23 #include <openssl/obj_mac.h> 24 #include <openssl/ec.h> 25 #include <openssl/x509.h> 26 #include <openssl/pem.h> 27 #include <openssl/bn.h> 28 #include <openssl/dh.h> 32 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" 33 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" 34 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" 35 "E485B576625E7EC6F44C42E9A63A3620FFFFFFFFFFFFFFFF";
39 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" 40 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" 41 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" 42 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" 43 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381" "FFFFFFFFFFFFFFFF";
48 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" 49 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" 50 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" 51 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" 52 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" 53 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" 54 "83655D23DCA3AD961C62F356208552BB9ED529077096966D" 55 "670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF";
59 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" 60 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" 61 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" 62 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" 63 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" 64 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" 65 "83655D23DCA3AD961C62F356208552BB9ED529077096966D" 66 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" 67 "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" 68 "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" 69 "15728E5A8AACAA68FFFFFFFFFFFFFFFF";
73 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" 74 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" 75 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" 76 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" 77 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" 78 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" 79 "83655D23DCA3AD961C62F356208552BB9ED529077096966D" 80 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" 81 "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" 82 "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" 83 "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" 84 "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" 85 "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" 86 "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" 87 "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" 88 "43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF";
92 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" 93 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" 94 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" 95 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" 96 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" 97 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" 98 "83655D23DCA3AD961C62F356208552BB9ED529077096966D" 99 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" 100 "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" 101 "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" 102 "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" 103 "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" 104 "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" 105 "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" 106 "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" 107 "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7" 108 "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA" 109 "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6" 110 "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED" 111 "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9" 112 "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199" "FFFFFFFFFFFFFFFF";
