1 /* $NetBSD: crypto_openssl.c,v 1.11.6.6 2009/04/29 10:50:25 tteras Exp $ */ 2 3 /* Id: crypto_openssl.c,v 1.47 2006/05/06 20:42:09 manubsd Exp */ 4 5 /* 6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. Neither the name of the project nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34 #include "config.h" 35 36 #include <sys/types.h> 37 #include <sys/param.h> 38 39 #include <stdlib.h> 40 #include <stdio.h> 41 #include <limits.h> 42 #include <string.h> 43 44 /* get openssl/ssleay version number */ 45 #include <openssl/opensslv.h> 46 47 #if !defined(OPENSSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x0090602fL) 48 #error OpenSSL version 0.9.6 or later required. 49 #endif 50 51 #include <openssl/pem.h> 52 #include <openssl/evp.h> 53 #include <openssl/x509.h> 54 #include <openssl/x509v3.h> 55 #include <openssl/x509_vfy.h> 56 #include <openssl/bn.h> 57 #include <openssl/dh.h> 58 #include <openssl/md5.h> 59 #include <openssl/sha.h> 60 #include <openssl/hmac.h> 61 #include <openssl/des.h> 62 #include <openssl/crypto.h> 63 #ifdef HAVE_OPENSSL_ENGINE_H 64 #include <openssl/engine.h> 65 #endif 66 #ifndef ANDROID_CHANGES 67 #include <openssl/blowfish.h> 68 #include <openssl/cast.h> 69 #else 70 #define EVP_bf_cbc() NULL 71 #define EVP_cast5_cbc() NULL 72 #endif 73 #include <openssl/err.h> 74 #ifdef HAVE_OPENSSL_RC5_H 75 #include <openssl/rc5.h> 76 #endif 77 #ifdef HAVE_OPENSSL_IDEA_H 78 #include <openssl/idea.h> 79 #endif 80 #if defined(HAVE_OPENSSL_AES_H) 81 #include <openssl/aes.h> 82 #elif defined(HAVE_OPENSSL_RIJNDAEL_H) 83 #include <openssl/rijndael.h> 84 #else 85 #include "crypto/rijndael/rijndael-api-fst.h" 86 #endif 87 #if defined(HAVE_OPENSSL_CAMELLIA_H) 88 #include <openssl/camellia.h> 89 #endif 90 #ifdef WITH_SHA2 91 #ifdef HAVE_OPENSSL_SHA2_H 92 #include <openssl/sha2.h> 93 #else 94 #include "crypto/sha2/sha2.h" 95 #endif 96 #endif 97 #include "plog.h" 98 99 /* 0.9.7 stuff? */ 100 #if OPENSSL_VERSION_NUMBER < 0x0090700fL 101 typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES; 102 #else 103 #define USE_NEW_DES_API 104 #endif 105 106 #define OpenSSL_BUG() do { plog(LLV_ERROR, LOCATION, NULL, "OpenSSL function failed\n"); } while(0) 107 108 #include "var.h" 109 #include "misc.h" 110 #include "vmbuf.h" 111 #include "plog.h" 112 #include "crypto_openssl.h" 113 #include "debug.h" 114 #include "gcmalloc.h" 115 116 /* 117 * I hate to cast every parameter to des_xx into void *, but it is 118 * necessary for SSLeay/OpenSSL portability. It sucks. 119 */ 120 121 static int cb_check_cert_local __P((int, X509_STORE_CTX *)); 122 static int cb_check_cert_remote __P((int, X509_STORE_CTX *)); 123 static X509 *mem2x509 __P((vchar_t *)); 124 125 static caddr_t eay_hmac_init __P((vchar_t *, const EVP_MD *)); 126 127 /* X509 Certificate */ 128 /* 129 * convert the string of the subject name into DER 130 * e.g. str = "C=JP, ST=Kanagawa"; 131 */ 132 vchar_t * 133 eay_str2asn1dn(str, len) 134 const char *str; 135 int len; 136 { 137 X509_NAME *name; 138 char *buf; 139 char *field, *value; 140 int i, j; 141 vchar_t *ret = NULL; 142 caddr_t p; 143 144 if (len == -1) 145 len = strlen(str); 146 147 buf = racoon_malloc(len + 1); 148 if (!buf) { 149 plog(LLV_WARNING, LOCATION, NULL,"failed to allocate buffer\n"); 150 return NULL; 151 } 152 memcpy(buf, str, len); 153 154 name = X509_NAME_new(); 155 156 field = &buf[0]; 157 value = NULL; 158 for (i = 0; i < len; i++) { 159 if (!value && buf[i] == '=') { 160 buf[i] = '\0'; 161 value = &buf[i + 1]; 162 continue; 163 } else if (buf[i] == ',' || buf[i] == '/') { 164 buf[i] = '\0'; 165 166 plog(LLV_DEBUG, LOCATION, NULL, "DN: %s=%s\n", 167 field, value); 168 169 if (!value) goto err; 170 if (!X509_NAME_add_entry_by_txt(name, field, 171 (value[0] == '*' && value[1] == 0) ? 172 V_ASN1_PRINTABLESTRING : MBSTRING_ASC, 173 (unsigned char *) value, -1, -1, 0)) { 174 plog(LLV_ERROR, LOCATION, NULL, 175 "Invalid DN field: %s=%s\n", 176 field, value); 177 plog(LLV_ERROR, LOCATION, NULL, 178 "%s\n", eay_strerror()); 179 goto err; 180 } 181 for (j = i + 1; j < len; j++) { 182 if (buf[j] != ' ') 183 break; 184 } 185 field = &buf[j]; 186 value = NULL; 187 continue; 188 } 189 } 190 buf[len] = '\0'; 191 192 plog(LLV_DEBUG, LOCATION, NULL, "DN: %s=%s\n", 193 field, value); 194 195 if (!value) goto err; 196 if (!X509_NAME_add_entry_by_txt(name, field, 197 (value[0] == '*' && value[1] == 0) ? 198 V_ASN1_PRINTABLESTRING : MBSTRING_ASC, 199 (unsigned char *) value, -1, -1, 0)) { 200 plog(LLV_ERROR, LOCATION, NULL, 201 "Invalid DN field: %s=%s\n", 202 field, value); 203 plog(LLV_ERROR, LOCATION, NULL, 204 "%s\n", eay_strerror()); 205 goto err; 206 } 207 208 i = i2d_X509_NAME(name, NULL); 209 if (!i) 210 goto err; 211 ret = vmalloc(i); 212 if (!ret) 213 goto err; 214 p = ret->v; 215 i = i2d_X509_NAME(name, (void *)&p); 216 if (!i) 217 goto err; 218 219 return ret; 220 221 err: 222 if (buf) 223 racoon_free(buf); 224 if (name) 225 X509_NAME_free(name); 226 if (ret) 227 vfree(ret); 228 return NULL; 229 } 230 231 /* 232 * convert the hex string of the subject name into DER 233 */ 234 vchar_t * 235 eay_hex2asn1dn(const char *hex, int len) 236 { 237 BIGNUM *bn = BN_new(); 238 char *binbuf; 239 size_t binlen; 240 vchar_t *ret = NULL; 241 242 if (len == -1) 243 len = strlen(hex); 244 245 if (BN_hex2bn(&bn, hex) != len) { 246 plog(LLV_ERROR, LOCATION, NULL, 247 "conversion of Hex-encoded ASN1 string to binary failed: %s\n", 248 eay_strerror()); 249 goto out; 250 } 251 252 binlen = BN_num_bytes(bn); 253 ret = vmalloc(binlen); 254 if (!ret) { 255 plog(LLV_WARNING, LOCATION, NULL,"failed to allocate buffer\n"); 256 return NULL; 257 } 258 binbuf = ret->v; 259 260 BN_bn2bin(bn, (unsigned char *) binbuf); 261 262 out: 263 BN_free(bn); 264 265 return ret; 266 } 267 268 /* 269 * The following are derived from code in crypto/x509/x509_cmp.c 270 * in OpenSSL0.9.7c: 271 * X509_NAME_wildcmp() adds wildcard matching to the original 272 * X509_NAME_cmp(), nocase_cmp() and nocase_spacenorm_cmp() are as is. 273 */ 274 #include <ctype.h> 275 /* Case insensitive string comparision */ 276 static int nocase_cmp(const ASN1_STRING *a, const ASN1_STRING *b) 277 { 278 int i; 279 280 if (a->length != b->length) 281 return (a->length - b->length); 282 283 for (i=0; i<a->length; i++) 284 { 285 int ca, cb; 286 287 ca = tolower(a->data[i]); 288 cb = tolower(b->data[i]); 289 290 if (ca != cb) 291 return(ca-cb); 292 } 293 return 0; 294 } 295 296 /* Case insensitive string comparision with space normalization 297 * Space normalization - ignore leading, trailing spaces, 298 * multiple spaces between characters are replaced by single space 299 */ 300 static int nocase_spacenorm_cmp(const ASN1_STRING *a, const ASN1_STRING *b) 301 { 302 unsigned char *pa = NULL, *pb = NULL; 303 int la, lb; 304 305 la = a->length; 306 lb = b->length; 307 pa = a->data; 308 pb = b->data; 309 310 /* skip leading spaces */ 311 while (la > 0 && isspace(*pa)) 312 { 313 la--; 314 pa++; 315 } 316 while (lb > 0 && isspace(*pb)) 317 { 318 lb--; 319 pb++; 320 } 321 322 /* skip trailing spaces */ 323 while (la > 0 && isspace(pa[la-1])) 324 la--; 325 while (lb > 0 && isspace(pb[lb-1])) 326 lb--; 327 328 /* compare strings with space normalization */ 329 while (la > 0 && lb > 0) 330 { 331 int ca, cb; 332 333 /* compare character */ 334 ca = tolower(*pa); 335 cb = tolower(*pb); 336 if (ca != cb) 337 return (ca - cb); 338 339 pa++; pb++; 340 la--; lb--; 341 342 if (la <= 0 || lb <= 0) 343 break; 344 345 /* is white space next character ? */ 346 if (isspace(*pa) && isspace(*pb)) 347 { 348 /* skip remaining white spaces */ 349 while (la > 0 && isspace(*pa)) 350 { 351 la--; 352 pa++; 353 } 354 while (lb > 0 && isspace(*pb)) 355 { 356 lb--; 357 pb++; 358 } 359 } 360 } 361 if (la > 0 || lb > 0) 362 return la - lb; 363 364 return 0; 365 } 366 367 static int X509_NAME_wildcmp(const X509_NAME *a, const X509_NAME *b) 368 { 369 int i,j; 370 X509_NAME_ENTRY *na,*nb; 371 372 if (sk_X509_NAME_ENTRY_num(a->entries) 373 != sk_X509_NAME_ENTRY_num(b->entries)) 374 return sk_X509_NAME_ENTRY_num(a->entries) 375 -sk_X509_NAME_ENTRY_num(b->entries); 376 for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--) 377 { 378 na=sk_X509_NAME_ENTRY_value(a->entries,i); 379 nb=sk_X509_NAME_ENTRY_value(b->entries,i); 380 j=OBJ_cmp(na->object,nb->object); 381 if (j) return(j); 382 if ((na->value->length == 1 && na->value->data[0] == '*') 383 || (nb->value->length == 1 && nb->value->data[0] == '*')) 384 continue; 385 j=na->value->type-nb->value->type; 386 if (j) return(j); 387 if (na->value->type == V_ASN1_PRINTABLESTRING) 388 j=nocase_spacenorm_cmp(na->value, nb->value); 389 else if (na->value->type == V_ASN1_IA5STRING 390 && OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress) 391 j=nocase_cmp(na->value, nb->value); 392 else 393 { 394 j=na->value->length-nb->value->length; 395 if (j) return(j); 396 j=memcmp(na->value->data,nb->value->data, 397 na->value->length); 398 } 399 if (j) return(j); 400 j=na->set-nb->set; 401 if (j) return(j); 402 } 403 404 return(0); 405 } 406 407 /* 408 * compare two subjectNames. 409 * OUT: 0: equal 410 * positive: 411 * -1: other error. 412 */ 413 int 414 eay_cmp_asn1dn(n1, n2) 415 vchar_t *n1, *n2; 416 { 417 X509_NAME *a = NULL, *b = NULL; 418 caddr_t p; 419 int i = -1; 420 421 p = n1->v; 422 if (!d2i_X509_NAME(&a, (void *)&p, n1->l)) 423 goto end; 424 p = n2->v; 425 if (!d2i_X509_NAME(&b, (void *)&p, n2->l)) 426 goto end; 427 428 i = X509_NAME_wildcmp(a, b); 429 430 end: 431 if (a) 432 X509_NAME_free(a); 433 if (b) 434 X509_NAME_free(b); 435 return i; 436 } 437 438 #ifdef ANDROID_CHANGES 439 440 static BIO *BIO_from_android(char *path) 441 { 442 void *data; 443 if (sscanf(path, pname, &data) == 1) { 444 return BIO_new_mem_buf(data, -1); 445 } 446 return NULL; 447 } 448 449 #endif 450 451 /* 452 * this functions is derived from apps/verify.c in OpenSSL0.9.5 453 */ 454 int 455 eay_check_x509cert(cert, CApath, CAfile, local) 456 vchar_t *cert; 457 char *CApath; 458 char *CAfile; 459 int local; 460 { 461 X509_STORE *cert_ctx = NULL; 462 X509_LOOKUP *lookup = NULL; 463 X509 *x509 = NULL; 464 X509_STORE_CTX *csc; 465 int error = -1; 466 467 cert_ctx = X509_STORE_new(); 468 if (cert_ctx == NULL) 469 goto end; 470 471 if (local) 472 X509_STORE_set_verify_cb_func(cert_ctx, cb_check_cert_local); 473 else 474 X509_STORE_set_verify_cb_func(cert_ctx, cb_check_cert_remote); 475 476 #ifdef ANDROID_CHANGES 477 if (pname) { 478 BIO *bio = BIO_from_android(CAfile); 479 STACK_OF(X509_INFO) *stack; 480 X509_INFO *info; 481 int i; 482 483 if (!bio) { 484 goto end; 485 } 486 stack = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL); 487 BIO_free(bio); 488 if (!stack) { 489 goto end; 490 } 491 for (i = 0; i < sk_X509_INFO_num(stack); ++i) { 492 info = sk_X509_INFO_value(stack, i); 493 if (info->x509) { 494 X509_STORE_add_cert(cert_ctx, info->x509); 495 } 496 if (info->crl) { 497 X509_STORE_add_crl(cert_ctx, info->crl); 498 } 499 } 500 sk_X509_INFO_pop_free(stack, X509_INFO_free); 501 } else { 502 #endif 503 lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file()); 504 if (lookup == NULL) 505 goto end; 506 507 X509_LOOKUP_load_file(lookup, CAfile, 508 (CAfile == NULL) ? X509_FILETYPE_DEFAULT : X509_FILETYPE_PEM); 509 510 lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_hash_dir()); 511 if (lookup == NULL) 512 goto end; 513 error = X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM); 514 if(!error) { 515 error = -1; 516 goto end; 517 } 518 error = -1; /* initialized */ 519 #ifdef ANDROID_CHANGES 520 } 521 #endif 522 523 /* read the certificate to be verified */ 524 x509 = mem2x509(cert); 525 if (x509 == NULL) 526 goto end; 527 528 csc = X509_STORE_CTX_new(); 529 if (csc == NULL) 530 goto end; 531 X509_STORE_CTX_init(csc, cert_ctx, x509, NULL); 532 #if OPENSSL_VERSION_NUMBER >= 0x00907000L 533 X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CRL_CHECK); 534 X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CRL_CHECK_ALL); 535 #endif 536 error = X509_verify_cert(csc); 537 X509_STORE_CTX_free(csc); 538 539 /* 540 * if x509_verify_cert() is successful then the value of error is 541 * set non-zero. 542 */ 543 error = error ? 0 : -1; 544 545 end: 546 if (error) 547 plog(LLV_WARNING, LOCATION, NULL,"%s\n", eay_strerror()); 548 if (cert_ctx != NULL) 549 X509_STORE_free(cert_ctx); 550 if (x509 != NULL) 551 X509_free(x509); 552 553 return(error); 554 } 555 556 /* 557 * callback function for verifing certificate. 558 * this function is derived from cb() in openssl/apps/s_server.c 559 */ 560 static int 561 cb_check_cert_local(ok, ctx) 562 int ok; 563 X509_STORE_CTX *ctx; 564 { 565 char buf[256]; 566 int log_tag; 567 568 if (!ok) { 569 X509_NAME_oneline( 570 X509_get_subject_name(ctx->current_cert), 571 buf, 572 256); 573 /* 574 * since we are just checking the certificates, it is 575 * ok if they are self signed. But we should still warn 576 * the user. 577 */ 578 switch (ctx->error) { 579 case X509_V_ERR_CERT_HAS_EXPIRED: 580 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: 581 case X509_V_ERR_INVALID_CA: 582 case X509_V_ERR_PATH_LENGTH_EXCEEDED: 583 case X509_V_ERR_INVALID_PURPOSE: 584 case X509_V_ERR_UNABLE_TO_GET_CRL: 585 ok = 1; 586 log_tag = LLV_WARNING; 587 break; 588 default: 589 log_tag = LLV_ERROR; 590 } 591 plog(log_tag, LOCATION, NULL, 592 "%s(%d) at depth:%d SubjectName:%s\n", 593 X509_verify_cert_error_string(ctx->error), 594 ctx->error, 595 ctx->error_depth, 596 buf); 597 } 598 ERR_clear_error(); 599 600 return ok; 601 } 602 603 /* 604 * callback function for verifing remote certificates. 605 * this function is derived from cb() in openssl/apps/s_server.c 606 */ 607 static int 608 cb_check_cert_remote(ok, ctx) 609 int ok; 610 X509_STORE_CTX *ctx; 611 { 612 char buf[256]; 613 int log_tag; 614 615 if (!ok) { 616 X509_NAME_oneline( 617 X509_get_subject_name(ctx->current_cert), 618 buf, 619 256); 620 switch (ctx->error) { 621 case X509_V_ERR_UNABLE_TO_GET_CRL: 622 ok = 1; 623 log_tag = LLV_WARNING; 624 break; 625 default: 626 log_tag = LLV_ERROR; 627 } 628 plog(log_tag, LOCATION, NULL, 629 "%s(%d) at depth:%d SubjectName:%s\n", 630 X509_verify_cert_error_string(ctx->error), 631 ctx->error, 632 ctx->error_depth, 633 buf); 634 } 635 ERR_clear_error(); 636 637 return ok; 638 } 639 640 /* 641 * get a subjectAltName from X509 certificate. 