]> git.saurik.com Git - apple/network_cmds.git/blob - racoon.tproj/crypto_openssl.c
projects / apple / network_cmds.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
network_cmds-176.2.1.tar.gz
[apple/network_cmds.git] / racoon.tproj / crypto_openssl.c
1 /* $KAME: crypto_openssl.c,v 1.73 2003/04/24 02:21:22 itojun Exp $ */
2
3 /*
4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the project nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 */
31
32 #include <sys/types.h>
33 #include <sys/param.h>
34
35 #include <stdlib.h>
36 #include <stdio.h>
37 #include <limits.h>
38 #include <string.h>
39
40 /* get openssl/ssleay version number */
41 #ifdef HAVE_OPENSSL_OPENSSLV_H
42 # include <openssl/opensslv.h>
43 #else
44 # error no opensslv.h found.
45 #endif
46
47 #ifndef OPENSSL_VERSION_NUMBER
48 #error OPENSSL_VERSION_NUMBER is not defined. OpenSSL0.9.4 or later required.
49 #endif
50
51 #ifdef HAVE_OPENSSL_PEM_H
52 #include <openssl/pem.h>
53 #endif
54 #ifdef HAVE_OPENSSL_EVP_H
55 #include <openssl/evp.h>
56 #endif
57 #ifdef HAVE_OPENSSL_X509_H
58 #include <openssl/x509.h>
59 #include <openssl/x509_vfy.h>
60 #endif
61 #include <openssl/bn.h>
62 #include <openssl/dh.h>
63 #include <openssl/md5.h>
64 #include <openssl/sha.h>
65 #include <openssl/hmac.h>
66 #include <openssl/des.h>
67 #include <openssl/crypto.h>
68 #ifdef HAVE_OPENSSL_IDEA_H
69 #include <openssl/idea.h>
70 #endif
71 #include <openssl/blowfish.h>
72 #ifdef HAVE_OPENSSL_RC5_H
73 #include <openssl/rc5.h>
74 #endif
75 #include <openssl/cast.h>
76 #include <openssl/err.h>
77 #ifdef HAVE_OPENSSL_RIJNDAEL_H
78 #include <openssl/rijndael.h>
79 #else
80 #include "rijndael-api-fst.h"
81 #endif
82 #ifdef HAVE_OPENSSL_SHA2_H
83 #include <openssl/sha2.h>
84 #else
85 #include "sha2.h"
86 #endif
87
88 #include "var.h"
89 #include "misc.h"
90 #include "vmbuf.h"
91 #include "plog.h"
92 #include "crypto_openssl.h"
93 #include "debug.h"
94 #include "gcmalloc.h"
95
96 /*
97 * I hate to cast every parameter to des_xx into void *, but it is
98 * necessary for SSLeay/OpenSSL portability. It sucks.
99 */
100
101 #ifdef HAVE_SIGNING_C
102 static int cb_check_cert __P((int, X509_STORE_CTX *));
103 static void eay_setgentype __P((char *, int *));
104 static X509 *mem2x509 __P((vchar_t *));
105 #endif
106
107 static caddr_t eay_hmac_init __P((vchar_t *, const EVP_MD *));
108
109 #ifdef HAVE_SIGNING_C
110 /* X509 Certificate */
111 /*
112 * convert the string of the subject name into DER
113 * e.g. str = "C=JP, ST=Kanagawa";
114 */
115 vchar_t *
116 eay_str2asn1dn(str, len)
117 char *str;
118 int len;
119 {
120 X509_NAME *name;
121 char *buf;
122 char *field, *value;
123 int i, j;
124 vchar_t *ret;
125 caddr_t p;
126
127 buf = racoon_malloc(len + 1);
128 if (!buf) {
129 printf("failed to allocate buffer\n");
130 return NULL;
131 }
132 memcpy(buf, str, len);
133
134 name = X509_NAME_new();
135
136 field = &buf[0];
137 value = NULL;
138 for (i = 0; i < len; i++) {
139 if (!value && buf[i] == '=') {
140 buf[i] = '\0';
141 value = &buf[i + 1];
142 continue;
143 } else if (buf[i] == ',' || buf[i] == '/') {
144 buf[i] = '\0';
145 #if 0
146 printf("[%s][%s]\n", field, value);
147 #endif
148 if (!X509_NAME_add_entry_by_txt(name, field,
149 MBSTRING_ASC, value, -1, -1, 0))
150 goto err;
151 for (j = i + 1; j < len; j++) {
152 if (buf[j] != ' ')
153 break;
154 }
155 field = &buf[j];
156 value = NULL;
157 continue;
158 }
159 }
160 buf[len] = '\0';
161 #if 0
162 printf("[%s][%s]\n", field, value);
163 #endif
164 if (!X509_NAME_add_entry_by_txt(name, field,
165 MBSTRING_ASC, value, -1, -1, 0))
166 goto err;
167
168 i = i2d_X509_NAME(name, NULL);
169 if (!i)
170 goto err;
171 ret = vmalloc(i);
172 if (!ret)
173 goto err;
174 p = ret->v;
175 i = i2d_X509_NAME(name, (unsigned char **)&p);
176 if (!i)
177 goto err;
178
179 return ret;
180
181 err:
182 if (buf)
183 racoon_free(buf);
184 if (name)
185 X509_NAME_free(name);
186 return NULL;
187 }
188
189 /*
190 * compare two subjectNames.
191 * OUT: 0: equal
192 * positive:
193 * -1: other error.
194 */
195 int
196 eay_cmp_asn1dn(n1, n2)
197 vchar_t *n1, *n2;
198 {
199 X509_NAME *a = NULL, *b = NULL;
200 caddr_t p;
201 int i = -1;
202
203 p = n1->v;
204 if (!d2i_X509_NAME(&a, (unsigned char **)&p, n1->l))
205 goto end;
206 p = n2->v;
207 if (!d2i_X509_NAME(&b, (unsigned char **)&p, n2->l))
208 goto end;
209
210 i = X509_NAME_cmp(a, b);
211
212 end:
213 if (a)
214 X509_NAME_free(a);
215 if (b)
216 X509_NAME_free(b);
217 return i;
218 }
219
220 /*
221 * this functions is derived from apps/verify.c in OpenSSL0.9.5
222 */
223 int
224 eay_check_x509cert(cert, CApath)
225 vchar_t *cert;
226 char *CApath;
227 {
228 X509_STORE *cert_ctx = NULL;
229 X509_LOOKUP *lookup = NULL;
230 X509 *x509 = NULL;
231 #if OPENSSL_VERSION_NUMBER >= 0x00905100L
232 X509_STORE_CTX *csc;
233 #else
234 X509_STORE_CTX csc;
235 #endif
236 int error = -1;
237
238 /* XXX define only functions required. */
239 #if OPENSSL_VERSION_NUMBER >= 0x00905100L
240 OpenSSL_add_all_algorithms();
241 #else
242 SSLeay_add_all_algorithms();
243 #endif
244
245 cert_ctx = X509_STORE_new();
246 if (cert_ctx == NULL)
247 goto end;
248 X509_STORE_set_verify_cb_func(cert_ctx, cb_check_cert);
249
250 lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file());
251 if (lookup == NULL)
252 goto end;
253 X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT); /* XXX */
254
255 lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_hash_dir());
256 if (lookup == NULL)
257 goto end;
258 error = X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM);
259 if(!error) {
260 error = -1;
261 goto end;
262 }
263 error = -1; /* initialized */
264
265 /* read the certificate to be verified */
266 x509 = mem2x509(cert);
267 if (x509 == NULL)
268 goto end;
269
270 #if OPENSSL_VERSION_NUMBER >= 0x00905100L
271 csc = X509_STORE_CTX_new();
272 if (csc == NULL)
273 goto end;
274 X509_STORE_CTX_init(csc, cert_ctx, x509, NULL);
275 error = X509_verify_cert(csc);
276 X509_STORE_CTX_cleanup(csc);
277 #else
278 X509_STORE_CTX_init(&csc, cert_ctx, x509, NULL);
279 error = X509_verify_cert(&csc);
280 X509_STORE_CTX_cleanup(&csc);
281 #endif
282
283 /*
284 * if x509_verify_cert() is successful then the value of error is
285 * set non-zero.