116 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E08" 117 "8A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B" 118 "302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9" 119 "A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE6" 120 "49286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8" 121 "FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D" 122 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C" 123 "180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF695581718" 124 "3995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D" 125 "04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7D" 126 "B3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D226" 127 "1AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200C" 128 "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFC" 129 "E0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B26" 130 "99C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB" 131 "04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2" 132 "233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127" 133 "D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492" 134 "36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406" 135 "AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918" 136 "DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B33205151" 137 "2BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03" 138 "F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97F" 139 "BEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA" 140 "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58B" 141 "B7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632" 142 "387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E" 143 "6DCC4024FFFFFFFFFFFFFFFF";
147 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" 148 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" 149 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" 150 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" 151 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" 152 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" 153 "83655D23DCA3AD961C62F356208552BB9ED529077096966D" 154 "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" 155 "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" 156 "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" 157 "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" 158 "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" 159 "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" 160 "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" 161 "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" 162 "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7" 163 "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA" 164 "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6" 165 "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED" 166 "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9" 167 "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492" 168 "36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BD" 169 "F8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831" 170 "179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1B" 171 "DB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF" 172 "5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6" 173 "D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F3" 174 "23A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA" 175 "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE328" 176 "06A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55C" 177 "DA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE" 178 "12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E4" 179 "38777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300" 180 "741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F568" 181 "3423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD9" 182 "22222E04A4037C0713EB57A81A23F0C73473FC646CEA306B" 183 "4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A" 184 "062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A36" 185 "4597E899A0255DC164F31CC50846851DF9AB48195DED7EA1" 186 "B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F92" 187 "4009438B481C6CD7889A002ED5EE382BC9190DA6FC026E47" 188 "9558E4475677E9AA9E3050E2765694DFC81F56E880B96E71" 189 "60C980DD98EDD3DFFFFFFFFFFFFFFFFF";
194 "B10B8F96A080E01DDE92DE5EAE5D54EC52C99FBCFB06A3C6" 195 "9A6A9DCA52D23B616073E28675A23D189838EF1E2EE652C0" 196 "13ECB4AEA906112324975C3CD49B83BFACCBDD7D90C4BD70" 197 "98488E9C219A73724EFFD6FAE5644738FAA31A4FF55BCCC0" 198 "A151AF5F0DC8B4BD45BF37DF365C1A65E68CFDA76D4DA708" "DF1FB2BC2E4A4371";
200 "A4D1CBD5C3FD34126765A442EFB99905F8104DD258AC507F" 201 "D6406CFF14266D31266FEA1E5C41564B777E690F5504F213" 202 "160217B4B01B886A5E91547F9E2749F4D7FBD7D3B9A92EE1" 203 "909D0D2263F80A76A6A24C087A091F531DBF0A0169B6A28A" 204 "D662A4D18E73AFA32D779D5918D08BC8858F4DCEF97C2A24" "855E6EEB22B3B2E5";
