FD.io VPP  v18.10-32-g1161dda
Vector Packet Processing
ikev2_crypto.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2015 Cisco and/or its affiliates.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at:
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include <vlib/vlib.h>
17 #include <vnet/vnet.h>
18 #include <vnet/pg/pg.h>
19 #include <vppinfra/error.h>
20 #include <vnet/udp/udp.h>
21 #include <vnet/ipsec/ikev2.h>
22 #include <vnet/ipsec/ikev2_priv.h>
23 #include <openssl/obj_mac.h>
24 #include <openssl/ec.h>
25 #include <openssl/x509.h>
26 #include <openssl/pem.h>
27 #include <openssl/bn.h>
28 #include <openssl/dh.h>
29 
30 /* from RFC7296 */
31 static const char modp_dh_768_prime[] =
32  "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
33  "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
34  "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
35  "E485B576625E7EC6F44C42E9A63A3620FFFFFFFFFFFFFFFF";
36 static const char modp_dh_768_generator[] = "02";
37 
38 static const char modp_dh_1024_prime[] =
39  "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
40  "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
41  "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
42  "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
43  "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381" "FFFFFFFFFFFFFFFF";
44 static const char modp_dh_1024_generator[] = "02";
45 
46 /* from RFC3526 */
47 static const char modp_dh_1536_prime[] =
48  "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
49  "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
50  "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
51  "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
52  "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
53  "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
54  "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
55  "670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF";
56 static const char modp_dh_1536_generator[] = "02";
57 
58 static const char modp_dh_2048_prime[] =
59  "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
60  "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
61  "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
62  "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
63  "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
64  "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
65  "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
66  "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
67  "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
68  "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
69  "15728E5A8AACAA68FFFFFFFFFFFFFFFF";
70 static const char modp_dh_2048_generator[] = "02";
71 
72 static const char modp_dh_3072_prime[] =
73  "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
74  "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
75  "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
76  "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
77  "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
78  "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
79  "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
80  "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
81  "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
82  "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
83  "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
84  "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
85  "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
86  "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
87  "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
88  "43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF";
89 static const char modp_dh_3072_generator[] = "02";
90 
91 static const char modp_dh_4096_prime[] =
92  "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
93  "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
94  "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
95  "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
96  "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
97  "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
98  "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
99  "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
100  "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
101  "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
102  "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
103  "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
104  "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
105  "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
106  "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
107  "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7"
108  "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA"
109  "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6"
110  "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED"
111  "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9"
112  "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199" "FFFFFFFFFFFFFFFF";
113 static const char modp_dh_4096_generator[] = "02";
114 
115 static const char modp_dh_6144_prime[] =
116  "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E08"
117  "8A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B"
118  "302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9"
119  "A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE6"
120  "49286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8"
121  "FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D"
122  "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C"
123  "180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF695581718"
124  "3995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D"
125  "04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7D"
126  "B3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D226"
127  "1AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
128  "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFC"
129  "E0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B26"
130  "99C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB"
131  "04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2"
132  "233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127"
133  "D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492"
134  "36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406"
135  "AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918"
136  "DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B33205151"
137  "2BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03"
138  "F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97F"
139  "BEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA"
140  "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58B"
141  "B7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632"
142  "387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E"
143  "6DCC4024FFFFFFFFFFFFFFFF";
144 static const char modp_dh_6144_generator[] = "02";
145 
