2 * Copyright (c) 2015 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
16 #include <vlib/vlib.h>
17 #include <vnet/vnet.h>
18 #include <vnet/pg/pg.h>
19 #include <vppinfra/error.h>
20 #include <vnet/udp/udp.h>
21 #include <plugins/ikev2/ikev2.h>
22 #include <plugins/ikev2/ikev2_priv.h>
23 #include <openssl/obj_mac.h>
24 #include <openssl/ec.h>
25 #include <openssl/x509.h>
26 #include <openssl/pem.h>
27 #include <openssl/bn.h>
28 #include <openssl/dh.h>
31 static const char modp_dh_768_prime[] =
32 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
33 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
34 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
35 "E485B576625E7EC6F44C42E9A63A3620FFFFFFFFFFFFFFFF";
36 static const char modp_dh_768_generator[] = "02";
38 static const char modp_dh_1024_prime[] =
39 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
40 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
41 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
42 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
43 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381" "FFFFFFFFFFFFFFFF";
44 static const char modp_dh_1024_generator[] = "02";
47 static const char modp_dh_1536_prime[] =
48 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
49 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
50 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
51 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
52 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
53 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
54 "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
55 "670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF";
56 static const char modp_dh_1536_generator[] = "02";
58 static const char modp_dh_2048_prime[] =
59 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
60 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
61 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
62 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
63 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
64 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
65 "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
66 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
67 "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
68 "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
69 "15728E5A8AACAA68FFFFFFFFFFFFFFFF";
70 static const char modp_dh_2048_generator[] = "02";
72 static const char modp_dh_3072_prime[] =
73 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
74 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
75 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
76 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
77 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
78 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
79 "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
80 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
81 "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
82 "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
83 "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
84 "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
85 "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
86 "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
87 "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
88 "43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF";
89 static const char modp_dh_3072_generator[] = "02";
91 static const char modp_dh_4096_prime[] =
92 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
93 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
94 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
95 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
96 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
97 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
98 "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
99 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
100 "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
101 "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
102 "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
103 "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
104 "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
105 "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
106 "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
107 "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7"
108 "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA"
109 "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6"
110 "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED"
111 "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9"
112 "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199" "FFFFFFFFFFFFFFFF";
113 static const char modp_dh_4096_generator[] = "02";
115 static const char modp_dh_6144_prime[] =
116 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E08"
117 "8A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B"
118 "302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9"
119 "A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE6"
120 "49286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8"
121 "FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D"
122 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C"
123 "180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF695581718"
124 "3995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D"
125 "04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7D"
126 "B3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D226"
127 "1AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
128 "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFC"
129 "E0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B26"
130 "99C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB"
131 "04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2"
132 "233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127"
133 "D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492"
134 "36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406"
135 "AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918"
136 "DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B33205151"
137 "2BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03"
138 "F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97F"
139 "BEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA"
140 "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58B"
141 "B7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632"
142 "387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E"
