_state(sa, IKEV2_STATE_DELETED);
1365 else if (ike->exchange == IKEV2_EXCHANGE_INFORMATIONAL)
1367 /* if pending delete */
1370 /* The response to a request that deletes the IKE SA is an empty
1371 INFORMATIONAL response. */
1372 if (sa->del[0].protocol_id == IKEV2_PROTOCOL_IKE)
1374 ikev2_set_state(sa, IKEV2_STATE_NOTIFY_AND_DELETE);
1376 /* The response to a request that deletes ESP or AH SAs will contain
1377 delete payloads for the paired SAs going in the other direction. */
1380 ikev2_payload_add_delete(chain, sa->del);
1385 /* received N(AUTHENTICATION_FAILED) */
1386 else if (sa->state == IKEV2_STATE_AUTH_FAILED)
1388 ikev2_set_state(sa, IKEV2_STATE_DELETED);
1391 /* received unsupported critical payload */
1392 else if (sa->unsupported_cp)
1394 u8 * data = vec_new(u8, 1);
1396 data[0] = sa->unsupported_cp;
1397 ikev2_payload_add_notify(chain,
1398 IKEV2_NOTIFY_MSG_UNSUPPORTED_CRITICAL_PAYLOAD,
1401 sa->unsupported_cp = 0;
1403 /* else send empty response */
1405 else if (ike->exchange == IKEV2_EXCHANGE_CREATE_CHILD_SA)
1409 ikev2_payload_add_sa(chain, sa->rekey[0].r_proposal);
1410 ikev2_payload_add_nonce(chain, sa->r_nonce);
1411 ikev2_payload_add_ts(chain, sa->rekey[0].tsi, IKEV2_PAYLOAD_TSI);
1412 ikev2_payload_add_ts(chain, sa->rekey[0].tsr, IKEV2_PAYLOAD_TSR);
1413 vec_del1(sa->rekey, 0);
1415 else if (sa->unsupported_cp)
1417 u8 * data = vec_new(u8, 1);
1419 data[0] = sa->unsupported_cp;
1420 ikev2_payload_add_notify(chain,
1421 IKEV2_NOTIFY_MSG_UNSUPPORTED_CRITICAL_PAYLOAD,
1424 sa->unsupported_cp = 0;
1428 ikev2_payload_add_notify(chain, IKEV2_NOTIFY_MSG_NO_ADDITIONAL_SAS, 0);
1433 ike->version = IKE_VERSION_2;
1434 ike->flags = IKEV2_HDR_FLAG_RESPONSE;
1435 ike->nextpayload = IKEV2_PAYLOAD_SK;
1436 tlen = sizeof(*ike);
1439 if (ike->exchange == IKEV2_EXCHANGE_SA_INIT)
1441 tlen += vec_len(chain->data);
1442 ike->nextpayload = chain->first_payload_type;
1443 ike->length = clib_host_to_net_u32(tlen);
1444 clib_memcpy(ike->payload, chain->data, vec_len(chain->data));
1446 /* store whole IKE payload - needed for PSK auth */
1447 vec_free(sa->last_sa_init_res_packet_data);
1448 vec_add(sa->last_sa_init_res_packet_data, ike, tlen);
1453 ikev2_payload_chain_add_padding(chain, tr_encr->block_size);
1457 ph = (ike_payload_header_t *) &ike->payload[0];
1458 ph->nextpayload = chain->first_payload_type;
1460 int enc_len = ikev2_encrypt_data(sa, chain->data, ph->payload);
1463 /* add space for hmac */
1464 plen += tr_integ->key_trunc;
1467 /* payload and total length */
1468 ph->length = clib_host_to_net_u16(plen);
1469 ike->length = clib_host_to_net_u32(tlen);
1471 /* calc integrity data for whole packet except hash itself */
1472 integ = ikev2_calc_integr(tr_integ, sa->sk_ar, (u8 *) ike,
