FD.io VPP  v19.01.3-6-g70449b9b9
Vector Packet Processing
esp.h
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2015 Cisco and/or its affiliates.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at:
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 #ifndef __ESP_H__
16 #define __ESP_H__
17 
18 #include <vnet/ip/ip.h>
19 #include <vnet/ipsec/ipsec.h>
20 
21 typedef struct
22 {
23  u32 spi;
24  u32 seq;
25  u8 data[0];
26 } esp_header_t;
27 
28 typedef struct
29 {
30  u8 pad_length;
31  u8 next_header;
32 } esp_footer_t;
33 
34 /* *INDENT-OFF* */
35 typedef CLIB_PACKED (struct {
36  ip4_header_t ip4;
37  esp_header_t esp;
38 }) ip4_and_esp_header_t;
39 /* *INDENT-ON* */
40 
41 /* *INDENT-OFF* */
42 typedef CLIB_PACKED (struct {
43  ip4_header_t ip4;
44  udp_header_t udp;
45  esp_header_t esp;
46 }) ip4_and_udp_and_esp_header_t;
47 /* *INDENT-ON* */
48 
49 /* *INDENT-OFF* */
50 typedef CLIB_PACKED (struct {
51  ip6_header_t ip6;
52  esp_header_t esp;
53 }) ip6_and_esp_header_t;
54 /* *INDENT-ON* */
55 
56 #define ESP_WINDOW_SIZE (64)
57 #define ESP_SEQ_MAX (4294967295UL)
58 
59 u8 *format_esp_header (u8 * s, va_list * args);
60 
61 always_inline int
62 esp_replay_check (ipsec_sa_t * sa, u32 seq)
63 {
64  u32 diff;
65 
66  if (PREDICT_TRUE (seq > sa->last_seq))
67  return 0;
68 
69  diff = sa->last_seq - seq;
70 
71  if (ESP_WINDOW_SIZE > diff)
72  return (sa->replay_window & (1ULL << diff)) ? 1 : 0;
73  else
74  return 1;
75 
76  return 0;
77 }
78 
79 always_inline int
80 esp_replay_check_esn (ipsec_sa_t * sa, u32 seq)
81 {
82  u32 tl = sa->last_seq;
83  u32 th = sa->last_seq_hi;
84  u32 diff = tl - seq;
85 
86  if (PREDICT_TRUE (tl >= (ESP_WINDOW_SIZE - 1)))
87  {
88  if (seq >= (tl - ESP_WINDOW_SIZE + 1))
89  {
90  sa->seq_hi = th;
91  if (seq <= tl)
92  return (sa->replay_window & (1ULL << diff)) ? 1 : 0;
93  else
94  return 0;
95  }
96  else
97  {
98  sa->seq_hi = th + 1;
99  return 0;
100  }
101  }
102  else
103  {
104  if (seq >= (tl - ESP_WINDOW_SIZE + 1))
105  {
106  sa->seq_hi = th - 1;
107  return (sa->replay_window & (1ULL << diff)) ? 1 : 0;
108  }
109  else
110  {
111  sa->seq_hi = th;
112  if (seq <= tl)
113  return (sa->replay_window & (1ULL << diff)) ? 1 : 0;
114  else
115  return 0;
116  }
117  }
118 
119  return 0;
120 }
121 
122 /* TODO seq increment should be atomic to be accessed by multiple workers */
123 always_inline void
124 esp_replay_advance (ipsec_sa_t * sa, u32 seq)
125 {
126  u32 pos;
127 
128  if (seq > sa->last_seq)
129  {
130  pos = seq - sa->last_seq;
131  if (pos < ESP_WINDOW_SIZE)
132  sa->replay_window = ((sa->replay_window) << pos) | 1;
133  else
134  sa->replay_window = 1;
135  sa->last_seq = seq;
136  }
137  else
138  {
139  pos = sa->last_seq - seq;
140  sa->replay_window |= (1ULL << pos);
141  }
142 }
143 
144 always_inline void
145 esp_replay_advance_esn (ipsec_sa_t * sa, u32 seq)
146 {
147  int wrap = sa->seq_hi - sa->last_seq_hi;
148  u32 pos;
149 
150  if (wrap == 0 && seq > sa->last_seq)
151  {
152  pos = seq - sa->last_seq;
153  if (pos < ESP_WINDOW_SIZE)
154  sa->replay_window = ((sa->replay_window) << pos) | 1;
155  else
156  sa->replay_window = 1;
157  sa->last_seq = seq;
158  }
159  else if (wrap > 0)
160  {
161  pos = ~seq + sa->last_seq + 1;
162  if (pos < ESP_WINDOW_SIZE)
