2 * Copyright (c) 2015 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
16 #include <vlib/vlib.h>
17 #include <vnet/vnet.h>
18 #include <vppinfra/error.h>
19 #include <vnet/udp/udp.h>
20 #include <plugins/ikev2/ikev2.h>
21 #include <plugins/ikev2/ikev2_priv.h>
22 #include <openssl/obj_mac.h>
23 #include <openssl/ec.h>
24 #include <openssl/x509.h>
25 #include <openssl/pem.h>
26 #include <openssl/bn.h>
27 #include <openssl/dh.h>
30 static const char modp_dh_768_prime[] =
31 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
32 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
33 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
34 "E485B576625E7EC6F44C42E9A63A3620FFFFFFFFFFFFFFFF";
35 static const char modp_dh_768_generator[] = "02";
37 static const char modp_dh_1024_prime[] =
38 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
39 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
40 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
41 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
42 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381" "FFFFFFFFFFFFFFFF";
43 static const char modp_dh_1024_generator[] = "02";
46 static const char modp_dh_1536_prime[] =
47 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
48 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
49 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
50 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
51 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
52 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
53 "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
54 "670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF";
55 static const char modp_dh_1536_generator[] = "02";
57 static const char modp_dh_2048_prime[] =
58 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
59 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
60 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
61 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
62 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
63 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
64 "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
65 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
66 "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
67 "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
68 "15728E5A8AACAA68FFFFFFFFFFFFFFFF";
69 static const char modp_dh_2048_generator[] = "02";
71 static const char modp_dh_3072_prime[] =
72 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
73 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
74 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
75 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
76 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
77 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
78 "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
79 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
80 "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
81 "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
82 "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
83 "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
84 "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
85 "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
86 "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
87 "43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF";
88 static const char modp_dh_3072_generator[] = "02";
90 static const char modp_dh_4096_prime[] =
91 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
92 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
93 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
94 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
95 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
96 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
97 "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
98 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
99 "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
100 "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
101 "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
102 "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
103 "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
104 "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
105 "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
106 "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7"
107 "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA"
108 "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6"
109 "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED"
110 "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9"
111 "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199" "FFFFFFFFFFFFFFFF";
112 static const char modp_dh_4096_generator[] = "02";
114 static const char modp_dh_6144_prime[] =
115 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E08"
116 "8A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B"
117 "302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9"
118 "A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE6"
119 "49286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8"
120 "FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D"
121 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C"
122 "180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF695581718"
123 "3995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D"
124 "04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7D"
125 "B3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D226"
126 "1AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
127 "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFC"
128 "E0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B26"
129 "99C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB"
130 "04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2"
131 "233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127"
132 "D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492"
133 "36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406"
134 "AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918"
135 "DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B33205151"
136 "2BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03"
137 "F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97F"
138 "BEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA"
139 "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58B"
140 "B7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632"
141 "387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E"
