FD.io VPP  v20.09-64-g4f7b92f0a
Vector Packet Processing
ipsec_sa.h
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2015 Cisco and/or its affiliates.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at:
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 #ifndef __IPSEC_SPD_SA_H__
16 #define __IPSEC_SPD_SA_H__
17 
18 #include <vlib/vlib.h>
19 #include <vnet/crypto/crypto.h>
20 #include <vnet/ip/ip.h>
21 #include <vnet/fib/fib_node.h>
22 
23 #define foreach_ipsec_crypto_alg \
24  _ (0, NONE, "none") \
25  _ (1, AES_CBC_128, "aes-cbc-128") \
26  _ (2, AES_CBC_192, "aes-cbc-192") \
27  _ (3, AES_CBC_256, "aes-cbc-256") \
28  _ (4, AES_CTR_128, "aes-ctr-128") \
29  _ (5, AES_CTR_192, "aes-ctr-192") \
30  _ (6, AES_CTR_256, "aes-ctr-256") \
31  _ (7, AES_GCM_128, "aes-gcm-128") \
32  _ (8, AES_GCM_192, "aes-gcm-192") \
33  _ (9, AES_GCM_256, "aes-gcm-256") \
34  _ (10, DES_CBC, "des-cbc") \
35  _ (11, 3DES_CBC, "3des-cbc")
36 
37 typedef enum
38 {
39 #define _(v, f, s) IPSEC_CRYPTO_ALG_##f = v,
41 #undef _
44 
45 #define IPSEC_CRYPTO_ALG_IS_GCM(_alg) \
46  (((_alg == IPSEC_CRYPTO_ALG_AES_GCM_128) || \
47  (_alg == IPSEC_CRYPTO_ALG_AES_GCM_192) || \
48  (_alg == IPSEC_CRYPTO_ALG_AES_GCM_256)))
49 
50 #define foreach_ipsec_integ_alg \
51  _ (0, NONE, "none") \
52  _ (1, MD5_96, "md5-96") /* RFC2403 */ \
53  _ (2, SHA1_96, "sha1-96") /* RFC2404 */ \
54  _ (3, SHA_256_96, "sha-256-96") /* draft-ietf-ipsec-ciph-sha-256-00 */ \
55  _ (4, SHA_256_128, "sha-256-128") /* RFC4868 */ \
56  _ (5, SHA_384_192, "sha-384-192") /* RFC4868 */ \
57  _ (6, SHA_512_256, "sha-512-256") /* RFC4868 */
58 
59 typedef enum
60 {
61 #define _(v, f, s) IPSEC_INTEG_ALG_##f = v,
63 #undef _
66 
67 typedef enum
68 {
72 
73 #define IPSEC_KEY_MAX_LEN 128
74 typedef struct ipsec_key_t_
75 {
78 } ipsec_key_t;
79 
80 /*
81  * Enable extended sequence numbers
82  * Enable Anti-replay
83  * IPsec tunnel mode if non-zero, else transport mode
84  * IPsec tunnel mode is IPv6 if non-zero,
85  * else IPv4 tunnel only valid if is_tunnel is non-zero
86  * enable UDP encapsulation for NAT traversal
87  */
88 #define foreach_ipsec_sa_flags \
89  _ (0, NONE, "none") \
90  _ (1, USE_ESN, "esn") \
91  _ (2, USE_ANTI_REPLAY, "anti-replay") \
92  _ (4, IS_TUNNEL, "tunnel") \
93  _ (8, IS_TUNNEL_V6, "tunnel-v6") \
94  _ (16, UDP_ENCAP, "udp-encap") \
95  _ (32, IS_PROTECT, "Protect") \
96  _ (64, IS_INBOUND, "inbound") \
97  _ (128, IS_AEAD, "aead") \
98 
99 typedef enum ipsec_sad_flags_t_
100 {
101 #define _(v, f, s) IPSEC_SA_FLAG_##f = v,
103 #undef _
104 } __clib_packed ipsec_sa_flags_t;
105 
106 STATIC_ASSERT (sizeof (ipsec_sa_flags_t) == 1, "IPSEC SA flags > 1 byte");
107 
108 typedef struct
109 {
110  CLIB_CACHE_LINE_ALIGN_MARK (cacheline0);
111 
112  /* flags */
113  ipsec_sa_flags_t flags;
114 
127 
130 
131  /* Union data shared by sync and async ops, updated when mode is
132  * changed. */
133  union
134  {
135  struct
136  {
140  };
141 
142  struct
143  {
147  };
148 
150  };
151 
152  /* data accessed by dataplane code should be above this comment */
153  CLIB_CACHE_LINE_ALIGN_MARK (cacheline1);
154 
155  union
156  {
159  };
161 
166 
