]> git.saurik.com Git - apple/network_cmds.git/blob - racoon.tproj/crypto_openssl.c
projects / apple / network_cmds.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
network_cmds-176.4.1.tar.gz
[apple/network_cmds.git] / racoon.tproj / crypto_openssl.c
1 /* $KAME: crypto_openssl.c,v 1.73 2003/04/24 02:21:22 itojun Exp $ */
2
3 /*
4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the project nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 */
31
32 #include <sys/types.h>
33 #include <sys/param.h>
34
35 #include <stdlib.h>
36 #include <stdio.h>
37 #include <limits.h>
38 #include <string.h>
39
40 /* get openssl/ssleay version number */
41 #ifdef HAVE_OPENSSL_OPENSSLV_H
42 # include <openssl/opensslv.h>
43 #else
44 # error no opensslv.h found.
45 #endif
46
47 #ifndef OPENSSL_VERSION_NUMBER
48 #error OPENSSL_VERSION_NUMBER is not defined. OpenSSL0.9.4 or later required.
49 #endif
50
51 #ifdef HAVE_OPENSSL_PEM_H
52 #include <openssl/pem.h>
53 #endif
54 #ifdef HAVE_OPENSSL_EVP_H
55 #include <openssl/evp.h>
56 #endif
57 #ifdef HAVE_OPENSSL_X509_H
58 #include <openssl/x509.h>
59 #include <openssl/x509v3.h>
60 #include <openssl/x509_vfy.h>
61 #endif
62 #include <openssl/bn.h>
63 #include <openssl/dh.h>
64 #include <openssl/md5.h>
65 #include <openssl/sha.h>
66 #include <openssl/hmac.h>
67 #include <openssl/des.h>
68 #include <openssl/crypto.h>
69 #ifdef HAVE_OPENSSL_IDEA_H
70 #include <openssl/idea.h>
71 #endif
72 #include <openssl/blowfish.h>
73 #ifdef HAVE_OPENSSL_RC5_H
74 #include <openssl/rc5.h>
75 #endif
76 #include <openssl/cast.h>
77 #include <openssl/err.h>
78 #ifdef HAVE_OPENSSL_RIJNDAEL_H
79 #include <openssl/rijndael.h>
80 #else
81 #include "rijndael-api-fst.h"
82 #endif
83 #ifdef HAVE_OPENSSL_SHA2_H
84 #include <openssl/sha2.h>
85 #else
86 #include "sha2.h"
87 #endif
88
89 #include "var.h"
90 #include "misc.h"
91 #include "vmbuf.h"
92 #include "plog.h"
93 #include "crypto_openssl.h"
94 #include "debug.h"
95 #include "gcmalloc.h"
96
97 /*
98 * I hate to cast every parameter to des_xx into void *, but it is
99 * necessary for SSLeay/OpenSSL portability. It sucks.
100 */
101
102 #ifdef HAVE_SIGNING_C
103 static int cb_check_cert_local __P((int, X509_STORE_CTX *));
104 static int cb_check_cert_remote __P((int, X509_STORE_CTX *));
105 static void eay_setgentype __P((char *, int *));
106 static X509 *mem2x509 __P((vchar_t *));
107 #endif
108
109 static caddr_t eay_hmac_init __P((vchar_t *, const EVP_MD *));
110
111 #ifdef HAVE_SIGNING_C
112 /* X509 Certificate */
113 /*
114 * convert the string of the subject name into DER
115 * e.g. str = "C=JP, ST=Kanagawa";
116 */
117 vchar_t *
118 eay_str2asn1dn(str, len)
119 char *str;
120 int len;
121 {
122 X509_NAME *name;
123 char *buf;
124 char *field, *value;
125 int i, j;
126 vchar_t *ret;
127 caddr_t p;
128
129 buf = racoon_malloc(len + 1);
130 if (!buf) {
131 printf("failed to allocate buffer\n");
132 return NULL;
133 }
134 memcpy(buf, str, len);
135
136 name = X509_NAME_new();
137
138 field = &buf[0];
139 value = NULL;
140 for (i = 0; i < len; i++) {
141 if (!value && buf[i] == '=') {
142 buf[i] = '\0';
143 value = &buf[i + 1];
144 continue;
145 } else if (buf[i] == ',' || buf[i] == '/') {
146 buf[i] = '\0';
147 #if 0
148 printf("[%s][%s]\n", field, value);
149 #endif
150 if (!X509_NAME_add_entry_by_txt(name, field,
151 MBSTRING_ASC, value, -1, -1, 0))
152 goto err;
153 for (j = i + 1; j < len; j++) {
154 if (buf[j] != ' ')
155 break;
156 }
157 field = &buf[j];
158 value = NULL;
159 continue;
160 }
161 }
162 buf[len] = '\0';
163 #if 0
164 printf("[%s][%s]\n", field, value);
165 #endif
166 if (!X509_NAME_add_entry_by_txt(name, field,
167 MBSTRING_ASC, value, -1, -1, 0))
168 goto err;
169
170 i = i2d_X509_NAME(name, NULL);
171 if (!i)
172 goto err;
173 ret = vmalloc(i);
174 if (!ret)
175 goto err;
176 p = ret->v;
177 i = i2d_X509_NAME(name, (unsigned char **)&p);
178 if (!i)
179 goto err;
180
181 return ret;
182
183 err:
184 if (buf)
185 racoon_free(buf);
186 if (name)
187 X509_NAME_free(name);
188 return NULL;
189 }
190
191 /*
192 * compare two subjectNames.
193 * OUT: 0: equal
194 * positive:
195 * -1: other error.
196 */
197 int
198 eay_cmp_asn1dn(n1, n2)
199 vchar_t *n1, *n2;
200 {
201 X509_NAME *a = NULL, *b = NULL;
202 caddr_t p;
203 int i = -1;
204
205 p = n1->v;
206 if (!d2i_X509_NAME(&a, (unsigned char **)&p, n1->l))
207 goto end;
208 p = n2->v;
209 if (!d2i_X509_NAME(&b, (unsigned char **)&p, n2->l))
210 goto end;
211
212 i = X509_NAME_cmp(a, b);
213
214 end:
215 if (a)
216 X509_NAME_free(a);
217 if (b)
218 X509_NAME_free(b);
219 return i;
220 }
221
222 /*
223 * this functions is derived from apps/verify.c in OpenSSL0.9.5
224 */
225 int
226 eay_check_x509cert(cert, CApath, local)
227 vchar_t *cert;
228 char *CApath;
229 int local;
230 {
231 X509_STORE *cert_ctx = NULL;
232 X509_LOOKUP *lookup = NULL;
233 X509 *x509 = NULL;
234 #if OPENSSL_VERSION_NUMBER >= 0x00905100L
235 X509_STORE_CTX *csc;
236 #else
237 X509_STORE_CTX csc;
238 #endif
239 int error = -1;
240
241 /* XXX define only functions required. */
242 #if OPENSSL_VERSION_NUMBER >= 0x00905100L
243 OpenSSL_add_all_algorithms();
244 #else
245 SSLeay_add_all_algorithms();
246 #endif
247
248 cert_ctx = X509_STORE_new();
249 if (cert_ctx == NULL)
250 goto end;
251
252 if (local)
253 X509_STORE_set_verify_cb_func(cert_ctx, cb_check_cert_local);
254 else
255 X509_STORE_set_verify_cb_func(cert_ctx, cb_check_cert_remote);
256
257
258 lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file());
259 if (lookup == NULL)
260 goto end;
261 X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT); /* XXX */
262
263 lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_hash_dir());
264 if (lookup == NULL)
265 goto end;
266 error = X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM);
267 if(!error) {
268 error = -1;
269 goto end;
270 }
271 error = -1; /* initialized */
272
273 /* read the certificate to be verified */
274 x509 = mem2x509(cert);
275 if (x509 == NULL)
276 goto end;
277
278 #if OPENSSL_VERSION_NUMBER >= 0x00905100L
279 csc = X509_STORE_CTX_new();
280 if (csc == NULL)
281 goto end;
282 X509_STORE_CTX_init(csc, cert_ctx, x509, NULL);
283
284 #if OPENSSL_VERSION_NUMBER >= 0x00907000L
285 X509_STORE_CTX_set_flags(csc, X509_V_FLAG_CRL_CHECK);
286 X509_STORE_CTX_set_flags(csc, X509_V_FLAG_CRL_CHECK_ALL);
287 #endif
288
289 error = X509_verify_cert(csc);
290 X509_STORE_CTX_cleanup(csc);
291 #else
292 X509_STORE_CTX_init(&csc, cert_ctx, x509, NULL);
293 error = X509_verify_cert(&csc);
294 X509_STORE_CTX_cleanup(&csc);
295 #endif
296
297 /*
298 * if x509_verify_cert() is successful then the value of error is
299 * set non-zero.
