Code Review / vpp.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Initial commit of vpp code.
[vpp.git] / vnet / vnet / ipsec / ikev2_crypto.c
1 /*
2  * Copyright (c) 2015 Cisco and/or its affiliates.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at:
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15
16 #include <vlib/vlib.h>
17 #include <vnet/vnet.h>
18 #include <vnet/pg/pg.h>
19 #include <vppinfra/error.h>
20 #include <vnet/ip/udp.h>
21 #include <vnet/ipsec/ikev2.h>
22 #include <vnet/ipsec/ikev2_priv.h>
23 #include <openssl/obj_mac.h>
24 #include <openssl/ec.h>
25 #include <openssl/x509.h>
26 #include <openssl/pem.h>
27 #include <openssl/bn.h>
28
29 /* from RFC7296 */
30 static const char modp_dh_768_prime[] =
31 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
32 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
33 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
34 "E485B576625E7EC6F44C42E9A63A3620FFFFFFFFFFFFFFFF";
35 static const char modp_dh_768_generator[] = "02";
36
37 static const char modp_dh_1024_prime[] =
38 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
39 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
40 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
41 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
42 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381"
43 "FFFFFFFFFFFFFFFF";
44 static const char modp_dh_1024_generator[] = "02";
45
46 /* from RFC3526 */
47 static const char modp_dh_1536_prime[] =
48 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
49 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
50 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
51 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
52 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
53 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
54 "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
55 "670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF";
56 static const char modp_dh_1536_generator[] = "02";
57
58 static const char modp_dh_2048_prime[] =
59 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
60 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
61 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
62 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
63 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
64 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
65 "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
66 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
67 "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
68 "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
69 "15728E5A8AACAA68FFFFFFFFFFFFFFFF";
70 static const char modp_dh_2048_generator[] = "02";
71
72 static const char modp_dh_3072_prime[] =
73 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
74 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
75 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
76 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
77 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
78 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
79 "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
80 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
81 "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
82 "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
83 "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
84 "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
85 "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
86 "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
87 "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
88 "43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF";
89 static const char modp_dh_3072_generator[] = "02";
90
91 static const char modp_dh_4096_prime[] =
92 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
93 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
94 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
95 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
96 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
97 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
98 "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
99 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
100 "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
101 "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
102 "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
103 "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
104 "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
