FD.io VPP  v19.04.4-rc0-5-ge88582fac
Vector Packet Processing
ikev2_crypto.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2015 Cisco and/or its affiliates.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at:
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include <vlib/vlib.h>
17 #include <vnet/vnet.h>
18 #include <vnet/pg/pg.h>
19 #include <vppinfra/error.h>
20 #include <vnet/udp/udp.h>
21 #include <plugins/ikev2/ikev2.h>
22 #include <plugins/ikev2/ikev2_priv.h>
23 #include <openssl/obj_mac.h>
24 #include <openssl/ec.h>
25 #include <openssl/x509.h>
26 #include <openssl/pem.h>
27 #include <openssl/bn.h>
28 #include <openssl/dh.h>
29 
30 /* from RFC7296 */
31 static const char modp_dh_768_prime[] =
32  "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
33  "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
34  "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
35  "E485B576625E7EC6F44C42E9A63A3620FFFFFFFFFFFFFFFF";
36 static const char modp_dh_768_generator[] = "02";
37 
38 static const char modp_dh_1024_prime[] =
39  "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
40  "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
41  "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
42  "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
43  "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381" "FFFFFFFFFFFFFFFF";
44 static const char modp_dh_1024_generator[] = "02";
45 
46 /* from RFC3526 */
47 static const char modp_dh_1536_prime[] =
48  "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
49  "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
50  "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
51  "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
52  "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
53  "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
54  "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
55  "670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF";
56 static const char modp_dh_1536_generator[] = "02";
57 
58 static const char modp_dh_2048_prime[] =
59  "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
60  "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
61  "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
62  "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
63  "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
64  "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
65  "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
66  "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
67  "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
68  "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
69  "15728E5A8AACAA68FFFFFFFFFFFFFFFF";
70 static const char modp_dh_2048_generator[] = "02";
71 
72 static const char modp_dh_3072_prime[] =
73  "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
74  "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
75  "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
76  "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
77  "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
78  "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
79  "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
80  "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
81  "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
82  "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
83  "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
84  "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
85  "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
86  "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
87  "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
88  "43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF";
89 static const char modp_dh_3072_generator[] = "02";
90 
91 static const char modp_dh_4096_prime[] =
92  "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
93  "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
94  "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
95  "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
96  "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
97  "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
98  "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
99  "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
100  "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
101  "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
102  "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
103  "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
104  "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
105  "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
106  "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
107  "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7"
108  "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA"
109  "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6"
110  "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED"
111  "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9"
112  "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199" "FFFFFFFFFFFFFFFF";
113 static const char modp_dh_4096_generator[] = "02";
114 
115 static const char modp_dh_6144_prime[] =
116  "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E08"
117  "8A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B"
118  "302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9"
119  "A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE6"
120  "49286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8"
121  "FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D"
122  "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C"
123  "180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF695581718"
124  "3995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D"
125  "04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7D"
126  "B3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D226"
127  "1AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
128  "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFC"
129  "E0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B26"
130  "99C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB"
131  "04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2"
132  "233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127"
133  "D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492"
134  "36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406"
135  "AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918"
136  "DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B33205151"
137  "2BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03"
138  "F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97F"
139  "BEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA"
140  "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58B"
141  "B7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632"
142  "387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E"
143  "6DCC4024FFFFFFFFFFFFFFFF";
144 static const char modp_dh_6144_generator[] = "02";
145 
