1 /* $KAME: crypto_openssl.c,v 1.73 2003/04/24 02:21:22 itojun Exp $ */
4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the project nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 #include <sys/types.h>
33 #include <sys/param.h>
40 /* get openssl/ssleay version number */
41 #ifdef HAVE_OPENSSL_OPENSSLV_H
42 # include <openssl/opensslv.h>
44 # error no opensslv.h found.
47 #ifndef OPENSSL_VERSION_NUMBER
48 #error OPENSSL_VERSION_NUMBER is not defined. OpenSSL0.9.4 or later required.
51 #ifdef HAVE_OPENSSL_PEM_H
52 #include <openssl/pem.h>
54 #ifdef HAVE_OPENSSL_EVP_H
55 #include <openssl/evp.h>
57 #ifdef HAVE_OPENSSL_X509_H
58 #include <openssl/x509.h>
59 #include <openssl/x509v3.h>
60 #include <openssl/x509_vfy.h>
62 #include <openssl/bn.h>
63 #include <openssl/dh.h>
64 #include <openssl/md5.h>
65 #include <openssl/sha.h>
66 #include <openssl/hmac.h>
67 #include <openssl/des.h>
68 #include <openssl/crypto.h>
69 #ifdef HAVE_OPENSSL_IDEA_H
70 #include <openssl/idea.h>
72 #include <openssl/blowfish.h>
73 #ifdef HAVE_OPENSSL_RC5_H
74 #include <openssl/rc5.h>
76 #include <openssl/cast.h>
77 #include <openssl/err.h>
78 #ifdef HAVE_OPENSSL_RIJNDAEL_H
79 #include <openssl/rijndael.h>
81 #include "rijndael-api-fst.h"
83 #ifdef HAVE_OPENSSL_SHA2_H
84 #include <openssl/sha2.h>
93 #include "crypto_openssl.h"
98 * I hate to cast every parameter to des_xx into void *, but it is
99 * necessary for SSLeay/OpenSSL portability. It sucks.
102 #ifdef HAVE_SIGNING_C
103 static int cb_check_cert_local
__P((int, X509_STORE_CTX
*));
104 static int cb_check_cert_remote
__P((int, X509_STORE_CTX
*));
105 static X509
*mem2x509
__P((vchar_t
*));
108 static caddr_t eay_hmac_init
__P((vchar_t
*, const EVP_MD
*));
110 #ifdef HAVE_SIGNING_C
111 /* X509 Certificate */
113 * convert the string of the subject name into DER
114 * e.g. str = "C=JP, ST=Kanagawa";
117 eay_str2asn1dn(str
, len
)
128 buf
= racoon_malloc(len
+ 1);
130 printf("failed to allocate buffer\n");
133 memcpy(buf
, str
, len
);
135 name
= X509_NAME_new();
139 for (i
= 0; i
< len
; i
++) {
140 if (!value
&& buf
[i
] == '=') {
144 } else if (buf
[i
] == ',' || buf
[i
] == '/') {
147 printf("[%s][%s]\n", field
, value
);
149 if (!X509_NAME_add_entry_by_txt(name
, field
,
150 MBSTRING_ASC
, value
, -1, -1, 0))
152 for (j
= i
+ 1; j
< len
; j
++) {
163 printf("[%s][%s]\n", field
, value
);
165 if (!X509_NAME_add_entry_by_txt(name
, field
,
166 MBSTRING_ASC
, value
, -1, -1, 0))
169 i
= i2d_X509_NAME(name
, NULL
);
176 i
= i2d_X509_NAME(name
, (unsigned char **)&p
);
186 X509_NAME_free(name
);
191 * compare two subjectNames.
197 eay_cmp_asn1dn(n1
, n2
)
200 X509_NAME
*a
= NULL
, *b
= NULL
;
205 if (!d2i_X509_NAME(&a
, (unsigned char **)&p
, n1
->l
))
208 if (!d2i_X509_NAME(&b
, (unsigned char **)&p
, n2
->l
))
211 i
= X509_NAME_cmp(a
, b
);
222 * this functions is derived from apps/verify.c in OpenSSL0.9.5
225 eay_check_x509cert(cert
, CApath
, local
)
230 X509_STORE
*cert_ctx
= NULL
;
231 X509_LOOKUP
*lookup
= NULL
;
233 #if OPENSSL_VERSION_NUMBER >= 0x00905100L
240 /* XXX define only functions required. */
241 #if OPENSSL_VERSION_NUMBER >= 0x00905100L
242 OpenSSL_add_all_algorithms();
244 SSLeay_add_all_algorithms();
247 cert_ctx
= X509_STORE_new();
248 if (cert_ctx
== NULL
)
252 X509_STORE_set_verify_cb_func(cert_ctx
, cb_check_cert_local
);
254 X509_STORE_set_verify_cb_func(cert_ctx
, cb_check_cert_remote
);
256 lookup
= X509_STORE_add_lookup(cert_ctx
, X509_LOOKUP_file());
259 X509_LOOKUP_load_file(lookup
, NULL
, X509_FILETYPE_DEFAULT
); /* XXX */
261 lookup
= X509_STORE_add_lookup(cert_ctx
, X509_LOOKUP_hash_dir());
264 error
= X509_LOOKUP_add_dir(lookup
, CApath
, X509_FILETYPE_PEM
);
269 error
= -1; /* initialized */
271 /* read the certificate to be verified */
272 x509
= mem2x509(cert
);
276 #if OPENSSL_VERSION_NUMBER >= 0x00905100L
277 csc
= X509_STORE_CTX_new();
280 X509_STORE_CTX_init(csc
, cert_ctx
, x509
, NULL
);
282 #if OPENSSL_VERSION_NUMBER >= 0x00907000L
283 X509_STORE_CTX_set_flags(csc
, X509_V_FLAG_CRL_CHECK
);
284 X509_STORE_CTX_set_flags(csc
, X509_V_FLAG_CRL_CHECK_ALL
);
287 error
= X509_verify_cert(csc
);
288 X509_STORE_CTX_cleanup(csc
);
290 X509_STORE_CTX_init(&csc
, cert_ctx
, x509
, NULL
);
291 error
= X509_verify_cert(&csc
);
292 X509_STORE_CTX_cleanup(&csc
);
296 * if x509_verify_cert() is successful then the value of error is
299 error
= error
? 0 : -1;
303 printf("%s\n", eay_strerror());
304 if (cert_ctx
!= NULL
)
305 X509_STORE_free(cert_ctx
);
313 * callback function for verifing certificate.