146 static const char modp_dh_8192_prime[] =
147  "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
148  "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
149  "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
150  "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
151  "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
152  "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
153  "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
154  "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
155  "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
156  "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
157  "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
158  "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
159  "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
160  "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
161  "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
162  "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7"
163  "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA"
164  "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6"
165  "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED"
166  "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9"
167  "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492"
168  "36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BD"
169  "F8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831"
170  "179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1B"
171  "DB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF"
172  "5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6"
173  "D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F3"
174  "23A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA"
175  "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE328"
176  "06A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55C"
177  "DA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE"
178  "12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E4"
179  "38777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300"
180  "741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F568"
181  "3423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD9"
182  "22222E04A4037C0713EB57A81A23F0C73473FC646CEA306B"
183  "4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A"
184  "062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A36"
185  "4597E899A0255DC164F31CC50846851DF9AB48195DED7EA1"
186  "B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F92"
187  "4009438B481C6CD7889A002ED5EE382BC9190DA6FC026E47"
188  "9558E4475677E9AA9E3050E2765694DFC81F56E880B96E71"
189  "60C980DD98EDD3DFFFFFFFFFFFFFFFFF";
190 static const char modp_dh_8192_generator[] = "02";
191 
192 /* from RFC5114 */
193 static const char modp_dh_1024_160_prime[] =
194  "B10B8F96A080E01DDE92DE5EAE5D54EC52C99FBCFB06A3C6"
195  "9A6A9DCA52D23B616073E28675A23D189838EF1E2EE652C0"
196  "13ECB4AEA906112324975C3CD49B83BFACCBDD7D90C4BD70"
197  "98488E9C219A73724EFFD6FAE5644738FAA31A4FF55BCCC0"
198  "A151AF5F0DC8B4BD45BF37DF365C1A65E68CFDA76D4DA708" "DF1FB2BC2E4A4371";
199 static const char modp_dh_1024_160_generator[] =
200  "A4D1CBD5C3FD34126765A442EFB99905F8104DD258AC507F"
201  "D6406CFF14266D31266FEA1E5C41564B777E690F5504F213"
202  "160217B4B01B886A5E91547F9E2749F4D7FBD7D3B9A92EE1"
203  "909D0D2263F80A76A6A24C087A091F531DBF0A0169B6A28A"
204  "D662A4D18E73AFA32D779D5918D08BC8858F4DCEF97C2A24" "855E6EEB22B3B2E5";
205 
206 static const char modp_dh_2048_224_prime[] =
207  "AD107E1E9123A9D0D660FAA79559C51FA20D64E5683B9FD1"
208  "B54B1597B61D0A75E6FA141DF95A56DBAF9A3C407BA1DF15"
209  "EB3D688A309C180E1DE6B85A1274A0A66D3F8152AD6AC212"
210  "9037C9EDEFDA4DF8D91E8FEF55B7394B7AD5B7D0B6C12207"
211  "C9F98D11ED34DBF6C6BA0B2C8BBC27BE6A00E0A0B9C49708"
212  "B3BF8A317091883681286130BC8985DB1602E714415D9330"
213  "278273C7DE31EFDC7310F7121FD5A07415987D9ADC0A486D"
214  "CDF93ACC44328387315D75E198C641A480CD86A1B9E587E8"
215  "BE60E69CC928B2B9C52172E413042E9B23F10B0E16E79763"
216  "C9B53DCF4BA80A29E3FB73C16B8E75B97EF363E2FFA31F71"
217  "CF9DE5384E71B81C0AC4DFFE0C10E64F";
218 static const char modp_dh_2048_224_generator[] =
219  "AC4032EF4F2D9AE39DF30B5C8FFDAC506CDEBE7B89998CAF"
220  "74866A08CFE4FFE3A6824A4E10B9A6F0DD921F01A70C4AFA"
221  "AB739D7700C29F52C57DB17C620A8652BE5E9001A8D66AD7"
222  "C17669101999024AF4D027275AC1348BB8A762D0521BC98A"
223  "E247150422EA1ED409939D54DA7460CDB5F6C6B250717CBE"
224  "F180EB34118E98D119529A45D6F834566E3025E316A330EF"
225  "BB77A86F0C1AB15B051AE3D428C8F8ACB70A8137150B8EEB"
226  "10E183EDD19963DDD9E263E4770589EF6AA21E7F5F2FF381"
227  "B539CCE3409D13CD566AFBB48D6C019181E1BCFE94B30269"
228  "EDFE72FE9B6AA4BD7B5A0F1C71CFFF4C19C418E1F6EC0179"
229  "81BC087F2A7065B384B890D3191F2BFA";
230 
231 static const char modp_dh_2048_256_prime[] =
232  "87A8E61DB4B6663CFFBBD19C651959998CEEF608660DD0F2"
233  "5D2CEED4435E3B00E00DF8F1D61957D4FAF7DF4561B2AA30"
234  "16C3D91134096FAA3BF4296D830E9A7C209E0C6497517ABD"
235  "5A8A9D306BCF67ED91F9E6725B4758C022E0B1EF4275BF7B"
236  "6C5BFC11D45F9088B941F54EB1E59BB8BC39A0BF12307F5C"
237  "4FDB70C581B23F76B63ACAE1CAA6B7902D52526735488A0E"
238  "F13C6D9A51BFA4AB3AD8347796524D8EF6A167B5A41825D9"
239  "67E144E5140564251CCACB83E6B486F6B3CA3F7971506026"
240  "C0B857F689962856DED4010ABD0BE621C3A3960A54E710C3"
241  "75F26375D7014103A4B54330C198AF126116D2276E11715F"
242  "693877FAD7EF09CADB094AE91E1A1597";
243 static const char modp_dh_2048_256_generator[] =
244  "3FB32C9B73134D0B2E77506660EDBD484CA7B18F21EF2054"
245  "07F4793A1A0BA12510DBC15077BE463FFF4FED4AAC0BB555"
246  "BE3A6C1B0C6B47B1BC3773BF7E8C6F62901228F8C28CBB18"
247  "A55AE31341000A650196F931C77A57F2DDF463E5E9EC144B"
248  "777DE62AAAB8A8628AC376D282D6ED3864E67982428EBC83"
249  "1D14348F6F2F9193B5045AF2767164E1DFC967C1FB3F2E55"
250  "A4BD1BFFE83B9C80D052B985D182EA0ADB2A3B7313D3FE14"
251  "C8484B1E052588B9B7D2BBD2DF016199ECD06E1557CD0915"
252  "B3353BBB64E0EC377FD028370DF92B52C7891428CDC67EB6"
253  "184B523D1DB246C32F63078490F00EF8D647D148D4795451"
254  "5E2327CFEF98C582664B4C0F6CC41659";
255 
256 v8 *
257 ikev2_calc_prf (ikev2_sa_transform_t * tr, v8 * key, v8 * data)
258 {
259 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
260  HMAC_CTX *ctx;
261 #else
262  HMAC_CTX ctx;
263 #endif
264  v8 *prf;
265  unsigned int len = 0;
266 
267  prf = vec_new (u8, tr->key_trunc);
268 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
269  ctx = HMAC_CTX_new ();
270  HMAC_Init_ex (ctx, key, vec_len (key), tr->md, NULL);
271  HMAC_Update (ctx, data, vec_len (data));
272  HMAC_Final (ctx, prf, &len);
273 #else
274  HMAC_CTX_init (&ctx);
275  HMAC_Init_ex (&ctx, key, vec_len (key), tr->md, NULL);
276  HMAC_Update (&ctx, data, vec_len (data));
277  HMAC_Final (&ctx, prf, &len);
278  HMAC_CTX_cleanup (&ctx);
279 #endif
280  ASSERT (len == tr->key_trunc);
281 
282  return prf;
283 }
284 
285 u8 *
286 ikev2_calc_prfplus (ikev2_sa_transform_t * tr, u8 * key, u8 * seed, int len)
287 {
288  v8 *t = 0, *s = 0, *tmp = 0, *ret = 0;
289  u8 x = 0;
290 
291  /* prf+ (K,S) = T1 | T2 | T3 | T4 | ...