1473 tlen - tr_integ->key_trunc);
1475 clib_memcpy(ike->payload + tlen - tr_integ->key_trunc - sizeof(*ike),
1476 integ, tr_integ->key_trunc);
1478 /* store whole IKE payload - needed for retransmit */
1479 vec_free(sa->last_res_packet_data);
1480 vec_add(sa->last_res_packet_data, ike, tlen);
1484 ikev2_payload_destroy_chain (chain);
1490 ikev2_retransmit_sa_init (ike_header_t * ike,
1491 ip4_address_t iaddr,
1492 ip4_address_t raddr)
1494 ikev2_main_t * km = &ikev2_main;
1496 u32 cpu_index = os_get_cpu_number();
1498 pool_foreach (sa, km->per_thread_data[cpu_index].sas, ({
1499 if (sa->ispi == clib_net_to_host_u64(ike->ispi) &&
1500 sa->iaddr.as_u32 == iaddr.as_u32 &&
1501 sa->raddr.as_u32 == raddr.as_u32)
1504 u32 len = clib_net_to_host_u32(ike->length);
1505 u8 payload = ike->nextpayload;
1507 while (p < len && payload!= IKEV2_PAYLOAD_NONE) {
1508 ike_payload_header_t * ikep = (ike_payload_header_t *) &ike->payload[p];
1509 u32 plen = clib_net_to_host_u16(ikep->length);
1511 if (plen < sizeof(ike_payload_header_t))
1514 if (payload == IKEV2_PAYLOAD_NONCE)
1516 if (!memcmp(sa->i_nonce, ikep->payload, plen - sizeof(*ikep)))
1518 /* req is retransmit */
1519 if (sa->state == IKEV2_STATE_SA_INIT)
1522 tmp = (ike_header_t*)sa->last_sa_init_res_packet_data;
1523 ike->ispi = tmp->ispi;
1524 ike->rspi = tmp->rspi;
1525 ike->nextpayload = tmp->nextpayload;
1526 ike->version = tmp->version;
1527 ike->exchange = tmp->exchange;
1528 ike->flags = tmp->flags;
1529 ike->msgid = tmp->msgid;
1530 ike->length = tmp->length;
1531 clib_memcpy(ike->payload, tmp->payload,
1532 clib_net_to_host_u32(tmp->length) - sizeof(*ike));
1533 clib_warning("IKE_SA_INIT retransmit from %U to %U",
1534 format_ip4_address, &raddr,
1535 format_ip4_address, &iaddr);
1538 /* else ignore req */
1541 clib_warning("IKE_SA_INIT ignore from %U to %U",
1542 format_ip4_address, &raddr,
1543 format_ip4_address, &iaddr);
1548 payload = ikep->nextpayload;
1554 /* req is not retransmit */
1559 ikev2_retransmit_resp (ikev2_sa_t * sa, ike_header_t * ike)
1561 u32 msg_id = clib_net_to_host_u32(ike->msgid);
1564 if (msg_id > sa->last_msg_id)
1566 sa->last_msg_id = msg_id;
1569 /* retransmitted req */
1570 else if (msg_id == sa->last_msg_id)
1573 tmp = (ike_header_t*)sa->last_res_packet_data;
1574 ike->ispi = tmp->ispi;
1575 ike->rspi = tmp->rspi;
1576 ike->nextpayload = tmp->nextpayload;
1577 ike->version = tmp->version;
1578 ike->exchange = tmp->exchange;
1579 ike->flags = tmp->flags;
1580 ike->msgid = tmp->msgid;
1581 ike->length = tmp->length;
1582 clib_memcpy(ike->payload, tmp->payload,
1583 clib_net_to_host_u32(tmp->length) - sizeof(*ike));
1584 clib_warning("IKE msgid %u retransmit from %U to %U",
1586 format_ip4_address, &sa->raddr,
1587 format_ip4_address, &sa->iaddr);
