///////////////////////////////////////////////////////////////////////////////
//
// Copyright (c) 2000-2019 Ericsson Telecom AB
//
// All rights reserved. This program and the accompanying materials
// are made available under the terms of the Eclipse Public License v2.0
// which accompanies this distribution, and is available at
// https://www.eclipse.org/org/documents/epl-2.0/EPL-2.0.html
///////////////////////////////////////////////////////////////////////////////
//
//  File:               TCCOpenSecurity.cc
//  Description:        TCC Useful Functions: Security Functions
//  Rev:                R36B
//  Prodnr:             CNL 113 472
//
///////////////////////////////////////////////////////////////////////////////
#include "TCCOpenSecurity_Functions.hh"

#include <openssl/md5.h>
#include <openssl/hmac.h>
#include <openssl/aes.h>
#include <openssl/des.h>
#include <openssl/evp.h>
#include <openssl/dh.h>
#include <openssl/sha.h>
#include <openssl/rand.h>

#if OPENSSL_VERSION_NUMBER >= 0x10100000L
#include <openssl/modes.h>
#endif

namespace TCCOpenSecurity__Functions {
void tohex(unsigned char * Bin,unsigned char *Hex)
{
    unsigned short i;
    unsigned char j;

    for (i = 0; i < MD5_DIGEST_LENGTH; i++) {
        j = (Bin[i] >> 4) & 0xf;
        if (j <= 9)
            Hex[i*2] = (j + '0');
         else
            Hex[i*2] = (j + 'a' - 10);
        j = Bin[i] & 0xf;
        if (j <= 9)
            Hex[i*2+1] = (j + '0');
         else
            Hex[i*2+1] = (j + 'a' - 10);
    };
    Hex[MD5_DIGEST_LENGTH*2] = '\0';
}

void CalculateHA1(
    const CHARSTRING& alg,
    const CHARSTRING& username,
    const CHARSTRING& realm,
    const CHARSTRING& password,
    const CHARSTRING& nonce,
    const CHARSTRING& cnonce,
    CHARSTRING& sessionkey
    )
{
  MD5_CTX Md5Ctx;
  unsigned char ha1[MD5_DIGEST_LENGTH];
  unsigned char hexha1[MD5_DIGEST_LENGTH*2+1];

  MD5_Init(&Md5Ctx);
  MD5_Update(&Md5Ctx, (const char*)username, username.lengthof());
  MD5_Update(&Md5Ctx, ":", 1);
  MD5_Update(&Md5Ctx, (const char*)realm, realm.lengthof());
  MD5_Update(&Md5Ctx, ":", 1);
  MD5_Update(&Md5Ctx, (const char*)password,password.lengthof() );
  MD5_Final(ha1, &Md5Ctx);
  if (alg == "md5-sess" ) {
    MD5_Init(&Md5Ctx);
    MD5_Update(&Md5Ctx, ha1, MD5_DIGEST_LENGTH);
    MD5_Update(&Md5Ctx, ":", 1);
    MD5_Update(&Md5Ctx, nonce, nonce.lengthof());
    MD5_Update(&Md5Ctx, ":", 1);
    MD5_Update(&Md5Ctx, cnonce, cnonce.lengthof());
    MD5_Final(ha1, &Md5Ctx);
  };
  tohex(ha1,hexha1);
  sessionkey=CHARSTRING(MD5_DIGEST_LENGTH*2,(const char*)hexha1);
}

void CalculateDigestResponse(
    const CHARSTRING& ha1,        /* H(A1) */
    const CHARSTRING& nonce,      /* nonce from server */
    const CHARSTRING& nonceCount, /* 8 hex digits */
    const CHARSTRING& cnonce,     /* client nonce */
    const CHARSTRING& qop,        /* qop-value: "", "auth", "auth-int" */
    const CHARSTRING& method,     /* method from the request */
    const CHARSTRING& digestUri,  /* requested URL */
    const CHARSTRING& hentity,    /* H(entity body) if qop="auth-int" */
    CHARSTRING& response          /* request-digest or response-digest */
    )
{
  MD5_CTX Md5Ctx;
  unsigned char ha2[MD5_DIGEST_LENGTH];
  unsigned char hexha2[MD5_DIGEST_LENGTH*2+1];
  unsigned char resp[MD5_DIGEST_LENGTH];
  unsigned char hexresp[MD5_DIGEST_LENGTH*2+1];


  // calculate H(A2)
  MD5_Init(&Md5Ctx);
  MD5_Update(&Md5Ctx, (const char*)method, method.lengthof() );
  MD5_Update(&Md5Ctx, ":", 1);
  MD5_Update(&Md5Ctx, (const char*)digestUri, digestUri.lengthof());
  if (qop == "auth-int") {
    MD5_Update(&Md5Ctx, ":", 1);
    MD5_Update(&Md5Ctx, (const char*)hentity, hentity.lengthof());
  };
  MD5_Final(ha2, &Md5Ctx);

  // calculate response
  MD5_Init(&Md5Ctx);
  MD5_Update(&Md5Ctx, (const char*)ha1, ha1.lengthof());
  MD5_Update(&Md5Ctx, ":", 1);
  MD5_Update(&Md5Ctx, (const char*)nonce, nonce.lengthof());
  MD5_Update(&Md5Ctx, ":", 1);
  if (qop.lengthof()>0) {
    MD5_Update(&Md5Ctx, (const char*)nonceCount, nonceCount.lengthof());
    MD5_Update(&Md5Ctx, ":", 1);
    MD5_Update(&Md5Ctx, (const char*)cnonce, cnonce.lengthof());
    MD5_Update(&Md5Ctx, ":", 1);
    MD5_Update(&Md5Ctx, (const char*)qop, qop.lengthof() );
    MD5_Update(&Md5Ctx, ":", 1);
  };
  tohex(ha2,hexha2);
  
  MD5_Update(&Md5Ctx, (const char*)hexha2, MD5_DIGEST_LENGTH*2);
  MD5_Final(resp, &Md5Ctx);
  tohex(resp,hexresp);
  response=CHARSTRING(MD5_DIGEST_LENGTH*2,(const char*)hexresp);
}

