diff options
author | Radu Nicolau <radu.nicolau@intel.com> | 2017-02-16 16:49:46 +0000 |
---|---|---|
committer | Damjan Marion <dmarion.lists@gmail.com> | 2017-02-17 16:32:26 +0000 |
commit | cb33dc2d7a566d571c86b950b4aa92dd7ae01c3c (patch) | |
tree | cc767067b6dcaad882982088bd0c62d98a148e23 /src/vnet/ipsec/ikev2_crypto.c | |
parent | 665e482f2422cab52da221b019bb81993d7950f3 (diff) |
Implemented IKEv2 initiator features:
- IKE_SA_INIT and IKE_AUTH initial exchanges
- Delete IKA SA
- Rekey and delete Child SA
- Child SAs lifetime policy
To set up one VPP instance as the initiator use the following CLI commands (or API equivalents):
ikev2 profile set <id> responder <interface> <addr>
ikev2 profile set <id> ike-crypto-alg <crypto alg> <key size> ike-integ-alg <integ alg> ike-dh <dh type>
ikev2 profile set <id> esp-crypto-alg <crypto alg> <key size> esp-integ-alg <integ alg> esp-dh <dh type>
ikev2 profile set <id> sa-lifetime <seconds> <jitter> <handover> <max bytes>
and finally
ikev2 initiate sa-init <profile id> to initiate the IKE_SA_INIT exchange
Child SA re-keying process:
1. Child SA expires
2. A new Child SA is created using the Child SA rekey exchange
3. For a set time both SAs are alive
4. After the set time interval expires old SA is deleted
Any additional settings will not be carried over (i.e. settings of the ipsec<x> interface associated with the Child SA)
CLI API additions:
ikev2 profile set <id> responder <interface> <addr>
ikev2 profile set <id> ike-crypto-alg <crypto alg> <key size> ike-integ-alg <integ alg> ike-dh <dh type>
ikev2 profile set <id> esp-crypto-alg <crypto alg> <key size> esp-integ-alg <integ alg> esp-dh <dh type>
ikev2 profile set <id> sa-lifetime <seconds> <jitter> <handover> <max bytes>
ikev2 initiate sa-init <profile id>
ikev2 initiate del-child-sa <child sa ispi>
ikev2 initiate del-sa <sa ispi>
ikev2 initiate rekey-child-sa <profile id> <child sa ispi>
Sample configurations:
Responder:
ikev2 profile add pr1
ikev2 profile set pr1 auth shared-key-mic string Vpp123
ikev2 profile set pr1 id local fqdn vpp.home.responder
ikev2 profile set pr1 id remote fqdn vpp.home.initiator
ikev2 profile set pr1 traffic-selector remote ip-range 192.168.125.0 - 192.168.125.255 port-range 0 - 65535 protocol 0
ikev2 profile set pr1 traffic-selector local ip-range 192.168.124.0 - 192.168.124.255 port-range 0 - 65535 protocol 0
Initiator:
ikev2 profile add pr1
ikev2 profile set pr1 auth shared-key-mic string Vpp123
ikev2 profile set pr1 id local fqdn vpp.home.initiator
ikev2 profile set pr1 id remote fqdn vpp.home.responder
ikev2 profile set pr1 traffic-selector local ip-range 192.168.125.0 - 192.168.125.255 port-range 0 - 65535 protocol 0
ikev2 profile set pr1 traffic-selector remote ip-range 192.168.124.0 - 192.168.124.255 port-range 0 - 65535 protocol 0
ikev2 profile set pr1 responder TenGigabitEthernet3/0/1 192.168.40.20
ikev2 profile set pr1 ike-crypto-alg aes-cbc 192 ike-integ-alg sha1-96 ike-dh modp-2048
ikev2 profile set pr1 esp-crypto-alg aes-cbc 192 esp-integ-alg sha1-96 esp-dh ecp-256
ikev2 profile set pr1 sa-lifetime 3600 10 5 0
Change-Id: I1db9084dc787129ea61298223fb7585a6f7eaf9e
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
Diffstat (limited to 'src/vnet/ipsec/ikev2_crypto.c')
-rw-r--r-- | src/vnet/ipsec/ikev2_crypto.c | 149 |
1 files changed, 129 insertions, 20 deletions