167  ipsec_crypto_alg_t crypto_alg;
170 
171  ipsec_integ_alg_t integ_alg;
174 
175  ip46_address_t tunnel_src_addr;
176  ip46_address_t tunnel_dst_addr;
177 
180 
182 
183  /* Salt used in GCM modes - stored in network byte order */
186 
187  union
188  {
189  struct
190  {
191  vnet_crypto_op_id_t crypto_enc_op_id:16;
192  vnet_crypto_op_id_t crypto_dec_op_id:16;
193  vnet_crypto_op_id_t integ_op_id:16;
194  };
196  } sync_op_data;
197 
198  union
199  {
200  struct
201  {
202  vnet_crypto_async_op_id_t crypto_async_enc_op_id:16;
203  vnet_crypto_async_op_id_t crypto_async_dec_op_id:16;
204  vnet_crypto_key_index_t linked_key_index;
205  };
206  u64 data;
207  } async_op_data;
208 } ipsec_sa_t;
209 
211 
212 #define _(a,v,s) \
213  always_inline int \
214  ipsec_sa_is_set_##v (const ipsec_sa_t *sa) { \
215  return (sa->flags & IPSEC_SA_FLAG_##v); \
216  }
218 #undef _
219 #define _(a,v,s) \
220  always_inline int \
221  ipsec_sa_set_##v (ipsec_sa_t *sa) { \
222  return (sa->flags |= IPSEC_SA_FLAG_##v); \
223  }
225 #undef _
226 #define _(a,v,s) \
227  always_inline int \
228  ipsec_sa_unset_##v (ipsec_sa_t *sa) { \
229  return (sa->flags &= ~IPSEC_SA_FLAG_##v); \
230  }
232 #undef _
233 /**
234  * @brief
235  * SA packet & bytes counters
236  */
238 
239 extern void ipsec_mk_key (ipsec_key_t * key, const u8 * data, u8 len);
240 
241 extern int ipsec_sa_add_and_lock (u32 id,
242  u32 spi,
243  ipsec_protocol_t proto,
244  ipsec_crypto_alg_t crypto_alg,
245  const ipsec_key_t * ck,
246  ipsec_integ_alg_t integ_alg,
247  const ipsec_key_t * ik,
248  ipsec_sa_flags_t flags,
249  u32 tx_table_id,
250  u32 salt,
251  const ip46_address_t * tunnel_src_addr,
252  const ip46_address_t * tunnel_dst_addr,
253  u32 * sa_index, u16 src_port, u16 dst_port);
255 extern int ipsec_sa_unlock_id (u32 id);
256 extern void ipsec_sa_unlock (index_t sai);
257 extern void ipsec_sa_lock (index_t sai);
258 extern void ipsec_sa_clear (index_t sai);
259 extern void ipsec_sa_set_crypto_alg (ipsec_sa_t * sa,
260  ipsec_crypto_alg_t crypto_alg);
261 extern void ipsec_sa_set_integ_alg (ipsec_sa_t * sa,
262  ipsec_integ_alg_t integ_alg);
263 
264 typedef walk_rc_t (*ipsec_sa_walk_cb_t) (ipsec_sa_t * sa, void *ctx);
265 extern void ipsec_sa_walk (ipsec_sa_walk_cb_t cd, void *ctx);
266 
267 extern u8 *format_ipsec_crypto_alg (u8 * s, va_list * args);
268 extern u8 *format_ipsec_integ_alg (u8 * s, va_list * args);
269 extern u8 *format_ipsec_sa (u8 * s, va_list * args);
270 extern u8 *format_ipsec_key (u8 * s, va_list * args);
272  va_list * args);
274  va_list * args);
275 extern uword unformat_ipsec_key (unformat_input_t * input, va_list * args);
276 
277 #define IPSEC_UDP_PORT_NONE ((u16)~0)
278 
279 /*
280  * Anti Replay definitions
281  */
282 
283 #define IPSEC_SA_ANTI_REPLAY_WINDOW_SIZE (64)
284 #define IPSEC_SA_ANTI_REPLAY_WINDOW_MAX_INDEX (IPSEC_SA_ANTI_REPLAY_WINDOW_SIZE-1)
285 
286 /*
287  * sequence number less than the lower bound are outside of the window
288  * From RFC4303 Appendix A:
289  * Bl = Tl - W + 1
290  */
291 #define IPSEC_SA_ANTI_REPLAY_WINDOW_LOWER_BOUND(_tl) (_tl - IPSEC_SA_ANTI_REPLAY_WINDOW_SIZE + 1)
292 
293 /*
294  * Anti replay check.
