23 #include <openssl/obj_mac.h> 24 #include <openssl/ec.h> 25 #include <openssl/x509.h> 26 #include <openssl/pem.h> 27 #include <openssl/bn.h> 28 #include <openssl/dh.h> 32 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" 33 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" 34 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" 35 "E485B576625E7EC6F44C42E9A63A3620FFFFFFFFFFFFFFFF";
39 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" 40 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" 41 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" 42 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" 43 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381" "FFFFFFFFFFFFFFFF";
48 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" 49 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" 50 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" 51 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" 52 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" 53 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" 54 "83655D23DCA3AD961C62F356208552BB9ED529077096966D" 55 "670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF";
59 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" 60 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" 61 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" 62 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" 63 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" 64 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" 65 "83655D23DCA3AD961C62F356208552BB9ED529077096966D" 66 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" 67 "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" 68 "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" 69 "15728E5A8AACAA68FFFFFFFFFFFFFFFF";
73 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" 74 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" 75 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" 76 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" 77 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" 78 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" 79 "83655D23DCA3AD961C62F356208552BB9ED529077096966D" 80 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" 81 "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" 82 "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" 83 "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" 84 "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" 85 "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" 86 "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" 87 "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" 88 "43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF";
92 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" 93 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" 94 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" 95 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" 96 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" 97 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" 98 "83655D23DCA3AD961C62F356208552BB9ED529077096966D" 99 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" 100 "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" 101 "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" 102 "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" 103 "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" 104 "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" 105 "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" 106 "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" 107 "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7" 108 "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA" 109 "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6" 110 "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED" 111 "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9" 112 "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199" "FFFFFFFFFFFFFFFF";
116 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E08" 117 "8A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B" 118 "302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9" 119 "A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE6" 120 "49286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8" 121 "FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D" 122 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C" 123 "180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF695581718" 124 "3995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D" 125 "04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7D" 126 "B3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D226" 127 "1AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200C" 128 "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFC" 