286 */
287 error = error ? 0 : -1;
288
289 end:
290 if (error)
291 printf("%s\n", eay_strerror());
292 if (cert_ctx != NULL)
293 X509_STORE_free(cert_ctx);
294 if (x509 != NULL)
295 X509_free(x509);
296
297 return(error);
298 }
299
300 /*
301 * callback function for verifing certificate.
302 * this function is derived from cb() in openssl/apps/s_server.c
303 */
304 static int
305 cb_check_cert(ok, ctx)
306 int ok;
307 X509_STORE_CTX *ctx;
308 {
309 char buf[256];
310 int log_tag;
311
312 if (!ok) {
313 X509_NAME_oneline(
314 X509_get_subject_name(ctx->current_cert),
315 buf,
316 256);
317 /*
318 * since we are just checking the certificates, it is
319 * ok if they are self signed. But we should still warn
320 * the user.
321 */
322 switch (ctx->error) {
323 case X509_V_ERR_CERT_HAS_EXPIRED:
324 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
325 #if OPENSSL_VERSION_NUMBER >= 0x00905100L
326 case X509_V_ERR_INVALID_CA:
327 case X509_V_ERR_PATH_LENGTH_EXCEEDED:
328 case X509_V_ERR_INVALID_PURPOSE:
329 #endif
330 ok = 1;
331 log_tag = LLV_WARNING;
332 break;
333 default:
334 log_tag = LLV_ERROR;
335 }
336 #ifndef EAYDEBUG
337 plog(log_tag, LOCATION, NULL,
338 "%s(%d) at depth:%d SubjectName:%s\n",
339 X509_verify_cert_error_string(ctx->error),
340 ctx->error,
341 ctx->error_depth,
342 buf);
343 #else
344 printf("%d: %s(%d) at depth:%d SubjectName:%s\n",
345 log_tag,
346 X509_verify_cert_error_string(ctx->error),
347 ctx->error,
348 ctx->error_depth,
349 buf);
350 #endif
351 }
352 ERR_clear_error();
353
354 return ok;
355 }
356
357 /*
358 * get a subjectAltName from X509 certificate.
359 */
360 vchar_t *
361 eay_get_x509asn1subjectname(cert)
362 vchar_t *cert;
363 {
364 X509 *x509 = NULL;
365 u_char *bp;
366 vchar_t *name = NULL;
367 int len;
368 int error = -1;
369
370 bp = cert->v;
371
372 x509 = mem2x509(cert);
373 if (x509 == NULL)
374 goto end;
375
376 /* get the length of the name */
377 len = i2d_X509_NAME(x509->cert_info->subject, NULL);
378 name = vmalloc(len);
379 if (!name)
380 goto end;
381 /* get the name */
382 bp = name->v;
383 len = i2d_X509_NAME(x509->cert_info->subject, &bp);
384
385 error = 0;
386
387 end:
388 if (error) {
389 #ifndef EAYDEBUG
390 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
391 #else
392 printf("%s\n", eay_strerror());
393 #endif
394 if (name) {
395 vfree(name);
396 name = NULL;
397 }
398 }
399 if (x509)
400 X509_free(x509);
401
402 return name;
403 }
404
405 /*
406 * get the subjectAltName from X509 certificate.
407 * the name is terminated by '\0'.
408 */
409 #include <openssl/x509v3.h>
410 int
411 eay_get_x509subjectaltname(cert, altname, type, pos)
412 vchar_t *cert;
413 char **altname;
414 int *type;
415 int pos;
416 {
417 X509 *x509 = NULL;
418 X509_EXTENSION *ext;
419 X509V3_EXT_METHOD *method = NULL;
420 STACK_OF(GENERAL_NAME) *name;
421 CONF_VALUE *cval = NULL;
422 STACK_OF(CONF_VALUE) *nval = NULL;
423 u_char *bp;
424 int i, len;
425 int error = -1;
426
427 *altname = NULL;
428 *type = GENT_OTHERNAME;
429
430 bp = cert->v;
431
432 x509 = mem2x509(cert);
433 if (x509 == NULL)
434 goto end;
435
436 i = X509_get_ext_by_NID(x509, NID_subject_alt_name, -1);
437 if (i < 0)
438 goto end;
439 ext = X509_get_ext(x509, i);
440 method = X509V3_EXT_get(ext);
441 if(!method)
442 goto end;
443
444 bp = ext->value->data;
445 name = method->d2i(NULL, &bp, ext->value->length);
446 if(!name)
447 goto end;
448
449 nval = method->i2v(method, name, NULL);
450 method->ext_free(name);
451 name = NULL;
452 if(!nval)
453 goto end;
454
455 for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
456 /* skip the name */
457 if (i + 1 != pos)
458 continue;
459 cval = sk_CONF_VALUE_value(nval, i);
460 len = strlen(cval->value) + 1; /* '\0' included */
461 *altname = racoon_malloc(len);
462 if (!*altname) {
463 sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
464 goto end;
465 }
466 strlcpy(*altname, cval->value, len);
467
468 /* set type of the name */
469 eay_setgentype(cval->name, type);
470 }
471
472 sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
473
474 error = 0;
475
476 end:
477 if (error) {
478 if (*altname) {
479 racoon_free(*altname);
480 *altname = NULL;
481 }
482 #ifndef EAYDEBUG
483 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
484 #else
485 printf("%s\n", eay_strerror());
486 #endif
487 }
488 if (x509)
489 X509_free(x509);
490
491 return error;
492 }
493
494 static void
495 eay_setgentype(name, type)
496 char *name;
497 int *type;
498 {
499 /* XXX It's needed effective code */
500 if(!memcmp(name, "email", strlen("email"))) {
501 *type = GENT_EMAIL;
502 } else if(!memcmp(name, "URI", strlen("URI"))) {
503 *type = GENT_URI;
504 } else if(!memcmp(name, "DNS", strlen("DNS"))) {
505 *type = GENT_DNS;
506 } else if(!memcmp(name, "RID", strlen("RID"))) {
507 *type = GENT_RID;
508 } else if(!memcmp(name, "IP", strlen("IP"))) {
509 *type = GENT_IPADD;
510 } else {
511 *type = GENT_OTHERNAME;
512 }
513 }
514
515 /*
516 * decode a X509 certificate and make a readable text terminated '\n'.
517 * return the buffer allocated, so must free it later.
518 */
519 char *
520 eay_get_x509text(cert)
521 vchar_t *cert;
522 {
523 X509 *x509 = NULL;
524 BIO *bio = NULL;
525 char *text = NULL;
526 u_char *bp = NULL;
527 int len = 0;
528 int error = -1;
529
530 x509 = mem2x509(cert);
531 if (x509 == NULL)
532 goto end;
533
534 bio = BIO_new(BIO_s_mem());
535 if (bio == NULL)
536 goto end;
537
538 error = X509_print(bio, x509);
539 if (error != 1) {
540 error = -1;
541 goto end;
542 }
543
544 len = BIO_get_mem_data(bio, &bp);
545 text = racoon_malloc(len + 1);
546 if (text == NULL)
547 goto end;
548 memcpy(text, bp, len);
549 text[len] = '\0';
550
551 error = 0;
552
553 end:
554 if (error) {
555 if (text) {
556 racoon_free(text);
557 text = NULL;
558 }
559 #ifndef EAYDEBUG
560 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
561 #else
562 printf("%s\n", eay_strerror());
563 #endif
564 }
565 if (bio)
566 BIO_free(bio);
567 if (x509)
568 X509_free(x509);
569
570 return text;
571 }
572
573 /* get X509 structure from buffer. */
574 static X509 *
575 mem2x509(cert)
576 vchar_t *cert;
577 {
578 X509 *x509;
579
580 #ifndef EAYDEBUG
581 {
582 u_char *bp;
583
584 bp = cert->v;
585
586 x509 = d2i_X509(NULL, &bp, cert->l);
587 }
588 #else
589 {
590 BIO *bio;
591 int len;
592
593 bio = BIO_new(BIO_s_mem());
594 if (bio == NULL)
595 return NULL;
596 len = BIO_write(bio, cert->v, cert->l);
597 if (len == -1)
598 return NULL;
599 x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
600 BIO_free(bio);
601 }
602 #endif
603 return x509;
604 }
605
606 /*
607 * get a X509 certificate from local file.
