search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
No empty .Rs/.Re
[netbsd-mini2440.git] / crypto / dist / ipsec-tools / src / racoon / crypto_openssl.c
blob7abf45afdcabdf183709cae22baafc1cf9ab335f
1 /* $NetBSD: crypto_openssl.c,v 1.18 2009/04/20 13:22:41 tteras Exp $ */
2
3 /* Id: crypto_openssl.c,v 1.47 2006/05/06 20:42:09 manubsd Exp */
4
5 /*
6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the project nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "config.h"
35
36 #include <sys/types.h>
37 #include <sys/param.h>
38
39 #include <stdlib.h>
40 #include <stdio.h>
41 #include <limits.h>
42 #include <string.h>
43
44 /* get openssl/ssleay version number */
45 #include <openssl/opensslv.h>
46
47 #if !defined(OPENSSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x0090602fL)
48 #error OpenSSL version 0.9.6 or later required.
49 #endif
50
51 #include <openssl/pem.h>
52 #include <openssl/evp.h>
53 #include <openssl/x509.h>
54 #include <openssl/x509v3.h>
55 #include <openssl/x509_vfy.h>
56 #include <openssl/bn.h>
57 #include <openssl/dh.h>
58 #include <openssl/md5.h>
59 #include <openssl/sha.h>
60 #include <openssl/hmac.h>
61 #include <openssl/des.h>
62 #include <openssl/crypto.h>
63 #ifdef HAVE_OPENSSL_ENGINE_H
64 #include <openssl/engine.h>
65 #endif
66 #include <openssl/blowfish.h>
67 #include <openssl/cast.h>
68 #include <openssl/err.h>
69 #ifdef HAVE_OPENSSL_RC5_H
70 #include <openssl/rc5.h>
71 #endif
72 #ifdef HAVE_OPENSSL_IDEA_H
73 #include <openssl/idea.h>
74 #endif
75 #if defined(HAVE_OPENSSL_AES_H)
76 #include <openssl/aes.h>
77 #elif defined(HAVE_OPENSSL_RIJNDAEL_H)
78 #include <openssl/rijndael.h>
79 #else
80 #include "crypto/rijndael/rijndael-api-fst.h"
81 #endif
82 #if defined(HAVE_OPENSSL_CAMELLIA_H)
83 #include <openssl/camellia.h>
84 #endif
85 #ifdef WITH_SHA2
86 #ifdef HAVE_OPENSSL_SHA2_H
87 #include <openssl/sha2.h>
88 #else
89 #include "crypto/sha2/sha2.h"
90 #endif
91 #endif
92 #include "plog.h"
93
94 /* 0.9.7 stuff? */
95 #if OPENSSL_VERSION_NUMBER < 0x0090700fL
96 typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES;
97 #else
98 #define USE_NEW_DES_API
99 #endif
100
101 #define OpenSSL_BUG() do { plog(LLV_ERROR, LOCATION, NULL, "OpenSSL function failed\n"); } while(0)
102
103 #include "var.h"
104 #include "misc.h"
105 #include "vmbuf.h"
106 #include "plog.h"
107 #include "crypto_openssl.h"
108 #include "debug.h"
109 #include "gcmalloc.h"
110 #include "isakmp.h"
111
112 /*
113 * I hate to cast every parameter to des_xx into void *, but it is
114 * necessary for SSLeay/OpenSSL portability. It sucks.
115 */
116
117 static int cb_check_cert_local __P((int, X509_STORE_CTX *));
118 static int cb_check_cert_remote __P((int, X509_STORE_CTX *));
119 static X509 *mem2x509 __P((vchar_t *));
120
121 static caddr_t eay_hmac_init __P((vchar_t *, const EVP_MD *));
122
123 /* X509 Certificate */
124 /*
125 * convert the string of the subject name into DER
126 * e.g. str = "C=JP, ST=Kanagawa";
127 */
128 vchar_t *
129 eay_str2asn1dn(str, len)
130 const char *str;
131 int len;
132 {
133 X509_NAME *name;
134 char *buf, *dst;
135 char *field, *value;
136 int i;
137 vchar_t *ret = NULL;
138 caddr_t p;
139
140 if (len == -1)
141 len = strlen(str);
142
143 buf = racoon_malloc(len + 1);
144 if (!buf) {
145 plog(LLV_WARNING, LOCATION, NULL,"failed to allocate buffer\n");
146 return NULL;
147 }
148 memcpy(buf, str, len);
149
150 name = X509_NAME_new();
151
152 dst = field = &buf[0];
153 value = NULL;
154 for (i = 0; i < len; i++) {
155 if (buf[i] == '\\') {
156 /* Escape characters specified in RFC 2253 */
157 if (i < len - 1 &&
158 strchr("\\,=+<>#;", buf[i+1]) != NULL) {
159 *dst++ = buf[++i];
160 continue;
161 } else if (i < len - 2) {
162 /* RFC 2253 hexpair character escape */
163 long u;
164 char esc_str[3];
165 char *endptr;
166
167 esc_str[0] = buf[++i];
168 esc_str[1] = buf[++i];
169 esc_str[2] = '\0';
170 u = strtol(esc_str, &endptr, 16);
171 if (*endptr != '\0' || u < 0 || u > 255)
172 goto err;
173 *dst++ = u;
174 continue;
175 } else
176 goto err;
177 }
178 if (!value && buf[i] == '=') {
179 *dst = '\0';
180 dst = value = &buf[i + 1];
181 continue;
182 } else if (buf[i] == ',' || buf[i] == '/') {
183 *dst = '\0';
184
185 plog(LLV_DEBUG, LOCATION, NULL, "DN: %s=%s\n",
186 field, value);
187
188 if (!value) goto err;
189 if (!X509_NAME_add_entry_by_txt(name, field,
190 (value[0] == '*' && value[1] == 0) ?
191 V_ASN1_PRINTABLESTRING : MBSTRING_ASC,
192 (unsigned char *) value, -1, -1, 0)) {
193 plog(LLV_ERROR, LOCATION, NULL,
194 "Invalid DN field: %s=%s\n",
195 field, value);
196 plog(LLV_ERROR, LOCATION, NULL,
197 "%s\n", eay_strerror());
198 goto err;
199 }
200
201 while (i + 1 < len && buf[i + 1] == ' ') i++;
202 dst = field = &buf[i + 1];
203 value = NULL;
204 continue;
205 } else {
206 *dst++ = buf[i];
207 }
208 }
209 *dst = '\0';
210
211 plog(LLV_DEBUG, LOCATION, NULL, "DN: %s=%s\n",
212 field, value);
213
214 if (!value) goto err;
215 if (!X509_NAME_add_entry_by_txt(name, field,
216 (value[0] == '*' && value[1] == 0) ?
217 V_ASN1_PRINTABLESTRING : MBSTRING_ASC,
218 (unsigned char *) value, -1, -1, 0)) {
219 plog(LLV_ERROR, LOCATION, NULL,
220 "Invalid DN field: %s=%s\n",
221 field, value);
222 plog(LLV_ERROR, LOCATION, NULL,
223 "%s\n", eay_strerror());
224 goto err;
225 }
226
227 i = i2d_X509_NAME(name, NULL);
228 if (!i)
229 goto err;
230 ret = vmalloc(i);
231 if (!ret)
232 goto err;
233 p = ret->v;
234 i = i2d_X509_NAME(name, (void *)&p);
235 if (!i)
236 goto err;
237
238 return ret;
239
240 err:
241 if (buf)
242 racoon_free(buf);
243 if (name)
244 X509_NAME_free(name);
245 if (ret)
246 vfree(ret);
247 return NULL;
248 }
249
250 /*
251 * convert the hex string of the subject name into DER
252 */
253 vchar_t *
254 eay_hex2asn1dn(const char *hex, int len)
255 {
256 BIGNUM *bn = BN_new();
257 char *binbuf;
258 size_t binlen;
259 vchar_t *ret = NULL;
260
261 if (len == -1)
262 len = strlen(hex);
263
264 if (BN_hex2bn(&bn, hex) != len) {
265 plog(LLV_ERROR, LOCATION, NULL,
266 "conversion of Hex-encoded ASN1 string to binary failed: %s\n",
267 eay_strerror());
268 goto out;
269 }
270
271 binlen = BN_num_bytes(bn);
272 ret = vmalloc(binlen);
273 if (!ret) {
274 plog(LLV_WARNING, LOCATION, NULL,"failed to allocate buffer\n");
275 return NULL;
276 }
277 binbuf = ret->v;
278
279 BN_bn2bin(bn, (unsigned char *) binbuf);
280
281 out:
282 BN_free(bn);
283
284 return ret;
285 }
286
287 /*
288 * The following are derived from code in crypto/x509/x509_cmp.c
289 * in OpenSSL0.9.7c:
290 * X509_NAME_wildcmp() adds wildcard matching to the original
291 * X509_NAME_cmp(), nocase_cmp() and nocase_spacenorm_cmp() are as is.
