]> git.saurik.com Git - apple/ipsec.git/blob - ipsec-tools/racoon/crypto_openssl.c
ipsec-93.10.tar.gz
[apple/ipsec.git] / ipsec-tools / racoon / crypto_openssl.c
1 /* $NetBSD: crypto_openssl.c,v 1.11.6.1 2006/12/18 10:18:10 vanhu Exp $ */
2
3 /* Id: crypto_openssl.c,v 1.47 2006/05/06 20:42:09 manubsd Exp */
4
5 /*
6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the project nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "config.h"
35
36 #ifdef __APPLE__
37 #define COMMON_DIGEST_FOR_OPENSSL 1
38 #endif
39
40 #include <sys/types.h>
41 #include <sys/param.h>
42
43 #include <stdlib.h>
44 #include <stdio.h>
45 #include <limits.h>
46 #include <string.h>
47
48 /* get openssl/ssleay version number */
49 #include <openssl/opensslv.h>
50
51 #if !defined(OPENSSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x0090602fL)
52 #error OpenSSL version 0.9.6 or later required.
53 #endif
54
55 #include <openssl/pem.h>
56 #include <openssl/evp.h>
57 #include <openssl/x509.h>
58 #include <openssl/x509v3.h>
59 #include <openssl/x509_vfy.h>
60 #include <openssl/bn.h>
61 #include <openssl/dh.h>
62 #ifdef __APPLE__
63 #include <CommonCrypto/CommonDigest.h>
64 #include <CommonCrypto/CommonHMAC.h>
65 #include <CommonCrypto/CommonCryptor.h>
66 #else
67 #include <openssl/md5.h>
68 #include <openssl/sha.h>
69 #include <openssl/hmac.h>
70 #endif
71 #include <openssl/des.h>
72 #include <openssl/crypto.h>
73 #ifdef HAVE_OPENSSL_ENGINE_H
74 #include <openssl/engine.h>
75 #endif
76 #include <openssl/blowfish.h>
77 #include <openssl/cast.h>
78 #include <openssl/err.h>
79 #ifdef HAVE_OPENSSL_RC5_H
80 #include <openssl/rc5.h>
81 #endif
82 #ifdef HAVE_OPENSSL_IDEA_H
83 #include <openssl/idea.h>
84 #endif
85 #if defined(HAVE_OPENSSL_AES_H)
86 #include <openssl/aes.h>
87 #elif defined(HAVE_OPENSSL_RIJNDAEL_H)
88 #include <openssl/rijndael.h>
89 #else
90 #include "crypto/rijndael/rijndael-api-fst.h"
91 #endif
92 #ifdef WITH_SHA2
93 #ifndef __APPLE__
94 #ifdef HAVE_OPENSSL_SHA2_H
95 #include <openssl/sha2.h>
96 #endif
97 #endif
98 #endif
99
100 /* 0.9.7 stuff? */
101 #if OPENSSL_VERSION_NUMBER < 0x0090700fL
102 typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES;
103 #else
104 #define USE_NEW_DES_API
105 #endif
106
107 #define OpenSSL_BUG() do { plog(LLV_ERROR, LOCATION, NULL, "OpenSSL function failed\n"); } while(0)
108
109 #include "var.h"
110 #include "misc.h"
111 #include "vmbuf.h"
112 #include "plog.h"
113 #include "crypto_openssl.h"
114 #include "debug.h"
115 #include "gcmalloc.h"
116
117
118 /*
119 * I hate to cast every parameter to des_xx into void *, but it is
120 * necessary for SSLeay/OpenSSL portability. It sucks.
121 */
122
123 static int cb_check_cert_local __P((int, X509_STORE_CTX *));
124 static int cb_check_cert_remote __P((int, X509_STORE_CTX *));
125 static X509 *mem2x509 __P((vchar_t *));
126
127 #ifdef __APPLE__
128 static caddr_t eay_hmac_init __P((vchar_t *, CCHmacAlgorithm));
129 #else
130 static caddr_t eay_hmac_init __P((vchar_t *, const EVP_MD *));
131 #endif
132
133 /* X509 Certificate */
134 /*
135 * convert the string of the subject name into DER
136 * e.g. str = "C=JP, ST=Kanagawa";
137 */
138 vchar_t *
139 eay_str2asn1dn(str, len)
140 const char *str;
141 int len;
142 {
143 X509_NAME *name;
144 char *buf;
145 char *field, *value;
146 int i, j;
147 vchar_t *ret = NULL;
148 caddr_t p;
149
150 if (len == -1)
151 len = strlen(str);
152
153 buf = racoon_malloc(len + 1);
154 if (!buf) {
155 plog(LLV_WARNING, LOCATION, NULL,"failed to allocate buffer\n");
156 return NULL;
157 }
158 memcpy(buf, str, len);
159
160 name = X509_NAME_new();
161
162 field = &buf[0];
163 value = NULL;
164 for (i = 0; i < len; i++) {
165 if (!value && buf[i] == '=') {
166 buf[i] = '\0';
167 value = &buf[i + 1];
168 continue;
169 } else if (buf[i] == ',' || buf[i] == '/') {
170 buf[i] = '\0';
171
172 plog(LLV_DEBUG, LOCATION, NULL, "DN: %s=%s\n",
173 field, value);
174
175 if (!value) goto err;
176 if (!X509_NAME_add_entry_by_txt(name, field,
177 (value[0] == '*' && value[1] == 0) ?
178 V_ASN1_PRINTABLESTRING : MBSTRING_ASC,
179 (unsigned char *) value, -1, -1, 0)) {
180 plog(LLV_ERROR, LOCATION, NULL,
181 "Invalid DN field: %s=%s\n",
182 field, value);
183 plog(LLV_ERROR, LOCATION, NULL,
184 "%s\n", eay_strerror());
185 goto err;
186 }
187 for (j = i + 1; j < len; j++) {
188 if (buf[j] != ' ')
189 break;
190 }
191 field = &buf[j];
192 value = NULL;
193 continue;
194 }
195 }
196 buf[len] = '\0';
197
198 plog(LLV_DEBUG, LOCATION, NULL, "DN: %s=%s\n",
199 field, value);
200
201 if (!value) goto err;
202 if (!X509_NAME_add_entry_by_txt(name, field,
203 (value[0] == '*' && value[1] == 0) ?
204 V_ASN1_PRINTABLESTRING : MBSTRING_ASC,
205 (unsigned char *) value, -1, -1, 0)) {
206 plog(LLV_ERROR, LOCATION, NULL,
207 "Invalid DN field: %s=%s\n",
208 field, value);
209 plog(LLV_ERROR, LOCATION, NULL,
210 "%s\n", eay_strerror());
211 goto err;
212 }
213
214 i = i2d_X509_NAME(name, NULL);
215 if (!i)
216 goto err;
217 ret = vmalloc(i);
218 if (!ret)
219 goto err;
220 p = ret->v;
221 i = i2d_X509_NAME(name, (void *)&p);
222 if (!i)
223 goto err;
224
225 return ret;
226
227 err:
228 if (buf)
229 racoon_free(buf);
230 if (name)
231 X509_NAME_free(name);
232 if (ret)
233 vfree(ret);
234 return NULL;
235 }
236
237 /*
238 * convert the hex string of the subject name into DER
239 */
240 vchar_t *
241 eay_hex2asn1dn(const char *hex, int len)
242 {
243 BIGNUM *bn = BN_new();
244 char *binbuf;
245 size_t binlen;
246 vchar_t *ret = NULL;
247
248 if (len == -1)
249 len = strlen(hex);
250
251 if (BN_hex2bn(&bn, hex) != len) {
252 plog(LLV_ERROR, LOCATION, NULL,
253 "conversion of Hex-encoded ASN1 string to binary failed: %s\n",
254 eay_strerror());
255 goto out;
256 }
257
258 binlen = BN_num_bytes(bn);
259 ret = vmalloc(binlen);
260 if (!ret) {
261 plog(LLV_WARNING, LOCATION, NULL,"failed to allocate buffer\n");
262 return NULL;
263 }
264 binbuf = ret->v;
265
266 BN_bn2bin(bn, (unsigned char *) binbuf);
267
268 out:
269 BN_free(bn);
270
271 return ret;
272 }
273
274 /*
275 * The following are derived from code in crypto/x509/x509_cmp.c
276 * in OpenSSL0.9.7c:
277 * X509_NAME_wildcmp() adds wildcard matching to the original
278 * X509_NAME_cmp(), nocase_cmp() and nocase_spacenorm_cmp() are as is.
279 */
280 #include <ctype.h>
281 /* Case insensitive string comparision */
282 static int nocase_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
283 {
284 int i;
285
286 if (a->length != b->length)
287 return (a->length - b->length);
288
289 for (i=0; i<a->length; i++)
290 {
291 int ca, cb;
292
293 ca = tolower(a->data[i]);
294 cb = tolower(b->data[i]);
295
296 if (ca != cb)
297 return(ca-cb);
298 }
299 return 0;
300 }
301
302 /* Case insensitive string comparision with space normalization
303 * Space normalization - ignore leading, trailing spaces,
304 * multiple spaces between characters are replaced by single space
305 */
306 static int nocase_spacenorm_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
307 {
308 unsigned char *pa = NULL, *pb = NULL;
309 int la, lb;
310
311 la = a->length;
312 lb = b->length;
313 pa = a->data;
314 pb = b->data;
315
316 /* skip leading spaces */
317 while (la > 0 && isspace(*pa))
318 {
319 la--;
320 pa++;
321 }
322 while (lb > 0 && isspace(*pb))
323 {
324 lb--;
325 pb++;
326 }
327
328 /* skip trailing spaces */
329 while (la > 0 && isspace(pa[la-1]))
330 la--;
331 while (lb > 0 && isspace(pb[lb-1]))
332 lb--;
333
334 /* compare strings with space normalization */
335 while (la > 0 && lb > 0)
336 {
337 int ca, cb;
338
339 /* compare character */
340 ca = tolower(*pa);
341 cb = tolower(*pb);
342 if (ca != cb)
343 return (ca - cb);
344
345 pa++; pb++;
346 la--; lb--;
347
348 if (la <= 0 || lb <= 0)
349 break;
350
351 /* is white space next character ? */
352 if (isspace(*pa) && isspace(*pb))
353 {
354 /* skip remaining white spaces */
355 while (la > 0 && isspace(*pa))
356 {
357 la--;
358 pa++;
359 }
360 while (lb > 0 && isspace(*pb))
361 {
362 lb--;
363 pb++;
364 }
365 }
366 }
367 if (la > 0 || lb > 0)
368 return la - lb;
369
370 return 0;
371 }
372
373 static int X509_NAME_wildcmp(const X509_NAME *a, const X509_NAME *b)
374 {
375 int i,j;
376 X509_NAME_ENTRY *na,*nb;
377
378 if (sk_X509_NAME_ENTRY_num(a->entries)
379 != sk_X509_NAME_ENTRY_num(b->entries))
380 return sk_X509_NAME_ENTRY_num(a->entries)
381 -sk_X509_NAME_ENTRY_num(b->entries);
382 for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
383 {
384 na=sk_X509_NAME_ENTRY_value(a->entries,i);
385 nb=sk_X509_NAME_ENTRY_value(b->entries,i);
386 j=OBJ_cmp(na->object,nb->object);
387 if (j) return(j);
388 if ((na->value->length == 1 && na->value->data[0] == '*')
389 || (nb->value->length == 1 && nb->value->data[0] == '*'))
390 continue;
391 j=na->value->type-nb->value->type;
392 if (j) return(j);
393 if (na->value->type == V_ASN1_PRINTABLESTRING)
394 j=nocase_spacenorm_cmp(na->value, nb->value);
395 else if (na->value->type == V_ASN1_IA5STRING
396 && OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress)
397 j=nocase_cmp(na->value, nb->value);
398 else
399 {
400 j=na->value->length-nb->value->length;
401 if (j) return(j);
402 j=memcmp(na->value->data,nb->value->data,
403 na->value->length);
404 }
405 if (j) return(j);
406 j=na->set-nb->set;
407 if (j) return(j);
408 }
409
410 return(0);
411 }
412
413 /*
414 * compare two subjectNames.