105 "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
106 "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
107 "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7"
108 "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA"
109 "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6"
110 "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED"
111 "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9"
112 "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199"
113 "FFFFFFFFFFFFFFFF";
114 static const char modp_dh_4096_generator[] = "02";
115
116 static const char modp_dh_6144_prime[] =
117 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E08"
118 "8A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B"
119 "302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9"
120 "A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE6"
121 "49286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8"
122 "FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D"
123 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C"
124 "180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF695581718"
125 "3995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D"
126 "04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7D"
127 "B3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D226"
128 "1AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
129 "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFC"
130 "E0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B26"
131 "99C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB"
132 "04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2"
133 "233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127"
134 "D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492"
135 "36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406"
136 "AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918"
137 "DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B33205151"
138 "2BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03"
139 "F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97F"
140 "BEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA"
141 "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58B"
142 "B7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632"
143 "387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E"
144 "6DCC4024FFFFFFFFFFFFFFFF";
145 static const char modp_dh_6144_generator[] = "02";
146
147 static const char modp_dh_8192_prime[] =
148 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
149 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
150 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
151 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
152 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
153 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
154 "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
155 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
156 "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
157 "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
158 "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
159 "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
160 "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
161 "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
162 "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
163 "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7"
164 "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA"
165 "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6"
166 "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED"
167 "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9"
168 "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492"
169 "36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BD"
170 "F8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831"
171 "179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1B"
172 "DB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF"
173 "5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6"
174 "D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F3"
175 "23A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA"
176 "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE328"
177 "06A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55C"
178 "DA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE"
179 "12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E4"
180 "38777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300"
181 "741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F568"
