FD.io VPP  v20.01-48-g3e0dafb74
Vector Packet Processing
ikev2_crypto.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2015 Cisco and/or its affiliates.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at:
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include <vlib/vlib.h>
17 #include <vnet/vnet.h>
18 #include <vnet/pg/pg.h>
19 #include <vppinfra/error.h>
20 #include <vnet/udp/udp.h>
21 #include <plugins/ikev2/ikev2.h>
23 #include <openssl/obj_mac.h>
24 #include <openssl/ec.h>
25 #include <openssl/x509.h>
26 #include <openssl/pem.h>
27 #include <openssl/bn.h>
28 #include <openssl/dh.h>
29 
30 /* from RFC7296 */
31 static const char modp_dh_768_prime[] =
32  "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
33  "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
34  "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
35  "E485B576625E7EC6F44C42E9A63A3620FFFFFFFFFFFFFFFF";
36 static const char modp_dh_768_generator[] = "02";
37 
38 static const char modp_dh_1024_prime[] =
39  "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
40  "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
41  "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
42  "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
43  "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381" "FFFFFFFFFFFFFFFF";
44 static const char modp_dh_1024_generator[] = "02";
45 
46 /* from RFC3526 */
47 static const char modp_dh_1536_prime[] =
48  "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
49  "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
50  "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
51  "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
52  "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
53  "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
54  "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
55  "670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF";
56 static const char modp_dh_1536_generator[] = "02";
57 
58 static const char modp_dh_2048_prime[] =
59  "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
60  "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
61  "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
62  "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
63  "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
64  "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
65  "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
66  "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
67  "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
68  "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
69  "15728E5A8AACAA68FFFFFFFFFFFFFFFF";
70 static const char modp_dh_2048_generator[] = "02";
71 
72 static const char modp_dh_3072_prime[] =
73  "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
74  "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
75  "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
76  "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
77  "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
78  "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
79  "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
80  "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
81  "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
82  "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
83  "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
84  "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
85  "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
86  "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
87  "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
88  "43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF";
89 static const char modp_dh_3072_generator[] = "02";
90 
91 static const char modp_dh_4096_prime[] =
92  "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
93  "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
94  "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
95  "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
96  "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
97  "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
98  "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
99  "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
100  "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
101  "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
102  "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
103  "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
104  "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
105  "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
106  "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
107  "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7"
108  "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA"
109  "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6"
110  "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED"
111  "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9"
112  "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199" "FFFFFFFFFFFFFFFF";
113 static const char modp_dh_4096_generator[] = "02";
114 
115 static const char modp_dh_6144_prime[] =
116  "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E08"
117  "8A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B"
118  "302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9"
119  "A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE6"
120  "49286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8"
121  "FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D"
122  "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C"
123  "180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF695581718"
124  "3995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D"
125  "04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7D"
126  "B3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D226"
127  "1AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
128  "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFC"
129  "E0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B26"
130  "99C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB"
131  "04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2"
132  "233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127"
133  "D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492"
134  "36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406"
135  "AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918"
136  "DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B33205151"
137  "2BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03"
138  "F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97F"
139  "BEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA"
140  "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58B"
141  "B7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632"
142  "387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E"
143  "6DCC4024FFFFFFFFFFFFFFFF";
