2 * Copyright (c) 2015 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
16 #include <vlib/vlib.h>
17 #include <vnet/vnet.h>
18 #include <vppinfra/error.h>
19 #include <plugins/ikev2/ikev2.h>
20 #include <plugins/ikev2/ikev2_priv.h>
21 #include <openssl/obj_mac.h>
22 #include <openssl/ec.h>
23 #include <openssl/x509.h>
24 #include <openssl/pem.h>
25 #include <openssl/bn.h>
26 #include <openssl/dh.h>
29 static const char modp_dh_768_prime[] =
30 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
31 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
32 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
33 "E485B576625E7EC6F44C42E9A63A3620FFFFFFFFFFFFFFFF";
34 static const char modp_dh_768_generator[] = "02";
36 static const char modp_dh_1024_prime[] =
37 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
38 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
39 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
40 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
41 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381" "FFFFFFFFFFFFFFFF";
42 static const char modp_dh_1024_generator[] = "02";
45 static const char modp_dh_1536_prime[] =
46 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
47 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
48 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
49 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
50 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
51 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
52 "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
53 "670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF";
54 static const char modp_dh_1536_generator[] = "02";
56 static const char modp_dh_2048_prime[] =
57 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
58 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
59 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
60 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
61 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
62 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
63 "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
64 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
65 "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
66 "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
67 "15728E5A8AACAA68FFFFFFFFFFFFFFFF";
68 static const char modp_dh_2048_generator[] = "02";
70 static const char modp_dh_3072_prime[] =
71 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
72 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
73 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
74 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
75 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
76 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
77 "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
78 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
79 "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
80 "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
81 "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
82 "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
83 "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
84 "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
85 "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
86 "43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF";
87 static const char modp_dh_3072_generator[] = "02";
89 static const char modp_dh_4096_prime[] =
90 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
91 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
92 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
93 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
94 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
95 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
96 "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
97 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
98 "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
99 "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
100 "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
101 "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
102 "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
103 "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
104 "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
105 "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7"
106 "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA"
107 "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6"
108 "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED"
109 "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9"
110 "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199" "FFFFFFFFFFFFFFFF";
111 static const char modp_dh_4096_generator[] = "02";
113 static const char modp_dh_6144_prime[] =
114 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E08"
115 "8A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B"
116 "302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9"
117 "A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE6"
118 "49286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8"
119 "FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D"
120 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C"
121 "180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF695581718"
122 "3995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D"
123 "04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7D"
124 "B3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D226"
125 "1AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
126 "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFC"
127 "E0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B26"
128 "99C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB"
129 "04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2"
130 "233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127"
131 "D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492"
132 "36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406"
133 "AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918"
134 "DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B33205151"
135 "2BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03"
136 "F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97F"
137 "BEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA"
138 "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58B"
139 "B7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632"
140 "387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E"
141 "6DCC4024FFFFFFFFFFFFFFFF";