142 "6DCC4024FFFFFFFFFFFFFFFF";
143 static const char modp_dh_6144_generator[] = "02";
145 static const char modp_dh_8192_prime[] =
146 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
147 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
148 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
149 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
150 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
151 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
152 "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
153 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
154 "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
155 "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
156 "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
157 "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
158 "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
159 "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
160 "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
161 "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7"
162 "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA"
163 "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6"
164 "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED"
165 "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9"
166 "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492"
167 "36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BD"
168 "F8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831"
169 "179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1B"
170 "DB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF"
171 "5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6"
172 "D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F3"
173 "23A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA"
174 "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE328"
175 "06A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55C"
176 "DA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE"
177 "12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E4"
178 "38777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300"
179 "741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F568"
180 "3423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD9"
181 "22222E04A4037C0713EB57A81A23F0C73473FC646CEA306B"
182 "4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A"
183 "062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A36"
184 "4597E899A0255DC164F31CC50846851DF9AB48195DED7EA1"
185 "B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F92"
186 "4009438B481C6CD7889A002ED5EE382BC9190DA6FC026E47"
187 "9558E4475677E9AA9E3050E2765694DFC81F56E880B96E71"
188 "60C980DD98EDD3DFFFFFFFFFFFFFFFFF";
189 static const char modp_dh_8192_generator[] = "02";
192 static const char modp_dh_1024_160_prime[] =
193 "B10B8F96A080E01DDE92DE5EAE5D54EC52C99FBCFB06A3C6"
194 "9A6A9DCA52D23B616073E28675A23D189838EF1E2EE652C0"
195 "13ECB4AEA906112324975C3CD49B83BFACCBDD7D90C4BD70"
196 "98488E9C219A73724EFFD6FAE5644738FAA31A4FF55BCCC0"
197 "A151AF5F0DC8B4BD45BF37DF365C1A65E68CFDA76D4DA708" "DF1FB2BC2E4A4371";
198 static const char modp_dh_1024_160_generator[] =
199 "A4D1CBD5C3FD34126765A442EFB99905F8104DD258AC507F"
200 "D6406CFF14266D31266FEA1E5C41564B777E690F5504F213"
201 "160217B4B01B886A5E91547F9E2749F4D7FBD7D3B9A92EE1"
202 "909D0D2263F80A76A6A24C087A091F531DBF0A0169B6A28A"
203 "D662A4D18E73AFA32D779D5918D08BC8858F4DCEF97C2A24" "855E6EEB22B3B2E5";
205 static const char modp_dh_2048_224_prime[] =
206 "AD107E1E9123A9D0D660FAA79559C51FA20D64E5683B9FD1"
207 "B54B1597B61D0A75E6FA141DF95A56DBAF9A3C407BA1DF15"
208 "EB3D688A309C180E1DE6B85A1274A0A66D3F8152AD6AC212"
209 "9037C9EDEFDA4DF8D91E8FEF55B7394B7AD5B7D0B6C12207"
210 "C9F98D11ED34DBF6C6BA0B2C8BBC27BE6A00E0A0B9C49708"
211 "B3BF8A317091883681286130BC8985DB1602E714415D9330"
212 "278273C7DE31EFDC7310F7121FD5A07415987D9ADC0A486D"
213 "CDF93ACC44328387315D75E198C641A480CD86A1B9E587E8"
214 "BE60E69CC928B2B9C52172E413042E9B23F10B0E16E79763"
215 "C9B53DCF4BA80A29E3FB73C16B8E75B97EF363E2FFA31F71"
216 "CF9DE5384E71B81C0AC4DFFE0C10E64F";
217 static const char modp_dh_2048_224_generator[] =
218 "AC4032EF4F2D9AE39DF30B5C8FFDAC506CDEBE7B89998CAF"
219 "74866A08CFE4FFE3A6824A4E10B9A6F0DD921F01A70C4AFA"
220 "AB739D7700C29F52C57DB17C620A8652BE5E9001A8D66AD7"
221 "C17669101999024AF4D027275AC1348BB8A762D0521BC98A"
222 "E247150422EA1ED409939D54DA7460CDB5F6C6B250717CBE"
223 "F180EB34118E98D119529A45D6F834566E3025E316A330EF"
224 "BB77A86F0C1AB15B051AE3D428C8F8ACB70A8137150B8EEB"
225 "10E183EDD19963DDD9E263E4770589EF6AA21E7F5F2FF381"
226 "B539CCE3409D13CD566AFBB48D6C019181E1BCFE94B30269"
227 "EDFE72FE9B6AA4BD7B5A0F1C71CFFF4C19C418E1F6EC0179"
228 "81BC087F2A7065B384B890D3191F2BFA";
230 static const char modp_dh_2048_256_prime[] =
231 "87A8E61DB4B6663CFFBBD19C651959998CEEF608660DD0F2"
232 "5D2CEED4435E3B00E00DF8F1D61957D4FAF7DF4561B2AA30"
233 "16C3D91134096FAA3BF4296D830E9A7C209E0C6497517ABD"
234 "5A8A9D306BCF67ED91F9E6725B4758C022E0B1EF4275BF7B"
235 "6C5BFC11D45F9088B941F54EB1E59BB8BC39A0BF12307F5C"
236 "4FDB70C581B23F76B63ACAE1CAA6B7902D52526735488A0E"
237 "F13C6D9A51BFA4AB3AD8347796524D8EF6A167B5A41825D9"
238 "67E144E5140564251CCACB83E6B486F6B3CA3F7971506026"
239 "C0B857F689962856DED4010ABD0BE621C3A3960A54E710C3"
240 "75F26375D7014103A4B54330C198AF126116D2276E11715F"
241 "693877FAD7EF09CADB094AE91E1A1597";
242 static const char modp_dh_2048_256_generator[] =
243 "3FB32C9B73134D0B2E77506660EDBD484CA7B18F21EF2054"
244 "07F4793A1A0BA12510DBC15077BE463FFF4FED4AAC0BB555"
245 "BE3A6C1B0C6B47B1BC3773BF7E8C6F62901228F8C28CBB18"
246 "A55AE31341000A650196F931C77A57F2DDF463E5E9EC144B"
247 "777DE62AAAB8A8628AC376D282D6ED3864E67982428EBC83"
248 "1D14348F6F2F9193B5045AF2767164E1DFC967C1FB3F2E55"
249 "A4BD1BFFE83B9C80D052B985D182EA0ADB2A3B7313D3FE14"
250 "C8484B1E052588B9B7D2BBD2DF016199ECD06E1557CD0915"
251 "B3353BBB64E0EC377FD028370DF92B52C7891428CDC67EB6"
252 "184B523D1DB246C32F63078490F00EF8D647D148D4795451"
253 "5E2327CFEF98C582664B4C0F6CC41659";
256 ikev2_calc_prf (ikev2_sa_transform_t * tr, v8 * key, v8 * data)
258 ikev2_main_per_thread_data_t *ptd = ikev2_get_per_thread_data ();
259 HMAC_CTX *ctx = ptd->hmac_ctx;
261 unsigned int len = 0;
263 prf = vec_new (u8, tr->key_trunc);
264 HMAC_Init_ex (ctx, key, vec_len (key), tr->md, NULL);
265 HMAC_Update (ctx, data, vec_len (data));
266 HMAC_Final (ctx, prf, &len);
267 ASSERT (len == tr->key_trunc);
273 ikev2_calc_prfplus (ikev2_sa_transform_t * tr, u8 * key, u8 * seed, int len)
275 v8 *t = 0, *s = 0, *tmp = 0, *ret = 0;
278 /* prf+ (K,S) = T1 | T2 | T3 | T4 | ...
