2 * Copyright (c) 2015 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
16 #include <vlib/vlib.h>
17 #include <vnet/vnet.h>
18 #include <vnet/pg/pg.h>
19 #include <vppinfra/error.h>
20 #include <vnet/udp/udp.h>
21 #include <plugins/ikev2/ikev2.h>
22 #include <plugins/ikev2/ikev2_priv.h>
23 #include <openssl/obj_mac.h>
24 #include <openssl/ec.h>
25 #include <openssl/x509.h>
26 #include <openssl/pem.h>
27 #include <openssl/bn.h>
28 #include <openssl/dh.h>
31 static const char modp_dh_768_prime[] =
32 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
33 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
34 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
35 "E485B576625E7EC6F44C42E9A63A3620FFFFFFFFFFFFFFFF";
36 static const char modp_dh_768_generator[] = "02";
38 static const char modp_dh_1024_prime[] =
39 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
40 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
41 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
42 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
43 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381" "FFFFFFFFFFFFFFFF";
44 static const char modp_dh_1024_generator[] = "02";
47 static const char modp_dh_1536_prime[] =
48 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
49 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
50 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
51 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
52 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
53 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
54 "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
55 "670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF";
56 static const char modp_dh_1536_generator[] = "02";
58 static const char modp_dh_2048_prime[] =
59 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
60 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
61 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
62 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
63 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
64 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
65 "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
66 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
67 "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
68 "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
69 "15728E5A8AACAA68FFFFFFFFFFFFFFFF";
70 static const char modp_dh_2048_generator[] = "02";
72 static const char modp_dh_3072_prime[] =
73 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
74 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
75 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
76 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
77 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
78 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
79 "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
80 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
81 "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
82 "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
83 "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
84 "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
85 "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
86 "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
87 "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
88 "43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF";
89 static const char modp_dh_3072_generator[] = "02";
91 static const char modp_dh_4096_prime[] =
92 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
93 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
94 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
95 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
96 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
97 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
98 "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
99 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
100 "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
101 "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
102 "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
103 "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
104 "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
105 "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
106 "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
107 "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7"
108 "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA"
109 "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6"
110 "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED"
111 "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9"
112 "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199" "FFFFFFFFFFFFFFFF";
113 static const char modp_dh_4096_generator[] = "02";
115 static const char modp_dh_6144_prime[] =
116 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E08"
117 "8A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B"
118 "302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9"
119 "A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE6"
120 "49286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8"
121 "FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D"
122 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C"
123 "180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF695581718"
124 "3995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D"
125 "04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7D"
126 "B3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D226"
127 "1AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
128 "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFC"
129 "E0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B26"
130 "99C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB"
131 "04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2"
132 "233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127"
133 "D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492"
134 "36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406"
135 "AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918"
136 "DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B33205151"
137 "2BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03"
138 "F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97F"
139 "BEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA"
140 "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58B"
141 "B7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632"
142 "387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E"