207 "AD107E1E9123A9D0D660FAA79559C51FA20D64E5683B9FD1" 208 "B54B1597B61D0A75E6FA141DF95A56DBAF9A3C407BA1DF15" 209 "EB3D688A309C180E1DE6B85A1274A0A66D3F8152AD6AC212" 210 "9037C9EDEFDA4DF8D91E8FEF55B7394B7AD5B7D0B6C12207" 211 "C9F98D11ED34DBF6C6BA0B2C8BBC27BE6A00E0A0B9C49708" 212 "B3BF8A317091883681286130BC8985DB1602E714415D9330" 213 "278273C7DE31EFDC7310F7121FD5A07415987D9ADC0A486D" 214 "CDF93ACC44328387315D75E198C641A480CD86A1B9E587E8" 215 "BE60E69CC928B2B9C52172E413042E9B23F10B0E16E79763" 216 "C9B53DCF4BA80A29E3FB73C16B8E75B97EF363E2FFA31F71" 217 "CF9DE5384E71B81C0AC4DFFE0C10E64F";
219 "AC4032EF4F2D9AE39DF30B5C8FFDAC506CDEBE7B89998CAF" 220 "74866A08CFE4FFE3A6824A4E10B9A6F0DD921F01A70C4AFA" 221 "AB739D7700C29F52C57DB17C620A8652BE5E9001A8D66AD7" 222 "C17669101999024AF4D027275AC1348BB8A762D0521BC98A" 223 "E247150422EA1ED409939D54DA7460CDB5F6C6B250717CBE" 224 "F180EB34118E98D119529A45D6F834566E3025E316A330EF" 225 "BB77A86F0C1AB15B051AE3D428C8F8ACB70A8137150B8EEB" 226 "10E183EDD19963DDD9E263E4770589EF6AA21E7F5F2FF381" 227 "B539CCE3409D13CD566AFBB48D6C019181E1BCFE94B30269" 228 "EDFE72FE9B6AA4BD7B5A0F1C71CFFF4C19C418E1F6EC0179" 229 "81BC087F2A7065B384B890D3191F2BFA";
232 "87A8E61DB4B6663CFFBBD19C651959998CEEF608660DD0F2" 233 "5D2CEED4435E3B00E00DF8F1D61957D4FAF7DF4561B2AA30" 234 "16C3D91134096FAA3BF4296D830E9A7C209E0C6497517ABD" 235 "5A8A9D306BCF67ED91F9E6725B4758C022E0B1EF4275BF7B" 236 "6C5BFC11D45F9088B941F54EB1E59BB8BC39A0BF12307F5C" 237 "4FDB70C581B23F76B63ACAE1CAA6B7902D52526735488A0E" 238 "F13C6D9A51BFA4AB3AD8347796524D8EF6A167B5A41825D9" 239 "67E144E5140564251CCACB83E6B486F6B3CA3F7971506026" 240 "C0B857F689962856DED4010ABD0BE621C3A3960A54E710C3" 241 "75F26375D7014103A4B54330C198AF126116D2276E11715F" 242 "693877FAD7EF09CADB094AE91E1A1597";
244 "3FB32C9B73134D0B2E77506660EDBD484CA7B18F21EF2054" 245 "07F4793A1A0BA12510DBC15077BE463FFF4FED4AAC0BB555" 246 "BE3A6C1B0C6B47B1BC3773BF7E8C6F62901228F8C28CBB18" 247 "A55AE31341000A650196F931C77A57F2DDF463E5E9EC144B" 248 "777DE62AAAB8A8628AC376D282D6ED3864E67982428EBC83" 249 "1D14348F6F2F9193B5045AF2767164E1DFC967C1FB3F2E55" 250 "A4BD1BFFE83B9C80D052B985D182EA0ADB2A3B7313D3FE14" 251 "C8484B1E052588B9B7D2BBD2DF016199ECD06E1557CD0915" 252 "B3353BBB64E0EC377FD028370DF92B52C7891428CDC67EB6" 253 "184B523D1DB246C32F63078490F00EF8D647D148D4795451" 254 "5E2327CFEF98C582664B4C0F6CC41659";
259 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 265 unsigned int len = 0;
268 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 269 ctx = HMAC_CTX_new ();
270 HMAC_Init_ex (ctx, key,
vec_len (key), tr->
md, NULL);
271 HMAC_Update (ctx, data,
vec_len (data));
272 HMAC_Final (ctx, prf, &len);
275 HMAC_CTX_init (&ctx);
276 HMAC_Init_ex (&ctx, key,
vec_len (key), tr->
md, NULL);
277 HMAC_Update (&ctx, data,
vec_len (data));
278 HMAC_Final (&ctx, prf, &len);
279 HMAC_CTX_cleanup (&ctx);
289 v8 *t = 0, *s = 0, *tmp = 0, *ret = 0;
301 while (
vec_len (ret) < len && x < 255)
332 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 339 ASSERT (tr->
type == IKEV2_TRANSFORM_TYPE_INTEG);
343 if (tr->
md == EVP_sha1 ())
347 else if (tr->
md == EVP_sha256 ())
353 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 354 hctx = HMAC_CTX_new ();
355 HMAC_Init_ex (hctx, key,
vec_len (key), tr->
md, NULL);
356 HMAC_Update (hctx, (
const u8 *) data, len);
357 HMAC_Final (hctx, r, &l);
358 HMAC_CTX_free (hctx);
360 HMAC_CTX_init (&hctx);
361 HMAC_Init_ex (&hctx, key,
vec_len (key), tr->
md, NULL);
362 HMAC_Update (&hctx, (
const u8 *) data, len);
363 HMAC_Final (&hctx, r, &l);
364 HMAC_CTX_cleanup (&hctx);
375 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 381 int out_len = 0, block_size;
390 if (len % block_size)
396 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 397 ctx = EVP_CIPHER_CTX_new ();
399 EVP_CIPHER_CTX_init (&ctx);
404 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 405 EVP_DecryptInit_ex (ctx, tr_encr->
cipher, NULL, key, data);
406 EVP_DecryptUpdate (ctx, r, &out_len, data + block_size, len - block_size);
407 EVP_DecryptFinal_ex (ctx, r + out_len, &out_len);
409 EVP_DecryptInit_ex (&ctx, tr_encr->
cipher, NULL, key, data);
410 EVP_DecryptUpdate (&ctx, r, &out_len, data + block_size, len - block_size);
411 EVP_DecryptFinal_ex (&ctx, r + out_len, &out_len);
414 _vec_len (r) -= r[
vec_len (r) - 1] + 1;
416 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 417 EVP_CIPHER_CTX_free (ctx);
419 EVP_CIPHER_CTX_cleanup (&ctx);
427 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 442 RAND_bytes (dst, bs);