292 
293  where:
294  T1 = prf (K, S | 0x01)
295  T2 = prf (K, T1 | S | 0x02)
296  T3 = prf (K, T2 | S | 0x03)
297  T4 = prf (K, T3 | S | 0x04)
298  */
299 
300  while (vec_len (ret) < len && x < 255)
301  {
302  if (t)
303  {
304  vec_append (s, t);
305  vec_free (t);
306  }
307 
308  vec_append (s, seed);
309  vec_add2 (s, tmp, 1);
310  *tmp = x + 1;
311  t = ikev2_calc_prf (tr, key, s);
312  vec_append (ret, t);
313  vec_free (s);
314  x++;
315  }
316 
317  vec_free (t);
318 
319  if (x == 255)
320  {
321  vec_free (ret);
322  }
323 
324  return ret;
325 }
326 
327 v8 *
328 ikev2_calc_integr (ikev2_sa_transform_t * tr, v8 * key, u8 * data, int len)
329 {
330  v8 *r;
331 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
332  HMAC_CTX *hctx;
333 #else
334  HMAC_CTX hctx;
335 #endif
336  unsigned int l;
337 
338  ASSERT (tr->type == IKEV2_TRANSFORM_TYPE_INTEG);
339 
340  r = vec_new (u8, tr->key_len);
341 
342  if (tr->md == EVP_sha1 ())
343  {
344  clib_warning ("integrity checking with sha1");
345  }
346  else if (tr->md == EVP_sha256 ())
347  {
348  clib_warning ("integrity checking with sha256");
349  }
350 
351  /* verify integrity of data */
352 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
353  hctx = HMAC_CTX_new ();
354  HMAC_Init_ex (hctx, key, vec_len (key), tr->md, NULL);
355  HMAC_Update (hctx, (const u8 *) data, len);
356  HMAC_Final (hctx, r, &l);
357 #else
358  HMAC_CTX_init (&hctx);
359  HMAC_Init_ex (&hctx, key, vec_len (key), tr->md, NULL);
360  HMAC_Update (&hctx, (const u8 *) data, len);
361  HMAC_Final (&hctx, r, &l);
362  HMAC_CTX_cleanup (&hctx);
363 #endif
364 
365  ASSERT (l == tr->key_len);
366 
367  return r;
368 }
369 
370 v8 *
371 ikev2_decrypt_data (ikev2_sa_t * sa, u8 * data, int len)
372 {
373 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
374  EVP_CIPHER_CTX *ctx;
375 #else
376  EVP_CIPHER_CTX ctx;
377 #endif
378  v8 *r;
379  int out_len = 0, block_size;
380  ikev2_sa_transform_t *tr_encr;
381  u8 *key = sa->is_initiator ? sa->sk_er : sa->sk_ei;
382 
383  tr_encr =
384  ikev2_sa_get_td_for_type (sa->r_proposals, IKEV2_TRANSFORM_TYPE_ENCR);
385  block_size = tr_encr->block_size;
386 
387  /* check if data is multiplier of cipher block size */
388  if (len % block_size)
389  {
390  clib_warning ("wrong data length");
391  return 0;
392  }
393 
394 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
395  ctx = EVP_CIPHER_CTX_new ();
396 #else
397  EVP_CIPHER_CTX_init (&ctx);
398 #endif
399 
400  r = vec_new (u8, len - block_size);
401 
402 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
403  EVP_DecryptInit_ex (ctx, tr_encr->cipher, NULL, key, data);
404  EVP_DecryptUpdate (ctx, r, &out_len, data + block_size, len - block_size);
405  EVP_DecryptFinal_ex (ctx, r + out_len, &out_len);
406 #else
407  EVP_DecryptInit_ex (&ctx, tr_encr->cipher, NULL, key, data);
408  EVP_DecryptUpdate (&ctx, r, &out_len, data + block_size, len - block_size);
409  EVP_DecryptFinal_ex (&ctx, r + out_len, &out_len);
410 #endif
411  /* remove padding */
412  _vec_len (r) -= r[vec_len (r) - 1] + 1;
413 
414 #if OPENSSL_VERSION_NUMBER < 0x10100000L
415  EVP_CIPHER_CTX_cleanup (&ctx);
416 #endif
417  return r;
418 }
419 
420 int
421 ikev2_encrypt_data (ikev2_sa_t * sa, v8 * src, u8 * dst)
422 {
423 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
424  EVP_CIPHER_CTX *ctx;
425 #else
426  EVP_CIPHER_CTX ctx;
427 #endif
428  int out_len;
429  int bs;
430  ikev2_sa_transform_t *tr_encr;
431  u8 *key = sa->is_initiator ? sa->sk_ei : sa->sk_er;
432 
433  tr_encr =
434  ikev2_sa_get_td_for_type (sa->r_proposals, IKEV2_TRANSFORM_TYPE_ENCR);
435  bs = tr_encr->block_size;
436 
437  /* generate IV */
438  RAND_bytes (dst, bs);
439 
440 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
441  ctx = EVP_CIPHER_CTX_new ();
442  EVP_EncryptInit_ex (ctx, tr_encr->cipher, NULL, key, dst /* dst */ );
443  EVP_EncryptUpdate (ctx, dst + bs, &out_len, src, vec_len (src));
444 #else
445  EVP_CIPHER_CTX_init (&ctx);
446  EVP_EncryptInit_ex (&ctx, tr_encr->cipher, NULL, key, dst /* dst */ );
447  EVP_EncryptUpdate (&ctx, dst + bs, &out_len, src, vec_len (src));
448  EVP_CIPHER_CTX_cleanup (&ctx);
449 #endif
450 
451  ASSERT (vec_len (src) == out_len);
452 
453  return out_len + bs;
454 }
455 
456 void
457 ikev2_generate_dh (ikev2_sa_t * sa, ikev2_sa_transform_t * t)
458 {
459  int r;
460 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
461  BIGNUM *p = BN_new ();
462  BIGNUM *q = BN_new ();
463  BIGNUM *g = BN_new ();
464  BIGNUM *pub_key = BN_new ();
465  BIGNUM *priv_key = BN_new ();
466 #endif
467 
468  if (t->dh_group == IKEV2_DH_GROUP_MODP)
469  {
470  DH *dh = DH_new ();
471 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
472  BN_hex2bn (&p, t->dh_p);
473  BN_hex2bn (&g, t->dh_g);
474  DH_set0_pqg (dh, p, q, g);
475 #else
476  BN_hex2bn (&dh->p, t->dh_p);
477  BN_hex2bn (&dh->g, t->dh_g);
478 #endif
479  DH_generate_key (dh);
480 
481  if (sa->is_initiator)
482  {
483  sa->i_dh_data = vec_new (u8, t->key_len);
484  sa->dh_private_key = vec_new (u8, t->key_len);
485 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
486  r = BN_bn2bin (pub_key, sa->i_dh_data);
487  ASSERT (r == t->key_len);
488  r = BN_bn2bin (priv_key, sa->dh_private_key);
489  DH_set0_key (dh, pub_key, priv_key);
490 #else