300 */
301 error = error ? 0 : -1;
302
303 end:
304 if (error)
305 printf("%s\n", eay_strerror());
306 if (cert_ctx != NULL)
307 X509_STORE_free(cert_ctx);
308 if (x509 != NULL)
309 X509_free(x509);
310
311 return(error);
312 }
313
314 /*
315 * callback function for verifing certificate.
316 * Derived from cb() in openssl/apps/s_server.c
317 *
318 * This one is called for certificates obtained from
319 * 'peers_certfile' directive.
320 */
321 static int
322 cb_check_cert_local(ok, ctx)
323 int ok;
324 X509_STORE_CTX *ctx;
325 {
326 char buf[256];
327 int log_tag;
328
329 if (!ok) {
330 X509_NAME_oneline(
331 X509_get_subject_name(ctx->current_cert),
332 buf,
333 256);
334 /*
335 * since we are just checking the certificates, it is
336 * ok if they are self signed. But we should still warn
337 * the user.
338 */
339 switch (ctx->error) {
340 case X509_V_ERR_CERT_HAS_EXPIRED:
341 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
342 #if OPENSSL_VERSION_NUMBER >= 0x00905100L
343 case X509_V_ERR_INVALID_PURPOSE:
344 case X509_V_ERR_UNABLE_TO_GET_CRL:
345 #endif
346 ok = 1;
347 log_tag = LLV_WARNING;
348 break;
349
350 default:
351 log_tag = LLV_ERROR;
352 }
353
354
355 #ifndef EAYDEBUG
356 plog(log_tag, LOCATION, NULL,
357 "%s(%d) at depth:%d SubjectName:%s\n",
358 X509_verify_cert_error_string(ctx->error),
359 ctx->error,
360 ctx->error_depth,
361 buf);
362 #else
363 printf("%d: %s(%d) at depth:%d SubjectName:%s\n",
364 log_tag,
365 X509_verify_cert_error_string(ctx->error),
366 ctx->error,
367 ctx->error_depth,
368 buf);
369 #endif
370 }
371 ERR_clear_error();
372
373 return ok;
374 }
375
376 /*
377 * Similar to cb_check_cert_local() but this one is called
378 * for certificates obtained from the IKE payload.
379 */
380 static int
381 cb_check_cert_remote(ok, ctx)
382 int ok;
383 X509_STORE_CTX *ctx;
384 {
385 char buf[256];
386 int log_tag;
387
388 if (!ok) {
389 X509_NAME_oneline(
390 X509_get_subject_name(ctx->current_cert),
391 buf,
392 256);
393 switch (ctx->error) {
394 case X509_V_ERR_UNABLE_TO_GET_CRL:
395 ok = 1;
396 log_tag = LLV_WARNING;
397 break;
398 default:
399 log_tag = LLV_ERROR;
400 }
401 #ifndef EAYDEBUG
402 plog(log_tag, LOCATION, NULL,
403 "%s(%d) at depth:%d SubjectName:%s\n",
404 X509_verify_cert_error_string(ctx->error),
405 ctx->error,
406 ctx->error_depth,
407 buf);
408 #else
409 printf("%d: %s(%d) at depth:%d SubjectName:%s\n",
410 log_tag,
411 X509_verify_cert_error_string(ctx->error),
412 ctx->error,
413 ctx->error_depth,
414 buf);
415 #endif
416 }
417 ERR_clear_error();
418
419 return ok;
420 }
421
422 /*
423 * get a subjectAltName from X509 certificate.
424 */
425 vchar_t *
426 eay_get_x509asn1subjectname(cert)
427 vchar_t *cert;
428 {
429 X509 *x509 = NULL;
430 u_char *bp;
431 vchar_t *name = NULL;
432 int len;
433 int error = -1;
434
435 bp = cert->v;
436
437 x509 = mem2x509(cert);
438 if (x509 == NULL)
439 goto end;
440
441 /* get the length of the name */
442 len = i2d_X509_NAME(x509->cert_info->subject, NULL);
443 name = vmalloc(len);
444 if (!name)
445 goto end;
446 /* get the name */
447 bp = name->v;
448 len = i2d_X509_NAME(x509->cert_info->subject, &bp);
449
450 error = 0;
451
452 end:
453 if (error) {
454 #ifndef EAYDEBUG
455 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
456 #else
457 printf("%s\n", eay_strerror());
458 #endif
459 if (name) {
460 vfree(name);
461 name = NULL;
462 }
463 }
464 if (x509)
465 X509_free(x509);
466
467 return name;
468 }
469
470 /*
471 * get the subjectAltName from X509 certificate.
472 * the name is terminated by '\0'.
473 */
474 #include <openssl/x509v3.h>
475 int
476 eay_get_x509subjectaltname(cert, altname, type, pos)
477 vchar_t *cert;
478 char **altname;
479 int *type;
480 int pos;
481 {
482 X509 *x509 = NULL;
483 X509_EXTENSION *ext;
484 X509V3_EXT_METHOD *method = NULL;
485 STACK_OF(GENERAL_NAME) *name;
486 CONF_VALUE *cval = NULL;
487 STACK_OF(CONF_VALUE) *nval = NULL;
488 u_char *bp;
489 int i, len;
490 int error = -1;
491
492 *altname = NULL;
493 *type = GENT_OTHERNAME;
494
495 bp = cert->v;
496
497 x509 = mem2x509(cert);
498 if (x509 == NULL)
499 goto end;
500
501 i = X509_get_ext_by_NID(x509, NID_subject_alt_name, -1);
502 if (i < 0)
503 goto end;
504 ext = X509_get_ext(x509, i);
505 method = X509V3_EXT_get(ext);
506 if(!method)
507 goto end;
508
509 bp = ext->value->data;
510 name = method->d2i(NULL, &bp, ext->value->length);
511 if(!name)
512 goto end;
513
514 nval = method->i2v(method, name, NULL);
515 method->ext_free(name);
516 name = NULL;
517 if(!nval)
518 goto end;
519
520 for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
521 /* skip the name */
522 if (i + 1 != pos)
523 continue;
524 cval = sk_CONF_VALUE_value(nval, i);
525 len = strlen(cval->value) + 1; /* '\0' included */
526 *altname = racoon_malloc(len);
527 if (!*altname) {
528 sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
529 goto end;
530 }
531 strlcpy(*altname, cval->value, len);
532
533 /* set type of the name */
534 eay_setgentype(cval->name, type);
535 }
536
537 sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
538
539 error = 0;
540
541 end:
542 if (error) {
543 if (*altname) {
544 racoon_free(*altname);
545 *altname = NULL;
546 }
547 #ifndef EAYDEBUG
548 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
549 #else
550 printf("%s\n", eay_strerror());
551 #endif
552 }
553 if (x509)
554 X509_free(x509);
555
556 return error;
557 }
558
559 static void
560 eay_setgentype(name, type)
561 char *name;
562 int *type;
563 {
564 /* XXX It's needed effective code */
565 if(!memcmp(name, "email", strlen("email"))) {
566 *type = GENT_EMAIL;
567 } else if(!memcmp(name, "URI", strlen("URI"))) {
568 *type = GENT_URI;
569 } else if(!memcmp(name, "DNS", strlen("DNS"))) {
570 *type = GENT_DNS;
571 } else if(!memcmp(name, "RID", strlen("RID"))) {
572 *type = GENT_RID;
573 } else if(!memcmp(name, "IP", strlen("IP"))) {
574 *type = GENT_IPADD;
575 } else {
576 *type = GENT_OTHERNAME;
577 }
578 }
579
580 /*
581 * decode a X509 certificate and make a readable text terminated '\n'.
582 * return the buffer allocated, so must free it later.
