2 * Copyright (c) 2015 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
16 #include <vlib/vlib.h>
17 #include <vnet/vnet.h>
18 #include <vnet/pg/pg.h>
19 #include <vppinfra/error.h>
20 #include <vnet/udp/udp.h>
21 #include <plugins/ikev2/ikev2.h>
22 #include <plugins/ikev2/ikev2_priv.h>
23 #include <openssl/obj_mac.h>
24 #include <openssl/ec.h>
25 #include <openssl/x509.h>
26 #include <openssl/pem.h>
27 #include <openssl/bn.h>
28 #include <openssl/dh.h>
31 static const char modp_dh_768_prime[] =
32 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
33 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
34 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
35 "E485B576625E7EC6F44C42E9A63A3620FFFFFFFFFFFFFFFF";
36 static const char modp_dh_768_generator[] = "02";
38 static const char modp_dh_1024_prime[] =
39 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
40 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
41 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
42 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
43 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381" "FFFFFFFFFFFFFFFF";
44 static const char modp_dh_1024_generator[] = "02";
47 static const char modp_dh_1536_prime[] =
48 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
49 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
50 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
51 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
52 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
53 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
54 "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
55 "670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF";
56 static const char modp_dh_1536_generator[] = "02";
58 static const char modp_dh_2048_prime[] =
59 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
60 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
61 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
62 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
63 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
64 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
65 "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
66 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
67 "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
68 "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
69 "15728E5A8AACAA68FFFFFFFFFFFFFFFF";
70 static const char modp_dh_2048_generator[] = "02";
72 static const char modp_dh_3072_prime[] =
73 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
74 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
75 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
76 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
77 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
78 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
79 "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
80 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
81 "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
82 "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
83 "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
84 "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
85 "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
86 "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
87 "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
88 "43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF";
89 static const char modp_dh_3072_generator[] = "02";
91 static const char modp_dh_4096_prime[] =
92 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
93 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
94 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
95 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
96 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
97 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
98 "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
99 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
100 "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
101 "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
102 "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
103 "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
104 "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
105 "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
106 "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
107 "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7"
108 "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA"
109 "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6"
110 "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED"
111 "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9"
112 "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199" "FFFFFFFFFFFFFFFF";
113 static const char modp_dh_4096_generator[] = "02";
115 static const char modp_dh_6144_prime[] =
116 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E08"
117 "8A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B"
118 "302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9"
119 "A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE6"
120 "49286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8"
121 "FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D"
122 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C"
123 "180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF695581718"
124 "3995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D"
125 "04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7D"
126 "B3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D226"
127 "1AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
128 "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFC"
129 "E0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B26"
130 "99C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB"
131 "04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2"
132 "233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127"
133 "D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492"
134 "36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406"
135 "AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918"
136 "DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B33205151"
137 "2BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03"
138 "F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97F"
139 "BEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA"
140 "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58B"
141 "B7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632"
142 "387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E"