281 T1 = prf (K, S | 0x01)
282 T2 = prf (K, T1 | S | 0x02)
283 T3 = prf (K, T2 | S | 0x03)
284 T4 = prf (K, T3 | S | 0x04)
287 while (vec_len (ret) < len && x < 255)
295 vec_append (s, seed);
296 vec_add2 (s, tmp, 1);
298 t = ikev2_calc_prf (tr, key, s);
315 ikev2_calc_integr (ikev2_sa_transform_t * tr, v8 * key, u8 * data, int len)
317 ikev2_main_per_thread_data_t *ptd = ikev2_get_per_thread_data ();
318 HMAC_CTX *ctx = ptd->hmac_ctx;
322 ASSERT (tr->type == IKEV2_TRANSFORM_TYPE_INTEG);
324 r = vec_new (u8, tr->key_len);
326 if (tr->md == EVP_sha1 ())
328 ikev2_elog_debug ("integrity checking with sha1");
330 else if (tr->md == EVP_sha256 ())
332 ikev2_elog_debug ("integrity checking with sha256");
335 /* verify integrity of data */
336 HMAC_Init_ex (ctx, key, vec_len (key), tr->md, NULL);
337 HMAC_Update (ctx, (const u8 *) data, len);
338 HMAC_Final (ctx, r, &l);
339 ASSERT (l == tr->key_len);
344 static_always_inline void
345 ikev2_init_gcm_nonce (u8 * nonce, u8 * salt, u8 * iv)
347 clib_memcpy (nonce, salt, IKEV2_GCM_SALT_SIZE);
348 clib_memcpy (nonce + IKEV2_GCM_SALT_SIZE, iv, IKEV2_GCM_IV_SIZE);
352 ikev2_decrypt_aead_data (ikev2_main_per_thread_data_t * ptd, ikev2_sa_t * sa,
353 ikev2_sa_transform_t * tr_encr, u8 * data,
354 int data_len, u8 * aad, u32 aad_len, u8 * tag,
357 EVP_CIPHER_CTX *ctx = ptd->evp_ctx;
359 u8 *key = sa->is_initiator ? sa->sk_er : sa->sk_ei;
360 u8 nonce[IKEV2_GCM_NONCE_SIZE];
362 if (data_len <= IKEV2_GCM_IV_SIZE)
366 /* extract salt from the end of the key */
367 u8 *salt = key + vec_len (key) - IKEV2_GCM_SALT_SIZE;
368 ikev2_init_gcm_nonce (nonce, salt, data);
370 data += IKEV2_GCM_IV_SIZE;
371 data_len -= IKEV2_GCM_IV_SIZE;
373 EVP_DecryptInit_ex (ctx, tr_encr->cipher, 0, 0, 0);
374 EVP_CIPHER_CTX_ctrl (ctx, EVP_CTRL_GCM_SET_IVLEN, 12, 0);
375 EVP_DecryptInit_ex (ctx, 0, 0, key, nonce);
376 EVP_DecryptUpdate (ctx, 0, &len, aad, aad_len);
377 EVP_DecryptUpdate (ctx, data, &len, data, data_len);
378 EVP_CIPHER_CTX_ctrl (ctx, EVP_CTRL_GCM_SET_TAG, IKEV2_GCM_ICV_SIZE, tag);
380 if (EVP_DecryptFinal_ex (ctx, data + len, &len) > 0)
382 *out_len = data_len - data[data_len - 1] - 1;
390 ikev2_decrypt_data (ikev2_main_per_thread_data_t * ptd, ikev2_sa_t * sa,
391 ikev2_sa_transform_t * tr_encr, u8 * data, int len,
394 EVP_CIPHER_CTX *ctx = ptd->evp_ctx;
395 int tmp_len = 0, block_size;
396 u8 *key = sa->is_initiator ? sa->sk_er : sa->sk_ei;
397 block_size = tr_encr->block_size;
400 /* check if data is multiplier of cipher block size */
401 if (len % block_size)
403 ikev2_elog_error ("wrong data length");
409 EVP_DecryptInit_ex (ctx, tr_encr->cipher, NULL, key, iv);
410 EVP_CIPHER_CTX_set_padding (ctx, 0);
411 EVP_DecryptUpdate (ctx, data, &tmp_len, data, len);
413 if (EVP_DecryptFinal_ex (ctx, data + tmp_len, &tmp_len) > 0)
415 *out_len = len - data[len - 1] - 1;
423 ikev2_encrypt_aead_data (ikev2_main_per_thread_data_t * ptd, ikev2_sa_t * sa,
424 ikev2_sa_transform_t * tr_encr,
425 v8 * src, u8 * dst, u8 * aad, u32 aad_len, u8 * tag)
427 EVP_CIPHER_CTX *ctx = ptd->evp_ctx;
428 int out_len = 0, len = 0;
429 u8 nonce[IKEV2_GCM_NONCE_SIZE];
430 u8 *key = sa->is_initiator ? sa->sk_ei : sa->sk_er;
434 /* generate IV; its length must be 8 octets for aes-gcm (rfc5282) */
435 RAND_bytes (dst, IKEV2_GCM_IV_SIZE);
436 ikev2_init_gcm_nonce (nonce, key + vec_len (key) - IKEV2_GCM_SALT_SIZE,
438 dst += IKEV2_GCM_IV_SIZE;
440 EVP_EncryptInit_ex (ctx, tr_encr->cipher, 0, 0, 0);
441 EVP_CIPHER_CTX_ctrl (ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL);
442 EVP_EncryptInit_ex (ctx, 0, 0, key, nonce);
443 EVP_EncryptUpdate (ctx, NULL, &out_len, aad, aad_len);
444 EVP_EncryptUpdate (ctx, dst, &out_len, src, vec_len (src));
445 EVP_EncryptFinal_ex (ctx, dst + out_len, &len);
446 EVP_CIPHER_CTX_ctrl (ctx, EVP_CTRL_GCM_GET_TAG, 16, tag);
448 ASSERT (vec_len (src) == out_len);
450 return out_len + IKEV2_GCM_IV_SIZE;
454 ikev2_encrypt_data (ikev2_main_per_thread_data_t * ptd, ikev2_sa_t * sa,
455 ikev2_sa_transform_t * tr_encr, v8 * src, u8 * dst)
457 EVP_CIPHER_CTX *ctx = ptd->evp_ctx;