608 * a certificate must be PEM format.
609 * Input:
610 * path to a certificate.
611 * Output:
612 * NULL if error occured
613 * other is the cert.
614 */
615 vchar_t *
616 eay_get_x509cert(path)
617 char *path;
618 {
619 FILE *fp;
620 X509 *x509;
621 vchar_t *cert;
622 u_char *bp;
623 int len;
624 int error;
625
626 /* Read private key */
627 fp = fopen(path, "r");
628 if (fp == NULL)
629 return NULL;
630 #if OPENSSL_VERSION_NUMBER >= 0x00904100L
631 x509 = PEM_read_X509(fp, NULL, NULL, NULL);
632 #else
633 x509 = PEM_read_X509(fp, NULL, NULL);
634 #endif
635 fclose (fp);
636
637 if (x509 == NULL)
638 return NULL;
639
640 len = i2d_X509(x509, NULL);
641 cert = vmalloc(len);
642 if (cert == NULL) {
643 X509_free(x509);
644 return NULL;
645 }
646 bp = cert->v;
647 error = i2d_X509(x509, &bp);
648 X509_free(x509);
649
650 if (error == 0)
651 return NULL;
652
653 return cert;
654 }
655
656 /*
657 * sign a souce by X509 signature.
658 * XXX: to be get hash type from my cert ?
659 * to be handled EVP_dss().
660 */
661 vchar_t *
662 eay_get_x509sign(source, privkey, cert)
663 vchar_t *source;
664 vchar_t *privkey;
665 vchar_t *cert;
666 {
667 vchar_t *sig = NULL;
668
669 sig = eay_rsa_sign(source, privkey);
670
671 return sig;
672 }
673
674 /*
675 * check a X509 signature
676 * XXX: to be get hash type from my cert ?
677 * to be handled EVP_dss().
678 * OUT: return -1 when error.
679 * 0
680 */
681 int
682 eay_check_x509sign(source, sig, cert)
683 vchar_t *source;
684 vchar_t *sig;
685 vchar_t *cert;
686 {
687 X509 *x509;
688 u_char *bp;
689 vchar_t pubkey;
690
691 bp = cert->v;
692
693 x509 = d2i_X509(NULL, &bp, cert->l);
694 if (x509 == NULL) {
695 #ifndef EAYDEBUG
696 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
697 #endif
698 return -1;
699 }
700
701 pubkey.v = x509->cert_info->key->public_key->data;
702 pubkey.l = x509->cert_info->key->public_key->length;
703
704 return eay_rsa_verify(source, sig, &pubkey);
705 }
706
707 /*
708 * check a signature by signed with PKCS7 certificate.
709 * XXX: to be get hash type from my cert ?
710 * to be handled EVP_dss().
711 * OUT: return -1 when error.
712 * 0
713 */
714 int
715 eay_check_pkcs7sign(source, sig, cert)
716 vchar_t *source;
717 vchar_t *sig;
718 vchar_t *cert;
719 {
720 X509 *x509;
721 EVP_MD_CTX md_ctx;
722 EVP_PKEY *evp;
723 int error;
724 BIO *bio = BIO_new(BIO_s_mem());
725 char *bp;
726
727 if (bio == NULL)
728 return -1;
729 error = BIO_write(bio, cert->v, cert->l);
730 if (error != cert->l)
731 return -1;
732
733 bp = cert->v;
734 x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
735 BIO_free(bio);
736 if (x509 == NULL)
737 return -1;
738
739 evp = X509_get_pubkey(x509);
740 X509_free(x509);
741 if (evp == NULL)
742 return -1;
743
744 /* Verify the signature */
745 /* XXX: to be handled EVP_dss() */
746 EVP_VerifyInit(&md_ctx, EVP_sha1());
747 EVP_VerifyUpdate(&md_ctx, source->v, source->l);
748 error = EVP_VerifyFinal(&md_ctx, sig->v, sig->l, evp);
749
750 EVP_PKEY_free(evp);
751
752 if (error != 1)
753 return -1;
754
755 return 0;
756 }
757
758 /*
759 * get PKCS#1 Private Key of PEM format from local file.
760 */
761 vchar_t *
762 eay_get_pkcs1privkey(path)
763 char *path;
764 {
765 FILE *fp;
766 EVP_PKEY *evp = NULL;
767 vchar_t *pkey = NULL;
768 u_char *bp;
769 int pkeylen;
770 int error = -1;
771
772 /* Read private key */
773 fp = fopen(path, "r");
774 if (fp == NULL)
775 return NULL;
776
777 #if OPENSSL_VERSION_NUMBER >= 0x00904100L
778 evp = PEM_read_PrivateKey(fp, NULL, NULL, NULL);
779 #else
780 evp = PEM_read_PrivateKey(fp, NULL, NULL);
781 #endif
782 fclose (fp);
783
784 if (evp == NULL)
785 return NULL;
786
787 pkeylen = i2d_PrivateKey(evp, NULL);
788 if (pkeylen == 0)
789 goto end;
790 pkey = vmalloc(pkeylen);
791 if (pkey == NULL)
792 goto end;
793 bp = pkey->v;
794 pkeylen = i2d_PrivateKey(evp, &bp);
795 if (pkeylen == 0)
796 goto end;
797
798 error = 0;
799
800 end:
801 if (evp != NULL)
802 EVP_PKEY_free(evp);
803 if (error != 0 && pkey != NULL) {
804 vfree(pkey);
805 pkey = NULL;
806 }
807
808 return pkey;
809 }
810
811 /*
812 * get PKCS#1 Public Key of PEM format from local file.
813 */
814 vchar_t *
815 eay_get_pkcs1pubkey(path)
816 char *path;
817 {
818 FILE *fp;
819 EVP_PKEY *evp = NULL;
820 vchar_t *pkey = NULL;
821 X509 *x509 = NULL;
822 u_char *bp;
823 int pkeylen;
824 int error = -1;
825
826 /* Read private key */
827 fp = fopen(path, "r");
828 if (fp == NULL)
829 return NULL;
830
831 #if OPENSSL_VERSION_NUMBER >= 0x00904100L
832 x509 = PEM_read_X509(fp, NULL, NULL, NULL);
833 #else
834 x509 = PEM_read_X509(fp, NULL, NULL);
835 #endif
836 fclose (fp);
837
838 if (x509 == NULL)
839 return NULL;
840
841 /* Get public key - eay */
842 evp = X509_get_pubkey(x509);
843 if (evp == NULL)
844 return NULL;
845
846 pkeylen = i2d_PublicKey(evp, NULL);
847 if (pkeylen == 0)
848 goto end;
849 pkey = vmalloc(pkeylen);
850 if (pkey == NULL)
851 goto end;
852 bp = pkey->v;
853 pkeylen = i2d_PublicKey(evp, &bp);
854 if (pkeylen == 0)
855 goto end;
856
857 error = 0;
858 end:
859 if (evp != NULL)
860 EVP_PKEY_free(evp);
861 if (error != 0 && pkey != NULL) {
862 vfree(pkey);
863 pkey = NULL;
864 }
865
866 return pkey;
867 }
868 #endif
869
870 vchar_t *
871 eay_rsa_sign(src, privkey)
872 vchar_t *src, *privkey;
873 {
874 EVP_PKEY *evp;
875 u_char *bp = privkey->v;
876 vchar_t *sig = NULL;
877 int len;
878 int pad = RSA_PKCS1_PADDING;
879
880 /* XXX to be handled EVP_PKEY_DSA */
881 evp = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &bp, privkey->l);
882 if (evp == NULL)
883 return NULL;
884
885 /* XXX: to be handled EVP_dss() */
886 /* XXX: Where can I get such parameters ? From my cert ? */
887
888 len = RSA_size(evp->pkey.rsa);
889
890 sig = vmalloc(len);
891 if (sig == NULL)
892 return NULL;
893
894 len = RSA_private_encrypt(src->l, src->v, sig->v, evp->pkey.rsa, pad);
895 EVP_PKEY_free(evp);
896 if (len == 0 || len != sig->l) {
897 vfree(sig);
898 sig = NULL;
899 }
900
901 return sig;
902 }
903
904 int
905 eay_rsa_verify(src, sig, pubkey)
906 vchar_t *src, *sig, *pubkey;
907 {
908 EVP_PKEY *evp;
909 u_char *bp = pubkey->v;
910 vchar_t *xbuf = NULL;
911 int pad = RSA_PKCS1_PADDING;
912 int len = 0;
913 int error;
914
915 evp = d2i_PUBKEY(NULL, &bp, pubkey->l);
916 if (evp == NULL)
917 #ifndef EAYDEBUG
918 return NULL;
919 #endif
920
921 len = RSA_size(evp->pkey.rsa);
922
923 xbuf = vmalloc(len);
924 if (xbuf == NULL) {
925 #ifndef EAYDEBUG
926 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
927 #endif
928 EVP_PKEY_free(evp);
929 return -1;
930 }
931
932 len = RSA_public_decrypt(sig->l, sig->v, xbuf->v, evp->pkey.rsa, pad);
933 #ifndef EAYDEBUG
934 if (len == 0 || len != src->l)
935 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
936 #endif
937 EVP_PKEY_free(evp);
938 if (len == 0 || len != src->l) {
939 vfree(xbuf);
940 return -1;
941 }
942
943 error = memcmp(src->v, xbuf->v, src->l);
944 vfree(xbuf);
945 if (error != 0)
946 return -1;
947
948 return 0;
949 }
950
951 /*
952 * get error string
953 * MUST load ERR_load_crypto_strings() first.
