X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fplugins%2Fikev2%2Fikev2_crypto.c;h=a9ab1bc8067950cb3c0b9713e0e4a40c14b9cd90;hb=67b8a7fa76d8ec2d73f1b2380e11bf8e2793448e;hp=5a07bde9b0ac4257447eacb4c439ad7a1db6df72;hpb=190983de619e340a148cff8b1b1d8c9e0cd8c95a;p=vpp.git

diff --git a/src/plugins/ikev2/ikev2_crypto.c b/src/plugins/ikev2/ikev2_crypto.c
index 5a07bde9b0a..a9ab1bc8067 100644
--- a/src/plugins/ikev2/ikev2_crypto.c
+++ b/src/plugins/ikev2/ikev2_crypto.c
@@ -15,9 +15,7 @@
 
 #include <vlib/vlib.h>
 #include <vnet/vnet.h>
-#include <vnet/pg/pg.h>
 #include <vppinfra/error.h>
-#include <vnet/udp/udp.h>
 #include <plugins/ikev2/ikev2.h>
 #include <plugins/ikev2/ikev2_priv.h>
 #include <openssl/obj_mac.h>
@@ -256,10 +254,7 @@ static const char modp_dh_2048_256_generator[] =
 v8 *
 ikev2_calc_prf (ikev2_sa_transform_t * tr, v8 * key, v8 * data)
 {
-  ikev2_main_t *km = &ikev2_main;
-  u32 thread_index = vlib_get_thread_index ();
-  ikev2_main_per_thread_data_t *ptd =
-    vec_elt_at_index (km->per_thread_data, thread_index);
+  ikev2_main_per_thread_data_t *ptd = ikev2_get_per_thread_data ();
   HMAC_CTX *ctx = ptd->hmac_ctx;
   v8 *prf;
   unsigned int len = 0;
@@ -318,10 +313,7 @@ ikev2_calc_prfplus (ikev2_sa_transform_t * tr, u8 * key, u8 * seed, int len)
 v8 *
 ikev2_calc_integr (ikev2_sa_transform_t * tr, v8 * key, u8 * data, int len)
 {
-  ikev2_main_t *km = &ikev2_main;
-  u32 thread_index = vlib_get_thread_index ();
-  ikev2_main_per_thread_data_t *ptd =
-    vec_elt_at_index (km->per_thread_data, thread_index);
+  ikev2_main_per_thread_data_t *ptd = ikev2_get_per_thread_data ();
   HMAC_CTX *ctx = ptd->hmac_ctx;
   v8 *r;
   unsigned int l;
@@ -348,21 +340,61 @@ ikev2_calc_integr (ikev2_sa_transform_t * tr, v8 * key, u8 * data, int len)
   return r;
 }
 
-v8 *
-ikev2_decrypt_data (ikev2_sa_t * sa, u8 * data, int len)
+static_always_inline void
+ikev2_init_gcm_nonce (u8 * nonce, u8 * salt, u8 * iv)
+{
+  clib_memcpy (nonce, salt, IKEV2_GCM_SALT_SIZE);
+  clib_memcpy (nonce + IKEV2_GCM_SALT_SIZE, iv, IKEV2_GCM_IV_SIZE);
+}
+
+int
+ikev2_decrypt_aead_data (ikev2_main_per_thread_data_t * ptd, ikev2_sa_t * sa,
+			 ikev2_sa_transform_t * tr_encr, u8 * data,
+			 int data_len, u8 * aad, u32 aad_len, u8 * tag,
+			 u32 * out_len)
 {
-  ikev2_main_t *km = &ikev2_main;
-  u32 thread_index = vlib_get_thread_index ();
-  ikev2_main_per_thread_data_t *ptd =
-    vec_elt_at_index (km->per_thread_data, thread_index);
   EVP_CIPHER_CTX *ctx = ptd->evp_ctx;
-  int out_len = 0, block_size;
-  ikev2_sa_transform_t *tr_encr;
+  int len = 0;
   u8 *key = sa->is_initiator ? sa->sk_er : sa->sk_ei;
+  u8 nonce[IKEV2_GCM_NONCE_SIZE];
+
+  if (data_len <= IKEV2_GCM_IV_SIZE)
+    /* runt data */
+    return 0;
+
+  /* extract salt from the end of the key */
+  u8 *salt = key + vec_len (key) - IKEV2_GCM_SALT_SIZE;
+  ikev2_init_gcm_nonce (nonce, salt, data);
+
+  data += IKEV2_GCM_IV_SIZE;
+  data_len -= IKEV2_GCM_IV_SIZE;
 
-  tr_encr =
-    ikev2_sa_get_td_for_type (sa->r_proposals, IKEV2_TRANSFORM_TYPE_ENCR);
+  EVP_DecryptInit_ex (ctx, tr_encr->cipher, 0, 0, 0);
+  EVP_CIPHER_CTX_ctrl (ctx, EVP_CTRL_GCM_SET_IVLEN, 12, 0);
+  EVP_DecryptInit_ex (ctx, 0, 0, key, nonce);
+  EVP_DecryptUpdate (ctx, 0, &len, aad, aad_len);
+  EVP_DecryptUpdate (ctx, data, &len, data, data_len);
+  EVP_CIPHER_CTX_ctrl (ctx, EVP_CTRL_GCM_SET_TAG, IKEV2_GCM_ICV_SIZE, tag);
+
+  if (EVP_DecryptFinal_ex (ctx, data + len, &len) > 0)
+    {
+      *out_len = data_len - data[data_len - 1] - 1;
+      return 1;
+    }
+
+  return 0;
+}
+
+int
+ikev2_decrypt_data (ikev2_main_per_thread_data_t * ptd, ikev2_sa_t * sa,
+		    ikev2_sa_transform_t * tr_encr, u8 * data, int len,
+		    u32 * out_len)
+{
+  EVP_CIPHER_CTX *ctx = ptd->evp_ctx;
+  int tmp_len = 0, block_size;
+  u8 *key = sa->is_initiator ? sa->sk_er : sa->sk_ei;
   block_size = tr_encr->block_size;
+  u8 *iv = data;
 
