1 /* $NetBSD: crypto_openssl.c,v 1.11.6.6 2009/04/29 10:50:25 tteras Exp $ */
2
3 /* Id: crypto_openssl.c,v 1.47 2006/05/06 20:42:09 manubsd Exp */
4
5 /*
6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the project nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "config.h"
35
36 #include <sys/types.h>
37 #include <sys/param.h>
38
39 #include <stdlib.h>
40 #include <stdio.h>
41 #include <limits.h>
42 #include <string.h>
43
44 /* get openssl/ssleay version number */
45 #include <openssl/opensslv.h>
46
47 #if !defined(OPENSSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x0090602fL)
48 #error OpenSSL version 0.9.6 or later required.
49 #endif
50
51 #include <openssl/pem.h>
52 #include <openssl/evp.h>
53 #include <openssl/x509.h>
54 #include <openssl/x509v3.h>
55 #include <openssl/x509_vfy.h>
56 #include <openssl/bn.h>
57 #include <openssl/dh.h>
58 #include <openssl/md5.h>
59 #include <openssl/sha.h>
60 #include <openssl/hmac.h>
61 #include <openssl/des.h>
62 #include <openssl/crypto.h>
63 #ifdef HAVE_OPENSSL_ENGINE_H
64 #include <openssl/engine.h>
65 #endif
66 #ifndef ANDROID_CHANGES
67 #include <openssl/blowfish.h>
68 #include <openssl/cast.h>
69 #else
70 #define EVP_bf_cbc() NULL
71 #define EVP_cast5_cbc() NULL
72 #include "keystore_get.h"
73 #endif
74 #include <openssl/err.h>
75 #ifdef HAVE_OPENSSL_RC5_H
76 #include <openssl/rc5.h>
77 #endif
78 #ifdef HAVE_OPENSSL_IDEA_H
79 #include <openssl/idea.h>
80 #endif
81 #if defined(HAVE_OPENSSL_AES_H)
82 #include <openssl/aes.h>
83 #elif defined(HAVE_OPENSSL_RIJNDAEL_H)
84 #include <openssl/rijndael.h>
85 #else
86 #include "crypto/rijndael/rijndael-api-fst.h"
87 #endif
88 #if defined(HAVE_OPENSSL_CAMELLIA_H)
89 #include <openssl/camellia.h>
90 #endif
91 #ifdef WITH_SHA2
92 #ifdef HAVE_OPENSSL_SHA2_H
93 #include <openssl/sha2.h>
94 #else
95 #include "crypto/sha2/sha2.h"
96 #endif
97 #endif
98 #include "plog.h"
99
100 /* 0.9.7 stuff? */
101 #if OPENSSL_VERSION_NUMBER < 0x0090700fL
102 typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES;
103 #else
104 #define USE_NEW_DES_API
105 #endif
106
107 #define OpenSSL_BUG() do { plog(LLV_ERROR, LOCATION, NULL, "OpenSSL function failed\n"); } while(0)
108
109 #include "var.h"
110 #include "misc.h"
111 #include "vmbuf.h"
112 #include "plog.h"
113 #include "crypto_openssl.h"
114 #include "debug.h"
115 #include "gcmalloc.h"
116
117 /*
118 * I hate to cast every parameter to des_xx into void *, but it is
119 * necessary for SSLeay/OpenSSL portability. It sucks.
120 */
121
122 static int cb_check_cert_local __P((int, X509_STORE_CTX *));
123 static int cb_check_cert_remote __P((int, X509_STORE_CTX *));
124 static X509 *mem2x509 __P((vchar_t *));
125
126 static caddr_t eay_hmac_init __P((vchar_t *, const EVP_MD *));
127
128 /* X509 Certificate */
129 /*
130 * convert the string of the subject name into DER
131 * e.g. str = "C=JP, ST=Kanagawa";
132 */
133 vchar_t *
eay_str2asn1dn(str,len)134 eay_str2asn1dn(str, len)
135 const char *str;
136 int len;
137 {
138 X509_NAME *name;
139 char *buf;
140 char *field, *value;
141 int i, j;
142 vchar_t *ret = NULL;
143 caddr_t p;
144
145 if (len == -1)
146 len = strlen(str);
147
148 buf = racoon_malloc(len + 1);
149 if (!buf) {
150 plog(LLV_WARNING, LOCATION, NULL,"failed to allocate buffer\n");
151 return NULL;
152 }
153 memcpy(buf, str, len);
154
155 name = X509_NAME_new();
156
157 field = &buf[0];
158 value = NULL;
159 for (i = 0; i < len; i++) {
160 if (!value && buf[i] == '=') {
161 buf[i] = '\0';
162 value = &buf[i + 1];
163 continue;
164 } else if (buf[i] == ',' || buf[i] == '/') {
165 buf[i] = '\0';
166
167 plog(LLV_DEBUG, LOCATION, NULL, "DN: %s=%s\n",
168 field, value);
169
170 if (!value) goto err;
171 if (!X509_NAME_add_entry_by_txt(name, field,
172 (value[0] == '*' && value[1] == 0) ?
173 V_ASN1_PRINTABLESTRING : MBSTRING_ASC,
174 (unsigned char *) value, -1, -1, 0)) {
175 plog(LLV_ERROR, LOCATION, NULL,
176 "Invalid DN field: %s=%s\n",
177 field, value);
178 plog(LLV_ERROR, LOCATION, NULL,
179 "%s\n", eay_strerror());
180 goto err;
181 }
182 for (j = i + 1; j < len; j++) {
183 if (buf[j] != ' ')
184 break;
185 }
186 field = &buf[j];
187 value = NULL;
188 continue;
189 }
190 }
191 buf[len] = '\0';
192
193 plog(LLV_DEBUG, LOCATION, NULL, "DN: %s=%s\n",
194 field, value);
195
196 if (!value) goto err;
197 if (!X509_NAME_add_entry_by_txt(name, field,
198 (value[0] == '*' && value[1] == 0) ?
199 V_ASN1_PRINTABLESTRING : MBSTRING_ASC,
200 (unsigned char *) value, -1, -1, 0)) {
201 plog(LLV_ERROR, LOCATION, NULL,
202 "Invalid DN field: %s=%s\n",
203 field, value);
204 plog(LLV_ERROR, LOCATION, NULL,
205 "%s\n", eay_strerror());
206 goto err;
207 }
208
209 i = i2d_X509_NAME(name, NULL);
210 if (!i)
211 goto err;
212 ret = vmalloc(i);
213 if (!ret)
214 goto err;
215 p = ret->v;
216 i = i2d_X509_NAME(name, (void *)&p);
217 if (!i)
218 goto err;
219
220 return ret;
221
222 err:
223 if (buf)
224 racoon_free(buf);
225 if (name)
226 X509_NAME_free(name);
227 if (ret)
228 vfree(ret);
229 return NULL;
230 }
231
232 /*
233 * convert the hex string of the subject name into DER
234 */
235 vchar_t *
eay_hex2asn1dn(const char * hex,int len)236 eay_hex2asn1dn(const char *hex, int len)
237 {
238 BIGNUM *bn = BN_new();
239 char *binbuf;
240 size_t binlen;
241 vchar_t *ret = NULL;
242
243 if (len == -1)
244 len = strlen(hex);
245
246 if (BN_hex2bn(&bn, hex) != len) {
247 plog(LLV_ERROR, LOCATION, NULL,
248 "conversion of Hex-encoded ASN1 string to binary failed: %s\n",
249 eay_strerror());
250 goto out;
251 }
252
253 binlen = BN_num_bytes(bn);
254 ret = vmalloc(binlen);
255 if (!ret) {
256 plog(LLV_WARNING, LOCATION, NULL,"failed to allocate buffer\n");
257 return NULL;
258 }
259 binbuf = ret->v;
260
261 BN_bn2bin(bn, (unsigned char *) binbuf);
262
263 out:
264 BN_free(bn);
265
266 return ret;
267 }
268
269 /*
270 * The following are derived from code in crypto/x509/x509_cmp.c
271 * in OpenSSL0.9.7c:
272 * X509_NAME_wildcmp() adds wildcard matching to the original
273 * X509_NAME_cmp(), nocase_cmp() and nocase_spacenorm_cmp() are as is.
274 */
275 #include <ctype.h>
276 /* Case insensitive string comparision */
nocase_cmp(const ASN1_STRING * a,const ASN1_STRING * b)277 static int nocase_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
278 {
279 int i;
280
281 if (a->length != b->length)
282 return (a->length - b->length);
283
284 for (i=0; i<a->length; i++)
285 {
286 int ca, cb;
287
288 ca = tolower(a->data[i]);
289 cb = tolower(b->data[i]);
290
291 if (ca != cb)
292 return(ca-cb);
293 }
294 return 0;
295 }
296
297 /* Case insensitive string comparision with space normalization
298 * Space normalization - ignore leading, trailing spaces,
299 * multiple spaces between characters are replaced by single space
300 */
nocase_spacenorm_cmp(const ASN1_STRING * a,const ASN1_STRING * b)301 static int nocase_spacenorm_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
302 {
303 unsigned char *pa = NULL, *pb = NULL;
304 int la, lb;
305
306 la = a->length;
307 lb = b->length;
308 pa = a->data;
309 pb = b->data;
310
311 /* skip leading spaces */
312 while (la > 0 && isspace(*pa))
313 {
314 la--;
315 pa++;
316 }
317 while (lb > 0 && isspace(*pb))
318 {
319 lb--;
320 pb++;
321 }
322
323 /* skip trailing spaces */
324 while (la > 0 && isspace(pa[la-1]))
325 la--;
326 while (lb > 0 && isspace(pb[lb-1]))
327 lb--;
328
329 /* compare strings with space normalization */
330 while (la > 0 && lb > 0)
331 {
332 int ca, cb;
333
334 /* compare character */
335 ca = tolower(*pa);
336 cb = tolower(*pb);
337 if (ca != cb)
338 return (ca - cb);
339
340 pa++; pb++;
341 la--; lb--;
342
343 if (la <= 0 || lb <= 0)
344 break;
345
346 /* is white space next character ? */
347 if (isspace(*pa) && isspace(*pb))
348 {
349 /* skip remaining white spaces */
350 while (la > 0 && isspace(*pa))
351 {
352 la--;
353 pa++;
354 }
355 while (lb > 0 && isspace(*pb))
356 {
357 lb--;
358 pb++;
359 }
360 }
361 }
362 if (la > 0 || lb > 0)
363 return la - lb;
364
365 return 0;
366 }
367
X509_NAME_wildcmp(const X509_NAME * a,const X509_NAME * b)368 static int X509_NAME_wildcmp(const X509_NAME *a, const X509_NAME *b)
369 {
370 int i,j;
371 X509_NAME_ENTRY *na,*nb;
372
373 if (sk_X509_NAME_ENTRY_num(a->entries)
374 != sk_X509_NAME_ENTRY_num(b->entries))
375 return sk_X509_NAME_ENTRY_num(a->entries)
376 -sk_X509_NAME_ENTRY_num(b->entries);
377 for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
378 {
379 na=sk_X509_NAME_ENTRY_value(a->entries,i);
380 nb=sk_X509_NAME_ENTRY_value(b->entries,i);
381 j=OBJ_cmp(na->object,nb->object);
382 if (j) return(j);
383 if ((na->value->length == 1 && na->value->data[0] == '*')
384 || (nb->value->length == 1 && nb->value->data[0] == '*'))
385 continue;
386 j=na->value->type-nb->value->type;
387 if (j) return(j);
388 if (na->value->type == V_ASN1_PRINTABLESTRING)
389 j=nocase_spacenorm_cmp(na->value, nb->value);
390 else if (na->value->type == V_ASN1_IA5STRING
391 && OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress)
392 j=nocase_cmp(na->value, nb->value);
393 else
394 {
395 j=na->value->length-nb->value->length;
396 if (j) return(j);
397 j=memcmp(na->value->data,nb->value->data,
398 na->value->length);
399 }
400 if (j) return(j);
401 j=na->set-nb->set;
402 if (j) return(j);
403 }
404
405 return(0);
406 }
407
408 /*
409 * compare two subjectNames.