146 static const char modp_dh_8192_prime[] =
147  "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
148  "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
149  "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
150  "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
151  "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
152  "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
153  "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
154  "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
155  "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
156  "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
157  "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
158  "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
159  "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
160  "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
161  "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
162  "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7"
163  "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA"
164  "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6"
165  "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED"
166  "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9"
167  "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492"
168  "36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BD"
169  "F8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831"
170  "179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1B"
171  "DB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF"
172  "5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6"
173  "D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F3"
174  "23A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA"
175  "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE328"
176  "06A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55C"
177  "DA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE"
178  "12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E4"
179  "38777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300"
180  "741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F568"
181  "3423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD9"
182  "22222E04A4037C0713EB57A81A23F0C73473FC646CEA306B"
183  "4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A"
184  "062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A36"
185  "4597E899A0255DC164F31CC50846851DF9AB48195DED7EA1"
186  "B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F92"
187  "4009438B481C6CD7889A002ED5EE382BC9190DA6FC026E47"
188  "9558E4475677E9AA9E3050E2765694DFC81F56E880B96E71"
189  "60C980DD98EDD3DFFFFFFFFFFFFFFFFF";
190 static const char modp_dh_8192_generator[] = "02";
191 
192 /* from RFC5114 */
193 static const char modp_dh_1024_160_prime[] =
194  "B10B8F96A080E01DDE92DE5EAE5D54EC52C99FBCFB06A3C6"
195  "9A6A9DCA52D23B616073E28675A23D189838EF1E2EE652C0"
196  "13ECB4AEA906112324975C3CD49B83BFACCBDD7D90C4BD70"
197  "98488E9C219A73724EFFD6FAE5644738FAA31A4FF55BCCC0"
198  "A151AF5F0DC8B4BD45BF37DF365C1A65E68CFDA76D4DA708" "DF1FB2BC2E4A4371";
199 static const char modp_dh_1024_160_generator[] =
200  "A4D1CBD5C3FD34126765A442EFB99905F8104DD258AC507F"
201  "D6406CFF14266D31266FEA1E5C41564B777E690F5504F213"
202  "160217B4B01B886A5E91547F9E2749F4D7FBD7D3B9A92EE1"
203  "909D0D2263F80A76A6A24C087A091F531DBF0A0169B6A28A"
204  "D662A4D18E73AFA32D779D5918D08BC8858F4DCEF97C2A24" "855E6EEB22B3B2E5";
205 
206 static const char modp_dh_2048_224_prime[] =
207  "AD107E1E9123A9D0D660FAA79559C51FA20D64E5683B9FD1"
208  "B54B1597B61D0A75E6FA141DF95A56DBAF9A3C407BA1DF15"
209  "EB3D688A309C180E1DE6B85A1274A0A66D3F8152AD6AC212"
210  "9037C9EDEFDA4DF8D91E8FEF55B7394B7AD5B7D0B6C12207"
211  "C9F98D11ED34DBF6C6BA0B2C8BBC27BE6A00E0A0B9C49708"
212  "B3BF8A317091883681286130BC8985DB1602E714415D9330"
213  "278273C7DE31EFDC7310F7121FD5A07415987D9ADC0A486D"
214  "CDF93ACC44328387315D75E198C641A480CD86A1B9E587E8"
215  "BE60E69CC928B2B9C52172E413042E9B23F10B0E16E79763"
216  "C9B53DCF4BA80A29E3FB73C16B8E75B97EF363E2FFA31F71"
217  "CF9DE5384E71B81C0AC4DFFE0C10E64F";
218 static const char modp_dh_2048_224_generator[] =
219  "AC4032EF4F2D9AE39DF30B5C8FFDAC506CDEBE7B89998CAF"
220  "74866A08CFE4FFE3A6824A4E10B9A6F0DD921F01A70C4AFA"
221  "AB739D7700C29F52C57DB17C620A8652BE5E9001A8D66AD7"
222  "C17669101999024AF4D027275AC1348BB8A762D0521BC98A"
223  "E247150422EA1ED409939D54DA7460CDB5F6C6B250717CBE"
224  "F180EB34118E98D119529A45D6F834566E3025E316A330EF"
225  "BB77A86F0C1AB15B051AE3D428C8F8ACB70A8137150B8EEB"
226  "10E183EDD19963DDD9E263E4770589EF6AA21E7F5F2FF381"
227  "B539CCE3409D13CD566AFBB48D6C019181E1BCFE94B30269"
228  "EDFE72FE9B6AA4BD7B5A0F1C71CFFF4C19C418E1F6EC0179"
229  "81BC087F2A7065B384B890D3191F2BFA";
230 
231 static const char modp_dh_2048_256_prime[] =
232  "87A8E61DB4B6663CFFBBD19C651959998CEEF608660DD0F2"
233  "5D2CEED4435E3B00E00DF8F1D61957D4FAF7DF4561B2AA30"
234  "16C3D91134096FAA3BF4296D830E9A7C209E0C6497517ABD"
235  "5A8A9D306BCF67ED91F9E6725B4758C022E0B1EF4275BF7B"
236  "6C5BFC11D45F9088B941F54EB1E59BB8BC39A0BF12307F5C"
237  "4FDB70C581B23F76B63ACAE1CAA6B7902D52526735488A0E"
238  "F13C6D9A51BFA4AB3AD8347796524D8EF6A167B5A41825D9"
239  "67E144E5140564251CCACB83E6B486F6B3CA3F7971506026"
240  "C0B857F689962856DED4010ABD0BE621C3A3960A54E710C3"
241  "75F26375D7014103A4B54330C198AF126116D2276E11715F"
242  "693877FAD7EF09CADB094AE91E1A1597";
243 static const char modp_dh_2048_256_generator[] =
244  "3FB32C9B73134D0B2E77506660EDBD484CA7B18F21EF2054"
245  "07F4793A1A0BA12510DBC15077BE463FFF4FED4AAC0BB555"
246  "BE3A6C1B0C6B47B1BC3773BF7E8C6F62901228F8C28CBB18"
247  "A55AE31341000A650196F931C77A57F2DDF463E5E9EC144B"
248  "777DE62AAAB8A8628AC376D282D6ED3864E67982428EBC83"
249  "1D14348F6F2F9193B5045AF2767164E1DFC967C1FB3F2E55"
250  "A4BD1BFFE83B9C80D052B985D182EA0ADB2A3B7313D3FE14"
251  "C8484B1E052588B9B7D2BBD2DF016199ECD06E1557CD0915"
252  "B3353BBB64E0EC377FD028370DF92B52C7891428CDC67EB6"
253  "184B523D1DB246C32F63078490F00EF8D647D148D4795451"
254  "5E2327CFEF98C582664B4C0F6CC41659";
255 
256 v8 *
257 ikev2_calc_prf (ikev2_sa_transform_t * tr, v8 * key, v8 * data)
258 {
259 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
260  HMAC_CTX *ctx;
261 #else
262  HMAC_CTX ctx;
263 #endif
264  v8 *prf;
265  unsigned int len = 0;
266 
267  prf = vec_new (u8, tr->key_trunc);
268 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
269  ctx = HMAC_CTX_new ();
270  HMAC_Init_ex (ctx, key, vec_len (key), tr->md, NULL);
271  HMAC_Update (ctx, data, vec_len (data));
272  HMAC_Final (ctx, prf, &len);
273 #else
274  HMAC_CTX_init (&ctx);
275  HMAC_Init_ex (&ctx, key, vec_len (key), tr->md, NULL);
276  HMAC_Update (&ctx, data, vec_len (data));
277  HMAC_Final (&ctx, prf, &len);
278  HMAC_CTX_cleanup (&ctx);
279 #endif
280  ASSERT (len == tr->key_trunc);
281 
282  return prf;
283 }
284 
285 u8 *
286 ikev2_calc_prfplus (ikev2_sa_transform_t * tr, u8 * key, u8 * seed, int len)
287 {
288  v8 *t = 0, *s = 0, *tmp = 0, *ret = 0;
289  u8 x = 0;
290 
291  /* prf+ (K,S) = T1 | T2 | T3 | T4 | ...