415 * OUT: 0: equal
416 * positive:
417 * -1: other error.
418 */
419 int
420 eay_cmp_asn1dn(n1, n2)
421 vchar_t *n1, *n2;
422 {
423 X509_NAME *a = NULL, *b = NULL;
424 caddr_t p;
425 int i = -1;
426
427 p = n1->v;
428 if (!d2i_X509_NAME(&a, (void *)&p, n1->l))
429 goto end;
430 p = n2->v;
431 if (!d2i_X509_NAME(&b, (void *)&p, n2->l))
432 goto end;
433
434 i = X509_NAME_wildcmp(a, b);
435
436 end:
437 if (a)
438 X509_NAME_free(a);
439 if (b)
440 X509_NAME_free(b);
441 return i;
442 }
443
444 /*
445 * this functions is derived from apps/verify.c in OpenSSL0.9.5
446 */
447 int
448 eay_check_x509cert(cert, CApath, CAfile, local)
449 vchar_t *cert;
450 char *CApath;
451 char *CAfile;
452 int local;
453 {
454 X509_STORE *cert_ctx = NULL;
455 X509_LOOKUP *lookup = NULL;
456 X509 *x509 = NULL;
457 X509_STORE_CTX *csc;
458 int error = -1;
459
460 cert_ctx = X509_STORE_new();
461 if (cert_ctx == NULL)
462 goto end;
463
464 if (local)
465 X509_STORE_set_verify_cb_func(cert_ctx, cb_check_cert_local);
466 else
467 X509_STORE_set_verify_cb_func(cert_ctx, cb_check_cert_remote);
468
469 lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file());
470 if (lookup == NULL)
471 goto end;
472
473 X509_LOOKUP_load_file(lookup, CAfile,
474 (CAfile == NULL) ? X509_FILETYPE_DEFAULT : X509_FILETYPE_PEM);
475
476 lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_hash_dir());
477 if (lookup == NULL)
478 goto end;
479 error = X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM);
480 if(!error) {
481 error = -1;
482 goto end;
483 }
484 error = -1; /* initialized */
485
486 /* read the certificate to be verified */
487 x509 = mem2x509(cert);
488 if (x509 == NULL)
489 goto end;
490
491 csc = X509_STORE_CTX_new();
492 if (csc == NULL)
493 goto end;
494 X509_STORE_CTX_init(csc, cert_ctx, x509, NULL);
495 #if OPENSSL_VERSION_NUMBER >= 0x00907000L
496 X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CRL_CHECK);
497 X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CRL_CHECK_ALL);
498 #endif
499 error = X509_verify_cert(csc);
500 X509_STORE_CTX_free(csc);
501
502 /*
503 * if x509_verify_cert() is successful then the value of error is
504 * set non-zero.
505 */
506 error = error ? 0 : -1;
507
508 end:
509 if (error)
510 plog(LLV_WARNING, LOCATION, NULL,"%s\n", eay_strerror());
511 if (cert_ctx != NULL)
512 X509_STORE_free(cert_ctx);
513 if (x509 != NULL)
514 X509_free(x509);
515
516 return(error);
517 }
518
519 /*
520 * callback function for verifing certificate.
521 * this function is derived from cb() in openssl/apps/s_server.c
522 */
523 static int
524 cb_check_cert_local(ok, ctx)
525 int ok;
526 X509_STORE_CTX *ctx;
527 {
528 char buf[256];
529 int log_tag;
530
531 if (!ok) {
532 X509_NAME_oneline(
533 X509_get_subject_name(ctx->current_cert),
534 buf,
535 256);
536 /*
537 * since we are just checking the certificates, it is
538 * ok if they are self signed. But we should still warn
539 * the user.
540 */
541 switch (ctx->error) {
542 case X509_V_ERR_CERT_HAS_EXPIRED:
543 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
544 case X509_V_ERR_INVALID_CA:
545 case X509_V_ERR_PATH_LENGTH_EXCEEDED:
546 case X509_V_ERR_INVALID_PURPOSE:
547 case X509_V_ERR_UNABLE_TO_GET_CRL:
548 ok = 1;
549 log_tag = LLV_WARNING;
550 break;
551 default:
552 log_tag = LLV_ERROR;
553 }
554 plog(log_tag, LOCATION, NULL,
555 "%s(%d) at depth:%d SubjectName:%s\n",
556 X509_verify_cert_error_string(ctx->error),
557 ctx->error,
558 ctx->error_depth,
559 buf);
560 }
561 ERR_clear_error();
562
563 return ok;
564 }
565
566 /*
567 * callback function for verifing remote certificates.
568 * this function is derived from cb() in openssl/apps/s_server.c
569 */
570 static int
571 cb_check_cert_remote(ok, ctx)
572 int ok;
573 X509_STORE_CTX *ctx;
574 {
575 char buf[256];
576 int log_tag;
577
578 if (!ok) {
579 X509_NAME_oneline(
580 X509_get_subject_name(ctx->current_cert),
581 buf,
582 256);
583 switch (ctx->error) {
584 case X509_V_ERR_UNABLE_TO_GET_CRL:
585 ok = 1;
586 log_tag = LLV_WARNING;
587 break;
588 default:
589 log_tag = LLV_ERROR;
590 }
591 plog(log_tag, LOCATION, NULL,
592 "%s(%d) at depth:%d SubjectName:%s\n",
593 X509_verify_cert_error_string(ctx->error),
594 ctx->error,
595 ctx->error_depth,
596 buf);
597 }
598 ERR_clear_error();
599
600 return ok;
601 }
602
603 /*
604 * get a subjectAltName from X509 certificate.
605 */
606 vchar_t *
607 eay_get_x509asn1subjectname(cert)
608 vchar_t *cert;
609 {
610 X509 *x509 = NULL;
611 u_char *bp;
612 vchar_t *name = NULL;
613 int len;
614
615 bp = (unsigned char *) cert->v;
616
617 x509 = mem2x509(cert);
618 if (x509 == NULL)
619 goto error;
620
621 /* get the length of the name */
622 len = i2d_X509_NAME(x509->cert_info->subject, NULL);
623 name = vmalloc(len);
624 if (!name)
625 goto error;
626 /* get the name */
627 bp = (unsigned char *) name->v;
628 len = i2d_X509_NAME(x509->cert_info->subject, &bp);
629
630 X509_free(x509);
631
632 return name;
633
634 error:
635 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
636
637 if (name != NULL)
638 vfree(name);
639
640 if (x509 != NULL)
641 X509_free(x509);
642
643 return NULL;
644 }
645
646 #ifdef __APPLE__
647
648 /*
649 * Get the common name from a cert
650 */
651 #define EAY_MAX_CN_LEN 256
652 vchar_t *
653 eay_get_x509_common_name(cert)
654 vchar_t *cert;
655 {
656 X509 *x509 = NULL;
657 X509_NAME *name;
658 vchar_t *commonName = NULL;
659
660 commonName = vmalloc(EAY_MAX_CN_LEN);
661 if (commonName == NULL) {
662 plog(LLV_ERROR, LOCATION, NULL, "no memory\n");
663 return NULL;
664 }
665
666 x509 = mem2x509(cert);
667 if (x509 == NULL) {
668 vfree(commonName);
669 return NULL;
670 }
671
672 name = X509_get_subject_name(x509);
673 X509_NAME_get_text_by_NID(name, NID_commonName, commonName->v, EAY_MAX_CN_LEN);
674
675 commonName->l = strlen(commonName->v);
676
677 if (x509)
678 X509_free(x509);
679 return commonName;
680 }
681
682 /*
683 * get the subjectAltName from X509 certificate.
684 * the name must be terminated by '\0'.
685 */
686 int
687 eay_get_x509subjectaltname(cert, altname, type, pos, len)
688 vchar_t *cert;
689 char **altname;
690 int *type;
691 int pos;
692 int *len;
693 {
694 X509 *x509 = NULL;
695 int i;
696 GENERAL_NAMES *gens = NULL;
697 GENERAL_NAME *gen;
698 int error = -1;
699
700 *altname = NULL;
701 *type = GENT_OTHERNAME;
702
703 x509 = mem2x509(cert);
704 if (x509 == NULL)
705 goto end;
706
707 gens = X509_get_ext_d2i(x509, NID_subject_alt_name, NULL, NULL);
708 if (gens == NULL)
709 goto end;
710
711 for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
712 if (i + 1 != pos)
713 continue;
714 break;
715 }
716
717 /* there is no data at "pos" */
718 if (i == sk_GENERAL_NAME_num(gens))
719 goto end;
720
721 gen = sk_GENERAL_NAME_value(gens, i);
722
723 /* make sure the data is terminated by '\0'. */
724 if (gen->d.ia5->data[gen->d.ia5->length] != '\0') {
725 plog(LLV_ERROR, LOCATION, NULL,
726 "data is not terminated by 0.");
727 hexdump(gen->d.ia5->data, gen->d.ia5->length + 1);
728 goto end;
729 }
730
731 /* read DNSName / Email */
732 if (gen->type == GEN_DNS ||
733 gen->type == GEN_EMAIL ||
734 gen->type == GEN_URI) {
735
736 *len = gen->d.ia5->length + 1;
737 *altname = racoon_malloc(*len);
738 if (!*altname)
739 goto end;
740
741 strlcpy(*altname, (const char *)gen->d.ia5->data, *len);
742 *type = gen->type;
743
744 error = 0;
745 } else if (gen->type == GEN_IPADD) {
746
747 *len = gen->d.ia5->length + 1;
748 *altname = racoon_malloc(*len);
749 if (!*altname)
750 goto end;
751
752 memcpy(*altname, (const char *)gen->d.ia5->data, *len);
753 *type = gen->type;
754
755 error = 0;
756 }
757
758 end:
759 if (error) {
760 if (*altname) {
761 racoon_free(*altname);
762 *altname = NULL;
763 }
764 #ifndef EAYDEBUG
765 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
766 #else
767 printf("%s\n", eay_strerror());
768 #endif
769 }
770 if (gens)
771 /* free the whole stack. */
772 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
773 if (x509)
774 X509_free(x509);
775
776 return error;
777 }
778
779 #else /* __APPLE__ */
780
781 /*
782 * get the subjectAltName from X509 certificate.