954 */
955 char *
956 eay_strerror()
957 {
958 static char ebuf[512];
959 int len = 0, n;
960 unsigned long l;
961 char buf[200];
962 #if OPENSSL_VERSION_NUMBER >= 0x00904100L
963 const char *file, *data;
964 #else
965 char *file, *data;
966 #endif
967 int line, flags;
968 unsigned long es;
969
970 es = CRYPTO_thread_id();
971
972 while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0){
973 n = snprintf(ebuf + len, sizeof(ebuf) - len,
974 "%lu:%s:%s:%d:%s ",
975 es, ERR_error_string(l, buf), file, line,
976 (flags & ERR_TXT_STRING) ? data : "");
977 if (n < 0 || n >= sizeof(ebuf) - len)
978 break;
979 len += n;
980 if (sizeof(ebuf) < len)
981 break;
982 }
983
984 return ebuf;
985 }
986
987 void
988 eay_init_error()
989 {
990 ERR_load_crypto_strings();
991 }
992
993 /*
994 * DES-CBC
995 */
996 vchar_t *
997 eay_des_encrypt(data, key, iv)
998 vchar_t *data, *key, *iv;
999 {
1000 vchar_t *res;
1001 des_key_schedule ks;
1002
1003 if (des_key_sched((void *)key->v, ks) != 0)
1004 return NULL;
1005
1006 /* allocate buffer for result */
1007 if ((res = vmalloc(data->l)) == NULL)
1008 return NULL;
1009
1010 /* decryption data */
1011 des_cbc_encrypt((void *)data->v, (void *)res->v, data->l,
1012 ks, (void *)iv->v, DES_ENCRYPT);
1013
1014 return res;
1015 }
1016
1017 vchar_t *
1018 eay_des_decrypt(data, key, iv)
1019 vchar_t *data, *key, *iv;
1020 {
1021 vchar_t *res;
1022 des_key_schedule ks;
1023
1024 if (des_key_sched((void *)key->v, ks) != 0)
1025 return NULL;
1026
1027 /* allocate buffer for result */
1028 if ((res = vmalloc(data->l)) == NULL)
1029 return NULL;
1030
1031 /* decryption data */
1032 des_cbc_encrypt((void *)data->v, (void *)res->v, data->l,
1033 ks, (void *)iv->v, DES_DECRYPT);
1034
1035 return res;
1036 }
1037
1038 int
1039 eay_des_weakkey(key)
1040 vchar_t *key;
1041 {
1042 return des_is_weak_key((void *)key->v);
1043 }
1044
1045 int
1046 eay_des_keylen(len)
1047 int len;
1048 {
1049 if (len != 0 && len != 64)
1050 return -1;
1051 return 64;
1052 }
1053
1054 #ifdef HAVE_OPENSSL_IDEA_H
1055 /*
1056 * IDEA-CBC
1057 */
1058 vchar_t *
1059 eay_idea_encrypt(data, key, iv)
1060 vchar_t *data, *key, *iv;
1061 {
1062 vchar_t *res;
1063 IDEA_KEY_SCHEDULE ks;
1064
1065 idea_set_encrypt_key(key->v, &ks);
1066
1067 /* allocate buffer for result */
1068 if ((res = vmalloc(data->l)) == NULL)
1069 return NULL;
1070
1071 /* decryption data */
1072 idea_cbc_encrypt(data->v, res->v, data->l,
1073 &ks, iv->v, IDEA_ENCRYPT);
1074
1075 return res;
1076 }
1077
1078 vchar_t *
1079 eay_idea_decrypt(data, key, iv)
1080 vchar_t *data, *key, *iv;
1081 {
1082 vchar_t *res;
1083 IDEA_KEY_SCHEDULE ks, dks;
1084
1085 idea_set_encrypt_key(key->v, &ks);
1086 idea_set_decrypt_key(&ks, &dks);
1087
1088 /* allocate buffer for result */
1089 if ((res = vmalloc(data->l)) == NULL)
1090 return NULL;
1091
1092 /* decryption data */
1093 idea_cbc_encrypt(data->v, res->v, data->l,
1094 &dks, iv->v, IDEA_DECRYPT);
1095
1096 return res;
1097 }
1098
1099 int
1100 eay_idea_weakkey(key)
1101 vchar_t *key;
1102 {
1103 return 0; /* XXX */
1104 }
1105
1106 int
1107 eay_idea_keylen(len)
1108 int len;
1109 {
1110 if (len != 0 && len != 128)
1111 return -1;
1112 return 128;
1113 }
1114 #endif
1115
1116 /*
1117 * BLOWFISH-CBC
1118 */
1119 vchar_t *
1120 eay_bf_encrypt(data, key, iv)
1121 vchar_t *data, *key, *iv;
1122 {
1123 vchar_t *res;
1124 BF_KEY ks;
1125
1126 BF_set_key(&ks, key->l, key->v);
1127
1128 /* allocate buffer for result */
1129 if ((res = vmalloc(data->l)) == NULL)
1130 return NULL;
1131
1132 /* decryption data */
1133 BF_cbc_encrypt(data->v, res->v, data->l,
1134 &ks, iv->v, BF_ENCRYPT);
1135
1136 return res;
1137 }
1138
1139 vchar_t *
1140 eay_bf_decrypt(data, key, iv)
1141 vchar_t *data, *key, *iv;
1142 {
1143 vchar_t *res;
1144 BF_KEY ks;
1145
1146 BF_set_key(&ks, key->l, key->v);
1147
1148 /* allocate buffer for result */
1149 if ((res = vmalloc(data->l)) == NULL)
1150 return NULL;
1151
1152 /* decryption data */
1153 BF_cbc_encrypt(data->v, res->v, data->l,
1154 &ks, iv->v, BF_DECRYPT);
1155
1156 return res;
1157 }
1158
1159 int
1160 eay_bf_weakkey(key)
1161 vchar_t *key;
1162 {
1163 return 0; /* XXX to be done. refer to RFC 2451 */
1164 }
1165
1166 int
1167 eay_bf_keylen(len)
1168 int len;
1169 {
1170 if (len == 0)
1171 return 448;
1172 if (len < 40 || len > 448)
1173 return -1;
1174 return (len + 7) / 8;
1175 }
1176
1177 #ifdef HAVE_OPENSSL_RC5_H
1178 /*
1179 * RC5-CBC
1180 */
1181 vchar_t *
1182 eay_rc5_encrypt(data, key, iv)
1183 vchar_t *data, *key, *iv;
1184 {
1185 vchar_t *res;
1186 RC5_32_KEY ks;
1187
1188 /* in RFC 2451, there is information about the number of round. */
1189 RC5_32_set_key(&ks, key->l, key->v, 16);
1190
1191 /* allocate buffer for result */
1192 if ((res = vmalloc(data->l)) == NULL)
1193 return NULL;
1194
1195 /* decryption data */
1196 RC5_32_cbc_encrypt(data->v, res->v, data->l,
1197 &ks, iv->v, RC5_ENCRYPT);
1198
1199 return res;
1200 }
1201
1202 vchar_t *
1203 eay_rc5_decrypt(data, key, iv)
1204 vchar_t *data, *key, *iv;
1205 {
1206 vchar_t *res;
1207 RC5_32_KEY ks;
1208
1209 /* in RFC 2451, there is information about the number of round. */
1210 RC5_32_set_key(&ks, key->l, key->v, 16);
1211
1212 /* allocate buffer for result */
1213 if ((res = vmalloc(data->l)) == NULL)
1214 return NULL;
1215
1216 /* decryption data */
1217 RC5_32_cbc_encrypt(data->v, res->v, data->l,
1218 &ks, iv->v, RC5_DECRYPT);
1219
1220 return res;
1221 }
1222
1223 int
1224 eay_rc5_weakkey(key)
