summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorreyk <reyk@openbsd.org>2010-06-29 19:50:16 +0000
committerreyk <reyk@openbsd.org>2010-06-29 19:50:16 +0000
commitfefcb31a004358456417f6155384194f65e6c61b (patch)
tree314a2f3730cd67798859f884e842940f6b8c48f2
parentfix a typo in the function declaration; (diff)
downloadwireguard-openbsd-fefcb31a004358456417f6155384194f65e6c61b.tar.xz
wireguard-openbsd-fefcb31a004358456417f6155384194f65e6c61b.zip
Replace the hand-crafted Diffie-Hellman implementation in isakmpd with
the smaller implementation from iked that is using libcrypto instead. This allows to remove a lot of code (which is always good), get rid of some custom crypto code by using libcrypto, theoretically adds support for many new MODP and EC2N/ECP modes (but it is not configurable yet), and allows to share the dh.c/dh.h code in different codebases (it is identical in isakmpd and iked, but could also be used elsewhere). ok deraadt@
Diffstat
-rw-r--r--regress/sbin/isakmpd/dh/Makefile5
-rw-r--r--regress/sbin/isakmpd/dh/dhtest.c80
-rw-r--r--sbin/isakmpd/Makefile6
-rw-r--r--sbin/isakmpd/dh.c632
-rw-r--r--sbin/isakmpd/dh.h80
-rw-r--r--sbin/isakmpd/ike_aggressive.c3
-rw-r--r--sbin/isakmpd/ike_main_mode.c3
-rw-r--r--sbin/isakmpd/ike_phase_1.c3
-rw-r--r--sbin/isakmpd/ike_quick_mode.c3
-rw-r--r--sbin/isakmpd/init.c4
-rw-r--r--sbin/isakmpd/ipsec.c3
-rw-r--r--sbin/isakmpd/math_2n.c882
-rw-r--r--sbin/isakmpd/math_2n.h126
-rw-r--r--sbin/isakmpd/math_ec2n.c380
-rw-r--r--sbin/isakmpd/math_ec2n.h94
-rw-r--r--sbin/isakmpd/math_group.c878
-rw-r--r--sbin/isakmpd/math_group.h95
-rw-r--r--sbin/isakmpd/math_mp.h39
-rw-r--r--sbin/isakmpd/x509.c4
19 files changed, 666 insertions, 2654 deletions
diff --git a/regress/sbin/isakmpd/dh/Makefile b/regress/sbin/isakmpd/dh/Makefile
index 032550bb7e8..41dba838c45 100644
--- a/regress/sbin/isakmpd/dh/Makefile
+++ b/regress/sbin/isakmpd/dh/Makefile
@@ -1,11 +1,10 @@
-# $OpenBSD: Makefile,v 1.1 2005/04/08 17:12:48 cloder Exp $
+# $OpenBSD: Makefile,v 1.2 2010/06/29 19:50:16 reyk Exp $
# $EOM: Makefile,v 1.10 2000/04/07 20:19:43 niklas Exp $
# Test DH:
PROG= dhtest
-SRCS= math_2n.c math_ec2n.c math_group.c dh.c dhtest.c log.c util.c \
- sysdep.c gmp_util.c conf.c
+SRCS= dh.c dhtest.c
TOPSRC= ${.CURDIR}/../../../../sbin/isakmpd
TOPOBJ!= cd ${TOPSRC}; printf "all:\n\t@pwd\n" |${MAKE} -f-
OS!= awk '/^OS=/ { print $$2 }' ${.CURDIR}/../../Makefile
diff --git a/regress/sbin/isakmpd/dh/dhtest.c b/regress/sbin/isakmpd/dh/dhtest.c
index 7e4faa0de6f..7993d85c10b 100644
--- a/regress/sbin/isakmpd/dh/dhtest.c
+++ b/regress/sbin/isakmpd/dh/dhtest.c
@@ -1,7 +1,8 @@
-/* $OpenBSD: dhtest.c,v 1.1 2005/04/08 17:12:48 cloder Exp $ */
+/* $OpenBSD: dhtest.c,v 1.2 2010/06/29 19:50:16 reyk Exp $ */
/* $EOM: dhtest.c,v 1.1 1998/07/18 21:14:20 provos Exp $ */
/*
+ * Copyright (c) 2010 Reyk Floeter <reyk@vantronix.net>
* Copyright (c) 1998 Niels Provos. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -37,66 +38,45 @@
#include <string.h>
#include <stdio.h>
-#include "math_group.h"
#include "dh.h"
-#define DUMP_X(_x_) point = (_x_); b2n_print (point->x);
-
int
-main (void)
+main(void)
{
- int len;
- char buf[100], buf2[100];
- char sec[100], sec2[100];
- struct group *group, *group2;
-
- group_init ();
- group = group_get (4);
- group2 = group_get (4);
-
- printf ("Testing DH (elliptic curve): \n");
-
- printf ("dh_getlen\n");
- len = dh_getlen (group);
- printf ("dh_create_exchange\n");
- dh_create_exchange (group, buf);
- dh_create_exchange (group2, buf2);
-
- printf ("dh_create_shared\n");
- dh_create_shared (group, sec, buf2);
- dh_create_shared (group2, sec2, buf);
+ int len, id;
+ char buf[DH_MAXSZ], buf2[DH_MAXSZ];
+ char sec[DH_MAXSZ], sec2[DH_MAXSZ];
+ struct group *group, *group2;
+ const char *name[] = { "MODP", "EC2N", "ECP" };
- printf ("Result: ");
- if (memcmp (sec, sec2, len))
- printf ("FAILED ");
- else
- printf ("OKAY ");
+ group_init();
- group_free (group);
- group_free (group2);
+ for (id = 0; id < 0xff; id++) {
+ if ((group = group_get(id)) == NULL ||
+ (group2 = group_get(id)) == NULL)
+ continue;
- printf ("\nTesting DH (MODP): \n");
+ printf ("Testing group %d (%s%d): ", id,
+ name[group->spec->type],
+ group->spec->bits);
- group = group_get (1);
- group2 = group_get (1);
+ len = dh_getlen(group);
- printf ("dh_getlen\n");
- len = dh_getlen (group);
- printf ("dh_create_exchange\n");
- dh_create_exchange (group, buf);
- dh_create_exchange (group2, buf2);
+ dh_create_exchange(group, buf);
+ dh_create_exchange(group2, buf2);
- printf ("dh_create_shared\n");
- dh_create_shared (group, sec, buf2);
- dh_create_shared (group2, sec2, buf);
+ dh_create_shared(group, sec, buf2);
+ dh_create_shared(group2, sec2, buf);
- printf ("Result: ");
- if (memcmp (sec, sec2, len))
- printf ("FAILED ");
- else
- printf ("OKAY ");
+ if (memcmp (sec, sec2, len)) {
+ printf("FAILED\n");
+ return (1);
+ } else
+ printf("OKAY\n");
+ group_free(group);
+ group_free(group2);
+ }
- printf ("\n");
- return 0;
+ return (0);
}
diff --git a/sbin/isakmpd/Makefile b/sbin/isakmpd/Makefile
index fafc587d333..b3043946de6 100644
--- a/sbin/isakmpd/Makefile
+++ b/sbin/isakmpd/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.80 2008/01/29 00:47:08 espie Exp $
+# $OpenBSD: Makefile,v 1.81 2010/06/29 19:50:16 reyk Exp $
# $EOM: Makefile,v 1.78 2000/10/15 21:33:42 niklas Exp $
#
@@ -38,10 +38,10 @@ SRCS= app.c attribute.c cert.c connection.c constants.c conf.c \
field.c hash.c if.c ike_auth.c ike_main_mode.c \
ike_phase_1.c ike_quick_mode.c init.c ipsec.c ipsec_fld.c \
ipsec_num.c isakmpd.c isakmp_doi.c isakmp_fld.c isakmp_num.c \
- key.c libcrypto.c log.c message.c math_2n.c math_group.c \
+ key.c libcrypto.c log.c message.c \
prf.c sa.c sysdep.c timer.c transport.c virtual.c udp.c \
ui.c util.c x509.c \
- pf_key_v2.c policy.c math_ec2n.c ike_aggressive.c isakmp_cfg.c \
+ pf_key_v2.c policy.c ike_aggressive.c isakmp_cfg.c \
dpd.c monitor.c monitor_fdpass.c nat_traversal.c udp_encap.c \
vendor.c
diff --git a/sbin/isakmpd/dh.c b/sbin/isakmpd/dh.c
index 9a8ff6bff2c..755667ed619 100644
--- a/sbin/isakmpd/dh.c
+++ b/sbin/isakmpd/dh.c
@@ -1,84 +1,598 @@
-/* $OpenBSD: dh.c,v 1.11 2006/05/04 14:37:51 djm Exp $ */
-/* $EOM: dh.c,v 1.5 1999/04/17 23:20:22 niklas Exp $ */
+/* $OpenBSD: dh.c,v 1.12 2010/06/29 19:50:16 reyk Exp $ */
+/* $vantronix: dh.c,v 1.13 2010/05/28 15:34:35 reyk Exp $ */
/*
- * Copyright (c) 1998 Niels Provos. All rights reserved.
- * Copyright (c) 1999 Niklas Hallqvist. All rights reserved.
+ * Copyright (c) 2010 Reyk Floeter <reyk@vantronix.net>
*
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
*
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/*
- * This code was written under funding by Ericsson Radio Systems.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include <sys/param.h>
+#include <string.h>
+
+#include <openssl/obj_mac.h>
+#include <openssl/dh.h>
+#include <openssl/ec.h>
+#include <openssl/ecdh.h>
-#include "math_group.h"
#include "dh.h"
-#include "log.h"
-/*
- * Returns the length of our exchange value.
- */
+int dh_init(struct group *);
+
+int modp_init(struct group *);
+int modp_getlen(struct group *);
+int modp_create_exchange(struct group *, u_int8_t *);
+int modp_create_shared(struct group *, u_int8_t *, u_int8_t *);
+
+int ec_init(struct group *);
+int ec_getlen(struct group *);
+int ec_create_exchange(struct group *, u_int8_t *);
+int ec_create_shared(struct group *, u_int8_t *, u_int8_t *);
+
+int ec_point2raw(struct group *, const EC_POINT *, u_int8_t *, size_t);
+EC_POINT *
+ ec_raw2point(struct group *, u_int8_t *, size_t);
+
+struct group_id ike_groups[] = {
+ { GROUP_MODP, 1, 768,
+ "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
+ "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
+ "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
+ "E485B576625E7EC6F44C42E9A63A3620FFFFFFFFFFFFFFFF",
+ "02"
+ },
+ { GROUP_MODP, 2, 1024,
+ "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
+ "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
+ "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
+ "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
+ "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381"
+ "FFFFFFFFFFFFFFFF",
+ "02"
+ },
+ { GROUP_EC2N, 3, 155, NULL, NULL, NID_ipsec3 },
+ { GROUP_EC2N, 4, 185, NULL, NULL, NID_ipsec4 },
+ { GROUP_MODP, 5, 1536,
+ "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
+ "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
+ "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
+ "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
+ "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
+ "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
+ "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
+ "670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF",
+ "02"
+ },
+ { GROUP_MODP, 14, 2048,
+ "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
+ "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
+ "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
+ "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
+ "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
+ "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
+ "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
+ "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
+ "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
+ "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
+ "15728E5A8AACAA68FFFFFFFFFFFFFFFF",
+ "02"
+ },
+ { GROUP_MODP, 15, 3072,
+ "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
+ "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
+ "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
+ "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
+ "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
+ "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
+ "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
+ "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
+ "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
+ "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
+ "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
+ "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
+ "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
+ "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
+ "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
+ "43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF",
+ "02"
+ },
+ { GROUP_MODP, 16, 4096,
+ "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
+ "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
+ "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
+ "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
+ "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
+ "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
+ "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
+ "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
+ "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
+ "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
+ "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
+ "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
+ "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
+ "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
+ "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
+ "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7"
+ "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA"
+ "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6"
+ "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED"
+ "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9"
+ "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199"
+ "FFFFFFFFFFFFFFFF",
+ "02"
+ },
+ { GROUP_MODP, 17, 6144,
+ "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
+ "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
+ "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
+ "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
+ "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
+ "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
+ "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
+ "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
+ "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
+ "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
+ "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
+ "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
+ "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
+ "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
+ "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
+ "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7"
+ "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA"
+ "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6"
+ "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED"
+ "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9"
+ "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492"
+ "36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BD"
+ "F8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831"
+ "179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1B"
+ "DB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF"
+ "5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6"
+ "D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F3"
+ "23A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA"
+ "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE328"
+ "06A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55C"