410 * OUT: 0: equal
411 * positive:
412 * -1: other error.
413 */
414 int
eay_cmp_asn1dn(n1,n2)415 eay_cmp_asn1dn(n1, n2)
416 vchar_t *n1, *n2;
417 {
418 X509_NAME *a = NULL, *b = NULL;
419 caddr_t p;
420 int i = -1;
421
422 p = n1->v;
423 if (!d2i_X509_NAME(&a, (void *)&p, n1->l))
424 goto end;
425 p = n2->v;
426 if (!d2i_X509_NAME(&b, (void *)&p, n2->l))
427 goto end;
428
429 i = X509_NAME_wildcmp(a, b);
430
431 end:
432 if (a)
433 X509_NAME_free(a);
434 if (b)
435 X509_NAME_free(b);
436 return i;
437 }
438
439 #ifdef ANDROID_CHANGES
BIO_from_keystore(char * key)440 static BIO *BIO_from_keystore(char *key)
441 {
442 BIO *bio = NULL;
443 char value[KEYSTORE_MESSAGE_SIZE];
444 int length = keystore_get(key, strlen(key), value);
445 if (length != -1 && (bio = BIO_new(BIO_s_mem())) != NULL) {
446 BIO_write(bio, value, length);
447 }
448 return bio;
449 }
450 #endif
451
452
453 /*
454 * this functions is derived from apps/verify.c in OpenSSL0.9.5
455 */
456 int
eay_check_x509cert(cert,CApath,CAfile,local)457 eay_check_x509cert(cert, CApath, CAfile, local)
458 vchar_t *cert;
459 char *CApath;
460 char *CAfile;
461 int local;
462 {
463 X509_STORE *cert_ctx = NULL;
464 X509_LOOKUP *lookup = NULL;
465 X509 *x509 = NULL;
466 X509_STORE_CTX *csc;
467 int error = -1;
468
469 cert_ctx = X509_STORE_new();
470 if (cert_ctx == NULL)
471 goto end;
472
473 if (local)
474 X509_STORE_set_verify_cb_func(cert_ctx, cb_check_cert_local);
475 else
476 X509_STORE_set_verify_cb_func(cert_ctx, cb_check_cert_remote);
477
478 #ifndef ANDROID_CHANGES
479 lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file());
480 if (lookup == NULL)
481 goto end;
482
483 X509_LOOKUP_load_file(lookup, CAfile,
484 (CAfile == NULL) ? X509_FILETYPE_DEFAULT : X509_FILETYPE_PEM);
485
486 lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_hash_dir());
487 if (lookup == NULL)
488 goto end;
489 error = X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM);
490 if(!error) {
491 error = -1;
492 goto end;
493 }
494 error = -1; /* initialized */
495 #else
496 if (CAfile) {
497 BIO *bio = BIO_from_keystore(CAfile);
498 STACK_OF(X509_INFO) *stack;
499 X509_INFO *info;
500 int i;
501
502 if (!bio) {
503 goto end;
504 }
505 stack = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL);
506 BIO_free(bio);
507 if (!stack) {
508 goto end;
509 }
510 for (i = 0; i < sk_X509_INFO_num(stack); ++i) {
511 info = sk_X509_INFO_value(stack, i);
512 if (info->x509) {
513 X509_STORE_add_cert(cert_ctx, info->x509);
514 }
515 if (info->crl) {
516 X509_STORE_add_crl(cert_ctx, info->crl);
517 }
518 }
519 sk_X509_INFO_pop_free(stack, X509_INFO_free);
520 }
521 #endif
522
523 /* read the certificate to be verified */
524 x509 = mem2x509(cert);
525 if (x509 == NULL)
526 goto end;
527
528 csc = X509_STORE_CTX_new();
529 if (csc == NULL)
530 goto end;
531 X509_STORE_CTX_init(csc, cert_ctx, x509, NULL);
532 #if OPENSSL_VERSION_NUMBER >= 0x00907000L
533 X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CRL_CHECK);
534 X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CRL_CHECK_ALL);
535 #endif
536 error = X509_verify_cert(csc);
537 X509_STORE_CTX_free(csc);
538
539 /*
540 * if x509_verify_cert() is successful then the value of error is
541 * set non-zero.
542 */
543 error = error ? 0 : -1;
544
545 end:
546 if (error)
547 plog(LLV_WARNING, LOCATION, NULL,"%s\n", eay_strerror());
548 if (cert_ctx != NULL)
549 X509_STORE_free(cert_ctx);
550 if (x509 != NULL)
551 X509_free(x509);
552
553 return(error);
554 }
555
556 /*
557 * callback function for verifing certificate.
558 * this function is derived from cb() in openssl/apps/s_server.c
559 */
560 static int
cb_check_cert_local(ok,ctx)561 cb_check_cert_local(ok, ctx)
562 int ok;
563 X509_STORE_CTX *ctx;
564 {
565 char buf[256];
566 int log_tag;
567
568 if (!ok) {
569 X509_NAME_oneline(
570 X509_get_subject_name(ctx->current_cert),
571 buf,
572 256);
573 /*
574 * since we are just checking the certificates, it is
575 * ok if they are self signed. But we should still warn
576 * the user.
577 */
578 switch (ctx->error) {
579 case X509_V_ERR_CERT_HAS_EXPIRED:
580 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
581 case X509_V_ERR_INVALID_CA:
582 case X509_V_ERR_PATH_LENGTH_EXCEEDED:
583 case X509_V_ERR_INVALID_PURPOSE:
584 case X509_V_ERR_UNABLE_TO_GET_CRL:
585 ok = 1;
586 log_tag = LLV_WARNING;
587 break;
588 default:
589 log_tag = LLV_ERROR;
590 }
591 plog(log_tag, LOCATION, NULL,
592 "%s(%d) at depth:%d SubjectName:%s\n",
593 X509_verify_cert_error_string(ctx->error),
594 ctx->error,
595 ctx->error_depth,
596 buf);
597 }
598 ERR_clear_error();
599
600 return ok;
601 }
602
603 /*
604 * callback function for verifing remote certificates.
605 * this function is derived from cb() in openssl/apps/s_server.c
606 */
607 static int
cb_check_cert_remote(ok,ctx)608 cb_check_cert_remote(ok, ctx)
609 int ok;
610 X509_STORE_CTX *ctx;
611 {
612 char buf[256];
613 int log_tag;
614
615 if (!ok) {
616 X509_NAME_oneline(
617 X509_get_subject_name(ctx->current_cert),
618 buf,
619 256);
620 switch (ctx->error) {
621 case X509_V_ERR_UNABLE_TO_GET_CRL:
622 ok = 1;
623 log_tag = LLV_WARNING;
624 break;
625 default:
626 log_tag = LLV_ERROR;
627 }
628 plog(log_tag, LOCATION, NULL,
629 "%s(%d) at depth:%d SubjectName:%s\n",
630 X509_verify_cert_error_string(ctx->error),
631 ctx->error,
632 ctx->error_depth,
633 buf);
634 }
635 ERR_clear_error();
636
637 return ok;
638 }
639
640 /*
641 * get a subjectAltName from X509 certificate.
642 */
643 vchar_t *
eay_get_x509asn1subjectname(cert)644 eay_get_x509asn1subjectname(cert)
645 vchar_t *cert;
646 {
647 X509 *x509 = NULL;
648 u_char *bp;
649 vchar_t *name = NULL;
650 int len;
651
652 bp = (unsigned char *) cert->v;
653
654 x509 = mem2x509(cert);
655 if (x509 == NULL)
656 goto error;
657
658 /* get the length of the name */
659 len = i2d_X509_NAME(x509->cert_info->subject, NULL);
660 name = vmalloc(len);
661 if (!name)
662 goto error;
663 /* get the name */
664 bp = (unsigned char *) name->v;
665 len = i2d_X509_NAME(x509->cert_info->subject, &bp);
666
667 X509_free(x509);
668
669 return name;
670
671 error:
672 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
673
674 if (name != NULL)
675 vfree(name);
676
677 if (x509 != NULL)
678 X509_free(x509);
679
680 return NULL;
681 }
682
683 /*
684 * get the subjectAltName from X509 certificate.
685 * the name must be terminated by '\0'.
