Project

General

Profile

Issue #3148

Control flow to OpenSSL

Added by amritha rao about 1 month ago. Updated 23 days ago.

Status:
Feedback
Priority:
Normal
Assignee:
-
Category:
-
Affected version:
5.8.0
Resolution:

Description

Hi,

I could not find this info in the README section or in the Strongswan forum which is why I'm posting it here.
Suppose I'm using the OpenSSL engine to perform IKEv1 and IKEv2, then how does the control flow to OpenSSL?
Code for IKE I see is in libcharon. So I'm interested in understanding how does control from libstrongswan and libcharon and OpenSSL plugin.

Thanks in advance!

History

#1 Updated by Tobias Brunner about 1 month ago

  • Status changed from New to Feedback

What exactly do you want to know?

#2 Updated by Noel Kuntze about 1 month ago

OpenSSL is only used for cryptographic primitives, third party lib dependencies and certificate authentication (if no other plugin provides the functionality). OpenSSL never takes part in the IKE negotiation as part of the control flow of the protocol or the parsing of packets. Only its primitives are used for cryptographic operations (and certificate parsing and authentication).

#3 Updated by amritha rao about 1 month ago

Thanks for the response.
Where is the code that performs the key derivation?
What OpenSSL calls does it use?

#4 Updated by Noel Kuntze 30 days ago

Check the openssl plugin's source code in the repository (git.strongswan.org or Github.

#5 Updated by amritha rao 23 days ago

Thanks for the response.
I've already looked into the openssl plugin. What I want to know is, how OpenSSL gets used to perform Key derivation of IKE keys.

Also available in: Atom PDF