142 static const char modp_dh_6144_generator[] = "02";
144 static const char modp_dh_8192_prime[] =
145 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
146 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
147 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
148 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
149 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
150 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
151 "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
152 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
153 "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
154 "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
155 "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
156 "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
157 "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
158 "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
159 "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
160 "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7"
161 "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA"
162 "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6"
163 "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED"
164 "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9"
165 "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492"
166 "36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BD"
167 "F8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831"
168 "179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1B"
169 "DB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF"
170 "5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6"
171 "D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F3"
172 "23A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA"
173 "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE328"
174 "06A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55C"
175 "DA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE"
176 "12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E4"
177 "38777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300"
178 "741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F568"
179 "3423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD9"
180 "22222E04A4037C0713EB57A81A23F0C73473FC646CEA306B"
181 "4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A"
182 "062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A36"
183 "4597E899A0255DC164F31CC50846851DF9AB48195DED7EA1"
184 "B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F92"
185 "4009438B481C6CD7889A002ED5EE382BC9190DA6FC026E47"
186 "9558E4475677E9AA9E3050E2765694DFC81F56E880B96E71"
187 "60C980DD98EDD3DFFFFFFFFFFFFFFFFF";
188 static const char modp_dh_8192_generator[] = "02";
191 static const char modp_dh_1024_160_prime[] =
192 "B10B8F96A080E01DDE92DE5EAE5D54EC52C99FBCFB06A3C6"
193 "9A6A9DCA52D23B616073E28675A23D189838EF1E2EE652C0"
194 "13ECB4AEA906112324975C3CD49B83BFACCBDD7D90C4BD70"
195 "98488E9C219A73724EFFD6FAE5644738FAA31A4FF55BCCC0"
196 "A151AF5F0DC8B4BD45BF37DF365C1A65E68CFDA76D4DA708" "DF1FB2BC2E4A4371";
197 static const char modp_dh_1024_160_generator[] =
198 "A4D1CBD5C3FD34126765A442EFB99905F8104DD258AC507F"
199 "D6406CFF14266D31266FEA1E5C41564B777E690F5504F213"
200 "160217B4B01B886A5E91547F9E2749F4D7FBD7D3B9A92EE1"
201 "909D0D2263F80A76A6A24C087A091F531DBF0A0169B6A28A"
202 "D662A4D18E73AFA32D779D5918D08BC8858F4DCEF97C2A24" "855E6EEB22B3B2E5";
204 static const char modp_dh_2048_224_prime[] =
205 "AD107E1E9123A9D0D660FAA79559C51FA20D64E5683B9FD1"
206 "B54B1597B61D0A75E6FA141DF95A56DBAF9A3C407BA1DF15"
207 "EB3D688A309C180E1DE6B85A1274A0A66D3F8152AD6AC212"
208 "9037C9EDEFDA4DF8D91E8FEF55B7394B7AD5B7D0B6C12207"
209 "C9F98D11ED34DBF6C6BA0B2C8BBC27BE6A00E0A0B9C49708"
210 "B3BF8A317091883681286130BC8985DB1602E714415D9330"
211 "278273C7DE31EFDC7310F7121FD5A07415987D9ADC0A486D"
212 "CDF93ACC44328387315D75E198C641A480CD86A1B9E587E8"
213 "BE60E69CC928B2B9C52172E413042E9B23F10B0E16E79763"
214 "C9B53DCF4BA80A29E3FB73C16B8E75B97EF363E2FFA31F71"
215 "CF9DE5384E71B81C0AC4DFFE0C10E64F";
216 static const char modp_dh_2048_224_generator[] =
217 "AC4032EF4F2D9AE39DF30B5C8FFDAC506CDEBE7B89998CAF"
218 "74866A08CFE4FFE3A6824A4E10B9A6F0DD921F01A70C4AFA"
219 "AB739D7700C29F52C57DB17C620A8652BE5E9001A8D66AD7"
220 "C17669101999024AF4D027275AC1348BB8A762D0521BC98A"
221 "E247150422EA1ED409939D54DA7460CDB5F6C6B250717CBE"
222 "F180EB34118E98D119529A45D6F834566E3025E316A330EF"
223 "BB77A86F0C1AB15B051AE3D428C8F8ACB70A8137150B8EEB"
224 "10E183EDD19963DDD9E263E4770589EF6AA21E7F5F2FF381"
225 "B539CCE3409D13CD566AFBB48D6C019181E1BCFE94B30269"
226 "EDFE72FE9B6AA4BD7B5A0F1C71CFFF4C19C418E1F6EC0179"
227 "81BC087F2A7065B384B890D3191F2BFA";
229 static const char modp_dh_2048_256_prime[] =
230 "87A8E61DB4B6663CFFBBD19C651959998CEEF608660DD0F2"
231 "5D2CEED4435E3B00E00DF8F1D61957D4FAF7DF4561B2AA30"
232 "16C3D91134096FAA3BF4296D830E9A7C209E0C6497517ABD"
233 "5A8A9D306BCF67ED91F9E6725B4758C022E0B1EF4275BF7B"
234 "6C5BFC11D45F9088B941F54EB1E59BB8BC39A0BF12307F5C"
235 "4FDB70C581B23F76B63ACAE1CAA6B7902D52526735488A0E"
236 "F13C6D9A51BFA4AB3AD8347796524D8EF6A167B5A41825D9"
237 "67E144E5140564251CCACB83E6B486F6B3CA3F7971506026"
238 "C0B857F689962856DED4010ABD0BE621C3A3960A54E710C3"
239 "75F26375D7014103A4B54330C198AF126116D2276E11715F"
240 "693877FAD7EF09CADB094AE91E1A1597";
241 static const char modp_dh_2048_256_generator[] =
242 "3FB32C9B73134D0B2E77506660EDBD484CA7B18F21EF2054"
243 "07F4793A1A0BA12510DBC15077BE463FFF4FED4AAC0BB555"
244 "BE3A6C1B0C6B47B1BC3773BF7E8C6F62901228F8C28CBB18"
245 "A55AE31341000A650196F931C77A57F2DDF463E5E9EC144B"
246 "777DE62AAAB8A8628AC376D282D6ED3864E67982428EBC83"
247 "1D14348F6F2F9193B5045AF2767164E1DFC967C1FB3F2E55"
248 "A4BD1BFFE83B9C80D052B985D182EA0ADB2A3B7313D3FE14"
249 "C8484B1E052588B9B7D2BBD2DF016199ECD06E1557CD0915"
250 "B3353BBB64E0EC377FD028370DF92B52C7891428CDC67EB6"
251 "184B523D1DB246C32F63078490F00EF8D647D148D4795451"
252 "5E2327CFEF98C582664B4C0F6CC41659";
255 ikev2_calc_prf (ikev2_sa_transform_t * tr, v8 * key, v8 * data)
257 ikev2_main_per_thread_data_t *ptd = ikev2_get_per_thread_data ();
258 HMAC_CTX *ctx = ptd->hmac_ctx;
260 unsigned int len = 0;
262 prf = vec_new (u8, tr->key_trunc);
263 HMAC_Init_ex (ctx, key, vec_len (key), tr->md, NULL);
264 HMAC_Update (ctx, data, vec_len (data));
265 HMAC_Final (ctx, prf, &len);
266 ASSERT (len == tr->key_trunc);
272 ikev2_calc_prfplus (ikev2_sa_transform_t * tr, u8 * key, u8 * seed, int len)
274 v8 *t = 0, *s = 0, *tmp = 0, *ret = 0;
277 /* prf+ (K,S) = T1 | T2 | T3 | T4 | ...