182 "3423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD9"
183 "22222E04A4037C0713EB57A81A23F0C73473FC646CEA306B"
184 "4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A"
185 "062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A36"
186 "4597E899A0255DC164F31CC50846851DF9AB48195DED7EA1"
187 "B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F92"
188 "4009438B481C6CD7889A002ED5EE382BC9190DA6FC026E47"
189 "9558E4475677E9AA9E3050E2765694DFC81F56E880B96E71"
190 "60C980DD98EDD3DFFFFFFFFFFFFFFFFF";
191 static const char modp_dh_8192_generator[] = "02";
192
193 /* from RFC5114 */
194 static const char modp_dh_1024_160_prime[] =
195 "B10B8F96A080E01DDE92DE5EAE5D54EC52C99FBCFB06A3C6"
196 "9A6A9DCA52D23B616073E28675A23D189838EF1E2EE652C0"
197 "13ECB4AEA906112324975C3CD49B83BFACCBDD7D90C4BD70"
198 "98488E9C219A73724EFFD6FAE5644738FAA31A4FF55BCCC0"
199 "A151AF5F0DC8B4BD45BF37DF365C1A65E68CFDA76D4DA708"
200 "DF1FB2BC2E4A4371";
201 static const char modp_dh_1024_160_generator[] =
202 "A4D1CBD5C3FD34126765A442EFB99905F8104DD258AC507F"
203 "D6406CFF14266D31266FEA1E5C41564B777E690F5504F213"
204 "160217B4B01B886A5E91547F9E2749F4D7FBD7D3B9A92EE1"
205 "909D0D2263F80A76A6A24C087A091F531DBF0A0169B6A28A"
206 "D662A4D18E73AFA32D779D5918D08BC8858F4DCEF97C2A24"
207 "855E6EEB22B3B2E5";
208
209 static const char modp_dh_2048_224_prime[] =
210 "AD107E1E9123A9D0D660FAA79559C51FA20D64E5683B9FD1"
211 "B54B1597B61D0A75E6FA141DF95A56DBAF9A3C407BA1DF15"
212 "EB3D688A309C180E1DE6B85A1274A0A66D3F8152AD6AC212"
213 "9037C9EDEFDA4DF8D91E8FEF55B7394B7AD5B7D0B6C12207"
214 "C9F98D11ED34DBF6C6BA0B2C8BBC27BE6A00E0A0B9C49708"
215 "B3BF8A317091883681286130BC8985DB1602E714415D9330"
216 "278273C7DE31EFDC7310F7121FD5A07415987D9ADC0A486D"
217 "CDF93ACC44328387315D75E198C641A480CD86A1B9E587E8"
218 "BE60E69CC928B2B9C52172E413042E9B23F10B0E16E79763"
219 "C9B53DCF4BA80A29E3FB73C16B8E75B97EF363E2FFA31F71"
220 "CF9DE5384E71B81C0AC4DFFE0C10E64F";
221 static const char modp_dh_2048_224_generator[] =
222 "AC4032EF4F2D9AE39DF30B5C8FFDAC506CDEBE7B89998CAF"
223 "74866A08CFE4FFE3A6824A4E10B9A6F0DD921F01A70C4AFA"
224 "AB739D7700C29F52C57DB17C620A8652BE5E9001A8D66AD7"
225 "C17669101999024AF4D027275AC1348BB8A762D0521BC98A"
226 "E247150422EA1ED409939D54DA7460CDB5F6C6B250717CBE"
227 "F180EB34118E98D119529A45D6F834566E3025E316A330EF"
228 "BB77A86F0C1AB15B051AE3D428C8F8ACB70A8137150B8EEB"
229 "10E183EDD19963DDD9E263E4770589EF6AA21E7F5F2FF381"
230 "B539CCE3409D13CD566AFBB48D6C019181E1BCFE94B30269"
231 "EDFE72FE9B6AA4BD7B5A0F1C71CFFF4C19C418E1F6EC0179"
232 "81BC087F2A7065B384B890D3191F2BFA";
233
234 static const char modp_dh_2048_256_prime[] =
235 "87A8E61DB4B6663CFFBBD19C651959998CEEF608660DD0F2"
236 "5D2CEED4435E3B00E00DF8F1D61957D4FAF7DF4561B2AA30"
237 "16C3D91134096FAA3BF4296D830E9A7C209E0C6497517ABD"
238 "5A8A9D306BCF67ED91F9E6725B4758C022E0B1EF4275BF7B"
239 "6C5BFC11D45F9088B941F54EB1E59BB8BC39A0BF12307F5C"
240 "4FDB70C581B23F76B63ACAE1CAA6B7902D52526735488A0E"
241 "F13C6D9A51BFA4AB3AD8347796524D8EF6A167B5A41825D9"
242 "67E144E5140564251CCACB83E6B486F6B3CA3F7971506026"
243 "C0B857F689962856DED4010ABD0BE621C3A3960A54E710C3"
244 "75F26375D7014103A4B54330C198AF126116D2276E11715F"
245 "693877FAD7EF09CADB094AE91E1A1597";
246 static const char modp_dh_2048_256_generator[] =
247 "3FB32C9B73134D0B2E77506660EDBD484CA7B18F21EF2054"
248 "07F4793A1A0BA12510DBC15077BE463FFF4FED4AAC0BB555"
249 "BE3A6C1B0C6B47B1BC3773BF7E8C6F62901228F8C28CBB18"
250 "A55AE31341000A650196F931C77A57F2DDF463E5E9EC144B"
251 "777DE62AAAB8A8628AC376D282D6ED3864E67982428EBC83"
252 "1D14348F6F2F9193B5045AF2767164E1DFC967C1FB3F2E55"
253 "A4BD1BFFE83B9C80D052B985D182EA0ADB2A3B7313D3FE14"
254 "C8484B1E052588B9B7D2BBD2DF016199ECD06E1557CD0915"
255 "B3353BBB64E0EC377FD028370DF92B52C7891428CDC67EB6"
256 "184B523D1DB246C32F63078490F00EF8D647D148D4795451"
257 "5E2327CFEF98C582664B4C0F6CC41659";
258
259 v8 *
260 ikev2_calc_prf(ikev2_sa_transform_t * tr, v8 * key, v8 * data)
261 {
262   HMAC_CTX ctx;
263   v8 * prf;
264   unsigned int len = 0;
265
266   prf = vec_new(u8, tr->key_trunc);
267   HMAC_CTX_init(&ctx);
268   HMAC_Init_ex(&ctx, key, vec_len(key), tr->md, NULL);
269   HMAC_Update(&ctx, data, vec_len(data));
270   HMAC_Final(&ctx, prf, &len);
271   HMAC_CTX_cleanup(&ctx);
272
273   ASSERT(len == tr->key_trunc);
274
275   return prf;
276 }
277 u8 *
278 ikev2_calc_prfplus(ikev2_sa_transform_t * tr, u8 * key, u8 * seed, int len)
279 {
280   v8 * t = 0, * s = 0, * tmp = 0, * ret = 0;
281   u8 x = 0;
282
283   /* prf+ (K,S) = T1 | T2 | T3 | T4 | ...