642 */ 643 vchar_t * 644 eay_get_x509asn1subjectname(cert) 645 vchar_t *cert; 646 { 647 X509 *x509 = NULL; 648 u_char *bp; 649 vchar_t *name = NULL; 650 int len; 651 652 bp = (unsigned char *) cert->v; 653 654 x509 = mem2x509(cert); 655 if (x509 == NULL) 656 goto error; 657 658 /* get the length of the name */ 659 len = i2d_X509_NAME(x509->cert_info->subject, NULL); 660 name = vmalloc(len); 661 if (!name) 662 goto error; 663 /* get the name */ 664 bp = (unsigned char *) name->v; 665 len = i2d_X509_NAME(x509->cert_info->subject, &bp); 666 667 X509_free(x509); 668 669 return name; 670 671 error: 672 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror()); 673 674 if (name != NULL) 675 vfree(name); 676 677 if (x509 != NULL) 678 X509_free(x509); 679 680 return NULL; 681 } 682 683 /* 684 * get the subjectAltName from X509 certificate. 685 * the name must be terminated by '\0'. 686 */ 687 int 688 eay_get_x509subjectaltname(cert, altname, type, pos) 689 vchar_t *cert; 690 char **altname; 691 int *type; 692 int pos; 693 { 694 X509 *x509 = NULL; 695 GENERAL_NAMES *gens = NULL; 696 GENERAL_NAME *gen; 697 int len; 698 int error = -1; 699 700 *altname = NULL; 701 *type = GENT_OTHERNAME; 702 703 x509 = mem2x509(cert); 704 if (x509 == NULL) 705 goto end; 706 707 gens = X509_get_ext_d2i(x509, NID_subject_alt_name, NULL, NULL); 708 if (gens == NULL) 709 goto end; 710 711 /* there is no data at "pos" */ 712 if (pos > sk_GENERAL_NAME_num(gens)) 713 goto end; 714 715 gen = sk_GENERAL_NAME_value(gens, pos - 1); 716 717 /* read DNSName / Email */ 718 if (gen->type == GEN_DNS || 719 gen->type == GEN_EMAIL || 720 gen->type == GEN_URI ) 721 { 722 /* make sure if the data is terminated by '\0'. */ 723 if (gen->d.ia5->data[gen->d.ia5->length] != '\0') 724 { 725 plog(LLV_ERROR, LOCATION, NULL, 726 "data is not terminated by NUL."); 727 racoon_hexdump(gen->d.ia5->data, gen->d.ia5->length + 1); 728 goto end; 729 } 730 731 len = gen->d.ia5->length + 1; 732 *altname = racoon_malloc(len); 733 if (!*altname) 734 goto end; 735 736 strlcpy(*altname, (char *) gen->d.ia5->data, len); 737 *type = gen->type; 738 error = 0; 739 } 740 /* read IP address */ 741 else if (gen->type == GEN_IPADD) 742 { 743 unsigned char p[5], *ip; 744 ip = p; 745 746 /* only support IPv4 */ 747 if (gen->d.ip->length != 4) 748 goto end; 749 750 /* convert Octet String to String 751 * XXX ??????? 752 */ 753 /*i2d_ASN1_OCTET_STRING(gen->d.ip,&ip);*/ 754 ip = gen->d.ip->data; 755 756 /* XXX Magic, enough for an IPv4 address 757 */ 758 *altname = racoon_malloc(20); 759 if (!*altname) 760 goto end; 761 762 sprintf(*altname, "%u.%u.%u.%u", ip[0], ip[1], ip[2], ip[3]); 763 *type = gen->type; 764 error = 0; 765 } 766 /* XXX other possible types ? 767 * For now, error will be -1 if unsupported type 768 */ 769 770 end: 771 if (error) { 772 if (*altname) { 773 racoon_free(*altname); 774 *altname = NULL; 775 } 776 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror()); 777 } 778 if (x509) 779 X509_free(x509); 780 if (gens) 781 /* free the whole stack. */ 782 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); 783 784 return error; 785 } 786 787 788 /* 789 * decode a X509 certificate and make a readable text terminated '\n'. 790 * return the buffer allocated, so must free it later. 791 */ 792 char * 793 eay_get_x509text(cert) 794 vchar_t *cert; 795 { 796 X509 *x509 = NULL; 797 BIO *bio = NULL; 798 char *text = NULL; 799 u_char *bp = NULL; 800 int len = 0; 801 int error = -1; 802 803 x509 = mem2x509(cert); 804 if (x509 == NULL) 805 goto end; 806 807 bio = BIO_new(BIO_s_mem()); 808 if (bio == NULL) 809 goto end; 810 811 error = X509_print(bio, x509); 812 if (error != 1) { 813 error = -1; 814 goto end; 815 } 816 817 len = BIO_get_mem_data(bio, &bp); 818 text = racoon_malloc(len + 1); 819 if (text == NULL) 820 goto end; 821 memcpy(text, bp, len); 822 text[len] = '\0'; 823 824 error = 0; 825 826 end: 827 if (error) { 828 if (text) { 829 racoon_free(text); 830 text = NULL; 831 } 832 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror()); 833 } 834 if (bio) 835 BIO_free(bio); 836 if (x509) 837 X509_free(x509); 838 839 return text; 840 } 841 842 /* get X509 structure from buffer. */ 843 static X509 * 844 mem2x509(cert) 845 vchar_t *cert; 846 { 847 X509 *x509; 848 849 #ifndef EAYDEBUG 850 { 851 u_char *bp; 852 853 bp = (unsigned char *) cert->v; 854 855 x509 = d2i_X509(NULL, (void *)&bp, cert->l); 856 } 857 #else 858 { 859 BIO *bio; 860 int len; 861 862 bio = BIO_new(BIO_s_mem()); 863 if (bio == NULL) 864 return NULL; 865 len = BIO_write(bio, cert->v, cert->l); 866 if (len == -1) 867 return NULL; 868 x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL); 869 BIO_free(bio); 870 } 871 #endif 872 return x509; 873 } 874 875 /* 876 * get a X509 certificate from local file. 877 * a certificate must be PEM format. 878 * Input: 879 * path to a certificate. 880 * Output: 881 * NULL if error occured 882 * other is the cert. 883 */ 884 vchar_t * 885 eay_get_x509cert(path) 886 char *path; 887 { 888 FILE *fp; 889 X509 *x509; 890 vchar_t *cert; 891 u_char *bp; 892 int len; 893 int error; 894 895 #ifdef ANDROID_CHANGES 896 if (pname) { 897 BIO *bio = BIO_from_android(path); 898 if (!bio) { 899 return NULL; 900 } 901 x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL); 902 BIO_free(bio); 903 } else { 904 #endif 905 /* Read private key */ 906 fp = fopen(path, "r"); 907 if (fp == NULL) 908 return NULL; 909 x509 = PEM_read_X509(fp, NULL, NULL, NULL); 910 fclose (fp); 911 #ifdef ANDROID_CHANGES 912 } 913 #endif 914 915 if (x509 == NULL) 916 return NULL; 917 918 len = i2d_X509(x509, NULL); 919 cert = vmalloc(len); 920 if (cert == NULL) { 921 X509_free(x509); 922 return NULL; 923 } 924 bp = (unsigned char *) cert->v; 925 error = i2d_X509(x509, &bp); 926 X509_free(x509); 927 928 if (error == 0) { 929 vfree(cert); 930 return NULL; 931 } 932 933 return cert; 934 } 935 936 /* 937 * check a X509 signature 938 * XXX: to be get hash type from my cert ? 939 * to be handled EVP_dss(). 940 * OUT: return -1 when error. 941 * 0 942 */ 943 int 944 eay_check_x509sign(source, sig, cert) 945 vchar_t *source; 946 vchar_t *sig; 947 vchar_t *cert; 948 { 949 X509 *x509; 950 u_char *bp; 951 EVP_PKEY *evp; 952 int res; 953 954 bp = (unsigned char *) cert->v; 955 956 x509 = d2i_X509(NULL, (void *)&bp, cert->l); 957 if (x509 == NULL) { 958 plog(LLV_ERROR, LOCATION, NULL, "d2i_X509(): %s\n", eay_strerror()); 959 return -1; 960 } 961 962 evp = X509_get_pubkey(x509); 963 if (! evp) { 964 plog(LLV_ERROR, LOCATION, NULL, "X509_get_pubkey(): %s\n", eay_strerror()); 965 X509_free(x509); 966 return -1; 967 } 968 969 res = eay_rsa_verify(source, sig, evp->pkey.rsa); 970 971 EVP_PKEY_free(evp); 972 X509_free(x509); 973 974 return res; 975 } 976 977 /* 978 * check RSA signature 979 * OUT: return -1 when error. 