+ "DA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE"
+ "12BF2D5B0B7474D6E694F91E6DCC4024FFFFFFFFFFFFFFFF",
+ "02"
+ },
+ { GROUP_MODP, 18, 8192,
+ "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
+ "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
+ "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
+ "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
+ "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
+ "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
+ "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
+ "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
+ "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
+ "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
+ "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
+ "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
+ "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
+ "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
+ "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
+ "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7"
+ "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA"
+ "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6"
+ "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED"
+ "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9"
+ "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492"
+ "36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BD"
+ "F8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831"
+ "179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1B"
+ "DB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF"
+ "5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6"
+ "D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F3"
+ "23A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA"
+ "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE328"
+ "06A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55C"
+ "DA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE"
+ "12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E4"
+ "38777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300"
+ "741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F568"
+ "3423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD9"
+ "22222E04A4037C0713EB57A81A23F0C73473FC646CEA306B"
+ "4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A"
+ "062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A36"
+ "4597E899A0255DC164F31CC50846851DF9AB48195DED7EA1"
+ "B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F92"
+ "4009438B481C6CD7889A002ED5EE382BC9190DA6FC026E47"
+ "9558E4475677E9AA9E3050E2765694DFC81F56E880B96E71"
+ "60C980DD98EDD3DFFFFFFFFFFFFFFFFF",
+ "02"
+ },
+ { GROUP_ECP, 19, 256, NULL, NULL, NID_X9_62_prime256v1 },
+ { GROUP_ECP, 20, 384, NULL, NULL, NID_secp384r1 },
+ { GROUP_ECP, 21, 521, NULL, NULL, NID_secp521r1 },
+ { GROUP_MODP, 22, 1024,
+ "B10B8F96A080E01DDE92DE5EAE5D54EC52C99FBCFB06A3C6"
+ "9A6A9DCA52D23B616073E28675A23D189838EF1E2EE652C0"
+ "13ECB4AEA906112324975C3CD49B83BFACCBDD7D90C4BD70"
+ "98488E9C219A73724EFFD6FAE5644738FAA31A4FF55BCCC0"
+ "A151AF5F0DC8B4BD45BF37DF365C1A65E68CFDA76D4DA708"
+ "DF1FB2BC2E4A4371",
+ "A4D1CBD5C3FD34126765A442EFB99905F8104DD258AC507F"
+ "D6406CFF14266D31266FEA1E5C41564B777E690F5504F213"
+ "160217B4B01B886A5E91547F9E2749F4D7FBD7D3B9A92EE1"
+ "909D0D2263F80A76A6A24C087A091F531DBF0A0169B6A28A"
+ "D662A4D18E73AFA32D779D5918D08BC8858F4DCEF97C2A24"
+ "855E6EEB22B3B2E5"
+ },
+ { GROUP_MODP, 23, 2048,
+ "AD107E1E9123A9D0D660FAA79559C51FA20D64E5683B9FD1"
+ "B54B1597B61D0A75E6FA141DF95A56DBAF9A3C407BA1DF15"
+ "EB3D688A309C180E1DE6B85A1274A0A66D3F8152AD6AC212"
+ "9037C9EDEFDA4DF8D91E8FEF55B7394B7AD5B7D0B6C12207"
+ "C9F98D11ED34DBF6C6BA0B2C8BBC27BE6A00E0A0B9C49708"
+ "B3BF8A317091883681286130BC8985DB1602E714415D9330"
+ "278273C7DE31EFDC7310F7121FD5A07415987D9ADC0A486D"
+ "CDF93ACC44328387315D75E198C641A480CD86A1B9E587E8"
+ "BE60E69CC928B2B9C52172E413042E9B23F10B0E16E79763"
+ "C9B53DCF4BA80A29E3FB73C16B8E75B97EF363E2FFA31F71"
+ "CF9DE5384E71B81C0AC4DFFE0C10E64F",
+ "AC4032EF4F2D9AE39DF30B5C8FFDAC506CDEBE7B89998CAF"
+ "74866A08CFE4FFE3A6824A4E10B9A6F0DD921F01A70C4AFA"
+ "AB739D7700C29F52C57DB17C620A8652BE5E9001A8D66AD7"
+ "C17669101999024AF4D027275AC1348BB8A762D0521BC98A"
+ "E247150422EA1ED409939D54DA7460CDB5F6C6B250717CBE"
+ "F180EB34118E98D119529A45D6F834566E3025E316A330EF"
+ "BB77A86F0C1AB15B051AE3D428C8F8ACB70A8137150B8EEB"
+ "10E183EDD19963DDD9E263E4770589EF6AA21E7F5F2FF381"
+ "B539CCE3409D13CD566AFBB48D6C019181E1BCFE94B30269"
+ "EDFE72FE9B6AA4BD7B5A0F1C71CFFF4C19C418E1F6EC0179"
+ "81BC087F2A7065B384B890D3191F2BFA"
+ },
+ { GROUP_MODP, 24, 2048,
+ "87A8E61DB4B6663CFFBBD19C651959998CEEF608660DD0F2"
+ "5D2CEED4435E3B00E00DF8F1D61957D4FAF7DF4561B2AA30"
+ "16C3D91134096FAA3BF4296D830E9A7C209E0C6497517ABD"
+ "5A8A9D306BCF67ED91F9E6725B4758C022E0B1EF4275BF7B"
+ "6C5BFC11D45F9088B941F54EB1E59BB8BC39A0BF12307F5C"
+ "4FDB70C581B23F76B63ACAE1CAA6B7902D52526735488A0E"
+ "F13C6D9A51BFA4AB3AD8347796524D8EF6A167B5A41825D9"
+ "67E144E5140564251CCACB83E6B486F6B3CA3F7971506026"
+ "C0B857F689962856DED4010ABD0BE621C3A3960A54E710C3"
+ "75F26375D7014103A4B54330C198AF126116D2276E11715F"
+ "693877FAD7EF09CADB094AE91E1A1597",
+ "3FB32C9B73134D0B2E77506660EDBD484CA7B18F21EF2054"
+ "07F4793A1A0BA12510DBC15077BE463FFF4FED4AAC0BB555"
+ "BE3A6C1B0C6B47B1BC3773BF7E8C6F62901228F8C28CBB18"
+ "A55AE31341000A650196F931C77A57F2DDF463E5E9EC144B"
+ "777DE62AAAB8A8628AC376D282D6ED3864E67982428EBC83"
+ "1D14348F6F2F9193B5045AF2767164E1DFC967C1FB3F2E55"
+ "A4BD1BFFE83B9C80D052B985D182EA0ADB2A3B7313D3FE14"
+ "C8484B1E052588B9B7D2BBD2DF016199ECD06E1557CD0915"
+ "B3353BBB64E0EC377FD028370DF92B52C7891428CDC67EB6"
+ "184B523D1DB246C32F63078490F00EF8D647D148D4795451"
+ "5E2327CFEF98C582664B4C0F6CC41659"
+ },
+ { GROUP_ECP, 25, 192, NULL, NULL, NID_X9_62_prime192v1 },
+ { GROUP_ECP, 26, 224, NULL, NULL, NID_secp224r1 }
+};
+
+void
+group_init(void)
+{
+ /* currently not used */
+ return;
+}
+
+void
+group_free(struct group *group)
+{
+ if (group == NULL)
+ return;
+ if (group->dh != NULL)
+ DH_free(group->dh);
+ if (group->ec != NULL)
+ EC_KEY_free(group->ec);
+ group->spec = NULL;
+}
+
+struct group *
+group_get(u_int32_t id)
+{
+ struct group_id *p = NULL;
+ struct group *group;
+ u_int i, items;
+
+ items = sizeof(ike_groups) / sizeof(ike_groups[0]);
+ for (i = 0; i < items; i++) {
+ if (id == ike_groups[i].id) {
+ p = &ike_groups[i];
+ break;
+ }
+ }
+ if (p == NULL)
+ return (NULL);
+
+ if ((group = calloc(1, sizeof(*group))) == NULL)
+ return (NULL);
+
+ group->id = id;
+ group->spec = p;
+
+ switch (p->type) {
+ case GROUP_MODP:
+ group->init = modp_init;
+ group->getlen = modp_getlen;
+ group->exchange = modp_create_exchange;
+ group->shared = modp_create_shared;
+ break;
+ case GROUP_EC2N:
+ case GROUP_ECP:
+ group->init = ec_init;
+ group->getlen = ec_getlen;
+ group->exchange = ec_create_exchange;
+ group->shared = ec_create_shared;
+ break;
+ default:
+ group_free(group);
+ return (NULL);
+ }
+
+ if (dh_init(group) != 0) {
+ group_free(group);
+ return (NULL);
+ }
+
+ return (group);
+}
+
+int
+dh_init(struct group *group)
+{
+ return (group->init(group));
+}
int
dh_getlen(struct group *group)
{
- return group->getlen(group);
+ return (group->getlen(group));
}
-/*
- * Creates the exchange value we are offering to the other party.
- * Each time this function is called a new value is created, that
- * means the application has to save the exchange value itself,
- * dh_create_exchange should only be called once.
- */
int
dh_create_exchange(struct group *group, u_int8_t *buf)
{
- if (group->setrandom(group, group->c))
- return -1;
- if (group->operation(group, group->a, group->gen, group->c))
- return -1;
- if (group->validate_public(group, group->a))
- return -1;
- group->getraw(group, group->a, buf);
- return 0;
+ return (group->exchange(group, buf));
}
-/*
- * Creates the Diffie-Hellman shared secret in 'secret', where 'exchange'
- * is the exchange value offered by the other party. No length verification
- * is done for the value, the application has to do that.
- */
int
dh_create_shared(struct group *group, u_int8_t *secret, u_int8_t *exchange)
{
- if (group->setraw(group, group->b, exchange, group->getlen(group)))
- return -1;
- if (group->operation(group, group->a, group->b, group->c))
- return -1;
- if (group->validate_public(group, group->a))
- return -1;
- group->getraw(group, group->a, secret);
- return 0;
+ return (group->shared(group, secret, exchange));
+}
+
+int
+modp_init(struct group *group)
+{
+ DH *dh;
+
+ if ((dh = DH_new()) == NULL)
+ return (-1);
+ group->dh = dh;
+
+ if (!BN_hex2bn(&dh->p, group->spec->prime) ||
+ !BN_hex2bn(&dh->g, group->spec->generator))
+ return (-1);
+
+ return (0);
+}
+
+int
+modp_getlen(struct group *group)
+{
+ if (group->spec == NULL)
+ return (0);
+ return (roundup(group->spec->bits, 8) / 8);
+}
+
+int
+modp_create_exchange(struct group *group, u_int8_t *buf)
+{
+ int codes;
+ DH *dh = group->dh;
+
+ if (!DH_generate_key(dh))
+ return (-1);
+ if (!DH_check(dh, &codes))
+ return (-1);
+ if (!BN_bn2bin(dh->pub_key, buf))
+ return (-1);
+
+ return (0);
+}
+
+int
+modp_create_shared(struct group *group, u_int8_t *secret, u_int8_t *exchange)
+{
+ BIGNUM *ex;
+ int ret;
+
+ if ((ex = BN_bin2bn(exchange, dh_getlen(group), NULL)) == NULL)
+ return (-1);
+
+ ret = DH_compute_key(secret, ex, group->dh);
+ BN_clear_free(ex);
+ if (!ret)
+ return (-1);
+
+ return (0);
+}
+
+int
+ec_init(struct group *group)
+{
+ if ((group->ec = EC_KEY_new_by_curve_name(group->spec->nid)) == NULL)
+ return (-1);
+ if (!EC_KEY_generate_key(group->ec))
+ return (-1);
+ return (0);
+}
+
+int
+ec_getlen(struct group *group)
+{
+ if (group->spec == NULL)
+ return (0);
+ return ((roundup(group->spec->bits, 8) * 2) / 8);
+}
+
+int
+ec_create_exchange(struct group *group, u_int8_t *buf)
+{
+ size_t len;
+
+ len = ec_getlen(group);
+ bzero(buf, len);
+
+ return (ec_point2raw(group, EC_KEY_get0_public_key(group->ec),
+ buf, len));
+}
+
+int
+ec_create_shared(struct group *group, u_int8_t *secret, u_int8_t *exchange)
+{
+ const EC_GROUP *ecgroup = NULL;
+ const BIGNUM *privkey;
+ EC_POINT *exchangep = NULL, *secretp = NULL;
+ int ret = -1;
+
+ if ((ecgroup = EC_KEY_get0_group(group->ec)) == NULL ||
+ (privkey = EC_KEY_get0_private_key(group->ec)) == NULL)
+ goto done;
+
+ if ((exchangep =
+ ec_raw2point(group, exchange, ec_getlen(group))) == NULL)
+ goto done;
+
+ if ((secretp = EC_POINT_new(ecgroup)) == NULL)
+ goto done;
+
+ if (!EC_POINT_mul(ecgroup, secretp, NULL, exchangep, privkey, NULL))
+ goto done;
+
+ ret = ec_point2raw(group, secretp, secret, ec_getlen(group));
+
+ done:
+ if (exchangep != NULL)
+ EC_POINT_clear_free(exchangep);
+ if (secretp != NULL)
+ EC_POINT_clear_free(secretp);
+
+ return (ret);
+}
+
+int
+ec_point2raw(struct group *group, const EC_POINT *point,
+ u_int8_t *buf, size_t len)
+{
+ const EC_GROUP *ecgroup = NULL;
+ BN_CTX *bnctx = NULL;
+ BIGNUM *x = NULL, *y = NULL;
+ int ret = -1;
+ size_t xlen, ylen;
+ off_t xoff, yoff;
+
+ if ((bnctx = BN_CTX_new()) == NULL)
+ goto done;
+ BN_CTX_start(bnctx);
+ if ((x = BN_CTX_get(bnctx)) == NULL ||
+ (y = BN_CTX_get(bnctx)) == NULL)
+ goto done;
+
+ if ((ecgroup = EC_KEY_get0_group(group->ec)) == NULL)
+ goto done;
+
+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(ecgroup)) ==
+ NID_X9_62_prime_field) {
+ if (!EC_POINT_get_affine_coordinates_GFp(ecgroup,
+ point, x, y, bnctx))
+ goto done;
+ } else {
+ if (!EC_POINT_get_affine_coordinates_GF2m(ecgroup,
+ point, x, y, bnctx))
+ goto done;
+ }
+
+ xlen = roundup(BN_num_bytes(x), 2);
+ xoff = xlen - BN_num_bytes(x);
+ if (!BN_bn2bin(x, buf + xoff))
+ goto done;
+
+ ylen = roundup(BN_num_bytes(y), 2);
+ yoff = (ylen - BN_num_bytes(y)) + xlen;
+ if (!BN_bn2bin(y, buf + yoff))
+ goto done;
+
+ ret = 0;
+ done:
+ BN_CTX_end(bnctx);
+ BN_CTX_free(bnctx);
+
+ return (ret);
+}
+
+EC_POINT *
+ec_raw2point(struct group *group, u_int8_t *buf, size_t len)
+{
+ const EC_GROUP *ecgroup = NULL;
+ EC_POINT *point = NULL;
+ BN_CTX *bnctx = NULL;
+ BIGNUM *x = NULL, *y = NULL;
+ int ret = -1;
+ size_t eclen;
+ size_t xlen, ylen;
+
+ if ((bnctx = BN_CTX_new()) == NULL)
+ goto done;
+ BN_CTX_start(bnctx);
+ if ((x = BN_CTX_get(bnctx)) == NULL ||
+ (y = BN_CTX_get(bnctx)) == NULL)
+ goto done;
+
+ eclen = ec_getlen(group);
+ if (len < eclen)
+ goto done;
+ xlen = ylen = eclen / 2;
+ if ((x = BN_bin2bn(buf, xlen, x)) == NULL ||
+ (y = BN_bin2bn(buf + xlen, ylen, y)) == NULL)
+ goto done;
+
+ if ((ecgroup = EC_KEY_get0_group(group->ec)) == NULL)
+ goto done;
+
+ if ((point = EC_POINT_new(ecgroup)) == NULL)
+ goto done;
+
+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(ecgroup)) ==
+ NID_X9_62_prime_field) {
+ if (!EC_POINT_set_affine_coordinates_GFp(ecgroup,
+ point, x, y, bnctx))
+ goto done;
+ } else {
+ if (!EC_POINT_set_affine_coordinates_GF2m(ecgroup,
+ point, x, y, bnctx))
+ goto done;
+ }
+
+ ret = 0;
+ done:
+ if (ret != 0 && point != NULL)
+ EC_POINT_clear_free(point);
+ BN_CTX_end(bnctx);
+ BN_CTX_free(bnctx);
+
+ return (point);
}
diff --git a/sbin/isakmpd/dh.h b/sbin/isakmpd/dh.h
index afd00ad001d..8762a8de947 100644
--- a/sbin/isakmpd/dh.h
+++ b/sbin/isakmpd/dh.h
@@ -1,43 +1,61 @@
-/* $OpenBSD: dh.h,v 1.7 2004/05/14 08:42:56 hshoexer Exp $ */
-/* $EOM: dh.h,v 1.4 1999/04/17 23:20:24 niklas Exp $ */
+/* $OpenBSD: dh.h,v 1.8 2010/06/29 19:50:16 reyk Exp $ */
+/* $vantronix: dh.h,v 1.8 2010/06/02 12:22:58 reyk Exp $ */
/*
- * Copyright (c) 1998 Niels Provos. All rights reserved.