314 * Derived from cb() in openssl/apps/s_server.c
316 * This one is called for certificates obtained from
317 * 'peers_certfile' directive.
320 cb_check_cert_local(ok
, ctx
)
329 X509_get_subject_name(ctx
->current_cert
),
333 * since we are just checking the certificates, it is
334 * ok if they are self signed. But we should still warn
337 switch (ctx
->error
) {
338 case X509_V_ERR_CERT_HAS_EXPIRED
:
339 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
:
340 #if OPENSSL_VERSION_NUMBER >= 0x00905100L
341 case X509_V_ERR_INVALID_PURPOSE
:
342 case X509_V_ERR_UNABLE_TO_GET_CRL
:
345 log_tag
= LLV_WARNING
;
354 plog(log_tag
, LOCATION
, NULL
,
355 "%s(%d) at depth:%d SubjectName:%s\n",
356 X509_verify_cert_error_string(ctx
->error
),
361 printf("%d: %s(%d) at depth:%d SubjectName:%s\n",
363 X509_verify_cert_error_string(ctx
->error
),
375 * Similar to cb_check_cert_local() but this one is called
376 * for certificates obtained from the IKE payload.
379 cb_check_cert_remote(ok
, ctx
)
388 X509_get_subject_name(ctx
->current_cert
),
391 switch (ctx
->error
) {
392 case X509_V_ERR_UNABLE_TO_GET_CRL
:
394 log_tag
= LLV_WARNING
;
400 plog(log_tag
, LOCATION
, NULL
,
401 "%s(%d) at depth:%d SubjectName:%s\n",
402 X509_verify_cert_error_string(ctx
->error
),
407 printf("%d: %s(%d) at depth:%d SubjectName:%s\n",
409 X509_verify_cert_error_string(ctx
->error
),
421 * get a subjectAltName from X509 certificate.
424 eay_get_x509asn1subjectname(cert
)
429 vchar_t
*name
= NULL
;
435 x509
= mem2x509(cert
);
439 /* get the length of the name */
440 len
= i2d_X509_NAME(x509
->cert_info
->subject
, NULL
);
446 len
= i2d_X509_NAME(x509
->cert_info
->subject
, &bp
);
453 plog(LLV_ERROR
, LOCATION
, NULL
, "%s\n", eay_strerror());
455 printf("%s\n", eay_strerror());
469 * Get the common name from a cert
471 #define EAY_MAX_CN_LEN 256
473 eay_get_x509_common_name(cert
)
478 vchar_t
*commonName
= NULL
;
480 commonName
= vmalloc(EAY_MAX_CN_LEN
);
481 if (commonName
== NULL
) {
482 plog(LLV_ERROR
, LOCATION
, NULL
, "no memory\n");
486 x509
= mem2x509(cert
);
492 name
= X509_get_subject_name(x509
);
493 X509_NAME_get_text_by_NID(name
, NID_commonName
, commonName
->v
, EAY_MAX_CN_LEN
);
495 commonName
->l
= strlen(commonName
->v
);
503 * get the subjectAltName from X509 certificate.
504 * the name must be terminated by '\0'.
507 eay_get_x509subjectaltname(cert
, altname
, type
, pos
, len
)
521 *type
= GENT_OTHERNAME
;
523 x509
= mem2x509(cert
);
527 gens
= X509_get_ext_d2i(x509
, NID_subject_alt_name
, NULL
, NULL
);
531 for (i
= 0; i
< sk_GENERAL_NAME_num(gens
); i
++) {
537 /* there is no data at "pos" */
538 if (i
== sk_GENERAL_NAME_num(gens
))
541 gen
= sk_GENERAL_NAME_value(gens
, i
);
543 /* make sure the data is terminated by '\0'. */
544 if (gen
->d
.ia5
->data
[gen
->d
.ia5
->length
] != '\0') {
546 plog(LLV_ERROR
, LOCATION
, NULL
,
547 "data is not terminated by '\0'.");
549 hexdump(gen
->d
.ia5
->data
, gen
->d
.ia5
->length
+ 1);
553 *len
= gen
->d
.ia5
->length
+ 1;
554 *altname
= racoon_malloc(*len
);
558 strlcpy(*altname
, gen
->d
.ia5
->data
, *len
);
566 racoon_free(*altname
);
570 plog(LLV_ERROR
, LOCATION
, NULL
, "%s\n", eay_strerror());
572 printf("%s\n", eay_strerror());
583 * decode a X509 certificate and make a readable text terminated '\n'.