///////////////////////////////////////////////////////////////////////////////
//  Function: f__calculateDigestResponse
//
//  Purpose:
//    Calculate digest response
//
//  Parameters:
//      nonce - *in* *charstring* -   a server-specified data string which may
//  `                                 be uniquely generated each time a 401
//                                    response is made
//      cnonce - *in* *charstring* -  client nonce
//      user - *in* *charstring* -    user name
//      realm - *in* *charstring* -   user realm
//      passwd - *in* *charstring* -  user password
//      alg - *in* *charstring* -     a string indicating a pair of algorithms
//                                    used to produce the digest and a checksum
//      nonceCount - *in* *charstring* - nonce count (8 hex digits)
//      method - *in* *charstring* -  method (from the request)
//      qop - *in* *charstring* -     qop-value: "", "auth", "auth-int"
//      URI - *in* *charstring* -     digest URI
//      HEntity - *in* *charstring* - H(entity body) if qop="auth-int"
//
//  Return Value:
//    charstring - digest response
//
//  Errors:
//    -
//
//  Detailed description:
//    Support HTTP authentication (detailed description in RFC 2617) using
//    uses one-way hash (md5) specified in RFC 1321.
//    When a request arrives to server for an access-protected object, it
//    responds an "401 Unauthorized" status code and a WWW-Authenticate
//    header (encapsulate nonce and other necessary parameters). The client
//    is expected to retry the request, passing an Authorization header with
//    response field calculated with f_calculateDigestResponse().
//
//    Overview: http://en.wikipedia.org/wiki/Digest_access_authentication
//
///////////////////////////////////////////////////////////////////////////////
CHARSTRING f__calculateDigestResponse(
  const CHARSTRING& nonce,
  const CHARSTRING& cnonce,
  const CHARSTRING& user,
  const CHARSTRING& realm,
  const CHARSTRING& passwd,
  const CHARSTRING& alg,
  const CHARSTRING& nonceCount,
  const CHARSTRING& method,
  const CHARSTRING& qop,
  const CHARSTRING& URI,
  const CHARSTRING& HEntity)
{
  CHARSTRING ha1;
  CHARSTRING Response;

  CalculateHA1(alg,user,realm,passwd,nonce,cnonce,ha1);

  CalculateDigestResponse(ha1,nonce,nonceCount,cnonce,qop,method,URI,HEntity,Response);

  return Response;
}

///////////////////////////////////////////////////////////////////////////////
//  Function: f__calculateDigestHA1
//
//  Purpose:
//    Calculate digest H(A1) hash
//
//  Parameters:
//      nonce - *in* *charstring* -   a server-specified data string which may
//  `                                 be uniquely generated each time a 401
//                                    response is made
//      cnonce - *in* *charstring* -  client nonce
//      user - *in* *charstring* -    user name
//      realm - *in* *charstring* -   user realm
//      passwd - *in* *charstring* -  user password
//      alg - *in* *charstring* -     a string indicating a pair of algorithms
//                                    used to produce the digest and a checksum
//
//  Return Value:
//    charstring - digest response
//
//  Errors:
//    -
//
//  Detailed description:
//    Overview: http://en.wikipedia.org/wiki/Digest_access_authentication
//
///////////////////////////////////////////////////////////////////////////////
CHARSTRING f__calculateDigestHA1(
  const CHARSTRING& nonce,
  const CHARSTRING& cnonce,
  const CHARSTRING& user,
  const CHARSTRING& realm,
  const CHARSTRING& passwd,
  const CHARSTRING& alg)
{
  CHARSTRING ha1;

  CalculateHA1(alg,user,realm,passwd,nonce,cnonce,ha1);

  return ha1;
}

///////////////////////////////////////////////////////////////////////////////
//  Function: f__calculateMD5
//
//  Purpose:
//    Compute MD5 hash value
//
//  Parameters:
//      pszHashInput - *in* *charstring* -  input value to compute hash of
//
//  Return Value:
//      hashValue - *out* *charstring* -  hexa hash value of input
//
//  Errors:
//      -
//
//  Detailed description:
//      -
//
///////////////////////////////////////////////////////////////////////////////
CHARSTRING  f__calculateMD5(const CHARSTRING& pszHashInput)
{
   unsigned char md[MD5_DIGEST_LENGTH];
   MD5((const unsigned char*)(const char *)pszHashInput,pszHashInput.lengthof(),md);


   return oct2str(OCTETSTRING(MD5_DIGEST_LENGTH,md));
}

OCTETSTRING  f__calculateMD5__oct(const OCTETSTRING& pszHashInput)
{
   unsigned char md[MD5_DIGEST_LENGTH];
   MD5((const unsigned char*)pszHashInput,pszHashInput.lengthof(),md);


   return OCTETSTRING(MD5_DIGEST_LENGTH,md);
}

///////////////////////////////////////////////////////////////////////////////
//  Function: f__calculateRAND__oct
//
//  Purpose:
//    Compute random value
//
//  Parameters:
//      pl__length - *in* *integer* -  length of random value
//
//  Return Value:
//      random value - *out* *octetstring* -  random value
//
//  Errors:
//      -
//
//  Detailed description:
//      -
//
///////////////////////////////////////////////////////////////////////////////
OCTETSTRING  f__calculateRAND__oct(const INTEGER& pl__length)
{
  int rand_length = (int)pl__length;
  unsigned char rand_val[rand_length];
  RAND_bytes(rand_val, rand_length);

  return OCTETSTRING(rand_length, rand_val);
}


///////////////////////////////////////////////////////////////////////////////
//  Function: f__calculateSHA1
//
//  Purpose:
//    Compute SHA1 hash value
//
//  Parameters:
//      pszHashInput - *in* *charstring* -  input value to compute hash of
//
//  Return Value:
//      hashValue - *out* *charstring* -  hexa hash value of input
//
//  Errors:
//      -
//
//  Detailed description:
//      -
//
///////////////////////////////////////////////////////////////////////////////
CHARSTRING  f__calculateSHA1(const CHARSTRING& pszHashInput)
{
  unsigned char sha1[SHA_DIGEST_LENGTH];
  SHA1((const unsigned char*)(const char *)pszHashInput,pszHashInput.lengthof(),sha1);

  return oct2str(OCTETSTRING(SHA_DIGEST_LENGTH,sha1));
}

///////////////////////////////////////////////////////////////////////////////
//  Function: f__calculateSHA1__oct
//
//  Purpose:
//    Compute SHA1 hash value and return in octetstring
//
//  Parameters:
//      pszHashInput - *in* *octetstring* -  input value to compute hash of
//
//  Return Value:
//      hashValue - *out* *octetstring* -  hash value of input in octetstring
//
//  Errors:
//      -
//
//  Detailed description:
//      -
//
///////////////////////////////////////////////////////////////////////////////
OCTETSTRING  f__calculateSHA1__oct(const OCTETSTRING& pszHashInput)
{
  unsigned char sha1[SHA_DIGEST_LENGTH];
  SHA1((const unsigned char*)pszHashInput,pszHashInput.lengthof(),sha1);

