FD.io VPP  v20.09-64-g4f7b92f0a
Vector Packet Processing
ikev2_crypto.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2015 Cisco and/or its affiliates.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at:
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include <vlib/vlib.h>
17 #include <vnet/vnet.h>
18 #include <vnet/pg/pg.h>
19 #include <vppinfra/error.h>
20 #include <vnet/udp/udp.h>
21 #include <plugins/ikev2/ikev2.h>
22 #include <plugins/ikev2/ikev2_priv.h>
23 #include <openssl/obj_mac.h>
24 #include <openssl/ec.h>
25 #include <openssl/x509.h>
26 #include <openssl/pem.h>
27 #include <openssl/bn.h>
28 #include <openssl/dh.h>
29 
30 /* from RFC7296 */
31 static const char modp_dh_768_prime[] =
32  "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
33  "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
34  "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
35  "E485B576625E7EC6F44C42E9A63A3620FFFFFFFFFFFFFFFF";
36 static const char modp_dh_768_generator[] = "02";
37 
38 static const char modp_dh_1024_prime[] =
39  "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
40  "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
41  "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
42  "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
43  "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381" "FFFFFFFFFFFFFFFF";
44 static const char modp_dh_1024_generator[] = "02";
45 
46 /* from RFC3526 */
47 static const char modp_dh_1536_prime[] =
48  "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
49  "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
50  "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
51  "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
52  "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
53  "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
54  "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
55  "670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF";
56 static const char modp_dh_1536_generator[] = "02";
57 
58 static const char modp_dh_2048_prime[] =
59  "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
60  "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
61  "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
62  "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
63  "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
64  "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
65  "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
66  "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
67  "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
68  "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
69  "15728E5A8AACAA68FFFFFFFFFFFFFFFF";
70 static const char modp_dh_2048_generator[] = "02";
71 
72 static const char modp_dh_3072_prime[] =
73  "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
74  "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
75  "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
76  "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
77  "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
78  "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
79  "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
80  "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
81  "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
82  "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
83  "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
84  "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
85  "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
86  "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
87  "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
88  "43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF";
89 static const char modp_dh_3072_generator[] = "02";
90 
91 static const char modp_dh_4096_prime[] =
92  "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
93  "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
94  "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
95  "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
96  "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
97  "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
98  "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
99  "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
100  "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
101  "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
102  "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
103  "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
104  "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
105  "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
106  "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
107  "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7"
108  "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA"
109  "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6"
110  "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED"
111  "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9"
112  "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199" "FFFFFFFFFFFFFFFF";
113 static const char modp_dh_4096_generator[] = "02";
114 
115 static const char modp_dh_6144_prime[] =
116  "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E08"
117  "8A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B"
118  "302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9"
119  "A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE6"
120  "49286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8"
121  "FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D"
122  "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C"
123  "180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF695581718"
124  "3995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D"
125  "04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7D"
126  "B3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D226"
127  "1AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
128  "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFC"
129  "E0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B26"
130  "99C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB"
131  "04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2"
132  "233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127"
133  "D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492"
134  "36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406"
135  "AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918"
136  "DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B33205151"