292 */
293 #include <ctype.h>
294 /* Case insensitive string comparision */
295 static int nocase_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
296 {
297 int i;
298
299 if (a->length != b->length)
300 return (a->length - b->length);
301
302 for (i=0; i<a->length; i++)
303 {
304 int ca, cb;
305
306 ca = tolower(a->data[i]);
307 cb = tolower(b->data[i]);
308
309 if (ca != cb)
310 return(ca-cb);
311 }
312 return 0;
313 }
314
315 /* Case insensitive string comparision with space normalization
316 * Space normalization - ignore leading, trailing spaces,
317 * multiple spaces between characters are replaced by single space
318 */
319 static int nocase_spacenorm_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
320 {
321 unsigned char *pa = NULL, *pb = NULL;
322 int la, lb;
323
324 la = a->length;
325 lb = b->length;
326 pa = a->data;
327 pb = b->data;
328
329 /* skip leading spaces */
330 while (la > 0 && isspace(*pa))
331 {
332 la--;
333 pa++;
334 }
335 while (lb > 0 && isspace(*pb))
336 {
337 lb--;
338 pb++;
339 }
340
341 /* skip trailing spaces */
342 while (la > 0 && isspace(pa[la-1]))
343 la--;
344 while (lb > 0 && isspace(pb[lb-1]))
345 lb--;
346
347 /* compare strings with space normalization */
348 while (la > 0 && lb > 0)
349 {
350 int ca, cb;
351
352 /* compare character */
353 ca = tolower(*pa);
354 cb = tolower(*pb);
355 if (ca != cb)
356 return (ca - cb);
357
358 pa++; pb++;
359 la--; lb--;
360
361 if (la <= 0 || lb <= 0)
362 break;
363
364 /* is white space next character ? */
365 if (isspace(*pa) && isspace(*pb))
366 {
367 /* skip remaining white spaces */
368 while (la > 0 && isspace(*pa))
369 {
370 la--;
371 pa++;
372 }
373 while (lb > 0 && isspace(*pb))
374 {
375 lb--;
376 pb++;
377 }
378 }
379 }
380 if (la > 0 || lb > 0)
381 return la - lb;
382
383 return 0;
384 }
385
386 static int X509_NAME_wildcmp(const X509_NAME *a, const X509_NAME *b)
387 {
388 int i,j;
389 X509_NAME_ENTRY *na,*nb;
390
391 if (sk_X509_NAME_ENTRY_num(a->entries)
392 != sk_X509_NAME_ENTRY_num(b->entries))
393 return sk_X509_NAME_ENTRY_num(a->entries)
394 -sk_X509_NAME_ENTRY_num(b->entries);
395 for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
396 {
397 na=sk_X509_NAME_ENTRY_value(a->entries,i);
398 nb=sk_X509_NAME_ENTRY_value(b->entries,i);
399 j=OBJ_cmp(na->object,nb->object);
400 if (j) return(j);
401 if ((na->value->length == 1 && na->value->data[0] == '*')
402 || (nb->value->length == 1 && nb->value->data[0] == '*'))
403 continue;
404 j=na->value->type-nb->value->type;
405 if (j) return(j);
406 if (na->value->type == V_ASN1_PRINTABLESTRING)
407 j=nocase_spacenorm_cmp(na->value, nb->value);
408 else if (na->value->type == V_ASN1_IA5STRING
409 && OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress)
410 j=nocase_cmp(na->value, nb->value);
411 else
412 {
413 j=na->value->length-nb->value->length;
414 if (j) return(j);
415 j=memcmp(na->value->data,nb->value->data,
416 na->value->length);
417 }
418 if (j) return(j);
419 j=na->set-nb->set;
420 if (j) return(j);
421 }
422
423 return(0);
424 }
425
426 /*
427 * compare two subjectNames.
428 * OUT: 0: equal
429 * positive:
430 * -1: other error.
431 */
432 int
433 eay_cmp_asn1dn(n1, n2)
434 vchar_t *n1, *n2;
435 {
436 X509_NAME *a = NULL, *b = NULL;
437 caddr_t p;
438 int i = -1;
439
440 p = n1->v;
441 if (!d2i_X509_NAME(&a, (void *)&p, n1->l))
442 goto end;
443 p = n2->v;
444 if (!d2i_X509_NAME(&b, (void *)&p, n2->l))
445 goto end;
446
447 i = X509_NAME_wildcmp(a, b);
448
449 end:
450 if (a)
451 X509_NAME_free(a);
452 if (b)
453 X509_NAME_free(b);
454 return i;
455 }
456
457 /*
458 * this functions is derived from apps/verify.c in OpenSSL0.9.5
459 */
460 int
461 eay_check_x509cert(cert, CApath, CAfile, local)
462 vchar_t *cert;
463 char *CApath;
464 char *CAfile;
465 int local;
466 {
467 X509_STORE *cert_ctx = NULL;
468 X509_LOOKUP *lookup = NULL;
469 X509 *x509 = NULL;
470 X509_STORE_CTX *csc;
471 int error = -1;
472
473 cert_ctx = X509_STORE_new();
474 if (cert_ctx == NULL)
475 goto end;
476
477 if (local)
478 X509_STORE_set_verify_cb_func(cert_ctx, cb_check_cert_local);
479 else
480 X509_STORE_set_verify_cb_func(cert_ctx, cb_check_cert_remote);
481
482 lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file());
483 if (lookup == NULL)
484 goto end;
485
486 X509_LOOKUP_load_file(lookup, CAfile,
487 (CAfile == NULL) ? X509_FILETYPE_DEFAULT : X509_FILETYPE_PEM);
488
489 lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_hash_dir());
490 if (lookup == NULL)
491 goto end;
492 error = X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM);
493 if(!error) {
494 error = -1;
495 goto end;
496 }
497 error = -1; /* initialized */
498
499 /* read the certificate to be verified */
500 x509 = mem2x509(cert);
501 if (x509 == NULL)
502 goto end;
503
504 csc = X509_STORE_CTX_new();
505 if (csc == NULL)
506 goto end;
507 X509_STORE_CTX_init(csc, cert_ctx, x509, NULL);
508 #if OPENSSL_VERSION_NUMBER >= 0x00907000L
509 X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CRL_CHECK);
510 X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CRL_CHECK_ALL);
511 #endif
512 error = X509_verify_cert(csc);
513 X509_STORE_CTX_free(csc);
514
515 /*
516 * if x509_verify_cert() is successful then the value of error is
517 * set non-zero.
518 */
519 error = error ? 0 : -1;
520
521 end:
522 if (error)
523 plog(LLV_WARNING, LOCATION, NULL,"%s\n", eay_strerror());
524 if (cert_ctx != NULL)
525 X509_STORE_free(cert_ctx);
526 if (x509 != NULL)
527 X509_free(x509);
528
529 return(error);
530 }
531
532 /*
533 * callback function for verifing certificate.
534 * this function is derived from cb() in openssl/apps/s_server.c
535 */
536 static int
537 cb_check_cert_local(ok, ctx)
538 int ok;
539 X509_STORE_CTX *ctx;
540 {
541 char buf[256];
542 int log_tag;
543
544 if (!ok) {
545 X509_NAME_oneline(
546 X509_get_subject_name(ctx->current_cert),
547 buf,
548 256);
549 /*
550 * since we are just checking the certificates, it is
551 * ok if they are self signed. But we should still warn
552 * the user.
553 */
554 switch (ctx->error) {
555 case X509_V_ERR_CERT_HAS_EXPIRED:
556 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
557 case X509_V_ERR_INVALID_CA:
558 case X509_V_ERR_PATH_LENGTH_EXCEEDED:
559 case X509_V_ERR_INVALID_PURPOSE:
560 case X509_V_ERR_UNABLE_TO_GET_CRL:
561 ok = 1;
562 log_tag = LLV_WARNING;
563 break;
564 default:
565 log_tag = LLV_ERROR;
566 }
567 plog(log_tag, LOCATION, NULL,
568 "%s(%d) at depth:%d SubjectName:%s\n",
569 X509_verify_cert_error_string(ctx->error),
570 ctx->error,
571 ctx->error_depth,
572 buf);
573 }
574 ERR_clear_error();
575
576 return ok;
577 }
578
579 /*
580 * callback function for verifing remote certificates.
581 * this function is derived from cb() in openssl/apps/s_server.c
582 */
583 static int
584 cb_check_cert_remote(ok, ctx)
585 int ok;
586 X509_STORE_CTX *ctx;
587 {
588 char buf[256];
589 int log_tag;
590
591 if (!ok) {
592 X509_NAME_oneline(
593 X509_get_subject_name(ctx->current_cert),
594 buf,
595 256);
596 switch (ctx->error) {
597 case X509_V_ERR_UNABLE_TO_GET_CRL:
598 ok = 1;
599 log_tag = LLV_WARNING;
600 break;
601 default:
602 log_tag = LLV_ERROR;
603 }
604 plog(log_tag, LOCATION, NULL,
605 "%s(%d) at depth:%d SubjectName:%s\n",
606 X509_verify_cert_error_string(ctx->error),
607 ctx->error,
608 ctx->error_depth,
609 buf);
610 }
611 ERR_clear_error();
612
613 return ok;
614 }
615
616 /*
617 * get a subjectName from X509 certificate.
618 */
619 vchar_t *
620 eay_get_x509asn1subjectname(cert)
621 vchar_t *cert;
622 {
623 X509 *x509 = NULL;
624 u_char *bp;
625 vchar_t *name = NULL;
626 int len;
627
628 x509 = mem2x509(cert);
629 if (x509 == NULL)
630 goto error;
631
632 /* get the length of the name */
633 len = i2d_X509_NAME(x509->cert_info->subject, NULL);
634 name = vmalloc(len);
635 if (!name)
636 goto error;
637 /* get the name */
638 bp = (unsigned char *) name->v;
639 len = i2d_X509_NAME(x509->cert_info->subject, &bp);
640
641 X509_free(x509);
642
643 return name;
644
645 error:
646 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
647
648 if (name != NULL)
649 vfree(name);
650
651 if (x509 != NULL)
652 X509_free(x509);
653
654 return NULL;
655 }
656
657 /*
658 * get the subjectAltName from X509 certificate.
659 * the name must be terminated by '\0'.