284
285    where:
286    T1 = prf (K, S | 0x01)
287    T2 = prf (K, T1 | S | 0x02)
288    T3 = prf (K, T2 | S | 0x03)
289    T4 = prf (K, T3 | S | 0x04)
290   */
291
292   while (vec_len(ret) < len && x < 255) {
293     if (t) {
294       vec_append(s, t);
295       vec_free(t);
296     }
297
298     vec_append(s, seed);
299     vec_add2(s, tmp, 1);
300     *tmp = x + 1;
301     t = ikev2_calc_prf(tr, key, s);
302     vec_append(ret, t);
303     vec_free(s);
304     x++;
305   }
306
307   vec_free(t);
308
309   if (x == 255) {
310     vec_free(ret);
311   }
312
313   return ret;
314 }
315
316 v8 *
317 ikev2_calc_integr(ikev2_sa_transform_t * tr, v8 * key, u8 * data, int len)
318 {
319   v8 * r;
320   HMAC_CTX hctx;
321   unsigned int l;
322
323   ASSERT(tr->type == IKEV2_TRANSFORM_TYPE_INTEG);
324
325   r = vec_new(u8, tr->key_len);
326
327   /* verify integrity of data */
328   HMAC_CTX_init(&hctx);
329   HMAC_Init(&hctx, key, vec_len(key), tr->md);
330   HMAC_Update(&hctx, (const u8 *) data, len);
331   HMAC_Final(&hctx, r, &l);
332   HMAC_CTX_cleanup(&hctx);
333
334   ASSERT(l == tr->key_len);
335
336   return r;
337 }
338
339 v8 *
340 ikev2_decrypt_data(ikev2_sa_t * sa, u8 * data, int len)
341 {
342   EVP_CIPHER_CTX ctx;
343   v8 * r;
344   int out_len = 0, block_size;
345   ikev2_sa_transform_t * tr_encr;
346
347   tr_encr = ikev2_sa_get_td_for_type(sa->r_proposals, IKEV2_TRANSFORM_TYPE_ENCR);
348   block_size = tr_encr->block_size;
349
350   /* check if data is multiplier of cipher block size */
351   if (len % block_size) {
352     clib_warning("wrong data length");
353     return 0;
354   }
355
356   EVP_CIPHER_CTX_init(&ctx);
357   r = vec_new(u8, len - block_size);
358   EVP_DecryptInit_ex(&ctx, tr_encr->cipher, NULL, sa->sk_ei, data);
359   EVP_DecryptUpdate(&ctx, r, &out_len, data+block_size, len-block_size);
360   EVP_DecryptFinal_ex(&ctx, r + out_len, &out_len);
361
362   /* remove padding */
363   _vec_len(r) -= r[vec_len(r)-1] + 1;
364
365   EVP_CIPHER_CTX_cleanup(&ctx);
366   return r;
367 }
368
369 int
370 ikev2_encrypt_data(ikev2_sa_t * sa, v8 * src, u8 * dst)
371 {
372   EVP_CIPHER_CTX ctx;
373   int out_len;
374   int bs;
375   ikev2_sa_transform_t * tr_encr;
376
377   tr_encr = ikev2_sa_get_td_for_type(sa->r_proposals, IKEV2_TRANSFORM_TYPE_ENCR);
378   bs = tr_encr->block_size;
379
380   /* generate IV */
381   RAND_bytes(dst, bs);
382
383   EVP_CIPHER_CTX_init(&ctx);
384
385   EVP_EncryptInit_ex(&ctx, tr_encr->cipher, NULL, sa->sk_er, dst /* dst */ );
386   EVP_EncryptUpdate(&ctx, dst + bs, &out_len, src, vec_len(src));
387
388   EVP_CIPHER_CTX_cleanup(&ctx);
389
390   ASSERT(vec_len(src) == out_len);
391
392   return out_len + bs;
393 }
394
395 void
396 ikev2_generate_dh(ikev2_sa_t * sa, ikev2_sa_transform_t * t)
397 {
398   int r;
399
400   if (t->dh_group == IKEV2_DH_GROUP_MODP)
401     {
402       DH * dh = DH_new();
403       BN_hex2bn(&dh->p, t->dh_p);
404       BN_hex2bn(&dh->g, t->dh_g);
405       DH_generate_key(dh);
406
407       sa->r_dh_data = vec_new(u8, t->key_len);
408       r = BN_bn2bin(dh->pub_key, sa->r_dh_data);
409       ASSERT(r == t->key_len);
410
411       BIGNUM  *ex;
