]> git.saurik.com Git - apple/network_cmds.git/blob - eaytest.tproj/crypto_openssl.c
projects / apple / network_cmds.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
network_cmds-245.19.tar.gz
[apple/network_cmds.git] / eaytest.tproj / crypto_openssl.c
1 /* $KAME: crypto_openssl.c,v 1.73 2003/04/24 02:21:22 itojun Exp $ */
2
3 /*
4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the project nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 */
31
32 #include <sys/types.h>
33 #include <sys/param.h>
34
35 #include <stdlib.h>
36 #include <stdio.h>
37 #include <limits.h>
38 #include <string.h>
39
40 /* get openssl/ssleay version number */
41 #ifdef HAVE_OPENSSL_OPENSSLV_H
42 # include <openssl/opensslv.h>
43 #else
44 # error no opensslv.h found.
45 #endif
46
47 #ifndef OPENSSL_VERSION_NUMBER
48 #error OPENSSL_VERSION_NUMBER is not defined. OpenSSL0.9.4 or later required.
49 #endif
50
51 #ifdef HAVE_OPENSSL_PEM_H
52 #include <openssl/pem.h>
53 #endif
54 #ifdef HAVE_OPENSSL_EVP_H
55 #include <openssl/evp.h>
56 #endif
57 #ifdef HAVE_OPENSSL_X509_H
58 #include <openssl/x509.h>
59 #include <openssl/x509v3.h>
60 #include <openssl/x509_vfy.h>
61 #endif
62 #include <openssl/bn.h>
63 #include <openssl/dh.h>
64 #include <openssl/md5.h>
65 #include <openssl/sha.h>
66 #include <openssl/hmac.h>
67 #include <openssl/des.h>
68 #include <openssl/crypto.h>
69 #ifdef HAVE_OPENSSL_IDEA_H
70 #include <openssl/idea.h>
71 #endif
72 #include <openssl/blowfish.h>
73 #ifdef HAVE_OPENSSL_RC5_H
74 #include <openssl/rc5.h>
75 #endif
76 #include <openssl/cast.h>
77 #include <openssl/err.h>
78 #ifdef HAVE_OPENSSL_RIJNDAEL_H
79 #include <openssl/rijndael.h>
80 #else
81 #include "rijndael-api-fst.h"
82 #endif
83 #ifdef HAVE_OPENSSL_SHA2_H
84 #include <openssl/sha2.h>
85 #else
86 #include "sha2.h"
87 #endif
88
89 #include "var.h"
90 #include "misc.h"
91 #include "vmbuf.h"
92 #include "plog.h"
93 #include "crypto_openssl.h"
94 #include "debug.h"
95 #include "gcmalloc.h"
96
97 /*
98 * I hate to cast every parameter to des_xx into void *, but it is
99 * necessary for SSLeay/OpenSSL portability. It sucks.
100 */
101
102 #ifdef HAVE_SIGNING_C
103 static int cb_check_cert_local __P((int, X509_STORE_CTX *));
104 static int cb_check_cert_remote __P((int, X509_STORE_CTX *));
105 static void eay_setgentype __P((char *, int *));
106 static X509 *mem2x509 __P((vchar_t *));
107 #endif
108
109 static caddr_t eay_hmac_init __P((vchar_t *, const EVP_MD *));
110
111 #ifdef HAVE_SIGNING_C
112 /* X509 Certificate */
113 /*
114 * convert the string of the subject name into DER
115 * e.g. str = "C=JP, ST=Kanagawa";
116 */
117 vchar_t *
118 eay_str2asn1dn(str, len)
119 char *str;
120 int len;
121 {
122 X509_NAME *name;
123 char *buf;
124 char *field, *value;
125 int i, j;
126 vchar_t *ret;
127 caddr_t p;
128
129 buf = racoon_malloc(len + 1);
130 if (!buf) {
131 printf("failed to allocate buffer\n");
132 return NULL;
133 }
134 memcpy(buf, str, len);
135
136 name = X509_NAME_new();
137
138 field = &buf[0];
139 value = NULL;
140 for (i = 0; i < len; i++) {
141 if (!value && buf[i] == '=') {
142 buf[i] = '\0';
143 value = &buf[i + 1];
144 continue;
145 } else if (buf[i] == ',' || buf[i] == '/') {
146 buf[i] = '\0';
147 #if 0
148 printf("[%s][%s]\n", field, value);
149 #endif
150 if (!X509_NAME_add_entry_by_txt(name, field,
151 MBSTRING_ASC, value, -1, -1, 0))
152 goto err;
153 for (j = i + 1; j < len; j++) {
154 if (buf[j] != ' ')
155 break;
156 }
157 field = &buf[j];
158 value = NULL;
159 continue;
160 }
161 }
162 buf[len] = '\0';
163 #if 0
164 printf("[%s][%s]\n", field, value);
165 #endif
166 if (!X509_NAME_add_entry_by_txt(name, field,
167 MBSTRING_ASC, value, -1, -1, 0))
168 goto err;
169
170 i = i2d_X509_NAME(name, NULL);
171 if (!i)
172 goto err;
173 ret = vmalloc(i);
174 if (!ret)
175 goto err;
176 p = ret->v;
177 i = i2d_X509_NAME(name, (unsigned char **)&p);
178 if (!i)
179 goto err;
180
181 return ret;
182
183 err:
184 if (buf)
185 racoon_free(buf);
186 if (name)
187 X509_NAME_free(name);
188 return NULL;
189 }
190
191 /*
192 * compare two subjectNames.
193 * OUT: 0: equal
194 * positive:
195 * -1: other error.
196 */
197 int
198 eay_cmp_asn1dn(n1, n2)
199 vchar_t *n1, *n2;
200 {
201 X509_NAME *a = NULL, *b = NULL;
202 caddr_t p;
203 int i = -1;
204
205 p = n1->v;
206 if (!d2i_X509_NAME(&a, (unsigned char **)&p, n1->l))
207 goto end;
208 p = n2->v;
209 if (!d2i_X509_NAME(&b, (unsigned char **)&p, n2->l))
210 goto end;
211
212 i = X509_NAME_cmp(a, b);
213
214 end:
215 if (a)
216 X509_NAME_free(a);
217 if (b)
218 X509_NAME_free(b);
219 return i;
220 }
221
222 /*
223 * this functions is derived from apps/verify.c in OpenSSL0.9.5
224 */
225 int
226 eay_check_x509cert(cert, CApath, local)
227 vchar_t *cert;
228 char *CApath;
229 int local;
230 {
231 X509_STORE *cert_ctx = NULL;
232 X509_LOOKUP *lookup = NULL;
233 X509 *x509 = NULL;
234 #if OPENSSL_VERSION_NUMBER >= 0x00905100L
235 X509_STORE_CTX *csc;
236 #else
237 X509_STORE_CTX csc;
238 #endif
239 int error = -1;
240
241 /* XXX define only functions required. */
242 #if OPENSSL_VERSION_NUMBER >= 0x00905100L
243 OpenSSL_add_all_algorithms();
244 #else
245 SSLeay_add_all_algorithms();
246 #endif
247
248 cert_ctx = X509_STORE_new();
249 if (cert_ctx == NULL)
250 goto end;
251
252 if (local)
253 X509_STORE_set_verify_cb_func(cert_ctx, cb_check_cert_local);
254 else
255 X509_STORE_set_verify_cb_func(cert_ctx, cb_check_cert_remote);
256
257 lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file());
258 if (lookup == NULL)
259 goto end;
260 X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT); /* XXX */
261
262 lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_hash_dir());
263 if (lookup == NULL)
264 goto end;
265 error = X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM);
266 if(!error) {
267 error = -1;
268 goto end;
269 }
270 error = -1; /* initialized */
271
272 /* read the certificate to be verified */
273 x509 = mem2x509(cert);
274 if (x509 == NULL)
275 goto end;
276
277 #if OPENSSL_VERSION_NUMBER >= 0x00905100L
278 csc = X509_STORE_CTX_new();
279 if (csc == NULL)
280 goto end;
281 X509_STORE_CTX_init(csc, cert_ctx, x509, NULL);
282
283 #if OPENSSL_VERSION_NUMBER >= 0x00907000L
284 X509_STORE_CTX_set_flags(csc, X509_V_FLAG_CRL_CHECK);
285 X509_STORE_CTX_set_flags(csc, X509_V_FLAG_CRL_CHECK_ALL);
286 #endif
287
288 error = X509_verify_cert(csc);
289 X509_STORE_CTX_cleanup(csc);
290 #else
291 X509_STORE_CTX_init(&csc, cert_ctx, x509, NULL);
292 error = X509_verify_cert(&csc);
293 X509_STORE_CTX_cleanup(&csc);
294 #endif
295
296 /*
297 * if x509_verify_cert() is successful then the value of error is
298 * set non-zero.
