FD.io VPP  v19.08-27-gf4dcae4
Vector Packet Processing
ikev2_crypto.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2015 Cisco and/or its affiliates.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at:
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include <vlib/vlib.h>
17 #include <vnet/vnet.h>
18 #include <vnet/pg/pg.h>
19 #include <vppinfra/error.h>
20 #include <vnet/udp/udp.h>
21 #include <plugins/ikev2/ikev2.h>
22 #include <plugins/ikev2/ikev2_priv.h>
23 #include <openssl/obj_mac.h>
24 #include <openssl/ec.h>
25 #include <openssl/x509.h>
26 #include <openssl/pem.h>
27 #include <openssl/bn.h>
28 #include <openssl/dh.h>
29 
30 /* from RFC7296 */
31 static const char modp_dh_768_prime[] =
32  "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
33  "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
34  "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
35  "E485B576625E7EC6F44C42E9A63A3620FFFFFFFFFFFFFFFF";
36 static const char modp_dh_768_generator[] = "02";
37 
38 static const char modp_dh_1024_prime[] =
39  "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
40  "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
41  "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
42  "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
43  "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381" "FFFFFFFFFFFFFFFF";
44 static const char modp_dh_1024_generator[] = "02";
45 
46 /* from RFC3526 */
47 static const char modp_dh_1536_prime[] =
48  "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
49  "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
50  "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
51  "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
52  "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
53  "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
54  "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
55  "670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF";
56 static const char modp_dh_1536_generator[] = "02";
57 
58 static const char modp_dh_2048_prime[] =
59  "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
60  "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
61  "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
62  "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
63  "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
64  "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
65  "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
66  "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
67  "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
68  "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
69  "15728E5A8AACAA68FFFFFFFFFFFFFFFF";
70 static const char modp_dh_2048_generator[] = "02";
71 
72 static const char modp_dh_3072_prime[] =
73  "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
74  "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
75  "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
76  "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
77  "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
78  "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
79  "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
80  "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
81  "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
82  "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
83  "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
84  "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
85  "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
86  "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
87  "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
88  "43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF";
89 static const char modp_dh_3072_generator[] = "02";
90 
91 static const char modp_dh_4096_prime[] =
92  "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
93  "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
94  "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
95  "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
96  "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
97  "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
98  "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
99  "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
100  "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
101  "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
102  "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
103  "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
104  "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
105  "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
106  "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
107  "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7"
108  "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA"
109  "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6"
110  "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED"
111  "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9"
112  "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199" "FFFFFFFFFFFFFFFF";
113 static const char modp_dh_4096_generator[] = "02";
114 
115 static const char modp_dh_6144_prime[] =
116  "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E08"
117  "8A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B"
118  "302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9"
119  "A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE6"
120  "49286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8"
121  "FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D"
122  "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C"
123  "180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF695581718"
124  "3995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D"
125  "04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7D"
126  "B3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D226"
127  "1AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
128  "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFC"
129  "E0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B26"
130  "99C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB"
131  "04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2"
132  "233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127"
133  "D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492"
134  "36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406"
135  "AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918"
136  "DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B33205151"
137  "2BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03"
138  "F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97F"
139  "BEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA"
140  "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58B"
141  "B7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632"
142  "387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E"
143  "6DCC4024FFFFFFFFFFFFFFFF";
144 static const char modp_dh_6144_generator[] = "02";
145 