295  * inputs need to be in host byte order.
296  */
297 always_inline int
299 {
300  u32 diff, tl, th;
301 
302  if ((sa->flags & IPSEC_SA_FLAG_USE_ANTI_REPLAY) == 0)
303  return 0;
304 
305  if (!ipsec_sa_is_set_USE_ESN (sa))
306  {
307  if (PREDICT_TRUE (seq > sa->last_seq))
308  return 0;
309 
310  diff = sa->last_seq - seq;
311 
313  return (sa->replay_window & (1ULL << diff)) ? 1 : 0;
314  else
315  return 1;
316 
317  return 0;
318  }
319 
320  tl = sa->last_seq;
321  th = sa->last_seq_hi;
322  diff = tl - seq;
323 
325  {
326  /*
327  * the last sequence number VPP recieved is more than one
328  * window size greater than zero.
329  * Case A from RFC4303 Appendix A.
330  */
332  {
333  /*
334  * the received sequence number is lower than the lower bound
335  * of the window, this could mean either a replay packet or that
336  * the high sequence number has wrapped. if it decrypts corrently
337  * then it's the latter.
338  */
339  sa->seq_hi = th + 1;
340  return 0;
341  }
342  else
343  {
344  /*
345  * the recieved sequence number greater than the low
346  * end of the window.
347  */
348  sa->seq_hi = th;
349  if (seq <= tl)
350  /*
351  * The recieved seq number is within bounds of the window
352  * check if it's a duplicate
353  */
354  return (sa->replay_window & (1ULL << diff)) ? 1 : 0;
355  else
356  /*
357  * The received sequence number is greater than the window
358  * upper bound. this packet will move the window along, assuming
359  * it decrypts correctly.
360  */
361  return 0;
362  }
363  }
364  else
365  {
366  /*
367  * the last sequence number VPP recieved is within one window
368  * size of zero, i.e. 0 < TL < WINDOW_SIZE, the lower bound is thus a
369  * large sequence number.
370  * Note that the check below uses unsiged integer arthimetic, so the
371  * RHS will be a larger number.
372  * Case B from RFC4303 Appendix A.
373  */
375  {
376  /*
377  * the sequence number is less than the lower bound.
378  */
379  if (seq <= tl)
380  {
381  /*
382  * the packet is within the window upper bound.
383  * check for duplicates.
384  */
385  sa->seq_hi = th;
386  return (sa->replay_window & (1ULL << diff)) ? 1 : 0;
387  }
388  else
389  {
390  /*
391  * the packet is less the window lower bound or greater than
392  * the higher bound, depending on how you look at it...
393  * We're assuming, given that the last sequence number received,
394  * TL < WINDOW_SIZE, that a largeer seq num is more likely to be
395  * a packet that moves the window forward, than a packet that has
396  * wrapped the high sequence again. If it were the latter then
397  * we've lost close to 2^32 packets.
