FD.io VPP  v20.05-21-gb1500e9ff
Vector Packet Processing
ikev2_api.c
Go to the documentation of this file.
1 /*
2  *------------------------------------------------------------------
3  * ipsec_api.c - ipsec api
4  *
5  * Copyright (c) 2016 Cisco and/or its affiliates.
6  * Licensed under the Apache License, Version 2.0 (the "License");
7  * you may not use this file except in compliance with the License.
8  * You may obtain a copy of the License at:
9  *
10  * http://www.apache.org/licenses/LICENSE-2.0
11  *
12  * Unless required by applicable law or agreed to in writing, software
13  * distributed under the License is distributed on an "AS IS" BASIS,
14  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15  * See the License for the specific language governing permissions and
16  * limitations under the License.
17  *------------------------------------------------------------------
18  */
19 
20 #include <vnet/vnet.h>
21 #include <vlibmemory/api.h>
22 #include <vnet/api_errno.h>
23 #include <vpp/app/version.h>
24 
25 #include <ikev2/ikev2.h>
26 #include <ikev2/ikev2_priv.h>
27 
28 /* define message IDs */
29 #include <vnet/format_fns.h>
30 #include <plugins/ikev2/ikev2.api_enum.h>
31 #include <plugins/ikev2/ikev2.api_types.h>
32 
34 
35 #define IKEV2_PLUGIN_VERSION_MAJOR 1
36 #define IKEV2_PLUGIN_VERSION_MINOR 0
37 #define REPLY_MSG_ID_BASE ikev2_main.msg_id_base
39 
40 static void
42  mp)
43 {
44  ikev2_main_t *im = &ikev2_main;
46  int msg_size = sizeof (*rmp);
48 
50  if (!reg)
51  return;
52 
53  rmp = vl_msg_api_alloc (msg_size);
54  clib_memset (rmp, 0, msg_size);
55  rmp->_vl_msg_id =
56  ntohs (VL_API_IKEV2_PLUGIN_GET_VERSION_REPLY + im->msg_id_base);
57  rmp->context = mp->context;
58  rmp->major = htonl (IKEV2_PLUGIN_VERSION_MAJOR);
59  rmp->minor = htonl (IKEV2_PLUGIN_VERSION_MINOR);
60 
61  vl_api_send_msg (reg, (u8 *) rmp);
62 }
63 
64 static void
67 {
68  vl_api_ikev2_profile_set_liveness_reply_t *rmp;
69  int rv = 0;
70 
71 #if WITH_LIBSSL > 0
72  clib_error_t *error;
73  error = ikev2_set_liveness_params (clib_net_to_host_u32 (mp->period),
74  clib_net_to_host_u32 (mp->max_retries));
75  if (error)
76  rv = VNET_API_ERROR_UNSPECIFIED;
77 #else
78  rv = VNET_API_ERROR_UNIMPLEMENTED;
79 #endif
80 
81  REPLY_MACRO (VL_API_IKEV2_PROFILE_SET_LIVENESS_REPLY);
82 }
83 
84 static void
86 {
87  vl_api_ikev2_profile_add_del_reply_t *rmp;
88  int rv = 0;
89 
90 #if WITH_LIBSSL > 0
92  clib_error_t *error;
93  u8 *tmp = format (0, "%s", mp->name);
94  error = ikev2_add_del_profile (vm, tmp, mp->is_add);
95  vec_free (tmp);
96  if (error)
97  rv = VNET_API_ERROR_UNSPECIFIED;
98 #else
99  rv = VNET_API_ERROR_UNIMPLEMENTED;
100 #endif
101 
102  REPLY_MACRO (VL_API_IKEV2_PROFILE_ADD_DEL_REPLY);
103 }
104 
105 static void
108 {
109  vl_api_ikev2_profile_set_auth_reply_t *rmp;
110  int rv = 0;
111 
112 #if WITH_LIBSSL > 0
114  clib_error_t *error;
115  int data_len = ntohl (mp->data_len);