299 */
300 error = error ? 0 : -1;
301
302 end:
303 if (error)
304 printf("%s\n", eay_strerror());
305 if (cert_ctx != NULL)
306 X509_STORE_free(cert_ctx);
307 if (x509 != NULL)
308 X509_free(x509);
309
310 return(error);
311 }
312
313 /*
314 * callback function for verifing certificate.
315 * Derived from cb() in openssl/apps/s_server.c
316 *
317 * This one is called for certificates obtained from
318 * 'peers_certfile' directive.
319 */
320 static int
321 cb_check_cert_local(ok, ctx)
322 int ok;
323 X509_STORE_CTX *ctx;
324 {
325 char buf[256];
326 int log_tag;
327
328 if (!ok) {
329 X509_NAME_oneline(
330 X509_get_subject_name(ctx->current_cert),
331 buf,
332 256);
333 /*
334 * since we are just checking the certificates, it is
335 * ok if they are self signed. But we should still warn
336 * the user.
337 */
338 switch (ctx->error) {
339 case X509_V_ERR_CERT_HAS_EXPIRED:
340 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
341 #if OPENSSL_VERSION_NUMBER >= 0x00905100L
342 case X509_V_ERR_INVALID_PURPOSE:
343 case X509_V_ERR_UNABLE_TO_GET_CRL:
344 #endif
345 ok = 1;
346 log_tag = LLV_WARNING;
347 break;
348
349 default:
350 log_tag = LLV_ERROR;
351 }
352
353
354 #ifndef EAYDEBUG
355 plog(log_tag, LOCATION, NULL,
356 "%s(%d) at depth:%d SubjectName:%s\n",
357 X509_verify_cert_error_string(ctx->error),
358 ctx->error,
359 ctx->error_depth,
360 buf);
361 #else
362 printf("%d: %s(%d) at depth:%d SubjectName:%s\n",
363 log_tag,
364 X509_verify_cert_error_string(ctx->error),
365 ctx->error,
366 ctx->error_depth,
367 buf);
368 #endif
369 }
370 ERR_clear_error();
371
372 return ok;
373 }
374
375 /*
376 * Similar to cb_check_cert_local() but this one is called
377 * for certificates obtained from the IKE payload.
378 */
379 static int
380 cb_check_cert_remote(ok, ctx)
381 int ok;
382 X509_STORE_CTX *ctx;
383 {
384 char buf[256];
385 int log_tag;
386
387 if (!ok) {
388 X509_NAME_oneline(
389 X509_get_subject_name(ctx->current_cert),
390 buf,
391 256);
392 switch (ctx->error) {
393 case X509_V_ERR_UNABLE_TO_GET_CRL:
394 ok = 1;
395 log_tag = LLV_WARNING;
396 break;
397 default:
398 log_tag = LLV_ERROR;
399 }
400 #ifndef EAYDEBUG
401 plog(log_tag, LOCATION, NULL,
402 "%s(%d) at depth:%d SubjectName:%s\n",
403 X509_verify_cert_error_string(ctx->error),
404 ctx->error,
405 ctx->error_depth,
406 buf);
407 #else
408 printf("%d: %s(%d) at depth:%d SubjectName:%s\n",
409 log_tag,
410 X509_verify_cert_error_string(ctx->error),
411 ctx->error,
412 ctx->error_depth,
413 buf);
414 #endif
415 }
416 ERR_clear_error();
417
418 return ok;
419 }
420
421 /*
422 * get a subjectAltName from X509 certificate.
423 */
424 vchar_t *
425 eay_get_x509asn1subjectname(cert)
426 vchar_t *cert;
427 {
428 X509 *x509 = NULL;
429 u_char *bp;
430 vchar_t *name = NULL;
431 int len;
432 int error = -1;
433
434 bp = cert->v;
435
436 x509 = mem2x509(cert);
437 if (x509 == NULL)
438 goto end;
439
440 /* get the length of the name */
441 len = i2d_X509_NAME(x509->cert_info->subject, NULL);
442 name = vmalloc(len);
443 if (!name)
444 goto end;
445 /* get the name */
446 bp = name->v;
447 len = i2d_X509_NAME(x509->cert_info->subject, &bp);
448
449 error = 0;
450
451 end:
452 if (error) {
453 #ifndef EAYDEBUG
454 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
455 #else
456 printf("%s\n", eay_strerror());
457 #endif
458 if (name) {
459 vfree(name);
460 name = NULL;
461 }
462 }
463 if (x509)
464 X509_free(x509);
465
466 return name;
467 }
468
469 /*
470 * get the subjectAltName from X509 certificate.
471 * the name is terminated by '\0'.
472 */
473 #include <openssl/x509v3.h>
474 int
475 eay_get_x509subjectaltname(cert, altname, type, pos)
476 vchar_t *cert;
477 char **altname;
478 int *type;
479 int pos;
480 {
481 X509 *x509 = NULL;
482 X509_EXTENSION *ext;
483 X509V3_EXT_METHOD *method = NULL;
484 STACK_OF(GENERAL_NAME) *name;
485 CONF_VALUE *cval = NULL;
486 STACK_OF(CONF_VALUE) *nval = NULL;
487 u_char *bp;
488 int i, len;
489 int error = -1;
490
491 *altname = NULL;
492 *type = GENT_OTHERNAME;
493
494 bp = cert->v;
495
496 x509 = mem2x509(cert);
497 if (x509 == NULL)
498 goto end;
499
500 i = X509_get_ext_by_NID(x509, NID_subject_alt_name, -1);
501 if (i < 0)
502 goto end;
503 ext = X509_get_ext(x509, i);
504 method = X509V3_EXT_get(ext);
505 if(!method)
506 goto end;
507
508 bp = ext->value->data;
509 name = method->d2i(NULL, &bp, ext->value->length);
510 if(!name)
511 goto end;
512
513 nval = method->i2v(method, name, NULL);
514 method->ext_free(name);
515 name = NULL;
516 if(!nval)
517 goto end;
518
519 for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
520 /* skip the name */
521 if (i + 1 != pos)
522 continue;
523 cval = sk_CONF_VALUE_value(nval, i);
524 len = strlen(cval->value) + 1; /* '\0' included */
525 *altname = racoon_malloc(len);
526 if (!*altname) {
527 sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
528 goto end;
529 }
530 strlcpy(*altname, cval->value, len);
531
532 /* set type of the name */
533 eay_setgentype(cval->name, type);
534 }
535
536 sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
537
538 error = 0;
539
540 end:
541 if (error) {
542 if (*altname) {
543 racoon_free(*altname);
544 *altname = NULL;
545 }
546 #ifndef EAYDEBUG
547 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
548 #else
549 printf("%s\n", eay_strerror());
550 #endif
551 }
552 if (x509)
553 X509_free(x509);
554
555 return error;
556 }
557
558 static void
559 eay_setgentype(name, type)
560 char *name;
561 int *type;
562 {
563 /* XXX It's needed effective code */
564 if(!memcmp(name, "email", strlen("email"))) {
565 *type = GENT_EMAIL;
566 } else if(!memcmp(name, "URI", strlen("URI"))) {
567 *type = GENT_URI;
568 } else if(!memcmp(name, "DNS", strlen("DNS"))) {
569 *type = GENT_DNS;
570 } else if(!memcmp(name, "RID", strlen("RID"))) {
571 *type = GENT_RID;
572 } else if(!memcmp(name, "IP", strlen("IP"))) {
573 *type = GENT_IPADD;
574 } else {
575 *type = GENT_OTHERNAME;
576 }
577 }
578
579 /*
580 * decode a X509 certificate and make a readable text terminated '\n'.
581 * return the buffer allocated, so must free it later.
