FD.io VPP  v19.04.2-12-g66b1689
Vector Packet Processing
ikev2_api.c
Go to the documentation of this file.
1 /*
2  *------------------------------------------------------------------
3  * ipsec_api.c - ipsec api
4  *
5  * Copyright (c) 2016 Cisco and/or its affiliates.
6  * Licensed under the Apache License, Version 2.0 (the "License");
7  * you may not use this file except in compliance with the License.
8  * You may obtain a copy of the License at:
9  *
10  * http://www.apache.org/licenses/LICENSE-2.0
11  *
12  * Unless required by applicable law or agreed to in writing, software
13  * distributed under the License is distributed on an "AS IS" BASIS,
14  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15  * See the License for the specific language governing permissions and
16  * limitations under the License.
17  *------------------------------------------------------------------
18  */
19 
20 #include <vnet/vnet.h>
21 #include <vlibmemory/api.h>
22 #include <vnet/api_errno.h>
23 #include <vpp/app/version.h>
24 
25 #include <ikev2/ikev2.h>
26 #include <ikev2/ikev2_priv.h>
27 
28 /* define message IDs */
30 
31 #define vl_typedefs /* define message structures */
32 #include <ikev2/ikev2_all_api.h>
33 #undef vl_typedefs
34 
35 #define vl_endianfun /* define message structures */
36 #include <ikev2/ikev2_all_api.h>
37 #undef vl_endianfun
38 
39 /* instantiate all the print functions we know about */
40 #define vl_print(handle, ...) vlib_cli_output (handle, __VA_ARGS__)
41 #define vl_printfun
42 #include <ikev2/ikev2_all_api.h>
43 #undef vl_printfun
44 
45 /* Get the API version number */
46 #define vl_api_version(n,v) static u32 api_version=(v);
47 #include <ikev2/ikev2_all_api.h>
48 #undef vl_api_version
49 
51 
52 #define IKEV2_PLUGIN_VERSION_MAJOR 1
53 #define IKEV2_PLUGIN_VERSION_MINOR 0
54 #define REPLY_MSG_ID_BASE ikev2_main.msg_id_base
56 
57 #define foreach_ikev2_api_msg \
58 _(IKEV2_PLUGIN_GET_VERSION, ikev2_plugin_get_version) \
59 _(IKEV2_PROFILE_ADD_DEL, ikev2_profile_add_del) \
60 _(IKEV2_PROFILE_SET_AUTH, ikev2_profile_set_auth) \
61 _(IKEV2_PROFILE_SET_ID, ikev2_profile_set_id) \
62 _(IKEV2_PROFILE_SET_TS, ikev2_profile_set_ts) \
63 _(IKEV2_SET_LOCAL_KEY, ikev2_set_local_key) \
64 _(IKEV2_SET_RESPONDER, ikev2_set_responder) \
65 _(IKEV2_SET_IKE_TRANSFORMS, ikev2_set_ike_transforms) \
66 _(IKEV2_SET_ESP_TRANSFORMS, ikev2_set_esp_transforms) \
67 _(IKEV2_SET_SA_LIFETIME, ikev2_set_sa_lifetime) \
68 _(IKEV2_INITIATE_SA_INIT, ikev2_initiate_sa_init) \
69 _(IKEV2_INITIATE_DEL_IKE_SA, ikev2_initiate_del_ike_sa) \
70 _(IKEV2_INITIATE_DEL_CHILD_SA, ikev2_initiate_del_child_sa) \
71 _(IKEV2_INITIATE_REKEY_CHILD_SA, ikev2_initiate_rekey_child_sa)
72 
73 static void
75  mp)
76 {
77  ikev2_main_t *im = &ikev2_main;
79  int msg_size = sizeof (*rmp);
81 
83  if (!reg)