143 "6DCC4024FFFFFFFFFFFFFFFF";
144 static const char modp_dh_6144_generator[] = "02";
146 static const char modp_dh_8192_prime[] =
147 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
148 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
149 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
150 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
151 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
152 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
153 "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
154 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
155 "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
156 "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
157 "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
158 "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
159 "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
160 "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
161 "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
162 "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7"
163 "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA"
164 "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6"
165 "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED"
166 "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9"
167 "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492"
168 "36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BD"
169 "F8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831"
170 "179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1B"
171 "DB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF"
172 "5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6"
173 "D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F3"
174 "23A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA"
175 "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE328"
176 "06A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55C"
177 "DA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE"
178 "12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E4"
179 "38777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300"
180 "741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F568"
181 "3423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD9"
182 "22222E04A4037C0713EB57A81A23F0C73473FC646CEA306B"
183 "4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A"
184 "062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A36"
185 "4597E899A0255DC164F31CC50846851DF9AB48195DED7EA1"
186 "B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F92"
187 "4009438B481C6CD7889A002ED5EE382BC9190DA6FC026E47"
188 "9558E4475677E9AA9E3050E2765694DFC81F56E880B96E71"
189 "60C980DD98EDD3DFFFFFFFFFFFFFFFFF";
190 static const char modp_dh_8192_generator[] = "02";
193 static const char modp_dh_1024_160_prime[] =
194 "B10B8F96A080E01DDE92DE5EAE5D54EC52C99FBCFB06A3C6"
195 "9A6A9DCA52D23B616073E28675A23D189838EF1E2EE652C0"
196 "13ECB4AEA906112324975C3CD49B83BFACCBDD7D90C4BD70"
197 "98488E9C219A73724EFFD6FAE5644738FAA31A4FF55BCCC0"
198 "A151AF5F0DC8B4BD45BF37DF365C1A65E68CFDA76D4DA708" "DF1FB2BC2E4A4371";
199 static const char modp_dh_1024_160_generator[] =
200 "A4D1CBD5C3FD34126765A442EFB99905F8104DD258AC507F"
201 "D6406CFF14266D31266FEA1E5C41564B777E690F5504F213"
202 "160217B4B01B886A5E91547F9E2749F4D7FBD7D3B9A92EE1"
203 "909D0D2263F80A76A6A24C087A091F531DBF0A0169B6A28A"
204 "D662A4D18E73AFA32D779D5918D08BC8858F4DCEF97C2A24" "855E6EEB22B3B2E5";
206 static const char modp_dh_2048_224_prime[] =
207 "AD107E1E9123A9D0D660FAA79559C51FA20D64E5683B9FD1"
208 "B54B1597B61D0A75E6FA141DF95A56DBAF9A3C407BA1DF15"
209 "EB3D688A309C180E1DE6B85A1274A0A66D3F8152AD6AC212"
210 "9037C9EDEFDA4DF8D91E8FEF55B7394B7AD5B7D0B6C12207"
211 "C9F98D11ED34DBF6C6BA0B2C8BBC27BE6A00E0A0B9C49708"
212 "B3BF8A317091883681286130BC8985DB1602E714415D9330"
213 "278273C7DE31EFDC7310F7121FD5A07415987D9ADC0A486D"
214 "CDF93ACC44328387315D75E198C641A480CD86A1B9E587E8"
215 "BE60E69CC928B2B9C52172E413042E9B23F10B0E16E79763"
216 "C9B53DCF4BA80A29E3FB73C16B8E75B97EF363E2FFA31F71"
217 "CF9DE5384E71B81C0AC4DFFE0C10E64F";
218 static const char modp_dh_2048_224_generator[] =
219 "AC4032EF4F2D9AE39DF30B5C8FFDAC506CDEBE7B89998CAF"
220 "74866A08CFE4FFE3A6824A4E10B9A6F0DD921F01A70C4AFA"
221 "AB739D7700C29F52C57DB17C620A8652BE5E9001A8D66AD7"
222 "C17669101999024AF4D027275AC1348BB8A762D0521BC98A"
223 "E247150422EA1ED409939D54DA7460CDB5F6C6B250717CBE"
224 "F180EB34118E98D119529A45D6F834566E3025E316A330EF"
225 "BB77A86F0C1AB15B051AE3D428C8F8ACB70A8137150B8EEB"
226 "10E183EDD19963DDD9E263E4770589EF6AA21E7F5F2FF381"
227 "B539CCE3409D13CD566AFBB48D6C019181E1BCFE94B30269"
228 "EDFE72FE9B6AA4BD7B5A0F1C71CFFF4C19C418E1F6EC0179"
229 "81BC087F2A7065B384B890D3191F2BFA";
231 static const char modp_dh_2048_256_prime[] =
232 "87A8E61DB4B6663CFFBBD19C651959998CEEF608660DD0F2"
233 "5D2CEED4435E3B00E00DF8F1D61957D4FAF7DF4561B2AA30"
234 "16C3D91134096FAA3BF4296D830E9A7C209E0C6497517ABD"
235 "5A8A9D306BCF67ED91F9E6725B4758C022E0B1EF4275BF7B"
236 "6C5BFC11D45F9088B941F54EB1E59BB8BC39A0BF12307F5C"
237 "4FDB70C581B23F76B63ACAE1CAA6B7902D52526735488A0E"
238 "F13C6D9A51BFA4AB3AD8347796524D8EF6A167B5A41825D9"
239 "67E144E5140564251CCACB83E6B486F6B3CA3F7971506026"
240 "C0B857F689962856DED4010ABD0BE621C3A3960A54E710C3"
241 "75F26375D7014103A4B54330C198AF126116D2276E11715F"
242 "693877FAD7EF09CADB094AE91E1A1597";
243 static const char modp_dh_2048_256_generator[] =
244 "3FB32C9B73134D0B2E77506660EDBD484CA7B18F21EF2054"
245 "07F4793A1A0BA12510DBC15077BE463FFF4FED4AAC0BB555"
246 "BE3A6C1B0C6B47B1BC3773BF7E8C6F62901228F8C28CBB18"
247 "A55AE31341000A650196F931C77A57F2DDF463E5E9EC144B"
248 "777DE62AAAB8A8628AC376D282D6ED3864E67982428EBC83"
249 "1D14348F6F2F9193B5045AF2767164E1DFC967C1FB3F2E55"
250 "A4BD1BFFE83B9C80D052B985D182EA0ADB2A3B7313D3FE14"
251 "C8484B1E052588B9B7D2BBD2DF016199ECD06E1557CD0915"
252 "B3353BBB64E0EC377FD028370DF92B52C7891428CDC67EB6"
253 "184B523D1DB246C32F63078490F00EF8D647D148D4795451"
254 "5E2327CFEF98C582664B4C0F6CC41659";
257 ikev2_calc_prf (ikev2_sa_transform_t * tr, v8 * key, v8 * data)
259 ikev2_main_per_thread_data_t *ptd = ikev2_get_per_thread_data ();
260 HMAC_CTX *ctx = ptd->hmac_ctx;
262 unsigned int len = 0;
264 prf = vec_new (u8, tr->key_trunc);
265 HMAC_Init_ex (ctx, key, vec_len (key), tr->md, NULL);
266 HMAC_Update (ctx, data, vec_len (data));
267 HMAC_Final (ctx, prf, &len);
268 ASSERT (len == tr->key_trunc);
274 ikev2_calc_prfplus (ikev2_sa_transform_t * tr, u8 * key, u8 * seed, int len)
276 v8 *t = 0, *s = 0, *tmp = 0, *ret = 0;
279 /* prf+ (K,S) = T1 | T2 | T3 | T4 | ...
