Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / ipsec-tools / c454954382b81262dc81ac54e147f4dc7fc0af75 / . / src / racoon / crypto_openssl.c
blob: e6e2ed39dc3505c46d28c955b726dff03e4e4772 [file] [log] [blame]
Chia-chi Yeh1c715272009-06-21 08:13:52 +0800[diff] [blame]1/* $NetBSD: crypto_openssl.c,v 1.11.6.5 2009/04/20 13:33:30 tteras Exp $ */
Chung-yih Wang0a1907d2009-04-23 12:26:00 +0800[diff] [blame]2
3/* Id: crypto_openssl.c,v 1.47 2006/05/06 20:42:09 manubsd Exp */
4
5/*
6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the project nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34#include "config.h"
35
36#include <sys/types.h>
37#include <sys/param.h>
38
39#include <stdlib.h>
40#include <stdio.h>
41#include <limits.h>
42#include <string.h>
43
44/* get openssl/ssleay version number */
45#include <openssl/opensslv.h>
46
47#if !defined(OPENSSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x0090602fL)
48#error OpenSSL version 0.9.6 or later required.
49#endif
50
51#include <openssl/pem.h>
52#include <openssl/evp.h>
53#include <openssl/x509.h>
54#include <openssl/x509v3.h>
55#include <openssl/x509_vfy.h>
56#include <openssl/bn.h>
57#include <openssl/dh.h>
58#include <openssl/md5.h>
59#include <openssl/sha.h>
60#include <openssl/hmac.h>
61#include <openssl/des.h>
62#include <openssl/crypto.h>
63#ifdef HAVE_OPENSSL_ENGINE_H
64#include <openssl/engine.h>
65#endif
Chia-chi Yeh458fe1e2009-06-26 14:36:17 +0800[diff] [blame]66#ifndef ANDROID_CHANGES
Chung-yih Wang0a1907d2009-04-23 12:26:00 +0800[diff] [blame]67#include <openssl/blowfish.h>
68#include <openssl/cast.h>
Chia-chi Yeh458fe1e2009-06-26 14:36:17 +0800[diff] [blame]69#else
70#define EVP_bf_cbc() NULL
71#define EVP_cast5_cbc() NULL
Chia-chi Yehb880c662009-07-06 14:29:18 +0800[diff] [blame]72#include "keystore_get.h"
Chia-chi Yeh458fe1e2009-06-26 14:36:17 +0800[diff] [blame]73#endif
Chung-yih Wang0a1907d2009-04-23 12:26:00 +0800[diff] [blame]74#include <openssl/err.h>
75#ifdef HAVE_OPENSSL_RC5_H
76#include <openssl/rc5.h>
77#endif
78#ifdef HAVE_OPENSSL_IDEA_H
79#include <openssl/idea.h>
80#endif
81#if defined(HAVE_OPENSSL_AES_H)
82#include <openssl/aes.h>
83#elif defined(HAVE_OPENSSL_RIJNDAEL_H)
84#include <openssl/rijndael.h>
85#else
86#include "crypto/rijndael/rijndael-api-fst.h"
87#endif
88#if defined(HAVE_OPENSSL_CAMELLIA_H)
89#include <openssl/camellia.h>
90#endif
91#ifdef WITH_SHA2
92#ifdef HAVE_OPENSSL_SHA2_H
93#include <openssl/sha2.h>
94#else
95#include "crypto/sha2/sha2.h"
96#endif
97#endif
98#include "plog.h"
99
100/* 0.9.7 stuff? */
101#if OPENSSL_VERSION_NUMBER < 0x0090700fL
102typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES;
103#else
104#define USE_NEW_DES_API
105#endif
106
107#define OpenSSL_BUG() do { plog(LLV_ERROR, LOCATION, NULL, "OpenSSL function failed\n"); } while(0)
108
109#include "var.h"
110#include "misc.h"
111#include "vmbuf.h"
112#include "plog.h"
113#include "crypto_openssl.h"
114#include "debug.h"
115#include "gcmalloc.h"
116
117/*
118 * I hate to cast every parameter to des_xx into void *, but it is
119 * necessary for SSLeay/OpenSSL portability. It sucks.
120 */
121
122static int cb_check_cert_local __P((int, X509_STORE_CTX *));
123static int cb_check_cert_remote __P((int, X509_STORE_CTX *));
124static X509 *mem2x509 __P((vchar_t *));
125
126static caddr_t eay_hmac_init __P((vchar_t *, const EVP_MD *));
127
Chung-yih Wang0a1907d2009-04-23 12:26:00 +0800[diff] [blame]128/* X509 Certificate */
129/*
130 * convert the string of the subject name into DER
131 * e.g. str = "C=JP, ST=Kanagawa";
132 */
133vchar_t *
134eay_str2asn1dn(str, len)
135 const char *str;
136 int len;
137{
138 X509_NAME *name;
139 char *buf;
140 char *field, *value;
141 int i, j;
142 vchar_t *ret = NULL;
143 caddr_t p;
144
145 if (len == -1)
146 len = strlen(str);
147
148 buf = racoon_malloc(len + 1);
149 if (!buf) {
150 plog(LLV_WARNING, LOCATION, NULL,"failed to allocate buffer\n");
151 return NULL;
152 }
153 memcpy(buf, str, len);
154
155 name = X509_NAME_new();
156
157 field = &buf[0];
158 value = NULL;
159 for (i = 0; i < len; i++) {
160 if (!value && buf[i] == '=') {
161 buf[i] = '\0';
162 value = &buf[i + 1];
163 continue;
164 } else if (buf[i] == ',' || buf[i] == '/') {
165 buf[i] = '\0';
166
167 plog(LLV_DEBUG, LOCATION, NULL, "DN: %s=%s\n",
168 field, value);
169
170 if (!value) goto err;
171 if (!X509_NAME_add_entry_by_txt(name, field,
172 (value[0] == '*' && value[1] == 0) ?
173 V_ASN1_PRINTABLESTRING : MBSTRING_ASC,
174 (unsigned char *) value, -1, -1, 0)) {
175 plog(LLV_ERROR, LOCATION, NULL,
176 "Invalid DN field: %s=%s\n",
177 field, value);
178 plog(LLV_ERROR, LOCATION, NULL,
179 "%s\n", eay_strerror());
180 goto err;
181 }
182 for (j = i + 1; j < len; j++) {
183 if (buf[j] != ' ')
184 break;
185 }
186 field = &buf[j];
187 value = NULL;
188 continue;
189 }
190 }
191 buf[len] = '\0';
192
193 plog(LLV_DEBUG, LOCATION, NULL, "DN: %s=%s\n",
194 field, value);
195
196 if (!value) goto err;
197 if (!X509_NAME_add_entry_by_txt(name, field,
198 (value[0] == '*' && value[1] == 0) ?
199 V_ASN1_PRINTABLESTRING : MBSTRING_ASC,
200 (unsigned char *) value, -1, -1, 0)) {
201 plog(LLV_ERROR, LOCATION, NULL,
202 "Invalid DN field: %s=%s\n",
203 field, value);
204 plog(LLV_ERROR, LOCATION, NULL,
205 "%s\n", eay_strerror());
206 goto err;
207 }
208
209 i = i2d_X509_NAME(name, NULL);
210 if (!i)
211 goto err;
212 ret = vmalloc(i);
213 if (!ret)
214 goto err;
215 p = ret->v;
216 i = i2d_X509_NAME(name, (void *)&p);
217 if (!i)
218 goto err;
219
220 return ret;
221
222 err:
223 if (buf)
224 racoon_free(buf);
225 if (name)
226 X509_NAME_free(name);
227 if (ret)
228 vfree(ret);
229 return NULL;
230}
231
232/*
233 * convert the hex string of the subject name into DER
234 */
235vchar_t *
236eay_hex2asn1dn(const char *hex, int len)
237{
238 BIGNUM *bn = BN_new();
239 char *binbuf;
240 size_t binlen;
241 vchar_t *ret = NULL;
242
243 if (len == -1)
244 len = strlen(hex);
245
246 if (BN_hex2bn(&bn, hex) != len) {
247 plog(LLV_ERROR, LOCATION, NULL,
248 "conversion of Hex-encoded ASN1 string to binary failed: %s\n",
249 eay_strerror());
250 goto out;
251 }
252
253 binlen = BN_num_bytes(bn);
254 ret = vmalloc(binlen);
255 if (!ret) {
256 plog(LLV_WARNING, LOCATION, NULL,"failed to allocate buffer\n");
257 return NULL;
258 }
259 binbuf = ret->v;
260
261 BN_bn2bin(bn, (unsigned char *) binbuf);
262
263out:
264 BN_free(bn);
265
266 return ret;
267}
268
269/*
270 * The following are derived from code in crypto/x509/x509_cmp.c
271 * in OpenSSL0.9.7c:
272 * X509_NAME_wildcmp() adds wildcard matching to the original
273 * X509_NAME_cmp(), nocase_cmp() and nocase_spacenorm_cmp() are as is.