444 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 445 ctx = EVP_CIPHER_CTX_new ();
446 EVP_EncryptInit_ex (ctx, tr_encr->
cipher, NULL, key, dst );
447 EVP_EncryptUpdate (ctx, dst + bs, &out_len, src,
vec_len (src));
448 EVP_CIPHER_CTX_free (ctx);
450 EVP_CIPHER_CTX_init (&ctx);
451 EVP_EncryptInit_ex (&ctx, tr_encr->
cipher, NULL, key, dst );
452 EVP_EncryptUpdate (&ctx, dst + bs, &out_len, src,
vec_len (src));
453 EVP_CIPHER_CTX_cleanup (&ctx);
465 int r = BN_bn2bin (a, to);
472 _vec_len (to) -=
pad;
486 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 489 const BIGNUM *pub_key, *priv_key;
491 BN_hex2bn (&p, t->
dh_p);
492 BN_hex2bn (&g, t->
dh_g);
493 DH_set0_pqg (dh, p, NULL, g);
495 BN_hex2bn (&dh->p, t->
dh_p);
496 BN_hex2bn (&dh->g, t->
dh_g);
498 DH_generate_key (dh);
504 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 505 DH_get0_key (dh, &pub_key, &priv_key);
519 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 520 DH_get0_key (dh, &pub_key, &priv_key);
545 EC_KEY *ec = EC_KEY_new_by_curve_name (t->
nid);
548 EC_KEY_generate_key (ec);
550 const EC_POINT *r_point = EC_KEY_get0_public_key (ec);
551 const EC_GROUP *group = EC_KEY_get0_group (ec);
552 BIGNUM *x = NULL, *y = NULL;
553 BN_CTX *bn_ctx = BN_CTX_new ();
555 EC_POINT *i_point = EC_POINT_new (group);
556 EC_POINT *shared_point = EC_POINT_new (group);
562 #if OPENSSL_VERSION_NUMBER >= 0x30000000L 563 EC_POINT_get_affine_coordinates (group, r_point, x, y, bn_ctx);
565 EC_POINT_get_affine_coordinates_GFp (group, r_point, x, y, bn_ctx);
571 x_off = len - BN_num_bytes (x);
574 y_off = t->
key_len - BN_num_bytes (y);
578 const BIGNUM *prv = EC_KEY_get0_private_key (ec);
581 ASSERT (r == BN_num_bytes (prv));
586 x_off = len - BN_num_bytes (x);
589 y_off = t->
key_len - BN_num_bytes (y);
594 y = BN_bin2bn (sa->
i_dh_data + len, len, y);
595 #if OPENSSL_VERSION_NUMBER >= 0x30000000L 596 EC_POINT_set_affine_coordinates (group, i_point, x, y, bn_ctx);
598 EC_POINT_set_affine_coordinates_GFp (group, i_point, x, y, bn_ctx);
601 EC_POINT_mul (group, shared_point, NULL, i_point,
602 EC_KEY_get0_private_key (ec), NULL);
603 #if OPENSSL_VERSION_NUMBER >= 0x30000000L 604 EC_POINT_get_affine_coordinates (group, shared_point, x, y, bn_ctx);
606 EC_POINT_get_affine_coordinates_GFp (group, shared_point, x, y,
609 x_off = len - BN_num_bytes (x);
612 y_off = t->
key_len - BN_num_bytes (y);
620 BN_CTX_free (bn_ctx);
621 EC_POINT_free (i_point);
622 EC_POINT_free (shared_point);
634 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 639 BN_hex2bn (&p, t->
dh_p);
640 BN_hex2bn (&g, t->
dh_g);
641 DH_set0_pqg (dh, p, NULL, g);
645 DH_set0_key (dh, NULL, priv_key);
647 BN_hex2bn (&dh->p, t->
dh_p);
648 BN_hex2bn (&dh->g, t->
dh_g);
670 EC_KEY *ec = EC_KEY_new_by_curve_name (t->
nid);
673 const EC_GROUP *group = EC_KEY_get0_group (ec);
674 BIGNUM *x = NULL, *y = NULL;
675 BN_CTX *bn_ctx = BN_CTX_new ();
681 EC_KEY_set_private_key (ec, prv);
688 y = BN_bin2bn (sa->
r_dh_data + len, len, y);
689 EC_POINT *r_point = EC_POINT_new (group);
690 #if OPENSSL_VERSION_NUMBER >= 0x30000000L 691 EC_POINT_set_affine_coordinates (group, r_point, x, y, bn_ctx);
693 EC_POINT_set_affine_coordinates_GFp (group, r_point, x, y, bn_ctx);
695 EC_KEY_set_public_key (ec, r_point);
697 EC_POINT *i_point = EC_POINT_new (group);
698 EC_POINT *shared_point = EC_POINT_new (group);
701 y = BN_bin2bn (sa->
i_dh_data + len, len, y);
702 #if OPENSSL_VERSION_NUMBER >= 0x30000000L 703 EC_POINT_set_affine_coordinates (group, i_point, x, y, bn_ctx);
705 EC_POINT_set_affine_coordinates_GFp (group, i_point, x, y, bn_ctx);
707 EC_POINT_mul (group, shared_point, NULL, r_point,
708 EC_KEY_get0_private_key (ec), NULL);
709 #if OPENSSL_VERSION_NUMBER >= 0x30000000L 710 EC_POINT_get_affine_coordinates (group, shared_point, x, y, bn_ctx);
712 EC_POINT_get_affine_coordinates_GFp (group, shared_point, x, y, bn_ctx);
715 x_off = len - BN_num_bytes (x);
718 y_off = t->
key_len - BN_num_bytes (y);
726 BN_CTX_free (bn_ctx);
727 EC_POINT_free (i_point);
728 EC_POINT_free (r_point);
729 EC_POINT_free (shared_point);
737 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 738 EVP_MD_CTX *md_ctx = EVP_MD_CTX_new ();
741 EVP_MD_CTX_init (&md_ctx);
744 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 745 EVP_VerifyInit (md_ctx, EVP_sha1 ());
746 EVP_VerifyUpdate (md_ctx, data,
vec_len (data));
748 EVP_VerifyInit_ex (&md_ctx, EVP_sha1 (), NULL);
749 EVP_VerifyUpdate (&md_ctx, data,
