1 /* $NetBSD: crypto_openssl.c,v 1.11.6.5 2009/04/20 13:33:30 tteras Exp $ */
2
3 /* Id: crypto_openssl.c,v 1.47 2006/05/06 20:42:09 manubsd Exp */
4
5 /*
6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the project nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "config.h"
35
36 #include <sys/types.h>
37 #include <sys/param.h>
38
39 #include <stdlib.h>
40 #include <stdio.h>
41 #include <limits.h>
42 #include <string.h>
43
44 /* get openssl/ssleay version number */
45 #include <openssl/opensslv.h>
46
47 #if !defined(OPENSSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x0090602fL)
48 #error OpenSSL version 0.9.6 or later required.
49 #endif
50
51 #include <openssl/pem.h>
52 #include <openssl/evp.h>
53 #include <openssl/x509.h>
54 #include <openssl/x509v3.h>
55 #include <openssl/x509_vfy.h>
56 #include <openssl/bn.h>
57 #include <openssl/dh.h>
58 #include <openssl/md5.h>
59 #include <openssl/sha.h>
60 #include <openssl/hmac.h>
61 #include <openssl/des.h>
62 #include <openssl/crypto.h>
63 #ifdef HAVE_OPENSSL_ENGINE_H
64 #include <openssl/engine.h>
65 #endif
66 #ifndef ANDROID_CHANGES
67 #include <openssl/blowfish.h>
68 #include <openssl/cast.h>
69 #else
70 #define EVP_bf_cbc() NULL
71 #define EVP_cast5_cbc() NULL
72 #include "keystore_get.h"
73 #endif
74 #include <openssl/err.h>
75 #ifdef HAVE_OPENSSL_RC5_H
76 #include <openssl/rc5.h>
77 #endif
78 #ifdef HAVE_OPENSSL_IDEA_H
79 #include <openssl/idea.h>
80 #endif
81 #if defined(HAVE_OPENSSL_AES_H)
82 #include <openssl/aes.h>
83 #elif defined(HAVE_OPENSSL_RIJNDAEL_H)
84 #include <openssl/rijndael.h>
85 #else
86 #include "crypto/rijndael/rijndael-api-fst.h"
87 #endif
88 #if defined(HAVE_OPENSSL_CAMELLIA_H)
89 #include <openssl/camellia.h>
90 #endif
91 #ifdef WITH_SHA2
92 #ifdef HAVE_OPENSSL_SHA2_H
93 #include <openssl/sha2.h>
94 #else
95 #include "crypto/sha2/sha2.h"
96 #endif
97 #endif
98 #include "plog.h"
99
100 /* 0.9.7 stuff? */
101 #if OPENSSL_VERSION_NUMBER < 0x0090700fL
102 typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES;
103 #else
104 #define USE_NEW_DES_API
105 #endif
106
107 #define OpenSSL_BUG() do { plog(LLV_ERROR, LOCATION, NULL, "OpenSSL function failed\n"); } while(0)
108
109 #include "var.h"
110 #include "misc.h"
111 #include "vmbuf.h"
112 #include "plog.h"
113 #include "crypto_openssl.h"
114 #include "debug.h"
115 #include "gcmalloc.h"
116
117 /*
118 * I hate to cast every parameter to des_xx into void *, but it is
119 * necessary for SSLeay/OpenSSL portability. It sucks.
120 */
121
122 static int cb_check_cert_local __P((int, X509_STORE_CTX *));
123 static int cb_check_cert_remote __P((int, X509_STORE_CTX *));
124 static X509 *mem2x509 __P((vchar_t *));
125
126 static caddr_t eay_hmac_init __P((vchar_t *, const EVP_MD *));
127
128 /* X509 Certificate */
129 /*
130 * convert the string of the subject name into DER
131 * e.g. str = "C=JP, ST=Kanagawa";
132 */
133 vchar_t *
eay_str2asn1dn(str,len)134 eay_str2asn1dn(str, len)
135 const char *str;
136 int len;
137 {
138 X509_NAME *name;
139 char *buf;
140 char *field, *value;
141 int i, j;
142 vchar_t *ret = NULL;
143 caddr_t p;
144
145 if (len == -1)
146 len = strlen(str);
147
148 buf = racoon_malloc(len + 1);
149 if (!buf) {
150 plog(LLV_WARNING, LOCATION, NULL,"failed to allocate buffer\n");
151 return NULL;
152 }
153 memcpy(buf, str, len);
154
155 name = X509_NAME_new();
156
157 field = &buf[0];
158 value = NULL;
159 for (i = 0; i < len; i++) {
160 if (!value && buf[i] == '=') {
161 buf[i] = '\0';
162 value = &buf[i + 1];
163 continue;
164 } else if (buf[i] == ',' || buf[i] == '/') {
165 buf[i] = '\0';
166
167 plog(LLV_DEBUG, LOCATION, NULL, "DN: %s=%s\n",
168 field, value);
169
170 if (!value) goto err;
171 if (!X509_NAME_add_entry_by_txt(name, field,
172 (value[0] == '*' && value[1] == 0) ?
173 V_ASN1_PRINTABLESTRING : MBSTRING_ASC,
174 (unsigned char *) value, -1, -1, 0)) {
175 plog(LLV_ERROR, LOCATION, NULL,
176 "Invalid DN field: %s=%s\n",
177 field, value);
178 plog(LLV_ERROR, LOCATION, NULL,
179 "%s\n", eay_strerror());
180 goto err;
181 }
182 for (j = i + 1; j < len; j++) {
183 if (buf[j] != ' ')
184 break;
185 }
186 field = &buf[j];
187 value = NULL;
188 continue;
189 }
190 }
191 buf[len] = '\0';
192
193 plog(LLV_DEBUG, LOCATION, NULL, "DN: %s=%s\n",
194 field, value);
195
196 if (!value) goto err;
197 if (!X509_NAME_add_entry_by_txt(name, field,
198 (value[0] == '*' && value[1] == 0) ?
199 V_ASN1_PRINTABLESTRING : MBSTRING_ASC,
200 (unsigned char *) value, -1, -1, 0)) {
201 plog(LLV_ERROR, LOCATION, NULL,
202 "Invalid DN field: %s=%s\n",
203 field, value);
204 plog(LLV_ERROR, LOCATION, NULL,
205 "%s\n", eay_strerror());
206 goto err;
207 }
208
209 i = i2d_X509_NAME(name, NULL);
210 if (!i)
211 goto err;
212 ret = vmalloc(i);
213 if (!ret)
214 goto err;
215 p = ret->v;
216 i = i2d_X509_NAME(name, (void *)&p);
217 if (!i)
218 goto err;
219
220 return ret;
221
222 err:
223 if (buf)
224 racoon_free(buf);
225 if (name)
226 X509_NAME_free(name);
227 if (ret)
228 vfree(ret);
229 return NULL;
230 }
231
232 /*
233 * convert the hex string of the subject name into DER
234 */
235 vchar_t *
eay_hex2asn1dn(const char * hex,int len)236 eay_hex2asn1dn(const char *hex, int len)
237 {
238 BIGNUM *bn = BN_new();
239 char *binbuf;
240 size_t binlen;
241 vchar_t *ret = NULL;
242
243 if (len == -1)
244 len = strlen(hex);
245
246 if (BN_hex2bn(&bn, hex) != len) {
247 plog(LLV_ERROR, LOCATION, NULL,
248 "conversion of Hex-encoded ASN1 string to binary failed: %s\n",
249 eay_strerror());
250 goto out;
251 }
252
253 binlen = BN_num_bytes(bn);
254 ret = vmalloc(binlen);
255 if (!ret) {
256 plog(LLV_WARNING, LOCATION, NULL,"failed to allocate buffer\n");
257 return NULL;
258 }
259 binbuf = ret->v;
260
261 BN_bn2bin(bn, (unsigned char *) binbuf);
262
263 out:
264 BN_free(bn);
265
266 return ret;
267 }
268
269 /*
270 * The following are derived from code in crypto/x509/x509_cmp.c
271 * in OpenSSL0.9.7c:
272 * X509_NAME_wildcmp() adds wildcard matching to the original
273 * X509_NAME_cmp(), nocase_cmp() and nocase_spacenorm_cmp() are as is.
274 */
275 #include <ctype.h>
276 /* Case insensitive string comparision */
nocase_cmp(const ASN1_STRING * a,const ASN1_STRING * b)277 static int nocase_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
278 {
279 int i;
280
281 if (a->length != b->length)
282 return (a->length - b->length);
283
284 for (i=0; i<a->length; i++)
285 {
286 int ca, cb;
287
288 ca = tolower(a->data[i]);
289 cb = tolower(b->data[i]);
290
291 if (ca != cb)
292 return(ca-cb);
293 }
294 return 0;
295 }
296
297 /* Case insensitive string comparision with space normalization
298 * Space normalization - ignore leading, trailing spaces,
299 * multiple spaces between characters are replaced by single space
300 */
nocase_spacenorm_cmp(const ASN1_STRING * a,const ASN1_STRING * b)301 static int nocase_spacenorm_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
302 {
303 unsigned char *pa = NULL, *pb = NULL;
304 int la, lb;
305
306 la = a->length;
307 lb = b->length;
308 pa = a->data;
309 pb = b->data;
310
311 /* skip leading spaces */
312 while (la > 0 && isspace(*pa))
313 {
314 la--;
315 pa++;
316 }
317 while (lb > 0 && isspace(*pb))
318 {
319 lb--;
320 pb++;
321 }
322
323 /* skip trailing spaces */
324 while (la > 0 && isspace(pa[la-1]))
325 la--;
326 while (lb > 0 && isspace(pb[lb-1]))
327 lb--;
328
329 /* compare strings with space normalization */
330 while (la > 0 && lb > 0)
331 {
332 int ca, cb;
333
334 /* compare character */
335 ca = tolower(*pa);
336 cb = tolower(*pb);
337 if (ca != cb)
338 return (ca - cb);
339
340 pa++; pb++;
341 la--; lb--;
342
343 if (la <= 0 || lb <= 0)
344 break;
345
346 /* is white space next character ? */
347 if (isspace(*pa) && isspace(*pb))
348 {
349 /* skip remaining white spaces */
350 while (la > 0 && isspace(*pa))
351 {
352 la--;
353 pa++;
354 }
355 while (lb > 0 && isspace(*pb))
356 {
357 lb--;
358 pb++;
359 }
360 }
361 }
362 if (la > 0 || lb > 0)
363 return la - lb;
364
365 return 0;
366 }
367
X509_NAME_wildcmp(const X509_NAME * a,const X509_NAME * b)368 static int X509_NAME_wildcmp(const X509_NAME *a, const X509_NAME *b)
369 {
370 int i,j;
371 X509_NAME_ENTRY *na,*nb;
372
373 if (sk_X509_NAME_ENTRY_num(a->entries)
374 != sk_X509_NAME_ENTRY_num(b->entries))
375 return sk_X509_NAME_ENTRY_num(a->entries)
376 -sk_X509_NAME_ENTRY_num(b->entries);
377 for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
378 {
379 na=sk_X509_NAME_ENTRY_value(a->entries,i);
380 nb=sk_X509_NAME_ENTRY_value(b->entries,i);
381 j=OBJ_cmp(na->object,nb->object);
382 if (j) return(j);
383 if ((na->value->length == 1 && na->value->data[0] == '*')
384 || (nb->value->length == 1 && nb->value->data[0] == '*'))
385 continue;
386 j=na->value->type-nb->value->type;
387 if (j) return(j);
388 if (na->value->type == V_ASN1_PRINTABLESTRING)
389 j=nocase_spacenorm_cmp(na->value, nb->value);
390 else if (na->value->type == V_ASN1_IA5STRING
391 && OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress)
392 j=nocase_cmp(na->value, nb->value);
393 else
394 {
395 j=na->value->length-nb->value->length;
396 if (j) return(j);
397 j=memcmp(na->value->data,nb->value->data,
398 na->value->length);
399 }
400 if (j) return(j);
401 j=na->set-nb->set;
402 if (j) return(j);
403 }
404
405 return(0);
406 }
407
408 /*
409 * compare two subjectNames.