143 "6DCC4024FFFFFFFFFFFFFFFF";
144 static const char modp_dh_6144_generator[] = "02";
146 static const char modp_dh_8192_prime[] =
147 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
148 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
149 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
150 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
151 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
152 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
153 "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
154 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
155 "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
156 "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
157 "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
158 "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
159 "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
160 "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
161 "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
162 "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7"
163 "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA"
164 "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6"
165 "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED"
166 "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9"
167 "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492"
168 "36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BD"
169 "F8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831"
170 "179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1B"
171 "DB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF"
172 "5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6"
173 "D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F3"
174 "23A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA"
175 "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE328"
176 "06A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55C"
177 "DA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE"
178 "12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E4"
179 "38777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300"
180 "741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F568"
181 "3423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD9"
182 "22222E04A4037C0713EB57A81A23F0C73473FC646CEA306B"
183 "4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A"
184 "062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A36"
185 "4597E899A0255DC164F31CC50846851DF9AB48195DED7EA1"
186 "B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F92"
187 "4009438B481C6CD7889A002ED5EE382BC9190DA6FC026E47"
188 "9558E4475677E9AA9E3050E2765694DFC81F56E880B96E71"
189 "60C980DD98EDD3DFFFFFFFFFFFFFFFFF";
190 static const char modp_dh_8192_generator[] = "02";
193 static const char modp_dh_1024_160_prime[] =
194 "B10B8F96A080E01DDE92DE5EAE5D54EC52C99FBCFB06A3C6"
195 "9A6A9DCA52D23B616073E28675A23D189838EF1E2EE652C0"
196 "13ECB4AEA906112324975C3CD49B83BFACCBDD7D90C4BD70"
197 "98488E9C219A73724EFFD6FAE5644738FAA31A4FF55BCCC0"
198 "A151AF5F0DC8B4BD45BF37DF365C1A65E68CFDA76D4DA708" "DF1FB2BC2E4A4371";
199 static const char modp_dh_1024_160_generator[] =
200 "A4D1CBD5C3FD34126765A442EFB99905F8104DD258AC507F"
201 "D6406CFF14266D31266FEA1E5C41564B777E690F5504F213"
202 "160217B4B01B886A5E91547F9E2749F4D7FBD7D3B9A92EE1"
203 "909D0D2263F80A76A6A24C087A091F531DBF0A0169B6A28A"
204 "D662A4D18E73AFA32D779D5918D08BC8858F4DCEF97C2A24" "855E6EEB22B3B2E5";
206 static const char modp_dh_2048_224_prime[] =
207 "AD107E1E9123A9D0D660FAA79559C51FA20D64E5683B9FD1"
208 "B54B1597B61D0A75E6FA141DF95A56DBAF9A3C407BA1DF15"
209 "EB3D688A309C180E1DE6B85A1274A0A66D3F8152AD6AC212"
210 "9037C9EDEFDA4DF8D91E8FEF55B7394B7AD5B7D0B6C12207"
211 "C9F98D11ED34DBF6C6BA0B2C8BBC27BE6A00E0A0B9C49708"
212 "B3BF8A317091883681286130BC8985DB1602E714415D9330"
213 "278273C7DE31EFDC7310F7121FD5A07415987D9ADC0A486D"
214 "CDF93ACC44328387315D75E198C641A480CD86A1B9E587E8"
215 "BE60E69CC928B2B9C52172E413042E9B23F10B0E16E79763"
216 "C9B53DCF4BA80A29E3FB73C16B8E75B97EF363E2FFA31F71"
217 "CF9DE5384E71B81C0AC4DFFE0C10E64F";
218 static const char modp_dh_2048_224_generator[] =
219 "AC4032EF4F2D9AE39DF30B5C8FFDAC506CDEBE7B89998CAF"
220 "74866A08CFE4FFE3A6824A4E10B9A6F0DD921F01A70C4AFA"
221 "AB739D7700C29F52C57DB17C620A8652BE5E9001A8D66AD7"
222 "C17669101999024AF4D027275AC1348BB8A762D0521BC98A"
223 "E247150422EA1ED409939D54DA7460CDB5F6C6B250717CBE"
224 "F180EB34118E98D119529A45D6F834566E3025E316A330EF"
225 "BB77A86F0C1AB15B051AE3D428C8F8ACB70A8137150B8EEB"
226 "10E183EDD19963DDD9E263E4770589EF6AA21E7F5F2FF381"
227 "B539CCE3409D13CD566AFBB48D6C019181E1BCFE94B30269"
228 "EDFE72FE9B6AA4BD7B5A0F1C71CFFF4C19C418E1F6EC0179"
229 "81BC087F2A7065B384B890D3191F2BFA";
231 static const char modp_dh_2048_256_prime[] =
232 "87A8E61DB4B6663CFFBBD19C651959998CEEF608660DD0F2"
233 "5D2CEED4435E3B00E00DF8F1D61957D4FAF7DF4561B2AA30"
234 "16C3D91134096FAA3BF4296D830E9A7C209E0C6497517ABD"
235 "5A8A9D306BCF67ED91F9E6725B4758C022E0B1EF4275BF7B"
236 "6C5BFC11D45F9088B941F54EB1E59BB8BC39A0BF12307F5C"
237 "4FDB70C581B23F76B63ACAE1CAA6B7902D52526735488A0E"
238 "F13C6D9A51BFA4AB3AD8347796524D8EF6A167B5A41825D9"
239 "67E144E5140564251CCACB83E6B486F6B3CA3F7971506026"
240 "C0B857F689962856DED4010ABD0BE621C3A3960A54E710C3"
241 "75F26375D7014103A4B54330C198AF126116D2276E11715F"
242 "693877FAD7EF09CADB094AE91E1A1597";
243 static const char modp_dh_2048_256_generator[] =
244 "3FB32C9B73134D0B2E77506660EDBD484CA7B18F21EF2054"
245 "07F4793A1A0BA12510DBC15077BE463FFF4FED4AAC0BB555"
246 "BE3A6C1B0C6B47B1BC3773BF7E8C6F62901228F8C28CBB18"
247 "A55AE31341000A650196F931C77A57F2DDF463E5E9EC144B"
248 "777DE62AAAB8A8628AC376D282D6ED3864E67982428EBC83"
249 "1D14348F6F2F9193B5045AF2767164E1DFC967C1FB3F2E55"
250 "A4BD1BFFE83B9C80D052B985D182EA0ADB2A3B7313D3FE14"
251 "C8484B1E052588B9B7D2BBD2DF016199ECD06E1557CD0915"
252 "B3353BBB64E0EC377FD028370DF92B52C7891428CDC67EB6"
253 "184B523D1DB246C32F63078490F00EF8D647D148D4795451"
254 "5E2327CFEF98C582664B4C0F6CC41659";
257 ikev2_calc_prf (ikev2_sa_transform_t * tr, v8 * key, v8 * data)
259 ikev2_main_per_thread_data_t *ptd = ikev2_get_per_thread_data ();
260 HMAC_CTX *ctx = ptd->hmac_ctx;
262 unsigned int len = 0;
264 prf = vec_new (u8, tr->key_trunc);
265 HMAC_Init_ex (ctx, key, vec_len (key), tr->md, NULL);
266 HMAC_Update (ctx, data, vec_len (data));
267 HMAC_Final (ctx, prf, &len);
268 ASSERT (len == tr->key_trunc);
274 ikev2_calc_prfplus (ikev2_sa_transform_t * tr, u8 * key, u8 * seed, int len)
276 v8 *t = 0, *s = 0, *tmp = 0, *ret = 0;
279 /* prf+ (K,S) = T1 | T2 | T3 | T4 | ...