diff --git a/src/vnet/ipsec/ikev2_crypto.c b/src/vnet/ipsec/ikev2_crypto.c index 32927629c5e..c201d3eb41f 100644 --- a/src/vnet/ipsec/ikev2_crypto.c +++ b/src/vnet/ipsec/ikev2_crypto.c @@ -343,6 +343,7 @@ ikev2_decrypt_data (ikev2_sa_t * sa, u8 * data, int len) v8 *r; int out_len = 0, block_size; ikev2_sa_transform_t *tr_encr; + u8 *key = sa->is_initiator ? sa->sk_er : sa->sk_ei; tr_encr = ikev2_sa_get_td_for_type (sa->r_proposals, IKEV2_TRANSFORM_TYPE_ENCR); @@ -357,7 +358,7 @@ ikev2_decrypt_data (ikev2_sa_t * sa, u8 * data, int len) EVP_CIPHER_CTX_init (&ctx); r = vec_new (u8, len - block_size); - EVP_DecryptInit_ex (&ctx, tr_encr->cipher, NULL, sa->sk_ei, data); + EVP_DecryptInit_ex (&ctx, tr_encr->cipher, NULL, key, data); EVP_DecryptUpdate (&ctx, r, &out_len, data + block_size, len - block_size); EVP_DecryptFinal_ex (&ctx, r + out_len, &out_len); @@ -375,6 +376,7 @@ ikev2_encrypt_data (ikev2_sa_t * sa, v8 * src, u8 * dst) int out_len; int bs; ikev2_sa_transform_t *tr_encr; + u8 *key = sa->is_initiator ? sa->sk_ei : sa->sk_er; tr_encr = ikev2_sa_get_td_for_type (sa->r_proposals, IKEV2_TRANSFORM_TYPE_ENCR); @@ -385,7 +387,7 @@ ikev2_encrypt_data (ikev2_sa_t * sa, v8 * src, u8 * dst) EVP_CIPHER_CTX_init (&ctx); - EVP_EncryptInit_ex (&ctx, tr_encr->cipher, NULL, sa->sk_er, dst /* dst */ ); + EVP_EncryptInit_ex (&ctx, tr_encr->cipher, NULL, key, dst /* dst */ ); EVP_EncryptUpdate (&ctx, dst + bs, &out_len, src, vec_len (src)); EVP_CIPHER_CTX_cleanup (&ctx); @@ -407,16 +409,29 @@ ikev2_generate_dh (ikev2_sa_t * sa, ikev2_sa_transform_t * t) BN_hex2bn (&dh->g, t->dh_g); DH_generate_key (dh); - sa->r_dh_data = vec_new (u8, t->key_len); - r = BN_bn2bin (dh->pub_key, sa->r_dh_data); - ASSERT (r == t->key_len); + if (sa->is_initiator) + { + sa->i_dh_data = vec_new (u8, t->key_len); + r = BN_bn2bin (dh->pub_key, sa->i_dh_data); + ASSERT (r == t->key_len); - BIGNUM *ex; - sa->dh_shared_key = vec_new (u8, t->key_len); - ex = BN_bin2bn (sa->i_dh_data, vec_len (sa->i_dh_data), NULL); - r = DH_compute_key (sa->dh_shared_key, ex, dh); - ASSERT (r == t->key_len); - BN_clear_free (ex); + sa->dh_private_key = vec_new (u8, t->key_len); + r = BN_bn2bin (dh->priv_key, sa->dh_private_key); + ASSERT (r == t->key_len); + + } + else + { + sa->r_dh_data = vec_new (u8, t->key_len); + r = BN_bn2bin (dh->pub_key, sa->r_dh_data); + ASSERT (r == t->key_len); + BIGNUM *ex; + sa->dh_shared_key = vec_new (u8, t->key_len); + ex = BN_bin2bn (sa->i_dh_data, vec_len (sa->i_dh_data), NULL); + r = DH_compute_key (sa->dh_shared_key, ex, dh); + ASSERT (r == t->key_len); + BN_clear_free (ex); + } DH_free (dh); } else if (t->dh_group == IKEV2_DH_GROUP_ECP) @@ -439,21 +454,113 @@ ikev2_generate_dh (ikev2_sa_t * sa, ikev2_sa_transform_t * t) len = t->key_len / 2; EC_POINT_get_affine_coordinates_GFp (group, r_point, x, y, bn_ctx); - sa->r_dh_data = vec_new (u8, t->key_len); - x_off = len - BN_num_bytes (x); - memset (sa->r_dh_data, 0, x_off); - BN_bn2bin (x, sa->r_dh_data + x_off); - y_off = t->key_len - BN_num_bytes (y); - memset (sa->r_dh_data + len, 0, y_off - len); - BN_bn2bin (y, sa->r_dh_data + y_off); + + if (sa->is_initiator) + { + sa->i_dh_data = vec_new (u8, t->key_len); + x_off = len - BN_num_bytes (x); + memset (sa->i_dh_data, 0, x_off); + BN_bn2bin (x, sa->i_dh_data + x_off); + y_off = t->key_len - BN_num_bytes (y); + memset (sa->i_dh_data + len, 0, y_off - len); + BN_bn2bin (y, sa->i_dh_data + y_off); + + const BIGNUM *prv = EC_KEY_get0_private_key (ec); + sa->dh_private_key = vec_new (u8, BN_num_bytes (prv)); + r = BN_bn2bin (prv, sa->dh_private_key); + ASSERT (r == BN_num_bytes (prv)); + } + else + { + sa->r_dh_data = vec_new (u8, t->key_len); + x_off = len - BN_num_bytes (x); + memset (sa->r_dh_data, 0, x_off); + BN_bn2bin (x, sa->r_dh_data + x_off); + y_off = t->key_len - BN_num_bytes (y); + memset (sa->r_dh_data + len, 0, y_off - len); + BN_bn2bin (y, sa->r_dh_data + y_off); + + x = BN_bin2bn (sa->i_dh_data, len, x); + y = BN_bin2bn (sa->i_dh_data + len, len, y); + EC_POINT_set_affine_coordinates_GFp (group, i_point, x, y, bn_ctx); + sa->dh_shared_key = vec_new (u8, t->key_len); + EC_POINT_mul (group, shared_point, NULL, i_point, + EC_KEY_get0_private_key (ec), NULL); + EC_POINT_get_affine_coordinates_GFp (group, shared_point, x, y, + bn_ctx); + x_off = len - BN_num_bytes (x); + memset (sa->dh_shared_key, 0, x_off); + BN_bn2bin (x, sa->dh_shared_key + x_off); + y_off = t->key_len - BN_num_bytes (y); + memset (sa->dh_shared_key + len, 0, y_off - len); + BN_bn2bin (y, sa->dh_shared_key + y_off); + } + + EC_KEY_free (ec); + BN_free (x); + BN_free (y); + BN_CTX_free (bn_ctx); + EC_POINT_free (i_point); + EC_POINT_free (shared_point); + } +} + +void +ikev2_complete_dh (ikev2_sa_t * sa, ikev2_sa_transform_t * t) +{ + int r; + + if (t->dh_group == IKEV2_DH_GROUP_MODP) + { + DH *dh = DH_new (); + BN_hex2bn (&dh->p, t->dh_p); + BN_hex2bn (&dh->g, t->dh_g); + dh->priv_key = + BN_bin2bn (sa->dh_private_key, vec_len (sa->dh_private_key), NULL); + + BIGNUM *ex; + sa->dh_shared_key = vec_new (u8, t->key_len); + ex = BN_bin2bn (sa->r_dh_data, vec_len (sa->r_dh_data), NULL); + r = DH_compute_key (sa->dh_shared_key, ex, dh); + ASSERT (r == t->key_len); + BN_clear_free (ex); + DH_free (dh); + } + else if (t->dh_group == IKEV2_DH_GROUP_ECP) + { + EC_KEY *ec = EC_KEY_new_by_curve_name (t->nid); + ASSERT (ec); + + const EC_GROUP *group = EC_KEY_get0_group (ec); + BIGNUM *x = NULL, *y = NULL; + BN_CTX *bn_ctx = BN_CTX_new (); + u16 x_off, y_off, len; + BIGNUM *prv; + + prv = + BN_bin2bn (sa->dh_private_key, vec_len (sa->dh_private_key), NULL); + EC_KEY_set_private_key (ec, prv); + + x = BN_new (); + y = BN_new (); + len = t->key_len / 2; + + x = BN_bin2bn (sa->r_dh_data, len, x); + y = BN_bin2bn (sa->r_dh_data + len, len, y); + EC_POINT *r_point = EC_POINT_new (group); + EC_POINT_set_affine_coordinates_GFp (group, r_point, x, y, bn_ctx); + EC_KEY_set_public_key (ec, r_point); + + EC_POINT *i_point = EC_POINT_new (group); + EC_POINT *shared_point = EC_POINT_new (group); x = BN_bin2bn (sa->i_dh_data, len, x); y = BN_bin2bn (sa->i_dh_data + len, len, y); EC_POINT_set_affine_coordinates_GFp (group, i_point, x, y, bn_ctx); - sa->dh_shared_key = vec_new (u8, t->key_len); - EC_POINT_mul (group, shared_point, NULL, i_point, + EC_POINT_mul (group, shared_point, NULL, r_point, EC_KEY_get0_private_key (ec), NULL); EC_POINT_get_affine_coordinates_GFp (group, shared_point, x, y, bn_ctx); + sa->dh_shared_key = vec_new (u8, t->key_len); x_off = len - BN_num_bytes (x); memset (sa->dh_shared_key, 0, x_off); BN_bn2bin (x, sa->dh_shared_key + x_off); @@ -464,8 +571,10 @@ ikev2_generate_dh (ikev2_sa_t * sa, ikev2_sa_transform_t * t) EC_KEY_free (ec); BN_free (x); BN_free (y); + BN_free (prv); BN_CTX_free (bn_ctx); EC_POINT_free (i_point); + EC_POINT_free (r_point); EC_POINT_free (shared_point); } } |