FD.io VPP  v21.01.1
Vector Packet Processing
ikev2_crypto.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2015 Cisco and/or its affiliates.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at:
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include <vlib/vlib.h>
17 #include <vnet/vnet.h>
18 #include <vppinfra/error.h>
19 #include <plugins/ikev2/ikev2.h>
20 #include <plugins/ikev2/ikev2_priv.h>
21 #include <openssl/obj_mac.h>
22 #include <openssl/ec.h>
23 #include <openssl/x509.h>
24 #include <openssl/pem.h>
25 #include <openssl/bn.h>
26 #include <openssl/dh.h>
27 
28 /* from RFC7296 */
29 static const char modp_dh_768_prime[] =
30  "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
31  "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
32  "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
33  "E485B576625E7EC6F44C42E9A63A3620FFFFFFFFFFFFFFFF";
34 static const char modp_dh_768_generator[] = "02";
35 
36 static const char modp_dh_1024_prime[] =
37  "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
38  "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
39  "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
40  "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
41  "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381" "FFFFFFFFFFFFFFFF";
42 static const char modp_dh_1024_generator[] = "02";
43 
44 /* from RFC3526 */
45 static const char modp_dh_1536_prime[] =
46  "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
47  "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
48  "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
49  "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
50  "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
51  "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
52  "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
53  "670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF";
54 static const char modp_dh_1536_generator[] = "02";
55 
56 static const char modp_dh_2048_prime[] =
57  "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
58  "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
59  "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
60  "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
61  "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
62  "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
63  "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
64  "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
65  "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
66  "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
67  "15728E5A8AACAA68FFFFFFFFFFFFFFFF";
68 static const char modp_dh_2048_generator[] = "02";
69 
70 static const char modp_dh_3072_prime[] =
71  "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
72  "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
73  "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
74  "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
75  "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
76  "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
77  "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
78  "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
79  "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
80  "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
81  "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
82  "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
83  "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
84  "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
85  "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
86  "43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF";
87 static const char modp_dh_3072_generator[] = "02";
88 
89 static const char modp_dh_4096_prime[] =
90  "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
91  "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
92  "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
93  "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
94  "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
95  "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
96  "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
97  "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
98  "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
99  "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
100  "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
101  "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
102  "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
103  "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
104  "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
105  "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7"
106  "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA"
107  "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6"
108  "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED"
109  "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9"
110  "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199" "FFFFFFFFFFFFFFFF";
111 static const char modp_dh_4096_generator[] = "02";
112 
113 static const char modp_dh_6144_prime[] =
114  "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E08"
115  "8A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B"
116  "302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9"
117  "A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE6"
118  "49286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8"
119  "FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D"
120  "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C"
121  "180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF695581718"
122  "3995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D"
123  "04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7D"
124  "B3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D226"
125  "1AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
126  "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFC"
127  "E0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B26"
128  "99C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB"
129  "04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2"
130  "233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127"
131  "D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492"
132  "36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406"
133  "AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918"
134  "DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B33205151"
135  "2BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03"