282 T1 = prf (K, S | 0x01)
283 T2 = prf (K, T1 | S | 0x02)
284 T3 = prf (K, T2 | S | 0x03)
285 T4 = prf (K, T3 | S | 0x04)
288 while (vec_len (ret) < len && x < 255)
296 vec_append (s, seed);
297 vec_add2 (s, tmp, 1);
299 t = ikev2_calc_prf (tr, key, s);
316 ikev2_calc_integr (ikev2_sa_transform_t * tr, v8 * key, u8 * data, int len)
318 ikev2_main_per_thread_data_t *ptd = ikev2_get_per_thread_data ();
319 HMAC_CTX *ctx = ptd->hmac_ctx;
323 ASSERT (tr->type == IKEV2_TRANSFORM_TYPE_INTEG);
325 r = vec_new (u8, tr->key_len);
327 if (tr->md == EVP_sha1 ())
329 ikev2_elog_debug ("integrity checking with sha1");
331 else if (tr->md == EVP_sha256 ())
333 ikev2_elog_debug ("integrity checking with sha256");
336 /* verify integrity of data */
337 HMAC_Init_ex (ctx, key, vec_len (key), tr->md, NULL);
338 HMAC_Update (ctx, (const u8 *) data, len);
339 HMAC_Final (ctx, r, &l);
340 ASSERT (l == tr->key_len);
345 static_always_inline void
346 ikev2_init_gcm_nonce (u8 * nonce, u8 * salt, u8 * iv)
348 clib_memcpy (nonce, salt, IKEV2_GCM_SALT_SIZE);
349 clib_memcpy (nonce + IKEV2_GCM_SALT_SIZE, iv, IKEV2_GCM_IV_SIZE);
353 ikev2_decrypt_aead_data (ikev2_main_per_thread_data_t * ptd, ikev2_sa_t * sa,
354 ikev2_sa_transform_t * tr_encr, u8 * data,
355 int data_len, u8 * aad, u32 aad_len, u8 * tag)
357 EVP_CIPHER_CTX *ctx = ptd->evp_ctx;
359 u8 *key = sa->is_initiator ? sa->sk_er : sa->sk_ei;
360 u8 nonce[IKEV2_GCM_NONCE_SIZE];
362 if (data_len <= IKEV2_GCM_IV_SIZE)
366 /* extract salt from the end of the key */
367 u8 *salt = key + vec_len (key) - IKEV2_GCM_SALT_SIZE;
368 ikev2_init_gcm_nonce (nonce, salt, data);
370 data += IKEV2_GCM_IV_SIZE;
371 data_len -= IKEV2_GCM_IV_SIZE;
372 v8 *r = vec_new (u8, data_len);
374 EVP_DecryptInit_ex (ctx, tr_encr->cipher, 0, 0, 0);
375 EVP_CIPHER_CTX_ctrl (ctx, EVP_CTRL_GCM_SET_IVLEN, 12, 0);
376 EVP_DecryptInit_ex (ctx, 0, 0, key, nonce);
377 EVP_DecryptUpdate (ctx, 0, &len, aad, aad_len);
378 EVP_DecryptUpdate (ctx, r, &len, data, data_len);
379 EVP_CIPHER_CTX_ctrl (ctx, EVP_CTRL_GCM_SET_TAG, IKEV2_GCM_ICV_SIZE, tag);
381 if (EVP_DecryptFinal_ex (ctx, r + len, &len) > 0)
384 _vec_len (r) -= r[vec_len (r) - 1] + 1;
393 ikev2_decrypt_data (ikev2_main_per_thread_data_t * ptd, ikev2_sa_t * sa,
394 ikev2_sa_transform_t * tr_encr, u8 * data, int len)
396 EVP_CIPHER_CTX *ctx = ptd->evp_ctx;
397 int out_len = 0, block_size;
398 u8 *key = sa->is_initiator ? sa->sk_er : sa->sk_ei;
399 block_size = tr_encr->block_size;
401 /* check if data is multiplier of cipher block size */
402 if (len % block_size)
404 ikev2_elog_error ("wrong data length");
408 v8 *r = vec_new (u8, len - block_size);
409 EVP_DecryptInit_ex (ctx, tr_encr->cipher, NULL, key, data);
410 EVP_DecryptUpdate (ctx, r, &out_len, data + block_size, len - block_size);
411 EVP_DecryptFinal_ex (ctx, r + out_len, &out_len);
413 _vec_len (r) -= r[vec_len (r) - 1] + 1;
419 ikev2_encrypt_aead_data (ikev2_main_per_thread_data_t * ptd, ikev2_sa_t * sa,
420 ikev2_sa_transform_t * tr_encr,
421 v8 * src, u8 * dst, u8 * aad, u32 aad_len, u8 * tag)
423 EVP_CIPHER_CTX *ctx = ptd->evp_ctx;
424 int out_len = 0, len = 0;
425 u8 nonce[IKEV2_GCM_NONCE_SIZE];
426 u8 *key = sa->is_initiator ? sa->sk_ei : sa->sk_er;
428 /* generate IV; its length must be 8 octets for aes-gcm (rfc5282) */
429 RAND_bytes (dst, IKEV2_GCM_IV_SIZE);
430 ikev2_init_gcm_nonce (nonce, key + vec_len (key) - IKEV2_GCM_SALT_SIZE,
432 dst += IKEV2_GCM_IV_SIZE;
434 EVP_EncryptInit_ex (ctx, tr_encr->cipher, 0, 0, 0);
435 EVP_CIPHER_CTX_ctrl (ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL);
436 EVP_EncryptInit_ex (ctx, 0, 0, key, nonce);
437 EVP_EncryptUpdate (ctx, NULL, &out_len, aad, aad_len);
438 EVP_EncryptUpdate (ctx, dst, &out_len, src, vec_len (src));
439 EVP_EncryptFinal_ex (ctx, dst + out_len, &len);
440 EVP_CIPHER_CTX_ctrl (ctx, EVP_CTRL_GCM_GET_TAG, 16, tag);
442 ASSERT (vec_len (src) == out_len);
444 return out_len + IKEV2_GCM_IV_SIZE;
448 ikev2_encrypt_data (ikev2_main_per_thread_data_t * ptd, ikev2_sa_t * sa,
449 ikev2_sa_transform_t * tr_encr, v8 * src, u8 * dst)