584 * return the buffer allocated, so must free it later.
587 eay_get_x509text(cert
)
597 x509
= mem2x509(cert
);
601 bio
= BIO_new(BIO_s_mem());
605 error
= X509_print(bio
, x509
);
611 len
= BIO_get_mem_data(bio
, &bp
);
612 text
= racoon_malloc(len
+ 1);
615 memcpy(text
, bp
, len
);
627 plog(LLV_ERROR
, LOCATION
, NULL
, "%s\n", eay_strerror());
629 printf("%s\n", eay_strerror());
640 /* get X509 structure from buffer. */
653 x509
= d2i_X509(NULL
, &bp
, cert
->l
);
660 bio
= BIO_new(BIO_s_mem());
663 len
= BIO_write(bio
, cert
->v
, cert
->l
);
666 x509
= PEM_read_bio_X509(bio
, NULL
, NULL
, NULL
);
674 * get a X509 certificate from local file.
675 * a certificate must be PEM format.
677 * path to a certificate.
679 * NULL if error occured
683 eay_get_x509cert(path
)
693 /* Read private key */
694 fp
= fopen(path
, "r");
697 #if OPENSSL_VERSION_NUMBER >= 0x00904100L
698 x509
= PEM_read_X509(fp
, NULL
, NULL
, NULL
);
700 x509
= PEM_read_X509(fp
, NULL
, NULL
);
707 len
= i2d_X509(x509
, NULL
);
714 error
= i2d_X509(x509
, &bp
);
724 * sign a souce by X509 signature.
725 * XXX: to be get hash type from my cert ?
726 * to be handled EVP_dss().
729 eay_get_x509sign(source
, privkey
, cert
)
736 sig
= eay_rsa_sign(source
, privkey
);
742 * check a X509 signature
743 * XXX: to be get hash type from my cert ?
744 * to be handled EVP_dss().
745 * OUT: return -1 when error.
749 eay_check_x509sign(source
, sig
, cert
)
760 x509
= d2i_X509(NULL
, &bp
, cert
->l
);
763 plog(LLV_ERROR
, LOCATION
, NULL
, "%s\n", eay_strerror());
768 evp
= X509_get_pubkey(x509
);
771 plog(LLV_ERROR
, LOCATION
, NULL
, "X509_get_pubkey: %s\n", eay_strerror());
776 return eay_rsa_verify(source
, sig
, evp
);
780 * check a signature by signed with PKCS7 certificate.
781 * XXX: to be get hash type from my cert ?
782 * to be handled EVP_dss().
783 * OUT: return -1 when error.
787 eay_check_pkcs7sign(source
, sig
, cert
)
796 BIO
*bio
= BIO_new(BIO_s_mem());
801 error
= BIO_write(bio
, cert
->v
, cert
->l
);
802 if (error
!= cert
->l
)
806 x509
= PEM_read_bio_X509(bio
, NULL
, NULL
, NULL
);
811 evp
= X509_get_pubkey(x509
);
816 /* Verify the signature */
817 /* XXX: to be handled EVP_dss() */
818 EVP_VerifyInit(&md_ctx
, EVP_sha1());
819 EVP_VerifyUpdate(&md_ctx
, source
->v
, source
->l
);
820 error
= EVP_VerifyFinal(&md_ctx
, sig
->v
, sig
->l
, evp
);
831 * get PKCS#1 Private Key of PEM format from local file.
834 eay_get_pkcs1privkey(path
)
838 EVP_PKEY
*evp
= NULL
;
839 vchar_t
*pkey
= NULL
;
844 /* Read private key */
845 fp
= fopen(path
, "r");
849 #if OPENSSL_VERSION_NUMBER >= 0x00904100L
850 evp
= PEM_read_PrivateKey(fp
, NULL
, NULL
, NULL
);
852 evp
= PEM_read_PrivateKey(fp
, NULL
, NULL
);
859 pkeylen
= i2d_PrivateKey(evp
, NULL
);
862 pkey
= vmalloc(pkeylen
);
866 pkeylen
= i2d_PrivateKey(evp
, &bp
);
875 if (error
!= 0 && pkey
!= NULL
) {
884 * get PKCS#1 Public Key of PEM format from local file.
