23 #include <openssl/obj_mac.h> 24 #include <openssl/ec.h> 25 #include <openssl/x509.h> 26 #include <openssl/pem.h> 27 #include <openssl/bn.h> 28 #include <openssl/dh.h> 32 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" 33 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" 34 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" 35 "E485B576625E7EC6F44C42E9A63A3620FFFFFFFFFFFFFFFF";
39 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" 40 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" 41 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" 42 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" 43 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381" "FFFFFFFFFFFFFFFF";
48 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" 49 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" 50 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" 51 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" 52 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" 53 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" 54 "83655D23DCA3AD961C62F356208552BB9ED529077096966D" 55 "670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF";
59 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" 60 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" 61 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" 62 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" 63 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" 64 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" 65 "83655D23DCA3AD961C62F356208552BB9ED529077096966D" 66 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" 67 "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" 68 "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" 69 "15728E5A8AACAA68FFFFFFFFFFFFFFFF";
73 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" 74 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" 75 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" 76 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" 77 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" 78 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" 79 "83655D23DCA3AD961C62F356208552BB9ED529077096966D" 80 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" 81 "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" 82 "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" 83 "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" 84 "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" 85 "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" 86 "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" 87 "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" 88 "43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF";
92 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" 93 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" 94 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" 95 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" 96 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" 97 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" 98 "83655D23DCA3AD961C62F356208552BB9ED529077096966D" 99 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" 100 "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" 101 "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" 102 "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" 103 "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" 104 "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" 105 "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" 106 "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" 107 "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7" 108 "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA" 109 "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6" 110 "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED" 111 "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9" 112 "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199" "FFFFFFFFFFFFFFFF";