116  u8 *tmp = format (0, "%s", mp->name);
117  u8 *data = vec_new (u8, data_len);
118  clib_memcpy (data, mp->data, data_len);
119  error = ikev2_set_profile_auth (vm, tmp, mp->auth_method, data, mp->is_hex);
120  vec_free (tmp);
121  vec_free (data);
122  if (error)
123  rv = VNET_API_ERROR_UNSPECIFIED;
124 #else
125  rv = VNET_API_ERROR_UNIMPLEMENTED;
126 #endif
127 
128  REPLY_MACRO (VL_API_IKEV2_PROFILE_SET_AUTH_REPLY);
129 }
130 
131 static void
133 {
134  vl_api_ikev2_profile_set_id_reply_t *rmp;
135  int rv = 0;
136 
137 #if WITH_LIBSSL > 0
139  clib_error_t *error;
140  u8 *tmp = format (0, "%s", mp->name);
141  int data_len = ntohl (mp->data_len);
142  u8 *data = vec_new (u8, data_len);
143  clib_memcpy (data, mp->data, data_len);
144  error = ikev2_set_profile_id (vm, tmp, mp->id_type, data, mp->is_local);
145  vec_free (tmp);
146  vec_free (data);
147  if (error)
148  rv = VNET_API_ERROR_UNSPECIFIED;
149 #else
150  rv = VNET_API_ERROR_UNIMPLEMENTED;
151 #endif
152 
153  REPLY_MACRO (VL_API_IKEV2_PROFILE_SET_ID_REPLY);
154 }
155 
156 static void
159 {
160  vl_api_ikev2_profile_set_udp_encap_reply_t *rmp;
161  int rv = 0;
162 
163 #if WITH_LIBSSL > 0
165  clib_error_t *error;
166  u8 *tmp = format (0, "%s", mp->name);
167  error = ikev2_set_profile_udp_encap (vm, tmp);
168  vec_free (tmp);
169  if (error)
170  rv = VNET_API_ERROR_UNSPECIFIED;
171 #else
172  rv = VNET_API_ERROR_UNIMPLEMENTED;
173 #endif
174 
175  REPLY_MACRO (VL_API_IKEV2_PROFILE_SET_UDP_ENCAP);
176 }
177 
178 static void
180 {
181  vl_api_ikev2_profile_set_ts_reply_t *rmp;
182  int rv = 0;
183 
184 #if WITH_LIBSSL > 0
186  clib_error_t *error;
187  u8 *tmp = format (0, "%s", mp->name);
188  error =
189  ikev2_set_profile_ts (vm, tmp, mp->proto,
190  clib_net_to_host_u16 (mp->start_port),
191  clib_net_to_host_u16 (mp->end_port),
193  (ip4_address_t) mp->end_addr, mp->is_local);
194  vec_free (tmp);
195  if (error)
196  rv = VNET_API_ERROR_UNSPECIFIED;
197 #else
198  rv = VNET_API_ERROR_UNIMPLEMENTED;
199 #endif
200 
201  REPLY_MACRO (VL_API_IKEV2_PROFILE_SET_TS_REPLY);
202 }
203 
204 static void
206 {
207  vl_api_ikev2_set_local_key_reply_t *rmp;
208  int rv = 0;
209 
210 #if WITH_LIBSSL > 0
212  clib_error_t *error;
213 
214  error = ikev2_set_local_key (vm, mp->key_file);
215  if (error)
216  rv = VNET_API_ERROR_UNSPECIFIED;
217 #else
218  rv = VNET_API_ERROR_UNIMPLEMENTED;
219 #endif
220 
221  REPLY_MACRO (VL_API_IKEV2_SET_LOCAL_KEY_REPLY);
222 }
223 
224 static void
226 {
227  vl_api_ikev2_set_responder_reply_t *rmp;
228  int rv = 0;
229 
230 #if WITH_LIBSSL > 0
232  clib_error_t *error;
233 
234  u8 *tmp = format (0, "%s", mp->name);
236  clib_memcpy (&ip4, mp->address, sizeof (ip4));
237 
238  error = ikev2_set_profile_responder (vm, tmp, ntohl (mp->sw_if_index), ip4);
239  vec_free (tmp);
240  if (error)
241  rv = VNET_API_ERROR_UNSPECIFIED;
242 #else
243  rv = VNET_API_ERROR_UNIMPLEMENTED;