582 */
583 char *
584 eay_get_x509text(cert)
585 vchar_t *cert;
586 {
587 X509 *x509 = NULL;
588 BIO *bio = NULL;
589 char *text = NULL;
590 u_char *bp = NULL;
591 int len = 0;
592 int error = -1;
593
594 x509 = mem2x509(cert);
595 if (x509 == NULL)
596 goto end;
597
598 bio = BIO_new(BIO_s_mem());
599 if (bio == NULL)
600 goto end;
601
602 error = X509_print(bio, x509);
603 if (error != 1) {
604 error = -1;
605 goto end;
606 }
607
608 len = BIO_get_mem_data(bio, &bp);
609 text = racoon_malloc(len + 1);
610 if (text == NULL)
611 goto end;
612 memcpy(text, bp, len);
613 text[len] = '\0';
614
615 error = 0;
616
617 end:
618 if (error) {
619 if (text) {
620 racoon_free(text);
621 text = NULL;
622 }
623 #ifndef EAYDEBUG
624 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
625 #else
626 printf("%s\n", eay_strerror());
627 #endif
628 }
629 if (bio)
630 BIO_free(bio);
631 if (x509)
632 X509_free(x509);
633
634 return text;
635 }
636
637 /* get X509 structure from buffer. */
638 static X509 *
639 mem2x509(cert)
640 vchar_t *cert;
641 {
642 X509 *x509;
643
644 #ifndef EAYDEBUG
645 {
646 u_char *bp;
647
648 bp = cert->v;
649
650 x509 = d2i_X509(NULL, &bp, cert->l);
651 }
652 #else
653 {
654 BIO *bio;
655 int len;
656
657 bio = BIO_new(BIO_s_mem());
658 if (bio == NULL)
659 return NULL;
660 len = BIO_write(bio, cert->v, cert->l);
661 if (len == -1)
662 return NULL;
663 x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
664 BIO_free(bio);
665 }
666 #endif
667 return x509;
668 }
669
670 /*
671 * get a X509 certificate from local file.
672 * a certificate must be PEM format.
673 * Input:
674 * path to a certificate.
675 * Output:
676 * NULL if error occured
677 * other is the cert.
678 */
679 vchar_t *
680 eay_get_x509cert(path)
681 char *path;
682 {
683 FILE *fp;
684 X509 *x509;
685 vchar_t *cert;
686 u_char *bp;
687 int len;
688 int error;
689
690 /* Read private key */
691 fp = fopen(path, "r");
692 if (fp == NULL)
693 return NULL;
694 #if OPENSSL_VERSION_NUMBER >= 0x00904100L
695 x509 = PEM_read_X509(fp, NULL, NULL, NULL);
696 #else
697 x509 = PEM_read_X509(fp, NULL, NULL);
698 #endif
699 fclose (fp);
700
701 if (x509 == NULL)
702 return NULL;
703
704 len = i2d_X509(x509, NULL);
705 cert = vmalloc(len);
706 if (cert == NULL) {
707 X509_free(x509);
708 return NULL;
709 }
710 bp = cert->v;
711 error = i2d_X509(x509, &bp);
712 X509_free(x509);
713
714 if (error == 0)
715 return NULL;
716
717 return cert;
718 }
719
720 /*
721 * sign a souce by X509 signature.
722 * XXX: to be get hash type from my cert ?
723 * to be handled EVP_dss().
724 */
725 vchar_t *
726 eay_get_x509sign(source, privkey, cert)
727 vchar_t *source;
728 vchar_t *privkey;
729 vchar_t *cert;
730 {
731 vchar_t *sig = NULL;
732
733 sig = eay_rsa_sign(source, privkey);
734
735 return sig;
736 }
737
738 /*
739 * check a X509 signature
740 * XXX: to be get hash type from my cert ?
741 * to be handled EVP_dss().
742 * OUT: return -1 when error.
743 * 0
744 */
745 int
746 eay_check_x509sign(source, sig, cert)
747 vchar_t *source;
748 vchar_t *sig;
749 vchar_t *cert;
750 {
751 X509 *x509;
752 u_char *bp;
753 EVP_PKEY *evp;
754
755 bp = cert->v;
756
757 x509 = d2i_X509(NULL, &bp, cert->l);
758 if (x509 == NULL) {
759 #ifndef EAYDEBUG
760 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
761 #endif
762 return -1;
763 }
764
765 evp = X509_get_pubkey(x509);
766 if (!evp) {
767 #ifndef EAYDEBUG
768 plog(LLV_ERROR, LOCATION, NULL, "X509_get_pubkey: %s\n", eay_strerror());
769 #endif
770 return -1;
771 }
772
773 return eay_rsa_verify(source, sig, evp);
774 }
775
776 /*
777 * check a signature by signed with PKCS7 certificate.
778 * XXX: to be get hash type from my cert ?
779 * to be handled EVP_dss().
780 * OUT: return -1 when error.
781 * 0
782 */
783 int
784 eay_check_pkcs7sign(source, sig, cert)
785 vchar_t *source;
786 vchar_t *sig;
787 vchar_t *cert;
788 {
789 X509 *x509;
790 EVP_MD_CTX md_ctx;
791 EVP_PKEY *evp;
792 int error;
793 BIO *bio = BIO_new(BIO_s_mem());
794 char *bp;
795
796 if (bio == NULL)
797 return -1;
798 error = BIO_write(bio, cert->v, cert->l);
799 if (error != cert->l)
800 return -1;
801
802 bp = cert->v;
803 x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
804 BIO_free(bio);
805 if (x509 == NULL)
806 return -1;
807
808 evp = X509_get_pubkey(x509);
809 X509_free(x509);
810 if (evp == NULL)
811 return -1;
812
813 /* Verify the signature */
814 /* XXX: to be handled EVP_dss() */
815 EVP_VerifyInit(&md_ctx, EVP_sha1());
816 EVP_VerifyUpdate(&md_ctx, source->v, source->l);
817 error = EVP_VerifyFinal(&md_ctx, sig->v, sig->l, evp);
818
819 EVP_PKEY_free(evp);
820
821 if (error != 1)
822 return -1;
823
824 return 0;
825 }
826
827 /*
828 * get PKCS#1 Private Key of PEM format from local file.
829 */
830 vchar_t *
831 eay_get_pkcs1privkey(path)
832 char *path;
833 {
834 FILE *fp;
835 EVP_PKEY *evp = NULL;
836 vchar_t *pkey = NULL;
837 u_char *bp;
838 int pkeylen;
839 int error = -1;
840
841 /* Read private key */
842 fp = fopen(path, "r");
843 if (fp == NULL)
844 return NULL;
845
846 #if OPENSSL_VERSION_NUMBER >= 0x00904100L
847 evp = PEM_read_PrivateKey(fp, NULL, NULL, NULL);
848 #else
849 evp = PEM_read_PrivateKey(fp, NULL, NULL);
850 #endif
851 fclose (fp);
852
853 if (evp == NULL)
854 return NULL;
855
856 pkeylen = i2d_PrivateKey(evp, NULL);
857 if (pkeylen == 0)
858 goto end;
859 pkey = vmalloc(pkeylen);
860 if (pkey == NULL)
861 goto end;
862 bp = pkey->v;
863 pkeylen = i2d_PrivateKey(evp, &bp);
864 if (pkeylen == 0)
865 goto end;
866
867 error = 0;
868
869 end:
870 if (evp != NULL)
871 EVP_PKEY_free(evp);
872 if (error != 0 && pkey != NULL) {
873 vfree(pkey);
874 pkey = NULL;
875 }
876
877 return pkey;
878 }
879
880 /*
881 * get PKCS#1 Public Key of PEM format from local file.