451 EVP_CIPHER_CTX *ctx = ptd->evp_ctx;
452 int out_len = 0, len = 0;
453 int bs = tr_encr->block_size;
454 u8 *key = sa->is_initiator ? sa->sk_ei : sa->sk_er;
461 EVP_EncryptInit_ex (ctx, tr_encr->cipher, NULL, key, iv);
462 /* disable padding as pad data were added before */
463 EVP_CIPHER_CTX_set_padding (ctx, 0);
464 EVP_EncryptUpdate (ctx, dst, &out_len, src, vec_len (src));
465 EVP_EncryptFinal_ex (ctx, dst + out_len, &len);
468 ASSERT (vec_len (src) == out_len);
475 BN_bn2binpad (const BIGNUM * a, unsigned char *to, int tolen)
477 int r = BN_bn2bin (a, to);
482 vec_insert (to, pad, 0);
483 clib_memset (to, 0, pad);
484 _vec_len (to) -= pad;
491 ikev2_generate_dh (ikev2_sa_t * sa, ikev2_sa_transform_t * t)
495 if (t->dh_group == IKEV2_DH_GROUP_MODP)
498 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
501 const BIGNUM *pub_key, *priv_key;
503 BN_hex2bn (&p, t->dh_p);
504 BN_hex2bn (&g, t->dh_g);
505 DH_set0_pqg (dh, p, NULL, g);
507 BN_hex2bn (&dh->p, t->dh_p);
508 BN_hex2bn (&dh->g, t->dh_g);
510 DH_generate_key (dh);
512 if (sa->is_initiator)
514 sa->i_dh_data = vec_new (u8, t->key_len);
515 sa->dh_private_key = vec_new (u8, t->key_len);
516 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
517 DH_get0_key (dh, &pub_key, &priv_key);
518 r = BN_bn2binpad (pub_key, sa->i_dh_data, t->key_len);
519 ASSERT (r == t->key_len);
520 r = BN_bn2binpad (priv_key, sa->dh_private_key, t->key_len);
522 r = BN_bn2binpad (dh->pub_key, sa->i_dh_data, t->key_len);
523 ASSERT (r == t->key_len);
524 r = BN_bn2binpad (dh->priv_key, sa->dh_private_key, t->key_len);
526 ASSERT (r == t->key_len);
530 sa->r_dh_data = vec_new (u8, t->key_len);
531 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
532 DH_get0_key (dh, &pub_key, &priv_key);
533 r = BN_bn2binpad (pub_key, sa->r_dh_data, t->key_len);
535 r = BN_bn2binpad (dh->pub_key, sa->r_dh_data, t->key_len);
537 ASSERT (r == t->key_len);
540 sa->dh_shared_key = vec_new (u8, t->key_len);
541 ex = BN_bin2bn (sa->i_dh_data, vec_len (sa->i_dh_data), NULL);
542 r = DH_compute_key (sa->dh_shared_key, ex, dh);
543 ASSERT (t->key_len >= r);
544 int pad = t->key_len - r;
547 vec_insert (sa->dh_shared_key, pad, 0);
548 clib_memset (sa->dh_shared_key, 0, pad);
549 _vec_len (sa->dh_shared_key) -= pad;
555 else if (t->dh_group == IKEV2_DH_GROUP_ECP)
557 EC_KEY *ec = EC_KEY_new_by_curve_name (t->nid);
560 EC_KEY_generate_key (ec);
562 const EC_POINT *r_point = EC_KEY_get0_public_key (ec);
563 const EC_GROUP *group = EC_KEY_get0_group (ec);
564 BIGNUM *x = NULL, *y = NULL;
565 BN_CTX *bn_ctx = BN_CTX_new ();
566 u16 x_off, y_off, len;
567 EC_POINT *i_point = EC_POINT_new (group);
568 EC_POINT *shared_point = EC_POINT_new (group);
572 len = t->key_len / 2;
574 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
575 EC_POINT_get_affine_coordinates (group, r_point, x, y, bn_ctx);
577 EC_POINT_get_affine_coordinates_GFp (group, r_point, x, y, bn_ctx);
580 if (sa->is_initiator)
582 sa->i_dh_data = vec_new (u8, t->key_len);
583 x_off = len - BN_num_bytes (x);
584 clib_memset (sa->i_dh_data, 0, x_off);
585 BN_bn2bin (x, sa->i_dh_data + x_off);
586 y_off = t->key_len - BN_num_bytes (y);
587 clib_memset (sa->i_dh_data + len, 0, y_off - len);
588 BN_bn2bin (y, sa->i_dh_data + y_off);
590 const BIGNUM *prv = EC_KEY_get0_private_key (ec);
591 sa->dh_private_key = vec_new (u8, BN_num_bytes (prv));
592 r = BN_bn2bin (prv, sa->dh_private_key);
593 ASSERT (r == BN_num_bytes (prv));
597 sa->r_dh_data = vec_new (u8, t->key_len);
598 x_off = len - BN_num_bytes (x);
599 clib_memset (sa->r_dh_data, 0, x_off);
600 BN_bn2bin (x, sa->r_dh_data + x_off);
601 y_off = t->key_len - BN_num_bytes (y);
602 clib_memset (sa->r_dh_data + len, 0, y_off - len);
603 BN_bn2bin (y, sa->r_dh_data + y_off);
605 x = BN_bin2bn (sa->i_dh_data, len, x);
606 y = BN_bin2bn (sa->i_dh_data + len, len, y);
607 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
608 EC_POINT_set_affine_coordinates (group, i_point, x, y, bn_ctx);
610 EC_POINT_set_affine_coordinates_GFp (group, i_point, x, y, bn_ctx);