1590 /* old req ignore */
1593 clib_warning("IKE msgid %u req ignore from %U to %U",
1595 format_ip4_address, &sa->raddr,
1596 format_ip4_address, &sa->iaddr);
1602 ikev2_node_fn (vlib_main_t * vm,
1603 vlib_node_runtime_t * node,
1604 vlib_frame_t * frame)
1606 u32 n_left_from, * from, * to_next;
1607 ikev2_next_t next_index;
1608 ikev2_main_t * km = &ikev2_main;
1609 u32 cpu_index = os_get_cpu_number();
1611 from = vlib_frame_vector_args (frame);
1612 n_left_from = frame->n_vectors;
1613 next_index = node->cached_next_index;
1615 while (n_left_from > 0)
1619 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
1621 while (n_left_from > 0 && n_left_to_next > 0)
1625 u32 next0 = IKEV2_NEXT_ERROR_DROP;
1627 ip4_header_t * ip40;
1628 udp_header_t * udp0;
1629 ike_header_t * ike0;
1630 ikev2_sa_t * sa0 = 0;
1634 /* speculatively enqueue b0 to the current next frame */
1640 n_left_to_next -= 1;
1642 b0 = vlib_get_buffer (vm, bi0);
1643 ike0 = vlib_buffer_get_current (b0);
1644 vlib_buffer_advance(b0, - sizeof(*udp0));
1645 udp0 = vlib_buffer_get_current (b0);
1646 vlib_buffer_advance(b0, - sizeof(*ip40));
1647 ip40 = vlib_buffer_get_current (b0);
1649 if (ike0->version != IKE_VERSION_2)
1651 vlib_node_increment_counter(vm, ikev2_node.index,
1652 IKEV2_ERROR_NOT_IKEV2, 1);
1656 if (ike0->exchange == IKEV2_EXCHANGE_SA_INIT)
1658 ikev2_sa_t sa; /* temporary store for SA */
1660 memset (sa0, 0, sizeof (*sa0));
1662 if (ike0->rspi == 0)
1664 sa0->raddr.as_u32 = ip40->dst_address.as_u32;
1665 sa0->iaddr.as_u32 = ip40->src_address.as_u32;
1667 r = ikev2_retransmit_sa_init(ike0, sa0->iaddr, sa0->raddr);
1670 vlib_node_increment_counter(vm, ikev2_node.index,
1671 IKEV2_ERROR_IKE_SA_INIT_RETRANSMIT,
1673 len = clib_net_to_host_u32(ike0->length);
1678 vlib_node_increment_counter(vm, ikev2_node.index,
1679 IKEV2_ERROR_IKE_SA_INIT_IGNORE,
1684 ikev2_process_sa_init_req(vm, sa0, ike0);
1686 if (sa0->state == IKEV2_STATE_SA_INIT)
1688 ikev2_sa_free_proposal_vector(&sa0->r_proposals);
1689 sa0->r_proposals = ikev2_select_proposal(sa0->i_proposals,
1690 IKEV2_PROTOCOL_IKE);
1691 ikev2_generate_sa_init_data(sa0);
1694 if (sa0->state == IKEV2_STATE_SA_INIT ||
1695 sa0->state == IKEV2_STATE_NOTIFY_AND_DELETE)
1697 len = ikev2_generate_resp(sa0, ike0);
1700 if (sa0->state == IKEV2_STATE_SA_INIT)
1702 /* add SA to the pool */
1703 pool_get (km->per_thread_data[cpu_index].sas, sa0);
1704 clib_memcpy(sa0, &sa, sizeof(*sa0));
1705 hash_set (km->per_thread_data[cpu_index].sa_by_rspi,
1707 sa0 - km->per_thread_data[cpu_index].sas);
1711 ikev2_sa_free_all_vec(sa0);
1715 else if (ike0->exchange == IKEV2_EXCHANGE_IKE_AUTH)
1718 p = hash_get(km->per_thread_data[cpu_index].sa_by_rspi,
1719 clib_net_to_host_u64(ike0->rspi));