1225 vchar_t *key;
1226 {
1227 return 0; /* No known weak keys when used with 16 rounds. */
1228
1229 }
1230
1231 int
1232 eay_rc5_keylen(len)
1233 int len;
1234 {
1235 if (len == 0)
1236 return 128;
1237 if (len < 40 || len > 2040)
1238 return -1;
1239 return (len + 7) / 8;
1240 }
1241 #endif
1242
1243 /*
1244 * 3DES-CBC
1245 */
1246 vchar_t *
1247 eay_3des_encrypt(data, key, iv)
1248 vchar_t *data, *key, *iv;
1249 {
1250 vchar_t *res;
1251 des_key_schedule ks1, ks2, ks3;
1252
1253 if (key->l < 24)
1254 return NULL;
1255
1256 if (des_key_sched((void *)key->v, ks1) != 0)
1257 return NULL;
1258 if (des_key_sched((void *)(key->v + 8), ks2) != 0)
1259 return NULL;
1260 if (des_key_sched((void *)(key->v + 16), ks3) != 0)
1261 return NULL;
1262
1263 /* allocate buffer for result */
1264 if ((res = vmalloc(data->l)) == NULL)
1265 return NULL;
1266
1267 /* decryption data */
1268 des_ede3_cbc_encrypt((void *)data->v, (void *)res->v, data->l,
1269 ks1, ks2, ks3, (void *)iv->v, DES_ENCRYPT);
1270
1271 return res;
1272 }
1273
1274 vchar_t *
1275 eay_3des_decrypt(data, key, iv)
1276 vchar_t *data, *key, *iv;
1277 {
1278 vchar_t *res;
1279 des_key_schedule ks1, ks2, ks3;
1280
1281 if (key->l < 24)
1282 return NULL;
1283
1284 if (des_key_sched((void *)key->v, ks1) != 0)
1285 return NULL;
1286 if (des_key_sched((void *)(key->v + 8), ks2) != 0)
1287 return NULL;
1288 if (des_key_sched((void *)(key->v + 16), ks3) != 0)
1289 return NULL;
1290
1291 /* allocate buffer for result */
1292 if ((res = vmalloc(data->l)) == NULL)
1293 return NULL;
1294
1295 /* decryption data */
1296 des_ede3_cbc_encrypt((void *)data->v, (void *)res->v, data->l,
1297 ks1, ks2, ks3, (void *)iv->v, DES_DECRYPT);
1298
1299 return res;
1300 }
1301
1302 int
1303 eay_3des_weakkey(key)
1304 vchar_t *key;
1305 {
1306 if (key->l < 24)
1307 return NULL;
1308
1309 return (des_is_weak_key((void *)key->v)
1310 || des_is_weak_key((void *)(key->v + 8))
1311 || des_is_weak_key((void *)(key->v + 16)));
1312 }
1313
1314 int
1315 eay_3des_keylen(len)
1316 int len;
1317 {
1318 if (len != 0 && len != 192)
1319 return -1;
1320 return 192;
1321 }
1322
1323 /*
1324 * CAST-CBC
1325 */
1326 vchar_t *
1327 eay_cast_encrypt(data, key, iv)
1328 vchar_t *data, *key, *iv;
1329 {
1330 vchar_t *res;
1331 CAST_KEY ks;
1332
1333 CAST_set_key(&ks, key->l, key->v);
1334
1335 /* allocate buffer for result */
1336 if ((res = vmalloc(data->l)) == NULL)
1337 return NULL;
1338
1339 /* decryption data */
1340 CAST_cbc_encrypt(data->v, res->v, data->l,
1341 &ks, iv->v, DES_ENCRYPT);
1342
1343 return res;
1344 }
1345
1346 vchar_t *
1347 eay_cast_decrypt(data, key, iv)
1348 vchar_t *data, *key, *iv;
1349 {
1350 vchar_t *res;
1351 CAST_KEY ks;
1352
1353 CAST_set_key(&ks, key->l, key->v);
1354
1355 /* allocate buffer for result */
1356 if ((res = vmalloc(data->l)) == NULL)
1357 return NULL;
1358
1359 /* decryption data */
1360 CAST_cbc_encrypt(data->v, res->v, data->l,
1361 &ks, iv->v, DES_DECRYPT);
1362
1363 return res;
1364 }
1365
1366 int
1367 eay_cast_weakkey(key)
1368 vchar_t *key;
1369 {
1370 return 0; /* No known weak keys. */
1371 }
1372
1373 int
1374 eay_cast_keylen(len)
1375 int len;
1376 {
1377 if (len == 0)
1378 return 128;
1379 if (len < 40 || len > 128)
1380 return -1;
1381 return (len + 7) / 8;
1382 }
1383
1384 /*
1385 * AES(RIJNDAEL)-CBC
1386 */
1387 vchar_t *
1388 eay_aes_encrypt(data, key, iv)
1389 vchar_t *data, *key, *iv;
1390 {
1391 vchar_t *res;
1392 keyInstance k;
1393 cipherInstance c;
1394
1395 memset(&k, 0, sizeof(k));
1396 if (rijndael_makeKey(&k, DIR_ENCRYPT, key->l << 3, key->v) < 0)
1397 return NULL;
1398
1399 /* allocate buffer for result */
1400 if ((res = vmalloc(data->l)) == NULL)
1401 return NULL;
1402
1403 /* encryption data */
1404 memset(&c, 0, sizeof(c));
1405 if (rijndael_cipherInit(&c, MODE_CBC, iv->v) < 0)
1406 return NULL;
1407 if (rijndael_blockEncrypt(&c, &k, data->v, data->l << 3, res->v) < 0)
1408 return NULL;
1409
1410 return res;
1411 }
1412
1413 vchar_t *
1414 eay_aes_decrypt(data, key, iv)
1415 vchar_t *data, *key, *iv;
1416 {
1417 vchar_t *res;
1418 keyInstance k;
1419 cipherInstance c;
1420
1421 memset(&k, 0, sizeof(k));
1422 if (rijndael_makeKey(&k, DIR_DECRYPT, key->l << 3, key->v) < 0)
1423 return NULL;
1424
1425 /* allocate buffer for result */
1426 if ((res = vmalloc(data->l)) == NULL)
1427 return NULL;
1428
1429 /* decryption data */
1430 memset(&c, 0, sizeof(c));
1431 if (rijndael_cipherInit(&c, MODE_CBC, iv->v) < 0)
1432 return NULL;
1433 if (rijndael_blockDecrypt(&c, &k, data->v, data->l << 3, res->v) < 0)
1434 return NULL;
1435
1436 return res;
1437 }
1438
1439 int
1440 eay_aes_weakkey(key)
1441 vchar_t *key;
1442 {
1443 return 0;
1444 }
1445
1446 int
1447 eay_aes_keylen(len)
1448 int len;
1449 {
1450 if (len == 0)
1451 return 128;
1452 if (len != 128 && len != 192 && len != 256)
1453 return -1;
1454 return len;
1455 }
1456
1457 /* for ipsec part */
1458 int
1459 eay_null_hashlen()
1460 {
1461 return 0;
1462 }
1463
1464 int
1465 eay_kpdk_hashlen()
1466 {
1467 return 0;
1468 }
1469
1470 int
1471 eay_twofish_keylen(len)
1472 int len;
1473 {
1474 if (len < 0 || len > 256)
1475 return -1;
1476 return len;
1477 }
1478
1479 int
1480 eay_null_keylen(len)
1481 int len;
1482 {
1483 return 0;
1484 }
1485
1486 /*
1487 * HMAC functions
1488 */
1489 static caddr_t
1490 eay_hmac_init(key, md)
1491 vchar_t *key;
1492 const EVP_MD *md;
1493 {
1494 HMAC_CTX *c = racoon_malloc(sizeof(*c));
1495
1496 HMAC_CTX_init(c);
