X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fvnet%2Fipsec%2Fipsec_sa.h;h=14461ad2cdd60bb62d0d5ca7c396c8355c620225;hb=10bb21fb13aa74dcb0c2c0841d41a698bb274fbe;hp=02f5eaf03a01601472bd40ec0bbf35d4945f2c85;hpb=123b5ebb9816e520d3029146ee233826f4e974bc;p=vpp.git diff --git a/src/vnet/ipsec/ipsec_sa.h b/src/vnet/ipsec/ipsec_sa.h index 02f5eaf03a0..14461ad2cdd 100644 --- a/src/vnet/ipsec/ipsec_sa.h +++ b/src/vnet/ipsec/ipsec_sa.h @@ -19,6 +19,7 @@ #include #include #include +#include #define foreach_ipsec_crypto_alg \ _ (0, NONE, "none") \ @@ -47,6 +48,11 @@ typedef enum (_alg == IPSEC_CRYPTO_ALG_AES_GCM_192) || \ (_alg == IPSEC_CRYPTO_ALG_AES_GCM_256))) +#define IPSEC_CRYPTO_ALG_IS_CTR(_alg) \ + (((_alg == IPSEC_CRYPTO_ALG_AES_CTR_128) || \ + (_alg == IPSEC_CRYPTO_ALG_AES_CTR_192) || \ + (_alg == IPSEC_CRYPTO_ALG_AES_CTR_256))) + #define foreach_ipsec_integ_alg \ _ (0, NONE, "none") \ _ (1, MD5_96, "md5-96") /* RFC2403 */ \ @@ -85,16 +91,18 @@ typedef struct ipsec_key_t_ * else IPv4 tunnel only valid if is_tunnel is non-zero * enable UDP encapsulation for NAT traversal */ -#define foreach_ipsec_sa_flags \ - _ (0, NONE, "none") \ - _ (1, USE_ESN, "esn") \ - _ (2, USE_ANTI_REPLAY, "anti-replay") \ - _ (4, IS_TUNNEL, "tunnel") \ - _ (8, IS_TUNNEL_V6, "tunnel-v6") \ - _ (16, UDP_ENCAP, "udp-encap") \ - _ (32, IS_PROTECT, "Protect") \ - _ (64, IS_INBOUND, "inbound") \ - _ (128, IS_AEAD, "aead") \ +#define foreach_ipsec_sa_flags \ + _ (0, NONE, "none") \ + _ (1, USE_ESN, "esn") \ + _ (2, USE_ANTI_REPLAY, "anti-replay") \ + _ (4, IS_TUNNEL, "tunnel") \ + _ (8, IS_TUNNEL_V6, "tunnel-v6") \ + _ (16, UDP_ENCAP, "udp-encap") \ + _ (32, IS_PROTECT, "Protect") \ + _ (64, IS_INBOUND, "inbound") \ + _ (128, IS_AEAD, "aead") \ + _ (256, IS_CTR, "ctr") \ + _ (512, IS_ASYNC, "async") typedef enum ipsec_sad_flags_t_ { @@ -103,7 +111,7 @@ typedef enum ipsec_sad_flags_t_ #undef _ } __clib_packed ipsec_sa_flags_t; -STATIC_ASSERT (sizeof (ipsec_sa_flags_t) == 1, "IPSEC SA flags > 1 byte"); +STATIC_ASSERT (sizeof (ipsec_sa_flags_t) == 2, "IPSEC SA flags != 2 byte"); typedef struct { @@ -115,14 +123,16 @@ typedef struct u8 crypto_iv_size; u8 esp_block_align; u8 integ_icv_size; - u32 encrypt_thread_index; - u32 decrypt_thread_index; + + u8 __pad1[3]; + + u32 thread_index; + u32 spi; u32 seq; u32 seq_hi; - u32 last_seq; - u32 last_seq_hi; u64 replay_window; + u64 ctr_iv_counter; dpo_id_t dpo; vnet_crypto_key_index_t crypto_key_index; @@ -149,9 +159,8 @@ typedef struct u64 crypto_op_data; }; - CLIB_CACHE_LINE_ALIGN_MARK (cacheline1); + CLIB_CACHE_LINE_ALIGN_MARK (cacheline1); - u64 gcm_iv_counter; union { ip4_header_t ip4_hdr; @@ -159,11 +168,12 @@ typedef struct }; udp_header_t udp_hdr; - /* Salt used in GCM modes - stored in network byte order */ + /* Salt used in CTR modes (incl. GCM) - stored in network byte order */ u32 salt; ipsec_protocol_t protocol; - u8 __pad[3]; + tunnel_encap_decap_flags_t tunnel_flags; + u8 __pad[2]; /* data accessed by dataplane code should be above this comment */ CLIB_CACHE_LINE_ALIGN_MARK (cacheline2); @@ -191,8 +201,7 @@ typedef struct u64 data; } async_op_data; - ip46_address_t tunnel_src_addr; - ip46_address_t tunnel_dst_addr; + tunnel_t tunnel; fib_node_t node; @@ -202,10 +211,6 @@ typedef struct vnet_crypto_alg_t integ_calg; vnet_crypto_alg_t crypto_calg; - fib_node_index_t fib_entry_index; - u32 sibling; - u32 tx_fib_index; - /* else u8 packed */ ipsec_crypto_alg_t crypto_alg; ipsec_integ_alg_t