diff options
| author |   Filip Tehlar <ftehlar@cisco.com> | 2019-09-18 22:43:44 +0000 |
|---|---|---|
| committer |   Damjan Marion <dmarion@me.com> | 2019-09-19 16:52:40 +0000 |
| commit | de2dd6c35653225525b071d4dc748451e0d6bd7d (patch) | |
| tree | 05136499e2df22db663df35ab4b36865b9b259ce /src | |
| parent | aa4438a311bad1625782691ae57202084bc40379 (diff) | |
ikev2: add support for GCM cipher
Type: feature
Change-Id: Ic703015b55f0ae947e5e44b10b74b3c79efe7da6
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/plugins/ikev2/ikev2.c | 20 | ||||
| -rw-r--r-- | src/plugins/ikev2/ikev2.h | 3 | ||||
| -rw-r--r-- | src/plugins/ikev2/ikev2_crypto.c | 21 |
3 files changed, 43 insertions, 1 deletions
diff --git a/src/plugins/ikev2/ikev2.c b/src/plugins/ikev2/ikev2.c index a03e761cba4..090f66c151a 100644 --- a/src/plugins/ikev2/ikev2.c +++ b/src/plugins/ikev2/ikev2.c @@ -1538,6 +1538,26 @@ ikev2_create_tunnel_interface (vnet_main_t * vnm, ikev2_sa_t * sa, break; } } + else if (tr->encr_type == IKEV2_TRANSFORM_ENCR_TYPE_AES_GCM + && tr->key_len) + { + switch (tr->key_len) + { + case 16: + encr_type = IPSEC_CRYPTO_ALG_AES_GCM_128; + break; + case 24: + encr_type = IPSEC_CRYPTO_ALG_AES_GCM_192; + break; + case 32: + encr_type = IPSEC_CRYPTO_ALG_AES_GCM_256; + break; + default: + ikev2_set_state (sa, IKEV2_STATE_NO_PROPOSAL_CHOSEN); + return 1; + break; + } + } else { ikev2_set_state (sa, IKEV2_STATE_NO_PROPOSAL_CHOSEN); diff --git a/src/plugins/ikev2/ikev2.h b/src/plugins/ikev2/ikev2.h index 2feecf73fdb..f69f5dc3abe 100644 --- a/src/plugins/ikev2/ikev2.h +++ b/src/plugins/ikev2/ikev2.h @@ -221,7 +221,8 @@ typedef enum _(9 , DES_IV32, "des-iv32") \ _(11, NULL, "null") \ _(12, AES_CBC, "aes-cbc") \ - _(13, AES_CTR, "aes-ctr") + _(13, AES_CTR, "aes-ctr") \ + _(14, AES_GCM, "aes-gcm") typedef enum { diff --git a/src/plugins/ikev2/ikev2_crypto.c b/src/plugins/ikev2/ikev2_crypto.c index 80638f17b13..c8fed439305 100644 --- a/src/plugins/ikev2/ikev2_crypto.c +++ b/src/plugins/ikev2/ikev2_crypto.c @@ -832,6 +832,27 @@ ikev2_crypto_init (ikev2_main_t * km) tr->block_size = 128 / 8; tr->cipher = EVP_aes_128_cbc (); + vec_add2 (km->supported_transforms, tr, 1); + tr->type = IKEV2_TRANSFORM_TYPE_ENCR; + tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_GCM; + tr->key_len = 256 / 8; + tr->block_size = 128 / 8; + tr->cipher = EVP_aes_256_gcm (); + + vec_add2 (km->supported_transforms, tr, 1); + tr->type = IKEV2_TRANSFORM_TYPE_ENCR; + tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_GCM; + tr->key_len = 192 / 8; + tr->block_size = 128 / 8; + tr->cipher = EVP_aes_192_gcm (); + + vec_add2 (km->supported_transforms, tr, 1); + tr->type = IKEV2_TRANSFORM_TYPE_ENCR; + tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_GCM; + tr->key_len = 128 / 8; + tr->block_size = 128 / 8; + tr->cipher = EVP_aes_128_gcm (); + //PRF vec_add2 (km->supported_transforms, tr, 1); tr->type = IKEV2_TRANSFORM_TYPE_PRF; |