1 /* $NetBSD: crypto_openssl.c,v 1.20 2010/10/20 13:40:02 tteras Exp $ */ 2 3 /* Id: crypto_openssl.c,v 1.47 2006/05/06 20:42:09 manubsd Exp */ 4 5 /* 6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. Neither the name of the project nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34 #include "config.h" 35 36 #include <sys/types.h> 37 #include <sys/param.h> 38 39 #include <stdlib.h> 40 #include <stdio.h> 41 #include <limits.h> 42 #include <string.h> 43 44 /* get openssl/ssleay version number */ 45 #include <openssl/opensslv.h> 46 47 #if !defined(OPENSSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x0090602fL) 48 #error OpenSSL version 0.9.6 or later required. 49 #endif 50 51 #include <openssl/pem.h> 52 #include <openssl/evp.h> 53 #include <openssl/x509.h> 54 #include <openssl/x509v3.h> 55 #include <openssl/x509_vfy.h> 56 #include <openssl/bn.h> 57 #include <openssl/dh.h> 58 #include <openssl/md5.h> 59 #include <openssl/sha.h> 60 #include <openssl/hmac.h> 61 #include <openssl/des.h> 62 #include <openssl/crypto.h> 63 #ifdef HAVE_OPENSSL_ENGINE_H 64 #include <openssl/engine.h> 65 #endif 66 #ifndef ANDROID_CHANGES 67 #include <openssl/blowfish.h> 68 #include <openssl/cast.h> 69 #else 70 #define EVP_bf_cbc() NULL 71 #define EVP_cast5_cbc() NULL 72 #endif 73 #include <openssl/err.h> 74 #ifdef HAVE_OPENSSL_RC5_H 75 #include <openssl/rc5.h> 76 #endif 77 #ifdef HAVE_OPENSSL_IDEA_H 78 #include <openssl/idea.h> 79 #endif 80 #if defined(HAVE_OPENSSL_AES_H) 81 #include <openssl/aes.h> 82 #elif defined(HAVE_OPENSSL_RIJNDAEL_H) 83 #include <openssl/rijndael.h> 84 #else 85 #include "crypto/rijndael/rijndael-api-fst.h" 86 #endif 87 #if defined(HAVE_OPENSSL_CAMELLIA_H) 88 #include <openssl/camellia.h> 89 #endif 90 #ifdef WITH_SHA2 91 #ifdef HAVE_OPENSSL_SHA2_H 92 #include <openssl/sha2.h> 93 #else 94 #include "crypto/sha2/sha2.h" 95 #endif 96 #endif 97 #include "plog.h" 98 99 /* 0.9.7 stuff? */ 100 #if OPENSSL_VERSION_NUMBER < 0x0090700fL 101 typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES; 102 #else 103 #define USE_NEW_DES_API 104 #endif 105 106 #define OpenSSL_BUG() do { plog(LLV_ERROR, LOCATION, NULL, "OpenSSL function failed\n"); } while(0) 107 108 #include "var.h" 109 #include "misc.h" 110 #include "vmbuf.h" 111 #include "plog.h" 112 #include "crypto_openssl.h" 113 #include "debug.h" 114 #include "gcmalloc.h" 115 #include "isakmp.h" 116 117 /* 118 * I hate to cast every parameter to des_xx into void *, but it is 119 * necessary for SSLeay/OpenSSL portability. It sucks. 120 */ 121 122 static int cb_check_cert_local __P((int, X509_STORE_CTX *)); 123 static int cb_check_cert_remote __P((int, X509_STORE_CTX *)); 124 static X509 *mem2x509 __P((vchar_t *)); 125 126 static caddr_t eay_hmac_init __P((vchar_t *, const EVP_MD *)); 127 128 /* X509 Certificate */ 129 /* 130 * convert the string of the subject name into DER 131 * e.g. str = "C=JP, ST=Kanagawa"; 132 */ 133 vchar_t * 134 eay_str2asn1dn(str, len) 135 const char *str; 136 int len; 137 { 138 X509_NAME *name; 139 char *buf, *dst; 140 char *field, *value; 141 int i; 142 vchar_t *ret = NULL; 143 caddr_t p; 144 145 if (len == -1) 146 len = strlen(str); 147 148 buf = racoon_malloc(len + 1); 149 if (!buf) { 150 plog(LLV_WARNING, LOCATION, NULL,"failed to allocate buffer\n"); 151 return NULL; 152 } 153 memcpy(buf, str, len); 154 155 name = X509_NAME_new(); 156 157 dst = field = &buf[0]; 158 value = NULL; 159 for (i = 0; i < len; i++) { 160 if (buf[i] == '\\') { 161 /* Escape characters specified in RFC 2253 */ 162 if (i < len - 1 && 163 strchr("\\,=+<>#;", buf[i+1]) != NULL) { 164 *dst++ = buf[++i]; 165 continue; 166 } else if (i < len - 2) { 167 /* RFC 2253 hexpair character escape */ 168 long u; 169 char esc_str[3]; 170 char *endptr; 171 172 esc_str[0] = buf[++i]; 173 esc_str[1] = buf[++i]; 174 esc_str[2] = '\0'; 175 u = strtol(esc_str, &endptr, 16); 176 if (*endptr != '\0' || u < 0 || u > 255) 177 goto err; 178 *dst++ = u; 179 continue; 180 } else 181 goto err; 182 } 183 if (!value && buf[i] == '=') { 184 *dst = '\0'; 185 dst = value = &buf[i + 1]; 186 continue; 187 } else if (buf[i] == ',' || buf[i] == '/') { 188 *dst = '\0'; 189 190 plog(LLV_DEBUG, LOCATION, NULL, "DN: %s=%s\n", 191 field, value); 192 193 if (!value) goto err; 194 if (!X509_NAME_add_entry_by_txt(name, field, 195 (value[0] == '*' && value[1] == 0) ? 196 V_ASN1_PRINTABLESTRING : MBSTRING_ASC, 197 (unsigned char *) value, -1, -1, 0)) { 198 plog(LLV_ERROR, LOCATION, NULL, 199 "Invalid DN field: %s=%s\n", 200 field, value); 201 plog(LLV_ERROR, LOCATION, NULL, 202 "%s\n", eay_strerror()); 203 goto err; 204 } 205 206 while (i + 1 < len && buf[i + 1] == ' ') i++; 207 dst = field = &buf[i + 1]; 208 value = NULL; 209 continue; 210 } else { 211 *dst++ = buf[i]; 212 } 213 } 214 *dst = '\0'; 215 216 plog(LLV_DEBUG, LOCATION, NULL, "DN: %s=%s\n", 217 field, value); 218 219 if (!value) goto err; 220 if (!X509_NAME_add_entry_by_txt(name, field, 221 (value[0] == '*' && value[1] == 0) ? 222 V_ASN1_PRINTABLESTRING : MBSTRING_ASC, 223 (unsigned char *) value, -1, -1, 0)) { 224 plog(LLV_ERROR, LOCATION, NULL, 225 "Invalid DN field: %s=%s\n", 226 field, value); 227 plog(LLV_ERROR, LOCATION, NULL, 228 "%s\n", eay_strerror()); 229 goto err; 230 } 231 232 i = i2d_X509_NAME(name, NULL); 233 if (!i) 234 goto err; 235 ret = vmalloc(i); 236 if (!ret) 237 goto err; 238 p = ret->v; 239 i = i2d_X509_NAME(name, (void *)&p); 240 if (!i) 241 goto err; 242 243 return ret; 244 245 err: 246 if (buf) 247 racoon_free(buf); 248 if (name) 249 X509_NAME_free(name); 250 if (ret) 251 vfree(ret); 252 return NULL; 253 } 254 255 /* 256 * convert the hex string of the subject name into DER 257 */ 258 vchar_t * 259 eay_hex2asn1dn(const char *hex, int len) 260 { 261 BIGNUM *bn = BN_new(); 262 char *binbuf; 263 size_t binlen; 264 vchar_t *ret = NULL; 265 266 if (len == -1) 267 len = strlen(hex); 268 269 if (BN_hex2bn(&bn, hex) != len) { 270 plog(LLV_ERROR, LOCATION, NULL, 271 "conversion of Hex-encoded ASN1 string to binary failed: %s\n", 272 eay_strerror()); 273 goto out; 274 } 275 276 binlen = BN_num_bytes(bn); 277 ret = vmalloc(binlen); 278 if (!ret) { 279 plog(LLV_WARNING, LOCATION, NULL,"failed to allocate buffer\n"); 280 return NULL; 281 } 282 binbuf = ret->v; 283 284 BN_bn2bin(bn, (unsigned char *) binbuf); 285 286 out: 287 BN_free(bn); 288 289 return ret; 290 } 291 292 /* 293 * The following are derived from code in crypto/x509/x509_cmp.c 294 * in OpenSSL0.9.7c: 295 * X509_NAME_wildcmp() adds wildcard matching to the original 296 * X509_NAME_cmp(), nocase_cmp() and nocase_spacenorm_cmp() are as is. 297 */ 298 #include <ctype.h> 299 /* Case insensitive string comparision */ 300 static int nocase_cmp(const ASN1_STRING *a, const ASN1_STRING *b) 301 { 302 int i; 303 304 if (a->length != b->length) 305 return (a->length - b->length); 306 307 for (i=0; i<a->length; i++) 308 { 309 int ca, cb; 310 311 ca = tolower(a->data[i]); 312 cb = tolower(b->data[i]); 313 314 if (ca != cb) 315 return(ca-cb); 316 } 317 return 0; 318 } 319 320 /* Case insensitive string comparision with space normalization 321 * Space normalization - ignore leading, trailing spaces, 322 * multiple spaces between characters