Line data Source code
1 : /*
2 : * Copyright (c) 2015 Cisco and/or its affiliates.
3 : * Licensed under the Apache License, Version 2.0 (the "License");
4 : * you may not use this file except in compliance with the License.
5 : * You may obtain a copy of the License at:
6 : *
7 : * http://www.apache.org/licenses/LICENSE-2.0
8 : *
9 : * Unless required by applicable law or agreed to in writing, software
10 : * distributed under the License is distributed on an "AS IS" BASIS,
11 : * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 : * See the License for the specific language governing permissions and
13 : * limitations under the License.
14 : */
15 :
16 : #include <vlib/vlib.h>
17 : #include <vnet/vnet.h>
18 : #include <vppinfra/error.h>
19 : #include <plugins/ikev2/ikev2.h>
20 : #include <plugins/ikev2/ikev2_priv.h>
21 : #include <openssl/obj_mac.h>
22 : #include <openssl/ec.h>
23 : #include <openssl/x509.h>
24 : #include <openssl/pem.h>
25 : #include <openssl/bn.h>
26 : #include <openssl/dh.h>
27 :
28 : /* from RFC7296 */
29 : static const char modp_dh_768_prime[] =
30 : "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
31 : "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
32 : "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
33 : "E485B576625E7EC6F44C42E9A63A3620FFFFFFFFFFFFFFFF";
34 : static const char modp_dh_768_generator[] = "02";
35 :
36 : static const char modp_dh_1024_prime[] =
37 : "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
38 : "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
39 : "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
40 : "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
41 : "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381" "FFFFFFFFFFFFFFFF";
42 : static const char modp_dh_1024_generator[] = "02";
43 :
44 : /* from RFC3526 */
45 : static const char modp_dh_1536_prime[] =
46 : "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
47 : "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
48 : "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
49 : "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
50 : "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
51 : "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
52 : "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
53 : "670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF";
54 : static const char modp_dh_1536_generator[] = "02";
55 :
56 : static const char modp_dh_2048_prime[] =
57 : "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
58 : "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
59 : "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
60 : "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
61 : "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
62 : "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
63 : "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
64 : "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
65 : "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
66 : "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
67 : "15728E5A8AACAA68FFFFFFFFFFFFFFFF";
68 : static const char modp_dh_2048_generator[] = "02";
69 :
70 : static const char modp_dh_3072_prime[] =
71 : "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
72 : "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
73 : "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
74 : "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
75 : "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
76 : "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
77 : "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
78 : "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
79 : "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
80 : "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
81 : "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
82 : "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
83 : "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
84 : "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
85 : "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
86 : "43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF";
87 : static const char modp_dh_3072_generator[] = "02";
88 :
89 : static const char modp_dh_4096_prime[] =
90 : "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
91 : "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
92 : "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
93 : "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
94 : "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
95 : "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
96 : "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
97 : "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
98 : "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
99 : "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
100 : "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
101 : "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
102 : "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
103 : "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
104 : "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
105 : "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7"
106 : "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA"
107 : "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6"
108 : "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED"
109 : "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9"
110 : "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199" "FFFFFFFFFFFFFFFF";
111 : static const char modp_dh_4096_generator[] = "02";
112 :
113 : static const char modp_dh_6144_prime[] =
114 : "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E08"
115 : "8A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B"
116 : "302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9"
117 : "A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE6"
118 : "49286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8"
119 : "FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D"
120 : "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C"
121 : "180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF695581718"
122 : "3995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D"
123 : "04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7D"
124 : "B3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D226"
125 : "1AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
126 : "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFC"
127 : "E0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B26"
128 : "99C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB"
129 : "04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2"
130 : "233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127"
131 : "D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492"
132 : "36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406"
133 : "AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918"
134 : "DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B33205151"
135 : "2BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03"
136 : "F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97F"
137 : "BEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA"