137  "2BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03"
138  "F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97F"
139  "BEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA"
140  "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58B"
141  "B7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632"
142  "387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E"
143  "6DCC4024FFFFFFFFFFFFFFFF";
144 static const char modp_dh_6144_generator[] = "02";
145 
146 static const char modp_dh_8192_prime[] =
147  "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
148  "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
149  "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
150  "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
151  "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
152  "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
153  "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
154  "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
155  "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
156  "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
157  "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
158  "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
159  "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
160  "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
161  "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
162  "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7"
163  "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA"
164  "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6"
165  "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED"
166  "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9"
167  "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492"
168  "36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BD"
169  "F8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831"
170  "179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1B"
171  "DB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF"
172  "5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6"
173  "D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F3"
174  "23A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA"
175  "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE328"
176  "06A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55C"
177  "DA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE"
178  "12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E4"
179  "38777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300"
180  "741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F568"
181  "3423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD9"
182  "22222E04A4037C0713EB57A81A23F0C73473FC646CEA306B"
183  "4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A"
184  "062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A36"
185  "4597E899A0255DC164F31CC50846851DF9AB48195DED7EA1"
186  "B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F92"
187  "4009438B481C6CD7889A002ED5EE382BC9190DA6FC026E47"
188  "9558E4475677E9AA9E3050E2765694DFC81F56E880B96E71"
189  "60C980DD98EDD3DFFFFFFFFFFFFFFFFF";
190 static const char modp_dh_8192_generator[] = "02";
191 
192 /* from RFC5114 */
193 static const char modp_dh_1024_160_prime[] =
194  "B10B8F96A080E01DDE92DE5EAE5D54EC52C99FBCFB06A3C6"
195  "9A6A9DCA52D23B616073E28675A23D189838EF1E2EE652C0"
196  "13ECB4AEA906112324975C3CD49B83BFACCBDD7D90C4BD70"
197  "98488E9C219A73724EFFD6FAE5644738FAA31A4FF55BCCC0"
198  "A151AF5F0DC8B4BD45BF37DF365C1A65E68CFDA76D4DA708" "DF1FB2BC2E4A4371";
199 static const char modp_dh_1024_160_generator[] =
200  "A4D1CBD5C3FD34126765A442EFB99905F8104DD258AC507F"
201  "D6406CFF14266D31266FEA1E5C41564B777E690F5504F213"
202  "160217B4B01B886A5E91547F9E2749F4D7FBD7D3B9A92EE1"
203  "909D0D2263F80A76A6A24C087A091F531DBF0A0169B6A28A"
204  "D662A4D18E73AFA32D779D5918D08BC8858F4DCEF97C2A24" "855E6EEB22B3B2E5";
205 
206 static const char modp_dh_2048_224_prime[] =
207  "AD107E1E9123A9D0D660FAA79559C51FA20D64E5683B9FD1"
208  "B54B1597B61D0A75E6FA141DF95A56DBAF9A3C407BA1DF15"
209  "EB3D688A309C180E1DE6B85A1274A0A66D3F8152AD6AC212"
210  "9037C9EDEFDA4DF8D91E8FEF55B7394B7AD5B7D0B6C12207"
211  "C9F98D11ED34DBF6C6BA0B2C8BBC27BE6A00E0A0B9C49708"
212  "B3BF8A317091883681286130BC8985DB1602E714415D9330"
213  "278273C7DE31EFDC7310F7121FD5A07415987D9ADC0A486D"
214  "CDF93ACC44328387315D75E198C641A480CD86A1B9E587E8"
215  "BE60E69CC928B2B9C52172E413042E9B23F10B0E16E79763"
216  "C9B53DCF4BA80A29E3FB73C16B8E75B97EF363E2FFA31F71"
217  "CF9DE5384E71B81C0AC4DFFE0C10E64F";
218 static const char modp_dh_2048_224_generator[] =
219  "AC4032EF4F2D9AE39DF30B5C8FFDAC506CDEBE7B89998CAF"
220  "74866A08CFE4FFE3A6824A4E10B9A6F0DD921F01A70C4AFA"
221  "AB739D7700C29F52C57DB17C620A8652BE5E9001A8D66AD7"
222  "C17669101999024AF4D027275AC1348BB8A762D0521BC98A"
223  "E247150422EA1ED409939D54DA7460CDB5F6C6B250717CBE"
224  "F180EB34118E98D119529A45D6F834566E3025E316A330EF"
225  "BB77A86F0C1AB15B051AE3D428C8F8ACB70A8137150B8EEB"
226  "10E183EDD19963DDD9E263E4770589EF6AA21E7F5F2FF381"
227  "B539CCE3409D13CD566AFBB48D6C019181E1BCFE94B30269"
228  "EDFE72FE9B6AA4BD7B5A0F1C71CFFF4C19C418E1F6EC0179"
229  "81BC087F2A7065B384B890D3191F2BFA";
230 
231 static const char modp_dh_2048_256_prime[] =
232  "87A8E61DB4B6663CFFBBD19C651959998CEEF608660DD0F2"
233  "5D2CEED4435E3B00E00DF8F1D61957D4FAF7DF4561B2AA30"
234  "16C3D91134096FAA3BF4296D830E9A7C209E0C6497517ABD"
235  "5A8A9D306BCF67ED91F9E6725B4758C022E0B1EF4275BF7B"
236  "6C5BFC11D45F9088B941F54EB1E59BB8BC39A0BF12307F5C"
237  "4FDB70C581B23F76B63ACAE1CAA6B7902D52526735488A0E"
238  "F13C6D9A51BFA4AB3AD8347796524D8EF6A167B5A41825D9"
239  "67E144E5140564251CCACB83E6B486F6B3CA3F7971506026"
240  "C0B857F689962856DED4010ABD0BE621C3A3960A54E710C3"
241  "75F26375D7014103A4B54330C198AF126116D2276E11715F"
242  "693877FAD7EF09CADB094AE91E1A1597";
243 static const char modp_dh_2048_256_generator[] =
244  "3FB32C9B73134D0B2E77506660EDBD484CA7B18F21EF2054"
245  "07F4793A1A0BA12510DBC15077BE463FFF4FED4AAC0BB555"
246  "BE3A6C1B0C6B47B1BC3773BF7E8C6F62901228F8C28CBB18"
247  "A55AE31341000A650196F931C77A57F2DDF463E5E9EC144B"
248  "777DE62AAAB8A8628AC376D282D6ED3864E67982428EBC83"
249  "1D14348F6F2F9193B5045AF2767164E1DFC967C1FB3F2E55"
250  "A4BD1BFFE83B9C80D052B985D182EA0ADB2A3B7313D3FE14"
251  "C8484B1E052588B9B7D2BBD2DF016199ECD06E1557CD0915"
252  "B3353BBB64E0EC377FD028370DF92B52C7891428CDC67EB6"
253  "184B523D1DB246C32F63078490F00EF8D647D148D4795451"
254  "5E2327CFEF98C582664B4C0F6CC41659";
255 
256 v8 *
