/* * Copyright (c) 2015 Cisco and/or its affiliates. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at: * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include #include #include #include #include #include #include #include #include #include #include #include #include /* from RFC7296 */ static const char modp_dh_768_prime[] = "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" "E485B576625E7EC6F44C42E9A63A3620FFFFFFFFFFFFFFFF"; static const char modp_dh_768_generator[] = "02"; static const char modp_dh_1024_prime[] = "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381" "FFFFFFFFFFFFFFFF"; static const char modp_dh_1024_generator[] = "02"; /* from RFC3526 */ static const char modp_dh_1536_prime[] = "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" "83655D23DCA3AD961C62F356208552BB9ED529077096966D" "670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF"; static const char modp_dh_1536_generator[] = "02"; static const char modp_dh_2048_prime[] = "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" "83655D23DCA3AD961C62F356208552BB9ED529077096966D" "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" "15728E5A8AACAA68FFFFFFFFFFFFFFFF"; static const char modp_dh_2048_generator[] = "02"; static const char modp_dh_3072_prime[] = "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" "83655D23DCA3AD961C62F356208552BB9ED529077096966D" "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" "43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF"; static const char modp_dh_3072_generator[] = "02"; static const char modp_dh_4096_prime[] = "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" "83655D23DCA3AD961C62F356208552BB9ED529077096966D" "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7" "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA" "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6" "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED" "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9" "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199" "FFFFFFFFFFFFFFFF"; static const char modp_dh_4096_generator[] = "02"; static const char modp_dh_6144_prime[] = "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E08" "8A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B" "302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9" "A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE6" "49286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8" "FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D" "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C" "180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF695581718" "3995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D" "04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7D" "B3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D226" "1AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200C" "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB314
#!/usr/bin/make -f
DH_VERBOSE = 1
DEB_BUILD_OPTIONS = noddebs
PKG=vpp-ext-deps

VERSION = $(shell dpkg-parsechangelog | sed -nr '/^Version:/s/Version: //p')
BASE_VER = $(word 1, $(subst -, ,$(VERSION)))

export BUILD_DIR=$(CURDIR)/_build
export INSTALL_DIR=$(CURDIR)/debian/tmp/opt/vpp/external/$(shell uname -m)/

MAKE_ARGS=-C ..

include /usr/share/dpkg/default.mk

%:
	dh $@

override_dh_clean:
	make $(MAKE_ARGS) clean

override_dh_auto_configure:

override_dh_install:
	make $(MAKE_ARGS) install
	dh_install -p$(PKG) --autodest /opt