244 #endif
245 
246  REPLY_MACRO (VL_API_IKEV2_SET_RESPONDER_REPLY);
247 }
248 
249 static void
251  mp)
252 {
253  vl_api_ikev2_set_ike_transforms_reply_t *rmp;
254  int rv = 0;
255 
256 #if WITH_LIBSSL > 0
258  clib_error_t *error;
259 
260  u8 *tmp = format (0, "%s", mp->name);
261 
262  error =
263  ikev2_set_profile_ike_transforms (vm, tmp, ntohl (mp->crypto_alg),
264  ntohl (mp->integ_alg),
265  ntohl (mp->dh_group),
266  ntohl (mp->crypto_key_size));
267  vec_free (tmp);
268  if (error)
269  rv = VNET_API_ERROR_UNSPECIFIED;
270 #else
271  rv = VNET_API_ERROR_UNIMPLEMENTED;
272 #endif
273 
274  REPLY_MACRO (VL_API_IKEV2_SET_IKE_TRANSFORMS_REPLY);
275 }
276 
277 static void
279  mp)
280 {
281  vl_api_ikev2_set_esp_transforms_reply_t *rmp;
282  int rv = 0;
283 
284 #if WITH_LIBSSL > 0
286  clib_error_t *error;
287 
288  u8 *tmp = format (0, "%s", mp->name);
289 
290  error =
291  ikev2_set_profile_esp_transforms (vm, tmp, ntohl (mp->crypto_alg),
292  ntohl (mp->integ_alg),
293  ntohl (mp->dh_group),
294  ntohl (mp->crypto_key_size));
295  vec_free (tmp);
296  if (error)
297  rv = VNET_API_ERROR_UNSPECIFIED;
298 #else
299  rv = VNET_API_ERROR_UNIMPLEMENTED;
300 #endif
301 
302  REPLY_MACRO (VL_API_IKEV2_SET_ESP_TRANSFORMS_REPLY);
303 }
304 
305 static void
307 {
308  vl_api_ikev2_set_sa_lifetime_reply_t *rmp;
309  int rv = 0;
310 
311 #if WITH_LIBSSL > 0
313  clib_error_t *error;
314 
315  u8 *tmp = format (0, "%s", mp->name);
316 
317  error =
319  clib_net_to_host_u64 (mp->lifetime),
320  ntohl (mp->lifetime_jitter),
321  ntohl (mp->handover),
322  clib_net_to_host_u64
323  (mp->lifetime_maxdata));
324  vec_free (tmp);
325  if (error)
326  rv = VNET_API_ERROR_UNSPECIFIED;
327 #else
328  rv = VNET_API_ERROR_UNIMPLEMENTED;
329 #endif
330 
331  REPLY_MACRO (VL_API_IKEV2_SET_SA_LIFETIME_REPLY);
332 }
333 
334 static void
337 {
338  vl_api_ikev2_profile_set_ipsec_udp_port_reply_t *rmp;
339  int rv = 0;
340 
341 #if WITH_LIBSSL > 0
343 
344  u8 *tmp = format (0, "%s", mp->name);
345 
346  rv =
348  clib_net_to_host_u16 (mp->port),
349  mp->is_set);
350  vec_free (tmp);
351 #else
352  rv = VNET_API_ERROR_UNIMPLEMENTED;
353 #endif
354 
355  REPLY_MACRO (VL_API_IKEV2_PROFILE_SET_IPSEC_UDP_PORT_REPLY);
356 }
357 
358 static void
361 {
362  vl_api_ikev2_set_tunnel_interface_reply_t *rmp;
363  int rv = 0;
364 
366 
367 #if WITH_LIBSSL > 0
368  u8 *tmp = format (0, "%s", mp->name);
369  clib_error_t *error;
370 
372  ntohl (mp->sw_if_index));
373 
374  if (error)
375  rv = VNET_API_ERROR_UNSPECIFIED;
376  vec_free (tmp);
377 #else
378  rv = VNET_API_ERROR_UNIMPLEMENTED;
379 #endif
380 
382  REPLY_MACRO (VL_API_IKEV2_SET_TUNNEL_INTERFACE_REPLY);
383 }
384 
385 static void
387 {
388  vl_api_ikev2_initiate_sa_init_reply_t *rmp;
389  int rv = 0;
390 
391 #if WITH_LIBSSL > 0
393  clib_error_t *error;
394 
395  u8 *tmp = format (0, "%s", mp->name);
396 
397  error = ikev2_initiate_sa_init (vm, tmp);