144 static const char modp_dh_6144_generator[] = "02";
145 
146 static const char modp_dh_8192_prime[] =
147  "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
148  "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
149  "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
150  "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
151  "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
152  "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
153  "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
154  "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
155  "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
156  "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
157  "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
158  "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
159  "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
160  "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
161  "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
162  "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7"
163  "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA"
164  "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6"
165  "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED"
166  "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9"
167  "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492"
168  "36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BD"
169  "F8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831"
170  "179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1B"
171  "DB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF"
172  "5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6"
173  "D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F3"
174  "23A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA"
175  "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE328"
176  "06A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55C"
177  "DA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE"
178  "12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E4"
179  "38777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300"
180  "741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F568"
181  "3423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD9"
182  "22222E04A4037C0713EB57A81A23F0C73473FC646CEA306B"
183  "4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A"
184  "062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A36"
185  "4597E899A0255DC164F31CC50846851DF9AB48195DED7EA1"
186  "B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F92"
187  "4009438B481C6CD7889A002ED5EE382BC9190DA6FC026E47"
188  "9558E4475677E9AA9E3050E2765694DFC81F56E880B96E71"
189  "60C980DD98EDD3DFFFFFFFFFFFFFFFFF";
190 static const char modp_dh_8192_generator[] = "02";
191 
192 /* from RFC5114 */
193 static const char modp_dh_1024_160_prime[] =
194  "B10B8F96A080E01DDE92DE5EAE5D54EC52C99FBCFB06A3C6"
195  "9A6A9DCA52D23B616073E28675A23D189838EF1E2EE652C0"
196  "13ECB4AEA906112324975C3CD49B83BFACCBDD7D90C4BD70"
197  "98488E9C219A73724EFFD6FAE5644738FAA31A4FF55BCCC0"
198  "A151AF5F0DC8B4BD45BF37DF365C1A65E68CFDA76D4DA708" "DF1FB2BC2E4A4371";
199 static const char modp_dh_1024_160_generator[] =
200  "A4D1CBD5C3FD34126765A442EFB99905F8104DD258AC507F"
201  "D6406CFF14266D31266FEA1E5C41564B777E690F5504F213"
202  "160217B4B01B886A5E91547F9E2749F4D7FBD7D3B9A92EE1"
203  "909D0D2263F80A76A6A24C087A091F531DBF0A0169B6A28A"
204  "D662A4D18E73AFA32D779D5918D08BC8858F4DCEF97C2A24" "855E6EEB22B3B2E5";
205 
206 static const char modp_dh_2048_224_prime[] =
207  "AD107E1E9123A9D0D660FAA79559C51FA20D64E5683B9FD1"
208  "B54B1597B61D0A75E6FA141DF95A56DBAF9A3C407BA1DF15"
209  "EB3D688A309C180E1DE6B85A1274A0A66D3F8152AD6AC212"
210  "9037C9EDEFDA4DF8D91E8FEF55B7394B7AD5B7D0B6C12207"
211  "C9F98D11ED34DBF6C6BA0B2C8BBC27BE6A00E0A0B9C49708"
212  "B3BF8A317091883681286130BC8985DB1602E714415D9330"
213  "278273C7DE31EFDC7310F7121FD5A07415987D9ADC0A486D"
214  "CDF93ACC44328387315D75E198C641A480CD86A1B9E587E8"
215  "BE60E69CC928B2B9C52172E413042E9B23F10B0E16E79763"
216  "C9B53DCF4BA80A29E3FB73C16B8E75B97EF363E2FFA31F71"
217  "CF9DE5384E71B81C0AC4DFFE0C10E64F";
218 static const char modp_dh_2048_224_generator[] =
219  "AC4032EF4F2D9AE39DF30B5C8FFDAC506CDEBE7B89998CAF"
220  "74866A08CFE4FFE3A6824A4E10B9A6F0DD921F01A70C4AFA"
221  "AB739D7700C29F52C57DB17C620A8652BE5E9001A8D66AD7"
222  "C17669101999024AF4D027275AC1348BB8A762D0521BC98A"
223  "E247150422EA1ED409939D54DA7460CDB5F6C6B250717CBE"
224  "F180EB34118E98D119529A45D6F834566E3025E316A330EF"
225  "BB77A86F0C1AB15B051AE3D428C8F8ACB70A8137150B8EEB"
226  "10E183EDD19963DDD9E263E4770589EF6AA21E7F5F2FF381"
227  "B539CCE3409D13CD566AFBB48D6C019181E1BCFE94B30269"
228  "EDFE72FE9B6AA4BD7B5A0F1C71CFFF4C19C418E1F6EC0179"
229  "81BC087F2A7065B384B890D3191F2BFA";
230 
231 static const char modp_dh_2048_256_prime[] =
232  "87A8E61DB4B6663CFFBBD19C651959998CEEF608660DD0F2"
233  "5D2CEED4435E3B00E00DF8F1D61957D4FAF7DF4561B2AA30"
234  "16C3D91134096FAA3BF4296D830E9A7C209E0C6497517ABD"
235  "5A8A9D306BCF67ED91F9E6725B4758C022E0B1EF4275BF7B"
236  "6C5BFC11D45F9088B941F54EB1E59BB8BC39A0BF12307F5C"
237  "4FDB70C581B23F76B63ACAE1CAA6B7902D52526735488A0E"
238  "F13C6D9A51BFA4AB3AD8347796524D8EF6A167B5A41825D9"
239  "67E144E5140564251CCACB83E6B486F6B3CA3F7971506026"
240  "C0B857F689962856DED4010ABD0BE621C3A3960A54E710C3"
241  "75F26375D7014103A4B54330C198AF126116D2276E11715F"
242  "693877FAD7EF09CADB094AE91E1A1597";
243 static const char modp_dh_2048_256_generator[] =
244  "3FB32C9B73134D0B2E77506660EDBD484CA7B18F21EF2054"
245  "07F4793A1A0BA12510DBC15077BE463FFF4FED4AAC0BB555"
246  "BE3A6C1B0C6B47B1BC3773BF7E8C6F62901228F8C28CBB18"
247  "A55AE31341000A650196F931C77A57F2DDF463E5E9EC144B"
248  "777DE62AAAB8A8628AC376D282D6ED3864E67982428EBC83"
249  "1D14348F6F2F9193B5045AF2767164E1DFC967C1FB3F2E55"
250  "A4BD1BFFE83B9C80D052B985D182EA0ADB2A3B7313D3FE14"
251  "C8484B1E052588B9B7D2BBD2DF016199ECD06E1557CD0915"
252  "B3353BBB64E0EC377FD028370DF92B52C7891428CDC67EB6"
253  "184B523D1DB246C32F63078490F00EF8D647D148D4795451"
254  "5E2327CFEF98C582664B4C0F6CC41659";
255 
256 v8 *
258 {
259 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
260  HMAC_CTX *ctx;
261 #else
262  HMAC_CTX ctx;
263 #endif
264  v8 *prf;
265  unsigned int len = 0;
266 
267  prf = vec_new (u8, tr->key_trunc);
268 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
269  ctx = HMAC_CTX_new ();
270  HMAC_Init_ex (ctx, key, vec_len (key), tr->md, NULL);
271  HMAC_Update (ctx, data, vec_len (data));
272  HMAC_Final (ctx, prf, &len);
273  HMAC_CTX_free (ctx);
274 #else
275  HMAC_CTX_init (&ctx);
276  HMAC_Init_ex (&ctx, key, vec_len (key), tr->md, NULL);
277  HMAC_Update (&ctx, data, vec_len (data));
278  HMAC_Final (&ctx, prf, &len);
279  HMAC_CTX_cleanup (&ctx);
280 #endif
281  ASSERT (len == tr->key_trunc);
282 
283  return prf;
284 }
285 
286 u8 *
288 {
289  v8 *t = 0, *s = 0, *tmp = 0, *ret = 0;
290  u8 x = 0;
291 
292  /* prf+ (K,S) = T1 | T2 | T3 | T4 | ...