   /* check if data is multiplier of cipher block size */
   if (len % block_size)
@@ -370,40 +402,76 @@ ikev2_decrypt_data (ikev2_sa_t * sa, u8 * data, int len)
       ikev2_elog_error ("wrong data length");
       return 0;
     }
+  data += block_size;
+  len -= block_size;
 
-  v8 *r = vec_new (u8, len - block_size);
-  EVP_DecryptInit_ex (ctx, tr_encr->cipher, NULL, key, data);
-  EVP_DecryptUpdate (ctx, r, &out_len, data + block_size, len - block_size);
-  EVP_DecryptFinal_ex (ctx, r + out_len, &out_len);
-  /* remove padding */
-  _vec_len (r) -= r[vec_len (r) - 1] + 1;
+  EVP_DecryptInit_ex (ctx, tr_encr->cipher, NULL, key, iv);
+  EVP_CIPHER_CTX_set_padding (ctx, 0);
+  EVP_DecryptUpdate (ctx, data, &tmp_len, data, len);
 
-  return r;
+  if (EVP_DecryptFinal_ex (ctx, data + tmp_len, &tmp_len) > 0)
+    {
+      *out_len = len - data[len - 1] - 1;
+      return 1;
+    }
+
+  return 0;
 }
 
 int
-ikev2_encrypt_data (ikev2_sa_t * sa, v8 * src, u8 * dst)
+ikev2_encrypt_aead_data (ikev2_main_per_thread_data_t * ptd, ikev2_sa_t * sa,
+			 ikev2_sa_transform_t * tr_encr,
+			 v8 * src, u8 * dst, u8 * aad, u32 aad_len, u8 * tag)
 {
-  ikev2_main_t *km = &ikev2_main;
-  u32 thread_index = vlib_get_thread_index ();
-  ikev2_main_per_thread_data_t *ptd =
-    vec_elt_at_index (km->per_thread_data, thread_index);
   EVP_CIPHER_CTX *ctx = ptd->evp_ctx;
-  int out_len;
-  int bs;
-  ikev2_sa_transform_t *tr_encr;
+  int out_len = 0, len = 0;
+  u8 nonce[IKEV2_GCM_NONCE_SIZE];
   u8 *key = sa->is_initiator ? sa->sk_ei : sa->sk_er;
+  if (!key)
+    return 0;
+
+  /* generate IV; its length must be 8 octets for aes-gcm (rfc5282) */
+  RAND_bytes (dst, IKEV2_GCM_IV_SIZE);
+  ikev2_init_gcm_nonce (nonce, key + vec_len (key) - IKEV2_GCM_SALT_SIZE,
+			dst);
+  dst += IKEV2_GCM_IV_SIZE;
+
+  EVP_EncryptInit_ex (ctx, tr_encr->cipher, 0, 0, 0);
+  EVP_CIPHER_CTX_ctrl (ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL);
+  EVP_EncryptInit_ex (ctx, 0, 0, key, nonce);
+  EVP_EncryptUpdate (ctx, NULL, &out_len, aad, aad_len);
+  EVP_EncryptUpdate (ctx, dst, &out_len, src, vec_len (src));
+  EVP_EncryptFinal_ex (ctx, dst + out_len, &len);
+  EVP_CIPHER_CTX_ctrl (ctx, EVP_CTRL_GCM_GET_TAG, 16, tag);
+  out_len += len;
+  ASSERT (vec_len (src) == out_len);
+
+  return out_len + IKEV2_GCM_IV_SIZE;
+}
 
-  tr_encr =
-    ikev2_sa_get_td_for_type (sa->r_proposals, IKEV2_TRANSFORM_TYPE_ENCR);
-  bs = tr_encr->block_size;
+int
+ikev2_encrypt_data (ikev2_main_per_thread_data_t * ptd, ikev2_sa_t * sa,
+		    ikev2_sa_transform_t * tr_encr, v8 * src, u8 * dst)
+{
+  EVP_CIPHER_CTX *ctx = ptd->evp_ctx;
+  int out_len = 0, len = 0;
+  int bs = tr_encr->block_size;
+  u8 *key = sa->is_initiator ? sa->sk_ei : sa->sk_er;
+  if (!key)
+    return 0;
 
   /* generate IV */
-  RAND_bytes (dst, bs);
+  u8 *iv = dst;
+  RAND_bytes (iv, bs);
+  dst += bs;
 
-  EVP_EncryptInit_ex (ctx, tr_encr->cipher, NULL, key, dst /* dst */ );
-  EVP_EncryptUpdate (ctx, dst + bs, &out_len, src, vec_len (src));
+  EVP_EncryptInit_ex (ctx, tr_encr->cipher, NULL, key, iv);
+  /* disable padding as pad data were added before */
+  EVP_CIPHER_CTX_set_padding (ctx, 0);
+  EVP_EncryptUpdate (ctx, dst, &out_len, src, vec_len (src));
+  EVP_EncryptFinal_ex (ctx, dst + out_len, &len);
 
+  out_len += len;
   ASSERT (vec_len (src) == out_len);
 
   return out_len + bs;
@@ -767,6 +835,7 @@ ikev2_load_cert_file (u8 * file)
     }
 
   pkey = X509_get_pubkey (x509);
+  X509_free (x509);
   if (pkey == NULL)
     ikev2_log_error ("get pubkey %s failed", file);