292 
293  where:
294  T1 = prf (K, S | 0x01)
295  T2 = prf (K, T1 | S | 0x02)
296  T3 = prf (K, T2 | S | 0x03)
297  T4 = prf (K, T3 | S | 0x04)
298  */
299 
300  while (vec_len (ret) < len && x < 255)
301  {
302  if (t)
303  {
304  vec_append (s, t);
305  vec_free (t);
306  }
307 
308  vec_append (s, seed);
309  vec_add2 (s, tmp, 1);
310  *tmp = x + 1;
311  t = ikev2_calc_prf (tr, key, s);
312  vec_append (ret, t);
313  vec_free (s);
314  x++;
315  }
316 
317  vec_free (t);
318 
319  if (x == 255)
320  {
321  vec_free (ret);
322  }
323 
324  return ret;
325 }
326 
327 v8 *
328 ikev2_calc_integr (ikev2_sa_transform_t * tr, v8 * key, u8 * data, int len)
329 {
330  v8 *r;
331 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
332  HMAC_CTX *hctx;
333 #else
334  HMAC_CTX hctx;
335 #endif
336  unsigned int l;
337 
338  ASSERT (tr->type == IKEV2_TRANSFORM_TYPE_INTEG);
339 
340  r = vec_new (u8, tr->key_len);
341 
342  if (tr->md == EVP_sha1 ())
343  {
344  clib_warning ("integrity checking with sha1");
345  }
346  else if (tr->md == EVP_sha256 ())
347  {
348  clib_warning ("integrity checking with sha256");
349  }
350 
351  /* verify integrity of data */
352 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
353  hctx = HMAC_CTX_new ();
354  HMAC_Init_ex (hctx, key, vec_len (key), tr->md, NULL);
355  HMAC_Update (hctx, (const u8 *) data, len);
356  HMAC_Final (hctx, r, &l);
357 #else
358  HMAC_CTX_init (&hctx);
359  HMAC_Init_ex (&hctx, key, vec_len (key), tr->md, NULL);
360  HMAC_Update (&hctx, (const u8 *) data, len);
361  HMAC_Final (&hctx, r, &l);
362  HMAC_CTX_cleanup (&hctx);
363 #endif
364 
365  ASSERT (l == tr->key_len);
366 
367  return r;
368 }
369 
370 v8 *
371 ikev2_decrypt_data (ikev2_sa_t * sa, u8 * data, int len)
372 {
373 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
374  EVP_CIPHER_CTX *ctx;
375 #else
376  EVP_CIPHER_CTX ctx;
377 #endif
378  v8 *r;
379  int out_len = 0, block_size;
380  ikev2_sa_transform_t *tr_encr;
381  u8 *key = sa->is_initiator ? sa->sk_er : sa->sk_ei;
382 
383  tr_encr =
384  ikev2_sa_get_td_for_type (sa->r_proposals, IKEV2_TRANSFORM_TYPE_ENCR);
385  block_size = tr_encr->block_size;
386 
387  /* check if data is multiplier of cipher block size */
388  if (len % block_size)
389  {
390  clib_warning ("wrong data length");
391  return 0;
392  }
393 
394 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
395  ctx = EVP_CIPHER_CTX_new ();
396 #else
397  EVP_CIPHER_CTX_init (&ctx);
398 #endif
399 
400  r = vec_new (u8, len - block_size);
401 
402 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
403  EVP_DecryptInit_ex (ctx, tr_encr->cipher, NULL, key, data);
404  EVP_DecryptUpdate (ctx, r, &out_len, data + block_size, len - block_size);
405  EVP_DecryptFinal_ex (ctx, r + out_len, &out_len);
406 #else
407  EVP_DecryptInit_ex (&ctx, tr_encr->cipher, NULL, key, data);
408  EVP_DecryptUpdate (&ctx, r, &out_len, data + block_size, len - block_size);
409  EVP_DecryptFinal_ex (&ctx, r + out_len, &out_len);
410 #endif
411  /* remove padding */
412  _vec_len (r) -= r[vec_len (r) - 1] + 1;
413 
414 #if OPENSSL_VERSION_NUMBER < 0x10100000L
415  EVP_CIPHER_CTX_cleanup (&ctx);
416 #endif
417  return r;
418 }
419 
420 int
421 ikev2_encrypt_data (ikev2_sa_t * sa, v8 * src, u8 * dst)
422 {
423 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
424  EVP_CIPHER_CTX *ctx;
425 #else
426  EVP_CIPHER_CTX ctx;
427 #endif
428  int out_len;
429  int bs;
430  ikev2_sa_transform_t *tr_encr;
431  u8 *key = sa->is_initiator ? sa->sk_ei : sa->sk_er;
432 
433  tr_encr =
434  ikev2_sa_get_td_for_type (sa->r_proposals, IKEV2_TRANSFORM_TYPE_ENCR);
435  bs = tr_encr->block_size;
436 
437  /* generate IV */
438  RAND_bytes (dst, bs);
439 
440 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
441  ctx = EVP_CIPHER_CTX_new ();
442  EVP_EncryptInit_ex (ctx, tr_encr->cipher, NULL, key, dst /* dst */ );
443  EVP_EncryptUpdate (ctx, dst + bs, &out_len, src, vec_len (src));
444 #else
445  EVP_CIPHER_CTX_init (&ctx);
446  EVP_EncryptInit_ex (&ctx, tr_encr->cipher, NULL, key, dst /* dst */ );
447  EVP_EncryptUpdate (&ctx, dst + bs, &out_len, src, vec_len (src));
448  EVP_CIPHER_CTX_cleanup (&ctx);
449 #endif
450 
451  ASSERT (vec_len (src) == out_len);
452 
453  return out_len + bs;
454 }
455 
456 void
457 ikev2_generate_dh (ikev2_sa_t * sa, ikev2_sa_transform_t * t)
458 {
459  int r;
460 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
461  BIGNUM *p = BN_new ();
462  BIGNUM *q = BN_new ();
463  BIGNUM *g = BN_new ();
464  BIGNUM *pub_key = BN_new ();
465  BIGNUM *priv_key = BN_new ();
466 #endif
467 
468  if (t->dh_group == IKEV2_DH_GROUP_MODP)
469  {
470  DH *dh = DH_new ();
471 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
472  BN_hex2bn (&p, t->dh_p);
473  BN_hex2bn (&g, t->dh_g);
474  DH_set0_pqg (dh, p, q, g);
475 #else
476  BN_hex2bn (&dh->p, t->dh_p);
477  BN_hex2bn (&dh->g, t->dh_g);
478 #endif
479  DH_generate_key (dh);
480 
481  if (sa->is_initiator)
482  {
483  sa->i_dh_data = vec_new (u8, t->key_len);
484  sa->dh_private_key = vec_new (u8, t->key_len);
485 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
486  r = BN_bn2bin (pub_key, sa->i_dh_data);
487  ASSERT (r == t->key_len);
488  r = BN_bn2bin (priv_key, sa->dh_private_key);
489  DH_set0_key (dh, pub_key, priv_key);
490 #else
491  r = BN_bn2bin (dh->pub_key, sa->i_dh_data);
492  ASSERT (r == t->key_len);
493  r = BN_bn2bin (dh->priv_key, sa->dh_private_key);
494  ASSERT (r == t->key_len);
495 #endif
496  }
497  else
498  {