143 "6DCC4024FFFFFFFFFFFFFFFF";
144 static const char modp_dh_6144_generator[] = "02";
146 static const char modp_dh_8192_prime[] =
147 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
148 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
149 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
150 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
151 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
152 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
153 "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
154 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
155 "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
156 "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
157 "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
158 "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
159 "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
160 "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
161 "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
162 "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7"
163 "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA"
164 "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6"
165 "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED"
166 "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9"
167 "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492"
168 "36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BD"
169 "F8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831"
170 "179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1B"
171 "DB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF"
172 "5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6"
173 "D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F3"
174 "23A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA"
175 "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE328"
176 "06A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55C"
177 "DA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE"
178 "12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E4"
179 "38777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300"
180 "741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F568"
181 "3423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD9"
182 "22222E04A4037C0713EB57A81A23F0C73473FC646CEA306B"
183 "4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A"
184 "062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A36"
185 "4597E899A0255DC164F31CC50846851DF9AB48195DED7EA1"
186 "B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F92"
187 "4009438B481C6CD7889A002ED5EE382BC9190DA6FC026E47"
188 "9558E4475677E9AA9E3050E2765694DFC81F56E880B96E71"
189 "60C980DD98EDD3DFFFFFFFFFFFFFFFFF";
190 static const char modp_dh_8192_generator[] = "02";
193 static const char modp_dh_1024_160_prime[] =
194 "B10B8F96A080E01DDE92DE5EAE5D54EC52C99FBCFB06A3C6"
195 "9A6A9DCA52D23B616073E28675A23D189838EF1E2EE652C0"
196 "13ECB4AEA906112324975C3CD49B83BFACCBDD7D90C4BD70"
197 "98488E9C219A73724EFFD6FAE5644738FAA31A4FF55BCCC0"
198 "A151AF5F0DC8B4BD45BF37DF365C1A65E68CFDA76D4DA708" "DF1FB2BC2E4A4371";
199 static const char modp_dh_1024_160_generator[] =
200 "A4D1CBD5C3FD34126765A442EFB99905F8104DD258AC507F"
201 "D6406CFF14266D31266FEA1E5C41564B777E690F5504F213"
202 "160217B4B01B886A5E91547F9E2749F4D7FBD7D3B9A92EE1"
203 "909D0D2263F80A76A6A24C087A091F531DBF0A0169B6A28A"
204 "D662A4D18E73AFA32D779D5918D08BC8858F4DCEF97C2A24" "855E6EEB22B3B2E5";
206 static const char modp_dh_2048_224_prime[] =
207 "AD107E1E9123A9D0D660FAA79559C51FA20D64E5683B9FD1"
208 "B54B1597B61D0A75E6FA141DF95A56DBAF9A3C407BA1DF15"
209 "EB3D688A309C180E1DE6B85A1274A0A66D3F8152AD6AC212"
210 "9037C9EDEFDA4DF8D91E8FEF55B7394B7AD5B7D0B6C12207"
211 "C9F98D11ED34DBF6C6BA0B2C8BBC27BE6A00E0A0B9C49708"
212 "B3BF8A317091883681286130BC8985DB1602E714415D9330"
213 "278273C7DE31EFDC7310F7121FD5A07415987D9ADC0A486D"
214 "CDF93ACC44328387315D75E198C641A480CD86A1B9E587E8"
215 "BE60E69CC928B2B9C52172E413042E9B23F10B0E16E79763"
216 "C9B53DCF4BA80A29E3FB73C16B8E75B97EF363E2FFA31F71"
217 "CF9DE5384E71B81C0AC4DFFE0C10E64F";
218 static const char modp_dh_2048_224_generator[] =
219 "AC4032EF4F2D9AE39DF30B5C8FFDAC506CDEBE7B89998CAF"
220 "74866A08CFE4FFE3A6824A4E10B9A6F0DD921F01A70C4AFA"
221 "AB739D7700C29F52C57DB17C620A8652BE5E9001A8D66AD7"
222 "C17669101999024AF4D027275AC1348BB8A762D0521BC98A"
223 "E247150422EA1ED409939D54DA7460CDB5F6C6B250717CBE"
224 "F180EB34118E98D119529A45D6F834566E3025E316A330EF"
225 "BB77A86F0C1AB15B051AE3D428C8F8ACB70A8137150B8EEB"
226 "10E183EDD19963DDD9E263E4770589EF6AA21E7F5F2FF381"
227 "B539CCE3409D13CD566AFBB48D6C019181E1BCFE94B30269"
228 "EDFE72FE9B6AA4BD7B5A0F1C71CFFF4C19C418E1F6EC0179"
229 "81BC087F2A7065B384B890D3191F2BFA";
231 static const char modp_dh_2048_256_prime[] =
232 "87A8E61DB4B6663CFFBBD19C651959998CEEF608660DD0F2"
233 "5D2CEED4435E3B00E00DF8F1D61957D4FAF7DF4561B2AA30"
234 "16C3D91134096FAA3BF4296D830E9A7C209E0C6497517ABD"
235 "5A8A9D306BCF67ED91F9E6725B4758C022E0B1EF4275BF7B"
236 "6C5BFC11D45F9088B941F54EB1E59BB8BC39A0BF12307F5C"
237 "4FDB70C581B23F76B63ACAE1CAA6B7902D52526735488A0E"
238 "F13C6D9A51BFA4AB3AD8347796524D8EF6A167B5A41825D9"
239 "67E144E5140564251CCACB83E6B486F6B3CA3F7971506026"
240 "C0B857F689962856DED4010ABD0BE621C3A3960A54E710C3"
241 "75F26375D7014103A4B54330C198AF126116D2276E11715F"
242 "693877FAD7EF09CADB094AE91E1A1597";
243 static const char modp_dh_2048_256_generator[] =
244 "3FB32C9B73134D0B2E77506660EDBD484CA7B18F21EF2054"
245 "07F4793A1A0BA12510DBC15077BE463FFF4FED4AAC0BB555"
246 "BE3A6C1B0C6B47B1BC3773BF7E8C6F62901228F8C28CBB18"
247 "A55AE31341000A650196F931C77A57F2DDF463E5E9EC144B"
248 "777DE62AAAB8A8628AC376D282D6ED3864E67982428EBC83"
249 "1D14348F6F2F9193B5045AF2767164E1DFC967C1FB3F2E55"
250 "A4BD1BFFE83B9C80D052B985D182EA0ADB2A3B7313D3FE14"
251 "C8484B1E052588B9B7D2BBD2DF016199ECD06E1557CD0915"
252 "B3353BBB64E0EC377FD028370DF92B52C7891428CDC67EB6"
253 "184B523D1DB246C32F63078490F00EF8D647D148D4795451"
254 "5E2327CFEF98C582664B4C0F6CC41659";
257 ikev2_calc_prf (ikev2_sa_transform_t * tr, v8 * key, v8 * data)
259 ikev2_main_per_thread_data_t *ptd = ikev2_get_per_thread_data ();
260 HMAC_CTX *ctx = ptd->hmac_ctx;
262 unsigned int len = 0;
264 prf = vec_new (u8, tr->key_trunc);
265 HMAC_Init_ex (ctx, key, vec_len (key), tr->md, NULL);
266 HMAC_Update (ctx, data, vec_len (data));
267 HMAC_Final (ctx, prf, &len);
268 ASSERT (len == tr->key_trunc);
274 ikev2_calc_prfplus (ikev2_sa_transform_t * tr, u8 * key, u8 * seed, int len)
276 v8 *t = 0, *s = 0, *tmp = 0, *ret = 0;
279 /* prf+ (K,S) = T1 | T2 | T3 | T4 | ...