integ_alg; @@ -217,6 +222,19 @@ typedef struct STATIC_ASSERT_OFFSET_OF (ipsec_sa_t, cacheline1, CLIB_CACHE_LINE_BYTES); STATIC_ASSERT_OFFSET_OF (ipsec_sa_t, cacheline2, 2 * CLIB_CACHE_LINE_BYTES); +/** + * Pool of IPSec SAs + */ +extern ipsec_sa_t *ipsec_sa_pool; + +/* + * Ensure that the IPsec data does not overlap with the IP data in + * the buffer meta data + */ +STATIC_ASSERT (STRUCT_OFFSET_OF (vnet_buffer_opaque_t, ipsec.sad_index) == + STRUCT_OFFSET_OF (vnet_buffer_opaque_t, ip.save_protocol), + "IPSec data is overlapping with IP data"); + #define _(a,v,s) \ always_inline int \ ipsec_sa_is_set_##v (const ipsec_sa_t *sa) { \ @@ -246,19 +264,12 @@ extern vlib_combined_counter_main_t ipsec_sa_counters; extern void ipsec_mk_key (ipsec_key_t * key, const u8 * data, u8 len); -extern int ipsec_sa_add_and_lock (u32 id, - u32 spi, - ipsec_protocol_t proto, - ipsec_crypto_alg_t crypto_alg, - const ipsec_key_t * ck, - ipsec_integ_alg_t integ_alg, - const ipsec_key_t * ik, - ipsec_sa_flags_t flags, - u32 tx_table_id, - u32 salt, - const ip46_address_t * tunnel_src_addr, - const ip46_address_t * tunnel_dst_addr, - u32 * sa_index, u16 src_port, u16 dst_port); +extern int +ipsec_sa_add_and_lock (u32 id, u32 spi, ipsec_protocol_t proto, + ipsec_crypto_alg_t crypto_alg, const ipsec_key_t *ck, + ipsec_integ_alg_t integ_alg, const ipsec_key_t *ik, + ipsec_sa_flags_t flags, u32 salt, u16 src_port, + u16 dst_port, const tunnel_t *tun, u32 *sa_out_index); extern index_t ipsec_sa_find_and_lock (u32 id); extern int ipsec_sa_unlock_id (u32 id); extern void ipsec_sa_unlock (index_t sai); @@ -272,6 +283,7 @@ extern void ipsec_sa_set_integ_alg (ipsec_sa_t * sa, typedef walk_rc_t (*ipsec_sa_walk_cb_t) (ipsec_sa_t * sa, void *ctx); extern void ipsec_sa_walk (ipsec_sa_walk_cb_t cd, void *ctx); +extern u8 *format_ipsec_replay_window (u8 *s, va_list *args); extern u8 *format_ipsec_crypto_alg (u8 * s, va_list * args); extern u8 *format_ipsec_integ_alg (u8 * s, va_list * args); extern u8 *format_ipsec_sa (u8 * s, va_list * args); @@ -298,45 +310,104 @@ extern uword unformat_ipsec_key (unformat_input_t * input, va_list * args); */ #define IPSEC_SA_ANTI_REPLAY_WINDOW_LOWER_BOUND(_tl) (_tl - IPSEC_SA_ANTI_REPLAY_WINDOW_SIZE + 1) +always_inline int +ipsec_sa_anti_replay_check (const ipsec_sa_t *sa, u32 seq) +{ + if (ipsec_sa_is_set_USE_ANTI_REPLAY (sa) && + sa->replay_window & (1ULL << (sa->seq - seq))) + return 1; + else + return 0; +} + /* * Anti replay check. * inputs need to be in host byte order. + * + * The function runs in two contexts. pre and post decrypt. + * Pre-decrypt it: + * 1 - determines if a packet is a replay - a simple check in the window + * 2 - returns the hi-seq number that should be used to decrypt. + * post-decrypt: + * Checks whether the packet is a replay or falls out of window + * + * This funcion should be called even without anti-replay enabled to ensure + * the high sequence number is set. */ always_inline int -ipsec_sa_anti_replay_check (ipsec_sa_t * sa, u32 seq) +ipsec_sa_anti_replay_and_sn_advance (const ipsec_sa_t *sa, u32 seq, + u32 hi_seq_used, bool post_decrypt, + u32 *hi_seq_req) { - u32 diff, tl, th; - - if ((sa->flags & IPSEC_SA_FLAG_USE_ANTI_REPLAY) == 0) - return 0; + ASSERT ((post_decrypt == false) == (hi_seq_req != 0)); if (!ipsec_sa_is_set_USE_ESN (sa)) { - if (PREDICT_TRUE (seq > sa->last_seq)) + if (hi_seq_req) + /* no ESN, therefore the hi-seq is always 0 */ + *hi_seq_req = 0; + + if (!ipsec_sa_is_set_USE_ANTI_REPLAY (sa)) return 0; - diff = sa->last_seq - seq; + if (PREDICT_TRUE (seq > sa->seq)) + return 0; + + u32 diff = sa->seq - seq; if (IPSEC_SA_ANTI_REPLAY_WINDOW_SIZE > diff) - return (sa->replay_window & (1ULL << diff)) ? 