138 : "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58B"
139 : "B7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632"
140 : "387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E"
141 : "6DCC4024FFFFFFFFFFFFFFFF";
142 : static const char modp_dh_6144_generator[] = "02";
143 :
144 : static const char modp_dh_8192_prime[] =
145 : "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
146 : "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
147 : "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
148 : "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
149 : "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
150 : "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
151 : "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
152 : "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
153 : "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
154 : "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
155 : "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
156 : "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
157 : "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
158 : "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
159 : "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
160 : "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7"
161 : "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA"
162 : "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6"
163 : "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED"
164 : "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9"
165 : "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492"
166 : "36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BD"
167 : "F8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831"
168 : "179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1B"
169 : "DB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF"
170 : "5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6"
171 : "D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F3"
172 : "23A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA"
173 : "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE328"
174 : "06A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55C"
175 : "DA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE"
176 : "12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E4"
177 : "38777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300"
178 : "741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F568"
179 : "3423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD9"
180 : "22222E04A4037C0713EB57A81A23F0C73473FC646CEA306B"
181 : "4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A"
182 : "062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A36"
183 : "4597E899A0255DC164F31CC50846851DF9AB48195DED7EA1"
184 : "B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F92"
185 : "4009438B481C6CD7889A002ED5EE382BC9190DA6FC026E47"
186 : "9558E4475677E9AA9E3050E2765694DFC81F56E880B96E71"
187 : "60C980DD98EDD3DFFFFFFFFFFFFFFFFF";
188 : static const char modp_dh_8192_generator[] = "02";
189 :
190 : /* from RFC5114 */
191 : static const char modp_dh_1024_160_prime[] =
192 : "B10B8F96A080E01DDE92DE5EAE5D54EC52C99FBCFB06A3C6"
193 : "9A6A9DCA52D23B616073E28675A23D189838EF1E2EE652C0"
194 : "13ECB4AEA906112324975C3CD49B83BFACCBDD7D90C4BD70"
195 : "98488E9C219A73724EFFD6FAE5644738FAA31A4FF55BCCC0"
196 : "A151AF5F0DC8B4BD45BF37DF365C1A65E68CFDA76D4DA708" "DF1FB2BC2E4A4371";
197 : static const char modp_dh_1024_160_generator[] =
198 : "A4D1CBD5C3FD34126765A442EFB99905F8104DD258AC507F"
199 : "D6406CFF14266D31266FEA1E5C41564B777E690F5504F213"
200 : "160217B4B01B886A5E91547F9E2749F4D7FBD7D3B9A92EE1"
201 : "909D0D2263F80A76A6A24C087A091F531DBF0A0169B6A28A"
202 : "D662A4D18E73AFA32D779D5918D08BC8858F4DCEF97C2A24" "855E6EEB22B3B2E5";
203 :
204 : static const char modp_dh_2048_224_prime[] =
205 : "AD107E1E9123A9D0D660FAA79559C51FA20D64E5683B9FD1"
206 : "B54B1597B61D0A75E6FA141DF95A56DBAF9A3C407BA1DF15"
207 : "EB3D688A309C180E1DE6B85A1274A0A66D3F8152AD6AC212"
208 : "9037C9EDEFDA4DF8D91E8FEF55B7394B7AD5B7D0B6C12207"
209 : "C9F98D11ED34DBF6C6BA0B2C8BBC27BE6A00E0A0B9C49708"
210 : "B3BF8A317091883681286130BC8985DB1602E714415D9330"
211 : "278273C7DE31EFDC7310F7121FD5A07415987D9ADC0A486D"
212 : "CDF93ACC44328387315D75E198C641A480CD86A1B9E587E8"
213 : "BE60E69CC928B2B9C52172E413042E9B23F10B0E16E79763"
214 : "C9B53DCF4BA80A29E3FB73C16B8E75B97EF363E2FFA31F71"
215 : "CF9DE5384E71B81C0AC4DFFE0C10E64F";
216 : static const char modp_dh_2048_224_generator[] =
217 : "AC4032EF4F2D9AE39DF30B5C8FFDAC506CDEBE7B89998CAF"
218 : "74866A08CFE4FFE3A6824A4E10B9A6F0DD921F01A70C4AFA"
219 : "AB739D7700C29F52C57DB17C620A8652BE5E9001A8D66AD7"
220 : "C17669101999024AF4D027275AC1348BB8A762D0521BC98A"
221 : "E247150422EA1ED409939D54DA7460CDB5F6C6B250717CBE"
222 : "F180EB34118E98D119529A45D6F834566E3025E316A330EF"
223 : "BB77A86F0C1AB15B051AE3D428C8F8ACB70A8137150B8EEB"
224 : "10E183EDD19963DDD9E263E4770589EF6AA21E7F5F2FF381"
225 : "B539CCE3409D13CD566AFBB48D6C019181E1BCFE94B30269"
226 : "EDFE72FE9B6AA4BD7B5A0F1C71CFFF4C19C418E1F6EC0179"
227 : "81BC087F2A7065B384B890D3191F2BFA";
228 :
229 : static const char modp_dh_2048_256_prime[] =
230 : "87A8E61DB4B6663CFFBBD19C651959998CEEF608660DD0F2"
231 : "5D2CEED4435E3B00E00DF8F1D61957D4FAF7DF4561B2AA30"
232 : "16C3D91134096FAA3BF4296D830E9A7C209E0C6497517ABD"
233 : "5A8A9D306BCF67ED91F9E6725B4758C022E0B1EF4275BF7B"
234 : "6C5BFC11D45F9088B941F54EB1E59BB8BC39A0BF12307F5C"
235 : "4FDB70C581B23F76B63ACAE1CAA6B7902D52526735488A0E"
236 : "F13C6D9A51BFA4AB3AD8347796524D8EF6A167B5A41825D9"
237 : "67E144E5140564251CCACB83E6B486F6B3CA3F7971506026"
238 : "C0B857F689962856DED4010ABD0BE621C3A3960A54E710C3"
239 : "75F26375D7014103A4B54330C198AF126116D2276E11715F"
240 : "693877FAD7EF09CADB094AE91E1A1597";
241 : static const char modp_dh_2048_256_generator[] =
242 : "3FB32C9B73134D0B2E77506660EDBD484CA7B18F21EF2054"
243 : "07F4793A1A0BA12510DBC15077BE463FFF4FED4AAC0BB555"
244 : "BE3A6C1B0C6B47B1BC3773BF7E8C6F62901228F8C28CBB18"
245 : "A55AE31341000A650196F931C77A57F2DDF463E5E9EC144B"
246 : "777DE62AAAB8A8628AC376D282D6ED3864E67982428EBC83"
247 : "1D14348F6F2F9193B5045AF2767164E1DFC967C1FB3F2E55"
248 : "A4BD1BFFE83B9C80D052B985D182EA0ADB2A3B7313D3FE14"
249 : "C8484B1E052588B9B7D2BBD2DF016199ECD06E1557CD0915"
250 : "B3353BBB64E0EC377FD028370DF92B52C7891428CDC67EB6"
251 : "184B523D1DB246C32F63078490F00EF8D647D148D4795451"
252 : "5E2327CFEF98C582664B4C0F6CC41659";
253 :
254 : v8 *
255 404 : ikev2_calc_prf (ikev2_sa_transform_t * tr, v8 * key, v8 * data)
256 : {
257 404 : ikev2_main_per_thread_data_t *ptd = ikev2_get_per_thread_data ();
258 404 : HMAC_CTX *ctx = ptd->hmac_ctx;
259 : v8 *prf;
260 404 : unsigned int len = 0;
261 :
262 404 : prf = vec_new (u8, tr->key_trunc);
263 404 : HMAC_Init_ex (ctx, key, vec_len (key), tr->md, NULL);
264 404 : HMAC_Update (ctx, data, vec_len (data));
265 404 : HMAC_Final (ctx, prf, &len);
266 404 : ASSERT (len == tr->key_trunc);
267 :
268 404 : return prf;
269 : }
270 :
271 : u8 *
272 52 : ikev2_calc_prfplus (ikev2_sa_transform_t * tr, u8 * key, u8 * seed, int len)
273 : {
274 52 : v8 *t = 0, *s = 0, *tmp = 0, *ret = 0;
275 52 : u8 x = 0;
276 :
277 : /* prf+ (K,S) = T1 | T2 | T3 | T4 | ...