116 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E08" 117 "8A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B" 118 "302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9" 119 "A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE6" 120 "49286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8" 121 "FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D" 122 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C" 123 "180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF695581718" 124 "3995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D" 125 "04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7D" 126 "B3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D226" 127 "1AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200C" 128 "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFC" 129 "E0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B26" 130 "99C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB" 131 "04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2" 132 "233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127" 133 "D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492" 134 "36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406" 135 "AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918" 136 "DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B33205151" 137 "2BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03" 138 "F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97F" 139 "BEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA" 140 "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58B" 141 "B7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632" 142 "387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E" 143 "6DCC4024FFFFFFFFFFFFFFFF";
147 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" 148 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" 149 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" 150 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" 151 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" 152 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" 153 "83655D23DCA3AD961C62F356208552BB9ED529077096966D" 154 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" 155 "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" 156 "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" 157 "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" 158 "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" 159 "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" 160 "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" 161 "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" 162 "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7" 163 "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA" 164 "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6" 165 "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED" 166 "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9" 167 "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492" 168 "36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BD" 169 "F8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831" 170 "179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1B" 171 "DB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF" 172 "5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6" 173 "D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F3" 174 "23A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA" 175 "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE328" 176 "06A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55C" 177 "DA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE" 178 "12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E4" 179 "38777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300" 180 "741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F568" 181 "3423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD9" 182 "22222E04A4037C0713EB57A81A23F0C73473FC646CEA306B" 183 "4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A" 184 "062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A36" 185 "4597E899A0255DC164F31CC50846851DF9AB48195DED7EA1" 186 "B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F92" 187 "4009438B481C6CD7889A002ED5EE382BC9190DA6FC026E47" 188 "9558E4475677E9AA9E3050E2765694DFC81F56E880B96E71" 189 "60C980DD98EDD3DFFFFFFFFFFFFFFFFF";
194 "B10B8F96A080E01DDE92DE5EAE5D54EC52C99FBCFB06A3C6" 195 "9A6A9DCA52D23B616073E28675A23D189838EF1E2EE652C0" 196 "13ECB4AEA906112324975C3CD49B83BFACCBDD7D90C4BD70" 197 "98488E9C219A73724EFFD6FAE5644738FAA31A4FF55BCCC0" 198 "A151AF5F0DC8B4BD45BF37DF365C1A65E68CFDA76D4DA708" "DF1FB2BC2E4A4371";