+ * Copyright (c) 2010 Reyk Floeter <reyk@vantronix.net>
*
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
*
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/*
- * This code was written under funding by Ericsson Radio Systems.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#ifndef _DH_H_
#define _DH_H_
-#include <sys/types.h>
+enum group_type {
+ GROUP_MODP = 0,
+ GROUP_EC2N = 1,
+ GROUP_ECP = 2
+};
+
+struct group_id {
+ enum group_type type;
+ u_int id;
+ int bits;
+ char *prime;
+ char *generator;
+ int nid;
+};
+
+struct group {
+ int id;
+ struct group_id *spec;
+
+ void *dh;
+ void *ec;
+
+ int (*init)(struct group *);
+ int (*getlen)(struct group *);
+ int (*exchange)(struct group *, u_int8_t *);
+ int (*shared)(struct group *, u_int8_t *, u_int8_t *);
+};
+
+#define DH_MAXSZ 1024 /* 8192 bits */
-struct group;
+void group_init(void);
+void group_free(struct group *);
+struct group *group_get(u_int32_t);
-int dh_getlen(struct group *);
-int dh_create_exchange(struct group *, u_int8_t *);
-int dh_create_shared(struct group *, u_int8_t *, u_int8_t *);
+int dh_getlen(struct group *);
+int dh_create_exchange(struct group *, u_int8_t *);
+int dh_create_shared(struct group *, u_int8_t *, u_int8_t *);
-#endif /* _DH_H_ */
+#endif /* _DH_H_ */
diff --git a/sbin/isakmpd/ike_aggressive.c b/sbin/isakmpd/ike_aggressive.c
index 4d18534ab42..324460d3dac 100644
--- a/sbin/isakmpd/ike_aggressive.c
+++ b/sbin/isakmpd/ike_aggressive.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ike_aggressive.c,v 1.10 2005/04/08 22:32:10 cloder Exp $ */
+/* $OpenBSD: ike_aggressive.c,v 1.11 2010/06/29 19:50:16 reyk Exp $ */
/* $EOM: ike_aggressive.c,v 1.4 2000/01/31 22:33:45 niklas Exp $ */
/*
@@ -50,7 +50,6 @@
#include "ipsec_doi.h"
#include "isakmp.h"
#include "log.h"
-#include "math_group.h"
#include "message.h"
#include "nat_traversal.h"
#include "prf.h"
diff --git a/sbin/isakmpd/ike_main_mode.c b/sbin/isakmpd/ike_main_mode.c
index 9bc55babca1..e88c4295654 100644
--- a/sbin/isakmpd/ike_main_mode.c
+++ b/sbin/isakmpd/ike_main_mode.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ike_main_mode.c,v 1.16 2005/04/08 22:32:10 cloder Exp $ */
+/* $OpenBSD: ike_main_mode.c,v 1.17 2010/06/29 19:50:16 reyk Exp $ */
/* $EOM: ike_main_mode.c,v 1.77 1999/04/25 22:12:34 niklas Exp $ */
/*
@@ -49,7 +49,6 @@
#include "ipsec_doi.h"
#include "isakmp.h"
#include "log.h"
-#include "math_group.h"
#include "message.h"
#include "prf.h"
#include "sa.h"
diff --git a/sbin/isakmpd/ike_phase_1.c b/sbin/isakmpd/ike_phase_1.c
index d6933c79290..28167567bc9 100644
--- a/sbin/isakmpd/ike_phase_1.c
+++ b/sbin/isakmpd/ike_phase_1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ike_phase_1.c,v 1.71 2008/02/06 11:37:53 moritz Exp $ */
+/* $OpenBSD: ike_phase_1.c,v 1.72 2010/06/29 19:50:16 reyk Exp $ */
/* $EOM: ike_phase_1.c,v 1.31 2000/12/11 23:47:56 niklas Exp $ */
/*
@@ -52,7 +52,6 @@
#include "ipsec_doi.h"
#include "isakmp.h"
#include "log.h"
-#include "math_group.h"
#include "message.h"
#include "nat_traversal.h"
#include "prf.h"
diff --git a/sbin/isakmpd/ike_quick_mode.c b/sbin/isakmpd/ike_quick_mode.c
index 5de7d70db4f..50d771e4bbd 100644
--- a/sbin/isakmpd/ike_quick_mode.c
+++ b/sbin/isakmpd/ike_quick_mode.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ike_quick_mode.c,v 1.104 2010/03/04 13:55:28 markus Exp $ */
+/* $OpenBSD: ike_quick_mode.c,v 1.105 2010/06/29 19:50:16 reyk Exp $ */
/* $EOM: ike_quick_mode.c,v 1.139 2001/01/26 10:43:17 niklas Exp $ */
/*
@@ -48,7 +48,6 @@
#include "ike_quick_mode.h"
#include "ipsec.h"
#include "log.h"
-#include "math_group.h"
#include "message.h"
#include "policy.h"
#include "prf.h"
diff --git a/sbin/isakmpd/init.c b/sbin/isakmpd/init.c
index b47a8206029..04243748fc2 100644
--- a/sbin/isakmpd/init.c
+++ b/sbin/isakmpd/init.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: init.c,v 1.39 2006/07/02 13:19:00 hshoexer Exp $ */
+/* $OpenBSD: init.c,v 1.40 2010/06/29 19:50:16 reyk Exp $ */
/* $EOM: init.c,v 1.25 2000/03/30 14:27:24 ho Exp $ */
/*
@@ -46,7 +46,7 @@
#include "isakmp_doi.h"
#include "libcrypto.h"
#include "log.h"
-#include "math_group.h"
+#include "dh.h"
#include "monitor.h"
#include "sa.h"
#include "timer.h"
diff --git a/sbin/isakmpd/ipsec.c b/sbin/isakmpd/ipsec.c
index 87ef6205ddb..8107474b929 100644
--- a/sbin/isakmpd/ipsec.c
+++ b/sbin/isakmpd/ipsec.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ipsec.c,v 1.134 2010/03/04 13:55:28 markus Exp $ */
+/* $OpenBSD: ipsec.c,v 1.135 2010/06/29 19:50:16 reyk Exp $ */
/* $EOM: ipsec.c,v 1.143 2000/12/11 23:57:42 niklas Exp $ */
/*
@@ -65,7 +65,6 @@
#include "isakmp_fld.h"
#include "isakmp_num.h"
#include "log.h"
-#include "math_group.h"
#include "message.h"
#include "nat_traversal.h"
#include "pf_key_v2.h"
diff --git a/sbin/isakmpd/math_2n.c b/sbin/isakmpd/math_2n.c
deleted file mode 100644
index ccc1aca8668..00000000000
--- a/sbin/isakmpd/math_2n.c
+++ /dev/null
@@ -1,882 +0,0 @@
-/* $OpenBSD: math_2n.c,v 1.26 2007/04/16 13:01:39 moritz Exp $ */
-/* $EOM: math_2n.c,v 1.15 1999/04/20 09:23:30 niklas Exp $ */
-
-/*
- * Copyright (c) 1998 Niels Provos. All rights reserved.
- * Copyright (c) 1999 Niklas Hallqvist. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/*
- * This code was written under funding by Ericsson Radio Systems.
- */
-
-/*
- * B2N is a module for doing arithmetic on the Field GF(2**n) which is
- * isomorph to ring of polynomials GF(2)[x]/p(x) where p(x) is an
- * irreducible polynomial over GF(2)[x] with grade n.
- *
- * First we need functions which operate on GF(2)[x], operation
- * on GF(2)[x]/p(x) can be done as for Z_p then.
- */
-
-#include <stdlib.h>
-#include <string.h>
-#include <stdio.h>
-
-#include "math_2n.h"
-#include "util.h"
-
-static u_int8_t hex2int(char);
-
-CHUNK_TYPE b2n_mask[CHUNK_BITS] = {
- 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80,
-#if CHUNK_BITS > 8
- 0x0100, 0x0200, 0x0400, 0x0800, 0x1000, 0x2000, 0x4000, 0x8000,
-#if CHUNK_BITS > 16
- 0x00010000, 0x00020000, 0x00040000, 0x00080000,
- 0x00100000, 0x00200000, 0x00400000, 0x00800000,
- 0x01000000, 0x02000000, 0x04000000, 0x08000000,
- 0x10000000, 0x20000000, 0x40000000, 0x80000000,
-#endif
-#endif
-};
-
-/* Convert a hex character to its integer value. */
-static u_int8_t
-hex2int(char c)
-{
- if (c <= '9')
- return c - '0';
- if (c <= 'f')
- return 10 + c - 'a';
-
- return 0;
-}
-
-int
-b2n_random(b2n_ptr n, u_int32_t bits)
-{
- if (b2n_resize(n, (CHUNK_MASK + bits) >> CHUNK_SHIFTS))
- return -1;
-
- getrandom((u_int8_t *) n->limp, CHUNK_BYTES * n->chunks);
-
- /* Get the number of significant bits right */
- if (bits & CHUNK_MASK) {
- CHUNK_TYPE m =
- (((1 << ((bits & CHUNK_MASK) - 1)) - 1) << 1) | 1;
- n->limp[n->chunks - 1] &= m;
- }
- n->dirty = 1;
- return 0;
-}
-
-/* b2n management functions */
-
-void
-b2n_init(b2n_ptr n)
-{
- n->chunks = 0;
- n->limp = 0;
-}
-
-void
-b2n_clear(b2n_ptr n)
-{
- free(n->limp);
-}
-
-int
-b2n_resize(b2n_ptr n, unsigned int chunks)
-{
- size_t old = n->chunks;
- size_t size;
- CHUNK_TYPE *new;
-
- if (chunks == 0)
- chunks = 1;
-
- if (chunks == old)
- return 0;
-
- size = CHUNK_BYTES * chunks;
-
- new = realloc(n->limp, size);
- if (!new)
- return -1;
-
- n->limp = new;
- n->chunks = chunks;
- n->bits = chunks << CHUNK_SHIFTS;
- n->dirty = 1;
-
- if (chunks > old)
- bzero(n->limp + old, size - CHUNK_BYTES * old);
-
- return 0;
-}
-
-/* Simple assignment functions. */
-
-int
-b2n_set(b2n_ptr d, b2n_ptr s)
-{
- if (d == s)
- return 0;
-
- b2n_sigbit(s);
- if (b2n_resize(d, (CHUNK_MASK + s->bits) >> CHUNK_SHIFTS))
- return -1;
- memcpy(d->limp, s->limp, CHUNK_BYTES * d->chunks);
- d->bits = s->bits;
- d->dirty = s->dirty;
- return 0;
-}
-
-int
-b2n_set_null(b2n_ptr n)
-{
- if (b2n_resize(n, 1))
- return -1;
- n->limp[0] = n->bits = n->dirty = 0;
- return 0;
-}
-
-int
-b2n_set_ui(b2n_ptr n, unsigned int val)
-{
-#if CHUNK_BITS < 32
- int i, chunks;
-
- chunks = (CHUNK_BYTES - 1 + sizeof(val)) / CHUNK_BYTES;
-
- if (b2n_resize(n, chunks))
- return -1;
-
- for (i = 0; i < chunks; i++) {
- n->limp[i] = val & CHUNK_BMASK;
- val >>= CHUNK_BITS;
- }
-#else
- if (b2n_resize(n, 1))
- return -1;
- n->limp[0] = val;
-#endif
- n->dirty = 1;
- return 0;
-}
-
-/* XXX This one only takes hex at the moment. */
-int
-b2n_set_str(b2n_ptr n, char *str)
-{
- int i, j, w, len, chunks;
- CHUNK_TYPE tmp;
-
- if (strncasecmp(str, "0x", 2))
- return -1;
-
- /* Make the hex string even lengthed */
- len = strlen(str) - 2;
- if (len & 1) {
- len++;
- str++;
- } else
- str += 2;
-
- len /= 2;
-
- chunks = (CHUNK_BYTES - 1 + len) / CHUNK_BYTES;
- if (b2n_resize(n, chunks))
- return -1;
- bzero(n->limp, CHUNK_BYTES * n->chunks);
-
- for (w = 0, i = 0; i < chunks; i++) {
- tmp = 0;
- for (j = (i == 0 ?