1 : 0; + return ((sa->replay_window & (1ULL << diff)) ? 1 : 0); else return 1; return 0; } - tl = sa->last_seq; - th = sa->last_seq_hi; - diff = tl - seq; - - if (PREDICT_TRUE (tl >= (IPSEC_SA_ANTI_REPLAY_WINDOW_MAX_INDEX))) + if (!ipsec_sa_is_set_USE_ANTI_REPLAY (sa)) + { + /* there's no AR configured for this SA, but in order + * to know whether a packet has wrapped the hi ESN we need + * to know whether it is out of window. if we use the default + * lower bound then we are effectively forcing AR because + * out of window packets will get the increased hi seq number + * and will thus fail to decrypt. IOW we need a window to know + * if the SN has wrapped, but we don't want a window to check for + * anti replay. to resolve the contradiction we use a huge window. + * if the packet is not within 2^30 of the current SN, we'll consider + * it a wrap. + */ + if (hi_seq_req) + { + if (seq >= sa->seq) + /* The packet's sequence number is larger that the SA's. + * that can't be a warp - unless we lost more than + * 2^32 packets ... how could we know? */ + *hi_seq_req = sa->seq_hi; + else + { + /* The packet's SN is less than the SAs, so either the SN has + * wrapped or the SN is just old. */ + if (sa->seq - seq > (1 << 30)) + /* It's really really really old => it wrapped */ + *hi_seq_req = sa->seq_hi + 1; + else + *hi_seq_req = sa->seq_hi; + } + } + /* + * else + * this is post-decrpyt and since it decrypted we accept it + */ + return 0; + } + if (PREDICT_TRUE (sa->seq >= (IPSEC_SA_ANTI_REPLAY_WINDOW_MAX_INDEX))) { /* * the last sequence number VPP recieved is more than one * window size greater than zero. * Case A from RFC4303 Appendix A. */ - if (seq < IPSEC_SA_ANTI_REPLAY_WINDOW_LOWER_BOUND (tl)) + if (seq < IPSEC_SA_ANTI_REPLAY_WINDOW_LOWER_BOUND (sa->seq)) { /* * the received sequence number is lower than the lower bound @@ -344,8 +415,28 @@ ipsec_sa_anti_replay_check (ipsec_sa_t * sa, u32 seq) * the high sequence number has wrapped. if it decrypts corrently * then it's the latter. */ - sa->seq_hi = th + 1; - return 0; + if (post_decrypt) + { + if (hi_seq_used == sa->seq_hi) + /* the high sequence number used to succesfully decrypt this + * packet is the same as the last-sequnence number of the SA. + * that means this packet did not cause a wrap. + * this packet is thus out of window and should be dropped */ + return 1; + else + /* The packet decrypted with a different high sequence number + * to the SA, that means it is the wrap packet and should be + * accepted */ + return 0; + } + else + { + /* pre-decrypt it might be the might that casues a wrap, we + * need to decrpyt to find out */ + if (hi_seq_req) + *hi_seq_req = sa->seq_hi + 1; + return 0; + } } else { @@ -353,13 +444,14 @@ ipsec_sa_anti_replay_check (ipsec_sa_t * sa, u32 seq) * the recieved sequence number greater than the low * end of the window. */ - sa->seq_hi = th; - if (seq <= tl) + if (hi_seq_req) + *hi_seq_req = sa->seq_hi; + if (seq <= sa->seq) /* * The recieved seq number is within bounds of the window * check if it's a duplicate */ - return (sa->replay_window & (1ULL << diff)) ? 