274 */
275#include <ctype.h>
276/* Case insensitive string comparision */
277static int nocase_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
278{
279 int i;
280
281 if (a->length != b->length)
282 return (a->length - b->length);
283
284 for (i=0; i<a->length; i++)
285 {
286 int ca, cb;
287
288 ca = tolower(a->data[i]);
289 cb = tolower(b->data[i]);
290
291 if (ca != cb)
292 return(ca-cb);
293 }
294 return 0;
295}
296
297/* Case insensitive string comparision with space normalization
298 * Space normalization - ignore leading, trailing spaces,
299 * multiple spaces between characters are replaced by single space
300 */
301static int nocase_spacenorm_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
302{
303 unsigned char *pa = NULL, *pb = NULL;
304 int la, lb;
305
306 la = a->length;
307 lb = b->length;
308 pa = a->data;
309 pb = b->data;
310
311 /* skip leading spaces */
312 while (la > 0 && isspace(*pa))
313 {
314 la--;
315 pa++;
316 }
317 while (lb > 0 && isspace(*pb))
318 {
319 lb--;
320 pb++;
321 }
322
323 /* skip trailing spaces */
324 while (la > 0 && isspace(pa[la-1]))
325 la--;
326 while (lb > 0 && isspace(pb[lb-1]))
327 lb--;
328
329 /* compare strings with space normalization */
330 while (la > 0 && lb > 0)
331 {
332 int ca, cb;
333
334 /* compare character */
335 ca = tolower(*pa);
336 cb = tolower(*pb);
337 if (ca != cb)
338 return (ca - cb);
339
340 pa++; pb++;
341 la--; lb--;
342
343 if (la <= 0 || lb <= 0)
344 break;
345
346 /* is white space next character ? */
347 if (isspace(*pa) && isspace(*pb))
348 {
349 /* skip remaining white spaces */
350 while (la > 0 && isspace(*pa))
351 {
352 la--;
353 pa++;
354 }
355 while (lb > 0 && isspace(*pb))
356 {
357 lb--;
358 pb++;
359 }
360 }
361 }
362 if (la > 0 || lb > 0)
363 return la - lb;
364
365 return 0;
366}
367
368static int X509_NAME_wildcmp(const X509_NAME *a, const X509_NAME *b)
369{
370 int i,j;
371 X509_NAME_ENTRY *na,*nb;
372
373 if (sk_X509_NAME_ENTRY_num(a->entries)
374 != sk_X509_NAME_ENTRY_num(b->entries))
375 return sk_X509_NAME_ENTRY_num(a->entries)
376 -sk_X509_NAME_ENTRY_num(b->entries);
377 for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
378 {
379 na=sk_X509_NAME_ENTRY_value(a->entries,i);
380 nb=sk_X509_NAME_ENTRY_value(b->entries,i);
381 j=OBJ_cmp(na->object,nb->object);
382 if (j) return(j);
383 if ((na->value->length == 1 && na->value->data[0] == '*')
384 || (nb->value->length == 1 && nb->value->data[0] == '*'))
385 continue;
386 j=na->value->type-nb->value->type;
387 if (j) return(j);
388 if (na->value->type == V_ASN1_PRINTABLESTRING)
389 j=nocase_spacenorm_cmp(na->value, nb->value);
390 else if (na->value->type == V_ASN1_IA5STRING
391 && OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress)
392 j=nocase_cmp(na->value, nb->value);
393 else
394 {
395 j=na->value->length-nb->value->length;
396 if (j) return(j);
397 j=memcmp(na->value->data,nb->value->data,
398 na->value->length);
399 }
400 if (j) return(j);
401 j=na->set-nb->set;
402 if (j) return(j);
403 }
404
405 return(0);
406}
407
408/*
409 * compare two subjectNames.
410 * OUT: 0: equal
411 * positive:
412 * -1: other error.
413 */
414int
415eay_cmp_asn1dn(n1, n2)
416 vchar_t *n1, *n2;
417{
418 X509_NAME *a = NULL, *b = NULL;
419 caddr_t p;
420 int i = -1;
421
422 p = n1->v;
423 if (!d2i_X509_NAME(&a, (void *)&p, n1->l))
424 goto end;
425 p = n2->v;
426 if (!d2i_X509_NAME(&b, (void *)&p, n2->l))
427 goto end;
428
429 i = X509_NAME_wildcmp(a, b);
430
431 end:
432 if (a)
433 X509_NAME_free(a);
434 if (b)
435 X509_NAME_free(b);
436 return i;
437}
438
Chia-chi Yehb880c662009-07-06 14:29:18 +0800[diff] [blame]439#ifdef ANDROID_CHANGES
440static BIO *BIO_from_keystore(char *key)
441{
442 BIO *bio = NULL;
443 char *value;
444 int size;
445
446 value = keystore_get(key, &size);
447 if (value) {
448 bio = BIO_new(BIO_s_mem());
449 if (bio) {
450 BIO_write(bio, value, size);
451 }
452 free(value);
453 }
454 return bio;
455}
456#endif
457
458
Chung-yih Wang0a1907d2009-04-23 12:26:00 +0800[diff] [blame]459/*
460 * this functions is derived from apps/verify.c in OpenSSL0.9.5
461 */
462int
463eay_check_x509cert(cert, CApath, CAfile, local)
464 vchar_t *cert;
465 char *CApath;
466 char *CAfile;
467 int local;
468{
469 X509_STORE *cert_ctx = NULL;
470 X509_LOOKUP *lookup = NULL;
471 X509 *x509 = NULL;
472 X509_STORE_CTX *csc;
473 int error = -1;
474
475 cert_ctx = X509_STORE_new();
476 if (cert_ctx == NULL)
477 goto end;
478
479 if (local)
480 X509_STORE_set_verify_cb_func(cert_ctx, cb_check_cert_local);
481 else
482 X509_STORE_set_verify_cb_func(cert_ctx, cb_check_cert_remote);
483
Chia-chi Yehb880c662009-07-06 14:29:18 +0800[diff] [blame]484#ifndef ANDROID_CHANGES
Chung-yih Wang0a1907d2009-04-23 12:26:00 +0800[diff] [blame]485 lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file());
486 if (lookup == NULL)
487 goto end;
488
489 X509_LOOKUP_load_file(lookup, CAfile,
490 (CAfile == NULL) ? X509_FILETYPE_DEFAULT : X509_FILETYPE_PEM);
491
492 lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_hash_dir());
493 if (lookup == NULL)
494 goto end;
495 error = X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM);
496 if(!error) {
497 error = -1;
498 goto end;
499 }
500 error = -1; /* initialized */
Chia-chi Yehb880c662009-07-06 14:29:18 +0800[diff] [blame]501#else
502 if (CAfile) {
503 BIO *bio = BIO_from_keystore(CAfile);
504 if (bio) {
505 x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
506 X509_STORE_add_cert(cert_ctx, x509);
Chia-chi Yeh8af8eaa2009-07-13 16:38:04 +0800[diff] [blame]507 X509_free(x509);
Chia-chi Yehb880c662009-07-06 14:29:18 +0800[diff] [blame]508 BIO_free(bio);
509 }
510 }
511#endif
Chung-yih Wang0a1907d2009-04-23 12:26:00 +0800[diff] [blame]512
513 /* read the certificate to be verified */
514 x509 = mem2x509(cert);
515 if (x509 == NULL)
516 goto end;
517
518 csc = X509_STORE_CTX_new();
519 if (csc == NULL)
520 goto end;
521 X509_STORE_CTX_init(csc, cert_ctx, x509, NULL);
522#if OPENSSL_VERSION_NUMBER >= 0x00907000L
523 X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CRL_CHECK);
524 X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CRL_CHECK_ALL);
525#endif
526 error = X509_verify_cert(csc);
527 X509_STORE_CTX_cleanup(csc);
528
529 /*
530 * if x509_verify_cert() is successful then the value of error is
531 * set non-zero.
532 */
533 error = error ? 0 : -1;
534
535end:
536 if (error)
537 plog(LLV_WARNING, LOCATION, NULL,"%s\n", eay_strerror());
538 if (cert_ctx != NULL)
539 X509_STORE_free(cert_ctx);
540 if (x509 != NULL)
541 X509_free(x509);
542
543 return(error);
544}
545
546/*
547 * callback function for verifing certificate.
548 * this function is derived from cb() in openssl/apps/s_server.c
549 */
550static int
551cb_check_cert_local(ok, ctx)
552 int ok;
553 X509_STORE_CTX *ctx;
554{
555 char buf[256];
556 int log_tag;
557
558 if (!ok) {
559 X509_NAME_oneline(
560 X509_get_subject_name(ctx->current_cert),
561 buf,
562 256);
563 /*
564 * since we are just checking the certificates, it is
565 * ok if they are self signed. But we should still warn
566 * the user.
567 */
568 switch (ctx->error) {
569 case X509_V_ERR_CERT_HAS_EXPIRED:
570 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
571 case X509_V_ERR_INVALID_CA:
572 case X509_V_ERR_PATH_LENGTH_EXCEEDED:
573 case X509_V_ERR_INVALID_PURPOSE:
574 case X509_V_ERR_UNABLE_TO_GET_CRL:
575 ok = 1;
576 log_tag = LLV_WARNING;
577 break;
578 default:
579 log_tag = LLV_ERROR;
580 }
581 plog(log_tag, LOCATION, NULL,
582 "%s(%d) at depth:%d SubjectName:%s\n",
583 X509_verify_cert_error_string(ctx->error),
584 ctx->error,
585 ctx->error_depth,
586 buf);
587 }
588 ERR_clear_error();
589
590 return ok;
591}
592
593/*
594 * callback function for verifing remote certificates.
595 * this function is derived from cb() in openssl/apps/s_server.c
596 */
597static int
598cb_check_cert_remote(ok, ctx)
599 int ok;
600 X509_STORE_CTX *ctx;
601{
602 char buf[256];
603 int log_tag;
604
605 if (!ok) {
606 X509_NAME_oneline(
607 X509_get_subject_name(ctx->current_cert),
608 buf,
609 256);
610 switch (ctx->error) {
611 case X509_V_ERR_UNABLE_TO_GET_CRL:
612 ok = 1;
613 log_tag = LLV_WARNING;
614 break;
615 default:
616 log_tag = LLV_ERROR;
617 }
618 plog(log_tag, LOCATION, NULL,
619 "%s(%d) at depth:%d SubjectName:%s\n",
620 X509_verify_cert_error_string(ctx->error),
621 ctx->error,
622 ctx->error_depth,
623 buf);
624 }
625 ERR_clear_error();
626
627 return ok;
628}
629
630/*
631 * get a subjectAltName from X509 certificate.