are replaced by single space 323 */ 324 static int nocase_spacenorm_cmp(const ASN1_STRING *a, const ASN1_STRING *b) 325 { 326 unsigned char *pa = NULL, *pb = NULL; 327 int la, lb; 328 329 la = a->length; 330 lb = b->length; 331 pa = a->data; 332 pb = b->data; 333 334 /* skip leading spaces */ 335 while (la > 0 && isspace(*pa)) 336 { 337 la--; 338 pa++; 339 } 340 while (lb > 0 && isspace(*pb)) 341 { 342 lb--; 343 pb++; 344 } 345 346 /* skip trailing spaces */ 347 while (la > 0 && isspace(pa[la-1])) 348 la--; 349 while (lb > 0 && isspace(pb[lb-1])) 350 lb--; 351 352 /* compare strings with space normalization */ 353 while (la > 0 && lb > 0) 354 { 355 int ca, cb; 356 357 /* compare character */ 358 ca = tolower(*pa); 359 cb = tolower(*pb); 360 if (ca != cb) 361 return (ca - cb); 362 363 pa++; pb++; 364 la--; lb--; 365 366 if (la <= 0 || lb <= 0) 367 break; 368 369 /* is white space next character ? */ 370 if (isspace(*pa) && isspace(*pb)) 371 { 372 /* skip remaining white spaces */ 373 while (la > 0 && isspace(*pa)) 374 { 375 la--; 376 pa++; 377 } 378 while (lb > 0 && isspace(*pb)) 379 { 380 lb--; 381 pb++; 382 } 383 } 384 } 385 if (la > 0 || lb > 0) 386 return la - lb; 387 388 return 0; 389 } 390 391 static int X509_NAME_wildcmp(const X509_NAME *a, const X509_NAME *b) 392 { 393 int i,j; 394 X509_NAME_ENTRY *na,*nb; 395 396 if (sk_X509_NAME_ENTRY_num(a->entries) 397 != sk_X509_NAME_ENTRY_num(b->entries)) 398 return sk_X509_NAME_ENTRY_num(a->entries) 399 -sk_X509_NAME_ENTRY_num(b->entries); 400 for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--) 401 { 402 na=sk_X509_NAME_ENTRY_value(a->entries,i); 403 nb=sk_X509_NAME_ENTRY_value(b->entries,i); 404 j=OBJ_cmp(na->object,nb->object); 405 if (j) return(j); 406 if ((na->value->length == 1 && na->value->data[0] == '*') 407 || (nb->value->length == 1 && nb->value->data[0] == '*')) 408 continue; 409 j=na->value->type-nb->value->type; 410 if (j) return(j); 411 if (na->value->type == V_ASN1_PRINTABLESTRING) 412 j=nocase_spacenorm_cmp(na->value, nb->value); 413 else if (na->value->type == V_ASN1_IA5STRING 414 && OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress) 415 j=nocase_cmp(na->value, nb->value); 416 else 417 { 418 j=na->value->length-nb->value->length; 419 if (j) return(j); 420 j=memcmp(na->value->data,nb->value->data, 421 na->value->length); 422 } 423 if (j) return(j); 424 j=na->set-nb->set; 425 if (j) return(j); 426 } 427 428 return(0); 429 } 430 431 /* 432 * compare two subjectNames. 433 * OUT: 0: equal 434 * positive: 435 * -1: other error. 436 */ 437 int 438 eay_cmp_asn1dn(n1, n2) 439 vchar_t *n1, *n2; 440 { 441 X509_NAME *a = NULL, *b = NULL; 442 caddr_t p; 443 int i = -1; 444 445 p = n1->v; 446 if (!d2i_X509_NAME(&a, (void *)&p, n1->l)) 447 goto end; 448 p = n2->v; 449 if (!d2i_X509_NAME(&b, (void *)&p, n2->l)) 450 goto end; 451 452 i = X509_NAME_wildcmp(a, b); 453 454 end: 455 if (a) 456 X509_NAME_free(a); 457 if (b) 458 X509_NAME_free(b); 459 return i; 460 } 461 462 #ifdef ANDROID_CHANGES 463 464 static BIO *BIO_from_android(char *path) 465 { 466 void *data; 467 if (sscanf(path, pname, &data) == 1) { 468 return BIO_new_mem_buf(data, -1); 469 } 470 return NULL; 471 } 472 473 #endif 474 475 /* 476 * this functions is derived from apps/verify.c in OpenSSL0.9.5 477 */ 478 int 479 eay_check_x509cert(cert, CApath, CAfile, local) 480 vchar_t *cert; 481 char *CApath; 482 char *CAfile; 483 int local; 484 { 485 X509_STORE *cert_ctx = NULL; 486 X509_LOOKUP *lookup = NULL; 487 X509 *x509 = NULL; 488 X509_STORE_CTX *csc; 489 int error = -1; 490 491 cert_ctx = X509_STORE_new(); 492 if (cert_ctx == NULL) 493 goto end; 494 495 if (local) 496 X509_STORE_set_verify_cb_func(cert_ctx, cb_check_cert_local); 497 else 498 X509_STORE_set_verify_cb_func(cert_ctx, cb_check_cert_remote); 499 500 #ifdef ANDROID_CHANGES 501 if (pname) { 502 BIO *bio = BIO_from_android(CAfile); 503 STACK_OF(X509_INFO) *stack; 504 X509_INFO *info; 505 int i; 506 507 if (!bio) { 508 goto end; 509 } 510 stack = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL); 511 BIO_free(bio); 512 if (!stack) { 513 goto end; 514 } 515 for (i = 0; i < sk_X509_INFO_num(stack); ++i) { 516 info = sk_X509_INFO_value(stack, i); 517 if (info->x509) { 518 X509_STORE_add_cert(cert_ctx, info->x509); 519 } 520 if (info->crl) { 521 X509_STORE_add_crl(cert_ctx, info->crl); 522 } 523 } 524 sk_X509_INFO_pop_free(stack, X509_INFO_free); 525 } else { 526 #endif 527 lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file()); 528 if (lookup == NULL) 529 goto end; 530 531 X509_LOOKUP_load_file(lookup, CAfile, 532 (CAfile == NULL) ? X509_FILETYPE_DEFAULT : X509_FILETYPE_PEM); 533 534 lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_hash_dir()); 535 if (lookup == NULL) 536 goto end; 537 error = X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM); 538 if(!error) { 539 error = -1; 540 goto end; 541 } 542 error = -1; /* initialized */ 543 #ifdef ANDROID_CHANGES 544 } 545 #endif 546 547 /* read the certificate to be verified */ 548 x509 = mem2x509(cert); 549 if (x509 == NULL) 550 goto end; 551 552 csc = X509_STORE_CTX_new(); 553 if (csc == NULL) 554 goto end; 555 X509_STORE_CTX_init(csc, cert_ctx, x509, NULL); 556 #if OPENSSL_VERSION_NUMBER >= 0x00907000L 557 X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CRL_CHECK); 558 X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CRL_CHECK_ALL); 559 #endif 560 error = X509_verify_cert(csc); 561 X509_STORE_CTX_free(csc); 562 563 /* 564 * if x509_verify_cert() is successful then the value of error is 565 * set non-zero. 566 */ 567 error = error ? 0 : -1; 568 569 end: 570 if (error) 571 plog(LLV_WARNING, LOCATION, NULL,"%s\n", eay_strerror()); 572 if (cert_ctx != NULL) 573 X509_STORE_free(cert_ctx); 574 if (x509 != NULL) 575 X509_free(x509); 576 577 return(error); 578 } 579 580 /* 581 * callback function for verifing certificate. 582 * this function is derived from cb() in openssl/apps/s_server.c 583 */ 584 static int 585 cb_check_cert_local(ok, ctx) 586 int ok; 587 X509_STORE_CTX *ctx; 588 { 589 char buf[256]; 590 int log_tag; 591 592 if (!ok) { 593 X509_NAME_oneline( 594 X509_get_subject_name(ctx->current_cert), 595 buf, 596 256); 597 /* 598 * since we are just checking the certificates, it is 599 * ok if they are self signed. But we should still warn 600 * the user. 601 */ 602 switch (ctx->error) { 603 case X509_V_ERR_CERT_HAS_EXPIRED: 604 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: 605 case X509_V_ERR_INVALID_CA: 606 case X509_V_ERR_PATH_LENGTH_EXCEEDED: 607 case X509_V_ERR_INVALID_PURPOSE: 608 case X509_V_ERR_UNABLE_TO_GET_CRL: 609 ok = 1; 610 log_tag = LLV_WARNING; 611 break; 612 default: 613 log_tag = LLV_ERROR; 614 } 615 plog(log_tag, LOCATION, NULL, 616 "%s(%d) at depth:%d SubjectName:%s\n", 617 X509_verify_cert_error_string(ctx->error), 618 ctx->error, 619 ctx->error_depth, 620 buf); 621 } 622 ERR_clear_error(); 623 624 return ok; 625 } 626 627 /* 628 * callback function for verifing remote certificates. 