686 */
687 int
eay_get_x509subjectaltname(cert,altname,type,pos)688 eay_get_x509subjectaltname(cert, altname, type, pos)
689 vchar_t *cert;
690 char **altname;
691 int *type;
692 int pos;
693 {
694 X509 *x509 = NULL;
695 GENERAL_NAMES *gens = NULL;
696 GENERAL_NAME *gen;
697 int len;
698 int error = -1;
699
700 *altname = NULL;
701 *type = GENT_OTHERNAME;
702
703 x509 = mem2x509(cert);
704 if (x509 == NULL)
705 goto end;
706
707 gens = X509_get_ext_d2i(x509, NID_subject_alt_name, NULL, NULL);
708 if (gens == NULL)
709 goto end;
710
711 /* there is no data at "pos" */
712 if (pos > sk_GENERAL_NAME_num(gens))
713 goto end;
714
715 gen = sk_GENERAL_NAME_value(gens, pos - 1);
716
717 /* read DNSName / Email */
718 if (gen->type == GEN_DNS ||
719 gen->type == GEN_EMAIL ||
720 gen->type == GEN_URI )
721 {
722 /* make sure if the data is terminated by '\0'. */
723 if (gen->d.ia5->data[gen->d.ia5->length] != '\0')
724 {
725 plog(LLV_ERROR, LOCATION, NULL,
726 "data is not terminated by NUL.");
727 racoon_hexdump(gen->d.ia5->data, gen->d.ia5->length + 1);
728 goto end;
729 }
730
731 len = gen->d.ia5->length + 1;
732 *altname = racoon_malloc(len);
733 if (!*altname)
734 goto end;
735
736 strlcpy(*altname, (char *) gen->d.ia5->data, len);
737 *type = gen->type;
738 error = 0;
739 }
740 /* read IP address */
741 else if (gen->type == GEN_IPADD)
742 {
743 unsigned char p[5], *ip;
744 ip = p;
745
746 /* only support IPv4 */
747 if (gen->d.ip->length != 4)
748 goto end;
749
750 /* convert Octet String to String
751 * XXX ???????
752 */
753 /*i2d_ASN1_OCTET_STRING(gen->d.ip,&ip);*/
754 ip = gen->d.ip->data;
755
756 /* XXX Magic, enough for an IPv4 address
757 */
758 *altname = racoon_malloc(20);
759 if (!*altname)
760 goto end;
761
762 sprintf(*altname, "%u.%u.%u.%u", ip[0], ip[1], ip[2], ip[3]);
763 *type = gen->type;
764 error = 0;
765 }
766 /* XXX other possible types ?
767 * For now, error will be -1 if unsupported type
768 */
769
770 end:
771 if (error) {
772 if (*altname) {
773 racoon_free(*altname);
774 *altname = NULL;
775 }
776 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
777 }
778 if (x509)
779 X509_free(x509);
780 if (gens)
781 /* free the whole stack. */
782 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
783
784 return error;
785 }
786
787
788 /*
789 * decode a X509 certificate and make a readable text terminated '\n'.
790 * return the buffer allocated, so must free it later.
791 */
792 char *
eay_get_x509text(cert)793 eay_get_x509text(cert)
794 vchar_t *cert;
795 {
796 X509 *x509 = NULL;
797 BIO *bio = NULL;
798 char *text = NULL;
799 u_char *bp = NULL;
800 int len = 0;
801 int error = -1;
802
803 x509 = mem2x509(cert);
804 if (x509 == NULL)
805 goto end;
806
807 bio = BIO_new(BIO_s_mem());
808 if (bio == NULL)
809 goto end;
810
811 error = X509_print(bio, x509);
812 if (error != 1) {
813 error = -1;
814 goto end;
815 }
816
817 len = BIO_get_mem_data(bio, &bp);
818 text = racoon_malloc(len + 1);
819 if (text == NULL)
820 goto end;
821 memcpy(text, bp, len);
822 text[len] = '\0';
823
824 error = 0;
825
826 end:
827 if (error) {
828 if (text) {
829 racoon_free(text);
830 text = NULL;
831 }
832 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
833 }
834 if (bio)
835 BIO_free(bio);
836 if (x509)
837 X509_free(x509);
838
839 return text;
840 }
841
842 /* get X509 structure from buffer. */
843 static X509 *
mem2x509(cert)844 mem2x509(cert)
845 vchar_t *cert;
846 {
847 X509 *x509;
848
849 #ifndef EAYDEBUG
850 {
851 u_char *bp;
852
853 bp = (unsigned char *) cert->v;
854
855 x509 = d2i_X509(NULL, (void *)&bp, cert->l);
856 }
857 #else
858 {
859 BIO *bio;
860 int len;
861
862 bio = BIO_new(BIO_s_mem());
863 if (bio == NULL)
864 return NULL;
865 len = BIO_write(bio, cert->v, cert->l);
866 if (len == -1)
867 return NULL;
868 x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
869 BIO_free(bio);
870 }
871 #endif
872 return x509;
873 }
874
875 /*
876 * get a X509 certificate from local file.
877 * a certificate must be PEM format.
878 * Input:
879 * path to a certificate.
880 * Output:
881 * NULL if error occured
882 * other is the cert.
883 */
884 vchar_t *
eay_get_x509cert(path)885 eay_get_x509cert(path)
886 char *path;
887 {
888 FILE *fp;
889 X509 *x509;
890 vchar_t *cert;
891 u_char *bp;
892 int len;
893 int error;
894
895 #ifdef ANDROID_CHANGES
896 BIO *bio = BIO_from_keystore(path);
897 x509 = NULL;
898 if (bio) {
899 x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
900 BIO_free(bio);
901 }
902 #else
903 /* Read private key */
904 fp = fopen(path, "r");
905 if (fp == NULL)
906 return NULL;
907 x509 = PEM_read_X509(fp, NULL, NULL, NULL);
908 fclose (fp);
909 #endif
910
911 if (x509 == NULL)
912 return NULL;
913
914 len = i2d_X509(x509, NULL);
915 cert = vmalloc(len);
916 if (cert == NULL) {
917 X509_free(x509);
918 return NULL;
919 }
920 bp = (unsigned char *) cert->v;
921 error = i2d_X509(x509, &bp);
922 X509_free(x509);
923
924 if (error == 0) {
925 vfree(cert);
926 return NULL;
927 }
928
929 return cert;
930 }
931
932 /*
933 * check a X509 signature
934 * XXX: to be get hash type from my cert ?
935 * to be handled EVP_dss().
936 * OUT: return -1 when error.
937 * 0
938 */
939 int
eay_check_x509sign(source,sig,cert)940 eay_check_x509sign(source, sig, cert)
941 vchar_t *source;
942 vchar_t *sig;
943 vchar_t *cert;
944 {
945 X509 *x509;
946 u_char *bp;
947 EVP_PKEY *evp;
948 int res;
949
950 bp = (unsigned char *) cert->v;
951
952 x509 = d2i_X509(NULL, (void *)&bp, cert->l);
953 if (x509 == NULL) {
954 plog(LLV_ERROR, LOCATION, NULL, "d2i_X509(): %s\n", eay_strerror());
955 return -1;
956 }
957
958 evp = X509_get_pubkey(x509);
959 if (! evp) {
960 plog(LLV_ERROR, LOCATION, NULL, "X509_get_pubkey(): %s\n", eay_strerror());
961 X509_free(x509);
962 return -1;
963 }
964
965 res = eay_rsa_verify(source, sig, evp->pkey.rsa);
966
967 EVP_PKEY_free(evp);
968 X509_free(x509);
969
970 return res;
971 }
972
973 /*
974 * check RSA signature
975 * OUT: return -1 when error.
976 * 0 on success
977 */
978 int
eay_check_rsasign(source,sig,rsa)979 eay_check_rsasign(source, sig, rsa)
980 vchar_t *source;
981 vchar_t *sig;
982 RSA *rsa;
983 {
984 return eay_rsa_verify(source, sig, rsa);
985 }
986
987 /*
988 * get PKCS#1 Private Key of PEM format from local file.
989 */
990 vchar_t *
eay_get_pkcs1privkey(path)991 eay_get_pkcs1privkey(path)
992 char *path;
993 {
994 FILE *fp;
995 EVP_PKEY *evp = NULL;
996 vchar_t *pkey = NULL;
997 u_char *bp;
998 int pkeylen;
999 int error = -1;
1000
1001 #ifdef ANDROID_CHANGES
1002 BIO *bio = BIO_from_keystore(path);
1003 if (bio) {
1004 evp = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL);
1005 BIO_free(bio);
1006 }
1007 #else
1008 /* Read private key */
1009 fp = fopen(path, "r");
1010 if (fp == NULL)
1011 return NULL;
1012
1013 evp = PEM_read_PrivateKey(fp, NULL, NULL, NULL);
1014
1015 fclose (fp);
1016 #endif
1017
1018 if (evp == NULL)
1019 return NULL;
1020
1021 pkeylen = i2d_PrivateKey(evp, NULL);
1022 if (pkeylen == 0)
1023 goto end;
1024 pkey = vmalloc(pkeylen);
1025 if (pkey == NULL)
1026 goto end;
1027 bp = (unsigned char *) pkey->v;
1028 pkeylen = i2d_PrivateKey(evp, &bp);
1029 if (pkeylen == 0)
1030 goto end;
1031
1032 error = 0;
1033
1034 end:
1035 if (evp != NULL)
1036 EVP_PKEY_free(evp);
1037 if (error != 0 && pkey != NULL) {
1038 vfree(pkey);
1039 pkey = NULL;
1040 }
1041
1042 return pkey;
1043 }
1044
1045 /*
1046 * get PKCS#1 Public Key of PEM format from local file.