282 T1 = prf (K, S | 0x01)
283 T2 = prf (K, T1 | S | 0x02)
284 T3 = prf (K, T2 | S | 0x03)
285 T4 = prf (K, T3 | S | 0x04)
288 while (vec_len (ret) < len && x < 255)
296 vec_append (s, seed);
297 vec_add2 (s, tmp, 1);
299 t = ikev2_calc_prf (tr, key, s);
316 ikev2_calc_integr (ikev2_sa_transform_t * tr, v8 * key, u8 * data, int len)
318 ikev2_main_per_thread_data_t *ptd = ikev2_get_per_thread_data ();
319 HMAC_CTX *ctx = ptd->hmac_ctx;
323 ASSERT (tr->type == IKEV2_TRANSFORM_TYPE_INTEG);
325 r = vec_new (u8, tr->key_len);
327 if (tr->md == EVP_sha1 ())
329 ikev2_elog_debug ("integrity checking with sha1");
331 else if (tr->md == EVP_sha256 ())
333 ikev2_elog_debug ("integrity checking with sha256");
336 /* verify integrity of data */
337 HMAC_Init_ex (ctx, key, vec_len (key), tr->md, NULL);
338 HMAC_Update (ctx, (const u8 *) data, len);
339 HMAC_Final (ctx, r, &l);
340 ASSERT (l == tr->key_len);
345 static_always_inline void
346 ikev2_init_gcm_nonce (u8 * nonce, u8 * salt, u8 * iv)
348 clib_memcpy (nonce, salt, IKEV2_GCM_SALT_SIZE);
349 clib_memcpy (nonce + IKEV2_GCM_SALT_SIZE, iv, IKEV2_GCM_IV_SIZE);
353 ikev2_decrypt_aead_data (ikev2_main_per_thread_data_t * ptd, ikev2_sa_t * sa,
354 ikev2_sa_transform_t * tr_encr, u8 * data,
355 int data_len, u8 * aad, u32 aad_len, u8 * tag)
357 EVP_CIPHER_CTX *ctx = ptd->evp_ctx;
359 u8 *key = sa->is_initiator ? sa->sk_er : sa->sk_ei;
360 u8 nonce[IKEV2_GCM_NONCE_SIZE];
362 if (data_len <= IKEV2_GCM_IV_SIZE)
366 /* extract salt from the end of the key */
367 u8 *salt = key + vec_len (key) - IKEV2_GCM_SALT_SIZE;
368 ikev2_init_gcm_nonce (nonce, salt, data);
370 data += IKEV2_GCM_IV_SIZE;
371 data_len -= IKEV2_GCM_IV_SIZE;
372 v8 *r = vec_new (u8, data_len);
374 EVP_DecryptInit_ex (ctx, tr_encr->cipher, 0, 0, 0);
375 EVP_CIPHER_CTX_ctrl (ctx, EVP_CTRL_GCM_SET_IVLEN, 12, 0);
376 EVP_DecryptInit_ex (ctx, 0, 0, key, nonce);
377 EVP_DecryptUpdate (ctx, 0, &len, aad, aad_len);
378 EVP_DecryptUpdate (ctx, r, &len, data, data_len);
379 EVP_CIPHER_CTX_ctrl (ctx, EVP_CTRL_GCM_SET_TAG, IKEV2_GCM_ICV_SIZE, tag);
381 if (EVP_DecryptFinal_ex (ctx, r + len, &len) > 0)
384 _vec_len (r) -= r[vec_len (r) - 1] + 1;
393 ikev2_decrypt_data (ikev2_main_per_thread_data_t * ptd, ikev2_sa_t * sa,
394 ikev2_sa_transform_t * tr_encr, u8 * data, int len)
396 EVP_CIPHER_CTX *ctx = ptd->evp_ctx;
397 int out_len = 0, block_size;
398 u8 *key = sa->is_initiator ? sa->sk_er : sa->sk_ei;
399 block_size = tr_encr->block_size;
401 /* check if data is multiplier of cipher block size */
402 if (len % block_size)
404 ikev2_elog_error ("wrong data length");
408 v8 *r = vec_new (u8, len - block_size);
409 EVP_DecryptInit_ex (ctx, tr_encr->cipher, NULL, key, data);
410 EVP_DecryptUpdate (ctx, r, &out_len, data + block_size, len - block_size);
411 EVP_DecryptFinal_ex (ctx, r + out_len, &out_len);
413 _vec_len (r) -= r[vec_len (r) - 1] + 1;
419 ikev2_encrypt_aead_data (ikev2_main_per_thread_data_t * ptd, ikev2_sa_t * sa,
420 ikev2_sa_transform_t * tr_encr,
421 v8 * src, u8 * dst, u8 * aad, u32 aad_len, u8 * tag)
423 EVP_CIPHER_CTX *ctx = ptd->evp_ctx;
424 int out_len = 0, len = 0;
425 u8 nonce[IKEV2_GCM_NONCE_SIZE];
426 u8 *key = sa->is_initiator ? sa->sk_ei : sa->sk_er;
428 /* generate IV; its length must be 8 octets for aes-gcm (rfc5282) */
429 RAND_bytes (dst, IKEV2_GCM_IV_SIZE);
430 ikev2_init_gcm_nonce (nonce, key + vec_len (key) - IKEV2_GCM_SALT_SIZE,
432 dst += IKEV2_GCM_IV_SIZE;
434 EVP_EncryptInit_ex (ctx, tr_encr->cipher, 0, 0, 0);
435 EVP_CIPHER_CTX_ctrl (ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL);
436 EVP_EncryptInit_ex (ctx, 0, 0, key, nonce);
437 EVP_EncryptUpdate (ctx, NULL, &out_len, aad, aad_len);
438 EVP_EncryptUpdate (ctx, dst, &out_len, src, vec_len (src));
439 EVP_EncryptFinal_ex (ctx, dst + out_len, &len);
440 EVP_CIPHER_CTX_ctrl (ctx, EVP_CTRL_GCM_GET_TAG, 16, tag);
442 ASSERT (vec_len (src) == out_len);
444 return out_len + IKEV2_GCM_IV_SIZE;
448 ikev2_encrypt_data (ikev2_main_per_thread_data_t * ptd, ikev2_sa_t * sa,
449 ikev2_sa_transform_t * tr_encr, v8 * src, u8 * dst)