293 
294  where:
295  T1 = prf (K, S | 0x01)
296  T2 = prf (K, T1 | S | 0x02)
297  T3 = prf (K, T2 | S | 0x03)
298  T4 = prf (K, T3 | S | 0x04)
299  */
300 
301  while (vec_len (ret) < len && x < 255)
302  {
303  if (t)
304  {
305  vec_append (s, t);
306  vec_free (t);
307  }
308 
309  vec_append (s, seed);
310  vec_add2 (s, tmp, 1);
311  *tmp = x + 1;
312  t = ikev2_calc_prf (tr, key, s);
313  vec_append (ret, t);
314  vec_free (s);
315  x++;
316  }
317 
318  vec_free (t);
319 
320  if (x == 255)
321  {
322  vec_free (ret);
323  }
324 
325  return ret;
326 }
327 
328 v8 *
330 {
331  v8 *r;
332 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
333  HMAC_CTX *hctx;
334 #else
335  HMAC_CTX hctx;
336 #endif
337  unsigned int l;
338 
339  ASSERT (tr->type == IKEV2_TRANSFORM_TYPE_INTEG);
340 
341  r = vec_new (u8, tr->key_len);
342 
343  if (tr->md == EVP_sha1 ())
344  {
345  clib_warning ("integrity checking with sha1");
346  }
347  else if (tr->md == EVP_sha256 ())
348  {
349  clib_warning ("integrity checking with sha256");
350  }
351 
352  /* verify integrity of data */
353 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
354  hctx = HMAC_CTX_new ();
355  HMAC_Init_ex (hctx, key, vec_len (key), tr->md, NULL);
356  HMAC_Update (hctx, (const u8 *) data, len);
357  HMAC_Final (hctx, r, &l);
358  HMAC_CTX_free (hctx);
359 #else
360  HMAC_CTX_init (&hctx);
361  HMAC_Init_ex (&hctx, key, vec_len (key), tr->md, NULL);
362  HMAC_Update (&hctx, (const u8 *) data, len);
363  HMAC_Final (&hctx, r, &l);
364  HMAC_CTX_cleanup (&hctx);
365 #endif
366 
367  ASSERT (l == tr->key_len);
368 
369  return r;
370 }
371 
372 v8 *
374 {
375 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
376  EVP_CIPHER_CTX *ctx;
377 #else
378  EVP_CIPHER_CTX ctx;
379 #endif
380  v8 *r;
381  int out_len = 0, block_size;
382  ikev2_sa_transform_t *tr_encr;
383  u8 *key = sa->is_initiator ? sa->sk_er : sa->sk_ei;
384 
385  tr_encr =
386  ikev2_sa_get_td_for_type (sa->r_proposals, IKEV2_TRANSFORM_TYPE_ENCR);
387  block_size = tr_encr->block_size;
388 
389  /* check if data is multiplier of cipher block size */
390  if (len % block_size)
391  {
392  clib_warning ("wrong data length");
393  return 0;
394  }
395 
396 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
397  ctx = EVP_CIPHER_CTX_new ();
398 #else
399  EVP_CIPHER_CTX_init (&ctx);
400 #endif
401 
402  r = vec_new (u8, len - block_size);
403 
404 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
405  EVP_DecryptInit_ex (ctx, tr_encr->cipher, NULL, key, data);
406  EVP_DecryptUpdate (ctx, r, &out_len, data + block_size, len - block_size);
407  EVP_DecryptFinal_ex (ctx, r + out_len, &out_len);
408 #else
409  EVP_DecryptInit_ex (&ctx, tr_encr->cipher, NULL, key, data);
410  EVP_DecryptUpdate (&ctx, r, &out_len, data + block_size, len - block_size);
411  EVP_DecryptFinal_ex (&ctx, r + out_len, &out_len);
412 #endif
413  /* remove padding */
414  _vec_len (r) -= r[vec_len (r) - 1] + 1;
415 
416 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
417  EVP_CIPHER_CTX_free (ctx);
418 #else
419  EVP_CIPHER_CTX_cleanup (&ctx);
420 #endif
421  return r;
422 }
423 
424 int
426 {
427 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
428  EVP_CIPHER_CTX *ctx;
429 #else
430  EVP_CIPHER_CTX ctx;
431 #endif
432  int out_len;
433  int bs;
434  ikev2_sa_transform_t *tr_encr;
435  u8 *key = sa->is_initiator ? sa->sk_ei : sa->sk_er;
436 
437  tr_encr =
438  ikev2_sa_get_td_for_type (sa->r_proposals, IKEV2_TRANSFORM_TYPE_ENCR);
439  bs = tr_encr->block_size;
440 
441  /* generate IV */
442  RAND_bytes (dst, bs);
443 
444 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
445  ctx = EVP_CIPHER_CTX_new ();
446  EVP_EncryptInit_ex (ctx, tr_encr->cipher, NULL, key, dst /* dst */ );
447  EVP_EncryptUpdate (ctx, dst + bs, &out_len, src, vec_len (src));
448  EVP_CIPHER_CTX_free (ctx);
449 #else
450  EVP_CIPHER_CTX_init (&ctx);
451  EVP_EncryptInit_ex (&ctx, tr_encr->cipher, NULL, key, dst /* dst */ );
452  EVP_EncryptUpdate (&ctx, dst + bs, &out_len, src, vec_len (src));
453  EVP_CIPHER_CTX_cleanup (&ctx);
454 #endif
455 
456  ASSERT (vec_len (src) == out_len);
457 
458  return out_len + bs;
459 }
460 
461 void
463 {
464  int r;
465 
466  if (t->dh_group == IKEV2_DH_GROUP_MODP)
467  {
468  DH *dh = DH_new ();
469 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
470  BIGNUM *p = NULL;
471  BIGNUM *g = NULL;
472  const BIGNUM *pub_key, *priv_key;
473 
474  BN_hex2bn (&p, t->dh_p);
475  BN_hex2bn (&g, t->dh_g);
476  DH_set0_pqg (dh, p, NULL, g);
477 #else
478  BN_hex2bn (&dh->p, t->dh_p);
479  BN_hex2bn (&dh->g, t->dh_g);
480 #endif
481  DH_generate_key (dh);
482 
483  if (sa->is_initiator)
484  {
485  sa->i_dh_data = vec_new (u8, t->key_len);
486  sa->dh_private_key = vec_new (u8, t->key_len);
487 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
488  DH_get0_key (dh, &pub_key, &priv_key);
489  r = BN_bn2bin (pub_key, sa->i_dh_data);
490  ASSERT (r == t->key_len);
491  r = BN_bn2bin (priv_key, sa->dh_private_key);
492 #else
493  r = BN_bn2bin (dh->pub_key, sa->i_dh_data);
494  ASSERT (r == t->key_len);
495  r = BN_bn2bin (dh->priv_key, sa->dh_private_key);
