2 * Copyright (c) 2015 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
16 #include <vlib/vlib.h>
17 #include <vnet/vnet.h>
18 #include <vnet/pg/pg.h>
19 #include <vppinfra/error.h>
20 #include <vnet/ip/udp.h>
21 #include <vnet/ipsec/ikev2.h>
22 #include <vnet/ipsec/ikev2_priv.h>
23 #include <openssl/obj_mac.h>
24 #include <openssl/ec.h>
25 #include <openssl/x509.h>
26 #include <openssl/pem.h>
27 #include <openssl/bn.h>
30 static const char modp_dh_768_prime[] =
31 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
32 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
33 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
34 "E485B576625E7EC6F44C42E9A63A3620FFFFFFFFFFFFFFFF";
35 static const char modp_dh_768_generator[] = "02";
37 static const char modp_dh_1024_prime[] =
38 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
39 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
40 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
41 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
42 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381"
44 static const char modp_dh_1024_generator[] = "02";
47 static const char modp_dh_1536_prime[] =
48 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
49 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
50 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
51 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
52 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
53 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
54 "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
55 "670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF";
56 static const char modp_dh_1536_generator[] = "02";
58 static const char modp_dh_2048_prime[] =
59 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
60 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
61 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
62 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
63 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
64 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
65 "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
66 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
67 "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
68 "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
69 "15728E5A8AACAA68FFFFFFFFFFFFFFFF";
70 static const char modp_dh_2048_generator[] = "02";
72 static const char modp_dh_3072_prime[] =
73 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
74 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
75 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
76 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
77 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
78 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
79 "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
80 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
81 "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
82 "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
83 "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
84 "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
85 "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
86 "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
87 "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
88 "43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF";
89 static const char modp_dh_3072_generator[] = "02";
91 static const char modp_dh_4096_prime[] =
92 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
93 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
94 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
95 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
96 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
97 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
98 "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
99 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
100 "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
101 "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
102 "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
103 "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
104 "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