451 EVP_CIPHER_CTX *ctx = ptd->evp_ctx;
452 int out_len = 0, len = 0;
453 int bs = tr_encr->block_size;
454 u8 *key = sa->is_initiator ? sa->sk_ei : sa->sk_er;
461 EVP_EncryptInit_ex (ctx, tr_encr->cipher, NULL, key, iv);
462 /* disable padding as pad data were added before */
463 EVP_CIPHER_CTX_set_padding (ctx, 0);
464 EVP_EncryptUpdate (ctx, dst, &out_len, src, vec_len (src));
465 EVP_EncryptFinal_ex (ctx, dst + out_len, &len);
468 ASSERT (vec_len (src) == out_len);
475 BN_bn2binpad (const BIGNUM * a, unsigned char *to, int tolen)
477 int r = BN_bn2bin (a, to);
482 vec_insert (to, pad, 0);
483 clib_memset (to, 0, pad);
484 _vec_len (to) -= pad;
491 ikev2_generate_dh (ikev2_sa_t * sa, ikev2_sa_transform_t * t)
495 if (t->dh_group == IKEV2_DH_GROUP_MODP)
498 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
501 const BIGNUM *pub_key, *priv_key;
503 BN_hex2bn (&p, t->dh_p);
504 BN_hex2bn (&g, t->dh_g);
505 DH_set0_pqg (dh, p, NULL, g);
507 BN_hex2bn (&dh->p, t->dh_p);
508 BN_hex2bn (&dh->g, t->dh_g);
510 DH_generate_key (dh);
512 if (sa->is_initiator)
514 sa->i_dh_data = vec_new (u8, t->key_len);
515 sa->dh_private_key = vec_new (u8, t->key_len);
516 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
517 DH_get0_key (dh, &pub_key, &priv_key);
518 r = BN_bn2binpad (pub_key, sa->i_dh_data, t->key_len);
519 ASSERT (r == t->key_len);
520 r = BN_bn2binpad (priv_key, sa->dh_private_key, t->key_len);
522 r = BN_bn2binpad (dh->pub_key, sa->i_dh_data, t->key_len);
523 ASSERT (r == t->key_len);
524 r = BN_bn2binpad (dh->priv_key, sa->dh_private_key, t->key_len);
526 ASSERT (r == t->key_len);
530 sa->r_dh_data = vec_new (u8, t->key_len);
531 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
532 DH_get0_key (dh, &pub_key, &priv_key);
533 r = BN_bn2binpad (pub_key, sa->r_dh_data, t->key_len);
535 r = BN_bn2binpad (dh->pub_key, sa->r_dh_data, t->key_len);
537 ASSERT (r == t->key_len);
540 sa->dh_shared_key = vec_new (u8, t->key_len);
541 ex = BN_bin2bn (sa->i_dh_data, vec_len (sa->i_dh_data), NULL);
542 r = DH_compute_key (sa->dh_shared_key, ex, dh);
543 ASSERT (t->key_len >= r);
544 int pad = t->key_len - r;
547 vec_insert (sa->dh_shared_key, pad, 0);
548 clib_memset (sa->dh_shared_key, 0, pad);
549 _vec_len (sa->dh_shared_key) -= pad;
555 else if (t->dh_group == IKEV2_DH_GROUP_ECP)
557 EC_KEY *ec = EC_KEY_new_by_curve_name (t->nid);
560 EC_KEY_generate_key (ec);
562 const EC_POINT *r_point = EC_KEY_get0_public_key (ec);
563 const EC_GROUP *group = EC_KEY_get0_group (ec);
564 BIGNUM *x = NULL, *y = NULL;
565 BN_CTX *bn_ctx = BN_CTX_new ();
566 u16 x_off, y_off, len;
567 EC_POINT *i_point = EC_POINT_new (group);
568 EC_POINT *shared_point = EC_POINT_new (group);
572 len = t->key_len / 2;
574 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
575 EC_POINT_get_affine_coordinates (group, r_point, x, y, bn_ctx);
577 EC_POINT_get_affine_coordinates_GFp (group, r_point, x, y, bn_ctx);
580 if (sa->is_initiator)
582 sa->i_dh_data = vec_new (u8, t->key_len);
583 x_off = len - BN_num_bytes (x);
584 clib_memset (sa->i_dh_data, 0, x_off);
585 BN_bn2bin (x, sa->i_dh_data + x_off);
586 y_off = t->key_len - BN_num_bytes (y);
587 clib_memset (sa->i_dh_data + len, 0, y_off - len);
588 BN_bn2bin (y, sa->i_dh_data + y_off);
590 const BIGNUM *prv = EC_KEY_get0_private_key (ec);
591 sa->dh_private_key = vec_new (u8, BN_num_bytes (prv));
592 r = BN_bn2bin (prv, sa->dh_private_key);
593 ASSERT (r == BN_num_bytes (prv));
597 sa->r_dh_data = vec_new (u8, t->key_len);
598 x_off = len - BN_num_bytes (x);
599 clib_memset (sa->r_dh_data, 0, x_off);
600 BN_bn2bin (x, sa->r_dh_data + x_off);
601 y_off = t->key_len - BN_num_bytes (y);
602 clib_memset (sa->r_dh_data + len, 0, y_off - len);
603 BN_bn2bin (y, sa->r_dh_data + y_off);
605 x = BN_bin2bn (sa->i_dh_data, len, x);
606 y = BN_bin2bn (sa->i_dh_data + len, len, y);
607 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
608 EC_POINT_set_affine_coordinates (group, i_point, x, y, bn_ctx);
610 EC_POINT_set_affine_coordinates_GFp (group, i_point, x, y, bn_ctx);