1 : 0; + return (ipsec_sa_anti_replay_check (sa, seq)); else /* * The received sequence number is greater than the window @@ -379,19 +471,20 @@ ipsec_sa_anti_replay_check (ipsec_sa_t * sa, u32 seq) * RHS will be a larger number. * Case B from RFC4303 Appendix A. */ - if (seq < IPSEC_SA_ANTI_REPLAY_WINDOW_LOWER_BOUND (tl)) + if (seq < IPSEC_SA_ANTI_REPLAY_WINDOW_LOWER_BOUND (sa->seq)) { /* * the sequence number is less than the lower bound. */ - if (seq <= tl) + if (seq <= sa->seq) { /* * the packet is within the window upper bound. * check for duplicates. */ - sa->seq_hi = th; - return (sa->replay_window & (1ULL << diff)) ? 1 : 0; + if (hi_seq_req) + *hi_seq_req = sa->seq_hi; + return (ipsec_sa_anti_replay_check (sa, seq)); } else { @@ -404,7 +497,8 @@ ipsec_sa_anti_replay_check (ipsec_sa_t * sa, u32 seq) * wrapped the high sequence again. If it were the latter then * we've lost close to 2^32 packets. */ - sa->seq_hi = th; + if (hi_seq_req) + *hi_seq_req = sa->seq_hi; return 0; } } @@ -417,73 +511,79 @@ ipsec_sa_anti_replay_check (ipsec_sa_t * sa, u32 seq) * However, since TL is the other side of 0 to the received * packet, the SA has moved on to a higher sequence number. */ - sa->seq_hi = th - 1; - return (sa->replay_window & (1ULL << diff)) ? 1 : 0; + if (hi_seq_req) + *hi_seq_req = sa->seq_hi - 1; + return (ipsec_sa_anti_replay_check (sa, seq)); } } + /* unhandled case */ + ASSERT (0); return 0; } /* * Anti replay window advance * inputs need to be in host byte order. + * This function both advances the anti-replay window and the sequence number + * We always need to move on the SN but the window updates are only needed + * if AR is on. + * However, updating the window is trivial, so we do it anyway to save + * the branch cost. */ always_inline void -ipsec_sa_anti_replay_advance (ipsec_sa_t * sa, u32 seq) +ipsec_sa_anti_replay_advance (ipsec_sa_t *sa, u32 seq, u32 hi_seq) { u32 pos; - if (PREDICT_TRUE (sa->flags & IPSEC_SA_FLAG_USE_ANTI_REPLAY) == 0) - return; - if (PREDICT_TRUE (sa->flags & IPSEC_SA_FLAG_USE_ESN)) + if (ipsec_sa_is_set_USE_ESN (sa)) { - int wrap = sa->seq_hi - sa->last_seq_hi; + int wrap = hi_seq - sa->seq_hi; - if (wrap == 0 && seq > sa->last_seq) + if (wrap == 0 && seq > sa->seq) { - pos = seq - sa->last_seq; + pos = seq - sa->seq; if (pos < IPSEC_SA_ANTI_REPLAY_WINDOW_SIZE) sa->replay_window = ((sa->replay_window) << pos) | 1; else sa->replay_window = 1; - sa->last_seq = seq; + sa->seq = seq; } else if (wrap > 0) { - pos = ~seq + sa->last_seq + 1; + pos = ~seq + sa->seq + 1; if (pos < IPSEC_SA_ANTI_REPLAY_WINDOW_SIZE) sa->replay_window = ((sa->replay_window) << pos) | 1; else sa->replay_window = 1; - sa->last_seq = seq; - sa->last_seq_hi = sa->seq_hi; + sa->seq = seq; + sa->seq_hi = hi_seq; } else if (wrap < 0) { - pos = ~seq + sa->last_seq + 1; + pos = ~seq + sa->seq + 1; sa->replay_window |= (1ULL << pos); } else { - pos = sa->last_seq - seq; + pos = sa->seq - seq; sa->replay_window |= (1ULL << pos); } } else { - if (seq > sa->last_seq) + if (seq > sa->seq) { - pos = seq - sa->last_seq; + pos = seq - sa->seq; if (pos < IPSEC_SA_ANTI_REPLAY_WINDOW_SIZE) sa->replay_window = ((sa->replay_window) << pos) | 1; else sa->replay_window = 1; - sa->last_seq = seq; + sa->seq = seq; } else { - pos = sa->last_seq - seq; + pos = sa->seq - seq; sa->replay_window |= (1ULL << pos); } } @@ -501,6 +601,12 @@ ipsec_sa_assign_thread (u32 thread_id) : (unix_time_now_nsec () % vlib_num_workers ()) + 1); } +always_inline ipsec_sa_t * +ipsec_sa_get (u32 sa_index) +{ + return (pool_elt_at_index (ipsec_sa_pool, sa_index)); +} + #endif /* __IPSEC_SPD_SA_H__ */ /*