882 */
883 vchar_t *
884 eay_get_pkcs1pubkey(path)
885 char *path;
886 {
887 FILE *fp;
888 EVP_PKEY *evp = NULL;
889 vchar_t *pkey = NULL;
890 X509 *x509 = NULL;
891 u_char *bp;
892 int pkeylen;
893 int error = -1;
894
895 /* Read private key */
896 fp = fopen(path, "r");
897 if (fp == NULL)
898 return NULL;
899
900 #if OPENSSL_VERSION_NUMBER >= 0x00904100L
901 x509 = PEM_read_X509(fp, NULL, NULL, NULL);
902 #else
903 x509 = PEM_read_X509(fp, NULL, NULL);
904 #endif
905 fclose (fp);
906
907 if (x509 == NULL)
908 return NULL;
909
910 /* Get public key - eay */
911 evp = X509_get_pubkey(x509);
912 if (evp == NULL)
913 return NULL;
914
915 pkeylen = i2d_PublicKey(evp, NULL);
916 if (pkeylen == 0)
917 goto end;
918 pkey = vmalloc(pkeylen);
919 if (pkey == NULL)
920 goto end;
921 bp = pkey->v;
922 pkeylen = i2d_PublicKey(evp, &bp);
923 if (pkeylen == 0)
924 goto end;
925
926 error = 0;
927 end:
928 if (evp != NULL)
929 EVP_PKEY_free(evp);
930 if (error != 0 && pkey != NULL) {
931 vfree(pkey);
932 pkey = NULL;
933 }
934
935 return pkey;
936 }
937 #endif
938
939 vchar_t *
940 eay_rsa_sign(src, privkey)
941 vchar_t *src, *privkey;
942 {
943 EVP_PKEY *evp;
944 u_char *bp = privkey->v;
945 vchar_t *sig = NULL;
946 int len;
947 int pad = RSA_PKCS1_PADDING;
948
949 /* XXX to be handled EVP_PKEY_DSA */
950 evp = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &bp, privkey->l);
951 if (evp == NULL)
952 return NULL;
953
954 /* XXX: to be handled EVP_dss() */
955 /* XXX: Where can I get such parameters ? From my cert ? */
956
957 len = RSA_size(evp->pkey.rsa);
958
959 sig = vmalloc(len);
960 if (sig == NULL)
961 return NULL;
962
963 len = RSA_private_encrypt(src->l, src->v, sig->v, evp->pkey.rsa, pad);
964 EVP_PKEY_free(evp);
965 if (len == 0 || len != sig->l) {
966 vfree(sig);
967 sig = NULL;
968 }
969
970 return sig;
971 }
972
973 int
974 eay_rsa_verify(src, sig, evp)
975 vchar_t *src, *sig;
976 EVP_PKEY *evp;
977 {
978 vchar_t *xbuf = NULL;
979 int pad = RSA_PKCS1_PADDING;
980 int len = 0;
981 int error;
982
983 len = RSA_size(evp->pkey.rsa);
984
985 xbuf = vmalloc(len);
986 if (xbuf == NULL) {
987 #ifndef EAYDEBUG
988 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
989 #endif
990 EVP_PKEY_free(evp);
991 return -1;
992 }
993
994 len = RSA_public_decrypt(sig->l, sig->v, xbuf->v, evp->pkey.rsa, pad);
995 #ifndef EAYDEBUG
996 if (len == 0 || len != src->l)
997 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
998 #endif
999 EVP_PKEY_free(evp);
1000 if (len == 0 || len != src->l) {
1001 vfree(xbuf);
1002 return -1;
1003 }
1004
1005 error = memcmp(src->v, xbuf->v, src->l);
1006 vfree(xbuf);
1007 if (error != 0)
1008 return -1;
1009
1010 return 0;
1011 }
1012
1013 /*
1014 * get error string
1015 * MUST load ERR_load_crypto_strings() first.
1016 */
1017 char *
1018 eay_strerror()
1019 {
1020 static char ebuf[512];
1021 int len = 0, n;
1022 unsigned long l;
1023 char buf[200];
1024 #if OPENSSL_VERSION_NUMBER >= 0x00904100L
1025 const char *file, *data;
1026 #else
1027 char *file, *data;
1028 #endif
1029 int line, flags;
1030 unsigned long es;
1031
1032 es = CRYPTO_thread_id();
1033
1034 while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0){
1035 n = snprintf(ebuf + len, sizeof(ebuf) - len,
1036 "%lu:%s:%s:%d:%s ",
1037 es, ERR_error_string(l, buf), file, line,
1038 (flags & ERR_TXT_STRING) ? data : "");
1039 if (n < 0 || n >= sizeof(ebuf) - len)
1040 break;
1041 len += n;
1042 if (sizeof(ebuf) < len)
1043 break;
1044 }
1045
1046 return ebuf;
1047 }
1048
1049 void
1050 eay_init_error()
1051 {
1052 ERR_load_crypto_strings();
1053 }
1054
1055 /*
1056 * DES-CBC
1057 */
1058 vchar_t *
1059 eay_des_encrypt(data, key, iv)
1060 vchar_t *data, *key, *iv;
1061 {
1062 vchar_t *res;
1063 des_key_schedule ks;
1064
1065 if (des_key_sched((void *)key->v, ks) != 0)
1066 return NULL;
1067
1068 /* allocate buffer for result */
1069 if ((res = vmalloc(data->l)) == NULL)
1070 return NULL;
1071
1072 /* decryption data */
1073 des_cbc_encrypt((void *)data->v, (void *)res->v, data->l,
1074 ks, (void *)iv->v, DES_ENCRYPT);
1075
1076 return res;
1077 }
1078
1079 vchar_t *
1080 eay_des_decrypt(data, key, iv)
1081 vchar_t *data, *key, *iv;
1082 {
1083 vchar_t *res;
1084 des_key_schedule ks;
1085
1086 if (des_key_sched((void *)key->v, ks) != 0)
1087 return NULL;
1088
1089 /* allocate buffer for result */
1090 if ((res = vmalloc(data->l)) == NULL)
1091 return NULL;
1092
1093 /* decryption data */
1094 des_cbc_encrypt((void *)data->v, (void *)res->v, data->l,
1095 ks, (void *)iv->v, DES_DECRYPT);
1096
1097 return res;
1098 }
1099
1100 int
1101 eay_des_weakkey(key)
1102 vchar_t *key;
1103 {
1104 return des_is_weak_key((void *)key->v);
1105 }
1106
1107 int
1108 eay_des_keylen(len)
1109 int len;
1110 {
1111 if (len != 0 && len != 64)
1112 return -1;
1113 return 64;
1114 }
1115
1116 #ifdef HAVE_OPENSSL_IDEA_H
1117 /*
1118 * IDEA-CBC
1119 */
1120 vchar_t *
1121 eay_idea_encrypt(data, key, iv)
1122 vchar_t *data, *key, *iv;
1123 {
1124 vchar_t *res;
1125 IDEA_KEY_SCHEDULE ks;
1126
1127 idea_set_encrypt_key(key->v, &ks);
1128
1129 /* allocate buffer for result */
1130 if ((res = vmalloc(data->l)) == NULL)
1131 return NULL;
1132
1133 /* decryption data */
1134 idea_cbc_encrypt(data->v, res->v, data->l,
1135 &ks, iv->v, IDEA_ENCRYPT);
1136
1137 return res;
1138 }
1139
1140 vchar_t *
1141 eay_idea_decrypt(data, key, iv)
1142 vchar_t *data, *key, *iv;
1143 {
1144 vchar_t *res;
1145 IDEA_KEY_SCHEDULE ks, dks;
1146
1147 idea_set_encrypt_key(key->v, &ks);
1148 idea_set_decrypt_key(&ks, &dks);
1149
1150 /* allocate buffer for result */
1151 if ((res = vmalloc(data->l)) == NULL)
1152 return NULL;
1153
1154 /* decryption data */
1155 idea_cbc_encrypt(data->v, res->v, data->l,
1156 &dks, iv->v, IDEA_DECRYPT);
1157
1158 return res;
1159 }
1160
1161 int
1162 eay_idea_weakkey(key)
1163 vchar_t *key;
1164 {
1165 return 0; /* XXX */
1166 }
1167
1168 int
1169 eay_idea_keylen(len)
1170 int len;
1171 {
1172 if (len != 0 && len != 128)
1173 return -1;
1174 return 128;
1175 }
1176 #endif
1177
1178 /*
1179 * BLOWFISH-CBC
1180 */
1181 vchar_t *
1182 eay_bf_encrypt(data, key, iv)
1183 vchar_t *data, *key, *iv;
1184 {
1185 vchar_t *res;