458 int out_len = 0, len = 0;
459 int bs = tr_encr->block_size;
460 u8 *key = sa->is_initiator ? sa->sk_ei : sa->sk_er;
469 EVP_EncryptInit_ex (ctx, tr_encr->cipher, NULL, key, iv);
470 /* disable padding as pad data were added before */
471 EVP_CIPHER_CTX_set_padding (ctx, 0);
472 EVP_EncryptUpdate (ctx, dst, &out_len, src, vec_len (src));
473 EVP_EncryptFinal_ex (ctx, dst + out_len, &len);
476 ASSERT (vec_len (src) == out_len);
483 BN_bn2binpad (const BIGNUM * a, unsigned char *to, int tolen)
485 int r = BN_bn2bin (a, to);
490 vec_insert (to, pad, 0);
491 clib_memset (to, 0, pad);
492 _vec_len (to) -= pad;
499 ikev2_generate_dh (ikev2_sa_t * sa, ikev2_sa_transform_t * t)
503 if (t->dh_group == IKEV2_DH_GROUP_MODP)
506 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
509 const BIGNUM *pub_key, *priv_key;
511 BN_hex2bn (&p, t->dh_p);
512 BN_hex2bn (&g, t->dh_g);
513 DH_set0_pqg (dh, p, NULL, g);
515 BN_hex2bn (&dh->p, t->dh_p);
516 BN_hex2bn (&dh->g, t->dh_g);
518 DH_generate_key (dh);
520 if (sa->is_initiator)
522 sa->i_dh_data = vec_new (u8, t->key_len);
523 sa->dh_private_key = vec_new (u8, t->key_len);
524 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
525 DH_get0_key (dh, &pub_key, &priv_key);
526 r = BN_bn2binpad (pub_key, sa->i_dh_data, t->key_len);
527 ASSERT (r == t->key_len);
528 r = BN_bn2binpad (priv_key, sa->dh_private_key, t->key_len);
530 r = BN_bn2binpad (dh->pub_key, sa->i_dh_data, t->key_len);
531 ASSERT (r == t->key_len);
532 r = BN_bn2binpad (dh->priv_key, sa->dh_private_key, t->key_len);
534 ASSERT (r == t->key_len);
538 sa->r_dh_data = vec_new (u8, t->key_len);
539 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
540 DH_get0_key (dh, &pub_key, &priv_key);
541 r = BN_bn2binpad (pub_key, sa->r_dh_data, t->key_len);
543 r = BN_bn2binpad (dh->pub_key, sa->r_dh_data, t->key_len);
545 ASSERT (r == t->key_len);
548 sa->dh_shared_key = vec_new (u8, t->key_len);
549 ex = BN_bin2bn (sa->i_dh_data, vec_len (sa->i_dh_data), NULL);
550 r = DH_compute_key (sa->dh_shared_key, ex, dh);
551 ASSERT (t->key_len >= r);
552 int pad = t->key_len - r;
555 vec_insert (sa->dh_shared_key, pad, 0);
556 clib_memset (sa->dh_shared_key, 0, pad);
557 _vec_len (sa->dh_shared_key) -= pad;
563 else if (t->dh_group == IKEV2_DH_GROUP_ECP)
565 EC_KEY *ec = EC_KEY_new_by_curve_name (t->nid);
568 EC_KEY_generate_key (ec);
570 const EC_POINT *r_point = EC_KEY_get0_public_key (ec);
571 const EC_GROUP *group = EC_KEY_get0_group (ec);
572 BIGNUM *x = NULL, *y = NULL;
573 BN_CTX *bn_ctx = BN_CTX_new ();
574 u16 x_off, y_off, len;
575 EC_POINT *i_point = EC_POINT_new (group);
576 EC_POINT *shared_point = EC_POINT_new (group);
580 len = t->key_len / 2;
582 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
583 EC_POINT_get_affine_coordinates (group, r_point, x, y, bn_ctx);
585 EC_POINT_get_affine_coordinates_GFp (group, r_point, x, y, bn_ctx);
588 if (sa->is_initiator)
590 sa->i_dh_data = vec_new (u8, t->key_len);
591 x_off = len - BN_num_bytes (x);
592 clib_memset (sa->i_dh_data, 0, x_off);
593 BN_bn2bin (x, sa->i_dh_data + x_off);
594 y_off = t->key_len - BN_num_bytes (y);
595 clib_memset (sa->i_dh_data + len, 0, y_off - len);
596 BN_bn2bin (y, sa->i_dh_data + y_off);
598 const BIGNUM *prv = EC_KEY_get0_private_key (ec);
599 sa->dh_private_key = vec_new (u8, BN_num_bytes (prv));
600 r = BN_bn2bin (prv, sa->dh_private_key);
601 ASSERT (r == BN_num_bytes (prv));
605 sa->r_dh_data = vec_new (u8, t->key_len);
606 x_off = len - BN_num_bytes (x);
607 clib_memset (sa->r_dh_data, 0, x_off);
608 BN_bn2bin (x, sa->r_dh_data + x_off);
609 y_off = t->key_len - BN_num_bytes (y);
610 clib_memset (sa->r_dh_data + len, 0, y_off - len);
611 BN_bn2bin (y, sa->r_dh_data + y_off);
613 x = BN_bin2bn (sa->i_dh_data, len, x);
614 y = BN_bin2bn (sa->i_dh_data + len, len, y);
615 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
616 EC_POINT_set_affine_coordinates (group, i_point, x, y, bn_ctx);
618 EC_POINT_set_affine_coordinates_GFp (group, i_point, x, y, bn_ctx);
620 sa->dh_shared_key = vec_new (u8, t->key_len);