632 */
633vchar_t *
634eay_get_x509asn1subjectname(cert)
635 vchar_t *cert;
636{
637 X509 *x509 = NULL;
638 u_char *bp;
639 vchar_t *name = NULL;
640 int len;
641
642 bp = (unsigned char *) cert->v;
643
644 x509 = mem2x509(cert);
645 if (x509 == NULL)
646 goto error;
647
648 /* get the length of the name */
649 len = i2d_X509_NAME(x509->cert_info->subject, NULL);
650 name = vmalloc(len);
651 if (!name)
652 goto error;
653 /* get the name */
654 bp = (unsigned char *) name->v;
655 len = i2d_X509_NAME(x509->cert_info->subject, &bp);
656
657 X509_free(x509);
658
659 return name;
660
661error:
662 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
663
664 if (name != NULL)
665 vfree(name);
666
667 if (x509 != NULL)
668 X509_free(x509);
669
670 return NULL;
671}
672
673/*
674 * get the subjectAltName from X509 certificate.
675 * the name must be terminated by '\0'.
676 */
677int
678eay_get_x509subjectaltname(cert, altname, type, pos)
679 vchar_t *cert;
680 char **altname;
681 int *type;
682 int pos;
683{
684 X509 *x509 = NULL;
685 GENERAL_NAMES *gens = NULL;
686 GENERAL_NAME *gen;
687 int len;
688 int error = -1;
689
690 *altname = NULL;
691 *type = GENT_OTHERNAME;
692
693 x509 = mem2x509(cert);
694 if (x509 == NULL)
695 goto end;
696
697 gens = X509_get_ext_d2i(x509, NID_subject_alt_name, NULL, NULL);
698 if (gens == NULL)
699 goto end;
700
701 /* there is no data at "pos" */
702 if (pos > sk_GENERAL_NAME_num(gens))
703 goto end;
704
705 gen = sk_GENERAL_NAME_value(gens, pos - 1);
706
707 /* read DNSName / Email */
708 if (gen->type == GEN_DNS ||
709 gen->type == GEN_EMAIL ||
710 gen->type == GEN_URI )
711 {
712 /* make sure if the data is terminated by '\0'. */
713 if (gen->d.ia5->data[gen->d.ia5->length] != '\0')
714 {
715 plog(LLV_ERROR, LOCATION, NULL,
716 "data is not terminated by NUL.");
717 racoon_hexdump(gen->d.ia5->data, gen->d.ia5->length + 1);
718 goto end;
719 }
720
721 len = gen->d.ia5->length + 1;
722 *altname = racoon_malloc(len);
723 if (!*altname)
724 goto end;
725
726 strlcpy(*altname, (char *) gen->d.ia5->data, len);
727 *type = gen->type;
728 error = 0;
729 }
730 /* read IP address */
731 else if (gen->type == GEN_IPADD)
732 {
733 unsigned char p[5], *ip;
734 ip = p;
735
736 /* only support IPv4 */
737 if (gen->d.ip->length != 4)
738 goto end;
739
740 /* convert Octet String to String
741 * XXX ???????
742 */
743 /*i2d_ASN1_OCTET_STRING(gen->d.ip,&ip);*/
744 ip = gen->d.ip->data;
745
746 /* XXX Magic, enough for an IPv4 address
747 */
748 *altname = racoon_malloc(20);
749 if (!*altname)
750 goto end;
751
752 sprintf(*altname, "%u.%u.%u.%u", ip[0], ip[1], ip[2], ip[3]);
753 *type = gen->type;
754 error = 0;
755 }
756 /* XXX other possible types ?
757 * For now, error will be -1 if unsupported type
758 */
759
760end:
761 if (error) {
762 if (*altname) {
763 racoon_free(*altname);
764 *altname = NULL;
765 }
766 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
767 }
768 if (x509)
769 X509_free(x509);
770 if (gens)
771 /* free the whole stack. */
772 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
773
774 return error;
775}
776
777
778/*
779 * decode a X509 certificate and make a readable text terminated '\n'.
780 * return the buffer allocated, so must free it later.
781 */
782char *
783eay_get_x509text(cert)
784 vchar_t *cert;
785{
786 X509 *x509 = NULL;
787 BIO *bio = NULL;
788 char *text = NULL;
789 u_char *bp = NULL;
790 int len = 0;
791 int error = -1;
792
793 x509 = mem2x509(cert);
794 if (x509 == NULL)
795 goto end;
796
797 bio = BIO_new(BIO_s_mem());
798 if (bio == NULL)
799 goto end;
800
801 error = X509_print(bio, x509);
802 if (error != 1) {
803 error = -1;
804 goto end;
805 }
806
807 len = BIO_get_mem_data(bio, &bp);
808 text = racoon_malloc(len + 1);
809 if (text == NULL)
810 goto end;
811 memcpy(text, bp, len);
812 text[len] = '\0';
813
814 error = 0;
815
816 end:
817 if (error) {
818 if (text) {
819 racoon_free(text);
820 text = NULL;
821 }
822 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
823 }
824 if (bio)
825 BIO_free(bio);
826 if (x509)
827 X509_free(x509);
828
829 return text;
830}
831
832/* get X509 structure from buffer. */
833static X509 *
834mem2x509(cert)
835 vchar_t *cert;
836{
837 X509 *x509;
838
839#ifndef EAYDEBUG
840 {
841 u_char *bp;
842
843 bp = (unsigned char *) cert->v;
844
845 x509 = d2i_X509(NULL, (void *)&bp, cert->l);
846 }
847#else
848 {
849 BIO *bio;
850 int len;
851
852 bio = BIO_new(BIO_s_mem());
853 if (bio == NULL)
854 return NULL;
855 len = BIO_write(bio, cert->v, cert->l);
856 if (len == -1)
857 return NULL;
858 x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
859 BIO_free(bio);
860 }
861#endif
862 return x509;
863}
864
865/*
866 * get a X509 certificate from local file.
867 * a certificate must be PEM format.
868 * Input:
869 * path to a certificate.
870 * Output:
871 * NULL if error occured
872 * other is the cert.
873 */
874vchar_t *
875eay_get_x509cert(path)
876 char *path;
877{
878 FILE *fp;
879 X509 *x509;
880 vchar_t *cert;
881 u_char *bp;
882 int len;
883 int error;
884
Chia-chi Yehb880c662009-07-06 14:29:18 +0800[diff] [blame]885#ifdef ANDROID_CHANGES
886 BIO *bio = BIO_from_keystore(path);
887 x509 = NULL;
888 if (bio) {
889 x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
890 BIO_free(bio);
891 }
892#else
Chung-yih Wang0a1907d2009-04-23 12:26:00 +0800[diff] [blame]893 /* Read private key */
894 fp = fopen(path, "r");
895 if (fp == NULL)
896 return NULL;
897 x509 = PEM_read_X509(fp, NULL, NULL, NULL);
898 fclose (fp);
Chia-chi Yehb880c662009-07-06 14:29:18 +0800[diff] [blame]899#endif
Chung-yih Wang0a1907d2009-04-23 12:26:00 +0800[diff] [blame]900
901 if (x509 == NULL)
902 return NULL;
903
904 len = i2d_X509(x509, NULL);
905 cert = vmalloc(len);
906 if (cert == NULL) {
907 X509_free(x509);
908 return NULL;
909 }
910 bp = (unsigned char *) cert->v;
911 error = i2d_X509(x509, &bp);
912 X509_free(x509);
913
914 if (error == 0) {
915 vfree(cert);
916 return NULL;
917 }
918
919 return cert;
920}
921
922/*
923 * check a X509 signature
924 * XXX: to be get hash type from my cert ?
925 * to be handled EVP_dss().
926 * OUT: return -1 when error.
927 * 0
928 */
929int
930eay_check_x509sign(source, sig, cert)
931 vchar_t *source;
932 vchar_t *sig;
933 vchar_t *cert;
934{
935 X509 *x509;
936 u_char *bp;
937 EVP_PKEY *evp;
938 int res;
939
940 bp = (unsigned char *) cert->v;
941
942 x509 = d2i_X509(NULL, (void *)&bp, cert->l);
943 if (x509 == NULL) {
944 plog(LLV_ERROR, LOCATION, NULL, "d2i_X509(): %s\n", eay_strerror());
945 return -1;
946 }
947
948 evp = X509_get_pubkey(x509);
949 if (! evp) {
950 plog(LLV_ERROR, LOCATION, NULL, "X509_get_pubkey(): %s\n", eay_strerror());
Chia-chi Yeh1c715272009-06-21 08:13:52 +0800[diff] [blame]951 X509_free(x509);
Chung-yih Wang0a1907d2009-04-23 12:26:00 +0800[diff] [blame]952 return -1;
953 }
954
955 res = eay_rsa_verify(source, sig, evp->pkey.rsa);
956
957 EVP_PKEY_free(evp);
Chia-chi Yeh1c715272009-06-21 08:13:52 +0800[diff] [blame]958 X509_free(x509);
Chung-yih Wang0a1907d2009-04-23 12:26:00 +0800[diff] [blame]959
960 return res;
961}
962
963/*
964 * check RSA signature
965 * OUT: return -1 when error.
966 * 0 on success
967 */
968int
969eay_check_rsasign(source, sig, rsa)
970 vchar_t *source;
971 vchar_t *sig;
972 RSA *rsa;
973{
974 return eay_rsa_verify(source, sig, rsa);
975}
976
977/*
978 * get PKCS#1 Private Key of PEM format from local file.