280 T1 = prf (K, S | 0x01)
281 T2 = prf (K, T1 | S | 0x02)
282 T3 = prf (K, T2 | S | 0x03)
283 T4 = prf (K, T3 | S | 0x04)
286 while (vec_len (ret) < len && x < 255)
294 vec_append (s, seed);
295 vec_add2 (s, tmp, 1);
297 t = ikev2_calc_prf (tr, key, s);
314 ikev2_calc_integr (ikev2_sa_transform_t * tr, v8 * key, u8 * data, int len)
316 ikev2_main_per_thread_data_t *ptd = ikev2_get_per_thread_data ();
317 HMAC_CTX *ctx = ptd->hmac_ctx;
321 ASSERT (tr->type == IKEV2_TRANSFORM_TYPE_INTEG);
323 r = vec_new (u8, tr->key_len);
325 if (tr->md == EVP_sha1 ())
327 ikev2_elog_debug ("integrity checking with sha1");
329 else if (tr->md == EVP_sha256 ())
331 ikev2_elog_debug ("integrity checking with sha256");
334 /* verify integrity of data */
335 HMAC_Init_ex (ctx, key, vec_len (key), tr->md, NULL);
336 HMAC_Update (ctx, (const u8 *) data, len);
337 HMAC_Final (ctx, r, &l);
338 ASSERT (l == tr->key_len);
343 static_always_inline void
344 ikev2_init_gcm_nonce (u8 * nonce, u8 * salt, u8 * iv)
346 clib_memcpy (nonce, salt, IKEV2_GCM_SALT_SIZE);
347 clib_memcpy (nonce + IKEV2_GCM_SALT_SIZE, iv, IKEV2_GCM_IV_SIZE);
351 ikev2_decrypt_aead_data (ikev2_main_per_thread_data_t * ptd, ikev2_sa_t * sa,
352 ikev2_sa_transform_t * tr_encr, u8 * data,
353 int data_len, u8 * aad, u32 aad_len, u8 * tag,
356 EVP_CIPHER_CTX *ctx = ptd->evp_ctx;
358 u8 *key = sa->is_initiator ? sa->sk_er : sa->sk_ei;
359 u8 nonce[IKEV2_GCM_NONCE_SIZE];
361 if (data_len <= IKEV2_GCM_IV_SIZE)
365 /* extract salt from the end of the key */
366 u8 *salt = key + vec_len (key) - IKEV2_GCM_SALT_SIZE;
367 ikev2_init_gcm_nonce (nonce, salt, data);
369 data += IKEV2_GCM_IV_SIZE;
370 data_len -= IKEV2_GCM_IV_SIZE;
372 EVP_DecryptInit_ex (ctx, tr_encr->cipher, 0, 0, 0);
373 EVP_CIPHER_CTX_ctrl (ctx, EVP_CTRL_GCM_SET_IVLEN, 12, 0);
374 EVP_DecryptInit_ex (ctx, 0, 0, key, nonce);
375 EVP_DecryptUpdate (ctx, 0, &len, aad, aad_len);
376 EVP_DecryptUpdate (ctx, data, &len, data, data_len);
377 EVP_CIPHER_CTX_ctrl (ctx, EVP_CTRL_GCM_SET_TAG, IKEV2_GCM_ICV_SIZE, tag);
379 if (EVP_DecryptFinal_ex (ctx, data + len, &len) > 0)
381 *out_len = data_len - data[data_len - 1] - 1;
389 ikev2_decrypt_data (ikev2_main_per_thread_data_t * ptd, ikev2_sa_t * sa,
390 ikev2_sa_transform_t * tr_encr, u8 * data, int len,
393 EVP_CIPHER_CTX *ctx = ptd->evp_ctx;
394 int tmp_len = 0, block_size;
395 u8 *key = sa->is_initiator ? sa->sk_er : sa->sk_ei;
396 block_size = tr_encr->block_size;
399 /* check if data is multiplier of cipher block size */
400 if (len % block_size)
402 ikev2_elog_error ("wrong data length");
408 EVP_DecryptInit_ex (ctx, tr_encr->cipher, NULL, key, iv);
409 EVP_CIPHER_CTX_set_padding (ctx, 0);
410 EVP_DecryptUpdate (ctx, data, &tmp_len, data, len);
412 if (EVP_DecryptFinal_ex (ctx, data + tmp_len, &tmp_len) > 0)
414 *out_len = len - data[len - 1] - 1;
422 ikev2_encrypt_aead_data (ikev2_main_per_thread_data_t * ptd, ikev2_sa_t * sa,
423 ikev2_sa_transform_t * tr_encr,
424 v8 * src, u8 * dst, u8 * aad, u32 aad_len, u8 * tag)
426 EVP_CIPHER_CTX *ctx = ptd->evp_ctx;
427 int out_len = 0, len = 0;
428 u8 nonce[IKEV2_GCM_NONCE_SIZE];
429 u8 *key = sa->is_initiator ? sa->sk_ei : sa->sk_er;
433 /* generate IV; its length must be 8 octets for aes-gcm (rfc5282) */
434 RAND_bytes (dst, IKEV2_GCM_IV_SIZE);
435 ikev2_init_gcm_nonce (nonce, key + vec_len (key) - IKEV2_GCM_SALT_SIZE,
437 dst += IKEV2_GCM_IV_SIZE;
439 EVP_EncryptInit_ex (ctx, tr_encr->cipher, 0, 0, 0);
440 EVP_CIPHER_CTX_ctrl (ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL);
441 EVP_EncryptInit_ex (ctx, 0, 0, key, nonce);
442 EVP_EncryptUpdate (ctx, NULL, &out_len, aad, aad_len);
443 EVP_EncryptUpdate (ctx, dst, &out_len, src, vec_len (src));
444 EVP_EncryptFinal_ex (ctx, dst + out_len, &len);
445 EVP_CIPHER_CTX_ctrl (ctx, EVP_CTRL_GCM_GET_TAG, 16, tag);
447 ASSERT (vec_len (src) == out_len);
449 return out_len + IKEV2_GCM_IV_SIZE;
453 ikev2_encrypt_data (ikev2_main_per_thread_data_t * ptd, ikev2_sa_t * sa,
454 ikev2_sa_transform_t * tr_encr, v8 * src, u8 * dst)
456 EVP_CIPHER_CTX *ctx = ptd->evp_ctx;