783 * the name must be terminated by '\0'.
784 */
785 int
786 eay_get_x509subjectaltname(cert, altname, type, pos)
787 vchar_t *cert;
788 char **altname;
789 int *type;
790 int pos;
791 {
792 X509 *x509 = NULL;
793 GENERAL_NAMES *gens = NULL;
794 GENERAL_NAME *gen;
795 int len;
796 int error = -1;
797
798 *altname = NULL;
799 *type = GENT_OTHERNAME;
800
801 x509 = mem2x509(cert);
802 if (x509 == NULL)
803 goto end;
804
805 gens = X509_get_ext_d2i(x509, NID_subject_alt_name, NULL, NULL);
806 if (gens == NULL)
807 goto end;
808
809 /* there is no data at "pos" */
810 if (pos > sk_GENERAL_NAME_num(gens))
811 goto end;
812
813 gen = sk_GENERAL_NAME_value(gens, pos - 1);
814
815 /* read DNSName / Email */
816 if (gen->type == GEN_DNS ||
817 gen->type == GEN_EMAIL ||
818 gen->type == GEN_URI )
819 {
820 /* make sure if the data is terminated by '\0'. */
821 if (gen->d.ia5->data[gen->d.ia5->length] != '\0')
822 {
823 plog(LLV_ERROR, LOCATION, NULL,
824 "data is not terminated by NUL.");
825 hexdump(gen->d.ia5->data, gen->d.ia5->length + 1);
826 goto end;
827 }
828
829 len = gen->d.ia5->length + 1;
830 *altname = racoon_malloc(len);
831 if (!*altname)
832 goto end;
833
834 strlcpy(*altname, (char *) gen->d.ia5->data, len);
835 *type = gen->type;
836 error = 0;
837 }
838 /* read IP address */
839 else if (gen->type == GEN_IPADD)
840 {
841 unsigned char p[5], *ip;
842 const int maxaltnamelen = 20;
843 ip = p;
844
845 /* only support IPv4 */
846 if (gen->d.ip->length != 4)
847 goto end;
848
849 /* convert Octet String to String
850 * XXX ???????
851 */
852 /*i2d_ASN1_OCTET_STRING(gen->d.ip,&ip);*/
853 ip = gen->d.ip->data;
854
855 /* XXX Magic, enough for an IPv4 address
856 */
857 *altname = racoon_malloc(maxaltnamelen);
858 if (!*altname)
859 goto end;
860
861 snprintf(*altname, maxaltnamelen, "%u.%u.%u.%u", ip[0], ip[1], ip[2], ip[3]);
862 *type = gen->type;
863 error = 0;
864 }
865 /* XXX other possible types ?
866 * For now, error will be -1 if unsupported type
867 */
868
869 end:
870 if (error) {
871 if (*altname) {
872 racoon_free(*altname);
873 *altname = NULL;
874 }
875 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
876 }
877 if (x509)
878 X509_free(x509);
879 if (gens)
880 /* free the whole stack. */
881 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
882
883 return error;
884 }
885
886 #endif
887
888 /*
889 * decode a X509 certificate and make a readable text terminated '\n'.
890 * return the buffer allocated, so must free it later.
891 */
892 char *
893 eay_get_x509text(cert)
894 vchar_t *cert;
895 {
896 X509 *x509 = NULL;
897 BIO *bio = NULL;
898 char *text = NULL;
899 u_char *bp = NULL;
900 int len = 0;
901 int error = -1;
902
903 x509 = mem2x509(cert);
904 if (x509 == NULL)
905 goto end;
906
907 bio = BIO_new(BIO_s_mem());
908 if (bio == NULL)
909 goto end;
910
911 error = X509_print(bio, x509);
912 if (error != 1) {
913 error = -1;
914 goto end;
915 }
916
917 len = BIO_get_mem_data(bio, &bp);
918 text = racoon_malloc(len + 1);
919 if (text == NULL)
920 goto end;
921 memcpy(text, bp, len);
922 text[len] = '\0';
923
924 error = 0;
925
926 end:
927 if (error) {
928 if (text) {
929 racoon_free(text);
930 text = NULL;
931 }
932 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
933 }
934 if (bio)
935 BIO_free(bio);
936 if (x509)
937 X509_free(x509);
938
939 return text;
940 }
941
942 /* get X509 structure from buffer. */
943 static X509 *
944 mem2x509(cert)
945 vchar_t *cert;
946 {
947 X509 *x509;
948
949 #ifndef EAYDEBUG
950 {
951 u_char *bp;
952
953 bp = (unsigned char *) cert->v;
954
955 x509 = d2i_X509(NULL, (void *)&bp, cert->l);
956 }
957 #else
958 {
959 BIO *bio;
960 int len;
961
962 bio = BIO_new(BIO_s_mem());
963 if (bio == NULL)
964 return NULL;
965 len = BIO_write(bio, cert->v, cert->l);
966 if (len == -1)
967 return NULL;
968 x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
969 BIO_free(bio);
970 }
971 #endif
972 return x509;
973 }
974
975 /*
976 * get a X509 certificate from local file.
977 * a certificate must be PEM format.
978 * Input:
979 * path to a certificate.
980 * Output:
981 * NULL if error occured
982 * other is the cert.
983 */
984 vchar_t *
985 eay_get_x509cert(path)
986 char *path;
987 {
988 FILE *fp;
989 X509 *x509;
990 vchar_t *cert;
991 u_char *bp;
992 int len;
993 int error;
994
995 /* Read private key */
996 fp = fopen(path, "r");
997 if (fp == NULL)
998 return NULL;
999 x509 = PEM_read_X509(fp, NULL, NULL, NULL);
1000 fclose (fp);
1001
1002 if (x509 == NULL)
1003 return NULL;
1004
1005 len = i2d_X509(x509, NULL);
1006 cert = vmalloc(len);
1007 if (cert == NULL) {
1008 X509_free(x509);
1009 return NULL;
1010 }
1011 bp = (unsigned char *) cert->v;
1012 error = i2d_X509(x509, &bp);
1013 X509_free(x509);
1014
1015 if (error == 0) {
1016 vfree(cert);
1017 return NULL;
1018 }
1019
1020 return cert;
1021 }
1022
1023 /*
1024 * check a X509 signature
1025 * XXX: to be get hash type from my cert ?
1026 * to be handled EVP_dss().
1027 * OUT: return -1 when error.
1028 * 0
1029 */
1030 int
1031 eay_check_x509sign(source, sig, cert)
1032 vchar_t *source;
1033 vchar_t *sig;
1034 vchar_t *cert;
1035 {
1036 X509 *x509;
1037 u_char *bp;
1038 EVP_PKEY *evp;
1039 int res;
1040
1041 bp = (unsigned char *) cert->v;
1042
1043 x509 = d2i_X509(NULL, (void *)&bp, cert->l);
1044 if (x509 == NULL) {
1045 plog(LLV_ERROR, LOCATION, NULL, "d2i_X509(): %s\n", eay_strerror());
1046 return -1;
1047 }
1048
1049 evp = X509_get_pubkey(x509);
1050 if (! evp) {
1051 plog(LLV_ERROR, LOCATION, NULL, "X509_get_pubkey(): %s\n", eay_strerror());
1052 X509_free(x509);
1053 return -1;
1054 }
1055
1056 res = eay_rsa_verify(source, sig, evp->pkey.rsa);
1057
1058 EVP_PKEY_free(evp);
1059 X509_free(x509);
1060
1061 return res;
1062 }
1063
1064 /*
1065 * check RSA signature
1066 * OUT: return -1 when error.
1067 * 0 on success
1068 */
1069 int
1070 eay_check_rsasign(source, sig, rsa)
1071 vchar_t *source;
1072 vchar_t *sig;
1073 RSA *rsa;
1074 {
1075 return eay_rsa_verify(source, sig, rsa);
1076 }
1077
1078 /*
1079 * get PKCS#1 Private Key of PEM format from local file.
1080 */
1081 vchar_t *
1082 eay_get_pkcs1privkey(path)
1083 char *path;
1084 {
1085 FILE *fp;
1086 EVP_PKEY *evp = NULL;
1087 vchar_t *pkey = NULL;
1088 u_char *bp;
1089 int pkeylen;
1090 int error = -1;
1091
1092 /* Read private key */
1093 fp = fopen(path, "r");
1094 if (fp == NULL)
1095 return NULL;
1096
1097 evp = PEM_read_PrivateKey(fp, NULL, NULL, NULL);
1098
1099 fclose (fp);
1100
1101 if (evp == NULL)
1102 return NULL;
1103
1104 pkeylen = i2d_PrivateKey(evp, NULL);
1105 if (pkeylen == 0)
1106 goto end;
1107 pkey = vmalloc(pkeylen);
1108 if (pkey == NULL)
1109 goto end;
1110 bp = (unsigned char *) pkey->v;
1111 pkeylen = i2d_PrivateKey(evp, &bp);
1112 if (pkeylen == 0)
1113 goto end;
1114
1115 error = 0;
1116
1117 end:
1118 if (evp != NULL)
1119 EVP_PKEY_free(evp);
1120 if (error != 0 && pkey != NULL) {
1121 vfree(pkey);
1122 pkey = NULL;
1123 }
1124
1125 return pkey;
1126 }
1127
1128 /*
1129 * get PKCS#1 Public Key of PEM format from local file.