1722 sa0 = pool_elt_at_index (km->per_thread_data[cpu_index].sas,
1725 r = ikev2_retransmit_resp(sa0, ike0);
1728 vlib_node_increment_counter(vm, ikev2_node.index,
1729 IKEV2_ERROR_IKE_REQ_RETRANSMIT,
1731 len = clib_net_to_host_u32(ike0->length);
1736 vlib_node_increment_counter(vm, ikev2_node.index,
1737 IKEV2_ERROR_IKE_REQ_IGNORE,
1742 ikev2_process_auth_req(vm, sa0, ike0);
1744 if (sa0->state == IKEV2_STATE_AUTHENTICATED)
1746 ikev2_initial_contact_cleanup(sa0);
1747 ikev2_sa_match_ts(sa0);
1748 if (sa0->state != IKEV2_STATE_TS_UNACCEPTABLE)
1749 ikev2_create_tunnel_interface(km->vnet_main, sa0,
1752 len = ikev2_generate_resp(sa0, ike0);
1755 else if (ike0->exchange == IKEV2_EXCHANGE_INFORMATIONAL)
1758 p = hash_get(km->per_thread_data[cpu_index].sa_by_rspi,
1759 clib_net_to_host_u64(ike0->rspi));
1762 sa0 = pool_elt_at_index (km->per_thread_data[cpu_index].sas,
1765 r = ikev2_retransmit_resp(sa0, ike0);
1768 vlib_node_increment_counter(vm, ikev2_node.index,
1769 IKEV2_ERROR_IKE_REQ_RETRANSMIT,
1771 len = clib_net_to_host_u32(ike0->length);
1776 vlib_node_increment_counter(vm, ikev2_node.index,
1777 IKEV2_ERROR_IKE_REQ_IGNORE,
1782 ikev2_process_informational_req(vm, sa0, ike0);
1785 if (sa0->del[0].protocol_id != IKEV2_PROTOCOL_IKE)
1787 ikev2_delete_t * d, * tmp, * resp = 0;
1788 vec_foreach(d, sa0->del)
1790 ikev2_child_sa_t * ch_sa;
1791 ch_sa = ikev2_sa_get_child(sa0, d->spi,
1795 ikev2_delete_tunnel_interface(km->vnet_main,
1797 vec_add2(resp, tmp, 1);
1798 tmp->protocol_id = d->protocol_id;
1799 tmp->spi = ch_sa->r_proposals[0].spi;
1800 ikev2_sa_del_child_sa(sa0, ch_sa);
1807 len = ikev2_generate_resp(sa0, ike0);
1810 else if (ike0->exchange == IKEV2_EXCHANGE_CREATE_CHILD_SA)
1813 p = hash_get(km->per_thread_data[cpu_index].sa_by_rspi,
1814 clib_net_to_host_u64(ike0->rspi));
1817 sa0 = pool_elt_at_index (km->per_thread_data[cpu_index].sas,
1820 r = ikev2_retransmit_resp(sa0, ike0);
1823 vlib_node_increment_counter(vm, ikev2_node.index,
1824 IKEV2_ERROR_IKE_REQ_RETRANSMIT,
1826 len = clib_net_to_host_u32(ike0->length);
1831 vlib_node_increment_counter(vm, ikev2_node.index,
1832 IKEV2_ERROR_IKE_REQ_IGNORE,
1837 ikev2_process_create_child_sa_req(vm, sa0, ike0);
1840 if (sa0->rekey[0].protocol_id != IKEV2_PROTOCOL_IKE)
1842 ikev2_child_sa_t * child;
1843 vec_add2(sa0->childs, child, 1);
1844 child->r_proposals = sa0->rekey[0].r_proposal;
1845 child->i_proposals = sa0->rekey[0].i_proposal;
1846 child->tsi = sa0->rekey[0].tsi;
1847 child->tsr = sa0->rekey[0].tsr;
1848 ikev2_create_tunnel_interface(km->vnet_main, sa0,
1851 len = ikev2_generate_resp(sa0, ike0);
1857 clib_warning("IKEv2 exchange %u packet received from %U to %U",
1859 format_ip4_address, ip40->src_address.as_u8,