412       sa->dh_shared_key = vec_new(u8, t->key_len);
413       ex = BN_bin2bn(sa->i_dh_data, vec_len(sa->i_dh_data) , NULL);
414       r = DH_compute_key(sa->dh_shared_key, ex, dh);
415       ASSERT(r == t->key_len);
416       BN_clear_free(ex);
417       DH_free(dh);
418     }
419   else if (t->dh_group == IKEV2_DH_GROUP_ECP)
420     {
421       EC_KEY * ec = EC_KEY_new_by_curve_name(t->nid);
422       ASSERT(ec);
423
424       EC_KEY_generate_key(ec);
425
426       const EC_POINT * r_point = EC_KEY_get0_public_key(ec);
427       const EC_GROUP * group = EC_KEY_get0_group(ec);
428       BIGNUM * x = NULL, * y = NULL;
429       BN_CTX * bn_ctx = BN_CTX_new();
430       u16 x_off, y_off, len;
431       EC_POINT * i_point = EC_POINT_new(group);
432       EC_POINT * shared_point = EC_POINT_new(group);
433
434       x = BN_new();
435       y = BN_new();
436       len = t->key_len / 2;
437
438       EC_POINT_get_affine_coordinates_GFp(group, r_point, x, y, bn_ctx);
439       sa->r_dh_data = vec_new(u8, t->key_len);
440       x_off = len - BN_num_bytes(x);
441       memset(sa->r_dh_data, 0, x_off);
442       BN_bn2bin(x, sa->r_dh_data + x_off);
443       y_off = t->key_len - BN_num_bytes(y);
444       memset(sa->r_dh_data + len, 0, y_off - len);
445       BN_bn2bin(y, sa->r_dh_data + y_off);
446
447       x = BN_bin2bn(sa->i_dh_data, len, x);
448       y = BN_bin2bn(sa->i_dh_data + len, len, y);
449       EC_POINT_set_affine_coordinates_GFp(group, i_point, x, y, bn_ctx);
450       sa->dh_shared_key = vec_new(u8, t->key_len);
451       EC_POINT_mul(group, shared_point, NULL, i_point, EC_KEY_get0_private_key(ec), NULL);
452       EC_POINT_get_affine_coordinates_GFp(group, shared_point, x, y, bn_ctx);
453       x_off = len - BN_num_bytes(x);
454       memset(sa->dh_shared_key, 0, x_off);
455       BN_bn2bin(x, sa->dh_shared_key + x_off);
456       y_off = t->key_len - BN_num_bytes(y);
457       memset(sa->dh_shared_key + len, 0, y_off - len);
458       BN_bn2bin(y, sa->dh_shared_key + y_off);
459
460       EC_KEY_free(ec);
461       BN_free(x);
462       BN_free(y);
463       BN_CTX_free(bn_ctx);
464       EC_POINT_free(i_point);
465       EC_POINT_free(shared_point);
466     }
467 }
468
469 int
470 ikev2_verify_sign (EVP_PKEY *pkey, u8 * sigbuf, u8 * data)
471 {
472   EVP_MD_CTX md_ctx;
473
474   EVP_VerifyInit(&md_ctx, EVP_sha1());
475   EVP_VerifyUpdate(&md_ctx, data, vec_len(data));
476
477   return EVP_VerifyFinal(&md_ctx, sigbuf, vec_len(sigbuf), pkey);
478 }
479
480 u8 *
481 ikev2_calc_sign (EVP_PKEY *pkey, u8 * data)
482 {
483   EVP_MD_CTX md_ctx;
484   unsigned int sig_len = 0;
485   u8 * sign;
486
487   EVP_SignInit(&md_ctx, EVP_sha1());
488   EVP_SignUpdate(&md_ctx, data, vec_len(data));
489   /* get sign len */
490   EVP_SignFinal(&md_ctx, NULL, &sig_len, pkey);
491   sign = vec_new(u8, sig_len);
492   /* calc sign */
493   EVP_SignFinal(&md_ctx, sign, &sig_len, pkey);
494
495   return sign;
496 }
497
498 EVP_PKEY *
499 ikev2_load_cert_file (u8 * file)
500 {
501   FILE * fp;
502   X509 * x509;
503   EVP_PKEY * pkey = NULL;
504
505   fp = fopen((char *)file, "r");
506   if (!fp)
507     {
