summaryrefslogtreecommitdiffstats
path: root/src/plugins/ikev2/ikev2_crypto.c
diff options
context:
space:
mode:
authorFilip Tehlar <ftehlar@cisco.com>2020-07-08 13:25:34 +0000
committerBenoƮt Ganne <bganne@cisco.com>2020-07-15 16:12:16 +0000
commita7b963df2758d7c25de366db1999ca1024e12d30 (patch)
tree5cbf77b9e1248239b193324dc1af17df15724bd1 /src/plugins/ikev2/ikev2_crypto.c
parent8046fdc10b14fd161ee81d0a25cfa79793ef698b (diff)
ikev2: add support for AES-GCM cipher in IKE
Type: feature Ticket: VPP-1920 Change-Id: I6e30f3594cb30553f3ca5a35e0a4f679325aacec Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Diffstat (limited to 'src/plugins/ikev2/ikev2_crypto.c')
-rw-r--r--src/plugins/ikev2/ikev2_crypto.c123
1 files changed, 92 insertions, 31 deletions
diff --git a/src/plugins/ikev2/ikev2_crypto.c b/src/plugins/ikev2/ikev2_crypto.c
index 5a07bde9b0a..b1fdf890e08 100644
--- a/src/plugins/ikev2/ikev2_crypto.c
+++ b/src/plugins/ikev2/ikev2_crypto.c
@@ -256,10 +256,7 @@ static const char modp_dh_2048_256_generator[] =
v8 *
ikev2_calc_prf (ikev2_sa_transform_t * tr, v8 * key, v8 * data)
{
- ikev2_main_t *km = &ikev2_main;
- u32 thread_index = vlib_get_thread_index ();
- ikev2_main_per_thread_data_t *ptd =
- vec_elt_at_index (km->per_thread_data, thread_index);
+ ikev2_main_per_thread_data_t *ptd = ikev2_get_per_thread_data ();
HMAC_CTX *ctx = ptd->hmac_ctx;
v8 *prf;
unsigned int len = 0;
@@ -318,10 +315,7 @@ ikev2_calc_prfplus (ikev2_sa_transform_t * tr, u8 * key, u8 * seed, int len)
v8 *
ikev2_calc_integr (ikev2_sa_transform_t * tr, v8 * key, u8 * data, int len)
{
- ikev2_main_t *km = &ikev2_main;
- u32 thread_index = vlib_get_thread_index ();
- ikev2_main_per_thread_data_t *ptd =
- vec_elt_at_index (km->per_thread_data, thread_index);
+ ikev2_main_per_thread_data_t *ptd = ikev2_get_per_thread_data ();
HMAC_CTX *ctx = ptd->hmac_ctx;
v8 *r;
unsigned int l;
@@ -348,20 +342,60 @@ ikev2_calc_integr (ikev2_sa_transform_t * tr, v8 * key, u8 * data, int len)
return r;
}
+static_always_inline void
+ikev2_init_gcm_nonce (u8 * nonce, u8 * salt, u8 * iv)
+{
+ clib_memcpy (nonce, salt, IKEV2_GCM_SALT_SIZE);
+ clib_memcpy (nonce + IKEV2_GCM_SALT_SIZE, iv, IKEV2_GCM_IV_SIZE);
+}
+
+u8 *
+ikev2_decrypt_aead_data (ikev2_main_per_thread_data_t * ptd, ikev2_sa_t * sa,
+ ikev2_sa_transform_t * tr_encr, u8 * data,
+ int data_len, u8 * aad, u32 aad_len, u8 * tag)
+{
+ EVP_CIPHER_CTX *ctx = ptd->evp_ctx;
+ int len = 0;
+ u8 *key = sa->is_initiator ? sa->sk_er : sa->sk_ei;
+ u8 nonce[IKEV2_GCM_NONCE_SIZE];
+
+ if (data_len <= IKEV2_GCM_IV_SIZE)
+ /* runt data */
+ return 0;
+
+ /* extract salt from the end of the key */
+ u8 *salt = key + vec_len (key) - IKEV2_GCM_SALT_SIZE;
+ ikev2_init_gcm_nonce (nonce, salt, data);
+
+ data += IKEV2_GCM_IV_SIZE;
+ data_len -= IKEV2_GCM_IV_SIZE;
+ v8 *r = vec_new (u8, data_len);
+
+ EVP_DecryptInit_ex (ctx, tr_encr->cipher, 0, 0, 0);
+ EVP_CIPHER_CTX_ctrl (ctx, EVP_CTRL_GCM_SET_IVLEN, 12, 0);
+ EVP_DecryptInit_ex (ctx, 0, 0, key, nonce);
+ EVP_DecryptUpdate (ctx, 0, &len, aad, aad_len);
+ EVP_DecryptUpdate (ctx, r, &len, data, data_len);
+ EVP_CIPHER_CTX_ctrl (ctx, EVP_CTRL_GCM_SET_TAG, IKEV2_GCM_ICV_SIZE, tag);
+
+ if (EVP_DecryptFinal_ex (ctx, r + len, &len) > 0)