979 */
980vchar_t *
981eay_get_pkcs1privkey(path)
982 char *path;
983{
984 FILE *fp;
985 EVP_PKEY *evp = NULL;
986 vchar_t *pkey = NULL;
987 u_char *bp;
988 int pkeylen;
989 int error = -1;
990
Chia-chi Yehb880c662009-07-06 14:29:18 +0800[diff] [blame]991#ifdef ANDROID_CHANGES
992 BIO *bio = BIO_from_keystore(path);
993 if (bio) {
994 evp = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL);
995 BIO_free(bio);
996 }
997#else
Chung-yih Wang0a1907d2009-04-23 12:26:00 +0800[diff] [blame]998 /* Read private key */
999 fp = fopen(path, "r");
1000 if (fp == NULL)
1001 return NULL;
1002
1003 evp = PEM_read_PrivateKey(fp, NULL, NULL, NULL);
1004
1005 fclose (fp);
Chia-chi Yehb880c662009-07-06 14:29:18 +0800[diff] [blame]1006#endif
Chung-yih Wang0a1907d2009-04-23 12:26:00 +0800[diff] [blame]1007
1008 if (evp == NULL)
1009 return NULL;
1010
1011 pkeylen = i2d_PrivateKey(evp, NULL);
1012 if (pkeylen == 0)
1013 goto end;
1014 pkey = vmalloc(pkeylen);
1015 if (pkey == NULL)
1016 goto end;
1017 bp = (unsigned char *) pkey->v;
1018 pkeylen = i2d_PrivateKey(evp, &bp);
1019 if (pkeylen == 0)
1020 goto end;
1021
1022 error = 0;
1023
1024end:
1025 if (evp != NULL)
1026 EVP_PKEY_free(evp);
1027 if (error != 0 && pkey != NULL) {
1028 vfree(pkey);
1029 pkey = NULL;
1030 }
1031
1032 return pkey;
1033}
1034
1035/*
1036 * get PKCS#1 Public Key of PEM format from local file.
1037 */
1038vchar_t *
1039eay_get_pkcs1pubkey(path)
1040 char *path;
1041{
1042 FILE *fp;
1043 EVP_PKEY *evp = NULL;
1044 vchar_t *pkey = NULL;
1045 X509 *x509 = NULL;
1046 u_char *bp;
1047 int pkeylen;
1048 int error = -1;
1049
1050 /* Read private key */
1051 fp = fopen(path, "r");
1052 if (fp == NULL)
1053 return NULL;
1054
1055 x509 = PEM_read_X509(fp, NULL, NULL, NULL);
1056
1057 fclose (fp);
1058
1059 if (x509 == NULL)
1060 return NULL;
1061
1062 /* Get public key - eay */
1063 evp = X509_get_pubkey(x509);
1064 if (evp == NULL)
1065 return NULL;
1066
1067 pkeylen = i2d_PublicKey(evp, NULL);
1068 if (pkeylen == 0)
1069 goto end;
1070 pkey = vmalloc(pkeylen);
1071 if (pkey == NULL)
1072 goto end;
1073 bp = (unsigned char *) pkey->v;
1074 pkeylen = i2d_PublicKey(evp, &bp);
1075 if (pkeylen == 0)
1076 goto end;
1077
1078 error = 0;
1079end:
1080 if (evp != NULL)
1081 EVP_PKEY_free(evp);
1082 if (error != 0 && pkey != NULL) {
1083 vfree(pkey);
1084 pkey = NULL;
1085 }
1086
1087 return pkey;
1088}
1089
1090vchar_t *
1091eay_get_x509sign(src, privkey)
1092 vchar_t *src, *privkey;
1093{
1094 EVP_PKEY *evp;
1095 u_char *bp = (unsigned char *) privkey->v;
1096 vchar_t *sig = NULL;
1097 int len;
1098 int pad = RSA_PKCS1_PADDING;
1099
1100 /* XXX to be handled EVP_PKEY_DSA */
1101 evp = d2i_PrivateKey(EVP_PKEY_RSA, NULL, (void *)&bp, privkey->l);
1102 if (evp == NULL)
1103 return NULL;
1104
1105 sig = eay_rsa_sign(src, evp->pkey.rsa);
1106
1107 EVP_PKEY_free(evp);
1108
1109 return sig;
1110}
1111
1112vchar_t *
1113eay_get_rsasign(src, rsa)
1114 vchar_t *src;
1115 RSA *rsa;
1116{
1117 return eay_rsa_sign(src, rsa);
1118}
1119
1120vchar_t *
1121eay_rsa_sign(vchar_t *src, RSA *rsa)
1122{
1123 int len;
1124 vchar_t *sig = NULL;
1125 int pad = RSA_PKCS1_PADDING;
1126
1127 len = RSA_size(rsa);
1128
1129 sig = vmalloc(len);
1130 if (sig == NULL)
1131 return NULL;
1132
1133 len = RSA_private_encrypt(src->l, (unsigned char *) src->v,
1134 (unsigned char *) sig->v, rsa, pad);
1135
1136 if (len == 0 || len != sig->l) {
1137 vfree(sig);
1138 sig = NULL;
1139 }
1140
1141 return sig;
1142}
1143
1144int
1145eay_rsa_verify(src, sig, rsa)
1146 vchar_t *src, *sig;
1147 RSA *rsa;
1148{
1149 vchar_t *xbuf = NULL;
1150 int pad = RSA_PKCS1_PADDING;
1151 int len = 0;
1152 int error;
1153
1154 len = RSA_size(rsa);
1155 xbuf = vmalloc(len);
1156 if (xbuf == NULL) {
1157 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
1158 return -1;
1159 }
1160
1161 len = RSA_public_decrypt(sig->l, (unsigned char *) sig->v,
1162 (unsigned char *) xbuf->v, rsa, pad);
1163 if (len == 0 || len != src->l) {
1164 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
1165 vfree(xbuf);
1166 return -1;
1167 }
1168
1169 error = memcmp(src->v, xbuf->v, src->l);
1170 vfree(xbuf);
1171 if (error != 0)
1172 return -1;
1173
1174 return 0;
1175}
1176
1177/*
1178 * get error string
1179 * MUST load ERR_load_crypto_strings() first.
1180 */
1181char *
1182eay_strerror()
1183{
1184 static char ebuf[512];
1185 int len = 0, n;
1186 unsigned long l;
1187 char buf[200];
1188 const char *file, *data;
1189 int line, flags;
1190 unsigned long es;
1191
1192 es = CRYPTO_thread_id();
1193
1194 while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0){
1195 n = snprintf(ebuf + len, sizeof(ebuf) - len,
1196 "%lu:%s:%s:%d:%s ",
1197 es, ERR_error_string(l, buf), file, line,
1198 (flags & ERR_TXT_STRING) ? data : "");
1199 if (n < 0 || n >= sizeof(ebuf) - len)
1200 break;
1201 len += n;
1202 if (sizeof(ebuf) < len)
1203 break;
1204 }
1205
1206 return ebuf;
1207}
1208
1209vchar_t *
1210evp_crypt(vchar_t *data, vchar_t *key, vchar_t *iv, const EVP_CIPHER *e, int enc)
1211{
1212 vchar_t *res;
1213 EVP_CIPHER_CTX ctx;
1214
1215 if (!e)
1216 return NULL;
1217
1218 if (data->l % EVP_CIPHER_block_size(e))
1219 return NULL;
1220
1221 if ((res = vmalloc(data->l)) == NULL)
1222 return NULL;
1223
1224 EVP_CIPHER_CTX_init(&ctx);
1225
1226 switch(EVP_CIPHER_nid(e)){
1227 case NID_bf_cbc:
1228 case NID_bf_ecb:
1229 case NID_bf_cfb64:
1230 case NID_bf_ofb64:
1231 case NID_cast5_cbc:
1232 case NID_cast5_ecb:
1233 case NID_cast5_cfb64:
1234 case NID_cast5_ofb64:
1235 /* XXX: can we do that also for algos with a fixed key size ?