583 */
584 char *
585 eay_get_x509text(cert)
586 vchar_t *cert;
587 {
588 X509 *x509 = NULL;
589 BIO *bio = NULL;
590 char *text = NULL;
591 u_char *bp = NULL;
592 int len = 0;
593 int error = -1;
594
595 x509 = mem2x509(cert);
596 if (x509 == NULL)
597 goto end;
598
599 bio = BIO_new(BIO_s_mem());
600 if (bio == NULL)
601 goto end;
602
603 error = X509_print(bio, x509);
604 if (error != 1) {
605 error = -1;
606 goto end;
607 }
608
609 len = BIO_get_mem_data(bio, &bp);
610 text = racoon_malloc(len + 1);
611 if (text == NULL)
612 goto end;
613 memcpy(text, bp, len);
614 text[len] = '\0';
615
616 error = 0;
617
618 end:
619 if (error) {
620 if (text) {
621 racoon_free(text);
622 text = NULL;
623 }
624 #ifndef EAYDEBUG
625 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
626 #else
627 printf("%s\n", eay_strerror());
628 #endif
629 }
630 if (bio)
631 BIO_free(bio);
632 if (x509)
633 X509_free(x509);
634
635 return text;
636 }
637
638 /* get X509 structure from buffer. */
639 static X509 *
640 mem2x509(cert)
641 vchar_t *cert;
642 {
643 X509 *x509;
644
645 #ifndef EAYDEBUG
646 {
647 u_char *bp;
648
649 bp = cert->v;
650
651 x509 = d2i_X509(NULL, &bp, cert->l);
652 }
653 #else
654 {
655 BIO *bio;
656 int len;
657
658 bio = BIO_new(BIO_s_mem());
659 if (bio == NULL)
660 return NULL;
661 len = BIO_write(bio, cert->v, cert->l);
662 if (len == -1)
663 return NULL;
664 x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
665 BIO_free(bio);
666 }
667 #endif
668 return x509;
669 }
670
671 /*
672 * get a X509 certificate from local file.
673 * a certificate must be PEM format.
674 * Input:
675 * path to a certificate.
676 * Output:
677 * NULL if error occured
678 * other is the cert.
679 */
680 vchar_t *
681 eay_get_x509cert(path)
682 char *path;
683 {
684 FILE *fp;
685 X509 *x509;
686 vchar_t *cert;
687 u_char *bp;
688 int len;
689 int error;
690
691 /* Read private key */
692 fp = fopen(path, "r");
693 if (fp == NULL)
694 return NULL;
695 #if OPENSSL_VERSION_NUMBER >= 0x00904100L
696 x509 = PEM_read_X509(fp, NULL, NULL, NULL);
697 #else
698 x509 = PEM_read_X509(fp, NULL, NULL);
699 #endif
700 fclose (fp);
701
702 if (x509 == NULL)
703 return NULL;
704
705 len = i2d_X509(x509, NULL);
706 cert = vmalloc(len);
707 if (cert == NULL) {
708 X509_free(x509);
709 return NULL;
710 }
711 bp = cert->v;
712 error = i2d_X509(x509, &bp);
713 X509_free(x509);
714
715 if (error == 0)
716 return NULL;
717
718 return cert;
719 }
720
721 /*
722 * sign a souce by X509 signature.
723 * XXX: to be get hash type from my cert ?
724 * to be handled EVP_dss().
725 */
726 vchar_t *
727 eay_get_x509sign(source, privkey, cert)
728 vchar_t *source;
729 vchar_t *privkey;
730 vchar_t *cert;
731 {
732 vchar_t *sig = NULL;
733
734 sig = eay_rsa_sign(source, privkey);
735
736 return sig;
737 }
738
739 /*
740 * check a X509 signature
741 * XXX: to be get hash type from my cert ?
742 * to be handled EVP_dss().
743 * OUT: return -1 when error.
744 * 0
745 */
746 int
747 eay_check_x509sign(source, sig, cert)
748 vchar_t *source;
749 vchar_t *sig;
750 vchar_t *cert;
751 {
752 X509 *x509;
753 u_char *bp;
754 EVP_PKEY *evp;
755
756 bp = cert->v;
757
758 x509 = d2i_X509(NULL, &bp, cert->l);
759 if (x509 == NULL) {
760 #ifndef EAYDEBUG
761 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
762 #endif
763 return -1;
764 }
765
766 evp = X509_get_pubkey(x509);
767 if (!evp) {
768 #ifndef EAYDEBUG
769 plog(LLV_ERROR, LOCATION, NULL, "X509_get_pubkey: %s\n", eay_strerror());
770 #endif
771 return -1;
772 }
773
774 return eay_rsa_verify(source, sig, evp);
775 }
776
777 /*
778 * check a signature by signed with PKCS7 certificate.
779 * XXX: to be get hash type from my cert ?
780 * to be handled EVP_dss().
781 * OUT: return -1 when error.
782 * 0
783 */
784 int
785 eay_check_pkcs7sign(source, sig, cert)
786 vchar_t *source;
787 vchar_t *sig;
788 vchar_t *cert;
789 {
790 X509 *x509;
791 EVP_MD_CTX md_ctx;
792 EVP_PKEY *evp;
793 int error;
794 BIO *bio = BIO_new(BIO_s_mem());
795 char *bp;
796
797 if (bio == NULL)
798 return -1;
799 error = BIO_write(bio, cert->v, cert->l);
800 if (error != cert->l)
801 return -1;
802
803 bp = cert->v;
804 x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
805 BIO_free(bio);
806 if (x509 == NULL)
807 return -1;
808
809 evp = X509_get_pubkey(x509);
810 X509_free(x509);
811 if (evp == NULL)
812 return -1;
813
814 /* Verify the signature */
815 /* XXX: to be handled EVP_dss() */
816 EVP_VerifyInit(&md_ctx, EVP_sha1());
817 EVP_VerifyUpdate(&md_ctx, source->v, source->l);
818 error = EVP_VerifyFinal(&md_ctx, sig->v, sig->l, evp);
819
820 EVP_PKEY_free(evp);
821
822 if (error != 1)
823 return -1;
824
825 return 0;
826 }
827
828 /*
829 * get PKCS#1 Private Key of PEM format from local file.
830 */
831 vchar_t *
832 eay_get_pkcs1privkey(path)
833 char *path;
834 {
835 FILE *fp;
836 EVP_PKEY *evp = NULL;
837 vchar_t *pkey = NULL;
838 u_char *bp;
839 int pkeylen;
840 int error = -1;
841
842 /* Read private key */
843 fp = fopen(path, "r");
844 if (fp == NULL)
845 return NULL;
846
847 #if OPENSSL_VERSION_NUMBER >= 0x00904100L
848 evp = PEM_read_PrivateKey(fp, NULL, NULL, NULL);
849 #else
850 evp = PEM_read_PrivateKey(fp, NULL, NULL);
851 #endif
852 fclose (fp);
853
854 if (evp == NULL)
855 return NULL;
856
857 pkeylen = i2d_PrivateKey(evp, NULL);
858 if (pkeylen == 0)
859 goto end;
860 pkey = vmalloc(pkeylen);
861 if (pkey == NULL)
862 goto end;
863 bp = pkey->v;
864 pkeylen = i2d_PrivateKey(evp, &bp);
865 if (pkeylen == 0)
866 goto end;
867
868 error = 0;
869
870 end:
871 if (evp != NULL)
872 EVP_PKEY_free(evp);
873 if (error != 0 && pkey != NULL) {
874 vfree(pkey);
875 pkey = NULL;
876 }
877
878 return pkey;
879 }
880
881 /*
882 * get PKCS#1 Public Key of PEM format from local file.