129 "E0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B26" 130 "99C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB" 131 "04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2" 132 "233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127" 133 "D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492" 134 "36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406" 135 "AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918" 136 "DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B33205151" 137 "2BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03" 138 "F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97F" 139 "BEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA" 140 "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58B" 141 "B7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632" 142 "387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E" 143 "6DCC4024FFFFFFFFFFFFFFFF";
147 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" 148 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" 149 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" 150 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" 151 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" 152 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" 153 "83655D23DCA3AD961C62F356208552BB9ED529077096966D" 154 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" 155 "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" 156 "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" 157 "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" 158 "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" 159 "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" 160 "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" 161 "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" 162 "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7" 163 "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA" 164 "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6" 165 "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED" 166 "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9" 167 "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492" 168 "36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BD" 169 "F8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831" 170 "179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1B" 171 "DB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF" 172 "5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6" 173 "D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F3" 174 "23A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA" 175 "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE328" 176 "06A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55C" 177 "DA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE" 178 "12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E4" 179 "38777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300" 180 "741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F568" 181 "3423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD9" 182 "22222E04A4037C0713EB57A81A23F0C73473FC646CEA306B" 183 "4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A" 184 "062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A36" 185 "4597E899A0255DC164F31CC50846851DF9AB48195DED7EA1" 186 "B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F92" 187 "4009438B481C6CD7889A002ED5EE382BC9190DA6FC026E47" 188 "9558E4475677E9AA9E3050E2765694DFC81F56E880B96E71" 189 "60C980DD98EDD3DFFFFFFFFFFFFFFFFF";
194 "B10B8F96A080E01DDE92DE5EAE5D54EC52C99FBCFB06A3C6" 195 "9A6A9DCA52D23B616073E28675A23D189838EF1E2EE652C0" 196 "13ECB4AEA906112324975C3CD49B83BFACCBDD7D90C4BD70" 197 "98488E9C219A73724EFFD6FAE5644738FAA31A4FF55BCCC0" 198 "A151AF5F0DC8B4BD45BF37DF365C1A65E68CFDA76D4DA708" "DF1FB2BC2E4A4371";
200 "A4D1CBD5C3FD34126765A442EFB99905F8104DD258AC507F" 201 "D6406CFF14266D31266FEA1E5C41564B777E690F5504F213" 202 "160217B4B01B886A5E91547F9E2749F4D7FBD7D3B9A92EE1" 203 "909D0D2263F80A76A6A24C087A091F531DBF0A0169B6A28A" 204 "D662A4D18E73AFA32D779D5918D08BC8858F4DCEF97C2A24" "855E6EEB22B3B2E5";
207 "AD107E1E9123A9D0D660FAA79559C51FA20D64E5683B9FD1" 208 "B54B1597B61D0A75E6FA141DF95A56DBAF9A3C407BA1DF15" 209 "EB3D688A309C180E1DE6B85A1274A0A66D3F8152AD6AC212" 210 "9037C9EDEFDA4DF8D91E8FEF55B7394B7AD5B7D0B6C12207" 211 "C9F98D11ED34DBF6C6BA0B2C8BBC27BE6A00E0A0B9C49708" 212 "B3BF8A317091883681286130BC8985DB1602E714415D9330" 213 "278273C7DE31EFDC7310F7121FD5A07415987D9ADC0A486D" 214 "CDF93ACC44328387315D75E198C641A480CD86A1B9E587E8" 215 "BE60E69CC928B2B9C52172E413042E9B23F10B0E16E79763" 216 "C9B53DCF4BA80A29E3FB73C16B8E75B97EF363E2FFA31F71" 217 "CF9DE5384E71B81C0AC4DFFE0C10E64F";