257 ikev2_calc_prf (ikev2_sa_transform_t * tr, v8 * key, v8 * data)
258 {
259  ikev2_main_per_thread_data_t *ptd = ikev2_get_per_thread_data ();
260  HMAC_CTX *ctx = ptd->hmac_ctx;
261  v8 *prf;
262  unsigned int len = 0;
263 
264  prf = vec_new (u8, tr->key_trunc);
265  HMAC_Init_ex (ctx, key, vec_len (key), tr->md, NULL);
266  HMAC_Update (ctx, data, vec_len (data));
267  HMAC_Final (ctx, prf, &len);
268  ASSERT (len == tr->key_trunc);
269 
270  return prf;
271 }
272 
273 u8 *
274 ikev2_calc_prfplus (ikev2_sa_transform_t * tr, u8 * key, u8 * seed, int len)
275 {
276  v8 *t = 0, *s = 0, *tmp = 0, *ret = 0;
277  u8 x = 0;
278 
279  /* prf+ (K,S) = T1 | T2 | T3 | T4 | ...
280 
281  where:
282  T1 = prf (K, S | 0x01)
283  T2 = prf (K, T1 | S | 0x02)
284  T3 = prf (K, T2 | S | 0x03)
285  T4 = prf (K, T3 | S | 0x04)
286  */
287 
288  while (vec_len (ret) < len && x < 255)
289  {
290  if (t)
291  {
292  vec_append (s, t);
293  vec_free (t);
294  }
295 
296  vec_append (s, seed);
297  vec_add2 (s, tmp, 1);
298  *tmp = x + 1;
299  t = ikev2_calc_prf (tr, key, s);
300  vec_append (ret, t);
301  vec_free (s);
302  x++;
303  }
304 
305  vec_free (t);
306 
307  if (x == 255)
308  {
309  vec_free (ret);
310  }
311 
312  return ret;
313 }
314 
315 v8 *
316 ikev2_calc_integr (ikev2_sa_transform_t * tr, v8 * key, u8 * data, int len)
317 {
318  ikev2_main_per_thread_data_t *ptd = ikev2_get_per_thread_data ();
319  HMAC_CTX *ctx = ptd->hmac_ctx;
320  v8 *r;
321  unsigned int l;
322 
323  ASSERT (tr->type == IKEV2_TRANSFORM_TYPE_INTEG);
324 
325  r = vec_new (u8, tr->key_len);
326 
327  if (tr->md == EVP_sha1 ())
328  {
329  ikev2_elog_debug ("integrity checking with sha1");
330  }
331  else if (tr->md == EVP_sha256 ())
332  {
333  ikev2_elog_debug ("integrity checking with sha256");
334  }
335 
336  /* verify integrity of data */
337  HMAC_Init_ex (ctx, key, vec_len (key), tr->md, NULL);
338  HMAC_Update (ctx, (const u8 *) data, len);
339  HMAC_Final (ctx, r, &l);
340  ASSERT (l == tr->key_len);
341 
342  return r;
343 }
344 
345 static_always_inline void
346 ikev2_init_gcm_nonce (u8 * nonce, u8 * salt, u8 * iv)
347 {
348  clib_memcpy (nonce, salt, IKEV2_GCM_SALT_SIZE);
349  clib_memcpy (nonce + IKEV2_GCM_SALT_SIZE, iv, IKEV2_GCM_IV_SIZE);
350 }
351 
352 int
353 ikev2_decrypt_aead_data (ikev2_main_per_thread_data_t * ptd, ikev2_sa_t * sa,
354  ikev2_sa_transform_t * tr_encr, u8 * data,
355  int data_len, u8 * aad, u32 aad_len, u8 * tag,
356  u32 * out_len)
357 {
358  EVP_CIPHER_CTX *ctx = ptd->evp_ctx;
359  int len = 0;
360  u8 *key = sa->is_initiator ? sa->sk_er : sa->sk_ei;
361  u8 nonce[IKEV2_GCM_NONCE_SIZE];
362 
363  if (data_len <= IKEV2_GCM_IV_SIZE)
364  /* runt data */
365  return 0;
366 
367  /* extract salt from the end of the key */
368  u8 *salt = key + vec_len (key) - IKEV2_GCM_SALT_SIZE;
369  ikev2_init_gcm_nonce (nonce, salt, data);
370 
371  data += IKEV2_GCM_IV_SIZE;
372  data_len -= IKEV2_GCM_IV_SIZE;
373 
374  EVP_DecryptInit_ex (ctx, tr_encr->cipher, 0, 0, 0);
375  EVP_CIPHER_CTX_ctrl (ctx, EVP_CTRL_GCM_SET_IVLEN, 12, 0);
376  EVP_DecryptInit_ex (ctx, 0, 0, key, nonce);
377  EVP_DecryptUpdate (ctx, 0, &len, aad, aad_len);
378  EVP_DecryptUpdate (ctx, data, &len, data, data_len);
379  EVP_CIPHER_CTX_ctrl (ctx, EVP_CTRL_GCM_SET_TAG, IKEV2_GCM_ICV_SIZE, tag);
380 
381  if (EVP_DecryptFinal_ex (ctx, data + len, &len) > 0)
382  {
383  *out_len = data_len - data[data_len - 1] - 1;
384  return 1;
385  }
386 
387  return 0;
388 }
389 
390 int
391 ikev2_decrypt_data (ikev2_main_per_thread_data_t * ptd, ikev2_sa_t * sa,
392  ikev2_sa_transform_t * tr_encr, u8 * data, int len,
393  u32 * out_len)
394 {
395  EVP_CIPHER_CTX *ctx = ptd->evp_ctx;
396  int tmp_len = 0, block_size;
397  u8 *key = sa->is_initiator ? sa->sk_er : sa->sk_ei;
398  block_size = tr_encr->block_size;
399  u8 *iv = data;
400 
401  /* check if data is multiplier of cipher block size */
402  if (len % block_size)
403  {
404  ikev2_elog_error ("wrong data length");
405  return 0;
406  }
407  data += block_size;
408  len -= block_size;
409 
410  EVP_DecryptInit_ex (ctx, tr_encr->cipher, NULL, key, iv);
411  EVP_CIPHER_CTX_set_padding (ctx, 0);
412  EVP_DecryptUpdate (ctx, data, &tmp_len, data, len);
413 
414  if (EVP_DecryptFinal_ex (ctx, data + tmp_len, &tmp_len) > 0)
415  {
416  *out_len = len - data[len - 1] - 1;
417  return 1;
418  }
419 
420  return 0;
421 }
422 
423 int
424 ikev2_encrypt_aead_data (ikev2_main_per_thread_data_t * ptd, ikev2_sa_t * sa,
425  ikev2_sa_transform_t * tr_encr,
426  v8 * src, u8 * dst, u8 * aad, u32 aad_len, u8 * tag)
427 {
428  EVP_CIPHER_CTX *ctx = ptd->evp_ctx;
429  int out_len = 0, len = 0;
430  u8 nonce[IKEV2_GCM_NONCE_SIZE];
431  u8 *key = sa->is_initiator ? sa->sk_ei : sa->sk_er;
432  if (!key)
433  return 0;
434 
435  /* generate IV; its length must be 8 octets for aes-gcm (rfc5282) */
436  RAND_bytes (dst, IKEV2_GCM_IV_SIZE);
437  ikev2_init_gcm_nonce (nonce, key + vec_len (key) - IKEV2_GCM_SALT_SIZE,
438  dst);
439  dst += IKEV2_GCM_IV_SIZE;
440 
441  EVP_EncryptInit_ex (ctx, tr_encr->cipher, 0, 0, 0);
442  EVP_CIPHER_CTX_ctrl (ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL);
443  EVP_EncryptInit_ex (ctx, 0, 0, key, nonce);
444  EVP_EncryptUpdate (ctx, NULL, &out_len, aad, aad_len);
445  EVP_EncryptUpdate (ctx, dst, &out_len, src, vec_len (src));
446  EVP_EncryptFinal_ex (ctx, dst + out_len, &len);
447  EVP_CIPHER_CTX_ctrl (ctx, EVP_CTRL_GCM_GET_TAG, 16, tag);
448  out_len += len;
449  ASSERT (vec_len (src) == out_len);
450 
451  return out_len + IKEV2_GCM_IV_SIZE;
452 }
453 
454 int
455 ikev2_encrypt_data (ikev2_main_per_thread_data_t * ptd, ikev2_sa_t * sa,
456  ikev2_sa_transform_t * tr_encr, v8 * src, u8 * dst)
457 {
458  EVP_CIPHER_CTX *ctx = ptd->evp_ctx;
459  int out_len = 0, len = 0;
460  int bs = tr_encr->block_size;
461  u8 *key = sa->is_initiator ? sa->sk_ei : sa->sk_er;
462  if (!key)
463  return 0;
464 
465  /* generate IV */
466  u8 *iv = dst;
467  RAND_bytes (iv, bs);
468  dst += bs;
469 
470  EVP_EncryptInit_ex (ctx, tr_encr->cipher, NULL, key, iv);
471  /* disable padding as pad data were added before */
472  EVP_CIPHER_CTX_set_padding (ctx, 0);
473  EVP_EncryptUpdate (ctx, dst, &out_len, src, vec_len (src));
474  EVP_EncryptFinal_ex (ctx, dst + out_len, &len);
475 
476  out_len += len;
477  ASSERT (vec_len (src) == out_len);
478 
479  return out_len + bs;
480 }
481 
482 #ifndef BN_bn2binpad
483 int
484 BN_bn2binpad (const BIGNUM * a, unsigned char *to, int tolen)
485 {
486  int r = BN_bn2bin (a, to);
487  ASSERT (tolen >= r);
488  int pad = tolen - r;
489  if (pad)
490  {
491  vec_insert (to, pad, 0);