887 eay_get_pkcs1pubkey(path
)
891 EVP_PKEY
*evp
= NULL
;
892 vchar_t
*pkey
= NULL
;
898 /* Read private key */
899 fp
= fopen(path
, "r");
903 #if OPENSSL_VERSION_NUMBER >= 0x00904100L
904 x509
= PEM_read_X509(fp
, NULL
, NULL
, NULL
);
906 x509
= PEM_read_X509(fp
, NULL
, NULL
);
913 /* Get public key - eay */
914 evp
= X509_get_pubkey(x509
);
918 pkeylen
= i2d_PublicKey(evp
, NULL
);
921 pkey
= vmalloc(pkeylen
);
925 pkeylen
= i2d_PublicKey(evp
, &bp
);
933 if (error
!= 0 && pkey
!= NULL
) {
943 eay_rsa_sign(src
, privkey
)
944 vchar_t
*src
, *privkey
;
947 u_char
*bp
= privkey
->v
;
950 int pad
= RSA_PKCS1_PADDING
;
952 /* XXX to be handled EVP_PKEY_DSA */
953 evp
= d2i_PrivateKey(EVP_PKEY_RSA
, NULL
, &bp
, privkey
->l
);
957 /* XXX: to be handled EVP_dss() */
958 /* XXX: Where can I get such parameters ? From my cert ? */
960 len
= RSA_size(evp
->pkey
.rsa
);
966 len
= RSA_private_encrypt(src
->l
, src
->v
, sig
->v
, evp
->pkey
.rsa
, pad
);
968 if (len
== 0 || len
!= sig
->l
) {
977 eay_rsa_verify(src
, sig
, evp
)
981 vchar_t
*xbuf
= NULL
;
982 int pad
= RSA_PKCS1_PADDING
;
986 len
= RSA_size(evp
->pkey
.rsa
);
991 plog(LLV_ERROR
, LOCATION
, NULL
, "%s\n", eay_strerror());
997 len
= RSA_public_decrypt(sig
->l
, sig
->v
, xbuf
->v
, evp
->pkey
.rsa
, pad
);
999 if (len
== 0 || len
!= src
->l
)
1000 plog(LLV_ERROR
, LOCATION
, NULL
, "%s\n", eay_strerror());
1003 if (len
== 0 || len
!= src
->l
) {
1008 error
= memcmp(src
->v
, xbuf
->v
, src
->l
);
1018 * MUST load ERR_load_crypto_strings() first.
1023 static char ebuf
[512];
1027 #if OPENSSL_VERSION_NUMBER >= 0x00904100L
1028 const char *file
, *data
;
1035 es
= CRYPTO_thread_id();
1037 while ((l
= ERR_get_error_line_data(&file
, &line
, &data
, &flags
)) != 0){
1038 n
= snprintf(ebuf
+ len
, sizeof(ebuf
) - len
,
1040 es
, ERR_error_string(l
, buf
), file
, line
,
1041 (flags
& ERR_TXT_STRING
) ? data
: "");
1042 if (n
< 0 || n
>= sizeof(ebuf
) - len
)
1045 if (sizeof(ebuf
) < len
)
1055 ERR_load_crypto_strings();
1062 eay_des_encrypt(data
, key
, iv
)
1063 vchar_t
*data
, *key
, *iv
;
1066 des_key_schedule ks
;
1068 if (des_key_sched((void *)key
->v
, ks
) != 0)
1071 /* allocate buffer for result */
1072 if ((res
= vmalloc(data
->l
)) == NULL
)
1075 /* decryption data */
1076 des_cbc_encrypt((void *)data
->v
, (void *)res
->v
, data
->l
,
1077 ks
, (void *)iv
->v
, DES_ENCRYPT
);
1083 eay_des_decrypt(data
, key
, iv
)
1084 vchar_t
*data
, *key
, *iv
;
1087 des_key_schedule ks
;
1089 if (des_key_sched((void *)key
->v
, ks
) != 0)
1092 /* allocate buffer for result */
1093 if ((res
= vmalloc(data
->l
)) == NULL
)
1096 /* decryption data */
1097 des_cbc_encrypt((void *)data
->v
, (void *)res
->v
, data
->l
,
1098 ks
, (void *)iv
->v
, DES_DECRYPT
);
1104 eay_des_weakkey(key
)
1107 return des_is_weak_key((void *)key
->v
);
1114 if (len
!= 0 && len
!= 64)
1119 #ifdef HAVE_OPENSSL_IDEA_H
1124 eay_idea_encrypt(data
, key
, iv
)
1125 vchar_t
*data
, *key
, *iv
;
1128 IDEA_KEY_SCHEDULE ks
;
1130 idea_set_encrypt_key(key
->v
, &ks
);
1132 /* allocate buffer for result */
1133 if ((res
= vmalloc(data
->l
)) == NULL
)
1136 /* decryption data */
1137 idea_cbc_encrypt(data
->v
, res
->v
, data
->l
,
1138 &ks
, iv
->v
, IDEA_ENCRYPT
);
1144 eay_idea_decrypt(data
, key
, iv
)
1145 vchar_t
*data
, *key
, *iv
;
1148 IDEA_KEY_SCHEDULE ks
, dks
;
1150 idea_set_encrypt_key(key
->v
, &ks
);
1151 idea_set_decrypt_key(&ks
, &dks
);