+ {
+ /* remove padding */
+ _vec_len (r) -= r[vec_len (r) - 1] + 1;
+ return r;
+ }
+
+ vec_free (r);
+ return 0;
+}
+
v8 *
-ikev2_decrypt_data (ikev2_sa_t * sa, u8 * data, int len)
+ikev2_decrypt_data (ikev2_main_per_thread_data_t * ptd, ikev2_sa_t * sa,
+ ikev2_sa_transform_t * tr_encr, u8 * data, int len)
{
- ikev2_main_t *km = &ikev2_main;
- u32 thread_index = vlib_get_thread_index ();
- ikev2_main_per_thread_data_t *ptd =
- vec_elt_at_index (km->per_thread_data, thread_index);
EVP_CIPHER_CTX *ctx = ptd->evp_ctx;
int out_len = 0, block_size;
- ikev2_sa_transform_t *tr_encr;
u8 *key = sa->is_initiator ? sa->sk_er : sa->sk_ei;
-
- tr_encr =
- ikev2_sa_get_td_for_type (sa->r_proposals, IKEV2_TRANSFORM_TYPE_ENCR);
block_size = tr_encr->block_size;
/* check if data is multiplier of cipher block size */
@@ -382,28 +416,55 @@ ikev2_decrypt_data (ikev2_sa_t * sa, u8 * data, int len)
}
int
-ikev2_encrypt_data (ikev2_sa_t * sa, v8 * src, u8 * dst)
+ikev2_encrypt_aead_data (ikev2_main_per_thread_data_t * ptd, ikev2_sa_t * sa,
+ ikev2_sa_transform_t * tr_encr,
+ v8 * src, u8 * dst, u8 * aad, u32 aad_len, u8 * tag)
{
- ikev2_main_t *km = &ikev2_main;
- u32 thread_index = vlib_get_thread_index ();
- ikev2_main_per_thread_data_t *ptd =
- vec_elt_at_index (km->per_thread_data, thread_index);
EVP_CIPHER_CTX *ctx = ptd->evp_ctx;
- int out_len;
- int bs;
- ikev2_sa_transform_t *tr_encr;
+ int out_len = 0, len = 0;
+ u8 nonce[IKEV2_GCM_NONCE_SIZE];
u8 *key = sa->is_initiator ? sa->sk_ei : sa->sk_er;
- tr_encr =
- ikev2_sa_get_td_for_type (sa->r_proposals, IKEV2_TRANSFORM_TYPE_ENCR);
- bs = tr_encr->block_size;
+ /* generate IV; its length must be 8 octets for aes-gcm (rfc5282) */
+ RAND_bytes (dst, IKEV2_GCM_IV_SIZE);
+ ikev2_init_gcm_nonce (nonce, key + vec_len (key) - IKEV2_GCM_SALT_SIZE,
+ dst);
+ dst += IKEV2_GCM_IV_SIZE;
+
+ EVP_EncryptInit_ex (ctx, tr_encr->cipher, 0, 0, 0);
+ EVP_CIPHER_CTX_ctrl (ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL);
+ EVP_EncryptInit_ex (ctx, 0, 0, key, nonce);
+ EVP_EncryptUpdate (ctx, NULL, &out_len, aad, aad_len);
+ EVP_EncryptUpdate (ctx, dst, &out_len, src, vec_len (src));
+ EVP_EncryptFinal_ex (ctx, dst + out_len, &len);
+ EVP_CIPHER_CTX_ctrl (ctx, EVP_CTRL_GCM_GET_TAG, 16, tag);
+ out_len += len;
+ ASSERT (vec_len (src) == out_len);
+
+ return out_len + IKEV2_GCM_IV_SIZE;
+}
+
+int
+ikev2_encrypt_data (ikev2_main_per_thread_data_t * ptd, ikev2_sa_t * sa,
+ ikev2_sa_transform_t * tr_encr, v8 * src, u8 * dst)
+{
+ EVP_CIPHER_CTX *ctx = ptd->evp_ctx;
+ int out_len = 0, len = 0;
+ int bs = tr_encr->block_size;
+ u8 *key = sa->is_initiator ? sa->sk_ei : sa->sk_er;
/* generate IV */
- RAND_bytes (dst, bs);
+ u8 *iv = dst;
+ RAND_bytes (iv, bs);
+ dst += bs;
- EVP_EncryptInit_ex (ctx, tr_encr->cipher, NULL, key, dst /* dst */ );
- EVP_EncryptUpdate (ctx, dst + bs, &out_len, src, vec_len (src));
+ EVP_EncryptInit_ex (ctx, tr_encr->cipher, NULL, key, iv);
+ /* disable padding as pad data were added before */
+ EVP_CIPHER_CTX_set_padding (ctx, 0);
+ EVP_EncryptUpdate (ctx, dst, &out_len, src, vec_len (src));
+ EVP_EncryptFinal_ex (ctx, dst + out_len, &len);
+ out_len += len;
ASSERT (vec_len (src) == out_len);
return out_len + bs;