621 EC_POINT_mul (group, shared_point, NULL, i_point,
622 EC_KEY_get0_private_key (ec), NULL);
623 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
624 EC_POINT_get_affine_coordinates (group, shared_point, x, y, bn_ctx);
626 EC_POINT_get_affine_coordinates_GFp (group, shared_point, x, y,
629 x_off = len - BN_num_bytes (x);
630 clib_memset (sa->dh_shared_key, 0, x_off);
631 BN_bn2bin (x, sa->dh_shared_key + x_off);
632 y_off = t->key_len - BN_num_bytes (y);
633 clib_memset (sa->dh_shared_key + len, 0, y_off - len);
634 BN_bn2bin (y, sa->dh_shared_key + y_off);
640 BN_CTX_free (bn_ctx);
641 EC_POINT_free (i_point);
642 EC_POINT_free (shared_point);
647 ikev2_complete_dh (ikev2_sa_t * sa, ikev2_sa_transform_t * t)
651 if (t->dh_group == IKEV2_DH_GROUP_MODP)
654 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
659 BN_hex2bn (&p, t->dh_p);
660 BN_hex2bn (&g, t->dh_g);
661 DH_set0_pqg (dh, p, NULL, g);
664 BN_bin2bn (sa->dh_private_key, vec_len (sa->dh_private_key), NULL);
665 DH_set0_key (dh, NULL, priv_key);
667 BN_hex2bn (&dh->p, t->dh_p);
668 BN_hex2bn (&dh->g, t->dh_g);
671 BN_bin2bn (sa->dh_private_key, vec_len (sa->dh_private_key), NULL);
674 sa->dh_shared_key = vec_new (u8, t->key_len);
675 ex = BN_bin2bn (sa->r_dh_data, vec_len (sa->r_dh_data), NULL);
676 r = DH_compute_key (sa->dh_shared_key, ex, dh);
677 ASSERT (t->key_len >= r);
678 int pad = t->key_len - r;
681 vec_insert (sa->dh_shared_key, pad, 0);
682 clib_memset (sa->dh_shared_key, 0, pad);
683 _vec_len (sa->dh_shared_key) -= pad;
688 else if (t->dh_group == IKEV2_DH_GROUP_ECP)
690 EC_KEY *ec = EC_KEY_new_by_curve_name (t->nid);
693 const EC_GROUP *group = EC_KEY_get0_group (ec);
694 BIGNUM *x = NULL, *y = NULL;
695 BN_CTX *bn_ctx = BN_CTX_new ();
696 u16 x_off, y_off, len;
700 BN_bin2bn (sa->dh_private_key, vec_len (sa->dh_private_key), NULL);
701 EC_KEY_set_private_key (ec, prv);
705 len = t->key_len / 2;
707 x = BN_bin2bn (sa->r_dh_data, len, x);
708 y = BN_bin2bn (sa->r_dh_data + len, len, y);
709 EC_POINT *r_point = EC_POINT_new (group);
710 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
711 EC_POINT_set_affine_coordinates (group, r_point, x, y, bn_ctx);
713 EC_POINT_set_affine_coordinates_GFp (group, r_point, x, y, bn_ctx);
715 EC_KEY_set_public_key (ec, r_point);
717 EC_POINT *i_point = EC_POINT_new (group);
718 EC_POINT *shared_point = EC_POINT_new (group);
720 x = BN_bin2bn (sa->i_dh_data, len, x);
721 y = BN_bin2bn (sa->i_dh_data + len, len, y);
722 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
723 EC_POINT_set_affine_coordinates (group, i_point, x, y, bn_ctx);
725 EC_POINT_set_affine_coordinates_GFp (group, i_point, x, y, bn_ctx);
727 EC_POINT_mul (group, shared_point, NULL, r_point,
728 EC_KEY_get0_private_key (ec), NULL);
729 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
730 EC_POINT_get_affine_coordinates (group, shared_point, x, y, bn_ctx);
732 EC_POINT_get_affine_coordinates_GFp (group, shared_point, x, y, bn_ctx);
734 sa->dh_shared_key = vec_new (u8, t->key_len);
735 x_off = len - BN_num_bytes (x);
736 clib_memset (sa->dh_shared_key, 0, x_off);
737 BN_bn2bin (x, sa->dh_shared_key + x_off);
738 y_off = t->key_len - BN_num_bytes (y);
739 clib_memset (sa->dh_shared_key + len, 0, y_off - len);
740 BN_bn2bin (y, sa->dh_shared_key + y_off);
746 BN_CTX_free (bn_ctx);
747 EC_POINT_free (i_point);
748 EC_POINT_free (r_point);
749 EC_POINT_free (shared_point);
754 ikev2_verify_sign (EVP_PKEY * pkey, u8 * sigbuf, u8 * data)
757 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
758 EVP_MD_CTX *md_ctx = EVP_MD_CTX_new ();
761 EVP_MD_CTX_init (&md_ctx);
764 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
765 EVP_VerifyInit (md_ctx, EVP_sha1 ());
766 EVP_VerifyUpdate (md_ctx, data, vec_len (data));
768 EVP_VerifyInit_ex (&md_ctx, EVP_sha1 (), NULL);
769 EVP_VerifyUpdate (&md_ctx, data, vec_len (data));
772 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
773 verify = EVP_VerifyFinal (md_ctx, sigbuf, vec_len (sigbuf), pkey);
774 EVP_MD_CTX_free (md_ctx);
