2 * Copyright (c) 2015 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
16 #include <vlib/vlib.h>
17 #include <vnet/vnet.h>
18 #include <vnet/pg/pg.h>
19 #include <vppinfra/error.h>
20 #include <vnet/ip/udp.h>
21 #include <vnet/ipsec/ikev2.h>
22 #include <vnet/ipsec/ikev2_priv.h>
23 #include <openssl/obj_mac.h>
24 #include <openssl/ec.h>
25 #include <openssl/x509.h>
26 #include <openssl/pem.h>
27 #include <openssl/bn.h>
30 static const char modp_dh_768_prime[] =
31 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
32 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
33 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
34 "E485B576625E7EC6F44C42E9A63A3620FFFFFFFFFFFFFFFF";
35 static const char modp_dh_768_generator[] = "02";
37 static const char modp_dh_1024_prime[] =
38 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
39 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
40 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
41 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
42 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381" "FFFFFFFFFFFFFFFF";
43 static const char modp_dh_1024_generator[] = "02";
46 static const char modp_dh_1536_prime[] =
47 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
48 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
49 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
50 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
51 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
52 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
53 "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
54 "670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF";
55 static const char modp_dh_1536_generator[] = "02";
57 static const char modp_dh_2048_prime[] =
58 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
59 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
60 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
61 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
62 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
63 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
64 "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
65 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
66 "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
67 "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
68 "15728E5A8AACAA68FFFFFFFFFFFFFFFF";
69 static const char modp_dh_2048_generator[] = "02";
71 static const char modp_dh_3072_prime[] =
72 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
73 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
74 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
75 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
76 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
77 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
78 "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
79 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
80 "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
81 "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
82 "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
83 "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
84 "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
85 "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
86 "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
87 "43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF";
88 static const char modp_dh_3072_generator[] = "02";
90 static const char modp_dh_4096_prime[] =
91 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
92 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
93 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
94 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
