Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / ipsec-tools / bd5fa3c99638830d3fa1ae5b4fc4988de5ee0f4d / . / src / racoon / crypto_openssl.c
blob: c994fc011773f6453a0ffd6c7887b2bfd56b5e52 [file] [log] [blame]
Chia-chi Yeh1c715272009-06-21 08:13:52 +0800[diff] [blame]1/* $NetBSD: crypto_openssl.c,v 1.11.6.5 2009/04/20 13:33:30 tteras Exp $ */
Chung-yih Wang0a1907d2009-04-23 12:26:00 +0800[diff] [blame]2
3/* Id: crypto_openssl.c,v 1.47 2006/05/06 20:42:09 manubsd Exp */
4
5/*
6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the project nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34#include "config.h"
35
36#include <sys/types.h>
37#include <sys/param.h>
38
39#include <stdlib.h>
40#include <stdio.h>
41#include <limits.h>
42#include <string.h>
43
44/* get openssl/ssleay version number */
45#include <openssl/opensslv.h>
46
47#if !defined(OPENSSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x0090602fL)
48#error OpenSSL version 0.9.6 or later required.
49#endif
50
51#include <openssl/pem.h>
52#include <openssl/evp.h>
53#include <openssl/x509.h>
54#include <openssl/x509v3.h>
55#include <openssl/x509_vfy.h>
56#include <openssl/bn.h>
57#include <openssl/dh.h>
58#include <openssl/md5.h>
59#include <openssl/sha.h>
60#include <openssl/hmac.h>
61#include <openssl/des.h>
62#include <openssl/crypto.h>
63#ifdef HAVE_OPENSSL_ENGINE_H
64#include <openssl/engine.h>
65#endif
Chia-chi Yeh458fe1e2009-06-26 14:36:17 +0800[diff] [blame]66#ifndef ANDROID_CHANGES
Chung-yih Wang0a1907d2009-04-23 12:26:00 +0800[diff] [blame]67#include <openssl/blowfish.h>
68#include <openssl/cast.h>
Chia-chi Yeh458fe1e2009-06-26 14:36:17 +0800[diff] [blame]69#else
70#define EVP_bf_cbc() NULL
71#define EVP_cast5_cbc() NULL
Chia-chi Yehb880c662009-07-06 14:29:18 +0800[diff] [blame]72#include "keystore_get.h"
Chia-chi Yeh458fe1e2009-06-26 14:36:17 +0800[diff] [blame]73#endif
Chung-yih Wang0a1907d2009-04-23 12:26:00 +0800[diff] [blame]74#include <openssl/err.h>
75#ifdef HAVE_OPENSSL_RC5_H
76#include <openssl/rc5.h>
77#endif
78#ifdef HAVE_OPENSSL_IDEA_H
79#include <openssl/idea.h>
80#endif
81#if defined(HAVE_OPENSSL_AES_H)
82#include <openssl/aes.h>
83#elif defined(HAVE_OPENSSL_RIJNDAEL_H)
84#include <openssl/rijndael.h>
85#else
86#include "crypto/rijndael/rijndael-api-fst.h"
87#endif
88#if defined(HAVE_OPENSSL_CAMELLIA_H)
89#include <openssl/camellia.h>
90#endif
91#ifdef WITH_SHA2
92#ifdef HAVE_OPENSSL_SHA2_H
93#include <openssl/sha2.h>
94#else
95#include "crypto/sha2/sha2.h"
96#endif
97#endif
98#include "plog.h"
99
100/* 0.9.7 stuff? */
101#if OPENSSL_VERSION_NUMBER < 0x0090700fL
102typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES;
103#else
104#define USE_NEW_DES_API
105#endif
106
107#define OpenSSL_BUG() do { plog(LLV_ERROR, LOCATION, NULL, "OpenSSL function failed\n"); } while(0)
108
109#include "var.h"
110#include "misc.h"
111#include "vmbuf.h"
112#include "plog.h"
113#include "crypto_openssl.h"
114#include "debug.h"
115#include "gcmalloc.h"
116
117/*
118 * I hate to cast every parameter to des_xx into void *, but it is
119 * necessary for SSLeay/OpenSSL portability. It sucks.
120 */
121
122static int cb_check_cert_local __P((int, X509_STORE_CTX *));
123static int cb_check_cert_remote __P((int, X509_STORE_CTX *));
124static X509 *mem2x509 __P((vchar_t *));
125
126static caddr_t eay_hmac_init __P((vchar_t *, const EVP_MD *));
127
Chung-yih Wang0a1907d2009-04-23 12:26:00 +0800[diff] [blame]128/* X509 Certificate */
129/*
130 * convert the string of the subject name into DER
131 * e.g. str = "C=JP, ST=Kanagawa";
132 */
133vchar_t *
134eay_str2asn1dn(str, len)
135 const char *str;
136 int len;
137{
138 X509_NAME *name;
139 char *buf;
140 char *field, *value;
141 int i, j;
142 vchar_t *ret = NULL;
143 caddr_t p;
144
145 if (len == -1)
146 len = strlen(str);
147
148 buf = racoon_malloc(len + 1);
149 if (!buf) {
150 plog(LLV_WARNING, LOCATION, NULL,"failed to allocate buffer\n");
151 return NULL;
152 }
153 memcpy(buf, str, len);
154
155 name = X509_NAME_new();
156
157 field = &buf[0];
158 value = NULL;
159 for (i = 0; i < len; i++) {
160 if (!value && buf[i] == '=') {
161 buf[i] = '\0';
162 value = &buf[i + 1];
163 continue;
164 } else if (buf[i] == ',' || buf[i] == '/') {
165 buf[i] = '\0';
166
167 plog(LLV_DEBUG, LOCATION, NULL, "DN: %s=%s\n",
168 field, value);
169
170 if (!value) goto err;
171 if (!X509_NAME_add_entry_by_txt(name, field,
172 (value[0] == '*' && value[1] == 0) ?
173 V_ASN1_PRINTABLESTRING : MBSTRING_ASC,
174 (unsigned char *) value, -1, -1, 0)) {
175 plog(LLV_ERROR, LOCATION, NULL,
176 "Invalid DN field: %s=%s\n",
177 field, value);
178 plog(LLV_ERROR, LOCATION, NULL,
179 "%s\n", eay_strerror());
180 goto err;
181 }
182 for (j = i + 1; j < len; j++) {
183 if (buf[j] != ' ')
184 break;
185 }
186 field = &buf[j];
187 value = NULL;
188 continue;
189 }
190 }
191 buf[len] = '\0';
192
193 plog(LLV_DEBUG, LOCATION, NULL, "DN: %s=%s\n",
194 field, value);
195
196 if (!value) goto err;
197 if (!X509_NAME_add_entry_by_txt(name, field,
198 (value[0] == '*' && value[1] == 0) ?
199 V_ASN1_PRINTABLESTRING : MBSTRING_ASC,
200 (unsigned char *) value, -1, -1, 0)) {
201 plog(LLV_ERROR, LOCATION, NULL,
202 "Invalid DN field: %s=%s\n",
203 field, value);
204 plog(LLV_ERROR, LOCATION, NULL,
205 "%s\n", eay_strerror());
206 goto err;
207 }
208
209 i = i2d_X509_NAME(name, NULL);
210 if (!i)
211 goto err;
212 ret = vmalloc(i);
213 if (!ret)
214 goto err;
215 p = ret->v;
216 i = i2d_X509_NAME(name, (void *)&p);
217 if (!i)
218 goto err;
219
220 return ret;
221
222 err:
223 if (buf)
224 racoon_free(buf);
225 if (name)
226 X509_NAME_free(name);
227 if (ret)
228 vfree(ret);
229 return NULL;
230}
231
232/*
233 * convert the hex string of the subject name into DER
234 */
235vchar_t *
236eay_hex2asn1dn(const char *hex, int len)
237{
238 BIGNUM *bn = BN_new();
239 char *binbuf;
240 size_t binlen;
241 vchar_t *ret = NULL;
242
243 if (len == -1)
244 len = strlen(hex);
245
246 if (BN_hex2bn(&bn, hex) != len) {
247 plog(LLV_ERROR, LOCATION, NULL,
248 "conversion of Hex-encoded ASN1 string to binary failed: %s\n",
249 eay_strerror());
250 goto out;
251 }
252
253 binlen = BN_num_bytes(bn);
254 ret = vmalloc(binlen);
255 if (!ret) {
256 plog(LLV_WARNING, LOCATION, NULL,"failed to allocate buffer\n");
257 return NULL;
258 }
259 binbuf = ret->v;
260
261 BN_bn2bin(bn, (unsigned char *) binbuf);
262
263out:
264 BN_free(bn);
265
266 return ret;
267}
268
269/*
270 * The following are derived from code in crypto/x509/x509_cmp.c
271 * in OpenSSL0.9.7c:
272 * X509_NAME_wildcmp() adds wildcard matching to the original
273 * X509_NAME_cmp(), nocase_cmp() and nocase_spacenorm_cmp() are as is.
