]> git.saurik.com Git - apple/ipsec.git/blob - ipsec-tools/racoon/crypto_openssl.c
projects / apple / ipsec.git / blob
? search:


e930edfc12ff721114431d2c552c057245688fe7
[apple/ipsec.git] / ipsec-tools / racoon / crypto_openssl.c
1 /* $NetBSD: crypto_openssl.c,v 1.11.6.1 2006/12/18 10:18:10 vanhu Exp $ */
2
3 /* Id: crypto_openssl.c,v 1.47 2006/05/06 20:42:09 manubsd Exp */
4
5 /*
6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the project nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "config.h"
35
36 #define COMMON_DIGEST_FOR_OPENSSL 1
37
38 #include <sys/types.h>
39 #include <sys/param.h>
40
41 #include <stdlib.h>
42 #include <stdio.h>
43 #include <limits.h>
44 #include <string.h>
45
46 #ifdef HAVE_OPENSSL
47 /* get openssl/ssleay version number */
48 #include <openssl/opensslv.h>
49
50 #if !defined(OPENSSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x0090602fL)
51 #error OpenSSL version 0.9.6 or later required.
52 #endif
53 #include <openssl/pem.h>
54 #include <openssl/evp.h>
55 #include <openssl/x509.h>
56 #include <openssl/x509v3.h>
57 #include <openssl/x509_vfy.h>
58 #include <openssl/bn.h>
59 #include <openssl/dh.h>
60 #include <openssl/des.h>
61 #include <openssl/crypto.h>
62 #ifdef HAVE_OPENSSL_ENGINE_H
63 #include <openssl/engine.h>
64 #endif
65 #include <openssl/blowfish.h>
66 #include <openssl/cast.h>
67 #include <openssl/err.h>
68 #else /* HAVE_OPENSSL */
69 #include <Security/SecDH.h>
70 #include <Security/SecRandom.h>
71 #endif /* HAVE_OPENSSL */
72
73 #include <CommonCrypto/CommonDigest.h>
74 #include <CommonCrypto/CommonHMAC.h>
75 #include <CommonCrypto/CommonCryptor.h>
76
77 #ifdef HAVE_OPENSSL
78 /* 0.9.7 stuff? */
79 #if OPENSSL_VERSION_NUMBER < 0x0090700fL
80 typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES;
81 #else
82 #define USE_NEW_DES_API
83 #endif
84
85 #define OpenSSL_BUG() do { plog(LLV_ERROR, LOCATION, NULL, "OpenSSL function failed\n"); } while(0)
86 #endif
87
88 #include "crypto_openssl.h"
89 #include "var.h"
90 #include "misc.h"
91 #include "vmbuf.h"
92 #include "plog.h"
93 #include "debug.h"
94 #include "gcmalloc.h"
95
96
97 /*
98 * I hate to cast every parameter to des_xx into void *, but it is
99 * necessary for SSLeay/OpenSSL portability. It sucks.
100 */
101
102 #ifdef HAVE_OPENSSL
103 static int cb_check_cert_local __P((int, X509_STORE_CTX *));
104 static int cb_check_cert_remote __P((int, X509_STORE_CTX *));
105 static X509 *mem2x509 __P((vchar_t *));
106 #endif
107 static caddr_t eay_hmac_init __P((vchar_t *, CCHmacAlgorithm));
108
109
110 #ifdef HAVE_OPENSSL
111 /* X509 Certificate */
112 /*
113 * convert the string of the subject name into DER
114 * e.g. str = "C=JP, ST=Kanagawa";
115 */
116 vchar_t *
117 eay_str2asn1dn(str, len)
118 const char *str;
119 int len;
120 {
121 X509_NAME *name;
122 char *buf;
123 char *field, *value;
124 int i, j;
125 vchar_t *ret = NULL;
126 caddr_t p;
127
128 if (len == -1)
129 len = strlen(str);
130
131 buf = racoon_malloc(len + 1);
132 if (!buf) {
133 plog(LLV_WARNING, LOCATION, NULL,"failed to allocate buffer\n");
134 return NULL;
135 }
136 memcpy(buf, str, len);
137
138 name = X509_NAME_new();
139
140 field = &buf[0];
141 value = NULL;
142 for (i = 0; i < len; i++) {
143 if (!value && buf[i] == '=') {
144 buf[i] = '\0';
145 value = &buf[i + 1];
146 continue;
147 } else if (buf[i] == ',' || buf[i] == '/') {
148 buf[i] = '\0';
149
150 plog(LLV_DEBUG, LOCATION, NULL, "DN: %s=%s\n",
151 field, value);
152
153 if (!value) goto err;
154 if (!X509_NAME_add_entry_by_txt(name, field,
155 (value[0] == '*' && value[1] == 0) ?
156 V_ASN1_PRINTABLESTRING : MBSTRING_ASC,
157 (unsigned char *) value, -1, -1, 0)) {
158 plog(LLV_ERROR, LOCATION, NULL,
159 "Invalid DN field: %s=%s\n",
160 field, value);
161 plog(LLV_ERROR, LOCATION, NULL,
162 "%s\n", eay_strerror());
163 goto err;
164 }
165 for (j = i + 1; j < len; j++) {
166 if (buf[j] != ' ')
167 break;
168 }
169 field = &buf[j];
170 value = NULL;
171 continue;
172 }
173 }
174 buf[len] = '\0';
175
176 plog(LLV_DEBUG, LOCATION, NULL, "DN: %s=%s\n",
177 field, value);
178
179 if (!value) goto err;
180 if (!X509_NAME_add_entry_by_txt(name, field,
181 (value[0] == '*' && value[1] == 0) ?
182 V_ASN1_PRINTABLESTRING : MBSTRING_ASC,
183 (unsigned char *) value, -1, -1, 0)) {
184 plog(LLV_ERROR, LOCATION, NULL,
185 "Invalid DN field: %s=%s\n",
186 field, value);
187 plog(LLV_ERROR, LOCATION, NULL,
188 "%s\n", eay_strerror());
189 goto err;
190 }
191
192 i = i2d_X509_NAME(name, NULL);
193 if (!i)
194 goto err;
195 ret = vmalloc(i);
196 if (!ret)
197 goto err;
198 p = ret->v;
199 i = i2d_X509_NAME(name, (void *)&p);
200 if (!i)
201 goto err;
202
203 return ret;
204
205 err:
206 if (buf)
207 racoon_free(buf);
208 if (name)
209 X509_NAME_free(name);
210 if (ret)
211 vfree(ret);
212 return NULL;
213 }
214
215 /*
216 * convert the hex string of the subject name into DER
217 */
218 vchar_t *
219 eay_hex2asn1dn(const char *hex, int len)
220 {
221 BIGNUM *bn = BN_new();
222 char *binbuf;
223 size_t binlen;
224 vchar_t *ret = NULL;
225
226 if (len == -1)
227 len = strlen(hex);
228
229 if (BN_hex2bn(&bn, hex) != len) {
230 plog(LLV_ERROR, LOCATION, NULL,
231 "conversion of Hex-encoded ASN1 string to binary failed: %s\n",
232 eay_strerror());
233 goto out;
234 }
235
236 binlen = BN_num_bytes(bn);
237 ret = vmalloc(binlen);
238 if (!ret) {
239 plog(LLV_WARNING, LOCATION, NULL,"failed to allocate buffer\n");
240 return NULL;
241 }
242 binbuf = ret->v;
243
244 BN_bn2bin(bn, (unsigned char *) binbuf);
245
246 out:
247 BN_free(bn);
248
249 return ret;
250 }
251
252 /*
253 * The following are derived from code in crypto/x509/x509_cmp.c
254 * in OpenSSL0.9.7c:
255 * X509_NAME_wildcmp() adds wildcard matching to the original
256 * X509_NAME_cmp(), nocase_cmp() and nocase_spacenorm_cmp() are as is.