95 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
96 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
97 "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
98 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
99 "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
100 "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
101 "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
102 "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
103 "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
104 "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
105 "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
106 "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7"
107 "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA"
108 "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6"
109 "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED"
110 "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9"
111 "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199" "FFFFFFFFFFFFFFFF";
112 static const char modp_dh_4096_generator[] = "02";
114 static const char modp_dh_6144_prime[] =
115 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E08"
116 "8A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B"
117 "302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9"
118 "A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE6"
119 "49286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8"
120 "FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D"
121 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C"
122 "180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF695581718"
123 "3995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D"
124 "04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7D"
125 "B3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D226"
126 "1AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
127 "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFC"
128 "E0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B26"
129 "99C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB"
130 "04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2"
131 "233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127"
132 "D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492"
133 "36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406"
134 "AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918"
135 "DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B33205151"
136 "2BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03"
137 "F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97F"
138 "BEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA"
139 "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58B"
140 "B7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632"
141 "387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E"
142 "6DCC4024FFFFFFFFFFFFFFFF";
143 static const char modp_dh_6144_generator[] = "02";
145 static const char modp_dh_8192_prime[] =
146 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
147 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
148 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
149 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
150 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
151 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
152 "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
153 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
154 "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
155 "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
156 "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
157 "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
158 "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
159 "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
160 "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
161 "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7"
162 "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA"
163 "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6"
164 "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED"
165 "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9"
166 "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492"
167 "36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BD"
168 "F8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831"
169 "179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1B"
170 "DB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF"
171 "5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6"
172 "D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F3"
173 "23A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA"
174 "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE328"
175 "06A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55C"
176 "DA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE"
177 "12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E4"
178 "38777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300"
179 "741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F568"
180 "3423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD9"
181 "22222E04A4037C0713EB57A81A23F0C73473FC646CEA306B"
182 "4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A"
183 "062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A36"
184 "4597E899A0255DC164F31CC50846851DF9AB48195DED7EA1"
185 "B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F92"
186 "4009438B481C6CD7889A002ED5EE382BC9190DA6FC026E47"
187 "9558E4475677E9AA9E3050E2765694DFC81F56E880B96E71"
188 "60C980DD98EDD3DFFFFFFFFFFFFFFFFF";
189 static const char modp_dh_8192_generator[] = "02";
192 static const char modp_dh_1024_160_prime[] =
193 "B10B8F96A080E01DDE92DE5EAE5D54EC52C99FBCFB06A3C6"
194 "9A6A9DCA52D23B616073E28675A23D189838EF1E2EE652C0"
195 "13ECB4AEA906112324975C3CD49B83BFACCBDD7D90C4BD70"
196 "98488E9C219A73724EFFD6FAE5644738FAA31A4FF55BCCC0"
197 "A151AF5F0DC8B4BD45BF37DF365C1A65E68CFDA76D4DA708" "DF1FB2BC2E4A4371";
198 static const char modp_dh_1024_160_generator[] =
199 "A4D1CBD5C3FD34126765A442EFB99905F8104DD258AC507F"
200 "D6406CFF14266D31266FEA1E5C41564B777E690F5504F213"
201 "160217B4B01B886A5E91547F9E2749F4D7FBD7D3B9A92EE1"
202 "909D0D2263F80A76A6A24C087A091F531DBF0A0169B6A28A"
203 "D662A4D18E73AFA32D779D5918D08BC8858F4DCEF97C2A24" "855E6EEB22B3B2E5";
205 static const char modp_dh_2048_224_prime[] =
206 "AD107E1E9123A9D0D660FAA79559C51FA20D64E5683B9FD1"
207 "B54B1597B61D0A75E6FA141DF95A56DBAF9A3C407BA1DF15"
208 "EB3D688A309C180E1DE6B85A1274A0A66D3F8152AD6AC212"
209 "9037C9EDEFDA4DF8D91E8FEF55B7394B7AD5B7D0B6C12207"
210 "C9F98D11ED34DBF6C6BA0B2C8BBC27BE6A00E0A0B9C49708"
211 "B3BF8A317091883681286130BC8985DB1602E714415D9330"
212 "278273C7DE31EFDC7310F7121FD5A07415987D9ADC0A486D"
213 "CDF93ACC44328387315D75E198C641A480CD86A1B9E587E8"
214 "BE60E69CC928B2B9C52172E413042E9B23F10B0E16E79763"
215 "C9B53DCF4BA80A29E3FB73C16B8E75B97EF363E2FFA31F71"
216 "CF9DE5384E71B81C0AC4DFFE0C10E64F";
217 static const char modp_dh_2048_224_generator[] =
218 "AC4032EF4F2D9AE39DF30B5C8FFDAC506CDEBE7B89998CAF"
219 "74866A08CFE4FFE3A6824A4E10B9A6F0DD921F01A70C4AFA"
220 "AB739D7700C29F52C57DB17C620A8652BE5E9001A8D66AD7"
221 "C17669101999024AF4D027275AC1348BB8A762D0521BC98A"
222 "E247150422EA1ED409939D54DA7460CDB5F6C6B250717CBE"
223 "F180EB34118E98D119529A45D6F834566E3025E316A330EF"
224 "BB77A86F0C1AB15B051AE3D428C8F8ACB70A8137150B8EEB"