282 T1 = prf (K, S | 0x01)
283 T2 = prf (K, T1 | S | 0x02)
284 T3 = prf (K, T2 | S | 0x03)
285 T4 = prf (K, T3 | S | 0x04)
288 while (vec_len (ret) < len && x < 255)
296 vec_append (s, seed);
297 vec_add2 (s, tmp, 1);
299 t = ikev2_calc_prf (tr, key, s);
316 ikev2_calc_integr (ikev2_sa_transform_t * tr, v8 * key, u8 * data, int len)
318 ikev2_main_per_thread_data_t *ptd = ikev2_get_per_thread_data ();
319 HMAC_CTX *ctx = ptd->hmac_ctx;
323 ASSERT (tr->type == IKEV2_TRANSFORM_TYPE_INTEG);
325 r = vec_new (u8, tr->key_len);
327 if (tr->md == EVP_sha1 ())
329 ikev2_elog_debug ("integrity checking with sha1");
331 else if (tr->md == EVP_sha256 ())
333 ikev2_elog_debug ("integrity checking with sha256");
336 /* verify integrity of data */
337 HMAC_Init_ex (ctx, key, vec_len (key), tr->md, NULL);
338 HMAC_Update (ctx, (const u8 *) data, len);
339 HMAC_Final (ctx, r, &l);
340 ASSERT (l == tr->key_len);
345 static_always_inline void
346 ikev2_init_gcm_nonce (u8 * nonce, u8 * salt, u8 * iv)
348 clib_memcpy (nonce, salt, IKEV2_GCM_SALT_SIZE);
349 clib_memcpy (nonce + IKEV2_GCM_SALT_SIZE, iv, IKEV2_GCM_IV_SIZE);
353 ikev2_decrypt_aead_data (ikev2_main_per_thread_data_t * ptd, ikev2_sa_t * sa,
354 ikev2_sa_transform_t * tr_encr, u8 * data,
355 int data_len, u8 * aad, u32 aad_len, u8 * tag,
358 EVP_CIPHER_CTX *ctx = ptd->evp_ctx;
360 u8 *key = sa->is_initiator ? sa->sk_er : sa->sk_ei;
361 u8 nonce[IKEV2_GCM_NONCE_SIZE];
363 if (data_len <= IKEV2_GCM_IV_SIZE)
367 /* extract salt from the end of the key */
368 u8 *salt = key + vec_len (key) - IKEV2_GCM_SALT_SIZE;
369 ikev2_init_gcm_nonce (nonce, salt, data);
371 data += IKEV2_GCM_IV_SIZE;
372 data_len -= IKEV2_GCM_IV_SIZE;
374 EVP_DecryptInit_ex (ctx, tr_encr->cipher, 0, 0, 0);
375 EVP_CIPHER_CTX_ctrl (ctx, EVP_CTRL_GCM_SET_IVLEN, 12, 0);
376 EVP_DecryptInit_ex (ctx, 0, 0, key, nonce);
377 EVP_DecryptUpdate (ctx, 0, &len, aad, aad_len);
378 EVP_DecryptUpdate (ctx, data, &len, data, data_len);
379 EVP_CIPHER_CTX_ctrl (ctx, EVP_CTRL_GCM_SET_TAG, IKEV2_GCM_ICV_SIZE, tag);
381 if (EVP_DecryptFinal_ex (ctx, data + len, &len) > 0)
383 *out_len = data_len - data[data_len - 1] - 1;
391 ikev2_decrypt_data (ikev2_main_per_thread_data_t * ptd, ikev2_sa_t * sa,
392 ikev2_sa_transform_t * tr_encr, u8 * data, int len,
395 EVP_CIPHER_CTX *ctx = ptd->evp_ctx;
396 int tmp_len = 0, block_size;
397 u8 *key = sa->is_initiator ? sa->sk_er : sa->sk_ei;
398 block_size = tr_encr->block_size;
401 /* check if data is multiplier of cipher block size */
402 if (len % block_size)
404 ikev2_elog_error ("wrong data length");
410 EVP_DecryptInit_ex (ctx, tr_encr->cipher, NULL, key, iv);
411 EVP_CIPHER_CTX_set_padding (ctx, 0);
412 EVP_DecryptUpdate (ctx, data, &tmp_len, data, len);
414 if (EVP_DecryptFinal_ex (ctx, data + tmp_len, &tmp_len) > 0)
416 *out_len = len - data[len - 1] - 1;
424 ikev2_encrypt_aead_data (ikev2_main_per_thread_data_t * ptd, ikev2_sa_t * sa,
425 ikev2_sa_transform_t * tr_encr,
426 v8 * src, u8 * dst, u8 * aad, u32 aad_len, u8 * tag)
428 EVP_CIPHER_CTX *ctx = ptd->evp_ctx;
429 int out_len = 0, len = 0;
430 u8 nonce[IKEV2_GCM_NONCE_SIZE];
431 u8 *key = sa->is_initiator ? sa->sk_ei : sa->sk_er;
435 /* generate IV; its length must be 8 octets for aes-gcm (rfc5282) */
436 RAND_bytes (dst, IKEV2_GCM_IV_SIZE);
437 ikev2_init_gcm_nonce (nonce, key + vec_len (key) - IKEV2_GCM_SALT_SIZE,
439 dst += IKEV2_GCM_IV_SIZE;
441 EVP_EncryptInit_ex (ctx, tr_encr->cipher, 0, 0, 0);
442 EVP_CIPHER_CTX_ctrl (ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL);
443 EVP_EncryptInit_ex (ctx, 0, 0, key, nonce);
444 EVP_EncryptUpdate (ctx, NULL, &out_len, aad, aad_len);
445 EVP_EncryptUpdate (ctx, dst, &out_len, src, vec_len (src));
446 EVP_EncryptFinal_ex (ctx, dst + out_len, &len);
447 EVP_CIPHER_CTX_ctrl (ctx, EVP_CTRL_GCM_GET_TAG, 16, tag);
449 ASSERT (vec_len (src) == out_len);
451 return out_len + IKEV2_GCM_IV_SIZE;
455 ikev2_encrypt_data (ikev2_main_per_thread_data_t * ptd, ikev2_sa_t * sa,
456 ikev2_sa_transform_t * tr_encr, v8 * src, u8 * dst)
458 EVP_CIPHER_CTX *ctx = ptd->evp_ctx;