1153 /* allocate buffer for result */
1154 if ((res
= vmalloc(data
->l
)) == NULL
)
1157 /* decryption data */
1158 idea_cbc_encrypt(data
->v
, res
->v
, data
->l
,
1159 &dks
, iv
->v
, IDEA_DECRYPT
);
1165 eay_idea_weakkey(key
)
1172 eay_idea_keylen(len
)
1175 if (len
!= 0 && len
!= 128)
1185 eay_bf_encrypt(data
, key
, iv
)
1186 vchar_t
*data
, *key
, *iv
;
1191 BF_set_key(&ks
, key
->l
, key
->v
);
1193 /* allocate buffer for result */
1194 if ((res
= vmalloc(data
->l
)) == NULL
)
1197 /* decryption data */
1198 BF_cbc_encrypt(data
->v
, res
->v
, data
->l
,
1199 &ks
, iv
->v
, BF_ENCRYPT
);
1205 eay_bf_decrypt(data
, key
, iv
)
1206 vchar_t
*data
, *key
, *iv
;
1211 BF_set_key(&ks
, key
->l
, key
->v
);
1213 /* allocate buffer for result */
1214 if ((res
= vmalloc(data
->l
)) == NULL
)
1217 /* decryption data */
1218 BF_cbc_encrypt(data
->v
, res
->v
, data
->l
,
1219 &ks
, iv
->v
, BF_DECRYPT
);
1228 return 0; /* XXX to be done. refer to RFC 2451 */
1237 if (len
< 40 || len
> 448)
1239 return (len
+ 7) / 8;
1242 #ifdef HAVE_OPENSSL_RC5_H
1247 eay_rc5_encrypt(data
, key
, iv
)
1248 vchar_t
*data
, *key
, *iv
;
1253 /* in RFC 2451, there is information about the number of round. */
1254 RC5_32_set_key(&ks
, key
->l
, key
->v
, 16);
1256 /* allocate buffer for result */
1257 if ((res
= vmalloc(data
->l
)) == NULL
)
1260 /* decryption data */
1261 RC5_32_cbc_encrypt(data
->v
, res
->v
, data
->l
,
1262 &ks
, iv
->v
, RC5_ENCRYPT
);
1268 eay_rc5_decrypt(data
, key
, iv
)
1269 vchar_t
*data
, *key
, *iv
;
1274 /* in RFC 2451, there is information about the number of round. */
1275 RC5_32_set_key(&ks
, key
->l
, key
->v
, 16);
1277 /* allocate buffer for result */
1278 if ((res
= vmalloc(data
->l
)) == NULL
)
1281 /* decryption data */
1282 RC5_32_cbc_encrypt(data
->v
, res
->v
, data
->l
,
1283 &ks
, iv
->v
, RC5_DECRYPT
);
1289 eay_rc5_weakkey(key
)
1292 return 0; /* No known weak keys when used with 16 rounds. */
1302 if (len
< 40 || len
> 2040)
1304 return (len
+ 7) / 8;
1312 eay_3des_encrypt(data
, key
, iv
)
1313 vchar_t
*data
, *key
, *iv
;
1316 des_key_schedule ks1
, ks2
, ks3
;
1321 if (des_key_sched((void *)key
->v
, ks1
) != 0)
1323 if (des_key_sched((void *)(key
->v
+ 8), ks2
) != 0)
1325 if (des_key_sched((void *)(key
->v
+ 16), ks3
) != 0)
1328 /* allocate buffer for result */
1329 if ((res
= vmalloc(data
->l
)) == NULL
)
1332 /* decryption data */
1333 des_ede3_cbc_encrypt((void *)data
->v
, (void *)res
->v
, data
->l
,
1334 ks1
, ks2
, ks3
, (void *)iv
->v
, DES_ENCRYPT
);
1340 eay_3des_decrypt(data
, key
, iv
)
1341 vchar_t
*data
, *key
, *iv
;
1344 des_key_schedule ks1
, ks2
, ks3
;
1349 if (des_key_sched((void *)key
->v
, ks1
) != 0)
1351 if (des_key_sched((void *)(key
->v
+ 8), ks2
) != 0)
1353 if (des_key_sched((void *)(key
->v
+ 16), ks3
) != 0)
1356 /* allocate buffer for result */
1357 if ((res
= vmalloc(data
->l
)) == NULL
)
1360 /* decryption data */
1361 des_ede3_cbc_encrypt((void *)data
->v
, (void *)res
->v
, data
->l
,
1362 ks1
, ks2
, ks3
, (void *)iv
->v
, DES_DECRYPT
);
1368 eay_3des_weakkey(key
)
1374 return (des_is_weak_key((void *)key
->v
)
1375 || des_is_weak_key((void *)(key
->v
+ 8))
1376 || des_is_weak_key((void *)(key
->v
+ 16)));
1380 eay_3des_keylen(len
)
1383 if (len
!= 0 && len
!= 192)
1392 eay_cast_encrypt(data
, key
, iv
)
1393 vchar_t
*data
, *key
, *iv
;
1398 CAST_set_key(&ks
, key
->l
, key
->v
);
1400 /* allocate buffer for result */
1401 if ((res
= vmalloc(data