1047 */
1048 vchar_t *
eay_get_pkcs1pubkey(path)1049 eay_get_pkcs1pubkey(path)
1050 char *path;
1051 {
1052 FILE *fp;
1053 EVP_PKEY *evp = NULL;
1054 vchar_t *pkey = NULL;
1055 X509 *x509 = NULL;
1056 u_char *bp;
1057 int pkeylen;
1058 int error = -1;
1059
1060 /* Read private key */
1061 fp = fopen(path, "r");
1062 if (fp == NULL)
1063 return NULL;
1064
1065 x509 = PEM_read_X509(fp, NULL, NULL, NULL);
1066
1067 fclose (fp);
1068
1069 if (x509 == NULL)
1070 return NULL;
1071
1072 /* Get public key - eay */
1073 evp = X509_get_pubkey(x509);
1074 if (evp == NULL)
1075 return NULL;
1076
1077 pkeylen = i2d_PublicKey(evp, NULL);
1078 if (pkeylen == 0)
1079 goto end;
1080 pkey = vmalloc(pkeylen);
1081 if (pkey == NULL)
1082 goto end;
1083 bp = (unsigned char *) pkey->v;
1084 pkeylen = i2d_PublicKey(evp, &bp);
1085 if (pkeylen == 0)
1086 goto end;
1087
1088 error = 0;
1089 end:
1090 if (evp != NULL)
1091 EVP_PKEY_free(evp);
1092 if (error != 0 && pkey != NULL) {
1093 vfree(pkey);
1094 pkey = NULL;
1095 }
1096
1097 return pkey;
1098 }
1099
1100 vchar_t *
eay_get_x509sign(src,privkey)1101 eay_get_x509sign(src, privkey)
1102 vchar_t *src, *privkey;
1103 {
1104 EVP_PKEY *evp;
1105 u_char *bp = (unsigned char *) privkey->v;
1106 vchar_t *sig = NULL;
1107 int len;
1108 int pad = RSA_PKCS1_PADDING;
1109
1110 /* XXX to be handled EVP_PKEY_DSA */
1111 evp = d2i_PrivateKey(EVP_PKEY_RSA, NULL, (void *)&bp, privkey->l);
1112 if (evp == NULL)
1113 return NULL;
1114
1115 sig = eay_rsa_sign(src, evp->pkey.rsa);
1116
1117 EVP_PKEY_free(evp);
1118
1119 return sig;
1120 }
1121
1122 vchar_t *
eay_get_rsasign(src,rsa)1123 eay_get_rsasign(src, rsa)
1124 vchar_t *src;
1125 RSA *rsa;
1126 {
1127 return eay_rsa_sign(src, rsa);
1128 }
1129
1130 vchar_t *
eay_rsa_sign(vchar_t * src,RSA * rsa)1131 eay_rsa_sign(vchar_t *src, RSA *rsa)
1132 {
1133 int len;
1134 vchar_t *sig = NULL;
1135 int pad = RSA_PKCS1_PADDING;
1136
1137 len = RSA_size(rsa);
1138
1139 sig = vmalloc(len);
1140 if (sig == NULL)
1141 return NULL;
1142
1143 len = RSA_private_encrypt(src->l, (unsigned char *) src->v,
1144 (unsigned char *) sig->v, rsa, pad);
1145
1146 if (len == 0 || len != sig->l) {
1147 vfree(sig);
1148 sig = NULL;
1149 }
1150
1151 return sig;
1152 }
1153
1154 int
eay_rsa_verify(src,sig,rsa)1155 eay_rsa_verify(src, sig, rsa)
1156 vchar_t *src, *sig;
1157 RSA *rsa;
1158 {
1159 vchar_t *xbuf = NULL;
1160 int pad = RSA_PKCS1_PADDING;
1161 int len = 0;
1162 int error;
1163
1164 len = RSA_size(rsa);
1165 xbuf = vmalloc(len);
1166 if (xbuf == NULL) {
1167 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
1168 return -1;
1169 }
1170
1171 len = RSA_public_decrypt(sig->l, (unsigned char *) sig->v,
1172 (unsigned char *) xbuf->v, rsa, pad);
1173 if (len == 0 || len != src->l) {
1174 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
1175 vfree(xbuf);
1176 return -1;
1177 }
1178
1179 error = memcmp(src->v, xbuf->v, src->l);
1180 vfree(xbuf);
1181 if (error != 0)
1182 return -1;
1183
1184 return 0;
1185 }
1186
1187 /*
1188 * get error string
1189 * MUST load ERR_load_crypto_strings() first.
1190 */
1191 char *
eay_strerror()1192 eay_strerror()
1193 {
1194 static char ebuf[512];
1195 int len = 0, n;
1196 unsigned long l;
1197 char buf[200];
1198 const char *file, *data;
1199 int line, flags;
1200 unsigned long es;
1201
1202 es = CRYPTO_thread_id();
1203
1204 while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0){
1205 n = snprintf(ebuf + len, sizeof(ebuf) - len,
1206 "%lu:%s:%s:%d:%s ",
1207 es, ERR_error_string(l, buf), file, line,
1208 (flags & ERR_TXT_STRING) ? data : "");
1209 if (n < 0 || n >= sizeof(ebuf) - len)
1210 break;
1211 len += n;
1212 if (sizeof(ebuf) < len)
1213 break;
1214 }
1215
1216 return ebuf;
1217 }
1218
1219 vchar_t *
evp_crypt(vchar_t * data,vchar_t * key,vchar_t * iv,const EVP_CIPHER * e,int enc)1220 evp_crypt(vchar_t *data, vchar_t *key, vchar_t *iv, const EVP_CIPHER *e, int enc)
1221 {
1222 vchar_t *res;
1223 EVP_CIPHER_CTX ctx;
1224
1225 if (!e)
1226 return NULL;
1227
1228 if (data->l % EVP_CIPHER_block_size(e))
1229 return NULL;
1230
1231 if ((res = vmalloc(data->l)) == NULL)
1232 return NULL;
1233
1234 EVP_CIPHER_CTX_init(&ctx);
1235
1236 switch(EVP_CIPHER_nid(e)){
1237 case NID_bf_cbc:
1238 case NID_bf_ecb:
1239 case NID_bf_cfb64:
1240 case NID_bf_ofb64:
1241 case NID_cast5_cbc:
1242 case NID_cast5_ecb:
1243 case NID_cast5_cfb64:
1244 case NID_cast5_ofb64:
1245 /* XXX: can we do that also for algos with a fixed key size ?
1246 */
1247 /* init context without key/iv
1248 */
1249 if (!EVP_CipherInit(&ctx, e, NULL, NULL, enc))
1250 {
1251 OpenSSL_BUG();
1252 vfree(res);
1253 return NULL;
1254 }
1255
1256 /* update key size
1257 */
1258 if (!EVP_CIPHER_CTX_set_key_length(&ctx, key->l))
1259 {
1260 OpenSSL_BUG();
1261 vfree(res);
1262 return NULL;
1263 }
1264
1265 /* finalize context init with desired key size
1266 */
1267 if (!EVP_CipherInit(&ctx, NULL, (u_char *) key->v,
1268 (u_char *) iv->v, enc))
1269 {
1270 OpenSSL_BUG();
1271 vfree(res);
1272 return NULL;
1273 }
1274 break;
1275 default:
1276 if (!EVP_CipherInit(&ctx, e, (u_char *) key->v,
1277 (u_char *) iv->v, enc)) {
1278 OpenSSL_BUG();
1279 vfree(res);
1280 return NULL;
1281 }
1282 }
1283
1284 /* disable openssl padding */
1285 EVP_CIPHER_CTX_set_padding(&ctx, 0);
1286
1287 if (!EVP_Cipher(&ctx, (u_char *) res->v, (u_char *) data->v, data->l)) {
1288 OpenSSL_BUG();
1289 vfree(res);
1290 return NULL;
1291 }
1292
1293 EVP_CIPHER_CTX_cleanup(&ctx);
1294
1295 return res;
1296 }
1297
1298 int
evp_weakkey(vchar_t * key,const EVP_CIPHER * e)1299 evp_weakkey(vchar_t *key, const EVP_CIPHER *e)
1300 {
1301 return 0;
1302 }
1303
1304 int
evp_keylen(int len,const EVP_CIPHER * e)1305 evp_keylen(int len, const EVP_CIPHER *e)
1306 {
1307 if (!e)
1308 return -1;
1309 /* EVP functions return lengths in bytes, ipsec-tools
1310 * uses lengths in bits, therefore conversion is required. --AK
1311 */
1312 if (len != 0 && len != (EVP_CIPHER_key_length(e) << 3))
1313 return -1;
1314
1315 return EVP_CIPHER_key_length(e) << 3;
1316 }
1317
1318 /*
1319 * DES-CBC
1320 */
1321 vchar_t *
eay_des_encrypt(data,key,iv)1322 eay_des_encrypt(data, key, iv)
1323 vchar_t *data, *key, *iv;
1324 {
1325 return evp_crypt(data, key, iv, EVP_des_cbc(), 1);
1326 }
1327
1328 vchar_t *
eay_des_decrypt(data,key,iv)1329 eay_des_decrypt(data, key, iv)
1330 vchar_t *data, *key, *iv;
1331 {
1332 return evp_crypt(data, key, iv, EVP_des_cbc(), 0);
1333 }
1334
1335 int
eay_des_weakkey(key)1336 eay_des_weakkey(key)
1337 vchar_t *key;
1338 {
1339 #ifdef USE_NEW_DES_API
1340 return DES_is_weak_key((void *)key->v);
1341 #else
1342 return des_is_weak_key((void *)key->v);
1343 #endif
1344 }
1345
1346 int
eay_des_keylen(len)1347 eay_des_keylen(len)
1348 int len;
1349 {
1350 return evp_keylen(len, EVP_des_cbc());
1351 }
1352
1353 #ifdef HAVE_OPENSSL_IDEA_H
1354 /*
1355 * IDEA-CBC
1356 */
1357 vchar_t *
eay_idea_encrypt(data,key,iv)1358 eay_idea_encrypt(data, key, iv)
1359 vchar_t *data, *key, *iv;
1360 {
1361 vchar_t *res;
1362 IDEA_KEY_SCHEDULE ks;
1363
1364 idea_set_encrypt_key((unsigned char *)key->v, &ks);
1365
1366 /* allocate buffer for result */
1367 if ((res = vmalloc(data->l)) == NULL)
