1 /* $NetBSD: crypto_openssl.c,v 1.11.6.6 2009/04/29 10:50:25 tteras Exp $ */ 2 3 /* Id: crypto_openssl.c,v 1.47 2006/05/06 20:42:09 manubsd Exp */ 4 5 /* 6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. Neither the name of the project nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34 #include "config.h" 35 36 #include <sys/types.h> 37 #include <sys/param.h> 38 39 #include <stdlib.h> 40 #include <stdio.h> 41 #include <limits.h> 42 #include <string.h> 43 44 /* get openssl/ssleay version number */ 45 #include <openssl/opensslv.h> 46 47 #if !defined(OPENSSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x0090602fL) 48 #error OpenSSL version 0.9.6 or later required. 49 #endif 50 51 #include <openssl/pem.h> 52 #include <openssl/evp.h> 53 #include <openssl/x509.h> 54 #include <openssl/x509v3.h> 55 #include <openssl/x509_vfy.h> 56 #include <openssl/bn.h> 57 #include <openssl/dh.h> 58 #include <openssl/md5.h> 59 #include <openssl/sha.h> 60 #include <openssl/hmac.h> 61 #include <openssl/des.h> 62 #include <openssl/crypto.h> 63 #ifdef HAVE_OPENSSL_ENGINE_H 64 #include <openssl/engine.h> 65 #endif 66 #ifndef ANDROID_CHANGES 67 #include <openssl/blowfish.h> 68 #include <openssl/cast.h> 69 #else 70 #define EVP_bf_cbc() NULL 71 #define EVP_cast5_cbc() NULL 72 #include "keystore_get.h" 73 #endif 74 #include <openssl/err.h> 75 #ifdef HAVE_OPENSSL_RC5_H 76 #include <openssl/rc5.h> 77 #endif 78 #ifdef HAVE_OPENSSL_IDEA_H 79 #include <openssl/idea.h> 80 #endif 81 #if defined(HAVE_OPENSSL_AES_H) 82 #include <openssl/aes.h> 83 #elif defined(HAVE_OPENSSL_RIJNDAEL_H) 84 #include <openssl/rijndael.h> 85 #else 86 #include "crypto/rijndael/rijndael-api-fst.h" 87 #endif 88 #if defined(HAVE_OPENSSL_CAMELLIA_H) 89 #include <openssl/camellia.h> 90 #endif 91 #ifdef WITH_SHA2 92 #ifdef HAVE_OPENSSL_SHA2_H 93 #include <openssl/sha2.h> 94 #else 95 #include "crypto/sha2/sha2.h" 96 #endif 97 #endif 98 #include "plog.h" 99 100 /* 0.9.7 stuff? */ 101 #if OPENSSL_VERSION_NUMBER < 0x0090700fL 102 typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES; 103 #else 104 #define USE_NEW_DES_API 105 #endif 106 107 #define OpenSSL_BUG() do { plog(LLV_ERROR, LOCATION, NULL, "OpenSSL function failed\n"); } while(0) 108 109 #include "var.h" 110 #include "misc.h" 111 #include "vmbuf.h" 112 #include "plog.h" 113 #include "crypto_openssl.h" 114 #include "debug.h" 115 #include "gcmalloc.h" 116 117 /* 118 * I hate to cast every parameter to des_xx into void *, but it is 119 * necessary for SSLeay/OpenSSL portability. It sucks. 120 */ 121 122 static int cb_check_cert_local __P((int, X509_STORE_CTX *)); 123 static int cb_check_cert_remote __P((int, X509_STORE_CTX *)); 124 static X509 *mem2x509 __P((vchar_t *)); 125 126 static caddr_t eay_hmac_init __P((vchar_t *, const EVP_MD *)); 127 128 /* X509 Certificate */ 129 /* 130 * convert the string of the subject name into DER 131 * e.g. str = "C=JP, ST=Kanagawa"; 132 */ 133 vchar_t * 134 eay_str2asn1dn(str, len) 135 const char *str; 136 int len; 137 { 138 X509_NAME *name; 139 char *buf; 140 char *field, *value; 141 int i, j; 142 vchar_t *ret = NULL; 143 caddr_t p; 144 145 if (len == -1) 146 len = strlen(str); 147 148 buf = racoon_malloc(len + 1); 149 if (!buf) { 150 plog(LLV_WARNING, LOCATION, NULL,"failed to allocate buffer\n"); 151 return NULL; 152 } 153 memcpy(buf, str, len); 154 155 name = X509_NAME_new(); 156 157 field = &buf[0]; 158 value = NULL; 159 for (i = 0; i < len; i++) { 160 if (!value && buf[i] == '=') { 161 buf[i] = '\0'; 162 value = &buf[i + 1]; 163 continue; 164 } else if (buf[i] == ',' || buf[i] == '/') { 165 buf[i] = '\0'; 166 167 plog(LLV_DEBUG, LOCATION, NULL, "DN: %s=%s\n", 168 field, value); 169 170 if (!value) goto err; 171 if (!X509_NAME_add_entry_by_txt(name, field, 172 (value[0] == '*' && value[1] == 0) ? 173 V_ASN1_PRINTABLESTRING : MBSTRING_ASC, 174 (unsigned char *) value, -1, -1, 0)) { 175 plog(LLV_ERROR, LOCATION, NULL, 176 "Invalid DN field: %s=%s\n", 177 field, value); 178 plog(LLV_ERROR, LOCATION, NULL, 179 "%s\n", eay_strerror()); 180 goto err; 181 } 182 for (j = i + 1; j < len; j++) { 183 if (buf[j] != ' ') 184 break; 185 } 186 field = &buf[j]; 187 value = NULL; 188 continue; 189 } 190 } 191 buf[len] = '\0'; 192 193 plog(LLV_DEBUG, LOCATION, NULL, "DN: %s=%s\n", 194 field, value); 195 196 if (!value) goto err; 197 if (!X509_NAME_add_entry_by_txt(name, field, 198 (value[0] == '*' && value[1] == 0) ? 199 V_ASN1_PRINTABLESTRING : MBSTRING_ASC, 200 (unsigned char *) value, -1, -1, 0)) { 201 plog(LLV_ERROR, LOCATION, NULL, 202 "Invalid DN field: %s=%s\n", 203 field, value); 204 plog(LLV_ERROR, LOCATION, NULL, 205 "%s\n", eay_strerror()); 206 goto err; 207 } 208 209 i = i2d_X509_NAME(name, NULL); 210 if (!i) 211 goto err; 212 ret = vmalloc(i); 213 if (!ret) 214 goto err; 215 p = ret->v; 216 i = i2d_X509_NAME(name, (void *)&p); 217 if (!i) 218 goto err; 219 220 return ret; 221 222 err: 223 if (buf) 224 racoon_free(buf); 225 if (name) 226 X509_NAME_free(name); 227 if (ret) 228 vfree(ret); 229 return NULL; 230 } 231 232 /* 233 * convert the hex string of the subject name into DER 234 */ 235 vchar_t * 236 eay_hex2asn1dn(const char *hex, int len) 237 { 238 BIGNUM *bn = BN_new(); 239 char *binbuf; 240 size_t binlen; 241 vchar_t *ret = NULL; 242 243 if (len == -1) 244 len = strlen(hex); 245 246 if (BN_hex2bn(&bn, hex) != len) { 247 plog(LLV_ERROR, LOCATION, NULL, 248 "conversion of Hex-encoded ASN1 string to binary failed: %s\n", 249 eay_strerror()); 250 goto out; 251 } 252 253 binlen = BN_num_bytes(bn); 254 ret = vmalloc(binlen); 255 if (!ret) { 256 plog(LLV_WARNING, LOCATION, NULL,"failed to allocate buffer\n"); 257 return NULL; 258 } 259 binbuf = ret->v; 260 261 BN_bn2bin(bn, (unsigned char *) binbuf); 262 263 out: 264 BN_free(bn); 265 266 return ret; 267 } 268 269 /* 270 * The following are derived from code in crypto/x509/x509_cmp.c 271 * in OpenSSL0.9.7c: 272 * X509_NAME_wildcmp() adds wildcard matching to the original 273 * X509_NAME_cmp(), nocase_cmp() and nocase_spacenorm_cmp() are as is. 274 */ 275 #include <ctype.h> 276 /* Case insensitive string comparision */ 277 static int nocase_cmp(const ASN1_STRING *a, const ASN1_STRING *b) 278 { 279 int i; 280 281 if (a->length != b->length) 282 return (a->length - b->length); 283 284 for (i=0; i<a->length; i++) 285 { 286 int ca, cb; 287 288 ca = tolower(a->data[i]); 289 cb = tolower(b->data[i]); 290 291 if (ca != cb) 292 return(ca-cb); 293 } 294 return 0; 295 } 296 297 /* Case insensitive string comparision with space normalization 298 * Space normalization - ignore leading, trailing spaces, 299 * multiple spaces between characters are replaced by single space 300 */ 301 static int nocase_spacenorm_cmp(const ASN1_STRING *a, const ASN1_STRING *b) 302 { 303 unsigned char *pa = NULL, *pb = NULL; 304 int la, lb; 305 306 la = a->length; 307 lb = b->length; 308 pa = a->data; 309 pb = b->data; 310 311 /* skip leading spaces */ 312 while (la > 0 && isspace(*pa)) 313 { 314 la--; 315 pa++; 316 } 317 while (lb > 0 && isspace(*pb)) 318 { 319 lb--; 320 pb++; 321 } 322 323 /* skip trailing