492  clib_memset (to, 0, pad);
493  _vec_len (to) -= pad;
494  }
495  return tolen;
496 }
497 #endif
498 
499 void
500 ikev2_generate_dh (ikev2_sa_t * sa, ikev2_sa_transform_t * t)
501 {
502  int r;
503 
504  if (t->dh_group == IKEV2_DH_GROUP_MODP)
505  {
506  DH *dh = DH_new ();
507 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
508  BIGNUM *p = NULL;
509  BIGNUM *g = NULL;
510  const BIGNUM *pub_key, *priv_key;
511 
512  BN_hex2bn (&p, t->dh_p);
513  BN_hex2bn (&g, t->dh_g);
514  DH_set0_pqg (dh, p, NULL, g);
515 #else
516  BN_hex2bn (&dh->p, t->dh_p);
517  BN_hex2bn (&dh->g, t->dh_g);
518 #endif
519  DH_generate_key (dh);
520 
521  if (sa->is_initiator)
522  {
523  sa->i_dh_data = vec_new (u8, t->key_len);
524  sa->dh_private_key = vec_new (u8, t->key_len);
525 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
526  DH_get0_key (dh, &pub_key, &priv_key);
527  r = BN_bn2binpad (pub_key, sa->i_dh_data, t->key_len);
528  ASSERT (r == t->key_len);
529  r = BN_bn2binpad (priv_key, sa->dh_private_key, t->key_len);
530 #else
531  r = BN_bn2binpad (dh->pub_key, sa->i_dh_data, t->key_len);
532  ASSERT (r == t->key_len);
533  r = BN_bn2binpad (dh->priv_key, sa->dh_private_key, t->key_len);
534 #endif
535  ASSERT (r == t->key_len);
536  }
537  else
538  {
539  sa->r_dh_data = vec_new (u8, t->key_len);
540 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
541  DH_get0_key (dh, &pub_key, &priv_key);
542  r = BN_bn2binpad (pub_key, sa->r_dh_data, t->key_len);
543 #else
544  r = BN_bn2binpad (dh->pub_key, sa->r_dh_data, t->key_len);
545 #endif
546  ASSERT (r == t->key_len);
547 
548  BIGNUM *ex;
549  sa->dh_shared_key = vec_new (u8, t->key_len);
550  ex = BN_bin2bn (sa->i_dh_data, vec_len (sa->i_dh_data), NULL);
551  r = DH_compute_key (sa->dh_shared_key, ex, dh);
552  ASSERT (t->key_len >= r);
553  int pad = t->key_len - r;
554  if (pad)
555  {
556  vec_insert (sa->dh_shared_key, pad, 0);
557  clib_memset (sa->dh_shared_key, 0, pad);
558  _vec_len (sa->dh_shared_key) -= pad;
559  }
560  BN_clear_free (ex);
561  }
562  DH_free (dh);
563  }
564  else if (t->dh_group == IKEV2_DH_GROUP_ECP)
565  {
566  EC_KEY *ec = EC_KEY_new_by_curve_name (t->nid);
567  ASSERT (ec);
568 
569  EC_KEY_generate_key (ec);
570 
571  const EC_POINT *r_point = EC_KEY_get0_public_key (ec);
572  const EC_GROUP *group = EC_KEY_get0_group (ec);
573  BIGNUM *x = NULL, *y = NULL;
574  BN_CTX *bn_ctx = BN_CTX_new ();
575  u16 x_off, y_off, len;
576  EC_POINT *i_point = EC_POINT_new (group);
577  EC_POINT *shared_point = EC_POINT_new (group);
578 
579  x = BN_new ();
580  y = BN_new ();
581  len = t->key_len / 2;
582 
583 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
584  EC_POINT_get_affine_coordinates (group, r_point, x, y, bn_ctx);
585 #else
586  EC_POINT_get_affine_coordinates_GFp (group, r_point, x, y, bn_ctx);
587 #endif
588 
589  if (sa->is_initiator)
590  {
591  sa->i_dh_data = vec_new (u8, t->key_len);
592  x_off = len - BN_num_bytes (x);
593  clib_memset (sa->i_dh_data, 0, x_off);
594  BN_bn2bin (x, sa->i_dh_data + x_off);
595  y_off = t->key_len - BN_num_bytes (y);
596  clib_memset (sa->i_dh_data + len, 0, y_off - len);
597  BN_bn2bin (y, sa->i_dh_data + y_off);
598 
599  const BIGNUM *prv = EC_KEY_get0_private_key (ec);
600  sa->dh_private_key = vec_new (u8, BN_num_bytes (prv));
601  r = BN_bn2bin (prv, sa->dh_private_key);
602  ASSERT (r == BN_num_bytes (prv));
603  }
604  else
605  {
606  sa->r_dh_data = vec_new (u8, t->key_len);
607  x_off = len - BN_num_bytes (x);
608  clib_memset (sa->r_dh_data, 0, x_off);
609  BN_bn2bin (x, sa->r_dh_data + x_off);
610  y_off = t->key_len - BN_num_bytes (y);
611  clib_memset (sa->r_dh_data + len, 0, y_off - len);
612  BN_bn2bin (y, sa->r_dh_data + y_off);
613 
614  x = BN_bin2bn (sa->i_dh_data, len, x);
615  y = BN_bin2bn (sa->i_dh_data + len, len, y);
616 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
617  EC_POINT_set_affine_coordinates (group, i_point, x, y, bn_ctx);
618 #else
619  EC_POINT_set_affine_coordinates_GFp (group, i_point, x, y, bn_ctx);
620 #endif
621  sa->dh_shared_key = vec_new (u8, t->key_len);
622  EC_POINT_mul (group, shared_point, NULL, i_point,
623  EC_KEY_get0_private_key (ec), NULL);
624 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
625  EC_POINT_get_affine_coordinates (group, shared_point, x, y, bn_ctx);
626 #else
627  EC_POINT_get_affine_coordinates_GFp (group, shared_point, x, y,
628  bn_ctx);
629 #endif
630  x_off = len - BN_num_bytes (x);
631  clib_memset (sa->dh_shared_key, 0, x_off);
632  BN_bn2bin (x, sa->dh_shared_key + x_off);
633  y_off = t->key_len - BN_num_bytes (y);
634  clib_memset (sa->dh_shared_key + len, 0, y_off - len);
635  BN_bn2bin (y, sa->dh_shared_key + y_off);
636  }
637 
638  EC_KEY_free (ec);
639  BN_free (x);
640  BN_free (y);
641  BN_CTX_free (bn_ctx);
642  EC_POINT_free (i_point);
643  EC_POINT_free (shared_point);
644  }
645 }
646 
647 void
648 ikev2_complete_dh (ikev2_sa_t * sa, ikev2_sa_transform_t * t)
649 {
650  int r;
651 
652  if (t->dh_group == IKEV2_DH_GROUP_MODP)
653  {
654  DH *dh = DH_new ();
655 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
656  BIGNUM *p = NULL;
657  BIGNUM *g = NULL;
658  BIGNUM *priv_key;
659 
660  BN_hex2bn (&p, t->dh_p);
661  BN_hex2bn (&g, t->dh_g);
662  DH_set0_pqg (dh, p, NULL, g);
663 
664  priv_key =
665  BN_bin2bn (sa->dh_private_key, vec_len (sa->dh_private_key), NULL);
666  DH_set0_key (dh, NULL, priv_key);
667 #else
668  BN_hex2bn (&dh->p, t->dh_p);
669  BN_hex2bn (&dh->g, t->dh_g);
670 
671  dh->priv_key =
672  BN_bin2bn (sa->dh_private_key, vec_len (sa->dh_private_key), NULL);
673 #endif
674  BIGNUM *ex;
675  sa->dh_shared_key = vec_new (u8, t->key_len);
676  ex = BN_bin2bn (sa->r_dh_data, vec_len (sa->r_dh_data), NULL);
677  r = DH_compute_key (sa->dh_shared_key, ex, dh);
678  ASSERT (t->key_len >= r);
679  int pad = t->key_len - r;
680  if (pad)
681  {
682  vec_insert (sa->dh_shared_key, pad, 0);
683  clib_memset (sa->dh_shared_key, 0, pad);
684  _vec_len (sa->dh_shared_key) -= pad;
685  }
686  BN_clear_free (ex);
687  DH_free (dh);
688  }
689  else if (t->dh_group == IKEV2_DH_GROUP_ECP)
690  {
691  EC_KEY *ec = EC_KEY_new_by_curve_name (t->nid);
692  ASSERT (ec);
693 
694  const EC_GROUP *group = EC_KEY_get0_group (ec);
695  BIGNUM *x = NULL, *y = NULL;
696  BN_CTX *bn_ctx = BN_CTX_new ();
697  u16 x_off, y_off, len;
698  BIGNUM *prv;
699 
700  prv =
701  BN_bin2bn (sa->dh_private_key, vec_len (sa->dh_private_key), NULL);
702  EC_KEY_set_private_key (ec, prv);
703 
704  x = BN_new ();
705  y = BN_new ();
706  len = t->key_len / 2;
707 