459 int out_len = 0, len = 0;
460 int bs = tr_encr->block_size;
461 u8 *key = sa->is_initiator ? sa->sk_ei : sa->sk_er;
470 EVP_EncryptInit_ex (ctx, tr_encr->cipher, NULL, key, iv);
471 /* disable padding as pad data were added before */
472 EVP_CIPHER_CTX_set_padding (ctx, 0);
473 EVP_EncryptUpdate (ctx, dst, &out_len, src, vec_len (src));
474 EVP_EncryptFinal_ex (ctx, dst + out_len, &len);
477 ASSERT (vec_len (src) == out_len);
484 BN_bn2binpad (const BIGNUM * a, unsigned char *to, int tolen)
486 int r = BN_bn2bin (a, to);
491 vec_insert (to, pad, 0);
492 clib_memset (to, 0, pad);
493 _vec_len (to) -= pad;
500 ikev2_generate_dh (ikev2_sa_t * sa, ikev2_sa_transform_t * t)
504 if (t->dh_group == IKEV2_DH_GROUP_MODP)
507 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
510 const BIGNUM *pub_key, *priv_key;
512 BN_hex2bn (&p, t->dh_p);
513 BN_hex2bn (&g, t->dh_g);
514 DH_set0_pqg (dh, p, NULL, g);
516 BN_hex2bn (&dh->p, t->dh_p);
517 BN_hex2bn (&dh->g, t->dh_g);
519 DH_generate_key (dh);
521 if (sa->is_initiator)
523 sa->i_dh_data = vec_new (u8, t->key_len);
524 sa->dh_private_key = vec_new (u8, t->key_len);
525 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
526 DH_get0_key (dh, &pub_key, &priv_key);
527 r = BN_bn2binpad (pub_key, sa->i_dh_data, t->key_len);
528 ASSERT (r == t->key_len);
529 r = BN_bn2binpad (priv_key, sa->dh_private_key, t->key_len);
531 r = BN_bn2binpad (dh->pub_key, sa->i_dh_data, t->key_len);
532 ASSERT (r == t->key_len);
533 r = BN_bn2binpad (dh->priv_key, sa->dh_private_key, t->key_len);
535 ASSERT (r == t->key_len);
539 sa->r_dh_data = vec_new (u8, t->key_len);
540 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
541 DH_get0_key (dh, &pub_key, &priv_key);
542 r = BN_bn2binpad (pub_key, sa->r_dh_data, t->key_len);
544 r = BN_bn2binpad (dh->pub_key, sa->r_dh_data, t->key_len);
546 ASSERT (r == t->key_len);
549 sa->dh_shared_key = vec_new (u8, t->key_len);
550 ex = BN_bin2bn (sa->i_dh_data, vec_len (sa->i_dh_data), NULL);
551 r = DH_compute_key (sa->dh_shared_key, ex, dh);
552 ASSERT (t->key_len >= r);
553 int pad = t->key_len - r;
556 vec_insert (sa->dh_shared_key, pad, 0);
557 clib_memset (sa->dh_shared_key, 0, pad);
558 _vec_len (sa->dh_shared_key) -= pad;
564 else if (t->dh_group == IKEV2_DH_GROUP_ECP)
566 EC_KEY *ec = EC_KEY_new_by_curve_name (t->nid);
569 EC_KEY_generate_key (ec);
571 const EC_POINT *r_point = EC_KEY_get0_public_key (ec);
572 const EC_GROUP *group = EC_KEY_get0_group (ec);
573 BIGNUM *x = NULL, *y = NULL;
574 BN_CTX *bn_ctx = BN_CTX_new ();
575 u16 x_off, y_off, len;
576 EC_POINT *i_point = EC_POINT_new (group);
577 EC_POINT *shared_point = EC_POINT_new (group);
581 len = t->key_len / 2;
583 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
584 EC_POINT_get_affine_coordinates (group, r_point, x, y, bn_ctx);
586 EC_POINT_get_affine_coordinates_GFp (group, r_point, x, y, bn_ctx);
589 if (sa->is_initiator)
591 sa->i_dh_data = vec_new (u8, t->key_len);
592 x_off = len - BN_num_bytes (x);
593 clib_memset (sa->i_dh_data, 0, x_off);
594 BN_bn2bin (x, sa->i_dh_data + x_off);
595 y_off = t->key_len - BN_num_bytes (y);
596 clib_memset (sa->i_dh_data + len, 0, y_off - len);
597 BN_bn2bin (y, sa->i_dh_data + y_off);
599 const BIGNUM *prv = EC_KEY_get0_private_key (ec);
600 sa->dh_private_key = vec_new (u8, BN_num_bytes (prv));
601 r = BN_bn2bin (prv, sa->dh_private_key);
602 ASSERT (r == BN_num_bytes (prv));
606 sa->r_dh_data = vec_new (u8, t->key_len);
607 x_off = len - BN_num_bytes (x);
608 clib_memset (sa->r_dh_data, 0, x_off);
609 BN_bn2bin (x, sa->r_dh_data + x_off);
610 y_off = t->key_len - BN_num_bytes (y);
611 clib_memset (sa->r_dh_data + len, 0, y_off - len);
612 BN_bn2bin (y, sa->r_dh_data + y_off);
614 x = BN_bin2bn (sa->i_dh_data, len, x);
615 y = BN_bin2bn (sa->i_dh_data + len, len, y);
616 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
617 EC_POINT_set_affine_coordinates (group, i_point, x, y, bn_ctx);
619 EC_POINT_set_affine_coordinates_GFp (group, i_point, x, y, bn_ctx);
621 sa->dh_shared_key = vec_new (u8, t->key_len);