499  sa->r_dh_data = vec_new (u8, t->key_len);
500 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
501  r = BN_bn2bin (pub_key, sa->i_dh_data);
502  ASSERT (r == t->key_len);
503  DH_set0_key (dh, pub_key, NULL);
504 #else
505  r = BN_bn2bin (dh->pub_key, sa->r_dh_data);
506  ASSERT (r == t->key_len);
507 #endif
508  BIGNUM *ex;
509  sa->dh_shared_key = vec_new (u8, t->key_len);
510  ex = BN_bin2bn (sa->i_dh_data, vec_len (sa->i_dh_data), NULL);
511  r = DH_compute_key (sa->dh_shared_key, ex, dh);
512  ASSERT (r == t->key_len);
513  BN_clear_free (ex);
514  }
515  DH_free (dh);
516  }
517  else if (t->dh_group == IKEV2_DH_GROUP_ECP)
518  {
519  EC_KEY *ec = EC_KEY_new_by_curve_name (t->nid);
520  ASSERT (ec);
521 
522  EC_KEY_generate_key (ec);
523 
524  const EC_POINT *r_point = EC_KEY_get0_public_key (ec);
525  const EC_GROUP *group = EC_KEY_get0_group (ec);
526  BIGNUM *x = NULL, *y = NULL;
527  BN_CTX *bn_ctx = BN_CTX_new ();
528  u16 x_off, y_off, len;
529  EC_POINT *i_point = EC_POINT_new (group);
530  EC_POINT *shared_point = EC_POINT_new (group);
531 
532  x = BN_new ();
533  y = BN_new ();
534  len = t->key_len / 2;
535 
536 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
537  EC_POINT_get_affine_coordinates (group, r_point, x, y, bn_ctx);
538 #else
539  EC_POINT_get_affine_coordinates_GFp (group, r_point, x, y, bn_ctx);
540 #endif
541 
542  if (sa->is_initiator)
543  {
544  sa->i_dh_data = vec_new (u8, t->key_len);
545  x_off = len - BN_num_bytes (x);
546  clib_memset (sa->i_dh_data, 0, x_off);
547  BN_bn2bin (x, sa->i_dh_data + x_off);
548  y_off = t->key_len - BN_num_bytes (y);
549  clib_memset (sa->i_dh_data + len, 0, y_off - len);
550  BN_bn2bin (y, sa->i_dh_data + y_off);
551 
552  const BIGNUM *prv = EC_KEY_get0_private_key (ec);
553  sa->dh_private_key = vec_new (u8, BN_num_bytes (prv));
554  r = BN_bn2bin (prv, sa->dh_private_key);
555  ASSERT (r == BN_num_bytes (prv));
556  }
557  else
558  {
559  sa->r_dh_data = vec_new (u8, t->key_len);
560  x_off = len - BN_num_bytes (x);
561  clib_memset (sa->r_dh_data, 0, x_off);
562  BN_bn2bin (x, sa->r_dh_data + x_off);
563  y_off = t->key_len - BN_num_bytes (y);
564  clib_memset (sa->r_dh_data + len, 0, y_off - len);
565  BN_bn2bin (y, sa->r_dh_data + y_off);
566 
567  x = BN_bin2bn (sa->i_dh_data, len, x);
568  y = BN_bin2bn (sa->i_dh_data + len, len, y);
569 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
570  EC_POINT_set_affine_coordinates (group, i_point, x, y, bn_ctx);
571 #else
572  EC_POINT_set_affine_coordinates_GFp (group, i_point, x, y, bn_ctx);
573 #endif
574  sa->dh_shared_key = vec_new (u8, t->key_len);
575  EC_POINT_mul (group, shared_point, NULL, i_point,
576  EC_KEY_get0_private_key (ec), NULL);
577 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
578  EC_POINT_get_affine_coordinates (group, shared_point, x, y, bn_ctx);
579 #else
580  EC_POINT_get_affine_coordinates_GFp (group, shared_point, x, y,
581  bn_ctx);
582 #endif
583  x_off = len - BN_num_bytes (x);
584  clib_memset (sa->dh_shared_key, 0, x_off);
585  BN_bn2bin (x, sa->dh_shared_key + x_off);
586  y_off = t->key_len - BN_num_bytes (y);
587  clib_memset (sa->dh_shared_key + len, 0, y_off - len);
588  BN_bn2bin (y, sa->dh_shared_key + y_off);
589  }
590 
591  EC_KEY_free (ec);
592  BN_free (x);
593  BN_free (y);
594  BN_CTX_free (bn_ctx);
595  EC_POINT_free (i_point);
596  EC_POINT_free (shared_point);
597  }
598 }
599 
600 void
601 ikev2_complete_dh (ikev2_sa_t * sa, ikev2_sa_transform_t * t)
602 {
603  int r;
604 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
605  BIGNUM *p = BN_new ();
606  BIGNUM *q = BN_new ();
607  BIGNUM *g = BN_new ();
608  BIGNUM *priv_key = BN_new ();
609 #endif
610 
611  if (t->dh_group == IKEV2_DH_GROUP_MODP)
612  {
613  DH *dh = DH_new ();
614 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
615  BN_hex2bn (&p, t->dh_p);
616  BN_hex2bn (&g, t->dh_g);
617  DH_set0_pqg (dh, p, q, g);
618 
619  priv_key =
620  BN_bin2bn (sa->dh_private_key, vec_len (sa->dh_private_key), NULL);
621  DH_set0_key (dh, NULL, priv_key);
622 #else
623  BN_hex2bn (&dh->p, t->dh_p);
624  BN_hex2bn (&dh->g, t->dh_g);
625 
626  dh->priv_key =
627  BN_bin2bn (sa->dh_private_key, vec_len (sa->dh_private_key), NULL);
628 #endif
629  BIGNUM *ex;
630  sa->dh_shared_key = vec_new (u8, t->key_len);
631  ex = BN_bin2bn (sa->r_dh_data, vec_len (sa->r_dh_data), NULL);
632  r = DH_compute_key (sa->dh_shared_key, ex, dh);
633  ASSERT (r == t->key_len);
634  BN_clear_free (ex);
635  DH_free (dh);
636  }
637  else if (t->dh_group == IKEV2_DH_GROUP_ECP)
638  {
639  EC_KEY *ec = EC_KEY_new_by_curve_name (t->nid);
640  ASSERT (ec);
641 
642  const EC_GROUP *group = EC_KEY_get0_group (ec);
643  BIGNUM *x = NULL, *y = NULL;
644  BN_CTX *bn_ctx = BN_CTX_new ();
645  u16 x_off, y_off, len;
646  BIGNUM *prv;
647 
648  prv =
649  BN_bin2bn (sa->dh_private_key, vec_len (sa->dh_private_key), NULL);
650  EC_KEY_set_private_key (ec, prv);
651 
652  x = BN_new ();
653  y = BN_new ();
654  len = t->key_len / 2;
655 
656  x = BN_bin2bn (sa->r_dh_data, len, x);
657  y = BN_bin2bn (sa->r_dh_data + len, len, y);
658  EC_POINT *r_point = EC_POINT_new (group);
659 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
660  EC_POINT_set_affine_coordinates (group, r_point, x, y, bn_ctx);
661 #else
662  EC_POINT_set_affine_coordinates_GFp (group, r_point, x, y, bn_ctx);
663 #endif
664  EC_KEY_set_public_key (ec, r_point);
665 
666  EC_POINT *i_point = EC_POINT_new (group);
667  EC_POINT *shared_point = EC_POINT_new (group);
