2 * Copyright (c) 2015 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
16 #include <vlib/vlib.h>
17 #include <vnet/vnet.h>
18 #include <vnet/pg/pg.h>
19 #include <vppinfra/error.h>
20 #include <vnet/ip/udp.h>
21 #include <vnet/ipsec/ipsec.h>
22 #include <vnet/ipsec/ikev2.h>
23 #include <vnet/ipsec/ikev2_priv.h>
25 static int ikev2_delete_tunnel_interface (vnet_main_t * vnm,
27 ikev2_child_sa_t * child);
29 #define ikev2_set_state(sa, v) do { \
31 clib_warning("sa state changed to " #v); \
41 format_ikev2_trace (u8 * s, va_list * args)
43 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
44 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
45 ikev2_trace_t *t = va_arg (*args, ikev2_trace_t *);
47 s = format (s, "ikev2: sw_if_index %d, next index %d",
48 t->sw_if_index, t->next_index);
52 static vlib_node_registration_t ikev2_node;
54 #define foreach_ikev2_error \
55 _(PROCESSED, "IKEv2 packets processed") \
56 _(IKE_SA_INIT_RETRANSMIT, "IKE_SA_INIT retransmit ") \
57 _(IKE_SA_INIT_IGNORE, "IKE_SA_INIT ignore (IKE SA already auth)") \
58 _(IKE_REQ_RETRANSMIT, "IKE request retransmit") \
59 _(IKE_REQ_IGNORE, "IKE request ignore (old msgid)") \
60 _(NOT_IKEV2, "Non IKEv2 packets received")
64 #define _(sym,str) IKEV2_ERROR_##sym,
70 static char *ikev2_error_strings[] = {
71 #define _(sym,string) string,
78 IKEV2_NEXT_IP4_LOOKUP,
79 IKEV2_NEXT_ERROR_DROP,
83 static ikev2_sa_transform_t *
84 ikev2_find_transform_data (ikev2_sa_transform_t * t)
86 ikev2_main_t *km = &ikev2_main;
87 ikev2_sa_transform_t *td;
89 vec_foreach (td, km->supported_transforms)
91 if (td->type != t->type)
94 if (td->transform_id != t->transform_id)
97 if (td->type == IKEV2_TRANSFORM_TYPE_ENCR)
99 if (vec_len (t->attrs) != 4 || t->attrs[0] != 0x80
100 || t->attrs[1] != 14)
103 if (((t->attrs[2] << 8 | t->attrs[3]) / 8) != td->key_len)
111 static ikev2_sa_proposal_t *
112 ikev2_select_proposal (ikev2_sa_proposal_t * proposals,
113 ikev2_protocol_id_t prot_id)
115 ikev2_sa_proposal_t *rv = 0;
116 ikev2_sa_proposal_t *proposal;
117 ikev2_sa_transform_t *transform, *new_t;
118 u8 mandatory_bitmap, optional_bitmap;
120 if (prot_id == IKEV2_PROTOCOL_IKE)
122 mandatory_bitmap = (1 << IKEV2_TRANSFORM_TYPE_ENCR) |
123 (1 << IKEV2_TRANSFORM_TYPE_PRF) |
124 (1 << IKEV2_TRANSFORM_TYPE_INTEG) | (1 << IKEV2_TRANSFORM_TYPE_DH);
125 optional_bitmap = mandatory_bitmap;
127 else if (prot_id == IKEV2_PROTOCOL_ESP)
129 mandatory_bitmap = (1 << IKEV2_TRANSFORM_TYPE_ENCR) |
130 (1 << IKEV2_TRANSFORM_TYPE_ESN);
131 optional_bitmap = mandatory_bitmap |
132 (1 << IKEV2_TRANSFORM_TYPE_INTEG) | (1 << IKEV2_TRANSFORM_TYPE_DH);
134 else if (prot_id == IKEV2_PROTOCOL_AH)
136 mandatory_bitmap = (1 << IKEV2_TRANSFORM_TYPE_INTEG) |
137 (1 << IKEV2_TRANSFORM_TYPE_ESN);
138 optional_bitmap = mandatory_bitmap | (1 << IKEV2_TRANSFORM_TYPE_DH);
143 vec_add2 (rv, proposal, 1);
145 vec_foreach (proposal, proposals)
148 if (proposal->protocol_id != prot_id)
151 vec_foreach (transform, proposal->transforms)
153 if ((1 << transform->type) & bitmap)
156 if (ikev2_find_transform_data (transform))
158 bitmap |= 1 << transform->type;
159 vec_add2 (rv->transforms, new_t, 1);
160 clib_memcpy (new_t, transform, sizeof (*new_t));
161 new_t->attrs = vec_dup (transform->attrs);
165 clib_warning ("bitmap is %x mandatory is %x optional is %x",
166 bitmap, mandatory_bitmap, optional_bitmap);
168 if ((bitmap & mandatory_bitmap) == mandatory_bitmap &&
169 (bitmap & ~optional_bitmap) == 0)
171 rv->proposal_num = proposal->proposal_num;
172 rv->protocol_id = proposal->protocol_id;
173 RAND_bytes ((u8 *) & rv->spi, sizeof (rv->spi));
178 vec_free (rv->transforms);
187 ikev2_sa_transform_t *
188 ikev2_sa_get_td_for_type (ikev2_sa_proposal_t * p,
189 ikev2_transform_type_t type)
191 ikev2_sa_transform_t *t;
196 vec_foreach (t, p->transforms)
199 return ikev2_find_transform_data (t);
205 ikev2_sa_get_child (ikev2_sa_t * sa, u32 spi, ikev2_protocol_id_t prot_id)
208 vec_foreach (c, sa->childs)
210 if (c->i_proposals[0].spi == spi
211 && c->i_proposals[0].protocol_id == prot_id)
219 ikev2_sa_free_proposal_vector (ikev2_sa_proposal_t ** v)
221 ikev2_sa_proposal_t *p;
222 ikev2_sa_transform_t *t;
229 vec_foreach (t, p->transforms)
233 vec_free (p->transforms);
239 ikev2_sa_free_all_child_sa (ikev2_child_sa_t ** childs)
242 vec_foreach (c, *childs)
244 ikev2_sa_free_proposal_vector (&c->r_proposals);
245 ikev2_sa_free_proposal_vector (&c->i_proposals);
256 ikev2_sa_del_child_sa (ikev2_sa_t * sa, ikev2_child_sa_t * child)
258 ikev2_sa_free_proposal_vector (&child->r_proposals);
259 ikev2_sa_free_proposal_vector (&child->i_proposals);
260 vec_free (child->sk_ai);
261 vec_free (child->sk_ar);
262 vec_free (child->sk_ei);
263 vec_free (child->sk_er);
265 vec_del1 (sa->childs, child - sa->childs);
269 ikev2_sa_free_all_vec (ikev2_sa_t * sa)
271 vec_free (sa->i_nonce);
272 vec_free (sa->i_dh_data);
273 vec_free (sa->dh_shared_key);
275 ikev2_sa_free_proposal_vector (&sa->r_proposals);
276 ikev2_sa_free_proposal_vector (&sa->i_proposals);
279 vec_free (sa->sk_ai);
280 vec_free (sa->sk_ar);
281 vec_free (sa->sk_ei);
282 vec_free (sa->sk_er);
283 vec_free (sa->sk_pi);
284 vec_free (sa->sk_pr);
286 vec_free (sa->i_id.data);
287 vec_free (sa->i_auth.data);
288 vec_free (sa->r_id.data);
289 vec_free (sa->r_auth.data);
291 EVP_PKEY_free (sa->r_auth.key);
295 ikev2_sa_free_all_child_sa (&sa->childs);
299 ikev2_delete_sa (ikev2_sa_t * sa)
301 ikev2_main_t *km = &ikev2_main;
302 u32 cpu_index = os_get_cpu_number ();
305 ikev2_sa_free_all_vec (sa);
307 p = hash_get (km->per_thread_data[cpu_index].sa_by_rspi, sa->rspi);
310 hash_unset (km->per_thread_data[cpu_index].sa_by_rspi, sa->rspi);
311 pool_put (km->per_thread_data[cpu_index].sas, sa);
316 ikev2_generate_sa_init_data (ikev2_sa_t * sa)
318 ikev2_sa_transform_t *t = 0, *t2;