219 "AC4032EF4F2D9AE39DF30B5C8FFDAC506CDEBE7B89998CAF" 220 "74866A08CFE4FFE3A6824A4E10B9A6F0DD921F01A70C4AFA" 221 "AB739D7700C29F52C57DB17C620A8652BE5E9001A8D66AD7" 222 "C17669101999024AF4D027275AC1348BB8A762D0521BC98A" 223 "E247150422EA1ED409939D54DA7460CDB5F6C6B250717CBE" 224 "F180EB34118E98D119529A45D6F834566E3025E316A330EF" 225 "BB77A86F0C1AB15B051AE3D428C8F8ACB70A8137150B8EEB" 226 "10E183EDD19963DDD9E263E4770589EF6AA21E7F5F2FF381" 227 "B539CCE3409D13CD566AFBB48D6C019181E1BCFE94B30269" 228 "EDFE72FE9B6AA4BD7B5A0F1C71CFFF4C19C418E1F6EC0179" 229 "81BC087F2A7065B384B890D3191F2BFA";
232 "87A8E61DB4B6663CFFBBD19C651959998CEEF608660DD0F2" 233 "5D2CEED4435E3B00E00DF8F1D61957D4FAF7DF4561B2AA30" 234 "16C3D91134096FAA3BF4296D830E9A7C209E0C6497517ABD" 235 "5A8A9D306BCF67ED91F9E6725B4758C022E0B1EF4275BF7B" 236 "6C5BFC11D45F9088B941F54EB1E59BB8BC39A0BF12307F5C" 237 "4FDB70C581B23F76B63ACAE1CAA6B7902D52526735488A0E" 238 "F13C6D9A51BFA4AB3AD8347796524D8EF6A167B5A41825D9" 239 "67E144E5140564251CCACB83E6B486F6B3CA3F7971506026" 240 "C0B857F689962856DED4010ABD0BE621C3A3960A54E710C3" 241 "75F26375D7014103A4B54330C198AF126116D2276E11715F" 242 "693877FAD7EF09CADB094AE91E1A1597";
244 "3FB32C9B73134D0B2E77506660EDBD484CA7B18F21EF2054" 245 "07F4793A1A0BA12510DBC15077BE463FFF4FED4AAC0BB555" 246 "BE3A6C1B0C6B47B1BC3773BF7E8C6F62901228F8C28CBB18" 247 "A55AE31341000A650196F931C77A57F2DDF463E5E9EC144B" 248 "777DE62AAAB8A8628AC376D282D6ED3864E67982428EBC83" 249 "1D14348F6F2F9193B5045AF2767164E1DFC967C1FB3F2E55" 250 "A4BD1BFFE83B9C80D052B985D182EA0ADB2A3B7313D3FE14" 251 "C8484B1E052588B9B7D2BBD2DF016199ECD06E1557CD0915" 252 "B3353BBB64E0EC377FD028370DF92B52C7891428CDC67EB6" 253 "184B523D1DB246C32F63078490F00EF8D647D148D4795451" 254 "5E2327CFEF98C582664B4C0F6CC41659";
259 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 265 unsigned int len = 0;
268 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 269 ctx = HMAC_CTX_new ();
271 HMAC_Update (ctx, data,
vec_len (data));
272 HMAC_Final (ctx, prf, &len);
274 HMAC_CTX_init (&ctx);
276 HMAC_Update (&ctx, data,
vec_len (data));
277 HMAC_Final (&ctx, prf, &len);
278 HMAC_CTX_cleanup (&ctx);
288 v8 *t = 0, *s = 0, *tmp = 0, *ret = 0;
300 while (
vec_len (ret) < len && x < 255)
331 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 338 ASSERT (tr->
type == IKEV2_TRANSFORM_TYPE_INTEG);
343 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 344 hctx = HMAC_CTX_new ();
346 HMAC_Update (hctx, (
const u8 *) data, len);
347 HMAC_Final (hctx, r, &l);
349 HMAC_CTX_init (&hctx);
351 HMAC_Update (&hctx, (
const u8 *) data, len);
352 HMAC_Final (&hctx, r, &l);
353 HMAC_CTX_cleanup (&hctx);
364 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 370 int out_len = 0, block_size;
379 if (len % block_size)
385 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 386 ctx = EVP_CIPHER_CTX_new ();
388 EVP_CIPHER_CTX_init (&ctx);
393 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 394 EVP_DecryptInit_ex (ctx, tr_encr->
cipher,
NULL, key, data);
395 EVP_DecryptUpdate (ctx, r, &out_len, data + block_size, len - block_size);
396 EVP_DecryptFinal_ex (ctx, r + out_len, &out_len);
398 EVP_DecryptInit_ex (&ctx, tr_encr->
cipher,
NULL, key, data);
399 EVP_DecryptUpdate (&ctx, r, &out_len, data + block_size, len - block_size);
400 EVP_DecryptFinal_ex (&ctx, r + out_len, &out_len);
403 _vec_len (r) -= r[
vec_len (r) - 1] + 1;
405 #if OPENSSL_VERSION_NUMBER < 0x10100000L 406 EVP_CIPHER_CTX_cleanup (&ctx);
414 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 429 RAND_bytes (dst, bs);
431 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 432 ctx = EVP_CIPHER_CTX_new ();
433 EVP_EncryptInit_ex (ctx, tr_encr->
cipher,
NULL, key, dst );
434 EVP_EncryptUpdate (ctx, dst + bs, &out_len, src,
vec_len (src));
436 EVP_CIPHER_CTX_init (&ctx);
437 EVP_EncryptInit_ex (&ctx, tr_encr->
cipher,
NULL, key, dst );
438 EVP_EncryptUpdate (&ctx, dst + bs, &out_len, src,
vec_len (src));
439 EVP_CIPHER_CTX_cleanup (&ctx);
451 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 452 BIGNUM *p = BN_new ();
453 BIGNUM *q = BN_new ();
454 BIGNUM *g = BN_new ();
455 BIGNUM *pub_key = BN_new ();
456 BIGNUM *priv_key = BN_new ();
462 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 463 BN_hex2bn (&p, t->
dh_p);
464 BN_hex2bn (&g, t->
dh_g);
465 DH_set0_pqg (dh, p, q, g);
467 BN_hex2bn (&dh->p, t->
dh_p);
468 BN_hex2bn (&dh->g, t->
dh_g);
470 DH_generate_key (dh);
476 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 480 DH_set0_key (dh, pub_key, priv_key);
482 r = BN_bn2bin (dh->pub_key, sa->
i_dh_data);
491 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 494 DH_set0_key (dh, pub_key,
NULL);
496 r = BN_bn2bin (dh->pub_key, sa->
r_dh_data);
510 EC_KEY *ec = EC_KEY_new_by_curve_name (t->
nid);
513 EC_KEY_generate_key (ec);
515 const EC_POINT *r_point = EC_KEY_get0_public_key (ec);
516 const EC_GROUP *group = EC_KEY_get0_group (ec);