200 "A4D1CBD5C3FD34126765A442EFB99905F8104DD258AC507F" 201 "D6406CFF14266D31266FEA1E5C41564B777E690F5504F213" 202 "160217B4B01B886A5E91547F9E2749F4D7FBD7D3B9A92EE1" 203 "909D0D2263F80A76A6A24C087A091F531DBF0A0169B6A28A" 204 "D662A4D18E73AFA32D779D5918D08BC8858F4DCEF97C2A24" "855E6EEB22B3B2E5";
207 "AD107E1E9123A9D0D660FAA79559C51FA20D64E5683B9FD1" 208 "B54B1597B61D0A75E6FA141DF95A56DBAF9A3C407BA1DF15" 209 "EB3D688A309C180E1DE6B85A1274A0A66D3F8152AD6AC212" 210 "9037C9EDEFDA4DF8D91E8FEF55B7394B7AD5B7D0B6C12207" 211 "C9F98D11ED34DBF6C6BA0B2C8BBC27BE6A00E0A0B9C49708" 212 "B3BF8A317091883681286130BC8985DB1602E714415D9330" 213 "278273C7DE31EFDC7310F7121FD5A07415987D9ADC0A486D" 214 "CDF93ACC44328387315D75E198C641A480CD86A1B9E587E8" 215 "BE60E69CC928B2B9C52172E413042E9B23F10B0E16E79763" 216 "C9B53DCF4BA80A29E3FB73C16B8E75B97EF363E2FFA31F71" 217 "CF9DE5384E71B81C0AC4DFFE0C10E64F";
219 "AC4032EF4F2D9AE39DF30B5C8FFDAC506CDEBE7B89998CAF" 220 "74866A08CFE4FFE3A6824A4E10B9A6F0DD921F01A70C4AFA" 221 "AB739D7700C29F52C57DB17C620A8652BE5E9001A8D66AD7" 222 "C17669101999024AF4D027275AC1348BB8A762D0521BC98A" 223 "E247150422EA1ED409939D54DA7460CDB5F6C6B250717CBE" 224 "F180EB34118E98D119529A45D6F834566E3025E316A330EF" 225 "BB77A86F0C1AB15B051AE3D428C8F8ACB70A8137150B8EEB" 226 "10E183EDD19963DDD9E263E4770589EF6AA21E7F5F2FF381" 227 "B539CCE3409D13CD566AFBB48D6C019181E1BCFE94B30269" 228 "EDFE72FE9B6AA4BD7B5A0F1C71CFFF4C19C418E1F6EC0179" 229 "81BC087F2A7065B384B890D3191F2BFA";
232 "87A8E61DB4B6663CFFBBD19C651959998CEEF608660DD0F2" 233 "5D2CEED4435E3B00E00DF8F1D61957D4FAF7DF4561B2AA30" 234 "16C3D91134096FAA3BF4296D830E9A7C209E0C6497517ABD" 235 "5A8A9D306BCF67ED91F9E6725B4758C022E0B1EF4275BF7B" 236 "6C5BFC11D45F9088B941F54EB1E59BB8BC39A0BF12307F5C" 237 "4FDB70C581B23F76B63ACAE1CAA6B7902D52526735488A0E" 238 "F13C6D9A51BFA4AB3AD8347796524D8EF6A167B5A41825D9" 239 "67E144E5140564251CCACB83E6B486F6B3CA3F7971506026" 240 "C0B857F689962856DED4010ABD0BE621C3A3960A54E710C3" 241 "75F26375D7014103A4B54330C198AF126116D2276E11715F" 242 "693877FAD7EF09CADB094AE91E1A1597";
244 "3FB32C9B73134D0B2E77506660EDBD484CA7B18F21EF2054" 245 "07F4793A1A0BA12510DBC15077BE463FFF4FED4AAC0BB555" 246 "BE3A6C1B0C6B47B1BC3773BF7E8C6F62901228F8C28CBB18" 247 "A55AE31341000A650196F931C77A57F2DDF463E5E9EC144B" 248 "777DE62AAAB8A8628AC376D282D6ED3864E67982428EBC83" 249 "1D14348F6F2F9193B5045AF2767164E1DFC967C1FB3F2E55" 250 "A4BD1BFFE83B9C80D052B985D182EA0ADB2A3B7313D3FE14" 251 "C8484B1E052588B9B7D2BBD2DF016199ECD06E1557CD0915" 252 "B3353BBB64E0EC377FD028370DF92B52C7891428CDC67EB6" 253 "184B523D1DB246C32F63078490F00EF8D647D148D4795451" 254 "5E2327CFEF98C582664B4C0F6CC41659";
259 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 265 unsigned int len = 0;
268 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 269 ctx = HMAC_CTX_new ();
271 HMAC_Update (ctx, data,
vec_len (data));
272 HMAC_Final (ctx, prf, &len);
275 HMAC_CTX_init (&ctx);
277 HMAC_Update (&ctx, data,
vec_len (data));
278 HMAC_Final (&ctx, prf, &len);
279 HMAC_CTX_cleanup (&ctx);
289 v8 *t = 0, *s = 0, *tmp = 0, *ret = 0;
301 while (
vec_len (ret) < len && x < 255)
332 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 339 ASSERT (tr->
type == IKEV2_TRANSFORM_TYPE_INTEG);
343 if (tr->
md == EVP_sha1 ())
347 else if (tr->
md == EVP_sha256 ())
353 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 354 hctx = HMAC_CTX_new ();
356 HMAC_Update (hctx, (
const u8 *) data, len);
357 HMAC_Final (hctx, r, &l);
358 HMAC_CTX_free (hctx);
360 HMAC_CTX_init (&hctx);
362 HMAC_Update (&hctx, (
const u8 *) data, len);
363 HMAC_Final (&hctx, r, &l);
364 HMAC_CTX_cleanup (&hctx);
375 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 381 int out_len = 0, block_size;
390 if (len % block_size)
396 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 397 ctx = EVP_CIPHER_CTX_new ();
399 EVP_CIPHER_CTX_init (&ctx);
404 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 405 EVP_DecryptInit_ex (ctx, tr_encr->
cipher,
NULL, key, data);
406 EVP_DecryptUpdate (ctx, r, &out_len, data + block_size, len - block_size);
407 EVP_DecryptFinal_ex (ctx, r + out_len, &out_len);
409 EVP_DecryptInit_ex (&ctx, tr_encr->
cipher,
NULL, key, data);
410 EVP_DecryptUpdate (&ctx, r, &out_len, data + block_size, len - block_size);
411 EVP_DecryptFinal_ex (&ctx, r + out_len, &out_len);
414 _vec_len (r) -= r[
vec_len (r) - 1] + 1;
416 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 417 EVP_CIPHER_CTX_free (ctx);
