diff options
Diffstat (limited to 'vnet/vnet/ipsec/ikev2_crypto.c')
-rw-r--r-- | vnet/vnet/ipsec/ikev2_crypto.c | 753 |
1 files changed, 753 insertions, 0 deletions
diff --git a/vnet/vnet/ipsec/ikev2_crypto.c b/vnet/vnet/ipsec/ikev2_crypto.c new file mode 100644 index 00000000000..b8dce034e3f --- /dev/null +++ b/vnet/vnet/ipsec/ikev2_crypto.c @@ -0,0 +1,753 @@ +/* + * Copyright (c) 2015 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include <vlib/vlib.h> +#include <vnet/vnet.h> +#include <vnet/pg/pg.h> +#include <vppinfra/error.h> +#include <vnet/ip/udp.h> +#include <vnet/ipsec/ikev2.h> +#include <vnet/ipsec/ikev2_priv.h> +#include <openssl/obj_mac.h> +#include <openssl/ec.h> +#include <openssl/x509.h> +#include <openssl/pem.h> +#include <openssl/bn.h> + +/* from RFC7296 */ +static const char modp_dh_768_prime[] = +"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" +"29024E088A67CC74020BBEA63B139B22514A08798E3404DD" +"EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" +"E485B576625E7EC6F44C42E9A63A3620FFFFFFFFFFFFFFFF"; +static const char modp_dh_768_generator[] = "02"; + +static const char modp_dh_1024_prime[] = +"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" +"29024E088A67CC74020BBEA63B139B22514A08798E3404DD" +"EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" +"E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" +"EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381" +"FFFFFFFFFFFFFFFF"; +static const char modp_dh_1024_generator[] = "02"; + +/* from RFC3526 */ +static const char modp_dh_1536_prime[] = +"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" +"29024E088A67CC74020BBEA63B139B22514A08798E3404DD" +"EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" +"E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" +"EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" +"C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" +"83655D23DCA3AD961C62F356208552BB9ED529077096966D" +"670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF"; +static const char modp_dh_1536_generator[] = "02"; + +static const char modp_dh_2048_prime[] = +"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" +"29024E088A67CC74020BBEA63B139B22514A08798E3404DD" +"EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" +"E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" +"EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" +"C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" +"83655D23DCA3AD961C62F356208552BB9ED529077096966D" +"670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" +"E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" +"DE2BCBF6955817183995497CEA956AE515D2261898FA0510" +"15728E5A8AACAA68FFFFFFFFFFFFFFFF"; +static const char modp_dh_2048_generator[] = "02"; + +static const char modp_dh_3072_prime[] = +"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" +"29024E088A67CC74020BBEA63B139B22514A08798E3404DD" +"EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" +"E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" +"EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" +"C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" +"83655D23DCA3AD961C62F356208552BB9ED529077096966D" +"670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" +"E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" +"DE2BCBF6955817183995497CEA956AE515D2261898FA0510" +"15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" +"ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" +"ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" +"F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" +"BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" +"43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF"; +static const char modp_dh_3072_generator[] = "02"; + +static