84  return;
85 
86  rmp = vl_msg_api_alloc (msg_size);
87  clib_memset (rmp, 0, msg_size);
88  rmp->_vl_msg_id =
89  ntohs (VL_API_IKEV2_PLUGIN_GET_VERSION_REPLY + im->msg_id_base);
90  rmp->context = mp->context;
91  rmp->major = htonl (IKEV2_PLUGIN_VERSION_MAJOR);
92  rmp->minor = htonl (IKEV2_PLUGIN_VERSION_MINOR);
93 
94  vl_api_send_msg (reg, (u8 *) rmp);
95 }
96 
97 static void
99 {
100  vl_api_ikev2_profile_add_del_reply_t *rmp;
101  int rv = 0;
102 
103 #if WITH_LIBSSL > 0
105  clib_error_t *error;
106  u8 *tmp = format (0, "%s", mp->name);
107  error = ikev2_add_del_profile (vm, tmp, mp->is_add);
108  vec_free (tmp);
109  if (error)
110  rv = VNET_API_ERROR_UNSPECIFIED;
111 #else
112  rv = VNET_API_ERROR_UNIMPLEMENTED;
113 #endif
114 
115  REPLY_MACRO (VL_API_IKEV2_PROFILE_ADD_DEL_REPLY);
116 }
117 
118 static void
121 {
122  vl_api_ikev2_profile_set_auth_reply_t *rmp;
123  int rv = 0;
124 
125 #if WITH_LIBSSL > 0
127  clib_error_t *error;
128  int data_len = ntohl (mp->data_len);
129  u8 *tmp = format (0, "%s", mp->name);
130  u8 *data = vec_new (u8, data_len);
131  clib_memcpy (data, mp->data, data_len);
132  error = ikev2_set_profile_auth (vm, tmp, mp->auth_method, data, mp->is_hex);
133  vec_free (tmp);
134  vec_free (data);
135  if (error)
136  rv = VNET_API_ERROR_UNSPECIFIED;
137 #else
138  rv = VNET_API_ERROR_UNIMPLEMENTED;
139 #endif
140 
141  REPLY_MACRO (VL_API_IKEV2_PROFILE_SET_AUTH_REPLY);
142 }
143 
144 static void
146 {
147  vl_api_ikev2_profile_add_del_reply_t *rmp;
148  int rv = 0;
149 
150 #if WITH_LIBSSL > 0
152  clib_error_t *error;
153  u8 *tmp = format (0, "%s", mp->name);
154  int data_len = ntohl (mp->data_len);
155  u8 *data = vec_new (u8, data_len);
156  clib_memcpy (data, mp->data, data_len);
157  error = ikev2_set_profile_id (vm, tmp, mp->id_type, data, mp->is_local);
158  vec_free (tmp);
159  vec_free (data);
160  if (error)
161  rv = VNET_API_ERROR_UNSPECIFIED;
162 #else
163  rv = VNET_API_ERROR_UNIMPLEMENTED;
164 #endif
165 
166  REPLY_MACRO (VL_API_IKEV2_PROFILE_SET_ID_REPLY);
167 }
168 
169 static void
171 {
172  vl_api_ikev2_profile_set_ts_reply_t *rmp;
173  int rv = 0;
174 
175 #if WITH_LIBSSL > 0
177  clib_error_t *error;
178  u8 *tmp = format (0, "%s", mp->name);
179  error = ikev2_set_profile_ts (vm, tmp, mp->proto, mp->start_port,
180  mp->end_port, (ip4_address_t) mp->start_addr,
181  (ip4_address_t) mp->end_addr, mp->is_local);
182  vec_free (tmp);
183  if (error)
184  rv = VNET_API_ERROR_UNSPECIFIED;
185 #else
186  rv = VNET_API_ERROR_UNIMPLEMENTED;
187 #endif
188 
189  REPLY_MACRO (VL_API_IKEV2_PROFILE_SET_TS_REPLY);
190 }
191 
192 static void
194 {
195  vl_api_ikev2_profile_set_ts_reply_t *rmp;
196  int rv = 0;
197 
198 #if WITH_LIBSSL > 0
200  clib_error_t *error;
201 
202  error = ikev2_set_local_key (vm, mp->key_file);