105 "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
106 "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
107 "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7"
108 "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA"
109 "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6"
110 "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED"
111 "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9"
112 "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199"
114 static const char modp_dh_4096_generator[] = "02";
116 static const char modp_dh_6144_prime[] =
117 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E08"
118 "8A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B"
119 "302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9"
120 "A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE6"
121 "49286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8"
122 "FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D"
123 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C"
124 "180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF695581718"
125 "3995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D"
126 "04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7D"
127 "B3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D226"
128 "1AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
129 "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFC"
130 "E0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B26"
131 "99C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB"
132 "04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2"
133 "233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127"
134 "D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492"
135 "36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406"
136 "AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918"
137 "DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B33205151"
138 "2BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03"
139 "F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97F"
140 "BEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA"
141 "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58B"
142 "B7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632"
143 "387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E"
144 "6DCC4024FFFFFFFFFFFFFFFF";
145 static const char modp_dh_6144_generator[] = "02";
147 static const char modp_dh_8192_prime[] =
148 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
149 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
150 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
151 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
152 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
153 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
154 "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
155 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
156 "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
157 "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
158 "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
159 "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
160 "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
161 "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
162 "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
163 "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7"
164 "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA"
165 "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6"
166 "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED"
167 "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9"
168 "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492"
169 "36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BD"
170 "F8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831"
171 "179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1B"
172 "DB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF"
173 "5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6"
174 "D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F3"
175 "23A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA"
176 "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE328"