const char modp_dh_4096_prime[] = +"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" +"29024E088A67CC74020BBEA63B139B22514A08798E3404DD" +"EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" +"E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" +"EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" +"C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" +"83655D23DCA3AD961C62F356208552BB9ED529077096966D" +"670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" +"E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" +"DE2BCBF6955817183995497CEA956AE515D2261898FA0510" +"15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" +"ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" +"ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" +"F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" +"BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" +"43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7" +"88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA" +"2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6" +"287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED" +"1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9" +"93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199" +"FFFFFFFFFFFFFFFF"; +static const char modp_dh_4096_generator[] = "02"; + +static const char modp_dh_6144_prime[] = +"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E08" +"8A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B" +"302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9" +"A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE6" +"49286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8" +"FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D" +"670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C" +"180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF695581718" +"3995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D" +"04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7D" +"B3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D226" +"1AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200C" +"BBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFC" +"E0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B26" +"99C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB" +"04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2" +"233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127" +"D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492" +"36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406" +"AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918" +"DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B33205151" +"2BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03" +"F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97F" +"BEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA" +"CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58B" +"B7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632" +"387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E" +"6DCC4024FFFFFFFFFFFFFFFF"; +static const char modp_dh_6144_generator[] = "02"; + +static const char modp_dh_8192_prime[] = +"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" +"29024E088A67CC74020BBEA63B139B22514A08798E3404DD" +"EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" +"E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" +"EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" +"C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" +"83655D23DCA3AD961C62F356208552BB9ED529077096966D" +"670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" +"E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" +"DE2BCBF6955817183995497CEA956AE515D2261898FA0510" +"15