491  r = BN_bn2bin (dh->pub_key, sa->i_dh_data);
492  ASSERT (r == t->key_len);
493  r = BN_bn2bin (dh->priv_key, sa->dh_private_key);
494  ASSERT (r == t->key_len);
495 #endif
496  }
497  else
498  {
499  sa->r_dh_data = vec_new (u8, t->key_len);
500 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
501  r = BN_bn2bin (pub_key, sa->i_dh_data);
502  ASSERT (r == t->key_len);
503  DH_set0_key (dh, pub_key, NULL);
504 #else
505  r = BN_bn2bin (dh->pub_key, sa->r_dh_data);
506  ASSERT (r == t->key_len);
507 #endif
508  BIGNUM *ex;
509  sa->dh_shared_key = vec_new (u8, t->key_len);
510  ex = BN_bin2bn (sa->i_dh_data, vec_len (sa->i_dh_data), NULL);
511  r = DH_compute_key (sa->dh_shared_key, ex, dh);
512  ASSERT (r == t->key_len);
513  BN_clear_free (ex);
514  }
515  DH_free (dh);
516  }
517  else if (t->dh_group == IKEV2_DH_GROUP_ECP)
518  {
519  EC_KEY *ec = EC_KEY_new_by_curve_name (t->nid);
520  ASSERT (ec);
521 
522  EC_KEY_generate_key (ec);
523 
524  const EC_POINT *r_point = EC_KEY_get0_public_key (ec);
525  const EC_GROUP *group = EC_KEY_get0_group (ec);
526  BIGNUM *x = NULL, *y = NULL;
527  BN_CTX *bn_ctx = BN_CTX_new ();
528  u16 x_off, y_off, len;
529  EC_POINT *i_point = EC_POINT_new (group);
530  EC_POINT *shared_point = EC_POINT_new (group);
531 
532  x = BN_new ();
533  y = BN_new ();
534  len = t->key_len / 2;
535 
536  EC_POINT_get_affine_coordinates_GFp (group, r_point, x, y, bn_ctx);
537 
538  if (sa->is_initiator)
539  {
540  sa->i_dh_data = vec_new (u8, t->key_len);
541  x_off = len - BN_num_bytes (x);
542  memset (sa->i_dh_data, 0, x_off);
543  BN_bn2bin (x, sa->i_dh_data + x_off);
544  y_off = t->key_len - BN_num_bytes (y);
545  memset (sa->i_dh_data + len, 0, y_off - len);
546  BN_bn2bin (y, sa->i_dh_data + y_off);
547 
548  const BIGNUM *prv = EC_KEY_get0_private_key (ec);
549  sa->dh_private_key = vec_new (u8, BN_num_bytes (prv));
550  r = BN_bn2bin (prv, sa->dh_private_key);
551  ASSERT (r == BN_num_bytes (prv));
552  }
553  else
554  {
555  sa->r_dh_data = vec_new (u8, t->key_len);
556  x_off = len - BN_num_bytes (x);
557  memset (sa->r_dh_data, 0, x_off);
558  BN_bn2bin (x, sa->r_dh_data + x_off);
559  y_off = t->key_len - BN_num_bytes (y);
560  memset (sa->r_dh_data + len, 0, y_off - len);
561  BN_bn2bin (y, sa->r_dh_data + y_off);
562 
563  x = BN_bin2bn (sa->i_dh_data, len, x);
564  y = BN_bin2bn (sa->i_dh_data + len, len, y);
565  EC_POINT_set_affine_coordinates_GFp (group, i_point, x, y, bn_ctx);
566  sa->dh_shared_key = vec_new (u8, t->key_len);
567  EC_POINT_mul (group, shared_point, NULL, i_point,
568  EC_KEY_get0_private_key (ec), NULL);
569  EC_POINT_get_affine_coordinates_GFp (group, shared_point, x, y,
570  bn_ctx);
571  x_off = len - BN_num_bytes (x);
572  memset (sa->dh_shared_key, 0, x_off);
573  BN_bn2bin (x, sa->dh_shared_key + x_off);
574  y_off = t->key_len - BN_num_bytes (y);
575  memset (sa->dh_shared_key + len, 0, y_off - len);
576  BN_bn2bin (y, sa->dh_shared_key + y_off);
577  }
578 
579  EC_KEY_free (ec);
580  BN_free (x);
581  BN_free (y);
582  BN_CTX_free (bn_ctx);
583  EC_POINT_free (i_point);
584  EC_POINT_free (shared_point);
585  }
586 }
587 
588 void
589 ikev2_complete_dh (ikev2_sa_t * sa, ikev2_sa_transform_t * t)
590 {
591  int r;
592 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
593  BIGNUM *p = BN_new ();
594  BIGNUM *q = BN_new ();
595  BIGNUM *g = BN_new ();
596  BIGNUM *priv_key = BN_new ();
597 #endif
598 
599  if (t->dh_group == IKEV2_DH_GROUP_MODP)
600  {
601  DH *dh = DH_new ();
602 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
603  BN_hex2bn (&p, t->dh_p);
604  BN_hex2bn (&g, t->dh_g);
605  DH_set0_pqg (dh, p, q, g);
606 
607  priv_key =
608  BN_bin2bn (sa->dh_private_key, vec_len (sa->dh_private_key), NULL);
609  DH_set0_key (dh, NULL, priv_key);
610 #else
611  BN_hex2bn (&dh->p, t->dh_p);
612  BN_hex2bn (&dh->g, t->dh_g);
613 
614  dh->priv_key =
615  BN_bin2bn (sa->dh_private_key, vec_len (sa->dh_private_key), NULL);
616 #endif
617  BIGNUM *ex;
618  sa->dh_shared_key = vec_new (u8, t->key_len);
619  ex = BN_bin2bn (sa->r_dh_data, vec_len (sa->r_dh_data), NULL);
620  r = DH_compute_key (sa->dh_shared_key, ex, dh);
621  ASSERT (r == t->key_len);
622  BN_clear_free (ex);
623  DH_free (dh);
624  }
625  else if (t->dh_group == IKEV2_DH_GROUP_ECP)
626  {
627  EC_KEY *ec = EC_KEY_new_by_curve_name (t->nid);
628  ASSERT (ec);
629 
630  const EC_GROUP *group = EC_KEY_get0_group (ec);
631  BIGNUM *x = NULL, *y = NULL;
632  BN_CTX *bn_ctx = BN_CTX_new ();
633  u16 x_off, y_off, len;
634  BIGNUM *prv;
635 
636  prv =
637  BN_bin2bn (sa->dh_private_key, vec_len (sa->dh_private_key), NULL);
638  EC_KEY_set_private_key (ec, prv);
639 
640  x = BN_new ();
641  y = BN_new ();
642  len = t->key_len / 2;
643 
644  x = BN_bin2bn (sa->r_dh_data, len, x);
645  y = BN_bin2bn (sa->r_dh_data + len, len, y);
646  EC_POINT *r_point = EC_POINT_new (group);
647  EC_POINT_set_affine_coordinates_GFp (group, r_point, x, y, bn_ctx);
648  EC_KEY_set_public_key (ec, r_point);
649 
650  EC_POINT *i_point = EC_POINT_new (group);
651  EC_POINT *shared_point = EC_POINT_new (group);
652 
653  x = BN_bin2bn (sa->i_dh_data, len, x);
654  y = BN_bin2bn (sa->i_dh_data + len, len, y);
655  EC_POINT_set_affine_coordinates_GFp (group, i_point, x, y, bn_ctx);