496 #endif
497  ASSERT (r == t->key_len);
498  }
499  else
500  {
501  sa->r_dh_data = vec_new (u8, t->key_len);
502 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
503  DH_get0_key (dh, &pub_key, &priv_key);
504  r = BN_bn2bin (pub_key, sa->r_dh_data);
505 #else
506  r = BN_bn2bin (dh->pub_key, sa->r_dh_data);
507 #endif
508  ASSERT (r == t->key_len);
509 
510  BIGNUM *ex;
511  sa->dh_shared_key = vec_new (u8, t->key_len);
512  ex = BN_bin2bn (sa->i_dh_data, vec_len (sa->i_dh_data), NULL);
513  r = DH_compute_key (sa->dh_shared_key, ex, dh);
514  ASSERT (r == t->key_len);
515  BN_clear_free (ex);
516  }
517  DH_free (dh);
518  }
519  else if (t->dh_group == IKEV2_DH_GROUP_ECP)
520  {
521  EC_KEY *ec = EC_KEY_new_by_curve_name (t->nid);
522  ASSERT (ec);
523 
524  EC_KEY_generate_key (ec);
525 
526  const EC_POINT *r_point = EC_KEY_get0_public_key (ec);
527  const EC_GROUP *group = EC_KEY_get0_group (ec);
528  BIGNUM *x = NULL, *y = NULL;
529  BN_CTX *bn_ctx = BN_CTX_new ();
530  u16 x_off, y_off, len;
531  EC_POINT *i_point = EC_POINT_new (group);
532  EC_POINT *shared_point = EC_POINT_new (group);
533 
534  x = BN_new ();
535  y = BN_new ();
536  len = t->key_len / 2;
537 
538 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
539  EC_POINT_get_affine_coordinates (group, r_point, x, y, bn_ctx);
540 #else
541  EC_POINT_get_affine_coordinates_GFp (group, r_point, x, y, bn_ctx);
542 #endif
543 
544  if (sa->is_initiator)
545  {
546  sa->i_dh_data = vec_new (u8, t->key_len);
547  x_off = len - BN_num_bytes (x);
548  clib_memset (sa->i_dh_data, 0, x_off);
549  BN_bn2bin (x, sa->i_dh_data + x_off);
550  y_off = t->key_len - BN_num_bytes (y);
551  clib_memset (sa->i_dh_data + len, 0, y_off - len);
552  BN_bn2bin (y, sa->i_dh_data + y_off);
553 
554  const BIGNUM *prv = EC_KEY_get0_private_key (ec);
555  sa->dh_private_key = vec_new (u8, BN_num_bytes (prv));
556  r = BN_bn2bin (prv, sa->dh_private_key);
557  ASSERT (r == BN_num_bytes (prv));
558  }
559  else
560  {
561  sa->r_dh_data = vec_new (u8, t->key_len);
562  x_off = len - BN_num_bytes (x);
563  clib_memset (sa->r_dh_data, 0, x_off);
564  BN_bn2bin (x, sa->r_dh_data + x_off);
565  y_off = t->key_len - BN_num_bytes (y);
566  clib_memset (sa->r_dh_data + len, 0, y_off - len);
567  BN_bn2bin (y, sa->r_dh_data + y_off);
568 
569  x = BN_bin2bn (sa->i_dh_data, len, x);
570  y = BN_bin2bn (sa->i_dh_data + len, len, y);
571 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
572  EC_POINT_set_affine_coordinates (group, i_point, x, y, bn_ctx);
573 #else
574  EC_POINT_set_affine_coordinates_GFp (group, i_point, x, y, bn_ctx);
575 #endif
576  sa->dh_shared_key = vec_new (u8, t->key_len);
577  EC_POINT_mul (group, shared_point, NULL, i_point,
578  EC_KEY_get0_private_key (ec), NULL);
579 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
580  EC_POINT_get_affine_coordinates (group, shared_point, x, y, bn_ctx);
581 #else
582  EC_POINT_get_affine_coordinates_GFp (group, shared_point, x, y,
583  bn_ctx);
584 #endif
585  x_off = len - BN_num_bytes (x);
586  clib_memset (sa->dh_shared_key, 0, x_off);
587  BN_bn2bin (x, sa->dh_shared_key + x_off);
588  y_off = t->key_len - BN_num_bytes (y);
589  clib_memset (sa->dh_shared_key + len, 0, y_off - len);
590  BN_bn2bin (y, sa->dh_shared_key + y_off);
591  }
592 
593  EC_KEY_free (ec);
594  BN_free (x);
595  BN_free (y);
596  BN_CTX_free (bn_ctx);
597  EC_POINT_free (i_point);
598  EC_POINT_free (shared_point);
599  }
600 }
601 
602 void
604 {
605  int r;
606 
607  if (t->dh_group == IKEV2_DH_GROUP_MODP)
608  {
609  DH *dh = DH_new ();
610 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
611  BIGNUM *p = NULL;
612  BIGNUM *g = NULL;
613  BIGNUM *priv_key;
614 
615  BN_hex2bn (&p, t->dh_p);
616  BN_hex2bn (&g, t->dh_g);
617  DH_set0_pqg (dh, p, NULL, g);
618 
619  priv_key =
620  BN_bin2bn (sa->dh_private_key, vec_len (sa->dh_private_key), NULL);
621  DH_set0_key (dh, NULL, priv_key);
622 #else
623  BN_hex2bn (&dh->p, t->dh_p);
624  BN_hex2bn (&dh->g, t->dh_g);
625 
626  dh->priv_key =
627  BN_bin2bn (sa->dh_private_key, vec_len (sa->dh_private_key), NULL);
628 #endif
629  BIGNUM *ex;
630  sa->dh_shared_key = vec_new (u8, t->key_len);
631  ex = BN_bin2bn (sa->r_dh_data, vec_len (sa->r_dh_data), NULL);
632  r = DH_compute_key (sa->dh_shared_key, ex, dh);
633  ASSERT (r == t->key_len);
634  BN_clear_free (ex);
635  DH_free (dh);
636  }
637  else if (t->dh_group == IKEV2_DH_GROUP_ECP)
638  {
639  EC_KEY *ec = EC_KEY_new_by_curve_name (t->nid);
640  ASSERT (ec);
641 
642  const EC_GROUP *group = EC_KEY_get0_group (ec);
643  BIGNUM *x = NULL, *y = NULL;
644  BN_CTX *bn_ctx = BN_CTX_new ();
645  u16 x_off, y_off, len;
646  BIGNUM *prv;
647 
648  prv =
649  BN_bin2bn (sa->dh_private_key, vec_len (sa->dh_private_key), NULL);
650  EC_KEY_set_private_key (ec, prv);
651 
652  x = BN_new ();
653  y = BN_new ();
654  len = t->key_len / 2;
655 
656  x = BN_bin2bn (sa->r_dh_data, len, x);
657  y = BN_bin2bn (sa->r_dh_data + len, len, y);
658  EC_POINT *r_point = EC_POINT_new (group);
659 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
660  EC_POINT_set_affine_coordinates (group, r_point, x, y, bn_ctx);