274 */
275#include <ctype.h>
276/* Case insensitive string comparision */
277static int nocase_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
278{
279 int i;
280
281 if (a->length != b->length)
282 return (a->length - b->length);
283
284 for (i=0; i<a->length; i++)
285 {
286 int ca, cb;
287
288 ca = tolower(a->data[i]);
289 cb = tolower(b->data[i]);
290
291 if (ca != cb)
292 return(ca-cb);
293 }
294 return 0;
295}
296
297/* Case insensitive string comparision with space normalization
298 * Space normalization - ignore leading, trailing spaces,
299 * multiple spaces between characters are replaced by single space
300 */
301static int nocase_spacenorm_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
302{
303 unsigned char *pa = NULL, *pb = NULL;
304 int la, lb;
305
306 la = a->length;
307 lb = b->length;
308 pa = a->data;
309 pb = b->data;
310
311 /* skip leading spaces */
312 while (la > 0 && isspace(*pa))
313 {
314 la--;
315 pa++;
316 }
317 while (lb > 0 && isspace(*pb))
318 {
319 lb--;
320 pb++;
321 }
322
323 /* skip trailing spaces */
324 while (la > 0 && isspace(pa[la-1]))
325 la--;
326 while (lb > 0 && isspace(pb[lb-1]))
327 lb--;
328
329 /* compare strings with space normalization */
330 while (la > 0 && lb > 0)
331 {
332 int ca, cb;
333
334 /* compare character */
335 ca = tolower(*pa);
336 cb = tolower(*pb);
337 if (ca != cb)
338 return (ca - cb);
339
340 pa++; pb++;
341 la--; lb--;
342
343 if (la <= 0 || lb <= 0)
344 break;
345
346 /* is white space next character ? */
347 if (isspace(*pa) && isspace(*pb))
348 {
349 /* skip remaining white spaces */
350 while (la > 0 && isspace(*pa))
351 {
352 la--;
353 pa++;
354 }
355 while (lb > 0 && isspace(*pb))
356 {
357 lb--;
358 pb++;
359 }
360 }
361 }
362 if (la > 0 || lb > 0)
363 return la - lb;
364
365 return 0;
366}
367
368static int X509_NAME_wildcmp(const X509_NAME *a, const X509_NAME *b)
369{
370 int i,j;
371 X509_NAME_ENTRY *na,*nb;
372
373 if (sk_X509_NAME_ENTRY_num(a->entries)
374 != sk_X509_NAME_ENTRY_num(b->entries))
375 return sk_X509_NAME_ENTRY_num(a->entries)
376 -sk_X509_NAME_ENTRY_num(b->entries);
377 for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
378 {
379 na=sk_X509_NAME_ENTRY_value(a->entries,i);
380 nb=sk_X509_NAME_ENTRY_value(b->entries,i);
381 j=OBJ_cmp(na->object,nb->object);
382 if (j) return(j);
383 if ((na->value->length == 1 && na->value->data[0] == '*')
384 || (nb->value->length == 1 && nb->value->data[0] == '*'))
385 continue;
386 j=na->value->type-nb->value->type;
387 if (j) return(j);
388 if (na->value->type == V_ASN1_PRINTABLESTRING)
389 j=nocase_spacenorm_cmp(na->value, nb->value);
390 else if (na->value->type == V_ASN1_IA5STRING
391 && OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress)
392 j=nocase_cmp(na->value, nb->value);
393 else
394 {
395 j=na->value->length-nb->value->length;
396 if (j) return(j);
397 j=memcmp(na->value->data,nb->value->data,
398 na->value->length);
399 }
400 if (j) return(j);
401 j=na->set-nb->set;
402 if (j) return(j);
403 }
404
405 return(0);
406}
407
408/*
409 * compare two subjectNames.
410 * OUT: 0: equal
411 * positive:
412 * -1: other error.
413 */
414int
415eay_cmp_asn1dn(n1, n2)
416 vchar_t *n1, *n2;
417{
418 X509_NAME *a = NULL, *b = NULL;
419 caddr_t p;
420 int i = -1;
421
422 p = n1->v;
423 if (!d2i_X509_NAME(&a, (void *)&p, n1->l))
424 goto end;
425 p = n2->v;
426 if (!d2i_X509_NAME(&b, (void *)&p, n2->l))
427 goto end;
428
429 i = X509_NAME_wildcmp(a, b);
430
431 end:
432 if (a)
433 X509_NAME_free(a);
434 if (b)
435 X509_NAME_free(b);
436 return i;
437}
438
Chia-chi Yehb880c662009-07-06 14:29:18 +0800[diff] [blame]439#ifdef ANDROID_CHANGES
440static BIO *BIO_from_keystore(char *key)
441{
442 BIO *bio = NULL;
443 char *value;
444 int size;
445
446 value = keystore_get(key, &size);
447 if (value) {
448 bio = BIO_new(BIO_s_mem());
449 if (bio) {
450 BIO_write(bio, value, size);
451 }
452 free(value);
453 }
454 return bio;
455}
456#endif
457
458
Chung-yih Wang0a1907d2009-04-23 12:26:00 +0800[diff] [blame]459/*
460 * this functions is derived from apps/verify.c in OpenSSL0.9.5
461 */
462int
463eay_check_x509cert(cert, CApath, CAfile, local)
464 vchar_t *cert;
465 char *CApath;
466 char *CAfile;
467 int local;
468{
469 X509_STORE *cert_ctx = NULL;
470 X509_LOOKUP *lookup = NULL;
471 X509 *x509 = NULL;
472 X509_STORE_CTX *csc;
473 int error = -1;
474
475 cert_ctx = X509_STORE_new();
476 if (cert_ctx == NULL)
477 goto end;
478
479 if (local)
480 X509_STORE_set_verify_cb_func(cert_ctx, cb_check_cert_local);
481 else
482 X509_STORE_set_verify_cb_func(cert_ctx, cb_check_cert_remote);
483
Chia-chi Yehb880c662009-07-06 14:29:18 +0800[diff] [blame]484#ifndef ANDROID_CHANGES
Chung-yih Wang0a1907d2009-04-23 12:26:00 +0800[diff] [blame]485 lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file());
486 if (lookup == NULL)
487 goto end;
488
489 X509_LOOKUP_load_file(lookup, CAfile,
490 (CAfile == NULL) ? X509_FILETYPE_DEFAULT : X509_FILETYPE_PEM);
491
492 lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_hash_dir());
493 if (lookup == NULL)
494 goto end;
495 error = X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM);
496 if(!error) {
497 error = -1;
498 goto end;
499 }
500 error = -1; /* initialized */
Chia-chi Yehb880c662009-07-06 14:29:18 +0800[diff] [blame]501#else
502 if (CAfile) {
503 BIO *bio = BIO_from_keystore(CAfile);
504 if (bio) {
505 x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
506 X509_STORE_add_cert(cert_ctx, x509);
507 BIO_free(bio);
508 }
509 }
510#endif
Chung-yih Wang0a1907d2009-04-23 12:26:00 +0800[diff] [blame]511
512 /* read the certificate to be verified */
513 x509 = mem2x509(cert);
514 if (x509 == NULL)
515 goto end;
516
517 csc = X509_STORE_CTX_new();
518 if (csc == NULL)
519 goto end;
520 X509_STORE_CTX_init(csc, cert_ctx, x509, NULL);
521#if OPENSSL_VERSION_NUMBER >= 0x00907000L
522 X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CRL_CHECK);
523 X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CRL_CHECK_ALL);
524#endif
525 error = X509_verify_cert(csc);
526 X509_STORE_CTX_cleanup(csc);
527
528 /*
529 * if x509_verify_cert() is successful then the value of error is
530 * set non-zero.
531 */
532 error = error ? 0 : -1;
533
534end:
535 if (error)
536 plog(LLV_WARNING, LOCATION, NULL,"%s\n", eay_strerror());
537 if (cert_ctx != NULL)
538 X509_STORE_free(cert_ctx);
539 if (x509 != NULL)
540 X509_free(x509);
541
542 return(error);
543}
544
545/*
546 * callback function for verifing certificate.
547 * this function is derived from cb() in openssl/apps/s_server.c
548 */
549static int
550cb_check_cert_local(ok, ctx)
551 int ok;
552 X509_STORE_CTX *ctx;
553{
554 char buf[256];
555 int log_tag;
556
557 if (!ok) {
558 X509_NAME_oneline(
559 X509_get_subject_name(ctx->current_cert),
560 buf,
561 256);
562 /*
563 * since we are just checking the certificates, it is
564 * ok if they are self signed. But we should still warn
565 * the user.
566 */
567 switch (ctx->error) {
568 case X509_V_ERR_CERT_HAS_EXPIRED:
569 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
570 case X509_V_ERR_INVALID_CA:
571 case X509_V_ERR_PATH_LENGTH_EXCEEDED:
572 case X509_V_ERR_INVALID_PURPOSE:
573 case X509_V_ERR_UNABLE_TO_GET_CRL:
574 ok = 1;
575 log_tag = LLV_WARNING;
576 break;
577 default:
578 log_tag = LLV_ERROR;
579 }
580 plog(log_tag, LOCATION, NULL,
581 "%s(%d) at depth:%d SubjectName:%s\n",
582 X509_verify_cert_error_string(ctx->error),
583 ctx->error,
584 ctx->error_depth,
585 buf);
586 }
587 ERR_clear_error();
588
589 return ok;
590}
591
592/*
593 * callback function for verifing remote certificates.
594 * this function is derived from cb() in openssl/apps/s_server.c
595 */
596static int
597cb_check_cert_remote(ok, ctx)
598 int ok;
599 X509_STORE_CTX *ctx;
600{
601 char buf[256];
602 int log_tag;
603
604 if (!ok) {
605 X509_NAME_oneline(
606 X509_get_subject_name(ctx->current_cert),
607 buf,
608 256);
609 switch (ctx->error) {
610 case X509_V_ERR_UNABLE_TO_GET_CRL:
611 ok = 1;
612 log_tag = LLV_WARNING;
613 break;
614 default:
615 log_tag = LLV_ERROR;
616 }
617 plog(log_tag, LOCATION, NULL,
618 "%s(%d) at depth:%d SubjectName:%s\n",
619 X509_verify_cert_error_string(ctx->error),
620 ctx->error,
621 ctx->error_depth,
622 buf);
623 }
624 ERR_clear_error();
625
626 return ok;
627}
628
629/*
630 * get a subjectAltName from X509 certificate.