629 * this function is derived from cb() in openssl/apps/s_server.c 630 */ 631 static int 632 cb_check_cert_remote(ok, ctx) 633 int ok; 634 X509_STORE_CTX *ctx; 635 { 636 char buf[256]; 637 int log_tag; 638 639 if (!ok) { 640 X509_NAME_oneline( 641 X509_get_subject_name(ctx->current_cert), 642 buf, 643 256); 644 switch (ctx->error) { 645 case X509_V_ERR_UNABLE_TO_GET_CRL: 646 ok = 1; 647 log_tag = LLV_WARNING; 648 break; 649 default: 650 log_tag = LLV_ERROR; 651 } 652 plog(log_tag, LOCATION, NULL, 653 "%s(%d) at depth:%d SubjectName:%s\n", 654 X509_verify_cert_error_string(ctx->error), 655 ctx->error, 656 ctx->error_depth, 657 buf); 658 } 659 ERR_clear_error(); 660 661 return ok; 662 } 663 664 /* 665 * get a subjectName from X509 certificate. 666 */ 667 vchar_t * 668 eay_get_x509asn1subjectname(cert) 669 vchar_t *cert; 670 { 671 X509 *x509 = NULL; 672 u_char *bp; 673 vchar_t *name = NULL; 674 int len; 675 676 x509 = mem2x509(cert); 677 if (x509 == NULL) 678 goto error; 679 680 /* get the length of the name */ 681 len = i2d_X509_NAME(x509->cert_info->subject, NULL); 682 name = vmalloc(len); 683 if (!name) 684 goto error; 685 /* get the name */ 686 bp = (unsigned char *) name->v; 687 len = i2d_X509_NAME(x509->cert_info->subject, &bp); 688 689 X509_free(x509); 690 691 return name; 692 693 error: 694 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror()); 695 696 if (name != NULL) 697 vfree(name); 698 699 if (x509 != NULL) 700 X509_free(x509); 701 702 return NULL; 703 } 704 705 /* 706 * get the subjectAltName from X509 certificate. 707 * the name must be terminated by '\0'. 708 */ 709 int 710 eay_get_x509subjectaltname(cert, altname, type, pos) 711 vchar_t *cert; 712 char **altname; 713 int *type; 714 int pos; 715 { 716 X509 *x509 = NULL; 717 GENERAL_NAMES *gens = NULL; 718 GENERAL_NAME *gen; 719 int len; 720 int error = -1; 721 722 *altname = NULL; 723 *type = GENT_OTHERNAME; 724 725 x509 = mem2x509(cert); 726 if (x509 == NULL) 727 goto end; 728 729 gens = X509_get_ext_d2i(x509, NID_subject_alt_name, NULL, NULL); 730 if (gens == NULL) 731 goto end; 732 733 /* there is no data at "pos" */ 734 if (pos > sk_GENERAL_NAME_num(gens)) 735 goto end; 736 737 gen = sk_GENERAL_NAME_value(gens, pos - 1); 738 739 /* read DNSName / Email */ 740 if (gen->type == GEN_DNS || 741 gen->type == GEN_EMAIL || 742 gen->type == GEN_URI ) 743 { 744 /* make sure if the data is terminated by '\0'. */ 745 if (gen->d.ia5->data[gen->d.ia5->length] != '\0') 746 { 747 plog(LLV_ERROR, LOCATION, NULL, 748 "data is not terminated by NUL."); 749 racoon_hexdump(gen->d.ia5->data, gen->d.ia5->length + 1); 750 goto end; 751 } 752 753 len = gen->d.ia5->length + 1; 754 *altname = racoon_malloc(len); 755 if (!*altname) 756 goto end; 757 758 strlcpy(*altname, (char *) gen->d.ia5->data, len); 759 *type = gen->type; 760 error = 0; 761 } 762 /* read IP address */ 763 else if (gen->type == GEN_IPADD) 764 { 765 unsigned char p[5], *ip; 766 ip = p; 767 768 /* only support IPv4 */ 769 if (gen->d.ip->length != 4) 770 goto end; 771 772 /* convert Octet String to String 773 * XXX ??????? 774 */ 775 /*i2d_ASN1_OCTET_STRING(gen->d.ip,&ip);*/ 776 ip = gen->d.ip->data; 777 778 /* XXX Magic, enough for an IPv4 address 779 */ 780 *altname = racoon_malloc(20); 781 if (!*altname) 782 goto end; 783 784 sprintf(*altname, "%u.%u.%u.%u", ip[0], ip[1], ip[2], ip[3]); 785 *type = gen->type; 786 error = 0; 787 } 788 /* XXX other possible types ? 789 * For now, error will be -1 if unsupported type 790 */ 791 792 end: 793 if (error) { 794 if (*altname) { 795 racoon_free(*altname); 796 *altname = NULL; 797 } 798 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror()); 799 } 800 if (x509) 801 X509_free(x509); 802 if (gens) 803 /* free the whole stack. */ 804 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); 805 806 return error; 807 } 808 809 /* 810 * get a issuerName from X509 certificate. 811 */ 812 vchar_t * 813 eay_get_x509asn1issuername(cert) 814 vchar_t *cert; 815 { 816 X509 *x509 = NULL; 817 u_char *bp; 818 vchar_t *name = NULL; 819 int len; 820 821 x509 = mem2x509(cert); 822 if (x509 == NULL) 823 goto error; 824 825 /* get the length of the name */ 826 len = i2d_X509_NAME(x509->cert_info->issuer, NULL); 827 name = vmalloc(len); 828 if (name == NULL) 829 goto error; 830 831 /* get the name */ 832 bp = (unsigned char *) name->v; 833 len = i2d_X509_NAME(x509->cert_info->issuer, &bp); 834 835 X509_free(x509); 836 837 return name; 838 839 error: 840 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror()); 841 842 if (name != NULL) 843 vfree(name); 844 if (x509 != NULL) 845 X509_free(x509); 846 847 return NULL; 848 } 849 850 /* 851 * decode a X509 certificate and make a readable text terminated '\n'. 852 * return the buffer allocated, so must free it later. 853 */ 854 char * 855 eay_get_x509text(cert) 856 vchar_t *cert; 857 { 858 X509 *x509 = NULL; 859 BIO *bio = NULL; 860 char *text = NULL; 861 u_char *bp = NULL; 862 int len = 0; 863 int error = -1; 864 865 x509 = mem2x509(cert); 866 if (x509 == NULL) 867 goto end; 868 869 bio = BIO_new(BIO_s_mem()); 870 if (bio == NULL) 871 goto end; 872 873 error = X509_print(bio, x509); 874 if (error != 1) { 875 error = -1; 876 goto end; 877 } 878 879 len = BIO_get_mem_data(bio, &bp); 880 text = racoon_malloc(len + 1); 881 if (text == NULL) 882 goto end; 883 memcpy(text, bp, len); 884 text[len] = '\0'; 885 886 error = 0; 887 888 end: 889 if (error) { 890 if (text) { 891 racoon_free(text); 892 text = NULL; 893 } 894 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror()); 895 } 896 if (bio) 897 BIO_free(bio); 898 if (x509) 899 X509_free(x509); 900 901 return text; 902 } 903 904 /* get X509 structure from buffer. */ 905 static X509 * 906 mem2x509(cert) 907 vchar_t *cert; 908 { 909 X509 *x509; 910 911 #ifndef EAYDEBUG 912 { 913 u_char *bp; 914 915 bp = (unsigned char *) cert->v + 1; 916 917 x509 = d2i_X509(NULL, (void *)&bp, cert->l - 1); 918 } 919 #else 920 { 921 BIO *bio; 922 int len; 923 924 bio = BIO_new(BIO_s_mem()); 925 if (bio == NULL) 926 return NULL; 927 len = BIO_write(bio, cert->v + 1, cert->l - 1); 928 if (len == -1) 929 return NULL; 930 x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL); 931 BIO_free(bio); 932 } 933 #endif 934 return x509; 935 } 936 937 /* 938 * get a X509 certificate from local file. 939 * a certificate must be PEM format. 940 * Input: 941 * path to a certificate. 942 * Output: 943 * NULL if error occured 944 * other is the cert. 945 */ 946 vchar_t * 947 eay_get_x509cert(path) 948 char *path; 949 { 950 FILE *fp; 951 X509 *x509; 952 vchar_t *cert; 953 u_char *bp; 954 int len; 955 int error; 956 957 #ifdef ANDROID_CHANGES 958 if (pname) { 959 BIO *bio = BIO_from_android(path); 960 if (!bio) { 961 return NULL; 962 } 963 x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL); 964 BIO_free(bio); 965 } else { 966 #endif 967 /* Read private key */ 968 fp = fopen(path, "r"); 969 if (fp == NULL) 970 return NULL; 971 x509 = PEM_read_X509(fp, NULL, NULL, NULL); 972 fclose (fp); 973 #ifdef ANDROID_CHANGES 974 } 975 #endif 976 977 if (x509 == NULL) 978 return NULL; 979 980 len = i2d_X509(x509, NULL); 981 cert = vmalloc(len + 1); 982 if (cert == NULL) { 983 X509_free(x509); 984 return NULL; 985 } 986 cert->v[0] = ISAKMP_CERT_X509SIGN; 987 bp = (unsigned char *) &cert->v[1]; 988 error = i2d_X509(x509, &bp); 989 X509_free(x509); 990 991 if (error == 0) { 992 vfree(cert); 993 return NULL; 994 } 995 996 return cert; 997 } 998 999 /* 1000 * check a X509 signature 1001 * XXX: to be get hash type from my cert ? 