257 */
258 #include <ctype.h>
259 /* Case insensitive string comparision */
260 static int nocase_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
261 {
262 int i;
263
264 if (a->length != b->length)
265 return (a->length - b->length);
266
267 for (i=0; i<a->length; i++)
268 {
269 int ca, cb;
270
271 ca = tolower(a->data[i]);
272 cb = tolower(b->data[i]);
273
274 if (ca != cb)
275 return(ca-cb);
276 }
277 return 0;
278 }
279
280 /* Case insensitive string comparision with space normalization
281 * Space normalization - ignore leading, trailing spaces,
282 * multiple spaces between characters are replaced by single space
283 */
284 static int nocase_spacenorm_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
285 {
286 unsigned char *pa = NULL, *pb = NULL;
287 int la, lb;
288
289 la = a->length;
290 lb = b->length;
291 pa = a->data;
292 pb = b->data;
293
294 /* skip leading spaces */
295 while (la > 0 && isspace(*pa))
296 {
297 la--;
298 pa++;
299 }
300 while (lb > 0 && isspace(*pb))
301 {
302 lb--;
303 pb++;
304 }
305
306 /* skip trailing spaces */
307 while (la > 0 && isspace(pa[la-1]))
308 la--;
309 while (lb > 0 && isspace(pb[lb-1]))
310 lb--;
311
312 /* compare strings with space normalization */
313 while (la > 0 && lb > 0)
314 {
315 int ca, cb;
316
317 /* compare character */
318 ca = tolower(*pa);
319 cb = tolower(*pb);
320 if (ca != cb)
321 return (ca - cb);
322
323 pa++; pb++;
324 la--; lb--;
325
326 if (la <= 0 || lb <= 0)
327 break;
328
329 /* is white space next character ? */
330 if (isspace(*pa) && isspace(*pb))
331 {
332 /* skip remaining white spaces */
333 while (la > 0 && isspace(*pa))
334 {
335 la--;
336 pa++;
337 }
338 while (lb > 0 && isspace(*pb))
339 {
340 lb--;
341 pb++;
342 }
343 }
344 }
345 if (la > 0 || lb > 0)
346 return la - lb;
347
348 return 0;
349 }
350
351 static int X509_NAME_wildcmp(const X509_NAME *a, const X509_NAME *b)
352 {
353 int i,j;
354 X509_NAME_ENTRY *na,*nb;
355
356 if (sk_X509_NAME_ENTRY_num(a->entries)
357 != sk_X509_NAME_ENTRY_num(b->entries))
358 return sk_X509_NAME_ENTRY_num(a->entries)
359 -sk_X509_NAME_ENTRY_num(b->entries);
360 for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
361 {
362 na=sk_X509_NAME_ENTRY_value(a->entries,i);
363 nb=sk_X509_NAME_ENTRY_value(b->entries,i);
364 j=OBJ_cmp(na->object,nb->object);
365 if (j) return(j);
366 if ((na->value->length == 1 && na->value->data[0] == '*')
367 || (nb->value->length == 1 && nb->value->data[0] == '*'))
368 continue;
369 j=na->value->type-nb->value->type;
370 if (j) return(j);
371 if (na->value->type == V_ASN1_PRINTABLESTRING)
372 j=nocase_spacenorm_cmp(na->value, nb->value);
373 else if (na->value->type == V_ASN1_IA5STRING
374 && OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress)
375 j=nocase_cmp(na->value, nb->value);
376 else
377 {
378 j=na->value->length-nb->value->length;
379 if (j) return(j);
380 j=memcmp(na->value->data,nb->value->data,
381 na->value->length);
382 }
383 if (j) return(j);
384 j=na->set-nb->set;
385 if (j) return(j);
386 }
387
388 return(0);
389 }
390
391 /*
392 * compare two subjectNames.
393 * OUT: 0: equal
394 * positive:
395 * -1: other error.
396 */
397 int
398 eay_cmp_asn1dn(n1, n2)
399 vchar_t *n1, *n2;
400 {
401 X509_NAME *a = NULL, *b = NULL;
402 caddr_t p;
403 int i = -1;
404
405 p = n1->v;
406 if (!d2i_X509_NAME(&a, (void *)&p, n1->l))
407 goto end;
408 p = n2->v;
409 if (!d2i_X509_NAME(&b, (void *)&p, n2->l))
410 goto end;
411
412 i = X509_NAME_wildcmp(a, b);
413
414 end:
415 if (a)
416 X509_NAME_free(a);
417 if (b)
418 X509_NAME_free(b);
419 return i;
420 }
421
422 /*
423 * this functions is derived from apps/verify.c in OpenSSL0.9.5
424 */
425 int
426 eay_check_x509cert(cert, CApath, CAfile, local)
427 vchar_t *cert;
428 char *CApath;
429 char *CAfile;
430 int local;
431 {
432 X509_STORE *cert_ctx = NULL;
433 X509_LOOKUP *lookup = NULL;
434 X509 *x509 = NULL;
435 X509_STORE_CTX *csc;
436 int error = -1;
437
438 cert_ctx = X509_STORE_new();
439 if (cert_ctx == NULL)
440 goto end;
441
442 if (local)
443 X509_STORE_set_verify_cb_func(cert_ctx, cb_check_cert_local);
444 else
445 X509_STORE_set_verify_cb_func(cert_ctx, cb_check_cert_remote);
446
447 lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file());
448 if (lookup == NULL)
449 goto end;
450
451 X509_LOOKUP_load_file(lookup, CAfile,
452 (CAfile == NULL) ? X509_FILETYPE_DEFAULT : X509_FILETYPE_PEM);
453
454 lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_hash_dir());
455 if (lookup == NULL)
456 goto end;
457 error = X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM);
458 if(!error) {
459 error = -1;
460 goto end;
461 }
462 error = -1; /* initialized */
463
464 /* read the certificate to be verified */
465 x509 = mem2x509(cert);
466 if (x509 == NULL)
467 goto end;
468
469 csc = X509_STORE_CTX_new();
470 if (csc == NULL)
471 goto end;
472 X509_STORE_CTX_init(csc, cert_ctx, x509, NULL);
473 #if OPENSSL_VERSION_NUMBER >= 0x00907000L
474 X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CRL_CHECK);
475 X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CRL_CHECK_ALL);
476 #endif
477 error = X509_verify_cert(csc);
478 X509_STORE_CTX_free(csc);
479
480 /*
481 * if x509_verify_cert() is successful then the value of error is
482 * set non-zero.
483 */
484 error = error ? 0 : -1;
485
486 end:
487 if (error)
488 plog(LLV_WARNING, LOCATION, NULL,"%s\n", eay_strerror());
489 if (cert_ctx != NULL)
490 X509_STORE_free(cert_ctx);
491 if (x509 != NULL)
492 X509_free(x509);
493
494 return(error);
495 }
496
497 /*
498 * callback function for verifing certificate.
499 * this function is derived from cb() in openssl/apps/s_server.c
500 */
501 static int
502 cb_check_cert_local(ok, ctx)
503 int ok;
504 X509_STORE_CTX *ctx;
505 {
506 char buf[256];
507 int log_tag;
508
509 if (!ok) {
510 X509_NAME_oneline(
511 X509_get_subject_name(ctx->current_cert),
512 buf,
513 256);
514 /*
515 * since we are just checking the certificates, it is
516 * ok if they are self signed. But we should still warn
517 * the user.
518 */
519 switch (ctx->error) {
520 case X509_V_ERR_CERT_HAS_EXPIRED:
521 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
522 case X509_V_ERR_INVALID_CA:
523 case X509_V_ERR_PATH_LENGTH_EXCEEDED:
524 case X509_V_ERR_INVALID_PURPOSE:
525 case X509_V_ERR_UNABLE_TO_GET_CRL:
526 ok = 1;
527 log_tag = LLV_WARNING;
528 break;
529 default:
530 log_tag = LLV_ERROR;
531 }
532 plog(log_tag, LOCATION, NULL,
533 "%s(%d) at depth:%d SubjectName:%s\n",
534 X509_verify_cert_error_string(ctx->error),
535 ctx->error,
536 ctx->error_depth,
537 buf);
538 }
539 ERR_clear_error();
540
541 return ok;
542 }
543
544 /*
545 * callback function for verifing remote certificates.
546 * this function is derived from cb() in openssl/apps/s_server.c
547 */
548 static int
549 cb_check_cert_remote(ok, ctx)
550 int ok;
551 X509_STORE_CTX *ctx;
552 {
553 char buf[256];
554 int log_tag;
555
556 if (!ok) {
557 X509_NAME_oneline(
558 X509_get_subject_name(ctx->current_cert),
559 buf,
560 256);
561 switch (ctx->error) {
562 case X509_V_ERR_UNABLE_TO_GET_CRL:
563 ok = 1;
564 log_tag = LLV_WARNING;
565 break;
566 default:
567 log_tag = LLV_ERROR;
568 }
569 plog(log_tag, LOCATION, NULL,
570 "%s(%d) at depth:%d SubjectName:%s\n",
571 X509_verify_cert_error_string(ctx->error),
572 ctx->error,
573 ctx->error_depth,
574 buf);
575 }
576 ERR_clear_error();
577
578 return ok;
579 }
580
581 /*
582 * get a subjectAltName from X509 certificate.