225 "10E183EDD19963DDD9E263E4770589EF6AA21E7F5F2FF381"
226 "B539CCE3409D13CD566AFBB48D6C019181E1BCFE94B30269"
227 "EDFE72FE9B6AA4BD7B5A0F1C71CFFF4C19C418E1F6EC0179"
228 "81BC087F2A7065B384B890D3191F2BFA";
230 static const char modp_dh_2048_256_prime[] =
231 "87A8E61DB4B6663CFFBBD19C651959998CEEF608660DD0F2"
232 "5D2CEED4435E3B00E00DF8F1D61957D4FAF7DF4561B2AA30"
233 "16C3D91134096FAA3BF4296D830E9A7C209E0C6497517ABD"
234 "5A8A9D306BCF67ED91F9E6725B4758C022E0B1EF4275BF7B"
235 "6C5BFC11D45F9088B941F54EB1E59BB8BC39A0BF12307F5C"
236 "4FDB70C581B23F76B63ACAE1CAA6B7902D52526735488A0E"
237 "F13C6D9A51BFA4AB3AD8347796524D8EF6A167B5A41825D9"
238 "67E144E5140564251CCACB83E6B486F6B3CA3F7971506026"
239 "C0B857F689962856DED4010ABD0BE621C3A3960A54E710C3"
240 "75F26375D7014103A4B54330C198AF126116D2276E11715F"
241 "693877FAD7EF09CADB094AE91E1A1597";
242 static const char modp_dh_2048_256_generator[] =
243 "3FB32C9B73134D0B2E77506660EDBD484CA7B18F21EF2054"
244 "07F4793A1A0BA12510DBC15077BE463FFF4FED4AAC0BB555"
245 "BE3A6C1B0C6B47B1BC3773BF7E8C6F62901228F8C28CBB18"
246 "A55AE31341000A650196F931C77A57F2DDF463E5E9EC144B"
247 "777DE62AAAB8A8628AC376D282D6ED3864E67982428EBC83"
248 "1D14348F6F2F9193B5045AF2767164E1DFC967C1FB3F2E55"
249 "A4BD1BFFE83B9C80D052B985D182EA0ADB2A3B7313D3FE14"
250 "C8484B1E052588B9B7D2BBD2DF016199ECD06E1557CD0915"
251 "B3353BBB64E0EC377FD028370DF92B52C7891428CDC67EB6"
252 "184B523D1DB246C32F63078490F00EF8D647D148D4795451"
253 "5E2327CFEF98C582664B4C0F6CC41659";
256 ikev2_calc_prf (ikev2_sa_transform_t * tr, v8 * key, v8 * data)
260 unsigned int len = 0;
262 prf = vec_new (u8, tr->key_trunc);
263 HMAC_CTX_init (&ctx);
264 HMAC_Init_ex (&ctx, key, vec_len (key), tr->md, NULL);
265 HMAC_Update (&ctx, data, vec_len (data));
266 HMAC_Final (&ctx, prf, &len);
267 HMAC_CTX_cleanup (&ctx);
269 ASSERT (len == tr->key_trunc);
275 ikev2_calc_prfplus (ikev2_sa_transform_t * tr, u8 * key, u8 * seed, int len)
277 v8 *t = 0, *s = 0, *tmp = 0, *ret = 0;
280 /* prf+ (K,S) = T1 | T2 | T3 | T4 | ...
283 T1 = prf (K, S | 0x01)
284 T2 = prf (K, T1 | S | 0x02)
285 T3 = prf (K, T2 | S | 0x03)
286 T4 = prf (K, T3 | S | 0x04)
289 while (vec_len (ret) < len && x < 255)
297 vec_append (s, seed);
298 vec_add2 (s, tmp, 1);
300 t = ikev2_calc_prf (tr, key, s);
317 ikev2_calc_integr (ikev2_sa_transform_t * tr, v8 * key, u8 * data, int len)
323 ASSERT (tr->type == IKEV2_TRANSFORM_TYPE_INTEG);
325 r = vec_new (u8, tr->key_len);
327 /* verify integrity of data */
328 HMAC_CTX_init (&hctx);
329 HMAC_Init (&hctx, key, vec_len (key), tr->md);
330 HMAC_Update (&hctx, (const u8 *) data, len);
331 HMAC_Final (&hctx, r, &l);
332 HMAC_CTX_cleanup (&hctx);
334 ASSERT (l == tr->key_len);
340 ikev2_decrypt_data (ikev2_sa_t * sa, u8 * data, int len)
344 int out_len = 0, block_size;
345 ikev2_sa_transform_t *tr_encr;
348 ikev2_sa_get_td_for_type (sa->r_proposals, IKEV2_TRANSFORM_TYPE_ENCR);
349 block_size = tr_encr->block_size;
351 /* check if data is multiplier of cipher block size */
352 if (len % block_size)
354 clib_warning ("wrong data length");
358 EVP_CIPHER_CTX_init (&ctx);
359 r = vec_new (u8, len - block_size);
360 EVP_DecryptInit_ex (&ctx, tr_encr->cipher, NULL, sa->sk_ei, data);
361 EVP_DecryptUpdate (&ctx, r, &out_len, data + block_size, len - block_size);
362 EVP_DecryptFinal_ex (&ctx, r + out_len, &out_len);
365 _vec_len (r) -= r[vec_len (r) - 1] + 1;
367 EVP_CIPHER_CTX_cleanup (&ctx);
372 ikev2_encrypt_data (ikev2_sa_t * sa, v8 * src, u8 * dst)
377 ikev2_sa_transform_t *tr_encr;
380 ikev2_sa_get_td_for_type (sa->r_proposals, IKEV2_TRANSFORM_TYPE_ENCR);
381 bs = tr_encr->block_size;
384 RAND_bytes (dst, bs);
386 EVP_CIPHER_CTX_init (&ctx);