spaces */ 324 while (la > 0 && isspace(pa[la-1])) 325 la--; 326 while (lb > 0 && isspace(pb[lb-1])) 327 lb--; 328 329 /* compare strings with space normalization */ 330 while (la > 0 && lb > 0) 331 { 332 int ca, cb; 333 334 /* compare character */ 335 ca = tolower(*pa); 336 cb = tolower(*pb); 337 if (ca != cb) 338 return (ca - cb); 339 340 pa++; pb++; 341 la--; lb--; 342 343 if (la <= 0 || lb <= 0) 344 break; 345 346 /* is white space next character ? */ 347 if (isspace(*pa) && isspace(*pb)) 348 { 349 /* skip remaining white spaces */ 350 while (la > 0 && isspace(*pa)) 351 { 352 la--; 353 pa++; 354 } 355 while (lb > 0 && isspace(*pb)) 356 { 357 lb--; 358 pb++; 359 } 360 } 361 } 362 if (la > 0 || lb > 0) 363 return la - lb; 364 365 return 0; 366 } 367 368 static int X509_NAME_wildcmp(const X509_NAME *a, const X509_NAME *b) 369 { 370 int i,j; 371 X509_NAME_ENTRY *na,*nb; 372 373 if (sk_X509_NAME_ENTRY_num(a->entries) 374 != sk_X509_NAME_ENTRY_num(b->entries)) 375 return sk_X509_NAME_ENTRY_num(a->entries) 376 -sk_X509_NAME_ENTRY_num(b->entries); 377 for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--) 378 { 379 na=sk_X509_NAME_ENTRY_value(a->entries,i); 380 nb=sk_X509_NAME_ENTRY_value(b->entries,i); 381 j=OBJ_cmp(na->object,nb->object); 382 if (j) return(j); 383 if ((na->value->length == 1 && na->value->data[0] == '*') 384 || (nb->value->length == 1 && nb->value->data[0] == '*')) 385 continue; 386 j=na->value->type-nb->value->type; 387 if (j) return(j); 388 if (na->value->type == V_ASN1_PRINTABLESTRING) 389 j=nocase_spacenorm_cmp(na->value, nb->value); 390 else if (na->value->type == V_ASN1_IA5STRING 391 && OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress) 392 j=nocase_cmp(na->value, nb->value); 393 else 394 { 395 j=na->value->length-nb->value->length; 396 if (j) return(j); 397 j=memcmp(na->value->data,nb->value->data, 398 na->value->length); 399 } 400 if (j) return(j); 401 j=na->set-nb->set; 402 if (j) return(j); 403 } 404 405 return(0); 406 } 407 408 /* 409 * compare two subjectNames. 410 * OUT: 0: equal 411 * positive: 412 * -1: other error. 413 */ 414 int 415 eay_cmp_asn1dn(n1, n2) 416 vchar_t *n1, *n2; 417 { 418 X509_NAME *a = NULL, *b = NULL; 419 caddr_t p; 420 int i = -1; 421 422 p = n1->v; 423 if (!d2i_X509_NAME(&a, (void *)&p, n1->l)) 424 goto end; 425 p = n2->v; 426 if (!d2i_X509_NAME(&b, (void *)&p, n2->l)) 427 goto end; 428 429 i = X509_NAME_wildcmp(a, b); 430 431 end: 432 if (a) 433 X509_NAME_free(a); 434 if (b) 435 X509_NAME_free(b); 436 return i; 437 } 438 439 #ifdef ANDROID_CHANGES 440 static BIO *BIO_from_keystore(char *key) 441 { 442 BIO *bio = NULL; 443 char value[KEYSTORE_MESSAGE_SIZE]; 444 int length = keystore_get(key, strlen(key), value); 445 if (length != -1 && (bio = BIO_new(BIO_s_mem())) != NULL) { 446 BIO_write(bio, value, length); 447 } 448 return bio; 449 } 450 #endif 451 452 453 /* 454 * this functions is derived from apps/verify.c in OpenSSL0.9.5 455 */ 456 int 457 eay_check_x509cert(cert, CApath, CAfile, local) 458 vchar_t *cert; 459 char *CApath; 460 char *CAfile; 461 int local; 462 { 463 X509_STORE *cert_ctx = NULL; 464 X509_LOOKUP *lookup = NULL; 465 X509 *x509 = NULL; 466 X509_STORE_CTX *csc; 467 int error = -1; 468 469 cert_ctx = X509_STORE_new(); 470 if (cert_ctx == NULL) 471 goto end; 472 473 if (local) 474 X509_STORE_set_verify_cb_func(cert_ctx, cb_check_cert_local); 475 else 476 X509_STORE_set_verify_cb_func(cert_ctx, cb_check_cert_remote); 477 478 #ifndef ANDROID_CHANGES 479 lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file()); 480 if (lookup == NULL) 481 goto end; 482 483 X509_LOOKUP_load_file(lookup, CAfile, 484 (CAfile == NULL) ? X509_FILETYPE_DEFAULT : X509_FILETYPE_PEM); 485 486 lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_hash_dir()); 487 if (lookup == NULL) 488 goto end; 489 error = X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM); 490 if(!error) { 491 error = -1; 492 goto end; 493 } 494 error = -1; /* initialized */ 495 #else 496 if (CAfile) { 497 BIO *bio = BIO_from_keystore(CAfile); 498 STACK_OF(X509_INFO) *stack; 499 X509_INFO *info; 500 int i; 501 502 if (!bio) { 503 goto end; 504 } 505 stack = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL); 506 BIO_free(bio); 507 if (!stack) { 508 goto end; 509 } 510 for (i = 0; i < sk_X509_INFO_num(stack); ++i) { 511 info = sk_X509_INFO_value(stack, i); 512 if (info->x509) { 513 X509_STORE_add_cert(cert_ctx, info->x509); 514 } 515 if (info->crl) { 516 X509_STORE_add_crl(cert_ctx, info->crl); 517 } 518 } 519 sk_X509_INFO_pop_free(stack, X509_INFO_free); 520 } 521 #endif 522 523 /* read the certificate to be verified */ 524 x509 = mem2x509(cert); 525 if (x509 == NULL) 526 goto end; 527 528 csc = X509_STORE_CTX_new(); 529 if (csc == NULL) 530 goto end; 531 X509_STORE_CTX_init(csc, cert_ctx, x509, NULL); 532 #if OPENSSL_VERSION_NUMBER >= 0x00907000L 533 X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CRL_CHECK); 534 X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CRL_CHECK_ALL); 535 #endif 536 error = X509_verify_cert(csc); 537 X509_STORE_CTX_free(csc); 538 539 /* 540 * if x509_verify_cert() is successful then the value of error is 541 * set non-zero. 542 */ 543 error = error ? 0 : -1; 544 545 end: 546 if (error) 547 plog(LLV_WARNING, LOCATION, NULL,"%s\n", eay_strerror()); 548 if (cert_ctx != NULL) 549 X509_STORE_free(cert_ctx); 550 if (x509 != NULL) 551 X509_free(x509); 552 553 return(error); 554 } 555 556 /* 557 * callback function for verifing certificate. 558 * this function is derived from cb() in openssl/apps/s_server.c 559 */ 560 static int 561 cb_check_cert_local(ok, ctx) 562 int ok; 563 X509_STORE_CTX *ctx; 564 { 565 char buf[256]; 566 int log_tag; 567 568 if (!ok) { 569 X509_NAME_oneline( 570 X509_get_subject_name(ctx->current_cert), 571 buf, 572 256); 573 /* 574 * since we are just checking the certificates, it is 575 * ok if they are self signed. But we should still warn 576 * the user. 577 */ 578 switch (ctx->error) { 579 case X509_V_ERR_CERT_HAS_EXPIRED: 580 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: 581 case X509_V_ERR_INVALID_CA: 582 case X509_V_ERR_PATH_LENGTH_EXCEEDED: 583 case X509_V_ERR_INVALID_PURPOSE: 584 case X509_V_ERR_UNABLE_TO_GET_CRL: 585 ok = 1; 586 log_tag = LLV_WARNING; 587 break; 588 default: 589 log_tag = LLV_ERROR; 590 } 591 plog(log_tag, LOCATION, NULL, 592 "%s(%d) at depth:%d SubjectName:%s\n", 593 X509_verify_cert_error_string(ctx->error), 594 ctx->error, 595 ctx->error_depth, 596 buf); 597 } 598 ERR_clear_error(); 599 600 return ok; 601 } 602 603 /* 604 * callback function for verifing remote certificates. 605 * this function is derived from cb() in openssl/apps/s_server.c 606 */ 607 static int 608 cb_check_cert_remote(ok, ctx) 609 int ok; 610 X509_STORE_CTX *ctx; 611 { 612 char buf[256]; 613 int log_tag; 614 615 if (!ok) { 616 X509_NAME_oneline( 617 X509_get_subject_name(ctx->current_cert), 618 buf, 619 256); 620 switch (ctx->error) { 621 case X509_V_ERR_UNABLE_TO_GET_CRL: 622 ok = 1; 623 log_tag = LLV_WARNING; 624 break; 625 default: 626 log_tag = LLV_ERROR; 627 } 628 plog(log_tag, LOCATION, NULL, 629 "%s(%d) at depth:%d SubjectName:%s\n", 630 X509_verify_cert_error_string(ctx->error), 631 ctx->error, 632 ctx->error_depth, 633 buf); 634 } 635 ERR_clear_error(); 636 637 return ok; 638 } 639 640 /* 641 * get a subjectAltName from X509 certificate. 