1130 */
1131 vchar_t *
1132 eay_get_pkcs1pubkey(path)
1133 char *path;
1134 {
1135 FILE *fp;
1136 EVP_PKEY *evp = NULL;
1137 vchar_t *pkey = NULL;
1138 X509 *x509 = NULL;
1139 u_char *bp;
1140 int pkeylen;
1141 int error = -1;
1142
1143 /* Read private key */
1144 fp = fopen(path, "r");
1145 if (fp == NULL)
1146 return NULL;
1147
1148 x509 = PEM_read_X509(fp, NULL, NULL, NULL);
1149
1150 fclose (fp);
1151
1152 if (x509 == NULL)
1153 return NULL;
1154
1155 /* Get public key - eay */
1156 evp = X509_get_pubkey(x509);
1157 if (evp == NULL)
1158 return NULL;
1159
1160 pkeylen = i2d_PublicKey(evp, NULL);
1161 if (pkeylen == 0)
1162 goto end;
1163 pkey = vmalloc(pkeylen);
1164 if (pkey == NULL)
1165 goto end;
1166 bp = (unsigned char *) pkey->v;
1167 pkeylen = i2d_PublicKey(evp, &bp);
1168 if (pkeylen == 0)
1169 goto end;
1170
1171 error = 0;
1172 end:
1173 if (evp != NULL)
1174 EVP_PKEY_free(evp);
1175 if (error != 0 && pkey != NULL) {
1176 vfree(pkey);
1177 pkey = NULL;
1178 }
1179
1180 return pkey;
1181 }
1182
1183 vchar_t *
1184 eay_get_x509sign(src, privkey)
1185 vchar_t *src, *privkey;
1186 {
1187 EVP_PKEY *evp;
1188 u_char *bp = (unsigned char *) privkey->v;
1189 vchar_t *sig = NULL;
1190 int len;
1191 int pad = RSA_PKCS1_PADDING;
1192
1193 /* XXX to be handled EVP_PKEY_DSA */
1194 evp = d2i_PrivateKey(EVP_PKEY_RSA, NULL, (void *)&bp, privkey->l);
1195 if (evp == NULL)
1196 return NULL;
1197
1198 sig = eay_rsa_sign(src, evp->pkey.rsa);
1199
1200 EVP_PKEY_free(evp);
1201
1202 return sig;
1203 }
1204
1205 vchar_t *
1206 eay_get_rsasign(src, rsa)
1207 vchar_t *src;
1208 RSA *rsa;
1209 {
1210 return eay_rsa_sign(src, rsa);
1211 }
1212
1213 vchar_t *
1214 eay_rsa_sign(vchar_t *src, RSA *rsa)
1215 {
1216 int len;
1217 vchar_t *sig = NULL;
1218 int pad = RSA_PKCS1_PADDING;
1219
1220 len = RSA_size(rsa);
1221
1222 sig = vmalloc(len);
1223 if (sig == NULL)
1224 return NULL;
1225
1226 len = RSA_private_encrypt(src->l, (unsigned char *) src->v,
1227 (unsigned char *) sig->v, rsa, pad);
1228
1229 if (len == 0 || len != sig->l) {
1230 vfree(sig);
1231 sig = NULL;
1232 }
1233
1234 return sig;
1235 }
1236
1237 int
1238 eay_rsa_verify(src, sig, rsa)
1239 vchar_t *src, *sig;
1240 RSA *rsa;
1241 {
1242 vchar_t *xbuf = NULL;
1243 int pad = RSA_PKCS1_PADDING;
1244 int len = 0;
1245 int error;
1246
1247 len = RSA_size(rsa);
1248 xbuf = vmalloc(len);
1249 if (xbuf == NULL) {
1250 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
1251 return -1;
1252 }
1253
1254 len = RSA_public_decrypt(sig->l, (unsigned char *) sig->v,
1255 (unsigned char *) xbuf->v, rsa, pad);
1256 if (len == 0 || len != src->l) {
1257 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
1258 vfree(xbuf);
1259 return -1;
1260 }
1261
1262 error = memcmp(src->v, xbuf->v, src->l);
1263 vfree(xbuf);
1264 if (error != 0)
1265 return -1;
1266
1267 return 0;
1268 }
1269
1270 /*
1271 * get error string
1272 * MUST load ERR_load_crypto_strings() first.
1273 */
1274 char *
1275 eay_strerror()
1276 {
1277 static char ebuf[512];
1278 int len = 0, n;
1279 unsigned long l;
1280 char buf[200];
1281 const char *file, *data;
1282 int line, flags;
1283 unsigned long es;
1284
1285 es = CRYPTO_thread_id();
1286
1287 while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0){
1288 n = snprintf(ebuf + len, sizeof(ebuf) - len,
1289 "%lu:%s:%s:%d:%s ",
1290 es, ERR_error_string(l, buf), file, line,
1291 (flags & ERR_TXT_STRING) ? data : "");
1292 if (n < 0 || n >= sizeof(ebuf) - len)
1293 break;
1294 len += n;
1295 if (sizeof(ebuf) < len)
1296 break;
1297 }
1298
1299 return ebuf;
1300 }
1301
1302 vchar_t *
1303 evp_crypt(vchar_t *data, vchar_t *key, vchar_t *iv, const EVP_CIPHER *e, int enc)
1304 {
1305 vchar_t *res;
1306 EVP_CIPHER_CTX ctx;
1307
1308 if (!e)
1309 return NULL;
1310
1311 if (data->l % EVP_CIPHER_block_size(e))
1312 return NULL;
1313
1314 if ((res = vmalloc(data->l)) == NULL)
1315 return NULL;
1316
1317 EVP_CIPHER_CTX_init(&ctx);
1318
1319 switch(EVP_CIPHER_nid(e)){
1320 case NID_bf_cbc:
1321 case NID_bf_ecb:
1322 case NID_bf_cfb64:
1323 case NID_bf_ofb64:
1324 case NID_cast5_cbc:
1325 case NID_cast5_ecb:
1326 case NID_cast5_cfb64:
1327 case NID_cast5_ofb64:
1328 /* XXX: can we do that also for algos with a fixed key size ?
1329 */
1330 /* init context without key/iv
1331 */
1332 if (!EVP_CipherInit(&ctx, e, NULL, NULL, enc))
1333 {
1334 OpenSSL_BUG();
1335 vfree(res);
1336 return NULL;
1337 }
1338
1339 /* update key size
1340 */
1341 if (!EVP_CIPHER_CTX_set_key_length(&ctx, key->l))
1342 {
1343 OpenSSL_BUG();
1344 vfree(res);
1345 return NULL;
1346 }
1347
1348 /* finalize context init with desired key size
1349 */
1350 if (!EVP_CipherInit(&ctx, NULL, (u_char *) key->v,
1351 (u_char *) iv->v, enc))
1352 {
1353 OpenSSL_BUG();
1354 vfree(res);
1355 return NULL;
1356 }
1357 break;
1358 default:
1359 if (!EVP_CipherInit(&ctx, e, (u_char *) key->v,
1360 (u_char *) iv->v, enc)) {
1361 OpenSSL_BUG();
1362 vfree(res);
1363 return NULL;
1364 }
1365 }
1366
1367 /* disable openssl padding */
1368 EVP_CIPHER_CTX_set_padding(&ctx, 0);
1369
1370 if (!EVP_Cipher(&ctx, (u_char *) res->v, (u_char *) data->v, data->l)) {
1371 OpenSSL_BUG();
1372 vfree(res);
1373 return NULL;
1374 }
1375
1376 EVP_CIPHER_CTX_cleanup(&ctx);
1377
1378 return res;
1379 }
1380
1381 int
1382 evp_weakkey(vchar_t *key, const EVP_CIPHER *e)
1383 {
1384 return 0;
1385 }
1386
1387 int
1388 evp_keylen(int len, const EVP_CIPHER *e)
1389 {
1390 if (!e)
1391 return -1;
1392 /* EVP functions return lengths in bytes, ipsec-tools
1393 * uses lengths in bits, therefore conversion is required. --AK
1394 */
1395 if (len != 0 && len != (EVP_CIPHER_key_length(e) << 3))
1396 return -1;
1397
1398 return EVP_CIPHER_key_length(e) << 3;
1399 }
1400
1401 vchar_t *
1402 eay_CCCrypt(CCOperation oper,
1403 CCAlgorithm algo,
1404 CCOptions opts,
1405 vchar_t *data,
1406 vchar_t *key,
1407 vchar_t *iv)
1408 {
1409 vchar_t *res;
1410 size_t res_len = 0;
1411 CCCryptorStatus status;
1412
1413 /* allocate buffer for result */
1414 if ((res = vmalloc(data->l)) == NULL)
1415 return NULL;
1416
1417 status = CCCrypt(oper,
1418 algo,
1419 opts,
1420 key->v, key->l,
1421 iv->v,
1422 data->v, data->l,
1423 res->v, res->l, &res_len);
1424 if (status == kCCSuccess) {
1425 if (res->l != res_len) {
1426 plog(LLV_ERROR, LOCATION, NULL,
1427 "crypt %d %d length mismatch. expected: %zd. got: %zd.\n",
1428 oper, algo, res->l, res_len);
1429 }
1430 return res;
1431 } else {
1432 plog(LLV_ERROR, LOCATION, NULL,
1433 "crypt %d %d error. status %d.\n",
1434 oper, algo, (int)status);
1435 }
1436 vfree(res);
1437 return NULL;
1438 }
1439
1440 /*
1441 * DES-CBC
1442 */
1443 vchar_t *
1444 eay_des_encrypt(data, key, iv)
1445 vchar_t *data, *key, *iv;
1446 {
1447 #ifdef __APPLE__
1448 return(eay_CCCrypt(kCCEncrypt, kCCAlgorithmDES, 0 /* CBC */, data, key, iv));
1449 #else
1450 return evp_crypt(data, key, iv, EVP_des_cbc(), 1);
1451 #endif /* __APPLE__ */
1452 }
1453
1454 vchar_t *
1455 eay_des_decrypt(data, key, iv)
1456 vchar_t *data, *key, *iv;
1457 {
1458 #ifdef __APPLE__
1459 return(eay_CCCrypt(kCCDecrypt, kCCAlgorithmDES, 0 /* CBC */, data, key, iv));
1460 #else
1461 return evp_crypt(data, key, iv, EVP_des_cbc(), 0);
1462 #endif /* __APPLE__ */
1463 }
1464
1465 int
1466 eay_des_weakkey(key)
1467 vchar_t *key;
1468 {
1469 #ifdef USE_NEW_DES_API
1470 return DES_is_weak_key((void *)key->v);
1471 #else
1472 return des_is_weak_key((void *)key->v);
1473 #endif
1474 }
1475
1476 int
1477 eay_des_keylen(len)
1478 int len;
1479 {
1480 #ifdef __APPLE__
1481 /* CommonCrypto return lengths in bytes, ipsec-tools
1482 * uses lengths in bits, therefore conversion is required.