388 EVP_EncryptInit_ex (&ctx, tr_encr->cipher, NULL, sa->sk_er, dst /* dst */ );
389 EVP_EncryptUpdate (&ctx, dst + bs, &out_len, src, vec_len (src));
391 EVP_CIPHER_CTX_cleanup (&ctx);
393 ASSERT (vec_len (src) == out_len);
399 ikev2_generate_dh (ikev2_sa_t * sa, ikev2_sa_transform_t * t)
403 if (t->dh_group == IKEV2_DH_GROUP_MODP)
406 BN_hex2bn (&dh->p, t->dh_p);
407 BN_hex2bn (&dh->g, t->dh_g);
408 DH_generate_key (dh);
410 sa->r_dh_data = vec_new (u8, t->key_len);
411 r = BN_bn2bin (dh->pub_key, sa->r_dh_data);
412 ASSERT (r == t->key_len);
415 sa->dh_shared_key = vec_new (u8, t->key_len);
416 ex = BN_bin2bn (sa->i_dh_data, vec_len (sa->i_dh_data), NULL);
417 r = DH_compute_key (sa->dh_shared_key, ex, dh);
418 ASSERT (r == t->key_len);
422 else if (t->dh_group == IKEV2_DH_GROUP_ECP)
424 EC_KEY *ec = EC_KEY_new_by_curve_name (t->nid);
427 EC_KEY_generate_key (ec);
429 const EC_POINT *r_point = EC_KEY_get0_public_key (ec);
430 const EC_GROUP *group = EC_KEY_get0_group (ec);
431 BIGNUM *x = NULL, *y = NULL;
432 BN_CTX *bn_ctx = BN_CTX_new ();
433 u16 x_off, y_off, len;
434 EC_POINT *i_point = EC_POINT_new (group);
435 EC_POINT *shared_point = EC_POINT_new (group);
439 len = t->key_len / 2;
441 EC_POINT_get_affine_coordinates_GFp (group, r_point, x, y, bn_ctx);
442 sa->r_dh_data = vec_new (u8, t->key_len);
443 x_off = len - BN_num_bytes (x);
444 memset (sa->r_dh_data, 0, x_off);
445 BN_bn2bin (x, sa->r_dh_data + x_off);
446 y_off = t->key_len - BN_num_bytes (y);
447 memset (sa->r_dh_data + len, 0, y_off - len);
448 BN_bn2bin (y, sa->r_dh_data + y_off);
450 x = BN_bin2bn (sa->i_dh_data, len, x);
451 y = BN_bin2bn (sa->i_dh_data + len, len, y);
452 EC_POINT_set_affine_coordinates_GFp (group, i_point, x, y, bn_ctx);
453 sa->dh_shared_key = vec_new (u8, t->key_len);
454 EC_POINT_mul (group, shared_point, NULL, i_point,
455 EC_KEY_get0_private_key (ec), NULL);
456 EC_POINT_get_affine_coordinates_GFp (group, shared_point, x, y, bn_ctx);
457 x_off = len - BN_num_bytes (x);
458 memset (sa->dh_shared_key, 0, x_off);
459 BN_bn2bin (x, sa->dh_shared_key + x_off);
460 y_off = t->key_len - BN_num_bytes (y);
461 memset (sa->dh_shared_key + len, 0, y_off - len);
462 BN_bn2bin (y, sa->dh_shared_key + y_off);
467 BN_CTX_free (bn_ctx);
468 EC_POINT_free (i_point);
469 EC_POINT_free (shared_point);
474 ikev2_verify_sign (EVP_PKEY * pkey, u8 * sigbuf, u8 * data)
478 EVP_VerifyInit (&md_ctx, EVP_sha1 ());
479 EVP_VerifyUpdate (&md_ctx, data, vec_len (data));
481 return EVP_VerifyFinal (&md_ctx, sigbuf, vec_len (sigbuf), pkey);
485 ikev2_calc_sign (EVP_PKEY * pkey, u8 * data)
488 unsigned int sig_len = 0;
491 EVP_SignInit (&md_ctx, EVP_sha1 ());
492 EVP_SignUpdate (&md_ctx, data, vec_len (data));
494 EVP_SignFinal (&md_ctx, NULL, &sig_len, pkey);
495 sign = vec_new (u8, sig_len);
497 EVP_SignFinal (&md_ctx, sign, &sig_len, pkey);
503 ikev2_load_cert_file (u8 * file)
507 EVP_PKEY *pkey = NULL;
509 fp = fopen ((char *) file, "r");
512 clib_warning ("open %s failed", file);
516 x509 = PEM_read_X509 (fp, NULL, NULL, NULL);
520 clib_warning ("read cert %s failed", file);
524 pkey = X509_get_pubkey (x509);
526 clib_warning ("get pubkey %s failed", file);
533 ikev2_load_key_file (u8 * file)
536 EVP_PKEY *pkey = NULL;
538 fp = fopen ((char *) file, "r");
541 clib_warning ("open %s failed", file);
545 pkey = PEM_read_PrivateKey (fp, NULL, NULL, NULL);
548 clib_warning ("read %s failed", file);
555 ikev2_crypto_init (ikev2_main_t * km)
557 ikev2_sa_transform_t *tr;
559 /* vector of supported transforms - in order of preference */
560 vec_add2 (km->supported_transforms, tr, 1);
561 tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
562 tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