- ((len - 1) % CHUNK_BYTES) + 1 : CHUNK_BYTES);
- j > 0; j--) {
- tmp <<= 8;
- tmp |= (hex2int(str[w]) << 4) | hex2int(str[w + 1]);
- w += 2;
- }
- n->limp[chunks - 1 - i] = tmp;
- }
-
- n->dirty = 1;
- return 0;
-}
-
-/* Arithmetic functions. */
-
-u_int32_t
-b2n_sigbit(b2n_ptr n)
-{
- int i, j;
-
- if (!n->dirty)
- return n->bits;
-
- for (i = n->chunks - 1; i > 0; i--)
- if (n->limp[i])
- break;
-
- if (!n->limp[i])
- return 0;
-
- for (j = CHUNK_MASK; j > 0; j--)
- if (n->limp[i] & b2n_mask[j])
- break;
-
- n->bits = (i << CHUNK_SHIFTS) + j + 1;
- n->dirty = 0;
- return n->bits;
-}
-
-/* Addition on GF(2)[x] is nice, its just an XOR. */
-int
-b2n_add(b2n_ptr d, b2n_ptr a, b2n_ptr b)
-{
- int i;
- b2n_ptr bmin, bmax;
-
- if (!b2n_cmp_null(a))
- return b2n_set(d, b);
-
- if (!b2n_cmp_null(b))
- return b2n_set(d, a);
-
- bmin = B2N_MIN(a, b);
- bmax = B2N_MAX(a, b);
-
- if (b2n_resize(d, bmax->chunks))
- return -1;
-
- for (i = 0; i < bmin->chunks; i++)
- d->limp[i] = bmax->limp[i] ^ bmin->limp[i];
-
- /*
- * If d is not bmax, we have to copy the rest of the bytes, and also
- * need to adjust to number of relevant bits.
- */
- if (d != bmax) {
- for (; i < bmax->chunks; i++)
- d->limp[i] = bmax->limp[i];
-
- d->bits = bmax->bits;
- }
- /*
- * Help to converse memory. When the result of the addition is zero
- * truncate the used amount of memory.
- */
- if (d != bmax && !b2n_cmp_null(d))
- return b2n_set_null(d);
- else
- d->dirty = 1;
- return 0;
-}
-
-/* Compare two polynomials. */
-int
-b2n_cmp(b2n_ptr n, b2n_ptr m)
-{
- int sn, sm;
- int i;
-
- sn = b2n_sigbit(n);
- sm = b2n_sigbit(m);
-
- if (sn > sm)
- return 1;
- if (sn < sm)
- return -1;
-
- for (i = n->chunks - 1; i >= 0; i--)
- if (n->limp[i] > m->limp[i])
- return 1;
- else if (n->limp[i] < m->limp[i])
- return -1;
-
- return 0;
-}
-
-int
-b2n_cmp_null(b2n_ptr a)
-{
- int i = 0;
-
- do {
- if (a->limp[i])
- return 1;
- } while (++i < a->chunks);
-
- return 0;
-}
-
-/* Left shift, needed for polynomial multiplication. */
-int
-b2n_lshift(b2n_ptr d, b2n_ptr n, unsigned int s)
-{
- int i, maj, min, chunks;
- u_int16_t bits = b2n_sigbit(n), add;
- CHUNK_TYPE *p, *op;
-
- if (!s)
- return b2n_set(d, n);
-
- maj = s >> CHUNK_SHIFTS;
- min = s & CHUNK_MASK;
-
- add = (!(bits & CHUNK_MASK) ||
- ((bits & CHUNK_MASK) + min) > CHUNK_MASK) ? 1 : 0;
- chunks = n->chunks;
- if (b2n_resize(d, chunks + maj + add))
- return -1;
- memmove(d->limp + maj, n->limp, CHUNK_BYTES * chunks);
-
- if (maj)
- bzero(d->limp, CHUNK_BYTES * maj);
- if (add)
- d->limp[d->chunks - 1] = 0;
-
- /* If !min there are no bit shifts, we are done */
- if (!min)
- return 0;
-
- op = p = &d->limp[d->chunks - 1];
- for (i = d->chunks - 2; i >= maj; i--) {
- op--;
- *p = (*p << min) | (*op >> (CHUNK_BITS - min));
- p--;
- }
- *p <<= min;
-
- d->dirty = 0;
- d->bits = bits + (maj << CHUNK_SHIFTS) + min;
- return 0;
-}
-
-/* Right shift, needed for polynomial division. */
-int
-b2n_rshift(b2n_ptr d, b2n_ptr n, unsigned int s)
-{
- int maj, min, size = n->chunks, newsize;
- b2n_ptr tmp;
-
- if (!s)
- return b2n_set(d, n);
-
- maj = s >> CHUNK_SHIFTS;
-
- newsize = size - maj;
-
- if (size < maj)
- return b2n_set_null(d);
-
- min = (CHUNK_BITS - (s & CHUNK_MASK)) & CHUNK_MASK;
- if (min) {
- if ((b2n_sigbit(n) & CHUNK_MASK) > (u_int32_t) min)
- newsize++;
-
- if (b2n_lshift(d, n, min))
- return -1;
- tmp = d;
- } else
- tmp = n;
-
- memmove(d->limp, tmp->limp + maj + (min ? 1 : 0),
- CHUNK_BYTES * newsize);
- if (b2n_resize(d, newsize))
- return -1;
-
- d->bits = tmp->bits - ((maj + (min ? 1 : 0)) << CHUNK_SHIFTS);
- return 0;
-}
-
-/* Normal polynomial multiplication. */
-int
-b2n_mul(b2n_ptr d, b2n_ptr n, b2n_ptr m)
-{
- int i, j;
- b2n_t tmp, tmp2;
-
- if (!b2n_cmp_null(m) || !b2n_cmp_null(n))
- return b2n_set_null(d);
-
- if (b2n_sigbit(m) == 1)
- return b2n_set(d, n);
-
- if (b2n_sigbit(n) == 1)
- return b2n_set(d, m);
-
- b2n_init(tmp);
- b2n_init(tmp2);
-
- if (b2n_set(tmp, B2N_MAX(n, m)))
- goto fail;
- if (b2n_set(tmp2, B2N_MIN(n, m)))
- goto fail;
-
- if (b2n_set_null(d))
- goto fail;
-
- for (i = 0; i < tmp2->chunks; i++)
- if (tmp2->limp[i])
- for (j = 0; j < CHUNK_BITS; j++) {
- if (tmp2->limp[i] & b2n_mask[j])
- if (b2n_add(d, d, tmp))
- goto fail;
-
- if (b2n_lshift(tmp, tmp, 1))
- goto fail;
- }
- else if (b2n_lshift(tmp, tmp, CHUNK_BITS))
- goto fail;
-
- b2n_clear(tmp);
- b2n_clear(tmp2);
- return 0;
-
-fail:
- b2n_clear(tmp);
- b2n_clear(tmp2);
- return -1;
-}
-
-/*
- * Squaring in this polynomial ring is more efficient than normal
- * multiplication.
- */
-int
-b2n_square(b2n_ptr d, b2n_ptr n)
-{
- int i, j, maj, min, bits, chunk;
- b2n_t t;
-
- maj = b2n_sigbit(n);
- min = maj & CHUNK_MASK;
- maj = (maj + CHUNK_MASK) >> CHUNK_SHIFTS;
-
- b2n_init(t);
- if (b2n_resize(t,
- 2 * maj + ((CHUNK_MASK + 2 * min) >> CHUNK_SHIFTS))) {
- b2n_clear(t);
- return -1;
- }
- chunk = 0;
- bits = 0;
-
- for (i = 0; i < maj; i++)
- if (n->limp[i])
- for (j = 0; j < CHUNK_BITS; j++) {
- if (n->limp[i] & b2n_mask[j])
- t->limp[chunk] ^= b2n_mask[bits];
-
- bits += 2;
- if (bits >= CHUNK_BITS) {
- chunk++;
- bits &= CHUNK_MASK;
- }
- }
- else
- chunk += 2;
-
- t->dirty = 1;
- B2N_SWAP(d, t);
- b2n_clear(t);
- return 0;
-}
-
-/*
- * Normal polynomial division.
- * These functions are far from optimal in speed.
- */
-int
-b2n_div_r(b2n_ptr r, b2n_ptr n, b2n_ptr m)
-{
- b2n_t q;
- int rv;
-
- b2n_init(q);
- rv = b2n_div(q, r, n, m);
- b2n_clear(q);
- return rv;
-}
-
-int
-b2n_div(b2n_ptr q, b2n_ptr r, b2n_ptr n, b2n_ptr m)
-{
- int i, j, len, bits;
- u_int32_t sm, sn;
- b2n_t nenn, div, shift, mask;
-
- /* If Teiler > Zaehler, the result is 0 */
- if ((sm = b2n_sigbit(m)) > (sn = b2n_sigbit(n))) {
- if (b2n_set_null(q))
- return -1;
- return b2n_set(r, n);
- }
- if (sm == 0)
- /* Division by Zero */
- return -1;
- else if (sm == 1) {
- /* Division by the One-Element */
- if (b2n_set(q, n))
- return -1;
- return b2n_set_null(r);
- }
- b2n_init(nenn);
- b2n_init(div);
- b2n_init(shift);
- b2n_init(mask);
-
- if (b2n_set(nenn, n))
- goto fail;
- if (b2n_set(div, m))
- goto fail;
- if (b2n_set(shift, m))
- goto fail;
- if (b2n_set_ui(mask, 1))
- goto fail;
-
- if (b2n_resize(q, (sn - sm + CHUNK_MASK) >> CHUNK_SHIFTS))
- goto fail;
- bzero(q->limp, CHUNK_BYTES * q->chunks);
-
- if (b2n_lshift(shift, shift, sn - sm))
- goto fail;
- if (b2n_lshift(mask, mask, sn - sm))
- goto fail;
-
- /* Number of significant octets */
- len = (sn - 1) >> CHUNK_SHIFTS;
- /* The first iteration is done over the relevant bits */
- bits = (CHUNK_MASK + sn) & CHUNK_MASK;
- for (i = len; i >= 0 && b2n_sigbit(nenn) >= sm; i--)
- for (j = (i == len ? bits : CHUNK_MASK); j >= 0 &&
- b2n_sigbit(nenn) >= sm; j--) {
- if (nenn->limp[i] & b2n_mask[j]) {
- if (b2n_sub(nenn, nenn, shift))
- goto fail;
- if (b2n_add(q, q, mask))
- goto fail;
- }
- if (b2n_rshift(shift, shift, 1))
- goto fail;
- if (b2n_rshift(mask, mask, 1))
- goto fail;
- }
-
- B2N_SWAP(r, nenn);
-
- b2n_clear(nenn);
- b2n_clear(div);
- b2n_clear(shift);
- b2n_clear(mask);
- return 0;
-
-fail:
- b2n_clear(nenn);
- b2n_clear(div);
- b2n_clear(shift);
- b2n_clear(mask);
- return -1;
-}
-
-/* Functions for Operation on GF(2**n) ~= GF(2)[x]/p(x). */
-int
-b2n_mod(b2n_ptr m, b2n_ptr n, b2n_ptr p)
-{
- int bits, size;
-
- if (b2n_div_r(m, n, p))
- return -1;
-
- bits = b2n_sigbit(m);
- size = ((CHUNK_MASK + bits) >> CHUNK_SHIFTS);
- if (size == 0)
- size = 1;
- if (m->chunks > size)
- if (b2n_resize(m, size))
- return -1;
-
- m->bits = bits;
- m->dirty = 0;
- return 0;
-}
-
-int
-b2n_mul_inv(b2n_ptr ga, b2n_ptr be, b2n_ptr p)
-{
- b2n_t a;
-
- b2n_init(a);
- if (b2n_set_ui(a, 1))
- goto fail;
-
- if (b2n_div_mod(ga, a, be, p))
- goto fail;
-
- b2n_clear(a);
- return 0;
-
-fail:
- b2n_clear(a);
- return -1;
-}
-
-int
-b2n_div_mod(b2n_ptr ga, b2n_ptr a, b2n_ptr be, b2n_ptr p)
-{
- b2n_t s0, s1, s2, q, r0, r1;
-
- /* There is no multiplicative inverse to Null. */
- if (!b2n_cmp_null(be))
- return b2n_set_null(ga);
-
- b2n_init(s0);
- b2n_init(s1);
- b2n_init(s2);
- b2n_init(r0);
- b2n_init(r1);
- b2n_init(q);
-
- if (b2n_set(r0, p))
- goto fail;
- if (b2n_set(r1, be))
- goto fail;
-
- if (b2n_set_null(s0))
- goto fail;
- if (b2n_set(s1, a))
- goto fail;
-
- while (b2n_cmp_null(r1)) {
- if (b2n_div(q, r0, r0, r1))
- goto fail;
- B2N_SWAP(r0, r1);
-
- if (b2n_mul(s2, q, s1))
- goto fail;
- if (b2n_mod(s2, s2, p))
- goto fail;
- if (b2n_sub(s2, s0, s2))
- goto fail;
-
- B2N_SWAP(s0, s1);
- B2N_SWAP(s1, s2);
- }
- B2N_SWAP(ga, s0);
-
- b2n_clear(s0);
- b2n_clear(s1);
- b2n_clear(s2);
- b2n_clear(r0);
- b2n_clear(r1);
- b2n_clear(q);
- return 0;
-
-fail:
- b2n_clear(s0);
- b2n_clear(s1);
- b2n_clear(s2);
- b2n_clear(r0);
- b2n_clear(r1);
- b2n_clear(q);
- return -1;
-}
-
-/*
- * The halftrace yields the square root if the degree of the
- * irreducible polynomial is odd.