661 #else
662  EC_POINT_set_affine_coordinates_GFp (group, r_point, x, y, bn_ctx);
663 #endif
664  EC_KEY_set_public_key (ec, r_point);
665 
666  EC_POINT *i_point = EC_POINT_new (group);
667  EC_POINT *shared_point = EC_POINT_new (group);
668 
669  x = BN_bin2bn (sa->i_dh_data, len, x);
670  y = BN_bin2bn (sa->i_dh_data + len, len, y);
671 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
672  EC_POINT_set_affine_coordinates (group, i_point, x, y, bn_ctx);
673 #else
674  EC_POINT_set_affine_coordinates_GFp (group, i_point, x, y, bn_ctx);
675 #endif
676  EC_POINT_mul (group, shared_point, NULL, r_point,
677  EC_KEY_get0_private_key (ec), NULL);
678 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
679  EC_POINT_get_affine_coordinates (group, shared_point, x, y, bn_ctx);
680 #else
681  EC_POINT_get_affine_coordinates_GFp (group, shared_point, x, y, bn_ctx);
682 #endif
683  sa->dh_shared_key = vec_new (u8, t->key_len);
684  x_off = len - BN_num_bytes (x);
685  clib_memset (sa->dh_shared_key, 0, x_off);
686  BN_bn2bin (x, sa->dh_shared_key + x_off);
687  y_off = t->key_len - BN_num_bytes (y);
688  clib_memset (sa->dh_shared_key + len, 0, y_off - len);
689  BN_bn2bin (y, sa->dh_shared_key + y_off);
690 
691  EC_KEY_free (ec);
692  BN_free (x);
693  BN_free (y);
694  BN_free (prv);
695  BN_CTX_free (bn_ctx);
696  EC_POINT_free (i_point);
697  EC_POINT_free (r_point);
698  EC_POINT_free (shared_point);
699  }
700 }
701 
702 int
703 ikev2_verify_sign (EVP_PKEY * pkey, u8 * sigbuf, u8 * data)
704 {
705  int verify;
706 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
707  EVP_MD_CTX *md_ctx = EVP_MD_CTX_new ();
708 #else
709  EVP_MD_CTX md_ctx;
710  EVP_MD_CTX_init (&md_ctx);
711 #endif
712 
713 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
714  EVP_VerifyInit (md_ctx, EVP_sha1 ());
715  EVP_VerifyUpdate (md_ctx, data, vec_len (data));
716 #else
717  EVP_VerifyInit_ex (&md_ctx, EVP_sha1 (), NULL);
718  EVP_VerifyUpdate (&md_ctx, data, vec_len (data));
719 #endif
720 
721 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
722  verify = EVP_VerifyFinal (md_ctx, sigbuf, vec_len (sigbuf), pkey);
723  EVP_MD_CTX_free (md_ctx);
724 #else
725  verify = EVP_VerifyFinal (&md_ctx, sigbuf, vec_len (sigbuf), pkey);
726  EVP_MD_CTX_cleanup (&md_ctx);
727 #endif
728  return verify;
729 }
730 
731 u8 *
732 ikev2_calc_sign (EVP_PKEY * pkey, u8 * data)
733 {
734 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
735  EVP_MD_CTX *md_ctx = EVP_MD_CTX_new ();
736 #else
737  EVP_MD_CTX md_ctx;
738  EVP_MD_CTX_init (&md_ctx);
739 #endif
740  unsigned int sig_len = 0;
741  u8 *sign;
742 
743 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
744  EVP_SignInit (md_ctx, EVP_sha1 ());
745  EVP_SignUpdate (md_ctx, data, vec_len (data));
746  /* get sign len */
747  EVP_SignFinal (md_ctx, NULL, &sig_len, pkey);
748  sign = vec_new (u8, sig_len);
749  /* calc sign */
750  EVP_SignFinal (md_ctx, sign, &sig_len, pkey);
751  EVP_MD_CTX_free (md_ctx);
752 #else
753  EVP_SignInit (&md_ctx, EVP_sha1 ());
754  EVP_SignUpdate (&md_ctx, data, vec_len (data));
755  /* get sign len */
756  EVP_SignFinal (&md_ctx, NULL, &sig_len, pkey);
757  sign = vec_new (u8, sig_len);
758  /* calc sign */
759  EVP_SignFinal (&md_ctx, sign, &sig_len, pkey);
760  EVP_MD_CTX_cleanup (&md_ctx);
761 #endif
762  return sign;
763 }
764 
765 EVP_PKEY *
767 {
768  FILE *fp;
769  X509 *x509;
770  EVP_PKEY *pkey = NULL;
771 
772  fp = fopen ((char *) file, "r");
773  if (!fp)
774  {
775  clib_warning ("open %s failed", file);
776  goto end;
777  }
778 
779  x509 = PEM_read_X509 (fp, NULL, NULL, NULL);
780  fclose (fp);
781  if (x509 == NULL)
782  {
783  clib_warning ("read cert %s failed", file);
784  goto end;
785  }
786 
787  pkey = X509_get_pubkey (x509);
788  if (pkey == NULL)
789  clib_warning ("get pubkey %s failed", file);
790 
791 end:
792  return pkey;
793 }
794 
795 EVP_PKEY *
797 {
798  FILE *fp;
799  EVP_PKEY *pkey = NULL;
800 
801  fp = fopen ((char *) file, "r");
802  if (!fp)
803  {
804  clib_warning ("open %s failed", file);
805  goto end;
806  }
807 
808  pkey = PEM_read_PrivateKey (fp, NULL, NULL, NULL);
809  fclose (fp);
810  if (pkey == NULL)
811  clib_warning ("read %s failed", file);
812 
813 end:
814  return pkey;
815 }
816 
817 void
819 {
821 
822  /* vector of supported transforms - in order of preference */
823 
824  //Encryption
825 
826  vec_add2 (km->supported_transforms, tr, 1);
827  tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
828  tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
829  tr->key_len = 256 / 8;
830  tr->block_size = 128 / 8;
831  tr->cipher = EVP_aes_256_cbc ();
832 
833  vec_add2 (km->supported_transforms, tr, 1);
834  tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
835  tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
836  tr->key_len = 192 / 8;
837  tr->block_size = 128 / 8;
838  tr->cipher = EVP_aes_192_cbc ();
839 
840  vec_add2 (km->supported_transforms, tr, 1);
841  tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
842  tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
843  tr->key_len = 128 / 8;
844  tr->block_size = 128 / 8;