1497 HMAC_Init(c, key->v, key->l, md);
1498
1499 return (caddr_t)c;
1500 }
1501
1502 /*
1503 * HMAC SHA2-512
1504 */
1505 vchar_t *
1506 eay_hmacsha2_512_one(key, data)
1507 vchar_t *key, *data;
1508 {
1509 vchar_t *res;
1510 caddr_t ctx;
1511
1512 ctx = eay_hmacsha2_512_init(key);
1513 eay_hmacsha2_512_update(ctx, data);
1514 res = eay_hmacsha2_512_final(ctx);
1515
1516 return(res);
1517 }
1518
1519 caddr_t
1520 eay_hmacsha2_512_init(key)
1521 vchar_t *key;
1522 {
1523 return eay_hmac_init(key, EVP_sha2_512());
1524 }
1525
1526 void
1527 eay_hmacsha2_512_update(c, data)
1528 caddr_t c;
1529 vchar_t *data;
1530 {
1531 HMAC_Update((HMAC_CTX *)c, data->v, data->l);
1532 }
1533
1534 vchar_t *
1535 eay_hmacsha2_512_final(c)
1536 caddr_t c;
1537 {
1538 vchar_t *res;
1539 unsigned int l;
1540
1541 if ((res = vmalloc(SHA512_DIGEST_LENGTH)) == 0)
1542 return NULL;
1543
1544 HMAC_Final((HMAC_CTX *)c, res->v, &l);
1545 res->l = l;
1546 HMAC_CTX_cleanup(c);
1547 (void)racoon_free(c);
1548
1549 if (SHA512_DIGEST_LENGTH != res->l) {
1550 #ifndef EAYDEBUG
1551 plog(LLV_ERROR, LOCATION, NULL,
1552 "hmac sha2_512 length mismatch %d.\n", res->l);
1553 #else
1554 printf("hmac sha2_512 length mismatch %d.\n", res->l);
1555 #endif
1556 vfree(res);
1557 return NULL;
1558 }
1559
1560 return(res);
1561 }
1562
1563 /*
1564 * HMAC SHA2-384
1565 */
1566 vchar_t *
1567 eay_hmacsha2_384_one(key, data)
1568 vchar_t *key, *data;
1569 {
1570 vchar_t *res;
1571 caddr_t ctx;
1572
1573 ctx = eay_hmacsha2_384_init(key);
1574 eay_hmacsha2_384_update(ctx, data);
1575 res = eay_hmacsha2_384_final(ctx);
1576
1577 return(res);
1578 }
1579
1580 caddr_t
1581 eay_hmacsha2_384_init(key)
1582 vchar_t *key;
1583 {
1584 return eay_hmac_init(key, EVP_sha2_384());
1585 }
1586
1587 void
1588 eay_hmacsha2_384_update(c, data)
1589 caddr_t c;
1590 vchar_t *data;
1591 {
1592 HMAC_Update((HMAC_CTX *)c, data->v, data->l);
1593 }
1594
1595 vchar_t *
1596 eay_hmacsha2_384_final(c)
1597 caddr_t c;
1598 {
1599 vchar_t *res;
1600 unsigned int l;
1601
1602 if ((res = vmalloc(SHA384_DIGEST_LENGTH)) == 0)
1603 return NULL;
1604
1605 HMAC_Final((HMAC_CTX *)c, res->v, &l);
1606 res->l = l;
1607 HMAC_CTX_cleanup(c);
1608 (void)racoon_free(c);
1609
1610 if (SHA384_DIGEST_LENGTH != res->l) {
1611 #ifndef EAYDEBUG
1612 plog(LLV_ERROR, LOCATION, NULL,
1613 "hmac sha2_384 length mismatch %d.\n", res->l);
1614 #else
1615 printf("hmac sha2_384 length mismatch %d.\n", res->l);
1616 #endif
1617 vfree(res);
1618 return NULL;
1619 }
1620
1621 return(res);
1622 }
1623
1624 /*
1625 * HMAC SHA2-256
1626 */
1627 vchar_t *
1628 eay_hmacsha2_256_one(key, data)
1629 vchar_t *key, *data;
1630 {
1631 vchar_t *res;
1632 caddr_t ctx;
1633
1634 ctx = eay_hmacsha2_256_init(key);
1635 eay_hmacsha2_256_update(ctx, data);
1636 res = eay_hmacsha2_256_final(ctx);
1637
1638 return(res);
1639 }
1640
1641 caddr_t
1642 eay_hmacsha2_256_init(key)
1643 vchar_t *key;
1644 {
1645 return eay_hmac_init(key, EVP_sha2_256());
1646 }
1647
1648 void
1649 eay_hmacsha2_256_update(c, data)
1650 caddr_t c;
1651 vchar_t *data;
1652 {
1653 HMAC_Update((HMAC_CTX *)c, data->v, data->l);
1654 }
1655
1656 vchar_t *
1657 eay_hmacsha2_256_final(c)
1658 caddr_t c;
1659 {
1660 vchar_t *res;
1661 unsigned int l;
1662
1663 if ((res = vmalloc(SHA256_DIGEST_LENGTH)) == 0)
1664 return NULL;
1665
1666 HMAC_Final((HMAC_CTX *)c, res->v, &l);
1667 res->l = l;
1668 HMAC_CTX_cleanup(c);
1669 (void)racoon_free(c);
1670
1671 if (SHA256_DIGEST_LENGTH != res->l) {
1672 #ifndef EAYDEBUG
1673 plog(LLV_ERROR, LOCATION, NULL,
1674 "hmac sha2_256 length mismatch %d.\n", res->l);
1675 #else
1676 printf("hmac sha2_256 length mismatch %d.\n", res->l);
1677 #endif
1678 vfree(res);
1679 return NULL;
1680 }
1681
1682 return(res);
1683 }
1684
1685 /*
1686 * HMAC SHA1
1687 */
1688 vchar_t *
1689 eay_hmacsha1_one(key, data)
1690 vchar_t *key, *data;
1691 {
1692 vchar_t *res;
1693 caddr_t ctx;
1694
1695 ctx = eay_hmacsha1_init(key);
1696 eay_hmacsha1_update(ctx, data);
1697 res = eay_hmacsha1_final(ctx);
1698
1699 return(res);
1700 }
1701
1702 caddr_t
1703 eay_hmacsha1_init(key)
1704 vchar_t *key;
1705 {
1706 return eay_hmac_init(key, EVP_sha1());
1707 }
1708
1709 void
1710 eay_hmacsha1_update(c, data)
1711 caddr_t c;
1712 vchar_t *data;
1713 {
1714 HMAC_Update((HMAC_CTX *)c, data->v, data->l);
1715 }
1716
1717 vchar_t *
1718 eay_hmacsha1_final(c)
1719 caddr_t c;
1720 {
1721 vchar_t *res;
1722 unsigned int l;
1723
1724 if ((res = vmalloc(SHA_DIGEST_LENGTH)) == 0)
1725 return NULL;
1726
1727 HMAC_Final((HMAC_CTX *)c, res->v, &l);
1728 res->l = l;
1729 HMAC_CTX_cleanup(c);
1730 (void)racoon_free(c);
1731
1732 if (SHA_DIGEST_LENGTH != res->l) {
1733 #ifndef EAYDEBUG
1734 plog(LLV_ERROR, LOCATION, NULL,
1735 "hmac sha1 length mismatch %d.\n", res->l);
1736 #else
1737 printf("hmac sha1 length mismatch %d.\n", res->l);
1738 #endif
1739 vfree(res);
1740 return NULL;
1741 }
1742
1743 return(res);
1744 }
1745
1746 /*
1747 * HMAC MD5
1748 */
1749 vchar_t *
1750 eay_hmacmd5_one(key, data)
1751 vchar_t *key, *data;
1752 {
1753 vchar_t *res;
1754 caddr_t ctx;
1755
1756 ctx = eay_hmacmd5_init(key);
1757 eay_hmacmd5_update(ctx, data);
1758 res = eay_hmacmd5_final(ctx);
1759
1760 return(res);
1761 }
1762
1763 caddr_t
1764 eay_hmacmd5_init(key)
1765 vchar_t *key;
1766 {
1767 return eay_hmac_init(key, EVP_md5());
1768 }
1769
1770 void
1771 eay_hmacmd5_update(c, data)
1772 caddr_t c;
1773 vchar_t *data;
1774 {
1775 HMAC_Update((HMAC_CTX *)c, data->v, data->l);
1776 }
1777