1186 BF_KEY ks;
1187
1188 BF_set_key(&ks, key->l, key->v);
1189
1190 /* allocate buffer for result */
1191 if ((res = vmalloc(data->l)) == NULL)
1192 return NULL;
1193
1194 /* decryption data */
1195 BF_cbc_encrypt(data->v, res->v, data->l,
1196 &ks, iv->v, BF_ENCRYPT);
1197
1198 return res;
1199 }
1200
1201 vchar_t *
1202 eay_bf_decrypt(data, key, iv)
1203 vchar_t *data, *key, *iv;
1204 {
1205 vchar_t *res;
1206 BF_KEY ks;
1207
1208 BF_set_key(&ks, key->l, key->v);
1209
1210 /* allocate buffer for result */
1211 if ((res = vmalloc(data->l)) == NULL)
1212 return NULL;
1213
1214 /* decryption data */
1215 BF_cbc_encrypt(data->v, res->v, data->l,
1216 &ks, iv->v, BF_DECRYPT);
1217
1218 return res;
1219 }
1220
1221 int
1222 eay_bf_weakkey(key)
1223 vchar_t *key;
1224 {
1225 return 0; /* XXX to be done. refer to RFC 2451 */
1226 }
1227
1228 int
1229 eay_bf_keylen(len)
1230 int len;
1231 {
1232 if (len == 0)
1233 return 448;
1234 if (len < 40 || len > 448)
1235 return -1;
1236 return (len + 7) / 8;
1237 }
1238
1239 #ifdef HAVE_OPENSSL_RC5_H
1240 /*
1241 * RC5-CBC
1242 */
1243 vchar_t *
1244 eay_rc5_encrypt(data, key, iv)
1245 vchar_t *data, *key, *iv;
1246 {
1247 vchar_t *res;
1248 RC5_32_KEY ks;
1249
1250 /* in RFC 2451, there is information about the number of round. */
1251 RC5_32_set_key(&ks, key->l, key->v, 16);
1252
1253 /* allocate buffer for result */
1254 if ((res = vmalloc(data->l)) == NULL)
1255 return NULL;
1256
1257 /* decryption data */
1258 RC5_32_cbc_encrypt(data->v, res->v, data->l,
1259 &ks, iv->v, RC5_ENCRYPT);
1260
1261 return res;
1262 }
1263
1264 vchar_t *
1265 eay_rc5_decrypt(data, key, iv)
1266 vchar_t *data, *key, *iv;
1267 {
1268 vchar_t *res;
1269 RC5_32_KEY ks;
1270
1271 /* in RFC 2451, there is information about the number of round. */
1272 RC5_32_set_key(&ks, key->l, key->v, 16);
1273
1274 /* allocate buffer for result */
1275 if ((res = vmalloc(data->l)) == NULL)
1276 return NULL;
1277
1278 /* decryption data */
1279 RC5_32_cbc_encrypt(data->v, res->v, data->l,
1280 &ks, iv->v, RC5_DECRYPT);
1281
1282 return res;
1283 }
1284
1285 int
1286 eay_rc5_weakkey(key)
1287 vchar_t *key;
1288 {
1289 return 0; /* No known weak keys when used with 16 rounds. */
1290
1291 }
1292
1293 int
1294 eay_rc5_keylen(len)
1295 int len;
1296 {
1297 if (len == 0)
1298 return 128;
1299 if (len < 40 || len > 2040)
1300 return -1;
1301 return (len + 7) / 8;
1302 }
1303 #endif
1304
1305 /*
1306 * 3DES-CBC
1307 */
1308 vchar_t *
1309 eay_3des_encrypt(data, key, iv)
1310 vchar_t *data, *key, *iv;
1311 {
1312 vchar_t *res;
1313 des_key_schedule ks1, ks2, ks3;
1314
1315 if (key->l < 24)
1316 return NULL;
1317
1318 if (des_key_sched((void *)key->v, ks1) != 0)
1319 return NULL;
1320 if (des_key_sched((void *)(key->v + 8), ks2) != 0)
1321 return NULL;
1322 if (des_key_sched((void *)(key->v + 16), ks3) != 0)
1323 return NULL;
1324
1325 /* allocate buffer for result */
1326 if ((res = vmalloc(data->l)) == NULL)
1327 return NULL;
1328
1329 /* decryption data */
1330 des_ede3_cbc_encrypt((void *)data->v, (void *)res->v, data->l,
1331 ks1, ks2, ks3, (void *)iv->v, DES_ENCRYPT);
1332
1333 return res;
1334 }
1335
1336 vchar_t *
1337 eay_3des_decrypt(data, key, iv)
1338 vchar_t *data, *key, *iv;
1339 {
1340 vchar_t *res;
1341 des_key_schedule ks1, ks2, ks3;
1342
1343 if (key->l < 24)
1344 return NULL;
1345
1346 if (des_key_sched((void *)key->v, ks1) != 0)
1347 return NULL;
1348 if (des_key_sched((void *)(key->v + 8), ks2) != 0)
1349 return NULL;
1350 if (des_key_sched((void *)(key->v + 16), ks3) != 0)
1351 return NULL;
1352
1353 /* allocate buffer for result */
1354 if ((res = vmalloc(data->l)) == NULL)
1355 return NULL;
1356
1357 /* decryption data */
1358 des_ede3_cbc_encrypt((void *)data->v, (void *)res->v, data->l,
1359 ks1, ks2, ks3, (void *)iv->v, DES_DECRYPT);
1360
1361 return res;
1362 }
1363
1364 int
1365 eay_3des_weakkey(key)
1366 vchar_t *key;
1367 {
1368 if (key->l < 24)
1369 return NULL;
1370
1371 return (des_is_weak_key((void *)key->v)
1372 || des_is_weak_key((void *)(key->v + 8))
1373 || des_is_weak_key((void *)(key->v + 16)));
1374 }
1375
1376 int
1377 eay_3des_keylen(len)
1378 int len;
1379 {
1380 if (len != 0 && len != 192)
1381 return -1;
1382 return 192;
1383 }
1384
1385 /*
1386 * CAST-CBC
1387 */
1388 vchar_t *
1389 eay_cast_encrypt(data, key, iv)
1390 vchar_t *data, *key, *iv;
1391 {
1392 vchar_t *res;
1393 CAST_KEY ks;
1394
1395 CAST_set_key(&ks, key->l, key->v);
1396
1397 /* allocate buffer for result */
1398 if ((res = vmalloc(data->l)) == NULL)
1399 return NULL;
1400
1401 /* decryption data */
1402 CAST_cbc_encrypt(data->v, res->v, data->l,
1403 &ks, iv->v, DES_ENCRYPT);
1404
1405 return res;
1406 }
1407
1408 vchar_t *
1409 eay_cast_decrypt(data, key, iv)
1410 vchar_t *data, *key, *iv;
1411 {
1412 vchar_t *res;
1413 CAST_KEY ks;
1414
1415 CAST_set_key(&ks, key->l, key->v);
1416
1417 /* allocate buffer for result */
1418 if ((res = vmalloc(data->l)) == NULL)
1419 return NULL;
1420
1421 /* decryption data */
1422 CAST_cbc_encrypt(data->v, res->v, data->l,
1423 &ks, iv->v, DES_DECRYPT);
1424
1425 return res;
1426 }
1427
1428 int
1429 eay_cast_weakkey(key)
1430 vchar_t *key;
1431 {
1432 return 0; /* No known weak keys. */
1433 }
1434
1435 int
1436 eay_cast_keylen(len)
1437 int len;
1438 {
1439 if (len == 0)
1440 return 128;
1441 if (len < 40 || len > 128)
1442 return -1;
1443 return (len + 7) / 8;
1444 }
1445
1446 /*
1447 * AES(RIJNDAEL)-CBC
1448 */
1449 vchar_t *
1450 eay_aes_encrypt(data, key, iv)
1451 vchar_t *data, *key, *iv;
1452 {
1453 vchar_t *res;
1454 keyInstance k;
1455 cipherInstance c;
1456
1457 memset(&k, 0, sizeof(k));
1458 if (rijndael_makeKey(&k, DIR_ENCRYPT, key->l << 3, key->v) < 0)
1459 return NULL;
1460
1461 /* allocate buffer for result */
1462 if ((res = vmalloc(data->l)) == NULL)
1463 return NULL;
1464
1465 /* encryption data */
1466 memset(&c, 0, sizeof(c));
1467 if (rijndael_cipherInit(&c, MODE_CBC, iv->v) < 0)
1468 return NULL;
1469 if (rijndael_blockEncrypt(&c, &k, data->v, data->l << 3, res->v) < 0)
1470 return NULL;
1471
1472 return res;
1473 }
1474
1475 vchar_t *
1476 eay_aes_decrypt(data, key, iv)
1477 vchar_t *data, *key, *iv;
1478 {
1479 vchar_t *res;