1236 */
1237 /* init context without key/iv
1238 */
1239 if (!EVP_CipherInit(&ctx, e, NULL, NULL, enc))
1240 {
1241 OpenSSL_BUG();
1242 vfree(res);
1243 return NULL;
1244 }
1245
1246 /* update key size
1247 */
1248 if (!EVP_CIPHER_CTX_set_key_length(&ctx, key->l))
1249 {
1250 OpenSSL_BUG();
1251 vfree(res);
1252 return NULL;
1253 }
1254
1255 /* finalize context init with desired key size
1256 */
1257 if (!EVP_CipherInit(&ctx, NULL, (u_char *) key->v,
1258 (u_char *) iv->v, enc))
1259 {
1260 OpenSSL_BUG();
1261 vfree(res);
1262 return NULL;
1263 }
1264 break;
1265 default:
1266 if (!EVP_CipherInit(&ctx, e, (u_char *) key->v,
1267 (u_char *) iv->v, enc)) {
1268 OpenSSL_BUG();
1269 vfree(res);
1270 return NULL;
1271 }
1272 }
1273
1274 /* disable openssl padding */
1275 EVP_CIPHER_CTX_set_padding(&ctx, 0);
1276
1277 if (!EVP_Cipher(&ctx, (u_char *) res->v, (u_char *) data->v, data->l)) {
1278 OpenSSL_BUG();
1279 vfree(res);
1280 return NULL;
1281 }
1282
1283 EVP_CIPHER_CTX_cleanup(&ctx);
1284
1285 return res;
1286}
1287
1288int
1289evp_weakkey(vchar_t *key, const EVP_CIPHER *e)
1290{
1291 return 0;
1292}
1293
1294int
1295evp_keylen(int len, const EVP_CIPHER *e)
1296{
1297 if (!e)
1298 return -1;
1299 /* EVP functions return lengths in bytes, ipsec-tools
1300 * uses lengths in bits, therefore conversion is required. --AK
1301 */
1302 if (len != 0 && len != (EVP_CIPHER_key_length(e) << 3))
1303 return -1;
1304
1305 return EVP_CIPHER_key_length(e) << 3;
1306}
1307
1308/*
1309 * DES-CBC
1310 */
1311vchar_t *
1312eay_des_encrypt(data, key, iv)
1313 vchar_t *data, *key, *iv;
1314{
1315 return evp_crypt(data, key, iv, EVP_des_cbc(), 1);
1316}
1317
1318vchar_t *
1319eay_des_decrypt(data, key, iv)
1320 vchar_t *data, *key, *iv;
1321{
1322 return evp_crypt(data, key, iv, EVP_des_cbc(), 0);
1323}
1324
1325int
1326eay_des_weakkey(key)
1327 vchar_t *key;
1328{
1329#ifdef USE_NEW_DES_API
1330 return DES_is_weak_key((void *)key->v);
1331#else
1332 return des_is_weak_key((void *)key->v);
1333#endif
1334}
1335
1336int
1337eay_des_keylen(len)
1338 int len;
1339{
1340 return evp_keylen(len, EVP_des_cbc());
1341}
1342
1343#ifdef HAVE_OPENSSL_IDEA_H
1344/*
1345 * IDEA-CBC
1346 */
1347vchar_t *
1348eay_idea_encrypt(data, key, iv)
1349 vchar_t *data, *key, *iv;
1350{
1351 vchar_t *res;
1352 IDEA_KEY_SCHEDULE ks;
1353
1354 idea_set_encrypt_key((unsigned char *)key->v, &ks);
1355
1356 /* allocate buffer for result */
1357 if ((res = vmalloc(data->l)) == NULL)
1358 return NULL;
1359
1360 /* decryption data */
1361 idea_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l,
1362 &ks, (unsigned char *)iv->v, IDEA_ENCRYPT);
1363
1364 return res;
1365}
1366
1367vchar_t *
1368eay_idea_decrypt(data, key, iv)
1369 vchar_t *data, *key, *iv;
1370{
1371 vchar_t *res;
1372 IDEA_KEY_SCHEDULE ks, dks;
1373
1374 idea_set_encrypt_key((unsigned char *)key->v, &ks);
1375 idea_set_decrypt_key(&ks, &dks);
1376
1377 /* allocate buffer for result */
1378 if ((res = vmalloc(data->l)) == NULL)
1379 return NULL;
1380
1381 /* decryption data */
1382 idea_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l,
1383 &dks, (unsigned char *)iv->v, IDEA_DECRYPT);
1384
1385 return res;
1386}
1387
1388int
1389eay_idea_weakkey(key)
1390 vchar_t *key;
1391{
1392 return 0; /* XXX */
1393}
1394
1395int
1396eay_idea_keylen(len)
1397 int len;
1398{
1399 if (len != 0 && len != 128)
1400 return -1;
1401 return 128;
1402}
1403#endif
1404
1405/*
1406 * BLOWFISH-CBC
1407 */
1408vchar_t *
1409eay_bf_encrypt(data, key, iv)
1410 vchar_t *data, *key, *iv;
1411{
1412 return evp_crypt(data, key, iv, EVP_bf_cbc(), 1);
1413}
1414
1415vchar_t *
1416eay_bf_decrypt(data, key, iv)
1417 vchar_t *data, *key, *iv;
1418{
1419 return evp_crypt(data, key, iv, EVP_bf_cbc(), 0);
1420}
1421
1422int
1423eay_bf_weakkey(key)
1424 vchar_t *key;
1425{
1426 return 0; /* XXX to be done. refer to RFC 2451 */
1427}
1428
1429int
1430eay_bf_keylen(len)
1431 int len;
1432{
1433 if (len == 0)
1434 return 448;
1435 if (len < 40 || len > 448)
1436 return -1;
1437 return len;
1438}
1439
1440#ifdef HAVE_OPENSSL_RC5_H
1441/*
1442 * RC5-CBC
1443 */
1444vchar_t *
1445eay_rc5_encrypt(data, key, iv)
1446 vchar_t *data, *key, *iv;
1447{
1448 vchar_t *res;
1449 RC5_32_KEY ks;
1450
1451 /* in RFC 2451, there is information about the number of round. */
1452 RC5_32_set_key(&ks, key->l, (unsigned char *)key->v, 16);
1453
1454 /* allocate buffer for result */
1455 if ((res = vmalloc(data->l)) == NULL)
1456 return NULL;
1457
1458 /* decryption data */
1459 RC5_32_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l,
1460 &ks, (unsigned char *)iv->v, RC5_ENCRYPT);
1461
1462 return res;
1463}
1464
1465vchar_t *
1466eay_rc5_decrypt(data, key, iv)
1467 vchar_t *data, *key, *iv;
1468{
1469 vchar_t *res;
1470 RC5_32_KEY ks;
1471
1472 /* in RFC 2451, there is information about the number of round. */
1473 RC5_32_set_key(&ks, key->l, (unsigned char *)key->v, 16);
1474
1475 /* allocate buffer for result */
1476 if ((res = vmalloc(data->l)) == NULL)
1477 return NULL;
1478
1479 /* decryption data */
1480 RC5_32_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l,
1481 &ks, (unsigned char *)iv->v, RC5_DECRYPT);
1482
1483 return res;
1484}
1485
1486int
1487eay_rc5_weakkey(key)
1488 vchar_t *key;
1489{
1490 return 0; /* No known weak keys when used with 16 rounds. */
1491
1492}
1493
1494int
1495eay_rc5_keylen(len)
1496 int len;
1497{
1498 if (len == 0)
1499 return 128;
1500 if (len < 40 || len > 2040)
1501 return -1;
1502 return len;
1503}
1504#endif
1505
1506/*
1507 * 3DES-CBC
1508 */
1509vchar_t *
1510eay_3des_encrypt(data, key, iv)
1511 vchar_t *data, *key, *iv;
1512{
1513 return evp_crypt(data, key, iv, EVP_des_ede3_cbc(), 1);
1514}
1515
1516vchar_t *
1517eay_3des_decrypt(data, key, iv)
1518 vchar_t *data, *key, *iv;
1519{
1520 return evp_crypt(data, key, iv, EVP_des_ede3_cbc(), 0);
1521}
1522
1523int
1524eay_3des_weakkey(key)
1525 vchar_t *key;
1526{
1527#ifdef USE_NEW_DES_API
1528 return (DES_is_weak_key((void *)key->v) ||
1529 DES_is_weak_key((void *)(key->v + 8)) ||
1530 DES_is_weak_key((void *)(key->v + 16)));
1531#else
1532 if (key->l < 24)
1533 return 0;
1534
1535 return (des_is_weak_key((void *)key->v) ||
1536 des_is_weak_key((void *)(key->v + 8)) ||
1537 des_is_weak_key((void *)(key->v + 16)));
1538#endif
1539}
1540
1541int
1542eay_3des_keylen(len)
1543 int len;
1544{
1545 if (len != 0 && len != 192)
1546 return -1;
1547 return 192;
1548}
1549
1550/*
1551 * CAST-CBC
1552 */
1553vchar_t *
1554eay_cast_encrypt(data, key, iv)
1555 vchar_t *data, *key, *iv;
1556{
1557 return evp_crypt(data, key, iv, EVP_cast5_cbc(), 1);
1558}
1559
1560vchar_t *
1561eay_cast_decrypt(data, key, iv)
1562 vchar_t *data, *key, *iv;
1563{
1564 return evp_crypt(data, key, iv, EVP_cast5_cbc(), 0);
1565}
1566
1567int
1568eay_cast_weakkey(key)
1569 vchar_t *key;
1570{
1571 return 0; /* No known weak keys. */
1572}
1573
1574int
1575eay_cast_keylen(len)
1576 int len;
1577{
1578 if (len == 0)
1579 return 128;
1580 if (len < 40 || len > 128)
1581 return -1;
1582 return len;
1583}
1584
1585/*
1586 * AES(RIJNDAEL)-CBC
1587 */
1588#ifndef HAVE_OPENSSL_AES_H
1589vchar_t *
1590eay_aes_encrypt(data, key, iv)
1591 vchar_t *data, *key, *iv;
1592{
1593 vchar_t *res;
1594 keyInstance k;