660 */
661 int
662 eay_get_x509subjectaltname(cert, altname, type, pos)
663 vchar_t *cert;
664 char **altname;
665 int *type;
666 int pos;
667 {
668 X509 *x509 = NULL;
669 GENERAL_NAMES *gens = NULL;
670 GENERAL_NAME *gen;
671 int len;
672 int error = -1;
673
674 *altname = NULL;
675 *type = GENT_OTHERNAME;
676
677 x509 = mem2x509(cert);
678 if (x509 == NULL)
679 goto end;
680
681 gens = X509_get_ext_d2i(x509, NID_subject_alt_name, NULL, NULL);
682 if (gens == NULL)
683 goto end;
684
685 /* there is no data at "pos" */
686 if (pos > sk_GENERAL_NAME_num(gens))
687 goto end;
688
689 gen = sk_GENERAL_NAME_value(gens, pos - 1);
690
691 /* read DNSName / Email */
692 if (gen->type == GEN_DNS ||
693 gen->type == GEN_EMAIL ||
694 gen->type == GEN_URI )
695 {
696 /* make sure if the data is terminated by '\0'. */
697 if (gen->d.ia5->data[gen->d.ia5->length] != '\0')
698 {
699 plog(LLV_ERROR, LOCATION, NULL,
700 "data is not terminated by NUL.");
701 racoon_hexdump(gen->d.ia5->data, gen->d.ia5->length + 1);
702 goto end;
703 }
704
705 len = gen->d.ia5->length + 1;
706 *altname = racoon_malloc(len);
707 if (!*altname)
708 goto end;
709
710 strlcpy(*altname, (char *) gen->d.ia5->data, len);
711 *type = gen->type;
712 error = 0;
713 }
714 /* read IP address */
715 else if (gen->type == GEN_IPADD)
716 {
717 unsigned char p[5], *ip;
718 ip = p;
719
720 /* only support IPv4 */
721 if (gen->d.ip->length != 4)
722 goto end;
723
724 /* convert Octet String to String
725 * XXX ???????
726 */
727 /*i2d_ASN1_OCTET_STRING(gen->d.ip,&ip);*/
728 ip = gen->d.ip->data;
729
730 /* XXX Magic, enough for an IPv4 address
731 */
732 *altname = racoon_malloc(20);
733 if (!*altname)
734 goto end;
735
736 sprintf(*altname, "%u.%u.%u.%u", ip[0], ip[1], ip[2], ip[3]);
737 *type = gen->type;
738 error = 0;
739 }
740 /* XXX other possible types ?
741 * For now, error will be -1 if unsupported type
742 */
743
744 end:
745 if (error) {
746 if (*altname) {
747 racoon_free(*altname);
748 *altname = NULL;
749 }
750 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
751 }
752 if (x509)
753 X509_free(x509);
754 if (gens)
755 /* free the whole stack. */
756 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
757
758 return error;
759 }
760
761 /*
762 * get a issuerName from X509 certificate.
763 */
764 vchar_t *
765 eay_get_x509asn1issuername(cert)
766 vchar_t *cert;
767 {
768 X509 *x509 = NULL;
769 u_char *bp;
770 vchar_t *name = NULL;
771 int len;
772
773 x509 = mem2x509(cert);
774 if (x509 == NULL)
775 goto error;
776
777 /* get the length of the name */
778 len = i2d_X509_NAME(x509->cert_info->issuer, NULL);
779 name = vmalloc(len);
780 if (name == NULL)
781 goto error;
782
783 /* get the name */
784 bp = (unsigned char *) name->v;
785 len = i2d_X509_NAME(x509->cert_info->issuer, &bp);
786
787 X509_free(x509);
788
789 return name;
790
791 error:
792 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
793
794 if (name != NULL)
795 vfree(name);
796 if (x509 != NULL)
797 X509_free(x509);
798
799 return NULL;
800 }
801
802 /*
803 * decode a X509 certificate and make a readable text terminated '\n'.
804 * return the buffer allocated, so must free it later.
805 */
806 char *
807 eay_get_x509text(cert)
808 vchar_t *cert;
809 {
810 X509 *x509 = NULL;
811 BIO *bio = NULL;
812 char *text = NULL;
813 u_char *bp = NULL;
814 int len = 0;
815 int error = -1;
816
817 x509 = mem2x509(cert);
818 if (x509 == NULL)
819 goto end;
820
821 bio = BIO_new(BIO_s_mem());
822 if (bio == NULL)
823 goto end;
824
825 error = X509_print(bio, x509);
826 if (error != 1) {
827 error = -1;
828 goto end;
829 }
830
831 len = BIO_get_mem_data(bio, &bp);
832 text = racoon_malloc(len + 1);
833 if (text == NULL)
834 goto end;
835 memcpy(text, bp, len);
836 text[len] = '\0';
837
838 error = 0;
839
840 end:
841 if (error) {
842 if (text) {
843 racoon_free(text);
844 text = NULL;
845 }
846 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
847 }
848 if (bio)
849 BIO_free(bio);
850 if (x509)
851 X509_free(x509);
852
853 return text;
854 }
855
856 /* get X509 structure from buffer. */
857 static X509 *
858 mem2x509(cert)
859 vchar_t *cert;
860 {
861 X509 *x509;
862
863 #ifndef EAYDEBUG
864 {
865 u_char *bp;
866
867 bp = (unsigned char *) cert->v + 1;
868
869 x509 = d2i_X509(NULL, (void *)&bp, cert->l - 1);
870 }
871 #else
872 {
873 BIO *bio;
874 int len;
875
876 bio = BIO_new(BIO_s_mem());
877 if (bio == NULL)
878 return NULL;
879 len = BIO_write(bio, cert->v + 1, cert->l - 1);
880 if (len == -1)
881 return NULL;
882 x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
883 BIO_free(bio);
884 }
885 #endif
886 return x509;
887 }
888
889 /*
890 * get a X509 certificate from local file.
891 * a certificate must be PEM format.
892 * Input:
893 * path to a certificate.
894 * Output:
895 * NULL if error occured
896 * other is the cert.
897 */
898 vchar_t *
899 eay_get_x509cert(path)
900 char *path;
901 {
902 FILE *fp;
903 X509 *x509;
904 vchar_t *cert;
905 u_char *bp;
906 int len;
907 int error;
908
909 /* Read private key */
910 fp = fopen(path, "r");
911 if (fp == NULL)
912 return NULL;
913 x509 = PEM_read_X509(fp, NULL, NULL, NULL);
914 fclose (fp);
915
916 if (x509 == NULL)
917 return NULL;
918
919 len = i2d_X509(x509, NULL);
920 cert = vmalloc(len + 1);
921 if (cert == NULL) {
922 X509_free(x509);
923 return NULL;
924 }
925 cert->v[0] = ISAKMP_CERT_X509SIGN;
926 bp = (unsigned char *) &cert->v[1];
927 error = i2d_X509(x509, &bp);
928 X509_free(x509);
929
930 if (error == 0) {
931 vfree(cert);
932 return NULL;
933 }
934
935 return cert;
936 }
937
938 /*
939 * check a X509 signature
940 * XXX: to be get hash type from my cert ?
941 * to be handled EVP_dss().
942 * OUT: return -1 when error.
943 * 0
944 */
945 int
946 eay_check_x509sign(source, sig, cert)
947 vchar_t *source;
948 vchar_t *sig;
949 vchar_t *cert;
950 {
951 X509 *x509;
952 EVP_PKEY *evp;
953 int res;
954
955 x509 = mem2x509(cert);
956 if (x509 == NULL)
957 return -1;
958
959 evp = X509_get_pubkey(x509);
960 if (! evp) {
961 plog(LLV_ERROR, LOCATION, NULL, "X509_get_pubkey(): %s\n", eay_strerror());
962 X509_free(x509);
963 return -1;
964 }
965
966 res = eay_rsa_verify(source, sig, evp->pkey.rsa);
967
968 EVP_PKEY_free(evp);
969 X509_free(x509);
970
971 return res;
972 }
973
974 /*
975 * check RSA signature
976 * OUT: return -1 when error.
977 * 0 on success
978 */
979 int
980 eay_check_rsasign(source, sig, rsa)
981 vchar_t *source;
982 vchar_t *sig;
983 RSA *rsa;
984 {
985 return eay_rsa_verify(source, sig, rsa);
986 }
987
988 /*
989 * get PKCS#1 Private Key of PEM format from local file.
990 */
991 vchar_t *
992 eay_get_pkcs1privkey(path)
993 char *path;
994 {
995 FILE *fp;
996 EVP_PKEY *evp = NULL;
997 vchar_t *pkey = NULL;
998 u_char *bp;
999 int pkeylen;
1000 int error = -1;
1001
1002 /* Read private key */
1003 fp = fopen(path, "r");
1004 if (fp == NULL)
1005 return NULL;
1006
1007 evp = PEM_read_PrivateKey(fp, NULL, NULL, NULL);
1008
1009 fclose (fp);
1010
1011 if (evp == NULL)
1012 return NULL;
1013
1014 pkeylen = i2d_PrivateKey(evp, NULL);
1015 if (pkeylen == 0)
1016 goto end;
1017 pkey = vmalloc(pkeylen);
1018 if (pkey == NULL)
1019 goto end;
1020 bp = (unsigned char *) pkey->v;
1021 pkeylen = i2d_PrivateKey(evp, &bp);
1022 if (pkeylen == 0)
1023 goto end;
1024
1025 error = 0;
1026
1027 end:
1028 if (evp != NULL)
1029 EVP_PKEY_free(evp);
1030 if (error != 0 && pkey != NULL) {
1031 vfree(pkey);
1032 pkey = NULL;
1033 }
1034
1035 return pkey;
1036 }
1037
1038 /*
1039 * get PKCS#1 Public Key of PEM format from local file.