1483 */
1484 if (len != 0 && len != (kCCKeySizeDES << 3))
1485 return -1;
1486
1487 return kCCKeySizeDES << 3;
1488 #else
1489 return evp_keylen(len, EVP_des_cbc());
1490 #endif /* __APPLE__ */
1491 }
1492
1493 #ifdef HAVE_OPENSSL_IDEA_H
1494 /*
1495 * IDEA-CBC
1496 */
1497 vchar_t *
1498 eay_idea_encrypt(data, key, iv)
1499 vchar_t *data, *key, *iv;
1500 {
1501 vchar_t *res;
1502 IDEA_KEY_SCHEDULE ks;
1503
1504 idea_set_encrypt_key(key->v, &ks);
1505
1506 /* allocate buffer for result */
1507 if ((res = vmalloc(data->l)) == NULL)
1508 return NULL;
1509
1510 /* decryption data */
1511 idea_cbc_encrypt(data->v, res->v, data->l,
1512 &ks, iv->v, IDEA_ENCRYPT);
1513
1514 return res;
1515 }
1516
1517 vchar_t *
1518 eay_idea_decrypt(data, key, iv)
1519 vchar_t *data, *key, *iv;
1520 {
1521 vchar_t *res;
1522 IDEA_KEY_SCHEDULE ks, dks;
1523
1524 idea_set_encrypt_key(key->v, &ks);
1525 idea_set_decrypt_key(&ks, &dks);
1526
1527 /* allocate buffer for result */
1528 if ((res = vmalloc(data->l)) == NULL)
1529 return NULL;
1530
1531 /* decryption data */
1532 idea_cbc_encrypt(data->v, res->v, data->l,
1533 &dks, iv->v, IDEA_DECRYPT);
1534
1535 return res;
1536 }
1537
1538 int
1539 eay_idea_weakkey(key)
1540 vchar_t *key;
1541 {
1542 return 0; /* XXX */
1543 }
1544
1545 int
1546 eay_idea_keylen(len)
1547 int len;
1548 {
1549 if (len != 0 && len != 128)
1550 return -1;
1551 return 128;
1552 }
1553 #endif
1554
1555 /*
1556 * BLOWFISH-CBC
1557 */
1558 vchar_t *
1559 eay_bf_encrypt(data, key, iv)
1560 vchar_t *data, *key, *iv;
1561 {
1562 return evp_crypt(data, key, iv, EVP_bf_cbc(), 1);
1563 }
1564
1565 vchar_t *
1566 eay_bf_decrypt(data, key, iv)
1567 vchar_t *data, *key, *iv;
1568 {
1569 return evp_crypt(data, key, iv, EVP_bf_cbc(), 0);
1570 }
1571
1572 int
1573 eay_bf_weakkey(key)
1574 vchar_t *key;
1575 {
1576 return 0; /* XXX to be done. refer to RFC 2451 */
1577 }
1578
1579 int
1580 eay_bf_keylen(len)
1581 int len;
1582 {
1583 if (len == 0)
1584 return 448;
1585 if (len < 40 || len > 448)
1586 return -1;
1587 return len;
1588 }
1589
1590 #ifdef HAVE_OPENSSL_RC5_H
1591 /*
1592 * RC5-CBC
1593 */
1594 vchar_t *
1595 eay_rc5_encrypt(data, key, iv)
1596 vchar_t *data, *key, *iv;
1597 {
1598 vchar_t *res;
1599 RC5_32_KEY ks;
1600
1601 /* in RFC 2451, there is information about the number of round. */
1602 RC5_32_set_key(&ks, key->l, key->v, 16);
1603
1604 /* allocate buffer for result */
1605 if ((res = vmalloc(data->l)) == NULL)
1606 return NULL;
1607
1608 /* decryption data */
1609 RC5_32_cbc_encrypt(data->v, res->v, data->l,
1610 &ks, iv->v, RC5_ENCRYPT);
1611
1612 return res;
1613 }
1614
1615 vchar_t *
1616 eay_rc5_decrypt(data, key, iv)
1617 vchar_t *data, *key, *iv;
1618 {
1619 vchar_t *res;
1620 RC5_32_KEY ks;
1621
1622 /* in RFC 2451, there is information about the number of round. */
1623 RC5_32_set_key(&ks, key->l, key->v, 16);
1624
1625 /* allocate buffer for result */
1626 if ((res = vmalloc(data->l)) == NULL)
1627 return NULL;
1628
1629 /* decryption data */
1630 RC5_32_cbc_encrypt(data->v, res->v, data->l,
1631 &ks, iv->v, RC5_DECRYPT);
1632
1633 return res;
1634 }
1635
1636 int
1637 eay_rc5_weakkey(key)
1638 vchar_t *key;
1639 {
1640 return 0; /* No known weak keys when used with 16 rounds. */
1641
1642 }
1643
1644 int
1645 eay_rc5_keylen(len)
1646 int len;
1647 {
1648 if (len == 0)
1649 return 128;
1650 if (len < 40 || len > 2040)
1651 return -1;
1652 return len;
1653 }
1654 #endif
1655
1656 /*
1657 * 3DES-CBC
1658 */
1659 vchar_t *
1660 eay_3des_encrypt(data, key, iv)
1661 vchar_t *data, *key, *iv;
1662 {
1663 #ifdef __APPLE__
1664 return(eay_CCCrypt(kCCEncrypt, kCCAlgorithm3DES, 0 /* CBC */, data, key, iv));
1665 #else
1666 return evp_crypt(data, key, iv, EVP_des_ede3_cbc(), 1);
1667 #endif /* __APPLE__ */
1668 }
1669
1670 vchar_t *
1671 eay_3des_decrypt(data, key, iv)
1672 vchar_t *data, *key, *iv;
1673 {
1674 #ifdef __APPLE__
1675 return(eay_CCCrypt(kCCDecrypt, kCCAlgorithm3DES, 0 /* CBC */, data, key, iv));
1676 #else
1677 return evp_crypt(data, key, iv, EVP_des_ede3_cbc(), 0);
1678 #endif /* __APPLE__ */
1679 }
1680
1681 int
1682 eay_3des_weakkey(key)
1683 vchar_t *key;
1684 {
1685 #ifdef USE_NEW_DES_API
1686 return (DES_is_weak_key((void *)key->v) ||
1687 DES_is_weak_key((void *)(key->v + 8)) ||
1688 DES_is_weak_key((void *)(key->v + 16)));
1689 #else
1690 if (key->l < 24)
1691 return 0;
1692
1693 return (des_is_weak_key((void *)key->v) ||
1694 des_is_weak_key((void *)(key->v + 8)) ||
1695 des_is_weak_key((void *)(key->v + 16)));
1696 #endif
1697 }
1698
1699 int
1700 eay_3des_keylen(len)
1701 int len;
1702 {
1703 #ifdef __APPLE__
1704 /* CommonCrypto return lengths in bytes, ipsec-tools
1705 * uses lengths in bits, therefore conversion is required.
1706 */
1707 if (len != 0 && len != (kCCKeySize3DES << 3))
1708 return -1;
1709
1710 return kCCKeySize3DES << 3;
1711 #else
1712 if (len != 0 && len != 192)
1713 return -1;
1714 return 192;
1715 #endif /* __APPLE__ */
1716 }
1717
1718 /*
1719 * CAST-CBC
1720 */
1721 vchar_t *
1722 eay_cast_encrypt(data, key, iv)
1723 vchar_t *data, *key, *iv;
1724 {
1725 return evp_crypt(data, key, iv, EVP_cast5_cbc(), 1);
1726 }
1727
1728 vchar_t *
1729 eay_cast_decrypt(data, key, iv)
1730 vchar_t *data, *key, *iv;
1731 {
1732 return evp_crypt(data, key, iv, EVP_cast5_cbc(), 0);
1733 }
1734
1735 int
1736 eay_cast_weakkey(key)
1737 vchar_t *key;
1738 {
1739 return 0; /* No known weak keys. */
1740 }
1741
1742 int
1743 eay_cast_keylen(len)
1744 int len;
1745 {
1746 if (len == 0)
1747 return 128;
1748 if (len < 40 || len > 128)
1749 return -1;
1750 return len;
1751 }
1752
1753 /*
1754 * AES(RIJNDAEL)-CBC
1755 */
1756 #ifdef __APPLE__
1757 vchar_t *
1758 eay_aes_encrypt(data, key, iv)
1759 vchar_t *data, *key, *iv;
1760 {
1761 return(eay_CCCrypt(kCCEncrypt, kCCAlgorithmAES128 /* adapts to AES-192, or AES-256 depending on the key size*/, 0 /* CBC */, data, key, iv));
1762 }
1763
1764 vchar_t *
1765 eay_aes_decrypt(data, key, iv)
1766 vchar_t *data, *key, *iv;
1767 {
1768 return(eay_CCCrypt(kCCDecrypt, kCCAlgorithmAES128 /* adapts to AES-192, or AES-256 depending on the key size*/, 0 /* CBC */, data, key, iv));
1769 }
1770
1771 int
1772 eay_aes_keylen(len)
1773 int len;
1774 {
1775 /* CommonCrypto return lengths in bytes, ipsec-tools
1776 * uses lengths in bits, therefore conversion is required.
