ligang/vpp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ikev2: add support for GCM cipher

Browse Source 
Type: feature
Change-Id: Ic703015b55f0ae947e5e44b10b74b3c79efe7da6
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
This commit is contained in:
Filip Tehlar
2019-09-18 22:43:44 +00:00
committed by Damjan Marion
parent aa4438a311
commit de2dd6c356
3 changed files with 43 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
src/plugins/ikev2/ikev2.c
View File

@ -1538,6 +1538,26 @@ ikev2_create_tunnel_interface (vnet_main_t * vnm, ikev2_sa_t * sa,
break;
}
}
else if (tr->encr_type == IKEV2_TRANSFORM_ENCR_TYPE_AES_GCM
&& tr->key_len)
{
switch (tr->key_len)
{
case 16:
encr_type = IPSEC_CRYPTO_ALG_AES_GCM_128;
break;
case 24:
encr_type = IPSEC_CRYPTO_ALG_AES_GCM_192;
break;
case 32:
encr_type = IPSEC_CRYPTO_ALG_AES_GCM_256;
break;
default:
ikev2_set_state (sa, IKEV2_STATE_NO_PROPOSAL_CHOSEN);
return 1;
break;
}
}
else
{
ikev2_set_state (sa, IKEV2_STATE_NO_PROPOSAL_CHOSEN);

3
src/plugins/ikev2/ikev2.h
View File

@ -221,7 +221,8 @@ typedef enum
_(9 , DES_IV32, "des-iv32") \
_(11, NULL, "null") \
_(12, AES_CBC, "aes-cbc") \
_(13, AES_CTR, "aes-ctr")
_(13, AES_CTR, "aes-ctr") \
_(14, AES_GCM, "aes-gcm")
typedef enum
{

21
src/plugins/ikev2/ikev2_crypto.c
View File

@ -832,6 +832,27 @@ ikev2_crypto_init (ikev2_main_t * km)
tr->block_size = 128 / 8;
tr->cipher = EVP_aes_128_cbc ();
vec_add2 (km->supported_transforms, tr, 1);
tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_GCM;
tr->key_len = 256 / 8;
tr->block_size = 128 / 8;
tr->cipher = EVP_aes_256_gcm ();
vec_add2 (km->supported_transforms, tr, 1);
tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_GCM;
tr->key_len = 192 / 8;
tr->block_size = 128 / 8;
tr->cipher = EVP_aes_192_gcm ();
vec_add2 (km->supported_transforms, tr, 1);
tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_GCM;
tr->key_len = 128 / 8;
tr->block_size = 128 / 8;
tr->cipher = EVP_aes_128_gcm ();
//PRF
vec_add2 (km->supported_transforms, tr, 1);
tr->type = IKEV2_TRANSFORM_TYPE_PRF;