1040 */
1041 vchar_t *
1042 eay_get_pkcs1pubkey(path)
1043 char *path;
1044 {
1045 FILE *fp;
1046 EVP_PKEY *evp = NULL;
1047 vchar_t *pkey = NULL;
1048 X509 *x509 = NULL;
1049 u_char *bp;
1050 int pkeylen;
1051 int error = -1;
1052
1053 /* Read private key */
1054 fp = fopen(path, "r");
1055 if (fp == NULL)
1056 return NULL;
1057
1058 x509 = PEM_read_X509(fp, NULL, NULL, NULL);
1059
1060 fclose (fp);
1061
1062 if (x509 == NULL)
1063 return NULL;
1064
1065 /* Get public key - eay */
1066 evp = X509_get_pubkey(x509);
1067 if (evp == NULL)
1068 return NULL;
1069
1070 pkeylen = i2d_PublicKey(evp, NULL);
1071 if (pkeylen == 0)
1072 goto end;
1073 pkey = vmalloc(pkeylen);
1074 if (pkey == NULL)
1075 goto end;
1076 bp = (unsigned char *) pkey->v;
1077 pkeylen = i2d_PublicKey(evp, &bp);
1078 if (pkeylen == 0)
1079 goto end;
1080
1081 error = 0;
1082 end:
1083 if (evp != NULL)
1084 EVP_PKEY_free(evp);
1085 if (error != 0 && pkey != NULL) {
1086 vfree(pkey);
1087 pkey = NULL;
1088 }
1089
1090 return pkey;
1091 }
1092
1093 vchar_t *
1094 eay_get_x509sign(src, privkey)
1095 vchar_t *src, *privkey;
1096 {
1097 EVP_PKEY *evp;
1098 u_char *bp = (unsigned char *) privkey->v;
1099 vchar_t *sig = NULL;
1100 int len;
1101 int pad = RSA_PKCS1_PADDING;
1102
1103 /* XXX to be handled EVP_PKEY_DSA */
1104 evp = d2i_PrivateKey(EVP_PKEY_RSA, NULL, (void *)&bp, privkey->l);
1105 if (evp == NULL)
1106 return NULL;
1107
1108 sig = eay_rsa_sign(src, evp->pkey.rsa);
1109
1110 EVP_PKEY_free(evp);
1111
1112 return sig;
1113 }
1114
1115 vchar_t *
1116 eay_get_rsasign(src, rsa)
1117 vchar_t *src;
1118 RSA *rsa;
1119 {
1120 return eay_rsa_sign(src, rsa);
1121 }
1122
1123 vchar_t *
1124 eay_rsa_sign(vchar_t *src, RSA *rsa)
1125 {
1126 int len;
1127 vchar_t *sig = NULL;
1128 int pad = RSA_PKCS1_PADDING;
1129
1130 len = RSA_size(rsa);
1131
1132 sig = vmalloc(len);
1133 if (sig == NULL)
1134 return NULL;
1135
1136 len = RSA_private_encrypt(src->l, (unsigned char *) src->v,
1137 (unsigned char *) sig->v, rsa, pad);
1138
1139 if (len == 0 || len != sig->l) {
1140 vfree(sig);
1141 sig = NULL;
1142 }
1143
1144 return sig;
1145 }
1146
1147 int
1148 eay_rsa_verify(src, sig, rsa)
1149 vchar_t *src, *sig;
1150 RSA *rsa;
1151 {
1152 vchar_t *xbuf = NULL;
1153 int pad = RSA_PKCS1_PADDING;
1154 int len = 0;
1155 int error;
1156
1157 len = RSA_size(rsa);
1158 xbuf = vmalloc(len);
1159 if (xbuf == NULL) {
1160 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
1161 return -1;
1162 }
1163
1164 len = RSA_public_decrypt(sig->l, (unsigned char *) sig->v,
1165 (unsigned char *) xbuf->v, rsa, pad);
1166 if (len == 0 || len != src->l) {
1167 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
1168 vfree(xbuf);
1169 return -1;
1170 }
1171
1172 error = memcmp(src->v, xbuf->v, src->l);
1173 vfree(xbuf);
1174 if (error != 0)
1175 return -1;
1176
1177 return 0;
1178 }
1179
1180 /*
1181 * get error string
1182 * MUST load ERR_load_crypto_strings() first.
1183 */
1184 char *
1185 eay_strerror()
1186 {
1187 static char ebuf[512];
1188 int len = 0, n;
1189 unsigned long l;
1190 char buf[200];
1191 const char *file, *data;
1192 int line, flags;
1193 unsigned long es;
1194
1195 es = CRYPTO_thread_id();
1196
1197 while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0){
1198 n = snprintf(ebuf + len, sizeof(ebuf) - len,
1199 "%lu:%s:%s:%d:%s ",
1200 es, ERR_error_string(l, buf), file, line,
1201 (flags & ERR_TXT_STRING) ? data : "");
1202 if (n < 0 || n >= sizeof(ebuf) - len)
1203 break;
1204 len += n;
1205 if (sizeof(ebuf) < len)
1206 break;
1207 }
1208
1209 return ebuf;
1210 }
1211
1212 vchar_t *
1213 evp_crypt(vchar_t *data, vchar_t *key, vchar_t *iv, const EVP_CIPHER *e, int enc)
1214 {
1215 vchar_t *res;
1216 EVP_CIPHER_CTX ctx;
1217
1218 if (!e)
1219 return NULL;
1220
1221 if (data->l % EVP_CIPHER_block_size(e))
1222 return NULL;
1223
1224 if ((res = vmalloc(data->l)) == NULL)
1225 return NULL;
1226
1227 EVP_CIPHER_CTX_init(&ctx);
1228
1229 switch(EVP_CIPHER_nid(e)){
1230 case NID_bf_cbc:
1231 case NID_bf_ecb:
1232 case NID_bf_cfb64:
1233 case NID_bf_ofb64:
1234 case NID_cast5_cbc:
1235 case NID_cast5_ecb:
1236 case NID_cast5_cfb64:
1237 case NID_cast5_ofb64:
1238 /* XXX: can we do that also for algos with a fixed key size ?
1239 */
1240 /* init context without key/iv
1241 */
1242 if (!EVP_CipherInit(&ctx, e, NULL, NULL, enc))
1243 {
1244 OpenSSL_BUG();
1245 vfree(res);
1246 return NULL;
1247 }
1248
1249 /* update key size
1250 */
1251 if (!EVP_CIPHER_CTX_set_key_length(&ctx, key->l))
1252 {
1253 OpenSSL_BUG();
1254 vfree(res);
1255 return NULL;
1256 }
1257
1258 /* finalize context init with desired key size
1259 */
1260 if (!EVP_CipherInit(&ctx, NULL, (u_char *) key->v,
1261 (u_char *) iv->v, enc))
1262 {
1263 OpenSSL_BUG();
1264 vfree(res);
1265 return NULL;
1266 }
1267 break;
1268 default:
1269 if (!EVP_CipherInit(&ctx, e, (u_char *) key->v,
1270 (u_char *) iv->v, enc)) {
1271 OpenSSL_BUG();
1272 vfree(res);
1273 return NULL;
1274 }
1275 }
1276
1277 /* disable openssl padding */
1278 EVP_CIPHER_CTX_set_padding(&ctx, 0);
1279
1280 if (!EVP_Cipher(&ctx, (u_char *) res->v, (u_char *) data->v, data->l)) {
1281 OpenSSL_BUG();
1282 vfree(res);
1283 return NULL;
1284 }
1285
1286 EVP_CIPHER_CTX_cleanup(&ctx);
1287
1288 return res;
1289 }
1290
1291 int
1292 evp_weakkey(vchar_t *key, const EVP_CIPHER *e)
1293 {
1294 return 0;
1295 }
1296
1297 int
1298 evp_keylen(int len, const EVP_CIPHER *e)
1299 {
1300 if (!e)
1301 return -1;
1302 /* EVP functions return lengths in bytes, ipsec-tools
1303 * uses lengths in bits, therefore conversion is required. --AK
1304 */
1305 if (len != 0 && len != (EVP_CIPHER_key_length(e) << 3))
1306 return -1;
1307
1308 return EVP_CIPHER_key_length(e) << 3;
1309 }
1310
1311 /*
1312 * DES-CBC
1313 */
1314 vchar_t *
1315 eay_des_encrypt(data, key, iv)
1316 vchar_t *data, *key, *iv;
1317 {
1318 return evp_crypt(data, key, iv, EVP_des_cbc(), 1);
1319 }
1320
1321 vchar_t *
1322 eay_des_decrypt(data, key, iv)
1323 vchar_t *data, *key, *iv;
1324 {
1325 return evp_crypt(data, key, iv, EVP_des_cbc(), 0);
1326 }
1327
1328 int
1329 eay_des_weakkey(key)
1330 vchar_t *key;
1331 {
1332 #ifdef USE_NEW_DES_API
1333 return DES_is_weak_key((void *)key->v);
1334 #else
1335 return des_is_weak_key((void *)key->v);
1336 #endif
1337 }
1338
1339 int
1340 eay_des_keylen(len)
1341 int len;
1342 {
1343 return evp_keylen(len, EVP_des_cbc());
1344 }
1345
1346 #ifdef HAVE_OPENSSL_IDEA_H
1347 /*
1348 * IDEA-CBC
1349 */
1350 vchar_t *
1351 eay_idea_encrypt(data, key, iv)
1352 vchar_t *data, *key, *iv;
1353 {
1354 vchar_t *res;
1355 IDEA_KEY_SCHEDULE ks;