319 ikev2_main_t *km = &ikev2_main;
321 if (sa->dh_group == IKEV2_TRANSFORM_DH_TYPE_NONE)
326 /* check if received DH group is on our list of supported groups */
327 vec_foreach (t2, km->supported_transforms)
329 if (t2->type == IKEV2_TRANSFORM_TYPE_DH && sa->dh_group == t2->dh_type)
338 clib_warning ("unknown dh data group %u (data len %u)", sa->dh_group,
339 vec_len (sa->i_dh_data));
340 sa->dh_group = IKEV2_TRANSFORM_DH_TYPE_NONE;
345 RAND_bytes ((u8 *) & sa->rspi, 8);
348 sa->r_nonce = vec_new (u8, IKEV2_NONCE_SIZE);
349 RAND_bytes ((u8 *) sa->r_nonce, IKEV2_NONCE_SIZE);
351 /* generate dh keys */
352 ikev2_generate_dh (sa, t);
356 ikev2_calc_keys (ikev2_sa_t * sa)
359 /* calculate SKEYSEED = prf(Ni | Nr, g^ir) */
362 ikev2_sa_transform_t *tr_encr, *tr_prf, *tr_integ;
364 ikev2_sa_get_td_for_type (sa->r_proposals, IKEV2_TRANSFORM_TYPE_ENCR);
366 ikev2_sa_get_td_for_type (sa->r_proposals, IKEV2_TRANSFORM_TYPE_PRF);
368 ikev2_sa_get_td_for_type (sa->r_proposals, IKEV2_TRANSFORM_TYPE_INTEG);
370 vec_append (s, sa->i_nonce);
371 vec_append (s, sa->r_nonce);
372 skeyseed = ikev2_calc_prf (tr_prf, s, sa->dh_shared_key);
374 /* Calculate S = Ni | Nr | SPIi | SPIr */
376 vec_add2 (s, tmp, 2 * sizeof (*spi));
378 spi[0] = clib_host_to_net_u64 (sa->ispi);
379 spi[1] = clib_host_to_net_u64 (sa->rspi);
381 /* calculate PRFplus */
383 int len = tr_prf->key_trunc + /* SK_d */
384 tr_integ->key_len * 2 + /* SK_ai, SK_ar */
385 tr_encr->key_len * 2 + /* SK_ei, SK_er */
386 tr_prf->key_len * 2; /* SK_pi, SK_pr */
388 keymat = ikev2_calc_prfplus (tr_prf, skeyseed, s, len);
395 sa->sk_d = vec_new (u8, tr_prf->key_trunc);
396 clib_memcpy (sa->sk_d, keymat + pos, tr_prf->key_trunc);
397 pos += tr_prf->key_trunc;
400 sa->sk_ai = vec_new (u8, tr_integ->key_len);
401 clib_memcpy (sa->sk_ai, keymat + pos, tr_integ->key_len);
402 pos += tr_integ->key_len;
405 sa->sk_ar = vec_new (u8, tr_integ->key_len);
406 clib_memcpy (sa->sk_ar, keymat + pos, tr_integ->key_len);
407 pos += tr_integ->key_len;
410 sa->sk_ei = vec_new (u8, tr_encr->key_len);
411 clib_memcpy (sa->sk_ei, keymat + pos, tr_encr->key_len);
412 pos += tr_encr->key_len;
415 sa->sk_er = vec_new (u8, tr_encr->key_len);
416 clib_memcpy (sa->sk_er, keymat + pos, tr_encr->key_len);
417 pos += tr_encr->key_len;
420 sa->sk_pi = vec_new (u8, tr_prf->key_len);
421 clib_memcpy (sa->sk_pi, keymat + pos, tr_prf->key_len);
422 pos += tr_prf->key_len;
425 sa->sk_pr = vec_new (u8, tr_prf->key_len);
426 clib_memcpy (sa->sk_pr, keymat + pos, tr_prf->key_len);
427 pos += tr_prf->key_len;
433 ikev2_calc_child_keys (ikev2_sa_t * sa, ikev2_child_sa_t * child)
436 ikev2_sa_transform_t *tr_prf, *ctr_encr, *ctr_integ;
438 ikev2_sa_get_td_for_type (sa->r_proposals, IKEV2_TRANSFORM_TYPE_PRF);
440 ikev2_sa_get_td_for_type (child->r_proposals, IKEV2_TRANSFORM_TYPE_ENCR);
442 ikev2_sa_get_td_for_type (child->r_proposals, IKEV2_TRANSFORM_TYPE_INTEG);
444 vec_append (s, sa->i_nonce);
445 vec_append (s, sa->r_nonce);
446 /* calculate PRFplus */
448 int len = ctr_encr->key_len * 2 + ctr_integ->key_len * 2;
450 keymat = ikev2_calc_prfplus (tr_prf, sa->sk_d, s, len);
455 child->sk_ei = vec_new (u8, ctr_encr->key_len);
456 clib_memcpy (child->sk_ei, keymat + pos, ctr_encr->key_len);
457 pos += ctr_encr->key_len;
460 child->sk_ai = vec_new (u8, ctr_integ->key_len);
461 clib_memcpy (child->sk_ai, keymat + pos, ctr_integ->key_len);
462 pos += ctr_integ->key_len;
465 child->sk_er = vec_new (u8, ctr_encr->key_len);
466 clib_memcpy (child->sk_er, keymat + pos, ctr_encr->key_len);
467 pos += ctr_encr->key_len;
470 child->sk_ar = vec_new (u8, ctr_integ->key_len);
471 clib_memcpy (child->sk_ar, keymat + pos, ctr_integ->key_len);
472 pos += ctr_integ->key_len;
480 ikev2_process_sa_init_req (vlib_main_t * vm, ikev2_sa_t * sa,
484 u32 len = clib_net_to_host_u32 (ike->length);
485 u8 payload = ike->nextpayload;
487 clib_warning ("ispi %lx rspi %lx nextpayload %x version %x "
488 "exchange %x flags %x msgid %x length %u",
489 clib_net_to_host_u64 (ike->ispi),
490 clib_net_to_host_u64 (ike->rspi),
491 payload, ike->version,
492 ike->exchange, ike->flags,
493 clib_net_to_host_u32 (ike->msgid), len);
495 sa->ispi = clib_net_to_host_u64 (ike->ispi);
497 /* store whole IKE payload - needed for PSK auth */
498 vec_free (sa->last_sa_init_req_packet_data);
499 vec_add (sa->last_sa_init_req_packet_data, ike, len);
501 while (p < len && payload != IKEV2_PAYLOAD_NONE)
503 ike_payload_header_t *ikep = (ike_payload_header_t *) & ike->payload[p];
504 u32 plen = clib_net_to_host_u16 (ikep->length);
506 if (plen < sizeof (ike_payload_header_t))
509 if (payload == IKEV2_PAYLOAD_SA)
511 ikev2_sa_free_proposal_vector (&sa->i_proposals);
512 sa->i_proposals = ikev2_parse_sa_payload (ikep);
514 else if (payload == IKEV2_PAYLOAD_KE)
516 ike_ke_payload_header_t *ke = (ike_ke_payload_header_t *) ikep;
517 sa->dh_group = clib_net_to_host_u16 (ke->dh_group);
518 vec_free (sa->i_dh_data);
519 vec_add (sa->i_dh_data, ke->payload, plen - sizeof (*ke));
521 else if (payload == IKEV2_PAYLOAD_NONCE)
523 vec_free (sa->i_nonce);
524 vec_add (sa->i_nonce, ikep->payload, plen - sizeof (*ikep));
526 else if (payload == IKEV2_PAYLOAD_NOTIFY)
528 ikev2_notify_t *n = ikev2_parse_notify_payload (ikep);
531 else if (payload == IKEV2_PAYLOAD_VENDOR)
533 ikev2_parse_vendor_payload (ikep);
537 clib_warning ("unknown payload %u flags %x length %u", payload,
539 if (ikep->flags & IKEV2_PAYLOAD_FLAG_CRITICAL)
541 ikev2_set_state (sa, IKEV2_STATE_NOTIFY_AND_DELETE);
542 sa->unsupported_cp = payload;
547 payload = ikep->nextpayload;
551 ikev2_set_state (sa, IKEV2_STATE_SA_INIT);
555 ikev2_decrypt_sk_payload (ikev2_sa_t * sa, ike_header_t * ike, u8 * payload)
560 u32 len = clib_net_to_host_u32 (ike->length);
561 ike_payload_header_t *ikep = 0;
563 ikev2_sa_transform_t *tr_integ;
565 ikev2_sa_get_td_for_type (sa->r_proposals, IKEV2_TRANSFORM_TYPE_INTEG);
568 *payload != IKEV2_PAYLOAD_NONE && last_payload != IKEV2_PAYLOAD_SK)
570 ikep = (ike_payload_header_t *) & ike->payload[p];
571 plen = clib_net_to_host_u16 (ikep->length);
573 if (plen < sizeof (*ikep))
576 if (*payload == IKEV2_PAYLOAD_SK)
578 clib_warning ("received IKEv2 payload SK, len %u", plen - 4);
579 last_payload = *payload;
583 clib_warning ("unknown payload %u flags %x length %u", payload,
585 if (ikep->flags & IKEV2_PAYLOAD_FLAG_CRITICAL)
587 sa->unsupported_cp = *payload;
592 *payload = ikep->nextpayload;
596 if (last_payload != IKEV2_PAYLOAD_SK)
598 clib_warning ("Last payload must be SK");
602 hmac = ikev2_calc_integr (tr_integ, sa->sk_ai, (u8 *) ike,
603 len - tr_integ->key_trunc);
605 plen = plen - sizeof (*ikep) - tr_integ->key_trunc;
607 if (memcmp (hmac, &ikep->payload[plen], tr_integ->key_trunc))
609 clib_warning ("message integrity check failed");
615 return ikev2_decrypt_data (sa, ikep->payload, plen);
619 ikev2_initial_contact_cleanup (ikev2_sa_t * sa)
621 ikev2_main_t *km = &ikev2_main;
625 u32 cpu_index = os_get_cpu_number ();
627 if (!sa->initial_contact)
630 /* find old IKE SAs with the same authenticated identity */
632 pool_foreach (tmp, km->per_thread_data[cpu_index].sas, ({
633 if (tmp->i_id.type != sa->i_id.type ||
634 vec_len(tmp->i_id.data) != vec_len(sa->i_id.data) ||
635 memcmp(sa->i_id.data, tmp->i_id.data, vec_len(sa->i_id.data)))
638 if (sa->rspi != tmp->rspi)
639 vec_add1(delete, tmp - km->per_thread_data[cpu_index].sas);
643 for (i = 0; i < vec_len (delete); i++)
645 tmp = pool_elt_at_index (km->per_thread_data[cpu_index].sas, delete[i]);
646 vec_foreach (c, tmp->childs)
647 ikev2_delete_tunnel_interface (km->vnet_main, tmp, c);
648 ikev2_delete_sa (tmp);
652 sa->initial_contact = 0;
656 ikev2_process_auth_req (vlib_main_t * vm, ikev2_sa_t * sa, ike_header_t * ike)
658 ikev2_child_sa_t *first_child_sa;
660 u32 len = clib_net_to_host_u32 (ike->length);
661 u8 payload = ike->nextpayload;
664 ike_payload_header_t *ikep;
667 clib_warning ("ispi %lx rspi %lx nextpayload %x version %x "
668 "exchange %x flags %x msgid %x length %u",
669 clib_net_to_host_u64 (ike->ispi),
670 clib_net_to_host_u64 (ike->rspi),
671 payload, ike->version,
672 ike->exchange, ike->flags,
673 clib_net_to_host_u32 (ike->msgid), len);
675 ikev2_calc_keys (sa);
677 plaintext = ikev2_decrypt_sk_payload (sa, ike, &payload);
681 if (sa->unsupported_cp)
682 ikev2_set_state (sa, IKEV2_STATE_NOTIFY_AND_DELETE);
683 goto cleanup_and_exit;
686 /* create 1st child SA */
687 ikev2_sa_free_all_child_sa (&sa->childs);
688 vec_add2 (sa->childs, first_child_sa, 1);
691 /* process encrypted payload */
693 while (p < vec_len (plaintext) && payload != IKEV2_PAYLOAD_NONE)
695 ikep = (ike_payload_header_t *) & plaintext[p];
696 plen = clib_net_to_host_u16 (ikep->length);
698 if (plen < sizeof (ike_payload_header_t))
699 goto cleanup_and_exit;
701 if (payload == IKEV2_PAYLOAD_SA) /* 33 */
703 clib_warning ("received payload SA, len %u", plen - sizeof (*ikep));
704 ikev2_sa_free_proposal_vector (&first_child_sa->i_proposals);
705 first_child_sa->i_proposals = ikev2_parse_sa_payload (ikep);
707 else if (payload == IKEV2_PAYLOAD_IDI) /* 35 */
709 ike_id_payload_header_t *id = (ike_id_payload_header_t *) ikep;
711 sa->i_id.type = id->id_type;
712 vec_free (sa->i_id.data);
713 vec_add (sa->i_id.data, id->payload, plen - sizeof (*id));
715 clib_warning ("received payload IDi, len %u id_type %u",
716 plen - sizeof (*id), id->id_type);
718 else if (payload == IKEV2_PAYLOAD_AUTH) /* 39 */
720 ike_auth_payload_header_t *a = (ike_auth_payload_header_t *) ikep;
722 sa->i_auth.method = a->auth_method;
723 vec_free (sa->i_auth.data);
724 vec_add (sa->i_auth.data, a->payload, plen - sizeof (*a));
726 clib_warning ("received payload AUTH, len %u auth_type %u",
727 plen - sizeof (*a), a->auth_method);
729 else if (payload == IKEV2_PAYLOAD_NOTIFY) /* 41 */
731 ikev2_notify_t *n = ikev2_parse_notify_payload (ikep);
732 if (n->msg_type == IKEV2_NOTIFY_MSG_INITIAL_CONTACT)
734 sa->initial_contact = 1;
738 else if (payload == IKEV2_PAYLOAD_VENDOR) /* 43 */
740 ikev2_parse_vendor_payload (ikep);
742 else if (payload == IKEV2_PAYLOAD_TSI) /* 44 */
744 clib_warning ("received payload TSi, len %u",
745 plen - sizeof (*ikep));
747 vec_free (first_child_sa->tsi);
748 first_child_sa->tsi = ikev2_parse_ts_payload (ikep);
750 else if (payload == IKEV2_PAYLOAD_TSR) /* 45 */
752 clib_warning ("received payload TSr, len %u",
753 plen - sizeof (*ikep));
755 vec_free (first_child_sa->tsr);
756 first_child_sa->tsr = ikev2_parse_ts_payload (ikep);
760 clib_warning ("unknown payload %u flags %x length %u data %u",
761 payload, ikep->flags, plen - 4,
762 format_hex_bytes, ikep->payload, plen - 4);
764 if (ikep->flags & IKEV2_PAYLOAD_FLAG_CRITICAL)
766 ikev2_set_state (sa, IKEV2_STATE_NOTIFY_AND_DELETE);
767 sa->unsupported_cp = payload;
772 payload = ikep->nextpayload;
777 vec_free (plaintext);
781 ikev2_process_informational_req (vlib_main_t * vm, ikev2_sa_t * sa,
785 u32 len = clib_net_to_host_u32 (ike->length);
786 u8 payload = ike->nextpayload;
789 ike_payload_header_t *ikep;
792 clib_warning ("ispi %lx rspi %lx nextpayload %x version %x "
793 "exchange %x flags %x msgid %x length %u",
794 clib_net_to_host_u64 (ike->ispi),
795 clib_net_to_host_u64 (ike->rspi),
796 payload, ike->version,
797 ike->exchange, ike->flags,
798 clib_net_to_host_u32 (ike->msgid), len);
800 plaintext = ikev2_decrypt_sk_payload (sa, ike, &payload);
803 goto cleanup_and_exit;
805 /* process encrypted payload */
807 while (p < vec_len (plaintext) && payload != IKEV2_PAYLOAD_NONE)
809 ikep = (ike_payload_header_t *) & plaintext[p];
810 plen = clib_net_to_host_u16 (ikep->length);
812 if (plen < sizeof (ike_payload_header_t))
813 goto cleanup_and_exit;
815 if (payload == IKEV2_PAYLOAD_NOTIFY) /* 41 */
817 ikev2_notify_t *n = ikev2_parse_notify_payload (ikep);
818 if (n->msg_type == IKEV2_NOTIFY_MSG_AUTHENTICATION_FAILED)
819 ikev2_set_state (sa, IKEV2_STATE_AUTH_FAILED);
822 else if (payload == IKEV2_PAYLOAD_DELETE) /* 42 */
824 sa->del = ikev2_parse_delete_payload (ikep);
826 else if (payload == IKEV2_PAYLOAD_VENDOR) /* 43 */
828 ikev2_parse_vendor_payload (ikep);
832 clib_warning ("unknown payload %u flags %x length %u data %u",
833 payload, ikep->flags, plen - 4,
834 format_hex_bytes, ikep->payload, plen - 4);
836 if (ikep->flags & IKEV2_PAYLOAD_FLAG_CRITICAL)
838 sa->unsupported_cp = payload;
843 payload = ikep->nextpayload;
848 vec_free (plaintext);
852 ikev2_process_create_child_sa_req (vlib_main_t * vm, ikev2_sa_t * sa,
856 u32 len = clib_net_to_host_u32 (ike->length);
857 u8 payload = ike->nextpayload;
860 u8 i_nonce[IKEV2_NONCE_SIZE];
862 ike_payload_header_t *ikep;
864 ikev2_notify_t *n = 0;
867 ikev2_sa_proposal_t *proposal = 0;
868 ikev2_child_sa_t *child_sa;
870 clib_warning ("ispi %lx rspi %lx nextpayload %x version %x "
871 "exchange %x flags %x msgid %x length %u",
872 clib_net_to_host_u64 (ike->ispi),
873 clib_net_to_host_u64 (ike->rspi),
874 payload, ike->version,
875 ike->exchange, ike->flags,
876 clib_net_to_host_u32 (ike->msgid), len);
878 plaintext = ikev2_decrypt_sk_payload (sa, ike, &payload);
881 goto cleanup_and_exit;
883 /* process encrypted payload */
885 while (p < vec_len (plaintext) && payload != IKEV2_PAYLOAD_NONE)
887 ikep = (ike_payload_header_t *) & plaintext[p];
888 plen = clib_net_to_host_u16 (ikep->length);
890 if (plen < sizeof (ike_payload_header_t))
891 goto cleanup_and_exit;
893 else if (payload == IKEV2_PAYLOAD_SA)
895 proposal = ikev2_parse_sa_payload (ikep);
897 else if (payload == IKEV2_PAYLOAD_NOTIFY)
899 n = ikev2_parse_notify_payload (ikep);
900 if (n->msg_type == IKEV2_NOTIFY_MSG_REKEY_SA)
905 else if (payload == IKEV2_PAYLOAD_DELETE)
907 sa->del = ikev2_parse_delete_payload (ikep);
909 else if (payload == IKEV2_PAYLOAD_VENDOR)
911 ikev2_parse_vendor_payload (ikep);
913 else if (payload == IKEV2_PAYLOAD_NONCE)
915 clib_memcpy (i_nonce, ikep->payload, plen - sizeof (*ikep));
917 else if (payload == IKEV2_PAYLOAD_TSI)
919 tsi = ikev2_parse_ts_payload (ikep);
921 else if (payload == IKEV2_PAYLOAD_TSR)
923 tsr = ikev2_parse_ts_payload (ikep);
927 clib_warning ("unknown payload %u flags %x length %u data %u",
928 payload, ikep->flags, plen - 4,
929 format_hex_bytes, ikep->payload, plen - 4);
931 if (ikep->flags & IKEV2_PAYLOAD_FLAG_CRITICAL)
933 sa->unsupported_cp = payload;
938 payload = ikep->nextpayload;
944 ikev2_rekey_t *rekey;
945 child_sa = ikev2_sa_get_child (sa, n->spi, n->protocol_id);
948 clib_warning ("child SA spi %lx not found", n->spi);
949 goto cleanup_and_exit;
951 vec_add2 (sa->rekey, rekey, 1);
952 rekey->protocol_id = n->protocol_id;
954 rekey->i_proposal = proposal;
956 ikev2_select_proposal (proposal, IKEV2_PROTOCOL_ESP);
960 vec_free (sa->i_nonce);
961 vec_add (sa->i_nonce, i_nonce, IKEV2_NONCE_SIZE);
962 /* generate new Nr */
963 vec_free (sa->r_nonce);
964 sa->r_nonce = vec_new (u8, IKEV2_NONCE_SIZE);
965 RAND_bytes ((u8 *) sa->r_nonce, IKEV2_NONCE_SIZE);
969 vec_free (plaintext);
974 ikev2_sa_generate_authmsg (ikev2_sa_t * sa, int is_responder)
982 ikev2_sa_transform_t *tr_prf;
985 ikev2_sa_get_td_for_type (sa->r_proposals, IKEV2_TRANSFORM_TYPE_PRF);
992 packet_data = sa->last_sa_init_res_packet_data;
999 packet_data = sa->last_sa_init_req_packet_data;
1002 data = vec_new (u8, 4);
1004 vec_append (data, id->data);
1006 u8 *id_hash = ikev2_calc_prf (tr_prf, key, data);
1007 vec_append (authmsg, packet_data);
1008 vec_append (authmsg, nonce);
1009 vec_append (authmsg, id_hash);
1017 ikev2_ts_cmp (ikev2_ts_t * ts1, ikev2_ts_t * ts2)
1019 if (ts1->ts_type == ts2->ts_type && ts1->protocol_id == ts2->protocol_id &&
1020 ts1->start_port == ts2->start_port && ts1->end_port == ts2->end_port &&
1021 ts1->start_addr.as_u32 == ts2->start_addr.as_u32 &&
1022 ts1->end_addr.as_u32 == ts2->end_addr.as_u32)
1029 ikev2_sa_match_ts (ikev2_sa_t * sa)
1031 ikev2_main_t *km = &ikev2_main;
1033 ikev2_ts_t *ts, *tsi = 0, *tsr = 0;
1036 pool_foreach (p, km->profiles, ({
1039 if (p->rem_id.type != sa->i_id.type ||
1040 vec_len(p->rem_id.data) != vec_len(sa->i_id.data) ||
1041 memcmp(p->rem_id.data, sa->i_id.data, vec_len(p->rem_id.data)))
1044 vec_foreach(ts, sa->childs[0].tsi)
1046 if (ikev2_ts_cmp(&p->rem_ts, ts))
1053 vec_foreach(ts, sa->childs[0].tsr)
1055 if (ikev2_ts_cmp(&p->loc_ts, ts))
1068 vec_free (sa->childs[0].tsi);
1069 vec_free (sa->childs[0].tsr);
1070 sa->childs[0].tsi = tsi;
1071 sa->childs[0].tsr = tsr;
1077 ikev2_set_state (sa, IKEV2_STATE_TS_UNACCEPTABLE);
1082 ikev2_sa_auth (ikev2_sa_t * sa)
1084 ikev2_main_t *km = &ikev2_main;
1085 ikev2_profile_t *p, *sel_p = 0;
1086 u8 *authmsg, *key_pad, *psk = 0, *auth = 0;
1087 ikev2_sa_transform_t *tr_prf;
1090 ikev2_sa_get_td_for_type (sa->r_proposals, IKEV2_TRANSFORM_TYPE_PRF);
1092 /* only shared key and rsa signature */
1093 if (!(sa->i_auth.method == IKEV2_AUTH_METHOD_SHARED_KEY_MIC ||
1094 sa->i_auth.method == IKEV2_AUTH_METHOD_RSA_SIG))
1096 clib_warning ("unsupported authentication method %u",
1098 ikev2_set_state (sa, IKEV2_STATE_AUTH_FAILED);
1102 key_pad = format (0, "%s", IKEV2_KEY_PAD);
1103 authmsg = ikev2_sa_generate_authmsg (sa, 0);
1106 pool_foreach (p, km->profiles, ({
1109 if (p->rem_id.type != sa->i_id.type ||
1110 vec_len(p->rem_id.data) != vec_len(sa->i_id.data) ||
1111 memcmp(p->rem_id.data, sa->i_id.data, vec_len(p->rem_id.data)))
1114 if (sa->i_auth.method == IKEV2_AUTH_METHOD_SHARED_KEY_MIC)
1116 if (!p->auth.data ||
1117 p->auth.method != IKEV2_AUTH_METHOD_SHARED_KEY_MIC)
1120 psk = ikev2_calc_prf(tr_prf, p->auth.data, key_pad);
1121 auth = ikev2_calc_prf(tr_prf, psk, authmsg);
1123 if (!memcmp(auth, sa->i_auth.data, vec_len(sa->i_auth.data)))
1125 ikev2_set_state(sa, IKEV2_STATE_AUTHENTICATED);
1132 else if (sa->i_auth.method == IKEV2_AUTH_METHOD_RSA_SIG)
1134 if (p->auth.method != IKEV2_AUTH_METHOD_RSA_SIG)
1137 if (ikev2_verify_sign(p->auth.key, sa->i_auth.data, authmsg) == 1)
1139 ikev2_set_state(sa, IKEV2_STATE_AUTHENTICATED);
1152 if (sa->state == IKEV2_STATE_AUTHENTICATED)
1154 vec_free (sa->r_id.data);
1155 sa->r_id.data = vec_dup (sel_p->loc_id.data);
1156 sa->r_id.type = sel_p->loc_id.type;
1158 /* generate our auth data */
1159 authmsg = ikev2_sa_generate_authmsg (sa, 1);
1160 if (sel_p->auth.method == IKEV2_AUTH_METHOD_SHARED_KEY_MIC)
1162 sa->r_auth.data = ikev2_calc_prf (tr_prf, psk, authmsg);
1163 sa->r_auth.method = IKEV2_AUTH_METHOD_SHARED_KEY_MIC;
1165 else if (sel_p->auth.method == IKEV2_AUTH_METHOD_RSA_SIG)
1167 sa->r_auth.data = ikev2_calc_sign (km->pkey, authmsg);
1168 sa->r_auth.method = IKEV2_AUTH_METHOD_RSA_SIG;
1172 /* select transforms for 1st child sa */
1173 ikev2_sa_free_proposal_vector (&sa->childs[0].r_proposals);
1174 sa->childs[0].r_proposals =
1175 ikev2_select_proposal (sa->childs[0].i_proposals, IKEV2_PROTOCOL_ESP);
1179 ikev2_set_state (sa, IKEV2_STATE_AUTH_FAILED);
1186 ikev2_create_tunnel_interface (vnet_main_t * vnm, ikev2_sa_t * sa,
1187 ikev2_child_sa_t * child)
1189 ipsec_add_del_tunnel_args_t a;
1190 ikev2_sa_transform_t *tr;
1193 if (!child->r_proposals)
1195 ikev2_set_state (sa, IKEV2_STATE_NO_PROPOSAL_CHOSEN);
1199 memset (&a, 0, sizeof (a));
1201 a.local_ip.as_u32 = sa->raddr.as_u32;
1202 a.remote_ip.as_u32 = sa->iaddr.as_u32;
1203 a.local_spi = child->i_proposals[0].spi;
1204 a.remote_spi = child->r_proposals[0].spi;
1208 ikev2_sa_get_td_for_type (child->r_proposals, IKEV2_TRANSFORM_TYPE_ESN);
1210 a.esn = tr->esn_type;
1215 ikev2_sa_get_td_for_type (child->r_proposals, IKEV2_TRANSFORM_TYPE_ENCR);
1218 if (tr->encr_type == IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC && tr->key_len)
1220 switch (tr->key_len)
1223 encr_type = IPSEC_CRYPTO_ALG_AES_CBC_128;
1226 encr_type = IPSEC_CRYPTO_ALG_AES_CBC_192;
1229 encr_type = IPSEC_CRYPTO_ALG_AES_CBC_256;
1232 ikev2_set_state (sa, IKEV2_STATE_NO_PROPOSAL_CHOSEN);
1239 ikev2_set_state (sa, IKEV2_STATE_NO_PROPOSAL_CHOSEN);
1245 ikev2_set_state (sa, IKEV2_STATE_NO_PROPOSAL_CHOSEN);
1250 ikev2_sa_get_td_for_type (child->r_proposals, IKEV2_TRANSFORM_TYPE_INTEG);
1253 if (tr->integ_type != IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA1_96)
1255 ikev2_set_state (sa, IKEV2_STATE_NO_PROPOSAL_CHOSEN);
1261 ikev2_set_state (sa, IKEV2_STATE_NO_PROPOSAL_CHOSEN);
1265 ikev2_calc_child_keys (sa, child);
1267 a.integ_alg = IPSEC_INTEG_ALG_SHA1_96;
1268 a.local_integ_key_len = vec_len (child->sk_ar);
1269 clib_memcpy (a.local_integ_key, child->sk_ar, a.local_integ_key_len);
1270 a.remote_integ_key_len = vec_len (child->sk_ai);
1271 clib_memcpy (a.remote_integ_key, child->sk_ai, a.remote_integ_key_len);
1273 a.crypto_alg = encr_type;
1274 a.local_crypto_key_len = vec_len (child->sk_er);
1275 clib_memcpy (a.local_crypto_key, child->sk_er, a.local_crypto_key_len);
1276 a.remote_crypto_key_len = vec_len (child->sk_ei);
1277 clib_memcpy (a.remote_crypto_key, child->sk_ei, a.remote_crypto_key_len);
1279 ipsec_add_del_tunnel_if (&a);
1285 ikev2_delete_tunnel_interface (vnet_main_t * vnm, ikev2_sa_t * sa,
1286 ikev2_child_sa_t * child)
1288 ipsec_add_del_tunnel_args_t a;
1290 if (!vec_len (child->r_proposals))
1294 a.local_ip.as_u32 = sa->raddr.as_u32;
1295 a.remote_ip.as_u32 = sa->iaddr.as_u32;
1296 a.local_spi = child->i_proposals[0].spi;
1297 a.remote_spi = child->r_proposals[0].spi;
1299 ipsec_add_del_tunnel_if (&a);
1304 ikev2_generate_resp (ikev2_sa_t * sa, ike_header_t * ike)
1307 ike_payload_header_t *ph;
1311 ikev2_sa_transform_t *tr_encr, *tr_integ;
1313 ikev2_sa_get_td_for_type (sa->r_proposals, IKEV2_TRANSFORM_TYPE_ENCR);
1315 ikev2_sa_get_td_for_type (sa->r_proposals, IKEV2_TRANSFORM_TYPE_INTEG);
1317 ikev2_payload_chain_t *chain = 0;
1318 ikev2_payload_new_chain (chain);
1320 if (ike->exchange == IKEV2_EXCHANGE_SA_INIT)
1322 if (sa->r_proposals == 0)
1324 ikev2_payload_add_notify (chain,
1325 IKEV2_NOTIFY_MSG_NO_PROPOSAL_CHOSEN, 0);
1326 ikev2_set_state (sa, IKEV2_STATE_NOTIFY_AND_DELETE);
1328 else if (sa->dh_group == IKEV2_TRANSFORM_DH_TYPE_NONE)
1330 u8 *data = vec_new (u8, 2);
1331 ikev2_sa_transform_t *tr_dh;
1333 ikev2_sa_get_td_for_type (sa->r_proposals,
1334 IKEV2_TRANSFORM_TYPE_DH);
1335 ASSERT (tr_dh && tr_dh->dh_type);
1337 data[0] = (tr_dh->dh_type >> 8) & 0xff;
1338 data[1] = (tr_dh->dh_type) & 0xff;
1340 ikev2_payload_add_notify (chain,
1341 IKEV2_NOTIFY_MSG_INVALID_KE_PAYLOAD,
1344 ikev2_set_state (sa, IKEV2_STATE_NOTIFY_AND_DELETE);
1346 else if (sa->state == IKEV2_STATE_NOTIFY_AND_DELETE)
1348 u8 *data = vec_new (u8, 1);
1350 data[0] = sa->unsupported_cp;
1351 ikev2_payload_add_notify (chain,
1352 IKEV2_NOTIFY_MSG_UNSUPPORTED_CRITICAL_PAYLOAD,
1358 ike->rspi = clib_host_to_net_u64 (sa->rspi);
1359 ikev2_payload_add_sa (chain, sa->r_proposals);
1360 ikev2_payload_add_ke (chain, sa->dh_group, sa->r_dh_data);
1361 ikev2_payload_add_nonce (chain, sa->r_nonce);
1364 else if (ike->exchange == IKEV2_EXCHANGE_IKE_AUTH)
1366 if (sa->state == IKEV2_STATE_AUTHENTICATED)
1368 ikev2_payload_add_id (chain, &sa->r_id, IKEV2_PAYLOAD_IDR);
1369 ikev2_payload_add_auth (chain, &sa->r_auth);
1370 ikev2_payload_add_sa (chain, sa->childs[0].r_proposals);
1371 ikev2_payload_add_ts (chain, sa->childs[0].tsi, IKEV2_PAYLOAD_TSI);
1372 ikev2_payload_add_ts (chain, sa->childs[0].tsr, IKEV2_PAYLOAD_TSR);
1374 else if (sa->state == IKEV2_STATE_AUTH_FAILED)
1376 ikev2_payload_add_notify (chain,
1377 IKEV2_NOTIFY_MSG_AUTHENTICATION_FAILED,
1379 ikev2_set_state (sa, IKEV2_STATE_NOTIFY_AND_DELETE);
1381 else if (sa->state == IKEV2_STATE_TS_UNACCEPTABLE)
1383 ikev2_payload_add_notify (chain, IKEV2_NOTIFY_MSG_TS_UNACCEPTABLE,
1385 ikev2_payload_add_id (chain, &sa->r_id, IKEV2_PAYLOAD_IDR);
1386 ikev2_payload_add_auth (chain, &sa->r_auth);
1388 else if (sa->state == IKEV2_STATE_NO_PROPOSAL_CHOSEN)
1390 ikev2_payload_add_notify (chain,
1391 IKEV2_NOTIFY_MSG_NO_PROPOSAL_CHOSEN, 0);
1392 ikev2_payload_add_id (chain, &sa->r_id, IKEV2_PAYLOAD_IDR);
1393 ikev2_payload_add_auth (chain, &sa->r_auth);
1394 ikev2_payload_add_ts (chain, sa->childs[0].tsi, IKEV2_PAYLOAD_TSI);
1395 ikev2_payload_add_ts (chain, sa->childs[0].tsr, IKEV2_PAYLOAD_TSR);
1397 else if (sa->state == IKEV2_STATE_NOTIFY_AND_DELETE)
1399 u8 *data = vec_new (u8, 1);
1401 data[0] = sa->unsupported_cp;
1402 ikev2_payload_add_notify (chain,
1403 IKEV2_NOTIFY_MSG_UNSUPPORTED_CRITICAL_PAYLOAD,
1409 ikev2_set_state (sa, IKEV2_STATE_DELETED);
1413 else if (ike->exchange == IKEV2_EXCHANGE_INFORMATIONAL)
1415 /* if pending delete */
1418 /* The response to a request that deletes the IKE SA is an empty
1419 INFORMATIONAL response. */
1420 if (sa->del[0].protocol_id == IKEV2_PROTOCOL_IKE)
1422 ikev2_set_state (sa, IKEV2_STATE_NOTIFY_AND_DELETE);
1424 /* The response to a request that deletes ESP or AH SAs will contain
1425 delete payloads for the paired SAs going in the other direction. */
1428 ikev2_payload_add_delete (chain, sa->del);
1433 /* received N(AUTHENTICATION_FAILED) */
1434 else if (sa->state == IKEV2_STATE_AUTH_FAILED)
1436 ikev2_set_state (sa, IKEV2_STATE_DELETED);
1439 /* received unsupported critical payload */
1440 else if (sa->unsupported_cp)
1442 u8 *data = vec_new (u8, 1);
1444 data[0] = sa->unsupported_cp;
1445 ikev2_payload_add_notify (chain,
1446 IKEV2_NOTIFY_MSG_UNSUPPORTED_CRITICAL_PAYLOAD,
1449 sa->unsupported_cp = 0;
1451 /* else send empty response */
1453 else if (ike->exchange == IKEV2_EXCHANGE_CREATE_CHILD_SA)
1457 ikev2_payload_add_sa (chain, sa->rekey[0].r_proposal);
1458 ikev2_payload_add_nonce (chain, sa->r_nonce);
1459 ikev2_payload_add_ts (chain, sa->rekey[0].tsi, IKEV2_PAYLOAD_TSI);
1460 ikev2_payload_add_ts (chain, sa->rekey[0].tsr, IKEV2_PAYLOAD_TSR);
1461 vec_del1 (sa->rekey, 0);
1463 else if (sa->unsupported_cp)
1465 u8 *data = vec_new (u8, 1);
1467 data[0] = sa->unsupported_cp;
1468 ikev2_payload_add_notify (chain,
1469 IKEV2_NOTIFY_MSG_UNSUPPORTED_CRITICAL_PAYLOAD,
1472 sa->unsupported_cp = 0;
1476 ikev2_payload_add_notify (chain, IKEV2_NOTIFY_MSG_NO_ADDITIONAL_SAS,
1482 ike->version = IKE_VERSION_2;
1483 ike->flags = IKEV2_HDR_FLAG_RESPONSE;
1484 ike->nextpayload = IKEV2_PAYLOAD_SK;
1485 tlen = sizeof (*ike);
1488 if (ike->exchange == IKEV2_EXCHANGE_SA_INIT)
1490 tlen += vec_len (chain->data);
1491 ike->nextpayload = chain->first_payload_type;
1492 ike->length = clib_host_to_net_u32 (tlen);
1493 clib_memcpy (ike->payload, chain->data, vec_len (chain->data));
1495 /* store whole IKE payload - needed for PSK auth */
1496 vec_free (sa->last_sa_init_res_packet_data);
1497 vec_add (sa->last_sa_init_res_packet_data, ike, tlen);
1502 ikev2_payload_chain_add_padding (chain, tr_encr->block_size);
1505 plen = sizeof (*ph);
1506 ph = (ike_payload_header_t *) & ike->payload[0];
1507 ph->nextpayload = chain->first_payload_type;
1509 int enc_len = ikev2_encrypt_data (sa, chain->data, ph->payload);
1512 /* add space for hmac */
1513 plen += tr_integ->key_trunc;
1516 /* payload and total length */
1517 ph->length = clib_host_to_net_u16 (plen);
1518 ike->length = clib_host_to_net_u32 (tlen);
1520 /* calc integrity data for whole packet except hash itself */
1521 integ = ikev2_calc_integr (tr_integ, sa->sk_ar, (u8 *) ike,
1522 tlen - tr_integ->key_trunc);
1524 clib_memcpy (ike->payload + tlen - tr_integ->key_trunc - sizeof (*ike),
1525 integ, tr_integ->key_trunc);
1527 /* store whole IKE payload - needed for retransmit */
1528 vec_free (sa->last_res_packet_data);
1529 vec_add (sa->last_res_packet_data, ike, tlen);
1533 ikev2_payload_destroy_chain (chain);
1539 ikev2_retransmit_sa_init (ike_header_t * ike,
1540 ip4_address_t iaddr, ip4_address_t raddr)
1542 ikev2_main_t *km = &ikev2_main;
1544 u32 cpu_index = os_get_cpu_number ();
1547 pool_foreach (sa, km->per_thread_data[cpu_index].sas, ({
1548 if (sa->ispi == clib_net_to_host_u64(ike->ispi) &&
1549 sa->iaddr.as_u32 == iaddr.as_u32 &&
1550 sa->raddr.as_u32 == raddr.as_u32)
1553 u32 len = clib_net_to_host_u32(ike->length);
1554 u8 payload = ike->nextpayload;
1556 while (p < len && payload!= IKEV2_PAYLOAD_NONE) {
1557 ike_payload_header_t * ikep = (ike_payload_header_t *) &ike->payload[p];
1558 u32 plen = clib_net_to_host_u16(ikep->length);
1560 if (plen < sizeof(ike_payload_header_t))
1563 if (payload == IKEV2_PAYLOAD_NONCE)
1565 if (!memcmp(sa->i_nonce, ikep->payload, plen - sizeof(*ikep)))
1567 /* req is retransmit */
1568 if (sa->state == IKEV2_STATE_SA_INIT)
1571 tmp = (ike_header_t*)sa->last_sa_init_res_packet_data;
1572 ike->ispi = tmp->ispi;
1573 ike->rspi = tmp->rspi;
1574 ike->nextpayload = tmp->nextpayload;
1575 ike->version = tmp->version;
1576 ike->exchange = tmp->exchange;
1577 ike->flags = tmp->flags;
1578 ike->msgid = tmp->msgid;
1579 ike->length = tmp->length;
1580 clib_memcpy(ike->payload, tmp->payload,
1581 clib_net_to_host_u32(tmp->length) - sizeof(*ike));
1582 clib_warning("IKE_SA_INIT retransmit from %U to %U",
1583 format_ip4_address, &raddr,
1584 format_ip4_address, &iaddr);
1587 /* else ignore req */
1590 clib_warning("IKE_SA_INIT ignore from %U to %U",
1591 format_ip4_address, &raddr,
1592 format_ip4_address, &iaddr);
1597 payload = ikep->nextpayload;
1604 /* req is not retransmit */
1609 ikev2_retransmit_resp (ikev2_sa_t * sa, ike_header_t * ike)
1611 u32 msg_id = clib_net_to_host_u32 (ike->msgid);
1614 if (msg_id > sa->last_msg_id)
1616 sa->last_msg_id = msg_id;
1619 /* retransmitted req */
1620 else if (msg_id == sa->last_msg_id)
1623 tmp = (ike_header_t *) sa->last_res_packet_data;
1624 ike->ispi = tmp->ispi;
1625 ike->rspi = tmp->rspi;
1626 ike->nextpayload = tmp->nextpayload;
1627 ike->version = tmp->version;
1628 ike->exchange = tmp->exchange;
1629 ike->flags = tmp->flags;
1630 ike->msgid = tmp->msgid;
1631 ike->length = tmp->length;
1632 clib_memcpy (ike->payload, tmp->payload,
1633 clib_net_to_host_u32 (tmp->length) - sizeof (*ike));
1634 clib_warning ("IKE msgid %u retransmit from %U to %U",
1636 format_ip4_address, &sa->raddr,
1637 format_ip4_address, &sa->iaddr);
1640 /* old req ignore */
1643 clib_warning ("IKE msgid %u req ignore from %U to %U",
1645 format_ip4_address, &sa->raddr,
1646 format_ip4_address, &sa->iaddr);
1652 ikev2_node_fn (vlib_main_t * vm,
1653 vlib_node_runtime_t * node, vlib_frame_t * frame)
1655 u32 n_left_from, *from, *to_next;
1656 ikev2_next_t next_index;
1657 ikev2_main_t *km = &ikev2_main;
1658 u32 cpu_index = os_get_cpu_number ();
1660 from = vlib_frame_vector_args (frame);
1661 n_left_from = frame->n_vectors;
1662 next_index = node->cached_next_index;
1664 while (n_left_from > 0)
1668 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
1670 while (n_left_from > 0 && n_left_to_next > 0)
1674 u32 next0 = IKEV2_NEXT_ERROR_DROP;
1679 ikev2_sa_t *sa0 = 0;
1680 ikev2_sa_t sa; /* temporary store for SA */
1684 /* speculatively enqueue b0 to the current next frame */
1690 n_left_to_next -= 1;
1692 b0 = vlib_get_buffer (vm, bi0);
1693 ike0 = vlib_buffer_get_current (b0);
1694 vlib_buffer_advance (b0, -sizeof (*udp0));
1695 udp0 = vlib_buffer_get_current (b0);
1696 vlib_buffer_advance (b0, -sizeof (*ip40));
1697 ip40 = vlib_buffer_get_current (b0);
1699 if (ike0->version != IKE_VERSION_2)
1701 vlib_node_increment_counter (vm, ikev2_node.index,
1702 IKEV2_ERROR_NOT_IKEV2, 1);
1706 if (ike0->exchange == IKEV2_EXCHANGE_SA_INIT)
1709 memset (sa0, 0, sizeof (*sa0));
1711 if (ike0->rspi == 0)
1713 sa0->raddr.as_u32 = ip40->dst_address.as_u32;
1714 sa0->iaddr.as_u32 = ip40->src_address.as_u32;
1716 r = ikev2_retransmit_sa_init (ike0, sa0->iaddr, sa0->raddr);
1719 vlib_node_increment_counter (vm, ikev2_node.index,
1720 IKEV2_ERROR_IKE_SA_INIT_RETRANSMIT,
1722 len = clib_net_to_host_u32 (ike0->length);
1727 vlib_node_increment_counter (vm, ikev2_node.index,
1728 IKEV2_ERROR_IKE_SA_INIT_IGNORE,
1733 ikev2_process_sa_init_req (vm, sa0, ike0);
1735 if (sa0->state == IKEV2_STATE_SA_INIT)
1737 ikev2_sa_free_proposal_vector (&sa0->r_proposals);
1739 ikev2_select_proposal (sa0->i_proposals,
1740 IKEV2_PROTOCOL_IKE);
1741 ikev2_generate_sa_init_data (sa0);
1744 if (sa0->state == IKEV2_STATE_SA_INIT ||
1745 sa0->state == IKEV2_STATE_NOTIFY_AND_DELETE)
1747 len = ikev2_generate_resp (sa0, ike0);
1750 if (sa0->state == IKEV2_STATE_SA_INIT)
1752 /* add SA to the pool */
1753 pool_get (km->per_thread_data[cpu_index].sas, sa0);
1754 clib_memcpy (sa0, &sa, sizeof (*sa0));
1755 hash_set (km->per_thread_data[cpu_index].sa_by_rspi,
1757 sa0 - km->per_thread_data[cpu_index].sas);
1761 ikev2_sa_free_all_vec (sa0);
1765 else if (ike0->exchange == IKEV2_EXCHANGE_IKE_AUTH)
1768 p = hash_get (km->per_thread_data[cpu_index].sa_by_rspi,
1769 clib_net_to_host_u64 (ike0->rspi));
1772 sa0 = pool_elt_at_index (km->per_thread_data[cpu_index].sas,
1775 r = ikev2_retransmit_resp (sa0, ike0);
1778 vlib_node_increment_counter (vm, ikev2_node.index,
1779 IKEV2_ERROR_IKE_REQ_RETRANSMIT,
1781 len = clib_net_to_host_u32 (ike0->length);
1786 vlib_node_increment_counter (vm, ikev2_node.index,
1787 IKEV2_ERROR_IKE_REQ_IGNORE,
1792 ikev2_process_auth_req (vm, sa0, ike0);
1793 ikev2_sa_auth (sa0);
1794 if (sa0->state == IKEV2_STATE_AUTHENTICATED)
1796 ikev2_initial_contact_cleanup (sa0);
1797 ikev2_sa_match_ts (sa0);
1798 if (sa0->state != IKEV2_STATE_TS_UNACCEPTABLE)
1799 ikev2_create_tunnel_interface (km->vnet_main, sa0,
1802 len = ikev2_generate_resp (sa0, ike0);
1805 else if (ike0->exchange == IKEV2_EXCHANGE_INFORMATIONAL)
1808 p = hash_get (km->per_thread_data[cpu_index].sa_by_rspi,
1809 clib_net_to_host_u64 (ike0->rspi));
1812 sa0 = pool_elt_at_index (km->per_thread_data[cpu_index].sas,
1815 r = ikev2_retransmit_resp (sa0, ike0);
1818 vlib_node_increment_counter (vm, ikev2_node.index,
1819 IKEV2_ERROR_IKE_REQ_RETRANSMIT,
1821 len = clib_net_to_host_u32 (ike0->length);
1826 vlib_node_increment_counter (vm, ikev2_node.index,
1827 IKEV2_ERROR_IKE_REQ_IGNORE,
1832 ikev2_process_informational_req (vm, sa0, ike0);
1835 if (sa0->del[0].protocol_id != IKEV2_PROTOCOL_IKE)
1837 ikev2_delete_t *d, *tmp, *resp = 0;
1838 vec_foreach (d, sa0->del)
1840 ikev2_child_sa_t *ch_sa;
1841 ch_sa = ikev2_sa_get_child (sa0, d->spi,
1845 ikev2_delete_tunnel_interface (km->vnet_main,
1847 vec_add2 (resp, tmp, 1);
1848 tmp->protocol_id = d->protocol_id;
1849 tmp->spi = ch_sa->r_proposals[0].spi;
1850 ikev2_sa_del_child_sa (sa0, ch_sa);
1853 vec_free (sa0->del);
1857 len = ikev2_generate_resp (sa0, ike0);
1860 else if (ike0->exchange == IKEV2_EXCHANGE_CREATE_CHILD_SA)
1863 p = hash_get (km->per_thread_data[cpu_index].sa_by_rspi,
1864 clib_net_to_host_u64 (ike0->rspi));
1867 sa0 = pool_elt_at_index (km->per_thread_data[cpu_index].sas,
1870 r = ikev2_retransmit_resp (sa0, ike0);
1873 vlib_node_increment_counter (vm, ikev2_node.index,
1874 IKEV2_ERROR_IKE_REQ_RETRANSMIT,
1876 len = clib_net_to_host_u32 (ike0->length);
1881 vlib_node_increment_counter (vm, ikev2_node.index,
1882 IKEV2_ERROR_IKE_REQ_IGNORE,
1887 ikev2_process_create_child_sa_req (vm, sa0, ike0);
1890 if (sa0->rekey[0].protocol_id != IKEV2_PROTOCOL_IKE)
1892 ikev2_child_sa_t *child;
1893 vec_add2 (sa0->childs, child, 1);
1894 child->r_proposals = sa0->rekey[0].r_proposal;
1895 child->i_proposals = sa0->rekey[0].i_proposal;
1896 child->tsi = sa0->rekey[0].tsi;
1897 child->tsr = sa0->rekey[0].tsr;