612 sa->dh_shared_key = vec_new (u8, t->key_len);
613 EC_POINT_mul (group, shared_point, NULL, i_point,
614 EC_KEY_get0_private_key (ec), NULL);
615 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
616 EC_POINT_get_affine_coordinates (group, shared_point, x, y, bn_ctx);
618 EC_POINT_get_affine_coordinates_GFp (group, shared_point, x, y,
621 x_off = len - BN_num_bytes (x);
622 clib_memset (sa->dh_shared_key, 0, x_off);
623 BN_bn2bin (x, sa->dh_shared_key + x_off);
624 y_off = t->key_len - BN_num_bytes (y);
625 clib_memset (sa->dh_shared_key + len, 0, y_off - len);
626 BN_bn2bin (y, sa->dh_shared_key + y_off);
632 BN_CTX_free (bn_ctx);
633 EC_POINT_free (i_point);
634 EC_POINT_free (shared_point);
639 ikev2_complete_dh (ikev2_sa_t * sa, ikev2_sa_transform_t * t)
643 if (t->dh_group == IKEV2_DH_GROUP_MODP)
646 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
651 BN_hex2bn (&p, t->dh_p);
652 BN_hex2bn (&g, t->dh_g);
653 DH_set0_pqg (dh, p, NULL, g);
656 BN_bin2bn (sa->dh_private_key, vec_len (sa->dh_private_key), NULL);
657 DH_set0_key (dh, NULL, priv_key);
659 BN_hex2bn (&dh->p, t->dh_p);
660 BN_hex2bn (&dh->g, t->dh_g);
663 BN_bin2bn (sa->dh_private_key, vec_len (sa->dh_private_key), NULL);
666 sa->dh_shared_key = vec_new (u8, t->key_len);
667 ex = BN_bin2bn (sa->r_dh_data, vec_len (sa->r_dh_data), NULL);
668 r = DH_compute_key (sa->dh_shared_key, ex, dh);
669 ASSERT (t->key_len >= r);
670 int pad = t->key_len - r;
673 vec_insert (sa->dh_shared_key, pad, 0);
674 clib_memset (sa->dh_shared_key, 0, pad);
675 _vec_len (sa->dh_shared_key) -= pad;
680 else if (t->dh_group == IKEV2_DH_GROUP_ECP)
682 EC_KEY *ec = EC_KEY_new_by_curve_name (t->nid);
685 const EC_GROUP *group = EC_KEY_get0_group (ec);
686 BIGNUM *x = NULL, *y = NULL;
687 BN_CTX *bn_ctx = BN_CTX_new ();
688 u16 x_off, y_off, len;
692 BN_bin2bn (sa->dh_private_key, vec_len (sa->dh_private_key), NULL);
693 EC_KEY_set_private_key (ec, prv);
697 len = t->key_len / 2;
699 x = BN_bin2bn (sa->r_dh_data, len, x);
700 y = BN_bin2bn (sa->r_dh_data + len, len, y);
701 EC_POINT *r_point = EC_POINT_new (group);
702 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
703 EC_POINT_set_affine_coordinates (group, r_point, x, y, bn_ctx);
705 EC_POINT_set_affine_coordinates_GFp (group, r_point, x, y, bn_ctx);
707 EC_KEY_set_public_key (ec, r_point);
709 EC_POINT *i_point = EC_POINT_new (group);
710 EC_POINT *shared_point = EC_POINT_new (group);
712 x = BN_bin2bn (sa->i_dh_data, len, x);
713 y = BN_bin2bn (sa->i_dh_data + len, len, y);
714 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
715 EC_POINT_set_affine_coordinates (group, i_point, x, y, bn_ctx);
717 EC_POINT_set_affine_coordinates_GFp (group, i_point, x, y, bn_ctx);
719 EC_POINT_mul (group, shared_point, NULL, r_point,
720 EC_KEY_get0_private_key (ec), NULL);
721 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
722 EC_POINT_get_affine_coordinates (group, shared_point, x, y, bn_ctx);
724 EC_POINT_get_affine_coordinates_GFp (group, shared_point, x, y, bn_ctx);
726 sa->dh_shared_key = vec_new (u8, t->key_len);
727 x_off = len - BN_num_bytes (x);
728 clib_memset (sa->dh_shared_key, 0, x_off);
729 BN_bn2bin (x, sa->dh_shared_key + x_off);
730 y_off = t->key_len - BN_num_bytes (y);
731 clib_memset (sa->dh_shared_key + len, 0, y_off - len);
732 BN_bn2bin (y, sa->dh_shared_key + y_off);
738 BN_CTX_free (bn_ctx);
739 EC_POINT_free (i_point);
740 EC_POINT_free (r_point);
741 EC_POINT_free (shared_point);
746 ikev2_verify_sign (EVP_PKEY * pkey, u8 * sigbuf, u8 * data)
749 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
750 EVP_MD_CTX *md_ctx = EVP_MD_CTX_new ();
753 EVP_MD_CTX_init (&md_ctx);
756 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
757 EVP_VerifyInit (md_ctx, EVP_sha1 ());
758 EVP_VerifyUpdate (md_ctx, data, vec_len (data));
760 EVP_VerifyInit_ex (&md_ctx, EVP_sha1 (), NULL);
761 EVP_VerifyUpdate (&md_ctx, data, vec_len (data));
764 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
765 verify = EVP_VerifyFinal (md_ctx, sigbuf, vec_len (sigbuf), pkey);