622 EC_POINT_mul (group, shared_point, NULL, i_point,
623 EC_KEY_get0_private_key (ec), NULL);
624 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
625 EC_POINT_get_affine_coordinates (group, shared_point, x, y, bn_ctx);
627 EC_POINT_get_affine_coordinates_GFp (group, shared_point, x, y,
630 x_off = len - BN_num_bytes (x);
631 clib_memset (sa->dh_shared_key, 0, x_off);
632 BN_bn2bin (x, sa->dh_shared_key + x_off);
633 y_off = t->key_len - BN_num_bytes (y);
634 clib_memset (sa->dh_shared_key + len, 0, y_off - len);
635 BN_bn2bin (y, sa->dh_shared_key + y_off);
641 BN_CTX_free (bn_ctx);
642 EC_POINT_free (i_point);
643 EC_POINT_free (shared_point);
648 ikev2_complete_dh (ikev2_sa_t * sa, ikev2_sa_transform_t * t)
652 if (t->dh_group == IKEV2_DH_GROUP_MODP)
655 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
660 BN_hex2bn (&p, t->dh_p);
661 BN_hex2bn (&g, t->dh_g);
662 DH_set0_pqg (dh, p, NULL, g);
665 BN_bin2bn (sa->dh_private_key, vec_len (sa->dh_private_key), NULL);
666 DH_set0_key (dh, NULL, priv_key);
668 BN_hex2bn (&dh->p, t->dh_p);
669 BN_hex2bn (&dh->g, t->dh_g);
672 BN_bin2bn (sa->dh_private_key, vec_len (sa->dh_private_key), NULL);
675 sa->dh_shared_key = vec_new (u8, t->key_len);
676 ex = BN_bin2bn (sa->r_dh_data, vec_len (sa->r_dh_data), NULL);
677 r = DH_compute_key (sa->dh_shared_key, ex, dh);
678 ASSERT (t->key_len >= r);
679 int pad = t->key_len - r;
682 vec_insert (sa->dh_shared_key, pad, 0);
683 clib_memset (sa->dh_shared_key, 0, pad);
684 _vec_len (sa->dh_shared_key) -= pad;
689 else if (t->dh_group == IKEV2_DH_GROUP_ECP)
691 EC_KEY *ec = EC_KEY_new_by_curve_name (t->nid);
694 const EC_GROUP *group = EC_KEY_get0_group (ec);
695 BIGNUM *x = NULL, *y = NULL;
696 BN_CTX *bn_ctx = BN_CTX_new ();
697 u16 x_off, y_off, len;
701 BN_bin2bn (sa->dh_private_key, vec_len (sa->dh_private_key), NULL);
702 EC_KEY_set_private_key (ec, prv);
706 len = t->key_len / 2;
708 x = BN_bin2bn (sa->r_dh_data, len, x);
709 y = BN_bin2bn (sa->r_dh_data + len, len, y);
710 EC_POINT *r_point = EC_POINT_new (group);
711 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
712 EC_POINT_set_affine_coordinates (group, r_point, x, y, bn_ctx);
714 EC_POINT_set_affine_coordinates_GFp (group, r_point, x, y, bn_ctx);
716 EC_KEY_set_public_key (ec, r_point);
718 EC_POINT *i_point = EC_POINT_new (group);
719 EC_POINT *shared_point = EC_POINT_new (group);
721 x = BN_bin2bn (sa->i_dh_data, len, x);
722 y = BN_bin2bn (sa->i_dh_data + len, len, y);
723 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
724 EC_POINT_set_affine_coordinates (group, i_point, x, y, bn_ctx);
726 EC_POINT_set_affine_coordinates_GFp (group, i_point, x, y, bn_ctx);
728 EC_POINT_mul (group, shared_point, NULL, r_point,
729 EC_KEY_get0_private_key (ec), NULL);
730 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
731 EC_POINT_get_affine_coordinates (group, shared_point, x, y, bn_ctx);
733 EC_POINT_get_affine_coordinates_GFp (group, shared_point, x, y, bn_ctx);
735 sa->dh_shared_key = vec_new (u8, t->key_len);
736 x_off = len - BN_num_bytes (x);
737 clib_memset (sa->dh_shared_key, 0, x_off);
738 BN_bn2bin (x, sa->dh_shared_key + x_off);
739 y_off = t->key_len - BN_num_bytes (y);
740 clib_memset (sa->dh_shared_key + len, 0, y_off - len);
741 BN_bn2bin (y, sa->dh_shared_key + y_off);
747 BN_CTX_free (bn_ctx);
748 EC_POINT_free (i_point);
749 EC_POINT_free (r_point);
750 EC_POINT_free (shared_point);
755 ikev2_verify_sign (EVP_PKEY * pkey, u8 * sigbuf, u8 * data)
758 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
759 EVP_MD_CTX *md_ctx = EVP_MD_CTX_new ();
762 EVP_MD_CTX_init (&md_ctx);
765 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
766 EVP_VerifyInit (md_ctx, EVP_sha1 ());
767 EVP_VerifyUpdate (md_ctx, data, vec_len (data));
769 EVP_VerifyInit_ex (&md_ctx, EVP_sha1 (), NULL);
770 EVP_VerifyUpdate (&md_ctx, data, vec_len (data));
773 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
774 verify = EVP_VerifyFinal (md_ctx, sigbuf, vec_len (sigbuf), pkey);
775 EVP_MD_CTX_free (md_ctx);