- */
-int
-b2n_halftrace(b2n_ptr ho, b2n_ptr a, b2n_ptr p)
-{
- int i, m = b2n_sigbit(p) - 1;
- b2n_t h;
-
- b2n_init(h);
- if (b2n_set(h, a))
- goto fail;
-
- for (i = 0; i < (m - 1) / 2; i++) {
- if (b2n_square(h, h))
- goto fail;
- if (b2n_mod(h, h, p))
- goto fail;
- if (b2n_square(h, h))
- goto fail;
- if (b2n_mod(h, h, p))
- goto fail;
-
- if (b2n_add(h, h, a))
- goto fail;
- }
-
- B2N_SWAP(ho, h);
-
- b2n_clear(h);
- return 0;
-
-fail:
- b2n_clear(h);
- return -1;
-}
-
-/*
- * Solving the equation: y**2 + y = b in GF(2**m) where ip is the
- * irreducible polynomial. If m is odd, use the half trace.
- */
-int
-b2n_sqrt(b2n_ptr zo, b2n_ptr b, b2n_ptr ip)
-{
- int i, m = b2n_sigbit(ip) - 1;
- b2n_t w, p, temp, z;
-
- if (!b2n_cmp_null(b))
- return b2n_set_null(z);
-
- if (m & 1)
- return b2n_halftrace(zo, b, ip);
-
- b2n_init(z);
- b2n_init(w);
- b2n_init(p);
- b2n_init(temp);
-
- do {
- if (b2n_random(p, m))
- goto fail;
- if (b2n_set_null(z))
- goto fail;
- if (b2n_set(w, p))
- goto fail;
-
- for (i = 1; i < m; i++) {
- if (b2n_square(z, z)) /* z**2 */
- goto fail;
- if (b2n_mod(z, z, ip))
- goto fail;
-
- if (b2n_square(w, w)) /* w**2 */
- goto fail;
- if (b2n_mod(w, w, ip))
- goto fail;
-
- if (b2n_mul(temp, w, b)) /* w**2 * b */
- goto fail;
- if (b2n_mod(temp, temp, ip))
- goto fail;
- if (b2n_add(z, z, temp)) /* z**2 + w**2 + b */
- goto fail;
-
- if (b2n_add(w, w, p)) /* w**2 + p */
- goto fail;
- }
- } while (!b2n_cmp_null(w));
-
- B2N_SWAP(zo, z);
-
- b2n_clear(w);
- b2n_clear(p);
- b2n_clear(temp);
- b2n_clear(z);
- return 0;
-
-fail:
- b2n_clear(w);
- b2n_clear(p);
- b2n_clear(temp);
- b2n_clear(z);
- return -1;
-}
-
-/*
- * Low-level function to speed up scalar multiplication with
- * elliptic curves.
- * Multiplies a normal number by 3.
- */
-
-/* Normal addition behaves as Z_{2**n} and not F_{2**n}. */
-int
-b2n_nadd(b2n_ptr d0, b2n_ptr a0, b2n_ptr b0)
-{
- int i, carry;
- b2n_ptr a, b;
- b2n_t d;
-
- if (!b2n_cmp_null(a0))
- return b2n_set(d0, b0);
-
- if (!b2n_cmp_null(b0))
- return b2n_set(d0, a0);
-
- b2n_init(d);
- a = B2N_MAX(a0, b0);
- b = B2N_MIN(a0, b0);
-
- if (b2n_resize(d, a->chunks + 1)) {
- b2n_clear(d);
- return -1;
- }
- for (carry = i = 0; i < b->chunks; i++) {
- d->limp[i] = a->limp[i] + b->limp[i] + carry;
- carry = (d->limp[i] < a->limp[i] ? 1 : 0);
- }
-
- for (; i < a->chunks && carry; i++) {
- d->limp[i] = a->limp[i] + carry;
- carry = (d->limp[i] < a->limp[i] ? 1 : 0);
- }
-
- if (i < a->chunks)
- memcpy(d->limp + i, a->limp + i,
- CHUNK_BYTES * (a->chunks - i));
-
- d->dirty = 1;
- B2N_SWAP(d0, d);
-
- b2n_clear(d);
- return 0;
-}
-
-int
-b2n_3mul(b2n_ptr d0, b2n_ptr e)
-{
- b2n_t d;
-
- b2n_init(d);
- if (b2n_lshift(d, e, 1))
- goto fail;
-
- if (b2n_nadd(d0, d, e))
- goto fail;
-
- b2n_clear(d);
- return 0;
-
-fail:
- b2n_clear(d);
- return -1;
-}
diff --git a/sbin/isakmpd/math_2n.h b/sbin/isakmpd/math_2n.h
deleted file mode 100644
index d3249e1fc74..00000000000
--- a/sbin/isakmpd/math_2n.h
+++ /dev/null
@@ -1,126 +0,0 @@
-/* $OpenBSD: math_2n.h,v 1.9 2005/12/28 10:57:35 hshoexer Exp $ */
-/* $EOM: math_2n.h,v 1.9 1999/04/17 23:20:32 niklas Exp $ */
-
-/*
- * Copyright (c) 1998 Niels Provos. All rights reserved.
- * Copyright (c) 1999 Niklas Hallqvist. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/*
- * This code was written under funding by Ericsson Radio Systems.
- */
-
-#ifndef _MATH_2N_H
-#define _MATH_2N_H_
-
-/*
- * The chunk size we use is variable, this allows speed ups
- * for processors like the Alpha with 64bit words.
- * XXX - b2n_mask is only up to 32 bit at the moment.
- */
-
-#define USE_32BIT /* XXX - This obviously needs fixing */
-
-#ifdef USE_32BIT
-#define CHUNK_TYPE u_int32_t
-#define CHUNK_BITS 32
-#define CHUNK_SHIFTS 5
-#define CHUNK_BMASK 0xffffffff
-#define CHUNK_MASK (CHUNK_BITS - 1)
-#define CHUNK_BYTES (CHUNK_BITS >> 3)
-#define CHUNK_NIBBLES (CHUNK_BITS >> 2)
-#else
-#define CHUNK_TYPE u_int8_t
-#define CHUNK_BITS 8
-#define CHUNK_SHIFTS 3
-#define CHUNK_BMASK 0xff
-#define CHUNK_MASK (CHUNK_BITS - 1)
-#define CHUNK_BYTES (CHUNK_BITS >> 3)
-#define CHUNK_NIBBLES (CHUNK_BITS >> 2)
-#endif
-
-extern CHUNK_TYPE b2n_mask[CHUNK_BITS];
-
-/* An element of GF(2**n), n = bits */
-
-typedef struct {
- u_int16_t chunks;
- u_int16_t bits;
- u_int8_t dirty; /* Sig bits are dirty */
- CHUNK_TYPE *limp;
-} _b2n;
-
-typedef _b2n *b2n_ptr;
-typedef _b2n b2n_t[1];
-
-#define B2N_SET(x,y) do \
- { \
- (x)->chunks = (y)->chunks; \
- (x)->bits = (y)->bits; \
- (x)->limp = (y)->limp; \
- (x)->dirty = (y)->dirty; \
- } \
-while (0)
-
-#define B2N_SWAP(x,y) do \
- { \
- b2n_t _t_; \
-\
- B2N_SET (_t_, (x)); \
- B2N_SET ((x), (y)); \
- B2N_SET ((y), _t_); \
- } \
-while (0)
-
-#define B2N_MIN(x,y) ((x)->chunks > (y)->chunks ? (y) : (x))
-#define B2N_MAX(x,y) ((x)->chunks > (y)->chunks ? (x) : (y))
-
-int b2n_3mul(b2n_ptr, b2n_ptr);
-int b2n_add(b2n_ptr, b2n_ptr, b2n_ptr);
-int b2n_cmp(b2n_ptr, b2n_ptr);
-int b2n_cmp_null(b2n_ptr);
-int b2n_div(b2n_ptr, b2n_ptr, b2n_ptr, b2n_ptr);
-int b2n_div_mod(b2n_ptr, b2n_ptr, b2n_ptr, b2n_ptr);
-int b2n_div_r(b2n_ptr, b2n_ptr, b2n_ptr);
-void b2n_init(b2n_ptr);
-void b2n_clear(b2n_ptr);
-int b2n_gcd(b2n_ptr, b2n_ptr, b2n_ptr);
-int b2n_halftrace(b2n_ptr, b2n_ptr, b2n_ptr);
-int b2n_lshift(b2n_ptr, b2n_ptr, unsigned int);
-int b2n_mod(b2n_ptr, b2n_ptr, b2n_ptr);
-int b2n_mul(b2n_ptr, b2n_ptr, b2n_ptr);
-int b2n_mul_inv(b2n_ptr, b2n_ptr, b2n_ptr);
-int b2n_nadd(b2n_ptr, b2n_ptr, b2n_ptr);
-int b2n_random(b2n_ptr, u_int32_t);
-int b2n_resize(b2n_ptr, unsigned int);
-int b2n_rshift(b2n_ptr, b2n_ptr, unsigned int);
-int b2n_set(b2n_ptr, b2n_ptr);
-int b2n_set_null(b2n_ptr);
-int b2n_set_str(b2n_ptr, char *);
-int b2n_set_ui(b2n_ptr, unsigned int);
-u_int32_t b2n_sigbit(b2n_ptr);
-int b2n_sqrt(b2n_ptr, b2n_ptr, b2n_ptr);
-int b2n_square(b2n_ptr, b2n_ptr);
-#define b2n_sub b2n_add
-
-#endif /* _MATH_2N_H_ */
diff --git a/sbin/isakmpd/math_ec2n.c b/sbin/isakmpd/math_ec2n.c
deleted file mode 100644
index dfb25a596e8..00000000000
--- a/sbin/isakmpd/math_ec2n.c
+++ /dev/null
@@ -1,380 +0,0 @@
-/* $OpenBSD: math_ec2n.c,v 1.13 2005/04/08 22:32:10 cloder Exp $ */
-/* $EOM: math_ec2n.c,v 1.9 1999/04/20 09:23:31 niklas Exp $ */
-
-/*
- * Copyright (c) 1998 Niels Provos. All rights reserved.
- * Copyright (c) 1999 Niklas Hallqvist. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/*
- * This code was written under funding by Ericsson Radio Systems.