508       clib_warning("open %s failed", file);
509       goto end;
510     }
511
512   x509 = PEM_read_X509(fp, NULL, NULL, NULL);
513   fclose(fp);
514   if (x509 == NULL)
515     {
516       clib_warning("read cert %s failed", file);
517       goto end;
518     }
519
520   pkey = X509_get_pubkey(x509);
521   if (pkey == NULL)
522     clib_warning("get pubkey %s failed", file);
523
524 end:
525   return pkey;
526 }
527
528 EVP_PKEY *
529 ikev2_load_key_file (u8 * file)
530 {
531   FILE *fp;
532   EVP_PKEY * pkey = NULL;
533
534   fp = fopen((char *)file, "r");
535   if (!fp)
536     {
537       clib_warning("open %s failed", file);
538       goto end;
539     }
540
541   pkey = PEM_read_PrivateKey(fp, NULL, NULL, NULL);
542   fclose(fp);
543   if (pkey == NULL)
544     clib_warning("read %s failed", file);
545
546 end:
547   return pkey;
548 }
549
550 void
551 ikev2_crypto_init (ikev2_main_t * km)
552 {
553   ikev2_sa_transform_t * tr;
554
555   /* vector of supported transforms - in order of preference */
556   vec_add2(km->supported_transforms, tr, 1);
557   tr->type        = IKEV2_TRANSFORM_TYPE_ENCR;
558   tr->encr_type   = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
559   tr->key_len     = 256/8;
560   tr->block_size  = 128/8;
561   tr->cipher      = EVP_aes_256_cbc();
562
563   vec_add2(km->supported_transforms, tr, 1);
564   tr->type        = IKEV2_TRANSFORM_TYPE_ENCR;
565   tr->encr_type   = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
566   tr->key_len     = 192/8;
567   tr->block_size  = 128/8;
568   tr->cipher      = EVP_aes_192_cbc();
569
570   vec_add2(km->supported_transforms, tr, 1);
571   tr->type        = IKEV2_TRANSFORM_TYPE_ENCR;
572   tr->encr_type   = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
573   tr->key_len     = 128/8;
574   tr->block_size  = 128/8;
575   tr->cipher      = EVP_aes_128_cbc();
576
577   vec_add2(km->supported_transforms, tr, 1);
578   tr->type        = IKEV2_TRANSFORM_TYPE_PRF;
579   tr->prf_type    = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA1;
580   tr->key_len     = 160/8;
581   tr->key_trunc   = 160/8;
582   tr->md          = EVP_sha1();
583
584   vec_add2(km->supported_transforms, tr, 1);
585   tr->type        = IKEV2_TRANSFORM_TYPE_INTEG;
586   tr->integ_type  = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA1_96;
587   tr->key_len     = 160/8;
588   tr->key_trunc   = 96/8;
589   tr->md          = EVP_sha1();
590
591 #if defined(OPENSSL_NO_CISCO_FECDH)
592   vec_add2(km->supported_transforms, tr, 1);
593   tr->type        = IKEV2_TRANSFORM_TYPE_DH;
594   tr->dh_type     = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_512;
595   tr->key_len     = (512 * 2)/8;
596   tr->nid         = NID_brainpoolP512r1;
597   tr->dh_group    = IKEV2_DH_GROUP_ECP;
598
599   vec_add2(km->supported_transforms, tr, 1);
600   tr->type        = IKEV2_TRANSFORM_TYPE_DH;
601   tr->dh_type     = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_384;
602   tr->key_len     = (384 * 2)/8;
603   tr->nid         = NID_brainpoolP384r1;
604   tr->dh_group    = IKEV2_DH_GROUP_ECP;
605
606   vec_add2(km->supported_transforms, tr, 1);