278 :
279 : where:
280 : T1 = prf (K, S | 0x01)
281 : T2 = prf (K, T1 | S | 0x02)
282 : T3 = prf (K, T2 | S | 0x03)
283 : T4 = prf (K, T3 | S | 0x04)
284 : */
285 :
286 321 : while (vec_len (ret) < len && x < 255)
287 : {
288 269 : if (t)
289 : {
290 217 : vec_append (s, t);
291 217 : vec_free (t);
292 : }
293 :
294 269 : vec_append (s, seed);
295 269 : vec_add2 (s, tmp, 1);
296 269 : *tmp = x + 1;
297 269 : t = ikev2_calc_prf (tr, key, s);
298 269 : vec_append (ret, t);
299 269 : vec_free (s);
300 269 : x++;
301 : }
302 :
303 52 : vec_free (t);
304 :
305 52 : if (x == 255)
306 : {
307 0 : vec_free (ret);
308 : }
309 :
310 52 : return ret;
311 : }
312 :
313 : v8 *
314 64 : ikev2_calc_integr (ikev2_sa_transform_t * tr, v8 * key, u8 * data, int len)
315 : {
316 64 : ikev2_main_per_thread_data_t *ptd = ikev2_get_per_thread_data ();
317 64 : HMAC_CTX *ctx = ptd->hmac_ctx;
318 : v8 *r;
319 : unsigned int l;
320 :
321 64 : ASSERT (tr->type == IKEV2_TRANSFORM_TYPE_INTEG);
322 :
323 64 : r = vec_new (u8, tr->key_len);
324 :
325 64 : if (tr->md == EVP_sha1 ())
326 : {
327 56 : ikev2_elog_debug ("integrity checking with sha1");
328 : }
329 8 : else if (tr->md == EVP_sha256 ())
330 : {
331 8 : ikev2_elog_debug ("integrity checking with sha256");
332 : }
333 :
334 : /* verify integrity of data */
335 64 : HMAC_Init_ex (ctx, key, vec_len (key), tr->md, NULL);
336 64 : HMAC_Update (ctx, (const u8 *) data, len);
337 64 : HMAC_Final (ctx, r, &l);
338 64 : ASSERT (l == tr->key_len);
339 :
340 64 : return r;
341 : }
342 :
343 : static_always_inline void
344 30 : ikev2_init_gcm_nonce (u8 * nonce, u8 * salt, u8 * iv)
345 : {
346 30 : clib_memcpy (nonce, salt, IKEV2_GCM_SALT_SIZE);
347 30 : clib_memcpy (nonce + IKEV2_GCM_SALT_SIZE, iv, IKEV2_GCM_IV_SIZE);
348 30 : }
349 :
350 : int
351 12 : ikev2_decrypt_aead_data (ikev2_main_per_thread_data_t * ptd, ikev2_sa_t * sa,
352 : ikev2_sa_transform_t * tr_encr, u8 * data,
353 : int data_len, u8 * aad, u32 aad_len, u8 * tag,
354 : u32 * out_len)
355 : {
356 12 : EVP_CIPHER_CTX *ctx = ptd->evp_ctx;
357 12 : int len = 0;
358 12 : u8 *key = sa->is_initiator ? sa->sk_er : sa->sk_ei;
359 : u8 nonce[IKEV2_GCM_NONCE_SIZE];
360 :
361 12 : if (data_len <= IKEV2_GCM_IV_SIZE)
362 : /* runt data */
363 0 : return 0;
364 :
365 : /* extract salt from the end of the key */
366 12 : u8 *salt = key + vec_len (key) - IKEV2_GCM_SALT_SIZE;
367 12 : ikev2_init_gcm_nonce (nonce, salt, data);
368 :
369 12 : data += IKEV2_GCM_IV_SIZE;
370 12 : data_len -= IKEV2_GCM_IV_SIZE;
371 :
372 12 : EVP_DecryptInit_ex (ctx, tr_encr->cipher, 0, 0, 0);
373 12 : EVP_CIPHER_CTX_ctrl (ctx, EVP_CTRL_GCM_SET_IVLEN, 12, 0);
374 12 : EVP_DecryptInit_ex (ctx, 0, 0, key, nonce);
375 12 : EVP_DecryptUpdate (ctx, 0, &len, aad, aad_len);
376 12 : EVP_DecryptUpdate (ctx, data, &len, data, data_len);
377 12 : EVP_CIPHER_CTX_ctrl (ctx, EVP_CTRL_GCM_SET_TAG, IKEV2_GCM_ICV_SIZE, tag);
378 :
379 12 : if (EVP_DecryptFinal_ex (ctx, data + len, &len) > 0)
380 : {
381 12 : *out_len = data_len - data[data_len - 1] - 1;
382 12 : return 1;
383 : }
384 :
385 0 : return 0;
386 : }
387 :
388 : int
389 31 : ikev2_decrypt_data (ikev2_main_per_thread_data_t * ptd, ikev2_sa_t * sa,
390 : ikev2_sa_transform_t * tr_encr, u8 * data, int len,
391 : u32 * out_len)
392 : {
393 31 : EVP_CIPHER_CTX *ctx = ptd->evp_ctx;
394 31 : int tmp_len = 0, block_size;
395 31 : u8 *key = sa->is_initiator ? sa->sk_er : sa->sk_ei;
396 31 : block_size = tr_encr->block_size;
397 31 : u8 *iv = data;
398 :
399 : /* check if data is multiplier of cipher block size */
400 31 : if (len % block_size)
401 : {
402 0 : ikev2_elog_error ("wrong data length");
403 0 : return 0;
404 : }
405 31 : data += block_size;
406 31 : len -= block_size;
407 :
408 31 : EVP_DecryptInit_ex (ctx, tr_encr->cipher, NULL, key, iv);
409 31 : EVP_CIPHER_CTX_set_padding (ctx, 0);
410 31 : EVP_DecryptUpdate (ctx, data, &tmp_len, data, len);
411 :
412 31 : if (EVP_DecryptFinal_ex (ctx, data + tmp_len, &tmp_len) > 0)
413 : {
414 31 : *out_len = len - data[len - 1] - 1;
415 31 : return 1;
416 : }
417 :
418 0 : return 0;
419 : }
420 :
421 : int
422 18 : ikev2_encrypt_aead_data (ikev2_main_per_thread_data_t * ptd, ikev2_sa_t * sa,
423 : ikev2_sa_transform_t * tr_encr,
424 : v8 * src, u8 * dst, u8 * aad, u32 aad_len, u8 * tag)
425 : {
426 18 : EVP_CIPHER_CTX *ctx = ptd->evp_ctx;
427 18 : int out_len = 0, len = 0;
428 : u8 nonce[IKEV2_GCM_NONCE_SIZE];
429 18 : u8 *key = sa->is_initiator ? sa->sk_ei : sa->sk_er;
430 18 : if (!key)
431 0 : return 0;
432 :
433 : /* generate IV; its length must be 8 octets for aes-gcm (rfc5282) */
434 18 : RAND_bytes (dst, IKEV2_GCM_IV_SIZE);
435 18 : ikev2_init_gcm_nonce (nonce, key + vec_len (key) - IKEV2_GCM_SALT_SIZE,
436 : dst);
437 18 : dst += IKEV2_GCM_IV_SIZE;
438 :
439 18 : EVP_EncryptInit_ex (ctx, tr_encr->cipher, 0, 0, 0);
440 18 : EVP_CIPHER_CTX_ctrl (ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL);
441 18 : EVP_EncryptInit_ex (ctx, 0, 0, key, nonce);
442 18 : EVP_EncryptUpdate (ctx, NULL, &out_len, aad, aad_len);