1777 */
1778 if (len != 0) {
1779 if (len != (kCCKeySizeAES128 << 3) &&
1780 len != (kCCKeySizeAES192 << 3) &&
1781 len != (kCCKeySizeAES256 << 3))
1782 return -1;
1783 } else {
1784 return kCCKeySizeAES128 << 3;
1785 }
1786 return len;
1787 }
1788
1789 #else
1790
1791 #ifndef HAVE_OPENSSL_AES_H
1792 vchar_t *
1793 eay_aes_encrypt(data, key, iv)
1794 vchar_t *data, *key, *iv;
1795 {
1796 vchar_t *res;
1797 keyInstance k;
1798 cipherInstance c;
1799
1800 memset(&k, 0, sizeof(k));
1801 if (rijndael_makeKey(&k, DIR_ENCRYPT, key->l << 3, key->v) < 0)
1802 return NULL;
1803
1804 /* allocate buffer for result */
1805 if ((res = vmalloc(data->l)) == NULL)
1806 return NULL;
1807
1808 /* encryption data */
1809 memset(&c, 0, sizeof(c));
1810 if (rijndael_cipherInit(&c, MODE_CBC, iv->v) < 0){
1811 vfree(res);
1812 return NULL;
1813 }
1814 if (rijndael_blockEncrypt(&c, &k, data->v, data->l << 3, res->v) < 0){
1815 vfree(res);
1816 return NULL;
1817 }
1818
1819 return res;
1820 }
1821
1822 vchar_t *
1823 eay_aes_decrypt(data, key, iv)
1824 vchar_t *data, *key, *iv;
1825 {
1826 vchar_t *res;
1827 keyInstance k;
1828 cipherInstance c;
1829
1830 memset(&k, 0, sizeof(k));
1831 if (rijndael_makeKey(&k, DIR_DECRYPT, key->l << 3, key->v) < 0)
1832 return NULL;
1833
1834 /* allocate buffer for result */
1835 if ((res = vmalloc(data->l)) == NULL)
1836 return NULL;
1837
1838 /* decryption data */
1839 memset(&c, 0, sizeof(c));
1840 if (rijndael_cipherInit(&c, MODE_CBC, iv->v) < 0){
1841 vfree(res);
1842 return NULL;
1843 }
1844 if (rijndael_blockDecrypt(&c, &k, data->v, data->l << 3, res->v) < 0){
1845 vfree(res);
1846 return NULL;
1847 }
1848
1849 return res;
1850 }
1851 #else
1852 static inline const EVP_CIPHER *
1853 aes_evp_by_keylen(int keylen)
1854 {
1855 switch(keylen) {
1856 case 16:
1857 case 128:
1858 return EVP_aes_128_cbc();
1859 case 24:
1860 case 192:
1861 return EVP_aes_192_cbc();
1862 case 32:
1863 case 256:
1864 return EVP_aes_256_cbc();
1865 default:
1866 return NULL;
1867 }
1868 }
1869
1870 vchar_t *
1871 eay_aes_encrypt(data, key, iv)
1872 vchar_t *data, *key, *iv;
1873 {
1874 return evp_crypt(data, key, iv, aes_evp_by_keylen(key->l), 1);
1875 }
1876
1877 vchar_t *
1878 eay_aes_decrypt(data, key, iv)
1879 vchar_t *data, *key, *iv;
1880 {
1881 return evp_crypt(data, key, iv, aes_evp_by_keylen(key->l), 0);
1882 }
1883 #endif /* HAVE_OPENSSL_AES_H */
1884
1885 int
1886 eay_aes_keylen(len)
1887 int len;
1888 {
1889 if (len == 0)
1890 return 128;
1891 if (len != 128 && len != 192 && len != 256)
1892 return -1;
1893 return len;
1894 }
1895 #endif /* __APPLE__ */
1896
1897 int
1898 eay_aes_weakkey(key)
1899 vchar_t *key;
1900 {
1901 return 0;
1902 }
1903
1904 /* for ipsec part */
1905 int
1906 eay_null_hashlen()
1907 {
1908 return 0;
1909 }
1910
1911 int
1912 eay_kpdk_hashlen()
1913 {
1914 return 0;
1915 }
1916
1917 int
1918 eay_twofish_keylen(len)
1919 int len;
1920 {
1921 if (len < 0 || len > 256)
1922 return -1;
1923 return len;
1924 }
1925
1926 int
1927 eay_null_keylen(len)
1928 int len;
1929 {
1930 return 0;
1931 }
1932
1933 /*
1934 * HMAC functions
1935 */
1936
1937 #ifdef __APPLE__
1938 static caddr_t
1939 eay_hmac_init(key, algorithm)
1940 vchar_t *key;
1941 CCHmacAlgorithm algorithm;
1942 {
1943 CCHmacContext *c = racoon_malloc(sizeof(*c));
1944
1945 CCHmacInit(c, algorithm, key->v, key->l);
1946
1947 return (caddr_t)c;
1948 }
1949 #else
1950 static caddr_t
1951 eay_hmac_init(key, md)
1952 vchar_t *key;
1953 const EVP_MD *md;
1954 {
1955 HMAC_CTX *c = racoon_malloc(sizeof(*c));
1956
1957 HMAC_Init(c, key->v, key->l, md);
1958
1959 return (caddr_t)c;
1960 }
1961 #endif /* __APPLE__ */
1962
1963 #ifdef WITH_SHA2
1964 /*
1965 * HMAC SHA2-512
1966 */
1967 vchar_t *
1968 eay_hmacsha2_512_one(key, data)
1969 vchar_t *key, *data;
1970 {
1971 vchar_t *res;
1972 caddr_t ctx;
1973
1974 ctx = eay_hmacsha2_512_init(key);
1975 eay_hmacsha2_512_update(ctx, data);
1976 res = eay_hmacsha2_512_final(ctx);
1977
1978 return(res);
1979 }
1980
1981 caddr_t
1982 eay_hmacsha2_512_init(key)
1983 vchar_t *key;
1984 {
1985 #ifdef __APPLE__
1986 return eay_hmac_init(key, kCCHmacAlgSHA512);
1987 #else
1988 return eay_hmac_init(key, EVP_sha2_512());
1989 #endif
1990 }
1991
1992 void
1993 eay_hmacsha2_512_update(c, data)
1994 caddr_t c;
1995 vchar_t *data;
1996 {
1997 #ifdef __APPLE__
1998 CCHmacUpdate((CCHmacContext *)c, data->v, data->l);
1999 #else
2000 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
2001 #endif
2002 }
2003
2004 #ifdef __APPLE__
2005 vchar_t *
2006 eay_hmacsha2_512_final(c)
2007 caddr_t c;
2008 {
2009 vchar_t *res;
2010
2011 if ((res = vmalloc(CC_SHA512_DIGEST_LENGTH)) == 0)
2012 return NULL;
2013
2014 CCHmacFinal((CCHmacContext *)c, res->v);
2015 res->l = CC_SHA512_DIGEST_LENGTH;
2016
2017 (void)racoon_free(c);
2018 return(res);
2019 }
2020 #else
2021 vchar_t *
2022 eay_hmacsha2_512_final(c)
2023 caddr_t c;
2024 {
2025 vchar_t *res;
2026 unsigned int l;
2027
2028 if ((res = vmalloc(SHA512_DIGEST_LENGTH)) == 0)
2029 return NULL;
2030
2031 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
2032 res->l = l;
2033 HMAC_cleanup((HMAC_CTX *)c);
2034
2035 (void)racoon_free(c);
2036
2037 if (SHA512_DIGEST_LENGTH != res->l) {
2038 plog(LLV_ERROR, LOCATION, NULL,
2039 "hmac sha2_512 length mismatch %zd.\n", res->l);
2040 vfree(res);
2041 return NULL;
2042 }
2043
2044 return(res);
2045 }
2046 #endif /* __APPLE__ */
2047
2048 /*
2049 * HMAC SHA2-384
2050 */
2051 vchar_t *
2052 eay_hmacsha2_384_one(key, data)
2053 vchar_t *key, *data;
2054 {
2055 vchar_t *res;
2056 caddr_t ctx;
2057
2058 ctx = eay_hmacsha2_384_init(key);
2059 eay_hmacsha2_384_update(ctx, data);
2060 res = eay_hmacsha2_384_final(ctx);
2061
2062 return(res);
2063 }
2064
2065 caddr_t
2066 eay_hmacsha2_384_init(key)
2067 vchar_t *key;
2068 {
2069 #ifdef __APPLE__
2070 return eay_hmac_init(key, kCCHmacAlgSHA384);
2071 #else
2072 return eay_hmac_init(key, EVP_sha2_384());
2073 #endif
2074 }
2075
2076 void
2077 eay_hmacsha2_384_update(c, data)
2078 caddr_t c;
2079 vchar_t *data;
2080 {
2081 #ifdef __APPLE__
2082 CCHmacUpdate((CCHmacContext *)c, data->v, data->l);
2083 #else
2084 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
2085 #endif
2086 }
2087
2088 #ifdef __APPLE__
2089 vchar_t *
2090 eay_hmacsha2_384_final(c)
2091 caddr_t c;
2092 {
2093 vchar_t *res;
2094
2095 if ((res = vmalloc(CC_SHA384_DIGEST_LENGTH)) == 0)
2096 return NULL;
2097
2098 CCHmacFinal((CCHmacContext *)c, res->v);
2099 res->l = CC_SHA384_DIGEST_LENGTH;
2100
2101 (void)racoon_free(c);
2102 return(res);
2103 }
2104 #else
2105 vchar_t *
2106 eay_hmacsha2_384_final(c)
2107 caddr_t c;
2108 {
2109 vchar_t *res;
2110 unsigned int l;
2111
2112 if ((res = vmalloc(SHA384_DIGEST_LENGTH)) == 0)
2113 return NULL;
2114
2115 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
2116 res->l = l;
2117 HMAC_cleanup((HMAC_CTX *)c);
2118
2119 (void)racoon_free(c);
2120
2121 if (SHA384_DIGEST_LENGTH != res->l) {
2122 plog(LLV_ERROR, LOCATION, NULL,
2123 "hmac sha2_384 length mismatch %zd.\n", res->l);
2124 vfree(res);
2125 return NULL;
2126 }
2127
2128 return(res);
2129 }
2130 #endif /* __APPLE__ */
2131
2132 /*
2133 * HMAC SHA2-256
2134 */
2135 vchar_t *
2136 eay_hmacsha2_256_one(key, data)
2137 vchar_t *key, *data;
2138 {
2139 vchar_t *res;
2140 caddr_t ctx;
2141
2142 ctx = eay_hmacsha2_256_init(key);
2143 eay_hmacsha2_256_update(ctx, data);
2144 res = eay_hmacsha2_256_final(ctx);
2145
2146 return(res);
2147 }
2148
2149 caddr_t
2150 eay_hmacsha2_256_init(key)
2151 vchar_t *key;
2152 {
2153 #ifdef __APPLE__
2154 return eay_hmac_init(key, kCCHmacAlgSHA256);
2155 #else
2156 return eay_hmac_init(key, EVP_sha2_256());
2157 #endif
2158 }
2159
2160 void
2161 eay_hmacsha2_256_update(c, data)
2162 caddr_t c;
2163 vchar_t *data;
2164 {
2165 #ifdef __APPLE__
2166 CCHmacUpdate((CCHmacContext *)c, data->v, data->l);
2167 #else
2168 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
2169 #endif
2170 }
2171
2172 #ifdef __APPLE__
2173 vchar_t *
2174 eay_hmacsha2_256_final(c)
2175 caddr_t c;
2176 {
2177 vchar_t *res;
2178
2179 if ((res = vmalloc(CC_SHA256_DIGEST_LENGTH)) == 0)
2180 return NULL;
2181
2182 CCHmacFinal((CCHmacContext *)c, res->v);
2183 res->l = CC_SHA256_DIGEST_LENGTH;
2184
2185 (void)racoon_free(c);
2186 return(res);
2187 }
2188 #else
2189 vchar_t *
2190 eay_hmacsha2_256_final(c)
2191 caddr_t c;
2192 {
2193 vchar_t *res;
2194 unsigned int l;
2195
2196 if ((res = vmalloc(SHA256_DIGEST_LENGTH)) == 0)
2197 return NULL;
2198
2199 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
2200 res->l = l;
2201 HMAC_cleanup((HMAC_CTX *)c);
2202
2203 (void)racoon_free(c);
2204
2205 if (SHA256_DIGEST_LENGTH != res->l) {
2206 plog(LLV_ERROR, LOCATION, NULL,