668 
669  x = BN_bin2bn (sa->i_dh_data, len, x);
670  y = BN_bin2bn (sa->i_dh_data + len, len, y);
671 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
672  EC_POINT_set_affine_coordinates (group, i_point, x, y, bn_ctx);
673 #else
674  EC_POINT_set_affine_coordinates_GFp (group, i_point, x, y, bn_ctx);
675 #endif
676  EC_POINT_mul (group, shared_point, NULL, r_point,
677  EC_KEY_get0_private_key (ec), NULL);
678 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
679  EC_POINT_get_affine_coordinates (group, shared_point, x, y, bn_ctx);
680 #else
681  EC_POINT_get_affine_coordinates_GFp (group, shared_point, x, y, bn_ctx);
682 #endif
683  sa->dh_shared_key = vec_new (u8, t->key_len);
684  x_off = len - BN_num_bytes (x);
685  clib_memset (sa->dh_shared_key, 0, x_off);
686  BN_bn2bin (x, sa->dh_shared_key + x_off);
687  y_off = t->key_len - BN_num_bytes (y);
688  clib_memset (sa->dh_shared_key + len, 0, y_off - len);
689  BN_bn2bin (y, sa->dh_shared_key + y_off);
690 
691  EC_KEY_free (ec);
692  BN_free (x);
693  BN_free (y);
694  BN_free (prv);
695  BN_CTX_free (bn_ctx);
696  EC_POINT_free (i_point);
697  EC_POINT_free (r_point);
698  EC_POINT_free (shared_point);
699  }
700 }
701 
702 int
703 ikev2_verify_sign (EVP_PKEY * pkey, u8 * sigbuf, u8 * data)
704 {
705 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
706  EVP_MD_CTX *md_ctx = EVP_MD_CTX_new ();
707 #else
708  EVP_MD_CTX md_ctx;
709  EVP_MD_CTX_init (&md_ctx);
710 #endif
711 
712 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
713  EVP_VerifyInit (md_ctx, EVP_sha1 ());
714  EVP_VerifyUpdate (md_ctx, data, vec_len (data));
715 #else
716  EVP_VerifyInit_ex (&md_ctx, EVP_sha1 (), NULL);
717  EVP_VerifyUpdate (&md_ctx, data, vec_len (data));
718 #endif
719 
720 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
721  return EVP_VerifyFinal (md_ctx, sigbuf, vec_len (sigbuf), pkey);
722 #else
723  return EVP_VerifyFinal (&md_ctx, sigbuf, vec_len (sigbuf), pkey);
724 #endif
725 }
726 
727 u8 *
728 ikev2_calc_sign (EVP_PKEY * pkey, u8 * data)
729 {
730 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
731  EVP_MD_CTX *md_ctx = EVP_MD_CTX_new ();
732 #else
733  EVP_MD_CTX md_ctx;
734 #endif
735  unsigned int sig_len = 0;
736  u8 *sign;
737 
738 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
739  EVP_SignInit (md_ctx, EVP_sha1 ());
740  EVP_SignUpdate (md_ctx, data, vec_len (data));
741  /* get sign len */
742  EVP_SignFinal (md_ctx, NULL, &sig_len, pkey);
743  sign = vec_new (u8, sig_len);
744  /* calc sign */
745  EVP_SignFinal (md_ctx, sign, &sig_len, pkey);
746 #else
747  EVP_SignInit (&md_ctx, EVP_sha1 ());
748  EVP_SignUpdate (&md_ctx, data, vec_len (data));
749  /* get sign len */
750  EVP_SignFinal (&md_ctx, NULL, &sig_len, pkey);
751  sign = vec_new (u8, sig_len);
752  /* calc sign */
753  EVP_SignFinal (&md_ctx, sign, &sig_len, pkey);
754 #endif
755  return sign;
756 }
757 
758 EVP_PKEY *
759 ikev2_load_cert_file (u8 * file)
760 {
761  FILE *fp;
762  X509 *x509;
763  EVP_PKEY *pkey = NULL;
764 
765  fp = fopen ((char *) file, "r");
766  if (!fp)
767  {
768  clib_warning ("open %s failed", file);
769  goto end;
770  }
771 
772  x509 = PEM_read_X509 (fp, NULL, NULL, NULL);
773  fclose (fp);
774  if (x509 == NULL)
775  {
776  clib_warning ("read cert %s failed", file);
777  goto end;
778  }
779 
780  pkey = X509_get_pubkey (x509);
781  if (pkey == NULL)
782  clib_warning ("get pubkey %s failed", file);
783 
784 end:
785  return pkey;
786 }
787 
788 EVP_PKEY *
789 ikev2_load_key_file (u8 * file)
790 {
791  FILE *fp;
792  EVP_PKEY *pkey = NULL;
793 
794  fp = fopen ((char *) file, "r");
795  if (!fp)
796  {
797  clib_warning ("open %s failed", file);
798  goto end;
799  }
800 
801  pkey = PEM_read_PrivateKey (fp, NULL, NULL, NULL);
802  fclose (fp);
803  if (pkey == NULL)
804  clib_warning ("read %s failed", file);
805 
806 end:
807  return pkey;
808 }
809 
810 void
811 ikev2_crypto_init (ikev2_main_t * km)
812 {
813  ikev2_sa_transform_t *tr;
814 
815  /* vector of supported transforms - in order of preference */
816 
817  //Encryption
818 
819  vec_add2 (km->supported_transforms, tr, 1);
820  tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
821  tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
822  tr->key_len = 256 / 8;
823  tr->block_size = 128 / 8;
824  tr->cipher = EVP_aes_256_cbc ();
825 
826  vec_add2 (km->supported_transforms, tr, 1);
827  tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
828  tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
829  tr->key_len = 192 / 8;
830  tr->block_size = 128 / 8;
831  tr->cipher = EVP_aes_192_cbc ();
832 
833  vec_add2 (km->supported_transforms, tr, 1);
834  tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
835  tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
836  tr->key_len = 128 / 8;
837  tr->block_size = 128 / 8;
838  tr->cipher = EVP_aes_128_cbc ();
839 
840  //PRF
841  vec_add2 (km->supported_transforms, tr, 1);
842  tr->type = IKEV2_TRANSFORM_TYPE_PRF;
843  tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA2_256;
844  tr->key_len = 256 / 8;
845  tr->key_trunc = 256 / 8;
846  tr->md = EVP_sha256 ();
847 
848  vec_add2 (km->supported_transforms, tr, 1);
849  tr->type = IKEV2_TRANSFORM_TYPE_PRF;
850  tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA2_384;
851  tr->key_len = 384 / 8;
852  tr->key_trunc = 384 / 8;
853  tr->md = EVP_sha384 ();
854 
855  vec_add2 (km->supported_transforms, tr, 1);
856  tr->type = IKEV2_TRANSFORM_TYPE_PRF;