1368 return NULL;
1369
1370 /* decryption data */
1371 idea_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l,
1372 &ks, (unsigned char *)iv->v, IDEA_ENCRYPT);
1373
1374 return res;
1375 }
1376
1377 vchar_t *
eay_idea_decrypt(data,key,iv)1378 eay_idea_decrypt(data, key, iv)
1379 vchar_t *data, *key, *iv;
1380 {
1381 vchar_t *res;
1382 IDEA_KEY_SCHEDULE ks, dks;
1383
1384 idea_set_encrypt_key((unsigned char *)key->v, &ks);
1385 idea_set_decrypt_key(&ks, &dks);
1386
1387 /* allocate buffer for result */
1388 if ((res = vmalloc(data->l)) == NULL)
1389 return NULL;
1390
1391 /* decryption data */
1392 idea_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l,
1393 &dks, (unsigned char *)iv->v, IDEA_DECRYPT);
1394
1395 return res;
1396 }
1397
1398 int
eay_idea_weakkey(key)1399 eay_idea_weakkey(key)
1400 vchar_t *key;
1401 {
1402 return 0; /* XXX */
1403 }
1404
1405 int
eay_idea_keylen(len)1406 eay_idea_keylen(len)
1407 int len;
1408 {
1409 if (len != 0 && len != 128)
1410 return -1;
1411 return 128;
1412 }
1413 #endif
1414
1415 /*
1416 * BLOWFISH-CBC
1417 */
1418 vchar_t *
eay_bf_encrypt(data,key,iv)1419 eay_bf_encrypt(data, key, iv)
1420 vchar_t *data, *key, *iv;
1421 {
1422 return evp_crypt(data, key, iv, EVP_bf_cbc(), 1);
1423 }
1424
1425 vchar_t *
eay_bf_decrypt(data,key,iv)1426 eay_bf_decrypt(data, key, iv)
1427 vchar_t *data, *key, *iv;
1428 {
1429 return evp_crypt(data, key, iv, EVP_bf_cbc(), 0);
1430 }
1431
1432 int
eay_bf_weakkey(key)1433 eay_bf_weakkey(key)
1434 vchar_t *key;
1435 {
1436 return 0; /* XXX to be done. refer to RFC 2451 */
1437 }
1438
1439 int
eay_bf_keylen(len)1440 eay_bf_keylen(len)
1441 int len;
1442 {
1443 if (len == 0)
1444 return 448;
1445 if (len < 40 || len > 448)
1446 return -1;
1447 return len;
1448 }
1449
1450 #ifdef HAVE_OPENSSL_RC5_H
1451 /*
1452 * RC5-CBC
1453 */
1454 vchar_t *
eay_rc5_encrypt(data,key,iv)1455 eay_rc5_encrypt(data, key, iv)
1456 vchar_t *data, *key, *iv;
1457 {
1458 vchar_t *res;
1459 RC5_32_KEY ks;
1460
1461 /* in RFC 2451, there is information about the number of round. */
1462 RC5_32_set_key(&ks, key->l, (unsigned char *)key->v, 16);
1463
1464 /* allocate buffer for result */
1465 if ((res = vmalloc(data->l)) == NULL)
1466 return NULL;
1467
1468 /* decryption data */
1469 RC5_32_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l,
1470 &ks, (unsigned char *)iv->v, RC5_ENCRYPT);
1471
1472 return res;
1473 }
1474
1475 vchar_t *
eay_rc5_decrypt(data,key,iv)1476 eay_rc5_decrypt(data, key, iv)
1477 vchar_t *data, *key, *iv;
1478 {
1479 vchar_t *res;
1480 RC5_32_KEY ks;
1481
1482 /* in RFC 2451, there is information about the number of round. */
1483 RC5_32_set_key(&ks, key->l, (unsigned char *)key->v, 16);
1484
1485 /* allocate buffer for result */
1486 if ((res = vmalloc(data->l)) == NULL)
1487 return NULL;
1488
1489 /* decryption data */
1490 RC5_32_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l,
1491 &ks, (unsigned char *)iv->v, RC5_DECRYPT);
1492
1493 return res;
1494 }
1495
1496 int
eay_rc5_weakkey(key)1497 eay_rc5_weakkey(key)
1498 vchar_t *key;
1499 {
1500 return 0; /* No known weak keys when used with 16 rounds. */
1501
1502 }
1503
1504 int
eay_rc5_keylen(len)1505 eay_rc5_keylen(len)
1506 int len;
1507 {
1508 if (len == 0)
1509 return 128;
1510 if (len < 40 || len > 2040)
1511 return -1;
1512 return len;
1513 }
1514 #endif
1515
1516 /*
1517 * 3DES-CBC
1518 */
1519 vchar_t *
eay_3des_encrypt(data,key,iv)1520 eay_3des_encrypt(data, key, iv)
1521 vchar_t *data, *key, *iv;
1522 {
1523 return evp_crypt(data, key, iv, EVP_des_ede3_cbc(), 1);
1524 }
1525
1526 vchar_t *
eay_3des_decrypt(data,key,iv)1527 eay_3des_decrypt(data, key, iv)
1528 vchar_t *data, *key, *iv;
1529 {
1530 return evp_crypt(data, key, iv, EVP_des_ede3_cbc(), 0);
1531 }
1532
1533 int
eay_3des_weakkey(key)1534 eay_3des_weakkey(key)
1535 vchar_t *key;
1536 {
1537 #ifdef USE_NEW_DES_API
1538 return (DES_is_weak_key((void *)key->v) ||
1539 DES_is_weak_key((void *)(key->v + 8)) ||
1540 DES_is_weak_key((void *)(key->v + 16)));
1541 #else
1542 if (key->l < 24)
1543 return 0;
1544
1545 return (des_is_weak_key((void *)key->v) ||
1546 des_is_weak_key((void *)(key->v + 8)) ||
1547 des_is_weak_key((void *)(key->v + 16)));
1548 #endif
1549 }
1550
1551 int
eay_3des_keylen(len)1552 eay_3des_keylen(len)
1553 int len;
1554 {
1555 if (len != 0 && len != 192)
1556 return -1;
1557 return 192;
1558 }
1559
1560 /*
1561 * CAST-CBC
1562 */
1563 vchar_t *
eay_cast_encrypt(data,key,iv)1564 eay_cast_encrypt(data, key, iv)
1565 vchar_t *data, *key, *iv;
1566 {
1567 return evp_crypt(data, key, iv, EVP_cast5_cbc(), 1);
1568 }
1569
1570 vchar_t *
eay_cast_decrypt(data,key,iv)1571 eay_cast_decrypt(data, key, iv)
1572 vchar_t *data, *key, *iv;
1573 {
1574 return evp_crypt(data, key, iv, EVP_cast5_cbc(), 0);
1575 }
1576
1577 int
eay_cast_weakkey(key)1578 eay_cast_weakkey(key)
1579 vchar_t *key;
1580 {
1581 return 0; /* No known weak keys. */
1582 }
1583
1584 int
eay_cast_keylen(len)1585 eay_cast_keylen(len)
1586 int len;
1587 {
1588 if (len == 0)
1589 return 128;
1590 if (len < 40 || len > 128)
1591 return -1;
1592 return len;
1593 }
1594
1595 /*
1596 * AES(RIJNDAEL)-CBC
1597 */
1598 #ifndef HAVE_OPENSSL_AES_H
1599 vchar_t *
eay_aes_encrypt(data,key,iv)1600 eay_aes_encrypt(data, key, iv)
1601 vchar_t *data, *key, *iv;
1602 {
1603 vchar_t *res;
1604 keyInstance k;
1605 cipherInstance c;
1606
1607 memset(&k, 0, sizeof(k));
1608 if (rijndael_makeKey(&k, DIR_ENCRYPT, key->l << 3, key->v) < 0)
1609 return NULL;
1610
1611 /* allocate buffer for result */
1612 if ((res = vmalloc(data->l)) == NULL)
1613 return NULL;
1614
1615 /* encryption data */
1616 memset(&c, 0, sizeof(c));
1617 if (rijndael_cipherInit(&c, MODE_CBC, iv->v) < 0){
1618 vfree(res);
1619 return NULL;
1620 }
1621 if (rijndael_blockEncrypt(&c, &k, data->v, data->l << 3, res->v) < 0){
1622 vfree(res);
1623 return NULL;
1624 }
1625
1626 return res;
1627 }
1628
1629 vchar_t *
eay_aes_decrypt(data,key,iv)1630 eay_aes_decrypt(data, key, iv)
1631 vchar_t *data, *key, *iv;
1632 {
1633 vchar_t *res;
1634 keyInstance k;
1635 cipherInstance c;
1636
1637 memset(&k, 0, sizeof(k));
1638 if (rijndael_makeKey(&k, DIR_DECRYPT, key->l << 3, key->v) < 0)
1639 return NULL;
1640
1641 /* allocate buffer for result */
1642 if ((res = vmalloc(data->l)) == NULL)
1643 return NULL;
1644
1645 /* decryption data */
1646 memset(&c, 0, sizeof(c));
1647 if (rijndael_cipherInit(&c, MODE_CBC, iv->v) < 0){
1648 vfree(res);
1649 return NULL;
1650 }
1651 if (rijndael_blockDecrypt(&c, &k, data->v, data->l << 3, res->v) < 0){
1652 vfree(res);
1653 return NULL;
1654 }
1655
1656 return res;
1657 }
1658 #else
1659 static inline const EVP_CIPHER *
aes_evp_by_keylen(int keylen)1660 aes_evp_by_keylen(int keylen)
1661 {
1662 switch(keylen) {
1663 case 16:
1664 case 128:
1665 return EVP_aes_128_cbc();
1666 case 24:
1667 case 192:
1668 return EVP_aes_192_cbc();
1669 case 32:
1670 case 256:
1671 return EVP_aes_256_cbc();
1672 default:
1673 return NULL;
1674 }
1675 }
1676
1677 vchar_t *
eay_aes_encrypt(data,key,iv)1678 eay_aes_encrypt(data, key, iv)
1679 vchar_t *data, *key, *iv;
1680 {
1681 return evp_crypt(data, key, iv, aes_evp_by_keylen(key->l), 1);
