Replace the hand-crafted Diffie-Hellman implementation in isakmpd with

the smaller implementation from iked that is using libcrypto instead.
This allows to remove a lot of code (which is always good), get rid of
some custom crypto code by using libcrypto, theoretically adds
support for many new MODP and EC2N/ECP modes (but it is not configurable
yet), and allows to share the dh.c/dh.h code in different codebases
(it is identical in isakmpd and iked, but could also be used elsewhere).

ok deraadt@

2 files changed, 32 insertions, 53 deletions

diff --git a/regress/sbin/isakmpd/dh/Makefile b/regress/sbin/isakmpd/dh/Makefile
index 032550bb7e8..41dba838c45 100644
--- a/regress/sbin/isakmpd/dh/Makefile
+++ b/regress/sbin/isakmpd/dh/Makefile
@@ -1,11 +1,10 @@
-#	$OpenBSD: Makefile,v 1.1 2005/04/08 17:12:48 cloder Exp $
+#	$OpenBSD: Makefile,v 1.2 2010/06/29 19:50:16 reyk Exp $
 #	$EOM: Makefile,v 1.10 2000/04/07 20:19:43 niklas Exp $
 
 # Test DH:
 
 PROG=		dhtest
-SRCS=		math_2n.c math_ec2n.c math_group.c dh.c dhtest.c log.c util.c \
-		sysdep.c gmp_util.c conf.c
+SRCS=		dh.c dhtest.c
 TOPSRC=		${.CURDIR}/../../../../sbin/isakmpd
 TOPOBJ!=	cd ${TOPSRC}; printf "all:\n\t@pwd\n" |${MAKE} -f-
 OS!=		awk '/^OS=/ { print $$2 }' ${.CURDIR}/../../Makefile
diff --git a/regress/sbin/isakmpd/dh/dhtest.c b/regress/sbin/isakmpd/dh/dhtest.c
index 7e4faa0de6f..7993d85c10b 100644
--- a/regress/sbin/isakmpd/dh/dhtest.c
+++ b/regress/sbin/isakmpd/dh/dhtest.c
@@ -1,7 +1,8 @@
-/*	$OpenBSD: dhtest.c,v 1.1 2005/04/08 17:12:48 cloder Exp $	*/
+/*	$OpenBSD: dhtest.c,v 1.2 2010/06/29 19:50:16 reyk Exp $	*/
 /*	$EOM: dhtest.c,v 1.1 1998/07/18 21:14:20 provos Exp $	*/
 
 /*
+ * Copyright (c) 2010 Reyk Floeter <reyk@vantronix.net>
  * Copyright (c) 1998 Niels Provos.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -37,66 +38,45 @@
 #include <string.h>
 #include <stdio.h>
 
-#include "math_group.h"
 #include "dh.h"
 
-#define DUMP_X(_x_) point = (_x_); b2n_print (point->x);
-
 int
-main (void)
+main(void)
 {
-  int len;
-  char buf[100], buf2[100];
-  char sec[100], sec2[100];
-  struct group *group, *group2;
-
-  group_init ();
-  group = group_get (4);
-  group2 = group_get (4);
-
-  printf ("Testing DH (elliptic curve): \n");
-
-  printf ("dh_getlen\n");
-  len = dh_getlen (group);
-  printf ("dh_create_exchange\n");
-  dh_create_exchange (group, buf);
-  dh_create_exchange (group2, buf2);
-
-  printf ("dh_create_shared\n");
-  dh_create_shared (group, sec, buf2);
-  dh_create_shared (group2, sec2, buf);
+	int len, id;
+	char buf[DH_MAXSZ], buf2[DH_MAXSZ];
+	char sec[DH_MAXSZ], sec2[DH_MAXSZ];
+	struct group *group, *group2;
+	const char *name[] = { "MODP", "EC2N", "ECP" };
 
-  printf ("Result: ");
-  if (memcmp (sec, sec2, len))
-    printf ("FAILED ");
-  else
-    printf ("OKAY ");
+	group_init();
 
-  group_free (group);
-  group_free (group2);
+	for (id = 0; id < 0xff; id++) {
+		if ((group = group_get(id)) == NULL ||
+		    (group2 = group_get(id)) == NULL)
+			continue;
 
-  printf ("\nTesting DH (MODP): \n");
+		printf ("Testing group %d (%s%d): ", id,
+		    name[group->spec->type],
+		    group->spec->bits);
 
-  group = group_get (1);
-  group2 = group_get (1);
+		len = dh_getlen(group);
 
-  printf ("dh_getlen\n");
-  len = dh_getlen (group);
-  printf ("dh_create_exchange\n");
-  dh_create_exchange (group, buf);
-  dh_create_exchange (group2, buf2);
+		dh_create_exchange(group, buf);
+		dh_create_exchange(group2, buf2);
 
-  printf ("dh_create_shared\n");
-  dh_create_shared (group, sec, buf2);
-  dh_create_shared (group2, sec2, buf);
+		dh_create_shared(group, sec, buf2);
+		dh_create_shared(group2, sec2, buf);
 
-  printf ("Result: ");
-  if (memcmp (sec, sec2, len))
-    printf ("FAILED ");
-  else
-    printf ("OKAY ");
+		if (memcmp (sec, sec2, len)) {
+			printf("FAILED\n");
+			return (1);
+		} else
+			printf("OKAY\n");
 
+		group_free(group);
+		group_free(group2);
+	}
 
-  printf ("\n");
-  return 0;
+	return (0);
 }