766 EVP_MD_CTX_free (md_ctx);
768 verify = EVP_VerifyFinal (&md_ctx, sigbuf, vec_len (sigbuf), pkey);
769 EVP_MD_CTX_cleanup (&md_ctx);
775 ikev2_calc_sign (EVP_PKEY * pkey, u8 * data)
777 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
778 EVP_MD_CTX *md_ctx = EVP_MD_CTX_new ();
781 EVP_MD_CTX_init (&md_ctx);
783 unsigned int sig_len = 0;
786 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
787 EVP_SignInit (md_ctx, EVP_sha1 ());
788 EVP_SignUpdate (md_ctx, data, vec_len (data));
790 EVP_SignFinal (md_ctx, NULL, &sig_len, pkey);
791 sign = vec_new (u8, sig_len);
793 EVP_SignFinal (md_ctx, sign, &sig_len, pkey);
794 EVP_MD_CTX_free (md_ctx);
796 EVP_SignInit (&md_ctx, EVP_sha1 ());
797 EVP_SignUpdate (&md_ctx, data, vec_len (data));
799 EVP_SignFinal (&md_ctx, NULL, &sig_len, pkey);
800 sign = vec_new (u8, sig_len);
802 EVP_SignFinal (&md_ctx, sign, &sig_len, pkey);
803 EVP_MD_CTX_cleanup (&md_ctx);
809 ikev2_load_cert_file (u8 * file)
813 EVP_PKEY *pkey = NULL;
815 fp = fopen ((char *) file, "r");
818 ikev2_log_error ("open %s failed", file);
822 x509 = PEM_read_X509 (fp, NULL, NULL, NULL);
826 ikev2_log_error ("read cert %s failed", file);
830 pkey = X509_get_pubkey (x509);
832 ikev2_log_error ("get pubkey %s failed", file);
839 ikev2_load_key_file (u8 * file)
842 EVP_PKEY *pkey = NULL;
844 fp = fopen ((char *) file, "r");
847 ikev2_log_error ("open %s failed", file);
851 pkey = PEM_read_PrivateKey (fp, NULL, NULL, NULL);
854 ikev2_log_error ("read %s failed", file);
861 ikev2_crypto_init (ikev2_main_t * km)
863 ikev2_sa_transform_t *tr;
865 /* vector of supported transforms - in order of preference */
869 vec_add2 (km->supported_transforms, tr, 1);
870 tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
871 tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
872 tr->key_len = 256 / 8;
873 tr->block_size = 128 / 8;
874 tr->cipher = EVP_aes_256_cbc ();
876 vec_add2 (km->supported_transforms, tr, 1);
877 tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
878 tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
879 tr->key_len = 192 / 8;
880 tr->block_size = 128 / 8;
881 tr->cipher = EVP_aes_192_cbc ();
883 vec_add2 (km->supported_transforms, tr, 1);
884 tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
885 tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
886 tr->key_len = 128 / 8;
887 tr->block_size = 128 / 8;
888 tr->cipher = EVP_aes_128_cbc ();
890 vec_add2 (km->supported_transforms, tr, 1);
891 tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
892 tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_GCM_16;
893 tr->key_len = 256 / 8;
894 tr->block_size = 128 / 8;
895 tr->cipher = EVP_aes_256_gcm ();
897 vec_add2 (km->supported_transforms, tr, 1);
898 tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
899 tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_GCM_16;
900 tr->key_len = 192 / 8;
901 tr->block_size = 128 / 8;
902 tr->cipher = EVP_aes_192_gcm ();
904 vec_add2 (km->supported_transforms, tr, 1);
905 tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
906 tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_GCM_16;
907 tr->key_len = 128 / 8;
908 tr->block_size = 128 / 8;
909 tr->cipher = EVP_aes_128_gcm ();
912 vec_add2 (km->supported_transforms, tr, 1);
913 tr->type = IKEV2_TRANSFORM_TYPE_PRF;
914 tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA2_256;
915 tr->key_len = 256 / 8;
916 tr->key_trunc = 256 / 8;
917 tr->md = EVP_sha256 ();
919 vec_add2 (km->supported_transforms, tr, 1);
920 tr->type = IKEV2_TRANSFORM_TYPE_PRF;
921 tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA2_384;
922 tr->key_len = 384 / 8;
923 tr->key_trunc = 384 / 8;
924 tr->md = EVP_sha384 ();
926 vec_add2 (km->supported_transforms, tr, 1);
927 tr->type = IKEV2_TRANSFORM_TYPE_PRF;
928 tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA2_512;
929 tr->key_len = 512 / 8;
930 tr->key_trunc = 512 / 8;
931 tr->md = EVP_sha512 ();
933 vec_add2 (km->supported_transforms, tr, 1);
934 tr->type = IKEV2_TRANSFORM_TYPE_PRF;