443 18 : EVP_EncryptUpdate (ctx, dst, &out_len, src, vec_len (src));
444 18 : EVP_EncryptFinal_ex (ctx, dst + out_len, &len);
445 18 : EVP_CIPHER_CTX_ctrl (ctx, EVP_CTRL_GCM_GET_TAG, 16, tag);
446 18 : out_len += len;
447 18 : ASSERT (vec_len (src) == out_len);
448 :
449 18 : return out_len + IKEV2_GCM_IV_SIZE;
450 : }
451 :
452 : int
453 33 : ikev2_encrypt_data (ikev2_main_per_thread_data_t * ptd, ikev2_sa_t * sa,
454 : ikev2_sa_transform_t * tr_encr, v8 * src, u8 * dst)
455 : {
456 33 : EVP_CIPHER_CTX *ctx = ptd->evp_ctx;
457 33 : int out_len = 0, len = 0;
458 33 : int bs = tr_encr->block_size;
459 33 : u8 *key = sa->is_initiator ? sa->sk_ei : sa->sk_er;
460 33 : if (!key)
461 0 : return 0;
462 :
463 : /* generate IV */
464 33 : u8 *iv = dst;
465 33 : RAND_bytes (iv, bs);
466 33 : dst += bs;
467 :
468 33 : EVP_EncryptInit_ex (ctx, tr_encr->cipher, NULL, key, iv);
469 : /* disable padding as pad data were added before */
470 33 : EVP_CIPHER_CTX_set_padding (ctx, 0);
471 33 : EVP_EncryptUpdate (ctx, dst, &out_len, src, vec_len (src));
472 33 : EVP_EncryptFinal_ex (ctx, dst + out_len, &len);
473 :
474 33 : out_len += len;
475 33 : ASSERT (vec_len (src) == out_len);
476 :
477 33 : return out_len + bs;
478 : }
479 :
480 : #ifndef BN_bn2binpad
481 : int
482 : BN_bn2binpad (const BIGNUM * a, unsigned char *to, int tolen)
483 : {
484 28 : int r = BN_bn2bin (a, to);
485 28 : ASSERT (tolen >= r);
486 28 : int pad = tolen - r;
487 28 : if (pad)
488 : {
489 0 : vec_insert (to, pad, 0);
490 0 : clib_memset (to, 0, pad);
491 0 : vec_dec_len (to, pad);
492 : }
493 28 : return tolen;
494 : }
495 : #endif
496 :
497 : void
498 22 : ikev2_generate_dh (ikev2_sa_t * sa, ikev2_sa_transform_t * t)
499 : {
500 : int r;
501 :
502 22 : if (t->dh_group == IKEV2_DH_GROUP_MODP)
503 : {
504 22 : DH *dh = DH_new ();
505 : #if OPENSSL_VERSION_NUMBER >= 0x10100000L
506 22 : BIGNUM *p = NULL;
507 22 : BIGNUM *g = NULL;
508 : const BIGNUM *pub_key, *priv_key;
509 :
510 22 : BN_hex2bn (&p, t->dh_p);
511 22 : BN_hex2bn (&g, t->dh_g);
512 22 : DH_set0_pqg (dh, p, NULL, g);
513 : #else
514 : BN_hex2bn (&dh->p, t->dh_p);
515 : BN_hex2bn (&dh->g, t->dh_g);
516 : #endif
517 22 : DH_generate_key (dh);
518 :
519 22 : if (sa->is_initiator)
520 : {
521 6 : sa->i_dh_data = vec_new (u8, t->key_len);
522 6 : sa->dh_private_key = vec_new (u8, t->key_len);
523 : #if OPENSSL_VERSION_NUMBER >= 0x10100000L
524 6 : DH_get0_key (dh, &pub_key, &priv_key);
525 6 : r = BN_bn2binpad (pub_key, sa->i_dh_data, t->key_len);
526 6 : ASSERT (r == t->key_len);
527 6 : r = BN_bn2binpad (priv_key, sa->dh_private_key, t->key_len);
528 : #else
529 : r = BN_bn2binpad (dh->pub_key, sa->i_dh_data, t->key_len);
530 : ASSERT (r == t->key_len);
531 : r = BN_bn2binpad (dh->priv_key, sa->dh_private_key, t->key_len);
532 : #endif
533 6 : ASSERT (r == t->key_len);
534 : }
535 : else
536 : {
537 16 : sa->r_dh_data = vec_new (u8, t->key_len);
538 : #if OPENSSL_VERSION_NUMBER >= 0x10100000L
539 16 : DH_get0_key (dh, &pub_key, &priv_key);
540 16 : r = BN_bn2binpad (pub_key, sa->r_dh_data, t->key_len);
541 : #else
542 : r = BN_bn2binpad (dh->pub_key, sa->r_dh_data, t->key_len);
543 : #endif
544 16 : ASSERT (r == t->key_len);
545 :
546 : BIGNUM *ex;
547 16 : sa->dh_shared_key = vec_new (u8, t->key_len);
548 16 : ex = BN_bin2bn (sa->i_dh_data, vec_len (sa->i_dh_data), NULL);
549 16 : r = DH_compute_key (sa->dh_shared_key, ex, dh);
550 16 : ASSERT (t->key_len >= r);
551 16 : int pad = t->key_len - r;
552 16 : if (pad)
553 : {
554 1 : vec_insert (sa->dh_shared_key, pad, 0);
555 1 : clib_memset (sa->dh_shared_key, 0, pad);
556 1 : vec_dec_len (sa->dh_shared_key, pad);
557 : }
558 16 : BN_clear_free (ex);
559 : }
560 22 : DH_free (dh);
561 : }
562 0 : else if (t->dh_group == IKEV2_DH_GROUP_ECP)
563 : {
564 0 : EC_KEY *ec = EC_KEY_new_by_curve_name (t->nid);
565 0 : ASSERT (ec);
566 :
567 0 : EC_KEY_generate_key (ec);
568 :
569 0 : const EC_POINT *r_point = EC_KEY_get0_public_key (ec);
570 0 : const EC_GROUP *group = EC_KEY_get0_group (ec);
571 0 : BIGNUM *x = NULL, *y = NULL;
572 0 : BN_CTX *bn_ctx = BN_CTX_new ();
573 : u16 x_off, y_off, len;
574 0 : EC_POINT *i_point = EC_POINT_new (group);
575 0 : EC_POINT *shared_point = EC_POINT_new (group);
576 :
577 0 : x = BN_new ();
578 0 : y = BN_new ();
579 0 : len = t->key_len / 2;
580 :
581 : #if OPENSSL_VERSION_NUMBER >= 0x30000000L
582 : EC_POINT_get_affine_coordinates (group, r_point, x, y, bn_ctx);
583 : #else
584 0 : EC_POINT_get_affine_coordinates_GFp (group, r_point, x, y, bn_ctx);
585 : #endif
586 :
587 0 : if (sa->is_initiator)
588 : {
589 0 : sa->i_dh_data = vec_new (u8, t->key_len);
590 0 : x_off = len - BN_num_bytes (x);
591 0 : clib_memset (sa->i_dh_data, 0, x_off);
592 0 : BN_bn2bin (x, sa->i_dh_data + x_off);
593 0 : y_off = t->key_len - BN_num_bytes (y);
594 0 : clib_memset (sa->i_dh_data + len, 0, y_off - len);
595 0 : BN_bn2bin (y, sa->i_dh_data + y_off);
596 :
597 0 : const BIGNUM *prv = EC_KEY_get0_private_key (ec);
598 0 : sa->dh_private_key = vec_new (u8, BN_num_bytes (prv));
599 0 : r = BN_bn2bin (prv, sa->dh_private_key);