642 */ 643 vchar_t * 644 eay_get_x509asn1subjectname(cert) 645 vchar_t *cert; 646 { 647 X509 *x509 = NULL; 648 u_char *bp; 649 vchar_t *name = NULL; 650 int len; 651 652 bp = (unsigned char *) cert->v; 653 654 x509 = mem2x509(cert); 655 if (x509 == NULL) 656 goto error; 657 658 /* get the length of the name */ 659 len = i2d_X509_NAME(x509->cert_info->subject, NULL); 660 name = vmalloc(len); 661 if (!name) 662 goto error; 663 /* get the name */ 664 bp = (unsigned char *) name->v; 665 len = i2d_X509_NAME(x509->cert_info->subject, &bp); 666 667 X509_free(x509); 668 669 return name; 670 671 error: 672 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror()); 673 674 if (name != NULL) 675 vfree(name); 676 677 if (x509 != NULL) 678 X509_free(x509); 679 680 return NULL; 681 } 682 683 /* 684 * get the subjectAltName from X509 certificate. 685 * the name must be terminated by '\0'. 686 */ 687 int 688 eay_get_x509subjectaltname(cert, altname, type, pos) 689 vchar_t *cert; 690 char **altname; 691 int *type; 692 int pos; 693 { 694 X509 *x509 = NULL; 695 GENERAL_NAMES *gens = NULL; 696 GENERAL_NAME *gen; 697 int len; 698 int error = -1; 699 700 *altname = NULL; 701 *type = GENT_OTHERNAME; 702 703 x509 = mem2x509(cert); 704 if (x509 == NULL) 705 goto end; 706 707 gens = X509_get_ext_d2i(x509, NID_subject_alt_name, NULL, NULL); 708 if (gens == NULL) 709 goto end; 710 711 /* there is no data at "pos" */ 712 if (pos > sk_GENERAL_NAME_num(gens)) 713 goto end; 714 715 gen = sk_GENERAL_NAME_value(gens, pos - 1); 716 717 /* read DNSName / Email */ 718 if (gen->type == GEN_DNS || 719 gen->type == GEN_EMAIL || 720 gen->type == GEN_URI ) 721 { 722 /* make sure if the data is terminated by '\0'. */ 723 if (gen->d.ia5->data[gen->d.ia5->length] != '\0') 724 { 725 plog(LLV_ERROR, LOCATION, NULL, 726 "data is not terminated by NUL."); 727 racoon_hexdump(gen->d.ia5->data, gen->d.ia5->length + 1); 728 goto end; 729 } 730 731 len = gen->d.ia5->length + 1; 732 *altname = racoon_malloc(len); 733 if (!*altname) 734 goto end; 735 736 strlcpy(*altname, (char *) gen->d.ia5->data, len); 737 *type = gen->type; 738 error = 0; 739 } 740 /* read IP address */ 741 else if (gen->type == GEN_IPADD) 742 { 743 unsigned char p[5], *ip; 744 ip = p; 745 746 /* only support IPv4 */ 747 if (gen->d.ip->length != 4) 748 goto end; 749 750 /* convert Octet String to String 751 * XXX ??????? 752 */ 753 /*i2d_ASN1_OCTET_STRING(gen->d.ip,&ip);*/ 754 ip = gen->d.ip->data; 755 756 /* XXX Magic, enough for an IPv4 address 757 */ 758 *altname = racoon_malloc(20); 759 if (!*altname) 760 goto end; 761 762 sprintf(*altname, "%u.%u.%u.%u", ip[0], ip[1], ip[2], ip[3]); 763 *type = gen->type; 764 error = 0; 765 } 766 /* XXX other possible types ? 767 * For now, error will be -1 if unsupported type 768 */ 769 770 end: 771 if (error) { 772 if (*altname) { 773 racoon_free(*altname); 774 *altname = NULL; 775 } 776 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror()); 777 } 778 if (x509) 779 X509_free(x509); 780 if (gens) 781 /* free the whole stack. */ 782 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); 783 784 return error; 785 } 786 787 788 /* 789 * decode a X509 certificate and make a readable text terminated '\n'. 790 * return the buffer allocated, so must free it later. 791 */ 792 char * 793 eay_get_x509text(cert) 794 vchar_t *cert; 795 { 796 X509 *x509 = NULL; 797 BIO *bio = NULL; 798 char *text = NULL; 799 u_char *bp = NULL; 800 int len = 0; 801 int error = -1; 802 803 x509 = mem2x509(cert); 804 if (x509 == NULL) 805 goto end; 806 807 bio = BIO_new(BIO_s_mem()); 808 if (bio == NULL) 809 goto end; 810 811 error = X509_print(bio, x509); 812 if (error != 1) { 813 error = -1; 814 goto end; 815 } 816 817 len = BIO_get_mem_data(bio, &bp); 818 text = racoon_malloc(len + 1); 819 if (text == NULL) 820 goto end; 821 memcpy(text, bp, len); 822 text[len] = '\0'; 823 824 error = 0; 825 826 end: 827 if (error) { 828 if (text) { 829 racoon_free(text); 830 text = NULL; 831 } 832 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror()); 833 } 834 if (bio) 835 BIO_free(bio); 836 if (x509) 837 X509_free(x509); 838 839 return text; 840 } 841 842 /* get X509 structure from buffer. */ 843 static X509 * 844 mem2x509(cert) 845 vchar_t *cert; 846 { 847 X509 *x509; 848 849 #ifndef EAYDEBUG 850 { 851 u_char *bp; 852 853 bp = (unsigned char *) cert->v; 854 855 x509 = d2i_X509(NULL, (void *)&bp, cert->l); 856 } 857 #else 858 { 859 BIO *bio; 860 int len; 861 862 bio = BIO_new(BIO_s_mem()); 863 if (bio == NULL) 864 return NULL; 865 len = BIO_write(bio, cert->v, cert->l); 866 if (len == -1) 867 return NULL; 868 x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL); 869 BIO_free(bio); 870 } 871 #endif 872 return x509; 873 } 874 875 /* 876 * get a X509 certificate from local file. 877 * a certificate must be PEM format. 878 * Input: 879 * path to a certificate. 880 * Output: 881 * NULL if error occured 882 * other is the cert. 883 */ 884 vchar_t * 885 eay_get_x509cert(path) 886 char *path; 887 { 888 FILE *fp; 889 X509 *x509; 890 vchar_t *cert; 891 u_char *bp; 892 int len; 893 int error; 894 895 #ifdef ANDROID_CHANGES 896 BIO *bio = BIO_from_keystore(path); 897 x509 = NULL; 898 if (bio) { 899 x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL); 900 BIO_free(bio); 901 } 902 #else 903 /* Read private key */ 904 fp = fopen(path, "r"); 905 if (fp == NULL) 906 return NULL; 907 x509 = PEM_read_X509(fp, NULL, NULL, NULL); 908 fclose (fp); 909 #endif 910 911 if (x509 == NULL) 912 return NULL; 913 914 len = i2d_X509(x509, NULL); 915 cert = vmalloc(len); 916 if (cert == NULL) { 917 X509_free(x509); 918 return NULL; 919 } 920 bp = (unsigned char *) cert->v; 921 error = i2d_X509(x509, &bp); 922 X509_free(x509); 923 924 if (error == 0) { 925 vfree(cert); 926 return NULL; 927 } 928 929 return cert; 930 } 931 932 /* 933 * check a X509 signature 934 * XXX: to be get hash type from my cert ? 935 * to be handled EVP_dss(). 936 * OUT: return -1 when error. 937 * 0 938 */ 939 int 940 eay_check_x509sign(source, sig, cert) 941 vchar_t *source; 942 vchar_t *sig; 943 vchar_t *cert; 944 { 945 X509 *x509; 946 u_char *bp; 947 EVP_PKEY *evp; 948 int res; 949 950 bp = (unsigned char *) cert->v; 951 952 x509 = d2i_X509(NULL, (void *)&bp, cert->l); 953 if (x509 == NULL) { 954 plog(LLV_ERROR, LOCATION, NULL, "d2i_X509(): %s\n", eay_strerror()); 955 return -1; 956 } 957 958 evp = X509_get_pubkey(x509); 959 if (! evp) { 960 plog(LLV_ERROR, LOCATION, NULL, "X509_get_pubkey(): %s\n", eay_strerror()); 961 X509_free(x509); 962 return -1; 963 } 964 965 res = eay_rsa_verify(source, sig, evp->pkey.rsa); 966 967 EVP_PKEY_free(evp); 968 X509_free(x509); 969 970 return res; 971 } 972 973 /* 974 * check RSA signature 975 * OUT: return -1 when error. 