]> git.saurik.com Git - apple/ipsec.git/blame - ipsec-tools/racoon/crypto_openssl.c
projects / apple / ipsec.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
ipsec-164.9.tar.gz
[apple/ipsec.git] / ipsec-tools / racoon / crypto_openssl.c
CommitLineData
d1e348cf
A		 1/* $NetBSD: crypto_openssl.c,v 1.11.6.1 2006/12/18 10:18:10 vanhu Exp $ */
2
3/* Id: crypto_openssl.c,v 1.47 2006/05/06 20:42:09 manubsd Exp */
52b7d2ce
A		 4
5/*
6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the project nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34#include "config.h"
35
52b7d2ce 36#define COMMON_DIGEST_FOR_OPENSSL 1
52b7d2ce
A		 37
38#include <sys/types.h>
39#include <sys/param.h>
40
41#include <stdlib.h>
42#include <stdio.h>
43#include <limits.h>
44#include <string.h>
45
e8d9021d 46#ifdef HAVE_OPENSSL
52b7d2ce
A		 47/* get openssl/ssleay version number */
48#include <openssl/opensslv.h>
49
50#if !defined(OPENSSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x0090602fL)
51#error OpenSSL version 0.9.6 or later required.
52#endif
52b7d2ce
A		 53#include <openssl/pem.h>
54#include <openssl/evp.h>
55#include <openssl/x509.h>
56#include <openssl/x509v3.h>
57#include <openssl/x509_vfy.h>
58#include <openssl/bn.h>
59#include <openssl/dh.h>
52b7d2ce
A		 60#include <openssl/des.h>
61#include <openssl/crypto.h>
62#ifdef HAVE_OPENSSL_ENGINE_H
63#include <openssl/engine.h>
64#endif
65#include <openssl/blowfish.h>
66#include <openssl/cast.h>
67#include <openssl/err.h>
e8d9021d
A		 68#else /* HAVE_OPENSSL */
69#include <Security/SecDH.h>
70#include <Security/SecRandom.h>
71#endif /* HAVE_OPENSSL */
72
73#include <CommonCrypto/CommonDigest.h>
74#include <CommonCrypto/CommonHMAC.h>
75#include <CommonCrypto/CommonCryptor.h>
52b7d2ce 76
e8d9021d 77#ifdef HAVE_OPENSSL
52b7d2ce
A		 78/* 0.9.7 stuff? */
79#if OPENSSL_VERSION_NUMBER < 0x0090700fL
80typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES;
81#else
82#define USE_NEW_DES_API
83#endif
84
85#define OpenSSL_BUG() do { plog(LLV_ERROR, LOCATION, NULL, "OpenSSL function failed\n"); } while(0)
e8d9021d 86#endif
52b7d2ce 87
e8d9021d 88#include "crypto_openssl.h"
52b7d2ce
A		 89#include "var.h"
90#include "misc.h"
91#include "vmbuf.h"
92#include "plog.h"
52b7d2ce
A		 93#include "debug.h"
94#include "gcmalloc.h"
95
96
97/*
98 * I hate to cast every parameter to des_xx into void *, but it is
99 * necessary for SSLeay/OpenSSL portability. It sucks.
100 */
101
e8d9021d 102#ifdef HAVE_OPENSSL
52b7d2ce
A		 103static int cb_check_cert_local __P((int, X509_STORE_CTX *));
104static int cb_check_cert_remote __P((int, X509_STORE_CTX *));
105static X509 *mem2x509 __P((vchar_t *));
52b7d2ce 106#endif
e8d9021d
A		 107static caddr_t eay_hmac_init __P((vchar_t *, CCHmacAlgorithm));
108
52b7d2ce 109
e8d9021d 110#ifdef HAVE_OPENSSL
52b7d2ce
A		 111/* X509 Certificate */
112/*
113 * convert the string of the subject name into DER
114 * e.g. str = "C=JP, ST=Kanagawa";
115 */
116vchar_t *
117eay_str2asn1dn(str, len)
118 const char *str;
119 int len;
120{
121 X509_NAME *name;
122 char *buf;
123 char *field, *value;
124 int i, j;
d1e348cf 125 vchar_t *ret = NULL;
52b7d2ce
A		 126 caddr_t p;
127
128 if (len == -1)
129 len = strlen(str);
130
131 buf = racoon_malloc(len + 1);
132 if (!buf) {
d1e348cf 133 plog(LLV_WARNING, LOCATION, NULL,"failed to allocate buffer\n");
52b7d2ce
A		 134 return NULL;
135 }
136 memcpy(buf, str, len);
137
138 name = X509_NAME_new();
139
140 field = &buf[0];
141 value = NULL;
142 for (i = 0; i < len; i++) {
143 if (!value && buf[i] == '=') {
144 buf[i] = '\0';
145 value = &buf[i + 1];
146 continue;
147 } else if (buf[i] == ',' || buf[i] == '/') {
148 buf[i] = '\0';
149
150 plog(LLV_DEBUG, LOCATION, NULL, "DN: %s=%s\n",
151 field, value);
152
153 if (!value) goto err;
154 if (!X509_NAME_add_entry_by_txt(name, field,
155 (value[0] == '*' && value[1] == 0) ?
156 V_ASN1_PRINTABLESTRING : MBSTRING_ASC,
157 (unsigned char *) value, -1, -1, 0)) {
158 plog(LLV_ERROR, LOCATION, NULL,
159 "Invalid DN field: %s=%s\n",
160 field, value);
161 plog(LLV_ERROR, LOCATION, NULL,
162 "%s\n", eay_strerror());
163 goto err;
164 }
165 for (j = i + 1; j < len; j++) {
166 if (buf[j] != ' ')
167 break;
168 }
169 field = &buf[j];
170 value = NULL;
171 continue;
172 }
173 }
174 buf[len] = '\0';
175
176 plog(LLV_DEBUG, LOCATION, NULL, "DN: %s=%s\n",
177 field, value);
178
179 if (!value) goto err;
180 if (!X509_NAME_add_entry_by_txt(name, field,
181 (value[0] == '*' && value[1] == 0) ?
182 V_ASN1_PRINTABLESTRING : MBSTRING_ASC,
183 (unsigned char *) value, -1, -1, 0)) {
184 plog(LLV_ERROR, LOCATION, NULL,
185 "Invalid DN field: %s=%s\n",
186 field, value);
187 plog(LLV_ERROR, LOCATION, NULL,
188 "%s\n", eay_strerror());
189 goto err;
190 }
191
192 i = i2d_X509_NAME(name, NULL);
193 if (!i)
194 goto err;
195 ret = vmalloc(i);
196 if (!ret)
197 goto err;
198 p = ret->v;
199 i = i2d_X509_NAME(name, (void *)&p);
200 if (!i)
201 goto err;
202
203 return ret;
204
205 err:
206 if (buf)
207 racoon_free(buf);
208 if (name)
209 X509_NAME_free(name);
d1e348cf
A		 210 if (ret)
211 vfree(ret);
52b7d2ce
A		 212 return NULL;
213}
214
215/*
216 * convert the hex string of the subject name into DER
217 */
218vchar_t *
219eay_hex2asn1dn(const char *hex, int len)
220{
221 BIGNUM *bn = BN_new();
222 char *binbuf;
223 size_t binlen;
224 vchar_t *ret = NULL;
225
226 if (len == -1)
227 len = strlen(hex);
228
229 if (BN_hex2bn(&bn, hex) != len) {
230 plog(LLV_ERROR, LOCATION, NULL,
231 "conversion of Hex-encoded ASN1 string to binary failed: %s\n",
232 eay_strerror());
233 goto out;
234 }
235
236 binlen = BN_num_bytes(bn);
237 ret = vmalloc(binlen);
238 if (!ret) {
d1e348cf 239 plog(LLV_WARNING, LOCATION, NULL,"failed to allocate buffer\n");
52b7d2ce
A		 240 return NULL;
241 }
242 binbuf = ret->v;
243
244 BN_bn2bin(bn, (unsigned char *) binbuf);
245
246out:
247 BN_free(bn);
248
249 return ret;
250}
251
252/*
253 * The following are derived from code in crypto/x509/x509_cmp.c
254 * in OpenSSL0.9.7c:
255 * X509_NAME_wildcmp() adds wildcard matching to the original
256 * X509_NAME_cmp(), nocase_cmp() and nocase_spacenorm_cmp() are as is.
257 */
258#include <ctype.h>
259/* Case insensitive string comparision */
260static int nocase_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
261{
262 int i;
263
264 if (a->length != b->length)
265 return (a->length - b->length);
266
267 for (i=0; i<a->length; i++)
268 {
269 int ca, cb;
270
271 ca = tolower(a->data[i]);
272 cb = tolower(b->data[i]);
273
274 if (ca != cb)
275 return(ca-cb);
276 }
277 return 0;
278}
279
280/* Case insensitive string comparision with space normalization
281 * Space normalization - ignore leading, trailing spaces,
282 * multiple spaces between characters are replaced by single space
283 */
284static int nocase_spacenorm_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
285{
286 unsigned char *pa = NULL, *pb = NULL;
287 int la, lb;
288
289 la = a->length;
290 lb = b->length;
291 pa = a->data;
292 pb = b->data;
293
294 /* skip leading spaces */
295 while (la > 0 && isspace(*pa))
296 {
297 la--;
298 pa++;
299 }
300 while (lb > 0 && isspace(*pb))
301 {
302 lb--;
303 pb++;
304 }
305
306 /* skip trailing spaces */
307 while (la > 0 && isspace(pa[la-1]))
308 la--;
309 while (lb > 0 && isspace(pb[lb-1]))
310 lb--;
311
312 /* compare strings with space normalization */
313 while (la > 0 && lb > 0)
314 {
315 int ca, cb;
316
317 /* compare character */
318 ca = tolower(*pa);
319 cb = tolower(*pb);
320 if (ca != cb)
321 return (ca - cb);
322
323 pa++; pb++;
324 la--; lb--;
325
326 if (la <= 0 || lb <= 0)
327 break;
328
329 /* is white space next character ? */
330 if (isspace(*pa) && isspace(*pb))
331 {
332 /* skip remaining white spaces */
333 while (la > 0 && isspace(*pa))
334 {
335 la--;
336 pa++;
337 }
338 while (lb > 0 && isspace(*pb))
339 {
340 lb--;
341 pb++;
342 }
343 }
344 }
345 if (la > 0 || lb > 0)
346 return la - lb;
347
348 return 0;
349}
350
351static int X509_NAME_wildcmp(const X509_NAME *a, const X509_NAME *b)
352{
353 int i,j;
354 X509_NAME_ENTRY *na,*nb;
355
356 if (sk_X509_NAME_ENTRY_num(a->entries)
357 != sk_X509_NAME_ENTRY_num(b->entries))
358 return sk_X509_NAME_ENTRY_num(a->entries)
359 -sk_X509_NAME_ENTRY_num(b->entries);
360 for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
361 {
362 na=sk_X509_NAME_ENTRY_value(a->entries,i);
363 nb=sk_X509_NAME_ENTRY_value(b->entries,i);
364 j=OBJ_cmp(na->object,nb->object);
365 if (j) return(j);
366 if ((na->value->length == 1 && na->value->data[0] == '*')
367 || (nb->value->length == 1 && nb->value->data[0] == '*'))
368 continue;
369 j=na->value->type-nb->value->type;
370 if (j) return(j);
371 if (na->value->type == V_ASN1_PRINTABLESTRING)
372 j=nocase_spacenorm_cmp(na->value, nb->value);
373 else if (na->value->type == V_ASN1_IA5STRING
374 && OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress)
375 j=nocase_cmp(na->value, nb->value);
376 else
377 {
378 j=na->value->length-nb->value->length;
379 if (j) return(j);
380 j=memcmp(na->value->data,nb->value->data,
381 na->value->length);
382 }
383 if (j) return(j);
384 j=na->set-nb->set;
385 if (j) return(j);
386 }
387
388 return(0);
389}
390
391/*
392 * compare two subjectNames.
393 * OUT: 0: equal
394 * positive:
395 * -1: other error.
396 */
397int
398eay_cmp_asn1dn(n1, n2)
399 vchar_t *n1, *n2;
400{
401 X509_NAME *a = NULL, *b = NULL;
402 caddr_t p;
403 int i = -1;
404
405 p = n1->v;
406 if (!d2i_X509_NAME(&a, (void *)&p, n1->l))
407 goto end;
408 p = n2->v;
409 if (!d2i_X509_NAME(&b, (void *)&p, n2->l))
410 goto end;
411
412 i = X509_NAME_wildcmp(a, b);
413
414 end:
415 if (a)
416 X509_NAME_free(a);
417 if (b)
418 X509_NAME_free(b);
419 return i;
420}
421
422/*
423 * this functions is derived from apps/verify.c in OpenSSL0.9.5
424 */
425int
426eay_check_x509cert(cert, CApath, CAfile, local)
427 vchar_t *cert;
428 char *CApath;
429 char *CAfile;
430 int local;
431{
432 X509_STORE *cert_ctx = NULL;
433 X509_LOOKUP *lookup = NULL;
434 X509 *x509 = NULL;
435 X509_STORE_CTX *csc;
436 int error = -1;
437
438 cert_ctx = X509_STORE_new();
439 if (cert_ctx == NULL)
440 goto end;
441
442 if (local)
443 X509_STORE_set_verify_cb_func(cert_ctx, cb_check_cert_local);
444 else
445 X509_STORE_set_verify_cb_func(cert_ctx, cb_check_cert_remote);
446
447 lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file());
448 if (lookup == NULL)
449 goto end;
450
451 X509_LOOKUP_load_file(lookup, CAfile,
452 (CAfile == NULL) ? X509_FILETYPE_DEFAULT : X509_FILETYPE_PEM);
453
454 lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_hash_dir());
455 if (lookup == NULL)
456 goto end;
457 error = X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM);
458 if(!error) {
459 error = -1;
460 goto end;
461 }
462 error = -1; /* initialized */
463
464 /* read the certificate to be verified */
465 x509 = mem2x509(cert);
466 if (x509 == NULL)
467 goto end;
468
469 csc = X509_STORE_CTX_new();
470 if (csc == NULL)
471 goto end;
472 X509_STORE_CTX_init(csc, cert_ctx, x509, NULL);
473#if OPENSSL_VERSION_NUMBER >= 0x00907000L
474 X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CRL_CHECK);
475 X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CRL_CHECK_ALL);
476#endif
477 error = X509_verify_cert(csc);
47612122 478 X509_STORE_CTX_free(csc);
52b7d2ce
A		 479
480 /*
481 * if x509_verify_cert() is successful then the value of error is
482 * set non-zero.
483 */
484 error = error ? 0 : -1;
485
486end:
487 if (error)
d1e348cf 488 plog(LLV_WARNING, LOCATION, NULL,"%s\n", eay_strerror());
52b7d2ce
A		 489 if (cert_ctx != NULL)
490 X509_STORE_free(cert_ctx);
491 if (x509 != NULL)
492 X509_free(x509);
493
494 return(error);
495}
496
497/*
498 * callback function for verifing certificate.
499 * this function is derived from cb() in openssl/apps/s_server.c
500 */
501static int
502cb_check_cert_local(ok, ctx)
503 int ok;
504 X509_STORE_CTX *ctx;
505{
506 char buf[256];
507 int log_tag;
508
509 if (!ok) {
510 X509_NAME_oneline(
511 X509_get_subject_name(ctx->current_cert),
512 buf,
513 256);
514 /*
515 * since we are just checking the certificates, it is
516 * ok if they are self signed. But we should still warn
517 * the user.
518 */
519 switch (ctx->error) {
520 case X509_V_ERR_CERT_HAS_EXPIRED:
521 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
522 case X509_V_ERR_INVALID_CA:
523 case X509_V_ERR_PATH_LENGTH_EXCEEDED:
524 case X509_V_ERR_INVALID_PURPOSE:
525 case X509_V_ERR_UNABLE_TO_GET_CRL:
526 ok = 1;
527 log_tag = LLV_WARNING;
528 break;
529 default:
530 log_tag = LLV_ERROR;
531 }
532 plog(log_tag, LOCATION, NULL,
533 "%s(%d) at depth:%d SubjectName:%s\n",
534 X509_verify_cert_error_string(ctx->error),
535 ctx->error,
536 ctx->error_depth,
537 buf);
538 }
539 ERR_clear_error();
540
541 return ok;
542}
543
544/*
545 * callback function for verifing remote certificates.
546 * this function is derived from cb() in openssl/apps/s_server.c
547 */
548static int
549cb_check_cert_remote(ok, ctx)
550 int ok;
551 X509_STORE_CTX *ctx;
552{
553 char buf[256];
554 int log_tag;
555
556 if (!ok) {
557 X509_NAME_oneline(
558 X509_get_subject_name(ctx->current_cert),
559 buf,
560 256);
561 switch (ctx->error) {
562 case X509_V_ERR_UNABLE_TO_GET_CRL:
563 ok = 1;
564 log_tag = LLV_WARNING;
565 break;
566 default:
567 log_tag = LLV_ERROR;
568 }
569 plog(log_tag, LOCATION, NULL,
570 "%s(%d) at depth:%d SubjectName:%s\n",
571 X509_verify_cert_error_string(ctx->error),
572 ctx->error,
573 ctx->error_depth,
574 buf);
575 }
576 ERR_clear_error();
577
578 return ok;
579}
580
581/*
582 * get a subjectAltName from X509 certificate.
583 */
584vchar_t *
585eay_get_x509asn1subjectname(cert)
586 vchar_t *cert;
587{
588 X509 *x509 = NULL;
589 u_char *bp;
590 vchar_t *name = NULL;
591 int len;
52b7d2ce
A		 592
593 bp = (unsigned char *) cert->v;
594
595 x509 = mem2x509(cert);
596 if (x509 == NULL)
d1e348cf 597 goto error;
52b7d2ce
A		 598
599 /* get the length of the name */
600 len = i2d_X509_NAME(x509->cert_info->subject, NULL);
601 name = vmalloc(len);
602 if (!name)
d1e348cf 603 goto error;
52b7d2ce
A		 604 /* get the name */
605 bp = (unsigned char *) name->v;
606 len = i2d_X509_NAME(x509->cert_info->subject, &bp);
607
d1e348cf 608 X509_free(x509);
52b7d2ce 609
d1e348cf
A		 610 return name;
611
612error:
613 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
614
615 if (name != NULL)
616 vfree(name);
617
618 if (x509 != NULL)
52b7d2ce
A		 619 X509_free(x509);
620
d1e348cf 621 return NULL;
52b7d2ce
A		 622}
623
52b7d2ce
A		 624/*
625 * Get the common name from a cert
626 */
627#define EAY_MAX_CN_LEN 256
628vchar_t *
629eay_get_x509_common_name(cert)
630 vchar_t *cert;
631{
632 X509 *x509 = NULL;
633 X509_NAME *name;
634 vchar_t *commonName = NULL;
635
636 commonName = vmalloc(EAY_MAX_CN_LEN);
637 if (commonName == NULL) {
638 plog(LLV_ERROR, LOCATION, NULL, "no memory\n");
639 return NULL;
640 }
641
642 x509 = mem2x509(cert);
643 if (x509 == NULL) {
644 vfree(commonName);
645 return NULL;
646 }
647
648 name = X509_get_subject_name(x509);
649 X509_NAME_get_text_by_NID(name, NID_commonName, commonName->v, EAY_MAX_CN_LEN);
650
651 commonName->l = strlen(commonName->v);
652
653 if (x509)
654 X509_free(x509);
655 return commonName;
656}
657
658/*
659 * get the subjectAltName from X509 certificate.
660 * the name must be terminated by '\0'.
661 */
662int
663eay_get_x509subjectaltname(cert, altname, type, pos, len)
664 vchar_t *cert;
665 char **altname;
666 int *type;
667 int pos;
668 int *len;
669{
670 X509 *x509 = NULL;
671 int i;
d1e348cf 672 GENERAL_NAMES *gens = NULL;
52b7d2ce
A		 673 GENERAL_NAME *gen;
674 int error = -1;
675
676 *altname = NULL;
677 *type = GENT_OTHERNAME;
678
679 x509 = mem2x509(cert);
680 if (x509 == NULL)
681 goto end;
682
683 gens = X509_get_ext_d2i(x509, NID_subject_alt_name, NULL, NULL);
684 if (gens == NULL)
685 goto end;
686
687 for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
688 if (i + 1 != pos)
689 continue;
690 break;
691 }
692
693 /* there is no data at "pos" */
694 if (i == sk_GENERAL_NAME_num(gens))
695 goto end;
696
697 gen = sk_GENERAL_NAME_value(gens, i);
698
699 /* make sure the data is terminated by '\0'. */
700 if (gen->d.ia5->data[gen->d.ia5->length] != '\0') {
701 plog(LLV_ERROR, LOCATION, NULL,
702 "data is not terminated by 0.");
703 hexdump(gen->d.ia5->data, gen->d.ia5->length + 1);
704 goto end;
705 }
706
707 /* read DNSName / Email */
708 if (gen->type == GEN_DNS ||
709 gen->type == GEN_EMAIL ||
710 gen->type == GEN_URI) {
711
712 *len = gen->d.ia5->length + 1;
713 *altname = racoon_malloc(*len);
714 if (!*altname)
715 goto end;
716
717 strlcpy(*altname, (const char *)gen->d.ia5->data, *len);
718 *type = gen->type;
719
720 error = 0;
721 } else if (gen->type == GEN_IPADD) {
722
723 *len = gen->d.ia5->length + 1;
724 *altname = racoon_malloc(*len);
725 if (!*altname)
726 goto end;
727
728 memcpy(*altname, (const char *)gen->d.ia5->data, *len);
729 *type = gen->type;
730
731 error = 0;
732 }
733
734 end:
735 if (error) {
736 if (*altname) {
737 racoon_free(*altname);
738 *altname = NULL;
739 }
740#ifndef EAYDEBUG
741 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
742#else
743 printf("%s\n", eay_strerror());
744#endif
745 }
d1e348cf
A		 746 if (gens)
747 /* free the whole stack. */
748 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
52b7d2ce
A		 749 if (x509)
750 X509_free(x509);
751
752 return error;
753}
754
52b7d2ce
A		 755/*
756 * decode a X509 certificate and make a readable text terminated '\n'.
757 * return the buffer allocated, so must free it later.
758 */
759char *
760eay_get_x509text(cert)
761 vchar_t *cert;
762{
763 X509 *x509 = NULL;
764 BIO *bio = NULL;
765 char *text = NULL;
766 u_char *bp = NULL;
767 int len = 0;
768 int error = -1;
769
770 x509 = mem2x509(cert);
771 if (x509 == NULL)
772 goto end;
773
774 bio = BIO_new(BIO_s_mem());
775 if (bio == NULL)
776 goto end;
777
778 error = X509_print(bio, x509);
779 if (error != 1) {
780 error = -1;
781 goto end;
782 }
783
784 len = BIO_get_mem_data(bio, &bp);
785 text = racoon_malloc(len + 1);
786 if (text == NULL)
787 goto end;
788 memcpy(text, bp, len);
789 text[len] = '\0';
790
791 error = 0;
792
793 end:
794 if (error) {
795 if (text) {
796 racoon_free(text);
797 text = NULL;
798 }
799 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
800 }
801 if (bio)
802 BIO_free(bio);
803 if (x509)
804 X509_free(x509);
805
806 return text;
807}
808
809/* get X509 structure from buffer. */
810static X509 *
811mem2x509(cert)
812 vchar_t *cert;
813{
814 X509 *x509;
815
816#ifndef EAYDEBUG
817 {
818 u_char *bp;
819
820 bp = (unsigned char *) cert->v;
821
822 x509 = d2i_X509(NULL, (void *)&bp, cert->l);
823 }
824#else
825 {
826 BIO *bio;
827 int len;
828
829 bio = BIO_new(BIO_s_mem());
830 if (bio == NULL)
831 return NULL;
832 len = BIO_write(bio, cert->v, cert->l);
833 if (len == -1)
834 return NULL;
835 x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
836 BIO_free(bio);
837 }
838#endif
839 return x509;
840}
841
842/*
843 * get a X509 certificate from local file.
844 * a certificate must be PEM format.
845 * Input:
846 * path to a certificate.
847 * Output:
848 * NULL if error occured
849 * other is the cert.
850 */
851vchar_t *
852eay_get_x509cert(path)
853 char *path;
854{
855 FILE *fp;
856 X509 *x509;
857 vchar_t *cert;
858 u_char *bp;
859 int len;
860 int error;
861
862 /* Read private key */
863 fp = fopen(path, "r");
864 if (fp == NULL)
865 return NULL;
866 x509 = PEM_read_X509(fp, NULL, NULL, NULL);
867 fclose (fp);
868
869 if (x509 == NULL)
870 return NULL;
871
872 len = i2d_X509(x509, NULL);
873 cert = vmalloc(len);
874 if (cert == NULL) {
875 X509_free(x509);
876 return NULL;
877 }
878 bp = (unsigned char *) cert->v;
879 error = i2d_X509(x509, &bp);
880 X509_free(x509);
881
882 if (error == 0) {
883 vfree(cert);
884 return NULL;
885 }
886
887 return cert;
888}
889
890/*
891 * check a X509 signature
892 * XXX: to be get hash type from my cert ?
893 * to be handled EVP_dss().
894 * OUT: return -1 when error.
895 * 0
896 */
897int
898eay_check_x509sign(source, sig, cert)
899 vchar_t *source;
900 vchar_t *sig;
901 vchar_t *cert;
902{
903 X509 *x509;
904 u_char *bp;
905 EVP_PKEY *evp;
906 int res;
907
908 bp = (unsigned char *) cert->v;
909
910 x509 = d2i_X509(NULL, (void *)&bp, cert->l);
911 if (x509 == NULL) {
912 plog(LLV_ERROR, LOCATION, NULL, "d2i_X509(): %s\n", eay_strerror());
913 return -1;
914 }
915
916 evp = X509_get_pubkey(x509);
917 if (! evp) {
918 plog(LLV_ERROR, LOCATION, NULL, "X509_get_pubkey(): %s\n", eay_strerror());
d1e348cf 919 X509_free(x509);
52b7d2ce
A		 920 return -1;
921 }
922
923 res = eay_rsa_verify(source, sig, evp->pkey.rsa);
924
925 EVP_PKEY_free(evp);
d1e348cf 926 X509_free(x509);
52b7d2ce
A		 927
928 return res;
929}
930
931/*
932 * check RSA signature
933 * OUT: return -1 when error.
934 * 0 on success
935 */
936int
937eay_check_rsasign(source, sig, rsa)
938 vchar_t *source;
939 vchar_t *sig;
940 RSA *rsa;
941{
942 return eay_rsa_verify(source, sig, rsa);
943}
944
945/*
946 * get PKCS#1 Private Key of PEM format from local file.
947 */
948vchar_t *
949eay_get_pkcs1privkey(path)
950 char *path;
951{
952 FILE *fp;
953 EVP_PKEY *evp = NULL;
954 vchar_t *pkey = NULL;
955 u_char *bp;
956 int pkeylen;
957 int error = -1;
958
959 /* Read private key */
960 fp = fopen(path, "r");
961 if (fp == NULL)
962 return NULL;
963
964 evp = PEM_read_PrivateKey(fp, NULL, NULL, NULL);
965
966 fclose (fp);
967
968 if (evp == NULL)
969 return NULL;
970
971 pkeylen = i2d_PrivateKey(evp, NULL);
972 if (pkeylen == 0)
973 goto end;
974 pkey = vmalloc(pkeylen);
975 if (pkey == NULL)
976 goto end;
977 bp = (unsigned char *) pkey->v;
978 pkeylen = i2d_PrivateKey(evp, &bp);
979 if (pkeylen == 0)
980 goto end;
981
982 error = 0;
983
984end:
985 if (evp != NULL)
986 EVP_PKEY_free(evp);
987 if (error != 0 && pkey != NULL) {
988 vfree(pkey);
989 pkey = NULL;
990 }
991
992 return pkey;
993}
994
995/*
996 * get PKCS#1 Public Key of PEM format from local file.
997 */
998vchar_t *
999eay_get_pkcs1pubkey(path)
1000 char *path;
1001{
1002 FILE *fp;
1003 EVP_PKEY *evp = NULL;
1004 vchar_t *pkey = NULL;
1005 X509 *x509 = NULL;
1006 u_char *bp;
1007 int pkeylen;
1008 int error = -1;
1009
1010 /* Read private key */
1011 fp = fopen(path, "r");
1012 if (fp == NULL)
1013 return NULL;
1014
1015 x509 = PEM_read_X509(fp, NULL, NULL, NULL);
1016
1017 fclose (fp);
1018
1019 if (x509 == NULL)
1020 return NULL;
1021
1022 /* Get public key - eay */
1023 evp = X509_get_pubkey(x509);
1024 if (evp == NULL)
1025 return NULL;
1026
1027 pkeylen = i2d_PublicKey(evp, NULL);
1028 if (pkeylen == 0)
1029 goto end;
1030 pkey = vmalloc(pkeylen);
1031 if (pkey == NULL)
1032 goto end;
1033 bp = (unsigned char *) pkey->v;
1034 pkeylen = i2d_PublicKey(evp, &bp);
1035 if (pkeylen == 0)
1036 goto end;
1037
1038 error = 0;
1039end:
1040 if (evp != NULL)
1041 EVP_PKEY_free(evp);
1042 if (error != 0 && pkey != NULL) {
1043 vfree(pkey);
1044 pkey = NULL;
1045 }
1046
1047 return pkey;
1048}
1049
1050vchar_t *
1051eay_get_x509sign(src, privkey)
1052 vchar_t *src, *privkey;
1053{
1054 EVP_PKEY *evp;
1055 u_char *bp = (unsigned char *) privkey->v;
1056 vchar_t *sig = NULL;
1057 int len;
1058 int pad = RSA_PKCS1_PADDING;
1059
1060 /* XXX to be handled EVP_PKEY_DSA */
1061 evp = d2i_PrivateKey(EVP_PKEY_RSA, NULL, (void *)&bp, privkey->l);
1062 if (evp == NULL)
1063 return NULL;
1064
1065 sig = eay_rsa_sign(src, evp->pkey.rsa);
1066
1067 EVP_PKEY_free(evp);
1068
1069 return sig;
1070}
1071
1072vchar_t *
1073eay_get_rsasign(src, rsa)
1074 vchar_t *src;
1075 RSA *rsa;
1076{
1077 return eay_rsa_sign(src, rsa);
1078}
1079
1080vchar_t *
1081eay_rsa_sign(vchar_t *src, RSA *rsa)
1082{
1083 int len;
1084 vchar_t *sig = NULL;
1085 int pad = RSA_PKCS1_PADDING;
1086
1087 len = RSA_size(rsa);
1088
1089 sig = vmalloc(len);
1090 if (sig == NULL)
1091 return NULL;
1092
1093 len = RSA_private_encrypt(src->l, (unsigned char *) src->v,
1094 (unsigned char *) sig->v, rsa, pad);
1095
1096 if (len == 0 || len != sig->l) {
1097 vfree(sig);
1098 sig = NULL;
1099 }
1100
1101 return sig;
1102}
1103
1104int
1105eay_rsa_verify(src, sig, rsa)
1106 vchar_t *src, *sig;
1107 RSA *rsa;
1108{
1109 vchar_t *xbuf = NULL;
1110 int pad = RSA_PKCS1_PADDING;
1111 int len = 0;
1112 int error;
1113
1114 len = RSA_size(rsa);
1115 xbuf = vmalloc(len);
1116 if (xbuf == NULL) {
1117 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
1118 return -1;
1119 }
1120
1121 len = RSA_public_decrypt(sig->l, (unsigned char *) sig->v,
1122 (unsigned char *) xbuf->v, rsa, pad);
1123 if (len == 0 || len != src->l) {
1124 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
1125 vfree(xbuf);
1126 return -1;
1127 }
1128
1129 error = memcmp(src->v, xbuf->v, src->l);
1130 vfree(xbuf);
1131 if (error != 0)
1132 return -1;
1133
1134 return 0;
1135}
1136
1137/*
1138 * get error string
1139 * MUST load ERR_load_crypto_strings() first.
1140 */
1141char *
1142eay_strerror()
1143{
1144 static char ebuf[512];
1145 int len = 0, n;
1146 unsigned long l;
1147 char buf[200];
1148 const char *file, *data;
1149 int line, flags;
1150 unsigned long es;
1151
1152 es = CRYPTO_thread_id();
1153
1154 while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0){
1155 n = snprintf(ebuf + len, sizeof(ebuf) - len,
1156 "%lu:%s:%s:%d:%s ",
1157 es, ERR_error_string(l, buf), file, line,
1158 (flags & ERR_TXT_STRING) ? data : "");
1159 if (n < 0 || n >= sizeof(ebuf) - len)
1160 break;
1161 len += n;
1162 if (sizeof(ebuf) < len)
1163 break;
1164 }
1165
1166 return ebuf;
1167}
1168
1169vchar_t *
1170evp_crypt(vchar_t *data, vchar_t *key, vchar_t *iv, const EVP_CIPHER *e, int enc)
1171{
1172 vchar_t *res;
1173 EVP_CIPHER_CTX ctx;
1174
1175 if (!e)
1176 return NULL;
1177
1178 if (data->l % EVP_CIPHER_block_size(e))
1179 return NULL;
1180
1181 if ((res = vmalloc(data->l)) == NULL)
1182 return NULL;
1183
1184 EVP_CIPHER_CTX_init(&ctx);
1185
1186 switch(EVP_CIPHER_nid(e)){
1187 case NID_bf_cbc:
1188 case NID_bf_ecb:
1189 case NID_bf_cfb64:
1190 case NID_bf_ofb64:
1191 case NID_cast5_cbc:
1192 case NID_cast5_ecb:
1193 case NID_cast5_cfb64:
1194 case NID_cast5_ofb64:
1195 /* XXX: can we do that also for algos with a fixed key size ?
1196 */
1197 /* init context without key/iv
1198 */
1199 if (!EVP_CipherInit(&ctx, e, NULL, NULL, enc))
1200 {
1201 OpenSSL_BUG();
1202 vfree(res);
1203 return NULL;
1204 }
1205
1206 /* update key size
1207 */
1208 if (!EVP_CIPHER_CTX_set_key_length(&ctx, key->l))
1209 {
1210 OpenSSL_BUG();
1211 vfree(res);
1212 return NULL;
1213 }
1214
1215 /* finalize context init with desired key size
1216 */
1217 if (!EVP_CipherInit(&ctx, NULL, (u_char *) key->v,
1218 (u_char *) iv->v, enc))
1219 {
1220 OpenSSL_BUG();
1221 vfree(res);
1222 return NULL;
1223 }
1224 break;
1225 default:
1226 if (!EVP_CipherInit(&ctx, e, (u_char *) key->v,
1227 (u_char *) iv->v, enc)) {
1228 OpenSSL_BUG();
1229 vfree(res);
1230 return NULL;
1231 }
1232 }
1233
1234 /* disable openssl padding */
1235 EVP_CIPHER_CTX_set_padding(&ctx, 0);
1236
1237 if (!EVP_Cipher(&ctx, (u_char *) res->v, (u_char *) data->v, data->l)) {
1238 OpenSSL_BUG();
1239 vfree(res);
1240 return NULL;
1241 }
1242
1243 EVP_CIPHER_CTX_cleanup(&ctx);
1244
1245 return res;
1246}
1247
1248int
1249evp_weakkey(vchar_t *key, const EVP_CIPHER *e)
1250{
1251 return 0;
1252}
1253
1254int
1255evp_keylen(int len, const EVP_CIPHER *e)
1256{
1257 if (!e)
1258 return -1;
1259 /* EVP functions return lengths in bytes, ipsec-tools
1260 * uses lengths in bits, therefore conversion is required. --AK
1261 */
1262 if (len != 0 && len != (EVP_CIPHER_key_length(e) << 3))
1263 return -1;
1264
1265 return EVP_CIPHER_key_length(e) << 3;
1266}
e8d9021d 1267#endif /* HAVE_OPENSSL */
52b7d2ce 1268
d1e348cf
A		 1269vchar_t *
1270eay_CCCrypt(CCOperation oper,
1271 CCAlgorithm algo,
1272 CCOptions opts,
1273 vchar_t *data,
1274 vchar_t *key,
1275 vchar_t *iv)
1276{
1277 vchar_t *res;
1278 size_t res_len = 0;
1279 CCCryptorStatus status;
1280
1281 /* allocate buffer for result */
1282 if ((res = vmalloc(data->l)) == NULL)
1283 return NULL;
1284
1285 status = CCCrypt(oper,
1286 algo,
1287 opts,
1288 key->v, key->l,
1289 iv->v,
1290 data->v, data->l,
1291 res->v, res->l, &res_len);
1292 if (status == kCCSuccess) {
1293 if (res->l != res_len) {
1294 plog(LLV_ERROR, LOCATION, NULL,
1295 "crypt %d %d length mismatch. expected: %zd. got: %zd.\n",
1296 oper, algo, res->l, res_len);
1297 }
1298 return res;
1299 } else {
1300 plog(LLV_ERROR, LOCATION, NULL,
1301 "crypt %d %d error. status %d.\n",
1302 oper, algo, (int)status);
1303 }
1304 vfree(res);
1305 return NULL;
1306}
1307
52b7d2ce
A		 1308/*
1309 * DES-CBC
1310 */
1311vchar_t *
1312eay_des_encrypt(data, key, iv)
1313 vchar_t *data, *key, *iv;
1314{
d1e348cf 1315 return(eay_CCCrypt(kCCEncrypt, kCCAlgorithmDES, 0 /* CBC */, data, key, iv));
52b7d2ce
A		 1316}
1317
1318vchar_t *
1319eay_des_decrypt(data, key, iv)
1320 vchar_t *data, *key, *iv;
1321{
d1e348cf 1322 return(eay_CCCrypt(kCCDecrypt, kCCAlgorithmDES, 0 /* CBC */, data, key, iv));
52b7d2ce
A		 1323}
1324
1325int
1326eay_des_weakkey(key)
1327 vchar_t *key;
1328{
e8d9021d 1329#ifdef HAVE_OPENSSL
52b7d2ce
A		 1330#ifdef USE_NEW_DES_API
1331 return DES_is_weak_key((void *)key->v);
1332#else
1333 return des_is_weak_key((void *)key->v);
1334#endif
e8d9021d
A		 1335#else
1336 return 0;
1337#endif
52b7d2ce
A		 1338}
1339
1340int
1341eay_des_keylen(len)
1342 int len;
1343{
d1e348cf
A		 1344 /* CommonCrypto return lengths in bytes, ipsec-tools
1345 * uses lengths in bits, therefore conversion is required.
1346 */
1347 if (len != 0 && len != (kCCKeySizeDES << 3))
1348 return -1;
1349
1350 return kCCKeySizeDES << 3;
52b7d2ce
A		 1351}
1352
52b7d2ce
A		 1353/*
1354 * 3DES-CBC
1355 */
1356vchar_t *
1357eay_3des_encrypt(data, key, iv)
1358 vchar_t *data, *key, *iv;
1359{
d1e348cf 1360 return(eay_CCCrypt(kCCEncrypt, kCCAlgorithm3DES, 0 /* CBC */, data, key, iv));
52b7d2ce
A		 1361}
1362
1363vchar_t *
1364eay_3des_decrypt(data, key, iv)
1365 vchar_t *data, *key, *iv;
1366{
d1e348cf 1367 return(eay_CCCrypt(kCCDecrypt, kCCAlgorithm3DES, 0 /* CBC */, data, key, iv));
52b7d2ce
A		 1368}
1369
1370int
1371eay_3des_weakkey(key)
1372 vchar_t *key;
1373{
e8d9021d 1374 return 0;
52b7d2ce
A		 1375}
1376
1377int
1378eay_3des_keylen(len)
1379 int len;
1380{
d1e348cf
A		 1381 /* CommonCrypto return lengths in bytes, ipsec-tools
1382 * uses lengths in bits, therefore conversion is required.
1383 */
1384 if (len != 0 && len != (kCCKeySize3DES << 3))
1385 return -1;
1386
1387 return kCCKeySize3DES << 3;
52b7d2ce
A		 1388}
1389
52b7d2ce
A		 1390/*
1391 * AES(RIJNDAEL)-CBC
1392 */
d1e348cf
A		 1393vchar_t *
1394eay_aes_encrypt(data, key, iv)
1395vchar_t *data, *key, *iv;
1396{
1397 return(eay_CCCrypt(kCCEncrypt, kCCAlgorithmAES128 /* adapts to AES-192, or AES-256 depending on the key size*/, 0 /* CBC */, data, key, iv));
1398}
1399
1400vchar_t *
1401eay_aes_decrypt(data, key, iv)
1402vchar_t *data, *key, *iv;
1403{
1404 return(eay_CCCrypt(kCCDecrypt, kCCAlgorithmAES128 /* adapts to AES-192, or AES-256 depending on the key size*/, 0 /* CBC */, data, key, iv));
1405}
1406
1407int
1408eay_aes_keylen(len)
1409int len;
1410{
1411 /* CommonCrypto return lengths in bytes, ipsec-tools
1412 * uses lengths in bits, therefore conversion is required.
1413 */
1414 if (len != 0) {
1415 if (len != (kCCKeySizeAES128 << 3) &&
1416 len != (kCCKeySizeAES192 << 3) &&
1417 len != (kCCKeySizeAES256 << 3))
1418 return -1;
1419 } else {
1420 return kCCKeySizeAES128 << 3;
1421 }
1422 return len;
1423}
1424
d1e348cf
A		 1425
1426int
1427eay_aes_weakkey(key)
1428 vchar_t *key;
1429{
1430 return 0;
1431}
52b7d2ce
A		 1432
1433/* for ipsec part */
1434int
1435eay_null_hashlen()
1436{
1437 return 0;
1438}
1439
52b7d2ce
A		 1440int
1441eay_null_keylen(len)
1442 int len;
1443{
1444 return 0;
1445}
1446
1447/*
1448 * HMAC functions
1449 */
52b7d2ce
A		 1450static caddr_t
1451eay_hmac_init(key, algorithm)
1452 vchar_t *key;
1453 CCHmacAlgorithm algorithm;
1454{
1455 CCHmacContext *c = racoon_malloc(sizeof(*c));
1456
1457 CCHmacInit(c, algorithm, key->v, key->l);
1458
1459 return (caddr_t)c;
1460}
52b7d2ce
A		 1461
1462#ifdef WITH_SHA2
1463/*
1464 * HMAC SHA2-512
1465 */
1466vchar_t *
1467eay_hmacsha2_512_one(key, data)
1468 vchar_t *key, *data;
1469{
1470 vchar_t *res;
1471 caddr_t ctx;
1472
1473 ctx = eay_hmacsha2_512_init(key);
1474 eay_hmacsha2_512_update(ctx, data);
1475 res = eay_hmacsha2_512_final(ctx);
1476
1477 return(res);
1478}
1479
1480caddr_t
1481eay_hmacsha2_512_init(key)
1482 vchar_t *key;
1483{
52b7d2ce 1484 return eay_hmac_init(key, kCCHmacAlgSHA512);
52b7d2ce
A		 1485}
1486
1487void
1488eay_hmacsha2_512_update(c, data)
1489 caddr_t c;
1490 vchar_t *data;
1491{
85f41bec 1492 CCHmacUpdate(ALIGNED_CAST(CCHmacContext *)c, data->v, data->l);
52b7d2ce
A		 1493}
1494
52b7d2ce
A		 1495vchar_t *
1496eay_hmacsha2_512_final(c)
1497 caddr_t c;
1498{
1499 vchar_t *res;
1500
1501 if ((res = vmalloc(CC_SHA512_DIGEST_LENGTH)) == 0)
1502 return NULL;
1503
85f41bec 1504 CCHmacFinal(ALIGNED_CAST(CCHmacContext *)c, res->v);
52b7d2ce
A		 1505 res->l = CC_SHA512_DIGEST_LENGTH;
1506
1507 (void)racoon_free(c);
1508 return(res);
1509}
52b7d2ce
A		 1510
1511/*
1512 * HMAC SHA2-384
1513 */
1514vchar_t *
1515eay_hmacsha2_384_one(key, data)
1516 vchar_t *key, *data;
1517{
1518 vchar_t *res;
1519 caddr_t ctx;
1520
1521 ctx = eay_hmacsha2_384_init(key);
1522 eay_hmacsha2_384_update(ctx, data);
1523 res = eay_hmacsha2_384_final(ctx);
1524
1525 return(res);
1526}
1527
1528caddr_t
1529eay_hmacsha2_384_init(key)
1530 vchar_t *key;
1531{
52b7d2ce 1532 return eay_hmac_init(key, kCCHmacAlgSHA384);
52b7d2ce
A		 1533}
1534
1535void
1536eay_hmacsha2_384_update(c, data)
1537 caddr_t c;
1538 vchar_t *data;
1539{
85f41bec 1540 CCHmacUpdate(ALIGNED_CAST(CCHmacContext *)c, data->v, data->l);
52b7d2ce
A		 1541}
1542
52b7d2ce
A		 1543vchar_t *
1544eay_hmacsha2_384_final(c)
1545 caddr_t c;
1546{
1547 vchar_t *res;
1548
1549 if ((res = vmalloc(CC_SHA384_DIGEST_LENGTH)) == 0)
1550 return NULL;
1551
85f41bec 1552 CCHmacFinal(ALIGNED_CAST(CCHmacContext *)c, res->v);
52b7d2ce
A		 1553 res->l = CC_SHA384_DIGEST_LENGTH;
1554
1555 (void)racoon_free(c);
1556 return(res);
1557}
52b7d2ce
A		 1558
1559/*
1560 * HMAC SHA2-256
1561 */
1562vchar_t *
1563eay_hmacsha2_256_one(key, data)
1564 vchar_t *key, *data;
1565{
1566 vchar_t *res;
1567 caddr_t ctx;
1568
1569 ctx = eay_hmacsha2_256_init(key);
1570 eay_hmacsha2_256_update(ctx, data);
1571 res = eay_hmacsha2_256_final(ctx);
1572
1573 return(res);
1574}
1575
1576caddr_t
1577eay_hmacsha2_256_init(key)
1578 vchar_t *key;
1579{
52b7d2ce 1580 return eay_hmac_init(key, kCCHmacAlgSHA256);
52b7d2ce
A		 1581}
1582
1583void
1584eay_hmacsha2_256_update(c, data)
1585 caddr_t c;
1586 vchar_t *data;
1587{
85f41bec 1588 CCHmacUpdate(ALIGNED_CAST(CCHmacContext *)c, data->v, data->l);
52b7d2ce
A		 1589}
1590
52b7d2ce
A		 1591vchar_t *
1592eay_hmacsha2_256_final(c)
1593 caddr_t c;
1594{
1595 vchar_t *res;
1596
1597 if ((res = vmalloc(CC_SHA256_DIGEST_LENGTH)) == 0)
1598 return NULL;
1599
85f41bec 1600 CCHmacFinal(ALIGNED_CAST(CCHmacContext *)c, res->v);
52b7d2ce
A		 1601 res->l = CC_SHA256_DIGEST_LENGTH;
1602
1603 (void)racoon_free(c);
1604 return(res);
1605}
52b7d2ce
A		 1606#endif /* WITH_SHA2 */
1607
1608/*
1609 * HMAC SHA1
1610 */
1611vchar_t *
1612eay_hmacsha1_one(key, data)
1613 vchar_t *key, *data;
1614{
1615 vchar_t *res;
1616 caddr_t ctx;
1617
1618 ctx = eay_hmacsha1_init(key);
1619 eay_hmacsha1_update(ctx, data);
1620 res = eay_hmacsha1_final(ctx);
1621
1622 return(res);
1623}
1624
1625caddr_t
1626eay_hmacsha1_init(key)
1627 vchar_t *key;
1628{
52b7d2ce 1629 return eay_hmac_init(key, kCCHmacAlgSHA1);
52b7d2ce
A		 1630}
1631
1632void
1633eay_hmacsha1_update(c, data)
1634 caddr_t c;
1635 vchar_t *data;
1636{
85f41bec 1637 CCHmacUpdate(ALIGNED_CAST(CCHmacContext *)c, data->v, data->l);
52b7d2ce
A		 1638}
1639
52b7d2ce
A		 1640vchar_t *
1641eay_hmacsha1_final(c)
1642 caddr_t c;
1643{
1644 vchar_t *res;
1645
1646 if ((res = vmalloc(CC_SHA1_DIGEST_LENGTH)) == 0)
1647 return NULL;
1648
85f41bec 1649 CCHmacFinal(ALIGNED_CAST(CCHmacContext *)c, res->v);
52b7d2ce
A		 1650 res->l = CC_SHA1_DIGEST_LENGTH;
1651
1652 (void)racoon_free(c);
1653 return(res);
1654}
52b7d2ce
A		 1655
1656/*
1657 * HMAC MD5
1658 */
1659vchar_t *
1660eay_hmacmd5_one(key, data)
1661 vchar_t *key, *data;
1662{
1663 vchar_t *res;
1664 caddr_t ctx;
1665
1666 ctx = eay_hmacmd5_init(key);
1667 eay_hmacmd5_update(ctx, data);
1668 res = eay_hmacmd5_final(ctx);
1669
1670 return(res);
1671}
1672
1673caddr_t
1674eay_hmacmd5_init(key)
1675 vchar_t *key;
1676{
52b7d2ce 1677 return eay_hmac_init(key, kCCHmacAlgMD5);
52b7d2ce
A		 1678}
1679
1680void
1681eay_hmacmd5_update(c, data)
1682 caddr_t c;
1683 vchar_t *data;
1684{
85f41bec 1685 CCHmacUpdate(ALIGNED_CAST(CCHmacContext *)c, data->v, data->l);
52b7d2ce
A		 1686}
1687
52b7d2ce
A		 1688vchar_t *
1689eay_hmacmd5_final(c)
1690 caddr_t c;
1691{
1692 vchar_t *res;
1693
1694 if ((res = vmalloc(CC_MD5_DIGEST_LENGTH)) == 0)
1695 return NULL;
1696
85f41bec 1697 CCHmacFinal(ALIGNED_CAST(CCHmacContext *)c, res->v);
52b7d2ce
A		 1698 res->l = CC_MD5_DIGEST_LENGTH;
1699 (void)racoon_free(c);
1700
1701 return(res);
1702}
52b7d2ce 1703
52b7d2ce
A		 1704
1705#ifdef WITH_SHA2
1706/*
1707 * SHA2-512 functions
1708 */
1709caddr_t
1710eay_sha2_512_init()
1711{
1712 SHA512_CTX *c = racoon_malloc(sizeof(*c));
1713
1714 SHA512_Init(c);
1715
1716 return((caddr_t)c);
1717}
1718
1719void
1720eay_sha2_512_update(c, data)
1721 caddr_t c;
1722 vchar_t *data;
1723{
85f41bec 1724 SHA512_Update(ALIGNED_CAST(SHA512_CTX *)c, (unsigned char *) data->v, data->l);
52b7d2ce
A		 1725
1726 return;
1727}
1728
1729vchar_t *
1730eay_sha2_512_final(c)
1731 caddr_t c;
1732{
1733 vchar_t *res;
1734
1735 if ((res = vmalloc(SHA512_DIGEST_LENGTH)) == 0)
1736 return(0);
1737
85f41bec 1738 SHA512_Final((unsigned char *) res->v, ALIGNED_CAST(SHA512_CTX *)c);
52b7d2ce
A		 1739 (void)racoon_free(c);
1740
1741 return(res);
1742}
1743
1744vchar_t *
1745eay_sha2_512_one(data)
1746 vchar_t *data;
1747{
1748 caddr_t ctx;
1749 vchar_t *res;
1750
1751 ctx = eay_sha2_512_init();
1752 eay_sha2_512_update(ctx, data);
1753 res = eay_sha2_512_final(ctx);
1754
1755 return(res);
1756}
1757
1758int
1759eay_sha2_512_hashlen()
1760{
1761 return SHA512_DIGEST_LENGTH << 3;
1762}
1763#endif
1764
1765#ifdef WITH_SHA2
1766/*
1767 * SHA2-384 functions
1768 */
1769
52b7d2ce 1770typedef SHA512_CTX SHA384_CTX;
52b7d2ce
A		 1771
1772caddr_t
1773eay_sha2_384_init()
1774{
1775 SHA384_CTX *c = racoon_malloc(sizeof(*c));
1776
1777 SHA384_Init(c);
1778
1779 return((caddr_t)c);
1780}
1781
1782void
1783eay_sha2_384_update(c, data)
1784 caddr_t c;
1785 vchar_t *data;
1786{
85f41bec 1787 SHA384_Update(ALIGNED_CAST(SHA384_CTX *)c, (unsigned char *) data->v, data->l);
52b7d2ce
A		 1788
1789 return;
1790}
1791
1792vchar_t *
1793eay_sha2_384_final(c)
1794 caddr_t c;
1795{
1796 vchar_t *res;
1797
1798 if ((res = vmalloc(SHA384_DIGEST_LENGTH)) == 0)
1799 return(0);
1800
85f41bec 1801 SHA384_Final((unsigned char *) res->v, ALIGNED_CAST(SHA384_CTX *)c);
52b7d2ce
A		 1802 (void)racoon_free(c);
1803
1804 return(res);
1805}
1806
1807vchar_t *
1808eay_sha2_384_one(data)
1809 vchar_t *data;
1810{
1811 caddr_t ctx;
1812 vchar_t *res;
1813
1814 ctx = eay_sha2_384_init();
1815 eay_sha2_384_update(ctx, data);
1816 res = eay_sha2_384_final(ctx);
1817
1818 return(res);
1819}
1820
1821int
1822eay_sha2_384_hashlen()
1823{
1824 return SHA384_DIGEST_LENGTH << 3;
1825}
1826#endif
1827
1828#ifdef WITH_SHA2
1829/*
1830 * SHA2-256 functions
1831 */
1832caddr_t
1833eay_sha2_256_init()
1834{
1835 SHA256_CTX *c = racoon_malloc(sizeof(*c));
1836
1837 SHA256_Init(c);
1838
1839 return((caddr_t)c);
1840}
1841
1842void
1843eay_sha2_256_update(c, data)
1844 caddr_t c;
1845 vchar_t *data;
1846{
85f41bec 1847 SHA256_Update(ALIGNED_CAST(SHA256_CTX *)c, (unsigned char *) data->v, data->l);
52b7d2ce
A		 1848
1849 return;
1850}
1851
1852vchar_t *
1853eay_sha2_256_final(c)
1854 caddr_t c;
1855{
1856 vchar_t *res;
1857
1858 if ((res = vmalloc(SHA256_DIGEST_LENGTH)) == 0)
1859 return(0);
1860
85f41bec 1861 SHA256_Final((unsigned char *) res->v, ALIGNED_CAST(SHA256_CTX *)c);
52b7d2ce
A		 1862 (void)racoon_free(c);
1863
1864 return(res);
1865}
1866
1867vchar_t *
1868eay_sha2_256_one(data)
1869 vchar_t *data;
1870{
1871 caddr_t ctx;
1872 vchar_t *res;
1873
1874 ctx = eay_sha2_256_init();
1875 eay_sha2_256_update(ctx, data);
1876 res = eay_sha2_256_final(ctx);
1877
1878 return(res);
1879}
1880
1881int
1882eay_sha2_256_hashlen()
1883{
1884 return SHA256_DIGEST_LENGTH << 3;
1885}
1886#endif
1887
1888/*
1889 * SHA functions
1890 */
1891caddr_t
1892eay_sha1_init()
1893{
1894 SHA_CTX *c = racoon_malloc(sizeof(*c));
1895
1896 SHA1_Init(c);
1897
1898 return((caddr_t)c);
1899}
1900
1901void
1902eay_sha1_update(c, data)
1903 caddr_t c;
1904 vchar_t *data;
1905{
85f41bec 1906 SHA1_Update(ALIGNED_CAST(SHA_CTX *)c, data->v, data->l);
52b7d2ce
A		 1907
1908 return;
1909}
1910
1911vchar_t *
1912eay_sha1_final(c)
1913 caddr_t c;
1914{
1915 vchar_t *res;
1916
1917 if ((res = vmalloc(SHA_DIGEST_LENGTH)) == 0)
1918 return(0);
1919
85f41bec 1920 SHA1_Final((unsigned char *) res->v, ALIGNED_CAST(SHA_CTX *)c);
52b7d2ce
A		 1921 (void)racoon_free(c);
1922
1923 return(res);
1924}
1925
1926vchar_t *
1927eay_sha1_one(data)
1928 vchar_t *data;
1929{
1930 caddr_t ctx;
1931 vchar_t *res;
1932
1933 ctx = eay_sha1_init();
1934 eay_sha1_update(ctx, data);
1935 res = eay_sha1_final(ctx);
1936
1937 return(res);
1938}
1939
1940int
1941eay_sha1_hashlen()
1942{
1943 return SHA_DIGEST_LENGTH << 3;
1944}
1945
1946/*
1947 * MD5 functions
1948 */
1949caddr_t
1950eay_md5_init()
1951{
1952 MD5_CTX *c = racoon_malloc(sizeof(*c));
1953
1954 MD5_Init(c);
1955
1956 return((caddr_t)c);
1957}
1958
1959void
1960eay_md5_update(c, data)
1961 caddr_t c;
1962 vchar_t *data;
1963{
85f41bec 1964 MD5_Update(ALIGNED_CAST(MD5_CTX *)c, data->v, data->l);
52b7d2ce
A		 1965
1966 return;
1967}
1968
1969vchar_t *
1970eay_md5_final(c)
1971 caddr_t c;
1972{
1973 vchar_t *res;
1974
1975 if ((res = vmalloc(MD5_DIGEST_LENGTH)) == 0)
1976 return(0);
1977
85f41bec 1978 MD5_Final((unsigned char *) res->v, ALIGNED_CAST(MD5_CTX *)c);
52b7d2ce
A		 1979 (void)racoon_free(c);
1980
1981 return(res);
1982}
1983
1984vchar_t *
1985eay_md5_one(data)
1986 vchar_t *data;
1987{
1988 caddr_t ctx;
1989 vchar_t *res;
1990
1991 ctx = eay_md5_init();
1992 eay_md5_update(ctx, data);
1993 res = eay_md5_final(ctx);
1994
1995 return(res);
1996}
1997
1998int
1999eay_md5_hashlen()
2000{
2001 return MD5_DIGEST_LENGTH << 3;
2002}
2003
e8d9021d
A		 2004
2005#ifdef HAVE_OPENSSL
52b7d2ce
A		 2006/*
2007 * eay_set_random
2008 * size: number of bytes.
2009 */
2010vchar_t *
2011eay_set_random(size)
2012 u_int32_t size;
2013{
2014 BIGNUM *r = NULL;
2015 vchar_t *res = 0;
2016
2017 if ((r = BN_new()) == NULL)
2018 goto end;
2019 BN_rand(r, size * 8, 0, 0);
2020 eay_bn2v(&res, r);
2021
2022end:
2023 if (r)
2024 BN_free(r);
2025 return(res);
2026}
e8d9021d
A		 2027#else
2028vchar_t *
2029eay_set_random(u_int32_t size)
2030{
2031 vchar_t *res = vmalloc(size);
2032
2033 if (res == NULL)
2034 return NULL;
2035
2036 if (SecRandomCopyBytes(kSecRandomDefault, size, res->v)) {
2037 vfree(res);
2038 return NULL;
2039 }
2040
2041 return res;
2042}
2043#endif
52b7d2ce 2044
e8d9021d 2045#ifdef HAVE_OPENSSL
52b7d2ce
A		 2046/* DH */
2047int
2048eay_dh_generate(prime, g, publen, pub, priv)
2049 vchar_t *prime, **pub, **priv;
2050 u_int publen;
2051 u_int32_t g;
2052{
2053 BIGNUM *p = NULL;
2054 DH *dh = NULL;
2055 int error = -1;
2056
2057 /* initialize */
2058 /* pre-process to generate number */
2059 if (eay_v2bn(&p, prime) < 0)
2060 goto end;
2061
2062 if ((dh = DH_new()) == NULL)
2063 goto end;
2064 dh->p = p;
2065 p = NULL; /* p is now part of dh structure */
2066 dh->g = NULL;
2067 if ((dh->g = BN_new()) == NULL)
2068 goto end;
2069 if (!BN_set_word(dh->g, g))
2070 goto end;
2071
2072 if (publen != 0)
2073 dh->length = publen;
2074
2075 /* generate public and private number */
2076 if (!DH_generate_key(dh))
2077 goto end;
2078
2079 /* copy results to buffers */
2080 if (eay_bn2v(pub, dh->pub_key) < 0)
2081 goto end;
2082 if (eay_bn2v(priv, dh->priv_key) < 0) {
2083 vfree(*pub);
2084 goto end;
2085 }
2086
2087 error = 0;
2088
2089end:
2090 if (dh != NULL)
2091 DH_free(dh);
2092 if (p != 0)
2093 BN_free(p);
2094 return(error);
2095}
2096
2097int
2098eay_dh_compute(prime, g, pub, priv, pub2, key)
2099 vchar_t *prime, *pub, *priv, *pub2, **key;
2100 u_int32_t g;
2101{
2102 BIGNUM *dh_pub = NULL;
2103 DH *dh = NULL;
2104 int l;
2105 unsigned char *v = NULL;
2106 int error = -1;
2107
2108 /* make public number to compute */
2109 if (eay_v2bn(&dh_pub, pub2) < 0)
2110 goto end;
2111
2112 /* make DH structure */
2113 if ((dh = DH_new()) == NULL)
2114 goto end;
2115 if (eay_v2bn(&dh->p, prime) < 0)
2116 goto end;
2117 if (eay_v2bn(&dh->pub_key, pub) < 0)
2118 goto end;
2119 if (eay_v2bn(&dh->priv_key, priv) < 0)
2120 goto end;
2121 dh->length = pub2->l * 8;
2122
2123 dh->g = NULL;
2124 if ((dh->g = BN_new()) == NULL)
2125 goto end;
2126 if (!BN_set_word(dh->g, g))
2127 goto end;
2128
2129 if ((v = racoon_calloc(prime->l, sizeof(u_char))) == NULL)
2130 goto end;
2131 if ((l = DH_compute_key(v, dh_pub, dh)) == -1)
2132 goto end;
2133 memcpy((*key)->v + (prime->l - l), v, l);
2134
2135 error = 0;
2136
2137end:
2138 if (dh_pub != NULL)
2139 BN_free(dh_pub);
2140 if (dh != NULL)
2141 DH_free(dh);
2142 if (v != NULL)
2143 racoon_free(v);
2144 return(error);
2145}
2146
2147/*
2148 * convert vchar_t <-> BIGNUM.
2149 *
2150 * vchar_t: unit is u_char, network endian, most significant byte first.
2151 * BIGNUM: unit is BN_ULONG, each of BN_ULONG is in host endian,
2152 * least significant BN_ULONG must come first.
2153 *
2154 * hex value of "0x3ffe050104" is represented as follows:
2155 * vchar_t: 3f fe 05 01 04
2156 * BIGNUM (BN_ULONG = u_int8_t): 04 01 05 fe 3f
2157 * BIGNUM (BN_ULONG = u_int16_t): 0x0104 0xfe05 0x003f
2158 * BIGNUM (BN_ULONG = u_int32_t_t): 0xfe050104 0x0000003f
2159 */
2160int
2161eay_v2bn(bn, var)
2162 BIGNUM **bn;
2163 vchar_t *var;
2164{
2165 if ((*bn = BN_bin2bn((unsigned char *) var->v, var->l, NULL)) == NULL)
2166 return -1;
2167
2168 return 0;
2169}
2170
2171int
2172eay_bn2v(var, bn)
2173 vchar_t **var;
2174 BIGNUM *bn;
2175{
2176 *var = vmalloc(bn->top * BN_BYTES);
2177 if (*var == NULL)
2178 return(-1);
2179
2180 (*var)->l = BN_bn2bin(bn, (unsigned char *) (*var)->v);
2181
2182 return 0;
2183}
2184
2185void
2186eay_init()
2187{
2188 OpenSSL_add_all_algorithms();
2189 ERR_load_crypto_strings();
2190#ifdef HAVE_OPENSSL_ENGINE_H
2191 ENGINE_load_builtin_engines();
2192 ENGINE_register_all_complete();
2193#endif
2194}
2195
2196vchar_t *
2197base64_decode(char *in, long inlen)
2198{
2199 BIO *bio=NULL, *b64=NULL;
2200 vchar_t *res = NULL;
d1e348cf 2201 char *outb;
52b7d2ce
A		 2202 long outlen;
2203
d1e348cf
A		 2204 outb = malloc(inlen * 2);
2205 if (outb == NULL)
2206 goto out;
52b7d2ce
A		 2207 bio = BIO_new_mem_buf(in, inlen);
2208 b64 = BIO_new(BIO_f_base64());
2209 BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
2210 bio = BIO_push(b64, bio);
2211
d1e348cf 2212 outlen = BIO_read(bio, outb, inlen * 2);
52b7d2ce
A		 2213 if (outlen <= 0) {
2214 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
2215 goto out;
2216 }
2217
2218 res = vmalloc(outlen);
2219 if (!res)
2220 goto out;
2221
d1e348cf 2222 memcpy(res->v, outb, outlen);
52b7d2ce
A		 2223
2224out:
d1e348cf
A		 2225 if (outb)
2226 free(outb);
52b7d2ce
A		 2227 if (bio)
2228 BIO_free_all(bio);
2229
2230 return res;
2231}
2232
2233vchar_t *
2234base64_encode(char *in, long inlen)
2235{
2236 BIO *bio=NULL, *b64=NULL;
2237 char *ptr;
2238 long plen = -1;
2239 vchar_t *res = NULL;
2240
2241 bio = BIO_new(BIO_s_mem());
2242 b64 = BIO_new(BIO_f_base64());
2243 BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
2244 bio = BIO_push(b64, bio);
2245
2246 BIO_write(bio, in, inlen);
2247 BIO_flush(bio);
2248
2249 plen = BIO_get_mem_data(bio, &ptr);
2250 res = vmalloc(plen+1);
2251 if (!res)
2252 goto out;
2253
2254 memcpy (res->v, ptr, plen);
2255 res->v[plen] = '\0';
2256
2257out:
2258 if (bio)
2259 BIO_free_all(bio);
2260
2261 return res;
2262}
2263
2264static RSA *
2265binbuf_pubkey2rsa(vchar_t *binbuf)
2266{
2267 BIGNUM *exp, *mod;
2268 RSA *rsa_pub = NULL;
2269
2270 if (binbuf->v[0] > binbuf->l - 1) {
2271 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: decoded string doesn't make sense.\n");
2272 goto out;
2273 }
2274
2275 exp = BN_bin2bn((unsigned char *) (binbuf->v + 1), binbuf->v[0], NULL);
2276 mod = BN_bin2bn((unsigned char *) (binbuf->v + binbuf->v[0] + 1),
2277 binbuf->l - binbuf->v[0] - 1, NULL);
2278 rsa_pub = RSA_new();
2279
2280 if (!exp || !mod || !rsa_pub) {
2281 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey parsing error: %s\n", eay_strerror());
2282 if (exp)
2283 BN_free(exp);
2284 if (mod)
2285 BN_free(exp);
2286 if (rsa_pub)
2287 RSA_free(rsa_pub);
2288 rsa_pub = NULL;
2289 goto out;
2290 }
2291
2292 rsa_pub->n = mod;
2293 rsa_pub->e = exp;
2294
2295out:
2296 return rsa_pub;
2297}
2298
2299RSA *
2300base64_pubkey2rsa(char *in)
2301{
2302 BIGNUM *exp, *mod;
2303 RSA *rsa_pub = NULL;
2304 vchar_t *binbuf;
2305
2306 if (strncmp(in, "0s", 2) != 0) {
2307 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: doesn't start with '0s'\n");
2308 return NULL;
2309 }
2310
2311 binbuf = base64_decode(in + 2, strlen(in + 2));
2312 if (!binbuf) {
2313 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: Base64 decoding failed.\n");
2314 return NULL;
2315 }
2316
2317 if (binbuf->v[0] > binbuf->l - 1) {
2318 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: decoded string doesn't make sense.\n");
2319 goto out;
2320 }
2321
2322 rsa_pub = binbuf_pubkey2rsa(binbuf);
2323
2324out:
2325 if (binbuf)
2326 vfree(binbuf);
2327
2328 return rsa_pub;
2329}
2330
2331RSA *
2332bignum_pubkey2rsa(BIGNUM *in)
2333{
2334 RSA *rsa_pub = NULL;
2335 vchar_t *binbuf;
2336
2337 binbuf = vmalloc(BN_num_bytes(in));
2338 if (!binbuf) {
2339 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey conversion: memory allocation failed..\n");
2340 return NULL;
2341 }
2342
2343 BN_bn2bin(in, (unsigned char *) binbuf->v);
2344
2345 rsa_pub = binbuf_pubkey2rsa(binbuf);
2346
2347out:
2348 if (binbuf)
2349 vfree(binbuf);
2350
2351 return rsa_pub;
2352}
e8d9021d 2353#endif /* HAVE_OPENSSL */
52b7d2ce
A		 2354
2355u_int32_t
2356eay_random()
2357{
2358 u_int32_t result;
2359 vchar_t *vrand;
2360
2361 vrand = eay_set_random(sizeof(result));
2362 memcpy(&result, vrand->v, sizeof(result));
2363 vfree(vrand);
2364
2365 return result;
2366}
2367
e8d9021d 2368#ifdef HAVE_OPENSSL
52b7d2ce
A		 2369const char *
2370eay_version()
2371{
2372 return SSLeay_version(SSLEAY_VERSION);
2373}
e8d9021d 2374#endif
mirror of ipsec