583 */
584 vchar_t *
585 eay_get_x509asn1subjectname(cert)
586 vchar_t *cert;
587 {
588 X509 *x509 = NULL;
589 u_char *bp;
590 vchar_t *name = NULL;
591 int len;
592
593 bp = (unsigned char *) cert->v;
594
595 x509 = mem2x509(cert);
596 if (x509 == NULL)
597 goto error;
598
599 /* get the length of the name */
600 len = i2d_X509_NAME(x509->cert_info->subject, NULL);
601 name = vmalloc(len);
602 if (!name)
603 goto error;
604 /* get the name */
605 bp = (unsigned char *) name->v;
606 len = i2d_X509_NAME(x509->cert_info->subject, &bp);
607
608 X509_free(x509);
609
610 return name;
611
612 error:
613 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
614
615 if (name != NULL)
616 vfree(name);
617
618 if (x509 != NULL)
619 X509_free(x509);
620
621 return NULL;
622 }
623
624 /*
625 * Get the common name from a cert
626 */
627 #define EAY_MAX_CN_LEN 256
628 vchar_t *
629 eay_get_x509_common_name(cert)
630 vchar_t *cert;
631 {
632 X509 *x509 = NULL;
633 X509_NAME *name;
634 vchar_t *commonName = NULL;
635
636 commonName = vmalloc(EAY_MAX_CN_LEN);
637 if (commonName == NULL) {
638 plog(LLV_ERROR, LOCATION, NULL, "no memory\n");
639 return NULL;
640 }
641
642 x509 = mem2x509(cert);
643 if (x509 == NULL) {
644 vfree(commonName);
645 return NULL;
646 }
647
648 name = X509_get_subject_name(x509);
649 X509_NAME_get_text_by_NID(name, NID_commonName, commonName->v, EAY_MAX_CN_LEN);
650
651 commonName->l = strlen(commonName->v);
652
653 if (x509)
654 X509_free(x509);
655 return commonName;
656 }
657
658 /*
659 * get the subjectAltName from X509 certificate.
660 * the name must be terminated by '\0'.
661 */
662 int
663 eay_get_x509subjectaltname(cert, altname, type, pos, len)
664 vchar_t *cert;
665 char **altname;
666 int *type;
667 int pos;
668 int *len;
669 {
670 X509 *x509 = NULL;
671 int i;
672 GENERAL_NAMES *gens = NULL;
673 GENERAL_NAME *gen;
674 int error = -1;
675
676 *altname = NULL;
677 *type = GENT_OTHERNAME;
678
679 x509 = mem2x509(cert);
680 if (x509 == NULL)
681 goto end;
682
683 gens = X509_get_ext_d2i(x509, NID_subject_alt_name, NULL, NULL);
684 if (gens == NULL)
685 goto end;
686
687 for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
688 if (i + 1 != pos)
689 continue;
690 break;
691 }
692
693 /* there is no data at "pos" */
694 if (i == sk_GENERAL_NAME_num(gens))
695 goto end;
696
697 gen = sk_GENERAL_NAME_value(gens, i);
698
699 /* make sure the data is terminated by '\0'. */
700 if (gen->d.ia5->data[gen->d.ia5->length] != '\0') {
701 plog(LLV_ERROR, LOCATION, NULL,
702 "data is not terminated by 0.");
703 hexdump(gen->d.ia5->data, gen->d.ia5->length + 1);
704 goto end;
705 }
706
707 /* read DNSName / Email */
708 if (gen->type == GEN_DNS ||
709 gen->type == GEN_EMAIL ||
710 gen->type == GEN_URI) {
711
712 *len = gen->d.ia5->length + 1;
713 *altname = racoon_malloc(*len);
714 if (!*altname)
715 goto end;
716
717 strlcpy(*altname, (const char *)gen->d.ia5->data, *len);
718 *type = gen->type;
719
720 error = 0;
721 } else if (gen->type == GEN_IPADD) {
722
723 *len = gen->d.ia5->length + 1;
724 *altname = racoon_malloc(*len);
725 if (!*altname)
726 goto end;
727
728 memcpy(*altname, (const char *)gen->d.ia5->data, *len);
729 *type = gen->type;
730
731 error = 0;
732 }
733
734 end:
735 if (error) {
736 if (*altname) {
737 racoon_free(*altname);
738 *altname = NULL;
739 }
740 #ifndef EAYDEBUG
741 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
742 #else
743 printf("%s\n", eay_strerror());
744 #endif
745 }
746 if (gens)
747 /* free the whole stack. */
748 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
749 if (x509)
750 X509_free(x509);
751
752 return error;
753 }
754
755 /*
756 * decode a X509 certificate and make a readable text terminated '\n'.
757 * return the buffer allocated, so must free it later.
758 */
759 char *
760 eay_get_x509text(cert)
761 vchar_t *cert;
762 {
763 X509 *x509 = NULL;
764 BIO *bio = NULL;
765 char *text = NULL;
766 u_char *bp = NULL;
767 int len = 0;
768 int error = -1;
769
770 x509 = mem2x509(cert);
771 if (x509 == NULL)
772 goto end;
773
774 bio = BIO_new(BIO_s_mem());
775 if (bio == NULL)
776 goto end;
777
778 error = X509_print(bio, x509);
779 if (error != 1) {
780 error = -1;
781 goto end;
782 }
783
784 len = BIO_get_mem_data(bio, &bp);
785 text = racoon_malloc(len + 1);
786 if (text == NULL)
787 goto end;
788 memcpy(text, bp, len);
789 text[len] = '\0';
790
791 error = 0;
792
793 end:
794 if (error) {
795 if (text) {
796 racoon_free(text);
797 text = NULL;
798 }
799 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
800 }
801 if (bio)
802 BIO_free(bio);
803 if (x509)
804 X509_free(x509);
805
806 return text;
807 }
808
809 /* get X509 structure from buffer. */
810 static X509 *
811 mem2x509(cert)
812 vchar_t *cert;
813 {
814 X509 *x509;
815
816 #ifndef EAYDEBUG
817 {
818 u_char *bp;
819
820 bp = (unsigned char *) cert->v;
821
822 x509 = d2i_X509(NULL, (void *)&bp, cert->l);
823 }
824 #else
825 {
826 BIO *bio;
827 int len;
828
829 bio = BIO_new(BIO_s_mem());
830 if (bio == NULL)
831 return NULL;
832 len = BIO_write(bio, cert->v, cert->l);
833 if (len == -1)
834 return NULL;
835 x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
836 BIO_free(bio);
837 }
838 #endif
839 return x509;
840 }
841
842 /*
843 * get a X509 certificate from local file.
844 * a certificate must be PEM format.
845 * Input:
846 * path to a certificate.
847 * Output:
848 * NULL if error occured
849 * other is the cert.
850 */
851 vchar_t *
852 eay_get_x509cert(path)
853 char *path;
854 {
855 FILE *fp;
856 X509 *x509;
857 vchar_t *cert;
858 u_char *bp;
859 int len;
860 int error;
861
862 /* Read private key */
863 fp = fopen(path, "r");
864 if (fp == NULL)
865 return NULL;
866 x509 = PEM_read_X509(fp, NULL, NULL, NULL);
867 fclose (fp);
868
869 if (x509 == NULL)
870 return NULL;
871
872 len = i2d_X509(x509, NULL);
873 cert = vmalloc(len);
874 if (cert == NULL) {
875 X509_free(x509);
876 return NULL;
877 }
878 bp = (unsigned char *) cert->v;
879 error = i2d_X509(x509, &bp);
880 X509_free(x509);
881
882 if (error == 0) {
883 vfree(cert);
884 return NULL;
885 }
886
887 return cert;
888 }
889
890 /*
891 * check a X509 signature
892 * XXX: to be get hash type from my cert ?
893 * to be handled EVP_dss().
894 * OUT: return -1 when error.
895 * 0
896 */
897 int
898 eay_check_x509sign(source, sig, cert)
899 vchar_t *source;
900 vchar_t *sig;
901 vchar_t *cert;
902 {
903 X509 *x509;
904 u_char *bp;
905 EVP_PKEY *evp;
906 int res;
907
908 bp = (unsigned char *) cert->v;
909
910 x509 = d2i_X509(NULL, (void *)&bp, cert->l);
911 if (x509 == NULL) {
912 plog(LLV_ERROR, LOCATION, NULL, "d2i_X509(): %s\n", eay_strerror());
913 return -1;
914 }
915
916 evp = X509_get_pubkey(x509);
917 if (! evp) {
918 plog(LLV_ERROR, LOCATION, NULL, "X509_get_pubkey(): %s\n", eay_strerror());
919 X509_free(x509);
920 return -1;
921 }
922
923 res = eay_rsa_verify(source, sig, evp->pkey.rsa);
924
925 EVP_PKEY_free(evp);
926 X509_free(x509);
927
928 return res;
929 }
930
931 /*
932 * check RSA signature
933 * OUT: return -1 when error.