163  sa->replay_window = ((sa->replay_window) << pos) | 1;
164  else
165  sa->replay_window = 1;
166  sa->last_seq = seq;
167  sa->last_seq_hi = sa->seq_hi;
168  }
169  else if (wrap < 0)
170  {
171  pos = ~seq + sa->last_seq + 1;
172  sa->replay_window |= (1ULL << pos);
173  }
174  else
175  {
176  pos = sa->last_seq - seq;
177  sa->replay_window |= (1ULL << pos);
178  }
179 }
180 
181 always_inline int
182 esp_seq_advance (ipsec_sa_t * sa)
183 {
184  if (PREDICT_TRUE (sa->use_esn))
185  {
186  if (PREDICT_FALSE (sa->seq == ESP_SEQ_MAX))
187  {
188  if (PREDICT_FALSE
189  (sa->use_anti_replay && sa->seq_hi == ESP_SEQ_MAX))
190  return 1;
191  sa->seq_hi++;
192  }
193  sa->seq++;
194  }
195  else
196  {
197  if (PREDICT_FALSE (sa->use_anti_replay && sa->seq == ESP_SEQ_MAX))
198  return 1;
199  sa->seq++;
200  }
201 
202  return 0;
203 }
204 
205 always_inline void
206 ipsec_proto_init ()
207 {
208  ipsec_proto_main_t *em = &ipsec_proto_main;
209  vlib_thread_main_t *tm = vlib_get_thread_main ();
210 
211  clib_memset (em, 0, sizeof (em[0]));
212 
213  vec_validate (em->ipsec_proto_main_crypto_algs, IPSEC_CRYPTO_N_ALG - 1);
214  em->ipsec_proto_main_crypto_algs[IPSEC_CRYPTO_ALG_AES_CBC_128].type =
215  EVP_aes_128_cbc ();
216  em->ipsec_proto_main_crypto_algs[IPSEC_CRYPTO_ALG_AES_CBC_192].type =
217  EVP_aes_192_cbc ();
218  em->ipsec_proto_main_crypto_algs[IPSEC_CRYPTO_ALG_AES_CBC_256].type =
219  EVP_aes_256_cbc ();
220  em->ipsec_proto_main_crypto_algs[IPSEC_CRYPTO_ALG_AES_CBC_128].iv_size = 16;
221  em->ipsec_proto_main_crypto_algs[IPSEC_CRYPTO_ALG_AES_CBC_192].iv_size = 16;
222  em->ipsec_proto_main_crypto_algs[IPSEC_CRYPTO_ALG_AES_CBC_256].iv_size = 16;
223  em->ipsec_proto_main_crypto_algs[IPSEC_CRYPTO_ALG_AES_CBC_128].block_size =
224  16;
225  em->ipsec_proto_main_crypto_algs[IPSEC_CRYPTO_ALG_AES_CBC_192].block_size =
226  16;
227  em->ipsec_proto_main_crypto_algs[IPSEC_CRYPTO_ALG_AES_CBC_256].block_size =
228  16;
229  em->ipsec_proto_main_crypto_algs[IPSEC_CRYPTO_ALG_DES_CBC].type =
230  EVP_des_cbc ();
231  em->ipsec_proto_main_crypto_algs[IPSEC_CRYPTO_ALG_3DES_CBC].type =
232  EVP_des_ede3_cbc ();
233  em->ipsec_proto_main_crypto_algs[IPSEC_CRYPTO_ALG_DES_CBC].block_size = 8;
234  em->ipsec_proto_main_crypto_algs[IPSEC_CRYPTO_ALG_3DES_CBC].block_size = 8;
235  em->ipsec_proto_main_crypto_algs[IPSEC_CRYPTO_ALG_DES_CBC].iv_size = 8;
236  em->ipsec_proto_main_crypto_algs[IPSEC_CRYPTO_ALG_3DES_CBC].iv_size = 8;
237 
238  vec_validate (em->ipsec_proto_main_integ_algs, IPSEC_INTEG_N_ALG - 1);
239  ipsec_proto_main_integ_alg_t *i;
240 
241  i = &em->ipsec_proto_main_integ_algs[IPSEC_INTEG_ALG_SHA1_96];
242  i->md = EVP_sha1 ();
243  i->trunc_size = 12;
244 
245  i = &em->ipsec_proto_main_integ_algs[IPSEC_INTEG_ALG_SHA_256_96];
246  i->md = EVP_sha256 ();
247  i->trunc_size = 12;
248 
249  i = &em->ipsec_proto_main_integ_algs[IPSEC_INTEG_ALG_SHA_256_128];
250  i->md = EVP_sha256 ();
251  i->trunc_size = 16;
252 
253  i = &em->ipsec_proto_main_integ_algs[IPSEC_INTEG_ALG_SHA_384_192];
254  i->md = EVP_sha384 ();
255  i->trunc_size = 24;
256 
257  i = &em->ipsec_proto_main_integ_algs[IPSEC_INTEG_ALG_SHA_512_256];
258  i->md = EVP_sha512 ();
259  i->trunc_size = 32;
260 
261  vec_validate_aligned (em->per_thread_data, tm->n_vlib_mains - 1,