708  x = BN_bin2bn (sa->r_dh_data, len, x);
709  y = BN_bin2bn (sa->r_dh_data + len, len, y);
710  EC_POINT *r_point = EC_POINT_new (group);
711 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
712  EC_POINT_set_affine_coordinates (group, r_point, x, y, bn_ctx);
713 #else
714  EC_POINT_set_affine_coordinates_GFp (group, r_point, x, y, bn_ctx);
715 #endif
716  EC_KEY_set_public_key (ec, r_point);
717 
718  EC_POINT *i_point = EC_POINT_new (group);
719  EC_POINT *shared_point = EC_POINT_new (group);
720 
721  x = BN_bin2bn (sa->i_dh_data, len, x);
722  y = BN_bin2bn (sa->i_dh_data + len, len, y);
723 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
724  EC_POINT_set_affine_coordinates (group, i_point, x, y, bn_ctx);
725 #else
726  EC_POINT_set_affine_coordinates_GFp (group, i_point, x, y, bn_ctx);
727 #endif
728  EC_POINT_mul (group, shared_point, NULL, r_point,
729  EC_KEY_get0_private_key (ec), NULL);
730 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
731  EC_POINT_get_affine_coordinates (group, shared_point, x, y, bn_ctx);
732 #else
733  EC_POINT_get_affine_coordinates_GFp (group, shared_point, x, y, bn_ctx);
734 #endif
735  sa->dh_shared_key = vec_new (u8, t->key_len);
736  x_off = len - BN_num_bytes (x);
737  clib_memset (sa->dh_shared_key, 0, x_off);
738  BN_bn2bin (x, sa->dh_shared_key + x_off);
739  y_off = t->key_len - BN_num_bytes (y);
740  clib_memset (sa->dh_shared_key + len, 0, y_off - len);
741  BN_bn2bin (y, sa->dh_shared_key + y_off);
742 
743  EC_KEY_free (ec);
744  BN_free (x);
745  BN_free (y);
746  BN_free (prv);
747  BN_CTX_free (bn_ctx);
748  EC_POINT_free (i_point);
749  EC_POINT_free (r_point);
750  EC_POINT_free (shared_point);
751  }
752 }
753 
754 int
755 ikev2_verify_sign (EVP_PKEY * pkey, u8 * sigbuf, u8 * data)
756 {
757  int verify;
758 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
759  EVP_MD_CTX *md_ctx = EVP_MD_CTX_new ();
760 #else
761  EVP_MD_CTX md_ctx;
762  EVP_MD_CTX_init (&md_ctx);
763 #endif
764 
765 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
766  EVP_VerifyInit (md_ctx, EVP_sha1 ());
767  EVP_VerifyUpdate (md_ctx, data, vec_len (data));
768 #else
769  EVP_VerifyInit_ex (&md_ctx, EVP_sha1 (), NULL);
770  EVP_VerifyUpdate (&md_ctx, data, vec_len (data));
771 #endif
772 
773 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
774  verify = EVP_VerifyFinal (md_ctx, sigbuf, vec_len (sigbuf), pkey);
775  EVP_MD_CTX_free (md_ctx);
776 #else
777  verify = EVP_VerifyFinal (&md_ctx, sigbuf, vec_len (sigbuf), pkey);
778  EVP_MD_CTX_cleanup (&md_ctx);
779 #endif
780  return verify;
781 }
782 
783 u8 *
784 ikev2_calc_sign (EVP_PKEY * pkey, u8 * data)
785 {
786 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
787  EVP_MD_CTX *md_ctx = EVP_MD_CTX_new ();
788 #else
789  EVP_MD_CTX md_ctx;
790  EVP_MD_CTX_init (&md_ctx);
791 #endif
792  unsigned int sig_len = 0;
793  u8 *sign;
794 
795 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
796  EVP_SignInit (md_ctx, EVP_sha1 ());
797  EVP_SignUpdate (md_ctx, data, vec_len (data));
798  /* get sign len */
799  EVP_SignFinal (md_ctx, NULL, &sig_len, pkey);
800  sign = vec_new (u8, sig_len);
801  /* calc sign */
802  EVP_SignFinal (md_ctx, sign, &sig_len, pkey);
803  EVP_MD_CTX_free (md_ctx);
804 #else
805  EVP_SignInit (&md_ctx, EVP_sha1 ());
806  EVP_SignUpdate (&md_ctx, data, vec_len (data));
807  /* get sign len */
808  EVP_SignFinal (&md_ctx, NULL, &sig_len, pkey);
809  sign = vec_new (u8, sig_len);
810  /* calc sign */
811  EVP_SignFinal (&md_ctx, sign, &sig_len, pkey);
812  EVP_MD_CTX_cleanup (&md_ctx);
813 #endif
814  return sign;
815 }
816 
817 EVP_PKEY *
818 ikev2_load_cert_file (u8 * file)
819 {
820  FILE *fp;
821  X509 *x509;
822  EVP_PKEY *pkey = NULL;
823 
824  fp = fopen ((char *) file, "r");
825  if (!fp)
826  {
827  ikev2_log_error ("open %s failed", file);
828  goto end;
829  }
830 
831  x509 = PEM_read_X509 (fp, NULL, NULL, NULL);
832  fclose (fp);
833  if (x509 == NULL)
834  {
835  ikev2_log_error ("read cert %s failed", file);
836  goto end;
837  }
838 
839  pkey = X509_get_pubkey (x509);
840  X509_free (x509);
841  if (pkey == NULL)
842  ikev2_log_error ("get pubkey %s failed", file);
843 
844 end:
845  return pkey;
846 }
847 
848 EVP_PKEY *
849 ikev2_load_key_file (u8 * file)
850 {
851  FILE *fp;
852  EVP_PKEY *pkey = NULL;
853 
854  fp = fopen ((char *) file, "r");
855  if (!fp)
856  {
857  ikev2_log_error ("open %s failed", file);
858  goto end;
859  }
860 
861  pkey = PEM_read_PrivateKey (fp, NULL, NULL, NULL);
862  fclose (fp);
863  if (pkey == NULL)
864  ikev2_log_error ("read %s failed", file);
865 
866 end:
867  return pkey;
868 }
869 
870 void
871 ikev2_crypto_init (ikev2_main_t * km)
872 {
873  ikev2_sa_transform_t *tr;
874 
875  /* vector of supported transforms - in order of preference */
876 
877  //Encryption
878 
879  vec_add2 (km->supported_transforms, tr, 1);
880  tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
881  tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
882  tr->key_len = 256 / 8;
883  tr->block_size = 128 / 8;
884  tr->cipher = EVP_aes_256_cbc ();
885 
886  vec_add2 (km->supported_transforms, tr, 1);
887  tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
888  tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
889  tr->key_len = 192 / 8;
890  tr->block_size = 128 / 8;
891  tr->cipher = EVP_aes_192_cbc ();
892 
893  vec_add2 (km->supported_transforms, tr, 1);
894  tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
895  tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
896  tr->key_len = 128 / 8;
897  tr->block_size = 128 / 8;
898  tr->cipher = EVP_aes_128_cbc ();
899 
900  vec_add2 (km->supported_transforms, tr, 1);
901  tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
902  tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_GCM_16;
903  tr->key_len = 256 / 8;
904  tr->block_size = 128 / 8;
905  tr->cipher = EVP_aes_256_gcm ();
906 
907  vec_add2 (km->supported_transforms, tr, 1);
908  tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
909  tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_GCM_16;
910  tr->key_len = 192 / 8;
911  tr->block_size = 128 / 8;
912  tr->cipher = EVP_aes_192_gcm ();
913 
914  vec_add2 (km->supported_transforms, tr, 1);
915  tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
916  tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_GCM_16;
917  tr->key_len = 128 / 8;
918  tr->block_size = 128 / 8;
919  tr->cipher = EVP_aes_128_gcm ();
920 
921  //PRF
922  vec_add2 (km->supported_transforms, tr, 1);
923  tr->type = IKEV2_TRANSFORM_TYPE_PRF;
924  tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA2_256;