1682 }
1683
1684 vchar_t *
eay_aes_decrypt(data,key,iv)1685 eay_aes_decrypt(data, key, iv)
1686 vchar_t *data, *key, *iv;
1687 {
1688 return evp_crypt(data, key, iv, aes_evp_by_keylen(key->l), 0);
1689 }
1690 #endif
1691
1692 int
eay_aes_weakkey(key)1693 eay_aes_weakkey(key)
1694 vchar_t *key;
1695 {
1696 return 0;
1697 }
1698
1699 int
eay_aes_keylen(len)1700 eay_aes_keylen(len)
1701 int len;
1702 {
1703 if (len == 0)
1704 return 128;
1705 if (len != 128 && len != 192 && len != 256)
1706 return -1;
1707 return len;
1708 }
1709
1710 #if defined(HAVE_OPENSSL_CAMELLIA_H)
1711 /*
1712 * CAMELLIA-CBC
1713 */
1714 static inline const EVP_CIPHER *
camellia_evp_by_keylen(int keylen)1715 camellia_evp_by_keylen(int keylen)
1716 {
1717 switch(keylen) {
1718 case 16:
1719 case 128:
1720 return EVP_camellia_128_cbc();
1721 case 24:
1722 case 192:
1723 return EVP_camellia_192_cbc();
1724 case 32:
1725 case 256:
1726 return EVP_camellia_256_cbc();
1727 default:
1728 return NULL;
1729 }
1730 }
1731
1732 vchar_t *
eay_camellia_encrypt(data,key,iv)1733 eay_camellia_encrypt(data, key, iv)
1734 vchar_t *data, *key, *iv;
1735 {
1736 return evp_crypt(data, key, iv, camellia_evp_by_keylen(key->l), 1);
1737 }
1738
1739 vchar_t *
eay_camellia_decrypt(data,key,iv)1740 eay_camellia_decrypt(data, key, iv)
1741 vchar_t *data, *key, *iv;
1742 {
1743 return evp_crypt(data, key, iv, camellia_evp_by_keylen(key->l), 0);
1744 }
1745
1746 int
eay_camellia_weakkey(key)1747 eay_camellia_weakkey(key)
1748 vchar_t *key;
1749 {
1750 return 0;
1751 }
1752
1753 int
eay_camellia_keylen(len)1754 eay_camellia_keylen(len)
1755 int len;
1756 {
1757 if (len == 0)
1758 return 128;
1759 if (len != 128 && len != 192 && len != 256)
1760 return -1;
1761 return len;
1762 }
1763
1764 #endif
1765
1766 /* for ipsec part */
1767 int
eay_null_hashlen()1768 eay_null_hashlen()
1769 {
1770 return 0;
1771 }
1772
1773 int
eay_kpdk_hashlen()1774 eay_kpdk_hashlen()
1775 {
1776 return 0;
1777 }
1778
1779 int
eay_twofish_keylen(len)1780 eay_twofish_keylen(len)
1781 int len;
1782 {
1783 if (len < 0 || len > 256)
1784 return -1;
1785 return len;
1786 }
1787
1788 int
eay_null_keylen(len)1789 eay_null_keylen(len)
1790 int len;
1791 {
1792 return 0;
1793 }
1794
1795 /*
1796 * HMAC functions
1797 */
1798 static caddr_t
eay_hmac_init(key,md)1799 eay_hmac_init(key, md)
1800 vchar_t *key;
1801 const EVP_MD *md;
1802 {
1803 HMAC_CTX *c = racoon_malloc(sizeof(*c));
1804
1805 HMAC_Init(c, key->v, key->l, md);
1806
1807 return (caddr_t)c;
1808 }
1809
1810 #ifdef WITH_SHA2
1811 /*
1812 * HMAC SHA2-512
1813 */
1814 vchar_t *
eay_hmacsha2_512_one(key,data)1815 eay_hmacsha2_512_one(key, data)
1816 vchar_t *key, *data;
1817 {
1818 vchar_t *res;
1819 caddr_t ctx;
1820
1821 ctx = eay_hmacsha2_512_init(key);
1822 eay_hmacsha2_512_update(ctx, data);
1823 res = eay_hmacsha2_512_final(ctx);
1824
1825 return(res);
1826 }
1827
1828 caddr_t
eay_hmacsha2_512_init(key)1829 eay_hmacsha2_512_init(key)
1830 vchar_t *key;
1831 {
1832 return eay_hmac_init(key, EVP_sha2_512());
1833 }
1834
1835 void
eay_hmacsha2_512_update(c,data)1836 eay_hmacsha2_512_update(c, data)
1837 caddr_t c;
1838 vchar_t *data;
1839 {
1840 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
1841 }
1842
1843 vchar_t *
eay_hmacsha2_512_final(c)1844 eay_hmacsha2_512_final(c)
1845 caddr_t c;
1846 {
1847 vchar_t *res;
1848 unsigned int l;
1849
1850 if ((res = vmalloc(SHA512_DIGEST_LENGTH)) == 0)
1851 return NULL;
1852
1853 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
1854 res->l = l;
1855 HMAC_cleanup((HMAC_CTX *)c);
1856 (void)racoon_free(c);
1857
1858 if (SHA512_DIGEST_LENGTH != res->l) {
1859 plog(LLV_ERROR, LOCATION, NULL,
1860 "hmac sha2_512 length mismatch %zd.\n", res->l);
1861 vfree(res);
1862 return NULL;
1863 }
1864
1865 return(res);
1866 }
1867
1868 /*
1869 * HMAC SHA2-384
1870 */
1871 vchar_t *
eay_hmacsha2_384_one(key,data)1872 eay_hmacsha2_384_one(key, data)
1873 vchar_t *key, *data;
1874 {
1875 vchar_t *res;
1876 caddr_t ctx;
1877
1878 ctx = eay_hmacsha2_384_init(key);
1879 eay_hmacsha2_384_update(ctx, data);
1880 res = eay_hmacsha2_384_final(ctx);
1881
1882 return(res);
1883 }
1884
1885 caddr_t
eay_hmacsha2_384_init(key)1886 eay_hmacsha2_384_init(key)
1887 vchar_t *key;
1888 {
1889 return eay_hmac_init(key, EVP_sha2_384());
1890 }
1891
1892 void
eay_hmacsha2_384_update(c,data)1893 eay_hmacsha2_384_update(c, data)
1894 caddr_t c;
1895 vchar_t *data;
1896 {
1897 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
1898 }
1899
1900 vchar_t *
eay_hmacsha2_384_final(c)1901 eay_hmacsha2_384_final(c)
1902 caddr_t c;
1903 {
1904 vchar_t *res;
1905 unsigned int l;
1906
1907 if ((res = vmalloc(SHA384_DIGEST_LENGTH)) == 0)
1908 return NULL;
1909
1910 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
1911 res->l = l;
1912 HMAC_cleanup((HMAC_CTX *)c);
1913 (void)racoon_free(c);
1914
1915 if (SHA384_DIGEST_LENGTH != res->l) {
1916 plog(LLV_ERROR, LOCATION, NULL,
1917 "hmac sha2_384 length mismatch %zd.\n", res->l);
1918 vfree(res);
1919 return NULL;
1920 }
1921
1922 return(res);
1923 }
1924
1925 /*
1926 * HMAC SHA2-256
1927 */
1928 vchar_t *
eay_hmacsha2_256_one(key,data)1929 eay_hmacsha2_256_one(key, data)
1930 vchar_t *key, *data;
1931 {
1932 vchar_t *res;
1933 caddr_t ctx;
1934
1935 ctx = eay_hmacsha2_256_init(key);
1936 eay_hmacsha2_256_update(ctx, data);
1937 res = eay_hmacsha2_256_final(ctx);
1938
1939 return(res);
1940 }
1941
1942 caddr_t
eay_hmacsha2_256_init(key)1943 eay_hmacsha2_256_init(key)
1944 vchar_t *key;
1945 {
1946 return eay_hmac_init(key, EVP_sha2_256());
1947 }
1948
1949 void
eay_hmacsha2_256_update(c,data)1950 eay_hmacsha2_256_update(c, data)
1951 caddr_t c;
1952 vchar_t *data;
1953 {
1954 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
1955 }
1956
1957 vchar_t *
eay_hmacsha2_256_final(c)1958 eay_hmacsha2_256_final(c)
1959 caddr_t c;
1960 {
1961 vchar_t *res;
1962 unsigned int l;
1963
1964 if ((res = vmalloc(SHA256_DIGEST_LENGTH)) == 0)
1965 return NULL;
1966
1967 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
1968 res->l = l;
1969 HMAC_cleanup((HMAC_CTX *)c);
1970 (void)racoon_free(c);
1971
1972 if (SHA256_DIGEST_LENGTH != res->l) {
1973 plog(LLV_ERROR, LOCATION, NULL,
1974 "hmac sha2_256 length mismatch %zd.\n", res->l);
1975 vfree(res);
1976 return NULL;
1977 }
1978
1979 return(res);
1980 }
1981 #endif /* WITH_SHA2 */
1982
1983 /*
1984 * HMAC SHA1
1985 */
1986 vchar_t *
eay_hmacsha1_one(key,data)1987 eay_hmacsha1_one(key, data)
1988 vchar_t *key, *data;
1989 {
1990 vchar_t *res;
1991 caddr_t ctx;
1992
1993 ctx = eay_hmacsha1_init(key);
1994 eay_hmacsha1_update(ctx, data);
1995 res = eay_hmacsha1_final(ctx);
1996
1997 return(res);
1998 }
1999
2000 caddr_t
eay_hmacsha1_init(key)2001 eay_hmacsha1_init(key)
2002 vchar_t *key;
2003 {
2004 return eay_hmac_init(key, EVP_sha1());
2005 }
2006
2007 void
eay_hmacsha1_update(c,data)2008 eay_hmacsha1_update(c, data)
2009 caddr_t c;
2010 vchar_t *data;
2011 {
2012 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
2013 }
2014
2015 vchar_t *
eay_hmacsha1_final(c)2016 eay_hmacsha1_final(c)
2017 caddr_t c;
2018 {
2019 vchar_t *res;
2020 unsigned int l;
2021
2022 if ((res = vmalloc(SHA_DIGEST_LENGTH)) == 0)