1595 cipherInstance c;
1596
1597 memset(&k, 0, sizeof(k));
1598 if (rijndael_makeKey(&k, DIR_ENCRYPT, key->l << 3, key->v) < 0)
1599 return NULL;
1600
1601 /* allocate buffer for result */
1602 if ((res = vmalloc(data->l)) == NULL)
1603 return NULL;
1604
1605 /* encryption data */
1606 memset(&c, 0, sizeof(c));
1607 if (rijndael_cipherInit(&c, MODE_CBC, iv->v) < 0){
1608 vfree(res);
1609 return NULL;
1610 }
1611 if (rijndael_blockEncrypt(&c, &k, data->v, data->l << 3, res->v) < 0){
1612 vfree(res);
1613 return NULL;
1614 }
1615
1616 return res;
1617}
1618
1619vchar_t *
1620eay_aes_decrypt(data, key, iv)
1621 vchar_t *data, *key, *iv;
1622{
1623 vchar_t *res;
1624 keyInstance k;
1625 cipherInstance c;
1626
1627 memset(&k, 0, sizeof(k));
1628 if (rijndael_makeKey(&k, DIR_DECRYPT, key->l << 3, key->v) < 0)
1629 return NULL;
1630
1631 /* allocate buffer for result */
1632 if ((res = vmalloc(data->l)) == NULL)
1633 return NULL;
1634
1635 /* decryption data */
1636 memset(&c, 0, sizeof(c));
1637 if (rijndael_cipherInit(&c, MODE_CBC, iv->v) < 0){
1638 vfree(res);
1639 return NULL;
1640 }
1641 if (rijndael_blockDecrypt(&c, &k, data->v, data->l << 3, res->v) < 0){
1642 vfree(res);
1643 return NULL;
1644 }
1645
1646 return res;
1647}
1648#else
1649static inline const EVP_CIPHER *
1650aes_evp_by_keylen(int keylen)
1651{
1652 switch(keylen) {
1653 case 16:
1654 case 128:
1655 return EVP_aes_128_cbc();
1656 case 24:
1657 case 192:
1658 return EVP_aes_192_cbc();
1659 case 32:
1660 case 256:
1661 return EVP_aes_256_cbc();
1662 default:
1663 return NULL;
1664 }
1665}
1666
1667vchar_t *
1668eay_aes_encrypt(data, key, iv)
1669 vchar_t *data, *key, *iv;
1670{
1671 return evp_crypt(data, key, iv, aes_evp_by_keylen(key->l), 1);
1672}
1673
1674vchar_t *
1675eay_aes_decrypt(data, key, iv)
1676 vchar_t *data, *key, *iv;
1677{
1678 return evp_crypt(data, key, iv, aes_evp_by_keylen(key->l), 0);
1679}
1680#endif
1681
1682int
1683eay_aes_weakkey(key)
1684 vchar_t *key;
1685{
1686 return 0;
1687}
1688
1689int
1690eay_aes_keylen(len)
1691 int len;
1692{
1693 if (len == 0)
1694 return 128;
1695 if (len != 128 && len != 192 && len != 256)
1696 return -1;
1697 return len;
1698}
1699
1700#if defined(HAVE_OPENSSL_CAMELLIA_H)
1701/*
1702 * CAMELLIA-CBC
1703 */
1704static inline const EVP_CIPHER *
1705camellia_evp_by_keylen(int keylen)
1706{
1707 switch(keylen) {
1708 case 16:
1709 case 128:
1710 return EVP_camellia_128_cbc();
1711 case 24:
1712 case 192:
1713 return EVP_camellia_192_cbc();
1714 case 32:
1715 case 256:
1716 return EVP_camellia_256_cbc();
1717 default:
1718 return NULL;
1719 }
1720}
1721
1722vchar_t *
1723eay_camellia_encrypt(data, key, iv)
1724 vchar_t *data, *key, *iv;
1725{
1726 return evp_crypt(data, key, iv, camellia_evp_by_keylen(key->l), 1);
1727}
1728
1729vchar_t *
1730eay_camellia_decrypt(data, key, iv)
1731 vchar_t *data, *key, *iv;
1732{
1733 return evp_crypt(data, key, iv, camellia_evp_by_keylen(key->l), 0);
1734}
1735
1736int
1737eay_camellia_weakkey(key)
1738 vchar_t *key;
1739{
1740 return 0;
1741}
1742
1743int
1744eay_camellia_keylen(len)
1745 int len;
1746{
1747 if (len == 0)
1748 return 128;
1749 if (len != 128 && len != 192 && len != 256)
1750 return -1;
1751 return len;
1752}
1753
1754#endif
1755
1756/* for ipsec part */
1757int
1758eay_null_hashlen()
1759{
1760 return 0;
1761}
1762
1763int
1764eay_kpdk_hashlen()
1765{
1766 return 0;
1767}
1768
1769int
1770eay_twofish_keylen(len)
1771 int len;
1772{
1773 if (len < 0 || len > 256)
1774 return -1;
1775 return len;
1776}
1777
1778int
1779eay_null_keylen(len)
1780 int len;
1781{
1782 return 0;
1783}
1784
1785/*
1786 * HMAC functions
1787 */
1788static caddr_t
1789eay_hmac_init(key, md)
1790 vchar_t *key;
1791 const EVP_MD *md;
1792{
1793 HMAC_CTX *c = racoon_malloc(sizeof(*c));
1794
1795 HMAC_Init(c, key->v, key->l, md);
1796
1797 return (caddr_t)c;
1798}
1799
1800#ifdef WITH_SHA2
1801/*
1802 * HMAC SHA2-512
1803 */
1804vchar_t *
1805eay_hmacsha2_512_one(key, data)
1806 vchar_t *key, *data;
1807{
1808 vchar_t *res;
1809 caddr_t ctx;
1810
1811 ctx = eay_hmacsha2_512_init(key);
1812 eay_hmacsha2_512_update(ctx, data);
1813 res = eay_hmacsha2_512_final(ctx);
1814
1815 return(res);
1816}
1817
1818caddr_t
1819eay_hmacsha2_512_init(key)
1820 vchar_t *key;
1821{
1822 return eay_hmac_init(key, EVP_sha2_512());
1823}
1824
1825void
1826eay_hmacsha2_512_update(c, data)
1827 caddr_t c;
1828 vchar_t *data;
1829{
1830 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
1831}
1832
1833vchar_t *
1834eay_hmacsha2_512_final(c)
1835 caddr_t c;
1836{
1837 vchar_t *res;
1838 unsigned int l;
1839
1840 if ((res = vmalloc(SHA512_DIGEST_LENGTH)) == 0)
1841 return NULL;
1842
1843 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
1844 res->l = l;
1845 HMAC_cleanup((HMAC_CTX *)c);
1846 (void)racoon_free(c);
1847
1848 if (SHA512_DIGEST_LENGTH != res->l) {
1849 plog(LLV_ERROR, LOCATION, NULL,
1850 "hmac sha2_512 length mismatch %zd.\n", res->l);
1851 vfree(res);
1852 return NULL;
1853 }
1854
1855 return(res);
1856}
1857
1858/*
1859 * HMAC SHA2-384
1860 */
1861vchar_t *
1862eay_hmacsha2_384_one(key, data)
1863 vchar_t *key, *data;
1864{
1865 vchar_t *res;
1866 caddr_t ctx;
1867
1868 ctx = eay_hmacsha2_384_init(key);
1869 eay_hmacsha2_384_update(ctx, data);
1870 res = eay_hmacsha2_384_final(ctx);
1871
1872 return(res);
1873}
1874
1875caddr_t
1876eay_hmacsha2_384_init(key)
1877 vchar_t *key;
1878{
1879 return eay_hmac_init(key, EVP_sha2_384());
1880}
1881
1882void
1883eay_hmacsha2_384_update(c, data)
1884 caddr_t c;
1885 vchar_t *data;
1886{
1887 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
1888}
1889
1890vchar_t *
1891eay_hmacsha2_384_final(c)
1892 caddr_t c;
1893{
1894 vchar_t *res;
1895 unsigned int l;
1896
1897 if ((res = vmalloc(SHA384_DIGEST_LENGTH)) == 0)
1898 return NULL;
1899
1900 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
1901 res->l = l;
1902 HMAC_cleanup((HMAC_CTX *)c);
1903 (void)racoon_free(c);
1904
1905 if (SHA384_DIGEST_LENGTH != res->l) {
1906 plog(LLV_ERROR, LOCATION, NULL,
1907 "hmac sha2_384 length mismatch %zd.\n", res->l);
1908 vfree(res);
1909 return NULL;
1910 }
1911
1912 return(res);
1913}
1914
1915/*
1916 * HMAC SHA2-256
1917 */
1918vchar_t *
1919eay_hmacsha2_256_one(key, data)
1920 vchar_t *key, *data;
1921{
1922 vchar_t *res;
1923 caddr_t ctx;
1924
1925 ctx = eay_hmacsha2_256_init(key);
1926 eay_hmacsha2_256_update(ctx, data);
1927 res = eay_hmacsha2_256_final(ctx);
1928
1929 return(res);
1930}
1931
1932caddr_t
1933eay_hmacsha2_256_init(key)
1934 vchar_t *key;
1935{
1936 return eay_hmac_init(key, EVP_sha2_256());
1937}
1938
1939void
1940eay_hmacsha2_256_update(c, data)
1941 caddr_t c;
1942 vchar_t *data;
1943{
1944 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
1945}
1946
1947vchar_t *
1948eay_hmacsha2_256_final(c)
1949 caddr_t c;
1950{
1951 vchar_t *res;
1952 unsigned int l;
1953
1954 if ((res = vmalloc(SHA256_DIGEST_LENGTH)) == 0)
1955 return NULL;
1956
1957 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
1958 res->l = l;
1959 HMAC_cleanup((HMAC_CTX *)c);
1960 (void)racoon_free(c);
1961
1962 if (SHA256_DIGEST_LENGTH != res->l) {
1963 plog(LLV_ERROR, LOCATION, NULL,
1964 "hmac sha2_256 length mismatch %zd.\n", res->l);
1965 vfree(res);
1966 return NULL;