925  tr->key_len = 256 / 8;
926  tr->key_trunc = 256 / 8;
927  tr->md = EVP_sha256 ();
928 
929  vec_add2 (km->supported_transforms, tr, 1);
930  tr->type = IKEV2_TRANSFORM_TYPE_PRF;
931  tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA2_384;
932  tr->key_len = 384 / 8;
933  tr->key_trunc = 384 / 8;
934  tr->md = EVP_sha384 ();
935 
936  vec_add2 (km->supported_transforms, tr, 1);
937  tr->type = IKEV2_TRANSFORM_TYPE_PRF;
938  tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA2_512;
939  tr->key_len = 512 / 8;
940  tr->key_trunc = 512 / 8;
941  tr->md = EVP_sha512 ();
942 
943  vec_add2 (km->supported_transforms, tr, 1);
944  tr->type = IKEV2_TRANSFORM_TYPE_PRF;
945  tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA1;
946  tr->key_len = 160 / 8;
947  tr->key_trunc = 160 / 8;
948  tr->md = EVP_sha1 ();
949 
950  //Integrity
951  vec_add2 (km->supported_transforms, tr, 1);
952  tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
953  tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA2_256_128;
954  tr->key_len = 256 / 8;
955  tr->key_trunc = 128 / 8;
956  tr->md = EVP_sha256 ();
957 
958  vec_add2 (km->supported_transforms, tr, 1);
959  tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
960  tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA2_384_192;
961  tr->key_len = 384 / 8;
962  tr->key_trunc = 192 / 8;
963  tr->md = EVP_sha384 ();
964 
965  vec_add2 (km->supported_transforms, tr, 1);
966  tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
967  tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA2_512_256;
968  tr->key_len = 512 / 8;
969  tr->key_trunc = 256 / 8;
970  tr->md = EVP_sha512 ();
971 
972  vec_add2 (km->supported_transforms, tr, 1);
973  tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
974  tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA1_160;
975  tr->key_len = 160 / 8;
976  tr->key_trunc = 160 / 8;
977  tr->md = EVP_sha1 ();
978 
979  vec_add2 (km->supported_transforms, tr, 1);
980  tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
981  tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA1_96;
982  tr->key_len = 160 / 8;
983  tr->key_trunc = 96 / 8;
984  tr->md = EVP_sha1 ();
985 
986 
987 #if defined(OPENSSL_NO_CISCO_FECDH)
988  vec_add2 (km->supported_transforms, tr, 1);
989  tr->type = IKEV2_TRANSFORM_TYPE_DH;
990  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_512;
991  tr->key_len = (512 * 2) / 8;
992  tr->nid = NID_brainpoolP512r1;
993  tr->dh_group = IKEV2_DH_GROUP_ECP;
994 
995  vec_add2 (km->supported_transforms, tr, 1);
996  tr->type = IKEV2_TRANSFORM_TYPE_DH;
997  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_384;
998  tr->key_len = (384 * 2) / 8;
999  tr->nid = NID_brainpoolP384r1;
1000  tr->dh_group = IKEV2_DH_GROUP_ECP;
1001 
1002  vec_add2 (km->supported_transforms, tr, 1);
1003  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1004  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_256;
1005  tr->key_len = (256 * 2) / 8;
1006  tr->nid = NID_brainpoolP256r1;
1007  tr->dh_group = IKEV2_DH_GROUP_ECP;
1008 
1009  vec_add2 (km->supported_transforms, tr, 1);
1010  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1011  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_224;
1012  tr->key_len = (224 * 2) / 8;
1013  tr->nid = NID_brainpoolP224r1;
1014  tr->dh_group = IKEV2_DH_GROUP_ECP;
1015 
1016  vec_add2 (km->supported_transforms, tr, 1);
1017  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1018  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_224;
1019  tr->key_len = (224 * 2) / 8;
1020  tr->nid = NID_secp224r1;
1021  tr->dh_group = IKEV2_DH_GROUP_ECP;
1022 #endif
1023 
1024  vec_add2 (km->supported_transforms, tr, 1);
1025  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1026  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_521;
1027  tr->key_len = (528 * 2) / 8;
1028  tr->nid = NID_secp521r1;
1029  tr->dh_group = IKEV2_DH_GROUP_ECP;
1030 
1031  vec_add2 (km->supported_transforms, tr, 1);
1032  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1033  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_384;
1034  tr->key_len = (384 * 2) / 8;
1035  tr->nid = NID_secp384r1;
1036  tr->dh_group = IKEV2_DH_GROUP_ECP;
1037 
1038  vec_add2 (km->supported_transforms, tr, 1);
1039  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1040  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_256;
1041  tr->key_len = (256 * 2) / 8;
1042  tr->nid = NID_X9_62_prime256v1;
1043  tr->dh_group = IKEV2_DH_GROUP_ECP;
1044 
1045  vec_add2 (km->supported_transforms, tr, 1);
1046  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1047  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_192;
1048  tr->key_len = (192 * 2) / 8;
1049  tr->nid = NID_X9_62_prime192v1;
1050  tr->dh_group = IKEV2_DH_GROUP_ECP;
1051 
1052  vec_add2 (km->supported_transforms, tr, 1);
1053  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1054  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048_256;
1055  tr->key_len = 2048 / 8;
1056  tr->dh_p = (const char *) &modp_dh_2048_256_prime;
1057  tr->dh_g = (const char *) &modp_dh_2048_256_generator;
1058  tr->dh_group = IKEV2_DH_GROUP_MODP;
1059 
1060  vec_add2 (km->supported_transforms, tr, 1);
1061  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1062  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048_224;
1063  tr->key_len = 2048 / 8;
1064  tr->dh_p = (const char *) &modp_dh_2048_224_prime;
1065  tr->dh_g = (const char *) &modp_dh_2048_224_generator;
1066  tr->dh_group = IKEV2_DH_GROUP_MODP;
1067 
1068  vec_add2 (km->supported_transforms, tr, 1);
1069  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1070  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1024_160;
1071  tr->key_len = 1024 / 8;
1072  tr->dh_p = (const char *) &modp_dh_1024_160_prime;
1073  tr->dh_g = (const char *) &modp_dh_1024_160_generator;
1074  tr->dh_group = IKEV2_DH_GROUP_MODP;
1075 
1076  vec_add2 (km->supported_transforms, tr, 1);
1077  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1078  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_8192;
1079  tr->key_len = 8192 / 8;
1080  tr->dh_p = (const char *) &modp_dh_8192_prime;
1081  tr->dh_g = (const char *) &modp_dh_8192_generator;
1082  tr->dh_group = IKEV2_DH_GROUP_MODP;
1083 
1084  vec_add2 (km->supported_transforms, tr, 1);
1085  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1086  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_6144;
1087  tr->key_len = 6144 / 8;
1088  tr->dh_p = (const char *) &modp_dh_6144_prime;