177 "06A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55C"
178 "DA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE"
179 "12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E4"
180 "38777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300"
181 "741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F568"
182 "3423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD9"
183 "22222E04A4037C0713EB57A81A23F0C73473FC646CEA306B"
184 "4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A"
185 "062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A36"
186 "4597E899A0255DC164F31CC50846851DF9AB48195DED7EA1"
187 "B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F92"
188 "4009438B481C6CD7889A002ED5EE382BC9190DA6FC026E47"
189 "9558E4475677E9AA9E3050E2765694DFC81F56E880B96E71"
190 "60C980DD98EDD3DFFFFFFFFFFFFFFFFF";
191 static const char modp_dh_8192_generator[] = "02";
194 static const char modp_dh_1024_160_prime[] =
195 "B10B8F96A080E01DDE92DE5EAE5D54EC52C99FBCFB06A3C6"
196 "9A6A9DCA52D23B616073E28675A23D189838EF1E2EE652C0"
197 "13ECB4AEA906112324975C3CD49B83BFACCBDD7D90C4BD70"
198 "98488E9C219A73724EFFD6FAE5644738FAA31A4FF55BCCC0"
199 "A151AF5F0DC8B4BD45BF37DF365C1A65E68CFDA76D4DA708"
201 static const char modp_dh_1024_160_generator[] =
202 "A4D1CBD5C3FD34126765A442EFB99905F8104DD258AC507F"
203 "D6406CFF14266D31266FEA1E5C41564B777E690F5504F213"
204 "160217B4B01B886A5E91547F9E2749F4D7FBD7D3B9A92EE1"
205 "909D0D2263F80A76A6A24C087A091F531DBF0A0169B6A28A"
206 "D662A4D18E73AFA32D779D5918D08BC8858F4DCEF97C2A24"
209 static const char modp_dh_2048_224_prime[] =
210 "AD107E1E9123A9D0D660FAA79559C51FA20D64E5683B9FD1"
211 "B54B1597B61D0A75E6FA141DF95A56DBAF9A3C407BA1DF15"
212 "EB3D688A309C180E1DE6B85A1274A0A66D3F8152AD6AC212"
213 "9037C9EDEFDA4DF8D91E8FEF55B7394B7AD5B7D0B6C12207"
214 "C9F98D11ED34DBF6C6BA0B2C8BBC27BE6A00E0A0B9C49708"
215 "B3BF8A317091883681286130BC8985DB1602E714415D9330"
216 "278273C7DE31EFDC7310F7121FD5A07415987D9ADC0A486D"
217 "CDF93ACC44328387315D75E198C641A480CD86A1B9E587E8"
218 "BE60E69CC928B2B9C52172E413042E9B23F10B0E16E79763"
219 "C9B53DCF4BA80A29E3FB73C16B8E75B97EF363E2FFA31F71"
220 "CF9DE5384E71B81C0AC4DFFE0C10E64F";
221 static const char modp_dh_2048_224_generator[] =
222 "AC4032EF4F2D9AE39DF30B5C8FFDAC506CDEBE7B89998CAF"
223 "74866A08CFE4FFE3A6824A4E10B9A6F0DD921F01A70C4AFA"
224 "AB739D7700C29F52C57DB17C620A8652BE5E9001A8D66AD7"
225 "C17669101999024AF4D027275AC1348BB8A762D0521BC98A"
226 "E247150422EA1ED409939D54DA7460CDB5F6C6B250717CBE"
227 "F180EB34118E98D119529A45D6F834566E3025E316A330EF"
228 "BB77A86F0C1AB15B051AE3D428C8F8ACB70A8137150B8EEB"
229 "10E183EDD19963DDD9E263E4770589EF6AA21E7F5F2FF381"
230 "B539CCE3409D13CD566AFBB48D6C019181E1BCFE94B30269"
231 "EDFE72FE9B6AA4BD7B5A0F1C71CFFF4C19C418E1F6EC0179"
232 "81BC087F2A7065B384B890D3191F2BFA";
234 static const char modp_dh_2048_256_prime[] =
235 "87A8E61DB4B6663CFFBBD19C651959998CEEF608660DD0F2"
236 "5D2CEED4435E3B00E00DF8F1D61957D4FAF7DF4561B2AA30"
237 "16C3D91134096FAA3BF4296D830E9A7C209E0C6497517ABD"
238 "5A8A9D306BCF67ED91F9E6725B4758C022E0B1EF4275BF7B"
239 "6C5BFC11D45F9088B941F54EB1E59BB8BC39A0BF12307F5C"
240 "4FDB70C581B23F76B63ACAE1CAA6B7902D52526735488A0E"
241 "F13C6D9A51BFA4AB3AD8347796524D8EF6A167B5A41825D9"
242 "67E144E5140564251CCACB83E6B486F6B3CA3F7971506026"
243 "C0B857F689962856DED4010ABD0BE621C3A3960A54E710C3"
244 "75F26375D7014103A4B54330C198AF126116D2276E11715F"
245 "693877FAD7EF09CADB094AE91E1A1597";
246 static const char modp_dh_2048_256_generator[] =
247 "3FB32C9B73134D0B2E77506660EDBD484CA7B18F21EF2054"
248 "07F4793A1A0BA12510DBC15077BE463FFF4FED4AAC0BB555"
249 "BE3A6C1B0C6B47B1BC3773BF7E8C6F62901228F8C28CBB18"
250 "A55AE31341000A650196F931C77A57F2DDF463E5E9EC144B"
251 "777DE62AAAB8A8628AC376D282D6ED3864E67982428EBC83"
252 "1D14348F6F2F9193B5045AF2767164E1DFC967C1FB3F2E55"
253 "A4BD1BFFE83B9C80D052B985D182EA0ADB2A3B7313D3FE14"
254 "C8484B1E052588B9B7D2BBD2DF016199ECD06E1557CD0915"
255 "B3353BBB64E0EC377FD028370DF92B52C7891428CDC67EB6"
256 "184B523D1DB246C32F63078490F00EF8D647D148D4795451"
257 "5E2327CFEF98C582664B4C0F6CC41659";
260 ikev2_calc_prf(ikev2_sa_transform_t * tr, v8 * key, v8 * data)
264 unsigned int len = 0;