518 BN_CTX *bn_ctx = BN_CTX_new ();
519 u16 x_off, y_off, len;
520 EC_POINT *i_point = EC_POINT_new (group);
521 EC_POINT *shared_point = EC_POINT_new (group);
527 EC_POINT_get_affine_coordinates_GFp (group, r_point, x, y, bn_ctx);
532 x_off = len - BN_num_bytes (x);
535 y_off = t->
key_len - BN_num_bytes (y);
536 memset (sa->
i_dh_data + len, 0, y_off - len);
539 const BIGNUM *prv = EC_KEY_get0_private_key (ec);
542 ASSERT (r == BN_num_bytes (prv));
547 x_off = len - BN_num_bytes (x);
550 y_off = t->
key_len - BN_num_bytes (y);
551 memset (sa->
r_dh_data + len, 0, y_off - len);
555 y = BN_bin2bn (sa->
i_dh_data + len, len, y);
556 EC_POINT_set_affine_coordinates_GFp (group, i_point, x, y, bn_ctx);
558 EC_POINT_mul (group, shared_point,
NULL, i_point,
559 EC_KEY_get0_private_key (ec),
NULL);
560 EC_POINT_get_affine_coordinates_GFp (group, shared_point, x, y,
562 x_off = len - BN_num_bytes (x);
565 y_off = t->
key_len - BN_num_bytes (y);
573 BN_CTX_free (bn_ctx);
574 EC_POINT_free (i_point);
575 EC_POINT_free (shared_point);
583 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 584 BIGNUM *p = BN_new ();
585 BIGNUM *q = BN_new ();
586 BIGNUM *g = BN_new ();
587 BIGNUM *priv_key = BN_new ();
593 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 594 BN_hex2bn (&p, t->
dh_p);
595 BN_hex2bn (&g, t->
dh_g);
596 DH_set0_pqg (dh, p, q, g);
600 DH_set0_key (dh,
NULL, priv_key);
602 BN_hex2bn (&dh->p, t->
dh_p);
603 BN_hex2bn (&dh->g, t->
dh_g);
618 EC_KEY *ec = EC_KEY_new_by_curve_name (t->
nid);
621 const EC_GROUP *group = EC_KEY_get0_group (ec);
623 BN_CTX *bn_ctx = BN_CTX_new ();
624 u16 x_off, y_off, len;
629 EC_KEY_set_private_key (ec, prv);
636 y = BN_bin2bn (sa->
r_dh_data + len, len, y);
637 EC_POINT *r_point = EC_POINT_new (group);
638 EC_POINT_set_affine_coordinates_GFp (group, r_point, x, y, bn_ctx);
639 EC_KEY_set_public_key (ec, r_point);
641 EC_POINT *i_point = EC_POINT_new (group);
642 EC_POINT *shared_point = EC_POINT_new (group);
645 y = BN_bin2bn (sa->
i_dh_data + len, len, y);
646 EC_POINT_set_affine_coordinates_GFp (group, i_point, x, y, bn_ctx);
647 EC_POINT_mul (group, shared_point,
NULL, r_point,
648 EC_KEY_get0_private_key (ec),
NULL);
649 EC_POINT_get_affine_coordinates_GFp (group, shared_point, x, y, bn_ctx);
651 x_off = len - BN_num_bytes (x);
654 y_off = t->
key_len - BN_num_bytes (y);
662 BN_CTX_free (bn_ctx);
663 EC_POINT_free (i_point);
664 EC_POINT_free (r_point);
665 EC_POINT_free (shared_point);
672 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 673 EVP_MD_CTX *md_ctx = EVP_MD_CTX_new ();
678 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 679 EVP_VerifyInit (md_ctx, EVP_sha1 ());
680 EVP_VerifyUpdate (md_ctx, data,
vec_len (data));
682 EVP_VerifyInit_ex (&md_ctx, EVP_sha1 (),
NULL);
683 EVP_VerifyUpdate (&md_ctx, data,
vec_len (data));
686 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 687 return EVP_VerifyFinal (md_ctx, sigbuf,
vec_len (sigbuf), pkey);
689 return EVP_VerifyFinal (&md_ctx, sigbuf,
vec_len (sigbuf), pkey);
696 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 697 EVP_MD_CTX *md_ctx = EVP_MD_CTX_new ();
701 unsigned int sig_len = 0;
704 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 705 EVP_SignInit (md_ctx, EVP_sha1 ());
706 EVP_SignUpdate (md_ctx, data,
vec_len (data));
708 EVP_SignFinal (md_ctx,
NULL, &sig_len, pkey);
711 EVP_SignFinal (md_ctx, sign, &sig_len, pkey);
713 EVP_SignInit (&md_ctx, EVP_sha1 ());
714 EVP_SignUpdate (&md_ctx, data,
vec_len (data));
716 EVP_SignFinal (&md_ctx,
NULL, &sig_len, pkey);
719 EVP_SignFinal (&md_ctx, sign, &sig_len, pkey);
729 EVP_PKEY *pkey =
NULL;
731 fp = fopen ((
char *) file,
"r");
746 pkey = X509_get_pubkey (x509);
758 EVP_PKEY *pkey =
NULL;
760 fp = fopen ((
char *) file,
"r");
783 tr->
type = IKEV2_TRANSFORM_TYPE_ENCR;
784 tr->
encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
787 tr->
cipher = EVP_aes_256_cbc ();
790 tr->
type = IKEV2_TRANSFORM_TYPE_ENCR;
791 tr->
encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
794 tr->
cipher = EVP_aes_192_cbc ();
797 tr->
type = IKEV2_TRANSFORM_TYPE_ENCR;
798 tr->
encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
801 tr->
cipher = EVP_aes_128_cbc ();
804 tr->
type = IKEV2_TRANSFORM_TYPE_PRF;
805 tr->
prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA1;
808 tr->
md = EVP_sha1 ();
811 tr->
type = IKEV2_TRANSFORM_TYPE_INTEG;
812 tr->
integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA1_96;
815 tr->
md = EVP_sha1 ();
817 #if defined(OPENSSL_NO_CISCO_FECDH) 819 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
820 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_512;
822 tr->
nid = NID_brainpoolP512r1;
826 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
827 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_384;
829 tr->
nid = NID_brainpoolP384r1;