1967 }
1968
1969 return(res);
1970}
1971#endif /* WITH_SHA2 */
1972
1973/*
1974 * HMAC SHA1
1975 */
1976vchar_t *
1977eay_hmacsha1_one(key, data)
1978 vchar_t *key, *data;
1979{
1980 vchar_t *res;
1981 caddr_t ctx;
1982
1983 ctx = eay_hmacsha1_init(key);
1984 eay_hmacsha1_update(ctx, data);
1985 res = eay_hmacsha1_final(ctx);
1986
1987 return(res);
1988}
1989
1990caddr_t
1991eay_hmacsha1_init(key)
1992 vchar_t *key;
1993{
1994 return eay_hmac_init(key, EVP_sha1());
1995}
1996
1997void
1998eay_hmacsha1_update(c, data)
1999 caddr_t c;
2000 vchar_t *data;
2001{
2002 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
2003}
2004
2005vchar_t *
2006eay_hmacsha1_final(c)
2007 caddr_t c;
2008{
2009 vchar_t *res;
2010 unsigned int l;
2011
2012 if ((res = vmalloc(SHA_DIGEST_LENGTH)) == 0)
2013 return NULL;
2014
2015 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
2016 res->l = l;
2017 HMAC_cleanup((HMAC_CTX *)c);
2018 (void)racoon_free(c);
2019
2020 if (SHA_DIGEST_LENGTH != res->l) {
2021 plog(LLV_ERROR, LOCATION, NULL,
2022 "hmac sha1 length mismatch %zd.\n", res->l);
2023 vfree(res);
2024 return NULL;
2025 }
2026
2027 return(res);
2028}
2029
2030/*
2031 * HMAC MD5
2032 */
2033vchar_t *
2034eay_hmacmd5_one(key, data)
2035 vchar_t *key, *data;
2036{
2037 vchar_t *res;
2038 caddr_t ctx;
2039
2040 ctx = eay_hmacmd5_init(key);
2041 eay_hmacmd5_update(ctx, data);
2042 res = eay_hmacmd5_final(ctx);
2043
2044 return(res);
2045}
2046
2047caddr_t
2048eay_hmacmd5_init(key)
2049 vchar_t *key;
2050{
2051 return eay_hmac_init(key, EVP_md5());
2052}
2053
2054void
2055eay_hmacmd5_update(c, data)
2056 caddr_t c;
2057 vchar_t *data;
2058{
2059 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
2060}
2061
2062vchar_t *
2063eay_hmacmd5_final(c)
2064 caddr_t c;
2065{
2066 vchar_t *res;
2067 unsigned int l;
2068
2069 if ((res = vmalloc(MD5_DIGEST_LENGTH)) == 0)
2070 return NULL;
2071
2072 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
2073 res->l = l;
2074 HMAC_cleanup((HMAC_CTX *)c);
2075 (void)racoon_free(c);
2076
2077 if (MD5_DIGEST_LENGTH != res->l) {
2078 plog(LLV_ERROR, LOCATION, NULL,
2079 "hmac md5 length mismatch %zd.\n", res->l);
2080 vfree(res);
2081 return NULL;
2082 }
2083
2084 return(res);
2085}
2086
2087#ifdef WITH_SHA2
2088/*
2089 * SHA2-512 functions
2090 */
2091caddr_t
2092eay_sha2_512_init()
2093{
2094 SHA512_CTX *c = racoon_malloc(sizeof(*c));
2095
2096 SHA512_Init(c);
2097
2098 return((caddr_t)c);
2099}
2100
2101void
2102eay_sha2_512_update(c, data)
2103 caddr_t c;
2104 vchar_t *data;
2105{
2106 SHA512_Update((SHA512_CTX *)c, (unsigned char *) data->v, data->l);
2107
2108 return;
2109}
2110
2111vchar_t *
2112eay_sha2_512_final(c)
2113 caddr_t c;
2114{
2115 vchar_t *res;
2116
2117 if ((res = vmalloc(SHA512_DIGEST_LENGTH)) == 0)
2118 return(0);
2119
2120 SHA512_Final((unsigned char *) res->v, (SHA512_CTX *)c);
2121 (void)racoon_free(c);
2122
2123 return(res);
2124}
2125
2126vchar_t *
2127eay_sha2_512_one(data)
2128 vchar_t *data;
2129{
2130 caddr_t ctx;
2131 vchar_t *res;
2132
2133 ctx = eay_sha2_512_init();
2134 eay_sha2_512_update(ctx, data);
2135 res = eay_sha2_512_final(ctx);
2136
2137 return(res);
2138}
2139
2140int
2141eay_sha2_512_hashlen()
2142{
2143 return SHA512_DIGEST_LENGTH << 3;
2144}
2145#endif
2146
2147#ifdef WITH_SHA2
2148/*
2149 * SHA2-384 functions
2150 */
2151caddr_t
2152eay_sha2_384_init()
2153{
2154 SHA384_CTX *c = racoon_malloc(sizeof(*c));
2155
2156 SHA384_Init(c);
2157
2158 return((caddr_t)c);
2159}
2160
2161void
2162eay_sha2_384_update(c, data)
2163 caddr_t c;
2164 vchar_t *data;
2165{
2166 SHA384_Update((SHA384_CTX *)c, (unsigned char *) data->v, data->l);
2167
2168 return;
2169}
2170
2171vchar_t *
2172eay_sha2_384_final(c)
2173 caddr_t c;
2174{
2175 vchar_t *res;
2176
2177 if ((res = vmalloc(SHA384_DIGEST_LENGTH)) == 0)
2178 return(0);
2179
2180 SHA384_Final((unsigned char *) res->v, (SHA384_CTX *)c);
2181 (void)racoon_free(c);
2182
2183 return(res);
2184}
2185
2186vchar_t *
2187eay_sha2_384_one(data)
2188 vchar_t *data;
2189{
2190 caddr_t ctx;
2191 vchar_t *res;
2192
2193 ctx = eay_sha2_384_init();
2194 eay_sha2_384_update(ctx, data);
2195 res = eay_sha2_384_final(ctx);
2196
2197 return(res);
2198}
2199
2200int
2201eay_sha2_384_hashlen()
2202{
2203 return SHA384_DIGEST_LENGTH << 3;
2204}
2205#endif
2206
2207#ifdef WITH_SHA2
2208/*
2209 * SHA2-256 functions
2210 */
2211caddr_t
2212eay_sha2_256_init()
2213{
2214 SHA256_CTX *c = racoon_malloc(sizeof(*c));
2215
2216 SHA256_Init(c);
2217
2218 return((caddr_t)c);
2219}
2220
2221void
2222eay_sha2_256_update(c, data)
2223 caddr_t c;
2224 vchar_t *data;
2225{
2226 SHA256_Update((SHA256_CTX *)c, (unsigned char *) data->v, data->l);
2227
2228 return;
2229}
2230
2231vchar_t *
2232eay_sha2_256_final(c)
2233 caddr_t c;
2234{
2235 vchar_t *res;
2236
2237 if ((res = vmalloc(SHA256_DIGEST_LENGTH)) == 0)
2238 return(0);
2239
2240 SHA256_Final((unsigned char *) res->v, (SHA256_CTX *)c);
2241 (void)racoon_free(c);
2242
2243 return(res);
2244}
2245
2246vchar_t *
2247eay_sha2_256_one(data)
2248 vchar_t *data;
2249{
2250 caddr_t ctx;
2251 vchar_t *res;
2252
2253 ctx = eay_sha2_256_init();
2254 eay_sha2_256_update(ctx, data);
2255 res = eay_sha2_256_final(ctx);
2256
2257 return(res);
2258}
2259
2260int
2261eay_sha2_256_hashlen()
2262{
2263 return SHA256_DIGEST_LENGTH << 3;
2264}
2265#endif
2266
2267/*
2268 * SHA functions
2269 */
2270caddr_t
2271eay_sha1_init()
2272{
2273 SHA_CTX *c = racoon_malloc(sizeof(*c));
2274
2275 SHA1_Init(c);
2276
2277 return((caddr_t)c);
2278}
2279
2280void
2281eay_sha1_update(c, data)
2282 caddr_t c;
2283 vchar_t *data;
2284{
2285 SHA1_Update((SHA_CTX *)c, data->v, data->l);
2286
2287 return;
2288}
2289
2290vchar_t *
2291eay_sha1_final(c)
2292 caddr_t c;
2293{
2294 vchar_t *res;
2295
2296 if ((res = vmalloc(SHA_DIGEST_LENGTH)) == 0)
2297 return(0);
2298
2299 SHA1_Final((unsigned char *) res->v, (SHA_CTX *)c);
2300 (void)racoon_free(c);
2301
2302 return(res);
2303}
2304
2305vchar_t *
2306eay_sha1_one(data)
2307 vchar_t *data;
2308{
2309 caddr_t ctx;
2310 vchar_t *res;
2311
2312 ctx = eay_sha1_init();
2313 eay_sha1_update(ctx, data);
2314 res = eay_sha1_final(ctx);
2315
2316 return(res);
2317}
2318
2319int
2320eay_sha1_hashlen()
2321{
2322 return SHA_DIGEST_LENGTH << 3;
2323}
2324
2325/*
2326 * MD5 functions
2327 */
2328caddr_t
2329eay_md5_init()
2330{
2331 MD5_CTX *c = racoon_malloc(sizeof(*c));
2332
2333 MD5_Init(c);
2334
2335 return((caddr_t)c);
2336}
2337
2338void
2339eay_md5_update(c, data)
2340 caddr_t c;
2341 vchar_t *data;
2342{
2343 MD5_Update((MD5_CTX *)c, data->v, data->l);
2344
2345 return;
2346}
2347
2348vchar_t *
2349eay_md5_final(c)
2350 caddr_t c;
2351{
2352 vchar_t *res;
2353
2354 if ((res = vmalloc(MD5_DIGEST_LENGTH)) == 0)
2355 return(0);
2356
2357 MD5_Final((unsigned char *) res->v, (MD5_CTX *)c);
2358 (void)racoon_free(c);
2359
2360 return(res);
2361}
2362
2363vchar_t *
2364eay_md5_one(data)
2365 vchar_t *data;
2366{
2367 caddr_t ctx;
2368 vchar_t *res;
2369
2370 ctx = eay_md5_init();
2371 eay_md5_update(ctx, data);
2372 res = eay_md5_final(ctx);
2373
2374 return(res);
2375}
2376
2377int
2378eay_md5_hashlen()
2379{
2380 return MD5_DIGEST_LENGTH << 3;
2381}
2382
2383/*
2384 * eay_set_random
2385 * size: number of bytes.
2386 */
2387vchar_t *
2388eay_set_random(size)
2389 u_int32_t size;
2390{
2391 BIGNUM *r = NULL;
2392 vchar_t *res = 0;
2393
2394 if ((r = BN_new()) == NULL)
2395 goto end;
2396 BN_rand(r, size * 8, 0, 0);
2397 eay_bn2v(&res, r);
2398
2399end:
2400 if (r)
2401 BN_free(r);
2402 return(res);
2403}
2404
2405/* DH */
2406int
2407eay_dh_generate(prime, g, publen, pub, priv)
2408 vchar_t *prime, **pub, **priv;
2409 u_int publen;
2410 u_int32_t g;
2411{
2412 BIGNUM *p = NULL;
2413 DH *dh = NULL;
2414 int error = -1;
2415
2416 /* initialize */
2417 /* pre-process to generate number */
2418 if (eay_v2bn(&p, prime) < 0)
2419 goto end;
2420
2421 if ((dh = DH_new()) == NULL)
2422 goto end;
2423 dh->p = p;
2424 p = NULL; /* p is now part of dh structure */
2425 dh->g = NULL;
2426 if ((dh->g = BN_new()) == NULL)
2427 goto end;
2428 if (!BN_set_word(dh->g, g))
2429 goto end;
2430
2431 if (publen != 0)
2432 dh->length = publen;
2433
2434 /* generate public and private number */
2435 if (!DH_generate_key(dh))
2436 goto end;
2437
2438 /* copy results to buffers */
2439 if (eay_bn2v(pub, dh->pub_key) < 0)
2440 goto end;
2441 if (eay_bn2v(priv, dh->priv_key) < 0) {
2442 vfree(*pub);
2443 goto end;
2444 }
2445
2446 error = 0;
2447
2448end:
2449 if (dh != NULL)
2450 DH_free(dh);
2451 if (p != 0)
2452 BN_free(p);
2453 return(error);
2454}
2455
2456int
2457eay_dh_compute(prime, g, pub, priv, pub2, key)
2458 vchar_t *prime, *pub, *priv, *pub2, **key;
2459 u_int32_t g;
2460{
2461 BIGNUM *dh_pub = NULL;
2462 DH *dh = NULL;
2463 int l;
2464 unsigned char *v = NULL;
2465 int error = -1;
2466
2467 /* make public number to compute */
2468 if (eay_v2bn(&dh_pub, pub2) < 0)
2469 goto end;
2470
2471 /* make DH structure */
2472 if ((dh = DH_new()) == NULL)
2473 goto end;
2474 if (eay_v2bn(&dh->p, prime) < 0)
2475 goto end;
2476 if (eay_v2bn(&dh->pub_key, pub) < 0)
2477 goto end;
2478 if (eay_v2bn(&dh->priv_key, priv) < 0)
2479 goto end;
2480 dh->length = pub2->l * 8;
2481
2482 dh->g = NULL;
2483 if ((dh->g = BN_new()) == NULL)
2484 goto end;
2485 if (!BN_set_word(dh->g, g))
2486 goto end;
2487
2488 if ((v = racoon_calloc(prime->l, sizeof(u_char))) == NULL)
2489 goto end;
2490 if ((l = DH_compute_key(v, dh_pub, dh)) == -1)
2491 goto end;
2492 memcpy((*key)->v + (prime->l - l), v, l);
2493
2494 error = 0;
2495
2496end:
2497 if (dh_pub != NULL)
2498 BN_free(dh_pub);
2499 if (dh != NULL)
2500 DH_free(dh);
2501 if (v != NULL)
2502 racoon_free(v);
2503 return(error);
2504}
2505
2506/*
2507 * convert vchar_t <-> BIGNUM.
2508 *
2509 * vchar_t: unit is u_char, network endian, most significant byte first.
2510 * BIGNUM: unit is BN_ULONG, each of BN_ULONG is in host endian,
2511 * least significant BN_ULONG must come first.
2512 *
2513 * hex value of "0x3ffe050104" is represented as follows:
2514 * vchar_t: 3f fe 05 01 04
2515 * BIGNUM (BN_ULONG = u_int8_t): 04 01 05 fe 3f
2516 * BIGNUM (BN_ULONG = u_int16_t): 0x0104 0xfe05 0x003f
2517 * BIGNUM (BN_ULONG = u_int32_t_t): 0xfe050104 0x0000003f
2518 */
2519int
2520eay_v2bn(bn, var)
2521 BIGNUM **bn;
2522 vchar_t *var;
2523{
2524 if ((*bn = BN_bin2bn((unsigned char *) var->v, var->l, NULL)) == NULL)
2525 return -1;
2526
2527 return 0;
2528}
2529
2530int
2531eay_bn2v(var, bn)
2532 vchar_t **var;
2533 BIGNUM *bn;
2534{
2535 *var = vmalloc(bn->top * BN_BYTES);
2536 if (*var == NULL)
2537 return(-1);
2538
2539 (*var)->l = BN_bn2bin(bn, (unsigned char *) (*var)->v);
2540
2541 return 0;
2542}
2543
2544void
2545eay_init()
2546{
2547 OpenSSL_add_all_algorithms();
2548 ERR_load_crypto_strings();
2549#ifdef HAVE_OPENSSL_ENGINE_H
2550 ENGINE_load_builtin_engines();
2551 ENGINE_register_all_complete();
2552#endif
2553}
2554
2555vchar_t *
2556base64_decode(char *in, long inlen)
2557{
2558 BIO *bio=NULL, *b64=NULL;
2559 vchar_t *res = NULL;
2560 char *outb;
2561 long outlen;
2562
2563 outb = malloc(inlen * 2);
2564 if (outb == NULL)
2565 goto out;
2566 bio = BIO_new_mem_buf(in, inlen);
2567 b64 = BIO_new(BIO_f_base64());
2568 BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
2569 bio = BIO_push(b64, bio);
2570
2571 outlen = BIO_read(bio, outb, inlen * 2);
2572 if (outlen <= 0) {
2573 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
2574 goto out;
2575 }
2576
2577 res = vmalloc(outlen);
2578 if (!res)
2579 goto out;
2580
2581 memcpy(res->v, outb, outlen);
2582
2583out:
2584 if (outb)
2585 free(outb);
2586 if (bio)
2587 BIO_free_all(bio);
2588
2589 return res;
2590}
2591
2592vchar_t *
2593base64_encode(char *in, long inlen)
2594{
2595 BIO *bio=NULL, *b64=NULL;
2596 char *ptr;
2597 long plen = -1;
2598 vchar_t *res = NULL;
2599
2600 bio = BIO_new(BIO_s_mem());
2601 b64 = BIO_new(BIO_f_base64());
2602 BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
2603 bio = BIO_push(b64, bio);
2604
2605 BIO_write(bio, in, inlen);
2606 BIO_flush(bio);
2607
2608 plen = BIO_get_mem_data(bio, &ptr);
2609 res = vmalloc(plen+1);
2610 if (!res)
2611 goto out;
2612
2613 memcpy (res->v, ptr, plen);
2614 res->v[plen] = '\0';
2615
2616out:
2617 if (bio)
2618 BIO_free_all(bio);
2619
2620 return res;
2621}
2622
2623static RSA *
2624binbuf_pubkey2rsa(vchar_t *binbuf)
2625{
2626 BIGNUM *exp, *mod;
2627 RSA *rsa_pub = NULL;
2628
2629 if (binbuf->v[0] > binbuf->l - 1) {
2630 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: decoded string doesn't make sense.\n");
2631 goto out;
2632 }
2633
2634 exp = BN_bin2bn((unsigned char *) (binbuf->v + 1), binbuf->v[0], NULL);
2635 mod = BN_bin2bn((unsigned char *) (binbuf->v + binbuf->v[0] + 1),
2636 binbuf->l - binbuf->v[0] - 1, NULL);
2637 rsa_pub = RSA_new();
2638
2639 if (!exp || !mod || !rsa_pub) {
2640 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey parsing error: %s\n", eay_strerror());
2641 if (exp)
2642 BN_free(exp);
2643 if (mod)
2644 BN_free(exp);
2645 if (rsa_pub)
2646 RSA_free(rsa_pub);
2647 rsa_pub = NULL;
2648 goto out;
2649 }
2650
2651 rsa_pub->n = mod;
2652 rsa_pub->e = exp;
2653
2654out:
2655 return rsa_pub;
2656}
2657
2658RSA *
2659base64_pubkey2rsa(char *in)
2660{
2661 BIGNUM *exp, *mod;
2662 RSA *rsa_pub = NULL;
2663 vchar_t *binbuf;
2664
2665 if (strncmp(in, "0s", 2) != 0) {
2666 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: doesn't start with '0s'\n");
2667 return NULL;
2668 }
2669
2670 binbuf = base64_decode(in + 2, strlen(in + 2));
2671 if (!binbuf) {
2672 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: Base64 decoding failed.\n");
2673 return NULL;
2674 }
2675
2676 if (binbuf->v[0] > binbuf->l - 1) {
2677 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: decoded string doesn't make sense.\n");
2678 goto out;
2679 }
2680
2681 rsa_pub = binbuf_pubkey2rsa(binbuf);
2682
2683out:
2684 if (binbuf)
2685 vfree(binbuf);
2686
2687 return rsa_pub;
2688}
2689
2690RSA *
2691bignum_pubkey2rsa(BIGNUM *in)
2692{
2693 RSA *rsa_pub = NULL;
2694 vchar_t *binbuf;
2695
2696 binbuf = vmalloc(BN_num_bytes(in));
2697 if (!binbuf) {
2698 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey conversion: memory allocation failed..\n");
2699 return NULL;
2700 }
2701
2702 BN_bn2bin(in, (unsigned char *) binbuf->v);
2703
2704 rsa_pub = binbuf_pubkey2rsa(binbuf);
2705
2706out:
2707 if (binbuf)
2708 vfree(binbuf);
2709
2710 return rsa_pub;
2711}
2712
2713u_int32_t
2714eay_random()
2715{
2716 u_int32_t result;
2717 vchar_t *vrand;
2718
2719 vrand = eay_set_random(sizeof(result));
2720 memcpy(&result, vrand->v, sizeof(result));
2721 vfree(vrand);
2722
2723 return result;
2724}
2725
2726const char *
2727eay_version()
2728{
2729 return SSLeay_version(SSLEAY_VERSION);
2730}