419 EVP_CIPHER_CTX_cleanup (&ctx);
427 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 442 RAND_bytes (dst, bs);
444 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 445 ctx = EVP_CIPHER_CTX_new ();
446 EVP_EncryptInit_ex (ctx, tr_encr->
cipher,
NULL, key, dst );
447 EVP_EncryptUpdate (ctx, dst + bs, &out_len, src,
vec_len (src));
448 EVP_CIPHER_CTX_free (ctx);
450 EVP_CIPHER_CTX_init (&ctx);
451 EVP_EncryptInit_ex (&ctx, tr_encr->
cipher,
NULL, key, dst );
452 EVP_EncryptUpdate (&ctx, dst + bs, &out_len, src,
vec_len (src));
453 EVP_CIPHER_CTX_cleanup (&ctx);
469 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 472 const BIGNUM *pub_key, *priv_key;
474 BN_hex2bn (&p, t->
dh_p);
475 BN_hex2bn (&g, t->
dh_g);
476 DH_set0_pqg (dh, p,
NULL, g);
478 BN_hex2bn (&dh->p, t->
dh_p);
479 BN_hex2bn (&dh->g, t->
dh_g);
481 DH_generate_key (dh);
487 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 488 DH_get0_key (dh, &pub_key, &priv_key);
493 r = BN_bn2bin (dh->pub_key, sa->
i_dh_data);
502 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 503 DH_get0_key (dh, &pub_key, &priv_key);
506 r = BN_bn2bin (dh->pub_key, sa->
r_dh_data);
521 EC_KEY *ec = EC_KEY_new_by_curve_name (t->
nid);
524 EC_KEY_generate_key (ec);
526 const EC_POINT *r_point = EC_KEY_get0_public_key (ec);
527 const EC_GROUP *group = EC_KEY_get0_group (ec);
529 BN_CTX *bn_ctx = BN_CTX_new ();
531 EC_POINT *i_point = EC_POINT_new (group);
532 EC_POINT *shared_point = EC_POINT_new (group);
538 #if OPENSSL_VERSION_NUMBER >= 0x30000000L 539 EC_POINT_get_affine_coordinates (group, r_point, x, y, bn_ctx);
541 EC_POINT_get_affine_coordinates_GFp (group, r_point, x, y, bn_ctx);
547 x_off = len - BN_num_bytes (x);
550 y_off = t->
key_len - BN_num_bytes (y);
554 const BIGNUM *prv = EC_KEY_get0_private_key (ec);
557 ASSERT (r == BN_num_bytes (prv));
562 x_off = len - BN_num_bytes (x);
565 y_off = t->
key_len - BN_num_bytes (y);
570 y = BN_bin2bn (sa->
i_dh_data + len, len, y);
571 #if OPENSSL_VERSION_NUMBER >= 0x30000000L 572 EC_POINT_set_affine_coordinates (group, i_point, x, y, bn_ctx);
574 EC_POINT_set_affine_coordinates_GFp (group, i_point, x, y, bn_ctx);
577 EC_POINT_mul (group, shared_point,
NULL, i_point,
578 EC_KEY_get0_private_key (ec),
NULL);
579 #if OPENSSL_VERSION_NUMBER >= 0x30000000L 580 EC_POINT_get_affine_coordinates (group, shared_point, x, y, bn_ctx);
582 EC_POINT_get_affine_coordinates_GFp (group, shared_point, x, y,
585 x_off = len - BN_num_bytes (x);
588 y_off = t->
key_len - BN_num_bytes (y);
596 BN_CTX_free (bn_ctx);
597 EC_POINT_free (i_point);
598 EC_POINT_free (shared_point);
610 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 615 BN_hex2bn (&p, t->
dh_p);
616 BN_hex2bn (&g, t->
dh_g);
617 DH_set0_pqg (dh, p,
NULL, g);
621 DH_set0_key (dh,
NULL, priv_key);
623 BN_hex2bn (&dh->p, t->
dh_p);
624 BN_hex2bn (&dh->g, t->
dh_g);
639 EC_KEY *ec = EC_KEY_new_by_curve_name (t->
nid);
642 const EC_GROUP *group = EC_KEY_get0_group (ec);
644 BN_CTX *bn_ctx = BN_CTX_new ();
650 EC_KEY_set_private_key (ec, prv);
657 y = BN_bin2bn (sa->
r_dh_data + len, len, y);
658 EC_POINT *r_point = EC_POINT_new (group);
659 #if OPENSSL_VERSION_NUMBER >= 0x30000000L 660 EC_POINT_set_affine_coordinates (group, r_point, x, y, bn_ctx);
662 EC_POINT_set_affine_coordinates_GFp (group, r_point, x, y, bn_ctx);
664 EC_KEY_set_public_key (ec, r_point);
666 EC_POINT *i_point = EC_POINT_new (group);
667 EC_POINT *shared_point = EC_POINT_new (group);
670 y = BN_bin2bn (sa->
i_dh_data + len, len, y);
671 #if OPENSSL_VERSION_NUMBER >= 0x30000000L 672 EC_POINT_set_affine_coordinates (group, i_point, x, y, bn_ctx);
674 EC_POINT_set_affine_coordinates_GFp (group, i_point, x, y, bn_ctx);
676 EC_POINT_mul (group, shared_point,
NULL, r_point,
677 EC_KEY_get0_private_key (ec),
NULL);
678 #if OPENSSL_VERSION_NUMBER >= 0x30000000L 679 EC_POINT_get_affine_coordinates (group, shared_point, x, y, bn_ctx);
681 EC_POINT_get_affine_coordinates_GFp (group, shared_point, x, y, bn_ctx);
684 x_off = len - BN_num_bytes (x);
687 y_off = t->
key_len - BN_num_bytes (y);
695 BN_CTX_free (bn_ctx);
696 EC_POINT_free (i_point);
697 EC_POINT_free (r_point);
698 EC_POINT_free (shared_point);
706 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 707 EVP_MD_CTX *md_ctx = EVP_MD_CTX_new ();
710 EVP_MD_CTX_init (&md_ctx);
713 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 714 EVP_VerifyInit (md_ctx, EVP_sha1 ());