656  EC_POINT_mul (group, shared_point, NULL, r_point,
657  EC_KEY_get0_private_key (ec), NULL);
658  EC_POINT_get_affine_coordinates_GFp (group, shared_point, x, y, bn_ctx);
659  sa->dh_shared_key = vec_new (u8, t->key_len);
660  x_off = len - BN_num_bytes (x);
661  memset (sa->dh_shared_key, 0, x_off);
662  BN_bn2bin (x, sa->dh_shared_key + x_off);
663  y_off = t->key_len - BN_num_bytes (y);
664  memset (sa->dh_shared_key + len, 0, y_off - len);
665  BN_bn2bin (y, sa->dh_shared_key + y_off);
666 
667  EC_KEY_free (ec);
668  BN_free (x);
669  BN_free (y);
670  BN_free (prv);
671  BN_CTX_free (bn_ctx);
672  EC_POINT_free (i_point);
673  EC_POINT_free (r_point);
674  EC_POINT_free (shared_point);
675  }
676 }
677 
678 int
679 ikev2_verify_sign (EVP_PKEY * pkey, u8 * sigbuf, u8 * data)
680 {
681 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
682  EVP_MD_CTX *md_ctx = EVP_MD_CTX_new ();
683 #else
684  EVP_MD_CTX md_ctx;
685  EVP_MD_CTX_init (&md_ctx);
686 #endif
687 
688 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
689  EVP_VerifyInit (md_ctx, EVP_sha1 ());
690  EVP_VerifyUpdate (md_ctx, data, vec_len (data));
691 #else
692  EVP_VerifyInit_ex (&md_ctx, EVP_sha1 (), NULL);
693  EVP_VerifyUpdate (&md_ctx, data, vec_len (data));
694 #endif
695 
696 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
697  return EVP_VerifyFinal (md_ctx, sigbuf, vec_len (sigbuf), pkey);
698 #else
699  return EVP_VerifyFinal (&md_ctx, sigbuf, vec_len (sigbuf), pkey);
700 #endif
701 }
702 
703 u8 *
704 ikev2_calc_sign (EVP_PKEY * pkey, u8 * data)
705 {
706 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
707  EVP_MD_CTX *md_ctx = EVP_MD_CTX_new ();
708 #else
709  EVP_MD_CTX md_ctx;
710 #endif
711  unsigned int sig_len = 0;
712  u8 *sign;
713 
714 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
715  EVP_SignInit (md_ctx, EVP_sha1 ());
716  EVP_SignUpdate (md_ctx, data, vec_len (data));
717  /* get sign len */
718  EVP_SignFinal (md_ctx, NULL, &sig_len, pkey);
719  sign = vec_new (u8, sig_len);
720  /* calc sign */
721  EVP_SignFinal (md_ctx, sign, &sig_len, pkey);
722 #else
723  EVP_SignInit (&md_ctx, EVP_sha1 ());
724  EVP_SignUpdate (&md_ctx, data, vec_len (data));
725  /* get sign len */
726  EVP_SignFinal (&md_ctx, NULL, &sig_len, pkey);
727  sign = vec_new (u8, sig_len);
728  /* calc sign */
729  EVP_SignFinal (&md_ctx, sign, &sig_len, pkey);
730 #endif
731  return sign;
732 }
733 
734 EVP_PKEY *
735 ikev2_load_cert_file (u8 * file)
736 {
737  FILE *fp;
738  X509 *x509;
739  EVP_PKEY *pkey = NULL;
740 
741  fp = fopen ((char *) file, "r");
742  if (!fp)
743  {
744  clib_warning ("open %s failed", file);
745  goto end;
746  }
747 
748  x509 = PEM_read_X509 (fp, NULL, NULL, NULL);
749  fclose (fp);
750  if (x509 == NULL)
751  {
752  clib_warning ("read cert %s failed", file);
753  goto end;
754  }
755 
756  pkey = X509_get_pubkey (x509);
757  if (pkey == NULL)
758  clib_warning ("get pubkey %s failed", file);
759 
760 end:
761  return pkey;
762 }
763 
764 EVP_PKEY *
765 ikev2_load_key_file (u8 * file)
766 {
767  FILE *fp;
768  EVP_PKEY *pkey = NULL;
769 
770  fp = fopen ((char *) file, "r");
771  if (!fp)
772  {
773  clib_warning ("open %s failed", file);
774  goto end;
775  }
776 
777  pkey = PEM_read_PrivateKey (fp, NULL, NULL, NULL);
778  fclose (fp);
779  if (pkey == NULL)
780  clib_warning ("read %s failed", file);
781 
782 end:
783  return pkey;
784 }
785 
786 void
787 ikev2_crypto_init (ikev2_main_t * km)
788 {
789  ikev2_sa_transform_t *tr;
790 
791  /* vector of supported transforms - in order of preference */
792 
793  //Encryption
794 
795  vec_add2 (km->supported_transforms, tr, 1);
796  tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
797  tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
798  tr->key_len = 256 / 8;
799  tr->block_size = 128 / 8;
800  tr->cipher = EVP_aes_256_cbc ();
801 
802  vec_add2 (km->supported_transforms, tr, 1);
803  tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
804  tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
805  tr->key_len = 192 / 8;
806  tr->block_size = 128 / 8;
807  tr->cipher = EVP_aes_192_cbc ();
808 
809  vec_add2 (km->supported_transforms, tr, 1);
810  tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
811  tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
812  tr->key_len = 128 / 8;
813  tr->block_size = 128 / 8;
814  tr->cipher = EVP_aes_128_cbc ();
815 
816  //PRF
817  vec_add2 (km->supported_transforms, tr, 1);
818  tr->type = IKEV2_TRANSFORM_TYPE_PRF;
819  tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA2_256;
820  tr->key_len = 256 / 8;
821  tr->key_trunc = 256 / 8;
822  tr->md = EVP_sha256 ();
823 
824  vec_add2 (km->supported_transforms, tr, 1);
825  tr->type = IKEV2_TRANSFORM_TYPE_PRF;
826  tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA2_384;
827  tr->key_len = 384 / 8;
828  tr->key_trunc = 384 / 8;
829  tr->md = EVP_sha384 ();
830 
831  vec_add2 (km->supported_transforms, tr, 1);
832  tr->type = IKEV2_TRANSFORM_TYPE_PRF;
833  tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA2_512;
834  tr->key_len = 512 / 8;
835  tr->key_trunc = 512 / 8;
836  tr->md = EVP_sha512 ();
837 
838  vec_add2 (km->supported_transforms, tr, 1);
839  tr->type = IKEV2_TRANSFORM_TYPE_PRF;
840  tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA1;