607   tr->type        = IKEV2_TRANSFORM_TYPE_DH;
608   tr->dh_type     = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_256;
609   tr->key_len     = (256 * 2)/8;
610   tr->nid         = NID_brainpoolP256r1;
611   tr->dh_group    = IKEV2_DH_GROUP_ECP;
612
613   vec_add2(km->supported_transforms, tr, 1);
614   tr->type        = IKEV2_TRANSFORM_TYPE_DH;
615   tr->dh_type     = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_224;
616   tr->key_len     = (224 * 2)/8;
617   tr->nid         = NID_brainpoolP224r1;
618   tr->dh_group    = IKEV2_DH_GROUP_ECP;
619
620   vec_add2(km->supported_transforms, tr, 1);
621   tr->type        = IKEV2_TRANSFORM_TYPE_DH;
622   tr->dh_type     = IKEV2_TRANSFORM_DH_TYPE_ECP_224;
623   tr->key_len     = (224 * 2)/8;
624   tr->nid         = NID_secp224r1;
625   tr->dh_group    = IKEV2_DH_GROUP_ECP;
626 #endif
627
628   vec_add2(km->supported_transforms, tr, 1);
629   tr->type        = IKEV2_TRANSFORM_TYPE_DH;
630   tr->dh_type     = IKEV2_TRANSFORM_DH_TYPE_ECP_521;
631   tr->key_len     = (528 * 2)/8;
632   tr->nid         = NID_secp521r1;
633   tr->dh_group    = IKEV2_DH_GROUP_ECP;
634
635   vec_add2(km->supported_transforms, tr, 1);
636   tr->type        = IKEV2_TRANSFORM_TYPE_DH;
637   tr->dh_type     = IKEV2_TRANSFORM_DH_TYPE_ECP_384;
638   tr->key_len     = (384 * 2)/8;
639   tr->nid         = NID_secp384r1;
640   tr->dh_group    = IKEV2_DH_GROUP_ECP;
641
642   vec_add2(km->supported_transforms, tr, 1);
643   tr->type        = IKEV2_TRANSFORM_TYPE_DH;
644   tr->dh_type     = IKEV2_TRANSFORM_DH_TYPE_ECP_256;
645   tr->key_len     = (256 * 2)/8;
646   tr->nid         = NID_X9_62_prime256v1;
647   tr->dh_group    = IKEV2_DH_GROUP_ECP;
648
649   vec_add2(km->supported_transforms, tr, 1);
650   tr->type        = IKEV2_TRANSFORM_TYPE_DH;
651   tr->dh_type     = IKEV2_TRANSFORM_DH_TYPE_ECP_192;
652   tr->key_len     = (192 * 2)/8;
653   tr->nid         = NID_X9_62_prime192v1;
654   tr->dh_group    = IKEV2_DH_GROUP_ECP;
655
656   vec_add2(km->supported_transforms, tr, 1);
657   tr->type        = IKEV2_TRANSFORM_TYPE_DH;
658   tr->dh_type     = IKEV2_TRANSFORM_DH_TYPE_MODP_2048_256;
659   tr->key_len     = 2048/8;
660   tr->dh_p        = (const char *) &modp_dh_2048_256_prime;
661   tr->dh_g        = (const char *) &modp_dh_2048_256_generator;
662   tr->dh_group    = IKEV2_DH_GROUP_MODP;
663
664   vec_add2(km->supported_transforms, tr, 1);
665   tr->type        = IKEV2_TRANSFORM_TYPE_DH;
666   tr->dh_type     = IKEV2_TRANSFORM_DH_TYPE_MODP_2048_224;
667   tr->key_len     = 2048/8;
668   tr->dh_p        = (const char *) &modp_dh_2048_224_prime;
669   tr->dh_g        = (const char *) &modp_dh_2048_224_generator;
670   tr->dh_group    = IKEV2_DH_GROUP_MODP;
671
672   vec_add2(km->supported_transforms, tr, 1);
673   tr->type        = IKEV2_TRANSFORM_TYPE_DH;
674   tr->dh_type     = IKEV2_TRANSFORM_DH_TYPE_MODP_1024_160;
675   tr->key_len     = 1024/8;
676   tr->dh_p        = (const char *) &modp_dh_1024_160_prime;
677   tr->dh_g        = (const char *) &modp_dh_1024_160_generator;
678   tr->dh_group    = IKEV2_DH_GROUP_MODP;
679
680   vec_add2(km->supported_transforms, tr, 1);
681   tr->type        = IKEV2_TRANSFORM_TYPE_DH;