934 * 0 on success
935 */
936 int
937 eay_check_rsasign(source, sig, rsa)
938 vchar_t *source;
939 vchar_t *sig;
940 RSA *rsa;
941 {
942 return eay_rsa_verify(source, sig, rsa);
943 }
944
945 /*
946 * get PKCS#1 Private Key of PEM format from local file.
947 */
948 vchar_t *
949 eay_get_pkcs1privkey(path)
950 char *path;
951 {
952 FILE *fp;
953 EVP_PKEY *evp = NULL;
954 vchar_t *pkey = NULL;
955 u_char *bp;
956 int pkeylen;
957 int error = -1;
958
959 /* Read private key */
960 fp = fopen(path, "r");
961 if (fp == NULL)
962 return NULL;
963
964 evp = PEM_read_PrivateKey(fp, NULL, NULL, NULL);
965
966 fclose (fp);
967
968 if (evp == NULL)
969 return NULL;
970
971 pkeylen = i2d_PrivateKey(evp, NULL);
972 if (pkeylen == 0)
973 goto end;
974 pkey = vmalloc(pkeylen);
975 if (pkey == NULL)
976 goto end;
977 bp = (unsigned char *) pkey->v;
978 pkeylen = i2d_PrivateKey(evp, &bp);
979 if (pkeylen == 0)
980 goto end;
981
982 error = 0;
983
984 end:
985 if (evp != NULL)
986 EVP_PKEY_free(evp);
987 if (error != 0 && pkey != NULL) {
988 vfree(pkey);
989 pkey = NULL;
990 }
991
992 return pkey;
993 }
994
995 /*
996 * get PKCS#1 Public Key of PEM format from local file.
997 */
998 vchar_t *
999 eay_get_pkcs1pubkey(path)
1000 char *path;
1001 {
1002 FILE *fp;
1003 EVP_PKEY *evp = NULL;
1004 vchar_t *pkey = NULL;
1005 X509 *x509 = NULL;
1006 u_char *bp;
1007 int pkeylen;
1008 int error = -1;
1009
1010 /* Read private key */
1011 fp = fopen(path, "r");
1012 if (fp == NULL)
1013 return NULL;
1014
1015 x509 = PEM_read_X509(fp, NULL, NULL, NULL);
1016
1017 fclose (fp);
1018
1019 if (x509 == NULL)
1020 return NULL;
1021
1022 /* Get public key - eay */
1023 evp = X509_get_pubkey(x509);
1024 if (evp == NULL)
1025 return NULL;
1026
1027 pkeylen = i2d_PublicKey(evp, NULL);
1028 if (pkeylen == 0)
1029 goto end;
1030 pkey = vmalloc(pkeylen);
1031 if (pkey == NULL)
1032 goto end;
1033 bp = (unsigned char *) pkey->v;
1034 pkeylen = i2d_PublicKey(evp, &bp);
1035 if (pkeylen == 0)
1036 goto end;
1037
1038 error = 0;
1039 end:
1040 if (evp != NULL)
1041 EVP_PKEY_free(evp);
1042 if (error != 0 && pkey != NULL) {
1043 vfree(pkey);
1044 pkey = NULL;
1045 }
1046
1047 return pkey;
1048 }
1049
1050 vchar_t *
1051 eay_get_x509sign(src, privkey)
1052 vchar_t *src, *privkey;
1053 {
1054 EVP_PKEY *evp;
1055 u_char *bp = (unsigned char *) privkey->v;
1056 vchar_t *sig = NULL;
1057 int len;
1058 int pad = RSA_PKCS1_PADDING;
1059
1060 /* XXX to be handled EVP_PKEY_DSA */
1061 evp = d2i_PrivateKey(EVP_PKEY_RSA, NULL, (void *)&bp, privkey->l);
1062 if (evp == NULL)
1063 return NULL;
1064
1065 sig = eay_rsa_sign(src, evp->pkey.rsa);
1066
1067 EVP_PKEY_free(evp);
1068
1069 return sig;
1070 }
1071
1072 vchar_t *
1073 eay_get_rsasign(src, rsa)
1074 vchar_t *src;
1075 RSA *rsa;
1076 {
1077 return eay_rsa_sign(src, rsa);
1078 }
1079
1080 vchar_t *
1081 eay_rsa_sign(vchar_t *src, RSA *rsa)
1082 {
1083 int len;
1084 vchar_t *sig = NULL;
1085 int pad = RSA_PKCS1_PADDING;
1086
1087 len = RSA_size(rsa);
1088
1089 sig = vmalloc(len);
1090 if (sig == NULL)
1091 return NULL;
1092
1093 len = RSA_private_encrypt(src->l, (unsigned char *) src->v,
1094 (unsigned char *) sig->v, rsa, pad);
1095
1096 if (len == 0 || len != sig->l) {
1097 vfree(sig);
1098 sig = NULL;
1099 }
1100
1101 return sig;
1102 }
1103
1104 int
1105 eay_rsa_verify(src, sig, rsa)
1106 vchar_t *src, *sig;
1107 RSA *rsa;
1108 {
1109 vchar_t *xbuf = NULL;
1110 int pad = RSA_PKCS1_PADDING;
1111 int len = 0;
1112 int error;
1113
1114 len = RSA_size(rsa);
1115 xbuf = vmalloc(len);
1116 if (xbuf == NULL) {
1117 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
1118 return -1;
1119 }
1120
1121 len = RSA_public_decrypt(sig->l, (unsigned char *) sig->v,
1122 (unsigned char *) xbuf->v, rsa, pad);
1123 if (len == 0 || len != src->l) {
1124 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
1125 vfree(xbuf);
1126 return -1;
1127 }
1128
1129 error = memcmp(src->v, xbuf->v, src->l);
1130 vfree(xbuf);
1131 if (error != 0)
1132 return -1;
1133
1134 return 0;
1135 }
1136
1137 /*
1138 * get error string
1139 * MUST load ERR_load_crypto_strings() first.
1140 */
1141 char *
1142 eay_strerror()
1143 {
1144 static char ebuf[512];
1145 int len = 0, n;
1146 unsigned long l;
1147 char buf[200];
1148 const char *file, *data;
1149 int line, flags;
1150 unsigned long es;
1151
1152 es = CRYPTO_thread_id();
1153
1154 while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0){
1155 n = snprintf(ebuf + len, sizeof(ebuf) - len,
1156 "%lu:%s:%s:%d:%s ",
1157 es, ERR_error_string(l, buf), file, line,
1158 (flags & ERR_TXT_STRING) ? data : "");
1159 if (n < 0 || n >= sizeof(ebuf) - len)
1160 break;
1161 len += n;
1162 if (sizeof(ebuf) < len)
1163 break;
1164 }
1165
1166 return ebuf;
1167 }
1168
1169 vchar_t *
1170 evp_crypt(vchar_t *data, vchar_t *key, vchar_t *iv, const EVP_CIPHER *e, int enc)
1171 {
1172 vchar_t *res;
1173 EVP_CIPHER_CTX ctx;
1174
1175 if (!e)
1176 return NULL;
1177
1178 if (data->l % EVP_CIPHER_block_size(e))
1179 return NULL;
1180
1181 if ((res = vmalloc(data->l)) == NULL)
1182 return NULL;
1183
1184 EVP_CIPHER_CTX_init(&ctx);
1185
1186 switch(EVP_CIPHER_nid(e)){
1187 case NID_bf_cbc:
1188 case NID_bf_ecb:
1189 case NID_bf_cfb64:
1190 case NID_bf_ofb64:
1191 case NID_cast5_cbc:
1192 case NID_cast5_ecb:
1193 case NID_cast5_cfb64:
1194 case NID_cast5_ofb64:
1195 /* XXX: can we do that also for algos with a fixed key size ?