203  if (error)
204  rv = VNET_API_ERROR_UNSPECIFIED;
205 #else
206  rv = VNET_API_ERROR_UNIMPLEMENTED;
207 #endif
208 
209  REPLY_MACRO (VL_API_IKEV2_SET_LOCAL_KEY_REPLY);
210 }
211 
212 static void
214 {
215  vl_api_ikev2_set_responder_reply_t *rmp;
216  int rv = 0;
217 
218 #if WITH_LIBSSL > 0
220  clib_error_t *error;
221 
222  u8 *tmp = format (0, "%s", mp->name);
223  ip4_address_t ip4;
224  clib_memcpy (&ip4, mp->address, sizeof (ip4));
225 
226  error = ikev2_set_profile_responder (vm, tmp, mp->sw_if_index, ip4);
227  vec_free (tmp);
228  if (error)
229  rv = VNET_API_ERROR_UNSPECIFIED;
230 #else
231  rv = VNET_API_ERROR_UNIMPLEMENTED;
232 #endif
233 
234  REPLY_MACRO (VL_API_IKEV2_SET_RESPONDER_REPLY);
235 }
236 
237 static void
239  mp)
240 {
241  vl_api_ikev2_set_ike_transforms_reply_t *rmp;
242  int rv = 0;
243 
244 #if WITH_LIBSSL > 0
246  clib_error_t *error;
247 
248  u8 *tmp = format (0, "%s", mp->name);
249 
250  error =
252  mp->dh_group, mp->crypto_key_size);
253  vec_free (tmp);
254  if (error)
255  rv = VNET_API_ERROR_UNSPECIFIED;
256 #else
257  rv = VNET_API_ERROR_UNIMPLEMENTED;
258 #endif
259 
260  REPLY_MACRO (VL_API_IKEV2_SET_IKE_TRANSFORMS_REPLY);
261 }
262 
263 static void
265  mp)
266 {
267  vl_api_ikev2_set_esp_transforms_reply_t *rmp;
268  int rv = 0;
269 
270 #if WITH_LIBSSL > 0
272  clib_error_t *error;
273 
274  u8 *tmp = format (0, "%s", mp->name);
275 
276  error =
278  mp->dh_group, mp->crypto_key_size);
279  vec_free (tmp);
280  if (error)
281  rv = VNET_API_ERROR_UNSPECIFIED;
282 #else
283  rv = VNET_API_ERROR_UNIMPLEMENTED;
284 #endif
285 
286  REPLY_MACRO (VL_API_IKEV2_SET_ESP_TRANSFORMS_REPLY);
287 }
288 
289 static void
291 {
292  vl_api_ikev2_set_sa_lifetime_reply_t *rmp;
293  int rv = 0;
294 
295 #if WITH_LIBSSL > 0
297  clib_error_t *error;
298 
299  u8 *tmp = format (0, "%s", mp->name);
300 
301  error =
303  mp->handover, mp->lifetime_maxdata);
304  vec_free (tmp);
305  if (error)
306  rv = VNET_API_ERROR_UNSPECIFIED;
307 #else
308  rv = VNET_API_ERROR_UNIMPLEMENTED;
309 #endif
310 
311  REPLY_MACRO (VL_API_IKEV2_SET_SA_LIFETIME_REPLY);
312 }
313 
314 static void
316 {
317  vl_api_ikev2_initiate_sa_init_reply_t *rmp;
318  int rv = 0;
319 
320 #if WITH_LIBSSL > 0
322  clib_error_t *error;
323 
324  u8 *tmp = format (0, "%s", mp->name);
325 
326  error = ikev2_initiate_sa_init (vm, tmp);
327  vec_free (tmp);
328  if (error)
329  rv = VNET_API_ERROR_UNSPECIFIED;
330 #else
331  rv = VNET_API_ERROR_UNIMPLEMENTED;
332 #endif
333 
334  REPLY_MACRO (VL_API_IKEV2_INITIATE_SA_INIT_REPLY);
335 }
336 
337 static void
339  * mp)
340 {
341  vl_api_ikev2_initiate_del_ike_sa_reply_t *rmp;
342  int rv = 0;
343 
344 #if WITH_LIBSSL > 0
346  clib_error_t *error;
347 
348  error = ikev2_initiate_delete_ike_sa (vm, mp->ispi);
349  if (error)