398  vec_free (tmp);
399  if (error)
400  rv = VNET_API_ERROR_UNSPECIFIED;
401 #else
402  rv = VNET_API_ERROR_UNIMPLEMENTED;
403 #endif
404 
405  REPLY_MACRO (VL_API_IKEV2_INITIATE_SA_INIT_REPLY);
406 }
407 
408 static void
410  * mp)
411 {
412  vl_api_ikev2_initiate_del_ike_sa_reply_t *rmp;
413  int rv = 0;
414 
415 #if WITH_LIBSSL > 0
417  clib_error_t *error;
418 
419  error = ikev2_initiate_delete_ike_sa (vm, mp->ispi);
420  if (error)
421  rv = VNET_API_ERROR_UNSPECIFIED;
422 #else
423  rv = VNET_API_ERROR_UNIMPLEMENTED;
424 #endif
425 
426  REPLY_MACRO (VL_API_IKEV2_INITIATE_DEL_IKE_SA_REPLY);
427 }
428 
429 static void
432 {
433  vl_api_ikev2_initiate_del_child_sa_reply_t *rmp;
434  int rv = 0;
435 
436 #if WITH_LIBSSL > 0
438  clib_error_t *error;
439 
440  error = ikev2_initiate_delete_child_sa (vm, mp->ispi);
441  if (error)
442  rv = VNET_API_ERROR_UNSPECIFIED;
443 #else
444  rv = VNET_API_ERROR_UNIMPLEMENTED;
445 #endif
446 
447  REPLY_MACRO (VL_API_IKEV2_INITIATE_DEL_CHILD_SA_REPLY);
448 }
449 
450 static void
453 {
454  vl_api_ikev2_initiate_rekey_child_sa_reply_t *rmp;
455  int rv = 0;
456 
457 #if WITH_LIBSSL > 0
459  clib_error_t *error;
460 
461  error = ikev2_initiate_rekey_child_sa (vm, mp->ispi);
462  if (error)
463  rv = VNET_API_ERROR_UNSPECIFIED;
464 #else
465  rv = VNET_API_ERROR_UNIMPLEMENTED;
466 #endif
467 
468  REPLY_MACRO (VL_API_IKEV2_INITIATE_REKEY_CHILD_SA_REPLY);
469 }
470 
471 #include <ikev2/ikev2.api.c>
472 static clib_error_t *
474 {
475  ikev2_main_t *im = &ikev2_main;
476 
477  /* Ask for a correctly-sized block of API message decode slots */
479 
480  return 0;
481 }
482 
484 
485 /*
486  * fd.io coding-style-patch-verification: ON
487  *
488  * Local Variables:
489  * eval: (c-set-style "gnu")
490  * End:
491  */
clib_error_t * ikev2_set_profile_responder(vlib_main_t *vm, u8 *name, u32 sw_if_index, ip4_address_t ip4)
Definition: ikev2.c:3166
static void vl_api_ikev2_profile_set_ipsec_udp_port_t_handler(vl_api_ikev2_profile_set_ipsec_udp_port_t *mp)
Definition: ikev2_api.c:336
static void vl_api_ikev2_initiate_rekey_child_sa_t_handler(vl_api_ikev2_initiate_rekey_child_sa_t *mp)
Definition: ikev2_api.c:452
IKEv2: Set Child SA lifetime, limited by time and/or data.
Definition: ikev2.api:243
clib_error_t * ikev2_add_del_profile(vlib_main_t *vm, u8 *name, int is_add)
Definition: ikev2.c:3021
clib_error_t * ikev2_set_profile_udp_encap(vlib_main_t *vm, u8 *name)
Definition: ikev2.c:3290
IKEv2: Add/delete profile.
Definition: ikev2.api:51
clib_error_t * ikev2_initiate_delete_ike_sa(vlib_main_t *vm, u64 ispi)
Definition: ikev2.c:3561
clib_memset(h->entries, 0, sizeof(h->entries[0]) *entries)
static void vl_api_send_msg(vl_api_registration_t *rp, u8 *elem)
Definition: api.h:35
clib_error_t * ikev2_set_profile_tunnel_interface(vlib_main_t *vm, u8 *name, u32 sw_if_index)
Definition: ikev2.c:3237
IKEv2: Set liveness parameters.