->l
)) == NULL
)
1404 /* decryption data */
1405 CAST_cbc_encrypt(data
->v
, res
->v
, data
->l
,
1406 &ks
, iv
->v
, DES_ENCRYPT
);
1412 eay_cast_decrypt(data
, key
, iv
)
1413 vchar_t
*data
, *key
, *iv
;
1418 CAST_set_key(&ks
, key
->l
, key
->v
);
1420 /* allocate buffer for result */
1421 if ((res
= vmalloc(data
->l
)) == NULL
)
1424 /* decryption data */
1425 CAST_cbc_encrypt(data
->v
, res
->v
, data
->l
,
1426 &ks
, iv
->v
, DES_DECRYPT
);
1432 eay_cast_weakkey(key
)
1435 return 0; /* No known weak keys. */
1439 eay_cast_keylen(len
)
1444 if (len
< 40 || len
> 128)
1446 return (len
+ 7) / 8;
1453 eay_aes_encrypt(data
, key
, iv
)
1454 vchar_t
*data
, *key
, *iv
;
1460 memset(&k
, 0, sizeof(k
));
1461 if (rijndael_makeKey(&k
, DIR_ENCRYPT
, key
->l
<< 3, key
->v
) < 0)
1464 /* allocate buffer for result */
1465 if ((res
= vmalloc(data
->l
)) == NULL
)
1468 /* encryption data */
1469 memset(&c
, 0, sizeof(c
));
1470 if (rijndael_cipherInit(&c
, MODE_CBC
, iv
->v
) < 0)
1472 if (rijndael_blockEncrypt(&c
, &k
, data
->v
, data
->l
<< 3, res
->v
) < 0)
1479 eay_aes_decrypt(data
, key
, iv
)
1480 vchar_t
*data
, *key
, *iv
;
1486 memset(&k
, 0, sizeof(k
));
1487 if (rijndael_makeKey(&k
, DIR_DECRYPT
, key
->l
<< 3, key
->v
) < 0)
1490 /* allocate buffer for result */
1491 if ((res
= vmalloc(data
->l
)) == NULL
)
1494 /* decryption data */
1495 memset(&c
, 0, sizeof(c
));
1496 if (rijndael_cipherInit(&c
, MODE_CBC
, iv
->v
) < 0)
1498 if (rijndael_blockDecrypt(&c
, &k
, data
->v
, data
->l
<< 3, res
->v
) < 0)
1505 eay_aes_weakkey(key
)
1517 if (len
!= 128 && len
!= 192 && len
!= 256)
1522 /* for ipsec part */
1536 eay_twofish_keylen(len
)
1539 if (len
< 0 || len
> 256)
1545 eay_null_keylen(len
)
1555 eay_hmac_init(key
, md
)
1559 HMAC_CTX
*c
= racoon_malloc(sizeof(*c
));
1562 HMAC_Init(c
, key
->v
, key
->l
, md
);
1571 eay_hmacsha2_512_one(key
, data
)
1572 vchar_t
*key
, *data
;
1577 ctx
= eay_hmacsha2_512_init(key
);
1578 eay_hmacsha2_512_update(ctx
, data
);
1579 res
= eay_hmacsha2_512_final(ctx
);
1585 eay_hmacsha2_512_init(key
)
1588 return eay_hmac_init(key
, EVP_sha2_512());
1592 eay_hmacsha2_512_update(c
, data
)
1596 HMAC_Update((HMAC_CTX
*)c
, data
->v
, data
->l
);
1600 eay_hmacsha2_512_final(c
)
1606 if ((res
= vmalloc(SHA512_DIGEST_LENGTH
)) == 0)
1609 HMAC_Final((HMAC_CTX
*)c
, res
->v
, &l
);
1611 HMAC_CTX_cleanup(c
);
1612 (void)racoon_free(c
);
1614 if (SHA512_DIGEST_LENGTH
!= res
->l
) {
1616 plog(LLV_ERROR
, LOCATION
, NULL
,
1617 "hmac sha2_512 length mismatch %d.\n", res
->l
);
1619 printf("hmac sha2_512 length mismatch %d.\n", res
->l
);
1632 eay_hmacsha2_384_one(key
, data
)
1633 vchar_t
*key
, *data
;
1638 ctx
= eay_hmacsha2_384_init(key
);
1639 eay_hmacsha2_384_update(ctx
, data
);
1640 res
= eay_hmacsha2_384_final(ctx
);
1646 eay_hmacsha2_384_init(key
)
1649 return eay_hmac_init(key
, EVP_sha2_384());
1653 eay_hmacsha2_384_update(c
, data
)
1657 HMAC_Update((HMAC_CTX
*)c
, data
->v
, data
->l
);
1661 eay_hmacsha2_384_final(c
)
1667 if ((res
= vmalloc(SHA384_DIGEST_LENGTH
)) == 0)
1670 HMAC_Final((HMAC_CTX
*)c
, res
->v
, &l
);
1672 HMAC_CTX_cleanup(c
);
1673 (void)racoon_free(c
);
1675 if (SHA384_DIGEST_LENGTH
!= res
->l
) {
1677 plog(LLV_ERROR
, LOCATION
, NULL
,
1678 "hmac sha2_384 length mismatch %d.\n", res
->l
);
1680 printf("hmac sha2_384 length mismatch %d.\n", res
->l
);
1693 eay_hmacsha2_256_one(key
, data
)
1694 vchar_t
*key
, *data
;
1699 ctx