350  rv = VNET_API_ERROR_UNSPECIFIED;
351 #else
352  rv = VNET_API_ERROR_UNIMPLEMENTED;
353 #endif
354 
355  REPLY_MACRO (VL_API_IKEV2_INITIATE_DEL_IKE_SA_REPLY);
356 }
357 
358 static void
361 {
362  vl_api_ikev2_initiate_del_child_sa_reply_t *rmp;
363  int rv = 0;
364 
365 #if WITH_LIBSSL > 0
367  clib_error_t *error;
368 
369  error = ikev2_initiate_delete_child_sa (vm, mp->ispi);
370  if (error)
371  rv = VNET_API_ERROR_UNSPECIFIED;
372 #else
373  rv = VNET_API_ERROR_UNIMPLEMENTED;
374 #endif
375 
376  REPLY_MACRO (VL_API_IKEV2_INITIATE_DEL_CHILD_SA_REPLY);
377 }
378 
379 static void
382 {
383  vl_api_ikev2_initiate_rekey_child_sa_reply_t *rmp;
384  int rv = 0;
385 
386 #if WITH_LIBSSL > 0
388  clib_error_t *error;
389 
390  error = ikev2_initiate_rekey_child_sa (vm, mp->ispi);
391  if (error)
392  rv = VNET_API_ERROR_UNSPECIFIED;
393 #else
394  rv = VNET_API_ERROR_UNIMPLEMENTED;
395 #endif
396 
397  REPLY_MACRO (VL_API_IKEV2_INITIATE_REKEY_CHILD_SA_REPLY);
398 }
399 
400 /*
401  * ikev2_api_hookup
402  * Add vpe's API message handlers to the table.
403  * vlib has already mapped shared memory and
404  * added the client registration handlers.
405  * See .../vlib-api/vlibmemory/memclnt_vlib.c:memclnt_process()
406  */
407 #define vl_msg_name_crc_list
408 #include <ikev2/ikev2_all_api.h>
409 #undef vl_msg_name_crc_list
410 
411 static void
413 {
414 #define _(id,n,crc) \
415  vl_msg_api_add_msg_name_crc (am, #n "_" #crc, id + im->msg_id_base);
416  foreach_vl_msg_name_crc_ikev2;
417 #undef _
418 }
419 
420 static clib_error_t *
422 {
423  ikev2_main_t *im = &ikev2_main;
424 #define _(N,n) \
425  vl_msg_api_set_handlers(VL_API_##N + im->msg_id_base, #n, \
426  vl_api_##n##_t_handler, \
427  vl_noop_handler, \
428  vl_api_##n##_t_endian, \
429  vl_api_##n##_t_print, \
430  sizeof(vl_api_##n##_t), 1);
432 #undef _
433 
434  return (NULL);
435 }
436 
437 static clib_error_t *
439 {
440  ikev2_main_t *im = &ikev2_main;
441  clib_error_t *error = 0;
442  u8 *name;
443 
444  name = format (0, "ikev2_%08x%c", api_version, 0);
445 
446  /* Ask for a correctly-sized block of API message decode slots */
447  im->msg_id_base = vl_msg_api_get_msg_ids ((char *) name,
449 
450  error = ikev2_plugin_api_hookup (vm);
451 
452  /* Add our API messages to the global name_crc hash table */
454 
455  vec_free (name);
456 
457  return (error);
458 }
459 
461 
462 /*
463  * fd.io coding-style-patch-verification: ON
464  *
465  * Local Variables:
466  * eval: (c-set-style "gnu")
467  * End:
468  */
clib_error_t * ikev2_set_profile_responder(vlib_main_t *vm, u8 *name, u32 sw_if_index, ip4_address_t ip4)
Definition: ikev2.c:2826
static void vl_api_ikev2_initiate_rekey_child_sa_t_handler(vl_api_ikev2_initiate_rekey_child_sa_t *mp)
Definition: ikev2_api.c:381
IKEv2: Set Child SA lifetime, limited by time and/or data.