883 */
884 vchar_t *
885 eay_get_pkcs1pubkey(path)
886 char *path;
887 {
888 FILE *fp;
889 EVP_PKEY *evp = NULL;
890 vchar_t *pkey = NULL;
891 X509 *x509 = NULL;
892 u_char *bp;
893 int pkeylen;
894 int error = -1;
895
896 /* Read private key */
897 fp = fopen(path, "r");
898 if (fp == NULL)
899 return NULL;
900
901 #if OPENSSL_VERSION_NUMBER >= 0x00904100L
902 x509 = PEM_read_X509(fp, NULL, NULL, NULL);
903 #else
904 x509 = PEM_read_X509(fp, NULL, NULL);
905 #endif
906 fclose (fp);
907
908 if (x509 == NULL)
909 return NULL;
910
911 /* Get public key - eay */
912 evp = X509_get_pubkey(x509);
913 if (evp == NULL)
914 return NULL;
915
916 pkeylen = i2d_PublicKey(evp, NULL);
917 if (pkeylen == 0)
918 goto end;
919 pkey = vmalloc(pkeylen);
920 if (pkey == NULL)
921 goto end;
922 bp = pkey->v;
923 pkeylen = i2d_PublicKey(evp, &bp);
924 if (pkeylen == 0)
925 goto end;
926
927 error = 0;
928 end:
929 if (evp != NULL)
930 EVP_PKEY_free(evp);
931 if (error != 0 && pkey != NULL) {
932 vfree(pkey);
933 pkey = NULL;
934 }
935
936 return pkey;
937 }
938 #endif
939
940 vchar_t *
941 eay_rsa_sign(src, privkey)
942 vchar_t *src, *privkey;
943 {
944 EVP_PKEY *evp;
945 u_char *bp = privkey->v;
946 vchar_t *sig = NULL;
947 int len;
948 int pad = RSA_PKCS1_PADDING;
949
950 /* XXX to be handled EVP_PKEY_DSA */
951 evp = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &bp, privkey->l);
952 if (evp == NULL)
953 return NULL;
954
955 /* XXX: to be handled EVP_dss() */
956 /* XXX: Where can I get such parameters ? From my cert ? */
957
958 len = RSA_size(evp->pkey.rsa);
959
960 sig = vmalloc(len);
961 if (sig == NULL)
962 return NULL;
963
964 len = RSA_private_encrypt(src->l, src->v, sig->v, evp->pkey.rsa, pad);
965 EVP_PKEY_free(evp);
966 if (len == 0 || len != sig->l) {
967 vfree(sig);
968 sig = NULL;
969 }
970
971 return sig;
972 }
973
974 int
975 eay_rsa_verify(src, sig, evp)
976 vchar_t *src, *sig;
977 EVP_PKEY *evp;
978 {
979 vchar_t *xbuf = NULL;
980 int pad = RSA_PKCS1_PADDING;
981 int len = 0;
982 int error;
983
984 len = RSA_size(evp->pkey.rsa);
985
986 xbuf = vmalloc(len);
987 if (xbuf == NULL) {
988 #ifndef EAYDEBUG
989 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
990 #endif
991 EVP_PKEY_free(evp);
992 return -1;
993 }
994
995 len = RSA_public_decrypt(sig->l, sig->v, xbuf->v, evp->pkey.rsa, pad);
996 #ifndef EAYDEBUG
997 if (len == 0 || len != src->l)
998 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
999 #endif
1000 EVP_PKEY_free(evp);
1001 if (len == 0 || len != src->l) {
1002 vfree(xbuf);
1003 return -1;
1004 }
1005
1006 error = memcmp(src->v, xbuf->v, src->l);
1007 vfree(xbuf);
1008 if (error != 0)
1009 return -1;
1010
1011 return 0;
1012 }
1013
1014 /*
1015 * get error string
1016 * MUST load ERR_load_crypto_strings() first.
1017 */
1018 char *
1019 eay_strerror()
1020 {
1021 static char ebuf[512];
1022 int len = 0, n;
1023 unsigned long l;
1024 char buf[200];
1025 #if OPENSSL_VERSION_NUMBER >= 0x00904100L
1026 const char *file, *data;
1027 #else
1028 char *file, *data;
1029 #endif
1030 int line, flags;
1031 unsigned long es;
1032
1033 es = CRYPTO_thread_id();
1034
1035 while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0){
1036 n = snprintf(ebuf + len, sizeof(ebuf) - len,
1037 "%lu:%s:%s:%d:%s ",
1038 es, ERR_error_string(l, buf), file, line,
1039 (flags & ERR_TXT_STRING) ? data : "");
1040 if (n < 0 || n >= sizeof(ebuf) - len)
1041 break;
1042 len += n;
1043 if (sizeof(ebuf) < len)
1044 break;
1045 }
1046
1047 return ebuf;
1048 }
1049
1050 void
1051 eay_init_error()
1052 {
1053 ERR_load_crypto_strings();
1054 }
1055
1056 /*
1057 * DES-CBC
1058 */
1059 vchar_t *
1060 eay_des_encrypt(data, key, iv)
1061 vchar_t *data, *key, *iv;
1062 {
1063 vchar_t *res;
1064 des_key_schedule ks;
1065
1066 if (des_key_sched((void *)key->v, ks) != 0)
1067 return NULL;
1068
1069 /* allocate buffer for result */
1070 if ((res = vmalloc(data->l)) == NULL)
1071 return NULL;
1072
1073 /* decryption data */
1074 des_cbc_encrypt((void *)data->v, (void *)res->v, data->l,
1075 ks, (void *)iv->v, DES_ENCRYPT);
1076
1077 return res;
1078 }
1079
1080 vchar_t *
1081 eay_des_decrypt(data, key, iv)
1082 vchar_t *data, *key, *iv;
1083 {
1084 vchar_t *res;
1085 des_key_schedule ks;
1086
1087 if (des_key_sched((void *)key->v, ks) != 0)
1088 return NULL;
1089
1090 /* allocate buffer for result */
1091 if ((res = vmalloc(data->l)) == NULL)
1092 return NULL;
1093
1094 /* decryption data */
1095 des_cbc_encrypt((void *)data->v, (void *)res->v, data->l,
1096 ks, (void *)iv->v, DES_DECRYPT);
1097
1098 return res;
1099 }
1100
1101 int
1102 eay_des_weakkey(key)
1103 vchar_t *key;
1104 {
1105 return des_is_weak_key((void *)key->v);
1106 }
1107
1108 int
1109 eay_des_keylen(len)
1110 int len;
1111 {
1112 if (len != 0 && len != 64)
1113 return -1;
1114 return 64;
1115 }
1116
1117 #ifdef HAVE_OPENSSL_IDEA_H
1118 /*
1119 * IDEA-CBC
1120 */
1121 vchar_t *
1122 eay_idea_encrypt(data, key, iv)
1123 vchar_t *data, *key, *iv;
1124 {
1125 vchar_t *res;
1126 IDEA_KEY_SCHEDULE ks;
1127
1128 idea_set_encrypt_key(key->v, &ks);
1129
1130 /* allocate buffer for result */
1131 if ((res = vmalloc(data->l)) == NULL)
1132 return NULL;
1133
1134 /* decryption data */
1135 idea_cbc_encrypt(data->v, res->v, data->l,
1136 &ks, iv->v, IDEA_ENCRYPT);
1137
1138 return res;
1139 }
1140
1141 vchar_t *
1142 eay_idea_decrypt(data, key, iv)
1143 vchar_t *data, *key, *iv;
1144 {
1145 vchar_t *res;
1146 IDEA_KEY_SCHEDULE ks, dks;
1147
1148 idea_set_encrypt_key(key->v, &ks);
1149 idea_set_decrypt_key(&ks, &dks);
1150
1151 /* allocate buffer for result */
1152 if ((res = vmalloc(data->l)) == NULL)
1153 return NULL;
1154
1155 /* decryption data */
1156 idea_cbc_encrypt(data->v, res->v, data->l,
1157 &dks, iv->v, IDEA_DECRYPT);
1158
1159 return res;
1160 }
1161
1162 int
1163 eay_idea_weakkey(key)
1164 vchar_t *key;
1165 {
1166 return 0; /* XXX */
1167 }
1168
1169 int
1170 eay_idea_keylen(len)
1171 int len;
1172 {
1173 if (len != 0 && len != 128)
1174 return -1;
1175 return 128;
1176 }
1177 #endif
1178
1179 /*
1180 * BLOWFISH-CBC
1181 */
1182 vchar_t *
1183 eay_bf_encrypt(data, key, iv)
1184 vchar_t *data, *key, *iv;
1185 {
1186 vchar_t *res;