457 int out_len = 0, len = 0;
458 int bs = tr_encr->block_size;
459 u8 *key = sa->is_initiator ? sa->sk_ei : sa->sk_er;
468 EVP_EncryptInit_ex (ctx, tr_encr->cipher, NULL, key, iv);
469 /* disable padding as pad data were added before */
470 EVP_CIPHER_CTX_set_padding (ctx, 0);
471 EVP_EncryptUpdate (ctx, dst, &out_len, src, vec_len (src));
472 EVP_EncryptFinal_ex (ctx, dst + out_len, &len);
475 ASSERT (vec_len (src) == out_len);
482 BN_bn2binpad (const BIGNUM * a, unsigned char *to, int tolen)
484 int r = BN_bn2bin (a, to);
489 vec_insert (to, pad, 0);
490 clib_memset (to, 0, pad);
491 _vec_len (to) -= pad;
498 ikev2_generate_dh (ikev2_sa_t * sa, ikev2_sa_transform_t * t)
502 if (t->dh_group == IKEV2_DH_GROUP_MODP)
505 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
508 const BIGNUM *pub_key, *priv_key;
510 BN_hex2bn (&p, t->dh_p);
511 BN_hex2bn (&g, t->dh_g);
512 DH_set0_pqg (dh, p, NULL, g);
514 BN_hex2bn (&dh->p, t->dh_p);
515 BN_hex2bn (&dh->g, t->dh_g);
517 DH_generate_key (dh);
519 if (sa->is_initiator)
521 sa->i_dh_data = vec_new (u8, t->key_len);
522 sa->dh_private_key = vec_new (u8, t->key_len);
523 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
524 DH_get0_key (dh, &pub_key, &priv_key);
525 r = BN_bn2binpad (pub_key, sa->i_dh_data, t->key_len);
526 ASSERT (r == t->key_len);
527 r = BN_bn2binpad (priv_key, sa->dh_private_key, t->key_len);
529 r = BN_bn2binpad (dh->pub_key, sa->i_dh_data, t->key_len);
530 ASSERT (r == t->key_len);
531 r = BN_bn2binpad (dh->priv_key, sa->dh_private_key, t->key_len);
533 ASSERT (r == t->key_len);
537 sa->r_dh_data = vec_new (u8, t->key_len);
538 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
539 DH_get0_key (dh, &pub_key, &priv_key);
540 r = BN_bn2binpad (pub_key, sa->r_dh_data, t->key_len);
542 r = BN_bn2binpad (dh->pub_key, sa->r_dh_data, t->key_len);
544 ASSERT (r == t->key_len);
547 sa->dh_shared_key = vec_new (u8, t->key_len);
548 ex = BN_bin2bn (sa->i_dh_data, vec_len (sa->i_dh_data), NULL);
549 r = DH_compute_key (sa->dh_shared_key, ex, dh);
550 ASSERT (t->key_len >= r);
551 int pad = t->key_len - r;
554 vec_insert (sa->dh_shared_key, pad, 0);
555 clib_memset (sa->dh_shared_key, 0, pad);
556 _vec_len (sa->dh_shared_key) -= pad;
562 else if (t->dh_group == IKEV2_DH_GROUP_ECP)
564 EC_KEY *ec = EC_KEY_new_by_curve_name (t->nid);
567 EC_KEY_generate_key (ec);
569 const EC_POINT *r_point = EC_KEY_get0_public_key (ec);
570 const EC_GROUP *group = EC_KEY_get0_group (ec);
571 BIGNUM *x = NULL, *y = NULL;
572 BN_CTX *bn_ctx = BN_CTX_new ();
573 u16 x_off, y_off, len;
574 EC_POINT *i_point = EC_POINT_new (group);
575 EC_POINT *shared_point = EC_POINT_new (group);
579 len = t->key_len / 2;
581 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
582 EC_POINT_get_affine_coordinates (group, r_point, x, y, bn_ctx);
584 EC_POINT_get_affine_coordinates_GFp (group, r_point, x, y, bn_ctx);
587 if (sa->is_initiator)
589 sa->i_dh_data = vec_new (u8, t->key_len);
590 x_off = len - BN_num_bytes (x);
591 clib_memset (sa->i_dh_data, 0, x_off);
592 BN_bn2bin (x, sa->i_dh_data + x_off);
593 y_off = t->key_len - BN_num_bytes (y);
594 clib_memset (sa->i_dh_data + len, 0, y_off - len);
595 BN_bn2bin (y, sa->i_dh_data + y_off);
597 const BIGNUM *prv = EC_KEY_get0_private_key (ec);
598 sa->dh_private_key = vec_new (u8, BN_num_bytes (prv));
599 r = BN_bn2bin (prv, sa->dh_private_key);
600 ASSERT (r == BN_num_bytes (prv));
604 sa->r_dh_data = vec_new (u8, t->key_len);
605 x_off = len - BN_num_bytes (x);
606 clib_memset (sa->r_dh_data, 0, x_off);
607 BN_bn2bin (x, sa->r_dh_data + x_off);
608 y_off = t->key_len - BN_num_bytes (y);
609 clib_memset (sa->r_dh_data + len, 0, y_off - len);
610 BN_bn2bin (y, sa->r_dh_data + y_off);
612 x = BN_bin2bn (sa->i_dh_data, len, x);
613 y = BN_bin2bn (sa->i_dh_data + len, len, y);
614 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
615 EC_POINT_set_affine_coordinates (group, i_point, x, y, bn_ctx);
617 EC_POINT_set_affine_coordinates_GFp (group, i_point, x, y, bn_ctx);
619 sa->dh_shared_key = vec_new (u8, t->key_len);