vec_len (data));
752 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 753 verify = EVP_VerifyFinal (md_ctx, sigbuf,
vec_len (sigbuf), pkey);
754 EVP_MD_CTX_free (md_ctx);
756 verify = EVP_VerifyFinal (&md_ctx, sigbuf,
vec_len (sigbuf), pkey);
757 EVP_MD_CTX_cleanup (&md_ctx);
765 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 766 EVP_MD_CTX *md_ctx = EVP_MD_CTX_new ();
769 EVP_MD_CTX_init (&md_ctx);
771 unsigned int sig_len = 0;
774 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 775 EVP_SignInit (md_ctx, EVP_sha1 ());
776 EVP_SignUpdate (md_ctx, data,
vec_len (data));
778 EVP_SignFinal (md_ctx, NULL, &sig_len, pkey);
781 EVP_SignFinal (md_ctx, sign, &sig_len, pkey);
782 EVP_MD_CTX_free (md_ctx);
784 EVP_SignInit (&md_ctx, EVP_sha1 ());
785 EVP_SignUpdate (&md_ctx, data,
vec_len (data));
787 EVP_SignFinal (&md_ctx, NULL, &sig_len, pkey);
790 EVP_SignFinal (&md_ctx, sign, &sig_len, pkey);
791 EVP_MD_CTX_cleanup (&md_ctx);
801 EVP_PKEY *pkey = NULL;
803 fp = fopen ((
char *) file,
"r");
810 x509 = PEM_read_X509 (fp, NULL, NULL, NULL);
818 pkey = X509_get_pubkey (x509);
830 EVP_PKEY *pkey = NULL;
832 fp = fopen ((
char *) file,
"r");
839 pkey = PEM_read_PrivateKey (fp, NULL, NULL, NULL);
858 tr->
type = IKEV2_TRANSFORM_TYPE_ENCR;
859 tr->
encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
862 tr->
cipher = EVP_aes_256_cbc ();
865 tr->
type = IKEV2_TRANSFORM_TYPE_ENCR;
866 tr->
encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
869 tr->
cipher = EVP_aes_192_cbc ();
872 tr->
type = IKEV2_TRANSFORM_TYPE_ENCR;
873 tr->
encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
876 tr->
cipher = EVP_aes_128_cbc ();
879 tr->
type = IKEV2_TRANSFORM_TYPE_ENCR;
880 tr->
encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_GCM_16;
883 tr->
cipher = EVP_aes_256_gcm ();
886 tr->
type = IKEV2_TRANSFORM_TYPE_ENCR;
887 tr->
encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_GCM_16;
890 tr->
cipher = EVP_aes_192_gcm ();
893 tr->
type = IKEV2_TRANSFORM_TYPE_ENCR;
894 tr->
encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_GCM_16;
897 tr->
cipher = EVP_aes_128_gcm ();
901 tr->
type = IKEV2_TRANSFORM_TYPE_PRF;
902 tr->
prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA2_256;
905 tr->
md = EVP_sha256 ();
908 tr->
type = IKEV2_TRANSFORM_TYPE_PRF;
909 tr->
prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA2_384;
912 tr->
md = EVP_sha384 ();
915 tr->
type = IKEV2_TRANSFORM_TYPE_PRF;
916 tr->
prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA2_512;
919 tr->
md = EVP_sha512 ();
922 tr->
type = IKEV2_TRANSFORM_TYPE_PRF;
923 tr->
prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA1;
926 tr->
md = EVP_sha1 ();
930 tr->
type = IKEV2_TRANSFORM_TYPE_INTEG;
931 tr->
integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA2_256_128;
934 tr->
md = EVP_sha256 ();
937 tr->
type = IKEV2_TRANSFORM_TYPE_INTEG;
938 tr->
integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA2_384_192;
941 tr->
md = EVP_sha384 ();
944 tr->
type = IKEV2_TRANSFORM_TYPE_INTEG;
945 tr->
integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA2_512_256;
948 tr->
md = EVP_sha512 ();
951 tr->
type = IKEV2_TRANSFORM_TYPE_INTEG;
952 tr->
integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA1_160;
955 tr->
md = EVP_sha1 ();
958 tr->
type = IKEV2_TRANSFORM_TYPE_INTEG;
959 tr->
integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA1_96;
962 tr->
md = EVP_sha1 ();
965 #if defined(OPENSSL_NO_CISCO_FECDH) 967 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
968 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_512;
970 tr->
nid = NID_brainpoolP512r1;
974 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
975 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_384;
977 tr->
nid = NID_brainpoolP384r1;
981 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
982 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_256;
984 tr->
nid = NID_brainpoolP256r1;
988 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
989 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_224;
991 tr->
nid = NID_brainpoolP224r1;
995 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
996 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_224;
998 tr->
nid = NID_secp224r1;
1003 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
1004 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_521;
1006 tr->
nid = NID_secp521r1;
1010 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
1011 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_384;