1187 BF_KEY ks;
1188
1189 BF_set_key(&ks, key->l, key->v);
1190
1191 /* allocate buffer for result */
1192 if ((res = vmalloc(data->l)) == NULL)
1193 return NULL;
1194
1195 /* decryption data */
1196 BF_cbc_encrypt(data->v, res->v, data->l,
1197 &ks, iv->v, BF_ENCRYPT);
1198
1199 return res;
1200 }
1201
1202 vchar_t *
1203 eay_bf_decrypt(data, key, iv)
1204 vchar_t *data, *key, *iv;
1205 {
1206 vchar_t *res;
1207 BF_KEY ks;
1208
1209 BF_set_key(&ks, key->l, key->v);
1210
1211 /* allocate buffer for result */
1212 if ((res = vmalloc(data->l)) == NULL)
1213 return NULL;
1214
1215 /* decryption data */
1216 BF_cbc_encrypt(data->v, res->v, data->l,
1217 &ks, iv->v, BF_DECRYPT);
1218
1219 return res;
1220 }
1221
1222 int
1223 eay_bf_weakkey(key)
1224 vchar_t *key;
1225 {
1226 return 0; /* XXX to be done. refer to RFC 2451 */
1227 }
1228
1229 int
1230 eay_bf_keylen(len)
1231 int len;
1232 {
1233 if (len == 0)
1234 return 448;
1235 if (len < 40 || len > 448)
1236 return -1;
1237 return (len + 7) / 8;
1238 }
1239
1240 #ifdef HAVE_OPENSSL_RC5_H
1241 /*
1242 * RC5-CBC
1243 */
1244 vchar_t *
1245 eay_rc5_encrypt(data, key, iv)
1246 vchar_t *data, *key, *iv;
1247 {
1248 vchar_t *res;
1249 RC5_32_KEY ks;
1250
1251 /* in RFC 2451, there is information about the number of round. */
1252 RC5_32_set_key(&ks, key->l, key->v, 16);
1253
1254 /* allocate buffer for result */
1255 if ((res = vmalloc(data->l)) == NULL)
1256 return NULL;
1257
1258 /* decryption data */
1259 RC5_32_cbc_encrypt(data->v, res->v, data->l,
1260 &ks, iv->v, RC5_ENCRYPT);
1261
1262 return res;
1263 }
1264
1265 vchar_t *
1266 eay_rc5_decrypt(data, key, iv)
1267 vchar_t *data, *key, *iv;
1268 {
1269 vchar_t *res;
1270 RC5_32_KEY ks;
1271
1272 /* in RFC 2451, there is information about the number of round. */
1273 RC5_32_set_key(&ks, key->l, key->v, 16);
1274
1275 /* allocate buffer for result */
1276 if ((res = vmalloc(data->l)) == NULL)
1277 return NULL;
1278
1279 /* decryption data */
1280 RC5_32_cbc_encrypt(data->v, res->v, data->l,
1281 &ks, iv->v, RC5_DECRYPT);
1282
1283 return res;
1284 }
1285
1286 int
1287 eay_rc5_weakkey(key)
1288 vchar_t *key;
1289 {
1290 return 0; /* No known weak keys when used with 16 rounds. */
1291
1292 }
1293
1294 int
1295 eay_rc5_keylen(len)
1296 int len;
1297 {
1298 if (len == 0)
1299 return 128;
1300 if (len < 40 || len > 2040)
1301 return -1;
1302 return (len + 7) / 8;
1303 }
1304 #endif
1305
1306 /*
1307 * 3DES-CBC
1308 */
1309 vchar_t *
1310 eay_3des_encrypt(data, key, iv)
1311 vchar_t *data, *key, *iv;
1312 {
1313 vchar_t *res;
1314 des_key_schedule ks1, ks2, ks3;
1315
1316 if (key->l < 24)
1317 return NULL;
1318
1319 if (des_key_sched((void *)key->v, ks1) != 0)
1320 return NULL;
1321 if (des_key_sched((void *)(key->v + 8), ks2) != 0)
1322 return NULL;
1323 if (des_key_sched((void *)(key->v + 16), ks3) != 0)
1324 return NULL;
1325
1326 /* allocate buffer for result */
1327 if ((res = vmalloc(data->l)) == NULL)
1328 return NULL;
1329
1330 /* decryption data */
1331 des_ede3_cbc_encrypt((void *)data->v, (void *)res->v, data->l,
1332 ks1, ks2, ks3, (void *)iv->v, DES_ENCRYPT);
1333
1334 return res;
1335 }
1336
1337 vchar_t *
1338 eay_3des_decrypt(data, key, iv)
1339 vchar_t *data, *key, *iv;
1340 {
1341 vchar_t *res;
1342 des_key_schedule ks1, ks2, ks3;
1343
1344 if (key->l < 24)
1345 return NULL;
1346
1347 if (des_key_sched((void *)key->v, ks1) != 0)
1348 return NULL;
1349 if (des_key_sched((void *)(key->v + 8), ks2) != 0)
1350 return NULL;
1351 if (des_key_sched((void *)(key->v + 16), ks3) != 0)
1352 return NULL;
1353
1354 /* allocate buffer for result */
1355 if ((res = vmalloc(data->l)) == NULL)
1356 return NULL;
1357
1358 /* decryption data */
1359 des_ede3_cbc_encrypt((void *)data->v, (void *)res->v, data->l,
1360 ks1, ks2, ks3, (void *)iv->v, DES_DECRYPT);
1361
1362 return res;
1363 }
1364
1365 int
1366 eay_3des_weakkey(key)
1367 vchar_t *key;
1368 {
1369 if (key->l < 24)
1370 return NULL;
1371
1372 return (des_is_weak_key((void *)key->v)
1373 || des_is_weak_key((void *)(key->v + 8))
1374 || des_is_weak_key((void *)(key->v + 16)));
1375 }
1376
1377 int
1378 eay_3des_keylen(len)
1379 int len;
1380 {
1381 if (len != 0 && len != 192)
1382 return -1;
1383 return 192;
1384 }
1385
1386 /*
1387 * CAST-CBC
1388 */
1389 vchar_t *
1390 eay_cast_encrypt(data, key, iv)
1391 vchar_t *data, *key, *iv;
1392 {
1393 vchar_t *res;
1394 CAST_KEY ks;
1395
1396 CAST_set_key(&ks, key->l, key->v);
1397
1398 /* allocate buffer for result */
1399 if ((res = vmalloc(data->l)) == NULL)
1400 return NULL;
1401
1402 /* decryption data */
1403 CAST_cbc_encrypt(data->v, res->v, data->l,
1404 &ks, iv->v, DES_ENCRYPT);
1405
1406 return res;
1407 }
1408
1409 vchar_t *
1410 eay_cast_decrypt(data, key, iv)
1411 vchar_t *data, *key, *iv;
1412 {
1413 vchar_t *res;
1414 CAST_KEY ks;
1415
1416 CAST_set_key(&ks, key->l, key->v);
1417
1418 /* allocate buffer for result */
1419 if ((res = vmalloc(data->l)) == NULL)
1420 return NULL;
1421
1422 /* decryption data */
1423 CAST_cbc_encrypt(data->v, res->v, data->l,
1424 &ks, iv->v, DES_DECRYPT);
1425
1426 return res;
1427 }
1428
1429 int
1430 eay_cast_weakkey(key)
1431 vchar_t *key;
1432 {
1433 return 0; /* No known weak keys. */
1434 }
1435
1436 int
1437 eay_cast_keylen(len)
1438 int len;
1439 {
1440 if (len == 0)
1441 return 128;
1442 if (len < 40 || len > 128)
1443 return -1;
1444 return (len + 7) / 8;
1445 }
1446
1447 /*
1448 * AES(RIJNDAEL)-CBC
1449 */
1450 vchar_t *
1451 eay_aes_encrypt(data, key, iv)
1452 vchar_t *data, *key, *iv;
1453 {
1454 vchar_t *res;
1455 keyInstance k;
1456 cipherInstance c;
1457
1458 memset(&k, 0, sizeof(k));
1459 if (rijndael_makeKey(&k, DIR_ENCRYPT, key->l << 3, key->v) < 0)
1460 return NULL;
1461
1462 /* allocate buffer for result */
1463 if ((res = vmalloc(data->l)) == NULL)
1464 return NULL;
1465
1466 /* encryption data */
1467 memset(&c, 0, sizeof(c));
1468 if (rijndael_cipherInit(&c, MODE_CBC, iv->v) < 0)
1469 return NULL;
1470 if (rijndael_blockEncrypt(&c, &k, data->v, data->l << 3, res->v) < 0)
1471 return NULL;
1472
1473 return res;
1474 }
1475
1476 vchar_t *
1477 eay_aes_decrypt(data, key, iv)
1478 vchar_t *data, *key, *iv;
1479 {
1480 vchar_t *res;