136  "F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97F"
137  "BEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA"
138  "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58B"
139  "B7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632"
140  "387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E"
141  "6DCC4024FFFFFFFFFFFFFFFF";
142 static const char modp_dh_6144_generator[] = "02";
143 
144 static const char modp_dh_8192_prime[] =
145  "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
146  "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
147  "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
148  "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
149  "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
150  "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
151  "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
152  "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
153  "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
154  "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
155  "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
156  "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
157  "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
158  "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
159  "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
160  "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7"
161  "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA"
162  "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6"
163  "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED"
164  "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9"
165  "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492"
166  "36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BD"
167  "F8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831"
168  "179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1B"
169  "DB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF"
170  "5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6"
171  "D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F3"
172  "23A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA"
173  "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE328"
174  "06A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55C"
175  "DA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE"
176  "12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E4"
177  "38777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300"
178  "741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F568"
179  "3423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD9"
180  "22222E04A4037C0713EB57A81A23F0C73473FC646CEA306B"
181  "4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A"
182  "062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A36"
183  "4597E899A0255DC164F31CC50846851DF9AB48195DED7EA1"
184  "B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F92"
185  "4009438B481C6CD7889A002ED5EE382BC9190DA6FC026E47"
186  "9558E4475677E9AA9E3050E2765694DFC81F56E880B96E71"
187  "60C980DD98EDD3DFFFFFFFFFFFFFFFFF";
188 static const char modp_dh_8192_generator[] = "02";
189 
190 /* from RFC5114 */
191 static const char modp_dh_1024_160_prime[] =
192  "B10B8F96A080E01DDE92DE5EAE5D54EC52C99FBCFB06A3C6"
193  "9A6A9DCA52D23B616073E28675A23D189838EF1E2EE652C0"
194  "13ECB4AEA906112324975C3CD49B83BFACCBDD7D90C4BD70"
195  "98488E9C219A73724EFFD6FAE5644738FAA31A4FF55BCCC0"
196  "A151AF5F0DC8B4BD45BF37DF365C1A65E68CFDA76D4DA708" "DF1FB2BC2E4A4371";
197 static const char modp_dh_1024_160_generator[] =
198  "A4D1CBD5C3FD34126765A442EFB99905F8104DD258AC507F"
199  "D6406CFF14266D31266FEA1E5C41564B777E690F5504F213"
200  "160217B4B01B886A5E91547F9E2749F4D7FBD7D3B9A92EE1"
201  "909D0D2263F80A76A6A24C087A091F531DBF0A0169B6A28A"
202  "D662A4D18E73AFA32D779D5918D08BC8858F4DCEF97C2A24" "855E6EEB22B3B2E5";
203 
204 static const char modp_dh_2048_224_prime[] =
205  "AD107E1E9123A9D0D660FAA79559C51FA20D64E5683B9FD1"
206  "B54B1597B61D0A75E6FA141DF95A56DBAF9A3C407BA1DF15"
207  "EB3D688A309C180E1DE6B85A1274A0A66D3F8152AD6AC212"
208  "9037C9EDEFDA4DF8D91E8FEF55B7394B7AD5B7D0B6C12207"
209  "C9F98D11ED34DBF6C6BA0B2C8BBC27BE6A00E0A0B9C49708"
210  "B3BF8A317091883681286130BC8985DB1602E714415D9330"
211  "278273C7DE31EFDC7310F7121FD5A07415987D9ADC0A486D"
212  "CDF93ACC44328387315D75E198C641A480CD86A1B9E587E8"
213  "BE60E69CC928B2B9C52172E413042E9B23F10B0E16E79763"
214  "C9B53DCF4BA80A29E3FB73C16B8E75B97EF363E2FFA31F71"
215  "CF9DE5384E71B81C0AC4DFFE0C10E64F";
216 static const char modp_dh_2048_224_generator[] =
217  "AC4032EF4F2D9AE39DF30B5C8FFDAC506CDEBE7B89998CAF"
218  "74866A08CFE4FFE3A6824A4E10B9A6F0DD921F01A70C4AFA"
219  "AB739D7700C29F52C57DB17C620A8652BE5E9001A8D66AD7"
220  "C17669101999024AF4D027275AC1348BB8A762D0521BC98A"
221  "E247150422EA1ED409939D54DA7460CDB5F6C6B250717CBE"
222  "F180EB34118E98D119529A45D6F834566E3025E316A330EF"
223  "BB77A86F0C1AB15B051AE3D428C8F8ACB70A8137150B8EEB"
224  "10E183EDD19963DDD9E263E4770589EF6AA21E7F5F2FF381"
225  "B539CCE3409D13CD566AFBB48D6C019181E1BCFE94B30269"
226  "EDFE72FE9B6AA4BD7B5A0F1C71CFFF4C19C418E1F6EC0179"
227  "81BC087F2A7065B384B890D3191F2BFA";
228 
229 static const char modp_dh_2048_256_prime[] =
230  "87A8E61DB4B6663CFFBBD19C651959998CEEF608660DD0F2"
231  "5D2CEED4435E3B00E00DF8F1D61957D4FAF7DF4561B2AA30"
232  "16C3D91134096FAA3BF4296D830E9A7C209E0C6497517ABD"
233  "5A8A9D306BCF67ED91F9E6725B4758C022E0B1EF4275BF7B"
234  "6C5BFC11D45F9088B941F54EB1E59BB8BC39A0BF12307F5C"
235  "4FDB70C581B23F76B63ACAE1CAA6B7902D52526735488A0E"
236  "F13C6D9A51BFA4AB3AD8347796524D8EF6A167B5A41825D9"
237  "67E144E5140564251CCACB83E6B486F6B3CA3F7971506026"
238  "C0B857F689962856DED4010ABD0BE621C3A3960A54E710C3"
239  "75F26375D7014103A4B54330C198AF126116D2276E11715F"
240  "693877FAD7EF09CADB094AE91E1A1597";
241 static const char modp_dh_2048_256_generator[] =
242  "3FB32C9B73134D0B2E77506660EDBD484CA7B18F21EF2054"
243  "07F4793A1A0BA12510DBC15077BE463FFF4FED4AAC0BB555"
244  "BE3A6C1B0C6B47B1BC3773BF7E8C6F62901228F8C28CBB18"
245  "A55AE31341000A650196F931C77A57F2DDF463E5E9EC144B"
246  "777DE62AAAB8A8628AC376D282D6ED3864E67982428EBC83"
247  "1D14348F6F2F9193B5045AF2767164E1DFC967C1FB3F2E55"
248  "A4BD1BFFE83B9C80D052B985D182EA0ADB2A3B7313D3FE14"
249  "C8484B1E052588B9B7D2BBD2DF016199ECD06E1557CD0915"
250  "B3353BBB64E0EC377FD028370DF92B52C7891428CDC67EB6"
251  "184B523D1DB246C32F63078490F00EF8D647D148D4795451"
252  "5E2327CFEF98C582664B4C0F6CC41659";
253 
254 v8 *
255 ikev2_calc_prf (ikev2_sa_transform_t * tr, v8 * key, v8 * data)
256 {