1356
1357 idea_set_encrypt_key((unsigned char *)key->v, &ks);
1358
1359 /* allocate buffer for result */
1360 if ((res = vmalloc(data->l)) == NULL)
1361 return NULL;
1362
1363 /* decryption data */
1364 idea_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l,
1365 &ks, (unsigned char *)iv->v, IDEA_ENCRYPT);
1366
1367 return res;
1368 }
1369
1370 vchar_t *
1371 eay_idea_decrypt(data, key, iv)
1372 vchar_t *data, *key, *iv;
1373 {
1374 vchar_t *res;
1375 IDEA_KEY_SCHEDULE ks, dks;
1376
1377 idea_set_encrypt_key((unsigned char *)key->v, &ks);
1378 idea_set_decrypt_key(&ks, &dks);
1379
1380 /* allocate buffer for result */
1381 if ((res = vmalloc(data->l)) == NULL)
1382 return NULL;
1383
1384 /* decryption data */
1385 idea_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l,
1386 &dks, (unsigned char *)iv->v, IDEA_DECRYPT);
1387
1388 return res;
1389 }
1390
1391 int
1392 eay_idea_weakkey(key)
1393 vchar_t *key;
1394 {
1395 return 0; /* XXX */
1396 }
1397
1398 int
1399 eay_idea_keylen(len)
1400 int len;
1401 {
1402 if (len != 0 && len != 128)
1403 return -1;
1404 return 128;
1405 }
1406 #endif
1407
1408 /*
1409 * BLOWFISH-CBC
1410 */
1411 vchar_t *
1412 eay_bf_encrypt(data, key, iv)
1413 vchar_t *data, *key, *iv;
1414 {
1415 return evp_crypt(data, key, iv, EVP_bf_cbc(), 1);
1416 }
1417
1418 vchar_t *
1419 eay_bf_decrypt(data, key, iv)
1420 vchar_t *data, *key, *iv;
1421 {
1422 return evp_crypt(data, key, iv, EVP_bf_cbc(), 0);
1423 }
1424
1425 int
1426 eay_bf_weakkey(key)
1427 vchar_t *key;
1428 {
1429 return 0; /* XXX to be done. refer to RFC 2451 */
1430 }
1431
1432 int
1433 eay_bf_keylen(len)
1434 int len;
1435 {
1436 if (len == 0)
1437 return 448;
1438 if (len < 40 || len > 448)
1439 return -1;
1440 return len;
1441 }
1442
1443 #ifdef HAVE_OPENSSL_RC5_H
1444 /*
1445 * RC5-CBC
1446 */
1447 vchar_t *
1448 eay_rc5_encrypt(data, key, iv)
1449 vchar_t *data, *key, *iv;
1450 {
1451 vchar_t *res;
1452 RC5_32_KEY ks;
1453
1454 /* in RFC 2451, there is information about the number of round. */
1455 RC5_32_set_key(&ks, key->l, (unsigned char *)key->v, 16);
1456
1457 /* allocate buffer for result */
1458 if ((res = vmalloc(data->l)) == NULL)
1459 return NULL;
1460
1461 /* decryption data */
1462 RC5_32_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l,
1463 &ks, (unsigned char *)iv->v, RC5_ENCRYPT);
1464
1465 return res;
1466 }
1467
1468 vchar_t *
1469 eay_rc5_decrypt(data, key, iv)
1470 vchar_t *data, *key, *iv;
1471 {
1472 vchar_t *res;
1473 RC5_32_KEY ks;
1474
1475 /* in RFC 2451, there is information about the number of round. */
1476 RC5_32_set_key(&ks, key->l, (unsigned char *)key->v, 16);
1477
1478 /* allocate buffer for result */
1479 if ((res = vmalloc(data->l)) == NULL)
1480 return NULL;
1481
1482 /* decryption data */
1483 RC5_32_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l,
1484 &ks, (unsigned char *)iv->v, RC5_DECRYPT);
1485
1486 return res;
1487 }
1488
1489 int
1490 eay_rc5_weakkey(key)
1491 vchar_t *key;
1492 {
1493 return 0; /* No known weak keys when used with 16 rounds. */
1494
1495 }
1496
1497 int
1498 eay_rc5_keylen(len)
1499 int len;
1500 {
1501 if (len == 0)
1502 return 128;
1503 if (len < 40 || len > 2040)
1504 return -1;
1505 return len;
1506 }
1507 #endif
1508
1509 /*
1510 * 3DES-CBC
1511 */
1512 vchar_t *
1513 eay_3des_encrypt(data, key, iv)
1514 vchar_t *data, *key, *iv;
1515 {
1516 return evp_crypt(data, key, iv, EVP_des_ede3_cbc(), 1);
1517 }
1518
1519 vchar_t *
1520 eay_3des_decrypt(data, key, iv)
1521 vchar_t *data, *key, *iv;
1522 {
1523 return evp_crypt(data, key, iv, EVP_des_ede3_cbc(), 0);
1524 }
1525
1526 int
1527 eay_3des_weakkey(key)
1528 vchar_t *key;
1529 {
1530 #ifdef USE_NEW_DES_API
1531 return (DES_is_weak_key((void *)key->v) ||
1532 DES_is_weak_key((void *)(key->v + 8)) ||
1533 DES_is_weak_key((void *)(key->v + 16)));
1534 #else
1535 if (key->l < 24)
1536 return 0;
1537
1538 return (des_is_weak_key((void *)key->v) ||
1539 des_is_weak_key((void *)(key->v + 8)) ||
1540 des_is_weak_key((void *)(key->v + 16)));
1541 #endif
1542 }
1543
1544 int
1545 eay_3des_keylen(len)
1546 int len;
1547 {
1548 if (len != 0 && len != 192)
1549 return -1;
1550 return 192;
1551 }
1552
1553 /*
1554 * CAST-CBC
1555 */
1556 vchar_t *
1557 eay_cast_encrypt(data, key, iv)
1558 vchar_t *data, *key, *iv;
1559 {
1560 return evp_crypt(data, key, iv, EVP_cast5_cbc(), 1);
1561 }
1562
1563 vchar_t *
1564 eay_cast_decrypt(data, key, iv)
1565 vchar_t *data, *key, *iv;
1566 {
1567 return evp_crypt(data, key, iv, EVP_cast5_cbc(), 0);
1568 }
1569
1570 int
1571 eay_cast_weakkey(key)
1572 vchar_t *key;
1573 {
1574 return 0; /* No known weak keys. */
1575 }
1576
1577 int
1578 eay_cast_keylen(len)
1579 int len;
1580 {
1581 if (len == 0)
1582 return 128;
1583 if (len < 40 || len > 128)
1584 return -1;
1585 return len;
1586 }
1587
1588 /*
1589 * AES(RIJNDAEL)-CBC
1590 */
1591 #ifndef HAVE_OPENSSL_AES_H
1592 vchar_t *
1593 eay_aes_encrypt(data, key, iv)
1594 vchar_t *data, *key, *iv;
1595 {
1596 vchar_t *res;
1597 keyInstance k;
1598 cipherInstance c;
1599
1600 memset(&k, 0, sizeof(k));
1601 if (rijndael_makeKey(&k, DIR_ENCRYPT, key->l << 3, key->v) < 0)
1602 return NULL;
1603
1604 /* allocate buffer for result */
1605 if ((res = vmalloc(data->l)) == NULL)
1606 return NULL;
1607
1608 /* encryption data */
1609 memset(&c, 0, sizeof(c));
1610 if (rijndael_cipherInit(&c, MODE_CBC, iv->v) < 0){
1611 vfree(res);
1612 return NULL;
1613 }
1614 if (rijndael_blockEncrypt(&c, &k, data->v, data->l << 3, res->v) < 0){
1615 vfree(res);
1616 return NULL;
1617 }
1618
1619 return res;
1620 }
1621
1622 vchar_t *
1623 eay_aes_decrypt(data, key, iv)
1624 vchar_t *data, *key, *iv;
1625 {
1626 vchar_t *res;
1627 keyInstance k;
1628 cipherInstance c;
1629
1630 memset(&k, 0, sizeof(k));
1631 if (rijndael_makeKey(&k, DIR_DECRYPT, key->l << 3, key->v) < 0)
1632 return NULL;
1633
1634 /* allocate buffer for result */
1635 if ((res = vmalloc(data->l)) == NULL)
1636 return NULL;
1637
1638 /* decryption data */
1639 memset(&c, 0, sizeof(c));
1640 if (rijndael_cipherInit(&c, MODE_CBC, iv->v) < 0){
1641 vfree(res);
1642 return NULL;
1643 }
1644 if (rijndael_blockDecrypt(&c, &k, data->v, data->l << 3, res->v) < 0){
1645 vfree(res);
1646 return NULL;
1647 }
1648
1649 return res;
1650 }
1651 #else
1652 static inline const EVP_CIPHER *
1653 aes_evp_by_keylen(int keylen)
1654 {
1655 switch(keylen) {
1656 case 16:
1657 case 128:
1658 return EVP_aes_128_cbc();
1659 case 24:
1660 case 192:
1661 return EVP_aes_192_cbc();
1662 case 32:
1663 case 256:
1664 return EVP_aes_256_cbc();
1665 default:
1666 return NULL;
1667 }