600 0 : ASSERT (r == BN_num_bytes (prv));
601 : }
602 : else
603 : {
604 0 : sa->r_dh_data = vec_new (u8, t->key_len);
605 0 : x_off = len - BN_num_bytes (x);
606 0 : clib_memset (sa->r_dh_data, 0, x_off);
607 0 : BN_bn2bin (x, sa->r_dh_data + x_off);
608 0 : y_off = t->key_len - BN_num_bytes (y);
609 0 : clib_memset (sa->r_dh_data + len, 0, y_off - len);
610 0 : BN_bn2bin (y, sa->r_dh_data + y_off);
611 :
612 0 : x = BN_bin2bn (sa->i_dh_data, len, x);
613 0 : y = BN_bin2bn (sa->i_dh_data + len, len, y);
614 : #if OPENSSL_VERSION_NUMBER >= 0x30000000L
615 : EC_POINT_set_affine_coordinates (group, i_point, x, y, bn_ctx);
616 : #else
617 0 : EC_POINT_set_affine_coordinates_GFp (group, i_point, x, y, bn_ctx);
618 : #endif
619 0 : sa->dh_shared_key = vec_new (u8, t->key_len);
620 0 : EC_POINT_mul (group, shared_point, NULL, i_point,
621 : EC_KEY_get0_private_key (ec), NULL);
622 : #if OPENSSL_VERSION_NUMBER >= 0x30000000L
623 : EC_POINT_get_affine_coordinates (group, shared_point, x, y, bn_ctx);
624 : #else
625 0 : EC_POINT_get_affine_coordinates_GFp (group, shared_point, x, y,
626 : bn_ctx);
627 : #endif
628 0 : x_off = len - BN_num_bytes (x);
629 0 : clib_memset (sa->dh_shared_key, 0, x_off);
630 0 : BN_bn2bin (x, sa->dh_shared_key + x_off);
631 0 : y_off = t->key_len - BN_num_bytes (y);
632 0 : clib_memset (sa->dh_shared_key + len, 0, y_off - len);
633 0 : BN_bn2bin (y, sa->dh_shared_key + y_off);
634 : }
635 :
636 0 : EC_KEY_free (ec);
637 0 : BN_free (x);
638 0 : BN_free (y);
639 0 : BN_CTX_free (bn_ctx);
640 0 : EC_POINT_free (i_point);
641 0 : EC_POINT_free (shared_point);
642 : }
643 22 : }
644 :
645 : void
646 6 : ikev2_complete_dh (ikev2_sa_t * sa, ikev2_sa_transform_t * t)
647 : {
648 : int r;
649 :
650 6 : if (t->dh_group == IKEV2_DH_GROUP_MODP)
651 : {
652 6 : DH *dh = DH_new ();
653 : #if OPENSSL_VERSION_NUMBER >= 0x10100000L
654 6 : BIGNUM *p = NULL;
655 6 : BIGNUM *g = NULL;
656 : BIGNUM *priv_key;
657 :
658 6 : BN_hex2bn (&p, t->dh_p);
659 6 : BN_hex2bn (&g, t->dh_g);
660 6 : DH_set0_pqg (dh, p, NULL, g);
661 :
662 : priv_key =
663 6 : BN_bin2bn (sa->dh_private_key, vec_len (sa->dh_private_key), NULL);
664 6 : DH_set0_key (dh, NULL, priv_key);
665 : #else
666 : BN_hex2bn (&dh->p, t->dh_p);
667 : BN_hex2bn (&dh->g, t->dh_g);
668 :
669 : dh->priv_key =
670 : BN_bin2bn (sa->dh_private_key, vec_len (sa->dh_private_key), NULL);
671 : #endif
672 : BIGNUM *ex;
673 6 : sa->dh_shared_key = vec_new (u8, t->key_len);
674 6 : ex = BN_bin2bn (sa->r_dh_data, vec_len (sa->r_dh_data), NULL);
675 6 : r = DH_compute_key (sa->dh_shared_key, ex, dh);
676 6 : ASSERT (t->key_len >= r);
677 6 : int pad = t->key_len - r;
678 6 : if (pad)
679 : {
680 0 : vec_insert (sa->dh_shared_key, pad, 0);
681 0 : clib_memset (sa->dh_shared_key, 0, pad);
682 0 : vec_dec_len (sa->dh_shared_key, pad);
683 : }
684 6 : BN_clear_free (ex);
685 6 : DH_free (dh);
686 : }
687 0 : else if (t->dh_group == IKEV2_DH_GROUP_ECP)
688 : {
689 0 : EC_KEY *ec = EC_KEY_new_by_curve_name (t->nid);
690 0 : ASSERT (ec);
691 :
692 0 : const EC_GROUP *group = EC_KEY_get0_group (ec);
693 0 : BIGNUM *x = NULL, *y = NULL;
694 0 : BN_CTX *bn_ctx = BN_CTX_new ();
695 : u16 x_off, y_off, len;
696 : BIGNUM *prv;
697 :
698 : prv =
699 0 : BN_bin2bn (sa->dh_private_key, vec_len (sa->dh_private_key), NULL);
700 0 : EC_KEY_set_private_key (ec, prv);
701 :
702 0 : x = BN_new ();
703 0 : y = BN_new ();
704 0 : len = t->key_len / 2;
705 :
706 0 : x = BN_bin2bn (sa->r_dh_data, len, x);
707 0 : y = BN_bin2bn (sa->r_dh_data + len, len, y);
708 0 : EC_POINT *r_point = EC_POINT_new (group);
709 : #if OPENSSL_VERSION_NUMBER >= 0x30000000L
710 : EC_POINT_set_affine_coordinates (group, r_point, x, y, bn_ctx);
711 : #else
712 0 : EC_POINT_set_affine_coordinates_GFp (group, r_point, x, y, bn_ctx);
713 : #endif
714 0 : EC_KEY_set_public_key (ec, r_point);
715 :
716 0 : EC_POINT *i_point = EC_POINT_new (group);
717 0 : EC_POINT *shared_point = EC_POINT_new (group);
718 :
719 0 : x = BN_bin2bn (sa->i_dh_data, len, x);
720 0 : y = BN_bin2bn (sa->i_dh_data + len, len, y);
721 : #if OPENSSL_VERSION_NUMBER >= 0x30000000L
722 : EC_POINT_set_affine_coordinates (group, i_point, x, y, bn_ctx);
723 : #else
724 0 : EC_POINT_set_affine_coordinates_GFp (group, i_point, x, y, bn_ctx);
725 : #endif
726 0 : EC_POINT_mul (group, shared_point, NULL, r_point,
727 : EC_KEY_get0_private_key (ec), NULL);
728 : #if OPENSSL_VERSION_NUMBER >= 0x30000000L
729 : EC_POINT_get_affine_coordinates (group, shared_point, x, y, bn_ctx);
730 : #else
731 0 : EC_POINT_get_affine_coordinates_GFp (group, shared_point, x, y, bn_ctx);
732 : #endif
733 0 : sa->dh_shared_key = vec_new (u8, t->key_len);
734 0 : x_off = len - BN_num_bytes (x);
735 0 : clib_memset (sa->dh_shared_key, 0, x_off);
736 0 : BN_bn2bin (x, sa->dh_shared_key + x_off);
737 0 : y_off = t->key_len - BN_num_bytes (y);
738 0 : clib_memset (sa->dh_shared_key + len, 0, y_off - len);
739 0 : BN_bn2bin (y, sa->dh_shared_key + y_off);
740 :
741 0 : EC_KEY_free (ec);
742 0 : BN_free (x);
743 0 : BN_free (y);
744 0 : BN_free (prv);