715 EVP_VerifyUpdate (md_ctx, data,
vec_len (data));
717 EVP_VerifyInit_ex (&md_ctx, EVP_sha1 (),
NULL);
718 EVP_VerifyUpdate (&md_ctx, data,
vec_len (data));
721 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 722 verify = EVP_VerifyFinal (md_ctx, sigbuf,
vec_len (sigbuf), pkey);
723 EVP_MD_CTX_free (md_ctx);
725 verify = EVP_VerifyFinal (&md_ctx, sigbuf,
vec_len (sigbuf), pkey);
726 EVP_MD_CTX_cleanup (&md_ctx);
734 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 735 EVP_MD_CTX *md_ctx = EVP_MD_CTX_new ();
738 EVP_MD_CTX_init (&md_ctx);
740 unsigned int sig_len = 0;
743 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 744 EVP_SignInit (md_ctx, EVP_sha1 ());
745 EVP_SignUpdate (md_ctx, data,
vec_len (data));
747 EVP_SignFinal (md_ctx,
NULL, &sig_len, pkey);
750 EVP_SignFinal (md_ctx, sign, &sig_len, pkey);
751 EVP_MD_CTX_free (md_ctx);
753 EVP_SignInit (&md_ctx, EVP_sha1 ());
754 EVP_SignUpdate (&md_ctx, data,
vec_len (data));
756 EVP_SignFinal (&md_ctx,
NULL, &sig_len, pkey);
759 EVP_SignFinal (&md_ctx, sign, &sig_len, pkey);
760 EVP_MD_CTX_cleanup (&md_ctx);
770 EVP_PKEY *pkey =
NULL;
772 fp = fopen ((
char *) file,
"r");
787 pkey = X509_get_pubkey (x509);
799 EVP_PKEY *pkey =
NULL;
801 fp = fopen ((
char *) file,
"r");
827 tr->
type = IKEV2_TRANSFORM_TYPE_ENCR;
828 tr->
encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
831 tr->
cipher = EVP_aes_256_cbc ();
834 tr->
type = IKEV2_TRANSFORM_TYPE_ENCR;
835 tr->
encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
838 tr->
cipher = EVP_aes_192_cbc ();
841 tr->
type = IKEV2_TRANSFORM_TYPE_ENCR;
842 tr->
encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
845 tr->
cipher = EVP_aes_128_cbc ();
848 tr->
type = IKEV2_TRANSFORM_TYPE_ENCR;
849 tr->
encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_GCM_16;
852 tr->
cipher = EVP_aes_256_gcm ();
855 tr->
type = IKEV2_TRANSFORM_TYPE_ENCR;
856 tr->
encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_GCM_16;
859 tr->
cipher = EVP_aes_192_gcm ();
862 tr->
type = IKEV2_TRANSFORM_TYPE_ENCR;
863 tr->
encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_GCM_16;
866 tr->
cipher = EVP_aes_128_gcm ();
870 tr->
type = IKEV2_TRANSFORM_TYPE_PRF;
871 tr->
prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA2_256;
874 tr->
md = EVP_sha256 ();
877 tr->
type = IKEV2_TRANSFORM_TYPE_PRF;
878 tr->
prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA2_384;
881 tr->
md = EVP_sha384 ();
884 tr->
type = IKEV2_TRANSFORM_TYPE_PRF;
885 tr->
prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA2_512;
888 tr->
md = EVP_sha512 ();
891 tr->
type = IKEV2_TRANSFORM_TYPE_PRF;
892 tr->
prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA1;
895 tr->
md = EVP_sha1 ();
899 tr->
type = IKEV2_TRANSFORM_TYPE_INTEG;
900 tr->
integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA2_256_128;
903 tr->
md = EVP_sha256 ();
906 tr->
type = IKEV2_TRANSFORM_TYPE_INTEG;
907 tr->
integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA2_384_192;
910 tr->
md = EVP_sha384 ();
913 tr->
type = IKEV2_TRANSFORM_TYPE_INTEG;
914 tr->
integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA2_512_256;
917 tr->
md = EVP_sha512 ();
920 tr->
type = IKEV2_TRANSFORM_TYPE_INTEG;
921 tr->
integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA1_160;
924 tr->
md = EVP_sha1 ();
927 tr->
type = IKEV2_TRANSFORM_TYPE_INTEG;
928 tr->
integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA1_96;
931 tr->
md = EVP_sha1 ();
934 #if defined(OPENSSL_NO_CISCO_FECDH) 936 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
937 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_512;
939 tr->
nid = NID_brainpoolP512r1;
943 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
944 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_384;
946 tr->
nid = NID_brainpoolP384r1;
950 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
951 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_256;
953 tr->
nid = NID_brainpoolP256r1;
957 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
958 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_224;
960 tr->
nid = NID_brainpoolP224r1;
964 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
965 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_224;
967 tr->
nid = NID_secp224r1;
972 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