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" +"ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" +"ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" +"F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" +"BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" +"43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7" +"88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA" +"2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6" +"287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED" +"1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9" +"93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492" +"36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BD" +"F8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831" +"179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1B" +"DB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF" +"5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6" +"D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F3" +"23A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA" +"CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE328" +"06A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55C" +"DA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE" +"12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E4" +"38777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300" +"741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F568" +"3423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD9" +"22222E04A4037C0713EB57A81A23F0C73473FC646CEA306B" +"4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A" +"062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A36" +"4597E899A0255DC164F31CC50846851DF9AB48195DED7EA1" +"B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F92" +"4009438B481C6CD7889A002ED5EE382BC9190DA6FC026E47" +"9558E4475677E9AA9E3050E2765694DFC81F56E880B96E71" +"60C980DD98EDD3DFFFFFFFFFFFFFFFFF"; +static const char modp_dh_8192_generator[] = "02"; + +/* from RFC5114 */ +static const char modp_dh_1024_160_prime[] = +"B10B8F96A080E01DDE92DE5EAE5D54EC52C99FBCFB06A3C6" +"9A6A9DCA52D23B616073E28675A23D189838EF1E2EE652C0" +"13ECB4AEA906112324975C3CD49B83BFACCBDD7D90C4BD70" +"98488E9C219A73724EFFD6FAE5644738FAA31A4FF55BCCC0" +"A151AF5F0DC8B4BD45BF37DF365C1A65E68CFDA76D4DA708" +"DF1FB2BC2E4A4371"; +static const char modp_dh_1024_160_generator[] = +"A4D1CBD5C3FD34126765A442EFB99905F8104DD258AC507F" +"D6406CFF14266D31266FEA1E5C41564B777E690F5504F213" +"160217B4B01B886A5E91547F9E2749F4D7FBD7D3B9A92EE1" +"909D0D2263F80A76A6A24C087A091F531DBF0A0169B6A28A" +"D662A4D18E73AFA32D779D5918D08BC8858F4DCEF97C2A24" +"855E6EEB22B3B2E5"; + +static const char modp_dh_2048_224_prime[] = +"AD107E1E9123A9D0D660FAA79559C51FA20D64E5683B9FD1" +"B54B1597B61D0A75E6FA141DF95A56DBAF9A3C407BA1DF15" +"EB3D688A309C180E1DE6B85A1274A0A66D3F8152AD6AC212" +"9037C9EDEFDA4DF8D91E8FEF55B7394B7AD5B7D0B6C12207" +"C9F98D11ED34DBF6C6BA0B2C8BBC27BE6A00E0A0B9C49708" +"B3BF8A317091883681286130BC8985DB1602E714415D9330" +"278273C7DE31EFDC7310F7121FD5A07415987D9ADC0A486D" +"CDF93ACC44328387315D75E198C641A480CD86A1B9E587E8" +"BE60E69CC928B2B9C52172E413042E9B23F10B0E16E79763" +"C9B53DCF4BA80A29E3FB73C16B8E75B97EF363E2FFA31F71" +"CF9DE5384E71B81C0AC4DFFE0C10E64F"; +static const char modp_dh_2048_224_generator[] = +"AC4032EF4F2D9AE39DF30B5C8FFDAC506CDEBE7B89998CAF" +"74866A08CFE4FFE3A6824A4E10B9A6F0DD921F01A70C4AFA" +"AB739D7700C29F52C57DB17C620A8652BE5E9001A8D66AD7" +"C17669101999024AF4D027275AC1348BB8A762D0521BC98A" +"E247150422EA1ED409939D54DA7460CDB5F6C6B250717CBE" +"F180EB34118E98D119529A45D6F834566E3025E316A330EF" +"BB77A86F0C1AB15B051AE3D428C8F8ACB70A8137150B8EEB" +"10E183EDD19963DDD9E263E4770589EF6AA21E7F5F2FF381" +"B539CCE3409D13CD566AFBB48D6C019181E1BCFE94B30269" +"EDFE72FE9B6AA4BD7B5A0F1C71CFFF4C19C418E1F6EC0179" +"81BC087F2A7065B384B890D3191F2BFA"; + +static