682   tr->dh_type     = IKEV2_TRANSFORM_DH_TYPE_MODP_8192;
683   tr->key_len     = 8192/8;
684   tr->dh_p        = (const char *) &modp_dh_8192_prime;
685   tr->dh_g        = (const char *) &modp_dh_8192_generator;
686   tr->dh_group    = IKEV2_DH_GROUP_MODP;
687
688   vec_add2(km->supported_transforms, tr, 1);
689   tr->type        = IKEV2_TRANSFORM_TYPE_DH;
690   tr->dh_type     = IKEV2_TRANSFORM_DH_TYPE_MODP_6144;
691   tr->key_len     = 6144/8;
692   tr->dh_p        = (const char *) &modp_dh_6144_prime;
693   tr->dh_g        = (const char *) &modp_dh_6144_generator;
694   tr->dh_group    = IKEV2_DH_GROUP_MODP;
695
696   vec_add2(km->supported_transforms, tr, 1);
697   tr->type        = IKEV2_TRANSFORM_TYPE_DH;
698   tr->dh_type     = IKEV2_TRANSFORM_DH_TYPE_MODP_4096;
699   tr->key_len     = 4096/8;
700   tr->dh_p        = (const char *) &modp_dh_4096_prime;
701   tr->dh_g        = (const char *) &modp_dh_4096_generator;
702   tr->dh_group    = IKEV2_DH_GROUP_MODP;
703
704   vec_add2(km->supported_transforms, tr, 1);
705   tr->type        = IKEV2_TRANSFORM_TYPE_DH;
706   tr->dh_type     = IKEV2_TRANSFORM_DH_TYPE_MODP_3072;
707   tr->key_len     = 3072/8;
708   tr->dh_p        = (const char *) &modp_dh_3072_prime;
709   tr->dh_g        = (const char *) &modp_dh_3072_generator;
710   tr->dh_group    = IKEV2_DH_GROUP_MODP;
711
712   vec_add2(km->supported_transforms, tr, 1);
713   tr->type        = IKEV2_TRANSFORM_TYPE_DH;
714   tr->dh_type     = IKEV2_TRANSFORM_DH_TYPE_MODP_2048;
715   tr->key_len     = 2048/8;
716   tr->dh_p        = (const char *) &modp_dh_2048_prime;
717   tr->dh_g        = (const char *) &modp_dh_2048_generator;
718   tr->dh_group    = IKEV2_DH_GROUP_MODP;
719
720   vec_add2(km->supported_transforms, tr, 1);
721   tr->type        = IKEV2_TRANSFORM_TYPE_DH;
722   tr->dh_type     = IKEV2_TRANSFORM_DH_TYPE_MODP_1536;
723   tr->key_len     = 1536/8;
724   tr->dh_p        = (const char *) &modp_dh_1536_prime;
725   tr->dh_g        = (const char *) &modp_dh_1536_generator;
726   tr->dh_group    = IKEV2_DH_GROUP_MODP;
727
728   vec_add2(km->supported_transforms, tr, 1);
729   tr->type        = IKEV2_TRANSFORM_TYPE_DH;
730   tr->dh_type     = IKEV2_TRANSFORM_DH_TYPE_MODP_1024;
731   tr->key_len     = 1024/8;
732   tr->dh_p        = (const char *) &modp_dh_1024_prime;
733   tr->dh_g        = (const char *) &modp_dh_1024_generator;
734   tr->dh_group    = IKEV2_DH_GROUP_MODP;
735
736   vec_add2(km->supported_transforms, tr, 1);
737   tr->type        = IKEV2_TRANSFORM_TYPE_DH;
738   tr->dh_type     = IKEV2_TRANSFORM_DH_TYPE_MODP_768;
739   tr->key_len     = 768/8;
740   tr->dh_p        = (const char *) &modp_dh_768_prime;
741   tr->dh_g        = (const char *) &modp_dh_768_generator;
742   tr->dh_group    = IKEV2_DH_GROUP_MODP;
743
744   vec_add2(km->supported_transforms, tr, 1);
745   tr->type        = IKEV2_TRANSFORM_TYPE_ESN;
746   tr->esn_type    = IKEV2_TRANSFORM_ESN_TYPE_ESN;
747
748   vec_add2(km->supported_transforms, tr, 1);
749   tr->type        = IKEV2_TRANSFORM_TYPE_ESN;
750   tr->esn_type    = IKEV2_TRANSFORM_ESN_TYPE_NO_ESN;
751 }
752
753
Vector Packet Processing