612 sa->dh_shared_key = vec_new (u8, t->key_len);
613 EC_POINT_mul (group, shared_point, NULL, i_point,
614 EC_KEY_get0_private_key (ec), NULL);
615 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
616 EC_POINT_get_affine_coordinates (group, shared_point, x, y, bn_ctx);
618 EC_POINT_get_affine_coordinates_GFp (group, shared_point, x, y,
621 x_off = len - BN_num_bytes (x);
622 clib_memset (sa->dh_shared_key, 0, x_off);
623 BN_bn2bin (x, sa->dh_shared_key + x_off);
624 y_off = t->key_len - BN_num_bytes (y);
625 clib_memset (sa->dh_shared_key + len, 0, y_off - len);
626 BN_bn2bin (y, sa->dh_shared_key + y_off);
632 BN_CTX_free (bn_ctx);
633 EC_POINT_free (i_point);
634 EC_POINT_free (shared_point);
639 ikev2_complete_dh (ikev2_sa_t * sa, ikev2_sa_transform_t * t)
643 if (t->dh_group == IKEV2_DH_GROUP_MODP)
646 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
651 BN_hex2bn (&p, t->dh_p);
652 BN_hex2bn (&g, t->dh_g);
653 DH_set0_pqg (dh, p, NULL, g);
656 BN_bin2bn (sa->dh_private_key, vec_len (sa->dh_private_key), NULL);
657 DH_set0_key (dh, NULL, priv_key);
659 BN_hex2bn (&dh->p, t->dh_p);
660 BN_hex2bn (&dh->g, t->dh_g);
663 BN_bin2bn (sa->dh_private_key, vec_len (sa->dh_private_key), NULL);
666 sa->dh_shared_key = vec_new (u8, t->key_len);
667 ex = BN_bin2bn (sa->r_dh_data, vec_len (sa->r_dh_data), NULL);
668 r = DH_compute_key (sa->dh_shared_key, ex, dh);
669 ASSERT (t->key_len >= r);
670 int pad = t->key_len - r;
673 vec_insert (sa->dh_shared_key, pad, 0);
674 clib_memset (sa->dh_shared_key, 0, pad);
675 _vec_len (sa->dh_shared_key) -= pad;
680 else if (t->dh_group == IKEV2_DH_GROUP_ECP)
682 EC_KEY *ec = EC_KEY_new_by_curve_name (t->nid);
685 const EC_GROUP *group = EC_KEY_get0_group (ec);
686 BIGNUM *x = NULL, *y = NULL;
687 BN_CTX *bn_ctx = BN_CTX_new ();
688 u16 x_off, y_off, len;
692 BN_bin2bn (sa->dh_private_key, vec_len (sa->dh_private_key), NULL);
693 EC_KEY_set_private_key (ec, prv);
697 len = t->key_len / 2;
699 x = BN_bin2bn (sa->r_dh_data, len, x);
700 y = BN_bin2bn (sa->r_dh_data + len, len, y);
701 EC_POINT *r_point = EC_POINT_new (group);
702 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
703 EC_POINT_set_affine_coordinates (group, r_point, x, y, bn_ctx);
705 EC_POINT_set_affine_coordinates_GFp (group, r_point, x, y, bn_ctx);
707 EC_KEY_set_public_key (ec, r_point);
709 EC_POINT *i_point = EC_POINT_new (group);
710 EC_POINT *shared_point = EC_POINT_new (group);
712 x = BN_bin2bn (sa->i_dh_data, len, x);
713 y = BN_bin2bn (sa->i_dh_data + len, len, y);
714 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
715 EC_POINT_set_affine_coordinates (group, i_point, x, y, bn_ctx);
717 EC_POINT_set_affine_coordinates_GFp (group, i_point, x, y, bn_ctx);
719 EC_POINT_mul (group, shared_point, NULL, r_point,
720 EC_KEY_get0_private_key (ec), NULL);
721 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
722 EC_POINT_get_affine_coordinates (group, shared_point, x, y, bn_ctx);
724 EC_POINT_get_affine_coordinates_GFp (group, shared_point, x, y, bn_ctx);
726 sa->dh_shared_key = vec_new (u8, t->key_len);
727 x_off = len - BN_num_bytes (x);
728 clib_memset (sa->dh_shared_key, 0, x_off);
729 BN_bn2bin (x, sa->dh_shared_key + x_off);
730 y_off = t->key_len - BN_num_bytes (y);
731 clib_memset (sa->dh_shared_key + len, 0, y_off - len);
732 BN_bn2bin (y, sa->dh_shared_key + y_off);
738 BN_CTX_free (bn_ctx);
739 EC_POINT_free (i_point);
740 EC_POINT_free (r_point);
741 EC_POINT_free (shared_point);
746 ikev2_verify_sign (EVP_PKEY * pkey, u8 * sigbuf, u8 * data)
749 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
750 EVP_MD_CTX *md_ctx = EVP_MD_CTX_new ();
753 EVP_MD_CTX_init (&md_ctx);
756 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
757 EVP_VerifyInit (md_ctx, EVP_sha1 ());
758 EVP_VerifyUpdate (md_ctx, data, vec_len (data));
760 EVP_VerifyInit_ex (&md_ctx, EVP_sha1 (), NULL);
761 EVP_VerifyUpdate (&md_ctx, data, vec_len (data));
764 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
765 verify = EVP_VerifyFinal (md_ctx, sigbuf, vec_len (sigbuf), pkey);