398  */
399  sa->seq_hi = th;
400  return 0;
401  }
402  }
403  else
404  {
405  /*
406  * the packet seq number is between the lower bound (a large nubmer)
407  * and MAX_SEQ_NUM. This is in the window since the window upper bound
408  * tl > 0.
409  * However, since TL is the other side of 0 to the received
410  * packet, the SA has moved on to a higher sequence number.
411  */
412  sa->seq_hi = th - 1;
413  return (sa->replay_window & (1ULL << diff)) ? 1 : 0;
414  }
415  }
416 
417  return 0;
418 }
419 
420 /*
421  * Anti replay window advance
422  * inputs need to be in host byte order.
423  */
424 always_inline void
426 {
427  u32 pos;
428  if (PREDICT_TRUE (sa->flags & IPSEC_SA_FLAG_USE_ANTI_REPLAY) == 0)
429  return;
430 
431  if (PREDICT_TRUE (sa->flags & IPSEC_SA_FLAG_USE_ESN))
432  {
433  int wrap = sa->seq_hi - sa->last_seq_hi;
434 
435  if (wrap == 0 && seq > sa->last_seq)
436  {
437  pos = seq - sa->last_seq;
439  sa->replay_window = ((sa->replay_window) << pos) | 1;
440  else
441  sa->replay_window = 1;
442  sa->last_seq = seq;
443  }
444  else if (wrap > 0)
445  {
446  pos = ~seq + sa->last_seq + 1;
448  sa->replay_window = ((sa->replay_window) << pos) | 1;
449  else
450  sa->replay_window = 1;
451  sa->last_seq = seq;
452  sa->last_seq_hi = sa->seq_hi;
453  }
454  else if (wrap < 0)
455  {
456  pos = ~seq + sa->last_seq + 1;
457  sa->replay_window |= (1ULL << pos);
458  }
459  else
460  {
461  pos = sa->last_seq - seq;
462  sa->replay_window |= (1ULL << pos);
463  }
464  }
465  else
466  {
467  if (seq > sa->last_seq)
468  {
469  pos = seq - sa->last_seq;
471  sa->replay_window = ((sa->replay_window) << pos) | 1;
472  else
473  sa->replay_window = 1;
474  sa->last_seq = seq;
475  }
476  else
477  {
478  pos = sa->last_seq - seq;
479  sa->replay_window |= (1ULL << pos);
480  }
481  }
482 }
483 
484 
485 /*
486  * Makes choice for thread_id should be assigned.
487  * if input ~0, gets random worker_id based on unix_time_now_nsec
488 */
491 {
492  return ((thread_id) ? thread_id
493  : (unix_time_now_nsec () % vlib_num_workers ()) + 1);
494 }
495 
496 #endif /* __IPSEC_SPD_SA_H__ */
497 
498 /*
499  * fd.io coding-style-patch-verification: ON
500  *
501  * Local Variables:
502  * eval: (c-set-style "gnu")
503  * End:
504  */
fib_node_t node
Definition: ipsec_sa.h:162
#define CLIB_CACHE_LINE_ALIGN_MARK(mark)
Definition: cache.h:60
ip46_address_t tunnel_src_addr
Definition: ipsec_sa.h:175
#define PREDICT_TRUE(x)
Definition: clib.h:121
ipsec_integ_alg_t
Definition: ipsec_sa.h:59
unsigned long u64
Definition: types.h:89
uword unformat_ipsec_integ_alg(unformat_input_t *input, va_list *args)
Definition: ipsec_format.c:128
static u32 ipsec_sa_assign_thread(u32 thread_id)
Definition: ipsec_sa.h:490
#define foreach_ipsec_crypto_alg
Definition: ipsec_sa.h:23
ipsec_key_t crypto_key
Definition: ipsec_sa.h:168
ipsec_integ_alg_t integ_alg
Definition: ipsec_sa.h:171
u32 index_t
A Data-Path Object is an object that represents actions that are applied to packets are they are swit...