631 */
632vchar_t *
633eay_get_x509asn1subjectname(cert)
634 vchar_t *cert;
635{
636 X509 *x509 = NULL;
637 u_char *bp;
638 vchar_t *name = NULL;
639 int len;
640
641 bp = (unsigned char *) cert->v;
642
643 x509 = mem2x509(cert);
644 if (x509 == NULL)
645 goto error;
646
647 /* get the length of the name */
648 len = i2d_X509_NAME(x509->cert_info->subject, NULL);
649 name = vmalloc(len);
650 if (!name)
651 goto error;
652 /* get the name */
653 bp = (unsigned char *) name->v;
654 len = i2d_X509_NAME(x509->cert_info->subject, &bp);
655
656 X509_free(x509);
657
658 return name;
659
660error:
661 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
662
663 if (name != NULL)
664 vfree(name);
665
666 if (x509 != NULL)
667 X509_free(x509);
668
669 return NULL;
670}
671
672/*
673 * get the subjectAltName from X509 certificate.
674 * the name must be terminated by '\0'.
675 */
676int
677eay_get_x509subjectaltname(cert, altname, type, pos)
678 vchar_t *cert;
679 char **altname;
680 int *type;
681 int pos;
682{
683 X509 *x509 = NULL;
684 GENERAL_NAMES *gens = NULL;
685 GENERAL_NAME *gen;
686 int len;
687 int error = -1;
688
689 *altname = NULL;
690 *type = GENT_OTHERNAME;
691
692 x509 = mem2x509(cert);
693 if (x509 == NULL)
694 goto end;
695
696 gens = X509_get_ext_d2i(x509, NID_subject_alt_name, NULL, NULL);
697 if (gens == NULL)
698 goto end;
699
700 /* there is no data at "pos" */
701 if (pos > sk_GENERAL_NAME_num(gens))
702 goto end;
703
704 gen = sk_GENERAL_NAME_value(gens, pos - 1);
705
706 /* read DNSName / Email */
707 if (gen->type == GEN_DNS ||
708 gen->type == GEN_EMAIL ||
709 gen->type == GEN_URI )
710 {
711 /* make sure if the data is terminated by '\0'. */
712 if (gen->d.ia5->data[gen->d.ia5->length] != '\0')
713 {
714 plog(LLV_ERROR, LOCATION, NULL,
715 "data is not terminated by NUL.");
716 racoon_hexdump(gen->d.ia5->data, gen->d.ia5->length + 1);
717 goto end;
718 }
719
720 len = gen->d.ia5->length + 1;
721 *altname = racoon_malloc(len);
722 if (!*altname)
723 goto end;
724
725 strlcpy(*altname, (char *) gen->d.ia5->data, len);
726 *type = gen->type;
727 error = 0;
728 }
729 /* read IP address */
730 else if (gen->type == GEN_IPADD)
731 {
732 unsigned char p[5], *ip;
733 ip = p;
734
735 /* only support IPv4 */
736 if (gen->d.ip->length != 4)
737 goto end;
738
739 /* convert Octet String to String
740 * XXX ???????
741 */
742 /*i2d_ASN1_OCTET_STRING(gen->d.ip,&ip);*/
743 ip = gen->d.ip->data;
744
745 /* XXX Magic, enough for an IPv4 address
746 */
747 *altname = racoon_malloc(20);
748 if (!*altname)
749 goto end;
750
751 sprintf(*altname, "%u.%u.%u.%u", ip[0], ip[1], ip[2], ip[3]);
752 *type = gen->type;
753 error = 0;
754 }
755 /* XXX other possible types ?
756 * For now, error will be -1 if unsupported type
757 */
758
759end:
760 if (error) {
761 if (*altname) {
762 racoon_free(*altname);
763 *altname = NULL;
764 }
765 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
766 }
767 if (x509)
768 X509_free(x509);
769 if (gens)
770 /* free the whole stack. */
771 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
772
773 return error;
774}
775
776
777/*
778 * decode a X509 certificate and make a readable text terminated '\n'.
779 * return the buffer allocated, so must free it later.
780 */
781char *
782eay_get_x509text(cert)
783 vchar_t *cert;
784{
785 X509 *x509 = NULL;
786 BIO *bio = NULL;
787 char *text = NULL;
788 u_char *bp = NULL;
789 int len = 0;
790 int error = -1;
791
792 x509 = mem2x509(cert);
793 if (x509 == NULL)
794 goto end;
795
796 bio = BIO_new(BIO_s_mem());
797 if (bio == NULL)
798 goto end;
799
800 error = X509_print(bio, x509);
801 if (error != 1) {
802 error = -1;
803 goto end;
804 }
805
806 len = BIO_get_mem_data(bio, &bp);
807 text = racoon_malloc(len + 1);
808 if (text == NULL)
809 goto end;
810 memcpy(text, bp, len);
811 text[len] = '\0';
812
813 error = 0;
814
815 end:
816 if (error) {
817 if (text) {
818 racoon_free(text);
819 text = NULL;
820 }
821 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
822 }
823 if (bio)
824 BIO_free(bio);
825 if (x509)
826 X509_free(x509);
827
828 return text;
829}
830
831/* get X509 structure from buffer. */
832static X509 *
833mem2x509(cert)
834 vchar_t *cert;
835{
836 X509 *x509;
837
838#ifndef EAYDEBUG
839 {
840 u_char *bp;
841
842 bp = (unsigned char *) cert->v;
843
844 x509 = d2i_X509(NULL, (void *)&bp, cert->l);
845 }
846#else
847 {
848 BIO *bio;
849 int len;
850
851 bio = BIO_new(BIO_s_mem());
852 if (bio == NULL)
853 return NULL;
854 len = BIO_write(bio, cert->v, cert->l);
855 if (len == -1)
856 return NULL;
857 x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
858 BIO_free(bio);
859 }
860#endif
861 return x509;
862}
863
864/*
865 * get a X509 certificate from local file.
866 * a certificate must be PEM format.
867 * Input:
868 * path to a certificate.
869 * Output:
870 * NULL if error occured
871 * other is the cert.
872 */
873vchar_t *
874eay_get_x509cert(path)
875 char *path;
876{
877 FILE *fp;
878 X509 *x509;
879 vchar_t *cert;
880 u_char *bp;
881 int len;
882 int error;
883
Chia-chi Yehb880c662009-07-06 14:29:18 +0800[diff] [blame]884#ifdef ANDROID_CHANGES
885 BIO *bio = BIO_from_keystore(path);
886 x509 = NULL;
887 if (bio) {
888 x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
889 BIO_free(bio);
890 }
891#else
Chung-yih Wang0a1907d2009-04-23 12:26:00 +0800[diff] [blame]892 /* Read private key */
893 fp = fopen(path, "r");
894 if (fp == NULL)
895 return NULL;
896 x509 = PEM_read_X509(fp, NULL, NULL, NULL);
897 fclose (fp);
Chia-chi Yehb880c662009-07-06 14:29:18 +0800[diff] [blame]898#endif
Chung-yih Wang0a1907d2009-04-23 12:26:00 +0800[diff] [blame]899
900 if (x509 == NULL)
901 return NULL;
902
903 len = i2d_X509(x509, NULL);
904 cert = vmalloc(len);
905 if (cert == NULL) {
906 X509_free(x509);
907 return NULL;
908 }
909 bp = (unsigned char *) cert->v;
910 error = i2d_X509(x509, &bp);
911 X509_free(x509);
912
913 if (error == 0) {
914 vfree(cert);
915 return NULL;
916 }
917
918 return cert;
919}
920
921/*
922 * check a X509 signature
923 * XXX: to be get hash type from my cert ?
924 * to be handled EVP_dss().
925 * OUT: return -1 when error.
926 * 0
927 */
928int
929eay_check_x509sign(source, sig, cert)
930 vchar_t *source;
931 vchar_t *sig;
932 vchar_t *cert;
933{
934 X509 *x509;
935 u_char *bp;
936 EVP_PKEY *evp;
937 int res;
938
939 bp = (unsigned char *) cert->v;
940
941 x509 = d2i_X509(NULL, (void *)&bp, cert->l);
942 if (x509 == NULL) {
943 plog(LLV_ERROR, LOCATION, NULL, "d2i_X509(): %s\n", eay_strerror());
944 return -1;
945 }
946
947 evp = X509_get_pubkey(x509);
948 if (! evp) {
949 plog(LLV_ERROR, LOCATION, NULL, "X509_get_pubkey(): %s\n", eay_strerror());
Chia-chi Yeh1c715272009-06-21 08:13:52 +0800[diff] [blame]950 X509_free(x509);
Chung-yih Wang0a1907d2009-04-23 12:26:00 +0800[diff] [blame]951 return -1;
952 }
953
954 res = eay_rsa_verify(source, sig, evp->pkey.rsa);
955
956 EVP_PKEY_free(evp);
Chia-chi Yeh1c715272009-06-21 08:13:52 +0800[diff] [blame]957 X509_free(x509);
Chung-yih Wang0a1907d2009-04-23 12:26:00 +0800[diff] [blame]958
959 return res;
960}
961
962/*
963 * check RSA signature
964 * OUT: return -1 when error.
965 * 0 on success
966 */
967int
968eay_check_rsasign(source, sig, rsa)
969 vchar_t *source;
970 vchar_t *sig;
971 RSA *rsa;
972{
973 return eay_rsa_verify(source, sig, rsa);
974}
975
976/*
977 * get PKCS#1 Private Key of PEM format from local file.