935 tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA1;
936 tr->key_len = 160 / 8;
937 tr->key_trunc = 160 / 8;
938 tr->md = EVP_sha1 ();
941 vec_add2 (km->supported_transforms, tr, 1);
942 tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
943 tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA2_256_128;
944 tr->key_len = 256 / 8;
945 tr->key_trunc = 128 / 8;
946 tr->md = EVP_sha256 ();
948 vec_add2 (km->supported_transforms, tr, 1);
949 tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
950 tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA2_384_192;
951 tr->key_len = 384 / 8;
952 tr->key_trunc = 192 / 8;
953 tr->md = EVP_sha384 ();
955 vec_add2 (km->supported_transforms, tr, 1);
956 tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
957 tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA2_512_256;
958 tr->key_len = 512 / 8;
959 tr->key_trunc = 256 / 8;
960 tr->md = EVP_sha512 ();
962 vec_add2 (km->supported_transforms, tr, 1);
963 tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
964 tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA1_160;
965 tr->key_len = 160 / 8;
966 tr->key_trunc = 160 / 8;
967 tr->md = EVP_sha1 ();
969 vec_add2 (km->supported_transforms, tr, 1);
970 tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
971 tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA1_96;
972 tr->key_len = 160 / 8;
973 tr->key_trunc = 96 / 8;
974 tr->md = EVP_sha1 ();
977 #if defined(OPENSSL_NO_CISCO_FECDH)
978 vec_add2 (km->supported_transforms, tr, 1);
979 tr->type = IKEV2_TRANSFORM_TYPE_DH;
980 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_512;
981 tr->key_len = (512 * 2) / 8;
982 tr->nid = NID_brainpoolP512r1;
983 tr->dh_group = IKEV2_DH_GROUP_ECP;
985 vec_add2 (km->supported_transforms, tr, 1);
986 tr->type = IKEV2_TRANSFORM_TYPE_DH;
987 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_384;
988 tr->key_len = (384 * 2) / 8;
989 tr->nid = NID_brainpoolP384r1;
990 tr->dh_group = IKEV2_DH_GROUP_ECP;
992 vec_add2 (km->supported_transforms, tr, 1);
993 tr->type = IKEV2_TRANSFORM_TYPE_DH;
994 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_256;
995 tr->key_len = (256 * 2) / 8;
996 tr->nid = NID_brainpoolP256r1;
997 tr->dh_group = IKEV2_DH_GROUP_ECP;
999 vec_add2 (km->supported_transforms, tr, 1);
1000 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1001 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_224;
1002 tr->key_len = (224 * 2) / 8;
1003 tr->nid = NID_brainpoolP224r1;
1004 tr->dh_group = IKEV2_DH_GROUP_ECP;
1006 vec_add2 (km->supported_transforms, tr, 1);
1007 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1008 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_224;
1009 tr->key_len = (224 * 2) / 8;
1010 tr->nid = NID_secp224r1;
1011 tr->dh_group = IKEV2_DH_GROUP_ECP;
1014 vec_add2 (km->supported_transforms, tr, 1);
1015 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1016 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_521;
1017 tr->key_len = (528 * 2) / 8;
1018 tr->nid = NID_secp521r1;
1019 tr->dh_group = IKEV2_DH_GROUP_ECP;
1021 vec_add2 (km->supported_transforms, tr, 1);
1022 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1023 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_384;
1024 tr->key_len = (384 * 2) / 8;
1025 tr->nid = NID_secp384r1;
1026 tr->dh_group = IKEV2_DH_GROUP_ECP;
1028 vec_add2 (km->supported_transforms, tr, 1);
1029 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1030 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_256;
1031 tr->key_len = (256 * 2) / 8;
1032 tr->nid = NID_X9_62_prime256v1;
1033 tr->dh_group = IKEV2_DH_GROUP_ECP;
1035 vec_add2 (km->supported_transforms, tr, 1);
1036 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1037 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_192;
1038 tr->key_len = (192 * 2) / 8;
1039 tr->nid = NID_X9_62_prime192v1;
1040 tr->dh_group = IKEV2_DH_GROUP_ECP;
1042 vec_add2 (km->supported_transforms, tr, 1);
1043 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1044 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048_256;