146 static const char modp_dh_8192_prime[] =
147  "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
148  "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
149  "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
150  "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
151  "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
152  "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
153  "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
154  "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
155  "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
156  "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
157  "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
158  "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
159  "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
160  "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
161  "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
162  "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7"
163  "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA"
164  "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6"
165  "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED"
166  "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9"
167  "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492"
168  "36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BD"
169  "F8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831"
170  "179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1B"
171  "DB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF"
172  "5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6"
173  "D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F3"
174  "23A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA"
175  "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE328"
176  "06A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55C"
177  "DA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE"
178  "12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E4"
179  "38777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300"
180  "741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F568"
181  "3423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD9"
182  "22222E04A4037C0713EB57A81A23F0C73473FC646CEA306B"
183  "4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A"
184  "062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A36"
185  "4597E899A0255DC164F31CC50846851DF9AB48195DED7EA1"
186  "B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F92"
187  "4009438B481C6CD7889A002ED5EE382BC9190DA6FC026E47"
188  "9558E4475677E9AA9E3050E2765694DFC81F56E880B96E71"
189  "60C980DD98EDD3DFFFFFFFFFFFFFFFFF";
190 static const char modp_dh_8192_generator[] = "02";
191 
192 /* from RFC5114 */
193 static const char modp_dh_1024_160_prime[] =
194  "B10B8F96A080E01DDE92DE5EAE5D54EC52C99FBCFB06A3C6"
195  "9A6A9DCA52D23B616073E28675A23D189838EF1E2EE652C0"
196  "13ECB4AEA906112324975C3CD49B83BFACCBDD7D90C4BD70"
197  "98488E9C219A73724EFFD6FAE5644738FAA31A4FF55BCCC0"
198  "A151AF5F0DC8B4BD45BF37DF365C1A65E68CFDA76D4DA708" "DF1FB2BC2E4A4371";
199 static const char modp_dh_1024_160_generator[] =
200  "A4D1CBD5C3FD34126765A442EFB99905F8104DD258AC507F"
201  "D6406CFF14266D31266FEA1E5C41564B777E690F5504F213"
202  "160217B4B01B886A5E91547F9E2749F4D7FBD7D3B9A92EE1"
203  "909D0D2263F80A76A6A24C087A091F531DBF0A0169B6A28A"
204  "D662A4D18E73AFA32D779D5918D08BC8858F4DCEF97C2A24" "855E6EEB22B3B2E5";
205 
206 static const char modp_dh_2048_224_prime[] =
207  "AD107E1E9123A9D0D660FAA79559C51FA20D64E5683B9FD1"
208  "B54B1597B61D0A75E6FA141DF95A56DBAF9A3C407BA1DF15"
209  "EB3D688A309C180E1DE6B85A1274A0A66D3F8152AD6AC212"
210  "9037C9EDEFDA4DF8D91E8FEF55B7394B7AD5B7D0B6C12207"
211  "C9F98D11ED34DBF6C6BA0B2C8BBC27BE6A00E0A0B9C49708"
212  "B3BF8A317091883681286130BC8985DB1602E714415D9330"
213  "278273C7DE31EFDC7310F7121FD5A07415987D9ADC0A486D"
214  "CDF93ACC44328387315D75E198C641A480CD86A1B9E587E8"
215  "BE60E69CC928B2B9C52172E413042E9B23F10B0E16E79763"
216  "C9B53DCF4BA80A29E3FB73C16B8E75B97EF363E2FFA31F71"
217  "CF9DE5384E71B81C0AC4DFFE0C10E64F";
218 static const char modp_dh_2048_224_generator[] =
219  "AC4032EF4F2D9AE39DF30B5C8FFDAC506CDEBE7B89998CAF"
220  "74866A08CFE4FFE3A6824A4E10B9A6F0DD921F01A70C4AFA"
221  "AB739D7700C29F52C57DB17C620A8652BE5E9001A8D66AD7"
222  "C17669101999024AF4D027275AC1348BB8A762D0521BC98A"
223  "E247150422EA1ED409939D54DA7460CDB5F6C6B250717CBE"
224  "F180EB34118E98D119529A45D6F834566E3025E316A330EF"
225  "BB77A86F0C1AB15B051AE3D428C8F8ACB70A8137150B8EEB"
226  "10E183EDD19963DDD9E263E4770589EF6AA21E7F5F2FF381"
227  "B539CCE3409D13CD566AFBB48D6C019181E1BCFE94B30269"
228  "EDFE72FE9B6AA4BD7B5A0F1C71CFFF4C19C418E1F6EC0179"
229  "81BC087F2A7065B384B890D3191F2BFA";
230 
231 static const char modp_dh_2048_256_prime[] =
232  "87A8E61DB4B6663CFFBBD19C651959998CEEF608660DD0F2"
233  "5D2CEED4435E3B00E00DF8F1D61957D4FAF7DF4561B2AA30"
234  "16C3D91134096FAA3BF4296D830E9A7C209E0C6497517ABD"
235  "5A8A9D306BCF67ED91F9E6725B4758C022E0B1EF4275BF7B"
236  "6C5BFC11D45F9088B941F54EB1E59BB8BC39A0BF12307F5C"
237  "4FDB70C581B23F76B63ACAE1CAA6B7902D52526735488A0E"
238  "F13C6D9A51BFA4AB3AD8347796524D8EF6A167B5A41825D9"
239  "67E144E5140564251CCACB83E6B486F6B3CA3F7971506026"
240  "C0B857F689962856DED4010ABD0BE621C3A3960A54E710C3"
241  "75F26375D7014103A4B54330C198AF126116D2276E11715F"
242  "693877FAD7EF09CADB094AE91E1A1597";
243 static const char modp_dh_2048_256_generator[] =
244  "3FB32C9B73134D0B2E77506660EDBD484CA7B18F21EF2054"
245  "07F4793A1A0BA12510DBC15077BE463FFF4FED4AAC0BB555"
246  "BE3A6C1B0C6B47B1BC3773BF7E8C6F62901228F8C28CBB18"
247  "A55AE31341000A650196F931C77A57F2DDF463E5E9EC144B"
248  "777DE62AAAB8A8628AC376D282D6ED3864E67982428EBC83"
249  "1D14348F6F2F9193B5045AF2767164E1DFC967C1FB3F2E55"
250  "A4BD1BFFE83B9C80D052B985D182EA0ADB2A3B7313D3FE14"
251  "C8484B1E052588B9B7D2BBD2DF016199ECD06E1557CD0915"
252  "B3353BBB64E0EC377FD028370DF92B52C7891428CDC67EB6"
253  "184B523D1DB246C32F63078490F00EF8D647D148D4795451"
254  "5E2327CFEF98C582664B4C0F6CC41659";
255 
256 v8 *
257 ikev2_calc_prf (ikev2_sa_transform_t * tr, v8 * key, v8 * data)
258 {
259 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
260  HMAC_CTX *ctx;
261 #else
262  HMAC_CTX ctx;
263 #endif
264  v8 *prf;
265  unsigned int len = 0;
266 
267  prf = vec_new (u8, tr->key_trunc);
268 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
269  ctx = HMAC_CTX_new ();
270  HMAC_Init_ex (ctx, key, vec_len (key), tr->md, NULL);
271  HMAC_Update (ctx, data, vec_len (data));
272  HMAC_Final (ctx, prf, &len);
273 #else
274  HMAC_CTX_init (&ctx);
275  HMAC_Init_ex (&ctx, key, vec_len (key), tr->md, NULL);
276  HMAC_Update (&ctx, data, vec_len (data));
277  HMAC_Final (&ctx, prf, &len);
278  HMAC_CTX_cleanup (&ctx);
279 #endif
280  ASSERT (len == tr->key_trunc);
281 
282  return prf;
283 }
284 
285 u8 *
286 ikev2_calc_prfplus (ikev2_sa_transform_t * tr, u8 * key, u8 * seed, int len)
287 {
288  v8 *t = 0, *s = 0, *tmp = 0, *ret = 0;
289  u8 x = 0;
290 
291  /* prf+ (K,S) = T1 | T2 | T3 | T4 | ...