845  tr->cipher = EVP_aes_128_cbc ();
846 
847  vec_add2 (km->supported_transforms, tr, 1);
848  tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
849  tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_GCM_16;
850  tr->key_len = 256 / 8;
851  tr->block_size = 128 / 8;
852  tr->cipher = EVP_aes_256_gcm ();
853 
854  vec_add2 (km->supported_transforms, tr, 1);
855  tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
856  tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_GCM_16;
857  tr->key_len = 192 / 8;
858  tr->block_size = 128 / 8;
859  tr->cipher = EVP_aes_192_gcm ();
860 
861  vec_add2 (km->supported_transforms, tr, 1);
862  tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
863  tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_GCM_16;
864  tr->key_len = 128 / 8;
865  tr->block_size = 128 / 8;
866  tr->cipher = EVP_aes_128_gcm ();
867 
868  //PRF
869  vec_add2 (km->supported_transforms, tr, 1);
870  tr->type = IKEV2_TRANSFORM_TYPE_PRF;
871  tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA2_256;
872  tr->key_len = 256 / 8;
873  tr->key_trunc = 256 / 8;
874  tr->md = EVP_sha256 ();
875 
876  vec_add2 (km->supported_transforms, tr, 1);
877  tr->type = IKEV2_TRANSFORM_TYPE_PRF;
878  tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA2_384;
879  tr->key_len = 384 / 8;
880  tr->key_trunc = 384 / 8;
881  tr->md = EVP_sha384 ();
882 
883  vec_add2 (km->supported_transforms, tr, 1);
884  tr->type = IKEV2_TRANSFORM_TYPE_PRF;
885  tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA2_512;
886  tr->key_len = 512 / 8;
887  tr->key_trunc = 512 / 8;
888  tr->md = EVP_sha512 ();
889 
890  vec_add2 (km->supported_transforms, tr, 1);
891  tr->type = IKEV2_TRANSFORM_TYPE_PRF;
892  tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA1;
893  tr->key_len = 160 / 8;
894  tr->key_trunc = 160 / 8;
895  tr->md = EVP_sha1 ();
896 
897  //Integrity
898  vec_add2 (km->supported_transforms, tr, 1);
899  tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
900  tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA2_256_128;
901  tr->key_len = 256 / 8;
902  tr->key_trunc = 128 / 8;
903  tr->md = EVP_sha256 ();
904 
905  vec_add2 (km->supported_transforms, tr, 1);
906  tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
907  tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA2_384_192;
908  tr->key_len = 384 / 8;
909  tr->key_trunc = 192 / 8;
910  tr->md = EVP_sha384 ();
911 
912  vec_add2 (km->supported_transforms, tr, 1);
913  tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
914  tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA2_512_256;
915  tr->key_len = 512 / 8;
916  tr->key_trunc = 256 / 8;
917  tr->md = EVP_sha512 ();
918 
919  vec_add2 (km->supported_transforms, tr, 1);
920  tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
921  tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA1_160;
922  tr->key_len = 160 / 8;
923  tr->key_trunc = 160 / 8;
924  tr->md = EVP_sha1 ();
925 
926  vec_add2 (km->supported_transforms, tr, 1);
927  tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
928  tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA1_96;
929  tr->key_len = 160 / 8;
930  tr->key_trunc = 96 / 8;
931  tr->md = EVP_sha1 ();
932 
933 
934 #if defined(OPENSSL_NO_CISCO_FECDH)
935  vec_add2 (km->supported_transforms, tr, 1);
936  tr->type = IKEV2_TRANSFORM_TYPE_DH;
937  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_512;
938  tr->key_len = (512 * 2) / 8;
939  tr->nid = NID_brainpoolP512r1;
941 
942  vec_add2 (km->supported_transforms, tr, 1);
943  tr->type = IKEV2_TRANSFORM_TYPE_DH;
944  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_384;
945  tr->key_len = (384 * 2) / 8;
946  tr->nid = NID_brainpoolP384r1;
948 
949  vec_add2 (km->supported_transforms, tr, 1);
950  tr->type = IKEV2_TRANSFORM_TYPE_DH;
951  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_256;
952  tr->key_len = (256 * 2) / 8;
953  tr->nid = NID_brainpoolP256r1;
955 
956  vec_add2 (km->supported_transforms, tr, 1);
957  tr->type = IKEV2_TRANSFORM_TYPE_DH;
958  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_224;
959  tr->key_len = (224 * 2) / 8;
960  tr->nid = NID_brainpoolP224r1;
962 
963  vec_add2 (km->supported_transforms, tr, 1);
964  tr->type = IKEV2_TRANSFORM_TYPE_DH;
965  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_224;
966  tr->key_len = (224 * 2) / 8;
967  tr->nid = NID_secp224r1;
969 #endif
970 
971  vec_add2 (km->supported_transforms, tr, 1);
972  tr->type = IKEV2_TRANSFORM_TYPE_DH;
973  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_521;
974  tr->key_len = (528 * 2) / 8;
975  tr->nid = NID_secp521r1;
977 
978  vec_add2 (km->supported_transforms, tr, 1);
979  tr->type = IKEV2_TRANSFORM_TYPE_DH;
980  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_384;
981  tr->key_len = (384 * 2) / 8;
982  tr->nid = NID_secp384r1;
984 
985  vec_add2 (km->supported_transforms, tr, 1);
986  tr->type = IKEV2_TRANSFORM_TYPE_DH;
987  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_256;
988  tr->key_len = (256 * 2) / 8;
989  tr->nid = NID_X9_62_prime256v1;
991 
992  vec_add2 (km->supported_transforms, tr, 1);
993  tr->type = IKEV2_TRANSFORM_TYPE_DH;