Definition: dpo.h:41
ipsec_protocol_t
Definition: ipsec_sa.h:67
#define foreach_ipsec_integ_alg
Definition: ipsec_sa.h:50
u8 * format_ipsec_integ_alg(u8 *s, va_list *args)
Definition: ipsec_format.c:110
int ipsec_sa_unlock_id(u32 id)
Definition: ipsec_sa.c:428
vnet_crypto_op_id_t integ_op_id
Definition: ipsec_sa.h:139
void ipsec_sa_unlock(index_t sai)
Definition: ipsec_sa.c:381
unsigned char u8
Definition: types.h:56
u32 seq_hi
Definition: ipsec_sa.h:122
vnet_crypto_key_index_t linked_key_index
Definition: ipsec_sa.h:146
enum walk_rc_t_ walk_rc_t
Walk return code.
vnet_crypto_key_index_t crypto_key_index
Definition: ipsec_sa.h:128
u64 replay_window
Definition: ipsec_sa.h:125
walk_rc_t(* ipsec_sa_walk_cb_t)(ipsec_sa_t *sa, void *ctx)
Definition: ipsec_sa.h:264
uword unformat_ipsec_key(unformat_input_t *input, va_list *args)
Definition: ipsec_format.c:242
int ipsec_sa_add_and_lock(u32 id, u32 spi, ipsec_protocol_t proto, ipsec_crypto_alg_t crypto_alg, const ipsec_key_t *ck, ipsec_integ_alg_t integ_alg, const ipsec_key_t *ik, ipsec_sa_flags_t flags, u32 tx_table_id, u32 salt, const ip46_address_t *tunnel_src_addr, const ip46_address_t *tunnel_dst_addr, u32 *sa_index, u16 src_port, u16 dst_port)
Definition: ipsec_sa.c:170
unsigned int u32
Definition: types.h:88
#define foreach_ipsec_sa_flags
Definition: ipsec_sa.h:88
ipsec_sa_flags_t flags
Definition: ipsec_sa.h:113
vnet_crypto_alg_t
Definition: crypto.h:124
u32 stat_index
Definition: ipsec_sa.h:164
u32 last_seq
Definition: ipsec_sa.h:123
u8 * format_ipsec_crypto_alg(u8 *s, va_list *args)
Definition: ipsec_format.c:78
The identity of a DPO is a combination of its type and its instance number/index of objects of that t...
Definition: dpo.h:170
u32 encrypt_thread_index
Definition: ipsec_sa.h:118
u32 tx_fib_index
Definition: ipsec_sa.h:181
long ctx[MAX_CONNS]
Definition: main.c:144
u32 salt
Definition: ipsec_sa.h:184
struct _unformat_input_t unformat_input_t
static void ipsec_sa_anti_replay_advance(ipsec_sa_t *sa, u32 seq)
Definition: ipsec_sa.h:425
unsigned short u16
Definition: types.h:57
fib_node_index_t fib_entry_index
Definition: ipsec_sa.h:178
u32 last_seq_hi
Definition: ipsec_sa.h:124
#define IPSEC_KEY_MAX_LEN
Definition: ipsec_sa.h:73
vnet_crypto_async_op_id_t crypto_async_dec_op_id
Definition: ipsec_sa.h:145
#define always_inline
Definition: ipsec.h:28
ipsec_sad_flags_t_
Definition: ipsec_sa.h:99
An node in the FIB graph.
Definition: fib_node.h:295
void ipsec_sa_set_crypto_alg(ipsec_sa_t *sa, ipsec_crypto_alg_t crypto_alg)
Definition: ipsec_sa.c:97
ip46_address_t tunnel_dst_addr
Definition: ipsec_sa.h:176
u8 esp_block_align
Definition: ipsec_sa.h:116
void ipsec_sa_lock(index_t sai)
Definition: ipsec_sa.c:395
foreach_ipsec_sa_flags vlib_combined_counter_main_t ipsec_sa_counters
SA packet & bytes counters.
Definition: ipsec_sa.c:27
u64 data
Definition: ipsec_sa.h:195
udp_header_t udp_hdr
Definition: ipsec_sa.h:160
enum ipsec_sad_flags_t_ ipsec_sa_flags_t
u32 fib_node_index_t
A typedef of a node index.