1860 format_ip4_address, ip40->dst_address.as_u8);
1864 /* if we are sending packet back, rewrite headers */
1867 next0 = IKEV2_NEXT_IP4_LOOKUP;
1868 ip40->dst_address.as_u32 = sa0->iaddr.as_u32;
1869 ip40->src_address.as_u32 = sa0->raddr.as_u32;
1870 udp0->length = clib_host_to_net_u16(len + sizeof(udp_header_t));
1872 b0->current_length = len + sizeof(ip4_header_t) + sizeof(udp_header_t);
1873 ip40->length = clib_host_to_net_u16(b0->current_length);
1874 ip40->checksum = ip4_header_checksum (ip40);
1877 if (sa0 && (sa0->state == IKEV2_STATE_DELETED ||
1878 sa0->state == IKEV2_STATE_NOTIFY_AND_DELETE))
1880 ikev2_child_sa_t * c;
1882 vec_foreach(c, sa0->childs)
1883 ikev2_delete_tunnel_interface(km->vnet_main, sa0, c);
1885 ikev2_delete_sa(sa0);
1887 sw_if_index0 = vnet_buffer(b0)->sw_if_index[VLIB_RX];
1889 if (PREDICT_FALSE((node->flags & VLIB_NODE_FLAG_TRACE)
1890 && (b0->flags & VLIB_BUFFER_IS_TRACED)))
1892 ikev2_trace_t *t = vlib_add_trace (vm, node, b0, sizeof (*t));
1893 t->sw_if_index = sw_if_index0;
1894 t->next_index = next0;
1897 vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
1898 n_left_to_next, bi0, next0);
1901 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
1904 vlib_node_increment_counter (vm, ikev2_node.index,
1905 IKEV2_ERROR_PROCESSED, frame->n_vectors);
1906 return frame->n_vectors;
1909 VLIB_REGISTER_NODE (ikev2_node,static) = {
1910 .function = ikev2_node_fn,
1912 .vector_size = sizeof (u32),
1913 .format_trace = format_ikev2_trace,
1914 .type = VLIB_NODE_TYPE_INTERNAL,
1916 .n_errors = ARRAY_LEN(ikev2_error_strings),
1917 .error_strings = ikev2_error_strings,
1919 .n_next_nodes = IKEV2_N_NEXT,
1922 [IKEV2_NEXT_IP4_LOOKUP] = "ip4-lookup",
1923 [IKEV2_NEXT_ERROR_DROP] = "error-drop",
1928 static ikev2_profile_t *
1929 ikev2_profile_index_by_name(u8 * name)
1931 ikev2_main_t * km = &ikev2_main;
1934 p = mhash_get (&km->profile_index_by_name, name);
1938 return pool_elt_at_index(km->profiles, p[0]);
1942 ikev2_set_local_key(vlib_main_t * vm, u8 * file)
1944 ikev2_main_t * km = &ikev2_main;
1946 km->pkey = ikev2_load_key_file(file);
1947 if (km->pkey == NULL)
1948 return clib_error_return(0, "load key '%s' failed", file);
1954 ikev2_add_del_profile(vlib_main_t * vm, u8 * name, int is_add)
1956 ikev2_main_t * km = &ikev2_main;
1957 ikev2_profile_t * p;
1961 if (ikev2_profile_index_by_name(name))
1962 return clib_error_return(0, "policy %v already exists", name);
1964 pool_get (km->profiles, p);
1965 memset(p, 0, sizeof(*p));
1966 p->name = vec_dup(name);
1967 uword index = p - km->profiles;
1968 mhash_set_mem (&km->profile_index_by_name, name, &index, 0);
1972 p = ikev2_profile_index_by_name(name);
1974 return clib_error_return(0, "policy %v does not exists", name);
1977 pool_put (km->profiles, p);