994  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_192;
995  tr->key_len = (192 * 2) / 8;
996  tr->nid = NID_X9_62_prime192v1;
998 
999  vec_add2 (km->supported_transforms, tr, 1);
1000  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1001  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048_256;
1002  tr->key_len = 2048 / 8;
1003  tr->dh_p = (const char *) &modp_dh_2048_256_prime;
1004  tr->dh_g = (const char *) &modp_dh_2048_256_generator;
1006 
1007  vec_add2 (km->supported_transforms, tr, 1);
1008  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1009  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048_224;
1010  tr->key_len = 2048 / 8;
1011  tr->dh_p = (const char *) &modp_dh_2048_224_prime;
1012  tr->dh_g = (const char *) &modp_dh_2048_224_generator;
1014 
1015  vec_add2 (km->supported_transforms, tr, 1);
1016  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1017  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1024_160;
1018  tr->key_len = 1024 / 8;
1019  tr->dh_p = (const char *) &modp_dh_1024_160_prime;
1020  tr->dh_g = (const char *) &modp_dh_1024_160_generator;
1022 
1023  vec_add2 (km->supported_transforms, tr, 1);
1024  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1025  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_8192;
1026  tr->key_len = 8192 / 8;
1027  tr->dh_p = (const char *) &modp_dh_8192_prime;
1028  tr->dh_g = (const char *) &modp_dh_8192_generator;
1030 
1031  vec_add2 (km->supported_transforms, tr, 1);
1032  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1033  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_6144;
1034  tr->key_len = 6144 / 8;
1035  tr->dh_p = (const char *) &modp_dh_6144_prime;
1036  tr->dh_g = (const char *) &modp_dh_6144_generator;
1038 
1039  vec_add2 (km->supported_transforms, tr, 1);
1040  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1041  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_4096;
1042  tr->key_len = 4096 / 8;
1043  tr->dh_p = (const char *) &modp_dh_4096_prime;
1044  tr->dh_g = (const char *) &modp_dh_4096_generator;
1046 
1047  vec_add2 (km->supported_transforms, tr, 1);
1048  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1049  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_3072;
1050  tr->key_len = 3072 / 8;
1051  tr->dh_p = (const char *) &modp_dh_3072_prime;
1052  tr->dh_g = (const char *) &modp_dh_3072_generator;
1054 
1055  vec_add2 (km->supported_transforms, tr, 1);
1056  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1057  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048;
1058  tr->key_len = 2048 / 8;
1059  tr->dh_p = (const char *) &modp_dh_2048_prime;
1060  tr->dh_g = (const char *) &modp_dh_2048_generator;
1062 
1063  vec_add2 (km->supported_transforms, tr, 1);
1064  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1065  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1536;
1066  tr->key_len = 1536 / 8;
1067  tr->dh_p = (const char *) &modp_dh_1536_prime;
1068  tr->dh_g = (const char *) &modp_dh_1536_generator;
1070 
1071  vec_add2 (km->supported_transforms, tr, 1);
1072  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1073  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1024;
1074  tr->key_len = 1024 / 8;
1075  tr->dh_p = (const char *) &modp_dh_1024_prime;
1076  tr->dh_g = (const char *) &modp_dh_1024_generator;
1078 
1079  vec_add2 (km->supported_transforms, tr, 1);
1080  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1081  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_768;
1082  tr->key_len = 768 / 8;
1083  tr->dh_p = (const char *) &modp_dh_768_prime;
1084  tr->dh_g = (const char *) &modp_dh_768_generator;
1086 
1087  vec_add2 (km->supported_transforms, tr, 1);
1088  tr->type = IKEV2_TRANSFORM_TYPE_ESN;
1089  tr->esn_type = IKEV2_TRANSFORM_ESN_TYPE_ESN;
1090 
1091  vec_add2 (km->supported_transforms, tr, 1);
1092  tr->type = IKEV2_TRANSFORM_TYPE_ESN;
1093  tr->esn_type = IKEV2_TRANSFORM_ESN_TYPE_NO_ESN;
1094 }
1095 
1096 
1097 
1098 /*
1099  * fd.io coding-style-patch-verification: ON
1100  *
1101  * Local Variables:
1102  * eval: (c-set-style "gnu")
1103  * End:
1104  */
u8 * dh_shared_key
Definition: ikev2_priv.h:217
u8 * dh_private_key
Definition: ikev2_priv.h:218
ikev2_transform_type_t type
Definition: ikev2_priv.h:69
static const char modp_dh_1536_prime[]
Definition: ikev2_crypto.c:47
static const char modp_dh_3072_generator[]
Definition: ikev2_crypto.c:89
static const char modp_dh_8192_prime[]
Definition: ikev2_crypto.c:146
static const char modp_dh_4096_prime[]
Definition: ikev2_crypto.c:91
u8 v8
Definition: ikev2.h:27
#define NULL
Definition: clib.h:58
clib_memset(h->entries, 0, sizeof(h->entries[0]) *entries)
v8 * ikev2_calc_prf(ikev2_sa_transform_t *tr, v8 *key, v8 *data)
Definition: ikev2_crypto.c:257
static const char modp_dh_8192_generator[]
Definition: ikev2_crypto.c:190
ikev2_transform_esn_type_t esn_type
Definition: ikev2_priv.h:77
static const char modp_dh_768_generator[]
Definition: ikev2_crypto.c:36
vl_api_address_t src
Definition: gre.api:60
#define vec_add2(V, P, N)
Add N elements to end of vector V, return pointer to new elements in P.