776 verify = EVP_VerifyFinal (&md_ctx, sigbuf, vec_len (sigbuf), pkey);
777 EVP_MD_CTX_cleanup (&md_ctx);
783 ikev2_calc_sign (EVP_PKEY * pkey, u8 * data)
785 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
786 EVP_MD_CTX *md_ctx = EVP_MD_CTX_new ();
789 EVP_MD_CTX_init (&md_ctx);
791 unsigned int sig_len = 0;
794 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
795 EVP_SignInit (md_ctx, EVP_sha1 ());
796 EVP_SignUpdate (md_ctx, data, vec_len (data));
798 EVP_SignFinal (md_ctx, NULL, &sig_len, pkey);
799 sign = vec_new (u8, sig_len);
801 EVP_SignFinal (md_ctx, sign, &sig_len, pkey);
802 EVP_MD_CTX_free (md_ctx);
804 EVP_SignInit (&md_ctx, EVP_sha1 ());
805 EVP_SignUpdate (&md_ctx, data, vec_len (data));
807 EVP_SignFinal (&md_ctx, NULL, &sig_len, pkey);
808 sign = vec_new (u8, sig_len);
810 EVP_SignFinal (&md_ctx, sign, &sig_len, pkey);
811 EVP_MD_CTX_cleanup (&md_ctx);
817 ikev2_load_cert_file (u8 * file)
821 EVP_PKEY *pkey = NULL;
823 fp = fopen ((char *) file, "r");
826 ikev2_log_error ("open %s failed", file);
830 x509 = PEM_read_X509 (fp, NULL, NULL, NULL);
834 ikev2_log_error ("read cert %s failed", file);
838 pkey = X509_get_pubkey (x509);
841 ikev2_log_error ("get pubkey %s failed", file);
848 ikev2_load_key_file (u8 * file)
851 EVP_PKEY *pkey = NULL;
853 fp = fopen ((char *) file, "r");
856 ikev2_log_error ("open %s failed", file);
860 pkey = PEM_read_PrivateKey (fp, NULL, NULL, NULL);
863 ikev2_log_error ("read %s failed", file);
870 ikev2_crypto_init (ikev2_main_t * km)
872 ikev2_sa_transform_t *tr;
874 /* vector of supported transforms - in order of preference */
878 vec_add2 (km->supported_transforms, tr, 1);
879 tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
880 tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
881 tr->key_len = 256 / 8;
882 tr->block_size = 128 / 8;
883 tr->cipher = EVP_aes_256_cbc ();
885 vec_add2 (km->supported_transforms, tr, 1);
886 tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
887 tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
888 tr->key_len = 192 / 8;
889 tr->block_size = 128 / 8;
890 tr->cipher = EVP_aes_192_cbc ();
892 vec_add2 (km->supported_transforms, tr, 1);
893 tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
894 tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
895 tr->key_len = 128 / 8;
896 tr->block_size = 128 / 8;
897 tr->cipher = EVP_aes_128_cbc ();
899 vec_add2 (km->supported_transforms, tr, 1);
900 tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
901 tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_GCM_16;
902 tr->key_len = 256 / 8;
903 tr->block_size = 128 / 8;
904 tr->cipher = EVP_aes_256_gcm ();
906 vec_add2 (km->supported_transforms, tr, 1);
907 tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
908 tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_GCM_16;
909 tr->key_len = 192 / 8;
910 tr->block_size = 128 / 8;
911 tr->cipher = EVP_aes_192_gcm ();
913 vec_add2 (km->supported_transforms, tr, 1);
914 tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
915 tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_GCM_16;
916 tr->key_len = 128 / 8;
917 tr->block_size = 128 / 8;
918 tr->cipher = EVP_aes_128_gcm ();
921 vec_add2 (km->supported_transforms, tr, 1);
922 tr->type = IKEV2_TRANSFORM_TYPE_PRF;
923 tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA2_256;
924 tr->key_len = 256 / 8;
925 tr->key_trunc = 256 / 8;
926 tr->md = EVP_sha256 ();
928 vec_add2 (km->supported_transforms, tr, 1);
929 tr->type = IKEV2_TRANSFORM_TYPE_PRF;
930 tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA2_384;
931 tr->key_len = 384 / 8;
932 tr->key_trunc = 384 / 8;
933 tr->md = EVP_sha384 ();
935 vec_add2 (km->supported_transforms, tr, 1);
936 tr->type = IKEV2_TRANSFORM_TYPE_PRF;
937 tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA2_512;
938 tr->key_len = 512 / 8;
939 tr->key_trunc = 512 / 8;
940 tr->md = EVP_sha512 ();
942 vec_add2 (km->supported_transforms, tr, 1);
943 tr->type = IKEV2_TRANSFORM_TYPE_PRF;
944 tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA1;