292 
293  where:
294  T1 = prf (K, S | 0x01)
295  T2 = prf (K, T1 | S | 0x02)
296  T3 = prf (K, T2 | S | 0x03)
297  T4 = prf (K, T3 | S | 0x04)
298  */
299 
300  while (vec_len (ret) < len && x < 255)
301  {
302  if (t)
303  {
304  vec_append (s, t);
305  vec_free (t);
306  }
307 
308  vec_append (s, seed);
309  vec_add2 (s, tmp, 1);
310  *tmp = x + 1;
311  t = ikev2_calc_prf (tr, key, s);
312  vec_append (ret, t);
313  vec_free (s);
314  x++;
315  }
316 
317  vec_free (t);
318 
319  if (x == 255)
320  {
321  vec_free (ret);
322  }
323 
324  return ret;
325 }
326 
327 v8 *
328 ikev2_calc_integr (ikev2_sa_transform_t * tr, v8 * key, u8 * data, int len)
329 {
330  v8 *r;
331 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
332  HMAC_CTX *hctx;
333 #else
334  HMAC_CTX hctx;
335 #endif
336  unsigned int l;
337 
338  ASSERT (tr->type == IKEV2_TRANSFORM_TYPE_INTEG);
339 
340  r = vec_new (u8, tr->key_len);
341 
342  if (tr->md == EVP_sha1 ())
343  {
344  clib_warning ("integrity checking with sha1");
345  }
346  else if (tr->md == EVP_sha256 ())
347  {
348  clib_warning ("integrity checking with sha256");
349  }
350 
351  /* verify integrity of data */
352 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
353  hctx = HMAC_CTX_new ();
354  HMAC_Init_ex (hctx, key, vec_len (key), tr->md, NULL);
355  HMAC_Update (hctx, (const u8 *) data, len);
356  HMAC_Final (hctx, r, &l);
357 #else
358  HMAC_CTX_init (&hctx);
359  HMAC_Init_ex (&hctx, key, vec_len (key), tr->md, NULL);
360  HMAC_Update (&hctx, (const u8 *) data, len);
361  HMAC_Final (&hctx, r, &l);
362  HMAC_CTX_cleanup (&hctx);
363 #endif
364 
365  ASSERT (l == tr->key_len);
366 
367  return r;
368 }
369 
370 v8 *
371 ikev2_decrypt_data (ikev2_sa_t * sa, u8 * data, int len)
372 {
373 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
374  EVP_CIPHER_CTX *ctx;
375 #else
376  EVP_CIPHER_CTX ctx;
377 #endif
378  v8 *r;
379  int out_len = 0, block_size;
380  ikev2_sa_transform_t *tr_encr;
381  u8 *key = sa->is_initiator ? sa->sk_er : sa->sk_ei;
382 
383  tr_encr =
384  ikev2_sa_get_td_for_type (sa->r_proposals, IKEV2_TRANSFORM_TYPE_ENCR);
385  block_size = tr_encr->block_size;
386 
387  /* check if data is multiplier of cipher block size */
388  if (len % block_size)
389  {
390  clib_warning ("wrong data length");
391  return 0;
392  }
393 
394 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
395  ctx = EVP_CIPHER_CTX_new ();
396 #else
397  EVP_CIPHER_CTX_init (&ctx);
398 #endif
399 
400  r = vec_new (u8, len - block_size);
401 
402 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
403  EVP_DecryptInit_ex (ctx, tr_encr->cipher, NULL, key, data);
404  EVP_DecryptUpdate (ctx, r, &out_len, data + block_size, len - block_size);
405  EVP_DecryptFinal_ex (ctx, r + out_len, &out_len);
406 #else
407  EVP_DecryptInit_ex (&ctx, tr_encr->cipher, NULL, key, data);
408  EVP_DecryptUpdate (&ctx, r, &out_len, data + block_size, len - block_size);
409  EVP_DecryptFinal_ex (&ctx, r + out_len, &out_len);
410 #endif
411  /* remove padding */
412  _vec_len (r) -= r[vec_len (r) - 1] + 1;
413 
414 #if OPENSSL_VERSION_NUMBER < 0x10100000L
415  EVP_CIPHER_CTX_cleanup (&ctx);
416 #endif
417  return r;
418 }
419 
420 int
421 ikev2_encrypt_data (ikev2_sa_t * sa, v8 * src, u8 * dst)
422 {
423 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
424  EVP_CIPHER_CTX *ctx;
425 #else
426  EVP_CIPHER_CTX ctx;
427 #endif
428  int out_len;
429  int bs;
430  ikev2_sa_transform_t *tr_encr;
431  u8 *key = sa->is_initiator ? sa->sk_ei : sa->sk_er;
432 
433  tr_encr =
434  ikev2_sa_get_td_for_type (sa->r_proposals, IKEV2_TRANSFORM_TYPE_ENCR);
435  bs = tr_encr->block_size;
436 
437  /* generate IV */
438  RAND_bytes (dst, bs);
439 
440 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
441  ctx = EVP_CIPHER_CTX_new ();
442  EVP_EncryptInit_ex (ctx, tr_encr->cipher, NULL, key, dst /* dst */ );
443  EVP_EncryptUpdate (ctx, dst + bs, &out_len, src, vec_len (src));
444 #else
445  EVP_CIPHER_CTX_init (&ctx);
446  EVP_EncryptInit_ex (&ctx, tr_encr->cipher, NULL, key, dst /* dst */ );
447  EVP_EncryptUpdate (&ctx, dst + bs, &out_len, src, vec_len (src));
448  EVP_CIPHER_CTX_cleanup (&ctx);
449 #endif
450 
451  ASSERT (vec_len (src) == out_len);
452 
453  return out_len + bs;
454 }
455 
456 void
457 ikev2_generate_dh (ikev2_sa_t * sa, ikev2_sa_transform_t * t)
458 {
459  int r;
460 
461  if (t->dh_group == IKEV2_DH_GROUP_MODP)
462  {
463  DH *dh = DH_new ();
464 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
465  BIGNUM *p = NULL;
466  BIGNUM *g = NULL;
467  const BIGNUM *pub_key, *priv_key;
468 
469  BN_hex2bn (&p, t->dh_p);
470  BN_hex2bn (&g, t->dh_g);
471  DH_set0_pqg (dh, p, NULL, g);
472 #else
473  BN_hex2bn (&dh->p, t->dh_p);
474  BN_hex2bn (&dh->g, t->dh_g);
475 #endif
476  DH_generate_key (dh);
477 
478  if (sa->is_initiator)
479  {
480  sa->i_dh_data = vec_new (u8, t->key_len);
481  sa->dh_private_key = vec_new (u8, t->key_len);
482 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
483  DH_get0_key (dh, &pub_key, &priv_key);
484  r = BN_bn2bin (pub_key, sa->i_dh_data);
485  ASSERT (r == t->key_len);
486  r = BN_bn2bin (priv_key, sa->dh_private_key);
487 #else
488  r = BN_bn2bin (dh->pub_key, sa->i_dh_data);
489  ASSERT (r == t->key_len);
490  r = BN_bn2bin (dh->priv_key, sa->dh_private_key);
491 #endif
492  ASSERT (r == t->key_len);
493  }
494  else
495  {
496  sa->r_dh_data = vec_new (u8, t->key_len);
497 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