Definition: fib_types.h:30
static u64 unix_time_now_nsec(void)
Definition: time.h:270
u8 * format_ipsec_sa(u8 *s, va_list *args)
Definition: ipsec_format.c:269
#define IPSEC_SA_ANTI_REPLAY_WINDOW_MAX_INDEX
Definition: ipsec_sa.h:284
u8 data[IPSEC_KEY_MAX_LEN]
Definition: ipsec_sa.h:77
u64 crypto_op_data
Definition: ipsec_sa.h:149
ip6_header_t ip6_hdr
Definition: ipsec_sa.h:158
STATIC_ASSERT_OFFSET_OF(ipsec_sa_t, cacheline1, CLIB_CACHE_LINE_BYTES)
u32 vnet_crypto_key_index_t
Definition: crypto.h:346
static int ipsec_sa_anti_replay_check(ipsec_sa_t *sa, u32 seq)
Definition: ipsec_sa.h:298
ipsec_protocol_t protocol
Definition: ipsec_sa.h:165
vnet_crypto_async_op_id_t
Definition: crypto.h:159
u32 sibling
Definition: ipsec_sa.h:179
vnet_crypto_key_index_t integ_key_index
Definition: ipsec_sa.h:129
vnet_crypto_alg_t integ_calg
Definition: ipsec_sa.h:173
void ipsec_sa_walk(ipsec_sa_walk_cb_t cd, void *ctx)
Definition: ipsec_sa.c:450
u8 * format_ipsec_key(u8 *s, va_list *args)
Definition: ipsec_format.c:234
vnet_crypto_alg_t crypto_calg
Definition: ipsec_sa.h:169
void ipsec_sa_set_integ_alg(ipsec_sa_t *sa, ipsec_integ_alg_t integ_alg)
Definition: ipsec_sa.c:116
uword unformat_ipsec_crypto_alg(unformat_input_t *input, va_list *args)
Definition: ipsec_format.c:96
#define IPSEC_SA_ANTI_REPLAY_WINDOW_LOWER_BOUND(_tl)
Definition: ipsec_sa.h:291
u64 uword
Definition: types.h:112
void ipsec_mk_key(ipsec_key_t *key, const u8 *data, u8 len)
Definition: ipsec_sa.c:56
#define IPSEC_SA_ANTI_REPLAY_WINDOW_SIZE
Definition: ipsec_sa.h:283
ipsec_crypto_alg_t
Definition: ipsec_sa.h:37
u64 gcm_iv_counter
Definition: ipsec_sa.h:185
index_t ipsec_sa_find_and_lock(u32 id)
Definition: ipsec_sa.c:409
vnet_crypto_op_id_t crypto_enc_op_id
Definition: ipsec_sa.h:137
A collection of combined counters.
Definition: counter.h:188
vnet_crypto_op_id_t
Definition: crypto.h:196
dpo_id_t dpo
Definition: ipsec_sa.h:126
ipsec_crypto_alg_t crypto_alg
Definition: ipsec_sa.h:167
vnet_crypto_async_op_id_t crypto_async_enc_op_id
Definition: ipsec_sa.h:144
ip4_header_t ip4_hdr
Definition: ipsec_sa.h:157
static u32 vlib_num_workers()
Definition: threads.h:377
struct ipsec_key_t_ ipsec_key_t
u8 crypto_iv_size
Definition: ipsec_sa.h:115
#define CLIB_CACHE_LINE_BYTES
Definition: cache.h:59
ipsec_key_t integ_key
Definition: ipsec_sa.h:172
void ipsec_sa_clear(index_t sai)
Definition: ipsec_sa.c:444
vnet_crypto_op_id_t crypto_dec_op_id
Definition: ipsec_sa.h:138
u8 integ_icv_size
Definition: ipsec_sa.h:117
u32 decrypt_thread_index
Definition: ipsec_sa.h:119
STATIC_ASSERT(sizeof(ipsec_sa_flags_t)==1, "IPSEC SA flags > 1 byte")