266 prf = vec_new(u8, tr->key_trunc);
268 HMAC_Init_ex(&ctx, key, vec_len(key), tr->md, NULL);
269 HMAC_Update(&ctx, data, vec_len(data));
270 HMAC_Final(&ctx, prf, &len);
271 HMAC_CTX_cleanup(&ctx);
273 ASSERT(len == tr->key_trunc);
278 ikev2_calc_prfplus(ikev2_sa_transform_t * tr, u8 * key, u8 * seed, int len)
280 v8 * t = 0, * s = 0, * tmp = 0, * ret = 0;
283 /* prf+ (K,S) = T1 | T2 | T3 | T4 | ...
286 T1 = prf (K, S | 0x01)
287 T2 = prf (K, T1 | S | 0x02)
288 T3 = prf (K, T2 | S | 0x03)
289 T4 = prf (K, T3 | S | 0x04)
292 while (vec_len(ret) < len && x < 255) {
301 t = ikev2_calc_prf(tr, key, s);
317 ikev2_calc_integr(ikev2_sa_transform_t * tr, v8 * key, u8 * data, int len)
323 ASSERT(tr->type == IKEV2_TRANSFORM_TYPE_INTEG);
325 r = vec_new(u8, tr->key_len);
327 /* verify integrity of data */
328 HMAC_CTX_init(&hctx);
329 HMAC_Init(&hctx, key, vec_len(key), tr->md);
330 HMAC_Update(&hctx, (const u8 *) data, len);
331 HMAC_Final(&hctx, r, &l);
332 HMAC_CTX_cleanup(&hctx);
334 ASSERT(l == tr->key_len);
340 ikev2_decrypt_data(ikev2_sa_t * sa, u8 * data, int len)
344 int out_len = 0, block_size;
345 ikev2_sa_transform_t * tr_encr;
347 tr_encr = ikev2_sa_get_td_for_type(sa->r_proposals, IKEV2_TRANSFORM_TYPE_ENCR);
348 block_size = tr_encr->block_size;
350 /* check if data is multiplier of cipher block size */
351 if (len % block_size) {
352 clib_warning("wrong data length");
356 EVP_CIPHER_CTX_init(&ctx);
357 r = vec_new(u8, len - block_size);
358 EVP_DecryptInit_ex(&ctx, tr_encr->cipher, NULL, sa->sk_ei, data);
359 EVP_DecryptUpdate(&ctx, r, &out_len, data+block_size, len-block_size);
360 EVP_DecryptFinal_ex(&ctx, r + out_len, &out_len);
363 _vec_len(r) -= r[vec_len(r)-1] + 1;
365 EVP_CIPHER_CTX_cleanup(&ctx);
370 ikev2_encrypt_data(ikev2_sa_t * sa, v8 * src, u8 * dst)
375 ikev2_sa_transform_t * tr_encr;
377 tr_encr = ikev2_sa_get_td_for_type(sa->r_proposals, IKEV2_TRANSFORM_TYPE_ENCR);
378 bs = tr_encr->block_size;
383 EVP_CIPHER_CTX_init(&ctx);
385 EVP_EncryptInit_ex(&ctx, tr_encr->cipher, NULL, sa->sk_er, dst /* dst */ );
386 EVP_EncryptUpdate(&ctx, dst + bs, &out_len, src, vec_len(src));
388 EVP_CIPHER_CTX_cleanup(&ctx);
390 ASSERT(vec_len(src) == out_len);
396 ikev2_generate_dh(ikev2_sa_t * sa, ikev2_sa_transform_t * t)
400 if (t->dh_group == IKEV2_DH_GROUP_MODP)
403 BN_hex2bn(&dh->p, t->dh_p);
404 BN_hex2bn(&dh->g, t->dh_g);
407 sa->r_dh_data = vec_new(u8, t->key_len);
408 r = BN_bn2bin(dh->pub_key, sa->r_dh_data);
409 ASSERT(r == t->key_len);
412 sa->dh_shared_key = vec_new(u8, t->key_len);
413 ex = BN_bin2bn(sa->i_dh_data, vec_len(sa->i_dh_data) , NULL);
414 r = DH_compute_key(sa->dh_shared_key, ex, dh);
415 ASSERT(r == t->key_len);
419 else if (t->dh_group == IKEV2_DH_GROUP_ECP)
421 EC_KEY * ec = EC_KEY_new_by_curve_name(t->nid);
424 EC_KEY_generate_key(ec);
426 const EC_POINT * r_point = EC_KEY_get0_public_key(ec);
427 const EC_GROUP * group = EC_KEY_get0_group(ec);
428 BIGNUM * x = NULL, * y = NULL;
429 BN_CTX * bn_ctx = BN_CTX_new();
430 u16 x_off, y_off, len;
431 EC_POINT * i_point = EC_POINT_new(group);
432 EC_POINT * shared_point = EC_POINT_new(group);
436 len = t->key_len / 2;
438 EC_POINT_get_affine_coordinates_GFp(group, r_point, x, y, bn_ctx);
439 sa->r_dh_data = vec_new(u8, t->key_len);
440 x_off = len - BN_num_bytes(x);
441 memset(sa->r_dh_data, 0, x_off);
442 BN_bn2bin(x, sa->r_dh_data + x_off);
443 y_off = t->key_len - BN_num_bytes(y);
444 memset(sa->r_dh_data + len, 0, y_off - len);
445 BN_bn2bin(y, sa->r_dh_data + y_off);
447 x = BN_bin2bn(sa->i_dh_data, len, x);
448 y = BN_bin2bn(sa->i_dh_data + len, len, y);
449 EC_POINT_set_affine_coordinates_GFp(group, i_point, x, y, bn_ctx);
450 sa->dh_shared_key = vec_new(u8, t->key_len);
451 EC_POINT_mul(group, shared_point, NULL, i_point, EC_KEY_get0_private_key(ec), NULL);
452 EC_POINT_get_affine_coordinates_GFp(group, shared_point, x, y, bn_ctx);
453 x_off = len - BN_num_bytes(x);
454 memset(sa->dh_shared_key, 0, x_off);
455 BN_bn2bin(x, sa->dh_shared_key + x_off);
456 y_off = t->key_len - BN_num_bytes(y);
457 memset(sa->dh_shared_key + len, 0, y_off - len);
458 BN_bn2bin(y, sa->dh_shared_key + y_off);
464 EC_POINT_free(i_point);
465 EC_POINT_free(shared_point);