498  DH_get0_key (dh, &pub_key, &priv_key);
499  r = BN_bn2bin (pub_key, sa->r_dh_data);
500 #else
501  r = BN_bn2bin (dh->pub_key, sa->r_dh_data);
502 #endif
503  ASSERT (r == t->key_len);
504 
505  BIGNUM *ex;
506  sa->dh_shared_key = vec_new (u8, t->key_len);
507  ex = BN_bin2bn (sa->i_dh_data, vec_len (sa->i_dh_data), NULL);
508  r = DH_compute_key (sa->dh_shared_key, ex, dh);
509  ASSERT (r == t->key_len);
510  BN_clear_free (ex);
511  }
512  DH_free (dh);
513  }
514  else if (t->dh_group == IKEV2_DH_GROUP_ECP)
515  {
516  EC_KEY *ec = EC_KEY_new_by_curve_name (t->nid);
517  ASSERT (ec);
518 
519  EC_KEY_generate_key (ec);
520 
521  const EC_POINT *r_point = EC_KEY_get0_public_key (ec);
522  const EC_GROUP *group = EC_KEY_get0_group (ec);
523  BIGNUM *x = NULL, *y = NULL;
524  BN_CTX *bn_ctx = BN_CTX_new ();
525  u16 x_off, y_off, len;
526  EC_POINT *i_point = EC_POINT_new (group);
527  EC_POINT *shared_point = EC_POINT_new (group);
528 
529  x = BN_new ();
530  y = BN_new ();
531  len = t->key_len / 2;
532 
533 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
534  EC_POINT_get_affine_coordinates (group, r_point, x, y, bn_ctx);
535 #else
536  EC_POINT_get_affine_coordinates_GFp (group, r_point, x, y, bn_ctx);
537 #endif
538 
539  if (sa->is_initiator)
540  {
541  sa->i_dh_data = vec_new (u8, t->key_len);
542  x_off = len - BN_num_bytes (x);
543  clib_memset (sa->i_dh_data, 0, x_off);
544  BN_bn2bin (x, sa->i_dh_data + x_off);
545  y_off = t->key_len - BN_num_bytes (y);
546  clib_memset (sa->i_dh_data + len, 0, y_off - len);
547  BN_bn2bin (y, sa->i_dh_data + y_off);
548 
549  const BIGNUM *prv = EC_KEY_get0_private_key (ec);
550  sa->dh_private_key = vec_new (u8, BN_num_bytes (prv));
551  r = BN_bn2bin (prv, sa->dh_private_key);
552  ASSERT (r == BN_num_bytes (prv));
553  }
554  else
555  {
556  sa->r_dh_data = vec_new (u8, t->key_len);
557  x_off = len - BN_num_bytes (x);
558  clib_memset (sa->r_dh_data, 0, x_off);
559  BN_bn2bin (x, sa->r_dh_data + x_off);
560  y_off = t->key_len - BN_num_bytes (y);
561  clib_memset (sa->r_dh_data + len, 0, y_off - len);
562  BN_bn2bin (y, sa->r_dh_data + y_off);
563 
564  x = BN_bin2bn (sa->i_dh_data, len, x);
565  y = BN_bin2bn (sa->i_dh_data + len, len, y);
566 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
567  EC_POINT_set_affine_coordinates (group, i_point, x, y, bn_ctx);
568 #else
569  EC_POINT_set_affine_coordinates_GFp (group, i_point, x, y, bn_ctx);
570 #endif
571  sa->dh_shared_key = vec_new (u8, t->key_len);
572  EC_POINT_mul (group, shared_point, NULL, i_point,
573  EC_KEY_get0_private_key (ec), NULL);
574 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
575  EC_POINT_get_affine_coordinates (group, shared_point, x, y, bn_ctx);
576 #else
577  EC_POINT_get_affine_coordinates_GFp (group, shared_point, x, y,
578  bn_ctx);
579 #endif
580  x_off = len - BN_num_bytes (x);
581  clib_memset (sa->dh_shared_key, 0, x_off);
582  BN_bn2bin (x, sa->dh_shared_key + x_off);
583  y_off = t->key_len - BN_num_bytes (y);
584  clib_memset (sa->dh_shared_key + len, 0, y_off - len);
585  BN_bn2bin (y, sa->dh_shared_key + y_off);
586  }
587 
588  EC_KEY_free (ec);
589  BN_free (x);
590  BN_free (y);
591  BN_CTX_free (bn_ctx);
592  EC_POINT_free (i_point);
593  EC_POINT_free (shared_point);
594  }
595 }
596 
597 void
598 ikev2_complete_dh (ikev2_sa_t * sa, ikev2_sa_transform_t * t)
599 {
600  int r;
601 
602  if (t->dh_group == IKEV2_DH_GROUP_MODP)
603  {
604  DH *dh = DH_new ();
605 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
606  BIGNUM *p = NULL;
607  BIGNUM *g = NULL;
608  BIGNUM *priv_key;
609 
610  BN_hex2bn (&p, t->dh_p);
611  BN_hex2bn (&g, t->dh_g);
612  DH_set0_pqg (dh, p, NULL, g);
613 
614  priv_key =
615  BN_bin2bn (sa->dh_private_key, vec_len (sa->dh_private_key), NULL);
616  DH_set0_key (dh, NULL, priv_key);
617 #else
618  BN_hex2bn (&dh->p, t->dh_p);
619  BN_hex2bn (&dh->g, t->dh_g);
620 
621  dh->priv_key =
622  BN_bin2bn (sa->dh_private_key, vec_len (sa->dh_private_key), NULL);
623 #endif
624  BIGNUM *ex;
625  sa->dh_shared_key = vec_new (u8, t->key_len);
626  ex = BN_bin2bn (sa->r_dh_data, vec_len (sa->r_dh_data), NULL);
627  r = DH_compute_key (sa->dh_shared_key, ex, dh);
628  ASSERT (r == t->key_len);
629  BN_clear_free (ex);
630  DH_free (dh);
631  }
632  else if (t->dh_group == IKEV2_DH_GROUP_ECP)
633  {
634  EC_KEY *ec = EC_KEY_new_by_curve_name (t->nid);
635  ASSERT (ec);
636 
637  const EC_GROUP *group = EC_KEY_get0_group (ec);
638  BIGNUM *x = NULL, *y = NULL;
639  BN_CTX *bn_ctx = BN_CTX_new ();
640  u16 x_off, y_off, len;
641  BIGNUM *prv;
642 
643  prv =
644  BN_bin2bn (sa->dh_private_key, vec_len (sa->dh_private_key), NULL);
645  EC_KEY_set_private_key (ec, prv);
646 
647  x = BN_new ();
648  y = BN_new ();
649  len = t->key_len / 2;
650 
651  x = BN_bin2bn (sa->r_dh_data, len, x);
652  y = BN_bin2bn (sa->r_dh_data + len, len, y);
653  EC_POINT *r_point = EC_POINT_new (group);
654 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
655  EC_POINT_set_affine_coordinates (group, r_point, x, y, bn_ctx);
656 #else
657  EC_POINT_set_affine_coordinates_GFp (group, r_point, x, y, bn_ctx);
658 #endif
659  EC_KEY_set_public_key (ec, r_point);
660 
661  EC_POINT *i_point = EC_POINT_new (group);
662  EC_POINT *shared_point = EC_POINT_new (group);
663 
664  x = BN_bin2bn (sa->i_dh_data, len, x);
665  y = BN_bin2bn (sa->i_dh_data + len, len, y);
666 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