841  tr->key_len = 160 / 8;
842  tr->key_trunc = 160 / 8;
843  tr->md = EVP_sha1 ();
844 
845  //Integrity
846  vec_add2 (km->supported_transforms, tr, 1);
847  tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
848  tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA2_256_128;
849  tr->key_len = 256 / 8;
850  tr->key_trunc = 128 / 8;
851  tr->md = EVP_sha256 ();
852 
853  vec_add2 (km->supported_transforms, tr, 1);
854  tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
855  tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA2_384_192;
856  tr->key_len = 384 / 8;
857  tr->key_trunc = 192 / 8;
858  tr->md = EVP_sha384 ();
859 
860  vec_add2 (km->supported_transforms, tr, 1);
861  tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
862  tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA2_512_256;
863  tr->key_len = 512 / 8;
864  tr->key_trunc = 256 / 8;
865  tr->md = EVP_sha512 ();
866 
867  vec_add2 (km->supported_transforms, tr, 1);
868  tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
869  tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA1_160;
870  tr->key_len = 160 / 8;
871  tr->key_trunc = 160 / 8;
872  tr->md = EVP_sha1 ();
873 
874  vec_add2 (km->supported_transforms, tr, 1);
875  tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
876  tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA1_96;
877  tr->key_len = 160 / 8;
878  tr->key_trunc = 96 / 8;
879  tr->md = EVP_sha1 ();
880 
881 
882 #if defined(OPENSSL_NO_CISCO_FECDH)
883  vec_add2 (km->supported_transforms, tr, 1);
884  tr->type = IKEV2_TRANSFORM_TYPE_DH;
885  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_512;
886  tr->key_len = (512 * 2) / 8;
887  tr->nid = NID_brainpoolP512r1;
888  tr->dh_group = IKEV2_DH_GROUP_ECP;
889 
890  vec_add2 (km->supported_transforms, tr, 1);
891  tr->type = IKEV2_TRANSFORM_TYPE_DH;
892  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_384;
893  tr->key_len = (384 * 2) / 8;
894  tr->nid = NID_brainpoolP384r1;
895  tr->dh_group = IKEV2_DH_GROUP_ECP;
896 
897  vec_add2 (km->supported_transforms, tr, 1);
898  tr->type = IKEV2_TRANSFORM_TYPE_DH;
899  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_256;
900  tr->key_len = (256 * 2) / 8;
901  tr->nid = NID_brainpoolP256r1;
902  tr->dh_group = IKEV2_DH_GROUP_ECP;
903 
904  vec_add2 (km->supported_transforms, tr, 1);
905  tr->type = IKEV2_TRANSFORM_TYPE_DH;
906  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_224;
907  tr->key_len = (224 * 2) / 8;
908  tr->nid = NID_brainpoolP224r1;
909  tr->dh_group = IKEV2_DH_GROUP_ECP;
910 
911  vec_add2 (km->supported_transforms, tr, 1);
912  tr->type = IKEV2_TRANSFORM_TYPE_DH;
913  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_224;
914  tr->key_len = (224 * 2) / 8;
915  tr->nid = NID_secp224r1;
916  tr->dh_group = IKEV2_DH_GROUP_ECP;
917 #endif
918 
919  vec_add2 (km->supported_transforms, tr, 1);
920  tr->type = IKEV2_TRANSFORM_TYPE_DH;
921  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_521;
922  tr->key_len = (528 * 2) / 8;
923  tr->nid = NID_secp521r1;
924  tr->dh_group = IKEV2_DH_GROUP_ECP;
925 
926  vec_add2 (km->supported_transforms, tr, 1);
927  tr->type = IKEV2_TRANSFORM_TYPE_DH;
928  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_384;
929  tr->key_len = (384 * 2) / 8;
930  tr->nid = NID_secp384r1;
931  tr->dh_group = IKEV2_DH_GROUP_ECP;
932 
933  vec_add2 (km->supported_transforms, tr, 1);
934  tr->type = IKEV2_TRANSFORM_TYPE_DH;
935  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_256;
936  tr->key_len = (256 * 2) / 8;
937  tr->nid = NID_X9_62_prime256v1;
938  tr->dh_group = IKEV2_DH_GROUP_ECP;
939 
940  vec_add2 (km->supported_transforms, tr, 1);
941  tr->type = IKEV2_TRANSFORM_TYPE_DH;
942  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_192;
943  tr->key_len = (192 * 2) / 8;
944  tr->nid = NID_X9_62_prime192v1;
945  tr->dh_group = IKEV2_DH_GROUP_ECP;
946 
947  vec_add2 (km->supported_transforms, tr, 1);
948  tr->type = IKEV2_TRANSFORM_TYPE_DH;
949  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048_256;
950  tr->key_len = 2048 / 8;
951  tr->dh_p = (const char *) &modp_dh_2048_256_prime;
952  tr->dh_g = (const char *) &modp_dh_2048_256_generator;
953  tr->dh_group = IKEV2_DH_GROUP_MODP;
954 
955  vec_add2 (km->supported_transforms, tr, 1);
956  tr->type = IKEV2_TRANSFORM_TYPE_DH;
957  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048_224;
958  tr->key_len = 2048 / 8;
959  tr->dh_p = (const char *) &modp_dh_2048_224_prime;
960  tr->dh_g = (const char *) &modp_dh_2048_224_generator;
961  tr->dh_group = IKEV2_DH_GROUP_MODP;
962 
963  vec_add2 (km->supported_transforms, tr, 1);
964  tr->type = IKEV2_TRANSFORM_TYPE_DH;
965  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1024_160;
966  tr->key_len = 1024 / 8;
967  tr->dh_p = (const char *) &modp_dh_1024_160_prime;
968  tr->dh_g = (const char *) &modp_dh_1024_160_generator;
969  tr->dh_group = IKEV2_DH_GROUP_MODP;
970 
971  vec_add2 (km->supported_transforms, tr, 1);
972  tr->type = IKEV2_TRANSFORM_TYPE_DH;
973  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_8192;
974  tr->key_len = 8192 / 8;
975  tr->dh_p = (const char *) &modp_dh_8192_prime;
976  tr->dh_g = (const char *) &modp_dh_8192_generator;
977  tr->dh_group = IKEV2_DH_GROUP_MODP;
978 