257  ikev2_main_per_thread_data_t *ptd = ikev2_get_per_thread_data ();
258  HMAC_CTX *ctx = ptd->hmac_ctx;
259  v8 *prf;
260  unsigned int len = 0;
261 
262  prf = vec_new (u8, tr->key_trunc);
263  HMAC_Init_ex (ctx, key, vec_len (key), tr->md, NULL);
264  HMAC_Update (ctx, data, vec_len (data));
265  HMAC_Final (ctx, prf, &len);
266  ASSERT (len == tr->key_trunc);
267 
268  return prf;
269 }
270 
271 u8 *
272 ikev2_calc_prfplus (ikev2_sa_transform_t * tr, u8 * key, u8 * seed, int len)
273 {
274  v8 *t = 0, *s = 0, *tmp = 0, *ret = 0;
275  u8 x = 0;
276 
277  /* prf+ (K,S) = T1 | T2 | T3 | T4 | ...
278 
279  where:
280  T1 = prf (K, S | 0x01)
281  T2 = prf (K, T1 | S | 0x02)
282  T3 = prf (K, T2 | S | 0x03)
283  T4 = prf (K, T3 | S | 0x04)
284  */
285 
286  while (vec_len (ret) < len && x < 255)
287  {
288  if (t)
289  {
290  vec_append (s, t);
291  vec_free (t);
292  }
293 
294  vec_append (s, seed);
295  vec_add2 (s, tmp, 1);
296  *tmp = x + 1;
297  t = ikev2_calc_prf (tr, key, s);
298  vec_append (ret, t);
299  vec_free (s);
300  x++;
301  }
302 
303  vec_free (t);
304 
305  if (x == 255)
306  {
307  vec_free (ret);
308  }
309 
310  return ret;
311 }
312 
313 v8 *
314 ikev2_calc_integr (ikev2_sa_transform_t * tr, v8 * key, u8 * data, int len)
315 {
316  ikev2_main_per_thread_data_t *ptd = ikev2_get_per_thread_data ();
317  HMAC_CTX *ctx = ptd->hmac_ctx;
318  v8 *r;
319  unsigned int l;
320 
321  ASSERT (tr->type == IKEV2_TRANSFORM_TYPE_INTEG);
322 
323  r = vec_new (u8, tr->key_len);
324 
325  if (tr->md == EVP_sha1 ())
326  {
327  ikev2_elog_debug ("integrity checking with sha1");
328  }
329  else if (tr->md == EVP_sha256 ())
330  {
331  ikev2_elog_debug ("integrity checking with sha256");
332  }
333 
334  /* verify integrity of data */
335  HMAC_Init_ex (ctx, key, vec_len (key), tr->md, NULL);
336  HMAC_Update (ctx, (const u8 *) data, len);
337  HMAC_Final (ctx, r, &l);
338  ASSERT (l == tr->key_len);
339 
340  return r;
341 }
342 
343 static_always_inline void
344 ikev2_init_gcm_nonce (u8 * nonce, u8 * salt, u8 * iv)
345 {
346  clib_memcpy (nonce, salt, IKEV2_GCM_SALT_SIZE);
347  clib_memcpy (nonce + IKEV2_GCM_SALT_SIZE, iv, IKEV2_GCM_IV_SIZE);
348 }
349 
350 int
351 ikev2_decrypt_aead_data (ikev2_main_per_thread_data_t * ptd, ikev2_sa_t * sa,
352  ikev2_sa_transform_t * tr_encr, u8 * data,
353  int data_len, u8 * aad, u32 aad_len, u8 * tag,
354  u32 * out_len)
355 {
356  EVP_CIPHER_CTX *ctx = ptd->evp_ctx;
357  int len = 0;
358  u8 *key = sa->is_initiator ? sa->sk_er : sa->sk_ei;
359  u8 nonce[IKEV2_GCM_NONCE_SIZE];
360 
361  if (data_len <= IKEV2_GCM_IV_SIZE)
362  /* runt data */
363  return 0;
364 
365  /* extract salt from the end of the key */
366  u8 *salt = key + vec_len (key) - IKEV2_GCM_SALT_SIZE;
367  ikev2_init_gcm_nonce (nonce, salt, data);
368 
369  data += IKEV2_GCM_IV_SIZE;
370  data_len -= IKEV2_GCM_IV_SIZE;
371 
372  EVP_DecryptInit_ex (ctx, tr_encr->cipher, 0, 0, 0);
373  EVP_CIPHER_CTX_ctrl (ctx, EVP_CTRL_GCM_SET_IVLEN, 12, 0);
374  EVP_DecryptInit_ex (ctx, 0, 0, key, nonce);
375  EVP_DecryptUpdate (ctx, 0, &len, aad, aad_len);
376  EVP_DecryptUpdate (ctx, data, &len, data, data_len);
377  EVP_CIPHER_CTX_ctrl (ctx, EVP_CTRL_GCM_SET_TAG, IKEV2_GCM_ICV_SIZE, tag);
378 
379  if (EVP_DecryptFinal_ex (ctx, data + len, &len) > 0)
380  {
381  *out_len = data_len - data[data_len - 1] - 1;
382  return 1;
383  }
384 
385  return 0;
386 }
387 
388 int
389 ikev2_decrypt_data (ikev2_main_per_thread_data_t * ptd, ikev2_sa_t * sa,
390  ikev2_sa_transform_t * tr_encr, u8 * data, int len,
391  u32 * out_len)
392 {
393  EVP_CIPHER_CTX *ctx = ptd->evp_ctx;
394  int tmp_len = 0, block_size;
395  u8 *key = sa->is_initiator ? sa->sk_er : sa->sk_ei;
396  block_size = tr_encr->block_size;
397  u8 *iv = data;
398 
399  /* check if data is multiplier of cipher block size */
400  if (len % block_size)
401  {
402  ikev2_elog_error ("wrong data length");
403  return 0;
404  }
405  data += block_size;
406  len -= block_size;
407 
408  EVP_DecryptInit_ex (ctx, tr_encr->cipher, NULL, key, iv);
409  EVP_CIPHER_CTX_set_padding (ctx, 0);
410  EVP_DecryptUpdate (ctx, data, &tmp_len, data, len);
411 
412  if (EVP_DecryptFinal_ex (ctx, data + tmp_len, &tmp_len) > 0)
413  {
414  *out_len = len - data[len - 1] - 1;
415  return 1;
416  }
417 
418  return 0;
419 }
420 
421 int
422 ikev2_encrypt_aead_data (ikev2_main_per_thread_data_t * ptd, ikev2_sa_t * sa,
423  ikev2_sa_transform_t * tr_encr,
424  v8 * src, u8 * dst, u8 * aad, u32 aad_len, u8 * tag)
425 {
426  EVP_CIPHER_CTX *ctx = ptd->evp_ctx;
427  int out_len = 0, len = 0;
428  u8 nonce[IKEV2_GCM_NONCE_SIZE];
429  u8 *key = sa->is_initiator ? sa->sk_ei : sa->sk_er;
430  if (!key)
431  return 0;
432 
433  /* generate IV; its length must be 8 octets for aes-gcm (rfc5282) */
434  RAND_bytes (dst, IKEV2_GCM_IV_SIZE);
435  ikev2_init_gcm_nonce (nonce, key + vec_len (key) - IKEV2_GCM_SALT_SIZE,
436  dst);
437  dst += IKEV2_GCM_IV_SIZE;
438 
439  EVP_EncryptInit_ex (ctx, tr_encr->cipher, 0, 0, 0);
440  EVP_CIPHER_CTX_ctrl (ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL);
441  EVP_EncryptInit_ex (ctx, 0, 0, key, nonce);
442  EVP_EncryptUpdate (ctx, NULL, &out_len, aad, aad_len);
443  EVP_EncryptUpdate (ctx, dst, &out_len, src, vec_len (src));
444  EVP_EncryptFinal_ex (ctx, dst + out_len, &len);
445  EVP_CIPHER_CTX_ctrl (ctx, EVP_CTRL_GCM_GET_TAG, 16, tag);
446  out_len += len;
447  ASSERT (vec_len (src) == out_len);
448 
449  return out_len + IKEV2_GCM_IV_SIZE;
450 }
451 
452 int
453 ikev2_encrypt_data (ikev2_main_per_thread_data_t * ptd, ikev2_sa_t * sa,
454  ikev2_sa_transform_t * tr_encr, v8 * src, u8 * dst)
455 {
456  EVP_CIPHER_CTX *ctx = ptd->evp_ctx;
457  int out_len = 0, len = 0;
458  int bs = tr_encr->block_size;
459  u8 *key = sa->is_initiator ? sa->sk_ei : sa->sk_er;
460  if (!key)
461  return 0;
462 
463  /* generate IV */
464  u8 *iv = dst;
465  RAND_bytes (iv, bs);
466  dst += bs;
467 
468  EVP_EncryptInit_ex (ctx, tr_encr->cipher, NULL, key, iv);
469  /* disable padding as pad data were added before */
470  EVP_CIPHER_CTX_set_padding (ctx, 0);
471  EVP_EncryptUpdate (ctx, dst, &out_len, src, vec_len (src));
472  EVP_EncryptFinal_ex (ctx, dst + out_len, &len);
473 
474  out_len += len;
475  ASSERT (vec_len (src) == out_len);
476 
477  return out_len + bs;
478 }
479 
480 #ifndef BN_bn2binpad
481 int
482 BN_bn2binpad (const BIGNUM * a, unsigned char *to, int tolen)
483 {
484  int r = BN_bn2bin (a, to);
485  ASSERT (tolen >= r);
486  int pad = tolen - r;
487  if (pad)
488  {
489  vec_insert (to, pad, 0);
490  clib_memset (to, 0, pad);