745 0 : BN_CTX_free (bn_ctx);
746 0 : EC_POINT_free (i_point);
747 0 : EC_POINT_free (r_point);
748 0 : EC_POINT_free (shared_point);
749 : }
750 6 : }
751 :
752 : int
753 1 : ikev2_verify_sign (EVP_PKEY * pkey, u8 * sigbuf, u8 * data)
754 : {
755 : int verify;
756 : #if OPENSSL_VERSION_NUMBER >= 0x10100000L
757 1 : EVP_MD_CTX *md_ctx = EVP_MD_CTX_new ();
758 : #else
759 : EVP_MD_CTX md_ctx;
760 : EVP_MD_CTX_init (&md_ctx);
761 : #endif
762 :
763 : #if OPENSSL_VERSION_NUMBER >= 0x10100000L
764 1 : EVP_VerifyInit (md_ctx, EVP_sha1 ());
765 1 : EVP_VerifyUpdate (md_ctx, data, vec_len (data));
766 : #else
767 : EVP_VerifyInit_ex (&md_ctx, EVP_sha1 (), NULL);
768 : EVP_VerifyUpdate (&md_ctx, data, vec_len (data));
769 : #endif
770 :
771 : #if OPENSSL_VERSION_NUMBER >= 0x10100000L
772 1 : verify = EVP_VerifyFinal (md_ctx, sigbuf, vec_len (sigbuf), pkey);
773 1 : EVP_MD_CTX_free (md_ctx);
774 : #else
775 : verify = EVP_VerifyFinal (&md_ctx, sigbuf, vec_len (sigbuf), pkey);
776 : EVP_MD_CTX_cleanup (&md_ctx);
777 : #endif
778 1 : return verify;
779 : }
780 :
781 : u8 *
782 1 : ikev2_calc_sign (EVP_PKEY * pkey, u8 * data)
783 : {
784 : #if OPENSSL_VERSION_NUMBER >= 0x10100000L
785 1 : EVP_MD_CTX *md_ctx = EVP_MD_CTX_new ();
786 : #else
787 : EVP_MD_CTX md_ctx;
788 : EVP_MD_CTX_init (&md_ctx);
789 : #endif
790 1 : unsigned int sig_len = 0;
791 : u8 *sign;
792 :
793 : #if OPENSSL_VERSION_NUMBER >= 0x10100000L
794 1 : EVP_SignInit (md_ctx, EVP_sha1 ());
795 1 : EVP_SignUpdate (md_ctx, data, vec_len (data));
796 : /* get sign len */
797 1 : EVP_SignFinal (md_ctx, NULL, &sig_len, pkey);
798 1 : sign = vec_new (u8, sig_len);
799 : /* calc sign */
800 1 : EVP_SignFinal (md_ctx, sign, &sig_len, pkey);
801 1 : EVP_MD_CTX_free (md_ctx);
802 : #else
803 : EVP_SignInit (&md_ctx, EVP_sha1 ());
804 : EVP_SignUpdate (&md_ctx, data, vec_len (data));
805 : /* get sign len */
806 : EVP_SignFinal (&md_ctx, NULL, &sig_len, pkey);
807 : sign = vec_new (u8, sig_len);
808 : /* calc sign */
809 : EVP_SignFinal (&md_ctx, sign, &sig_len, pkey);
810 : EVP_MD_CTX_cleanup (&md_ctx);
811 : #endif
812 1 : return sign;
813 : }
814 :
815 : EVP_PKEY *
816 1 : ikev2_load_cert_file (u8 * file)
817 : {
818 : FILE *fp;
819 : X509 *x509;
820 1 : EVP_PKEY *pkey = NULL;
821 :
822 1 : fp = fopen ((char *) file, "r");
823 1 : if (!fp)
824 : {
825 0 : ikev2_log_error ("open %s failed", file);
826 0 : goto end;
827 : }
828 :
829 1 : x509 = PEM_read_X509 (fp, NULL, NULL, NULL);
830 1 : fclose (fp);
831 1 : if (x509 == NULL)
832 : {
833 0 : ikev2_log_error ("read cert %s failed", file);
834 0 : goto end;
835 : }
836 :
837 1 : pkey = X509_get_pubkey (x509);
838 1 : X509_free (x509);
839 1 : if (pkey == NULL)
840 0 : ikev2_log_error ("get pubkey %s failed", file);
841 :
842 1 : end:
843 1 : return pkey;
844 : }
845 :
846 : EVP_PKEY *
847 1 : ikev2_load_key_file (u8 * file)
848 : {
849 : FILE *fp;
850 1 : EVP_PKEY *pkey = NULL;
851 :
852 1 : fp = fopen ((char *) file, "r");
853 1 : if (!fp)
854 : {
855 0 : ikev2_log_error ("open %s failed", file);
856 0 : goto end;
857 : }
858 :
859 1 : pkey = PEM_read_PrivateKey (fp, NULL, NULL, NULL);
860 1 : fclose (fp);
861 1 : if (pkey == NULL)
862 0 : ikev2_log_error ("read %s failed", file);
863 :
864 1 : end:
865 1 : return pkey;
866 : }
867 :
868 : void
869 21 : ikev2_crypto_init (ikev2_main_t * km)
870 : {
871 : ikev2_sa_transform_t *tr;
872 :
873 : /* vector of supported transforms - in order of preference */
874 :
875 : //Encryption
876 :
877 21 : vec_add2 (km->supported_transforms, tr, 1);
878 21 : tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
879 21 : tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
880 21 : tr->key_len = 256 / 8;
881 21 : tr->block_size = 128 / 8;
882 21 : tr->cipher = EVP_aes_256_cbc ();
883 :
884 21 : vec_add2 (km->supported_transforms, tr, 1);
885 21 : tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
886 21 : tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
887 21 : tr->key_len = 192 / 8;
888 21 : tr->block_size = 128 / 8;
889 21 : tr->cipher = EVP_aes_192_cbc ();
890 :
891 21 : vec_add2 (km->supported_transforms, tr, 1);
892 21 : tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
893 21 : tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
894 21 : tr->key_len = 128 / 8;
895 21 : tr->block_size = 128 / 8;
896 21 : tr->cipher = EVP_aes_128_cbc ();
897 :
898 21 : vec_add2 (km->supported_transforms, tr, 1);
899 21 : tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
900 21 : tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_GCM_16;
901 21 : tr->key_len = 256 / 8;
902 21 : tr->block_size = 128 / 8;
903 21 : tr->cipher = EVP_aes_256_gcm ();
904 :
905 21 : vec_add2 (km->supported_transforms, tr, 1);
906 21 : tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
907 21 : tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_GCM_16;
908 21 : tr->key_len = 192 / 8;
909 21 : tr->block_size = 128 / 8;
910 21 : tr->cipher = EVP_aes_192_gcm ();
911 :
912 21 : vec_add2 (km->supported_transforms, tr, 1);