1196 */
1197 /* init context without key/iv
1198 */
1199 if (!EVP_CipherInit(&ctx, e, NULL, NULL, enc))
1200 {
1201 OpenSSL_BUG();
1202 vfree(res);
1203 return NULL;
1204 }
1205
1206 /* update key size
1207 */
1208 if (!EVP_CIPHER_CTX_set_key_length(&ctx, key->l))
1209 {
1210 OpenSSL_BUG();
1211 vfree(res);
1212 return NULL;
1213 }
1214
1215 /* finalize context init with desired key size
1216 */
1217 if (!EVP_CipherInit(&ctx, NULL, (u_char *) key->v,
1218 (u_char *) iv->v, enc))
1219 {
1220 OpenSSL_BUG();
1221 vfree(res);
1222 return NULL;
1223 }
1224 break;
1225 default:
1226 if (!EVP_CipherInit(&ctx, e, (u_char *) key->v,
1227 (u_char *) iv->v, enc)) {
1228 OpenSSL_BUG();
1229 vfree(res);
1230 return NULL;
1231 }
1232 }
1233
1234 /* disable openssl padding */
1235 EVP_CIPHER_CTX_set_padding(&ctx, 0);
1236
1237 if (!EVP_Cipher(&ctx, (u_char *) res->v, (u_char *) data->v, data->l)) {
1238 OpenSSL_BUG();
1239 vfree(res);
1240 return NULL;
1241 }
1242
1243 EVP_CIPHER_CTX_cleanup(&ctx);
1244
1245 return res;
1246 }
1247
1248 int
1249 evp_weakkey(vchar_t *key, const EVP_CIPHER *e)
1250 {
1251 return 0;
1252 }
1253
1254 int
1255 evp_keylen(int len, const EVP_CIPHER *e)
1256 {
1257 if (!e)
1258 return -1;
1259 /* EVP functions return lengths in bytes, ipsec-tools
1260 * uses lengths in bits, therefore conversion is required. --AK
1261 */
1262 if (len != 0 && len != (EVP_CIPHER_key_length(e) << 3))
1263 return -1;
1264
1265 return EVP_CIPHER_key_length(e) << 3;
1266 }
1267 #endif /* HAVE_OPENSSL */
1268
1269 vchar_t *
1270 eay_CCCrypt(CCOperation oper,
1271 CCAlgorithm algo,
1272 CCOptions opts,
1273 vchar_t *data,
1274 vchar_t *key,
1275 vchar_t *iv)
1276 {
1277 vchar_t *res;
1278 size_t res_len = 0;
1279 CCCryptorStatus status;
1280
1281 /* allocate buffer for result */
1282 if ((res = vmalloc(data->l)) == NULL)
1283 return NULL;
1284
1285 status = CCCrypt(oper,
1286 algo,
1287 opts,
1288 key->v, key->l,
1289 iv->v,
1290 data->v, data->l,
1291 res->v, res->l, &res_len);
1292 if (status == kCCSuccess) {
1293 if (res->l != res_len) {
1294 plog(LLV_ERROR, LOCATION, NULL,
1295 "crypt %d %d length mismatch. expected: %zd. got: %zd.\n",
1296 oper, algo, res->l, res_len);
1297 }
1298 return res;
1299 } else {
1300 plog(LLV_ERROR, LOCATION, NULL,
1301 "crypt %d %d error. status %d.\n",
1302 oper, algo, (int)status);
1303 }
1304 vfree(res);
1305 return NULL;
1306 }
1307
1308 /*
1309 * DES-CBC
1310 */
1311 vchar_t *
1312 eay_des_encrypt(data, key, iv)
1313 vchar_t *data, *key, *iv;
1314 {
1315 return(eay_CCCrypt(kCCEncrypt, kCCAlgorithmDES, 0 /* CBC */, data, key, iv));
1316 }
1317
1318 vchar_t *
1319 eay_des_decrypt(data, key, iv)
1320 vchar_t *data, *key, *iv;
1321 {
1322 return(eay_CCCrypt(kCCDecrypt, kCCAlgorithmDES, 0 /* CBC */, data, key, iv));
1323 }
1324
1325 int
1326 eay_des_weakkey(key)
1327 vchar_t *key;
1328 {
1329 #ifdef HAVE_OPENSSL
1330 #ifdef USE_NEW_DES_API
1331 return DES_is_weak_key((void *)key->v);
1332 #else
1333 return des_is_weak_key((void *)key->v);
1334 #endif
1335 #else
1336 return 0;
1337 #endif
1338 }
1339
1340 int
1341 eay_des_keylen(len)
1342 int len;
1343 {
1344 /* CommonCrypto return lengths in bytes, ipsec-tools
1345 * uses lengths in bits, therefore conversion is required.
1346 */
1347 if (len != 0 && len != (kCCKeySizeDES << 3))
1348 return -1;
1349
1350 return kCCKeySizeDES << 3;
1351 }
1352
1353 /*
1354 * 3DES-CBC
1355 */
1356 vchar_t *
1357 eay_3des_encrypt(data, key, iv)
1358 vchar_t *data, *key, *iv;
1359 {
1360 return(eay_CCCrypt(kCCEncrypt, kCCAlgorithm3DES, 0 /* CBC */, data, key, iv));
1361 }
1362
1363 vchar_t *
1364 eay_3des_decrypt(data, key, iv)
1365 vchar_t *data, *key, *iv;
1366 {
1367 return(eay_CCCrypt(kCCDecrypt, kCCAlgorithm3DES, 0 /* CBC */, data, key, iv));
1368 }
1369
1370 int
1371 eay_3des_weakkey(key)
1372 vchar_t *key;
1373 {
1374 return 0;
1375 }
1376
1377 int
1378 eay_3des_keylen(len)
1379 int len;
1380 {
1381 /* CommonCrypto return lengths in bytes, ipsec-tools
1382 * uses lengths in bits, therefore conversion is required.
1383 */
1384 if (len != 0 && len != (kCCKeySize3DES << 3))
1385 return -1;
1386
1387 return kCCKeySize3DES << 3;
1388 }
1389
1390 /*
1391 * AES(RIJNDAEL)-CBC
1392 */
1393 vchar_t *
1394 eay_aes_encrypt(data, key, iv)
1395 vchar_t *data, *key, *iv;
1396 {
1397 return(eay_CCCrypt(kCCEncrypt, kCCAlgorithmAES128 /* adapts to AES-192, or AES-256 depending on the key size*/, 0 /* CBC */, data, key, iv));
1398 }
1399
1400 vchar_t *
1401 eay_aes_decrypt(data, key, iv)
1402 vchar_t *data, *key, *iv;
1403 {
1404 return(eay_CCCrypt(kCCDecrypt, kCCAlgorithmAES128 /* adapts to AES-192, or AES-256 depending on the key size*/, 0 /* CBC */, data, key, iv));
1405 }
1406
1407 int
1408 eay_aes_keylen(len)
1409 int len;
1410 {
1411 /* CommonCrypto return lengths in bytes, ipsec-tools
1412 * uses lengths in bits, therefore conversion is required.