491  _vec_len (to) -= pad;
492  }
493  return tolen;
494 }
495 #endif
496 
497 void
498 ikev2_generate_dh (ikev2_sa_t * sa, ikev2_sa_transform_t * t)
499 {
500  int r;
501 
502  if (t->dh_group == IKEV2_DH_GROUP_MODP)
503  {
504  DH *dh = DH_new ();
505 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
506  BIGNUM *p = NULL;
507  BIGNUM *g = NULL;
508  const BIGNUM *pub_key, *priv_key;
509 
510  BN_hex2bn (&p, t->dh_p);
511  BN_hex2bn (&g, t->dh_g);
512  DH_set0_pqg (dh, p, NULL, g);
513 #else
514  BN_hex2bn (&dh->p, t->dh_p);
515  BN_hex2bn (&dh->g, t->dh_g);
516 #endif
517  DH_generate_key (dh);
518 
519  if (sa->is_initiator)
520  {
521  sa->i_dh_data = vec_new (u8, t->key_len);
522  sa->dh_private_key = vec_new (u8, t->key_len);
523 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
524  DH_get0_key (dh, &pub_key, &priv_key);
525  r = BN_bn2binpad (pub_key, sa->i_dh_data, t->key_len);
526  ASSERT (r == t->key_len);
527  r = BN_bn2binpad (priv_key, sa->dh_private_key, t->key_len);
528 #else
529  r = BN_bn2binpad (dh->pub_key, sa->i_dh_data, t->key_len);
530  ASSERT (r == t->key_len);
531  r = BN_bn2binpad (dh->priv_key, sa->dh_private_key, t->key_len);
532 #endif
533  ASSERT (r == t->key_len);
534  }
535  else
536  {
537  sa->r_dh_data = vec_new (u8, t->key_len);
538 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
539  DH_get0_key (dh, &pub_key, &priv_key);
540  r = BN_bn2binpad (pub_key, sa->r_dh_data, t->key_len);
541 #else
542  r = BN_bn2binpad (dh->pub_key, sa->r_dh_data, t->key_len);
543 #endif
544  ASSERT (r == t->key_len);
545 
546  BIGNUM *ex;
547  sa->dh_shared_key = vec_new (u8, t->key_len);
548  ex = BN_bin2bn (sa->i_dh_data, vec_len (sa->i_dh_data), NULL);
549  r = DH_compute_key (sa->dh_shared_key, ex, dh);
550  ASSERT (t->key_len >= r);
551  int pad = t->key_len - r;
552  if (pad)
553  {
554  vec_insert (sa->dh_shared_key, pad, 0);
555  clib_memset (sa->dh_shared_key, 0, pad);
556  _vec_len (sa->dh_shared_key) -= pad;
557  }
558  BN_clear_free (ex);
559  }
560  DH_free (dh);
561  }
562  else if (t->dh_group == IKEV2_DH_GROUP_ECP)
563  {
564  EC_KEY *ec = EC_KEY_new_by_curve_name (t->nid);
565  ASSERT (ec);
566 
567  EC_KEY_generate_key (ec);
568 
569  const EC_POINT *r_point = EC_KEY_get0_public_key (ec);
570  const EC_GROUP *group = EC_KEY_get0_group (ec);
571  BIGNUM *x = NULL, *y = NULL;
572  BN_CTX *bn_ctx = BN_CTX_new ();
573  u16 x_off, y_off, len;
574  EC_POINT *i_point = EC_POINT_new (group);
575  EC_POINT *shared_point = EC_POINT_new (group);
576 
577  x = BN_new ();
578  y = BN_new ();
579  len = t->key_len / 2;
580 
581 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
582  EC_POINT_get_affine_coordinates (group, r_point, x, y, bn_ctx);
583 #else
584  EC_POINT_get_affine_coordinates_GFp (group, r_point, x, y, bn_ctx);
585 #endif
586 
587  if (sa->is_initiator)
588  {
589  sa->i_dh_data = vec_new (u8, t->key_len);
590  x_off = len - BN_num_bytes (x);
591  clib_memset (sa->i_dh_data, 0, x_off);
592  BN_bn2bin (x, sa->i_dh_data + x_off);
593  y_off = t->key_len - BN_num_bytes (y);
594  clib_memset (sa->i_dh_data + len, 0, y_off - len);
595  BN_bn2bin (y, sa->i_dh_data + y_off);
596 
597  const BIGNUM *prv = EC_KEY_get0_private_key (ec);
598  sa->dh_private_key = vec_new (u8, BN_num_bytes (prv));
599  r = BN_bn2bin (prv, sa->dh_private_key);
600  ASSERT (r == BN_num_bytes (prv));
601  }
602  else
603  {
604  sa->r_dh_data = vec_new (u8, t->key_len);
605  x_off = len - BN_num_bytes (x);
606  clib_memset (sa->r_dh_data, 0, x_off);
607  BN_bn2bin (x, sa->r_dh_data + x_off);
608  y_off = t->key_len - BN_num_bytes (y);
609  clib_memset (sa->r_dh_data + len, 0, y_off - len);
610  BN_bn2bin (y, sa->r_dh_data + y_off);
611 
612  x = BN_bin2bn (sa->i_dh_data, len, x);
613  y = BN_bin2bn (sa->i_dh_data + len, len, y);
614 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
615  EC_POINT_set_affine_coordinates (group, i_point, x, y, bn_ctx);
616 #else
617  EC_POINT_set_affine_coordinates_GFp (group, i_point, x, y, bn_ctx);
618 #endif
619  sa->dh_shared_key = vec_new (u8, t->key_len);
620  EC_POINT_mul (group, shared_point, NULL, i_point,
621  EC_KEY_get0_private_key (ec), NULL);
622 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
623  EC_POINT_get_affine_coordinates (group, shared_point, x, y, bn_ctx);
624 #else
625  EC_POINT_get_affine_coordinates_GFp (group, shared_point, x, y,
626  bn_ctx);
627 #endif
628  x_off = len - BN_num_bytes (x);
629  clib_memset (sa->dh_shared_key, 0, x_off);
630  BN_bn2bin (x, sa->dh_shared_key + x_off);
631  y_off = t->key_len - BN_num_bytes (y);
632  clib_memset (sa->dh_shared_key + len, 0, y_off - len);
633  BN_bn2bin (y, sa->dh_shared_key + y_off);
634  }
635 
636  EC_KEY_free (ec);
637  BN_free (x);
638  BN_free (y);
639  BN_CTX_free (bn_ctx);
640  EC_POINT_free (i_point);
641  EC_POINT_free (shared_point);
642  }
643 }
644 
645 void
646 ikev2_complete_dh (ikev2_sa_t * sa, ikev2_sa_transform_t * t)
647 {
648  int r;
649 
650  if (t->dh_group == IKEV2_DH_GROUP_MODP)
651  {
652  DH *dh = DH_new ();
653 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
654  BIGNUM *p = NULL;
655  BIGNUM *g = NULL;
656  BIGNUM *priv_key;
657 
658  BN_hex2bn (&p, t->dh_p);
659  BN_hex2bn (&g, t->dh_g);
660  DH_set0_pqg (dh, p, NULL, g);
661 
662  priv_key =
663  BN_bin2bn (sa->dh_private_key, vec_len (sa->dh_private_key), NULL);
664  DH_set0_key (dh, NULL, priv_key);
665 #else
666  BN_hex2bn (&dh->p, t->dh_p);
667  BN_hex2bn (&dh->g, t->dh_g);
668 
669  dh->priv_key =
670  BN_bin2bn (sa->dh_private_key, vec_len (sa->dh_private_key), NULL);
671 #endif
672  BIGNUM *ex;
673  sa->dh_shared_key = vec_new (u8, t->key_len);
674  ex = BN_bin2bn (sa->r_dh_data, vec_len (sa->r_dh_data), NULL);
675  r = DH_compute_key (sa->dh_shared_key, ex, dh);
676  ASSERT (t->key_len >= r);
677  int pad = t->key_len - r;
678  if (pad)
679  {
680  vec_insert (sa->dh_shared_key, pad, 0);
681  clib_memset (sa->dh_shared_key, 0, pad);
682  _vec_len (sa->dh_shared_key) -= pad;
683  }
684  BN_clear_free (ex);
685  DH_free (dh);
686  }
687  else if (t->dh_group == IKEV2_DH_GROUP_ECP)
688  {
689  EC_KEY *ec = EC_KEY_new_by_curve_name (t->nid);
690  ASSERT (ec);
691 
692  const EC_GROUP *group = EC_KEY_get0_group (ec);
693  BIGNUM *x = NULL, *y = NULL;
694  BN_CTX *bn_ctx = BN_CTX_new ();
695  u16 x_off, y_off, len;
696  BIGNUM *prv;
697 
698  prv =
699  BN_bin2bn (sa->dh_private_key, vec_len (sa->dh_private_key), NULL);
700  EC_KEY_set_private_key (ec, prv);
701 
702  x = BN_new ();
703  y = BN_new ();
704  len = t->key_len / 2;
705 
706  x = BN_bin2bn (sa->r_dh_data, len, x);