913 21 : tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
914 21 : tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_GCM_16;
915 21 : tr->key_len = 128 / 8;
916 21 : tr->block_size = 128 / 8;
917 21 : tr->cipher = EVP_aes_128_gcm ();
918 :
919 : //PRF
920 21 : vec_add2 (km->supported_transforms, tr, 1);
921 21 : tr->type = IKEV2_TRANSFORM_TYPE_PRF;
922 21 : tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA2_256;
923 21 : tr->key_len = 256 / 8;
924 21 : tr->key_trunc = 256 / 8;
925 21 : tr->md = EVP_sha256 ();
926 :
927 21 : vec_add2 (km->supported_transforms, tr, 1);
928 21 : tr->type = IKEV2_TRANSFORM_TYPE_PRF;
929 21 : tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA2_384;
930 21 : tr->key_len = 384 / 8;
931 21 : tr->key_trunc = 384 / 8;
932 21 : tr->md = EVP_sha384 ();
933 :
934 21 : vec_add2 (km->supported_transforms, tr, 1);
935 21 : tr->type = IKEV2_TRANSFORM_TYPE_PRF;
936 21 : tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA2_512;
937 21 : tr->key_len = 512 / 8;
938 21 : tr->key_trunc = 512 / 8;
939 21 : tr->md = EVP_sha512 ();
940 :
941 21 : vec_add2 (km->supported_transforms, tr, 1);
942 21 : tr->type = IKEV2_TRANSFORM_TYPE_PRF;
943 21 : tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA1;
944 21 : tr->key_len = 160 / 8;
945 21 : tr->key_trunc = 160 / 8;
946 21 : tr->md = EVP_sha1 ();
947 :
948 : //Integrity
949 21 : vec_add2 (km->supported_transforms, tr, 1);
950 21 : tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
951 21 : tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA2_256_128;
952 21 : tr->key_len = 256 / 8;
953 21 : tr->key_trunc = 128 / 8;
954 21 : tr->md = EVP_sha256 ();
955 :
956 21 : vec_add2 (km->supported_transforms, tr, 1);
957 21 : tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
958 21 : tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA2_384_192;
959 21 : tr->key_len = 384 / 8;
960 21 : tr->key_trunc = 192 / 8;
961 21 : tr->md = EVP_sha384 ();
962 :
963 21 : vec_add2 (km->supported_transforms, tr, 1);
964 21 : tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
965 21 : tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA2_512_256;
966 21 : tr->key_len = 512 / 8;
967 21 : tr->key_trunc = 256 / 8;
968 21 : tr->md = EVP_sha512 ();
969 :
970 21 : vec_add2 (km->supported_transforms, tr, 1);
971 21 : tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
972 21 : tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA1_160;
973 21 : tr->key_len = 160 / 8;
974 21 : tr->key_trunc = 160 / 8;
975 21 : tr->md = EVP_sha1 ();
976 :
977 21 : vec_add2 (km->supported_transforms, tr, 1);
978 21 : tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
979 21 : tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA1_96;
980 21 : tr->key_len = 160 / 8;
981 21 : tr->key_trunc = 96 / 8;
982 21 : tr->md = EVP_sha1 ();
983 :
984 :
985 : #if defined(OPENSSL_NO_CISCO_FECDH)
986 : vec_add2 (km->supported_transforms, tr, 1);
987 : tr->type = IKEV2_TRANSFORM_TYPE_DH;
988 : tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_512;
989 : tr->key_len = (512 * 2) / 8;
990 : tr->nid = NID_brainpoolP512r1;
991 : tr->dh_group = IKEV2_DH_GROUP_ECP;
992 :
993 : vec_add2 (km->supported_transforms, tr, 1);
994 : tr->type = IKEV2_TRANSFORM_TYPE_DH;
995 : tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_384;
996 : tr->key_len = (384 * 2) / 8;
997 : tr->nid = NID_brainpoolP384r1;
998 : tr->dh_group = IKEV2_DH_GROUP_ECP;
999 :
1000 : vec_add2 (km->supported_transforms, tr, 1);
1001 : tr->type = IKEV2_TRANSFORM_TYPE_DH;
1002 : tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_256;
1003 : tr->key_len = (256 * 2) / 8;
1004 : tr->nid = NID_brainpoolP256r1;
1005 : tr->dh_group = IKEV2_DH_GROUP_ECP;
1006 :
1007 : vec_add2 (km->supported_transforms, tr, 1);
1008 : tr->type = IKEV2_TRANSFORM_TYPE_DH;
1009 : tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_224;
1010 : tr->key_len = (224 * 2) / 8;
1011 : tr->nid = NID_brainpoolP224r1;
1012 : tr->dh_group = IKEV2_DH_GROUP_ECP;
1013 :
1014 : vec_add2 (km->supported_transforms, tr, 1);
1015 : tr->type = IKEV2_TRANSFORM_TYPE_DH;
1016 : tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_224;
1017 : tr->key_len = (224 * 2) / 8;
1018 : tr->nid = NID_secp224r1;
1019 : tr->dh_group = IKEV2_DH_GROUP_ECP;
1020 : #endif
1021 :
1022 21 : vec_add2 (km->supported_transforms, tr, 1);
1023 21 : tr->type = IKEV2_TRANSFORM_TYPE_DH;
1024 21 : tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_521;
1025 21 : tr->key_len = (528 * 2) / 8;
1026 21 : tr->nid = NID_secp521r1;
1027 21 : tr->dh_group = IKEV2_DH_GROUP_ECP;
1028 :
1029 21 : vec_add2 (km->supported_transforms, tr, 1);
1030 21 : tr->type = IKEV2_TRANSFORM_TYPE_DH;
1031 21 : tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_384;
1032 21 : tr->key_len = (384 * 2) / 8;
1033 21 : tr->nid = NID_secp384r1;
1034 21 : tr->dh_group = IKEV2_DH_GROUP_ECP;
1035 :
1036 21 : vec_add2 (km->supported_transforms, tr, 1);
1037 21 : tr->type = IKEV2_TRANSFORM_TYPE_DH;
1038 21 : tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_256;
1039 21 : tr->key_len = (256 * 2) / 8;