978 */
979vchar_t *
980eay_get_pkcs1privkey(path)
981 char *path;
982{
983 FILE *fp;
984 EVP_PKEY *evp = NULL;
985 vchar_t *pkey = NULL;
986 u_char *bp;
987 int pkeylen;
988 int error = -1;
989
Chia-chi Yehb880c662009-07-06 14:29:18 +0800[diff] [blame]990#ifdef ANDROID_CHANGES
991 BIO *bio = BIO_from_keystore(path);
992 if (bio) {
993 evp = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL);
994 BIO_free(bio);
995 }
996#else
Chung-yih Wang0a1907d2009-04-23 12:26:00 +0800[diff] [blame]997 /* Read private key */
998 fp = fopen(path, "r");
999 if (fp == NULL)
1000 return NULL;
1001
1002 evp = PEM_read_PrivateKey(fp, NULL, NULL, NULL);
1003
1004 fclose (fp);
Chia-chi Yehb880c662009-07-06 14:29:18 +0800[diff] [blame]1005#endif
Chung-yih Wang0a1907d2009-04-23 12:26:00 +0800[diff] [blame]1006
1007 if (evp == NULL)
1008 return NULL;
1009
1010 pkeylen = i2d_PrivateKey(evp, NULL);
1011 if (pkeylen == 0)
1012 goto end;
1013 pkey = vmalloc(pkeylen);
1014 if (pkey == NULL)
1015 goto end;
1016 bp = (unsigned char *) pkey->v;
1017 pkeylen = i2d_PrivateKey(evp, &bp);
1018 if (pkeylen == 0)
1019 goto end;
1020
1021 error = 0;
1022
1023end:
1024 if (evp != NULL)
1025 EVP_PKEY_free(evp);
1026 if (error != 0 && pkey != NULL) {
1027 vfree(pkey);
1028 pkey = NULL;
1029 }
1030
1031 return pkey;
1032}
1033
1034/*
1035 * get PKCS#1 Public Key of PEM format from local file.
1036 */
1037vchar_t *
1038eay_get_pkcs1pubkey(path)
1039 char *path;
1040{
1041 FILE *fp;
1042 EVP_PKEY *evp = NULL;
1043 vchar_t *pkey = NULL;
1044 X509 *x509 = NULL;
1045 u_char *bp;
1046 int pkeylen;
1047 int error = -1;
1048
1049 /* Read private key */
1050 fp = fopen(path, "r");
1051 if (fp == NULL)
1052 return NULL;
1053
1054 x509 = PEM_read_X509(fp, NULL, NULL, NULL);
1055
1056 fclose (fp);
1057
1058 if (x509 == NULL)
1059 return NULL;
1060
1061 /* Get public key - eay */
1062 evp = X509_get_pubkey(x509);
1063 if (evp == NULL)
1064 return NULL;
1065
1066 pkeylen = i2d_PublicKey(evp, NULL);
1067 if (pkeylen == 0)
1068 goto end;
1069 pkey = vmalloc(pkeylen);
1070 if (pkey == NULL)
1071 goto end;
1072 bp = (unsigned char *) pkey->v;
1073 pkeylen = i2d_PublicKey(evp, &bp);
1074 if (pkeylen == 0)
1075 goto end;
1076
1077 error = 0;
1078end:
1079 if (evp != NULL)
1080 EVP_PKEY_free(evp);
1081 if (error != 0 && pkey != NULL) {
1082 vfree(pkey);
1083 pkey = NULL;
1084 }
1085
1086 return pkey;
1087}
1088
1089vchar_t *
1090eay_get_x509sign(src, privkey)
1091 vchar_t *src, *privkey;
1092{
1093 EVP_PKEY *evp;
1094 u_char *bp = (unsigned char *) privkey->v;
1095 vchar_t *sig = NULL;
1096 int len;
1097 int pad = RSA_PKCS1_PADDING;
1098
1099 /* XXX to be handled EVP_PKEY_DSA */
1100 evp = d2i_PrivateKey(EVP_PKEY_RSA, NULL, (void *)&bp, privkey->l);
1101 if (evp == NULL)
1102 return NULL;
1103
1104 sig = eay_rsa_sign(src, evp->pkey.rsa);
1105
1106 EVP_PKEY_free(evp);
1107
1108 return sig;
1109}
1110
1111vchar_t *
1112eay_get_rsasign(src, rsa)
1113 vchar_t *src;
1114 RSA *rsa;
1115{
1116 return eay_rsa_sign(src, rsa);
1117}
1118
1119vchar_t *
1120eay_rsa_sign(vchar_t *src, RSA *rsa)
1121{
1122 int len;
1123 vchar_t *sig = NULL;
1124 int pad = RSA_PKCS1_PADDING;
1125
1126 len = RSA_size(rsa);
1127
1128 sig = vmalloc(len);
1129 if (sig == NULL)
1130 return NULL;
1131
1132 len = RSA_private_encrypt(src->l, (unsigned char *) src->v,
1133 (unsigned char *) sig->v, rsa, pad);
1134
1135 if (len == 0 || len != sig->l) {
1136 vfree(sig);
1137 sig = NULL;
1138 }
1139
1140 return sig;
1141}
1142
1143int
1144eay_rsa_verify(src, sig, rsa)
1145 vchar_t *src, *sig;
1146 RSA *rsa;
1147{
1148 vchar_t *xbuf = NULL;
1149 int pad = RSA_PKCS1_PADDING;
1150 int len = 0;
1151 int error;
1152
1153 len = RSA_size(rsa);
1154 xbuf = vmalloc(len);
1155 if (xbuf == NULL) {
1156 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
1157 return -1;
1158 }
1159
1160 len = RSA_public_decrypt(sig->l, (unsigned char *) sig->v,
1161 (unsigned char *) xbuf->v, rsa, pad);
1162 if (len == 0 || len != src->l) {
1163 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
1164 vfree(xbuf);
1165 return -1;
1166 }
1167
1168 error = memcmp(src->v, xbuf->v, src->l);
1169 vfree(xbuf);
1170 if (error != 0)
1171 return -1;
1172
1173 return 0;
1174}
1175
1176/*
1177 * get error string
1178 * MUST load ERR_load_crypto_strings() first.
1179 */
1180char *
1181eay_strerror()
1182{
1183 static char ebuf[512];
1184 int len = 0, n;
1185 unsigned long l;
1186 char buf[200];
1187 const char *file, *data;
1188 int line, flags;
1189 unsigned long es;
1190
1191 es = CRYPTO_thread_id();
1192
1193 while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0){
1194 n = snprintf(ebuf + len, sizeof(ebuf) - len,
1195 "%lu:%s:%s:%d:%s ",
1196 es, ERR_error_string(l, buf), file, line,
1197 (flags & ERR_TXT_STRING) ? data : "");
1198 if (n < 0 || n >= sizeof(ebuf) - len)
1199 break;
1200 len += n;
1201 if (sizeof(ebuf) < len)
1202 break;
1203 }
1204
1205 return ebuf;
1206}
1207
1208vchar_t *
1209evp_crypt(vchar_t *data, vchar_t *key, vchar_t *iv, const EVP_CIPHER *e, int enc)
1210{
1211 vchar_t *res;
1212 EVP_CIPHER_CTX ctx;
1213
1214 if (!e)
1215 return NULL;
1216
1217 if (data->l % EVP_CIPHER_block_size(e))
1218 return NULL;
1219
1220 if ((res = vmalloc(data->l)) == NULL)
1221 return NULL;
1222
1223 EVP_CIPHER_CTX_init(&ctx);
1224
1225 switch(EVP_CIPHER_nid(e)){
1226 case NID_bf_cbc:
1227 case NID_bf_ecb:
1228 case NID_bf_cfb64:
1229 case NID_bf_ofb64:
1230 case NID_cast5_cbc:
1231 case NID_cast5_ecb:
1232 case NID_cast5_cfb64:
1233 case NID_cast5_ofb64:
1234 /* XXX: can we do that also for algos with a fixed key size ?
1235 */
1236 /* init context without key/iv
1237 */
1238 if (!EVP_CipherInit(&ctx, e, NULL, NULL, enc))
1239 {
1240 OpenSSL_BUG();
1241 vfree(res);
1242 return NULL;
1243 }
1244
1245 /* update key size
1246 */
1247 if (!EVP_CIPHER_CTX_set_key_length(&ctx, key->l))
1248 {
1249 OpenSSL_BUG();
1250 vfree(res);
1251 return NULL;
1252 }
1253
1254 /* finalize context init with desired key size
1255 */
1256 if (!EVP_CipherInit(&ctx, NULL, (u_char *) key->v,
1257 (u_char *) iv->v, enc))
1258 {
1259 OpenSSL_BUG();
1260 vfree(res);
1261 return NULL;
1262 }
1263 break;
1264 default:
1265 if (!EVP_CipherInit(&ctx, e, (u_char *) key->v,
1266 (u_char *) iv->v, enc)) {
1267 OpenSSL_BUG();
1268 vfree(res);
1269 return NULL;
1270 }
1271 }
1272
1273 /* disable openssl padding */
1274 EVP_CIPHER_CTX_set_padding(&ctx, 0);
1275
1276 if (!EVP_Cipher(&ctx, (u_char *) res->v, (u_char *) data->v, data->l)) {
1277 OpenSSL_BUG();
1278 vfree(res);
1279 return NULL;
1280 }
1281
1282 EVP_CIPHER_CTX_cleanup(&ctx);
1283
1284 return res;
1285}
1286
1287int
1288evp_weakkey(vchar_t *key, const EVP_CIPHER *e)
1289{
1290 return 0;
1291}
1292
1293int
1294evp_keylen(int len, const EVP_CIPHER *e)
1295{
1296 if (!e)
1297 return -1;
1298 /* EVP functions return lengths in bytes, ipsec-tools
1299 * uses lengths in bits, therefore conversion is required. --AK
1300 */
1301 if (len != 0 && len != (EVP_CIPHER_key_length(e) << 3))
1302 return -1;
1303
1304 return EVP_CIPHER_key_length(e) << 3;
1305}
1306
1307/*
1308 * DES-CBC
1309 */
1310vchar_t *
1311eay_des_encrypt(data, key, iv)
1312 vchar_t *data, *key, *iv;
1313{
1314 return evp_crypt(data, key, iv, EVP_des_cbc(), 1);
1315}
1316
1317vchar_t *
1318eay_des_decrypt(data, key, iv)
1319 vchar_t *data, *key, *iv;
1320{
1321 return evp_crypt(data, key, iv, EVP_des_cbc(), 0);
1322}
1323
1324int
1325eay_des_weakkey(key)
1326 vchar_t *key;
1327{
1328#ifdef USE_NEW_DES_API
1329 return DES_is_weak_key((void *)key->v);
1330#else
1331 return des_is_weak_key((void *)key->v);
1332#endif
1333}
1334
1335int
1336eay_des_keylen(len)
1337 int len;
1338{
1339 return evp_keylen(len, EVP_des_cbc());
1340}
1341
1342#ifdef HAVE_OPENSSL_IDEA_H
1343/*
1344 * IDEA-CBC
1345 */
1346vchar_t *
1347eay_idea_encrypt(data, key, iv)
1348 vchar_t *data, *key, *iv;
1349{
1350 vchar_t *res;
1351 IDEA_KEY_SCHEDULE ks;
1352
1353 idea_set_encrypt_key((unsigned char *)key->v, &ks);
1354
1355 /* allocate buffer for result */
1356 if ((res = vmalloc(data->l)) == NULL)
1357 return NULL;
1358
1359 /* decryption data */
1360 idea_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l,
1361 &ks, (unsigned char *)iv->v, IDEA_ENCRYPT);
1362
1363 return res;
1364}
1365
1366vchar_t *
1367eay_idea_decrypt(data, key, iv)
1368 vchar_t *data, *key, *iv;
1369{
1370 vchar_t *res;
1371 IDEA_KEY_SCHEDULE ks, dks;
1372
1373 idea_set_encrypt_key((unsigned char *)key->v, &ks);
1374 idea_set_decrypt_key(&ks, &dks);
1375
1376 /* allocate buffer for result */
1377 if ((res = vmalloc(data->l)) == NULL)
1378 return NULL;
1379
1380 /* decryption data */
1381 idea_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l,
1382 &dks, (unsigned char *)iv->v, IDEA_DECRYPT);
1383
1384 return res;
1385}
1386
1387int
1388eay_idea_weakkey(key)
1389 vchar_t *key;
1390{
1391 return 0; /* XXX */
1392}
1393
1394int
1395eay_idea_keylen(len)
1396 int len;
1397{
1398 if (len != 0 && len != 128)
1399 return -1;
1400 return 128;
1401}
1402#endif
1403
1404/*
1405 * BLOWFISH-CBC
1406 */
1407vchar_t *
1408eay_bf_encrypt(data, key, iv)
1409 vchar_t *data, *key, *iv;
1410{
1411 return evp_crypt(data, key, iv, EVP_bf_cbc(), 1);
1412}
1413
1414vchar_t *
1415eay_bf_decrypt(data, key, iv)
1416 vchar_t *data, *key, *iv;
1417{
1418 return evp_crypt(data, key, iv, EVP_bf_cbc(), 0);
1419}
1420
1421int
1422eay_bf_weakkey(key)
1423 vchar_t *key;
1424{
1425 return 0; /* XXX to be done. refer to RFC 2451 */
1426}
1427
1428int
1429eay_bf_keylen(len)
1430 int len;
1431{
1432 if (len == 0)
1433 return 448;
1434 if (len < 40 || len > 448)
1435 return -1;
1436 return len;
1437}
1438
1439#ifdef HAVE_OPENSSL_RC5_H
1440/*
1441 * RC5-CBC
1442 */
1443vchar_t *
1444eay_rc5_encrypt(data, key, iv)
1445 vchar_t *data, *key, *iv;
1446{
1447 vchar_t *res;
1448 RC5_32_KEY ks;
1449
1450 /* in RFC 2451, there is information about the number of round. */
1451 RC5_32_set_key(&ks, key->l, (unsigned char *)key->v, 16);
1452
1453 /* allocate buffer for result */
1454 if ((res = vmalloc(data->l)) == NULL)
1455 return NULL;
1456
1457 /* decryption data */
1458 RC5_32_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l,
1459 &ks, (unsigned char *)iv->v, RC5_ENCRYPT);
1460
1461 return res;
1462}
1463
1464vchar_t *
1465eay_rc5_decrypt(data, key, iv)
1466 vchar_t *data, *key, *iv;
1467{
1468 vchar_t *res;
1469 RC5_32_KEY ks;
1470
1471 /* in RFC 2451, there is information about the number of round. */
1472 RC5_32_set_key(&ks, key->l, (unsigned char *)key->v, 16);
1473
1474 /* allocate buffer for result */
1475 if ((res = vmalloc(data->l)) == NULL)
1476 return NULL;
1477
1478 /* decryption data */
1479 RC5_32_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l,
1480 &ks, (unsigned char *)iv->v, RC5_DECRYPT);
1481
1482 return res;
1483}
1484
1485int
1486eay_rc5_weakkey(key)
1487 vchar_t *key;
1488{
1489 return 0; /* No known weak keys when used with 16 rounds. */
1490
1491}
1492
1493int
1494eay_rc5_keylen(len)
1495 int len;
1496{
1497 if (len == 0)
1498 return 128;
1499 if (len < 40 || len > 2040)
1500 return -1;
1501 return len;
1502}
1503#endif
1504
1505/*
1506 * 3DES-CBC
1507 */
1508vchar_t *
1509eay_3des_encrypt(data, key, iv)
1510 vchar_t *data, *key, *iv;
1511{
1512 return evp_crypt(data, key, iv, EVP_des_ede3_cbc(), 1);
1513}
1514
1515vchar_t *
1516eay_3des_decrypt(data, key, iv)
1517 vchar_t *data, *key, *iv;
1518{
1519 return evp_crypt(data, key, iv, EVP_des_ede3_cbc(), 0);
1520}
1521
1522int
1523eay_3des_weakkey(key)
1524 vchar_t *key;
1525{
1526#ifdef USE_NEW_DES_API
1527 return (DES_is_weak_key((void *)key->v) ||
1528 DES_is_weak_key((void *)(key->v + 8)) ||
1529 DES_is_weak_key((void *)(key->v + 16)));
1530#else
1531 if (key->l < 24)
1532 return 0;
1533
1534 return (des_is_weak_key((void *)key->v) ||
1535 des_is_weak_key((void *)(key->v + 8)) ||
1536 des_is_weak_key((void *)(key->v + 16)));
1537#endif
1538}
1539
1540int
1541eay_3des_keylen(len)
1542 int len;
1543{
1544 if (len != 0 && len != 192)
1545 return -1;
1546 return 192;
1547}
1548
1549/*
1550 * CAST-CBC
1551 */
1552vchar_t *
1553eay_cast_encrypt(data, key, iv)
1554 vchar_t *data, *key, *iv;
1555{
1556 return evp_crypt(data, key, iv, EVP_cast5_cbc(), 1);
1557}
1558
1559vchar_t *
1560eay_cast_decrypt(data, key, iv)
1561 vchar_t *data, *key, *iv;
1562{
1563 return evp_crypt(data, key, iv, EVP_cast5_cbc(), 0);
1564}
1565
1566int
1567eay_cast_weakkey(key)
1568 vchar_t *key;
1569{
1570 return 0; /* No known weak keys. */
1571}
1572
1573int
1574eay_cast_keylen(len)
1575 int len;
1576{
1577 if (len == 0)
1578 return 128;
1579 if (len < 40 || len > 128)
1580 return -1;
1581 return len;
1582}
1583
1584/*
1585 * AES(RIJNDAEL)-CBC
1586 */
1587#ifndef HAVE_OPENSSL_AES_H
1588vchar_t *
1589eay_aes_encrypt(data, key, iv)
1590 vchar_t *data, *key, *iv;
1591{
1592 vchar_t *res;
1593 keyInstance k;
1594 cipherInstance c;
1595
1596 memset(&k, 0, sizeof(k));
1597 if (rijndael_makeKey(&k, DIR_ENCRYPT, key->l << 3, key->v) < 0)
1598 return NULL;
1599
1600 /* allocate buffer for result */
1601 if ((res = vmalloc(data->l)) == NULL)
1602 return NULL;
1603
1604 /* encryption data */
1605 memset(&c, 0, sizeof(c));
1606 if (rijndael_cipherInit(&c, MODE_CBC, iv->v) < 0){
1607 vfree(res);
1608 return NULL;
1609 }
1610 if (rijndael_blockEncrypt(&c, &k, data->v, data->l << 3, res->v) < 0){
1611 vfree(res);
1612 return NULL;
1613 }
1614
1615 return res;
1616}
1617
1618vchar_t *
1619eay_aes_decrypt(data, key, iv)
1620 vchar_t *data, *key, *iv;
1621{
1622 vchar_t *res;
1623 keyInstance k;
1624 cipherInstance c;
1625
1626 memset(&k, 0, sizeof(k));
1627 if (rijndael_makeKey(&k, DIR_DECRYPT, key->l << 3, key->v) < 0)
1628 return NULL;
1629
1630 /* allocate buffer for result */
1631 if ((res = vmalloc(data->l)) == NULL)
1632 return NULL;
1633
1634 /* decryption data */
1635 memset(&c, 0, sizeof(c));
1636 if (rijndael_cipherInit(&c, MODE_CBC, iv->v) < 0){
1637 vfree(res);
1638 return NULL;
1639 }
1640 if (rijndael_blockDecrypt(&c, &k, data->v, data->l << 3, res->v) < 0){
1641 vfree(res);
1642 return NULL;
1643 }
1644
1645 return res;
1646}
1647#else
1648static inline const EVP_CIPHER *
1649aes_evp_by_keylen(int keylen)
1650{
1651 switch(keylen) {
1652 case 16:
1653 case 128:
1654 return EVP_aes_128_cbc();
1655 case 24:
1656 case 192:
1657 return EVP_aes_192_cbc();
1658 case 32:
1659 case 256:
1660 return EVP_aes_256_cbc();
1661 default:
1662 return NULL;
1663 }
1664}
1665
1666vchar_t *
1667eay_aes_encrypt(data, key, iv)
1668 vchar_t *data, *key, *iv;
1669{
1670 return evp_crypt(data, key, iv, aes_evp_by_keylen(key->l), 1);
1671}
1672
1673vchar_t *
1674eay_aes_decrypt(data, key, iv)
1675 vchar_t *data, *key, *iv;
1676{
1677 return evp_crypt(data, key, iv, aes_evp_by_keylen(key->l), 0);
1678}
1679#endif
1680
1681int
1682eay_aes_weakkey(key)
1683 vchar_t *key;
1684{
1685 return 0;
1686}
1687
1688int
1689eay_aes_keylen(len)
1690 int len;
1691{
1692 if (len == 0)
1693 return 128;
1694 if (len != 128 && len != 192 && len != 256)
1695 return -1;
1696 return len;
1697}
1698
1699#if defined(HAVE_OPENSSL_CAMELLIA_H)
1700/*
1701 * CAMELLIA-CBC
1702 */
1703static inline const EVP_CIPHER *
1704camellia_evp_by_keylen(int keylen)
1705{
1706 switch(keylen) {
1707 case 16:
1708 case 128:
1709 return EVP_camellia_128_cbc();
1710 case 24:
1711 case 192:
1712 return EVP_camellia_192_cbc();
1713 case 32:
1714 case 256:
1715 return EVP_camellia_256_cbc();
1716 default:
1717 return NULL;
1718 }
1719}
1720
1721vchar_t *
1722eay_camellia_encrypt(data, key, iv)
1723 vchar_t *data, *key, *iv;
1724{
1725 return evp_crypt(data, key, iv, camellia_evp_by_keylen(key->l), 1);
1726}
1727
1728vchar_t *
1729eay_camellia_decrypt(data, key, iv)
1730 vchar_t *data, *key, *iv;
1731{
1732 return evp_crypt(data, key, iv, camellia_evp_by_keylen(key->l), 0);
1733}
1734
1735int
1736eay_camellia_weakkey(key)
1737 vchar_t *key;
1738{
1739 return 0;
1740}
1741
1742int
1743eay_camellia_keylen(len)
1744 int len;
1745{
1746 if (len == 0)
1747 return 128;
1748 if (len != 128 && len != 192 && len != 256)
1749 return -1;
1750 return len;
1751}
1752
1753#endif
1754
1755/* for ipsec part */
1756int
1757eay_null_hashlen()
1758{
1759 return 0;
1760}
1761
1762int
1763eay_kpdk_hashlen()
1764{
1765 return 0;
1766}
1767
1768int
1769eay_twofish_keylen(len)
1770 int len;
1771{
1772 if (len < 0 || len > 256)
1773 return -1;
1774 return len;
1775}
1776
1777int
1778eay_null_keylen(len)
1779 int len;
1780{
1781 return 0;
1782}
1783
1784/*
1785 * HMAC functions
1786 */
1787static caddr_t
1788eay_hmac_init(key, md)
1789 vchar_t *key;
1790 const EVP_MD *md;
1791{
1792 HMAC_CTX *c = racoon_malloc(sizeof(*c));
1793
1794 HMAC_Init(c, key->v, key->l, md);
1795
1796 return (caddr_t)c;
1797}
1798
1799#ifdef WITH_SHA2
1800/*
1801 * HMAC SHA2-512
1802 */
1803vchar_t *
1804eay_hmacsha2_512_one(key, data)
1805 vchar_t *key, *data;
1806{
1807 vchar_t *res;
1808 caddr_t ctx;
1809
1810 ctx = eay_hmacsha2_512_init(key);
1811 eay_hmacsha2_512_update(ctx, data);
1812 res = eay_hmacsha2_512_final(ctx);
1813
1814 return(res);
1815}
1816
1817caddr_t
1818eay_hmacsha2_512_init(key)
1819 vchar_t *key;
1820{
1821 return eay_hmac_init(key, EVP_sha2_512());
1822}
1823
1824void
1825eay_hmacsha2_512_update(c, data)
1826 caddr_t c;
1827 vchar_t *data;
1828{
1829 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
1830}
1831
1832vchar_t *
1833eay_hmacsha2_512_final(c)
1834 caddr_t c;
1835{
1836 vchar_t *res;
1837 unsigned int l;
1838
1839 if ((res = vmalloc(SHA512_DIGEST_LENGTH)) == 0)
1840 return NULL;
1841
1842 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
1843 res->l = l;
1844 HMAC_cleanup((HMAC_CTX *)c);
1845 (void)racoon_free(c);
1846
1847 if (SHA512_DIGEST_LENGTH != res->l) {
1848 plog(LLV_ERROR, LOCATION, NULL,
1849 "hmac sha2_512 length mismatch %zd.\n", res->l);
1850 vfree(res);
1851 return NULL;
1852 }
1853
1854 return(res);
1855}
1856
1857/*
1858 * HMAC SHA2-384
1859 */
1860vchar_t *
1861eay_hmacsha2_384_one(key, data)
1862 vchar_t *key, *data;
1863{
1864 vchar_t *res;
1865 caddr_t ctx;
1866
1867 ctx = eay_hmacsha2_384_init(key);
1868 eay_hmacsha2_384_update(ctx, data);
1869 res = eay_hmacsha2_384_final(ctx);
1870
1871 return(res);
1872}
1873
1874caddr_t
1875eay_hmacsha2_384_init(key)
1876 vchar_t *key;
1877{
1878 return eay_hmac_init(key, EVP_sha2_384());
1879}
1880
1881void
1882eay_hmacsha2_384_update(c, data)
1883 caddr_t c;
1884 vchar_t *data;
1885{
1886 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
1887}
1888
1889vchar_t *
1890eay_hmacsha2_384_final(c)
1891 caddr_t c;
1892{
1893 vchar_t *res;
1894 unsigned int l;
1895
1896 if ((res = vmalloc(SHA384_DIGEST_LENGTH)) == 0)
1897 return NULL;
1898
1899 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
1900 res->l = l;
1901 HMAC_cleanup((HMAC_CTX *)c);
1902 (void)racoon_free(c);
1903
1904 if (SHA384_DIGEST_LENGTH != res->l) {
1905 plog(LLV_ERROR, LOCATION, NULL,
1906 "hmac sha2_384 length mismatch %zd.\n", res->l);
1907 vfree(res);
1908 return NULL;
1909 }
1910
1911 return(res);
1912}
1913
1914/*
1915 * HMAC SHA2-256
1916 */
1917vchar_t *
1918eay_hmacsha2_256_one(key, data)
1919 vchar_t *key, *data;
1920{
1921 vchar_t *res;
1922 caddr_t ctx;
1923
1924 ctx = eay_hmacsha2_256_init(key);
1925 eay_hmacsha2_256_update(ctx, data);
1926 res = eay_hmacsha2_256_final(ctx);
1927
1928 return(res);
1929}
1930
1931caddr_t
1932eay_hmacsha2_256_init(key)
1933 vchar_t *key;
1934{
1935 return eay_hmac_init(key, EVP_sha2_256());
1936}
1937
1938void
1939eay_hmacsha2_256_update(c, data)
1940 caddr_t c;
1941 vchar_t *data;
1942{
1943 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
1944}
1945
1946vchar_t *
1947eay_hmacsha2_256_final(c)
1948 caddr_t c;
1949{
1950 vchar_t *res;
1951 unsigned int l;
1952
1953 if ((res = vmalloc(SHA256_DIGEST_LENGTH)) == 0)
1954 return NULL;
1955
1956 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
1957 res->l = l;
1958 HMAC_cleanup((HMAC_CTX *)c);
1959 (void)racoon_free(c);
1960
1961 if (SHA256_DIGEST_LENGTH != res->l) {
1962 plog(LLV_ERROR, LOCATION, NULL,
1963 "hmac sha2_256 length mismatch %zd.\n", res->l);
1964 vfree(res);
1965 return NULL;
1966 }
1967
1968 return(res);
1969}
1970#endif /* WITH_SHA2 */
1971
1972/*
1973 * HMAC SHA1
1974 */
1975vchar_t *
1976eay_hmacsha1_one(key, data)
1977 vchar_t *key, *data;
1978{
1979 vchar_t *res;
1980 caddr_t ctx;
1981
1982 ctx = eay_hmacsha1_init(key);
1983 eay_hmacsha1_update(ctx, data);
1984 res = eay_hmacsha1_final(ctx);
1985
1986 return(res);
1987}
1988
1989caddr_t
1990eay_hmacsha1_init(key)
1991 vchar_t *key;
1992{
1993 return eay_hmac_init(key, EVP_sha1());
1994}
1995
1996void
1997eay_hmacsha1_update(c, data)
1998 caddr_t c;
1999 vchar_t *data;
2000{
2001 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
2002}
2003
2004vchar_t *
2005eay_hmacsha1_final(c)
2006 caddr_t c;
2007{
2008 vchar_t *res;
2009 unsigned int l;
2010
2011 if ((res = vmalloc(SHA_DIGEST_LENGTH)) == 0)
2012 return NULL;
2013
2014 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
2015 res->l = l;
2016 HMAC_cleanup((HMAC_CTX *)c);
2017 (void)racoon_free(c);
2018
2019 if (SHA_DIGEST_LENGTH != res->l) {
2020 plog(LLV_ERROR, LOCATION, NULL,
2021 "hmac sha1 length mismatch %zd.\n", res->l);
2022 vfree(res);
2023 return NULL;
2024 }
2025
2026 return(res);
2027}
2028
2029/*
2030 * HMAC MD5
2031 */
2032vchar_t *
2033eay_hmacmd5_one(key, data)
2034 vchar_t *key, *data;
2035{
2036 vchar_t *res;
2037 caddr_t ctx;
2038
2039 ctx = eay_hmacmd5_init(key);
2040 eay_hmacmd5_update(ctx, data);
2041 res = eay_hmacmd5_final(ctx);
2042
2043 return(res);
2044}
2045
2046caddr_t
2047eay_hmacmd5_init(key)
2048 vchar_t *key;
2049{
2050 return eay_hmac_init(key, EVP_md5());
2051}
2052
2053void
2054eay_hmacmd5_update(c, data)
2055 caddr_t c;
2056 vchar_t *data;
2057{
2058 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
2059}
2060
2061vchar_t *
2062eay_hmacmd5_final(c)
2063 caddr_t c;
2064{
2065 vchar_t *res;
2066 unsigned int l;
2067
2068 if ((res = vmalloc(MD5_DIGEST_LENGTH)) == 0)
2069 return NULL;
2070
2071 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
2072 res->l = l;
2073 HMAC_cleanup((HMAC_CTX *)c);
2074 (void)racoon_free(c);
2075
2076 if (MD5_DIGEST_LENGTH != res->l) {
2077 plog(LLV_ERROR, LOCATION, NULL,
2078 "hmac md5 length mismatch %zd.\n", res->l);
2079 vfree(res);
2080 return NULL;
2081 }
2082
2083 return(res);
2084}
2085
2086#ifdef WITH_SHA2
2087/*
2088 * SHA2-512 functions
2089 */
2090caddr_t
2091eay_sha2_512_init()
2092{
2093 SHA512_CTX *c = racoon_malloc(sizeof(*c));
2094
2095 SHA512_Init(c);
2096
2097 return((caddr_t)c);
2098}
2099
2100void
2101eay_sha2_512_update(c, data)
2102 caddr_t c;
2103 vchar_t *data;
2104{
2105 SHA512_Update((SHA512_CTX *)c, (unsigned char *) data->v, data->l);
2106
2107 return;
2108}
2109
2110vchar_t *
2111eay_sha2_512_final(c)
2112 caddr_t c;
2113{
2114 vchar_t *res;
2115
2116 if ((res = vmalloc(SHA512_DIGEST_LENGTH)) == 0)
2117 return(0);
2118
2119 SHA512_Final((unsigned char *) res->v, (SHA512_CTX *)c);
2120 (void)racoon_free(c);
2121
2122 return(res);
2123}
2124
2125vchar_t *
2126eay_sha2_512_one(data)
2127 vchar_t *data;
2128{
2129 caddr_t ctx;
2130 vchar_t *res;
2131
2132 ctx = eay_sha2_512_init();
2133 eay_sha2_512_update(ctx, data);
2134 res = eay_sha2_512_final(ctx);
2135
2136 return(res);
2137}
2138
2139int
2140eay_sha2_512_hashlen()
2141{
2142 return SHA512_DIGEST_LENGTH << 3;
2143}
2144#endif
2145
2146#ifdef WITH_SHA2
2147/*
2148 * SHA2-384 functions
2149 */
2150caddr_t
2151eay_sha2_384_init()
2152{
2153 SHA384_CTX *c = racoon_malloc(sizeof(*c));
2154
2155 SHA384_Init(c);
2156
2157 return((caddr_t)c);
2158}
2159
2160void
2161eay_sha2_384_update(c, data)
2162 caddr_t c;
2163 vchar_t *data;
2164{
2165 SHA384_Update((SHA384_CTX *)c, (unsigned char *) data->v, data->l);
2166
2167 return;
2168}
2169
2170vchar_t *
2171eay_sha2_384_final(c)
2172 caddr_t c;
2173{
2174 vchar_t *res;
2175
2176 if ((res = vmalloc(SHA384_DIGEST_LENGTH)) == 0)
2177 return(0);
2178
2179 SHA384_Final((unsigned char *) res->v, (SHA384_CTX *)c);
2180 (void)racoon_free(c);
2181
2182 return(res);
2183}
2184
2185vchar_t *
2186eay_sha2_384_one(data)
2187 vchar_t *data;
2188{
2189 caddr_t ctx;
2190 vchar_t *res;
2191
2192 ctx = eay_sha2_384_init();
2193 eay_sha2_384_update(ctx, data);
2194 res = eay_sha2_384_final(ctx);
2195
2196 return(res);
2197}
2198
2199int
2200eay_sha2_384_hashlen()
2201{
2202 return SHA384_DIGEST_LENGTH << 3;
2203}
2204#endif
2205
2206#ifdef WITH_SHA2
2207/*
2208 * SHA2-256 functions
2209 */
2210caddr_t
2211eay_sha2_256_init()
2212{
2213 SHA256_CTX *c = racoon_malloc(sizeof(*c));
2214
2215 SHA256_Init(c);
2216
2217 return((caddr_t)c);
2218}
2219
2220void
2221eay_sha2_256_update(c, data)
2222 caddr_t c;
2223 vchar_t *data;
2224{
2225 SHA256_Update((SHA256_CTX *)c, (unsigned char *) data->v, data->l);
2226
2227 return;
2228}
2229
2230vchar_t *
2231eay_sha2_256_final(c)
2232 caddr_t c;
2233{
2234 vchar_t *res;
2235
2236 if ((res = vmalloc(SHA256_DIGEST_LENGTH)) == 0)
2237 return(0);
2238
2239 SHA256_Final((unsigned char *) res->v, (SHA256_CTX *)c);
2240 (void)racoon_free(c);
2241
2242 return(res);
2243}
2244
2245vchar_t *
2246eay_sha2_256_one(data)
2247 vchar_t *data;
2248{
2249 caddr_t ctx;
2250 vchar_t *res;
2251
2252 ctx = eay_sha2_256_init();
2253 eay_sha2_256_update(ctx, data);
2254 res = eay_sha2_256_final(ctx);
2255
2256 return(res);
2257}
2258
2259int
2260eay_sha2_256_hashlen()
2261{
2262 return SHA256_DIGEST_LENGTH << 3;
2263}
2264#endif
2265
2266/*
2267 * SHA functions
2268 */
2269caddr_t
2270eay_sha1_init()
2271{
2272 SHA_CTX *c = racoon_malloc(sizeof(*c));
2273
2274 SHA1_Init(c);
2275
2276 return((caddr_t)c);
2277}
2278
2279void
2280eay_sha1_update(c, data)
2281 caddr_t c;
2282 vchar_t *data;
2283{
2284 SHA1_Update((SHA_CTX *)c, data->v, data->l);
2285
2286 return;
2287}
2288
2289vchar_t *
2290eay_sha1_final(c)
2291 caddr_t c;
2292{
2293 vchar_t *res;
2294
2295 if ((res = vmalloc(SHA_DIGEST_LENGTH)) == 0)
2296 return(0);
2297
2298 SHA1_Final((unsigned char *) res->v, (SHA_CTX *)c);
2299 (void)racoon_free(c);
2300
2301 return(res);
2302}
2303
2304vchar_t *
2305eay_sha1_one(data)
2306 vchar_t *data;
2307{
2308 caddr_t ctx;
2309 vchar_t *res;
2310
2311 ctx = eay_sha1_init();
2312 eay_sha1_update(ctx, data);
2313 res = eay_sha1_final(ctx);
2314
2315 return(res);
2316}
2317
2318int
2319eay_sha1_hashlen()
2320{
2321 return SHA_DIGEST_LENGTH << 3;
2322}
2323
2324/*
2325 * MD5 functions
2326 */
2327caddr_t
2328eay_md5_init()
2329{
2330 MD5_CTX *c = racoon_malloc(sizeof(*c));
2331
2332 MD5_Init(c);
2333
2334 return((caddr_t)c);
2335}
2336
2337void
2338eay_md5_update(c, data)
2339 caddr_t c;
2340 vchar_t *data;
2341{
2342 MD5_Update((MD5_CTX *)c, data->v, data->l);
2343
2344 return;
2345}
2346
2347vchar_t *
2348eay_md5_final(c)
2349 caddr_t c;
2350{
2351 vchar_t *res;
2352
2353 if ((res = vmalloc(MD5_DIGEST_LENGTH)) == 0)
2354 return(0);
2355
2356 MD5_Final((unsigned char *) res->v, (MD5_CTX *)c);
2357 (void)racoon_free(c);
2358
2359 return(res);
2360}
2361
2362vchar_t *
2363eay_md5_one(data)
2364 vchar_t *data;
2365{
2366 caddr_t ctx;
2367 vchar_t *res;
2368
2369 ctx = eay_md5_init();
2370 eay_md5_update(ctx, data);
2371 res = eay_md5_final(ctx);
2372
2373 return(res);
2374}
2375
2376int
2377eay_md5_hashlen()
2378{
2379 return MD5_DIGEST_LENGTH << 3;
2380}
2381
2382/*
2383 * eay_set_random
2384 * size: number of bytes.
2385 */
2386vchar_t *
2387eay_set_random(size)
2388 u_int32_t size;
2389{
2390 BIGNUM *r = NULL;
2391 vchar_t *res = 0;
2392
2393 if ((r = BN_new()) == NULL)
2394 goto end;
2395 BN_rand(r, size * 8, 0, 0);
2396 eay_bn2v(&res, r);
2397
2398end:
2399 if (r)
2400 BN_free(r);
2401 return(res);
2402}
2403
2404/* DH */
2405int
2406eay_dh_generate(prime, g, publen, pub, priv)
2407 vchar_t *prime, **pub, **priv;
2408 u_int publen;
2409 u_int32_t g;
2410{
2411 BIGNUM *p = NULL;
2412 DH *dh = NULL;
2413 int error = -1;
2414
2415 /* initialize */
2416 /* pre-process to generate number */
2417 if (eay_v2bn(&p, prime) < 0)
2418 goto end;
2419
2420 if ((dh = DH_new()) == NULL)
2421 goto end;
2422 dh->p = p;
2423 p = NULL; /* p is now part of dh structure */
2424 dh->g = NULL;
2425 if ((dh->g = BN_new()) == NULL)
2426 goto end;
2427 if (!BN_set_word(dh->g, g))
2428 goto end;
2429
2430 if (publen != 0)
2431 dh->length = publen;
2432
2433 /* generate public and private number */
2434 if (!DH_generate_key(dh))
2435 goto end;
2436
2437 /* copy results to buffers */
2438 if (eay_bn2v(pub, dh->pub_key) < 0)
2439 goto end;
2440 if (eay_bn2v(priv, dh->priv_key) < 0) {
2441 vfree(*pub);
2442 goto end;
2443 }
2444
2445 error = 0;
2446
2447end:
2448 if (dh != NULL)
2449 DH_free(dh);
2450 if (p != 0)
2451 BN_free(p);
2452 return(error);
2453}
2454
2455int
2456eay_dh_compute(prime, g, pub, priv, pub2, key)
2457 vchar_t *prime, *pub, *priv, *pub2, **key;
2458 u_int32_t g;
2459{
2460 BIGNUM *dh_pub = NULL;
2461 DH *dh = NULL;
2462 int l;
2463 unsigned char *v = NULL;
2464 int error = -1;
2465
2466 /* make public number to compute */
2467 if (eay_v2bn(&dh_pub, pub2) < 0)
2468 goto end;
2469
2470 /* make DH structure */
2471 if ((dh = DH_new()) == NULL)
2472 goto end;
2473 if (eay_v2bn(&dh->p, prime) < 0)
2474 goto end;
2475 if (eay_v2bn(&dh->pub_key, pub) < 0)
2476 goto end;
2477 if (eay_v2bn(&dh->priv_key, priv) < 0)
2478 goto end;
2479 dh->length = pub2->l * 8;
2480
2481 dh->g = NULL;
2482 if ((dh->g = BN_new()) == NULL)
2483 goto end;
2484 if (!BN_set_word(dh->g, g))
2485 goto end;
2486
2487 if ((v = racoon_calloc(prime->l, sizeof(u_char))) == NULL)
2488 goto end;
2489 if ((l = DH_compute_key(v, dh_pub, dh)) == -1)
2490 goto end;
2491 memcpy((*key)->v + (prime->l - l), v, l);
2492
2493 error = 0;
2494
2495end:
2496 if (dh_pub != NULL)
2497 BN_free(dh_pub);
2498 if (dh != NULL)
2499 DH_free(dh);
2500 if (v != NULL)
2501 racoon_free(v);
2502 return(error);
2503}
2504
2505/*
2506 * convert vchar_t <-> BIGNUM.
2507 *
2508 * vchar_t: unit is u_char, network endian, most significant byte first.
2509 * BIGNUM: unit is BN_ULONG, each of BN_ULONG is in host endian,
2510 * least significant BN_ULONG must come first.
2511 *
2512 * hex value of "0x3ffe050104" is represented as follows:
2513 * vchar_t: 3f fe 05 01 04
2514 * BIGNUM (BN_ULONG = u_int8_t): 04 01 05 fe 3f
2515 * BIGNUM (BN_ULONG = u_int16_t): 0x0104 0xfe05 0x003f
2516 * BIGNUM (BN_ULONG = u_int32_t_t): 0xfe050104 0x0000003f
2517 */
2518int
2519eay_v2bn(bn, var)
2520 BIGNUM **bn;
2521 vchar_t *var;
2522{
2523 if ((*bn = BN_bin2bn((unsigned char *) var->v, var->l, NULL)) == NULL)
2524 return -1;
2525
2526 return 0;
2527}
2528
2529int
2530eay_bn2v(var, bn)
2531 vchar_t **var;
2532 BIGNUM *bn;
2533{
2534 *var = vmalloc(bn->top * BN_BYTES);
2535 if (*var == NULL)
2536 return(-1);
2537
2538 (*var)->l = BN_bn2bin(bn, (unsigned char *) (*var)->v);
2539
2540 return 0;
2541}
2542
2543void
2544eay_init()
2545{
2546 OpenSSL_add_all_algorithms();
2547 ERR_load_crypto_strings();
2548#ifdef HAVE_OPENSSL_ENGINE_H
2549 ENGINE_load_builtin_engines();
2550 ENGINE_register_all_complete();
2551#endif
2552}
2553
2554vchar_t *
2555base64_decode(char *in, long inlen)
2556{
2557 BIO *bio=NULL, *b64=NULL;
2558 vchar_t *res = NULL;
2559 char *outb;
2560 long outlen;
2561
2562 outb = malloc(inlen * 2);
2563 if (outb == NULL)
2564 goto out;
2565 bio = BIO_new_mem_buf(in, inlen);
2566 b64 = BIO_new(BIO_f_base64());
2567 BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
2568 bio = BIO_push(b64, bio);
2569
2570 outlen = BIO_read(bio, outb, inlen * 2);
2571 if (outlen <= 0) {
2572 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
2573 goto out;
2574 }
2575
2576 res = vmalloc(outlen);
2577 if (!res)
2578 goto out;
2579
2580 memcpy(res->v, outb, outlen);
2581
2582out:
2583 if (outb)
2584 free(outb);
2585 if (bio)
2586 BIO_free_all(bio);
2587
2588 return res;
2589}
2590
2591vchar_t *
2592base64_encode(char *in, long inlen)
2593{
2594 BIO *bio=NULL, *b64=NULL;
2595 char *ptr;
2596 long plen = -1;
2597 vchar_t *res = NULL;
2598
2599 bio = BIO_new(BIO_s_mem());
2600 b64 = BIO_new(BIO_f_base64());
2601 BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
2602 bio = BIO_push(b64, bio);
2603
2604 BIO_write(bio, in, inlen);
2605 BIO_flush(bio);
2606
2607 plen = BIO_get_mem_data(bio, &ptr);
2608 res = vmalloc(plen+1);
2609 if (!res)
2610 goto out;
2611
2612 memcpy (res->v, ptr, plen);
2613 res->v[plen] = '\0';
2614
2615out:
2616 if (bio)
2617 BIO_free_all(bio);
2618
2619 return res;
2620}
2621
2622static RSA *
2623binbuf_pubkey2rsa(vchar_t *binbuf)
2624{
2625 BIGNUM *exp, *mod;
2626 RSA *rsa_pub = NULL;
2627
2628 if (binbuf->v[0] > binbuf->l - 1) {
2629 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: decoded string doesn't make sense.\n");
2630 goto out;
2631 }
2632
2633 exp = BN_bin2bn((unsigned char *) (binbuf->v + 1), binbuf->v[0], NULL);
2634 mod = BN_bin2bn((unsigned char *) (binbuf->v + binbuf->v[0] + 1),
2635 binbuf->l - binbuf->v[0] - 1, NULL);
2636 rsa_pub = RSA_new();
2637
2638 if (!exp || !mod || !rsa_pub) {
2639 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey parsing error: %s\n", eay_strerror());
2640 if (exp)
2641 BN_free(exp);
2642 if (mod)
2643 BN_free(exp);
2644 if (rsa_pub)
2645 RSA_free(rsa_pub);
2646 rsa_pub = NULL;
2647 goto out;
2648 }
2649
2650 rsa_pub->n = mod;
2651 rsa_pub->e = exp;
2652
2653out:
2654 return rsa_pub;
2655}
2656
2657RSA *
2658base64_pubkey2rsa(char *in)
2659{
2660 BIGNUM *exp, *mod;
2661 RSA *rsa_pub = NULL;
2662 vchar_t *binbuf;
2663
2664 if (strncmp(in, "0s", 2) != 0) {
2665 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: doesn't start with '0s'\n");
2666 return NULL;
2667 }
2668
2669 binbuf = base64_decode(in + 2, strlen(in + 2));
2670 if (!binbuf) {
2671 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: Base64 decoding failed.\n");
2672 return NULL;
2673 }
2674
2675 if (binbuf->v[0] > binbuf->l - 1) {
2676 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: decoded string doesn't make sense.\n");
2677 goto out;
2678 }
2679
2680 rsa_pub = binbuf_pubkey2rsa(binbuf);
2681
2682out:
2683 if (binbuf)
2684 vfree(binbuf);
2685
2686 return rsa_pub;
2687}
2688
2689RSA *
2690bignum_pubkey2rsa(BIGNUM *in)
2691{
2692 RSA *rsa_pub = NULL;
2693 vchar_t *binbuf;
2694
2695 binbuf = vmalloc(BN_num_bytes(in));
2696 if (!binbuf) {
2697 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey conversion: memory allocation failed..\n");
2698 return NULL;
2699 }
2700
2701 BN_bn2bin(in, (unsigned char *) binbuf->v);
2702
2703 rsa_pub = binbuf_pubkey2rsa(binbuf);
2704
2705out:
2706 if (binbuf)
2707 vfree(binbuf);
2708
2709 return rsa_pub;
2710}
2711
2712u_int32_t
2713eay_random()
2714{
2715 u_int32_t result;
2716 vchar_t *vrand;
2717
2718 vrand = eay_set_random(sizeof(result));
2719 memcpy(&result, vrand->v, sizeof(result));
2720 vfree(vrand);
2721
2722 return result;
2723}
2724
2725const char *
2726eay_version()
2727{
2728 return SSLeay_version(SSLEAY_VERSION);
2729}