976 * 0 on success 977 */ 978 int 979 eay_check_rsasign(source, sig, rsa) 980 vchar_t *source; 981 vchar_t *sig; 982 RSA *rsa; 983 { 984 return eay_rsa_verify(source, sig, rsa); 985 } 986 987 /* 988 * get PKCS#1 Private Key of PEM format from local file. 989 */ 990 vchar_t * 991 eay_get_pkcs1privkey(path) 992 char *path; 993 { 994 FILE *fp; 995 EVP_PKEY *evp = NULL; 996 vchar_t *pkey = NULL; 997 u_char *bp; 998 int pkeylen; 999 int error = -1; 1000 1001 #ifdef ANDROID_CHANGES 1002 BIO *bio = BIO_from_keystore(path); 1003 if (bio) { 1004 evp = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL); 1005 BIO_free(bio); 1006 } 1007 #else 1008 /* Read private key */ 1009 fp = fopen(path, "r"); 1010 if (fp == NULL) 1011 return NULL; 1012 1013 evp = PEM_read_PrivateKey(fp, NULL, NULL, NULL); 1014 1015 fclose (fp); 1016 #endif 1017 1018 if (evp == NULL) 1019 return NULL; 1020 1021 pkeylen = i2d_PrivateKey(evp, NULL); 1022 if (pkeylen == 0) 1023 goto end; 1024 pkey = vmalloc(pkeylen); 1025 if (pkey == NULL) 1026 goto end; 1027 bp = (unsigned char *) pkey->v; 1028 pkeylen = i2d_PrivateKey(evp, &bp); 1029 if (pkeylen == 0) 1030 goto end; 1031 1032 error = 0; 1033 1034 end: 1035 if (evp != NULL) 1036 EVP_PKEY_free(evp); 1037 if (error != 0 && pkey != NULL) { 1038 vfree(pkey); 1039 pkey = NULL; 1040 } 1041 1042 return pkey; 1043 } 1044 1045 /* 1046 * get PKCS#1 Public Key of PEM format from local file. 1047 */ 1048 vchar_t * 1049 eay_get_pkcs1pubkey(path) 1050 char *path; 1051 { 1052 FILE *fp; 1053 EVP_PKEY *evp = NULL; 1054 vchar_t *pkey = NULL; 1055 X509 *x509 = NULL; 1056 u_char *bp; 1057 int pkeylen; 1058 int error = -1; 1059 1060 /* Read private key */ 1061 fp = fopen(path, "r"); 1062 if (fp == NULL) 1063 return NULL; 1064 1065 x509 = PEM_read_X509(fp, NULL, NULL, NULL); 1066 1067 fclose (fp); 1068 1069 if (x509 == NULL) 1070 return NULL; 1071 1072 /* Get public key - eay */ 1073 evp = X509_get_pubkey(x509); 1074 if (evp == NULL) 1075 return NULL; 1076 1077 pkeylen = i2d_PublicKey(evp, NULL); 1078 if (pkeylen == 0) 1079 goto end; 1080 pkey = vmalloc(pkeylen); 1081 if (pkey == NULL) 1082 goto end; 1083 bp = (unsigned char *) pkey->v; 1084 pkeylen = i2d_PublicKey(evp, &bp); 1085 if (pkeylen == 0) 1086 goto end; 1087 1088 error = 0; 1089 end: 1090 if (evp != NULL) 1091 EVP_PKEY_free(evp); 1092 if (error != 0 && pkey != NULL) { 1093 vfree(pkey); 1094 pkey = NULL; 1095 } 1096 1097 return pkey; 1098 } 1099 1100 vchar_t * 1101 eay_get_x509sign(src, privkey) 1102 vchar_t *src, *privkey; 1103 { 1104 EVP_PKEY *evp; 1105 u_char *bp = (unsigned char *) privkey->v; 1106 vchar_t *sig = NULL; 1107 int len; 1108 int pad = RSA_PKCS1_PADDING; 1109 1110 /* XXX to be handled EVP_PKEY_DSA */ 1111 evp = d2i_PrivateKey(EVP_PKEY_RSA, NULL, (void *)&bp, privkey->l); 1112 if (evp == NULL) 1113 return NULL; 1114 1115 sig = eay_rsa_sign(src, evp->pkey.rsa); 1116 1117 EVP_PKEY_free(evp); 1118 1119 return sig; 1120 } 1121 1122 vchar_t * 1123 eay_get_rsasign(src, rsa) 1124 vchar_t *src; 1125 RSA *rsa; 1126 { 1127 return eay_rsa_sign(src, rsa); 1128 } 1129 1130 vchar_t * 1131 eay_rsa_sign(vchar_t *src, RSA *rsa) 1132 { 1133 int len; 1134 vchar_t *sig = NULL; 1135 int pad = RSA_PKCS1_PADDING; 1136 1137 len = RSA_size(rsa); 1138 1139 sig = vmalloc(len); 1140 if (sig == NULL) 1141 return NULL; 1142 1143 len = RSA_private_encrypt(src->l, (unsigned char *) src->v, 1144 (unsigned char *) sig->v, rsa, pad); 1145 1146 if (len == 0 || len != sig->l) { 1147 vfree(sig); 1148 sig = NULL; 1149 } 1150 1151 return sig; 1152 } 1153 1154 int 1155 eay_rsa_verify(src, sig, rsa) 1156 vchar_t *src, *sig; 1157 RSA *rsa; 1158 { 1159 vchar_t *xbuf = NULL; 1160 int pad = RSA_PKCS1_PADDING; 1161 int len = 0; 1162 int error; 1163 1164 len = RSA_size(rsa); 1165 xbuf = vmalloc(len); 1166 if (xbuf == NULL) { 1167 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror()); 1168 return -1; 1169 } 1170 1171 len = RSA_public_decrypt(sig->l, (unsigned char *) sig->v, 1172 (unsigned char *) xbuf->v, rsa, pad); 1173 if (len == 0 || len != src->l) { 1174 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror()); 1175 vfree(xbuf); 1176 return -1; 1177 } 1178 1179 error = memcmp(src->v, xbuf->v, src->l); 1180 vfree(xbuf); 1181 if (error != 0) 1182 return -1; 1183 1184 return 0; 1185 } 1186 1187 /* 1188 * get error string 1189 * MUST load ERR_load_crypto_strings() first. 1190 */ 1191 char * 1192 eay_strerror() 1193 { 1194 static char ebuf[512]; 1195 int len = 0, n; 1196 unsigned long l; 1197 char buf[200]; 1198 const char *file, *data; 1199 int line, flags; 1200 unsigned long es; 1201 1202 es = CRYPTO_thread_id(); 1203 1204 while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0){ 1205 n = snprintf(ebuf + len, sizeof(ebuf) - len, 1206 "%lu:%s:%s:%d:%s ", 1207 es, ERR_error_string(l, buf), file, line, 1208 (flags & ERR_TXT_STRING) ? data : ""); 1209 if (n < 0 || n >= sizeof(ebuf) - len) 1210 break; 1211 len += n; 1212 if (sizeof(ebuf) < len) 1213 break; 1214 } 1215 1216 return ebuf; 1217 } 1218 1219 vchar_t * 1220 evp_crypt(vchar_t *data, vchar_t *key, vchar_t *iv, const EVP_CIPHER *e, int enc) 1221 { 1222 vchar_t *res; 1223 EVP_CIPHER_CTX ctx; 1224 1225 if (!e) 1226 return NULL; 1227 1228 if (data->l % EVP_CIPHER_block_size(e)) 1229 return NULL; 1230 1231 if ((res = vmalloc(data->l)) == NULL) 1232 return NULL; 1233 1234 EVP_CIPHER_CTX_init(&ctx); 1235 1236 switch(EVP_CIPHER_nid(e)){ 1237 case NID_bf_cbc: 1238 case NID_bf_ecb: 1239 case NID_bf_cfb64: 1240 case NID_bf_ofb64: 1241 case NID_cast5_cbc: 1242 case NID_cast5_ecb: 1243 case NID_cast5_cfb64: 1244 case NID_cast5_ofb64: 1245 /* XXX: can we do that also for algos with a fixed key size ? 1246 */ 1247 /* init context without key/iv 1248 */ 1249 if (!EVP_CipherInit(&ctx, e, NULL, NULL, enc)) 1250 { 1251 OpenSSL_BUG(); 1252 vfree(res); 1253 return NULL; 1254 } 1255 1256 /* update key size 1257 */ 1258 if (!EVP_CIPHER_CTX_set_key_length(&ctx, key->l)) 1259 { 1260 OpenSSL_BUG(); 1261 vfree(res); 1262 return NULL; 1263 } 1264 1265 /* finalize context init with desired key size 1266 */ 1267 if (!EVP_CipherInit(&ctx, NULL, (u_char *) key->v, 1268 (u_char *) iv->v, enc)) 1269 { 1270 OpenSSL_BUG(); 1271 vfree(res); 1272 return NULL; 1273 } 1274 break; 1275 default: 1276 if (!EVP_CipherInit(&ctx, e, (u_char *) key->v, 1277 (u_char *) iv->v, enc)) { 1278 OpenSSL_BUG(); 1279 vfree(res); 1280 return NULL; 1281 } 1282 } 1283 1284 /* disable openssl padding */ 1285 EVP_CIPHER_CTX_set_padding(&ctx, 0); 1286 1287 if (!EVP_Cipher(&ctx, (u_char *) res->v, (u_char *) data->v, data->l)) { 1288 OpenSSL_BUG(); 1289 vfree(res); 1290 return NULL; 1291 } 1292 1293 EVP_CIPHER_CTX_cleanup(&ctx); 1294 1295 return res; 1296 } 1297 1298 int 1299 evp_weakkey(vchar_t *key, const EVP_CIPHER *e) 1300 { 1301 return 0; 1302 } 1303 1304 int 1305 evp_keylen(int len, const EVP_CIPHER *e) 1306 { 1307 if (!e) 1308 return -1; 1309 /* EVP functions return lengths in bytes, ipsec-tools 1310 * uses lengths in bits, therefore conversion is required. --AK 1311 */ 1312 if (len != 0 && len != (EVP_CIPHER_key_length(e) << 3)) 1313 return -1; 1314 1315 return EVP_CIPHER_key_length(e) << 3; 1316 } 1317 1318 /* 1319 * DES-CBC 1320 */ 1321 vchar_t * 1322 eay_des_encrypt(data, key, iv) 1323 vchar_t *data, *key, *iv; 1324 { 1325 return evp_crypt(data, key, iv, EVP_des_cbc(), 1); 1326 } 1327 1328 vchar_t * 1329 eay_des_decrypt(data, key, iv) 1330 vchar_t *data, *key, *iv; 1331 { 1332 return evp_crypt(data, key, iv, EVP_des_cbc(), 0); 1333 } 1334 1335 int 1336 eay_des_weakkey(key) 1337 vchar_t *key; 1338 { 1339 #ifdef USE_NEW_DES_API 1340 return DES_is_weak_key((void *)key->v); 1341 #else 1342 return des_is_weak_key((void *)key->v); 1343 #endif 1344 } 1345 1346 int 1347 eay_des_keylen(len) 1348 int len; 1349 { 1350 return evp_keylen(len, EVP_des_cbc()); 1351 } 1352 1353 #ifdef HAVE_OPENSSL_IDEA_H 1354 /* 1355 * IDEA-CBC 1356 */ 1357 vchar_t * 1358 eay_idea_encrypt(data, key, iv) 1359 vchar_t *data, *key, *iv; 1360 { 1361 vchar_t *res; 1362 IDEA_KEY_SCHEDULE ks; 1363 1364 idea_set_encrypt_key((unsigned char *)key->v, &ks); 1365 1366 /* allocate buffer for result */ 1367 if ((res = vmalloc(data->l)) == NULL) 1368 return NULL; 1369 1370 /* decryption data */ 1371 idea_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l, 1372 &ks, (unsigned char *)iv->v, IDEA_ENCRYPT); 1373 1374 return res; 1375 } 1376 1377 vchar_t * 1378 eay_idea_decrypt(data, key, iv) 1379 vchar_t *data, *key, *iv; 1380 { 1381 vchar_t *res; 1382 IDEA_KEY_SCHEDULE ks, dks; 1383 1384 idea_set_encrypt_key((unsigned char *)key->v, &ks); 1385 idea_set_decrypt_key(&ks, &dks); 1386 1387 /* allocate buffer for result */ 1388 if ((res = vmalloc(data->l)) == NULL) 1389 return NULL; 1390 1391 /* decryption data */ 1392 idea_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l, 1393 &dks, (unsigned char *)iv->v, IDEA_DECRYPT); 1394 1395 return res; 1396 } 1397 1398 int 1399 eay_idea_weakkey(key) 1400 vchar_t *key; 1401 { 1402 return 0; /* XXX */ 1403 } 1404 1405 int 1406 eay_idea_keylen(len) 1407 int len; 1408 { 1409 if (len != 0 && len != 128) 1410 return -1; 1411 return 128; 1412 } 1413 #endif 1414 1415 /* 1416 * BLOWFISH-CBC 1417 */ 1418 vchar_t * 1419 eay_bf_encrypt(data, key, iv) 1420 vchar_t *data, *key, *iv; 1421 { 1422 return evp_crypt(data, key, iv, EVP_bf_cbc(), 1); 1423 } 1424 1425 vchar_t * 1426 eay_bf_decrypt(data, key, iv) 1427 vchar_t *data, *key, *iv; 1428 { 1429 return evp_crypt(data, key, iv, EVP_bf_cbc(), 0); 1430 } 1431 1432 int 1433 eay_bf_weakkey(key) 1434 vchar_t *key; 1435 { 1436 return 0; /* XXX to be done. refer to RFC 2451 */ 1437 } 1438 1439 int 1440 eay_bf_keylen(len) 1441 int len; 1442 { 1443 if (len == 0) 1444 return 448; 1445 if (len < 40 || len > 448) 1446 return -1; 1447 return len; 1448 } 1449 1450 #ifdef HAVE_OPENSSL_RC5_H 1451 /* 1452 * RC5-CBC 1453 */ 1454 vchar_t * 1455 eay_rc5_encrypt(data, key, iv) 1456 vchar_t *data, *key, *iv; 1457 { 1458 vchar_t *res; 1459 RC5_32_KEY ks; 1460 1461 /* in RFC 2451, there is information about the number of round. */ 1462 RC5_32_set_key(&ks, key->l, (unsigned char *)key->v, 16); 1463 1464 /* allocate buffer for result */ 1465 if ((res = vmalloc(data->l)) == NULL) 1466 return NULL; 1467 1468 /* decryption data */ 1469 RC5_32_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l, 1470 &ks, (unsigned char *)iv->v, RC5_ENCRYPT); 1471 1472 return res; 1473 } 1474 1475 vchar_t * 1476 eay_rc5_decrypt(data, key, iv) 1477 vchar_t *data, *key, *iv; 1478 { 1479 vchar_t *res; 1480 RC5_32_KEY ks; 1481 1482 /* in RFC 2451, there is information about the number of round. */ 1483 RC5_32_set_key(&ks, key->l, (unsigned char *)key->v, 16); 1484 1485 /* allocate buffer for result */ 1486 if ((res = vmalloc(data->l)) == NULL) 1487 return NULL; 1488 1489 /* decryption data */ 1490 RC5_32_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l, 1491 &ks, (unsigned char *)iv->v, RC5_DECRYPT); 1492 1493 return res; 1494 } 1495 1496 int 1497 eay_rc5_weakkey(key) 1498 vchar_t *key; 1499 { 1500 return 0; /* No known weak keys when used with 16 rounds. */ 1501 1502 } 1503 1504 int 1505 eay_rc5_keylen(len) 1506 int len; 1507 { 1508 if (len == 0) 1509 return 128; 1510 if (len < 40 || len > 2040) 1511 return -1; 1512 return len; 1513 } 1514 #endif 1515 1516 /* 1517 * 3DES-CBC 1518 */ 1519 vchar_t * 1520 eay_3des_encrypt(data, key, iv) 1521 vchar_t *data, *key, *iv; 1522 { 1523 return evp_crypt(data, key, iv, EVP_des_ede3_cbc(), 1); 1524 } 1525 1526 vchar_t * 1527 eay_3des_decrypt(data, key, iv) 1528 vchar_t *data, *key, *iv; 1529 { 1530 return evp_crypt(data, key, iv, EVP_des_ede3_cbc(), 0); 1531 } 1532 1533 int 1534 eay_3des_weakkey(key) 1535 vchar_t *key; 1536 { 1537 #ifdef USE_NEW_DES_API 1538 return (DES_is_weak_key((void *)key->v) || 1539 DES_is_weak_key((void *)(key->v + 8)) || 1540 DES_is_weak_key((void *)(key->v + 16))); 1541 #else 1542 if (key->l < 24) 1543 return 0; 1544 1545 return (des_is_weak_key((void *)key->v) || 1546 des_is_weak_key((void *)(key->v + 8)) || 1547 des_is_weak_key((void *)(key->v + 16))); 1548 #endif 1549 } 1550 1551 int 1552 eay_3des_keylen(len) 1553 int len; 1554 { 1555 if (len != 0 && len != 192) 1556 return -1; 1557 return 192; 1558 } 1559 1560 /* 1561 * CAST-CBC 1562 */ 1563 vchar_t * 1564 eay_cast_encrypt(data, key, iv) 1565 vchar_t *data, *key, *iv; 1566 { 1567 return evp_crypt(data, key, iv, EVP_cast5_cbc(), 1); 1568 } 1569 1570 vchar_t * 1571 eay_cast_decrypt(data, key, iv) 1572 vchar_t *data, *key, *iv; 1573 { 1574 return evp_crypt(data, key, iv, EVP_cast5_cbc(), 0); 1575 } 1576 1577 int 1578 eay_cast_weakkey(key) 1579 vchar_t *key; 1580 { 1581 return 0; /* No known weak keys. */ 1582 } 1583 1584 int 1585 eay_cast_keylen(len) 1586 int len; 1587 { 1588 if (len == 0) 1589 return 128; 1590 if (len < 40 || len > 128) 1591 return -1; 1592 return len; 1593 } 1594 1595 /* 1596 * AES(RIJNDAEL)-CBC 1597 */ 1598 #ifndef HAVE_OPENSSL_AES_H 1599 vchar_t * 1600 eay_aes_encrypt(data, key, iv) 1601 vchar_t *data, *key, *iv; 1602 { 1603 vchar_t *res; 1604 keyInstance k; 1605 cipherInstance c; 1606 1607 memset(&k, 0, sizeof(k)); 1608 if (rijndael_makeKey(&k, DIR_ENCRYPT, key->l << 3, key->v) < 0) 1609 return NULL; 1610 1611 /* allocate buffer for result */ 1612 if ((res = vmalloc(data->l)) == NULL) 1613 return NULL; 1614 1615 /* encryption data */ 1616 memset(&c, 0, sizeof(c)); 1617 if (rijndael_cipherInit(&c, MODE_CBC, iv->v) < 0){ 1618 vfree(res); 1619 return NULL; 1620 } 1621 if (rijndael_blockEncrypt(&c, &k, data->v, data->l << 3, res->v) < 0){ 1622 vfree(res); 1623 return NULL; 1624 } 1625 1626 return res; 1627 } 1628 1629 vchar_t * 1630 eay_aes_decrypt(data, key, iv) 1631 vchar_t *data, *key, *iv; 1632 { 1633 vchar_t *res; 1634 keyInstance k; 1635 cipherInstance c; 1636 1637 memset(&k, 0, sizeof(k)); 1638 if (rijndael_makeKey(&k, DIR_DECRYPT, key->l << 3, key->v) < 0) 1639 return NULL; 1640 1641 /* allocate buffer for result */ 1642 if ((res = vmalloc(data->l)) == NULL) 1643 return NULL; 1644 1645 /* decryption data */ 1646 memset(&c, 0, sizeof(c)); 1647 if (rijndael_cipherInit(&c, MODE_CBC, iv->v) < 0){ 1648 vfree(res); 1649 return NULL; 1650 } 1651 if (rijndael_blockDecrypt(&c, &k, data->v, data->l << 3, res->v) < 0){ 1652 vfree(res); 1653 return NULL; 1654 } 1655 1656 return res; 1657 } 1658 #else 1659 static inline const EVP_CIPHER * 1660 aes_evp_by_keylen(int keylen) 1661 { 1662 switch(keylen) { 1663 case 16: 1664 case 128: 1665 return EVP_aes_128_cbc(); 1666 case 24: 1667 case 192: 1668 return EVP_aes_192_cbc(); 1669 case 32: 1670 case 256: 1671 return EVP_aes_256_cbc(); 1672 default: 1673 return NULL; 1674 } 1675 } 1676 1677 vchar_t * 1678 eay_aes_encrypt(data, key, iv) 1679 vchar_t *data, *key, *iv; 1680 { 1681 return evp_crypt(data, key, iv, aes_evp_by_keylen(key->l), 1); 1682 } 1683 1684 vchar_t * 1685 eay_aes_decrypt(data, key, iv) 1686 vchar_t *data, *key, *iv; 1687 { 1688 return evp_crypt(data, key, iv, aes_evp_by_keylen(key->l), 0); 1689 } 1690 #endif 1691 1692 int 1693 eay_aes_weakkey(key) 1694 vchar_t *key; 1695 { 1696 return 0; 1697 } 1698 1699 int 1700 eay_aes_keylen(len) 1701 int len; 1702 { 1703 if (len == 0) 1704 return 128; 1705 if (len != 128 && len != 192 && len != 256) 1706 return -1; 1707 return len; 1708 } 1709 1710 #if defined(HAVE_OPENSSL_CAMELLIA_H) 1711 /* 1712 * CAMELLIA-CBC 1713 */ 1714 static inline const EVP_CIPHER * 1715 camellia_evp_by_keylen(int keylen) 1716 { 1717 switch(keylen) { 1718 case 16: 1719 case 128: 1720 return EVP_camellia_128_cbc(); 1721 case 24: 1722 case 192: 1723 return EVP_camellia_192_cbc(); 1724 case 32: 1725 case 256: 1726 return EVP_camellia_256_cbc(); 1727 default: 1728 return NULL; 1729 } 1730 } 1731 1732 vchar_t * 1733 eay_camellia_encrypt(data, key, iv) 1734 vchar_t *data, *key, *iv; 1735 { 1736 return evp_crypt(data, key, iv, camellia_evp_by_keylen(key->l), 1); 1737 } 1738 1739 vchar_t * 1740 eay_camellia_decrypt(data, key, iv) 1741 vchar_t *data, *key, *iv; 1742 { 1743 return evp_crypt(data, key, iv, camellia_evp_by_keylen(key->l), 0); 1744 } 1745 1746 int 1747 eay_camellia_weakkey(key) 1748 vchar_t *key; 1749 { 1750 return 0; 1751 } 1752 1753 int 1754 eay_camellia_keylen(len) 1755 int len; 1756 { 1757 if (len == 0) 1758 return 128; 1759 if (len != 128 && len != 192 && len != 256) 1760 return -1; 1761 return len; 1762 } 1763 1764 #endif 1765 1766 /* for ipsec part */ 1767 int 1768 eay_null_hashlen() 1769 { 1770 return 0; 1771 } 1772 1773 int 1774 eay_kpdk_hashlen() 1775 { 1776 return 0; 1777 } 1778 1779 int 1780 eay_twofish_keylen(len) 1781 int len; 1782 { 1783 if (len < 0 || len > 256) 1784 return -1; 1785 return len; 1786 } 1787 1788 int 1789 eay_null_keylen(len) 1790 int len; 1791 { 1792 return 0; 1793 } 1794 1795 /* 1796 * HMAC functions 1797 */ 1798 static caddr_t 1799 eay_hmac_init(key, md) 1800 vchar_t *key; 1801 const EVP_MD *md; 1802 { 1803 HMAC_CTX *c = racoon_malloc(sizeof(*c)); 1804 1805 HMAC_Init(c, key->v, key->l, md); 1806 1807 return (caddr_t)c; 1808 } 1809 1810 #ifdef WITH_SHA2 1811 /* 1812 * HMAC SHA2-512 1813 */ 1814 vchar_t * 1815 eay_hmacsha2_512_one(key, data) 1816 vchar_t *key, *data; 1817 { 1818 vchar_t *res; 1819 caddr_t ctx; 1820 1821 ctx = eay_hmacsha2_512_init(key); 1822 eay_hmacsha2_512_update(ctx, data); 1823 res = eay_hmacsha2_512_final(ctx); 1824 1825 return(res); 1826 } 1827 1828 caddr_t 1829 eay_hmacsha2_512_init(key) 1830 vchar_t *key; 1831 { 1832 return eay_hmac_init(key, EVP_sha2_512()); 1833 } 1834 1835 void 1836 eay_hmacsha2_512_update(c, data) 1837 caddr_t c; 1838 vchar_t *data; 1839 { 1840 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l); 1841 } 1842 1843 vchar_t * 1844 eay_hmacsha2_512_final(c) 1845 caddr_t c; 1846 { 1847 vchar_t *res; 1848 unsigned int l; 1849 1850 if ((res = vmalloc(SHA512_DIGEST_LENGTH)) == 0) 1851 return NULL; 1852 1853 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l); 1854 res->l = l; 1855 HMAC_cleanup((HMAC_CTX *)c); 1856 (void)racoon_free(c); 1857 1858 if (SHA512_DIGEST_LENGTH != res->l) { 1859 plog(LLV_ERROR, LOCATION, NULL, 1860 "hmac sha2_512 length mismatch %zd.\n", res->l); 1861 vfree(res); 1862 return NULL; 1863 } 1864 1865 return(res); 1866 } 1867 1868 /* 1869 * HMAC SHA2-384 1870 */ 1871 vchar_t * 1872 eay_hmacsha2_384_one(key, data) 1873 vchar_t *key, *data; 1874 { 1875 vchar_t *res; 1876 caddr_t ctx; 1877 1878 ctx = eay_hmacsha2_384_init(key); 1879 eay_hmacsha2_384_update(ctx, data); 1880 res = eay_hmacsha2_384_final(ctx); 1881 1882 return(res); 1883 } 1884 1885 caddr_t 1886 eay_hmacsha2_384_init(key) 1887 vchar_t *key; 1888 { 1889 return eay_hmac_init(key, EVP_sha2_384()); 1890 } 1891 1892 void 1893 eay_hmacsha2_384_update(c, data) 1894 caddr_t c; 1895 vchar_t *data; 1896 { 1897 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l); 1898 } 1899 1900 vchar_t * 1901 eay_hmacsha2_384_final(c) 1902 caddr_t c; 1903 { 1904 vchar_t *res; 1905 unsigned int l; 1906 1907 if ((res = vmalloc(SHA384_DIGEST_LENGTH)) == 0) 1908 return NULL; 1909 1910 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l); 1911 res->l = l; 1912 HMAC_cleanup((HMAC_CTX *)c); 1913 (void)racoon_free(c); 1914 1915 if (SHA384_DIGEST_LENGTH != res->l) { 1916 plog(LLV_ERROR, LOCATION, NULL, 1917 "hmac sha2_384 length mismatch %zd.\n", res->l); 1918 vfree(res); 1919 return NULL; 1920 } 1921 1922 return(res); 1923 } 1924 1925 /* 1926 * HMAC SHA2-256 1927 */ 1928 vchar_t * 1929 eay_hmacsha2_256_one(key, data) 1930 vchar_t *key, *data; 1931 { 1932 vchar_t *res; 1933 caddr_t ctx; 1934 1935 ctx = eay_hmacsha2_256_init(key); 1936 eay_hmacsha2_256_update(ctx, data); 1937 res = eay_hmacsha2_256_final(ctx); 1938 1939 return(res); 1940 } 1941 1942 caddr_t 1943 eay_hmacsha2_256_init(key) 1944 vchar_t *key; 1945 { 1946 return eay_hmac_init(key, EVP_sha2_256()); 1947 } 1948 1949 void 1950 eay_hmacsha2_256_update(c, data) 1951 caddr_t c; 1952 vchar_t *data; 1953 { 1954 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l); 1955 } 1956 1957 vchar_t * 1958 eay_hmacsha2_256_final(c) 1959 caddr_t c; 1960 { 1961 vchar_t *res; 1962 unsigned int l; 1963 1964 if ((res = vmalloc(SHA256_DIGEST_LENGTH)) == 0) 1965 return NULL; 1966 1967 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l); 1968 res->l = l; 1969 HMAC_cleanup((HMAC_CTX *)c); 1970 (void)racoon_free(c); 1971 1972 if (SHA256_DIGEST_LENGTH != res->l) { 1973 plog(LLV_ERROR, LOCATION, NULL, 1974 "hmac sha2_256 length mismatch %zd.\n", res->l); 1975 vfree(res); 1976 return NULL; 1977 } 1978 1979 return(res); 1980 } 1981 #endif /* WITH_SHA2 */ 1982 1983 /* 1984 * HMAC SHA1 1985 */ 1986 vchar_t * 1987 eay_hmacsha1_one(key, data) 1988 vchar_t *key, *data; 1989 { 1990 vchar_t *res; 1991 caddr_t ctx; 1992 1993 ctx = eay_hmacsha1_init(key); 1994 eay_hmacsha1_update(ctx, data); 1995 res = eay_hmacsha1_final(ctx); 1996 1997 return(res); 1998 } 1999 2000 caddr_t 2001 eay_hmacsha1_init(key) 2002 vchar_t *key; 2003 { 2004 return eay_hmac_init(key, EVP_sha1()); 2005 } 2006 2007 void 2008 eay_hmacsha1_update(c, data) 2009 caddr_t c; 2010 vchar_t *data; 2011 { 2012 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l); 2013 } 2014 2015 vchar_t * 2016 eay_hmacsha1_final(c) 2017 caddr_t c; 2018 { 2019 vchar_t *res; 2020 unsigned int l; 2021 2022 if ((res = vmalloc(SHA_DIGEST_LENGTH)) == 0) 2023 return NULL; 2024 2025 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l); 2026 res->l = l; 2027 HMAC_cleanup((HMAC_CTX *)c); 2028 (void)racoon_free(c); 2029 2030 if (SHA_DIGEST_LENGTH != res->l) { 2031 plog(LLV_ERROR, LOCATION, NULL, 2032 "hmac sha1 length mismatch %zd.\n", res->l); 2033 vfree(res); 2034 return NULL; 2035 } 2036 2037 return(res); 2038 } 2039 2040 /* 2041 * HMAC MD5 2042 */ 2043 vchar_t * 2044 eay_hmacmd5_one(key, data) 2045 vchar_t *key, *data; 2046 { 2047 vchar_t *res; 2048 caddr_t ctx; 2049 2050 ctx = eay_hmacmd5_init(key); 2051 eay_hmacmd5_update(ctx, data); 2052 res = eay_hmacmd5_final(ctx); 2053 2054 return(res); 2055 } 2056 2057 caddr_t 2058 eay_hmacmd5_init(key) 2059 vchar_t *key; 2060 { 2061 return eay_hmac_init(key, EVP_md5()); 2062 } 2063 2064 void 2065 eay_hmacmd5_update(c, data) 2066 caddr_t c; 2067 vchar_t *data; 2068 { 2069 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l); 2070 } 2071 2072 vchar_t * 2073 eay_hmacmd5_final(c) 2074 caddr_t c; 2075 { 2076 vchar_t *res; 2077 unsigned int l; 2078 2079 if ((res = vmalloc(MD5_DIGEST_LENGTH)) == 0) 2080 return NULL; 2081 2082 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l); 2083 res->l = l; 2084 HMAC_cleanup((HMAC_CTX *)c); 2085 (void)racoon_free(c); 2086 2087 if (MD5_DIGEST_LENGTH != res->l) { 2088 plog(LLV_ERROR, LOCATION, NULL, 2089 "hmac md5 length mismatch %zd.\n", res->l); 2090 vfree(res); 2091 return NULL; 2092 } 2093 2094 return(res); 2095 } 2096 2097 #ifdef WITH_SHA2 2098 /* 2099 * SHA2-512 functions 2100 */ 2101 caddr_t 2102 eay_sha2_512_init() 2103 { 2104 SHA512_CTX *c = racoon_malloc(sizeof(*c)); 2105 2106 SHA512_Init(c); 2107 2108 return((caddr_t)c); 2109 } 2110 2111 void 2112 eay_sha2_512_update(c, data) 2113 caddr_t c; 2114 vchar_t *data; 2115 { 2116 SHA512_Update((SHA512_CTX *)c, (unsigned char *) data->v, data->l); 2117 2118 return; 2119 } 2120 2121 vchar_t * 2122 eay_sha2_512_final(c) 2123 caddr_t c; 2124 { 2125 vchar_t *res; 2126 2127 if ((res = vmalloc(SHA512_DIGEST_LENGTH)) == 0) 2128 return(0); 2129 2130 SHA512_Final((unsigned char *) res->v, (SHA512_CTX *)c); 2131 (void)racoon_free(c); 2132 2133 return(res); 2134 } 2135 2136 vchar_t * 2137 eay_sha2_512_one(data) 2138 vchar_t *data; 2139 { 2140 caddr_t ctx; 2141 vchar_t *res; 2142 2143 ctx = eay_sha2_512_init(); 2144 eay_sha2_512_update(ctx, data); 2145 res = eay_sha2_512_final(ctx); 2146 2147 return(res); 2148 } 2149 2150 int 2151 eay_sha2_512_hashlen() 2152 { 2153 return SHA512_DIGEST_LENGTH << 3; 2154 } 2155 #endif 2156 2157 #ifdef WITH_SHA2 2158 /* 2159 * SHA2-384 functions 2160 */ 2161 caddr_t 2162 eay_sha2_384_init() 2163 { 2164 SHA384_CTX *c = racoon_malloc(sizeof(*c)); 2165 2166 SHA384_Init(c); 2167 2168 return((caddr_t)c); 2169 } 2170 2171 void 2172 eay_sha2_384_update(c, data) 2173 caddr_t c; 2174 vchar_t *data; 2175 { 2176 SHA384_Update((SHA384_CTX *)c, (unsigned char *) data->v, data->l); 2177 2178 return; 2179 } 2180 2181 vchar_t * 2182 eay_sha2_384_final(c) 2183 caddr_t c; 2184 { 2185 vchar_t *res; 2186 2187 if ((res = vmalloc(SHA384_DIGEST_LENGTH)) == 0) 2188 return(0); 2189 2190 SHA384_Final((unsigned char *) res->v, (SHA384_CTX *)c); 2191 (void)racoon_free(c); 2192 2193 return(res); 2194 } 2195 2196 vchar_t * 2197 eay_sha2_384_one(data) 2198 vchar_t *data; 2199 { 2200 caddr_t ctx; 2201 vchar_t *res; 2202 2203 ctx = eay_sha2_384_init(); 2204 eay_sha2_384_update(ctx, data); 2205 res = eay_sha2_384_final(ctx); 2206 2207 return(res); 2208 } 2209 2210 int 2211 eay_sha2_384_hashlen() 2212 { 2213 return SHA384_DIGEST_LENGTH << 3; 2214 } 2215 #endif 2216 2217 #ifdef WITH_SHA2 2218 /* 2219 * SHA2-256 functions 2220 */ 2221 caddr_t 2222 eay_sha2_256_init() 2223 { 2224 SHA256_CTX *c = racoon_malloc(sizeof(*c)); 2225 2226 SHA256_Init(c); 2227 2228 return((caddr_t)c); 2229 } 2230 2231 void 2232 eay_sha2_256_update(c, data) 2233 caddr_t c; 2234 vchar_t *data; 2235 { 2236 SHA256_Update((SHA256_CTX *)c, (unsigned char *) data->v, data->l); 2237 2238 return; 2239 } 2240 2241 vchar_t * 2242 eay_sha2_256_final(c) 2243 caddr_t c; 2244 { 2245 vchar_t *res; 2246 2247 if ((res = vmalloc(SHA256_DIGEST_LENGTH)) == 0) 2248 return(0); 2249 2250 SHA256_Final((unsigned char *) res->v, (SHA256_CTX *)c); 2251 (void)racoon_free(c); 2252 2253 return(res); 2254 } 2255 2256 vchar_t * 2257 eay_sha2_256_one(data) 2258 vchar_t *data; 2259 { 2260 caddr_t ctx; 2261 vchar_t *res; 2262 2263 ctx = eay_sha2_256_init(); 2264 eay_sha2_256_update(ctx, data); 2265 res = eay_sha2_256_final(ctx); 2266 2267 return(res); 2268 } 2269 2270 int 2271 eay_sha2_256_hashlen() 2272 { 2273 return SHA256_DIGEST_LENGTH << 3; 2274 } 2275 #endif 2276 2277 /* 2278 * SHA functions 2279 */ 2280 caddr_t 2281 eay_sha1_init() 2282 { 2283 SHA_CTX *c = racoon_malloc(sizeof(*c)); 2284 2285 SHA1_Init(c); 2286 2287 return((caddr_t)c); 2288 } 2289 2290 void 2291 eay_sha1_update(c, data) 2292 caddr_t c; 2293 vchar_t *data; 2294 { 2295 SHA1_Update((SHA_CTX *)c, data->v, data->l); 2296 2297 return; 2298 } 2299 2300 vchar_t * 2301 eay_sha1_final(c) 2302 caddr_t c; 2303 { 2304 vchar_t *res; 2305 2306 if ((res = vmalloc(SHA_DIGEST_LENGTH)) == 0) 2307 return(0); 2308 2309 SHA1_Final((unsigned char *) res->v, (SHA_CTX *)c); 2310 (void)racoon_free(c); 2311 2312 return(res); 2313 } 2314 2315 vchar_t * 2316 eay_sha1_one(data) 2317 vchar_t *data; 2318 { 2319 caddr_t ctx; 2320 vchar_t *res; 2321 2322 ctx = eay_sha1_init(); 2323 eay_sha1_update(ctx, data); 2324 res = eay_sha1_final(ctx); 2325 2326 return(res); 2327 } 2328 2329 int 2330 eay_sha1_hashlen() 2331 { 2332 return SHA_DIGEST_LENGTH << 3; 2333 } 2334 2335 /* 2336 * MD5 functions 2337 */ 2338 caddr_t 2339 eay_md5_init() 2340 { 2341 MD5_CTX *c = racoon_malloc(sizeof(*c)); 2342 2343 MD5_Init(c); 2344 2345 return((caddr_t)c); 2346 } 2347 2348 void 2349 eay_md5_update(c, data) 2350 caddr_t c; 2351 vchar_t *data; 2352 { 2353 MD5_Update((MD5_CTX *)c, data->v, data->l); 2354 2355 return; 2356 } 2357 2358 vchar_t * 2359 eay_md5_final(c) 2360 caddr_t c; 2361 { 2362 vchar_t *res; 2363 2364 if ((res = vmalloc(MD5_DIGEST_LENGTH)) == 0) 2365 return(0); 2366 2367 MD5_Final((unsigned char *) res->v, (MD5_CTX *)c); 2368 (void)racoon_free(c); 2369 2370 return(res); 2371 } 2372 2373 vchar_t * 2374 eay_md5_one(data) 2375 vchar_t *data; 2376 { 2377 caddr_t ctx; 2378 vchar_t *res; 2379 2380 ctx = eay_md5_init(); 2381 eay_md5_update(ctx, data); 2382 res = eay_md5_final(ctx); 2383 2384 return(res); 2385 } 2386 2387 int 2388 eay_md5_hashlen() 2389 { 2390 return MD5_DIGEST_LENGTH << 3; 2391 } 2392 2393 /* 2394 * eay_set_random 2395 * size: number of bytes. 2396 */ 2397 vchar_t * 2398 eay_set_random(size) 2399 u_int32_t size; 2400 { 2401 BIGNUM *r = NULL; 2402 vchar_t *res = 0; 2403 2404 if ((r = BN_new()) == NULL) 2405 goto end; 2406 BN_rand(r, size * 8, 0, 0); 2407 eay_bn2v(&res, r); 2408 2409 end: 2410 if (r) 2411 BN_free(r); 2412 return(res); 2413 } 2414 2415 /* DH */ 2416 int 2417 eay_dh_generate(prime, g, publen, pub, priv) 2418 vchar_t *prime, **pub, **priv; 2419 u_int publen; 2420 u_int32_t g; 2421 { 2422 BIGNUM *p = NULL; 2423 DH *dh = NULL; 2424 int error = -1; 2425 2426 /* initialize */ 2427 /* pre-process to generate number */ 2428 if (eay_v2bn(&p, prime) < 0) 2429 goto end; 2430 2431 if ((dh = DH_new()) == NULL) 2432 goto end; 2433 dh->p = p; 2434 p = NULL; /* p is now part of dh structure */ 2435 dh->g = NULL; 2436 if ((dh->g = BN_new()) == NULL) 2437 goto end; 2438 if (!BN_set_word(dh->g, g)) 2439 goto end; 2440 2441 if (publen != 0) 2442 dh->length = publen; 2443 2444 /* generate public and private number */ 2445 if (!DH_generate_key(dh)) 2446 goto end; 2447 2448 /* copy results to buffers */ 2449 if (eay_bn2v(pub, dh->pub_key) < 0) 2450 goto end; 2451 if (eay_bn2v(priv, dh->priv_key) < 0) { 2452 vfree(*pub); 2453 goto end; 2454 } 2455 2456 error = 0; 2457 2458 end: 2459 if (dh != NULL) 2460 DH_free(dh); 2461 if (p != 0) 2462 BN_free(p); 2463 return(error); 2464 } 2465 2466 int 2467 eay_dh_compute(prime, g, pub, priv, pub2, key) 2468 vchar_t *prime, *pub, *priv, *pub2, **key; 2469 u_int32_t g; 2470 { 2471 BIGNUM *dh_pub = NULL; 2472 DH *dh = NULL; 2473 int l; 2474 unsigned char *v = NULL; 2475 int error = -1; 2476 2477 /* make public number to compute */ 2478 if (eay_v2bn(&dh_pub, pub2) < 0) 2479 goto end; 2480 2481 /* make DH structure */ 2482 if ((dh = DH_new()) == NULL) 2483 goto end; 2484 if (eay_v2bn(&dh->p, prime) < 0) 2485 goto end; 2486 if (eay_v2bn(&dh->pub_key, pub) < 0) 2487 goto end; 2488 if (eay_v2bn(&dh->priv_key, priv) < 0) 2489 goto end; 2490 dh->length = pub2->l * 8; 2491 2492 dh->g = NULL; 2493 if ((dh->g = BN_new()) == NULL) 2494 goto end; 2495 if (!BN_set_word(dh->g, g)) 2496 goto end; 2497 2498 if ((v = racoon_calloc(prime->l, sizeof(u_char))) == NULL) 2499 goto end; 2500 if ((l = DH_compute_key(v, dh_pub, dh)) == -1) 2501 goto end; 2502 memcpy((*key)->v + (prime->l - l), v, l); 2503 2504 error = 0; 2505 2506 end: 2507 if (dh_pub != NULL) 2508 BN_free(dh_pub); 2509 if (dh != NULL) 2510 DH_free(dh); 2511 if (v != NULL) 2512 racoon_free(v); 2513 return(error); 2514 } 2515 2516 /* 2517 * convert vchar_t <-> BIGNUM. 2518 * 2519 * vchar_t: unit is u_char, network endian, most significant byte first. 2520 * BIGNUM: unit is BN_ULONG, each of BN_ULONG is in host endian, 2521 * least significant BN_ULONG must come first. 2522 * 2523 * hex value of "0x3ffe050104" is represented as follows: 2524 * vchar_t: 3f fe 05 01 04 2525 * BIGNUM (BN_ULONG = u_int8_t): 04 01 05 fe 3f 2526 * BIGNUM (BN_ULONG = u_int16_t): 0x0104 0xfe05 0x003f 2527 * BIGNUM (BN_ULONG = u_int32_t_t): 0xfe050104 0x0000003f 2528 */ 2529 int 2530 eay_v2bn(bn, var) 2531 BIGNUM **bn; 2532 vchar_t *var; 2533 { 2534 if ((*bn = BN_bin2bn((unsigned char *) var->v, var->l, NULL)) == NULL) 2535 return -1; 2536 2537 return 0; 2538 } 2539 2540 int 2541 eay_bn2v(var, bn) 2542 vchar_t **var; 2543 BIGNUM *bn; 2544 { 2545 *var = vmalloc(bn->top * BN_BYTES); 2546 if (*var == NULL) 2547 return(-1); 2548 2549 (*var)->l = BN_bn2bin(bn, (unsigned char *) (*var)->v); 2550 2551 return 0; 2552 } 2553 2554 void 2555 eay_init() 2556 { 2557 OpenSSL_add_all_algorithms(); 2558 ERR_load_crypto_strings(); 2559 #ifdef HAVE_OPENSSL_ENGINE_H 2560 ENGINE_load_builtin_engines(); 2561 ENGINE_register_all_complete(); 2562 #endif 2563 } 2564 2565 vchar_t * 2566 base64_decode(char *in, long inlen) 2567 { 2568 BIO *bio=NULL, *b64=NULL; 2569 vchar_t *res = NULL; 2570 char *outb; 2571 long outlen; 2572 2573 outb = malloc(inlen * 2); 2574 if (outb == NULL) 2575 goto out; 2576 bio = BIO_new_mem_buf(in, inlen); 2577 b64 = BIO_new(BIO_f_base64()); 2578 BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); 2579 bio = BIO_push(b64, bio); 2580 2581 outlen = BIO_read(bio, outb, inlen * 2); 2582 if (outlen <= 0) { 2583 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror()); 2584 goto out; 2585 } 2586 2587 res = vmalloc(outlen); 2588 if (!res) 2589 goto out; 2590 2591 memcpy(res->v, outb, outlen); 2592 2593 out: 2594 if (outb) 2595 free(outb); 2596 if (bio) 2597 BIO_free_all(bio); 2598 2599 return res; 2600 } 2601 2602 vchar_t * 2603 base64_encode(char *in, long inlen) 2604 { 2605 BIO *bio=NULL, *b64=NULL; 2606 char *ptr; 2607 long plen = -1; 2608 vchar_t *res = NULL; 2609 2610 bio = BIO_new(BIO_s_mem()); 2611 b64 = BIO_new(BIO_f_base64()); 2612 BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); 2613 bio = BIO_push(b64, bio); 2614 2615 BIO_write(bio, in, inlen); 2616 BIO_flush(bio); 2617 2618 plen = BIO_get_mem_data(bio, &ptr); 2619 res = vmalloc(plen+1); 2620 if (!res) 2621 goto out; 2622 2623 memcpy (res->v, ptr, plen); 2624 res->v[plen] = '\0'; 2625 2626 out: 2627 if (bio) 2628 BIO_free_all(bio); 2629 2630 return res; 2631 } 2632 2633 static RSA * 2634 binbuf_pubkey2rsa(vchar_t *binbuf) 2635 { 2636 BIGNUM *exp, *mod; 2637 RSA *rsa_pub = NULL; 2638 2639 if (binbuf->v[0] > binbuf->l - 1) { 2640 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: decoded string doesn't make sense.\n"); 2641 goto out; 2642 } 2643 2644 exp = BN_bin2bn((unsigned char *) (binbuf->v + 1), binbuf->v[0], NULL); 2645 mod = BN_bin2bn((unsigned char *) (binbuf->v + binbuf->v[0] + 1), 2646 binbuf->l - binbuf->v[0] - 1, NULL); 2647 rsa_pub = RSA_new(); 2648 2649 if (!exp || !mod || !rsa_pub) { 2650 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey parsing error: %s\n", eay_strerror()); 2651 if (exp) 2652 BN_free(exp); 2653 if (mod) 2654 BN_free(exp); 2655 if (rsa_pub) 2656 RSA_free(rsa_pub); 2657 rsa_pub = NULL; 2658 goto out; 2659 } 2660 2661 rsa_pub->n = mod; 2662 rsa_pub->e = exp; 2663 2664 out: 2665 return rsa_pub; 2666 } 2667 2668 RSA * 2669 base64_pubkey2rsa(char *in) 2670 { 2671 BIGNUM *exp, *mod; 2672 RSA *rsa_pub = NULL; 2673 vchar_t *binbuf; 2674 2675 if (strncmp(in, "0s", 2) != 0) { 2676 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: doesn't start with '0s'\n"); 2677 return NULL; 2678 } 2679 2680 binbuf = base64_decode(in + 2, strlen(in + 2)); 2681 if (!binbuf) { 2682 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: Base64 decoding failed.\n"); 2683 return NULL; 2684 } 2685 2686 if (binbuf->v[0] > binbuf->l - 1) { 2687 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: decoded string doesn't make sense.\n"); 2688 goto out; 2689 } 2690 2691 rsa_pub = binbuf_pubkey2rsa(binbuf); 2692 2693 out: 2694 if (binbuf) 2695 vfree(binbuf); 2696 2697 return rsa_pub; 2698 } 2699 2700 RSA * 2701 bignum_pubkey2rsa(BIGNUM *in) 2702 { 2703 RSA *rsa_pub = NULL; 2704 vchar_t *binbuf; 2705 2706 binbuf = vmalloc(BN_num_bytes(in)); 2707 if (!binbuf) { 2708 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey conversion: memory allocation failed..\n"); 2709 return NULL; 2710 } 2711 2712 BN_bn2bin(in, (unsigned char *) binbuf->v); 2713 2714 rsa_pub = binbuf_pubkey2rsa(binbuf); 2715 2716 out: 2717 if (binbuf) 2718 vfree(binbuf); 2719 2720 return rsa_pub; 2721 } 2722 2723 u_int32_t 2724 eay_random() 2725 { 2726 u_int32_t result; 2727 vchar_t *vrand; 2728 2729 vrand = eay_set_random(sizeof(result)); 2730 memcpy(&result, vrand->v, sizeof(result)); 2731 vfree(vrand); 2732 2733 return result; 2734 } 2735 2736 const char * 2737 eay_version() 2738 { 2739 return SSLeay_version(SSLEAY_VERSION); 2740 } 2741