410 * OUT: 0: equal
411 * positive:
412 * -1: other error.
413 */
414 int
eay_cmp_asn1dn(n1,n2)415 eay_cmp_asn1dn(n1, n2)
416 vchar_t *n1, *n2;
417 {
418 X509_NAME *a = NULL, *b = NULL;
419 caddr_t p;
420 int i = -1;
421
422 p = n1->v;
423 if (!d2i_X509_NAME(&a, (void *)&p, n1->l))
424 goto end;
425 p = n2->v;
426 if (!d2i_X509_NAME(&b, (void *)&p, n2->l))
427 goto end;
428
429 i = X509_NAME_wildcmp(a, b);
430
431 end:
432 if (a)
433 X509_NAME_free(a);
434 if (b)
435 X509_NAME_free(b);
436 return i;
437 }
438
439 #ifdef ANDROID_CHANGES
BIO_from_keystore(char * key)440 static BIO *BIO_from_keystore(char *key)
441 {
442 BIO *bio = NULL;
443 char *value;
444 int size;
445
446 value = keystore_get(key, &size);
447 if (value) {
448 bio = BIO_new(BIO_s_mem());
449 if (bio) {
450 BIO_write(bio, value, size);
451 }
452 free(value);
453 }
454 return bio;
455 }
456 #endif
457
458
459 /*
460 * this functions is derived from apps/verify.c in OpenSSL0.9.5
461 */
462 int
eay_check_x509cert(cert,CApath,CAfile,local)463 eay_check_x509cert(cert, CApath, CAfile, local)
464 vchar_t *cert;
465 char *CApath;
466 char *CAfile;
467 int local;
468 {
469 X509_STORE *cert_ctx = NULL;
470 X509_LOOKUP *lookup = NULL;
471 X509 *x509 = NULL;
472 X509_STORE_CTX *csc;
473 int error = -1;
474
475 cert_ctx = X509_STORE_new();
476 if (cert_ctx == NULL)
477 goto end;
478
479 if (local)
480 X509_STORE_set_verify_cb_func(cert_ctx, cb_check_cert_local);
481 else
482 X509_STORE_set_verify_cb_func(cert_ctx, cb_check_cert_remote);
483
484 #ifndef ANDROID_CHANGES
485 lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file());
486 if (lookup == NULL)
487 goto end;
488
489 X509_LOOKUP_load_file(lookup, CAfile,
490 (CAfile == NULL) ? X509_FILETYPE_DEFAULT : X509_FILETYPE_PEM);
491
492 lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_hash_dir());
493 if (lookup == NULL)
494 goto end;
495 error = X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM);
496 if(!error) {
497 error = -1;
498 goto end;
499 }
500 error = -1; /* initialized */
501 #else
502 if (CAfile) {
503 BIO *bio = BIO_from_keystore(CAfile);
504 STACK_OF(X509_INFO) *stack;
505 X509_INFO *info;
506 int i;
507
508 if (!bio) {
509 goto end;
510 }
511 stack = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL);
512 BIO_free(bio);
513 if (!stack) {
514 goto end;
515 }
516 for (i = 0; i < sk_X509_INFO_num(stack); ++i) {
517 info = sk_X509_INFO_value(stack, i);
518 if (info->x509) {
519 X509_STORE_add_cert(cert_ctx, info->x509);
520 }
521 if (info->crl) {
522 X509_STORE_add_crl(cert_ctx, info->crl);
523 }
524 }
525 sk_X509_INFO_pop_free(stack, X509_INFO_free);
526 }
527 #endif
528
529 /* read the certificate to be verified */
530 x509 = mem2x509(cert);
531 if (x509 == NULL)
532 goto end;
533
534 csc = X509_STORE_CTX_new();
535 if (csc == NULL)
536 goto end;
537 X509_STORE_CTX_init(csc, cert_ctx, x509, NULL);
538 #if OPENSSL_VERSION_NUMBER >= 0x00907000L
539 X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CRL_CHECK);
540 X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CRL_CHECK_ALL);
541 #endif
542 error = X509_verify_cert(csc);
543 X509_STORE_CTX_cleanup(csc);
544
545 /*
546 * if x509_verify_cert() is successful then the value of error is
547 * set non-zero.
548 */
549 error = error ? 0 : -1;
550
551 end:
552 if (error)
553 plog(LLV_WARNING, LOCATION, NULL,"%s\n", eay_strerror());
554 if (cert_ctx != NULL)
555 X509_STORE_free(cert_ctx);
556 if (x509 != NULL)
557 X509_free(x509);
558
559 return(error);
560 }
561
562 /*
563 * callback function for verifing certificate.
564 * this function is derived from cb() in openssl/apps/s_server.c
565 */
566 static int
cb_check_cert_local(ok,ctx)567 cb_check_cert_local(ok, ctx)
568 int ok;
569 X509_STORE_CTX *ctx;
570 {
571 char buf[256];
572 int log_tag;
573
574 if (!ok) {
575 X509_NAME_oneline(
576 X509_get_subject_name(ctx->current_cert),
577 buf,
578 256);
579 /*
580 * since we are just checking the certificates, it is
581 * ok if they are self signed. But we should still warn
582 * the user.
583 */
584 switch (ctx->error) {
585 case X509_V_ERR_CERT_HAS_EXPIRED:
586 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
587 case X509_V_ERR_INVALID_CA:
588 case X509_V_ERR_PATH_LENGTH_EXCEEDED:
589 case X509_V_ERR_INVALID_PURPOSE:
590 case X509_V_ERR_UNABLE_TO_GET_CRL:
591 ok = 1;
592 log_tag = LLV_WARNING;
593 break;
594 default:
595 log_tag = LLV_ERROR;
596 }
597 plog(log_tag, LOCATION, NULL,
598 "%s(%d) at depth:%d SubjectName:%s\n",
599 X509_verify_cert_error_string(ctx->error),
600 ctx->error,
601 ctx->error_depth,
602 buf);
603 }
604 ERR_clear_error();
605
606 return ok;
607 }
608
609 /*
610 * callback function for verifing remote certificates.
611 * this function is derived from cb() in openssl/apps/s_server.c
612 */
613 static int
cb_check_cert_remote(ok,ctx)614 cb_check_cert_remote(ok, ctx)
615 int ok;
616 X509_STORE_CTX *ctx;
617 {
618 char buf[256];
619 int log_tag;
620
621 if (!ok) {
622 X509_NAME_oneline(
623 X509_get_subject_name(ctx->current_cert),
624 buf,
625 256);
626 switch (ctx->error) {
627 case X509_V_ERR_UNABLE_TO_GET_CRL:
628 ok = 1;
629 log_tag = LLV_WARNING;
630 break;
631 default:
632 log_tag = LLV_ERROR;
633 }
634 plog(log_tag, LOCATION, NULL,
635 "%s(%d) at depth:%d SubjectName:%s\n",
636 X509_verify_cert_error_string(ctx->error),
637 ctx->error,
638 ctx->error_depth,
639 buf);
640 }
641 ERR_clear_error();
642
643 return ok;
644 }
645
646 /*
647 * get a subjectAltName from X509 certificate.
648 */
649 vchar_t *
eay_get_x509asn1subjectname(cert)650 eay_get_x509asn1subjectname(cert)
651 vchar_t *cert;
652 {
653 X509 *x509 = NULL;
654 u_char *bp;
655 vchar_t *name = NULL;
656 int len;
657
658 bp = (unsigned char *) cert->v;
659
660 x509 = mem2x509(cert);
661 if (x509 == NULL)
662 goto error;
663
664 /* get the length of the name */
665 len = i2d_X509_NAME(x509->cert_info->subject, NULL);
666 name = vmalloc(len);
667 if (!name)
668 goto error;
669 /* get the name */
670 bp = (unsigned char *) name->v;
671 len = i2d_X509_NAME(x509->cert_info->subject, &bp);
672
673 X509_free(x509);
674
675 return name;
676
677 error:
678 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
679
680 if (name != NULL)
681 vfree(name);
682
683 if (x509 != NULL)
684 X509_free(x509);
685
686 return NULL;
687 }
688
689 /*
690 * get the subjectAltName from X509 certificate.
691 * the name must be terminated by '\0'.