1481 keyInstance k;
1482 cipherInstance c;
1483
1484 memset(&k, 0, sizeof(k));
1485 if (rijndael_makeKey(&k, DIR_DECRYPT, key->l << 3, key->v) < 0)
1486 return NULL;
1487
1488 /* allocate buffer for result */
1489 if ((res = vmalloc(data->l)) == NULL)
1490 return NULL;
1491
1492 /* decryption data */
1493 memset(&c, 0, sizeof(c));
1494 if (rijndael_cipherInit(&c, MODE_CBC, iv->v) < 0)
1495 return NULL;
1496 if (rijndael_blockDecrypt(&c, &k, data->v, data->l << 3, res->v) < 0)
1497 return NULL;
1498
1499 return res;
1500 }
1501
1502 int
1503 eay_aes_weakkey(key)
1504 vchar_t *key;
1505 {
1506 return 0;
1507 }
1508
1509 int
1510 eay_aes_keylen(len)
1511 int len;
1512 {
1513 if (len == 0)
1514 return 128;
1515 if (len != 128 && len != 192 && len != 256)
1516 return -1;
1517 return len;
1518 }
1519
1520 /* for ipsec part */
1521 int
1522 eay_null_hashlen()
1523 {
1524 return 0;
1525 }
1526
1527 int
1528 eay_kpdk_hashlen()
1529 {
1530 return 0;
1531 }
1532
1533 int
1534 eay_twofish_keylen(len)
1535 int len;
1536 {
1537 if (len < 0 || len > 256)
1538 return -1;
1539 return len;
1540 }
1541
1542 int
1543 eay_null_keylen(len)
1544 int len;
1545 {
1546 return 0;
1547 }
1548
1549 /*
1550 * HMAC functions
1551 */
1552 static caddr_t
1553 eay_hmac_init(key, md)
1554 vchar_t *key;
1555 const EVP_MD *md;
1556 {
1557 HMAC_CTX *c = racoon_malloc(sizeof(*c));
1558
1559 HMAC_CTX_init(c);
1560 HMAC_Init(c, key->v, key->l, md);
1561
1562 return (caddr_t)c;
1563 }
1564
1565 /*
1566 * HMAC SHA2-512
1567 */
1568 vchar_t *
1569 eay_hmacsha2_512_one(key, data)
1570 vchar_t *key, *data;
1571 {
1572 vchar_t *res;
1573 caddr_t ctx;
1574
1575 ctx = eay_hmacsha2_512_init(key);
1576 eay_hmacsha2_512_update(ctx, data);
1577 res = eay_hmacsha2_512_final(ctx);
1578
1579 return(res);
1580 }
1581
1582 caddr_t
1583 eay_hmacsha2_512_init(key)
1584 vchar_t *key;
1585 {
1586 return eay_hmac_init(key, EVP_sha2_512());
1587 }
1588
1589 void
1590 eay_hmacsha2_512_update(c, data)
1591 caddr_t c;
1592 vchar_t *data;
1593 {
1594 HMAC_Update((HMAC_CTX *)c, data->v, data->l);
1595 }
1596
1597 vchar_t *
1598 eay_hmacsha2_512_final(c)
1599 caddr_t c;
1600 {
1601 vchar_t *res;
1602 unsigned int l;
1603
1604 if ((res = vmalloc(SHA512_DIGEST_LENGTH)) == 0)
1605 return NULL;
1606
1607 HMAC_Final((HMAC_CTX *)c, res->v, &l);
1608 res->l = l;
1609 HMAC_CTX_cleanup(c);
1610 (void)racoon_free(c);
1611
1612 if (SHA512_DIGEST_LENGTH != res->l) {
1613 #ifndef EAYDEBUG
1614 plog(LLV_ERROR, LOCATION, NULL,
1615 "hmac sha2_512 length mismatch %d.\n", res->l);
1616 #else
1617 printf("hmac sha2_512 length mismatch %d.\n", res->l);
1618 #endif
1619 vfree(res);
1620 return NULL;
1621 }
1622
1623 return(res);
1624 }
1625
1626 /*
1627 * HMAC SHA2-384
1628 */
1629 vchar_t *
1630 eay_hmacsha2_384_one(key, data)
1631 vchar_t *key, *data;
1632 {
1633 vchar_t *res;
1634 caddr_t ctx;
1635
1636 ctx = eay_hmacsha2_384_init(key);
1637 eay_hmacsha2_384_update(ctx, data);
1638 res = eay_hmacsha2_384_final(ctx);
1639
1640 return(res);
1641 }
1642
1643 caddr_t
1644 eay_hmacsha2_384_init(key)
1645 vchar_t *key;
1646 {
1647 return eay_hmac_init(key, EVP_sha2_384());
1648 }
1649
1650 void
1651 eay_hmacsha2_384_update(c, data)
1652 caddr_t c;
1653 vchar_t *data;
1654 {
1655 HMAC_Update((HMAC_CTX *)c, data->v, data->l);
1656 }
1657
1658 vchar_t *
1659 eay_hmacsha2_384_final(c)
1660 caddr_t c;
1661 {
1662 vchar_t *res;
1663 unsigned int l;
1664
1665 if ((res = vmalloc(SHA384_DIGEST_LENGTH)) == 0)
1666 return NULL;
1667
1668 HMAC_Final((HMAC_CTX *)c, res->v, &l);
1669 res->l = l;
1670 HMAC_CTX_cleanup(c);
1671 (void)racoon_free(c);
1672
1673 if (SHA384_DIGEST_LENGTH != res->l) {
1674 #ifndef EAYDEBUG
1675 plog(LLV_ERROR, LOCATION, NULL,
1676 "hmac sha2_384 length mismatch %d.\n", res->l);
1677 #else
1678 printf("hmac sha2_384 length mismatch %d.\n", res->l);
1679 #endif
1680 vfree(res);
1681 return NULL;
1682 }
1683
1684 return(res);
1685 }
1686
1687 /*
1688 * HMAC SHA2-256
1689 */
1690 vchar_t *
1691 eay_hmacsha2_256_one(key, data)
1692 vchar_t *key, *data;
1693 {
1694 vchar_t *res;
1695 caddr_t ctx;
1696
1697 ctx = eay_hmacsha2_256_init(key);
1698 eay_hmacsha2_256_update(ctx, data);
1699 res = eay_hmacsha2_256_final(ctx);
1700
1701 return(res);
1702 }
1703
1704 caddr_t
1705 eay_hmacsha2_256_init(key)
1706 vchar_t *key;
1707 {
1708 return eay_hmac_init(key, EVP_sha2_256());
1709 }
1710
1711 void
1712 eay_hmacsha2_256_update(c, data)
1713 caddr_t c;
1714 vchar_t *data;
1715 {
1716 HMAC_Update((HMAC_CTX *)c, data->v, data->l);
1717 }
1718
1719 vchar_t *
1720 eay_hmacsha2_256_final(c)
1721 caddr_t c;
1722 {
1723 vchar_t *res;
1724 unsigned int l;
1725
1726 if ((res = vmalloc(SHA256_DIGEST_LENGTH)) == 0)
1727 return NULL;
1728
1729 HMAC_Final((HMAC_CTX *)c, res->v, &l);
1730 res->l = l;
1731 HMAC_CTX_cleanup(c);
1732 (void)racoon_free(c);
1733
1734 if (SHA256_DIGEST_LENGTH != res->l) {
1735 #ifndef EAYDEBUG
1736 plog(LLV_ERROR, LOCATION, NULL,
1737 "hmac sha2_256 length mismatch %d.\n", res->l);
1738 #else
1739 printf("hmac sha2_256 length mismatch %d.\n", res->l);
1740 #endif
1741 vfree(res);
1742 return NULL;
1743 }
1744
1745 return(res);
1746 }
1747
1748 /*
1749 * HMAC SHA1
1750 */
1751 vchar_t *
1752 eay_hmacsha1_one(key, data)
1753 vchar_t *key, *data;
1754 {
1755 vchar_t *res;
1756 caddr_t ctx;
1757
1758 ctx = eay_hmacsha1_init(key);
1759 eay_hmacsha1_update(ctx, data);
1760 res = eay_hmacsha1_final(ctx);
1761
1762 return(res);
1763 }
1764
1765 caddr_t
1766 eay_hmacsha1_init(key)
1767 vchar_t *key;
1768 {
1769 return eay_hmac_init(key, EVP_sha1());
1770 }
1771
1772 void
1773 eay_hmacsha1_update(c, data)
1774 caddr_t c;
1775 vchar_t *data;
1776 {
1777 HMAC_Update((HMAC_CTX *)c, data->v, data->l);
1778 }
1779
1780 vchar_t *
1781 eay_hmacsha1_final(c)
1782 caddr_t c;
1783 {
1784 vchar_t *res;
1785 unsigned int l;
1786
1787 if ((res = vmalloc(SHA_DIGEST_LENGTH)) == 0)
1788 return NULL;
1789
1790 HMAC_Final((HMAC_CTX *)c, res->v, &l);
1791 res->l = l;
1792 HMAC_CTX_cleanup(c);
1793 (void)racoon_free(c);
1794
1795 if (SHA_DIGEST_LENGTH != res->l) {
1796 #ifndef EAYDEBUG
1797 plog(LLV_ERROR, LOCATION, NULL,
1798 "hmac sha1 length mismatch %d.\n", res->l);
1799 #else