620 EC_POINT_mul (group, shared_point, NULL, i_point,
621 EC_KEY_get0_private_key (ec), NULL);
622 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
623 EC_POINT_get_affine_coordinates (group, shared_point, x, y, bn_ctx);
625 EC_POINT_get_affine_coordinates_GFp (group, shared_point, x, y,
628 x_off = len - BN_num_bytes (x);
629 clib_memset (sa->dh_shared_key, 0, x_off);
630 BN_bn2bin (x, sa->dh_shared_key + x_off);
631 y_off = t->key_len - BN_num_bytes (y);
632 clib_memset (sa->dh_shared_key + len, 0, y_off - len);
633 BN_bn2bin (y, sa->dh_shared_key + y_off);
639 BN_CTX_free (bn_ctx);
640 EC_POINT_free (i_point);
641 EC_POINT_free (shared_point);
646 ikev2_complete_dh (ikev2_sa_t * sa, ikev2_sa_transform_t * t)
650 if (t->dh_group == IKEV2_DH_GROUP_MODP)
653 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
658 BN_hex2bn (&p, t->dh_p);
659 BN_hex2bn (&g, t->dh_g);
660 DH_set0_pqg (dh, p, NULL, g);
663 BN_bin2bn (sa->dh_private_key, vec_len (sa->dh_private_key), NULL);
664 DH_set0_key (dh, NULL, priv_key);
666 BN_hex2bn (&dh->p, t->dh_p);
667 BN_hex2bn (&dh->g, t->dh_g);
670 BN_bin2bn (sa->dh_private_key, vec_len (sa->dh_private_key), NULL);
673 sa->dh_shared_key = vec_new (u8, t->key_len);
674 ex = BN_bin2bn (sa->r_dh_data, vec_len (sa->r_dh_data), NULL);
675 r = DH_compute_key (sa->dh_shared_key, ex, dh);
676 ASSERT (t->key_len >= r);
677 int pad = t->key_len - r;
680 vec_insert (sa->dh_shared_key, pad, 0);
681 clib_memset (sa->dh_shared_key, 0, pad);
682 _vec_len (sa->dh_shared_key) -= pad;
687 else if (t->dh_group == IKEV2_DH_GROUP_ECP)
689 EC_KEY *ec = EC_KEY_new_by_curve_name (t->nid);
692 const EC_GROUP *group = EC_KEY_get0_group (ec);
693 BIGNUM *x = NULL, *y = NULL;
694 BN_CTX *bn_ctx = BN_CTX_new ();
695 u16 x_off, y_off, len;
699 BN_bin2bn (sa->dh_private_key, vec_len (sa->dh_private_key), NULL);
700 EC_KEY_set_private_key (ec, prv);
704 len = t->key_len / 2;
706 x = BN_bin2bn (sa->r_dh_data, len, x);
707 y = BN_bin2bn (sa->r_dh_data + len, len, y);
708 EC_POINT *r_point = EC_POINT_new (group);
709 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
710 EC_POINT_set_affine_coordinates (group, r_point, x, y, bn_ctx);
712 EC_POINT_set_affine_coordinates_GFp (group, r_point, x, y, bn_ctx);
714 EC_KEY_set_public_key (ec, r_point);
716 EC_POINT *i_point = EC_POINT_new (group);
717 EC_POINT *shared_point = EC_POINT_new (group);
719 x = BN_bin2bn (sa->i_dh_data, len, x);
720 y = BN_bin2bn (sa->i_dh_data + len, len, y);
721 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
722 EC_POINT_set_affine_coordinates (group, i_point, x, y, bn_ctx);
724 EC_POINT_set_affine_coordinates_GFp (group, i_point, x, y, bn_ctx);
726 EC_POINT_mul (group, shared_point, NULL, r_point,
727 EC_KEY_get0_private_key (ec), NULL);
728 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
729 EC_POINT_get_affine_coordinates (group, shared_point, x, y, bn_ctx);
731 EC_POINT_get_affine_coordinates_GFp (group, shared_point, x, y, bn_ctx);
733 sa->dh_shared_key = vec_new (u8, t->key_len);
734 x_off = len - BN_num_bytes (x);
735 clib_memset (sa->dh_shared_key, 0, x_off);
736 BN_bn2bin (x, sa->dh_shared_key + x_off);
737 y_off = t->key_len - BN_num_bytes (y);
738 clib_memset (sa->dh_shared_key + len, 0, y_off - len);
739 BN_bn2bin (y, sa->dh_shared_key + y_off);
745 BN_CTX_free (bn_ctx);
746 EC_POINT_free (i_point);
747 EC_POINT_free (r_point);
748 EC_POINT_free (shared_point);
753 ikev2_verify_sign (EVP_PKEY * pkey, u8 * sigbuf, u8 * data)
756 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
757 EVP_MD_CTX *md_ctx = EVP_MD_CTX_new ();
760 EVP_MD_CTX_init (&md_ctx);
763 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
764 EVP_VerifyInit (md_ctx, EVP_sha1 ());
765 EVP_VerifyUpdate (md_ctx, data, vec_len (data));
767 EVP_VerifyInit_ex (&md_ctx, EVP_sha1 (), NULL);
768 EVP_VerifyUpdate (&md_ctx, data, vec_len (data));
771 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
772 verify = EVP_VerifyFinal (md_ctx, sigbuf, vec_len (sigbuf), pkey);
773 EVP_MD_CTX_free (md_ctx);