262  CLIB_CACHE_LINE_BYTES);
263  int thread_id;
264 
265  for (thread_id = 0; thread_id < tm->n_vlib_mains; thread_id++)
266  {
267 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
268  em->per_thread_data[thread_id].encrypt_ctx = EVP_CIPHER_CTX_new ();
269  em->per_thread_data[thread_id].decrypt_ctx = EVP_CIPHER_CTX_new ();
270  em->per_thread_data[thread_id].hmac_ctx = HMAC_CTX_new ();
271 #else
272  EVP_CIPHER_CTX_init (&(em->per_thread_data[thread_id].encrypt_ctx));
273  EVP_CIPHER_CTX_init (&(em->per_thread_data[thread_id].decrypt_ctx));
274  HMAC_CTX_init (&(em->per_thread_data[thread_id].hmac_ctx));
275 #endif
276  }
277 }
278 
279 always_inline unsigned int
280 hmac_calc (ipsec_integ_alg_t alg,
281  u8 * key,
282  int key_len,
283  u8 * data, int data_len, u8 * signature, u8 use_esn, u32 seq_hi)
284 {
285  ipsec_proto_main_t *em = &ipsec_proto_main;
286  u32 thread_index = vlib_get_thread_index ();
287 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
288  HMAC_CTX *ctx = em->per_thread_data[thread_index].hmac_ctx;
289 #else
290  HMAC_CTX *ctx = &(em->per_thread_data[thread_index].hmac_ctx);
291 #endif
292  const EVP_MD *md = NULL;
293  unsigned int len;
294 
295  ASSERT (alg < IPSEC_INTEG_N_ALG);
296 
297  if (PREDICT_FALSE (em->ipsec_proto_main_integ_algs[alg].md == 0))
298  return 0;
299 
300  if (PREDICT_FALSE (alg != em->per_thread_data[thread_index].last_integ_alg))
301  {
302  md = em->ipsec_proto_main_integ_algs[alg].md;
303  em->per_thread_data[thread_index].last_integ_alg = alg;
304  }
305 
306  HMAC_Init_ex (ctx, key, key_len, md, NULL);
307 
308  HMAC_Update (ctx, data, data_len);
309 
310  if (PREDICT_TRUE (use_esn))
311  HMAC_Update (ctx, (u8 *) & seq_hi, sizeof (seq_hi));
312  HMAC_Final (ctx, signature, &len);
313 
314  return em->ipsec_proto_main_integ_algs[alg].trunc_size;
315 }
316 
317 #endif /* __ESP_H__ */
318 
319 /*
320  * fd.io coding-style-patch-verification: ON
321  *
322  * Local Variables:
323  * eval: (c-set-style "gnu")
324  * End:
325  */
esp_footer_t::next_header
u8 next_header
Definition: esp.h:31
vec_validate
#define vec_validate(V, I)
Make sure vector is long enough for given index (no header, unspecified alignment) ...
Definition: vec.h:439
ipsec_proto_main_per_thread_data_t::encrypt_ctx
EVP_CIPHER_CTX * encrypt_ctx
Definition: ipsec.h:319
ipsec_proto_main_t::ipsec_proto_main_integ_algs
ipsec_proto_main_integ_alg_t * ipsec_proto_main_integ_algs
Definition: ipsec.h:343
PREDICT_TRUE
#define PREDICT_TRUE(x)
Definition: clib.h:112
esp_replay_advance
static void esp_replay_advance(ipsec_sa_t *sa, u32 seq)
Definition: esp.h:124
NULL
#define NULL
Definition: clib.h:58
clib_memset
clib_memset(h->entries, 0, sizeof(h->entries[0]) *entries)
hmac_calc
static unsigned int hmac_calc(ipsec_integ_alg_t alg, u8 *key, int key_len, u8 *data, int data_len, u8 *signature, u8 use_esn, u32 seq_hi)
Definition: esp.h:280
ipsec_proto_main_integ_alg_t::trunc_size
u8 trunc_size
Definition: ipsec.h:312
vlib_thread_main_t
Definition: threads.h:280
i
int i
Definition: flowhash_template.h:376
ipsec_proto_main_crypto_alg_t::type
const EVP_CIPHER * type
Definition: ipsec.h:304
vec_validate_aligned
#define vec_validate_aligned(V, I, A)
Make sure vector is long enough for given index (no header, specified alignment)