const char modp_dh_2048_256_prime[] = +"87A8E61DB4B6663CFFBBD19C651959998CEEF608660DD0F2" +"5D2CEED4435E3B00E00DF8F1D61957D4FAF7DF4561B2AA30" +"16C3D91134096FAA3BF4296D830E9A7C209E0C6497517ABD" +"5A8A9D306BCF67ED91F9E6725B4758C022E0B1EF4275BF7B" +"6C5BFC11D45F9088B941F54EB1E59BB8BC39A0BF12307F5C" +"4FDB70C581B23F76B63ACAE1CAA6B7902D52526735488A0E" +"F13C6D9A51BFA4AB3AD8347796524D8EF6A167B5A41825D9" +"67E144E5140564251CCACB83E6B486F6B3CA3F7971506026" +"C0B857F689962856DED4010ABD0BE621C3A3960A54E710C3" +"75F26375D7014103A4B54330C198AF126116D2276E11715F" +"693877FAD7EF09CADB094AE91E1A1597"; +static const char modp_dh_2048_256_generator[] = +"3FB32C9B73134D0B2E77506660EDBD484CA7B18F21EF2054" +"07F4793A1A0BA12510DBC15077BE463FFF4FED4AAC0BB555" +"BE3A6C1B0C6B47B1BC3773BF7E8C6F62901228F8C28CBB18" +"A55AE31341000A650196F931C77A57F2DDF463E5E9EC144B" +"777DE62AAAB8A8628AC376D282D6ED3864E67982428EBC83" +"1D14348F6F2F9193B5045AF2767164E1DFC967C1FB3F2E55" +"A4BD1BFFE83B9C80D052B985D182EA0ADB2A3B7313D3FE14" +"C8484B1E052588B9B7D2BBD2DF016199ECD06E1557CD0915" +"B3353BBB64E0EC377FD028370DF92B52C7891428CDC67EB6" +"184B523D1DB246C32F63078490F00EF8D647D148D4795451" +"5E2327CFEF98C582664B4C0F6CC41659"; + +v8 * +ikev2_calc_prf(ikev2_sa_transform_t * tr, v8 * key, v8 * data) +{ + HMAC_CTX ctx; + v8 * prf; + unsigned int len = 0; + + prf = vec_new(u8, tr->key_trunc); + HMAC_CTX_init(&ctx); + HMAC_Init_ex(&ctx, key, vec_len(key), tr->md, NULL); + HMAC_Update(&ctx, data, vec_len(data)); + HMAC_Final(&ctx, prf, &len); + HMAC_CTX_cleanup(&ctx); + + ASSERT(len == tr->key_trunc); + + return prf; +} +u8 * +ikev2_calc_prfplus(ikev2_sa_transform_t * tr, u8 * key, u8 * seed, int len) +{ + v8 * t = 0, * s = 0, * tmp = 0, * ret = 0; + u8 x = 0; + + /* prf+ (K,S) = T1 | T2 | T3 | T4 | ... + + where: + T1 = prf (K, S | 0x01) + T2 = prf (K, T1 | S | 0x02) + T3 = prf (K, T2 | S | 0x03) + T4 = prf (K, T3 | S | 0x04) + */ + + while (vec_len(ret) < len && x < 255) { + if (t) { + vec_append(s, t); + vec_free(t); + } + + vec_append(s, seed); + vec_add2(s, tmp, 1); + *tmp = x + 1; + t = ikev2_calc_prf(tr, key, s); + vec_append(ret, t); + vec_free(s); + x++; + } + + vec_free(t); + + if (x == 255) { + vec_free(ret); + } + + return ret; +} + +v8 * +ikev2_calc_integr(ikev2_sa_transform_t * tr, v8 * key, u8 * data, int len) +{ + v8 * r; + HMAC_CTX hctx; + unsigned int l; + + ASSERT(tr->type == IKEV2_TRANSFORM_TYPE_INTEG); + + r = vec_new(u8, tr->key_len); + + /* verify integrity of data */ + HMAC_CTX_init(&hctx); + HMAC_Init(&hctx, key, vec_len(key), tr->md); + HMAC_Update(&hctx, (const u8 *) data, len); + HMAC_Final(&hctx, r, &l); + HMAC_CTX_cleanup(&hctx); + + ASSERT(l == tr->key_len); + + return r; +} + +v8 * +ikev2_decrypt_data(ikev2_sa_t * sa, u8 * data, int len) +{ + EVP_CIPHER_CTX ctx; + v8 * r; + int out_len = 0, block_size; + ikev2_sa_transform_t * tr_encr; + + tr_encr = ikev2_sa_get_td_for_type(sa->r_proposals, IKEV2_TRANSFORM_TYPE_ENCR); + block_size = tr_encr->block_size; + + /* check if data is multiplier of cipher block size */ + if (len % block_size) { + clib_warning("wrong data length"); + return 0; + } + + EVP_CIPHER_CTX_init(&ctx); + r = vec_new(u8, len - block_size); + EVP_DecryptInit_ex(&ctx, tr_encr->cipher, NULL, sa->sk_ei, data); + EVP_DecryptUpdate(&ctx, r, &out_len, data+block_size, len-block_size); + EVP_DecryptFinal_ex(&ctx, r + out_len, &out_len); + + /* remove padding */ + _vec_len(r) -= r[vec_len(r)-1] + 1; + + EVP_CIPHER_CTX_cleanup(&ctx); + return r; +} + +int +ikev2_encrypt_data(ikev2_sa_t * sa, v8 * src, u8 * dst) +{ + EVP_CIPHER_CTX ctx; + int out_len; + int bs; + ikev2_sa_transform_t * tr_encr; + + tr_encr = ikev2_sa_get_td_for_type(sa->r_proposals, IKEV2_TRANSFORM_TYPE_ENCR); + bs = tr_encr->block_size; + + /* generate IV */ + RAND_bytes(dst, bs); + + EVP_CIPHER_CTX_init(&ctx); + + EVP_EncryptInit_ex(&ctx, tr_encr->cipher, NULL, sa->sk_er, dst /* dst */ ); + EVP_EncryptUpdate(&ctx, dst + bs, &out_len, src, vec_len(src)); + + EVP_CIPHER_CTX_cleanup(&ctx); + + ASSERT(vec_len(src) == out_len); + + return out_len + bs; +} + +void +ikev2_generate_dh(ikev2_sa_t * sa, ikev2_sa_transform_t * t) +{ + int r; + + if (t->dh_group == IKEV2_DH_GROUP_MODP) + { + DH * dh = DH_new(); + BN_hex2bn(&dh->p, t->dh_p); + BN_hex2bn(&dh->g, t->dh_g); + DH_generate_key(dh); + + sa->r_dh_data = vec_new(u8, t->key_len); + r = BN_bn2bin(dh->pub_key, sa->r_dh_data); + ASSERT(r == t->key_len); + + BIGNUM *ex; + sa->dh_shared_key = vec_new(u8, t->key_len); + ex = BN_bin2bn(sa->i_dh_data, vec_len(sa->i_dh_data) , NULL); + r = DH_compute_key(sa->dh_shared_key, ex, dh); + ASSERT(r == t->key_len); + BN_clear_free(ex); + DH_free(dh); + } + else if (t->dh_group == IKEV2_DH_GROUP_ECP) + { + EC_KEY * ec = EC_KEY_new_by_curve_name(t->nid); + ASSERT(ec); + + EC_KEY_generate_key(ec); + + const EC_POINT * r_point = EC_KEY_get0_public_key(ec); + const EC_GROUP * group = EC_KEY_get0_group(ec); + BIGNUM * x = NULL, * y = NULL; + BN_CTX * bn_ctx = BN_CTX_new(); + u16 x_off, y_off, len; + EC_POINT * i_point = EC_POINT_new(group); + EC_POINT * shared_point = EC_POINT_new(group); + + x = BN_new(); + y = BN_new(); + len = t->key_len / 2; + + EC_POINT_get_affine_coordinates_GFp(group, r_point, x, y, bn_ctx); + sa->r_dh_data = vec_new(u8, t->key_len); + x_off = len - BN_num_bytes(x); + memset(sa->r_dh_data, 0, x_off); + BN_bn2bin(x, sa->r_dh_data + x_off); + y_off = t->key_len - BN_num_bytes(y); + memset(sa->r_dh_data + len, 0, y_off - len); + BN_bn2bin(y, sa->r_dh_data + y_off); + + x = BN_bin2bn(sa->i_dh_data, len, x); + y = BN_bin2bn(sa->i_dh_data + len, len, y); + EC_POINT_set_affine_coordinates_GFp(group, i_point, x, y, bn_ctx); + sa->dh_shared_key = vec_new(u8, t->key_len); + EC_POINT_mul(group, shared_point, NULL, i_point, EC_KEY_get0_private_key(ec), NULL); + EC_POINT_get_affine_coordinates_GFp(group, shared_point, x, y, bn_ctx); + x_off = len - BN_num_bytes(x); + memset(sa->dh_shared_key, 0, x_off); + BN_bn2bin(x, sa->dh_shared_key + x_off); + y_off = t->key_len - BN_num_bytes(y); + memset(sa->dh_shared_key + len, 0, y_off - len); + BN_bn2bin(y, sa->dh_shared_key + y_off); + + EC_KEY_free(ec); + BN_free(x); + BN_free(y); + BN_CTX_free(bn_ctx); + EC_POINT_free(i_point); + EC_POINT_free(shared_point); + } +} + +int +ikev2_verify_sign (EVP_PKEY *pkey, u8 * sigbuf, u8 * data) +{ + EVP_MD_CTX md_ctx; + + EVP_VerifyInit(&md_ctx, EVP_sha1()); + EVP_VerifyUpdate(&md_ctx, data, vec_len(data)); + + return EVP_VerifyFinal(&md_ctx, sigbuf, vec_len(sigbuf), pkey); +} + +u8 * +ikev2_calc_sign (EVP_PKEY *pkey, u8 * data) +{ + EVP_MD_CTX md_ctx; + unsigned int sig_len = 0; + u8 * sign; + + EVP_SignInit(&md_ctx, EVP_sha1()); + EVP_SignUpdate(&md_ctx, data, vec_len(data)); + /* get sign len */ + EVP_SignFinal(&md_ctx, NULL, &sig_len, pkey); + sign = vec_new(u8, sig_len); + /* calc sign */ + EVP_SignFinal(&md_ctx, sign, &sig_len, pkey); + + return sign; +} + +EVP_PKEY * +ikev2_load_cert_file (u8 * file) +{ + FILE * fp; + X509 * x509; + EVP_PKEY * pkey = NULL; + + fp = fopen((char *)file, "r"); + if (!fp) + { + clib_warning("open %s failed", file); + goto end; + } + + x509 = PEM_read_X509(fp, NULL, NULL, NULL); + fclose(fp); + if (x509 == NULL) + { + clib_warning("read cert %s failed", file); + goto end; + } + + pkey = X509_get_pubkey(x509); + if (pkey == NULL) + clib_warning("get pubkey %s failed", file); + +end: + return pkey; +} + +EVP_PKEY * +ikev2_load_key_file (u8 * file) +{ + FILE *fp; + EVP_PKEY * pkey = NULL; + + fp = fopen((char *)file, "r"); + if (!fp) + { + clib_warning("open %s failed", file); + goto end; + } + + pkey = PEM_read_PrivateKey(fp, NULL, NULL, NULL); + fclose(fp); + if (pkey == NULL) + clib_warning("read %s failed", file); + +end: + return pkey; +} + +void +ikev2_crypto_init (ikev2_main_t * km) +{ + ikev2_sa_transform_t * tr; + + /* vector of supported transforms - in order of preference */ + vec_add2(km->supported_transforms, tr, 1); + tr->type = IKEV2_TRANSFORM_TYPE_ENCR; + tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC; + tr->key_len = 256/8; + tr->block_size = 128/8; + tr->cipher = EVP_aes_256_cbc(); + + vec_add2(km->supported_transforms, tr, 1); + tr->type = IKEV2_TRANSFORM_TYPE_ENCR; + tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC; + tr->key_len = 192/8; + tr->block_size = 128/8; + tr->cipher = EVP_aes_192_cbc(); + + vec_add2(km->supported_transforms, tr, 1); + tr->type = IKEV2_TRANSFORM_TYPE_ENCR; + tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC; + tr->key_len = 128/8; + tr->block_size = 128/8; + tr->cipher = EVP_aes_128_cbc(); + + vec_add2(km->supported_transforms, tr, 1); + tr->type = IKEV2_TRANSFORM_TYPE_PRF; + tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA1; + tr->key_len = 160/8; + tr->key_trunc = 160/8; + tr->md = EVP_sha1(); + + vec_add2(km->supported_transforms, tr, 1); + tr->type = IKEV2_TRANSFORM_TYPE_INTEG; + tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA1_96; + tr->key_len = 160/8; + tr->key_trunc = 96/8; + tr->md = EVP_sha1(); + +#if defined(OPENSSL_NO_CISCO_FECDH) + vec_add2(km->supported_transforms, tr, 1); + tr->type = IKEV2_TRANSFORM_TYPE_DH; + tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_512; + tr->key_len = (512 * 2)/8; + tr->nid = NID_brainpoolP512r1; + tr->dh_group = IKEV2_DH_GROUP_ECP; + + vec_add2(km->supported_transforms, tr, 1); + tr->type = IKEV2_TRANSFORM_TYPE_DH; + tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_384; + tr->key_len = (384 * 2)/8; + tr->nid = NID_brainpoolP384r1; + tr->dh_group = IKEV2_DH_GROUP_ECP; + + vec_add2(km->supported_transforms, tr, 1); + tr->type = IKEV2_TRANSFORM_TYPE_DH; + tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_256; + tr->key_len = (256 * 2)/8; + tr->nid = NID_brainpoolP256r1; + tr->dh_group = IKEV2_DH_GROUP_ECP; + + vec_add2(km->supported_transforms, tr, 1); + tr->type = IKEV2_TRANSFORM_TYPE_DH; + tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_224; + tr->key_len = (224 * 2)/8; + tr->nid = NID_brainpoolP224r1; + tr->dh_group = IKEV2_DH_GROUP_ECP; + + vec_add2(km->supported_transforms, tr, 1); + tr->type = IKEV2_TRANSFORM_TYPE_DH; + tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_224; + tr->key_len = (224 * 2)/8; + tr->nid = NID_secp224r1; + tr->dh_group = IKEV2_DH_GROUP_ECP; +#endif + + vec_add2(km->supported_transforms, tr, 1); + tr->type = IKEV2_TRANSFORM_TYPE_DH; + tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_521; + tr->key_len = (528 * 2)/8; + tr->nid = NID_secp521r1; + tr->dh_group = IKEV2_DH_GROUP_ECP; + + vec_add2(km->supported_transforms, tr, 1); + tr->type = IKEV2_TRANSFORM_TYPE_DH; + tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_384; + tr->key_len = (384 * 2)/8; + tr->nid = NID_secp384r1; + tr->dh_group = IKEV2_DH_GROUP_ECP; + + vec_add2(km->supported_transforms, tr, 1); + tr->type = IKEV2_TRANSFORM_TYPE_DH; + tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_256; + tr->key_len = (256 * 2)/8; + tr->nid = NID_X9_62_prime256v1; + tr->dh_group = IKEV2_DH_GROUP_ECP; + + vec_add2(km->supported_transforms, tr, 1); + tr->type = IKEV2_TRANSFORM_TYPE_DH; + tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_192; + tr->key_len = (192 * 2)/8; + tr->nid = NID_X9_62_prime192v1; + tr->dh_group = IKEV2_DH_GROUP_ECP; + + vec_add2(km->supported_transforms, tr, 1); + tr->type = IKEV2_TRANSFORM_TYPE_DH; + tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048_256; + tr->key_len = 2048/8; + tr->dh_p = (const char *) &modp_dh_2048_256_prime; + tr->dh_g = (const char *) &modp_dh_2048_256_generator; + tr->dh_group = IKEV2_DH_GROUP_MODP; + + vec_add2(km->supported_transforms, tr, 1); + tr->type = IKEV2_TRANSFORM_TYPE_DH; + tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048_224; + tr->key_len = 2048/8; + tr->dh_p = (const char *) &modp_dh_2048_224_prime; + tr->dh_g = (const char *) &modp_dh_2048_224_generator; + tr->dh_group = IKEV2_DH_GROUP_MODP; + + vec_add2(km->supported_transforms, tr, 1); + tr->type = IKEV2_TRANSFORM_TYPE_DH; + tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1024_160; + tr->key_len = 1024/8; + tr->dh_p = (const char *) &modp_dh_1024_160_prime; + tr->dh_g = (const char *) &modp_dh_1024_160_generator; + tr->dh_group = IKEV2_DH_GROUP_MODP; + + vec_add2(km->supported_transforms, tr, 1); + tr->type = IKEV2_TRANSFORM_TYPE_DH; + tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_8192; + tr->key_len = 8192/8; + tr->dh_p = (const char *) &modp_dh_8192_prime; + tr->dh_g = (const char *) &modp_dh_8192_generator; + tr->dh_group = IKEV2_DH_GROUP_MODP; + + vec_add2(km->supported_transforms, tr, 1); + tr->type = IKEV2_TRANSFORM_TYPE_DH; + tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_6144; + tr->key_len = 6144/8; + tr->dh_p = (const char *) &modp_dh_6144_prime; + tr->dh_g = (const char *) &modp_dh_6144_generator; + tr->dh_group = IKEV2_DH_GROUP_MODP; + + vec_add2(km->supported_transforms, tr, 1); + tr->type = IKEV2_TRANSFORM_TYPE_DH; + tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_4096; + tr->key_len = 4096/8; + tr->dh_p = (const char *) &modp_dh_4096_prime; + tr->dh_g = (const char *) &modp_dh_4096_generator; + tr->dh_group = IKEV2_DH_GROUP_MODP; + + vec_add2(km->supported_transforms, tr, 1); + tr->type = IKEV2_TRANSFORM_TYPE_DH; + tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_3072; + tr->key_len = 3072/8; + tr->dh_p = (const char *) &modp_dh_3072_prime; + tr->dh_g = (const char *) &modp_dh_3072_generator; + tr->dh_group = IKEV2_DH_GROUP_MODP; + + vec_add2(km->supported_transforms, tr, 1); + tr->type = IKEV2_TRANSFORM_TYPE_DH; + tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048; + tr->key_len = 2048/8; + tr->dh_p = (const char *) &modp_dh_2048_prime; + tr->dh_g = (const char *) &modp_dh_2048_generator; + tr->dh_group = IKEV2_DH_GROUP_MODP; + + vec_add2(km->supported_transforms, tr, 1); + tr->type = IKEV2_TRANSFORM_TYPE_DH; + tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1536; + tr->key_len = 1536/8; + tr->dh_p = (const char *) &modp_dh_1536_prime; + tr->dh_g = (const char *) &modp_dh_1536_generator; + tr->dh_group = IKEV2_DH_GROUP_MODP; + + vec_add2(km->supported_transforms, tr, 1); + tr->type = IKEV2_TRANSFORM_TYPE_DH; + tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1024; + tr->key_len = 1024/8; + tr->dh_p = (const char *) &modp_dh_1024_prime; + tr->dh_g = (const char *) &modp_dh_1024_generator; + tr->dh_group = IKEV2_DH_GROUP_MODP; + + vec_add2(km->supported_transforms, tr, 1); + tr->type = IKEV2_TRANSFORM_TYPE_DH; + tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_768; + tr->key_len = 768/8; + tr->dh_p = (const char *) &modp_dh_768_prime; + tr->dh_g = (const char *) &modp_dh_768_generator; + tr->dh_group = IKEV2_DH_GROUP_MODP; + + vec_add2(km->supported_transforms, tr, 1); + tr->type = IKEV2_TRANSFORM_TYPE_ESN; + tr->esn_type = IKEV2_TRANSFORM_ESN_TYPE_ESN; + + vec_add2(km->supported_transforms, tr, 1); + tr->type = IKEV2_TRANSFORM_TYPE_ESN; + tr->esn_type = IKEV2_TRANSFORM_ESN_TYPE_NO_ESN; +} + + |