ikev2: add support for GCM cipher
Type: feature
Change-Id: Ic703015b55f0ae947e5e44b10b74b3c79efe7da6
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
(cherry picked from commit de2dd6c356)
This commit is contained in:
Filip Tehlar
committed by
Andrew Yourtchenko
Andrew Yourtchenko
parent
bc49679802
commit
2fa9f679c8
@ -1538,6 +1538,26 @@ ikev2_create_tunnel_interface (vnet_main_t * vnm, ikev2_sa_t * sa,
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
else if (tr->encr_type == IKEV2_TRANSFORM_ENCR_TYPE_AES_GCM
|
||||||
|
&& tr->key_len)
|
||||||
|
{
|
||||||
|
switch (tr->key_len)
|
||||||
|
{
|
||||||
|
case 16:
|
||||||
|
encr_type = IPSEC_CRYPTO_ALG_AES_GCM_128;
|
||||||
|
break;
|
||||||
|
case 24:
|
||||||
|
encr_type = IPSEC_CRYPTO_ALG_AES_GCM_192;
|
||||||
|
break;
|
||||||
|
case 32:
|
||||||
|
encr_type = IPSEC_CRYPTO_ALG_AES_GCM_256;
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
ikev2_set_state (sa, IKEV2_STATE_NO_PROPOSAL_CHOSEN);
|
||||||
|
return 1;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
ikev2_set_state (sa, IKEV2_STATE_NO_PROPOSAL_CHOSEN);
|
ikev2_set_state (sa, IKEV2_STATE_NO_PROPOSAL_CHOSEN);
|
||||||
|
|||||||
@ -221,7 +221,8 @@ typedef enum
|
|||||||
_(9 , DES_IV32, "des-iv32") \
|
_(9 , DES_IV32, "des-iv32") \
|
||||||
_(11, NULL, "null") \
|
_(11, NULL, "null") \
|
||||||
_(12, AES_CBC, "aes-cbc") \
|
_(12, AES_CBC, "aes-cbc") \
|
||||||
_(13, AES_CTR, "aes-ctr")
|
_(13, AES_CTR, "aes-ctr") \
|
||||||
|
_(14, AES_GCM, "aes-gcm")
|
||||||
|
|
||||||
typedef enum
|
typedef enum
|
||||||
{
|
{
|
||||||
|
|||||||
@ -832,6 +832,27 @@ ikev2_crypto_init (ikev2_main_t * km)
|
|||||||
tr->block_size = 128 / 8;
|
tr->block_size = 128 / 8;
|
||||||
tr->cipher = EVP_aes_128_cbc ();
|
tr->cipher = EVP_aes_128_cbc ();
|
||||||
|
|
||||||
|
vec_add2 (km->supported_transforms, tr, 1);
|
||||||
|
tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
|
||||||
|
tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_GCM;
|
||||||
|
tr->key_len = 256 / 8;
|
||||||
|
tr->block_size = 128 / 8;
|
||||||
|
tr->cipher = EVP_aes_256_gcm ();
|
||||||
|
|
||||||
|
vec_add2 (km->supported_transforms, tr, 1);
|
||||||
|
tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
|
||||||
|
tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_GCM;
|
||||||
|
tr->key_len = 192 / 8;
|
||||||
|
tr->block_size = 128 / 8;
|
||||||
|
tr->cipher = EVP_aes_192_gcm ();
|
||||||
|
|
||||||
|
vec_add2 (km->supported_transforms, tr, 1);
|
||||||
|
tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
|
||||||
|
tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_GCM;
|
||||||
|
tr->key_len = 128 / 8;
|
||||||
|
tr->block_size = 128 / 8;
|
||||||
|
tr->cipher = EVP_aes_128_gcm ();
|
||||||
|
|
||||||
//PRF
|
//PRF
|
||||||
vec_add2 (km->supported_transforms, tr, 1);
|
vec_add2 (km->supported_transforms, tr, 1);
|
||||||
tr->type = IKEV2_TRANSFORM_TYPE_PRF;
|
tr->type = IKEV2_TRANSFORM_TYPE_PRF;
|
||||||
|
|||||||
Reference in New Issue
Block a user