775 verify = EVP_VerifyFinal (&md_ctx, sigbuf, vec_len (sigbuf), pkey);
776 EVP_MD_CTX_cleanup (&md_ctx);
782 ikev2_calc_sign (EVP_PKEY * pkey, u8 * data)
784 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
785 EVP_MD_CTX *md_ctx = EVP_MD_CTX_new ();
788 EVP_MD_CTX_init (&md_ctx);
790 unsigned int sig_len = 0;
793 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
794 EVP_SignInit (md_ctx, EVP_sha1 ());
795 EVP_SignUpdate (md_ctx, data, vec_len (data));
797 EVP_SignFinal (md_ctx, NULL, &sig_len, pkey);
798 sign = vec_new (u8, sig_len);
800 EVP_SignFinal (md_ctx, sign, &sig_len, pkey);
801 EVP_MD_CTX_free (md_ctx);
803 EVP_SignInit (&md_ctx, EVP_sha1 ());
804 EVP_SignUpdate (&md_ctx, data, vec_len (data));
806 EVP_SignFinal (&md_ctx, NULL, &sig_len, pkey);
807 sign = vec_new (u8, sig_len);
809 EVP_SignFinal (&md_ctx, sign, &sig_len, pkey);
810 EVP_MD_CTX_cleanup (&md_ctx);
816 ikev2_load_cert_file (u8 * file)
820 EVP_PKEY *pkey = NULL;
822 fp = fopen ((char *) file, "r");
825 ikev2_log_error ("open %s failed", file);
829 x509 = PEM_read_X509 (fp, NULL, NULL, NULL);
833 ikev2_log_error ("read cert %s failed", file);
837 pkey = X509_get_pubkey (x509);
840 ikev2_log_error ("get pubkey %s failed", file);
847 ikev2_load_key_file (u8 * file)
850 EVP_PKEY *pkey = NULL;
852 fp = fopen ((char *) file, "r");
855 ikev2_log_error ("open %s failed", file);
859 pkey = PEM_read_PrivateKey (fp, NULL, NULL, NULL);
862 ikev2_log_error ("read %s failed", file);
869 ikev2_crypto_init (ikev2_main_t * km)
871 ikev2_sa_transform_t *tr;
873 /* vector of supported transforms - in order of preference */
877 vec_add2 (km->supported_transforms, tr, 1);
878 tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
879 tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
880 tr->key_len = 256 / 8;
881 tr->block_size = 128 / 8;
882 tr->cipher = EVP_aes_256_cbc ();
884 vec_add2 (km->supported_transforms, tr, 1);
885 tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
886 tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
887 tr->key_len = 192 / 8;
888 tr->block_size = 128 / 8;
889 tr->cipher = EVP_aes_192_cbc ();
891 vec_add2 (km->supported_transforms, tr, 1);
892 tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
893 tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
894 tr->key_len = 128 / 8;
895 tr->block_size = 128 / 8;
896 tr->cipher = EVP_aes_128_cbc ();
898 vec_add2 (km->supported_transforms, tr, 1);
899 tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
900 tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_GCM_16;
901 tr->key_len = 256 / 8;
902 tr->block_size = 128 / 8;
903 tr->cipher = EVP_aes_256_gcm ();
905 vec_add2 (km->supported_transforms, tr, 1);
906 tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
907 tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_GCM_16;
908 tr->key_len = 192 / 8;
909 tr->block_size = 128 / 8;
910 tr->cipher = EVP_aes_192_gcm ();
912 vec_add2 (km->supported_transforms, tr, 1);
913 tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
914 tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_GCM_16;
915 tr->key_len = 128 / 8;
916 tr->block_size = 128 / 8;
917 tr->cipher = EVP_aes_128_gcm ();
920 vec_add2 (km->supported_transforms, tr, 1);
921 tr->type = IKEV2_TRANSFORM_TYPE_PRF;
922 tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA2_256;
923 tr->key_len = 256 / 8;
924 tr->key_trunc = 256 / 8;
925 tr->md = EVP_sha256 ();
927 vec_add2 (km->supported_transforms, tr, 1);
928 tr->type = IKEV2_TRANSFORM_TYPE_PRF;
929 tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA2_384;
930 tr->key_len = 384 / 8;
931 tr->key_trunc = 384 / 8;
932 tr->md = EVP_sha384 ();
934 vec_add2 (km->supported_transforms, tr, 1);
935 tr->type = IKEV2_TRANSFORM_TYPE_PRF;
936 tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA2_512;
937 tr->key_len = 512 / 8;
938 tr->key_trunc = 512 / 8;
939 tr->md = EVP_sha512 ();
941 vec_add2 (km->supported_transforms, tr, 1);
942 tr->type = IKEV2_TRANSFORM_TYPE_PRF;
943 tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA1;