Definition: ikev2.api:216
clib_error_t * ikev2_add_del_profile(vlib_main_t *vm, u8 *name, int is_add)
Definition: ikev2.c:2685
IKEv2: Add/delete profile.
Definition: ikev2.api:48
clib_error_t * ikev2_initiate_delete_ike_sa(vlib_main_t *vm, u64 ispi)
Definition: ikev2.c:3145
#define NULL
Definition: clib.h:58
static void vl_api_send_msg(vl_api_registration_t *rp, u8 *elem)
Definition: api.h:34
clib_memset(h->entries, 0, sizeof(h->entries[0])*entries)
clib_error_t * ikev2_set_profile_sa_lifetime(vlib_main_t *vm, u8 *name, u64 lifetime, u32 jitter, u32 handover, u64 maxdata)
Definition: ikev2.c:2897
u8 * format(u8 *s, const char *fmt,...)
Definition: format.c:424
static void vl_api_ikev2_initiate_sa_init_t_handler(vl_api_ikev2_initiate_sa_init_t *mp)
Definition: ikev2_api.c:315
u8 data[128]
Definition: ipsec.api:248
static void vl_api_ikev2_set_sa_lifetime_t_handler(vl_api_ikev2_set_sa_lifetime_t *mp)
Definition: ikev2_api.c:290
void * vl_msg_api_alloc(int nbytes)
static void vl_api_ikev2_initiate_del_ike_sa_t_handler(vl_api_ikev2_initiate_del_ike_sa_t *mp)
Definition: ikev2_api.c:338
unsigned char u8
Definition: types.h:56
#define clib_memcpy(d, s, n)
Definition: string.h:180
IKEv2: Set IKEv2 IKE transforms in SA_INIT proposal (RFC 7296)
Definition: ikev2.api:170
static void vl_api_ikev2_plugin_get_version_t_handler(vl_api_ikev2_plugin_get_version_t *mp)
Definition: ikev2_api.c:74
static void vl_api_ikev2_set_local_key_t_handler(vl_api_ikev2_set_local_key_t *mp)
Definition: ikev2_api.c:193
#define VLIB_INIT_FUNCTION(x)
Definition: init.h:163
static clib_error_t * ikev2_plugin_api_hookup(vlib_main_t *vm)
Definition: ikev2_api.c:421
clib_error_t * ikev2_initiate_sa_init(vlib_main_t *vm, u8 *name)
Definition: ikev2.c:2920
#define vec_new(T, N)
Create new vector of given type and length (unspecified alignment, no header).
Definition: vec.h:311
#define foreach_ikev2_api_msg
Definition: ikev2_api.c:57
clib_error_t * ikev2_set_profile_auth(vlib_main_t *vm, u8 *name, u8 auth_method, u8 *auth_data, u8 data_hex_format)
Definition: ikev2.c:2716
IKEv2: Initiate the delete Child SA exchange.
Definition: ikev2.api:265
clib_error_t * ikev2_set_profile_esp_transforms(vlib_main_t *vm, u8 *name, ikev2_transform_encr_type_t crypto_alg, ikev2_transform_integ_type_t integ_alg, ikev2_transform_dh_type_t dh_type, u32 crypto_key_size)
Definition: ikev2.c:2872
IKEv2: Set IKEv2 profile local/remote identification.
Definition: ikev2.api:89
static void vl_api_ikev2_profile_set_ts_t_handler(vl_api_ikev2_profile_set_ts_t *mp)
Definition: ikev2_api.c:170
IKEv2: Set IKEv2 profile traffic selector parameters.
Definition: ikev2.api:113
static void vl_api_ikev2_set_ike_transforms_t_handler(vl_api_ikev2_set_ike_transforms_t *mp)
Definition: ikev2_api.c:238
clib_error_t * ikev2_set_profile_id(vlib_main_t *vm, u8 *name, u8 id_type, u8 *data, int is_local)
Definition: ikev2.c:2748
IKEv2: Initiate the rekey Child SA exchange.