777 verify = EVP_VerifyFinal (&md_ctx, sigbuf, vec_len (sigbuf), pkey);
778 EVP_MD_CTX_cleanup (&md_ctx);
784 ikev2_calc_sign (EVP_PKEY * pkey, u8 * data)
786 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
787 EVP_MD_CTX *md_ctx = EVP_MD_CTX_new ();
790 EVP_MD_CTX_init (&md_ctx);
792 unsigned int sig_len = 0;
795 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
796 EVP_SignInit (md_ctx, EVP_sha1 ());
797 EVP_SignUpdate (md_ctx, data, vec_len (data));
799 EVP_SignFinal (md_ctx, NULL, &sig_len, pkey);
800 sign = vec_new (u8, sig_len);
802 EVP_SignFinal (md_ctx, sign, &sig_len, pkey);
803 EVP_MD_CTX_free (md_ctx);
805 EVP_SignInit (&md_ctx, EVP_sha1 ());
806 EVP_SignUpdate (&md_ctx, data, vec_len (data));
808 EVP_SignFinal (&md_ctx, NULL, &sig_len, pkey);
809 sign = vec_new (u8, sig_len);
811 EVP_SignFinal (&md_ctx, sign, &sig_len, pkey);
812 EVP_MD_CTX_cleanup (&md_ctx);
818 ikev2_load_cert_file (u8 * file)
822 EVP_PKEY *pkey = NULL;
824 fp = fopen ((char *) file, "r");
827 ikev2_log_error ("open %s failed", file);
831 x509 = PEM_read_X509 (fp, NULL, NULL, NULL);
835 ikev2_log_error ("read cert %s failed", file);
839 pkey = X509_get_pubkey (x509);
842 ikev2_log_error ("get pubkey %s failed", file);
849 ikev2_load_key_file (u8 * file)
852 EVP_PKEY *pkey = NULL;
854 fp = fopen ((char *) file, "r");
857 ikev2_log_error ("open %s failed", file);
861 pkey = PEM_read_PrivateKey (fp, NULL, NULL, NULL);
864 ikev2_log_error ("read %s failed", file);
871 ikev2_crypto_init (ikev2_main_t * km)
873 ikev2_sa_transform_t *tr;
875 /* vector of supported transforms - in order of preference */
879 vec_add2 (km->supported_transforms, tr, 1);
880 tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
881 tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
882 tr->key_len = 256 / 8;
883 tr->block_size = 128 / 8;
884 tr->cipher = EVP_aes_256_cbc ();
886 vec_add2 (km->supported_transforms, tr, 1);
887 tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
888 tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
889 tr->key_len = 192 / 8;
890 tr->block_size = 128 / 8;
891 tr->cipher = EVP_aes_192_cbc ();
893 vec_add2 (km->supported_transforms, tr, 1);
894 tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
895 tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
896 tr->key_len = 128 / 8;
897 tr->block_size = 128 / 8;
898 tr->cipher = EVP_aes_128_cbc ();
900 vec_add2 (km->supported_transforms, tr, 1);
901 tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
902 tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_GCM_16;
903 tr->key_len = 256 / 8;
904 tr->block_size = 128 / 8;
905 tr->cipher = EVP_aes_256_gcm ();
907 vec_add2 (km->supported_transforms, tr, 1);
908 tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
909 tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_GCM_16;
910 tr->key_len = 192 / 8;
911 tr->block_size = 128 / 8;
912 tr->cipher = EVP_aes_192_gcm ();
914 vec_add2 (km->supported_transforms, tr, 1);
915 tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
916 tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_GCM_16;
917 tr->key_len = 128 / 8;
918 tr->block_size = 128 / 8;
919 tr->cipher = EVP_aes_128_gcm ();
922 vec_add2 (km->supported_transforms, tr, 1);
923 tr->type = IKEV2_TRANSFORM_TYPE_PRF;
924 tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA2_256;
925 tr->key_len = 256 / 8;
926 tr->key_trunc = 256 / 8;
927 tr->md = EVP_sha256 ();
929 vec_add2 (km->supported_transforms, tr, 1);
930 tr->type = IKEV2_TRANSFORM_TYPE_PRF;
931 tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA2_384;
932 tr->key_len = 384 / 8;
933 tr->key_trunc = 384 / 8;
934 tr->md = EVP_sha384 ();
936 vec_add2 (km->supported_transforms, tr, 1);
937 tr->type = IKEV2_TRANSFORM_TYPE_PRF;
938 tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA2_512;
939 tr->key_len = 512 / 8;
940 tr->key_trunc = 512 / 8;
941 tr->md = EVP_sha512 ();
943 vec_add2 (km->supported_transforms, tr, 1);
944 tr->type = IKEV2_TRANSFORM_TYPE_PRF;
945 tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA1;