833 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
834 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_256;
836 tr->
nid = NID_brainpoolP256r1;
840 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
841 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_224;
843 tr->
nid = NID_brainpoolP224r1;
847 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
848 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_224;
850 tr->
nid = NID_secp224r1;
855 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
856 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_521;
858 tr->
nid = NID_secp521r1;
862 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
863 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_384;
865 tr->
nid = NID_secp384r1;
869 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
870 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_256;
872 tr->
nid = NID_X9_62_prime256v1;
876 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
877 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_192;
879 tr->
nid = NID_X9_62_prime192v1;
883 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
884 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048_256;
891 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
892 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048_224;
899 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
900 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1024_160;
907 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
908 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_8192;
915 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
916 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_6144;
923 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
924 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_4096;
931 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
932 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_3072;
939 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
940 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048;
947 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
948 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1536;
955 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
956 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1024;
963 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
964 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_768;
971 tr->
type = IKEV2_TRANSFORM_TYPE_ESN;
972 tr->
esn_type = IKEV2_TRANSFORM_ESN_TYPE_ESN;
975 tr->
type = IKEV2_TRANSFORM_TYPE_ESN;
976 tr->
esn_type = IKEV2_TRANSFORM_ESN_TYPE_NO_ESN;
static const char modp_dh_1536_prime[]
static const char modp_dh_3072_generator[]
adds_epu subs_epu i16x8 y
static const char modp_dh_8192_prime[]
static const char modp_dh_4096_prime[]
v8 * ikev2_calc_prf(ikev2_sa_transform_t *tr, v8 *key, v8 *data)
static const char modp_dh_8192_generator[]
static const char modp_dh_768_generator[]
#define vec_add2(V, P, N)
Add N elements to end of vector V, return pointer to new elements in P.
static const char modp_dh_1024_prime[]
ikev2_sa_transform_t * ikev2_sa_get_td_for_type(ikev2_sa_proposal_t *p, ikev2_transform_type_t type)
static const char modp_dh_6144_prime[]
int ikev2_encrypt_data(ikev2_sa_t *sa, v8 *src, u8 *dst)
static const char modp_dh_768_prime[]
void ikev2_generate_dh(ikev2_sa_t *sa, ikev2_sa_transform_t *t)
EVP_PKEY * ikev2_load_cert_file(u8 *file)
#define vec_new(T, N)
Create new vector of given type and length (unspecified alignment, no header).
EVP_PKEY * ikev2_load_key_file(u8 *file)
static const char modp_dh_1024_160_prime[]
u8 * ikev2_calc_prfplus(ikev2_sa_transform_t *tr, u8 *key, u8 *seed, int len)
static const char modp_dh_1024_generator[]
static const char modp_dh_2048_256_prime[]
ikev2_sa_transform_t * supported_transforms
int ikev2_verify_sign(EVP_PKEY *pkey, u8 *sigbuf, u8 *data)
static const char modp_dh_1536_generator[]
static const char modp_dh_3072_prime[]
#define vec_free(V)
Free vector's memory (no header).
#define clib_warning(format, args...)
ikev2_sa_proposal_t * r_proposals
static const char modp_dh_2048_generator[]
static const char modp_dh_6144_generator[]
void ikev2_complete_dh(ikev2_sa_t *sa, ikev2_sa_transform_t *t)
#define vec_append(v1, v2)
Append v2 after v1.
static const char modp_dh_1024_160_generator[]
static const char modp_dh_4096_generator[]
static const char modp_dh_2048_prime[]
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
static const char modp_dh_2048_224_generator[]
static const char modp_dh_2048_256_generator[]
void ikev2_crypto_init(ikev2_main_t *km)
v8 * ikev2_decrypt_data(ikev2_sa_t *sa, u8 *data, int len)
u8 * ikev2_calc_sign(EVP_PKEY *pkey, u8 *data)
v8 * ikev2_calc_integr(ikev2_sa_transform_t *tr, v8 *key, u8 *data, int len)
static const char modp_dh_2048_224_prime[]