979  vec_add2 (km->supported_transforms, tr, 1);
980  tr->type = IKEV2_TRANSFORM_TYPE_DH;
981  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_6144;
982  tr->key_len = 6144 / 8;
983  tr->dh_p = (const char *) &modp_dh_6144_prime;
984  tr->dh_g = (const char *) &modp_dh_6144_generator;
985  tr->dh_group = IKEV2_DH_GROUP_MODP;
986 
987  vec_add2 (km->supported_transforms, tr, 1);
988  tr->type = IKEV2_TRANSFORM_TYPE_DH;
989  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_4096;
990  tr->key_len = 4096 / 8;
991  tr->dh_p = (const char *) &modp_dh_4096_prime;
992  tr->dh_g = (const char *) &modp_dh_4096_generator;
993  tr->dh_group = IKEV2_DH_GROUP_MODP;
994 
995  vec_add2 (km->supported_transforms, tr, 1);
996  tr->type = IKEV2_TRANSFORM_TYPE_DH;
997  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_3072;
998  tr->key_len = 3072 / 8;
999  tr->dh_p = (const char *) &modp_dh_3072_prime;
1000  tr->dh_g = (const char *) &modp_dh_3072_generator;
1001  tr->dh_group = IKEV2_DH_GROUP_MODP;
1002 
1003  vec_add2 (km->supported_transforms, tr, 1);
1004  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1005  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048;
1006  tr->key_len = 2048 / 8;
1007  tr->dh_p = (const char *) &modp_dh_2048_prime;
1008  tr->dh_g = (const char *) &modp_dh_2048_generator;
1009  tr->dh_group = IKEV2_DH_GROUP_MODP;
1010 
1011  vec_add2 (km->supported_transforms, tr, 1);
1012  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1013  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1536;
1014  tr->key_len = 1536 / 8;
1015  tr->dh_p = (const char *) &modp_dh_1536_prime;
1016  tr->dh_g = (const char *) &modp_dh_1536_generator;
1017  tr->dh_group = IKEV2_DH_GROUP_MODP;
1018 
1019  vec_add2 (km->supported_transforms, tr, 1);
1020  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1021  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1024;
1022  tr->key_len = 1024 / 8;
1023  tr->dh_p = (const char *) &modp_dh_1024_prime;
1024  tr->dh_g = (const char *) &modp_dh_1024_generator;
1025  tr->dh_group = IKEV2_DH_GROUP_MODP;
1026 
1027  vec_add2 (km->supported_transforms, tr, 1);
1028  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1029  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_768;
1030  tr->key_len = 768 / 8;
1031  tr->dh_p = (const char *) &modp_dh_768_prime;
1032  tr->dh_g = (const char *) &modp_dh_768_generator;
1033  tr->dh_group = IKEV2_DH_GROUP_MODP;
1034 
1035  vec_add2 (km->supported_transforms, tr, 1);
1036  tr->type = IKEV2_TRANSFORM_TYPE_ESN;
1037  tr->esn_type = IKEV2_TRANSFORM_ESN_TYPE_ESN;
1038 
1039  vec_add2 (km->supported_transforms, tr, 1);
1040  tr->type = IKEV2_TRANSFORM_TYPE_ESN;
1041  tr->esn_type = IKEV2_TRANSFORM_ESN_TYPE_NO_ESN;
1042 }
1043 
1044 
1045 
1046 /*
1047  * fd.io coding-style-patch-verification: ON
1048  *
1049  * Local Variables:
1050  * eval: (c-set-style "gnu")
1051  * End:
1052  */
ikev2_sa_t::dh_shared_key
u8 * dh_shared_key
Definition: ikev2_priv.h:211
ikev2_sa_t::dh_private_key
u8 * dh_private_key
Definition: ikev2_priv.h:212
ikev2_sa_transform_t::type
ikev2_transform_type_t type
Definition: ikev2_priv.h:69
modp_dh_1536_prime
static const char modp_dh_1536_prime[]
Definition: ikev2_crypto.c:47
src
vl_api_address_t src
Definition: vxlan_gbp.api:33
modp_dh_3072_generator
static const char modp_dh_3072_generator[]
Definition: ikev2_crypto.c:89
IKEV2_DH_GROUP_ECP
Definition: ikev2_priv.h:64
modp_dh_8192_prime
static const char modp_dh_8192_prime[]
Definition: ikev2_crypto.c:146
modp_dh_4096_prime
static const char modp_dh_4096_prime[]
Definition: ikev2_crypto.c:91
v8
u8 v8
Definition: ikev2.h:27
ikev2_sa_transform_t::block_size
u16 block_size
Definition: ikev2_priv.h:82
NULL
#define NULL
Definition: clib.h:57
ikev2_calc_prf
v8 * ikev2_calc_prf(ikev2_sa_transform_t *tr, v8 *key, v8 *data)
Definition: ikev2_crypto.c:257
modp_dh_8192_generator
static const char modp_dh_8192_generator[]
Definition: ikev2_crypto.c:190
ikev2_sa_transform_t::esn_type
ikev2_transform_esn_type_t esn_type
Definition: ikev2_priv.h:77
modp_dh_768_generator
static const char modp_dh_768_generator[]
Definition: ikev2_crypto.c:36
vec_add2
#define vec_add2(V, P, N)
Add N elements to end of vector V, return pointer to new elements in P.
Definition: vec.h:562
modp_dh_1024_prime
static const char modp_dh_1024_prime[]
Definition: ikev2_crypto.c:38
u8
unsigned char u8
Definition: types.h:56
ikev2_sa_get_td_for_type
ikev2_sa_transform_t * ikev2_sa_get_td_for_type(ikev2_sa_proposal_t *p, ikev2_transform_type_t type)
Definition: ikev2.c:192
ikev2_sa_transform_t::nid
int nid
Definition: ikev2_priv.h:84
modp_dh_6144_prime
static const char modp_dh_6144_prime[]
Definition: ikev2_crypto.c:115
ikev2_encrypt_data
int ikev2_encrypt_data(ikev2_sa_t *sa, v8 *src, u8 *dst)
Definition: ikev2_crypto.c:421
modp_dh_768_prime
static const char modp_dh_768_prime[]
Definition: ikev2_crypto.c:31
ikev2_main_t
Definition: ikev2_priv.h:268
memset
memset(h->entries, 0, sizeof(h->entries[0])*entries)
ikev2_generate_dh
void ikev2_generate_dh(ikev2_sa_t *sa, ikev2_sa_transform_t *t)
Definition: ikev2_crypto.c:457
ikev2_load_cert_file
EVP_PKEY * ikev2_load_cert_file(u8 *file)
Definition: ikev2_crypto.c:735
vec_new
#define vec_new(T, N)
Create new vector of given type and length (unspecified alignment, no header).