667  EC_POINT_set_affine_coordinates (group, i_point, x, y, bn_ctx);
668 #else
669  EC_POINT_set_affine_coordinates_GFp (group, i_point, x, y, bn_ctx);
670 #endif
671  EC_POINT_mul (group, shared_point, NULL, r_point,
672  EC_KEY_get0_private_key (ec), NULL);
673 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
674  EC_POINT_get_affine_coordinates (group, shared_point, x, y, bn_ctx);
675 #else
676  EC_POINT_get_affine_coordinates_GFp (group, shared_point, x, y, bn_ctx);
677 #endif
678  sa->dh_shared_key = vec_new (u8, t->key_len);
679  x_off = len - BN_num_bytes (x);
680  clib_memset (sa->dh_shared_key, 0, x_off);
681  BN_bn2bin (x, sa->dh_shared_key + x_off);
682  y_off = t->key_len - BN_num_bytes (y);
683  clib_memset (sa->dh_shared_key + len, 0, y_off - len);
684  BN_bn2bin (y, sa->dh_shared_key + y_off);
685 
686  EC_KEY_free (ec);
687  BN_free (x);
688  BN_free (y);
689  BN_free (prv);
690  BN_CTX_free (bn_ctx);
691  EC_POINT_free (i_point);
692  EC_POINT_free (r_point);
693  EC_POINT_free (shared_point);
694  }
695 }
696 
697 int
698 ikev2_verify_sign (EVP_PKEY * pkey, u8 * sigbuf, u8 * data)
699 {
700 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
701  EVP_MD_CTX *md_ctx = EVP_MD_CTX_new ();
702 #else
703  EVP_MD_CTX md_ctx;
704  EVP_MD_CTX_init (&md_ctx);
705 #endif
706 
707 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
708  EVP_VerifyInit (md_ctx, EVP_sha1 ());
709  EVP_VerifyUpdate (md_ctx, data, vec_len (data));
710 #else
711  EVP_VerifyInit_ex (&md_ctx, EVP_sha1 (), NULL);
712  EVP_VerifyUpdate (&md_ctx, data, vec_len (data));
713 #endif
714 
715 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
716  return EVP_VerifyFinal (md_ctx, sigbuf, vec_len (sigbuf), pkey);
717 #else
718  return EVP_VerifyFinal (&md_ctx, sigbuf, vec_len (sigbuf), pkey);
719 #endif
720 }
721 
722 u8 *
723 ikev2_calc_sign (EVP_PKEY * pkey, u8 * data)
724 {
725 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
726  EVP_MD_CTX *md_ctx = EVP_MD_CTX_new ();
727 #else
728  EVP_MD_CTX md_ctx;
729 #endif
730  unsigned int sig_len = 0;
731  u8 *sign;
732 
733 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
734  EVP_SignInit (md_ctx, EVP_sha1 ());
735  EVP_SignUpdate (md_ctx, data, vec_len (data));
736  /* get sign len */
737  EVP_SignFinal (md_ctx, NULL, &sig_len, pkey);
738  sign = vec_new (u8, sig_len);
739  /* calc sign */
740  EVP_SignFinal (md_ctx, sign, &sig_len, pkey);
741 #else
742  EVP_SignInit (&md_ctx, EVP_sha1 ());
743  EVP_SignUpdate (&md_ctx, data, vec_len (data));
744  /* get sign len */
745  EVP_SignFinal (&md_ctx, NULL, &sig_len, pkey);
746  sign = vec_new (u8, sig_len);
747  /* calc sign */
748  EVP_SignFinal (&md_ctx, sign, &sig_len, pkey);
749 #endif
750  return sign;
751 }
752 
753 EVP_PKEY *
754 ikev2_load_cert_file (u8 * file)
755 {
756  FILE *fp;
757  X509 *x509;
758  EVP_PKEY *pkey = NULL;
759 
760  fp = fopen ((char *) file, "r");
761  if (!fp)
762  {
763  clib_warning ("open %s failed", file);
764  goto end;
765  }
766 
767  x509 = PEM_read_X509 (fp, NULL, NULL, NULL);
768  fclose (fp);
769  if (x509 == NULL)
770  {
771  clib_warning ("read cert %s failed", file);
772  goto end;
773  }
774 
775  pkey = X509_get_pubkey (x509);
776  if (pkey == NULL)
777  clib_warning ("get pubkey %s failed", file);
778 
779 end:
780  return pkey;
781 }
782 
783 EVP_PKEY *
784 ikev2_load_key_file (u8 * file)
785 {
786  FILE *fp;
787  EVP_PKEY *pkey = NULL;
788 
789  fp = fopen ((char *) file, "r");
790  if (!fp)
791  {
792  clib_warning ("open %s failed", file);
793  goto end;
794  }
795 
796  pkey = PEM_read_PrivateKey (fp, NULL, NULL, NULL);
797  fclose (fp);
798  if (pkey == NULL)
799  clib_warning ("read %s failed", file);
800 
801 end:
802  return pkey;
803 }
804 
805 void
806 ikev2_crypto_init (ikev2_main_t * km)
807 {
808  ikev2_sa_transform_t *tr;
809 
810  /* vector of supported transforms - in order of preference */
811 
812  //Encryption
813 
814  vec_add2 (km->supported_transforms, tr, 1);
815  tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
816  tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
817  tr->key_len = 256 / 8;
818  tr->block_size = 128 / 8;
819  tr->cipher = EVP_aes_256_cbc ();
820 
821  vec_add2 (km->supported_transforms, tr, 1);
822  tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
823  tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
824  tr->key_len = 192 / 8;
825  tr->block_size = 128 / 8;
826  tr->cipher = EVP_aes_192_cbc ();
827 
828  vec_add2 (km->supported_transforms, tr, 1);
829  tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
830  tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
831  tr->key_len = 128 / 8;
832  tr->block_size = 128 / 8;
833  tr->cipher = EVP_aes_128_cbc ();
834 
835  //PRF
836  vec_add2 (km->supported_transforms, tr, 1);
837  tr->type = IKEV2_TRANSFORM_TYPE_PRF;
838  tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA2_256;
839  tr->key_len = 256 / 8;
840  tr->key_trunc = 256 / 8;
841  tr->md = EVP_sha256 ();
842 
843  vec_add2 (km->supported_transforms, tr, 1);
844  tr->type = IKEV2_TRANSFORM_TYPE_PRF;
845  tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA2_384;
846  tr->key_len = 384 / 8;
847  tr->key_trunc = 384 / 8;
848  tr->md = EVP_sha384 ();
849 
850  vec_add2 (km->supported_transforms, tr, 1);
851  tr->type = IKEV2_TRANSFORM_TYPE_PRF;
852  tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA2_512;
853  tr->key_len = 512 / 8;