  return OCTETSTRING(SHA_DIGEST_LENGTH,sha1);
}


///////////////////////////////////////////////////////////////////////////////
//  Function: f__calculateHMACMD5
//
//  Purpose:
//      Calculate the HMAC MD5 value of a message with specified 64 bit key.
//
//  Parameters:
//      msg - *in* *octetstring* - message to be hashed
//      key - *in* *OCT_64*      - 64 bit key of the hash function
//
//  Return Value:
//      octetstring - Hash value (16 octet - 128 bit)
//
//  Errors:
//      -
//
//  Detailed description:
//      - (should be kept because of backward compatibility reasons)
//      - HMAC() is an openssl specific function, should be found under openssl/hmac.h
//      - key can only be 64 bit (any other case please use f_calculate_HMAC_MD5)
//      - the length of generated hash value can only be 128 bit (any other case please use f_calculate_HMAC_MD5)
//
///////////////////////////////////////////////////////////////////////////////
OCTETSTRING f__calculateHMACMD5(const OCTETSTRING& msg, const OCT__64& key)
{
  unsigned char Response[16];
  int msglen = msg.lengthof();

  HMAC(EVP_md5(), key, 64, msg, msglen, Response, NULL);

  return OCTETSTRING(16, (const unsigned char *)Response);
}

///////////////////////////////////////////////////////////////////////////////
//  Function: f__calculate__HMAC__MD5
//
//  Purpose:
//      Calculate the HMAC MD5 value of a message with specified key.
//
//  Parameters:
//      pl_key - *in* *octetstring*   - key of the hash function
//      pl_input - *in* *octetstring* - message to be hashed
//      pl_length - *in* *integer*    - length of the output hash value (should be 16 in most of the cases)
//
//  Return Value:
//      octetstring - Hash value
//
//  Errors:
//      -
//
//  Detailed description:
//      - HMAC() is an openssl specific function, should be found under openssl/hmac.h
//
///////////////////////////////////////////////////////////////////////////////
OCTETSTRING f__calculate__HMAC__MD5(const OCTETSTRING& pl_key,const OCTETSTRING& pl_input,const INTEGER& pl_length)
{
  unsigned int out_length;
  unsigned char output[EVP_MAX_MD_SIZE];
  HMAC(EVP_md5(), pl_key, (size_t) pl_key.lengthof(), pl_input, (size_t) pl_input.lengthof(), output, &out_length);

  return OCTETSTRING(pl_length, output);
}

///////////////////////////////////////////////////////////////////////////////
//  Function: f__calculate__HMAC__SHA1
//
//  Purpose:
//      Calculate the HMAC SHA1 value of a message with specified key.
//
//  Parameters:
//      pl_key - *in* *octetstring*   - key of the hash function
//      pl_input - *in* *octetstring* - message to be hashed
//      pl_length - *in* *integer*    - length of the output hash value (should be 16 in most of the cases)
//
//  Return Value:
//      octetstring - Hash value
//
//  Errors:
//      -
//
//  Detailed description:
//      - HMAC() is an openssl specific function, should be found under openssl/hmac.h
//
///////////////////////////////////////////////////////////////////////////////
OCTETSTRING f__calculate__HMAC__SHA1(const OCTETSTRING& pl_key,const OCTETSTRING& pl_input,const INTEGER& pl_length)
{
  unsigned int out_length;
  unsigned char output[EVP_MAX_MD_SIZE];
  HMAC(EVP_sha1(), pl_key, (size_t) pl_key.lengthof(), pl_input, (size_t) pl_input.lengthof(), output, &out_length);

  return OCTETSTRING(pl_length, output);
}

///////////////////////////////////////////////////////////////////////////////
//  Function: f__calculate__HMAC__SHA256
//
//  Purpose:
//      Calculate the HMAC SHA256 value of a message with specified key.
//
//  Parameters:
//      pl_key - *in* *octetstring*   - key of the hash function
//      pl_input - *in* *octetstring* - message to be hashed
//      pl_length - *in* *integer*    - length of the output hash value (should be 32 in most of the cases)
//
//  Return Value:
//      octetstring - Hash value
//
//  Errors:
//      -
//
//  Detailed description:
//      - HMAC() is an openssl specific function, should be found under openssl/hmac.h
//
///////////////////////////////////////////////////////////////////////////////
OCTETSTRING f__calculate__HMAC__SHA256(const OCTETSTRING& pl_key,const OCTETSTRING& pl_input,const INTEGER& pl_length)
{
  unsigned int out_length;
  unsigned char output[EVP_MAX_MD_SIZE];
  HMAC(EVP_sha256(), pl_key, (size_t) pl_key.lengthof(), pl_input, (size_t) pl_input.lengthof(), output, &out_length);

  return OCTETSTRING(pl_length, output);
}


///////////////////////////////////////////////////////////////////////////////
//  Function: f__AES__CBC__128__Encrypt__OpenSSL
//
//  Purpose: Calculate AES 128 CBC encrypted value
//
//  Parameters:
//          p__key       - *in* *octetstring*   - Key
//          p__iv        - *in* *octetstring*   - Initialiazation Vector
//          p__data      - *in* *octetstring*   - Data
//
//  Return Value:
//         octetstring - encrypted value
//
//  Errors:
//      -
//
//  Detailed description:
//      -
//
///////////////////////////////////////////////////////////////////////////////
OCTETSTRING f__AES__CBC__128__Encrypt__OpenSSL (const OCTETSTRING& p_key,const OCTETSTRING& p_iv,const OCTETSTRING& p_data)
{

  const unsigned char* key=(const unsigned char*)p_key;
  const unsigned char* iv=(const unsigned char*)p_iv;
  size_t data_len = p_data.lengthof();
  const unsigned char* data=(const unsigned char*)p_data;
  size_t iv_len = p_iv.lengthof();

  AES_KEY enc_key;
  unsigned char enc_data[data_len];
  unsigned char k_iv[iv_len];

  memcpy(k_iv,iv,iv_len);

  AES_set_encrypt_key(key, 128, &enc_key);