563 tr->key_len = 256 / 8;
564 tr->block_size = 128 / 8;
565 tr->cipher = EVP_aes_256_cbc ();
567 vec_add2 (km->supported_transforms, tr, 1);
568 tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
569 tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
570 tr->key_len = 192 / 8;
571 tr->block_size = 128 / 8;
572 tr->cipher = EVP_aes_192_cbc ();
574 vec_add2 (km->supported_transforms, tr, 1);
575 tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
576 tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
577 tr->key_len = 128 / 8;
578 tr->block_size = 128 / 8;
579 tr->cipher = EVP_aes_128_cbc ();
581 vec_add2 (km->supported_transforms, tr, 1);
582 tr->type = IKEV2_TRANSFORM_TYPE_PRF;
583 tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA1;
584 tr->key_len = 160 / 8;
585 tr->key_trunc = 160 / 8;
586 tr->md = EVP_sha1 ();
588 vec_add2 (km->supported_transforms, tr, 1);
589 tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
590 tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA1_96;
591 tr->key_len = 160 / 8;
592 tr->key_trunc = 96 / 8;
593 tr->md = EVP_sha1 ();
595 #if defined(OPENSSL_NO_CISCO_FECDH)
596 vec_add2 (km->supported_transforms, tr, 1);
597 tr->type = IKEV2_TRANSFORM_TYPE_DH;
598 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_512;
599 tr->key_len = (512 * 2) / 8;
600 tr->nid = NID_brainpoolP512r1;
601 tr->dh_group = IKEV2_DH_GROUP_ECP;
603 vec_add2 (km->supported_transforms, tr, 1);
604 tr->type = IKEV2_TRANSFORM_TYPE_DH;
605 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_384;
606 tr->key_len = (384 * 2) / 8;
607 tr->nid = NID_brainpoolP384r1;
608 tr->dh_group = IKEV2_DH_GROUP_ECP;
610 vec_add2 (km->supported_transforms, tr, 1);
611 tr->type = IKEV2_TRANSFORM_TYPE_DH;
612 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_256;
613 tr->key_len = (256 * 2) / 8;
614 tr->nid = NID_brainpoolP256r1;
615 tr->dh_group = IKEV2_DH_GROUP_ECP;
617 vec_add2 (km->supported_transforms, tr, 1);
618 tr->type = IKEV2_TRANSFORM_TYPE_DH;
619 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_224;
620 tr->key_len = (224 * 2) / 8;
621 tr->nid = NID_brainpoolP224r1;
622 tr->dh_group = IKEV2_DH_GROUP_ECP;
624 vec_add2 (km->supported_transforms, tr, 1);
625 tr->type = IKEV2_TRANSFORM_TYPE_DH;
626 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_224;
627 tr->key_len = (224 * 2) / 8;
628 tr->nid = NID_secp224r1;
629 tr->dh_group = IKEV2_DH_GROUP_ECP;
632 vec_add2 (km->supported_transforms, tr, 1);
633 tr->type = IKEV2_TRANSFORM_TYPE_DH;
634 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_521;
635 tr->key_len = (528 * 2) / 8;
636 tr->nid = NID_secp521r1;
637 tr->dh_group = IKEV2_DH_GROUP_ECP;
639 vec_add2 (km->supported_transforms, tr, 1);
640 tr->type = IKEV2_TRANSFORM_TYPE_DH;
641 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_384;
642 tr->key_len = (384 * 2) / 8;
643 tr->nid = NID_secp384r1;
644 tr->dh_group = IKEV2_DH_GROUP_ECP;
646 vec_add2 (km->supported_transforms, tr, 1);
647 tr->type = IKEV2_TRANSFORM_TYPE_DH;
648 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_256;
649 tr->key_len = (256 * 2) / 8;
650 tr->nid = NID_X9_62_prime256v1;
651 tr->dh_group = IKEV2_DH_GROUP_ECP;
653 vec_add2 (km->supported_transforms, tr, 1);
654 tr->type = IKEV2_TRANSFORM_TYPE_DH;
655 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_192;
656 tr->key_len = (192 * 2) / 8;
657 tr->nid = NID_X9_62_prime192v1;
658 tr->dh_group = IKEV2_DH_GROUP_ECP;
660 vec_add2 (km->supported_transforms, tr, 1);
661 tr->type = IKEV2_TRANSFORM_TYPE_DH;
662 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048_256;
663 tr->key_len = 2048 / 8;
664 tr->dh_p = (const char *) &modp_dh_2048_256_prime;