= eay_hmacsha2_256_init(key
);
1700 eay_hmacsha2_256_update(ctx
, data
);
1701 res
= eay_hmacsha2_256_final(ctx
);
1707 eay_hmacsha2_256_init(key
)
1710 return eay_hmac_init(key
, EVP_sha2_256());
1714 eay_hmacsha2_256_update(c
, data
)
1718 HMAC_Update((HMAC_CTX
*)c
, data
->v
, data
->l
);
1722 eay_hmacsha2_256_final(c
)
1728 if ((res
= vmalloc(SHA256_DIGEST_LENGTH
)) == 0)
1731 HMAC_Final((HMAC_CTX
*)c
, res
->v
, &l
);
1733 HMAC_CTX_cleanup(c
);
1734 (void)racoon_free(c
);
1736 if (SHA256_DIGEST_LENGTH
!= res
->l
) {
1738 plog(LLV_ERROR
, LOCATION
, NULL
,
1739 "hmac sha2_256 length mismatch %d.\n", res
->l
);
1741 printf("hmac sha2_256 length mismatch %d.\n", res
->l
);
1754 eay_hmacsha1_one(key
, data
)
1755 vchar_t
*key
, *data
;
1760 ctx
= eay_hmacsha1_init(key
);
1761 eay_hmacsha1_update(ctx
, data
);
1762 res
= eay_hmacsha1_final(ctx
);
1768 eay_hmacsha1_init(key
)
1771 return eay_hmac_init(key
, EVP_sha1());
1775 eay_hmacsha1_update(c
, data
)
1779 HMAC_Update((HMAC_CTX
*)c
, data
->v
, data
->l
);
1783 eay_hmacsha1_final(c
)
1789 if ((res
= vmalloc(SHA_DIGEST_LENGTH
)) == 0)
1792 HMAC_Final((HMAC_CTX
*)c
, res
->v
, &l
);
1794 HMAC_CTX_cleanup(c
);
1795 (void)racoon_free(c
);
1797 if (SHA_DIGEST_LENGTH
!= res
->l
) {
1799 plog(LLV_ERROR
, LOCATION
, NULL
,
1800 "hmac sha1 length mismatch %d.\n", res
->l
);
1802 printf("hmac sha1 length mismatch %d.\n", res
->l
);
1815 eay_hmacmd5_one(key
, data
)
1816 vchar_t
*key
, *data
;
1821 ctx
= eay_hmacmd5_init(key
);
1822 eay_hmacmd5_update(ctx
, data
);
1823 res
= eay_hmacmd5_final(ctx
);
1829 eay_hmacmd5_init(key
)
1832 return eay_hmac_init(key
, EVP_md5());
1836 eay_hmacmd5_update(c
, data
)
1840 HMAC_Update((HMAC_CTX
*)c
, data
->v
, data
->l
);
1844 eay_hmacmd5_final(c
)
1850 if ((res
= vmalloc(MD5_DIGEST_LENGTH
)) == 0)
1853 HMAC_Final((HMAC_CTX
*)c
, res
->v
, &l
);
1855 HMAC_CTX_cleanup(c
);
1856 (void)racoon_free(c
);
1858 if (MD5_DIGEST_LENGTH
!= res
->l
) {
1860 plog(LLV_ERROR
, LOCATION
, NULL
,
1861 "hmac md5 length mismatch %d.\n", res
->l
);
1863 printf("hmac md5 length mismatch %d.\n", res
->l
);
1873 * SHA2-512 functions
1878 SHA512_CTX
*c
= racoon_malloc(sizeof(*c
));
1886 eay_sha2_512_update(c
, data
)
1890 SHA512_Update((SHA512_CTX
*)c
, data
->v
, data
->l
);
1896 eay_sha2_512_final(c
)
1901 if ((res
= vmalloc(SHA512_DIGEST_LENGTH
)) == 0)
1904 SHA512_Final(res
->v
, (SHA512_CTX
*)c
);
1905 (void)racoon_free(c
);
1911 eay_sha2_512_one(data
)
1917 ctx
= eay_sha2_512_init();
1918 eay_sha2_512_update(ctx
, data
);
1919 res
= eay_sha2_512_final(ctx
);
1925 eay_sha2_512_hashlen()
1927 return SHA512_DIGEST_LENGTH
<< 3;
1931 * SHA2-384 functions
1936 SHA384_CTX
*c
= racoon_malloc(sizeof(*c
));
1944 eay_sha2_384_update(c
, data
)
1948 SHA384_Update((SHA384_CTX
*)c
, data
->v
, data
->l
);
1954 eay_sha2_384_final(c
)
1959 if ((res
= vmalloc(SHA384_DIGEST_LENGTH
)) == 0)
1962 SHA384_Final(res
->v
, (SHA384_CTX
*)c
);
1963 (void)racoon_free(c
);
1969 eay_sha2_384_one(data
)
1975 ctx
= eay_sha2_384_init();
1976 eay_sha2_384_update(ctx
, data
);
1977 res
= eay_sha2_384_final(ctx
);
1983 eay_sha2_384_hashlen()
1985 return SHA384_DIGEST_LENGTH
<< 3;
1989 * SHA2-256 functions
1994 SHA256_CTX
*c
= racoon_malloc(sizeof(*c
));
2002 eay_sha2_256_update(c
, data
)
2006 SHA256_Update((SHA256_CTX
*)c
, data
->v
, data
->l
);
2012 eay_sha2_256_final(c
)
2017 if ((res
= vmalloc(SHA256_DIGEST_LENGTH
)) == 0)
2020 SHA256_Final(res
->v