Definition: ikev2.api:356
clib_error_t * ikev2_set_profile_sa_lifetime(vlib_main_t *vm, u8 *name, u64 lifetime, u32 jitter, u32 handover, u64 maxdata)
Definition: ikev2.c:3306
u8 * format(u8 *s, const char *fmt,...)
Definition: format.c:424
static void vl_api_ikev2_initiate_sa_init_t_handler(vl_api_ikev2_initiate_sa_init_t *mp)
Definition: ikev2_api.c:386
clib_error_t * ikev2_set_liveness_params(u32 period, u32 max_retries)
Definition: ikev2.c:3861
static void vl_api_ikev2_set_sa_lifetime_t_handler(vl_api_ikev2_set_sa_lifetime_t *mp)
Definition: ikev2_api.c:306
void * vl_msg_api_alloc(int nbytes)
static void vl_api_ikev2_initiate_del_ike_sa_t_handler(vl_api_ikev2_initiate_del_ike_sa_t *mp)
Definition: ikev2_api.c:409
unsigned char u8
Definition: types.h:56
vnet_api_error_t ikev2_set_profile_ipsec_udp_port(vlib_main_t *vm, u8 *name, u16 port, u8 is_set)
Definition: ikev2.c:3257
#define clib_memcpy(d, s, n)
Definition: string.h:180
IKEv2: Set IKEv2 IKE transforms in SA_INIT proposal (RFC 7296)
Definition: ikev2.api:195
static void vl_api_ikev2_plugin_get_version_t_handler(vl_api_ikev2_plugin_get_version_t *mp)
Definition: ikev2_api.c:41
static void vl_api_ikev2_set_local_key_t_handler(vl_api_ikev2_set_local_key_t *mp)
Definition: ikev2_api.c:205
#define VLIB_INIT_FUNCTION(x)
Definition: init.h:173
clib_error_t * ikev2_initiate_sa_init(vlib_main_t *vm, u8 *name)
Definition: ikev2.c:3329
#define vec_new(T, N)
Create new vector of given type and length (unspecified alignment, no header).
Definition: vec.h:350
clib_error_t * ikev2_set_profile_auth(vlib_main_t *vm, u8 *name, u8 auth_method, u8 *auth_data, u8 data_hex_format)
Definition: ikev2.c:3056
static void vl_api_ikev2_set_tunnel_interface_t_handler(vl_api_ikev2_set_tunnel_interface_t *mp)
Definition: ikev2_api.c:360
IKEv2: Initiate the delete Child SA exchange.
Definition: ikev2.api:295
clib_error_t * ikev2_set_profile_esp_transforms(vlib_main_t *vm, u8 *name, ikev2_transform_encr_type_t crypto_alg, ikev2_transform_integ_type_t integ_alg, ikev2_transform_dh_type_t dh_type, u32 crypto_key_size)
Definition: ikev2.c:3212
IKEv2: Set IKEv2 profile local/remote identification.
Definition: ikev2.api:94
static void vl_api_ikev2_profile_set_ts_t_handler(vl_api_ikev2_profile_set_ts_t *mp)
Definition: ikev2_api.c:179
IKEv2: Set IKEv2 profile traffic selector parameters.
Definition: ikev2.api:119
static void vl_api_ikev2_set_ike_transforms_t_handler(vl_api_ikev2_set_ike_transforms_t *mp)
Definition: ikev2_api.c:250
clib_error_t * ikev2_set_profile_id(vlib_main_t *vm, u8 *name, u8 id_type, u8 *data, int is_local)
Definition: ikev2.c:3088
IKEv2: Initiate the rekey Child SA exchange.