1089  tr->dh_g = (const char *) &modp_dh_6144_generator;
1090  tr->dh_group = IKEV2_DH_GROUP_MODP;
1091 
1092  vec_add2 (km->supported_transforms, tr, 1);
1093  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1094  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_4096;
1095  tr->key_len = 4096 / 8;
1096  tr->dh_p = (const char *) &modp_dh_4096_prime;
1097  tr->dh_g = (const char *) &modp_dh_4096_generator;
1098  tr->dh_group = IKEV2_DH_GROUP_MODP;
1099 
1100  vec_add2 (km->supported_transforms, tr, 1);
1101  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1102  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_3072;
1103  tr->key_len = 3072 / 8;
1104  tr->dh_p = (const char *) &modp_dh_3072_prime;
1105  tr->dh_g = (const char *) &modp_dh_3072_generator;
1106  tr->dh_group = IKEV2_DH_GROUP_MODP;
1107 
1108  vec_add2 (km->supported_transforms, tr, 1);
1109  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1110  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048;
1111  tr->key_len = 2048 / 8;
1112  tr->dh_p = (const char *) &modp_dh_2048_prime;
1113  tr->dh_g = (const char *) &modp_dh_2048_generator;
1114  tr->dh_group = IKEV2_DH_GROUP_MODP;
1115 
1116  vec_add2 (km->supported_transforms, tr, 1);
1117  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1118  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1536;
1119  tr->key_len = 1536 / 8;
1120  tr->dh_p = (const char *) &modp_dh_1536_prime;
1121  tr->dh_g = (const char *) &modp_dh_1536_generator;
1122  tr->dh_group = IKEV2_DH_GROUP_MODP;
1123 
1124  vec_add2 (km->supported_transforms, tr, 1);
1125  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1126  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1024;
1127  tr->key_len = 1024 / 8;
1128  tr->dh_p = (const char *) &modp_dh_1024_prime;
1129  tr->dh_g = (const char *) &modp_dh_1024_generator;
1130  tr->dh_group = IKEV2_DH_GROUP_MODP;
1131 
1132  vec_add2 (km->supported_transforms, tr, 1);
1133  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1134  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_768;
1135  tr->key_len = 768 / 8;
1136  tr->dh_p = (const char *) &modp_dh_768_prime;
1137  tr->dh_g = (const char *) &modp_dh_768_generator;
1138  tr->dh_group = IKEV2_DH_GROUP_MODP;
1139 
1140  vec_add2 (km->supported_transforms, tr, 1);
1141  tr->type = IKEV2_TRANSFORM_TYPE_ESN;
1142  tr->esn_type = IKEV2_TRANSFORM_ESN_TYPE_ESN;
1143 
1144  vec_add2 (km->supported_transforms, tr, 1);
1145  tr->type = IKEV2_TRANSFORM_TYPE_ESN;
1146  tr->esn_type = IKEV2_TRANSFORM_ESN_TYPE_NO_ESN;
1147 }
1148 
1149 
1150 
1151 /*
1152  * fd.io coding-style-patch-verification: ON
1153  *
1154  * Local Variables:
1155  * eval: (c-set-style "gnu")
1156  * End:
1157  */
IKEV2_GCM_NONCE_SIZE
#define IKEV2_GCM_NONCE_SIZE
Definition: ikev2.h:29
ikev2_sa_t::dh_shared_key
u8 * dh_shared_key
Definition: ikev2_priv.h:382
ikev2_sa_t::dh_private_key
u8 * dh_private_key
Definition: ikev2_priv.h:383
ikev2_sa_transform_t::type
ikev2_transform_type_t type
Definition: ikev2_priv.h:215
pad
u8 pad[3]
log2 (size of the packing page block)
Definition: bihash_doc.h:61
modp_dh_1536_prime
static const char modp_dh_1536_prime[]
Definition: ikev2_crypto.c:47
modp_dh_3072_generator
static const char modp_dh_3072_generator[]
Definition: ikev2_crypto.c:89
ikev2_init_gcm_nonce
static_always_inline void ikev2_init_gcm_nonce(u8 *nonce, u8 *salt, u8 *iv)
Definition: ikev2_crypto.c:346
BN_bn2binpad
int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen)
Definition: ikev2_crypto.c:484
a
a
Definition: bitmap.h:538
IKEV2_DH_GROUP_ECP
Definition: ikev2_priv.h:210
ikev2_encrypt_data
int ikev2_encrypt_data(ikev2_main_per_thread_data_t *ptd, ikev2_sa_t *sa, ikev2_sa_transform_t *tr_encr, v8 *src, u8 *dst)
Definition: ikev2_crypto.c:455
modp_dh_8192_prime
static const char modp_dh_8192_prime[]
Definition: ikev2_crypto.c:146
modp_dh_4096_prime
static const char modp_dh_4096_prime[]
Definition: ikev2_crypto.c:91
v8
u8 v8
Definition: ikev2.h:33
ikev2_sa_transform_t::block_size
u16 block_size
Definition: ikev2_priv.h:228
clib_memset
clib_memset(h->entries, 0, sizeof(h->entries[0]) *entries)
ikev2_calc_prf
v8 * ikev2_calc_prf(ikev2_sa_transform_t *tr, v8 *key, v8 *data)
Definition: ikev2_crypto.c:257
modp_dh_8192_generator
static const char modp_dh_8192_generator[]
Definition: ikev2_crypto.c:190
ikev2_elog_error
#define ikev2_elog_error(_msg)
Definition: ikev2_priv.h:170
ikev2_elog_debug
#define ikev2_elog_debug(_msg)
Definition: ikev2_priv.h:174
ikev2_main_per_thread_data_t::hmac_ctx
HMAC_CTX * hmac_ctx
Definition: ikev2_priv.h:463
ikev2_sa_transform_t::esn_type
ikev2_transform_esn_type_t esn_type
Definition: ikev2_priv.h:223
modp_dh_768_generator
static const char modp_dh_768_generator[]
Definition: ikev2_crypto.c:36
src
vl_api_address_t src
Definition: gre.api:54
vec_add2
#define vec_add2(V, P, N)
Add N elements to end of vector V, return pointer to new elements in P.
Definition: vec.h:630
modp_dh_1024_prime
static const char modp_dh_1024_prime[]
Definition: ikev2_crypto.c:38
IKEV2_GCM_ICV_SIZE
#define IKEV2_GCM_ICV_SIZE
Definition: ikev2.h:28
u8
unsigned char u8
Definition: types.h:56
data
u8 data[128]
Definition: ipsec_types.api:89
ikev2_sa_transform_t::nid
int nid
Definition: ikev2_priv.h:230
clib_memcpy
#define clib_memcpy(d, s, n)
Definition: string.h:180
modp_dh_6144_prime
static const char modp_dh_6144_prime[]
Definition: ikev2_crypto.c:115
modp_dh_768_prime
static const char modp_dh_768_prime[]
Definition: ikev2_crypto.c:31
ikev2_main_t
Definition: ikev2_priv.h:470
static_always_inline
#define static_always_inline
Definition: clib.h:108
ikev2_generate_dh
void ikev2_generate_dh(ikev2_sa_t *sa, ikev2_sa_transform_t *t)
Definition: ikev2_crypto.c:500
ikev2_load_cert_file
EVP_PKEY * ikev2_load_cert_file(u8 *file)
Definition: ikev2_crypto.c:818
vec_new
#define vec_new(T, N)
Create new vector of given type and length (unspecified alignment, no header).
Definition: vec.h:350
ikev2_load_key_file
EVP_PKEY * ikev2_load_key_file(u8 *file)
Definition: ikev2_crypto.c:849
modp_dh_1024_160_prime
static const char modp_dh_1024_160_prime[]
Definition: ikev2_crypto.c:193
salt
u32 salt
Definition: ipsec_types.api:131
u32
unsigned int u32
Definition: types.h:88
ikev2_sa_t::r_dh_data
u8 * r_dh_data
Definition: ikev2_priv.h:385
IKEV2_GCM_SALT_SIZE
#define IKEV2_GCM_SALT_SIZE
Definition: ikev2.h:30
ikev2_calc_prfplus
u8 * ikev2_calc_prfplus(ikev2_sa_transform_t *tr, u8 *key, u8 *seed, int len)
Definition: ikev2_crypto.c:274
vec_insert
#define vec_insert(V, N, M)
Insert N vector elements starting at element M, initialize new elements to zero (no header...
