summaryrefslogtreecommitdiffstats
path: root/src/plugins/wireguard/wireguard_key.c
diff options
context:
space:
mode:
authorArtem Glazychev <artem.glazychev@xored.com>2020-08-31 17:12:30 +0700
committerDamjan Marion <dmarion@me.com>2020-09-09 11:57:48 +0000
commitedca1325cf296bd0f5ff422fc12de2ce7a7bad88 (patch)
treefb12d12bd4193c5b2c7559d98aba9dc5d2f14e85 /src/plugins/wireguard/wireguard_key.c
parentef80ad6bff03e3cc35950de0e15e4821ef3f7c04 (diff)
wireguard: initial implementation of wireguard protocol
Type: feature The main information about plugin you can see in README.md vpp# wireguard ? wireguard create wireguard create listen-port <port> private-key <key> src <IP> [generate-key] wireguard delete wireguard delete <interface> wireguard peer add wireguard peer add <wg_int> public-key <pub_key_other>endpoint <ip4_dst> allowed-ip <prefix>dst-port [port_dst] persistent-keepalive [keepalive_interval] wireguard peer remove wireguard peer remove <index> Change-Id: I85eb0bfc033ccfb2045696398d8a108b1c64b8d9 Signed-off-by: Artem Glazychev <artem.glazychev@xored.com> Signed-off-by: Damjan Marion <damarion@cisco.com> Signed-off-by: Jim Thompson <jim@netgate.com> Signed-off-by: Neale Ranns <nranns@cisco.com> Signed-off-by: Damjan Marion <damarion@cisco.com>
Diffstat (limited to 'src/plugins/wireguard/wireguard_key.c')
-rwxr-xr-xsrc/plugins/wireguard/wireguard_key.c126
1 files changed, 126 insertions, 0 deletions
diff --git a/src/plugins/wireguard/wireguard_key.c b/src/plugins/wireguard/wireguard_key.c
new file mode 100755
index 00000000000..db8c4864492
--- /dev/null
+++ b/src/plugins/wireguard/wireguard_key.c
@@ -0,0 +1,126 @@
+/*
+ * Copyright (c) 2020 Doc.ai and/or its affiliates.
+ * Copyright (c) 2005-2011 Jouni Malinen <j@w1.fi>.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <wireguard/wireguard_key.h>
+#include <openssl/evp.h>
+
+bool
+curve25519_gen_shared (u8 shared_key[CURVE25519_KEY_SIZE],
+ const u8 secret_key[CURVE25519_KEY_SIZE],
+ const u8 basepoint[CURVE25519_KEY_SIZE])
+{
+
+ bool ret;
+ EVP_PKEY_CTX *ctx;
+ size_t key_len;
+
+ EVP_PKEY *peerkey = NULL;
+ EVP_PKEY *pkey =
+ EVP_PKEY_new_raw_private_key (EVP_PKEY_X25519, NULL, secret_key,
+ CURVE25519_KEY_SIZE);
+
+ ret = true;
+
+ ctx = EVP_PKEY_CTX_new (pkey, NULL);
+ if (EVP_PKEY_derive_init (ctx) <= 0)
+ {
+ ret = false;
+ goto out;
+ }
+
+ peerkey =
+ EVP_PKEY_new_raw_public_key (EVP_PKEY_X25519, NULL, basepoint,
+ CURVE25519_KEY_SIZE);
+ if (EVP_PKEY_derive_set_peer (ctx, peerkey) <= 0)
+ {
+ ret = false;
+ goto out;
+ }
+
+ key_len = CURVE25519_KEY_SIZE;
+ if (EVP_PKEY_derive (ctx, shared_key, &key_len) <= 0)
+ {
+ ret = false;
+ }
+
+out:
+ EVP_PKEY_CTX_free (ctx);
+ EVP_PKEY_free (pkey);
+ EVP_PKEY_free (peerkey);
+ return ret;
+}
+
+bool
+curve25519_gen_public (u8 public_key[CURVE25519_KEY_SIZE],
+ const u8 secret_key[CURVE25519_KEY_SIZE])
+{
+ size_t pub_len;
+ EVP_PKEY *pkey =
+ EVP_PKEY_new_raw_private_key (EVP_PKEY_X25519, NULL, secret_key,
+ CURVE25519_KEY_SIZE);
+ pub_len = CURVE25519_KEY_SIZE;
+ if (!EVP_PKEY_get_raw_public_key (pkey, public_key, &pub_len))
+ {
+ EVP_PKEY_free (pkey);
+ return false;
+ }
+ EVP_PKEY_free (pkey);
+ return true;
+}
+
+bool
+curve25519_gen_secret (u8 secret_key[CURVE25519_KEY_SIZE])
+{
+ size_t secret_len;
+ EVP_PKEY *pkey = NULL;
+ EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id (EVP_PKEY_X25519, NULL);
+ EVP_PKEY_keygen_init (pctx);
+ EVP_PKEY_keygen (pctx, &pkey);
+ EVP_PKEY_CTX_free (pctx);
+
+ secret_len = CURVE25519_KEY_SIZE;
+ if (!EVP_PKEY_get_raw_private_key (pkey, secret_key, &secret_len))
+ {
+ EVP_PKEY_free (pkey);
+ return false;
+ }
+ EVP_PKEY_free (pkey);
+ return true;
+}
+
+bool
+key_to_base64 (const u8 * src, size_t src_len, u8 * out)
+{
+ if (!EVP_EncodeBlock (out, src, src_len))
+ return false;
+ return true;
+}
+
+bool
+key_from_base64 (const u8 * src, size_t src_len, u8 * out)
+{
+ if (EVP_DecodeBlock (out, src, src_len - 1) <= 0)
+ return false;
+ return true;
+}
+
+/*
+ * fd.io coding-style-patch-verification: ON
+ *
+ * Local Variables:
+ * eval: (c-set-style "gnu")
+ * End:
+ */