  AES_cbc_encrypt(data, enc_data,
    data_len, &enc_key,
    k_iv, AES_ENCRYPT);

  return OCTETSTRING(data_len, enc_data);
}


///////////////////////////////////////////////////////////////////////////////
//  Function: f__AES__CBC__128__Decrypt__OpenSSL
//
//  Purpose: Dectrypts AES 128 CBC encrypted data
//
//  Parameters:
//          p__key       - *in* *octetstring*   - Key
//          p__iv        - *in* *octetstring*   - Initialiazation Vector
//          p__data      - *in* *octetstring*   - Encrypted Value
//
//  Return Value:
//         octetstring - decrypted original data
//
//  Errors:
//      -
//
//  Detailed description:
//      -
//
///////////////////////////////////////////////////////////////////////////////
OCTETSTRING f__AES__CBC__128__Decrypt__OpenSSL (const OCTETSTRING& p_key,const OCTETSTRING& p_iv,const OCTETSTRING& p_data)
{

  const unsigned char* key=(const unsigned char*)p_key;
  const unsigned char* iv=(const unsigned char*)p_iv;
  size_t data_len = p_data.lengthof();
  const unsigned char* data=(const unsigned char*)p_data;
  size_t iv_len = p_iv.lengthof();

  AES_KEY dec_key;
  unsigned char dec_data[data_len];
  unsigned char k_iv[iv_len];

  memcpy(k_iv,iv,iv_len);

  AES_set_decrypt_key(key, 128, &dec_key);

  AES_cbc_encrypt(data, dec_data,
    data_len, &dec_key,
    k_iv, AES_DECRYPT);

  return OCTETSTRING(data_len, dec_data);
}

///////////////////////////////////////////////////////////////////////////////
//  Function: f__AES__CBC__Encrypt__OpenSSL
//
//  Purpose: Calculate AES 128 CBC encrypted value with arbitrary key length
//
//  Parameters:
//          p__key       - *in* *octetstring*   - Key
//          p__iv        - *in* *octetstring*   - Initialiazation Vector
//          p__data      - *in* *octetstring*   - Data
//
//  Return Value:
//         octetstring - encrypted value
//
//  Errors:
//      -
//
//  Detailed description:
//      -
//
///////////////////////////////////////////////////////////////////////////////
OCTETSTRING f__AES__CBC__Encrypt__OpenSSL (const OCTETSTRING& p_key,const OCTETSTRING& p_iv,const OCTETSTRING& p_data)
{
  const unsigned char* key=(const unsigned char*)p_key;
  const int key_len_bit = p_key.lengthof() * 8;
  const unsigned char* iv=(const unsigned char*)p_iv;
  size_t data_len = p_data.lengthof();
  const unsigned char* data=(const unsigned char*)p_data;
  size_t iv_len = p_iv.lengthof();

  AES_KEY enc_key;
  unsigned char enc_data[data_len];
  unsigned char k_iv[iv_len];

  memcpy(k_iv,iv,iv_len);

  AES_set_encrypt_key(key, key_len_bit, &enc_key);

  AES_cbc_encrypt(data, enc_data,
    data_len, &enc_key,
    k_iv, AES_ENCRYPT);

  return OCTETSTRING(data_len, enc_data);
}


///////////////////////////////////////////////////////////////////////////////
//  Function: f__AES__CBC__Decrypt__OpenSSL
//
//  Purpose: Dectrypts AES CBC encrypted data with arbitrary key length
//
//  Parameters:
//          p__key       - *in* *octetstring*   - Key
//          p__iv        - *in* *octetstring*   - Initialiazation Vector
//          p__data      - *in* *octetstring*   - Encrypted Value
//
//  Return Value:
//         octetstring - decrypted original data
//
//  Errors:
//      -
//
//  Detailed description:
//      -
//
///////////////////////////////////////////////////////////////////////////////
OCTETSTRING f__AES__CBC__Decrypt__OpenSSL (const OCTETSTRING& p_key,const OCTETSTRING& p_iv,const OCTETSTRING& p_data)
{

  const unsigned char* key=(const unsigned char*)p_key;
  const int key_len_bit = p_key.lengthof() * 8;
  const unsigned char* iv=(const unsigned char*)p_iv;
  size_t data_len = p_data.lengthof();
  const unsigned char* data=(const unsigned char*)p_data;
  size_t iv_len = p_iv.lengthof();

  AES_KEY dec_key;
  unsigned char dec_data[data_len];
  unsigned char k_iv[iv_len];

  memcpy(k_iv,iv,iv_len);

  AES_set_decrypt_key(key, key_len_bit, &dec_key);

  AES_cbc_encrypt(data, dec_data,
    data_len, &dec_key,
    k_iv, AES_DECRYPT);

  return OCTETSTRING(data_len, dec_data);
}


///////////////////////////////////////////////////////////////////////////////
//  Function: ef__3DES__ECB__Encrypt
//
//  Purpose: Encrypts data using 3DES algorithm in ECB mode.
//
//  Parameters:
//          pl__data    - *in* *octetstring*   - Data to be encrypted
//          pl__key     - *in* *octetstring*   - Key
//
//  Return Value:
//         octetstring - encrypted data
//
//  Errors:
//      -
//
//  Detailed description:
//      -
//
///////////////////////////////////////////////////////////////////////////////
OCTETSTRING ef__3DES__ECB__Encrypt (const OCTETSTRING& pl__data, const OCTETSTRING& pl__key, const BOOLEAN& pl__use__padding)
{
  if(pl__data.lengthof()==0){
    return OCTETSTRING(0,NULL);
  }

  int outl = 0;
  int position = 0;
  OCTETSTRING ret_val=OCTETSTRING(0,NULL);
   unsigned char* outbuf=NULL;
  const unsigned char* data= (const unsigned char*)pl__data;