1800 printf("hmac sha1 length mismatch %d.\n", res->l);
1801 #endif
1802 vfree(res);
1803 return NULL;
1804 }
1805
1806 return(res);
1807 }
1808
1809 /*
1810 * HMAC MD5
1811 */
1812 vchar_t *
1813 eay_hmacmd5_one(key, data)
1814 vchar_t *key, *data;
1815 {
1816 vchar_t *res;
1817 caddr_t ctx;
1818
1819 ctx = eay_hmacmd5_init(key);
1820 eay_hmacmd5_update(ctx, data);
1821 res = eay_hmacmd5_final(ctx);
1822
1823 return(res);
1824 }
1825
1826 caddr_t
1827 eay_hmacmd5_init(key)
1828 vchar_t *key;
1829 {
1830 return eay_hmac_init(key, EVP_md5());
1831 }
1832
1833 void
1834 eay_hmacmd5_update(c, data)
1835 caddr_t c;
1836 vchar_t *data;
1837 {
1838 HMAC_Update((HMAC_CTX *)c, data->v, data->l);
1839 }
1840
1841 vchar_t *
1842 eay_hmacmd5_final(c)
1843 caddr_t c;
1844 {
1845 vchar_t *res;
1846 unsigned int l;
1847
1848 if ((res = vmalloc(MD5_DIGEST_LENGTH)) == 0)
1849 return NULL;
1850
1851 HMAC_Final((HMAC_CTX *)c, res->v, &l);
1852 res->l = l;
1853 HMAC_CTX_cleanup(c);
1854 (void)racoon_free(c);
1855
1856 if (MD5_DIGEST_LENGTH != res->l) {
1857 #ifndef EAYDEBUG
1858 plog(LLV_ERROR, LOCATION, NULL,
1859 "hmac md5 length mismatch %d.\n", res->l);
1860 #else
1861 printf("hmac md5 length mismatch %d.\n", res->l);
1862 #endif
1863 vfree(res);
1864 return NULL;
1865 }
1866
1867 return(res);
1868 }
1869
1870 /*
1871 * SHA2-512 functions
1872 */
1873 caddr_t
1874 eay_sha2_512_init()
1875 {
1876 SHA512_CTX *c = racoon_malloc(sizeof(*c));
1877
1878 SHA512_Init(c);
1879
1880 return((caddr_t)c);
1881 }
1882
1883 void
1884 eay_sha2_512_update(c, data)
1885 caddr_t c;
1886 vchar_t *data;
1887 {
1888 SHA512_Update((SHA512_CTX *)c, data->v, data->l);
1889
1890 return;
1891 }
1892
1893 vchar_t *
1894 eay_sha2_512_final(c)
1895 caddr_t c;
1896 {
1897 vchar_t *res;
1898
1899 if ((res = vmalloc(SHA512_DIGEST_LENGTH)) == 0)
1900 return(0);
1901
1902 SHA512_Final(res->v, (SHA512_CTX *)c);
1903 (void)racoon_free(c);
1904
1905 return(res);
1906 }
1907
1908 vchar_t *
1909 eay_sha2_512_one(data)
1910 vchar_t *data;
1911 {
1912 caddr_t ctx;
1913 vchar_t *res;
1914
1915 ctx = eay_sha2_512_init();
1916 eay_sha2_512_update(ctx, data);
1917 res = eay_sha2_512_final(ctx);
1918
1919 return(res);
1920 }
1921
1922 int
1923 eay_sha2_512_hashlen()
1924 {
1925 return SHA512_DIGEST_LENGTH << 3;
1926 }
1927
1928 /*
1929 * SHA2-384 functions
1930 */
1931 caddr_t
1932 eay_sha2_384_init()
1933 {
1934 SHA384_CTX *c = racoon_malloc(sizeof(*c));
1935
1936 SHA384_Init(c);
1937
1938 return((caddr_t)c);
1939 }
1940
1941 void
1942 eay_sha2_384_update(c, data)
1943 caddr_t c;
1944 vchar_t *data;
1945 {
1946 SHA384_Update((SHA384_CTX *)c, data->v, data->l);
1947
1948 return;
1949 }
1950
1951 vchar_t *
1952 eay_sha2_384_final(c)
1953 caddr_t c;
1954 {
1955 vchar_t *res;
1956
1957 if ((res = vmalloc(SHA384_DIGEST_LENGTH)) == 0)
1958 return(0);
1959
1960 SHA384_Final(res->v, (SHA384_CTX *)c);
1961 (void)racoon_free(c);
1962
1963 return(res);
1964 }
1965
1966 vchar_t *
1967 eay_sha2_384_one(data)
1968 vchar_t *data;
1969 {
1970 caddr_t ctx;
1971 vchar_t *res;
1972
1973 ctx = eay_sha2_384_init();
1974 eay_sha2_384_update(ctx, data);
1975 res = eay_sha2_384_final(ctx);
1976
1977 return(res);
1978 }
1979
1980 int
1981 eay_sha2_384_hashlen()
1982 {
1983 return SHA384_DIGEST_LENGTH << 3;
1984 }
1985
1986 /*
1987 * SHA2-256 functions
1988 */
1989 caddr_t
1990 eay_sha2_256_init()
1991 {
1992 SHA256_CTX *c = racoon_malloc(sizeof(*c));
1993
1994 SHA256_Init(c);
1995
1996 return((caddr_t)c);
1997 }
1998
1999 void
2000 eay_sha2_256_update(c, data)
2001 caddr_t c;
2002 vchar_t *data;
2003 {
2004 SHA256_Update((SHA256_CTX *)c, data->v, data->l);
2005
2006 return;
2007 }
2008
2009 vchar_t *
2010 eay_sha2_256_final(c)
2011 caddr_t c;
2012 {
2013 vchar_t *res;
2014
2015 if ((res = vmalloc(SHA256_DIGEST_LENGTH)) == 0)
2016 return(0);
2017
2018 SHA256_Final(res->v, (SHA256_CTX *)c);
2019 (void)racoon_free(c);
2020
2021 return(res);
2022 }
2023
2024 vchar_t *
2025 eay_sha2_256_one(data)
2026 vchar_t *data;
2027 {
2028 caddr_t ctx;
2029 vchar_t *res;
2030
2031 ctx = eay_sha2_256_init();
2032 eay_sha2_256_update(ctx, data);
2033 res = eay_sha2_256_final(ctx);
2034
2035 return(res);
2036 }
2037
2038 int
2039 eay_sha2_256_hashlen()
2040 {
2041 return SHA256_DIGEST_LENGTH << 3;
2042 }
2043
2044 /*
2045 * SHA functions
2046 */
2047 caddr_t
2048 eay_sha1_init()
2049 {
2050 SHA_CTX *c = racoon_malloc(sizeof(*c));
2051
2052 SHA1_Init(c);
2053
2054 return((caddr_t)c);
2055 }
2056
2057 void
2058 eay_sha1_update(c, data)
2059 caddr_t c;
2060 vchar_t *data;
2061 {
2062 SHA1_Update((SHA_CTX *)c, data->v, data->l);
2063
2064 return;
2065 }
2066
2067 vchar_t *
2068 eay_sha1_final(c)
2069 caddr_t c;
2070 {
2071 vchar_t *res;
2072
2073 if ((res = vmalloc(SHA_DIGEST_LENGTH)) == 0)
2074 return(0);
2075
2076 SHA1_Final(res->v, (SHA_CTX *)c);
2077 (void)racoon_free(c);
2078
2079 return(res);
2080 }
2081
2082 vchar_t *
2083 eay_sha1_one(data)
2084 vchar_t *data;
2085 {
2086 caddr_t ctx;
2087 vchar_t *res;
2088
2089 ctx = eay_sha1_init();
2090 eay_sha1_update(ctx, data);
2091 res = eay_sha1_final(ctx);
2092
2093 return(res);
2094 }
2095
2096 int
2097 eay_sha1_hashlen()
2098 {
2099 return SHA_DIGEST_LENGTH << 3;
2100 }
2101
2102 /*
2103 * MD5 functions
2104 */
2105 caddr_t
2106 eay_md5_init()
2107 {
2108 MD5_CTX *c = racoon_malloc(sizeof(*c));
2109
2110 MD5_Init(c);
2111
2112 return((caddr_t)c);
2113 }
2114
2115 void
2116 eay_md5_update(c, data)
2117 caddr_t c;
2118 vchar_t *data;
2119 {
2120 MD5_Update((MD5_CTX *)c, data->v, data->l);
2121
2122 return;
2123 }
2124
2125 vchar_t *
2126 eay_md5_final(c)
2127 caddr_t c;
2128 {
2129 vchar_t *res;
2130
2131 if ((res = vmalloc(MD5_DIGEST_LENGTH)) == 0)
2132 return(0);
2133
2134 MD5_Final(res->v, (MD5_CTX *)c);
2135 (void)racoon_free(c);
2136
2137 return(res);
2138 }
2139
2140 vchar_t *
2141 eay_md5_one(data)
2142 vchar_t *data;
2143 {
2144 caddr_t ctx;
2145 vchar_t *res;
2146
2147 ctx = eay_md5_init();
2148 eay_md5_update(ctx, data);
2149 res = eay_md5_final(ctx);
2150
2151 return(res);
2152 }
2153
2154 int
2155 eay_md5_hashlen()
2156 {
2157 return MD5_DIGEST_LENGTH << 3;
2158 }
2159
2160 /*
2161 * eay_set_random
2162 * size: number of bytes.
