1 /* $NetBSD: crypto_openssl.c,v 1.20 2010/10/20 13:40:02 tteras Exp $ */
2
3 /* Id: crypto_openssl.c,v 1.47 2006/05/06 20:42:09 manubsd Exp */
4
5 /*
6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the project nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "config.h"
35
36 #include <sys/types.h>
37 #include <sys/param.h>
38
39 #include <stdlib.h>
40 #include <stdio.h>
41 #include <limits.h>
42 #include <string.h>
43
44 /* get openssl/ssleay version number */
45 #include <openssl/opensslv.h>
46
47 #if !defined(OPENSSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x0090602fL)
48 #error OpenSSL version 0.9.6 or later required.
49 #endif
50
51 #include <openssl/pem.h>
52 #include <openssl/evp.h>
53 #include <openssl/x509.h>
54 #include <openssl/x509v3.h>
55 #include <openssl/x509_vfy.h>
56 #include <openssl/bn.h>
57 #include <openssl/dh.h>
58 #include <openssl/md5.h>
59 #include <openssl/sha.h>
60 #include <openssl/hmac.h>
61 #include <openssl/des.h>
62 #include <openssl/crypto.h>
63 #ifdef HAVE_OPENSSL_ENGINE_H
64 #include <openssl/engine.h>
65 #endif
66 #ifndef ANDROID_CHANGES
67 #include <openssl/blowfish.h>
68 #include <openssl/cast.h>
69 #else
70 #define EVP_bf_cbc() NULL
71 #define EVP_cast5_cbc() NULL
72 #endif
73 #include <openssl/err.h>
74 #ifdef HAVE_OPENSSL_RC5_H
75 #include <openssl/rc5.h>
76 #endif
77 #ifdef HAVE_OPENSSL_IDEA_H
78 #include <openssl/idea.h>
79 #endif
80 #if defined(HAVE_OPENSSL_AES_H)
81 #include <openssl/aes.h>
82 #elif defined(HAVE_OPENSSL_RIJNDAEL_H)
83 #include <openssl/rijndael.h>
84 #else
85 #include "crypto/rijndael/rijndael-api-fst.h"
86 #endif
87 #if defined(HAVE_OPENSSL_CAMELLIA_H)
88 #include <openssl/camellia.h>
89 #endif
90 #ifdef WITH_SHA2
91 #ifdef HAVE_OPENSSL_SHA2_H
92 #include <openssl/sha2.h>
93 #else
94 #include "crypto/sha2/sha2.h"
95 #endif
96 #endif
97 #include "plog.h"
98
99 /* 0.9.7 stuff? */
100 #if OPENSSL_VERSION_NUMBER < 0x0090700fL
101 typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES;
102 #else
103 #define USE_NEW_DES_API
104 #endif
105
106 #define OpenSSL_BUG() do { plog(LLV_ERROR, LOCATION, NULL, "OpenSSL function failed\n"); } while(0)
107
108 #include "var.h"
109 #include "misc.h"
110 #include "vmbuf.h"
111 #include "plog.h"
112 #include "crypto_openssl.h"
113 #include "debug.h"
114 #include "gcmalloc.h"
115 #include "isakmp.h"
116
117 /*
118 * I hate to cast every parameter to des_xx into void *, but it is
119 * necessary for SSLeay/OpenSSL portability. It sucks.
120 */
121
122 static int cb_check_cert_local __P((int, X509_STORE_CTX *));
123 static int cb_check_cert_remote __P((int, X509_STORE_CTX *));
124 static X509 *mem2x509 __P((vchar_t *));
125
126 static caddr_t eay_hmac_init __P((vchar_t *, const EVP_MD *));
127
128 /* X509 Certificate */
129 /*
130 * convert the string of the subject name into DER
131 * e.g. str = "C=JP, ST=Kanagawa";
132 */
133 vchar_t *
eay_str2asn1dn(str,len)134 eay_str2asn1dn(str, len)
135 const char *str;
136 int len;
137 {
138 X509_NAME *name;
139 char *buf, *dst;
140 char *field, *value;
141 int i;
142 vchar_t *ret = NULL;
143 caddr_t p;
144
145 if (len == -1)
146 len = strlen(str);
147
148 buf = racoon_malloc(len + 1);
149 if (!buf) {
150 plog(LLV_WARNING, LOCATION, NULL,"failed to allocate buffer\n");
151 return NULL;
152 }
153 memcpy(buf, str, len);
154
155 name = X509_NAME_new();
156
157 dst = field = &buf[0];
158 value = NULL;
159 for (i = 0; i < len; i++) {
160 if (buf[i] == '\\') {
161 /* Escape characters specified in RFC 2253 */
162 if (i < len - 1 &&
163 strchr("\\,=+<>#;", buf[i+1]) != NULL) {
164 *dst++ = buf[++i];
165 continue;
166 } else if (i < len - 2) {
167 /* RFC 2253 hexpair character escape */
168 long u;
169 char esc_str[3];
170 char *endptr;
171
172 esc_str[0] = buf[++i];
173 esc_str[1] = buf[++i];
174 esc_str[2] = '\0';
175 u = strtol(esc_str, &endptr, 16);
176 if (*endptr != '\0' || u < 0 || u > 255)
177 goto err;
178 *dst++ = u;
179 continue;
180 } else
181 goto err;
182 }
183 if (!value && buf[i] == '=') {
184 *dst = '\0';
185 dst = value = &buf[i + 1];
186 continue;
187 } else if (buf[i] == ',' || buf[i] == '/') {
188 *dst = '\0';
189
190 plog(LLV_DEBUG, LOCATION, NULL, "DN: %s=%s\n",
191 field, value);
192
193 if (!value) goto err;
194 if (!X509_NAME_add_entry_by_txt(name, field,
195 (value[0] == '*' && value[1] == 0) ?
196 V_ASN1_PRINTABLESTRING : MBSTRING_ASC,
197 (unsigned char *) value, -1, -1, 0)) {
198 plog(LLV_ERROR, LOCATION, NULL,
199 "Invalid DN field: %s=%s\n",
200 field, value);
201 plog(LLV_ERROR, LOCATION, NULL,
202 "%s\n", eay_strerror());
203 goto err;
204 }
205
206 while (i + 1 < len && buf[i + 1] == ' ') i++;
207 dst = field = &buf[i + 1];
208 value = NULL;
209 continue;
210 } else {
211 *dst++ = buf[i];
212 }
213 }
214 *dst = '\0';
215
216 plog(LLV_DEBUG, LOCATION, NULL, "DN: %s=%s\n",
217 field, value);
218
219 if (!value) goto err;
220 if (!X509_NAME_add_entry_by_txt(name, field,
221 (value[0] == '*' && value[1] == 0) ?
222 V_ASN1_PRINTABLESTRING : MBSTRING_ASC,
223 (unsigned char *) value, -1, -1, 0)) {
224 plog(LLV_ERROR, LOCATION, NULL,
225 "Invalid DN field: %s=%s\n",
226 field, value);
227 plog(LLV_ERROR, LOCATION, NULL,
228 "%s\n", eay_strerror());
229 goto err;
230 }
231
232 i = i2d_X509_NAME(name, NULL);
233 if (!i)
234 goto err;
235 ret = vmalloc(i);
236 if (!ret)
237 goto err;
238 p = ret->v;
239 i = i2d_X509_NAME(name, (void *)&p);
240 if (!i)
241 goto err;
242
243 return ret;
244
245 err:
246 if (buf)
247 racoon_free(buf);
248 if (name)
249 X509_NAME_free(name);
250 if (ret)
251 vfree(ret);
252 return NULL;
253 }
254
255 /*
256 * convert the hex string of the subject name into DER
257 */
258 vchar_t *
eay_hex2asn1dn(const char * hex,int len)259 eay_hex2asn1dn(const char *hex, int len)
260 {
261 BIGNUM *bn = BN_new();
262 char *binbuf;
263 size_t binlen;
264 vchar_t *ret = NULL;
265
266 if (len == -1)
267 len = strlen(hex);
268
269 if (BN_hex2bn(&bn, hex) != len) {
270 plog(LLV_ERROR, LOCATION, NULL,
271 "conversion of Hex-encoded ASN1 string to binary failed: %s\n",
272 eay_strerror());
273 goto out;
274 }
275
276 binlen = BN_num_bytes(bn);
277 ret = vmalloc(binlen);
278 if (!ret) {
279 plog(LLV_WARNING, LOCATION, NULL,"failed to allocate buffer\n");
280 return NULL;
281 }
282 binbuf = ret->v;
283
284 BN_bn2bin(bn, (unsigned char *) binbuf);
285
286 out:
287 BN_free(bn);
288
289 return ret;
290 }
291
292 /*
293 * The following are derived from code in crypto/x509/x509_cmp.c
294 * in OpenSSL0.9.7c:
295 * X509_NAME_wildcmp() adds wildcard matching to the original
296 * X509_NAME_cmp(), nocase_cmp() and nocase_spacenorm_cmp() are as is.
297 */
298 #include <ctype.h>
299 /* Case insensitive string comparision */
nocase_cmp(const ASN1_STRING * a,const ASN1_STRING * b)300 static int nocase_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
301 {
302 int i;
303
304 if (a->length != b->length)
305 return (a->length - b->length);
306
307 for (i=0; i<a->length; i++)
308 {
309 int ca, cb;
310
311 ca = tolower(a->data[i]);
312 cb = tolower(b->data[i]);
313
314 if (ca != cb)
315 return(ca-cb);
316 }
317 return 0;
318 }
319
320 /* Case insensitive string comparision with space normalization
321 * Space normalization - ignore leading, trailing spaces,
322 * multiple spaces between characters are replaced by single space
323 */
nocase_spacenorm_cmp(const ASN1_STRING * a,const ASN1_STRING * b)324 static int nocase_spacenorm_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
325 {
326 unsigned char *pa = NULL, *pb = NULL;
327 int la, lb;
328
329 la = a->length;
330 lb = b->length;
331 pa = a->data;
332 pb = b->data;
333
334 /* skip leading spaces */
335 while (la > 0 && isspace(*pa))
336 {
337 la--;
338 pa++;
339 }
340 while (lb > 0 && isspace(*pb))
341 {
342 lb--;
343 pb++;
344 }
345
346 /* skip trailing spaces */
347 while (la > 0 && isspace(pa[la-1]))
348 la--;
349 while (lb > 0 && isspace(pb[lb-1]))
350 lb--;
351
352 /* compare strings with space normalization */
353 while (la > 0 && lb > 0)
354 {
355 int ca, cb;
356
357 /* compare character */
358 ca = tolower(*pa);
359 cb = tolower(*pb);
360 if (ca != cb)
361 return (ca - cb);
362
363 pa++; pb++;
364 la--; lb--;
365
366 if (la <= 0 || lb <= 0)
367 break;
368
369 /* is white space next character ? */
370 if (isspace(*pa) && isspace(*pb))
371 {
372 /* skip remaining white spaces */
373 while (la > 0 && isspace(*pa))
374 {
375 la--;
376 pa++;
377 }
378 while (lb > 0 && isspace(*pb))
379 {
380 lb--;
381 pb++;
382 }
383 }
384 }
385 if (la > 0 || lb > 0)
386 return la - lb;
387
388 return 0;
389 }
390
X509_NAME_wildcmp(const X509_NAME * a,const X509_NAME * b)391 static int X509_NAME_wildcmp(const X509_NAME *a, const X509_NAME *b)
392 {
393 int i,j;
394 X509_NAME_ENTRY *na,*nb;
395
396 if (sk_X509_NAME_ENTRY_num(a->entries)
397 != sk_X509_NAME_ENTRY_num(b->entries))
398 return sk_X509_NAME_ENTRY_num(a->entries)
399 -sk_X509_NAME_ENTRY_num(b->entries);
400 for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
401 {
402 na=sk_X509_NAME_ENTRY_value(a->entries,i);
403 nb=sk_X509_NAME_ENTRY_value(b->entries,i);
404 j=OBJ_cmp(na->object,nb->object);
405 if (j) return(j);
406 if ((na->value->length == 1 && na->value->data[0] == '*')
407 || (nb->value->length == 1 && nb->value->data[0] == '*'))
408 continue;
409 j=na->value->type-nb->value->type;
410 if (j) return(j);
411 if (na->value->type == V_ASN1_PRINTABLESTRING)
412 j=nocase_spacenorm_cmp(na->value, nb->value);
413 else if (na->value->type == V_ASN1_IA5STRING
414 && OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress)
415 j=nocase_cmp(na->value, nb->value);
416 else
417 {
418 j=na->value->length-nb->value->length;
419 if (j) return(j);
420 j=memcmp(na->value->data,nb->value->data,
421 na->value->length);
422 }
423 if (j) return(j);
424 j=na->set-nb->set;
425 if (j) return(j);
426 }
427
428 return(0);
429 }
430
431 /*
432 * compare two subjectNames.
433 * OUT: 0: equal
434 * positive:
435 * -1: other error.
436 */
437 int
eay_cmp_asn1dn(n1,n2)438 eay_cmp_asn1dn(n1, n2)
439 vchar_t *n1, *n2;
440 {
441 X509_NAME *a = NULL, *b = NULL;
442 caddr_t p;
443 int i = -1;
444
445 p = n1->v;
446 if (!d2i_X509_NAME(&a, (void *)&p, n1->l))
447 goto end;
448 p = n2->v;
449 if (!d2i_X509_NAME(&b, (void *)&p, n2->l))
450 goto end;
451
452 i = X509_NAME_wildcmp(a, b);
453
454 end:
455 if (a)
456 X509_NAME_free(a);
457 if (b)
458 X509_NAME_free(b);
459 return i;
460 }
461
462 #ifdef ANDROID_CHANGES
463
BIO_from_android(char * path)464 static BIO *BIO_from_android(char *path)
465 {
466 void *data;
467 if (sscanf(path, pname, &data) == 1) {
468 return BIO_new_mem_buf(data, -1);
469 }
470 return NULL;
471 }
472
473 #endif
474
475 /*
476 * this functions is derived from apps/verify.c in OpenSSL0.9.5
477 */
478 int
eay_check_x509cert(cert,CApath,CAfile,local)479 eay_check_x509cert(cert, CApath, CAfile, local)
480 vchar_t *cert;
481 char *CApath;
482 char *CAfile;
483 int local;
484 {
485 X509_STORE *cert_ctx = NULL;
486 X509_LOOKUP *lookup = NULL;
487 X509 *x509 = NULL;
488 X509_STORE_CTX *csc;
489 int error = -1;
490
491 cert_ctx = X509_STORE_new();
492 if (cert_ctx == NULL)
493 goto end;
494
495 if (local)
496 X509_STORE_set_verify_cb_func(cert_ctx, cb_check_cert_local);
497 else
498 X509_STORE_set_verify_cb_func(cert_ctx, cb_check_cert_remote);
499
500 #ifdef ANDROID_CHANGES
501 if (pname) {
502 BIO *bio = BIO_from_android(CAfile);
503 STACK_OF(X509_INFO) *stack;
504 X509_INFO *info;
505 int i;
506
507 if (!bio) {
508 goto end;
509 }
510 stack = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL);
511 BIO_free(bio);
512 if (!stack) {
513 goto end;
514 }
515 for (i = 0; i < sk_X509_INFO_num(stack); ++i) {
516 info = sk_X509_INFO_value(stack, i);
517 if (info->x509) {
518 X509_STORE_add_cert(cert_ctx, info->x509);
519 }
520 if (info->crl) {
521 X509_STORE_add_crl(cert_ctx, info->crl);
522 }
523 }
524 sk_X509_INFO_pop_free(stack, X509_INFO_free);
525 } else {
526 #endif
527 lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file());
528 if (lookup == NULL)
529 goto end;
530
531 X509_LOOKUP_load_file(lookup, CAfile,
532 (CAfile == NULL) ? X509_FILETYPE_DEFAULT : X509_FILETYPE_PEM);
533
534 lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_hash_dir());
535 if (lookup == NULL)
536 goto end;
537 error = X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM);
538 if(!error) {
539 error = -1;
540 goto end;
541 }
542 error = -1; /* initialized */
543 #ifdef ANDROID_CHANGES
544 }
545 #endif
546
547 /* read the certificate to be verified */
548 x509 = mem2x509(cert);
549 if (x509 == NULL)
550 goto end;
551
552 csc = X509_STORE_CTX_new();
553 if (csc == NULL)
554 goto end;
555 X509_STORE_CTX_init(csc, cert_ctx, x509, NULL);
556 #if OPENSSL_VERSION_NUMBER >= 0x00907000L
557 X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CRL_CHECK);
558 X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CRL_CHECK_ALL);
559 #endif
560 error = X509_verify_cert(csc);
561 X509_STORE_CTX_free(csc);
562
563 /*
564 * if x509_verify_cert() is successful then the value of error is
565 * set non-zero.
566 */
567 error = error ? 0 : -1;
568
569 end:
570 if (error)
571 plog(LLV_WARNING, LOCATION, NULL,"%s\n", eay_strerror());
572 if (cert_ctx != NULL)
573 X509_STORE_free(cert_ctx);
574 if (x509 != NULL)
575 X509_free(x509);
576
577 return(error);
578 }
579
580 /*
581 * callback function for verifing certificate.
582 * this function is derived from cb() in openssl/apps/s_server.c
583 */
584 static int
cb_check_cert_local(ok,ctx)585 cb_check_cert_local(ok, ctx)
586 int ok;
587 X509_STORE_CTX *ctx;
588 {
589 char buf[256];
590 int log_tag;
591
592 if (!ok) {
593 X509_NAME_oneline(
594 X509_get_subject_name(ctx->current_cert),
595 buf,
596 256);
597 /*
598 * since we are just checking the certificates, it is
599 * ok if they are self signed. But we should still warn
600 * the user.
601 */
602 switch (ctx->error) {
603 case X509_V_ERR_CERT_HAS_EXPIRED:
604 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
605 case X509_V_ERR_INVALID_CA:
606 case X509_V_ERR_PATH_LENGTH_EXCEEDED:
607 case X509_V_ERR_INVALID_PURPOSE:
608 case X509_V_ERR_UNABLE_TO_GET_CRL:
609 ok = 1;
610 log_tag = LLV_WARNING;
611 break;
612 default:
613 log_tag = LLV_ERROR;
614 }
615 plog(log_tag, LOCATION, NULL,
616 "%s(%d) at depth:%d SubjectName:%s\n",
617 X509_verify_cert_error_string(ctx->error),
618 ctx->error,
619 ctx->error_depth,
620 buf);
621 }
622 ERR_clear_error();
623
624 return ok;
625 }
626
627 /*
628 * callback function for verifing remote certificates.
629 * this function is derived from cb() in openssl/apps/s_server.c
630 */
631 static int
cb_check_cert_remote(ok,ctx)632 cb_check_cert_remote(ok, ctx)
633 int ok;
634 X509_STORE_CTX *ctx;
635 {
636 char buf[256];
637 int log_tag;
638
639 if (!ok) {
640 X509_NAME_oneline(
641 X509_get_subject_name(ctx->current_cert),
642 buf,
643 256);
644 switch (ctx->error) {
645 case X509_V_ERR_UNABLE_TO_GET_CRL:
646 ok = 1;
647 log_tag = LLV_WARNING;
648 break;
649 default:
650 log_tag = LLV_ERROR;
651 }
652 plog(log_tag, LOCATION, NULL,
653 "%s(%d) at depth:%d SubjectName:%s\n",
654 X509_verify_cert_error_string(ctx->error),
655 ctx->error,
656 ctx->error_depth,
657 buf);
658 }
659 ERR_clear_error();
660
661 return ok;
662 }
663
664 /*
665 * get a subjectName from X509 certificate.
666 */
667 vchar_t *
eay_get_x509asn1subjectname(cert)668 eay_get_x509asn1subjectname(cert)
669 vchar_t *cert;
670 {
671 X509 *x509 = NULL;
672 u_char *bp;
673 vchar_t *name = NULL;
674 int len;
675
676 x509 = mem2x509(cert);
677 if (x509 == NULL)
678 goto error;
679
680 /* get the length of the name */
681 len = i2d_X509_NAME(x509->cert_info->subject, NULL);
682 name = vmalloc(len);
683 if (!name)
684 goto error;
685 /* get the name */
686 bp = (unsigned char *) name->v;
687 len = i2d_X509_NAME(x509->cert_info->subject, &bp);
688
689 X509_free(x509);
690
691 return name;
692
693 error:
694 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
695
696 if (name != NULL)
697 vfree(name);
698
699 if (x509 != NULL)
700 X509_free(x509);
701
702 return NULL;
703 }
704
705 /*
706 * get the subjectAltName from X509 certificate.
707 * the name must be terminated by '\0'.
708 */
709 int
eay_get_x509subjectaltname(cert,altname,type,pos)710 eay_get_x509subjectaltname(cert, altname, type, pos)
711 vchar_t *cert;
712 char **altname;
713 int *type;
714 int pos;
715 {
716 X509 *x509 = NULL;
717 GENERAL_NAMES *gens = NULL;
718 GENERAL_NAME *gen;
719 int len;
720 int error = -1;
721
722 *altname = NULL;
723 *type = GENT_OTHERNAME;
724
725 x509 = mem2x509(cert);
726 if (x509 == NULL)
727 goto end;
728
729 gens = X509_get_ext_d2i(x509, NID_subject_alt_name, NULL, NULL);
730 if (gens == NULL)
731 goto end;
732
733 /* there is no data at "pos" */
734 if (pos > sk_GENERAL_NAME_num(gens))
735 goto end;
736
737 gen = sk_GENERAL_NAME_value(gens, pos - 1);
738
739 /* read DNSName / Email */
740 if (gen->type == GEN_DNS ||
741 gen->type == GEN_EMAIL ||
742 gen->type == GEN_URI )
743 {
744 /* make sure if the data is terminated by '\0'. */
745 if (gen->d.ia5->data[gen->d.ia5->length] != '\0')
746 {
747 plog(LLV_ERROR, LOCATION, NULL,
748 "data is not terminated by NUL.");
749 racoon_hexdump(gen->d.ia5->data, gen->d.ia5->length + 1);
750 goto end;
751 }
752
753 len = gen->d.ia5->length + 1;
754 *altname = racoon_malloc(len);
755 if (!*altname)
756 goto end;
757
758 strlcpy(*altname, (char *) gen->d.ia5->data, len);
759 *type = gen->type;
760 error = 0;
761 }
762 /* read IP address */
763 else if (gen->type == GEN_IPADD)
764 {
765 unsigned char p[5], *ip;
766 ip = p;
767
768 /* only support IPv4 */
769 if (gen->d.ip->length != 4)
770 goto end;
771
772 /* convert Octet String to String
773 * XXX ???????
774 */
775 /*i2d_ASN1_OCTET_STRING(gen->d.ip,&ip);*/
776 ip = gen->d.ip->data;
777
778 /* XXX Magic, enough for an IPv4 address
779 */
780 *altname = racoon_malloc(20);
781 if (!*altname)
782 goto end;
783
784 sprintf(*altname, "%u.%u.%u.%u", ip[0], ip[1], ip[2], ip[3]);
785 *type = gen->type;
786 error = 0;
787 }
788 /* XXX other possible types ?
789 * For now, error will be -1 if unsupported type
790 */
791
792 end:
793 if (error) {
794 if (*altname) {
795 racoon_free(*altname);
796 *altname = NULL;
797 }
798 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
799 }
800 if (x509)
801 X509_free(x509);
802 if (gens)
803 /* free the whole stack. */
804 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
805
806 return error;
807 }
808
809 /*
810 * get a issuerName from X509 certificate.
811 */
812 vchar_t *
eay_get_x509asn1issuername(cert)813 eay_get_x509asn1issuername(cert)
814 vchar_t *cert;
815 {
816 X509 *x509 = NULL;
817 u_char *bp;
818 vchar_t *name = NULL;
819 int len;
820
821 x509 = mem2x509(cert);
822 if (x509 == NULL)
823 goto error;
824
825 /* get the length of the name */
826 len = i2d_X509_NAME(x509->cert_info->issuer, NULL);
827 name = vmalloc(len);
828 if (name == NULL)
829 goto error;
830
831 /* get the name */
832 bp = (unsigned char *) name->v;
833 len = i2d_X509_NAME(x509->cert_info->issuer, &bp);
834
835 X509_free(x509);
836
837 return name;
838
839 error:
840 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
841
842 if (name != NULL)
843 vfree(name);
844 if (x509 != NULL)
845 X509_free(x509);
846
847 return NULL;
848 }
849
850 /*
851 * decode a X509 certificate and make a readable text terminated '\n'.
852 * return the buffer allocated, so must free it later.
853 */
854 char *
eay_get_x509text(cert)855 eay_get_x509text(cert)
856 vchar_t *cert;
857 {
858 X509 *x509 = NULL;
859 BIO *bio = NULL;
860 char *text = NULL;
861 u_char *bp = NULL;
862 int len = 0;
863 int error = -1;
864
865 x509 = mem2x509(cert);
866 if (x509 == NULL)
867 goto end;
868
869 bio = BIO_new(BIO_s_mem());
870 if (bio == NULL)
871 goto end;
872
873 error = X509_print(bio, x509);
874 if (error != 1) {
875 error = -1;
876 goto end;
877 }
878
879 len = BIO_get_mem_data(bio, &bp);
880 text = racoon_malloc(len + 1);
881 if (text == NULL)
882 goto end;
883 memcpy(text, bp, len);
884 text[len] = '\0';
885
886 error = 0;
887
888 end:
889 if (error) {
890 if (text) {
891 racoon_free(text);
892 text = NULL;
893 }
894 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
895 }
896 if (bio)
897 BIO_free(bio);
898 if (x509)
899 X509_free(x509);
900
901 return text;
902 }
903
904 /* get X509 structure from buffer. */
905 static X509 *
mem2x509(cert)906 mem2x509(cert)
907 vchar_t *cert;
908 {
909 X509 *x509;
910
911 #ifndef EAYDEBUG
912 {
913 u_char *bp;
914
915 bp = (unsigned char *) cert->v + 1;
916
917 x509 = d2i_X509(NULL, (void *)&bp, cert->l - 1);
918 }
919 #else
920 {
921 BIO *bio;
922 int len;
923
924 bio = BIO_new(BIO_s_mem());
925 if (bio == NULL)
926 return NULL;
927 len = BIO_write(bio, cert->v + 1, cert->l - 1);
928 if (len == -1)
929 return NULL;
930 x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
931 BIO_free(bio);
932 }
933 #endif
934 return x509;
935 }
936
937 /*
938 * get a X509 certificate from local file.
939 * a certificate must be PEM format.
940 * Input:
941 * path to a certificate.
942 * Output:
943 * NULL if error occured
944 * other is the cert.
945 */
946 vchar_t *
eay_get_x509cert(path)947 eay_get_x509cert(path)
948 char *path;
949 {
950 FILE *fp;
951 X509 *x509;
952 vchar_t *cert;
953 u_char *bp;
954 int len;
955 int error;
956
957 #ifdef ANDROID_CHANGES
958 if (pname) {
959 BIO *bio = BIO_from_android(path);
960 if (!bio) {
961 return NULL;
962 }
963 x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
964 BIO_free(bio);
965 } else {
966 #endif
967 /* Read private key */
968 fp = fopen(path, "r");
969 if (fp == NULL)
970 return NULL;
971 x509 = PEM_read_X509(fp, NULL, NULL, NULL);
972 fclose (fp);
973 #ifdef ANDROID_CHANGES
974 }
975 #endif
976
977 if (x509 == NULL)
978 return NULL;
979
980 len = i2d_X509(x509, NULL);
981 cert = vmalloc(len + 1);
982 if (cert == NULL) {
983 X509_free(x509);
984 return NULL;
985 }
986 cert->v[0] = ISAKMP_CERT_X509SIGN;
987 bp = (unsigned char *) &cert->v[1];
988 error = i2d_X509(x509, &bp);
989 X509_free(x509);
990
991 if (error == 0) {
992 vfree(cert);
993 return NULL;
994 }
995
996 return cert;
997 }
998
999 /*
1000 * check a X509 signature
1001 * XXX: to be get hash type from my cert ?
1002 * to be handled EVP_dss().
1003 * OUT: return -1 when error.
1004 * 0
1005 */
1006 int
eay_check_x509sign(source,sig,cert)1007 eay_check_x509sign(source, sig, cert)
1008 vchar_t *source;
1009 vchar_t *sig;
1010 vchar_t *cert;
1011 {
1012 X509 *x509;
1013 EVP_PKEY *evp;
1014 int res;
1015
1016 x509 = mem2x509(cert);
1017 if (x509 == NULL)
1018 return -1;
1019
1020 evp = X509_get_pubkey(x509);
1021 if (! evp) {
1022 plog(LLV_ERROR, LOCATION, NULL, "X509_get_pubkey(): %s\n", eay_strerror());
1023 X509_free(x509);
1024 return -1;
1025 }
1026
1027 res = eay_rsa_verify(source, sig, evp->pkey.rsa);
1028
1029 EVP_PKEY_free(evp);
1030 X509_free(x509);
1031
1032 return res;
1033 }
1034
1035 /*
1036 * check RSA signature
1037 * OUT: return -1 when error.
1038 * 0 on success
1039 */
1040 int
eay_check_rsasign(source,sig,rsa)1041 eay_check_rsasign(source, sig, rsa)
1042 vchar_t *source;
1043 vchar_t *sig;
1044 RSA *rsa;
1045 {
1046 return eay_rsa_verify(source, sig, rsa);
1047 }
1048
1049 /*
1050 * get PKCS#1 Private Key of PEM format from local file.
1051 */
1052 vchar_t *
eay_get_pkcs1privkey(path)1053 eay_get_pkcs1privkey(path)
1054 char *path;
1055 {
1056 FILE *fp;
1057 EVP_PKEY *evp = NULL;
1058 vchar_t *pkey = NULL;
1059 u_char *bp;
1060 int pkeylen;
1061 int error = -1;
1062
1063 #ifdef ANDROID_CHANGES
1064 if (pname) {
1065 BIO *bio = BIO_from_android(path);
1066 if (!bio) {
1067 return NULL;
1068 }
1069 evp = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL);
1070 BIO_free(bio);
1071 } else {
1072 #endif
1073 /* Read private key */
1074 fp = fopen(path, "r");
1075 if (fp == NULL)
1076 return NULL;
1077
1078 evp = PEM_read_PrivateKey(fp, NULL, NULL, NULL);
1079
1080 fclose (fp);
1081 #ifdef ANDROID_CHANGES
1082 }
1083 #endif
1084
1085 if (evp == NULL)
1086 return NULL;
1087
1088 pkeylen = i2d_PrivateKey(evp, NULL);
1089 if (pkeylen == 0)
1090 goto end;
1091 pkey = vmalloc(pkeylen);
1092 if (pkey == NULL)
1093 goto end;
1094 bp = (unsigned char *) pkey->v;
1095 pkeylen = i2d_PrivateKey(evp, &bp);
1096 if (pkeylen == 0)
1097 goto end;
1098
1099 error = 0;
1100
1101 end:
1102 if (evp != NULL)
1103 EVP_PKEY_free(evp);
1104 if (error != 0 && pkey != NULL) {
1105 vfree(pkey);
1106 pkey = NULL;
1107 }
1108
1109 return pkey;
1110 }
1111
1112 /*
1113 * get PKCS#1 Public Key of PEM format from local file.
1114 */
1115 vchar_t *
eay_get_pkcs1pubkey(path)1116 eay_get_pkcs1pubkey(path)
1117 char *path;
1118 {
1119 FILE *fp;
1120 EVP_PKEY *evp = NULL;
1121 vchar_t *pkey = NULL;
1122 X509 *x509 = NULL;
1123 u_char *bp;
1124 int pkeylen;
1125 int error = -1;
1126
1127 /* Read private key */
1128 fp = fopen(path, "r");
1129 if (fp == NULL)
1130 return NULL;
1131
1132 x509 = PEM_read_X509(fp, NULL, NULL, NULL);
1133
1134 fclose (fp);
1135
1136 if (x509 == NULL)
1137 return NULL;
1138
1139 /* Get public key - eay */
1140 evp = X509_get_pubkey(x509);
1141 if (evp == NULL)
1142 return NULL;
1143
1144 pkeylen = i2d_PublicKey(evp, NULL);
1145 if (pkeylen == 0)
1146 goto end;
1147 pkey = vmalloc(pkeylen);
1148 if (pkey == NULL)
1149 goto end;
1150 bp = (unsigned char *) pkey->v;
1151 pkeylen = i2d_PublicKey(evp, &bp);
1152 if (pkeylen == 0)
1153 goto end;
1154
1155 error = 0;
1156 end:
1157 if (evp != NULL)
1158 EVP_PKEY_free(evp);
1159 if (error != 0 && pkey != NULL) {
1160 vfree(pkey);
1161 pkey = NULL;
1162 }
1163
1164 return pkey;
1165 }
1166
1167 vchar_t *
eay_get_x509sign(src,privkey)1168 eay_get_x509sign(src, privkey)
1169 vchar_t *src, *privkey;
1170 {
1171 EVP_PKEY *evp;
1172 u_char *bp = (unsigned char *) privkey->v;
1173 vchar_t *sig = NULL;
1174 int len;
1175 int pad = RSA_PKCS1_PADDING;
1176
1177 /* XXX to be handled EVP_PKEY_DSA */
1178 evp = d2i_PrivateKey(EVP_PKEY_RSA, NULL, (void *)&bp, privkey->l);
1179 if (evp == NULL)
1180 return NULL;
1181
1182 sig = eay_rsa_sign(src, evp->pkey.rsa);
1183
1184 EVP_PKEY_free(evp);
1185
1186 return sig;
1187 }
1188
1189 vchar_t *
eay_get_rsasign(src,rsa)1190 eay_get_rsasign(src, rsa)
1191 vchar_t *src;
1192 RSA *rsa;
1193 {
1194 return eay_rsa_sign(src, rsa);
1195 }
1196
1197 vchar_t *
eay_rsa_sign(vchar_t * src,RSA * rsa)1198 eay_rsa_sign(vchar_t *src, RSA *rsa)
1199 {
1200 int len;
1201 vchar_t *sig = NULL;
1202 int pad = RSA_PKCS1_PADDING;
1203
1204 len = RSA_size(rsa);
1205
1206 sig = vmalloc(len);
1207 if (sig == NULL)
1208 return NULL;
1209
1210 len = RSA_private_encrypt(src->l, (unsigned char *) src->v,
1211 (unsigned char *) sig->v, rsa, pad);
1212
1213 if (len == 0 || len != sig->l) {
1214 vfree(sig);
1215 sig = NULL;
1216 }
1217
1218 return sig;
1219 }
1220
1221 int
eay_rsa_verify(src,sig,rsa)1222 eay_rsa_verify(src, sig, rsa)
1223 vchar_t *src, *sig;
1224 RSA *rsa;
1225 {
1226 vchar_t *xbuf = NULL;
1227 int pad = RSA_PKCS1_PADDING;
1228 int len = 0;
1229 int error;
1230
1231 len = RSA_size(rsa);
1232 xbuf = vmalloc(len);
1233 if (xbuf == NULL) {
1234 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
1235 return -1;
1236 }
1237
1238 len = RSA_public_decrypt(sig->l, (unsigned char *) sig->v,
1239 (unsigned char *) xbuf->v, rsa, pad);
1240 if (len == 0 || len != src->l) {
1241 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
1242 vfree(xbuf);
1243 return -1;
1244 }
1245
1246 error = memcmp(src->v, xbuf->v, src->l);
1247 vfree(xbuf);
1248 if (error != 0)
1249 return -1;
1250
1251 return 0;
1252 }
1253
1254 /*
1255 * get error string
1256 * MUST load ERR_load_crypto_strings() first.
1257 */
1258 char *
eay_strerror()1259 eay_strerror()
1260 {
1261 static char ebuf[512];
1262 int len = 0, n;
1263 unsigned long l;
1264 char buf[200];
1265 const char *file, *data;
1266 int line, flags;
1267 unsigned long es;
1268
1269 es = CRYPTO_thread_id();
1270
1271 while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0){
1272 n = snprintf(ebuf + len, sizeof(ebuf) - len,
1273 "%lu:%s:%s:%d:%s ",
1274 es, ERR_error_string(l, buf), file, line,
1275 (flags & ERR_TXT_STRING) ? data : "");
1276 if (n < 0 || n >= sizeof(ebuf) - len)
1277 break;
1278 len += n;
1279 if (sizeof(ebuf) < len)
1280 break;
1281 }
1282
1283 return ebuf;
1284 }
1285
1286 vchar_t *
evp_crypt(vchar_t * data,vchar_t * key,vchar_t * iv,const EVP_CIPHER * e,int enc)1287 evp_crypt(vchar_t *data, vchar_t *key, vchar_t *iv, const EVP_CIPHER *e, int enc)
1288 {
1289 vchar_t *res;
1290 EVP_CIPHER_CTX ctx;
1291
1292 if (!e)
1293 return NULL;
1294
1295 if (data->l % EVP_CIPHER_block_size(e))
1296 return NULL;
1297
1298 if ((res = vmalloc(data->l)) == NULL)
1299 return NULL;
1300
1301 EVP_CIPHER_CTX_init(&ctx);
1302
1303 switch(EVP_CIPHER_nid(e)){
1304 case NID_bf_cbc:
1305 case NID_bf_ecb:
1306 case NID_bf_cfb64:
1307 case NID_bf_ofb64:
1308 case NID_cast5_cbc:
1309 case NID_cast5_ecb:
1310 case NID_cast5_cfb64:
1311 case NID_cast5_ofb64:
1312 /* XXX: can we do that also for algos with a fixed key size ?
1313 */
1314 /* init context without key/iv
1315 */
1316 if (!EVP_CipherInit(&ctx, e, NULL, NULL, enc))
1317 {
1318 OpenSSL_BUG();
1319 vfree(res);
1320 return NULL;
1321 }
1322
1323 /* update key size
1324 */
1325 if (!EVP_CIPHER_CTX_set_key_length(&ctx, key->l))
1326 {
1327 OpenSSL_BUG();
1328 vfree(res);
1329 return NULL;
1330 }
1331
1332 /* finalize context init with desired key size
1333 */
1334 if (!EVP_CipherInit(&ctx, NULL, (u_char *) key->v,
1335 (u_char *) iv->v, enc))
1336 {
1337 OpenSSL_BUG();
1338 vfree(res);
1339 return NULL;
1340 }
1341 break;
1342 default:
1343 if (!EVP_CipherInit(&ctx, e, (u_char *) key->v,
1344 (u_char *) iv->v, enc)) {
1345 OpenSSL_BUG();
1346 vfree(res);
1347 return NULL;
1348 }
1349 }
1350
1351 /* disable openssl padding */
1352 EVP_CIPHER_CTX_set_padding(&ctx, 0);
1353
1354 if (!EVP_Cipher(&ctx, (u_char *) res->v, (u_char *) data->v, data->l)) {
1355 OpenSSL_BUG();
1356 vfree(res);
1357 return NULL;
1358 }
1359
1360 EVP_CIPHER_CTX_cleanup(&ctx);
1361
1362 return res;
1363 }
1364
1365 int
evp_weakkey(vchar_t * key,const EVP_CIPHER * e)1366 evp_weakkey(vchar_t *key, const EVP_CIPHER *e)
1367 {
1368 return 0;
1369 }
1370
1371 int
evp_keylen(int len,const EVP_CIPHER * e)1372 evp_keylen(int len, const EVP_CIPHER *e)
1373 {
1374 if (!e)
1375 return -1;
1376 /* EVP functions return lengths in bytes, ipsec-tools
1377 * uses lengths in bits, therefore conversion is required. --AK
1378 */
1379 if (len != 0 && len != (EVP_CIPHER_key_length(e) << 3))
1380 return -1;
1381
1382 return EVP_CIPHER_key_length(e) << 3;
1383 }
1384
1385 /*
1386 * DES-CBC
1387 */
1388 vchar_t *
eay_des_encrypt(data,key,iv)1389 eay_des_encrypt(data, key, iv)
1390 vchar_t *data, *key, *iv;
1391 {
1392 return evp_crypt(data, key, iv, EVP_des_cbc(), 1);
1393 }
1394
1395 vchar_t *
eay_des_decrypt(data,key,iv)1396 eay_des_decrypt(data, key, iv)
1397 vchar_t *data, *key, *iv;
1398 {
1399 return evp_crypt(data, key, iv, EVP_des_cbc(), 0);
1400 }
1401
1402 int
eay_des_weakkey(key)1403 eay_des_weakkey(key)
1404 vchar_t *key;
1405 {
1406 #ifdef USE_NEW_DES_API
1407 return DES_is_weak_key((void *)key->v);
1408 #else
1409 return des_is_weak_key((void *)key->v);
1410 #endif
1411 }
1412
1413 int
eay_des_keylen(len)1414 eay_des_keylen(len)
1415 int len;
1416 {
1417 return evp_keylen(len, EVP_des_cbc());
1418 }
1419
1420 #ifdef HAVE_OPENSSL_IDEA_H
1421 /*
1422 * IDEA-CBC
1423 */
1424 vchar_t *
eay_idea_encrypt(data,key,iv)1425 eay_idea_encrypt(data, key, iv)
1426 vchar_t *data, *key, *iv;
1427 {
1428 vchar_t *res;
1429 IDEA_KEY_SCHEDULE ks;
1430
1431 idea_set_encrypt_key((unsigned char *)key->v, &ks);
1432
1433 /* allocate buffer for result */
1434 if ((res = vmalloc(data->l)) == NULL)
1435 return NULL;
1436
1437 /* decryption data */
1438 idea_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l,
1439 &ks, (unsigned char *)iv->v, IDEA_ENCRYPT);
1440
1441 return res;
1442 }
1443
1444 vchar_t *
eay_idea_decrypt(data,key,iv)1445 eay_idea_decrypt(data, key, iv)
1446 vchar_t *data, *key, *iv;
1447 {
1448 vchar_t *res;
1449 IDEA_KEY_SCHEDULE ks, dks;
1450
1451 idea_set_encrypt_key((unsigned char *)key->v, &ks);
1452 idea_set_decrypt_key(&ks, &dks);
1453
1454 /* allocate buffer for result */
1455 if ((res = vmalloc(data->l)) == NULL)
1456 return NULL;
1457
1458 /* decryption data */
1459 idea_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l,
1460 &dks, (unsigned char *)iv->v, IDEA_DECRYPT);
1461
1462 return res;
1463 }
1464
1465 int
eay_idea_weakkey(key)1466 eay_idea_weakkey(key)
1467 vchar_t *key;
1468 {
1469 return 0; /* XXX */
1470 }
1471
1472 int
eay_idea_keylen(len)1473 eay_idea_keylen(len)
1474 int len;
1475 {
1476 if (len != 0 && len != 128)
1477 return -1;
1478 return 128;
1479 }
1480 #endif
1481
1482 /*
1483 * BLOWFISH-CBC
1484 */
1485 vchar_t *
eay_bf_encrypt(data,key,iv)1486 eay_bf_encrypt(data, key, iv)
1487 vchar_t *data, *key, *iv;
1488 {
1489 return evp_crypt(data, key, iv, EVP_bf_cbc(), 1);
1490 }
1491
1492 vchar_t *
eay_bf_decrypt(data,key,iv)1493 eay_bf_decrypt(data, key, iv)
1494 vchar_t *data, *key, *iv;
1495 {
1496 return evp_crypt(data, key, iv, EVP_bf_cbc(), 0);
1497 }
1498
1499 int
eay_bf_weakkey(key)1500 eay_bf_weakkey(key)
1501 vchar_t *key;
1502 {
1503 return 0; /* XXX to be done. refer to RFC 2451 */
1504 }
1505
1506 int
eay_bf_keylen(len)1507 eay_bf_keylen(len)
1508 int len;
1509 {
1510 if (len == 0)
1511 return 448;
1512 if (len < 40 || len > 448)
1513 return -1;
1514 return len;
1515 }
1516
1517 #ifdef HAVE_OPENSSL_RC5_H
1518 /*
1519 * RC5-CBC
1520 */
1521 vchar_t *
eay_rc5_encrypt(data,key,iv)1522 eay_rc5_encrypt(data, key, iv)
1523 vchar_t *data, *key, *iv;
1524 {
1525 vchar_t *res;
1526 RC5_32_KEY ks;
1527
1528 /* in RFC 2451, there is information about the number of round. */
1529 RC5_32_set_key(&ks, key->l, (unsigned char *)key->v, 16);
1530
1531 /* allocate buffer for result */
1532 if ((res = vmalloc(data->l)) == NULL)
1533 return NULL;
1534
1535 /* decryption data */
1536 RC5_32_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l,
1537 &ks, (unsigned char *)iv->v, RC5_ENCRYPT);
1538
1539 return res;
1540 }
1541
1542 vchar_t *
eay_rc5_decrypt(data,key,iv)1543 eay_rc5_decrypt(data, key, iv)
1544 vchar_t *data, *key, *iv;
1545 {
1546 vchar_t *res;
1547 RC5_32_KEY ks;
1548
1549 /* in RFC 2451, there is information about the number of round. */
1550 RC5_32_set_key(&ks, key->l, (unsigned char *)key->v, 16);
1551
1552 /* allocate buffer for result */
1553 if ((res = vmalloc(data->l)) == NULL)
1554 return NULL;
1555
1556 /* decryption data */
1557 RC5_32_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l,
1558 &ks, (unsigned char *)iv->v, RC5_DECRYPT);
1559
1560 return res;
1561 }
1562
1563 int
eay_rc5_weakkey(key)1564 eay_rc5_weakkey(key)
1565 vchar_t *key;
1566 {
1567 return 0; /* No known weak keys when used with 16 rounds. */
1568
1569 }
1570
1571 int
eay_rc5_keylen(len)1572 eay_rc5_keylen(len)
1573 int len;
1574 {
1575 if (len == 0)
1576 return 128;
1577 if (len < 40 || len > 2040)
1578 return -1;
1579 return len;
1580 }
1581 #endif
1582
1583 /*
1584 * 3DES-CBC
1585 */
1586 vchar_t *
eay_3des_encrypt(data,key,iv)1587 eay_3des_encrypt(data, key, iv)
1588 vchar_t *data, *key, *iv;
1589 {
1590 return evp_crypt(data, key, iv, EVP_des_ede3_cbc(), 1);
1591 }
1592
1593 vchar_t *
eay_3des_decrypt(data,key,iv)1594 eay_3des_decrypt(data, key, iv)
1595 vchar_t *data, *key, *iv;
1596 {
1597 return evp_crypt(data, key, iv, EVP_des_ede3_cbc(), 0);
1598 }
1599
1600 int
eay_3des_weakkey(key)1601 eay_3des_weakkey(key)
1602 vchar_t *key;
1603 {
1604 #ifdef USE_NEW_DES_API
1605 return (DES_is_weak_key((void *)key->v) ||
1606 DES_is_weak_key((void *)(key->v + 8)) ||
1607 DES_is_weak_key((void *)(key->v + 16)));
1608 #else
1609 if (key->l < 24)
1610 return 0;
1611
1612 return (des_is_weak_key((void *)key->v) ||
1613 des_is_weak_key((void *)(key->v + 8)) ||
1614 des_is_weak_key((void *)(key->v + 16)));
1615 #endif
1616 }
1617
1618 int
eay_3des_keylen(len)1619 eay_3des_keylen(len)
1620 int len;
1621 {
1622 if (len != 0 && len != 192)
1623 return -1;
1624 return 192;
1625 }
1626
1627 /*
1628 * CAST-CBC
1629 */
1630 vchar_t *
eay_cast_encrypt(data,key,iv)1631 eay_cast_encrypt(data, key, iv)
1632 vchar_t *data, *key, *iv;
1633 {
1634 return evp_crypt(data, key, iv, EVP_cast5_cbc(), 1);
1635 }
1636
1637 vchar_t *
eay_cast_decrypt(data,key,iv)1638 eay_cast_decrypt(data, key, iv)
1639 vchar_t *data, *key, *iv;
1640 {
1641 return evp_crypt(data, key, iv, EVP_cast5_cbc(), 0);
1642 }
1643
1644 int
eay_cast_weakkey(key)1645 eay_cast_weakkey(key)
1646 vchar_t *key;
1647 {
1648 return 0; /* No known weak keys. */
1649 }
1650
1651 int
eay_cast_keylen(len)1652 eay_cast_keylen(len)
1653 int len;
1654 {
1655 if (len == 0)
1656 return 128;
1657 if (len < 40 || len > 128)
1658 return -1;
1659 return len;
1660 }
1661
1662 /*
1663 * AES(RIJNDAEL)-CBC
1664 */
1665 #ifndef HAVE_OPENSSL_AES_H
1666 vchar_t *
eay_aes_encrypt(data,key,iv)1667 eay_aes_encrypt(data, key, iv)
1668 vchar_t *data, *key, *iv;
1669 {
1670 vchar_t *res;
1671 keyInstance k;
1672 cipherInstance c;
1673
1674 memset(&k, 0, sizeof(k));
1675 if (rijndael_makeKey(&k, DIR_ENCRYPT, key->l << 3, key->v) < 0)
1676 return NULL;
1677
1678 /* allocate buffer for result */
1679 if ((res = vmalloc(data->l)) == NULL)
1680 return NULL;
1681
1682 /* encryption data */
1683 memset(&c, 0, sizeof(c));
1684 if (rijndael_cipherInit(&c, MODE_CBC, iv->v) < 0){
1685 vfree(res);
1686 return NULL;
1687 }
1688 if (rijndael_blockEncrypt(&c, &k, data->v, data->l << 3, res->v) < 0){
1689 vfree(res);
1690 return NULL;
1691 }
1692
1693 return res;
1694 }
1695
1696 vchar_t *
eay_aes_decrypt(data,key,iv)1697 eay_aes_decrypt(data, key, iv)
1698 vchar_t *data, *key, *iv;
1699 {
1700 vchar_t *res;
1701 keyInstance k;
1702 cipherInstance c;
1703
1704 memset(&k, 0, sizeof(k));
1705 if (rijndael_makeKey(&k, DIR_DECRYPT, key->l << 3, key->v) < 0)
1706 return NULL;
1707
1708 /* allocate buffer for result */
1709 if ((res = vmalloc(data->l)) == NULL)
1710 return NULL;
1711
1712 /* decryption data */
1713 memset(&c, 0, sizeof(c));
1714 if (rijndael_cipherInit(&c, MODE_CBC, iv->v) < 0){
1715 vfree(res);
1716 return NULL;
1717 }
1718 if (rijndael_blockDecrypt(&c, &k, data->v, data->l << 3, res->v) < 0){
1719 vfree(res);
1720 return NULL;
1721 }
1722
1723 return res;
1724 }
1725 #else
1726 static inline const EVP_CIPHER *
aes_evp_by_keylen(int keylen)1727 aes_evp_by_keylen(int keylen)
1728 {
1729 switch(keylen) {
1730 case 16:
1731 case 128:
1732 return EVP_aes_128_cbc();
1733 case 24:
1734 case 192:
1735 return EVP_aes_192_cbc();
1736 case 32:
1737 case 256:
1738 return EVP_aes_256_cbc();
1739 default:
1740 return NULL;
1741 }
1742 }
1743
1744 vchar_t *
eay_aes_encrypt(data,key,iv)1745 eay_aes_encrypt(data, key, iv)
1746 vchar_t *data, *key, *iv;
1747 {
1748 return evp_crypt(data, key, iv, aes_evp_by_keylen(key->l), 1);
1749 }
1750
1751 vchar_t *
eay_aes_decrypt(data,key,iv)1752 eay_aes_decrypt(data, key, iv)
1753 vchar_t *data, *key, *iv;
1754 {
1755 return evp_crypt(data, key, iv, aes_evp_by_keylen(key->l), 0);
1756 }
1757 #endif
1758
1759 int
eay_aes_weakkey(key)1760 eay_aes_weakkey(key)
1761 vchar_t *key;
1762 {
1763 return 0;
1764 }
1765
1766 int
eay_aes_keylen(len)1767 eay_aes_keylen(len)
1768 int len;
1769 {
1770 if (len == 0)
1771 return 128;
1772 if (len != 128 && len != 192 && len != 256)
1773 return -1;
1774 return len;
1775 }
1776
1777 #if defined(HAVE_OPENSSL_CAMELLIA_H)
1778 /*
1779 * CAMELLIA-CBC
1780 */
1781 static inline const EVP_CIPHER *
camellia_evp_by_keylen(int keylen)1782 camellia_evp_by_keylen(int keylen)
1783 {
1784 switch(keylen) {
1785 case 16:
1786 case 128:
1787 return EVP_camellia_128_cbc();
1788 case 24:
1789 case 192:
1790 return EVP_camellia_192_cbc();
1791 case 32:
1792 case 256:
1793 return EVP_camellia_256_cbc();
1794 default:
1795 return NULL;
1796 }
1797 }
1798
1799 vchar_t *
eay_camellia_encrypt(data,key,iv)1800 eay_camellia_encrypt(data, key, iv)
1801 vchar_t *data, *key, *iv;
1802 {
1803 return evp_crypt(data, key, iv, camellia_evp_by_keylen(key->l), 1);
1804 }
1805
1806 vchar_t *
eay_camellia_decrypt(data,key,iv)1807 eay_camellia_decrypt(data, key, iv)
1808 vchar_t *data, *key, *iv;
1809 {
1810 return evp_crypt(data, key, iv, camellia_evp_by_keylen(key->l), 0);
1811 }
1812
1813 int
eay_camellia_weakkey(key)1814 eay_camellia_weakkey(key)
1815 vchar_t *key;
1816 {
1817 return 0;
1818 }
1819
1820 int
eay_camellia_keylen(len)1821 eay_camellia_keylen(len)
1822 int len;
1823 {
1824 if (len == 0)
1825 return 128;
1826 if (len != 128 && len != 192 && len != 256)
1827 return -1;
1828 return len;
1829 }
1830
1831 #endif
1832
1833 /* for ipsec part */
1834 int
eay_null_hashlen()1835 eay_null_hashlen()
1836 {
1837 return 0;
1838 }
1839
1840 int
eay_kpdk_hashlen()1841 eay_kpdk_hashlen()
1842 {
1843 return 0;
1844 }
1845
1846 int
eay_twofish_keylen(len)1847 eay_twofish_keylen(len)
1848 int len;
1849 {
1850 if (len < 0 || len > 256)
1851 return -1;
1852 return len;
1853 }
1854
1855 int
eay_null_keylen(len)1856 eay_null_keylen(len)
1857 int len;
1858 {
1859 return 0;
1860 }
1861
1862 /*
1863 * HMAC functions
1864 */
1865 static caddr_t
eay_hmac_init(key,md)1866 eay_hmac_init(key, md)
1867 vchar_t *key;
1868 const EVP_MD *md;
1869 {
1870 HMAC_CTX *c = racoon_malloc(sizeof(*c));
1871
1872 HMAC_Init(c, key->v, key->l, md);
1873
1874 return (caddr_t)c;
1875 }
1876
eay_hmac_one(key,data,type)1877 static vchar_t *eay_hmac_one(key, data, type)
1878 vchar_t *key, *data;
1879 const EVP_MD *type;
1880 {
1881 vchar_t *res;
1882
1883 if ((res = vmalloc(EVP_MD_size(type))) == 0)
1884 return NULL;
1885
1886 if (!HMAC(type, (void *) key->v, key->l,
1887 (void *) data->v, data->l, (void *) res->v, NULL)) {
1888 vfree(res);
1889 return NULL;
1890 }
1891
1892 return res;
1893 }
1894
eay_digest_one(data,type)1895 static vchar_t *eay_digest_one(data, type)
1896 vchar_t *data;
1897 const EVP_MD *type;
1898 {
1899 vchar_t *res;
1900
1901 if ((res = vmalloc(EVP_MD_size(type))) == 0)
1902 return NULL;
1903
1904 if (!EVP_Digest((void *) data->v, data->l,
1905 (void *) res->v, NULL, type, NULL)) {
1906 vfree(res);
1907 return NULL;
1908 }
1909
1910 return res;
1911 }
1912
1913 #ifdef WITH_SHA2
1914 /*
1915 * HMAC SHA2-512
1916 */
1917 vchar_t *
eay_hmacsha2_512_one(key,data)1918 eay_hmacsha2_512_one(key, data)
1919 vchar_t *key, *data;
1920 {
1921 return eay_hmac_one(key, data, EVP_sha2_512());
1922 }
1923
1924 caddr_t
eay_hmacsha2_512_init(key)1925 eay_hmacsha2_512_init(key)
1926 vchar_t *key;
1927 {
1928 return eay_hmac_init(key, EVP_sha2_512());
1929 }
1930
1931 void
eay_hmacsha2_512_update(c,data)1932 eay_hmacsha2_512_update(c, data)
1933 caddr_t c;
1934 vchar_t *data;
1935 {
1936 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
1937 }
1938
1939 vchar_t *
eay_hmacsha2_512_final(c)1940 eay_hmacsha2_512_final(c)
1941 caddr_t c;
1942 {
1943 vchar_t *res;
1944 unsigned int l;
1945
1946 if ((res = vmalloc(SHA512_DIGEST_LENGTH)) == 0)
1947 return NULL;
1948
1949 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
1950 res->l = l;
1951 HMAC_cleanup((HMAC_CTX *)c);
1952 (void)racoon_free(c);
1953
1954 if (SHA512_DIGEST_LENGTH != res->l) {
1955 plog(LLV_ERROR, LOCATION, NULL,
1956 "hmac sha2_512 length mismatch %zd.\n", res->l);
1957 vfree(res);
1958 return NULL;
1959 }
1960
1961 return(res);
1962 }
1963
1964 /*
1965 * HMAC SHA2-384
1966 */
1967 vchar_t *
eay_hmacsha2_384_one(key,data)1968 eay_hmacsha2_384_one(key, data)
1969 vchar_t *key, *data;
1970 {
1971 return eay_hmac_one(key, data, EVP_sha2_384());
1972 }
1973
1974 caddr_t
eay_hmacsha2_384_init(key)1975 eay_hmacsha2_384_init(key)
1976 vchar_t *key;
1977 {
1978 return eay_hmac_init(key, EVP_sha2_384());
1979 }
1980
1981 void
eay_hmacsha2_384_update(c,data)1982 eay_hmacsha2_384_update(c, data)
1983 caddr_t c;
1984 vchar_t *data;
1985 {
1986 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
1987 }
1988
1989 vchar_t *
eay_hmacsha2_384_final(c)1990 eay_hmacsha2_384_final(c)
1991 caddr_t c;
1992 {
1993 vchar_t *res;
1994 unsigned int l;
1995
1996 if ((res = vmalloc(SHA384_DIGEST_LENGTH)) == 0)
1997 return NULL;
1998
1999 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
2000 res->l = l;
2001 HMAC_cleanup((HMAC_CTX *)c);
2002 (void)racoon_free(c);
2003
2004 if (SHA384_DIGEST_LENGTH != res->l) {
2005 plog(LLV_ERROR, LOCATION, NULL,
2006 "hmac sha2_384 length mismatch %zd.\n", res->l);
2007 vfree(res);
2008 return NULL;
2009 }
2010
2011 return(res);
2012 }
2013
2014 /*
2015 * HMAC SHA2-256
2016 */
2017 vchar_t *
eay_hmacsha2_256_one(key,data)2018 eay_hmacsha2_256_one(key, data)
2019 vchar_t *key, *data;
2020 {
2021 return eay_hmac_one(key, data, EVP_sha2_256());
2022 }
2023
2024 caddr_t
eay_hmacsha2_256_init(key)2025 eay_hmacsha2_256_init(key)
2026 vchar_t *key;
2027 {
2028 return eay_hmac_init(key, EVP_sha2_256());
2029 }
2030
2031 void
eay_hmacsha2_256_update(c,data)2032 eay_hmacsha2_256_update(c, data)
2033 caddr_t c;
2034 vchar_t *data;
2035 {
2036 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
2037 }
2038
2039 vchar_t *
eay_hmacsha2_256_final(c)2040 eay_hmacsha2_256_final(c)
2041 caddr_t c;
2042 {
2043 vchar_t *res;
2044 unsigned int l;
2045
2046 if ((res = vmalloc(SHA256_DIGEST_LENGTH)) == 0)
2047 return NULL;
2048
2049 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
2050 res->l = l;
2051 HMAC_cleanup((HMAC_CTX *)c);
2052 (void)racoon_free(c);
2053
2054 if (SHA256_DIGEST_LENGTH != res->l) {
2055 plog(LLV_ERROR, LOCATION, NULL,
2056 "hmac sha2_256 length mismatch %zd.\n", res->l);
2057 vfree(res);
2058 return NULL;
2059 }
2060
2061 return(res);
2062 }
2063 #endif /* WITH_SHA2 */
2064
2065 /*
2066 * HMAC SHA1
2067 */
2068 vchar_t *
eay_hmacsha1_one(key,data)2069 eay_hmacsha1_one(key, data)
2070 vchar_t *key, *data;
2071 {
2072 return eay_hmac_one(key, data, EVP_sha1());
2073 }
2074
2075 caddr_t
eay_hmacsha1_init(key)2076 eay_hmacsha1_init(key)
2077 vchar_t *key;
2078 {
2079 return eay_hmac_init(key, EVP_sha1());
2080 }
2081
2082 void
eay_hmacsha1_update(c,data)2083 eay_hmacsha1_update(c, data)
2084 caddr_t c;
2085 vchar_t *data;
2086 {
2087 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
2088 }
2089
2090 vchar_t *
eay_hmacsha1_final(c)2091 eay_hmacsha1_final(c)
2092 caddr_t c;
2093 {
2094 vchar_t *res;
2095 unsigned int l;
2096
2097 if ((res = vmalloc(SHA_DIGEST_LENGTH)) == 0)
2098 return NULL;
2099
2100 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
2101 res->l = l;
2102 HMAC_cleanup((HMAC_CTX *)c);
2103 (void)racoon_free(c);
2104
2105 if (SHA_DIGEST_LENGTH != res->l) {
2106 plog(LLV_ERROR, LOCATION, NULL,
2107 "hmac sha1 length mismatch %zd.\n", res->l);
2108 vfree(res);
2109 return NULL;
2110 }
2111
2112 return(res);
2113 }
2114
2115 /*
2116 * HMAC MD5
2117 */
2118 vchar_t *
eay_hmacmd5_one(key,data)2119 eay_hmacmd5_one(key, data)
2120 vchar_t *key, *data;
2121 {
2122 return eay_hmac_one(key, data, EVP_md5());
2123 }
2124
2125 caddr_t
eay_hmacmd5_init(key)2126 eay_hmacmd5_init(key)
2127 vchar_t *key;
2128 {
2129 return eay_hmac_init(key, EVP_md5());
2130 }
2131
2132 void
eay_hmacmd5_update(c,data)2133 eay_hmacmd5_update(c, data)
2134 caddr_t c;
2135 vchar_t *data;
2136 {
2137 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
2138 }
2139
2140 vchar_t *
eay_hmacmd5_final(c)2141 eay_hmacmd5_final(c)
2142 caddr_t c;
2143 {
2144 vchar_t *res;
2145 unsigned int l;
2146
2147 if ((res = vmalloc(MD5_DIGEST_LENGTH)) == 0)
2148 return NULL;
2149
2150 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
2151 res->l = l;
2152 HMAC_cleanup((HMAC_CTX *)c);
2153 (void)racoon_free(c);
2154
2155 if (MD5_DIGEST_LENGTH != res->l) {
2156 plog(LLV_ERROR, LOCATION, NULL,
2157 "hmac md5 length mismatch %zd.\n", res->l);
2158 vfree(res);
2159 return NULL;
2160 }
2161
2162 return(res);
2163 }
2164
2165 #ifdef WITH_SHA2
2166 /*
2167 * SHA2-512 functions
2168 */
2169 caddr_t
eay_sha2_512_init()2170 eay_sha2_512_init()
2171 {
2172 SHA512_CTX *c = racoon_malloc(sizeof(*c));
2173
2174 SHA512_Init(c);
2175
2176 return((caddr_t)c);
2177 }
2178
2179 void
eay_sha2_512_update(c,data)2180 eay_sha2_512_update(c, data)
2181 caddr_t c;
2182 vchar_t *data;
2183 {
2184 SHA512_Update((SHA512_CTX *)c, (unsigned char *) data->v, data->l);
2185
2186 return;
2187 }
2188
2189 vchar_t *
eay_sha2_512_final(c)2190 eay_sha2_512_final(c)
2191 caddr_t c;
2192 {
2193 vchar_t *res;
2194
2195 if ((res = vmalloc(SHA512_DIGEST_LENGTH)) == 0)
2196 return(0);
2197
2198 SHA512_Final((unsigned char *) res->v, (SHA512_CTX *)c);
2199 (void)racoon_free(c);
2200
2201 return(res);
2202 }
2203
2204 vchar_t *
eay_sha2_512_one(data)2205 eay_sha2_512_one(data)
2206 vchar_t *data;
2207 {
2208 return eay_digest_one(data, EVP_sha512());
2209 }
2210
2211 int
eay_sha2_512_hashlen()2212 eay_sha2_512_hashlen()
2213 {
2214 return SHA512_DIGEST_LENGTH << 3;
2215 }
2216 #endif
2217
2218 #ifdef WITH_SHA2
2219 /*
2220 * SHA2-384 functions
2221 */
2222 caddr_t
eay_sha2_384_init()2223 eay_sha2_384_init()
2224 {
2225 SHA384_CTX *c = racoon_malloc(sizeof(*c));
2226
2227 SHA384_Init(c);
2228
2229 return((caddr_t)c);
2230 }
2231
2232 void
eay_sha2_384_update(c,data)2233 eay_sha2_384_update(c, data)
2234 caddr_t c;
2235 vchar_t *data;
2236 {
2237 SHA384_Update((SHA384_CTX *)c, (unsigned char *) data->v, data->l);
2238
2239 return;
2240 }
2241
2242 vchar_t *
eay_sha2_384_final(c)2243 eay_sha2_384_final(c)
2244 caddr_t c;
2245 {
2246 vchar_t *res;
2247
2248 if ((res = vmalloc(SHA384_DIGEST_LENGTH)) == 0)
2249 return(0);
2250
2251 SHA384_Final((unsigned char *) res->v, (SHA384_CTX *)c);
2252 (void)racoon_free(c);
2253
2254 return(res);
2255 }
2256
2257 vchar_t *
eay_sha2_384_one(data)2258 eay_sha2_384_one(data)
2259 vchar_t *data;
2260 {
2261 return eay_digest_one(data, EVP_sha2_384());
2262 }
2263
2264 int
eay_sha2_384_hashlen()2265 eay_sha2_384_hashlen()
2266 {
2267 return SHA384_DIGEST_LENGTH << 3;
2268 }
2269 #endif
2270
2271 #ifdef WITH_SHA2
2272 /*
2273 * SHA2-256 functions
2274 */
2275 caddr_t
eay_sha2_256_init()2276 eay_sha2_256_init()
2277 {
2278 SHA256_CTX *c = racoon_malloc(sizeof(*c));
2279
2280 SHA256_Init(c);
2281
2282 return((caddr_t)c);
2283 }
2284
2285 void
eay_sha2_256_update(c,data)2286 eay_sha2_256_update(c, data)
2287 caddr_t c;
2288 vchar_t *data;
2289 {
2290 SHA256_Update((SHA256_CTX *)c, (unsigned char *) data->v, data->l);
2291
2292 return;
2293 }
2294
2295 vchar_t *
eay_sha2_256_final(c)2296 eay_sha2_256_final(c)
2297 caddr_t c;
2298 {
2299 vchar_t *res;
2300
2301 if ((res = vmalloc(SHA256_DIGEST_LENGTH)) == 0)
2302 return(0);
2303
2304 SHA256_Final((unsigned char *) res->v, (SHA256_CTX *)c);
2305 (void)racoon_free(c);
2306
2307 return(res);
2308 }
2309
2310 vchar_t *
eay_sha2_256_one(data)2311 eay_sha2_256_one(data)
2312 vchar_t *data;
2313 {
2314 return eay_digest_one(data, EVP_sha2_256());
2315 }
2316
2317 int
eay_sha2_256_hashlen()2318 eay_sha2_256_hashlen()
2319 {
2320 return SHA256_DIGEST_LENGTH << 3;
2321 }
2322 #endif
2323
2324 /*
2325 * SHA functions
2326 */
2327 caddr_t
eay_sha1_init()2328 eay_sha1_init()
2329 {
2330 SHA_CTX *c = racoon_malloc(sizeof(*c));
2331
2332 SHA1_Init(c);
2333
2334 return((caddr_t)c);
2335 }
2336
2337 void
eay_sha1_update(c,data)2338 eay_sha1_update(c, data)
2339 caddr_t c;
2340 vchar_t *data;
2341 {
2342 SHA1_Update((SHA_CTX *)c, data->v, data->l);
2343
2344 return;
2345 }
2346
2347 vchar_t *
eay_sha1_final(c)2348 eay_sha1_final(c)
2349 caddr_t c;
2350 {
2351 vchar_t *res;
2352
2353 if ((res = vmalloc(SHA_DIGEST_LENGTH)) == 0)
2354 return(0);
2355
2356 SHA1_Final((unsigned char *) res->v, (SHA_CTX *)c);
2357 (void)racoon_free(c);
2358
2359 return(res);
2360 }
2361
2362 vchar_t *
eay_sha1_one(data)2363 eay_sha1_one(data)
2364 vchar_t *data;
2365 {
2366 return eay_digest_one(data, EVP_sha1());
2367 }
2368
2369 int
eay_sha1_hashlen()2370 eay_sha1_hashlen()
2371 {
2372 return SHA_DIGEST_LENGTH << 3;
2373 }
2374
2375 /*
2376 * MD5 functions
2377 */
2378 caddr_t
eay_md5_init()2379 eay_md5_init()
2380 {
2381 MD5_CTX *c = racoon_malloc(sizeof(*c));
2382
2383 MD5_Init(c);
2384
2385 return((caddr_t)c);
2386 }
2387
2388 void
eay_md5_update(c,data)2389 eay_md5_update(c, data)
2390 caddr_t c;
2391 vchar_t *data;
2392 {
2393 MD5_Update((MD5_CTX *)c, data->v, data->l);
2394
2395 return;
2396 }
2397
2398 vchar_t *
eay_md5_final(c)2399 eay_md5_final(c)
2400 caddr_t c;
2401 {
2402 vchar_t *res;
2403
2404 if ((res = vmalloc(MD5_DIGEST_LENGTH)) == 0)
2405 return(0);
2406
2407 MD5_Final((unsigned char *) res->v, (MD5_CTX *)c);
2408 (void)racoon_free(c);
2409
2410 return(res);
2411 }
2412
2413 vchar_t *
eay_md5_one(data)2414 eay_md5_one(data)
2415 vchar_t *data;
2416 {
2417 return eay_digest_one(data, EVP_md5());
2418 }
2419
2420 int
eay_md5_hashlen()2421 eay_md5_hashlen()
2422 {
2423 return MD5_DIGEST_LENGTH << 3;
2424 }
2425
2426 /*
2427 * eay_set_random
2428 * size: number of bytes.
2429 */
2430 vchar_t *
eay_set_random(size)2431 eay_set_random(size)
2432 u_int32_t size;
2433 {
2434 BIGNUM *r = NULL;
2435 vchar_t *res = 0;
2436
2437 if ((r = BN_new()) == NULL)
2438 goto end;
2439 BN_rand(r, size * 8, 0, 0);
2440 eay_bn2v(&res, r);
2441
2442 end:
2443 if (r)
2444 BN_free(r);
2445 return(res);
2446 }
2447
2448 /* DH */
2449 int
eay_dh_generate(prime,g,publen,pub,priv)2450 eay_dh_generate(prime, g, publen, pub, priv)
2451 vchar_t *prime, **pub, **priv;
2452 u_int publen;
2453 u_int32_t g;
2454 {
2455 BIGNUM *p = NULL;
2456 DH *dh = NULL;
2457 int error = -1;
2458
2459 /* initialize */
2460 /* pre-process to generate number */
2461 if (eay_v2bn(&p, prime) < 0)
2462 goto end;
2463
2464 if ((dh = DH_new()) == NULL)
2465 goto end;
2466 dh->p = p;
2467 p = NULL; /* p is now part of dh structure */
2468 dh->g = NULL;
2469 if ((dh->g = BN_new()) == NULL)
2470 goto end;
2471 if (!BN_set_word(dh->g, g))
2472 goto end;
2473
2474 if (publen != 0)
2475 dh->length = publen;
2476
2477 /* generate public and private number */
2478 if (!DH_generate_key(dh))
2479 goto end;
2480
2481 /* copy results to buffers */
2482 if (eay_bn2v(pub, dh->pub_key) < 0)
2483 goto end;
2484 if (eay_bn2v(priv, dh->priv_key) < 0) {
2485 vfree(*pub);
2486 goto end;
2487 }
2488
2489 error = 0;
2490
2491 end:
2492 if (dh != NULL)
2493 DH_free(dh);
2494 if (p != 0)
2495 BN_free(p);
2496 return(error);
2497 }
2498
2499 int
eay_dh_compute(prime,g,pub,priv,pub2,key)2500 eay_dh_compute(prime, g, pub, priv, pub2, key)
2501 vchar_t *prime, *pub, *priv, *pub2, **key;
2502 u_int32_t g;
2503 {
2504 BIGNUM *dh_pub = NULL;
2505 DH *dh = NULL;
2506 int l;
2507 unsigned char *v = NULL;
2508 int error = -1;
2509
2510 /* make public number to compute */
2511 if (eay_v2bn(&dh_pub, pub2) < 0)
2512 goto end;
2513
2514 /* make DH structure */
2515 if ((dh = DH_new()) == NULL)
2516 goto end;
2517 if (eay_v2bn(&dh->p, prime) < 0)
2518 goto end;
2519 if (eay_v2bn(&dh->pub_key, pub) < 0)
2520 goto end;
2521 if (eay_v2bn(&dh->priv_key, priv) < 0)
2522 goto end;
2523 dh->length = pub2->l * 8;
2524
2525 dh->g = NULL;
2526 if ((dh->g = BN_new()) == NULL)
2527 goto end;
2528 if (!BN_set_word(dh->g, g))
2529 goto end;
2530
2531 if ((v = racoon_calloc(prime->l, sizeof(u_char))) == NULL)
2532 goto end;
2533 if ((l = DH_compute_key(v, dh_pub, dh)) == -1)
2534 goto end;
2535 memcpy((*key)->v + (prime->l - l), v, l);
2536
2537 error = 0;
2538
2539 end:
2540 if (dh_pub != NULL)
2541 BN_free(dh_pub);
2542 if (dh != NULL)
2543 DH_free(dh);
2544 if (v != NULL)
2545 racoon_free(v);
2546 return(error);
2547 }
2548
2549 /*
2550 * convert vchar_t <-> BIGNUM.
2551 *
2552 * vchar_t: unit is u_char, network endian, most significant byte first.
2553 * BIGNUM: unit is BN_ULONG, each of BN_ULONG is in host endian,
2554 * least significant BN_ULONG must come first.
2555 *
2556 * hex value of "0x3ffe050104" is represented as follows:
2557 * vchar_t: 3f fe 05 01 04
2558 * BIGNUM (BN_ULONG = u_int8_t): 04 01 05 fe 3f
2559 * BIGNUM (BN_ULONG = u_int16_t): 0x0104 0xfe05 0x003f
2560 * BIGNUM (BN_ULONG = u_int32_t_t): 0xfe050104 0x0000003f
2561 */
2562 int
eay_v2bn(bn,var)2563 eay_v2bn(bn, var)
2564 BIGNUM **bn;
2565 vchar_t *var;
2566 {
2567 if ((*bn = BN_bin2bn((unsigned char *) var->v, var->l, NULL)) == NULL)
2568 return -1;
2569
2570 return 0;
2571 }
2572
2573 int
eay_bn2v(var,bn)2574 eay_bn2v(var, bn)
2575 vchar_t **var;
2576 BIGNUM *bn;
2577 {
2578 *var = vmalloc(bn->top * BN_BYTES);
2579 if (*var == NULL)
2580 return(-1);
2581
2582 (*var)->l = BN_bn2bin(bn, (unsigned char *) (*var)->v);
2583
2584 return 0;
2585 }
2586
2587 void
eay_init()2588 eay_init()
2589 {
2590 OpenSSL_add_all_algorithms();
2591 ERR_load_crypto_strings();
2592 #ifdef HAVE_OPENSSL_ENGINE_H
2593 ENGINE_load_builtin_engines();
2594 ENGINE_register_all_complete();
2595 #endif
2596 }
2597
2598 vchar_t *
base64_decode(char * in,long inlen)2599 base64_decode(char *in, long inlen)
2600 {
2601 BIO *bio=NULL, *b64=NULL;
2602 vchar_t *res = NULL;
2603 char *outb;
2604 long outlen;
2605
2606 outb = malloc(inlen * 2);
2607 if (outb == NULL)
2608 goto out;
2609 bio = BIO_new_mem_buf(in, inlen);
2610 b64 = BIO_new(BIO_f_base64());
2611 BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
2612 bio = BIO_push(b64, bio);
2613
2614 outlen = BIO_read(bio, outb, inlen * 2);
2615 if (outlen <= 0) {
2616 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
2617 goto out;
2618 }
2619
2620 res = vmalloc(outlen);
2621 if (!res)
2622 goto out;
2623
2624 memcpy(res->v, outb, outlen);
2625
2626 out:
2627 if (outb)
2628 free(outb);
2629 if (bio)
2630 BIO_free_all(bio);
2631
2632 return res;
2633 }
2634
2635 vchar_t *
base64_encode(char * in,long inlen)2636 base64_encode(char *in, long inlen)
2637 {
2638 BIO *bio=NULL, *b64=NULL;
2639 char *ptr;
2640 long plen = -1;
2641 vchar_t *res = NULL;
2642
2643 bio = BIO_new(BIO_s_mem());
2644 b64 = BIO_new(BIO_f_base64());
2645 BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
2646 bio = BIO_push(b64, bio);
2647
2648 BIO_write(bio, in, inlen);
2649 BIO_flush(bio);
2650
2651 plen = BIO_get_mem_data(bio, &ptr);
2652 res = vmalloc(plen+1);
2653 if (!res)
2654 goto out;
2655
2656 memcpy (res->v, ptr, plen);
2657 res->v[plen] = '\0';
2658
2659 out:
2660 if (bio)
2661 BIO_free_all(bio);
2662
2663 return res;
2664 }
2665
2666 static RSA *
binbuf_pubkey2rsa(vchar_t * binbuf)2667 binbuf_pubkey2rsa(vchar_t *binbuf)
2668 {
2669 BIGNUM *exp, *mod;
2670 RSA *rsa_pub = NULL;
2671
2672 if (binbuf->v[0] > binbuf->l - 1) {
2673 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: decoded string doesn't make sense.\n");
2674 goto out;
2675 }
2676
2677 exp = BN_bin2bn((unsigned char *) (binbuf->v + 1), binbuf->v[0], NULL);
2678 mod = BN_bin2bn((unsigned char *) (binbuf->v + binbuf->v[0] + 1),
2679 binbuf->l - binbuf->v[0] - 1, NULL);
2680 rsa_pub = RSA_new();
2681
2682 if (!exp || !mod || !rsa_pub) {
2683 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey parsing error: %s\n", eay_strerror());
2684 if (exp)
2685 BN_free(exp);
2686 if (mod)
2687 BN_free(exp);
2688 if (rsa_pub)
2689 RSA_free(rsa_pub);
2690 rsa_pub = NULL;
2691 goto out;
2692 }
2693
2694 rsa_pub->n = mod;
2695 rsa_pub->e = exp;
2696
2697 out:
2698 return rsa_pub;
2699 }
2700
2701 RSA *
base64_pubkey2rsa(char * in)2702 base64_pubkey2rsa(char *in)
2703 {
2704 BIGNUM *exp, *mod;
2705 RSA *rsa_pub = NULL;
2706 vchar_t *binbuf;
2707
2708 if (strncmp(in, "0s", 2) != 0) {
2709 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: doesn't start with '0s'\n");
2710 return NULL;
2711 }
2712
2713 binbuf = base64_decode(in + 2, strlen(in + 2));
2714 if (!binbuf) {
2715 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: Base64 decoding failed.\n");
2716 return NULL;
2717 }
2718
2719 if (binbuf->v[0] > binbuf->l - 1) {
2720 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: decoded string doesn't make sense.\n");
2721 goto out;
2722 }
2723
2724 rsa_pub = binbuf_pubkey2rsa(binbuf);
2725
2726 out:
2727 if (binbuf)
2728 vfree(binbuf);
2729
2730 return rsa_pub;
2731 }
2732
2733 RSA *
bignum_pubkey2rsa(BIGNUM * in)2734 bignum_pubkey2rsa(BIGNUM *in)
2735 {
2736 RSA *rsa_pub = NULL;
2737 vchar_t *binbuf;
2738
2739 binbuf = vmalloc(BN_num_bytes(in));
2740 if (!binbuf) {
2741 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey conversion: memory allocation failed..\n");
2742 return NULL;
2743 }
2744
2745 BN_bn2bin(in, (unsigned char *) binbuf->v);
2746
2747 rsa_pub = binbuf_pubkey2rsa(binbuf);
2748
2749 out:
2750 if (binbuf)
2751 vfree(binbuf);
2752
2753 return rsa_pub;
2754 }
2755
2756 u_int32_t
eay_random()2757 eay_random()
2758 {
2759 u_int32_t result;
2760 vchar_t *vrand;
2761
2762 vrand = eay_set_random(sizeof(result));
2763 memcpy(&result, vrand->v, sizeof(result));
2764 vfree(vrand);
2765
2766 return result;
2767 }
2768
2769 const char *
eay_version()2770 eay_version()
2771 {
2772 return SSLeay_version(SSLEAY_VERSION);
2773 }
2774