665 tr->dh_g = (const char *) &modp_dh_2048_256_generator;
666 tr->dh_group = IKEV2_DH_GROUP_MODP;
668 vec_add2 (km->supported_transforms, tr, 1);
669 tr->type = IKEV2_TRANSFORM_TYPE_DH;
670 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048_224;
671 tr->key_len = 2048 / 8;
672 tr->dh_p = (const char *) &modp_dh_2048_224_prime;
673 tr->dh_g = (const char *) &modp_dh_2048_224_generator;
674 tr->dh_group = IKEV2_DH_GROUP_MODP;
676 vec_add2 (km->supported_transforms, tr, 1);
677 tr->type = IKEV2_TRANSFORM_TYPE_DH;
678 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1024_160;
679 tr->key_len = 1024 / 8;
680 tr->dh_p = (const char *) &modp_dh_1024_160_prime;
681 tr->dh_g = (const char *) &modp_dh_1024_160_generator;
682 tr->dh_group = IKEV2_DH_GROUP_MODP;
684 vec_add2 (km->supported_transforms, tr, 1);
685 tr->type = IKEV2_TRANSFORM_TYPE_DH;
686 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_8192;
687 tr->key_len = 8192 / 8;
688 tr->dh_p = (const char *) &modp_dh_8192_prime;
689 tr->dh_g = (const char *) &modp_dh_8192_generator;
690 tr->dh_group = IKEV2_DH_GROUP_MODP;
692 vec_add2 (km->supported_transforms, tr, 1);
693 tr->type = IKEV2_TRANSFORM_TYPE_DH;
694 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_6144;
695 tr->key_len = 6144 / 8;
696 tr->dh_p = (const char *) &modp_dh_6144_prime;
697 tr->dh_g = (const char *) &modp_dh_6144_generator;
698 tr->dh_group = IKEV2_DH_GROUP_MODP;
700 vec_add2 (km->supported_transforms, tr, 1);
701 tr->type = IKEV2_TRANSFORM_TYPE_DH;
702 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_4096;
703 tr->key_len = 4096 / 8;
704 tr->dh_p = (const char *) &modp_dh_4096_prime;
705 tr->dh_g = (const char *) &modp_dh_4096_generator;
706 tr->dh_group = IKEV2_DH_GROUP_MODP;
708 vec_add2 (km->supported_transforms, tr, 1);
709 tr->type = IKEV2_TRANSFORM_TYPE_DH;
710 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_3072;
711 tr->key_len = 3072 / 8;
712 tr->dh_p = (const char *) &modp_dh_3072_prime;
713 tr->dh_g = (const char *) &modp_dh_3072_generator;
714 tr->dh_group = IKEV2_DH_GROUP_MODP;
716 vec_add2 (km->supported_transforms, tr, 1);
717 tr->type = IKEV2_TRANSFORM_TYPE_DH;
718 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048;
719 tr->key_len = 2048 / 8;
720 tr->dh_p = (const char *) &modp_dh_2048_prime;
721 tr->dh_g = (const char *) &modp_dh_2048_generator;
722 tr->dh_group = IKEV2_DH_GROUP_MODP;
724 vec_add2 (km->supported_transforms, tr, 1);
725 tr->type = IKEV2_TRANSFORM_TYPE_DH;
726 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1536;
727 tr->key_len = 1536 / 8;
728 tr->dh_p = (const char *) &modp_dh_1536_prime;
729 tr->dh_g = (const char *) &modp_dh_1536_generator;
730 tr->dh_group = IKEV2_DH_GROUP_MODP;
732 vec_add2 (km->supported_transforms, tr, 1);
733 tr->type = IKEV2_TRANSFORM_TYPE_DH;
734 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1024;
735 tr->key_len = 1024 / 8;
736 tr->dh_p = (const char *) &modp_dh_1024_prime;
737 tr->dh_g = (const char *) &modp_dh_1024_generator;
738 tr->dh_group = IKEV2_DH_GROUP_MODP;
740 vec_add2 (km->supported_transforms, tr, 1);
741 tr->type = IKEV2_TRANSFORM_TYPE_DH;
742 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_768;
743 tr->key_len = 768 / 8;
744 tr->dh_p = (const char *) &modp_dh_768_prime;
745 tr->dh_g = (const char *) &modp_dh_768_generator;
746 tr->dh_group = IKEV2_DH_GROUP_MODP;
748 vec_add2 (km->supported_transforms, tr, 1);
749 tr->type = IKEV2_TRANSFORM_TYPE_ESN;
750 tr->esn_type = IKEV2_TRANSFORM_ESN_TYPE_ESN;
752 vec_add2 (km->supported_transforms, tr, 1);
753 tr->type = IKEV2_TRANSFORM_TYPE_ESN;
754 tr->esn_type = IKEV2_TRANSFORM_ESN_TYPE_NO_ESN;
760 * fd.io coding-style-patch-verification: ON
763 * eval: (c-set-style "gnu")