Definition: vec.h:450
udp_header_t
Definition: udp_packet.h:43
ipsec_proto_main_t::ipsec_proto_main_crypto_algs
ipsec_proto_main_crypto_alg_t * ipsec_proto_main_crypto_algs
Definition: ipsec.h:342
u8
unsigned char u8
Definition: types.h:56
ipsec_proto_main
ipsec_proto_main_t ipsec_proto_main
Definition: esp_encrypt.c:26
ipsec_sa_t::seq_hi
u32 seq_hi
Definition: ipsec.h:147
esp_seq_advance
static int esp_seq_advance(ipsec_sa_t *sa)
Definition: esp.h:182
ipsec_sa_t::replay_window
u64 replay_window
Definition: ipsec.h:150
esp_replay_advance_esn
static void esp_replay_advance_esn(ipsec_sa_t *sa, u32 seq)
Definition: esp.h:145
always_inline
#define always_inline
Definition: clib.h:98
ipsec_proto_main_integ_alg_t
Definition: ipsec.h:309
ipsec_sa_t::use_esn
u8 use_esn
Definition: ipsec.h:133
u32
unsigned int u32
Definition: types.h:88
ipsec_proto_main_per_thread_data_t::hmac_ctx
HMAC_CTX * hmac_ctx
Definition: ipsec.h:331
ipsec_sa_t::last_seq
u32 last_seq
Definition: ipsec.h:148
ipsec_proto_main_t::per_thread_data
ipsec_proto_main_per_thread_data_t * per_thread_data
Definition: ipsec.h:344
ipsec_integ_alg_t
ipsec_integ_alg_t
Definition: ipsec.h:105
esp_replay_check_esn
static int esp_replay_check_esn(ipsec_sa_t *sa, u32 seq)
Definition: esp.h:80
ctx
long ctx[MAX_CONNS]
Definition: main.c:144
CLIB_PACKED
typedef CLIB_PACKED(struct { ip4_header_t ip4;esp_header_t esp;}) ip4_and_esp_header_t
ipsec_sa_t::last_seq_hi
u32 last_seq_hi
Definition: ipsec.h:149
esp_header_t
Definition: esp.h:21
PREDICT_FALSE
#define PREDICT_FALSE(x)
Definition: clib.h:111
ipsec_sa_t
Definition: ipsec.h:119
ipsec_proto_main_crypto_alg_t::iv_size
u8 iv_size
Definition: ipsec.h:305
len
u8 len
Definition: ip_types.api:49
vlib_get_thread_index
static_always_inline uword vlib_get_thread_index(void)
Definition: threads.h:212
ipsec_proto_main_per_thread_data_t::decrypt_ctx
EVP_CIPHER_CTX * decrypt_ctx
Definition: ipsec.h:325
format_esp_header
u8 * format_esp_header(u8 *s, va_list *args)
Definition: esp_format.c:23
ASSERT
#define ASSERT(truth)
Definition: error_bootstrap.h:69
esp_replay_check
static int esp_replay_check(ipsec_sa_t *sa, u32 seq)
Definition: esp.h:62
vlib_thread_main_t::n_vlib_mains
u32 n_vlib_mains
Definition: threads.h:299
ip6_header_t
Definition: ip6_packet.h:362
esp_header_t::seq
u32 seq
Definition: esp.h:24
ESP_SEQ_MAX
#define ESP_SEQ_MAX
Definition: esp.h:57
esp_header_t::spi
u32 spi
Definition: esp.h:23
esp_footer_t
Definition: esp.h:28
ipsec_sa_t::seq
u32 seq
Definition: ipsec.h:146
ipsec_proto_main_t
Definition: ipsec.h:340
ipsec_proto_init
static void ipsec_proto_init()
Definition: esp.h:206
ipsec_proto_main_per_thread_data_t::last_integ_alg
ipsec_integ_alg_t last_integ_alg
Definition: ipsec.h:337
esp_footer_t::pad_length
u8 pad_length
Definition: esp.h:30
vlib_get_thread_main
static vlib_thread_main_t * vlib_get_thread_main()
Definition: global_funcs.h:32
ipsec_proto_main_integ_alg_t::md
const EVP_MD * md
Definition: ipsec.h:311
ESP_WINDOW_SIZE
#define ESP_WINDOW_SIZE
Definition: esp.h:56
CLIB_CACHE_LINE_BYTES
#define CLIB_CACHE_LINE_BYTES
Definition: cache.h:59
ip4_header_t
Definition: ip4_packet.h:132
ipsec_sa_t::use_anti_replay
u8 use_anti_replay
Definition: ipsec.h:134
ipsec_proto_main_crypto_alg_t::block_size
u8 block_size
Definition: ipsec.h:306