766 EVP_MD_CTX_free (md_ctx);
768 verify = EVP_VerifyFinal (&md_ctx, sigbuf, vec_len (sigbuf), pkey);
769 EVP_MD_CTX_cleanup (&md_ctx);
775 ikev2_calc_sign (EVP_PKEY * pkey, u8 * data)
777 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
778 EVP_MD_CTX *md_ctx = EVP_MD_CTX_new ();
781 EVP_MD_CTX_init (&md_ctx);
783 unsigned int sig_len = 0;
786 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
787 EVP_SignInit (md_ctx, EVP_sha1 ());
788 EVP_SignUpdate (md_ctx, data, vec_len (data));
790 EVP_SignFinal (md_ctx, NULL, &sig_len, pkey);
791 sign = vec_new (u8, sig_len);
793 EVP_SignFinal (md_ctx, sign, &sig_len, pkey);
794 EVP_MD_CTX_free (md_ctx);
796 EVP_SignInit (&md_ctx, EVP_sha1 ());
797 EVP_SignUpdate (&md_ctx, data, vec_len (data));
799 EVP_SignFinal (&md_ctx, NULL, &sig_len, pkey);
800 sign = vec_new (u8, sig_len);
802 EVP_SignFinal (&md_ctx, sign, &sig_len, pkey);
803 EVP_MD_CTX_cleanup (&md_ctx);
809 ikev2_load_cert_file (u8 * file)
813 EVP_PKEY *pkey = NULL;
815 fp = fopen ((char *) file, "r");
818 ikev2_log_error ("open %s failed", file);
822 x509 = PEM_read_X509 (fp, NULL, NULL, NULL);
826 ikev2_log_error ("read cert %s failed", file);
830 pkey = X509_get_pubkey (x509);
833 ikev2_log_error ("get pubkey %s failed", file);
840 ikev2_load_key_file (u8 * file)
843 EVP_PKEY *pkey = NULL;
845 fp = fopen ((char *) file, "r");
848 ikev2_log_error ("open %s failed", file);
852 pkey = PEM_read_PrivateKey (fp, NULL, NULL, NULL);
855 ikev2_log_error ("read %s failed", file);
862 ikev2_crypto_init (ikev2_main_t * km)
864 ikev2_sa_transform_t *tr;
866 /* vector of supported transforms - in order of preference */
870 vec_add2 (km->supported_transforms, tr, 1);
871 tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
872 tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
873 tr->key_len = 256 / 8;
874 tr->block_size = 128 / 8;
875 tr->cipher = EVP_aes_256_cbc ();
877 vec_add2 (km->supported_transforms, tr, 1);
878 tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
879 tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
880 tr->key_len = 192 / 8;
881 tr->block_size = 128 / 8;
882 tr->cipher = EVP_aes_192_cbc ();
884 vec_add2 (km->supported_transforms, tr, 1);
885 tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
886 tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
887 tr->key_len = 128 / 8;
888 tr->block_size = 128 / 8;
889 tr->cipher = EVP_aes_128_cbc ();
891 vec_add2 (km->supported_transforms, tr, 1);
892 tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
893 tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_GCM_16;
894 tr->key_len = 256 / 8;
895 tr->block_size = 128 / 8;
896 tr->cipher = EVP_aes_256_gcm ();
898 vec_add2 (km->supported_transforms, tr, 1);
899 tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
900 tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_GCM_16;
901 tr->key_len = 192 / 8;
902 tr->block_size = 128 / 8;
903 tr->cipher = EVP_aes_192_gcm ();
905 vec_add2 (km->supported_transforms, tr, 1);
906 tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
907 tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_GCM_16;
908 tr->key_len = 128 / 8;
909 tr->block_size = 128 / 8;
910 tr->cipher = EVP_aes_128_gcm ();
913 vec_add2 (km->supported_transforms, tr, 1);
914 tr->type = IKEV2_TRANSFORM_TYPE_PRF;
915 tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA2_256;
916 tr->key_len = 256 / 8;
917 tr->key_trunc = 256 / 8;
918 tr->md = EVP_sha256 ();
920 vec_add2 (km->supported_transforms, tr, 1);
921 tr->type = IKEV2_TRANSFORM_TYPE_PRF;
922 tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA2_384;
923 tr->key_len = 384 / 8;
924 tr->key_trunc = 384 / 8;
925 tr->md = EVP_sha384 ();
927 vec_add2 (km->supported_transforms, tr, 1);
928 tr->type = IKEV2_TRANSFORM_TYPE_PRF;
929 tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA2_512;
930 tr->key_len = 512 / 8;
931 tr->key_trunc = 512 / 8;
932 tr->md = EVP_sha512 ();
934 vec_add2 (km->supported_transforms, tr, 1);
935 tr->type = IKEV2_TRANSFORM_TYPE_PRF;
936 tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA1;