1413 */
1414 if (len != 0) {
1415 if (len != (kCCKeySizeAES128 << 3) &&
1416 len != (kCCKeySizeAES192 << 3) &&
1417 len != (kCCKeySizeAES256 << 3))
1418 return -1;
1419 } else {
1420 return kCCKeySizeAES128 << 3;
1421 }
1422 return len;
1423 }
1424
1425
1426 int
1427 eay_aes_weakkey(key)
1428 vchar_t *key;
1429 {
1430 return 0;
1431 }
1432
1433 /* for ipsec part */
1434 int
1435 eay_null_hashlen()
1436 {
1437 return 0;
1438 }
1439
1440 int
1441 eay_null_keylen(len)
1442 int len;
1443 {
1444 return 0;
1445 }
1446
1447 /*
1448 * HMAC functions
1449 */
1450 static caddr_t
1451 eay_hmac_init(key, algorithm)
1452 vchar_t *key;
1453 CCHmacAlgorithm algorithm;
1454 {
1455 CCHmacContext *c = racoon_malloc(sizeof(*c));
1456
1457 CCHmacInit(c, algorithm, key->v, key->l);
1458
1459 return (caddr_t)c;
1460 }
1461
1462 #ifdef WITH_SHA2
1463 /*
1464 * HMAC SHA2-512
1465 */
1466 vchar_t *
1467 eay_hmacsha2_512_one(key, data)
1468 vchar_t *key, *data;
1469 {
1470 vchar_t *res;
1471 caddr_t ctx;
1472
1473 ctx = eay_hmacsha2_512_init(key);
1474 eay_hmacsha2_512_update(ctx, data);
1475 res = eay_hmacsha2_512_final(ctx);
1476
1477 return(res);
1478 }
1479
1480 caddr_t
1481 eay_hmacsha2_512_init(key)
1482 vchar_t *key;
1483 {
1484 return eay_hmac_init(key, kCCHmacAlgSHA512);
1485 }
1486
1487 void
1488 eay_hmacsha2_512_update(c, data)
1489 caddr_t c;
1490 vchar_t *data;
1491 {
1492 CCHmacUpdate(ALIGNED_CAST(CCHmacContext *)c, data->v, data->l);
1493 }
1494
1495 vchar_t *
1496 eay_hmacsha2_512_final(c)
1497 caddr_t c;
1498 {
1499 vchar_t *res;
1500
1501 if ((res = vmalloc(CC_SHA512_DIGEST_LENGTH)) == 0)
1502 return NULL;
1503
1504 CCHmacFinal(ALIGNED_CAST(CCHmacContext *)c, res->v);
1505 res->l = CC_SHA512_DIGEST_LENGTH;
1506
1507 (void)racoon_free(c);
1508 return(res);
1509 }
1510
1511 /*
1512 * HMAC SHA2-384
1513 */
1514 vchar_t *
1515 eay_hmacsha2_384_one(key, data)
1516 vchar_t *key, *data;
1517 {
1518 vchar_t *res;
1519 caddr_t ctx;
1520
1521 ctx = eay_hmacsha2_384_init(key);
1522 eay_hmacsha2_384_update(ctx, data);
1523 res = eay_hmacsha2_384_final(ctx);
1524
1525 return(res);
1526 }
1527
1528 caddr_t
1529 eay_hmacsha2_384_init(key)
1530 vchar_t *key;
1531 {
1532 return eay_hmac_init(key, kCCHmacAlgSHA384);
1533 }
1534
1535 void
1536 eay_hmacsha2_384_update(c, data)
1537 caddr_t c;
1538 vchar_t *data;
1539 {
1540 CCHmacUpdate(ALIGNED_CAST(CCHmacContext *)c, data->v, data->l);
1541 }
1542
1543 vchar_t *
1544 eay_hmacsha2_384_final(c)
1545 caddr_t c;
1546 {
1547 vchar_t *res;
1548
1549 if ((res = vmalloc(CC_SHA384_DIGEST_LENGTH)) == 0)
1550 return NULL;
1551
1552 CCHmacFinal(ALIGNED_CAST(CCHmacContext *)c, res->v);
1553 res->l = CC_SHA384_DIGEST_LENGTH;
1554
1555 (void)racoon_free(c);
1556 return(res);
1557 }
1558
1559 /*
1560 * HMAC SHA2-256
1561 */
1562 vchar_t *
1563 eay_hmacsha2_256_one(key, data)
1564 vchar_t *key, *data;
1565 {
1566 vchar_t *res;
1567 caddr_t ctx;
1568
1569 ctx = eay_hmacsha2_256_init(key);
1570 eay_hmacsha2_256_update(ctx, data);
1571 res = eay_hmacsha2_256_final(ctx);
1572
1573 return(res);
1574 }
1575
1576 caddr_t
1577 eay_hmacsha2_256_init(key)
1578 vchar_t *key;
1579 {
1580 return eay_hmac_init(key, kCCHmacAlgSHA256);
1581 }
1582
1583 void
1584 eay_hmacsha2_256_update(c, data)
1585 caddr_t c;
1586 vchar_t *data;
1587 {
1588 CCHmacUpdate(ALIGNED_CAST(CCHmacContext *)c, data->v, data->l);
1589 }
1590
1591 vchar_t *
1592 eay_hmacsha2_256_final(c)
1593 caddr_t c;
1594 {
1595 vchar_t *res;
1596
1597 if ((res = vmalloc(CC_SHA256_DIGEST_LENGTH)) == 0)
1598 return NULL;
1599
1600 CCHmacFinal(ALIGNED_CAST(CCHmacContext *)c, res->v);
1601 res->l = CC_SHA256_DIGEST_LENGTH;
1602
1603 (void)racoon_free(c);
1604 return(res);
1605 }
1606 #endif /* WITH_SHA2 */
1607
1608 /*
1609 * HMAC SHA1
1610 */
1611 vchar_t *
1612 eay_hmacsha1_one(key, data)
1613 vchar_t *key, *data;
1614 {
1615 vchar_t *res;
1616 caddr_t ctx;
1617
1618 ctx = eay_hmacsha1_init(key);
1619 eay_hmacsha1_update(ctx, data);
1620 res = eay_hmacsha1_final(ctx);
1621
1622 return(res);
1623 }
1624
1625 caddr_t
1626 eay_hmacsha1_init(key)
1627 vchar_t *key;
1628 {
1629 return eay_hmac_init(key, kCCHmacAlgSHA1);
1630 }
1631
1632 void
1633 eay_hmacsha1_update(c, data)
1634 caddr_t c;
1635 vchar_t *data;
1636 {
1637 CCHmacUpdate(ALIGNED_CAST(CCHmacContext *)c, data->v, data->l);
1638 }
1639
1640 vchar_t *
1641 eay_hmacsha1_final(c)
1642 caddr_t c;
1643 {
1644 vchar_t *res;
1645
1646 if ((res = vmalloc(CC_SHA1_DIGEST_LENGTH)) == 0)
1647 return NULL;
1648
1649 CCHmacFinal(ALIGNED_CAST(CCHmacContext *)c, res->v);
1650 res->l = CC_SHA1_DIGEST_LENGTH;
1651
1652 (void)racoon_free(c);
1653 return(res);
1654 }
1655
1656 /*
1657 * HMAC MD5
1658 */
1659 vchar_t *
1660 eay_hmacmd5_one(key, data)
1661 vchar_t *key, *data;
1662 {
1663 vchar_t *res;
1664 caddr_t ctx;
1665
1666 ctx = eay_hmacmd5_init(key);
1667 eay_hmacmd5_update(ctx, data);
1668 res = eay_hmacmd5_final(ctx);
1669
1670 return(res);
1671 }
1672
1673 caddr_t
1674 eay_hmacmd5_init(key)
1675 vchar_t *key;
1676 {
1677 return eay_hmac_init(key, kCCHmacAlgMD5);
1678 }
1679
1680 void
1681 eay_hmacmd5_update(c, data)
1682 caddr_t c;
1683 vchar_t *data;
1684 {
1685 CCHmacUpdate(ALIGNED_CAST(CCHmacContext *)c, data->v, data->l);
1686 }
1687
1688 vchar_t *
1689 eay_hmacmd5_final(c)
1690 caddr_t c;
1691 {
1692 vchar_t *res;
1693
1694 if ((res = vmalloc(CC_MD5_DIGEST_LENGTH)) == 0)
1695 return NULL;
1696
1697 CCHmacFinal(ALIGNED_CAST(CCHmacContext *)c, res->v);
1698 res->l = CC_MD5_DIGEST_LENGTH;
1699 (void)racoon_free(c);
1700
1701 return(res);
1702 }
1703
1704
1705 #ifdef WITH_SHA2
1706 /*
1707 * SHA2-512 functions
1708 */
1709 caddr_t
1710 eay_sha2_512_init()
1711 {
1712 SHA512_CTX *c = racoon_malloc(sizeof(*c));
1713
1714 SHA512_Init(c);
1715
1716 return((caddr_t)c);
1717 }
1718
1719 void
1720 eay_sha2_512_update(c, data)
1721 caddr_t c;
1722 vchar_t *data;
1723 {
1724 SHA512_Update(ALIGNED_CAST(SHA512_CTX *)c, (unsigned char *) data->v, data->l);
1725
1726 return;
1727 }
1728
1729 vchar_t *
1730 eay_sha2_512_final(c)
1731 caddr_t c;
1732 {
1733 vchar_t *res;
1734
1735 if ((res = vmalloc(SHA512_DIGEST_LENGTH)) == 0)
1736 return(0);
1737
1738 SHA512_Final((unsigned char *) res->v, ALIGNED_CAST(SHA512_CTX *)c);
1739 (void)racoon_free(c);
1740
1741 return(res);
1742 }
1743
1744 vchar_t *
1745 eay_sha2_512_one(data)
1746 vchar_t *data;
1747 {
1748 caddr_t ctx;
1749 vchar_t *res;
1750
1751 ctx = eay_sha2_512_init();
1752 eay_sha2_512_update(ctx, data);
1753 res = eay_sha2_512_final(ctx);
1754
1755 return(res);
1756 }
1757
1758 int
1759 eay_sha2_512_hashlen()
1760 {
1761 return SHA512_DIGEST_LENGTH << 3;
1762 }
1763 #endif
1764
1765 #ifdef WITH_SHA2
1766 /*
1767 * SHA2-384 functions
1768 */
1769
1770 typedef SHA512_CTX SHA384_CTX;
1771
1772 caddr_t
1773 eay_sha2_384_init()
1774 {
1775 SHA384_CTX *c = racoon_malloc(sizeof(*c));
1776
1777 SHA384_Init(c);
1778