1002 * to be handled EVP_dss(). 1003 * OUT: return -1 when error. 1004 * 0 1005 */ 1006 int 1007 eay_check_x509sign(source, sig, cert) 1008 vchar_t *source; 1009 vchar_t *sig; 1010 vchar_t *cert; 1011 { 1012 X509 *x509; 1013 EVP_PKEY *evp; 1014 int res; 1015 1016 x509 = mem2x509(cert); 1017 if (x509 == NULL) 1018 return -1; 1019 1020 evp = X509_get_pubkey(x509); 1021 if (! evp) { 1022 plog(LLV_ERROR, LOCATION, NULL, "X509_get_pubkey(): %s\n", eay_strerror()); 1023 X509_free(x509); 1024 return -1; 1025 } 1026 1027 res = eay_rsa_verify(source, sig, evp->pkey.rsa); 1028 1029 EVP_PKEY_free(evp); 1030 X509_free(x509); 1031 1032 return res; 1033 } 1034 1035 /* 1036 * check RSA signature 1037 * OUT: return -1 when error. 1038 * 0 on success 1039 */ 1040 int 1041 eay_check_rsasign(source, sig, rsa) 1042 vchar_t *source; 1043 vchar_t *sig; 1044 RSA *rsa; 1045 { 1046 return eay_rsa_verify(source, sig, rsa); 1047 } 1048 1049 /* 1050 * get PKCS#1 Private Key of PEM format from local file. 1051 */ 1052 vchar_t * 1053 eay_get_pkcs1privkey(path) 1054 char *path; 1055 { 1056 FILE *fp; 1057 EVP_PKEY *evp = NULL; 1058 vchar_t *pkey = NULL; 1059 u_char *bp; 1060 int pkeylen; 1061 int error = -1; 1062 1063 #ifdef ANDROID_CHANGES 1064 if (pname) { 1065 BIO *bio = BIO_from_android(path); 1066 if (!bio) { 1067 return NULL; 1068 } 1069 evp = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL); 1070 BIO_free(bio); 1071 } else { 1072 #endif 1073 /* Read private key */ 1074 fp = fopen(path, "r"); 1075 if (fp == NULL) 1076 return NULL; 1077 1078 evp = PEM_read_PrivateKey(fp, NULL, NULL, NULL); 1079 1080 fclose (fp); 1081 #ifdef ANDROID_CHANGES 1082 } 1083 #endif 1084 1085 if (evp == NULL) 1086 return NULL; 1087 1088 pkeylen = i2d_PrivateKey(evp, NULL); 1089 if (pkeylen == 0) 1090 goto end; 1091 pkey = vmalloc(pkeylen); 1092 if (pkey == NULL) 1093 goto end; 1094 bp = (unsigned char *) pkey->v; 1095 pkeylen = i2d_PrivateKey(evp, &bp); 1096 if (pkeylen == 0) 1097 goto end; 1098 1099 error = 0; 1100 1101 end: 1102 if (evp != NULL) 1103 EVP_PKEY_free(evp); 1104 if (error != 0 && pkey != NULL) { 1105 vfree(pkey); 1106 pkey = NULL; 1107 } 1108 1109 return pkey; 1110 } 1111 1112 /* 1113 * get PKCS#1 Public Key of PEM format from local file. 1114 */ 1115 vchar_t * 1116 eay_get_pkcs1pubkey(path) 1117 char *path; 1118 { 1119 FILE *fp; 1120 EVP_PKEY *evp = NULL; 1121 vchar_t *pkey = NULL; 1122 X509 *x509 = NULL; 1123 u_char *bp; 1124 int pkeylen; 1125 int error = -1; 1126 1127 /* Read private key */ 1128 fp = fopen(path, "r"); 1129 if (fp == NULL) 1130 return NULL; 1131 1132 x509 = PEM_read_X509(fp, NULL, NULL, NULL); 1133 1134 fclose (fp); 1135 1136 if (x509 == NULL) 1137 return NULL; 1138 1139 /* Get public key - eay */ 1140 evp = X509_get_pubkey(x509); 1141 if (evp == NULL) 1142 return NULL; 1143 1144 pkeylen = i2d_PublicKey(evp, NULL); 1145 if (pkeylen == 0) 1146 goto end; 1147 pkey = vmalloc(pkeylen); 1148 if (pkey == NULL) 1149 goto end; 1150 bp = (unsigned char *) pkey->v; 1151 pkeylen = i2d_PublicKey(evp, &bp); 1152 if (pkeylen == 0) 1153 goto end; 1154 1155 error = 0; 1156 end: 1157 if (evp != NULL) 1158 EVP_PKEY_free(evp); 1159 if (error != 0 && pkey != NULL) { 1160 vfree(pkey); 1161 pkey = NULL; 1162 } 1163 1164 return pkey; 1165 } 1166 1167 vchar_t * 1168 eay_get_x509sign(src, privkey) 1169 vchar_t *src, *privkey; 1170 { 1171 EVP_PKEY *evp; 1172 u_char *bp = (unsigned char *) privkey->v; 1173 vchar_t *sig = NULL; 1174 int len; 1175 int pad = RSA_PKCS1_PADDING; 1176 1177 /* XXX to be handled EVP_PKEY_DSA */ 1178 evp = d2i_PrivateKey(EVP_PKEY_RSA, NULL, (void *)&bp, privkey->l); 1179 if (evp == NULL) 1180 return NULL; 1181 1182 sig = eay_rsa_sign(src, evp->pkey.rsa); 1183 1184 EVP_PKEY_free(evp); 1185 1186 return sig; 1187 } 1188 1189 vchar_t * 1190 eay_get_rsasign(src, rsa) 1191 vchar_t *src; 1192 RSA *rsa; 1193 { 1194 return eay_rsa_sign(src, rsa); 1195 } 1196 1197 vchar_t * 1198 eay_rsa_sign(vchar_t *src, RSA *rsa) 1199 { 1200 int len; 1201 vchar_t *sig = NULL; 1202 int pad = RSA_PKCS1_PADDING; 1203 1204 len = RSA_size(rsa); 1205 1206 sig = vmalloc(len); 1207 if (sig == NULL) 1208 return NULL; 1209 1210 len = RSA_private_encrypt(src->l, (unsigned char *) src->v, 1211 (unsigned char *) sig->v, rsa, pad); 1212 1213 if (len == 0 || len != sig->l) { 1214 vfree(sig); 1215 sig = NULL; 1216 } 1217 1218 return sig; 1219 } 1220 1221 int 1222 eay_rsa_verify(src, sig, rsa) 1223 vchar_t *src, *sig; 1224 RSA *rsa; 1225 { 1226 vchar_t *xbuf = NULL; 1227 int pad = RSA_PKCS1_PADDING; 1228 int len = 0; 1229 int error; 1230 1231 len = RSA_size(rsa); 1232 xbuf = vmalloc(len); 1233 if (xbuf == NULL) { 1234 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror()); 1235 return -1; 1236 } 1237 1238 len = RSA_public_decrypt(sig->l, (unsigned char *) sig->v, 1239 (unsigned char *) xbuf->v, rsa, pad); 1240 if (len == 0 || len != src->l) { 1241 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror()); 1242 vfree(xbuf); 1243 return -1; 1244 } 1245 1246 error = memcmp(src->v, xbuf->v, src->l); 1247 vfree(xbuf); 1248 if (error != 0) 1249 return -1; 1250 1251 return 0; 1252 } 1253 1254 /* 1255 * get error string 1256 * MUST load ERR_load_crypto_strings() first. 1257 */ 1258 char * 1259 eay_strerror() 1260 { 1261 static char ebuf[512]; 1262 int len = 0, n; 1263 unsigned long l; 1264 char buf[200]; 1265 const char *file, *data; 1266 int line, flags; 1267 unsigned long es; 1268 1269 es = CRYPTO_thread_id(); 1270 1271 while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0){ 1272 n = snprintf(ebuf + len, sizeof(ebuf) - len, 1273 "%lu:%s:%s:%d:%s ", 1274 es, ERR_error_string(l, buf), file, line, 1275 (flags & ERR_TXT_STRING) ? data : ""); 1276 if (n < 0 || n >= sizeof(ebuf) - len) 1277 break; 1278 len += n; 1279 if (sizeof(ebuf) < len) 1280 break; 1281 } 1282 1283 return ebuf; 1284 } 1285 1286 vchar_t * 1287 evp_crypt(vchar_t *data, vchar_t *key, vchar_t *iv, const EVP_CIPHER *e, int enc) 1288 { 1289 vchar_t *res; 1290 EVP_CIPHER_CTX ctx; 1291 1292 if (!e) 1293 return NULL; 1294 1295 if (data->l % EVP_CIPHER_block_size(e)) 1296 return NULL; 1297 1298 if ((res = vmalloc(data->l)) == NULL) 1299 return NULL; 1300 1301 EVP_CIPHER_CTX_init(&ctx); 1302 1303 switch(EVP_CIPHER_nid(e)){ 1304 case NID_bf_cbc: 1305 case NID_bf_ecb: 1306 case NID_bf_cfb64: 1307 case NID_bf_ofb64: 1308 case NID_cast5_cbc: 1309 case NID_cast5_ecb: 1310 case NID_cast5_cfb64: 1311 case NID_cast5_ofb64: 1312 /* XXX: can we do that also for algos with a fixed key size ? 1313 */ 1314 /* init context without key/iv 1315 */ 1316 if (!EVP_CipherInit(&ctx, e, NULL, NULL, enc)) 1317 { 1318 OpenSSL_BUG(); 1319 vfree(res); 1320 return NULL; 1321 } 1322 1323 /* update key size 1324 */ 1325 if (!EVP_CIPHER_CTX_set_key_length(&ctx, key->l)) 1326 { 1327 OpenSSL_BUG(); 1328 vfree(res); 1329 return NULL; 1330 } 1331 1332 /* finalize context init with desired key size 1333 */ 1334 if (!EVP_CipherInit(&ctx, NULL, (u_char *) key->v, 1335 (u_char *) iv->v, enc)) 1336 { 1337 OpenSSL_BUG(); 1338 vfree(res); 1339 return NULL; 1340 } 1341 break; 1342 default: 1343 if (!EVP_CipherInit(&ctx, e, (u_char *) key->v, 1344 (u_char *) iv->v, enc)) { 1345 OpenSSL_BUG(); 1346 vfree(res); 1347 return NULL; 1348 } 1349 } 1350 1351 /* disable openssl padding */ 1352 EVP_CIPHER_CTX_set_padding(&ctx, 0); 1353 1354 if (!EVP_Cipher(&ctx, (u_char *) res->v, (u_char *) data->v, data->l)) { 1355 OpenSSL_BUG(); 1356 vfree(res); 1357 return NULL; 1358 } 1359 1360 EVP_CIPHER_CTX_cleanup(&ctx); 1361 1362 return res; 1363 } 1364 1365 int 1366 evp_weakkey(vchar_t *key, const EVP_CIPHER *e) 1367 { 1368 return 0; 1369 } 1370 1371 int 1372 evp_keylen(int len, const EVP_CIPHER *e) 1373 { 1374 if (!e) 1375 return -1; 1376 /* EVP functions return lengths in bytes, ipsec-tools 1377 * uses lengths in bits, therefore conversion is required. --AK 1378 */ 1379 if (len != 0 && len != (EVP_CIPHER_key_length(e) << 3)) 1380 return -1; 1381 1382 return EVP_CIPHER_key_length(e) << 3; 1383 } 1384 1385 /* 1386 * DES-CBC 1387 */ 1388 vchar_t * 1389 eay_des_encrypt(data, key, iv) 1390 vchar_t *data, *key, *iv; 1391 { 1392 return evp_crypt(data, key, iv, EVP_des_cbc(), 1); 1393 } 1394 1395 vchar_t * 1396 eay_des_decrypt(data, key, iv) 1397 vchar_t *data, *key, *iv; 1398 { 1399 return evp_crypt(data, key, iv, EVP_des_cbc(), 0); 1400 } 1401 1402 int 1403 eay_des_weakkey(key) 1404 vchar_t *key; 1405 { 1406 #ifdef USE_NEW_DES_API 1407 return DES_is_weak_key((void *)key->v); 1408 #else 1409 return des_is_weak_key((void *)key->v); 1410 #endif 1411 } 1412 1413 int 1414 eay_des_keylen(len) 1415 int len; 1416 { 1417 return evp_keylen(len, EVP_des_cbc()); 1418 } 1419 1420 #ifdef HAVE_OPENSSL_IDEA_H 1421 /* 1422 * IDEA-CBC 1423 */ 1424 vchar_t * 1425 eay_idea_encrypt(data, key, iv) 1426 vchar_t *data, *key, *iv; 1427 { 1428 vchar_t *res; 1429 IDEA_KEY_SCHEDULE ks; 1430 1431 idea_set_encrypt_key((unsigned char *)key->v, &ks); 1432 1433 /* allocate buffer for result */ 1434 if ((res = vmalloc(data->l)) == NULL) 1435 return NULL; 1436 1437 /* decryption data */ 1438 idea_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l, 1439 &ks, (unsigned char *)iv->v, IDEA_ENCRYPT); 1440 1441 return res; 1442 } 1443 1444 vchar_t * 1445 eay_idea_decrypt(data, key, iv) 1446 vchar_t *data, *key, *iv; 1447 { 1448 vchar_t *res; 1449 IDEA_KEY_SCHEDULE ks, dks; 1450 1451 idea_set_encrypt_key((unsigned char *)key->v, &ks); 1452 idea_set_decrypt_key(&ks, &dks); 1453 1454 /* allocate buffer for result */ 1455 if ((res = vmalloc(data->l)) == NULL) 1456 return NULL; 1457 1458 /* decryption data */ 1459 idea_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l, 1460 &dks, (unsigned char *)iv->v, IDEA_DECRYPT); 1461 1462 return res; 1463 } 1464 1465 int 1466 eay_idea_weakkey(key) 1467 vchar_t *key; 1468 { 1469 return 0; /* XXX */ 1470 } 1471 1472 int 1473 eay_idea_keylen(len) 1474 int len; 1475 { 1476 if (len != 0 && len != 128) 1477 return -1; 1478 return 128; 1479 } 1480 #endif 1481 1482 /* 1483 * BLOWFISH-CBC 1484 */ 1485 vchar_t * 1486 eay_bf_encrypt(data, key, iv) 1487 vchar_t *data, *key, *iv; 1488 { 1489 return evp_crypt(data, key, iv, EVP_bf_cbc(), 1); 1490 } 1491 1492 vchar_t * 1493 eay_bf_decrypt(data, key, iv) 1494 vchar_t *data, *key, *iv; 1495 { 1496 return evp_crypt(data, key, iv, EVP_bf_cbc(), 0); 1497 } 1498 1499 int 1500 eay_bf_weakkey(key) 1501 vchar_t *key; 1502 { 1503 return 0; /* XXX to be done. refer to RFC 2451 */ 1504 } 1505 1506 int 1507 eay_bf_keylen(len) 1508 int len; 1509 { 1510 if (len == 0) 1511 return 448; 1512 if (len < 40 || len > 448) 1513 return -1; 1514 return len; 1515 } 1516 1517 #ifdef HAVE_OPENSSL_RC5_H 1518 /* 1519 * RC5-CBC 1520 */ 1521 vchar_t * 1522 eay_rc5_encrypt(data, key, iv) 1523 vchar_t *data, *key, *iv; 1524 { 1525 vchar_t *res; 1526 RC5_32_KEY ks; 1527 1528 /* in RFC 2451, there is information about the number of round. */ 1529 RC5_32_set_key(&ks, key->l, (unsigned char *)key->v, 16); 1530 1531 /* allocate buffer for result */ 1532 if ((res = vmalloc(data->l)) == NULL) 1533 return NULL; 1534 1535 /* decryption data */ 1536 RC5_32_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l, 1537 &ks, (unsigned char *)iv->v, RC5_ENCRYPT); 1538 1539 return res; 1540 } 1541 1542 vchar_t * 1543 eay_rc5_decrypt(data, key, iv) 1544 vchar_t *data, *key, *iv; 1545 { 1546 vchar_t *res; 1547 RC5_32_KEY ks; 1548 1549 /* in RFC 2451, there is information about the number of round. */ 1550 RC5_32_set_key(&ks, key->l, (unsigned char *)key->v, 16); 1551 1552 /* allocate buffer for result */ 1553 if ((res = vmalloc(data->l)) == NULL) 1554 return NULL; 1555 1556 /* decryption data */ 1557 RC5_32_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l, 1558 &ks, (unsigned char *)iv->v, RC5_DECRYPT); 1559 1560 return res; 1561 } 1562 1563 int 1564 eay_rc5_weakkey(key) 1565 vchar_t *key; 1566 { 1567 return 0; /* No known weak keys when used with 16 rounds. */ 1568 1569 } 1570 1571 int 1572 eay_rc5_keylen(len) 1573 int len; 1574 { 1575 if (len == 0) 1576 return 128; 1577 if (len < 40 || len > 2040) 1578 return -1; 1579 return len; 1580 } 1581 #endif 1582 1583 /* 1584 * 3DES-CBC 1585 */ 1586 vchar_t * 1587 eay_3des_encrypt(data, key, iv) 1588 vchar_t *data, *key, *iv; 1589 { 1590 return evp_crypt(data, key, iv, EVP_des_ede3_cbc(), 1); 1591 } 1592 1593 vchar_t * 1594 eay_3des_decrypt(data, key, iv) 1595 vchar_t *data, *key, *iv; 1596 { 1597 return evp_crypt(data, key, iv, EVP_des_ede3_cbc(), 0); 1598 } 1599 1600 int 1601 eay_3des_weakkey(key) 1602 vchar_t *key; 1603 { 1604 #ifdef USE_NEW_DES_API 1605 return (DES_is_weak_key((void *)key->v) || 1606 DES_is_weak_key((void *)(key->v + 8)) || 1607 DES_is_weak_key((void *)(key->v + 16))); 1608 #else 1609 if (key->l < 24) 1610 return 0; 1611 1612 return (des_is_weak_key((void *)key->v) || 1613 des_is_weak_key((void *)(key->v + 8)) || 1614 des_is_weak_key((void *)(key->v + 16))); 1615 #endif 1616 } 1617 1618 int 1619 eay_3des_keylen(len) 1620 int len; 1621 { 1622 if (len != 0 && len != 192) 1623 return -1; 1624 return 192; 1625 } 1626 1627 /* 1628 * CAST-CBC 1629 */ 1630 vchar_t * 1631 eay_cast_encrypt(data, key, iv) 1632 vchar_t *data, *key, *iv; 1633 { 1634 return evp_crypt(data, key, iv, EVP_cast5_cbc(), 1); 1635 } 1636 1637 vchar_t * 1638 eay_cast_decrypt(data, key, iv) 1639 vchar_t *data, *key, *iv; 1640 { 1641 return evp_crypt(data, key, iv, EVP_cast5_cbc(), 0); 1642 } 1643 1644 int 1645 eay_cast_weakkey(key) 1646 vchar_t *key; 1647 { 1648 return 0; /* No known weak keys. */ 1649 } 1650 1651 int 1652 eay_cast_keylen(len) 1653 int len; 1654 { 1655 if (len == 0) 1656 return 128; 1657 if (len < 40 || len > 128) 1658 return -1; 1659 return len; 1660 } 1661 1662 /* 1663 * AES(RIJNDAEL)-CBC 1664 */ 1665 #ifndef HAVE_OPENSSL_AES_H 1666 vchar_t * 1667 eay_aes_encrypt(data, key, iv) 1668 vchar_t *data, *key, *iv; 1669 { 1670 vchar_t *res; 1671 keyInstance k; 1672 cipherInstance c; 1673 1674 memset(&k, 0, sizeof(k)); 1675 if (rijndael_makeKey(&k, DIR_ENCRYPT, key->l << 3, key->v) < 0) 1676 return NULL; 1677 1678 /* allocate buffer for result */ 1679 if ((res = vmalloc(data->l)) == NULL) 1680 return NULL; 1681 1682 /* encryption data */ 1683 memset(&c, 0, sizeof(c)); 1684 if (rijndael_cipherInit(&c, MODE_CBC, iv->v) < 0){ 1685 vfree(res); 1686 return NULL; 1687 } 1688 if (rijndael_blockEncrypt(&c, &k, data->v, data->l << 3, res->v) < 0){ 1689 vfree(res); 1690 return NULL; 1691 } 1692 1693 return res; 1694 } 1695 1696 vchar_t * 1697 eay_aes_decrypt(data, key, iv) 1698 vchar_t *data, *key, *iv; 1699 { 1700 vchar_t *res; 1701 keyInstance k; 1702 cipherInstance c; 1703 1704 memset(&k, 0, sizeof(k)); 1705 if (rijndael_makeKey(&k, DIR_DECRYPT, key->l << 3, key->v) < 0) 1706 return NULL; 1707 1708 /* allocate buffer for result */ 1709 if ((res = vmalloc(data->l)) == NULL) 1710 return NULL; 1711 1712 /* decryption data */ 1713 memset(&c, 0, sizeof(c)); 1714 if (rijndael_cipherInit(&c, MODE_CBC, iv->v) < 0){ 1715 vfree(res); 1716 return NULL; 1717 } 1718 if (rijndael_blockDecrypt(&c, &k, data->v, data->l << 3, res->v) < 0){ 1719 vfree(res); 1720 return NULL; 1721 } 1722 1723 return res; 1724 } 1725 #else 1726 static inline const EVP_CIPHER * 1727 aes_evp_by_keylen(int keylen) 1728 { 1729 switch(keylen) { 1730 case 16: 1731 case 128: 1732 return EVP_aes_128_cbc(); 1733 case 24: 1734 case 192: 1735 return EVP_aes_192_cbc(); 1736 case 32: 1737 case 256: 1738 return EVP_aes_256_cbc(); 1739 default: 1740 return NULL; 1741 } 1742 } 1743 1744 vchar_t * 1745 eay_aes_encrypt(data, key, iv) 1746 vchar_t *data, *key, *iv; 1747 { 1748 return evp_crypt(data, key, iv, aes_evp_by_keylen(key->l), 1); 1749 } 1750 1751 vchar_t * 1752 eay_aes_decrypt(data, key, iv) 1753 vchar_t *data, *key, *iv; 1754 { 1755 return evp_crypt(data, key, iv, aes_evp_by_keylen(key->l), 0); 1756 } 1757 #endif 1758 1759 int 1760 eay_aes_weakkey(key) 1761 vchar_t *key; 1762 { 1763 return 0; 1764 } 1765 1766 int 1767 eay_aes_keylen(len) 1768 int len; 1769 { 1770 if (len == 0) 1771 return 128; 1772 if (len != 128 && len != 192 && len != 256) 1773 return -1; 1774 return len; 1775 } 1776 1777 #if defined(HAVE_OPENSSL_CAMELLIA_H) 1778 /* 1779 * CAMELLIA-CBC 1780 */ 1781 static inline const EVP_CIPHER * 1782 camellia_evp_by_keylen(int keylen) 1783 { 1784 switch(keylen) { 1785 case 16: 1786 case 128: 1787 return EVP_camellia_128_cbc(); 1788 case 24: 1789 case 192: 1790 return EVP_camellia_192_cbc(); 1791 case 32: 1792 case 256: 1793 return EVP_camellia_256_cbc(); 1794 default: 1795 return NULL; 1796 } 1797 } 1798 1799 vchar_t * 1800 eay_camellia_encrypt(data, key, iv) 1801 vchar_t *data, *key, *iv; 1802 { 1803 return evp_crypt(data, key, iv, camellia_evp_by_keylen(key->l), 1); 1804 } 1805 1806 vchar_t * 1807 eay_camellia_decrypt(data, key, iv) 1808 vchar_t *data, *key, *iv; 1809 { 1810 return evp_crypt(data, key, iv, camellia_evp_by_keylen(key->l), 0); 1811 } 1812 1813 int 1814 eay_camellia_weakkey(key) 1815 vchar_t *key; 1816 { 1817 return 0; 1818 } 1819 1820 int 1821 eay_camellia_keylen(len) 1822 int len; 1823 { 1824 if (len == 0) 1825 return 128; 1826 if (len != 128 && len != 192 && len != 256) 1827 return -1; 1828 return len; 1829 } 1830 1831 #endif 1832 1833 /* for ipsec part */ 1834 int 1835 eay_null_hashlen() 1836 { 1837 return 0; 1838 } 1839 1840 int 1841 eay_kpdk_hashlen() 1842 { 1843 return 0; 1844 } 1845 1846 int 1847 eay_twofish_keylen(len) 1848 int len; 1849 { 1850 if (len < 0 || len > 256) 1851 return -1; 1852 return len; 1853 } 1854 1855 int 1856 eay_null_keylen(len) 1857 int len; 1858 { 1859 return 0; 1860 } 1861 1862 /* 1863 * HMAC functions 1864 */ 1865 static caddr_t 1866 eay_hmac_init(key, md) 1867 vchar_t *key; 1868 const EVP_MD *md; 1869 { 1870 HMAC_CTX *c = racoon_malloc(sizeof(*c)); 1871 1872 HMAC_Init(c, key->v, key->l, md); 1873 1874 return (caddr_t)c; 1875 } 1876 1877 static vchar_t *eay_hmac_one(key, data, type) 1878 vchar_t *key, *data; 1879 const EVP_MD *type; 1880 { 1881 vchar_t *res; 1882 1883 if ((res = vmalloc(EVP_MD_size(type))) == 0) 1884 return NULL; 1885 1886 if (!HMAC(type, (void *) key->v, key->l, 1887 (void *) data->v, data->l, (void *) res->v, NULL)) { 1888 vfree(res); 1889 return NULL; 1890 } 1891 1892 return res; 1893 } 1894 1895 static vchar_t *eay_digest_one(data, type) 1896 vchar_t *data; 1897 const EVP_MD *type; 1898 { 1899 vchar_t *res; 1900 1901 if ((res = vmalloc(EVP_MD_size(type))) == 0) 1902 return NULL; 1903 1904 if (!EVP_Digest((void *) data->v, data->l, 1905 (void *) res->v, NULL, type, NULL)) { 1906 vfree(res); 1907 return NULL; 1908 } 1909 1910 return res; 1911 } 1912 1913 #ifdef WITH_SHA2 1914 /* 1915 * HMAC SHA2-512 1916 */ 1917 vchar_t * 1918 eay_hmacsha2_512_one(key, data) 1919 vchar_t *key, *data; 1920 { 1921 return eay_hmac_one(key, data, EVP_sha2_512()); 1922 } 1923 1924 caddr_t 1925 eay_hmacsha2_512_init(key) 1926 vchar_t *key; 1927 { 1928 return eay_hmac_init(key, EVP_sha2_512()); 1929 } 1930 1931 void 1932 eay_hmacsha2_512_update(c, data) 1933 caddr_t c; 1934 vchar_t *data; 1935 { 1936 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l); 1937 } 1938 1939 vchar_t * 1940 eay_hmacsha2_512_final(c) 1941 caddr_t c; 1942 { 1943 vchar_t *res; 1944 unsigned int l; 1945 1946 if ((res = vmalloc(SHA512_DIGEST_LENGTH)) == 0) 1947 return NULL; 1948 1949 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l); 1950 res->l = l; 1951 HMAC_cleanup((HMAC_CTX *)c); 1952 (void)racoon_free(c); 1953 1954 if (SHA512_DIGEST_LENGTH != res->l) { 1955 plog(LLV_ERROR, LOCATION, NULL, 1956 "hmac sha2_512 length mismatch %zd.\n", res->l); 1957 vfree(res); 1958 return NULL; 1959 } 1960 1961 return(res); 1962 } 1963 1964 /* 1965 * HMAC SHA2-384 1966 */ 1967 vchar_t * 1968 eay_hmacsha2_384_one(key, data) 1969 vchar_t *key, *data; 1970 { 1971 return eay_hmac_one(key, data, EVP_sha2_384()); 1972 } 1973 1974 caddr_t 1975 eay_hmacsha2_384_init(key) 1976 vchar_t *key; 1977 { 1978 return eay_hmac_init(key, EVP_sha2_384()); 1979 } 1980 1981 void 1982 eay_hmacsha2_384_update(c, data) 1983 caddr_t c; 1984 vchar_t *data; 1985 { 1986 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l); 1987 } 1988 1989 vchar_t * 1990 eay_hmacsha2_384_final(c) 1991 caddr_t c; 1992 { 1993 vchar_t *res; 1994 unsigned int l; 1995 1996 if ((res = vmalloc(SHA384_DIGEST_LENGTH)) == 0) 1997 return NULL; 1998 1999 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l); 2000 res->l = l; 2001 HMAC_cleanup((HMAC_CTX *)c); 2002 (void)racoon_free(c); 2003 2004 if (SHA384_DIGEST_LENGTH != res->l) { 2005 plog(LLV_ERROR, LOCATION, NULL, 2006 "hmac sha2_384 length mismatch %zd.\n", res->l); 2007 vfree(res); 2008 return NULL; 2009 } 2010 2011 return(res); 2012 } 2013 2014 /* 2015 * HMAC SHA2-256 2016 */ 2017 vchar_t * 2018 eay_hmacsha2_256_one(key, data) 2019 vchar_t *key, *data; 2020 { 2021 return eay_hmac_one(key, data, EVP_sha2_256()); 2022 } 2023 2024 caddr_t 2025 eay_hmacsha2_256_init(key) 2026 vchar_t *key; 2027 { 2028 return eay_hmac_init(key, EVP_sha2_256()); 2029 } 2030 2031 void 2032 eay_hmacsha2_256_update(c, data) 2033 caddr_t c; 2034 vchar_t *data; 2035 { 2036 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l); 2037 } 2038 2039 vchar_t * 2040 eay_hmacsha2_256_final(c) 2041 caddr_t c; 2042 { 2043 vchar_t *res; 2044 unsigned int l; 2045 2046 if ((res = vmalloc(SHA256_DIGEST_LENGTH)) == 0) 2047 return NULL; 2048 2049 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l); 2050 res->l = l; 2051 HMAC_cleanup((HMAC_CTX *)c); 2052 (void)racoon_free(c); 2053 2054 if (SHA256_DIGEST_LENGTH != res->l) { 2055 plog(LLV_ERROR, LOCATION, NULL, 2056 "hmac sha2_256 length mismatch %zd.\n", res->l); 2057 vfree(res); 2058 return NULL; 2059 } 2060 2061 return(res); 2062 } 2063 #endif /* WITH_SHA2 */ 2064 2065 /* 2066 * HMAC SHA1 2067 */ 2068 vchar_t * 2069 eay_hmacsha1_one(key, data) 2070 vchar_t *key, *data; 2071 { 2072 return eay_hmac_one(key, data, EVP_sha1()); 2073 } 2074 2075 caddr_t 2076 eay_hmacsha1_init(key) 2077 vchar_t *key; 2078 { 2079 return eay_hmac_init(key, EVP_sha1()); 2080 } 2081 2082 void 2083 eay_hmacsha1_update(c, data) 2084 caddr_t c; 2085 vchar_t *data; 2086 { 2087 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l); 2088 } 2089 2090 vchar_t * 2091 eay_hmacsha1_final(c) 2092 caddr_t c; 2093 { 2094 vchar_t *res; 2095 unsigned int l; 2096 2097 if ((res = vmalloc(SHA_DIGEST_LENGTH)) == 0) 2098 return NULL; 2099 2100 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l); 2101 res->l = l; 2102 HMAC_cleanup((HMAC_CTX *)c); 2103 (void)racoon_free(c); 2104 2105 if (SHA_DIGEST_LENGTH != res->l) { 2106 plog(LLV_ERROR, LOCATION, NULL, 2107 "hmac sha1 length mismatch %zd.\n", res->l); 2108 vfree(res); 2109 return NULL; 2110 } 2111 2112 return(res); 2113 } 2114 2115 /* 2116 * HMAC MD5 2117 */ 2118 vchar_t * 2119 eay_hmacmd5_one(key, data) 2120 vchar_t *key, *data; 2121 { 2122 return eay_hmac_one(key, data, EVP_md5()); 2123 } 2124 2125 caddr_t 2126 eay_hmacmd5_init(key) 2127 vchar_t *key; 2128 { 2129 return eay_hmac_init(key, EVP_md5()); 2130 } 2131 2132 void 2133 eay_hmacmd5_update(c, data) 2134 caddr_t c; 2135 vchar_t *data; 2136 { 2137 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l); 2138 } 2139 2140 vchar_t * 2141 eay_hmacmd5_final(c) 2142 caddr_t c; 2143 { 2144 vchar_t *res; 2145 unsigned int l; 2146 2147 if ((res = vmalloc(MD5_DIGEST_LENGTH)) == 0) 2148 return NULL; 2149 2150 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l); 2151 res->l = l; 2152 HMAC_cleanup((HMAC_CTX *)c); 2153 (void)racoon_free(c); 2154 2155 if (MD5_DIGEST_LENGTH != res->l) { 2156 plog(LLV_ERROR, LOCATION, NULL, 2157 "hmac md5 length mismatch %zd.\n", res->l); 2158 vfree(res); 2159 return NULL; 2160 } 2161 2162 return(res); 2163 } 2164 2165 #ifdef WITH_SHA2 2166 /* 2167 * SHA2-512 functions 2168 */ 2169 caddr_t 2170 eay_sha2_512_init() 2171 { 2172 SHA512_CTX *c = racoon_malloc(sizeof(*c)); 2173 2174 SHA512_Init(c); 2175 2176 return((caddr_t)c); 2177 } 2178 2179 void 2180 eay_sha2_512_update(c, data) 2181 caddr_t c; 2182 vchar_t *data; 2183 { 2184 SHA512_Update((SHA512_CTX *)c, (unsigned char *) data->v, data->l); 2185 2186 return; 2187 } 2188 2189 vchar_t * 2190 eay_sha2_512_final(c) 2191 caddr_t c; 2192 { 2193 vchar_t *res; 2194 2195 if ((res = vmalloc(SHA512_DIGEST_LENGTH)) == 0) 2196 return(0); 2197 2198 SHA512_Final((unsigned char *) res->v, (SHA512_CTX *)c); 2199 (void)racoon_free(c); 2200 2201 return(res); 2202 } 2203 2204 vchar_t * 2205 eay_sha2_512_one(data) 2206 vchar_t *data; 2207 { 2208 return eay_digest_one(data, EVP_sha512()); 2209 } 2210 2211 int 2212 eay_sha2_512_hashlen() 2213 { 2214 return SHA512_DIGEST_LENGTH << 3; 2215 } 2216 #endif 2217 2218 #ifdef WITH_SHA2 2219 /* 2220 * SHA2-384 functions 2221 */ 2222 caddr_t 2223 eay_sha2_384_init() 2224 { 2225 SHA384_CTX *c = racoon_malloc(sizeof(*c)); 2226 2227 SHA384_Init(c); 2228 2229 return((caddr_t)c); 2230 } 2231 2232 void 2233 eay_sha2_384_update(c, data) 2234 caddr_t c; 2235 vchar_t *data; 2236 { 2237 SHA384_Update((SHA384_CTX *)c, (unsigned char *) data->v, data->l); 2238 2239 return; 2240 } 2241 2242 vchar_t * 2243 eay_sha2_384_final(c) 2244 caddr_t c; 2245 { 2246 vchar_t *res; 2247 2248 if ((res = vmalloc(SHA384_DIGEST_LENGTH)) == 0) 2249 return(0); 2250 2251 SHA384_Final((unsigned char *) res->v, (SHA384_CTX *)c); 2252 (void)racoon_free(c); 2253 2254 return(res); 2255 } 2256 2257 vchar_t * 2258 eay_sha2_384_one(data) 2259 vchar_t *data; 2260 { 2261 return eay_digest_one(data, EVP_sha2_384()); 2262 } 2263 2264 int 2265 eay_sha2_384_hashlen() 2266 { 2267 return SHA384_DIGEST_LENGTH << 3; 2268 } 2269 #endif 2270 2271 #ifdef WITH_SHA2 2272 /* 2273 * SHA2-256 functions 2274 */ 2275 caddr_t 2276 eay_sha2_256_init() 2277 { 2278 SHA256_CTX *c = racoon_malloc(sizeof(*c)); 2279 2280 SHA256_Init(c); 2281 2282 return((caddr_t)c); 2283 } 2284 2285 void 2286 eay_sha2_256_update(c, data) 2287 caddr_t c; 2288 vchar_t *data; 2289 { 2290 SHA256_Update((SHA256_CTX *)c, (unsigned char *) data->v, data->l); 2291 2292 return; 2293 } 2294 2295 vchar_t * 2296 eay_sha2_256_final(c) 2297 caddr_t c; 2298 { 2299 vchar_t *res; 2300 2301 if ((res = vmalloc(SHA256_DIGEST_LENGTH)) == 0) 2302 return(0); 2303 2304 SHA256_Final((unsigned char *) res->v, (SHA256_CTX *)c); 2305 (void)racoon_free(c); 2306 2307 return(res); 2308 } 2309 2310 vchar_t * 2311 eay_sha2_256_one(data) 2312 vchar_t *data; 2313 { 2314 return eay_digest_one(data, EVP_sha2_256()); 2315 } 2316 2317 int 2318 eay_sha2_256_hashlen() 2319 { 2320 return SHA256_DIGEST_LENGTH << 3; 2321 } 2322 #endif 2323 2324 /* 2325 * SHA functions 2326 */ 2327 caddr_t 2328 eay_sha1_init() 2329 { 2330 SHA_CTX *c = racoon_malloc(sizeof(*c)); 2331 2332 SHA1_Init(c); 2333 2334 return((caddr_t)c); 2335 } 2336 2337 void 2338 eay_sha1_update(c, data) 2339 caddr_t c; 2340 vchar_t *data; 2341 { 2342 SHA1_Update((SHA_CTX *)c, data->v, data->l); 2343 2344 return; 2345 } 2346 2347 vchar_t * 2348 eay_sha1_final(c) 2349 caddr_t c; 2350 { 2351 vchar_t *res; 2352 2353 if ((res = vmalloc(SHA_DIGEST_LENGTH)) == 0) 2354 return(0); 2355 2356 SHA1_Final((unsigned char *) res->v, (SHA_CTX *)c); 2357 (void)racoon_free(c); 2358 2359 return(res); 2360 } 2361 2362 vchar_t * 2363 eay_sha1_one(data) 2364 vchar_t *data; 2365 { 2366 return eay_digest_one(data, EVP_sha1()); 2367 } 2368 2369 int 2370 eay_sha1_hashlen() 2371 { 2372 return SHA_DIGEST_LENGTH << 3; 2373 } 2374 2375 /* 2376 * MD5 functions 2377 */ 2378 caddr_t 2379 eay_md5_init() 2380 { 2381 MD5_CTX *c = racoon_malloc(sizeof(*c)); 2382 2383 MD5_Init(c); 2384 2385 return((caddr_t)c); 2386 } 2387 2388 void 2389 eay_md5_update(c, data) 2390 caddr_t c; 2391 vchar_t *data; 2392 { 2393 MD5_Update((MD5_CTX *)c, data->v, data->l); 2394 2395 return; 2396 } 2397 2398 vchar_t * 2399 eay_md5_final(c) 2400 caddr_t c; 2401 { 2402 vchar_t *res; 2403 2404 if ((res = vmalloc(MD5_DIGEST_LENGTH)) == 0) 2405 return(0); 2406 2407 MD5_Final((unsigned char *) res->v, (MD5_CTX *)c); 2408 (void)racoon_free(c); 2409 2410 return(res); 2411 } 2412 2413 vchar_t * 2414 eay_md5_one(data) 2415 vchar_t *data; 2416 { 2417 return eay_digest_one(data, EVP_md5()); 2418 } 2419 2420 int 2421 eay_md5_hashlen() 2422 { 2423 return MD5_DIGEST_LENGTH << 3; 2424 } 2425 2426 /* 2427 * eay_set_random 2428 * size: number of bytes. 2429 */ 2430 vchar_t * 2431 eay_set_random(size) 2432 u_int32_t size; 2433 { 2434 BIGNUM *r = NULL; 2435 vchar_t *res = 0; 2436 2437 if ((r = BN_new()) == NULL) 2438 goto end; 2439 BN_rand(r, size * 8, 0, 0); 2440 eay_bn2v(&res, r); 2441 2442 end: 2443 if (r) 2444 BN_free(r); 2445 return(res); 2446 } 2447 2448 /* DH */ 2449 int 2450 eay_dh_generate(prime, g, publen, pub, priv) 2451 vchar_t *prime, **pub, **priv; 2452 u_int publen; 2453 u_int32_t g; 2454 { 2455 BIGNUM *p = NULL; 2456 DH *dh = NULL; 2457 int error = -1; 2458 2459 /* initialize */ 2460 /* pre-process to generate number */ 2461 if (eay_v2bn(&p, prime) < 0) 2462 goto end; 2463 2464 if ((dh = DH_new()) == NULL) 2465 goto end; 2466 dh->p = p; 2467 p = NULL; /* p is now part of dh structure */ 2468 dh->g = NULL; 2469 if ((dh->g = BN_new()) == NULL) 2470 goto end; 2471 if (!BN_set_word(dh->g, g)) 2472 goto end; 2473 2474 if (publen != 0) 2475 dh->length = publen; 2476 2477 /* generate public and private number */ 2478 if (!DH_generate_key(dh)) 2479 goto end; 2480 2481 /* copy results to buffers */ 2482 if (eay_bn2v(pub, dh->pub_key) < 0) 2483 goto end; 2484 if (eay_bn2v(priv, dh->priv_key) < 0) { 2485 vfree(*pub); 2486 goto end; 2487 } 2488 2489 error = 0; 2490 2491 end: 2492 if (dh != NULL) 2493 DH_free(dh); 2494 if (p != 0) 2495 BN_free(p); 2496 return(error); 2497 } 2498 2499 int 2500 eay_dh_compute(prime, g, pub, priv, pub2, key) 2501 vchar_t *prime, *pub, *priv, *pub2, **key; 2502 u_int32_t g; 2503 { 2504 BIGNUM *dh_pub = NULL; 2505 DH *dh = NULL; 2506 int l; 2507 unsigned char *v = NULL; 2508 int error = -1; 2509 2510 /* make public number to compute */ 2511 if (eay_v2bn(&dh_pub, pub2) < 0) 2512 goto end; 2513 2514 /* make DH structure */ 2515 if ((dh = DH_new()) == NULL) 2516 goto end; 2517 if (eay_v2bn(&dh->p, prime) < 0) 2518 goto end; 2519 if (eay_v2bn(&dh->pub_key, pub) < 0) 2520 goto end; 2521 if (eay_v2bn(&dh->priv_key, priv) < 0) 2522 goto end; 2523 dh->length = pub2->l * 8; 2524 2525 dh->g = NULL; 2526 if ((dh->g = BN_new()) == NULL) 2527 goto end; 2528 if (!BN_set_word(dh->g, g)) 2529 goto end; 2530 2531 if ((v = racoon_calloc(prime->l, sizeof(u_char))) == NULL) 2532 goto end; 2533 if ((l = DH_compute_key(v, dh_pub, dh)) == -1) 2534 goto end; 2535 memcpy((*key)->v + (prime->l - l), v, l); 2536 2537 error = 0; 2538 2539 end: 2540 if (dh_pub != NULL) 2541 BN_free(dh_pub); 2542 if (dh != NULL) 2543 DH_free(dh); 2544 if (v != NULL) 2545 racoon_free(v); 2546 return(error); 2547 } 2548 2549 /* 2550 * convert vchar_t <-> BIGNUM. 2551 * 2552 * vchar_t: unit is u_char, network endian, most significant byte first. 2553 * BIGNUM: unit is BN_ULONG, each of BN_ULONG is in host endian, 2554 * least significant BN_ULONG must come first. 2555 * 2556 * hex value of "0x3ffe050104" is represented as follows: 2557 * vchar_t: 3f fe 05 01 04 2558 * BIGNUM (BN_ULONG = u_int8_t): 04 01 05 fe 3f 2559 * BIGNUM (BN_ULONG = u_int16_t): 0x0104 0xfe05 0x003f 2560 * BIGNUM (BN_ULONG = u_int32_t_t): 0xfe050104 0x0000003f 2561 */ 2562 int 2563 eay_v2bn(bn, var) 2564 BIGNUM **bn; 2565 vchar_t *var; 2566 { 2567 if ((*bn = BN_bin2bn((unsigned char *) var->v, var->l, NULL)) == NULL) 2568 return -1; 2569 2570 return 0; 2571 } 2572 2573 int 2574 eay_bn2v(var, bn) 2575 vchar_t **var; 2576 BIGNUM *bn; 2577 { 2578 *var = vmalloc(bn->top * BN_BYTES); 2579 if (*var == NULL) 2580 return(-1); 2581 2582 (*var)->l = BN_bn2bin(bn, (unsigned char *) (*var)->v); 2583 2584 return 0; 2585 } 2586 2587 void 2588 eay_init() 2589 { 2590 OpenSSL_add_all_algorithms(); 2591 ERR_load_crypto_strings(); 2592 #ifdef HAVE_OPENSSL_ENGINE_H 2593 ENGINE_load_builtin_engines(); 2594 ENGINE_register_all_complete(); 2595 #endif 2596 } 2597 2598 vchar_t * 2599 base64_decode(char *in, long inlen) 2600 { 2601 BIO *bio=NULL, *b64=NULL; 2602 vchar_t *res = NULL; 2603 char *outb; 2604 long outlen; 2605 2606 outb = malloc(inlen * 2); 2607 if (outb == NULL) 2608 goto out; 2609 bio = BIO_new_mem_buf(in, inlen); 2610 b64 = BIO_new(BIO_f_base64()); 2611 BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); 2612 bio = BIO_push(b64, bio); 2613 2614 outlen = BIO_read(bio, outb, inlen * 2); 2615 if (outlen <= 0) { 2616 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror()); 2617 goto out; 2618 } 2619 2620 res = vmalloc(outlen); 2621 if (!res) 2622 goto out; 2623 2624 memcpy(res->v, outb, outlen); 2625 2626 out: 2627 if (outb) 2628 free(outb); 2629 if (bio) 2630 BIO_free_all(bio); 2631 2632 return res; 2633 } 2634 2635 vchar_t * 2636 base64_encode(char *in, long inlen) 2637 { 2638 BIO *bio=NULL, *b64=NULL; 2639 char *ptr; 2640 long plen = -1; 2641 vchar_t *res = NULL; 2642 2643 bio = BIO_new(BIO_s_mem()); 2644 b64 = BIO_new(BIO_f_base64()); 2645 BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); 2646 bio = BIO_push(b64, bio); 2647 2648 BIO_write(bio, in, inlen); 2649 BIO_flush(bio); 2650 2651 plen = BIO_get_mem_data(bio, &ptr); 2652 res = vmalloc(plen+1); 2653 if (!res) 2654 goto out; 2655 2656 memcpy (res->v, ptr, plen); 2657 res->v[plen] = '\0'; 2658 2659 out: 2660 if (bio) 2661 BIO_free_all(bio); 2662 2663 return res; 2664 } 2665 2666 static RSA * 2667 binbuf_pubkey2rsa(vchar_t *binbuf) 2668 { 2669 BIGNUM *exp, *mod; 2670 RSA *rsa_pub = NULL; 2671 2672 if (binbuf->v[0] > binbuf->l - 1) { 2673 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: decoded string doesn't make sense.\n"); 2674 goto out; 2675 } 2676 2677 exp = BN_bin2bn((unsigned char *) (binbuf->v + 1), binbuf->v[0], NULL); 2678 mod = BN_bin2bn((unsigned char *) (binbuf->v + binbuf->v[0] + 1), 2679 binbuf->l - binbuf->v[0] - 1, NULL); 2680 rsa_pub = RSA_new(); 2681 2682 if (!exp || !mod || !rsa_pub) { 2683 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey parsing error: %s\n", eay_strerror()); 2684 if (exp) 2685 BN_free(exp); 2686 if (mod) 2687 BN_free(exp); 2688 if (rsa_pub) 2689 RSA_free(rsa_pub); 2690 rsa_pub = NULL; 2691 goto out; 2692 } 2693 2694 rsa_pub->n = mod; 2695 rsa_pub->e = exp; 2696 2697 out: 2698 return rsa_pub; 2699 } 2700 2701 RSA * 2702 base64_pubkey2rsa(char *in) 2703 { 2704 BIGNUM *exp, *mod; 2705 RSA *rsa_pub = NULL; 2706 vchar_t *binbuf; 2707 2708 if (strncmp(in, "0s", 2) != 0) { 2709 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: doesn't start with '0s'\n"); 2710 return NULL; 2711 } 2712 2713 binbuf = base64_decode(in + 2, strlen(in + 2)); 2714 if (!binbuf) { 2715 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: Base64 decoding failed.\n"); 2716 return NULL; 2717 } 2718 2719 if (binbuf->v[0] > binbuf->l - 1) { 2720 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: decoded string doesn't make sense.\n"); 2721 goto out; 2722 } 2723 2724 rsa_pub = binbuf_pubkey2rsa(binbuf); 2725 2726 out: 2727 if (binbuf) 2728 vfree(binbuf); 2729 2730 return rsa_pub; 2731 } 2732 2733 RSA * 2734 bignum_pubkey2rsa(BIGNUM *in) 2735 { 2736 RSA *rsa_pub = NULL; 2737 vchar_t *binbuf; 2738 2739 binbuf = vmalloc(BN_num_bytes(in)); 2740 if (!binbuf) { 2741 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey conversion: memory allocation failed..\n"); 2742 return NULL; 2743 } 2744 2745 BN_bn2bin(in, (unsigned char *) binbuf->v); 2746 2747 rsa_pub = binbuf_pubkey2rsa(binbuf); 2748 2749 out: 2750 if (binbuf) 2751 vfree(binbuf); 2752 2753 return rsa_pub; 2754 } 2755 2756 u_int32_t 2757 eay_random() 2758 { 2759 u_int32_t result; 2760 vchar_t *vrand; 2761 2762 vrand = eay_set_random(sizeof(result)); 2763 memcpy(&result, vrand->v, sizeof(result)); 2764 vfree(vrand); 2765 2766 return result; 2767 } 2768 2769 const char * 2770 eay_version() 2771 { 2772 return SSLeay_version(SSLEAY_VERSION); 2773 } 2774