  EVP_CIPHER_CTX *ctx=EVP_CIPHER_CTX_new();

  if(EVP_EncryptInit_ex(ctx, EVP_des_ede3_ecb(), NULL, pl__key, NULL))
  {
    int block_size = EVP_CIPHER_CTX_block_size(ctx);
     if(!pl__use__padding) {  // the padding is used by default
      EVP_CIPHER_CTX_set_padding(ctx,0);
      if(pl__data.lengthof()%block_size){
        TTCN_warning("ef_3DES_ECB_Encrypt: The length of the pl_data should be n * %d (the block size) if padding is not used.", block_size);
        EVP_CIPHER_CTX_free(ctx);
        return OCTETSTRING(0,NULL);
      }
    }
    if((outbuf = (unsigned char*)Malloc(pl__data.lengthof() + block_size)) != NULL)
    {
      if(!EVP_EncryptUpdate(ctx, outbuf, &outl, data, pl__data.lengthof())){
        TTCN_warning("ef_3DES_ECB_Encrypt: EVP_EncryptUpdate failed.");
        Free(outbuf);
        EVP_CIPHER_CTX_free(ctx);
        return OCTETSTRING(0,NULL);
      }
      position = outl;
      if(!EVP_EncryptFinal_ex(ctx, &outbuf[position], &outl)){
        TTCN_warning("ef_3DES_ECB_Encrypt: EVP_EncryptFinal_ex failed.");
        Free(outbuf);
        EVP_CIPHER_CTX_free(ctx);
        return OCTETSTRING(0,NULL);
      }

      position += outl;
      ret_val=OCTETSTRING(position, outbuf);
      Free(outbuf);
    }

    EVP_CIPHER_CTX_free(ctx);

  } else {
        TTCN_warning("ef_3DES_ECB_Encrypt: EVP_EncryptInit_ex failed.");
        EVP_CIPHER_CTX_free(ctx);
        return OCTETSTRING(0,NULL);
  }


  return ret_val;

}

///////////////////////////////////////////////////////////////////////////////
//  Function: ef__3DES__ECB__Decrypt
//
//  Purpose:  Dectrypts 3DES ECB encrypted data.
//
//  Parameters:
//          pl__data      - *in* *octetstring*   - Encrytped data
//          pl__key       - *in* *octetstring*   - Key
//
//  Return Value:
//         octetstring - decrypted data
//
//  Errors:
//      -
//
//  Detailed description:
//      -
//
///////////////////////////////////////////////////////////////////////////////
OCTETSTRING ef__3DES__ECB__Decrypt (const OCTETSTRING& pl__data, const OCTETSTRING& pl__key, const BOOLEAN& pl__use__padding)
{
  if(pl__data.lengthof()==0){
    return OCTETSTRING(0,NULL);
  }
  int outl = 0;
  int position = 0;
  OCTETSTRING ret_val=OCTETSTRING(0,NULL);
   unsigned char* outbuf=NULL;
  const unsigned char* data= (const unsigned char*)pl__data;

  EVP_CIPHER_CTX *ctx=EVP_CIPHER_CTX_new();
  EVP_CIPHER_CTX_init(ctx);

  if(EVP_DecryptInit_ex(ctx, EVP_des_ede3_ecb(), NULL, pl__key, NULL))
  {
    int block_size = EVP_CIPHER_CTX_block_size(ctx);
    if(pl__data.lengthof()%block_size){
      TTCN_warning("ef_3DES_ECB_Decrypt: The length of the pl_data should be n * %d (the block size)!", block_size);
      EVP_CIPHER_CTX_free(ctx);
      return OCTETSTRING(0,NULL);
    }
     if(!pl__use__padding) {  // the padding is used by default
      EVP_CIPHER_CTX_set_padding(ctx,0);
    }
    if((outbuf = (unsigned char*)Malloc(pl__data.lengthof() + block_size)) != NULL)
    {
      if(!EVP_DecryptUpdate(ctx, outbuf, &outl, data, pl__data.lengthof())){
        TTCN_warning("ef_3DES_ECB_Decrypt: EVP_DecryptUpdate failed.");
        Free(outbuf);
        EVP_CIPHER_CTX_free(ctx);
        return OCTETSTRING(0,NULL);
      }
      position = outl;

      if(!EVP_DecryptFinal_ex(ctx, &outbuf[position], &outl)){
        TTCN_warning("ef_3DES_ECB_Decrypt: EVP_DecryptFinal_ex failed.");
        Free(outbuf);
        EVP_CIPHER_CTX_free(ctx);
        return OCTETSTRING(0,NULL);
      }

      position += outl;
      ret_val=OCTETSTRING(position, outbuf);
      Free(outbuf);
    }

    EVP_CIPHER_CTX_free(ctx);

  } else {
        TTCN_warning("ef_3DES_ECB_Decrypt: EVP_DecryptInit_ex failed.");
        EVP_CIPHER_CTX_free(ctx);
        return OCTETSTRING(0,NULL);
  }


  return ret_val;

}



///////////////////////////////////////////////////////////////////////////////
//  Function: ef__3DES__CBC__Encrypt
//
//  Purpose: Encrypts data using TripleDES algorithm in CBC mode.
//
//  Parameters:
//          pl__data      - *in* *octetstring*   - Data to be encrypted
//          pl__key       - *in* *octetstring*   - Key
//          pl__iv        - *in* *octetstring*   - Initialiazation Vector
//
//  Return Value:
//         octetstring - decrypted original data
//
//  Errors:
//      -
//
//  Detailed description:
//      -
//
///////////////////////////////////////////////////////////////////////////////
OCTETSTRING ef__3DES__CBC__Encrypt (const OCTETSTRING& pl__data, const OCTETSTRING& pl__key, const OCTETSTRING& pl__iv, const BOOLEAN& pl__use__padding)
{
  if(pl__data.lengthof()==0){
    return OCTETSTRING(0,NULL);
  }
  int outl = 0;
  int position = 0;
  OCTETSTRING ret_val=OCTETSTRING(0,NULL);
   unsigned char* outbuf=NULL;
  const unsigned char* data= (const unsigned char*)pl__data;