854  tr->key_trunc = 512 / 8;
855  tr->md = EVP_sha512 ();
856 
857  vec_add2 (km->supported_transforms, tr, 1);
858  tr->type = IKEV2_TRANSFORM_TYPE_PRF;
859  tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA1;
860  tr->key_len = 160 / 8;
861  tr->key_trunc = 160 / 8;
862  tr->md = EVP_sha1 ();
863 
864  //Integrity
865  vec_add2 (km->supported_transforms, tr, 1);
866  tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
867  tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA2_256_128;
868  tr->key_len = 256 / 8;
869  tr->key_trunc = 128 / 8;
870  tr->md = EVP_sha256 ();
871 
872  vec_add2 (km->supported_transforms, tr, 1);
873  tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
874  tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA2_384_192;
875  tr->key_len = 384 / 8;
876  tr->key_trunc = 192 / 8;
877  tr->md = EVP_sha384 ();
878 
879  vec_add2 (km->supported_transforms, tr, 1);
880  tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
881  tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA2_512_256;
882  tr->key_len = 512 / 8;
883  tr->key_trunc = 256 / 8;
884  tr->md = EVP_sha512 ();
885 
886  vec_add2 (km->supported_transforms, tr, 1);
887  tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
888  tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA1_160;
889  tr->key_len = 160 / 8;
890  tr->key_trunc = 160 / 8;
891  tr->md = EVP_sha1 ();
892 
893  vec_add2 (km->supported_transforms, tr, 1);
894  tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
895  tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA1_96;
896  tr->key_len = 160 / 8;
897  tr->key_trunc = 96 / 8;
898  tr->md = EVP_sha1 ();
899 
900 
901 #if defined(OPENSSL_NO_CISCO_FECDH)
902  vec_add2 (km->supported_transforms, tr, 1);
903  tr->type = IKEV2_TRANSFORM_TYPE_DH;
904  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_512;
905  tr->key_len = (512 * 2) / 8;
906  tr->nid = NID_brainpoolP512r1;
907  tr->dh_group = IKEV2_DH_GROUP_ECP;
908 
909  vec_add2 (km->supported_transforms, tr, 1);
910  tr->type = IKEV2_TRANSFORM_TYPE_DH;
911  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_384;
912  tr->key_len = (384 * 2) / 8;
913  tr->nid = NID_brainpoolP384r1;
914  tr->dh_group = IKEV2_DH_GROUP_ECP;
915 
916  vec_add2 (km->supported_transforms, tr, 1);
917  tr->type = IKEV2_TRANSFORM_TYPE_DH;
918  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_256;
919  tr->key_len = (256 * 2) / 8;
920  tr->nid = NID_brainpoolP256r1;
921  tr->dh_group = IKEV2_DH_GROUP_ECP;
922 
923  vec_add2 (km->supported_transforms, tr, 1);
924  tr->type = IKEV2_TRANSFORM_TYPE_DH;
925  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_224;
926  tr->key_len = (224 * 2) / 8;
927  tr->nid = NID_brainpoolP224r1;
928  tr->dh_group = IKEV2_DH_GROUP_ECP;
929 
930  vec_add2 (km->supported_transforms, tr, 1);
931  tr->type = IKEV2_TRANSFORM_TYPE_DH;
932  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_224;
933  tr->key_len = (224 * 2) / 8;
934  tr->nid = NID_secp224r1;
935  tr->dh_group = IKEV2_DH_GROUP_ECP;
936 #endif
937 
938  vec_add2 (km->supported_transforms, tr, 1);
939  tr->type = IKEV2_TRANSFORM_TYPE_DH;
940  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_521;
941  tr->key_len = (528 * 2) / 8;
942  tr->nid = NID_secp521r1;
943  tr->dh_group = IKEV2_DH_GROUP_ECP;
944 
945  vec_add2 (km->supported_transforms, tr, 1);
946  tr->type = IKEV2_TRANSFORM_TYPE_DH;
947  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_384;
948  tr->key_len = (384 * 2) / 8;
949  tr->nid = NID_secp384r1;
950  tr->dh_group = IKEV2_DH_GROUP_ECP;
951 
952  vec_add2 (km->supported_transforms, tr, 1);
953  tr->type = IKEV2_TRANSFORM_TYPE_DH;
954  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_256;
955  tr->key_len = (256 * 2) / 8;
956  tr->nid = NID_X9_62_prime256v1;
957  tr->dh_group = IKEV2_DH_GROUP_ECP;
958 
959  vec_add2 (km->supported_transforms, tr, 1);
960  tr->type = IKEV2_TRANSFORM_TYPE_DH;
961  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_192;
962  tr->key_len = (192 * 2) / 8;
963  tr->nid = NID_X9_62_prime192v1;
964  tr->dh_group = IKEV2_DH_GROUP_ECP;
965 
966  vec_add2 (km->supported_transforms, tr, 1);
967  tr->type = IKEV2_TRANSFORM_TYPE_DH;
968  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048_256;
969  tr->key_len = 2048 / 8;
970  tr->dh_p = (const char *) &modp_dh_2048_256_prime;
971  tr->dh_g = (const char *) &modp_dh_2048_256_generator;
972  tr->dh_group = IKEV2_DH_GROUP_MODP;
973 
974  vec_add2 (km->supported_transforms, tr, 1);
975  tr->type = IKEV2_TRANSFORM_TYPE_DH;
976  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048_224;
977  tr->key_len = 2048 / 8;
978  tr->dh_p = (const char *) &modp_dh_2048_224_prime;
979  tr->dh_g = (const char *) &modp_dh_2048_224_generator;
980  tr->dh_group = IKEV2_DH_GROUP_MODP;
981 
982  vec_add2 (km->supported_transforms, tr, 1);
983  tr->type = IKEV2_TRANSFORM_TYPE_DH;
984  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1024_160;
985  tr->key_len = 1024 / 8;
986  tr->dh_p = (const char *) &modp_dh_1024_160_prime;
987  tr->dh_g = (const char *) &modp_dh_1024_160_generator;
988  tr->dh_group = IKEV2_DH_GROUP_MODP;
989 
990  vec_add2 (km->supported_transforms, tr, 1);
991  tr->type = IKEV2_TRANSFORM_TYPE_DH;
992  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_8192;
993  tr->key_len = 8192 / 8;
994  tr->dh_p = (const char *) &modp_dh_8192_prime;
995  tr->dh_g = (const char *) &modp_dh_8192_generator;
996  tr->dh_group = IKEV2_DH_GROUP_MODP;