692 */
693 int
eay_get_x509subjectaltname(cert,altname,type,pos)694 eay_get_x509subjectaltname(cert, altname, type, pos)
695 vchar_t *cert;
696 char **altname;
697 int *type;
698 int pos;
699 {
700 X509 *x509 = NULL;
701 GENERAL_NAMES *gens = NULL;
702 GENERAL_NAME *gen;
703 int len;
704 int error = -1;
705
706 *altname = NULL;
707 *type = GENT_OTHERNAME;
708
709 x509 = mem2x509(cert);
710 if (x509 == NULL)
711 goto end;
712
713 gens = X509_get_ext_d2i(x509, NID_subject_alt_name, NULL, NULL);
714 if (gens == NULL)
715 goto end;
716
717 /* there is no data at "pos" */
718 if (pos > sk_GENERAL_NAME_num(gens))
719 goto end;
720
721 gen = sk_GENERAL_NAME_value(gens, pos - 1);
722
723 /* read DNSName / Email */
724 if (gen->type == GEN_DNS ||
725 gen->type == GEN_EMAIL ||
726 gen->type == GEN_URI )
727 {
728 /* make sure if the data is terminated by '\0'. */
729 if (gen->d.ia5->data[gen->d.ia5->length] != '\0')
730 {
731 plog(LLV_ERROR, LOCATION, NULL,
732 "data is not terminated by NUL.");
733 racoon_hexdump(gen->d.ia5->data, gen->d.ia5->length + 1);
734 goto end;
735 }
736
737 len = gen->d.ia5->length + 1;
738 *altname = racoon_malloc(len);
739 if (!*altname)
740 goto end;
741
742 strlcpy(*altname, (char *) gen->d.ia5->data, len);
743 *type = gen->type;
744 error = 0;
745 }
746 /* read IP address */
747 else if (gen->type == GEN_IPADD)
748 {
749 unsigned char p[5], *ip;
750 ip = p;
751
752 /* only support IPv4 */
753 if (gen->d.ip->length != 4)
754 goto end;
755
756 /* convert Octet String to String
757 * XXX ???????
758 */
759 /*i2d_ASN1_OCTET_STRING(gen->d.ip,&ip);*/
760 ip = gen->d.ip->data;
761
762 /* XXX Magic, enough for an IPv4 address
763 */
764 *altname = racoon_malloc(20);
765 if (!*altname)
766 goto end;
767
768 sprintf(*altname, "%u.%u.%u.%u", ip[0], ip[1], ip[2], ip[3]);
769 *type = gen->type;
770 error = 0;
771 }
772 /* XXX other possible types ?
773 * For now, error will be -1 if unsupported type
774 */
775
776 end:
777 if (error) {
778 if (*altname) {
779 racoon_free(*altname);
780 *altname = NULL;
781 }
782 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
783 }
784 if (x509)
785 X509_free(x509);
786 if (gens)
787 /* free the whole stack. */
788 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
789
790 return error;
791 }
792
793
794 /*
795 * decode a X509 certificate and make a readable text terminated '\n'.
796 * return the buffer allocated, so must free it later.
797 */
798 char *
eay_get_x509text(cert)799 eay_get_x509text(cert)
800 vchar_t *cert;
801 {
802 X509 *x509 = NULL;
803 BIO *bio = NULL;
804 char *text = NULL;
805 u_char *bp = NULL;
806 int len = 0;
807 int error = -1;
808
809 x509 = mem2x509(cert);
810 if (x509 == NULL)
811 goto end;
812
813 bio = BIO_new(BIO_s_mem());
814 if (bio == NULL)
815 goto end;
816
817 error = X509_print(bio, x509);
818 if (error != 1) {
819 error = -1;
820 goto end;
821 }
822
823 len = BIO_get_mem_data(bio, &bp);
824 text = racoon_malloc(len + 1);
825 if (text == NULL)
826 goto end;
827 memcpy(text, bp, len);
828 text[len] = '\0';
829
830 error = 0;
831
832 end:
833 if (error) {
834 if (text) {
835 racoon_free(text);
836 text = NULL;
837 }
838 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
839 }
840 if (bio)
841 BIO_free(bio);
842 if (x509)
843 X509_free(x509);
844
845 return text;
846 }
847
848 /* get X509 structure from buffer. */
849 static X509 *
mem2x509(cert)850 mem2x509(cert)
851 vchar_t *cert;
852 {
853 X509 *x509;
854
855 #ifndef EAYDEBUG
856 {
857 u_char *bp;
858
859 bp = (unsigned char *) cert->v;
860
861 x509 = d2i_X509(NULL, (void *)&bp, cert->l);
862 }
863 #else
864 {
865 BIO *bio;
866 int len;
867
868 bio = BIO_new(BIO_s_mem());
869 if (bio == NULL)
870 return NULL;
871 len = BIO_write(bio, cert->v, cert->l);
872 if (len == -1)
873 return NULL;
874 x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
875 BIO_free(bio);
876 }
877 #endif
878 return x509;
879 }
880
881 /*
882 * get a X509 certificate from local file.
883 * a certificate must be PEM format.
884 * Input:
885 * path to a certificate.
886 * Output:
887 * NULL if error occured
888 * other is the cert.
889 */
890 vchar_t *
eay_get_x509cert(path)891 eay_get_x509cert(path)
892 char *path;
893 {
894 FILE *fp;
895 X509 *x509;
896 vchar_t *cert;
897 u_char *bp;
898 int len;
899 int error;
900
901 #ifdef ANDROID_CHANGES
902 BIO *bio = BIO_from_keystore(path);
903 x509 = NULL;
904 if (bio) {
905 x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
906 BIO_free(bio);
907 }
908 #else
909 /* Read private key */
910 fp = fopen(path, "r");
911 if (fp == NULL)
912 return NULL;
913 x509 = PEM_read_X509(fp, NULL, NULL, NULL);
914 fclose (fp);
915 #endif
916
917 if (x509 == NULL)
918 return NULL;
919
920 len = i2d_X509(x509, NULL);
921 cert = vmalloc(len);
922 if (cert == NULL) {
923 X509_free(x509);
924 return NULL;
925 }
926 bp = (unsigned char *) cert->v;
927 error = i2d_X509(x509, &bp);
928 X509_free(x509);
929
930 if (error == 0) {
931 vfree(cert);
932 return NULL;
933 }
934
935 return cert;
936 }
937
938 /*
939 * check a X509 signature
940 * XXX: to be get hash type from my cert ?
941 * to be handled EVP_dss().
942 * OUT: return -1 when error.
943 * 0
944 */
945 int
eay_check_x509sign(source,sig,cert)946 eay_check_x509sign(source, sig, cert)
947 vchar_t *source;
948 vchar_t *sig;
949 vchar_t *cert;
950 {
951 X509 *x509;
952 u_char *bp;
953 EVP_PKEY *evp;
954 int res;
955
956 bp = (unsigned char *) cert->v;
957
958 x509 = d2i_X509(NULL, (void *)&bp, cert->l);
959 if (x509 == NULL) {
960 plog(LLV_ERROR, LOCATION, NULL, "d2i_X509(): %s\n", eay_strerror());
961 return -1;
962 }
963
964 evp = X509_get_pubkey(x509);
965 if (! evp) {
966 plog(LLV_ERROR, LOCATION, NULL, "X509_get_pubkey(): %s\n", eay_strerror());
967 X509_free(x509);
968 return -1;
969 }
970
971 res = eay_rsa_verify(source, sig, evp->pkey.rsa);
972
973 EVP_PKEY_free(evp);
974 X509_free(x509);
975
976 return res;
977 }
978
979 /*
980 * check RSA signature
981 * OUT: return -1 when error.
982 * 0 on success
983 */
984 int
eay_check_rsasign(source,sig,rsa)985 eay_check_rsasign(source, sig, rsa)
986 vchar_t *source;
987 vchar_t *sig;
988 RSA *rsa;
989 {
990 return eay_rsa_verify(source, sig, rsa);
991 }
992
993 /*
994 * get PKCS#1 Private Key of PEM format from local file.
995 */
996 vchar_t *
eay_get_pkcs1privkey(path)997 eay_get_pkcs1privkey(path)
998 char *path;
999 {
1000 FILE *fp;
1001 EVP_PKEY *evp = NULL;
1002 vchar_t *pkey = NULL;
1003 u_char *bp;
1004 int pkeylen;
1005 int error = -1;
1006
1007 #ifdef ANDROID_CHANGES
1008 BIO *bio = BIO_from_keystore(path);
1009 if (bio) {
1010 evp = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL);
1011 BIO_free(bio);
1012 }
1013 #else
1014 /* Read private key */
1015 fp = fopen(path, "r");
1016 if (fp == NULL)
1017 return NULL;
1018
1019 evp = PEM_read_PrivateKey(fp, NULL, NULL, NULL);
1020
1021 fclose (fp);
1022 #endif
1023
1024 if (evp == NULL)
1025 return NULL;
1026
1027 pkeylen = i2d_PrivateKey(evp, NULL);
1028 if (pkeylen == 0)
1029 goto end;
1030 pkey = vmalloc(pkeylen);
1031 if (pkey == NULL)
1032 goto end;
1033 bp = (unsigned char *) pkey->v;
1034 pkeylen = i2d_PrivateKey(evp, &bp);
1035 if (pkeylen == 0)
1036 goto end;
1037
1038 error = 0;
1039
1040 end:
1041 if (evp != NULL)
1042 EVP_PKEY_free(evp);
1043 if (error != 0 && pkey != NULL) {
1044 vfree(pkey);
1045 pkey = NULL;
1046 }
1047
1048 return pkey;
1049 }
1050
1051 /*
1052 * get PKCS#1 Public Key of PEM format from local file.