  EVP_CIPHER_CTX *ctx=EVP_CIPHER_CTX_new();
  EVP_CIPHER_CTX_init(ctx);

  if(EVP_EncryptInit_ex(ctx, EVP_des_ede3_cbc(), NULL, pl__key, pl__iv))
  {
    int block_size = EVP_CIPHER_CTX_block_size(ctx);
     if(!pl__use__padding) {  // the padding is used by default
      EVP_CIPHER_CTX_set_padding(ctx,0);
      if(pl__data.lengthof()%block_size){
        TTCN_warning("ef_3DES_CBC_Encrypt: The length of the pl_data should be n * %d (the block size) if padding is not used.", block_size);
        EVP_CIPHER_CTX_free(ctx);
        return OCTETSTRING(0,NULL);
      }
    }
    if((outbuf = (unsigned char*)Malloc(pl__data.lengthof() + block_size)) != NULL)
    {
      if(!EVP_EncryptUpdate(ctx, outbuf, &outl, data, pl__data.lengthof())){
        TTCN_warning("ef_3DES_CBC_Encrypt: EVP_EncryptUpdate failed.");
        Free(outbuf);
        EVP_CIPHER_CTX_free(ctx);
        return OCTETSTRING(0,NULL);
      }

      position = outl;

      if(!EVP_EncryptFinal_ex(ctx, &outbuf[position], &outl)){
        TTCN_warning("ef_3DES_CBC_Encrypt: EVP_EncryptFinal_ex failed.");
        Free(outbuf);
        EVP_CIPHER_CTX_free(ctx);
        return OCTETSTRING(0,NULL);
      }

      position += outl;
    }

    ret_val=OCTETSTRING(position, outbuf);
    Free(outbuf);
    EVP_CIPHER_CTX_free(ctx);

  } else {
        TTCN_warning("ef_3DES_CBC_Encrypt: EVP_EncryptInit_ex failed.");
        EVP_CIPHER_CTX_free(ctx);
        return OCTETSTRING(0,NULL);
  }


  return ret_val;

}

///////////////////////////////////////////////////////////////////////////////
//  Function: f__3DES__CBC__Decrypt
//
//  Purpose: Decrypting TripleDES encypted data.
//
//  Parameters:
//          pl__data      - *in* *octetstring*   - Encrypted Value
//          pl__key       - *in* *octetstring*   - Key
//          pl__iv        - *in* *octetstring*   - Initialiazation Vector
//
//  Return Value:
//         octetstring - encrypted value
//
//  Errors:
//      -
//
//  Detailed description:
//      -
//
///////////////////////////////////////////////////////////////////////////////
OCTETSTRING ef__3DES__CBC__Decrypt (const OCTETSTRING& pl__data, const OCTETSTRING& pl__key, const OCTETSTRING& pl__iv, const BOOLEAN& pl__use__padding)
{
  if(pl__data.lengthof()==0){
    return OCTETSTRING(0,NULL);
  }
  int outl = 0;
  int position = 0;
  OCTETSTRING ret_val=OCTETSTRING(0,NULL);
   unsigned char* outbuf=NULL;
  const unsigned char* data= (const unsigned char*)pl__data;

  EVP_CIPHER_CTX *ctx=EVP_CIPHER_CTX_new();
  EVP_CIPHER_CTX_init(ctx);

  if(EVP_DecryptInit_ex(ctx, EVP_des_ede3_cbc(), NULL, pl__key, pl__iv))
  {
    int block_size = EVP_CIPHER_CTX_block_size(ctx);
    if(pl__data.lengthof()%block_size){
      TTCN_warning("ef__3DES__CBC__Decrypt: The length of the pl_data should be n * %d (the block size)!", block_size);
      EVP_CIPHER_CTX_free(ctx);
      return OCTETSTRING(0,NULL);
    }
     if(!pl__use__padding) {  // the padding is used by default
      EVP_CIPHER_CTX_set_padding(ctx,0);
    }
    if((outbuf = (unsigned char*)Malloc(pl__data.lengthof() + block_size)) != NULL)
    {
      if(!EVP_DecryptUpdate(ctx, outbuf, &outl, data, pl__data.lengthof())){
        TTCN_warning("ef_3DES_CBC_Decrypt: EVP_DecryptUpdate failed.");
        Free(outbuf);
        EVP_CIPHER_CTX_free(ctx);
        return OCTETSTRING(0,NULL);
      }
;
      position = outl;

      if(!EVP_DecryptFinal_ex(ctx, &outbuf[position], &outl)){
        TTCN_warning("ef_3DES_ECB_Decrypt: EVP_DecryptFinal_ex failed.");
        Free(outbuf);
        EVP_CIPHER_CTX_free(ctx);
        return OCTETSTRING(0,NULL);
      }
      position += outl;
      ret_val=OCTETSTRING(position, outbuf);
      Free(outbuf);
    }

    EVP_CIPHER_CTX_free(ctx);

  } else {
        TTCN_warning("ef_3DES_CBC_Decrypt: EVP_DecryptInit_ex failed.");
        EVP_CIPHER_CTX_free(ctx);
        return OCTETSTRING(0,NULL);
  }


  return ret_val;

}


///////////////////////////////////////////////////////////////////////////////
//  Function: ef_Calculate__AES__XCBC__128
//
//  Purpose: Calculates the AES XCBC value of the data with a 128 bit key.
//
//  Parameters:
//          pl__data       - *in* *octetstring*   - Data
//          pl__key        - *in* *octetstring*   - Key
//          pl__out__length - *in* *integer*       - Length of the output
//
//  Return Value:
//         octetstring - AES XCBC value
//
//  Errors:
//      -
//
//  Detailed description:
//      AES XCBC generates a 16 byte long value which can be truncated
//      to a length given in pl__out__length.
//
///////////////////////////////////////////////////////////////////////////////
OCTETSTRING ef__Calculate__AES__XCBC__128 (const OCTETSTRING& pl__data, const OCTETSTRING& pl__key, const INTEGER& pl__out__length)
{
  const int data_length = pl__data.lengthof();
  const unsigned char* data = (const unsigned char*)pl__data;
  const int block_size = 16;
  int outl;

  unsigned char key1[block_size] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 };
  unsigned char key2[block_size] = { 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02 };
  unsigned char key3[block_size] = { 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03 };
  unsigned char e[block_size] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };

  EVP_CIPHER_CTX *ctx=EVP_CIPHER_CTX_new();
  EVP_CIPHER_CTX_init(ctx);

  EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, pl__key, NULL);
  EVP_EncryptUpdate(ctx, key1, &outl, key1, block_size);
  EVP_CIPHER_CTX_cleanup(ctx);

  EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, pl__key, NULL);
  EVP_EncryptUpdate(ctx, key2, &outl, key2, block_size);
  EVP_CIPHER_CTX_cleanup(ctx);

  EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, pl__key, NULL);
  EVP_EncryptUpdate(ctx, key3, &outl, key3, block_size);
  EVP_CIPHER_CTX_cleanup(ctx);

  if(EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key1, NULL))
  {
    for(int i = 0; i < data_length - block_size; i += block_size)
    {
      for(int j = 0; j < block_size; j++)
      {
        e[j] ^= data[i+j];
      }

      EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key1, NULL);
      EVP_EncryptUpdate(ctx, e, &outl, e, block_size);
      EVP_CIPHER_CTX_cleanup(ctx);
    }

    int last_block_length = data_length % block_size;

    if((last_block_length == 0) && (data_length != 0))
    {
      for(int i = 0; i < block_size; i++)
      {
        e[i] = data[data_length - block_size + i] ^ e[i] ^ key2[i];
      }
    } else {
      int i = 0;

      while(i < last_block_length)
      {
        e[i] = data[data_length - last_block_length + i] ^ e[i] ^ key3[i];
        i++;
      }

      e[i] = 0x80 ^ e[i] ^ key3[i];
      i++;


      while(i < block_size)
      {
        e[i] ^= key3[i];
        i++;
      }

    }
    EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key1, NULL);
    EVP_EncryptUpdate(ctx, e, &outl, e, block_size);
    EVP_CIPHER_CTX_free(ctx);

    return OCTETSTRING(pl__out__length, (const unsigned char*)e);

  }
  EVP_CIPHER_CTX_free(ctx);
  return OCTETSTRING(0,NULL);
}


///////////////////////////////////////////////////////////////////////////////
//  Function: ef_DH_generate_private_public_keys
//
//  Purpose: Generates public and private keys (this party).
//
//  Parameters:
//          pl__keyLength - *in* *integer*          - Key length (bytes)
//          pl__pubkey    - *inout* *octetstring*   - Public key (other party)
//          pl__privkey   - *inout* *octetstring*   - Private key (this party)
//
//  Return Value:
//         octetstring - DH shared secret
//
//  Errors:
//      -
//
//  Detailed description:
//      Computes the shared secret from the originating side's private key and
//      the public key of the responding side as described in DH group 1, 2 and 14.
//      Keys must be either 96, 128 or 256 bytes long.
//
///////////////////////////////////////////////////////////////////////////////
INTEGER ef__DH__generate__private__public__keys (const INTEGER& pl__keyLength, OCTETSTRING& pl__pubkey, OCTETSTRING& pl__privkey)
{
  int key_length = (int)pl__keyLength;

  const char* prime_768  = "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A63A3620FFFFFFFFFFFFFFFF";

  const char* prime_1024 = "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF";

  const char* prime_2048 = "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF";

  DH* dh = DH_new();

  BIGNUM* prime = BN_new();
  switch(key_length)
  {
    case  96: BN_hex2bn(&prime, prime_768);  break;
    case 128: BN_hex2bn(&prime, prime_1024); break;
    case 256: BN_hex2bn(&prime, prime_2048); break;
    default:
    {
      DH_free(dh);
      return INTEGER(0);
    }
  }

  const char* generator = "2";
  BIGNUM* gen = BN_new();
  BN_hex2bn(&gen, generator);

#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
  DH_set0_pqg(dh, prime, NULL, gen);
#else
  dh->p = prime;
  dh->g = gen;
#endif
  
  DH_generate_key(dh);
  const BIGNUM* pubk=NULL;
  const BIGNUM* privk=NULL;

#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
  DH_get0_key(dh, &pubk, &privk);
#else
  pubk=dh->pub_key;
  privk=dh->priv_key;
#endif
  
  int pub_len = BN_num_bytes(pubk);
  unsigned char* pub_key = (unsigned char*)Malloc(pub_len * sizeof(unsigned char));
  pub_len = BN_bn2bin(pubk, pub_key);
  if (key_length-pub_len > 0)
  {pl__pubkey =  int2oct(0,key_length-pub_len) + OCTETSTRING(pub_len, pub_key);}
  else
  {pl__pubkey =  OCTETSTRING(key_length, pub_key);}
  Free(pub_key);

  if (pub_len <= 0)
  {
      DH_free(dh);
      return INTEGER(0);
  }

  int priv_len = BN_num_bytes(privk);
  unsigned char* priv_key = (unsigned char*)Malloc(priv_len * sizeof(unsigned char));
  priv_len = BN_bn2bin(privk, priv_key);
  if (key_length-priv_len > 0)
  {pl__privkey =  int2oct(0,key_length-priv_len) + OCTETSTRING(priv_len, priv_key);}
  else
  {pl__privkey =  OCTETSTRING(key_length, priv_key);}
  Free(priv_key);

  if (priv_len <= 0)
  {
      DH_free(dh);
      return INTEGER(0);
  }

  DH_free(dh);
  return INTEGER(1);
}

///////////////////////////////////////////////////////////////////////////////
//  Function: ef_DH_shared_secret
//
//  Purpose: Calculates the shared secret from the given public and private keys.
//
//  Parameters:
//          pl__pubkey    - *in* *octetstring*   - Public key (other party)
//          pl__privkey   - *in* *octetstring*   - Private key (this party)
//
//  Return Value:
//         octetstring - DH shared secret
//
//  Errors:
//      -
//
//  Detailed description:
//      Computes the shared secret from the originating side's private key and
//      the public key of the responding side as described in DH group 1, 2 and 14.
//      Keys must be either 96, 128 or 256 bytes long.
//
///////////////////////////////////////////////////////////////////////////////
OCTETSTRING ef__DH__shared__secret (const OCTETSTRING& pl__pubkey, const OCTETSTRING& pl__privkey)
{
  int key_length = pl__pubkey.lengthof();
  unsigned char shared_secret[key_length];

  const char* prime_768  = "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A63A3620FFFFFFFFFFFFFFFF";

  const char* prime_1024 = "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF";

  const char* prime_2048 = "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF";

  DH* dh = DH_new();

  BIGNUM* prime = BN_new();
  switch(key_length)
  {
    case  96: BN_hex2bn(&prime, prime_768);  break;
    case 128: BN_hex2bn(&prime, prime_1024); break;
    case 256: BN_hex2bn(&prime, prime_2048); break;
    default:
    {
      DH_free(dh);
      return OCTETSTRING(0, NULL);
    }
  }

  const char* generator = "2";
  BIGNUM* gen = BN_new();
  BN_hex2bn(&gen, generator);

#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
  DH_set0_pqg(dh, prime, NULL, gen);
#else
  dh->p = prime;
  dh->g = gen;
#endif

  BIGNUM* priv_key = BN_new();
  BN_bin2bn((const unsigned char*)pl__privkey, key_length, priv_key);