944 tr->key_len = 160 / 8;
945 tr->key_trunc = 160 / 8;
946 tr->md = EVP_sha1 ();
949 vec_add2 (km->supported_transforms, tr, 1);
950 tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
951 tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA2_256_128;
952 tr->key_len = 256 / 8;
953 tr->key_trunc = 128 / 8;
954 tr->md = EVP_sha256 ();
956 vec_add2 (km->supported_transforms, tr, 1);
957 tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
958 tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA2_384_192;
959 tr->key_len = 384 / 8;
960 tr->key_trunc = 192 / 8;
961 tr->md = EVP_sha384 ();
963 vec_add2 (km->supported_transforms, tr, 1);
964 tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
965 tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA2_512_256;
966 tr->key_len = 512 / 8;
967 tr->key_trunc = 256 / 8;
968 tr->md = EVP_sha512 ();
970 vec_add2 (km->supported_transforms, tr, 1);
971 tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
972 tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA1_160;
973 tr->key_len = 160 / 8;
974 tr->key_trunc = 160 / 8;
975 tr->md = EVP_sha1 ();
977 vec_add2 (km->supported_transforms, tr, 1);
978 tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
979 tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA1_96;
980 tr->key_len = 160 / 8;
981 tr->key_trunc = 96 / 8;
982 tr->md = EVP_sha1 ();
985 #if defined(OPENSSL_NO_CISCO_FECDH)
986 vec_add2 (km->supported_transforms, tr, 1);
987 tr->type = IKEV2_TRANSFORM_TYPE_DH;
988 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_512;
989 tr->key_len = (512 * 2) / 8;
990 tr->nid = NID_brainpoolP512r1;
991 tr->dh_group = IKEV2_DH_GROUP_ECP;
993 vec_add2 (km->supported_transforms, tr, 1);
994 tr->type = IKEV2_TRANSFORM_TYPE_DH;
995 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_384;
996 tr->key_len = (384 * 2) / 8;
997 tr->nid = NID_brainpoolP384r1;
998 tr->dh_group = IKEV2_DH_GROUP_ECP;
1000 vec_add2 (km->supported_transforms, tr, 1);
1001 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1002 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_256;
1003 tr->key_len = (256 * 2) / 8;
1004 tr->nid = NID_brainpoolP256r1;
1005 tr->dh_group = IKEV2_DH_GROUP_ECP;
1007 vec_add2 (km->supported_transforms, tr, 1);
1008 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1009 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_224;
1010 tr->key_len = (224 * 2) / 8;
1011 tr->nid = NID_brainpoolP224r1;
1012 tr->dh_group = IKEV2_DH_GROUP_ECP;
1014 vec_add2 (km->supported_transforms, tr, 1);
1015 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1016 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_224;
1017 tr->key_len = (224 * 2) / 8;
1018 tr->nid = NID_secp224r1;
1019 tr->dh_group = IKEV2_DH_GROUP_ECP;
1022 vec_add2 (km->supported_transforms, tr, 1);
1023 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1024 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_521;
1025 tr->key_len = (528 * 2) / 8;
1026 tr->nid = NID_secp521r1;
1027 tr->dh_group = IKEV2_DH_GROUP_ECP;
1029 vec_add2 (km->supported_transforms, tr, 1);
1030 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1031 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_384;
1032 tr->key_len = (384 * 2) / 8;
1033 tr->nid = NID_secp384r1;
1034 tr->dh_group = IKEV2_DH_GROUP_ECP;
1036 vec_add2 (km->supported_transforms, tr, 1);
1037 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1038 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_256;
1039 tr->key_len = (256 * 2) / 8;
1040 tr->nid = NID_X9_62_prime256v1;
1041 tr->dh_group = IKEV2_DH_GROUP_ECP;
1043 vec_add2 (km->supported_transforms, tr, 1);
1044 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1045 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_192;
1046 tr->key_len = (192 * 2) / 8;
1047 tr->nid = NID_X9_62_prime192v1;
1048 tr->dh_group = IKEV2_DH_GROUP_ECP;
1050 vec_add2 (km->supported_transforms, tr, 1);
1051 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1052 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048_256;