Definition: ikev2.api:280
clib_error_t * ikev2_initiate_delete_child_sa(vlib_main_t *vm, u32 ispi)
Definition: ikev2.c:3105
#define REPLY_MACRO(t)
u8 name[64]
Definition: memclnt.api:152
static void vl_api_ikev2_set_responder_t_handler(vl_api_ikev2_set_responder_t *mp)
Definition: ikev2_api.c:213
clib_error_t * ikev2_set_local_key(vlib_main_t *vm, u8 *file)
Definition: ikev2.c:2673
clib_error_t * ikev2_set_profile_ts(vlib_main_t *vm, u8 *name, u8 protocol_id, u16 start_port, u16 end_port, ip4_address_t start_addr, ip4_address_t end_addr, int is_local)
Definition: ikev2.c:2787
API main structure, used by both vpp and binary API clients.
Definition: api_common.h:202
An API client registration, only in vpp/vlib.
Definition: api_common.h:45
clib_error_t * ikev2_initiate_rekey_child_sa(vlib_main_t *vm, u32 ispi)
Definition: ikev2.c:3255
vlib_main_t * vm
Definition: buffer.c:312
static void vl_api_ikev2_initiate_del_child_sa_t_handler(vl_api_ikev2_initiate_del_child_sa_t *mp)
Definition: ikev2_api.c:360
#define vec_free(V)
Free vector&#39;s memory (no header).
Definition: vec.h:341
IKEv2: Initiate the SA_INIT exchange.
Definition: ikev2.api:235
static vl_api_registration_t * vl_api_client_index_to_registration(u32 index)
Definition: api.h:56
IKEv2: Set IKEv2 responder interface and IP address.
Definition: ikev2.api:149
IKEv2: Initiate the delete IKE SA exchange.
Definition: ikev2.api:250
IKEv2: Set IKEv2 profile authentication method.
Definition: ikev2.api:67
static void vl_api_ikev2_profile_set_auth_t_handler(vl_api_ikev2_profile_set_auth_t *mp)
Definition: ikev2_api.c:120
static vlib_main_t * vlib_get_main(void)
Definition: global_funcs.h:23
ikev2_main_t ikev2_main
Definition: ikev2.c:29
#define IKEV2_PLUGIN_VERSION_MINOR
Definition: ikev2_api.c:53
#define IKEV2_PLUGIN_VERSION_MAJOR
Definition: ikev2_api.c:52
IKEv2: Set IKEv2 local RSA private key.
Definition: ikev2.api:133
static void vl_api_ikev2_profile_set_id_t_handler(vl_api_ikev2_profile_set_id_t *mp)
Definition: ikev2_api.c:145
clib_error_t * ikev2_set_profile_ike_transforms(vlib_main_t *vm, u8 *name, ikev2_transform_encr_type_t crypto_alg, ikev2_transform_integ_type_t integ_alg, ikev2_transform_dh_type_t dh_type, u32 crypto_key_size)
Definition: ikev2.c:2847
Get the plugin version.
Definition: ikev2.api:23
IKEv2: Set IKEv2 ESP transforms in SA_INIT proposal (RFC 7296)
Definition: ikev2.api:193
static void vl_api_ikev2_set_esp_transforms_t_handler(vl_api_ikev2_set_esp_transforms_t *mp)
Definition: ikev2_api.c:264
static void setup_message_id_table(ikev2_main_t *im, api_main_t *am)
Definition: ikev2_api.c:412
static void vl_api_ikev2_profile_add_del_t_handler(vl_api_ikev2_profile_add_del_t *mp)
Definition: ikev2_api.c:98
Reply to get the plugin version.
Definition: ikev2.api:34
api_main_t api_main
Definition: api_shared.c:35
static clib_error_t * ikev2_api_init(vlib_main_t *vm)
Definition: ikev2_api.c:438
u16 vl_msg_api_get_msg_ids(const char *name, int n)
Definition: api_shared.c:880