980 * 0 on success 981 */ 982 int 983 eay_check_rsasign(source, sig, rsa) 984 vchar_t *source; 985 vchar_t *sig; 986 RSA *rsa; 987 { 988 return eay_rsa_verify(source, sig, rsa); 989 } 990 991 /* 992 * get PKCS#1 Private Key of PEM format from local file. 993 */ 994 vchar_t * 995 eay_get_pkcs1privkey(path) 996 char *path; 997 { 998 FILE *fp; 999 EVP_PKEY *evp = NULL; 1000 vchar_t *pkey = NULL; 1001 u_char *bp; 1002 int pkeylen; 1003 int error = -1; 1004 1005 #ifdef ANDROID_CHANGES 1006 if (pname) { 1007 BIO *bio = BIO_from_android(path); 1008 if (!bio) { 1009 return NULL; 1010 } 1011 evp = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL); 1012 BIO_free(bio); 1013 } else { 1014 #endif 1015 /* Read private key */ 1016 fp = fopen(path, "r"); 1017 if (fp == NULL) 1018 return NULL; 1019 1020 evp = PEM_read_PrivateKey(fp, NULL, NULL, NULL); 1021 1022 fclose (fp); 1023 #ifdef ANDROID_CHANGES 1024 } 1025 #endif 1026 1027 if (evp == NULL) 1028 return NULL; 1029 1030 pkeylen = i2d_PrivateKey(evp, NULL); 1031 if (pkeylen == 0) 1032 goto end; 1033 pkey = vmalloc(pkeylen); 1034 if (pkey == NULL) 1035 goto end; 1036 bp = (unsigned char *) pkey->v; 1037 pkeylen = i2d_PrivateKey(evp, &bp); 1038 if (pkeylen == 0) 1039 goto end; 1040 1041 error = 0; 1042 1043 end: 1044 if (evp != NULL) 1045 EVP_PKEY_free(evp); 1046 if (error != 0 && pkey != NULL) { 1047 vfree(pkey); 1048 pkey = NULL; 1049 } 1050 1051 return pkey; 1052 } 1053 1054 /* 1055 * get PKCS#1 Public Key of PEM format from local file. 1056 */ 1057 vchar_t * 1058 eay_get_pkcs1pubkey(path) 1059 char *path; 1060 { 1061 FILE *fp; 1062 EVP_PKEY *evp = NULL; 1063 vchar_t *pkey = NULL; 1064 X509 *x509 = NULL; 1065 u_char *bp; 1066 int pkeylen; 1067 int error = -1; 1068 1069 /* Read private key */ 1070 fp = fopen(path, "r"); 1071 if (fp == NULL) 1072 return NULL; 1073 1074 x509 = PEM_read_X509(fp, NULL, NULL, NULL); 1075 1076 fclose (fp); 1077 1078 if (x509 == NULL) 1079 return NULL; 1080 1081 /* Get public key - eay */ 1082 evp = X509_get_pubkey(x509); 1083 if (evp == NULL) 1084 return NULL; 1085 1086 pkeylen = i2d_PublicKey(evp, NULL); 1087 if (pkeylen == 0) 1088 goto end; 1089 pkey = vmalloc(pkeylen); 1090 if (pkey == NULL) 1091 goto end; 1092 bp = (unsigned char *) pkey->v; 1093 pkeylen = i2d_PublicKey(evp, &bp); 1094 if (pkeylen == 0) 1095 goto end; 1096 1097 error = 0; 1098 end: 1099 if (evp != NULL) 1100 EVP_PKEY_free(evp); 1101 if (error != 0 && pkey != NULL) { 1102 vfree(pkey); 1103 pkey = NULL; 1104 } 1105 1106 return pkey; 1107 } 1108 1109 vchar_t * 1110 eay_get_x509sign(src, privkey) 1111 vchar_t *src, *privkey; 1112 { 1113 EVP_PKEY *evp; 1114 u_char *bp = (unsigned char *) privkey->v; 1115 vchar_t *sig = NULL; 1116 int len; 1117 int pad = RSA_PKCS1_PADDING; 1118 1119 /* XXX to be handled EVP_PKEY_DSA */ 1120 evp = d2i_PrivateKey(EVP_PKEY_RSA, NULL, (void *)&bp, privkey->l); 1121 if (evp == NULL) 1122 return NULL; 1123 1124 sig = eay_rsa_sign(src, evp->pkey.rsa); 1125 1126 EVP_PKEY_free(evp); 1127 1128 return sig; 1129 } 1130 1131 vchar_t * 1132 eay_get_rsasign(src, rsa) 1133 vchar_t *src; 1134 RSA *rsa; 1135 { 1136 return eay_rsa_sign(src, rsa); 1137 } 1138 1139 vchar_t * 1140 eay_rsa_sign(vchar_t *src, RSA *rsa) 1141 { 1142 int len; 1143 vchar_t *sig = NULL; 1144 int pad = RSA_PKCS1_PADDING; 1145 1146 len = RSA_size(rsa); 1147 1148 sig = vmalloc(len); 1149 if (sig == NULL) 1150 return NULL; 1151 1152 len = RSA_private_encrypt(src->l, (unsigned char *) src->v, 1153 (unsigned char *) sig->v, rsa, pad); 1154 1155 if (len == 0 || len != sig->l) { 1156 vfree(sig); 1157 sig = NULL; 1158 } 1159 1160 return sig; 1161 } 1162 1163 int 1164 eay_rsa_verify(src, sig, rsa) 1165 vchar_t *src, *sig; 1166 RSA *rsa; 1167 { 1168 vchar_t *xbuf = NULL; 1169 int pad = RSA_PKCS1_PADDING; 1170 int len = 0; 1171 int error; 1172 1173 len = RSA_size(rsa); 1174 xbuf = vmalloc(len); 1175 if (xbuf == NULL) { 1176 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror()); 1177 return -1; 1178 } 1179 1180 len = RSA_public_decrypt(sig->l, (unsigned char *) sig->v, 1181 (unsigned char *) xbuf->v, rsa, pad); 1182 if (len == 0 || len != src->l) { 1183 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror()); 1184 vfree(xbuf); 1185 return -1; 1186 } 1187 1188 error = memcmp(src->v, xbuf->v, src->l); 1189 vfree(xbuf); 1190 if (error != 0) 1191 return -1; 1192 1193 return 0; 1194 } 1195 1196 /* 1197 * get error string 1198 * MUST load ERR_load_crypto_strings() first. 1199 */ 1200 char * 1201 eay_strerror() 1202 { 1203 static char ebuf[512]; 1204 int len = 0, n; 1205 unsigned long l; 1206 char buf[200]; 1207 const char *file, *data; 1208 int line, flags; 1209 unsigned long es; 1210 1211 es = CRYPTO_thread_id(); 1212 1213 while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0){ 1214 n = snprintf(ebuf + len, sizeof(ebuf) - len, 1215 "%lu:%s:%s:%d:%s ", 1216 es, ERR_error_string(l, buf), file, line, 1217 (flags & ERR_TXT_STRING) ? data : ""); 1218 if (n < 0 || n >= sizeof(ebuf) - len) 1219 break; 1220 len += n; 1221 if (sizeof(ebuf) < len) 1222 break; 1223 } 1224 1225 return ebuf; 1226 } 1227 1228 vchar_t * 1229 evp_crypt(vchar_t *data, vchar_t *key, vchar_t *iv, const EVP_CIPHER *e, int enc) 1230 { 1231 vchar_t *res; 1232 EVP_CIPHER_CTX ctx; 1233 1234 if (!e) 1235 return NULL; 1236 1237 if (data->l % EVP_CIPHER_block_size(e)) 1238 return NULL; 1239 1240 if ((res = vmalloc(data->l)) == NULL) 1241 return NULL; 1242 1243 EVP_CIPHER_CTX_init(&ctx); 1244 1245 switch(EVP_CIPHER_nid(e)){ 1246 case NID_bf_cbc: 1247 case NID_bf_ecb: 1248 case NID_bf_cfb64: 1249 case NID_bf_ofb64: 1250 case NID_cast5_cbc: 1251 case NID_cast5_ecb: 1252 case NID_cast5_cfb64: 1253 case NID_cast5_ofb64: 1254 /* XXX: can we do that also for algos with a fixed key size ? 1255 */ 1256 /* init context without key/iv 1257 */ 1258 if (!EVP_CipherInit(&ctx, e, NULL, NULL, enc)) 1259 { 1260 OpenSSL_BUG(); 1261 vfree(res); 1262 return NULL; 1263 } 1264 1265 /* update key size 1266 */ 1267 if (!EVP_CIPHER_CTX_set_key_length(&ctx, key->l)) 1268 { 1269 OpenSSL_BUG(); 1270 vfree(res); 1271 return NULL; 1272 } 1273 1274 /* finalize context init with desired key size 1275 */ 1276 if (!EVP_CipherInit(&ctx, NULL, (u_char *) key->v, 1277 (u_char *) iv->v, enc)) 1278 { 1279 OpenSSL_BUG(); 1280 vfree(res); 1281 return NULL; 1282 } 1283 break; 1284 default: 1285 if (!EVP_CipherInit(&ctx, e, (u_char *) key->v, 1286 (u_char *) iv->v, enc)) { 1287 OpenSSL_BUG(); 1288 vfree(res); 1289 return NULL; 1290 } 1291 } 1292 1293 /* disable openssl padding */ 1294 EVP_CIPHER_CTX_set_padding(&ctx, 0); 1295 1296 if (!EVP_Cipher(&ctx, (u_char *) res->v, (u_char *) data->v, data->l)) { 1297 OpenSSL_BUG(); 1298 vfree(res); 1299 return NULL; 1300 } 1301 1302 EVP_CIPHER_CTX_cleanup(&ctx); 1303 1304 return res; 1305 } 1306 1307 int 1308 evp_weakkey(vchar_t *key, const EVP_CIPHER *e) 1309 { 1310 return 0; 1311 } 1312 1313 int 1314 evp_keylen(int len, const EVP_CIPHER *e) 1315 { 1316 if (!e) 1317 return -1; 1318 /* EVP functions return lengths in bytes, ipsec-tools 1319 * uses lengths in bits, therefore conversion is required. --AK 1320 */ 1321 if (len != 0 && len != (EVP_CIPHER_key_length(e) << 3)) 1322 return -1; 1323 1324 return EVP_CIPHER_key_length(e) << 3; 1325 } 1326 1327 /* 1328 * DES-CBC 1329 */ 1330 vchar_t * 1331 eay_des_encrypt(data, key, iv) 1332 vchar_t *data, *key, *iv; 1333 { 1334 return evp_crypt(data, key, iv, EVP_des_cbc(), 1); 1335 } 1336 1337 vchar_t * 1338 eay_des_decrypt(data, key, iv) 1339 vchar_t *data, *key, *iv; 1340 { 1341 return evp_crypt(data, key, iv, EVP_des_cbc(), 0); 1342 } 1343 1344 int 1345 eay_des_weakkey(key) 1346 vchar_t *key; 1347 { 1348 #ifdef USE_NEW_DES_API 1349 return DES_is_weak_key((void *)key->v); 1350 #else 1351 return des_is_weak_key((void *)key->v); 1352 #endif 1353 } 1354 1355 int 1356 eay_des_keylen(len) 1357 int len; 1358 { 1359 return evp_keylen(len, EVP_des_cbc()); 1360 } 1361 1362 #ifdef HAVE_OPENSSL_IDEA_H 1363 /* 1364 * IDEA-CBC 1365 */ 1366 vchar_t * 1367 eay_idea_encrypt(data, key, iv) 1368 vchar_t *data, *key, *iv; 1369 { 1370 vchar_t *res; 1371 IDEA_KEY_SCHEDULE ks; 1372 1373 idea_set_encrypt_key((unsigned char *)key->v, &ks); 1374 1375 /* allocate buffer for result */ 1376 if ((res = vmalloc(data->l)) == NULL) 1377 return NULL; 1378 1379 /* decryption data */ 1380 idea_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l, 1381 &ks, (unsigned char *)iv->v, IDEA_ENCRYPT); 1382 1383 return res; 1384 } 1385 1386 vchar_t * 1387 eay_idea_decrypt(data, key, iv) 1388 vchar_t *data, *key, *iv; 1389 { 1390 vchar_t *res; 1391 IDEA_KEY_SCHEDULE ks, dks; 1392 1393 idea_set_encrypt_key((unsigned char *)key->v, &ks); 1394 idea_set_decrypt_key(&ks, &dks); 1395 1396 /* allocate buffer for result */ 1397 if ((res = vmalloc(data->l)) == NULL) 1398 return NULL; 1399 1400 /* decryption data */ 1401 idea_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l, 1402 &dks, (unsigned char *)iv->v, IDEA_DECRYPT); 1403 1404 return res; 1405 } 1406 1407 int 1408 eay_idea_weakkey(key) 1409 vchar_t *key; 1410 { 1411 return 0; /* XXX */ 1412 } 1413 1414 int 1415 eay_idea_keylen(len) 1416 int len; 1417 { 1418 if (len != 0 && len != 128) 1419 return -1; 1420 return 128; 1421 } 1422 #endif 1423 1424 /* 1425 * BLOWFISH-CBC 1426 */ 1427 vchar_t * 1428 eay_bf_encrypt(data, key, iv) 1429 vchar_t *data, *key, *iv; 1430 { 1431 return evp_crypt(data, key, iv, EVP_bf_cbc(), 1); 1432 } 1433 1434 vchar_t * 1435 eay_bf_decrypt(data, key, iv) 1436 vchar_t *data, *key, *iv; 1437 { 1438 return evp_crypt(data, key, iv, EVP_bf_cbc(), 0); 1439 } 1440 1441 int 1442 eay_bf_weakkey(key) 1443 vchar_t *key; 1444 { 1445 return 0; /* XXX to be done. refer to RFC 2451 */ 1446 } 1447 1448 int 1449 eay_bf_keylen(len) 1450 int len; 1451 { 1452 if (len == 0) 1453 return 448; 1454 if (len < 40 || len > 448) 1455 return -1; 1456 return len; 1457 } 1458 1459 #ifdef HAVE_OPENSSL_RC5_H 1460 /* 1461 * RC5-CBC 1462 */ 1463 vchar_t * 1464 eay_rc5_encrypt(data, key, iv) 1465 vchar_t *data, *key, *iv; 1466 { 1467 vchar_t *res; 1468 RC5_32_KEY ks; 1469 1470 /* in RFC 2451, there is information about the number of round. */ 1471 RC5_32_set_key(&ks, key->l, (unsigned char *)key->v, 16); 1472 1473 /* allocate buffer for result */ 1474 if ((res = vmalloc(data->l)) == NULL) 1475 return NULL; 1476 1477 /* decryption data */ 1478 RC5_32_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l, 1479 &ks, (unsigned char *)iv->v, RC5_ENCRYPT); 1480 1481 return res; 1482 } 1483 1484 vchar_t * 1485 eay_rc5_decrypt(data, key, iv) 1486 vchar_t *data, *key, *iv; 1487 { 1488 vchar_t *res; 1489 RC5_32_KEY ks; 1490 1491 /* in RFC 2451, there is information about the number of round. */ 1492 RC5_32_set_key(&ks, key->l, (unsigned char *)key->v, 16); 1493 1494 /* allocate buffer for result */ 1495 if ((res = vmalloc(data->l)) == NULL) 1496 return NULL; 1497 1498 /* decryption data */ 1499 RC5_32_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l, 1500 &ks, (unsigned char *)iv->v, RC5_DECRYPT); 1501 1502 return res; 1503 } 1504 1505 int 1506 eay_rc5_weakkey(key) 1507 vchar_t *key; 1508 { 1509 return 0; /* No known weak keys when used with 16 rounds. */ 1510 1511 } 1512 1513 int 1514 eay_rc5_keylen(len) 1515 int len; 1516 { 1517 if (len == 0) 1518 return 128; 1519 if (len < 40 || len > 2040) 1520 return -1; 1521 return len; 1522 } 1523 #endif 1524 1525 /* 1526 * 3DES-CBC 1527 */ 1528 vchar_t * 1529 eay_3des_encrypt(data, key, iv) 1530 vchar_t *data, *key, *iv; 1531 { 1532 return evp_crypt(data, key, iv, EVP_des_ede3_cbc(), 1); 1533 } 1534 1535 vchar_t * 1536 eay_3des_decrypt(data, key, iv) 1537 vchar_t *data, *key, *iv; 1538 { 1539 return evp_crypt(data, key, iv, EVP_des_ede3_cbc(), 0); 1540 } 1541 1542 int 1543 eay_3des_weakkey(key) 1544 vchar_t *key; 1545 { 1546 #ifdef USE_NEW_DES_API 1547 return (DES_is_weak_key((void *)key->v) || 1548 DES_is_weak_key((void *)(key->v + 8)) || 1549 DES_is_weak_key((void *)(key->v + 16))); 1550 #else 1551 if (key->l < 24) 1552 return 0; 1553 1554 return (des_is_weak_key((void *)key->v) || 1555 des_is_weak_key((void *)(key->v + 8)) || 1556 des_is_weak_key((void *)(key->v + 16))); 1557 #endif 1558 } 1559 1560 int 1561 eay_3des_keylen(len) 1562 int len; 1563 { 1564 if (len != 0 && len != 192) 1565 return -1; 1566 return 192; 1567 } 1568 1569 /* 1570 * CAST-CBC 1571 */ 1572 vchar_t * 1573 eay_cast_encrypt(data, key, iv) 1574 vchar_t *data, *key, *iv; 1575 { 1576 return evp_crypt(data, key, iv, EVP_cast5_cbc(), 1); 1577 } 1578 1579 vchar_t * 1580 eay_cast_decrypt(data, key, iv) 1581 vchar_t *data, *key, *iv; 1582 { 1583 return evp_crypt(data, key, iv, EVP_cast5_cbc(), 0); 1584 } 1585 1586 int 1587 eay_cast_weakkey(key) 1588 vchar_t *key; 1589 { 1590 return 0; /* No known weak keys. */ 1591 } 1592 1593 int 1594 eay_cast_keylen(len) 1595 int len; 1596 { 1597 if (len == 0) 1598 return 128; 1599 if (len < 40 || len > 128) 1600 return -1; 1601 return len; 1602 } 1603 1604 /* 1605 * AES(RIJNDAEL)-CBC 1606 */ 1607 #ifndef HAVE_OPENSSL_AES_H 1608 vchar_t * 1609 eay_aes_encrypt(data, key, iv) 1610 vchar_t *data, *key, *iv; 1611 { 1612 vchar_t *res; 1613 keyInstance k; 1614 cipherInstance c; 1615 1616 memset(&k, 0, sizeof(k)); 1617 if (rijndael_makeKey(&k, DIR_ENCRYPT, key->l << 3, key->v) < 0) 1618 return NULL; 1619 1620 /* allocate buffer for result */ 1621 if ((res = vmalloc(data->l)) == NULL) 1622 return NULL; 1623 1624 /* encryption data */ 1625 memset(&c, 0, sizeof(c)); 1626 if (rijndael_cipherInit(&c, MODE_CBC, iv->v) < 0){ 1627 vfree(res); 1628 return NULL; 1629 } 1630 if (rijndael_blockEncrypt(&c, &k, data->v, data->l << 3, res->v) < 0){ 1631 vfree(res); 1632 return NULL; 1633 } 1634 1635 return res; 1636 } 1637 1638 vchar_t * 1639 eay_aes_decrypt(data, key, iv) 1640 vchar_t *data, *key, *iv; 1641 { 1642 vchar_t *res; 1643 keyInstance k; 1644 cipherInstance c; 1645 1646 memset(&k, 0, sizeof(k)); 1647 if (rijndael_makeKey(&k, DIR_DECRYPT, key->l << 3, key->v) < 0) 1648 return NULL; 1649 1650 /* allocate buffer for result */ 1651 if ((res = vmalloc(data->l)) == NULL) 1652 return NULL; 1653 1654 /* decryption data */ 1655 memset(&c, 0, sizeof(c)); 1656 if (rijndael_cipherInit(&c, MODE_CBC, iv->v) < 0){ 1657 vfree(res); 1658 return NULL; 1659 } 1660 if (rijndael_blockDecrypt(&c, &k, data->v, data->l << 3, res->v) < 0){ 1661 vfree(res); 1662 return NULL; 1663 } 1664 1665 return res; 1666 } 1667 #else 1668 static inline const EVP_CIPHER * 1669 aes_evp_by_keylen(int keylen) 1670 { 1671 switch(keylen) { 1672 case 16: 1673 case 128: 1674 return EVP_aes_128_cbc(); 1675 case 24: 1676 case 192: 1677 return EVP_aes_192_cbc(); 1678 case 32: 1679 case 256: 1680 return EVP_aes_256_cbc(); 1681 default: 1682 return NULL; 1683 } 1684 } 1685 1686 vchar_t * 1687 eay_aes_encrypt(data, key, iv) 1688 vchar_t *data, *key, *iv; 1689 { 1690 return evp_crypt(data, key, iv, aes_evp_by_keylen(key->l), 1); 1691 } 1692 1693 vchar_t * 1694 eay_aes_decrypt(data, key, iv) 1695 vchar_t *data, *key, *iv; 1696 { 1697 return evp_crypt(data, key, iv, aes_evp_by_keylen(key->l), 0); 1698 } 1699 #endif 1700 1701 int 1702 eay_aes_weakkey(key) 1703 vchar_t *key; 1704 { 1705 return 0; 1706 } 1707 1708 int 1709 eay_aes_keylen(len) 1710 int len; 1711 { 1712 if (len == 0) 1713 return 128; 1714 if (len != 128 && len != 192 && len != 256) 1715 return -1; 1716 return len; 1717 } 1718 1719 #if defined(HAVE_OPENSSL_CAMELLIA_H) 1720 /* 1721 * CAMELLIA-CBC 1722 */ 1723 static inline const EVP_CIPHER * 1724 camellia_evp_by_keylen(int keylen) 1725 { 1726 switch(keylen) { 1727 case 16: 1728 case 128: 1729 return EVP_camellia_128_cbc(); 1730 case 24: 1731 case 192: 1732 return EVP_camellia_192_cbc(); 1733 case 32: 1734 case 256: 1735 return EVP_camellia_256_cbc(); 1736 default: 1737 return NULL; 1738 } 1739 } 1740 1741 vchar_t * 1742 eay_camellia_encrypt(data, key, iv) 1743 vchar_t *data, *key, *iv; 1744 { 1745 return evp_crypt(data, key, iv, camellia_evp_by_keylen(key->l), 1); 1746 } 1747 1748 vchar_t * 1749 eay_camellia_decrypt(data, key, iv) 1750 vchar_t *data, *key, *iv; 1751 { 1752 return evp_crypt(data, key, iv, camellia_evp_by_keylen(key->l), 0); 1753 } 1754 1755 int 1756 eay_camellia_weakkey(key) 1757 vchar_t *key; 1758 { 1759 return 0; 1760 } 1761 1762 int 1763 eay_camellia_keylen(len) 1764 int len; 1765 { 1766 if (len == 0) 1767 return 128; 1768 if (len != 128 && len != 192 && len != 256) 1769 return -1; 1770 return len; 1771 } 1772 1773 #endif 1774 1775 /* for ipsec part */ 1776 int 1777 eay_null_hashlen() 1778 { 1779 return 0; 1780 } 1781 1782 int 1783 eay_kpdk_hashlen() 1784 { 1785 return 0; 1786 } 1787 1788 int 1789 eay_twofish_keylen(len) 1790 int len; 1791 { 1792 if (len < 0 || len > 256) 1793 return -1; 1794 return len; 1795 } 1796 1797 int 1798 eay_null_keylen(len) 1799 int len; 1800 { 1801 return 0; 1802 } 1803 1804 /* 1805 * HMAC functions 1806 */ 1807 static caddr_t 1808 eay_hmac_init(key, md) 1809 vchar_t *key; 1810 const EVP_MD *md; 1811 { 1812 HMAC_CTX *c = racoon_malloc(sizeof(*c)); 1813 1814 HMAC_Init(c, key->v, key->l, md); 1815 1816 return (caddr_t)c; 1817 } 1818 1819 #ifdef WITH_SHA2 1820 /* 1821 * HMAC SHA2-512 1822 */ 1823 vchar_t * 1824 eay_hmacsha2_512_one(key, data) 1825 vchar_t *key, *data; 1826 { 1827 vchar_t *res; 1828 caddr_t ctx; 1829 1830 ctx = eay_hmacsha2_512_init(key); 1831 eay_hmacsha2_512_update(ctx, data); 1832 res = eay_hmacsha2_512_final(ctx); 1833 1834 return(res); 1835 } 1836 1837 caddr_t 1838 eay_hmacsha2_512_init(key) 1839 vchar_t *key; 1840 { 1841 return eay_hmac_init(key, EVP_sha2_512()); 1842 } 1843 1844 void 1845 eay_hmacsha2_512_update(c, data) 1846 caddr_t c; 1847 vchar_t *data; 1848 { 1849 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l); 1850 } 1851 1852 vchar_t * 1853 eay_hmacsha2_512_final(c) 1854 caddr_t c; 1855 { 1856 vchar_t *res; 1857 unsigned int l; 1858 1859 if ((res = vmalloc(SHA512_DIGEST_LENGTH)) == 0) 1860 return NULL; 1861 1862 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l); 1863 res->l = l; 1864 HMAC_cleanup((HMAC_CTX *)c); 1865 (void)racoon_free(c); 1866 1867 if (SHA512_DIGEST_LENGTH != res->l) { 1868 plog(LLV_ERROR, LOCATION, NULL, 1869 "hmac sha2_512 length mismatch %zd.\n", res->l); 1870 vfree(res); 1871 return NULL; 1872 } 1873 1874 return(res); 1875 } 1876 1877 /* 1878 * HMAC SHA2-384 1879 */ 1880 vchar_t * 1881 eay_hmacsha2_384_one(key, data) 1882 vchar_t *key, *data; 1883 { 1884 vchar_t *res; 1885 caddr_t ctx; 1886 1887 ctx = eay_hmacsha2_384_init(key); 1888 eay_hmacsha2_384_update(ctx, data); 1889 res = eay_hmacsha2_384_final(ctx); 1890 1891 return(res); 1892 } 1893 1894 caddr_t 1895 eay_hmacsha2_384_init(key) 1896 vchar_t *key; 1897 { 1898 return eay_hmac_init(key, EVP_sha2_384()); 1899 } 1900 1901 void 1902 eay_hmacsha2_384_update(c, data) 1903 caddr_t c; 1904 vchar_t *data; 1905 { 1906 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l); 1907 } 1908 1909 vchar_t * 1910 eay_hmacsha2_384_final(c) 1911 caddr_t c; 1912 { 1913 vchar_t *res; 1914 unsigned int l; 1915 1916 if ((res = vmalloc(SHA384_DIGEST_LENGTH)) == 0) 1917 return NULL; 1918 1919 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l); 1920 res->l = l; 1921 HMAC_cleanup((HMAC_CTX *)c); 1922 (void)racoon_free(c); 1923 1924 if (SHA384_DIGEST_LENGTH != res->l) { 1925 plog(LLV_ERROR, LOCATION, NULL, 1926 "hmac sha2_384 length mismatch %zd.\n", res->l); 1927 vfree(res); 1928 return NULL; 1929 } 1930 1931 return(res); 1932 } 1933 1934 /* 1935 * HMAC SHA2-256 1936 */ 1937 vchar_t * 1938 eay_hmacsha2_256_one(key, data) 1939 vchar_t *key, *data; 1940 { 1941 vchar_t *res; 1942 caddr_t ctx; 1943 1944 ctx = eay_hmacsha2_256_init(key); 1945 eay_hmacsha2_256_update(ctx, data); 1946 res = eay_hmacsha2_256_final(ctx); 1947 1948 return(res); 1949 } 1950 1951 caddr_t 1952 eay_hmacsha2_256_init(key) 1953 vchar_t *key; 1954 { 1955 return eay_hmac_init(key, EVP_sha2_256()); 1956 } 1957 1958 void 1959 eay_hmacsha2_256_update(c, data) 1960 caddr_t c; 1961 vchar_t *data; 1962 { 1963 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l); 1964 } 1965 1966 vchar_t * 1967 eay_hmacsha2_256_final(c) 1968 caddr_t c; 1969 { 1970 vchar_t *res; 1971 unsigned int l; 1972 1973 if ((res = vmalloc(SHA256_DIGEST_LENGTH)) == 0) 1974 return NULL; 1975 1976 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l); 1977 res->l = l; 1978 HMAC_cleanup((HMAC_CTX *)c); 1979 (void)racoon_free(c); 1980 1981 if (SHA256_DIGEST_LENGTH != res->l) { 1982 plog(LLV_ERROR, LOCATION, NULL, 1983 "hmac sha2_256 length mismatch %zd.\n", res->l); 1984 vfree(res); 1985 return NULL; 1986 } 1987 1988 return(res); 1989 } 1990 #endif /* WITH_SHA2 */ 1991 1992 /* 1993 * HMAC SHA1 1994 */ 1995 vchar_t * 1996 eay_hmacsha1_one(key, data) 1997 vchar_t *key, *data; 1998 { 1999 vchar_t *res; 2000 caddr_t ctx; 2001 2002 ctx = eay_hmacsha1_init(key); 2003 eay_hmacsha1_update(ctx, data); 2004 res = eay_hmacsha1_final(ctx); 2005 2006 return(res); 2007 } 2008 2009 caddr_t 2010 eay_hmacsha1_init(key) 2011 vchar_t *key; 2012 { 2013 return eay_hmac_init(key, EVP_sha1()); 2014 } 2015 2016 void 2017 eay_hmacsha1_update(c, data) 2018 caddr_t c; 2019 vchar_t *data; 2020 { 2021 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l); 2022 } 2023 2024 vchar_t * 2025 eay_hmacsha1_final(c) 2026 caddr_t c; 2027 { 2028 vchar_t *res; 2029 unsigned int l; 2030 2031 if ((res = vmalloc(SHA_DIGEST_LENGTH)) == 0) 2032 return NULL; 2033 2034 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l); 2035 res->l = l; 2036 HMAC_cleanup((HMAC_CTX *)c); 2037 (void)racoon_free(c); 2038 2039 if (SHA_DIGEST_LENGTH != res->l) { 2040 plog(LLV_ERROR, LOCATION, NULL, 2041 "hmac sha1 length mismatch %zd.\n", res->l); 2042 vfree(res); 2043 return NULL; 2044 } 2045 2046 return(res); 2047 } 2048 2049 /* 2050 * HMAC MD5 2051 */ 2052 vchar_t * 2053 eay_hmacmd5_one(key, data) 2054 vchar_t *key, *data; 2055 { 2056 vchar_t *res; 2057 caddr_t ctx; 2058 2059 ctx = eay_hmacmd5_init(key); 2060 eay_hmacmd5_update(ctx, data); 2061 res = eay_hmacmd5_final(ctx); 2062 2063 return(res); 2064 } 2065 2066 caddr_t 2067 eay_hmacmd5_init(key) 2068 vchar_t *key; 2069 { 2070 return eay_hmac_init(key, EVP_md5()); 2071 } 2072 2073 void 2074 eay_hmacmd5_update(c, data) 2075 caddr_t c; 2076 vchar_t *data; 2077 { 2078 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l); 2079 } 2080 2081 vchar_t * 2082 eay_hmacmd5_final(c) 2083 caddr_t c; 2084 { 2085 vchar_t *res; 2086 unsigned int l; 2087 2088 if ((res = vmalloc(MD5_DIGEST_LENGTH)) == 0) 2089 return NULL; 2090 2091 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l); 2092 res->l = l; 2093 HMAC_cleanup((HMAC_CTX *)c); 2094 (void)racoon_free(c); 2095 2096 if (MD5_DIGEST_LENGTH != res->l) { 2097 plog(LLV_ERROR, LOCATION, NULL, 2098 "hmac md5 length mismatch %zd.\n", res->l); 2099 vfree(res); 2100 return NULL; 2101 } 2102 2103 return(res); 2104 } 2105 2106 #ifdef WITH_SHA2 2107 /* 2108 * SHA2-512 functions 2109 */ 2110 caddr_t 2111 eay_sha2_512_init() 2112 { 2113 SHA512_CTX *c = racoon_malloc(sizeof(*c)); 2114 2115 SHA512_Init(c); 2116 2117 return((caddr_t)c); 2118 } 2119 2120 void 2121 eay_sha2_512_update(c, data) 2122 caddr_t c; 2123 vchar_t *data; 2124 { 2125 SHA512_Update((SHA512_CTX *)c, (unsigned char *) data->v, data->l); 2126 2127 return; 2128 } 2129 2130 vchar_t * 2131 eay_sha2_512_final(c) 2132 caddr_t c; 2133 { 2134 vchar_t *res; 2135 2136 if ((res = vmalloc(SHA512_DIGEST_LENGTH)) == 0) 2137 return(0); 2138 2139 SHA512_Final((unsigned char *) res->v, (SHA512_CTX *)c); 2140 (void)racoon_free(c); 2141 2142 return(res); 2143 } 2144 2145 vchar_t * 2146 eay_sha2_512_one(data) 2147 vchar_t *data; 2148 { 2149 caddr_t ctx; 2150 vchar_t *res; 2151 2152 ctx = eay_sha2_512_init(); 2153 eay_sha2_512_update(ctx, data); 2154 res = eay_sha2_512_final(ctx); 2155 2156 return(res); 2157 } 2158 2159 int 2160 eay_sha2_512_hashlen() 2161 { 2162 return SHA512_DIGEST_LENGTH << 3; 2163 } 2164 #endif 2165 2166 #ifdef WITH_SHA2 2167 /* 2168 * SHA2-384 functions 2169 */ 2170 caddr_t 2171 eay_sha2_384_init() 2172 { 2173 SHA384_CTX *c = racoon_malloc(sizeof(*c)); 2174 2175 SHA384_Init(c); 2176 2177 return((caddr_t)c); 2178 } 2179 2180 void 2181 eay_sha2_384_update(c, data) 2182 caddr_t c; 2183 vchar_t *data; 2184 { 2185 SHA384_Update((SHA384_CTX *)c, (unsigned char *) data->v, data->l); 2186 2187 return; 2188 } 2189 2190 vchar_t * 2191 eay_sha2_384_final(c) 2192 caddr_t c; 2193 { 2194 vchar_t *res; 2195 2196 if ((res = vmalloc(SHA384_DIGEST_LENGTH)) == 0) 2197 return(0); 2198 2199 SHA384_Final((unsigned char *) res->v, (SHA384_CTX *)c); 2200 (void)racoon_free(c); 2201 2202 return(res); 2203 } 2204 2205 vchar_t * 2206 eay_sha2_384_one(data) 2207 vchar_t *data; 2208 { 2209 caddr_t ctx; 2210 vchar_t *res; 2211 2212 ctx = eay_sha2_384_init(); 2213 eay_sha2_384_update(ctx, data); 2214 res = eay_sha2_384_final(ctx); 2215 2216 return(res); 2217 } 2218 2219 int 2220 eay_sha2_384_hashlen() 2221 { 2222 return SHA384_DIGEST_LENGTH << 3; 2223 } 2224 #endif 2225 2226 #ifdef WITH_SHA2 2227 /* 2228 * SHA2-256 functions 2229 */ 2230 caddr_t 2231 eay_sha2_256_init() 2232 { 2233 SHA256_CTX *c = racoon_malloc(sizeof(*c)); 2234 2235 SHA256_Init(c); 2236 2237 return((caddr_t)c); 2238 } 2239 2240 void 2241 eay_sha2_256_update(c, data) 2242 caddr_t c; 2243 vchar_t *data; 2244 { 2245 SHA256_Update((SHA256_CTX *)c, (unsigned char *) data->v, data->l); 2246 2247 return; 2248 } 2249 2250 vchar_t * 2251 eay_sha2_256_final(c) 2252 caddr_t c; 2253 { 2254 vchar_t *res; 2255 2256 if ((res = vmalloc(SHA256_DIGEST_LENGTH)) == 0) 2257 return(0); 2258 2259 SHA256_Final((unsigned char *) res->v, (SHA256_CTX *)c); 2260 (void)racoon_free(c); 2261 2262 return(res); 2263 } 2264 2265 vchar_t * 2266 eay_sha2_256_one(data) 2267 vchar_t *data; 2268 { 2269 caddr_t ctx; 2270 vchar_t *res; 2271 2272 ctx = eay_sha2_256_init(); 2273 eay_sha2_256_update(ctx, data); 2274 res = eay_sha2_256_final(ctx); 2275 2276 return(res); 2277 } 2278 2279 int 2280 eay_sha2_256_hashlen() 2281 { 2282 return SHA256_DIGEST_LENGTH << 3; 2283 } 2284 #endif 2285 2286 /* 2287 * SHA functions 2288 */ 2289 caddr_t 2290 eay_sha1_init() 2291 { 2292 SHA_CTX *c = racoon_malloc(sizeof(*c)); 2293 2294 SHA1_Init(c); 2295 2296 return((caddr_t)c); 2297 } 2298 2299 void 2300 eay_sha1_update(c, data) 2301 caddr_t c; 2302 vchar_t *data; 2303 { 2304 SHA1_Update((SHA_CTX *)c, data->v, data->l); 2305 2306 return; 2307 } 2308 2309 vchar_t * 2310 eay_sha1_final(c) 2311 caddr_t c; 2312 { 2313 vchar_t *res; 2314 2315 if ((res = vmalloc(SHA_DIGEST_LENGTH)) == 0) 2316 return(0); 2317 2318 SHA1_Final((unsigned char *) res->v, (SHA_CTX *)c); 2319 (void)racoon_free(c); 2320 2321 return(res); 2322 } 2323 2324 vchar_t * 2325 eay_sha1_one(data) 2326 vchar_t *data; 2327 { 2328 caddr_t ctx; 2329 vchar_t *res; 2330 2331 ctx = eay_sha1_init(); 2332 eay_sha1_update(ctx, data); 2333 res = eay_sha1_final(ctx); 2334 2335 return(res); 2336 } 2337 2338 int 2339 eay_sha1_hashlen() 2340 { 2341 return SHA_DIGEST_LENGTH << 3; 2342 } 2343 2344 /* 2345 * MD5 functions 2346 */ 2347 caddr_t 2348 eay_md5_init() 2349 { 2350 MD5_CTX *c = racoon_malloc(sizeof(*c)); 2351 2352 MD5_Init(c); 2353 2354 return((caddr_t)c); 2355 } 2356 2357 void 2358 eay_md5_update(c, data) 2359 caddr_t c; 2360 vchar_t *data; 2361 { 2362 MD5_Update((MD5_CTX *)c, data->v, data->l); 2363 2364 return; 2365 } 2366 2367 vchar_t * 2368 eay_md5_final(c) 2369 caddr_t c; 2370 { 2371 vchar_t *res; 2372 2373 if ((res = vmalloc(MD5_DIGEST_LENGTH)) == 0) 2374 return(0); 2375 2376 MD5_Final((unsigned char *) res->v, (MD5_CTX *)c); 2377 (void)racoon_free(c); 2378 2379 return(res); 2380 } 2381 2382 vchar_t * 2383 eay_md5_one(data) 2384 vchar_t *data; 2385 { 2386 caddr_t ctx; 2387 vchar_t *res; 2388 2389 ctx = eay_md5_init(); 2390 eay_md5_update(ctx, data); 2391 res = eay_md5_final(ctx); 2392 2393 return(res); 2394 } 2395 2396 int 2397 eay_md5_hashlen() 2398 { 2399 return MD5_DIGEST_LENGTH << 3; 2400 } 2401 2402 /* 2403 * eay_set_random 2404 * size: number of bytes. 2405 */ 2406 vchar_t * 2407 eay_set_random(size) 2408 u_int32_t size; 2409 { 2410 BIGNUM *r = NULL; 2411 vchar_t *res = 0; 2412 2413 if ((r = BN_new()) == NULL) 2414 goto end; 2415 BN_rand(r, size * 8, 0, 0); 2416 eay_bn2v(&res, r); 2417 2418 end: 2419 if (r) 2420 BN_free(r); 2421 return(res); 2422 } 2423 2424 /* DH */ 2425 int 2426 eay_dh_generate(prime, g, publen, pub, priv) 2427 vchar_t *prime, **pub, **priv; 2428 u_int publen; 2429 u_int32_t g; 2430 { 2431 BIGNUM *p = NULL; 2432 DH *dh = NULL; 2433 int error = -1; 2434 2435 /* initialize */ 2436 /* pre-process to generate number */ 2437 if (eay_v2bn(&p, prime) < 0) 2438 goto end; 2439 2440 if ((dh = DH_new()) == NULL) 2441 goto end; 2442 dh->p = p; 2443 p = NULL; /* p is now part of dh structure */ 2444 dh->g = NULL; 2445 if ((dh->g = BN_new()) == NULL) 2446 goto end; 2447 if (!BN_set_word(dh->g, g)) 2448 goto end; 2449 2450 if (publen != 0) 2451 dh->length = publen; 2452 2453 /* generate public and private number */ 2454 if (!DH_generate_key(dh)) 2455 goto end; 2456 2457 /* copy results to buffers */ 2458 if (eay_bn2v(pub, dh->pub_key) < 0) 2459 goto end; 2460 if (eay_bn2v(priv, dh->priv_key) < 0) { 2461 vfree(*pub); 2462 goto end; 2463 } 2464 2465 error = 0; 2466 2467 end: 2468 if (dh != NULL) 2469 DH_free(dh); 2470 if (p != 0) 2471 BN_free(p); 2472 return(error); 2473 } 2474 2475 int 2476 eay_dh_compute(prime, g, pub, priv, pub2, key) 2477 vchar_t *prime, *pub, *priv, *pub2, **key; 2478 u_int32_t g; 2479 { 2480 BIGNUM *dh_pub = NULL; 2481 DH *dh = NULL; 2482 int l; 2483 unsigned char *v = NULL; 2484 int error = -1; 2485 2486 /* make public number to compute */ 2487 if (eay_v2bn(&dh_pub, pub2) < 0) 2488 goto end; 2489 2490 /* make DH structure */ 2491 if ((dh = DH_new()) == NULL) 2492 goto end; 2493 if (eay_v2bn(&dh->p, prime) < 0) 2494 goto end; 2495 if (eay_v2bn(&dh->pub_key, pub) < 0) 2496 goto end; 2497 if (eay_v2bn(&dh->priv_key, priv) < 0) 2498 goto end; 2499 dh->length = pub2->l * 8; 2500 2501 dh->g = NULL; 2502 if ((dh->g = BN_new()) == NULL) 2503 goto end; 2504 if (!BN_set_word(dh->g, g)) 2505 goto end; 2506 2507 if ((v = racoon_calloc(prime->l, sizeof(u_char))) == NULL) 2508 goto end; 2509 if ((l = DH_compute_key(v, dh_pub, dh)) == -1) 2510 goto end; 2511 memcpy((*key)->v + (prime->l - l), v, l); 2512 2513 error = 0; 2514 2515 end: 2516 if (dh_pub != NULL) 2517 BN_free(dh_pub); 2518 if (dh != NULL) 2519 DH_free(dh); 2520 if (v != NULL) 2521 racoon_free(v); 2522 return(error); 2523 } 2524 2525 /* 2526 * convert vchar_t <-> BIGNUM. 2527 * 2528 * vchar_t: unit is u_char, network endian, most significant byte first. 2529 * BIGNUM: unit is BN_ULONG, each of BN_ULONG is in host endian, 2530 * least significant BN_ULONG must come first. 2531 * 2532 * hex value of "0x3ffe050104" is represented as follows: 2533 * vchar_t: 3f fe 05 01 04 2534 * BIGNUM (BN_ULONG = u_int8_t): 04 01 05 fe 3f 2535 * BIGNUM (BN_ULONG = u_int16_t): 0x0104 0xfe05 0x003f 2536 * BIGNUM (BN_ULONG = u_int32_t_t): 0xfe050104 0x0000003f 2537 */ 2538 int 2539 eay_v2bn(bn, var) 2540 BIGNUM **bn; 2541 vchar_t *var; 2542 { 2543 if ((*bn = BN_bin2bn((unsigned char *) var->v, var->l, NULL)) == NULL) 2544 return -1; 2545 2546 return 0; 2547 } 2548 2549 int 2550 eay_bn2v(var, bn) 2551 vchar_t **var; 2552 BIGNUM *bn; 2553 { 2554 *var = vmalloc(bn->top * BN_BYTES); 2555 if (*var == NULL) 2556 return(-1); 2557 2558 (*var)->l = BN_bn2bin(bn, (unsigned char *) (*var)->v); 2559 2560 return 0; 2561 } 2562 2563 void 2564 eay_init() 2565 { 2566 OpenSSL_add_all_algorithms(); 2567 ERR_load_crypto_strings(); 2568 #ifdef HAVE_OPENSSL_ENGINE_H 2569 ENGINE_load_builtin_engines(); 2570 ENGINE_register_all_complete(); 2571 #endif 2572 } 2573 2574 vchar_t * 2575 base64_decode(char *in, long inlen) 2576 { 2577 BIO *bio=NULL, *b64=NULL; 2578 vchar_t *res = NULL; 2579 char *outb; 2580 long outlen; 2581 2582 outb = malloc(inlen * 2); 2583 if (outb == NULL) 2584 goto out; 2585 bio = BIO_new_mem_buf(in, inlen); 2586 b64 = BIO_new(BIO_f_base64()); 2587 BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); 2588 bio = BIO_push(b64, bio); 2589 2590 outlen = BIO_read(bio, outb, inlen * 2); 2591 if (outlen <= 0) { 2592 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror()); 2593 goto out; 2594 } 2595 2596 res = vmalloc(outlen); 2597 if (!res) 2598 goto out; 2599 2600 memcpy(res->v, outb, outlen); 2601 2602 out: 2603 if (outb) 2604 free(outb); 2605 if (bio) 2606 BIO_free_all(bio); 2607 2608 return res; 2609 } 2610 2611 vchar_t * 2612 base64_encode(char *in, long inlen) 2613 { 2614 BIO *bio=NULL, *b64=NULL; 2615 char *ptr; 2616 long plen = -1; 2617 vchar_t *res = NULL; 2618 2619 bio = BIO_new(BIO_s_mem()); 2620 b64 = BIO_new(BIO_f_base64()); 2621 BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); 2622 bio = BIO_push(b64, bio); 2623 2624 BIO_write(bio, in, inlen); 2625 BIO_flush(bio); 2626 2627 plen = BIO_get_mem_data(bio, &ptr); 2628 res = vmalloc(plen+1); 2629 if (!res) 2630 goto out; 2631 2632 memcpy (res->v, ptr, plen); 2633 res->v[plen] = '\0'; 2634 2635 out: 2636 if (bio) 2637 BIO_free_all(bio); 2638 2639 return res; 2640 } 2641 2642 static RSA * 2643 binbuf_pubkey2rsa(vchar_t *binbuf) 2644 { 2645 BIGNUM *exp, *mod; 2646 RSA *rsa_pub = NULL; 2647 2648 if (binbuf->v[0] > binbuf->l - 1) { 2649 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: decoded string doesn't make sense.\n"); 2650 goto out; 2651 } 2652 2653 exp = BN_bin2bn((unsigned char *) (binbuf->v + 1), binbuf->v[0], NULL); 2654 mod = BN_bin2bn((unsigned char *) (binbuf->v + binbuf->v[0] + 1), 2655 binbuf->l - binbuf->v[0] - 1, NULL); 2656 rsa_pub = RSA_new(); 2657 2658 if (!exp || !mod || !rsa_pub) { 2659 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey parsing error: %s\n", eay_strerror()); 2660 if (exp) 2661 BN_free(exp); 2662 if (mod) 2663 BN_free(exp); 2664 if (rsa_pub) 2665 RSA_free(rsa_pub); 2666 rsa_pub = NULL; 2667 goto out; 2668 } 2669 2670 rsa_pub->n = mod; 2671 rsa_pub->e = exp; 2672 2673 out: 2674 return rsa_pub; 2675 } 2676 2677 RSA * 2678 base64_pubkey2rsa(char *in) 2679 { 2680 BIGNUM *exp, *mod; 2681 RSA *rsa_pub = NULL; 2682 vchar_t *binbuf; 2683 2684 if (strncmp(in, "0s", 2) != 0) { 2685 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: doesn't start with '0s'\n"); 2686 return NULL; 2687 } 2688 2689 binbuf = base64_decode(in + 2, strlen(in + 2)); 2690 if (!binbuf) { 2691 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: Base64 decoding failed.\n"); 2692 return NULL; 2693 } 2694 2695 if (binbuf->v[0] > binbuf->l - 1) { 2696 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: decoded string doesn't make sense.\n"); 2697 goto out; 2698 } 2699 2700 rsa_pub = binbuf_pubkey2rsa(binbuf); 2701 2702 out: 2703 if (binbuf) 2704 vfree(binbuf); 2705 2706 return rsa_pub; 2707 } 2708 2709 RSA * 2710 bignum_pubkey2rsa(BIGNUM *in) 2711 { 2712 RSA *rsa_pub = NULL; 2713 vchar_t *binbuf; 2714 2715 binbuf = vmalloc(BN_num_bytes(in)); 2716 if (!binbuf) { 2717 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey conversion: memory allocation failed..\n"); 2718 return NULL; 2719 } 2720 2721 BN_bn2bin(in, (unsigned char *) binbuf->v); 2722 2723 rsa_pub = binbuf_pubkey2rsa(binbuf); 2724 2725 out: 2726 if (binbuf) 2727 vfree(binbuf); 2728 2729 return rsa_pub; 2730 } 2731 2732 u_int32_t 2733 eay_random() 2734 { 2735 u_int32_t result; 2736 vchar_t *vrand; 2737 2738 vrand = eay_set_random(sizeof(result)); 2739 memcpy(&result, vrand->v, sizeof(result)); 2740 vfree(vrand); 2741 2742 return result; 2743 } 2744 2745 const char * 2746 eay_version() 2747 { 2748 return SSLeay_version(SSLEAY_VERSION); 2749 } 2750