1053 */
1054 vchar_t *
eay_get_pkcs1pubkey(path)1055 eay_get_pkcs1pubkey(path)
1056 char *path;
1057 {
1058 FILE *fp;
1059 EVP_PKEY *evp = NULL;
1060 vchar_t *pkey = NULL;
1061 X509 *x509 = NULL;
1062 u_char *bp;
1063 int pkeylen;
1064 int error = -1;
1065
1066 /* Read private key */
1067 fp = fopen(path, "r");
1068 if (fp == NULL)
1069 return NULL;
1070
1071 x509 = PEM_read_X509(fp, NULL, NULL, NULL);
1072
1073 fclose (fp);
1074
1075 if (x509 == NULL)
1076 return NULL;
1077
1078 /* Get public key - eay */
1079 evp = X509_get_pubkey(x509);
1080 if (evp == NULL)
1081 return NULL;
1082
1083 pkeylen = i2d_PublicKey(evp, NULL);
1084 if (pkeylen == 0)
1085 goto end;
1086 pkey = vmalloc(pkeylen);
1087 if (pkey == NULL)
1088 goto end;
1089 bp = (unsigned char *) pkey->v;
1090 pkeylen = i2d_PublicKey(evp, &bp);
1091 if (pkeylen == 0)
1092 goto end;
1093
1094 error = 0;
1095 end:
1096 if (evp != NULL)
1097 EVP_PKEY_free(evp);
1098 if (error != 0 && pkey != NULL) {
1099 vfree(pkey);
1100 pkey = NULL;
1101 }
1102
1103 return pkey;
1104 }
1105
1106 vchar_t *
eay_get_x509sign(src,privkey)1107 eay_get_x509sign(src, privkey)
1108 vchar_t *src, *privkey;
1109 {
1110 EVP_PKEY *evp;
1111 u_char *bp = (unsigned char *) privkey->v;
1112 vchar_t *sig = NULL;
1113 int len;
1114 int pad = RSA_PKCS1_PADDING;
1115
1116 /* XXX to be handled EVP_PKEY_DSA */
1117 evp = d2i_PrivateKey(EVP_PKEY_RSA, NULL, (void *)&bp, privkey->l);
1118 if (evp == NULL)
1119 return NULL;
1120
1121 sig = eay_rsa_sign(src, evp->pkey.rsa);
1122
1123 EVP_PKEY_free(evp);
1124
1125 return sig;
1126 }
1127
1128 vchar_t *
eay_get_rsasign(src,rsa)1129 eay_get_rsasign(src, rsa)
1130 vchar_t *src;
1131 RSA *rsa;
1132 {
1133 return eay_rsa_sign(src, rsa);
1134 }
1135
1136 vchar_t *
eay_rsa_sign(vchar_t * src,RSA * rsa)1137 eay_rsa_sign(vchar_t *src, RSA *rsa)
1138 {
1139 int len;
1140 vchar_t *sig = NULL;
1141 int pad = RSA_PKCS1_PADDING;
1142
1143 len = RSA_size(rsa);
1144
1145 sig = vmalloc(len);
1146 if (sig == NULL)
1147 return NULL;
1148
1149 len = RSA_private_encrypt(src->l, (unsigned char *) src->v,
1150 (unsigned char *) sig->v, rsa, pad);
1151
1152 if (len == 0 || len != sig->l) {
1153 vfree(sig);
1154 sig = NULL;
1155 }
1156
1157 return sig;
1158 }
1159
1160 int
eay_rsa_verify(src,sig,rsa)1161 eay_rsa_verify(src, sig, rsa)
1162 vchar_t *src, *sig;
1163 RSA *rsa;
1164 {
1165 vchar_t *xbuf = NULL;
1166 int pad = RSA_PKCS1_PADDING;
1167 int len = 0;
1168 int error;
1169
1170 len = RSA_size(rsa);
1171 xbuf = vmalloc(len);
1172 if (xbuf == NULL) {
1173 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
1174 return -1;
1175 }
1176
1177 len = RSA_public_decrypt(sig->l, (unsigned char *) sig->v,
1178 (unsigned char *) xbuf->v, rsa, pad);
1179 if (len == 0 || len != src->l) {
1180 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
1181 vfree(xbuf);
1182 return -1;
1183 }
1184
1185 error = memcmp(src->v, xbuf->v, src->l);
1186 vfree(xbuf);
1187 if (error != 0)
1188 return -1;
1189
1190 return 0;
1191 }
1192
1193 /*
1194 * get error string
1195 * MUST load ERR_load_crypto_strings() first.
1196 */
1197 char *
eay_strerror()1198 eay_strerror()
1199 {
1200 static char ebuf[512];
1201 int len = 0, n;
1202 unsigned long l;
1203 char buf[200];
1204 const char *file, *data;
1205 int line, flags;
1206 unsigned long es;
1207
1208 es = CRYPTO_thread_id();
1209
1210 while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0){
1211 n = snprintf(ebuf + len, sizeof(ebuf) - len,
1212 "%lu:%s:%s:%d:%s ",
1213 es, ERR_error_string(l, buf), file, line,
1214 (flags & ERR_TXT_STRING) ? data : "");
1215 if (n < 0 || n >= sizeof(ebuf) - len)
1216 break;
1217 len += n;
1218 if (sizeof(ebuf) < len)
1219 break;
1220 }
1221
1222 return ebuf;
1223 }
1224
1225 vchar_t *
evp_crypt(vchar_t * data,vchar_t * key,vchar_t * iv,const EVP_CIPHER * e,int enc)1226 evp_crypt(vchar_t *data, vchar_t *key, vchar_t *iv, const EVP_CIPHER *e, int enc)
1227 {
1228 vchar_t *res;
1229 EVP_CIPHER_CTX ctx;
1230
1231 if (!e)
1232 return NULL;
1233
1234 if (data->l % EVP_CIPHER_block_size(e))
1235 return NULL;
1236
1237 if ((res = vmalloc(data->l)) == NULL)
1238 return NULL;
1239
1240 EVP_CIPHER_CTX_init(&ctx);
1241
1242 switch(EVP_CIPHER_nid(e)){
1243 case NID_bf_cbc:
1244 case NID_bf_ecb:
1245 case NID_bf_cfb64:
1246 case NID_bf_ofb64:
1247 case NID_cast5_cbc:
1248 case NID_cast5_ecb:
1249 case NID_cast5_cfb64:
1250 case NID_cast5_ofb64:
1251 /* XXX: can we do that also for algos with a fixed key size ?
1252 */
1253 /* init context without key/iv
1254 */
1255 if (!EVP_CipherInit(&ctx, e, NULL, NULL, enc))
1256 {
1257 OpenSSL_BUG();
1258 vfree(res);
1259 return NULL;
1260 }
1261
1262 /* update key size
1263 */
1264 if (!EVP_CIPHER_CTX_set_key_length(&ctx, key->l))
1265 {
1266 OpenSSL_BUG();
1267 vfree(res);
1268 return NULL;
1269 }
1270
1271 /* finalize context init with desired key size
1272 */
1273 if (!EVP_CipherInit(&ctx, NULL, (u_char *) key->v,
1274 (u_char *) iv->v, enc))
1275 {
1276 OpenSSL_BUG();
1277 vfree(res);
1278 return NULL;
1279 }
1280 break;
1281 default:
1282 if (!EVP_CipherInit(&ctx, e, (u_char *) key->v,
1283 (u_char *) iv->v, enc)) {
1284 OpenSSL_BUG();
1285 vfree(res);
1286 return NULL;
1287 }
1288 }
1289
1290 /* disable openssl padding */
1291 EVP_CIPHER_CTX_set_padding(&ctx, 0);
1292
1293 if (!EVP_Cipher(&ctx, (u_char *) res->v, (u_char *) data->v, data->l)) {
1294 OpenSSL_BUG();
1295 vfree(res);
1296 return NULL;
1297 }
1298
1299 EVP_CIPHER_CTX_cleanup(&ctx);
1300
1301 return res;
1302 }
1303
1304 int
evp_weakkey(vchar_t * key,const EVP_CIPHER * e)1305 evp_weakkey(vchar_t *key, const EVP_CIPHER *e)
1306 {
1307 return 0;
1308 }
1309
1310 int
evp_keylen(int len,const EVP_CIPHER * e)1311 evp_keylen(int len, const EVP_CIPHER *e)
1312 {
1313 if (!e)
1314 return -1;
1315 /* EVP functions return lengths in bytes, ipsec-tools
1316 * uses lengths in bits, therefore conversion is required. --AK
1317 */
1318 if (len != 0 && len != (EVP_CIPHER_key_length(e) << 3))
1319 return -1;
1320
1321 return EVP_CIPHER_key_length(e) << 3;
1322 }
1323
1324 /*
1325 * DES-CBC
1326 */
1327 vchar_t *
eay_des_encrypt(data,key,iv)1328 eay_des_encrypt(data, key, iv)
1329 vchar_t *data, *key, *iv;
1330 {
1331 return evp_crypt(data, key, iv, EVP_des_cbc(), 1);
1332 }
1333
1334 vchar_t *
eay_des_decrypt(data,key,iv)1335 eay_des_decrypt(data, key, iv)
1336 vchar_t *data, *key, *iv;
1337 {
1338 return evp_crypt(data, key, iv, EVP_des_cbc(), 0);
1339 }
1340
1341 int
eay_des_weakkey(key)1342 eay_des_weakkey(key)
1343 vchar_t *key;
1344 {
1345 #ifdef USE_NEW_DES_API
1346 return DES_is_weak_key((void *)key->v);
1347 #else
1348 return des_is_weak_key((void *)key->v);
1349 #endif
1350 }
1351
1352 int
eay_des_keylen(len)1353 eay_des_keylen(len)
1354 int len;
1355 {
1356 return evp_keylen(len, EVP_des_cbc());
1357 }
1358
1359 #ifdef HAVE_OPENSSL_IDEA_H
1360 /*
1361 * IDEA-CBC
1362 */
1363 vchar_t *
eay_idea_encrypt(data,key,iv)1364 eay_idea_encrypt(data, key, iv)
1365 vchar_t *data, *key, *iv;
1366 {
1367 vchar_t *res;
1368 IDEA_KEY_SCHEDULE ks;
1369
1370 idea_set_encrypt_key((unsigned char *)key->v, &ks);
1371
1372 /* allocate buffer for result */
1373 if ((res = vmalloc(data->l)) == NULL)