470 ikev2_verify_sign (EVP_PKEY *pkey, u8 * sigbuf, u8 * data)
474 EVP_VerifyInit(&md_ctx, EVP_sha1());
475 EVP_VerifyUpdate(&md_ctx, data, vec_len(data));
477 return EVP_VerifyFinal(&md_ctx, sigbuf, vec_len(sigbuf), pkey);
481 ikev2_calc_sign (EVP_PKEY *pkey, u8 * data)
484 unsigned int sig_len = 0;
487 EVP_SignInit(&md_ctx, EVP_sha1());
488 EVP_SignUpdate(&md_ctx, data, vec_len(data));
490 EVP_SignFinal(&md_ctx, NULL, &sig_len, pkey);
491 sign = vec_new(u8, sig_len);
493 EVP_SignFinal(&md_ctx, sign, &sig_len, pkey);
499 ikev2_load_cert_file (u8 * file)
503 EVP_PKEY * pkey = NULL;
505 fp = fopen((char *)file, "r");
508 clib_warning("open %s failed", file);
512 x509 = PEM_read_X509(fp, NULL, NULL, NULL);
516 clib_warning("read cert %s failed", file);
520 pkey = X509_get_pubkey(x509);
522 clib_warning("get pubkey %s failed", file);
529 ikev2_load_key_file (u8 * file)
532 EVP_PKEY * pkey = NULL;
534 fp = fopen((char *)file, "r");
537 clib_warning("open %s failed", file);
541 pkey = PEM_read_PrivateKey(fp, NULL, NULL, NULL);
544 clib_warning("read %s failed", file);
551 ikev2_crypto_init (ikev2_main_t * km)
553 ikev2_sa_transform_t * tr;
555 /* vector of supported transforms - in order of preference */
556 vec_add2(km->supported_transforms, tr, 1);
557 tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
558 tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
560 tr->block_size = 128/8;
561 tr->cipher = EVP_aes_256_cbc();
563 vec_add2(km->supported_transforms, tr, 1);
564 tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
565 tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
567 tr->block_size = 128/8;
568 tr->cipher = EVP_aes_192_cbc();
570 vec_add2(km->supported_transforms, tr, 1);
571 tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
572 tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
574 tr->block_size = 128/8;
575 tr->cipher = EVP_aes_128_cbc();
577 vec_add2(km->supported_transforms, tr, 1);
578 tr->type = IKEV2_TRANSFORM_TYPE_PRF;
579 tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA1;
581 tr->key_trunc = 160/8;
584 vec_add2(km->supported_transforms, tr, 1);
585 tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
586 tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA1_96;
588 tr->key_trunc = 96/8;
591 #if defined(OPENSSL_NO_CISCO_FECDH)
592 vec_add2(km->supported_transforms, tr, 1);
593 tr->type = IKEV2_TRANSFORM_TYPE_DH;
594 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_512;
595 tr->key_len = (512 * 2)/8;
596 tr->nid = NID_brainpoolP512r1;
597 tr->dh_group = IKEV2_DH_GROUP_ECP;
599 vec_add2(km->supported_transforms, tr, 1);
600 tr->type = IKEV2_TRANSFORM_TYPE_DH;
601 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_384;
602 tr->key_len = (384 * 2)/8;
603 tr->nid = NID_brainpoolP384r1;
604 tr->dh_group = IKEV2_DH_GROUP_ECP;
606 vec_add2(km->supported_transforms, tr, 1);
607 tr->type = IKEV2_TRANSFORM_TYPE_DH;
608 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_256;
609 tr->key_len = (256 * 2)/8;
610 tr->nid = NID_brainpoolP256r1;
611 tr->dh_group = IKEV2_DH_GROUP_ECP;
613 vec_add2(km->supported_transforms, tr, 1);
614 tr->type = IKEV2_TRANSFORM_TYPE_DH;
615 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_224;
616 tr->key_len = (224 * 2)/8;
617 tr->nid = NID_brainpoolP224r1;
618 tr->dh_group = IKEV2_DH_GROUP_ECP;
620 vec_add2(km->supported_transforms, tr, 1);
621 tr->type = IKEV2_TRANSFORM_TYPE_DH;
622 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_224;
623 tr->key_len = (224 * 2)/8;
624 tr->nid = NID_secp224r1;
625 tr->dh_group = IKEV2_DH_GROUP_ECP;
628 vec_add2(km->supported_transforms, tr, 1);
629 tr->type = IKEV2_TRANSFORM_TYPE_DH;
630 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_521;
631 tr->key_len = (528 * 2)/8;
632 tr->nid = NID_secp521r1;
633 tr->dh_group = IKEV2_DH_GROUP_ECP;
635 vec_add2(km->supported_transforms, tr, 1);
636 tr->type = IKEV2_TRANSFORM_TYPE_DH;
637 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_384;
638 tr->key_len = (384 * 2)/8;
639 tr->nid = NID_secp384r1;
640 tr->dh_group = IKEV2_DH_GROUP_ECP;
642 vec_add2(km->supported_transforms, tr, 1);
643 tr->type = IKEV2_TRANSFORM_TYPE_DH;
644 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_256;