707  y = BN_bin2bn (sa->r_dh_data + len, len, y);
708  EC_POINT *r_point = EC_POINT_new (group);
709 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
710  EC_POINT_set_affine_coordinates (group, r_point, x, y, bn_ctx);
711 #else
712  EC_POINT_set_affine_coordinates_GFp (group, r_point, x, y, bn_ctx);
713 #endif
714  EC_KEY_set_public_key (ec, r_point);
715 
716  EC_POINT *i_point = EC_POINT_new (group);
717  EC_POINT *shared_point = EC_POINT_new (group);
718 
719  x = BN_bin2bn (sa->i_dh_data, len, x);
720  y = BN_bin2bn (sa->i_dh_data + len, len, y);
721 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
722  EC_POINT_set_affine_coordinates (group, i_point, x, y, bn_ctx);
723 #else
724  EC_POINT_set_affine_coordinates_GFp (group, i_point, x, y, bn_ctx);
725 #endif
726  EC_POINT_mul (group, shared_point, NULL, r_point,
727  EC_KEY_get0_private_key (ec), NULL);
728 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
729  EC_POINT_get_affine_coordinates (group, shared_point, x, y, bn_ctx);
730 #else
731  EC_POINT_get_affine_coordinates_GFp (group, shared_point, x, y, bn_ctx);
732 #endif
733  sa->dh_shared_key = vec_new (u8, t->key_len);
734  x_off = len - BN_num_bytes (x);
735  clib_memset (sa->dh_shared_key, 0, x_off);
736  BN_bn2bin (x, sa->dh_shared_key + x_off);
737  y_off = t->key_len - BN_num_bytes (y);
738  clib_memset (sa->dh_shared_key + len, 0, y_off - len);
739  BN_bn2bin (y, sa->dh_shared_key + y_off);
740 
741  EC_KEY_free (ec);
742  BN_free (x);
743  BN_free (y);
744  BN_free (prv);
745  BN_CTX_free (bn_ctx);
746  EC_POINT_free (i_point);
747  EC_POINT_free (r_point);
748  EC_POINT_free (shared_point);
749  }
750 }
751 
752 int
753 ikev2_verify_sign (EVP_PKEY * pkey, u8 * sigbuf, u8 * data)
754 {
755  int verify;
756 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
757  EVP_MD_CTX *md_ctx = EVP_MD_CTX_new ();
758 #else
759  EVP_MD_CTX md_ctx;
760  EVP_MD_CTX_init (&md_ctx);
761 #endif
762 
763 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
764  EVP_VerifyInit (md_ctx, EVP_sha1 ());
765  EVP_VerifyUpdate (md_ctx, data, vec_len (data));
766 #else
767  EVP_VerifyInit_ex (&md_ctx, EVP_sha1 (), NULL);
768  EVP_VerifyUpdate (&md_ctx, data, vec_len (data));
769 #endif
770 
771 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
772  verify = EVP_VerifyFinal (md_ctx, sigbuf, vec_len (sigbuf), pkey);
773  EVP_MD_CTX_free (md_ctx);
774 #else
775  verify = EVP_VerifyFinal (&md_ctx, sigbuf, vec_len (sigbuf), pkey);
776  EVP_MD_CTX_cleanup (&md_ctx);
777 #endif
778  return verify;
779 }
780 
781 u8 *
782 ikev2_calc_sign (EVP_PKEY * pkey, u8 * data)
783 {
784 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
785  EVP_MD_CTX *md_ctx = EVP_MD_CTX_new ();
786 #else
787  EVP_MD_CTX md_ctx;
788  EVP_MD_CTX_init (&md_ctx);
789 #endif
790  unsigned int sig_len = 0;
791  u8 *sign;
792 
793 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
794  EVP_SignInit (md_ctx, EVP_sha1 ());
795  EVP_SignUpdate (md_ctx, data, vec_len (data));
796  /* get sign len */
797  EVP_SignFinal (md_ctx, NULL, &sig_len, pkey);
798  sign = vec_new (u8, sig_len);
799  /* calc sign */
800  EVP_SignFinal (md_ctx, sign, &sig_len, pkey);
801  EVP_MD_CTX_free (md_ctx);
802 #else
803  EVP_SignInit (&md_ctx, EVP_sha1 ());
804  EVP_SignUpdate (&md_ctx, data, vec_len (data));
805  /* get sign len */
806  EVP_SignFinal (&md_ctx, NULL, &sig_len, pkey);
807  sign = vec_new (u8, sig_len);
808  /* calc sign */
809  EVP_SignFinal (&md_ctx, sign, &sig_len, pkey);
810  EVP_MD_CTX_cleanup (&md_ctx);
811 #endif
812  return sign;
813 }
814 
815 EVP_PKEY *
816 ikev2_load_cert_file (u8 * file)
817 {
818  FILE *fp;
819  X509 *x509;
820  EVP_PKEY *pkey = NULL;
821 
822  fp = fopen ((char *) file, "r");
823  if (!fp)
824  {
825  ikev2_log_error ("open %s failed", file);
826  goto end;
827  }
828 
829  x509 = PEM_read_X509 (fp, NULL, NULL, NULL);
830  fclose (fp);
831  if (x509 == NULL)
832  {
833  ikev2_log_error ("read cert %s failed", file);
834  goto end;
835  }
836 
837  pkey = X509_get_pubkey (x509);
838  X509_free (x509);
839  if (pkey == NULL)
840  ikev2_log_error ("get pubkey %s failed", file);
841 
842 end:
843  return pkey;
844 }
845 
846 EVP_PKEY *
847 ikev2_load_key_file (u8 * file)
848 {
849  FILE *fp;
850  EVP_PKEY *pkey = NULL;
851 
852  fp = fopen ((char *) file, "r");
853  if (!fp)
854  {
855  ikev2_log_error ("open %s failed", file);
856  goto end;
857  }
858 
859  pkey = PEM_read_PrivateKey (fp, NULL, NULL, NULL);
860  fclose (fp);
861  if (pkey == NULL)
862  ikev2_log_error ("read %s failed", file);
863 
864 end:
865  return pkey;
866 }
867 
868 void
869 ikev2_crypto_init (ikev2_main_t * km)
870 {
871  ikev2_sa_transform_t *tr;
872 
873  /* vector of supported transforms - in order of preference */
874 
875  //Encryption
876 
877  vec_add2 (km->supported_transforms, tr, 1);
878  tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
879  tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
880  tr->key_len = 256 / 8;
881  tr->block_size = 128 / 8;
882  tr->cipher = EVP_aes_256_cbc ();
883 
884  vec_add2 (km->supported_transforms, tr, 1);
885  tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
886  tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
887  tr->key_len = 192 / 8;
888  tr->block_size = 128 / 8;
889  tr->cipher = EVP_aes_192_cbc ();
890 
891  vec_add2 (km->supported_transforms, tr, 1);
892  tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
893  tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
894  tr->key_len = 128 / 8;
895  tr->block_size = 128 / 8;
896  tr->cipher = EVP_aes_128_cbc ();
897 
898  vec_add2 (km->supported_transforms, tr, 1);
899  tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
900  tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_GCM_16;
901  tr->key_len = 256 / 8;
902  tr->block_size = 128 / 8;
903  tr->cipher = EVP_aes_256_gcm ();
904 
905  vec_add2 (km->supported_transforms, tr, 1);
906  tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
907  tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_GCM_16;
908  tr->key_len = 192 / 8;
909  tr->block_size = 128 / 8;
910  tr->cipher = EVP_aes_192_gcm ();
911 
912  vec_add2 (km->supported_transforms, tr, 1);
913  tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
914  tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_GCM_16;
915  tr->key_len = 128 / 8;
916  tr->block_size = 128 / 8;
917  tr->cipher = EVP_aes_128_gcm ();
918 
919  //PRF
920  vec_add2 (km->supported_transforms, tr, 1);
921  tr->type = IKEV2_TRANSFORM_TYPE_PRF;
922  tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA2_256;