946 tr->key_len = 160 / 8;
947 tr->key_trunc = 160 / 8;
948 tr->md = EVP_sha1 ();
951 vec_add2 (km->supported_transforms, tr, 1);
952 tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
953 tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA2_256_128;
954 tr->key_len = 256 / 8;
955 tr->key_trunc = 128 / 8;
956 tr->md = EVP_sha256 ();
958 vec_add2 (km->supported_transforms, tr, 1);
959 tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
960 tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA2_384_192;
961 tr->key_len = 384 / 8;
962 tr->key_trunc = 192 / 8;
963 tr->md = EVP_sha384 ();
965 vec_add2 (km->supported_transforms, tr, 1);
966 tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
967 tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA2_512_256;
968 tr->key_len = 512 / 8;
969 tr->key_trunc = 256 / 8;
970 tr->md = EVP_sha512 ();
972 vec_add2 (km->supported_transforms, tr, 1);
973 tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
974 tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA1_160;
975 tr->key_len = 160 / 8;
976 tr->key_trunc = 160 / 8;
977 tr->md = EVP_sha1 ();
979 vec_add2 (km->supported_transforms, tr, 1);
980 tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
981 tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA1_96;
982 tr->key_len = 160 / 8;
983 tr->key_trunc = 96 / 8;
984 tr->md = EVP_sha1 ();
987 #if defined(OPENSSL_NO_CISCO_FECDH)
988 vec_add2 (km->supported_transforms, tr, 1);
989 tr->type = IKEV2_TRANSFORM_TYPE_DH;
990 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_512;
991 tr->key_len = (512 * 2) / 8;
992 tr->nid = NID_brainpoolP512r1;
993 tr->dh_group = IKEV2_DH_GROUP_ECP;
995 vec_add2 (km->supported_transforms, tr, 1);
996 tr->type = IKEV2_TRANSFORM_TYPE_DH;
997 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_384;
998 tr->key_len = (384 * 2) / 8;
999 tr->nid = NID_brainpoolP384r1;
1000 tr->dh_group = IKEV2_DH_GROUP_ECP;
1002 vec_add2 (km->supported_transforms, tr, 1);
1003 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1004 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_256;
1005 tr->key_len = (256 * 2) / 8;
1006 tr->nid = NID_brainpoolP256r1;
1007 tr->dh_group = IKEV2_DH_GROUP_ECP;
1009 vec_add2 (km->supported_transforms, tr, 1);
1010 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1011 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_224;
1012 tr->key_len = (224 * 2) / 8;
1013 tr->nid = NID_brainpoolP224r1;
1014 tr->dh_group = IKEV2_DH_GROUP_ECP;
1016 vec_add2 (km->supported_transforms, tr, 1);
1017 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1018 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_224;
1019 tr->key_len = (224 * 2) / 8;
1020 tr->nid = NID_secp224r1;
1021 tr->dh_group = IKEV2_DH_GROUP_ECP;
1024 vec_add2 (km->supported_transforms, tr, 1);
1025 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1026 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_521;
1027 tr->key_len = (528 * 2) / 8;
1028 tr->nid = NID_secp521r1;
1029 tr->dh_group = IKEV2_DH_GROUP_ECP;
1031 vec_add2 (km->supported_transforms, tr, 1);
1032 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1033 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_384;
1034 tr->key_len = (384 * 2) / 8;
1035 tr->nid = NID_secp384r1;
1036 tr->dh_group = IKEV2_DH_GROUP_ECP;
1038 vec_add2 (km->supported_transforms, tr, 1);
1039 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1040 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_256;
1041 tr->key_len = (256 * 2) / 8;
1042 tr->nid = NID_X9_62_prime256v1;
1043 tr->dh_group = IKEV2_DH_GROUP_ECP;
1045 vec_add2 (km->supported_transforms, tr, 1);
1046 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1047 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_192;
1048 tr->key_len = (192 * 2) / 8;
1049 tr->nid = NID_X9_62_prime192v1;
1050 tr->dh_group = IKEV2_DH_GROUP_ECP;
1052 vec_add2 (km->supported_transforms, tr, 1);
1053 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1054 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048_256;