2207 "hmac sha2_256 length mismatch %zd.\n", res->l);
2208 vfree(res);
2209 return NULL;
2210 }
2211
2212 return(res);
2213 }
2214 #endif /* __APPLE__ */
2215 #endif /* WITH_SHA2 */
2216
2217 /*
2218 * HMAC SHA1
2219 */
2220 vchar_t *
2221 eay_hmacsha1_one(key, data)
2222 vchar_t *key, *data;
2223 {
2224 vchar_t *res;
2225 caddr_t ctx;
2226
2227 ctx = eay_hmacsha1_init(key);
2228 eay_hmacsha1_update(ctx, data);
2229 res = eay_hmacsha1_final(ctx);
2230
2231 return(res);
2232 }
2233
2234 caddr_t
2235 eay_hmacsha1_init(key)
2236 vchar_t *key;
2237 {
2238 #ifdef __APPLE__
2239 return eay_hmac_init(key, kCCHmacAlgSHA1);
2240 #else
2241 return eay_hmac_init(key, EVP_sha1());
2242 #endif
2243 }
2244
2245 void
2246 eay_hmacsha1_update(c, data)
2247 caddr_t c;
2248 vchar_t *data;
2249 {
2250 #ifdef __APPLE__
2251 CCHmacUpdate((CCHmacContext *)c, data->v, data->l);
2252 #else
2253 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
2254 #endif
2255 }
2256
2257 #ifdef __APPLE__
2258 vchar_t *
2259 eay_hmacsha1_final(c)
2260 caddr_t c;
2261 {
2262 vchar_t *res;
2263
2264 if ((res = vmalloc(CC_SHA1_DIGEST_LENGTH)) == 0)
2265 return NULL;
2266
2267 CCHmacFinal((CCHmacContext *)c, res->v);
2268 res->l = CC_SHA1_DIGEST_LENGTH;
2269
2270 (void)racoon_free(c);
2271 return(res);
2272 }
2273 #else
2274 vchar_t *
2275 eay_hmacsha1_final(c)
2276 caddr_t c;
2277 {
2278 vchar_t *res;
2279 unsigned int l;
2280
2281 if ((res = vmalloc(SHA_DIGEST_LENGTH)) == 0)
2282 return NULL;
2283
2284 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
2285 res->l = l;
2286 HMAC_cleanup((HMAC_CTX *)c);
2287
2288 (void)racoon_free(c);
2289
2290 if (SHA_DIGEST_LENGTH != res->l) {
2291 plog(LLV_ERROR, LOCATION, NULL,
2292 "hmac sha1 length mismatch %zd.\n", res->l);
2293 vfree(res);
2294 return NULL;
2295 }
2296
2297 return(res);
2298 }
2299 #endif /* __APPLE__ */
2300
2301 /*
2302 * HMAC MD5
2303 */
2304 vchar_t *
2305 eay_hmacmd5_one(key, data)
2306 vchar_t *key, *data;
2307 {
2308 vchar_t *res;
2309 caddr_t ctx;
2310
2311 ctx = eay_hmacmd5_init(key);
2312 eay_hmacmd5_update(ctx, data);
2313 res = eay_hmacmd5_final(ctx);
2314
2315 return(res);
2316 }
2317
2318 caddr_t
2319 eay_hmacmd5_init(key)
2320 vchar_t *key;
2321 {
2322 #ifdef __APPLE__
2323 return eay_hmac_init(key, kCCHmacAlgMD5);
2324 #else
2325 return eay_hmac_init(key, EVP_md5());
2326 #endif
2327 }
2328
2329 void
2330 eay_hmacmd5_update(c, data)
2331 caddr_t c;
2332 vchar_t *data;
2333 {
2334 #ifdef __APPLE__
2335 CCHmacUpdate((CCHmacContext *)c, data->v, data->l);
2336 #else
2337 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
2338 #endif
2339 }
2340
2341 #ifdef __APPLE__
2342 vchar_t *
2343 eay_hmacmd5_final(c)
2344 caddr_t c;
2345 {
2346 vchar_t *res;
2347
2348 if ((res = vmalloc(CC_MD5_DIGEST_LENGTH)) == 0)
2349 return NULL;
2350
2351 CCHmacFinal((CCHmacContext *)c, res->v);
2352 res->l = CC_MD5_DIGEST_LENGTH;
2353 (void)racoon_free(c);
2354
2355 return(res);
2356 }
2357 #else
2358 vchar_t *
2359 eay_hmacmd5_final(c)
2360 caddr_t c;
2361 {
2362 vchar_t *res;
2363 unsigned int l;
2364
2365 if ((res = vmalloc(MD5_DIGEST_LENGTH)) == 0)
2366 return NULL;
2367
2368 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
2369 res->l = l;
2370 HMAC_cleanup((HMAC_CTX *)c);
2371
2372 (void)racoon_free(c);
2373
2374 if (MD5_DIGEST_LENGTH != res->l) {
2375 plog(LLV_ERROR, LOCATION, NULL,
2376 "hmac md5 length mismatch %zd.\n", res->l);
2377 vfree(res);
2378 return NULL;
2379 }
2380
2381 return(res);
2382 }
2383 #endif /* __APPLE__ */
2384
2385 #ifdef WITH_SHA2
2386 /*
2387 * SHA2-512 functions
2388 */
2389 caddr_t
2390 eay_sha2_512_init()
2391 {
2392 SHA512_CTX *c = racoon_malloc(sizeof(*c));
2393
2394 SHA512_Init(c);
2395
2396 return((caddr_t)c);
2397 }
2398
2399 void
2400 eay_sha2_512_update(c, data)
2401 caddr_t c;
2402 vchar_t *data;
2403 {
2404 SHA512_Update((SHA512_CTX *)c, (unsigned char *) data->v, data->l);
2405
2406 return;
2407 }
2408
2409 vchar_t *
2410 eay_sha2_512_final(c)
2411 caddr_t c;
2412 {
2413 vchar_t *res;
2414
2415 if ((res = vmalloc(SHA512_DIGEST_LENGTH)) == 0)
2416 return(0);
2417
2418 SHA512_Final((unsigned char *) res->v, (SHA512_CTX *)c);
2419 (void)racoon_free(c);
2420
2421 return(res);
2422 }
2423
2424 vchar_t *
2425 eay_sha2_512_one(data)
2426 vchar_t *data;
2427 {
2428 caddr_t ctx;
2429 vchar_t *res;
2430
2431 ctx = eay_sha2_512_init();
2432 eay_sha2_512_update(ctx, data);
2433 res = eay_sha2_512_final(ctx);
2434
2435 return(res);
2436 }
2437
2438 int
2439 eay_sha2_512_hashlen()
2440 {
2441 return SHA512_DIGEST_LENGTH << 3;
2442 }
2443 #endif
2444
2445 #ifdef WITH_SHA2
2446 /*
2447 * SHA2-384 functions
2448 */
2449
2450 #ifdef __APPLE__
2451 typedef SHA512_CTX SHA384_CTX;
2452 #endif
2453
2454 caddr_t
2455 eay_sha2_384_init()
2456 {
2457 SHA384_CTX *c = racoon_malloc(sizeof(*c));
2458
2459 SHA384_Init(c);
2460
2461 return((caddr_t)c);
2462 }
2463
2464 void
2465 eay_sha2_384_update(c, data)
2466 caddr_t c;
2467 vchar_t *data;
2468 {
2469 SHA384_Update((SHA384_CTX *)c, (unsigned char *) data->v, data->l);
2470
2471 return;
2472 }
2473
2474 vchar_t *
2475 eay_sha2_384_final(c)
2476 caddr_t c;
2477 {
2478 vchar_t *res;
2479
2480 if ((res = vmalloc(SHA384_DIGEST_LENGTH)) == 0)
2481 return(0);
2482
2483 SHA384_Final((unsigned char *) res->v, (SHA384_CTX *)c);
2484 (void)racoon_free(c);
2485
2486 return(res);
2487 }
2488
2489 vchar_t *
2490 eay_sha2_384_one(data)
2491 vchar_t *data;
2492 {
2493 caddr_t ctx;
2494 vchar_t *res;
2495
2496 ctx = eay_sha2_384_init();
2497 eay_sha2_384_update(ctx, data);
2498 res = eay_sha2_384_final(ctx);
2499
2500 return(res);
2501 }
2502
2503 int
2504 eay_sha2_384_hashlen()
2505 {
2506 return SHA384_DIGEST_LENGTH << 3;
2507 }
2508 #endif
2509
2510 #ifdef WITH_SHA2
2511 /*
2512 * SHA2-256 functions
2513 */
2514 caddr_t
2515 eay_sha2_256_init()
2516 {
2517 SHA256_CTX *c = racoon_malloc(sizeof(*c));
2518
2519 SHA256_Init(c);
2520
2521 return((caddr_t)c);
2522 }
2523
2524 void
2525 eay_sha2_256_update(c, data)
2526 caddr_t c;
2527 vchar_t *data;
2528 {
2529 SHA256_Update((SHA256_CTX *)c, (unsigned char *) data->v, data->l);
2530
2531 return;
2532 }
2533
2534 vchar_t *
2535 eay_sha2_256_final(c)
2536 caddr_t c;
2537 {
2538 vchar_t *res;
2539
2540 if ((res = vmalloc(SHA256_DIGEST_LENGTH)) == 0)
2541 return(0);
2542
2543 SHA256_Final((unsigned char *) res->v, (SHA256_CTX *)c);
2544 (void)racoon_free(c);
2545
2546 return(res);
2547 }
2548
2549 vchar_t *
2550 eay_sha2_256_one(data)
2551 vchar_t *data;
2552 {
2553 caddr_t ctx;
2554 vchar_t *res;
2555
2556 ctx = eay_sha2_256_init();
2557 eay_sha2_256_update(ctx, data);
2558 res = eay_sha2_256_final(ctx);
2559
2560 return(res);
2561 }
2562
2563 int
2564 eay_sha2_256_hashlen()
2565 {
2566 return SHA256_DIGEST_LENGTH << 3;
2567 }
2568 #endif
2569
2570 /*
2571 * SHA functions
2572 */
2573 caddr_t
2574 eay_sha1_init()
2575 {
2576 SHA_CTX *c = racoon_malloc(sizeof(*c));
2577
2578 SHA1_Init(c);
2579
2580 return((caddr_t)c);
2581 }
2582
2583 void
2584 eay_sha1_update(c, data)
2585 caddr_t c;
2586 vchar_t *data;
2587 {
2588 SHA1_Update((SHA_CTX *)c, data->v, data->l);
2589
2590 return;
2591 }
2592
2593 vchar_t *
2594 eay_sha1_final(c)
2595 caddr_t c;
2596 {
2597 vchar_t *res;
2598
2599 if ((res = vmalloc(SHA_DIGEST_LENGTH)) == 0)
2600 return(0);
2601
2602 SHA1_Final((unsigned char *) res->v, (SHA_CTX *)c);
2603 (void)racoon_free(c);
2604
2605 return(res);
2606 }
2607
2608 vchar_t *
2609 eay_sha1_one(data)
2610 vchar_t *data;
2611 {
2612 caddr_t ctx;
2613 vchar_t *res;
2614
2615 ctx = eay_sha1_init();
2616 eay_sha1_update(ctx, data);
2617 res = eay_sha1_final(ctx);
2618
2619 return(res);
2620 }
2621
2622 int
2623 eay_sha1_hashlen()
2624 {
2625 return SHA_DIGEST_LENGTH << 3;
2626 }
2627
2628 /*
2629 * MD5 functions
2630 */
2631 caddr_t
2632 eay_md5_init()
2633 {
2634 MD5_CTX *c = racoon_malloc(sizeof(*c));
2635
2636 MD5_Init(c);
2637
2638 return((caddr_t)c);
2639 }
2640
2641 void
2642 eay_md5_update(c, data)
2643 caddr_t c;
2644 vchar_t *data;
2645 {
2646 MD5_Update((MD5_CTX *)c, data->v, data->l);
2647
2648 return;
2649 }
2650
2651 vchar_t *
2652 eay_md5_final(c)
2653 caddr_t c;
2654 {
2655 vchar_t *res;
2656
2657 if ((res = vmalloc(MD5_DIGEST_LENGTH)) == 0)
2658 return(0);
2659
2660 MD5_Final((unsigned char *) res->v, (MD5_CTX *)c);
2661 (void)racoon_free(c);
2662
2663 return(res);
2664 }
2665
2666 vchar_t *
2667 eay_md5_one(data)
2668 vchar_t *data;
2669 {
2670 caddr_t ctx;
2671 vchar_t *res;
2672
2673 ctx = eay_md5_init();
2674 eay_md5_update(ctx, data);
2675 res = eay_md5_final(ctx);
2676
2677 return(res);
2678 }
2679
2680 int
2681 eay_md5_hashlen()
2682 {
2683 return MD5_DIGEST_LENGTH << 3;
2684 }
2685
2686 /*
2687 * eay_set_random
2688 * size: number of bytes.