, (SHA256_CTX
*)c
);
2021 (void)racoon_free(c
);
2027 eay_sha2_256_one(data
)
2033 ctx
= eay_sha2_256_init();
2034 eay_sha2_256_update(ctx
, data
);
2035 res
= eay_sha2_256_final(ctx
);
2041 eay_sha2_256_hashlen()
2043 return SHA256_DIGEST_LENGTH
<< 3;
2052 SHA_CTX
*c
= racoon_malloc(sizeof(*c
));
2060 eay_sha1_update(c
, data
)
2064 SHA1_Update((SHA_CTX
*)c
, data
->v
, data
->l
);
2075 if ((res
= vmalloc(SHA_DIGEST_LENGTH
)) == 0)
2078 SHA1_Final(res
->v
, (SHA_CTX
*)c
);
2079 (void)racoon_free(c
);
2091 ctx
= eay_sha1_init();
2092 eay_sha1_update(ctx
, data
);
2093 res
= eay_sha1_final(ctx
);
2101 return SHA_DIGEST_LENGTH
<< 3;
2110 MD5_CTX
*c
= racoon_malloc(sizeof(*c
));
2118 eay_md5_update(c
, data
)
2122 MD5_Update((MD5_CTX
*)c
, data
->v
, data
->l
);
2133 if ((res
= vmalloc(MD5_DIGEST_LENGTH
)) == 0)
2136 MD5_Final(res
->v
, (MD5_CTX
*)c
);
2137 (void)racoon_free(c
);
2149 ctx
= eay_md5_init();
2150 eay_md5_update(ctx
, data
);
2151 res
= eay_md5_final(ctx
);
2159 return MD5_DIGEST_LENGTH
<< 3;
2164 * size: number of bytes.
2167 eay_set_random(size
)
2173 if ((r
= BN_new()) == NULL
)
2175 BN_rand(r
, size
* 8, 0, 0);
2186 eay_dh_generate(prime
, g
, publen
, pub
, priv
)
2187 vchar_t
*prime
, **pub
, **priv
;
2196 /* pre-process to generate number */
2197 if (eay_v2bn(&p
, prime
) < 0)
2200 if ((dh
= DH_new()) == NULL
)
2203 p
= NULL
; /* p is now part of dh structure */
2205 if ((dh
->g
= BN_new()) == NULL
)
2207 if (!BN_set_word(dh
->g
, g
))
2211 dh
->length
= publen
;
2213 /* generate public and private number */
2214 if (!DH_generate_key(dh
))
2217 /* copy results to buffers */
2218 if (eay_bn2v(pub
, dh
->pub_key
) < 0)
2220 if (eay_bn2v(priv
, dh
->priv_key
) < 0) {
2236 eay_dh_compute(prime
, g
, pub
, priv
, pub2
, key
)
2237 vchar_t
*prime
, *pub
, *priv
, *pub2
, **key
;
2240 BIGNUM
*dh_pub
= NULL
;
2246 /* make public number to compute */
2247 if (eay_v2bn(&dh_pub
, pub2
) < 0)
2250 /* make DH structure */
2251 if ((dh
= DH_new()) == NULL
)
2253 if (eay_v2bn(&dh
->p
, prime
) < 0)
2255 if (eay_v2bn(&dh
->pub_key
, pub
) < 0)
2257 if (eay_v2bn(&dh
->priv_key
, priv
) < 0)
2259 dh
->length
= pub2
->l
* 8;
2262 if ((dh
->g
= BN_new()) == NULL
)
2264 if (!BN_set_word(dh
->g
, g
))
2267 if ((v
= (caddr_t
)racoon_calloc(prime
->l
, sizeof(u_char
))) == NULL
)
2269 if ((l
= DH_compute_key(v
, dh_pub
, dh
)) == -1)
2271 memcpy((*key
)->v
+ (prime
->l
- l
), v
, l
);
2291 if ((*bn
= BN_bin2bn(var
->v
, var
->l
, NULL
)) == NULL
)
2298 * convert vchar_t <-> BIGNUM.
2300 * vchar_t: unit is u_char, network endian, most significant byte first.
2301 * BIGNUM: unit is BN_ULONG, each of BN_ULONG is in host endian,
2302 * least significant BN_ULONG must come first.
2304 * hex value of "0x3ffe050104" is represented as follows:
2305 * vchar_t: 3f fe 05 01 04
2306 * BIGNUM (BN_ULONG = u_int8_t): 04 01 05 fe 3f
2307 * BIGNUM (BN_ULONG = u_int16_t): 0x0104 0xfe05 0x003f
2308 * BIGNUM (BN_ULONG = u_int32_t_t): 0xfe050104 0x0000003f
2324 l
= (var
->l
* 8 + BN_BITS2
- 1) / BN_BITS2
;
2325 if (bn_expand(*bn
, l
* BN_BITS2
) == NULL
)
2329 /* scan from least significant byte */
2330 p
= (u_char
*)var
->v
;
2331 q
= (u_char
*)(var
->v
+ var
->l
);
2337 num
= num
| ((BN_ULONG
)*q
<< (l
++ * 8));
2338 if (l
== BN_BYTES
) {
2360 *var
= vmalloc(bn
->top
* BN_BYTES
);
2364 (*var
)->l
= BN_bn2bin(bn
, (*var
)->v
);
2372 return SSLeay_version(SSLEAY_VERSION
);
projects / apple / network_cmds.git / blob