Definition: vec.h:309
ikev2_load_key_file
EVP_PKEY * ikev2_load_key_file(u8 *file)
Definition: ikev2_crypto.c:765
modp_dh_1024_160_prime
static const char modp_dh_1024_160_prime[]
Definition: ikev2_crypto.c:193
ikev2_sa_t::r_dh_data
u8 * r_dh_data
Definition: ikev2_priv.h:214
ikev2_calc_prfplus
u8 * ikev2_calc_prfplus(ikev2_sa_transform_t *tr, u8 *key, u8 *seed, int len)
Definition: ikev2_crypto.c:286
modp_dh_1024_generator
static const char modp_dh_1024_generator[]
Definition: ikev2_crypto.c:44
ikev2_sa_t::i_dh_data
u8 * i_dh_data
Definition: ikev2_priv.h:213
ctx
long ctx[MAX_CONNS]
Definition: main.c:144
modp_dh_2048_256_prime
static const char modp_dh_2048_256_prime[]
Definition: ikev2_crypto.c:231
u16
unsigned short u16
Definition: types.h:57
IKEV2_DH_GROUP_MODP
Definition: ikev2_priv.h:63
ikev2_main_t::supported_transforms
ikev2_sa_transform_t * supported_transforms
Definition: ikev2_priv.h:274
ikev2_sa_transform_t::dh_group
u8 dh_group
Definition: ikev2_priv.h:83
ikev2_verify_sign
int ikev2_verify_sign(EVP_PKEY *pkey, u8 *sigbuf, u8 *data)
Definition: ikev2_crypto.c:679
ikev2_sa_transform_t
Definition: ikev2_priv.h:67
modp_dh_1536_generator
static const char modp_dh_1536_generator[]
Definition: ikev2_crypto.c:56
ikev2_sa_t::sk_ei
u8 * sk_ei
Definition: ikev2_priv.h:224
modp_dh_3072_prime
static const char modp_dh_3072_prime[]
Definition: ikev2_crypto.c:72
ikev2_sa_transform_t::dh_type
ikev2_transform_dh_type_t dh_type
Definition: ikev2_priv.h:76
ikev2_sa_t
Definition: ikev2_priv.h:197
dst
vl_api_address_t dst
Definition: vxlan_gbp.api:34
vec_free
#define vec_free(V)
Free vector&#39;s memory (no header).
Definition: vec.h:339
clib_warning
#define clib_warning(format, args...)
Definition: error.h:59
ikev2_sa_t::sk_er
u8 * sk_er
Definition: ikev2_priv.h:225
ikev2_sa_t::is_initiator
u8 is_initiator
Definition: ikev2_priv.h:251
ikev2_sa_transform_t::cipher
const void * cipher
Definition: ikev2_priv.h:88
ikev2_priv.h
ikev2_sa_t::r_proposals
ikev2_sa_proposal_t * r_proposals
Definition: ikev2_priv.h:218
modp_dh_2048_generator
static const char modp_dh_2048_generator[]
Definition: ikev2_crypto.c:70
ASSERT
#define ASSERT(truth)
Definition: error_bootstrap.h:69
modp_dh_6144_generator
static const char modp_dh_6144_generator[]
Definition: ikev2_crypto.c:144
ikev2_complete_dh
void ikev2_complete_dh(ikev2_sa_t *sa, ikev2_sa_transform_t *t)
Definition: ikev2_crypto.c:589
vec_append
#define vec_append(v1, v2)
Append v2 after v1.
Definition: vec.h:820
ikev2_sa_transform_t::dh_p
const char * dh_p
Definition: ikev2_priv.h:85
modp_dh_1024_160_generator
static const char modp_dh_1024_160_generator[]
Definition: ikev2_crypto.c:199
ikev2_sa_transform_t::md
const void * md
Definition: ikev2_priv.h:87
ikev2_sa_transform_t::encr_type
ikev2_transform_encr_type_t encr_type
Definition: ikev2_priv.h:73
ikev2_sa_transform_t::dh_g
const char * dh_g
Definition: ikev2_priv.h:86
ikev2_sa_transform_t::integ_type
ikev2_transform_integ_type_t integ_type
Definition: ikev2_priv.h:75
modp_dh_4096_generator
static const char modp_dh_4096_generator[]
Definition: ikev2_crypto.c:113
ikev2_sa_transform_t::key_len
u16 key_len
Definition: ikev2_priv.h:80
modp_dh_2048_prime
static const char modp_dh_2048_prime[]
Definition: ikev2_crypto.c:58
vec_len
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
Definition: vec_bootstrap.h:143
ikev2_sa_transform_t::prf_type
ikev2_transform_prf_type_t prf_type
Definition: ikev2_priv.h:74
modp_dh_2048_224_generator
static const char modp_dh_2048_224_generator[]
Definition: ikev2_crypto.c:218
modp_dh_2048_256_generator
static const char modp_dh_2048_256_generator[]
Definition: ikev2_crypto.c:243
ikev2_crypto_init
void ikev2_crypto_init(ikev2_main_t *km)
Definition: ikev2_crypto.c:787
ikev2_decrypt_data
v8 * ikev2_decrypt_data(ikev2_sa_t *sa, u8 *data, int len)
Definition: ikev2_crypto.c:371
ikev2_calc_sign
u8 * ikev2_calc_sign(EVP_PKEY *pkey, u8 *data)
Definition: ikev2_crypto.c:704
ikev2_calc_integr
v8 * ikev2_calc_integr(ikev2_sa_transform_t *tr, v8 *key, u8 *data, int len)
Definition: ikev2_crypto.c:328
modp_dh_2048_224_prime
static const char modp_dh_2048_224_prime[]
Definition: ikev2_crypto.c:206
ikev2_sa_transform_t::key_trunc
u16 key_trunc
Definition: ikev2_priv.h:81