x = BN_new (); y = BN_new (); len = t->key_len / 2; #if OPENSSL_VERSION_NUMBER >= 0x30000000L EC_POINT_get_affine_coordinates (group, r_point, x, y, bn_ctx); #else EC_POINT_get_affine_coordinates_GFp (group, r_point, x, y, bn_ctx); #endif if (sa->is_initiator) { sa->i_dh_data = vec_new (u8, t->key_len); x_off = len - BN_num_bytes (x); clib_memset (sa->i_dh_data, 0, x_off); BN_bn2bin (x, sa->i_dh_data + x_off); y_off = t->key_len - BN_num_bytes (y); clib_memset (sa->i_dh_data + len, 0, y_off - len); BN_bn2bin (y, sa->i_dh_data + y_off); const BIGNUM *prv = EC_KEY_get0_private_key (ec); sa->dh_private_key = vec_new (u8, BN_num_bytes (prv)); r = BN_bn2bin (prv, sa->dh_private_key); ASSERT (r == BN_num_bytes (prv)); } else { sa->r_dh_data = vec_new (u8, t->key_len); x_off = len - BN_num_bytes (x); clib_memset (sa->r_dh_data, 0, x_off); BN_bn2bin (x, sa->r_dh_data + x_off); y_off = t->key_len - BN_num_bytes (y); clib_memset (sa->r_dh_data + len, 0, y_off - len); BN_bn2bin (y, sa->r_dh_data + y_off); x = BN_bin2bn (sa->i_dh_data, len, x); y = BN_bin2bn (sa->i_dh_data + len, len, y); #if OPENSSL_VERSION_NUMBER >= 0x30000000L EC_POINT_set_affine_coordinates (group, i_point, x, y, bn_ctx); #else EC_POINT_set_affine_coordinates_GFp (group, i_point, x, y, bn_ctx); #endif sa->dh_shared_key = vec_new (u8, t->key_len); EC_POINT_mul (group, shared_point, NULL, i_point, EC_KEY_get0_private_key (ec), NULL); #if OPENSSL_VERSION_NUMBER >= 0x30000000L EC_POINT_get_affine_coordinates (group, shared_point, x, y, bn_ctx); #else EC_POINT_get_affine_coordinates_GFp (group, shared_point, x, y, bn_ctx); #endif x_off = len - BN_num_bytes (x); clib_memset (sa->dh_shared_key, 0, x_off); BN_bn2bin (x, sa->dh_shared_key + x_off); y_off = t->key_len - BN_num_bytes (y); clib_memset (sa->dh_shared_key + len, 0, y_off - len); BN_bn2bin (y, sa->dh_shared_key + y_off); } EC_KEY_free (ec); BN_free (x); BN_free (y); BN_CTX_free (bn_ctx); EC_POINT_free (i_point); EC_POINT_free (shared_point); } } void ikev2_complete_dh (ikev2_sa_t * sa, ikev2_sa_transform_t * t) { int r; if (t->dh_group == IKEV2_DH_GROUP_MODP) { DH *dh = DH_new (); #if OPENSSL_VERSION_NUMBER >= 0x10100000L BIGNUM *p = NULL; BIGNUM *g = NULL; BIGNUM *priv_key; BN_hex2bn (&p, t->dh_p); BN_hex2bn (&g, t->dh_g); DH_set0_pqg (dh, p, NULL, g); priv_key = BN_bin2bn (sa->dh_private_key, vec_len (sa->dh_private_key), NULL); DH_set0_key (dh, NULL, priv_key); #else BN_hex2bn (&dh->p, t->dh_p); BN_hex2bn (&dh->g, t->dh_g); dh->priv_key = BN_bin2bn (sa->dh_private_key, vec_len (sa->dh_private_key), NULL); #endif BIGNUM *ex; sa->dh_shared_key = vec_new (u8, t->key_len); ex = BN_bin2bn (sa->r_dh_data, vec_len (sa->r_dh_data), NULL); r = DH_compute_key (sa->dh_shared_key, ex, dh); ASSERT (r == t->key_len); BN_clear_free (ex); DH_free (dh); } else if (t->dh_group == IKEV2_DH_GROUP_ECP) { EC_KEY *ec = EC_KEY_new_by_curve_name (t->nid); ASSERT (ec); const EC_GROUP *group = EC_KEY_get0_group (ec); BIGNUM *x = NULL, *y = NULL; BN_CTX *bn_ctx = BN_CTX_new (); u16 x_off, y_off, len; BIGNUM *prv; prv = BN_bin2bn (sa->dh_private_key, vec_len (sa->dh_private_key), NULL); EC_KEY_set_private_key (ec, prv); x = BN_new (); y = BN_new (); len = t->key_len / 2; x = BN_bin2bn (sa->r_dh_data, len, x); y = BN_bin2bn (sa->r_dh_data + len, len, y); EC_POINT *r_point = EC_POINT_new (group); #if OPENSSL_VERSION_NUMBER >= 0x30000000L EC_POINT_set_affine_coordinates (group, r_point, x, y, bn_ctx); #else EC_POINT_set_affine_coordinates_GFp (group, r_point, x, y, bn_ctx); #endif EC_KEY_set_public_key (ec, r_point); EC_POINT *i_point = EC_POINT_new (group); EC_POINT *shared_point = EC_POINT_new (group); x = BN_bin2bn (sa->i_dh_data, len, x); y = BN_bin2bn (sa->i_dh_data + len, len, y); #if OPENSSL_VERSION_NUMBER >= 0x30000000L EC_POINT_set_affine_coordinates (group, i_point, x, y, bn_ctx); #else EC_POINT_set_affine_coordinates_GFp (group, i_point, x, y, bn_ctx); #endif EC_POINT_mul (group, shared_point, NULL, r_point, EC_KEY_get0_private_key (ec), NULL); #if OPENSSL_VERSION_NUMBER >= 0x30000000L EC_POINT_get_affine_coordinates (group, shared_point, x, y, bn_ctx); #else EC_POINT_get_affine_coordinates_GFp (group, shared_point, x, y, bn_ctx); #endif sa->dh_shared_key = vec_new (u8, t->key_len); x_off = len - BN_num_bytes (x); clib_memset (sa->dh_shared_key, 0, x_off); BN_bn2bin (x, sa->dh_shared_key + x_off); y_off = t->key_len - BN_num_bytes (y); clib_memset (sa->dh_shared_key + len, 0, y_off - len); BN_bn2bin (y, sa->dh_shared_key + y_off); EC_KEY_free (ec); BN_free (x); BN_free (y); BN_free (prv); BN_CTX_free (bn_ctx); EC_POINT_free (i_point); EC_POINT_free (r_point); EC_POINT_free (shared_point); } } int ikev2_verify_sign (EVP_PKEY * pkey, u8 * sigbuf, u8 * data) { #if OPENSSL_VERSION_NUMBER >= 0x10100000L EVP_MD_CTX *md_ctx = EVP_MD_CTX_new (); #else EVP_MD_CTX md_ctx; EVP_MD_CTX_init (&md_ctx); #endif #if OPENSSL_VERSION_NUMBER >= 0x10100000L EVP_VerifyInit (md_ctx, EVP_sha1 ()); EVP_VerifyUpdate (md_ctx, data, vec_len (data)); #else EVP_VerifyInit_ex (&md_ctx, EVP_sha1 (), NULL); EVP_VerifyUpdate (&md_ctx, data, vec_len (data)); #endif #if OPENSSL_VERSION_NUMBER >= 0x10100000L return EVP_VerifyFinal (md_ctx, sigbuf, vec_len (sigbuf), pkey); #else return EVP_VerifyFinal (&md_ctx, sigbuf, vec_len (sigbuf), pkey); #endif } u8 * ikev2_calc_sign (EVP_PKEY * pkey, u8 * data) { #if OPENSSL_VERSION_NUMBER >= 0x10100000L EVP_MD_CTX *md_ctx = EVP_MD_CTX_new (); #else EVP_MD_CTX md_ctx; #endif unsigned int sig_len = 0; u8 *sign; #if OPENSSL_VERSION_NUMBER >= 0x10100000L EVP_SignInit (md_ctx, EVP_sha1 ()); EVP_SignUpdate (md_ctx, data, vec_len (data)); /* get sign len */ EVP_SignFinal (md_ctx, NULL, &sig_len, pkey); sign = vec_new (u8, sig_len); /* calc sign */ EVP_SignFinal (md_ctx, sign, &sig_len, pkey); #else EVP_SignInit (&md_ctx, EVP_sha1 ()); EVP_SignUpdate (&md_ctx, data, vec_len (data)); /* get sign len */ EVP_SignFinal (&md_ctx, NULL, &sig_len, pkey); sign = vec_new (u8, sig_len); /* calc sign */ EVP_SignFinal (&md_ctx, sign, &sig_len, pkey); #endif return sign; } EVP_PKEY * ikev2_load_cert_file (u8 * file) { FILE *fp; X509 *x509; EVP_PKEY *pkey = NULL; fp = fopen ((char *) file, "r"); if (!fp) { clib_warning ("open %s failed", file); goto end; } x509 = PEM_read_X509 (fp, NULL, NULL, NULL); fclose (fp); if (x509 == NULL) { clib_warning ("read cert %s failed", file); goto end; } pkey = X509_get_pubkey (x509); if (pkey == NULL) clib_warning ("get pubkey %s failed", file); end: return pkey; } EVP_PKEY * ikev2_load_key_file (u8 * file) { FILE *fp; EVP_PKEY *pkey = NULL; fp = fopen ((char *) file, "r"); if (!fp) { clib_warning ("open %s failed", file); goto end; } pkey = PEM_read_PrivateKey (fp, NULL, NULL, NULL); fclose (fp); if (pkey == NULL) clib_warning ("read %s failed", file); end: return pkey; } void ikev2_crypto_init (ikev2_main_t * km) { ikev2_sa_transform_t *tr; /* vector of supported transforms - in order of preference */ //Encryption vec_add2 (km->supported_transforms, tr, 1); tr->type = IKEV2_TRANSFORM_TYPE_ENCR; tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC; tr->key_len = 256 / 8; tr->block_size = 128 / 8; tr->cipher = EVP_aes_256_cbc (); vec_add2 (km->supported_transforms, tr, 1); tr->type = IKEV2_TRANSFORM_TYPE_ENCR; tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC; tr->key_len = 192 / 8; tr->block_size = 128 / 8; tr->cipher = EVP_aes_192_cbc (); vec_add2 (km->supported_transforms, tr, 1); tr->type = IKEV2_TRANSFORM_TYPE_ENCR; tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC; tr->key_len = 128 / 8; tr->block_size = 128 / 8; tr->cipher = EVP_aes_128_cbc (); //PRF vec_add2 (km->supported_transforms, tr, 1); tr->type = IKEV2_TRANSFORM_TYPE_PRF; tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA2_256; tr->key_len = 256 / 8; tr->key_trunc = 256 / 8; tr->md = EVP_sha256 (); vec_add2 (km->supported_transforms, tr, 1); tr->type = IKEV2_TRANSFORM_TYPE_PRF; tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA2_384; tr->key_len = 384 / 8; tr->key_trunc = 384 / 8; tr->md = EVP_sha384 (); vec_add2 (km->supported_transforms, tr, 1); tr->type = IKEV2_TRANSFORM_TYPE_PRF; tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA2_512; tr->key_len = 512 / 8; tr->key_trunc = 512 / 8; tr->md = EVP_sha512 (); vec_add2 (km->supported_transforms, tr, 1); tr->type = IKEV2_TRANSFORM_TYPE_PRF; tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA1; tr->key_len = 160 / 8; tr->key_trunc = 160 / 8; tr->md = EVP_sha1 (); //Integrity vec_add2 (km->supported_transforms, tr, 1); tr->type = IKEV2_TRANSFORM_TYPE_INTEG; tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA2_256_128; tr->key_len = 256 / 8; tr->key_trunc = 128 / 8; tr->md = EVP_sha256 (); vec_add2 (km->supported_transforms, tr, 1); tr->type = IKEV2_TRANSFORM_TYPE_INTEG; tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA2_384_192; tr->key_len = 384 / 8; tr->key_trunc = 192 / 8; tr->md = EVP_sha384 (); vec_add2 (km->supported_transforms, tr, 1); tr->type = IKEV2_TRANSFORM_TYPE_INTEG; tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA2_512_256; tr->key_len = 512 / 8; tr->key_trunc = 256 / 8; tr->md = EVP_sha512 (); vec_add2 (km->supported_transforms, tr, 1); tr->type = IKEV2_TRANSFORM_TYPE_INTEG; tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA1_160; tr->key_len = 160 / 8; tr->key_trunc = 160 / 8; tr->md = EVP_sha1 (); vec_add2 (km->supported_transforms, tr, 1); tr->type = IKEV2_TRANSFORM_TYPE_INTEG; tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA1_96; tr->key_len = 160 / 8; tr->key_trunc = 96 / 8; tr->md = EVP_sha1 (); #if defined(OPENSSL_NO_CISCO_FECDH) vec_add2 (km->supported_transforms, tr, 1); tr->type = IKEV2_TRANSFORM_TYPE_DH; tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_512; tr->key_len = (512 * 2) / 8; tr->nid = NID_brainpoolP512r1; tr->dh_group = IKEV2_DH_GROUP_ECP; vec_add2 (km->supported_transforms, tr, 1); tr->type = IKEV2_TRANSFORM_TYPE_DH; tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_384; tr->key_len = (384 * 2) / 8; tr->nid = NID_brainpoolP384r1; tr->dh_group = IKEV2_DH_GROUP_ECP; vec_add2 (km->supported_transforms, tr, 1); tr->type = IKEV2_TRANSFORM_TYPE_DH; tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_256; tr->key_len = (256 * 2) / 8; tr->nid = NID_brainpoolP256r1; tr->dh_group = IKEV2_DH_GROUP_ECP; vec_add2 (km->supported_transforms, tr, 1); tr->type = IKEV2_TRANSFORM_TYPE_DH; tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_224; tr->key_len = (224 * 2) / 8; tr->nid = NID_brainpoolP224r1; tr->dh_group = IKEV2_DH_GROUP_ECP; vec_add2 (km->supported_transforms, tr, 1); tr->type = IKEV2_TRANSFORM_TYPE_DH; tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_224; tr->key_len = (224 * 2) / 8; tr->nid = NID_secp224r1; tr->dh_group = IKEV2_DH_GROUP_ECP; #endif vec_add2 (km->supported_transforms, tr, 1); tr->type = IKEV2_TRANSFORM_TYPE_DH; tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_521; tr->key_len = (528 * 2) / 8; tr->nid = NID_secp521r1; tr->dh_group = IKEV2_DH_GROUP_ECP; vec_add2 (km->supported_transforms, tr, 1); tr->type = IKEV2_TRANSFORM_TYPE_DH; tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_384; tr->key_len = (384 * 2) / 8; tr->nid = NID_secp384r1; tr->dh_group = IKEV2_DH_GROUP_ECP; vec_add2 (km->supported_transforms, tr, 1); tr->type = IKEV2_TRANSFORM_TYPE_DH; tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_256; tr->key_len = (256 * 2) / 8; tr->nid = NID_X9_62_prime256v1; tr->dh_group = IKEV2_DH_GROUP_ECP; vec_add2 (km->supported_transforms, tr, 1); tr->type = IKEV2_TRANSFORM_TYPE_DH; tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_192; tr->key_len = (192 * 2) / 8; tr->nid = NID_X9_62_prime192v1; tr->dh_group = IKEV2_DH_GROUP_ECP; vec_add2 (km->supported_transforms, tr, 1); tr->type = IKEV2_TRANSFORM_TYPE_DH; tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048_256; tr->key_len = 2048 / 8; tr->dh_p = (const char *) &modp_dh_2048_256_prime; tr->dh_g = (const char *) &modp_dh_2048_256_generator; tr->dh_group = IKEV2_DH_GROUP_MODP; vec_add2 (km->supported_transforms, tr, 1); tr->type = IKEV2_TRANSFORM_TYPE_DH; tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048_224; tr->key_len = 2048 / 8; tr->dh_p = (const char *) &modp_dh_2048_224_prime; tr->dh_g = (const char *) &modp_dh_2048_224_generator; tr->dh_group = IKEV2_DH_GROUP_MODP; vec_add2 (km->supported_transforms, tr, 1); tr->type = IKEV2_TRANSFORM_TYPE_DH; tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1024_160; tr->key_len = 1024 / 8; tr->dh_p = (const char *) &modp_dh_1024_160_prime; tr->dh_g = (const char *) &modp_dh_1024_160_generator; tr->dh_group = IKEV2_DH_GROUP_MODP; vec_add2 (km->supported_transforms, tr, 1); tr->type = IKEV2_TRANSFORM_TYPE_DH; tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_8192; tr->key_len = 8192 / 8; tr->dh_p = (const char *) &modp_dh_8192_prime; tr->dh_g = (const char *) &modp_dh_8192_generator; tr->dh_group = IKEV2_DH_GROUP_MODP; vec_add2 (km->supported_transforms, tr, 1); tr->type = IKEV2_TRANSFORM_TYPE_DH; tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_6144; tr->key_len = 6144 / 8; tr->dh_p = (const char *) &modp_dh_6144_prime; tr->dh_g = (const char *) &modp_dh_6144_generator; tr->dh_group = IKEV2_DH_GROUP_MODP; vec_add2 (km->supported_transforms, tr, 1); tr->type = IKEV2_TRANSFORM_TYPE_DH; tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_4096; tr->key_len = 4096 / 8; tr->dh_p = (const char *) &modp_dh_4096_prime; tr->dh_g = (const char *) &modp_dh_4096_generator; tr->dh_group = IKEV2_DH_GROUP_MODP; vec_add2 (km->supported_transforms, tr, 1); tr->type = IKEV2_TRANSFORM_TYPE_DH; tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_3072; tr->key_len = 3072 / 8; tr->dh_p = (const char *) &modp_dh_3072_prime; tr->dh_g = (const char *) &modp_dh_3072_generator; tr->dh_group = IKEV2_DH_GROUP_MODP; vec_add2 (km->supported_transforms, tr, 1); tr->type = IKEV2_TRANSFORM_TYPE_DH; tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048; tr->key_len = 2048 / 8; tr->dh_p = (const char *) &modp_dh_2048_prime; tr->dh_g = (const char *) &modp_dh_2048_generator; tr->dh_group = IKEV2_DH_GROUP_MODP; vec_add2 (km->supported_transforms, tr, 1); tr->type = IKEV2_TRANSFORM_TYPE_DH; tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1536; tr->key_len = 1536 / 8; tr->dh_p = (const char *) &modp_dh_1536_prime; tr->dh_g = (const char *) &modp_dh_1536_generator; tr->dh_group = IKEV2_DH_GROUP_MODP; vec_add2 (km->supported_transforms, tr, 1); tr->type = IKEV2_TRANSFORM_TYPE_DH; tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1024; tr->key_len = 1024 / 8; tr->dh_p = (const char *) &modp_dh_1024_prime; tr->dh_g = (const char *) &modp_dh_1024_generator; tr->dh_group = IKEV2_DH_GROUP_MODP; vec_add2 (km->supported_transforms, tr, 1); tr->type = IKEV2_TRANSFORM_TYPE_DH; tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_768; tr->key_len = 768 / 8; tr->dh_p = (const char *) &modp_dh_768_prime; tr->dh_g = (const char *) &modp_dh_768_generator; tr->dh_group = IKEV2_DH_GROUP_MODP; vec_add2 (km->supported_transforms, tr, 1); tr->type = IKEV2_TRANSFORM_TYPE_ESN; tr->esn_type = IKEV2_TRANSFORM_ESN_TYPE_ESN; vec_add2 (km->supported_transforms, tr, 1); tr->type = IKEV2_TRANSFORM_TYPE_ESN; tr->esn_type = IKEV2_TRANSFORM_ESN_TYPE_NO_ESN; } /* * fd.io coding-style-patch-verification: ON * * Local Variables: * eval: (c-set-style "gnu") * End: */