945 tr->key_len = 160 / 8;
946 tr->key_trunc = 160 / 8;
947 tr->md = EVP_sha1 ();
950 vec_add2 (km->supported_transforms, tr, 1);
951 tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
952 tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA2_256_128;
953 tr->key_len = 256 / 8;
954 tr->key_trunc = 128 / 8;
955 tr->md = EVP_sha256 ();
957 vec_add2 (km->supported_transforms, tr, 1);
958 tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
959 tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA2_384_192;
960 tr->key_len = 384 / 8;
961 tr->key_trunc = 192 / 8;
962 tr->md = EVP_sha384 ();
964 vec_add2 (km->supported_transforms, tr, 1);
965 tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
966 tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA2_512_256;
967 tr->key_len = 512 / 8;
968 tr->key_trunc = 256 / 8;
969 tr->md = EVP_sha512 ();
971 vec_add2 (km->supported_transforms, tr, 1);
972 tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
973 tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA1_160;
974 tr->key_len = 160 / 8;
975 tr->key_trunc = 160 / 8;
976 tr->md = EVP_sha1 ();
978 vec_add2 (km->supported_transforms, tr, 1);
979 tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
980 tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA1_96;
981 tr->key_len = 160 / 8;
982 tr->key_trunc = 96 / 8;
983 tr->md = EVP_sha1 ();
986 #if defined(OPENSSL_NO_CISCO_FECDH)
987 vec_add2 (km->supported_transforms, tr, 1);
988 tr->type = IKEV2_TRANSFORM_TYPE_DH;
989 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_512;
990 tr->key_len = (512 * 2) / 8;
991 tr->nid = NID_brainpoolP512r1;
992 tr->dh_group = IKEV2_DH_GROUP_ECP;
994 vec_add2 (km->supported_transforms, tr, 1);
995 tr->type = IKEV2_TRANSFORM_TYPE_DH;
996 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_384;
997 tr->key_len = (384 * 2) / 8;
998 tr->nid = NID_brainpoolP384r1;
999 tr->dh_group = IKEV2_DH_GROUP_ECP;
1001 vec_add2 (km->supported_transforms, tr, 1);
1002 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1003 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_256;
1004 tr->key_len = (256 * 2) / 8;
1005 tr->nid = NID_brainpoolP256r1;
1006 tr->dh_group = IKEV2_DH_GROUP_ECP;
1008 vec_add2 (km->supported_transforms, tr, 1);
1009 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1010 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_224;
1011 tr->key_len = (224 * 2) / 8;
1012 tr->nid = NID_brainpoolP224r1;
1013 tr->dh_group = IKEV2_DH_GROUP_ECP;
1015 vec_add2 (km->supported_transforms, tr, 1);
1016 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1017 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_224;
1018 tr->key_len = (224 * 2) / 8;
1019 tr->nid = NID_secp224r1;
1020 tr->dh_group = IKEV2_DH_GROUP_ECP;
1023 vec_add2 (km->supported_transforms, tr, 1);
1024 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1025 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_521;
1026 tr->key_len = (528 * 2) / 8;
1027 tr->nid = NID_secp521r1;
1028 tr->dh_group = IKEV2_DH_GROUP_ECP;
1030 vec_add2 (km->supported_transforms, tr, 1);
1031 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1032 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_384;
1033 tr->key_len = (384 * 2) / 8;
1034 tr->nid = NID_secp384r1;
1035 tr->dh_group = IKEV2_DH_GROUP_ECP;
1037 vec_add2 (km->supported_transforms, tr, 1);
1038 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1039 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_256;
1040 tr->key_len = (256 * 2) / 8;
1041 tr->nid = NID_X9_62_prime256v1;
1042 tr->dh_group = IKEV2_DH_GROUP_ECP;
1044 vec_add2 (km->supported_transforms, tr, 1);
1045 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1046 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_192;
1047 tr->key_len = (192 * 2) / 8;
1048 tr->nid = NID_X9_62_prime192v1;
1049 tr->dh_group = IKEV2_DH_GROUP_ECP;
1051 vec_add2 (km->supported_transforms, tr, 1);
1052 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1053 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048_256;