937 tr->key_len = 160 / 8;
938 tr->key_trunc = 160 / 8;
939 tr->md = EVP_sha1 ();
942 vec_add2 (km->supported_transforms, tr, 1);
943 tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
944 tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA2_256_128;
945 tr->key_len = 256 / 8;
946 tr->key_trunc = 128 / 8;
947 tr->md = EVP_sha256 ();
949 vec_add2 (km->supported_transforms, tr, 1);
950 tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
951 tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA2_384_192;
952 tr->key_len = 384 / 8;
953 tr->key_trunc = 192 / 8;
954 tr->md = EVP_sha384 ();
956 vec_add2 (km->supported_transforms, tr, 1);
957 tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
958 tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA2_512_256;
959 tr->key_len = 512 / 8;
960 tr->key_trunc = 256 / 8;
961 tr->md = EVP_sha512 ();
963 vec_add2 (km->supported_transforms, tr, 1);
964 tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
965 tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA1_160;
966 tr->key_len = 160 / 8;
967 tr->key_trunc = 160 / 8;
968 tr->md = EVP_sha1 ();
970 vec_add2 (km->supported_transforms, tr, 1);
971 tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
972 tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA1_96;
973 tr->key_len = 160 / 8;
974 tr->key_trunc = 96 / 8;
975 tr->md = EVP_sha1 ();
978 #if defined(OPENSSL_NO_CISCO_FECDH)
979 vec_add2 (km->supported_transforms, tr, 1);
980 tr->type = IKEV2_TRANSFORM_TYPE_DH;
981 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_512;
982 tr->key_len = (512 * 2) / 8;
983 tr->nid = NID_brainpoolP512r1;
984 tr->dh_group = IKEV2_DH_GROUP_ECP;
986 vec_add2 (km->supported_transforms, tr, 1);
987 tr->type = IKEV2_TRANSFORM_TYPE_DH;
988 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_384;
989 tr->key_len = (384 * 2) / 8;
990 tr->nid = NID_brainpoolP384r1;
991 tr->dh_group = IKEV2_DH_GROUP_ECP;
993 vec_add2 (km->supported_transforms, tr, 1);
994 tr->type = IKEV2_TRANSFORM_TYPE_DH;
995 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_256;
996 tr->key_len = (256 * 2) / 8;
997 tr->nid = NID_brainpoolP256r1;
998 tr->dh_group = IKEV2_DH_GROUP_ECP;
1000 vec_add2 (km->supported_transforms, tr, 1);
1001 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1002 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_224;
1003 tr->key_len = (224 * 2) / 8;
1004 tr->nid = NID_brainpoolP224r1;
1005 tr->dh_group = IKEV2_DH_GROUP_ECP;
1007 vec_add2 (km->supported_transforms, tr, 1);
1008 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1009 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_224;
1010 tr->key_len = (224 * 2) / 8;
1011 tr->nid = NID_secp224r1;
1012 tr->dh_group = IKEV2_DH_GROUP_ECP;
1015 vec_add2 (km->supported_transforms, tr, 1);
1016 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1017 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_521;
1018 tr->key_len = (528 * 2) / 8;
1019 tr->nid = NID_secp521r1;
1020 tr->dh_group = IKEV2_DH_GROUP_ECP;
1022 vec_add2 (km->supported_transforms, tr, 1);
1023 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1024 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_384;
1025 tr->key_len = (384 * 2) / 8;
1026 tr->nid = NID_secp384r1;
1027 tr->dh_group = IKEV2_DH_GROUP_ECP;
1029 vec_add2 (km->supported_transforms, tr, 1);
1030 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1031 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_256;
1032 tr->key_len = (256 * 2) / 8;
1033 tr->nid = NID_X9_62_prime256v1;
1034 tr->dh_group = IKEV2_DH_GROUP_ECP;
1036 vec_add2 (km->supported_transforms, tr, 1);
1037 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1038 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_192;
1039 tr->key_len = (192 * 2) / 8;
1040 tr->nid = NID_X9_62_prime192v1;
1041 tr->dh_group = IKEV2_DH_GROUP_ECP;
1043 vec_add2 (km->supported_transforms, tr, 1);
1044 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1045 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048_256;
1046 tr->key_len = 2048 / 8;