Definition: vec.h:755
iv
static u8 iv[]
Definition: aes_cbc.c:24
modp_dh_1024_generator
static const char modp_dh_1024_generator[]
Definition: ikev2_crypto.c:44
ikev2_sa_t::i_dh_data
u8 * i_dh_data
Definition: ikev2_priv.h:384
ctx
long ctx[MAX_CONNS]
Definition: main.c:144
modp_dh_2048_256_prime
static const char modp_dh_2048_256_prime[]
Definition: ikev2_crypto.c:231
u16
unsigned short u16
Definition: types.h:57
data_len
u8 data_len
Definition: ikev2_types.api:24
ikev2_main_per_thread_data_t::evp_ctx
EVP_CIPHER_CTX * evp_ctx
Definition: ikev2_priv.h:462
IKEV2_DH_GROUP_MODP
Definition: ikev2_priv.h:209
ikev2_main_t::supported_transforms
ikev2_sa_transform_t * supported_transforms
Definition: ikev2_priv.h:476
block_size
u16 block_size
Definition: ikev2_types.api:97
ikev2_decrypt_data
int ikev2_decrypt_data(ikev2_main_per_thread_data_t *ptd, ikev2_sa_t *sa, ikev2_sa_transform_t *tr_encr, u8 *data, int len, u32 *out_len)
Definition: ikev2_crypto.c:391
ikev2_sa_transform_t::dh_group
u8 dh_group
Definition: ikev2_priv.h:229
ikev2_verify_sign
int ikev2_verify_sign(EVP_PKEY *pkey, u8 *sigbuf, u8 *data)
Definition: ikev2_crypto.c:755
ikev2_sa_transform_t
Definition: ikev2_priv.h:213
ikev2_get_per_thread_data
static_always_inline ikev2_main_per_thread_data_t * ikev2_get_per_thread_data()
Definition: ikev2_priv.h:597
modp_dh_1536_generator
static const char modp_dh_1536_generator[]
Definition: ikev2_crypto.c:56
dst
vl_api_address_t dst
Definition: gre.api:55
prf
vl_api_ikev2_sa_transform_t prf
Definition: ikev2_types.api:149
len
u8 len
Definition: ip_types.api:92
ikev2_sa_t::sk_ei
u8 * sk_ei
Definition: ikev2_priv.h:395
modp_dh_3072_prime
static const char modp_dh_3072_prime[]
Definition: ikev2_crypto.c:72
ikev2_sa_transform_t::dh_type
ikev2_transform_dh_type_t dh_type
Definition: ikev2_priv.h:222
ikev2_sa_t
Definition: ikev2_priv.h:368
vec_free
#define vec_free(V)
Free vector&#39;s memory (no header).
Definition: vec.h:380
ikev2_sa_t::sk_er
u8 * sk_er
Definition: ikev2_priv.h:396
ikev2_sa_t::is_initiator
u8 is_initiator
Definition: ikev2_priv.h:423
dh
vl_api_ikev2_sa_transform_t dh
Definition: ikev2_types.api:150
ikev2_sa_transform_t::cipher
const void * cipher
Definition: ikev2_priv.h:234
ikev2_log_error
#define ikev2_log_error(...)
Definition: ikev2_priv.h:180
ikev2_priv.h
modp_dh_2048_generator
static const char modp_dh_2048_generator[]
Definition: ikev2_crypto.c:70
ASSERT
#define ASSERT(truth)
Definition: error_bootstrap.h:69
modp_dh_6144_generator
static const char modp_dh_6144_generator[]
Definition: ikev2_crypto.c:144
ikev2_decrypt_aead_data
int ikev2_decrypt_aead_data(ikev2_main_per_thread_data_t *ptd, ikev2_sa_t *sa, ikev2_sa_transform_t *tr_encr, u8 *data, int data_len, u8 *aad, u32 aad_len, u8 *tag, u32 *out_len)
Definition: ikev2_crypto.c:353
ikev2_main_per_thread_data_t
Definition: ikev2_priv.h:452
ikev2_complete_dh
void ikev2_complete_dh(ikev2_sa_t *sa, ikev2_sa_transform_t *t)
Definition: ikev2_crypto.c:648
vec_append
#define vec_append(v1, v2)
Append v2 after v1.
Definition: vec.h:890
ikev2_encrypt_aead_data
int ikev2_encrypt_aead_data(ikev2_main_per_thread_data_t *ptd, ikev2_sa_t *sa, ikev2_sa_transform_t *tr_encr, v8 *src, u8 *dst, u8 *aad, u32 aad_len, u8 *tag)
Definition: ikev2_crypto.c:424
ikev2_sa_transform_t::dh_p
const char * dh_p
Definition: ikev2_priv.h:231
modp_dh_1024_160_generator
static const char modp_dh_1024_160_generator[]
Definition: ikev2_crypto.c:199
ikev2_sa_transform_t::md
const void * md
Definition: ikev2_priv.h:233
key
typedef key
Definition: ipsec_types.api:85
ikev2_sa_transform_t::encr_type
ikev2_transform_encr_type_t encr_type
Definition: ikev2_priv.h:219
ikev2_sa_transform_t::dh_g
const char * dh_g
Definition: ikev2_priv.h:232
ikev2_sa_transform_t::integ_type
ikev2_transform_integ_type_t integ_type
Definition: ikev2_priv.h:221
modp_dh_4096_generator
static const char modp_dh_4096_generator[]
Definition: ikev2_crypto.c:113
ikev2_sa_transform_t::key_len
u16 key_len
Definition: ikev2_priv.h:226
modp_dh_2048_prime
static const char modp_dh_2048_prime[]
Definition: ikev2_crypto.c:58
vec_len
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
Definition: vec_bootstrap.h:142
ikev2_sa_transform_t::prf_type
ikev2_transform_prf_type_t prf_type
Definition: ikev2_priv.h:220
end
f64 end
end of the time range
Definition: mactime.api:44
modp_dh_2048_224_generator
static const char modp_dh_2048_224_generator[]
Definition: ikev2_crypto.c:218
modp_dh_2048_256_generator
static const char modp_dh_2048_256_generator[]
Definition: ikev2_crypto.c:243
ikev2_crypto_init
void ikev2_crypto_init(ikev2_main_t *km)
Definition: ikev2_crypto.c:871
ikev2_calc_sign
u8 * ikev2_calc_sign(EVP_PKEY *pkey, u8 *data)
Definition: ikev2_crypto.c:784
ikev2_calc_integr
v8 * ikev2_calc_integr(ikev2_sa_transform_t *tr, v8 *key, u8 *data, int len)
Definition: ikev2_crypto.c:316
modp_dh_2048_224_prime
static const char modp_dh_2048_224_prime[]
Definition: ikev2_crypto.c:206
ikev2_sa_transform_t::key_trunc
u16 key_trunc
Definition: ikev2_priv.h:227
IKEV2_GCM_IV_SIZE
#define IKEV2_GCM_IV_SIZE
Definition: ikev2.h:31