923  tr->key_len = 256 / 8;
924  tr->key_trunc = 256 / 8;
925  tr->md = EVP_sha256 ();
926 
927  vec_add2 (km->supported_transforms, tr, 1);
928  tr->type = IKEV2_TRANSFORM_TYPE_PRF;
929  tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA2_384;
930  tr->key_len = 384 / 8;
931  tr->key_trunc = 384 / 8;
932  tr->md = EVP_sha384 ();
933 
934  vec_add2 (km->supported_transforms, tr, 1);
935  tr->type = IKEV2_TRANSFORM_TYPE_PRF;
936  tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA2_512;
937  tr->key_len = 512 / 8;
938  tr->key_trunc = 512 / 8;
939  tr->md = EVP_sha512 ();
940 
941  vec_add2 (km->supported_transforms, tr, 1);
942  tr->type = IKEV2_TRANSFORM_TYPE_PRF;
943  tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA1;
944  tr->key_len = 160 / 8;
945  tr->key_trunc = 160 / 8;
946  tr->md = EVP_sha1 ();
947 
948  //Integrity
949  vec_add2 (km->supported_transforms, tr, 1);
950  tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
951  tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA2_256_128;
952  tr->key_len = 256 / 8;
953  tr->key_trunc = 128 / 8;
954  tr->md = EVP_sha256 ();
955 
956  vec_add2 (km->supported_transforms, tr, 1);
957  tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
958  tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA2_384_192;
959  tr->key_len = 384 / 8;
960  tr->key_trunc = 192 / 8;
961  tr->md = EVP_sha384 ();
962 
963  vec_add2 (km->supported_transforms, tr, 1);
964  tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
965  tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA2_512_256;
966  tr->key_len = 512 / 8;
967  tr->key_trunc = 256 / 8;
968  tr->md = EVP_sha512 ();
969 
970  vec_add2 (km->supported_transforms, tr, 1);
971  tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
972  tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA1_160;
973  tr->key_len = 160 / 8;
974  tr->key_trunc = 160 / 8;
975  tr->md = EVP_sha1 ();
976 
977  vec_add2 (km->supported_transforms, tr, 1);
978  tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
979  tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA1_96;
980  tr->key_len = 160 / 8;
981  tr->key_trunc = 96 / 8;
982  tr->md = EVP_sha1 ();
983 
984 
985 #if defined(OPENSSL_NO_CISCO_FECDH)
986  vec_add2 (km->supported_transforms, tr, 1);
987  tr->type = IKEV2_TRANSFORM_TYPE_DH;
988  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_512;
989  tr->key_len = (512 * 2) / 8;
990  tr->nid = NID_brainpoolP512r1;
991  tr->dh_group = IKEV2_DH_GROUP_ECP;
992 
993  vec_add2 (km->supported_transforms, tr, 1);
994  tr->type = IKEV2_TRANSFORM_TYPE_DH;
995  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_384;
996  tr->key_len = (384 * 2) / 8;
997  tr->nid = NID_brainpoolP384r1;
998  tr->dh_group = IKEV2_DH_GROUP_ECP;
999 
1000  vec_add2 (km->supported_transforms, tr, 1);
1001  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1002  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_256;
1003  tr->key_len = (256 * 2) / 8;
1004  tr->nid = NID_brainpoolP256r1;
1005  tr->dh_group = IKEV2_DH_GROUP_ECP;
1006 
1007  vec_add2 (km->supported_transforms, tr, 1);
1008  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1009  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_224;
1010  tr->key_len = (224 * 2) / 8;
1011  tr->nid = NID_brainpoolP224r1;
1012  tr->dh_group = IKEV2_DH_GROUP_ECP;
1013 
1014  vec_add2 (km->supported_transforms, tr, 1);
1015  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1016  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_224;
1017  tr->key_len = (224 * 2) / 8;
1018  tr->nid = NID_secp224r1;
1019  tr->dh_group = IKEV2_DH_GROUP_ECP;
1020 #endif
1021 
1022  vec_add2 (km->supported_transforms, tr, 1);
1023  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1024  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_521;
1025  tr->key_len = (528 * 2) / 8;
1026  tr->nid = NID_secp521r1;
1027  tr->dh_group = IKEV2_DH_GROUP_ECP;
1028 
1029  vec_add2 (km->supported_transforms, tr, 1);
1030  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1031  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_384;
1032  tr->key_len = (384 * 2) / 8;
1033  tr->nid = NID_secp384r1;
1034  tr->dh_group = IKEV2_DH_GROUP_ECP;
1035 
1036  vec_add2 (km->supported_transforms, tr, 1);
1037  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1038  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_256;
1039  tr->key_len = (256 * 2) / 8;
1040  tr->nid = NID_X9_62_prime256v1;
1041  tr->dh_group = IKEV2_DH_GROUP_ECP;
1042 
1043  vec_add2 (km->supported_transforms, tr, 1);
1044  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1045  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_192;
1046  tr->key_len = (192 * 2) / 8;
1047  tr->nid = NID_X9_62_prime192v1;
1048  tr->dh_group = IKEV2_DH_GROUP_ECP;
1049 
1050  vec_add2 (km->supported_transforms, tr, 1);
1051  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1052  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048_256;
1053  tr->key_len = 2048 / 8;
1054  tr->dh_p = (const char *) &modp_dh_2048_256_prime;
1055  tr->dh_g = (const char *) &modp_dh_2048_256_generator;
1056  tr->dh_group = IKEV2_DH_GROUP_MODP;
1057 
1058  vec_add2 (km->supported_transforms, tr, 1);
1059  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1060  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048_224;
1061  tr->key_len = 2048 / 8;
1062  tr->dh_p = (const char *) &modp_dh_2048_224_prime;
1063  tr->dh_g = (const char *) &modp_dh_2048_224_generator;
1064  tr->dh_group = IKEV2_DH_GROUP_MODP;
1065 
1066  vec_add2 (km->supported_transforms, tr, 1);
1067  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1068  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1024_160;
1069  tr->key_len = 1024 / 8;
1070  tr->dh_p = (const char *) &modp_dh_1024_160_prime;
1071  tr->dh_g = (const char *) &modp_dh_1024_160_generator;
1072  tr->dh_group = IKEV2_DH_GROUP_MODP;
1073 
1074  vec_add2 (km->supported_transforms, tr, 1);
1075  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1076  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_8192;
1077  tr->key_len = 8192 / 8;
1078  tr->dh_p = (const char *) &modp_dh_8192_prime;
1079  tr->dh_g = (const char *) &modp_dh_8192_generator;
1080  tr->dh_group = IKEV2_DH_GROUP_MODP;
1081 
1082  vec_add2 (km->supported_transforms, tr, 1);
1083  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1084  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_6144;
1085  tr->key_len = 6144 / 8;
1086  tr->dh_p = (const char *) &modp_dh_6144_prime;
1087  tr->dh_g = (const char *) &modp_dh_6144_generator;