1978 mhash_unset (&km->profile_index_by_name, name, 0);
1984 ikev2_set_profile_auth(vlib_main_t * vm, u8 * name, u8 auth_method,
1985 u8 * auth_data, u8 data_hex_format)
1987 ikev2_profile_t * p;
1990 p = ikev2_profile_index_by_name(name);
1993 r = clib_error_return(0, "unknown profile %v", name);
1996 vec_free(p->auth.data);
1997 p->auth.method = auth_method;
1998 p->auth.data = vec_dup(auth_data);
1999 p->auth.hex = data_hex_format;
2001 if (auth_method == IKEV2_AUTH_METHOD_RSA_SIG)
2004 EVP_PKEY_free(p->auth.key);
2005 p->auth.key = ikev2_load_cert_file(auth_data);
2006 if (p->auth.key == NULL)
2007 return clib_error_return(0, "load cert '%s' failed", auth_data);
2014 ikev2_set_profile_id(vlib_main_t * vm, u8 * name, u8 id_type, u8 * data,
2017 ikev2_profile_t * p;
2020 if (id_type > IKEV2_ID_TYPE_ID_RFC822_ADDR && id_type < IKEV2_ID_TYPE_ID_KEY_ID)
2022 r = clib_error_return(0, "unsupported identity type %U",
2023 format_ikev2_id_type, id_type);
2027 p = ikev2_profile_index_by_name(name);
2030 r = clib_error_return(0, "unknown profile %v", name);
2036 vec_free(p->loc_id.data);
2037 p->loc_id.type = id_type;
2038 p->loc_id.data = vec_dup(data);
2042 vec_free(p->rem_id.data);
2043 p->rem_id.type = id_type;
2044 p->rem_id.data = vec_dup(data);
2051 ikev2_set_profile_ts(vlib_main_t * vm, u8 * name, u8 protocol_id,
2052 u16 start_port, u16 end_port, ip4_address_t start_addr,
2053 ip4_address_t end_addr, int is_local)
2055 ikev2_profile_t * p;
2058 p = ikev2_profile_index_by_name(name);
2061 r = clib_error_return(0, "unknown profile %v", name);
2067 p->loc_ts.start_addr.as_u32= start_addr.as_u32;
2068 p->loc_ts.end_addr.as_u32 = end_addr.as_u32;
2069 p->loc_ts.start_port = start_port;
2070 p->loc_ts.end_port = end_port;
2071 p->loc_ts.protocol_id = protocol_id;
2072 p->loc_ts.ts_type = 7;
2076 p->rem_ts.start_addr.as_u32 = start_addr.as_u32;
2077 p->rem_ts.end_addr.as_u32 = end_addr.as_u32;
2078 p->rem_ts.start_port = start_port;
2079 p->rem_ts.end_port = end_port;
2080 p->rem_ts.protocol_id = protocol_id;
2081 p->rem_ts.ts_type = 7;
2089 ikev2_init (vlib_main_t * vm)
2091 ikev2_main_t * km = &ikev2_main;
2092 clib_error_t * error;
2093 vlib_thread_main_t * tm = vlib_get_thread_main();
2096 memset (km, 0, sizeof (ikev2_main_t));
2097 km->vnet_main = vnet_get_main();
2100 ikev2_crypto_init(km);
2102 mhash_init_vec_string (&km->profile_index_by_name, sizeof (uword));
2104 vec_validate(km->per_thread_data, tm->n_vlib_mains-1);
2105 for (thread_id = 0; thread_id < tm->n_vlib_mains - 1; thread_id++)
2107 km->per_thread_data[thread_id].sa_by_rspi =
2108 hash_create (0, sizeof (uword));
2111 if ((error = vlib_call_init_function (vm, ikev2_cli_init)))
2114 udp_register_dst_port (vm, 500, ikev2_node.index, 1);