1055 tr->key_len = 2048 / 8;
1056 tr->dh_p = (const char *) &modp_dh_2048_256_prime;
1057 tr->dh_g = (const char *) &modp_dh_2048_256_generator;
1058 tr->dh_group = IKEV2_DH_GROUP_MODP;
1060 vec_add2 (km->supported_transforms, tr, 1);
1061 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1062 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048_224;
1063 tr->key_len = 2048 / 8;
1064 tr->dh_p = (const char *) &modp_dh_2048_224_prime;
1065 tr->dh_g = (const char *) &modp_dh_2048_224_generator;
1066 tr->dh_group = IKEV2_DH_GROUP_MODP;
1068 vec_add2 (km->supported_transforms, tr, 1);
1069 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1070 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1024_160;
1071 tr->key_len = 1024 / 8;
1072 tr->dh_p = (const char *) &modp_dh_1024_160_prime;
1073 tr->dh_g = (const char *) &modp_dh_1024_160_generator;
1074 tr->dh_group = IKEV2_DH_GROUP_MODP;
1076 vec_add2 (km->supported_transforms, tr, 1);
1077 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1078 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_8192;
1079 tr->key_len = 8192 / 8;
1080 tr->dh_p = (const char *) &modp_dh_8192_prime;
1081 tr->dh_g = (const char *) &modp_dh_8192_generator;
1082 tr->dh_group = IKEV2_DH_GROUP_MODP;
1084 vec_add2 (km->supported_transforms, tr, 1);
1085 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1086 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_6144;
1087 tr->key_len = 6144 / 8;
1088 tr->dh_p = (const char *) &modp_dh_6144_prime;
1089 tr->dh_g = (const char *) &modp_dh_6144_generator;
1090 tr->dh_group = IKEV2_DH_GROUP_MODP;
1092 vec_add2 (km->supported_transforms, tr, 1);
1093 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1094 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_4096;
1095 tr->key_len = 4096 / 8;
1096 tr->dh_p = (const char *) &modp_dh_4096_prime;
1097 tr->dh_g = (const char *) &modp_dh_4096_generator;
1098 tr->dh_group = IKEV2_DH_GROUP_MODP;
1100 vec_add2 (km->supported_transforms, tr, 1);
1101 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1102 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_3072;
1103 tr->key_len = 3072 / 8;
1104 tr->dh_p = (const char *) &modp_dh_3072_prime;
1105 tr->dh_g = (const char *) &modp_dh_3072_generator;
1106 tr->dh_group = IKEV2_DH_GROUP_MODP;
1108 vec_add2 (km->supported_transforms, tr, 1);
1109 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1110 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048;
1111 tr->key_len = 2048 / 8;
1112 tr->dh_p = (const char *) &modp_dh_2048_prime;
1113 tr->dh_g = (const char *) &modp_dh_2048_generator;
1114 tr->dh_group = IKEV2_DH_GROUP_MODP;
1116 vec_add2 (km->supported_transforms, tr, 1);
1117 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1118 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1536;
1119 tr->key_len = 1536 / 8;
1120 tr->dh_p = (const char *) &modp_dh_1536_prime;
1121 tr->dh_g = (const char *) &modp_dh_1536_generator;
1122 tr->dh_group = IKEV2_DH_GROUP_MODP;
1124 vec_add2 (km->supported_transforms, tr, 1);
1125 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1126 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1024;
1127 tr->key_len = 1024 / 8;
1128 tr->dh_p = (const char *) &modp_dh_1024_prime;
1129 tr->dh_g = (const char *) &modp_dh_1024_generator;
1130 tr->dh_group = IKEV2_DH_GROUP_MODP;
1132 vec_add2 (km->supported_transforms, tr, 1);
1133 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1134 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_768;
1135 tr->key_len = 768 / 8;
1136 tr->dh_p = (const char *) &modp_dh_768_prime;
1137 tr->dh_g = (const char *) &modp_dh_768_generator;
1138 tr->dh_group = IKEV2_DH_GROUP_MODP;
1140 vec_add2 (km->supported_transforms, tr, 1);
1141 tr->type = IKEV2_TRANSFORM_TYPE_ESN;
1142 tr->esn_type = IKEV2_TRANSFORM_ESN_TYPE_ESN;
1144 vec_add2 (km->supported_transforms, tr, 1);
1145 tr->type = IKEV2_TRANSFORM_TYPE_ESN;
1146 tr->esn_type = IKEV2_TRANSFORM_ESN_TYPE_NO_ESN;
1152 * fd.io coding-style-patch-verification: ON
1155 * eval: (c-set-style "gnu")