2689 */
2690 vchar_t *
2691 eay_set_random(size)
2692 u_int32_t size;
2693 {
2694 BIGNUM *r = NULL;
2695 vchar_t *res = 0;
2696
2697 if ((r = BN_new()) == NULL)
2698 goto end;
2699 BN_rand(r, size * 8, 0, 0);
2700 eay_bn2v(&res, r);
2701
2702 end:
2703 if (r)
2704 BN_free(r);
2705 return(res);
2706 }
2707
2708 /* DH */
2709 int
2710 eay_dh_generate(prime, g, publen, pub, priv)
2711 vchar_t *prime, **pub, **priv;
2712 u_int publen;
2713 u_int32_t g;
2714 {
2715 BIGNUM *p = NULL;
2716 DH *dh = NULL;
2717 int error = -1;
2718
2719 /* initialize */
2720 /* pre-process to generate number */
2721 if (eay_v2bn(&p, prime) < 0)
2722 goto end;
2723
2724 if ((dh = DH_new()) == NULL)
2725 goto end;
2726 dh->p = p;
2727 p = NULL; /* p is now part of dh structure */
2728 dh->g = NULL;
2729 if ((dh->g = BN_new()) == NULL)
2730 goto end;
2731 if (!BN_set_word(dh->g, g))
2732 goto end;
2733
2734 if (publen != 0)
2735 dh->length = publen;
2736
2737 /* generate public and private number */
2738 if (!DH_generate_key(dh))
2739 goto end;
2740
2741 /* copy results to buffers */
2742 if (eay_bn2v(pub, dh->pub_key) < 0)
2743 goto end;
2744 if (eay_bn2v(priv, dh->priv_key) < 0) {
2745 vfree(*pub);
2746 goto end;
2747 }
2748
2749 error = 0;
2750
2751 end:
2752 if (dh != NULL)
2753 DH_free(dh);
2754 if (p != 0)
2755 BN_free(p);
2756 return(error);
2757 }
2758
2759 int
2760 eay_dh_compute(prime, g, pub, priv, pub2, key)
2761 vchar_t *prime, *pub, *priv, *pub2, **key;
2762 u_int32_t g;
2763 {
2764 BIGNUM *dh_pub = NULL;
2765 DH *dh = NULL;
2766 int l;
2767 unsigned char *v = NULL;
2768 int error = -1;
2769
2770 /* make public number to compute */
2771 if (eay_v2bn(&dh_pub, pub2) < 0)
2772 goto end;
2773
2774 /* make DH structure */
2775 if ((dh = DH_new()) == NULL)
2776 goto end;
2777 if (eay_v2bn(&dh->p, prime) < 0)
2778 goto end;
2779 if (eay_v2bn(&dh->pub_key, pub) < 0)
2780 goto end;
2781 if (eay_v2bn(&dh->priv_key, priv) < 0)
2782 goto end;
2783 dh->length = pub2->l * 8;
2784
2785 dh->g = NULL;
2786 if ((dh->g = BN_new()) == NULL)
2787 goto end;
2788 if (!BN_set_word(dh->g, g))
2789 goto end;
2790
2791 if ((v = racoon_calloc(prime->l, sizeof(u_char))) == NULL)
2792 goto end;
2793 if ((l = DH_compute_key(v, dh_pub, dh)) == -1)
2794 goto end;
2795 memcpy((*key)->v + (prime->l - l), v, l);
2796
2797 error = 0;
2798
2799 end:
2800 if (dh_pub != NULL)
2801 BN_free(dh_pub);
2802 if (dh != NULL)
2803 DH_free(dh);
2804 if (v != NULL)
2805 racoon_free(v);
2806 return(error);
2807 }
2808
2809 /*
2810 * convert vchar_t <-> BIGNUM.
2811 *
2812 * vchar_t: unit is u_char, network endian, most significant byte first.
2813 * BIGNUM: unit is BN_ULONG, each of BN_ULONG is in host endian,
2814 * least significant BN_ULONG must come first.
2815 *
2816 * hex value of "0x3ffe050104" is represented as follows:
2817 * vchar_t: 3f fe 05 01 04
2818 * BIGNUM (BN_ULONG = u_int8_t): 04 01 05 fe 3f
2819 * BIGNUM (BN_ULONG = u_int16_t): 0x0104 0xfe05 0x003f
2820 * BIGNUM (BN_ULONG = u_int32_t_t): 0xfe050104 0x0000003f
2821 */
2822 int
2823 eay_v2bn(bn, var)
2824 BIGNUM **bn;
2825 vchar_t *var;
2826 {
2827 if ((*bn = BN_bin2bn((unsigned char *) var->v, var->l, NULL)) == NULL)
2828 return -1;
2829
2830 return 0;
2831 }
2832
2833 int
2834 eay_bn2v(var, bn)
2835 vchar_t **var;
2836 BIGNUM *bn;
2837 {
2838 *var = vmalloc(bn->top * BN_BYTES);
2839 if (*var == NULL)
2840 return(-1);
2841
2842 (*var)->l = BN_bn2bin(bn, (unsigned char *) (*var)->v);
2843
2844 return 0;
2845 }
2846
2847 void
2848 eay_init()
2849 {
2850 OpenSSL_add_all_algorithms();
2851 ERR_load_crypto_strings();
2852 #ifdef HAVE_OPENSSL_ENGINE_H
2853 ENGINE_load_builtin_engines();
2854 ENGINE_register_all_complete();
2855 #endif
2856 }
2857
2858 vchar_t *
2859 base64_decode(char *in, long inlen)
2860 {
2861 BIO *bio=NULL, *b64=NULL;
2862 vchar_t *res = NULL;
2863 char *outb;
2864 long outlen;
2865
2866 outb = malloc(inlen * 2);
2867 if (outb == NULL)
2868 goto out;
2869 bio = BIO_new_mem_buf(in, inlen);
2870 b64 = BIO_new(BIO_f_base64());
2871 BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
2872 bio = BIO_push(b64, bio);
2873
2874 outlen = BIO_read(bio, outb, inlen * 2);
2875 if (outlen <= 0) {
2876 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
2877 goto out;
2878 }
2879
2880 res = vmalloc(outlen);
2881 if (!res)
2882 goto out;
2883
2884 memcpy(res->v, outb, outlen);
2885
2886 out:
2887 if (outb)
2888 free(outb);
2889 if (bio)
2890 BIO_free_all(bio);
2891
2892 return res;
2893 }
2894
2895 vchar_t *
2896 base64_encode(char *in, long inlen)
2897 {
2898 BIO *bio=NULL, *b64=NULL;
2899 char *ptr;
2900 long plen = -1;
2901 vchar_t *res = NULL;
2902
2903 bio = BIO_new(BIO_s_mem());
2904 b64 = BIO_new(BIO_f_base64());
2905 BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
2906 bio = BIO_push(b64, bio);
2907
2908 BIO_write(bio, in, inlen);
2909 BIO_flush(bio);
2910
2911 plen = BIO_get_mem_data(bio, &ptr);
2912 res = vmalloc(plen+1);
2913 if (!res)
2914 goto out;
2915
2916 memcpy (res->v, ptr, plen);
2917 res->v[plen] = '\0';
2918
2919 out:
2920 if (bio)
2921 BIO_free_all(bio);
2922
2923 return res;
2924 }
2925
2926 static RSA *
2927 binbuf_pubkey2rsa(vchar_t *binbuf)
2928 {
2929 BIGNUM *exp, *mod;
2930 RSA *rsa_pub = NULL;
2931
2932 if (binbuf->v[0] > binbuf->l - 1) {
2933 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: decoded string doesn't make sense.\n");
2934 goto out;
2935 }
2936
2937 exp = BN_bin2bn((unsigned char *) (binbuf->v + 1), binbuf->v[0], NULL);
2938 mod = BN_bin2bn((unsigned char *) (binbuf->v + binbuf->v[0] + 1),
2939 binbuf->l - binbuf->v[0] - 1, NULL);
2940 rsa_pub = RSA_new();
2941
2942 if (!exp || !mod || !rsa_pub) {
2943 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey parsing error: %s\n", eay_strerror());
2944 if (exp)
2945 BN_free(exp);
2946 if (mod)
2947 BN_free(exp);
2948 if (rsa_pub)
2949 RSA_free(rsa_pub);
2950 rsa_pub = NULL;
2951 goto out;
2952 }
2953
2954 rsa_pub->n = mod;
2955 rsa_pub->e = exp;
2956
2957 out:
2958 return rsa_pub;
2959 }
2960
2961 RSA *
2962 base64_pubkey2rsa(char *in)
2963 {
2964 BIGNUM *exp, *mod;
2965 RSA *rsa_pub = NULL;
2966 vchar_t *binbuf;
2967
2968 if (strncmp(in, "0s", 2) != 0) {
2969 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: doesn't start with '0s'\n");
2970 return NULL;
2971 }
2972
2973 binbuf = base64_decode(in + 2, strlen(in + 2));
2974 if (!binbuf) {
2975 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: Base64 decoding failed.\n");
2976 return NULL;
2977 }
2978
2979 if (binbuf->v[0] > binbuf->l - 1) {
2980 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: decoded string doesn't make sense.\n");
2981 goto out;
2982 }
2983
2984 rsa_pub = binbuf_pubkey2rsa(binbuf);
2985
2986 out:
2987 if (binbuf)
2988 vfree(binbuf);
2989
2990 return rsa_pub;
2991 }
2992
2993 RSA *
2994 bignum_pubkey2rsa(BIGNUM *in)
2995 {
2996 RSA *rsa_pub = NULL;
2997 vchar_t *binbuf;
2998
2999 binbuf = vmalloc(BN_num_bytes(in));
3000 if (!binbuf) {
3001 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey conversion: memory allocation failed..\n");
3002 return NULL;
3003 }
3004
3005 BN_bn2bin(in, (unsigned char *) binbuf->v);
3006
3007 rsa_pub = binbuf_pubkey2rsa(binbuf);
3008
3009 out:
3010 if (binbuf)
3011 vfree(binbuf);
3012
3013 return rsa_pub;
3014 }
3015
3016 u_int32_t
3017 eay_random()
3018 {
3019 u_int32_t result;
3020 vchar_t *vrand;
3021
3022 vrand = eay_set_random(sizeof(result));
3023 memcpy(&result, vrand->v, sizeof(result));
3024 vfree(vrand);
3025
3026 return result;
3027 }
3028
3029 const char *
3030 eay_version()
3031 {
3032 return SSLeay_version(SSLEAY_VERSION);
3033 }