1779 return((caddr_t)c);
1780 }
1781
1782 void
1783 eay_sha2_384_update(c, data)
1784 caddr_t c;
1785 vchar_t *data;
1786 {
1787 SHA384_Update(ALIGNED_CAST(SHA384_CTX *)c, (unsigned char *) data->v, data->l);
1788
1789 return;
1790 }
1791
1792 vchar_t *
1793 eay_sha2_384_final(c)
1794 caddr_t c;
1795 {
1796 vchar_t *res;
1797
1798 if ((res = vmalloc(SHA384_DIGEST_LENGTH)) == 0)
1799 return(0);
1800
1801 SHA384_Final((unsigned char *) res->v, ALIGNED_CAST(SHA384_CTX *)c);
1802 (void)racoon_free(c);
1803
1804 return(res);
1805 }
1806
1807 vchar_t *
1808 eay_sha2_384_one(data)
1809 vchar_t *data;
1810 {
1811 caddr_t ctx;
1812 vchar_t *res;
1813
1814 ctx = eay_sha2_384_init();
1815 eay_sha2_384_update(ctx, data);
1816 res = eay_sha2_384_final(ctx);
1817
1818 return(res);
1819 }
1820
1821 int
1822 eay_sha2_384_hashlen()
1823 {
1824 return SHA384_DIGEST_LENGTH << 3;
1825 }
1826 #endif
1827
1828 #ifdef WITH_SHA2
1829 /*
1830 * SHA2-256 functions
1831 */
1832 caddr_t
1833 eay_sha2_256_init()
1834 {
1835 SHA256_CTX *c = racoon_malloc(sizeof(*c));
1836
1837 SHA256_Init(c);
1838
1839 return((caddr_t)c);
1840 }
1841
1842 void
1843 eay_sha2_256_update(c, data)
1844 caddr_t c;
1845 vchar_t *data;
1846 {
1847 SHA256_Update(ALIGNED_CAST(SHA256_CTX *)c, (unsigned char *) data->v, data->l);
1848
1849 return;
1850 }
1851
1852 vchar_t *
1853 eay_sha2_256_final(c)
1854 caddr_t c;
1855 {
1856 vchar_t *res;
1857
1858 if ((res = vmalloc(SHA256_DIGEST_LENGTH)) == 0)
1859 return(0);
1860
1861 SHA256_Final((unsigned char *) res->v, ALIGNED_CAST(SHA256_CTX *)c);
1862 (void)racoon_free(c);
1863
1864 return(res);
1865 }
1866
1867 vchar_t *
1868 eay_sha2_256_one(data)
1869 vchar_t *data;
1870 {
1871 caddr_t ctx;
1872 vchar_t *res;
1873
1874 ctx = eay_sha2_256_init();
1875 eay_sha2_256_update(ctx, data);
1876 res = eay_sha2_256_final(ctx);
1877
1878 return(res);
1879 }
1880
1881 int
1882 eay_sha2_256_hashlen()
1883 {
1884 return SHA256_DIGEST_LENGTH << 3;
1885 }
1886 #endif
1887
1888 /*
1889 * SHA functions
1890 */
1891 caddr_t
1892 eay_sha1_init()
1893 {
1894 SHA_CTX *c = racoon_malloc(sizeof(*c));
1895
1896 SHA1_Init(c);
1897
1898 return((caddr_t)c);
1899 }
1900
1901 void
1902 eay_sha1_update(c, data)
1903 caddr_t c;
1904 vchar_t *data;
1905 {
1906 SHA1_Update(ALIGNED_CAST(SHA_CTX *)c, data->v, data->l);
1907
1908 return;
1909 }
1910
1911 vchar_t *
1912 eay_sha1_final(c)
1913 caddr_t c;
1914 {
1915 vchar_t *res;
1916
1917 if ((res = vmalloc(SHA_DIGEST_LENGTH)) == 0)
1918 return(0);
1919
1920 SHA1_Final((unsigned char *) res->v, ALIGNED_CAST(SHA_CTX *)c);
1921 (void)racoon_free(c);
1922
1923 return(res);
1924 }
1925
1926 vchar_t *
1927 eay_sha1_one(data)
1928 vchar_t *data;
1929 {
1930 caddr_t ctx;
1931 vchar_t *res;
1932
1933 ctx = eay_sha1_init();
1934 eay_sha1_update(ctx, data);
1935 res = eay_sha1_final(ctx);
1936
1937 return(res);
1938 }
1939
1940 int
1941 eay_sha1_hashlen()
1942 {
1943 return SHA_DIGEST_LENGTH << 3;
1944 }
1945
1946 /*
1947 * MD5 functions
1948 */
1949 caddr_t
1950 eay_md5_init()
1951 {
1952 MD5_CTX *c = racoon_malloc(sizeof(*c));
1953
1954 MD5_Init(c);
1955
1956 return((caddr_t)c);
1957 }
1958
1959 void
1960 eay_md5_update(c, data)
1961 caddr_t c;
1962 vchar_t *data;
1963 {
1964 MD5_Update(ALIGNED_CAST(MD5_CTX *)c, data->v, data->l);
1965
1966 return;
1967 }
1968
1969 vchar_t *
1970 eay_md5_final(c)
1971 caddr_t c;
1972 {
1973 vchar_t *res;
1974
1975 if ((res = vmalloc(MD5_DIGEST_LENGTH)) == 0)
1976 return(0);
1977
1978 MD5_Final((unsigned char *) res->v, ALIGNED_CAST(MD5_CTX *)c);
1979 (void)racoon_free(c);
1980
1981 return(res);
1982 }
1983
1984 vchar_t *
1985 eay_md5_one(data)
1986 vchar_t *data;
1987 {
1988 caddr_t ctx;
1989 vchar_t *res;
1990
1991 ctx = eay_md5_init();
1992 eay_md5_update(ctx, data);
1993 res = eay_md5_final(ctx);
1994
1995 return(res);
1996 }
1997
1998 int
1999 eay_md5_hashlen()
2000 {
2001 return MD5_DIGEST_LENGTH << 3;
2002 }
2003
2004
2005 #ifdef HAVE_OPENSSL
2006 /*
2007 * eay_set_random
2008 * size: number of bytes.
2009 */
2010 vchar_t *
2011 eay_set_random(size)
2012 u_int32_t size;
2013 {
2014 BIGNUM *r = NULL;
2015 vchar_t *res = 0;
2016
2017 if ((r = BN_new()) == NULL)
2018 goto end;
2019 BN_rand(r, size * 8, 0, 0);
2020 eay_bn2v(&res, r);
2021
2022 end:
2023 if (r)
2024 BN_free(r);
2025 return(res);
2026 }
2027 #else
2028 vchar_t *
2029 eay_set_random(u_int32_t size)
2030 {
2031 vchar_t *res = vmalloc(size);
2032
2033 if (res == NULL)
2034 return NULL;
2035
2036 if (SecRandomCopyBytes(kSecRandomDefault, size, res->v)) {
2037 vfree(res);
2038 return NULL;
2039 }
2040
2041 return res;
2042 }
2043 #endif
2044
2045 #ifdef HAVE_OPENSSL
2046 /* DH */
2047 int
2048 eay_dh_generate(prime, g, publen, pub, priv)
2049 vchar_t *prime, **pub, **priv;
2050 u_int publen;
2051 u_int32_t g;
2052 {
2053 BIGNUM *p = NULL;
2054 DH *dh = NULL;
2055 int error = -1;
2056
2057 /* initialize */
2058 /* pre-process to generate number */
2059 if (eay_v2bn(&p, prime) < 0)
2060 goto end;
2061
2062 if ((dh = DH_new()) == NULL)
2063 goto end;
2064 dh->p = p;
2065 p = NULL; /* p is now part of dh structure */
2066 dh->g = NULL;
2067 if ((dh->g = BN_new()) == NULL)
2068 goto end;
2069 if (!BN_set_word(dh->g, g))
2070 goto end;
2071
2072 if (publen != 0)
2073 dh->length = publen;
2074
2075 /* generate public and private number */
2076 if (!DH_generate_key(dh))
2077 goto end;
2078
2079 /* copy results to buffers */
2080 if (eay_bn2v(pub, dh->pub_key) < 0)
2081 goto end;
2082 if (eay_bn2v(priv, dh->priv_key) < 0) {
2083 vfree(*pub);
2084 goto end;
2085 }
2086
2087 error = 0;
2088
2089 end:
2090 if (dh != NULL)
2091 DH_free(dh);
2092 if (p != 0)
2093 BN_free(p);
2094 return(error);
2095 }
2096
2097 int
2098 eay_dh_compute(prime, g, pub, priv, pub2, key)
2099 vchar_t *prime, *pub, *priv, *pub2, **key;
2100 u_int32_t g;
2101 {
2102 BIGNUM *dh_pub = NULL;
2103 DH *dh = NULL;
2104 int l;
2105 unsigned char *v = NULL;
2106 int error = -1;
2107
2108 /* make public number to compute */
2109 if (eay_v2bn(&dh_pub, pub2) < 0)
2110 goto end;
2111
2112 /* make DH structure */
2113 if ((dh = DH_new()) == NULL)
2114 goto end;
2115 if (eay_v2bn(&dh->p, prime) < 0)
2116 goto end;
2117 if (eay_v2bn(&dh->pub_key, pub) < 0)
2118 goto end;
2119 if (eay_v2bn(&dh->priv_key, priv) < 0)
2120 goto end;
2121 dh->length = pub2->l * 8;
2122
2123 dh->g = NULL;
2124 if ((dh->g = BN_new()) == NULL)
2125 goto end;
2126 if (!BN_set_word(dh->g, g))
2127 goto end;
2128
2129 if ((v = racoon_calloc(prime->l, sizeof(u_char))) == NULL)
2130 goto end;
2131 if ((l = DH_compute_key(v, dh_pub, dh)) == -1)
2132 goto end;
2133 memcpy((*key)->v + (prime->l - l), v, l);
2134
2135 error = 0;
2136
2137 end:
2138 if (dh_pub != NULL)
2139 BN_free(dh_pub);
2140 if (dh != NULL)
2141 DH_free(dh);
2142 if (v != NULL)
2143 racoon_free(v);
2144 return(error);
2145 }
2146
2147 /*
2148 * convert vchar_t <-> BIGNUM.