- */
-
-#include <sys/param.h>
-#include <stdio.h>
-
-#include "math_2n.h"
-#include "math_ec2n.h"
-
-void
-ec2np_init(ec2np_ptr n)
-{
- b2n_init(n->x);
- b2n_init(n->y);
- n->inf = 0;
-}
-
-void
-ec2np_clear(ec2np_ptr n)
-{
- b2n_clear(n->x);
- b2n_clear(n->y);
-}
-
-int
-ec2np_set(ec2np_ptr d, ec2np_ptr n)
-{
- if (d == n)
- return 0;
-
- d->inf = n->inf;
- if (b2n_set(d->x, n->x))
- return -1;
- return b2n_set(d->y, n->y);
-}
-
-/* Group */
-
-void
-ec2ng_init(ec2ng_ptr n)
-{
- b2n_init(n->a);
- b2n_init(n->b);
- b2n_init(n->p);
-}
-
-void
-ec2ng_clear(ec2ng_ptr n)
-{
- b2n_clear(n->a);
- b2n_clear(n->b);
- b2n_clear(n->p);
-}
-
-int
-ec2ng_set(ec2ng_ptr d, ec2ng_ptr n)
-{
- if (b2n_set(d->a, n->a))
- return -1;
- if (b2n_set(d->b, n->b))
- return -1;
- return b2n_set(d->p, n->p);
-}
-
-/* Arithmetic functions */
-
-int
-ec2np_right(b2n_ptr n, ec2np_ptr p, ec2ng_ptr g)
-{
- b2n_t temp;
-
- b2n_init(temp);
-
- /* First calc x**3 + ax**2 + b */
- if (b2n_square(n, p->x))
- goto fail;
- if (b2n_mod(n, n, g->p))
- goto fail;
-
- if (b2n_mul(temp, g->a, n)) /* a*x**2 */
- goto fail;
- if (b2n_mod(temp, temp, g->p))
- goto fail;
-
- if (b2n_mul(n, n, p->x))/* x**3 */
- goto fail;
- if (b2n_mod(n, n, g->p))
- goto fail;
-
- if (b2n_add(n, n, temp))
- goto fail;
- if (b2n_add(n, n, g->b))
- goto fail;
-
- b2n_clear(temp);
- return 0;
-
-fail:
- b2n_clear(temp);
- return -1;
-}
-
-int
-ec2np_ison(ec2np_ptr p, ec2ng_ptr g)
-{
- int res;
- b2n_t x, y, temp;
-
- if (p->inf)
- return 1;
-
- b2n_init(x);
- b2n_init(y);
- b2n_init(temp);
-
- /* First calc x**3 + ax**2 + b */
- if (ec2np_right(x, p, g))
- goto fail;
-
- /* Now calc y**2 + xy */
- if (b2n_square(y, p->y))
- goto fail;
- if (b2n_mod(y, y, g->p))
- goto fail;
-
- if (b2n_mul(temp, p->y, p->x))
- goto fail;
- if (b2n_mod(temp, temp, g->p))
- goto fail;
-
- if (b2n_add(y, y, temp))
- goto fail;
-
- res = !b2n_cmp(x, y);
-
- b2n_clear(x);
- b2n_clear(y);
- b2n_clear(temp);
- return res;
-
-fail:
- b2n_clear(x);
- b2n_clear(y);
- b2n_clear(temp);
- return -1;
-}
-
-int
-ec2np_find_y(ec2np_ptr p, ec2ng_ptr g)
-{
- b2n_t right;
-
- b2n_init(right);
-
- if (ec2np_right(right, p, g)) /* Right sight of equation */
- goto fail;
- if (b2n_mul_inv(p->y, p->x, g->p))
- goto fail;
-
- if (b2n_square(p->y, p->y))
- goto fail;
- if (b2n_mod(p->y, p->y, g->p))
- goto fail;
-
- if (b2n_mul(right, right, p->y)) /* x^-2 * right */
- goto fail;
- if (b2n_mod(right, right, g->p))
- goto fail;
-
- if (b2n_sqrt(p->y, right, g->p)) /* Find root */
- goto fail;
- if (b2n_mul(p->y, p->y, p->x))
- goto fail;
- if (b2n_mod(p->y, p->y, g->p))
- goto fail;
-
- b2n_clear(right);
- return 0;
-
-fail:
- b2n_clear(right);
- return -1;
-}
-
-int
-ec2np_add(ec2np_ptr d, ec2np_ptr a, ec2np_ptr b, ec2ng_ptr g)
-{
- b2n_t lambda, temp;
- ec2np_t pn;
-
- /* Check for Neutral Element */
- if (b->inf)
- return ec2np_set(d, a);
- if (a->inf)
- return ec2np_set(d, b);
-
- if (!b2n_cmp(a->x, b->x) && (b2n_cmp(a->y, b->y) ||
- !b2n_cmp_null(a->x))) {
- d->inf = 1;
- if (b2n_set_null(d->x))
- return -1;
- return b2n_set_null(d->y);
- }
- b2n_init(lambda);
- b2n_init(temp);
- ec2np_init(pn);
-
- if (b2n_cmp(a->x, b->x)) {
- if (b2n_add(temp, a->x, b->x))
- goto fail;
- if (b2n_add(lambda, a->y, b->y))
- goto fail;
- if (b2n_div_mod(lambda, lambda, temp, g->p))
- goto fail;
-
- if (b2n_square(pn->x, lambda))
- goto fail;
- if (b2n_mod(pn->x, pn->x, g->p))
- goto fail;
-
- if (b2n_add(pn->x, pn->x, lambda))
- goto fail;
- if (b2n_add(pn->x, pn->x, g->a))
- goto fail;
- if (b2n_add(pn->x, pn->x, a->x))
- goto fail;
- if (b2n_add(pn->x, pn->x, b->x))
- goto fail;
- } else {
- if (b2n_div_mod(lambda, b->y, b->x, g->p))
- goto fail;
- if (b2n_add(lambda, lambda, b->x))
- goto fail;
-
- if (b2n_square(pn->x, lambda))
- goto fail;
- if (b2n_mod(pn->x, pn->x, g->p))
- goto fail;
- if (b2n_add(pn->x, pn->x, lambda))
- goto fail;
- if (b2n_add(pn->x, pn->x, g->a))
- goto fail;
- }
-
- if (b2n_add(pn->y, b->x, pn->x))
- goto fail;
-
- if (b2n_mul(pn->y, pn->y, lambda))
- goto fail;
- if (b2n_mod(pn->y, pn->y, g->p))
- goto fail;
-
- if (b2n_add(pn->y, pn->y, pn->x))
- goto fail;
- if (b2n_add(pn->y, pn->y, b->y))
- goto fail;
-
- EC2NP_SWAP(d, pn);
-
- ec2np_clear(pn);
- b2n_clear(lambda);
- b2n_clear(temp);
- return 0;
-
-fail:
- ec2np_clear(pn);
- b2n_clear(lambda);
- b2n_clear(temp);
- return -1;
-}
-
-int
-ec2np_mul(ec2np_ptr d, ec2np_ptr a, b2n_ptr e, ec2ng_ptr g)
-{
- int i, j, bits, start;
- b2n_t h, k;
- ec2np_t q, mina;
-
- if (!b2n_cmp_null(e)) {
- d->inf = 1;
- if (b2n_set_null(d->x))
- return -1;
- return b2n_set_null(d->y);
- }
- b2n_init(h);
- b2n_init(k);
- ec2np_init(q);
- ec2np_init(mina);
-
- if (ec2np_set(q, a))
- goto fail;
-
- /* Create the point -a. */
- if (ec2np_set(mina, a))
- goto fail;
- if (b2n_add(mina->y, mina->y, mina->x))
- goto fail;
-
- if (b2n_set(k, e))
- goto fail;
- if (b2n_3mul(h, k))
- goto fail;
- if (b2n_resize(k, h->chunks))
- goto fail;
-
- /*
- * This is low level but can not be avoided, since we have to do single
- * bit checks on h and k.
- */
- bits = b2n_sigbit(h);
- if ((bits & CHUNK_MASK) == 1) {
- start = ((CHUNK_MASK + bits) >> CHUNK_SHIFTS) - 2;
- bits = CHUNK_BITS;
- } else {
- start = ((CHUNK_MASK + bits) >> CHUNK_SHIFTS) - 1;
- bits = ((bits - 1) & CHUNK_MASK);
- }
-
- /*
- * This is the addition, subtraction method which is faster because
- * we avoid one out of three additions (mean).
- */
- for (i = start; i >= 0; i--)
- for (j = (i == start ? bits : CHUNK_BITS) - 1; j >= 0; j--)
- if (i > 0 || j > 0) {
- if (ec2np_add(q, q, q, g))
- goto fail;
- if ((h->limp[i] & b2n_mask[j]) && !(k->limp[i]
- & b2n_mask[j])) {
- if (ec2np_add(q, q, a, g))
- goto fail;
- } else if (!(h->limp[i] & b2n_mask[j]) &&
- (k->limp[i] & b2n_mask[j]))
- if (ec2np_add(q, q, mina, g))
- goto fail;
- }
- EC2NP_SWAP(d, q);
-
- b2n_clear(k);
- b2n_clear(h);
- ec2np_clear(q);
- ec2np_clear(mina);
- return 0;
-
-fail:
- b2n_clear(k);
- b2n_clear(h);
- ec2np_clear(q);
- ec2np_clear(mina);
- return -1;
-}
diff --git a/sbin/isakmpd/math_ec2n.h b/sbin/isakmpd/math_ec2n.h
deleted file mode 100644
index 247f84aecc5..00000000000
--- a/sbin/isakmpd/math_ec2n.h
+++ /dev/null
@@ -1,94 +0,0 @@
-/* $OpenBSD: math_ec2n.h,v 1.7 2004/05/23 18:17:56 hshoexer Exp $ */
-/* $EOM: math_ec2n.h,v 1.4 1999/04/17 23:20:37 niklas Exp $ */
-
-/*
- * Copyright (c) 1998 Niels Provos. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/*
- * This code was written under funding by Ericsson Radio Systems.
- */
-
-#ifndef _MATH_EC2N_H
-#define _MATH_EC2N_H_
-
-/* Definitions for points on an elliptic curve */
-
-typedef struct {
- int inf; /* Are we the point at infinity ? */
- b2n_t x, y;
-} _ec2n_point;
-
-typedef _ec2n_point *ec2np_ptr;
-typedef _ec2n_point ec2np_t[1];
-
-#define EC2NP_SWAP(k,n) do \
- { \
- int _i_; \
-\
- _i_ = (k)->inf; \
- (k)->inf = (n)->inf; \
- (n)->inf = _i_; \
- B2N_SWAP ((k)->x, (n)->x); \
- B2N_SWAP ((k)->y, (n)->y); \
- } \
-while (0)
-
-void ec2np_init(ec2np_ptr);
-void ec2np_clear(ec2np_ptr);
-int ec2np_set(ec2np_ptr, ec2np_ptr);
-
-#define ec2np_set_x_ui(n, y) b2n_set_ui ((n)->x, y)
-#define ec2np_set_y_ui(n, x) b2n_set_ui ((n)->y, x)
-#define ec2np_set_x_str(n, y) b2n_set_str ((n)->x, y)
-#define ec2np_set_y_str(n, x) b2n_set_str ((n)->y, x)
-
-/* Definitions for the group to which the points to belong to. */
-
-typedef struct {
- b2n_t a, b, p;
-} _ec2n_group;
-
-typedef _ec2n_group *ec2ng_ptr;
-typedef _ec2n_group ec2ng_t[1];
-
-void ec2ng_init(ec2ng_ptr);
-void ec2ng_clear(ec2ng_ptr);
-int ec2ng_set(ec2ng_ptr, ec2ng_ptr);
-
-#define ec2ng_set_a_ui(n, x) b2n_set_ui ((n)->a, x)
-#define ec2ng_set_b_ui(n, x) b2n_set_ui ((n)->b, x)
-#define ec2ng_set_p_ui(n, x) b2n_set_ui ((n)->p, x)
-#define ec2ng_set_a_str(n, x) b2n_set_str ((n)->a, x)
-#define ec2ng_set_b_str(n, x) b2n_set_str ((n)->b, x)
-#define ec2ng_set_p_str(n, x) b2n_set_str ((n)->p, x)
-
-/* Functions for computing on the elliptic group. */
-
-int ec2np_add(ec2np_ptr, ec2np_ptr, ec2np_ptr, ec2ng_ptr);
-int ec2np_find_y(ec2np_ptr, ec2ng_ptr);
-int ec2np_ison(ec2np_ptr, ec2ng_ptr);
-int ec2np_mul(ec2np_ptr, ec2np_ptr, b2n_ptr, ec2ng_ptr);
-int ec2np_right(b2n_ptr n, ec2np_ptr, ec2ng_ptr);
-
-#endif /* _MATH_2N_H_ */
diff --git a/sbin/isakmpd/math_group.c b/sbin/isakmpd/math_group.c
deleted file mode 100644
index cace9cb3022..00000000000
--- a/sbin/isakmpd/math_group.c
+++ /dev/null
@@ -1,878 +0,0 @@
-/* $OpenBSD: math_group.c,v 1.32 2006/07/24 11:45:44 ho Exp $ */
-/* $EOM: math_group.c,v 1.25 2000/04/07 19:53:26 niklas Exp $ */
-
-/*
- * Copyright (c) 1998 Niels Provos. All rights reserved.
- * Copyright (c) 1999, 2000 Niklas Hallqvist. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/*
- * This code was written under funding by Ericsson Radio Systems.
- */
-
-#include <sys/param.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "log.h"
-#include "math_2n.h"
-#include "math_ec2n.h"
-#include "math_group.h"
-#include "math_mp.h"
-#include "util.h"
-
-/* We do not want to export these definitions. */
-int modp_getlen(struct group *);
-void modp_getraw(struct group *, math_mp_t, u_int8_t *);
-int modp_setraw(struct group *, math_mp_t, u_int8_t *, int);
-int modp_setrandom(struct group *, math_mp_t);
-int modp_operation(struct group *, math_mp_t, math_mp_t, math_mp_t);
-int modp_validate_public(struct group *, math_mp_t);
-
-int ec2n_getlen(struct group *);
-void ec2n_getraw(struct group *, ec2np_ptr, u_int8_t *);
-int ec2n_setraw(struct group *, ec2np_ptr, u_int8_t *, int);
-int ec2n_setrandom(struct group *, ec2np_ptr);
-int ec2n_operation(struct group *, ec2np_ptr, ec2np_ptr, ec2np_ptr);
-int ec2n_validate_public(struct group *, ec2np_ptr);
-
-struct ec2n_group {
- ec2np_t gen; /* Generator */
- ec2ng_t grp;
- ec2np_t a, b, c, d;
-};
-
-struct modp_group {
- math_mp_t gen; /* Generator */
- math_mp_t p; /* Prime */
- math_mp_t a, b, c, d;
-};
-
-/*
- * This module provides access to the operations on the specified group
- * and is absolutely free of any cryptographic devices. This is math :-).
- */
-
-#define OAKLEY_GRP_1 1
-#define OAKLEY_GRP_2 2
-#define OAKLEY_GRP_3 3
-#define OAKLEY_GRP_4 4
-#define OAKLEY_GRP_5 5
-#define OAKLEY_GRP_6 6
-#define OAKLEY_GRP_7 7
-#define OAKLEY_GRP_8 8
-#define OAKLEY_GRP_9 9
-#define OAKLEY_GRP_10 10
-#define OAKLEY_GRP_11 11
-#define OAKLEY_GRP_12 12
-#define OAKLEY_GRP_13 13
-#define OAKLEY_GRP_14 14
-#define OAKLEY_GRP_15 15
-#define OAKLEY_GRP_16 16
-#define OAKLEY_GRP_17 17
-#define OAKLEY_GRP_18 18
-
-/* Describe preconfigured MODP groups */
-
-/*
- * The Generalized Number Field Sieve has an asymptotic running time
- * of: O(exp(1.9223 * (ln q)^(1/3) (ln ln q)^(2/3))), where q is the
- * group order, e.g. q = 2**768.