1088  tr->dh_group = IKEV2_DH_GROUP_MODP;
1089 
1090  vec_add2 (km->supported_transforms, tr, 1);
1091  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1092  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_4096;
1093  tr->key_len = 4096 / 8;
1094  tr->dh_p = (const char *) &modp_dh_4096_prime;
1095  tr->dh_g = (const char *) &modp_dh_4096_generator;
1096  tr->dh_group = IKEV2_DH_GROUP_MODP;
1097 
1098  vec_add2 (km->supported_transforms, tr, 1);
1099  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1100  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_3072;
1101  tr->key_len = 3072 / 8;
1102  tr->dh_p = (const char *) &modp_dh_3072_prime;
1103  tr->dh_g = (const char *) &modp_dh_3072_generator;
1104  tr->dh_group = IKEV2_DH_GROUP_MODP;
1105 
1106  vec_add2 (km->supported_transforms, tr, 1);
1107  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1108  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048;
1109  tr->key_len = 2048 / 8;
1110  tr->dh_p = (const char *) &modp_dh_2048_prime;
1111  tr->dh_g = (const char *) &modp_dh_2048_generator;
1112  tr->dh_group = IKEV2_DH_GROUP_MODP;
1113 
1114  vec_add2 (km->supported_transforms, tr, 1);
1115  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1116  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1536;
1117  tr->key_len = 1536 / 8;
1118  tr->dh_p = (const char *) &modp_dh_1536_prime;
1119  tr->dh_g = (const char *) &modp_dh_1536_generator;
1120  tr->dh_group = IKEV2_DH_GROUP_MODP;
1121 
1122  vec_add2 (km->supported_transforms, tr, 1);
1123  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1124  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1024;
1125  tr->key_len = 1024 / 8;
1126  tr->dh_p = (const char *) &modp_dh_1024_prime;
1127  tr->dh_g = (const char *) &modp_dh_1024_generator;
1128  tr->dh_group = IKEV2_DH_GROUP_MODP;
1129 
1130  vec_add2 (km->supported_transforms, tr, 1);
1131  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1132  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_768;
1133  tr->key_len = 768 / 8;
1134  tr->dh_p = (const char *) &modp_dh_768_prime;
1135  tr->dh_g = (const char *) &modp_dh_768_generator;
1136  tr->dh_group = IKEV2_DH_GROUP_MODP;
1137 
1138  vec_add2 (km->supported_transforms, tr, 1);
1139  tr->type = IKEV2_TRANSFORM_TYPE_ESN;
1140  tr->esn_type = IKEV2_TRANSFORM_ESN_TYPE_ESN;
1141 
1142  vec_add2 (km->supported_transforms, tr, 1);
1143  tr->type = IKEV2_TRANSFORM_TYPE_ESN;
1144  tr->esn_type = IKEV2_TRANSFORM_ESN_TYPE_NO_ESN;
1145 }
1146 
1147 
1148 
1149 /*
1150  * fd.io coding-style-patch-verification: ON
1151  *
1152  * Local Variables:
1153  * eval: (c-set-style "gnu")
1154  * End:
1155  */
IKEV2_GCM_NONCE_SIZE
#define IKEV2_GCM_NONCE_SIZE
Definition: ikev2.h:29
ikev2_sa_t::dh_shared_key
u8 * dh_shared_key
Definition: ikev2_priv.h:382
ikev2_sa_t::dh_private_key
u8 * dh_private_key
Definition: ikev2_priv.h:383
ikev2_sa_transform_t::type
ikev2_transform_type_t type
Definition: ikev2_priv.h:215
pad
u8 pad[3]
log2 (size of the packing page block)
Definition: bihash_doc.h:61
modp_dh_1536_prime
static const char modp_dh_1536_prime[]
Definition: ikev2_crypto.c:45
modp_dh_3072_generator
static const char modp_dh_3072_generator[]
Definition: ikev2_crypto.c:87
ikev2_init_gcm_nonce
static_always_inline void ikev2_init_gcm_nonce(u8 *nonce, u8 *salt, u8 *iv)
Definition: ikev2_crypto.c:344
BN_bn2binpad
int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen)
Definition: ikev2_crypto.c:482
a
a
Definition: bitmap.h:544
IKEV2_DH_GROUP_ECP
Definition: ikev2_priv.h:210
ikev2_encrypt_data
int ikev2_encrypt_data(ikev2_main_per_thread_data_t *ptd, ikev2_sa_t *sa, ikev2_sa_transform_t *tr_encr, v8 *src, u8 *dst)
Definition: ikev2_crypto.c:453
modp_dh_8192_prime
static const char modp_dh_8192_prime[]
Definition: ikev2_crypto.c:144
modp_dh_4096_prime
static const char modp_dh_4096_prime[]
Definition: ikev2_crypto.c:89
v8
u8 v8
Definition: ikev2.h:33
ikev2_sa_transform_t::block_size
u16 block_size
Definition: ikev2_priv.h:228
clib_memset
clib_memset(h->entries, 0, sizeof(h->entries[0]) *entries)
ikev2_calc_prf
v8 * ikev2_calc_prf(ikev2_sa_transform_t *tr, v8 *key, v8 *data)
Definition: ikev2_crypto.c:255
modp_dh_8192_generator
static const char modp_dh_8192_generator[]
Definition: ikev2_crypto.c:188
ikev2_elog_error
#define ikev2_elog_error(_msg)
Definition: ikev2_priv.h:170
ikev2_elog_debug
#define ikev2_elog_debug(_msg)
Definition: ikev2_priv.h:174
ikev2_main_per_thread_data_t::hmac_ctx
HMAC_CTX * hmac_ctx
Definition: ikev2_priv.h:463
ikev2_sa_transform_t::esn_type
ikev2_transform_esn_type_t esn_type
Definition: ikev2_priv.h:223
modp_dh_768_generator
static const char modp_dh_768_generator[]
Definition: ikev2_crypto.c:34
src
vl_api_address_t src
Definition: gre.api:54
vec_add2
#define vec_add2(V, P, N)
Add N elements to end of vector V, return pointer to new elements in P.
Definition: vec.h:630
modp_dh_1024_prime
static const char modp_dh_1024_prime[]
Definition: ikev2_crypto.c:36
IKEV2_GCM_ICV_SIZE
#define IKEV2_GCM_ICV_SIZE
Definition: ikev2.h:28
u8
unsigned char u8
Definition: types.h:56
data
u8 data[128]
Definition: ipsec_types.api:90
ikev2_sa_transform_t::nid
int nid
Definition: ikev2_priv.h:230
clib_memcpy
#define clib_memcpy(d, s, n)
Definition: string.h:180
modp_dh_6144_prime
static const char modp_dh_6144_prime[]
Definition: ikev2_crypto.c:113
modp_dh_768_prime
static const char modp_dh_768_prime[]
Definition: ikev2_crypto.c:29
ikev2_main_t
Definition: ikev2_priv.h:470
static_always_inline
#define static_always_inline
Definition: clib.h:109
ikev2_generate_dh
void ikev2_generate_dh(ikev2_sa_t *sa, ikev2_sa_transform_t *t)
Definition: ikev2_crypto.c:498
ikev2_load_cert_file
EVP_PKEY * ikev2_load_cert_file(u8 *file)
Definition: ikev2_crypto.c:816
vec_new
#define vec_new(T, N)
Create new vector of given type and length (unspecified alignment, no header).
Definition: vec.h:350
ikev2_load_key_file
EVP_PKEY * ikev2_load_key_file(u8 *file)
Definition: ikev2_crypto.c:847
modp_dh_1024_160_prime
static const char modp_dh_1024_160_prime[]
Definition: ikev2_crypto.c:191
salt
u32 salt
Definition: ipsec_types.api:134
u32
unsigned int u32
Definition: types.h:88
ikev2_sa_t::r_dh_data
u8 * r_dh_data
Definition: ikev2_priv.h:385
IKEV2_GCM_SALT_SIZE
#define IKEV2_GCM_SALT_SIZE
Definition: ikev2.h:30
ikev2_calc_prfplus
u8 * ikev2_calc_prfplus(ikev2_sa_transform_t *tr, u8 *key, u8 *seed, int len)
Definition: ikev2_crypto.c:272
vec_insert
#define vec_insert(V, N, M)
Insert N vector elements starting at element M, initialize new elements to zero (no header...