1054 tr->key_len = 2048 / 8;
1055 tr->dh_p = (const char *) &modp_dh_2048_256_prime;
1056 tr->dh_g = (const char *) &modp_dh_2048_256_generator;
1057 tr->dh_group = IKEV2_DH_GROUP_MODP;
1059 vec_add2 (km->supported_transforms, tr, 1);
1060 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1061 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048_224;
1062 tr->key_len = 2048 / 8;
1063 tr->dh_p = (const char *) &modp_dh_2048_224_prime;
1064 tr->dh_g = (const char *) &modp_dh_2048_224_generator;
1065 tr->dh_group = IKEV2_DH_GROUP_MODP;
1067 vec_add2 (km->supported_transforms, tr, 1);
1068 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1069 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1024_160;
1070 tr->key_len = 1024 / 8;
1071 tr->dh_p = (const char *) &modp_dh_1024_160_prime;
1072 tr->dh_g = (const char *) &modp_dh_1024_160_generator;
1073 tr->dh_group = IKEV2_DH_GROUP_MODP;
1075 vec_add2 (km->supported_transforms, tr, 1);
1076 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1077 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_8192;
1078 tr->key_len = 8192 / 8;
1079 tr->dh_p = (const char *) &modp_dh_8192_prime;
1080 tr->dh_g = (const char *) &modp_dh_8192_generator;
1081 tr->dh_group = IKEV2_DH_GROUP_MODP;
1083 vec_add2 (km->supported_transforms, tr, 1);
1084 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1085 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_6144;
1086 tr->key_len = 6144 / 8;
1087 tr->dh_p = (const char *) &modp_dh_6144_prime;
1088 tr->dh_g = (const char *) &modp_dh_6144_generator;
1089 tr->dh_group = IKEV2_DH_GROUP_MODP;
1091 vec_add2 (km->supported_transforms, tr, 1);
1092 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1093 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_4096;
1094 tr->key_len = 4096 / 8;
1095 tr->dh_p = (const char *) &modp_dh_4096_prime;
1096 tr->dh_g = (const char *) &modp_dh_4096_generator;
1097 tr->dh_group = IKEV2_DH_GROUP_MODP;
1099 vec_add2 (km->supported_transforms, tr, 1);
1100 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1101 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_3072;
1102 tr->key_len = 3072 / 8;
1103 tr->dh_p = (const char *) &modp_dh_3072_prime;
1104 tr->dh_g = (const char *) &modp_dh_3072_generator;
1105 tr->dh_group = IKEV2_DH_GROUP_MODP;
1107 vec_add2 (km->supported_transforms, tr, 1);
1108 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1109 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048;
1110 tr->key_len = 2048 / 8;
1111 tr->dh_p = (const char *) &modp_dh_2048_prime;
1112 tr->dh_g = (const char *) &modp_dh_2048_generator;
1113 tr->dh_group = IKEV2_DH_GROUP_MODP;
1115 vec_add2 (km->supported_transforms, tr, 1);
1116 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1117 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1536;
1118 tr->key_len = 1536 / 8;
1119 tr->dh_p = (const char *) &modp_dh_1536_prime;
1120 tr->dh_g = (const char *) &modp_dh_1536_generator;
1121 tr->dh_group = IKEV2_DH_GROUP_MODP;
1123 vec_add2 (km->supported_transforms, tr, 1);
1124 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1125 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1024;
1126 tr->key_len = 1024 / 8;
1127 tr->dh_p = (const char *) &modp_dh_1024_prime;
1128 tr->dh_g = (const char *) &modp_dh_1024_generator;
1129 tr->dh_group = IKEV2_DH_GROUP_MODP;
1131 vec_add2 (km->supported_transforms, tr, 1);
1132 tr->type = IKEV2_TRANSFORM_TYPE_DH;
1133 tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_768;
1134 tr->key_len = 768 / 8;
1135 tr->dh_p = (const char *) &modp_dh_768_prime;
1136 tr->dh_g = (const char *) &modp_dh_768_generator;
1137 tr->dh_group = IKEV2_DH_GROUP_MODP;
1139 vec_add2 (km->supported_transforms, tr, 1);
1140 tr->type = IKEV2_TRANSFORM_TYPE_ESN;
1141 tr->esn_type = IKEV2_TRANSFORM_ESN_TYPE_ESN;
1143 vec_add2 (km->supported_transforms, tr, 1);
1144 tr->type = IKEV2_TRANSFORM_TYPE_ESN;
1145 tr->esn_type = IKEV2_TRANSFORM_ESN_TYPE_NO_ESN;
1151 * fd.io coding-style-patch-verification: ON
1154 * eval: (c-set-style "gnu")