1374 return NULL;
1375
1376 /* decryption data */
1377 idea_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l,
1378 &ks, (unsigned char *)iv->v, IDEA_ENCRYPT);
1379
1380 return res;
1381 }
1382
1383 vchar_t *
eay_idea_decrypt(data,key,iv)1384 eay_idea_decrypt(data, key, iv)
1385 vchar_t *data, *key, *iv;
1386 {
1387 vchar_t *res;
1388 IDEA_KEY_SCHEDULE ks, dks;
1389
1390 idea_set_encrypt_key((unsigned char *)key->v, &ks);
1391 idea_set_decrypt_key(&ks, &dks);
1392
1393 /* allocate buffer for result */
1394 if ((res = vmalloc(data->l)) == NULL)
1395 return NULL;
1396
1397 /* decryption data */
1398 idea_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l,
1399 &dks, (unsigned char *)iv->v, IDEA_DECRYPT);
1400
1401 return res;
1402 }
1403
1404 int
eay_idea_weakkey(key)1405 eay_idea_weakkey(key)
1406 vchar_t *key;
1407 {
1408 return 0; /* XXX */
1409 }
1410
1411 int
eay_idea_keylen(len)1412 eay_idea_keylen(len)
1413 int len;
1414 {
1415 if (len != 0 && len != 128)
1416 return -1;
1417 return 128;
1418 }
1419 #endif
1420
1421 /*
1422 * BLOWFISH-CBC
1423 */
1424 vchar_t *
eay_bf_encrypt(data,key,iv)1425 eay_bf_encrypt(data, key, iv)
1426 vchar_t *data, *key, *iv;
1427 {
1428 return evp_crypt(data, key, iv, EVP_bf_cbc(), 1);
1429 }
1430
1431 vchar_t *
eay_bf_decrypt(data,key,iv)1432 eay_bf_decrypt(data, key, iv)
1433 vchar_t *data, *key, *iv;
1434 {
1435 return evp_crypt(data, key, iv, EVP_bf_cbc(), 0);
1436 }
1437
1438 int
eay_bf_weakkey(key)1439 eay_bf_weakkey(key)
1440 vchar_t *key;
1441 {
1442 return 0; /* XXX to be done. refer to RFC 2451 */
1443 }
1444
1445 int
eay_bf_keylen(len)1446 eay_bf_keylen(len)
1447 int len;
1448 {
1449 if (len == 0)
1450 return 448;
1451 if (len < 40 || len > 448)
1452 return -1;
1453 return len;
1454 }
1455
1456 #ifdef HAVE_OPENSSL_RC5_H
1457 /*
1458 * RC5-CBC
1459 */
1460 vchar_t *
eay_rc5_encrypt(data,key,iv)1461 eay_rc5_encrypt(data, key, iv)
1462 vchar_t *data, *key, *iv;
1463 {
1464 vchar_t *res;
1465 RC5_32_KEY ks;
1466
1467 /* in RFC 2451, there is information about the number of round. */
1468 RC5_32_set_key(&ks, key->l, (unsigned char *)key->v, 16);
1469
1470 /* allocate buffer for result */
1471 if ((res = vmalloc(data->l)) == NULL)
1472 return NULL;
1473
1474 /* decryption data */
1475 RC5_32_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l,
1476 &ks, (unsigned char *)iv->v, RC5_ENCRYPT);
1477
1478 return res;
1479 }
1480
1481 vchar_t *
eay_rc5_decrypt(data,key,iv)1482 eay_rc5_decrypt(data, key, iv)
1483 vchar_t *data, *key, *iv;
1484 {
1485 vchar_t *res;
1486 RC5_32_KEY ks;
1487
1488 /* in RFC 2451, there is information about the number of round. */
1489 RC5_32_set_key(&ks, key->l, (unsigned char *)key->v, 16);
1490
1491 /* allocate buffer for result */
1492 if ((res = vmalloc(data->l)) == NULL)
1493 return NULL;
1494
1495 /* decryption data */
1496 RC5_32_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l,
1497 &ks, (unsigned char *)iv->v, RC5_DECRYPT);
1498
1499 return res;
1500 }
1501
1502 int
eay_rc5_weakkey(key)1503 eay_rc5_weakkey(key)
1504 vchar_t *key;
1505 {
1506 return 0; /* No known weak keys when used with 16 rounds. */
1507
1508 }
1509
1510 int
eay_rc5_keylen(len)1511 eay_rc5_keylen(len)
1512 int len;
1513 {
1514 if (len == 0)
1515 return 128;
1516 if (len < 40 || len > 2040)
1517 return -1;
1518 return len;
1519 }
1520 #endif
1521
1522 /*
1523 * 3DES-CBC
1524 */
1525 vchar_t *
eay_3des_encrypt(data,key,iv)1526 eay_3des_encrypt(data, key, iv)
1527 vchar_t *data, *key, *iv;
1528 {
1529 return evp_crypt(data, key, iv, EVP_des_ede3_cbc(), 1);
1530 }
1531
1532 vchar_t *
eay_3des_decrypt(data,key,iv)1533 eay_3des_decrypt(data, key, iv)
1534 vchar_t *data, *key, *iv;
1535 {
1536 return evp_crypt(data, key, iv, EVP_des_ede3_cbc(), 0);
1537 }
1538
1539 int
eay_3des_weakkey(key)1540 eay_3des_weakkey(key)
1541 vchar_t *key;
1542 {
1543 #ifdef USE_NEW_DES_API
1544 return (DES_is_weak_key((void *)key->v) ||
1545 DES_is_weak_key((void *)(key->v + 8)) ||
1546 DES_is_weak_key((void *)(key->v + 16)));
1547 #else
1548 if (key->l < 24)
1549 return 0;
1550
1551 return (des_is_weak_key((void *)key->v) ||
1552 des_is_weak_key((void *)(key->v + 8)) ||
1553 des_is_weak_key((void *)(key->v + 16)));
1554 #endif
1555 }
1556
1557 int
eay_3des_keylen(len)1558 eay_3des_keylen(len)
1559 int len;
1560 {
1561 if (len != 0 && len != 192)
1562 return -1;
1563 return 192;
1564 }
1565
1566 /*
1567 * CAST-CBC
1568 */
1569 vchar_t *
eay_cast_encrypt(data,key,iv)1570 eay_cast_encrypt(data, key, iv)
1571 vchar_t *data, *key, *iv;
1572 {
1573 return evp_crypt(data, key, iv, EVP_cast5_cbc(), 1);
1574 }
1575
1576 vchar_t *
eay_cast_decrypt(data,key,iv)1577 eay_cast_decrypt(data, key, iv)
1578 vchar_t *data, *key, *iv;
1579 {
1580 return evp_crypt(data, key, iv, EVP_cast5_cbc(), 0);
1581 }
1582
1583 int
eay_cast_weakkey(key)1584 eay_cast_weakkey(key)
1585 vchar_t *key;
1586 {
1587 return 0; /* No known weak keys. */
1588 }
1589
1590 int
eay_cast_keylen(len)1591 eay_cast_keylen(len)
1592 int len;
1593 {
1594 if (len == 0)
1595 return 128;
1596 if (len < 40 || len > 128)
1597 return -1;
1598 return len;
1599 }
1600
1601 /*
1602 * AES(RIJNDAEL)-CBC
1603 */
1604 #ifndef HAVE_OPENSSL_AES_H
1605 vchar_t *
eay_aes_encrypt(data,key,iv)1606 eay_aes_encrypt(data, key, iv)
1607 vchar_t *data, *key, *iv;
1608 {
1609 vchar_t *res;
1610 keyInstance k;
1611 cipherInstance c;
1612
1613 memset(&k, 0, sizeof(k));
1614 if (rijndael_makeKey(&k, DIR_ENCRYPT, key->l << 3, key->v) < 0)
1615 return NULL;
1616
1617 /* allocate buffer for result */
1618 if ((res = vmalloc(data->l)) == NULL)
1619 return NULL;
1620
1621 /* encryption data */
1622 memset(&c, 0, sizeof(c));
1623 if (rijndael_cipherInit(&c, MODE_CBC, iv->v) < 0){
1624 vfree(res);
1625 return NULL;
1626 }
1627 if (rijndael_blockEncrypt(&c, &k, data->v, data->l << 3, res->v) < 0){
1628 vfree(res);
1629 return NULL;
1630 }
1631
1632 return res;
1633 }
1634
1635 vchar_t *
eay_aes_decrypt(data,key,iv)1636 eay_aes_decrypt(data, key, iv)
1637 vchar_t *data, *key, *iv;
1638 {
1639 vchar_t *res;
1640 keyInstance k;
1641 cipherInstance c;
1642
1643 memset(&k, 0, sizeof(k));
1644 if (rijndael_makeKey(&k, DIR_DECRYPT, key->l << 3, key->v) < 0)
1645 return NULL;
1646
1647 /* allocate buffer for result */
1648 if ((res = vmalloc(data->l)) == NULL)
1649 return NULL;
1650
1651 /* decryption data */
1652 memset(&c, 0, sizeof(c));
1653 if (rijndael_cipherInit(&c, MODE_CBC, iv->v) < 0){
1654 vfree(res);
1655 return NULL;
1656 }
1657 if (rijndael_blockDecrypt(&c, &k, data->v, data->l << 3, res->v) < 0){
1658 vfree(res);
1659 return NULL;
1660 }
1661
1662 return res;
1663 }
1664 #else
1665 static inline const EVP_CIPHER *
aes_evp_by_keylen(int keylen)1666 aes_evp_by_keylen(int keylen)
1667 {
1668 switch(keylen) {
1669 case 16:
1670 case 128:
1671 return EVP_aes_128_cbc();
1672 case 24:
1673 case 192:
1674 return EVP_aes_192_cbc();
1675 case 32:
1676 case 256:
1677 return EVP_aes_256_cbc();
1678 default:
1679 return NULL;
1680 }
1681 }
1682
1683 vchar_t *
eay_aes_encrypt(data,key,iv)1684 eay_aes_encrypt(data, key, iv)
1685 vchar_t *data, *key, *iv;
1686 {
1687 return evp_crypt(data, key, iv, aes_evp_by_keylen(key->l), 1);