857  tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA2_512;
858  tr->key_len = 512 / 8;
859  tr->key_trunc = 512 / 8;
860  tr->md = EVP_sha512 ();
861 
862  vec_add2 (km->supported_transforms, tr, 1);
863  tr->type = IKEV2_TRANSFORM_TYPE_PRF;
864  tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA1;
865  tr->key_len = 160 / 8;
866  tr->key_trunc = 160 / 8;
867  tr->md = EVP_sha1 ();
868 
869  //Integrity
870  vec_add2 (km->supported_transforms, tr, 1);
871  tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
872  tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA2_256_128;
873  tr->key_len = 256 / 8;
874  tr->key_trunc = 128 / 8;
875  tr->md = EVP_sha256 ();
876 
877  vec_add2 (km->supported_transforms, tr, 1);
878  tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
879  tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA2_384_192;
880  tr->key_len = 384 / 8;
881  tr->key_trunc = 192 / 8;
882  tr->md = EVP_sha384 ();
883 
884  vec_add2 (km->supported_transforms, tr, 1);
885  tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
886  tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA2_512_256;
887  tr->key_len = 512 / 8;
888  tr->key_trunc = 256 / 8;
889  tr->md = EVP_sha512 ();
890 
891  vec_add2 (km->supported_transforms, tr, 1);
892  tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
893  tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA1_160;
894  tr->key_len = 160 / 8;
895  tr->key_trunc = 160 / 8;
896  tr->md = EVP_sha1 ();
897 
898  vec_add2 (km->supported_transforms, tr, 1);
899  tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
900  tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA1_96;
901  tr->key_len = 160 / 8;
902  tr->key_trunc = 96 / 8;
903  tr->md = EVP_sha1 ();
904 
905 
906 #if defined(OPENSSL_NO_CISCO_FECDH)
907  vec_add2 (km->supported_transforms, tr, 1);
908  tr->type = IKEV2_TRANSFORM_TYPE_DH;
909  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_512;
910  tr->key_len = (512 * 2) / 8;
911  tr->nid = NID_brainpoolP512r1;
912  tr->dh_group = IKEV2_DH_GROUP_ECP;
913 
914  vec_add2 (km->supported_transforms, tr, 1);
915  tr->type = IKEV2_TRANSFORM_TYPE_DH;
916  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_384;
917  tr->key_len = (384 * 2) / 8;
918  tr->nid = NID_brainpoolP384r1;
919  tr->dh_group = IKEV2_DH_GROUP_ECP;
920 
921  vec_add2 (km->supported_transforms, tr, 1);
922  tr->type = IKEV2_TRANSFORM_TYPE_DH;
923  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_256;
924  tr->key_len = (256 * 2) / 8;
925  tr->nid = NID_brainpoolP256r1;
926  tr->dh_group = IKEV2_DH_GROUP_ECP;
927 
928  vec_add2 (km->supported_transforms, tr, 1);
929  tr->type = IKEV2_TRANSFORM_TYPE_DH;
930  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_224;
931  tr->key_len = (224 * 2) / 8;
932  tr->nid = NID_brainpoolP224r1;
933  tr->dh_group = IKEV2_DH_GROUP_ECP;
934 
935  vec_add2 (km->supported_transforms, tr, 1);
936  tr->type = IKEV2_TRANSFORM_TYPE_DH;
937  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_224;
938  tr->key_len = (224 * 2) / 8;
939  tr->nid = NID_secp224r1;
940  tr->dh_group = IKEV2_DH_GROUP_ECP;
941 #endif
942 
943  vec_add2 (km->supported_transforms, tr, 1);
944  tr->type = IKEV2_TRANSFORM_TYPE_DH;
945  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_521;
946  tr->key_len = (528 * 2) / 8;
947  tr->nid = NID_secp521r1;
948  tr->dh_group = IKEV2_DH_GROUP_ECP;
949 
950  vec_add2 (km->supported_transforms, tr, 1);
951  tr->type = IKEV2_TRANSFORM_TYPE_DH;
952  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_384;
953  tr->key_len = (384 * 2) / 8;
954  tr->nid = NID_secp384r1;
955  tr->dh_group = IKEV2_DH_GROUP_ECP;
956 
957  vec_add2 (km->supported_transforms, tr, 1);
958  tr->type = IKEV2_TRANSFORM_TYPE_DH;
959  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_256;
960  tr->key_len = (256 * 2) / 8;
961  tr->nid = NID_X9_62_prime256v1;
962  tr->dh_group = IKEV2_DH_GROUP_ECP;
963 
964  vec_add2 (km->supported_transforms, tr, 1);
965  tr->type = IKEV2_TRANSFORM_TYPE_DH;
966  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_192;
967  tr->key_len = (192 * 2) / 8;
968  tr->nid = NID_X9_62_prime192v1;
969  tr->dh_group = IKEV2_DH_GROUP_ECP;
970 
971  vec_add2 (km->supported_transforms, tr, 1);
972  tr->type = IKEV2_TRANSFORM_TYPE_DH;
973  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048_256;
974  tr->key_len = 2048 / 8;
975  tr->dh_p = (const char *) &modp_dh_2048_256_prime;
976  tr->dh_g = (const char *) &modp_dh_2048_256_generator;
977  tr->dh_group = IKEV2_DH_GROUP_MODP;
978 
979  vec_add2 (km->supported_transforms, tr, 1);
980  tr->type = IKEV2_TRANSFORM_TYPE_DH;
981  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048_224;
982  tr->key_len = 2048 / 8;
983  tr->dh_p = (const char *) &modp_dh_2048_224_prime;
984  tr->dh_g = (const char *) &modp_dh_2048_224_generator;
985  tr->dh_group = IKEV2_DH_GROUP_MODP;
986 
987  vec_add2 (km->supported_transforms, tr, 1);
988  tr->type = IKEV2_TRANSFORM_TYPE_DH;
989  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1024_160;
990  tr->key_len = 1024 / 8;
991  tr->dh_p = (const char *) &modp_dh_1024_160_prime;
992  tr->dh_g = (const char *) &modp_dh_1024_160_generator;
993  tr->dh_group = IKEV2_DH_GROUP_MODP;
994 
995  vec_add2 (km->supported_transforms, tr, 1);
996  tr->type = IKEV2_TRANSFORM_TYPE_DH;
997  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_8192;
998  tr->key_len = 8192 / 8;
999  tr->dh_p = (const char *) &modp_dh_8192_prime;
1000  tr->dh_g = (const char *) &modp_dh_8192_generator;