1778 vchar_t *
1779 eay_hmacmd5_final(c)
1780 caddr_t c;
1781 {
1782 vchar_t *res;
1783 unsigned int l;
1784
1785 if ((res = vmalloc(MD5_DIGEST_LENGTH)) == 0)
1786 return NULL;
1787
1788 HMAC_Final((HMAC_CTX *)c, res->v, &l);
1789 res->l = l;
1790 HMAC_CTX_cleanup(c);
1791 (void)racoon_free(c);
1792
1793 if (MD5_DIGEST_LENGTH != res->l) {
1794 #ifndef EAYDEBUG
1795 plog(LLV_ERROR, LOCATION, NULL,
1796 "hmac md5 length mismatch %d.\n", res->l);
1797 #else
1798 printf("hmac md5 length mismatch %d.\n", res->l);
1799 #endif
1800 vfree(res);
1801 return NULL;
1802 }
1803
1804 return(res);
1805 }
1806
1807 /*
1808 * SHA2-512 functions
1809 */
1810 caddr_t
1811 eay_sha2_512_init()
1812 {
1813 SHA512_CTX *c = racoon_malloc(sizeof(*c));
1814
1815 SHA512_Init(c);
1816
1817 return((caddr_t)c);
1818 }
1819
1820 void
1821 eay_sha2_512_update(c, data)
1822 caddr_t c;
1823 vchar_t *data;
1824 {
1825 SHA512_Update((SHA512_CTX *)c, data->v, data->l);
1826
1827 return;
1828 }
1829
1830 vchar_t *
1831 eay_sha2_512_final(c)
1832 caddr_t c;
1833 {
1834 vchar_t *res;
1835
1836 if ((res = vmalloc(SHA512_DIGEST_LENGTH)) == 0)
1837 return(0);
1838
1839 SHA512_Final(res->v, (SHA512_CTX *)c);
1840 (void)racoon_free(c);
1841
1842 return(res);
1843 }
1844
1845 vchar_t *
1846 eay_sha2_512_one(data)
1847 vchar_t *data;
1848 {
1849 caddr_t ctx;
1850 vchar_t *res;
1851
1852 ctx = eay_sha2_512_init();
1853 eay_sha2_512_update(ctx, data);
1854 res = eay_sha2_512_final(ctx);
1855
1856 return(res);
1857 }
1858
1859 int
1860 eay_sha2_512_hashlen()
1861 {
1862 return SHA512_DIGEST_LENGTH << 3;
1863 }
1864
1865 /*
1866 * SHA2-384 functions
1867 */
1868 caddr_t
1869 eay_sha2_384_init()
1870 {
1871 SHA384_CTX *c = racoon_malloc(sizeof(*c));
1872
1873 SHA384_Init(c);
1874
1875 return((caddr_t)c);
1876 }
1877
1878 void
1879 eay_sha2_384_update(c, data)
1880 caddr_t c;
1881 vchar_t *data;
1882 {
1883 SHA384_Update((SHA384_CTX *)c, data->v, data->l);
1884
1885 return;
1886 }
1887
1888 vchar_t *
1889 eay_sha2_384_final(c)
1890 caddr_t c;
1891 {
1892 vchar_t *res;
1893
1894 if ((res = vmalloc(SHA384_DIGEST_LENGTH)) == 0)
1895 return(0);
1896
1897 SHA384_Final(res->v, (SHA384_CTX *)c);
1898 (void)racoon_free(c);
1899
1900 return(res);
1901 }
1902
1903 vchar_t *
1904 eay_sha2_384_one(data)
1905 vchar_t *data;
1906 {
1907 caddr_t ctx;
1908 vchar_t *res;
1909
1910 ctx = eay_sha2_384_init();
1911 eay_sha2_384_update(ctx, data);
1912 res = eay_sha2_384_final(ctx);
1913
1914 return(res);
1915 }
1916
1917 int
1918 eay_sha2_384_hashlen()
1919 {
1920 return SHA384_DIGEST_LENGTH << 3;
1921 }
1922
1923 /*
1924 * SHA2-256 functions
1925 */
1926 caddr_t
1927 eay_sha2_256_init()
1928 {
1929 SHA256_CTX *c = racoon_malloc(sizeof(*c));
1930
1931 SHA256_Init(c);
1932
1933 return((caddr_t)c);
1934 }
1935
1936 void
1937 eay_sha2_256_update(c, data)
1938 caddr_t c;
1939 vchar_t *data;
1940 {
1941 SHA256_Update((SHA256_CTX *)c, data->v, data->l);
1942
1943 return;
1944 }
1945
1946 vchar_t *
1947 eay_sha2_256_final(c)
1948 caddr_t c;
1949 {
1950 vchar_t *res;
1951
1952 if ((res = vmalloc(SHA256_DIGEST_LENGTH)) == 0)
1953 return(0);
1954
1955 SHA256_Final(res->v, (SHA256_CTX *)c);
1956 (void)racoon_free(c);
1957
1958 return(res);
1959 }
1960
1961 vchar_t *
1962 eay_sha2_256_one(data)
1963 vchar_t *data;
1964 {
1965 caddr_t ctx;
1966 vchar_t *res;
1967
1968 ctx = eay_sha2_256_init();
1969 eay_sha2_256_update(ctx, data);
1970 res = eay_sha2_256_final(ctx);
1971
1972 return(res);
1973 }
1974
1975 int
1976 eay_sha2_256_hashlen()
1977 {
1978 return SHA256_DIGEST_LENGTH << 3;
1979 }
1980
1981 /*
1982 * SHA functions
1983 */
1984 caddr_t
1985 eay_sha1_init()
1986 {
1987 SHA_CTX *c = racoon_malloc(sizeof(*c));
1988
1989 SHA1_Init(c);
1990
1991 return((caddr_t)c);
1992 }
1993
1994 void
1995 eay_sha1_update(c, data)
1996 caddr_t c;
1997 vchar_t *data;
1998 {
1999 SHA1_Update((SHA_CTX *)c, data->v, data->l);
2000
2001 return;
2002 }
2003
2004 vchar_t *
2005 eay_sha1_final(c)
2006 caddr_t c;
2007 {
2008 vchar_t *res;
2009
2010 if ((res = vmalloc(SHA_DIGEST_LENGTH)) == 0)
2011 return(0);
2012
2013 SHA1_Final(res->v, (SHA_CTX *)c);
2014 (void)racoon_free(c);
2015
2016 return(res);
2017 }
2018
2019 vchar_t *
2020 eay_sha1_one(data)
2021 vchar_t *data;
2022 {
2023 caddr_t ctx;
2024 vchar_t *res;
2025
2026 ctx = eay_sha1_init();
2027 eay_sha1_update(ctx, data);
2028 res = eay_sha1_final(ctx);
2029
2030 return(res);
2031 }
2032
2033 int
2034 eay_sha1_hashlen()
2035 {
2036 return SHA_DIGEST_LENGTH << 3;
2037 }
2038
2039 /*
2040 * MD5 functions
2041 */
2042 caddr_t
2043 eay_md5_init()
2044 {
2045 MD5_CTX *c = racoon_malloc(sizeof(*c));
2046
2047 MD5_Init(c);
2048
2049 return((caddr_t)c);
2050 }
2051
2052 void
2053 eay_md5_update(c, data)
2054 caddr_t c;
2055 vchar_t *data;
2056 {
2057 MD5_Update((MD5_CTX *)c, data->v, data->l);
2058
2059 return;
2060 }
2061
2062 vchar_t *
2063 eay_md5_final(c)
2064 caddr_t c;
2065 {
2066 vchar_t *res;
2067
2068 if ((res = vmalloc(MD5_DIGEST_LENGTH)) == 0)
2069 return(0);
2070
2071 MD5_Final(res->v, (MD5_CTX *)c);
2072 (void)racoon_free(c);
2073
2074 return(res);
2075 }
2076
2077 vchar_t *
2078 eay_md5_one(data)
2079 vchar_t *data;
2080 {
2081 caddr_t ctx;
2082 vchar_t *res;
2083
2084 ctx = eay_md5_init();
2085 eay_md5_update(ctx, data);
2086 res = eay_md5_final(ctx);
2087
2088 return(res);
2089 }
2090
2091 int
2092 eay_md5_hashlen()
2093 {
2094 return MD5_DIGEST_LENGTH << 3;
2095 }
2096
2097 /*
2098 * eay_set_random
2099 * size: number of bytes.