1688 }
1689
1690 vchar_t *
eay_aes_decrypt(data,key,iv)1691 eay_aes_decrypt(data, key, iv)
1692 vchar_t *data, *key, *iv;
1693 {
1694 return evp_crypt(data, key, iv, aes_evp_by_keylen(key->l), 0);
1695 }
1696 #endif
1697
1698 int
eay_aes_weakkey(key)1699 eay_aes_weakkey(key)
1700 vchar_t *key;
1701 {
1702 return 0;
1703 }
1704
1705 int
eay_aes_keylen(len)1706 eay_aes_keylen(len)
1707 int len;
1708 {
1709 if (len == 0)
1710 return 128;
1711 if (len != 128 && len != 192 && len != 256)
1712 return -1;
1713 return len;
1714 }
1715
1716 #if defined(HAVE_OPENSSL_CAMELLIA_H)
1717 /*
1718 * CAMELLIA-CBC
1719 */
1720 static inline const EVP_CIPHER *
camellia_evp_by_keylen(int keylen)1721 camellia_evp_by_keylen(int keylen)
1722 {
1723 switch(keylen) {
1724 case 16:
1725 case 128:
1726 return EVP_camellia_128_cbc();
1727 case 24:
1728 case 192:
1729 return EVP_camellia_192_cbc();
1730 case 32:
1731 case 256:
1732 return EVP_camellia_256_cbc();
1733 default:
1734 return NULL;
1735 }
1736 }
1737
1738 vchar_t *
eay_camellia_encrypt(data,key,iv)1739 eay_camellia_encrypt(data, key, iv)
1740 vchar_t *data, *key, *iv;
1741 {
1742 return evp_crypt(data, key, iv, camellia_evp_by_keylen(key->l), 1);
1743 }
1744
1745 vchar_t *
eay_camellia_decrypt(data,key,iv)1746 eay_camellia_decrypt(data, key, iv)
1747 vchar_t *data, *key, *iv;
1748 {
1749 return evp_crypt(data, key, iv, camellia_evp_by_keylen(key->l), 0);
1750 }
1751
1752 int
eay_camellia_weakkey(key)1753 eay_camellia_weakkey(key)
1754 vchar_t *key;
1755 {
1756 return 0;
1757 }
1758
1759 int
eay_camellia_keylen(len)1760 eay_camellia_keylen(len)
1761 int len;
1762 {
1763 if (len == 0)
1764 return 128;
1765 if (len != 128 && len != 192 && len != 256)
1766 return -1;
1767 return len;
1768 }
1769
1770 #endif
1771
1772 /* for ipsec part */
1773 int
eay_null_hashlen()1774 eay_null_hashlen()
1775 {
1776 return 0;
1777 }
1778
1779 int
eay_kpdk_hashlen()1780 eay_kpdk_hashlen()
1781 {
1782 return 0;
1783 }
1784
1785 int
eay_twofish_keylen(len)1786 eay_twofish_keylen(len)
1787 int len;
1788 {
1789 if (len < 0 || len > 256)
1790 return -1;
1791 return len;
1792 }
1793
1794 int
eay_null_keylen(len)1795 eay_null_keylen(len)
1796 int len;
1797 {
1798 return 0;
1799 }
1800
1801 /*
1802 * HMAC functions
1803 */
1804 static caddr_t
eay_hmac_init(key,md)1805 eay_hmac_init(key, md)
1806 vchar_t *key;
1807 const EVP_MD *md;
1808 {
1809 HMAC_CTX *c = racoon_malloc(sizeof(*c));
1810
1811 HMAC_Init(c, key->v, key->l, md);
1812
1813 return (caddr_t)c;
1814 }
1815
1816 #ifdef WITH_SHA2
1817 /*
1818 * HMAC SHA2-512
1819 */
1820 vchar_t *
eay_hmacsha2_512_one(key,data)1821 eay_hmacsha2_512_one(key, data)
1822 vchar_t *key, *data;
1823 {
1824 vchar_t *res;
1825 caddr_t ctx;
1826
1827 ctx = eay_hmacsha2_512_init(key);
1828 eay_hmacsha2_512_update(ctx, data);
1829 res = eay_hmacsha2_512_final(ctx);
1830
1831 return(res);
1832 }
1833
1834 caddr_t
eay_hmacsha2_512_init(key)1835 eay_hmacsha2_512_init(key)
1836 vchar_t *key;
1837 {
1838 return eay_hmac_init(key, EVP_sha2_512());
1839 }
1840
1841 void
eay_hmacsha2_512_update(c,data)1842 eay_hmacsha2_512_update(c, data)
1843 caddr_t c;
1844 vchar_t *data;
1845 {
1846 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
1847 }
1848
1849 vchar_t *
eay_hmacsha2_512_final(c)1850 eay_hmacsha2_512_final(c)
1851 caddr_t c;
1852 {
1853 vchar_t *res;
1854 unsigned int l;
1855
1856 if ((res = vmalloc(SHA512_DIGEST_LENGTH)) == 0)
1857 return NULL;
1858
1859 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
1860 res->l = l;
1861 HMAC_cleanup((HMAC_CTX *)c);
1862 (void)racoon_free(c);
1863
1864 if (SHA512_DIGEST_LENGTH != res->l) {
1865 plog(LLV_ERROR, LOCATION, NULL,
1866 "hmac sha2_512 length mismatch %zd.\n", res->l);
1867 vfree(res);
1868 return NULL;
1869 }
1870
1871 return(res);
1872 }
1873
1874 /*
1875 * HMAC SHA2-384
1876 */
1877 vchar_t *
eay_hmacsha2_384_one(key,data)1878 eay_hmacsha2_384_one(key, data)
1879 vchar_t *key, *data;
1880 {
1881 vchar_t *res;
1882 caddr_t ctx;
1883
1884 ctx = eay_hmacsha2_384_init(key);
1885 eay_hmacsha2_384_update(ctx, data);
1886 res = eay_hmacsha2_384_final(ctx);
1887
1888 return(res);
1889 }
1890
1891 caddr_t
eay_hmacsha2_384_init(key)1892 eay_hmacsha2_384_init(key)
1893 vchar_t *key;
1894 {
1895 return eay_hmac_init(key, EVP_sha2_384());
1896 }
1897
1898 void
eay_hmacsha2_384_update(c,data)1899 eay_hmacsha2_384_update(c, data)
1900 caddr_t c;
1901 vchar_t *data;
1902 {
1903 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
1904 }
1905
1906 vchar_t *
eay_hmacsha2_384_final(c)1907 eay_hmacsha2_384_final(c)
1908 caddr_t c;
1909 {
1910 vchar_t *res;
1911 unsigned int l;
1912
1913 if ((res = vmalloc(SHA384_DIGEST_LENGTH)) == 0)
1914 return NULL;
1915
1916 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
1917 res->l = l;
1918 HMAC_cleanup((HMAC_CTX *)c);
1919 (void)racoon_free(c);
1920
1921 if (SHA384_DIGEST_LENGTH != res->l) {
1922 plog(LLV_ERROR, LOCATION, NULL,
1923 "hmac sha2_384 length mismatch %zd.\n", res->l);
1924 vfree(res);
1925 return NULL;
1926 }
1927
1928 return(res);
1929 }
1930
1931 /*
1932 * HMAC SHA2-256
1933 */
1934 vchar_t *
eay_hmacsha2_256_one(key,data)1935 eay_hmacsha2_256_one(key, data)
1936 vchar_t *key, *data;
1937 {
1938 vchar_t *res;
1939 caddr_t ctx;
1940
1941 ctx = eay_hmacsha2_256_init(key);
1942 eay_hmacsha2_256_update(ctx, data);
1943 res = eay_hmacsha2_256_final(ctx);
1944
1945 return(res);
1946 }
1947
1948 caddr_t
eay_hmacsha2_256_init(key)1949 eay_hmacsha2_256_init(key)
1950 vchar_t *key;
1951 {
1952 return eay_hmac_init(key, EVP_sha2_256());
1953 }
1954
1955 void
eay_hmacsha2_256_update(c,data)1956 eay_hmacsha2_256_update(c, data)
1957 caddr_t c;
1958 vchar_t *data;
1959 {
1960 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
1961 }
1962
1963 vchar_t *
eay_hmacsha2_256_final(c)1964 eay_hmacsha2_256_final(c)
1965 caddr_t c;
1966 {
1967 vchar_t *res;
1968 unsigned int l;
1969
1970 if ((res = vmalloc(SHA256_DIGEST_LENGTH)) == 0)
1971 return NULL;
1972
1973 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
1974 res->l = l;
1975 HMAC_cleanup((HMAC_CTX *)c);
1976 (void)racoon_free(c);
1977
1978 if (SHA256_DIGEST_LENGTH != res->l) {
1979 plog(LLV_ERROR, LOCATION, NULL,
1980 "hmac sha2_256 length mismatch %zd.\n", res->l);
1981 vfree(res);
1982 return NULL;
1983 }
1984
1985 return(res);
1986 }
1987 #endif /* WITH_SHA2 */
1988
1989 /*
1990 * HMAC SHA1
1991 */
1992 vchar_t *
eay_hmacsha1_one(key,data)1993 eay_hmacsha1_one(key, data)
1994 vchar_t *key, *data;
1995 {
1996 vchar_t *res;
1997 caddr_t ctx;
1998
1999 ctx = eay_hmacsha1_init(key);
2000 eay_hmacsha1_update(ctx, data);
2001 res = eay_hmacsha1_final(ctx);
2002
2003 return(res);
2004 }
2005
2006 caddr_t
eay_hmacsha1_init(key)2007 eay_hmacsha1_init(key)
2008 vchar_t *key;
2009 {
2010 return eay_hmac_init(key, EVP_sha1());
2011 }
2012
2013 void
eay_hmacsha1_update(c,data)2014 eay_hmacsha1_update(c, data)
2015 caddr_t c;
2016 vchar_t *data;
2017 {
2018 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
2019 }
2020
2021 vchar_t *
eay_hmacsha1_final(c)2022 eay_hmacsha1_final(c)
2023 caddr_t c;
2024 {
2025 vchar_t *res;
2026 unsigned int l;
2027
2028 if ((res = vmalloc(SHA_DIGEST_LENGTH)) == 0)