2023 return NULL;
2024
2025 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
2026 res->l = l;
2027 HMAC_cleanup((HMAC_CTX *)c);
2028 (void)racoon_free(c);
2029
2030 if (SHA_DIGEST_LENGTH != res->l) {
2031 plog(LLV_ERROR, LOCATION, NULL,
2032 "hmac sha1 length mismatch %zd.\n", res->l);
2033 vfree(res);
2034 return NULL;
2035 }
2036
2037 return(res);
2038 }
2039
2040 /*
2041 * HMAC MD5
2042 */
2043 vchar_t *
eay_hmacmd5_one(key,data)2044 eay_hmacmd5_one(key, data)
2045 vchar_t *key, *data;
2046 {
2047 vchar_t *res;
2048 caddr_t ctx;
2049
2050 ctx = eay_hmacmd5_init(key);
2051 eay_hmacmd5_update(ctx, data);
2052 res = eay_hmacmd5_final(ctx);
2053
2054 return(res);
2055 }
2056
2057 caddr_t
eay_hmacmd5_init(key)2058 eay_hmacmd5_init(key)
2059 vchar_t *key;
2060 {
2061 return eay_hmac_init(key, EVP_md5());
2062 }
2063
2064 void
eay_hmacmd5_update(c,data)2065 eay_hmacmd5_update(c, data)
2066 caddr_t c;
2067 vchar_t *data;
2068 {
2069 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
2070 }
2071
2072 vchar_t *
eay_hmacmd5_final(c)2073 eay_hmacmd5_final(c)
2074 caddr_t c;
2075 {
2076 vchar_t *res;
2077 unsigned int l;
2078
2079 if ((res = vmalloc(MD5_DIGEST_LENGTH)) == 0)
2080 return NULL;
2081
2082 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
2083 res->l = l;
2084 HMAC_cleanup((HMAC_CTX *)c);
2085 (void)racoon_free(c);
2086
2087 if (MD5_DIGEST_LENGTH != res->l) {
2088 plog(LLV_ERROR, LOCATION, NULL,
2089 "hmac md5 length mismatch %zd.\n", res->l);
2090 vfree(res);
2091 return NULL;
2092 }
2093
2094 return(res);
2095 }
2096
2097 #ifdef WITH_SHA2
2098 /*
2099 * SHA2-512 functions
2100 */
2101 caddr_t
eay_sha2_512_init()2102 eay_sha2_512_init()
2103 {
2104 SHA512_CTX *c = racoon_malloc(sizeof(*c));
2105
2106 SHA512_Init(c);
2107
2108 return((caddr_t)c);
2109 }
2110
2111 void
eay_sha2_512_update(c,data)2112 eay_sha2_512_update(c, data)
2113 caddr_t c;
2114 vchar_t *data;
2115 {
2116 SHA512_Update((SHA512_CTX *)c, (unsigned char *) data->v, data->l);
2117
2118 return;
2119 }
2120
2121 vchar_t *
eay_sha2_512_final(c)2122 eay_sha2_512_final(c)
2123 caddr_t c;
2124 {
2125 vchar_t *res;
2126
2127 if ((res = vmalloc(SHA512_DIGEST_LENGTH)) == 0)
2128 return(0);
2129
2130 SHA512_Final((unsigned char *) res->v, (SHA512_CTX *)c);
2131 (void)racoon_free(c);
2132
2133 return(res);
2134 }
2135
2136 vchar_t *
eay_sha2_512_one(data)2137 eay_sha2_512_one(data)
2138 vchar_t *data;
2139 {
2140 caddr_t ctx;
2141 vchar_t *res;
2142
2143 ctx = eay_sha2_512_init();
2144 eay_sha2_512_update(ctx, data);
2145 res = eay_sha2_512_final(ctx);
2146
2147 return(res);
2148 }
2149
2150 int
eay_sha2_512_hashlen()2151 eay_sha2_512_hashlen()
2152 {
2153 return SHA512_DIGEST_LENGTH << 3;
2154 }
2155 #endif
2156
2157 #ifdef WITH_SHA2
2158 /*
2159 * SHA2-384 functions
2160 */
2161 caddr_t
eay_sha2_384_init()2162 eay_sha2_384_init()
2163 {
2164 SHA384_CTX *c = racoon_malloc(sizeof(*c));
2165
2166 SHA384_Init(c);
2167
2168 return((caddr_t)c);
2169 }
2170
2171 void
eay_sha2_384_update(c,data)2172 eay_sha2_384_update(c, data)
2173 caddr_t c;
2174 vchar_t *data;
2175 {
2176 SHA384_Update((SHA384_CTX *)c, (unsigned char *) data->v, data->l);
2177
2178 return;
2179 }
2180
2181 vchar_t *
eay_sha2_384_final(c)2182 eay_sha2_384_final(c)
2183 caddr_t c;
2184 {
2185 vchar_t *res;
2186
2187 if ((res = vmalloc(SHA384_DIGEST_LENGTH)) == 0)
2188 return(0);
2189
2190 SHA384_Final((unsigned char *) res->v, (SHA384_CTX *)c);
2191 (void)racoon_free(c);
2192
2193 return(res);
2194 }
2195
2196 vchar_t *
eay_sha2_384_one(data)2197 eay_sha2_384_one(data)
2198 vchar_t *data;
2199 {
2200 caddr_t ctx;
2201 vchar_t *res;
2202
2203 ctx = eay_sha2_384_init();
2204 eay_sha2_384_update(ctx, data);
2205 res = eay_sha2_384_final(ctx);
2206
2207 return(res);
2208 }
2209
2210 int
eay_sha2_384_hashlen()2211 eay_sha2_384_hashlen()
2212 {
2213 return SHA384_DIGEST_LENGTH << 3;
2214 }
2215 #endif
2216
2217 #ifdef WITH_SHA2
2218 /*
2219 * SHA2-256 functions
2220 */
2221 caddr_t
eay_sha2_256_init()2222 eay_sha2_256_init()
2223 {
2224 SHA256_CTX *c = racoon_malloc(sizeof(*c));
2225
2226 SHA256_Init(c);
2227
2228 return((caddr_t)c);
2229 }
2230
2231 void
eay_sha2_256_update(c,data)2232 eay_sha2_256_update(c, data)
2233 caddr_t c;
2234 vchar_t *data;
2235 {
2236 SHA256_Update((SHA256_CTX *)c, (unsigned char *) data->v, data->l);
2237
2238 return;
2239 }
2240
2241 vchar_t *
eay_sha2_256_final(c)2242 eay_sha2_256_final(c)
2243 caddr_t c;
2244 {
2245 vchar_t *res;
2246
2247 if ((res = vmalloc(SHA256_DIGEST_LENGTH)) == 0)
2248 return(0);
2249
2250 SHA256_Final((unsigned char *) res->v, (SHA256_CTX *)c);
2251 (void)racoon_free(c);
2252
2253 return(res);
2254 }
2255
2256 vchar_t *
eay_sha2_256_one(data)2257 eay_sha2_256_one(data)
2258 vchar_t *data;
2259 {
2260 caddr_t ctx;
2261 vchar_t *res;
2262
2263 ctx = eay_sha2_256_init();
2264 eay_sha2_256_update(ctx, data);
2265 res = eay_sha2_256_final(ctx);
2266
2267 return(res);
2268 }
2269
2270 int
eay_sha2_256_hashlen()2271 eay_sha2_256_hashlen()
2272 {
2273 return SHA256_DIGEST_LENGTH << 3;
2274 }
2275 #endif
2276
2277 /*
2278 * SHA functions
2279 */
2280 caddr_t
eay_sha1_init()2281 eay_sha1_init()
2282 {
2283 SHA_CTX *c = racoon_malloc(sizeof(*c));
2284
2285 SHA1_Init(c);
2286
2287 return((caddr_t)c);
2288 }
2289
2290 void
eay_sha1_update(c,data)2291 eay_sha1_update(c, data)
2292 caddr_t c;
2293 vchar_t *data;
2294 {
2295 SHA1_Update((SHA_CTX *)c, data->v, data->l);
2296
2297 return;
2298 }
2299
2300 vchar_t *
eay_sha1_final(c)2301 eay_sha1_final(c)
2302 caddr_t c;
2303 {
2304 vchar_t *res;
2305
2306 if ((res = vmalloc(SHA_DIGEST_LENGTH)) == 0)
2307 return(0);
2308
2309 SHA1_Final((unsigned char *) res->v, (SHA_CTX *)c);
2310 (void)racoon_free(c);
2311
2312 return(res);
2313 }
2314
2315 vchar_t *
eay_sha1_one(data)2316 eay_sha1_one(data)
2317 vchar_t *data;
2318 {
2319 caddr_t ctx;
2320 vchar_t *res;
2321
2322 ctx = eay_sha1_init();
2323 eay_sha1_update(ctx, data);
2324 res = eay_sha1_final(ctx);
2325
2326 return(res);
2327 }
2328
2329 int
eay_sha1_hashlen()2330 eay_sha1_hashlen()
2331 {
2332 return SHA_DIGEST_LENGTH << 3;
2333 }
2334
2335 /*
2336 * MD5 functions
2337 */
2338 caddr_t
eay_md5_init()2339 eay_md5_init()
2340 {
2341 MD5_CTX *c = racoon_malloc(sizeof(*c));
2342
2343 MD5_Init(c);
2344
2345 return((caddr_t)c);
2346 }
2347
2348 void
eay_md5_update(c,data)2349 eay_md5_update(c, data)
2350 caddr_t c;
2351 vchar_t *data;
2352 {
2353 MD5_Update((MD5_CTX *)c, data->v, data->l);
2354
2355 return;
2356 }
2357
2358 vchar_t *
eay_md5_final(c)2359 eay_md5_final(c)
2360 caddr_t c;
2361 {
2362 vchar_t *res;
2363
2364 if ((res = vmalloc(MD5_DIGEST_LENGTH)) == 0)
2365 return(0);
2366
2367 MD5_Final((unsigned char *) res->v, (MD5_CTX *)c);
2368 (void)racoon_free(c);
2369
2370 return(res);
2371 }
2372
2373 vchar_t *
eay_md5_one(data)2374 eay_md5_one(data)
2375 vchar_t *data;
2376 {
2377 caddr_t ctx;
2378 vchar_t *res;
2379
2380 ctx = eay_md5_init();
2381 eay_md5_update(ctx, data);
2382 res = eay_md5_final(ctx);
2383
2384 return(res);
2385 }
2386
2387 int
eay_md5_hashlen()2388 eay_md5_hashlen()
2389 {
2390 return MD5_DIGEST_LENGTH << 3;
2391 }
2392
2393 /*
2394 * eay_set_random
2395 * size: number of bytes.