973 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_521;
975 tr->
nid = NID_secp521r1;
979 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
980 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_384;
982 tr->
nid = NID_secp384r1;
986 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
987 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_256;
989 tr->
nid = NID_X9_62_prime256v1;
993 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
994 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_192;
996 tr->
nid = NID_X9_62_prime192v1;
1000 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
1001 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048_256;
1008 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
1009 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048_224;
1016 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
1017 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1024_160;
1024 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
1025 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_8192;
1032 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
1033 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_6144;
1040 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
1041 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_4096;
1048 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
1049 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_3072;
1056 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
1057 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048;
1064 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
1065 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1536;
1072 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
1073 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1024;
1080 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
1081 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_768;
1088 tr->
type = IKEV2_TRANSFORM_TYPE_ESN;
1089 tr->
esn_type = IKEV2_TRANSFORM_ESN_TYPE_ESN;
1092 tr->
type = IKEV2_TRANSFORM_TYPE_ESN;
1093 tr->
esn_type = IKEV2_TRANSFORM_ESN_TYPE_NO_ESN;
static const char modp_dh_1536_prime[]
static const char modp_dh_3072_generator[]
static const char modp_dh_8192_prime[]
static const char modp_dh_4096_prime[]
clib_memset(h->entries, 0, sizeof(h->entries[0]) *entries)
v8 * ikev2_calc_prf(ikev2_sa_transform_t *tr, v8 *key, v8 *data)
static const char modp_dh_8192_generator[]
static const char modp_dh_768_generator[]
#define vec_add2(V, P, N)
Add N elements to end of vector V, return pointer to new elements in P.
static const char modp_dh_1024_prime[]
ikev2_sa_transform_t * ikev2_sa_get_td_for_type(ikev2_sa_proposal_t *p, ikev2_transform_type_t type)
static const char modp_dh_6144_prime[]
int ikev2_encrypt_data(ikev2_sa_t *sa, v8 *src, u8 *dst)
static const char modp_dh_768_prime[]
void ikev2_generate_dh(ikev2_sa_t *sa, ikev2_sa_transform_t *t)
EVP_PKEY * ikev2_load_cert_file(u8 *file)
#define vec_new(T, N)
Create new vector of given type and length (unspecified alignment, no header).
EVP_PKEY * ikev2_load_key_file(u8 *file)
static const char modp_dh_1024_160_prime[]
u8 * ikev2_calc_prfplus(ikev2_sa_transform_t *tr, u8 *key, u8 *seed, int len)
static const char modp_dh_1024_generator[]
static const char modp_dh_2048_256_prime[]
ikev2_sa_transform_t * supported_transforms
int ikev2_verify_sign(EVP_PKEY *pkey, u8 *sigbuf, u8 *data)
static const char modp_dh_1536_generator[]
static const char modp_dh_3072_prime[]
#define vec_free(V)
Free vector's memory (no header).
#define clib_warning(format, args...)
ikev2_sa_proposal_t * r_proposals
static const char modp_dh_2048_generator[]
static const char modp_dh_6144_generator[]
void ikev2_complete_dh(ikev2_sa_t *sa, ikev2_sa_transform_t *t)
#define vec_append(v1, v2)
Append v2 after v1.
static const char modp_dh_1024_160_generator[]
static const char modp_dh_4096_generator[]
static const char modp_dh_2048_prime[]
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
f64 end
end of the time range
static const char modp_dh_2048_224_generator[]
static const char modp_dh_2048_256_generator[]
void ikev2_crypto_init(ikev2_main_t *km)
v8 * ikev2_decrypt_data(ikev2_sa_t *sa, u8 *data, int len)
u8 * ikev2_calc_sign(EVP_PKEY *pkey, u8 *data)
v8 * ikev2_calc_integr(ikev2_sa_transform_t *tr, v8 *key, u8 *data, int len)
static const char modp_dh_2048_224_prime[]