- */
-
-struct modp_dscr oakley_modp[] =
-{
- {OAKLEY_GRP_1, 72, /* This group is insecure, only sufficient
- * for DES */
- "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
- "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
- "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
- "E485B576625E7EC6F44C42E9A63A3620FFFFFFFFFFFFFFFF",
- "0x02"
- },
- {OAKLEY_GRP_2, 82, /* This group is a bit better */
- "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
- "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
- "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
- "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
- "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381"
- "FFFFFFFFFFFFFFFF",
- "0x02"
- },
- {OAKLEY_GRP_5, 102,
- "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
- "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
- "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
- "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
- "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
- "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
- "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
- "670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF",
- "0x02"
- },
- {OAKLEY_GRP_14, 135, /* 2048 bit */
- "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
- "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
- "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
- "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
- "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
- "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
- "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
- "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
- "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
- "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
- "15728E5A8AACAA68FFFFFFFFFFFFFFFF",
- "0x02"
- },
- {OAKLEY_GRP_15, 170, /* 3072 bit */
- "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
- "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
- "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
- "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
- "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
- "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
- "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
- "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
- "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
- "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
- "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
- "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
- "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
- "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
- "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
- "43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF",
- "0x02"
- },
- {OAKLEY_GRP_16, 195, /* 4096 bit */
- "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
- "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
- "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
- "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
- "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
- "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
- "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
- "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
- "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
- "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
- "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
- "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
- "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
- "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
- "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
- "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7"
- "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA"
- "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6"
- "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED"
- "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9"
- "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199"
- "FFFFFFFFFFFFFFFF",
- "0x02"
- },
- {OAKLEY_GRP_17, 220, /* 6144 bit */
- "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
- "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
- "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
- "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
- "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
- "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
- "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
- "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
- "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
- "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
- "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
- "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
- "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
- "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
- "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
- "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7"
- "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA"
- "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6"
- "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED"
- "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9"
- "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492"
- "36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BD"
- "F8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831"
- "179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1B"
- "DB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF"
- "5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6"
- "D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F3"
- "23A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA"
- "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE328"
- "06A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55C"
- "DA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE"
- "12BF2D5B0B7474D6E694F91E6DCC4024FFFFFFFFFFFFFFFF",
- "0x02"
- },
- {OAKLEY_GRP_18, 250, /* 8192 bit */
- "0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
- "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
- "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
- "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
- "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
- "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
- "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
- "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
- "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
- "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
- "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
- "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
- "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
- "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
- "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
- "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7"
- "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA"
- "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6"
- "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED"
- "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9"
- "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492"
- "36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BD"
- "F8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831"
- "179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1B"
- "DB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF"
- "5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6"
- "D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F3"
- "23A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA"
- "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE328"
- "06A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55C"
- "DA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE"
- "12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E4"
- "38777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300"
- "741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F568"
- "3423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD9"
- "22222E04A4037C0713EB57A81A23F0C73473FC646CEA306B"
- "4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A"
- "062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A36"
- "4597E899A0255DC164F31CC50846851DF9AB48195DED7EA1"
- "B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F92"
- "4009438B481C6CD7889A002ED5EE382BC9190DA6FC026E47"
- "9558E4475677E9AA9E3050E2765694DFC81F56E880B96E71"
- "60C980DD98EDD3DFFFFFFFFFFFFFFFFF",
- "0x02"
- },
-};
-
-/* Describe preconfigured EC2N groups */
-
-/*
- * Related collision-search methods can compute discrete logarithms
- * in O(sqrt(r)), r being the subgroup order.
- */
-
-struct ec2n_dscr oakley_ec2n[] = {
- { OAKLEY_GRP_3, 76, /* This group is also considered insecure
- * (P1363) */
- "0x0800000000000000000000004000000000000001",
- "0x7b",
- "0x00",
- "0x7338f" },
- { OAKLEY_GRP_4, 91,
- "0x020000000000000000000000000000200000000000000001",
- "0x18",
- "0x00",
- "0x1ee9" },
-};
-
-/* XXX I want to get rid of the casting here. */
-struct group groups[] = {
- {
- MODP, OAKLEY_GRP_1, 0, &oakley_modp[0], 0, 0, 0, 0, 0,
- (int (*) (struct group *)) modp_getlen,
- (void (*) (struct group *, void *, u_int8_t *)) modp_getraw,
- (int (*) (struct group *, void *, u_int8_t *, int)) modp_setraw,
- (int (*) (struct group *, void *)) modp_setrandom,
- (int (*) (struct group *, void *, void *, void *)) modp_operation,
- (int (*) (struct group *, void *)) modp_validate_public
- },
- {
- MODP, OAKLEY_GRP_2, 0, &oakley_modp[1], 0, 0, 0, 0, 0,
- (int (*) (struct group *)) modp_getlen,
- (void (*) (struct group *, void *, u_int8_t *)) modp_getraw,
- (int (*) (struct group *, void *, u_int8_t *, int)) modp_setraw,
- (int (*) (struct group *, void *)) modp_setrandom,
- (int (*) (struct group *, void *, void *, void *)) modp_operation,
- (int (*) (struct group *, void *)) modp_validate_public
- },
- {
- EC2N, OAKLEY_GRP_3, 0, &oakley_ec2n[0], 0, 0, 0, 0, 0,
- (int (*) (struct group *)) ec2n_getlen,
- (void (*) (struct group *, void *, u_int8_t *)) ec2n_getraw,
- (int (*) (struct group *, void *, u_int8_t *, int)) ec2n_setraw,
- (int (*) (struct group *, void *)) ec2n_setrandom,
- (int (*) (struct group *, void *, void *, void *)) ec2n_operation,
- (int (*) (struct group *, void *)) ec2n_validate_public
- },
- {
- EC2N, OAKLEY_GRP_4, 0, &oakley_ec2n[1], 0, 0, 0, 0, 0,
- (int (*) (struct group *)) ec2n_getlen,
- (void (*) (struct group *, void *, u_int8_t *)) ec2n_getraw,
- (int (*) (struct group *, void *, u_int8_t *, int)) ec2n_setraw,
- (int (*) (struct group *, void *)) ec2n_setrandom,
- (int (*) (struct group *, void *, void *, void *)) ec2n_operation,
- (int (*) (struct group *, void *)) ec2n_validate_public
- },
- {
- MODP, OAKLEY_GRP_5, 0, &oakley_modp[2], 0, 0, 0, 0, 0,
- (int (*) (struct group *)) modp_getlen,
- (void (*) (struct group *, void *, u_int8_t *)) modp_getraw,
- (int (*) (struct group *, void *, u_int8_t *, int)) modp_setraw,
- (int (*) (struct group *, void *)) modp_setrandom,
- (int (*) (struct group *, void *, void *, void *)) modp_operation,
- (int (*) (struct group *, void *)) modp_validate_public
- },
- /* XXX Higher EC2N group go here... */
- /* XXX group 6 to 13 are not yet defined (draft-ike-ecc) */
- {
- NOTYET, OAKLEY_GRP_6, 0, NULL, 0, 0, 0, 0, 0,
- NULL, NULL, NULL, NULL, NULL
- },
- {
- NOTYET, OAKLEY_GRP_7, 0, NULL, 0, 0, 0, 0, 0,
- NULL, NULL, NULL, NULL, NULL
- },
- {
- NOTYET, OAKLEY_GRP_8, 0, NULL, 0, 0, 0, 0, 0,
- NULL, NULL, NULL, NULL, NULL
- },
- {
- NOTYET, OAKLEY_GRP_9, 0, NULL, 0, 0, 0, 0, 0,
- NULL, NULL, NULL, NULL, NULL
- },
- {
- NOTYET, OAKLEY_GRP_10, 0, NULL, 0, 0, 0, 0, 0,
- NULL, NULL, NULL, NULL, NULL
- },
- {
- NOTYET, OAKLEY_GRP_11, 0, NULL, 0, 0, 0, 0, 0,
- NULL, NULL, NULL, NULL, NULL
- },
- {
- NOTYET, OAKLEY_GRP_12, 0, NULL, 0, 0, 0, 0, 0,
- NULL, NULL, NULL, NULL, NULL
- },
- {
- NOTYET, OAKLEY_GRP_13, 0, NULL, 0, 0, 0, 0, 0,
- NULL, NULL, NULL, NULL, NULL
- },
- {
- MODP, OAKLEY_GRP_14, 0, &oakley_modp[3], 0, 0, 0, 0, 0,
- (int (*) (struct group *)) modp_getlen,
- (void (*) (struct group *, void *, u_int8_t *)) modp_getraw,
- (int (*) (struct group *, void *, u_int8_t *, int)) modp_setraw,
- (int (*) (struct group *, void *)) modp_setrandom,
- (int (*) (struct group *, void *, void *, void *)) modp_operation,
- (int (*) (struct group *, void *)) modp_validate_public
- },
- {
- MODP, OAKLEY_GRP_15, 0, &oakley_modp[4], 0, 0, 0, 0, 0,
- (int (*) (struct group *)) modp_getlen,
- (void (*) (struct group *, void *, u_int8_t *)) modp_getraw,
- (int (*) (struct group *, void *, u_int8_t *, int)) modp_setraw,
- (int (*) (struct group *, void *)) modp_setrandom,
- (int (*) (struct group *, void *, void *, void *)) modp_operation,
- (int (*) (struct group *, void *)) modp_validate_public
- },
- {
- MODP, OAKLEY_GRP_16, 0, &oakley_modp[5], 0, 0, 0, 0, 0,
- (int (*) (struct group *)) modp_getlen,
- (void (*) (struct group *, void *, u_int8_t *)) modp_getraw,
- (int (*) (struct group *, void *, u_int8_t *, int)) modp_setraw,
- (int (*) (struct group *, void *)) modp_setrandom,
- (int (*) (struct group *, void *, void *, void *)) modp_operation,
- (int (*) (struct group *, void *)) modp_validate_public
- },
- {
- MODP, OAKLEY_GRP_17, 0, &oakley_modp[6], 0, 0, 0, 0, 0,
- (int (*) (struct group *)) modp_getlen,
- (void (*) (struct group *, void *, u_int8_t *)) modp_getraw,
- (int (*) (struct group *, void *, u_int8_t *, int)) modp_setraw,
- (int (*) (struct group *, void *)) modp_setrandom,
- (int (*) (struct group *, void *, void *, void *)) modp_operation,
- (int (*) (struct group *, void *)) modp_validate_public
- },
- {
- MODP, OAKLEY_GRP_18, 0, &oakley_modp[7], 0, 0, 0, 0, 0,
- (int (*) (struct group *)) modp_getlen,
- (void (*) (struct group *, void *, u_int8_t *)) modp_getraw,
- (int (*) (struct group *, void *, u_int8_t *, int)) modp_setraw,
- (int (*) (struct group *, void *)) modp_setrandom,
- (int (*) (struct group *, void *, void *, void *)) modp_operation,
- (int (*) (struct group *, void *)) modp_validate_public
- },
-};
-
-/*
- * Initialize the group structure for later use,
- * this is done by converting the values given in the description
- * and converting them to their native representation.