2100 */
2101 vchar_t *
2102 eay_set_random(size)
2103 u_int32_t size;
2104 {
2105 BIGNUM *r = NULL;
2106 vchar_t *res = 0;
2107
2108 if ((r = BN_new()) == NULL)
2109 goto end;
2110 BN_rand(r, size * 8, 0, 0);
2111 eay_bn2v(&res, r);
2112
2113 end:
2114 if (r)
2115 BN_free(r);
2116 return(res);
2117 }
2118
2119 /* DH */
2120 int
2121 eay_dh_generate(prime, g, publen, pub, priv)
2122 vchar_t *prime, **pub, **priv;
2123 u_int publen;
2124 u_int32_t g;
2125 {
2126 BIGNUM *p = NULL;
2127 DH *dh = NULL;
2128 int error = -1;
2129
2130 /* initialize */
2131 /* pre-process to generate number */
2132 if (eay_v2bn(&p, prime) < 0)
2133 goto end;
2134
2135 if ((dh = DH_new()) == NULL)
2136 goto end;
2137 dh->p = p;
2138 p = NULL; /* p is now part of dh structure */
2139 dh->g = NULL;
2140 if ((dh->g = BN_new()) == NULL)
2141 goto end;
2142 if (!BN_set_word(dh->g, g))
2143 goto end;
2144
2145 if (publen != 0)
2146 dh->length = publen;
2147
2148 /* generate public and private number */
2149 if (!DH_generate_key(dh))
2150 goto end;
2151
2152 /* copy results to buffers */
2153 if (eay_bn2v(pub, dh->pub_key) < 0)
2154 goto end;
2155 if (eay_bn2v(priv, dh->priv_key) < 0) {
2156 vfree(*pub);
2157 goto end;
2158 }
2159
2160 error = 0;
2161
2162 end:
2163 if (dh != NULL)
2164 DH_free(dh);
2165 if (p != 0)
2166 BN_free(p);
2167 return(error);
2168 }
2169
2170 int
2171 eay_dh_compute(prime, g, pub, priv, pub2, key)
2172 vchar_t *prime, *pub, *priv, *pub2, **key;
2173 u_int32_t g;
2174 {
2175 BIGNUM *dh_pub = NULL;
2176 DH *dh = NULL;
2177 int l;
2178 caddr_t v = NULL;
2179 int error = -1;
2180
2181 /* make public number to compute */
2182 if (eay_v2bn(&dh_pub, pub2) < 0)
2183 goto end;
2184
2185 /* make DH structure */
2186 if ((dh = DH_new()) == NULL)
2187 goto end;
2188 if (eay_v2bn(&dh->p, prime) < 0)
2189 goto end;
2190 if (eay_v2bn(&dh->pub_key, pub) < 0)
2191 goto end;
2192 if (eay_v2bn(&dh->priv_key, priv) < 0)
2193 goto end;
2194 dh->length = pub2->l * 8;
2195
2196 dh->g = NULL;
2197 if ((dh->g = BN_new()) == NULL)
2198 goto end;
2199 if (!BN_set_word(dh->g, g))
2200 goto end;
2201
2202 if ((v = (caddr_t)racoon_calloc(prime->l, sizeof(u_char))) == NULL)
2203 goto end;
2204 if ((l = DH_compute_key(v, dh_pub, dh)) == -1)
2205 goto end;
2206 memcpy((*key)->v + (prime->l - l), v, l);
2207
2208 error = 0;
2209
2210 end:
2211 if (dh_pub != NULL)
2212 BN_free(dh_pub);
2213 if (dh != NULL)
2214 DH_free(dh);
2215 if (v != NULL)
2216 racoon_free(v);
2217 return(error);
2218 }
2219
2220 #if 1
2221 int
2222 eay_v2bn(bn, var)
2223 BIGNUM **bn;
2224 vchar_t *var;
2225 {
2226 if ((*bn = BN_bin2bn(var->v, var->l, NULL)) == NULL)
2227 return -1;
2228
2229 return 0;
2230 }
2231 #else
2232 /*
2233 * convert vchar_t <-> BIGNUM.
2234 *
2235 * vchar_t: unit is u_char, network endian, most significant byte first.
2236 * BIGNUM: unit is BN_ULONG, each of BN_ULONG is in host endian,
2237 * least significant BN_ULONG must come first.
2238 *
2239 * hex value of "0x3ffe050104" is represented as follows:
2240 * vchar_t: 3f fe 05 01 04
2241 * BIGNUM (BN_ULONG = u_int8_t): 04 01 05 fe 3f
2242 * BIGNUM (BN_ULONG = u_int16_t): 0x0104 0xfe05 0x003f
2243 * BIGNUM (BN_ULONG = u_int32_t_t): 0xfe050104 0x0000003f
2244 */
2245 int
2246 eay_v2bn(bn, var)
2247 BIGNUM **bn;
2248 vchar_t *var;
2249 {
2250 u_char *p;
2251 u_char *q;
2252 BN_ULONG *r;
2253 int l;
2254 BN_ULONG num;
2255
2256 *bn = BN_new();
2257 if (*bn == NULL)
2258 goto err;
2259 l = (var->l * 8 + BN_BITS2 - 1) / BN_BITS2;
2260 if (bn_expand(*bn, l * BN_BITS2) == NULL)
2261 goto err;
2262 (*bn)->top = l;
2263
2264 /* scan from least significant byte */
2265 p = (u_char *)var->v;
2266 q = (u_char *)(var->v + var->l);
2267 r = (*bn)->d;
2268 num = 0;
2269 l = 0;
2270 do {
2271 q--;
2272 num = num | ((BN_ULONG)*q << (l++ * 8));
2273 if (l == BN_BYTES) {
2274 *r++ = num;
2275 num = 0;
2276 l = 0;
2277 }
2278 } while (p < q);
2279 if (l)
2280 *r = num;
2281 return 0;
2282
2283 err:
2284 if (*bn)
2285 BN_free(*bn);
2286 return -1;
2287 }
2288 #endif
2289
2290 int
2291 eay_bn2v(var, bn)
2292 vchar_t **var;
2293 BIGNUM *bn;
2294 {
2295 *var = vmalloc(bn->top * BN_BYTES);
2296 if (*var == NULL)
2297 return(-1);
2298
2299 (*var)->l = BN_bn2bin(bn, (*var)->v);
2300
2301 return 0;
2302 }
2303
2304 const char *
2305 eay_version()
2306 {
2307 return SSLeay_version(SSLEAY_VERSION);
2308 }
mirror of network_cmds