1013 tr->
nid = NID_secp384r1;
1017 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
1018 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_256;
1020 tr->
nid = NID_X9_62_prime256v1;
1024 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
1025 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_192;
1027 tr->
nid = NID_X9_62_prime192v1;
1031 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
1032 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048_256;
1039 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
1040 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048_224;
1047 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
1048 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1024_160;
1055 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
1056 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_8192;
1063 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
1064 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_6144;
1071 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
1072 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_4096;
1079 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
1080 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_3072;
1087 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
1088 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048;
1095 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
1096 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1536;
1103 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
1104 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1024;
1111 tr->
type = IKEV2_TRANSFORM_TYPE_DH;
1112 tr->
dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_768;
1119 tr->
type = IKEV2_TRANSFORM_TYPE_ESN;
1120 tr->
esn_type = IKEV2_TRANSFORM_ESN_TYPE_ESN;
1123 tr->
type = IKEV2_TRANSFORM_TYPE_ESN;
1124 tr->
esn_type = IKEV2_TRANSFORM_ESN_TYPE_NO_ESN;
u8 pad[3]
log2 (size of the packing page block)
static const char modp_dh_1536_prime[]
static const char modp_dh_3072_generator[]
int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen)
static const char modp_dh_8192_prime[]
static const char modp_dh_4096_prime[]
clib_memset(h->entries, 0, sizeof(h->entries[0]) *entries)
v8 * ikev2_calc_prf(ikev2_sa_transform_t *tr, v8 *key, v8 *data)
static const char modp_dh_8192_generator[]
#define ikev2_elog_error(_msg)
#define ikev2_elog_debug(_msg)
static const char modp_dh_768_generator[]
#define vec_add2(V, P, N)
Add N elements to end of vector V, return pointer to new elements in P.
static const char modp_dh_1024_prime[]
ikev2_sa_transform_t * ikev2_sa_get_td_for_type(ikev2_sa_proposal_t *p, ikev2_transform_type_t type)
static const char modp_dh_6144_prime[]
int ikev2_encrypt_data(ikev2_sa_t *sa, v8 *src, u8 *dst)
static const char modp_dh_768_prime[]
void ikev2_generate_dh(ikev2_sa_t *sa, ikev2_sa_transform_t *t)
EVP_PKEY * ikev2_load_cert_file(u8 *file)
#define vec_new(T, N)
Create new vector of given type and length (unspecified alignment, no header).
EVP_PKEY * ikev2_load_key_file(u8 *file)
static const char modp_dh_1024_160_prime[]
u8 * ikev2_calc_prfplus(ikev2_sa_transform_t *tr, u8 *key, u8 *seed, int len)
#define vec_insert(V, N, M)
Insert N vector elements starting at element M, initialize new elements to zero (no header...
static const char modp_dh_1024_generator[]
static const char modp_dh_2048_256_prime[]
ikev2_sa_transform_t * supported_transforms
int ikev2_verify_sign(EVP_PKEY *pkey, u8 *sigbuf, u8 *data)
static const char modp_dh_1536_generator[]
static const char modp_dh_3072_prime[]
#define vec_free(V)
Free vector's memory (no header).
#define ikev2_log_error(...)
ikev2_sa_proposal_t * r_proposals
static const char modp_dh_2048_generator[]
static const char modp_dh_6144_generator[]
void ikev2_complete_dh(ikev2_sa_t *sa, ikev2_sa_transform_t *t)
#define vec_append(v1, v2)
Append v2 after v1.
static const char modp_dh_1024_160_generator[]
static const char modp_dh_4096_generator[]
static const char modp_dh_2048_prime[]
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
f64 end
end of the time range
static const char modp_dh_2048_224_generator[]
static const char modp_dh_2048_256_generator[]
void ikev2_crypto_init(ikev2_main_t *km)
v8 * ikev2_decrypt_data(ikev2_sa_t *sa, u8 *data, int len)
u8 * ikev2_calc_sign(EVP_PKEY *pkey, u8 *data)
v8 * ikev2_calc_integr(ikev2_sa_transform_t *tr, v8 *key, u8 *data, int len)
static const char modp_dh_2048_224_prime[]
1.8.13