2029 return NULL;
2030
2031 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
2032 res->l = l;
2033 HMAC_cleanup((HMAC_CTX *)c);
2034 (void)racoon_free(c);
2035
2036 if (SHA_DIGEST_LENGTH != res->l) {
2037 plog(LLV_ERROR, LOCATION, NULL,
2038 "hmac sha1 length mismatch %zd.\n", res->l);
2039 vfree(res);
2040 return NULL;
2041 }
2042
2043 return(res);
2044 }
2045
2046 /*
2047 * HMAC MD5
2048 */
2049 vchar_t *
eay_hmacmd5_one(key,data)2050 eay_hmacmd5_one(key, data)
2051 vchar_t *key, *data;
2052 {
2053 vchar_t *res;
2054 caddr_t ctx;
2055
2056 ctx = eay_hmacmd5_init(key);
2057 eay_hmacmd5_update(ctx, data);
2058 res = eay_hmacmd5_final(ctx);
2059
2060 return(res);
2061 }
2062
2063 caddr_t
eay_hmacmd5_init(key)2064 eay_hmacmd5_init(key)
2065 vchar_t *key;
2066 {
2067 return eay_hmac_init(key, EVP_md5());
2068 }
2069
2070 void
eay_hmacmd5_update(c,data)2071 eay_hmacmd5_update(c, data)
2072 caddr_t c;
2073 vchar_t *data;
2074 {
2075 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
2076 }
2077
2078 vchar_t *
eay_hmacmd5_final(c)2079 eay_hmacmd5_final(c)
2080 caddr_t c;
2081 {
2082 vchar_t *res;
2083 unsigned int l;
2084
2085 if ((res = vmalloc(MD5_DIGEST_LENGTH)) == 0)
2086 return NULL;
2087
2088 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
2089 res->l = l;
2090 HMAC_cleanup((HMAC_CTX *)c);
2091 (void)racoon_free(c);
2092
2093 if (MD5_DIGEST_LENGTH != res->l) {
2094 plog(LLV_ERROR, LOCATION, NULL,
2095 "hmac md5 length mismatch %zd.\n", res->l);
2096 vfree(res);
2097 return NULL;
2098 }
2099
2100 return(res);
2101 }
2102
2103 #ifdef WITH_SHA2
2104 /*
2105 * SHA2-512 functions
2106 */
2107 caddr_t
eay_sha2_512_init()2108 eay_sha2_512_init()
2109 {
2110 SHA512_CTX *c = racoon_malloc(sizeof(*c));
2111
2112 SHA512_Init(c);
2113
2114 return((caddr_t)c);
2115 }
2116
2117 void
eay_sha2_512_update(c,data)2118 eay_sha2_512_update(c, data)
2119 caddr_t c;
2120 vchar_t *data;
2121 {
2122 SHA512_Update((SHA512_CTX *)c, (unsigned char *) data->v, data->l);
2123
2124 return;
2125 }
2126
2127 vchar_t *
eay_sha2_512_final(c)2128 eay_sha2_512_final(c)
2129 caddr_t c;
2130 {
2131 vchar_t *res;
2132
2133 if ((res = vmalloc(SHA512_DIGEST_LENGTH)) == 0)
2134 return(0);
2135
2136 SHA512_Final((unsigned char *) res->v, (SHA512_CTX *)c);
2137 (void)racoon_free(c);
2138
2139 return(res);
2140 }
2141
2142 vchar_t *
eay_sha2_512_one(data)2143 eay_sha2_512_one(data)
2144 vchar_t *data;
2145 {
2146 caddr_t ctx;
2147 vchar_t *res;
2148
2149 ctx = eay_sha2_512_init();
2150 eay_sha2_512_update(ctx, data);
2151 res = eay_sha2_512_final(ctx);
2152
2153 return(res);
2154 }
2155
2156 int
eay_sha2_512_hashlen()2157 eay_sha2_512_hashlen()
2158 {
2159 return SHA512_DIGEST_LENGTH << 3;
2160 }
2161 #endif
2162
2163 #ifdef WITH_SHA2
2164 /*
2165 * SHA2-384 functions
2166 */
2167 caddr_t
eay_sha2_384_init()2168 eay_sha2_384_init()
2169 {
2170 SHA384_CTX *c = racoon_malloc(sizeof(*c));
2171
2172 SHA384_Init(c);
2173
2174 return((caddr_t)c);
2175 }
2176
2177 void
eay_sha2_384_update(c,data)2178 eay_sha2_384_update(c, data)
2179 caddr_t c;
2180 vchar_t *data;
2181 {
2182 SHA384_Update((SHA384_CTX *)c, (unsigned char *) data->v, data->l);
2183
2184 return;
2185 }
2186
2187 vchar_t *
eay_sha2_384_final(c)2188 eay_sha2_384_final(c)
2189 caddr_t c;
2190 {
2191 vchar_t *res;
2192
2193 if ((res = vmalloc(SHA384_DIGEST_LENGTH)) == 0)
2194 return(0);
2195
2196 SHA384_Final((unsigned char *) res->v, (SHA384_CTX *)c);
2197 (void)racoon_free(c);
2198
2199 return(res);
2200 }
2201
2202 vchar_t *
eay_sha2_384_one(data)2203 eay_sha2_384_one(data)
2204 vchar_t *data;
2205 {
2206 caddr_t ctx;
2207 vchar_t *res;
2208
2209 ctx = eay_sha2_384_init();
2210 eay_sha2_384_update(ctx, data);
2211 res = eay_sha2_384_final(ctx);
2212
2213 return(res);
2214 }
2215
2216 int
eay_sha2_384_hashlen()2217 eay_sha2_384_hashlen()
2218 {
2219 return SHA384_DIGEST_LENGTH << 3;
2220 }
2221 #endif
2222
2223 #ifdef WITH_SHA2
2224 /*
2225 * SHA2-256 functions
2226 */
2227 caddr_t
eay_sha2_256_init()2228 eay_sha2_256_init()
2229 {
2230 SHA256_CTX *c = racoon_malloc(sizeof(*c));
2231
2232 SHA256_Init(c);
2233
2234 return((caddr_t)c);
2235 }
2236
2237 void
eay_sha2_256_update(c,data)2238 eay_sha2_256_update(c, data)
2239 caddr_t c;
2240 vchar_t *data;
2241 {
2242 SHA256_Update((SHA256_CTX *)c, (unsigned char *) data->v, data->l);
2243
2244 return;
2245 }
2246
2247 vchar_t *
eay_sha2_256_final(c)2248 eay_sha2_256_final(c)
2249 caddr_t c;
2250 {
2251 vchar_t *res;
2252
2253 if ((res = vmalloc(SHA256_DIGEST_LENGTH)) == 0)
2254 return(0);
2255
2256 SHA256_Final((unsigned char *) res->v, (SHA256_CTX *)c);
2257 (void)racoon_free(c);
2258
2259 return(res);
2260 }
2261
2262 vchar_t *
eay_sha2_256_one(data)2263 eay_sha2_256_one(data)
2264 vchar_t *data;
2265 {
2266 caddr_t ctx;
2267 vchar_t *res;
2268
2269 ctx = eay_sha2_256_init();
2270 eay_sha2_256_update(ctx, data);
2271 res = eay_sha2_256_final(ctx);
2272
2273 return(res);
2274 }
2275
2276 int
eay_sha2_256_hashlen()2277 eay_sha2_256_hashlen()
2278 {
2279 return SHA256_DIGEST_LENGTH << 3;
2280 }
2281 #endif
2282
2283 /*
2284 * SHA functions
2285 */
2286 caddr_t
eay_sha1_init()2287 eay_sha1_init()
2288 {
2289 SHA_CTX *c = racoon_malloc(sizeof(*c));
2290
2291 SHA1_Init(c);
2292
2293 return((caddr_t)c);
2294 }
2295
2296 void
eay_sha1_update(c,data)2297 eay_sha1_update(c, data)
2298 caddr_t c;
2299 vchar_t *data;
2300 {
2301 SHA1_Update((SHA_CTX *)c, data->v, data->l);
2302
2303 return;
2304 }
2305
2306 vchar_t *
eay_sha1_final(c)2307 eay_sha1_final(c)
2308 caddr_t c;
2309 {
2310 vchar_t *res;
2311
2312 if ((res = vmalloc(SHA_DIGEST_LENGTH)) == 0)
2313 return(0);
2314
2315 SHA1_Final((unsigned char *) res->v, (SHA_CTX *)c);
2316 (void)racoon_free(c);
2317
2318 return(res);
2319 }
2320
2321 vchar_t *
eay_sha1_one(data)2322 eay_sha1_one(data)
2323 vchar_t *data;
2324 {
2325 caddr_t ctx;
2326 vchar_t *res;
2327
2328 ctx = eay_sha1_init();
2329 eay_sha1_update(ctx, data);
2330 res = eay_sha1_final(ctx);
2331
2332 return(res);
2333 }
2334
2335 int
eay_sha1_hashlen()2336 eay_sha1_hashlen()
2337 {
2338 return SHA_DIGEST_LENGTH << 3;
2339 }
2340
2341 /*
2342 * MD5 functions
2343 */
2344 caddr_t
eay_md5_init()2345 eay_md5_init()
2346 {
2347 MD5_CTX *c = racoon_malloc(sizeof(*c));
2348
2349 MD5_Init(c);
2350
2351 return((caddr_t)c);
2352 }
2353
2354 void
eay_md5_update(c,data)2355 eay_md5_update(c, data)
2356 caddr_t c;
2357 vchar_t *data;
2358 {
2359 MD5_Update((MD5_CTX *)c, data->v, data->l);
2360
2361 return;
2362 }
2363
2364 vchar_t *
eay_md5_final(c)2365 eay_md5_final(c)
2366 caddr_t c;
2367 {
2368 vchar_t *res;
2369
2370 if ((res = vmalloc(MD5_DIGEST_LENGTH)) == 0)
2371 return(0);
2372
2373 MD5_Final((unsigned char *) res->v, (MD5_CTX *)c);
2374 (void)racoon_free(c);
2375
2376 return(res);
2377 }
2378
2379 vchar_t *
eay_md5_one(data)2380 eay_md5_one(data)
2381 vchar_t *data;
2382 {
2383 caddr_t ctx;
2384 vchar_t *res;
2385
2386 ctx = eay_md5_init();
2387 eay_md5_update(ctx, data);
2388 res = eay_md5_final(ctx);
2389
2390 return(res);
2391 }
2392
2393 int
eay_md5_hashlen()2394 eay_md5_hashlen()
2395 {
2396 return MD5_DIGEST_LENGTH << 3;
2397 }
2398
2399 /*
2400 * eay_set_random
2401 * size: number of bytes.
