diff options
author | Filip Tehlar <ftehlar@cisco.com> | 2019-09-18 22:43:44 +0000 |
---|---|---|
committer | Andrew Yourtchenko <ayourtch@gmail.com> | 2019-09-30 15:29:23 +0000 |
commit | 2fa9f679c89d2d25d0a2024e9faaedbd73cbbb61 (patch) | |
tree | a06ccdfc92cea0dc8d4fc55b48115dd9415dc892 /src | |
parent | bc49679802727e5fde7b451702cfb6a1a39eda40 (diff) |
ikev2: add support for GCM cipher
Type: feature
Change-Id: Ic703015b55f0ae947e5e44b10b74b3c79efe7da6
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
(cherry picked from commit de2dd6c35653225525b071d4dc748451e0d6bd7d)
Diffstat (limited to 'src')
-rw-r--r-- | src/plugins/ikev2/ikev2.c | 20 | ||||
-rw-r--r-- | src/plugins/ikev2/ikev2.h | 3 | ||||
-rw-r--r-- | src/plugins/ikev2/ikev2_crypto.c | 21 |
3 files changed, 43 insertions, 1 deletions
diff --git a/src/plugins/ikev2/ikev2.c b/src/plugins/ikev2/ikev2.c index a03e761cba4..090f66c151a 100644 --- a/src/plugins/ikev2/ikev2.c +++ b/src/plugins/ikev2/ikev2.c @@ -1538,6 +1538,26 @@ ikev2_create_tunnel_interface (vnet_main_t * vnm, ikev2_sa_t * sa, break; } } + else if (tr->encr_type == IKEV2_TRANSFORM_ENCR_TYPE_AES_GCM + && tr->key_len) + { + switch (tr->key_len) + { + case 16: + encr_type = IPSEC_CRYPTO_ALG_AES_GCM_128; + break; + case 24: + encr_type = IPSEC_CRYPTO_ALG_AES_GCM_192; + break; + case 32: + encr_type = IPSEC_CRYPTO_ALG_AES_GCM_256; + break; + default: + ikev2_set_state (sa, IKEV2_STATE_NO_PROPOSAL_CHOSEN); + return 1; + break; + } + } else { ikev2_set_state (sa, IKEV2_STATE_NO_PROPOSAL_CHOSEN); diff --git a/src/plugins/ikev2/ikev2.h b/src/plugins/ikev2/ikev2.h index 2feecf73fdb..f69f5dc3abe 100644 --- a/src/plugins/ikev2/ikev2.h +++ b/src/plugins/ikev2/ikev2.h @@ -221,7 +221,8 @@ typedef enum _(9 , DES_IV32, "des-iv32") \ _(11, NULL, "null") \ _(12, AES_CBC, "aes-cbc") \ - _(13, AES_CTR, "aes-ctr") + _(13, AES_CTR, "aes-ctr") \ + _(14, AES_GCM, "aes-gcm") typedef enum { diff --git a/src/plugins/ikev2/ikev2_crypto.c b/src/plugins/ikev2/ikev2_crypto.c index 80638f17b13..c8fed439305 100644 --- a/src/plugins/ikev2/ikev2_crypto.c +++ b/src/plugins/ikev2/ikev2_crypto.c @@ -832,6 +832,27 @@ ikev2_crypto_init (ikev2_main_t * km) tr->block_size = 128 / 8; tr->cipher = EVP_aes_128_cbc (); + vec_add2 (km->supported_transforms, tr, 1); + tr->type = IKEV2_TRANSFORM_TYPE_ENCR; + tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_GCM; + tr->key_len = 256 / 8; + tr->block_size = 128 / 8; + tr->cipher = EVP_aes_256_gcm (); + + vec_add2 (km->supported_transforms, tr, 1); + tr->type = IKEV2_TRANSFORM_TYPE_ENCR; + tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_GCM; + tr->key_len = 192 / 8; + tr->block_size = 128 / 8; + tr->cipher = EVP_aes_192_gcm (); + + vec_add2 (km->supported_transforms, tr, 1); + tr->type = IKEV2_TRANSFORM_TYPE_ENCR; + tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_GCM; + tr->key_len = 128 / 8; + tr->block_size = 128 / 8; + tr->cipher = EVP_aes_128_gcm (); + //PRF vec_add2 (km->supported_transforms, tr, 1); tr->type = IKEV2_TRANSFORM_TYPE_PRF; |