Definition: vec.h:755
iv
static u8 iv[]
Definition: aes_cbc.c:24
modp_dh_1024_generator
static const char modp_dh_1024_generator[]
Definition: ikev2_crypto.c:42
ikev2_sa_t::i_dh_data
u8 * i_dh_data
Definition: ikev2_priv.h:384
ctx
long ctx[MAX_CONNS]
Definition: main.c:144
modp_dh_2048_256_prime
static const char modp_dh_2048_256_prime[]
Definition: ikev2_crypto.c:229
u16
unsigned short u16
Definition: types.h:57
data_len
u8 data_len
Definition: ikev2_types.api:24
ikev2_main_per_thread_data_t::evp_ctx
EVP_CIPHER_CTX * evp_ctx
Definition: ikev2_priv.h:462
IKEV2_DH_GROUP_MODP
Definition: ikev2_priv.h:209
ikev2_main_t::supported_transforms
ikev2_sa_transform_t * supported_transforms
Definition: ikev2_priv.h:476
block_size
u16 block_size
Definition: ikev2_types.api:97
ikev2_decrypt_data
int ikev2_decrypt_data(ikev2_main_per_thread_data_t *ptd, ikev2_sa_t *sa, ikev2_sa_transform_t *tr_encr, u8 *data, int len, u32 *out_len)
Definition: ikev2_crypto.c:389
ikev2_sa_transform_t::dh_group
u8 dh_group
Definition: ikev2_priv.h:229
ikev2_verify_sign
int ikev2_verify_sign(EVP_PKEY *pkey, u8 *sigbuf, u8 *data)
Definition: ikev2_crypto.c:753
ikev2_sa_transform_t
Definition: ikev2_priv.h:213
ikev2_get_per_thread_data
static_always_inline ikev2_main_per_thread_data_t * ikev2_get_per_thread_data()
Definition: ikev2_priv.h:597
modp_dh_1536_generator
static const char modp_dh_1536_generator[]
Definition: ikev2_crypto.c:54
dst
vl_api_address_t dst
Definition: gre.api:55
prf
vl_api_ikev2_sa_transform_t prf
Definition: ikev2_types.api:149
len
u8 len
Definition: ip_types.api:103
ikev2_sa_t::sk_ei
u8 * sk_ei
Definition: ikev2_priv.h:395
modp_dh_3072_prime
static const char modp_dh_3072_prime[]
Definition: ikev2_crypto.c:70
ikev2_sa_transform_t::dh_type
ikev2_transform_dh_type_t dh_type
Definition: ikev2_priv.h:222
ikev2_sa_t
Definition: ikev2_priv.h:368
vec_free
#define vec_free(V)
Free vector&#39;s memory (no header).
Definition: vec.h:380
ikev2_sa_t::sk_er
u8 * sk_er
Definition: ikev2_priv.h:396
ikev2_sa_t::is_initiator
u8 is_initiator
Definition: ikev2_priv.h:423
dh
vl_api_ikev2_sa_transform_t dh
Definition: ikev2_types.api:150
ikev2_sa_transform_t::cipher
const void * cipher
Definition: ikev2_priv.h:234
ikev2_log_error
#define ikev2_log_error(...)
Definition: ikev2_priv.h:180
ikev2_priv.h
modp_dh_2048_generator
static const char modp_dh_2048_generator[]
Definition: ikev2_crypto.c:68
ASSERT
#define ASSERT(truth)
Definition: error_bootstrap.h:69
modp_dh_6144_generator
static const char modp_dh_6144_generator[]
Definition: ikev2_crypto.c:142
ikev2_decrypt_aead_data
int ikev2_decrypt_aead_data(ikev2_main_per_thread_data_t *ptd, ikev2_sa_t *sa, ikev2_sa_transform_t *tr_encr, u8 *data, int data_len, u8 *aad, u32 aad_len, u8 *tag, u32 *out_len)
Definition: ikev2_crypto.c:351
ikev2_main_per_thread_data_t
Definition: ikev2_priv.h:452
ikev2_complete_dh
void ikev2_complete_dh(ikev2_sa_t *sa, ikev2_sa_transform_t *t)
Definition: ikev2_crypto.c:646
vec_append
#define vec_append(v1, v2)
Append v2 after v1.
Definition: vec.h:890
ikev2_encrypt_aead_data
int ikev2_encrypt_aead_data(ikev2_main_per_thread_data_t *ptd, ikev2_sa_t *sa, ikev2_sa_transform_t *tr_encr, v8 *src, u8 *dst, u8 *aad, u32 aad_len, u8 *tag)
Definition: ikev2_crypto.c:422
ikev2_sa_transform_t::dh_p
const char * dh_p
Definition: ikev2_priv.h:231
modp_dh_1024_160_generator
static const char modp_dh_1024_160_generator[]
Definition: ikev2_crypto.c:197
ikev2_sa_transform_t::md
const void * md
Definition: ikev2_priv.h:233
key
typedef key
Definition: ipsec_types.api:86
ikev2_sa_transform_t::encr_type
ikev2_transform_encr_type_t encr_type
Definition: ikev2_priv.h:219
ikev2_sa_transform_t::dh_g
const char * dh_g
Definition: ikev2_priv.h:232
ikev2_sa_transform_t::integ_type
ikev2_transform_integ_type_t integ_type
Definition: ikev2_priv.h:221
modp_dh_4096_generator
static const char modp_dh_4096_generator[]
Definition: ikev2_crypto.c:111
ikev2_sa_transform_t::key_len
u16 key_len
Definition: ikev2_priv.h:226
modp_dh_2048_prime
static const char modp_dh_2048_prime[]
Definition: ikev2_crypto.c:56
vec_len
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
Definition: vec_bootstrap.h:142
ikev2_sa_transform_t::prf_type
ikev2_transform_prf_type_t prf_type
Definition: ikev2_priv.h:220
end
f64 end
end of the time range
Definition: mactime.api:44
modp_dh_2048_224_generator
static const char modp_dh_2048_224_generator[]
Definition: ikev2_crypto.c:216
modp_dh_2048_256_generator
static const char modp_dh_2048_256_generator[]
Definition: ikev2_crypto.c:241
ikev2_crypto_init
void ikev2_crypto_init(ikev2_main_t *km)
Definition: ikev2_crypto.c:869
ikev2_calc_sign
u8 * ikev2_calc_sign(EVP_PKEY *pkey, u8 *data)
Definition: ikev2_crypto.c:782
ikev2_calc_integr
v8 * ikev2_calc_integr(ikev2_sa_transform_t *tr, v8 *key, u8 *data, int len)
Definition: ikev2_crypto.c:314
modp_dh_2048_224_prime
static const char modp_dh_2048_224_prime[]
Definition: ikev2_crypto.c:204
ikev2_sa_transform_t::key_trunc
u16 key_trunc
Definition: ikev2_priv.h:227
IKEV2_GCM_IV_SIZE
#define IKEV2_GCM_IV_SIZE
Definition: ikev2.h:31