1668 }
1669
1670 vchar_t *
1671 eay_aes_encrypt(data, key, iv)
1672 vchar_t *data, *key, *iv;
1673 {
1674 return evp_crypt(data, key, iv, aes_evp_by_keylen(key->l), 1);
1675 }
1676
1677 vchar_t *
1678 eay_aes_decrypt(data, key, iv)
1679 vchar_t *data, *key, *iv;
1680 {
1681 return evp_crypt(data, key, iv, aes_evp_by_keylen(key->l), 0);
1682 }
1683 #endif
1684
1685 int
1686 eay_aes_weakkey(key)
1687 vchar_t *key;
1688 {
1689 return 0;
1690 }
1691
1692 int
1693 eay_aes_keylen(len)
1694 int len;
1695 {
1696 if (len == 0)
1697 return 128;
1698 if (len != 128 && len != 192 && len != 256)
1699 return -1;
1700 return len;
1701 }
1702
1703 #if defined(HAVE_OPENSSL_CAMELLIA_H)
1704 /*
1705 * CAMELLIA-CBC
1706 */
1707 static inline const EVP_CIPHER *
1708 camellia_evp_by_keylen(int keylen)
1709 {
1710 switch(keylen) {
1711 case 16:
1712 case 128:
1713 return EVP_camellia_128_cbc();
1714 case 24:
1715 case 192:
1716 return EVP_camellia_192_cbc();
1717 case 32:
1718 case 256:
1719 return EVP_camellia_256_cbc();
1720 default:
1721 return NULL;
1722 }
1723 }
1724
1725 vchar_t *
1726 eay_camellia_encrypt(data, key, iv)
1727 vchar_t *data, *key, *iv;
1728 {
1729 return evp_crypt(data, key, iv, camellia_evp_by_keylen(key->l), 1);
1730 }
1731
1732 vchar_t *
1733 eay_camellia_decrypt(data, key, iv)
1734 vchar_t *data, *key, *iv;
1735 {
1736 return evp_crypt(data, key, iv, camellia_evp_by_keylen(key->l), 0);
1737 }
1738
1739 int
1740 eay_camellia_weakkey(key)
1741 vchar_t *key;
1742 {
1743 return 0;
1744 }
1745
1746 int
1747 eay_camellia_keylen(len)
1748 int len;
1749 {
1750 if (len == 0)
1751 return 128;
1752 if (len != 128 && len != 192 && len != 256)
1753 return -1;
1754 return len;
1755 }
1756
1757 #endif
1758
1759 /* for ipsec part */
1760 int
1761 eay_null_hashlen()
1762 {
1763 return 0;
1764 }
1765
1766 int
1767 eay_kpdk_hashlen()
1768 {
1769 return 0;
1770 }
1771
1772 int
1773 eay_twofish_keylen(len)
1774 int len;
1775 {
1776 if (len < 0 || len > 256)
1777 return -1;
1778 return len;
1779 }
1780
1781 int
1782 eay_null_keylen(len)
1783 int len;
1784 {
1785 return 0;
1786 }
1787
1788 /*
1789 * HMAC functions
1790 */
1791 static caddr_t
1792 eay_hmac_init(key, md)
1793 vchar_t *key;
1794 const EVP_MD *md;
1795 {
1796 HMAC_CTX *c = racoon_malloc(sizeof(*c));
1797
1798 HMAC_Init(c, key->v, key->l, md);
1799
1800 return (caddr_t)c;
1801 }
1802
1803 #ifdef WITH_SHA2
1804 /*
1805 * HMAC SHA2-512
1806 */
1807 vchar_t *
1808 eay_hmacsha2_512_one(key, data)
1809 vchar_t *key, *data;
1810 {
1811 vchar_t *res;
1812 caddr_t ctx;
1813
1814 ctx = eay_hmacsha2_512_init(key);
1815 eay_hmacsha2_512_update(ctx, data);
1816 res = eay_hmacsha2_512_final(ctx);
1817
1818 return(res);
1819 }
1820
1821 caddr_t
1822 eay_hmacsha2_512_init(key)
1823 vchar_t *key;
1824 {
1825 return eay_hmac_init(key, EVP_sha2_512());
1826 }
1827
1828 void
1829 eay_hmacsha2_512_update(c, data)
1830 caddr_t c;
1831 vchar_t *data;
1832 {
1833 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
1834 }
1835
1836 vchar_t *
1837 eay_hmacsha2_512_final(c)
1838 caddr_t c;
1839 {
1840 vchar_t *res;
1841 unsigned int l;
1842
1843 if ((res = vmalloc(SHA512_DIGEST_LENGTH)) == 0)
1844 return NULL;
1845
1846 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
1847 res->l = l;
1848 HMAC_cleanup((HMAC_CTX *)c);
1849 (void)racoon_free(c);
1850
1851 if (SHA512_DIGEST_LENGTH != res->l) {
1852 plog(LLV_ERROR, LOCATION, NULL,
1853 "hmac sha2_512 length mismatch %zd.\n", res->l);
1854 vfree(res);
1855 return NULL;
1856 }
1857
1858 return(res);
1859 }
1860
1861 /*
1862 * HMAC SHA2-384
1863 */
1864 vchar_t *
1865 eay_hmacsha2_384_one(key, data)
1866 vchar_t *key, *data;
1867 {
1868 vchar_t *res;
1869 caddr_t ctx;
1870
1871 ctx = eay_hmacsha2_384_init(key);
1872 eay_hmacsha2_384_update(ctx, data);
1873 res = eay_hmacsha2_384_final(ctx);
1874
1875 return(res);
1876 }
1877
1878 caddr_t
1879 eay_hmacsha2_384_init(key)
1880 vchar_t *key;
1881 {
1882 return eay_hmac_init(key, EVP_sha2_384());
1883 }
1884
1885 void
1886 eay_hmacsha2_384_update(c, data)
1887 caddr_t c;
1888 vchar_t *data;
1889 {
1890 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
1891 }
1892
1893 vchar_t *
1894 eay_hmacsha2_384_final(c)
1895 caddr_t c;
1896 {
1897 vchar_t *res;
1898 unsigned int l;
1899
1900 if ((res = vmalloc(SHA384_DIGEST_LENGTH)) == 0)
1901 return NULL;
1902
1903 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
1904 res->l = l;
1905 HMAC_cleanup((HMAC_CTX *)c);
1906 (void)racoon_free(c);
1907
1908 if (SHA384_DIGEST_LENGTH != res->l) {
1909 plog(LLV_ERROR, LOCATION, NULL,
1910 "hmac sha2_384 length mismatch %zd.\n", res->l);
1911 vfree(res);
1912 return NULL;
1913 }
1914
1915 return(res);
1916 }
1917
1918 /*
1919 * HMAC SHA2-256
1920 */
1921 vchar_t *
1922 eay_hmacsha2_256_one(key, data)
1923 vchar_t *key, *data;
1924 {
1925 vchar_t *res;
1926 caddr_t ctx;
1927
1928 ctx = eay_hmacsha2_256_init(key);
1929 eay_hmacsha2_256_update(ctx, data);
1930 res = eay_hmacsha2_256_final(ctx);
1931
1932 return(res);
1933 }
1934
1935 caddr_t
1936 eay_hmacsha2_256_init(key)
1937 vchar_t *key;
1938 {
1939 return eay_hmac_init(key, EVP_sha2_256());
1940 }
1941
1942 void
1943 eay_hmacsha2_256_update(c, data)
1944 caddr_t c;
1945 vchar_t *data;
1946 {
1947 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
1948 }
1949
1950 vchar_t *
1951 eay_hmacsha2_256_final(c)
1952 caddr_t c;
1953 {
1954 vchar_t *res;
1955 unsigned int l;
1956
1957 if ((res = vmalloc(SHA256_DIGEST_LENGTH)) == 0)
1958 return NULL;
1959
1960 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
1961 res->l = l;
1962 HMAC_cleanup((HMAC_CTX *)c);
1963 (void)racoon_free(c);
1964
1965 if (SHA256_DIGEST_LENGTH != res->l) {
1966 plog(LLV_ERROR, LOCATION, NULL,
1967 "hmac sha2_256 length mismatch %zd.\n", res->l);
1968 vfree(res);
1969 return NULL;
1970 }
1971
1972 return(res);
1973 }
1974 #endif /* WITH_SHA2 */
1975
1976 /*
1977 * HMAC SHA1
1978 */
1979 vchar_t *
1980 eay_hmacsha1_one(key, data)
1981 vchar_t *key, *data;
1982 {
1983 vchar_t *res;
1984 caddr_t ctx;
1985
1986 ctx = eay_hmacsha1_init(key);
1987 eay_hmacsha1_update(ctx, data);
1988 res = eay_hmacsha1_final(ctx);
1989
1990 return(res);
1991 }
1992
1993 caddr_t
1994 eay_hmacsha1_init(key)
1995 vchar_t *key;
1996 {
1997 return eay_hmac_init(key, EVP_sha1());
1998 }
1999
2000 void
2001 eay_hmacsha1_update(c, data)
2002 caddr_t c;
2003 vchar_t *data;
2004 {
2005 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
2006 }
2007
2008 vchar_t *
2009 eay_hmacsha1_final(c)
2010 caddr_t c;
2011 {
2012 vchar_t *res;
2013 unsigned int l;
2014
2015 if ((res = vmalloc(SHA_DIGEST_LENGTH)) == 0)
2016 return NULL;
2017
2018 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
2019 res->l = l;
2020 HMAC_cleanup((HMAC_CTX *)c);
2021 (void)racoon_free(c);
2022
2023 if (SHA_DIGEST_LENGTH != res->l) {
2024 plog(LLV_ERROR, LOCATION, NULL,
2025 "hmac sha1 length mismatch %zd.\n", res->l);
2026 vfree(res);
2027 return NULL;
2028 }
2029
2030 return(res);
2031 }
2032
2033 /*
2034 * HMAC MD5
2035 */
2036 vchar_t *
2037 eay_hmacmd5_one(key, data)
2038 vchar_t *key, *data;
2039 {
2040 vchar_t *res;
2041 caddr_t ctx;
2042
2043 ctx = eay_hmacmd5_init(key);
2044 eay_hmacmd5_update(ctx, data);
2045 res = eay_hmacmd5_final(ctx);
2046
2047 return(res);
2048 }
2049
2050 caddr_t
2051 eay_hmacmd5_init(key)
2052 vchar_t *key;
2053 {
2054 return eay_hmac_init(key, EVP_md5());
2055 }
2056
2057 void
2058 eay_hmacmd5_update(c, data)
2059 caddr_t c;
2060 vchar_t *data;
2061 {
2062 HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
2063 }
2064
2065 vchar_t *
2066 eay_hmacmd5_final(c)
2067 caddr_t c;
2068 {
2069 vchar_t *res;
2070 unsigned int l;
2071
2072 if ((res = vmalloc(MD5_DIGEST_LENGTH)) == 0)
2073 return NULL;
2074
2075 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
2076 res->l = l;
2077 HMAC_cleanup((HMAC_CTX *)c);
2078 (void)racoon_free(c);
2079
2080 if (MD5_DIGEST_LENGTH != res->l) {
2081 plog(LLV_ERROR, LOCATION, NULL,
2082 "hmac md5 length mismatch %zd.\n", res->l);
2083 vfree(res);
2084 return NULL;
2085 }
2086
2087 return(res);
2088 }
2089
2090 #ifdef WITH_SHA2
2091 /*
2092 * SHA2-512 functions
2093 */
2094 caddr_t
2095 eay_sha2_512_init()
2096 {
2097 SHA512_CTX *c = racoon_malloc(sizeof(*c));
2098
2099 SHA512_Init(c);
2100
2101 return((caddr_t)c);
2102 }
2103
2104 void
2105 eay_sha2_512_update(c, data)
2106 caddr_t c;
2107 vchar_t *data;
2108 {
2109 SHA512_Update((SHA512_CTX *)c, (unsigned char *) data->v, data->l);
2110
2111 return;
2112 }
2113
2114 vchar_t *
2115 eay_sha2_512_final(c)
2116 caddr_t c;
2117 {
2118 vchar_t *res;
2119
2120 if ((res = vmalloc(SHA512_DIGEST_LENGTH)) == 0)
2121 return(0);
2122
2123 SHA512_Final((unsigned char *) res->v, (SHA512_CTX *)c);
2124 (void)racoon_free(c);
2125
2126 return(res);
2127 }
2128
2129 vchar_t *
2130 eay_sha2_512_one(data)
2131 vchar_t *data;
2132 {
2133 caddr_t ctx;
2134 vchar_t *res;
2135
2136 ctx = eay_sha2_512_init();
2137 eay_sha2_512_update(ctx, data);
2138 res = eay_sha2_512_final(ctx);
2139
2140 return(res);
2141 }
2142
2143 int
2144 eay_sha2_512_hashlen()
2145 {
2146 return SHA512_DIGEST_LENGTH << 3;
2147 }
2148 #endif
2149
2150 #ifdef WITH_SHA2
2151 /*
2152 * SHA2-384 functions
2153 */
2154 caddr_t
2155 eay_sha2_384_init()
2156 {
2157 SHA384_CTX *c = racoon_malloc(sizeof(*c));
2158
2159 SHA384_Init(c);
2160
2161 return((caddr_t)c);
2162 }
2163
2164 void
2165 eay_sha2_384_update(c, data)
2166 caddr_t c;
2167 vchar_t *data;
2168 {
2169 SHA384_Update((SHA384_CTX *)c, (unsigned char *) data->v, data->l);
2170
2171 return;
2172 }
2173
2174 vchar_t *
2175 eay_sha2_384_final(c)
2176 caddr_t c;
2177 {
2178 vchar_t *res;
2179
2180 if ((res = vmalloc(SHA384_DIGEST_LENGTH)) == 0)
2181 return(0);
2182
2183 SHA384_Final((unsigned char *) res->v, (SHA384_CTX *)c);
2184 (void)racoon_free(c);
2185
2186 return(res);
2187 }
2188
2189 vchar_t *
2190 eay_sha2_384_one(data)
2191 vchar_t *data;
2192 {
2193 caddr_t ctx;
2194 vchar_t *res;
2195
2196 ctx = eay_sha2_384_init();
2197 eay_sha2_384_update(ctx, data);
2198 res = eay_sha2_384_final(ctx);
2199
2200 return(res);
2201 }
2202
2203 int
2204 eay_sha2_384_hashlen()
2205 {
2206 return SHA384_DIGEST_LENGTH << 3;
2207 }
2208 #endif
2209
2210 #ifdef WITH_SHA2
2211 /*
2212 * SHA2-256 functions
2213 */
2214 caddr_t
2215 eay_sha2_256_init()
2216 {
2217 SHA256_CTX *c = racoon_malloc(sizeof(*c));
2218
2219 SHA256_Init(c);
2220
2221 return((caddr_t)c);
2222 }
2223
2224 void
2225 eay_sha2_256_update(c, data)
2226 caddr_t c;
2227 vchar_t *data;
2228 {
2229 SHA256_Update((SHA256_CTX *)c, (unsigned char *) data->v, data->l);
2230
2231 return;
2232 }
2233
2234 vchar_t *
2235 eay_sha2_256_final(c)
2236 caddr_t c;
2237 {
2238 vchar_t *res;
2239
2240 if ((res = vmalloc(SHA256_DIGEST_LENGTH)) == 0)
2241 return(0);
2242
2243 SHA256_Final((unsigned char *) res->v, (SHA256_CTX *)c);
2244 (void)racoon_free(c);
2245
2246 return(res);
2247 }
2248
2249 vchar_t *
2250 eay_sha2_256_one(data)
2251 vchar_t *data;
2252 {
2253 caddr_t ctx;
2254 vchar_t *res;
2255
2256 ctx = eay_sha2_256_init();
2257 eay_sha2_256_update(ctx, data);
2258 res = eay_sha2_256_final(ctx);
2259
2260 return(res);
2261 }
2262
2263 int
2264 eay_sha2_256_hashlen()
2265 {
2266 return SHA256_DIGEST_LENGTH << 3;
2267 }
2268 #endif
2269
2270 /*
2271 * SHA functions
2272 */
2273 caddr_t
2274 eay_sha1_init()
2275 {
2276 SHA_CTX *c = racoon_malloc(sizeof(*c));
2277
2278 SHA1_Init(c);
2279
2280 return((caddr_t)c);
2281 }
2282
2283 void
2284 eay_sha1_update(c, data)
2285 caddr_t c;
2286 vchar_t *data;
2287 {
2288 SHA1_Update((SHA_CTX *)c, data->v, data->l);
2289
2290 return;
2291 }
2292
2293 vchar_t *
2294 eay_sha1_final(c)
2295 caddr_t c;
2296 {
2297 vchar_t *res;
2298
2299 if ((res = vmalloc(SHA_DIGEST_LENGTH)) == 0)
2300 return(0);
2301
2302 SHA1_Final((unsigned char *) res->v, (SHA_CTX *)c);
2303 (void)racoon_free(c);
2304
2305 return(res);
2306 }
2307
2308 vchar_t *
2309 eay_sha1_one(data)
2310 vchar_t *data;
2311 {
2312 caddr_t ctx;
2313 vchar_t *res;
2314
2315 ctx = eay_sha1_init();
2316 eay_sha1_update(ctx, data);
2317 res = eay_sha1_final(ctx);
2318
2319 return(res);
2320 }
2321
2322 int
2323 eay_sha1_hashlen()
2324 {
2325 return SHA_DIGEST_LENGTH << 3;
2326 }
2327
2328 /*
2329 * MD5 functions
2330 */
2331 caddr_t
2332 eay_md5_init()
2333 {
2334 MD5_CTX *c = racoon_malloc(sizeof(*c));
2335
2336 MD5_Init(c);
2337
2338 return((caddr_t)c);
2339 }
2340
2341 void
2342 eay_md5_update(c, data)
2343 caddr_t c;
2344 vchar_t *data;
2345 {
2346 MD5_Update((MD5_CTX *)c, data->v, data->l);
2347
2348 return;
2349 }
2350
2351 vchar_t *
2352 eay_md5_final(c)
2353 caddr_t c;
2354 {
2355 vchar_t *res;
2356
2357 if ((res = vmalloc(MD5_DIGEST_LENGTH)) == 0)
2358 return(0);
2359
2360 MD5_Final((unsigned char *) res->v, (MD5_CTX *)c);
2361 (void)racoon_free(c);
2362
2363 return(res);
2364 }
2365
2366 vchar_t *
2367 eay_md5_one(data)
2368 vchar_t *data;
2369 {
2370 caddr_t ctx;
2371 vchar_t *res;
2372
2373 ctx = eay_md5_init();
2374 eay_md5_update(ctx, data);
2375 res = eay_md5_final(ctx);
2376
2377 return(res);
2378 }
2379
2380 int
2381 eay_md5_hashlen()
2382 {
2383 return MD5_DIGEST_LENGTH << 3;
2384 }
2385
2386 /*
2387 * eay_set_random
2388 * size: number of bytes.
2389 */
2390 vchar_t *
2391 eay_set_random(size)
2392 u_int32_t size;
2393 {
2394 BIGNUM *r = NULL;
2395 vchar_t *res = 0;
2396
2397 if ((r = BN_new()) == NULL)
2398 goto end;
2399 BN_rand(r, size * 8, 0, 0);
2400 eay_bn2v(&res, r);
2401
2402 end:
2403 if (r)
2404 BN_free(r);
2405 return(res);
2406 }
2407
2408 /* DH */
2409 int
2410 eay_dh_generate(prime, g, publen, pub, priv)
2411 vchar_t *prime, **pub, **priv;
2412 u_int publen;
2413 u_int32_t g;
2414 {
2415 BIGNUM *p = NULL;
2416 DH *dh = NULL;
2417 int error = -1;
2418
2419 /* initialize */
2420 /* pre-process to generate number */
2421 if (eay_v2bn(&p, prime) < 0)
2422 goto end;
2423
2424 if ((dh = DH_new()) == NULL)
2425 goto end;
2426 dh->p = p;
2427 p = NULL; /* p is now part of dh structure */
2428 dh->g = NULL;
2429 if ((dh->g = BN_new()) == NULL)
2430 goto end;
2431 if (!BN_set_word(dh->g, g))
2432 goto end;
2433
2434 if (publen != 0)
2435 dh->length = publen;
2436
2437 /* generate public and private number */
2438 if (!DH_generate_key(dh))
2439 goto end;
2440
2441 /* copy results to buffers */
2442 if (eay_bn2v(pub, dh->pub_key) < 0)
2443 goto end;
2444 if (eay_bn2v(priv, dh->priv_key) < 0) {
2445 vfree(*pub);
2446 goto end;
2447 }
2448
2449 error = 0;
2450
2451 end:
2452 if (dh != NULL)
2453 DH_free(dh);
2454 if (p != 0)
2455 BN_free(p);
2456 return(error);
2457 }
2458
2459 int
2460 eay_dh_compute(prime, g, pub, priv, pub2, key)
2461 vchar_t *prime, *pub, *priv, *pub2, **key;
2462 u_int32_t g;
2463 {
2464 BIGNUM *dh_pub = NULL;
2465 DH *dh = NULL;
2466 int l;
2467 unsigned char *v = NULL;
2468 int error = -1;
2469
2470 /* make public number to compute */
2471 if (eay_v2bn(&dh_pub, pub2) < 0)
2472 goto end;
2473
2474 /* make DH structure */
2475 if ((dh = DH_new()) == NULL)
2476 goto end;
2477 if (eay_v2bn(&dh->p, prime) < 0)
2478 goto end;
2479 if (eay_v2bn(&dh->pub_key, pub) < 0)
2480 goto end;
2481 if (eay_v2bn(&dh->priv_key, priv) < 0)
2482 goto end;
2483 dh->length = pub2->l * 8;
2484
2485 dh->g = NULL;
2486 if ((dh->g = BN_new()) == NULL)
2487 goto end;
2488 if (!BN_set_word(dh->g, g))
2489 goto end;
2490
2491 if ((v = racoon_calloc(prime->l, sizeof(u_char))) == NULL)
2492 goto end;
2493 if ((l = DH_compute_key(v, dh_pub, dh)) == -1)
2494 goto end;
2495 memcpy((*key)->v + (prime->l - l), v, l);
2496
2497 error = 0;
2498
2499 end:
2500 if (dh_pub != NULL)
2501 BN_free(dh_pub);
2502 if (dh != NULL)
2503 DH_free(dh);
2504 if (v != NULL)
2505 racoon_free(v);
2506 return(error);
2507 }
2508
2509 /*
2510 * convert vchar_t <-> BIGNUM.
2511 *
2512 * vchar_t: unit is u_char, network endian, most significant byte first.
2513 * BIGNUM: unit is BN_ULONG, each of BN_ULONG is in host endian,
2514 * least significant BN_ULONG must come first.
2515 *
2516 * hex value of "0x3ffe050104" is represented as follows:
2517 * vchar_t: 3f fe 05 01 04
2518 * BIGNUM (BN_ULONG = u_int8_t): 04 01 05 fe 3f
2519 * BIGNUM (BN_ULONG = u_int16_t): 0x0104 0xfe05 0x003f
2520 * BIGNUM (BN_ULONG = u_int32_t_t): 0xfe050104 0x0000003f
2521 */
2522 int
2523 eay_v2bn(bn, var)
2524 BIGNUM **bn;
2525 vchar_t *var;
2526 {
2527 if ((*bn = BN_bin2bn((unsigned char *) var->v, var->l, NULL)) == NULL)
2528 return -1;
2529
2530 return 0;
2531 }
2532
2533 int
2534 eay_bn2v(var, bn)
2535 vchar_t **var;
2536 BIGNUM *bn;
2537 {
2538 *var = vmalloc(bn->top * BN_BYTES);
2539 if (*var == NULL)
2540 return(-1);
2541
2542 (*var)->l = BN_bn2bin(bn, (unsigned char *) (*var)->v);
2543
2544 return 0;
2545 }
2546
2547 void
2548 eay_init()
2549 {
2550 OpenSSL_add_all_algorithms();
2551 ERR_load_crypto_strings();
2552 #ifdef HAVE_OPENSSL_ENGINE_H
2553 ENGINE_load_builtin_engines();
2554 ENGINE_register_all_complete();
2555 #endif
2556 }
2557
2558 vchar_t *
2559 base64_decode(char *in, long inlen)
2560 {
2561 BIO *bio=NULL, *b64=NULL;
2562 vchar_t *res = NULL;
2563 char *outb;
2564 long outlen;
2565
2566 outb = malloc(inlen * 2);
2567 if (outb == NULL)
2568 goto out;
2569 bio = BIO_new_mem_buf(in, inlen);
2570 b64 = BIO_new(BIO_f_base64());
2571 BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
2572 bio = BIO_push(b64, bio);
2573
2574 outlen = BIO_read(bio, outb, inlen * 2);
2575 if (outlen <= 0) {
2576 plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
2577 goto out;
2578 }
2579
2580 res = vmalloc(outlen);
2581 if (!res)
2582 goto out;
2583
2584 memcpy(res->v, outb, outlen);
2585
2586 out:
2587 if (outb)
2588 free(outb);
2589 if (bio)
2590 BIO_free_all(bio);
2591
2592 return res;
2593 }
2594
2595 vchar_t *
2596 base64_encode(char *in, long inlen)
2597 {
2598 BIO *bio=NULL, *b64=NULL;
2599 char *ptr;
2600 long plen = -1;
2601 vchar_t *res = NULL;
2602
2603 bio = BIO_new(BIO_s_mem());
2604 b64 = BIO_new(BIO_f_base64());
2605 BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
2606 bio = BIO_push(b64, bio);
2607
2608 BIO_write(bio, in, inlen);
2609 BIO_flush(bio);
2610
2611 plen = BIO_get_mem_data(bio, &ptr);
2612 res = vmalloc(plen+1);
2613 if (!res)
2614 goto out;
2615
2616 memcpy (res->v, ptr, plen);
2617 res->v[plen] = '\0';
2618
2619 out:
2620 if (bio)
2621 BIO_free_all(bio);
2622
2623 return res;
2624 }
2625
2626 static RSA *
2627 binbuf_pubkey2rsa(vchar_t *binbuf)
2628 {
2629 BIGNUM *exp, *mod;
2630 RSA *rsa_pub = NULL;
2631
2632 if (binbuf->v[0] > binbuf->l - 1) {
2633 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: decoded string doesn't make sense.\n");
2634 goto out;
2635 }
2636
2637 exp = BN_bin2bn((unsigned char *) (binbuf->v + 1), binbuf->v[0], NULL);
2638 mod = BN_bin2bn((unsigned char *) (binbuf->v + binbuf->v[0] + 1),
2639 binbuf->l - binbuf->v[0] - 1, NULL);
2640 rsa_pub = RSA_new();
2641
2642 if (!exp || !mod || !rsa_pub) {
2643 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey parsing error: %s\n", eay_strerror());
2644 if (exp)
2645 BN_free(exp);
2646 if (mod)
2647 BN_free(exp);
2648 if (rsa_pub)
2649 RSA_free(rsa_pub);
2650 rsa_pub = NULL;
2651 goto out;
2652 }
2653
2654 rsa_pub->n = mod;
2655 rsa_pub->e = exp;
2656
2657 out:
2658 return rsa_pub;
2659 }
2660
2661 RSA *
2662 base64_pubkey2rsa(char *in)
2663 {
2664 BIGNUM *exp, *mod;
2665 RSA *rsa_pub = NULL;
2666 vchar_t *binbuf;
2667
2668 if (strncmp(in, "0s", 2) != 0) {
2669 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: doesn't start with '0s'\n");
2670 return NULL;
2671 }
2672
2673 binbuf = base64_decode(in + 2, strlen(in + 2));
2674 if (!binbuf) {
2675 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: Base64 decoding failed.\n");
2676 return NULL;
2677 }
2678
2679 if (binbuf->v[0] > binbuf->l - 1) {
2680 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: decoded string doesn't make sense.\n");
2681 goto out;
2682 }
2683
2684 rsa_pub = binbuf_pubkey2rsa(binbuf);
2685
2686 out:
2687 if (binbuf)
2688 vfree(binbuf);
2689
2690 return rsa_pub;
2691 }
2692
2693 RSA *
2694 bignum_pubkey2rsa(BIGNUM *in)
2695 {
2696 RSA *rsa_pub = NULL;
2697 vchar_t *binbuf;
2698
2699 binbuf = vmalloc(BN_num_bytes(in));
2700 if (!binbuf) {
2701 plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey conversion: memory allocation failed..\n");
2702 return NULL;
2703 }
2704
2705 BN_bn2bin(in, (unsigned char *) binbuf->v);
2706
2707 rsa_pub = binbuf_pubkey2rsa(binbuf);
2708
2709 out:
2710 if (binbuf)
2711 vfree(binbuf);
2712
2713 return rsa_pub;
2714 }
2715
2716 u_int32_t
2717 eay_random()
2718 {
2719 u_int32_t result;
2720 vchar_t *vrand;
2721
2722 vrand = eay_set_random(sizeof(result));
2723 memcpy(&result, vrand->v, sizeof(result));
2724 vfree(vrand);
2725
2726 return result;
2727 }
2728
2729 const char *
2730 eay_version()
2731 {
2732 return SSLeay_version(SSLEAY_VERSION);
2733 }
NetBSD on the FriendlyARM MINI2440