Definition: ikev2.api:311
clib_error_t * ikev2_initiate_delete_child_sa(vlib_main_t *vm, u32 ispi)
Definition: ikev2.c:3521
#define REPLY_MACRO(t)
vl_api_ip4_address_t ip4
Definition: one.api:376
vl_api_interface_index_t sw_if_index
Definition: ikev2.api:162
vlib_main_t * vm
Definition: in2out_ed.c:1599
static void vl_api_ikev2_set_responder_t_handler(vl_api_ikev2_set_responder_t *mp)
Definition: ikev2_api.c:225
clib_error_t * ikev2_set_local_key(vlib_main_t *vm, u8 *file)
Definition: ikev2.c:2957
clib_error_t * ikev2_set_profile_ts(vlib_main_t *vm, u8 *name, u8 protocol_id, u16 start_port, u16 end_port, ip4_address_t start_addr, ip4_address_t end_addr, int is_local)
Definition: ikev2.c:3127
An API client registration, only in vpp/vlib.
Definition: api_common.h:47
#define BAD_SW_IF_INDEX_LABEL
clib_error_t * ikev2_initiate_rekey_child_sa(vlib_main_t *vm, u32 ispi)
Definition: ikev2.c:3671
static void vl_api_ikev2_initiate_del_child_sa_t_handler(vl_api_ikev2_initiate_del_child_sa_t *mp)
Definition: ikev2_api.c:431
#define vec_free(V)
Free vector&#39;s memory (no header).
Definition: vec.h:380
vl_api_ip4_address_t address
Definition: ikev2.api:180
IKEv2: Initiate the SA_INIT exchange.
Definition: ikev2.api:263
static vl_api_registration_t * vl_api_client_index_to_registration(u32 index)
Definition: api.h:57
static void vl_api_ikev2_profile_set_liveness_t_handler(vl_api_ikev2_profile_set_liveness_t *mp)
Definition: ikev2_api.c:66
IKEv2: Set/unset custom ipsec-over-udp port.
Definition: ikev2.api:340
u8 data[128]
Definition: ipsec_types.api:89
IKEv2: Set IKEv2 responder interface and IP address.
Definition: ikev2.api:173
IKEv2: Initiate the delete IKE SA exchange.
Definition: ikev2.api:279
IKEv2: Set IKEv2 profile authentication method.
Definition: ikev2.api:71
static void vl_api_ikev2_profile_set_auth_t_handler(vl_api_ikev2_profile_set_auth_t *mp)
Definition: ikev2_api.c:107
static vlib_main_t * vlib_get_main(void)
Definition: global_funcs.h:23
ikev2_main_t ikev2_main
Definition: ikev2.c:35
#define IKEV2_PLUGIN_VERSION_MINOR
Definition: ikev2_api.c:36
#define IKEV2_PLUGIN_VERSION_MAJOR
Definition: ikev2_api.c:35
IKEv2: Set IKEv2 local RSA private key.
Definition: ikev2.api:140
static void vl_api_ikev2_profile_set_id_t_handler(vl_api_ikev2_profile_set_id_t *mp)
Definition: ikev2_api.c:132
clib_error_t * ikev2_set_profile_ike_transforms(vlib_main_t *vm, u8 *name, ikev2_transform_encr_type_t crypto_alg, ikev2_transform_integ_type_t integ_alg, ikev2_transform_dh_type_t dh_type, u32 crypto_key_size)
Definition: ikev2.c:3187
Get the plugin version.
Definition: ikev2.api:26
static void vl_api_ikev2_profile_set_udp_encap_t_handler(vl_api_ikev2_profile_set_udp_encap_t *mp)
Definition: ikev2_api.c:158
IKEv2: Set IKEv2 ESP transforms in SA_INIT proposal (RFC 7296)
Definition: ikev2.api:219
static void vl_api_ikev2_set_esp_transforms_t_handler(vl_api_ikev2_set_esp_transforms_t *mp)
Definition: ikev2_api.c:278
static void setup_message_id_table(snat_main_t *sm, api_main_t *am)
Definition: nat_api.c:3256
static void vl_api_ikev2_profile_add_del_t_handler(vl_api_ikev2_profile_add_del_t *mp)
Definition: ikev2_api.c:85
Reply to get the plugin version.
Definition: ikev2.api:37
vl_api_interface_index_t sw_if_index
Definition: ikev2.api:179
IKEv2: Set UDP encapsulation.
Definition: ikev2.api:325
IKEv2: Set the tunnel interface which will be protected by IKE If this API is not called...
Definition: ikev2.api:156
static clib_error_t * ikev2_api_init(vlib_main_t *vm)
Definition: ikev2_api.c:473
#define VALIDATE_SW_IF_INDEX(mp)