1045 tr->key_len = 2048 / 8;
1046 tr->dh_p = (const char *) &modp_dh_2048_256_prime;
1047 tr->dh_g = (const char *) &modp_dh_2048_256_generator;
1048 tr->dh_group = IKEV2_DH_GROUP_MODP;
1050 vec_add2 (km->supported_transforms, tr, 1);
1051 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1052 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048_224;
1053 tr->key_len = 2048 / 8;
1054 tr->dh_p = (const char *) &modp_dh_2048_224_prime;
1055 tr->dh_g = (const char *) &modp_dh_2048_224_generator;
1056 tr->dh_group = IKEV2_DH_GROUP_MODP;
1058 vec_add2 (km->supported_transforms, tr, 1);
1059 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1060 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1024_160;
1061 tr->key_len = 1024 / 8;
1062 tr->dh_p = (const char *) &modp_dh_1024_160_prime;
1063 tr->dh_g = (const char *) &modp_dh_1024_160_generator;
1064 tr->dh_group = IKEV2_DH_GROUP_MODP;
1066 vec_add2 (km->supported_transforms, tr, 1);
1067 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1068 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_8192;
1069 tr->key_len = 8192 / 8;
1070 tr->dh_p = (const char *) &modp_dh_8192_prime;
1071 tr->dh_g = (const char *) &modp_dh_8192_generator;
1072 tr->dh_group = IKEV2_DH_GROUP_MODP;
1074 vec_add2 (km->supported_transforms, tr, 1);
1075 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1076 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_6144;
1077 tr->key_len = 6144 / 8;
1078 tr->dh_p = (const char *) &modp_dh_6144_prime;
1079 tr->dh_g = (const char *) &modp_dh_6144_generator;
1080 tr->dh_group = IKEV2_DH_GROUP_MODP;
1082 vec_add2 (km->supported_transforms, tr, 1);
1083 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1084 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_4096;
1085 tr->key_len = 4096 / 8;
1086 tr->dh_p = (const char *) &modp_dh_4096_prime;
1087 tr->dh_g = (const char *) &modp_dh_4096_generator;
1088 tr->dh_group = IKEV2_DH_GROUP_MODP;
1090 vec_add2 (km->supported_transforms, tr, 1);
1091 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1092 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_3072;
1093 tr->key_len = 3072 / 8;
1094 tr->dh_p = (const char *) &modp_dh_3072_prime;
1095 tr->dh_g = (const char *) &modp_dh_3072_generator;
1096 tr->dh_group = IKEV2_DH_GROUP_MODP;
1098 vec_add2 (km->supported_transforms, tr, 1);
1099 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1100 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048;
1101 tr->key_len = 2048 / 8;
1102 tr->dh_p = (const char *) &modp_dh_2048_prime;
1103 tr->dh_g = (const char *) &modp_dh_2048_generator;
1104 tr->dh_group = IKEV2_DH_GROUP_MODP;
1106 vec_add2 (km->supported_transforms, tr, 1);
1107 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1108 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1536;
1109 tr->key_len = 1536 / 8;
1110 tr->dh_p = (const char *) &modp_dh_1536_prime;
1111 tr->dh_g = (const char *) &modp_dh_1536_generator;
1112 tr->dh_group = IKEV2_DH_GROUP_MODP;
1114 vec_add2 (km->supported_transforms, tr, 1);
1115 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1116 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1024;
1117 tr->key_len = 1024 / 8;
1118 tr->dh_p = (const char *) &modp_dh_1024_prime;
1119 tr->dh_g = (const char *) &modp_dh_1024_generator;
1120 tr->dh_group = IKEV2_DH_GROUP_MODP;
1122 vec_add2 (km->supported_transforms, tr, 1);
1123 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1124 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_768;
1125 tr->key_len = 768 / 8;
1126 tr->dh_p = (const char *) &modp_dh_768_prime;
1127 tr->dh_g = (const char *) &modp_dh_768_generator;
1128 tr->dh_group = IKEV2_DH_GROUP_MODP;
1130 vec_add2 (km->supported_transforms, tr, 1);
1131 tr->type = IKEV2_TRANSFORM_TYPE_ESN;
1132 tr->esn_type = IKEV2_TRANSFORM_ESN_TYPE_ESN;
1134 vec_add2 (km->supported_transforms, tr, 1);
1135 tr->type = IKEV2_TRANSFORM_TYPE_ESN;
1136 tr->esn_type = IKEV2_TRANSFORM_ESN_TYPE_NO_ESN;
1142 * fd.io coding-style-patch-verification: ON
1145 * eval: (c-set-style "gnu")