2396 */
2397 vchar_t *
eay_set_random(size)2398 eay_set_random(size)
2399 u_int32_t size;
2400 {
2401 BIGNUM *r = NULL;
2402 vchar_t *res = 0;
2403
2404 if ((r = BN_new()) == NULL)
2405 goto end;
2406 BN_rand(r, size * 8, 0, 0);
2407 eay_bn2v(&res, r);
2408
2409 end:
2410 if (r)
2411 BN_free(r);
2412 return(res);
2413 }
2414
2415 /* DH */
2416 int
eay_dh_generate(prime,g,publen,pub,priv)2417 eay_dh_generate(prime, g, publen, pub, priv)
2418 vchar_t *prime, **pub, **priv;
2419 u_int publen;
2420 u_int32_t g;
2421 {
2422 BIGNUM *p = NULL;
2423 DH *dh = NULL;
2424 int error = -1;
2425
2426 /* initialize */
2427 /* pre-process to generate number */
2428 if (eay_v2bn(&p, prime) < 0)
2429 goto end;
2430
2431 if ((dh = DH_new()) == NULL)
2432 goto end;
2433 dh->p = p;
2434 p = NULL; /* p is now part of dh structure */
2435 dh->g = NULL;
2436 if ((dh->g = BN_new()) == NULL)
2437 goto end;
2438 if (!BN_set_word(dh->g, g))
2439 goto end;
2440
2441 if (publen != 0)
2442 dh->length = publen;
2443
2444 /* generate public and private number */
2445 if (!DH_generate_key(dh))
2446 goto end;
2447
2448 /* copy results to buffers */
2449 if (eay_bn2v(pub, dh->pub_key) < 0)
2450 goto end;
2451 if (eay_bn2v(priv, dh->priv_key) < 0) {
2452 vfree(*pub);
2453 goto end;
2454 }
2455
2456 error = 0;
2457
2458 end:
2459 if (dh != NULL)
2460 DH_free(dh);
2461 if (p != 0)
2462 BN_free(p);
2463 return(error);
2464 }
2465
2466 int
eay_dh_compute(prime,g,pub,priv,pub2,key)2467 eay_dh_compute(prime, g, pub, priv, pub2, key)
2468 vchar_t *prime, *pub, *priv, *pub2, **key;
2469 u_int32_t g;
2470 {
2471 BIGNUM *dh_pub = NULL;
2472 DH *dh = NULL;
2473 int l;
2474 unsigned char *v = NULL;
2475 int error = -1;
2476
2477 /* make public number to compute */
2478 if (eay_v2bn(&dh_pub, pub2) < 0)
2479 goto end;
2480
2481 /* make DH structure */
2482 if ((dh = DH_new()) == NULL)
2483 goto end;
2484 if (eay_v2bn(&dh->p, prime) < 0)
2485 goto end;
2486 if (eay_v2bn(&dh->pub_key, pub) < 0)
2487 goto end;
2488 if (eay_v2bn(&dh->priv_key, priv) < 0)
2489 goto end;
2490 dh->length = pub2->l * 8;
2491
2492 dh->g = NULL;
2493 if ((dh->g = BN_new()) == NULL)
2494 goto end;
2495 if (!BN_set_word(dh->g, g))
2496 goto end;
2497
2498 if ((v = racoon_calloc(prime->l, sizeof(u_char))) == NULL)
2499 goto end;
2500 if ((l = DH_compute_key(v, dh_pub, dh)) == -1)
2501 goto end;
2502 memcpy((*key)->v + (prime->l - l), v, l);
2503
2504 error = 0;
2505
2506 end:
2507 if (dh_pub != NULL)
2508 BN_free(dh_pub);
2509 if (dh != NULL)
2510 DH_free(dh);
2511 if (v != NULL)
2512 racoon_free(v);
2513 return(error);
2514 }
2515
2516 /*
2517 * convert vchar_t <-> BIGNUM.
2518 *
2519 * vchar_t: unit is u_char, network endian, most significant byte first.
2520 * BIGNUM: unit is BN_ULONG, each of BN_ULONG is in host endian,
2521 * least significant BN_ULONG must come first.
2522 *
2523 * hex value of "0x3ffe050104" is represented as follows:
2524 * vchar_t: 3f fe 05 01 04
2525 * BIGNUM (BN_ULONG = u_int8_t): 04 01 05 fe 3f
2526 * BIGNUM (BN_ULONG = u_int16_t): 0x0104 0xfe05 0x003f
2527 * BIGNUM (BN_ULONG = u_int32_t_t): 0xfe050104 0x0000003f
2528 */
2529 int
eay_v2bn(bn,var)2530 eay_v2bn(bn, var)
2531 BIGNUM **bn;
2532 vchar_t *var;
2533 {
2534 if ((*bn = BN_bin2bn((unsigned char *) var->v, var->l, NULL)) == NULL)
2535 return -1;
2536
2537 return 0;
2538 }
2539
2540 int
eay_bn2v(var,bn)2541 eay_bn2v(var, bn)
2542 vchar_t **var;
2543 BIGNUM *bn;
2544 {
2545 *var = vmalloc(bn->top * BN_BYTES);
2546 if (*var == NULL)
2547 return(-1);
2548
2549 (*var)->l = BN_bn2bin(bn, (unsigned char *) (*var)->v);
2550
2551 return 0;
2552 }
2553
2554 void
eay_init()2555 eay_init()
2556 {
2557 OpenSSL_add_all_algorithms();
2558 ERR_load_crypto_strings();
2559 #ifdef HAVE_OPENSSL_ENGINE_H
2560 ENGINE_load_builtin_engines();
2561 ENGINE_register_all_complete();
2562 #endif
2563 }
2564
2565 vchar_t *
base64_decode(char * in,long inlen)2566 base64_decode(char *in, long inlen)
2567 {
2568 BIO *bio=NULL, *b64=NULL;
2569 vchar_t *res = NULL;
2570 char *outb;
2571 long outlen;
2572
2573 outb = malloc(inlen * 2);
2574 if (outb == NULL)
2575 goto out;
2576 bio = BIO_new_mem_buf(in, inlen);
2577 b64 = BIO_new(BIO_f_base64());
2578 BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
2579 bio = BIO_push(b64, bio);
2580
2581 outlen = BIO_read(bio, outb, inlen * 2);
2582 if (outlen <= 0) {
2583 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
2584 goto out;
2585 }
2586
2587 res = vmalloc(outlen);
2588 if (!res)
2589 goto out;
2590
2591 memcpy(res->v, outb, outlen);
2592
2593 out:
2594 if (outb)
2595 free(outb);
2596 if (bio)
2597 BIO_free_all(bio);
2598
2599 return res;
2600 }
2601
2602 vchar_t *
base64_encode(char * in,long inlen)2603 base64_encode(char *in, long inlen)
2604 {
2605 BIO *bio=NULL, *b64=NULL;
2606 char *ptr;
2607 long plen = -1;
2608 vchar_t *res = NULL;
2609
2610 bio = BIO_new(BIO_s_mem());
2611 b64 = BIO_new(BIO_f_base64());
2612 BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
2613 bio = BIO_push(b64, bio);
2614
2615 BIO_write(bio, in, inlen);
2616 BIO_flush(bio);
2617
2618 plen = BIO_get_mem_data(bio, &ptr);
2619 res = vmalloc(plen+1);
2620 if (!res)
2621 goto out;
2622
2623 memcpy (res->v, ptr, plen);
2624 res->v[plen] = '\0';
2625
2626 out:
2627 if (bio)
2628 BIO_free_all(bio);
2629
2630 return res;
2631 }
2632
2633 static RSA *
binbuf_pubkey2rsa(vchar_t * binbuf)2634 binbuf_pubkey2rsa(vchar_t *binbuf)
2635 {
2636 BIGNUM *exp, *mod;
2637 RSA *rsa_pub = NULL;
2638
2639 if (binbuf->v[0] > binbuf->l - 1) {
2640 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: decoded string doesn't make sense.\n");
2641 goto out;
2642 }
2643
2644 exp = BN_bin2bn((unsigned char *) (binbuf->v + 1), binbuf->v[0], NULL);
2645 mod = BN_bin2bn((unsigned char *) (binbuf->v + binbuf->v[0] + 1),
2646 binbuf->l - binbuf->v[0] - 1, NULL);
2647 rsa_pub = RSA_new();
2648
2649 if (!exp || !mod || !rsa_pub) {
2650 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey parsing error: %s\n", eay_strerror());
2651 if (exp)
2652 BN_free(exp);
2653 if (mod)
2654 BN_free(exp);
2655 if (rsa_pub)
2656 RSA_free(rsa_pub);
2657 rsa_pub = NULL;
2658 goto out;
2659 }
2660
2661 rsa_pub->n = mod;
2662 rsa_pub->e = exp;
2663
2664 out:
2665 return rsa_pub;
2666 }
2667
2668 RSA *
base64_pubkey2rsa(char * in)2669 base64_pubkey2rsa(char *in)
2670 {
2671 BIGNUM *exp, *mod;
2672 RSA *rsa_pub = NULL;
2673 vchar_t *binbuf;
2674
2675 if (strncmp(in, "0s", 2) != 0) {
2676 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: doesn't start with '0s'\n");
2677 return NULL;
2678 }
2679
2680 binbuf = base64_decode(in + 2, strlen(in + 2));
2681 if (!binbuf) {
2682 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: Base64 decoding failed.\n");
2683 return NULL;
2684 }
2685
2686 if (binbuf->v[0] > binbuf->l - 1) {
2687 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: decoded string doesn't make sense.\n");
2688 goto out;
2689 }
2690
2691 rsa_pub = binbuf_pubkey2rsa(binbuf);
2692
2693 out:
2694 if (binbuf)
2695 vfree(binbuf);
2696
2697 return rsa_pub;
2698 }
2699
2700 RSA *
bignum_pubkey2rsa(BIGNUM * in)2701 bignum_pubkey2rsa(BIGNUM *in)
2702 {
2703 RSA *rsa_pub = NULL;
2704 vchar_t *binbuf;
2705
2706 binbuf = vmalloc(BN_num_bytes(in));
2707 if (!binbuf) {
2708 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey conversion: memory allocation failed..\n");
2709 return NULL;
2710 }
2711
2712 BN_bn2bin(in, (unsigned char *) binbuf->v);
2713
2714 rsa_pub = binbuf_pubkey2rsa(binbuf);
2715
2716 out:
2717 if (binbuf)
2718 vfree(binbuf);
2719
2720 return rsa_pub;
2721 }
2722
2723 u_int32_t
eay_random()2724 eay_random()
2725 {
2726 u_int32_t result;
2727 vchar_t *vrand;
2728
2729 vrand = eay_set_random(sizeof(result));
2730 memcpy(&result, vrand->v, sizeof(result));
2731 vfree(vrand);
2732
2733 return result;
2734 }
2735
2736 const char *
eay_version()2737 eay_version()
2738 {
2739 return SSLeay_version(SSLEAY_VERSION);
2740 }
2741