1040 21 : tr->nid = NID_X9_62_prime256v1;
1041 21 : tr->dh_group = IKEV2_DH_GROUP_ECP;
1042 :
1043 21 : vec_add2 (km->supported_transforms, tr, 1);
1044 21 : tr->type = IKEV2_TRANSFORM_TYPE_DH;
1045 21 : tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_192;
1046 21 : tr->key_len = (192 * 2) / 8;
1047 21 : tr->nid = NID_X9_62_prime192v1;
1048 21 : tr->dh_group = IKEV2_DH_GROUP_ECP;
1049 :
1050 21 : vec_add2 (km->supported_transforms, tr, 1);
1051 21 : tr->type = IKEV2_TRANSFORM_TYPE_DH;
1052 21 : tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048_256;
1053 21 : tr->key_len = 2048 / 8;
1054 21 : tr->dh_p = (const char *) &modp_dh_2048_256_prime;
1055 21 : tr->dh_g = (const char *) &modp_dh_2048_256_generator;
1056 21 : tr->dh_group = IKEV2_DH_GROUP_MODP;
1057 :
1058 21 : vec_add2 (km->supported_transforms, tr, 1);
1059 21 : tr->type = IKEV2_TRANSFORM_TYPE_DH;
1060 21 : tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048_224;
1061 21 : tr->key_len = 2048 / 8;
1062 21 : tr->dh_p = (const char *) &modp_dh_2048_224_prime;
1063 21 : tr->dh_g = (const char *) &modp_dh_2048_224_generator;
1064 21 : tr->dh_group = IKEV2_DH_GROUP_MODP;
1065 :
1066 21 : vec_add2 (km->supported_transforms, tr, 1);
1067 21 : tr->type = IKEV2_TRANSFORM_TYPE_DH;
1068 21 : tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1024_160;
1069 21 : tr->key_len = 1024 / 8;
1070 21 : tr->dh_p = (const char *) &modp_dh_1024_160_prime;
1071 21 : tr->dh_g = (const char *) &modp_dh_1024_160_generator;
1072 21 : tr->dh_group = IKEV2_DH_GROUP_MODP;
1073 :
1074 21 : vec_add2 (km->supported_transforms, tr, 1);
1075 21 : tr->type = IKEV2_TRANSFORM_TYPE_DH;
1076 21 : tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_8192;
1077 21 : tr->key_len = 8192 / 8;
1078 21 : tr->dh_p = (const char *) &modp_dh_8192_prime;
1079 21 : tr->dh_g = (const char *) &modp_dh_8192_generator;
1080 21 : tr->dh_group = IKEV2_DH_GROUP_MODP;
1081 :
1082 21 : vec_add2 (km->supported_transforms, tr, 1);
1083 21 : tr->type = IKEV2_TRANSFORM_TYPE_DH;
1084 21 : tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_6144;
1085 21 : tr->key_len = 6144 / 8;
1086 21 : tr->dh_p = (const char *) &modp_dh_6144_prime;
1087 21 : tr->dh_g = (const char *) &modp_dh_6144_generator;
1088 21 : tr->dh_group = IKEV2_DH_GROUP_MODP;
1089 :
1090 21 : vec_add2 (km->supported_transforms, tr, 1);
1091 21 : tr->type = IKEV2_TRANSFORM_TYPE_DH;
1092 21 : tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_4096;
1093 21 : tr->key_len = 4096 / 8;
1094 21 : tr->dh_p = (const char *) &modp_dh_4096_prime;
1095 21 : tr->dh_g = (const char *) &modp_dh_4096_generator;
1096 21 : tr->dh_group = IKEV2_DH_GROUP_MODP;
1097 :
1098 21 : vec_add2 (km->supported_transforms, tr, 1);
1099 21 : tr->type = IKEV2_TRANSFORM_TYPE_DH;
1100 21 : tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_3072;
1101 21 : tr->key_len = 3072 / 8;
1102 21 : tr->dh_p = (const char *) &modp_dh_3072_prime;
1103 21 : tr->dh_g = (const char *) &modp_dh_3072_generator;
1104 21 : tr->dh_group = IKEV2_DH_GROUP_MODP;
1105 :
1106 21 : vec_add2 (km->supported_transforms, tr, 1);
1107 21 : tr->type = IKEV2_TRANSFORM_TYPE_DH;
1108 21 : tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048;
1109 21 : tr->key_len = 2048 / 8;
1110 21 : tr->dh_p = (const char *) &modp_dh_2048_prime;
1111 21 : tr->dh_g = (const char *) &modp_dh_2048_generator;
1112 21 : tr->dh_group = IKEV2_DH_GROUP_MODP;
1113 :
1114 21 : vec_add2 (km->supported_transforms, tr, 1);
1115 21 : tr->type = IKEV2_TRANSFORM_TYPE_DH;
1116 21 : tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1536;
1117 21 : tr->key_len = 1536 / 8;
1118 21 : tr->dh_p = (const char *) &modp_dh_1536_prime;
1119 21 : tr->dh_g = (const char *) &modp_dh_1536_generator;
1120 21 : tr->dh_group = IKEV2_DH_GROUP_MODP;
1121 :
1122 21 : vec_add2 (km->supported_transforms, tr, 1);
1123 21 : tr->type = IKEV2_TRANSFORM_TYPE_DH;
1124 21 : tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1024;
1125 21 : tr->key_len = 1024 / 8;
1126 21 : tr->dh_p = (const char *) &modp_dh_1024_prime;
1127 21 : tr->dh_g = (const char *) &modp_dh_1024_generator;
1128 21 : tr->dh_group = IKEV2_DH_GROUP_MODP;
1129 :
1130 21 : vec_add2 (km->supported_transforms, tr, 1);
1131 21 : tr->type = IKEV2_TRANSFORM_TYPE_DH;
1132 21 : tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_768;
1133 21 : tr->key_len = 768 / 8;
1134 21 : tr->dh_p = (const char *) &modp_dh_768_prime;
1135 21 : tr->dh_g = (const char *) &modp_dh_768_generator;
1136 21 : tr->dh_group = IKEV2_DH_GROUP_MODP;
1137 :
1138 21 : vec_add2 (km->supported_transforms, tr, 1);
1139 21 : tr->type = IKEV2_TRANSFORM_TYPE_ESN;
1140 21 : tr->esn_type = IKEV2_TRANSFORM_ESN_TYPE_ESN;
1141 :
1142 21 : vec_add2 (km->supported_transforms, tr, 1);
1143 21 : tr->type = IKEV2_TRANSFORM_TYPE_ESN;
1144 21 : tr->esn_type = IKEV2_TRANSFORM_ESN_TYPE_NO_ESN;
1145 21 : }
1146 :
1147 :
1148 :
1149 : /*
1150 : * fd.io coding-style-patch-verification: ON
1151 : *
1152 : * Local Variables:
1153 : * eval: (c-set-style "gnu")
1154 : * End:
1155 : */
|