2402 */
2403 vchar_t *
eay_set_random(size)2404 eay_set_random(size)
2405 u_int32_t size;
2406 {
2407 BIGNUM *r = NULL;
2408 vchar_t *res = 0;
2409
2410 if ((r = BN_new()) == NULL)
2411 goto end;
2412 BN_rand(r, size * 8, 0, 0);
2413 eay_bn2v(&res, r);
2414
2415 end:
2416 if (r)
2417 BN_free(r);
2418 return(res);
2419 }
2420
2421 /* DH */
2422 int
eay_dh_generate(prime,g,publen,pub,priv)2423 eay_dh_generate(prime, g, publen, pub, priv)
2424 vchar_t *prime, **pub, **priv;
2425 u_int publen;
2426 u_int32_t g;
2427 {
2428 BIGNUM *p = NULL;
2429 DH *dh = NULL;
2430 int error = -1;
2431
2432 /* initialize */
2433 /* pre-process to generate number */
2434 if (eay_v2bn(&p, prime) < 0)
2435 goto end;
2436
2437 if ((dh = DH_new()) == NULL)
2438 goto end;
2439 dh->p = p;
2440 p = NULL; /* p is now part of dh structure */
2441 dh->g = NULL;
2442 if ((dh->g = BN_new()) == NULL)
2443 goto end;
2444 if (!BN_set_word(dh->g, g))
2445 goto end;
2446
2447 if (publen != 0)
2448 dh->length = publen;
2449
2450 /* generate public and private number */
2451 if (!DH_generate_key(dh))
2452 goto end;
2453
2454 /* copy results to buffers */
2455 if (eay_bn2v(pub, dh->pub_key) < 0)
2456 goto end;
2457 if (eay_bn2v(priv, dh->priv_key) < 0) {
2458 vfree(*pub);
2459 goto end;
2460 }
2461
2462 error = 0;
2463
2464 end:
2465 if (dh != NULL)
2466 DH_free(dh);
2467 if (p != 0)
2468 BN_free(p);
2469 return(error);
2470 }
2471
2472 int
eay_dh_compute(prime,g,pub,priv,pub2,key)2473 eay_dh_compute(prime, g, pub, priv, pub2, key)
2474 vchar_t *prime, *pub, *priv, *pub2, **key;
2475 u_int32_t g;
2476 {
2477 BIGNUM *dh_pub = NULL;
2478 DH *dh = NULL;
2479 int l;
2480 unsigned char *v = NULL;
2481 int error = -1;
2482
2483 /* make public number to compute */
2484 if (eay_v2bn(&dh_pub, pub2) < 0)
2485 goto end;
2486
2487 /* make DH structure */
2488 if ((dh = DH_new()) == NULL)
2489 goto end;
2490 if (eay_v2bn(&dh->p, prime) < 0)
2491 goto end;
2492 if (eay_v2bn(&dh->pub_key, pub) < 0)
2493 goto end;
2494 if (eay_v2bn(&dh->priv_key, priv) < 0)
2495 goto end;
2496 dh->length = pub2->l * 8;
2497
2498 dh->g = NULL;
2499 if ((dh->g = BN_new()) == NULL)
2500 goto end;
2501 if (!BN_set_word(dh->g, g))
2502 goto end;
2503
2504 if ((v = racoon_calloc(prime->l, sizeof(u_char))) == NULL)
2505 goto end;
2506 if ((l = DH_compute_key(v, dh_pub, dh)) == -1)
2507 goto end;
2508 memcpy((*key)->v + (prime->l - l), v, l);
2509
2510 error = 0;
2511
2512 end:
2513 if (dh_pub != NULL)
2514 BN_free(dh_pub);
2515 if (dh != NULL)
2516 DH_free(dh);
2517 if (v != NULL)
2518 racoon_free(v);
2519 return(error);
2520 }
2521
2522 /*
2523 * convert vchar_t <-> BIGNUM.
2524 *
2525 * vchar_t: unit is u_char, network endian, most significant byte first.
2526 * BIGNUM: unit is BN_ULONG, each of BN_ULONG is in host endian,
2527 * least significant BN_ULONG must come first.
2528 *
2529 * hex value of "0x3ffe050104" is represented as follows:
2530 * vchar_t: 3f fe 05 01 04
2531 * BIGNUM (BN_ULONG = u_int8_t): 04 01 05 fe 3f
2532 * BIGNUM (BN_ULONG = u_int16_t): 0x0104 0xfe05 0x003f
2533 * BIGNUM (BN_ULONG = u_int32_t_t): 0xfe050104 0x0000003f
2534 */
2535 int
eay_v2bn(bn,var)2536 eay_v2bn(bn, var)
2537 BIGNUM **bn;
2538 vchar_t *var;
2539 {
2540 if ((*bn = BN_bin2bn((unsigned char *) var->v, var->l, NULL)) == NULL)
2541 return -1;
2542
2543 return 0;
2544 }
2545
2546 int
eay_bn2v(var,bn)2547 eay_bn2v(var, bn)
2548 vchar_t **var;
2549 BIGNUM *bn;
2550 {
2551 *var = vmalloc(bn->top * BN_BYTES);
2552 if (*var == NULL)
2553 return(-1);
2554
2555 (*var)->l = BN_bn2bin(bn, (unsigned char *) (*var)->v);
2556
2557 return 0;
2558 }
2559
2560 void
eay_init()2561 eay_init()
2562 {
2563 OpenSSL_add_all_algorithms();
2564 ERR_load_crypto_strings();
2565 #ifdef HAVE_OPENSSL_ENGINE_H
2566 ENGINE_load_builtin_engines();
2567 ENGINE_register_all_complete();
2568 #endif
2569 }
2570
2571 vchar_t *
base64_decode(char * in,long inlen)2572 base64_decode(char *in, long inlen)
2573 {
2574 BIO *bio=NULL, *b64=NULL;
2575 vchar_t *res = NULL;
2576 char *outb;
2577 long outlen;
2578
2579 outb = malloc(inlen * 2);
2580 if (outb == NULL)
2581 goto out;
2582 bio = BIO_new_mem_buf(in, inlen);
2583 b64 = BIO_new(BIO_f_base64());
2584 BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
2585 bio = BIO_push(b64, bio);
2586
2587 outlen = BIO_read(bio, outb, inlen * 2);
2588 if (outlen <= 0) {
2589 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
2590 goto out;
2591 }
2592
2593 res = vmalloc(outlen);
2594 if (!res)
2595 goto out;
2596
2597 memcpy(res->v, outb, outlen);
2598
2599 out:
2600 if (outb)
2601 free(outb);
2602 if (bio)
2603 BIO_free_all(bio);
2604
2605 return res;
2606 }
2607
2608 vchar_t *
base64_encode(char * in,long inlen)2609 base64_encode(char *in, long inlen)
2610 {
2611 BIO *bio=NULL, *b64=NULL;
2612 char *ptr;
2613 long plen = -1;
2614 vchar_t *res = NULL;
2615
2616 bio = BIO_new(BIO_s_mem());
2617 b64 = BIO_new(BIO_f_base64());
2618 BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
2619 bio = BIO_push(b64, bio);
2620
2621 BIO_write(bio, in, inlen);
2622 BIO_flush(bio);
2623
2624 plen = BIO_get_mem_data(bio, &ptr);
2625 res = vmalloc(plen+1);
2626 if (!res)
2627 goto out;
2628
2629 memcpy (res->v, ptr, plen);
2630 res->v[plen] = '\0';
2631
2632 out:
2633 if (bio)
2634 BIO_free_all(bio);
2635
2636 return res;
2637 }
2638
2639 static RSA *
binbuf_pubkey2rsa(vchar_t * binbuf)2640 binbuf_pubkey2rsa(vchar_t *binbuf)
2641 {
2642 BIGNUM *exp, *mod;
2643 RSA *rsa_pub = NULL;
2644
2645 if (binbuf->v[0] > binbuf->l - 1) {
2646 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: decoded string doesn't make sense.\n");
2647 goto out;
2648 }
2649
2650 exp = BN_bin2bn((unsigned char *) (binbuf->v + 1), binbuf->v[0], NULL);
2651 mod = BN_bin2bn((unsigned char *) (binbuf->v + binbuf->v[0] + 1),
2652 binbuf->l - binbuf->v[0] - 1, NULL);
2653 rsa_pub = RSA_new();
2654
2655 if (!exp || !mod || !rsa_pub) {
2656 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey parsing error: %s\n", eay_strerror());
2657 if (exp)
2658 BN_free(exp);
2659 if (mod)
2660 BN_free(exp);
2661 if (rsa_pub)
2662 RSA_free(rsa_pub);
2663 rsa_pub = NULL;
2664 goto out;
2665 }
2666
2667 rsa_pub->n = mod;
2668 rsa_pub->e = exp;
2669
2670 out:
2671 return rsa_pub;
2672 }
2673
2674 RSA *
base64_pubkey2rsa(char * in)2675 base64_pubkey2rsa(char *in)
2676 {
2677 BIGNUM *exp, *mod;
2678 RSA *rsa_pub = NULL;
2679 vchar_t *binbuf;
2680
2681 if (strncmp(in, "0s", 2) != 0) {
2682 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: doesn't start with '0s'\n");
2683 return NULL;
2684 }
2685
2686 binbuf = base64_decode(in + 2, strlen(in + 2));
2687 if (!binbuf) {
2688 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: Base64 decoding failed.\n");
2689 return NULL;
2690 }
2691
2692 if (binbuf->v[0] > binbuf->l - 1) {
2693 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: decoded string doesn't make sense.\n");
2694 goto out;
2695 }
2696
2697 rsa_pub = binbuf_pubkey2rsa(binbuf);
2698
2699 out:
2700 if (binbuf)
2701 vfree(binbuf);
2702
2703 return rsa_pub;
2704 }
2705
2706 RSA *
bignum_pubkey2rsa(BIGNUM * in)2707 bignum_pubkey2rsa(BIGNUM *in)
2708 {
2709 RSA *rsa_pub = NULL;
2710 vchar_t *binbuf;
2711
2712 binbuf = vmalloc(BN_num_bytes(in));
2713 if (!binbuf) {
2714 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey conversion: memory allocation failed..\n");
2715 return NULL;
2716 }
2717
2718 BN_bn2bin(in, (unsigned char *) binbuf->v);
2719
2720 rsa_pub = binbuf_pubkey2rsa(binbuf);
2721
2722 out:
2723 if (binbuf)
2724 vfree(binbuf);
2725
2726 return rsa_pub;
2727 }
2728
2729 u_int32_t
eay_random()2730 eay_random()
2731 {
2732 u_int32_t result;
2733 vchar_t *vrand;
2734
2735 vrand = eay_set_random(sizeof(result));
2736 memcpy(&result, vrand->v, sizeof(result));
2737 vfree(vrand);
2738
2739 return result;
2740 }
2741
2742 const char *
eay_version()2743 eay_version()
2744 {
2745 return SSLeay_version(SSLEAY_VERSION);
2746 }
2747