2149 *
2150 * vchar_t: unit is u_char, network endian, most significant byte first.
2151 * BIGNUM: unit is BN_ULONG, each of BN_ULONG is in host endian,
2152 * least significant BN_ULONG must come first.
2153 *
2154 * hex value of "0x3ffe050104" is represented as follows:
2155 * vchar_t: 3f fe 05 01 04
2156 * BIGNUM (BN_ULONG = u_int8_t): 04 01 05 fe 3f
2157 * BIGNUM (BN_ULONG = u_int16_t): 0x0104 0xfe05 0x003f
2158 * BIGNUM (BN_ULONG = u_int32_t_t): 0xfe050104 0x0000003f
2159 */
2160 int
2161 eay_v2bn(bn, var)
2162 BIGNUM **bn;
2163 vchar_t *var;
2164 {
2165 if ((*bn = BN_bin2bn((unsigned char *) var->v, var->l, NULL)) == NULL)
2166 return -1;
2167
2168 return 0;
2169 }
2170
2171 int
2172 eay_bn2v(var, bn)
2173 vchar_t **var;
2174 BIGNUM *bn;
2175 {
2176 *var = vmalloc(bn->top * BN_BYTES);
2177 if (*var == NULL)
2178 return(-1);
2179
2180 (*var)->l = BN_bn2bin(bn, (unsigned char *) (*var)->v);
2181
2182 return 0;
2183 }
2184
2185 void
2186 eay_init()
2187 {
2188 OpenSSL_add_all_algorithms();
2189 ERR_load_crypto_strings();
2190 #ifdef HAVE_OPENSSL_ENGINE_H
2191 ENGINE_load_builtin_engines();
2192 ENGINE_register_all_complete();
2193 #endif
2194 }
2195
2196 vchar_t *
2197 base64_decode(char *in, long inlen)
2198 {
2199 BIO *bio=NULL, *b64=NULL;
2200 vchar_t *res = NULL;
2201 char *outb;
2202 long outlen;
2203
2204 outb = malloc(inlen * 2);
2205 if (outb == NULL)
2206 goto out;
2207 bio = BIO_new_mem_buf(in, inlen);
2208 b64 = BIO_new(BIO_f_base64());
2209 BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
2210 bio = BIO_push(b64, bio);
2211
2212 outlen = BIO_read(bio, outb, inlen * 2);
2213 if (outlen <= 0) {
2214 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
2215 goto out;
2216 }
2217
2218 res = vmalloc(outlen);
2219 if (!res)
2220 goto out;
2221
2222 memcpy(res->v, outb, outlen);
2223
2224 out:
2225 if (outb)
2226 free(outb);
2227 if (bio)
2228 BIO_free_all(bio);
2229
2230 return res;
2231 }
2232
2233 vchar_t *
2234 base64_encode(char *in, long inlen)
2235 {
2236 BIO *bio=NULL, *b64=NULL;
2237 char *ptr;
2238 long plen = -1;
2239 vchar_t *res = NULL;
2240
2241 bio = BIO_new(BIO_s_mem());
2242 b64 = BIO_new(BIO_f_base64());
2243 BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
2244 bio = BIO_push(b64, bio);
2245
2246 BIO_write(bio, in, inlen);
2247 BIO_flush(bio);
2248
2249 plen = BIO_get_mem_data(bio, &ptr);
2250 res = vmalloc(plen+1);
2251 if (!res)
2252 goto out;
2253
2254 memcpy (res->v, ptr, plen);
2255 res->v[plen] = '\0';
2256
2257 out:
2258 if (bio)
2259 BIO_free_all(bio);
2260
2261 return res;
2262 }
2263
2264 static RSA *
2265 binbuf_pubkey2rsa(vchar_t *binbuf)
2266 {
2267 BIGNUM *exp, *mod;
2268 RSA *rsa_pub = NULL;
2269
2270 if (binbuf->v[0] > binbuf->l - 1) {
2271 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: decoded string doesn't make sense.\n");
2272 goto out;
2273 }
2274
2275 exp = BN_bin2bn((unsigned char *) (binbuf->v + 1), binbuf->v[0], NULL);
2276 mod = BN_bin2bn((unsigned char *) (binbuf->v + binbuf->v[0] + 1),
2277 binbuf->l - binbuf->v[0] - 1, NULL);
2278 rsa_pub = RSA_new();
2279
2280 if (!exp || !mod || !rsa_pub) {
2281 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey parsing error: %s\n", eay_strerror());
2282 if (exp)
2283 BN_free(exp);
2284 if (mod)
2285 BN_free(exp);
2286 if (rsa_pub)
2287 RSA_free(rsa_pub);
2288 rsa_pub = NULL;
2289 goto out;
2290 }
2291
2292 rsa_pub->n = mod;
2293 rsa_pub->e = exp;
2294
2295 out:
2296 return rsa_pub;
2297 }
2298
2299 RSA *
2300 base64_pubkey2rsa(char *in)
2301 {
2302 BIGNUM *exp, *mod;
2303 RSA *rsa_pub = NULL;
2304 vchar_t *binbuf;
2305
2306 if (strncmp(in, "0s", 2) != 0) {
2307 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: doesn't start with '0s'\n");
2308 return NULL;
2309 }
2310
2311 binbuf = base64_decode(in + 2, strlen(in + 2));
2312 if (!binbuf) {
2313 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: Base64 decoding failed.\n");
2314 return NULL;
2315 }
2316
2317 if (binbuf->v[0] > binbuf->l - 1) {
2318 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: decoded string doesn't make sense.\n");
2319 goto out;
2320 }
2321
2322 rsa_pub = binbuf_pubkey2rsa(binbuf);
2323
2324 out:
2325 if (binbuf)
2326 vfree(binbuf);
2327
2328 return rsa_pub;
2329 }
2330
2331 RSA *
2332 bignum_pubkey2rsa(BIGNUM *in)
2333 {
2334 RSA *rsa_pub = NULL;
2335 vchar_t *binbuf;
2336
2337 binbuf = vmalloc(BN_num_bytes(in));
2338 if (!binbuf) {
2339 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey conversion: memory allocation failed..\n");
2340 return NULL;
2341 }
2342
2343 BN_bn2bin(in, (unsigned char *) binbuf->v);
2344
2345 rsa_pub = binbuf_pubkey2rsa(binbuf);
2346
2347 out:
2348 if (binbuf)
2349 vfree(binbuf);
2350
2351 return rsa_pub;
2352 }
2353 #endif /* HAVE_OPENSSL */
2354
2355 u_int32_t
2356 eay_random()
2357 {
2358 u_int32_t result;
2359 vchar_t *vrand;
2360
2361 vrand = eay_set_random(sizeof(result));
2362 memcpy(&result, vrand->v, sizeof(result));
2363 vfree(vrand);
2364
2365 return result;
2366 }
2367
2368 #ifdef HAVE_OPENSSL
2369 const char *
2370 eay_version()
2371 {
2372 return SSLeay_version(SSLEAY_VERSION);
2373 }
2374 #endif
mirror of ipsec