1001  tr->dh_group = IKEV2_DH_GROUP_MODP;
1002 
1003  vec_add2 (km->supported_transforms, tr, 1);
1004  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1005  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_6144;
1006  tr->key_len = 6144 / 8;
1007  tr->dh_p = (const char *) &modp_dh_6144_prime;
1008  tr->dh_g = (const char *) &modp_dh_6144_generator;
1009  tr->dh_group = IKEV2_DH_GROUP_MODP;
1010 
1011  vec_add2 (km->supported_transforms, tr, 1);
1012  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1013  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_4096;
1014  tr->key_len = 4096 / 8;
1015  tr->dh_p = (const char *) &modp_dh_4096_prime;
1016  tr->dh_g = (const char *) &modp_dh_4096_generator;
1017  tr->dh_group = IKEV2_DH_GROUP_MODP;
1018 
1019  vec_add2 (km->supported_transforms, tr, 1);
1020  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1021  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_3072;
1022  tr->key_len = 3072 / 8;
1023  tr->dh_p = (const char *) &modp_dh_3072_prime;
1024  tr->dh_g = (const char *) &modp_dh_3072_generator;
1025  tr->dh_group = IKEV2_DH_GROUP_MODP;
1026 
1027  vec_add2 (km->supported_transforms, tr, 1);
1028  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1029  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048;
1030  tr->key_len = 2048 / 8;
1031  tr->dh_p = (const char *) &modp_dh_2048_prime;
1032  tr->dh_g = (const char *) &modp_dh_2048_generator;
1033  tr->dh_group = IKEV2_DH_GROUP_MODP;
1034 
1035  vec_add2 (km->supported_transforms, tr, 1);
1036  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1037  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1536;
1038  tr->key_len = 1536 / 8;
1039  tr->dh_p = (const char *) &modp_dh_1536_prime;
1040  tr->dh_g = (const char *) &modp_dh_1536_generator;
1041  tr->dh_group = IKEV2_DH_GROUP_MODP;
1042 
1043  vec_add2 (km->supported_transforms, tr, 1);
1044  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1045  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1024;
1046  tr->key_len = 1024 / 8;
1047  tr->dh_p = (const char *) &modp_dh_1024_prime;
1048  tr->dh_g = (const char *) &modp_dh_1024_generator;
1049  tr->dh_group = IKEV2_DH_GROUP_MODP;
1050 
1051  vec_add2 (km->supported_transforms, tr, 1);
1052  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1053  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_768;
1054  tr->key_len = 768 / 8;
1055  tr->dh_p = (const char *) &modp_dh_768_prime;
1056  tr->dh_g = (const char *) &modp_dh_768_generator;
1057  tr->dh_group = IKEV2_DH_GROUP_MODP;
1058 
1059  vec_add2 (km->supported_transforms, tr, 1);
1060  tr->type = IKEV2_TRANSFORM_TYPE_ESN;
1061  tr->esn_type = IKEV2_TRANSFORM_ESN_TYPE_ESN;
1062 
1063  vec_add2 (km->supported_transforms, tr, 1);
1064  tr->type = IKEV2_TRANSFORM_TYPE_ESN;
1065  tr->esn_type = IKEV2_TRANSFORM_ESN_TYPE_NO_ESN;
1066 }
1067 
1068 
1069 
1070 /*
1071  * fd.io coding-style-patch-verification: ON
1072  *
1073  * Local Variables:
1074  * eval: (c-set-style "gnu")
1075  * End:
1076  */
ikev2_sa_t::dh_shared_key
u8 * dh_shared_key
Definition: ikev2_priv.h:211
ikev2_sa_t::dh_private_key
u8 * dh_private_key
Definition: ikev2_priv.h:212
ikev2_sa_transform_t::type
ikev2_transform_type_t type
Definition: ikev2_priv.h:69
modp_dh_1536_prime
static const char modp_dh_1536_prime[]
Definition: ikev2_crypto.c:47
modp_dh_3072_generator
static const char modp_dh_3072_generator[]
Definition: ikev2_crypto.c:89
IKEV2_DH_GROUP_ECP
Definition: ikev2_priv.h:64
modp_dh_8192_prime
static const char modp_dh_8192_prime[]
Definition: ikev2_crypto.c:146
modp_dh_4096_prime
static const char modp_dh_4096_prime[]
Definition: ikev2_crypto.c:91
v8
u8 v8
Definition: ikev2.h:27
ikev2_sa_transform_t::block_size
u16 block_size
Definition: ikev2_priv.h:82
NULL
#define NULL
Definition: clib.h:58
clib_memset
clib_memset(h->entries, 0, sizeof(h->entries[0]) *entries)
ikev2_calc_prf
v8 * ikev2_calc_prf(ikev2_sa_transform_t *tr, v8 *key, v8 *data)
Definition: ikev2_crypto.c:257
modp_dh_8192_generator
static const char modp_dh_8192_generator[]
Definition: ikev2_crypto.c:190
ikev2_sa_transform_t::esn_type
ikev2_transform_esn_type_t esn_type
Definition: ikev2_priv.h:77
modp_dh_768_generator
static const char modp_dh_768_generator[]
Definition: ikev2_crypto.c:36
vec_add2
#define vec_add2(V, P, N)
Add N elements to end of vector V, return pointer to new elements in P.
Definition: vec.h:560
modp_dh_1024_prime
static const char modp_dh_1024_prime[]
Definition: ikev2_crypto.c:38
data
u8 data[128]
Definition: ipsec.api:248
dst
vl_api_ip4_address_t dst
Definition: ipsec_gre.api:39
u8
unsigned char u8
Definition: types.h:56
ikev2_sa_get_td_for_type
ikev2_sa_transform_t * ikev2_sa_get_td_for_type(ikev2_sa_proposal_t *p, ikev2_transform_type_t type)
Definition: ikev2.c:194
ikev2_sa_transform_t::nid
int nid
Definition: ikev2_priv.h:84
modp_dh_6144_prime
static const char modp_dh_6144_prime[]
Definition: ikev2_crypto.c:115
ikev2_encrypt_data
int ikev2_encrypt_data(ikev2_sa_t *sa, v8 *src, u8 *dst)
Definition: ikev2_crypto.c:421
modp_dh_768_prime
static const char modp_dh_768_prime[]
Definition: ikev2_crypto.c:31
ikev2_main_t
Definition: ikev2_priv.h:268
ikev2_generate_dh
void ikev2_generate_dh(ikev2_sa_t *sa, ikev2_sa_transform_t *t)
Definition: ikev2_crypto.c:457
ikev2_load_cert_file
EVP_PKEY * ikev2_load_cert_file(u8 *file)
Definition: ikev2_crypto.c:759
vec_new
#define vec_new(T, N)
Create new vector of given type and length (unspecified alignment, no header).