- */
-void
-group_init(void)
-{
- int i;
-
- for (i = sizeof(groups) / sizeof(groups[0]) - 1; i >= 0; i--)
- switch (groups[i].type) {
- case EC2N: /* Initialize an Elliptic Curve over GF(2**n) */
- ec2n_init(&groups[i]);
- break;
-
- case MODP: /* Initialize an over GF(p) */
- modp_init(&groups[i]);
- break;
-
- case NOTYET: /* Not yet assigned, drop silently */
- break;
-
- default:
- log_print("Unknown group type %d at index %d in "
- "group_init().", groups[i].type, i);
- break;
- }
-}
-
-struct group *
-group_get(u_int32_t id)
-{
- struct group *new, *clone;
-
- if (id < 1 || id > (sizeof(groups) / sizeof(groups[0]))) {
- log_print("group_get: group ID (%u) out of range", id);
- return 0;
- }
- clone = &groups[id - 1];
-
- new = malloc(sizeof *new);
- if (!new) {
- log_error("group_get: malloc (%lu) failed",
- (unsigned long)sizeof *new);
- return 0;
- }
- switch (clone->type) {
- case EC2N:
- new = ec2n_clone(new, clone);
- break;
- case MODP:
- new = modp_clone(new, clone);
- break;
- default:
- log_print("group_get: unknown group type %d", clone->type);
- free(new);
- return 0;
- }
- LOG_DBG((LOG_MISC, 70, "group_get: returning %p of group %d", new,
- new->id));
- return new;
-}
-
-void
-group_free(struct group *grp)
-{
- switch (grp->type) {
- case EC2N:
- ec2n_free(grp);
- break;
- case MODP:
- modp_free(grp);
- break;
- default:
- log_print("group_free: unknown group type %d", grp->type);
- break;
- }
- free(grp);
-}
-
-struct group *
-modp_clone(struct group *new, struct group *clone)
-{
- struct modp_group *new_grp, *clone_grp = clone->group;
-
- new_grp = malloc(sizeof *new_grp);
- if (!new_grp) {
- log_print("modp_clone: malloc (%lu) failed",
- (unsigned long)sizeof *new_grp);
- free(new);
- return 0;
- }
- memcpy(new, clone, sizeof(struct group));
-
- new->group = new_grp;
- new_grp->p = BN_dup(clone_grp->p);
- new_grp->gen = BN_dup(clone_grp->gen);
-
- new_grp->a = BN_new();
- new_grp->b = BN_new();
- new_grp->c = BN_new();
-
- new->gen = new_grp->gen;
- new->a = new_grp->a;
- new->b = new_grp->b;
- new->c = new_grp->c;
-
- return new;
-}
-
-void
-modp_free(struct group *old)
-{
- struct modp_group *grp = old->group;
-
- BN_clear_free(grp->p);
- BN_clear_free(grp->gen);
- BN_clear_free(grp->a);
- BN_clear_free(grp->b);
- BN_clear_free(grp->c);
-
- free(grp);
-}
-
-void
-modp_init(struct group *group)
-{
- struct modp_dscr *dscr = (struct modp_dscr *)group->group;
- struct modp_group *grp;
-
- grp = malloc(sizeof *grp);
- if (!grp)
- log_fatal("modp_init: malloc (%lu) failed",
- (unsigned long)sizeof *grp);
-
- group->bits = dscr->bits;
-
- grp->p = BN_new();
- BN_hex2bn(&grp->p, dscr->prime + 2);
- grp->gen = BN_new();
- BN_hex2bn(&grp->gen, dscr->gen + 2);
-
- grp->a = BN_new();
- grp->b = BN_new();
- grp->c = BN_new();
-
- group->gen = grp->gen;
- group->a = grp->a;
- group->b = grp->b;
- group->c = grp->c;
-
- group->group = grp;
-}
-
-struct group *
-ec2n_clone(struct group *new, struct group *clone)
-{
- struct ec2n_group *new_grp, *clone_grp = clone->group;
-
- new_grp = malloc(sizeof *new_grp);
- if (!new_grp) {
- log_error("ec2n_clone: malloc (%lu) failed",
- (unsigned long)sizeof *new_grp);
- free(new);
- return 0;
- }
- memcpy(new, clone, sizeof(struct group));
-
- new->group = new_grp;
- ec2ng_init(new_grp->grp);
- ec2np_init(new_grp->gen);
- ec2np_init(new_grp->a);
- ec2np_init(new_grp->b);
- ec2np_init(new_grp->c);
-
- if (ec2ng_set(new_grp->grp, clone_grp->grp))
- goto fail;
- if (ec2np_set(new_grp->gen, clone_grp->gen))
- goto fail;
-
- new->gen = new_grp->gen;
- new->a = new_grp->a;
- new->b = new_grp->b;
- new->c = new_grp->c;
- new->d = ((ec2np_ptr) new->a)->x;
-
- return new;
-
-fail:
- ec2ng_clear(new_grp->grp);
- ec2np_clear(new_grp->gen);
- ec2np_clear(new_grp->a);
- ec2np_clear(new_grp->b);
- ec2np_clear(new_grp->c);
- free(new_grp);
- free(new);
- return 0;
-}
-
-void
-ec2n_free(struct group *old)
-{
- struct ec2n_group *grp = old->group;
-
- ec2ng_clear(grp->grp);
- ec2np_clear(grp->gen);
- ec2np_clear(grp->a);
- ec2np_clear(grp->b);
- ec2np_clear(grp->c);
-
- free(grp);
-}
-
-void
-ec2n_init(struct group *group)
-{
- struct ec2n_dscr *dscr = (struct ec2n_dscr *)group->group;
- struct ec2n_group *grp;
-
- grp = malloc(sizeof *grp);
- if (!grp)
- log_fatal("ec2n_init: malloc (%lu) failed",
- (unsigned long)sizeof *grp);
-
- group->bits = dscr->bits;
-
- ec2ng_init(grp->grp);
- ec2np_init(grp->gen);
- ec2np_init(grp->a);
- ec2np_init(grp->b);
- ec2np_init(grp->c);
-
- if (ec2ng_set_p_str(grp->grp, dscr->polynomial))
- goto fail;
- grp->grp->p->bits = b2n_sigbit(grp->grp->p);
- if (ec2ng_set_a_str(grp->grp, dscr->a))
- goto fail;
- if (ec2ng_set_b_str(grp->grp, dscr->b))
- goto fail;
-
- if (ec2np_set_x_str(grp->gen, dscr->gen_x))
- goto fail;
- if (ec2np_find_y(grp->gen, grp->grp))
- goto fail;
-
- /* Sanity check */
- if (!ec2np_ison(grp->gen, grp->grp))
- log_fatal("ec2n_init: generator is not on curve");
-
- group->gen = grp->gen;
- group->a = grp->a;
- group->b = grp->b;
- group->c = grp->c;
- group->d = ((ec2np_ptr) group->a)->x;
-
- group->group = grp;
- return;
-
-fail:
- log_fatal("ec2n_init: general failure");
-}
-
-int
-modp_getlen(struct group *group)
-{
- struct modp_group *grp = (struct modp_group *)group->group;
-
- return BN_num_bytes(grp->p);
-}
-
-void
-modp_getraw(struct group *grp, math_mp_t v, u_int8_t *d)
-{
- math_mp_t a;
- int len;
-
- len = grp->getlen(grp);
-
- /* XXX bn2bin? */
- a = BN_dup(v);
-
- while (len-- > 0)
- d[len] = BN_div_word(a, 256);
-
- BN_clear_free(a);
-}
-
-int
-modp_setraw(struct group *group, math_mp_t d, u_int8_t *s, int l)
-{
- if (BN_bin2bn(s, l, d) == NULL)
- return -1;
-
- return 0;
-}
-
-int
-modp_setrandom(struct group *grp, math_mp_t d)
-{
- int i, l = grp->getlen(grp);
- u_int32_t tmp = 0;
-
- BN_set_word(d, 0);
-
- for (i = 0; i < l; i++) {
- if (i % 4)
- tmp = rand_32();
-
- BN_lshift(d, d, 8);
- BN_add_word(d, tmp & 0xFF);
- tmp >>= 8;
- }
- return 0;
-}
-
-int
-modp_operation(struct group *group, math_mp_t d, math_mp_t a, math_mp_t e)
-{
- struct modp_group *grp = (struct modp_group *)group->group;
-
- BN_CTX *ctx = BN_CTX_new();
- BN_mod_exp(d, a, e, grp->p, ctx);
- BN_CTX_free(ctx);
- return 0;
-}
-
-int
-modp_validate_public(struct group *group, math_mp_t pub_exp)
-{
- struct modp_group *grp = (struct modp_group *)group->group;
- int i, len, bits_set;
- math_mp_t tmp;
-
- /*
- * Sanity checks from RFC2412 section 2.3.1.1:
- * Ensure that peer does not send us <0, 0, 1, p-1 or >= p
- */
- if (BN_cmp(pub_exp, BN_value_one()) != 1) /* pub_exp <= 1 */
- return -1;
- if ((tmp = BN_new()) == NULL)
- return -1;
- if (!BN_sub(tmp, grp->p, BN_value_one()) ||
- BN_cmp(pub_exp, tmp) != -1) { /* pub_exp > p-2 */
- BN_clear_free(tmp);
- return -1;
- }
- BN_clear_free(tmp);
-
- /*
- * Another sanity check: when the generator is 2 and the
- * population count of the public exponent is 1, then
- * computing log_g(pub_exp) is trivial.
- */
- len = BN_num_bits(pub_exp);
- for (bits_set = i = 0; i < len; i++) {
- if (BN_is_bit_set(pub_exp, i))
- bits_set++;
- }
- if (bits_set <= 1)
- return -1;
-
- return 0;
-}
-
-int
-ec2n_getlen(struct group *group)
-{
- struct ec2n_group *grp = (struct ec2n_group *)group->group;
- int bits = b2n_sigbit(grp->grp->p) - 1;
-
- return (7 + bits) >> 3;
-}
-
-void
-ec2n_getraw(struct group *group, ec2np_ptr xo, u_int8_t *e)
-{
- struct ec2n_group *grp = (struct ec2n_group *) group->group;
- int chunks, bytes, i, j;
- b2n_ptr x = xo->x;
- CHUNK_TYPE tmp;
-
- bytes = b2n_sigbit(grp->grp->p) - 1;
- chunks = (CHUNK_MASK + bytes) >> CHUNK_SHIFTS;
- bytes = ((7 + (bytes & CHUNK_MASK)) >> 3);
-
- for (i = chunks - 1; i >= 0; i--) {
- tmp = (i >= x->chunks ? 0 : x->limp[i]);
- for (j = (i == chunks - 1 ? bytes : CHUNK_BYTES) - 1; j >= 0;
- j--) {
- e[j] = tmp & 0xff;
- tmp >>= 8;
- }
- e += (i == chunks - 1 ? bytes : CHUNK_BYTES);
- }
-}
-
-int
-ec2n_setraw(struct group *grp, ec2np_ptr out, u_int8_t *s, int l)
-{
- int len, bytes, i, j;
- b2n_ptr outx = out->x;
- CHUNK_TYPE tmp;
-
- len = (CHUNK_BYTES - 1 + l) / CHUNK_BYTES;
- if (b2n_resize(outx, len))
- return -1;
-
- bytes = ((l - 1) % CHUNK_BYTES) + 1;
-
- for (i = len - 1; i >= 0; i--) {
- tmp = 0;
- for (j = (i == len - 1 ? bytes : CHUNK_BYTES); j > 0; j--) {
- tmp <<= 8;
- tmp |= *s++;
- }
- outx->limp[i] = tmp;
- }
- return 0;
-}
-
-int
-ec2n_setrandom(struct group *group, ec2np_ptr x)
-{
- b2n_ptr d = x->x;
- struct ec2n_group *grp = (struct ec2n_group *) group->group;
-
- return b2n_random(d, b2n_sigbit(grp->grp->p) - 1);
-}
-
-/*
- * This is an attempt at operation abstraction. It can happen
- * that we need to initialize the y variable for the operation
- * to proceed correctly. When this is the case operation has
- * to supply the variable 'a' with the chunks of the Y coordinate
- * set to zero.
- */
-int
-ec2n_operation(struct group *grp, ec2np_ptr d, ec2np_ptr a, ec2np_ptr e)
-{
- b2n_ptr ex = e->x;
- struct ec2n_group *group = (struct ec2n_group *)grp->group;
-
- if (a->y->chunks == 0)
- if (ec2np_find_y(a, group->grp))
- return -1;
-
- return ec2np_mul(d, a, ex, group->grp);
-}
-
-int
-ec2n_validate_public(struct group *grp, ec2np_ptr p)
-{
- /* XXX: needs similar checks to modp_validate_public() */
- return 0;
-}
diff --git a/sbin/isakmpd/math_group.h b/sbin/isakmpd/math_group.h
deleted file mode 100644
index 5ac35503bff..00000000000
--- a/sbin/isakmpd/math_group.h
+++ /dev/null
@@ -1,95 +0,0 @@
-/* $OpenBSD: math_group.h,v 1.12 2006/06/02 19:35:55 hshoexer Exp $ */
-/* $EOM: math_group.h,v 1.7 1999/04/17 23:20:40 niklas Exp $ */
-
-/*
- * Copyright (c) 1998 Niels Provos. All rights reserved.
- * Copyright (c) 1999 Niklas Hallqvist. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/*
- * This code was written under funding by Ericsson Radio Systems.
- */
-
-#ifndef _MATH_GROUP_H_
-#define _MATH_GROUP_H_
-
-enum groups {
- MODP, /* F_p, Z modulo a prime */
- EC2N, /* Elliptic Curve over the Field GF(2**N) */
- ECP, /* Elliptic Curve over the Field Z_p */
- NOTYET /* Not yet assigned */
-};
-
-/*
- * The group on which diffie hellmann calculations are done.
- */
-
-struct group {
- enum groups type;
- int id; /* Group ID */
- int bits; /* Number of key bits provided by this group */
- void *group;
- void *a, *b, *c, *d;
- void *gen; /* Group Generator */
- int (*getlen) (struct group *);
- void (*getraw) (struct group *, void *, u_int8_t *);
- int (*setraw) (struct group *, void *, u_int8_t *, int);
- int (*setrandom) (struct group *, void *);
- int (*operation) (struct group *, void *, void *, void *);
- int (*validate_public) (struct group *, void *);
-};
-
-/* Description of an Elliptic Group over GF(2**n) for Boot-Strapping */
-
-struct ec2n_dscr {
- int id;
- int bits; /* Key Bits provided by this group */
- char *polynomial; /* Irreducible polynomial */
- char *gen_x; /* X - Coord. of Generator */
- char *a, *b; /* Curve Parameters */
-};
-
-/* Description of F_p for Boot-Strapping */
-
-struct modp_dscr {
- int id;
- int bits; /* Key Bits provided by this group */
- char *prime; /* Prime */
- char *gen; /* Generator */
-};
-
-/* Prototypes */
-
-void group_init(void);
-void group_free(struct group *);
-struct group *group_get(u_int32_t);
-
-void ec2n_free(struct group *);
-struct group *ec2n_clone(struct group *, struct group *);
-void ec2n_init(struct group *);
-
-void modp_free(struct group *);
-struct group *modp_clone(struct group *, struct group *);
-void modp_init(struct group *);
-
-#endif /* _MATH_GROUP_H_ */
diff --git a/sbin/isakmpd/math_mp.h b/sbin/isakmpd/math_mp.h
deleted file mode 100644
index 44887245b53..00000000000
--- a/sbin/isakmpd/math_mp.h
+++ /dev/null
@@ -1,39 +0,0 @@
-/* $OpenBSD: math_mp.h,v 1.7 2005/04/08 19:19:39 hshoexer Exp $ */
-/* $EOM: math_mp.h,v 1.4 2000/09/16 09:41:43 ho Exp $ */
-
-/*
- * Copyright (c) 1999, 2000 Niklas Hallqvist. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/*
- * This code was written under funding by Ericsson Radio Systems.
- */
-
-#ifndef _MATH_MP_H_
-#define _MATH_MP_H_
-
-#include <openssl/bn.h>
-
-typedef BIGNUM *math_mp_t;
-
-#endif /* _MATH_MP_H_ */
diff --git a/sbin/isakmpd/x509.c b/sbin/isakmpd/x509.c
index 6ee753ad1ae..7c954d4edb1 100644
--- a/sbin/isakmpd/x509.c
+++ b/sbin/isakmpd/x509.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509.c,v 1.112 2008/09/06 12:22:57 djm Exp $ */
+/* $OpenBSD: x509.c,v 1.113 2010/06/29 19:50:16 reyk Exp $ */
/* $EOM: x509.c,v 1.54 2001/01/16 18:42:16 ho Exp $ */
/*
@@ -53,7 +53,7 @@
#include "ike_auth.h"
#include "ipsec.h"
#include "log.h"
-#include "math_mp.h"
+#include "dh.h"
#include "monitor.h"
#include "policy.h"
#include "sa.h"
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.