1480 keyInstance k;
1481 cipherInstance c;
1482
1483 memset(&k, 0, sizeof(k));
1484 if (rijndael_makeKey(&k, DIR_DECRYPT, key->l << 3, key->v) < 0)
1485 return NULL;
1486
1487 /* allocate buffer for result */
1488 if ((res = vmalloc(data->l)) == NULL)
1489 return NULL;
1490
1491 /* decryption data */
1492 memset(&c, 0, sizeof(c));
1493 if (rijndael_cipherInit(&c, MODE_CBC, iv->v) < 0)
1494 return NULL;
1495 if (rijndael_blockDecrypt(&c, &k, data->v, data->l << 3, res->v) < 0)
1496 return NULL;
1497
1498 return res;
1499 }
1500
1501 int
1502 eay_aes_weakkey(key)
1503 vchar_t *key;
1504 {
1505 return 0;
1506 }
1507
1508 int
1509 eay_aes_keylen(len)
1510 int len;
1511 {
1512 if (len == 0)
1513 return 128;
1514 if (len != 128 && len != 192 && len != 256)
1515 return -1;
1516 return len;
1517 }
1518
1519 /* for ipsec part */
1520 int
1521 eay_null_hashlen()
1522 {
1523 return 0;
1524 }
1525
1526 int
1527 eay_kpdk_hashlen()
1528 {
1529 return 0;
1530 }
1531
1532 int
1533 eay_twofish_keylen(len)
1534 int len;
1535 {
1536 if (len < 0 || len > 256)
1537 return -1;
1538 return len;
1539 }
1540
1541 int
1542 eay_null_keylen(len)
1543 int len;
1544 {
1545 return 0;
1546 }
1547
1548 /*
1549 * HMAC functions
1550 */
1551 static caddr_t
1552 eay_hmac_init(key, md)
1553 vchar_t *key;
1554 const EVP_MD *md;
1555 {
1556 HMAC_CTX *c = racoon_malloc(sizeof(*c));
1557
1558 HMAC_CTX_init(c);
1559 HMAC_Init(c, key->v, key->l, md);
1560
1561 return (caddr_t)c;
1562 }
1563
1564 /*
1565 * HMAC SHA2-512
1566 */
1567 vchar_t *
1568 eay_hmacsha2_512_one(key, data)
1569 vchar_t *key, *data;
1570 {
1571 vchar_t *res;
1572 caddr_t ctx;
1573
1574 ctx = eay_hmacsha2_512_init(key);
1575 eay_hmacsha2_512_update(ctx, data);
1576 res = eay_hmacsha2_512_final(ctx);
1577
1578 return(res);
1579 }
1580
1581 caddr_t
1582 eay_hmacsha2_512_init(key)
1583 vchar_t *key;
1584 {
1585 return eay_hmac_init(key, EVP_sha2_512());
1586 }
1587
1588 void
1589 eay_hmacsha2_512_update(c, data)
1590 caddr_t c;
1591 vchar_t *data;
1592 {
1593 HMAC_Update((HMAC_CTX *)c, data->v, data->l);
1594 }
1595
1596 vchar_t *
1597 eay_hmacsha2_512_final(c)
1598 caddr_t c;
1599 {
1600 vchar_t *res;
1601 unsigned int l;
1602
1603 if ((res = vmalloc(SHA512_DIGEST_LENGTH)) == 0)
1604 return NULL;
1605
1606 HMAC_Final((HMAC_CTX *)c, res->v, &l);
1607 res->l = l;
1608 HMAC_CTX_cleanup(c);
1609 (void)racoon_free(c);
1610
1611 if (SHA512_DIGEST_LENGTH != res->l) {
1612 #ifndef EAYDEBUG
1613 plog(LLV_ERROR, LOCATION, NULL,
1614 "hmac sha2_512 length mismatch %d.\n", res->l);
1615 #else
1616 printf("hmac sha2_512 length mismatch %d.\n", res->l);
1617 #endif
1618 vfree(res);
1619 return NULL;
1620 }
1621
1622 return(res);
1623 }
1624
1625 /*
1626 * HMAC SHA2-384
1627 */
1628 vchar_t *
1629 eay_hmacsha2_384_one(key, data)
1630 vchar_t *key, *data;
1631 {
1632 vchar_t *res;
1633 caddr_t ctx;
1634
1635 ctx = eay_hmacsha2_384_init(key);
1636 eay_hmacsha2_384_update(ctx, data);
1637 res = eay_hmacsha2_384_final(ctx);
1638
1639 return(res);
1640 }
1641
1642 caddr_t
1643 eay_hmacsha2_384_init(key)
1644 vchar_t *key;
1645 {
1646 return eay_hmac_init(key, EVP_sha2_384());
1647 }
1648
1649 void
1650 eay_hmacsha2_384_update(c, data)
1651 caddr_t c;
1652 vchar_t *data;
1653 {
1654 HMAC_Update((HMAC_CTX *)c, data->v, data->l);
1655 }
1656
1657 vchar_t *
1658 eay_hmacsha2_384_final(c)
1659 caddr_t c;
1660 {
1661 vchar_t *res;
1662 unsigned int l;
1663
1664 if ((res = vmalloc(SHA384_DIGEST_LENGTH)) == 0)
1665 return NULL;
1666
1667 HMAC_Final((HMAC_CTX *)c, res->v, &l);
1668 res->l = l;
1669 HMAC_CTX_cleanup(c);
1670 (void)racoon_free(c);
1671
1672 if (SHA384_DIGEST_LENGTH != res->l) {
1673 #ifndef EAYDEBUG
1674 plog(LLV_ERROR, LOCATION, NULL,
1675 "hmac sha2_384 length mismatch %d.\n", res->l);
1676 #else
1677 printf("hmac sha2_384 length mismatch %d.\n", res->l);
1678 #endif
1679 vfree(res);
1680 return NULL;
1681 }
1682
1683 return(res);
1684 }
1685
1686 /*
1687 * HMAC SHA2-256
1688 */
1689 vchar_t *
1690 eay_hmacsha2_256_one(key, data)
1691 vchar_t *key, *data;
1692 {
1693 vchar_t *res;
1694 caddr_t ctx;
1695
1696 ctx = eay_hmacsha2_256_init(key);
1697 eay_hmacsha2_256_update(ctx, data);
1698 res = eay_hmacsha2_256_final(ctx);
1699
1700 return(res);
1701 }
1702
1703 caddr_t
1704 eay_hmacsha2_256_init(key)
1705 vchar_t *key;
1706 {
1707 return eay_hmac_init(key, EVP_sha2_256());
1708 }
1709
1710 void
1711 eay_hmacsha2_256_update(c, data)
1712 caddr_t c;
1713 vchar_t *data;
1714 {
1715 HMAC_Update((HMAC_CTX *)c, data->v, data->l);
1716 }
1717
1718 vchar_t *
1719 eay_hmacsha2_256_final(c)
1720 caddr_t c;
1721 {
1722 vchar_t *res;
1723 unsigned int l;
1724
1725 if ((res = vmalloc(SHA256_DIGEST_LENGTH)) == 0)
1726 return NULL;
1727
1728 HMAC_Final((HMAC_CTX *)c, res->v, &l);
1729 res->l = l;
1730 HMAC_CTX_cleanup(c);
1731 (void)racoon_free(c);
1732
1733 if (SHA256_DIGEST_LENGTH != res->l) {
1734 #ifndef EAYDEBUG
1735 plog(LLV_ERROR, LOCATION, NULL,
1736 "hmac sha2_256 length mismatch %d.\n", res->l);
1737 #else
1738 printf("hmac sha2_256 length mismatch %d.\n", res->l);
1739 #endif
1740 vfree(res);
1741 return NULL;
1742 }
1743
1744 return(res);
1745 }
1746
1747 /*
1748 * HMAC SHA1
1749 */
1750 vchar_t *
1751 eay_hmacsha1_one(key, data)
1752 vchar_t *key, *data;
1753 {
1754 vchar_t *res;
1755 caddr_t ctx;
1756
1757 ctx = eay_hmacsha1_init(key);
1758 eay_hmacsha1_update(ctx, data);
1759 res = eay_hmacsha1_final(ctx);
1760
1761 return(res);
1762 }
1763
1764 caddr_t
1765 eay_hmacsha1_init(key)
1766 vchar_t *key;
1767 {
1768 return eay_hmac_init(key, EVP_sha1());
1769 }
1770
1771 void
1772 eay_hmacsha1_update(c, data)
1773 caddr_t c;
1774 vchar_t *data;
1775 {
1776 HMAC_Update((HMAC_CTX *)c, data->v, data->l);
1777 }
1778
1779 vchar_t *
1780 eay_hmacsha1_final(c)
1781 caddr_t c;
1782 {
1783 vchar_t *res;
1784 unsigned int l;
1785
1786 if ((res = vmalloc(SHA_DIGEST_LENGTH)) == 0)
1787 return NULL;
1788
1789 HMAC_Final((HMAC_CTX *)c, res->v, &l);
1790 res->l = l;
1791 HMAC_CTX_cleanup(c);
1792 (void)racoon_free(c);
1793
1794 if (SHA_DIGEST_LENGTH != res->l) {
1795 #ifndef EAYDEBUG
1796 plog(LLV_ERROR, LOCATION, NULL,
1797 "hmac sha1 length mismatch %d.\n", res->l);
1798 #else