1047 tr->dh_p = (const char *) &modp_dh_2048_256_prime;
1048 tr->dh_g = (const char *) &modp_dh_2048_256_generator;
1049 tr->dh_group = IKEV2_DH_GROUP_MODP;
1051 vec_add2 (km->supported_transforms, tr, 1);
1052 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1053 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048_224;
1054 tr->key_len = 2048 / 8;
1055 tr->dh_p = (const char *) &modp_dh_2048_224_prime;
1056 tr->dh_g = (const char *) &modp_dh_2048_224_generator;
1057 tr->dh_group = IKEV2_DH_GROUP_MODP;
1059 vec_add2 (km->supported_transforms, tr, 1);
1060 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1061 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1024_160;
1062 tr->key_len = 1024 / 8;
1063 tr->dh_p = (const char *) &modp_dh_1024_160_prime;
1064 tr->dh_g = (const char *) &modp_dh_1024_160_generator;
1065 tr->dh_group = IKEV2_DH_GROUP_MODP;
1067 vec_add2 (km->supported_transforms, tr, 1);
1068 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1069 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_8192;
1070 tr->key_len = 8192 / 8;
1071 tr->dh_p = (const char *) &modp_dh_8192_prime;
1072 tr->dh_g = (const char *) &modp_dh_8192_generator;
1073 tr->dh_group = IKEV2_DH_GROUP_MODP;
1075 vec_add2 (km->supported_transforms, tr, 1);
1076 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1077 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_6144;
1078 tr->key_len = 6144 / 8;
1079 tr->dh_p = (const char *) &modp_dh_6144_prime;
1080 tr->dh_g = (const char *) &modp_dh_6144_generator;
1081 tr->dh_group = IKEV2_DH_GROUP_MODP;
1083 vec_add2 (km->supported_transforms, tr, 1);
1084 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1085 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_4096;
1086 tr->key_len = 4096 / 8;
1087 tr->dh_p = (const char *) &modp_dh_4096_prime;
1088 tr->dh_g = (const char *) &modp_dh_4096_generator;
1089 tr->dh_group = IKEV2_DH_GROUP_MODP;
1091 vec_add2 (km->supported_transforms, tr, 1);
1092 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1093 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_3072;
1094 tr->key_len = 3072 / 8;
1095 tr->dh_p = (const char *) &modp_dh_3072_prime;
1096 tr->dh_g = (const char *) &modp_dh_3072_generator;
1097 tr->dh_group = IKEV2_DH_GROUP_MODP;
1099 vec_add2 (km->supported_transforms, tr, 1);
1100 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1101 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048;
1102 tr->key_len = 2048 / 8;
1103 tr->dh_p = (const char *) &modp_dh_2048_prime;
1104 tr->dh_g = (const char *) &modp_dh_2048_generator;
1105 tr->dh_group = IKEV2_DH_GROUP_MODP;
1107 vec_add2 (km->supported_transforms, tr, 1);
1108 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1109 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1536;
1110 tr->key_len = 1536 / 8;
1111 tr->dh_p = (const char *) &modp_dh_1536_prime;
1112 tr->dh_g = (const char *) &modp_dh_1536_generator;
1113 tr->dh_group = IKEV2_DH_GROUP_MODP;
1115 vec_add2 (km->supported_transforms, tr, 1);
1116 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1117 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1024;
1118 tr->key_len = 1024 / 8;
1119 tr->dh_p = (const char *) &modp_dh_1024_prime;
1120 tr->dh_g = (const char *) &modp_dh_1024_generator;
1121 tr->dh_group = IKEV2_DH_GROUP_MODP;
1123 vec_add2 (km->supported_transforms, tr, 1);
1124 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1125 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_768;
1126 tr->key_len = 768 / 8;
1127 tr->dh_p = (const char *) &modp_dh_768_prime;
1128 tr->dh_g = (const char *) &modp_dh_768_generator;
1129 tr->dh_group = IKEV2_DH_GROUP_MODP;
1131 vec_add2 (km->supported_transforms, tr, 1);
1132 tr->type = IKEV2_TRANSFORM_TYPE_ESN;
1133 tr->esn_type = IKEV2_TRANSFORM_ESN_TYPE_ESN;
1135 vec_add2 (km->supported_transforms, tr, 1);
1136 tr->type = IKEV2_TRANSFORM_TYPE_ESN;
1137 tr->esn_type = IKEV2_TRANSFORM_ESN_TYPE_NO_ESN;
1143 * fd.io coding-style-patch-verification: ON
1146 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob