]> git.saurik.com Git - apple/ipsec.git/blob - ipsec-tools/racoon/crypto_openssl.c
projects / apple / ipsec.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
ipsec-34.0.1.tar.gz
[apple/ipsec.git] / ipsec-tools / racoon / crypto_openssl.c
1 /* $Id: crypto_openssl.c,v 1.40.4.5 2005/07/12 11:50:15 manubsd Exp $ */
2
3 /*
4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the project nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 */
31
32 #include "config.h"
33
34 #ifdef __APPLE__
35 #define COMMON_DIGEST_FOR_OPENSSL 1
36 #endif
37
38 #include <sys/types.h>
39 #include <sys/param.h>
40
41 #include <stdlib.h>
42 #include <stdio.h>
43 #include <limits.h>
44 #include <string.h>
45
46 /* get openssl/ssleay version number */
47 #include <openssl/opensslv.h>
48
49 #if !defined(OPENSSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x0090602fL)
50 #error OpenSSL version 0.9.6 or later required.
51 #endif
52
53 #include <openssl/pem.h>
54 #include <openssl/evp.h>
55 #include <openssl/x509.h>
56 #include <openssl/x509v3.h>
57 #include <openssl/x509_vfy.h>
58 #include <openssl/bn.h>
59 #include <openssl/dh.h>
60 #ifdef __APPLE__
61 #include <CommonCrypto/CommonDigest.h>
62 #include <CommonCrypto/CommonHMAC.h>
63 #else
64 #include <openssl/md5.h>
65 #include <openssl/sha.h>
66 #include <openssl/hmac.h>
67 #endif
68 #include <openssl/des.h>
69 #include <openssl/crypto.h>
70 #ifdef HAVE_OPENSSL_ENGINE_H
71 #include <openssl/engine.h>
72 #endif
73 #include <openssl/blowfish.h>
74 #include <openssl/cast.h>
75 #include <openssl/err.h>
76 #ifdef HAVE_OPENSSL_RC5_H
77 #include <openssl/rc5.h>
78 #endif
79 #ifdef HAVE_OPENSSL_IDEA_H
80 #include <openssl/idea.h>
81 #endif
82 #if defined(HAVE_OPENSSL_AES_H)
83 #include <openssl/aes.h>
84 #elif defined(HAVE_OPENSSL_RIJNDAEL_H)
85 #include <openssl/rijndael.h>
86 #else
87 #include "crypto/rijndael/rijndael-api-fst.h"
88 #endif
89 #ifdef WITH_SHA2
90 #ifndef __APPLE__
91 #ifdef HAVE_OPENSSL_SHA2_H
92 #include <openssl/sha2.h>
93 #endif
94 #endif
95 #endif
96
97 /* 0.9.7 stuff? */
98 #if OPENSSL_VERSION_NUMBER < 0x0090700fL
99 typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES;
100 #else
101 #define USE_NEW_DES_API
102 #endif
103
104 #define OpenSSL_BUG() do { plog(LLV_ERROR, LOCATION, NULL, "OpenSSL function failed\n"); } while(0)
105
106 #include "var.h"
107 #include "misc.h"
108 #include "vmbuf.h"
109 #include "plog.h"
110 #include "crypto_openssl.h"
111 #include "debug.h"
112 #include "gcmalloc.h"
113
114
115 /*
116 * I hate to cast every parameter to des_xx into void *, but it is
117 * necessary for SSLeay/OpenSSL portability. It sucks.
118 */
119
120 static int cb_check_cert_local __P((int, X509_STORE_CTX *));
121 static int cb_check_cert_remote __P((int, X509_STORE_CTX *));
122 static X509 *mem2x509 __P((vchar_t *));
123
124 #ifdef __APPLE__
125 static caddr_t eay_hmac_init __P((vchar_t *, CCHmacAlgorithm));
126 #else
127 static caddr_t eay_hmac_init __P((vchar_t *, const EVP_MD *));
128 #endif
129
130 /* X509 Certificate */
131 /*
132 * convert the string of the subject name into DER
133 * e.g. str = "C=JP, ST=Kanagawa";
134 */
135 vchar_t *
136 eay_str2asn1dn(str, len)
137 const char *str;
138 int len;
139 {
140 X509_NAME *name;
141 char *buf;
142 char *field, *value;
143 int i, j;
144 vchar_t *ret;
145 caddr_t p;
146
147 if (len == -1)
148 len = strlen(str);
149
150 buf = racoon_malloc(len + 1);
151 if (!buf) {
152 printf("failed to allocate buffer\n");
153 return NULL;
154 }
155 memcpy(buf, str, len);
156
157 name = X509_NAME_new();
158
159 field = &buf[0];
160 value = NULL;
161 for (i = 0; i < len; i++) {
162 if (!value && buf[i] == '=') {
163 buf[i] = '\0';
164 value = &buf[i + 1];
165 continue;
166 } else if (buf[i] == ',' || buf[i] == '/') {
167 buf[i] = '\0';
168
169 plog(LLV_DEBUG, LOCATION, NULL, "DN: %s=%s\n",
170 field, value);
171
172 if (!value) goto err;
173 if (!X509_NAME_add_entry_by_txt(name, field,
174 (value[0] == '*' && value[1] == 0) ?
175 V_ASN1_PRINTABLESTRING : MBSTRING_ASC,
176 (unsigned char *) value, -1, -1, 0)) {
177 plog(LLV_ERROR, LOCATION, NULL,
178 "Invalid DN field: %s=%s\n",
179 field, value);
180 plog(LLV_ERROR, LOCATION, NULL,
181 "%s\n", eay_strerror());
182 goto err;
183 }
184 for (j = i + 1; j < len; j++) {
185 if (buf[j] != ' ')
186 break;
187 }
188 field = &buf[j];
189 value = NULL;
190 continue;
191 }
192 }
193 buf[len] = '\0';
194
195 plog(LLV_DEBUG, LOCATION, NULL, "DN: %s=%s\n",
196 field, value);
197
198 if (!value) goto err;
199 if (!X509_NAME_add_entry_by_txt(name, field,
200 (value[0] == '*' && value[1] == 0) ?
201 V_ASN1_PRINTABLESTRING : MBSTRING_ASC,
202 (unsigned char *) value, -1, -1, 0)) {
203 plog(LLV_ERROR, LOCATION, NULL,
204 "Invalid DN field: %s=%s\n",
205 field, value);
206 plog(LLV_ERROR, LOCATION, NULL,
207 "%s\n", eay_strerror());
208 goto err;
209 }
210
211 i = i2d_X509_NAME(name, NULL);
212 if (!i)
213 goto err;
214 ret = vmalloc(i);
215 if (!ret)
216 goto err;
217 p = ret->v;
218 i = i2d_X509_NAME(name, (void *)&p);
219 if (!i)
220 goto err;
221
222 return ret;
223
224 err:
225 if (buf)
226 racoon_free(buf);
227 if (name)
228 X509_NAME_free(name);
229 return NULL;
230 }
231
232 /*
233 * convert the hex string of the subject name into DER
234 */
235 vchar_t *
236 eay_hex2asn1dn(const char *hex, int len)
237 {
238 BIGNUM *bn = BN_new();
239 char *binbuf;
240 size_t binlen;
241 vchar_t *ret = NULL;
242
243 if (len == -1)
244 len = strlen(hex);
245
246 if (BN_hex2bn(&bn, hex) != len) {
247 plog(LLV_ERROR, LOCATION, NULL,
248 "conversion of Hex-encoded ASN1 string to binary failed: %s\n",
249 eay_strerror());
250 goto out;
251 }
252
253 binlen = BN_num_bytes(bn);
254 ret = vmalloc(binlen);
255 if (!ret) {
256 printf("failed to allocate buffer\n");
257 return NULL;
258 }
259 binbuf = ret->v;
260
261 BN_bn2bin(bn, (unsigned char *) binbuf);
262
263 out:
264 BN_free(bn);
265
266 return ret;
267 }
268
269 /*
270 * The following are derived from code in crypto/x509/x509_cmp.c
271 * in OpenSSL0.9.7c:
272 * X509_NAME_wildcmp() adds wildcard matching to the original
273 * X509_NAME_cmp(), nocase_cmp() and nocase_spacenorm_cmp() are as is.
274 */
275 #include <ctype.h>
276 /* Case insensitive string comparision */
277 static int nocase_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
278 {
279 int i;
280
281 if (a->length != b->length)
282 return (a->length - b->length);
283
284 for (i=0; i<a->length; i++)
285 {
286 int ca, cb;
287
288 ca = tolower(a->data[i]);
289 cb = tolower(b->data[i]);
290
291 if (ca != cb)
292 return(ca-cb);
293 }
294 return 0;
295 }
296
297 /* Case insensitive string comparision with space normalization
298 * Space normalization - ignore leading, trailing spaces,
299 * multiple spaces between characters are replaced by single space
300 */
301 static int nocase_spacenorm_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
302 {
303 unsigned char *pa = NULL, *pb = NULL;
304 int la, lb;
305
306 la = a->length;
307 lb = b->length;
308 pa = a->data;
309 pb = b->data;
310
311 /* skip leading spaces */
312 while (la > 0 && isspace(*pa))
313 {
314 la--;
315 pa++;
316 }
317 while (lb > 0 && isspace(*pb))
318 {
319 lb--;
320 pb++;
321 }
322
323 /* skip trailing spaces */
324 while (la > 0 && isspace(pa[la-1]))
325 la--;
326 while (lb > 0 && isspace(pb[lb-1]))
327 lb--;
328
329 /* compare strings with space normalization */
330 while (la > 0 && lb > 0)
331 {
332 int ca, cb;
333
334 /* compare character */
335 ca = tolower(*pa);
336 cb = tolower(*pb);
337 if (ca != cb)
338 return (ca - cb);
339
340 pa++; pb++;
341 la--; lb--;
342
343 if (la <= 0 || lb <= 0)
344 break;
345
346 /* is white space next character ? */
347 if (isspace(*pa) && isspace(*pb))
348 {
349 /* skip remaining white spaces */
350 while (la > 0 && isspace(*pa))
351 {
352 la--;
353 pa++;
354 }
355 while (lb > 0 && isspace(*pb))
356 {
357 lb--;
358 pb++;
359 }
360 }
361 }
362 if (la > 0 || lb > 0)
363 return la - lb;
364
365 return 0;
366 }
367
368 static int X509_NAME_wildcmp(const X509_NAME *a, const X509_NAME *b)
369 {
370 int i,j;
371 X509_NAME_ENTRY *na,*nb;
372
373 if (sk_X509_NAME_ENTRY_num(a->entries)
374 != sk_X509_NAME_ENTRY_num(b->entries))
375 return sk_X509_NAME_ENTRY_num(a->entries)
376 -sk_X509_NAME_ENTRY_num(b->entries);
377 for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
378 {
379 na=sk_X509_NAME_ENTRY_value(a->entries,i);
380 nb=sk_X509_NAME_ENTRY_value(b->entries,i);
381 j=OBJ_cmp(na->object,nb->object);
382 if (j) return(j);
383 if ((na->value->length == 1 && na->value->data[0] == '*')
384 || (nb->value->length == 1 && nb->value->data[0] == '*'))
385 continue;
386 j=na->value->type-nb->value->type;
387 if (j) return(j);
388 if (na->value->type == V_ASN1_PRINTABLESTRING)
389 j=nocase_spacenorm_cmp(na->value, nb->value);
390 else if (na->value->type == V_ASN1_IA5STRING
391 && OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress)
392 j=nocase_cmp(na->value, nb->value);
393 else
394 {
395 j=na->value->length-nb->value->length;
396 if (j) return(j);
397 j=memcmp(na->value->data,nb->value->data,
398 na->value->length);
399 }
400 if (j) return(j);
401 j=na->set-nb->set;
402 if (j) return(j);
403 }
404
405 return(0);
406 }
407
408 /*
409 * compare two subjectNames.
410 * OUT: 0: equal
411 * positive:
412 * -1: other error.
413 */
414 int
415 eay_cmp_asn1dn(n1, n2)
416 vchar_t *n1, *n2;
417 {
418 X509_NAME *a = NULL, *b = NULL;
419 caddr_t p;
420 int i = -1;
421
422 p = n1->v;
423 if (!d2i_X509_NAME(&a, (void *)&p, n1->l))
424 goto end;
425 p = n2->v;
426 if (!d2i_X509_NAME(&b, (void *)&p, n2->l))
427 goto end;
428
429 i = X509_NAME_wildcmp(a, b);
430
431 end:
432 if (a)
433 X509_NAME_free(a);
434 if (b)
435 X509_NAME_free(b);
436 return i;
437 }
438
439 /*
440 * this functions is derived from apps/verify.c in OpenSSL0.9.5
441 */
442 int
443 eay_check_x509cert(cert, CApath, CAfile, local)
444 vchar_t *cert;
445 char *CApath;
446 char *CAfile;
447 int local;
448 {
449 X509_STORE *cert_ctx = NULL;
450 X509_LOOKUP *lookup = NULL;
451 X509 *x509 = NULL;
452 X509_STORE_CTX *csc;
453 int error = -1;
454
455 cert_ctx = X509_STORE_new();
456 if (cert_ctx == NULL)
457 goto end;
458
459 if (local)
460 X509_STORE_set_verify_cb_func(cert_ctx, cb_check_cert_local);
461 else
462 X509_STORE_set_verify_cb_func(cert_ctx, cb_check_cert_remote);
463
464 lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file());
465 if (lookup == NULL)
466 goto end;
467
468 X509_LOOKUP_load_file(lookup, CAfile,
469 (CAfile == NULL) ? X509_FILETYPE_DEFAULT : X509_FILETYPE_PEM);
470
471 lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_hash_dir());
472 if (lookup == NULL)
473 goto end;
474 error = X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM);
475 if(!error) {
476 error = -1;
477 goto end;
478 }
479 error = -1; /* initialized */
480
481 /* read the certificate to be verified */
482 x509 = mem2x509(cert);
483 if (x509 == NULL)
484 goto end;
485
486 csc = X509_STORE_CTX_new();
487 if (csc == NULL)
488 goto end;
489 X509_STORE_CTX_init(csc, cert_ctx, x509, NULL);
490 #if OPENSSL_VERSION_NUMBER >= 0x00907000L
491 X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CRL_CHECK);
492 X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CRL_CHECK_ALL);
493 #endif
494 error = X509_verify_cert(csc);
495 X509_STORE_CTX_cleanup(csc);
496
497 /*
498 * if x509_verify_cert() is successful then the value of error is
499 * set non-zero.
500 */
501 error = error ? 0 : -1;
502
503 end:
504 if (error)
505 printf("%s\n", eay_strerror());
506 if (cert_ctx != NULL)
507 X509_STORE_free(cert_ctx);
508 if (x509 != NULL)
509 X509_free(x509);
510
511 return(error);
512 }
513
514 /*
515 * callback function for verifing certificate.
516 * this function is derived from cb() in openssl/apps/s_server.c
517 */
518 static int
519 cb_check_cert_local(ok, ctx)
520 int ok;
521 X509_STORE_CTX *ctx;
522 {
523 char buf[256];
524 int log_tag;
525
526 if (!ok) {
527 X509_NAME_oneline(
528 X509_get_subject_name(ctx->current_cert),
529 buf,
530 256);
531 /*
532 * since we are just checking the certificates, it is
533 * ok if they are self signed. But we should still warn
534 * the user.
535 */
536 switch (ctx->error) {
537 case X509_V_ERR_CERT_HAS_EXPIRED:
538 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
539 case X509_V_ERR_INVALID_CA:
540 case X509_V_ERR_PATH_LENGTH_EXCEEDED:
541 case X509_V_ERR_INVALID_PURPOSE:
542 case X509_V_ERR_UNABLE_TO_GET_CRL:
543 ok = 1;
544 log_tag = LLV_WARNING;
545 break;
546 default:
547 log_tag = LLV_ERROR;
548 }
549 plog(log_tag, LOCATION, NULL,
550 "%s(%d) at depth:%d SubjectName:%s\n",
551 X509_verify_cert_error_string(ctx->error),
552 ctx->error,
553 ctx->error_depth,
554 buf);
555 }
556 ERR_clear_error();
557
558 return ok;
559 }
560
561 /*
562 * callback function for verifing remote certificates.
563 * this function is derived from cb() in openssl/apps/s_server.c
564 */
565 static int
566 cb_check_cert_remote(ok, ctx)
567 int ok;
568 X509_STORE_CTX *ctx;
569 {
570 char buf[256];
571 int log_tag;
572
573 if (!ok) {
574 X509_NAME_oneline(
575 X509_get_subject_name(ctx->current_cert),
576 buf,
577 256);
578 switch (ctx->error) {
579 case X509_V_ERR_UNABLE_TO_GET_CRL:
580 ok = 1;
581 log_tag = LLV_WARNING;
582 break;
583 default:
584 log_tag = LLV_ERROR;
585 }
586 plog(log_tag, LOCATION, NULL,
587 "%s(%d) at depth:%d SubjectName:%s\n",
588 X509_verify_cert_error_string(ctx->error),
589 ctx->error,
590 ctx->error_depth,
591 buf);
592 }
593 ERR_clear_error();
594
595 return ok;
596 }
597
598 /*
599 * get a subjectAltName from X509 certificate.
600 */
601 vchar_t *
602 eay_get_x509asn1subjectname(cert)
603 vchar_t *cert;
604 {
605 X509 *x509 = NULL;
606 u_char *bp;
607 vchar_t *name = NULL;
608 int len;
609 int error = -1;
610
611 bp = (unsigned char *) cert->v;
612
613 x509 = mem2x509(cert);
614 if (x509 == NULL)
615 goto end;
616
617 /* get the length of the name */
618 len = i2d_X509_NAME(x509->cert_info->subject, NULL);
619 name = vmalloc(len);
620 if (!name)
621 goto end;
622 /* get the name */
623 bp = (unsigned char *) name->v;
624 len = i2d_X509_NAME(x509->cert_info->subject, &bp);
625
626 error = 0;
627
628 end:
629 if (error) {
630 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
631 if (name) {
632 vfree(name);
633 name = NULL;
634 }
635 }
636 if (x509)
637 X509_free(x509);
638
639 return name;
640 }
641
642 #ifdef __APPLE__
643
644 /*
645 * Get the common name from a cert
646 */
647 #define EAY_MAX_CN_LEN 256
648 vchar_t *
649 eay_get_x509_common_name(cert)
650 vchar_t *cert;
651 {
652 X509 *x509 = NULL;
653 X509_NAME *name;
654 vchar_t *commonName = NULL;
655
656 commonName = vmalloc(EAY_MAX_CN_LEN);
657 if (commonName == NULL) {
658 plog(LLV_ERROR, LOCATION, NULL, "no memory\n");
659 return NULL;
660 }
661
662 x509 = mem2x509(cert);
663 if (x509 == NULL) {
664 vfree(commonName);
665 return NULL;
666 }
667
668 name = X509_get_subject_name(x509);
669 X509_NAME_get_text_by_NID(name, NID_commonName, commonName->v, EAY_MAX_CN_LEN);
670
671 commonName->l = strlen(commonName->v);
672
673 if (x509)
674 X509_free(x509);
675 return commonName;
676 }
677
678 /*
679 * get the subjectAltName from X509 certificate.
680 * the name must be terminated by '\0'.
681 */
682 int
683 eay_get_x509subjectaltname(cert, altname, type, pos, len)
684 vchar_t *cert;
685 char **altname;
686 int *type;
687 int pos;
688 int *len;
689 {
690 X509 *x509 = NULL;
691 int i;
692 GENERAL_NAMES *gens;
693 GENERAL_NAME *gen;
694 int error = -1;
695
696 *altname = NULL;
697 *type = GENT_OTHERNAME;
698
699 x509 = mem2x509(cert);
700 if (x509 == NULL)
701 goto end;
702
703 gens = X509_get_ext_d2i(x509, NID_subject_alt_name, NULL, NULL);
704 if (gens == NULL)
705 goto end;
706
707 for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
708 if (i + 1 != pos)
709 continue;
710 break;
711 }
712
713 /* there is no data at "pos" */
714 if (i == sk_GENERAL_NAME_num(gens))
715 goto end;
716
717 gen = sk_GENERAL_NAME_value(gens, i);
718
719 /* make sure the data is terminated by '\0'. */
720 if (gen->d.ia5->data[gen->d.ia5->length] != '\0') {
721 plog(LLV_ERROR, LOCATION, NULL,
722 "data is not terminated by 0.");
723 hexdump(gen->d.ia5->data, gen->d.ia5->length + 1);
724 goto end;
725 }
726
727 /* read DNSName / Email */
728 if (gen->type == GEN_DNS ||
729 gen->type == GEN_EMAIL ||
730 gen->type == GEN_URI) {
731
732 *len = gen->d.ia5->length + 1;
733 *altname = racoon_malloc(*len);
734 if (!*altname)
735 goto end;
736
737 strlcpy(*altname, (const char *)gen->d.ia5->data, *len);
738 *type = gen->type;
739
740 error = 0;
741 } else if (gen->type == GEN_IPADD) {
742
743 *len = gen->d.ia5->length + 1;
744 *altname = racoon_malloc(*len);
745 if (!*altname)
746 goto end;
747
748 memcpy(*altname, (const char *)gen->d.ia5->data, *len);
749 *type = gen->type;
750
751 error = 0;
752 }
753
754 end:
755 if (error) {
756 if (*altname) {
757 racoon_free(*altname);
758 *altname = NULL;
759 }
760 #ifndef EAYDEBUG
761 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
762 #else
763 printf("%s\n", eay_strerror());
764 #endif
765 }
766 if (x509)
767 X509_free(x509);
768
769 return error;
770 }
771
772 #else /* __APPLE__ */
773
774 /*
775 * get the subjectAltName from X509 certificate.
776 * the name must be terminated by '\0'.
777 */
778 int
779 eay_get_x509subjectaltname(cert, altname, type, pos)
780 vchar_t *cert;
781 char **altname;
782 int *type;
783 int pos;
784 {
785 X509 *x509 = NULL;
786 GENERAL_NAMES *gens = NULL;
787 GENERAL_NAME *gen;
788 int len;
789 int error = -1;
790
791 *altname = NULL;
792 *type = GENT_OTHERNAME;
793
794 x509 = mem2x509(cert);
795 if (x509 == NULL)
796 goto end;
797
798 gens = X509_get_ext_d2i(x509, NID_subject_alt_name, NULL, NULL);
799 if (gens == NULL)
800 goto end;
801
802 /* there is no data at "pos" */
803 if (pos > sk_GENERAL_NAME_num(gens))
804 goto end;
805
806 gen = sk_GENERAL_NAME_value(gens, pos - 1);
807
808 /* read DNSName / Email */
809 if (gen->type == GEN_DNS ||
810 gen->type == GEN_EMAIL ||
811 gen->type == GEN_URI )
812 {
813 /* make sure if the data is terminated by '\0'. */
814 if (gen->d.ia5->data[gen->d.ia5->length] != '\0')
815 {
816 plog(LLV_ERROR, LOCATION, NULL,
817 "data is not terminated by NUL.");
818 hexdump(gen->d.ia5->data, gen->d.ia5->length + 1);
819 goto end;
820 }
821
822 len = gen->d.ia5->length + 1;
823 *altname = racoon_malloc(len);
824 if (!*altname)
825 goto end;
826
827 strlcpy(*altname, (char *) gen->d.ia5->data, len);
828 *type = gen->type;
829 error = 0;
830 }
831 /* read IP address */
832 else if (gen->type == GEN_IPADD)
833 {
834 unsigned char p[5], *ip;
835 const int maxaltnamelen = 20;
836 ip = p;
837
838 /* only support IPv4 */
839 if (gen->d.ip->length != 4)
840 goto end;
841
842 /* convert Octet String to String
843 * XXX ???????
844 */
845 /*i2d_ASN1_OCTET_STRING(gen->d.ip,&ip);*/
846 ip = gen->d.ip->data;
847
848 /* XXX Magic, enough for an IPv4 address
849 */
850 *altname = racoon_malloc(maxaltnamelen);
851 if (!*altname)
852 goto end;
853
854 snprintf(*altname, maxaltnamelen, "%u.%u.%u.%u", ip[0], ip[1], ip[2], ip[3]);
855 *type = gen->type;
856 error = 0;
857 }
858 /* XXX other possible types ?
859 * For now, error will be -1 if unsupported type
860 */
861
862 end:
863 if (error) {
864 if (*altname) {
865 racoon_free(*altname);
866 *altname = NULL;
867 }
868 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
869 }
870 if (x509)
871 X509_free(x509);
872 if (gens)
873 /* free the whole stack. */
874 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
875
876 return error;
877 }
878
879 #endif
880
881 /*
882 * decode a X509 certificate and make a readable text terminated '\n'.
883 * return the buffer allocated, so must free it later.
884 */
885 char *
886 eay_get_x509text(cert)
887 vchar_t *cert;
888 {
889 X509 *x509 = NULL;
890 BIO *bio = NULL;
891 char *text = NULL;
892 u_char *bp = NULL;
893 int len = 0;
894 int error = -1;
895
896 x509 = mem2x509(cert);
897 if (x509 == NULL)
898 goto end;
899
900 bio = BIO_new(BIO_s_mem());
901 if (bio == NULL)
902 goto end;
903
904 error = X509_print(bio, x509);
905 if (error != 1) {
906 error = -1;
907 goto end;
908 }
909
910 len = BIO_get_mem_data(bio, &bp);
911 text = racoon_malloc(len + 1);
912 if (text == NULL)
913 goto end;
914 memcpy(text, bp, len);
915 text[len] = '\0';
916
917 error = 0;
918
919 end:
920 if (error) {
921 if (text) {
922 racoon_free(text);
923 text = NULL;
924 }
925 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
926 }
927 if (bio)
928 BIO_free(bio);
929 if (x509)
930 X509_free(x509);
931
932 return text;
933 }
934
935 /* get X509 structure from buffer. */
936 static X509 *
937 mem2x509(cert)
938 vchar_t *cert;
939 {
940 X509 *x509;
941
942 #ifndef EAYDEBUG
943 {
944 u_char *bp;
945
946 bp = (unsigned char *) cert->v;
947
948 x509 = d2i_X509(NULL, (void *)&bp, cert->l);
949 }
950 #else
951 {
952 BIO *bio;
953 int len;
954
955 bio = BIO_new(BIO_s_mem());
956 if (bio == NULL)
957 return NULL;
958 len = BIO_write(bio, cert->v, cert->l);
959 if (len == -1)
960 return NULL;
961 x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
962 BIO_free(bio);
963 }
964 #endif
965 return x509;
966 }
967
968 /*
969 * get a X509 certificate from local file.
970 * a certificate must be PEM format.
971 * Input:
972 * path to a certificate.
973 * Output:
974 * NULL if error occured
975 * other is the cert.
976 */
977 vchar_t *
978 eay_get_x509cert(path)
979 char *path;
980 {
981 FILE *fp;
982 X509 *x509;
983 vchar_t *cert;
984 u_char *bp;
985 int len;
986 int error;
987
988 /* Read private key */
989 fp = fopen(path, "r");
990 if (fp == NULL)
991 return NULL;
992 x509 = PEM_read_X509(fp, NULL, NULL, NULL);
993 fclose (fp);
994
995 if (x509 == NULL)
996 return NULL;
997
998 len = i2d_X509(x509, NULL);
999 cert = vmalloc(len);
1000 if (cert == NULL) {
1001 X509_free(x509);
1002 return NULL;
1003 }
1004 bp = (unsigned char *) cert->v;
1005 error = i2d_X509(x509, &bp);
1006 X509_free(x509);
1007
1008 if (error == 0) {
1009 vfree(cert);
1010 return NULL;
1011 }
1012
1013 return cert;
1014 }
1015
1016 /*
1017 * check a X509 signature
1018 * XXX: to be get hash type from my cert ?
1019 * to be handled EVP_dss().
1020 * OUT: return -1 when error.
1021 * 0
1022 */
1023 int
1024 eay_check_x509sign(source, sig, cert)
1025 vchar_t *source;
1026 vchar_t *sig;
1027 vchar_t *cert;
1028 {
1029 X509 *x509;
1030 u_char *bp;
1031 EVP_PKEY *evp;
1032 int res;
1033
1034 bp = (unsigned char *) cert->v;
1035
1036 x509 = d2i_X509(NULL, (void *)&bp, cert->l);
1037 if (x509 == NULL) {
1038 plog(LLV_ERROR, LOCATION, NULL, "d2i_X509(): %s\n", eay_strerror());
1039 return -1;
1040 }
1041
1042 evp = X509_get_pubkey(x509);
1043 if (! evp) {
1044 plog(LLV_ERROR, LOCATION, NULL, "X509_get_pubkey(): %s\n", eay_strerror());
1045 return -1;
1046 }
1047
1048 res = eay_rsa_verify(source, sig, evp->pkey.rsa);
1049
1050 EVP_PKEY_free(evp);
1051
1052 return res;
1053 }
1054
1055 /*
1056 * check RSA signature
1057 * OUT: return -1 when error.
1058 * 0 on success
1059 */
1060 int
1061 eay_check_rsasign(source, sig, rsa)
1062 vchar_t *source;
1063 vchar_t *sig;
1064 RSA *rsa;
1065 {
1066 return eay_rsa_verify(source, sig, rsa);
1067 }
1068
1069 /*
1070 * get PKCS#1 Private Key of PEM format from local file.
1071 */
1072 vchar_t *
1073 eay_get_pkcs1privkey(path)
1074 char *path;
1075 {
1076 FILE *fp;
1077 EVP_PKEY *evp = NULL;
1078 vchar_t *pkey = NULL;
1079 u_char *bp;
1080 int pkeylen;
1081 int error = -1;
1082
1083 /* Read private key */
1084 fp = fopen(path, "r");
1085 if (fp == NULL)
1086 return NULL;
1087
1088 evp = PEM_read_PrivateKey(fp, NULL, NULL, NULL);
1089
1090 fclose (fp);
1091
1092 if (evp == NULL)
1093 return NULL;
1094
1095 pkeylen = i2d_PrivateKey(evp, NULL);
1096 if (pkeylen == 0)
1097 goto end;
1098 pkey = vmalloc(pkeylen);
1099 if (pkey == NULL)
1100 goto end;
1101 bp = (unsigned char *) pkey->v;
1102 pkeylen = i2d_PrivateKey(evp, &bp);
1103 if (pkeylen == 0)
1104 goto end;
1105
1106 error = 0;
1107
1108 end:
1109 if (evp != NULL)
1110 EVP_PKEY_free(evp);
1111 if (error != 0 && pkey != NULL) {
1112 vfree(pkey);
1113 pkey = NULL;
1114 }
1115
1116 return pkey;
1117 }
1118
1119 /*
1120 * get PKCS#1 Public Key of PEM format from local file.
1121 */
1122 vchar_t *
1123 eay_get_pkcs1pubkey(path)
1124 char *path;
1125 {
1126 FILE *fp;
1127 EVP_PKEY *evp = NULL;
1128 vchar_t *pkey = NULL;
1129 X509 *x509 = NULL;
1130 u_char *bp;
1131 int pkeylen;
1132 int error = -1;
1133
1134 /* Read private key */
1135 fp = fopen(path, "r");
1136 if (fp == NULL)
1137 return NULL;
1138
1139 x509 = PEM_read_X509(fp, NULL, NULL, NULL);
1140
1141 fclose (fp);
1142
1143 if (x509 == NULL)
1144 return NULL;
1145
1146 /* Get public key - eay */
1147 evp = X509_get_pubkey(x509);
1148 if (evp == NULL)
1149 return NULL;
1150
1151 pkeylen = i2d_PublicKey(evp, NULL);
1152 if (pkeylen == 0)
1153 goto end;
1154 pkey = vmalloc(pkeylen);
1155 if (pkey == NULL)
1156 goto end;
1157 bp = (unsigned char *) pkey->v;
1158 pkeylen = i2d_PublicKey(evp, &bp);
1159 if (pkeylen == 0)
1160 goto end;
1161
1162 error = 0;
1163 end:
1164 if (evp != NULL)
1165 EVP_PKEY_free(evp);
1166 if (error != 0 && pkey != NULL) {
1167 vfree(pkey);
1168 pkey = NULL;
1169 }
1170
1171 return pkey;
1172 }
1173
1174 vchar_t *
1175 eay_get_x509sign(src, privkey)
1176 vchar_t *src, *privkey;
1177 {
1178 EVP_PKEY *evp;
1179 u_char *bp = (unsigned char *) privkey->v;
1180 vchar_t *sig = NULL;
1181 int len;
1182 int pad = RSA_PKCS1_PADDING;
1183
1184 /* XXX to be handled EVP_PKEY_DSA */
1185 evp = d2i_PrivateKey(EVP_PKEY_RSA, NULL, (void *)&bp, privkey->l);
1186 if (evp == NULL)
1187 return NULL;
1188
1189 sig = eay_rsa_sign(src, evp->pkey.rsa);
1190
1191 EVP_PKEY_free(evp);
1192
1193 return sig;
1194 }
1195
1196 vchar_t *
1197 eay_get_rsasign(src, rsa)
1198 vchar_t *src;
1199 RSA *rsa;
1200 {
1201 return eay_rsa_sign(src, rsa);
1202 }
1203
1204 vchar_t *
1205 eay_rsa_sign(vchar_t *src, RSA *rsa)
1206 {
1207 int len;
1208 vchar_t *sig = NULL;
1209 int pad = RSA_PKCS1_PADDING;
1210
1211 len = RSA_size(rsa);
1212
1213 sig = vmalloc(len);
1214 if (sig == NULL)
1215 return NULL;
1216
1217 len = RSA_private_encrypt(src->l, (unsigned char *) src->v,
1218 (unsigned char *) sig->v, rsa, pad);
1219
1220 if (len == 0 || len != sig->l) {
1221 vfree(sig);
1222 sig = NULL;
1223 }
1224
1225 return sig;
1226 }
1227
1228 int
1229 eay_rsa_verify(src, sig, rsa)
1230 vchar_t *src, *sig;
1231 RSA *rsa;
1232 {
1233 vchar_t *xbuf = NULL;
1234 int pad = RSA_PKCS1_PADDING;
1235 int len = 0;
1236 int error;
1237
1238 len = RSA_size(rsa);
1239 xbuf = vmalloc(len);
1240 if (xbuf == NULL) {
1241 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
1242 return -1;
1243 }
1244
1245 len = RSA_public_decrypt(sig->l, (unsigned char *) sig->v,
1246 (unsigned char *) xbuf->v, rsa, pad);
1247 if (len == 0 || len != src->l) {
1248 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
1249 vfree(xbuf);
1250 return -1;
1251 }
1252
1253 error = memcmp(src->v, xbuf->v, src->l);
1254 vfree(xbuf);
1255 if (error != 0)
1256 return -1;
1257
1258 return 0;
1259 }
1260
1261 /*
1262 * get error string
1263 * MUST load ERR_load_crypto_strings() first.
1264 */
1265 char *
1266 eay_strerror()
1267 {
1268 static char ebuf[512];
1269 int len = 0, n;
1270 unsigned long l;
1271 char buf[200];
1272 const char *file, *data;
1273 int line, flags;
1274 unsigned long es;
1275
1276 es = CRYPTO_thread_id();
1277
1278 while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0){
1279 n = snprintf(ebuf + len, sizeof(ebuf) - len,
1280 "%lu:%s:%s:%d:%s ",
1281 es, ERR_error_string(l, buf), file, line,
1282 (flags & ERR_TXT_STRING) ? data : "");
1283 if (n < 0 || n >= sizeof(ebuf) - len)
1284 break;
1285 len += n;
1286 if (sizeof(ebuf) < len)
1287 break;
1288 }
1289
1290 return ebuf;
1291 }
1292
1293 vchar_t *
1294 evp_crypt(vchar_t *data, vchar_t *key, vchar_t *iv, const EVP_CIPHER *e, int enc)
1295 {
1296 vchar_t *res;
1297 EVP_CIPHER_CTX ctx;
1298
1299 if (!e)
1300 return NULL;
1301
1302 if (data->l % EVP_CIPHER_block_size(e))
1303 return NULL;
1304
1305 if ((res = vmalloc(data->l)) == NULL)
1306 return NULL;
1307
1308 EVP_CIPHER_CTX_init(&ctx);
1309
1310 switch(EVP_CIPHER_nid(e)){
1311 case NID_bf_cbc:
1312 case NID_bf_ecb:
1313 case NID_bf_cfb64:
1314 case NID_bf_ofb64:
1315 case NID_cast5_cbc:
1316 case NID_cast5_ecb:
1317 case NID_cast5_cfb64:
1318 case NID_cast5_ofb64:
1319 /* XXX: can we do that also for algos with a fixed key size ?
1320 */
1321 /* init context without key/iv
1322 */
1323 if (!EVP_CipherInit(&ctx, e, NULL, NULL, enc))
1324 {
1325 OpenSSL_BUG();
1326 vfree(res);
1327 return NULL;
1328 }
1329
1330 /* update key size
1331 */
1332 if (!EVP_CIPHER_CTX_set_key_length(&ctx, key->l))
1333 {
1334 OpenSSL_BUG();
1335 vfree(res);
1336 return NULL;
1337 }
1338
1339 /* finalize context init with desired key size
1340 */
1341 if (!EVP_CipherInit(&ctx, NULL, (u_char *) key->v,
1342 (u_char *) iv->v, enc))
1343 {
1344 OpenSSL_BUG();
1345 vfree(res);
1346 return NULL;
1347 }
1348 break;
1349 default:
1350 if (!EVP_CipherInit(&ctx, e, (u_char *) key->v,
1351 (u_char *) iv->v, enc)) {
1352 OpenSSL_BUG();
1353 vfree(res);
1354 return NULL;
1355 }
1356 }
1357
1358 /* disable openssl padding */
1359 EVP_CIPHER_CTX_set_padding(&ctx, 0);
1360
1361 if (!EVP_Cipher(&ctx, (u_char *) res->v, (u_char *) data->v, data->l)) {
1362 OpenSSL_BUG();
1363 vfree(res);
1364 return NULL;
1365 }
1366
1367 EVP_CIPHER_CTX_cleanup(&ctx);
1368
1369 return res;
1370 }
1371
1372 int
1373 evp_weakkey(vchar_t *key, const EVP_CIPHER *e)
1374 {
1375 return 0;
1376 }
1377
1378 int
1379 evp_keylen(int len, const EVP_CIPHER *e)
1380 {
1381 if (!e)
1382 return -1;
1383 /* EVP functions return lengths in bytes, ipsec-tools
1384 * uses lengths in bits, therefore conversion is required. --AK
1385 */
1386 if (len != 0 && len != (EVP_CIPHER_key_length(e) << 3))
1387 return -1;
1388
1389 return EVP_CIPHER_key_length(e) << 3;
1390 }
1391
1392 /*
1393 * DES-CBC
1394 */
1395 vchar_t *
1396 eay_des_encrypt(data, key, iv)
1397 vchar_t *data, *key, *iv;
1398 {
1399 return evp_crypt(data, key, iv, EVP_des_cbc(), 1);
1400 }
1401
1402 vchar_t *
1403 eay_des_decrypt(data, key, iv)
1404 vchar_t *data, *key, *iv;
1405 {
1406 return evp_crypt(data, key, iv, EVP_des_cbc(), 0);
1407 }
1408
1409 int
1410 eay_des_weakkey(key)
1411 vchar_t *key;
1412 {
1413 #ifdef USE_NEW_DES_API
1414 return DES_is_weak_key((void *)key->v);
1415 #else
1416 return des_is_weak_key((void *)key->v);
1417 #endif
1418 }
1419
1420 int
1421 eay_des_keylen(len)
1422 int len;
1423 {
1424 return evp_keylen(len, EVP_des_cbc());
1425 }
1426
1427 #ifdef HAVE_OPENSSL_IDEA_H
1428 /*
1429 * IDEA-CBC
1430 */
1431 vchar_t *
1432 eay_idea_encrypt(data, key, iv)
1433 vchar_t *data, *key, *iv;
1434 {
1435 vchar_t *res;
1436 IDEA_KEY_SCHEDULE ks;
1437
1438 idea_set_encrypt_key(key->v, &ks);
1439
1440 /* allocate buffer for result */
1441 if ((res = vmalloc(data->l)) == NULL)
1442 return NULL;
1443
1444 /* decryption data */
1445 idea_cbc_encrypt(data->v, res->v, data->l,
1446 &ks, iv->v, IDEA_ENCRYPT);
1447
1448 return res;
1449 }
1450
1451 vchar_t *
1452 eay_idea_decrypt(data, key, iv)
1453 vchar_t *data, *key, *iv;
1454 {
1455 vchar_t *res;
1456 IDEA_KEY_SCHEDULE ks, dks;
1457
1458 idea_set_encrypt_key(key->v, &ks);
1459 idea_set_decrypt_key(&ks, &dks);
1460
1461 /* allocate buffer for result */
1462 if ((res = vmalloc(data->l)) == NULL)
1463 return NULL;
1464
1465 /* decryption data */
1466 idea_cbc_encrypt(data->v, res->v, data->l,
1467 &dks, iv->v, IDEA_DECRYPT);
1468
1469 return res;
1470 }
1471
1472 int
1473 eay_idea_weakkey(key)
1474 vchar_t *key;
1475 {
1476 return 0; /* XXX */
1477 }
1478
1479 int
1480 eay_idea_keylen(len)
1481 int len;
1482 {
1483 if (len != 0 && len != 128)
1484 return -1;
1485 return 128;
1486 }
1487 #endif
1488
1489 /*
1490 * BLOWFISH-CBC
1491 */
1492 vchar_t *
1493 eay_bf_encrypt(data, key, iv)
1494 vchar_t *data, *key, *iv;
1495 {
1496 return evp_crypt(data, key, iv, EVP_bf_cbc(), 1);
1497 }
1498
1499 vchar_t *
1500 eay_bf_decrypt(data, key, iv)
1501 vchar_t *data, *key, *iv;
1502 {
1503 return evp_crypt(data, key, iv, EVP_bf_cbc(), 0);
1504 }
1505
1506 int
1507 eay_bf_weakkey(key)
1508 vchar_t *key;
1509 {
1510 return 0; /* XXX to be done. refer to RFC 2451 */
1511 }
1512
1513 int
1514 eay_bf_keylen(len)
1515 int len;
1516 {
1517 if (len == 0)
1518 return 448;
1519 if (len < 40 || len > 448)
1520 return -1;
1521 return len;
1522 }
1523
1524 #ifdef HAVE_OPENSSL_RC5_H
1525 /*
1526 * RC5-CBC
1527 */
1528 vchar_t *
1529 eay_rc5_encrypt(data, key, iv)
1530 vchar_t *data, *key, *iv;
1531 {
1532 vchar_t *res;
1533 RC5_32_KEY ks;
1534
1535 /* in RFC 2451, there is information about the number of round. */
1536 RC5_32_set_key(&ks, key->l, key->v, 16);
1537
1538 /* allocate buffer for result */
1539 if ((res = vmalloc(data->l)) == NULL)
1540 return NULL;
1541
1542 /* decryption data */
1543 RC5_32_cbc_encrypt(data->v, res->v, data->l,
1544 &ks, iv->v, RC5_ENCRYPT);
1545
1546 return res;
1547 }
1548
1549 vchar_t *
1550 eay_rc5_decrypt(data, key, iv)
1551 vchar_t *data, *key, *iv;
1552 {
1553 vchar_t *res;
1554 RC5_32_KEY ks;
1555
1556 /* in RFC 2451, there is information about the number of round. */
1557 RC5_32_set_key(&ks, key->l, key->v, 16);
1558
1559 /* allocate buffer for result */
1560 if ((res = vmalloc(data->l)) == NULL)
1561 return NULL;
1562
1563 /* decryption data */
1564 RC5_32_cbc_encrypt(data->v, res->v, data->l,
1565 &ks, iv->v, RC5_DECRYPT);
1566
1567 return res;
1568 }
1569
1570 int
1571 eay_rc5_weakkey(key)
1572 vchar_t *key;
1573 {
1574 return 0; /* No known weak keys when used with 16 rounds. */
1575
1576 }
1577
1578 int
1579 eay_rc5_keylen(len)
1580 int len;
1581 {
1582 if (len == 0)
1583 return 128;
1584 if (len < 40 || len > 2040)
1585 return -1;
1586 return len;
1587 }
1588 #endif
1589
1590 /*
1591 * 3DES-CBC
1592 */
1593 vchar_t *
1594 eay_3des_encrypt(data, key, iv)
1595 vchar_t *data, *key, *iv;
1596 {
1597 return evp_crypt(data, key, iv, EVP_des_ede3_cbc(), 1);
1598 }
1599
1600 vchar_t *
1601 eay_3des_decrypt(data, key, iv)
1602 vchar_t *data, *key, *iv;
1603 {
1604 return evp_crypt(data, key, iv, EVP_des_ede3_cbc(), 0);
1605 }
1606
1607 int
1608 eay_3des_weakkey(key)
1609 vchar_t *key;
1610 {
1611 #ifdef USE_NEW_DES_API
1612 return (DES_is_weak_key((void *)key->v) ||
1613 DES_is_weak_key((void *)(key->v + 8)) ||
1614 DES_is_weak_key((void *)(key->v + 16)));
1615 #else
1616 if (key->l < 24)
1617 return 0;
1618
1619 return (des_is_weak_key((void *)key->v) ||
1620 des_is_weak_key((void *)(key->v + 8)) ||
1621 des_is_weak_key((void *)(key->v + 16)));
1622 #endif
1623 }
1624
1625 int
1626 eay_3des_keylen(len)
1627 int len;
1628 {
1629 if (len != 0 && len != 192)
1630 return -1;
1631 return 192;
1632 }
1633
1634 /*
1635 * CAST-CBC
1636 */
1637 vchar_t *
1638 eay_cast_encrypt(data, key, iv)
1639 vchar_t *data, *key, *iv;
1640 {
1641 return evp_crypt(data, key, iv, EVP_cast5_cbc(), 1);
1642 }
1643
1644 vchar_t *
1645 eay_cast_decrypt(data, key, iv)
1646 vchar_t *data, *key, *iv;
1647 {
1648 return evp_crypt(data, key, iv, EVP_cast5_cbc(), 0);
1649 }
1650
1651 int
1652 eay_cast_weakkey(key)
1653 vchar_t *key;
1654 {
1655 return 0; /* No known weak keys. */
1656 }
1657
1658 int
1659 eay_cast_keylen(len)
1660 int len;
1661 {
1662 if (len == 0)
1663 return 128;
1664 if (len < 40 || len > 128)
1665 return -1;
1666 return len;
1667 }
1668
1669 /*
1670 * AES(RIJNDAEL)-CBC
1671 */
1672 #ifndef HAVE_OPENSSL_AES_H
1673 vchar_t *
1674 eay_aes_encrypt(data, key, iv)
1675 vchar_t *data, *key, *iv;
1676 {
1677 vchar_t *res;
1678 keyInstance k;
1679 cipherInstance c;
1680
1681 memset(&k, 0, sizeof(k));
1682 if (rijndael_makeKey(&k, DIR_ENCRYPT, key->l << 3, key->v) < 0)
1683 return NULL;
1684
1685 /* allocate buffer for result */
1686 if ((res = vmalloc(data->l)) == NULL)
1687 return NULL;
1688
1689 /* encryption data */
1690 memset(&c, 0, sizeof(c));
1691 if (rijndael_cipherInit(&c, MODE_CBC, iv->v) < 0){
1692 vfree(res);
1693 return NULL;
1694 }
1695 if (rijndael_blockEncrypt(&c, &k, data->v, data->l << 3, res->v) < 0){
1696 vfree(res);
1697 return NULL;
1698 }
1699
1700 return res;
1701 }
1702
1703 vchar_t *
1704 eay_aes_decrypt(data, key, iv)
1705 vchar_t *data, *key, *iv;
1706 {
1707 vchar_t *res;
1708 keyInstance k;
1709 cipherInstance c;
1710
1711 memset(&k, 0, sizeof(k));
1712 if (rijndael_makeKey(&k, DIR_DECRYPT, key->l << 3, key->v) < 0)
1713 return NULL;
1714
1715 /* allocate buffer for result */
1716 if ((res = vmalloc(data->l)) == NULL)
1717 return NULL;
1718
1719 /* decryption data */
1720 memset(&c, 0, sizeof(c));
1721 if (rijndael_cipherInit(&c, MODE_CBC, iv->v) < 0){
1722 vfree(res);
1723 return NULL;
1724 }
1725 if (rijndael_blockDecrypt(&c, &k, data->v, data->l << 3, res->v) < 0){
1726 vfree(res);
1727 return NULL;
1728 }
1729
1730 return res;
1731 }
1732 #else
1733 static inline const EVP_CIPHER *
1734 aes_evp_by_keylen(int keylen)
1735 {
1736 switch(keylen) {
1737 case 16:
1738 case 128:
1739 return EVP_aes_128_cbc();
1740 case 24:
1741 case 192:
1742 return EVP_aes_192_cbc();
1743 case 32:
1744 case 256:
1745 return EVP_aes_256_cbc();
1746 default:
1747 return NULL;
1748 }
1749 }
1750
1751 vchar_t *
1752 eay_aes_encrypt(data, key, iv)
1753 vchar_t *data, *key, *iv;
1754 {
1755 return evp_crypt(data, key, iv, aes_evp_by_keylen(key->l), 1);
1756 }
1757
1758 vchar_t *
1759 eay_aes_decrypt(data, key, iv)
1760 vchar_t *data, *key, *iv;
1761 {
1762 return evp_crypt(data, key, iv, aes_evp_by_keylen(key->l), 0);
1763 }
1764 #endif
1765
1766 int
1767 eay_aes_weakkey(key)
1768 vchar_t *key;
1769 {
1770 return 0;
1771 }
1772
1773 int
1774 eay_aes_keylen(len)
1775 int len;
1776 {
1777 if (len == 0)
1778 return 128;
1779 if (len != 128 && len != 192 && len != 256)
1780 return -1;
1781 return len;
1782 }
1783
1784 /* for ipsec part */
1785 int
1786 eay_null_hashlen()
1787 {
1788 return 0;
1789 }
1790
1791 int
1792 eay_kpdk_hashlen()
1793 {
1794 return 0;
1795 }
1796
1797 int
1798 eay_twofish_keylen(len)
1799 int len;
1800 {
1801 if (len < 0 || len > 256)
1802 return -1;
1803 return len;
1804 }
1805
1806 int
1807 eay_null_keylen(len)
1808 int len;
1809 {
1810 return 0;
1811 }
1812
1813 /*
1814 * HMAC functions
1815 */
1816
1817 #ifdef __APPLE__
1818 static caddr_t
1819 eay_hmac_init(key, algorithm)
1820 vchar_t *key;
1821 CCHmacAlgorithm algorithm;
1822 {
1823 CCHmacContext *c = racoon_malloc(sizeof(*c));
1824
1825 CCHmacInit(c, algorithm, key->v, key->l);
1826
1827 return (caddr_t)c;
1828 }
1829 #else
1830 static caddr_t
1831 eay_hmac_init(key, md)
1832 vchar_t *key;
1833 const EVP_MD *md;
1834 {
1835 HMAC_CTX *c = racoon_malloc(sizeof(*c));
1836
1837 HMAC_Init(c, key->v, key->l, md);
1838
1839 return (caddr_t)c;
1840 }
1841 #endif /* __APPLE__ */
1842
1843 #ifdef WITH_SHA2
1844 /*
1845 * HMAC SHA2-512
1846 */
1847 vchar_t *
1848 eay_hmacsha2_512_one(key, data)
1849 vchar_t *key, *data;
1850 {
1851 vchar_t *res;
1852 caddr_t ctx;
1853
1854 ctx = eay_hmacsha2_512_init(key);
1855 eay_hmacsha2_512_update(ctx, data);
1856 res = eay_hmacsha2_512_final(ctx);
1857
1858 return(res);
1859 }
1860
1861 caddr_t
1862 eay_hmacsha2_512_init(key)
1863 vchar_t *key;
1864 {
1865 #ifdef __APPLE__
1866 return eay_hmac_init(key, kCCHmacAlgSHA512);
1867 #else
1868 return eay_hmac_init(key, EVP_sha2_512());
1869 #endif
1870 }
1871
1872 void
1873 eay_hmacsha2_512_update(c, data)
1874 caddr_t c;
1875 vchar_t *data;
1876 {
1877 #ifdef __APPLE__
1878 CCHmacUpdate((CCHmacContext *)c, data->v, data->l);
1879 #else
1880 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
1881 #endif
1882 }
1883
1884 #ifdef __APPLE__
1885 vchar_t *
1886 eay_hmacsha2_512_final(c)
1887 caddr_t c;
1888 {
1889 vchar_t *res;
1890
1891 if ((res = vmalloc(CC_SHA512_DIGEST_LENGTH)) == 0)
1892 return NULL;
1893
1894 CCHmacFinal((CCHmacContext *)c, res->v);
1895 res->l = CC_SHA512_DIGEST_LENGTH;
1896
1897 (void)racoon_free(c);
1898 return(res);
1899 }
1900 #else
1901 vchar_t *
1902 eay_hmacsha2_512_final(c)
1903 caddr_t c;
1904 {
1905 vchar_t *res;
1906 unsigned int l;
1907
1908 if ((res = vmalloc(SHA512_DIGEST_LENGTH)) == 0)
1909 return NULL;
1910
1911 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
1912 res->l = l;
1913 HMAC_cleanup((HMAC_CTX *)c);
1914
1915 (void)racoon_free(c);
1916
1917 if (SHA512_DIGEST_LENGTH != res->l) {
1918 plog(LLV_ERROR, LOCATION, NULL,
1919 "hmac sha2_512 length mismatch %zd.\n", res->l);
1920 vfree(res);
1921 return NULL;
1922 }
1923
1924 return(res);
1925 }
1926 #endif /* __APPLE__ */
1927
1928 /*
1929 * HMAC SHA2-384
1930 */
1931 vchar_t *
1932 eay_hmacsha2_384_one(key, data)
1933 vchar_t *key, *data;
1934 {
1935 vchar_t *res;
1936 caddr_t ctx;
1937
1938 ctx = eay_hmacsha2_384_init(key);
1939 eay_hmacsha2_384_update(ctx, data);
1940 res = eay_hmacsha2_384_final(ctx);
1941
1942 return(res);
1943 }
1944
1945 caddr_t
1946 eay_hmacsha2_384_init(key)
1947 vchar_t *key;
1948 {
1949 #ifdef __APPLE__
1950 return eay_hmac_init(key, kCCHmacAlgSHA384);
1951 #else
1952 return eay_hmac_init(key, EVP_sha2_384());
1953 #endif
1954 }
1955
1956 void
1957 eay_hmacsha2_384_update(c, data)
1958 caddr_t c;
1959 vchar_t *data;
1960 {
1961 #ifdef __APPLE__
1962 CCHmacUpdate((CCHmacContext *)c, data->v, data->l);
1963 #else
1964 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
1965 #endif
1966 }
1967
1968 #ifdef __APPLE__
1969 vchar_t *
1970 eay_hmacsha2_384_final(c)
1971 caddr_t c;
1972 {
1973 vchar_t *res;
1974
1975 if ((res = vmalloc(CC_SHA384_DIGEST_LENGTH)) == 0)
1976 return NULL;
1977
1978 CCHmacFinal((CCHmacContext *)c, res->v);
1979 res->l = CC_SHA384_DIGEST_LENGTH;
1980
1981 (void)racoon_free(c);
1982 return(res);
1983 }
1984 #else
1985 vchar_t *
1986 eay_hmacsha2_384_final(c)
1987 caddr_t c;
1988 {
1989 vchar_t *res;
1990 unsigned int l;
1991
1992 if ((res = vmalloc(SHA384_DIGEST_LENGTH)) == 0)
1993 return NULL;
1994
1995 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
1996 res->l = l;
1997 HMAC_cleanup((HMAC_CTX *)c);
1998
1999 (void)racoon_free(c);
2000
2001 if (SHA384_DIGEST_LENGTH != res->l) {
2002 plog(LLV_ERROR, LOCATION, NULL,
2003 "hmac sha2_384 length mismatch %zd.\n", res->l);
2004 vfree(res);
2005 return NULL;
2006 }
2007
2008 return(res);
2009 }
2010 #endif /* __APPLE__ */
2011
2012 /*
2013 * HMAC SHA2-256
2014 */
2015 vchar_t *
2016 eay_hmacsha2_256_one(key, data)
2017 vchar_t *key, *data;
2018 {
2019 vchar_t *res;
2020 caddr_t ctx;
2021
2022 ctx = eay_hmacsha2_256_init(key);
2023 eay_hmacsha2_256_update(ctx, data);
2024 res = eay_hmacsha2_256_final(ctx);
2025
2026 return(res);
2027 }
2028
2029 caddr_t
2030 eay_hmacsha2_256_init(key)
2031 vchar_t *key;
2032 {
2033 #ifdef __APPLE__
2034 return eay_hmac_init(key, kCCHmacAlgSHA256);
2035 #else
2036 return eay_hmac_init(key, EVP_sha2_256());
2037 #endif
2038 }
2039
2040 void
2041 eay_hmacsha2_256_update(c, data)
2042 caddr_t c;
2043 vchar_t *data;
2044 {
2045 #ifdef __APPLE__
2046 CCHmacUpdate((CCHmacContext *)c, data->v, data->l);
2047 #else
2048 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
2049 #endif
2050 }
2051
2052 #ifdef __APPLE__
2053 vchar_t *
2054 eay_hmacsha2_256_final(c)
2055 caddr_t c;
2056 {
2057 vchar_t *res;
2058
2059 if ((res = vmalloc(CC_SHA256_DIGEST_LENGTH)) == 0)
2060 return NULL;
2061
2062 CCHmacFinal((CCHmacContext *)c, res->v);
2063 res->l = CC_SHA256_DIGEST_LENGTH;
2064
2065 (void)racoon_free(c);
2066 return(res);
2067 }
2068 #else
2069 vchar_t *
2070 eay_hmacsha2_256_final(c)
2071 caddr_t c;
2072 {
2073 vchar_t *res;
2074 unsigned int l;
2075
2076 if ((res = vmalloc(SHA256_DIGEST_LENGTH)) == 0)
2077 return NULL;
2078
2079 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
2080 res->l = l;
2081 HMAC_cleanup((HMAC_CTX *)c);
2082
2083 (void)racoon_free(c);
2084
2085 if (SHA256_DIGEST_LENGTH != res->l) {
2086 plog(LLV_ERROR, LOCATION, NULL,
2087 "hmac sha2_256 length mismatch %zd.\n", res->l);
2088 vfree(res);
2089 return NULL;
2090 }
2091
2092 return(res);
2093 }
2094 #endif /* __APPLE__ */
2095 #endif /* WITH_SHA2 */
2096
2097 /*
2098 * HMAC SHA1
2099 */
2100 vchar_t *
2101 eay_hmacsha1_one(key, data)
2102 vchar_t *key, *data;
2103 {
2104 vchar_t *res;
2105 caddr_t ctx;
2106
2107 ctx = eay_hmacsha1_init(key);
2108 eay_hmacsha1_update(ctx, data);
2109 res = eay_hmacsha1_final(ctx);
2110
2111 return(res);
2112 }
2113
2114 caddr_t
2115 eay_hmacsha1_init(key)
2116 vchar_t *key;
2117 {
2118 #ifdef __APPLE__
2119 return eay_hmac_init(key, kCCHmacAlgSHA1);
2120 #else
2121 return eay_hmac_init(key, EVP_sha1());
2122 #endif
2123 }
2124
2125 void
2126 eay_hmacsha1_update(c, data)
2127 caddr_t c;
2128 vchar_t *data;
2129 {
2130 #ifdef __APPLE__
2131 CCHmacUpdate((CCHmacContext *)c, data->v, data->l);
2132 #else
2133 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
2134 #endif
2135 }
2136
2137 #ifdef __APPLE__
2138 vchar_t *
2139 eay_hmacsha1_final(c)
2140 caddr_t c;
2141 {
2142 vchar_t *res;
2143
2144 if ((res = vmalloc(CC_SHA1_DIGEST_LENGTH)) == 0)
2145 return NULL;
2146
2147 CCHmacFinal((CCHmacContext *)c, res->v);
2148 res->l = CC_SHA1_DIGEST_LENGTH;
2149
2150 (void)racoon_free(c);
2151 return(res);
2152 }
2153 #else
2154 vchar_t *
2155 eay_hmacsha1_final(c)
2156 caddr_t c;
2157 {
2158 vchar_t *res;
2159 unsigned int l;
2160
2161 if ((res = vmalloc(SHA_DIGEST_LENGTH)) == 0)
2162 return NULL;
2163
2164 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
2165 res->l = l;
2166 HMAC_cleanup((HMAC_CTX *)c);
2167
2168 (void)racoon_free(c);
2169
2170 if (SHA_DIGEST_LENGTH != res->l) {
2171 plog(LLV_ERROR, LOCATION, NULL,
2172 "hmac sha1 length mismatch %zd.\n", res->l);
2173 vfree(res);
2174 return NULL;
2175 }
2176
2177 return(res);
2178 }
2179 #endif /* __APPLE__ */
2180
2181 /*
2182 * HMAC MD5
2183 */
2184 vchar_t *
2185 eay_hmacmd5_one(key, data)
2186 vchar_t *key, *data;
2187 {
2188 vchar_t *res;
2189 caddr_t ctx;
2190
2191 ctx = eay_hmacmd5_init(key);
2192 eay_hmacmd5_update(ctx, data);
2193 res = eay_hmacmd5_final(ctx);
2194
2195 return(res);
2196 }
2197
2198 caddr_t
2199 eay_hmacmd5_init(key)
2200 vchar_t *key;
2201 {
2202 #ifdef __APPLE__
2203 return eay_hmac_init(key, kCCHmacAlgMD5);
2204 #else
2205 return eay_hmac_init(key, EVP_md5());
2206 #endif
2207 }
2208
2209 void
2210 eay_hmacmd5_update(c, data)
2211 caddr_t c;
2212 vchar_t *data;
2213 {
2214 #ifdef __APPLE__
2215 CCHmacUpdate((CCHmacContext *)c, data->v, data->l);
2216 #else
2217 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
2218 #endif
2219 }
2220
2221 #ifdef __APPLE__
2222 vchar_t *
2223 eay_hmacmd5_final(c)
2224 caddr_t c;
2225 {
2226 vchar_t *res;
2227
2228 if ((res = vmalloc(CC_MD5_DIGEST_LENGTH)) == 0)
2229 return NULL;
2230
2231 CCHmacFinal((CCHmacContext *)c, res->v);
2232 res->l = CC_MD5_DIGEST_LENGTH;
2233 (void)racoon_free(c);
2234
2235 return(res);
2236 }
2237 #else
2238 vchar_t *
2239 eay_hmacmd5_final(c)
2240 caddr_t c;
2241 {
2242 vchar_t *res;
2243 unsigned int l;
2244
2245 if ((res = vmalloc(MD5_DIGEST_LENGTH)) == 0)
2246 return NULL;
2247
2248 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
2249 res->l = l;
2250 HMAC_cleanup((HMAC_CTX *)c);
2251
2252 (void)racoon_free(c);
2253
2254 if (MD5_DIGEST_LENGTH != res->l) {
2255 plog(LLV_ERROR, LOCATION, NULL,
2256 "hmac md5 length mismatch %zd.\n", res->l);
2257 vfree(res);
2258 return NULL;
2259 }
2260
2261 return(res);
2262 }
2263 #endif /* __APPLE__ */
2264
2265 #ifdef WITH_SHA2
2266 /*
2267 * SHA2-512 functions
2268 */
2269 caddr_t
2270 eay_sha2_512_init()
2271 {
2272 SHA512_CTX *c = racoon_malloc(sizeof(*c));
2273
2274 SHA512_Init(c);
2275
2276 return((caddr_t)c);
2277 }
2278
2279 void
2280 eay_sha2_512_update(c, data)
2281 caddr_t c;
2282 vchar_t *data;
2283 {
2284 SHA512_Update((SHA512_CTX *)c, (unsigned char *) data->v, data->l);
2285
2286 return;
2287 }
2288
2289 vchar_t *
2290 eay_sha2_512_final(c)
2291 caddr_t c;
2292 {
2293 vchar_t *res;
2294
2295 if ((res = vmalloc(SHA512_DIGEST_LENGTH)) == 0)
2296 return(0);
2297
2298 SHA512_Final((unsigned char *) res->v, (SHA512_CTX *)c);
2299 (void)racoon_free(c);
2300
2301 return(res);
2302 }
2303
2304 vchar_t *
2305 eay_sha2_512_one(data)
2306 vchar_t *data;
2307 {
2308 caddr_t ctx;
2309 vchar_t *res;
2310
2311 ctx = eay_sha2_512_init();
2312 eay_sha2_512_update(ctx, data);
2313 res = eay_sha2_512_final(ctx);
2314
2315 return(res);
2316 }
2317
2318 int
2319 eay_sha2_512_hashlen()
2320 {
2321 return SHA512_DIGEST_LENGTH << 3;
2322 }
2323 #endif
2324
2325 #ifdef WITH_SHA2
2326 /*
2327 * SHA2-384 functions
2328 */
2329
2330 #ifdef __APPLE__
2331 typedef SHA512_CTX SHA384_CTX;
2332 #endif
2333
2334 caddr_t
2335 eay_sha2_384_init()
2336 {
2337 SHA384_CTX *c = racoon_malloc(sizeof(*c));
2338
2339 SHA384_Init(c);
2340
2341 return((caddr_t)c);
2342 }
2343
2344 void
2345 eay_sha2_384_update(c, data)
2346 caddr_t c;
2347 vchar_t *data;
2348 {
2349 SHA384_Update((SHA384_CTX *)c, (unsigned char *) data->v, data->l);
2350
2351 return;
2352 }
2353
2354 vchar_t *
2355 eay_sha2_384_final(c)
2356 caddr_t c;
2357 {
2358 vchar_t *res;
2359
2360 if ((res = vmalloc(SHA384_DIGEST_LENGTH)) == 0)
2361 return(0);
2362
2363 SHA384_Final((unsigned char *) res->v, (SHA384_CTX *)c);
2364 (void)racoon_free(c);
2365
2366 return(res);
2367 }
2368
2369 vchar_t *
2370 eay_sha2_384_one(data)
2371 vchar_t *data;
2372 {
2373 caddr_t ctx;
2374 vchar_t *res;
2375
2376 ctx = eay_sha2_384_init();
2377 eay_sha2_384_update(ctx, data);
2378 res = eay_sha2_384_final(ctx);
2379
2380 return(res);
2381 }
2382
2383 int
2384 eay_sha2_384_hashlen()
2385 {
2386 return SHA384_DIGEST_LENGTH << 3;
2387 }
2388 #endif
2389
2390 #ifdef WITH_SHA2
2391 /*
2392 * SHA2-256 functions
2393 */
2394 caddr_t
2395 eay_sha2_256_init()
2396 {
2397 SHA256_CTX *c = racoon_malloc(sizeof(*c));
2398
2399 SHA256_Init(c);
2400
2401 return((caddr_t)c);
2402 }
2403
2404 void
2405 eay_sha2_256_update(c, data)
2406 caddr_t c;
2407 vchar_t *data;
2408 {
2409 SHA256_Update((SHA256_CTX *)c, (unsigned char *) data->v, data->l);
2410
2411 return;
2412 }
2413
2414 vchar_t *
2415 eay_sha2_256_final(c)
2416 caddr_t c;
2417 {
2418 vchar_t *res;
2419
2420 if ((res = vmalloc(SHA256_DIGEST_LENGTH)) == 0)
2421 return(0);
2422
2423 SHA256_Final((unsigned char *) res->v, (SHA256_CTX *)c);
2424 (void)racoon_free(c);
2425
2426 return(res);
2427 }
2428
2429 vchar_t *
2430 eay_sha2_256_one(data)
2431 vchar_t *data;
2432 {
2433 caddr_t ctx;
2434 vchar_t *res;
2435
2436 ctx = eay_sha2_256_init();
2437 eay_sha2_256_update(ctx, data);
2438 res = eay_sha2_256_final(ctx);
2439
2440 return(res);
2441 }
2442
2443 int
2444 eay_sha2_256_hashlen()
2445 {
2446 return SHA256_DIGEST_LENGTH << 3;
2447 }
2448 #endif
2449
2450 /*
2451 * SHA functions
2452 */
2453 caddr_t
2454 eay_sha1_init()
2455 {
2456 SHA_CTX *c = racoon_malloc(sizeof(*c));
2457
2458 SHA1_Init(c);
2459
2460 return((caddr_t)c);
2461 }
2462
2463 void
2464 eay_sha1_update(c, data)
2465 caddr_t c;
2466 vchar_t *data;
2467 {
2468 SHA1_Update((SHA_CTX *)c, data->v, data->l);
2469
2470 return;
2471 }
2472
2473 vchar_t *
2474 eay_sha1_final(c)
2475 caddr_t c;
2476 {
2477 vchar_t *res;
2478
2479 if ((res = vmalloc(SHA_DIGEST_LENGTH)) == 0)
2480 return(0);
2481
2482 SHA1_Final((unsigned char *) res->v, (SHA_CTX *)c);
2483 (void)racoon_free(c);
2484
2485 return(res);
2486 }
2487
2488 vchar_t *
2489 eay_sha1_one(data)
2490 vchar_t *data;
2491 {
2492 caddr_t ctx;
2493 vchar_t *res;
2494
2495 ctx = eay_sha1_init();
2496 eay_sha1_update(ctx, data);
2497 res = eay_sha1_final(ctx);
2498
2499 return(res);
2500 }
2501
2502 int
2503 eay_sha1_hashlen()
2504 {
2505 return SHA_DIGEST_LENGTH << 3;
2506 }
2507
2508 /*
2509 * MD5 functions
2510 */
2511 caddr_t
2512 eay_md5_init()
2513 {
2514 MD5_CTX *c = racoon_malloc(sizeof(*c));
2515
2516 MD5_Init(c);
2517
2518 return((caddr_t)c);
2519 }
2520
2521 void
2522 eay_md5_update(c, data)
2523 caddr_t c;
2524 vchar_t *data;
2525 {
2526 MD5_Update((MD5_CTX *)c, data->v, data->l);
2527
2528 return;
2529 }
2530
2531 vchar_t *
2532 eay_md5_final(c)
2533 caddr_t c;
2534 {
2535 vchar_t *res;
2536
2537 if ((res = vmalloc(MD5_DIGEST_LENGTH)) == 0)
2538 return(0);
2539
2540 MD5_Final((unsigned char *) res->v, (MD5_CTX *)c);
2541 (void)racoon_free(c);
2542
2543 return(res);
2544 }
2545
2546 vchar_t *
2547 eay_md5_one(data)
2548 vchar_t *data;
2549 {
2550 caddr_t ctx;
2551 vchar_t *res;
2552
2553 ctx = eay_md5_init();
2554 eay_md5_update(ctx, data);
2555 res = eay_md5_final(ctx);
2556
2557 return(res);
2558 }
2559
2560 int
2561 eay_md5_hashlen()
2562 {
2563 return MD5_DIGEST_LENGTH << 3;
2564 }
2565
2566 /*
2567 * eay_set_random
2568 * size: number of bytes.
2569 */
2570 vchar_t *
2571 eay_set_random(size)
2572 u_int32_t size;
2573 {
2574 BIGNUM *r = NULL;
2575 vchar_t *res = 0;
2576
2577 if ((r = BN_new()) == NULL)
2578 goto end;
2579 BN_rand(r, size * 8, 0, 0);
2580 eay_bn2v(&res, r);
2581
2582 end:
2583 if (r)
2584 BN_free(r);
2585 return(res);
2586 }
2587
2588 /* DH */
2589 int
2590 eay_dh_generate(prime, g, publen, pub, priv)
2591 vchar_t *prime, **pub, **priv;
2592 u_int publen;
2593 u_int32_t g;
2594 {
2595 BIGNUM *p = NULL;
2596 DH *dh = NULL;
2597 int error = -1;
2598
2599 /* initialize */
2600 /* pre-process to generate number */
2601 if (eay_v2bn(&p, prime) < 0)
2602 goto end;
2603
2604 if ((dh = DH_new()) == NULL)
2605 goto end;
2606 dh->p = p;
2607 p = NULL; /* p is now part of dh structure */
2608 dh->g = NULL;
2609 if ((dh->g = BN_new()) == NULL)
2610 goto end;
2611 if (!BN_set_word(dh->g, g))
2612 goto end;
2613
2614 if (publen != 0)
2615 dh->length = publen;
2616
2617 /* generate public and private number */
2618 if (!DH_generate_key(dh))
2619 goto end;
2620
2621 /* copy results to buffers */
2622 if (eay_bn2v(pub, dh->pub_key) < 0)
2623 goto end;
2624 if (eay_bn2v(priv, dh->priv_key) < 0) {
2625 vfree(*pub);
2626 goto end;
2627 }
2628
2629 error = 0;
2630
2631 end:
2632 if (dh != NULL)
2633 DH_free(dh);
2634 if (p != 0)
2635 BN_free(p);
2636 return(error);
2637 }
2638
2639 int
2640 eay_dh_compute(prime, g, pub, priv, pub2, key)
2641 vchar_t *prime, *pub, *priv, *pub2, **key;
2642 u_int32_t g;
2643 {
2644 BIGNUM *dh_pub = NULL;
2645 DH *dh = NULL;
2646 int l;
2647 unsigned char *v = NULL;
2648 int error = -1;
2649
2650 /* make public number to compute */
2651 if (eay_v2bn(&dh_pub, pub2) < 0)
2652 goto end;
2653
2654 /* make DH structure */
2655 if ((dh = DH_new()) == NULL)
2656 goto end;
2657 if (eay_v2bn(&dh->p, prime) < 0)
2658 goto end;
2659 if (eay_v2bn(&dh->pub_key, pub) < 0)
2660 goto end;
2661 if (eay_v2bn(&dh->priv_key, priv) < 0)
2662 goto end;
2663 dh->length = pub2->l * 8;
2664
2665 dh->g = NULL;
2666 if ((dh->g = BN_new()) == NULL)
2667 goto end;
2668 if (!BN_set_word(dh->g, g))
2669 goto end;
2670
2671 if ((v = racoon_calloc(prime->l, sizeof(u_char))) == NULL)
2672 goto end;
2673 if ((l = DH_compute_key(v, dh_pub, dh)) == -1)
2674 goto end;
2675 memcpy((*key)->v + (prime->l - l), v, l);
2676
2677 error = 0;
2678
2679 end:
2680 if (dh_pub != NULL)
2681 BN_free(dh_pub);
2682 if (dh != NULL)
2683 DH_free(dh);
2684 if (v != NULL)
2685 racoon_free(v);
2686 return(error);
2687 }
2688
2689 /*
2690 * convert vchar_t <-> BIGNUM.
2691 *
2692 * vchar_t: unit is u_char, network endian, most significant byte first.
2693 * BIGNUM: unit is BN_ULONG, each of BN_ULONG is in host endian,
2694 * least significant BN_ULONG must come first.
2695 *
2696 * hex value of "0x3ffe050104" is represented as follows:
2697 * vchar_t: 3f fe 05 01 04
2698 * BIGNUM (BN_ULONG = u_int8_t): 04 01 05 fe 3f
2699 * BIGNUM (BN_ULONG = u_int16_t): 0x0104 0xfe05 0x003f
2700 * BIGNUM (BN_ULONG = u_int32_t_t): 0xfe050104 0x0000003f
2701 */
2702 int
2703 eay_v2bn(bn, var)
2704 BIGNUM **bn;
2705 vchar_t *var;
2706 {
2707 if ((*bn = BN_bin2bn((unsigned char *) var->v, var->l, NULL)) == NULL)
2708 return -1;
2709
2710 return 0;
2711 }
2712
2713 int
2714 eay_bn2v(var, bn)
2715 vchar_t **var;
2716 BIGNUM *bn;
2717 {
2718 *var = vmalloc(bn->top * BN_BYTES);
2719 if (*var == NULL)
2720 return(-1);
2721
2722 (*var)->l = BN_bn2bin(bn, (unsigned char *) (*var)->v);
2723
2724 return 0;
2725 }
2726
2727 void
2728 eay_init()
2729 {
2730 OpenSSL_add_all_algorithms();
2731 ERR_load_crypto_strings();
2732 #ifdef HAVE_OPENSSL_ENGINE_H
2733 ENGINE_load_builtin_engines();
2734 ENGINE_register_all_complete();
2735 #endif
2736 }
2737
2738 vchar_t *
2739 base64_decode(char *in, long inlen)
2740 {
2741 BIO *bio=NULL, *b64=NULL;
2742 vchar_t *res = NULL;
2743 char out[inlen*2];
2744 long outlen;
2745
2746 bio = BIO_new_mem_buf(in, inlen);
2747 b64 = BIO_new(BIO_f_base64());
2748 BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
2749 bio = BIO_push(b64, bio);
2750
2751 outlen = BIO_read(bio, out, inlen * 2);
2752 if (outlen <= 0) {
2753 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
2754 goto out;
2755 }
2756
2757 res = vmalloc(outlen);
2758 if (!res)
2759 goto out;
2760
2761 memcpy(res->v, out, outlen);
2762
2763 out:
2764 if (bio)
2765 BIO_free_all(bio);
2766
2767 return res;
2768 }
2769
2770 vchar_t *
2771 base64_encode(char *in, long inlen)
2772 {
2773 BIO *bio=NULL, *b64=NULL;
2774 char *ptr;
2775 long plen = -1;
2776 vchar_t *res = NULL;
2777
2778 bio = BIO_new(BIO_s_mem());
2779 b64 = BIO_new(BIO_f_base64());
2780 BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
2781 bio = BIO_push(b64, bio);
2782
2783 BIO_write(bio, in, inlen);
2784 BIO_flush(bio);
2785
2786 plen = BIO_get_mem_data(bio, &ptr);
2787 res = vmalloc(plen+1);
2788 if (!res)
2789 goto out;
2790
2791 memcpy (res->v, ptr, plen);
2792 res->v[plen] = '\0';
2793
2794 out:
2795 if (bio)
2796 BIO_free_all(bio);
2797
2798 return res;
2799 }
2800
2801 static RSA *
2802 binbuf_pubkey2rsa(vchar_t *binbuf)
2803 {
2804 BIGNUM *exp, *mod;
2805 RSA *rsa_pub = NULL;
2806
2807 if (binbuf->v[0] > binbuf->l - 1) {
2808 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: decoded string doesn't make sense.\n");
2809 goto out;
2810 }
2811
2812 exp = BN_bin2bn((unsigned char *) (binbuf->v + 1), binbuf->v[0], NULL);
2813 mod = BN_bin2bn((unsigned char *) (binbuf->v + binbuf->v[0] + 1),
2814 binbuf->l - binbuf->v[0] - 1, NULL);
2815 rsa_pub = RSA_new();
2816
2817 if (!exp || !mod || !rsa_pub) {
2818 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey parsing error: %s\n", eay_strerror());
2819 if (exp)
2820 BN_free(exp);
2821 if (mod)
2822 BN_free(exp);
2823 if (rsa_pub)
2824 RSA_free(rsa_pub);
2825 rsa_pub = NULL;
2826 goto out;
2827 }
2828
2829 rsa_pub->n = mod;
2830 rsa_pub->e = exp;
2831
2832 out:
2833 return rsa_pub;
2834 }
2835
2836 RSA *
2837 base64_pubkey2rsa(char *in)
2838 {
2839 BIGNUM *exp, *mod;
2840 RSA *rsa_pub = NULL;
2841 vchar_t *binbuf;
2842
2843 if (strncmp(in, "0s", 2) != 0) {
2844 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: doesn't start with '0s'\n");
2845 return NULL;
2846 }
2847
2848 binbuf = base64_decode(in + 2, strlen(in + 2));
2849 if (!binbuf) {
2850 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: Base64 decoding failed.\n");
2851 return NULL;
2852 }
2853
2854 if (binbuf->v[0] > binbuf->l - 1) {
2855 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: decoded string doesn't make sense.\n");
2856 goto out;
2857 }
2858
2859 rsa_pub = binbuf_pubkey2rsa(binbuf);
2860
2861 out:
2862 if (binbuf)
2863 vfree(binbuf);
2864
2865 return rsa_pub;
2866 }
2867
2868 RSA *
2869 bignum_pubkey2rsa(BIGNUM *in)
2870 {
2871 RSA *rsa_pub = NULL;
2872 vchar_t *binbuf;
2873
2874 binbuf = vmalloc(BN_num_bytes(in));
2875 if (!binbuf) {
2876 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey conversion: memory allocation failed..\n");
2877 return NULL;
2878 }
2879
2880 BN_bn2bin(in, (unsigned char *) binbuf->v);
2881
2882 rsa_pub = binbuf_pubkey2rsa(binbuf);
2883
2884 out:
2885 if (binbuf)
2886 vfree(binbuf);
2887
2888 return rsa_pub;
2889 }
2890
2891 u_int32_t
2892 eay_random()
2893 {
2894 u_int32_t result;
2895 vchar_t *vrand;
2896
2897 vrand = eay_set_random(sizeof(result));
2898 memcpy(&result, vrand->v, sizeof(result));
2899 vfree(vrand);
2900
2901 return result;
2902 }
2903
2904 const char *
2905 eay_version()
2906 {
2907 return SSLeay_version(SSLEAY_VERSION);
2908 }
mirror of ipsec