1799 printf("hmac sha1 length mismatch %d.\n", res->l);
1800 #endif
1801 vfree(res);
1802 return NULL;
1803 }
1804
1805 return(res);
1806 }
1807
1808 /*
1809 * HMAC MD5
1810 */
1811 vchar_t *
1812 eay_hmacmd5_one(key, data)
1813 vchar_t *key, *data;
1814 {
1815 vchar_t *res;
1816 caddr_t ctx;
1817
1818 ctx = eay_hmacmd5_init(key);
1819 eay_hmacmd5_update(ctx, data);
1820 res = eay_hmacmd5_final(ctx);
1821
1822 return(res);
1823 }
1824
1825 caddr_t
1826 eay_hmacmd5_init(key)
1827 vchar_t *key;
1828 {
1829 return eay_hmac_init(key, EVP_md5());
1830 }
1831
1832 void
1833 eay_hmacmd5_update(c, data)
1834 caddr_t c;
1835 vchar_t *data;
1836 {
1837 HMAC_Update((HMAC_CTX *)c, data->v, data->l);
1838 }
1839
1840 vchar_t *
1841 eay_hmacmd5_final(c)
1842 caddr_t c;
1843 {
1844 vchar_t *res;
1845 unsigned int l;
1846
1847 if ((res = vmalloc(MD5_DIGEST_LENGTH)) == 0)
1848 return NULL;
1849
1850 HMAC_Final((HMAC_CTX *)c, res->v, &l);
1851 res->l = l;
1852 HMAC_CTX_cleanup(c);
1853 (void)racoon_free(c);
1854
1855 if (MD5_DIGEST_LENGTH != res->l) {
1856 #ifndef EAYDEBUG
1857 plog(LLV_ERROR, LOCATION, NULL,
1858 "hmac md5 length mismatch %d.\n", res->l);
1859 #else
1860 printf("hmac md5 length mismatch %d.\n", res->l);
1861 #endif
1862 vfree(res);
1863 return NULL;
1864 }
1865
1866 return(res);
1867 }
1868
1869 /*
1870 * SHA2-512 functions
1871 */
1872 caddr_t
1873 eay_sha2_512_init()
1874 {
1875 SHA512_CTX *c = racoon_malloc(sizeof(*c));
1876
1877 SHA512_Init(c);
1878
1879 return((caddr_t)c);
1880 }
1881
1882 void
1883 eay_sha2_512_update(c, data)
1884 caddr_t c;
1885 vchar_t *data;
1886 {
1887 SHA512_Update((SHA512_CTX *)c, data->v, data->l);
1888
1889 return;
1890 }
1891
1892 vchar_t *
1893 eay_sha2_512_final(c)
1894 caddr_t c;
1895 {
1896 vchar_t *res;
1897
1898 if ((res = vmalloc(SHA512_DIGEST_LENGTH)) == 0)
1899 return(0);
1900
1901 SHA512_Final(res->v, (SHA512_CTX *)c);
1902 (void)racoon_free(c);
1903
1904 return(res);
1905 }
1906
1907 vchar_t *
1908 eay_sha2_512_one(data)
1909 vchar_t *data;
1910 {
1911 caddr_t ctx;
1912 vchar_t *res;
1913
1914 ctx = eay_sha2_512_init();
1915 eay_sha2_512_update(ctx, data);
1916 res = eay_sha2_512_final(ctx);
1917
1918 return(res);
1919 }
1920
1921 int
1922 eay_sha2_512_hashlen()
1923 {
1924 return SHA512_DIGEST_LENGTH << 3;
1925 }
1926
1927 /*
1928 * SHA2-384 functions
1929 */
1930 caddr_t
1931 eay_sha2_384_init()
1932 {
1933 SHA384_CTX *c = racoon_malloc(sizeof(*c));
1934
1935 SHA384_Init(c);
1936
1937 return((caddr_t)c);
1938 }
1939
1940 void
1941 eay_sha2_384_update(c, data)
1942 caddr_t c;
1943 vchar_t *data;
1944 {
1945 SHA384_Update((SHA384_CTX *)c, data->v, data->l);
1946
1947 return;
1948 }
1949
1950 vchar_t *
1951 eay_sha2_384_final(c)
1952 caddr_t c;
1953 {
1954 vchar_t *res;
1955
1956 if ((res = vmalloc(SHA384_DIGEST_LENGTH)) == 0)
1957 return(0);
1958
1959 SHA384_Final(res->v, (SHA384_CTX *)c);
1960 (void)racoon_free(c);
1961
1962 return(res);
1963 }
1964
1965 vchar_t *
1966 eay_sha2_384_one(data)
1967 vchar_t *data;
1968 {
1969 caddr_t ctx;
1970 vchar_t *res;
1971
1972 ctx = eay_sha2_384_init();
1973 eay_sha2_384_update(ctx, data);
1974 res = eay_sha2_384_final(ctx);
1975
1976 return(res);
1977 }
1978
1979 int
1980 eay_sha2_384_hashlen()
1981 {
1982 return SHA384_DIGEST_LENGTH << 3;
1983 }
1984
1985 /*
1986 * SHA2-256 functions
1987 */
1988 caddr_t
1989 eay_sha2_256_init()
1990 {
1991 SHA256_CTX *c = racoon_malloc(sizeof(*c));
1992
1993 SHA256_Init(c);
1994
1995 return((caddr_t)c);
1996 }
1997
1998 void
1999 eay_sha2_256_update(c, data)
2000 caddr_t c;
2001 vchar_t *data;
2002 {
2003 SHA256_Update((SHA256_CTX *)c, data->v, data->l);
2004
2005 return;
2006 }
2007
2008 vchar_t *
2009 eay_sha2_256_final(c)
2010 caddr_t c;
2011 {
2012 vchar_t *res;
2013
2014 if ((res = vmalloc(SHA256_DIGEST_LENGTH)) == 0)
2015 return(0);
2016
2017 SHA256_Final(res->v, (SHA256_CTX *)c);
2018 (void)racoon_free(c);
2019
2020 return(res);
2021 }
2022
2023 vchar_t *
2024 eay_sha2_256_one(data)
2025 vchar_t *data;
2026 {
2027 caddr_t ctx;
2028 vchar_t *res;
2029
2030 ctx = eay_sha2_256_init();
2031 eay_sha2_256_update(ctx, data);
2032 res = eay_sha2_256_final(ctx);
2033
2034 return(res);
2035 }
2036
2037 int
2038 eay_sha2_256_hashlen()
2039 {
2040 return SHA256_DIGEST_LENGTH << 3;
2041 }
2042
2043 /*
2044 * SHA functions
2045 */
2046 caddr_t
2047 eay_sha1_init()
2048 {
2049 SHA_CTX *c = racoon_malloc(sizeof(*c));
2050
2051 SHA1_Init(c);
2052
2053 return((caddr_t)c);
2054 }
2055
2056 void
2057 eay_sha1_update(c, data)
2058 caddr_t c;
2059 vchar_t *data;
2060 {
2061 SHA1_Update((SHA_CTX *)c, data->v, data->l);
2062
2063 return;
2064 }
2065
2066 vchar_t *
2067 eay_sha1_final(c)
2068 caddr_t c;
2069 {
2070 vchar_t *res;
2071
2072 if ((res = vmalloc(SHA_DIGEST_LENGTH)) == 0)
2073 return(0);
2074
2075 SHA1_Final(res->v, (SHA_CTX *)c);
2076 (void)racoon_free(c);
2077
2078 return(res);
2079 }
2080
2081 vchar_t *
2082 eay_sha1_one(data)
2083 vchar_t *data;
2084 {
2085 caddr_t ctx;
2086 vchar_t *res;
2087
2088 ctx = eay_sha1_init();
2089 eay_sha1_update(ctx, data);
2090 res = eay_sha1_final(ctx);
2091
2092 return(res);
2093 }
2094
2095 int
2096 eay_sha1_hashlen()
2097 {
2098 return SHA_DIGEST_LENGTH << 3;
2099 }
2100
2101 /*
2102 * MD5 functions
2103 */
2104 caddr_t
2105 eay_md5_init()
2106 {
2107 MD5_CTX *c = racoon_malloc(sizeof(*c));
2108
2109 MD5_Init(c);
2110
2111 return((caddr_t)c);
2112 }
2113
2114 void
2115 eay_md5_update(c, data)
2116 caddr_t c;
2117 vchar_t *data;
2118 {
2119 MD5_Update((MD5_CTX *)c, data->v, data->l);
2120
2121 return;
2122 }
2123
2124 vchar_t *
2125 eay_md5_final(c)
2126 caddr_t c;
2127 {
2128 vchar_t *res;
2129
2130 if ((res = vmalloc(MD5_DIGEST_LENGTH)) == 0)
2131 return(0);
2132
2133 MD5_Final(res->v, (MD5_CTX *)c);
2134 (void)racoon_free(c);
2135
2136 return(res);
2137 }
2138
2139 vchar_t *
2140 eay_md5_one(data)
2141 vchar_t *data;
2142 {
2143 caddr_t ctx;
2144 vchar_t *res;
2145
2146 ctx = eay_md5_init();
2147 eay_md5_update(ctx, data);
2148 res = eay_md5_final(ctx);
2149
2150 return(res);
2151 }
2152
2153 int
2154 eay_md5_hashlen()
2155 {
2156 return MD5_DIGEST_LENGTH << 3;
2157 }
2158
2159 /*
2160 * eay_set_random
2161 * size: number of bytes.
2162 */
2163 vchar_t *
2164 eay_set_random(size)
2165 u_int32_t size;
2166 {
2167 BIGNUM *r = NULL;
2168 vchar_t *res = 0;
2169
2170 if ((r = BN_new()) == NULL)
2171 goto end;
2172 BN_rand(r, size * 8, 0, 0);
2173 eay_bn2v(&res, r);
2174
2175 end:
2176 if (r)
2177 BN_free(r);
2178 return(res);
2179 }
2180
2181 /* DH */
2182 int
2183 eay_dh_generate(prime, g, publen, pub, priv)
2184 vchar_t *prime, **pub, **priv;
2185 u_int publen;
2186 u_int32_t g;
2187 {
2188 BIGNUM *p = NULL;
2189 DH *dh = NULL;
2190 int error = -1;
2191
2192 /* initialize */
2193 /* pre-process to generate number */
2194 if (eay_v2bn(&p, prime) < 0)
2195 goto end;
2196
2197 if ((dh = DH_new()) == NULL)
2198 goto end;
2199 dh->p = p;
2200 p = NULL; /* p is now part of dh structure */
2201 dh->g = NULL;
2202 if ((dh->g = BN_new()) == NULL)
2203 goto end;
2204 if (!BN_set_word(dh->g, g))
2205 goto end;
2206
2207 if (publen != 0)
2208 dh->length = publen;
2209
2210 /* generate public and private number */
2211 if (!DH_generate_key(dh))
2212 goto end;
2213
2214 /* copy results to buffers */
2215 if (eay_bn2v(pub, dh->pub_key) < 0)
2216 goto end;
2217 if (eay_bn2v(priv, dh->priv_key) < 0) {
2218 vfree(*pub);
2219 goto end;
2220 }
2221
2222 error = 0;
2223
2224 end:
2225 if (dh != NULL)
2226 DH_free(dh);
2227 if (p != 0)
2228 BN_free(p);
2229 return(error);
2230 }
2231
2232 int
2233 eay_dh_compute(prime, g, pub, priv, pub2, key)
2234 vchar_t *prime, *pub, *priv, *pub2, **key;
2235 u_int32_t g;
2236 {
2237 BIGNUM *dh_pub = NULL;
2238 DH *dh = NULL;
2239 int l;
2240 caddr_t v = NULL;
2241 int error = -1;
2242
2243 /* make public number to compute */
2244 if (eay_v2bn(&dh_pub, pub2) < 0)
2245 goto end;
2246
2247 /* make DH structure */
2248 if ((dh = DH_new()) == NULL)
2249 goto end;
2250 if (eay_v2bn(&dh->p, prime) < 0)
2251 goto end;
2252 if (eay_v2bn(&dh->pub_key, pub) < 0)
2253 goto end;
2254 if (eay_v2bn(&dh->priv_key, priv) < 0)
2255 goto end;
2256 dh->length = pub2->l * 8;
2257
2258 dh->g = NULL;
2259 if ((dh->g = BN_new()) == NULL)
2260 goto end;
2261 if (!BN_set_word(dh->g, g))
2262 goto end;
2263
2264 if ((v = (caddr_t)racoon_calloc(prime->l, sizeof(u_char))) == NULL)
2265 goto end;
2266 if ((l = DH_compute_key(v, dh_pub, dh)) == -1)
2267 goto end;
2268 memcpy((*key)->v + (prime->l - l), v, l);
2269
2270 error = 0;
2271
2272 end:
2273 if (dh_pub != NULL)
2274 BN_free(dh_pub);
2275 if (dh != NULL)
2276 DH_free(dh);
2277 if (v != NULL)
2278 racoon_free(v);
2279 return(error);
2280 }
2281
2282 #if 1
2283 int
2284 eay_v2bn(bn, var)
2285 BIGNUM **bn;
2286 vchar_t *var;
2287 {
2288 if ((*bn = BN_bin2bn(var->v, var->l, NULL)) == NULL)
2289 return -1;
2290
2291 return 0;
2292 }
2293 #else
2294 /*
2295 * convert vchar_t <-> BIGNUM.
2296 *
2297 * vchar_t: unit is u_char, network endian, most significant byte first.
2298 * BIGNUM: unit is BN_ULONG, each of BN_ULONG is in host endian,
2299 * least significant BN_ULONG must come first.
2300 *
2301 * hex value of "0x3ffe050104" is represented as follows:
2302 * vchar_t: 3f fe 05 01 04
2303 * BIGNUM (BN_ULONG = u_int8_t): 04 01 05 fe 3f
2304 * BIGNUM (BN_ULONG = u_int16_t): 0x0104 0xfe05 0x003f
2305 * BIGNUM (BN_ULONG = u_int32_t_t): 0xfe050104 0x0000003f
2306 */
2307 int
2308 eay_v2bn(bn, var)
2309 BIGNUM **bn;
2310 vchar_t *var;
2311 {
2312 u_char *p;
2313 u_char *q;
2314 BN_ULONG *r;
2315 int l;
2316 BN_ULONG num;
2317
2318 *bn = BN_new();
2319 if (*bn == NULL)
2320 goto err;
2321 l = (var->l * 8 + BN_BITS2 - 1) / BN_BITS2;
2322 if (bn_expand(*bn, l * BN_BITS2) == NULL)
2323 goto err;
2324 (*bn)->top = l;
2325
2326 /* scan from least significant byte */
2327 p = (u_char *)var->v;
2328 q = (u_char *)(var->v + var->l);
2329 r = (*bn)->d;
2330 num = 0;
2331 l = 0;
2332 do {
2333 q--;
2334 num = num | ((BN_ULONG)*q << (l++ * 8));
2335 if (l == BN_BYTES) {
2336 *r++ = num;
2337 num = 0;
2338 l = 0;
2339 }
2340 } while (p < q);
2341 if (l)
2342 *r = num;
2343 return 0;
2344
2345 err:
2346 if (*bn)
2347 BN_free(*bn);
2348 return -1;
2349 }
2350 #endif
2351
2352 int
2353 eay_bn2v(var, bn)
2354 vchar_t **var;
2355 BIGNUM *bn;
2356 {
2357 *var = vmalloc(bn->top * BN_BYTES);
2358 if (*var == NULL)
2359 return(-1);
2360
2361 (*var)->l = BN_bn2bin(bn, (*var)->v);
2362
2363 return 0;
2364 }
2365
2366 const char *
2367 eay_version()
2368 {
2369 return SSLeay_version(SSLEAY_VERSION);
2370 }
mirror of network_cmds