997 
998  vec_add2 (km->supported_transforms, tr, 1);
999  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1000  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_6144;
1001  tr->key_len = 6144 / 8;
1002  tr->dh_p = (const char *) &modp_dh_6144_prime;
1003  tr->dh_g = (const char *) &modp_dh_6144_generator;
1004  tr->dh_group = IKEV2_DH_GROUP_MODP;
1005 
1006  vec_add2 (km->supported_transforms, tr, 1);
1007  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1008  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_4096;
1009  tr->key_len = 4096 / 8;
1010  tr->dh_p = (const char *) &modp_dh_4096_prime;
1011  tr->dh_g = (const char *) &modp_dh_4096_generator;
1012  tr->dh_group = IKEV2_DH_GROUP_MODP;
1013 
1014  vec_add2 (km->supported_transforms, tr, 1);
1015  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1016  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_3072;
1017  tr->key_len = 3072 / 8;
1018  tr->dh_p = (const char *) &modp_dh_3072_prime;
1019  tr->dh_g = (const char *) &modp_dh_3072_generator;
1020  tr->dh_group = IKEV2_DH_GROUP_MODP;
1021 
1022  vec_add2 (km->supported_transforms, tr, 1);
1023  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1024  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048;
1025  tr->key_len = 2048 / 8;
1026  tr->dh_p = (const char *) &modp_dh_2048_prime;
1027  tr->dh_g = (const char *) &modp_dh_2048_generator;
1028  tr->dh_group = IKEV2_DH_GROUP_MODP;
1029 
1030  vec_add2 (km->supported_transforms, tr, 1);
1031  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1032  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1536;
1033  tr->key_len = 1536 / 8;
1034  tr->dh_p = (const char *) &modp_dh_1536_prime;
1035  tr->dh_g = (const char *) &modp_dh_1536_generator;
1036  tr->dh_group = IKEV2_DH_GROUP_MODP;
1037 
1038  vec_add2 (km->supported_transforms, tr, 1);
1039  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1040  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1024;
1041  tr->key_len = 1024 / 8;
1042  tr->dh_p = (const char *) &modp_dh_1024_prime;
1043  tr->dh_g = (const char *) &modp_dh_1024_generator;
1044  tr->dh_group = IKEV2_DH_GROUP_MODP;
1045 
1046  vec_add2 (km->supported_transforms, tr, 1);
1047  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1048  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_768;
1049  tr->key_len = 768 / 8;
1050  tr->dh_p = (const char *) &modp_dh_768_prime;
1051  tr->dh_g = (const char *) &modp_dh_768_generator;
1052  tr->dh_group = IKEV2_DH_GROUP_MODP;
1053 
1054  vec_add2 (km->supported_transforms, tr, 1);
1055  tr->type = IKEV2_TRANSFORM_TYPE_ESN;
1056  tr->esn_type = IKEV2_TRANSFORM_ESN_TYPE_ESN;
1057 
1058  vec_add2 (km->supported_transforms, tr, 1);
1059  tr->type = IKEV2_TRANSFORM_TYPE_ESN;
1060  tr->esn_type = IKEV2_TRANSFORM_ESN_TYPE_NO_ESN;
1061 }
1062 
1063 
1064 
1065 /*
1066  * fd.io coding-style-patch-verification: ON
1067  *
1068  * Local Variables:
1069  * eval: (c-set-style "gnu")
1070  * End:
1071  */
ikev2_sa_t::dh_shared_key
u8 * dh_shared_key
Definition: ikev2_priv.h:211
ikev2_sa_t::dh_private_key
u8 * dh_private_key
Definition: ikev2_priv.h:212
ikev2_sa_transform_t::type
ikev2_transform_type_t type
Definition: ikev2_priv.h:69
modp_dh_1536_prime
static const char modp_dh_1536_prime[]
Definition: ikev2_crypto.c:47
modp_dh_3072_generator
static const char modp_dh_3072_generator[]
Definition: ikev2_crypto.c:89
IKEV2_DH_GROUP_ECP
Definition: ikev2_priv.h:64
modp_dh_8192_prime
static const char modp_dh_8192_prime[]
Definition: ikev2_crypto.c:146
modp_dh_4096_prime
static const char modp_dh_4096_prime[]
Definition: ikev2_crypto.c:91
v8
u8 v8
Definition: ikev2.h:27
ikev2_sa_transform_t::block_size
u16 block_size
Definition: ikev2_priv.h:82
NULL
#define NULL
Definition: clib.h:58
ikev2_calc_prf
v8 * ikev2_calc_prf(ikev2_sa_transform_t *tr, v8 *key, v8 *data)
Definition: ikev2_crypto.c:257
modp_dh_8192_generator
static const char modp_dh_8192_generator[]
Definition: ikev2_crypto.c:190
ikev2_sa_transform_t::esn_type
ikev2_transform_esn_type_t esn_type
Definition: ikev2_priv.h:77
modp_dh_768_generator
static const char modp_dh_768_generator[]
Definition: ikev2_crypto.c:36
src
vl_api_address_t src
Definition: gre.api:51
vec_add2
#define vec_add2(V, P, N)
Add N elements to end of vector V, return pointer to new elements in P.
Definition: vec.h:560
clib_memset
clib_memset(h->entries, 0, sizeof(h->entries[0])*entries)
modp_dh_1024_prime
static const char modp_dh_1024_prime[]
Definition: ikev2_crypto.c:38
data
u8 data[128]
Definition: ipsec.api:249
u8
unsigned char u8
Definition: types.h:56
ikev2_sa_get_td_for_type
ikev2_sa_transform_t * ikev2_sa_get_td_for_type(ikev2_sa_proposal_t *p, ikev2_transform_type_t type)
Definition: ikev2.c:194
ikev2_sa_transform_t::nid
int nid
Definition: ikev2_priv.h:84
modp_dh_6144_prime
static const char modp_dh_6144_prime[]
Definition: ikev2_crypto.c:115
ikev2_encrypt_data
int ikev2_encrypt_data(ikev2_sa_t *sa, v8 *src, u8 *dst)
Definition: ikev2_crypto.c:421
modp_dh_768_prime
static const char modp_dh_768_prime[]
Definition: ikev2_crypto.c:31
ikev2_main_t
Definition: ikev2_priv.h:268
ikev2_generate_dh
void ikev2_generate_dh(ikev2_sa_t *sa, ikev2_sa_transform_t *t)
Definition: ikev2_crypto.c:457
ikev2_load_cert_file
EVP_PKEY * ikev2_load_cert_file(u8 *file)
Definition: ikev2_crypto.c:754
vec_new
#define vec_new(T, N)
Create new vector of given type and length (unspecified alignment, no header).
Definition: vec.h:311
ikev2_load_key_file
EVP_PKEY * ikev2_load_key_file(u8 *file)
Definition: ikev2_crypto.c:784
modp_dh_1024_160_prime
static const char modp_dh_1024_160_prime[]
Definition: ikev2_crypto.c:193
ikev2_sa_t::r_dh_data
u8 * r_dh_data
Definition: ikev2_priv.h:214
ikev2_calc_prfplus
u8 * ikev2_calc_prfplus(ikev2_sa_transform_t *tr, u8 *key, u8 *seed, int len)
Definition: ikev2_crypto.c:286
modp_dh_1024_generator
static const char modp_dh_1024_generator[]
Definition: ikev2_crypto.c:44
ikev2_sa_t::i_dh_data
u8 * i_dh_data
Definition: ikev2_priv.h:213
ctx
long ctx[MAX_CONNS]
Definition: main.c:144
modp_dh_2048_256_prime
static const char modp_dh_2048_256_prime[]
Definition: ikev2_crypto.c:231
u16
unsigned short u16
Definition: types.h:57
IKEV2_DH_GROUP_MODP
Definition: ikev2_priv.h:63
ikev2_main_t::supported_transforms
ikev2_sa_transform_t * supported_transforms
Definition: ikev2_priv.h:274
ikev2_sa_transform_t::dh_group
u8 dh_group
Definition: ikev2_priv.h:83
ikev2_verify_sign
int ikev2_verify_sign(EVP_PKEY *pkey, u8 *sigbuf, u8 *data)
Definition: ikev2_crypto.c:698
ikev2_sa_transform_t
Definition: ikev2_priv.h:67
modp_dh_1536_generator
static const char modp_dh_1536_generator[]
Definition: ikev2_crypto.c:56
dst
vl_api_address_t dst
Definition: gre.api:52
len
u8 len
Definition: ip_types.api:90
ikev2_sa_t::sk_ei
u8 * sk_ei
Definition: ikev2_priv.h:224
modp_dh_3072_prime
static const char modp_dh_3072_prime[]
Definition: ikev2_crypto.c:72
ikev2_sa_transform_t::dh_type
ikev2_transform_dh_type_t dh_type
Definition: ikev2_priv.h:76
ikev2_sa_t
Definition: ikev2_priv.h:197
vec_free
#define vec_free(V)
Free vector&#39;s memory (no header).
Definition: vec.h:341
clib_warning
#define clib_warning(format, args...)
Definition: error.h:59
ikev2_sa_t::sk_er
u8 * sk_er
Definition: ikev2_priv.h:225
ikev2_sa_t::is_initiator
u8 is_initiator
Definition: ikev2_priv.h:251
ikev2_sa_transform_t::cipher
const void * cipher
Definition: ikev2_priv.h:88
ikev2_priv.h
ikev2_sa_t::r_proposals
ikev2_sa_proposal_t * r_proposals
Definition: ikev2_priv.h:218
modp_dh_2048_generator
static const char modp_dh_2048_generator[]
Definition: ikev2_crypto.c:70
ASSERT
#define ASSERT(truth)
Definition: error_bootstrap.h:69
modp_dh_6144_generator
static const char modp_dh_6144_generator[]
Definition: ikev2_crypto.c:144
ikev2_complete_dh
void ikev2_complete_dh(ikev2_sa_t *sa, ikev2_sa_transform_t *t)
Definition: ikev2_crypto.c:598
vec_append
#define vec_append(v1, v2)
Append v2 after v1.
Definition: vec.h:818
ikev2_sa_transform_t::dh_p
const char * dh_p
Definition: ikev2_priv.h:85
modp_dh_1024_160_generator
static const char modp_dh_1024_160_generator[]
Definition: ikev2_crypto.c:199
ikev2_sa_transform_t::md
const void * md
Definition: ikev2_priv.h:87
ikev2_sa_transform_t::encr_type
ikev2_transform_encr_type_t encr_type
Definition: ikev2_priv.h:73
ikev2_sa_transform_t::dh_g
const char * dh_g
Definition: ikev2_priv.h:86
ikev2_sa_transform_t::integ_type
ikev2_transform_integ_type_t integ_type
Definition: ikev2_priv.h:75
modp_dh_4096_generator
static const char modp_dh_4096_generator[]
Definition: ikev2_crypto.c:113
ikev2_sa_transform_t::key_len
u16 key_len
Definition: ikev2_priv.h:80
modp_dh_2048_prime
static const char modp_dh_2048_prime[]
Definition: ikev2_crypto.c:58
vec_len
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
Definition: vec_bootstrap.h:143
key
typedef key
Definition: ipsec.api:245
ikev2_sa_transform_t::prf_type
ikev2_transform_prf_type_t prf_type
Definition: ikev2_priv.h:74
modp_dh_2048_224_generator
static const char modp_dh_2048_224_generator[]
Definition: ikev2_crypto.c:218
modp_dh_2048_256_generator
static const char modp_dh_2048_256_generator[]
Definition: ikev2_crypto.c:243
ikev2_crypto_init
void ikev2_crypto_init(ikev2_main_t *km)
Definition: ikev2_crypto.c:806
ikev2_decrypt_data
v8 * ikev2_decrypt_data(ikev2_sa_t *sa, u8 *data, int len)
Definition: ikev2_crypto.c:371
ikev2_calc_sign
u8 * ikev2_calc_sign(EVP_PKEY *pkey, u8 *data)
Definition: ikev2_crypto.c:723
ikev2_calc_integr
v8 * ikev2_calc_integr(ikev2_sa_transform_t *tr, v8 *key, u8 *data, int len)
Definition: ikev2_crypto.c:328
modp_dh_2048_224_prime
static const char modp_dh_2048_224_prime[]
Definition: ikev2_crypto.c:206
ikev2_sa_transform_t::key_trunc
u16 key_trunc
Definition: ikev2_priv.h:81