Definition: vec.h:561
static const char modp_dh_1024_prime[]
Definition: ikev2_crypto.c:38
unsigned char u8
Definition: types.h:56
ikev2_sa_transform_t * ikev2_sa_get_td_for_type(ikev2_sa_proposal_t *p, ikev2_transform_type_t type)
Definition: ikev2.c:197
static const char modp_dh_6144_prime[]
Definition: ikev2_crypto.c:115
int ikev2_encrypt_data(ikev2_sa_t *sa, v8 *src, u8 *dst)
Definition: ikev2_crypto.c:425
static const char modp_dh_768_prime[]
Definition: ikev2_crypto.c:31
void ikev2_generate_dh(ikev2_sa_t *sa, ikev2_sa_transform_t *t)
Definition: ikev2_crypto.c:462
EVP_PKEY * ikev2_load_cert_file(u8 *file)
Definition: ikev2_crypto.c:766
#define vec_new(T, N)
Create new vector of given type and length (unspecified alignment, no header).
Definition: vec.h:312
EVP_PKEY * ikev2_load_key_file(u8 *file)
Definition: ikev2_crypto.c:796
static const char modp_dh_1024_160_prime[]
Definition: ikev2_crypto.c:193
u8 * r_dh_data
Definition: ikev2_priv.h:220
u8 * ikev2_calc_prfplus(ikev2_sa_transform_t *tr, u8 *key, u8 *seed, int len)
Definition: ikev2_crypto.c:287
static const char modp_dh_1024_generator[]
Definition: ikev2_crypto.c:44
u8 * i_dh_data
Definition: ikev2_priv.h:219
long ctx[MAX_CONNS]
Definition: main.c:144
static const char modp_dh_2048_256_prime[]
Definition: ikev2_crypto.c:231
unsigned short u16
Definition: types.h:57
ikev2_sa_transform_t * supported_transforms
Definition: ikev2_priv.h:281
int ikev2_verify_sign(EVP_PKEY *pkey, u8 *sigbuf, u8 *data)
Definition: ikev2_crypto.c:703
static const char modp_dh_1536_generator[]
Definition: ikev2_crypto.c:56
vl_api_address_t dst
Definition: gre.api:61
u8 len
Definition: ip_types.api:91
u8 * sk_ei
Definition: ikev2_priv.h:230
static const char modp_dh_3072_prime[]
Definition: ikev2_crypto.c:72
ikev2_transform_dh_type_t dh_type
Definition: ikev2_priv.h:76
#define vec_free(V)
Free vector&#39;s memory (no header).
Definition: vec.h:342
#define clib_warning(format, args...)
Definition: error.h:59
u8 * sk_er
Definition: ikev2_priv.h:231
u8 is_initiator
Definition: ikev2_priv.h:257
const void * cipher
Definition: ikev2_priv.h:88
ikev2_sa_proposal_t * r_proposals
Definition: ikev2_priv.h:224
static const char modp_dh_2048_generator[]
Definition: ikev2_crypto.c:70
#define ASSERT(truth)
static const char modp_dh_6144_generator[]
Definition: ikev2_crypto.c:144
u8 data[128]
Definition: ipsec_types.api:87
void ikev2_complete_dh(ikev2_sa_t *sa, ikev2_sa_transform_t *t)
Definition: ikev2_crypto.c:603
#define vec_append(v1, v2)
Append v2 after v1.
Definition: vec.h:821
const char * dh_p
Definition: ikev2_priv.h:85
static const char modp_dh_1024_160_generator[]
Definition: ikev2_crypto.c:199
const void * md
Definition: ikev2_priv.h:87
typedef key
Definition: ipsec_types.api:83
ikev2_transform_encr_type_t encr_type
Definition: ikev2_priv.h:73
const char * dh_g
Definition: ikev2_priv.h:86
ikev2_transform_integ_type_t integ_type
Definition: ikev2_priv.h:75
static const char modp_dh_4096_generator[]
Definition: ikev2_crypto.c:113
static const char modp_dh_2048_prime[]
Definition: ikev2_crypto.c:58
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
ikev2_transform_prf_type_t prf_type
Definition: ikev2_priv.h:74
f64 end
end of the time range
Definition: mactime.api:44
static const char modp_dh_2048_224_generator[]
Definition: ikev2_crypto.c:218
static const char modp_dh_2048_256_generator[]
Definition: ikev2_crypto.c:243
void ikev2_crypto_init(ikev2_main_t *km)
Definition: ikev2_crypto.c:818
v8 * ikev2_decrypt_data(ikev2_sa_t *sa, u8 *data, int len)
Definition: ikev2_crypto.c:373
u8 * ikev2_calc_sign(EVP_PKEY *pkey, u8 *data)
Definition: ikev2_crypto.c:732
v8 * ikev2_calc_integr(ikev2_sa_transform_t *tr, v8 *key, u8 *data, int len)
Definition: ikev2_crypto.c:329
static const char modp_dh_2048_224_prime[]
Definition: ikev2_crypto.c:206