645 tr->key_len = (256 * 2)/8;
646 tr->nid = NID_X9_62_prime256v1;
647 tr->dh_group = IKEV2_DH_GROUP_ECP;
649 vec_add2(km->supported_transforms, tr, 1);
650 tr->type = IKEV2_TRANSFORM_TYPE_DH;
651 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_192;
652 tr->key_len = (192 * 2)/8;
653 tr->nid = NID_X9_62_prime192v1;
654 tr->dh_group = IKEV2_DH_GROUP_ECP;
656 vec_add2(km->supported_transforms, tr, 1);
657 tr->type = IKEV2_TRANSFORM_TYPE_DH;
658 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048_256;
659 tr->key_len = 2048/8;
660 tr->dh_p = (const char *) &modp_dh_2048_256_prime;
661 tr->dh_g = (const char *) &modp_dh_2048_256_generator;
662 tr->dh_group = IKEV2_DH_GROUP_MODP;
664 vec_add2(km->supported_transforms, tr, 1);
665 tr->type = IKEV2_TRANSFORM_TYPE_DH;
666 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048_224;
667 tr->key_len = 2048/8;
668 tr->dh_p = (const char *) &modp_dh_2048_224_prime;
669 tr->dh_g = (const char *) &modp_dh_2048_224_generator;
670 tr->dh_group = IKEV2_DH_GROUP_MODP;
672 vec_add2(km->supported_transforms, tr, 1);
673 tr->type = IKEV2_TRANSFORM_TYPE_DH;
674 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1024_160;
675 tr->key_len = 1024/8;
676 tr->dh_p = (const char *) &modp_dh_1024_160_prime;
677 tr->dh_g = (const char *) &modp_dh_1024_160_generator;
678 tr->dh_group = IKEV2_DH_GROUP_MODP;
680 vec_add2(km->supported_transforms, tr, 1);
681 tr->type = IKEV2_TRANSFORM_TYPE_DH;
682 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_8192;
683 tr->key_len = 8192/8;
684 tr->dh_p = (const char *) &modp_dh_8192_prime;
685 tr->dh_g = (const char *) &modp_dh_8192_generator;
686 tr->dh_group = IKEV2_DH_GROUP_MODP;
688 vec_add2(km->supported_transforms, tr, 1);
689 tr->type = IKEV2_TRANSFORM_TYPE_DH;
690 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_6144;
691 tr->key_len = 6144/8;
692 tr->dh_p = (const char *) &modp_dh_6144_prime;
693 tr->dh_g = (const char *) &modp_dh_6144_generator;
694 tr->dh_group = IKEV2_DH_GROUP_MODP;
696 vec_add2(km->supported_transforms, tr, 1);
697 tr->type = IKEV2_TRANSFORM_TYPE_DH;
698 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_4096;
699 tr->key_len = 4096/8;
700 tr->dh_p = (const char *) &modp_dh_4096_prime;
701 tr->dh_g = (const char *) &modp_dh_4096_generator;
702 tr->dh_group = IKEV2_DH_GROUP_MODP;
704 vec_add2(km->supported_transforms, tr, 1);
705 tr->type = IKEV2_TRANSFORM_TYPE_DH;
706 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_3072;
707 tr->key_len = 3072/8;
708 tr->dh_p = (const char *) &modp_dh_3072_prime;
709 tr->dh_g = (const char *) &modp_dh_3072_generator;
710 tr->dh_group = IKEV2_DH_GROUP_MODP;
712 vec_add2(km->supported_transforms, tr, 1);
713 tr->type = IKEV2_TRANSFORM_TYPE_DH;
714 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048;
715 tr->key_len = 2048/8;
716 tr->dh_p = (const char *) &modp_dh_2048_prime;
717 tr->dh_g = (const char *) &modp_dh_2048_generator;
718 tr->dh_group = IKEV2_DH_GROUP_MODP;
720 vec_add2(km->supported_transforms, tr, 1);
721 tr->type = IKEV2_TRANSFORM_TYPE_DH;
722 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1536;
723 tr->key_len = 1536/8;
724 tr->dh_p = (const char *) &modp_dh_1536_prime;
725 tr->dh_g = (const char *) &modp_dh_1536_generator;
726 tr->dh_group = IKEV2_DH_GROUP_MODP;
728 vec_add2(km->supported_transforms, tr, 1);
729 tr->type = IKEV2_TRANSFORM_TYPE_DH;
730 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1024;
731 tr->key_len = 1024/8;
732 tr->dh_p = (const char *) &modp_dh_1024_prime;
733 tr->dh_g = (const char *) &modp_dh_1024_generator;
734 tr->dh_group = IKEV2_DH_GROUP_MODP;
736 vec_add2(km->supported_transforms, tr, 1);
737 tr->type = IKEV2_TRANSFORM_TYPE_DH;
738 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_768;
740 tr->dh_p = (const char *) &modp_dh_768_prime;
741 tr->dh_g = (const char *) &modp_dh_768_generator;
742 tr->dh_group = IKEV2_DH_GROUP_MODP;
744 vec_add2(km->supported_transforms, tr, 1);
745 tr->type = IKEV2_TRANSFORM_TYPE_ESN;
746 tr->esn_type = IKEV2_TRANSFORM_ESN_TYPE_ESN;
748 vec_add2(km->supported_transforms, tr, 1);
749 tr->type = IKEV2_TRANSFORM_TYPE_ESN;
750 tr->esn_type = IKEV2_TRANSFORM_ESN_TYPE_NO_ESN;