1898 ikev2_create_tunnel_interface (km->vnet_main, sa0,
1901 len = ikev2_generate_resp (sa0, ike0);
1907 clib_warning ("IKEv2 exchange %u packet received from %U to %U",
1909 format_ip4_address, ip40->src_address.as_u8,
1910 format_ip4_address, ip40->dst_address.as_u8);
1914 /* if we are sending packet back, rewrite headers */
1917 next0 = IKEV2_NEXT_IP4_LOOKUP;
1918 ip40->dst_address.as_u32 = sa0->iaddr.as_u32;
1919 ip40->src_address.as_u32 = sa0->raddr.as_u32;
1921 clib_host_to_net_u16 (len + sizeof (udp_header_t));
1923 b0->current_length =
1924 len + sizeof (ip4_header_t) + sizeof (udp_header_t);
1925 ip40->length = clib_host_to_net_u16 (b0->current_length);
1926 ip40->checksum = ip4_header_checksum (ip40);
1929 if (sa0 && (sa0->state == IKEV2_STATE_DELETED ||
1930 sa0->state == IKEV2_STATE_NOTIFY_AND_DELETE))
1932 ikev2_child_sa_t *c;
1934 vec_foreach (c, sa0->childs)
1935 ikev2_delete_tunnel_interface (km->vnet_main, sa0, c);
1937 ikev2_delete_sa (sa0);
1939 sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_RX];
1941 if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE)
1942 && (b0->flags & VLIB_BUFFER_IS_TRACED)))
1944 ikev2_trace_t *t = vlib_add_trace (vm, node, b0, sizeof (*t));
1945 t->sw_if_index = sw_if_index0;
1946 t->next_index = next0;
1949 vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
1950 n_left_to_next, bi0, next0);
1953 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
1956 vlib_node_increment_counter (vm, ikev2_node.index,
1957 IKEV2_ERROR_PROCESSED, frame->n_vectors);
1958 return frame->n_vectors;
1962 VLIB_REGISTER_NODE (ikev2_node,static) = {
1963 .function = ikev2_node_fn,
1965 .vector_size = sizeof (u32),
1966 .format_trace = format_ikev2_trace,
1967 .type = VLIB_NODE_TYPE_INTERNAL,
1969 .n_errors = ARRAY_LEN(ikev2_error_strings),
1970 .error_strings = ikev2_error_strings,
1972 .n_next_nodes = IKEV2_N_NEXT,
1975 [IKEV2_NEXT_IP4_LOOKUP] = "ip4-lookup",
1976 [IKEV2_NEXT_ERROR_DROP] = "error-drop",
1982 static ikev2_profile_t *
1983 ikev2_profile_index_by_name (u8 * name)
1985 ikev2_main_t *km = &ikev2_main;
1988 p = mhash_get (&km->profile_index_by_name, name);
1992 return pool_elt_at_index (km->profiles, p[0]);
1996 ikev2_set_local_key (vlib_main_t * vm, u8 * file)
1998 ikev2_main_t *km = &ikev2_main;
2000 km->pkey = ikev2_load_key_file (file);
2001 if (km->pkey == NULL)
2002 return clib_error_return (0, "load key '%s' failed", file);
2008 ikev2_add_del_profile (vlib_main_t * vm, u8 * name, int is_add)
2010 ikev2_main_t *km = &ikev2_main;
2015 if (ikev2_profile_index_by_name (name))
2016 return clib_error_return (0, "policy %v already exists", name);
2018 pool_get (km->profiles, p);
2019 memset (p, 0, sizeof (*p));
2020 p->name = vec_dup (name);
2021 uword index = p - km->profiles;
2022 mhash_set_mem (&km->profile_index_by_name, name, &index, 0);
2026 p = ikev2_profile_index_by_name (name);
2028 return clib_error_return (0, "policy %v does not exists", name);
2031 pool_put (km->profiles, p);
2032 mhash_unset (&km->profile_index_by_name, name, 0);
2038 ikev2_set_profile_auth (vlib_main_t * vm, u8 * name, u8 auth_method,
2039 u8 * auth_data, u8 data_hex_format)
2044 p = ikev2_profile_index_by_name (name);
2048 r = clib_error_return (0, "unknown profile %v", name);
2051 vec_free (p->auth.data);
2052 p->auth.method = auth_method;
2053 p->auth.data = vec_dup (auth_data);
2054 p->auth.hex = data_hex_format;
2056 if (auth_method == IKEV2_AUTH_METHOD_RSA_SIG)
2058 vec_add1 (p->auth.data, 0);
2060 EVP_PKEY_free (p->auth.key);
2061 p->auth.key = ikev2_load_cert_file (auth_data);
2062 if (p->auth.key == NULL)
2063 return clib_error_return (0, "load cert '%s' failed", auth_data);
2070 ikev2_set_profile_id (vlib_main_t * vm, u8 * name, u8 id_type, u8 * data,
2076 if (id_type > IKEV2_ID_TYPE_ID_RFC822_ADDR
2077 && id_type < IKEV2_ID_TYPE_ID_KEY_ID)
2079 r = clib_error_return (0, "unsupported identity type %U",
2080 format_ikev2_id_type, id_type);
2084 p = ikev2_profile_index_by_name (name);
2088 r = clib_error_return (0, "unknown profile %v", name);
2094 vec_free (p->loc_id.data);
2095 p->loc_id.type = id_type;
2096 p->loc_id.data = vec_dup (data);
2100 vec_free (p->rem_id.data);
2101 p->rem_id.type = id_type;
2102 p->rem_id.data = vec_dup (data);
2109 ikev2_set_profile_ts (vlib_main_t * vm, u8 * name, u8 protocol_id,
2110 u16 start_port, u16 end_port, ip4_address_t start_addr,
2111 ip4_address_t end_addr, int is_local)
2116 p = ikev2_profile_index_by_name (name);
2120 r = clib_error_return (0, "unknown profile %v", name);
2126 p->loc_ts.start_addr.as_u32 = start_addr.as_u32;
2127 p->loc_ts.end_addr.as_u32 = end_addr.as_u32;
2128 p->loc_ts.start_port = start_port;
2129 p->loc_ts.end_port = end_port;
2130 p->loc_ts.protocol_id = protocol_id;
2131 p->loc_ts.ts_type = 7;
2135 p->rem_ts.start_addr.as_u32 = start_addr.as_u32;
2136 p->rem_ts.end_addr.as_u32 = end_addr.as_u32;
2137 p->rem_ts.start_port = start_port;
2138 p->rem_ts.end_port = end_port;
2139 p->rem_ts.protocol_id = protocol_id;
2140 p->rem_ts.ts_type = 7;
2148 ikev2_init (vlib_main_t * vm)
2150 ikev2_main_t *km = &ikev2_main;
2151 clib_error_t *error;
2152 vlib_thread_main_t *tm = vlib_get_thread_main ();
2155 memset (km, 0, sizeof (ikev2_main_t));
2156 km->vnet_main = vnet_get_main ();
2159 ikev2_crypto_init (km);
2161 mhash_init_vec_string (&km->profile_index_by_name, sizeof (uword));
2163 vec_validate (km->per_thread_data, tm->n_vlib_mains - 1);
2164 for (thread_id = 0; thread_id < tm->n_vlib_mains - 1; thread_id++)
2166 km->per_thread_data[thread_id].sa_by_rspi =
2167 hash_create (0, sizeof (uword));
2170 if ((error = vlib_call_init_function (vm, ikev2_cli_init)))
2173 udp_register_dst_port (vm, 500, ikev2_node.index, 1);
2181 * fd.io coding-style-patch-verification: ON
2184 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob