FD.io VPP  v18.04-17-g3a0d853
Vector Packet Processing
esp.h
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2015 Cisco and/or its affiliates.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at:
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 #ifndef __ESP_H__
16 #define __ESP_H__
17 
18 #include <vnet/ip/ip.h>
19 #include <vnet/ipsec/ipsec.h>
20 
21 #include <openssl/hmac.h>
22 #include <openssl/rand.h>
23 #include <openssl/evp.h>
24 
25 typedef struct
26 {
29  u8 data[0];
30 } esp_header_t;
31 
32 typedef struct
33 {
36 } esp_footer_t;
37 
38 /* *INDENT-OFF* */
39 typedef CLIB_PACKED (struct {
40  ip4_header_t ip4;
41  esp_header_t esp;
42 }) ip4_and_esp_header_t;
43 /* *INDENT-ON* */
44 
45 /* *INDENT-OFF* */
46 typedef CLIB_PACKED (struct {
47  ip6_header_t ip6;
48  esp_header_t esp;
49 }) ip6_and_esp_header_t;
50 /* *INDENT-ON* */
51 
52 typedef struct
53 {
54  const EVP_CIPHER *type;
58 
59 typedef struct
60 {
61  const EVP_MD *md;
64 
65 typedef struct
66 {
67  CLIB_CACHE_LINE_ALIGN_MARK (cacheline0);
68 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
69  EVP_CIPHER_CTX *encrypt_ctx;
70 #else
71  EVP_CIPHER_CTX encrypt_ctx;
72 #endif
73  CLIB_CACHE_LINE_ALIGN_MARK (cacheline1);
74 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
75  EVP_CIPHER_CTX *decrypt_ctx;
76 #else
77  EVP_CIPHER_CTX decrypt_ctx;
78 #endif
79  CLIB_CACHE_LINE_ALIGN_MARK (cacheline2);
80 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
81  HMAC_CTX *hmac_ctx;
82 #else
83  HMAC_CTX hmac_ctx;
84 #endif
89 
90 typedef struct
91 {
96 
98 
99 #define ESP_WINDOW_SIZE (64)
100 #define ESP_SEQ_MAX (4294967295UL)
101 
102 u8 *format_esp_header (u8 * s, va_list * args);
103 
104 always_inline int
106 {
107  u32 diff;
108 
109  if (PREDICT_TRUE (seq > sa->last_seq))
110  return 0;
111 
112  diff = sa->last_seq - seq;
113 
114  if (ESP_WINDOW_SIZE > diff)
115  return (sa->replay_window & (1ULL << diff)) ? 1 : 0;
116  else
117  return 1;
118 
119  return 0;
120 }
121 
122 always_inline int
124 {
125  u32 tl = sa->last_seq;
126  u32 th = sa->last_seq_hi;
127  u32 diff = tl - seq;
128 
129  if (PREDICT_TRUE (tl >= (ESP_WINDOW_SIZE - 1)))
130  {
131  if (seq >= (tl - ESP_WINDOW_SIZE + 1))
132  {
133  sa->seq_hi = th;
134  if (seq <= tl)
135  return (sa->replay_window & (1ULL << diff)) ? 1 : 0;
136  else
137  return 0;
138  }
139  else
140  {
141  sa->seq_hi = th + 1;
142  return 0;
143  }
144  }
145  else
146  {
147  if (seq >= (tl - ESP_WINDOW_SIZE + 1))
148  {
149  sa->seq_hi = th - 1;
150  return (sa->replay_window & (1ULL << diff)) ? 1 : 0;
151  }
152  else
153  {
154  sa->seq_hi = th;
155  if (seq <= tl)
156  return (sa->replay_window & (1ULL << diff)) ? 1 : 0;
157  else
158  return 0;
159  }
160  }
161 
162  return 0;
163 }
164 
165 /* TODO seq increment should be atomic to be accessed by multiple workers */
166 always_inline void
168 {
169  u32 pos;
170 
171  if (seq > sa->last_seq)
172  {
173  pos = seq - sa->last_seq;
174  if (pos < ESP_WINDOW_SIZE)
175  sa->replay_window = ((sa->replay_window) << pos) | 1;
176  else
177  sa->replay_window = 1;
178  sa->last_seq = seq;
179  }
180  else
181  {
182  pos = sa->last_seq - seq;
183  sa->replay_window |= (1ULL << pos);
184  }
185 }
186 
187 always_inline void
189 {
190  int wrap = sa->seq_hi - sa->last_seq_hi;
191  u32 pos;
192 
193  if (wrap == 0 && seq > sa->last_seq)
194  {
195  pos = seq - sa->last_seq;
196  if (pos < ESP_WINDOW_SIZE)
197  sa->replay_window = ((sa->replay_window) << pos) | 1;
198  else
199  sa->replay_window = 1;
200  sa->last_seq = seq;
201  }
202  else if (wrap > 0)
203  {
204  pos = ~seq + sa->last_seq + 1;
205  if (pos < ESP_WINDOW_SIZE)
206  sa->replay_window = ((sa->replay_window) << pos) | 1;
207  else
208  sa->replay_window = 1;
209  sa->last_seq = seq;
210  sa->last_seq_hi = sa->seq_hi;
211  }
212  else if (wrap < 0)
213  {
214  pos = ~seq + sa->last_seq + 1;
215  sa->replay_window |= (1ULL << pos);
216  }
217  else
218  {
219  pos = sa->last_seq - seq;
220  sa->replay_window |= (1ULL << pos);
221  }
222 }
223 
224 always_inline int
226 {
227  if (PREDICT_TRUE (sa->use_esn))
228  {
229  if (PREDICT_FALSE (sa->seq == ESP_SEQ_MAX))
230  {
231  if (PREDICT_FALSE
232  (sa->use_anti_replay && sa->seq_hi == ESP_SEQ_MAX))
233  return 1;
234  sa->seq_hi++;
235  }
236  sa->seq++;
237  }
238  else
239  {
240  if (PREDICT_FALSE (sa->use_anti_replay && sa->seq == ESP_SEQ_MAX))
241  return 1;
242  sa->seq++;
243  }
244 
245  return 0;
246 }
247 
248 always_inline void
250 {
253 
254  memset (em, 0, sizeof (em[0]));
255 
257  em->ipsec_proto_main_crypto_algs[IPSEC_CRYPTO_ALG_AES_CBC_128].type =
258  EVP_aes_128_cbc ();
259  em->ipsec_proto_main_crypto_algs[IPSEC_CRYPTO_ALG_AES_CBC_192].type =
260  EVP_aes_192_cbc ();
261  em->ipsec_proto_main_crypto_algs[IPSEC_CRYPTO_ALG_AES_CBC_256].type =
262  EVP_aes_256_cbc ();
263  em->ipsec_proto_main_crypto_algs[IPSEC_CRYPTO_ALG_AES_CBC_128].iv_size = 16;
264  em->ipsec_proto_main_crypto_algs[IPSEC_CRYPTO_ALG_AES_CBC_192].iv_size = 16;
265  em->ipsec_proto_main_crypto_algs[IPSEC_CRYPTO_ALG_AES_CBC_256].iv_size = 16;
266  em->ipsec_proto_main_crypto_algs[IPSEC_CRYPTO_ALG_AES_CBC_128].block_size =
267  16;
268  em->ipsec_proto_main_crypto_algs[IPSEC_CRYPTO_ALG_AES_CBC_192].block_size =
269  16;
270  em->ipsec_proto_main_crypto_algs[IPSEC_CRYPTO_ALG_AES_CBC_256].block_size =
271  16;
272  em->ipsec_proto_main_crypto_algs[IPSEC_CRYPTO_ALG_DES_CBC].type =
273  EVP_des_cbc ();
274  em->ipsec_proto_main_crypto_algs[IPSEC_CRYPTO_ALG_3DES_CBC].type =
275  EVP_des_ede3_cbc ();
276  em->ipsec_proto_main_crypto_algs[IPSEC_CRYPTO_ALG_DES_CBC].block_size = 8;
277  em->ipsec_proto_main_crypto_algs[IPSEC_CRYPTO_ALG_3DES_CBC].block_size = 8;
278  em->ipsec_proto_main_crypto_algs[IPSEC_CRYPTO_ALG_DES_CBC].iv_size = 8;
279  em->ipsec_proto_main_crypto_algs[IPSEC_CRYPTO_ALG_3DES_CBC].iv_size = 8;
280 
283 
284  i = &em->ipsec_proto_main_integ_algs[IPSEC_INTEG_ALG_SHA1_96];
285  i->md = EVP_sha1 ();
286  i->trunc_size = 12;
287 
288  i = &em->ipsec_proto_main_integ_algs[IPSEC_INTEG_ALG_SHA_256_96];
289  i->md = EVP_sha256 ();
290  i->trunc_size = 12;
291 
292  i = &em->ipsec_proto_main_integ_algs[IPSEC_INTEG_ALG_SHA_256_128];
293  i->md = EVP_sha256 ();
294  i->trunc_size = 16;
295 
296  i = &em->ipsec_proto_main_integ_algs[IPSEC_INTEG_ALG_SHA_384_192];
297  i->md = EVP_sha384 ();
298  i->trunc_size = 24;
299 
300  i = &em->ipsec_proto_main_integ_algs[IPSEC_INTEG_ALG_SHA_512_256];
301  i->md = EVP_sha512 ();
302  i->trunc_size = 32;
303 
306  int thread_id;
307 
308  for (thread_id = 0; thread_id < tm->n_vlib_mains; thread_id++)
309  {
310 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
311  em->per_thread_data[thread_id].encrypt_ctx = EVP_CIPHER_CTX_new ();
312  em->per_thread_data[thread_id].decrypt_ctx = EVP_CIPHER_CTX_new ();
313  em->per_thread_data[thread_id].hmac_ctx = HMAC_CTX_new ();
314 #else
315  EVP_CIPHER_CTX_init (&(em->per_thread_data[thread_id].encrypt_ctx));
316  EVP_CIPHER_CTX_init (&(em->per_thread_data[thread_id].decrypt_ctx));
317  HMAC_CTX_init (&(em->per_thread_data[thread_id].hmac_ctx));
318 #endif
319  }
320 }
321 
322 always_inline unsigned int
324  u8 * key,
325  int key_len,
326  u8 * data, int data_len, u8 * signature, u8 use_esn, u32 seq_hi)
327 {
329  u32 thread_index = vlib_get_thread_index ();
330 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
331  HMAC_CTX *ctx = em->per_thread_data[thread_index].hmac_ctx;
332 #else
333  HMAC_CTX *ctx = &(em->per_thread_data[thread_index].hmac_ctx);
334 #endif
335  const EVP_MD *md = NULL;
336  unsigned int len;
337 
338  ASSERT (alg < IPSEC_INTEG_N_ALG);
339 
340  if (PREDICT_FALSE (em->ipsec_proto_main_integ_algs[alg].md == 0))
341  return 0;
342 
343  if (PREDICT_FALSE (alg != em->per_thread_data[thread_index].last_integ_alg))
344  {
345  md = em->ipsec_proto_main_integ_algs[alg].md;
346  em->per_thread_data[thread_index].last_integ_alg = alg;
347  }
348 
349  HMAC_Init_ex (ctx, key, key_len, md, NULL);
350 
351  HMAC_Update (ctx, data, data_len);
352 
353  if (PREDICT_TRUE (use_esn))
354  HMAC_Update (ctx, (u8 *) & seq_hi, sizeof (seq_hi));
355  HMAC_Final (ctx, signature, &len);
356 
357  return em->ipsec_proto_main_integ_algs[alg].trunc_size;
358 }
359 
360 #endif /* __ESP_H__ */
361 
362 /*
363  * fd.io coding-style-patch-verification: ON
364  *
365  * Local Variables:
366  * eval: (c-set-style "gnu")
367  * End:
368  */
#define vec_validate(V, I)
Make sure vector is long enough for given index (no header, unspecified alignment) ...
Definition: vec.h:434
#define CLIB_CACHE_LINE_ALIGN_MARK(mark)
Definition: cache.h:60
ipsec_proto_main_integ_alg_t * ipsec_proto_main_integ_algs
Definition: esp.h:93
#define PREDICT_TRUE(x)
Definition: clib.h:106
static void esp_replay_advance(ipsec_sa_t *sa, u32 seq)
Definition: esp.h:167
#define NULL
Definition: clib.h:55
ipsec_crypto_alg_t last_decrypt_alg
Definition: esp.h:86
static unsigned int hmac_calc(ipsec_integ_alg_t alg, u8 *key, int key_len, u8 *data, int data_len, u8 *signature, u8 use_esn, u32 seq_hi)
Definition: esp.h:323
int i
const EVP_CIPHER * type
Definition: esp.h:54
#define vec_validate_aligned(V, I, A)
Make sure vector is long enough for given index (no header, specified alignment)
Definition: vec.h:445
ipsec_proto_main_crypto_alg_t * ipsec_proto_main_crypto_algs
Definition: esp.h:92
u32 seq_hi
Definition: ipsec.h:137
static int esp_seq_advance(ipsec_sa_t *sa)
Definition: esp.h:225
u64 replay_window
Definition: ipsec.h:140
static void esp_replay_advance_esn(ipsec_sa_t *sa, u32 seq)
Definition: esp.h:188
#define always_inline
Definition: clib.h:92
u8 use_esn
Definition: ipsec.h:125
u32 last_seq
Definition: ipsec.h:138
ipsec_proto_main_per_thread_data_t * per_thread_data
Definition: esp.h:94
ipsec_integ_alg_t
Definition: ipsec.h:97
static int esp_replay_check_esn(ipsec_sa_t *sa, u32 seq)
Definition: esp.h:123
u32 last_seq_hi
Definition: ipsec.h:139
#define PREDICT_FALSE(x)
Definition: clib.h:105
ipsec_crypto_alg_t last_encrypt_alg
Definition: esp.h:85
static_always_inline uword vlib_get_thread_index(void)
Definition: threads.h:221
EVP_CIPHER_CTX decrypt_ctx
Definition: esp.h:77
u8 * format_esp_header(u8 *s, va_list *args)
Definition: esp_format.c:23
#define ASSERT(truth)
static int esp_replay_check(ipsec_sa_t *sa, u32 seq)
Definition: esp.h:105
unsigned int u32
Definition: types.h:88
long ctx[MAX_CONNS]
Definition: main.c:126
ipsec_crypto_alg_t
Definition: ipsec.h:80
u32 seq
Definition: esp.h:28
EVP_CIPHER_CTX encrypt_ctx
Definition: esp.h:71
#define ESP_SEQ_MAX
Definition: esp.h:100
u32 spi
Definition: esp.h:27
u32 seq
Definition: ipsec.h:136
unsigned char u8
Definition: types.h:56
static void ipsec_proto_init()
Definition: esp.h:249
ipsec_integ_alg_t last_integ_alg
Definition: esp.h:87
static vlib_thread_main_t * vlib_get_thread_main()
Definition: global_funcs.h:32
const EVP_MD * md
Definition: esp.h:61
ipsec_proto_main_t ipsec_proto_main
Definition: esp_encrypt.c:25
#define ESP_WINDOW_SIZE
Definition: esp.h:99
#define CLIB_CACHE_LINE_BYTES
Definition: cache.h:59
typedef CLIB_PACKED(struct{ip4_header_t ip4;esp_header_t esp;}) ip4_and_esp_header_t
u8 use_anti_replay
Definition: ipsec.h:126