1053 tr->key_len = 2048 / 8;
1054 tr->dh_p = (const char *) &modp_dh_2048_256_prime;
1055 tr->dh_g = (const char *) &modp_dh_2048_256_generator;
1056 tr->dh_group = IKEV2_DH_GROUP_MODP;
1058 vec_add2 (km->supported_transforms, tr, 1);
1059 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1060 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048_224;
1061 tr->key_len = 2048 / 8;
1062 tr->dh_p = (const char *) &modp_dh_2048_224_prime;
1063 tr->dh_g = (const char *) &modp_dh_2048_224_generator;
1064 tr->dh_group = IKEV2_DH_GROUP_MODP;
1066 vec_add2 (km->supported_transforms, tr, 1);
1067 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1068 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1024_160;
1069 tr->key_len = 1024 / 8;
1070 tr->dh_p = (const char *) &modp_dh_1024_160_prime;
1071 tr->dh_g = (const char *) &modp_dh_1024_160_generator;
1072 tr->dh_group = IKEV2_DH_GROUP_MODP;
1074 vec_add2 (km->supported_transforms, tr, 1);
1075 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1076 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_8192;
1077 tr->key_len = 8192 / 8;
1078 tr->dh_p = (const char *) &modp_dh_8192_prime;
1079 tr->dh_g = (const char *) &modp_dh_8192_generator;
1080 tr->dh_group = IKEV2_DH_GROUP_MODP;
1082 vec_add2 (km->supported_transforms, tr, 1);
1083 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1084 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_6144;
1085 tr->key_len = 6144 / 8;
1086 tr->dh_p = (const char *) &modp_dh_6144_prime;
1087 tr->dh_g = (const char *) &modp_dh_6144_generator;
1088 tr->dh_group = IKEV2_DH_GROUP_MODP;
1090 vec_add2 (km->supported_transforms, tr, 1);
1091 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1092 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_4096;
1093 tr->key_len = 4096 / 8;
1094 tr->dh_p = (const char *) &modp_dh_4096_prime;
1095 tr->dh_g = (const char *) &modp_dh_4096_generator;
1096 tr->dh_group = IKEV2_DH_GROUP_MODP;
1098 vec_add2 (km->supported_transforms, tr, 1);
1099 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1100 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_3072;
1101 tr->key_len = 3072 / 8;
1102 tr->dh_p = (const char *) &modp_dh_3072_prime;
1103 tr->dh_g = (const char *) &modp_dh_3072_generator;
1104 tr->dh_group = IKEV2_DH_GROUP_MODP;
1106 vec_add2 (km->supported_transforms, tr, 1);
1107 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1108 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048;
1109 tr->key_len = 2048 / 8;
1110 tr->dh_p = (const char *) &modp_dh_2048_prime;
1111 tr->dh_g = (const char *) &modp_dh_2048_generator;
1112 tr->dh_group = IKEV2_DH_GROUP_MODP;
1114 vec_add2 (km->supported_transforms, tr, 1);
1115 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1116 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1536;
1117 tr->key_len = 1536 / 8;
1118 tr->dh_p = (const char *) &modp_dh_1536_prime;
1119 tr->dh_g = (const char *) &modp_dh_1536_generator;
1120 tr->dh_group = IKEV2_DH_GROUP_MODP;
1122 vec_add2 (km->supported_transforms, tr, 1);
1123 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1124 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1024;
1125 tr->key_len = 1024 / 8;
1126 tr->dh_p = (const char *) &modp_dh_1024_prime;
1127 tr->dh_g = (const char *) &modp_dh_1024_generator;
1128 tr->dh_group = IKEV2_DH_GROUP_MODP;
1130 vec_add2 (km->supported_transforms, tr, 1);
1131 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1132 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_768;
1133 tr->key_len = 768 / 8;
1134 tr->dh_p = (const char *) &modp_dh_768_prime;
1135 tr->dh_g = (const char *) &modp_dh_768_generator;
1136 tr->dh_group = IKEV2_DH_GROUP_MODP;
1138 vec_add2 (km->supported_transforms, tr, 1);
1139 tr->type = IKEV2_TRANSFORM_TYPE_ESN;
1140 tr->esn_type = IKEV2_TRANSFORM_ESN_TYPE_ESN;
1142 vec_add2 (km->supported_transforms, tr, 1);
1143 tr->type = IKEV2_TRANSFORM_TYPE_ESN;
1144 tr->esn_type = IKEV2_TRANSFORM_ESN_TYPE_NO_ESN;
1150 * fd.io coding-style-patch-verification: ON
1153 * eval: (c-set-style "gnu")