Definition: vec.h:311
ikev2_load_key_file
EVP_PKEY * ikev2_load_key_file(u8 *file)
Definition: ikev2_crypto.c:789
modp_dh_1024_160_prime
static const char modp_dh_1024_160_prime[]
Definition: ikev2_crypto.c:193
ikev2_sa_t::r_dh_data
u8 * r_dh_data
Definition: ikev2_priv.h:214
ikev2_calc_prfplus
u8 * ikev2_calc_prfplus(ikev2_sa_transform_t *tr, u8 *key, u8 *seed, int len)
Definition: ikev2_crypto.c:286
modp_dh_1024_generator
static const char modp_dh_1024_generator[]
Definition: ikev2_crypto.c:44
ikev2_sa_t::i_dh_data
u8 * i_dh_data
Definition: ikev2_priv.h:213
ctx
long ctx[MAX_CONNS]
Definition: main.c:144
modp_dh_2048_256_prime
static const char modp_dh_2048_256_prime[]
Definition: ikev2_crypto.c:231
u16
unsigned short u16
Definition: types.h:57
IKEV2_DH_GROUP_MODP
Definition: ikev2_priv.h:63
ikev2_main_t::supported_transforms
ikev2_sa_transform_t * supported_transforms
Definition: ikev2_priv.h:274
ikev2_sa_transform_t::dh_group
u8 dh_group
Definition: ikev2_priv.h:83
ikev2_verify_sign
int ikev2_verify_sign(EVP_PKEY *pkey, u8 *sigbuf, u8 *data)
Definition: ikev2_crypto.c:703
ikev2_sa_transform_t
Definition: ikev2_priv.h:67
src
vl_api_ip4_address_t src
Definition: ipsec_gre.api:38
modp_dh_1536_generator
static const char modp_dh_1536_generator[]
Definition: ikev2_crypto.c:56
len
u8 len
Definition: ip_types.api:49
ikev2_sa_t::sk_ei
u8 * sk_ei
Definition: ikev2_priv.h:224
modp_dh_3072_prime
static const char modp_dh_3072_prime[]
Definition: ikev2_crypto.c:72
ikev2_sa_transform_t::dh_type
ikev2_transform_dh_type_t dh_type
Definition: ikev2_priv.h:76
ikev2_sa_t
Definition: ikev2_priv.h:197
vec_free
#define vec_free(V)
Free vector&#39;s memory (no header).
Definition: vec.h:341
clib_warning
#define clib_warning(format, args...)
Definition: error.h:59
ikev2_sa_t::sk_er
u8 * sk_er
Definition: ikev2_priv.h:225
ikev2_sa_t::is_initiator
u8 is_initiator
Definition: ikev2_priv.h:251
ikev2_sa_transform_t::cipher
const void * cipher
Definition: ikev2_priv.h:88
ikev2_priv.h
ikev2_sa_t::r_proposals
ikev2_sa_proposal_t * r_proposals
Definition: ikev2_priv.h:218
modp_dh_2048_generator
static const char modp_dh_2048_generator[]
Definition: ikev2_crypto.c:70
ASSERT
#define ASSERT(truth)
Definition: error_bootstrap.h:69
modp_dh_6144_generator
static const char modp_dh_6144_generator[]
Definition: ikev2_crypto.c:144
ikev2_complete_dh
void ikev2_complete_dh(ikev2_sa_t *sa, ikev2_sa_transform_t *t)
Definition: ikev2_crypto.c:601
vec_append
#define vec_append(v1, v2)
Append v2 after v1.
Definition: vec.h:818
ikev2_sa_transform_t::dh_p
const char * dh_p
Definition: ikev2_priv.h:85
modp_dh_1024_160_generator
static const char modp_dh_1024_160_generator[]
Definition: ikev2_crypto.c:199
ikev2_sa_transform_t::md
const void * md
Definition: ikev2_priv.h:87
ikev2_sa_transform_t::encr_type
ikev2_transform_encr_type_t encr_type
Definition: ikev2_priv.h:73
ikev2_sa_transform_t::dh_g
const char * dh_g
Definition: ikev2_priv.h:86
ikev2_sa_transform_t::integ_type
ikev2_transform_integ_type_t integ_type
Definition: ikev2_priv.h:75
modp_dh_4096_generator
static const char modp_dh_4096_generator[]
Definition: ikev2_crypto.c:113
ikev2_sa_transform_t::key_len
u16 key_len
Definition: ikev2_priv.h:80
modp_dh_2048_prime
static const char modp_dh_2048_prime[]
Definition: ikev2_crypto.c:58
vec_len
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
Definition: vec_bootstrap.h:143
key
typedef key
Definition: ipsec.api:244
ikev2_sa_transform_t::prf_type
ikev2_transform_prf_type_t prf_type
Definition: ikev2_priv.h:74
modp_dh_2048_224_generator
static const char modp_dh_2048_224_generator[]
Definition: ikev2_crypto.c:218
modp_dh_2048_256_generator
static const char modp_dh_2048_256_generator[]
Definition: ikev2_crypto.c:243
ikev2_crypto_init
void ikev2_crypto_init(ikev2_main_t *km)
Definition: ikev2_crypto.c:811
ikev2_decrypt_data
v8 * ikev2_decrypt_data(ikev2_sa_t *sa, u8 *data, int len)
Definition: ikev2_crypto.c:371
ikev2_calc_sign
u8 * ikev2_calc_sign(EVP_PKEY *pkey, u8 *data)
Definition: ikev2_crypto.c:728
ikev2_calc_integr
v8 * ikev2_calc_integr(ikev2_sa_transform_t *tr, v8 *key, u8 *data, int len)
Definition: ikev2_crypto.c:328
modp_dh_2048_224_prime
static const char modp_dh_2048_224_prime[]
Definition: ikev2_crypto.c:206
ikev2_sa_transform_t::key_trunc
u16 key_trunc
Definition: ikev2_priv.h:81