  BIGNUM* pub_key = BN_new();
  BN_bin2bn((const unsigned char*)pl__pubkey, key_length, pub_key);
#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
  DH_set0_key(dh, pub_key, priv_key );
#else
  dh->priv_key = priv_key;
  dh->pub_key = pub_key;
#endif

  if(DH_compute_key(shared_secret, pub_key, dh))
  {
    DH_free(dh);
    return OCTETSTRING(key_length, shared_secret);
  }

  DH_free(dh);
  return OCTETSTRING(0, NULL);

}


///////////////////////////////////////////////////////////////////////////////
//  Function: f_AES_ECB_128_Encrypt_OpenSSL
//
//  Purpose: Calculate AES 128 ECB encrypted value
//
//  Parameters:
//          p_key       - *in* *octetstring*   - Key
//          p_data      - *in* *octetstring*   - Data
//
//  Return Value:
//         octetstring - encrypted value
//
//  Errors:
//      -
//
//  Detailed description:
//      -
//
///////////////////////////////////////////////////////////////////////////////
OCTETSTRING f__AES__ECB__128__Encrypt__OpenSSL (const OCTETSTRING& p_key,const OCTETSTRING& p_data)
{
  if(p_key.lengthof()!=16){
    TTCN_error("f_AES_EBC_128_Encrypt_OpenSSL: The length of the key should be 16 instead of %d",p_key.lengthof() );
  }
  const unsigned char* data=(const unsigned char*)p_data;
  int data_len = p_data.lengthof();

  int outbuf_len=data_len+AES_BLOCK_SIZE;

  unsigned char* outbuf=(unsigned char*)Malloc(outbuf_len * sizeof(unsigned char));

  int round=((data_len+AES_BLOCK_SIZE-1)/AES_BLOCK_SIZE)*AES_BLOCK_SIZE;

  AES_KEY aes_k;
  AES_set_encrypt_key((const unsigned char*)p_key,128,&aes_k);

  for(int i=0;i<round; i++){
    if((i+1)*AES_BLOCK_SIZE > data_len){  // last partial block
      unsigned char b[AES_BLOCK_SIZE];
      memset(b,0,AES_BLOCK_SIZE);
      memcpy(b,data+(i*AES_BLOCK_SIZE),data_len-(i*AES_BLOCK_SIZE));
      AES_encrypt(data+(i*AES_BLOCK_SIZE),outbuf+(i*AES_BLOCK_SIZE),&aes_k);
    } else {  // full block
      AES_encrypt(data+(i*AES_BLOCK_SIZE),outbuf+(i*AES_BLOCK_SIZE),&aes_k);
    }
  }


  OCTETSTRING ret_val=OCTETSTRING(data_len,outbuf );
  return ret_val;
}

///////////////////////////////////////////////////////////////////////////////
//  Function: f_AES_ECB_128_Decrypt_OpenSSL
//
//  Purpose: Calculate AES 128 ECB decrypted value
//
//  Parameters:
//          p_key       - *in* *octetstring*   - Key
//          p_data      - *in* *octetstring*   - Data
//
//  Return Value:
//         octetstring - encrypted value
//
//  Errors:
//      -
//
//  Detailed description:
//      -
//
///////////////////////////////////////////////////////////////////////////////
OCTETSTRING f__AES__ECB__128__Decrypt__OpenSSL (const OCTETSTRING& p_key,const OCTETSTRING& p_data)
{
  if(p_key.lengthof()!=16){
    TTCN_error("f_AES_EBC_128_Decrypt_OpenSSL: The length of the key should be 16 instead of %d",p_key.lengthof() );
  }
  const unsigned char* data=(const unsigned char*)p_data;
  int data_len = p_data.lengthof();

  int outbuf_len=data_len+AES_BLOCK_SIZE;

  unsigned char* outbuf=(unsigned char*)Malloc(outbuf_len * sizeof(unsigned char));

  int round=((data_len+AES_BLOCK_SIZE-1)/AES_BLOCK_SIZE)*AES_BLOCK_SIZE;

  AES_KEY aes_k;
  AES_set_decrypt_key((const unsigned char*)p_key,128,&aes_k);

  for(int i=0;i<round; i++){
    if((i+1)*AES_BLOCK_SIZE > data_len){  // last partial block
      unsigned char b[AES_BLOCK_SIZE];
      memset(b,0,AES_BLOCK_SIZE);
      memcpy(b,data+(i*AES_BLOCK_SIZE),data_len-(i*AES_BLOCK_SIZE));
      AES_decrypt(data+(i*AES_BLOCK_SIZE),outbuf+(i*AES_BLOCK_SIZE),&aes_k);
    } else {  // full block
      AES_decrypt(data+(i*AES_BLOCK_SIZE),outbuf+(i*AES_BLOCK_SIZE),&aes_k);
    }
  }


  OCTETSTRING ret_val=OCTETSTRING(data_len,outbuf );
  return ret_val;
}
OCTETSTRING f__AES__CTR__128__Encrypt__Decrypt__OpenSSL (const OCTETSTRING& p_key,const OCTETSTRING& p_iv,const OCTETSTRING& p_data)
{
  if(p_key.lengthof()!=16){
    TTCN_error("f_AES_EBC_128_Decrypt_OpenSSL: The length of the key should be 16 instead of %d",p_key.lengthof() );
  }
  if(p_iv.lengthof()!=16){
    TTCN_error("f_AES_EBC_128_Decrypt_OpenSSL: The length of the IV should be 16 instead of %d",p_iv.lengthof() );
  }
  AES_KEY aes_k;
  AES_set_encrypt_key((const unsigned char*)p_key,128,&aes_k);

  int data_len=p_data.lengthof();
  unsigned char enc_data[data_len];
  unsigned char k_iv[AES_BLOCK_SIZE];
  memcpy(k_iv,(const unsigned char*)p_iv,AES_BLOCK_SIZE);

  unsigned int num = 0;
  unsigned char ecount_buf[AES_BLOCK_SIZE];
  memset(ecount_buf, 0, AES_BLOCK_SIZE);

#if OPENSSL_VERSION_NUMBER >= 0x10100000L
   CRYPTO_ctr128_encrypt((const unsigned char*)p_data, enc_data, data_len, &aes_k, k_iv,ecount_buf , &num, (block128_f)AES_encrypt);
#else
   AES_ctr128_encrypt((const unsigned char*)p_data, enc_data, data_len, &aes_k, k_iv, ecount_buf, &num);
#endif
  return OCTETSTRING(data_len, enc_data);
}

}