2163 */
2164 vchar_t *
2165 eay_set_random(size)
2166 u_int32_t size;
2167 {
2168 BIGNUM *r = NULL;
2169 vchar_t *res = 0;
2170
2171 if ((r = BN_new()) == NULL)
2172 goto end;
2173 BN_rand(r, size * 8, 0, 0);
2174 eay_bn2v(&res, r);
2175
2176 end:
2177 if (r)
2178 BN_free(r);
2179 return(res);
2180 }
2181
2182 /* DH */
2183 int
2184 eay_dh_generate(prime, g, publen, pub, priv)
2185 vchar_t *prime, **pub, **priv;
2186 u_int publen;
2187 u_int32_t g;
2188 {
2189 BIGNUM *p = NULL;
2190 DH *dh = NULL;
2191 int error = -1;
2192
2193 /* initialize */
2194 /* pre-process to generate number */
2195 if (eay_v2bn(&p, prime) < 0)
2196 goto end;
2197
2198 if ((dh = DH_new()) == NULL)
2199 goto end;
2200 dh->p = p;
2201 p = NULL; /* p is now part of dh structure */
2202 dh->g = NULL;
2203 if ((dh->g = BN_new()) == NULL)
2204 goto end;
2205 if (!BN_set_word(dh->g, g))
2206 goto end;
2207
2208 if (publen != 0)
2209 dh->length = publen;
2210
2211 /* generate public and private number */
2212 if (!DH_generate_key(dh))
2213 goto end;
2214
2215 /* copy results to buffers */
2216 if (eay_bn2v(pub, dh->pub_key) < 0)
2217 goto end;
2218 if (eay_bn2v(priv, dh->priv_key) < 0) {
2219 vfree(*pub);
2220 goto end;
2221 }
2222
2223 error = 0;
2224
2225 end:
2226 if (dh != NULL)
2227 DH_free(dh);
2228 if (p != 0)
2229 BN_free(p);
2230 return(error);
2231 }
2232
2233 int
2234 eay_dh_compute(prime, g, pub, priv, pub2, key)
2235 vchar_t *prime, *pub, *priv, *pub2, **key;
2236 u_int32_t g;
2237 {
2238 BIGNUM *dh_pub = NULL;
2239 DH *dh = NULL;
2240 int l;
2241 caddr_t v = NULL;
2242 int error = -1;
2243
2244 /* make public number to compute */
2245 if (eay_v2bn(&dh_pub, pub2) < 0)
2246 goto end;
2247
2248 /* make DH structure */
2249 if ((dh = DH_new()) == NULL)
2250 goto end;
2251 if (eay_v2bn(&dh->p, prime) < 0)
2252 goto end;
2253 if (eay_v2bn(&dh->pub_key, pub) < 0)
2254 goto end;
2255 if (eay_v2bn(&dh->priv_key, priv) < 0)
2256 goto end;
2257 dh->length = pub2->l * 8;
2258
2259 dh->g = NULL;
2260 if ((dh->g = BN_new()) == NULL)
2261 goto end;
2262 if (!BN_set_word(dh->g, g))
2263 goto end;
2264
2265 if ((v = (caddr_t)racoon_calloc(prime->l, sizeof(u_char))) == NULL)
2266 goto end;
2267 if ((l = DH_compute_key(v, dh_pub, dh)) == -1)
2268 goto end;
2269 memcpy((*key)->v + (prime->l - l), v, l);
2270
2271 error = 0;
2272
2273 end:
2274 if (dh_pub != NULL)
2275 BN_free(dh_pub);
2276 if (dh != NULL)
2277 DH_free(dh);
2278 if (v != NULL)
2279 racoon_free(v);
2280 return(error);
2281 }
2282
2283 #if 1
2284 int
2285 eay_v2bn(bn, var)
2286 BIGNUM **bn;
2287 vchar_t *var;
2288 {
2289 if ((*bn = BN_bin2bn(var->v, var->l, NULL)) == NULL)
2290 return -1;
2291
2292 return 0;
2293 }
2294 #else
2295 /*
2296 * convert vchar_t <-> BIGNUM.
2297 *
2298 * vchar_t: unit is u_char, network endian, most significant byte first.
2299 * BIGNUM: unit is BN_ULONG, each of BN_ULONG is in host endian,
2300 * least significant BN_ULONG must come first.
2301 *
2302 * hex value of "0x3ffe050104" is represented as follows:
2303 * vchar_t: 3f fe 05 01 04
2304 * BIGNUM (BN_ULONG = u_int8_t): 04 01 05 fe 3f
2305 * BIGNUM (BN_ULONG = u_int16_t): 0x0104 0xfe05 0x003f
2306 * BIGNUM (BN_ULONG = u_int32_t_t): 0xfe050104 0x0000003f
2307 */
2308 int
2309 eay_v2bn(bn, var)
2310 BIGNUM **bn;
2311 vchar_t *var;
2312 {
2313 u_char *p;
2314 u_char *q;
2315 BN_ULONG *r;
2316 int l;
2317 BN_ULONG num;
2318
2319 *bn = BN_new();
2320 if (*bn == NULL)
2321 goto err;
2322 l = (var->l * 8 + BN_BITS2 - 1) / BN_BITS2;
2323 if (bn_expand(*bn, l * BN_BITS2) == NULL)
2324 goto err;
2325 (*bn)->top = l;
2326
2327 /* scan from least significant byte */
2328 p = (u_char *)var->v;
2329 q = (u_char *)(var->v + var->l);
2330 r = (*bn)->d;
2331 num = 0;
2332 l = 0;
2333 do {
2334 q--;
2335 num = num | ((BN_ULONG)*q << (l++ * 8));
2336 if (l == BN_BYTES) {
2337 *r++ = num;
2338 num = 0;
2339 l = 0;
2340 }
2341 } while (p < q);
2342 if (l)
2343 *r = num;
2344 return 0;
2345
2346 err:
2347 if (*bn)
2348 BN_free(*bn);
2349 return -1;
2350 }
2351 #endif
2352
2353 int
2354 eay_bn2v(var, bn)
2355 vchar_t **var;
2356 BIGNUM *bn;
2357 {
2358 *var = vmalloc(bn->top * BN_BYTES);
2359 if (*var == NULL)
2360 return(-1);
2361
2362 (*var)->l = BN_bn2bin(bn, (*var)->v);
2363
2364 return 0;
2365 }
2366
2367 const char *
2368 eay_version()
2369 {
2370 return SSLeay_version(SSLEAY_VERSION);
2371 }
mirror of network_cmds